From 8bf98949ee0746024296fa45d1d1fc2f96d0a001 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Sat, 5 Oct 2019 03:23:54 +0000
Subject: [PATCH 1/9] InCommon customizations
---
conf/access-control.xml | 2 +-
conf/attribute-filter.xml | 56 ++++-
conf/attribute-resolver.xml | 341 ++++++++++++++++++++++-----
conf/attribute-resolver.xml.orig | 86 +++++++
conf/idp.properties | 4 +-
conf/ldap.properties | 4 +-
conf/metadata-providers.xml | 14 ++
credentials/inc-md-cert-mdq.pem | 29 +++
credentials/inc-md-cert.pem | 22 ++
edit-webapp/WEB-INF/lib/jstl-1.2.jar | Bin 0 -> 414240 bytes
10 files changed, 494 insertions(+), 64 deletions(-)
create mode 100644 conf/attribute-resolver.xml.orig
create mode 100644 credentials/inc-md-cert-mdq.pem
create mode 100644 credentials/inc-md-cert.pem
create mode 100644 edit-webapp/WEB-INF/lib/jstl-1.2.jar
diff --git a/conf/access-control.xml b/conf/access-control.xml
index a9184e6..d8c1f04 100644
--- a/conf/access-control.xml
+++ b/conf/access-control.xml
@@ -30,7 +30,7 @@
<entry key="AccessByIPAddress">
<bean id="AccessByIPAddress" parent="shibboleth.IPRangeAccessControl"
- p:allowedRanges="#{ {'127.0.0.1/32', '::1/128'} }" />
+ p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'} }" />
</entry>
<!--
diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml
index 7787d0c..8a52dbe 100644
--- a/conf/attribute-filter.xml
+++ b/conf/attribute-filter.xml
@@ -77,13 +77,16 @@
</AttributeFilterPolicy>
<!-- Release an additional attribute to an SP. -->
+ <!--
<AttributeFilterPolicy id="example1">
<PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org" />
<AttributeRule attributeID="uid" permitAny="true" />
</AttributeFilterPolicy>
+ -->
<!-- Release eduPersonScopedAffiliation to two specific SPs. -->
+ <!--
<AttributeFilterPolicy id="example2">
<PolicyRequirementRule xsi:type="OR">
<Rule xsi:type="Requester" value="https://sp.example.org" />
@@ -92,5 +95,56 @@
<AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
</AttributeFilterPolicy>
-
+ -->
+
+ <!-- Attribute release for all SPs (global) tagged as 'Research and Scholarship' -->
+ <AttributeFilterPolicy id="releaseRandSAttributeBundle">
+ <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
+ attributeName="http://macedir.org/entity-category"
+ attributeValue="http://refeds.org/category/research-and-scholarship"/>
+ <AttributeRule attributeID="eduPersonPrincipalName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="eduPersonScopedAffiliation">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="givenName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="surname">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="displayName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="mail">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ </AttributeFilterPolicy>
+
+ <!-- Attribute release for all InCommon SPs -->
+ <AttributeFilterPolicy id="releaseToInCommon">
+ <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
+ attributeName="http://macedir.org/entity-category"
+ attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
+ <AttributeRule attributeID="eduPersonPrincipalName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="eduPersonScopedAffiliation">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="givenName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="surname">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="displayName">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ <AttributeRule attributeID="mail">
+ <PermitValueRule xsi:type="ANY" />
+ </AttributeRule>
+ </AttributeFilterPolicy>
+
</AttributeFilterPolicyGroup>
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
index 471bf0b..a4b32d7 100644
--- a/conf/attribute-resolver.xml
+++ b/conf/attribute-resolver.xml
@@ -1,86 +1,311 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE configuration file. While the configuration
- presented in this example file is semi-functional, it isn't very
- interesting. It is here only as a starting point for your deployment
- process.
+<!--
+ This file is an EXAMPLE configuration file containing lots of commented
+ example attributes, encoders, and a couple of example data connectors.
+
+ Not all attribute definitions or data connectors are demonstrated, but
+ a variety of LDAP attributes, some common to Shibboleth deployments and
+ many not, are included.
- Very few attribute definitions and data connectors are demonstrated,
- and the data is derived statically from the logged-in username and a
- static example connector.
-
- Attribute-resolver-full.xml contains more examples of attributes,
- encoders, and data connectors. Deployers should refer to the Shibboleth
- documentation for a complete list of components and their options.
+ Deployers should refer to the Identity Provider 3 documentation
+
+ https://wiki.shibboleth.net/confluence/display/IDP30/AttributeResolverConfiguration
+
+ for a complete list of components and their options.
-->
<AttributeResolver
- xmlns="urn:mace:shibboleth:2.0:resolver"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="urn:mace:shibboleth:2.0:resolver"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
-
<!-- ========================================== -->
<!-- Attribute Definitions -->
<!-- ========================================== -->
- <!--
- The EPPN is the "standard" federated username in higher ed.
- For guidelines on the implementation of this attribute, refer
- to the Shibboleth and eduPerson documentation. Above all, do
- not expose a value for this attribute without considering the
- long term implications.
- -->
- <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}">
- <InputAttributeDefinition ref="uid" />
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
- </AttributeDefinition>
-
- <!--
- The uid is the closest thing to a "standard" LDAP attribute
- representing a local username, but you should generally *never*
- expose uid to federated services, as it is rarely globally unique.
- -->
- <AttributeDefinition id="uid" xsi:type="PrincipalName">
+ <!-- Schema: Core schema attributes-->
+ <AttributeDefinition xsi:type="Simple" id="uid">
+ <InputDataConnector ref="myLDAP" attributeNames="uid"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
</AttributeDefinition>
- <!--
- In the rest of the world, the email address is the standard identifier,
- despite the problems with that practice. Consider making the EPPN
- value the same as your official email addresses whenever possible.
- -->
- <AttributeDefinition id="mail" xsi:type="Template">
- <InputAttributeDefinition ref="uid" />
+ <AttributeDefinition xsi:type="Simple" id="mail">
+ <InputDataConnector ref="myLDAP" attributeNames="mail"/>
<AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
<AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
- <Template>
- <![CDATA[
- ${uid}@example.org
- ]]>
- </Template>
- <SourceAttribute>uid</SourceAttribute>
- </AttributeDefinition>
-
- <!--
- This is an example of an attribute sourced from a data connector.
- -->
- <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}">
- <InputDataConnector ref="staticAttributes" attributeNames="affiliation" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="homePhone">
+ <InputDataConnector ref="myLDAP" attributeNames="homePhone"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePhone" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="homePostalAddress">
+ <InputDataConnector ref="myLDAP" attributeNames="homePostalAddress"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePostalAddress" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="mobileNumber">
+ <InputDataConnector ref="myLDAP" attributeNames="mobile"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="pagerNumber">
+ <InputDataConnector ref="myLDAP" attributeNames="pager"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:pager" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="surname">
+ <InputDataConnector ref="myLDAP" attributeNames="sn"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="locality">
+ <InputDataConnector ref="myLDAP" attributeNames="l"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="stateProvince">
+ <InputDataConnector ref="myLDAP" attributeNames="st"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:st" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.8" friendlyName="st" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="street">
+ <InputDataConnector ref="myLDAP" attributeNames="street"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:street" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.9" friendlyName="street" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="organizationName">
+ <InputDataConnector ref="myLDAP" attributeNames="o"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="organizationalUnit">
+ <InputDataConnector ref="myLDAP" attributeNames="ou"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:ou" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.11" friendlyName="ou" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="title">
+ <InputDataConnector ref="myLDAP" attributeNames="title"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="postalAddress">
+ <InputDataConnector ref="myLDAP" attributeNames="postalAddress"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalAddress" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.16" friendlyName="postalAddress" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="postalCode">
+ <InputDataConnector ref="myLDAP" attributeNames="postalCode"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalCode" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.17" friendlyName="postalCode" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="postOfficeBox">
+ <InputDataConnector ref="myLDAP" attributeNames="postOfficeBox"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postOfficeBox" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="telephoneNumber">
+ <InputDataConnector ref="myLDAP" attributeNames="telephoneNumber"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:telephoneNumber" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="givenName">
+ <InputDataConnector ref="myLDAP" attributeNames="givenName"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="initials">
+ <InputDataConnector ref="myLDAP" attributeNames="initials"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:initials" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.43" friendlyName="initials" encodeType="false" />
+ </AttributeDefinition>
+
+ <!-- Schema: inetOrgPerson attributes-->
+ <AttributeDefinition xsi:type="Simple" id="departmentNumber">
+ <InputDataConnector ref="myLDAP" attributeNames="departmentNumber"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:departmentNumber" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="displayName">
+ <InputDataConnector ref="myLDAP" attributeNames="displayName"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="employeeNumber">
+ <InputDataConnector ref="myLDAP" attributeNames="employeeNumber"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeNumber" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="employeeType">
+ <InputDataConnector ref="myLDAP" attributeNames="employeeType"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="jpegPhoto">
+ <InputDataConnector ref="myLDAP" attributeNames="jpegPhoto"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:jpegPhoto" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="preferredLanguage">
+ <InputDataConnector ref="myLDAP" attributeNames="preferredLanguage"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:preferredLanguage" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" encodeType="false" />
+ </AttributeDefinition>
+
+ <!-- Schema: eduPerson attributes -->
+ <AttributeDefinition xsi:type="Simple" id="eduPersonAffiliation">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAffiliation" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="eduPersonEntitlement">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="eduPersonNickname">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonNickname"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonNickname" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="eduPersonPrimaryAffiliation">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrimaryAffiliation"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" friendlyName="eduPersonPrincipalNamePrior" encodeType="false" />
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
<AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
<AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
</AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Simple" id="eduPersonAssurance">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonAssurance"/>
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" encodeType="false" />
+ </AttributeDefinition>
+ <!-- Semi-deprecated eduPersonUniqueId, should be phased out in favor of SAML subject-id replacement below. -->
+<!--
+ <AttributeDefinition xsi:type="Scoped" id="eduPersonUniqueId" scope="%{idp.scope}">
+ <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
+ </AttributeDefinition>
+-->
+
+ <!-- Schema: SAML Subject ID Attributes -->
+ <AttributeDefinition xsi:type="Scoped" id="samlSubjectID" scope="%{idp.scope}">
+ <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:subject-id" friendlyName="subject-id" encodeType="false" />
+ </AttributeDefinition>
+
+<!--
+ <AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}">
+ <InputDataConnector ref="computed" attributeNames="computedId"/>
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:pairwise-id" friendlyName="pairwise-id" encodeType="false" />
+ </AttributeDefinition>
+-->
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
- <DataConnector id="staticAttributes" xsi:type="Static">
- <Attribute id="affiliation">
- <Value>member</Value>
- </Attribute>
+ <!-- Example Static Connector -->
+
+ <!-- Example Relational Database Connector -->
+<!--
+ <DataConnector id="mySIS" xsi:type="RelationalDatabase">
+ <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
+ jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
+ jdbcUserName="myid"
+ jdbcPassword="mypassword" />
+ <QueryTemplate>
+ <![CDATA[
+ SELECT * FROM student WHERE gzbtpid = '$resolutionContext.principal'
+ ]]>
+ </QueryTemplate>
+
+ <Column columnName="gzbtpid" attributeID="uid" />
+ <Column columnName="fqlft" attributeID="gpa" />
+ </DataConnector>
+-->
+
+ <!-- LDAP Connector -->
+ <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
+ ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
+ baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
+ principal="%{idp.attribute.resolver.LDAP.bindDN}"
+ principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
+ useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
+ connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
+ responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
+ <FilterTemplate>
+ <![CDATA[
+ %{idp.attribute.resolver.LDAP.searchFilter}
+ ]]>
+ </FilterTemplate>
+ <ConnectionPool
+ minPoolSize="%{idp.pool.LDAP.minSize:3}"
+ maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
+ blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
+ validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
+ validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
+ expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
+ failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
</DataConnector>
+
+ <!-- DataConector for pairwise-id (example depends on saml-nameid.properties). -->
+
+<!--
+ <DataConnector id="computed" xsi:type="ComputedId"
+ generatedAttributeID="computedId"
+ salt="%{idp.persistentId.salt}"
+ algorithm="%{idp.persistentId.algorithm:SHA}"
+ encoding="%{idp.persistentId.encoding:BASE32}">
+
+ <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
+
+ </DataConnector>
+-->
+
</AttributeResolver>
diff --git a/conf/attribute-resolver.xml.orig b/conf/attribute-resolver.xml.orig
new file mode 100644
index 0000000..471bf0b
--- /dev/null
+++ b/conf/attribute-resolver.xml.orig
@@ -0,0 +1,86 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ This file is an EXAMPLE configuration file. While the configuration
+ presented in this example file is semi-functional, it isn't very
+ interesting. It is here only as a starting point for your deployment
+ process.
+
+ Very few attribute definitions and data connectors are demonstrated,
+ and the data is derived statically from the logged-in username and a
+ static example connector.
+
+ Attribute-resolver-full.xml contains more examples of attributes,
+ encoders, and data connectors. Deployers should refer to the Shibboleth
+ documentation for a complete list of components and their options.
+-->
+<AttributeResolver
+ xmlns="urn:mace:shibboleth:2.0:resolver"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
+
+
+ <!-- ========================================== -->
+ <!-- Attribute Definitions -->
+ <!-- ========================================== -->
+
+ <!--
+ The EPPN is the "standard" federated username in higher ed.
+ For guidelines on the implementation of this attribute, refer
+ to the Shibboleth and eduPerson documentation. Above all, do
+ not expose a value for this attribute without considering the
+ long term implications.
+ -->
+ <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}">
+ <InputAttributeDefinition ref="uid" />
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
+ </AttributeDefinition>
+
+ <!--
+ The uid is the closest thing to a "standard" LDAP attribute
+ representing a local username, but you should generally *never*
+ expose uid to federated services, as it is rarely globally unique.
+ -->
+ <AttributeDefinition id="uid" xsi:type="PrincipalName">
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
+ </AttributeDefinition>
+
+ <!--
+ In the rest of the world, the email address is the standard identifier,
+ despite the problems with that practice. Consider making the EPPN
+ value the same as your official email addresses whenever possible.
+ -->
+ <AttributeDefinition id="mail" xsi:type="Template">
+ <InputAttributeDefinition ref="uid" />
+ <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
+ <Template>
+ <![CDATA[
+ ${uid}@example.org
+ ]]>
+ </Template>
+ <SourceAttribute>uid</SourceAttribute>
+ </AttributeDefinition>
+
+ <!--
+ This is an example of an attribute sourced from a data connector.
+ -->
+ <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}">
+ <InputDataConnector ref="staticAttributes" attributeNames="affiliation" />
+ <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
+ <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
+ </AttributeDefinition>
+
+
+ <!-- ========================================== -->
+ <!-- Data Connectors -->
+ <!-- ========================================== -->
+
+ <DataConnector id="staticAttributes" xsi:type="Static">
+ <Attribute id="affiliation">
+ <Value>member</Value>
+ </Attribute>
+ </DataConnector>
+
+</AttributeResolver>
diff --git a/conf/idp.properties b/conf/idp.properties
index 783adfa..e992125 100644
--- a/conf/idp.properties
+++ b/conf/idp.properties
@@ -8,7 +8,7 @@ idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /c
# Uncomment them and change the value to change functionality.
# Set the entityID of the IdP
-idp.entityID=https://idp.example.org/idp/shibboleth
+idp.entityID=https://example.org/idp/shibboleth
# Set the file path which backs the IdP's own metadata publishing endpoint at /shibboleth.
# Set to empty value to disable and return a 404.
@@ -19,7 +19,7 @@ idp.scope=example.org
# General cookie properties (maxAge only applies to persistent cookies)
# Note the default for idp.cookie.secure, you will usually want it set.
-#idp.cookie.secure = false
+idp.cookie.secure = true
#idp.cookie.httpOnly = true
#idp.cookie.domain =
#idp.cookie.path =
diff --git a/conf/ldap.properties b/conf/ldap.properties
index 241aba1..c8811a9 100644
--- a/conf/ldap.properties
+++ b/conf/ldap.properties
@@ -6,8 +6,8 @@
## Connection properties ##
idp.authn.LDAP.ldapURL=ldap://localhost:10389
-#idp.authn.LDAP.useStartTLS = true
-#idp.authn.LDAP.useSSL = false
+idp.authn.LDAP.useStartTLS = false
+idp.authn.LDAP.useSSL = false
# Time in milliseconds that connects will block
#idp.authn.LDAP.connectTimeout = PT3S
# Time in milliseconds to wait for responses
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
index d723005..1c95d2b 100644
--- a/conf/metadata-providers.xml
+++ b/conf/metadata-providers.xml
@@ -75,4 +75,18 @@
indexesRef="shibboleth.CASMetadataIndices" />
-->
+ <!-- InCommon Per-Entity Metadata Distribution Service -->
+ <MetadataProvider id="incommon" xsi:type="DynamicHTTPMetadataProvider"
+ maxCacheDuration="PT24H" minCacheDuration="PT10M">
+ <!-- Verify the signature on the root element (i.e., the EntityDescriptor element) -->
+ <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
+ certificateFile="%{idp.home}/credentials/inc-md-cert-mdq.pem" />
+
+ <!-- Require a validUntil XML attribute no more than 14 days into the future -->
+ <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D" />
+
+ <!-- The MetadataQueryProtocol element specifies the base URL for the query protocol -->
+ <MetadataQueryProtocol>https://mdq.incommon.org/</MetadataQueryProtocol>
+ </MetadataProvider>
+
</MetadataProvider>
diff --git a/credentials/inc-md-cert-mdq.pem b/credentials/inc-md-cert-mdq.pem
new file mode 100644
index 0000000..4b62170
--- /dev/null
+++ b/credentials/inc-md-cert-mdq.pem
@@ -0,0 +1,29 @@
+-----BEGIN CERTIFICATE-----
+MIIEvjCCAyagAwIBAgIJANpi9/mkU/zoMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV
+BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYwFAYDVQQK
+DA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UEAwwQbWRx
+LmluY29tbW9uLm9yZzAeFw0xODExMTMxNDI5NDNaFw0zODExMTAxNDI5NDNaMHQx
+CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYw
+FAYDVQQKDA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UE
+AwwQbWRxLmluY29tbW9uLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoC
+ggGBAJ0+fUTzYVSP6ZOutOEhNdp3WPCPOYqnB4sQFz7IeGbFL1o0lZjx5Izm4Yho
+4wNDd0h486iSkHxNf5dDhCqgz7ZRSmbusOl98SYn70PrUQj/Nzs3w47dPg9Tpb/x
+y44PvNLS/rE56hPgCz/fbHoTTiJt5eosysa1ZebQ3LEyW3jGm+LGtLbdIfkynKVQ
+vpp1FVeCamzdeB3ZRICAvqTYQKE1JQDGlWrEsSW0VVEGNjfbzMzr/g4l8JRdMabQ
+Jig8tj3UIXnu7A2CKSMJSy3WZ3HX+85oHEbL+EV4PtpQz765c69tUIdNTJax9jQ2
+1c3wL0K27HE8jSRlrXImD50R3dXQBKH+iiynBWxRPdyMBa1YfK+zZEWPbLHshSTc
+9hkylQv3awmPR/+Plz5AtTpe5yss/Ifyp01wz1jt42R+6jDE+WbUjp5XDBCAjGEE
+0FPaYtxjZLkmNl367bdTN12OIn/ixPNH+Z/S/4skdBB9Gc4lb2fEBywJQY0OYNOd
+WOxmPwIDAQABo1MwUTAdBgNVHQ4EFgQUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swHwYD
+VR0jBBgwFoAUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swDwYDVR0TAQH/BAUwAwEB/zAN
+BgkqhkiG9w0BAQsFAAOCAYEAMr4wfLrSoPTzfpXtvL+2vrKBJNnRfuJpOYTbPKUc
+DOP2QfzRlczi7suYJvd5rLiRonq8rjyPUyM8gvTfbTps+JhJ6S9mS6dTBxOV1qPZ
+3Ab+XKmq8LUtguGRabKgJgmJH0+inR/wVoal7EVHcWXfij9AT8DZOXW88shc6grh
+jUaFZBu/2+q8c8ee0e4ip8B+CVEnCwDKI0d+nTcSmPvAE34CNa33F+QGpXawv5yv
+VvIpSaLAeFQhc/jKcnNHfy+Zi7JmSnKZiMvQCbWANQmDjHg7pGmBW9nyQcm6P2/B
+0AVcEj1YTpAR8Mbh1pUdIhoB+chaNnFEIZsXeRsdbbAFpxodInlJ7WekfuvSQ6sU
+EXpoyBGOeuuTmR1va8k3QeL8Wc4yNu/g5LwjmtvPrh2jBF8xujc4J6VzP8K2BjA4
+xk4LnXgjHOT93dBAJhVYJkykDHwyvHUvsBHoP6lfjrt5P8zunK2mdP/AZKik+Rdt
+1GGlErV2AyWShTOaDLW6NxdP
+-----END CERTIFICATE-----
+
diff --git a/credentials/inc-md-cert.pem b/credentials/inc-md-cert.pem
new file mode 100644
index 0000000..3ab31d6
--- /dev/null
+++ b/credentials/inc-md-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
+BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
+IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
+WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
+b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
+Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
+dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
+g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
+CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
+/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
+TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
+C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
+lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
+/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
+WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
+Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
+AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
+CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
+GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
+-----END CERTIFICATE-----
+
diff --git a/edit-webapp/WEB-INF/lib/jstl-1.2.jar b/edit-webapp/WEB-INF/lib/jstl-1.2.jar
new file mode 100644
index 0000000000000000000000000000000000000000..0fd275e94660402f80f01505d28b90a23f7e0209
GIT binary patch
literal 414240
zcma%iW0Yl4lVw)gHY;u0wr%H2+s;bcwryLLHY;u0=2Z9hbx(KCO!wR$_rCSkj&)a@
zbz(={9dQ(-K|rB_{^e>CePH?5AOE~T0f7R^imC|GO3I1Re~kkHDf|-(3Do!(`YI=C
zbo&=N`U40E_3!iFp|XN<l47FDDs-}9$?=R<0}P14ZvI~b(NK%OZ6v|%B*%6XQUhd`
z9pmY10%&0*;ck0t4@@B)QsK3(d^|V2)br=W?+D+29zPmDyQ6ZN;W#m`YN+UgI-n0V
zYdAdZL4vTZy2^Y=9pt`paUaao#chLARd4Kw6O=tGV3Vd~UDEl>G)!#Ol>*DT4@ce{
zOyhw$+_Ck{I*`#)`Yb{V8(HCXKwcBm5KF;t)syy?Rg#YWDiK^3h^Fm23lwJG`tF5#
zWLcJBZUeqz_f1nfs=BZd=S{y!{Uh^Hs{XsNfzrUfy03g2%LOi%NBPH3@)>uybzSB@
zJIXAFCy@WVL=82i11e}hKrw><Wr<`Yg+=9*Md_T~ou{<5oz~kDe4lIkCe$=lBiLM-
z%;-FnOt^NjH1FmBOsnh~LDrM`5_kbkg`cgj<nJyZKLsNkvv|3i6QxMm=%ag{L&cn!
zdfU@y22~%lS+cjcL>iMZXKDsjyL4#xp3haIG8f#Dr&8iMa&>fNA@<l+F|*C~j2_-D
zE{sTO7S+r;21%I<VA@#58XIQaRMRnxN=;0I5;7t38%6lfiW18E;F6O&c*5=kQ;d`;
zG^vDB*}rr@w2s=UFLbq-wj(lm=Cr%xr#w?HA9=i7b$xlaH&3fd1X7QJdq#>?Xzp!Z
zNnlt}--Y%s(LEHglEXR!<Eqi7AJs-L7%=y?gT|V-*TzKVv}soL(2KWJ%4vkKCtq-k
zJ`~Y31{!zU_)-Ivt>@p|0-qwD&P->?FV#vFNGMf*ORat~%H9@Dgzg`6QJ+k%*%L?q
zrq67WIw|+j)5x!P&cCCDd2%Hwptn>`zN1t1CyXfqQ>0L`zBeLwED+$Du<xZ}dvGsE
z+d?2lN(}WsrG6}%_pXijbz#xEcJ@1|ZiJt3t$yQ9@hnNRsv&53NlfNZ3@}{t-Ws1a
zzK7q+cR0kq8KJ~8M=y_%(bPW<{zyF6C#lY^HisiY+R%mi{2*nD7d1$sTF<;B$nE{X
zao4+~v>#5gt->ua5&LmK0HyNvlVD6l1gC*N303Yncyc@+p(^{M!0nG*89gbazo9Y9
z7J(4g(9tjWbk=TVKIf)JP-P-USr@a#UMfThB+5)bRqP1N2180dlZ-d@bQsqLahG2^
zMd;a#-~6#1f-0HpH{fKLZ7D9eF=D;LZ1M{qP>$b@u59?>jO`dY>u<vOGRXmfHu2Xt
z32~CY!(rYqBSeZL{B}E&+JQrOJfIOJ#$6Lq?i%YwZ57JIv(-yzcRCvzpHsSJc)@76
zEJFYV2M$bt?4nP2x9MpzpT%aVJ1Zenj*A?YcJ$)v{WSM!MtZ$i&zCp41;T)*9WdJi
z{bQipjiVSYoyuQ6B%}u@bDsXcov2si$;%hHuZ7j(y?un2XW*FJQuxC^C>yzc@+WB<
z6*z2@4Jj@jsZuI+FOX8ZLyotlD9nwrk7H^>9pFDDkXH4duM}Zb;e%2L<?N5B2EZ)V
zDX3pk0ij)v(&jE>E;VpkEJqNtg*m^KjuS?Yv1=u~`heHt+ma3g6athuG}A4OnNt8L
zXy;CP;Z7UF-$Qvz_T&)K@fBVlCyw=R1rgC~MKY<tD?w^jByyfN5%3Ga&z*+rOMBSV
zpbyOfCE>K>zna^$*Ges3ymJynqrOQGCnt)PxkI{2Hc?Ut6<VaPDuJPtSmWas`^+?Y
zm9(#@CF^E#B_=`Xns;?1EemovLF`Cwz@#nd9Ww;i;?uj-O)#{=X$^uc=9xA^F_Ka&
z@dohmy-AnpCIh!n!gcj1v^82iVY2f)ZNuJP5o*7Ucaq@{*hw!0Ll_Wlu)&Spr~>0~
z#-C{ueyHC>O_cEY{H$g3hTCle-rXOcnu(eQ3blSJj@uG;b)-Cp*D}Qkl}?dkv=hVF
z0WZ(a24_7+P@-IB)FsKHL{P9RH&~IC^bK1Xv}`*otiL!63D^!TH00ld&LykOaR!b?
ze-$h_-2Ky{5OF8=B<16ui}hI+hpcg?KTV-h4fEKzv+>0P#7RdfFji+=;M(wVoR>%x
zlLlxlADs>czAReX5s!HW@kn1SMdsfT97hwLPuP!34uQ});#X9d_7Z?`Bwg<ZfJz17
znLy5eOETJ>Ig$#mJjCF06iynWEy~Stt)ttwgM<C3+I=Q0B9SL?|KV~MyUxb}>x0;Z
zgS=87ZflO#RJt=;L_lPqEZegg;7^N`9OQ_5EDJ?~Ml>j&x}gUbJq_uVSj%mLb1uu4
z%mu-wkA!qU=7JB-2^M0Hk%a=DF9LM<@KQEZAN?uQ>WI>JdE7>MqL6GYI>Ao;;lYI1
z*hSL0+}<BPFdv8NCQy%xzLncOaH<8>8+ISrzf5a)=?y4lFzza*S@Se)bh6lfjA<}_
z7%ETn1|MvmYW6X|1eLth^B5bR_23_=hKf@M-U*(cNv~-H`TQQY>*9yOdW9)%iJST!
z$XePGUa0{tMW@rKmi6|lQO+0|g=!PDK35SD!nO&?XLfEhn8Cl1pNtxiv-B<jL6W*0
zOr-3ZZ!B$8`&k#(!O|_8oU+6N54nX8ij{6-nP|s;3qJOij%$rF0z-P<e9WC`L+>^4
z865P@>(kZ7rt`KYz|W_RFT|&(gSqxQhYosM>MeCU`vEG7J-jzLr^rF{r$vQ8Y|3_b
z6C_J`LpMZ#q30-{HcZb5C)dy}uB6K41jB_qBwJba;lvpC(dpFAIXknEK7DjbyqlP!
zgGW7VnZe4Et_KFu>#;=rvrFhB9N}yIBWCt|33SssEte$=F5@EV8<{wPhuKa9V%|Ez
zit3GRdIoNB{d(?fHDA8Z){}Al#T;IVb1ASM5Jcm{`p+=Zoz~4K<lBa^=g_ObCA42F
z5yJNRcuq>4!s5F0%PNuNCE=TeTjw40$$uWNR>V7~QZ@j7Kv#X126zDa-a`0A3uJL3
z#Y_+$iA1xOPm0D#bj6A*1W~<BW8>Ivhl0xNm0!2GX#$B)l)u{P+}|Ma1;V_BV%#{n
z&Yo*y5;QN(S~g%JDK3U{>6hW?<tpf{I`1+;C6e+XtCoR878n|a9NERQ(R(hu)E?W1
z+Ob}^#97+j(k-QNtcb1<ldh+qTBOof)dtStvI%ICF4Yx>TkM-gbeVh9-EIgi5uRIi
zQ)YAUe~sjeIwiGdJ%?O#xg|kdSz=hG@;4v>(I(4(zk|TATm**1^uFEvm{*`__g-=l
zm|hcE>;;Rlesy>k?MS6)q<qMcHY@K*+S7BQ)=7~~C>&31_BYpic!tziw~GgT{&h74
zZ+y`);_fUecaU_AYRHIyR*kohr8W7gb)@DiXkM?Wk*Kq_8?)o8tTiApfe^e=2tu-1
zbsz$b9CS}3B$4%weQ$&BXoMPJxV3q!7IPk?S-x4FM%`zi8CQxA8FLNwtx$=wG}*?5
z${?Xjm7(-Ih#A0r9(+bpUBf1}XZ$5{>P!J2(@P?rQKz|nU2<0nOZfV8q53cd?V8@h
zjCV_(n;ojsAW@lf^(=wPB8SMTsA)i{!M^2Y?9s0f<jOqJ)<(oB3JJA!(#f_?o6RGZ
z7K?H+egj`lLg;$6U?Ct_t}g__B(Q=aqiVS_u~0UFC2Qq$HYn-UF}}JmQGkXHVio}}
z=|_MdqhlNeWWn@O&GAKEYm9GU9!f56>?roY+e4W7&QrWq#YEtY{1qvQ024_<`asPT
zwm02PS$V1+20X^j=H<5qpB0TVTP6gXbuLo^ZhBl60hZk5(+0=ReFPcObLo#%K<u4d
z^vI@@Sh90qi;!li((pQ+E2qoS`r+D|Ab5pLH*ha8cJ*6TI!&>0WZm04act9*jsh-e
zc&~HV(rGz8@cQwpU>WDZ;+fovF!&m(;vo-{S>63>56Wdvi)<SWjK~nKp3%D?Dc-ks
zImrxx^X7m`u;bU1z4>wEcsz`CrE}%$$%y#8;wC4zaPjl%s98F=Yj^SH?B6^OWu*z&
z6SIrhz=bWCf$hIC6=~<=p?@Zf60ei{ZTWNax;!6%51M^|jO{8AKW#&xtpi%1@m(V9
zVTri+9Ulg{=7D+xie=FXvQo$d&!8++h_*y%{5H~H=_U^J(~_-<&yIBp>elrk<oQjf
zGm}g|Eu~8a0iJPbAG{@YIk?6SYDIiw<LBJkT2;1EiTs^`V*WIhYAaOkCdp$-jvcP0
z+pMyU&9if3qB)+J9cohM!#m>P;1{CpGzEyp*0y^HE&f9`*?=OjN#-`?TXl2z=Mhqm
zER?U<eo&R51lU_M-`ld{c^Bu2b=Tm*564eto&!<n2Zs%lUOD@yohQ2wUvzme{O?mi
z0IP(6`QtL8=T7)@s7GQQrEJj7uYBp5dU5uJKzuwtX+^g-`OBXysn7Z^GB~VSS1Qt6
z1qV;wMWsRxq}wb5ULPR~s_gnNYFPN9EM>-B#^>#vbSFK{(q@}B?`KS)kc9P~O-H0*
zKTHYxu<6Mc9K2Cz2S2pDvFXwGSI?NQWRH49BTuAgj+d!*Vnn)7TO(iXZqev!%+%ct
zACZ<nE)KlOhF?01j<;e{ZyhQ4hALz4A1g|vsH4nshiY#xEGdXKz~WDy*F~Fj0#3XM
z_cGTlaCc34GG&(4Z!d&}0odDvm5ftX@VrADS^?p=(BC2jvAgG@sB;zSb1p2J{-mRv
zuVL&X*QIj`IwRB$(SVUX*Dj5r#7E~Y#Mbkn%Pdf>uvPCTsvKSVK8UXv_jJgKfEOaY
zFRA&OBkxCo^IMjXAQml899n^gzi+)+D|IJsA3T2bBuR<0^Bk(+^o&!%=lnAMK%IHv
zEW1Eg4-pZ_nmJMfyQR?^+Ak+?CC#LJx#g_%WXfGlUw$<L+Dbjo9Cc{b@mQZMfU08D
z^G2UAzt!e3M4>5IcbFU`yB`YRNS_f~`uO}3mZnv|wd@WE-a$9n!D<wXXwkCphOjrL
zTbdZXpDnGv#n!6}`-Vv+lrq6%c=JKttP!%aUh#(kfvYJPlI1b3-G$+4aA<-kXaDha
zP;iB(ktet-QtiZ}uV{t<h)!&u!ZnIq9OsOL@Y!eyC7zxBzNLB;20g?)+eF)_cC5~0
zuN4(C2MRxs^G9}by3nkWrG2`MZzBaYRz!h#nJqSklOUala3oacJfK;dP*k1-j^}n6
z&2H1n>v1;6Hy45myGL?~NOsk<^Dkno0E)TOt+{FYoipz^?BoOp|6MEuJV-D|pz1gy
zFX{D@rSB;~N!6pkV~+35b8M@a?B(H?42Hc`Y*iX(*w|~P6mj!NRNLVxpgVLEf+eH)
z>Qbb9qN@MWKrFyC?_<YeJAV~r_4CBXhRcZa*On8J-`S@gFYJc1swX5w-6(Ii%Wo(_
zeB^Ph#!9?xenHr?y{Ec$AF!zG4DJHTI~2@0+e2<(c*_`I(%1fG`_aMcpLF7>pIh8b
z`;dN4gopMN>U|3NvKk=a8Qr|$GTBC2{#RXsKC9;iG1yCix&!n-c3EU))if)j@;`P8
zxV@M7Oy=OP$b!8c;jo?*<p@@;ug-77P;5^=yR8uX!1VwE-f{7yb^AUgjyF;fr9!Es
z9>AA(oJ=0Ozu-r{aJDiUZenc>=w<Nn_J8)zOG#jTK_*X@)1Xslpcuu_^O3eG@9Zj;
za7iLG!*qNFU%PnKorCjTWIS1c&&&78#d*ib72-f#A>uVD>q#I|<;^`{dng2F4DUZP
zqIqpJB}4qNLZ&A>&peEX_)1U|@Ug=75!e*Y&Zg%BY4?t5LoWoc9rS>6QgGv!*+)Rq
zBY?HZ$5-|cA3I$8q|^hhrQwe$Ri=6!_;TdGpnnoZ06B}*JJPA{bZPOmZSNt)ZMgx%
z`lek@j729E{iS$KtTw<x^dT&7a7()AbO{NxGXyhC4yxQoOw1)9{<HRU78nZk%dZNL
zsttQPieJD1AIKXw@x@>Vhhw%^{9F!d2#D^-qQCIR@B!cCv3l+vCHg0e{s&b`<?AJ_
z9wFZLMvX=IxdV?bJ?8ahRO#~h>fpR<K^(2*xn3nZD4{mb{k*gi%mo9ALtfR)v<bn;
zFWYP44sK#=3G-zlVSy=t^=G+SV<FGo&+_GWTtI-YvBo*GW<k3obbG|GK-x<`HU!N`
zV{a`6EdKHWn#bm&kuQpUC+x;7@%qU#njf<$KBHlx{7A0E3_<^srNy?bJ7`8Wh?-Hh
zy9Zh$mH+rr%FL<r*BDZ;W-85m0kOe8Ir%229&2ld#YtQ`un_zHjLjd!Sw8M}3z8*b
ziYE|{uPA=-ND4K7m(;71$F^##7Xk0qLL|E+M%{|d*&JLcZQ&q-<QALaR(_xCs2cG|
zq(2qQ7<=Awa6OT^eqV-t#*4#G6&ppJ<X$`vzP^@lI-c)|byi`usr-5HdS5SRBg+_e
z^})Qon6Mu!uNG^U{q8iVO)9TZ{my{)J}QjVJ@4?#s>F~`V9AUQPZsO;k?{B<q7~dv
z_t&?(KcYV7ditK!)8Bf4@$+!x23E9Iopu4ypDk=n+OGPHS(a<_KeS#2;1Uaudftgf
zu7EpWXg1QF$DPhI5D=8Asqp7ol_M#(6r!1)?g`duyYPvJ^lp0}+ae45_3JpguCU)E
z1NP*CDK*+SD>>LyuSb49up+f^%{g=Bh~785YypA)fp~v}2=K}gwW;96bqGB4z}}iN
zx;n8QT3Yd*NXvCFp88hY4`Sn>RA1uWQ=Y3D7L)wyi@>Y!SWa2t-iwkG`>>A~V86Pr
zl9_8IYv6dn;y!Z$RpHKT%`k1H%>`C$*Igh`&6h2(DNJQZz684!2nDg}F1_PToRg&{
zH{j&RAFdEK?9Hm08If7YDqNkw&aQJ6+G>OA0xQ2$?eP%>UhH6g;x0v{Si@^Thwh7E
z|LL*4bt%_8V#Tdh#{W<O-6o!4SA?^~?U|s1UskL1opKa1C1{Xwj~Iw&NE{{oI*^^>
zpFt^mqdQ;sJV0W)&Udcm^r!;A!5)eObZeK~;O4)A1-3@dYU0)9&!J`PB(y+!1?nfX
zPm%8Pv+*5Kascv+ffPK6hK7v<3NXHYkKmDm2@OFb-k*)1Rj#^cEe<a^0QanV7NXG3
zuI?qdFrK*TLwcRe+fd!>Uk)ezSV%)v0Sy0jzhYw8d({wo%XsR0Jy6O0us{8H=A_L{
zHE|EE8;DDA$mK&T{gr`rceIEg0h9)%;Pw1qG#@HdbGU>5n2RJxyye?0_u&?EHCbIC
zo5uvQ2ETrF+v>F~o7rgx6x?&`$-8%iWiN_rKx&Jvh>nM2-tJwXE9sZm(Rlo<d}`~x
ziAy~f!*-XRw;{O|jj<-j@od)|`cRHc8EEQQsZ{#bYxNnVpNdDo1->-3Dc)t$>MN*~
zY0X1$lH90F8<u&y<L|)b+jP9nL(f-GPs8WnlucKYE)f;Z+g85GmS16PW;5#VVu7F!
zf5A1Zp88gX83N=P=`Uor9C_#on*|Qr+LSGR>$ITuxn=i`wdW&I%((1KG6vBpo~!%2
z&;4ojPAM12;pdGz!c$$HTM3{IhBtc=!cR`E7o4L%hG6ON;;LpE@?8L&J=aK{6eOnG
z7$?Pa!LwCdD0R-pqAr(h-ht|AH9^b+#?ncZM{J>s8QJXRp8wxeSRkOp|DtJw{}rk&
z4P6c0>Hpst_<zSZ0UTYe0nYyo7Wx0cS~}VPH+YQyE8fz{+4{dR!u@|68QVDm{@oJt
zU)|mNXnl4D0Rjs9>nr>JU@2^8YhvMSVP|V-tzu}V>|$?k=jcplY;EY|l&mUkx1oai
zbv4NBin~Cvz~(Qcm5{=8+ms!0BM0d$1hNo9_D3YXOr<==iQDC1ZTLxKbs&KqxE#iy
zzcAC5DqaOR9Dwnu7<SDyJz0iDSl@R1f}eYzea*vje~`=n4bBj#iX!eXCxXQ+)x{*i
zSec`zO0TE9ybRZ6xF_3HOlOCa#>`;1gXf|>ds`E3*k!hde8z?D(nYTj0hoVM{^1~O
zV6YwzHa?*}-J*P-ou_J5QjgJe1R4>JBbHzb=P$?(%htUJ0}`TAf@Q9^<p3z636Gf&
z$$kc=*B#ZXg)xuZB{L39?H16p+TM)2&1l?}PNs6k^V<yPb(x9Q@*I%{HD$);ZWb9{
z?~$?6mK;ocV`Yy5*xddK*stZRHsy}^%|R;f#B5z6mo=XTushK}o;5y|CMR^Kj6dzD
zxN|?WPmib+3_bF#9&jXwM)44c&0<kSPh=Tzy%;BzpW~fN9R~xm-6fIJ<ft8l;<4Ms
zjM3&OtwAFlW{{g4wUERk(0D<FgPGZDkGdweNoPpT86_Fx;yn<Fziy8iH`#@*fsS&e
zE(;~3hE*8`;1OuHg`oMTe{Tx;FN7K^F>Od%b?YUDcGr*~@p5JUv~Q@Dj~y6YK*<Xa
z=JuU82P<kzi>|sZYI7E@aG)U~W%pP1Spqbl_x+irVqg44{<R?Aw+E~vm2O&?&E!=q
z|Aap=KAhsb&_4Xo!8R6qLBYTH19dU)RYd`1nx$0A#yn#U1hT6yQ;fHN059J=K84d#
zkk_0)V26@tGJu>i77<;;aFz;IX9U%5sfSr^AGWzqnnT(S%sE@D8>jV>7xqGkSYz%B
zWQ`ZK83F`>tIn80X^Z55_ILY1ujEmy*UpI33&=42y~-OC-J`L0s^E{^fu5*R!(#!M
zC@O{2i!-_hx`=d5e$uHKrl5MCT3kWia&&6sKk!QkoNC=#Y)=gC2*NEbF!y|>m52Eo
z3X`zPe;Sf;q|yzWw0y~!F<az>Q%5u#!1+o)fD2y|j6Wj0drX(?7$WT$W3OKt-+T~8
zJVTAM_tkM>&K71kYwC&qL{iF$`b9xi5TD)B!}?W$KSC0#9N~-QUY*3w-lAOdKRY{9
z&8RB$vU-FRdqap_SpNWB&uGq%R6nx*r9XP0{`AWJ#s0As$T^=rA52s5^j`v5ocvD_
zDFhHuB?=G_#s3`0rWR)Zh}>*78#|mKbl+i*daF(w?4L~@77J`}F?iN_U8umtHRnw|
z91hsr7T6Sq`_@XW=gp0J<h#{>NsB@O`uTUX2pBM-Vz~Sv2qhR)kH5fAM95o|9r8Yi
znyd89DO0@KW!e@~*O|%m`z)uUbmsTVZ@zcnzDtd#0vz%U_eB^Cxf|Q@z>yc_8zXE@
z1k)Gg2O|hm-ZZEEA_z|U501kD3km!KpE$yH#hZM{aO#<RtY8FcZ<$?VQofQq#^l)Y
z4ZU=E8heMiXi|23vm1DLKuJQm1`C#%xoi$HdQce2s8f7X#lb=QkC5p4039VTO+1XE
zhLe62SoRyyz&VpU1D2<_`n5oEtd@)=<it4{B32$WX*jbz6fA@sB57~7M9c_z*^&^8
z{sq{~1@T1X(1P?66)sjb?81I#SYJL4)a*2DSv+a48`y!A_><ii6|NNQd|zvO2F8B-
zee;hK4W4XG{;ZhN1>AN=cPnQTlJu}sIaN8<?c7ACGvAO9fo%?9<0=N?1hcU$8u--v
zg@Od664H3H(m1pt2f;CiRZMFY`6DS<Uag}PB2q=oI1yII3YDS~sd#HaB;ut0RoofC
zKvo$OEVy-(co1j&gNlPBUfEWNNG^be)kkWw!em-?lIfz%ILbRIn5TVBWgI=?!2~Kq
z_*_@wd`8ishbHBMr_QCX`s59EJ^OMM)JI7*GM;#`cu0v-J+2mQfs~H%qG^(ZL^2Dd
zsEMk~$eWTHUDY-^i~2MKtK(d7VVc6*OzRTJ>agO;cJ-L5@_c#n&sqp;QX6w<Z7$iL
zHYmB%5-?w9ti9##^FQG2-BdF*hV+-Tf9_5^g$`UZ&=~bK@({1zxXmJAFS@@#7;OVx
zX^UJ1obpg>Wg0m>hRMtxg_}r=*mWtWH60j6&eP;;6%A{SNAxzv?C(99AtpF2#8f`q
z(Z5NQf+K@YM|y9vaAw|bfv1_=e~XFU?2C3CjQDVfJo3<>Mk>)!m#tZBsJb{8j_YvJ
zk5_njp4L!Ilpg*r*r-OMy_(}>*E^!9wMX4I@4Tf#>*Ff!i@x{m3W4eJ+KgqtvD?bt
zpN4z6CFnXG(SE7jO?84YGuO<Os1RN2sH>-wIsfgg>&{jiLh1`p@O;O0HU*Q+KyN5b
z46$v?>E1xmA~UXhG-(|GW=+K)hha+JR2Hsep$|3#Rh?a}%K-Q4?y6(a(kObbNq1E_
zFzI65nQVbRLOkWM6eK9f<Wi`Xz}Ag9AY+@u!&a5_>ZnTSY+d0n@YD9RF!X$sS^@mx
z)`MnW1rvv;Uno~$cvu<>Kb><mL$Lf&U0k3NAMp#$HX5g&&gv=IrBP3lmcgb4i~J9*
zRsgl`Ma{U=ADd;N3FHSbHX@3L?1BiXPgrc>6-k2T%?HiPAvVu#FfJI9_F3UO{KyUI
zJ6d#30mocX_ypXB(NB_X%lH9v@j)W?c<)Tnr#SCUQCq@S_{fU^GSAWqsZU)N<b3i%
zGvyoTm643`%|&*rK;E`c&)%9}K5eNvIPUdK=-*-BZy;t|{J`JIWe%HSmfU5Rg|10!
zCO1xPG5UhS=3vp)vWwMu?M`4<6KE*-=Y!B}L43ijN&{wdFSuX()i|{V3#lc`mj~=|
zrO^~|wfC5$vG`(GROrnT9WHhb{P?pUyn&xumM`mp90F?Y&WgkxhV!ltm9BDnL#7yX
zwG+z|*ixB2&=5!q3Ttqvw(oI<?=-7Nnr8sv{@S`m;Cuj@VI+)j>MX~GU%DD=;&bPm
z<xcaQFVJ<|1Km`YxYPB5txw)A#F!%j?>^?@-sO-X?i|l4E6;9|%npHA7Xs(-x%T5x
z$eBBTc^G?mzRN8<aq+q--(C2KSG}~^c(98MR-S7V^Jom^r!IBdEi!1Q55v)(D;CSq
z+r=K^5nD~YdGv=N7ir&e(xP3M*fz3m&j4o62&nH*rB4axH>l%VX1x)5cbwh~$<iAc
zOI?<77bIe>idP(R&A^njLa}*yO!2Y-wzkT)@*h?)9<0p0iXncjH|+x^TA@&DhQA!k
z6vfNXQ7Wpj&kzFM8i6g7rJfWl#3^#2T%6EQ*MGSlRsYgDOvF<OVG{{`oA{;0W;siJ
zp5{W(%xF1;&1!y5%A-{XJ*P5Br~amrCk9wM8>Cu_v0V!Hse%EqhM2Fy*|)|pX~DU-
zMwqVGdy9dcWjB~jhyWz2PMA`qOa&zOx5Y;&9tSi}sU|=8tPEdOD>pGYGh|<69#(X(
zeHk|R75)CA@~e6x$Gyx1D=S?4;#lQZD}}@xDKh*P4y1wz$RC!U<6Qh^y@C(Ph+0PM
zb?gaX$FyV<YXK9s-FHEebq%gD;!ZyJYGx|CE(c|w7#J~WY5-o-K+=^FL{LUD0Enyr
zKQ)M6n8|BDJ^X4fg@BdcRIz#}m^_)^gN*$k__y-^A2qYhi>1Q$-<mlA3J8efe@L~G
zwk7~~fQg!+wF^Mh-QE%4<n*_I{zvMqR@Jt{5yj*+=DrPvYv*9ihbx9keM`v*0k&C4
zlFn$6%Pt~`k^U`Obs66{XOy`qi`siPPR&n@P%WYhMS}0KBThJdVH<5_C#qyPw!dlD
zbDw>$Yx=Rg-TV1thpI=~0J^pCg~cC{FVYw}xAG7MpeMNlulC20-QTONHl;voY4Pr7
zM8chx`b3BpTcJDVP%1D=OB3v7mBa*_)>QT$-j8}RhL(BDwU{kustykd@f{yfb~t~N
zQvv>Yn364P)CgH|wxVVdL<>zZ;hnBd51lyE{-GNDR$7b7od>LL01Mo4OW)AL#AZY~
zbYXSVnUX=53CrQ|E`q8>@?(YMgi5(;p<Z^y>lF_1bdMp7&V3+LDX}tFFi7WAtueYK
zt+bM*F8;(@9hD+#7;8~#r9g-Lx@CB<{Xu<W(y6p(qvua6`1rYuR%!;kp!~WD+s*=z
zKE_V*bf_X+@bd8}T#vLMLp#ato>dlZU^`H&twIqpwW}tmwvSwo>a-3U<y8*GDnu;6
z<^b7(ps(c2OzlC7F_x@c-vdlfj_RY{mwQ>}#eBQ7fRPHettx^>vd`w$a|VH&*-AR&
z03B9LlXK&RT80`Id5d<an(P*<$~!%1>r+I*9780n|5$#!D$Y8#=}k$<eOunHZWo5A
z<^VhuHvVoUg=?~dyfC`Hl|~;sHuOu1nW;ig2!ey`fcT5XfXfD=2G2V#^kmnC$X`K*
zIo>sPc+nnX6&ij)xbja*%ED@b>jY1NOYn+v7~`MP1iO~SCX+Yu-Pe#a^Iw{I&f~YR
zCswmNwY`pQJ1F%JXLlTu2w$lOUBvy`o(Zkgh({8njBs+?+d>kz>50R~7Od7Evi5f9
zb`IU6t=C9|;1YmbK@&f5bGIj~-||RfM>$3Z;W+y?HOdbl;*0^*X*(=A0}yQ@6Ql^y
zoRgjGF5>{Cs|DCCLanmbr`0vSb?+zjsDlnn-I?!j6}k=4B)fW@oF@s4+mStoSWd7<
zdV4&FjXq3Ur7>j9)c2KRuZw$kg48iIvtbJpohKScKCjSt6?CVWRd#ee1AT>yS2|>Q
z@X>3=9iIdY$sV!!1nHc|fXC5eZ^y?Zx3PU1|G)K;i+?b;GLjy5coysl1@j)fi%Qu(
z66-}y2P9a_xy;3yJxoQE2C-N6MM71ya-;rG!Ay;19u=yj(Z%*lVNLbr@Isdle~to1
zR;=zrJ!5fK<TAu<HlKG@=<(*se(EXSp54Zb_lL>PK6%?;Nym%Q6fyE?Aq7WpI5Yqw
zhWQzPC0j>FUhl1u(BFZh`fqXh_;)GqEguN~nKX<AYb-#4fq?iyfq>ZlC(>{RI2t+w
zO#U}vkTCx9J6l=SZb1Oi=R7Eliw;Uvn&Pk#ZimAri--<#uozlNQ42l~zs)8=b$@iV
z`XU-_P=5~y87%;W{}(}UnhR~jJSt_1tE-vo(Pd`qxqh$T2WVa76S9=M!DI;tjy7QN
zb~a6%4S)T{ng#PBN!;ZR4&!16an7AV!2rd{=$OW!PN)>08O5n#+TuFwB@F<Zgh-A!
zKTy$8NLXA@e~4&hxkLn(YavmCL{jgaC@J4}>}E~7=>?fDnmA-H2OBa(ialx1p6M$5
z1@BrERr9ohFE+*<7n>ge9nKG&q3vBM!kvCkl8EBYL{REc_iPmZ?m$6?Rk+`(i`+S#
zvr=zA%6{<B;iiNg*~jKBc1WX`NSbVKTAMZeeNWZg{SRHvEED3QhWHb4a?st2z)3##
z%8f2d{bd2{@(?mE#>7fp{eD4kMkLU=GjF8pfI@b$406tduUer|$db|QVwu|UAMP!H
z+iJHvW_Sx5d!`BDDZ<I19LcbdWk-Jl62F^6Zcc}6t2dfjv!w{IIoZ&O8^yfFFzZ_N
z>=_mfs(H=Jlrn?gJ8H@|TrfRqg952`fyfSVO`=Pq3mCOVpoa*%!h~VYy!8|AH+9uD
z1(SD%pv1SJ{TI>3;G1_4HEgaKBHyHFTW~aPe)=oRmw3)$FxbX)!_|&$$r$gvH7iI-
zYQ)9+f0!El7rm;DhA{u;@18>YJC^w`1DXHOtNu-k`WJoaU-hDYm3}1ukA3yeU8T0}
zxS)orJ5o<<4C6=$g*XqR4BaA(_#l;u3LOI?=j6YkrK}Zq8CWP1A5}ElgaF$c-^%A4
zqRzFzBFnrmp=|aB@fqzau<k-KLKwb)#k249wA$MEyyhkScAuN;_ro4bzxW3FPMqPF
zVl(O@Q_64I4XJpliv2b%KFLB56wCBQhGIi5Fuc~}X*@V)Y}194!K@GuI2a4ukx~oq
zlIdcStCAbetK!*EdKT|=A$}P+034dXoW5s@1--;ftBzR@2i4DEu$Uv=5d;}>4TekA
zbb$vHV29;KOW;ow=_6yOskjy-OVp*aoQLE{L;t6WrfM|(Jnls%>xFWxMt?I-R;hi!
zLaG;F;gD1lib7gLPPK+Hi0H9Oz!R7^e#_EeRV*Ht*`C*BB<xV5U-bvElRE`O?F`+l
z!&WuZuNbI_c;!lJ!0A*vfE#wK8WB42*Ug5(aG+>pxsK(AP#gX_6GO@e*SEioijF)R
zaN-|c26I*{g*u`*AHw0^p!skIS`0dqEdc_>vMANa7MDPEGbxCguxacU6PgA;6F+<R
zih$i9#QbHB3?NsRezmqAlKSUQ!psLWb`%_p-x8{k!z-HMHeOYz#~Y^rzYYol(NhWI
z374I@gP6H=g*$Og6Bi1exrb%MAbA%VBVst4#4prCN{=9?tS-Kv)7e|H$AqyS(@BrK
ziFuyEYjbvr2_TU5179%R*Vv#Chm;zFfp)e6JhO6jzlt=McMEEE6$jJ{Q-Yf#s>IK9
zjTe}M&tJ8l?Q{sb^|PpDrY#K&_<+$isn)L#JFYJP{T9J`&bX(CHVe<iwLHA&Z7+^F
zPrtBSAiW3+k4_E@b;;s3EGA7OFVDAAs%vR8zEoE3yLRZr`@_M1E-1ZwAMLoe;=dIA
zsRHO9#fiyEk>B*>BzM(X#lmY2c%5OLVb-WKPj+Z(CW#p=Syx`*oOx)nc2@{u{@!|u
zPREP*l#?I}kJTimIMy1>v3ab!uqhr*8fK<{=i#!p#dv|n-ob%1Kla*H?Hca!$S%d4
z&J&l#KgDPDCXBtuxWa9-KYnnKpEZTVXvgMB9<|%wieC>Jg|q#c(pl%<axEMvt<#Bg
z{D!~$>;S564@<xRd9yYPYqxuO<FbIHM=vA=hDiJgzh$Fy&wiOqK>rM~=l3&nA0Ouf
zDI9K)SWSp$hSJs><q~Js(FRB2E)Dkup0^rw4Lt_3YF|dA6tu*V^lUqtKks*6s{|~s
z-_y1Jo(FScWfW}N4>*q=2XQC^e}gR&iB`x_4&&@T7a1eig|vQ~jR8EGM6G_@vowUp
zX~sye6C(U{2EW?$UUBc5pjR&u3XG#~!VsKSoQ-6f{JSl<a$b`Zp=HmaS$j-ngvn72
z9U^tzC+8ctqUE{V^$<Pm4>$`htM$P-S=>zT5a?pOa|z|y{(aoo?DN5x<7rxFC`A4{
z@zHBNv+l9$7@9^CJbiI`&XLwx;<{kHAJAN_bLwY&w<vP9dyBOguKW1JpnX0<uRx`S
z4JZ>dp1~ICP{k&@1jr}YKlDh-(EGLbo~M{-tvNs+ke10oRS$UsNqm}uH?ays@y^5&
zGwhV)5{a;7PjVZYu#6sy=Jx9myRG0(Y8y<X_?x4@lx*!$N}u-$f*c-1wPb54wR~kf
zqGbIUav%s(x0UB0mi+#6W-hm1*g^SQ&WHY0&p7`-8T9{J&u1rD$)gCOhHS5*Lj$au
zX)&6&=pTS}<08!!`+$`eB#0ymwp%ViTQs#U=s>>`2}t5IUit}kVwrN%b=d%#0V_pL
z{4<=#*^T$_Gc)=?WcBDnK&J0VLr!y(qPM{G#1s*}dKcZuQ&w{{B6XPk$OA5st#F$g
zdo~m1to$jdSS#Ei8s&eQth+7jPLKGm{qK#NEM|Kr;~1>BmTdI&IXA4Fq%oOgRIuOt
zean#U`wm)`>Yh&QGPSDz9BI8~iN@!<ZJA>~S%sWVszy(&(uUZVs~*GNM$8>tKf6_S
zb(gElYDubSv5rfZUYK9eg<Rqd7^S_Et1~?^_g8F6GC$Zji4%lOT0Cqls!@^TOd(tv
zsnJ=MY;7zpRl?~tLLrxPcEXnb#QCj-&xRAmD~~4ifXl%a{<BnZ;H~fR&2xdr2ooOu
ziFrs2%Le}v3Ggr<BvoRo85ENUcPi-XzF9A88Zb?o?NpP2<GOBcn+R?;%~e@I^OEYb
zSyYKV32Gu8AENaKT(Y@Pn_CVnh)I)bBF#|sfHXZ*$w;esU@m&ew{ut>P7&l3=BoAQ
zM;YcI4jOx$Lc9o7z~8UYs#&+aSfL@Rt%^}&nIR5nDl&#KhDU<nA%;CkAKOUeyiQu3
z%LRM7ge5n6s(eQS3o<#F4xD6HI|_;(qHeA|&L2W;U}%gCI)&*097;l>*rh>ni{ch`
zh{B8T3l}KaP>KXIpFk7E@_7e$<dAsM`$(23kjmUrHsGJ5$ZVmRO^(})#BQyJnW*9!
zH!?9n!okCC_RB7fBBf|&#_iXThvkY~kbd`B4^jgTQ237Uo;#RV@ywo=H$Vuw8v&C^
z_`i(_j2fufjtJ8t5evoLX^g!BO6jaqJa?6#{2u2@I)RmVGWNh&q%vMGCvz7!NTX;@
zPZ^*c;e!%SZk3NnMO~hBp;1Jy*QVQAK!mp8J-NePkRo-%ejqT?ZNg9Zh=P}Qgn2{w
z_zI?UCMb5BsF;&fK>q6Kh5<Qy9#{ef@eHBFU_2s9ira3O2b8;~EI6{=WBlhx16ur5
z-|#oWQ2rhQq5K~rO~%g7{%@D*9|cNuY(4aE0YnkALNaWWy1J&uIUxiq>3*rYFn;@x
zLk3WJI-Idq&6gj(N$!HwHZ&o@tLy_;`yQPj8idh^;+SF*koAVEi_^E7ko&9N>L-<I
z#e6u;{ODN|8F8MbW|yQWv@W6=-gRQC7d51jR27k_NmQ*dsuTE49{YR*W-YFqcJibs
z2{W#%Y=|X(s7PYl>PTe0f^#7_ihM}OkpAi;{J73gx(`77!XjIQ584EQ|HW|+tA&8$
zzYeSYb)5eH&v9jELuVJKf4Hw3J0bV?V2tQ>QbN!j71&q)szJS}xM;CNyhacjcVbL|
zNIc4_+#fsReux{zFo)3+jfPkPx0vB={#<<^d<UF;vf+rjvK2dUt5x^kn_N>k-OCk!
zN|b5|;8MTB<0QzKx%m*~mMos!>Q6%yke6+>wU0+i-Go#+bwZ6td7M;net*WZG3QXX
z>_wB@8MzY0%kH+Px<=U6k=mW7Kvi~~zp?A0>Am;!f`SpkaZrr7Za1h$p99|1lCuFW
zDgqi`-!dXUClSS%Qd1Zqf=a{0hEY(mqIG0=MutWw!qxqaI#OIh4*yF-<JxF!4fHQ9
zBmbr4|4C)}=Vtk5OOk}~KQ3N&@;_NQKe*)_I5{%H9iy2x6@3uLy;!Llbv7yPguL}q
z1O42#v6FQ0UoH{j0>-&Azdm~3KG0zEJ%k%^tQiYw3oFS!7H+5M$*!3mUayYN&*Kq#
zpn<l1VeSyr7bG=?Uyuj`eAr?fTvG!SrDi-Fm3^U3Sy{)szzD`XQC{|QfztRo=;jXS
z&Yko`3~?HZDNToUwAIB~&c7pFbLhx1<T6uW$z_=NO96?&-djys4)eN;aGQhz9Cav$
z_IiDItjtPzy!kkeB{vkL)tt1+g~>5N=}V6H8O2U|dd`i49s2WgS-@bH8w^EgQx+|>
zlz5x{o9`jghz+$S#VE8IDJ;1DH3D@KP{%C9I61Pk<1Bun^x5G!SnV`B(4hOp!DX5T
z;o_~v9RTj3YA+M{Rut?~Z&M*t7va24a2$5r^knqZm>3ystN?{LXOo-@lE1oL3S)M!
zgIV=Cp{YVUS+w(XlM697Z8jM5em@$Tx`V7J1edC_q0o>Zt`gFa3tD1Wd0YRS?4at#
z@1(vfzsWk9d?RdSDpL){i8-4=P%&3MwI6;yXkY>ByGe)nm)pvD$q^$~ID7q$&8;rA
zw|h>7dMZuMT5As=VIr;@<BLdB<@1H;x3Y^2g=`7&-#bd&&1mgoT{7ng&XUzc=5u&q
zjQ~~b^a{Mx12xO$^4JQs&8&UMZt9Oba)jMyr`%cUL2-4A4ht6q(L(bAguI})UcsQH
z*@xr?vWw#S;AsJ#LB0spnEX5l2y^re3&3y4sjg$VY9a4Xt75tDHmU3C6NJRp1m7sR
z`<&dzbNl<Ih@*G?GY<I*jxXqA^I+wDV?5f&w^BGC+=1H&1jYS*6rQUY`_41Y8SJ-{
zO8YZ!_p`?toHq{tM8GGD&QSN35@8p?+$~B^=V3#Ype9l#scqo^B7I(1>IqV9#cVg)
zLwWUVr{%1r@Pn05FX6*_$Vs2t$r84+w(tYDP%rsID7ZOBz|aEW!@@<$ca`AUK6nuZ
z;ncf-?|-J@*U5b*dKe%edn_OzhW}4C`j5^2Y;_NVELEiM?$k~1%*#|VS<fK0A_&@5
z>sZ;0ltM`m$&7hgNt}!oWR<n4t7Vf3SGUbVP!*M$ibLcXwSxw&*nm9Q01-h2ZO|?|
zBt!&(A3u-~##!%s=sWe<G7(?)GoQD*(mj~(kKDHdYqxz6esL*k1eso#+5hT4-Zbxr
zv(51FH)ChIA_He<ZVT?O?s^vmhrsd<?@#sEM+~gJxvPZj8QwXEg=cPycC%Z)fnz_~
z$)xj+To%WKwZwEZT#1(2IQ-qJ+m=~R4BIoX(>dvjFmvUy@6{ID|7q(@z`qks(BXhO
zg82+Y?{_d9=sp@9dTY$?8<1=Hk{*)VsTitn{!$#GZ}HL`vTgoS9kR_haJ|U^=Qn#3
zh6DFf7$UCgJ{di7OU}NuM+YZw{?ZuIYyMIh(hJ4m72RX6BJctR9c3=j7cYb5;D2ga
zNNo!`z&!xIJLCb(rMRLnBx9+K5u!Y7%P%{=<_7iz>K!l8G_#y66;$X02V7%96(>dh
z$9Htaf&^Kt%;skfL&BJSluBA<8o0OEU@I%4B+e?Y5gki9Sc;a4Byl~tQIU6Ng2S5<
zl0HKUgZE{<Mi=+&a&cJrR6lm~A2X+GI^whfUNa7CCUA4u;rTh#IWb^K?C~&CB#G!h
z)voi(pZgpd`@{AuS(Zeto|Y{M4@(-Oh!hqG;?c6Fo84js+_N~08m$@(h^yEVK^``Q
zc;#OVSe@2V!zKH-8UeJ9BGEq@3`$DLa=Wiu{PU3H<6TKK&k;!2DJ_*^ZPkdU_WeQe
zs!5~5kR;|O@gm}hQ7E~D<6l{MC>dx`t+ph=TL*<OpiqO2&IjfMNQ9jJ{s~tU@Cl5D
zp9#GA8NL#1tp@TgI2+%1cV+1wF@3?TRBZtb*As7~RTr<jv`OCzn|XGLf%MHqjJ%aS
z=^{l&0h1^e;VsYQF>Ke^!z6QCk*QMXiFyqs@|&>Z7M<CnB)Vpu!~bDUHC2iPBJ{`Y
zENQ40r_7paS~4cct;RfNw_5_$GbSvBj(nY2K>IdQ*hn-eB@Z#4&BWoN(5?wX+|I${
zOLC$lr8*7rT_%#A?dAJ>!9hulGkv<S1AzpkkMw(z!;?M#5VHf_l1xeod_zPQrIB-@
zzd_thq?MHwn0HPq${4Fk)PaDFnwW02P5m7nWD%sB+t7S?UOnIBt14fL0ocU+TwtS1
zR%D~Iwebypm-<L3RuGo8!G<UJ@$M$qbU!-YXIDJ}!Jm2*AFcq%Q+JG(vm543y{)z+
zNxt7ZRAlW5X1XWn8k{a5=*!U|db=kg&*Ft*1<96b^AZg;@`>xIrz=5ITwL{<2D|RB
zIEgeY$`BNem8$8rdb4eLDZx52lFG88dW7zo)I79HcTZxj^4x*&;FN4n*Ds+VX3jj3
z$Ic%pGgj_`BattuF_jL{A*s$EIP~W)2w#=N(Y)ASrTgFRq5}?iwR@~^wdd|2D*7dr
z7t*D_k@UUNP)wAb%lg=aIDbf>$DuGVQ&+H}hbufPx1<2(O#5RT*39B<<{oUtsQ310
za+G2dNLo1{tK7Y41xJE04d8+WK2<dCG0AE7Ri2ug*XbOG-=?(JGPK#P?JV?KH@7#J
z=8D6Cbvc5R`?wzkP&h1j9H?f+vwuIMtL%$F)1)h;SP)y(obaIJrngBnC&|Q?kK-(|
zi6<Rf(AstCC_rVSlf!8l&m~zV+~3!^nL?G_Wphye`12lA&)qU&E~ohLP@-J4aKVEo
zu4<PJ?WpY);?y#t=E(d4PMtSmM2R?QX={ZIe9yz0=$yofVjYi=ps5Lrb9eF%zYhAW
zoJn3mp1^YiHc(TZCPDGY4d5W8%;9;(O?g&S$%teIEANo%XE~b7iyKr<2rK}{m184E
z{t+`H$yM5+vrPi}s{gZ+EOwJ8R{lOuqhJOj3?kqY+zf@6FM-cfL|pg*@dl~*EJSiU
zWiI{o>Fg&GY6~#=u@^$LI4Al%zc>u^Y=n!sFcj_v(W&}m|EE&4uT{}g{;;dnMV;80
zhUG<*m}M1<lx>1#k#EJYja1A5c=a&;5Pdt&f`(*pE;d{Ly~Q6OTTp>`H%$1qEH|q8
zOVHB9hCV~C6Sg*cZr52U_HZNtdW)SMJ~>R`a$*HZOv`J|G+!4DaAAFp>)YVh7{8FT
zoZ|gl96z2Zw_V@@Q$Yko*6T;lSb;?L{3J1q8HC@O_AA;9VZgP<hzVxDsliW0fNif4
zOFYt@F}bE9pN%_Ghff13IEyeXY8R2Phhdd!qIw)hcB4XQDM(+C$8VWT6&rIR)fosz
z>eH}Y;q(TemCTDN`mhzlOm~Gk?Tr&DhT03Vv=(J95F4%49<|h>xu}G;ucCY)(BN10
zE;)rtD5_oS6q}O%PRXPz`SG1{+yhaerVA^|*v2wj%|Oc#mrjd^YXqSTBCA9uDw0<?
zbll`AF6K$T)CpFRaG%Xls;xS2Cx}0rA0?buOS{f{G&W#dlpqzL!Pifdji<M7VD6>d
zmd;8sZO?l#Zv@NGvQbU19@PwuH9iv>Mz)jqP@<L7Or<IwLrPtZBDwqOsh$X$GTJp=
z<p-ph5eSF7fjW7P)<g(SnyRSfMCd!fusBeU4+&;&KugyI5^$w#9HuCN0mu(3oL7dm
z;uKGbbgb*ykXYCCPjtD$+S|Xn5#$_tr=)|i=+X8*RU}?k5DrpV>D8BnNzQknOkAim
z;l1N(HoKZ#)TB}zd^dmXA*nniWphMTcsV8L@JPvd!ZHu;vq?`l3RNWRka_^D3LB1(
z6F*7Dd?QTwKhgglVvgT59ivlkcdR7!7UbKV86edYNOzwj>+;UBANv+d3A8IgQ*K_7
zO4wN;R4_s(2Zq6-F|tPnNmYjzGTu`v$(-nO<+PH(2~$6Dj2WQSEB^3-V;(wB8nDZY
zxH={Ag!3u_nJ7k~1`x_6V`CS?Of`&_xJ4GX9{4d#pb1W(Rd$=Yl(SV%09THxX^FNN
zKy+G$YTB}n5OS=<Wu3$`*GZ+U!|P;^D5jdm@X3igfwTn_P4h<BDjD1|x@=2h?qmKQ
z3!N2FepYnH<PJI`bYDxwCpBa8#AL;jPIq2K>{^EhXll+Qx?ABl!W(L;UGXT}nvQjf
zWU>~AbFm*dGWmg(NE65<HEYnE?<78!rB;sCR@Up~K=<;%9gnlF(Baf6vk}o|+P7P)
z9nt?Bz#gMaRoqNci8<PF)XCRz6va=~Ne|CH4~t#6l35_d@1!60%+tW4Td`l5MDFy_
zv_e-j3w}ss#Zjc2DKWPgAzJkZI5KN4gfky-raRXbP~iNzpOmSZ&FyqCBxt0o$^kLD
z?7|l>yA^}hM`K7feVJ@<A+?lRhwr`(YfV7c46ewVTl}SbHOR9XO4>l6hgCAWDVpyk
zIP9~bB4#Dei|2!0epm$l<d8AOc(tCYShwz|A6%@RUcSg8oowcmpiQPoq?|^)&=R2@
z&)NK&>yPh}>e=OhnN8h%*Z6o6=abBwZG8gCx~FP!YU)ZuA=Uog--JQ>2-Og8v)#$!
zv^l{|!KV(}?*?=Qc+Pj_9~W0x9)Ri_fiphD3##G&^~zFJ5c&hI62Sl*t~8CN^lHSB
zh?YytgE?S9W{EJ1FN*a+3R@7wI6}rS+AYe!MqYD4m%|v-%rvteOFUI5HC0heM{c<p
zBioUnWvsGJS}!v4@Uf+GJ=0-NPe+<lpqFzoqNZ@UlE!5hrHxO%aQYFA*R`?7aW9c3
zE{#7qRZ}kdb>T$@-;@!|bnUw;Aa@|UVry=OD0*>h8}#3b@BeeY80Y_8e4E<*??K{!
zOdWJv$#=m1ZS>s#ojRcV?+s<_j18>;|7k$CTFu4@MHSW8wsEY)5Xszv5HbLbQFeij
zf~X|e$coxX3wlWCe^K_%VX{9-_Hf&_`}S?ywr$(C-M4Mswr$(CZQJg?ZT$MXvopIp
z^X$Cu)>HLgX4dnG%FKupaZVJ-VEO@zmADIIJ2q9Oeab2C45qHh!mTyR#}15-I48sY
zu+NPsdsch9xd1i^xgkTV=i|mP*Hg#VWA?AFSL`108;n;wj^GbB?ZH$G0XE!0>^pZA
z8rz}Rp%Sej1GbQR`pA9%@aDXfQ2zb`r7r41@>Z$wLtIpJ<&N?_BtfGII@l*JK{EQ5
zo*XF+(B2wS!xV!ijVZ`Ctm#Ct`S{wqj)op<!7gx#!A?Uqn9&KO?%`x-(Um8OzQyDW
zsE>`fE;SeDX_*OCO4M-|QB04BzCTVw;bapK!@I%;X%Y=PDfyM+<4%KhoM+bO#5QPu
z+?QD<_D*(OQ2VPS`h$1Puoc2zt6FFSEcu<ik7=AwjF^UT_3s!4y$z2;Hmnr1r>Mg^
z)?ZPA)`cl#Y@xaO=e`_lLT+7XHC$5Lt7<U!c=)n%!56b1U5x3+SPBnXVoKUX#Ixyf
zLfERHhRfF6=^Hc9QI~6^fJ7aX>wl!*$RT&ZW!yYM6ed-?7f^cc8m*HstF#>0FokGT
zHJe&(<!62q4drZ45yi`M@xhsJ`2BZ#mSCimq7?Xt@UZalmv8VGuuSO6_v(V#wSJE)
zquygx?Ruj^V^!^oWSV$pVf>ICw|E9%W!~ru!QzRlZoZ}O=X=|rC*r_W4er#mlnFad
z45x#J=?{}R!xy4m-)i(i?f(=S7h$(t70y(3`;4B^)}g{=7j@OLL2J>Dh2pkN98WrB
zKTCF-pZy$aoYN8xey`u6;<QMlyp(YVoBExpPIr-y!^I8=6LOwv!;KG~-6X0gY4yh=
z^Q2^9V0js;Whefna#6|aT1}VI7P1(ybe@TjC`zPLwT<_9lXzj|_n;n8*3I>4@=u+D
z?mX|<Y`T;Tbq)BrbQxKa#!==PUhxxwjHS?Gt{}l!!DGN1F1Y#nbd!&u9yb`MT|YC2
z&{}6F?lps7v-Q_c^lagVS-|oRCcclv^OAt`O!PrOMM}^`>v;3@`1MiZ62s!(^a$Op
zsZ@)@O;T%i*_}jR#$CrcnB4q^=CQdk!@xRAIgdVOq2QBaNam8$n;S3}(vW3DX-fFn
zOf6AYjW9~=k%2@kgHtiCIzMQ8^9D*>8Ed{@Fx2byp0Lw}%8;vqkM_D{`n2K$9kf+N
z7AN8%_&=peZV2zpfGD3)I{B6Ai2$>Ihh)bO>&oHi#%=5BL+C0JclTm?Nq!-Ei>hqz
zBl-Mzj~Uq`wR?|je+FgoA@14^yJh9-!PjxIk$+G(z!E~DFz2@-kDEdqrxPKIPl%Y@
zsI)n<VIIj$FftZ+@aCIziL-D3@qfp>!MathCaL}a|NDjXw|m7&T{CR@J1_Ycqv_ui
zkpH@n{^MRT_t5`K1Mn>da58rLJN;ilU3Q%h;d7}~%mSh%p-3x;C&-tsgTM4uPKieN
zhke1BW@b$g>`+x4tiXrzk6D#7!C!p8lonGPjcEb~0!&>^x(!`Aetms>0_!2#N{kpb
zgyIabMJChvjRNVQ(-FtoKKcvlLPajEZ>1hTHr#D$uflp}CcW!TsX!ctP{+tm!76Po
zJU?VYCHT<BmQFE&)RpfN@Q*vAj$Ce;E4n;(nh2SQ^q-SW?Hj1zmsj=pBl5Vm*Et?Z
zUN*IFpUii?{ZSH?IcqOg#;6GPOFB-o+C1y0-nNbBOm_?HJr)#I*rtJwR5is*m-<ci
z$BnJOIcL;O!ZWz82t!f4b(|~SiYvf6-<JnlH~}i9iQYdM=w22(vM1-X_sO5owRkm&
znnD?`4Y24`_~0~E&2A;#1#W#lEnp{!>{0RYH-i6?!zH?q^t<mMfunf|aBxy#i;#UP
z$d-aNsBzf}B5VLgULtX(+8rZ3W7q+e<W!+pmEy*aQRy;k%+b<NG|9VY&KRo}*YOpu
z7;6{uX0^*TlSk4za+x<2c(Gjmw(Q7xu>q-!jFqrYW}Si8s!?;DMoKmGFrzJ$?u`_F
znpD7#WfX@anirx(E&3AGFTlTVkpGj%a<u<1Rm$IX7F2_R&gHkK68+v?r2o6e`fH+s
zv7@uqe{Lr2XlYp>dW7I@emzu_S)u(!Y%MD;&wznI5GH+FkFpu7w$rAT%e}j0u4mwP
z`JvSqx0=xh_6f%8iKppfbYD*`A+{Jg5}`0C%cosP*7(zNhD1;D@SLbnZM+2+VpsS;
zdCEyR=yqk|-Ly>=mN}BW7i#77nKVb!@Clw#Df_cUT?^_Vf@Kzc`xT)nZGGTfGX`x0
znnv9-sr$86ed6&WDw|FOuv*HyD31k^+Y61CzQA^hBs<Mq6rDrQe1EZzXiALT?I<&$
zzUQw}Z=l?Ovp;PeAlkmGg54&8`)Q;Y3pjfT(tVg;xRE~pF!kRoR)TLUW&{cVAoWe=
zp#1-1F>z}<tN$#Ks90Me8{>R&FI!gAHp8;Osp^rD&DltxI`0LOIe|uKlAhy40^Tp-
z?GH7oUR7y=Ly+9@=aZbVBJW%NOuGR@hb#r@1BVUE{xCAw1LuA1jUge~`D%5sUPfg;
z-Ms(xS>63Ley{bb?d^jaKz7dn!CFj$4I|Lk2mt$r;TLQOoxc)9zMF6#!4&3xI+JP4
z{be~42@wulPYfY{gJGOx^xd)&1XOg89S$jx)cqf3$g)68851HSVlyNehG!~AeIaVP
z3d}6U<3+XE*{GEo8_ob2{<up`siS(0FoFd7C<B^o1;@0>8D?d9)`fQ~s!KHwpClNd
zHtvdJC(&_+n*0N==B(vRZkSy$;Y}XHfgz@LGdA-{OevClWEg{u2@4q9eh(c<R7b`%
z=Bg=-fm0k7#xnX`4UTQqRH<Up(Va}ysJwEeVR{b6Vq-SDQvXIwQ)#@Ck<E_8;Ewqs
z;gv9Hjyy*RQt)+cdvX)YrH)+oTK0Cn7(=FlxCvAk1_UYv-DL_{u<px}Bt{b&gr*FQ
zpZ-q5<5TjvERA%SvpCLT&Poihhm*7Mw})P9P)Vt?R+{4~ULeSYkt%jhjJA>~#Mkv{
ziocyi^Aw-ND?7`S&M!UYtkub?Fl{f|74F;W?sLP(Thu2wVY0*$G#1p;gS{gN$Hn7A
z!3a}WB2+}ytM8Ls7RFlw+LLY}WaQ7!cAhkn+D1YYMBrJ*-4N1=PZ*BuH2et&LkO^T
zOw<_g`p_`lQy8FDXbmaxbaGY1<Mpk%=UNKQm54A+_3Uw)V8Dej?>Bq^i6J8xruH_V
z+#1)$*kYDTGoC2l+f<a3?EU(;AG?nt^~Zmm$>Xqw+6>KM;o=GMYO;TqHD~5Rf-M8~
z9|NcKkI(2U9-Q4VFj++NzIZCIuV}4tiq29RDpP29v_{R!caiQj!WNc?pNf#@N0m5!
zOOOu7BY*SPYjX!MAhE`9Ssg(a6>#UVDs(v~k+N)j{b}L(6n9>^>vGmg^Z1pYP{IqE
zDeE*WnTrd{9}}A?-IeOq@mhnpaS=x8H*-xxg)}Cl8V=1-tv@P61iSsZNPt)jkcBi(
z2WCV?c0z`<Pvu%DGr=^x^_Y&<&A!O!`;8EPUUhDr>vgjJkkSb`#v0%_y`=0Pruz{*
z$UqeAV_Ut~3HikgGT@WFr`VxuV0i5cLB>OmjfSd=$q#rc$>Z{}b&Xe5dkS4aKuQqY
zPxB<Zr}Buudx^KJSfT92olUSnsT1J!ZCmekUnk(pc*&ENXl7uaTHYKGw}M_CV!0s=
zKwy4{*-`E16+SvDa=>srsgMsEl(h>O@bQy7xe0*5cfS>b72P2Yz>u)V;6kX&pAKEl
z&<&Ye=p|Ns{$q9cxNP5KB86SJyqK<9S;8Rh_kF2zkhzp0Hkmn#9SA9@yuf@nWJNdV
z;Tt%a9l^P05KONqs-&D<F!Sv`@(sUe-Ow*=nSJ=W&xot~?$fn4Nu8f4A4rY&>V1g9
zw2hWX+R7GT1>SBj{9e)MS~|W4CvG^LKjaJcLw6xxE%`1BzA!ielRd)i7?VAMsX&s?
zNXG=-KP2p3<g2`&F{cryB_XzkeX*@$nS|>$q^Iu_SoeViSD~w#@pNW5Z|cf3ZZ-lH
zhCBe9Zvj54mc~|P^nD#cuDSfY`=w>8*h&P962>BwkM|2EjWyjvu6m|z^3&g*Jh*uC
zG)qKIjy8%Qt`!2GM()935u28NUJQ0w1Y%Tb9UU4fxb8Wo;<I9SS`OL6C`TbH?^jt|
z^`XinAeywy1s+rOIi@mv7WEpdP8$0MTQcLlNFZkwCb_}2XwZKA6Y~!5{q0xYw`=47
z4xIiCAp0-(_CEkwRNS^CHb25}x8sZbXzCDC)X+lHnIOTaAbc*h(jdA#c1sfzIbd(H
zWZOxQ<W<Ld!At!`yj(AD53fYVW=2VD9yDkD+h*$Y1(m1w{WVk%$r81ZJmc+}zn?O)
ztyBl|ZFKDBtw`1ealu&>4M8XRJ6fRdFm~AWzP_wb_eR#V#46-#)wVOC>?JZiwQOg~
zj1$<^K;~L)C`niB;}1A@iS6iVuXgIaT3XJ1I+&lW(j%jKB#2!L&U^iI1kKp8^B9Jq
z<hdT%+b^dVvfpG+9Xf?!#O-nhc-fUS&89ycZAUYiO#!@8#b~`}Ap0e>a9kfkF&ZB^
zW}qn}h+DkkHn4)apw);;M~^}!yidO&iKA{dXTv`7SrNRGEbh~7nA=wPf_X!*$Ya~+
z*14{&9tU{lI{-cog8(C}RU(|JYN#iGR=V}FMG+&!9nzHpyl;_)<mc&VVmVw-w1zb^
z(q+tqX`sA}4v`gkEYBFSQQeYm6o%2|hspzW#h-^KWH;|sQNPxIy?|HXFx;0PRoA-=
zv*O(>T7;FCH<h<-Cu;sZ3i_LC-gzV-i2ruU9p9gSQ#AYQ*H)C55_U5-bp9(${s)CY
zJBl05pARMQm>_)3EZ0>InssSO<9A8#3h!<ZpUR9eLB?bsup1fSI>YEYlkU-*=P!T@
zI!FW%3}llGqFG|D`rQyU`oKeqiB|o>R<Xs?EJ>@Ub8LOA#Ky406mtS9j-wd~t@R43
zstg-kft3~uW#Xb)17#g<PR+`)WEF0Iy6f#o2oQLg17xt9&Au8*`22q(eEv6y2`4L;
ze=5|^W1=fpe_I9Y`z-t$X7hhcG<L8yclu^Ff1Ab1+`v&uO64ES=E%;!C?0{P9}yz_
zl9JGtvf2D7Ai}+Rzr>SL>~s#UV0hAl;CBSW(5<XD^j$Dro^`H=k$Zpw0Qh}l5%9*-
z#oaO~Nh0B`Xj&aJL>Ls^t@1C;RYoL`f+;gg=8iblYdMq6eR=eCzOMS}N>MoFSIV0e
z`${F=`J~Z75Wui2SE&*klBo5S1OwwZkl$K%1`tiY?CEb8z`Eui{AH;dKCE;1U8gx8
zaLeXP-u@|W<1T#%>-fF~=pephxBoqE``=6;_fKXK)3-6QGIsb|VE3&Oaa<Qd`Bdo=
zvq!Pe${30jAO|#PZ@eG^v6CQ>P9y1U5y#Cys<Je-M=@egTuPm|StET0Ziwl42ug<Q
zB!Wry!^8;22hB*FR|w|}z`%2Q<TRc3X+N$j-}d=B@&q9EO5lTv2PP^)Vhc}(ks`fe
z(4oI6^Sk?DVkZ)|43nY!_^q<eeOLvV(w7N);m;WM7eIHSI#V+U9j9K$r({5(T=z=8
zR`0rT!6m4){uRP=sy4UUs1mr`REUyp*>Si6`>RqRJGar)YB|XilVrG`W@-sD&oNWF
z*RH^zJ#WpLHL!UI8%|vzQ6`?#`D#^ymq}!iA2XVJqG@DPTGS2ZJ4+5_JGI+IJ7Q0N
z@Ouc4U&=nM>mZBkI<(1-xZi?SV|>?Uyi9!BMU(MsZ0=TLNoT#*i({#R$S|KWXnQ<p
ze4YQ`OKlKg{ZJ;EBvl$eQOc2=Ytmj^i=daSe<Z)fnTpYuKd?$}<ss3Zt)Vjyi8wgy
z1_UNdqxhV8(7%#`XKuJWM@$-KKP8MbR^>z*EMR0@r<l-LNvb1=qW>f*fzx<g;S;p`
z94#%gsZmR_R>e)yS#kO;FATLJttAkvk@0Z)&p64_4NE_tETIXq^MX@FdP}6Ml+}(l
z?scjgzA`fYj$m-mSMfZC43F9%_3j14bo0^RaL4(`o6KO1yK!h_`5F=a6*ZK))~Q3t
z8u^Ewtge++L{Y}54IRwWHKl~C<Vd)krUPY8aTC)>od)b08+TX2<??9Q&d-<gCXK`^
z$Eby*@ZzoWXMq+ubKos2sBL^o)Kb{v{%#3xc<&MRTsG4$N>kOfXl3L$h>%Z{9N%<Y
zRR_(@Gfz)xG*XNrf$PTKn>~=P+&G2XppqnuummW6MKmy-K!gR-zl&y5Mh<NS$2Wx!
zNX)Sqi1rVFy@E)^(*R|@_1u*!H!$?zFjTTzV5>a5nc-Xf7aYO&rEGqdbh3pHJxHCH
zsnLaosV9Ii!L+j@Li4r2FlJ=KjJHaAaA4KDKm?3x=-qw}(}tm350P2zpw{>?o9SFz
z^D#ybz(mYiA*C?0-dtTi%tJQsw}ZL_Qih=i%T5>T7=t`_Y(LhU)rMRj=-&BMpG6yP
zkehB9c?M})BzUrSmwy~cqAW3$xuKDgqbA!!O(V{cKgiMrA0sOA<C6&GqMIdwo(KzQ
z_zpn|10@K<%@UFQDTY_%mF2OZ$r|4VJ<onb=8k!5ACS-aSqGp_1~y0uN=a&$F@%zf
z@-ZW7J~1C!a7+3>UC3Q2zn0TCn<)$7-)36=ms{d*w?U@rn=Z~G>erTWvU(B$kOk7+
zjC27QTAu(CuQh>)I6%N15(4njUJVSLy^CpPDsk-Eg6P^>Lt|sn;)C{E4gC6$N{?7$
z_4e!VgRI#bcRe%}2*g83>r;m3^hcKCH2YH)=hy4BXf}XZFYmY=QZ$pgxlZUV$_5!8
z;!s3iG7tJ-#Y1vlO1uxx&{3V34}S?dvlo4^gjU$Dq?>qJa-lnMu&O<CFzr4iRu@)3
zPp`N1YqhXFb$GStE$nU=`Q$m!12yb+^e%+X@{I@#yx3PJ1`qK^Iz3JRrNHv|t+tnJ
zzb4jJbS@%m!AlntFWE5sEg>v#w7o9x?2RHU@BB?P5X!@q)R5EkYVdJtR$mw3ytHPQ
ztqdIYd=v9-CM!dH)9IMhv7YVIjh*T6v)!8^_oivc5cnGSx+iLxCk<A;$Q%p9{3yY8
zBg4Ek6zXwC<S{npuYnpzl0RHLOmsXe+q_(#3wo@@s;ga(TQWg+%Acb=L1PzSlqgqY
zl%p?6nK%sI7G#+WRO=Z^a)waE?8|#I=9GpnrXx#>F=T<$?D0iZjSMEbG~D`a{X>D)
z;e#?`HKH)fNL_RokET=<7H}w&#N6|ljncgCv*UO7mj$-dB&;5$EvA7<fx_kfM`=yw
zZh_%bSWV34&qSu@HcwM%gy+t$Lk;Z5q~I&g7+td}UlU6LgznBs@u$q(-vCr%l5F9T
z?aIl4#+sCyCWGGkby3nKMNwqx5&AdkEIHz2euUkU9XBG5MK>KnthUIQ>xMhxBn8fv
zOacReqs(p($704+hGeQbeXaH6@F2v?;Y1p_CC4#XI=PO6?Us2`{KXY59_?h?QG#&L
zF4a@zO%I$_soY`O&;f@wPI-AZ^)L$Z&xr*C^gE2bfI%ewli<wb$w+7Rl@^}#D~C)c
zAAwx&_?c^#a19Pwih)R_a3^a?$9e(LO`G}#pL#*8G)o;|9)h0BFIv0b^C|$cEZK5w
zjg~#Nuk^JQL41NTQ_`v0NjTFV=_4$V4bd(ci?<MXi}rAp92_&H`}JnZY)t!at4l@-
z18E&vMdXJC@g3&=N;CEvMtxQL&m4GY91{B)_wShe9s;o*1ur;R$|q}^G8WA(l7oHO
zmd`=ax_hb|TZ7fk?_k}FH=MZFyH8l3Ir}j!qm-_OBU49Io(eRElkf=p99zTLCzWov
zw2iMV`s-7~v{yzKFD<-=L#WX*><mMVx9>=_SDd$yj5dY!(US8Tz>&P?&j8RIB(ZtL
z%^a;z((RnhP_DKP7VZm63P&BglXTWjR0iVxAsjZlglN7|oT??OcL!m-$<FVf_~*|c
z&{&^k`?k;R0tUyT(sZA-ZQYq7YPt53s0nAaBwGEMv}BGL%}3fM2=IQb=fDk;FKbCG
z<Vm8}USIW6rW2Bz{Mxd&VmxXs^w(<46kPMV_N@a9TC5}#&Uuv*lpEdO&77h)Zf#Uo
z7_DD7Q>~^<lTt*|ip>snlBu-Pe{A$xH;@bY(+ABvr_*eUn<q*qVXaoA?lK-en;h;m
z<@O=kuK(EPwV#!GSsxSiHa)D^P;5SR)<ta@x@#3Aw0>oBGh94pu0yJF2KJJ+&lK|X
z^n?<mT1>Z2$SO&p@6Z`$4hT30jbYk)Fvc9B#n32r6H`jUh>yp<Q9*G$ti|Q7JQIDk
z;~6Do&&ky|1JdoZJ`f0v<<%Y-fA1Ie!hB&A_G0HvO7%6Fg!E9sc{EPYU)5h1rWv&7
zsj?@k4YbSSsPml@YHac~%WJa&tQB&80dksB?!f2c8hYfR0M8OhxuN%0K{BIlvxh)O
z7$%!?RGAKNc(~QuL@tMtMMX&>SpX8SETMnYyA0o1{TVn1<R3Su!e?ek>uAhmIqfn3
zm=k#E$TZ29fNB6+QUTxu(s?otTw0zGU#TU_M3Y0rU(#+i$3P*9YyqiUxeG79iB%dF
zh;HvHZG`yLkhGM5r#sNejI)~l3~&a9CqZSneS-9;x=gjl2i$!YV1*ULMl`9<f&xpu
z*Co8s9r!HmT+f_=5SrhIdb0NOl|Q%D`9~BL^;8d}$FA-HZQ{)w^cU8z%D`lv>wtQg
z&<P<n9Y6FMd>%ML(HC_hJ4kr_tW>AedezWZB&`mq2Gx;HiG=c&p=|Ekbriw6Y=X;S
zfDb1OK{uoTA?X=cL5w1A8se-z2-9kigo1%a-!{H*AL?hVlGz`uL2*<tpbHpT`W*sy
zdgOtR(sy-t^W$tH#Y=yP(ByS-TZ4o`jq7q<F{ARMB-yrx$(T0zl!4z4sF^};9@@V?
zT>B>%h1d{Uu3<@foj+5$20Ogczp`M^zi5md!#dLZ{p5*m-Ax#2^(3Of!G^?nhnbLo
zUlzzPRz?F6_sje6^NkyfQll)?`oeOV7YloNwjmcTCZVfebD`q*LdM9XURmK&sR|qe
z)fMUxiyFy-2vg87XtMkoNB3r?&~yjx%fU;DYGfsGa5Q~AZ08SOsLfsu0gV|4pQ8=K
z!@PoZKxnfOygeD@<VHUkAwK>|$XQ;7r%~}8<3Id+Ao!OTS2T1mw{sG4FgE^gKqo4a
z{~PGQ2>)u(s01BEZm}bv!SMjA{Xs@Uab*eHXq=LiTI<Gwj@Kg?rl{4*xJ&AFcmEgE
z;R~DzxhDJpBJMnoIUHov$296BzploJ?^>*!%0jN+A)i_ym3zm%Zs~kW|C4HcT^nO5
z%7{`zkyD+#!fF8C2oI4DqFJI=XM6#JB~bj0#;DA}o-H{;y>CzVr%Cj3Z*yDKZbnGf
zI^L@dTqaO*?vgavKk44lcsqg!zxzZL!F<bD|2@k2pHD9B{vXvM8>jyPY%*2U?U0=@
zzO3U+n)UsV%m8ySD1(@C3#fAhG(n)mYBQ)0k@V9)*J-R+^<5RuVf{(*$a3buO`I^w
zq8ZqLsYCjoE8yX>_Sv)c{f3|S2w%O|naB(221C5QuD`UuuD3c|PcPg74&B&&4Jsyy
z<?wr$nCP0K`3VF5z_5VSAf}^O!R^pk?T&9kHQlvJ`wf{QV~54?F@gl3fmTwj7x5iC
zwnySZMFI@va|0kl4#h#a+?kWtpt3<JKyjdK^f$<`cvMHe8Ew!KRI3lbPR`+Q>n{;0
z6cO^5CDM&WYkJJl2gZ{`qh*RquDGaJMIKUNO5Jl>w{bU02^840FXcK9S?N2+{$6q6
z{NCcB>>{ESTaBFyNO`$cwQ&t)PKvHal4P*(x|Id;{?#P2R3ptCn<$ium(qO}Gifk+
zAm>Q-lV%H4nb+odF`4<HsvDZ|bh!E)<4pCd2uUD~OH4t^hGtFFVtEcLI#Re+5qa{~
zqWKFLdD?aoOAmu6j7;^+D%Wals~YT75`7j?&P~|#>0Ih32({#g5bIHz%#AMkq>U|V
zrl&ZUsB1_Lurj?8NC|WfrV@+~XxdCqo8D>rav8`~k6@{hj{M6kMwC)_@qNn<W3nQg
zOaZSUT6e25KgHoSf2P)CH1^40z8g?!)wzcraA=gDI2lA87}c+bQJzTW{U)qitmfPe
zCqpmP(AY>gZa7Jr%xo7Q0!I3wzwhiccT=u?1$K5yWhh6ZKlG<W0%CzwK}CydaTBdG
zk~bc<G$kx09FxrWf**ArQANJ*N8gX|n#d3(u1M{LhliC8z<x@@=5Wy((Lo)P7$X;x
zP-U*M0ePv3Z`S2-jpX2^+K+vERM{PIR9Ss|P*ttUJ##KWOlp-|Dnd{}((FAooo<eV
z0)wDECdf3KHG;=acFZ?rt{86$ogP4o)foWYRF~MSRK&c3Kn5KN48$=H(p);DuuO7&
z&cf&|8Uc-8-9aUj3JC({B;9smgAs1xeH&lg4M^c&kIw0IaeZ}$5yBB7mC1<VFx@Li
z9r`wjH+ITo@ETk)ezMfGl<iZ(EnzNeJ7+U&P<S3`>F<8fX3Fy}h^|_hpWu|wy`SS1
ze#xs|<QN_Y=DiJ2#WE?CGU?dV-b^TYOpl2qyjq$J3o1}8<Fh)|^(vnT<-fTV16RGM
z5yzHNs2Y<bR>%IxX9$tFQKu3SGUW=M>U#f{f?C!J;H2Slk~(#o+;yVHIqN-NbBCCH
z^1=G}HR2b-3ZRdt19XKco-NOFf9IxJKy2<jvqhP|4%X&=l7SSK<xe^XZ9Cuz#RJ9;
z^A2;+tj&1{0xgEW5~GDxB+ry;Xb*sFhkz=iJW8V8N3{X8Ro=YU^gyZGdw!PsJN_mk
zcrGZcuy+Fw1dfol?v}`_%lg5L746|xw8e{gd|KZ}hE>4({kJw58Emw}3t{TDX;*g)
zdmD7?@31bN1LIB_e}Nk^ch5+MC272_XizucKW@mHH)w128&P^L*~zC680iu2HcBKE
zkoPTWsQNnS<wIW2p%R+(xTm#F1<JFG7=*cNoZWVJ<zx|PS^P5r?p<MBJ1cmRoRPPI
zhfg^_aQ!9_M?5<fp1RTNd}RHkZkT!*6E5o?LN0KW?{Oz`J&C7Gz3^n?phqe37Yl(R
zO13U^l}Vy0mK9(5;!I%exdUm3;&`$P_lYhK{pEqYAI4WjdZzidTtLvL_1}kf0(GP+
z?v?8Y5T#=7+_6|6^yXg8>=^K+ZgGWwq?tbD*mWigJ4WXiIH1q^D{6_87&q8RSsubH
z-RYJdPMZbIX?*r-+$Cx_h@2NSBzdK(FsU8XdD`8ZOK}rqjvRCX2Z8YB*mU!K+!6el
z7G+Y#SA68j)$$4Fyv0=6ab((owi--c;m5VvwY(T&T?w!~?SICF+x6`5$G^ey5u)|U
z3;&38y@lQyt}gh%7S|cTf5!c_EBh{ZgY@Zgj+v(s7}}2FDkmO3a>uaXa4e7A_Gbck
z(pI}|8x1+c@-jxqlfamB_}b<2Gg7$d!8IV;i`MzYr(%G@6}ZBMd08%yFSf?ub(=SR
z>d@(@?8`rS-Vbx%Er@UYO!|$V|4qXEUp(*Mk@KY^_95a|rjFO$OU6LB_|G5G_h4~W
zqAUmyb?Hkh^z^lvOe{1qzII8|V?p!ct(>C{V!pvkx#q6|x@6QrE=B!B{d9sUkZ^uY
zrv;23Gu_3yuZ8p5j--@vgxEp1Zm!whE>EkQrmorZ-Cs|K+kg+dvQRGji7G(SzUqJs
zKojIEz}mfBbq4Mla=`$m14HGAL~D9KN&CZdDE+S>JbsQ)uK4;#)<bdVLz|2GMdbM-
zp`j$ylI>?iE~9V--ZRjUtwi5L;i2RpSC6|1_R4gS?}sqZjJZhy5tZa86|M^w9kI0$
z>d!y#$!$3}k8@Y3I~LhUp3F!wcGFduN=+_l5!%X2aS-U|4`)xTi1ac$tCD$U2p;-Z
zaz@i){81Y&K1;dlNV30w%nRf;G;N4ekx6tkDa%=nw&5%t?M07vKM18=q|G(%seyUQ
z3Do1FrzT)Z$eus#Nzp$=9^9y~ku|R;VV|w_5@9T6UPm~GVm!!VaWkuPK!Hs@u{n!W
z-08L~(yC9m%g3m7_O`G}19xF-;~XPA4NaQYZWG?OpB5-P!7{PXqI`f>)qvHdIEMIj
z_LLginpOcxzMDsCWTC>se7Y8#ShxXJoF=Smk?+H*%TwI%0$+J#T?+47TZ44>=^+bt
z#a$ol==2zwW&Z|07qcWzXlZUUTNDL+YilG#M656;WhmolUWlTrTA8Hyi@7Rkaopw%
zW47kV;v+2H5?cCgn4W%r0^S`)cyAZ}nH2M7;bd0uFj5EM=f=6UoU_kp?c;Hj)ogdI
zMk4s|oy(G<UC9Vi<)+nc=LEKKlIbjqnjL7{4}Di;d2t8~mCSsV+!F@MwxoL)PaW}<
zE}d*SIiAkB$|#4`mWihd8|O87$yP+p?E7lrKD~hT_U(vRM;>ziSq98G&sPsm;)j9s
z>tT>$>6{JE<vzns=7?cSblC-(N6&~+ui2>+!eG`PXE4{ucqJ))_Y~i)(Pydok^vwA
zJ!VPwMJaqDiBaET73?8x%b&vlWOscd$0>ZmDKG99)sYm3Y0fBog0m&vUa@t<Zg$Zr
ze8OCf-X*?!z++=}E8o)iknVG%c8g{QPQr$3^>w{b+N1vJc|&TdR6eBm425SCO7HgA
zeGNg{n;fFa^_1RM)Nq+dX=L`Sb&%S!IT^=NH;!}h{@^6cot#4#p&nkWfU!LM?UvWN
zT$&j(DDk|tI4m1VPPP>b*@Y*=KYkJborY0%=}ediOjzE&SKvu%zNdqBF2$?4AZ5yA
zd1&n|<~R^(xsZ2}oceZBeIzQ9&AP38RGJ13$+;wp^0D>O7$0k^r^3~`cuJ~oIe5`&
zc$@1i6OZudh6J_;yLb-vV!lZQ@kifVhca!EpUi(_gD-W6(L@I$rsXA3<~ouTtMl}-
zNoQpJ%6>Cf-v_r~?}?Kg-}>xQO6oq}hP4~Zj}FMd?l)8@`O)qb)K#foH2t26&x?H<
zBG1qw``rtD=+=RB15rRWAr+sPZw`Rp0eUR2D3Lqx?;QpWP&jJAmx=mkwq3#oh)BXf
zQ!&_EPG^jCdx&*9KU}tOQTxbaAADIki9geQK3tHupkv|^lzlN@KSI&=R*jaW8=Qp~
zHO=66@K@-zP&ZoyWSxXrD`!sSR2%Z!AV~9PuZ*qGK1K7n@lb!FLc1Hu#p=hvKuiZ@
z9gC9%GEQtlI_(hgrs@)16MHyA1-OBV=ICS92VzdY1$2d=UW5K&nv2W}nEhku``gNN
zW19fAAQLzNUr!}#&)X|m31hq5gwG5v&SPkN51~}w!h;owO$s;hol}A10hPlvZcdsj
z)&?;wTYTIVMCZHfCmYGvJ;mA_;-1<8i{Mro++bg=T!k^_x<T%*U1vnE3knJI7mBH(
z!<3H5kZxZg)T<^{m;TcwwS%_qw@PPM*NVpSh5I#wG3(ud=4wO2COz~=hP2L!(4GK{
zUb0`wR(c{N&xVI6N3oR^(nr@oG<TDKmXpJ_hqG^!$6m4ikh-Y?rN2)S-Wc<Q0{sfd
zZV_*_d|uIfYkXm7LR#y9Pezk?F!5tnHxZ?B_`<QKncZ_&IRRbM_U~2Q8o;i(At_91
zX&XSM*@N2JW0!mmJ+~Za4*d#m?ksbQk;fyz>#dJ9?=99azt>j?8EscORL8ST=!hxn
zpv03s*($qP8@N<0zktii&yEwty)BcHGrVZ|@ntjrm0yv9J26MUq@QBH)nhMJr-FLx
zu6TOyvxd&XA@HkzDs@K{1WD6p`QVR5od%cR*AkNj`1mh?6_j518-YQ&aJ7pd_0U~e
z6>|6`vXE7ES&uPNEQ*jcMV?hT_LYpg2-rm6N%C$b=`C&Jrk=CFN)^1DN8QIAav9zq
z5*D<_4RmYbIHEgWf6qz(E4k~NTnu3AVET{p-oK9c77hN#2z@(!L$m*CCH$`gznhT$
z_km7-EBF1kl@q^P*L;up$Lp`I#eaSGf3E!Z364(Rr7(R5qkqi&TQN2}BK2qLcQYk|
zZ?4o|Lh^q%Q^nZfzgn(EDQe5k>!J8;SyvRQ^!5S(A`bEc=KAZBg+hepD2AQn-S%~?
zZ$-vcX|F{OWbb6(EMe0wMAZJL3V2;Pb=_cP@RWV}J|nC8>bTmL7l3M~Hkio-RcjWZ
zzarRYLflp-h&-U2K~1ifEWmP3EBPomJUy<p(4Z8%*<RFt981Mcb+F9e6KV+~jxxy*
zv>e9XkYhM@#V*1>m(-Gd&-|Mryak=r3@L8B3DoSkQE!Cf7pAv;hsmJ6Oqtrz2mRIu
z<2KrK*L4cMLGDm(b`*H5SyexglPH8B4D&JM^yrK4Fn=U7x&h5KPX3!j{s^rWcqrY4
z#VXdbP%yX)&MCjA>KLs&$d{vN2a?yWvxF!LS*BI6G0cO;s@Ho~3N8pU2^k`UGl<1P
z5eI6$G9d_=NpUSp^AD84cpUaDp^1)5u^~VJOh9F3l`3^R85b@x#=JfLIgFLou(6R*
z1OIGCv^b`;xZ#g}1kd(TLu5l3xf{M=G`usm7<$lk4wsuyn@7`q$0%evsf-;en9ku#
z?s0sG);6MQr9efa6h;oMT-flVT;ND7&aeE%9&5fYrA^OcaDlC%N`*@&!fl61ZG~@H
zYll>;H?AI7;ZMT!Au(4A=8%Yo*<ylU6e%6xs|4Xv9&<Fa%#I+BK^YiRzomoq!1|5;
z1OpIa6q+_~xFl$aaCse$Ux#+`2y{dX!D^QhrE(--EhxF3SPWm0JDkt(>Jg2JXTsTM
z-e6666+GYpjeJPann+JlDV#!M#7NM}=OZn4<uymwGZ#dsCx5x<MLj&FgUy(MC-(u8
ze8SNoG33y^YK&XQ$94^fvEe`(hRIU5sTQPLEju@!ft(htIp3;e%5v<3v^^OW_y0Ea
z`3JS+Uysty|BwCsO~Q51|Ht|G*ZF@n1O9jC<8SjF?ev|@{;|s6P8r4P_%!i%uICy9
z0D$NJunNDTpt!iMpqajdqLYKMzV+YY??P2eyM#qdADPFrNu;=*U?S*negiduIWiF<
zKtBW~VgwK&WVw6eZesP7i>h{Pnxs6mGPLT&vO*2Wk|=bm+!P_<+}Hk6Tu<jB#!Qzr
znPOg!O5U~9&)Ulbp6i#cO|2C@OH<Qn_HFiSciL%B_T%@HZQE?%nNU|~#6ErVE{e$y
z9xh*S;|FH*XtDcPCV0=AQ1F;nxzJ&+n_c_V_qLcxWCoA95ZfJc^Q^}mO#HDMX?0GD
z$>zWvb@QzFqxCs1+DUqK+_<9__=rke(gOG10Cew^nB;?f&N&#*n>u*aJydv|Ke-}i
zmN#ikq}*<s0oN4IbC`t4u+<Tm-cV(l`XZJ;r&`@i(h;#E+01BAxH<zk=V#jqiOf~W
zm>w}^Q)aREn`z@$aKoy@9)$OyY~qNK%_Dfwq8vN*+O2j>*$}aD5YjGs%n_gCOGmPn
zd<Yk_Y&N-0>kTsn<e9Q?Cagvaeh&Exh!4|*+k}!}v53Mj##uB8T}2iM$(0M-`qtVS
z8tIBKhNeSRnR!j_$ds)%(V7oPN5AY=T<SDLX<POc05Niw3=j4CZHZZw8!M`d{<Ios
z!YnQET92p5N2oa%j&#%QU;0!ssHT#KG%ezlC{K1JQt*ZqnS*!|#bOZArCLk3L7<W*
zG-i>jOqh+8!AkuMUewfBU%y77rk)?^Z)P<nQY}Ub$aB%>s$;cGnZ{Z-Q^!|_={(P?
zO)*Z$SFuv~oslF|+F5U{%N92wglsP%Cm$8S&F}5KX018s=fMl8r2n~^yb;F~B_)(&
zKKWYSq)g;iT1}p&INl{j(mr<S)L?5J_zCSu8g*mW+CP_;-_(*?_(wf^NrRrZ0dH0L
zmrI|9>l4=QW`OwbZJN8yAprV3#trIOH>P@p+zuBDwT5O(g_zVP;Nn;vF=Hx-hzGWa
zoN516s4G4^8I7YOF-~K0kYUKRVPHl|+E`clT#GhstZ8h*)JMSlm_5^FnluExg7BfY
zmd;od%@SiL{QcA)VmX`!Yo?_Ti4IlLq1u4`8_X$qAv6)B&1z<JPF7;<dlbn`C=bsx
zpRUMhEeA3`n^-6i59{gbc$<j86n7!^rG=!Uwmsz6V`y_`V-j0>V=QM*dY|6eg64gw
z5>G8>4~CuRDg^TTD!5Vyv~aSmB@2<rdAnj7@V(jghZp;dVKqL?dZFOAZVW;4eIoT0
zlhzMHldaR==@4%XIh$T;r7)Nb!|<2K%~~T>#!D1W+GeOZUq3?gb#obFhAUDK%2*4<
zA<X?-85T|Jo|F1AO7AVf^64jctTX=X<I;g9dvAr)i(8pqSBbGPs>gqvN(uek7AuVW
z*cEc<7AR>lJj*(I<Wl6&A`)j6nlr~u^;?SoRtya%ErvFfF9SBLbm3e~4BvqoMlyFO
z8Oa9bprba(Tpu+OI@^x(x}!;}yEO`TV}!H}H+2jR`ALVISkjM_rTyoff)7|TxERM2
zNxZFF<Vj*rah^`d`B&y9ZT)d|v!_VpRr+O?eTk<?$Cc`;Q@OKl?|#Ov#HS_uDh%r{
zIqzK79Er{o_u)nY)(2}Gd>U7<m_3+o=x5gjb|YbtqjbBmihLT@{vqOeXTr1<>UhZ_
z8#~S<tp@$kP?E<Hqe90sIQV0lHHA|g0`HQD?AFGtE5sI&9bAzwrdJ(-ddX8d^_2dJ
zQF6^I4rpD~LQ523!<%e$q^NZWSLg`D2?%zP9X9Eea^-rB(R5Y7wUcP>l;I{wVJBO5
zZB6N?#TjR6r!AAV3zaqt-zpBFGjMyt=v|V?yiD^pJp6p%Zlly^kn|f?D-}E|d7q6u
zG`)0<z;z|YtDJ&M3sf6bY`qei2MS>Q#`r~3+`_8BbW6sOKO`+g5F<|!uO^G4S4aiI
z7U0GkeA?rSlPi4OxC`B|*z67rv1)lOLwpLNBm6eT-NmgspQbRoIZg&22r5uIAP2%q
zfdX)QN5oG4F#M_Xk(CS{aK!tT{c5NVk-2Ud<5o1$=<*qZ4j79Jgp?$$S$y&%rC||u
zT&t4}nb(b&Zj<r}PK_uqxl$^k@*Zf$+J-5Gn}@J->Ra>J4X&9*CC3<pR{F!ZX|&##
zC7iNKSHtaWqUY4`R|2T(J|1@H+!*`PtW!p^beZu|o9!o~DE5;G_52%Bzpi_9(DuA>
zE{FNO!ZxmmX+mzW;Pzo?FRtgNkL^H?ZxMI~`kx{3a+C1~ZEsT^*Sz+;@Kj@$O)U5Z
ztgB(^XPfB;QJe0@N4sDOTR_*T;O(3E=BMFMXJTi_fT-2W{Yjnu5G==9kln(!ywczU
zOrO1#B&nMp*Xj;t?I>;1iOQv>D9S5Juv>Lcm>Ujd1T<yj9i#Ik=JcW`R01;|oY|8p
zf(Zum@5s=`ER1UgNJAM{kLVhUX25h40X8Ro5qvQ^t%BS(9UbUWb5e%Xt{m0$%=Mz+
z8Y%q*l-Jo~Hw)M3=ZGXaBrc}pxZFsNxtp42S8Ia=xZ#?_`&mNz{09ha&brYpjM*!t
z@zr=~S2dNQy0)!L<~Sp7e0pZkb_W3Ykw*stZlAjC)*5G6{puZ1W}lnm^#k%IYntST
zC|XCMgJ=!za}umYLYp#o%=us%MQwQ*3i^fKvhs{MTyM2vn7fjda05-aBs`D3Ltin`
zpnV!=@D2zZkp(2^Fx_{zAf^8CM_{)b!LkPe_>`EGH(ryD50uVl_Wc)h<cZKVlZQAT
zi-ZJ*Pupf#jWHc@CS(3;{N$4*%I+nt546O|KX9;e<X02p!<os`__V#nAzll=N~g2$
zZpedvCky&W^Nfz?x@zF!pxZxN>cH)qJGZ3tZ{IuYL@gZE#G{J5tK}0)K^Z1Sr{(b6
z7RZ=RYtpn1#SfI>X2%`#x=lWlA|L1?=jD;0Z!jnPaF!SyTuOQ|y*k7U#El$sSIE^;
zfF2_bp>$HNfda>_W>U@_B&@h`G<MEPT+j7If%IMg%eZbi2sOQqzu!3H-cPII58J3A
zyO&t{t$|{QXmabX(mTG&b*3^|=8&jRq6q4R%2p%QI#afxRz0moJG~%ay{aI2oMFs~
z@kYs1#p#B{WYO-b$0`cP9d3WH-~zwmvMmAUuOV-CyWw6)Oof~rRep*LR))dDtQY~U
zUchcI{I_=#8!<eX<_JES5DGJ`NR;>&pb5wW?$ri;+k3r!gUqRfeTcW-y)Ln-L~nsz
zOBw+fGc*lzIvR*v+0o6NTo`c~)N<Jmm6BF7#pGN??Wu?{FCD3>6o9hS`nd^p^P>tT
z$DA~Fx&3*6j_~nfe+|LJs#lzxJ8xs?(`J5Z=*+?QszJjR0}gPSqElyNDa!Ftiu{U#
zB;}-d<s`;RD}jy;X6p_mS=42*`Kqj?h6CcgLq@4_;C*K%>(wt~4KIy(ky^d77PPdc
zy<aSq39K~@)Cb~O;sVAiA%**FG@KEX?RB(47Y(NunEic<rt<xid&-Jr6{LX6qVnn5
zbDV!jWTFjbOEb;}4d`jtge{mYl+FY9EDyqMgOdd%d*i9*{N-F{Ji>pQ-mu*-@?-`m
zRZJlsI1aR7jTb<Tg`YA>SFQAK)KhWl*X}uOwwNftUM|BGYs45V`hk`qm%Gn)OIuHB
zGap{XgSMt8tB`NVY>7XfnfmPsyTn(%aJ=o1Lz0(bNk{~zDY^Us>@^LQbe{jcP9HxV
zVb3IC#U9>V)PDJ7PT=~ir+%WwepMfyk$u3huzz9x6HhrlD<osVQd&kdeth=8g~=U9
zT1Qk-zX#PWtA~Xh?|3xYNHxA)rwfi#$)!(`H?WWa-42`+ILHA5oa+yFo9lAAw2mbc
ztK7;w<_!xfo=fR2bhTPW^ZFYc<s$p<3E`jWwq1b-uZCoqHQvvCqUyxKv>oVmLw^*y
ztfkfZhIco^Bm_`NIymL?Ue&Gg)k+M^<RQ`4h-9mo7%ULL7x1{M9{1E6;fEJ|GUQzM
ziJbvR7x^PgJ#V_&;PFcZpCdRTWfwmrO2HEpapf5o1<NG3E3}i0T$CBP9#5Ex0vv3I
ze{3@$5ixM&FwPc^-5O_xQ9oyP?t{IHbgO7_Mf@6cl_M0ajk?b8WV^fJex=tHj_Po(
z8lHA@w>coMyg{`-&HV!SdvfA$0OTgN!3+@|03ZqPTSWGM1|Z6UwnoOnih}=wL@L!h
zy)+lSzwk~a>Wo&CGDo5b)7x@EMC~uY{3YWN>@q+yQc{jUT~=<Q3RW1J4#pVlHLwIA
z=~N`#6B+@7aUoiKB}T(96J`o#lHigm^J~D`YJGUTn&y(aM8PSue|!Hr))8+q44J!%
zalCT>+^Tleb-OOj2T0lr1lN7w-?gEg8r&9pB0lZ9==a$m%=av8mu>6*v*QCF?0us@
z5F&sRI|yFjDc2S-$4#`^&l9;vImf-X{~)jKDb*G!)lHE<{EcExvtmyPPCsRebd#^d
zPlpPypY-}dKwH`YLJr?xPqQd`egkn)_uIbKz_^Z&=Fj2Y?`ZN+^)fQJtF+mA-r(ZD
zyjOuwyWenwZu6~44HKSwOwxcZ=E^N(NZC>U-ZFWF8_Gz48r<EYZ>i^H??I-9!jl2p
z%MK@Zo3xy8t8UFtHq_;Ccc!Z4SVEOm6ZP1Kq~UD34^EyJt8=Z1(Y(6osewZoLjDLi
zojg^VxKM;>ctkJ}<XWvEHxV%`MTPqORJuqzvSD0gnCUPdYjDP`CN&T=Pp!h+AYVzN
zHgFwMfEx5Zni27ACq~S4Qk&Mg4eUC&iiXuTe2mLmI}$EfGLsPzR}-f^U1wWqCQMp0
zs8w4^i%jWUpHR{|ddv&2K`ghulp|Woj#l*Wn6o9x1L;=maiLlp5;PCW8PusxJ+WAs
z%api6!Z?@}a~*cCY-LV8v!HvM6mzX0uy*+~<O;(S%8+M5vBtNiXwuKuoqA<swzjb`
z=dh@f>vVZ^R31nw83=N;p2+Z)t}x24KbIbQIX2dB8b#guRw=H64SK%U*@@OUr6FxY
zB}&scJC|e_gQ1jxF2rB%T5S0055aft6QKquyp3{+i6aKxGr6V&r1_R_!a>4dJ%t4@
zC@lm^#7O}YTZC(Ja5mX_#OLbhKX>OcIJeqAz`yvsG*I#h0r;C4zFCu6hfO0r)MWa#
zqO?(UBCLq2{d}56?aii_eTDX*0fOD8J|>RP<!Q|AXO>Q(oDSzEnWn~rysT3XizaPi
zg2Xyl<*<6|E7h*%CsGDr+)yj|l7JRe?z>-7ho;djsOg4M3hz2K^;U%8X%bI;#L4jz
zO`6d!E>u~k+qPs<miVz}1aE%<1bm0baJ0-)j4*~JqM+&=^HL_twhAuy!8kD3F*I_~
z@1`SYpqGUqmuD4U#GcCogHv8fkr$&!2YM7p`KU-enDuF{oio*RreN(4hUgq0YJP`4
z4LeA@G(8URpIb4<xBmF}$%o1<Gcgf%`e;2$yanUOs>?+RqY3z5zStmF_Pi=kzJKPd
zW2-PN-&-(}-ELxh-jTbmhk2nNnZQ2OsKL_;+9j4Wj28k@@HJ~EW1P(%3@e?q>#!4}
zYz97BP_R)ciYU$g=ykACY`yI!f#fT3X&_^VrhL?<K?E6y%+)GIrB)%%m*4ISzw@;v
zmpo!gwlODob>h=%dcnNZf-5;5!aN$N7i7GmpH{`^FVET+BNL_bDw)033ofFpSaW(9
zeE&a>Q#<$^y*&+MB7>`F+($cVUt{I`b%j}~zPM(=fS;rxF!0)QKx6S*7Y;?%*>5J-
zFj1!CwaWrc|7gm&bR2|wmbW)UB*o+jkh270O?#&r3XVndCg?eFOL6_JiL8pv@jO%P
z_@`E>J3ev>dpxYvOx~eX;A2N2%H%+5nVfFQ%WKfra|H02?T8E8_|C4i&$+Tc$w#H#
z=NGiF+P^d}u07t~!QR%(x(Ozb36DCWg!?PsDSW0=zDj6*`d{#jHN{^_H|f@Wq+K>!
zeGNW(HZ`w)_B?hgIH|dsSW`(Sq)(0?nNsRgdS-KeWm}89PeuN=H{QUME&73MX9|=h
z<qK>}vNH|>#R&L|L@ogm#T1A*l~C>y*$!v^u08U@Bi3WduDeJ58FgyNwg#fR-=Jd<
z=&F0x*R|xuwe;=DE-P;;(GPVjKzS^LL^+U|!Z%_Or$Y5`p_de5)K(lny(YDu+6qin
zZBPtjFPXz3a5wm72GIv;Y7WSW=dz9I8|Y2ICu8S+xMes7Oe!BI;9?5H_fwZowQWFg
z##Agto%Vy)wHUny0UgIF(okW}hjiAdnM-x=I;&t6Yn3t$xpigMZ>St&aOH<i2%MRR
za^Sv_yJ^Ws<yp0!LqM%lYVY63=A5XhJvO#*4DH|u+NWfmBM^7;Q7ex>OVvDN2%x^v
zbYZl~N3$_+g#?MsslJt#qtKWlo%a8*>0y4Rgwe-nr;nE1HP;#!y2lKD>U0BMo|mza
zgS*Iw-4LSQuHf<4Tu|`xOR-UoYLRB%hie3NEpyo@ywpeC(4zhMPPv1WnU9OR#>iQt
zJ^Wi>F_`jn7cQZk`5Af$g4CQB|JUem{&szqdM|8JNd7FaWknp~LcquzG8~t<>mCe=
z7L_p-lj~7Zj%fBvN?byZS|=RG`XyQhN=SKA;*fzGt~bO50~Vnn{bM%&{E{YAk~&)3
zdS#;c@TN9HB2OA^Q{e6-H&wsrP+CD9D@S|$Op}yc`#^$g{w&Uscz8yws5x>xf`}Lc
za6Cbn7{wdierL7<VP(N14NNWRD~>>EO(n?_5yW5)=E2PGHrBOPd)#4~%zc7A2!aq0
zZ{T8AAV;eLkW}Lb8C_}-_Wp8k^B7rUoHXV&c1QGy3{EEWAIzvfiZvjs?|i(p5LCiv
zC>nRyfgG@A5uY0k%xVUcjDjfO(=F9SG|g5B^6-Y=xs>mT$#yWf+=A7zjbGiO$@e^^
zfTv~iYW|==jTaQu3P5+62mQJX8x$Cam_j<v4Zs<|>AgT?&~{3Y*FtfT`N0%^fBFA7
zd&eNnf@}-4yKLLG?dq~^+qS#9Y}@8nc6HgdZQHJTHFxH|cr(A=+=%>_C*nlp$vnCC
z-fOSbR~7I+Oxn@*OVyZsbPPV1!TPu_Xyq-$F)+d>Kv!|tk|q>CHZJ8@kDfXI6Tu)e
z7f3IUv3->1iJ0n4PvX-``KC+Gkjju*g^V?AApCD?FB<doqNc&LCUt15CI2Bbwo2W%
zWHQAplx<RsprOIT@4B&#Q~7RoB9c1-qrrxH!YnNITE+<T)hPq$HLF>);fYfPnkK?b
zix~t|EMpXesZt2{NAYa{#sZ@in%PK1SwIt5yDa_-{OJ>UW`_Xc2TJ2JCh|lE4gGHc
z>Mzud&!zb{JId^4jKob-0?!bEWBB_Jx7rwqS2nT&U>Gp)v`9Eg^k^o+aEdWn2NPfz
zvG~A#f3G^UbN5(5R*H4tWKjAH)1E7{ZkEk=VQVAdw`I(gu_BI<laR;tl}^XE#qK2H
z({_7vAl5-p{9`PkkWMrxm|1T?B<~=^l;%%Kf^~8Sxr8!E9&YV{P}CMC=J44ll|cc^
zUfpT=N6z`<kttb0LU~}10xaH_1RC7DzGwSx{zPu-Isd$lgrn@TxsJeQmA+f`Wcy1|
z2|2NvKYownbup1vPt^EBy><1K4ndJtoOnY-68b8}lc=MCfXHK#d?C!>QtXpw^3v|T
zd-9i0Q5z%Ok>K?=jmkeRp&>5vlvZ(f8X=Wtv~_VVip}M}a>|7jRrWj&%di)KV3^f#
zm7y(|8aay5c03v}hE#ZUm0{h}UJe7fz^fTzI*KRz&Q6V<<r;DL)u^wf8sk$lFf3F7
zM2(`2<!G}r#j6Wo3wd-Z&82dsYx86-ZL8&-{aIe~uB;VR^JJ}&hmTOa(t>{zFspm8
z;;IH((g!aQlp0_cmC;wgxH+F6nW(jT+|qDYy)~Z7r$S_#tNyymhEwoiTMD)bQZj!?
z+e4WKCh)*!{_a)qCE*2T?xq|dHw$E7CT%kfj7?7hTcSkZ<0TIC)3D$`?R8-m+)h{v
zu1R=J?5>v|LMo%8YOD^n)`Q)r5}`!8+o_QT&-b}5!)BD*2&|u<Na$Ve)yB{o4!3S?
z0_!ZiSSNVwv4rAv?ypIb%tFe*tQ>QBZ&nOcIwcB81eVRSyupwvq~cVx3A(kP9#)MK
z*t1AcE_;71Bx&s2WRRj<p%|O1)Pp&7D%@r|j2Y9A*7oD9*gmYSDJ%A&&kf3%h*TYF
zURHeYU@2d-_xp>RQp#<g_7_>Lv~9YqGqmL|_Yv_v$&ej9@Fy1S1>R!Lsu;&Bi<m6$
z-(+GTsXgW<FuG=cuDgxha!Vv0zX1<NpVg7eywt0O<KD#?oWH&QGX$}-;=j<?;+sQ-
zA!M?sL`A2L<WUk4EOBr}`@rJ>D&49PO%(=^T16=01|iGvN#BKd`9AwH#9OC723G>f
zqwoe{o~cvy3gIu*>Hs_g2=7S4$y_NP)Ewm)IV2~lA-8`G@<V0WaW7NUJC4)hh?g^x
zvk`uQ@iui3E%CoLj444e`Vw!ukn>Z;vwg;2*a_;?V>?vDRUKGr8gObF(T#NyXwDxM
zX!8uX8wz!<)~bt-*@OO@A&r>*&$xAu8~hQCy!CZ#(J``OPdpl4JHYj-;ZwJb=7g;g
zB5j#W7f_=vKg@7?W*^VJINESnxybD&kzG9)E&?B}5BMSi&XX%V?nwcL?m$YL4B;Zp
zuY73b=;WXl%;<$rwShGd;|!@0fn0)%U0}U1xYKsTfNMen7ujTf+cVbOt#`teFsvDK
z9oy8mt5}_yUk<Hwa%sPZN|71n0TinIy=kYcEM@p}#ClU5cZFD!P_4l1CqL};v27RO
z4F<^FA4TR&$xHRsC0gW>q!WdaTsPav#vaaIVS|Hn6f^jR!d^KK%h}1pNX?0rTY}&@
z&*UOg#C^1pT(tqWqZuhmsq-UQqGkn*qi#d{_=MW?UQxmIGY8hr+}OO6gFt2l?8i`8
z@cJ41N*+SoZ)?~a4@_%E$}6C99}re{RiGPrO}WOlcGF5*WnGuA=0<+3<xrm7YyO~7
zn?7`lH8JY3&1+AOlnZPxsSzQ@z5^BvOYmnoAS-7D<S}Mp7`!ji%UDZN#?6!l&QlTY
z<W!X9TMGSMV!t{jhTq^49^2H*HjU<a!(idSXW@XCxU^d~b_P4(;Dd3!xfRFZIicbl
zPz-t%BF%7r;<zR5$PD4U#}Jn$7HDHeORDUqRv&T;YMOjF*Ml}BWHj(A3AApJ5qisN
zMMT;z(48nAJh!`!Bt6&q><PYSe41_VN}Z~7rY6skE!}dyf=2T+)TY>Ti-9h8lb_+@
zctGCBPMqj`{f8isU@q21&v!4c_;*7q*MAdr8#>upyEvQ3e^(O!MY&VdvO-}*`K)VB
zi&nB)+H7~#@>#a6tW^<K2qc2)CD={&-<2|D9~Ye+PajGAqycTr&5iNrm*h#PS{>2^
zBIhJO@;>5D$?59!2CfM^LlmR|Z9&*I48)?7A?!YYP_t+4cKib;q+>qOt;@`!s30EP
zCSl7=H)zNZzaAzHXxI)yHl;X^9RoH4r625#dX_2+QhK`urG&@OgilhqMC|*xJRw+g
z4eQ_Y7AG-9GTFa#q)&1cD@>=kAi@7uimoWX53Ah~Eq}%zU9*TgoBhbcF`a$L!a){o
zYfElNee+L|wa6~*o$;NYlH!h)Q%SOZbibY$Wglcw#ZdLhL?hdqYDi9-USp$vDs+&8
z19LoAw#7h`wq=tpb1AWO8X9#gs&iBqs2Jo3;OK6|a7s06aZ0zuu+3ySAMV(!eC6Ge
z`K-O-21p+s*&D(Qk%yvcR>!hci<&{j`6^g^nkt`Y#4{Im2xQT8D_$X3e}ETv<v*6|
z@C)yG*?l0V<9qjW#zULO@0)L<5!&TP(bDX)nSSI95v+N1ca>{5jH_Uir!}?11$M-k
z{}w&_(A!UL-ntXNiJJlm3qI&T^ZkFT(*I1yXs`FBj()Q)guhuAzy6zz;q2^aVfc@o
z;b>xPVf5{6^{?%rto0ASjL%>+ElFzm+&{U=<?@~eA_xcw!t=`@{UAd5c5@qfI(61(
zmlb9F1LXKV)9A>Q3dlZl{rDz4^@)PHB>mP*UX#s7w->GBIbB=7f28&nKzP~{2WA+o
zhv&i?8AOW34hmzW!8sFSi^`sOxJXk8L+`ngdu%EUJ3}xNuA3ZhD{`66B={3{c8+b?
zPwcu%tP#!A(K2bruTw%w^u}9cIHno!_$*%1Fx5^VXag`%nyoe(2AJ)tDKgR9&0o@}
zxSE?<ji@?)f|;y1V<s<B%S!C2RHX!wd5kbcR2@p%Vy`o@C?vowty86#*gS;3I*DO?
z8yXRGb`-bu6zP(|0fxHRG9L>TA895I8ja-K9ClHG_h15!Fc|{NMAz1DDP)ZSyPSXB
z4XJv8%^;=AxrAq8G=k?HWT28sCD%1wBsa5b4))UN%4aK<VT4=<CfBk}NHe0uR|PS8
z<rNM?*90N%6xREI`obrkKt9^&ZmW51)3}QnWM9jwB`#x?<0Lkma7Il!Wd7<lYC04`
zVT#cU<)_`%G*1LZsE6<JB^Mkkxk4C_hJ&j|?Gi3xpnY~R!YHA;@a-Ur11L}J81100
z_@bBsrPmM|C$gL}p;!izYozMVhsYZH9>Q(=IOFJ0$TTZ|<v$ot>&xF@1u**77MZsi
z2(r%c4tUhJP&-TPg(+xm;%UCJd6xQi&M&zqAR{@$#XcflKuovAa{d_m6g}r&)g1%|
zhxi;HTsv!-f9&)NLP;LEB+le!I=jx(W>6C&F`u7ljX5^sA0WuW6n<w8r8zbv#PW#L
zM>2BGF=m8?WoF5%cMs=;i8Hy4g{acUxF!|Je2LGm3XR#e3}_Kp9OX-j8e-Bz_zWNW
zX}$lOFq@cFQ*4Pl&>tTG#@muf(G9OA5<^wiSeli&*dBI?@^>UuqO~#3Lx<9TrY)KK
zJ*$bodCD%ZKYsB17w1IYz|ra3B+|&l{vXN_|2iY8A8sfIsJ}PQmyGKP4fN3!k+cJP
z>sHP!%jfg^EyIx@Ei4&Ar)NhljhSoGG|bExbBU-_dSd)Tz17#m7bx64yAOp#DoS`8
zlV7FY;O~b%<v+nL?k25=6`OdMH|{oDovwVYI<7jVveKmVd~Y%TXx;ev;~K0-=TJ_g
zz=Xt!eET^Hq!<gwx04jaW6au@khBR>1kO;{VKEkWC#p#aDD)ISoqHy3iz_A@yQO;J
zD>2a7J&KQYK;fmZ%Tc&1_V9tq1=a9JVi$Fl+(eR0QE?EE@~d5E`X8aT=Wgfv3qk2B
zU&s5W^tpp}$=j=A;m0LcOBx2*vji@I%quEPVQJ<KF-b-1OmZdD65t_*8jm$qW=xt|
zrPx9lztV8$%!F&YDo=4}cIv~VFp-KeJEdoh9q&a~nn;RFU{17PU!sJb>^WZ?bE+|v
z@@p<mROljI+pH~8Be)i}xJi$l0Yx-DT+F*#rTLp4G6zK4q<VN>pQ!p_E-HdvF-iBG
zpe@HfCx<b*N9hAXK;C&(qgz=XFpD?!@URyzCRXhQQZUsuDj5n_g4?ShJ|;_h`qmvb
zcEDNM3ajy_PDO@ljQ!Hfsd)--N@*LV4o|U;&JH%;keH6l^B*+?jXcZtli4ztvSggt
zBai`BDoW@3hH`;~x#I@}S>}5IgSwZ{tAFd)qDE;zuo|>&Lv%+iMOLPg8XZe9g9lw!
z6qtDLg<BwLItDK{Z-+x|=eT&xlP)TL=MVxqj!#dE4(NUgUjtjCsLSh*&60MMuB3x+
z+d~Wyx#JEI9}jLIR`fg(wE%C$=+j<CZqrpHXyJ$IBfo+sYi9&144=4yklV*^?jmN!
zyLLKrO-v5G7zr(AXaKCa{#G9CUJ$k;_RyRBVP{0>sWzS_wBBJ{-AhMKft($yF1iFE
z136W?sZgPaNlWYu`U#eI1gh1bxDMb?P#=5LB@Na3ZUK_V1L!m&$ckNKx8wG3yQeg6
z^3fE?NKVG}CmIVQX~nxrs7lmjmHZ9rLfA|Y^U)g}Ma=AZo9)r?WBtM(U1@od1{6-H
zyj)RozG5(nWWp`0Dl}*D;sCHx|H>wUHX16hLvBr;^_mndte0{mlkYCtJxCkeNJDw7
zm<)IS?DHyLfIsu-ON>GGTNJ+f3g6gHe{A^<A$XD^{XsXzxeG4WofHFB6ec>wf(!Lz
zl}@>)G}9`B?$ULMII5B1YlZEiP%O0dsNhqmENG<e-_@GEE7u3z@DTp!!QpTcnoV{%
zp087r$EbB>N-ind!(0(|q_|D>h{4t{m4$1}ld9yLenI$IfFyic1jgge$;X#j%#(AM
zAo9tLaoxw#iG|*~f-w38MdBEpn?&N6oo8Uagv^uiPN~Pd{YYuc(cE#wPSwg9dtl<u
z$(RF9%4GZd^oxZvBKS1Yd)%B4biu`!{{$rc*q%{mqz2K>iL}DGy>{0<G}>fZy>5?x
zQgh4+Uy9Ywl&>oP*o}9neM1cnrC?&?o_3#jB0}Mb@Cgj_QPB}9Pl;xehUiFn=1A-4
z%(kH7vwn_ahAORzt_~K}Hp?!G|FnxpR`1u|q6W=zssM73fgIvPNgIWHhJ<NN&D9@0
z>ECxrB>?M(qgnFWLd)iI)yV2cjKp#gr{CW91%QaRGWlWzowKJ(NMYd0lDHVK!wnbJ
zflIp^IYL*cF@Q6Zf}WZPe^|6-5{n*FK#@ut=HahDesZd9b~o?CG{x6hm^4aS08$&p
zI`2=2*%U41FA!DLx7M9iBc>wM1+p6~GL_fp@Y1_=RPFOV*uogZ*FE7C-TX@j|1Zdf
zU5Sc(wtx?ux{{ZyzxZI;MTbA&ocbr@xns~7f&yAXg`R=vck$gJzxv0X!Ky>KaL{Zx
zh-`Za<N6g0uBm4R8E>d`(TD7{rSGDiNw*M@0^kJ&&_gc7FbHPRZYrOQ9QnMXv*^%c
zmjMI~656>P!pDL)j9_JzeTkt4%qD!=C{gaAz$ZsJ)iUs1yG*>|?__k_qRII_3DDAL
zMgtakuEHP8EhiQIpWNCH*T3N%DYfBMjJaESwS&2%wwG9*O<+|a&5t~@tx%T`t1h(d
zq<6g~J3PRso23nzimGl~*p)1M_o9pE7x3H|ipY2`%Mw?291arGZ(DRI8|U^|=oczC
zCT^NJFectM2ZJS@7Ff8~7T4bqnRFwTz!aUzwJ0ng8$jIG<tIDFw^gS`@3eA=K-!vy
zN8VobB40N=oKwAj0A1B0nLX2RMF9PVhCZsv=-3L_LPS>T?}vHgAM5muT)Kvg-cxeD
zCgK<SJ(ZQ?w1j_6_!(;P9+pl|@qy$!q-T$r(r@^#LerxrJc?Nh<m)suJ)x^33ItzY
z@bf**XFXhOc@3;~UL-)z)$!6p#5N-WOr$@|?_ykQo80!3|AYPCYlfh@=75*)OV{K(
zf?@ivF5mx+T9RS~B>UtMg1;>03ZoVl*MHg1gx~LIIw;wrDwjI*OW=)AGeXkS?>1^f
z(((KWK_Z`l=7{i3wfju-dwKnQ2C)yK=*NioG4`Vb<ZDoQa06)&@Q}T2b0&?9R$F%O
z^OR}+)-ORx5`LCA#;Y~A<U8#YWC5Ac($u;eJSRv!<Y5u7+87Opv?;y^)K{zq>*V2y
zR6)*Zw`I*mjf(<YytmO+vzUv*WzGumFHa|nUnlRyOh2ZJpT>6#1Y6#xSbH7S^&FD`
zA^W*XM_C3W^v6aZr*7e|ij*TH9*#F~p4h8?rTpDa(jrG)VB-itcst?{fw=IO3IEaU
zD^LTsx%a(*(%%co{@*O*zk~cFxgN>BZ^zoX;;_MGw69-sr#(gY>NiC0P^$8tIo83(
zQqrTQTCZB!An?Ec;FH=K-dw`)9Cmoz>34SW^ZguWh+^!w2y_U9By4AGbZ`sYIamls
zSZ8lVAS)|7aCl1(^VzAm9o1MhuTr&^8G<+5mYhR6v@n7mz+Nn(7!on5`(DhmOq(j>
zD;j`nUzM_)s$;>*h(7{9yB6S}=No%=O-!V_WfF9UGQ7Fb8LVyq!p{V0>l@9{GmW<S
zFT=gx^keeO%8$B_UvcjbLw*v)7|`o(4;$TDbu;dMz8AWY^8fn=#H}F^ru>eQetgsE
z|C{hx(Zu>&Sl9Lc8$K(o*?yb-@@8br_1moe0!{>*bsTAA3<?K_5`j=Ciw6zO757;u
zp*Evlf_waXihl!zMCvbj4Tkg&v)}xt&=kc=9&T<vv%_)skF%#GyB~`)lRd&K-BC2Q
zhq1p*z&t9<>(hyy#=0+X>L`vJz};Y#VdpUvvpJMu;BENrY4~<O@@i1rv{#@j<sIz0
z1N=l{|7h)m0`eY2TeL@jZ_?p1`r(r>7#pT0t`M@_(}rdfEF*f#KJXt51<!QiU)S*=
zg8gZEZ<toE!nSFzT2Uxhf9JI6;EDTWgDF{32nAOVCss+>)~Yr?J^ySbBGnm7&dcXZ
z9b@>i<5;>W$fa*8l5MnCmDDnlp~;=B!MfAF<XntCg9>Sz0wP~U&-Qd!MkglqiOJi4
z*-S@owH1l^ixlb>2h;zn#5|Qkf3u(FP+Gf3CEl^Tkot8L9)?Axp=PkgA+Cq9VNxoi
zJAsw=bRgYlRZ|Rf)@fIc;pr(CViFwKvbM<y?5n(4Y!)&G^=}i|#svuNDdS`5j(bUM
zzW5_jmN$vT&x1jXiWlViA@Osx1f#-E_H;3Ec1^Ki??{W35jsMlMM0>iV_)?WmM05O
z_?k#qn%Rs|5===4iHnnbn#Tqhoy=lhT0BH90k6gz$Ta-axivG4N3Z>uxD8yRL0dA)
z)K7nHqzQO(CQ0!G9}wUSk{!sA)qMWDldwP_-X)51Xtff<Wbtm2L3`fGhWG!--w@Ir
zJ#Bo4AEJo=^t1f`Oa4~+N8(1*!us1J_@A*yrJ9X1iW=tc%il6}X@SNG1keqEqeFGm
z)`$@-7PTypHZ0zW2m}agvaTV<!=`SjX*NOt!z9&=CQX1Uuw<E@y3|6Z5)!eP2=CC|
z4bDT%tJp`ur-E<kk^6nl>pJ(`L@;TH{70?ZW&6{I=cd=z(d6g-*47K&pUTu|;;0)A
zwmbweL|0lf@`LT+o`vm!JOk~{#KOe_NB0UiWDZiZn6U-&)9c^fzxu$7_8WrX2jaRD
z91r>&SayjO-y*$zB<Xl)&G3`zVn%i_Ii*K;G&p(4Lyn48h7PVFPhKHm>CK-DgVC+7
z%QzPI<{T>e%vjnBcj|!@mY8kSa%-;wZ%X4RJyiMT%vyEHQyhygqM$-`{lJJb4l>ft
zl9^7~RgRy$L|r4n9u9@s^hQA?ou@aPwz@x@?GvqZ2K>)3L9b%t=+g|6;el$~D*X>G
zP?pnAskw+T``GFVOb3}oZx?Ga;$AuXMoh*brx=;4Y}^adK5)3$agjouQJspr>-Yfr
zm$Xsv8IuA=9C8x*)v2tvAuvPnSAGn;QJT_klcYl@DSob69#hT`v_vLA7wjoy7bL&@
z>?KVrl;&<cZx35Ea<6+5_4?WsFbrUE0SvRPBw^zQhCDeAQDNhBF}*wSW`D~mcH)gj
zpp-Eo=MPOZ9<lZ+MDGi~P=dR|2i_s)O{AjxwBI~LZNb{-OFY`m1o5yUxT|-ZyxE~!
znO@sAi9EyVR<I~ha9e9b#Au606Cp&UaL-OJlFssIo~WEFq;Tz$Gs$V~&_ws)2I~ug
zjf`6XJg|_Bf43N8w2-}E){1@oqNF6HgTq!v<0pjlm)tEnqR}npEV&0NPX2mdnFw(d
zRaC(HFeV@-q=`BP59yS-4biNzIq`x{-O4Ix%VVonGhNb|O8rJnL0ty%f{D@EeQk60
zJgF>fI{ESjTRHXDu-5V{;4qyW#mXK5CU$oPeG=JkRY-25-o{zr7fUK7*T?9*N0*Xa
zG!Chwi9+32rAt_-#eF(;XTMxvDB7c$JXwyU<+2rPlRdOGJE<aMz{On8GeSv@p4x-P
znmk($dUMW<jZbk9=%eQ945f#(ZcT$aV_=Z(&8#-C>tPm?7CU@4!PV<gbJ0%x){?1?
zuHI3>)f)oEtsYt7J6~cX2od6_FhUS>!AYnO**{0pUAlqIBo5eg?f~UVwp7~OhT4m|
za|eU69chYyYqrd>;R@!NIao|7L%l6ojb!&}Sh3@BSc4g|re14;&9UUJYLZtCKJE;&
zyCLZS?L|}9^57Gj;F)t|7JIyZIqTSClUoj#%=*+3qf*qp1-nvP5`^V$-s%!VE|Xbc
zw?JO<`0}t`0Y4_8XKqglPlBY;E}0n}P?G?!dT1$o71W)C23D*{Eo5D2E6aC!g3V#5
zXUY(lj5F@1YaRCyD%U*vYZ{ddxP0&v+{9{D))KXz!$CHe&{@hIgtGM_Ge(zyf=vdL
zhJ)<t@k<qIzP$VrKIl6d#m+r1_vQdqEkZjYtvGm6NzcJm5GFyjM~k=4%|7>jSTEmH
z+r?cToJw$`TFEls_U7IkZ~!NTS47*br{sn1(WCeVzB^-~($o)a9Ap?kH5}Q$U<aSS
z#gM>B$9#mGcWqyO_OI|ROEeQoDEqzf1#%YHrt=k?Oq=x2s^!8?<{vUyR!12iPfGOf
z<f2xE=e;cozz|YKqTSP|Dzb~N7<*pB3KPeOKh=lI5yoW;Y#h=ylM_2l7o-+9{0?`Y
zwIk@&yMVzutf2`6n4gD|6-eH#nWy*SIzB)l1z4OgutywXHsCyF*{UDk6KN*QU^Zln
z_^d9G)p)Sr(lA|<#AO<&WcOn6M6pR55@(A*(bve*@AA4s!W%&iNgT!O;K=UrWD^of
z&2#%0AB@W8LvNHLB^>Y26q>eiLIYMl-2XhZg(R*?bt$x`%tAc8Jrl#eq4vp9B&gus
zQYYV053V*K2uk<1{K0Aznd3V)`FYGq6GK3;;Zbp8X4e+p52N~Q>e5N$;ob>mkq@qW
z@Qh`3&83>KvSf(Wyu%c82?M{Ya=#Z+_=Qh7Zo%KobeQ+g@xzIfPnYs%r}m%fBBr;6
z=5YfPkUJ07()5o=U!LF5rtkSgu2P(?&}+MY!Z&(x)>O{XaQ3YY&i$~5bX9QQQX)U7
z2R|RaP%_ZX5xiolXYK0o+j_PdIV<4Qf<9q|zLF;%xl#X4uv3TF4#wr~Pn19Bf&TQ+
z0RQ;}mKk>qya@Q?)IzF^di50f1aA9<PYpq=5S;?Ct0KzjDx}`5+V_gw_nvn7SqD*(
z$5ip8(&Kq7TC=F!_e#C@5mocq2~iOO(C1Y&6_yxaLSOO9^B8hC*w0~kRs+2e0WN90
z1yI{x!xzgJth(PNV>V=ouy}`+Rb7MzHxI?n;1{$d#c-~Z4U=)l&n&9{a<jXdj$ehZ
zi7s>jJp)I^Hm$vRlenN-Bqe4RrxY_Y+}-u<#BNod1mL=mtRYy6V7L$kljRw7l=iSG
zM93nF#Y{W=n%^Th5EDrl{rGXWHfTCkN6Uh@xxsKkUX1n30eLEVL2JfW#9A9l+`f^o
zeN<vC??=}uF=pH?5x;`Esg^53M}(9u$4`bja2p;^77!o2pJKmlFSaf386Kpo+dozg
zMGt#`Z6R%O@CE(vpta)CjhyQn=(BzUSAqWm?EepD_@BI`BZ;J>kb$-JzbtEu6#hrV
z-$$ogMH}=6y5m%US3OE>9y$y%kODIB?OZWsca`+Q@Lelg`d>2sNdaO7GNzm38Iu_j
zZ#OTGaN9U<Dv320MoVH!xhT}c1YAH#UN$;p1YTuPq!SeB6ln^X$I}uiahM6XQV*FL
z@wTEX!f<ooCYlujY-kkNRgljcwi)sLkRZ55i8kc>nY;I=OMe6S-uN_1&UXZ(N@#Q}
z3+k=#+?;uK9WI<JKrDG}<}cnEm0iURdZi0eL=z*2PkHoW53KV&LQV;?*2FiCGXY<z
zPFzLgP&L6W_+CJjz7?art*O$({kL?P<)L~9yYT)T0YiGAiO>K7eyM9{ZQXrph-GND
z&8*tNIOFlO(Glu?XmGq!5$c4^pKKg(o%Fd14PMJM?`W!+0PVY)zU6nIfB!H*JYAv}
zs6T#`F#jLG+&@3eKf&C9CZu=bLgQCXngm%Ij6pm?6NxocpoHKbkp3SE#;~RakoxK{
z3C0k>5@eIo44R<m+T|)*XJAc&WmqCsA`*%Nm5qXpbd4%n4L+(`R$3Qc)s1bH?O!j4
zW9&i@soQtFzWd%!n^&7oQ!hFH(2>N}d)~h(`5~RumPs^Xh};HE1V;)<CxKEDP1^cA
zdXSh%;$Y<@A6_`BPl{Jk$Vs{pq&y-XPxw0SY!C~xu*i_bt=&c(Z(OKUr;S0jGRig7
z`Efi`u!>b=+z`(=LSod&Dm!Aa%BwTtULtM3!!lw|C_#4Grd=ZKXpryTm{3BpMF~o`
zf0D_QR-uLVw<aCwdIP0I+C`zyVzfeBqBj0S()2ixIdNRsu{a)yv_5fMl}SvZEWSQ5
zv(mUK-YIchiAiq+2z`}AD2=W`=!Xrh<EWueGNnfTzBcKBBvqm^SJ7yYNu4tHSZ3XN
zkflammSstWGHU4z66u(6Qm0mB<z3=D$=wAOt`?xuWhAp%cjQIVQl$`9(tEU0R-z*w
zOk_BR2)jsOgp9muF78kK1eb3_6BxC{?8^j{PedIISJ46`Iz*;a^7tJqYY^yVT{4=l
zxo!eI&Z8AO()zAl87%mk;KT2p^;`YY+UccJz}7x}<TF+VkjqZ5egD$zHZ&{B>l!hk
zo<Yk3`igRkA?1mp9>qDl3UvgOUPSc_emW^eyN8oaZc!txB6f7(d#7nn`){YLHbY$v
zjf+u_9<VQe)H}-~o7*5&4C!I^9t0KnWjoto{lD=@jlv*dgH92@MnULYdmlQJ7xg(-
z2}uwO67-!zWt13NNT+8x+!D5yx<#x&B>oO>Y4fp<Rwx`uuoTOoE-xmFnANCpi^Pr}
zHmu4Q2JuKOWkc1KWSC~4nxNeRx)pw6pMeHE-#0hEY7yoA!D8<4uD1hJ*U%!FQ)wSm
z$AB#0P}WMI&mb-r$imJHl-K!La{Tq{D(d;wJ#!9ipOe>WRe+P>O&b-&0@9PpYJs{1
z@H0QT{T0zwSJ@iPw+*nm1%UK;>djH<QRMnK$qzd?el5g2Yf(0Vv_#R*4>w}^hzl%h
z!G?m&$$@HY<hc+So+#?flU(=rXyZYMahz*T>t5MKf%u0T@1FmXB2c6n9_Rh(9Vhd1
zGQoAsc&Pj^zr*~DVFj{yUlyx07EVX*>tP`%K*k2K3l7>8?$6A6OOo+1%u7bTwCR1u
zfTM2$J<{@OUoUR>8N76=ZYGX_=Ww?@qfdG1*RSArSU*p_{^}XxaU;Pv8!SQVO6Na?
zXnOTstN5nA5Jks*{%~16%nPf1A+}ry+=Dhbml3g6Sy;q_<0C!CXkmzWNL`rg#S2U@
zoQ`8;jLIu(tihzg?{Sr##pc>nn!4PLp>~cB9h3C4FT8fe{pm^te*O~{wLKP#+tL8m
z4a<od&A&okEeogUT9wR|i<tg9hdU4;&|@rGsSdhRVuo_N!{<&=<TOtyH=&Fy{i!r&
zv4^dT580am{x7XLob{AuT7illr9!-No?7)?i{lb=p)Y^t;u!*`ULq}e5Md7`dWwTj
zODO`z+ZTz`v*hsjU&TpR(h`c{x-q@_Wr(1iJb>6Am^~%>ugQu#oG(wU%u63a1bgJC
z79m?rOv2M8%?@)we5JIUD)rU1VRX6)eTPeClx)uI%%n}+8?ejFDV!=g@3FsoZ&l@)
za$7LERP(mR`$kwc65g$?Jc!~k**Fm%>-FoZ7mTw{?PgF^rDPv?mV@i&&FqB;yw9KY
zskxtytD^B9Z4Mw^DjC87K|d#gvN@P#RUt5vWP5-!ksPHk_?-%X?OJXKIu8;<wN{M*
zT6Br7CEEMR5jVBD&&ou6MS6HJqLPCsR4H$nx1i11{_yLLW!A|1@Fb_RvmJeVoHjrI
z3W<x9{0ZX%7)NR~jhWcC;>fieK#{8L@-?4#!=pG|k$|mc6XTj7@h*?<@sZm7y`ky6
z8f?C)!T$1V-e`eIp?>L(5_9N|qTl6WuNpWQ*DpC_Sr@5tEI`%){=v%U^esxT!6ANd
zjgq~{Fbhz38e?^=lzq#`o;r?<|BZdsf|6%ldIKl2qiF54_x)Zf4?KSRJ>>VEC_QRp
zddnvj(vYO~!hLc{U4>g>(rRiCjS(wJUHMxfQZ+v;otQI_dOjfxr#-2bo+#|36&b4Q
zlp9p`&hkpF#HaNsZ!dY4Dz`o87Ge8EvvJ_jGbvl`zz9%K;P5<K90khg<6F2^0WJ2H
z1JTA2yX#KuD@7xPANylCdl7Ey&k(+@dqS*>u32sXe@A8?jZPwV?gM~rYmjTK)&X1d
zI-OgK2|1tZ-WExn)bO6{`C>=sVRAL#%FEEKw%nFEOP1jcWjl3fe~1#RaF3&^B{T?g
zu0W<5?gI{K#=W3b1lUj4(37hC`E?b~I-)-XSPB!^@ZgsyeqW?P<*HRaL)p;n91@c~
zV?gZ&MJ5xg+Y^{5a$I#%Ga1>Ef9L4)UhsHL@j~69W&wv(I7k6~+B1v=ggOCF4x-82
zXmar{CxTt_FXlJB3>+mWD=JHzUpfUM*JW46W}a6rMT~i~mX3m#>3agFHex2sweSpY
zoupCcZNDOuQJ~+dpTfE*DGJ8-sD_WhqS0;{w1uJ5qWofCW#YR=w$9mceES(~J*^=V
zR*s-mAv3&p!u5x{x_9IA+fp|+Qy|9>b%Zz5=SqH3*l7-L;jEwLtj(kBWm|`Hr<`ev
z>L@ObBao@D``+g--~;lIy`gIEUj1qj8gA^UnItf=^1c|?<HHZ}_gXjHS6NuGr>Mt2
zlMbCi80pegB0pIV?=+2gbevjl+BdzKtT3+ZSdKP~Z%tkqve~iktkWeTk7!N5R10z<
zjMszLR=NT*;DT|(a5jD;DBeL>Z`7n5x%4Q+Z3P96ip4I2nti&(H6T--7m~a6nB?pX
zJEQOfqx9$|q8fAI1*{GB^OlnMDZvpn7Gnp@@#=_U$4v)0^R>m!1QD)|vAn>T@Q-?j
z2ysR8)omfzlUqP4N(>PMZF@3AcSnn%k=3vw>O%1&C)E6@<k~l2zC{%LxysoI8?-!-
zRHSV7Gu)oMGZ>^(3(WKfhqB0e(1v$0fj{pv*v}^dan#O{Eas6j+jSv^%L5qjt*k+Q
zG>yW*FdW=WP?%f1{+jf5TbQfC(9~(VJrl%r3bsHDtgOhlR@lfzKAvBy7Miu9ab~CW
z*!6Tb#WClii?W3tZLvC+jc&wdF5qmQ@cM~1@Y<WUk(Ymz+Tbaw(}MpnEP75fEiDtj
zDnGXyvkn?24Kx~EknEMWv*B`u&Y2g?<xF}l&+22Ds9h&8M&OtlK^*F1^i&M;%<J=6
zLJHub<v~V3dSLQ)tWP_`G>RXThd>mRvK3FVf-rEQ0kg=ADJ#916hEfvP7$DvAUqSq
zqpaO9)+%zss>6}1%6Fe~*fUQ=t*?9Y<DE1jTIo3zym1!ulow`tNtbdURv1MQV+1ks
z>XyP`Wj%k(`@tC+%J7MdM}={~NfcTwYl$%~&5>H2Kw_Jd<JVS@+hWreQUp^r!J-x~
z%Mz_hm^I=S{5Z3@3zRLvCcl;mNt8N(ESw5Q=A)(Zj#-CPXmc}|g;W8j#nrjm*@}g8
zcQ(kctpP4*UDVp8;D}5N7%te_S3`@mch1vy8JY=!H<XvzB;>%wwO_u2{>#V-HqHsw
z2E7ceRLPb-1MMNYc4CP>*F!g;4c0FM<FAGByoxcpih13H*>lMSR(FQkWXte}y7+a?
z{GsEREwiJ~{~FIb#7><8d3VUY+uHj}hG%l&(WrZWqwhZWNT%6}?<bnmvl%<QTCGRR
z?fCaE=}aODNNd|g6uZO=IUjZ}l=F?tP=_K?fGMp9JaTLxa-bd~NQ!dayHlgzUPS<3
zeH5WFSilk(c%F<3$LYyb=|m&&N<!$w9n_<m2~~Tf#G{I*7+Q|<$#b>=*KK_ccH*+&
zZet3$0UlGh`l`OD6u)hSdC~OZaOKvM_hir%3`<uoc*Y@C6{mk5Yv9jGVGZ`2ArcI0
zrYAqCd!X$b1@Pq0$ilUu=<uaPLj=cb9ifA``_ijgRA1%U2Ow+F6KH7<GS7N0h5d(F
zya6jN#tvj=^CM>0wBKAqR#T^g<LBUBJvSUV;Ed^$OxYMiAZg|UH(~D4Bf=cykRiu)
zY*pJAGwYuSZ=x_P+Z;~hNI39{f%!Uve(954m`_AKpSiux@y$?M61v>7kBfM77C=$p
zKq-R5qR533ffjHFdeWRr3a3$tZ-#iGI>C8+Ms9y~lVq}z)3~C@{*ZpGuwm8e?H<z4
z*;e=0;@i~v_84}p8}p0GDR<3>-+n<VU0PubV0%V>VMKhvzis;}j>qiz2EK2Rd^NxB
zf8`H!ZS3n=f@~zHS7O({)_dJ6x62fK#JhL&rM}P^9aQfYQZyF2kHi}`Qx16UP3I_w
zuaMugHT)K22@gSY&k_7g7W|AB{LB{o-A(aGxVQ`N&|B3U=+i0}lRoDg@g9fwK<+s&
z=Hod}ol`IJDQfaH`SB@W@+D!ye>q3QUstGZAj$ZsRLCJaQJ|@6)F8eNW>g8Q+sM{3
z5_uO<Ds~c<WL%QTJZZRcF=0gV-7F`EXjG^RPV#dkJ`_iymqTJu*}=fCu-_z9q*#0p
zgUZ*s|Iqov-4yDnf>OK2?5m#N#8)=$txPg=E@Nb7OY<)JbN6|f9FIgCD_ES%ku*RO
zCJ#xdRya6MG`K)RbdVB-1yyoeBv&kN>6OXs^w&6Lf%)VN%TX%d#LM5t9%M2@Sl-de
zwJ^}&I_s%#i%H%KPzSH6$O|2P_95ArsHhs>^hjM%&SCdnmY=q1p)4Z<_G!XxUW@{_
z@<cDCi9qus`y8cMG^Lg@rT4}6qRPl+`Cp~P{89$!o)=m7(}m>PS%J|pSYE5aget7j
z4UDDb5)9^sue;?~W~(bg<y;DfE<9nRSsZFhNz`T6>8xhtR2@yS${xJ1qc)U7DGU3Y
zsW2&ShM-;xtn>CF?5eJYsBM7O<91n;vwVe7i%cI`*V#>TiwqmUs=;34T?~%V*LumL
zVJTldydmV$LIuNSCw|)&ZC)*bSs$U<wSHnZalJfEJ)_p4epRAj9#5FbEsN?1Gl$+`
zzQkk?x-ni=@=J>@+V)r-g4-C8w;USwFHa4-b?IzR)&)bdHS3d^lQP!q0l6Dy;B{i&
zZKez{=*)+5>c*>HtR_{9YG|vkr3JPsHb**b#c1iWZj7>icg<yLDFv#r8rfv6(|xVe
zOx%)5PpPbjWG>wCiZ8j&y34O|weq(UYU&eez%e!8g!*Vk&GMMq>U*3}pMmXD+og5h
z9zyz<d>ma-H{K_~-lO9C6h(I`%IR6;RzIImV}t+m8K*h5a11-;EO0(Ey^%K_Z$rXr
znOK>R`>-FUCd`_~(7m&Pt`>tSg`jUF=0DwQLARqEe(>r4eE#vfhf~3q;b(udv~TIN
zw=zq(AS7c-V3}?p-*j+X9csdXV4_qTsb>@EYa+)CHO&mQ^vvADk@Ouh1aP%N(8V0I
zj?BQ%OkW6#!HZ}a%V~j?hLX>XAWhwu$>w_|GMnL5;GE{*C8r^<)3QpaA+SlnHOqRG
z6HH7^%3*4_?3~$T1JV%05Md<V&Nm%a`!D(kG0tol7j7B7gENkgTSykcyZn>;az?e5
zX&JRk-p+~c&Nh;v10|F(cJYYoc-&ZxINgwCtN+oiB+Doq$N`n`zGbkVm3@Hr7=t~j
zZNiyD$@(8&N8-!4jEZVPfklL_{flnDJI1+gdDyn8Ui+NSLQxoG2lgwtj;pb*%T{_T
zKVxn0t58%3Xp{^hv4G7SPH}H|WZ`PgJaC;m#f_f1Bi0fPp)y|Ltikx(tl_<=3<MQ4
zoZe|59}jrN6F$&Pr4@&JAvkic`ntBA7`pY?#<lj+A*v+IR|~1mQOi>_&&A4$QrkXE
zM{epwZuRL4!Jzf9yZy7$q_!Fb*FD9R04w9_0~fyJKn1-u@$*e$vhZbGG()%4(4rIi
z_(Q+e;a@NuW6lkqZ`$KC^UTp5lEWR}4Y{%8PX^)Za-fd`Nx^1mKt(sE4^5PVbm6BA
zbS&UC=H%K?iuVyJwXfETx{*`tg;FzOBH%nP4ooT-bgy^ssVFl*UxdcP%_oWQM)BuE
zFimD-1!&r7sphRJWuS_bSDsLcV7KmjYo^{GEs;;1rJ2|=E#Y3jb|10fi2>}AEDZPs
zc=I<=yji*?PV8V~ZVU=|F@43$ujfyMSE&l%oe`m@I`>i5a((RE%hh@1GqnaW4g%`s
zuIAbW!RF)Tr`-jwj^vS1*sRNT;dn2D9mD%Z2~8=7(p5|dZ&^AwRp)}g`nrvlX;AFS
znwlW81(3gzNFv4ECDHjBL&%Hg`G^^rXO1sLCPM?q`$txHjM(GPi*Us^<HS4dj?RS*
z!M|{Q7|hV8pq{2Jbj&9g^?oRyS`*D4n-7<VgD%}YKv#O>%X&nMyb|h;!V&BJ{?*1C
zQ-1&owtQ5ptt;Hv-mibl)HF)nqWwFN`alIN9^a_>9b_wZNnP!`qw7}bJcXEpz;0K=
z1G;*Q9wsq`*>9@QP59zBt1P=_*mAhWvz)eA;gS*SC-j#Lx7ytVKBw5n9_$$ZCIft2
z)2A^`6UztgR>OjmX^jVcxK)JNFmkk`Df(1w2S#FwO*I?SsF=5w3pv=)$((}C{-L>M
zx@{pTsLMKDarrFHRB8vth^@w>v6$>zQ<nYV0Y^FP*~j4aL;eUaJAIoud0huw-!W7(
zZyObyhtcg63nWWj3xwyzqd84}Vx?UE$T-aEUhs=3cL_AQaEE?S?GE>AhZ-*L7h>RF
z#Aw{+%Hh1*uELYe9o#b=T`}K*AJ=rEBVH9TzlE4PrvN8c3`)PJ&Q8E1jqwem-u+Cv
z!OgdyO<#}&ZxP4-@Ef(g2fgf6KSK@Kruc4K-O3#X$2e5KN05E6XUEH3L*-Pj>8G)v
z;xXUS=9Bm`MrwWQR@Rc?9hjdfsM_<2ee#~YT_L`s`WF0rx_kb>{bG=QmGid7^Y~z@
zI!sP2Av^suf#_yC5N`4HdLJ~&hgN*{wPZl&Jws!7+774c__(4G-BEFzR#jiDvY+Ac
zYD;F{L_A2Y&vrUKpJ?*A%-FlG{e_*s6{O~*=p*vEQ!sUouzE{aAQ>rP`p#nNMA(xI
z)I1RdqeUgU0#-15*kh=LMP)5ivz{EL;@vgL2E(^zf41iUc4$D)+!$qGS>#uJscmNQ
zC?QADCuEvh9cihgp>M$)J@MK%Ou-;UU#_IL;)jB3`pJ_|>7xAz)^Wyc^VXm>PE|zE
zh8(B+kVXqFi%rd-1xL0bYEWmxQoK4SA5g1$TmrJ_SH%L{*_6%P-Y-F~=yR`@STL$}
zACd9-gQ~(A1l{oYKl#Y1;7Kpf--&&}Z{EJ(|1G)yt>6C-DMsgiW%q3o-xSwGQ3j_B
zjVhyl))&U!Cnp!fl7Nz0%u40QLTLQ)kL{tRqbpKo!x}0xGP9mJk;W&Miy!e#v%t@V
zUl?gVo3>4jHs!mxs(3u-e7iWl^4)wF5pF)2&ySsBD+yJKnu9CRk#&)cR~om7nd2(~
zmJP|o%KW|W+<!tYJCynR(7E^9B78#0P+=|~tsqlR%d8(rG(oqEeLP;bDaUzg7N?0w
zR28HD_XaE~ljvSsT-yaThLLh;yVEEmmB=jt1Rz_hx?EgW<i5T6WKqQ!hgy(dluHDZ
z1OSFDP|<D3a<I^}<WCXGCOe64FS^bj`BBQHsVF?k3pxu}cxWP>*Q-21L5{ptQL`;~
zz-%>nh9hGn+*25&ly+~dL8D9+9kV3j(*U$>CRfiXW60<WF|+iUk1r7W!M$(rvL}X{
zI&i7@Zfrn*mysWQWxRUs3bUBfd7*MhyGUKxPa18~V7WRTf$w)4{$}ZtYl+N6NWD>v
zo#pJFoz%=p71SS1I3tix&=HZY@MAa3K1BOdJCcuNUy=kEaB;Yqx8&b4mus(seQ+|M
zXrW}eO&VBpt~RNt^bI4!j7|CmM_ubR--i$b?kz8nMNyA@5)i03kKoFh&}7jPtITy4
zEv-889y%9^D~B}kt$bSKi>Y2BGe2`}$m!!3=jJElU7P1{R?BzhjO{H;y37Ll@jAOL
zmcQJ{u5iUFUubMhT8!_UF?A<qP<ilo1$_%I>3m>b`?uwK)L=hh-dlU1x9MRz!9HiV
ztGkzAzr8jvy@9>wwyS%_z^eb)1lal6VS9tWNA<Y%Ji&aTy=V1o1^6;N^F90Zz&+>n
z0Jg=z_`%x1s{J~kkHClS>HX)pY_>ZfJtaIIwsQHYQa(u*hr<|Gh9feqBO}_aQTkh~
z)$<9kwbknsC?Vh)g%L+ZAT?2tr{gJv$ookeXo_<a46(RKsirL$fh!??W+B$g6VeHo
z4S?UWPISzQfS#fUu<smW@Xm<Xb%6eRZH5D`-iZeD$B&6`B~y|A+qqJ<vof)jF|ai-
z`(M&c<9D4#d0~P7sPoB`Y$OmyV;M;zmR9;tEC^5_>91uVKagHDw2@dCV?nkA$PCF}
zwGfMyRHy(_A~uRrn&41<0sAsdsmh!-R2!R()9|+5`^>jXX*|qVpVvm%F0V<CBi|IK
zsn(-TudVCxR<YmEKQIjyNMwi5Q{Ux4;?UFD`}YsTy+QR%PFT4+Cs8-IL-?6J5=Jb@
z>=->VX1dH}{C@o@>SFR3$}PDn15r1R_eY}u{WN;F3+6@OXikIL^OI9v>tgmu8S#?d
zJi6r9za>oYWq1i48ItBRxTQ>(O7))Hhe@DM^&Z)$Ceven2_9*d?lijPO~6mhG;xfU
z_!IhrY*?6KCiPevhK!BOl?;vyQJN@Cn9+eL%yc$P0tOj9Ve-31Ui+)R7G;XWkBs6k
z!%4Z#k6&cxSThrJf7e7}#8ZiPafsqPkP;$r^2zV^#VODz<MLBlIQ+%!E-T<gr0x%f
ze$zadQ6?4rq-oWVG_oL&3Q)%ySLBLe50n7oH{}vWbK_GUBtd|YWeC4_!x4W*;m8h-
zG(i@UF%69>W-hObblX1X+zWw0`<A_<ZhivR_Xajs1-p||qCPxu0P6>toV2inQsuKr
zcX-wIa+;WSl#8482|?sAYce~|G`GB}8Trw+ffKQmt|7+s#<_R9-F{q)GHX$>S-eZT
zX#TURg4cl!;n@}3f@S(qLWb3fErASj8)@<WGn8eEpF%4SC;!Q*M-{=^<-E+6KFZ^i
zR_HA-x4uM1T-DSdvjQ1Ha7L#1Xo1EtD)G1+e9~vtO-nw(y2ej=;68XI##%TjV*g$D
zZTOGh*rRruLf~Kub~YGi;I9x6695J?A#KmZ1gW3oHXl+{Q3-0|yQm|<q4F&@i+N8=
z?u047F<6^Zz&#I%l8INFT7uBzIP5FuAPQTldzwOtJeA!(7<%`Oej+_{bj_i*7eyO_
za8Iq&-q3WXfS*#trO_$5J=HWbyMDVqSTu{~_IxKSu^R?`s-M>oL0hyQ5HUNp*?9Me
zYRu0_F4Ig8x@9OJ@+Vw;j{t{Rn00>j`k!o(9-|x<qSF<?MMkpVtaXzk4vNS%=A{di
zjuE8ASiBeoK*_0=e(ObpVWzaXX;R9dYMEoOncQej>1UzFx`Pa=Ra>Sf*9Yg<3!^)(
zjN^oLxP~o4k@lf+aB+JG1vrKcLXkTc1{FH{s{<Tu7%>P68m;3;IY+eE{sd?;^%P9B
zj>#f;mT@5(`_>UW>qId%!^DV00gi(RXF|abgmbU4CO#OJJ{YDx!%ciJ&3utHeCo8r
z4VtkQjRbR+0>umd(g4sjRcNM4G-J*GofxweNM7)#0f1_#Lf2KG8Eepfn>farG!p!C
zB2N`MI39FzbQJ3f%eQuG?}_a?eON5Cvcmd$3H|wf(^F36ccU37u|otD6)%A2L?t^N
z^<?1FQ*R<%0b)jFleO+bT8?$e@zwGa>qDxnbxA2IR!v^3i)cgXh!SvJ{KiXN?mdPz
zi~XLR?kMNu!4;)-C1F>3_e?!Igno2zM4y$RrgfR6oY~A$-K(TW!<{F9la%z(7{&T6
z-S-HFSG9a5R+GZI=p+I%E)<$y0%QVfVUEXmuz8R@NafqcmTuOj$+y2?4_|I}5@H#X
zGfqQaZWD{Tu;+~5w?Rc6@zLmV*q&rYM)yQR>V{SJGWRW|%e5vOfc9+J&WsI6@i;qj
zPgaQ|YszgJS7Mz~y4o`<n*TuM!!mo1ag}#KoFS6)0e;YGo7H0OQxftkBY!e?v98@v
zI((|UjThjMkqt4`xXQ6u#V|?d-=rrOLpzd+P#bM^v8d+WI;v(!0cx&O;MG7J*#=>L
z?_9lq@0G9`ZFl*tX9F8$%aU4kp{v1J;F{E25E5)Jrb+cAD7vrWKBhW}qbFN%TJ{2b
zC_%~#mXgz8oxNhgJ0Nyf=XaAF?4-H`M!mK_j49y9R9atTSfiR~k>UuVs_+1{71(H9
zcdcNgFwmbef<&H&qd|*~O-p&g7&6ZmNuDrmHrcP#x8axr=Q`J50gRRnZk+if%)2J~
zX6gM|3z4Ao1+3AdTL(I4J?fh;cH%CkLZN0|-|=G1P)VwkTB#W8KY|*e_C~>fI6rD3
z`>3Kaq7oJx$F(hnO`I`}C5T1(LEeniX(?L;eJ(kPs{18vnJ?{FuB;m4za(AQ+}YXm
z+X9u8T7?0B)DnONC=*P4Io6PkNJX+z+}SszXBQ5ysn46#I=llhJHyaXE$YS6&|Xv5
zJ0w+;kCFHy(gCk;lwA*B;=0jYKkTP%83|irXa!nY8vrR8Mn=wRL98yMeFDNf>ep)3
zK(2DxHMMQ>E6S;D2rj~1KJVY!WhB2G%#v-77~z$MGXNmt8_o_ELO^G6B#c;-4M-m{
zq>UNlCA>(ZF;E)R#f}h>MWoRfI6@{ANlT`=r_vZH4i;vHrHnX|QKu^ZKa{;wm}JqC
z{#{jFwv8^^wz6#7wyiGPwyiGP?y_y$?7~-P&YYS5%y%&}`D8wsH+$XWj=dsQ#QS?0
z(uW2|iW0^o$yB5((ia%YO%z8C6v-Z?vD04CS(r42j9C*yJ-XHE5Nb^C81P;999#zr
z-7yVT<TTZpRTt#;Zit;PTkFYK-YWihNEH3S=A?Y3wzR|&zg?`lQ-1xUMB(M#xLi64
zM@dRPL`fDtCS5WkiI+vhOkG@8QWe1Un1bLMQBIV5fi{0(*sg>ch9&z>I<1eVdxXji
zg%bQyq=dR#n{9{=Y{(`xL^Ek%K__*uo-sWKqRSP#3q`&)){bmlq6PIV2eZ8Bz}A>E
zU*1}NAg=*1fl78z9-gVl<*>MWX#;c0a_7_yiTi8UT{4B!W3N%%5~b+-@Kre9xrSY{
zckFiD({-%yiA>Etjo4T_OWA)^UYSUrEm*$GJ^qU!SrfVOm}K_vg`Yp(=UU$SzS01-
zVl*8Fru@}dpzqvUasEkI;h;3zS?N_}45e-l&*QAuikah<{5NI)#S;3!7ptyH=L$9G
zE}-L>>0F7VFVXVPWV@@Kyko|hel?_B2QH<T63TDd`=n~?Dq(SH9dWx=dxXRI$UF?$
z5fFha;MJLEH`aD?mwj5<JB^5G)lT(W&WLFh@0`7RG`&3c@I4qby`mSxp;QXr@I5Is
zdX<gB7p9?cRC=|I$`{8WH45GQR=HcrAvG%9V)v#!)`(>)-O`uhh-K=nyjHzi(IGX;
zZcPWzT*T|C%=m*;DY_RC5uTK7!34WF?PE7|J#!D@ly}P^zmgZzp;`s+$OD~n2v0o4
z2VYq^5dm`Hy=>&?QF>4X=|Nr2D;EH<AYvC}R$RbxViFNQzH>j$ji^Qs$`+ujAj#LC
zUFlN2lXSrgc(cId+Sbib5=Xy4cg^&2lT7RBW0rTmQvH!9G{?lpO_AFCYEX5i{QfD2
zTf!MA`nrU(=p&bSMoS>Z9>-RVcmt4fKl1DIlDKsf!QTPWx?11PKMa?%;BUcB5k=xp
z;C6rE^cfL0IdZO`IM{xsd~#z6rI3VXh~OL7_he`JuQ-JdVbMo5(K=@c3G8&SS}c>T
z`-h1pwnQ0MW><SoG;TEZ<Zwr8cwm7TXUtwqs>t%FLPc2<q+}{8sj`>Nj7lXOzy&FO
zwR_Z_L&ONxm11YZSkt}X8Uj%md}uj~HBwXv7z4Vb#VB+dkc;sWb{Z^>euZ=3d{#h)
zHw{6_!h`q0&zv`)3|-?r{Q?E<JaWd;jswCl-LlkXA!oyU02a*#0n<-aPiJs|FyU(l
zq@qDHZdK%}!RY*tBDK@3-cUAHYfenZcxT*GAkxvD{y~{AiAn#SmRJ+I1`pKr*CY}c
zn(-<#^Q;{AmI!mXjpCG5-h3pp@?hLUS?fSdH{|%3O?sk2^m$}W!&5%01s~K;Q5S+>
z+KRuM`BxY>?EJ0~TC)D0YKbqM`xN*Q>r5xGCMgPr!i9q&WJov}gIDs6rt#yeZBY3N
zMR}?4-M!8!^8(aA@u_IO9bMp(^1vew_uE&yjOeP*FoBE;Q>r_398eK>*LNT-!h`E-
zthphmB<XclpcU$BOn-N*=P{QCTW!dC(<c-+4d7|}B_fG4fNzTp?97|~nXv>`7dPpe
z`v~|$M-^JmQ|U~Tt9pkqNGyY;R4%W(3r@9O#zO*exh*Xv#=Q2k8BD79XwNk3x|y@c
z)Rbq?#eqd+qaN=*pgl{!Ix3HhwM;_x_j$+fjvO1iK8{6RQSgotcX0;pz}h5uK4|P)
zc=llSHp)(91Ra&3;|;pZ@h$L8t(~B%jCt5lZW=c=X9JiE=;k&&YuewmeYO`MnSxta
z@+~NfI!?Nqe?U8;&(`|Shvhc|T(yQfbl}y38cDg$$Ma%r49jKM!`m|n$@*-!!H`^Y
zl2Y_ZP9~4R8_hqku3&Lo_nMeCYBnAXkV;=(lqYm7`L#t%sFTrA5;;cRIH?FUoz0SQ
zOC`~h_uNmAG8jdhy++W+{*r<1Rl18S-oMKap?wlnYi+>Rx~3IJlf42Ed9bT|e|JT0
z_Pty|F0C!iD!`u^86oPRRO#WcICCd;=qS*c;XGLTBUipMY#Q=)ff{P+A9%QHdI@+q
z27M1|HYKhf?x_h*%LAGlcdF;$N7}8$0tQU9Qt^-^vI>zcLa2V{G)+C3i@1$W6G>H>
zDrs1qRRue-O1FsJlB>X$^TJEnlK@CKIsmTWzL*JzQGDG3y}AvmQmgROqYN`^-c>(-
z>%FD?+EmS3c5SWR>{||wZKInQM>}pxO+E@y`2$nSLPCSj%dL)#pOg*tq`nOAiA1vU
z$|D?#o&7u|12T3$OS&3DJ(Zm|kB_aRn^4Uj7~i<;x%GNAg)4@P=NP4Fl<gpL6G!~k
zhwk{$(OB0bw*L0_LG%k~Z}e7Y*XRTxR{+~vGBkVo6!(UdWq{qD-WvvDhnoXrdtl!l
zURDrDR}k2)5S$<nu3Ll~lmQy=WN->IP~xP&8#7dxF~@dN#{v0{mpJ|kQo{LDcDN}`
z==ea_om5x)czes)_)Ivo!uKKIQtrA`*&7IA$G6=ncaX&!8DjUI19Q6<_8rG`&y7PG
zpx+$UhdT=<7JkK{`7m5($Pk0UKN7x|$|124lPJP0i{!SiTnBMK^n*hOcNoM01ZJo~
zokZ5C&K==6Y}&s21sKB|oNkV5*RYzMZV}wDoDFuo(LudNW(3*>|E&?ZY9VD$(gsV_
z0!_WTdQj5_ZOOvwR<RoDyotI_umk*Kt*KRVJ*2X!<A%wGUAN}4kL;3gBM+}HdTrmm
z_=!iixXYh^UTg>5hst)bbie71=Dm#%qIMo*|M5++Q=xV!^MTbp(id*4Vmqki)NR+*
zhkh%cV2JzC=*8*-Y9s#(KJ$@(N9XO{z2%ebYHqvF>jB}0{Y`A8Ah&PxP0c;mV1QQ?
z^orH+#+MkKfT4XiP?YG3eeUL0d~|3O<I8VGBm%~gU8F+9SnQz}EhBt<=8D@^g~(W}
z^P3>=MLju)U$ZaRTVkai5FQ@cl(U`9JNTZb+~%%od%6ik<}p^czCy$nB`T;xG7t5B
zfwry)33O}b1&bqMW)K9>0b&pdPw8f;2~Xq95vElmKS)k@Sg>z@N`O1FQXTfK!SlY{
zXL0pemvVVK<8KY{NIm~}gkk;|!uu7OIM;#c*wS!Ln`h;PAaFhSpsQ$f;??xDU(55j
z&x{y5J=^wyn*IC*Ibi+|Yz|9M7LB+?EtfJ}suHT=o`sd--q;+kKR;=Psij9rx?!Y6
ziTV%keC97%szg1*Uw{7Uf6o2=fyRYo1Us7Re`~lCiE$Y*cv=>t<X`LY%Nr-}oL~uv
zU;>yOIhM>flBW%LPAfsq;3ce$nz)CQ8^tfuU2e}TjC_7(f&GDKEBgg;??<>9;xuV@
zAjkC)J<2owFTP#dOPrcBjG8lo8c8@cI7qd&0Tqkg3jf^-!QG0!-HHeM#W;Hv(N-#E
z?PRnXZ0s6r^qN2LYH$c@(U5A<uxf`vm7+TCyUPMZv;nC*4&G?G!^;-zU(8uU^NoHz
zGJo&%7&D(XyuC3n_W!C!5-67V0iIvw%u_#MV|TFLfA~tU_6*bCXc>%Liy-h&gBu7$
zp-@Bwlcm52SE0E&G}(tuHrj<EOIkybp-NEYiz`BjBuG*u1VAmKOO}~X<-3*#wWo`-
zC(BP)1bHfvE|{4L<<}rrR7z5`NR}~D<wqzBC6@<j79(3mN|tde3-OjAp9M*lVW<do
zl_H;cCCe+PUK#!LEFZ+KK(>mItO};8t57kt;Q%W1Q#Oo-Qj3ODI}E8D4z3&ytt1Po
zyz5s%8Bj^=S4kXDQR-Jw`sxTz{wj2|S@YvxK6~{8%(lODoxqlg;Cj;`&mij5;ba@k
z0f@2<==wE?u*OB`wPnmQstf41DBt$^7=h#>zNh4w&VAxz_`_h4i0cQ33^6}&=t?5u
z4dXFMEeA2{6b>S^2Hj_A$ilLTrW5QsgkGDelm6pNxts7yplGYXMLE=|9AR^|bYADv
z+?X2BuJe&LU)_cVoi<@#+7vMRxtmuyF{_amiM4~uOsK03wmC$0LU|-$$GCh)m@juC
zEJWZ9x}0dk^A`U*me#_CVLsa#5}MmP8xf`#kra^<{WCI_*0hucFBwJjb5hDhuYxa-
zq-_(MplFeN0E>q@2hlIpoIoxIbr2c*961b4D!-B<7_eI>O-9LLn}E%p;%BK`NK3eW
zFrwjRtw0TE+Y=>EIXNu!lQHxAq(bMe{7rge5jt(y55rc6%N2<hM^Z(gPp2p>GShdM
z7ey&|0piOI+CYEOl6=rYl_B*Q`?P*Lb6m)E*g_coCi|Ow3)m+{z+nt2O=%9?$><m_
z;59r{U(gx~Dpa3Prwbi#|GEwgk6aA`X;0BU5?ma^cl;nE=mL{S%#5E;biIc2ZNSnI
zX3S=7;CJiK=wMZKM<6-_N+;2^-qN3IoiMb;gSacu#TG|}rD!RXbyaA8l22@c4<)r{
zq0ub<3c3D?Ep)bY3TxUyJ~v0w1OG8}$e^taj56q%Mwp@RzoLJ;D`e8~!*rhX$f3TA
zJ8FddMxwr*nGY>1SiC6bv{)FU4C_640(X<VN7-$Pk)xbN(>IwJ;?ilP{Y7wpaTT1p
zoJl63HpE9_=5Y=b8pO}CK#Q3A&*Po2JesxDl$@{6{;J73!$^$@_kxH6pHp^4i-4?b
zkZh`-P7e-l-6Abw`FpBSs@mr$UeXl}fc?ISpvk&@X^m}_q0fPv1fru&-boi5ibo%K
z)5>Pk#7z@t0hc%w^8r7aSdF!R(O%|6_+2%RxV9BOsMR0+l+E!y8<E^L5Y&PD0kJ2*
z*a6}JnLDq?yhMKkEZvYi3b{kSz7^sqe7l!u7DQ^W>$mm>M3W)HLS)wr#Z_pf2#z-K
zw`_4wuvPXVuw&4dg95&n&;b!XGIXbm19W6?;HH&Bn){LXCWV9Qhn84r0I2;RoG3v%
zcmJNkUd!JUBsRs=1M@+my^gI|x$(~_nky003C4w+e$1aa=)ba$+Msd=_-}Z_K<wyH
zf%Wz&&w{&dgF7KkcY683Tj16i?!N-CQ`cfelg)4CwUi4+28u;ULyFi+Ao5!P#E_9E
zzqE0M_VNV{qmi{_R?6-*MZ`Ze=bjaebjY-H3{LC9XS$&`DP}84JevUQC~LKWq*^47
zw1gij9p}a!I3%8l06Vg8Bz}wJLn`tn-K-uGmq5Ooq;n|XI^kq9s2$BS7NAAqSqpeZ
z%qW@pOZt`vc$Rwjng0WAjcS%H9G{FO;I|+&H&LA!sVktFNAyHLm=9fuSh>SFI4fxs
zrG8VXesewuz7BApAypX#pW`Ll%poFPa(3;pdIT2UO);AaHK}+~oRWN70nj6NE))8q
znVm=W(JJsGbxsrdLdSm8F_CE&+Dg5&Bz?-aen!e4Kzj=}xwNlD!uWm2930&V<SJ^w
ziFfpAVon?LnOb>iB{Y(?eB6Tk!PmGqtgAni4OiW|0aMiqR2UW%(@?{)u%?EK9TdZ^
z&?u$67Nvk3P39aRWJI#2QQ&|q^OHp`Ux#!}ryv};D{LklS|-JuKKv=gTu+FcvatsM
zq0YmvL1=-DMY3Kz?ur#8t6-i22$gVdwd7>=#^{YNnpU$BZK?&rC7#t5Ds9siBbH)G
zt^N&gTZNH=RRb7=%h1!*;RKVyE4EtKP!zbPCYB8x5@GM2NwX-P6&7uso&l2l%qbjP
z5?l<+rUXw8BK%NCQqAiYhe)~5Q!$mTl`oWWm9^h@_Q+Gczwt+7BoX0>63)1?KbI)s
z@56=$cL9bq99e)WCtO)FbevG7u%V&dg}p%gaJrGGf%m;Yj%Yb*3O#X%Up?V3C+b>Y
z#O6l1!djkaHb+_pa2FxtJD^peE&9Y+g_peHY=3dr-Y|MyPC{{RF&>0gVAgN2R$~18
zxo;p=2t9jc89}a)?)BNT{hz|lcY!@^E-}b=2ye+6!|isEs$qC4;DYzptU1aT`x4h4
zZ&-9Fd~11slr}!^$hE`iE-3Aw`OtLM&<C+Udb(@%Amz^RqbEi)#mlAe)5|gXy^;Ud
zc1-<Iw;%L3v+m*BqMYsj+Ky2+F#8vj%<3OdGG1Y7m~o;A9`9Y41;wO8LdXINA~_rp
zDe+zaGc8Jckt=)0k0<gMqj$rCIPrq*4~1c7DG{PY^|^~KW~XW1XU3NMkCD_`An@A-
zQEJ;&j_CDh)DO{CbZ{EjwX%^oqyaYBotV0)70e+W7$fvy8;(}9LM)V!z3yNLbTY6r
zVijc%+L?^ir1d%4KXW0Oi}`A6X^7(1<8f(!b;ssG$rZb(LB=fnbf6lII}<#cAK6O#
zP132Ugm;fk97IBLR@LAW+jm4jgt7QH>`i{&gB@D7DLgpF<5*~DrtY>^{^3fpMHSbv
zZ;(nFp9_-9Xa#v{&s}6%;E8flM?@^bEsu6wqP9d!Xp&6^8~$APkO+y-pgdN|<Lv?X
z{nba&aHr4@w$6`Iw=ybnZl0TdT9^&VxT@Rr9CBWqdebt{Wu*0F`>JT)=HNULC=H||
zUYkAIfn5U)iB+(z)^(`M56^YHfmAYmT<K%UQBQMVh~)I2-FK1QsVJ|$VCr>MuyA9B
z-Wa0LpM}7LxL0Rj#K7ASDD4%fRwAD9VS(licd?kV1@kAk^Q2RmJe03*rh>?iC~#+v
zJF7O(b@o?cN~@S0m=IO!1(bdyl&I`D9+}5T^#DiBKFa<2HK36>m({hAaul~&#gq^#
zn{&*@+2%k5x3=8^(^&UFMKAoetvwz*<7b8sG`CBYTcFCP=ko55u&?4(bxt@@rj&DN
z8=xuAUgAdhvgi|)e@r1qB<O)55tR?T&oQ0dfG`ZE9p#_{0oWhJ(o*80UE(9Y#TwgI
zW@Eki<#~rFqZAyH=sym?%y{+|gL5@UAXj~s@5%TKI-sk<W4S0`9LS!epKS>&84R7k
z&roaQS#60-v12r2_Z;meXbRNs#eL+dG4M|j(H@!S2&AT|2_)4uC<T?v3_pp%3Zc??
zypbAaGx)?%d2^}I?9rV$CH<RRJx3q&LlLcD?8VX@@3fn$TGQyP)-WW-M>)8!YQiOh
z#Iw?g^z*<|riR^b*Rs~W*eJI<_rFG$c*^&-_>HtMfc(F4Rg|1f?Ee{A$;#_WI4YQ5
z*&8S+h(xKXzf1B6Nd(H4EVTq+P-Wm!CG){5pGY|2BFAkvE;KuxtN2bhV&=`Zz2{Q-
z7O<e0T}8L`hxz~9a(7t$N}D<{zRPy%9>0F?9?#+bdb@N3I+l+y08%oL7GppOM5q<J
zrP+$xi$HBanh;?i7*L@Zz0XwaL?c!R+tCEIlaf-15TQ&dGU1F$#`I)B>vL)AM(L~2
zwhO95ALbJ7B(hvu%BU<{|m?wN50=yT|K`qp`h@_0Zk-WbLs`uh8w9K&(tJC`f4|
zJ%fc>9%xpk)l)u4U;St<X9BPmPBfv}YQpAIs;E_Cg*cnuZ--Sw76Pak%#=?)YYHkN
zNxe!*CU827IHO1|xY$)Zo|1sAq)6#dL<XvkJfc%u09$)1GPH~LE|KSGwyJlA%S;~K
zy8BD$n>3b#EHz6QZ7N$t=u)!X#ObB8+%;ImAfyX#-cp<ISQe0K!G{5l#-i)VwTZZ@
zF)9qNvFo?ku1l>N7zrhjA}h+th$^2o?NYQ9I2rjE4-t7ksO6j7+--)KOV&wdQzWbx
ze^1t{%bUOz-qk~$7Vm&%nPGB8P?%?wIbKF+G`R)Y>TJ>~omJ#BKb(f})vRZvB>YHZ
z8WL-kY?Ju*l>@)c3Sf5E6@)g!dUGM9DmNXh0~W+=LABOb>ig|Xkg#Vm7GQGfC(+l@
zTD`;DNk0SutvevnZ#8MLq}mk0P|n@_nQyx>uVmY&NDO`T3kBImGR+wCFMpztyBIrd
zYO_c>#dCAz-5Zpenv_jpg?;rF@;(UX0II49dFnMEn95U&ZR#1mwqA+6`TF#hw3koV
zvZYWd6yBFy;;u?O2yx18g?)-{0<dR6zypPXn#FNqw2SIlbpyP|v4I&};4EUNIFn3i
z?T*;5rTh!Nl@&s++}@V>hil>+F;{(rzKa!nq19X7AU_8NQSlr?*d3mst^i27pW$k=
za@hofBJH=xOvaP#WthcyS=q)TS=k52POb_0xs9ArZQklhQ@-`Q){f!gbZtKdoyN?6
z)Da*W4_(xrZ~(H<4-pLtwoYw3iV3mYHbG(?Lr>h`!Wk_r&JY+VA0aR&#};REId>hA
zN59I_-)WFZj=vS}gQv6vy&$Bjd8jpnu_E>K@rPV&brI|8f#I30v05(y-AUKt_q=eO
zH1dCB8Z`1kWi!(na9p7QM*dK>G9H@6wBnrsV#Y!-iX6Wp&Ub*Bpwq2Ua6LDWJ2%;0
zaCI$FaBbn()<FLr{M`Zj0+=LNOpRtH>cEkdK=|+z3F0MX@H)Ro0k_>Fu+3ajLHuyT
z7EhqeoV?sm=cN!!{1(s_MPpv&!{p}S<nFQX6|TNzSwEj{L8J|*PC{LXLQIxvEn&s#
zVVCmgM7`6`T)dr#U8jt+0UR8;=2>_JpVX&zP#&x=3fWhe1^i+@$COC0IcUin#%QmM
z-&jTbgco0zc4v->STnPpY)v1MM_b4LJFqmXmlZkpTh;vdJ^b{op9T8gl2HC_D&yZD
zS_<Q`>jJ2}iEg+pyYX{EIQTlG$!iL$=ygC)P^?5S1>&17)(BIeX1J?~&0h;}$#HQ4
zXAn0EXv-+XRQf2f&ePf4&sko>PJgf8=zmSSU*|<laz(6E7_Jj;R2hcmJJ&e(_QqhH
z<-jIiQPN^zv++k2t^$~qi{XzRxlEoH>odaQEUCNdUI^VuoJZwk3Y=epotxfGFx}~8
zh3HE92_$R*n3VK~<w#tJ620Z5NIcol%zJ?^+LlD^r^;`V0M}{xRVB@IpAf@RZj#jj
zj=cEEiODhRy)omToue6HK1gsP1@%6<H0kk@Se9fte+|uD+Nay9Enb-kTGu(R=&ak3
zbA6h=W;vtH!s%m`*|zFNa_c?lQtI~lhhRctVal0lcrmZMj81VbX6}<uHLUVx%M?Y`
zM(c746OD+)ux)NhGtg6M&?$+{P}M9(ps);H2hdgsB%#d}s#XkfYAM?9!K*ahm~{6i
zQSL~gF=9tQ%tp@}*&OeHUChj?qqj%9MbT~L-(7>}0#k$`y~**e`Mc1!j@-P>xYynO
z>mJqdeEHJzJ>-@J4FtsffBnB@%p64=9qs;|eUq)KrKF^W`pMRoJxF1X2<FdbSV<^Y
zsA3f<IfTfH4InI_KtmWK3=av)$@*zi{bZ=%_023%%6`hnE9G%6DMWyi&OQ|;$Uc=j
zX^8!RkX>FQ2c~iuwlH1dvbuKpTH5ludpW)Sc6Sb0r^~t%&|e9h=NPaC^sRR~srHox
zI6<?389^gMCqO%64D+f78-P)Mmhg`5@JL~x8n5~U_&80NlTT+zfL&8CprWFtSt~x|
z{ZN9Yqe@e~seu6Q9I;MY{cEeJYZ!@;rsKLB0Yd;?6(u4oGQe9mJK8Jo_3KyIoGwQ$
zb(-cB?p(ddrYM|(rVGOsN^FSO7$1|qMuR9Mi)bwT<6uEoVY0k6mVpV}$n`Zp+Zs-|
zSpTg!z1<q<M!Ug5v^`%rjC-RolcKnJqNkvKA-}6`=A4iQZ7MWehA3I;+Gd@%RIe@P
z@-P$Uhq;5HH2dC~dW!3UI$yp?C=2nx`CSRc?*hrR3_wPsK|$27YJF@FSz-3l#wvk%
zrqGX}TZhe`>~_+*Q}P**Erf^<xiO-J<NKkNDOV8>1egntxTL(adB%^Yf=bMf&{P}o
zy%9`8t9zhWo(C0X8w-?~)Cw&97SSYflI(vUgaoDHM=bqZ@+O=^+PBfhamwS^%1P%u
zM;8=VC)5cCnPn|SnTq5xL(r+DEls&lr}bu>d?<yVM1ixsnA)ONWo}-$LqM05)8&)U
zYQiN+gYr~Il~!q|2Sm8s!S6+g^9e>r>psXY(OvVk7a?|r7;)WpiRt-<$#u1dN?AtZ
z8R<>!qe&ArVpchr12woCWF|yGm*`?M$H=g>{;Iw?<ek%P-0U%XPgTW!MCf|=jbnLB
zBqt;Ml7k;EP4A|Oo*Y@LHIK{g4$8`s%d?G~#uy{L8^VQ?lXHE=RNw;MBnfk+x7|y@
zs5QbUzIlZ@h>=xnWyNo*9Tx*<d~g`h^QuG1)(x5+mufHP{#pi{PSLpPZIyeWBUCU}
z9xIw^%4X|=ngzgXBLG`Hi*cW{b2N=f@TQ`kc;~}(*gLTG<h9{KtS-}66oBeSm=&eH
zN+w&q&zdhPUDKhCK${ez`z3p|$}3d%NCpjoXe+&gKFteSR-v1+U#nSIK%Sq*!_8P7
z3!ns?6hSyM^M|bnozEmZs%qM4)%!*-t*2JGA(r-`xD_NLKwE6(nLXP@T;yGch#?L*
zm4&aiuY-`T_#!v?HzQy4#Etk6u~%(75Cv1{ZgEQ;5K5wWgu@mj15(4*!cD{2kT!|1
z3ESBtAp{o{0`3oJeBmqTq~7?-s8XD{%i3vAJ>?(O=MMAQ`x7Se&YFtu1zn0svlD~i
zudDArAl<As5C3vJKvtHeYc|ycy)Cu3dz6tR&CHk}s47=ll&)@Bm+I<Byi(@R*4Ov9
z2Ue3-ae6G0ndW|?&=_3)fI7$=bTTL0k`cHFjKH_-#=x-umBAlIRIu=Fpq-Dy9>}*L
zz|ZOj>&EcQ3v&>GL+}^80ea~Tb;vEE8H3ym4-v&zKSj<?R#`Baa#T3k1qwZ3Fx{W#
zz~Ki_--}`Vm0NO=6)CiZUSidKTI{OmQ1Qo$UEpx^3QPWIcRW33s|9yyHrbkP5J8ke
zC837)m>@QEO>uQMjEFU^NE<ZfxdnEvquV(iT{49lmD~;E+()#TvqjhNQ)K2fJ;0=d
z3lN40`=%;s7@}p|oS=ug1{XjvI;lWaj|4A8r@=YM8_!tcTBEHN(PwoYDQzIcY+fhz
zv@-=bW{%-S4wCoX<oHr5OV6Wq=OP|$qbRE-2Sq;*cZWm6F`62rkFyio`~waLW1uRb
zg8SeFF8EzF<WA%0P@V=((Md?sVU;VCUjg0^j?QBn8-%vnCi=-#tk4NR6I;jWhF|N_
z%^Cgr59*JUaiIwC@P@d#KBjg!WV6g9OtX&fPiRt1lG(z~NXPi+xCysAy?^Zs|9?Ad
zvj1UUFm<st`Uig5>A#s_|L&90JpHbH_L09SDgWy=ME|wgzh@I_f7MWrv3x@|T@2h1
zMKI{~I~S<vDk~*G!4`=6+M(TnNzIk;QVg)PP1%_nz~{+Ipd{9{Gl$uR(%i$Lnu}>I
zyabGl=5jqVa<<mzA3SB(K4)^Yr%w6h|9UqJ{NAZpaC)h^e(s+B+nK7d{c)YS3}oGF
z4rE{soKzqOI|3b#>f{Gxl^3ZZ32VW)K@Uz0gp#6e^3H)Tz=)5S30%iT7y|L}l0}e<
zppTD_JTPF$K^Y?U{vw13b6Z9b3s$E-5h$p<<G{$XJAx6Y9zh?zI}XefUi$977HbB5
zYYjBLOATB#c;El)XhiM9U9i8(Q)aoU8kr~A3SRPtt)yKAigYrgrrGqZL%C4rRPwH<
zkrPcV0Rl}J#p`&+>d~?!2yT*+7)fPLvQsTuQ<A9MC0$`&@xgZJB<9KZp|!Z!nYrD_
zP=%b(ycoV{zGAj4O}Vk6zD<s^29Ow$6V|K|QbK;VwBb(DS9*FHMY?m)Ry1|A@B@YG
zBV(%?{^B(LH&^Tv&yyi?#DsLJg&isCuu^-mc{`^OSZJ8lo&rsNDeR(%&<q52_{<``
zE3l)nx@oBC<6KsS8@E($v~~ahknABnV(8HZ<y;OW6Kk>!?K0)qY}J@Qq6i0-X?i5f
zheKLZb7_fyM`BWer8alg^&t_D5V9oa2gjPNy!Y*nNi4<OczODVAq~c^buH)gR3W+@
ziVv^W$CRs_QHgDOVs*fyL530bFeu2w!|unXrQ-RrIHl5{QE`j}#q=K&8rsv*rqY=5
z_NTn)X$(0NXQ2d^B^|{@6rz=UZEvskw}n=d(gL*xBUXMfqbTx-<a(8I&yugOATZ8l
z86ISiDh5eZNMzNclNi!OOCbq1OsI%c)p-GJ8SeTVWwq^v498zH5^6EBo_`fH=qM%!
zMqmTgjVmmMo&ws}6|snGu4VxA>6fmdE_>-wQ~=|Ra3!V+2T2g)g&ixy6%r$yZn{Dg
z`adgCc3}pivGYuZty05uggPnw5<yF;K{3osy2I2=Q_#Dd^TDJv?H0Jf5l&1~F#8xc
z6;Y8wL+=u=!>HlSyz#f#x=Hdp9?JzqWB1WW$+zwDtWi?ZVV&PUWe9I+weR-VnM8X{
z8}^?1l7DMM!U1F!IdYV%&2!UZu9)U8C5gmLuVQ%rW@2Nz;jeDlPsgi!DM@7#Y{%c~
z2%4dFlM}xAvAs}cnL35zsvJ#*$#-uNbd0?c{uLftum6+j+$V4HdH>kr=npaLUeUu}
z?8LNi0$e}sTv`#>ubhKU!!V)v0yf`43NU?mb^NQGpPVt;faR+ZMr6*8zzrv1=TK|d
zjCeYjQxum$q=Ppaf!H}_Z9-q7Pc7$>w?4l>(dweRM`0~lLF8Y?L~)Q!i!*tEBYcSj
zg>N&;Hc}8|$;v%>k>X)kR-$ul>ijhr!TYOLOL<-y`AkO07jgWRnF{vSj*es&gQMn<
z?oWC&aQ6*I5qm2|FIP;%#ehpEy37E2uji-akBAkytM=VnOlZ+k-kS8g7hCH_0<~kG
zi}X)-tF4g>t*QO4B)T0Q{&$oKs>iFE`qCr&MNDtvnwr%cd+PuK?$*!7>IRy>Q?rz+
znQexU@{wF(UWJ8SB-$=m4bW5l*LWez%uH|xSGd8XHT}qH23?gmBqp6%YI1>6YnqU4
zd93wpJ^4(Y2p9PfUZ;J0pYEH}1T{9zyY{NZR_;wk?)W}y{VKquQlkf=_40$RdTw4<
z@AGZvd52zYSDkQfxsFZz18#dJIys}(<rEwcxn@OsEXG$bas$VB<v(G94VQhcz@IS^
zEq3?<UT6ey^ZN=ZLIWh7SAV6L$h7@B!xgxf5dG1tB!wi0jb|>$HN(a^^C$T5-jGw%
zH>CB9T32W$#0e?ba7|Icx33#MRV^yt+!?zDe^2t}3%83z)5zzsP9WxRXYF8bEyycO
zv|ddHz6MWvl%_@rzD5&5ZKXtX#bwl~6*^Y7-n_5^5kqVQF%8fR5{#<^NHHzmmNN#o
z+9o2vT6%XVz!?=(KPRekNz<BqNY}S5jlA)IFqo`HTFWaDdXOfigSjT`_e#5wMcyLj
z@k#>ri3$N<HOd+FSKIHebl6d0DkR?-+E7(IZ$##Vv19SZ>XXO>=C;Z$o;-GJkGOD6
z)?r^}2KQ*s!6-Xc*5&P(y*POdOQu8ybl3>g7PKmD#2C3&magH{KzoeH&uLs5(W^JJ
z;ogOKAK1Y<5xt*7zFz!N^9rr)A*aLgz>hV!A{ljobmS3^qfgvX6Ti_I{^Bvv`PqiC
z3a@L#?U60Q8#T~s%w5k4vqY+8bilqgWig>RE51~p+LV_ps4*>YVF1)gLTwq^FSh(#
z&uXIc)$8E1jk+w=X_wzfx<~ogEJDW78sU+>Tj4Nar^6j0-^6Y_?q1=ukpgF6OLBno
zAhAJXj??|=U_3XZ*$kqeMAzN7_?-TmKQEKtSRrP9k@~&0YfPx~Pu44v$u`lbRn)|K
z&_~SWm27v`NYBSbAyL6!?UCpFP1nwl_WBkT_23^I;v?(~<lML;7;)WI``H}E^FPWr
zDdXpzvuNqwjgsIAF?}J5jRmYR;PcbggVlbE2XLro@v3`+9rD~P+?N?bQoAe9?v=-C
z_aQ?Gr!iAVXm1nd8@;@V9q#SURV{qK>v78uYZgqZ%IFC!+9Hy(i*q}pRQA<B*m%8g
zzy18Y`wi+LA~~3FUnqs#Q@cN-y1%jrKf$=)=vOOzhtO}VLY~=;_gfww-K>Xu%!ogK
zY<G{CK8ro<%UM(V4MV*LH@&MZ-ENy7`mn9{%+K+^@V=BzzHJ^<hIir*o0)%Lsy)}0
zW8B~`xGlsCS~Ne=O=WVrt-vu)WvAXtI&Q)(O4O^3HNHIAIGrs_mhDYBC^x$|(?RKV
z{3?#WN#GV)wLiY>{#78JyaMN0w0nLnR-!D^O#2Zjacfty0P#NK6UMDRTzSLj?>8Fv
zHS%#lSJVjE1Np?pEu&xSd9gsb?<Sxu3A_xY<#+v`0yH3?B$0=2dCY&l2>*xN$=bly
z>_1X3AfV*`cKQF5zWv+fmQK#r|FOnDy=z!^Pd<;okAXD4n?wH-&H6vr5VSRxvo~=x
zaQ=^D0c9Pzd3j7<`13UdDuTe>8yqAZEQWXl{-2_R_rw-y?Gi-nN7j{E5*C>?#5Yo~
zZd)Gv!GnM>GEuwl7Eud96qp-h=Lx6WH0Sj_&-LG&r{`QdexL~hkq}r`e@ZM3>2X9x
zVk2};s20+RvADdaIeW2w9$~xN*Ec0vJ*q0^39DwUafeW~Gta4g)_DqcN4Quml`B;z
zvKGs>>JYOde67WR!j6rGO%rg3q2J$@1Hv?gwhWL~t}14jGq6&6cDAW5Era7^)g-JP
z{gZH4*q>gF6z(pCeGJO;T}FTQwp>@)utb?EnupxnDYPH72P)#Vv$$j0Mt)~ntkWj7
zJVdl?EK0g@TDn%3bc~<%fExGBKDg!NDul|+dYCMnHD=l`S&z@VK}pJrk1%+#c~He+
ziPy;_xCk3^_Gr!GP5-VA2?7iG6y3DVSbT?P&)g_1DB(&HB@Iw^x1U_vjL@xDvsqtg
zLt}|?MWIGxJ}c60%yd2o-)%AfUA@`BR~z7TQu?jIFi_}2zM^Ukm4JFi;{i&?=Zd!r
zpU8f-r927j|2?C#Q(@rXcFoaj)z!IFK_*<&k(T$%_w_VGO%~(crPS+n+l{WEID_gC
z(N;dSoLXvAq1!&%W`NoCVFrpb<y6Tk9dFXwRdImhgTVMLogwN~<|heqN%K61fZaU{
zbH=_>s6GU!CxdvQH1lsD;7ClOqM*<?SPIM#Mr5Q30BD`@^s#CyCJnD8Omvfw5@xZI
z?}=9iX~yD3ntjlU8l=?iDLSgstq%pI13|(KlF$X@EsDP{5h!%hw|bHqOlVrDUVK#S
zI39jbMUoHCxM&X~U;P)|9`fOGD0Qo}T$X!?Lvmc0RU^Ip0SE6gBa%r4Qs8v_)F()r
zq^X|}NnwBJ=uWB9X%C!sbO<A@+UY3T0Gzbw#JmEWSI|7JsTPzMQ4FYU^BOzS?;k$f
zgk79~Js3}f0IFPhV~b9-AhXZ^he7y{@J&#x%o+VYMlJqs|M2~9!uQ|ePteiA+1$p&
z*}~|*hETE6<Ugq9pKK0$WN@f!LRz1a{=#pCn!)%LB|-s3xI~eX@{j!%-`ri%8n>pc
zf(ILSP!4~N8z3IkvnmvSfR}v)0{8aB6gxlnzFv>tJLvDgQWy7DwGkhlo7<TY;*c|c
z>0+NTdE1&?26vl93|Oap>7n(8`5cCk&eS*)K4m01+17a3Tuff>IIIERGHG1<$wGff
znpl+8@qmfD#%URTad&KpfeErcYU0ZsWpyk(3xigbk|FtBP4Z*dLQ{@|+?SP)GIrE>
z8?<`Val8r+^pYlDPN3vG;oI4E{My#4GdCvunae2K%7q9dLA}@kMr*m$oP1x7h@fW0
z;`CUR5R6G#vp?uuF^iY7V`qw2&u0^Wy=dnKt#+Phn`Pf0Xv#i3w)${#m`^p_njxEp
z3(HK0NAL7DrI?ot@AnC?f{e0SP$+GsrBC-w9TgYTL+H0_)L+{$=hgYrUv+<Z7})8!
zeC9wBqKr-UaaPnoNGE1ACZnh23mX_+1@Ib3uuj=W$K(0se?yP09W4z<JmVG9e}TH^
zK&;?#%Ybk=qd2|#z_maoJ342|bBf)o=k-P=YF@k39qK4%Y5$Q@pSrKo{(r36|8b8X
zWvuLUf0xI%->l02!}HbA(ZEB=#njZo{htN$qMC&>jvCr$4n{Oj&S3N<hpI(pG+Xl_
zsYS*d2jNg8t~A<uvI)B^q$y3b4QIV*lxWQ+BE?L7aIpYoD`^mKF)678iit%^N|6NA
zjN)8<%3a`(_g@2?jfV&jj;(Gi2__np&ASM5ocC87Zr9IO9qXBHr+>znftGesMOv|h
znU)OIMIni0FOm>b6v7P1MLnVz^xTO4&|fDS{8R-+aY#oUd3m%g8BS*>+|4meGE5D6
z9{;9C4MW@rVm<E()4Uj@yh7ez?Jxf|@kS+}7Ukrl+eP7dmN31JzoCT6HN9hI;){fE
zKXQV-^T5*U4P@#L3tc&*AA4aUBjuR@i5<1yr><&D)$94Qzz3z5c;f=KjTmQ$=b6Ze
zibAn|g{LsG5b_%v%kl&la~9+X9C*asi=-?XX5(TpIv<?10z9M%TnP_46x<MwQ7IZ!
zg*Z(aJ3M_CeA<0s#;`69pU~zw&UEdqMOkGUB0o<A!4iaYOCE3@77K44qK5~GQo2wH
zv0z_o8T7Jgik>z=xb|mFqh`Sv^9<nTZO_0mH9R~wTvM6RQN7r8P+bPMvw|5BG$8{5
z)5yq*t0ps<!y(T)Ki;5C-K3U_K0jcTQAZe#$}YScLTl+P3~t|I5kw^10QPhyEDWla
zP5n7#9*NJ`<dDdlW7JKN!6dfR{AwGd556D&OTsqFp{n#cG7ED7e9?X7f{6us(OK%E
zT9HgF@h@Uo?s_+v@wB@@q~^HPOGz)0<oZ;ZX<3P_vs@JXiGlxJ#hG?xO8kj3GRf*e
zlkx)C)DiT{mkRX3yzWVPGz6$66KK_0-CR4ftt&j+`K>rZ$`c9YRvO{EsbeJb0n_VL
zTrmrSkZlgQiRD=9qKQ2vYrir5WQ>B5K4_1ndS5z-Gr)_IMiaU%^*NbjOe^a=L{@>F
z+%)&kWCpfHEbN(1GnrNwBVuzTe@{eaz((~*^sgoKJ$M%x(dlxtbF__!7D{tb`TiEv
zmszT~7N5}GgbQ`H5#imR$1N*0JL@ko0k$tEHlYC@Hxlm3eQvjDK_h712)bZy{iQoV
zIr1|Bs$kop->yTN-4q;Q!XPlEX<PCW%J!IYk{ks)6a%EFxC0Jg<Tq&niLmdeKXUsm
zpv+LeCs$$bqXZVMm4y2cFpq$ypsKP&BIIA3NFX!qW&1sJKQzEFFz<+R5^sdTQg4W%
z_*HLEcxrdhs}gSl0&@36fS+-hMEj;OADDFansilfoP2qM_2e-d&H?(9S<_h>=js~V
zVtBFa1Adjqo*4?&WwT}IP>S&?lNVIXTKU;oSzjeNmVr%97JLT_@=+3sT~e$>=pZUH
zZ2lpuyE76)+KE$fIGPz;?;n}GpPx@Ls?(}+R(^JgEhF>Wt4rIn`^7?W18)mdm5$a9
zrsM~jbW;0F(#Tm=MO8?xlwzgRJ|zk6QtHvSV#|$6Lxu?g66oKwbomL%EY24pW{@Wj
zY<<o9bJu;;lk_h!@t8ov3Icj*h#4bHE?VWejfD(n#ksFWq&2Tlu0OnKMEa4{xyfHn
zV#c$u!c{r8YuP!-W!bW66;E05We?Uix6ZHY+}v-OnwmVDo0oW*f4eR>ef^{DY!m%f
zX0DG4U#LuJ(^t(dfNK8izHcnGIch8)+_OH$S1Jk0EM|Q9Vb4E2Pqw#Z2Wl;ZSqA^=
ziL6Hu^XFAzuK(!yGERS%@Hu~HIYlj=d}U#66=4o_v5a4qsoYcUOl-(9QOhi(!zmar
zD@{=WaeZ;r9(6pD2p%~;e{fK{a|&^O<?7(!<0qA%TupZ=Q81NdcBP61<2uT{Ym3Yq
zJWH`z08-4pi}6tPr1PdJ9lz52w({y53*~tcBT#y94&dAUos$#&uq05JSNHn}a!^pp
z;0G@rdIJH@X*mhljjMHm!j5a_fT}IYDNjm`13@rHQgOBB8kz)@R%SUFQy_+o?0(}a
zhvOvUfr$YvfR9(0q8BpaH}elAS))H}WG_}RN0?6J)dzWXLF`90)lO)w&?uwRTYEuZ
zt(24*;57cBQOM{`Sl5jy)PmewCRj=V+&iR!X=?%Sjxyx4U?kfj#6Fs9>lF<?nR=RW
zT^BxBIg@f;&D_;%vU5Bw50t1+c!7n=lD%Wx5_w@|is|^@2J-`aaljocaOYxjbCj=s
zWNl!BZ_$5=wCTh^{*Xv&#|)^;C-(M(N)GmA6ji$4Wps;DO4%xCPJO^ik}DkfVi!jb
z)flEagP3^eyS@&n@5t&qfS@J5WJ@`6#u!13YY#dOS7Z$$4?8lZNY#_n%Iwgho4%4X
zBbl~Ua`>Oi?sx`RD>KompDDWAroSM(|2ch64ze}CAJJ-HvFn63Wb1L{%0*1{>L{<B
z^*{=41hN@AG+wIc9xi}6aZ;$NpxcqPawZUU0bzw0Ly=&>2wY@R&K^INZOhk{mQY?n
zo-e%|lgzQUmv~ZUVyG++$zF*ZIn8hiWX&m6?cJwV_h-MM*CynPE(mzxSuzR^3-cPJ
zYpr&mA0t&dt6g&9Cw(g1Iaeaxl&l#dT-bwbN-9+DA}<S(Q>w|y2jPh1%PPe7L1%2Y
zi<)=Y*X0R?IL)|4)cpygOA<-957ik2s#_v8RXbL%CVtoAj$b>setmk00QiXi^y{~J
zfzfzouYYp+bI2Zq;)ikg0-^CCry!w9KY*q{eJ9dIfm#_Xyg^1XONBa1_6N|SPU9IA
z>Dr)tfjmBBTPL(ZuNol+Xj-A(FeI?J!f@FuQm2-UKk}&4eV5#@O`al6n%6acP%Ott
zY(i^=(duKTD0vI>Tr6l7L=vA&5P7On&(0vF*B*B5#2GSVPeHPSQ21-##i}(ynr6uc
z=ptXW4!cwDilemUenlU$DeWz2y+qYSZNY=67&17UwTS~@JneL`oTCEYbwvQ5B`e8{
zg#!h+nrWD_LU4iK$r(*1mhl-kg_WbvNy$xGQU`v4|Euc&`EOM(C?}W2!FSp$@SQdb
z|F6?#Ark{z30qS;30q?mcN1fIN4xI=)Y;>o=~1!bKOKQ^I-n#rVTwU1cIN`*4e6+J
z+9ZC(Q3Xc=f$6^eZe|}7jj^e2f%F9?40=J13yX8#`SC(AxB_1s?dZ{)U}kD|JTbxf
zRJ+aZ3(^`su0pe`Z8~LkBm`%oU8Ua<fERMO>qHqaGWW3m%b=1M(GC<rWMN;^RrnM~
zcVpAgKBTsh=`PQ;6$k9D8aC&YBYv&Zi$Y1Sa&RzXS8{eVkx24&g3GdfF7fCFJlfQ1
z3;rpPBM#Qe25pS|udv)%YCjBR!)%NXl53Fasz+9%j9xM9^IF}NLp)>;eH&7jya%OR
zbQnl}pyA9<R>B^+^()a$cSAkw4oNM1!tK04+_%Xd8gv->?rI{FE2axpGZa1N26O33
zVLdL+s)j_|kF+sdwkC|*?x#cIWQ(=5{JCgrBnUKIC;3TfxN-Qi)<OH@o&z)WuaVDk
z_MdmKstt>MY#);*Z$q@67IgKcTu&_7Rd9w8X!VuOdk0vrq|Z1j7|@dH#9C8{wRN&f
zl+gCLI0sm=(qO4%eVgSwGFe$5&18M1RIM>eM)u<0zR)ty+}6)$kP}^OLStQg0gsP)
zYT3Vgy(-=Xh`dP-$k#rdw$^EH_O~>gGmH&AoI?r}@onOb(M_h0cyavxTV7pi<p>}B
zJ<dRm^FNO?{O7sFziy)cLKYcPgK}41MEkTeC8JO8gfu3UW*H?yBnwxP_ZJOAhDFQ-
zB|!p6Ixu;V1SY0Cm>L4P&DyTWbQrjG%*+h|Aq$+<$g^u&RW~oG&bB+(dG$>DZhqb$
zO-_s(CjdQF-upOxgGD~R(IPpA-6Nkq&s{)AJJ-SXyM?wiy(7jCw?y6`Etaj5lVjw?
zuSxQJw1v~+_Zk+ikmr|7Z&^6GBN)bSB5-<+M&8Ir<8$7{kZwDb*xg5>oZWOA+i|n9
zaNEuUfp%lYsW{uiZbh#(A=hn;SZ;reQ!fbOJ~}pU3{yjRZ7+s&f>%NX*`LO{yEuNP
zL9lLI4ikFojXt+J&|jh4eF&|SPX4IB$qNZB@>8dHHg^Y*g%)!b>_R|aZHW#L=px^Z
z>_ekyvc1+m{1y7NZ<!{^u9P=tVhLpzMg5a_o=r07L&@YZ{8$quQXooGSL`5_*|YqU
zbZj*hGQ_+3lfr}Si7m7vYEpEWVQH&`I@-QqQ@n_ROCvBmj~{iz(wVYM3XN(`v+-@<
z)0TLtb!blG`e=9pNwU)Hm?OwZqG)`93X^T^&67J?J+y}zASoe5vV&0lG!nqn5;g^p
zi<7_CBC4~^<v&As!0Zm{;YPiP`nHJoYaJ&zm)x_9AQ$SUnWUieGl+vQm#3)2FPXSl
zWbs@maR_$-!U^gR=48w1<Wi7IA~q#)kMvL5mBSn`PFX{h&`Icj+Ra#jybM=o*zmb>
zs8~WiMUR$!AfYsIPuerLOmI$4*lnjUpDp?s%q%C(xFtP*^b1J_lz6u_L=26}hHdOl
zFIa2aW8V055G6^Z!CXQ(np}V9j?jU%^bOPnWg4yo=|r}V!oYMbQ7GjCCd&OMdK4K^
ziOs32PPJ$OdB0Bbw*o#Ynvgi|hIDyUV}SsMEDF_1kj3WqeyiEz4sbYsNp-y7(l^#o
z27R|JeU5o+txyhN2P6@%4b5cL+e&9=f#MFQ<IJt#%BS%?7$Vn+^GGt!x6I4ZH8*>-
z3eAVV4ML&`$}{`dH@)FWV<qT?24BH_xkZO`6s%CV_&|St`HLF8ihQeSn<Z;E6!pv~
zFvW+~I?v+w9iPkzD@BwLJ^bVP>lKvt!-0;mGUqwTY(d}Bu$o`cAwWcVx=Dy+@#?)A
z&Q#JY1Fa$(pTRs6^j-Om>VlBgPsm|;jdfzk1G%?GBB4oO%=-ETMyXC?ESV9S#oi2o
zjV$E1U`#ZMAEX86Z*3RO-4UA4)dRrcVo%+1<tVb86iu{8sHzZK(edQ=%3|2kpNtw}
zXjdwX7_nWnL*TG|%L)<r=N#zJ??h5PLTH~yyk1b}>mcE{rcjb|=5CF6s_lnwjqUOH
z`<S_EhFrLOBg|0IyQ+cW8h9%AIp3uRrd@dGS9%avJjgLl1D*q7?hoyI25V2ijZFFB
z=+E4tMp!zl_R*@AZmjTX_gL|+2f%|X6b2*)&bhV(5@WV^TCjaf_n+OBCY%am_;+Ht
zK7;s6X}CkS&t4*La`-~l&t58bKH+3&j<L4TvNPT3QttN~w3MW<<Dd*isk5gxY0J$^
zc-_B?4#Nc^iPJOUzX7-xBT(}3_c27?Z7Ro}K*u$##hjz>TfbHECaM`zN>!%uJC;&R
zB8I8fD-Rpb6r5B%Oqa3$!kB(gXt-1**KMgJL^ob3i_+s1=)Z|*vz~dJLV*6xy+@r2
z&C-8d=j(&4kZVNiQ>djh6RhNo2N^4a8a5HnthycPznE~InwHwW-DR*3&dBpjmPw_t
z&|IDEEU+1<FNujcYBs^a&O~ovZK2iaYtJ}rufoU|7d`6NF6I+HJqZ_iJCtHkL!C8F
z6s>2U_i4cl6Om%DAsDTWuh|*SBXm9Vf90s2@He>qy#}^FrUty7wK!==(5G`6J3FM#
z%H0eowoECeHy7WWDAO<6JblN7!0&cjn4wBiQnw#6O*1)bnOL7+#8%qv2LZzVs_Kg)
zh|FJYcuN29Q1$CxZ1Aq9jgy@8#YLqPKv^%&dR?J@qPy0S|ABj8fVJ+O*a|tmdL{wR
zvM+=ZW3sl^nY7_?vAOjzdcSlLxRx!-0S4cEzBA~h5cWtmH%Q`!Jr=Es?|+;cU}vCf
zXdt`xBlP)amPac=O-cqa#SOlIuau1F2(sZ19EB)+X@R(t)b%3ie#v>BA&P#Hq>(D>
zT3D$+hYPZ;rY2J59H7gZ_+nP^$r*tZ_WIE>Cje{^nxLW993eXaQrkh;4P%u5kFs}c
z(j@G%M!Vc)+qUm=b=kIU+w8J!+qP}nw(TyRnwS$Y^PDf|eIqjS2V`EcbFaM@xT$Gd
z=aIBRU7YNsLFr5MLd@$yC@RZv1GzR%Thi1N<F(L|Bk6`M9JiuaisP0YE=i6Q_G=2_
zM0@GShkFb`Kc0y91+!t$zF40Pp4A`GKV76As;#{lIB1@iVe0L#19aYJWl$QIc$8ds
zZ0gbVnYPeAa`d0Yjma|TyvR3z94?Qould2A_W_p!QkVD!vxz;EOv;LaN*y#s8ru#!
z(uBF=o%<6IcH=ye4|x5rP4A5Q_!3M53e_=Op-e$4qJmfYRyE~aFL0Y$nk+5bXZAdQ
z?{Up;*>6PMyCx2>1_wb(OJ`E%NHEPqcGWM&Ud-@Te3X{a5h|6?WS>w-x`qyL2F?4=
z;^mXt-Vw-Zo?2Tc+VD$OEH@R2A{4nb9A>29njUyRF;Pp%lrxKGk5f-7xgyn%ra7rN
zimEp`T6FxK%SSV>?bYA2Hore)l$!66OfLDvr|>2#QMq6YmI=yTGgRNvzQ(x3)_FxF
zLEz_~;TNW3ZcX3{z(pDGW0<nIhf(g>i9aFRw-Op}<pb{k)dw4|f^Nxl|8TZW!M2wX
zaRwuV+`@21UI)F?uBg54a0@EgD6d#Pplhhfx8;hw*y-4|Y`N`cg7LFDYa;f9e`z~S
z!8(Zt5J$z6F_d?t)uP>F=Z3^x6)uwGMARpEy$K<8OK-}DXkyF}wm&k?dxY)wD@MBJ
zak!Tkgc6K9;vc<2WpDCVkr71)zNSz~zM+c_d{)4#YE<u}PP;VTS+(U#nYB$NwNSj^
z6C1T#8IkU=q1_K%lHy2qHHja_V^Nb!Pb1|4T9y20{UsNOBo;99ozy_7-=eX^)yySQ
z$u%(&vdS^|SO3WeY6n$_BC)cNPG-<rfd@_D@UOBELs7@tvQn4XHUv)H;t?+YbwyyI
z?JQphDc$G;W|JGpbTgp_*;eM#L*`wW#Cq6Mf{v|0%NL^+XtUr8vJgtr@Gm<DmQtOt
zDxcE3zcJ7qMDYz!?<+4I6)rqVgW5_}600I^NsREZm5AWj=i>R=VF~4^;$qC35@D}M
z65-@3v%cz;Vb^T4&8Fa<n$tTjl{hZN!V|b()Mv<mNew$tzMn$xwr{FmANJZS$JXPR
zDX^w4J=A(O{mJ93i|)iaQnH2JRH_pIlPg<3P&yKAI`7vq-nCi^04qn2P{N2%2A!e`
zS3ZZTlxNf$e>1kAhH*yqKerHCWC^XXoGWQgBU=|!FRA}$ZK&)d=YeX&3QJs*%)UJ{
zM};MBCetleUfHW1c=q~>XLRYepr#5g%)=ebhX-@wzlEgo9RLr$!z)9xCL8b8;a-p$
zq!T^PJ(7HL{mS$++QT&O{}8nP8!Ck{f#t6KKqa6bsKot$4VC^ABW3+3MuL=sBBg~7
zYpZkvB9X&y6&LeMMhiM=>XK%4u(IqD-ml>!64>{H-z`8e<nm)}74H9Ue3ZuV9Fw!t
z4e~>ycc$6(FtIT*sqmw+S)Q%d&(OE`A`rgSNY}?<uzD2P57^BM1=pG=koy;m?iz!c
zdFNRbnYpBcb#w6pjl8_*{u>(USDfyOBNlz!09!NwVvk8qOiDcQDn4o8NCqTih3}{C
zRuleZ-3p9XJ{jl+dgm#-WRqDlD^U&<=u|>zk@VwB*bEXV>5MB9=kuNB5?~dP9m<+d
zs?N!CV<)~Qn|CUDvQo-7n|rdpaCE5Tl!~Qk2m72{;(j|jnta>jbn7}ONRo4WhQ-(S
zVTat+Js(LXK`v*e?CK1k<px8;ou`@W&GAEX!N7mXDg`g`Vqd!xYsB`QJH4AN+^7}#
zF6O8Fj{EaeMy^rMYDP&Dr(KLpJ~K++s@uyWFV_dPW|8d`s$4H4|2IO7SQaVKpZZ~U
zOW~F?om9^f?;{^&v;T;az0e}#qx~JV+0zsFcsnh3e><!9-$#dPL~Spg@^!**TS#}l
z1^nZ#EnwcOEMZkKvSd+J%JRcGaB&m)XN_&g2lW3z*9kuh2NRLplhU6fBmSfK`~QpC
z{a?Vy+(zHQ{XZ8{S@C~tHy99tcN&bjoEN-0c5vI*gs}+4;)aAnK(7_@Fmc>YMaC+n
z0uaH%;r721NfrOXeFA;T3&+GG7n*|?0FNGQd3xRMm;U!QDu&H^@h(3og|?Fjz*{cW
zCL8F{!bSu-VnPFX5jTFgvZhXRRTj#k+Dw%2`wx=Jo0mMyrVwi2!00LfrA>^C$%$x*
zimtyu%!=lceUV6Vz<kfit&mCoguJb>A9I7;s(5~@aNted3ZP%I5mCIarSuX!T~2ef
z96ajyhg{3)rj-0niLAOu$(SP|PF&Iay~`IU@OhUgu1%4QTEk6Rjhf7)cqG6v&$R!J
zofF>e!rSo1our40cL1U^E8M}VQ2MZpgGod(F6pLEbwiN(;GgNyNZ04fuNQ7>R3NNC
z`0oecz^M1&-|rJ~;B!|1|CZ7_`lBB3(f7Tsu{9vk`z6<vTxy=h+5N65#MPtW7qz_w
zi={x(N&*7z<M0^S+Tn3dOP~>0os3nDTzC!-3EI}qBUZ`jl=!zs1!@!b^<f$Fk^zmO
zRqfS^r5k1uSFbIG-!tQvZ~rTv`o9)VpvwoD%s*Uz4cK45g#OP<#(#W&VK+MmV@Jmy
zw&(vlUQyZlQK+GOZ+Tsj(ahc(7nD}z5CSC|^uSnG5e!*C(aKp+H(SL^tF;@otigig
za4BAu!cV_i=z8CcVLAhvI1gSgcMeNWwyow#tV}6_);wprJg+%=9y(4kFL%DbzR3R;
zl#1NJFnP6(hP+|4*AeU~!06MAwoaZ1cegDD8Efqgga=k2@x<EGf`hFXdyOWkw9Sip
zoru7&)eVzI!K*`Z1XoY3m1{5Kj?_xPB>aTNDY0lyR9%!;ph^>8ltx!1-D_~vq-&Iw
z+OSub@o+K^A#7;XKK;bg7>DffnFwyoFNRyDS`6E1dDJxi*aBSVUpN2bPR3Y^S(%MY
zTEX;S77@>>u`+qOuTN$%FQGR)0yqj&V|!g$2X8tDc;##ql$aM3CbeMeH@#iCtncB=
za&!EPLnYd_Y05{Sq@{UAB=2x{T6g+~oJF;1HEAP%W?qnP%Z`g3zSSI=$tn@-nY=g7
zlYbs~08!HeI~T9XDj^)~C(_z)<DCMWOiPavjQrlto}K9dJu#Vk0xZa&Ny&h-e&pD$
zKymt!SZQl+BJ4=%=p)uxN^8XSh$Gz0#t?<0wTL^hNi;wkskL}nw#9feXE#iRHnurx
zV+1o7uj8!xyNd!0A8akVPJ)gyu6pb5u$@H@e_WbCQKI7o=Hdn-F{+dfy&394m(nt{
zNE5EoLpf;&9`e9zf_*Q-b~yxgM%A&CW^Zh4$y2;C<;mj%c+K|-zUtfoPNctJD772f
z3?;^K02C+lVGdrR03;X~3aZ6I0@5-n#;TkhG#N|7XCdXlU;-MpAA6-9aso*t1%<u>
zKb9gC%_@=&HN}AZZhpQVG(K~tcYF7Uom0$j<|)lwCdu3Q7_;W8lv4o_<PKXO*DW^7
z+LA7BIe6DdTy3=@QmLpweFpo!mfvvAjSEFrQ<cK1#2qRHJ20FVDnpYqYMi8_^(@xv
z#nnqdx~6h3Xyxozq~6sF^GTnsusQqBlMV{!qox^G=CdP+@I+FT85=Olyab+W?&~sv
z#E)z9(mPE29;KbV-=+P7+%(4&r3`n#QS|c?MQL+5GGD;Y#E?KZ#f(I(<YPFe1;P}&
zq@7aC1JrIyT$yB7zgA?5eZbz!4jvipJxZ(hvX191K_j@laUt;${A3Umy9q>MA3+dL
zLG6zj2^0pwTshC7iB=)^adi<4zX<%Z2&Q?#2U{Toh5}7TNU{*7K*k_`L#iYcpeQ?3
zPMss@|DuaKHg2C5e$<2fe54)kBDpxp&;jS}ZW|1M`yJ*9H&6GZF!R9s7_7PV2C`=f
zk1$sFuMq37f-)O}MW_vjn|adql+XZXM?ZRE0Dca&S6A+s!#YaYl{4}D0&!%-;uO`t
zB|3!L@CEqt{o6<82^V351;=af4Kl8ujnELbYxcKg^8WZ9%6)1;wEI88)^H*ly{xZ>
z#ZWdm!t3bJO6Y`b&}{-rv2{_q%zb$Iab2<wa^VjyJT4}dOGP)uO`s=x4^gSw1Se+g
z$7i}2ZWc~7_@M!o$0FiB<oVo1fnKZ>h$3(ha}K(dSzmk!ZY22cU_U1kx)EX)nC+19
zHS=<pl7c(4h$D=Zh!F)Zmc;1IgwQnGgE-N^NNB#C-CsOKf3IhoyhUnxM*!V?;JOB=
zx`<%91rj$myV(4J(xxh9$L_E49vcA*O0bNaT;!v1l*TrY5+rz5%=*{+G-r&2T|tii
zwH<C5USL50!65{sc^XoeRE90G2-DC;S93NYa{Aea?B1`h@BjHJ|5s6_A&vH9{9##9
z|MYSH7e8fNTdSX`x0Lx$^0>a$f0yE{c+LNk;g5W8TwJ%St@>-+{57EO4Oal<S@h19
zz>+ny&b63xC09+@Y;9rngzNI@fFU!czXE;84Kr`Z*XkK~aX21Na`ZT6-0*gLfz<lH
za{?yMQ+qSR-ErCM6bFE9AmvePNl}kzs06eZ#b_YwGJ}c;mc0I1N%o~*LHvn;RWl9I
zM7(H|;cDy;b=O97qD^uCQ-Lp1-E{U&XPSK_#I1MT?(gJ1V1q!Q=*Ug(QL0yL_Ogb}
z8g4G+ckr|<Nh|TVdgB1bv2pkMY}YasKxWxt#Aw|!u!#nZW1ljt)OZjmgbVmo-9(ll
z&xI=X;I?3N9lh}Dp~gj*k@TH>EZjQD3iW?L>3niQxMgtivOO%*Yggl>P0+Y#t?x0C
zcPe1}(4XCN7DdVUcBGmB*311H0bXpU2|$K%N23P6-nBui0H4mc&{GIy*(@OJHnI`R
zUHVq{7c+n|k|A(}O8$x>8W>?EJ0bSS#K8x>3h2R8DDw?-=cneVAEz?seugZ-IIB5|
zg4dpBko0x(|8n&w6Q7DxLHL|Y^C$8kODov`cPBYr98a2&gNs{@2`CmnzY|2IigFKb
zbR-t#1QRhkvG-#rS4$rJLx3MN-I+$?D{zk62vYbG%fWX%U~5O_;*KI173UcVe3oLT
zo^OF<j6@-s_#!uTh&Nx%DYMQa!es1DRlQqIq8t|qP3IN#yeWkz@EyurS3TTbhhM^T
z-X>5hT(1>@to;r7p9k@mR2sp{k5Z$L_Wxh4@ju<6pslfk;eTmA{`(9zsX==w9VLC|
zc#@}0+KH!f6YPD$=#vq4!o(89qsL;z#|El;4T@vL_l-$qO1b?8i^$yvX_RAm6|l^$
zDy3Wmw08)%R9S7gY-}wrpSxH#RamN4*=$@@cX($y-ehqhGjaO@-afnAcG^z3cHX{w
z9<pw{UYdBj9;JUdp81dqxXneUWd7c_Eqv27|C)}r<&2G7n0H@`R>iTy$m&Ts)^zdO
z@QY)&9{I7TPS{b!wHv#^gkU;+!N(bm-?`yr054IzO_zF%aq*f7yE(|gc?I&Ji1&5b
z*S#f<`&@+ttBH8ZVRt{y2_MJ4-#2yXq}*>Qd{agI)=Kwv+(&oQMDd}V`pIs()h2hi
zqbB#fzqx<@W4@ho%v<=zm#!Nz?kn+-2f!D9r~~xaGv&%=Mjk7Y3%=5mzkh3zbA5AR
zK6|F!_Za8%hUR<|Z+)XG@Fci@%eH^hPvHwclLI}OlKX`k7e*2!{j^JKl<FidtU{Fc
zhq1$Fg@}b=RwRanO6K!ItP)r$3G<WzS-Dc~aim*w^O1Fm&%YbxqE|681P+8sGcf7n
zA@2cm;t6K;44>_z#bT<+%!-)c(g`JJF6sIuS_1b-zO(r15^@hFRivxqg4o`Hjaa_3
zsv8Sy=g@5KnjkddHIPm2AeLSFJ&)3PwDWs6WRq2pK^xFr+S|==y843~c(*Ms=q{q2
zeNo%D!~K8RR&`q2xR5Al;NSYKzvOB=0#B?H;5KfLmaLv_?yxMJt1`T;<Ko%H-Fr8-
zv>oD*7X#Nfy!YbO2WamDwJp2+@NmWZTmA`wuGF?cKGO{_=sy>62-vCESUxxlgEnTF
zAc?$pTnv24_zw0A9j;`uG25;VHl#zAflEv04U4VfTag1u^DpYx7%S^@%562V38}A>
zj@Wx}k)QTycD~OmOr?mwtna|xER!6~M7+zOM7;jxSGMIRrkc1<Z+4#VS;miYl%pMm
zM<`Vj&`e@~9q)^jkR!n{n$n#WWi%M{p&GY#4q!hw3kM!Jt0o#w)K*%#lHjzI8|TUO
zp1|syDYHx^4_;9Wkm-AT>_Y%|yV&LeHn$hfphfmy{>~4z8D{2fj2E{<Ukv2Y>9W^%
zITY|BAyF81YHRyl73upH7A&COwJhCP()SSI{P|{W1Go*4w<5jGq1{>=u*Ua)J;S|S
zmCwD8X~PEh&Y=b<dc9?fs9W5Eb@o@X-KrXxzk;eBqCmd4djd;AC~I@WLTc@4RV>K4
zOUAJ6##qI~-M%J~>{&gi`UCG9n$I0g%Z}c<(!&R)#^`x^kK#uHtW%<rl72O1`aV~m
zvQBYYYCZBPt#huD^ODE^jae8L^KD7%gB_S2mV>u_Ir1q}Rj7h8YMw04gKj|($;tv@
z*^KVO;)(f#bv>wk>FB>$B#-A}@k)eu7|B61XXb{{g%z!bJ%jb);we;K(F(~Wus4bT
zvRsG8R!K%8b`X3f1#{O)v{;a0G;4;|7Sd{E%*f>q7%u_lnp!SJ2w_PVbi4w{7Q7w)
z7{O~7$s_&)d-TSlEfmJ0MXLf+;x?i?ctvP}DC8)V4=bhZ)92Eznp0>ODKJ*bm8V3t
zR3ei-Qp%GjrCl)tt6Fq>P_lHQT{3G7w_qtR@Q6}T3=oN0ES$sAsF>r_sF?$|NY-Bw
zckBYNi8&SkXtB10bfPq1;Wq&5Vmwi-;w@R6LPIrkCTH6;(tJi)tA-`HB82Djr)YO6
zD|Hz}SWmNP{fp2!pjg%{WShlvF7EBhm6x+-C30%xKD+LDw<K(j9P6Z0He6d|Jvl38
z@LSdTy>2b4>E2rZhJ;m18zK%OR22%iPGzF5`}Jj}`m*`>jyG%OwuUcXR?l=Wr!SoT
zl5(HmMZqzRS$V<d-6BEX6HZ`n**nrZ#H^?t)>cSkpHo9pB39^4O-icS9qURE?N9CA
zB#Yu{V!}zLA6`g2knX~S1Nzw)GS0Cwu*xk|8<nc*YbtHa%PWjsH@p!W;ASxPZ63j6
zU6MnQk>SgpT<)VKAp`SeXgPcdmlqM?tdoYMV`q=<lP(jS#)fgNGmR%Npg@kwSCmy$
zRTb4WHs+O96go_l)r~>)@7_$gPSyw&qgcdiCx;do%R8&<^E#P)s`Dd=*W2+i6d6&-
zAB>6`=iHUUB(LO`@2ekz13Wg_(^M)7ny}254oQL@d?WFA!mcz6Ra?Rsn1Lw6P7+Z8
z_x2(>Yq1(}L8Kybsb?I_HTGf%5sQs_g~ySd=Wbw#>1dNuS!pfYI{Yd1!2vA!X<XDb
zL^?wV5i->8$by=~i%t<BjPk_PU~c27f%GKP(oCXKjhPGv1vboN2Nk1_(6`3%j0eCL
z@)C4L(?-Vv$N3+JI(#!k;t9Ao9o0rBNjVqYahNR$<EqK5iOFo@f62o$94{5tGK)Hk
zS))z1(=qF|kWA^#-OZ(mP5UDQQ(~co&7~GlH%f~SXd<S}#;l}aEvcTOl-9SdY~dx+
z)$!n*k;rl$#_PwiAJ5<C+s5!W%|?GWAbW+e-!zeTHCGpP=T&#t=a~yi8Vf5c;vUR!
zocxAcw$UwY>=<jIbx_$uH#VrMbDiYF_3&47Hd|JAY*u0gj7~PC<OCwqyJ>M&Qdd;d
z*zQv`H0G6?8%t{cAs<c0st%!l;Ten=<16SIzRIe~`vno>!$vSUQ&HMF7~UlyqO7XB
zUwR%99DBO$f@#BwO&;L9fuFUK$^JzTBK4q-4<9_jr{pl^f@|&JcWeojbug|_6f#ln
zF%4qOk~A0Fc_tBTv`^ryj;OApF=wEpzoKK}7wZ-rK?4-LV|H@HqRY8p&go36+(esH
zv0_Jc)H(6e@hk>WOc082NDocI#%?pPNqwl>{Y^0T2|K&;%FoZ%GS+^pDAc+H1NNu~
z{mog6x}hcs?u$wF4YHICLou>zcLFbP^#aqs3|+D@&{gQ;le7s@azb)hED}D76Fg}?
zF7kMBuF-SEPd5Ylf#~u9NxbGKMHESl+CTvrWHhpL$j4#c9+Ch{UyIvvj!;nt!sT33
zamR6K5Yh3rHXOeZOT?yx{GsDRtTA;B6L~4v^-iMjE;rQG$dhPqtAsDndU8Ghd|mXC
z_tz8Cd-O=h1fR^Fz5;%26MG8+{biVe=GquPV9N!E^=VK}gpw<I&SXnc|IuX&`R-Kz
zS)q2)F^Av5L#F2)m7+_`z6Yjg=g;4|&kAl3jGYLlV;cb;NisOS`CnuWR2zqHaZ&bn
zF!MO8W^|VT{IbShn2o>Jlp=Auy=0C%ObKZlFedlDy;}oBA3o4h9-P1_qxnO$ZeV@K
zCYZ2$IF5W!H9X+B07d9<5Fx!vcYoT@F)uyue-+ba*_r7oU7ilTdf|#{e2GiBdO9I6
zPwK;rJ4%gYQjfQF%^s%dP6OUjNxkfNYkHO$5~fXH^gBrpw9$Uxg%qs&l%7A%ye4gb
zI%7KFl6`BHNj?^1aymoOa<B9SL&~xtqBS4b)?W(?evqv|XRoO4xb;~X9?&ve&9NA3
zFZb;!*AtM%p_JL*czJl-6D!(;?m)KrWjKG|?b#N(U=N(zjoW0^opS00UKVR-op<pz
zEs=Chz{ers5=ofaWLVnp0!Iqh20|Y^_wIjB;f!*A0joH|=(*Hj78bWp{05|mw_{A;
z^5wlHo6n#ILokZM3pA&nF{-z~DE8c$M3N7?Z%T?F>J<~C9awT;`_){quE!X)hotqS
z3_K8!&3%p*LDc^34n=)ruqZ>1di<S!CjWYB4|+;L^oZhdD!D2yd%*J#3U0o^EjD{V
z^(+x}{tt#_&?98T0rG$Vr!dcUs^%^37pjTt(S>;5*j|DM%ygLRABNDj&o>Vnggpvv
zH#39>p;M;7v&<Q?ZPLV}i!cGBG@MCf2u58Y^<cBc(kuKy;J7G8qcx%qPXyJc3upt<
zXrf4?Xr1G$cc}VP%~X+{<4~`pf;*Vxc~^PC8hsXTc-lwr<70@^VtfOxPq7od#%M2e
zV%}Whog&c`2ekWu6VYr>0-*a%5XjgQJdEJYI8QtF$IbT;e%Y}<==Uv{Z}gaN9g!cZ
zksp6VzIceg|Hgf%zwCvyhVk^1{eu-9B#-=PF(vHz<{rgoi2G^N@_Tj+30_V|MeRV*
zA)R7?wh9E%&jk9e8EZYAE{T>}!bkXS=H?=t;&xv!UjK0V#L=OFbAyB6WdX&Z<ph8}
z(<<+I$jUQn*AeQ9i_{s2rtR}}?GJhg50Dv?_)B29P!-gsxEe(UeoFPDJ0U%1j2Tlv
zhDaf8Gl{Qq1_q+M5J&_w5#*B!?nRhQ%Uu$+dr;UR(&C0|2(6F=a;Fi>@&_})Dkh$d
zDm&EirG*WR(^SfBmdfAHRifkyQwo(ZLFgO%;2c)Lyw$?FUoecqz5TNi`07&cy$t2;
zR#?q2HW5h*Otm_mXB?j6^2en&o~kd!IvEELtI~b=Q|=p`#SgYp>EiOW{f?@O523D9
z+^E&-qZ^>`(F*>tm6=b1I;2QSEv@W@F($2XLmlWz-mB?nD*Abf6wLQh@BFT*N5dWG
zw34rGK-%#LenU_sFuJTo+KC1=eH%Ds8FO3Vp3vMMtIZKA3e#=1OFcEgI0dik>{<Ss
zJUpv1I+kz8K@?yRsyd92Bb1a0+#vUNZJAOoQVD#!ua|A02sF0J$-p0JU+$)#hBR_b
z0yIbhK0J{Y=bo!pYb{E7+`3g}tpdcQVIxTEA4bU;jZ|%Ji`uLv5+5%Tt<js7>^?B;
zDT|C^%$}VyeaaBot_#1)g!4etP&3X3rj+Ci<t(JZlNzO>qMi!IVvZrTTU?h=^p!AA
z_pELvz$!38bn%2F?P$g#oLUVl7>(xNoO%?jR{mmIVUt4<#1VqkxIPIrJd-{Aoypmd
z+R<+^${4#vZm5=fjAQDU1F9o&8u{#giJvIHB-7d4%-yL6oNCqV5ZN=)4u^2ZkrfWt
z&Oq&P^GijYVZm`%Cx;X!#udl4diWRy@q|<{Le(Ld=VN*9Vo|9YVaFQf?ng2TUAz%w
zvOUFBi*O?nGOzp-m|?V2XF-cTaR3vvG>DpEB58n{C+Hg9=g3f(vnadctt|ZtdZsAU
zYj~fzW8D<;ium+QvoU$Y&{MojkpbH_jRu8<3OR>wqjh7cbu5gv^}rfNUyLn*usgE(
zxTe%8ed?^MTz=;WsLx-P@eng*9$~RJT;ykntU_?`hIq@U0<ZPe+Te$kgpb5YHo7=m
zy)_wa7rvPKPq*<xOWy85*+SkwQ9R7r(DvsD`_X%?{Fx3h{5VY*lfTg|>BA$A`L)QM
zbZlYTw=tZ6Ol)Q$?!aUD|MC1B64IvC<2m2>dq*n{@k+OXveo&CmeQ2DeRo7QN{ad;
z)3s;gHKO<Y=5T8;kI0$Bpy%V&e0d*m%Co8wcesKX#97wAQ66ZFRvxRxTqex@A~VJd
zjeF7SPVf!pr7@<?Ibw#IQ(_7kLLp~7{^$(7;^&4Au?rF^n(SSC&IHQ1e)bkr_e$v1
z3Jr4A(fnPUXl$j(wdz^^*5`mrm68KEXK=W(20Njr-PH6LAZIx6r8f4e>4A=OgU%YA
zsF)?o+qCw`Obak`3sU3K3G=-6aEV25Dn;xwPUiqT69{(s=!Slp8K?#i>Peg0ek(R6
zb(d6Q*VFoePS2P-$OmJuAme~c22$<yTXm&j*R#^d0cx!L52Ij;pSM{f5vm~RkKi3V
zVL>dEl18X;cx<^j>ZP9L@`qa|C`;ADsM|t(-_Y#~%-}VT_}H1$#)&5NM3*2H9v*wj
zG#zottMN!uDQ1^iJ`Qj7pCZzTy2||A-he@dzJ&i&FC|ZT27Ou=@p?q?nNT#BFU@1s
z>86zkc_<$-<x+U7v=@CyJEr*gl$c@wMuCfd_<EE;6NKcVb*X}Du5cG@);Zp0`Sn27
zxwe~B7yL{q#GStfujo3+Yu!JBZF&4*2n%{1`51&na!Tc^0{L@BtOC3e_j5;&z^fxQ
zb$@e{KxKOlW1-cmb}6Du8ErDeXW$(0A2+}WnFp3@aUY3(2rn3H`4`BMBs^yTRGW$x
zs=B?h(U3CY$daRn7Ak3I#mStlPnEibPx<&Ep97?KKx-S@oh#Z?QR@v&+G{#b$!fUI
zTNz`|hg8=hJ^OiueR7G0uAPjA4qUAZ(l;IRd9XnlwuM^~h-!r-d898C^B?3^5}JDB
zHIXSFV7jlnKS1Q)N_fKYSA#l9(cf><PePlWHtg=(EBdOwz|x<TTIblKD!#$u=NW3b
zUpT^>y7}EvMduyMrorN!a3ywZ4XJ%#b1Uw?6_*d(pO<8<tsfqK#txe_4Xc>!_zPJl
z2LBEMrQp@1Y#Gz48N2I}Fn3lZB5kdpf9`u_+O^km6SnU1wn!Fnwq=q5wS-B>sxec0
zp2bv4f!E+_me>EaXZ^2{uBZ1rIQ-8z*W!nS%Km@6XA`uwwzD#JQ_;6_HvaEn+LDU4
zBeF7vk4(Ht0-&*|C`oT9ztnu56$NS#oa%?kOcNwWqm*XfJSM&>lYV(=!--k*M!M}*
zz|2`-+>7}%Zr}L`|0=t9V%5D)HeJ}o%>17HlKJ4neY0Zn{rWyN^Xs?{bC`ig{!j#z
zSZ&#k+5cDal8LZ=3wYd+weYoBD>i?jeP=o7b=j3SY<n;S@cJ~dCfZbcuW*+|ibAmQ
zq3&p+W#ag8a)N_afda#&K)IEYM49ynZArcJL~^vD3N@zR?X*XgnDg21$kUDC>bUYY
z6ON*c=!$B|dFwUZP+9yDLA@f4Sm1$n^*GC>ELwA3#^!Nu%%uwVf=>O_;&nE7kZb4!
zIkbO|jS5?J<MrM8iIxg|&YX7iBQen~9s!U|8ff5{UgTT_Fg?_~0n<Klb+7u6#tc@@
zB>pRt;b(M^MlpWXDR+zpm!Xv%&FYkpnHKs_mjIbC)>Ah=P`anH%?V48KTAPlrpmoN
z%G6Mq*Y|b_{`19pV%G|DcIq>>2k(P;Hr5lJ8D|^r1<ZJoB^ujBd){}v43$!@f!<il
z6-7u>(yqkBPL@R)_QqSvpKAv^R!zIV3uCZ<PoY>QbxwqHSTMm2liKAIM2J*v+8oX4
z3@uiQ-~c;{Mr43Bk{(1DUAUXO696jhdvvPS+}$^n9NiqgjixAH<TD4&Pz>2ohupbQ
zQctzNDR>4&<+%l91`a5e??}RB`&6=c9cF~@l+w}#CE`rIhHyWt2<-Ms1D4qqE4O6`
z6R=btFaR`?Dp0`8ch~vO@W!4-!En>8x`EMeMUR!`Vbo>*Q6s9JFO{0suwV2)_|6yb
zmwn`W5b;a&-)rqou8$Rm0_@~3GO?X~x*=sdT(OT|cUdKN>3~yQ9g#@DIzlgI=ajM@
z(hVR9ow5oC6nPAvu$#BgdubutObpP3>Y8kqxZujT1QK||5L%Q?Fum8ML*Ny{zxfJ}
zaKnr~e&+5q+t?tE$-A;QNd4ON7l|1HCi;E=NR6~BgyGuoce|-qdEPQB&t{~Y{diOi
zw`kkhG4^#5?k71YtFAtuZ29C3VJpN{*?0SRuWf3U(uHLpXm@|&KDjRO<v>knC8_BP
zLusJyzrmI7kF-s}#)SF?8hZ9CLhgc-nb_VFu>+3ev7J72ylv3W5=?%a1tFfknNrYr
z9sfrY7{bkd7?Up0yP`g>pbz?WIL9f<-m$bbH3HV!5abB{Z`3NF_w&|f_?O20ktVd;
zAvqcp=;o(jv;cY*@LNxsRX^Y0Bp|9wt&Cfoekc2s53F;%#}m-l<0^kV171_^Q>sHP
zu1^jvJ+b}+y8U=`H8^N1lb#W6eM4|=x~P~n`41~2_^AcQ;1VDUodd_MfyT%GrOyAa
zBEwU{`#TBZ*Dq-J|GRPhe}vK|rFeQJsA7)z+HU;VgD*Qsv@j((BdeR|0l6Y#{0Npb
z)8o2rM~fOyVa%~5B+?T}f*g8wZYHg#rAri1*s@?6ckOyR8PnR`b6)=IdK>8Zc;zN1
zHy>^f^Zk))y?35)oN&yzXD2+~`)2dN>#=?*haIu&_+jwKhso{>aquXIG2x)QWxjz<
zlu+Mda;t~U>>F`pBe5%o-Lcc&a`?Qt`yoDa6C>0Vnor+r=_06&d1(;zag#Ije&qAT
zzeVzeyX)x1y7TLyKIHSIzg6-DzmfXUJWK!!PS*UcH1Sc^gMF|B9+;E_woIFWtTgn|
z*8B5N-wS^H0F0fsgRnaIQQT{C+ydInpo_3N?j^5>{jdSNk+y@l+V@f2D|7q;>cZGV
zUz_m;;`e6~AL`P$o1`}8jo9yV5+52z?@MTx;GqOKB$XGLee$EN7x9=LG@3~ljeYpT
zn8QaoS{J)?64W4VQLddlnb9twhPR#b9A|tOdAf7$PvWKY;B{e&Ny*4#NM|#ux>>M*
zj-~#fbvsSXk_C1w$BYnQ?F7bT;m!!(UCT7cyE}C43_i7w;2lg5$bnhz$Q8`rq>v%c
zZwxO5b>E%%>+cmCNM3d57M8v*$Wk&cWbhyBAXN@z2z_v(E0fYGo4lb(zFs&K0c>2Z
zB8H|F3r4P~WU-J5bXL)m8cG<syK?!&)cp{umI~4rjuWd~8vr(4OvsC9#J|oyge&7p
z)oQ+8;Xb9ZCJpoQk3}Y<lX->A=rEg&XL$!=!VG^4*9@TX9y}EWR4ye?E9PCsh!I(;
z^nrzAs8()5R$11K&%~{{vGDDs$Y}+mDupzHjO^Hc>?gdYsDEfy!t!g^o>K6nqVr>@
z(W_Q>!B!f1&rp&=Sw()3)qmL*(ds_`6_TN4zi|s_`*4Qdab!G~jw}1Egr`Of(CNl{
z^(Rx$K567=Of2b?f=m>H)D5Ue+M^yz7L^`yyKp5{O<XZQL@bq-o4veu;@Otg4p3Gj
z7?0q>&9UqB6;b82E{j5RR>PMMEE7%W7zk?&B$Jz#zi80$jv(H)kCJ}-Q(5Q_3femk
zp+@Rd3_PErI`T(n;L8p-xMEURr*7-#P9~g3$!B}r8BJngokkZ4&Rq*da<MNVOFIcI
z*!wIG*I$OSZ$USBmpSDyb7EYnBRZNCc!#;U4yTQYBy`O=*;b#uGp_|MBuLb=WaJ&^
ztfEgG+xUM-8|Y~aT-1b}8E)YerCFr|a3|u2gFRuSXxr1*57MOOI*;vStr)OnNyqH_
z^|md9A<Txx`z6<dQ+E<($4X(!`K#==kD7v7Gu#m&t_R+6PY1#sK8F2v_VqzlbTJD(
zDY8$a<YU>&xo0Zi$vKRl)|9-7P_L?FFBr~oUvYhIdZ}LpIlfMNb8b%@K8E~y_HDs!
zzIHsBb_+MzP8@bB9d|NkyqQH8C);f4F8v04m-xoGn;v&+JpB7#{(^k>^5VV{;JFY)
z`#`AFlc<5K#nVtG^Cv6Qm?y(XCL4zuvrJ$m>nAtST&OKKSm~{e)`uB0PoO1N(QK$S
zH(ctijnzjOvrXV7chS77JvZR!af~{I9x+THCKu3*%;rcAek%?wMi-3OxW0^dl;T`$
zpHk2B3FjS_UF8P^)EU+IrKu`Ev}cz33$rHW7%B{;PRXMv*;$ieWAEaLD^e~Wi;O7B
z@WLL+8O#AWlwuB8<$A^DASvlL83u{D4s9}Csv7F=tXOfSbg*r)p3vot9J9%+sqsqN
zA%Eto%kZ*d6Si8OEf~>h4JD;RP6167nn*axIVPECFc+jP;mm7QwTU>YIaVEWPCcb#
z1K2EV<~J+bgdHo6S*Nbjxd5&f*YlfIZK94f$2?P?=@0;T3%q&mN_U}$(qqOU1q?6D
z_-$EPnSB1v;yakgl2buQJObR3$SAki#W?K0@VkTtV7f$r@GSa-ro`4q6bUR*xpT|*
zz+p#<3(f$`!&bz^ggP(K{7)1rlgQkAoMG3gSU3%f{-ELno_ZY)H66)$fIrneQAjbg
z#npx#*XKiQgcX+XFK$6&`)s0)zaCnHv~FlE`$$pkkzBXjoOk}=opE1FrJ}HSc~L2`
zBT`<WJeU9zDxOHurA^5@#H8eyd0kBP;f2<b`!mY4+~Hm|nu-~Nee*;ycQlp~M)74T
z9r7C0%7g?|+gMw9uL`e>eH8ZsgRV~TJCiq;p|X42@P$L#a9D?Sg90msOhQvCR>_im
z8V=37tb3KAjl-*O*HKr>={QH!lQAyTlL=SqZPFVREduRun=^T<xMG6}t<qJpuJD&p
z;c%X{YBO=oIeK(za3eWJl7VnshcJVZO9d^eoq|^#_nQ58BO&`AJ2saIydfPr7D3$8
z11Bl15dY{REJyi}HzzaK0w9}7|1b`-0bm-Urri+(&P{}5eaJ0H$+Cf)B06o6tYyKi
z`b;Vw8RPU^V(C55r+4x5s|LV6(bJ{lVh+6meYcSJ3)9mo^`dNz!p#S^=xO8)GbkQI
z`CY7hh-l;wbpf!;Xowb#?P%Ap_Ln@8m0KLqSE^}r<Qw`w*Yc%>XzidsVB+q_DdPW}
zA0lM#Vs2#opQOzq6>CLgRTLjO_cfyiD1V}|#-^q!NCHi20~S40BogNgJtQIn%}uN2
z+OztMH7ktQZTc_JZ?I<OxH9I?b17e?l9TJ;*xw6~S1ApqGhHVfH>NK&J>Rd$z0zt#
z`>8Rz(V@2XY~h|_VHhL8zS=1E_&bnp1p9=^LNvrvq?ka|AFqf#T~q|r2C0HxGdVFF
z^6YPZJ7bWej-785aV$Wx82Lk1*KzTbM~*NL;a7`BO?eg@?U&^&3#EXg;tCDrrLys2
zi={)41(u`6I!mP|FF{wO6&D4VJ+J|$&370-q54S#t>y~Ofm#DKkLo7HxvY2%MscR{
z)pUzw<&oVRT>aTC)^r$ji*`>?_065KRkDF0A%(Jvj&j?MQ_f&zVn@QJIffU^XQV$R
zZxY%on~Qw$ef>(88q%%`V+p@dO1n!Kwaz)lFU>s$SgazrR^=X3=we<_mh1}j7Msri
z^J>kssyoCgX0O8-CNsx4MKh05b$~QyFTJ`8Nku+C7+N!v5<Y`D8;<mDgWJiNCv=Bo
zE^2)weB?};T#CFvXCPxp**d~KN3Dcgm<-@-$yY>P#z>rylx9sOX&_$7)qZFoP$fUI
zJSdyfM1Z(km@_1c6@%7S?WiQ}K;^v?Uq361%sG<J9$f0Ge(F1Y6xANF7N(l(Sgn%j
zw^+*Fv7QBH5jNq#q`HOp86Z8g=ryN2S{U9omlgA{&#pA9b+O2t^QAVHw#w#crP<*k
ze10cvivvmeeRck6aEzLKBPHhLLvOp1V>o&btE0U}LM9BbuYT@Ezj`Os>{`!xzliC-
zgd5eu-V`(J-eu$}{ZBK5|N8~D?uXBR{H+Gjou;%yfRh%j+!aPqVIui*E(U^C1o|2v
z(D9R*7j!=a>fF5niaD|uh5jI!Mu~C{n9yJMZdW#LwU_9Uv6+}AK)g2U>4J|TuD*&0
zEowep_2HINgdq}7zQgo(+J8(l6f#E&gGQ3Q2tFl$bcx6Y-2ImB0`nA{MBpK%nnzA8
zm}s#_^&)ml`F$M@A!1nuVpjlyfPu?-S|0LeE&y+dPxT4fOT0xaiIgywaChm^Q!C3o
zX3VWNs@D=`B%p_oeMzJ=%5E2-zwZ%)=x&!V-#XM)kh#mYU&u_L79NqS75(VniOvDs
z3h&I*j{fVKW@My}nW2;a?C^T)Dmk*3I(7;-*Wor1lNw>kC!Yx-ak?O=B}N~z#3m<L
zJrL&1*)epxdLI>lvua;;vFk6ilV_3-dUwCGkh@#fEJq68yyOVA6e8Q9{lXv^w@q+8
zCds9AJ+)#pdfu+(KIlKmJLnf!{hf2PoAi)hgWLL<2JIhQWZP~WJk@=GIgT2-mT#c{
ztSw1Gn!^h)zkcE2{@*yz2ulgO{0u4n$Kh*9719f33G>@`&5$g?FAx^8QVTIC_)_2(
zqrhLaP(o0oTu6T)6t)cUdZUJpYZ;1N{wj)n^|B`aCS{a7ov6Qr7(hwQYP8MSPZkx;
z%LU8J%j*`FS1;R>HUjbUf31Cc$a=gVraX7vuPw7*M+6~$N#!T79PTwc(ez#!tdS*i
z0d%gFYX9K6>W6@{xrArkP_=4u-^kn5faAV|rM#nh$qJIK1I*m`hUob9T)}0A@W9|L
zM*C#IuCRjjYScIf$9TZt!#c8{@Rk{X-&t^a`N3jBr$oVq4gJRn!FE({L0}E-GJ^5<
zYyC%94x!CM_C&GhWlP-@E<e;RaS&&bfjy{x)Pl0g+_c#<p-1ZcZyb5k4_G?AGl8}A
z<!<6b6I43#cje(Z)UQFoNSnp`Df@5f!7F#ce^V!F27`2=!EMW5qvXD5QEj2Sb`)-9
zIJbvvStdt3p?pL!(kWm;Ga~=hv(&Z5i3R4zVKL){1IT`-B~<`dfCN>UP-v;4hDwve
zTnn)J7t8m!Sx@Q-k;-FQTLJb1A(Q6Z4D|`fYN4k14B3@ZD5O&T#JmY~bTQzBu%J~*
zC++frW>6M1%cFz<of=x%>oXIQz;|-FbXFv`OqgB9&+BRg`eCBE#-J~eawJB{2*oEk
z6kGO^zo+NTx(KZh!!e*WG|wYn4g3Uel|%yk?Cztx&Hxz#R<R5J#_B5Tt(*xqu^0;G
z(dy_lC)xG$QXtEoR^^}NU?X4yD(-1(B%qQjN?bS8)mp;;Y<QOdCY_33eg|y>hM&j;
zFi<WqRr+nZuIvBS&6^DZmQzJ@N`AwJI>U32ZA$X7>Izztm@$#N^#1iIAe_ZwMIVX^
zp2hN4X(lrpyd22*mLy~EUcFh+v*?ec*H^6zuU=YK3?ogTCPoV-kMwxw7VUm&zFFmI
zyhunHP(vn}yewIa*X*>58(L%~Q%tk>dO;V>h!Rsa?4-d<VU(>@O(xZ*&``4mJvZj*
zpmplU91-oVRDhxoW8ViCRg_`C+N)$h7ma}<AnxJC`~HA)9<g#gTJv8_1!6`?%os^5
zbJhA9F~TAswtQYU8q8cYONBltvJZe3at&i2hb(yT3}dKv)inzp)&xGD>*N3ZTr_(E
z*<$a#1gA071N9Zu`sI+dn>)>5#bVOJY8P?g9MOVp6iY$t$HJ25Y~@8e4B=&{FSIQA
z&ZD1;2q~iZMq;Drm^x?DpNRbX{Y;>i&SH{TPFFYiH@Fe<r>px$5j}AUSOx}#v3aYW
zU7~$u!w)ZG%vPnadp&e9;=_K_+F69b%2iOb`xIV7x{(DBa2zPKFn+!qO!hmNbGomJ
z6YanXSF%<~l*PhnF)xUrY$uBL3;=d>@%jgb{}G;ZU+=ELqrAxQPq#qos_c1LK6&9k
zz7gTpR5_>4l!VHQTTxu!{t!^SBs7D#Xx;;2xN{@r`rFENA@<KesQB40dd{!#7-uj4
zo;#&`j(ffla4i`Mp1bjigPT{SK3*p;GO3iM28q*GD!K)ZL9vmP+EB}3dCD2s)(dYN
zg1JFYsG_q&0&>EZ8>fXaVVf)zukpK!nFaA8r!2tuY}yzs6zr@yfsJ0aS7KNcr*T;B
z8>h{pIRZ=&H>dG}UX}wz3S?y|as*{^s2bK_|25`(hC2lf?n&mTum1%?P;foYA*!l|
zGiO+*fhR^!wnv`KK+xYol{<XdGG((s8Deu3uJrq8a@qJaQHskQ-0Z}`>M{4kj@`@g
z@g(CDnsT~|vNE++J>#kU^Kh`E&F6nqWSK87PfO1-cC#P4lY-ym_r(?sTvkF@Q)KEU
zZKNDnLoiIu@TC71S-E;nNJzYrmpq5DGk0Eu&@GK!6l4CZ<4FFBI;t{I@e?T^Pe=^^
zj8-7VYdp4gmFtya3@{~NMhGW4#<uhvG*h7ZvYR-&S2PFUu*Nfcn;2M=tfIt-wCb)*
z5GAJU43u<{Cu|y#rySJ`x8^2s)ta?LA5E<Bmt#t=FXDy{wVFGuzf>TWi2RH<6R9-{
zr|MH)jG6wdV#Q!1DvtA|dVM%&RHzF1;BsUL3jAbR?5DJusW?kxs{Z}SOo(XvMRJkz
znn>07heLGQq*5;cR_a2q?`R}Cw)z)5E7*QRAi*2zf!i0xj;!Gr7WbbuwnKTa82<YX
zGPa)ld|8vTu;uo^t8D$Zq7gd*RtTFLz!{H8rF1Iz41IK|SX`!3HZ77O{sFch8W}U7
zXC}a2(vAs@0RAs@IR+wzg0NwtY<4ukmzz$!EM6Lc2;_dY?!*O?PeuUX3!>4#D;Ibt
zK+N;+&U|g=il5!B2W94_(}F#w%B^N~P?V#6c43)5sUo@fgI9(L?LlZp8f7}z0DfRW
zL~V$;KUXO-8`GXGLqP_~9ruMsxLdKb79S8APt+bK=o{rKK+sRK{_btWGfQWMj(ua#
zLbA?&qT)qjo)pc3ZT^YDY97`sQNuVNl29{H*-Ee^FdcIyh+#lx7+uM2w^1lJ?IU}d
z>%u#Pu@?DyU0d#1;E&p_rKm^UzA|1=Ggv^^IPq-w5^xRY_Jxh8NCx|Ci(Vu9>?fFK
zEZHHtDM<S)xJ08AHthpNW97BkVvz$P`0YQ82#-)<-^{Hi5|RDi!@HCy`|6o~C-Pyc
z>?k^hf}MV#+rvZLV9>}zv3+h>M3uGUYFPPJ7)kc=o|R_fe=iilwQ`tt|0M#gl)$uZ
zv*!Laz=^d<rVNCB4W6GWB{{a;DCOuRpWK`j!D&Rbi7ELJ3t0IHaOK_zG~42Xm*kE6
zVxVS?mOWh^xfdV{T8!Kb%^H-X1oUc>&VIbx#e+z?>N(X(vX7iNJL|RH#ynj+HyIYX
zJ+&}i5G5Mo1&^IDMb^S<O!h(IiJ&ek5tEC^bIRnwyt=c}?6=v0#{?d6r%xTI*T!?J
ziL|Nl4<O{n&6hf=Pe~N(=O;zg`fnK;un7804yM!vM=1v`)S_J!)}<>RTQ^T}h1=><
zOl|xDe(UI$@eh*X-&A6U;AAKly-kpXlGn>C45e-j6ps%K9GNE}={#T$hxL75wSv13
zTcvz472JS}!gqJ=JF<Lm-90oYxt&pgx#L`8DOjilYX@DEv`*F<qT9Z0rwMWEI65^$
zQ~`j1l!2-Pu-lZvy{HCA%6kFnAq{3eRK6v3xIwf+3`r%4l%~d&d^EC@iZ;{<5#m}s
zLIf^lMd7l)I~1&&t5h4IOBPjlhAsUP{~=~l^-pYsF*bQJHiPJvBAL4Iy?KYMqrJjK
z@s4(GrjBy=_E6rNo3q4EL25v;Wd&H34<Tp-&o$y4oM|mzb}ErhnM^{fcLUPe1w7<i
z-iXKJV|etng}vWOk>7qKS5%^51*2yh0saGW9Dls5qlr|bC9QB)gNukkV-M0NYqLS$
z{JBQ9oOfsJZS=q0Kdvxl(l7f!-)Tnv=-010qH(abnva-@vbMTyO}hmVX_I^#@SE-9
zNl~fb2wOyR8ep58lxoKAIeQ)&*VIFlSO<+zBapKnZo@@Bwh#3s!ewR)89-qx75nlf
z*7h4Xqlas~$EjZ2wp&<a=`<CCm^ulI;|#1}(aKTwt78oPYX22L2}hrXAz76wRl%6G
ztjAMz6w~jlCV`%pM#mrcA~mconsRUY0dAE)QI}TTOWTOZbtcg`N5(Csx<{ZLK<q@D
zebA6{=FusWQ53Um-$J85qvaQMdA5gRugY||pR7zqD38P&p9TeKy-#zp2YYisr8QM=
z=?1^TkR9;wg{w6|J2^(#gtamj-x~Hl`V@I`%w9RNVh18RbuqffCU2#D7iK=vM;l3-
z|7ExVpA;RB2&RSGvNz?Ac$MnWlDPB_88&y)=UcU>?W5v&2kO0xKk*xP_3}Zgf!n2M
zM$w8t<&}GZcJ$HRL~WKT$FvwMi+*iodUCu2_iUhnt_|6dOTM2d`|Qnt%LI02{Jhr+
zd|h7S@{u%VdLOrjW-%bq<IPMoEyy@d`UTc@B(n$`2ZvB6`k}vCPOTptc&jh378kEQ
zBH~J>van;0@5OGe3!bqZAM!f%;uJ_rs-w>DS&z8sfOCBU|L)xm;!oh`Vi?<*ey23V
zEziPRES$Kals@r|C{M?Vp6J$Or%gXw5%x~fHCon{;WnF5x=*k3wFSpND`Qc0=X)8?
z$24;Czf?V!-{m<Qz8O0fZ{paA4c(nJErxW0*-(<+enYst0kTXRj5Sf7x-klG0Q4kN
zcA#wItDF;1Hz36`;Y@LQdu)%U4HOo7WrCBns==rRJINT8{C&;VCAwhadpw5Xit{Ux
z=FfWU5+?(m8MY)(`6g@`#!2}W%DT7%x=2E9CWLNU;jd}l{|`>8UD^I)@uSf}{1H$7
zpF4H_;3PLgW4r%K#`y1jZc_Y}?Ytbya1Qj34!ni%a%zQ9H_xg9xgd=>qTMPi9BXUv
zbqX3#IjUh5@y}F0pJr~bM)IQ|@}yZ>mCa-yV*1a^^N%uebKvvo{ayA~Me7u!A2pNK
zl)w;+%pT_mY~nnHBgK6NFl|7%R*F$B{e*cX!|kVP^ObdYw<W{mBIka=Y)8MvMTckf
zr#PT}m@~j(r%}o_fKZ)k1ydozC1O#LWq~RC<pn#qfjS80Eqx1RtKCkj4IW-`JNt}D
z$+CH2Sy&eE0<(pDRlR2Cyn?JE$zGLfJo423PsRGeapBax*joN1O<{6A`Xp7wQ(I&7
zF&nd*dfjIM87lZ~ezam#VLM_=4ZDxGNx>Rhr_!ZbiN{z6a|TWgX2Ca%$k%J+noHVn
zBN2Ig=(>|=h{}PTcpx)eT&iqVUh1GY91NxG#(uk?d(9d%T0(XYO>kdF-b6Wg={uWU
zaPK!B*OAkM*=`VGN--Oe$DaWUMw*!ahqQN$uJq5=wJX+&?TVd>jf!pCwp~FbE4FQ;
zVpnY2woyqX6`$3;yZ1i*AMY4%@6(^MzUTVQIiHF9ejb-62+3KFJvCtC5ubkvC5pUn
zr8-$<eV(<YrcIjfq&~9JC|3K1KabSYrI_$FkhB!D^*hFuaRv)JiV<{!K$JNlIEN%n
zQ-nJA*FCOXutmOmxQ0Ml@)27ii?<{0ECj7}l1Ld=?L+(oiB2hU8UacPg}A|aoJ0xP
zm^;_O051~LF7oIqg2y*28M3?|qo&yr+ka+^KgZ_n=PRX4`3C)pY{l67ZTZb0o<P)a
zP|%mt+5Mij-*`C`%w`RxT%=wyiew1dnO{^q2kF~aFQ0(MiO`XQ1`KdqV&m7cU3&IU
zJd*qTUK^!9#q0$K099hpSZ@{Me-*@P@1CfA0pa@!!k7Es-bWC#b9DXd*|+LHj9wAe
z?Xe@Ewy&ue7Hh&tVY>o?ETK$LlgmaMK{E<7k4<^FH<~|mOqAdmIB%wV68>?wSMF9q
z%tGB08{Djq8^c-Y*MfrIpl3p1XnAJQg_OnMf1(zt=?+j};-1hl7Ag#4-qW?>iC`>a
z00vO*j?QV<X3>j{6njxb*aX@6)5oW#WLb5`SM9Zqk-jj(>iw#>!l3mQbFLiNOt5#Z
ztoou}RBn+<pq1$qJYIZ>#M&5*lS1Oa9Gp<j4ZKOyLj&Aq8HJyoDGRkWbQ+>1jI4^;
zPdP2$EP>&qAc%(;8EB0#jQQG?8)gDFM^)|PzubABbh;u|%I<2n?WeH=mq+b7SVP2=
zlKMM7`&80cq>lFy%D+i{{mt#NQS}UUQIGF5WGfSaIhx1ih6kMJ4lz?~pcC7b>~E%p
zw?{dboCUO399>rEV4wrH`w1tfJ)bO3ggKkUJbB@P>`^<E5EvVCj`$uJ8;eX4%uxGy
z^=XPs<-0^BI6SY;6?1u_Q4tG{#OQ!axqA{1oaYY_OuPq@I*Vm0ED!t|fS(T_&E`JJ
z$k0I`R@Y=SZm7P@fEZ4JVmErNnTD&5Kyu1K<7>eDZ`b!45#<n1l|xGAi*2#c@+U$8
zw<P=Ipy>2YVSPQ`fy?h0RPXqr87#COda28=%VJe9nN+&BYvkJeE3s%^@|tFCH>p`A
zz8oJpjv3zq<ew#RkbE@6)YELy(4t?g78O{nV5@(g8(xoC_JZN5WdsWG@CAQ2wfZf>
zb)e#DDghoO113a0TfgM!aF>5;SCbDsS0X4>$vH>P=x4*8+eU$N_}rKRTPm36#;zH^
z`2aRXyLXBxx@DhlfT}0v@r+QAsfeqd=~)#s%#qK28^_7UGCuPN%U9Cs^~{v3EI&;>
zjxD)|nXKGHm~?VUkJ28NTKfj?eXa$K>AB>TbyG>ZL$1Zp<rd*h*q5HyZ-Ls|CZ0O|
zY!R?R)hK8nG3+z2{WNI_8bRE4<{p7mTV)_1LF+u9{!4sgC3LA)64aE}hx=c>D0?@%
zzbWIJnaUac!{9YrRZj)q4C9+VT0$H>!@yjM^=W7`A{>fNnR=dB#Me47RRL?A?vz^e
z6nl5p4*U|&{p(uRt&=EMf-h%LP&BOG%LpIAAEJI+o0Dk5io=oo*UQ|X#eZ&#>1+S4
zKbSpgzVV{iCHt+3q6j64T!FYWTME16SJFyx!>braOkZM&C2#XFh?{PWgt{1|>oA6$
z(FoI0DjtjahMhKI_k{?Mp$ZPQnn)cxYisPwo+>Kwz4W7C2gKb}JRIOeS$>W$WY(&)
zmzQR)={9v1tVW(i^n$!#Xe);5t<QfE=!$Q$Z=$y9*Ip>=SC<X4GhA0th!{BiimA+~
ztoWJ1soIca;Gs(<Xr(@$QQf{)aoy2mX<5M#N2?7=)Fmz&>li0ve}uf<@9568X9-XJ
zzFJ^jbNl^K%liqet-@1-#;SzO3^s3nI0`y~cQyAuuRq4TB&B$AZc86Fx8G}L)v9UD
zB+>!UJV@TvktNd}MpJTqpmK``IQ1KPrvuTv)XF^<BUiOo*Wx;PpHnli2LKM7rWN%4
zrx0-Rnm{4jO%@74?Pzaj$;B&(il+8I?RM>~I&N>^R3i$}Quf1yUt+$?J~v^QfrY58
z%-DL&{#qc7HT|j0>Fd*by$~-?)?CEgW~g>qz)|c&=#i%fT~r)opM~05udtJFs!E4B
zUNYxP5s>MtyFlw)Xb7nVRoGg-gT_eP8Wa_T?@1M-fZ-b<0QL6E9CjJAGo%GGtIrC`
zMA;w5Pu5j%gSVn#hzY|NIE@MT{DtX{V7q=^Vcm1p6d21B44YZF|6#`2gmyEBm8IDO
z`*|8m)3CiG23Ne*oX#u)0g@gH0c;R@D6Voz8&z`Bk6%g0wA<PZyeNWB^FhnhCR>MU
zS;eZpQ1?3o8iAn4$!<N~GC-t#b^ZC5&iA)To)=L|e=ux_m-PkvU2po#b@6+Oy;%lP
zGC__!Sx;&zzsXNxSNg;F`ZuY<opqnSByWn_*kjjWu?0;o1QrX|VlcuO+9rOor8cCb
z>2*iN_FM{JH%QfIk^O<a`pJk3mg=Z@+483<wiJC7IaW!sh(Q1=o@jzOdAMF993OX3
zMW`EUaevrz>==y~7gdv$JcNF(WH61j#C!e$#q@jU4|MZn*!l$C(MH=$&Q<-USKpkN
zKKf;5wOFs{H~KqV0PY7T`7vw}-f<T6WV&>?NOt3D5=~6P5$u>zO*c;z3Z}ET7hP#w
zi*t<E2!R=xGtI~^kVFv3re2tF`s7eEaPJSg{y|P5f6Mh1fDn9}H0Ju`%E#3>a)H12
zg;-da=SgDo7c7ON<fP`wJ$_1K^7#%CkEC7ceRA66-P*0qy<;L)+W14md}v|Y`_&1f
ze)!JTl7asM)LcJGz_F=sro6|=D>h5__`7$n{mNYsZb4=P;8?Fq^bZBIJgyk;p&b%L
z`ja7wVUYi*j}W%3w|>d{Uu0ByGgIH%KteCNpb+)%YXgZnxf$77{Wa(R(|dpt<UIf>
zErXEsQ9v{oWZhJOqKpDl;9Oq@Sr+QN#ueERf6I7|C~Z(OJ(Kg5!1EIkJoC9KY!ku8
zUjGDV1MBw1M2!FY^E*Tj7EueTVR1BXEB>B-*h}ycLNeWBg5q_}HF{7Nk#wJLmGhJN
zFRRa&KFlL44LIkbrZ0W84!JxKoXSwUUR8E@aAXPbQCX6#?9>H);l9)tOk<)s;`@DO
zvscIABT2j)taI?CcCj-kL#Cm@R-8nUUyQLjIdR4Ze$#qYsKvNtNU!S%D)eYD)xDnh
zhJJ9_X0*@}-kxTio^OoO^v_J3z-D68DOg_1qg!Rod7<us8FlzL_97vr9c1UMh<2&J
z!=+3kxy^gb3PDVwAoF?#tMxUE|3o$_)!w5^MtIR!Qy=uc&2>U4u;%t-u-iKxu1@W6
zd7qP5bU#htec8sxt}2-7&i^?3{GmuM(oDKE&|Y_o>DreE<W8BKYXf49Ptkv}(>0Q_
zH8`ZseGR0+uhLP-v9E&MR^$~BsntWfm<W=G<7)>#{pt)kkFuuFHdOsGOKQ(_i?$z7
zm;zz&%UtVOeboPj^ItQTUn6TtB?t-f|CRR7-;r?n*D-Rovfkfh2KZanr;8&nUO%aR
z?rOwa2{=J8WP*+!E#XUw>sfEirWXNjnz>8QeGGgbfI*W3sSHr>Z(b@VQ{5bXo8o@V
zNpE}qy$|0*i=~^ytTE^dHLb^$R$1qz)GH%geb@9hxV^e=hraa^566cZxfOq31>1N=
z30lrs!7jPBLWSOPGHz;d;X&b9jV?yzV8IXmRRW*<_SG??+E4gaWg#_K${?hkpX*e*
zfvP=&4pHz7?&p^%>AOzNMhRLHS*W=!MRy?8rX;#~2E&JDR`~2i3_C5rQ&(!BjtFfj
zBh+JKB{t}5M)VR1LX03@I?ZR4<7CeT@~Vy4D8<c-Q{C3}aOe^$!AjNH`)=&U1nIIu
z=v2j(HPWh&Y4&9$q2%ooB2BYUPD}dR$kZoR6mu2Qm<WP9d0Q$jpYfcPRDFXWMlR~S
zsU<Vys=Hke&mJW|S6F0L_-`hBV{j=h;H64`IDn}Qa}NfJ7JzJFvQYa559Nv1Cx)V2
z5^RZ0f^_luw9#iMz9IBxH9kT*ujFcg>}#-#WB8s&5@UU!zvXtVUrMjV|84F3_qAjN
z_S*$eL_h>h{Qm#!82{(M|1Yz?LG^Xzb#)9qaFbPW=0G6IV*=aHAVj74`vk{oCpiT6
zofY7KoHnfv44H-|o>a+|iNW*CkCVp4Q@VWC5|xrmAHkB`nNxxKI7H7LzTZMTIyyeN
z4G%o$wjgI;{}1#Yy#-QOW0I)U8zo2+$p}pVSxBr{kr=($XJe9Jg+G62x)~%;dZZz9
zN&5RW#Hwy@+^(j?nSw)6GiZmm4@IaQr-5N|sIjE2flyce^aa#=E?}s<KTA*C2AS!>
z9$A2D@t7(!*G#KQwC(EkX6s7U6~^WDHJ}8%=<dp$eVb?w32D)kaWsK&LY%vTfg*`Z
zi_VlZYi(QIrDLovM00w8JBni_wyjDZE$A~9&``Jve)Z7qJlsxF&#vZVnewuqUQu7#
z2!0n+yhzJx!H;gC2bsY>mRixNWL{E;%RUyJAr*Q=vq;!na?wuVu4Pn4*d%pALqDKx
z7WX8hFv816qgQvCQb@8su{NJBvLYLk!A{VYr`rB=a&A3I$%T3#v---iy|W?>8>LCV
zqP||lOqY2cF;TVztBW1(=>}J^F_V(v%g)i$4Wy(w3=voh<0tyhoq9i#xz9N?mZV-G
z<;>Ql^*rja)|c?et^E_JUtc}~cWWTU<p%4u>PwC^<;+|+w$6g8D#b+_%r<#V;yaaE
z#%!hbL#fV)LwWgR`WQNCcQH4TZXgv-RrRzNNV`D#vuNNoIiUT(6)Vd~H#rZwz+eVn
z3LzmWVO$E-3P_+GoXU<j*Z5L|-E*Y$ijZ&+koL!pO^&NXA6si4fjRF+r9nxCyF}&{
zg9U}b2mxmaK?9;+td{Sh9@sAm{KSA&1lEgoE4&o4`M~-#J9H?*)503rwIAB5231%F
z7W|}?)y_XeB*;_fF`UOE@k8#_Inu{VTjpX_PHm06{G!`Cj5CTfz*P9l7ZV||t4#<*
zx;eJgmg3=E)XOD#xQ6%kN+lkAWq?hUaTh`BIk$NTK~xsFC++ILUm16b-LJt@?UOmz
zeM>kK)1%2t>l0POX{T|4iOOdjKi(h(LkP$J0O{h*BXW^D2*<iR3pd@vURn3~zirAB
zgN+T@JtxBo_l&!Scsk?@V!g{&1Fu?6rAp$pKSA$>qU0pbhAwx0-XYS5aX_~JwAGWz
zmXLDWocbEI2hPSwoaay<{w~q?z6J&z<o{XoLNG{^Pt=lpLzG-d1O5Axao#+y*9Bpk
zweZ*nknZJ5+2|%WA1e;kBalAdUvi5NTFFspa8xkNE6N1?jUWgnR>z5a!z+bZN}YIh
zA<^<6?jt|FkFA2h+18L2D=J)0^s!V#0*97pr^3_frVd5I0PxExO=A}?6z6GN47FIW
zb>F&xaS6}s3}+}uXH=z+RW|unT9_c+ApA_Dz&qJdW{CHSp7zbB>%6{jPW-0?{y_EP
zEtnmAi$D<o^>GwwhCqZ70htf0q7f}NVhBA^rS7ZkSCkA-qmPA$kDa|t2eId}0)dLM
zSlY9~2+&WW3XUMA4|-47E;2|ymzW2Vt%0UD*+_o{KC;5nlb9D*D!yuhJ?}`v_!1te
zo7jV=@RXNTh8>=t2<RB{OtHBxMuiZXunq5lVI4bCo)S28M7z)=VT5~w2D6VFYW|ry
zP$1X#q{$DMf6bJyaG&qwK$$Wg)G^`s_q!#3(M3yE?v?NRisDBXLR#=SFXtyFvU=x|
zC$ncoM%Zo_LuS3HUFK!VjS3N8y5|i9C^sfm;I!>f@;2PLn{Ta;cKLU9f#K|w1;V#;
zcyl1(SYxxK93|xM-46qn)L2jf3<g7c9R7gdZ##jcMf+4F8YVSnsQ!T|>0?p58w#!m
zzmh^#cJYX4a82#aJ^6OM_h^YEuIO3E2pN?b>SZbGhG(LKwZO;<%?Oz9v$_QLUG&wH
zsVSBRvnsRj_k5kdQEWi5qT)G-ygU4UB$Zjvwfu3BgkQdapW}T#fzR=fNL}Fm=4J+n
z-X+B-&*wDfK%ya{XhRxoqK975mfHc{wDk!m?_PA@nOc4no8#E741OqC5}HH`NYv39
zhG5mRN9g{F^8I}Pb&-ywQ#-nplJ}iw)jU1Gj_p&VQD|J>wQ;PywyQ<F!~B-Pl83-w
zy0JpZN|HZ8WsEy$Bkq4u-TwDKNX6CJ%HHB1CpKzw4j}nD{%Lo<{qoF4E5ft5xD;r|
zJuZ9DnGLU1z7@Eb{d0T;3T@!fLj$il3v1M{68S)k;4DKXBMO>iT*YU#TBE=LgMuth
z_w0cOQnO*>BmV8!J5Z~(>(=1o^_idtTtM0oClxWuP^!NJy1@Ep!O|le2EdY<_PD+t
zwEC))Qpr<e<!R6l10H_Ku46AlWeK0<t!bUcYre&i?fvfFMnWf~w4<p9{lZ*6G0{`D
zQlXO!PDU{vk6(RRe}A26mYD()g=4;iDRC&@CN!b<G)29T9{qjpHP1>HYbwBW-mGSS
zlo@!cD%ZUxkT(mscwMVG9ygzN&YtXP$!a%V<QuW3XAM}GfJiyMgc(d_7>2KbKXD#z
z)G_}`DrowA7bAIQCiQ4K-{etbU`y5nK0dY0@^cSt2kD#)Jaxl6+mZF{6SxwKMh4PZ
zfN3#!-=0gNn0I9j`pD+j@SBAFS&Hk*7^bEa6}Xk)lC!&AW2hJnvq{_4UP6PVs?C0a
zj(heWdRaZMmEpZ(<JB2G=>iMq)!GaIrX_c}IfN&x)+sA>mvvSy@KRO?H+GKA6odHl
zl#D4=hqcZz$vsGUO6EYdsdYmva4K&?sg0hDo)8VfdveOUoPkhHj4)aM>;tu9d0(>H
z`|Ya<68p=1R81~Y_3}yv{CFj7I(zRN*9vf#^l$tx6j$!2{?5DYEz-yv95_?ABD{SL
zH9P%MJ3e7AN?Cg^Z2pIBwA(Wm(<p+@=t2?Ko|d{jINPJ{pY;3FQK+MD<(&g(Q8D>5
z-=OwNb1ou{9yECi606;RBm#L{3nCk~dYR30N$0+^Pjr9E3&Tl??->J=EsV5sWv04?
z_8Y+1=NrxYaf@G|qku{`P$;7<tzstdf#k86F^7fVt^ENZ66?f5sBqqGVu^gKkYgyX
z)ij)@&cVQ&Dl<IidKx0ib4vxp&0G-?9{g4rPW7crVffMTqOwJDGC=2`L#U>OIfT~}
z#>1*RbbQ4W^YQd4sw4DIRtIet?0H4}E%Z8DNW(;SAA9pPy=#GA1gBGue^6DajvK`M
zeT3s9))o@G)lHUcnI;5lTCuft>L9^OYCt%_QMpXc5)SK^n_a|9*IftFvOm=^#>FRN
zq7pUu*4dgHBO%(+rY?HLB`*1jiL0|FV|jdQL<zg!?mf#CgW>tdkx)jAtq|q+QVAe4
zi|rF@MIsm(drii>_d*9sKO>GU!b2%TMbB57hAUUaifF0s>JVzVj#Wjd_B%53UC(v@
zYuwfXrYisKqgNIb8ovJ9aa-Kh!N?U94ip`%>|Os=PVFC}xS7E#%)pY=PlroBizU{R
zhj7{?B$he!Wec>*#GIpJn+w0i&*c`UgHoHp!~dp<+t3V0aR6o{bDo{<GBuI&`;pk7
z3(Pad4H=2Z(~<dlCqI;hXm!E_S>a}(H|V<<@GM8R$g6*51@`4N3x-*tU}wfMU9=<9
z4mifUhz?N6mmLV*)si?N+X|;)MXz9tUDuVt#~zK~j;HC@FLTAX0lUr#>$#y$$!3#8
zRPfe){Dt+lFd#&yzM)tOL4l4gO~w}MVO7=}&x09$dAlqNn2%?&BSIFFscZmm6|j27
zFOSXcI>95IM)UeG&J)X!PCk$Xwna}$Wp|3OFX+uCJXqc(0ypdEiCNQrEA^v^ytPdD
zu#+p;Zr#;IVZu}jEX^2tzI|LV*?!=A1%K=tBM@H<ws+eS2)>V0K6}PUiXUDXhJT~L
zexUij$~xzrS<pf~i?EQPvuvnA?N^cqnXCSV4pP(y$lKVF3gLvUlCFs8CYu;#^G1K5
zZ~ja5CE}OU9elC^S(~-GXR_22H#PdF%i|epNd1}RrHvyBd%XglsqOAwk4Pn)Xmh1U
z|GzjfDq_%`gM;p*-a&U#|GpFBKTYVR?A;wqK!E&ngjcPh<A}eA`yNAYQ~aC9J!!=>
zzmbF@+-_A#m;{Of5oZ|;RfnZ{A4L~$X--;SB4uH-X@AC<Zg&pLGH~l8c}~V#2A`U`
z2sdr2k#*w!r{9%LuBUBiXvwzLD98wj7ioU>B+GyLY1;qkeSG!p-2eR#Q2<1lC{w`n
z_-;}J5?@u1BI-cDa~cAu7^a^<I*3c{?*x~rX9#xUi3&2+j>-#5h+yeL0ao_~RvJnT
zy3?5OrX1F;1hQ%>IjV=mNED5H8B;M(zA1~qzfI$NYYn10m`YTBPgUa!aY=Zwf|{1x
zvQWDia!I(QgYT-?u>se%FHdu-R%SM%&j6pTgECnS!;Uf*5I9^@XZ8={17;g&vqfH|
z9kzmRs^w5D(+(WMbGQF0@oAKrdFc8ksMH&;oYJ9ZqCP9jz%Z5m(8#QDgOSQ2ZZuTO
z@T98)XunG#i^HK?eQH(WV7W8jVE+YWGZoHTqcnl%-dthW>x6KthLA952A`P3HfhCP
zUFz`D?2Q$iRKv}*b#(otf=uq6r`mS?S-Xud9x8CgsM4}c0@D5E<Tr0)G)GiTlHI(M
zrAu;r!4af;6}sc2GNZ*>qon3Qr;zp>yInuSXmxFyEk+6;wZ_1bjfB6&(0oHA6Vij7
zEwMy}mR`l;d%aVk@5pe=Bpeal;T^_u_ZEwHG6rlK9k>W$M{_!zBX1Yhkridx0KG|y
zjncK%j)N|8s)V%IvaVC6%Fh}mW&Pg@I}foDfWa#DWHOhZxYU7DRq3oL@K=!hbthTM
zHO8N7uh*DNoZE8F!Ixh?vDvrZ6;~b5;y2ex>J&5}+LA%_I~CPc9?Ajj8org4xxo@b
zP2YJ{G@4pW6sFM6oiC+s3ebp%0KVe^YZdxYJ3r5y=XT=h4=m%J2|#Vn+@OI>=OTa(
zdpdYs(bupS+XUn`n1#EH7ZzK9tD=Q(h}(nTpnh2YA%e#AHRwma5wR!7c$Msry~X3#
zbVyShQD=Aw4_an_#Sk?4Z5Lb%%-zSvo7zvs`xYV;SZ$LfWv-(i!4qU4v)FC)VJoIN
z_E8N~B2aS_>c776LBzfVe!aj;(C^PgyAs@CC_l0T&Xt0vEf6;)!xOBSejdVGX!<=G
zgT*pt){usYb8qt#pR<W!ax?zWW^oO#p}hPHXJg07vs%hZ=WbDFeW@7oFLN4i<jEFQ
z{_TEytES5#&SSQY2;F3g1wTGF`ecE49=Cf>Yg3+d`PoaGa_fpONxur487{XvcC%+K
z>jqjol4Ip{2CLc<rtBOK>spZPScvqwN2V4R#$Zd9eIEX7&~~-jQ@jM*icvza`Ze3~
z=)=BdD9_XpG5@rjoyZ<txEUBQ^)_bV=Hu6fd04nP;4c-Q8&;V=xR#N|xLU!`e}{cg
z49;E5ln0xiQq}oJO=gwh@VwblJ@rm}H5xa_!*AF8$6)=z>a<Jvo~LGXLDt)Jg-n8q
zYCe&kR=lQox7L9}ZTh}bkB979D1zs;yT5km3>$7^0Q(fFOB3eLKH;8Hr#Kg#Ay;kg
zKA6BDH^S5<goBXo{fhlA&Mz#%LE=0$Tt_<leR@Zf+!{i8&%IH86d(M(=#=>u?^2&i
zf~NU|_Ut3cVvn0wZ!+*|@r@&!0TO}-R?->kfnLO@KY+S8>DZmAjI6{1tNjgjM>xA2
z5s2?{;DxUvpOB%wsQXNGJSC)ec`Jv{`a1Y}LL{U{Ad0RlAl~ieCND4{74(H)G-XK*
zgib{1D@LS@9dV5UZ+pkXU^^pzGAmc~<jyDsQhHhQYJ8wZx{n>-X?zex+TRAN&NKmc
zKB>k$l0=!TL@;0UaJiF+LCg<01T7!F6_qf3KZVvXx2XwkV~y&t`ojoq1DX3<cNcR!
zy#^9E(o2BO3HTYy`14K9RYPx;wp3ISS*#G#7NHYJ!v9BrhaZW5;EirYe%a^V5b9?_
zsYcC%x}zQ`TTv*Zi9|rx8Jw6#M$GBJ@w2EVa<|6d33RVV?56XFiH768RE<I3FooLo
zkqcCAnP69BcDUraP?H43^||CpJdv9HLs_a*;=(E_eo?iz4^&6VLCNcOLFnPkJCXpm
zn>^<6k9RSRV50J!qewV4(AiNX=0!5rLwHm18f*UZr;onwr`ZuL*Sv1541#W&LmW|}
zO-;jy9P?SMTA0X*WKsz8eXwr>0+6W$7OnL`5>6>Zf<OdMg6kcrSH$VP+#<oAyM-HY
zkTMr(P-@ws*=)E*@RY_^+$EQjgYlVcz%IXR7;-xNBk5?=nJLot_`RYTipE{)0&_{k
zO_>v=Oi$sQY$``=d+sXXeVG)cB(JwvN9rxf+KUC{oKtfesa;kt9OVeq9CB?dsb^f@
z_axr&kK;}ZzmvZdT}FJcNhhEW<sOhnxZuBCbV)dyfu^9&s+LCff9WkJ{X@c5<jZ<W
z(*|niVuZAVBC4WnxKcjKNJ(_#-z03cT4YkL%sX(x6u!ZrZ~HD_6MsdQV!KsB7fian
zXv7efQT9ydcA3ihaG1(keS5hc{_=@c6P6@w^pmmBK)fUND2j4g0ux~naiS339NHB#
zB!W$w8imfpF%C<Fm5r7Ct+bjPuP*DoGryjPr(NQDrq%c5#(VWm=DEt|F~UVgbuR{o
zat;q!-u@kf1)KJ}v|jYcRGdzkqmr?i(i3*}mIl3&w@%wQ3q@wS4QeMHk7c>i<?=H(
zAefw63^{_&I%vZfCuT62;T_0{r08h-vjlZ&m|=XyWF<N~>}XuadT`YB@U%vKaDi=c
zYG57e1U99h%Y7q)2l8zRSffURSDP}CQFxU=qlL%~JiXh+6<*zpu;y;ps+37HN{eRr
zlG_lh0kB=2)HUe-dc@Nosp&(;<2hB$zf#^EI2bYOtC%0uW}>lxx#>q^La4vpnE6Fy
zh=S+D1n$vn!dQNYNt}FQ+%q5)5X<=5Y8E^*UOSWB1GIK*QP|)bvq(E-WUp*&m)-8W
zE#_mD6FEG%tL9UK*8-9hGe~MI`9I^G-qob7W3?<6j55vT``xmOo*JMObwl^J>QHH+
zt-7YN0j=0&SPNHExgdEz7sB|l0WG1Ab_V&LM-%WfnLd-3mE%~$%d$i9edm9vcI|fL
z=Z-(K0@?Ukre;3JK>D#sB$O+}b@esmz9Q26E;XV`C@*)qCg~imFEsXv8REnIokfm7
zu8x-022@4g*Dh?OpFxd^UnHw?s^{x#52{q%WUv3(c;3#n5^XLg_Umc0P+>^WH~8QU
z@Z)&Ae2+FLBQM)NTtYRy3>7ss91oRVtJXKj@s5oI&CegJmoE{;4z<88SVvAcym4c~
zk>xjGR|AfN0#hG@cp45mDG}vRaBD}cp(jeu<<h>DXuwwPO*dcgJz^ll?7qp@gdtvV
z??=IZ{c>@X{R;R1J)$$vBa--kdPL6uUxS+B|9(s@o6S{+q@O+MIEy*UU}@peP~ih@
zEsKi7yX3~TQ|LF{{_&WIeV705$26e`zia%}U@9wz_4p%`)uO%ooBtb<A<n*0Fe(Bm
zkubQFkuoU@&JfBRt$j#7DHbVf)gFfkHD@<hsl~5VF`(6^`?%HB&0IzNgXbzs<f7~1
zelq4&O%a1WP3dw)PI8V5;uWs_w`7fa`=deVmI|$5$2N<OeLx^wgRyrapi8r}Cr@^r
z4q7D9UOj3s`Zwv~ZGl+4`X-}OWsjc9YYh~p!(tUnV-li+0ZU7hej@|0SyR_w|I5>s
zkaLcW`dILt%Wz#Y4u?r-{pwzZ(yyUu3~rt2c0ES?E6>-~PlUa*(Z@L_C&8vYS}fz0
zNr*i2?t`oxqiWgw+`xR$yXs4yOxX1-(JQaOF~SL-oXBbju>jbLt1{BRiX4LXJ74_y
zEFYGo)A76L37Se;{Zc5z<pHR}VlH>9-2U+kJ~TK6h!DoaCM%%IT(OIEW!*|8%gdu0
zWz`xB15o*RJ78xMHo@V|oJlZpV&=EMTxJF2R<ji@TPS?QeXsPkT~FzyDLF_@VFh6S
zHsQXNv?#qNFw2bHV)lcOerWI4BXeMF%w<~t!{>eS9kt{dK_t~Ol`q-1-LPKn-X>UG
zyi%|Zp;<&8B4ZS21tp$8^SdRk^wLhaGAXaHpqi3N6aA)%!*+Qbg5~~1vHXX=v`Ud)
z!96?NvsE;u%60y?AP3$j2<x-bo8(JT7WS3mi$4F)>m)5-5++H5smOE5+JXk6uA~;3
z`Z|K;!()`sv+HxI8555aw=i{!uWI6d%+#F!GMv>`@QQ#Mn1$JM*cMU~_<HNdH>WG5
zjNYiy*s8D?w#IOWr_@0qlSto9eosIl>a&$4UaLTHzXbPl7}k$nIIvOFj6D50sK+Ww
zBNQi|hfFx?TY4-?p~04(D2p%bp7`7C{U~7O58~Op9;6^yBbkNoC&`4LH2DyJ-GM{J
zLVR)py|FdW0F3|Neq&M~NggW`D^~?$Ycms97jowR>KbMzZOZ>$X??!NRtKw06IBTk
zHJ^Aycm_ws#2A(`8Y&uxu`|=2$}Hp3zJXWfM#&fE3)3yxZQn_?!X5<9muL%jjq)(#
zk&<;*i>asVSnh`0?(UCIhM1LJ0Hfwl=o$!V{p{#>&mZmKQ0S3>exHqO4_}3Fzd@$?
zi(mX*4xywgE+O?DM%&*ec#Zj)%UA)M$vLWzI7eetE9&kzQEuG~I71n8=sHS2D1u5m
z4-?EgPkA>scLNvBRjtbOa9IL+tvz#Km-L8$L2Mow-)8E(a(O%Y)I0ab)Gb3JeC&uC
z?NWURBWiRzX3sn3;?I;S=?E~Vekk{m^+kG<?nv`tOozMG>4u}XkWuLQkZmS)Ni?^`
zDDrMZQ>TU$bwcLcoFxmYCAsFdw&$5V{9@UNQdQP%*7X`vTzM$$K}9Z7PmVe0s6t(+
zMx1tfQ}oW3%Xfck4zCY^ufTF1(V@;WHy-Unq-VuIF0`)<(4}9|G-~x512R{=<sMHD
zg+EYUvu^OH@mXi0!v>wSt-8N<g&EON#Vqx}B}njJF-EW73vS|2p88(XovF|%8%I8h
zuH5X^0#pu%wvYSp?oBiavZ9MFe-APD2WqwZQ0j@O)1NhvjpiAE^?MIUwTA=vi^`X_
z0@Sui?jqE2qh@@<Y~x0al1ydB4>*BNa{b&%%6)iR=RbXav!~r+t$yDIyBPoU`2)d`
z2%TmJuHFeAy-9&dKd+3tDV8bB?I?h7PJ9&Uf=>1Uu^3={Cc2ld+~f+DI8ZDDEKlmj
z_z`a0$)}vb9;ZcVX6i(vuQ%knQAL;5yV~md{A+;OS@16gr^Y{0TmQ!L=6}R8%RgDR
z1C8@hhCh552pC{g>BFdl!e(F&zOsqS$jU-Undl(m=>M_z*-WBX?(lArxGDTY=o=W0
z9R4M$>$eE*F;P-U0gm&jo4NZDXG257<J<7@mroqE@x4q~^)pVakzyNjbr|p4OLbKy
zAx8IM>oO_l)J|16N9UohVZ@nTH!-&P6C&Lf0>^|((S)>sejN~P%>Bl@1lxN8BJF3*
zQ2nBMJO#L}I(<I9IviS*=QV?uepjQ43Q<;WpZ%bjaM*`Y^%sx2zKr~;z49hZd~9|5
zEIY{CZ2MI5qjmmBf4#A7KL28j!)7ywfuTI72`QxbwYWp|Ce1OZ=B5=*VbI1{j{&2w
zZ}O|u`i4AK@p;^}q(qsYJ&fwObLUSSqC46_K{-{|*w$U(l;*f(H)@%uOS$kZg^2q!
zBA?8~$V?J(nFoWYVoNjOxVzt}E1oc6s~sT}gjf<F>a)q`$od#H2#?yKINr(jQa*TQ
zL*wk-UMT#b+9&_`Zak_r#4VFn|9oG7N(vQhJ)J&OpN3D$Iy$Pu+s5e`uV_S>C}K%?
z=8FYRKY;KSU98#~N}A0};}1KP^f;4F*_$6*)H@e2`TaJG*PuL`nOHOLymVg9v`yF3
zm%R8ib<mRQkbLvIII@=XA+lky!pv5DiBZ&6{{cjGxKl#3Vo58UERaoCT!6$j!J{>W
z<|hpPbJ)V@C&OywxF^K4K3DJ+F<M%q_E*GH&XJI;Um8W>?5=(CR{IAqm#D6G2wrwn
z1@go3aO_DnhQL<WX{O8@4YF+Ec?THU^~*|G85|nj$j0-u$P71#yH*UlYyknKnE2d(
zt$o<;cide6W0qO}$@2E!S?>0!=GR6lgZ(?p#3Mrg6PMZf{xtuzA4@pbbLo({nf!B6
zi2N-0Cm>u9jX0|7SpxU?8#UtJd3JX{Vr^jk2hZwt84^ehP-(5oJp?rwX|eA=(lwdt
zMwnWMH@$`*8&{SAtkHU1!;f|pLHrt)J{rF-Bs$5K(7)q}T*cfMb&WG=@bor!PR8jy
zt_K+vk?_}Hy6cd7_USNMiQ{+mZ`u)!SZ32UcuUYiGika_qxZItC!-a$ZQgv3ne^FM
zMQuJJ)M!qsW_w)Yvs`C<<iXJEaR0gPQcU){f2qc?F~guRI5ZgBU96|c^K%aBxo|lF
zm3^po`-6BpjbE%S43Dsb3ulooR>D5TO|S;tM|nY!&p<Si>x903#iSxt=y=kY0xrCq
zAb`NhK)j-k?1@nVwqgl*+}f3(Z=rHR*lkx}njaMr0(QWFp~zlmy33P-8xg9M$@3W-
zfkPd~KD*u!VDoYOROwjobJPdGsel=4v;hYxlp#!G4Kir;Aw8<j;?nbzBahYAHOy!|
z^>1gERgS#2qE(|?Fpl&Hsh~2#Es_4+9SdB%9<E&xB$7I``E7Cp(ct<f+a6w}8MP*%
zobn9{Ag&@mhlq0@SEBs(N&N|OpRgJLnB|q=VA3~AGo?!yb$~2HMLcFoL0cLDoup`N
zeLoZ+b#a8ud-?RV9pEHe6fit8KqIT#P4WUg7^d<TL0>mTP%E;=wA$;5H18S6yl*C(
zEy<^1O`bhW?sS@CM0@yU(8hVPi$7uYylWyVDZY2m(+zIksgBVE+G4+OewZqT`3C)8
zadstp+;Ruuy!#)8X10IgtfR1?2nx-m9dnz-JrQAHq+zf=LhxWF6L{#tOslPVPKd}|
z*_SyNM00kT4@o-`x4a;hQ-fg&zYP63DMbE;v43A+i!vBja+$@=+MUkIdYMWbdJR@(
zND&J*fswcG4c5?_Z^G!ky}<m#B+$q)cHIROpX+|$l;C&x#$IOz-aLZh^JWh#@m<V{
zB)}Q~@mNH*=m%V#qiH@Q1YQ8wu>fR<r(u`1%V_T^TlG?`YmN-|*Nz6_=c?&ydbmsh
zy=A;HH=MRakf1^Xzh;}cZMeFI3G;fT9y2X)Pd@X-ZvIF<w195C>XA=JTbbYb5?%(%
z#U|+{&ap4&rVR~w(8XAfF?oMrQV|rNWjR6d*{+6c0jWh~%uIk=A6&t+=~phT^ctDH
zYaTkN&{%<2b8eL_e~rqYaTVD{LpCkK<4w6%4$iZ-<4L)Mo;$ULTXb9Jk%k^C!x<rQ
z$O`}oU_i9g4k+?Ptf>mL;V{)rI37nqnP|QVP8)=vUou=VZwRRHodFLKf~tJt1?)xU
zo%vB&Qx&pnyTlVD7#LaPHW&U@Ym`l%M}P)a$ty?vs0)d;fW+eG?cx5DM-$Bx;`pNH
zre`?TAY72K^D~}S9ZpkR5&b3z=tTKBJhpa8mGUmI%Fgc(5$brr6Yj4ZGhHB{$^HQ}
zHVA0-(Z2z$|NYb<o|_Ar>jL7yAA-@C4~kESQr@WZ8Fdw#T0H9v#x&gRDu8enIEu7J
zb+Tp=Wo2M;<_W4b$WGBH!(=uGO~(wPmJc%gyyzRQ{nD*y$iCCvp3#=<8SC}4O$|$w
z5-SprJ^lq~9ts^c3lPxb{}Isa{{!@Y)y>uPNyUvLVx6Cj1NGwushOeo5qc%5C98IO
zTTb2Q<Qq1t8yX-5Ber{CWZ9tq7Mk;;EWUuN6Tz-tT&1(Rd^;9Ap1At44RV|G3~NFK
z7zx0jKZ@4{yiiKd`pga_gqs0pMXpkkJh3CbveGYiyv7l)1}cWu%(zROcfBPLMGxHa
zXtnk--OG9_3tE(=e8E-WHXN~kX6R+oPt93D@R7^kx+# (o4d<>w&jaIQx_b~1G
z1Z}f^7rf@`g#!DFull9J?oPmir*EnAa?IQiCc}rJM!R|ZXY(dvqm9GkbB$}!x5W#1
z37BFxGy%%aS}KfXV~I|xCEGSMhaRLR*UM^G<!7R5LVE<ip3S&MdWv<~9XN-=U)_<S
zkKy=sCqZqfxEDa4)hwl&PO}mAS4Hl<kSN_m2yYECNHv>r7hS<PeIJdJm~9rNW<{aJ
zJ|=Pc14Y(4<6SUHTzCsDd~KyL&|W$~p+=JlD3KcZs>3zAcIXHEO?PNA!YhqpnoGA8
zDP;3~xDx;V(r*hZv#WG))(U;^N@+k`SBu9wGL<J8Aa>@IC2yJka3V%qb=MWRMP>F@
z`dE%|cVC`<zgQ<sVvVS!)$W25EzhJC8=oJ^x44E~d!}J3FiZWN*&AsV565LB(N2tG
zFxrH)V3&td0ggVs@*6a7V6P+J*Aab5P>CUJS%hb9Eg1h6U<_ID_VodBnT5;TqLmNO
zcW8tMC5t=H?9KxxR~OIz9lx$fYeN>jstApBXc){2;kd|585pQ@d%|%waG24rhhcJh
z9~tff_^ZeX_>M=2Er{Ux|A=6Ye-Nzt_Xg#AiH;WaxEdqqzC`BBh;irO!XIHK6m9aP
zn*fFR%N2VNzpM?A{t+Ml&2Qn~_@&`Psb9@z-JW=w@&NTF1^xYBA#ZT#AWr&iktnZ_
z_rQoU(jtev&=DxHaG{Y~IjIIi6{#m{HLdO-zFE?dAoJy4rY!0CWD7Jwu1ImD;6CfO
zbyXU$V%(+P(_Ao{YJ3M8;*_^`t-$lTk$8A*l9_g*ac!*c&qW{6q%AUNFbDLm-T0Ac
z@Yf`LJ}{$*lgspIn@4LtlAErk)3LhZY_(k>ddzg!v6|jGaphlj`n~S0!=*jRPqi!3
zhs-PN%)l`yv6nH5y$5-r*pc%yg|R(Q!RIAY_}b|UIRk=J2Ao%)24hyJq-&~YVKAd6
zzM~rZf|Rp(SM79MB~-ra06u3BrT0Cf1cqug`}QsP;qzq0Om&_SsY8B1LC80N=19IN
z=(CSZmMJPnyxK~N5i7-rwX@Z@7biz|>dt>xv~a8gFkOQY>+DwaIl+$6OJY!#?&ljw
zCD$jDbI^Ln#>vwe{`NLrf}4@y_u6amT7pp&5_b$$W1J3KT-0rY<^~ufV~$;5QTt(E
z#~qIO=~%k!%gTwRtEj2j>7)_UnQ46vsR%O3;2dY|o`-4I4E=YK=Z9G$95=w<AbyHA
z<TLJflg(nPHLd=Gd4U7nuY}zH90Ev8lg70!2cFJ3m<k%vlhVEkKj45UHZFDTX9}~2
zDXEK;G7&7vmey5S8_5`o)|>;_mw=@xhvV+M#5O)!fG|daXxUq}+Xx?b!+vDKk|{Ni
zBPjeJ{@2Q4_Yk;j1;TjfKf;*vpBT%4DhrJFE7zh4#T=y10!lDxFwV@@VZE&+IAIWY
z!?lhcr7o;4RN3yf4sh=<%i^4jdN|l=mH@^m`!}Vb`OrKv1mTS4<8O~S*S^QI@2|gq
z;|FAFP8oe_@Jegt3ASmqFTnYEEIW~@X^69iDL<P!ErM$a4AGXjh~OuZ^k0t8Xlc5-
zMf6@k-;r{5Og7rdaZc`<R;0<EDedf!)4R(^FlsE(Z6kEYpYx~1Ln1+EpT?SsxlwDB
z@2vv01i%1GCFj!qlc++U;o5XS?iJYlMlBS}1&3wgJrE2VB{!KHsP>T_;FmX(_R~tu
zbFp}YR_A%G!hNB|`0mAD8hxn^P?lvug>sKbH9=R7J?(UH!*_;qk6`qKlqd4ZV7^@)
zh7aWU6QWyjIKqZhm0tC-#Dgg1CtQ)PtB@`RVo(?L{!}l5x=j1L=F&6JSw}~?<!4EF
zLI?{j7Ib_=oW$ZlK?puIQxu_CwN0)rJ$)c+RTijDZjnEFDs`-HqwofJ$YaJjH~C4C
z<14cj6SFcrPHRw|+zuB|Ec0oM|LkWRxFm~RY;9z-aiPMK0is$vqdDlf7M_j~g8SJi
z&^{}ytH3tgC#T={*45RO(SZ=2GNH!PueT=?!6r#Qv#1@zHWiqo{chxqG=qzC%_Q86
zxq84E5gvwUp~PisII4e$z5)gSz6k(RhgoEeY0b(?@k%NM<NUtghLt@Nu0mvu8s-wt
zM)!Pf*I<fXPGj2|YE%igk;d1W=falB=zU`AF{WiU@jXd=c>iLRp48tH;^~H(y63Dn
zgc&tFcY2LBjPr{4uMBfO52<*7)^i#`jqd;VCLGs48J>2)7sGfrw@8$`up>xFp^XC%
zY1I3WY$>L(N>sM|E+c%&Mv{zrA3*sqvSs<x#(h|6+<&e+03nn#koNo6%MggYo;H|Z
z6k%8rc>>fM^JQ|oGifEW>kA(T^RCA&&h06W58o%mfO$>gK^%GWxbK;RG+E6z6(Ov+
zfZ}&uEQ{L=qN4_`&^vF<nf`(hTm)?T&Z)Rf(3UT`;Mtfab5@ycxSi8{v{~b&%wcoV
zS?f5PZBd}dd<dwchuztuf{hD5CGdD)12|G%i37AnV2>=?`>2R750)szhf8Z>f0Gl<
zd3X_0Y3fV^13XBhj989hJJHiPccF>PX}F61q|l?t=xV|3s6!JH5k*|a7MkCTNWQLV
z<n7XUTxgnP(9*b_;HG^I0JPiT!cqJf(+OrjJV=DzsQKmFvXOh=7qAq=R$KwsEz?Ax
zurAxH(mD9LPXc|!8YLL4d5hKsbX`NnMG|DjjU~_SIfxGZ%Bgw)C6~d<t6F7l^|epw
zOO3nQ7>>s;VkT3LK6}+v4L(Ai*3jTYyr7sof`vCG%0CsV)wM>u1<{;0CDBfNCMMvi
z^t#P;!B*B54q~cD_SmTfk{fe+Yn}*Z2pYDXh{HoH>hzr^`?Rzi6`D;>h&F&b1us{C
z#Y4-Tzq(l=Ef2sVmzJ1aFP1!zUS>8<DeG(Y8r|>e*8Q6B5?y!*3WqCL()<v2dP*4K
zdco!&UxJOI?o%jrG3^-cC*%XN3hr9ja;i2(AgE4ubVzG}@$@hC3=o@E9C>RmjHiRR
z)aP{)m~z?S;@|55&-9W(<`;fhXHFr#%0{GU(8F!ahHn8l`URB?5-kMy#LE%n<3$$W
ziLUsdl?o*2w*cAvKTw*xj8W4gtd3zrM%obXoH-QhOB^g*QO9g}Im7oz;4;VXx!-^H
z;9gw_{W1F7huS$K@h3+edA38n6Zwu~sjF}1#e-RQF<{V#$)^@jHT5m>bd^XP$KIq~
zbctF785iQ(@7MKpu`;q2@W*fC^&WnLypJGmvn`{JMGR`*KM<O)5(j@2xcdBul-?2G
zUo|G~wrhJndU!t2m!Axz23=Iukjy$I>G4#r`C|6W9INK<;LXt}ZQi~$x&emK8RdIU
zJ=D)!Ol}m24}+VpoQ?09xqgLfd}Zb?MKfnkb`)=ya*lfa%d&KFE+(oWC@XdTM_Gyc
zpPvVRzbpc7TWO@EK*2YEj)2v!BVMV#rGxAbL8L^4lCt*R-E`%pnYZ=G+_d^GIQX#x
zMTz$vTigMZlNyM@)rA48uE!JUAj#?DiPir~N)lxyOo5ARu2pioj8~^4F#CRl=R8DA
zveB*CExHonWP`PHC%34AEPlJupif<MwxxpK48U;gxp?bLqiV;eCF4k;$~MAYruDd(
z72=2WKA-+|4zDA8P#Y5K(Ud7RJA)@l00JkfeINFRxyv^8!K!Vm{_+8YJt4fxZ4JYE
z*D2kVYwI$z-IeQP&JWv$E#j5Agfq7eD*D4?PO0lgN1)%X6NURAuQ3B=M83UCS&`k<
zK;)d8<+Z6s8CFYZkr_Xa9%QVi&Y-^@x%bzNov+wc#YNqms<XQZA$vMN*Lgzk6i*5W
z4R=`wim!@I?gW2tLp}!cxbpJALq|~KriqSy#WN$shbAH&kK-O+QzZ()DeE!y{5BZG
z%=g|sA{c_6%`af+>0Rur$}x@(S*{{O=otGbqUqMz;Qijix1;B@rhRN5N7~$Xrrg0`
zuoMU2Zr_@h6^3)jg+`0VeT>!fS6%I{5p*|7?qbLmU`-i?Y!OKj?`A6rqNF^BL%WYF
zRecAjKL-s+WKb~4UBj(G*x|F9;s?q(HKZY1w#Ho01d7=dD;QEqvJk|g{=!Cc)(nH2
z)a*BYf@yqAL-=}lJtObP5NP5K%oIv+#5~c)<i6Aj(+d+eu{C7a6Q{O<<J^bDuNx5k
z)t}awdR#<dERNRFx5{E4dZ^t?I1w^;I!!Ub{Dl9n$!Ont5g-m)3>3ro^ojTXbt3c+
za8qAg@E0+MyXk&(PI;RQ57n8NM42RfmKl;3MhhhmAqN@;63*cOz~HM6#PsvA*W6$m
z8!_fmO4w#tI*IL6#>hJRM36}0O0wloOrJ$Qg5)g>|Mus7CZFHpQM$4UJ2IYs%jIg-
zNAP&V<uS*{@BLh1`qN5)U^z}d#5l@OJ{Diu9*M6(FS4q&;6ya>uS{a6JJh9b6KjQ4
z{6lL-OW*p|6trG&ZDJc9T$W;L9}t#u3@=lw2+b~~mU4_QHLBjUd*^ANZ)<}r)Bv@<
z@`InpkJSKeft`6fVo+boHA7P|I}1qreyL$9rF1JX2c@=cJ7B)bixCWK*I{*Q++;*V
zgX9&7Z@lS1M=Y<NGQCc4c1w)wjOn9Z>noMV0J!W#+_yZU>9Z$S-;Aw;`E?3<;x7jb
zI@9Z{-tIX(O$Q@}_@TCNsXTAUgA9ePOg1aGQEE}w^Yg%yuiyK*?PV-IM(>)_qZLjE
zFQZl+HUu3sIV$IYX6YfFkPI!AniCl`o9-EtY@J2N<kU6BbsR<~4dUUUZFsngx}*+k
zi(UI6eSVZ)c3VaXPu6fE@jUTJ(~@z+2o3UO=36VgxiWagnZHe!q-02nEiCR6M(vD}
zF1Zu=V&$-;Ph0gDR9wV2mgcostp>UE8oaHRCQXOx8*W8oO3l_dDOknFnz_IRt%-Q&
zftTl>cbnUpIWM#s$ypEbvo}~AdDN)!8fnpZNc$tPBEF-`9J-knYO+nQ$PHy2-sv~;
z#8^6IrKnqJEtYh|$-8(popv34u8h<n+^MO>m##29X?EHbU0PPi@z0U2s3)M)+bfVl
zcq#CDY=7t}Z&53#6#bDzoBMXyg>r1$fs>mz+-QUHPSf~+7d8@MQ$D&Lp&hA~nU2uF
zxpPOG<)x#ZXTw5&oP9Qvg|>dSm)EoT&Zf_D`epYZk>Ni3_jcVuKuLnos$wa^U2#&~
z@WJHb;fuM1S0@mzv)YK)T{3L8RPgNEbK%}RakcMrVOKBw*6a=AR$^^iK4SkjbiA!$
zIK=JVMZBxNO}rW-ISV@~8>uDtx)ftOPMe0R=!O*YOYNm2&5juM#3ueKGtG{iCi<(A
zggM0|8xF}&b}^y?4oO1|?PgAA_@;KYo(IW@u^UCZ5Wdt#mo00Uh#jjF<4;Qc{Vi;K
z&Q-hdI_$nt&i(yA_He&ga)m3D_4$}N2)7(r`qOb0@2X^}-=qVloy7Zzol?%iJun@G
z8kNX=W%cV#joijve(MXVG1mW4j>pNlpD#zUT!Mli1B1XumT{D{Za?b4!LV2<Ks#QX
zFZ*!)Q!+PxgLGV0$&euP=Vt80x*ORbR(fMUnU)&`SHE5U;oH6pZL_HJwWD7AZja6e
z)G#68sPEdT`BwX^XPkWV$le6fwmhAFR_Ureq9^{0e;r)qsWY#5i!EYhEvAN&-<o(e
zO2&zl8^Nmx#bW$2Y@5o6p70fxv+jsZNT>V=zp(!Gi2X02!;BnGu500YgtFPhxPm$s
zVPdX#ha!ti^g+}SPw;U^jKnF+QqGdvWuuDL@Pee1HvwM_rt4zV4IApURq`)i1tM=u
zFA!X_#s7S2v&td&iPER8Lsv7{OoG|L(RL!Z^bD=PCDOabw)REh&iTskU7OoEj~ijN
zLGMdhhMeqiFDfWLj%^v40PqVkGi$6p40cdH&fjr38Q3O-$>3F$mF{B*)LiUuPN6X}
zy*243z3Bcwl)ZCsrQ6;v+DXT@ZCf4Nwr$(CZQHhO+jcrmI!<@)T>IPS+}i8A_nh@r
zy*2-tbIhu@YK))81Bj1X{wrw$)yMj&srmK8F<;maPd7<Ng6CC!>#Q&v`Xos-d{s@6
zb>2ZZ5JNlY;o7@;T$5`3DEzL7dM$`9S_Cfwgslq$da9x%THh<)!5ebGzdb+mTc?HT
zXo#X~eXi3OJO<N(8s0(-yLzqXGIeeoj`7N_69@BPh4(NcbWILDr#3_a)>;Mo<kXLS
zZ`gw#e)d?8nmRX%!uLw8_anRN_;$tAI|F&e@pRg=j+Mh5^XGd*Qv0w_#i!&uxZon6
zRjW<adMhFD4zXki9t@8DehII>IjmrTi;Mq+{yxEXwT}QyVAIQQN(23bV7jN^xdi)R
zF8)m_`hwrM3Zd1V(5xW4VjI#v8omUi&ih!`;R0+3vjs#_8!k%f5l7)Z>Seg*7n_^l
zTx}_>lN%WMo)HJ}YJ*tQ24fkXq4=KZgMVA$T9-!d5ZBuT<C2<YXI%OKB$*64`a(Cz
z(hbadZk*CLs2-&ZsYvW9g0Z+j-{lN{vasQCL{Pu5*(8X~8eB?x98WV^V`xy?ZKK`5
z<_+oFxdUajvg$2tc|&Chxg**XKZnX0NFm$u&`8;R-g?hCi(NDYc%y3`d(G34FA&ce
z)_Bt!KH#iQVMb4AT%|sy6MZy$&qMkJ0%I3R9G@S~M`Pe7c%YbL`7F~N`f`R+URe&7
z3J-2l%8;rbw}sJxu>E#eJk1e@JH$+6mj`|aGF$eK4-$lf?2sJ~k5?cR3y$u3`1;TE
zOh0c>012onfdCRK0{=Wc+d7+=nK=I6<j*yL1dNLQOa8n9wE!T04uiB!mL43wj>ewF
zy6wC%V~qyZ`x3=B;1_T$ZTwTZkMk(b(euU@=D>v0;M4K>s^f+G?Dtjg*WFy-H`~EP
z#4%?OW+vZZIfZQjO;MPpLl@amollyB+~|+=v<820!Ni1midg)}Eh(f%CNR+9Mt5E$
zVbo)E2Xb;k`n%F1VO0`t({Qw=jxfv8<T=LaidH2l3s{*w7R6dsW{;8#%g#)dm2At&
z<!a5!UFR9)RmYgj1MYpUZp&lr(4vmkBvXhv$EYqhOyCIP48nGOHP}#r6fIF(uPQ?h
z(i+1=WAzr785%1%^jjN%2Kuo~=p*aUZwQU;txA9fdWf)MjTKkst>A)7`(GO9H46+c
z7_P`V01fn=`5kAu#N9%bYb?+#*<6r({urH{1H&~1Q#E!hx;EMaeIZuecA{M+<)Ikh
zI-5m{;s$*sLAQt$tX{^@iKZW77tB0L))~{By!G4nC6opHp{6cPIs_f&c3hne<07Z@
zd75()2Tg$r-m?4MlWrs^sLAzI1=ahIt0>+vR#3TyI)luheTVF!0Ym&MTa^;8Is;(2
zQUt|N&Y&vs0|`otCHtVNsLS=E_80CAXKfuCs1^Z%GWG&Lq5dG8%2+cN^A*^kYLB9Z
zR_qd-c9i_^!gs;6eJ)K^;0j=p&Ms+&5$dK?mmET#X*fTaS>qI{WXJhQN9Y3JobAvX
zOG#nBrNnGkR^r)A&#F(9`j}sM9v-J8?a-9^bh6v2;`EN_^cuZZ9w$p9@72Nx(Ii~s
zHMes6gzCeJq2tQw6hrS)Y~UvSK{90c<7YsVuG#bkxi!Ep#0!s`w$RCHK{J`zVdJh+
zY>`6Y%}C9H7I9*WK}ZrGAp6D~ORQPDM{igvKfWX%W&w$%nsP8onZnt@wv{B@UL;n7
z%NN_;N>7xERcP~}Aa^|<MWQjP_6sp`$t(`B1e1hLoSPP>P;Y*V)^l;3nB^Jlij~pl
zHL+Y;PCt@vZ&W2bWnYJ=of;3rri86OhK*mp-L9_)?^*bzQ~5jYirpRU4v|V~uyCk<
z+R?4O%OS4l(Eu879RmjZpOAfZ=mNCCfbZfTN5tX7LEz!71arY;oqNUV6l6BI`F>xr
z%IA4rA(#bx1i$tS?=G-mVDsz@I7H2fX|*|slDsvb(RlzG=r~O3BmfO`vIRMoFbGwK
z;IZU(6)0m^O75bpxeHTJsrifMNIr!ZV7mEh(s!R%xHUx7gBBrlZD0v{TzW=P?YyxV
zWc0gs$Vt=q`n3t$$VMJ;)IDVK1-&S}c6^8r)iQwpB}o1kts%-%N#Fg375!KkD+W2|
z$;!#I-+#s#*72;lW&mxB<9{TKA@N^v=5K^C9lIq46dqftq|o}hT5InnIU5lK3}hrM
zK|%ARc%tX}ibcGg)yZuW*OT_}JWzUU;0XNwI6-al0&5faaA8O9Ii9oE-OJC{w<j)t
zGj;fV14jQiEj(NB^21o68?g4U4?H|~_i=eY(v;>pOik>2f4_Z&Nfjhqbz+sqrVWGg
zo)w<~23#r9-8k8<L7WF$$#Ly!FYar5Vjb;3RxcXnQ1k{iiQ%wrHyWa;BxTnoiYD!+
zjtg`#7^W=I+ho)ThKA<BJLj-TOuV1S1=$~ZD-6?QgRbtJNM53Osl!iIKYPDjyMY&)
zNo<qc-;5O?YLK;1rNca8XQ}0&;G8F1MDSc>TI$k0MjVBu3o#3Smx599gE6c@3Iiid
zZ8$Vw9mdjx+4^DzctU@XVL#IA7;bcQ34guplVRh@nVBLHC#;Nc*9-T>z`rODXuCD*
zmYu^={Q{18E~3{zEB7wV4~$<WkP{~Hio|a2(m-Ggx!5ibz?@Euxjj|i<e9sse1Tml
zdj4UVH|qMteb3Ye1+8fNZF8<j1<QJ2?d0<rvo@!Iw_>j+|7A)MBjr>by6<nms$WUH
zt<HdbAPZ;<`TudwkyKKaRyA<6Ffg<>Q8aO~vvxIc{9gl&Ikzoggt5M?^#;Q#o65z-
zyDC2a!(thc&C+5Q3Rqjgq|S(lC4|YjmTnHHNRna~U0a+E$6#VHTdJ@@>f5KMY5bM7
zjg)Iq3A|&6`Po@BS5q^!rpLKQaycOBLX~0cbejFhfGQE~q2z!|5pRDB)@=rRrHRM@
zOj14;d#Q;ym~B<Z)&4O_RoHC>$Jzew#5|1ls^h=_5z<>!Mt@D97ie`V{R{*1(I*{`
zD1&<L*3tMXFxmn8>eF|_il!Bm1u8pF;cCr&d%GC1+Qlvga`x?XgHkkMo2;<y4TRQX
zn>m|NSDKE!Lxrj5_Pthiql=BGm=#U>!N~CMc3Q%yn>3PVJjg@N9jy~>9zQqZ6E54R
zyT%=zlsFohTJaf=he&%%9(T|K1|X^e=tp9wH$P^BVz&)Aie$K4X$o!R#3y;0FS}_w
zdz))H+K$5II|K01<;i;xor%PzyQtn4f?_>1LRjw6W*NHQ>JBg^52R}R<z%Y!2N<f&
zhad$N`YR*A)tT=xS23r>Kj#q}mf4W=tk9x3N`G};6&Mn8!|<#fJdl0~-g}P|_nI6^
zl_WPej`BpBA5w>evVqt|j1RAII#xcZdKaw&5|by^iPrTY$iNGoO@D)JA!OLW=@&hs
zq|a@iVY_d;`-hPX-mF9I>epDt?<LJb;>8lDxX3T#H~&fRaR!%mAGFqGIR}%U68F`u
z@gMu1Z+w=HSMhT8a>h^Z=6#-Z%{Pzn2kspojhu^5)`BT4RVg|yrRY@a>ni40xkMaY
zWsA)P#q5Pd3z-{BhrOO^YN@JmzgCv36SdD#HTDWBt7u$aXP>m15`ATxh%XRzIr4*W
z=IQO>>Xg<>*d=J){YiM_vE~3?lEx&DM}C1ki>FR3a2D#L9#}KZK)a({B$&G+pqe7H
z)gnw{R~sc}80w8+^t_@sYRBYA)OoT}$bJUrj8G9K#{Kq&sLc7v>ZV{g64gbR_B0Km
zO#AMJ8kqJ(4Z0KlNf9no-*siGmoOPJrQ`o-F7mk{msw;NF3BEI*y@9zMjM7&w=u?Q
zXb<2dcqli7W8D~_PA&8PL|}QW(6Ui7dQZSwkXsh@Ep5Gr#`z3I^Bn{G;~zy1@stx=
z_OjZe#Of7in{}~)p#e@2)aQVh#t;r!_@hy$bZ#}H_v>%$Pj0DV-c!JQvJG(K@XxgZ
zq)nWh{!iqTf8pt44{KDFJpodyBmo$xkpb45;#SB$S*a~LjaRm<Q30>VZg&IVc~2wY
z^TJ3n-pj-ACfr=KA<2m-x~8-L2GpB={rR|u?q@+8gfJiqcZYx^>4{Uuu#lciha&cm
zK!C->e8Ch9Y1w9G{fnJ~raV<)+CD?gN_+HBS&(*_(K$6Eb7O4^W2*{~rCS>>*X+@)
zc3`%%f^(xaOCYQ-&g%RKA3&E&#wa$iQZhPMa#5PPwoYR$8=nI608^<Nj6rg9zU{h5
z-p<rD!zj1BNia6B>$1j#8M+Vd9ND`A>)Ge*)F92y+iGnXtH<U;oJnhIj_g`bDVq|k
zu~czFLoNd~hi<LxaqR(cQ@%fk>eeW*nA2;OR$V7jZUML{6@Ovq0o)YRu1=Fx6KUq@
zVKvoRjX`R#)<cupIz0lXoCA?h=l{)387PTd=$1bSY&lYHR@v#IB)(R&o0L+`-$%N3
zlo<UE%ABsk5RHiG1a*2JZ}7)(O;Z4)=NDDy)b2dYjY~MT*c;5!PKoJ?s^0}F4*r<Z
z6cdXq@7GV{mUt5kMLE!m`u8pPcwLu~&DM@0R9em^xEQHwLeV~dgx@q6qurbni4&zk
z#f*Y_%q+~AzbAz1zcYExiy5Vx>Z2i@&da4Pss{rR3S1A%E9o~<?qgqV*p+|>U*1P3
z>rtn8idJ<myOEri{m7K`3;aaw{k?2Ae!&OJl_4n?D-jkSYa%xCfD_|E_49`Wns_w{
zLlbNT*=UofgGPQ)yP#@Z{pk1u<Rw+Dg3H=Os`(0RLqpa~X5=xnyH=jK_bY_PJIusO
zNlklXKAA;{+99F}p{4RLYN05o6e3L@!L}v2u+i-tk-8a@A+6vQ%7JT=JP|EDbE2eQ
z*cZ*{7IL(B6e8hhd$?FQBi$?=5e6@aLz#;Q7GnMjIWRpup`Xwl|F2h!_`>^I|J@Jx
z|E!L}AZU+&1J2I@;QR>x<Ba&f&(Hr4FJ(>+Spkq0<7~TZG@zCF<r_W~H8uYtreL7}
z4w89sh_GFq2`zx-)u{tBob(k0POtlP2*i>gj2xHw3IJ*HND?NK<)>|IWU%keWwG16
zyyV&OeTz1rie@+zAQ8k6RZLF~j}B&xY>vz_C=U-CkFIDRL71ea;aOmQyFwa@w(Tlm
zadUUr5%=mg&Ipn0JiLFva$8$OqfcAJMxB$q6fH^AJ3Fb)^5__;kz8fezS+1z5z^nJ
z$=VeH)8lTK%%9%00uzd|O^qq3nF%~N^%y7=S8j{i);y`D+^rHA(PF2Du^}DeN}j&9
zMzfA8;K`k5f2H=VkIFvFJV846+;*tO4ZVJCux_n4K<TMq7MWeI*P+6^Q7+W=Z{0s1
zg_d)6mSoze$trP~1k2Iry29K#uAB|P89INvgE^RXU9jg~qEl0j2FQ_|oz89yI)Sl~
zQ=y}O6*wjskm~Y<D-oTo#^$o^?K>}2>XzHj?m9+|c2n9)$`w&_PzkeW^9L7Lyaz-=
z!nQex4e1zg&Q};J4)JW8xxf0Q=?F2i0D89y8f-Llr=wK^o}u*(NoG%*pTBHya2JiX
zT47`vN&C7J4cg1sPKKYd{ff^hwmcu4FP7*xv*6rfx@YDcCY6z)&x^i<(|xI7b_#VK
zlpijfCtByXICwC5eh+=<dmXbBq*$lt_Jg2sey}|>2Z@ABLT*xRRsj>M0O>Vbw5j67
z7i1Wf^lDPZ#H&UuvIEYR8BNCfw<l)ru8BN(rM}?0D>!l`;+;v}PqD@v$2X)68bNo-
zhaZVrDd`d4E2u=>)8<JR7%h9Go{@)49=sR30;`sF;NPHXI?344s-Ba})cLJ_DDH1~
zluw9J_R5fFP)S|VRU^^hE3g#2OmvAY>x?ZDPtt;WlY-UvwnRa?2n+f|&+CX`lp(8%
zNvVh@meoM87<KWDge{{X7{N?<1)~K#ToEVk2*WR1rkDws`5)cN=bjNi1Lt$I?-2<k
zo<oD-euMt!@v^}Z5rzgFuVKKTgZZByFAD&9(!l!PHKx*r?Gir<PtvA_^roQ2Mq4A9
zz_M^Rf#SPjiyWOY%8AdR^mc^yR^yn0FBBvR0usFUH~f(HT<OAA5XzH*HK#VGxr~#w
zTYNsC=KJbUQftooyZS&eRBls>JZFz|=ulR>aj|V!50v&>FQJ1fI3ZSq$>TNb84uJ|
z+wHQeN^;_RI=+jDU&OZ|SoDC=+DQeCH*)iG!!(9Az3lfi@@+n}+Cu>fuZ%28yeE&%
zJQxg9DrcSw;mM&uaW>+{h1V>xCMiiICHdXd1ZA#e5>b?cNW;8S7Fuybs)L~MLwl0N
zSrAG!CTDo}#UG&F#fq4qQNUgf2ngHTHZ^2j4#mUjjLV4^#-VFpQyKbT9>>&}Vj2#b
zW~2->FC+eE1)S0&{IPSpU`3GyiP99z);iKeK~3z>B86jWcfp@U9CAJl^if(0>}TC7
z)73+w9kJBzlXr)LYrzL6hEHBcB&Zsq#u%H>t?tY~Fj6t5Yn#Po#tT)3zYvWY(Q2s6
z6KfLA7WK|F^#*vC3PHlGHNdypg<EYi0iKrp)atA=cIBPQ%5AxR-#;8{KT>Xb*(w-z
zMt(NVGH-TK&h`#CXznR+hP4O+`@=2lmTtC{G2~#DG7o7FsZ64#XLmpJ1>>5h=SU2|
zjE;6rY^^g0S!<8M$_$LkY%h9Q9I@TR17Ho0cs?&r!Qg*qJdI8@BJKbh86=`_-<baS
z-m)_T%+LO7Yt5+XSfi|A^0;;H>d;@p;xfdO$q>-4U)63Ph;I&qd@{!;V~96cHSvp&
zKG)M+%|@H9(JD~2#4y|_ZI)HaXZwtQw?wHZQIuY$5U3H>JRw!A?0u4}SZ-^Dx6#e=
zbvt$Jnbx(7(a0KK&Eayp@!k7z_ThSy3;*>|^#XJioW&0{=e+OBot1xZiOUgwhJ-On
z$cqzuAP&sPJrs6!^a|F8cQORA$AdM*euN>Vk2Ch_lM6p)#F5a?nSDG2?aeWgrguCf
z#h4D0@Q`ppCA4;@@u+25dw!hz66xwv{1f1;6GzxtW{zIvg~|3r;bx6rgdjAVJYv6R
zzt9RNmqt!wx13F}5XpNboms-TME&5^fKic4sfytW!=+1T)_Ho2Nv*~TU2-T)s#cNt
zoO~g3B3Y_4o>QYN)nQO3U(YRw<lvKU6@}WX+zfqGYPJ+oP-FJt5Gp*Op)LvC?28j9
z8Rg?bU1Y|6wuKWL$9IF*NQK(8Pi*^&A>taxDeE$xU8}BGE|0O<{PkIUq8b$|bKHq?
z;ZX|bwoKJU+GI%!QTc6o2j_P}MANGA%HGBeoO_6v-54z%^OZ&=#Lsm(I!F;@Z7xhW
zdi+4nJEtj-6_8US82T2ZQqC1<+V8u;lXPHqCKcsLT-4&VkUKjt=&D(@ShFu`D*j}N
z+_QH_Ui1-I`jWk!FJ8Gv3sGsh8-|$}4y8R3m;4F%h*p7Vf8g*)BfuFGhSBf&k@N;u
zG02kA2fs6_OJs`%!1usl4@HBQMU_xaNgcvO!fYyKy<J%&oykiYVs~B;KpGk67d2-G
z!-m;i$QVLsVY<>?XK(V+z<-1LF&3uF>r8F{^8H|XccS1d&)TSs5Z9wav1RgC|AE;7
z=Sajfg43JM1RSoAOGtQTt<{DSOi!g#rGbR`2KuHSwSLm?`$}XQ#_C&(?RB>*dzDLX
zR&uz5@3CrZ5!%0+)5~WIkfjC|!f1anlZ)`xls9(=nQsd|g5Q&3;TLv&pFf8eFRlwJ
zVYU<M5_QAED`gB}!+IeK^f~9}V_Vt@)n^y+0J$^MD=m-yQ_d<fUF|2Qu(_MqQ21w3
zfKQakoyw45H`;lOPopTB`;6Zc&nB&&{87vK4^qMv_hy|TzyW1yn%EOH%i@{N@a-~u
zNiZxoKj670Lo6|uK7L(vK7i5k%AtCI@qD}pdQ2h}8RV2?fKOyu8h`zipo4_nAJ6(_
z0FEFAMr3-CTafzFd%XwvS>PQfjTE*2M%-+jn{!Aoml%fBd9lq(U_5y`We|>U?HbcD
z%0wSiB=j-)z-01nk_eL{%sy011T2kr%BVO9Mr$c!+)MmqD|qzX2l_p>JE-OHRgmLD
zB$7c2N4IK;iMFW>l#h2SVhpQ!o7BErP=UyK285%v!u}WC{y3F!yELJ%q{Z%CKyi>g
zlDH`FM0nu?X4o=XV6ztgdxHNmKL1ZCvrY6AGJFk?a>4pMrER@=x62&P?B7UceZw2{
zAV*DOs2q6+9Ch;DuAOjT9C@k-S1O0ye2dx(StxJc-;unJiFa^~6U4zu7X>QL^W~H0
zI8MbO9@Rikt$-ih{ol+vk$Z$}9<QSq6~zCDNxqPKVt@9;j<=IA(M3c{O^k&cdq1;+
zCXj<ByihnM*S`6Wmq(6&A@U6u_jt(s5rX6^LEkjvP3aMElpv+AI5v@aXe9GcK;}Iv
z-V`d%MJnb+E57nqX3U9bDdl`SH&n)s8s$VZqD<Z><t%MAwv;MurOBj?GL0&{*T@UJ
zz#I5AH_S4s7X-BAL{&OPtru?DY@wpT?r<G2<oc$a2g@K)TYLO-va++WvbMUCx^mJi
z+l6KL-D2Q<FYrma|K00C+FRr@D~`4_r0^<;WCVe(e#k{}TAb3f7=^j<>fcY{m3ONe
z;Rr9`h#3l>?Aiu@q?(Fib2E^j=5XfA2qn^yh_>;WH)AZAd<jOAVzkBvdQ&64sfph7
zWN$jE&w!bBs=9dUAAYn|QsWG0<2MP;rdAR9b1tg{Z*RsHlpLWx!gV+Mkl*>T)jud#
zvr(*MU1zhevVUy+aB6fq6+XM$@E5EWAY4WB9Q3nU1#Y0D9?^^;gQ`Ha+to@Fubpzw
z(Rn)I#FUSBTq)LO-O&1vXF<z*G$d+|Y+Js_C_EVFdsnG5OsF$Vogzytu~gz^+Pq9G
z;TzrRNz+=xA5qn9<JzLjP`-i_Sa!5mzTpN&&d!Yw^&wk*o)1>GhCO}gt_YY9ogMg%
z>SbbT839!TD3}t;dAp3j7=!DJV3R&E@{gfJnScTo(05v;`S=6+<b%58gCx={U?B^r
zUnS{*G6z>*`Bz`VuFn@t(*OEhqO^cISPWsQg}7Bj7ZYgcBFgy`JE*}xGi<OE@v{Z|
zUJ4~caw&fww$gmQd20N#A-`9lNNK-(CUDP5X}-V%A(5fJG}khbl0Jn@Kre7<egPSI
z_@o5Rl5E>H3WlUoeqAc1IfZ6Qx@=LkPut1AR{A_i3ka#`5!dns7wPB<{A;OioQ#0b
zhM%ZncLen27Pa}m-t4x6()>Isi)0kMz1*jp>R*e0J6S?uah@R~UD~x5{<c#2uh%$R
zMG5wb`eS4RQ`c6ax`A@_;(+t|H*_&|z_9QRU<y7Cn123qix3$LTbKW)4sBxvpp*Kx
zx_NYsrVYO%wXB|lCrNsV(?ZY|VxSIX2r5PTZfmbjrB3ZMv?0D12}j{WLH+sWm(0=D
zA&QNl$+vyQ-1NxJ%*D><=ko!yk9hNg!muNni?o`fzFwQqsV$gHsN}2kWz(ypZOLf;
zmmz99_rV|W_Dt{soMPKb50+!g^H6T6?I7i_8!b$k#T;RZTBDW``R&w%WjV}hRj<4O
zUqpD&AyPTfLUv5};LW3;cp?`-<=Q@%GX2SIewiSRX&Eq2p7?v{o&XLrRnz9y-|u*7
z(Wk~3MZN=AF7YnjplIbHyTOPa4!EFo6W5SD_cb3A<G`?yItcMciE-vYy)W-bb(HN(
zwvKZJr_YHE-!%ByucL^E5o(K3XUpEp4Uo$6e!^9(m5(?-Wf4e|P;#>(UNyzIQ9-G%
z;5f2tsRY%Cf&>XfDumM9ak|7d0rIKBsxf^r5Hxwx%Xvud&=?tQ0_7aCgTjP-)PWOi
zeOdtP0$R`XS0N<NN0jAEIqR}hrPzap-E)xZok#2?<_(p}ywB{+JSt6w7q%Lt2AIx}
z%VQ;$?KE{A%ShRe6SpsA+v#NNvgE1uA6aWY%ozIjT-7gQ^?il*#<@>r{X&gx(hFOC
zf79WN&4IAn2Q)5a0AGxM4xo~;Gj_55`>rVgSW^RJIDP3P)Elj*yr3dmTUNouBPdX|
z<~4P-&e`OV%%e27Nw(^pH+F2<#J#NmZnNKigZesz{*;~^kH+5`uyg%9=W`gn-`+tO
zjKcag)nhi-adwjXnC<kE#^?8r$&cTQ=zx@VX)iMT(T+9DAS&!^nCuq|u&NFYw`!kF
zlK@ik?jsZ&m7$A*PCo@VYu}{>Y9h*PZvfd#^3FJ#;^uSG>c_2hPot)@e+CEUJ?^Cg
zw|Eop=Lyv}Wb&24lan381T$Hh6-AYjps!F6oA{|og+B8mGC|==T3IdH+WE)X`9hW{
zS>2h_QmQ3&ti>3HWf+T)Q!T^mpw1)A9|h(jCYJHcg3(86$`x5E${dcF#thY89wV!-
zZV?x5sm(Y-N~$id(qvH7luBmiux=Amla+@*<TzSQjVE;Y8)$m^>(OfCWy?}mnvts_
zm3DYcn6p%_)z<{RJ1e-*&djS4V(Cd$r50s?N&N2g+%wQOLaC}TN#o!VX(sLZJRPE0
z)oj|G;Ivw1!EuQZA9yg-Kj+b$hB5q+o9!>s$eFw<C4z)(x+`0Sj5X(b*=zayFi+AQ
z0N|cz0O3o?$0Nn3#s^RlM$<vQB%s!l2n;p)gCjXti!;;@&bNCtF*3_NrRWbL-N^^W
zWP^Zvgr*8Lk{O^<Lgx7!ayImx5_`zZ-LdcwVnKPoDG!=)C(qr34&Cd3Zm={W^$rt5
z#@(axy|E7U`vJEGD{;)s>*YLzn^L$Mh@}<Oake;gWCMqeD@009tU6{FgY2kU2eGvQ
zp<@)TY!GHU)C%pmS-ZP3dH6VZnlkc|Pk9k)-f$_fyYb{e<8wPAta;;Tm(yipYH2Ot
z*r+@yQ&J>|4wAG4dTq$NH#Q<meXb+YRc%`A!UgluvKM4U3K7nwXC9D1qZQO%$6E|0
zZM5DtyQv9UWNIlVnf|c1TV*W&;!YEFAx-<h7aDg$-deKes=Z{kU7Mly)OA_lC#Dd$
z_?4NU=UBa%JVvH8HYJbMW&^k936F5p)U?#Zl5KuiDH?k4NvOidQ6%+S(v|DweT%-<
zX*$Pw6|r5i*G?I<#*zcaS0G1p&{ohK4mufummC7}pknflV+q#t=WWoag(tV%qSEaA
z062((Z=r?$;yam7j}(^-6-Z}Z01s&)n3)Bt1^D~L-M3xfJmVX}Y$q88UUez3*)*8f
zOe?m@pDlEkmLZjO)tfPRoFbK1@DRrk)ir0JvLd?qO+$LYcDS&(fAIHj>4@ZoYwVB*
zMdzGYo~#RRAUQ3dc?GnNe?TFo5ig=?j|JtTh2#E_Sw<(+ff1(a3x4MBir*S;h>;Sw
zDKfwf+7=^zX$UFpnw#I=Rus14^01~RY7QfJ?<SIUZ)nc%G43#m|JeAABp48XXOCR>
znU#m|=HZf;7r%e+`YE3X0RJCwwBA$eF5Zx`$D+B_48dSIL_u+jRrCmb$-Kl9;D+dS
zo6sz9l`TNGM&Ifmconvu_iUDupOf-%^c^7jjv1|n+wBl(l$SjYh0F5<8Jht0ge&%-
zzLR=oQ3SBK7Hicu#}#k=^`Shh81UmM7Mfc230dVx@w@Pw_D^6iNVVIPeD{PKhYFZ6
zX1W{ycUosfQ{4~5IzAVLrl?9hO(VL+&_92>ln5U{B-{ri+XX<f{pXhwGA`E67WUSE
zx8zb(_$%N3X?5!$Su2;ZUMX)W<xMYM7pf#`4mVVWSwoSgd~fflPP3tR8#5*TB^H79
zSHAWCQ+~L8g2hVE%zJg!*7WGZ%*91sw&w@z9<G9omI~dTG!_Z_eM*GM?XjE@rOS@X
zZd<L33pcdPw%9vtY#SRw%!x0)CxLm9`^ss>4H)lz_K!ID>@&wa6C9kIVL^NBGFeay
zsZd28BgWGxUeFuUPv}tUS{M;C?kmWaDK8)oD%<0G{W$83Z052GaK~Z!=MdhcD?B(a
zh5mYVyY`Py<UHeBOH!e{#S?ewH%zvlHLE|OT#5J4Et?jIT(2VIG6N7>58W2==LzxU
zh%i>^OVgDXZ1w6R*-Xk*)*k|^9bDP5sO7p-CB#xqwYqaz3WABOiP$i6KlkKP;>7}Z
z-@UKUC4Uacn_uMID-;bhn3rNyMxYen7*IuBap$m^n?<yFz_<$Q!;v<!UH22GyGKg}
zOC}L$%aWSQ*T+M0kAp-{Zm&`9Nb1ae<zp#XVx~m@O!QXF^5}E8GYP#c-6j*6_ZgL$
zSD`6=Axnk8r0fj6yr`ONXRPX0Ov*D$-uqJO;8dyoQ=;8JW6^h05(9MV*Z*n{xJ-8h
zfUkVX)rq~RWjsI7|8rh=o%HVM2bdQ=0i4|axi-11fsKi=D!{Vc<bPdDYgldZqlC;2
zM_G?;Bo}|A(p99fOad3|C!z@gliF%#CWfIw8F^JpSBeW_VSiN!Lec8ry=$JwQS}i2
zm^I|%@R&C*?s&<*oz=d$?bGW6qA_BPLcu$ZA05KMGw?-;Q(%y1kv9~_y}1(_&{u_b
z&(eZ(v$0YGU2LI-38hu;=2oJBgA%uOht<p}msGoIhO;7aAG4ArIa}#y8v9<6*F~RX
zsTT@EtwLW<d-M3-TaVI)s{vgj@6a|7Bx-GsKsB~F8^d$c4DzESPeQHIC3HiOPuw96
z>fUJ4!f^NMH2^~BqQl{vkZ7|+I5pI(x8}afHUF}TiFo0W=WgV@(<V{*up})h?j`CA
z^>1S#C^eofvJOK&%z_W>+$v$Q9G>D`&sDxr19#62LGjWJ$IHl8n&mT(R=UuJQ1ge>
zqFs<eO0H#0-{|Rj_XZ?P$E=*rJ7V(hCZ4-bngTl35<5i5<YB$#m=6r`6GlkTV7bQ)
z5L5k%xtX3J1{Z}kEY6b>Uko(x8H(2_Bk>gHvD&zF%s0uE%0&BcL&*=iY{6B=N{eg9
zK1jvveC220K5<rQT)vwx1i5&1^3<?*S9X0sxKTgecZx6OhRzF@iWnsxX&hN%7n4NX
zdQz!;K)DJhARbssi_)wxiWu?1^>L6B=1EFBC$vy_1Yfi-xI`sS?DX|Kp^n7o+htwn
zCT>KEok?SFs4g-j#If`{!J8LBC(ZNm#k0*ec}J2j7-#fT3!Qzlyj=!P2l0#77Xni$
zzl50rikz%(Bd))X_(r3w9aZCHNi?ewqa&}`^ANE+d}lAxMs6GD!JM%@g1esGxmn#U
zvZ8bB{5!8PfqSm38xRax0m1N}bHZfpod3Th&vF!}{xu9|cRd`2jSFp^PgNTs15$`e
z4U>lkE_jHqc21~7+L1|2;96N`JCZ2*gyQQD1x1aLB)A9iMmgMc_#P-@;H2j?*YPqv
z{V(C>_AqQ-OZ7^ljUg3$xKu3bT90;F^IyBpdLdd|TRMYB42%i{ij3=N0jLS8ziGy+
z!@~w)zSAC3aEw>Obw=!XvLkVB$pSoT7_oylOCwW!B<(kIbOJw!FeL{=<VPC0IIpCd
zh~G1*YZx#gdZ?o(9~;j%eNqrji7n(Py^e-_3n87ZW!(v4hmF1Guu#RgYpE8M;~=fB
zdzk5P$rMOtM9tz@%jRNeP!PhM=yPz8RKH@P<@a#T72EfuL`@0wDzz5|_1u~>tIP|5
z^5iu<1l@n-rR@ZVaUL9O0I+i#_mo)FpTAiDpazd*hZCn6=|)|{m|b2)_&hyBo~H*v
zWm@|@_xsrT`a9vUlFM-D$=^vG8A{l<k=Sdd$SJwkQ1E=f{**3gGEbRbyUOuifADg@
z0dJoj<HHyP+=~@g8IKo9rBl!POdACtx@hN8b*fauO?!ttK7-ttDaS<(^qJq*_b5hd
zenS3dr1Ma~AvOm@I`;pO<tkuX{7q0&X-jsCAAv_In}gA|BU$Sf)KemVphWxqTV*9t
zIh6*aqG0huE2EZ?ad&Eyz#aAPfZjkV)Md%v{=Uj94M(Nr$ArqMuBKzmW~bBB07B6<
zxW7m@6Tnm*uL%tAC?cTD-4r0X9Q)(@k7<<i^tJo!0(mbz4>P;fD%4O?Ez#N$p_?mc
zDTlR}Oxmgv_xiCSo~g3{E8ON}JC)+fP@+RgQ7f1Z7y7$pt5E5NW&L@!<6M1=#vXp<
z%`h3n6^|wIsd8G}8+P~Ok(cH23ZJ?WhQmlY<Ll#kN}tdM!wKGfvF@byQX+bLN}bfO
z0>8n#2KNiQ77qfPmerv}d}6K6+VE9LHK1_4^?hG1!ucaR-tG7Rq_Ic=crFGQ=rt*+
z8m`0P^lK)Jtg%>#6!M_dSf+zIK&a6xBHKzJZtZS&7)lGRM_4l%9EKHyDqd{R9~^|n
zjRIIPNsKi{pjI={=z8^&!N4q9{z7j@zB@mbGvB*lyQZ@MtLjUKr6eN1L8{3_zAU8M
zle~bI#o+33J?dj83@KrZ(Pm^ypNUPSgX96uJhb$iXeGX#SK3WDUl!Mf@r2Mhk2tig
z<7AMjYvaGoK5*s6U1V9b_;lVa-a?WPW#V#!a}}NZ7JAMi4m@?-9cZvP9g8fA1hHwi
zEeSM9$#3es-;A9rC2dC+V%k|?gh5`%!9tKh`h!)km;aQyS;a>C14QQohSn+I>Voe?
zS=^R9eJZCNg?W{XA>%ls(2nUomuS?DqE4XW<`7SzBd^iVpBvAWiy_PXd(d9OhdtbH
z=m#^20>6mqr8f#n)AzrbZDqHF1egP2n(kj4_#a=r$huft{|BHjML|YxkRK(xL_Yrz
zJv=fu8hu`0Xc>7l9fOq&7KeZYFRhVMYIU_a>fX$PJKg*c{!R>2PbvuK>0$S(J167!
z>$~q4$oya}C^9yv^5c55zJ8Us30EAJP=ni6hePfA4%|=!a&YbpemfUh>uGM{(0DA%
zix@Y~M&w5>PegMgmr@B%g~+%{7C`l~cliuPw1-iDTo;UZp#G=0o^$Do5aRQjJfe~-
za9R}*yh*q0L^a-2c)=m0&(kl2NQ%UOy`_R*JfSh3Lm78syivIgDC!(eDp(dzffnbH
zR+wHjwAq&wt10rsa3-(A%*}s%I@Im{s?7@C*j*}(%U983cX4HdtF~f*p3e_t-jPE!
zucXEaq#2dd%v}Ou2>ZG9?eyt`nJ5%m%Ey*)WE-T*S++t_hJ$jktty0)Jh_=CGtN4;
zrOTs0D-tB3)$_t`$qD-x!K1s_jr9_|B)0u%;VM#*w<iAvc|h9qm-`Dcqzr&O{PP-1
z&hc-7=P#iM1%yAcT|2Z>P-qnBx8de#z$Z7LhA_pthC(Z<NFI!3*PZ_Y3uyuO4UgmB
zjeti)Ajkl;PKu(N(4hu+QShIquQHhT*dJ#$e*Zq(g8$Z}o<JxhV<;$!mc%41J&`Ud
zI~X0Tfr+$Cr+G>;&Fq|#Tf;|rJT>AH+7WpD^T*AdrOuRxHhYXD@!DOx%8@OtnWNO4
z4J$XZnsZd_spFh$8s;$S5L0&;%zbp{073NzYfM3#zWS!8Q&(Y!i7ul>S)IOGN5_E9
zkY5}dXq_z!hGOR_u2AZ8D|PDxL%agCmUmcKH|ZQJP0l&ew!<_}=+1P7c|&7~O3z8G
zE2mY1{$=MWT@?V71t}}wb@qna0vS0=EmWt(a#6jJT6UdC{euu^=-1o11OaotVV3Y^
zXuqRxTjh^j11(rcXc(TD&K(x3H(Xn`4za@0E%72GeopRoQ!85)>aD6)8_R7dFtLSW
z$(3j_%CsvoTo3D4;-5SKk$L#4ePB-v!&Yhog#n}+s`fAk$QM-ZZz<WFgmwzk*)N8a
z=b?l3^BTLA1`ckw9BBrvP0ii~q@+T%P1*cBdR~g9o~jdT*K{X-dhHOYBq~$|T>`|V
z2{bNXZvcl3*tzwELCJE%jNT^IhM<fYS8I$CzaVKoq)<dZh~tRkrFo0%k~WXVXluhm
zge(7S47x?CBv3R0eMHKK<U53SV2Ds(7~yY9i2U93&mAdrU|MmqC8Jsu7BGvHd`~<Y
z5!IQvh_MJ?PzIEY8;&E+hWHcBuRw`+h=QLG5y*jfz#x&!i&BBq;KFi3_2J_$p$s_j
zRm-3D^9hks$0OfwnQG<zcG^R$evv?w;jc{~I|Lm9o5U_UAsZ=_%}u;x2yN))S1NAg
zAymx&F7K5y>-57$VZ|tIj>L+LG;9yKhj3>~WFX5PVUVN5h+;@=-^tun_lI-#3;T77
zFhPIL2_eiIFuv$XE<X49H#7r8P(95qAnc6*N;!^y9QNe@+cYrc-_9FaT(XCuQi2^I
z6r^|ji;<f1L@Jgc{2&MkDXPVl`wmAmv#PN+HSFTQDL_!+Q_6?I?-artjzW<jD?IM5
zGB$pgnT|bPzQpBy%iRxvg`OharZyZ24LD)S_z+>inCx-eX}h`ny+b!ticPt9!1xk6
zxUdax%;$hKGX$jeoqWIG7Ke<}{yEU05gU5MrMMNd8W&UYclLmJD;&nO+5$g=wu1>p
z=aGV5xz8><g`yL295}f4#PVEFDc)po!B1!(vJEb*ry_rYiVa8jH#6Rf?Ip=j-W2LP
z4!Bqhw#@5iQ0#wov|TG?fR0w~UmfksB7UM$G&v^B<s)UOjx(o|>q5cLUn#EL1o+uI
zQKOT{cE+3uKi}?a%f6TA!(@qD!N{F`38A7W7_N6>JeDMSav*7Xnt8LBYtU>Ghk8<p
zl=G)+5_O61g5}V})aLr*BCGR<RLhXpLn6=FN64Eb22W*x&_dLn0>?Q46}8^kNVYZ3
zM>#1QN!ApmD(NK3c`@U+bk{L!vmezeg6*7bqv#ANy4oFb5)uos+cSHqpthN&s9}9h
zML&dnQLU9tKKUg}we#ex4OuhvA5uogku&ra*=O@y+6AySx-}NMef<q`4K+Kq;s!t|
zL<8(O{`o9K-qFIw!r8*r<ln-q|L$v5b?mj&5dYYcXr+1+YyC;U<#IiY$C|Jx8n#$$
zmeu|&8x~j}Rm|QDAzN#$M>VD%cQk*qf`&_O<$qMlr?ioHKU!RjwPG}a$HmCU#ly&l
zk>khA^*4P7Nj``m^!B=mq0x!RfP>%Ex!&p8b9=tZb@IE<!~cWPuiO1|0MC0g2KTi(
ze69m=@Jz&8VE8v3_kI90{A3<|<ZEI$Df+BO{?XLK88s0e(!B~g-gAGL*zsHuQ7_ry
zC7t)scRsu%zB3VR1c!wXDLj@V2lU<x0qEY7!8V@tQ1ak06ZBkX<k!ZmHwtG&U&I+A
zO=0UH6Zl7Ov0){mT(tY>@Y_!Nk&r5^O0O}a@8rZo<Y1z5&v5woKiBeMckS`<F*oej
zUU085uP>q&ln`>y=)+$`;^5*&p^Rwt1hlXB<*oO_d8}r&5VUYH@i-MR%sZh9C(k@@
zr-soX+}w_v9abSoW8O02UprZpXP;)UER3j-<(LQa@DsfH8P>F&*-~a1ipltdf4r^p
zuyf=^%$4J~yaA<lNvR7fJ~F$a9VUf^Aw5P&w}FWfaFh;gq-Dlhl}D1C9tlM`CEYtu
zr%Nv?Axp?$PB0SZ#DAqOWn{=O+zyCS@gOtJVkkA;%a5i@kddJaLSq{FZi>rgnU|q6
zP0WjPGNz4_%#MbU%Z-&WK?lD~4>R{vC^OkkH-QC2==<hK_r-HFo06bImdn%=JU~f}
z*FgRPi@L0QvYf|EqAm;_<=4COOIEvFk{>WvkxOMjfK4rLL}RVc6hW;F8b};Lb5+zd
zaHCPzw!2P`K$k6r2|=HQSJaJwax%kQ$<tI0sfGV_7M5WfVU)zmFsr)JTinp^vw=CT
z*ZkTUD1ui}i+W3aU++kT%g*Fb6=(H*04b-Mbe(sC!)-nx)=43@Ni^|Mzc*v=I3}d-
z>^8_&bnpDBb8sB{W1qE%O><WdqpblR&93Uvrn{!6oP#B$xpNO$hPJfq@F2LdwMW5i
zs)}=vqwq+ByX?pV(QBc?C@)-yL)tdPCE*U;d7EnPCF*=MheXlv38|y{$RA{f>`>_Z
z0Af>>UV;862L(`D)H$funp(4K#7Ax{7fG>{FdrDy_{1UUc?mGgipQaE2AA0_%e|l8
z7<D==e>0e}7;u?OvAyV689y+zeyK?Iiv9i<7X}nXIxiku!@`lagv|tUA<Z^v}r
zSRjrOj(bUADHh8Lqf&^>N}aN`xAC_v59I3uTCEVM4OLCl#wN)<%ZuNsy!sbgG(Pi-
zZCdYeQf?ZVGX*R!dKNdei`#r99em3xpACKa2NX33EuuQB4Pe)-SXm6>8nxNi9HJFj
zK(7o$%eLMiLaS5YHEBIEa{WD#GE)?KAx0yqq}gdBQ3lcFH25RsDWp(go`8B8>I`*R
zA%!Puriuc6%=v8c(msa02EYbrNUQU&=$2jzSI6VW?oj|m7`jLLW{cck^o?qy;F~kh
zx;1!v*833%hsk#grElc+YLMURAmvNGRRX^C29`GhPcM)~Ah7t3q4o`#L>@-o3V4~)
z-_wEOTi-X9bs)5IbV&O;*nA}*@8~LKpqs#?TZb_%wFUQ^#U%6mhLi1*vV9#9rAwh-
zRLQ6JtE|>7McZ*$+~e@|CEUrbh1*5)vW>oEle|`#H){(_y+*J#&#E3I^Z{9rFeT)S
zDN_22#(_3R*H-HQPler7ea#CFUISA1q=g6TLL*cg`hJxtTxu4+eCf1wu9OSpM>3P2
zfC_1e{uDfAgT|CUgVqo%rNgGgC`chaucCkH)6fSjrF{@f=j80C6F@3tJIDm&j>vXY
zN_%+<=U$DYwa!sl?e)egyMYG#6?{9br5jbI-oSK);t{7=)j1*QB6-o?(pWpYtTWRW
zL@oIFZ7B98wX|xzu}VbLoLY>c^LW0MQ!a<E+xz!sEo@~C3FIdT-e)rT(wux4`>Vol
zGWL7eTtz-L6i$evvX>-lJaFQmt4&###Oq-kIXvBx&(B=5I$I)v+=USk9wu8dfgF$>
z^aseFg7!@!cY+dueI!?P5U*B(Jt9<ngad8jcWt*p`#C=XjUowd;|v2;m}<!c@F6|v
zPmzB?4q!#?k0gTliLLJ;-@ylaW-0#>5420#&)Wqb$i*3O5Q%ro61iiH+Q*aaiSCk^
zmkVq`>jOJDL-&Opw6jQR_5Qs><myLusu%vOwtR@oa)4!9xEtf<boH}=bgY(VtTyKA
zeLSQ_)-@**mtH4o=Ln~V>E~~5hU0XG4OX#Zf(r*6`&BL#pvxRbPwTS_L>))VEgsRi
zhbOm4ia#;^e&ok|>X9!HFLG!XJhJ0`jwsmmDhkd_j%u-nT$FI-z^w^~JduZGPHEeX
znRxrb#L#8%YfThIC#tDqFSnyK-MnKhG?mFZRacxQ>{MP;oScmmdSkUTRBH}SXe*cP
zq*3oKSF?o@wK6iag;~n|1+Ir^i(4~CjKY#$>X$v;Z(I^i_<55&eR*kS=tuDPs=U)9
zE{~eYXgzAE$N!CSK@ABtxB+ON769!N=RYq39qsH*9GyLsTue<Z-2a`<l`mwG6;S@r
z*-$ov7F$PB)2*XjgwqfKawMz-s3Gh^UR%x<6Gu+Q^mgKdJXt0Mh717OI_Yj|KtoG5
zg70*?{bTQKmh)xp_LdK5`oMwjJwb*bKpWrmusw|*rKxtDJb%BpYG&k~Al4&P-6v`d
zRH(Ck4!*t6si-u$xCXNYSg4z<*bZ;Tcn(;2O(vyUNMr^<E5=h}-OfYf<$M}y&8?%R
z<80qZ`NjfnNO7Ur3aZWBM2;eH&AH}^BKA0R(q;v|{#IOPqd`V${h@xjT(zY%E7mD-
zR=t!t>xxdr=<Rt|WoG^uYsjBt-!n+6!J@oy;;v!Ep{tvos&U?glYFEbF}4C9qHCX-
zwYZeJu0!Q~x?Jk8P@@V_r<IvGl-Fv9rPzFO2^s48_o@UZ%+!|_#DX%msEB3hLHiK5
z4mzs>s><&CNi3~70t@(*Tn3?EFA^pa_Dp1bx3~ih1I$vW%~Em)%k`o`kM&O&;$JpJ
z78`>O5N9um+)}1Pwc%-*T@u7)Zp62y*@8$FC}j2H{SPq6*N^VI^Uf;kbjFk+Vd}9*
z3Q*J(#r2T_p&?%yQlT9;+qoNTe06i8jMnHwhNV-cU)MP=a>7itS0|~YFewJl)p}(|
zO7qm2>)vhxK5d0$7O5;l1{SuJgYlXwMO*`)1m*r0wM1P~^fG#5C_BcGoy!<JEINrj
z#qj#^#|Swno?Wf#H_+?kik|j_-+&%5$TA*)#EpiDu}0MQy9Lkj&~vihpq@KsycQnu
zUJwJ?s$#sNn{^52s{F|_jK<C_h_Qu(kFfw^$W$Jif|)Q9NkEkLh-u@eiH@8vf2ta3
z<4kA3gIO4*4;|&NQMI1}hwWk4dQc481q2Fn*+Q~N>=N)uKW#ksAhkHLn^_WLo5Ot8
z7U#v+=P%};KnrxXj^Ty(@QG7naTJ^=zwE-3T!VXEMO#7~n2ftG3z+_n(~W}U^;iRR
zO`w2D=RY^7Q#7&umo1%v^?%MCN|a}8kr@&GWLr1RAembPDE`qZPi`%*s^lRE<cLod
zYAIBN=INi<NRKJH-hAk!@WI9dk|luS{std{VMoNz5+<`TG|hgLVP`$(?)UlmjN6Zf
z2YP4E)sMUV<S;kp6Z+1aA@Px2u&K#qddFEwj$uli5usK_u4AD4Xe*ifCO*Q=b1KT|
zb@j_y?-WLk*d#ID3hzb4+#_+)7Vk9GjK|i~V6uq>=a>x^USzUH8B-3vnPHo1$+X;|
zW{Ek}fEw!#-W$bt9yffwRmx*>C002RVo8@vj$dm&!QE~LlbmMtsX+R@nX`zCs>x7%
zevOzjbmn4`8N_Qy-P{ej17NMORkO208F#m8a(ye8_jGzo&D$tyD&ZAqX1TjBo|CEG
zooq{nHs|KCv|?Tu+8K93rg|5DFd-rqYEY*A6FS4e>6zT7N_$iHSC<fsK}U8h5}7M)
z$r1Vyx5XCz6zpqA-l88Lh#jWNJ70Sp*y*OoA~`k5Ot#x^=yfw-)am$Y^jQ@aaW*j^
z2>S>Y;twW~j$=1r4dR`3_wL?fACZ$KK9DWYfmsT3>HT@sX|zk&X~asDbE*Q%fYS#4
z;WY>^6qg+*QoHzrUx(^@G_8%w%Uw^<|L<@-MdTNY_}z~G0|0q*1NT3Pv43$>T^x-}
zoapTTE81F^IMt}h*lmd-@TBz_9w-49i!AN}AM-0%Wz`5%p`>h@LmP_J(4sBYc4}*)
z!F;{UUeWcDR6-@<(OT_IXR$w;3f}^AN)2&L+L~vEF37MI`l5)g-Iww8;Cl<4JI%Uv
z#s`jb*CiiPKa97~4HGX|$%<x2$a9N75TH)5SJO;PeW=Yvp(RO(-kL(@%pv;Zl6|vf
zh$v^n9?Wx#Od|zO(<IzZ#SM?or1`M{1P8LXIP5Q$WA{kjT9KYQ`Dp6PRE993!0$}u
zr~x^{I9HVhU#E7<fHcSYNefE;5by~E`RBwV0KY_>GmG>-n(V>{U>Ba=DxqlAyJIo^
zZ9Oq3k*oF>5W!xbZUQ)ITd)RRIxKjv1DhU58!Sd3h|7<0$%jRIttN6fdM@|)LXVh}
zG6}Yl3mfjywI*L_@$HnCp>Mh^+bA7~q125hp0sMYVo4;jSUO!90kztc^3@B@eROQy
z3a;^W1R)fx$Q=sBS#o9R1}vp+&e=Zq<j|g_h1P9bIMI!<Si^z>Ghd!6Hu^GLm{$Tc
zFO>+?f3)3X@V8uyzb6c`U#(3+5k$6b#XA0UCLO)&PT*^0NHv0W{bfBjiRPhq-co}P
z#<DFh=d+%nm`T=uhY-{<!N5c*Df2Cwas=*nym9f>rN?wL;8?nS+mSMtpYa7r$l}lV
zirhTtOz?+*{}MzG1LT>-4tUw4jh8@G5T>L5lv6rS8c!?p@hk)Kv>k_k9?75IZlVYn
zgJM5x5o-&sY677LQXzm>zuyuNY9ak1tP%kNO7j~!Z)-B5)=9xY^J-VU{CQ%AGsM!$
zw$g^u7iGlK^y*pjinnA9DL5{e7QeKuzM0jAF%o+OX-15t=0V%)1N<9x47q-vCZ^!B
zj5rg=rP~JtK2_1S-v`$&E$PZF<?M$j>?ULzu?IsAnb?{NU0V?b9Y4YnNq*YWb=z+O
z<uFhCOLE_MU+fS48I<o+VHIUdm>gbO!BXw=@UH-EWITTBH{I!bm=m~kMpA#r={ca5
zTyrlI;|aHwYa*E0ZMDix{x)uU61UKkZ}QylDPR|FEdLK>-xys<xTPJVW81c^j&0kv
zPuQ`Ij&0jEJ9bAW=-B8uU+&DT`R3j=Kkl4W>#X`!>zvwEd++z%4`9wGEOZy0(?`on
z`j+ZfBnFN#=mSup#idlPbUJD05a&c=ruNvl*<MK4nlxWAn@uYZdJG`Ie_ou-Qvj)q
zy|YG|?y4I0Wf?y&RqVF+DP^uK@99|5y{lXG0)$#PB=|yB<*IFvnvW4i7G($eO`R3V
z(iMj*@gZ7QrLfKK?*{Xxg%FI7?3#qFJ`_hdDb}dinfXln0(uQyL6aN{UY;rqny3uN
z%#;>Q`wYeWT|Ph6QC}AGINKD_heo5Y=AQ-|QSHvC5wev({hB9AEJDi_otp%Ji+=#N
zP?NO_1GJf$>pj1pp3yIDey|t3Gq!h+)S&h#kJ7FA+ME!L2;@AYl}wYenPha?@@9ny
zr+Z|RCplRj_8Y^6s~Q~Z_~HGLRK=nBK3c?-l27^>@$@I)LDgwto)mI{I?wSkBUzot
zjjd~kOe?sXmcwAOqXKQwNW_S9D@=T)MHXZ=9-=*wi>a@>_o9^fy6cag8+)!JQY_iE
zF8U{-`D!$Exv8);5v_4zKWQ5?)P>ji#&WX^_A}f09Qi%T87^2{Ulx79jN;kvcHt&4
zI_xVj{~4Uy3;F`4{q=MIH(_P|x&iniCg)u>o-28(C^ypmfcJmNq!HjLZFXOsstxJ?
zW%~Tznbgq6_<tnREgji^BvV1nzMyLw9`s#XX@@{U>de-4nPM4b>!42JCpm=npH))f
z#MeJ&FX_{|Qm9pvYRHexh3^{fesRqbtpB)rZX%Buyx&kvBJNfg>&1fts^6bo9GCr$
zEwJFwr;}U7r!!ol3N_G4Wvy)t-z_j0+|laWA}(qk*D=l77QT*5-f^h6(P+ctQ+0hx
z;^(mSCNln2=s6w4-*O&PEd}lj<55rN9D6!XttUrW@#&BGddCyWuV@mK4(7MExx-aY
z4U%eSLK5y9;qt<>z_B(Q^h-UqZ)n?-HH5lYE|@P4*+v_^`)43&ejMa#DJ)(2{_&n)
zS%T4!s$Gl(8&~ctgy#_Z$SYRC%@wATzO7vIL`JjSBzPr3b3DQfp8C;V^rPE=2Y71@
zDtFsowv!HH5r*8EJ*z)s6XEQgGBiD?8B)uj@!%oc`2bixH3~iOKVbCfIFpddCnkAx
zYbIoir=}UM8z3XYYs$Qa04|0>k{{DuP=x)Hutn&oL?l)THL~fg_EK|mAUFGNr&L_?
zhl1>xF{4Xf5ctE{vDjd!I`LU=AGJz=_I!S}^1Mpge38Lbr5fMrl`|X2D~)<*M3Hac
z8ua)jfyoaiM`O<DZ9GO1uC)|)Nr6C{V1ba9?cT+ZZy%I`OL;C4Ad*(fSYzb5oO(gm
z3qP(5ORqL327gdml)oz*XtI8n?uvm#t5zquX5K5mB#&sgj!@kz8-dqG3sB7u4?14X
zmv3tP1*hAN=ZbD|x2nAVFt>;vKjGJ9megtNR<5DJpk?GRGC0W^f=Ca?BA>8=<zV_Z
ziDrcVL~EHlQm>q~<Fz@=@zBO>1s{H8TBS1RInKBfC$vn`tZB0a?@OJ?>8kAK&YpLE
z&_K?unl@&myq3E2PALsR)xp>1i0dDDex3wdQ2<eshUrw}td9MOg8pn#543b*vQe&5
zQ_HmKu0;t^ftYTWU4P=q!jK+dQx<K<x<?~##sR-e32k$k_Vw+@5^mBTj7Ygem)v+M
zRJu;RMmImI9f7L{-4b=1Lt1H8>O{6dyBlp_M2wM4j&<2ugkHpH<FN!-JZ9ARfPC}R
zFMG$P1hMM7%g1KDJ&hIa@1WImcMqqRz@q*xDwnqN&7$@c#TYW{>Xe5sE4Dk2`kd1j
ztd-EC#+fi4slK$>A}bLEZEMuTJ$`~$mJ%jI#;b|IN^4TynmGrN?ULh=g$?Wm@p%qQ
z(?rb?;VmNF_V>qO;@G#fyRP#Go;+$4OH!rABG3KN+BEpAg;y$Fb4c4YL#$Y#oJ7}b
zW*cZ!1YADbO}%feO{Az{r$#vS%g@)}nWX2~J<d*kM?N($Z)X(BqwZjtF+pE%7*m20
z)^Bx;qiGf1IQFLbwk05uv9R7S1(Qe3rqUtV|Kxl9`_s$3RYy>x>cO(FTbD^w@|Qqs
zioCHxKkB4{16d}J^eCANS`&)E%=m#hr&YpWAu_~jPV$c|uQwNBQWkqAfvbPnSyOEO
z^zal?FN2u3hMeGZrl?68^vY{}tbLKa1Ru$OFCwC(P=ZMknZ2~-T}J6vlBD~4XKpc?
zQ1JQUarZtsrybnj(x)j<;g4hv>!aLHZ=~~Z_8zmA+a&7KrOKP6YB%p!Mc$;-K6#H%
z>->u_@SoOAID8$7+%vtY6PN{fKd_@liC8y9JU0;Oha$2aip1Aq>JlqZlkD}XECm=Z
z<rF<fr$ouX6CsS6)lw1lm*Zkn(ztg?sCQ5L>HGN7_KMCdUz=A6)Fc;iPMXKiJ~JSE
z)NF2kehMb}^Y_)6*^~@WsU59&6%$Uoc;6)frmcA?KeKJG!NJ#0>`(#1qz~!WTDT7G
zMv3wa(K^_g6oSL6W`(DsFHDD)GK34ZPM)dz+zPZ<mWQ3KlF8X;O&EhuSTDLrH0!WD
z-7#3OH?)~jdg*W;rI7Y~YXpW3kp{`bJ`%qIR5M>1P&`Ybw9clXwKv!K6_f+1@hTl0
z&3|1obsp6rg;2grd)<uyyy=pc?}o18M;4X({5@u@jNb)fKHwLt#E&DTO{U_=K$Hwe
zs26`r3#rwKibmE}3gSW*@D)8!A?lfsFmkx>pDmH4Hbi=pNOGqB8kzSG&o3KQ6E~^i
zAg2|Y`h*M;>9~uB<nQIyuP-3^TddO>&s{4WEdaA4Zh)3ddg7_}lshoL`~L0!F9=e;
z76c=(8F*b^3j(w+v9y1mzM<;oV(no0PmqHgbzN0_b>t63J|FYJcT{jIa>_vMiBTuz
zK?bu>sYX3i7>FR9p-T`^&aSg_<Qtumkz}UR;EJe2(PEhjtI5GH3L5>C<y0Op>r?oB
z=F3Zk1f#NbmdEeKckA8#@AXli;t%L+-0j$W%p768n0y$0mFqczK%y_tlzh!7L9cFd
z@jiY7L{h@Qs9fajl(PWz_uG?vbWKtKoT!Rk>X@xCc@Q=xj9V7Y;w478gAD!2-+L{c
zS^8m#qn|OwTg&`3`NK^#qWSE`7BPv3U9Mpq1+yg;6;fu&-rg#0a$b)qQ9V|FAUDvo
zZAnUx?hgu4njS)%dD7w!?FEt-YEsTjXdKH-_gl>^Fi}hGwY)o{=MN|!?i<1Vsj&mE
zyHk7k5_?R|Ai^HQ&Ia8$gxWNbn)jGXzh~T^;`q#`GGVti5o{tHPbY#B1Zt+}p(8tg
z$bE!C__|KrfsG-p8yMu~anbi)my`r2Br2ZroIcw~?55|q|Kk5V^zfiIH?woyHjC8L
z&&cSLnbUs{WOWReZkH)#uTN@<@!g)b*n|tLEG1Koh_OtoDQ2<a^{bDcab3_GasKlC
ze!)Lfa)z>mw27k>1&c4o9!ZZnYcDXtN27Hp6dfTig|I;qVq2uiXtPQgZBuJ5ls^o~
zK`_x7fp@4%Pu;Wc7VSk8#Io{g#qU1WuA<~&2i33}FmQ{jb|UU5*L~+4E3z)nNJTpC
z$WD}oUE&x)LhDxjJLeGz8Dv3eUL7;jg&bn%RqAoKK&5ebsh&M>EdBc=EEs{+;p``x
zr5>mF^1vC(5ohz(2Q=PrmRk2TlN`f=VT8~l7=(h;s;nQ%Y5?X|$Wv+;>5{Sp{soW!
zq)GWv?P!Y#xPhAz7yy<k5{1&GD0~@|$TOfbw9xtj);CLu(*qfNM!zh$w9|t-RI@$I
z*&DiOc?gCNTM}gWFGvVZ2wXqn1IS0Id%)Qm=G$Tx40$tHkWA&+YLy%HvdlZ~Mzc*x
zfKqrL5LBjU`2%cFwRhWnN$qvYf{3)(iRk9ODoX3~s?G{Daf{nqS%ycBRI(jUoM-g-
znOC)afO~X42sX(B4T~EjCtU=~;pP`Sl$B?!zW$XFgw>C4@>Y~1>Hq@VLM5|JLK>0}
zLqMw5+e}ejXvBgK&r5`FE_&!;cRNn>UH8r1h+j>0L%`mZlMY>$JLiM0(!@YRR1%oX
zglI(*O}?FJR(82BYHkvKVgXd6tGI2#K?1F`gu0qYXj!*8LF^LO<uX^NH)<(&$g|X%
zs$x%G8;Y7rW_dq>MY3td&XBm)G)=tlnweY1^wyAlcRWvZe?PR;zUa2U*fWdZK$+Iz
z37l_O-A%`kDIOaUrB9M%C_e%Z|4T&9{o0u+q~7EBoI;=8+DV$Mo;g!$z3~)Lf1SOP
zY6G4-?0f(d%CM&I-(R_xbT@M%x8Q#YwvOnmcPMc#YF{z^cT9gtisa=l@K6gpxZ9S`
zpAzV&7U?pOT7FW;d-~eo3+<A)zUB(9D#Z|S2MD>?5zQYdc7JB93z%T`ao=PY&!TlN
zck}=59zVGL(o74xz*poN^<dgJ8P$4+ws|Z$LtJ<CS)hNkFi5blei;4y=ZrYitB-#8
zl@Ue1$VvbHu9~`ov5VLL!fGqg_)3dkUIV=JeCNy|kYMBnXpx;$P%C<JBHvLNyHFbG
z(;?B9cF$SqMZ+@OEq;EFp;W%XERyg8{^Bx>tjM$*p_R?6ZuGrD($3A*enh2)yDuqw
zJ^N7b%)853yc^qz_Xl;t--$Z@{)1p9x;+3CG?+AunVxv`OWz3VhBgleg?SP>?TMJg
zNKOnq$(NbYNJI>|?q<Lolm>+%9i3z^DS!sWKK&0{UG%l9s-qEQfOa>{9`iQp4QFjc
z`VgP52xh_`ryl{CF#%p--)+dfSWvR?6<M=ou`M`hj}E2_QCkkHOG|6Y&8J?v?Per7
zv}YyK=yjtNP8vHnOHaLQ`ODH9?bCbUKLph^FZ{zYl>nIoTxQdB@UgJ!nn}-x%_a(y
z*0BkHLJ|{Otk>0^+hJbL#g|R2CTSmkPAqM>Y|LRJh73khc!@tgDz2AST3UDM@T4uS
zU}K74H0_^IP?-L`3^>0ufhEgQpWeRq0CyXH#>j{p3ahB{+EVUxchFh6y=?K=T{;Yd
z-_p>qhax$`u{_@XZHzs<W+O4NURj_EW>wYM8>4aGlFoW-ArV=%8F}$#ee(;60tneH
zHFkkoPfQXm9=5wrh><U&HMm?^VN9ktpO|l~9l$v7U16{*pYNQBNe0_nBM4Gggpf{M
zHQ1K3q0U%+5VtlNo7O|0UCyLC91nGS3>y9Ab`z!}#(@z?>7bstmq~(l!YP<?jUtFy
z&j>{GrQKzN&D)2A9sBOtO$L<R#JElksr%Xuz}qzCel<*G08-~#a(6&~V5S0}F0~rO
zXa?cSJjXJam(7<oG|?69Qus+J6zARH?F$lRFtD6aRoy)Qgu{<aJB_e3SN=Q$s7!pJ
zOIoS02R+BTujwb4hdL&Um3a%(KH(?(j!qLObyq&6)E%?7X<;4h^@Xl%I?}7v3aMkk
z511AA-dKlHOZn5~AlZ{VGsJP2kfUvL3n<uiCV<42#nKPvqxoaI75zBDsql!mZ><2<
z6dD>C=fZZH!860kN)VTnG|VWm3|0{hOhCe<(q_|MSe$O8rjE06ql+EWOzEZu!*<E_
zm|QYk_G89YaH(6IOAV(y1vKOAbgbeu0wVmZ{EXaiC7o5pG&B)bj3=EY?Pea({^iSH
zdBmL`Oxi1BRpHkfuaBbDYgm_;?BF7|$gCx_z$JV*z$-sD{zc8a0%87`+z-dkmX9cC
zt87LvqypmvF1v7qsVLbysSO5Y6=MIe$}0csDD~R0h`jVHfWuhIL~X%S))7~0RrvEB
z@{aLL;LZWLWGCSt><CUp3c2KvFR%diLlZP8xRY>4c&7ynEGs0EP~*qw>YphrVrPvZ
zsGvl{`CX$vzq$a4I7k8d<NS$_+5n5V7Q6h!dQ52O^S!V_=txAJw(1ryrL5q`R4_!B
z@hf3}=<rQfHy(fqc#Xaga6$oEQ5>KDViyN`w(~DF&)&C<3WB0&1(NT59KzGctg;2^
zWZ}imKM6bT+M~F8^k}?WEE36vgAnmnPXsz+)i+Dpj(j%zk?tqoB6I-(?)-(T2a21{
z1e=Nq{NF&C=83Z7>A!Ic8$URYVdl*Elu;*5U*wc-3$}TNX{_d#QAfF!i#keU6I|lv
ze^}z@dPR^SU2pnv`5!(>lwY{ky-W)Ia{@)eIZOEdHI`8Mn&tibE#-eC(0`st<opMU
z71<A599>yZOuz@ch%*E*2w(x&90a)R{A{78*|O-ue%8*F<9`BwQy!%$zd8H9X?FB$
zIxC|)$Ir{p8)|OUAJ*#}eV*DRt=^;5#C#U^*}_)JiSb?vl{Po(aM|uu)|KHcg3VnK
zniTh2QR9=q$y$R9Y*{X60UatzOo^>HHjR+GD&1ZpGZ`1E^Ra>oUI$kL^PN9wZ2g8C
zY>U!Hyc2WY3oj{qCW9mC<#40DQEZebBSQpv<e!k=f3RAw6wQpfewb-2?w@=yzJI?6
z1Sp+uL9;f<j9H`j;3M5nL)@w`{JgoKpwjliLHrgnBg83O{(=78s*bb#$nVq*F=0RN
zmjYqRgmKrXa(E&(TzGsww1*3IBLfSVq#hu~{c&=N)Q%ZEynZ4BzODY3TqsX?!(>})
zy7CY3e-6v_w17hIS6#D*|Eg{O_IUN5!XgfEa`_Utvvzd&&pGQqiW{CewtsInC+t)K
za=mi%!yGCqF$05AL9<RVhFrm+nlk$qc~*V9nWqOAx;L;~H0Op3u!>ikJ&#kOn&aGk
zJ1ATCj%DCQ*1PkkT{>NwjO~?RXXvgwJpS$GYPJuoJtha_rM^F0T+kO;3<eg|Gx(Ym
zIEI>+7JNJ`Aav<z1X<;)g;qa9!Sx2{rw}~Il4pEO42XxcV}bBUb6-!O|7DaeWhKGL
zc%tI18>g$Hpsr%E*<9=^!OH5aK6$jqS6VW<dY9y^q>*I|qhXg0FAzy!tr&$xFCI&U
zzF7DgxAp9|l_0M=e+$3Q;9YU*gvPU836>KD-v+zPR%UJ%b{UeCmiDcSW?d^;g*NA&
zvbnj~K`LzUZ;5DpOAT^K)&;lgAeSxBFuFO^9}v7yqWLR=gM}oe2R$WhF1l2-lu3nY
zFc#_oH&LNcC#$xKVQgcdebFs5!z$G^79*}kw60~ZtM&ln3~FfqQABIDS3u4$4!K4r
zENPY{Wb&r%A*u`=rcXl}TlHAi$f@j`c32a_Lfg0X>glQ_rYmV1;l^@^zUZY0hBA)>
zx2f`}k#5qg%uXu4wVl-a42fn2Tm`ER{0uw?F^Rbc9tOvWS4_tW%D<pJ@Zm4{`lM!*
zy5nUGQN0sc>l4vYOk|cNK{i`#2i1*NVk*)x`B+}eF+JFhP)v$Q6ja=Oc|YCp!U7bn
z`YJJEntgSF@ngF*vjf;;q=iJ_qy~f9D8}9Nq;ZNkP??$#>hfY@s7T^c*kxN@U!91x
znb>%~O6P(EQ^dVt=x<!i#G&>GTY&B`XStZ==c?_P(}{Ri6woD_Hd3a)BAT=t%P*;R
z>KT4Ws+eUW7D3y(fsG^n=ybqAMir+syAHhPv-DQ0Rp6$U0wL^UT;#5^t@&1TmqO|k
zRJ2w5to8SF*<XBvG9n0)m(<<T_{wi@@!zI$D_X7K1ArLt3s1BcdtXw1J@Z5Zy=9?r
zb@RtfNOimTu_nqOM-$vu?@-(HG>Xa1(Xx`JLV@o}Wdg>wNaz$Y8@>;iInHHRP7Say
zngS7L^1|>W3-BRTgu}6_-{Do|+83!!<iEF{2~TrDvINar5N|#ZUuJ`u#Gnr5j5=4C
zNmAe-{VF(S1DuyjNJgl;Eg8E9FoXP+b_reRh+?c(-dMF~nlJPpku67e?A<HYe~j|+
zSfpw3o4DJdn2q-j^t{9Ijnt}hg8u|J!0IEz-@ju4d!t^#J6J@a+-eHuH=ms!xJDQC
z6?noggzGDCrQtkH5pruNN*3xM`ODH7g|+qQ7L#k!UlxgYjqLBe)0s$mZB5$&ADBk7
z%QHPU)C>|@er1&WD1E-ic3}Ly3c?6fK&=~G%sGbIphV@MnJ6`Ak7`0%ZoQx^E$$Kk
z@=*{1VWr>_(2zJ^PjxOZnqh6o0!AVj>c`^0#&^Lts218m#YS@vx3dQ(bb>Vrn*JF6
zt{y51JUBk6tFM!}FTA*P4SIoWIZj(bGE`P3QUS>|LNPQAUeSFTrEC#zj8^-RosxG9
zzg`T1*p_rcZauS>p`fxjy^)f<1j2POMjYvRU7G_WcQB5lEr*^0#IyUVZRO*I{l4F7
zxas*<Hd(EKqLRv2)hhj}TK_)t;y<{N{}XzWsxqK3_#N2~E|j#8I6t>X8Ob3+G6pNS
ztTGb&@^@njMT>o_?x3R=>rK9=&?I-sF!D`6*7@{IRz{m6)$8-aBVvC1BJbq!+VKXr
zMY%zRREBMs%PbC?7T1j!E4x0%#OwKb@{2Tpgv9<!ii{gm=kNx%d0MUnKFy&ToDmf`
zOU^|KlbUwB6k$br9}-Ub?TMd*geaOhxyX)JeF{{RD#4;%u31hMLz1jW9i7?DCyoyb
zPPrL_8e{b!C^NJ`R>&I<5@}oS#o`*ev8s4aIG#0jD0IoTbh<oYC(^9G#$3{b3lXf)
zwKbJxDO}c&GRz=ngS!BLZn=@xMw@4CYbt}~<qD2T3;+IOHoe{7u$S%E-21#$PJx&Z
zrJ;Gf9{f73cs4(oA<qv;p8`=>&h^u8Zc1doslU~S^BS?7qb0q9<ExZP^F;ebKh9V7
zz5k05+@#gEZTDC8;{6KMzmNL;-$j;V;{?8a#VT~?3G4Ga-c^2VbS%tD11bdMt90Wq
zf-Gs5?X?{yVZUf3o*0TfKDNbnzwg!7Wg1-o&I>3nXlF=ZV(VPVW|K0$wX{~uDoz?b
z`%%RjPtmR0v-7%GM$DGWtq-Z&kSl$>0!9bI+?}^(wj8}?<zAct=I^qi3=N3EZsv+z
zvN32H{4yPJ4XrV+K}xS%wzKA^4@&qxG-Qj<hQS9utLX3L1++HEr&fTi`^rp)oxmMi
zE200!LW6+(V;Ar1hWz)3;p@!N#gfU`$=KA&oXO4D($3n%mC4o3*ul)$#f-_$*uj#?
z#?{S^$;sHo)!c>YpWB2|yU!}VubV6I^&b5DZNh(DN?cCqKdwnGBO_{TXXpA~ZGy6Z
z;t(^kpMowJMM;S-h6R*SKk>lus#4$*Ef{&_rGkwL*1noY)RV596g+&)8}%>+gAho)
z+uzIFtL>cg*}67Qknpw2!VnH3JV71!5;0t;731<vx--_WBIXuYEK?LDidnHj^@H}Q
z5F8l3U7hrhc)ikREiEdBs}iJz?1Y4RSkd)y%Z2N%t=72>76<~<VtZR)cJck5=Uy7n
z9>s3<-fCvEf|Zu9ERe6u4|h!gI;nt=maL8{KCxK<#o8p(7#D5}OXKi4hTc+CTvzRC
zAu{$bb+Th)HsL)HfC_4(b=xrE^jIg4gWIv$d`*cvk)C__q?p7VAZZAd0#`*W<a!O4
zop%TaGtS1kkyo#PLN%Q+xlOkQ2T6!4PM3IyM6Zf32RBE*AyAF(j}aZB-g#HAu=WD=
z&#@^ABa}TM0|BYk|G(&_{7Y>9GbR^$umJSs##-L32{XzZGggxCQeYuD6B27A=g7?I
zklG;uV4|$wiSd$QgW!UQcYEn}F_1@K3JXQPE9)_}Z~JVuGqxA*F*^M9RzFa8&pUAo
zgOvmP?Y;83^6~e`5iEOMs!)B<%;7Dg>V6tCeFY_!lxqZ{^W{dX5(IF^N=u_Fw5jq0
z(;cz!<W0yqWQ~|{Y6@^>?+0Mhw-{%D@71&8_HeI;-L+?5fnfdo4b;)=zhX2~87N+e
zQ`fQ|!i8=g65rfwGG%yquAPaCz5(N7{NiTz%*9~=M?AVA($;TO^c==8060Qg)??~`
z4g$@6+}hffeGEVeLET{01pvXocI@ohn{PXSYvYEpJHxPJB&>~>7}{}vl9%$#zI_1n
z{o14UO}gWLI1<g*6FNCoj&t3q2|R2!M{gZ9)RRX_(o+(s0lgjkpbTJ|eOJJ9aQ#l`
zaFljw+88|X>6^y8nC=j7Z&|v-yOa9G<~HXoi)%<zd$^Aos|7t?WA;_KNSs_}6C>
zbn#k&PcZQHd4$UTDFu9HNQF{S63C_}IMoV>o5;(+H*!hX@z0%rlQS^8MNLl2=pH;^
zLR<?hdAl`CZEXTYH(L1FpTEZG(!!7|MVh!7Hq{X&#w)Vr5^B@$_gM<UKZ3+w1{P$f
z%uXc)SPrXme&$W)O7FHF5=GRqj(PT^bY$`R9d^ZS#LzpHI>hNa3#tix)qCy_BjSbO
zWB)CiQ9Tm>v_9tR88Sf?Q?1x>!Pd)XQ}$QT@)k0g$?K;f%X4Oj-_U_B<xT_oSmBM&
zTi`@ICm>VT-{h99?-Qx_l`7fr>HSAT><{ywee2hrc!ZMmu|z@}s>;gI`G=b7UVcS%
z{4Fg8wJ%jz-c?^J%&X5bJupRZm40`P0vx#u&)ar=mImU_*&F9NePxx?`*c&a*J{6}
z43y65#%ph$Y<hanyMtg~ewkUQ99P^<-@Uk?>|xTUs~f1R9_6W@{q+(^g&EQv^;GdP
zmk;&4_l<W<nh5|%90!r!+v8B_vtBBYsz0NUKDdy8{UPHnSJ6GKsH~{vpe@GeGl-m{
zE6$BNJq<lnzmu5x>pfY%=oUhKc~C=-ZOxoDCL(@XcSIb4^E`^DmbF}U^OJD>r1dX-
zUSHH&e7duR_a*7CbldtnFKutp4X+Xy7B%m*B|z0%uM1~wl~JH&169|Ip+TZwZQGLJ
zuhB>cUuzoBU>o)U)*`l9!&TQBmVmZOIn8jL6Phw-oxkbEPD_yFiwPDkKDn~9lA38K
z-h1CBtGdPAQ(a+Da(OTee&%;BsXEt=Y0kK>mwWr(MOcf#SQN{cPQrlC$cYaRCbktX
z>FzVt{jui0`?-{mYg1tn6F65XsW>%0;)<DIQ=WBNbFGmn1LyrG&ro3+Jui(JeSnG8
zHrg9*()PKhJ<-4KN>5QdhwI+x4}0Phc{&r<q!dUQBJfvt0~U+gcqvTJY;n~PZ@0#I
zlSWacZMPs233S1a^lr&iO)p>BXmg=IS1rsjMTCNV?l3+^Fe=t=`&DYuINItKev7GX
z<uj_vmxea>b{zA%Kx0!M+Uj2{WK)@s4AoWFX{&1NCwN?;;w`QBaIQ(JL4UAyWj$)H
zF|#(J<`857wKZ9MZN9J~dCWX`$MbwAm%DeTTSf4K=PUCsbZ7_Ql8I#tx|EV%vOTdq
zR_Lp1os}vp#{SDDE?RxHQ6$E9yd7LOG4u8uZJWBIq8tx&iwNxBAl*~Zqt|{=<0?B<
z_4eyxrtgzibom=cFR1x6p!vcxelCC%1sb#2Y$OB3m&Y+t9g1g<v^QLU^jiSw!uqq4
zkJca;p@LE{5-K}|MmXmQ2j}=T<>h4z1I1JxyC)gzjpSH6tpzg<Vml3a-bS@&b$_N3
zBuirT#oXbl<+UiAAmin3*yTfbh6!h_r!Se;ytJ9Z&Zuw6`cEEhZu?H@h7tjmv-!*@
zt_rG54Vu?M(y|%T>fWxW`H$mQ(i!26A*xAII>DHCPow+W5=rxxd)3*3_cBQSiFx-x
zs!@4`eY&4*uIa`MH8_c)lU0-NL&zJC%zDk;nQAiYS<^j$z%iFNGu8}Q_-EW6=J_ne
zY%611Gxo$=N}ZI9aJF_7W4rhtqP-K{p?L=`3)3>z!2AGKS&L|JDOby%%qG^+O)JRS
znKlO+%F7t$$q11qW-~YmN(D)KyZm*1<6Xl{hNncF%|XR+q=HG%!htTzSO`ZnbXkWF
z&y{|GEM(pXM@=hQ^cm0+fT~kkOOob>19q>a;i(LiS+X8kY6(}=;<At$nw!IL1HT!I
zQE?gDigS6K`ctfWB7h56MtQn$daJ6%cZ8O0aq<Cpg(lM;^=!qN+gJV)?@DpDQt6S@
z)KyOVcsA9;0I)9^bzfV7=!qlz<om7JH5Ua1Q!tHb6Y+$!JQN7Kr|>W;X4RqG<CR?o
zK$b@#?s;I3m{U3w(V!$QexM@zMyz1XK=M7vtC3;I=4aR?pqbRAPXg_f4zaF=6EyQX
z35+hoFXULM8d&ji_JD{vG4gK+agEn`Y|n^-4X|01g&{dX=NaUYvB5VmhzM~kQ&tug
z*4F}>Che%UXwG`P98ZCG`yG3Ykr0f!>tdv7HTH!FY4#jXiH0(JGJIK5e^|wX^V(Tb
z=`QRG!P5xrNn@uJIOj8_7&+%tryMxvbEXJ!-_QhwvAv->j29~&mUcZ=a3qY#Db9cm
zc>2GxfE3;qL;Rb#qej(X6>A2;Xy|;q+;4$%RV7|TcQUKYID#U_(+S#1;t4u>zz0i)
z@|uZEy5!Cc`ivB7Qc<&8jd9JRmPmSeGq??)$2i@wRqw|9{+&m4<)deHO;tt3<8zO>
zc5_0WHR=S|A1kXNY6Jr8FHb<smaB{d#}wTbZt;DfkL~d=072KdFs!B_HjGhjuAYH%
zU5rTn9^;*T-tfLD5;PN=8Y+}Q->H%9Y5EQ|3ws*-*D^E0Z&eVanMTRwRMnKf)+Q0y
zGKuj9grg0XMB#<{^}4~58T?-Y+$NR?RC_Q8UDx_tl)*6OYdKfED1l=@ScF_)!UH`&
zL8~Nt(|4O|{5S1j@aa3^^Fs{&<8G1QBOoM#fr+u9!*jsEk(Av65SJf5o;c>s(UNf5
zJ_L#nSWxe`-l=DsE<T8iGY}(jyCo$bV<LL6hl~I{S3F`xX<9BHGx&iUH{y(oNChVh
zu6u#8G8JuxkVrMUG0ZKWEiQrjeBDYp8r{U993YOXKur40dKpE$Pzw!h7lH5^UtZ2`
zspGJn>>Qi0ICCBy<d{MMg`S^^q2}SPA!--Ac&!wgve``4K?K%3K6zG;JHF+)%KgUy
zm-h^eJLBTL813AH-nO24QsiJ<)JX4WPM4pG|9pE;_r!=eFt3dLk*c6HBx_km!8j;B
zDd>#9%t=&BU3=ebP{6(3Z4!Ym>ST<iWrRVH#AYLY6c72&hWZ5(p^H+xZvAd;hq0vy
zq*>v_oq&35Fe1F?EWuLpC_cKutTTEIbte}AC)c#GsM`zz-?ld2YfuZp<x!w2^8^B4
zclrjObPNi^^5+C=2u>Z9+LHDt!r$M)Em*P3RNV$&b#`T7P$1H7fx%Y|I!;tK?sPX7
zI2O%v7(F%B%@B_z|9TkKLqk{1SY>O{@6<;F;XaMP_o$L??RDPrkKe4n!i6K8fU}u2
zbY`>}61mVliTk<mv#42`3-@BsX?465`htofnZdxyi{#fU7yaCHne?{FGd`xk>{*^s
zE~Y2kgGTv~lcf_Lhu1@Ys!(0!#u33q#RDfBHHECcXmdDf=MIis?rZ4D{y_ND=|QCG
zt<Log^-~Cs$@zGYw3qP^+cE!!;HsuR4bt$f=mv0Fp=t;LdgX4fen>cZaZgH7J~nL@
znQbU2ar5FvIlqrLpwOcL$s<;@UzveFSm5M$_c9tTk|)9+n^aHOvga4g+lY=sL4}v1
zr`HP29cpsO-ncMsCpq|M5E6&pvetx6lGy{)Uq$1zLBWsc78D07K@ib@z38g2d?Yp0
z*c+8?r<e}N05scDJwE>9jw6Wg#4I~&rs%Co!K20(F*wh^eC0Lyd%Y5%VEB$ZiFD9P
z1Sqe6G`mtnbvv(4LG_^f)|aQnPrjHoZkDx?IsSfl@z)ltXzO~qR%XgeJZx$#_UriA
z27Uezp2+jq_kJ$?$lZ<YFzBT}t2=%WGz#zQH>~*Js>BHTkj0DGf!4ZZju6O4FXjs1
zeIV(XsuD9j!3by~!Tr`RO<+)@V_SsQjp(R^gOGSliC<XpmSaPk%5s0s0Qij!u|t7K
zn@XUE0;zSp4Vh@d#=Ys&uYtr_yIppM#Cp%7O#wo4+Z){lTKMg>fGyR7Hu=OaT!g%H
zO@6^f^{=qp1Yv|<BTg#~X0G(DU<G0Jw8ZlI($Jp8%Om_eSL`88(k;5Q7pcg2vNJO3
zqcHv!9~|2PQ78aZm5nvF@niTP2E5u;Q+l*0Apjy#1M-AVKGhKBB2s~><yQa<H_^)=
zJvKy>G0b#eqS80hemHSvEXpB%ZY0b>o$|0MBa}@rK`m&1k#Up3K}fUblHn^6)`gL4
zK|Qd%e%2@4pF=EKpnd)3>~-qckZGpu)uY^6!4*!S4hCEqXOP&CS0Gt&@X+BC-ETuR
z=z#bQYCR*qy(iEKTaM@O>%`$@D_U*+d56>#m4se6RJ^jIIU;?@@{aAGQY#)Qa`|Ud
zm&8&lUXek(YAV^4noX2y$41dJur{{1D+XFOmc3n#Jr6u*1IdSnpA9+_4TTdpf}yiP
zqr5h89N9Wget5A9qc$X_-?F5Zeqpw9PH+a<T;&Wu-ht?DN;qC40ekxgXc6Ox|JcK2
zx<;$PcGGum%%}b;fp98@xPJKMHq(4BpXA5am7`r<<$ZkWVS(q#8(~lK{f(I%qtQ)V
z`czmd#fh*Q%7HX#2_Af28ileMnxX=_zXNF_wV0|x+N|gx2XlmBj>?&7zy`0vh);Xh
zA6p8PJuS$RFm$Gg+U|u$NnZ@;f)hGEMZ;fPG6x_F9dSoT<x=JD&JqD~f<1$y!~9jk
z_LV{MV@e<~DCWLL9e6Zv1Xgt#hs{%aiX!@g8YV&frXKYb4+BO#hDHYdouFCM`Zn(f
zvqbyA1GclEFNOy0Z;9*F#lD+X3aYAL+YfKuFBc73R1E6K9Sh1<49bQ8Zh>ua_Q%5l
z*OO*?8V6?~sKRa_<)@aD5jLi8c=H3}$u9HB6?o$=O5<*s*}&|0P+l@*A32=AIObaz
z{S$-sHTLG0Tqx29i07bUJ%&H!?@w^TkRM4kKMEjEH5<1an{(e3IC&JZKLci!Ss2=v
zn|D2;A^X@Fo&v20ib^4cV2uY%LE)mt;NkZC7lSTDwVn8MnZs+vI)0i>&`}*P{5~Tw
z;0giCJa8BA#C=a<zdfg@GZkKa@Xdk3iA2SzK`<lF9JjI;mr#>3bEB>fk5(KK(!Nz>
zd7{dCQ>}ixAbIwrhv)YU(W#d{WcYqaWL_qADA27_Bq6H?FJ?k7X3CFlghxF}o~{tR
z{M_tjUmALDE*HGofQCQFcunXLiqyd88!E8ta}N7C=*As~1CuV#4*hE6cpmTPO#L{7
z!VNMz8VEo{97LTSxpRh@88vQ44&NvB?nIXavf{_mIl~*odI8|#hGGGjE2e@DV>eI4
z5B~U6=@Eho&We)kjJ9Izmq^68M6krTe<6`$eME_0UO@^|J>kWoZRN$vIHHe*``5Ej
z;$NWkgAbOA1p>~kz}E}yo5n|bFt^VRIOf`)GW_M)7;k+$6@vRABKtL<z|iC%S{q4~
z;3E4KLLayf*x&XkexwZuZ691U-p0dD^s$k=U0Xj<O;qI!2u&R9%uEV#l7BK91FY~S
z`f3LHV!ysqf9Oel=*uIyhds_UV*-wEvJ_7WJ_8EO9#BQ@-3D*r2cP89WA2P;83TCQ
zk-N2E`5K@Qi;&`s7<|LruMrr-Oxq#+$v#E8kuLx&qq`Kx!-oey(oQ}&F`33h^kUJR
z7-stE=7Kd%c%F?Y41zfT0w1uB!(G>u-Qm8s{@oa!d%T<BXE)ZH0Zem?n%9VLcn+gG
z&e2NOj3|-1;_%yK*?>B!QF~H^w&>h;QM0}GLM%aQ7w0nUNTf(#UomtbBMYo&^j*C$
zz`3q`P;vzFDZL%}Z=~#vvonVv!8IVMYvCH8ymWlCw-GQFoeCO{r3uMzP>le*5lYvV
z3Z546XBO!FZQYbGgBqzHLqB|d3djhnw)J=9oLdkQfAs9i$-!Yl67?KJS?<JcA*8I-
zD^Ompp;(uyQ!T8F(xmoHRC+)?c`_GSHZ&&gMeKN@j2RJ4h<6-7^@V0E(La{qm&42X
z3&ec`ap*?^TD)O%0#VkY^7`MOaQI^+jgkBj6@ggSVE&MGz}0I;fAFjQwvh2Fm`I_F
z8y^b$UokNU#<CK(!5NA89BfHf(=i8U$SZI2(^8L9F~tMT7PA)no|;}ah%Ktu81*(m
z(;}2yd7*D+z#+^FhPte07rrjsN4I2w9Y;*ubyS=!v(~vBug;vUY3`*h+;E-H7||2s
z;SNI9nFsbgJ*4CxigcgD32$t2Vy%d=<GBnIVzdg8QlsFz&LRgyA>(KV>tGTvd@-2w
zO62U^lEZ^Kz>qUB{!MZ{rz)wCBQZRHbaQB5gvWKMR9KrBEk4Qx5N;l{7t8v(=@_Cf
zqION(ZOm;RyeS0lHPQ`VO4+)3e9$*B_9y~Bo78)seI83zT!<d)-8m6EB6@_lTMB+u
z9lfI#Mf6641)eJsh<+hqBp}|XZ&Dq3n#HVOK@rWMEghVZx@l=a5udI-F@s$GF(LNA
z>WwPQzoHUDSj|af*!Zvw_06ko|EGB;J&(`~3~^Vin1|lo+hxmjS0|1?o<cBpo0wi_
zAa`42yBpo!MwpnMg|YxVJDG__A|a6vPRn`W_nqQ7Xi4Ra(1#!RCSs)-5q1!THefd>
zQ+@&k?V6xuYz{;RDMm>$Dv#S4&LAcoxq;rxL5mmsLdsHS$}D0Lk<1cu!OkYUa_DSE
zQQSlhm`y+$7HGsM6@W4TsLq15jeG|LS4PZ>g1n9`|5|AeDi-4Uqj5Ni(2J1R%rm}W
zlby~<(-}8v1zDTWJfdS6m$qX!jZm!V(hq@tS*#;Z!M4#k6}HDXb$zppT0Taxb*j~h
zh8w{E1hz*x`Eb-?uAV%d%W}UE+Q8%qot5j^=A#~|EWOG|mh>;Dn7_&0Mfazo=4q&X
zEb^~DhizaJMAt_wtsFI1m8#ZeTCb=#<>+znAxHOyW<ZnZ;8szyk<|n2i~dC1=e*_{
zO7mVUzj9UnU>;t$urK~_H$rO@HEe)|ir_O&Sp)OhbHHY5RcUXBp27G#DA$0%Z^8!{
z@ncrxH_DxlEjzfvdP-y5BRwhR+{pj5DF+{CE`}(HMD^!d49B=V|0~9JHiVm#RS@Fh
zRRc>~b7ASiK)QuMy}NrQ*OL9Gg$v)Vw)V(uNLmm4Z-4#+vV0wUDdB$BgP%dj)A-M}
zL)d!{2jTuL6_NI=5wg)c!tdvy(Id(ABK(k5!)#8e0L)sf*#Y~#*?M98keWR&!1r#D
z_z0{5;ckfV5xVQdCpcfy52&3;O&XOxsId`}EinS=0lNG={%_>svS@w~7ozw`gyBNu
zyt6;Uq@DO&pYGj=;AwzpO9IU7#}F#`l;_=+Jb`k|%K4$(VgiB0LoT*9`}N)APGa)j
zxEjdJB2xTDg~Q-y56b%szv)X_-sNglAM7u+T}^Q>;L8j9JACe@#PPmFS=?H_aRVyd
zoF*-JA^NqK0AYQyKPq|xX}}w6fj-6%W2fNA$;F)#oc-kp$U{o5vD@ILxtq{l6el=7
zMs`I6RJWrV_<__nG{X_I`KjFBh@$eShd<;<9<l5w{D(OAxIIvR7->Q>iwaLGLm;Z4
z;}?qUagW4_M}e17&uf)hX_XA81C!3_ZjgiFtidU);*^_dRPK{s6@irR*SZ5Vb2#eW
z8{~SoSNRmgSIGf(3W0%06bc<iF6jqI6#L_MPvA4!rO+PSEzlm|d;v)yI5MOM)HMZl
z3z$$e(#&GgVa_t&&}l1}#ZQbt-_&>p@K2`->S1@Ek0xBc9bFqHt7aT~@Rl&#!TlY0
zLTwyfj|Dp>>Pm4iQtb>by|0H)p@v@QSNN?oe?JBN3891Nmb;`L^*h5N(kdqg2P<Wc
zRS)|<Lu8`xrqR0FAR+%iYgCS9%&ia;pZO{LkIVGcK{{Pl<bi7O(L$6c5C%Y2+jcm?
zs%n4_88xmUT25cu$drm!KAnGyZ#@-R%D|Vq@pFhcu9Oo*f;yN)aU!%SrNFGum{}M{
zm=hm%F=gJVmleu_&UBzECiq!KaEW%`xWa|ATB&*mM^lF50A=<swWxh16xFCK$ENjL
z5g2n3PCAqaZDxoy{Pkb)G7B^FWRK1qmeGrYoEL~i5xKc+1FDF^6M6D-g)qTMbnJY&
zU}G8B7?qhK>s+Mdl#Ca2c2RO3$f{jNxrCtj<h<s+O$Eta*L8z*RP=KUrUA2BaVBSr
z`gmTRwY%9pMFT~<QE!)8J;hQeBxPYywXm+->-bAWLefcWlT7?VazKO*?jX@4vOSA5
zA`47N?W9#3+Y0mIz0rzn<U=TCjb!+oH{TuJA$EnkJYy4ypbG6&<o>tl`b-+Ti1?JZ
zBiy9FHEJ&HI6-eCS*mF`XA|A%Zq%4=?BGhg=HWOg1i6xHyh1&o7M&I-6Zuu37F?4i
zM)n-#leiJeD?zdyU`Z*q`8_UQLesUujFSi!gTkgVIFN_weWxsjp@Cn2sY&mRi`H#y
zfw7SDa(yeO8;{?C3+O*{zopcPH#r{Kjn`kgvbZa{C38!dp4CW3?Ykudwgp9y;y$OY
z?TAv`g&uNQ4}M-Uz&m%lh?1MX&G-==Q6HAK%H56Y^2BHL6wCfbiR<sWHsm=t<MKp-
zsx@R)|9nOwvLy@#;5;@wmN}vAf+kHN=v<%7@~dW-S<cinICQ9|(<M>wfcB<FS5Ea|
zXve3daJ|`ad6O(z6IR(&RN?=w!Y`$A4o@S#nxI0@9g1GTkYs`--H=smMNIRUfbJtI
zGyf~aBq@bd{_k`>6f5TC7>SNoP=5Um>-S8a@1Cv!XT@jnrXG;&tD)TuQdHB+qFD)S
zf~m^%Ce4eViCLBv4?I>SZyA4l0#Gx8n?VE}BT4tCcVJ@%3BA#UKXk=Jxf`+o*Yi%A
zxXpv|QB}qFK<6<Bo!NGJ<?O@}3fg2C%0wCG$k<xy&TKvB4Lx<SBE4m?i(1@5#2$)`
zmWc8{w<xjB%c!yL&yk}YrxCmlWjE9PBjkb7bd-^DI&9WM#SF>hloxu@k(6DG#F>K#
z6}1#%zrS3y?!yW8&wi>VV(!32c@C-YfO~6}&;`{>t%i~dB~$x{ml~n-Q<Mo(@u5K{
zTT$XBV^cQB?WJ>P4D<bNJm-~<&=fSg*#~~Hdb<bdb@5{D^{{T}_c$D67w9fX0ff`!
zBknA-qVr|Wu!_M%?g!qPB5YcJ;s9WbTL@F@%yj8`f3~6NX#DFo5YoCP099KvtgS1!
zHio)MwUs`*QCm(F%eAy5<9Z#?wc7}*N)I}xZd(rNLph`ws?DtIBkR`DH;V!2%H1+X
z?~$fUQV)l(Z6JC2jEd{fX)0r9R40n@oF58R5q&8%S1S3wshbxF5t`c}tEr-Z=v&Wj
zQ7^bQYDd!^UIZeIvVB5#D8UN+QO%UU*Y&r8gzAF*b*V@<K8Iu|6~6SH)RJJ~@K0pq
zM!cblB!$Ey?WRspK~=|5IO!Fl+;kwu011iv41Qx3;ouLraNG735U!8cBM16~yg*T&
zZ;_KnbIQ*_n88c~HNKETsdY57Z=?L|6EM@z5}Y&87Mal_a;|~`EU%yXx1Z&*+xJ38
zNjok56!D3&{)&vx;2j6?2T4MSvLAAc&qyv4KU&8re5BK+9abnDKZu+r3@0dlkfpul
z=-qO691tBOQ5kWU*dJA`k*1wf=(9?8lGluO%8tJE$$ngUOx%A)oSj&9RHF8tRnQ8S
zN$eUfOZken0Ds${`&Vs*mh#HA`EY@#@>@7}VJ}{o)N}EZZz&9-6DBxl-V<e7`UtKm
zn^JScLYCn|M^>V3RNN%gbml9`GwaijxHaHMM`L6#YLJ_I-t@VV2qDKXBSsqYIgZPG
z^BiD+CN|i~nP-qM$Ti!?9ZQ62Pi?hpOGjHY>}2p_yEu~Z5N_tpqMY<ht7tmunaVcz
z9HJ(`nygpjncvncedLT&<og<(-0zTyIfD8mMRgeqwAo=-ujD-eQbl9{kz;EoGrJ_o
zI7$dkugSuXj-s7ba2YnJ_Zq(klsIrkD`=S2<wNh59+?#{K$dMJudA%<buJ)Q%X5I<
zHht<BP;FHLMok-Nt(6XU+%32Z^+b<UHPgii9A^m(U0X{)kB=s&1!MBfSa6ye$IdN6
z^tG$PWWdd8nR{$k1pi8`B*XqY6GxIil8BEVm7dLf?I!x_;^;VoAzPLSI78P1Bi)K9
z??t+_xOfJ1zB{GR=C=ljJUQ>O@{i%wB|A^5vhzS890Et#ZE~)S*xwl+z7nMtiSLcD
z+CBNfnc(0{+ss-Q;QPz|A@v{3@&qtVOTx^W1n_C)9rY3fHia|bTjVQ$k}jc=6|_vx
z<YH@*aifp=D$@v?)K;<konV`<Syo}#B_tLF%6U;YDvOBq2@ragSl9#kr!bw{(Wwc;
zQJ)Z4II({;f9C`0D|HY)Va1e;YVT!>4BFjd9%mNFV*L^~7T{*1XT>;07Ra8b4((-A
zyCV@MP|WAY^R9%P%exFO7ccEZE$D)+GA>ODD=4L-0bO`tqY|Fm4jwAbb}i|Afl3h@
z+Hpos3T_dDDkXJ+ZredAXWtU6LL*W5(ob5Z!Q8q>$fmpzvL^=ZPGp}vnh00<dJ2MG
zki#ouPtSk7Y<nU6Hr{vR93DN`^9F<v)k6F2#^T>{;V||&!(GR7aNfLUE>)Z8n;KGA
zUrpf|v4sap0u@3Ym;<j`iTNQt=RbqVl1Lw2$KJCF;(6sxh%&G%G~2%0sEC=EVQQAI
zK`2kwd)L=Rk@pf6*M^UKzkCkIEg|#^wRUA2+6Hu~uACYAthB32k>M>j9_)?o@+SAe
zRWyw=ScrC?1}dE5k1NSeIG8hwJcxj%qAhzdYv(8q6ysx7!5M{iB5PD)pi9vjC+k3Z
zRxUenEw@z(0;C>>7+Vl?)v<=MPEqxz&}bBKVJ?cdG)1xA8BsAs8RJ6A9{N7hql%o^
z*S%P)`&q6-;^IXq1repG_PY4D*7u%w3KLpiw4kyK5qcclAAjgE>{66{Vn#?SDpQ`(
zO~&85JzOBC&6MzJ8x|aPrqtERRxcm_n#;30I&X(;?_{TtmDg{y6IfeNRsTqwZ~Pui
zwzbaU-pZ@Zbz=Jh;&YH7u%P-<9gf~sNfv0IUyQChUC{T2SqG0t)6g|mLoE?NI)9cI
z(De=B+{qrUd1~%T6>rx795?wMRA{fsTjIy)P`y2po#Xw0`J10&PsF(wi`6N`oQ%GN
zG7#0OjxoIU^jqVFc|uWbknrgtvxYu`_$h9BL2b#k2ZdU>rZ7VbL&;HE<*I6WS0H8#
z9?;@}Qit9l%%|Kw+#7ElKya?HIwa^0j<4hxzPc>*McnkSaA3cXmu-QMwiHIpEz#{o
zLLYC%NMO9m4Og(>e_DRSyl42c4`{puJ&v|C4Rp8?p-;LA_)$Hm)h~f9=@Q&IvbSUf
z)xEdqxrtj?6#WTAUB3~{*n8TfrSO?dIEY|)L2c&m@H7t78}@1`dwspX)9=(~TCFjA
ze&@J`O#GBh3~~cD9aTIakA(NDRxE}M#spJ&)QU9TNC-68r7UTcUzV_2;c0vDiLVow
zEx*!y=LbPsg0@cFkmie%G(tQ?c0I}Yw(<F8K5w+!%neEj<Y{h(i?TJ)KcWwu&Au4^
zeqIzZqlFa}gM(?F$#yQ*hKDF3QaZhC6@?ddN|KpnJ>ZwMx_g|m?i(a^_QqQ~Q_xJw
zX3n*Vl|3gQfxQLI_~5KVl^a0sE(E-l)^W&VU5zT8$fBfRTu|)v!rZ@qrbch0I+^!j
z<%fAw2M4Nj5(cz>{)^CR|L4)`<d<9!0Pg?d%KR?~B2h<&f1t_S{tMpa_w!j7O%i)-
zCzTAmus<I_BBBNXNoruvu>jS$dzv(SZX&;23QAf?GJtGXv+>${^>wUlENb`|KK5R9
zy>q?XcU@@^%$N1~{(0|a%gD*d@yx@2vb^#qwJGQmxNpy=f)JoNrV&<z^Ol%%5T5<E
zL3Yd|JPYS7JQp2gfO_AU-xFkja$ouXI6J2xO`>Scc9(72w%ujhwr$(CZQJ%=?5Zx?
zw#})zcV=SdzTL?<`H&|fpAwO|&$rjg_X&K0_LP}958Og{D9vvJ>7hNr6}X1-l$&`E
z<U?@gp9u@(Lwab)mjm&kI$;*bgMJg7Nek>ndT7bF1M#6g;TG72eiN993-m>LXv)_E
z`J_5w7wAKug?tDL`+Ats!#X_Og^OVkDss5Yc(A8Sn68m17ESb6L9kFpgbLexTl+CN
z(*PIL)V1W$$rLe7!U@}y%#X*-mM=i8dY0kEWQEp<0hcB{nJcdvgaWrBo<)ldViY_<
z#ekGThCLw2=@!qrPsVZ?r6>TfR9b!-Bx!23E(5~xqVai6t3_X3o3-5bkYb>?fJy;O
zaJU7wN#HS~51tepmWL%AQTpk5dZG36whn`iaOfNb!seZ;P;i{w1Du14**Rl`X4E;q
zxy;BN##YCtjcr|_!m@KB84gU#ekQ15pr*tLD)0A7hYG{0f7;gJ-CRI%G6oDgv&sh~
zGHqu0->Guk6rtm&t^ka}e{Clt%=W@`M8{GzFjf|A)<lP+Ir+4R<!024KsG}baTRqp
zaLk-JR$?;RyT0n3{DPd;44$ixIvJ0T3E_eRv+bOXrr8a)cPYxUI1j4fp%=P{*yzoB
zMFH;KV{BY7yl2LmH&`*X;h6AkHPQDv&W+I7PV+YFxJ?L3AThE*U1%1{w&|r?m<;=u
z)Ic05-=egxu4Qf@^?u0#1-kA$tZA!>(%3-}UnCO-IUSr0w7XKIbDw<FX}IFg^g~;p
zJrw~D{I#f7b$04OF)e0q44n%&;^acaLA>MDIVTc?O4cT#jXmSBzs0Crm=nj~$eX~S
z?b=r}a8g*`FjqqGT_Rt}-{KVF$Bw<sF8e2^?w2^~R=W6(*(}<|3n`!DDy2Rw8^2dX
zB5Do42O@)$U*l+4iz`3B)uJ%uPo_-75`S3!U5p7>u7!ejo+K%ICRc`R%vv4^pPXoa
zq$YH}?+!Oe+8p=YXj2YK7h8OnEp?>GJrX@lftwOKk~?BM0yyJVhqEUi0zkKV18l6D
zR>7EkHcFYV?krc4PWgPbb#U1;XxO>k?rf8SggP$6B|pNhtDKm-nR}*H9O%iB@cwK|
z3!{D&)tXpAZpy)%FJz8Cy(0-lY{^LI(aq*zonSt3x|Pr;Tsql}9qnpQun#|vxh;fn
z?a_sJv5|W@g<$c0OXX<EDVbxw-X`c>dAC=f`WEhy4**BD4XmTW54r%jcXA@@{IMhJ
zg6kAFg54<b0>e<_`qilMLbM{+Z)^d}{c@__v^=FRls7Jsbzye$AIk39xAQxY0I!{%
z$mfBiNW0)?>Rw2`{1?*~G=S2L0AT(mdQa%4CemzoDDrrRIMOaCul5D=<}xx5a=YL~
z_Jt1cFEFp>h4aP<^$)yn?;d(Tz48aq3m{Sts89KJawm=27xY6CP#36I^TK*#h1v(_
z+q1{sZ>Ri0_A(W@4b-P{yS~##?F;@P3%Cy4u6g0T@e*4c^(i_7W}Wa$0^t>hFYv)Y
zD)aujUeIVY#<ytT;T(xPoaCWaCAhCqFQBP6#M3Yb1V5-ZGzwDk$I$?V(11l9sMo8f
z`Wqc`)C<RgkB%$achdk%nQ*F;k*d>C^HY-hqdF3C2&e`kAClB7%7T%PQ|=gZqGl77
z1t^)Ia>&SnR~fT%=uH2rGJ)j~S_)*HgI=1*$XA;NGMiZ4q0s=JPIc<%(tw{%fYtBG
zhGrY{*wJ2vm`;+>FR}*9Du%aCy%)%{{(U?Nsvo5dK^Gs@AL7W^E>8CweR98=*ZITt
zM*`6=*c>buC>nPM?S7&6|E5h-dzQn<2!8!a;{Wwa?7tf-{@+PpWjiYqTNwjega6}(
zuHlAsR~DI5*|a<AktQ3TG$O-+B-w>Q7Kae)AB)M){vD{#5lo0V$S-aP5$5iXgXg{%
zgAQTNBaaA~zejuKSzlXwUQ>QPUg=&3eo%Mz{G)Qc>ijx5KRY|S`q_WB+|he6d{2~L
zP{FyswhdCCFZ{65DtSRHF|r2$nqX19>S0nCT9x}uwOZ3V(qPo--e^HhnAt-++F;Zj
zt|{89D=T9w9(01er3)u-6|-NX2a9z56;&Tfmi?(f0SN^=d4mw8H9+zz(G*Z-2_p=Q
zg5yA@t)T;&DrWL~b6n_Zfl6H4S8Y%@U>a~lD0U13c)~5=(QGVp>6+BS^EgnMP>2b-
zSd18!QTV&Se-{pKl!&x<97|6bq6kc_JtOyG_YqMEnV8ZQo`g`Bp>yVNR655@m|MlP
zuM=YsXm$S5t_w@1$y1KvMPOCD-gA9cE=9~qhMdI2h|%XCG^&7UY&<H~s!>mrOuCQL
zo7sZ~!NSxU+oJ|mVQLTUXu^BPEtBp%wkJffGqfjQZVd03N<<2RNp@;EZxrvF!fQt?
zW4coxYhhTk+G8KLdFTUgT@84469@F?{Jo%SUF_;;&uQ?&=t^sN$5<a&`Ha3azW6=j
z%DB|Oe`#7D7UiY$MC794$n)b?G`y(~cz2%>(~gD3k0FSu{X6u_A$jx?RZ+#(EUY70
zkdkw<B%ZLcBQ_4}B|RVx`z1I)4(la3Kn}ZoyWb4Pd#V2z<|8WLANEUN06o@AVgNYI
zM^ykl_6s|(9^;J)@VD)b71-BM|1zxiP(M4Y_hf$?toLZY8?5)g{%2So^Br(7U-KO?
zu&??4IM|P1@}~-Dt_BP-x^VZPL+LN+(SI%<f}=tZ5r+jGQdE*>mO=v}5MK_^fl@)Q
zyJsH}ExVOmS>8l~gMpw<LoP}}COrtl(TonkTMq7d9Nl&}Tl8@B(L?W}yTAzD&}hmb
zsq^^*oim1bW-Ng%`U88NYYw}e@;3F34~6=m%gvbvQ5u-lm1E?XLn^2wMv5lp9cSEx
z?crLaj9n)CIE7f1wVslXgYu|>1McI4_OLNnwUru*>|PB;0fhUNR@8SvtOJd&1s|RI
zA|~!vdmjLofyz65n+{$g3FQnu<Z2z9$|-tC`pOEJm~{N=n6pUtWmWnLDsn^~8eUjk
zq)MTg$<zf$ArKq^&oV`6w&IG?<gg>qH032g`4fz?fiS9*JqNW4E!0v%_#txDWd#?Y
z!Jt-F7pIb&()R~U+1y^gSw>_|Tsiqe)N$CYoCzk4ItsNc136Yj0${1>pjBsMRl_>1
z5?Z?453%fo|0yj=*e9bBw(#?=k4$YyWg%4;vq7VwsHm!KNSoC-Njd^GODgGb6pcHT
z%}ikBk>FKVMc2h5;)+$kA^<Eb$<$|&t!alYQu@e`&Tc4Zl`kZqS#i^9vv0F8TpgCW
zRuYEp+4wo%jvbm5WOmxSph}!-TGxrLgF=s}(ZjN$H={Era{fK!poMA=Ni8ZBbc{{M
zr_$muQ1{?O7Q076NQgx2QX7<O8LcT%Nh8b+qOaXgHd#y<u_e_O04dl^$698Xqnbtg
zJBzBSc>lV)Yj#&HoX!;`3AVcxjd)X@fJ^M0R6tdN71`;I5fQw*U#BH7-$Kce`v&bR
zRy0~i{gTtUrF}esS%gxfqL%v1WjoK;H&jZ$46yi17XzWn81QITzc@oNpQU_*1p}iN
zat=le^Y1lDH+Xp)*Fl2#i-z4qR@7vnuAMwgG%3GXo{eeMLCqMjQE#k~?meDt$=ai^
zJMq&*igx7uZ4_AU+Z=Rq64Lwq1F_c~&MgOZyRLy)l*!*8M4Ue7;4h<amva|vX<2M(
zq8@Kj0Pd1k)#)%sWEF3Y8t`boIM5PBi=%>c5Gz)Bq^pHY2?<K@zy_YA$_aT)R;I6@
zg-%dhA#6Tax>HxC|A6@8F&kHk&aGdH9#tQO?xQWu9~b+5x0m*kf}X^XA=`wu5sQA$
zupO1tp+#;QA3hjWlOB-97{zE@jgIEtfKuk=KqPy&CvL0#cT<!(D2Z`YYRj=2UCaUC
zK0?O8@%!DqAzr`^EUAM21L%*}?lz3Ck$v!h0$2<Pg*DNI+K8lmXRMyrEyF*?5K;*f
z`9P&^jvxRhY#9N{=j|h&o&tBG8fbybJt%%JiMGZxbxM&Yib+gudF4@Lwf*9pzDYYz
z)L(AtW0lmqAPo@>-4C!nlN(%2dEHc|&uUT?llusZa-M%t+xze|4{=;`EMGA!4YfS5
z5t-<IyPbNBCxGqxGW0lmfWinCBr<<G{|JatB4f<56WR2gA$)0vI((Tue2&VIr~p*)
zZZP(MH6JI_^0e9Qs%BU4-w9TF^^WwowMx>IgNj=mNsr{Q4`ER5?SP9?NW>tphJri+
zeF7uvBtr%x)Myjtk<>WO<W8kCfr{`s7|AAzL&Y-*N`A_`RzDASN&_7TEoB+8*y_ro
z-9||0J4BLBSJM7T;%UCD0~p%M3htz*X$fL6SZ)^_T93IC$R@E|Hix^h#Kc(ua`%a$
z3f2wtVErFlIu-@3+YQhHrbL^YAAz;73o3ghaUA=J9H*)yY;wxF050c0M49EMA8s?D
zC2>_+eEF5WObpkU*AdS7R42ZW<3-MgHW&b+Psv6e=Nuz}{&*#Hfv6_r_hQ7%d)&1=
zRveKc_~pOEPdVL94o>B=K##`4`kW?ie7s5swHT!>E(2Q_xme|x@RzHOTT*zHxN54l
z^|Jzqqn7amRmcL2D}{}0jrL=(Ni@2GD1OgrXRhVA#YG53G~*$+8{SP^KmS&c@vf?O
zHcqLO@4bUQu2(x*-{J8%E{~#|CVCZ45BrJr#(xSOljEC_TcJK-6R;`Jd^{9wFD&vM
zYKK^P#Aly`po=DXpA8eV<aUP#eB{qnJlF{H^{fKEoD@I>c)S|{8({tKi|#fZ)w%Rc
z^|%8pU7)2#p`9|F4ZIeCAJln{aCuGqO8-zc=dV?5I=SG9Kk8Ic;fE)JtJnj{^I83m
z*62>?xs<sd`4S=dP9SjenVkda9+qRiI;(b@_?h-kZZ;XC$O54zM`B5`0c9n`V;r58
zO$6fs{GLmA_9a$MPySwBO%aCx2iaK1{~V=5E4w@)6O}#$L1c*Hc0U}MQ4aE|wJjE3
z{2Tu5Zw{awZp&cX^!@1i0Fq;BueKG4fPOj#S0O=Q_cOu*@qI+#OX4J=BCtOi>V?FD
znP+_dJCMps!Y<^AlHgPdKjv**4H-8W3Q(6Qs6|>TWp*)&5l6@*5<Fb%SoacT)f#cK
zxSqf9yVXu+lD)rb?(uGH;msQ(rfsHRNCm{=MMbF`x~KhH5zxf=rWu~ON}VN>I>==p
z#-ug>S*$&^?{;wv<pGAwMlv$2;7M%McoW;I&>~1ggk^LH19mW|<Ot5x#R;n<f^JFl
z7#{-1i`$Vfz{*6_7(kJd*WA&{gcn^S8xgm_P+~Y6!z9M5d#^~0Bt7v2oRFRKX;|eu
zp{q~Vvcc--qEu+r&_-ReOUQVU6L*|7n^xn22iiB$?Y=rJTWDf;vkfLK)X{2R#kmVq
zJarx3G>4<7V)BMZ8qrCFpBUlSgha9{T*G7Mf4_67&i;PqEY-xobx3T&L;^nbGT&u}
zU@`0S57rbnRmU9VW1QeaeCNJEcJLqi3Z{6UFK2CQ1G0n~-pm+on-Z%iXyE}?EMT)m
zq2`K2%?U=$8HSu)%oL_FJA5lDq7cqXS{`&xo#B@nm!OT(LiKYd=wprt2=q<qQiJ43
zgAW^Pl!I<G<7gH{p^KNIYkdjkERQc7N!$IJzq2c?=>?x#X`U+3+R=qKGJ9fg|I}0~
z+D>sx!#Z|czgj#=q9|#C@}A+El25(9KVM_Bw;IlA&9B2VrHIX8A39Kvky?a_dg%PU
z@i<fFF&ZmV=`-ae)i+sZV@p#t+RGzIRlNpeMpZCHc-%_x+|1E2pR-W(n(o18j*ZPs
zt-85TsRNk3wW|)(v6MFwDcEI~evTXjfj^`P8bzzV)h_ikY9wV%tLX$?4Sj+23*62+
zl8{=1K9$T(%8Xh+USa!=`D^vjdAKcHdbzwhnN+pBin9b&%%^HmFo}C(WsIuoVNuYE
zsg1e5kGq@jQ#^xlv@k5kpe7U6#zISc2jYmMabd-%4?VFOFRCWy?up;n6hZKRbf(b}
zJRUe?0Iw~M@nE&dvdV|64PoBp;=rygTVn4A*b{4mu@9)&GcQ_)YMt6)TL*OMQ*Q{Z
z$hN~`<>TRnaqm#JBYz39(hqLlu&==Rg}v|Cto*(n_`Jd7;cu9?T?2<V0C&e|GQf8Y
z5v%9s3H8}^xPX`2A#g_u8&u+e%pIY;p_%qSzHxT{O}!&h9hhd1iPPV5qt=b1JD~Fe
zs>aeCHQR;thTIxX+okn}-5O!v(fNSc8WOtU^92UK^?KoN-w`tCA0-0iL$$c+81ttW
zX2U_!*^x>B){7XpX~BRB1E{}<ULH=Ghvh+J-3mJ%gGumikBG-|pDdXmse-oc5ey=U
zm!6+WE+O)etO7WK&2<y)P~k{56Vt`32EaoGy7>06A+Sxk2?s-|$w@>QV+o{#gdLc2
zgFm_yGcn3#^>Vz&#>6>-?z4yN?K*9$U}I|<#U?=Bk1L>ZfdT42Y)yAy)8DHpr(3ec
zaFGXd6kCOgsZ<@8m9dramTgDv(&U|%OPswL%Vbm94pWYMS)iFLPGXsW5D%%-;@^=4
zO%#=|@_#p?_73?_h~W!g+#x8<Fhp966b3;eL*<0nvt=FZF#-Me6mL0kx{fyz^}$42
zDaA!D=}_mhfl{;JX+~Jq#qLjJbIX^_x$BI$SL9RIL|yAL2{ISzE7*@qUPXxiw#@U{
z&)f-(;ZbcKt<ePMLSFk|3FW@<fxB}@A#co)JI2O%(xpaa;kk0XzAAoQCyV=&gUkP6
zn}58Zw(&xy4yc3qbv)B<b?Hd5o04p6e?yyG4t-VpfKWnC$t!n?Drv`l`RoPx$MH@m
z+1E7Y``PDvTQM@J%~teZ^iY?=MA<^#Ts)e4wsb{060WzQEA%7kw*VMd@^GVn#-!^W
zFqF8b0*BR6dHoVNsBA|M?olRgc6U^go8z4{`Sry?X)E{}!`vdFam9wU3H-cT!=pgK
z#FTOtS3f4r`sw^EV&Rwt@60$j_p3ZP{?!3F=PL#IAHeu1$14YU-cEFqVH|Omb?2iq
zHwaBXH04ZZv|)!8rEhnLVaNKo#<tY72RrA!*!V1;Q0(I`&KbX%Rxf<9{W1=;zLDD(
zVA+0R4uy96M)6^!StvQwQw|yDLB)h9W?}qnQrY2ELl7{4It?-@1`>0<V6uTa&2Wez
zBOQ{NL5q5j+3*#;q0hq?6PKeOBDeK(0Jvsn--EfMpTKlte=ps#0+#Tpx1@k1xWACI
z|8l@Js&h`6H{v0WE-E(xxAOqc#J~J(8bnJ<e5?DxS1NPR?!dby%5CxIA|TiK73%y9
zUX5{KO66GYgr8OJId(~lOL;J1N*i3s+(K{BWak$349i7w$3+sA6k!z`X?88_S;@j?
zSB15TNLTDxCTlEa%rR+<3^ajABJqkLztFR`@V62XkC=$Ne^Iws$Ij`fHO+;%rqr5n
zv)&DG0%b$NC(idpZDWl_b_rT9R?ym#&uOR!7ij`ebYUz!$ZI<q_Mo}Y>^qVxfmNsc
znnGc-n(ipe1I+GxKh#Kh1Sdl8aP$FmcSt|`-(ok83%5|x09a!MwYgnK)T5*r`2O?p
zQoDXecjVOgo_~Wf>H%6~U~PLE?Xb&<pL(H>3ukbJTM_H0bpcO9M(+50QC*sy19MmQ
z)1ZSy>?@4MtgihIv>Nn%qaTSm9gau#Z~)#|pv-h9#{}wplP2D-Rx!D#&we!pzO&z@
z+=u%mi&GQm?9_TPr*M+bW=Z?@sxv08ZE8{GB9Uwf=DgXcB!;he>1FX2(ek<lnxN$>
z1WT6LN}LQ6tyxOr%!<@GP?#vXBC4KDI`6-p=OW$-isw#K1L6e9_+VDs;T>-fA$E-H
z33J@l_LNXUd1MU6d{+Yg4Fov@@kP)pa=asj)X^)2zd?D&*3Cus6{v>(JGC}5;h=dT
z^)&nr++Ubr7_k~Yet0>-GU2vrX0(lIPF)@=SsKH==j`Uo+}8j~rlN!`ZC0O}fBK0d
zNJw(}0NKuCFM7z&GDW1~%#&Td+Y28Dw`;2I>i0tKa~BV~NrYS{K>Z;>?UkeA5vTg_
zSAIbh@yYAg{y?F+g;tmR-B0xaMK?H9ymYOlygX9g$tJqk!dO`giRdyQw-C43LL;kF
zo4R<YdNyZth6VT36Tb*x%9fyvGpkWfz@3>YF83_ud@9cB!Fg=gQWYh9_x@m~+&5Dk
zp)ZauDvs8Z!0bz4ij8N&+C?GMZ;WS9YB$K8DG+tnQXXt9M@kh*si&z7-WxL#-a~yd
z3jTuoBbuJ`HD(q3(R#QH@k+JwePUc%RrD4bYq63wC+_0$`_9Q#`-P~aPCU)ntFUTQ
zHoCx>t3*ZiRa0_7RbI<srr=Y&BTTVXC)IgkJR*4_n~65OJ9&<+>?0l?jU$e*=CiZH
zt|%*fTFuo5UU_NqiBBCxO{aemRCx;es0v+dF}cg8RE6a)$Q2<RrQ+z6GcE(KX=7ne
zt+_`QAi%%$jTad+Mep~p?w&P+SrEs)lCewA%25!Omwp3dew8eCrn4sU_PDJ)GNLML
z`g&kDvbQ|86=QP<8gC}d+^%{Ggq%0@2W@YN1q1vCO{J1IyFOVuUM^y<A+-VWvnQFZ
zJM-*AB^r08{nngemQ<nVz&%j4E|#4~k}q`TLz9+tj06jterbB?9xKa8m0o|d@+8^)
zD4dM@DlN}65V0sahVO$wjuBZ{x?g1>UUd54IpbOs;+oR%S`+M3My_BF9+n}@6_h;5
zLMmvm4CC420*?c>wk4V4{XMa(o9ytFegk|em(6ifd8wR&*-uYa#H^^8xsVN_Y`w?{
zuF(vwzNy2DERpeWc||J(o)*Zv%URoB&kmluLUO3s_rg)P;+LMfiTCWTq$Hw;BS>8f
z)vs!eSBh_QlXpbAeF{lt${PC#HHFTkxhC0+tF#x`<#&A#r7nwB>=j$p;foQw(#wFR
zl+Eh!RT-<Mm_jhag}?r*OV(xOeE8Y>^2mm&`tLCrS-WAT*S@Bj4#T#lY%N(7`0hmd
zrCFGNab3kUx8}3uxc8iVs{fTdt>xI&ZBD3*==`M{L^O5EWIpHrJ0fZsHtP8hcYBJ+
zuzuf?7(5Z%Z2fc2=t<R4LY#Pv-yW$dZfjrQX9N3pQIi1fTK4+|cI?~2E7CDRE%^Ir
z*{8nWsP{|*;O#|hHRVj<X~_sS-~s*HwJYH%r-zAUbInx6$!L<fMq_dOi3+AgZ8zAo
zWfK>mI0`panP{}u^62(Z_WeL*?fTYZw(AGqmKXAP{J8wUPLvSpJcQgV#ub2)Lnz?<
zn?9$fMws247HCH1K(O}Yw~q)O3<{{d{6mOPAwn<e=dKvzFJEMG{vry&IE?TLLxeYg
zzBIZ}eGo?E<}d>d!car_)g&=Mf<qvBxMB~blRIw2kumgY(&)672QDrAwp|-#ABz!@
zzLfj1#SqFCrEJfX5w$JC!o7^+Ck=nv9(J_`ACd7AoF4KHIDH9Bj{z4(*hX=>#qA98
zBbm5WLL8(A@bJ(a?bi`SivfUkk)TBa%TXu|6Y7Oq%;_zKQ#pj3kz0t=XwX0lWgk$b
z00<4z(TLQ-5gby|sAf?bdpL+F$C35w5<UNl))tk!LhD-$aX)parqR{Hp#d>_L=7_9
zL|4QUvJM&U^4fHG1({{TV7Jljk{>eKv|EVF5psaXJ%*Mql?{^E$gC2n4I<=WvJ4_N
zDJkoOQ^TqYD%&*BLR~l%xABBMTTX=y>f`Wt<B%0fD**5vPJ@;%-P4#AK*%x4U44rZ
zFQseP=#KHW*jtu|R1fvvSln>a9rSJYhd_6J07t&YUY(}aZDlIySFH<Dodqx8eC^k5
z>Qk({+`Dpjoev?L<#srHGyZVcTHPM;W%<iW3IU(P>+o@{^lb<=L9g>8vR+4Mq@A`A
zpsluI4}97Bwx~+><AO`<W3N*l$3cfQw$nD@q%v)=MXpl^y!gsf##0;Ir0_gm+SP|%
zX#;Z3QL8bft4G@Dcx>s4uQA6fU)oJBG2?39IMplk;(#tKXA{~4-7V+hj8D$hNskEl
zDv0TykNQzpUsBIT-x$!d!m8G?F}_aP=fhH?{56H#jMpTQPdrYwT!PR8rek}reC$lx
zgu>hFov}|4PL&@0=y{fLgYOSMb(@s@^mzj5)0b1kPd2ym4}IBL-MGc9*;l|_-qSvx
z1?A+(#^K7c?~xn*aPAXxUl$zr`oE8>`}&s8zt_DWJwH=lsuvl0e&k4g$VWW)|8qaL
z<NEiZ`)P8V(bv+u?Qvu`x_!l|mK?JnTGs8?g~pe+0$Ig$H?KWGd#=fA?)WatLC^b#
z`>vhd=%4Xffco@re9*B?V~Dpgj~O{tVf=6l2v!aG6@p`p_P)$Q`4xQ^7yW4Rb0S7^
zv0>pp;v-eDztn_peroyfCA!Hc^`SsJb)eQ*dJL}`R)@0cJ{K%YI8vHkG!~l;#rJWf
zIx~%u3w583NN*FC92&X5=MN3lNz(d%Fi^FH??YrAK(;AnfC_UfWf83+sx>T?*`@Nx
zRxT>RFDRxr!st%{89JSOI+%;#C@lZI3E6iZ*mxucF^62Nc-Z>f0l>#%4B~r9hMynM
z_((il#2uD7X<dl(E0FOxdO=h-B+%VayI!7Cky@WN4=OJS88p*ly55P?b3bW7^rpQ<
zQ(iM^4$+<J%^2<IYsi-A#0m?m+kqVq?vqpY_B1ol@A0z4d!-Qo4|6WcHonpRs;LKd
zj0?AVBcA3Yx4EI)hzuDqmu)C>Edalrt7wX7wO!@i-vx71eo7X2UaI9TplwEAB2Q60
z4Sks%&-RHnq#JzWPPcPs3mnr?Y(xGsrvRzHjE%H1q9wm=(_SRX)64%slrh@+rS6f9
z_-#rcrl?K#w3ar%Y#Ss8KNPkEeki5HYlrImY|~!m&9;51Gd6zH{-<cg&NtGBTw}-A
z(GyRAPZH#gad+6;KK>XvF)I}_?U^0Xls)^*m6RoGIsY^WyYGl;;g9V$C=>mNm$$yJ
zA>Ifam1Uv#Xzs7&c)3>!wsMi*#@3GpzPa{m9p|AHtew|QtjXt@1LF>o;V@}Nl@FBn
zM=Y#&6}Eeai9w$iGJoLYz?FS9X4`MfgKL&_VPk+XJwPCl6X`_U6i<#|2H#Qi$&sta
zd@*~zNGxmlvrLpKdgL}5oXcHq*>hRRVT%%5CF#~}<=cPfq_vvA#eGFXA~)F3Na!|S
z6H~NMT@!y8)OGm`e@s5zzKgY8170+yvh8lGB>Nn%+{ND)FvzJ`xoU?!qf>y-o=+6!
z(V|^5b!(-Sk9vP!^>nDo3EPc)rP8xOea8z`Ag=+tsUTxXzA?JM(-46pS<DYM=Ok8r
zbfR|4`Y5*Twj|l}awCb_*&v=45{fJ!yRTi;a9&VOAyD*7cfK{y;IbS%&InqhQ!(5O
z*&Q{p8ME6;hXR_i-?h%AXuJJ46S1}C*|h1^@$Y4&{&U-^m2qDCZ=>c1I)(yN&>AIu
z*6Jb~W*G8>q6nTeUU+B3<hp?Py7>{Wxad=(yJ+wM`ai+0cf@1K-@(?elrSlJ{S+P$
zBNKiDB(J2>33@})9vEi_?Dd+y;OB?W_8}j?YZLwq#@vy&Ykk2yPZHn6TL*tOm+8(U
z^e&Nj*C7^m%v5zSYTWB{(;{|RQLbn)-wM;Bf?J`%&1>$G)bPsAdUL4U8&#x+Ml~<B
zD_R9rwY0X&T7{uoV!Agh{jQr~y7i=mZnMHoX{h@}|1xmSvuiR(GdZ?Gs{IRT67|xH
z%LO&2Tk(&GRQ}|R3dSA+kX-O1M;rq?TqtyXU~5?HkUs77C_^58Gwp>9$ql78zc$FD
zhjs`F7DhY6o^s3Ww4auUkDg)0!@zVzNhZ9j42=uriRsI)>@rK_a=HSIDXOw<+eN#&
zN+0pXtD?1^&owFe2eF7=F3CTx)vR!%Iu0#yN;W`?HN2&C0~H#_3p|+YX!HNrnV&r*
zODs^*EKLO+DkdLL(mJP-_Y^l-qNHG%i`o~Qvo0aeOvwa>{t~6@n<77?^94qf=H)M2
z%P@>v3o)!(OEHKnW>&JPENVt-Q3IyR+Fv(8=A40Qrbq&9{u&3`OeqImN=NB;?xh!S
zw5l1o<u~B_tD5c--#Aw^yCx@Fsw<u~KBXmhLe5fRCQH+$Ycr`Z1_Xo&5CPXc!VHj{
zYXpujIe{ou_aU&<97C3B(jzoiqeHef>Jpta!67_o`H`lZ_DI*aJhBJcRI5R>w&;?s
zOuumtIG?iyVlMrGXl>IaUm5TW(l31^8=yI-4P0GX2jSMdMz}EUk*aTc#2cVndI#y!
z1c!8O;v+~m@)57^dPE%Xf0PUCSQ-WKQqM!Uu<(&&`1cmA-}}fppu2<)0_`5zgZW@E
zlP2(o#^aZ*<EkdNux8VjNHG1BAlom2bGh-7*)yeDB_<GhUSPV6%JlyJA%cW}Gy$X_
zV=&4@^y~&@Fti|57;l&lm^qAQ)0t2KEwD?BV&*aZnOp&Iund?+3}fb#v3%s9X_!ui
zlZkxnARMqwOc0C%rjvnu@*p0tR~S!53jLWZ0emnY%m-v+)n|(*zSqd7ksdhTbo)mc
zQYtkqkPnGh#}j^si(d&aN+MLskoeW;HM_2}aCqpKyRe+N>|;&<C&wIjCEcIIdfNE)
zA=sXLMfP;z_kUrRLQ29#G5xrn3t)f!68P^%5&i>7CgN^nV(<KakxMt-ke3m^b*xNk
zj02_uVd&UYq<;}kD()d=3fgD3lQ=NcVk0X7QR+xpdHg&zs?>(!f&>K;1o$C|!F6OY
zlodibPFS8F1CX#Xa`Vk4r&4;JZwsS*$$f;U*H;tjC@o>la~(}h%uZ%U(;r8YYJa|O
zp!~USdm}dqH$twfW>jE8<3-8BT^L9(6G^DY>q$yka1xB=esv(AjirHNs2Gg@FpmTP
z$W#{uk@h5%5{>M`J#v*8N%Zf<hrXzC<7s6oJVkr{k!HXg7=t!*+k`yi<M&i>QseN-
z-T8YWsPq*ag?r_ZX)4`?dy5FVL+~m%Nh6~rhjAq1;PyoR%b?AM1L9epwbXW~xLwJv
zcdh>J(gfLbtE~o{>vvu-Qu;b_ThpZvfw_2Wim|y<89@N$+1Z+CTQfz@&52UcNLf0S
znae_hvJD+<P^=inH@E0$>J#={3QW~C3aA&?s|z#;PQ?x0N;B910JoRuLr>>%^>%{{
zwG=!bah_4;qH@b~dg`e&ly%G}{VHP+72+}+1clBk407c)BW+O|3zzxI`olmr;rv+H
z<A%R&)?E*ca<)Md`P##w<4IE7l#xZzPP&Ii<=aFc{0Wb<(&Ju7C+K~O)3y&|hC7Ms
zCx3uKk-Bpf&IH!<Qb!tTL(AeBm1z44t^riJ6Q?-&n|fbI-n*sE(CWFU2^x@#Ct1@v
zMd@SU#l@K=r!uV2e&z#12AwC-8%XM=v74WT`B=RL?%BVzi{@K@N~zwLku%amy5GUK
zGS-Od=|<a$B0(ujygXq*?!?jT4ouOq8`vYB-n`LWw=oQC`bHSf`bisa_83~T)b$TX
zB!9I>>W4T&<{!{t_oJKdNs}a6|4hJRH?B$^OQjmEh?1>g^{+Dc(g1gd^fGLv3V_$=
zjGD)s$tshH)Bj26RB{(1NDnW)@0cqWIpui62+l>fU5-+y`;s;UUiS(j$Sh0xKsbz9
ztU~MWVDOE+H|UPaYgp<6Giin#=S);jgpn|mnxh)Wl5o9McDq6D_qr=bFRn%z`R5?O
zm5#FV;>Vw}nI+dIxF+uq?jtgaL0S*7#K*12U~QJyzp3Ky5+z@?2n{+!6uNE)nSJQ%
zRCIR0o4`N%BLY+xoy0JzN#QMxzGCmmqT?_(mXX?`1Da~M`cCD~v06Jc+#kV8nXjC}
zR9(V!wfi+~ZR4rlcAZ3cn&y<!4ggLov!3lP%~GGn5*9V8?vjjTfkTrD0ytt#8tHt`
z()!sg-HsyM2qhGW$&Q^m<>Bx@k7FJvCETBCLctyQ6hGfzg1(ghRvl$!jLK|3nopLx
zkt<@Wl_o~8%L>JklP1Qn%M(2zqP3b4=>+;c*Cjuhp*cJj6Wx=YP!!!0nb0R<vvD6i
z<^IdQ1H1y2?is<U%Av#7^w`PCvpstr?HM<G*i1n!BOwlRsw}_b3ZDd5j2D-#fEttS
z!iFv^CAKXY7k;JzW(~vcy{$?0eq%^6rYHbi4Wy^`Sk&(M5tw!ENcRox&hg%G;Um_|
z3iHYCmJ(#T-n|LJFFyirn@rCP+GK$G*uGMOi5A!Rd}4!a+mp0V8=aiqXdqUD#yU%Y
zH-u0QQ6Ui*#T=G|S$)At9T8d2`{;B+D@FQ_B~|resk!ks2G6R*@-`bE{}W>^QI~3g
zQkadR_wg&d?-i#J@w>b0DRQMpW&#E4pT0<lEZNyP#X0$mYDMCalv#bXA^Q-{6Z6ff
z<g-jJeg*)gmnrB_)2XC51gWFXaWe81St3Qt=n%KMw)ypJs?0Q$np&n%MVjit#zf&A
zeA(a*XBLiUTmpmm<Ow-g&H*h~lsR_*3x^*HoYN`n#qWtgnn!NR0B3(#Cb26#jUj~i
z1w!nWQg>wg7V0ZN?G{uQnU#Y~(_VWcwumSedC%c13ug#>4`B;spM!FGKlug3Y*^1>
zDddn?es<vXo$U>x7w{qR0mq5YHxfSiN{Ta?UxTh@K`+oH{_*>BVM$-IdXR0x`$e2(
zUtzj@kls&;S3Jt<fq)RVD|%f$cBzI=RU<y-ICu$7!PNe}7$?lFBk+bV&b~rBF4d%~
zLr}YvJAdbo-HjfHI%R&!xkxRm_GpKzLrzXVAh^{Mtg1~;pQxbbw!IBW^Y6YaNplOH
z8%Y6x_i8nG>BylZIQ6ET7qVt^-<f_9HwSjsVOnx1;NHD_L!Wm1s+EOBTX4ea9?Z{B
z)&-nY=8No49QIgy9OlNUhKFwuWMQLG7tYAP@9}cIEU|C^H)4Cgr1YJqCqCx~kjIlR
zy>Eoi#kYVoGJ4Z+Kk3t#P<QMkhlF%@40X3B--y=>tlL-WQr^s+(g#%EXx**Y2dJ6@
ztRIrpO@?~pA7t7jL(&o?*qn<+*5Ml+*9E!v-xvKx7dAQSM}-0jIoVx<W0%ge`H>Wi
z^-&(sJXc5GJ$}Fc-)tbm;Yp;?4@g`J>;Hois$^kfZ*3xEZs7Ri5i&8b`CpV!H7on%
zMND7Wr_3obk^$Hbf50zB8bU-sIEf>)Kv95xyZJAh-UF>f*sM(xdhO~G%?d?&_hm&|
z_J-R)T9hR90{PF~<|Wq)4wq8qoYr~0oF)8AX}{(_R6bkxK3yF)^)*dR$Jy7}&)sRq
zKL5P7?st!`bwTPu(C-n4hvs;QrU>zSW5i4z(plo9?t@vvc-`lM%Dl%$=lNc4qNVxH
zjqbCfbDw{l5EN5xJREyMl)cne^b+@t2;Op;MRPbwN9`=+#*f7;buaZ}YYvi`YP>JK
z@J@^*_;nKZo#1va4ET1Q_G@8S1vLX&b07Ud_@4Hn18LHj753Mi;j?A=t&}LO!-d&V
zrL9;A&SL^j1v{q_*V3Wa&<Vvdgg?-pU}90Z;O$;zYc+~avIX>5s&)yqI8xd-agK?{
z?#sr2yq*SePkD1D;4+b&IC4QR&9@j~t;Q0kL9=(RkU)EuTv;1QQo)gYL5KHWBJ9CN
zusMW7Fr=9@3EV=Ehzo`CEan&M2y1C`FomUo)HpgxTN12V&w!ZnamGK{E$e8uCd)|7
z75&k!XAOkBE69@8t=3dFaX;kp8c`ye?WbZ%N)Vb?MB=sO`i?({>(o-pgBfS=^JgiS
z4Z?asi0q#4La>xY^hj3{Y!IoX2@Ewlz~jorgtjD!1;Rt6H~KtCNGi1NV`FXX2E%IP
zh8DBDf3ViF8m7%+Y{shNVB)u2cEyJq|0+<2R>-TW2re$ocGj_@$b}dwNXi?)hVlxO
z_^i2Q0irzrC@A-QG|_J%vBxNj-&l-u)U=9_xL4FsW-3kg%2PE>Tt2kg*@Vkp9Li$t
z?mBjru!_|vFbkbG@zt~t`I_@GRek*pZn?T*^mHrPC+d?q=!y|A6pm}p8k)7Y3=!10
zJXkTenlHv<wh)u!(@7B5KtMZj029aqZ9?4*z{w7t{Y!bTnKUhr%_?7xrDcm9wHl2U
zkR1h;GJlyUbJ&620&ELgvIZ8zcjl#XIp|;@k!jx?mwhkM5Mdhfe2ap>%83^n?&?S+
z?2}_<1SH(g06sU)Sj`N#g9gnvl6eUn+de@WgDYh0|E)93L`6=Arh%P`@Su^uhM#44
zDr^`2o2rlu+`Fgza@0kAZxpKfVIPd<cBdNu&miZY)QN`}^M`#h3snP1pZNWcTadV^
zRx+f9V0=5`OELV=&vxDRYJn*HsdhjR;vdo5So}XDBQR|dV#2L94@1IZahEG+qf7=f
z!2sV4nxaD{P1+*3g7ZPP)!Az?m`^BF&JPpND0$M72xv;;4)?}?#<w~l8cD~?#Y2cw
zJ3MqRx5&k)wy%mFrhyl+xdHNamW5pJNfq(g=)?&OPtPNJ@2G(-mr2hoEr;oIjKpGI
zJ`@=XyO`xUSUG~qEVm4d1f*pQJC<#2@v!&dRqRMop^eOME2H~_5;0Luj5$mu#G^wy
zGJtBztxW;l%zhZ<e7Go&w#9pDcvx%9aK}xFzb9W{o754)GDG?cpE9m}e{=g*uQ0JY
z?HavAv#&7MJM~QFYnDE(b)R9R@AM|e$=Y9o&Y*i?RrW-lL6_eyX4(v_+cz{^K#pH>
zM*E7U38|TwwgZ$*aa~q1+2}HAu$P8yGqia;g4P?{Cqe;3nJdIesMF)zJlR=|C4-#O
zZ~Ewenyfb0LwB)4-5@^aPrN{<YKw=24d9rm%bYvTdAxN{YY|bR2mK_(S!{<kXlX(f
zFq~nA98&Ams>oUbQ#9~2Ph)x0hguOqo$WAnv}B$aXI!S7b;)&H(REnG)p&)^gxXO@
z?Xg8?LZRD%^YU@?m<YW?V_vwqQoys4@wFCstW}^L+AIfqlACpE26-)cVHQL1O!Cz(
zjdL}`DyVmkGzmMlz|uf|zi!o1*YP=~5zxwWQy7uD&?>nZ@;*Atf2&&WjE(afGVNgj
zOYlm<DYkqj9C^Od^TYzrMLdo+2;LA8l*!}4aD`{3%|J4Nl-NULnLIE>jxL4PQ=MRl
z%p#<&YU7m2Cl5G6EHV*OlXc_@3(QnRKr`{IPSxjJw_v(YA)>gk9^;BtRLABY@JM!v
zGAeaVYKfS6{HtBwa>*>rH3CtC<i48mKD83tBrUvSnBNuAwDYk4F_6BW4*d3H7?k9g
z7{c3kh`m3#DkVoAW)=B6*PisX70@Hy@y@Xp2mFH7!OO3WH<-l{?&Kca4WIB{)E+!~
z<HQrIw+rd{%HSJE-m-jzbS%{#+Rat*8?mj&H5=RqIj()s)R%KLtq?@3e(?^$?4IRQ
zWq=0@2}dBG(@15}B8Ol&Q}GHUw~SqHXJ}W%7k^f9vbv|0#zT1{q>FrvDn)BtlKM>b
z3f&XdCL?JkRbio;xIEd2LCSP8NcOEWTIx_J{y@P21lqWzuyTbw{Jwr_Z#Gj{>oF9>
zoc#Os1O2QSa?fUJyie0r6~-W8${@ESh>~lpTpg&edc~<9r6trEV>}^^S!c^2&*zom
zoFgm51pD`|*tv^+kVld}-2tG^8nim5FnC6_z7d`eu(*k=zqNL=oMtC?PR_UM?Rnr&
z0$bnU9-sIlT^s|{k0`#8P402AzJ55}X-wep#L!zv6=2rjxh4A{l~J84cp^RON|dfD
zngUh#xh`AXK*f`MziLa$$dTOTW=0g0O_sBQREpAh>7W8xP+orFeMD1vhkLw$%6yVG
ze5F@@WWMep8-8L_y`FMBc3D4ici1^PCo^1KH^6F4=t`iN^w;7iT`W=i&1iq3rA$5Q
z!b(H-W+ugPljr@>3y@=fE&o=``{#H=8IX`9WGnNPnk4kEnTw;;{zXg{u4n#?A!X=~
zlcWBWh0}@!xOz-1jYPPrvC3(d?48q5?qQ<Ug}plG{`SEu=Y#_$G=)A5m1U!Vju2#G
zUUG76>)$?m`fI!keg5f$zXypkv`I}`wM_vj3@az;wJ>y8rlxtcRZi8+xG>_5GiuiT
z9s{Im++KMb`>NNN^Uko589CX>oO!QBXd>$288m+<G?J$ZY!{<%tWuy|CZ;;KgG{LK
zX(z(Cl>>UU+NuO?Ru!d=t4+8OOlM0T%>BLZ9?a3j;CLhL4;EbE*Ic(n-~u%T>}M}H
zNdeOEYH<~($Y7Nye5^`Q(3-^>4xs-zS~(DrT0)vvEYbzDr#A#m6~tdT>|{_24`K|M
zKaepa508}D8PdG{2mR^5=<$qTd>Zts&wB+wthPTs)Fuv-*$I1V&Hf5bg-T5ow5k;e
zPnn=9#sI3FZI$mGqBQ+gU1+(KX{mEVs_g^!yNyk0nVRY|G*<prr~M4Wc~1)vy$l$A
zV3p3R?;AyHP5MKG#$-X;4<P#67&GRJwjO0Hp12O3C{c$gXF^xz25mmLsyUi%#k<X#
z6#6MDy-Yx*v$imKY0Syl_@3%qw933;%R3ZePBvR%8H9!uVa?C+dh7{(KUEmKExD?j
zH)XZqd?sU{M-sqgCOSsXe8hR@Sik+pg7fijC#^nOVqGxzu!l}LREL05cIWIqeLKa&
z#H3Wl?3n^Bn==k8b$MB~us&Bw8(+Z2RN{Iei-R*T#H_Ir9WwaLmQT1-zNj^>t3Ubz
zv^5O0rDVrK*BR)wmFgT*Dp!R(z3_soEHZMDv+^amDHoNgq8Q3CLw5cklJ_s41v4@l
zwd`_?g=)q26j*j8y2!*Z4_~Hg6+@m*f^`O+ixJp?4bAJ}ol|4(dR?9})bs7Du|@B6
zZ+BFXBvMHtO$C{@&Re2NR|W{OvoR90vLy}{pcMxI4)}ap=gZ?(AF+VOr5^EC&3#Nl
zN!*;i65Uha+_jjJ=vg{(X6eL<vHc04&z`uj9D!^9K9;afK{ATH2zO)cJU=|o7cwE^
z`FTex9|2ue#`5=~u>6+uX}j8dG%Z@jnu0rUa|7v)c?H+8Jh?kZJHCAC4U%+;CU;5@
zU&^W_==j2r9I?Ug{7?{$D44tkt#RntP;VvcZW-CxjDQk+WF7SS1vvY?MGxN?%NcI^
z2yvY%RQ(H2NRl_;ebIoYBzIWqj1oslZok+QtgiCdUbDwv;gM)dP3$JY6VgwGeqZmb
zT=6X3u`<ar)Kf&IQfbY^A-C2tbd)a#{UraQs|!kRS%9br_>H7f8MC)Q&XBpv&}vlj
zL$>chyV}fma(N#q)R3C`7M%0$WbGph$Ky5hJN<fswAvX3AK&n_?d!i375@c$h!p*p
z4nTl^{o?rV78U=aujxO3Tyhj9W!L#pc$3_4=J~}b|J|sQ>MQ`M7z!+cCdA7VtNX{V
zxLCtagP7s0CZ+lr0wXCF6W#v)EU#QfRuf2;IZwFia5~QQns)d7db<VDN9RV1G*?L&
zHO16IGpLHT2_0-v<^$$7E$<|XuOv^=FVE=44%sg-q<}t@J6D<bQjT&Q1FmHC1pbQQ
zCR7V>DmAJI1kS7)jxl{%iQ4PmCBAwLDe^#&WOqQCO8IBxCy7bI<t)l0D}0eHwk(La
zE-N~i#KYnhI!9hn{Pj29&W+C8mHkelEmxBZ6J7@~&xxHymMAU^ohS8_j~dNcj|>JC
zS7wTlWj$w^MlJaz7xJntj{Ez#8%4*5(Qkn(YNUZY*7$6IX%t^k0UO$UrJixL{`ndS
z=AQYy?26wVYyBZp#PbkJ9N%Q(gb7oXxtXcjMEnhGJKxrROFx&XQOqI16^@XYrZ>-j
zQz=m>$#5Kn{U)`L*QP(QfPM!z^_%Dqf!lMS_ZyT)$daWfU-8vLb%$rvLsiKx;_D<N
zRFei8;Z4d>`@bXBhSW`mO=sJW|DsU{;;;$s`)PtM{V_c9|9@S088b%_M@Kuy|8)cW
zXt0#jP`=nYa)v4F5kMhrhE;_EMXP!U6&ZzNz!btMB!3p#AqL`Sl8~Eg7IkSX?KEx7
zD(Cr{_mjh>ogWGUDwusvikLqkeV!V=`%g9BN%%>pIi~(<nqBr>ZLfLB;qktH!vEs7
zpA1RDgMjg}hbqg6p>WS~o2I}}u~!W!)t44f6p#$K8f*u*VyGsV+J=N@N;f{u4y5Ul
zYp{#OygblguGzr_4GjzgN|K4hYc>)c@Bl?e={^@gxMsvQed^6hMqk|nHciuRzZeVy
zs@k7TY7m$6X5nI(`9nZp*o;1Y3{{%S9M){D(54`itcolBKw_An&=?1&zEq6}6w^Q~
z#CxlLZBB}!C90t@bo>4u7yBfNJS$GLHkrltyUiBEgE&#{6bO$tB@!)htyvdg1t(n2
zl3A0Z>TqsXV1Ddiu4`S*7IKC5c+H)x44+aq=2TP=dvY!o>mPZ`MZBr8yUrF0sH!rg
zQc^a7O)v$qK6QGi|NP7pCN1?$^PqvAgSR&O*cA3My)lJM@;U+ps4T#+A?21>MaoU&
z{TcquGd3|7NxtzdL_mr85sGRfp}&$zaCHv_)AOLxY-52ki&}$)2pLNvx7qgTG$b&U
zEUqQsj6VYz^Q@OTmwnE_MpH`m#6U^PjM*rJ;U7l{Cgr3_qrU0Te5S%oj6IQ`?7znn
z*i`}%2UinE%%&^`sAhP`>MEvE3~Ftq6h{crn)tFctz6Jp=Np)#C{e}jyo9EAxiy;$
z!H!C~fv6&mqd_rU?`XO1_CPs{OkyM5zk5_tWKB3t4yIsDY^GZ2F%Z>ynCwY1jQvlS
z5BvPf+U-{WvzKfQ{CCuzm%y~9mqaS+JfObpSUu)Xjm(_97QI;(?hgr0zCQj<w!S}^
zQb$ponfbYA56p$mFr5+zHo6=AGW5Db=gEWk1o7+K;=4=kTVJw&Fo$PHVf`)vRVOz@
zfx5bLE|(wQMkVV_AOap`R~GW+Gu63LS;&qL4{RJs&JUgtI$i`zvgo4~GIHk~$^4^E
zI-3CM=10z{L+P<zUkOxVlzAQsz+bgWZS-(JWv-uF0f#CDb_+=5#uy;dJAeu?70Q0<
z#%M*ZtfE0PeY0Dyq=eAA_?S)nIu}?5q97=DuI7Wq5W8k*a%tV7$7uBpRr6ZAbxS0>
zRBi(jKM!rLTLAuM8)a2sTLzvm^jHD8&7}=Ys{WJ2GN^`h#g8z~OW0Pu&qx?bp|IO6
zbWDgv;DD4VToqY|#F99ZbWPAX$vpVv3g;?JSqyR-+3AI|xRd7eJ-$+Xt|tDhwb+Vq
z(MTdq@Qg}|NvLu;kxb~!Qi_Wj8h1<S_#4qyZ?nXU;|0O0JVUdkHrP{7XA?*nNz(kJ
zIgF~ZrFq`ku2re7Hu)oY##}?gV3SY}@?2KCA)<r)J6KZPPY>vo>=s8e+zlDQtDrC}
z^BTZ;QFa8MACAH52a$HVHdP3}JS#Va53qsRp#!@Gjz!KFN*|K=h&15ox1d2_frp&v
zV~8B(ptdZ4L^Ude^a4PO7bP`b7BcdR{_2_q<^C#$@G1|)av#?0771#(MX1Q7!;3dB
zsC=3YXTPy&6O9ow-aj~_Mqpv&B4w$<7B@F32nmLD%P;TcyeLmkDD9nX@JC0xA&PLU
zc{?O~x32bAt!tH#PRp46Lb8;t1m>XcI&GyANR|&uh8r82m=j2}EJkU1BRY-0$SfH;
zI46+uT$u0)Ii1Xn-Qi*5&AG~yK5l`r4-Osh6FYgN=f2iH`j`t6F^j9-0Xyt|js69E
z_-k}5(MlT?W@`U1|C-%e7ph6L(l%+I9pz37bHXko?SHWLPSKhDTe@&6wr$(CZQHhO
z+qP{xso1ttvF%DK`Lgjp-|5|b(YyOxtTo=7wZ=Q1-&~W=oKvWQS$rCTg2ea&`_rA{
zL#6%D#|pglRTJxKI#%=qu$8&<7{R@B<K~olCxHT#I&Byk2GNY51jxi0i+F~Wf?>w>
z`+}vwp`9%kKs_S7A;`EH`uSI8^FOarqWW(e2WJx}=YLtG)Jhe3AN5_c3_=G0VEy-A
zBxqt_%kWRzl4jwI{N2%DH9(qW4T=Z|DhNE}6gV*eKuJw`IDr2PK^O#qY&@RY)-`P#
z0&u5|aOcHmH``K}8{iI@8$oUeDemRt<RMQkPld<K)5;g$Ls?EuP0dF~XPc?(U{{R|
zsE_@%2Rd{R7LiNBn}1&j5ij92eTa;hm!u(T$c)%E={0)@jkuTi4ke;a!du7?F2YXY
zlH^VYxtA^k&rlwQPw|TkkuPZtEePRO3fVVizz#CmWz~$4Vo^L!i9e%^U&8H=<7BZc
zj|*mJG`0&Sa=2^Tw}wQ0(nKM@wv~uFL1oO!kZ@Bp1I=J5V+=*NRLyVhVpv>EMTEry
zns){Poz}LdX4$78+Qx8ehG64`RRaxENU?XYzx3}zuZVV?oFd^CZbnD1hwlsyq6QI-
zS*JMOh>8bHqTH*IxTkW4@QY#BMnP{)G3;KRAQ1@+JZNR4uZ>#X)GC;rI^;YMT`|95
zJV>3-kZe6V@R$^LL+^m~`rPkMiPSRPiHzcaaBG#d$j!;H)l5eQ0d;0Oa?H?{+E97?
zCge;WMIWJC&UwQ^E+$MZ(sG`iHY8TCR|pfDVQ64if<qU8icN6IOxBh8YT~GVr#cr6
z5*-+AX0Fd{nVg)UrJ+fP7Hx}<F*}H#a7>2IC6DJ7cu&a-r>nA}CMSMZDn=TsQGPd-
z(@c9shO5dQlW3I5waO9{*#y~KkP~Wt-ybLER%)D>M<nSc-!sEkBv<CEtHKLAeBkHM
z;{=&+o{2P}GEmK~Xc^ecfN9LupkoOOr|U7Yc^TTnz+<v(K-G}uGr#W$LQXfy1w6S;
z>b&`p<}u6#%oi4bo5E!hRYq}!`fziVnnuyTFC(vSAaO!^b+3>vZ4q+>WpJNgq+ed3
z@xmVOkhyQJc?;*|V_NQBRN*db!1YG85q5NohV^Uu@atbX+g?C09&eD#Fb^*~Ky`gi
zeSMIPXF3A6921zxLjRo411&4nOTG-;S4!xX*ua<5@~G<!bjEh=eK;bGlQToC<Q*(_
zA-(^8q{Y8KTYtPeOJC#VLE0_D&8~hIwe{IR8v}-Z=et%{=x+^+*!bkKx8$}D;{YSO
z;n^7M^!fbo>ZZQnQ`;9lQ?0vAz1g`?PrjViO-Q4uVi}1Se>Z!_j3jK)gVId^)q^e+
zzjA03|6@=ler3SP^(<wqk0<tQ6+9Eeqgf&m^qkQEHaYy`l0Gd1$FPUSnjpnE1cp~y
zqBLm*Vn0@xu3<%5u6Em6cEO5_wAC0|M$Ld2yLf<{T|GqTmplq=(4Y!CAT!Fjelw)l
zfC42pjFEEqpgPLWGiQ{ML0}Zp0R~EJsL={~2-2!}e+o)$II?nkLTMEP%m`0&`GN#t
zBxx1>;5e=>vJ_61q@gT=)#mE$Da~<d%!FauIK@33cfpV|`$R|@dZCac1Jbh{CH>3K
zRD9Jqyr<;WVbiV<E1cNfU;vg^JT$mRxK%n$=>T&EsKR04a8xG(P3bUm2BN~@;&9Xl
zLQUxya|W)$Vc-Z<Ct^+MBy$F(!eQeG*UUx33E|DtW|`RDbqfZH!r|_4RHYzAFc8yz
z>*O+U(vOd!R`*A#{OXY~LUt6B2>IBMMfu9sAKA16<a3Zt+2cv`o#EADtIvUr0+}^Y
z>&vYnOj)@zeawn;9rmO^3dBOvh6FQ#O&sBb7=#Fb3~(>;fiq!F=;6MM!aPt705eDU
zzsKQY2;iX_{K-!}^y%RdF!qg63t=`m!o#5%sDKNBs?q{8>%#-cQwfgi;dADO1&}A<
zorLfc-JQu#4cT{t$nWtbSHx{m>)|O*pYeb1;R!@vh9F`X8h{I9&e8}N<4+nBcB(oy
zg@>pEb_7aeFF+|^6jA{b#-)LRwB(143!ib0%Y=rgL!u!Y?}zJ>rx2tD^HUFEMd7Co
zLXskxT#&F$s)s}E6@EXv4rRhP6bT<5b@y42pVn6bEi4_{o*mK-{q*-=jKKSl4tkXA
zz9>Knv_jR!1ht`7?BR|WhAQAgEw6?7`K$d;(7}{KTQh>y!C36zDxvL6z=kNjCFG|u
z_DDeUdZF(AA?+Bpd-%U6;o(B~w<7DrAw98Z8{rN8q3?*H9KdQ50?_e=xN!g-&}NGA
z-3ED}g+rhlQbXF&t`G1jjl-V^;9m|#e}MP^;2PsonuNzt4+-7UgDFr5SwjZ61OJpJ
zKP|dN2V#&9U7HZ(hLy922Qv8{-48Ffe*z2Q6B$yTNYL5@FZTei!Z<VoA8v*nZnnn(
zY8VgQ5EbH%tLg+FWE{Rt0B?005m;+N06Gcpr5^6WJ*1CeXa_#z31$eCHxFdY_b&L+
z{mb}K#7>LsS5~y?kZ#a<Q&p&SaDf)Fo*%F(@`LIl;v?f(dBWlySypV?-6{QKc|zKq
z+8Cp5f1EvJCxosEe&{&7UlV*?{{{9CJ;r_>{I`FD1^}`Rt%V-02_YC!53jW+16!yX
zC@(39-?}#o2l*Sd`|4GK-M6qAr=>Hx02Et<M@+$e^i6$8&m*?zZpV^!Ab?jcx|C9g
zpm3?4%2Q9>_6zPWKLPyjD;N7X*K~e<XAcCvvj_hJ^UnAW^PZA8X}ide9Qq}(K#U{3
z5xV0K&?A^x3GFNa8HMkH(qBl9SlO9AMC3-e8hZ&b3!+G;nD86GhkPg_!lbep3zgT*
zbcSR1<LA{T-zpox&cQUb>0NeEkwQOIEFq>!ck`PHiWO^}TD?L)snA<B*<gcVxm(zM
z7;-^0po1|Y4v0;tWxlkkp7k~NlEQE7cjcUmb8#PxyeE}=nP;KVC@{v$ap6rLS9QiR
zPLs8p5efW5aah?DdPZ;;K9q`t1Ue)?$9{U20(wf8!Xo2lyO!dP)RJQ#3N9W-rU}dm
zFwTWzB$y0$MYCUGckCGDLN+1xVm?+BxVZff^?@{@DHhgd)k1nC!p=aWxUF}Y0XgpK
zA~Ad0Uzi5zUv8tTpYkx!LJen2lk?&tyn{PJ&(}C63mfWXanomAOrB$q!-zF_MWPO|
zu7Qm;)6Fyez6*u^9+4()?O`C1JH<a-xE=CEs7(g(%DeQtw7Ssrf0mYpWa;KQ8!x)H
zT!ugLI?Wi2?A1^qm#VY;CJ101=f$VOyP@}(IplC+VKdE86**vw+^v(ZoYhX0Wt6DU
zEwGO`Z{D53`5CiyqqO>T`7a*d)*#;=(f8WS@o$m%@9!r4yX*KjkB?Er*uwe$<P?-_
z><|UueNzF!R+Zp4HFqg%T8@St)%6Sm87N9+q{B1k;(xV;Y--18-_*K!$^4=Cg#O7-
z7~%UOhGF)j=EtA>w9BdMsY`CBhbiCp&o?N4G51QMuo&p;Gjc<v!PL-qPQ{7lnnxfK
zS7+jes)Ax8j4saF!s>#;f{A$FJ@;7e@p@%SH}u3hZz=ji%~-OXp)wu>+=pDLRKdv`
zr?x>Mu^h9JVr~b*&=VTIW*OYu&j@;wHk~rGjD*A7VWCOq4zsKv@y=4@1m>(julKN2
zqCfTh@iD>N;jzOZ#_BXJpdZ<Cbj>EG?yf@1$&jU=1BF=veBGx}{G7dFA*VKcu<!e0
z3d2W!LX{O+p!e+~@n;Sf*<B5Dw{v~Cme5*h5qe#<^&MXD8+R4Ahjo|GY{&Ci4F{Tp
z#A~E&kx9uSK&0oOca3#(D;Vcr8<;?Gcfot>UoFW6>=aF6rDNV`zXQOJ!Yb-;zyk0T
zi5?#O1dZ@#46j9<h`X;~g!Nb_ZYcc00&b~8d-xif^)sJB!6(GO$i^fs801Cfpq-Up
zJ_C39NoA~I&!zk+P$f`LjT23al~NGa$|Bx5#~+8<gHRGjm;tKPiDak^a|)M^m^_gn
zo<bob&f%r-8W=<yxkM|u1UvI#5(u13!!N;quTG#(Zl8mXz^l;)Kqdn+3u-LY%M`Ch
zaDjBP%5VdzbY-=R{A#nvBd%G=kx1?O|5w2NLmxd%m}6rg007hz008j)d*OzNtAVwP
z!QaS{%HLtkKjRJ!FMVy5`8)~M4z{dK)*c^F^DdhZ(skm^V!BL1n?<l<nFUEfsfnU3
zW4lBfwysT|<WNNcYB&%}4{%hEAmn<>)3Pl7VwL$q`8mo+a?0>>|8RWY$h_1Wwv%gH
z*G2j2KSr}t*&I&CQy-=?9cPPTczpcAEFWxaSI69JJOgjTm-~P@P}|NwtT-<iQODyp
zWuQ9LjRs|GXBIt@ql=ErqN%CpJ*w$TM-H}(BS+jZ$WFNxP9z%pjoH%fB@B;^W8~&N
zB1e>5a#e?Lb88=>33Dk9Mk8O9G32QBH5gM-67)vy2_whU6^3*%sG`~<%c90DV|;Ay
z@2q32w%BEAMx3^o#YQ@8Gs*5fY&H8HSak8bX3_lQ&@2n2SI0Lv6KED*q1k8<cKK=_
zGHi9Hq?~mtoqA>_opoy;Aam3#y;HMPrP@^=*6$bb`Kk`hT0WRj<3A=}e&TB<S)EPH
z$QEQmrBz$$o@9DE3AVFv)}`DbVdfP%Ma|T3=2bm#Ce*CHa<jEK<&N0cX8Q^;<jta;
zdKXB4Gi9+@de>yKhLogEo(-?{f6lay<jfokk4Xo2IbW}E;8U@lb!)&PBbSPu#77&v
zMIh65xEM_C=6N|J&S(k4FLN9pvy(aRP#%zQ+9frpok*E%)jpUoUeCQHF@FDd6h>dk
z6DpR^<{2)RUdfXxmtN5mE0@pcnY`sU&X_v4Mcf&xW2{5^F6Yl|V4t=uyTdHz-gTLm
zTN=W*?vE`^;5!>mKY<e-&RyCqG?!kX1Fj6nS@2-MJEn~L$%$2lj?|Dptc&R*{A0GV
zkIkF&s#QGT5$ovJ^??`F=KQb8b0{~kL+Pk2p+!2pRE93jo4xJJDA3KL-VN<2_gV@+
z>C8hqy|WDO^66|x_j^&aYV-#p!3GLc>!Z>i%>@(a4{5BnjBQ%H1M2NMP}(pB6NJ4L
zM4MSL!H2c>6*kW`h<lG+fHOuo7cG-a1gKDhL_)1tz6#_h+y)e?C&6gQa2nf7eUi2b
zWREvDIn%i<EwkuM#o9ox*r|oRs|*uRHaRcDv%w>oLf;p$W9y*F1V61wXm+p~91^#t
z@xg;TjhoV?kHjzqr4K~I!2$6!lERr}&>2|kcM)KRuWaVhSp!F{YG}POiU4%nMjFyb
z+!$hF)#uZ%+HIfk6U$O@E{xv572L!cQ47M&H{@B>Km(r(wPg!xc&JCyGczjWoLx5*
zHscoe@-rUV2_@-%^7w~KbBJn*kQ8O#pw%oGeFwAlV#sv1zq&hY8BoNsw{y-uX0)vc
zr(2HCm1lC2ix@8fNCMXG{T*40F99!(Mu&gLmwN-X0^nO_7pNA_!&f?lZp1}5R*S9~
zXY6A1Ewg7s=SZrfBV1)ND_ltX<81~Y4cS!8npjB7&{2JfD>Fb=3^|Y>zybTj{7|{r
zBI+>_-!c}#pSBv6Z6R9_KDVJ#E>c~Yn8p5h^xs#neM8k+wp|Kct;LmM<Y>73K={=y
zyDSZtAD4_KoGRL-Z?OfQxh7tHSe1-MY{<@hyM!n!%w-Kmf8dCv-I7j!I@vs%&vq&k
zbHn<I+l$sa!~DwIn->A?>wm-YD)o`y@AXDdDlynrBL^Jli^bEg-av!cV#I)6_kjLE
z&u4g>){x#S#|Mzi5anv}t~IZl{pKUxi)0<Vu(H?QueVnhDI;b(%6(^_19sHF3xD%G
zq{QVN^UmzM^y`mfU{CN>Deg}Z!0)QQF!XVC{AjG`paR4BTX|{3M|0SqK(Wrj7sKnt
zBaDEf9rkLoJkGYN@&U0T;svbO0p<&l*lBn=WT=o%yc_5s>LHMSJ70F+Rmq(ZC?Bms
z)+0enO!Xc9;`pcqTjBjQHPoOd%;F)O6{K_-cHLRT9vMI>!tXADcL)M@0O31<fMvQf
zlG0A3^4w}go70GVMX2}#OsLyP{Zh&mgxIxD%$V=NMs06g6=$x=s!KbG{sGORmY_Ah
z(o;W<>M{6!8Hx}JEv%Di9)R+V@3Opld5`@ndwmD}^3P*^#o)ERZTiUW=R3s1@DBEi
zhUvP}r?<Y9D-M(lRfE4pQWBO4t(=y3VqDS=$}4+WbWr0lwqUk=l6(hr46A0v_tbG!
zUT{`F$iw_#@{PAhMu8mdx+)j59ASM0`RwSYyQf=_O6hN^QD^&&o8Pg1oswFWjBu@o
z`GNRFN#pNT6!vTd9BI;Yvaq=Cv~(^0tCsb3^#f~clSDuD@X{nmZ*O<NKitx6n0w|7
z+BXG{@zw1^)6!CQW$8vl6J0@+`7@~B?{IZ7P%~&3eg7E!;}||H{!hfNq|*cR=L0<3
z?yt76b`a1n5%#uiq==Ww_G9A-4{L(R0(){Tl3h!%p~&PhiQt44dv%?8%2H@#v@)}l
zp$zMWgHhrij4`|83u=<FZs!7)b70MK2W~K*RCpt`>n+sd?&6Yn^~k@dKygaQ=BbQx
z$`&DkkrXzSjv%TMpPdbVbZ$w<>G1#>=FXV6j~bPAKGD+%&EY)=&w<+f?7xZFra3RI
zP_kJF!mM<)Eay}aT0X<9OyyUVf>DV|Ip69UYvO^Iv}+!0;<4Jq$$e-myXFh~8E>)Y
z_osaJTnomkk?V`WMp5^x^(d_lru5F_h)Ad1)*3Tr^l+m;%B^^`yxW1lune_OK%;++
zzGsO__pv#gc|reFh<Xo4K0MSUY_6k{cYiy}iDlAFnmhZNMTO|fx4XpkJkg}nGgv2%
z${}}`h<hxaiP>GRYMEuh`q`=GL)~sqDGf)hHDS6jVdvc_Gy-0m+9CH#Bd2kvqcx#$
zrL~31F;mm0F56u@6-WC3Rgy5%s7Ivs5qn&+W6H^M)X}AEFl5G_`Dmctt>Mu1KA!p=
zhEAzONQuMFEo1P200HO~k~44*U0ROAmR+HrfvcA}R=S1k(BEWK&Vq6urcsGOwG@yv
z?x7Kea7iRwo<gEWJQ80)L7_0UIWbsHBDDgHhPb^nIiH}0@FhI4T5?mNLAfx6&{60R
zSZO@9%!KA_(@8p1;i`i)XMT!F53?2TiK*18eLuMI9wBdOf}y$^p&aJR93D*c$eUrT
ztf4t}QLMc2U{wcn3lU3wAk=ideimWfZpAOTp&Ea6B1|Mz^xUJKoXxYPLYs3vN6mF#
zj~j!1tRxyd+y6&LfKhJ>d7b@tvs1%^LE60u1m#DtO$~@7AkLXw19eaf$5uABE$w3D
zmoHO<RrBI`y_J(&cG}?d>>ldjFR|^r_1VE4^{tWVy~Z{W;Lca#g0n~PD^<TYD#BDb
zwhv#BE$rx5-J-xq-+eKG!+Ev4ixKf9Nm|adUeF2q<nlON71CSnFi_}QE@g2}QQZ9Q
z(#TQryo!!<3d$|18|92zVw5deqp5*PVhf3d7x@M><9S`q{qmKL?w~{4i!#GS@dfg!
z7|8{5^W;uYb7>s`(^g=n5)cW@3u(ASh`aXAfdxS)ZxxFlYNQr|IjIVH<mZ~AJ<43d
zi%dyLib+XH%9-nPS;a}uiaIN)WrwyMX{Fd^_dr()z{MH4#X`=Fn0h4?75c4<#vhvC
zrFoI#q)D6>s4hw*AY)=#7C%552&3i2%EMacR3jH;Bj<6xr^!(WfSn<(y%STv>=(T%
zdSX0QIb-yQa-HrvgD^UkNGg&oxYCAz>m`aWt6CNkKN0b8SunuN85J8m8GB}fGQ4LN
z_Ci?xxa1W8`=!Is6V(GN-&>s2E3%8)?*ALs6)dxU)$PoSeUTtsC!RZG=zwVZ2VhTt
z0zXm>e=XK@g>H(S4WG;f6Ay-|XC4R9;M64(U#fxZ6_eZ~ebeu$MrfrSGgag7z5|U6
zgUa8Opyi!(K$|MzH1kjF%P`EDt^u1d)?4C>r>2xeTJU#T7P#A@P!@2@i&xEv47x(!
zLzlN@(B^oY8Mec+x8kU|%LzH>IS_bcz>q(@PBG-OBl?h4Aj6bO^obm8r!Iey+Ts%H
zVOd(bF5)jYt2`^&<XFWYH>Y&|wy@Rd|2D`E&x_vWH0D+3Ws4V(U={{i76yFy<teDi
zmO#zo^q!*21ew8&udlk46^s4m1Ig!LR0LqBv&bF@=rZXGg+Xxx4H!$}7kgu#mP$nc
zbkPjZ_90CDo#CW=FBiXhf5iA=g2YP$N}B?p>hc@n#&!bJvqJ%x3-7P)uhoeE_MAft
zY>oHk16+s!06x=D_XXAGfsW?|v;UL_xy9x;#;xXs(jchDi06aAmjz_^6BbLZdwMkb
z4KeN~eVKo9R#qu-m7f=2_}ZGIo1bUo+<zVQ2o>xO?kjTd7Kr>|tHdeHTh_qrk@H<7
zrfDt;{O~~}D$stXL=gPrTJY?9>rIMX){otvE&3DC)i-AAXEf#;jmN2*{XLwrfFH2$
zj`C<_pDJb!<TQ{vPiCp0-ZISj8=LI5zb6JVoYPARvg(RZ7dq2s#~FGtGn9NK@Hg|e
z{1uq8DWuYZiUyt>g_0a4GE(&%v7S1&E)5l%P{(s2!-8FU?qwMTCL$n~(+!mJI>_FN
zQ__@ZYc1T`R=L1j1PFn*P?U`MWX}EL6KIQX@9`_(9WB;7xwPoXeIEbV375tMt;R5B
zrCzp%J96e=-uXw`oah)Q!RC}LqyTQ1H`bwr^HiB5@EiDC12U@~2qN>^u75tBKzJ#j
zOPv5|F6;bF0C4}fYw_Usjd-|Ug0835K5;vHhre@)CCv}-5(vkmC8!zrkJs5bWYdmz
z=!JzxNXLM-Mt*qHR1*}+yne0V84X_X@|=zJqhQ^*Rv=X6x>h5TgjF}mm4xO+$P8Kc
z!C5wOi|4dcQZww-Z{ik@X&4F4-6|ddwC1BMwASX1sVL12$f+0_n~>vS8i_{G3Y=7~
zOiHlvT~)@;yvxyYrnnWgOdSe9n%Yf*o-tMZcvge{<5Ec`^Ji|+0`GF;mCU_p;sw^+
z)<>nO=rUo`feU#<Q>zdU2xvPgoT+u+OEBCuaYefl4~xXss2vlEkmJg`W+1RiM!M1H
z<Y^R?<1)}w$+dENJ|2E96o+L1otkhf&{ItjZ&QEXs_+ZYQ%{jCdj77ZnRDzI-3O;P
zxw-3PtK%42`tW5L8jJDi3V050Qr+WFW%(&B%Eih&ISiSqQX-cs4=c^1*64dQPz$(Y
zJ2@(<k%o5>lb6_J%Mg#U;7Y?&M~}1_{ykZO93JM>vPB8*Ak%y4%0mt2v`KS<v_-?(
ze3Z+QWo-$oj>r`!7M(HP`v>cdAr@zrJlQUHg6(0K<}|c<U*4eK9t=2#B#+E=C28%s
zJI5xEymVzn-HA}I*0{qk-i&qoXWf}{gUgE3)7){Zw}iTrQm@)mwFge_JbAMx4SAdG
zVQjam_Gu5p-Y{C;P;C!ETm2HPZvbxhN?XHX?0t2&roK5rAGoU6NA^4BJBe%wMIMXn
zscJJ3-Rs>n57lcSlz)(VLd3C$jP_?AS<5@D=k!i-y5U9lFy3g(xwBV_e+EvR05Q*K
z^w%u{d&;RE$^>89J^qZ>5rU(la{qmzGPmncG*)$w_vl-h^)tjW#WuH`UEZE8MH!pC
zJ8KKb8BI6D4Q_$Q2IZ~gkF#A7p^hM{2Nl>UuQ?z8WO6fq@pOs`kn<NV<)$25v7W8o
zz$6Sho)zyYH#^g8mmztEmjEnJ(8+-!ac?9vJ9lVZiGw$e%+W<fwwnUWjVQRS@Pu7q
z)2k`utqt-akGZ{@@pbrc`^RSlC<&VoV9bLadf7hUpEgU)qjuG}zzG{oJma0?vdUF3
zz@|K0Mm$-L5uqEWUNrS?IbHL8`iFmQOkKKWaUA<D^8P~pcc?`Fs1|>Z#Qxr-;B4aV
zEb-kB^B0v!#~ND=<<s<P+hrxI(-m=4CVR++pgLzrYk`!e;bMeAqN(NK;)A&W*wk(G
zf}x2iD?`I9DK)QkF0~bTsf`dGoH#x{0Cgi6J^~UL5QIRNKc6t({Q^mj`%eCDo9keG
zecb`IVPWUXY33!z>6>}>9+dY5*e7<k3=LXP){ra!=n0w^&;Xkyj}k+HDaG8Ps~wsX
zniQHPK=+8dB=VCwld90dIKE%S;WE=a7j>G+!kaZ_mO@-rt`bE?V0SCAv-<d=*7h*2
zq6GqkXL)hssPnkpkiCv0);0sOvud#=GjOTc_WU|Iuy*T|qjpB!q(Ydj<>1Lup=q{U
zB!~*gNmYVnrlOVh_|vehtDFmx^n|)AQO(NILSeGYa(FIEcE>@bse0q6yC5^=Bk=&!
zBMto?@F?1(Q*)3;*$VW|1Q<|<<<Uyn;*j`LbZ7q3M9AskL6;BV=OvSt(`toAX_3b!
zZlcHP%Jjt0@PJ4^+m#ggT6d^UZiCu(+n*WyQ@zc$a(yu{amdC@8?Dyc(e*{Afk7L5
zl*i0WRanDP?c%n`rx1|o+_W7<NXV56msL)~r5q86<vC>o-V5{VW+|58&dD<|$Eyt?
zDzZo^&GDRg4E;(K8FL#*xaK_N`1d?!)ZmF?rAA9Yr4o?E8FZK;htmB%G()*sy}4<}
zG2y%#l^PS8=0=Jcat7Fujb9`D=*>(w3=zu%>d+x@cx6O6foD<H<28b*Y7g}qb(XE?
zjI~2Kg<BDvOx9wy%!zDLvNT`8N?djqwWd*<14ROYTdS_#^Db6zMb;lognkrz%b_tH
z>U9t)0uksIO6#ddJt?NRRPAmy0j8Bo`}Re}%i0iLPEfJ>L0~tjm&NQ+LxH*xP7;$p
zAfMX6BPJZdFh3#o(m*DA2Ox*D>ndv7c{(*1&kH|o)Q#^LnfF@YFAKD(EfYv|G>e9s
z)q_-`er1Skb`qYKA#WjfA?3w28Zwl?lukFguCU5Vu8o7-+`~zdty<IFhNY<#)pn-V
z=(|}fT1XE(FEaN8c&bA27@1>CVx~mbmJoY7vursDP=f*~7&z5p1Wa|Sv`K9s=x~!_
z5z!5{!;c%HZ=&xV4|7y<MtQF;yn3VR^)+c&kI19Ggqud0w;GbioHV-Q>K*<u|6Q+-
zt|`J&dId?ByPg=MAcj|YA*x|NgRMA8)aV{#d`HrapNZDw4xxwIjyt(;(w#V5^(u*4
zw}%1(_W9)|-{0zb6FNh$l*yakAYMv5_waP(RGUd+8v8xUM0z%SE6y7zTJ)GYnFeZV
zH?y2K?r>vLXo?C!O-RwQrZl5l%8OI^2^CGro?Wed(KXJ>Lu&pUg*!n9<<9#iIsg}{
zxlK5%vh!@pQjI9YTP3>Adcup{o{nz{^bKKknhyzP-z{#}?(V&&5igX`G3Cm2CRY?q
ztgpz3EkAl&aDM>C`49B=4gNZ#RLj%?O;c`LIeq}nf^y^)wE^}JKq*6@5c()IDZ?m3
z{8Kc-wa+EWRvg?LKkdUV(Mslo;{7cMh5N?lBgpXS;2Oot+a;kG1Ow(U`dj!s?PY4O
zel`R?g_s97{vO505{_8rpPfFqu0zl0Hz|TGN&j~N?n9{Dd;tT;KWm%f*Bd@a7oGOK
z6~sgdDHZ%lk)qv$KjNO&#EK)auSN&CX_EQ&sr>S=fulxR@x~VOZWSU~3VgIVk<y{C
zzIaVJWLV0QvP-iTd9t6G%Qo!@oc2&XF=j6NeqXd(ZMr<_jBc~dec2|Bvh!X12zr&-
zZ#kWuO!tqWXm<y6!5%~rtqdr$k0~-EUS)vu>T5x;w|UhbJ~fJt9P0;KI%)8Y<}$2P
zYwU~&0N#lfKGLwzpW{MBKYfA$H%aPk%mOCR*2Q?%X2){aL;rez<wIvA-A036oHmH#
zi|({;KWiLQagX5FGj;8e9I3k#^o~K>dy*$r2E0w_<3c$@N`Qz1<?XnBFFqaIitoc}
zuflPv$0dNT7Fz?ps9H)ct#UKO*<?%4&@(%F1-08^i@4AdezL(HcC$y_9WJ};ktdJ*
zk!1)UNini`V83}%k9<6LBgaZA%$N(gc=|%Nv+_xw<m<O@V-rI})SCI$mBt4DO3?8U
zuI)Re`AS+fqSbB1XJG6*f%wE4dw`Q&SVp%8>P#w|w5r%=MKN@dKYPK$H>}M!JR_!P
z4flogfu>oGYh&P+A2N3hAC`{A+5HUTlUD9G?){E(^3xRePbk`6n>+T;1Dc-c@ISb6
z`*8NRqw=twKe*V&1lY#<EmG~{PA+^uN(b(wT<e03Ql)Ey50a&8f{l`->zr$Z?=R${
z$MfdHe%`A5rn>4Dd-N-s{hX2dfGhkmBZpP`u~2~z%k<hFXUFH|Kv^I>Is8t56TvSg
z=!nb-dk|hXxQJ19pjQxvkH8Ha_dx2L_~BM<9Dr~}{FbLauCWpin+R!062~ygB~fZf
zBKON!Y}~r~kfL`xhZxL|<iw%0=up1;a6SL{GU?*#rn8YJ8F6nm(y6!MAxC9vS712F
z8-c5QtfpX}FwawNSSd&OQbTE&%!e>7&<$m0RY7@pN1g$^>NQyp8aegNK?7PD^;wp{
zgPxU`#245l(VJXVaZpffJj{rM%CYtJUp8qFy7Z>Hfq#1mZ~y>Y|6Xn8@53t`|F61?
zs+GO68HO*c7e`i-jeiI{s-$|PKCKr+vZ4;<k*!jaKYu?66wi2Wun?PBn$wISeTm_f
z3cMtgO+S?G#t2jkjAbG#r0WvnibE+*4(I1%ToIEiHXR?fSu^j=x(q8@y%D2V?~T{b
z7caWmm+l)5yU&vrDge#f&d_CcZ5S+B@Y+zq*x*|WjQ2wa<v~Sn(%?^cTzLm+Ar{!M
z+x+Oflu-wmyg?xXZ{6WR0`5YBKrt2W(gM`DDtAF4oZkHX;L!4DG8SsoH#8RNehQSb
z;olT6ZTk`#ISE%~hnGr(UYfXOEZKuhl)1}u{wKnYy0~bS<e!S*da3xmhy!Xu?c{}Z
zA-66lyYhE3ApKm@lg_IYw=B%ps=s!VXE7m7+cHw;6)vxsFLgZ4ViU!+dZlKsR&113
zObT{+%sC-#?It&QD0=eUaF`WqcaoU6a*_|uRaM)XDza^#ieWiyX^${tvo>lsVQU;a
zRRzXqH5p41jze38ek1Uh94lqHsM)nZinv|1f0x5FuVq(RA9q?1&E{CM4QEo?xlv{z
zUSz7mOnpT4(gM@lmeUHmh&TpKphK3nWeueC(iH5cyGbHrtsXSYTac%+`uUWot*I7d
zuA&pj=SFHcD09{7n-hmsnarwly6@qyr=t3Q-{r&%U)v6{Ha-fa9i;vNk(*t$U~DB>
zZ0>m-N%7H`kCdIwM>Ox(l0t{HBn>Oc@07pS-FSA9Yb9M6U-{V9wT~jLke1MoJ+o%*
z(WjZEy=lJ-b<;**xh{dym65VgCoyl<q$x32{u0)ZMPlVhrGe3INmgZa_8QO^Xx17b
zt&+rQ+^v%Ogu;B5IZ55h-$=QkIb{uiL}p#%nX=k}&V)3LK*<AB&Obfn;m*IBLc5|Z
z0)DuZq#!<WM{hHTi9{Q4M*xCMKBDYJ8EL!20RcbgLI*!U)P+3oa?fCE_3cS%L+o5M
z$$Y$j51S<~&%zuUDa@F}G=ANJp#{kiSq;aTcM>7OfjU5e4t2l)qU^;Rfx8vjcm#Ab
zwB^Mi60+0gVeXWmi|n)=hTfdnG;|gxtm}exAnrE+iL&c6QNYO1H-Jn)q3*^#K;H5$
zibNc&yDv2*KcK(v6B~4gu^K>686``A7)<PXRY2z(K>^u|&>dcybSzg<ehHh8s+p3!
zW>~4o>L|1sLTu<h;a-^r!d+8Cp^h`@3A8udcI{;|eME_-T^*BEETOYVlC93?icNqy
zAT#V<J&@xhH5gj6PAW0YqGsDXRBw`*I3g=qCmoh-9H>|SX%WN0fqIem>t5Yj&o5)X
z<f#YJ_WdU&r&aGjpG{6!`Zn;8R-4S>Ofyt!T0nu>(QuKzuh4-s3X54~G|F(j_3FA&
zC)j!kmT9^A8EAGQzQBRK!Yqf<qhx@mr=@^;LQ}1g#15Bdfxfy1NJIv5X~YBwxg94P
zAFAW|pMWkAN)@*U>fOvh{qFvW>wLS4la!muuI4|ugEnm0iZ2<P^nYBM>j|^g_D!fX
z*E5$kOz7rvs5phW=TauQMh>$$&f7ufpRs&M?Ur}vD8Ue!1bl(Iy{#$KN8-|#<M~h`
zoyB<VPR><hts}viVT3RajZt~0%0>`g*+0w&#qebol>{-ZI8-Gvl!8E$JzvW~vaLN)
znvk1E>j>EW5AMS4z(1kVaUh1m;IRWeahIpFLqYBJiYc!l0ugF@Jdl?&41$T+U<yL_
zGYO_jRlR|oI7eQN6?4&dvG{#VtaL4`d`(_@dIdx`1B5O~6C8Oj=(A>_lXjypF9#jB
zCcih&nTwJcoEegCb34Fu8F-#}I`D0(!p0HBA+cW?)Mvik9D*HlZjEQtP!D)o|B^l;
zI}@D%Zb(`Sp2nRbYXH&07#(GQaq6BFs%eSN?03R+i>0`d93{783icCtCqHMrGoY4!
z7ekm9{xhha3>$6eQ0jrsreq^Q$`JkA*&bPnY5o_zp#=+OcqNfKs!Eu>)IQ7-LgW!p
zdJ?Qd!2}^@CuUjpm@ogKigtNpxT+40v3}ca;0t{`53pGrnq?|Q(9iE&aG)LEqG`Q0
zk9f>Mdj!Sm9zm{eFg&j$FOMjFu6`q#`3-XG0ki9#geJF0zMRk~#s-g+|183infV(v
z-}CGqdG0Wf`%I7<m|(L~SeHZ>eocsl1yz5I5Z4!1w>q04mJL|9I&VMHttl7B0UO}&
zvj^N*-;HgV-Cl`b4=T!ldAw#G$ucPvo0l*+#<nW^n1H=ffeBL|Y5T$QJ@`!lFTPB$
zqmr3Gy88BXi84UyeR5GDAJyS|B%p7Qne^f8e89vtq@9Wl-*aL^m-2Hjkv`{mcvX%i
zBk^r=2T*!pC$$rVD?1kJn&pfn!{A8>xbLV0Q#1=E05g_N3V#$R&J`)jD=(GnjWrs|
zkYl<7dB=kqIhVueNUEs}8H;IRl|{Oy7|<L{W9y@Xxo3fKle;#68|&PTATo2&=gqEm
z{H6%{#8Bfin^<-Kjb=QNb;<S9c>W`@b!T6vR|e~bet8!$a(8|~i+Zq4!}Dk9u-h-i
z9kDlbu9f@*P8{P=(2edmX?Y7jx`Q)(;U{gkd$NSqrsA7B_XW9~6!!(VqN${!M?&rl
za5uOP4a3o{WC*TE88tvOhO#rsTf%09>c_ZWK}F_c%x|hNMGezgzfCrFrcA%LL!UH^
zCxHrYAjn1Mzj0&I67jB7A(o(~MHfrTP;soxR#qUt!I!1Lc87|9egv4@iapoz8Q^|S
zA@7m^`w1ZWnXvuF@_2M3y@PwM_G_&E6zTiqnd#utkS0Y!Ek#*hygpH%EgbW}XKrlw
z<j4XS6z5%<s0%^SWiu-K8J#*->8LMxw46UBD1N7)c#aVA1^6GiZ}lzpRm9&7RA&Fy
z7RkS7J(Qfki6%y(F1AL0@lF1@MY2S7+X+bp`Aa9Wk<B2Wu_au--h8RpLW82l8<?^M
zPhNr`Q@z4_Or}w$&9>2@sbUzw*RS{exQmXnC|XHbbl2O!`%&+<AL9!IXLj2rE8bdu
zbjJB+XZNlB<YT78%;}~M&lk`hJx`QA+!^@&E-(;{=u|M1XfQ$L7ICy2SQqwy5S7p!
zB#oWcNqet-;*N5Z1-3uoU`)y&VDOjvA-N;9NPb^(oC!#sNIjed2&!0wk+uMbG$2>t
z59QW97j|rwSP9rPqsXEW2i1Pa!IdP_b>~rxPQyEo(79qAdUV&)sYZuh)d>t))kA8*
z=Hwi-m2P|K4m~iT>qHF`_MFC?LRw0~pT?)P<eH|nm1;T)wBTj=T7}w6X;rl)U82j&
zOttpYAJR41ZZcijB;}dJawG<+7_OtVC8@)aw=s;hMyXK}bhLZOXT>`J3_w)l;XDG<
zEHpl{%EXdCa6i)$Wa_}HNVPW;TwAAF9i~FI8WY?k;4^fmu~0BvRQj=o(#et0JB^x}
z?lc&Y9_d!Gf#{a0SF6=mBX$e-W>R%BG?U~6qYL+ld4!VgA>-!*dTX{M-q+ppQ$;l~
z6e`t6viE4$K_+qy)Tno4#dB{-(UMZjC9jDvx{eQHFqBfA<@kMIC9qH+pex*QPtYH~
z#wdYKUllleX?_$s%(tpk?{@~WsVq4N^~<2N-J+`SXyWxqV2fT5MId;dMXX4?0pH<b
zVPLW&l9kVfv4ZaoEt~gf*r+w{lrAh5GsdH%6O~)JyQ}B^VIAaezFx$$Qa1R*!ipLv
z1vU?pVyc1ESi7>jUok92-6wTXRaUu=(@iyby91h_>o6O6o~ZV4_vHqKk?i7l#@gZ>
z5&6PUwh!c8{)-3&?*PfLJ;Uvsuw&c&87C%2?=W}eU6^OrpOp?(2WQX@({h;3@G9+3
zK=|$)ZhfU1jM*@w_CyEa`u9#;9;!%z1!f5{n@HznnO5yge*<J@jLgPK?Yd6T=_1-L
zQI6-gjnbO3@eLBZP;wGB$DeqlpHz-!2v9x^&qjynmr(h_``MSr5p0852h7TX%ru8<
zQ?$ip7z4_Xe(ZDgu=WlWF+<19I7ah@0M5HWB0vA|CZ3K(PCcpfPyNtn7Gf928xa`e
z3poak!SIA#luc6#TDk7$(%+q%M8z&VQH6_6K$rIc;g-?Uz>h}2CZJ(7{TW0ge6i-X
zme?6p8^Q%X4P&vrv7$>JO~Tw8di%B+4qa!EHM9)-`V9LT3;Q|)>n;c8tp=tI)n_s9
zxq2I){Nhr-x&6bh9jKQKz%Kr~WRnX~=omi6E1a@`K+-uHew!rxf{l<nOb#tb%^j4*
zF4?q?&O7Mf9gFk|Dd8=Z$#;P4+u!txQg(+$dJC32n3rx$Al<+#-Q+t}Z;)+Jl>P+C
zb&3|p9XC%q1e<hIq->osJpS$wY0I}M^qKUyc~-oHzfNK4@4z{DlWSDmBqI5I-SuoD
z^-$c+<ofOyX+Ch#3qQ;(a8FMf)J@&uDe)DQMj_qia*v5?;gZx-mt<x?a&g!s9Bk(u
zteD(*`#mw#>qh@(l?IlUl><B}2*R#}uEh_<KCU(}`ff$%vdC)AuNLiHDQF`g_}Tm=
z4qg4UGbSh_B;LDrui@s7{SP+IQX#}u1Xy^Uw7FaeH^Y-$6MpL4et}F^Xg<QzkIs`m
zlgM*O5ucRK3rvwLAzYBHzJ1avY%1Ml6I<A2>sUtXrOdtVle>Z4zqIgw?o?v<_o7O}
zZ@Q_|zpz)!B6)w0eG{4kzZE<0|KxR|21eiXRgZrpvP+V5<d6iALw6}kXa*s}cX$2E
zX&{kS;G$Iv(KF+jB?}4e99_9mEmm}xxJd5w&QKzVKLGra@1!dtx~^d^wX@x3#+`P?
zv!_0O|9L>~<6L2%G3to*!bT~3;i#0wvtP<)<-nBH!rnTA3_E!w7>!;ObE#%r+TdJq
zO)@B4-!LlgmGO);Xst4OvVA3yKQ4kMtekR7k{9(_Fi(q%Qt7Hw3Psx<dJOrX9P}Zn
zz7*pW7qK+iN-8BI#CRFTZ%L@9Y$23qlob&RWo6jaWt0vRm8fbh@1D8sT<7drzy7u&
z?2coYzcVf!NWBK?eVzwh4XdWiFev%F_7|m}sgrEzZ{f!0f-8%*AG`11S3vLiJ<~@)
zLR~W^nXGerw@-t99;89nO=ROGU%Z%%L%j-U1l3my#O=Ll@Bs~GdqI#*z3b--Mu|+#
z)45gsIL-whj!K456y@x21b+@<MbR!)$3jVS$S8CJ`~_K?D7%MQ8<&L^j;n!NaDN7m
zv}-Z@d1i;`Qxsl{$dgf~7SXFAyc%A6Vv%>M)&7TX8{d;s&JNzEEc{ql?&OSh9!jKH
z?6HIUPw43|p=apnI`?)#J9Fm4Hs4<&_Yab3p0fJp`L}GOe#?pQ|3pUQ9W7i9oK61T
z;AZeoNs*tH9OQ@pY?VQZnMcj*3j%xkwa`=&9#|$1T=F8(Sgf@Yb7}iqHy0R=*B_2V
zR+SESI3UCBI7{#N;Nc3V54#E52-}o>f*wU2ZR5Ni89gtj4kU52RsnEPQLE)VkMan&
zf^iBvO-II5Mi%Z4E+aVR8F1C)L{nl`*)AD+2~)@83}`)6n+RrI)z*ieksQysWX#j!
z<}o&~b5CDZ4e(89wM%pRto=gm*-?s%GG3ps{$rOgV0ahoF=gK6auh=Jqe}poN^dB=
zkqiUO)bS4TZeRu+W0N_tY|Ti^8%-b2!<sK#Wf<*0Vwo}*o5=8u<KGzL|642>4gZN{
z!r!n&4w+@PQL?hKs;TXQw+8uMwNCNrj}MHJd~LVzJtc`WQTkrH6H)sWfH&Da3w8c_
zXn5-<$L>+zpI2`$F#F&f&WW|^f&;@zk=5Z={wHCvjacC9Pkn0n-f%L>{G&5*9kaMz
z$?I`8?lX4>epBg)+?Pp%by*im`}1K5^0SD*io{gGqCd)|sf7?ENEYOfN7OB%nkkxR
zRFR4vS*O|6oF}HIcu-4%CZooTx*Jz;-55vB0Cpc4kknM?ZVsuy=Za{yzIS0x9zZJX
zfYbD?JX|V0-VHX7d{%&0Ds+Hme!CfOqF`zXD&s&Pmf^VAy&?P|a7z25I~`RHBpgsP
zDSy<$)Aqe;;HSd6%AKsKfz?kSwb>dPg5gr@7b$q^^1b-vPq1uIDxd%5NH!j4W-h+P
zI_>{~crzOP*Ww+OkE{K?;6mXRSy<jPPbSrQvNPd3o|;Vh)em-CFeLG~P{dCEFzx*?
z>FwL&2f#i^J&N9i@ysX<vLJOJoedQo7mEfsZlh%tU}2Hndy|{;ELTj;^lqY+pcBvL
z^C3m*U=i5ovi@6i0ZK)RhKOaQ9AAi7Evc@AWOYm>TvZgOP&rdO9&V?a;v5ThrV1+H
zqv6WC<YubgipZ<8kOf7Y9wGh9E}?IE7tDDg)AE!ITYqTwLZtp)BAUW0vB8X#%nrWp
zGCICN2J9YQ%Q`9#(3%Ku!!5LOAL~ELx2P|()8RLm>HjalH2yEZjFkH&A`eIFsS>Gt
zN|7A6@NWH2UGe^ZbcG^aF4sT7{POnw(LQVuOAyPHZHx|83^$U&j)1PKO9PTv*17_C
zu)xl<+f8|;C$3>SGto-eMQqpk8YjI!0UR*e_!LvjR;j8fYFVuy5Gr0vswX8?n{WYN
z6U`}H!Q6q5wqs3kP66ij)WiR|W$RsHR=WE{=hak7^9?3q`emE>?hnWl^xGFsglcaj
zqlsMO%k=ptupurkAY<#r-0r>~n}%xsLWe%@3VJFZ{}O6RgU23yPjCWQ`o0AJM;h0~
z(AvW2|LQ0%iSPfLz774dSzumSS=j(9$6tW#e6&6j=vR^#823q}JxgUtFkU=a_)8?Q
ziXYE$Ki4z<{LC=;>BsvMK$^jNP-J)10V)Vp7Pvb@wj~FO{Xl~J*N!O^$sCk(<@IEm
z_|YsfMlEz8H7Sx}ZB;jIr)vdNfJgjMM6p_Anxv*=bS$KXx+GdMU2y?(Le&7Kg^Gbm
zF*(hl5e5d%?yZj}%`dWvP-9734s5wVlp2dD9$_jJE!XC}M#i}1oZ69Rx6`VLEdiul
zezx(;G1~7?;ELsaR+HP*4=#IP@1{x?s4#PUV_(`489NIN5B?_0EN^)edDgyfV;ysD
zgg~s{qb-!qY7K*V=Xve{XX#BSj<t5@UmT*ZtAYN%X@it+=!O25(Ep{M<z=M4vG-Xl
zjTkXs_WLF9Ex$ZfH017(gycQ5q*9$GGRAI;Uq=$Rzu<1gBC?i))Eq!@A9lPM@$&3$
z08H0r8AfbFd!UsBJu9@XPJ-{o&l2OeoLdN`rM4@(J|!sM#}<H(>Mto-rCL3I@fq%`
zZ6KhUm|^wLYS$#+ZlTlU*ynC$+R#9^#i(=H1*^?KRkXY8_oj)etrFypLkWJ)J+&&f
zd8T{ba(VO~!=Q=N6KMajf-(4f@vUOJRKf0JA0Y3xrH90og-iz}B?KcitIJP=kB$eC
zE^?2q@gH{k(V8&&oTIMd{V(%E;UxJ@=)Q5p|2B62ODq}x@*5KVj%Dbs%|_|UN^65>
zE&dv0=USCsIX<`m$hYUvS*o=noG9a$_U$=*e*2c}fA}TiJTpAZo_$QgjxXL1kopi>
ztH=vg0!|DUMK*_1`QL;`H*z7^w|DsS-BX}b_y<=TI;Zo1Qg{{h+YjC(#7+4ta#x~E
z=VP5o?XSr!h|fX>5)xAhi-M$0Q}+o<ge=Ho580c(ZJh=Nc_foZ9++rYTJ^g#wR}V}
zPW-rsY1ih%D02aa8(OrA`MQFS_&u}os^@PzD-6EuPAl?3lyb3%tF?r4>El7!ua<Ov
zCl{oED8AV4h#JW}a%G>(zC9uE<X1|NnQqQeNVUYKU)mdfVeVNxbq>_CnO)_M)zdKQ
zW*{pr*3`d(KrY=wR#BYoAY6RsN2ZoP{^dNvM{G%Rzh!#r`}*(icK>?@=by2|-_?r5
zH+{v?)WFE(pY4n~F$|Cc{KqvnMvAv*$CXf`$0zyk8{mwv3fECv$BZU=kR-2P#R
zNSBPm^utqGvoBAe^&{*8iTEVNq5~;5M8WHZ9@KB+6OJZJ6jUN%GzN|pSY;-9YpqOt
zY#B6<1(5r;)h12nsKGi{(feQ*UFCfvs2OU!_9;!1U)>8}Re`VhjC&JRyy5g$d2!&u
z;5p=^(C}^$gDXVQzJJ-L{~SJ1{C7TYCl`DB?*VoHq9r5=VAh|$A0PhjD(JsnBjRrF
zXyWAb-F5ZP{;R)Q|6*dNC5PydL*zy{aYpg9I~{AVg17|Sgml95>3jQfSeH`gg14F<
zA-u`a{^k(xXu`KN(ZkbnoZKIIeYyJp*+zf-^>qvEVr=9?qe&Rkoai)&d*_QV!g
zPFz?x^2P)k0x$Y1=zfa4B~(*0#0k``2hU`dTRn3sTKq20E8kk-mF#kqNlwv|h0EGF
zRLD-%$iu>;TD6Z9@~G3na&*$tXy6|A#Di{XUN65M7zR*icPLmor0`=63anwR=1^3U
zCm*3}f7%HtZ=*+!{i-C-mc6=J^ShWvK{iF7p;lNE036#I*1lI>5Iz>X-l-2bBKzxX
z{t;);3m;=5gMO=u?}DkszjHSK1*kFxw%<&ve~xOZQL|D)R)gn3OU*Gs7xoaAV9pmk
zYPcLKp9kpg1NAokK@?6v$8;Gx8E;_9#1xg!z?*2!e0;|+&Nn9~T-6s`nLbphoWYmm
z7ccn&ZHu}FLS0jn+3VD4x9imP{+#pYeOJ#9s2**1axG{Pp_|BvO_U0MZ`%>Ghs=m;
zC+#*M8qOgU509Zx0zD}{IX+Qge9<}8%tRS~n#hwJJxyPjo}dWT0s>D=e`0NFa2%W(
zW0q)|YK@WcRXA`^NgD$9osWh<E0!WVsR3yb(UdqFt^6G4Og8%*7nj?EH1`x26R})Y
z+FU8q(o$6u=N@}d(hXdB#Afn|c@k@Ws+tyGW21Pd&IH&J@S)l){aj%hhb;bburx>Z
zB9@=pfXhN<(tO-O=c&2bBD#apOVUD?Qr&pqNt$JE^I=MMkg=OKV4?IFAwYghcHUD3
zVsHVhG0CWtsX8WubFn!olcSIW^e0^)f!&rpi07*A(zGdK>p?}&B8Hfo&S0x&nYmS_
z8P}i85)f@dPyd7yD;cW6MoL6BmQ@&ki{<4U3Z)nGDvaYIIj{5jRN7)50nNx3F;bjq
zk899T(#PV_j5%&iE9#3gpk%-w8najY`~_%?i%Nq`7z;L<{b2)=7f{{poD2bxQ(wZs
znBT*{EgqQ3YLYBgm4<V<$9onfcn%OGGqC+k4fL4mmxcL8i_A#Fug3u|*!ZqsK{#mV
z%kazy;@q{JdbXa&9Y-C5er#SeHK|sn&oeA8EoQFgNG~*s!~_;un^#Y=L23v{taG$V
zZ3@t;?iJT?Nig!PH7oWIVu1|y*yY3&uqDjaTT`C$?GbyG3KTP0(6T~%jLjfc@P2>E
zLU%zpMy!y^-PHMr5$gPet>T2w>B7+xL+QfQCxZQ1rz*FUu$1N^%KaeTlyh&)AOzp@
z1ZM3e`c1U|Ki1wkI`XL77L9Ei9orq-wr!gg+qP}nw$rhlblgcg_RBfn!9Cx-<DGlo
zeKmfyN7Wy-N7b%Xd+jxA%{dhv(DPtzbZh9#?bK4A9NCl1>j8lIM-zCKkq?h7!}&q6
z$_AjMM=@~yJ!$Y&hn&N^6oEsn2a0+YOY@oJmN9D{YYowNdPkLZF>tqIJj-4y-dY&7
zMgi&Bl!T^VQMMiMOwjCTa0jLRI~282u}iB<*6KPzAoCO*Z=_pFH}Jite!I}ac?0O=
z^^PwSMX>$$i(RmITY)FdR+`|yw*6Mz0{^sE8Mx~JPE<5rJBU=bSgf*O=v6W&Q0j!M
z*prvjLtA9T+LS<St$%4bkv?ZWT>@#%(mlN_Homg4^88sld4??x;@4byFy)=4V{Jda
ze{h+nc#EgTDxi}Ul{`V8{1tt1mXwT?g{p-4eF}X5v)wG3x!5qttuu}Mjr_W_CA-@r
zKy^MJY^LyhS`+Nc{3L@j<^5YCR8rhFJ=g0@mW)awwPjlP{ZbxaIv?Iw`ZTW$4OdSH
zDUs?-NKTWRP1eOY(RrTuMrq4X#b9k2)4CkyD@Yl=p3Ra$dh^pK67db8D^QX{gl9ia
z?+*K}93Q{e6`$*t>nc=Smm?Z!X2+lXm#l~<6nsL@K~e-mVg^y2DXBFmbHOW80<tZ5
zNAbA!#z`Z8deWg%*1ujCER-djDSSb{P`=e=z~P4ZgB#k!-Knyjp(wPzgo+>BC7QsZ
zAHOmnr{Kg1XIr<#O%RUnnfo_dImgR3q3jVw30J}h?imEIbp?)3d48&>&wRsh2w4)-
z1zcQlnI*5C0$(~zAE^TR`Z8Za`Ma5A;^-gqmXB?lLb&GZL45jlKi;uEWR0>-5qUM4
z?G(nb%qKXcNA2U;M>Uye6K^-~2_qd-qnqFs*!*!kJHz{n49q7yGk;I#1D~8BE`w*f
zCRF}KAv<NB=@xRXJK)$ZgU~HQZI`3@Ru_BS9;MqV5Sydomx|yKsJJXbm!9YZ7KfrC
z_9DP9nwRx+$rf{epV#)q<`EiXNQC+n;AcXWo-{zBz<^aGsncm^qpNXmxZ=~xei)Jg
zw)NgqR|}rT#b9qAVE+h+C#?AC_ZRvn3OTA%@GKmIPEb-a-upb#vdQNlGM94P++W{a
z%z9JcO{ya9KLs|x+~U^<C4kG$FkA0#(H*MOAAt0D<<B#$7sP*0J>MsN(R<eKZ1W#C
z^6y9XPUZ}T4u-}SrVK8I<~Ei_&J4~jhIS@~P9_ZB`P<&r$=LLtq10_Uxrd-{5r8*n
zARxB??KzbGeYStpx;-ko_Nd}$yvB7sSv9B!zmSY9;L(H|p?7|RPKrax7TuJPib;l>
zY*gZKYd2XmiFI92E9t-fYU{m~wxDTIEO~^y7cbcP-nOP2CG1o^Znn7H|L~qnS6_d;
zEfe|yrw>I&fLs#8?JFm>-jQR}mmgM2CRju8p$=Sd*)b-!t+e9CwW+Q4YT8%VUh-Jj
zFh|$$AMQGC9{P^$#Dc6|Zy90fUA-C(e^{h>@rDs&He*psnlU)>dQCxh_2gf9&)+@q
zgi%LI*ItWF!M#+R=|b4HbcwrCtmy8pUtYCk8-%s-i2rik+}b=2pm}627nR?RH?-@)
zb+P%(Zp-6x8|Kd4gs~+yj)U}aBcc)(B|xcLcPxabfCGd%(98A!GR~^sEctfJyq&M|
zuXy5gI;&%|;MkeZ`z~SGwC1wilHn&fh9;s-Jdu@V9e6>#1Wxhtygs<8PQyS05M)^9
zZkGK-@Y0O~2EKMVAk1`4p7-$^5vmWVhoYV;jSWm!v7$>_DZ19SV!1DCX*Qfi*mQK0
zQyoBx$l#1c#%fSf84C{Gpr<&77&A+0_LIXmm)0MOn=TrgF2r+m)xR$hvaNv=$@M;L
zC^*bm^QBPSP?xSE;pGdsvfZEKSfLiVq;-Rg$Yr9lf+kbQ&TY7tcj2YmZ41a};w2Al
z@_E%65qGS4u&e{l<^98u29zV*Id1puM_Fh^ZKW+T+*!0F+V#GWZ=7=YMJ-s6m=1|6
zN{Rl6Omc4FJHCO9BDXx6j%M$H*$=pX8I&KMUeDpP$vOK;KUgDGjEY%M&XCu6){!Hc
znYf*yuCV4vVQr8m&7uMH6RGKg+);5*%S6B9s8XeGRmkRGwuOn{wKwu8S?^dj!zfEl
zuZPjf5=BIrWQtGD-d*=#QQ8Ijg_PE*CH6{xW`Tbe%ll~tq>;7X@DVfAd=(bIWLmH`
z9;!9Om1?#piY~`iR2K^<#?VwcN|JTs0AA3}$Ry8^E1u<5X?aCAXyvRlr{9?FjFd{!
zX(Brc(`gblJ<=u?m2gUnL$9H$BwDSoHE}XuO^Bt(1!+w<sZ@n3r6g3LE2xQ8sYE;$
zkI<D8X{pXAxaKETs^{;=I98Te$)hv}eWOFR<$;pxGf~u(2d$(uWTC4h4F|J`>((gd
z`>W6YfJJ4x$?yl?(l`|kY34<5HtR){EPwqEHPgTB43NwwP+;Gl7gXQd0@weCU$uji
zy@RQfi>0Y^i<YhZCI`yrAALcN{!U;N_pZ0&_(FFDn`K4y)b7M=@)2MNlEqf73@0+`
zh`MpVKI}x#mL9ptW`Ru&48qwdmZ1zoIXS&E`IBHc6yLe_aFkr#{xRpjOp?&j%FpgI
zjnVX)Vi=Z<<hYrUl+(tUD1vG0*vK?uN~vT39OlHDM4ntwpifQ;`%@~-c`q@_eV3VW
zd~LC8ac@b29}PbOn4F>;IIDL0xXBC$!DHHoQ=$?>-m%@1s_xabsHrZ(9aF!VIVH)D
z@7W?gE8@UO(Fr`p&LGySk}w)Hlahnzr!O5_`VqAvv?E!P-l$hVuR%;8oy|pE$)%gt
zIO5LKH&MLOSJoP@R-b3xKUO4%bYwC6O2;jD&8;?BNT7HwoN&?!KQ{&0A@_Rz#O>yF
z2E!zXxpx?lMjE#kJ9d*@=8kfr@6jg2)6X5YOA8FzVdgw()9!qEJl$_9b^GZiJ>z1C
zMd{lmp)x!0HZ5Z7bky3<PG<%1KGay#v@f?ha;5`Cyg-nKGowKNAV~bmmYNw-1(6Xu
zmQ3B1Y+Rf)xUm!allaoQ$Yf8xbGd*uTMO^?txc))+c+)@jd<2-MI7u=@Wq5+1|Y9e
zu1OGT5CP6%<RylNMmvZVEZ~`sy}wt+sr`!w!!=EbZ>-K^aE?$d!C*a9D6s!Dl&2_w
zvCzfli909G0N2=o?GDtL*?B9&{8gFzW=6nz54M$<_?QP7$@*yb2p^!qgb>-33^PqV
z!7EL?>Ol)?=uNJ|Sh!K2Bsr8~B-enPISw=3P{)o%UjE9S%M*|O4h}+XQR?61-4sD$
zV1`Lh*OZuGd)fan<?@byzpX0xH|7>@CBZdUGKYvxlm|6AjQQH9<f)lZx%cwTKuv{l
zId${yz&LN@!`h_;nhzpRka<i-os&g4rCiLyIOuZ417tyZfOqjH$VI1EZiV?pG($|R
z-G!7r-_I?C;u#gj2EYL3L>=65w{$;Yi)nv?U9M2LG^jsc#iQnvZJRy}*x)pu_CN|Z
zyqUTn<Gc`n7NTwFEbw>qN){<PGsh8UNcWKYzRfE_7HnX309+DJeTPmDqPN8hDhZZO
zM(&Q$<eBdDFB@rtq_X@_WCzV)B%s88(2^O^ge3urdURj!r==@vR2|__T^m^Ges23)
zZ`D)7OcU&RF=CZb?UL?e3_g#G^QB^J6=hE7As*R)OsXPh(#YhJ!FpR~lQkqwfp^CW
z+#?VS7yv!U9A^yMCr_G*^`&D0I<!S(>9~d`;m{XxIvUX4{0Umn@k~WE6bGN9bHfC9
zeboFz)*`+kpBEDTP91V-hbx&9F=_EZDk}*K(1pe<6d2bFXM`L=)UakSw6i*EzUc;<
zjgiNw2ZYUiO#x?+e5o?2z!vg3L#G<woG8YO`x>IhGg#r|ks-4=H64}8B6d5F=UHc~
zCC5xq0T>^NF1fnfRPz$L<?Iq?cfRAO|B4CNZ826{1e672a)=IHQy9Mkh3a|xm{f#I
z6XSZlXQhUPA`3ZL9}&1UE@M-{%lti$vjziUtbuBv{T|eHW%P2&fVzG$5V5f$2qab#
z@bKi;iypKQr$eOH(E2c_VfWu+`lXFxB1!62QH4LMrTtKF_9_JCq5gLUB#a&XKQa`g
z86{GfhpKoJyXpjnR}eO~9OPEy0bvCQkv26&nAV_YgZSL60o?c!`k7R9;X6N$PG}aX
zG;7Zb1{*6eh9mK>{H^Ex+An!fH`}eii9j|&kY`Nri{pPQM!JET2~Pwpr#<}9mn$>w
z0v$^2Tn}Z*#3?d5aRiGE8y{6>f;<qA3vEBpsPjkRt<e0oy}tbB0ZA$xWF1O6aO1Ws
zQ{2F;r0?C(_5ao>-pmWIKM89%drJWcLk+GqLl4#q#(19UuBoZ%0jG+ZVOe+^ZFS8^
z?1@b?om&I?DL0l@s($<7wm{8KEVrt{@$wpb#@tK<khfuXePD<LvJz^;>OgEl@)^sY
zLnVNVZs|Db*kM|CZ}b0~eEN!pSKuiJbyK;fG=)gXo-S1A4AC~X$;%LhI!)LJw70Lu
z42H&W4nwsY#WVk{;1!N>5cTnER6S3X13w{$+Br!>Ollimp*|p^&<5O9-#IKOc1O@J
zG;fmtA1467iV&)h+(!#TN}C%K!1lAReHM8wH+<z1_9%TvS_|%l7E^Hx@&50J)dZri
z!{+0x;PLO9@i8=CnV|)T{NpG$0UyLa`FOs=EDJdd4l?lf_4-=*btkF3)cAiViAO%?
zsorGV`Y9mcpJdYTq$t6U<V#T_KIRJaoTp(ydZ=C#bX09`r)6A)z7@#i%ufYT^-OOA
zY@dBmeRG9iw<h<_v7wD&V#p8_r3(aghTO|`^6yV}<S;W85lT>12F$@k%6f6Gt=>Um
zT=?J_AX!us#)ZmM@tiY+6Xu?OB$Pl0@s<4~ImJYu`O__h*++%JY~>N}OyuvP2<~sH
z1ib~B0W#;{ZH%N*8x(t6hH7)4DTYdQjGY2QJtc^wz&n&nL7PNB06=t6Eq-)bvFu0O
zx?O{LytOh1UFH%RX^RccR$bnq>`@-0*Rgw{k2TUc8HWhDw$>N0PTC76-Oq_Vgb1OU
zRGX|w7MYY}t4D_D!5hO{`k8|2U=oVfV<b-1p>>hYmp@0Hh|UblIlUCZi$S~Kr41E|
z(`Ax2N(|Fq;kh9HbOsYMxBGbc;?sBz$224REfKJ>9He4^X^<I5JMEYTL|_?~#PM1x
zb$ZPy-4=u4#j>hcLn_n=9*;1ZLMj*7&aoD#hY0(T*s29RhcCdiV-VlS)*Q$IDdap9
zRg&X4ZwI#;$25JiQOMiu$>f<Yl1IwnnD1$n?i2Tx0_nEr=<5gdGtT(obFKY$Ywj}_
zuZk_eCG73-KGlkO;VaX2uP(d<&ieI~3{exYq9r^PK&=_&N{3Qg;M1VX;`71dVM>J1
zK(?mz*qYKKRg|9T6eb-8F_Npul^vhepc_-fB!Yk1Sry@K-5DJwD$g3Wz>Z3-)>0u_
zD%R`FIVqPht{nXX!RLvSQipW&!@MRoCXd71I)Ty|YsE?2O9^{LV<IJ{MxUuOfxi?F
z=fz~A=&QjAM@jCm;P{%i_OP=!-f%Lh4IviUYAYEfb#W|Ck@g()^YN7ha9qH^DWNbv
zvk(_ghH`rJ&|To;)NkgKv+T&f<>!8fuY9VFj;CYt4K^~_dvg;xJp(TTcQy>#n1XEn
z4GQY#Se<fAuTX#uR0}D=7t{iS9IMXt*ZO^Rh=iczPap<**qTL|+~!WK`cw_uDC<P!
z7vpW!xZCYNat-6mZgO?y(b6Y=QE`|7>VBl5KPh}wzQQ?%OAxEnRMffhBtr3?h~K2a
z+M3NZS^}RyTGy}hhSOMys*)BA3fPPW8}NF1CZHCl|IrW<2OG-buN4Yt>6$|QJAr5;
zQLxw3-}@=LT9i~N1U9v~N`0IOoZLV2LmF8<C6MDyHR<&2K(4nEs(}aY(y+|!nhuaf
z^=|a;cZM*9tvdq{ohU5Lg5?CLXb;Gnn?RfXOamQT@bYjD>NlQxqBB>4{D~ILlQjRr
zI#SUf6IR%b${(r?#nawsgGU*srM!rA%9iF7cmM?mSXFoilDrLjZGc8kXBX6+1(DJd
zw*-D7dU*S=BTkm%yQ=zhdfe^(b8_xhO|GU)x|*f4OizgxNdT4RMvaJy#2!eGIw!(*
zQRAZGY6uuOk!Nt1Ed`1SXk<2^B0v%U`V@y^Gj2>ZM>45iVHk{O$2NO6ag-V#d9l>a
zG0gar)wKZbgy!BwnXRmGaxj*6E;x0^O#0}b@`ozY{NW~!0z`n&bFWr!=0$i2dtKt!
zsBTQ?#l&06YlM~tWMyEpx<VCwPNthauIUv8#rF9_>S0yLD+uW45L6gPpHmni9_O4$
zlK@a%BH+SPDAWs}xX^vVN*|@<nMnR?w)Vlc^0JL+_!R$0IvJFq>3D$;xXP7_9hIbA
zN!pxTP3)Irfb9(?6<;~E+HL`fQrD4^1g2~8pn53##sE#U%%Um1S74eT%{LZ0CI73y
za-W*6K}tMmyS-5=Fr|;*_47Ya2dIBV9bifGO_aaE?zZnv5Z?du+CtyTkp4f*i)9_{
z@A3k}_o<Eu#ef;SRg=4clskxzGB(pgt@XRSC=CLEAXAJm_n8=XD%%$PdixunEU}G8
z;Rv}2Qsn4Lj5v49jY;tM{4C(7HD*z-=R;oQ(yM1nf2zM*_;dl5Kw7X$wr+F7yPnUX
z$uLhMw*Y9@-2*Fm_Ps+)=0i%3pYhBJ2D2qt*%TFl^yjyqpL>S)?9YQ9v<OK913&WZ
z)tXU%I-LW&`g`Ab+Qe38c=LM%4L(qh+@a&9`83C_+jHT*N%5elFlp6IM3Uac_arL6
zJ<?_7B`Om+^blKg5hEAw(yv0}UwoThdyYW*yrs^}NuH4YKAKs3#<&Tn&0`)KdwS%N
zaQORx!SEYdZeMVw?2+!{-r%n#zC-mPNLS<!KGKQ)p4+8X^U~|Cp{WY{p0_0srmtoR
zzn7}JtFpIy%zMi!SI>>ID}XlQ-Ue@wHG_b-UrQhUz@Y+3UaRNZv_YJ(OY;Uj#!YbV
zsNTwRQaU_J5y__v`_lee&Q6(aS~CfkR(_tj@?*VN+4X2U$ry9^drgDmrg>P3|C7WZ
z;C)-vAsQmqx<xApckH%0!<D_hZ0E-9)DNxjxjE(#LAzr|)kE^75FF<?%`E$2O?mo{
zd&ajl0~;G9G2d%6V=qMih#i<a$Y@jk3>nBOWw7<Q*x1S6DwbE@I0N!LzBIFB-kBqy
zReYuMHm#NI;T+ve^(O7b+)6F6ULJB&Hsjq^Zqb>A4fAdHjLCpZNwS1<)gOWItH!X4
zjD+`;KbUst7b*`PvAjrH6$Ui|*K^_<*iW0vY?3*W-8pcXe>c5Fm!|6q>%MHyoYFV&
zo3p4t6>7jn9|>{Tx9lkAFhR1j%(am>HLy6-*;~Ek9@Au(C|K;@2vP?G=rk5cKS@L~
zTUwnE=V(MZ5<bgQc8ImrOhtG_hu7w6n$Q0p#&7M`8^-RIoG`9+A!6l2KPTeUi))nr
zhWNute_HrNfO~&?qL^pacJB@&DKr$=$8?K{m20iUyt#mpEIdSZDkNu?nRIY&gsF0_
zcS2|tge9aV(Cx|CqjrEXhVNS(wDT3Mw%9BZ?wF}Dx!S7CBZJ}xERyM4p<#wEQb`NA
zzP3v!=wCw$-KJbqS!zfPafpj=iU76#8kK8JEyM%v{-T=Kz6c9Q4i&J`%?z}{5K6=w
z;&Nq1qb;~h_rZE)pIyq^e*PpK8|W=S26I2X*6V{L4c+o`Xm!G~cBceoX~pt{YegF_
zju4d*{yjD3n)o{vME~)I6X+MGI7sdN`NAX7r`4&fjGu#XhY>U=eE@86zlI`0vWv$z
zCx8=gScEJ9=ax{rQL^rLmUwn3BB>%P>w=*0+o+whp-m;Vtlipz6&0ixFod1Mof>>I
z4O-N8h2!0Og@&^nNt#63%`ToZKqp`wE8W^BpQySKfzKH@IWW@u`Q6rXVcU*Aub>D>
zSn@JsH(_Bv(w`G{pl4Vx{exb>O?-6^2edZFF={AUVlcHIAEG~?0QVk0sF!+zev~;;
zWwW(bHp_@7q*W1r-ISH2A8Q-Q_%57!dgrW7vQBChe3G>q^Bmu@Y|AOcD<(laaSnF>
zCnd&q(!H?IKGVw!e3$528t|d`c#bZ=cEbuA$J{In0(ycP8#OYx6Dza<j(HZJoic+g
zlpY@wc9VbS#1B#JO1_qeD?*)f@vSfRR{kKuI`dCGW?#C^IBD;`R`1H&p<6an-YL#9
z8XS^DM$-=B67vwu9|Uo&&_@;E`wFvv=e)Cjk>$r27=~lQat%iQT8a}gOG&A6Ev)TW
z&P=c6%v2<L3RPc;{+z*io7q#$I_>vbYSOB5z(+4~tl0%Fx5EViTCZZYADen-Be)O0
zhoY&zFmKj83=o#=a>3hV9)qzR35eXe4QI3p4l4NMk!>|mZ^Sqp2`$IobnfQLx`T@j
zzM*7Fotg(#3En9Ds#M3sIc&_Iz~w+?i(5kiAE&WH?M|K#C>P^K)dMdol5O`TUG|`c
zU7$xQi<9TVTU;{rV9RQEF=CgW)BDM;L-Lr+$P$5d;n7NzSeGO6T<WC@^{6if@;kWR
z5)?t1=gU~>AOaCGczgJ7cRaUk0DR;K`!N#RzDgcLk{RnUPeXlwpb$%<UQUbZ;;yIl
zb2R2APL81gZkQHEMr8pX{CRN6N_7<kfp7J)PkX~Cr_^6+F@lCggF0A6)Kx5^s?`%N
zbs0OfeAx4I%$V1apguU+y(xaeaq6$wCK3fK@ik0Gg;HR%(@`;6Hq{w^L9AsXVLFZz
z=m91iH_t=0DL07H84>%e!;1=l?t+z<tgf==>(wkY>WCzIcHr;!p0G{Z_D5{0LWBXb
zJaI5U<4S^iWkeRMxL_|^<};x=s5#f;cHFKla3+EHO!2ic78Tc3!ZAQJGzw*h*ry>K
zjP#x1;;^<O*sv(+E51&3l=WC)cj(m}``&8|KLahOtVnt)h2X?^V0-k!Bx3Q_4LiR0
z$19G$SE8>^wQ}gz6f}i;b~glry9`{mtwQIQ{Em`oNMhXu*PlP=E0}xko0?y6AF=$0
zi{N_Od4K2k@P&h4AmSmJGVJbE(Q2tMS)t4sT`eVep4;a@RJKpsxD^zk0Aj;5rW%q-
zBtJV~?qqNJs))t`UD^>9G4|v8uI-GjF)-}%Z=e<q0LS<1E$K@g<CaeSr9PvF6uQW_
zz*rrS33p--P3k)$FB+kqkt?D{O^7F_q)uiZYxX6*{pNFHeZ*!Pqw%u${qffs>}xhh
zjI7+^JF*ws9-}*^tCVozJFD>-vV$dv?8^^ZF8%CRBTDq5a22cGkit>t^PH2Dl80<_
zzuWh?N1A8CdCZ>si-QiK@e+CPTP+*``nQFCS)()%<~xq&PpZYA<@$h)oS!cw)<!X4
zR_M0?Cy!Wyl{0}H96n`Kz0wd_f+mb`UnIW?jMkx-%c|dDF1(_t*MARPmp*3n-mw5*
zt=cs-?jBXc&Y+w3OF27~8Gbu7sm3TKeE`v1YoX!P{wUCHu+h9hb*(mhQ<K$_x)CnZ
zS(8b<Md#8#L~XQ!^v6_>9>Qv+LS#Q+Rgov;YYl9SZAFDnA-o<x_2stf)YF2n<uf#`
z@-XerQC+~UPb{6)ppJNcMEV0`xXxHyYo%8krF9AA;$+0#EbScg!G++<kofn)$;Qn!
z3i(SFTxS~3;XMnR!-*ZpQq-##Sm<Q#Ekm#{T^jb06<kPVs9wT3suxPb!+Gp4$IFZU
z943$WF_GoqZpp?@<|+$n&WiJjE>l@ctsi&3em~uv+Xtmfr6`&W4=^gbFjD_geJk%s
zth$)-H$LV3<-8xQ-*BoW1Hiz2jfU?WWlx8m^X-^DL3&|bY1T3xn^RfrRH{Bb<{Cr;
zX+0<pjUHPOFjR$h*8r9s$N`0oLuGE|>1@mZTPzzcZB@Zu|Kxd+*2;H8)NI<H)G$fj
zCs)A2I`Ybu#b;lhbgU?1g2X(ZH<Pzv#;A%96hHs-Lj;g?U`Ob8GnPuK|Fo9l9SviM
zo>j1>51hODDl|w}zcxmj_y-4hbMZpTj@=ED8ks5158y(yH5A*9^$ePSv4~_!`XXdc
zGvYIESZ2|7gDI60{s4n9vRn_TCq6jr3Xyt(F2GzAVA;0->t=8jc2<QPoS7$>&Y&|H
z0Y$1nysrpSKu`ze%enpDz(LnuXp~#zEO6L(UbWi<?RE)BJ`Gtpz;_W!s~6HULm|1F
zb>;J5+y5IulxKgI_t^_5{wjfO%_aLhsQuc?J~CqJ%=go(b4Sqr;SWB-aYr;bVL><Q
z_O@twS=fZLq)>!ktK^iI<`lJ1W6}wkSVm^>z1t}S3D(si;uUoz(7kaDjKt*7NVm2#
z-;qb&-YN8Gk&@d$Hfl4yRqMan1ujBbP+bC>;GQr|&}!HfuCgx$nmk&-)OZF{(4;1>
zKUg}*YLCUmgV6BBh8Qb6Q@=TsJL0#Ck0zySM&N3gZT?~jkn5$zWRud0%$2$t>gf2h
zsxgoSTTs_H_VecxwXw3h#m+HpGj&KXzATYZSx7__CGH-|d*)_A)!6s`DSA^ETQ^*n
z0sMnMi9vE_QNcFHd&Vc_+qCJXkG=vp6)5WbMY+gCv|ty|+Sg=D#5frYjQQ-Vh8iq2
zC?&T=;F%(#R3L|;m6_at=2`wxj=q$#EbG;a{1MEX>M!DOg_AhtN?}bJ3Vn%&3&agg
zAsf8P#x`^Ygd=Z7n>dW(S_w6m=(plto99Z+MiJZg_6+{3UB<;5EW$zSx_e5BuP3``
zq@8HYt;YDC*)OY&<!+}^%3G0|rd)~%ziXwxg8<QQ3bj3mCd4j#00pk_*dFKa+VWy$
zej<G7-yenSQTNxSo?Jf}Y|q`-sIbR+OPG$=)aTSq8<pZN_ZIBWPYU$b=cgW4et8tS
zQITW@;p1?N^?CNj2yu{~ZMN;6>EOVgNk}Ear*!*F84FCcZ3)Tz*;JP*5y87g{yVYB
z?OL>*=5a6L$Pfle_uDbl$W|WhslWATU2=t#Hhiu#iXn%F>X{;Lo)yUG_nXO+73V%(
z$vY2DIYB+_V>5TB|NO7J(8G%%`uu=uEVk<C<XB!-FmLK1NOob|SJgW3dB(q@zWpVP
zo(f}azXye!FCod@)iMhtQtY>1sA=34RJELQOu%IvVBQu+ctrQl&d%m5h-5^-kAvDr
zngo_Heut8@%R7{g!;R%^9bFyDkYqHp-VMsyE}F^u*G}VHDiu`EHCEv<dkKb>0Fg!h
zeo3IQ_oPy-spcu+TPzX-&`cEQj7)h7j5ORkbV;sGz4%E6FSx#V^SuI^<dm9YcZpnX
zA7wQ;)B$L)X!`H2JN}%^w1?LzbVO-dw1Ms9fF2bL?1^bbG`NdP+(MH+?gALUzs(UT
z;a2rim?!|#*g9Jvr3WBE)Oca59FvF2SBRxSwZ3w^d{no_eBV5`ug+WP)Uh`gds+A0
z6xD>Gek+Nh=A*^0fTuF1{+J>N@8c%OnJ$r;GANY?Yd9dJ94hn^eD_?>jUq*jY%XSo
zrolg?nvk%KA{=m*9N@03&lI!{^_mQ=REA|v*fC|{=f+j8>`WiHpJ&s7LNRASY6F~4
z?$f8p0gZ5ShNOB%fkl59?>$GvI~BwyqsLt8Xb#~qVV&YIp(vg<$uvvm@G?;WCpw>2
z@ZN&iI%H^O`-I!=&Vjp<=?e^-yITLL`t?8e2oU`@)%thSz<+cM{?Cnv6#pBqHnz95
zwYU3!nS}O#e-dMRC)59!=^wpz42KeP#oukYqTjr)|L$+ifB7)~_ICbtCSgMtV+$2S
z^M7<K<orA5%QB6=239mVlBn=NoN6-iucIO<3JOXhHE9i-pnd74WS2?TrcD|8XJp?1
zF6#U+EJM$YIQHCn>Vm+-Aku6`9LrqyNzPT>?yet@#()?M)s{SQ1SF4Vdht97f+j)~
z)lvQMenSKWd8+Ih$ZaefI616%BZ;m2D_d8&@M_&LI7+O|>baHx-h#>EgKm!~WMh;m
zurWnBb%4vj!}5h&QQ=@>wMV3607*|HoNn$D2E4AjHpoQ?QT2KwRZeGPOEti*#I&vX
zzKXf}Z{QVJjM$zsOiB+)i!y_xno;Paa^nc88gYCjgeaY`>}EnCZ)F9<JaoX>r2u=0
zCziJXIv|zq^m6H!Zh#5fnyb$lfMUs3`ivQuC8g&QE=Xx4AD_!=_4sjgwwT_zCInii
zg>hyd0ut63V>F@l291V1SJNX_71mk<Q{#hB91P>R(73B)Ft)7OXUWQ`fotWbE#~Ho
z8In@jdY^g-1#<Q7O$xc~C0K8%ZotdnaT4SSxXH>EKP(t6vx9b$eo8BOSfj8Fp2m6|
z9+mjX)7rXAIgX$>Jl-rEr%Xw^G@&a@F+S5PN!pn>l5r7LR<qokfMcQ=U^38&`3XMo
z(>Ska!5VE0xvU)m^a5)HqIPlm9K#p}doobp5sH!zE}7yNd4L`q@W^x4X@HvLs8>Wb
zM~I`Gq#}f#5!fbZu!#Po?DRd9HE&=>RG!iBvkP#8e0UIW@VfZ)ff}Ntgi(hZ`4jl4
zyo`d>jl;yVltxhf$sl<J1|{+dyy6t;k*&y_3p6iR+;0bNC(GX5OPa<|wrRKP2?d;&
z@cZ>|dH7RNLPV-QlC`%0470cIextVQ!nVRTbHcRH=hJxTW#Ej6-f5Bhp89F8`HYZ%
z;<K^h6~w!I$G#8Pe=p4QKgGU<y}h&P{}BAU@{0;+V}0&4G)qhlf&55<BFLo+>Heg#
z&yD%BGQ@Ur{gBS9JIRT)x}MiiUy+}nz0X300~UqXpNgZ-Q?yaEe9ym}=Xg)<oqJD;
zKVB{_+<~49wd)zJ4Z&7h*x7}4;8E{}+Aa4nFlgcSTO&kKrQr@6H<h-$22;wx642;D
zH%-TD-U{jnm`pI!GU3F?oWO@PW)MfB?7GMfAnd`>s8)W2LCO-mz3#x`Sk0xuS+`I=
z+U)Gl=GIq;@3j@vp(E-Nba5GQD|X?BxC{^0UWzXD4)ibwVMhr#NR|hVeK<%D+v-d4
z!=Un#+Fy#e_FQlXwQDsWi@A;%i~1LrOBKWji@Tupkjo}Zq!L67K9u8fA2igJU@Wvw
zy}kRNFhvRxEN;kHI3oZ;zXhT}2|V4{pn}Ihtx7~9%h*(M?d(?AckFD`t?JH~%~~3a
z59A2k9py>Vu+_e-G2!kyp9<(iy^)|yucu;bF~TP8PG7ilC`&WUX4QC;a`*xs`!>de
z$Y~NDr}znKCQ#2i;uABOXlYmE+!fRt2tAKWnutRu1Vdz}=P4}a$0p+EX~-DF`K~fA
zv9>2&n7PEI#tiOFVowtXIMzWLP1Fqx(1$$y?_8$x(2Bxgp<RrKD7m5T;{{AXY7l{D
z3{fz>@>>WjzWcC8z0yY^vDV|LXwyj9--wE+j+83RqO{Jpl0&<Pp4s89(46%R2#lY_
zC!XOBRrC^qf$I#7vVO0Rpm(1Y$(J<gmCBG8)Gbsvn^8%V9;#%EQtbV*|MN&ZO<)vB
z5cEU6!ip=Ub0O#$Wo=%++F#>}PmMmsnXV%H1^(YV*Z#4QxBF&@Q-61%pMKx}JNub`
z4rUQkV;e)K{~?+cy5vBakg{hkh`>Ph=Sg5dP&CkpiivQLmLtd&Jx`2u@pNY?@=!zO
z3WW;yK%XgxHzGt55HPtPFQ+djclq=5f$SWXM9?9TxsVZ{V<2;^pCroN7(#<LlCWun
zxK}znbLPY*5soO0OHs2#%!Dml{OTq$vrZEo2ywGuG{;Q}gOe;v#Y-r2rpFdyd5KZJ
zbuP09sBfziWwc@?yn@SB?7me^R~*@MCqvLOrj_U2)lMwu>_w#cy^BOG9%r`5&qd#4
zH~cDA^)`jzT?e<nFi5gr;!7w~bWJ8BEHynkw73SYKD#NST{%QU`WEtF#u1M;_R<VU
zM_-R2PkEb3YGVX)jiaos$@+h0MhEBgd)(RnGG6pRkEW>ly>V*awFY~)A=vi?`(M8U
z;~04Te<5^2eJ4|u|HHH_X742W-Djx$51Iiflc=4mt*O($`mzX`7&?42E&h>aYm{}r
zt%1;Zhkj@qXj6Xlzb;pn3s|?wdN;;ISXwBRSSSqz*$*)XjF>{0LmtNc6-31?`d0$X
zEdrTXKyUc^<yObZ4)4iM4mZEA?;C;vp_gTGeMUeOT~}Am2>w=!^u!1+=94aufk9w_
z#`UfH7GWmiUu&l|%*-r>3DD5wvrtFNxc&NCm$4I20+$eb4+<FV20~o=O`SHnJ;=&k
z^~7k5&xQrINgiAT2r1ktXROIzJcbsjC&Zn_vr<XKfZ~lMsagW5d8|imp}vEf@OU9z
za2_isd@VmXa$9}0x1eLoEX3$va61vnLWH6`vEawu*+qK`pUprY@NH9vp&s^F*-ppb
z`t;(nRvk|B2E(Rfe)H!M{hwXa893(xcwwzKDShB>wtTL-NrJ@(3T|>CXO*o{kzv%W
zye9hqjp5iZR%Utv&o$Bcpg8!@(J$L*Vt!5Dp(ak&(LWIlT#?Vt%HxNAW#$?`ts)hY
z8L}DxqXt614P0(mo2^+|$`x_ql@BUJ3%|*0RMQ*C*j;Odo0oxxz|fwj1_9nX1Z=uq
zVK<_*^O+>qoFn*+9p{gn8V|52%Q?;*c~DYB@)wElO#};<@TnTXrh_X~VtM)gYzECu
zDA0vE;*K)!;j|=K6~3W&=#rs`eVoca2am$1y2f#wnRG@*Z9-|_2r003W(^!1Y?EE_
z*~iHpQQPXJx<Cx68fot7k+kFheL(*;D9QV@0zSTjG5>pGQ24(K%72Sd$?sq^{7<i{
zcv-n2Mx>D4WF%pz=64;S2+^(qBUtGrsTw5O$;h0n*aeXa{B^sOriMKrJQzcg;OF)I
znZ>u?09KYd`#A=nT8AI;u=mhLC0o4ix%Dh~yvU7?>JAq)MLGTc@uzVI>kcmJRW*q*
z3nktfOFGY4@wr(sbRJ4<G8{Qr+-f6My_VX>AEwi=c&KKhsY)#c!wXf76&P|{b@xi^
zreKYX7cKLGv{QMq^n6!KO{zN@LSKjzWm-)=w#m+yP(i!SD6=Hz#l~H>Yf~F7PQN$A
zRekBC+dseJsRDipd-ssyp-A3z4T#EuBCoy43Ayo`CG1mLgg$=(g;{<g{MV(Px1Da>
z{$6Iu?*oO}|J_n6TYjqooBl5sye3K7eo+8v?8_K3tJDs4p}Cuo4j3hfQ6fA4KuNIz
z30*`1aqH(S_4;JPj3=l!B?6HmF~<$?vqHEgJJI}+NPG$4jlHSqF)nYn7qmUj0h)kb
zb^oxjrIz-Px>mE{?65N~H4Ya{DcI~up&NaExSVu@MF}?POdM=3T4ladeC>~!Csu^c
zFbOs`lZ;AVI1I@`z%NkT@B<s3S*35DY*&WwU`mf<uK9+>Y^ziXK<2as6L<!<(OIDU
z(gakp+*OtOiQ=$#sZNA{U!o{$<Oe5`mZl$0^_np9ikDS3h113XdmPebNyQR(1SQOb
zDFY@}J6jw0^$=l%k$x{bSlc#WhNPrq(Z)SCE<M}@i}#vva?P%8V~U(BwQEwY@6kP~
ztCg>xIS`1Z9o+z0mGBA(mjibXZ}#mJN$>rd1?ijul8i?;e+sVeC+fcHtuDJ+AMoIi
z-*vR?CzCgl+|Yj5D&*3ITfsYI2cG@_^%RcR9LIHIZAe?3z&<9&ehx`{9>-DstW%53
z2^?Ukbrk#YC&yS_et>I!vkh!mg14~p4d}{nCysCE8#?-67{5&2bb2B>p1Q22Nu4|2
zKHB~v^k5e!7$l|?09kegzLm$u5FTA`6vNJQ;Ge29B|W?jy>FlTS^WQAVEUhv`hQI*
z|41G!Y0w@j%jjcY?kIl;rzD7i>&a|Pu@mDH@HGobGb~O?6(|gVYr0A2OdOb5dNYXf
zT`S64=xb_H3Rha_YL;QBQR4$O=xlAb(OdplS1tJ1*Sz-G>*<*>BXa3u_g&BMy3h7p
zXYcYp?Koe1-4{VVf~Hf!sIVT64%{4;{;2M6Gj(iw_lgSq?!}YEXsc=m-Bncdzpi|L
z<JGiDv-i~(RQY@f01=+#Mz@Lo8wT@J5|9>nSJJIL5Tf)cF)*UEQ)Cd8%#Ef)e=G<7
zBn8L|d@I>1AtE-d3*1)vqj=+=>}7gu9MLR4;ETTOp)df9j<`=D>VXwkUOpg?jz>E@
zr}B>1r@#aoNBvw933yHk98;m~KZMCuXh4#u_K+Ge;;GrgMsM*@8*rwU8zcswt12IY
z6;1aSN9!&h3`>h-L}$R<N3Q_1Ak|fTE6Kp@DBP6xhYQqm<1FBkgvwiATSZ=kV#HyA
z{3&(NU_TeuqAeXm>n2mko;O!utaTp)d;bidKU*%eS?Y1DVL`Kr0vJ1f7cJQMO8d5P
zF7D!kXrX^vrolW5=fjcnc>2$O1PBRpw^3Pk4EO16<^zPa+84XJZF_bI%)JH<3^=gr
z(8up&^vUA&3D15-oFIliq~`wlxoxq$A=K&3xlkLTW+|rd*_QlrTT2Abzz1RSgHl(k
zT67nS9eV|;yf@~`la(Mk*pi#yrZw5KlzW~=Q8>;DLJ>_E@k}ea<*&v<<Ia31RVF9q
z1y4q3>B-OEKYlPa%3i~T`s~NT`D1+h-GaYZqd0)GL0H*N-ee9s_9&<MgpQD46J?rT
zl@Y@HfOmHwsUK`|la0;kSaEuwJi*aot#pTj64fOgd_b1ts-5aM<O=1O*)DC*y;se1
z)_(vot>``PVimTI%es>Z3&`e%b9gJ`f^#8br_W(K-qK96bl04{qQ_+v{*-8E;S3$k
zezU?usvlJlX#!b^cQ%Iyb<+?o4x7l3#aAo6h=3H{d6l3Xju|V?yrbKheK@_8%%@8k
z@TD39E0N;^yI0xmb&zkfd0_?V7dAga)`8AWkeaU+b^g<%O|W`K50UK@(2jg$G}m$n
ztPV2;n`ROX`M8EwY$9!aWW$TMWm8JUhIGcX@i3a-Eea>^u1ccsVvH{5e5eAp#R01C
zV2odGJt7sL*yvNFjtEe<EFjo!OK|tsh#qh|wCz3|?Rt(0-0i$2*l|Au#d9kH?ZnMF
zbt=-uxf0XBI2kV#$G|mp%%!D|9}#VA7r{t#wB@9;S$6{$&+E7}nNsbB;;MyM_lW6t
zv`ivPS%rba$C9Y%lfy9i!e3$WGR?kVmgqBA;|#TQ?XIVO4#M>t&O>`&kLla1TbSDg
zBPRzXT#SJy=KZ5f80DEZQdpx^=A%zya`;!-NBTmZv&qhKC_}cU_qTswU)L?-yE4v;
z`UYh+iRRCDZ3BtdeX5qP{S60>-zJM;I`^Omq!pj`nfMt8C67hTvu4bx=W&aLxiVQx
z&Zb4jSVCMZrlV<Y7K$j&6(-arH2WCz31#8l0rTQp3}BV1Igrq_?_V8Y)GR0VKC}c<
zZja(WoT#s6r<~GgI9?GxXtx>fV?Sr88Att!W2V6r(U!R$UZGYyx<BHc%nR#IulqmI
z#jpAq>g9O<+->?zRnI{$cGaZiNne^TKzZ=U>EiJV|Gj6t&U(oue}QIe_WO~B6WSVK
z*(eb862wd+=h*A?)JNP!cdk9$8mc46o$hmqeWKg%OuK6sd%_xa$eSrEm!2_hyrcYP
zCG#iRki|Ul7Bl_a1Bo*mha{V8l0j)Mv$$M3^0gR>bfmG^LM9S|O6`~$&Qcu$hkj|u
z(O6mF#05?|3$zlWq{Ovpjx`LJ6Q0TM$GZi@o=`8(jmA_O1->b^GV+{YYTilTdVB>m
zmdZM8!=kq#n{*0_#&Fu8#!x2rI<&Q8r)A_Ag_i`VGcBmq@rT2eU~a!|YYIryaU>dS
zrRl!RVq`yUDo;p`EmOc1mchmOmtj>5sPslB48W{TYy-yyi9+HQ38vLhsHB=eV1S;o
zvGPVey?+mENf$0?JyT$wzP+`mJkijxX@f9BlG5bGmGYT9bl)@Cn8wP11ml35c3|el
z&<n=c7@{ct37qDcu9?a!Wns!OCD7M|NdiNvZ;W{qzdh{wy5Hb(7-=hNznx)3x`LOX
zJB4)Ynk$PL5s9UeU@+d6vZ9*HpV%9P(r$-dOp$wO0pU2QpV3NpDOF<wh40(lV<&cK
zDOGDji4QtD{}HLhG_^Ha9)zTVSKx|LnmbY+q^P1NX@e=%4K5FCRLKj!<v6u9TOI^`
zNl)O4Lz+8Q9^|m%s?crlCz|wCFc`T~OJb#Ds+AH*UO{DS<wUBL6Nqy8UnRC>C0SVm
z9MxkL0Bs6Iz?lksZM9T>V@Ic7hwUgwYMf&x;RzT|01Qur70<}WU)J**xXc^cp?5rr
zN2Ip#yVC*KwLnZqGT#{78x*^tsq9+yUs39gNOkiI7dAdY$5|ZFZ62VWxP*uJivI4R
z(0oWmjv6xiBUO>^q?`@zj*jprV3R!;gDzceg}U07tFx`vn42v%ZdZ0)kM+9TCaXJ5
z)`XACA`QA(CT&i{no%+<vxV-0YH7<Gecif$<!tD#r8^utz?ky1E2;gq`BdKSQj@3n
z-Se9(y%{Ri)1HjP45FlMzMemN$~AR0TX1)HIrJFqSlo-RftaAEhg7N2qRX;>z|089
z=EJg!k%T{(&1TvgR;Ca12ZtvzTz9FdX-w`kt~z=#S-VbLZl^Csbs&~fV9$=>ELN;H
z*e_LQ6v;`mcRy$w+aB?+_Z?9VNoWyf81)Rd>IFg-Vq9{j&d|Jw^-j;LzC9W0IqTVq
zE`M$+s_8ah-l?gpPX8Hs?@#67c3T#Y(B*^?0S^s##FFMzjAkdMw(R{CshbPHy5FBB
zj}?pt5n~E%2SnctjY8W9;;aRdu0gK{%95|41<I2B%P<9E69n&83*I^pZDWYDCKTw{
zh-nI|CR>jURz<u97YJwq+B6BWZS9|R2GP!jXiYb8_G%#2uIB{HlCB5*%kZM<pJN~7
zGY`_$4_(a#U!7^d_WN@h!G>ud6{$MaKpM);2*Ut#!+;p}@&`rz25Y@mAi&GfsMP=-
z><+m)!GJF?CmVci<mXx%ZM}4Mznl~(cZ9*%laXbsfo~uiYITUg448H<_!<W8r4sBV
zGevzTYdu%s%%!MLt3eHzwq(8PzYL3wKwVo9Z;jw?A>eBE$D;=(c3VLZW5XVvQbx3`
zvY3Z7c$&;idZyUbEpU~RK?tqQXxf#w(qym8sWsNjwl6Z;F`%{&cmpfyw`@}@EvYri
zwAv*;puCy}h;oj2SHID!N?Mndc4+$yHG5_oarXGJ{}_7BH+NQ=Xfp6^>S)ef$o5Iz
zb<*1jCbTc}p}hp!x?wR?tuE>y=h%<5t!;+b{@!Fa;5^29tlP&FhSjaff7c1f!qmK>
z50d|<x^tc1*4*}+28j&$-)q<WFV3zi_SU9$&i@97{NwamqN1(5sD<|FrY!-Dj07f%
zNUfK@B)#OkbclQlGNP>&k0FL{?y_hnZIx+~xMVm>=y=cmoX-LhJL>^>5a+DT84V;m
z4?<kG*6)3&v9IZI>-F||0`9k@t;8ChpuY^P-AisRJ9ZEo*?krlMKMRuR(9Zv@l)05
z_oMD~P#h=*(^YB!Rd#aIoUI+-uRQ81HP9M>6Ar@;@0|N(zx1qJtG!iw?mWe&h(OQm
zq84o0nuh^8*Ieb2c>@~iGm|7{pfxW!0r+8a=eI8zD7pAEh$_^?%qW7G?MekqxXy5+
z@K-qlY~64g9q~&Jb6aY=`J`)e28^0aB(Eulp6UrbLmd?Fp6Zm&qbvWOTZk8WM?qSS
z=XS${hftntw}QXEO?&O(1TESsD*aQq;!I6y2yS|;Z1*J06RZ&%)W~+3gIoJrN=7)1
zsJbc`iz1tEaPxVA#~{j9nq#Eg5KWY(aw*dq{aNw-@(rdKE1V(w5J5*nC9Jgmftv7<
znq>WTk`z4Wv{id7E{vU3d&njZ+!6Nc#t=*NPf726-WHMkRd4ma<1R8i+v90QM(#F+
z%&r_7G(x>DuDcsEsx$^_N{jTNZZwxL!{@Tq3PZ$DGAqF$y~{;~;q*`xW}H~VV8g%i
zwGqT!x_&c=)#O_aco|Z#Tl&axAtw=&W;IxkIQ&&4x^it(RYn^PK{ttrSl{e#dk`r8
zztTWKVjuA=T2lq(WP_(QJ_nMh^eRK~6T^Z=U9w-QbW|1fJ>EY1Z_!$@2S-%e3*(Hb
z>pOW3blg~w#bI0oO@wimCF;p#G?SWz^q2n0E>rGkbjn5d7udzS8Yooj7p&3~KVj(D
zkk{oHU(hVJ<Y{tfNj4L<fxKjszz{@;_P`Jp%GrRiMhfD8GjdW0otQV%%waUy$3I6O
zIpa-Fo>7pl#wRYK`QTri>V!3hilC<Y2J}9icCOa-iatR!$E`oDIo6$}kuNp{?6BS2
zMy?}<h=Ef7P1XiJOfTEL$CsHmrZjYn8Xu83N>HHu5V7EiY>@bqL8*>iY>&^a-&*43
z4y()+YKfQOQTnNFD}(4e#2Rqf`l@_z#TsXHK6i8&mmNh+%qWw_9zWCgW__AqYNo=+
zS^U$QLj=rU5`pc04;sQiQGclo49gCjgTOQA8REYp8>19-3m@OeM*TOkq5gk}Y<&A0
zeG8}jJFxkWXWwjR2YWkbQ*|dphi_UWDbv5zr^=gl-_Qo{BB|>+4vv-<eTe|EK<1BZ
ziEbh!l;j_xFe34lJoeeDjpGe9+p?B^&>n&Z<OJVRb}&pA!CAo`0{e!%m~+`IEZlF$
z7iDumneDy)C_lZY54+=->7U!fWf9YObjYVS3z(Nn!)St+S16@he5hqp$;J2<e@qpV
zgVm5Gcv4`DN(g%_$UP9DWrT+^Hya^U<wD1xOX{EYItMFq;gmqb(hWhIxo2}Kevk~=
z(jUf3CHF|LRn6e}Sm!BxtKufsFR4X%^AJ1~@1XXi^G;o{qTKfWnp{^lpN9_t5^`Tz
zR>|73JquA=xn0t#<v72!M1J2Mk}y+qY!9olabIkRJrYjAe8qi^IXMt;;O~+|D-$CN
z5??@A^aVnU0tV56RTxSQ^Yl;BIOfg*;0DX84;fk%^M#kdccHFhZ`#;&sYx^at(QHW
zPS31A2p3KXt(lFBK!#ysm(~|aU@hISV1;_+r&WIAe)%AwxwfQ>^}R}Ga6haA4%YtC
zLFwB>=`-4yk{Z!vwRZLf!8?@Yo!yXa%^9n+?*m=tH~912#WlPOXb<s?kjfRLhoPuH
z__Y=3kSy%MC<=9MFG#4U;TLxx54ZbKq^?oC$~n7{>=$_0%$9A`y;zN@nJWlves}4b
zJ>_$Z2d-hJkF82uPkY?)&k?5rPa#nFjial<0|BZ2{~vMx7H{g>4ydYFpK@A_mYu(l
zEE2Rk&}D?CK(tB%mz7|_l#~($Y|$OF@D^(<8!zqZAL#XNxcDxrSY|m6L1*Jv60rLr
zvF`=N^Sm9!%)Os}#@fezt#9jOVoU;=na%ml`hDJge7)Frz5L!~pa)(HanGtpmSie^
z=ZHl`3H?|L7AK2--XAGn1IP>>`m!3T3`+86I!ZC-p#@QgGBFjCnRxH{@`O|qPBGD^
zX9kynpBEF_j=w1&#e1TXJ8XneyfYfW=uCwb2D6~#8s4O{Hjj`mu~ZhKCl{Mqyj<27
zXl|`d{bE#O#Qv$$`XsO2J;%6o<}tqzg(2zesx+P<WEVxpUXs4Wk#v}v=wgvmU7dmO
z>6m1WwN^gk)QX?F+N@F~;ZHmHtGY^aM}J(~dy+a!NtMa)d{RNxf3Ihy-OTOMWDS=F
zOH*`t`JO|amMv>>R3;?;4tseVDm0N^Mh@ez2wbfQ#Y3PWSyU$xh*@6hYPDWyQo&}w
z=J3W1bm-`(P$*0Da5E3TRyN+Dm=yjLG6fb*@$%NUq1Nz*>Cebbre-cHl&vLLKoTNu
zWvz1%9`?*h$9$f$Y*Nx%gEo7Qu^{|WdMRyN_A^s8ObAT{lSqWID#{o?W6JN&l6g&N
zWtX1IEgpll^ITn8-PDY&#*dUXrA4lee72+0>57-?th!c`_2ipxx4Xu4r2mJsZw#*N
z>zAHnl1%IqCllMYZQFKoV%xTD+nR}ObK;3@zIiXI?(_e0>#6%;pQ`<F*V%im{&lbJ
zw$@w1q1Dus1*SdhY<smh(jS)?8j(}(51fxzg~+pO9zv?XQjLF<vGDgXKMTo}woACT
zCo;~rMJIL0YWGE^l$k{^za|D3#2@}(=ITBCc8U0nk+V)EBp@3(C;1vD$83d_O>!@#
zm@3rVzF(z9xa9Bwv|T@6mheG0sUA}cW9iR~{MahjSw@TwEFwe~u@Uw~N<D5iV@I8k
zD44+s`J$hQBS(&kBVkWh!molAh|t~eg>rLhR{J_S7s_-=*gH5$H;o}GcB;Hr;~>P8
zE6RQw;g*sBN^sn)>7;8cU3ASqX?AP&gc(@kBkZARQEanxJ2aSfd$_$EQaiDvdpe#E
zPLEFUO1rKrv#>gBsT6=`z=3kukk!Vf!Xe&tW(;o*=13_FrerBr{XLs?_1)HpDhs1^
zhi)rHq<pY7!l3O1sLOEPNh!lUUlL<4B^xM9n}u3^Iq?`1G>wjH94BnMpQKAZTD!c}
zS-Z*JG2C&JQ$?P851^Ob`XsqkfW7JJhiLF=&ETT9YW{}o!CjkWlF&3_*{^S_zva*u
zvoszR!(wHwn7ehvjuXv^ytP4i-Gm?W)5V<FGZmTYC{$`>h-iyH^pz};`0?>G2&yxG
zm+iaEyCGC>i4kFi@uIHk29V8h1cp$VXALHdh`5QF5+rXITA;|hlh9|d#tNGfq}DMv
z;4Dk3qa9P{A24anb~D?OqV&=lKy^ladxf-G9bOsY?X_hM#B%}fK9h1v)W#l7)Z7Tg
z`<(;D#ACeleML$cgH3cuVfu?s0tNkvZ;v!C7SKCgZ-_=kCx#_u-W}G0w01W;&lsrE
z*mmkQn1G)R@d}OH8IgR3rP^3)GuaS$Y`G;CJ9C52(`_8Qmx9V6BHoN*Z>4d2f;9=U
zrmk6gsx^0yd;F5)^e$gmxw$xaMgO7=xA~y4tD^H4(04YB^;j3-iSbaFD;gq3UxzUu
zw;ar_FN8BdfL@Sl9F)Y?kRqrtcnw4QnqKfE1((tqaL}A6r7r?p8B{!DA$O+LUoCYe
zeb?NJApyAJ2u#4;d%7I?6UFpripZPQ9d@BS+Y;u$sCxo3H#F=wVV8Wv@M+S=GXy#j
z&3fSs(X`c~Wx0sw9<W9Jx;EAE%?y16^?ej*zhQ^2@UfKOmXAmD`XPuR>1~Icd2PZ?
zPqy#G!R_@jcuMOd%(5gYV;|E^yboA}+*%bn!+(7KW2O)eGPN`L5?GhNV2I-XX;b)$
zBDQr>bFlc5vi=K${O6AFC9i%R<iPNmTFuj<_z9mDR;Co<f~|OsEg(UhL9H<Z_C4Iy
zY~5hN$;NSw!u12ER>GK6_v!na!q8*WIB0{Lf%N?2>#h5G?ysKDZ*?&?C@5{|q2XE?
z)S2W)g9A1jvk5i@0TrYy-zy=OVA)~Q^U#@4v40MT?X>wfqEjtj;*hhYSSI#D2PgPs
zoxn2nw;2pPrJQzN!-Pcebd2OuBzuRP$<Cy}&ciLIc6Qq;Rk#)$#~05)YWA(8k1f9Z
zPK%D+2=lTlKhaP6PSPhYXT0dGSAi=h9AA{SDVoO_11WMU&RKutX3OMIp#Ef&zqYpB
z6kyAC6;5%y&}opj+pSxs@oea>X?HerDk2t?SpD}<A<=+fa|Ff5tnPSxYsUb2@_?cL
z&3^ACQ*D?AbI5i(aef2Fqk=@QbF|>EN9{2z3{#s~Z(mU`g*3K$tNl*|Snj4P$XFWg
zUZwBYXgLP+eP}sM6ER1|elgd22JG{HqY|qg%GRf%U!XA@fN@yleKp#CaaZY_dQo+s
zMc|+dJs34y2V9J@`DW@k3XX0myXFYqT{(ALK#wiXa+_m`P2gzF@~5KRUhb?2)C(Cn
zJCD<`aDfq7)(4$7p(g%0&oSmM)8ZOio#i=dSBFQ$gak5&RFfZdco6bmdUuF<?nsV?
z)H&`6BM@=o%}|nri=tQU-rc-uvxvh1wF<rX{M5(zb0g~HA?#-9YJ|erjb3zPY%+;-
z<dpcIu=Qa;EW%KV9I^OJav;pO7pMs@2TqANmEIuoLCUBD+;So%RUin5Epb!O_<+n!
zdRwKV&-Z`D)-qnO!HI}pX^e#5zVZEEUh4mPgVkZYv<{p<e`+ixADj*Vb7F9_5Djs-
zVs4!RvV+)LjJU3;S`xRvIU7F@sm76rB;0PxWTvDjYLXX|m^ATQu;!6O4Z_0_)j2~I
zYpJaqiLQ6g@pL$2Ypt%lsIPu*P>nlO1&LXGUOaODd7gUBlB<0?!KVABPLX?05ToWD
zw$qHm>RU3IYjxYf`e*)-uIX9IW^3l~Rrl?8=+E6+*tceM-@X1nyO&-g{qEm=FZ*G;
zP6qjoKKQVn$mo2|2CI1|hWJhap9Oz?3krP~XMb7TUh;N@f6`y&@+NJUMjX+AKhf!Y
z*x777?D$^&;(deVTRx^s+SYry@_kC)dWa#o$`>3!Ohrf@lMFTn65Gbyi5DAsD>cAf
zo7-XR-b=z?BIZsxIu0gvX;;Ntgh)Rc1QtBy?^`hiDpAasme{^6P&JO!Of2;~-fd_L
z9X`(x2e&ioMZi)#7-Uk@?=uQXdYLB%ceINmX<sA{a<=!yk?=YxX)2!d%VwDosl60Q
zr&uaoBtzejj&~_qj5z$PNu?B0#b}rd?QR&Os&o&OG!Lm#pj`4O)}+w+n|!~fS1c3F
z=)FbNth<_b8?C!qgxs!~IT^Bm*)SOAA%q2Mfr{!h6tFXJp-yiw=ra5^TLwT$quHqg
zR3bd@0jX%yHW_iE2at7Cxv`*zt5MZ^YdV%vLV7M<4u@KXdR`7YYHVp+E*^j0sRh67
z^j2Je#Um_1-<-J9?;w!5JPQ$};Qz`8T5V1(<@5|ayu^g0Jdg@3iBl8PgT~wUac1Ge
z`4jk7G2n#3B7(Ofyto^=a3hA_bTvUbw9T13|M+UsOTE;_iBjgM^su4VUH%yxB#OKw
zJ4ovZmQ%)e_>)x4v=n~r&EPYyz}zx=0HX3u!B>BzLh|W{Q16FZ@*MYeEZmWx3O*w@
z4pd{LhRVb0MSR)VL4=dA2NlOEt~9JODcy}VWJqAR%znQ0F|B_mFC#x%Nh?IZ>g$O8
zFTm;bV<>g9Ht{yX`OR<uryOkuijcr=nYZ2o$BSfwSj2|pHysoFx$LW9WS$R!ObqB*
z6WkIXr39;Eb8eivf^dD}38S8cAXK*>gwZ=7uVoB~<&R{bLILh37Hb!n5hCyui_K#t
z#EM~bD=fxT&1{IPSg@}``9uTgje;qBvbH?HNK!$Y3EE6c(TGK-Z$tMN2Tkh?Q1g8B
z`cfN`M^nj|h{mGF@VBrsr+G#h?jOJX<Mk&T@WC3#QcN3;s`P^rGE);aQsTW|tI}BF
z8hF&Y_?mNF7X0^mzyPF_<g$UsSWsjE{i<J??e%{8`EZVHl(vKLAyvXEt@EY*P`$L{
zu&S3&sQwOR9|BYcT!B=q`07r*;k2i}!vJ#3V0#LSbut#J^e*Ccdx2Wp0L(qH^PsBX
zMGbn|QztT3W<)0~=2C4g_8=4<G3A}(p=4S}gmB5I8AB6c`biMz#O7?BYRaj2eo2~9
zl?XEHue|JeF9IA~33-bYU-f#<gvNK%X_2p1#VvkfR47+b=AMCeob#4lpdnh4DQEm>
zgBS2GWcOr?tEb^B&0_}<QN3R?i}`S*grIIsnY0)5V_KVDW+yN)e7(6{CbMvDBY(1b
z%?mV_`P#rM$j~sxg0UF$PXUK?OUV1R`C^M(l58$=oxZ7*mYJBE+@F+=ke-^MrH-7G
zFZ*{>S_7PK)gzzjh>O6U9dQP<zGP(+R7=-SuXCb&d7S{zbF+OpqD_=0k`iS+HXxbq
z(%~Ly&hTaC6FIM`WTz9xoW&UYG2vIeN&&^DTLNU!@Bj)9l0zv)r*SL6a@t(w#wEjn
zCMADO;;9UGfG6y89EEqo@_-spo1V;ZL_X`|dXoaAKgow%e{T4PbiHw|{;07G90~Gl
zg(<5<s@zLGMPMJj&Wr8u7$fLIQfH~|hjZIwi;I=j`Q?rIc?&~ncepVhAzOM9;{KAL
zYhnax5;hD)TVg^5C3tb^@E9whTb(!%Zy_mHGaUq}Fj~#HsI({6NpW~+A=zO&_T92D
z1Z;<aB<urH(ebDu-h2zqQK5im^w=pSd2NgonRX3Zh67bG=hoR}v<!#NF`K0}Bz8q?
z1V2*`ZN>xm=Q@I)3<qUi3rVrZ99$TT$LS8GURl?9#hrx??=Q`2DmAF6reWGBE%)I-
z&m0{3Vax@tMPkxHA*GAH?^RU^mX+&so69SUivlv<ir(+CaF~ilW19_X@_#Q8VAWqC
zLIYmyAmKuZX1~|F8SZcA_lwz9tt(Ck)RwoKtUoNZJj6`l>TL3Gxt{lwxK2kTSE|-(
zXm#7Zs{qESWS)~Y3RltqlWXszGw3)gBU+Zu@AEj?He+VWIgexB0hPRU!F7UZ6+Suo
zIaO=OnCyLNsR7iT<i>JmVLDL7lIhNuTxazLk|=Lj$1F-vxh1E{2O=`MM>QF?%*_MM
z`T%8}h_Ez3YolCNI|s)ukaUohGU5iY>N8IuH$NR@{AYw-oCep+<2>^DL<aT&;C`<*
zFkz{j^Em69K9-KX#JAD}>4PxWYV=_!gYF|4;UN<>pJSm!nB9g)C!xpy5AuZ=BoihL
zM452Kn3hq~S&|lw1<^%jbqJZ7iZ&!j5$0{VSdISpK-CQVLu34TQp>?tg^MZSIFb@q
zdX*eA>a?eC=^8EugJ#S7Q94yV+?ErX5P;-Gx$0!a;-)oy#+`cQ9KwcCiukMcz+(=(
z*+B$$d~OCI%yeaGz1;#RZ0eqc9wArDhLeK(9TM6!RspqAJzVxwy9Z$@x8Ix_y@b6w
zO9hNm;jwqaiKJYmRmCJms~XQaC-cT0YFmtz#$KN5o(&JMcq!p68Ys{?Zt0LqJwM`2
zJZ7}@9;~`b{*YXi-KTWHKuPcQ+T$}9@O`(Y?QCl9iL_X=Gfb8xPAGefU18ZM`f(}@
zTYy{EO#D-9&;)ZrU(g%A%!qOR==V-|fghm%2`(K^-jVT=y(L36y$Ff(pq|BMgJI~8
zha(wXQE=t`<#~4QXvNq#qi*iATEMXd1JU#M7+-sOQ@9tDr6&ZQ1<Sc>Zq1TK5*&o8
zU+VJ3Rvv<?Zt}RxO!^A7Db;CF8TCflo=Apa{lQ?O`UQw=yQGk|5N)gj&omadr`t=d
zc*C~dplk2vE|+tmd7HQ3=8s~Dj=TY9In#ulf0<@4E?XYW5ZQjFS@TV5(0KCB#3}JY
z?ELi@f_R5rw-_<R-U|l0Nt|_OrNh%-^qbkVy()#hKo)vRji2+aIwEVlZM-!+yFX!)
z?a-tqc8z-@_k>46yMfz7rtZ+A?Lm%_$A^!nkkX-e!6RIO(V?)(wY9nUK3@{NQjaxJ
zjo=19<Ci#|H4hKR`C_?ugU`zvykOi+A1!Jelrj{$!h%bJgG`g|n8g^PP3H`qZ3S?E
zI}X!dN^=w|xFO%RUviAc%oik*A3FKdUQ^)>nhY}(s@Rod4E9AZP;>72L?l6!Wfqc4
z+^7jD1aMO3o2Km0Ru%EG%G=}aA80zD<LkX%yGOjha6cl-;Suelx8K&$gmSdV-a=l3
zYY{$@k=*3jz`@SH#YB&X$j5vQ^J9+cQ&a4beZ-p(t8H1`cBqjOoi#DL&^kDS30~7m
ziRtyVT7k_Js<eT<55Sh;(FMD`FO^m035%d7#*#amu$41<;{|r#C*GQKU)8Z>zk_nB
z2)55Cmn*%m<P;tr_Z@AJkiuGT_wgVJuqB?U@}wwcH3q!ac)~GBjyav;iJ*$@-+YPk
zo+fl)NdNVBwTJ&>N}pAC|AP(c`iFV|pQJ+509sSOp2Zmd&(R}QS|1bij>T5-H!7!e
zJ2QK#-a<F(aB~zn3Za}EXwDfhwA}6&%7$yrj5KZv2KTe0JYg>qCfe!XHeIrsOC7M~
zS>l>urM8oVHit1PS%YI@SC^S?fy18M5L&We+E9>jfkze1_`sTEL52FV5(mnZ=z=#v
zufOgWVyr#E@W#-&u`X_jH2gn(LWxMupw^0Q^fXcvX-<^!NDiM73a*(cJr<LP>!Mn8
zN7d`Pq91e@J4f$H_Gz^2|B$Pm@qSEYYHLaSC<mf<OfMLpR?)x0LTNeoU8gV78B7L_
zxRP4w3EsQ4X{5rk&5c<twQ?X?)_iwOp2`u5hN&K|XK7#RpvJ6OB4zj$#xm{SUj5F@
z8rKt@tdabzQn<n#Q7Klh5$a5Ad`sTaq>|Nd{i=HZaAs0Elc%O;Kl6ms(lMj!E?cOn
zTU&FqWWju&a{ATSUISDkwWD_83r(T6G%}KTu&_R*nZWCRU`iYgUM)1Qy+&m$*_WwW
zCyI@MK32hHy1F4sJA^IXrBbhOC0ngi6Pwkj3ml;0fk%)`wsp?V%Ln8~AmtBSSe+l$
zDR`!nL>8lxxcq{ycKHQmBLU+MdSLA<%JT`zbS;G{!I~2GLuI$$a#W-lL!C}{Y$23$
z3Y!>#M$yl2LQwgTfHat$_!d}+y2GpCXVicgJ4(n+6?xr}v;(IRkt+_^N=bfduR@Nk
zA^~S9%2$vqRvk0`uEsWowL0)wX~OiGStP4z5_y&Yu}U@RAg{SkV9`qRga_e&-?Uqb
zA+S-@ma+40)wE4WZHD8Wp-p3m%-x$5A8ZEX$jMhRi-*s}b!;$+=6TVH$xx@|9(Oy6
zpS+8l4ix3L{laK5$bSgRf2W-z+1=JCxy7iPUO(7vH<f6+Gt)47LaOwwoX!1I#Qg)L
zA!Vg|+*16*Q4+FH-Q)O-;UQZFocDKmU{pA>EabVct;HE+VX-YAC2f19KD011TQZ_|
z*52cYp@Le_GD2k}nWSQde#q);j**d}YLk70JD1&i*%EBcSPZpnh%L+;vR8$!X;h=s
z>)ZNKpMN8Ah8z5AEzM@dG<96p#uk_{ImtQ%S3@|t)*#nZzKM2MS;$O{Ewnw61RlZL
zhjqq^#(I0DBf5s%$u}*3fT06Bh-$zFyBePE0CzartWLa~uUs?CxGJ@GI*bODrvXu?
z^I#APYnTd~FBi}zV9PHYrf1kDQ_v;^zm3NcHa$wfO&xme%n@)oBIBlFJ7nbmGc|7W
z6u*(fm}9E=2nskQa5i;l3LHI!6@wu9MfwMw!vllr3VCuQPas<#`c-I7cWmZKrlf&-
zi7?jjo?0e90#mGV$ogg@ci<80#>UZ+;p}kz@UQ^P$Io$8|5a6V50l7+tf=)GBABY+
zq;V>rzc5C}G1`zHhM^`WEelnr(V*>6KgP;dQ;}M7F~fEDz<9EbGF_)T;sUj*lvEAA
zCZXwe3#KBL`!Jp>-3OQOQsyvw@!)S<_Pw%uZ;t}(gRQ-{hM5L-WF(%5L9aYVWau{e
z1J}5ij>B8_&rUL08WPF2l-~1-py6g@@EVo0g9_1jE8LWhrNV%{<eD|*n+&0ng?5(e
zYFX9Cd3D9EK9-)fyWv}6_vwC{<)Q41@*^Ny(_EAqASh`hdO~gS!KrOUMhwzUlmF%B
zJXw4#B9&@Z1~3?P`y*{dSJ4luH<c;r_hJ~18p>gNM*YBIfWtCtm7~otgc{X}wvD+<
zvr%Vdf61?`J8FaE4>A{fLKBG>#~I;Qj|``2Lz`FJOfK|~g`U5iRj2;XL44x190S;y
zD?fLpVAqy(MxK5DmG2<b@OpOr(h}Rhh&=Islkbpqwzd{<a&oXRbapZkaWgWp|Nljz
z|4DolD~?NkXF%n#u&Q+ST6{Fhr>c$+XpNB1B{u@c?M$9vj-r@PPbk{8Ygg2M0`W<5
zQv!fRVl%~gUZiI_IwW>=|LOu=8JfeVG?6x}hysyLrB~{s76Qr@k6kcT)jZPx>D&nC
z()6^d=iDB@ntbU|;TubgF>X~TPd8o2o$>pE(jsz22rVG1wLe7A&axR{#e7PPXgLWx
z5;r2)74mn6BAO_i=8?F^*3PMm^GIr46N^ko8P7D`-w;P*R5Uuq<4PsX?yQXNq}0dd
zd!{-#6UfHg=^mC>9V#VA%CfhX?7Ti((7@Epez5fdp&aoJ>$mg6L_z{TFVhVM+j;DX
z?!5_V?9$=+*s}Qt_$;6FL^U&X<wEqliB6bO9t5$73{P&~E;~D6wHO<`(=2~EW?c}e
z+USFWd$8HkzeJGFa*JzZKXHrLb@#Ed<-~gme#GD4gqYJRImOyxa0U4vOlyvH=cI%p
zMI|H%83j264SQCS@&1FMl{>jxfc^S&=fAH1tw->mr#|GI%uO6zE&iviF0TH|TYxH3
zJKvO_FTcjePwhuZ$O;C4K~@42Qixy48jy@a=5oM!qCg`hhT!#!732<u1z@|isa?L{
z{vz}Jj}EOt?tyRf-#kG~VGE0u=X4oi;bWIzKa!`w`k7NCH=0xkCvfE?B@gRm-P;dE
zJ30`&wMIgAxR*#{-6rP+g;V|(OJ|hTYnyBs(}pSPd~M^HNSkYdX=bZ4M9<*;?2D9%
zs+NoASHBT!oU9aqG@D_ormv$!zPl(-7>rr(uB7L$=yyGc5oIb`%WLXq{e_o~!`~e<
z<6_DpMlheRp5V@!JK@E}blm)C=0@ed4?&K4Tf2q_qVt?R)BPG5ggCw@?w3_N|0ij<
z9;qHF@YRu#0`u?Nz2uz#TaEwE4<}pI!u3l9^|57?STo2gM$B766CPlt0n?yFtu_Rw
zK#gdM1`Uu-AjnQI-8BYvMz??6{qcTy0n&_j(3S@l<Dsk_A@)u<{3}oI{m1UDtfeOY
zu7ktj7T4ouj%)VY)o`iaw>GHh6Z0Wf++{;gnp7VRml20nYOY{T{89mpkRUpwULK^4
zN+SrDWBNL+VZ4n}Bf5v<wx6#=^v=xq<wU_v@KSAx?Dz$kJ6I`$HG`1w&;;1M=3pGb
zGXzXpO{iEeq7y=<+*XH-*B|>~$u~<>VDn4<QWD>Dto||*FKPxSrMF(-PEwX_LbGs;
zOa9p@`l$^0$MCOpZRT#Z4HS6wu*5vSPHuK%3%Xch3YR%)V~+%xi785n)%fdv@gdwg
zcyP0KOlEkdI}?lbAP-Ywb7HVtFO#Fiyv(==_d!$)Cx>kf;F8Yc`=Hkr5WI<W2|!qr
z+&lrQa$;fjn@PuRX5uN$0|2^|CfIbAdOqO!$`(^x)n&%TK{-Q32d0?l!g@GoqEIT{
zZKdg5U+>oIfM7yH$E!Fp?3#vIIXvpVl-BC=m>i!(AEYxbtyLrFJ$NSjDY~0Q%{b-H
z!!sc^Msa8^dM`;`CTAe(BiY&4=Sxq=o=Bu@ub$ryeVHQofw%nN)#)61&@?-3ye4;W
zU+wAPQA<hEBRn=LH!m51U_h0LHy8PR*MQyXfN_gHn?ig8a~7oZsHEyEuc*zIQfquL
z&L6vOfj^Ww(mvZCjheX*V;NhWaGa5VeFVD=unD1R6y29anXY7B9?{vSzYWr6SdHj!
zmIuieAOrzF&TG0Yz+FUtI=6xGbsAszs?2}*$_-3z#Ao0)?h%7M>M-mbAzp7HL{8tl
zpr>g5?I)n7FIugDj7teCwZ#xzmEDZkedn(hrHMtdlMG7MzEO)6cj-nCw4>H~1&edl
z{n)w%TVQ{Uqx#wcT>#1F5cLm{p_>mzE#G#Ra^NzaNwIEonTF!R9Nl@VJ@WG(^k&lN
zA*^J{i)2%~4ro5Bg-d^E-(BRSgO7u<GGq*c>>UoC{*umKXBl|j>Sh^Dw?W@>KZ0q~
zbsFmZ>LeRek@R%Jnm$>oOHFXm8R}&h`&d3)$Oan!Q})HoXM))$qt+*~mY83Sz_uSn
zu5Ds@Mcr*%BdzxvfXB5JOmbfTSg$43nnuL^j(BL+d<fV4Xgkq#OopacFI<3#)+kw%
zIdzFkuIQKDEX@TgA46`3q8QE?#T3`Ote<sa@WCRYFfk&z$qf(`ZwcwDc<>DgUR9v1
z4hQHESpc&SV=wm<XL!PFX_(8O`CHqz*-P-o1I^=#7@_xeX3*b$#5a?_pSdP)dhro6
zO6Qzp!kRBoLk~G}%FpibuN#BSSWkdLVs}&v3RC-q2;}QX`hc~M6FPy+1#CP5O1Vt9
z!p6jGOL(9K6EqHK&gCNa$x-ne^oJ7SCvxIP^&Lu;SFM@~x3}}$JX{c#57f>}-IF|%
z|6oJ1JexoGd{=xX^2sp@CY>YY_76uu_KbzK%3wO$5)wN!ky}vG@N5tn<OL*0j04`!
zN<Up5xVsQ4{^hYV+CWwJt?(&yLz0QDtvh57&Z+zzk&T6G09HrS>irY<0>E+sOGqF`
zDy^}S3C9iBdE5;NE|uQ(ZMSw$ocffUK(nt4XiYO-+t%?`H6+j6bw+&{tM_Jub1Tvz
zWwjuwjxSXxUjj|r3k|Mo3av-*uq+?De0+d?*0l%w0aZ1aS+(3c6WyBL=bF~wTL1l0
z;er_DlNaR`gpc;;E`e8&7%&3(f-#K}DNHrJGG%1u((sMh(mKDzxoJU`N@oG9B!wh#
zp}Q!x{Ku+@$q7SCKMghiaV`3OKjahHvCl!S?VdKI{2|B2lr|WZd)&s&D~ksAuSB66
zdek#`7fXfeWA+Xs1si8Ga;%EWFQ>Co8!49ND!>+2F0YuQ0(W>K2IKLNIdNuoM44HH
z#m4tBF$3$@lQYu+++3#DjWT&BBzhbum)JMGM(mzmP_OZrrx*ctxz=B17H{IqK7<>N
zuz#m<u+dizem(81NykM#btW1>DsfIpG>6X!Ii1r=N??SHG*2P)BP!KzA@s*xdinhV
zvEJFdqbJuy^z!!oM`__3gzi)B7p`0Qy8gE`%YQ-uc>@Ono39@eTc`irn@pnX;rr-e
zg{O;~{4kzi^a%_N_00r9%aJ?Rh4WQ1^O&!IuwLJO28*ln_w_&D8UNwYd;H<YGQ@F%
zL)4d4%-ygj>wW-vJJ_>>9hnl17VO$QyYAb-jYJyU-645?qKagi8-_pjq{2;RT{Ry-
zr=6XARkhx6CUUtd?!pMFuv*hdN?kfI?Fsq%fIB9t!b^mRJdmG6&yR&0B7kCS_pitn
z5ub!g<V%_+gZ%bQ>fc1R|MBGieMs&<ZvM5pO6AmUT^aRrb0Au2`7Yii))tP+$jK&w
zChD)cUfo;_e*=6&vlIP_%~^*nE*JY0tBkl`3j%lWQ&60K2C0C-u7Z9MW%9NbAAS=b
z6#Md2MhzS?KI*|!m&4TM+eQ17o$uQlj2}@QU?b81lL%T6!&VfhP>`EqK#4JiDvn_z
zfPou#uq_G-oW|c<aEJ+7^E(kylUbpgEO(>ezVPlSIqBeSQo!G9K~#5xEVSJyL=Mb(
zMqOj`26qKIrY1A=C-9sax02+k3=_LJ0tbIB08%3J@Dk>V#tmG0%W*V)(Cd#9a>he*
zREzP97M}*iti{cFuO&h`>QmG<mO&k*6_(Qd$xLNgo<SYm31B96hm`48O1JC8?m>gO
z3*l*-Xhy1=fv%kAM%~1!L&q6VYp;eB=Qu!#nv<1Bo98@rOihwx_#WQ6M(RnW#-c~+
zQ8+j7y*CW4HQH&*QDz-u<Kns$IV%jaMI@Xq7ZocVJERhOWBwfttgBYw-CvX>P2vx1
zpu;Q>ebjlV8N<bHoLe_N6Xwt@TDF%7muq-a#IT3(Ce!A9H+xEQtGo@|yAPGv)w*QA
zj=W;`8=n5rn%D1#f|_t6)p~?($_o@jz6-Mzwb1x_YOI+tPv-rn;s9M_4C9G1_Q+I>
z-*t@)rU1G<oc@|~h50$*CqP%lE;su%J#~@>0Nh*<#cHY45dN<*2IV0^8x{bCx=cNY
zq;Q1(<Cit$xfkyC{#k(T6^7<z5BL{~L+X#2G{fG9ho5nd8#^@F`~~ZjV<7Y>Y-y_R
z$+(H5OL@$?$hlCa8aV&hj<u2S+3Kk>9qS>xT|jhc*XCFLrSY`*B1yHv*?rLVTsXza
zXwB2fOd$c7T}@$>GB1<|n#Ma$!-0&S6|b|O9xF`?K#yKf1CQ>xlteV-$O}G;<#$LF
z*FfW+8cIEIcciMnk*y#ntMK1YiaOSk@R6RkYVG5UVUb72iU06pZw=se1^e8T3E;xw
zg9GK@ckHW&hwsMec|uWI5ud?mtm4X@?w0pC755VoD$U^yIGbbO88a3A+k;pQ29thQ
zeP4+sA8kF3-NgmHqUF5Ci+<yM=KCG^gedeh@?!y;xf%pnGh=sRIVKK`@ST7g$Ilps
zSsrE3)(#{+&isX?DK7u8j|d3j26&|3;HPa4QN4l5QuG3x6MRL4MykwG#M!x3990+&
zJH3}CxO|tSY*BKn4OyMb)hn%7afW*~el-VlitXl~u4q+e7g^TZBA4gQHT+J{?#(e$
zY(-6-TAmYDMm@XBJkP#JsW{S*rM0VL^@mT$MYhUCvRa-Ao}LY)iyJ^Ty&~y$?g<cb
z0sph@>=jA%6vM7N<oxEB`Gj=Z7W}7vmx(I?l7Tl`?1~)dm6+xW8;jzr7T2rrM~vI{
z$_HESsq0a`*eD6TU^*|>Dy-u>^x$q&7!>m-_`j}JZTBtjl3%M8;a5-5zdNe^&(-R`
zhloujY!%c`ofYH6Nkx2csx<@!XbC@Ct69Nv707%=p)leZL91gK2dKzV+YKFzH<YaF
zQS{RHA1}L+Oeu=l3b|uZzDaxSFksLWig*sZ7deg>&ppq7|NQv`vxiFwam0Y$!}Tga
zdQw(oBgRl=Ae6JMz<}FH37NLn5`xSPy$TLth?2@L3V|vj=Au~T!s;1N26Mem4q+}K
zf+Q?76cte&T!!^X;p*a?q|rr#uUAST$ubV^tg**LjZ^~{V(uPWZdce*T^(_cu}Buf
z1U>C)5d9h0N4Z8qxI)O#Dm{K@%fvjqds~!y_p7NyM#^}p0(@uRJ%3lLDYA=k8dvG2
zGc=;raITnbzD0@EEgD@dXy@8tkh(486j(Wsoxn{W;nHlW6@+8(^znDel4bpRgi2&<
z8j*69qB7~P$)7}ufPIp7@m$)MUTcgR`z5MACe_UhW=dA>!2MC-x*=SH`2CS}u7rD)
z(Xf;?@`wzxwUkQ36ai;p5&P7F1&4<WCDg<c*!K6lSG6J|PG0`jn8>!GLODfrd)?tz
z_G$aQq>G~wg6SD==8I0-Xv3P$v6*<>Ox#S}jP&upC8UZ{1I3K)07uS4pj?MbE(j%>
z6ZNitOz4y7AQ7&VTUDTxJimg7MCk8^h=v#dx2nO3`d}+3Wf>!EZc7KOw_Vjno6buP
zVYyU^tf$2E>8*Xe!4y1kmE&rYq>-vZTh93gQ#ZiZ1;f;ExOLS({Dwtz?{hh22uQ%u
zci%b2V){sa($sKO5`3Bf2-#YhC5U0mIGqv=U>>&#l{+}{Z5^VzAjnSdt04C%1Zw_>
z2VEqw(8}SH>$Zajdg;YzA8~}^2&L_=I~Efy(PIQdp0tZcFL-yu&2=vPjy>!7R<6UY
z>UTCfnRJ9D!&cnF<<jQXj@w1%u&_%2a+6C<s#f+Gkz=puQ21h?<DJQyb2|ZTVq(jh
zy{0qT4`=D#$2#L)zCRsswU2+7Ju%lcClfox;W3<%KT<7{M5vY)Yf=83Hi|2DCA3RA
zBaCWKdJRgQ&n<?6H2G^z0)>|lgT#Htsze{vAgT~t;%+9qr!aW@=-%Y@1WoJ>+fSUZ
z7cDnX8scHnBFJB&&lNr`{4B#Dj6fFII0P;({aZGVOqPf}jAe%}wv8`-6C#|QfT#b6
zUicqGw_w%qf)`TF9Q+lux8hGbu+n4cQCQnOMkF)ce31f~CR-w$MW$);6<i+_8%)B?
z9DLa_Z<N_ob}70%M*L_O3az6rkCl`YYvA46tw3&J<%xn!LAHL#2h4=Lu!a*sEXYLf
zZ*N!wf5irIUo^b90il;0@e3>JLP!LXH~xiK@;$ROAJGtUON4B3`B~$W+>1lfpxhZb
zRZIzLBSf{M3na~#hPFwkFTJXE?ozWGbs1{>3n11W%OX)L)*+x0$k!eW^LE8NdTE5X
zmX~%Q{?Bamq_5tkk7F;7fv;6+@5=@+@NZ%&MH6ES2NR=zWjm@>wOkjJQ9l?bnX{Rj
zwKbb4*+k4s`S}t39c(D%(^BRvBCD5~n1(Iz69<TuBF53*F+V``+<-JN<W}X=yibYR
zK4h44>(oUjLJz!-4b!d<A5*R_hq1qWo&molxS1LJ6j1E+tN0yd(t##5RF3@vGSX?}
z+bRADH-(lSis=+6uJqN17a3^+tG}zlIVN0<eq2!8#`}YRk0gD$st@<^GTc`Bo{RaU
zEhNU|#BxTti9X)v60Fub4m@(ZM}iYwd^BuFW-`|Z!n#pdL@0u=5fn1R7n}`aR-d<|
zr{GpdjjAW*mJ2be2_qbBWs~$#Zxz9>keZ7T*>t9i#~tje46iF8J*)U*{)DGPehyZ#
z0Sn3(g-|_g!kCSYGaXLHklLH?4)>C#XGGaeGMuP1DJl}uSg<Rp60Qfh=z_$(?_?<-
zmV$3=Z>zR8HJ*erVX-9{z;Q|jRSGxeu7y1QxgnV;SrZ9zkVGZ5U@1YusCtKE(OAF}
zash<n&_lCL+^Tv$P!GDUDkDR^f}FTcu7EWhekA;|OD|{eT`VT}Woa9@P}J?MqqsK6
z4;qsfmW*>oMTG5VaemOsf)DJ7S_DwJ5civ?4LvC0{CJSbaNuN^k5GPrET#(9G){Rp
zRZm{V6><4Px*J2q4|BOw7hE`Y*1wLnrFe)Budx#Q9RfpMV6hJ>i&=jD3o{)J_31W8
z52Qkzprvf9x5fT|(1w9?!-D^%Sr6d_1Jcugxa%JbIm~iq+g}qBhz)Wn=I>1f?MAK<
z6^tPxGTaan|CuKiVR5Rf-4A0G`_e47!4&yszivGz9!vGuTy3V)OV;w82c1jO=Kjp1
zsas&-Vb$034Xfk31N}pR<2juTjlKtsA0=;NHK-ul`pACq_2$7H#HMF)<U7JBZ1ZVf
zcY!W~iOzsS$D#v5D^d04TsPfjjPl|#vFtHCyv>;1X)<3cZUZS+L|IfV9$AMbfzc#;
zan<=Mo#hHeH)ZB4O#Ad?(uye2@uKd8yg+>}t$r(}wU)>A!C!_>)E9)sR{w5Qz7e~l
zZ_Hic+)j&WPdrO1fAglxZIj(v$_E<FW?dO_aHAg}eWPcr?t*uf%)K1=Nb>`mYV!jh
z2tnw8vnH_DsmTz9VLQYZ<`7Pqz!M$c`ZAiD0waKjf|f{6S#5zMoD+J#pF$dj5M9l6
zCvOjY+b{5{9gLV(KRTdEOiv@b^a=|xQ#wuk%_x|G9M+<sJdw(;im9o(nwC1~!5uSt
zR^pUCnZ~)!(`{%>ZGYwxd+R%zHe^giob<umxSzZ)U^<!CXl=F(y<Bmkrf#HLa#ssS
zsA3#3a(mxj?$kLGTzLlnl2daBOOW2iviYmcM4xazcxY~$Ap`1MZ#XgqK1SQSDC0*@
zygHuMr)QYT6U;7ZlNSb1?ml90m5R*%J|6M1zA?ER$SeA|!t>=_c75Qy!+d{1Im4XE
z-M#<Qf#;a2#4eYA*W5tG$oKo;Pb<VCro1!3Z3M=B98izRA=tqqh{7w;*f+ynrvz*2
zx;h6(P;>Yj6^4ZPnm<)rT%1!_LZ`TllXcmR18Kh!4bNXTOAeAVE!rnrT!UxnVKrn=
zz$IxtmfSh(mcY(G#?D5M0!Pg+rzO=FAI$Y{FOfEOF8?F>OKH|&T^N;Tojs+HJceqG
zA4UceJb{u~(q9puL|?m<ouwS5)SX<(6x9>B5Kluen(hU|_Zx<8V!Q9^_m3+D*uP^n
zdkOGN^cmf*mlvCk(>a|lx3zyhzuCihlG5(HgYu^JQa#oAt?%+tZpS>u!aNDTm6A@D
zOk6}fOHZWWylI>2rIGJRF#u2=<yq=%wtM=l+h@zZT2KPl`gOoNKNh&IH-4WwZ<u1e
zc2AY`X_K6hlrKvmbm!FqqD-4tC+4ExPqqpzZ}|z9$^X<+N|RO78%9)6pf<WQ&Cz^v
z>9w{$sT-UOL;`MH-*a+p8MM2BBmK#BlR~%7ze-(SH;Hh6x{3LtaT<)nz;~~tx;3Rq
z#l8#g$nr#S)u6jq8=aTvl3m3jtC_cSx6#1ZQk}W<<LOjwdT+wXh2cMrN&pjLo%6bb
z!h&7Y&zsxRkqDg|J=W$FPHwj#dI<jr-`)`WxZij2I|PEFWb{{NPS*Wwy=$S<j@;`w
zb(reQR4+NyMFsa6PXtAyHS#w`&L-A)(nK42dF_!^gi#}&5YZLWYKs7ep;B+DBW_&2
z4hgnWZ>poTVmZTb)6b7_X3)c4X}&^)3ts<}q6j|idtQ)n@<KjZ@XioUsFqVoU7z$p
z4Q6oG=FV+S6gC2P*D;u8OS&oQQ+)UG*`xM<Z-1zT@*)F@)@Lbx7Wzo0qwCJ4WZaqT
z{n~g_IQe01Vzx1s>e3lv@*$i0q=!{k>@M$?JPYpA;$(;O7eg;S>^7=ab^sjyfj+Y_
zI^E3Z_;zAPD&IR&A@VfBXZ0B{R!;{@f3VUHQi99H=eM&G3}V`5_K_u^U8+OOktYbv
zW?+a*(gwDrU+)Q4vuksqDJ0(&=-TK=wHL5n7(gNhM}JzEbRZ2!?;2u<g6RdEUm^JT
zK5^TdZIB|GCW&_l>6obd5M+KW(jX!|%L>^pCi6h%XF9~swoR|)mqV}hpqiye|M;DD
zZqjjrSLj%5Wts^76q7dPhVMP_)`;>JZv7$1q$iuanUS)2D1L9u6NjyQBko;wNtbm<
zqma;SVbZ!;2sehQD%fBNQp!|HqaSeZ8`I3xN6BgRs~642k<Oeei6{?MXCj}?Ukhgs
z?b$x04STg+%l98=zWK5i^=H23t~1nsU%pW?`By-bt>*6a73%Y0YszSs#w{3TAfXPn
zks$5l*Aih3ZA_jokvIAcZlQ!OF_oS^ovkZ<U<QqCp(B5hl0`kWLqy>e0)^0|kyW{>
zlcvR`RkJEdRjc0jj_my+bJRGYOZbTH*M{ex_CFktS&q{jj}!URIqNX`5WM&L@CA4i
zLm@~w(i{W(h^a!AIBUfFitUz<`b0ekL#;ed@T?SV(!B?^+B?0;ZDWDj)+u?FJZ%um
z9#=Zre|zuS1bnv0Lo@g5L<DVB?IW{(r3MmiP=>B^vt$2x+;-WB53GLj|KVC7l+z$n
zbK$TTdK1?P*x2jsZj(ECC2H@`>-`RmclSFobi+-3Dih!&X@aMC6&4^y68>N_Y;^N9
zd~gzu^M)bkafO=mu#L%GsUI4U4Z3Qh*`|U%Qmb9sY|&GPX7NB{rC$1D&k@X_dUCA{
z50)kPP86hG^EY65!jy-0J0?R^nQagI)p2=fQobmCBZhTyAEX{%!MHk)+bWx2nuQG&
zYVa?LmUe^U@AeUMVkc!2@&dKi7Um;Uek(|=HB14TE=4Ax8!i#2q2&-m&_+tQ#??}h
z=55VQ^yQ5H{E##{v}MBRj8$@|p1j#PLt*yxj#|~&<rdMx5Q=lhv3YP*C4^JWD8kL?
z5WYE#nGBlfvik7_qiO@ghBZwvXd0$<Z;zGbN~vVDVgzz3DLZtG^&eMiFYAF{(LRiX
z8-RV<G5dsaw%}tUy<|K+D`rXlFv0?-(IgfL^}w1h(&~T$J@vFc4>Mv2&V3<F-HN{K
zG<q&@o-s%@sNbUzP51YtI`!=x6QhW#@NNmx9`4Ab^g=u9i;D2tkvkNmdTUPjV-cSl
zj8TASQFI0btZ!#hH5&x$nANX5H+y{(d9>hWb!*vhovU&WK7qm?K!rf(`XfUc@mhKa
zvQn>~^OG%gc#pv8R_1QGJ8?xc;lju$ac#T5$tf#Lh{*6HHnIYvnL;KLcM2#>HR(<s
zncF>q+6+8BibEf1yS?rNdmA$RHjFgf&7zf<3+SQ7!m%fjQ@6y05p+i35tba(eS!c-
z2Dw2m?IOc^oUt9Xdg%+&nPUCa2wQHlZ{VFOZ^E?0W?<Ax?Q&W#<4Z4h*^Fsc@BS~r
zFk`1y=rmdvwRDeP0{p_$IN(g79{sh*!2s|I<nO(u^oc-6eUlbJfTw(Fk3a{C4@x}+
zN2Fdy;DmK!-0ri8r#1}<8T?EX8w9mjsdSSWJarQq%yg6LrBiu>4h3{o?=F8O|F|l@
zp-q=R;ri6>B0LrH`zzOYXz-N!{VM4h`>EbgrG0Ww=HKN%TeLk*xizS#Y;G?9l@wI^
zty3D1W_b!w4Pq8udtXih1uRmbE2}0g)79pOT7o)D|CyE=UO?(6E%bXtRaEFj0{q;z
zqvRb>0Qe3wfPczg%Xt-T8v#BA0|R_3pTLH}r#?R|i+^(jz6-J^_P5TMZ-{>u#dE+B
ztEZ#vEU&Ukr1YlsF<4A-W8zr-q>(d4uFY#3xY!)U7EhE5#xw+ffHUJk>6aW#t1WRI
zyxRw=bn#jWYMsrk$_8eUUmtTic0|LZJc5MfGE@5%%j>$Dyf|6|B@Vgf$;f=^lY<*q
zD?~AClYa+ELj~qE0EMh)>(q0p{Yh9q%5W;SCnzvIBGDAD0@y{En}#Ub-N;AZx5A(`
zq{PxaB4<m?=wq7=TJma$oqmgy1g-W6#F$g@uv<N`S+j%Ka{lqC29rHSukMyxVP7}Y
z7uQR4CO8JflN$Mny>w?tZ0Qn<<d_PTsFB;+vk7#U08+ht#u+TsziE+6)-GutX{Gk$
ztH2CHaQk%g8h)lp9Z@o&E+=*)=*|1YU@l-za+a&tP4-_4h0B-@I!qRg0bSD1=nYkQ
zG>jZYY7nU|Ju+PKqeZM_84-ufZXlL2hKd<Ot8Ddm?Y*TG=N-BwjIc9GWGL_o+>fmU
ziM4DTm~@~a8t=u#c}7jw!Jw2;5vIK;-;*XC83)S2mz3D@Mhze5Y9ZE`4Mc=48#ch;
zvcY-vi9N@UOK&J^^#3MEpDDwbtski9Q~K6U`dbfWHQ4QqQE0JQ^|0ShZiPCgSYK47
z!)3G3wb(-kS%2eDy|RKgdvL)}SOf3<tSY5BQjBT0x34PtP1&|e>l3VJi7aiI99$_2
zqbZxUK}AUesC4bCN12*a{GqnWwL|HA5j01}k*l5ufwxfb4FuItB;>9j$%!CS9-C#;
z#d1ku-?E~8NK{7PphuD!oFgWoBCa{l=|>jNNW78>nW_EMg`bwaH`+3h2fd;!lpDOE
zun+ubd-)~Uf+Q_2&&uh!|1pnWJZ_sG>YzK_jSEpLt?vTuzO%s{FY+x4JB@!pMFZY`
zvIOg;Pn5L&M1?G{a?tT7=|gCAlfIzg{#OWDJXF*<YO4Lg$?vqS?ERs(A{R6g|7(eM
z!=X3_u3%L86(Vg1PQL<p=|{W)_UGnYwzlsm9SjUGm7GB4z{B$);!t9|lmRf(%f92y
zG(!1<v`h9s977r{k3QCv*n3&&zm-ShemB80lR%kGOwms8hJlU?n2l}fuuE}<%iaM@
zrNXCp*gK~bPG}}%w{eCiXi=9*<@;_+rd-ZLT5Dz&gB!fl)eS(hZfjj4rcl&m)<_3E
zPj9AWBKhp}$RsQF(@k{JdZukjI6AI^z1?eucTlwkT&}?+2f2a5UXZygz5$p^UZ6}$
z43Fu_5;9Rm%~8#WLxwy<L{U&-d9V;b?6k=0i7pw~opFqjR3ktQKM||rBi4XD&99oh
z<><FgC@mmU%MKcM*m~Xf)<PK9E3skKt`M$kc-O5#9rlpUYle$nU*J#KZIGS5enN!U
zFi>vFi0ibp=;1+bZi<SlDD@CC5nPur=M@S=@h}&s@Y8xN>t4Ki-0Atg_gx7b#7#GW
zt{}W?#%sG>5g<nB08*F8xE_+&H6@L&49@Ur(_1w4_GA^38<!O`O9F=r-;H@^papj<
zCM$3EO|cq;C{yqEyH!<F3kT;a*TGvJ>DOd?h5p66spU8tOM4Qg)oIVNg2Br4NsXrB
z?|P-ba0L%9ptS|pfL8Z##wNX*i%N`+oXMBB=3<J0cAEEbn;?(RL^LYWws|46Q}Zr6
zk&Ayx8~3H4viR0Dj?RX_K^c|1O`s+`Ecr)0V)tH~P9P%}ex#rul93e4rc|~sjXD7K
zz0Kl{7@dY90=)`nC&GXU>yu>~q1J@UOtuLglVlk#b=n>p{I8T*!v#LVcf(8RMu}y2
z>9mz|<DjbvDb36zRILl0Fz5|0W5{P%>MXHJv2qN^pQCY^nJJm$PcmcC>Rv<tw7gFL
zMG6f58ti!B|9zyW;$ZzR0Xo%c8jh$cs2`l^MNHZ7K|1`bCK9HQfdSMIabTceWW>Y-
z2BA6WrgQAacpaXCh)E(q5Fj|XFc=$k<d3R^Z;B+`7RjFjYQBC4uAP~qaZv^oKVLT1
zA9G%_9eX@4+Bd)Q4o>a9>HbE5ww$Tf$7>0pXo0HN3BwgULp4kd*jy>(@72YGnstfX
zDN;{DuI&i$7N<J$Cou9Q8QNyKPCzP9^M{fWRUHBWM=_vE0~4EQV{`x<DcK{wGs07(
z#au{A51tmdszY{yeg!i6vkhhx3SOs0?J>%ZxJe0W<fe=sBM%KdT6t?y7p5PphgxBq
zcIXCVHA$;ox{@S4Sg<B%7bO=rEPN5Om8+VyL;^M_*=UmsbDYi#rt=HuESQr(r>UA)
zEf>xblV;;sJjZ6IA#rww;l+t0)6xNcYK!{^O;T*FSa*5ccI%~v&DG#GrxLGV1FQ?m
z7e%FY5`v~7$=T#tVE+Q!fd@**W;qF?F0rcOxRXT-!B${z+`7?BritACBpMgWli)3Z
zLAEY?$2v({nmkh$!;Ts_fYU2OnI`!rU`D5RqKl9!!YD|(CO)sI3SO;oQ<mmjL}n?u
z<fACZ8E)LkxJ$;0qH<K)9U9PbVazcV+>`&2R=Dnsxfy-mX3N^*U(o;49Dx~AHGFGY
z-HQ#DYH1^b4WFFMn6|&{An5R@D3C{M`Y40Gz<zG*?zw+67O;-k`oN`e;ijp#XQtt8
zQ;$PE3H3I1mX{NR8T;*KgF9{>_hibG7(It@nH*PjO7`RwHlDul2b-_|H~D%Dy7Dsg
z0(b=g5&@cFe8h7>>o*2WGL^5{O{FVfk#Q?==I+;iPsF6TT0K-X<<>9-W~qvo9}^?5
z@--4~3jO1?i`F0+d-1N4SII8*)aaA;Ai6q*fp+|6D!mo^Fm^Vz5>0L4E;lWtA#KGI
zaw_qJJ9UKy-^ijGCGB2Rkc7}<7lWCxBH>9b_!B_8IB=52rusbF6AOFk!on_s&56~O
zW%NtNXeG=WR4?D<@}e^sozJ!<9lcU7pHhxs(JU8=;;3!E3vW#lWNUZuP~e4u)O!-%
z>V$|D5#iLcj#wg6jWUtT4CMZ<$!T+HF}b)Npvl*o7H?SU@|>t{a{+j`F|C9xCFq??
zaC~1=WNtV|E{RqLQ)ikBY@c?jDaTcW3PJC$vn6$}w6=(CbZd-ZYiml$`$=6+gx<C^
z;KOsg#1?s?BimWcp->W%4$IoT&Z>PWo5|V7T)R#^iCEg#>=lVTw2WHJ#n|AQ&C}v6
zuN|~?UQh%Rvpexwav-2ng$FGIDYhXc+q&~0jv><JcgHFNn`E_GWm`hLz@yp$_9G|7
zkjNyu%~sgk#qb=#!-txtW6%E2S67D>rkVH<n3hr}4|8O$CQF=rBx8^;$lq2i@g%zz
zl7b3P8mji?hL%P+rQGCP2dF<MtCEJy4lu~M3AsFr#Yu(olI<COaAo{NDc3Uh$@MsN
zo*wt^d9o+r?G*80P4A?Vc7&+$wgu8*H{wU6`vUvnPUz;lWV@VELmpAX5YnQK{=pRf
z;80X`jCFMpl~OAyVg&;~g_XKySq*I;5J_J&K?07T2!+!sZ`9#HRN0Zcqa#AIZg)5_
zZ&E<p?D1%&dA-?nBS5sXl%X1uM(D^Rr+)Igk#Et~te@{p-m%=eL1%}12vBXor_}uk
zW3hgJr?@|?Aau>Q?hKYx)O7KNeBxCm)cLKe@~vk{>c`fa*U|yO=b?I-&Htn9oq{t9
zyRO|%I?fZ@w(WGsw$ZU|+qP}nwr$(Cx%1UuwX5E5{|Ea$Tqo=3UaQ7E=9t$AnhJVJ
zxR<leFB4*y*%lcb9X$z8As+&l^~BR>T@<?3v4Gseru^K@M%W||<o2;$rteq5#lz_d
zFxRv}i*H(l*-35FNb#s{`{3j;=~ceCIYG|q7S;BpF0=J<zm7}7_Wv`2%p<uSE&ERX
zC}T6oa4}$u&VDM?lJbsycvN9Lm0(vC=2}0S&x|C<gMs6+nBS0gZyP<wPpW>$(M~S<
zRTqr3P4<Y4mO+c(NbLg`ex2kq)@`CHn;ITd3q8=v_f@npydX9Ehn|h`X%$Ga-KW%<
zAyb1b{|eSf9KELkA{&U?naGX^v!tZ!N=OlUZ;00$tKM37ipScm3LINU5IX4?=c$z&
z8sqq6%k|6T-vEeLkK`~(n`<hcCV_~`>|}IU=L-Vl#{nqnZRYW6s9R~uy?F4!<4d6M
z1A}Pnq;wF+hz=xNP|b!=yC3xuwaJGe;D00YYkHgUw|_=Eo=CrbvHq9drILfG#s3*T
zC#pcZC=Q~0SwGoYv!)-k)tRso@F&!)64L?~Ap)la=%D`g4FCbsXkFc~NV0NT-fV|x
z%2O<B>cT5Av4n4&HM3ku^FhW_nq4bytZZE5Em1zN-(GJ1G<%=!Y!~~`B>#+?$YioV
zn&9~UIG#8NjK+1x?lFDo2@Gt}>?NVq^rfSCsq>@y`S<LYfi9D`DEB%tRyps2ZJh8U
zSRtCV3)<TgO!d$(S~>2rU!YD}=C%G~)<%GG4mm2%!$6(Ho!y{F>&$DFV0NZz5$Rnv
zh-jflN*-@n4y4>5+dtoP@1}qB319aR2!RVbN@o-fyb{QBT?rJqp#hCX)dlPetptDO
zJ*Pz2qhQP4Sb~D1a98a>V#tiSi2H3UHWd|Dx>th83>#U7qehtCiq@=)3hl=VA%<xn
z-8SS7MrzR{&6aL$E^XqRX_DlYxIUgm$(rA*E5s!?(pX=e=3t08yBni*PbFH8^Yc)V
ztZ;FvWDZW>Wktb47GCDoueENwZkDgB3ru3i^0V%B3HFJd7T`vi)h_YT6b8cZBwo$M
zQ}9#{!%T*d?jc%Wu{F)vDKO)*wDcTRpBC;e3I5@sx(pe5R7%a|<!Mwt4?iW$5mXI-
zG%GEMsrPr%r%y|wuO^BO18FQk#a-|ZLJbvqpW{O?=}tOB``v4!XY$h(Lskgx9$^xp
zLyoX{0!tRhy#MHpSeXW&FQakalwf7>V~PxP+22vK$3dD0Rus!Cn^ZMb>he(F=Nt#R
zaaNE#+6U<&mfgF?UZWeD%XJ3;`{p1YWxoiA8fhEp{FO<4H~XoPj5xgwVHiPLlBclL
zkZ@{aHzy>^ehKxgz_@Y(?kBYd;BKs0igm8;IA{;)5F2A-LA~<ZJe<as?D*gsqeq!=
zr{>l_wXhbX>veY}?mRd+HVpQYnt|%&tTCcUfw=FTN;0O3Vz_me@|7di%ykgMI`VTY
zyw<i(HY^oG-u%EBq{tw0X$UlH5dOwF>sgMo3Rt6#I2r-oMt(V1hA3yC732l|t<vLn
zEF0pqPjag=Y16=(5kjTs^)4~;57-YeN%ry*mcb$|b$qia3OroWQJ1j{Jr%Z@p^xiz
zV%=Q&>%<2;1rWow2saLTNJxT_lvblGIA&PWL)Q=_+4&;Fo~@WejxtnOSj-$L=zF^>
z(Q(Kf$yXSpWaC#Q*ypn1jx;_IQI{#61klaJjjA$dOggt}<IONK2*lXa>&DrOUPl`R
zK}b>~MBgyQgfbvd{<-=*a$syB%*<dHz?g2cg_sVt%y!O)+jiUs^_Y&VpP|)t^CE;k
zyl%h!{UOWz$8LYvWi~Q9<cOpKVNz!E1;guVXk70C%|$5UQ$FHT9Dd$mVz%DN^%Dcp
z2s;r6(L<yt;AUS5vKSjWHt@>4Z&SPd)>ZRh$XXDhdk_k8_;|MotGgeH4R-&TQOkKB
z=EK)f5juR;%~wP?{Dg7KVV~v)>auS2qhU5(;I5f!%q+=A>zh=D0ryA@qjH{i8?VrI
znSmD*pWf#cAdYw3obRmXy8HS9O9-|h5es^!vcyw~mFjPzLaD1r+-YzfI+9^U{{LEW
zO~*Yn#H1O&zSSD2@$S(oJ8&P<*wCmvV`JgftmgO%+#*XR3HM8P4G2>btLD0ES&-if
z9z)GE_yY4Kse}o^SDC%F$WDdf*d)~O$BZa04aDqUTIn{aC5_+a)R45iaa9Ih>jf~m
z`U!FS!w9heG?LH9;XdPLpRVS*U0l8?2{?Qj6N&H9V1E4-ogc6RjHX(au(uWT6EkFp
zbDX|Onnfu_q*;Umw)nB?sF8w^)btTnPYjEa;Zm1vOVenR1|zPt9o&Tr>CS#?oF#=S
zaW9q(o*~N?YXu8n=H;PSc@y5m{V9WN2mHM4nm4%!;rO|s@<84ms@y_N3R;XpPO@5@
zLQe9$_F>ctR#}8p2^vKsfe9MLBeV&+7;B^lhYLD#M%^*`9mFeHQWPUUt%gMOu%`qH
zjsBJM*cHR#O;!>><uj(V+L0`)gV{{Kf16!OW%>1>TeRo0rwPmM)*6$L6(UCW$6?zk
zy#7YgP-Fm`F#&=>oh=BXecOl>uNcIB$N@W_xGdJtuyKlQZ3^Nftl~d=ltqo|5ak}!
zch1+h-GO)GnaW@a7n!+=wV#qTdmvXhI^zyh8<j4d+aD8W6+Z()uB?W+@OQ@^lu?xA
z>;fsYAWFy^Fl8#7zUvM~H`0M1Bal`>5~LNw%#cY|2;h<GfvK9*;b}_cn{3z+s>Vn-
zsbqqy_Q53V0M6)_;}Qu&KXJ3DflpR<g#~Vsu#|FWG+;=dQ<Bf$T-v$eq<qRN-#S;F
z*?HhxByrX~?U(JGa*ec0^?<k^vlci7!fx*3UuA}s$?x1aUkRUMbm!qZ{M2Xn%3Rjn
zUQjfmiyx-9+>{PxzRL!09YH{+DLzEZRnw(NS{>fO$^2D-rq!e(-xkK*nHJC*l%pAp
zWXmIS4>mCr335O>(LZU@LvwIxX|Q+6-OYu*M$ddEY{RD85e&a2F>=)})Upjy7QVZr
z4+O-S+(b2cE3?lOu-RY#C;Bf32>MFG;SlT^;zo?C*mEj<n=MeErg^>y*jp~r0zbg!
z5A;kt2a&}Ee%!qID_al}=7pAfFD`q5Ty>@ZNjl~QkYjB!Up6~O<2)_sfb1%|hcUQ?
zKDkQylTMna?cd6>oTIoO41o}4qpi*?I;G?)imdU`n_n=A1TYHIP>=RDaR!Yf=#Cun
zJ)R`p5XJ-VOD&%LE&9>^ukjH+yE90;GqIvc1%t8qgJCAXr&^zL2+$vE{$*)&et`Q7
zh#pKKxx1e;*NA$!GZ#eL&L&t<MqzPmdXg3cP<SobFRU>j<zEV5u;5w#^9mg5RJ>%4
z5JsUsqLqo@^!A_ZMvz*#e;420)@(C2Oz`+j^ZOHq8Mww(YxU@yKs#XfjOUz=aFLfw
z1v}j~A(~t=-|3Cn#LqgWuqtwGQa8`B{k3Ilj6kl0TfG2{MC|F=ZNjTdIWCEeueY5h
zB?`vjB#wr4DyekZB}rB)i=HLf*y)^g3IyxfXho7+a7(Emboh?Pi1!L1r-dy5-wVip
zLyT~|l9w)lC0%3Ko-iaHFmEpx<$LAUtXjuy%`JB@8BuI%E8C<_*Yx$<By-mY`_G{l
z-~-Px4Ijo9!`dd_cn$9=n!eo(kzY~fw=zFn^eg_}x**?2t=<F2$H6Y4gD-|_?oxHB
z#Tf@z#q}G*YL3{NH1-D`P0eYI#gV7=;Su8YbgA#x25$`vp6V%Htq&X%Z3eZw^i3%i
zH?e$Z^h!|ZlkqEKX@>fe;I;%*U77B;pc$P&xCK!yIB%Y1PGn&oXMxVWy52p-tm$(>
z70k;Cs78fvx)aZ($1wR@#aWyY9K4Q8^hU1>m;L0=rM|i@o@W`l32%zu^iZB=leo20
ztZKgHpub5lti<?22g;Qx`2!UJ-HLub1$yxZeA&#FW0#B8Lo`;^mo4n)??V@tO1L)}
zZFqcXRfch5E0fHd(euO+OVXr;!M*}%f&8UVxTTne@|OwgrP#^zi2<%~T|M~+<w3H?
zS1Sdn4n3)7bN(sM5Q<BNjcZKVjqMr^>D<tEn<QED_M4P40##hY_Y|`z%k>6s3ZwlX
zbm)P@j@;HS;;4a`T9VMBjfEa;qAz);uZI6Sx9RptT&nT2J4yGGiu(IsN@f)kLn}pH
z<Nt7lG8HXl7XHF}C2>{BQsF~{(T#-f;NYVqq(CspasSZIT|#>445~LD#N90CH;F!e
zd;5QYb-jQ_kal@IieMOz^U;eiuN5$HO;1g6&!=8SXJ>c)N*Vf%gld)2;*$;r2G}s`
z&j}>}q>tzg2!b^~9+hZCVzlVvPsgM`3uyBgjT}Iy16Bh^Pym@Ee~`-`)rE+$IuPOK
z{)J)VTHFmRJN=$0E2G0Wl91b5<vx;DS_yOa)sAga<aTh~GwX56Q>TFvBkA)}K-mR*
z9(!buLSz}%X_HgC6+}pxQzcbqkP$3F2NUP=NWNZ`CvNwZeTs^3{99XWVYeI{?j9AA
zh!;5b*Z0CsQ3kvA#N3Og`#5c`mReIVIM7y-e&P%II?xPREH)0?jI@zZe~ptQ-<}Rd
zrFmJ)Iw3h5r5P=0X=zO8cRcEqp16Gt%|?GiAO_7<zW?s*x3^HxsgXFBJSfbW+{s%S
zD%?~S277Y^6H9|Te<d3yLkitTCE8OqlxTn?7ty5(8Pypoi3>$R0XabbmDv~PW~P3e
z@>amQY6igYkaaBDzrJhxM-xqKGMVvErvD+S%tm^wxHsuBY%aUUHozt@9VZV<m+#L{
znuuA{Db6t7sNkn?xQDl3{U5PC1-rilaiu=ELw+!Gzu`k%GVe!}l`8aU@P4q#Dy650
z5#GP-*v&Jm&yWp-h-#$m7!JX8UUeq$gM}~LB?bc{I7aZ|)1X=5JIF$}FfVF7kZFc6
z6v;i%NlD0hRjJYkoMLm?(b?%7IF*n&rMkL;_tVZK;m)uBw;t{PTYXCP|Nr0`Svvf$
zS{w{nxc=;)9SgpnOXGi$T>hUI@jF@>SQ!4t`7cy?x5rY!;8{-Ui0ZJ_8<gJTPGdjN
z9j!x2LzO3!QsAPMioIBHiX&w%pfa_jN^BT2OXM`AkR>mKTPu>qKZF6j7bS=mc0x)k
zpg|}9_{9VO^aBJ^b%VO|Y_7~2lPm_s{EZx(pSP}EyX?E$->=@$=zhP@7kREkq`>J8
zpxKCy@Fn+$U<)7irF2NV*?_>k$MCNO0|20Epdy~Kx^Fe`t!}Ek2ey*EL{LNLwj04D
z?7RMWwQk&J{rWEn4Ua7uuMHjVl03XrFn@OYk8fN#xKI1hZW8?H#8Zn4$C&0$>!Gsl
zcO_i9farFFI5HG(;t~oa|Gq)&jN840VQVShD1mAt$-d{g2f<-S0Uow+PLXazqD+Px
zY_`OU`Vfe!3Lh+i9~o$hjT;)Ss)`#XOk747<5T6TmJOvmi8*Lz*z*eI8EC$2<dpu3
zVccq&Zy>H%P(=mXx4BXmYU~oVQhzH`a>q4=WyO&(Q<)mLMMe}xYs_6d8IYP@!k1XW
zT_D{&U_z#8B8wS4e0gvdrT42-8x9jMKARfJ^K!-Gnp3ADokXD@nW&DN-7@f4nC6!n
zP@_$$sgvfWLUJHPVVyR_*7l!_8Y5D8l4nn176E#QKB1{`7Aq+cpf=WUUv|`JavFJH
zwI-u{)m+{Xhhhp-mugte$hy-NJojyRsAvw6Ju*qe&^=QH<?v1Ex0CX63lO$=cE;wC
z^v)<U50P5BJH>0<8{|5X*QJOR;v=CeTBH62nG8fJ+8N_J2}X|>zC7loLC;7HsHL-p
z_PjCLiNv>JN5Y(O5LpjB+Krs)vBH5UCyXY8gk#4Z#1t5Fh{UA|D%S7m18+6hFEYJ8
z==vHOzIkTMNln_$#$=Al>KMOo5FcOl_jt^@v?fT#qOI>!7%#sBS;V@>J>iz_I3+g}
z?7=#euTTW9+op%n*u9W9mASzGro0-;2~%(p>Sa^(K-!kSu|(PKr3Kwqy5;fE))7M)
zgKU_robqg?E<GD7c>!_~d#;9B$&GO4nERJ-71wy7N7F8EZ(h0+Oz9O68n*`%|5xYM
zA_8<J$vYxDfj^53;$N?f(g&beiQ7kj@n;!hGv}`k?&6qL$sKyDQt!0V2e7eX#vlji
zu~J7AH1K(qjO1xojvk@{<yMc7FHGXE2sLF^54zyoy@4Dr=IUdJ6%v&0fpjR^@)o~x
z%B{Y268f=|!aW?dcx@Eudvo7Pwsm$;)=3%|6x9Hm=va1X(w4Yp#Y1t7R7|~v8i|zL
zmmx~7?uk00;maDgt*kzpDN^p3<H@u#nhb^uw)iBgxrH|@TQ!Sw67|ZAVZvs!B>4rC
z(z^3Q4i#$*5`kWGRxo!XmkDOv*x}5|<||ArLaP+F6x%3b(^;bR#J}5<PMd0*?NP+@
z@~vv4?Bl-v!0Wuf!h<sOoq|N6#mTC_z5_I08Ii2Io$xB>9G;b!VF|0u2ds6ut<x&p
zPh0Qs>89pXp!c2o&ZSISH3w!8<A5ts_6#K!)VwNBexTV`&)YMpwlH+}xFlAzi7hOL
z1~Q|DuV8t}W_Ih5iw3MYU2@GlkQJHrzp1d$|5<nOA+Abpn~&Ppm<|ce+D`EpRj)Hr
z?UZsiYn0L66go(b3!Qe-6&8zyXMC;+zp)vF_%U&$lU$LS#ZVthX7!--p0eCwjB`&(
zb9(=_X%8xn%!WvRE!-P~a-F!DBAT{;cWd{o>=n6q#dIAI!1d(s`em~*RBYLC$35V;
zLk#lGVr)5kiH#*UUYi{RCL7JuGA~y|@3cd!VO4Bi5^QH@X-iKI`_sV!>f*Nt+);lC
z(;KWy-M7W)9**Pgca6&v)mej-!uG=1VXR5y_;lcJIHsl2iq>96zC5MuRZ?b$ca@u<
z*cEO&)>wq!c>eM%$)`)YHD5)5SKWg?FPem5ZWrM>A*{Wl_2t}dgtwou05z-k!>bY9
z2i==02KE4Dmdv5BgM@~2K%QA)2o+L6UCt~51s$)A!wt()p@+nuRP(<lRjE@A%>Sqx
zUyr3O+@SQb*$R$cX9z4CK(-BU8XPRmyBmCvmffADRHe~L%!~3ZCZ{OJgpbYfzC}*U
z%iZpwnhMzR`$op(S9!hr1H>|tP9n%K$Dj}q$*jnH!+f2kJ28zoeVp10J#i+q;g?(k
zNw*GELBmOa0dDar#hSc|-dYF#Y%dJPq6!e_9_=9!Hx^QSaF!IfykSF|>2sm&_0~a@
zm<IVAFRJNSpFc|-DvMG^ZE5Vb#~eR!GcGqqq{>60mKsJ@9t&Uv`z+UdUBY-BVss6w
zyk-wxRA?#mVNp<}0!3W|&NG=_zl4#>CsFKaGo^+ZJ4fba-W5iH$<zf_;}-d~h8+{7
z%Q9^5!8u((8>0u>ut&H|htR_|8#=!6q(bhV*ytKeoke=+B_Zk+?CF9QeB*BN@>~7|
ziRK$4dY{e(*t;;gdwzV|2Jstz;QPS*%iRU#yAR}RvU%ZqCFdGHgzOTBYhn#a8r;j3
zOassjOhE-L*T15*AGI~i*jVfEzG}m5F#EeOZpX5in1>LPTIW;ABBgKWYl^K#>_#C!
zp6$|)0;G*c$f3Qna?A9Egt2l<p6`tG>wS0z;OqDBt0Njy&Oa~@RU#1FvQL6`DOZC0
z1og2+;iX2Q#ERE)1AFiU*klMu_=4oNX$PNISD`}03wV{|sfFXp!7kwy+wRUadJZwZ
zbD}uE;s6xn5*g}*J@8E$tTT0;gP4q;6?FY$^3K<frn+akacXX#!lkgIc)N%XrXStG
zbS4n&&J9N4U$Ag3(4-!ba=23k0#F5#1_DYu1Ag8IZK#eYpyia+P6c^<ZldOoDH-oU
zf?`qoG6&T`W`NKePMvP4?)aaJr%<Vd_->(Oc=jFZCpMY9b8hAAMy_K?<4*s50VmIf
zZ=nBN+LAc^gMs`beUuUYt5%i&kv>0#fR?%rg1Qd>TmG0kU^}9GOVy29u+Ecil2Sl=
zA_h#7>Ow2!iqXJ`QHH0Bv=fj3Ns*<C)j8JJUr5dsp~?ceQj*_6C?N>?$>$2)<tVL%
z6+x7|e3Tr&%vxvd8%K9@)vsElNfidey?bvRUvIr{b6tNwKXCo38rJq~K_KGwK+Pw?
z-ebg$+Z|^lHb9Rjpzx;<7z=KXO-elUkF>=jwOI)!N<pR&QSulJc4RNw!%e+bvdu=*
ze#}MGzR$(fR<Z341MhH|3AWxLz%#q4fs5XeL%2@?M8Dric}NKUA?T0i^}yPeyG?-0
zj@!rdSPm~1+G5h;rfT9Q(^Synz8<ty^O_F79{>1_Lg#WTFngZ|$F`%3LRb0{3oN4{
zA=3`*eGtQ&8;s~?M~vJ!e|sQW@5fSUG*|anuvtzv1T*&(z$JQ)g6gcsyt|dqezEVw
zjbJu!=|6$%&Nzt0Qn=m}D;+l(6^-#}G^bisX?_!fP(LcmC^%HYlZww5I%BjHh~$=*
zR*^z+mr&!k_wUwVV{5Yf?>{=0#x#KritvGW;p3N;oY<>baHJ?qrXn)8M+eQPRDoz7
z%x2_^sFc&#n5;SdeBqHL5yV?QD&i^F(^CQth{1_k1||$l+<F1`$%hoHaQ)d^#WBh7
zR@_?OCRMQAT;D|BMEEdAEkwb8>zx8d?sg?2c(&BVM1i&F(QL=`O{5OvW{WiKpQ00@
ztF}xOBLJ>9$b3J_<Q3Ma71+5dQ)0@RXv&h2Pyrb*t1Xlvsk2fCx_u+^jYO3X_)Reg
z0|^2<Vh;K+Z0)2-h%!?m-IFAIJP9l{1#BvR-^2^Yay2c{%mf^k;dusqYt06g%D*3+
zx=S`xeVA<qCjHVdm5dwI0_^~IgBNTkbCX^g%%{D3O0A_E{f<0c%<8h2(4g!+78Ek(
z4?uOfi$K3v#vDC_x@^6HHZyOMIJ$(gnG4c8vPFkt&Ol3cJu>YSFzCz;suA;qUQ|z2
zM2w%MoeQx6#%XAPZZND`>5QdvSZZ8i)lOLFzjrQmH?V>?Fe_72tQf?L>oW@#hU#6*
z4AkFGrR+puUb(x;E+YME849*q{na;BLE8Iln5Z^<gYKAKRIruP@d$)Ro=43I`9W|u
z1We2-jxF`gB#2h_Y_nNiqU}N3yU&<kKG6joCkvF=dN+i_csP4}^SFyQWFM*6t^}%+
z-xVWWS5CHHbWl#7aem6O?ec$8i80WFs2882ONot&B4;iEjOAX$@4pT_iC$n6ib_JG
zD-W{#XkrtK9Ow{g^jQDJ`GBUf4oyJj4;F>>+G;>iMjzF1%b>i5#f9?aYmh#;@Z(A~
z`_R;OUrl*j^WPi(#bdEZrVB4U8SB7driyd*iRk(EC76Dc?@4>VM^{gtc9N1QM2z1I
z|CV1q0-}s2CRDN5;He_32+vD<<tjfnRy<vn4+Xy)<o&kCX+zF1?YF}fr)u!F9UP7?
z;{=T7eM42L{hPo0el8k^SkH4^EfM;o=AmrcxiB_pA%KsU`1{L-RIVCUbHnYx(ecub
z@KktW@VJ#QCRr$-f&(Ri&WmdQYC(}9f0l(dF(bBPPmL=kifOatU`#@@{!~mZvh%^Y
zE$k|5w!u{uYSFi7V{-gPG|pPK{2n~>dGmCdTgocA(QQlnLp3p0j2^(%nafQ7=zC-M
zv6*Z*rWfk%DZF<#AN2RdZeZ)7b}yc6F3Zwl(fR=VFU9+5dJPga;0g+Ur;EdQd*rh!
z<I~BdV0CAWh$n>UdUWFAPev<Cy|w)ju&F{uY9*v`V%^HDO-E$A(Ub+MEMkU#pLQ=r
z@B=jVa$d~77gShZIIbYRRG>fvtOKXRKQ%rga=WWDzuug=KmPn*+)U(l&Vx*{{$qd+
z#sm=8T@86ff4wMh*&wbL-?`w)6A_v#VpQit^2%{?rI|=ijKX$`TpxSenk>#F;<t=>
zbSX?bV#QWP49GgOA7JRoR$fI?L`9s=C%1Sq#z`0!0aQN6o_O7!I7B5Ct#}5Mpe7%V
zEmdA)qd4&kY6n_PtimnuM+URn-EsP0+T9+~RH!ko`LW#6Y>f|_Ka4&3^+9c$Pi5qB
zjdW7|jZFXc0f)b%XC0Z8Q1RTsZrcGjWpNFk^0Dk`b=qK1sZfb)lTUiR;1^()yUOHF
zQor3@jwg`uIZs{Md@84C+WU~3bxL<$ZMehL!s<@Z9aVNt^)huZN!Zp5RfA}r+%b8b
zu*zR49CoQ4SBoW*#*R6B?M+RSC(<#Ku*(*8nR#k=tscZD=8|A0Q?=S9fpKseP73YC
zxCNN{Y6$WUWXu*_gFdv}29Cc4kL%`_uXo5sbj+8nxJ$z7EqYf7nQcsVWxNa2^PVZU
zsF=)-8uqZg3yK1J;PEOB-mq&&kI}u5M?mroTStU<jpa94`;&LA{x_SJ0&<2dx640@
zehT%+pgLT##L9yN;+Dk3g-DhboKC=_bVnbc%b&y^{+S{8eV5=7)9Ch}ys-GC-YEIH
zNhYxb#CLBp{oid^&c(7DXf@v~ni8DUF=}<KL@U}Zsi1j|LAiuVQ7@$yjF9elVak`3
zIlhl@RM{iA5j|8#g_51IePh-0)Jqtg`5&F2>7;hjJ=F=gtsCv;ac`v<PnB@wDW#m+
z3F7^R&CM7tKE6q<haszX0ypJ=Z~@v9BI$-Qv-O4T9-i^+Q8^F*FhSTlorqvS+?to0
zyEhF*)h2+Sm;+IOoE+9*L}l&%Z_QE6iym_g`1PwB^VcuI|IWAhKbk|@(NfRQ?mtZz
zRd<hd6~}K}jX9Yl?@$F2+lq$LcxE^?r;4sP)+nSic4=EZu3o1NcFW|kyXh!Dt;7Rn
z-HP0G&Xu98%^cl|2pAiTz(+ph`IsL_X)b76(ybTZ$)IC(XsHuw`~Lltdb}wkVft&P
z^LWF3s`WT)ndcAB^H{tLP>ZzNZ}cH;FdKBdlHHpSSiFT@0nU#^*yyvH6xitVn*dn6
zrQHfxA)KjGdXyfKn*#ph-!J5}ATvJ2A1<6epDiWhc+flhE<-(J4#)98lKZQ_cmrjy
zT&8;Ny*x;LruXcDDte)TK3KE>J0u=jrgWGu>AzTapuxJ(dq_RR9zW~w;7*TJkYCGu
zt6y&&QEp%cyGwz;lx4n>aNjI(zG!{AhyS3zi2VLW?or-c4MO{PF)sX!g8kkbc6R*A
z!rNA1@yb#EmR0d8n2APt3+4YVo9U)_xQ6;v%>9-<`GexN+T;CtyAAav^9%g88|VX1
zi{XZ;+ovT2&)5Z~bT6|&ogiAfBj^Rd00PtO1cQ5dg@t}`a(=<-R+HbI|9rA@(_00^
zck`6BUyD?0!kB~`?L?~o`T^@(eJy)^RpoV+WC@FG7y7{Noa|sU_sUQG4?T>8jM}&R
zUe?=NMf<p>hka#ndv%eG{3gqWb({nnox^GnI-zD^3wuQUc0jcc6J-R!x7dbK0*nZY
z3b{g4U1x~Qj)My4&tfXZ;m{n0!;YdEar^;4p|?3LQ*5Df@ExV$p$mpOsizvHQytg8
znxV>#tO1w2m}B2fznPCi4(iYc?xdNILdH8Pax-gMR61hDQ;fGo=%pii;yGxHqv}Kk
z#q5wnlSL2id|`EY#z?n_JxY#Ro>*yQr&yK^X2E+-<%)B$g37MYg^)z7h)7~fIK#c#
z16k^1*^Pe>$WbKZ&q-O5R@|85Lwmy&CIqZmk`V{_XYaGBR*GnOw~~~JVj{!xfhSv%
zv?x^Ub>O6RtCG^5mvS^EQd@c*H&9gl(E8$!_whPCt(o4;^NF}P5s~X{^9qZn47Alh
z92aR@=?hMb<~lRxETe<Vot!gsoHIYiI`~ZirXoGD;0;K;#u(X?F~;0OKeHhVJz>K6
zVoAl<UgC0T1EWA<#@VaiD1kG+TY{Wid;*GOOt<ptlE{doC6?ad2fm1Ok8F0zb76;z
zhPN3gRI2XAC}xm!2G;7DqdMI2xDpXE2V;hs7+Mj0opKV^4s8s=gYwF|szwb&Y|?{C
z+gcQbB!j<b*GJU!#jXV1Eu|4(_UrfRYBi}@MjV!Bq>?i)gX|Yi(C;l7z{^%ehDDD;
z*9k7i+d+G`ab?;Vu7948&_^T>_LjB+h8zR}e_1XvNoEXCAQd~-*c6AN3rh|#nC+$H
z?Q<eKpwI8NSQ$8op2jTiTH%n!Fb`OZM}kO}qRjuGu&EO{6_Ug<e-&vG@F^sXLkTFS
z$<vjqnjDe&Q@|iH8Z=U<j41_G%)XlO?HlT8+ce5&L>yIagcc};;7%Lozu&Dg`ps<p
z{_Mo@7s=eKn(q0#JX`hk_4_l3Ijv54X%@b2E5=-M6(0*`)nLpBvONxMn)uKRu|hpS
zyqSpf3*DNjP)%Jjqt`zo56YCR#jGlf2`)Upu&iZpVEs0Sq7sqiP@Uz{(XNw%Z6q?t
zg2fQ)Djk7`4MUBGGA&rBC}QY%AdiBrw2p1x@(o)JkmJysa2ZyWRj%W_Eh{4PjQh^8
zNZvLr=ogD`S=T>s9?M+#&nZomszD;Rg1=ghym*ENDzk^jey?Yg;%KKu>7+?}t;KK;
z!iud>zzORIU5|UJ_b)}|9`vzou8h`%1`bi-X{@rSL%B_ARRqVd`=N$%Wk8)@-I&R9
z`MY`xnw5^3X_cAW$yiusc7tThT>DV&R&pu~H!n@{=5`KC?iOQLL5{0We<cU`gsHbE
zOQLLlt~STQg~fsTq|C=NMMtQmRNnc3phx|r{wgcvl#5wJu33|{cC&O+zKiCC7?e#}
z_F;z_=&-7l7$~2>xR8;oA_{mKFO_^o@DW9Fp>l9jv_PaX9$ZzQXV;2FUG3&_RB{Ez
zN4METyuLK9(EZ5XM1`$=DP9iRvIS5qA4}&}`gcUlwLRcC|C0%RoO5%={P4b`d*=wM
zSdre9L|ce<lGBAcxmDzy;9abu`a`pBOEx_Usa8;4EOU9~$$kDZ5%(3R`)?48Drj(Z
z0<&Avdx(OXv4Tz@9TIPNF%Xm8a4b|9tJ0jOVPThl(P~=>4w`j$f^}*<@#enikxTLB
zh2q3HQF3%&oQ$V_l?JPlc!xOl7rzl{u~ZX}AqKLSQm)}~LUa^I&gZ{;4OCQamgYl5
ziw>8q#N-vD?36=>1ba|WPFvP{F!rtN(#866zA9V?t<u#&&Mkwh<ybNgL6m=kky|UH
zf@Xv)*S|%=djUY}C4nF?^%eKs|1gbGkE|D0M$7);cau?~JM4m+v?ilI#KMGM&Vq+N
zgif5hzFwkeYUi5&Y`6{d4Zoa*7m^$98}eHn37DhMsZtDpp7%>7OZ?_+t60o>ZBW8f
zM0J&VxeGm13+_h;tAQ$Sw8n41bl#DM@Cvm-X+rv=9>j*wT@J7g7ID|<!?pCkOpUDN
ziEh1b;li^&4v=u($Xxwgu^$_pr_Hjxtq9+~+~Yu-UUx}+T7Tl!tp;z9s5725%G}2a
zx!jrP!eoiHhyN<Wtyl9(-IrIi$8JV>P-taCWWv$=fVyftl}-lf1m$(Nb|xkinaX>k
z=0<?s5*<*xxi!8y{xe?Rf)FBD7P^!bc=}gjO3!q_9@ViPv*Nfl=ME?>Cu+GnNCobG
zZTWuevcn3znzMY-N`<O7-6p$ykygBH?;@P}{zPpQ$o&!K22la>5jK&EFW2u<vbQ?P
zz_F#yjBrvxl~qJeWTR8@*&($hEv^Ogtq0-R{KfG~PIIx{R28o=vOfMI(gS^qspRnB
zG*gi1n5t+tM**SN6m!ToOm%CW5vHD`B`+k=*al_!a~{I3OeLnfjZm59o@efkfjOhM
zDJk4UbxB>Y<m{hn*$A@oy^lJ0N8HX`*S#tec1N2bRHVj~?&W+F^)&L5l&<G?lIaGW
zC2rNCWWE|1&uf}<&Mh}9Al^$q{h6B;=3IKj9X5TPJKlkYt&d65k)(>L1ez70oR-iI
z%$$&5nuA$JFEA_zN~36|jIqS;N>CsxiLmN2H6Z)mk!MQj+_-A(V&m~mtYW#4(8`2%
zPdM?2Bigc`Kn8)WG$lQ|hy{Jrd4{3b7Da1_s&Crc3;baO$ifllg<YNf3#^uHo~Aoc
zy#r<ZhD$YSyC3X>H_ycf;n~SykMCh0hdsbqVNaW$YO7z>gD(HjGvOOT#wBI;*~^Y6
z%sDUQPd{=gFaHTQ?OwhM5ZVo5R-Z~pXN2($6t9paFTvtV0my9z^Ny?OfUyA&FIoC+
zUc(;AYT&d4co#m;3nR-{UI(mpT>A|R*UXiUNoQ!Q?H|YLq6yBkZ&VkGYS`{kcNf<;
ztlRaD$Y2l0j@j!wFF;!=APL=Zapqw}Zp%IZ)rBl;5N`*L;u@$uqsI2=I$Au{%U^@B
z!+tz4{`WRvfAe_UoCYPzhnpiIo=lvu#JDckRXGM>?`2_4iJ@I11MT`azt9iykp|l$
zyS^#joa$m_weUP*$NmQvOB0>s5GG5t!!^(qp7?@m{_w0;>g}Wa0nc?yloWxN5B;YX
z-plN~V`;WLp*h%60OB>+f=D?rwLtt&{=azcizG0ZIiItk*Cawt_Eg%o_7G|5M%uRG
z5L#)8e-73N&35X0dDS#|?n`x*01<jczz5)sOq569$gH$axXm@(#U|fnmX_Bc%=dGT
zuKX`gVfw?$+qu+~tob_J9ig>Gf9G+b%9~5sZN)!dkLkYql)QP>@)KtMX#MSmPUD$9
z4ToB5M67YukfmvYIeCMJT4fklS{?87;Pl?C;aLqq?R2(-QY#DySE2Zazv<D);Oh}F
zKd>0zo%5oZ?IXBX|K9}qL7WFfuJux0>%>dU+5<(b(RuzGPgWFrvLi@$s0_^J4eqle
zR8~d-!5HfZAcYv?sWRupVUu<=d3HQ7&cB^TBbhgpFA^<JV$<o#*BPiUTNIoKY1?BH
zc~W9%Gmf0Uf5fx3Auca|r;F&@4errC_#r-Sq5%0AJne|3i!dxxbo7e!$egY1g?{G?
z(tGRH=*F8u(ST{&1Hn;Rv@6z7`-&DipklEC_4x*pLJzcjJUf0LIEmgnb^5Fzjw+k3
z^=`g`*V*ogUVmG{gjHXI{MfTFqO)I1A38q?w@NE2$d_yet0OYW3;3OMcl8_nIhkGv
zbL4cTdW-jwv}$Yck=<DsUQeGPevM!%zJmU3i`PQq^Yah*f10?WN>%o|KPGM+;(yin
z^*<)Al%c)7uJM05xS1;MF35{0-<t-`#!MIx#Jja2vLMVB5aa!5kkLW#>IQ5eefhm*
znHSPYy^~X%OyQ7~(aMyIVM=n8JMBrbLggr|zN&ai`FS*Ew{q)cm(P#YU#s8iSxoiq
ztHfAZ@1E}0tv^dXT-EMVo%UzlWZJ)LAifi9Q2>w>7(e4W8xpJ7QijyJmfBV^`}+8F
zjn>noS^s~BF9co#la}1h?Gaoy#SwV>WL_JCpH^94r4jA5!_nEJE#S}MFRcOZ29kqX
z7(g3zyJ*yxKp6A4_-t^t^)f^KE`mc|AM$<qj7I%8`@f#STUW=&gAKTYhSlDXHn=Hv
zDKPGDnc1dqmb4ijsoA=dY*HFe5^V(gtU-n>t<*L<j4UPY&(fDznxPegoJ+VCW%;Fs
z1T33M$@XCe77U1KG^Exv76jFiWUZFmFfG@q(VGezO14VP8Gve~a`K2WBS;#6ivnS7
zoJZy+G9f2nFKgr<nvrs+Xt|JC^UV0S3)k9WiPf5xEZGkDpmHRf%ZhxK!!RlQkj+6o
zC>9mlseK`<_DnTo0{Yqp-#y143aqMgELrZGAY9TS&@am%&c!N8HWzbK(-)!whFI%g
zXv#|O*||<@o6kYk;aMkKM5Rh+FV#ns_aQs`p=#;$$}sjrWfxA)7~`Ta5GLyuT9%Te
z3jy&gH#NWoA%(H$qW5Af`J3Zquc5h<EMwI}dX*OQ5Lb^lTn#0cHpyj19xerS;lOqi
zCiP15TLnWn^`ioI_RfkDwZ=4%)3H7&vl$VsfHpovvev(C2<q*;)9X8J$`WyJk7#@T
zN>&qhwD2JG`Jxx5SVA0vZZ#z!B7euR4uxk^^B3=Em#ZU<G6>}zJsJAPIbrH08Z9F`
zux&72kPrFmhSW&9=4j&wCMe*MW@*CrYUJu88ZZ`vTzhzYfajrJ>?5jj0b;}2e+iM&
zF07)Q#uhjqt<uKMq!LO=m=_7ft?XH=XEB=0UVPPh_>n7wnP^}jEtsVmgQFY#luYDn
zU?-uJ_b@@Xh4cLiB^UGgdKsxzYJg!7vs7%5=|o-RdaZBc{E}VAuW!Nv^r51Nh;n84
z{xAZ|+W2uu>;3I3hw_SE9`Q?@lIc5#`f0H$p1eUKq&Ig^tge?wp5>1AV~f=d|H8Mq
z9K<CAwcfP^z1ETKZ3jHVZpGhp`6;~o?F)wb3i$&miIJ*WKIcX_G@P3tDQAO;NAZH5
zE&9ULz7ydmbDQcneJf;jeRAKICW8C{s!jPq^;NWU&HVwT4Xx>P^}ApP>q9{2R0s{;
zmuhGtT}ikim^<@0Lyj30v{&6F%S;eP0oszZy+nTCUa8b%H*b&8%VqX(4LLkguJuIy
zMwkMIocIu@piAMTwM&!N$yJqQKqQs**yE)HwPq_S3V4y_K5WwjNqEY(m(7u~jrTIC
zAuWefA&c<j!jPE0J|wDA00828s)hlP(x9GgR8k?HpVzp!Q0j%SKw_*$N>(JQ+jqMz
zEd8t#dxJb-v1WzYeAjrSi5JiLXi&j`u}Hm6-+cD;R1{zq+k0+4rBwv|D-#E1Z~|R<
zi7b9psLIKAQ0Sjc)bX$2MivcqHstw6dR#Q$?wvlT7O22_G?lLmnC>=ATKv~_JCoOf
zEYWFTN-B!Bw#JMcs%gVl6BhOpUY5kUxP&yvK}OdF#U__HP^A4RSWuO$o(J8bs5bcG
zs7B#ZFReL9fw{_~s)Wt`4!sgP(Wc!Ee@%@e6mK9^f!UG8>{zW5Lj8?7tN0Y`=eT<=
zNh1F87!f3%%Bgh!v+`+Ap9p#emG`jJl9;}aze`+mtfq4IPuNq0m6^?hOyRspRe5x%
ze>_<=BhCLhQ$>o?qv3kNz+diy`_9j&_nfM*?<0D#vGefYWMpX}!^Z6xgEyL+IN*qf
z0+;!F!uJ9tG(6`%uyZp%bX{D$!8RraKw0EC5mC+rQCjpl_rgIL(=8#w-dBz9moe`(
zrt;ZhcjX+j6Bm8(0n_P=8<ly84gf?KtOC)t{Ue+Z>mz-t$?Cgh%-N7b(o<2$;Dw2)
ztUz-UWUrx@;#vq4S5qSq%8u|Qom%T4Br6><C}-k^%_j5`LCxQDWA=!4o8sXffm`ah
zH8Eb-0yUzSs5j22GZ4AKWG*2isCt)TLrfF&je+vwL=;EPv2X@h?_5LuTNW^WA4a$U
z@1Lfza{}M6${#)fXD1p1v2lS5>Og-sAN`V8p3%hMc;G-lMF6JZ+R=IM??mp_FF_wr
zykbnD54lyN^bg%#<0EfOOvF&c>9I(wp3;#&JOC6u=;@9B0={&_kSss%C#jaX!9k%J
zkn@5M_g6~Uik3L%0h-1K2Aal7(Yl6lVM;;RbuyBuChBa%+YWos!;G~v@B*vXTwRoW
z+OGqeD9Yz7wzC3DUY^?~U~I|TV)BL$4lNDh1Gg=)f{(ACa8%RMg9h&qoGgEC;RQfp
z4}c|C6;|VK|2k?`QGUv;(y}vD0l_Bp2knev6YZ4k{Ii1>fE@$ul~z0z-^+jIfk9pN
z9CMFuOw9t>&lW-f7&P!9D*z-t9Q_-$IT$;0qkE6@WTM%bbc>&J!WeYMDcXw&2~nm-
zbsylZ%^teqco`G>YBy;}&ub5s?%_%Cai?&+?#I3mf`EhX69~A4$i2wdbW5qT`eV2b
zv>`e*V*??^4F)ZvgO)Xr=>p}vZ_4iq2DhiS$19o9$?Og?y$|YE(jD@A3Vpz=)rZmH
zM`r{0E*gIJo(cZW)gECdAl)rUi2`Cks}95Lpg`TFv1Qpp9lxzojeHga!HXj)9uW4x
zM|=@geNnv_BGZFgZGp><cgzkGxlKJ8OrBcp!rK?SwpC<U8^vossj$uu+a>8Vj>lo^
z5kN$)J0g7%^Fs3aYd9*Rt{Dz1ND!N0s))s023&m0&WRA5d_#rJO?NC%RTD~-@Q|^B
zYnvkP&Efhej4%Y7Mny9I9he?^2N<ss>_Vm;Eh=|*k#a<OG+(=s;>&ZpAFLeTmHfi{
zPxS<XQbfS^gS)c-pRMTs&W`@SU`rJ>6z2aTe=QXi1cZQgXv-q!A`@>R$kpl`>Olj9
zIwFXy(hCDj<0a!5Ulcw-yI%70PfjA<jw1ey-CC3s;=Ak;7}pzj^Bi+Ee}3)n8~;L!
znS~dL4)PRbjXO!qlNsbFJyp>iu+bt~5rUzl9qk{-tlB9H0@9p^AIu3mrwl^Rqv}vZ
z092+LcJ)OfHir*6c&Q-+b6UW{*;kRPh9}Wutmp>?VI^6DHlq`UX1RhHE-;*abwwD4
zmx^=Hb#P?S1)^pG(@ok>$Gw-yLncvY>(cML2>G{n)DTDbph+liv3>ZglRit9(nCqN
zUaSo1anKvJ43D>lopWXp7m7Xu80N*+kFe>21W7}%DAxPQm0`49s7Mgd$GfO1Ll=AS
ziT_#Iw31oy!+yf~SKN5k)%6mXty%?En4B*9+58@_^+aJqSCmNrd8Ux1IaciOYcU@!
z(Kr)0Nk(?W?%~53E;QjQk7B(jZn#K`k4n#pbNImhD!7(EVaWo38_Cy~Ui3YDwr&h$
zKJc?<ju#HiQ3g3~2#X_P%`${>QO<E*=}8W@L_tQJrVQ`|`TkRm%5@)Ji(o&pCsY$?
zvc?kj1cWD97G3z={2q4K0hP!nxl+)UBKz9-<tT-_g?{#`(U0y8wT$GYYPg;9`6!Y|
z7nY-r9aJTlIj*^*=2UxTA0I}z1}nP1m{7bC!RZ9=WVt-$Ai`>6P<5|u1Be`O+{Ebr
z8fY5W({Qv4;VG9y8j)hExIukdJkB@PI?V|tlfGWWC9fMlm5GhSt&)`fH7d}6m6tfX
zmf`^?yq&eYTi8#WjzGX6idID=+(Xnbzue0nrcZF?GC3o)Hd<dq>>e!2cn3SCtk8V&
zh!rH<*`-@nY8JK&vIa>b)k)C6e=b@FGYe-j^57-#fwUk}Sqo?40e2~Jts+=&LHUY0
z27UK}8e5udQq*V)^M?5({g|mCVBfK;6v_9;6?lju26Duf(~tT!y`N$t9}8|aScLv2
zfZtObJ39~%e@<Nn(06c(yJ03e5d@cxKU5%|mUSX3P@BF`duuZjYgL@Ia<DgIQ3v8f
zLp_&As4UFm5+wEdU&QwiDm-ECADWfpPagNbV08Y^edgzjv^V^}WKvumG!0R{Jx712
zfE}!cZ3Ptn=1@%;#kc~?bmZ0NnG<&m7{nAXDGv?r(j+q{08DhI>U`>gazJSC5<;kn
zh)I4vlgzRv&<V&kpd0Wg$cnPIpTqgbE+3oETBPv?h$p)fsqdD~ubw}tT(52SFYjoa
z-!`ychl6epuC=hApv3I~0Ekr@gXkC;s8;@wM1Ee914;t-&XwTu!e>*us$Sy`@<C&s
z7Ui|+(TC&C7vQS<J-3aWL9|;Ewyuj_m5vq!Hdncb>af-H&6hMZ=-TZ_jRKyXq2*51
zAdStJAn;~aTdpg37-y*0BCPGZo%Ot3+F2V}zy^)MOt`yEHP&;hZ8uuE%}Dq!ShpJ=
zAJ-ZGYlx*_!Qp;f?!8{;LiZJa0#gNC>{zFjNRdq!$==4=qDtvrw2ji|bKel$OW20A
zP@9H!bzNag>NMuZlGQ4aH^5!fB3sNd5up=X^|n^3X=9}=5%LxSYa6m6`0C`QZB^@j
zn<-`}Iq0NK^$+hFbN`aX@rs$B^b%$0QE(1oh~Ld1qHr1@0{n!n2G!;;Z^GgXE#O;X
z|JM5H=4TU^o06jV2=!{-KU>opC1H4Y38H{?z9%k6kIjPl?#2}<n7(D2j<9*@Mo6u1
zJZJb65D$e0q91zYgS#xiBiyslPP98^@Rxh8kgUys5I*ejX(-PZr_(4$t;ZVK#q-vM
zngGiV5`<q2(}Cc2k|zDa2<VtVpd4m%9;H0osqu6Z)#i$b4SDZj574_7k|nuxCRT5S
zZ!j=vLoKerLD<oA#25(#E=?+8#V(xG$|}K*T4Ft>ISDPY@9D>~*Yal@3XE@hT$XZu
z9a-Yxtgao~KDsX>g1nJqw-Pteh;U*|70tBDb>8Vz&$%xI-7OBRQMM0Xpk9ATo0a41
zP=Rlh#EjA^@{xppsHkQqn~MRrTu@nnYK_?e!jwNUNSFW($`n<eu0VQ()I+de=%pkm
zI#);l9>xlL@rFHX#s)CF$)39_#$C8;%3b&ihU_*X2qD96Ukzq@*OjfSc=!Fq7wgZ$
z4bevmA2P^qAgk&>dMUn{qb@sn2Hcl0L)EQCg^gD28P%7OQtOv;HKk3Ys>egnm|6o8
zb-tFEdo39k`dcP2&qG8*DKg9-AnVAe(#b4&XT=dS0|^T^OdlEG`gS@fVNCE=C95s}
z#{P;Z5bb{Q5BvmgBs%hTRbCqVK1$<aITCY+u9g}bm>Wl6y@_hH7H=@U%6FYzHY3@X
zKXAQeQ!+{HQId=tDdA*?c)!UB?8HuIZb-M}RTFf(yJ|a0Rl8?#8=5R(mP}uezAAR<
zTr?<wp0ob_ed49OQ3-EmGI}z3!TRFek~8(KoHY0Z|0<RJ#Dxm)3mbJWiePsWs4!=H
z&N|Zkq`eH#gCwd+tu+EYlSa$0cno7Ht%)~s;YblqV4Z@Mh92JCr{Fo?ys52%{xyz1
zE}`byls-BrO;;Xa>za)#CjIMdgX|DzDRRzIH4MDOMGQ4(QXjC;ZlVsRg$J3>wq(7K
z(y+a1JSTKt*HWTo_LgB$7$!C`x%hCt8=}eVq*i~EtQ~jR#+Auz$|9*ji{nvixXuD;
z{-DJ&w$%%x5FDSXv>6L(;>vpAds;&lQJ_>F@0&D>d(L*tiatsl$xvQ*sMVx7^Wef=
z*Y5fdTT2+Oi8>G=OE4L!)Kph`Db=x2CQU?{uXmc$(8cyF15`?%+M2vqXQ5el%zdtP
zB<B&l$*J=As=#T#AvTVR`u&h+$rHLl%kdkPI`W1IR;fu<lGPli-UF;w43}0SL!9B1
zawQIei7Dh{!Zc}+iCJG-PW&L!Xh=AGj=KF~!C6F&#k_J@Vo7{;7g^ywl+#g9nz~vD
zIquhjMzyu;mr}xF_K<nWh}Z?g>uS`{ZGEEQV{!h{I6i2k$qMCMRbAAb)3UtRQpNG|
zB7nLlSnhWq4EEuUW|TS8(6Ma?gT5wca!1{Y^QgeM8J)w>qx5)l^5Wg0VPoW!NBrW^
zi2J13E4Ti6krnTyD4V_FWKuLE@=NsJ+wA+A!8K`4q}GD;(h?k8i(MI9Yg8uMA?5ID
zqRJ9D*QGVg?(J&MpqTM)a|qWd`fTrKc<!$af;D-8o3~bVavsZx1HHW8iKx4XPtCd<
zyitsrVTmi!GXIi*bR&QB#oDL;*2QT&sF{3Lnb}EEu4Y-6^5IDea%D}<=X0A(8b+y%
zJS($xKzX4GV(=FwD|-j=L>!e>iBVShE3$q@OLBoNmuw%Wb+EL6i}HXc+zWK|LC@XG
zN3F|c4{~29mTLmSl&KYl2ZBO0L+N2$u*2mOm@$p#8$D@pdZ(Szm!b9=yfTkTDWjXz
zn7|d$+Mi-9g)MZey#1k@fZgl2|20O$ULVVSg^*CitxMrhTw?;?MY$|Ty+NseM{TO8
zMEle!llSl|tk4;_5Ed#LhjS`Y$1`p8m>x#oG|?Qs{4&rGT-Jb&I(`)tHSI9p1mv84
zs?092MOe0`ZXmJmT~TRkEDU+7Y7A>&qs&9%{~_(2f-G&DcERqlZQHhO+qSD#*<H46
z+qP}nw%uLTRa4(gOzimH`48sZ`)nOO2P-1;&b;zMUeqT&{Ww3+7hn^3xDfAK?(Cz$
z7<SB*Dr73D2Sp9eC~g9*E&ZUZL0fQ&Q<|AJy?P+F6*XL;Qmx=yrJ$`MaotBnUNee7
zz{<HXjB#W3dE1ZK1~lnFitIoid%!pHY(+N7$|JDKxU<TvYbTJV<pn@)w<lb!ZgRvn
zzbPu-tjBlTqx%E{Adow-=k)V_EVQTM|9HJ0_vP2`3%#@F@%uUuJnko+2pz1z5Vk_Z
zQ!VDGP}>8E=c}Q*57L@!^`OmBv*jpnF%Sv9!<o-j;&oTME>IgEwiW5g6+K}(b5OKG
z<3beT^N5%O4J@C*!Qt(;`oUc#)2%^!cyF;c^LoI~Lt^;H3W45`ym3nu2Y2d84==Y&
zRn6V{0be@zgH;Z499y67%J=~YRBwu-)#H4jAD;Q$;jVDdG&#ek!XGe&Ef{~Rb6!+;
z^5dlL^r8C~2EGB2cby@Ew)bhY_SAE>J-u&Oq-sya(?LO#37I-;`-w(+vl>UbPC`s_
zJEe}oZw0ImDwKqtsd?(O$=If2_hisB)|8u7O|{*;-JPP;9iyq;5!I*yn{PUWNC(`N
zZ~))&DnI8?Dd*uwYLiX+*FT`<wSvZYm~W`r9pT3h;eWj>Ihp=X)E)JAFBEfBU-I>7
zn-Iz%0ly!|N_Dbq{<LaUWGFC(^GnlYc0i>45sA}vm|NTHGczUOFDK2_sVyrjXiF_C
zE%6&#Wz%4Skp-}{)mmRae?98odHjity-i=YX)ptRYnx?0?aaQ-dgX4t-K75F`(pFc
zed`R_=BU|6mRL@Vf~*h9LU=$Wv?RnN)Ff;P!MTagDI|nf7yfxjxJ7*(BqMM2M%7cY
z&$m^(|C6WeARnQpW*_^lB!tXcdbpL9<&c{SZ>8>MY}kXi>7kqH>}!y>{xH0dyUYs@
zomUP*JU_}qQ3(D%C8~VoTYU%`Phmc)e9&E089$|$eDEEz<u9y(*&-jhpl^Xo-oYu<
z#X+d&t2i<gmN9u0fH;Azp?u8mQe$1EGyuEf+GdBf;l_|ymjN}X1O7V+-u*QWsF^?G
zEM^286=d}9@Ub3u9CP9dU=l|)4~80|Es?XPoO94cmb}tHbH?GpY)THxva#yhE%ZE$
zpIocjTYiOAxnwa_R-Q`3b~+X<tQMCY$7+_`c0TXvj=`&{>iFhZN&3?8;-*Esy@ANg
zblRPe*@!D}B&=3d1(yv+dZc*VkK61R^(t~*j>_mL>L?8p5UsL-H7-5`Rv5xeg&bd$
zJ-)U+b{~a(p4#|U01nljb=?+(kAMJ@$Zp9-WMidiqvelIH0TG<$6_VkSQsca5jc}r
z_IrFPESoHc_S0-N%Yhi&{Us`%&w?9s5ciI=tWHd%O26;4KSGXVI?H-p({V|QO*6wA
zZ8GNRiB<<zYhA}b%zDu^p^X<D@wEdK=`Zu22<}sNG3vsR)BOrHG`Wuo;}Th7`Df1s
zM%dLW`fz)D&8zp7VpS_(*M7+iaN7Ijjp2}8N^Tc#wA@8RbjKg9muuuEwQ+KUUJju#
zvw70utxp9UWe1|Ty?xSL-#1OF66X)3Qq``CLv@boA6$Bamt4Nl>?&FF05toGx9FHw
zhU$VcW3W>c8>D4q#2hOg+m3kT-#SM#-ZeHLpxE!7NWk;Pz7@EUuegt+^*uK=8Y;u~
zE?J|X{X6<dElr)lmu@V5NIDH4Ubw^(7i;w5-q`3aA3uK;ai>PW)2Z$~g3pT-&=dC2
zg-`LHzcKI3Ge%BQ?JVEpeJ}i~q**97)mE@0uIb{V??#&)Rj2&8_<QtRpHL%u6q*h=
z%$ZqB_w1OJoQZt14;uIrb?rdr@*fWBRi}OR{rR6|0o<RpO{xx)Mr&K7D;xH)a!9`E
zk1Ll;Nlm!Sj$!lDPQ?@Ddd*l2hpEvDu#?r3hg5BxuBsfQd?mv#m;1^J^gnn^X-a9U
zm#usTf6YotI#<Eqn(inw6rrga++uSYl5Nkd7}l1Q%E+&RxY*VNbpOinudwT)0;X;;
zHoF2eP8NU02S`^|mm4+XQ5INNpu>QX%WtvTX;_xu_<G#S&3QI$BrpEv7n$`t|MNb9
zNZ8@sP3J$oZEH5k3RB+{i)oiVsOs0EHi*}b<vKd$<-&|FIrXd|9p1V+by^;kuSQEy
z2`Zu793YE+RYSC=m6~#;J^Vg9ITSI;H^)R1DR>*w&eriz{8&z^s3KzB92i{N<Ki$?
zf16D4pl~VDO~9aCBVCPN;nL)pyVaN}4cS&Ev2(0Z<CX@iu8Fp(5Zx)lH8D8Qe9F|;
zFTb6mk}_Pj*%?xaMnHBiHSk!ye%Spxp#*<zyEuV|e{*czx0hj77Odr=xdYo#zh;yi
zz<q`gV>LH(Uy2?@jN?XwaVsQHWA*~<$nAB#v*4~@ejI$={4RaDt*1@Q-nIIGWnQU7
zX8&seFNSOV;g6V)I~Y`NMkC&3cG0AwG?##2AjCcb-);X(8lrIRC^|i~RQ`;%HSA+4
zjC^5=zMsAWmdpNzWtpKV7UB7FDDdLk32ODJ+8%_OaairUq0NAz%^>=3v0g9#g_Q&)
zP@gk;%57;#R-4NKTNMs^#YZ!7#GrFYjYFqo5{X+sb8S$4ipdMA@e26X?7;>ozn(Tm
zt$r<nnjV^(oRa5ZQj1zFMD<0X&U=jsF;X;N=!@@+4`uYs0kf7rG%J$IL$Hk+dKakm
zJS%L_-PHh5L|F3r_{Zi(3zJ5rj*liHEbI$CWBR2{Urg8?rEAVAuF&P3Ay5`r)*8;x
zW@ZgH#c(HHhR8aWoH^w+=bzKU*UTEbh;4qb!VL>JY5gN_DDX4Cu}$T9=Wh%;%fqIn
z#0|u?5w*F1lr1hGJfZ9gf?HU@&FlUa!~(8yMo#=<AB>gP$ecvCws0s8QYfoZx~qk!
z`-uh`ny-oAg|u}Ku+M>QhQ*~6Am@*JhI5Bp7jVQqv|9T#a7LwM_Q+(6z`rtF_I$an
zesbLsYJC`j%@V_;iJ#|=#`Pb5biSgr=a}7MW(_r_5&58&I)KgI)BgG9HHcdIhIhy-
zzfXFrb_e{rqkNa=GyV!*y+_<p2yjmfo1ws(p_)#6;mI|C$s)-RJQ4Qm#B#uJBb3NN
z9by>rD;zy-5Z0VENNM935Z_m%@4Fd<9`aykzC>E>2{KN4Fs0Yjba=x&_U@=oO6#8}
zdJ?|pVb{@!!|rz!dJw$?&l@F%^cFcUCJ$)Tm|vsICi)Jdf7+Ybp}ew;QkmMGXipi@
zMRmeI-Ljg!Z5`*)rSD(%Es3I(QQ7mia-SmW8uZRFZP6Q%>zagm!n>SDB^!HZSq{ZJ
zq2;S_{DX5JHTY$IgmAc|l4i2BX#Dw)VI#qarNR0enT`8KX2t*Au%ToMa4~gq7PT|B
zH?g$)Z-atj6>WQLQ4HS1HNDaGl5%UPr;NEKS)2pg^WdbQNI=#~d1h06Vn7^(wO1Yc
zTBn&C&O@yGK4^Fel|-L1b@Epb$G6fXQ3DkT{xP~I-D$=xeX_Fm*I(Q|SRNUIaA%-W
z27a-}9yaI=6Qnu^pR73egSPT)Z7{o0fH=L6g~5E^Hi+C_AqZKWiNSi`C{SYN?@{gF
zN*?5H{GIK}6RDsH!@6FxEg3D^tx^+iTYnPz!n01nCR~?Wwyz`})E+9=tBpL!dvi85
zD64jn!)~5irmO~E9_^MZ<Eap|U3J8Lh#0uITWJx-Jy-+e&~Vjj+_X^7Q?I3zFTOWy
zJG;%E!oLoT1z2(fanzo^+YOtp&4je3tC@17b<SL@o3-bll^4xgIo3X#N-HHFJ;cB+
zX@cd8c3wS3u!z}V0$nG^+gj^2Zpu`1t|Y>`*U8uJD=FAd91X4%3A?ouEsi{?OyNDq
z7zVl_^qC8A6!8=uxV=>BxY>W&_dQIUQIKyBs=_I4cf=-!xHr5bW?@WZy<@WcQIS2W
zpo&<1`H>}l)l!bbZQxX-8x~{sq7xQk<4Kqv;N3i0#Ngp0Qzx;Zp`qLF>b4mc__6w@
ze<@Y<IkR`5inU^FYe8>Z>Eat7{8V${74^UR;v@B+93@Vmd`%uM^I01HPN5;;+aU{g
zQ;Vl`D0j#CI%D+<_1usC;aW$hn%2;_bhU-puVfF0xWxTc;^U8U?8w8~S#i{-Eg3u@
zj+ZOxtTtcijAFmiyndKBKmaIgpswVKRAFG5(iR4J+Ki&Uy&EYC6#!G4fZcr;<X3zk
zTKw=y_{bva8Yztj0-nPb#4!h$_2H8TwDO9)nC0sOU2}R$XMvv9KQTkZ#OHQ4JvJd@
z6zdZ2|1^zk6PUg72Oy?)w3YYF(RzB)r=ZC*{?Q`s$6OOYi3LM3$_KLN-XRvE{uq|P
z(v~m%)qkce!Xc`6z*Tzo(`eQZqHCyWCz|ZA9ysc6xClO5id;<S4D?hG&NXi+X8=B+
z;tiXuCyT#t{I_}9hcVL&a^R`L0NdB8UInHrwEKWjuYsrjJ^L4y+Z}AmJb`2C8ru9W
z;=Bm#wH>GVn2%8KWZF5J8a#9-lItI;(PrO7yO8ae&(6heJQs;I>@&rt-NJP`$D4m#
zT22GBe$al`^W%3t|4Ur=JEY)$vRY7;wExewr37#><Z=!KtB|sgLP~;=+ALs^@2sq-
z0h}DCam2B>lx!^iQWVj4=hWsPSfBvd8}r8xc0bf0Ycee7n2OrXWZ!+?dF6R&z0K|Y
z(dK6g`<J6oP@GM6QIqrdC~4IJ?(`dw3-qUq4xle_kQ_ACQ3R+Cvj|rhfo-u~W*N3M
z8QNup7<aH1(s*xHqhcobAG2B{Rx^;W$>!$2mRxTbrA%F|tAd&CR4#l9jJy8+Yt}vR
zm)vX^a-V0?Sxt5~#q~&Kr~{W_Dv77pEDd&1>okPHIz|^VN+8W{`KfZjP(!c#rhP<9
z7sHh9hGn~AaB^B~@Da3Li3GF&$)TQ#Gup(>DfLJRMZpd|uEI0Y?m1i&I$W8x;!yLk
zK$Jmwe?JA$;n(8+z#0S=OAxXdd}W<}=D^FA$1G|WDWpXtZ6tdUy#gS*&-=zfDZzC@
zZ?W|)fp!vieY~51`TRTKh)e9a2_BdWjIqcV1DLAjvdzCBCNoWuvGNejt}<;A0R9NG
zzpqAEph=JcD%mK&0zG4w@t?dmqwxGUd@E*|8@13G1)#vCsKS`rm=0_fqjZVmUnGVe
zeC#<;oB27*2QMzy3@-Jxf+__8m?Is|5Bsw}thSnYCF+GkVd~Ex*cdd{dyB4xd~R#E
z>iJI$=FW9<kwNq=p^#`cMeE>Z11G>*MF65Z3E{gAklccA)-7EuAhUH{uS%U{sw3x(
zOY*z5ASfQ-XXWC0feyHE*Ln;d@)mf6l@ip2tl94%VuhzZ7#aB<`2K!&5doVLhH&8H
z3!D8ML4$@{7BDQrDO;D5^|U086KF}<3eXY@-Sc%zKbO%38FBjOA*@p5o+V1!KhP5R
z6`SU~Vij&eA<|t{f(UX=f*W#-8CP_Il4p)v=ii~r*|vx)t^wdWTp`kl4z_KF7=^r$
zuOUluii_>=3YH`-@l^8}9}zM~QYV&5d_;fIgcn$=f@5r-U|)J76JwFI_b|)99fa<I
z65YcW-9>v5Dg&pSMM8YJIQ#(xOoAywmn6}N^>3*KbY#D-4LS#0xD4DRa-vB2QN?mT
z{~`QEYp`Tl`4-_wWB>2eqKv(<;XiFpG$7so6B}Z0HhmOKN)it;*b_9)WYa(r7KDH%
z2}A}0OYz3!Aqhst3^)lcpj`pgZf@C7vlbK-AvLN#5Q0!bNDV==tyZgUb}6skeqC9y
zTlm`XNS8@q44S1M_i^KV-E#VD+;VcdC@hTuPNN)guLIG4&Vy+!ZD<!}(@&hv#`DJI
z=9L(wL%(_Gi|*WBqwVz~dFG|NN;Y}zsGkjdcj(RX7NEOLl?}DQOPc<Pj^}uYjmHyZ
z?->^@PBJNO>NFQU%HxhBU$ifYlh7^44mT;7ih~2#r$mpD>e+oTV2bf@z>%Naf#iIR
zvdKxFcCzE47yaFmRH!|ZmGs_wIN(+cSGsTqq?a`PdQ|RZ^60bPMUsi{e#fMDzZdF0
z9IVbuF>Kx7q07dfFpW)D1=t^@>!RG#QS3Dn6>avTK$oD04=pIcV_H4$cO4XCi3H(s
zS(c`@vYJ$1RT)c{1&XP5)Fdc$Z0u2e1$|a%w09Xa8?;Y>YHPWO|DpM$Tf<81ufUv&
ztN5!e+G|+KUxyAnz*Bfm11+ZMqC_%bqD~(kOVM8u+h}uhT3`-6^Vs!tK!C!44yo=~
zUZ3269-cj6{cb{Ftjx~dmVwBcl-r|at6nZ*pq|x|T^s1g+t-w1;c9Wy`B&sV^Ye*8
z9^plz75hcJ80Y?DsJ8YXp}unEc_r)A+J5u3t?ho;(j1*Af`d40BU_1#+NXeOvHQ)4
zgJ>C`dZ+5Bcw{E;0Clva)-fl-*0*pPW)6bxBS=9kDlcDLGH0bkyg;nD*~6;gFo7{E
zH^?DO+ZIvyg5rGR*$nUEA#_vN>_{qu0l|u;1u}}{2dh|9^udT|CNei5lio_C1q^nv
zm2=}nTNvz#W^v6d1&&7=D4FQDtOSCsDT4*eWxtj(do%|X3U%=`J;M!*xx!5t>8ilN
z##*bm15&IN+teo<g#nCYV$b9gZq1v;-NLiv7CYr!O^HOCYWvt)Kj(s1Mp6<?&T~@$
z6y8m#baLh<2RHHf=d>bo*@s3pdYe=#$IHP{kv=Aq8t&1heZGCGXcU?My15cxIaT>I
zZ$FU&Ba1jkA^yVSp%;aoggvPfwu>3I-I~lL>pZU4v^wgd@p^g;euW2)SXp;6=WSNd
zFq9l7;<n>B=x^Xx*yK(Kg`eSqnq~DoX!<EYH^HBI$rm8aGS(&pLr%t?62~2HYc0!n
zuhW#5X;FiS>B?4v*NDCKGz8HJ%lw(Blek!P-zOw#lSZgyEVTn6Sk*Gu{Zg!NuN17E
z{!Sp`KiV>bvv)Z^SUzxi=jQxI@Cra^S#<&t0=3f%*O<f^rxj^@8q<0-aik;Yx@z}R
z-;zUquvx#c`WEiDzGd6^*6zc%sTdsifheL`me2~B@rX-csHLW=s@YWNb(c3(d3xxs
zKR}^>mhH>GH7+@K+k6sb_ClFxHKD3nudLWp>FcU@x0LJz_gcPj^EvF}V||9hvwlE-
zq20k12oALsY=>nGf1;(A%EEs2dtrS>eldP!5tcJb=MK9x74a@%wC04wI%pLJLZnK}
zJFxB~17}|Os13qxQDkC+l)w{tB;vuaoqf{sj%Y=*X4FB4vXts0%QcK7_2e%ZW!Uzh
z+8mUtP}V}WO1MDAk}U+4ggZ0JAP+(YVi0D=yU&s`u`o)Rbcm?o^N0VYq9tlz1;Fu2
zMvW9_j3KrI73c0%prx^B2t_ML<4U*~HqrJAFo#eC@#8RhyOc~#+?@1B0<Qq!CD5>D
zJiQQ@j!nsD;9rs0%W7O}OLIbY;YGc04^#}5)V3awjtA#~n3CB*jZKhH+5b5<&#eW|
zX;<1grc=eMI-xb1)u%+2jc#EVSw{1}`befuyhupS_1?i`5t=4LF0f}HzUxr8q`Rm*
zKOg>4!&IQC+5@A+{LJgnA7@o^^t{uQzpPy}g^gl!@_w>|6g<Az@MWMXvy%t10M(u9
zq?SM}Ek%l0Noq84Ne;)sLU@M?D?fb{<4DH4ZI2Zn5y!t(HdS?B$CP-%)|AOZ|I0xK
zsheC{@6?nKD~@yjz;9g%Z>f;w<ig}LT>+Q0PMKTk9hyHcW8$V<?T?x$P$L)xUyxMA
z+m$PX4oef#WmQm}^c|n%_3|s_sbvhgoBuujZD2&e6S3F%Ve$CEXM^|D^?WJcg|>ky
zsqS87t!S(oW1=butR|4iGI69PJ*^0C_4sFdW31h!r(Olq2Gt=wZoA6P<J!227pYZG
zaaT*KCTg2EbJBB{-r<DVvAp~rtLYn4B(LI^x_Hb4Ir~LyOExbShh%Sy^!)}2kzS>c
z=@1eR-tjCSpozMmSSNBv#hBtec!#6_QyhAEj9NckHMgrx)AG_2jkEj96n6gJL5WGn
zI9por;*W+t;fhxVkS`@XW$hIzq2IfHtR~Kg?5lZj4G1bj8ljP>+oS+7X$kUGG52nx
zzl3XW{Ws0{0fqd%T<&dN9Ivkr*oODWWuu;v`j~FT6#Y;gdsl;Fg=lO_WwH^Hu2FMF
zL|&>(Iv349Qypa+xJB<tRKIf}_#odU-8=RwuKJ8PJ;83WDN?$T9o&dm2N%PevUy27
zR)F|h=q$1%Bd3d`)drbD(C-e<3Qlko*W!t@;73ifBb_~{#A%bL`{vEGY@neKhhUnF
z*o1;=qE|WtlrodraDBb01Zzt;)}q^@w4kkEL0^tP77xMFY&93=S0fnf_y%D&krCW9
zWRy)2Ef~`TrP@!Ppej5VX8Oy`_;c$vB?YOfx1;N~jc7f%IA80^9@HX{ye4!)-9!}0
znJ!Mblx~PQh}kp)-{X&)O*y$3D>gEZ>-2ZRr;xl9*?Ed)Hi8kw<8^ZZa_D0CVl#`J
zEXzj$b|yHYo<52prF#sHm0WdOSa>5CF=$6??Jn{_hB4bjIM%SnL5w@6T3ygyE>(hL
zo4h#N!bL9w!Cr)4%<P!(b1LtaBfw8%p%@ae3Y+5L+k#jp0IX|BqjwU0flvo(IAipV
zI&5(X51IXDijeT&)T?Txnsgzkz!8~!OZWt3Qscql#*FpG$0Hx-R4by36nWA~K6b$H
z%q@yN`9lR1bc}%w)EfS3w2b}8+W>J|pH&4iGPgmkZ&aq3ArIL-d5KXC(y=O&PqdkL
zV5Pm|U)qYd7^G$Clf>WKLbFN!T){h-N<#AWA2Wh~7<^cRjdcCPOy91pU~uy0p~Vax
z(Mysz9C5bCW&v4!M{+W>_0sP$mtrsN-1#2Meuf1-;N7}owe<CF##aO)1w-f47(2n|
zq%}C|>><Z(5gmK90N1`l)7reD^h2KT`JJc%4p}XD*mc-RfGczS5eKQTdF`?(1rWZ%
zHay|3AMx)ktiZ)I5%OHJH=1ukIjS8ETDb-xPZ^438S?oWK|_5!d^%Z=aZ8wv$S{Tt
zs>d4L$UYb2Pxi?0HdUE{Y$K|d2+KA4E~tYH3<ZDzJi$a9dc|r?HI))P!`rF?5q7s7
zc1@8Yi|3MRk<%PR<(*}VoTm)uUprzSu?(ZmV?yw8!3;ad#H@hIiZ}yQKDh9p3GE7P
z1x*K}b;ddpQ7w4T!BN`9>#+d6C>0=M=h85)q6ilW^i%@rCF7<wzxx9w8MI6V0=iK7
zvovxnMJkws<$@<%{KSz3cF@S=rz(|t0ZDq?Q2O<@U!_AInV3OBDC*4QM`*l(PuUXG
zMlGfv6SbYtJrzN7*%X4P>dJlAduXdd$g74)Z8<<UeHZ}XXb<JB-eP)v<kt)9YK5$z
zOB%xm2i{vbY~Z+AE9t7gI)FRwP$L(k5y+{lfvSrF;xyVi<ioXeVuAajRArl5k))XO
zD~`Xe0ZGc`EJNE#j_ib6fi?j6K^OXm;cg0)cZl7;X{0aIlBaiFkX>}9OY4wdDBdyW
zt0iilMY)ArB2xU){uu=(J@XOcl0_*@w`i&@qAl$&G+zDpK5f(5ai+P;;g1kySBP`h
zn0QpIsjJ&`G)Atfmrl#qr-uVwYePJ&j48;E#>kJ$A{|CX`b++p9-RtnxxO;+y%^1E
z?nrjc#-X~-S#acj%0i}uF^E}*b&;ivGFbvK?r6rtP9WzVBO8=&!_W*vk!{~>$IT(?
zwm@gM@YO@Vb_Z_WGA&Gx)(5&WJ$M;6O@?*Lrc6w0wv2b^`^iTiXog?tXjK<NlE;ck
zD_*hqBSJuFr=;%8hYWIeC({wYoK<m!a#_Cs;7ZAQ_P2HQKIL`DkuijSAyLNnE`~tK
z>(Y90UiGHy=Q3oIPv@Lwg+tOJbr@p_S@D^NfoKp&HOB6dW@-^46^Q8s0?WcGv&3iH
zM9Z_r>s59}KE=Ehmp$xKl=PJ*%<H;QTgxy1PF_6Ke*6Q#$mN}>Oa2Bhw88)N_46CR
zP_eW%)v~wyZ?R3W%C_U87zS_VSV}d75lqkmngx_CZm5=mg(WtF>;g$J7l}b)r1PJ~
z6n3$4n)Zc>L-l>gwsTqY43@=6xNb}HKR7;cA@-)CWB{r3eWA|x>m1(Q-@a;JJnw(u
zf2h|R?vYS|Mbtg8=qL`VvU;2BVbz@8)%zR2iHyPmdw6FInp=J9jAj9Cvp7I6<Je)p
z0X=ekZ|+Pco?Fo%!u2iFUR#dst1T-Tn*%9M&KMiMsc`GKA@_Lja03@i4qa^h4eYqH
z@u~w!W^5QuqTkL_WY#g{H=@}k5LjL3BYfVOo!C4MN!d155An!MTQ$E0HxG2}_>oeM
zY*#Hq)F|3l4+N!cHClGh-*TFl<JEM>LKYD-d&n;oTQ9+-s!Bu{j)Vv=f!9l=3$2p-
zXaw0*SlUy1kD9T%aHUHLoS5=WIau4UB}bcIvg6T>%k3j;oW1Fn?nwjjAk^>T=rCOP
zp=|1}%F1S<q^c<RknIm>kr%Dpfz4&J1}u@4ISP%(hnUnP#wV->htvr;g9jgEw}w|?
z7!(JoNS##*!o4&W>+KHs@ECMd!hA_l1ZPo62(K2%x1mhy8}KV*I>N#5n6^Btv97!t
zk?hetlv_pgwUQ1|TzpYn*sn@FOxqqJm~8kFR)iyRpjLf7mMPPbuk(#U78J`0rEBIb
zL$L~2oJ<}gbBS(3LO;mlEzA->Tq!{#d&nu_VbHA#=WF4Ain!kt{{TzuaMMe8HzWBX
zj#DIbQ`zn1o~X(&j1xcDbzBlA@C->__&W0zE!|-G>mj$WYmJj};i45??iy?E`Gdv0
zf2lC<-nQYyq6AF5=K~wV$GCTB&WQz&9BHmsdXUFaqtBx(6d@4s^LD81Jjue};i5``
zu5lVS>Q;c-ntKfAL_5SERc0X&`vDb+PYRQc%=^*Vng)%nGxX{w5iy?zvEn7;_|lKG
zxUyvw(TanPqy<&v4jYe@A>5M+Vqtp6v1Hly2EYo+s+W8249aRRN`=s~X7vYkQ?DV~
zGw+d=yn^aW?il}wX|rd<2VK;`5Z%<M@Z9>5g@G(gm2rgC2ffU^vktAf<=B<c1EgG8
zwGrXY+F-cQ%c+V_G7_Y>@JcJnvzv*JJk&1%P@L8IA=ot)41ZD^LsYoowrDh85o|i5
zH+qpRdFhQoa0<mPW|Q)Sl=Dp4NpITo)T!?bsUpRN;IrTkvxN@5n0S1?f1DwzIXF+|
zzRi(ezA32!|LzR&KbCy9>ZTL2D$b`|=XA*?=*FDNWVIu;C6un9U=eD5@vzZGK{V|#
zkzImqhf5<i8@9+7n7B9&{qyi>&s`of5=OS7dp{=r-$0z+#_baSlCd|3nViQ?-`>sj
z-p}99Za+r%t=EDPVI{kkXRfQZc47{*Lg2F087l;bHE__6+;oP6j`WxA;K+{86GGhL
z=NW=6QJJaetj`9#u#nvKhpU=0k~hHtQ<iC?sHo6Dwym<IR*)o2lP9)|4l=D4Q%5P)
z-V8Jd@K*^g%TD9BdWY)3n~V*J$w>8xo6UiZK-J~`oIg#cs1@ABM_jAVtticZYcih(
zopg7dPo?+J-XbbOrd&nzNsK&3hG?=qN~a*EiH^>wMoAfTfG*NY1jN5ek<PNBNegbj
z+BECDcta}1Lx6BasKr$eUQ5EVfLEb*t@k|zR%yZr$|tb+lG`T(Z#q#^)i7NIu-~Aq
zfY`*2Bv_Z&%%)|PPcEcfXvdhUQ7~pgiQZtKPWE1F_}A-DVy8|Qu%5L0yO3kp4VW1m
zVLUN+fv#w*KhdVvH+#05`lmSR<=yh*ATAf&CJQ~i=iDZv1<rzi;94~5EzfErx6nwx
zGIQc3s5w9FqvHPkcGl$OdNIQH*Ug%^;0Uk=%Etc7jQ!T4y#&Bz2gy4W-ZBBVfm0k6
z=O_<oaT>d%=u@gMD-6S?N^xE@nB&eY(lhuv>7!GffT^G>JT%^l%ft0&{_5>@PTHG*
zPzC}QE)|YnB;-1V$|9_Qt%i?)k{8Ep1&Ogqe^;!%qs$k>(<mwFXA#MiGR={_QKK!4
z(>8)!-RxBihBe);$bb{4OW)wR0k-)Y^B_hIdF5kQIgcZ5S27{2e`KeO@YsW^!N==%
zgyCF9@!tOHas+2Pu5cqCJs#PDJg%7l)Ri9`BDa&NIKUjKE@y%B_kqV{$bzg07R5U0
z?z>2jalW48yestSc9$w7&#&)Lq!FCP0g+i2FAOZRx_*N)#x0t7`RObFY47#mE5lu;
zw0P0XHB?A(gOA{xVl$uRHH-=0Pgd7^@MR#;8DIB<x5rAMF*pBr-<^=($9;voe}4p2
z9-k^a{dm2$IQESJn<0)-#0m1o5HiFW*jK3OwL5d!A^ARzyv}zRiXNh4h+~ss(F_qm
z3&mKP^oQj&760;oP~H}xA(3OHXkAVQk1I)1(Tm=qS7?8hzmg!|z$0?SpP-_XS}-o7
z<{*@h&09f`Z(7Z(<{@28jaj=4x<<?oY;Ey!5wIKqnPQB8JR3qSaq(ZPJz%L}%wA<2
zA7u{AJUYP=pclylZ%0vzam1}0>=n(JS~T=rvR)gReZg{Fnrn}!nX;Flfmx|@y8GGj
zbr!V^4eOepX$`9c?*zm*psPXV65iY@=_d5bn<Qz39Wns2D2hx_yE6Hv)eRy4JfMY2
zD%C4Vcu;k4Ki0RKlw?3Qw6rHjf?r_%XAPMohF9nzYN2xJZefXP;e2Qkex4dqzOGf>
zBPs^<tQ*Qn*3LanHI1ud9;_4t=#JA~A7MK6YNi(BLYM9LYE>Wm&^>MAZ(O-OFEyj!
z<hO4Xy>ZwJO=el<B}g$!4PQumD0zX&ZVt%6B4t-UhE|zNM&N=FJ+XUYlbX_O5J$-W
zvXlQma^-dc*!;tl8$=cV7UTO;)B*jkRL%eS(6<1<P}$za(b)8VWjYnBy?=LIlux_H
z@etd(G^D05qBp6<4b`OzluANaED3xT%le2F+XmUzqRhHZ+UM_Mk2n7aW;VbX!~6}^
zEDg;B<@@&tztrCwvT90MQ?Xxb?;PKlbkF0~`)Drz2gshUcMW08pkb8N7-8*yL?$75
zB)FEtWIWYILc`2dIm-_4F%|A~QKzimPUo<hhGl6B4#aTQ3JP(;j4;YGi;fiIhGM~}
zBUK@A7=}2BMGald<lx$(q)`<in*bdt7m`eBc^=NGN(}{o5JA#RaRRZWzlH0H2E$W>
zVd_)XsfKI0yn$1NQD=^!*P)ol4hqCcD133KyLGOqwqCCQ!44-~UJ;dOPKzn+CQe3f
zCR277qbghRoK!zWEOrd(t4qPbv__49e#=3UbD<TAnann`l&ST^a&be!J_@NIy~@c6
zRm%+?{UvaS`4QElTtCiZRfC8cQ}?ehpmcZO&;4@E#=Ym?Nut}V*})Cx=Z$u%_>59y
zwhvRHwY5&i-qGF@a421({<hD?n`wp2Ps!RWJ5A_H35CN)4x3sngukTd(WWZQRc*qT
z80A=qqHDmV6qf_~W-foA%|*ZlwAcpeYpcq$lOJ3Hcjg}(W_l_yhY%Ae!L*v97e^Bj
zBUmFWTIiKoag5-gK7X~k;{l?qmYpfems3>&Dds+H8iQam?Fd!VTY2eVPlx|7ahRsi
zWQMGY;MJLAG}lh2<5AKEc+C?#q}uz+Z_n~RG4t1M37hbKxoZp?fzTh2`qQowA-0*y
zE-_buO;W4^52sBob~m+FFl!RIW7b00*rv!=9yRMBuHD;PqV@-_&2DMu(t~ebP@yZH
zz?qYSC;T?CbGKnh&Y6OVCT~plAO9GV&>F5p><U>emY0LNdgq^y+=K1H?5E5!Yj767
zL)(ej!|lTE_u?R~tE8OiQnd2xINs~~Tso3)WZ~pU$HK#&P+m}^Jo*d4*EbHqmqf9d
zNkXX0!H|I|A6t`=Izi^t4#78oX}LeTFd$F#rXuxQM#|%f-z|r=U7=FXfBSMe@mz#5
zhVqcdmeDZD5-m}H%Qu^7w@j<n5+mQS*wLnk%HcKS*=HK|?{1W<%xdfWvbee$4f)HO
z;G#?T%^y!SX_l2JfDRGcbpre07xS9D5NJy}Nq6ZGbM_T$#jbTosWk|bjpJ$QmS?kV
zq&bspGNsNG<Ie+Z0ZU(LC)ryAKm`L^hAIDvSzkSx47n<sPHM84^`M?<@dCc3(X8he
z+wx-7E1SXtv)pme2l<~*OVSudGf`N-t!RXq@CfB0x*miBZ`CFPZmxJgfz;m3ejm3%
zzK|cQHUJzKCFhv{Cx&_$K)-o=tnnE6&ZsyPLOG)WJl-CTnZ8GuP8ZDv1&zc8BV*bd
zu9kY!F%nQ{8%)GwxPG2@@D4SE91Ssxv%N}plmoQyNJ+O;Xu=z&lus>ej__(6iH=av
zWp-D&Pw<M!wZ$Z=O-|U31ElTbnq%`jPrr>ge}YA|FmGQgl!RqJa!~fsq=jD+%Lb#w
zjN#RYVE``aD2BY#S}YHoQPv@%%$_CAvBf^;?vk(6nr!a#fni2TA#AKe@tqt-tP#B>
z3!2Xw_*><ud*Cm#onKiS+7$RlW=^4GoA%qX=;uWY^1ht`*ym9eYJU+Y4D$HrDnUF0
z{dW{-k~D<gHF<Kwf>Y|6)uTs@E|6NjLmzoteWP=3(h|ZzkJn|T+c?poDe0fU<f(~D
z%66r}U1UUB-{Crrt(-?Ere#Zk4{!qfKNkrBH?{WGOeqePNps7%YmGsh9m%}C`!U}(
zB5NLSxL(3NRl2xKP47rIXArc9GnKmAf;qd(%eV*5ZmCgysc&Gr_uCqge!{Uo7n=Yf
zDcVmPGzCv`Fium_nZGsi*(;uo0X&j7f^AQ|p+LW~+4P8>O>gvufqv`vOMW8A?IU-|
z(%ve~hAutf%^bj_tmXbP@%lv7f1Br;V0R=hF2(?$vKNk(;TwR=8c`QMlc+y&<`}(9
zHvJ7}oOr8mpL)Y5dSRm>p2YrH&@I6Uj?sxhXAo9tAWQ?=D1kOIw)@{=P+vQrb&Bs<
zpXNJ5Q0V{vtpDGSj=H0vgM+E#|C1$Htfr}qEspRhHl{_0W{ix`;<S$=;&(VLixiXQ
zK(a<n2N{M-K4Za(C>^fb)!Fb{+(WhkDO0K<ft~+Nym+Cz6N#GecNxzd^Wx&)=he|F
z_dmC}zkuHms6r#tE=NJ9PV4+?HMYhK5%n824kAs_sA<%kzW?(EjYS9MNNvtEijzEJ
z-NBF$Sy*i#VbxjRysqMor@t;9WgsEbz`q5sT+WxGl=jx;Y}Ev~%hal}ZIuZ&?~>6q
z&0@#S^Dk9FnVedT!J&bCg2#3JpAxi50|^&hmpl*a3c4DqmV_Nv6P|U?*S%ws&kc58
zK+$AYD={A=wB9EmOsehFy$9iol#}(6QA3XL@H%4lcWbdHnc_%W_cg6%6UD_Rh!X~T
zpi;OOF=?}=Ln%+xVrX4Z)@lx|*H#o36v$`=w`@wd1VXdbTD&)GNO?4r`x7oXCX68b
z>jz9wLdUc95GtEQ$q(iaJzJoA>7u;cL$@7-e1(U`oUL1wTi}y7AqMoSAkX4`XB&Z!
zNy9d3>Lu3%odq?7eaQtn>PCteyhS-x%0&b2KiImYgKHeFR?!2ZULaB<H(IS8A&zFB
z9=W{E+kz&!^!md>aB(}=7VmNGtlJ6?y|$L`fqj=4BM@;t(2Q-|<;8#U*T<oBtF|tr
ztXpwD+xrxH*ETh_x7X|HX|5>D8|F{kkAR+h&JsZBaM<pO9s7BbG7MB4!h!qWD^FUO
zY#S`wax8<)2aRV8k^pHx$igRj>Moo3%r_+6lFJ|^O}ytM@bs$<J|-cv%o0!cOK2!&
ziWLgNF98sgSadayN$6YC$!pvbxacf`d|eOCS$0i#Zl46Wkp1hxah@5dK+x;5omFg^
zCR#i2eBdJ%;#tjfz4KRJ4sPumHdl*7tM9AIACmBAg6wVB-JV3sUPP@(0O)CFxK!l>
zs()VeL4082#UgUy{yG=EMF&~)>5UG!_+6a^$9D;l2dW8PwwI40^ah*NCQJoQSi46T
z;bHE%bO~1WWnz$1yY2|#U;E9MpYz9M$mQnUB1+_V1x@Wxu6Zy4^AU$(8r_LPWW?ea
zE9@{@3#R|jZ1@Fje~8P~E8S020)5oahY44bU2rONjgvo19>+|3B%=X7<5<A0)`ENq
zW=Q+eH!-Sl>oR(AJETQcm5irh%&7J=5g?e|mWMo$^#^yId~C7cKIQX|d>r$y{vVZc
z3<h#v8xbzSa{~O&lqmDDE*Cdo!&?PVDM<C?2WylI@`hYBt{G~)CIDJ9K%|DlDA-qk
zub2BB$SJ<@S#HdF8#Yj^ct~{-*u8HW$}LB?igwr~i=AQ^<^%F9v?1w8EhZ7<>(9Sl
zPe=~nv;OZ8_@fSy0PGw{H-5!+lb?M3rMAi4Qi=SJOnsxge*C4Si#rYU!n5oDjOm6}
zQ7WVR?n9s7NTbNV?n9>kw=n&m!A!-fyUN(#6EGbJ8x3^70)n=*bS0|L=5uRvlK@FS
z7_!8;P^Q&z=CrNG)>TO-HdyY{Fy>eA1N_@TB(ql8l!i|^^QR~uXHF+1N$?tAB((cA
z$E)X?{y58P{@s$k9;p3V4JtSyUsbyz;Qv^(k%hve>ZEcrL)nP{l!s|fR4CF?Gsk_O
z_6jM`REpx%>dFp`x0Dct$s$NWbIUMNCaVInA{0$fXvFJ@vX4}w4E6eLK`UVb#mG|W
zFvfL!2PsY#VeYTcc27E{vm^8%cqYrI7+`4HV(=ZvHBMc18J;97O9b_)EOBax`_);M
zUTxS7gkklc`x>56;6Xetx(zwi7$)a<Ih*CcpzYHA>Z^{!jy;=6cmh*x2rb*lT36f6
zCEMFEA=zki4f!rTQL|Uu+9{v>)NLw{E)(?9y-eHlGwqr$xH`V-5ZPyW^;q4D6>67t
z=n1e8#{&qpTo>iiSqO7s<|_g697XLoO1twu`?i}zbFCj(KK{6WXtrib+=3)e9dVh+
zepz{rqOejT^G`cx+wS9%Nz=Bu%%Vi5@C;~x^QoIsz^2}Xgit%W!`522g*m~5f6WL9
z{{$Nxl8hwn75hURA`&3O{xH65VrOhRO<|&BNm-l<3u=wE0uWDVuiVF#ED7^+9`{#8
zO**iW?JvdR8}#WYxN{^$E-e1g83gNzd(qiJr!4c#0bX!Tcbx0VhC05FncB3-jc*#X
zvUZrI`E~+HSJCiFa1A$n`BDWN98M$|leq%%<hDBUKTb-Fkt}uX=2oj~H*m_e^EGV{
zUT?ZG-|(bvN=x@-%n|%G@6WRzT6}z28A?sn8Uf)r@H!4XSUjG1&9huSD9-h>T+p~n
zr=%&=1Ihm`hEQEfdjLl0Xb#}DfdqfK^}>ug`aA^mI@~*y4}|UgDc_$r$B1<-l-({O
z%G^#;sB>ws>pv^0U=rY)X?||M8Mufs%E^#LUJeaRBHuI)NT6>TCk`9aD{>KGGvi=h
zuVRr)U=e06Y^SdW7t>#j&0j}}4m>LX#K4>&iXuTKG=X6(w&5Jq;Ba<GCM-RZug#vN
z2p_doqSVU^4;y7xewI*&RL()t>iP(u(Piw)!W5e0clYL#bN>Yofy+ZVocDRU7WBz@
zgWR6YLpc7lZ1)AKh8FJT#~H>cT?HFc3_|tPcu3+8WU3bnx?RXrh2e~1J7D2_O5DyY
zGIsAwFJ)X<v@aUJq(7kNyjAKNV;(v}!FP}97jGk={D@hj>yg7DP)j;6hPmD+l^S_n
zgUY{mJ-efW34m+OD-}A^fxxv4jkz(3$Sb5hn<RW%`Z*GDuU^#8CwIF)wWu~yt32b6
z)LlrnESv5~eWn6`23oy`#s+{#yD^R&q2C`IX)Qb8ZgU5zy>@lYOt(A^RBSPcdi^I|
zY$<L4PzU<sN8UGOjO$<aBS%YDQ^)US^#9I7+HU{Z!%Ji{EtzzXpePh5j*T*f0-Few
z1iXZm7olafDHJYQFc*_7$);pBBG4676jZ#Qm(lgS`<h8;Olf@<n?DrkdYPFeO9@fv
z;nN#mb9{Qbd%I`(68XRW9IOAJKlFvTPO}-1PD6^dyl<m8RDxh`qdAO-s$>!ia#7>i
zfit250Zk;Nx`mL0HR20%Mo32}NK48Of8IuDA)+SXBho;);oR?`D6$q>2yP-N>JnfR
zqS)(jPh+ZLut71Unbe4{#~Shy+=@fM%#x6Smz{zoc~>fLpYMq$gq%Mr=%^ZTVa<&$
zwP8-3eUVyYF*u^tp59!n&|4xI8w~sl?4*n=2`Q^gNz~?b3^>ri$;3#iBQ-urVRaHv
zr?pnmJ;>QJGUL0pv8-DV^GBoXrxlfE)(!n*x|}rUPL?{mep=SzCL;|2gMrzznJ{(S
zJb$pzWhPhg*g^KdvQWWSoxz#!HR9JD*GQ5jgJs56gSPY(fY!QPm6O?eK=c)5Wfnx3
z!<Lc~<-OHWGYXz9Lay51IKE(`o?6%a_gpG0O6UobPC353NQX@pjyhE;?W7#4Ud(DS
zK%2t2$Y!|-b827w6KU7}6%<QL)*6)C{3u;kH$-RVFEw37bxBk~`U+i!ReoN&2&5`O
zHNlSgeuHUD&k0Mb+tP(s8i6NWb;LH(3m07_07-j=l{?2#JqK1>yIHiXs+MKHsuxTM
z+q?~RaB6N|_Q6|@#n!19SQkjYA2LgYLuwRt2vOMqhS9Yp&#ak%PvMS`@4%3$`BHSc
zfl@QWl#v&7d!SvMBlkBysq!6K0+iiBRgf(!7O~;iA0`^D;I}$egHOKP?B(Sv`je+9
z4)spt-=?awrdr#Oma>s_O(&Ygi`7te`^KQTVc!(}mH<Y=>_JV?L!k@g1yDjCs-oFD
z4+J-qtzmSio}q3>D_uP+U72Wp?OUQnI(9t-eabhiT?vcLzE-A6a5e`m?Ct0-sN|a0
zkJNISz*=hdY>$Hj?`$eGsF3fxrB*X#Z`^gQZA3US`1lHK)kZ$H-m>EBotVii)XI@6
zmI&hn^4!8^yRcFjy+cmC2HPa!Q7fBgO)_*DV^JN;nP_6W#O8I#NXa`hxq+Ue#jep+
z9E@gDVQ@&O`FEQV2K}b-8lS_dt^*PgJ;a%(KimRBm2UAi4$@caXT0wsOCbC|4=ctU
zH;qi-z6yn2jre=Lu0LSd4biy}0)ynNTr3KGhf48_e3we`3wDkd;U7mUN8@8XsBekQ
zuV0?<%we72YpMD4^Iaoc!>uV^FqCNSAYAyldP;+$snc}*xb=&R+HyFe^=i5r9ae-n
z#pU-mF)qD>{#XSuTjZ4rtnGVxKnO)}<B$Lhmj<9zjJxHkddv-QAM5lg4Sa45pT)7c
zq%A(+3_}lqoy7x9g#(Q(A}36R3ys4>GIauRpld2804qNw>Wl~1rXtw`NW2&Wd@xK`
zN7iBiW{&=<xde|WjoA;!oBHFexjI|k?^aIms!qKkH_WqpJJ*KKt0PeA#=4{{SIl*u
zJXJqo9<uxX1e)jNTwWnlFvr$Yu8$u!v<K0`I~W{65;4mo6#Hm5wFg~`ORe=62W5-n
z9R}|PT}F~#Azj`ey@WLv2X)uy*2VTZkmI|MHm!X1#W8&`+a1ozvW}Sevs7c*MtUcT
zGNVbnU?nc6?;&BwjiO?}C99FGPl>_ocL`gq5R*27+V9C8ke7kB!9DW!rt6iPbt^S9
zB>&l62hhQb`jTGByNYf4j`(x&RH-mXK^TAvRz1*c8H~O9B-`8vussGv-O1d^$G?%S
zK%hDZgL>z~t-!b>=GzH+n`8psIrB%XL!jF8g?bc1twK5m72F8<rl;FpvlP&&@{#n)
z#;`v2soY=Jw$15#p8Lh9aH$5RaIovipV|L=Ki*w{6@LE?3r+rh3k3e%JMcfwq}eLk
z^2mbUuK@~LOQZ^21QEnUF^Y*OLVV_yRe<GB$~?Y!OE((nmQEKpsk_=YaPRx!p&wQS
zJcb9cOgXw#1S&#PX0z#>PISB9LY$9}=VNR?K@t@afVyC51eY`AS&dk11cs+-5MnK%
zVXpii)vZB4DA<mGcRu_mf*^3H5EK|@6+5R&3XF?HZSTxWv{t7-N@mg~#~i}TL6(`0
z5&1+boihkIPB2Q<(itrpG$+ghy2qH*46Y4ZTBkMVx6%W3TP(aG;YEih&U$<6viZ_E
zjZ;yjUJ09EZm{}!=Gopm^)9#3#q>_8r|KSbx-=*_tDy?E9FUs?ia(6}8Bp7(ZN}&D
z33lecU8}W)F0}RheJw#_7G@K}apP&F7VF2;aLPe<U;ik!SQ(L1Lw)9#?h#%u%FRzl
zl$OAE-NQuu<c|pfV__Pi$5$SNz+-gIYIQ$BJ^R1_5@t@fqnWLmDq>4nQCoz5g#4AN
zp`*%BvCla2adwDRQ=m5pLWU}1=^kJS%baEwmXkzBtGie-*Jv@%5b6<9|JCaolJmGX
zE^;N|v%<KOvtmP?c~Xv(sh8QpXlx!#j{6!+$$m<6qxg$vcw(s@WvF(mya$G6#EX8#
ze2#u%4OLIUN?!kWW5L5|kPPH3F+I$7{n7e6&G3h`2xhW!5o5T?ncWGFHkj?kU;DO3
za?hihM<!1g)}Ut!3>T{^nmPvB2NuedIw!|OuoP@C7Yzkn!eB2jPs=T@)j`}R1CetV
zLUiBSc`6ZWEAIl?rp0jPgXDYOy4e1E)&f<3hL}r{W@1p5L$SRxGA)Toc0LhMpT0?V
zV4?Ri4grewSK#?th~A3YE%9Z%q+1%)ub>NI5$_bwSh)k%P>bhvx+Pr^rN7{FVYdY@
zxKx@IwO`CNK?v1<9HPuYn){J4`w>W4qO>tYv7;5yM<9+lc*BrMvWp-ygc8n(WGApr
zfIqIqF{Iy!CE{JEkLSf&Y@JC7x5zxwNUopUKp1a7!2Y|isO2AT-oHVoakPJ3Sc)#D
zjvoJ?WltT_T}Ku5^VTGRJ-w^Qc7tUbX#=c5CPT(w2)er1GE<5{T5=%?h^=d?iv*dB
zd2p%-nxHI?0t(2qUR2b9vN9kcn#$A`lwARkin}%JBlz>n$()JVlDzormGpF``*o}F
z!@T{K_xA}fJP?PTtWzPRdMAL3FJ9g;I?g&+hukDJ?lO3b;7E*+9rAZk+_un58-SV5
zbZ^m4W^ftw4aP41c(%i#61#QZ35@Sn46?^yFOuno)uGd$Tc>R?y3?T*`_Um5T0dbt
z)zq;z%`w-%7UQh~8`Ve)^v2C_EqWLue!MIU-^myUzD+UWJ6X_d?~;z^ObqwN#qifp
zyn#WYvv?q$h*21xn-M0QxN$+?T?ga#Fi#+PC}Q;<%C23<{Y|^7Avc}38f^Lfb0BYd
zn%_Op{0_#nV#BTGK_3brf5-Y_VLyiY<Y7N#2+cE5RVnQ7>RL2+@=z}xU55(&6?Ub9
zx6<fw>QPk^g$$QAdUhhTarg7fW^=srs?GaehCK{Q_=o2a>wWxp{H{;$8_P*u1r_=+
znp~SgTSrk!$bXsEwHpDbu}%vD7SZ8?QKXQ#+?P6IpqCIKLd!;Q>kC%$a9azBDEnEy
z7ufD;|1>sYgiQ%W+wN>dYLvz&#^5ehe+7b`j24wuXT{Nux^J46HC)iuN`5~c_lD&&
zNVB<NF6vc7!OwJZ^z8f3AIa5LaN_S>YC{jtn>%gG=rB)1T}|9atp&cCcYg)~1NY-v
zeoql{cQh_uTw+9s3@9>AQKHQyq~YEoElF3vhw9om#pe_I`}D*JQg0Vmr|j+m%pOM|
zZ{ZQ+U;-f&3=59n-5?5@1m33zPJ%os%@jw{gHEvr<^`#D+6K+V6A(^=yuc_zwu;XQ
z6x_&SxmgLB=zg^^9<6rZAkLr{#o9(~z@%N5vI4y3;2@FUAh)Yn<U4V(p+>lE)~Uzq
zY8&~ncIXKAIwVJuU<xpn%~7aWzToVqV(g$d0Jj1({}*T97+hPoZ5!{{=8kQ1$F^<T
z#*S^<wrx8rws&kNJ9zo(zVlAqdw-obt5(&l`D4u=ee^zCAEUL_2fo}Hgc#&-K5w|F
zug=xdl(JR)N22%dKK9`J<IrHQjF+F+Zk^ANqRuiX9p??M)2v@fir%r3nY{+IBgEBE
z+wZ_gZ>=x6#~Y$>bCaxsr}Cq*T=uK^6ouhwiQq(kr;t}|AjT1;xrmFdOcJ78538d1
z5@rHS4HM&BozqT`9c$tm>xPF!vn=+lvy2K*Xvs2yn+m4;W@X+%W*cl5L|KFjmu2gR
z`kcseMq$Xly_BFMSzRB;<yV*&ACb>IJymk8DIs*(ZlQHm(&A%8l_+eV*A!5ChkkmE
z<g1wNs~Pq&+9_c|{|PN!$Ep{H5TcAM>MY)?dTN=*+rq(F=f>{D+1S`vhkIWivb)jp
zKX-FxO{^|&uFP+@=)U;Uee#m=1|l%#GO6Y{<5+xe7V^*2>-r0-YebdPAus#^7|IQL
z$MR#mQA6=d9N!6k7h+IPT0((f7XmofH#Apw7B=QL))&_|C-R2zu{Jr^+Nkfy6tc5o
zzm$gi?YW>33@1Z;+U);w7uqXwi|Y?Zw!w}98-8V%=?bn!8E0r0g<}IQP7*Sh{?Z~W
znNW}wEDv1RT3-dMwe@)U2$>0qZInE@M3+n?L!K}ct95Fzv$Eq*%_@gDVo~`eBxALq
znc=2G);Jo?DT7b2sN_>Aay<I=N}yK2BjCrba_?_98+?(>oKbRe7jnA@Nwad#BCVIn
z@^7#wfhicADr8*4h}m3|rLfe7^(<DWJnkQWtFW}g-Qw>jvk$Y5s)+~$)zra_o+4DT
zPx96=PS-gWc;Q~<vn5z}1A87_zy*~x*1y>dncV)|$Q(n1ylp^$2UuZb+D_RfpkMPM
zdv~omuS82&koeZ4pmd{iqZfihQ#b6Uf)`lFa?Qra%Jv{oHx5%~F7i+#*Mqlo6mrE|
ztMhPFa#ixE@npSB|9oaBW<3GXHc2TnF7i!?MULUc=G%TsNRp6|jk$>O5a3?KxXz`x
z8du}ZG$e8GGUX9Tk-dCSM#%F}x^5U>>sYqddG=;B?%`t6lXR+VtY&AGIC1ppw~s1U
zbRD8eQA@_N3tKqCr!wy4sF<3^mMoIT7Mz-K=jh->yw<~LGMrj$u})?NI9EyRKZKJg
zE8Q_8A{Y4rQ!*o#b_K#`_?nY?#`9b-{W8mFa87G2|H>%ec4%y<X6`ifhv7VwZ**=d
zsoEmS1&B+NT*$2HKF^4}A6W%}n(gvZ?2d(^_J-lzrR<+1xuxL0LM#}SZo5qkO2_Jq
zKTdmI#f_%pzp^YGw0rgfN$R>5ZDmy-mT??;iRQmtx5+i;h-n7l&ePG(i5Q@pnFe6-
z-dOPYNzNr7CU&FcWEmW~;||(;@^G3V5W8V|G?=<CGH46l1-AvGLNfBs7@(FsE-whr
z9cp7=l$1A?8PT~UIkg6;Dl2*6J?8RXP8yi4HWOK-?pxZ;*DNKS?WP@<7gsc)x9UdA
zPl9U>T!5)52D~G`fM@k2RfQB)dCOg5Mv!4;Ben+eUrr&W<|3!YeipR>K_u+AAnWf@
zJ#QjB3!r*D8LX!$NMqQyDRReP!CT9oQ;-eynK0OM`uSm+v=IrZc}S{p&X|>i)%=8L
z7t^VTFeA<Cq~NqenAwxp=5dP3wQT+|r}&pa($y%W^ocMjN}tWB6@$7>y#r@-!tfOH
z=wvt|#V4(`*xlFArawU;>2ihoj}eC{D$KK2nouO>arX_&<OrYgT(MDkjXu~Ynp(nQ
zOkTtwWQElq_p2?ITlcB~3$6*DATx*gz2-DoPdvQsV5~NL(l%fid*TXv6uFC|bS-yF
zgymgR^x<kAAMV*55hypr0B#4`D*%wk$vd_nx?oy@SzR6xcHX_h_=%Xy)rI5$#scXO
z-^`agbWda&dHW`3S;lZO=#)16w3otEJsD#)R{pGTV;uaQ-8jDVPG|@1@FO<%wQs}W
zW))|4%!YAn9j(kjiDuh{;ZUquyVn`Xdm%@@EiU<;!0BeFiPjO<pDtYdVF}tzP7MS4
z3QcDInr!|yTQF*5$Q7soWUJ3iDRF2q`-z9H&eKhF?O-c)eyFleNV*$HvsflI0;Ahs
zvU%|O@bHF&Ir<8G<GQz~UJDD>KW1+p8fkiuA?NNf2Vka#FetB8B)!w?dISEx3Or%{
z>Y>pI@Hng{++jP~MKrNBE9Mwi6L@hu>*7hXq>Mcf)S=YEtckQ|RAUml<I_%ngpxgy
zzS~yl{G~$Z!Ie~Nq8v=Df(EZGsY69-!}+z7YpJ)9P^?4g!0}rV9s-o2(IJaUo;y<s
zZpw#14lO?kU8d-a=M3UkU&PC_a>NQFfgNHiy94eoPqM1?SqGvmDy7f6NQQJ{C-YR2
zHBxD&Ee12gKbWe#LCLgI@F&<4TiH|PZlq3@<B+QCQeP}j`_4><1dAo)FKK$EGD)PZ
zByb~jCCTjzd3~F-$x}oN9qltnRc4$pW|!SfcGNiLzb5JTHXuwvl7K@U`*)9J>zNp}
z&<do{`U_3_DkJKpr-vL_VWKO*E+335GZ3_Bg?lxB1FM8YssxW1VDaMWQ|gZ39~I>|
zdWU68Gwmjz5@DQYM(Sx@=&9`zkHd}~r1fPI6piDyB{3C|t0LtdII5=7VwD27!8ut?
zW*yT~;*3K47`eT|)y^q=>UmV`NS;B@Q-RBx2>hlJqB~Y8lb3Xe;0Hc4>J}QRt55}3
zI73r^NYO1hThbkUjW$12e!~2BU_EhUs_pvSt;&CcYwrK7V^uV9a<O)nu(7xPudT~$
zRUK<36HH%Oul2?jGaPGFHGPU*Irb!~fj&493h;<6h;!U1sQW73DCUhE$C*=Kpy+UI
z^F`rqX2wsl0w|0&adA>aIu;ULFB8N4;8b0A3qugT9g7v$LU)6Cr=DxC-e;ff<B!*#
zh1}~;dze0Eciu2nT-7+(fxtoFszIb%Ps$)v2qDaYx`0AKM`;?-AP(A;LTFu826TRy
zm>+-;6hkxZF4+*o5n;&M-K2m8!z|^S3J@9TQdDD9W6~E|CtG=HN%iCmfN8V(IHO~I
zk^wg;a=_+BZyb&BqX$%eR66w^7$HsFR#InK<wYk=1FjTTnnDJdz~2U?QC)i{U@5Z5
z-mwY{Sr{b31!yjRwdvRjHj1+nm$Uti8_c8waM>F>f}WBT=0YW3DYvkfN*t4%i>9Jd
za29BUswxG?cN3F#GnX7m)yij#+$}|CA@?PN&n0u3Kln{{qPaH_-PW7NvJKD1W;6nU
zIu%P;@fIR9kE-yUnohGAO-8N7sEt{vsln=_(q}V+L*^1*4P$`tBaf^yhH3MIAyb$Q
zXX34NGmnEh8cdGU+u&rRAzZ|`^Ek0(gutC%q`fJ7mJ3Wwoi~;n(W3MX`3f=c25DBI
z)9_6+-Ke;A06F15g4R`4DwaHHT{6jJ%|~$l{?r!I*@nu8Hr}K`!-d*5N03@pIFI>&
z36v6Wii}2<&LpKSBw!H^-#E9}B+FB=?#D`LkoC<qv4AO%P_gE3jfg%`WvJe#fdyx#
z(iO^r>rP0C2)zx9z`dh_7B5>3nx0&wGLTf)d1kRZ<w`6X5LUS1C>;o>9zc2`ouW!p
zVvG$od9Z9(alpq&oB2WNE7M3**+y}4{jTRjZjcC+6}#5Knz@j@8l`i1aESe&-mDo~
z99wLOcYq%Fqv7E5vl7+09EQ|7>gnArwZ`kl)(Au8Z=s8ZR(Or%6U#YOd)};)kBzq;
z7h^iEBzegEIN(s-(9!*n-!KRV&LbxCwZPOO#sY5fIyae{XcH)#Ud1=~;4PS`bWNxj
zcj25irL2|Pvv>I;p+w$hvQ~r0a;@rSb0~*g$U(YwgH*UsCZo9Ylrh=npljwychoK-
z=rQh9W=~)*bcA>&g8Po9jTiw~?AK$<u0jn#A%kEfV)3(Qt<YIF@a&6=d#yl?oR8Mz
zjnqjhu_IPQ5TBmisv8RJ3S!*fcLTrGXSC&K-&p=tdNX3jRXx$Uzz5P^=htll-TeAJ
zsVX9I@c{?5H;m%s$5Hpvje9KB(2uQL;zeq`Ku@ejke+6}cK?=JktV&-icj=*dPI0g
zIZ&-Ze<oG0IRX;l(BC&wAN^s-@N-@acoq)j_Vv8TG=&RNxxjDl@rIo9iX+$vF-}*J
z6v^$AW3MwZa|hnN{m#HpC4YXdJA{SHFxiOJp#`q?U*E!Djwr+!i5npoattztqI9v2
zcyMP8X{GgTykGQ0F1&<c=Mn|l#SIfVZ{|JG>gu@Z@2XAs9X~#jSAU7(f87*xNF|Y<
zd>}`*NAeV$7_^T7G_q+OFGv%A_Vnqhq30oh%I#B9JUBydARg?1rl82(=R$0*x$;aV
zM6SVWx^J$@&U8hcvp)b5rKj}jGMNalyni2S+kGr1S#b85A><rq!VRAA(rLDepWwX|
zRT}PhhudRW@wP>WzI19znc-{!VTfN7jrW{}l&S(%ppuq2+o5?UtsB}kmd)WciMIks
zZ+vvG<xcLDd7Yt7p%JbDgMWoT>-q<eGD0!xYtINr6fRzcGZzKkYi<%DjP$16f9<Or
z2rsoYVs{=#q$MH6+na#r){Y-D5r4J-H#9<c^aX2<i*+{y%o-~3{m`iv`uZQ<(1&PF
zqh#OZ9Oau8D*m69^KS{xzlov$YrjNQ%V|Ls@l*CfJ%$L9W49$q%3lzVTzykgC_kS}
zwoe(X&S;^Cw%nRJCcua?!O>qguN8~y1043(@6;aWl6L8IN;{8}*fVD}wwQ96JQ3z~
z-c;TlU$bVj*w44WvA=+``sA444U|U&w9kkf(nT_c(a>}2=G3)K7)SOqqR!j;tD~Z5
zMo13_#wOds<xH$cgMuWmkVc|*nW1u}UWlT!m|Tq_qI;5%f@c!J(M8Znu^>tYDJIkW
zDGgKyY=GN~ygZjR?IS|?g)^5hT$&5iCeNA&suUh(pdM^Bjcp3eWiv%3_@$x68;b=Q
zQvo@8X^*&#nkB)!q@&s_S$h#z9Y$}sd!ZQGgXQct*g6fk0cXyUDKbJtw2119c>Z%9
zjh3E5i_wpNzyk(V!;idJ8ZDz}r_f-{wCR<-dsG!_4_!tNeSH{CrqgQpB^$FEDmFYF
zM&x<BwHaY*zMI?TB5qQA`N-wXEEScl*N6<(E@h+C15eIQ{f(5tP6Q^Df^%%$7Evd+
zDwoD7CSfuUQ~K1Zs#0$Jy%+908<(Uog+;yA3+~MaQ9iIjHvbqJ47d&EYN}~)$*Y9E
zIlr|jvL_j_*6*=nnC<=&!X%?*m>p8Oe=@ep#{D<`22hZsrGuc2qGcI4U|v&k1QbHQ
zAt@o60Y>+E(V@^mImq%0^x;*&(XFBGp>gBxKOTQ#&KM5gENZN%*0#9@;{VZl3Smo@
zj3IAaaZKNfFR#xkk+?yn(T~@Fh0gNJHm6WGjM`?qMdw&e!5c0ZH&vrboQX9qnKybZ
zN|BX;vl_Qn?Pt1T810<8r3TkClJ94y=^4%o@`AoP;Pxl(2^8KE2*8~?S3wqLt@oHC
z@vhzd@lIiX``D<yYkyv2US5AuKCL>c2T%bx!m=Kxqj91Csg4CN_HC8P38}6Sy8?qZ
zuU4+H!<H|}`Ow>G5jE3l=L7*cRksrGg7WXdz*BUg){WVFbFInnSS}b8v97_ckvahp
z+XybzS&EX!l4wSiovpx<e;Qt=!?6zB>3D6CI?$rW%XO$CrK|Q$P7L2pHZ$qX<Z2g{
zINp8~RoQ7Z$pS}hko7#QuG<CduTtO2F$W7(k9h}KdPux1kgezhV6>rnjUW4plsY32
z6j9?s5|90f)fA}t-BVI=eBRR$v*OZQ%iV_l#<lk>gs3ekk(0O0IUnGx<_#CH9kb)T
zkVw)>%zp<0>?3WP$RWa8Y#O!TzSGLR07Uh-k6%x_>L(&X)lbY)G3lDT#BIdxdFTP2
z4K#!r{%z-`&=e3#XG1V1(RzYZ^VrmIn~re{y{+=TADC6#GRT6Vvps%zTeJQXpTaR|
z$3Ai9({=Cz)xeH@nZGuE<5Ua=?|%&4?Wm&&+c!W_FZMyd=9^R@Q0C!9ktU$F{+#BG
z_=@R+AgVf1S+1Ayiqcwy<r|72U*$tO)fkOoz3_emiw|dg&@JY)0NnzuQma2_EHIKo
z%ns{vutu}1IjA<WTD?y)8?1ECbTLQs(r~LW-1#jUT>~e)hQ<C@VytrY3zOS}!m*D)
zeU#f@FZ@O#!XV;v-4bV7A7h+|Bxz2{&q_hsh`?u^!*;<tS<oc@gQ(j6M63Owur-LX
z!+oMnh}n%%4r7LCiygrpp?A*bKJE$;e)U^nL|?q%;VsN3c4B59hD^<$hC$Ju;LAa<
zG{`BpZRv{fL4%$Y1~M2e%&juJI&<9E{1lBp7m%BoP|_IBLb>C3_&?;3Exgz-o!<=o
zDL5b?(f_O#D?1w4IvE%_TiDtD?@DatgrkP#yPQI+p*t$rQzWyltu2YlDV!v~P9mcv
zq8brF!<lfw20^tvue$AAsG@p4Bq1f#-uy?AB3N;d;bX`cb0CSKNkTtl%HAS>>L$8(
z@TN=b&eLep1e5P#&8PO*qjo;@>+^#EnCEvh#g!OoM68i-*k}N*-1u!1uGxTk)GmyI
zH<DfiQIuJbM)dw9Lr8tlI>Q-5@Ut~$G-OI)*dCUFrehY|K|ACH1)069HjBtbSP@#k
zhexMl6Y))fdVeq^ooF3)e=#Io=&d&<eb6l$TqjkrbAHy0vg5E|bCS%gGV}1-ns#wQ
zHUM!pmz55aa>JZW(PXwcBl-Yalu5Sn5=+LezfMgW?%Dd5K@aj})u+^*F0-ac?x;~x
zX;4SNf>Udv_`Y2v{vLm&jl;-YbWOv->L^=3LdtA9LyW=5MXzv^$!fVVMPnt8))I0l
z%T#Glc(lT2TNcSJQ8i_uXfJNb)mjL$;@Ca&Kr?z1!tMsC(!wLw@<a|-JFhiLi97_*
zwZsBLeViiQYDlvNovg%s0Y2Cqbj2jJ-LSN5&ve}uodjUAoHU(a#%^g|l$AI;3(>+5
ztvJf!K4wAdh_GVW2nkU8rtT!GPCAed#O=-@R&$%o+Vf7Jk_j%mFU&;WOqAZQEoH2o
zL10$@aAYrER88I%l@*y}C)^g_8fQB{3$foC$JDh+N0S7*)75azjzm6ikcc>Xecd8~
zI}j;pyUJ?F2(i&C__fj`Qz%2>x$ywvkt1$>$#}ap`&QQlw?IvgQ=_p%fgdP~yIE2J
zkkv1xDIciGq2#4W;o^%7b<T=A0QS}tgU+45mB3wg0Lul`m1fc{bn9p8o>_M$dp2y{
zIf>{`xw?c@Ytzl7GObw}@Z};LM8wqYlRD_m-LiV~M%kUbkoBOA{6iBxWzb!^wc#l_
z5NJ2?o7IA3wFem6^Ft3?didJbs8^i4!1q)hc)3SYUaWy&k2Dr5)+_rEY3)g4Kx_OF
z8hyS6^?&W?d(V$yznLpxynwY+(KvsJKRg*NXc}aV_EgbazT;`cAIaqM4QOQ<O42Vr
zjpU%HSz}r=w+^WgSJ~nuZgFX6CVGajn?gh9cxGPGZcmeg5gR=Cx;`;)v$OKFFt70}
z&r>z@qJ2)t0PYPR^=#@0Srj95nQl27bFFCl9Hui-o6WfVo{)AEt_wP6bq(KIHf#GF
zCNsGGuDa=j1HJg`?U%8=5&4u?%CwDmQ2$n@l(kOJ7kFR)rRt13z3=hFZd~kRntcpk
zGsqu!nuP4jOOkwHS+)sCw0Y{BL<JqH3lRe`p3+1^BB=-I_d#B&CRRLNnM48`&topU
zDwlW>?a`LhsC6f72+I~?E#{UrxTWcP>X5DNCczZ|O~})I?%;=hpaEp3JrI;H!QoB<
z-vwbd?A%{*xgRGVMF`+0ltISqcibeAinnd7OPS}2-2}?lgzNT=ciw4>4n3@UWOn=q
z3vN2)_<!0#KX~L844{yb9HNr86-w5KC9i|7%fuy(Q6w&P9?1Xhh=}(<99r2Ao{~Vg
z)7^MOEAT`sWc72PgU*n5%&>l+E}4rQuR{tzrm-jV4)*<69al4ltN-=Wn+(4_JRc`)
z8yzWkFLUmG{8S4Q@RNV+tTz}>FzU|hq0|ta8|5pFDKc_x7u$7GYRHb53|(-0K%F2c
z@57y-#?Vn!Ll)l?f!l7sMu^@1`ErgGg!lLHEs?*QAkWAYFkH^$DqQ9~x|BoCUfWo~
zw6*STZjXv1-NF?#?H_O8+5^($5Fgk_=zVuw3s2*@tsvaI+QhM&9xN5pPs9818geL^
zJ7K>Hlsh_^pT}s2TMKw&3m}|q?$uf%Tcewlla+_v5U;N|dv+_jpRjmJ4Se%>JcjH`
z!zjWI&~nZSt3^f1i2?f`vTSyH_`oO`**(<{MwlDU_nC)1BA>Gq8b(6zo3le4JLl<X
z7uz&?xk7Yt;pDI0+t<Ub<+N|<@F9g8%kGP{4&qB~pijEsY_-_09U$IGD>a}g8sNSH
zS1Oy)dI_Is$Cub9*Yf8pxZ&qC3*TK!_6fw#^2wL(?B{;`Q`z0V>;()Jq^{8uTd)wL
zJ~xI)LH2`d2B`wAm}`Ud=NbbJ&c5`{i1e2p7g2G>n4#xd=79)CwA?d>2V<H7j_kd*
zT5en%dw8R?<6O+YxofL_drz;_IEOx0MF^N5JCJABQEx&m2ftQ#za9$7X?o2~=)#5b
z%o+Kdv>CE_ir#tZAbW4=@s+3i9;XB(ERw%K|NG8U_-yow!nbBv;XfN=^N*H5#opM!
z+2ntH8P&eW2!30vT}_d=F||VxBIb|<2r{J;!csj7fWZ+a?ZyptG3bZ0Gp8EQk59QD
zLx8B%RW~<Zhl=z|ma80qYFQ8xjs&!@Ha(R$UoUIcUpIHCZhZf~7JZMWrl&~K<+VTC
zjyJuow*OvyTwY%|%}9OuJi-2^z7a#PtX~Oq!KBh}lw<iTa?c0YB+TFzapGtBA>x$!
z<9hT*(8v#!&FXz2s;gW57zU;v1g;0f_^5ljx3>xi5x0!__YMer{&Jo-l-`;wxeB)$
z?0m=lJ}+HAr0mNOpAUe)eKH7Rb_LM%ZuB{?&?*qhInMf_y#awnFA0d=>cgqLH->hE
z`2B@c_$U#Bwmet<1afV+MQKlQKjik@33JeOeTSoKJ?)e2PxyF<7iGhatPC4!D>=&d
zlOmAN3Zb*SoRtJD>hyLBe-wCDvCo;N$E({_2Xq-z<S?L8L_<eN`&^T4&2Q`nnvSJa
z%xx~%1<_DV!IYA&Ba2cra2p1d_XIYQ*u_%W2k+OX1vDhlg@Qcd=Gl_q7j}^6XTJS5
zz%o@7kdQQ=ix39w7gx-PCDC$Tu-x9VJ*zLGTS7h5BM29%g3B7z+8XCPJ1}@-C&vuO
zk_iOm4Oy#s7A_vWjl;iOoDO?w`Jtn#7nE3yFfzUUJ7-SFN3?I=t1v#t_@~8beVuK{
zF#k_f0?e?{qFFqs5DCz3o4|14P1KzBAQ)#-3-xS}8K!G#o?s_i=%!+R+PGadMqLQ}
zm{yIbC^i$!A+5ce0a#fZ_8&MQf})1V<qtoy-9iuG>gyI=NM3v-M5~8c!pf0KTqZFY
z3<p*kXjaz$PQB>*gN?FM75%}Cv>^FW=&dk#>$wH}NU44}T}}m}M4^rtV;3{@VD3z?
zw=!t(w#k$}XA!p=6`$ddP`OgaB(1-@eWpRN&k#}~$^f2hk1l{Ao=<2&B&03*2S!*p
z2xmujzLA2R^j>7jTngO=bQ>oBSM~z(Z%AG_k5*114h^<!{mS5!ke@9U<|xym-<sMe
z9F{H|EfyBT$`BdzIr~I&TjA^wxHf@d3pgWpRiR(oQjMJBMR@}w;|$NjaMW|T(qJuQ
zC>kIzrAi(L`XtzF(r^dvF_apu(u3^wqJtU$u-mS0Gb9<bo%tJ^EQQ;G5UAT@+zwQl
zSxy|I>5RG{cvp5-x7OyBW_D{Ub4#^bJjP+S;752gdW#qQp4xt4#bE@NcX`a5)W8gE
z-yj0&w9MBf%*H6)Jx@gXN_UY#xtofRT*Hkb;Pgzcg~jJ^u=1DmklX_dXj|`6ZNQDx
zdxSn)Qwv+`_iLKI-*L9ByrR3Zya~{pZTiq8vB-hsWnSM}M1uXck`LM0XGQDHL^ee?
zEY_fkmdSSMACUp6TVZ|2*TLTI^MJG4M}W565y)1OXJz(SWDKe58*z8nYbkP59d~ug
zr6E66+{>g~&uuEeD#6Ydz>x&EqMQGc-(&&7n<AYwvg<fHqM4*=dG#bR7-~~lIz&!m
zG``nU#$DewB}s&p>G!^tR+wn3c0bF`KVtZ0B|&>ZSVH5QLZh184`XOI>Cl0OK|E?m
zD__4wm4219iZML~<R6Y*uNztX%bswvU1{tt8MaBb2e20z(BPT?P@?Abkt~WZTaIZm
zb&YJibdfUsnw+;0x5T2%LAe2QNC1Mny)NbivKxmCliAszxKs8O;H<C3R?QZ1^MV+r
z*@kiI+r}#X(<RT6QzUu2s1qm#c2(1OQO0AHd>Jz|;KFFyACb91tg7duEXPDVy}iac
zG@N`Hyja(tt&&rYLUM*uXIgsI(W+p?#O-8RACbua#MsCv7WGBWxYTI#e(w}b-S$*~
zoRHX2V{H73mgBTZT+HZEn%7~DxoYtT0_paMcInR*NBk43y}n0v1orRB*;U0cq&l-r
z%I3Z1l$iQq`uA6>-`YLc&%c?6UxF0-b$u=2dd(MTPvAWY6yCVxMdr*Kh8$~b3;Hmn
z-RZP>#X+x2RDagzL-vzUzAAhsC^<w9kY#er?|k@<W0d6O`Y)ZbzZt{##$+8)NB*vd
z`JnjDcNI-|_YN>rbHS7Kfo_@E8i{HfiPVcHb>utzQt(f&d|#-O_?#V?DPG0F;FOdb
z0q!X3&|q8(EoatR;Cx>esPh}AM~2SqIVLqfZEAkUlum64uHemY>I{j9S3e@@ME`~z
z#K0AESm8KwjxHE-L#{!ZqNO!CAn50DB~H605LsL6I$+XgS5h_hs{5S}<Ys^IQ|y|A
z<cB>e{da3_UPhwNUA(QiQL9BtsZR0IWj0T50!rKda-4>YN++Es@7!;Y)Swslrp+**
z72*dX;%p6oL?;j!=SXo*rsIv45>@bBZqE_)_+(U`E2#}3cr9#eGKHOVx4;%vQBuwN
z9RF!0YOg^xhK)p$%!8snaOHT*6@#YJ)SYk*PFzMaj)7T4p2O_{Dr-=OR&0%Md+tm0
z33R{})!x-XHxQ^E5?Y5XCUG8G{s@WDS17#4c=k&ICKe@<JZw{`?Z+tPYtxVoZTxBg
z@`WHfmS1JjrcJ`%(RrR<&^o5Byn-k3sN<rnL3P=em9L}?mp8dGjbwVJ2gc||xE3QE
z`u23BHa48OTc@neJ0*t2zdb-;*4ksmCk~_YCHomrQZ)4pi?idlX@(M5w5akLd}0dC
zI6gtXvW6A$J5%>Wst)VD<_n82$TgJGb#=Q>8b4M=Sb_-9hz5`4FK|LrIjhl`or1t_
zIO}*DWhF@)b&oD;Z$4C#?qRdTdx-FSz=>#dKp3|Ltaa%MYIa|M@8&6?M|kY<YCQ2j
zZ7Rv?0`AL0ZLpVDS+rRLmIM^kHwRY*fsZ+%R3vNKDp`L1S%$3O1fP{Xh#*UNkX-IJ
zpwT`~5VXQ@!s<C^sX<TpG&@<MJ1Rj?TVu2#8|@2h0j*`MS;1Pti8|&n@<QQzhXQ_2
zmwtn(>DSXR{ThM%l7;!oi}qWX_=UCC+h+TfXsZ2-R+zER+zlxdlR83w)1T$wD(;U~
zydu=5Ei+xNPyG~qEj!yW{Cr4XXT(dDvn_=lYls!<onL+Lrprdf9i#U7uE;eP`IRfx
zpk4NC5#_gqVL+q@y~5pag-EgDPn`z<iI{%;#Xx<9^L)jjpu%D1ss@u(e%S2yAgp7*
zf8n)nKC8$B%l8h(|GTKa@9Z4S=nd=*jLc2woej*aEexILotzD9jSU=)|9L=fWM^Yz
zXG`yH^FN&nzI_wfSiWtd>c00zc>c3L5^=Y8RC2Mmw{vv<zh{ohR{s!Wc^A-AY}Iaq
z!{~**lT@)hpzm({^Yp<JiGWdLLN3))tUEKeC?9HH2;L2e3`qdjpA-k##gxKq0@J3~
z7gJeYSJ}+ZSF?IMJ)oHU{X-U;j1JIl3&wBFdk|Nr4t>Hf5Y1TgrmI7cqHvq+45mbZ
z4k+mO=3h{ti4Y~2nnI_NT8vqg))BP*ItsM+1<+ZR9sz{3LRv45&HGGs>_Ius6)_p6
z;--I9F%_A0C77BpvMRKzRF+NZXqI)#$9c5csEO<!y6V#uab(9BRBr;9Fna3PNz@81
zxXuX?lFL$r<>z5GpQzAkC(hAQXO}<n)bD-h<&$J3#mpF_bQQw+X(Jtz#(9Jabd4}S
zFpieg1Z}!hW2CyO{b8->7|D&Z^NsYNMi1_#8eO#BCT=T&m@*URfGqUENU|YMjZft(
z424ExE))oxRZRhv;4N8BO{k^t*_C>Ov{_=M!PM(n{TeXGbNvkOzmDr~5Mx<(j9}y#
zjP@u^;ifd)Lylq1jAlmW3f0belKNAq(RN^cdJx}=>`;sh@L@6@gM&9tNb0|?(Xl*Z
zM~K?0sAX?6$|~!z@FY185*MP>R1U}IbT}gXT!8X6I&*j-kaZL_D#(uYvql9fP<#~H
zZ4lPF4pm-=nn8jYTY|I_rLN0o8pWQCB#CP-KUK9hU`X^T%1bOIYDHZS+X{O)QJpP(
zzI`{jd@}Ezl=L}Lqh)9?lr}?EQ`kZ5wAi@;#hxdA&KaNTP@ZK)r_{xj86)TnI#<T@
zbJhW(qDEY;Frs$*N{5RgPb3M(*NF$1>kKiGER9e7-%3}cE6GIj2vbk`L?dqTBSmiU
z4+&P0`cebMP+WNvY-MGq6SAg~H-17^Ut<JXtM*y*tzd<*<DP<OvT=Ix-o?m=k}L1v
z^mp~uz~+>%0F+mqtal{9b^+TsOMsp*_1f{A%wjP3rm(-O9#P~lMLceBBSo~;3E>W%
z<P#TEO5O*`$#8U-T~Ykew79tFyEMCDRM@2h5nbYf6|w`VsIaL28@BKQz{ejxl^h8{
zeaifi_Vk&~kfS%&lHr8jXOt^k`!Mkf?q6vQ36%7m))h6oS4-bgN~!;h0Ps&*i`qGg
zeCPjnANGHfQN>0LM+MQ>7Lo=E1{nHfep$1Mm1e!!PB}jX1THuOgcKEKX@IOfsCe9V
zbL*Qr>^B(edmBmcfJ<4;JDOViNfFDONeU%VF`AQ=?RC7}KFjQ6c63zxJv{=h&%+yO
z*s2YyUt)?f?f6y|)#fEmBw=ZTM{9S@5F^DtbhsfPDIi&PGujZ1Km-u&WnGU>T0ax^
ztnraHOy2eM+YE<>O@q}v#Wdc4wUVD|75T*8MAwwZ|MM`W-s;3-aN?A5ma%#>h`-as
zteAREYmLUkR97yeMode=&uV*OqTzQMhCCDLXnYES2{-2lU^ptL8RiXSE#7BTWr3;N
z3dH6%Ud8_gmKJ6xp@bAeGPucEHOg7{EtFZ*cgbFQIdHhH)g}Q)&0D|F+_<Iq3ah;<
z-PL7<xvFZ<*h64;H8{ZL^pBu!ZgVymRt+X@n4+^Wz#fuHnGP!IgCNgKDx}pXRq(hB
z<xdoiXNgTb_e9Gc-B`o%Xp^k2W)Bl0L3!uo@B{o7Js#Q<K&r-;0=~G<e!Mk|x?4Fe
zw%^@J@MWKC+*I>OI`U=zzH2_GrYuR4-oRuWXI#;MK@NR<<}uV<)|0vAk4m<6d@%!g
zxU`b%`1qJcBK<Gb&T*%Ugosu|wOfc8NNvw}FXi|_w!$>3lKR4ZR9&@O#3l#qL1<_y
znpLWZmn6wrfRz8jg@}e*absp`PR{}Qqn2&_W+j=}?&`(9qoJj#t&xF4a1TznvZ087
z;Xv@{;sMq6kOmq%N7A!;QeEXf=y#tHw!~DKSmir%hF_^v<r~x1_XmSY7`S@v5pQKO
zv7Pv_$i@k^T(RDqJ1MxPAU<&^DqE5*SLgeT<}T#m%V1#1F+Ul}L;5e*v*cvMNktbj
zO!A68&9?PIfqLdnR8AqacKT7y!$v5699xB4&EMCQ%fhdXXzuw(nB}EZ1hZt%URs@0
zLllmUifm0@4_;sP;s_=q+w_Dtad|VhYiti@D|e<7o@B17nWA(14ZB`j+tv=9NBh*y
zc&c|2-erDF!WyrP;I^}mc+Cldawdz5fL&Q)PQeV>!n}GN?%ywK><i+qFOkHUq~)rx
zH*DLtP&0tNI6scd1>ix=4L-ryxt5ZTfE(cT#PzZ#FuWqlSim<ff@{y60lG%n=6GWe
zkkx(E2%!=OmLm9Y?vk21_K}6oJp|W=O{-lP(}hD43F{eC5(e)HMg9cdYazhdPpgVF
zqR=lJ?GBm*zQTVU_KjjJX%XE$-;;^Br0ftBkNJdp<bL22de-!tMHzyh``gL(_G8iK
z0pQ=0ThS#H1UjW3ryGDGj`$>Fm{l3+OmkxtXR8mZ79&jcatevef<!_g2z6F^t$s=6
zb@GMVCKQ?i2v^pLiwDx46N&x7zjA_#;$~j>SKg9B!OtZdw@2?-SL}Bma}BwxVSu7a
zd&w{mbxH6uV;<hlXx<a1P_%|Ge;$r-okR_`%WgfDdsOa7$ZBnKiAT7FE?I^ewnc+5
zaky!ux#Mhpx^+SOcE*uP38yRzIktss*byP%FuddjH=~>^!=fTUUZ@g}GFdV_MYBm0
zj%>(}LI58laGqch>`%PNklnAG$0hF?<=s@0UZUJyvYnoOpq}bNtSWSgfnThD5&nC%
zR4Ib)u>2PI9DY|!w*L&fNSOY+P$ug9gId1Fs1+AaN}_@H3fu%L@<FVR;6SnqqtpvX
z*DG9=Y~<6dUD>*pt`hu#3y%N{5$t|zdKwoctx*Con7PfKd1tfkXD(uM^?E_o#fAqs
zj%d`=j+X{$@c&S_TN6f;^U&I>?=Bgl57VT8G1Wgc8G(^ij-Cli$i32PFvp*_vYnil
zoOhZ^=@-?hV~E@RkfDvM?daLQY{KDMSA&yta@?h;tszQ1*q&_SbTsl;WDV0)44&Ye
zpD#-}W;4XX`NOWVc!)6%wSL)`y46CihkHf6&4Ht!K}9Ax1NB~Fwb>_E!GS35!VMxv
zFXYo%It9Qv@Dy&zalyl5qMtELf2n6{&iSDfEP#^Gvj#3%4W2y)nAN$Ok(AUi>5hgv
zw3)hL3GU+m<7e4eAD|*Cfn%lKYH$z{jXVKjmFgm|pAB<9p)N+A!*<63Z-E(`6rZxu
zORIt(Zk5ddOLS&u%V0(hF9B$k*5^^Cm3b9)qcm#aN^5u)<9D6K_#`y&t4?9_F||;K
zV3i;s)r%QEJlsjeTZ3J9OtmGkVFo~gbTIhpc;J1U$?NAcP~bSW{YV4-q6XTccFj^P
zY$^dQex(w@c|d)bLYw_*UL;E?zK1=Hf|>7;?pul$Wq_85x^`@+JsJ(h#fr+p1glIW
zpU$65n8#A$khlozDRYL(Yv(8QrgKXyIvZC`ht~U3s(;n&knf>im1y(lswqe|pWKB&
z`<50e)TTrWVw=<f{?#+pHWBMN^Kh{oCih2VhmdG@7ytA_S(hOb4%fnUk6^sGx*=qx
zXw?UdjoI7hG}*+DUZ8)k-hUwc22((@)Hm`T_(tBm|Jmx5R8p3fwKF!6ws86v^#0c(
zPPegW)uB+P5P=RTdjQoq6e@!@hZU9<ff9dkv|u-p>9krG319hyvhCg*fssKCBonoJ
zBtNlJn3Y}$PQs2}yYSBOIO4sY@_xPjB>pX>9>w3^7U6nAC@qXMLaHDgu}7&O9m+s_
zHc2=Y;VFyyide%SY+Y(>n<27N&Nu`U8$}+{bD)XV&FGq(f0<#Tbp;|M_jc%Pnn-A$
zhzMIBV3JwMy+qsCVqmQz?e7#JYO+wKQE&|hv1wB|6GzX{++fSY7O_!sh5aX@S!LzC
z#vnCHQv&uxq*T+z+NV_$U{`C0s%nuKpyDQ>pr=Xa%cZg?C9Cpm7L;c1P^zkx9I#Jb
zU{2e3qGzz{8cYbtAXeh7SDj1uF%}xGn|#}<7Bdz$nz@DJ;S<5qs?k6@S7oY31*h#a
zzG5mf9j?k~@fv(I)XGb0kZ7bz24A4-++azVk!SPoc#L9-sp95tE@-!gD&)rBWZt~|
z>#TkdP?V3N#_IfYWbWHn2AgTj60@HZZiS)N09Xiit9lb)4_p{zp0f})QWk>S0NeQG
z(ZYn+pvWjm%9Z^fX;n(h(!Iz4BjkLJHrKv@5RaEk)yxeLG0F0r+<gF!zu>O3zM_4x
zI&;WMxP|WX{n_U$Se$2zEyYp*5TYGR$zvM7cuezxocnP|dJmcus*IwMF82pMJOl%C
zq8J|OP<^@wSk5CGw2AlF`s?_a7%C7_A(6NbZO9$*qYI8WOP9X+*j-q1V&0UPgeaU3
zc{5lcOSCsB{n_Lwe&9E`(_G@~?*b9!28oimByRo_aS`pJK~_b8EEU(>q|xY<_**B5
zLkJ6tE7qOstE5$+axLp+!r!PHd{f6<#GXPL*eH(?*jPAm`WmpHDBxQ1EQPUjyT9Ms
zJ@yz1)=qKVtV0*#ey_1IFi{VBGIs*>^6sI(4w0qyu?Ui<3nZ2U%(VQ=Ma34-9~u_P
z;?~o0)^LLy)F_2wyQHpLotznni+(_lC`7g1GB*1ow|hox7JM>;9_wOrC-v@49<e2#
zC9H)r1VZI}l8*|fzX}Sb%ck_?AJ%yni!MM7{JDNVHH14WBs7Uei5c!Ee;vGyr<{)(
zFAnSdJ4^pT<bh-CP{F`JK>vJag#Pm^RhKt#HW#w9{ihjscKR=5UaT-FImnO7tMpgg
zs#%jjr4mNK9PN^#<_v|VgCd`bwwSKe!kTzoI05jcwJ#`t1Nu&JD@)UXs5aBL$xTjf
zHnZ2`*VP5Q+Aj$Kaio~WF3%7*^D`uvMNwVafHIg!=<dD9SJR3SbsEQk9{(lq*pZTl
zy9+I4njUBI3gxmdK8DK>le)GQYoE2(jQLPnY(1L0*6If>zy)eNvxjuE1rpbXz~6z@
zUNFRH0pU$M?yB!d@<FE*=T07K4Mji>bn}jPHZ?xjv(dzrE(m+kyPT7X1Y^YiPmH&5
z#;1<{npuo*-c6<sz@h<DEXCk<))>|bwAl8Ug8)7>dCyjad$U}%vTK3GgBp>k>j_lu
zoW?9(G-U5aj}Wt@3F``a?f7^LXG0OTxZxF)O=WlN^V80_J6a_pOTejEd>z(>aXl$M
z4yxl)(L@;qXI4KJa4f;~xaco4R3D7%vPO?w!XUH6|EZNHjN9#48>aJT^zPP-Bqz>0
zYI{*}{A9(3%Z%uCP42%(nZc*zhxT`r6ThP@@c$WQ(Qk@~oukLUVk{#C%82N5+WH;h
z>U}_>4FZIKe3>T_^aPQm6u_th&c>LX@~^^*UvX(bz^^_6QnC$A$x{iZw5cwSdot$N
zH{UNX`yd?{4eKL?mbd{`{0$FfNJlflh?{_)I@K<aOsN&4P?9Zi?__r!n|6&gmGKSL
zxJRyO^wK=w%zOM`V8<<Yf0N+SnRi)?ebk&mv4f<a(sr1ET#}9{C5&c^SE^e+>?a2V
z5;^nl^svFe$8%A_^lLR6b63NLq1f>)<H#sw8a1iz@U~G)Tuc;>=aSIkg>rTu=&#%F
zLTbu)2+iM(@B>h?iv>tdvnGs@35Bktj^@eH5l+36EoAN0bokz{*RMVDHj$ojCM~AL
zx$@;5MJrwEVxvA?ofLnXa<8L13qQ&{WLL)uY$rTKw6ufq{4Ta}5bUdX%KKogl8cOO
zE*sY%5a&f^5`A+K$mc87pGK90vO4%5j>q_+z&wHQKtP<NKtO!|pP~CVZN6LGOJ8Zl
z<IAVzf;!R)b_6ps6qx*XJOMPAq9J6zJ}3k+cZ&m~g_!Z{I(jmx2!ee^RLRDClg@_A
z<$MT@vsH#zXE9FxaELo?zD{DbRpuOv&#zYJb9|khSQo9%9nOSWQVljHo9ECO-sjD0
z@11L}oa>XsUhlU;AhvNr3`zTZuuumDIJrs#ML560kl3=lLRoF5n<$i2ofk|#+g&>y
zhFd7|9G87gP`~2=qW5m1_ad0D-*V-93zjcY*g5Ps0sho<%6p9wM<N)Zv+Xy?eAh!5
zSugt_-cWjMH)t5kyOj_<M}o9Hw!1iV+Oc*OdjbA-?RCIkWxAi^eUlM)8<sC-<e$Ug
z&r~rx4*PmKFYND~{$KV6%zXLiy_F$fEH}IuwgYBx-aElIFaG`nDZ64X^+aFc86V1U
zzmx`Nmu~b(U%)>%g1`E|uwRNjKPQ5DL4<<n6?X@8DV3Q+u_MsM>oG$(mZYG-BPQd(
zWwVMS46zk0#{`=-O~;6Y&|%QCZ$v<Q{PUJ<h6nmlRF&)U58AGS?53F6upgpCyl;_a
z<LP32G=etTJt&awMnU)HRM@Yli4Kn<>{%GHrdgV^WMmZxcgoNrU*4B<>?v%chr!Pm
zgxB<Vw`sT}H8I0Ah5YL+OgFgS_Y~x4knVyC2k{BY#i~%(f!IZadh(9j>}d8m=NyYF
zsg0P|XmJ|6Z-p1n>fdoY3k-VEBEba*K{zLN^70ylZh1WlcbLUFs}1}N7ojOhhPgrV
z`MpbbTRM26vr0MHpP+EP1_D#^s)!LAy21g#)a#Y%P!rq(zIyf%E|vf!0;nOdX*>(E
zu)iUJ{{Cs?=+D6rJ^+E{-TZRVLBi-=emT3)lpQ{7D8=jm6c*Ed#L%mqIzF*vK^4Yt
zeoACtb}f%hT0UU4jwx_`AL>nTFek@73BM3}rfj;=(p}X7=bY^*8<p)WU4RGYEbFRi
zZ|ablIt$mLCCI+PNzh@8-UBr*L4Inx)tCdLwF8#N>BtZY%lWl{v3R5-$_A+$yK%w9
zjR+BUkqQ+a9v0xPR=Rb5KRO8LY!kuUV?SJtLzUqW^4}9)EVW)@J8C7eEP%!aG?R&n
zU1u0dvm+kTtZ8##Vxm>eyl;AllZF<HdsEiHp9j%XoYZDw{kEXa1|6mSMVljL18p^*
zb}Vj*kdNC+6rgpiw6Z?3uSy{r#F$ct;$Kv*vy2&OB25c}{*q{G6{}U4erhyHJHLq~
z=OMm~G{IY<do3YMv}dl}PB~k>AaICT2oA=sn^>;hGN|#HHNgs{m$f&anCj&?@@hjh
z*J?Lq@-uN+8th=)?Tr#Ozl_x)X<L|K744hmMO;r~JiNc0*G;0H(NgY4g3VWc7DF`v
z?d|C}RM;bLO@WK|_#ivY<iQQHo?lZoY(%r@l^W1w2tSMo<*z=WhaTISu{lg^0-ob<
zB3)=(?IuMt?wfao?aivEg%Jc2aLzm*-=dEd72lp3N(`FLNucWALpy6c<zS4tNP;YH
zcCw5sZCXBM<Ek4!2+$rtvu>swnZC>yC)!4l75-T6s@}zIvRb)=E#ajVn=kx{Cg)#Q
z+Rg0K%~A3Py231YNRpWV&QY^I?5Ivzbg`Uyq<xS;x>>a5u%>%`;13q9SmM6Xz(A->
z7k01FKqxRu?GO@5Yh^xxm`oRRR9~^p)~II3Gv3C+{-f&?{>GN;lvi6}AUNNKKFPF4
z9FC&x1ai54(`<HS5V2Hg+u@0pSxySOp3{A~a_`0v<EDXlG38{@M3SY3?F2My)lhdp
z$!oU9)RM*HdI6v=fv{5gh0%Q9rEMh+TS;{id)<HpKbFOdC!#0(CNl{e+x!fc0!x|P
zj0HCar(rosvpr_TpU0{*!LxfeMeqDwQF<8wcF!%hSo25&d5_48M#Jln`^7pziKN6P
zj@O;7>!m!*Xj0g=BtILgd6sdCvOM(nhN3a4-g9-ssjafIv9q=MQQb}Jde8Q{e*3eA
zO$b}sB8g1kvMF;tP{3*x!#W)PoJB5jh<$IG41e(8Vys3nXdWbwZYOaNHFmSlY9%YX
zRK{kEOo{CPNy#>ew!~VcF>~<-n$>!cIAqgWveDC)-6V9Lk(N_y5NdrTNz1tOZnipL
zc!9tzbWmVYjHk0m#K+{~I)%5S2^y|tCCR5jug(MiIQmXG7LC1F2R_Z69e=7XfkvYQ
z7Zp9OVvUN*>j3vr*}*HJ-=#X020bO~2;F+3I5+lp>0@Cnub3wn{P*-`gUBt}_Fof~
zl`ch<#cqC<$$u!sD0_Kl3+*jxK<ns<OO9-p)-;2v5-$l&U|o(_4xLETZ0|8j^=vg|
z-wMtQwMyw@i{BTIVIUwhZWgz?vK$*;%8vNVl!~8fyQyFWf;;Gp+21!ad`!k1$kkcN
z{q+szRTiG(dfIVP9+)})RupK~T{dnT4m2{()Ig0pX?&#SX_jSu;GSNdNDYAs;Pa(_
z<up+*EFXKpEyqlS)tBoZzJXlsmeuqJ(7v*yVYz5AGgdK9=E~ze{J1xWb3iy9qkCF0
zPqga1<>j&Ky8Oz$sW7|LT)P+^9Op2CSo%{%O@=~U-9R^)C)xYHcnC{kSp_YbMOxcd
z+S<9*8H;j06GV@hNt(0Dgzkkvu)eiCowmBQwgy<<H=(?BZE0~3;PqVhT+7v#!jltQ
zX#dN<k+ZE)@tnnGQi>ZXwgkt-SkZZ;s&c0J_@xEPgZPNOWFLYV-p@}ns)s=(%Kaj;
zWq_J|)w^PbH0^0r(an{dFe83{_C-kTD6X~=X)l>Ay(0Hjm{&<ltIR&?Lu5udsEI2I
zrB1ac?B9V7<b9`@m)lypt(WY13@-R<P3D~Z8ri!;`FPR{+z&lu%qFc7442~Yp6eNG
zi1t`vmyRb^u(k8^#Dim|aO~1{x9Wu_s+6S>DQ5CprW&cW0W}#J+y<v|B1-FtxSPr<
zk-`zP0_2HKA`EC$2%wom6r_Z-BO&;a>!KFAt2>Oaz+tIxe<3w^E4j}hi2Je1&j}sL
zJ-#ubXl7L2Sifk2g67B?B@V3uCZZX+{&rkfuzC6dDftF7sl$s=w>w8N^%(+{r0ckX
zvd5Amc?HbLX?{k^aw}O=LmEMuNkcfnjkLsMWh2}iW+5EFu@#?m1-Q<;A_zICqRmsM
z-!8|>kO)A<`F6<4LU|iVpNnkF?@gJzCYw?U@}<x3<wH0TV_jt2Oa}FIV0&Qy6ZEMG
zEo0lm4&F@(>bWL;0)8byb5@(%w|`GD8#Co5AMJ*G*I70asC>YJeJd}kl3}fqVUMsN
zD)6OK@k=Q=z*+@=JU>E8hejz=%!MDgl1_hIpw$Q$?P|b*#wE7!?xJ5p`H^|ElHMZ0
z(NHrbAGkZ_eu#4>EoXNHMtY;PxleMQQ(koCJxBHk`JL~RKe7kGPCT4X8hY66k(0&`
zUInAh5SJREV^S@7WlW^XbyrAzMs5K+`JAL(8bBaK$rpp>zPwzMgm`6^K&7cW$e|dd
z9Ipz@%Nox5@hAwIj3KLEt(Ji|aXnk$iroBRIYH2?y`s$$e*U*IlB}*~?G{Y>k<I^c
z8s37g!d2QZkjPa!&lVR4hi=dZJ2`qOCd6!4wQE#iNBaQ`-J$&F>vo@w$O1MC3h50c
z_7U^qk%#gDc*$qvYQ(Goj;<g~PnfDVR`(0``Ja{3YP$v?pGg1bhGpkpQsFo-H=*v4
zGeJtO`dI^7STqG@c7p^8x>%D#8@HnmcASyp+?bZ|ceW$ByTDgI7?jDct+%5vY7@G(
z2N))`%&-?KuKMg1eYUP;V>Pa2bGFi7>q#F=TO7c%Lh3rcLJ0*9xS1v9Y*raK>9|wz
zv=4&Kfs0zR6?W{WcC~Gb7iFfn+f_7fSkt8niaHOl8T2wJh!=Pr5E*YC2+86Z&p;}{
z9D8xd%3<Ny8ey80gQk?D@a4jlG(x#Fqj(M2#0?Ng8j)pHgS-v+rN*FFiCkSOZ2Q^s
zWz%^1<<yvsR0w#h*0XOHYml)W3oK=Uc66rKxsI*`m4630gp_gyEW3XAl?*;bT~;u+
zRL<<qHdiiQbW1M@ZqTwjJo>n^B>x}M-YGEBcHP$Qq?2@Pvt!%tsAJo<Z9A#hwylb7
z+qP|Vdgohv{(G-A&*uKm>bUBu`+47Sk8usk=NoDH%X0qE%l(yGM4*F9WcH#XP;q+6
z!KEUbcHb%`JIP_GZ`B-?Gn>Y14t^lG+-DSB!<gG;jMimJAtcH%Wr#$}8#bl{)aZMY
z!Wz#^tgr+2)SLYU-+FA2BerqE%KUWE5>#W^VwPfs=i*rx)P-tA`$g5|+2axkk}iT9
z4*g#4uPQQo)dk((!>F{OLZ&5q<%DReI%q0UROMEWPX>&=SN@V3@?`IFwC{B?@O{L1
zD|A_A33Rxz_zx2FZ$&X6voZS)sIFs|9E3GPn+~wHaUj;ov`Vcx?$2ObHIbj+f&Tb2
z)fl{r#Z-DKWRWiVDn8yn&G~Sp9vO=OzSh64nNKFDR`1>#uL>8?RV+lM&8aMk4MlD+
zUd9u{;ucnw671PnO|qrqm6Z+!jwZ}$;zH{bwi51P%j@D63S$e$ec7|6L`D!4NDm~0
zJmOBq=#aZFLHp-}ZtZcXr8+fM=Clr~>Bi(Ojuc&>(`L$5T+WXRtcVxyE46(fQeR?^
z&Brj*d~}Rn-NO%$?`imT4f4Ig+Yc&E;%#?II{+ZBY<qWj$ywKXKCk#&blby$EL%c%
zLOfLbefxKYnMpZ2nIEVaho&tw{KJlSFqi4gjNXn(MRcC%&8E-HD10N)YrPFW)ypH)
zinVy6|3+BGoUiISy3EpP9M458p{<{)Ufi?`M&-;A+8h6#Rq(g70jgbRVV#3h*I=KE
z>z@+w4RjH!V|?8X^2+7&&0*5j9@rO{&c2^YCIAe#9hw%9NN6^F^WLLIU?~&n@~DnU
z#68uYVA_OQD0hiw-+A6eL)>B3`|y7^=DzHGK&^je2phjLgcARcueUP#*2a!s<`CmA
zA<D_v?O&2{)mMrT<trf$6mLH@F_+|6Q0esp_t;V>7mTDpm54Mi1B2fEX_G;!y>by^
zG><-gOk5D1C4bAZkLF?Q+!%(3pvtu$tojM<8}#CpVVw><g~iZ0ShwB2=H<D*@49Y&
zz2DC90jb4VMq|;J8;T8phE>@I!A-bzgJc9x!i3is7J!QmWx(!3A<RV7u*V`7;y~+5
zb>qex!XoM8h;%gItl0t0hTSJZX3AEOixH?hF%XCRb88{>ld@l~7Cewp3wb(GjSMaI
zA6zD^<Zq1tgL8A@lv#2>W)NK6_*-K2q4xY7#N)<6ZT4w`T+?==^s`^kFURrJAieGc
z7LtV_sddcJlHsTeaqo?M5@bg*Crhd6^u0|Ch)wZ?>>ma)Y(=L4=C2e&cKyU{X0oF*
zcbRE|V6OC+v(C_x*<6wvoga&vxx77rICA9;Z=KadD`0g)3!>o1_*6Kmg<^;%3%9d@
zSf9*x-`r&)x@$vm)|sU`twDBLrTu6oQg|Y#@};p(5-~H%?;%#a41o$Prv-L+Eyil`
z(#*N44zX>gsLG%y(%evrS#5I3oZb8^zpW0onWPX25Q~Y4R%EuM6Wj@tM@vB(#Pd<3
zIB2N$u@-uiSS5%%b;W?hymN=xQbMF^WY@b@D8n99<E=K6Nv`1UXp?4fwLZ$HN*4ok
zQ0poAu<FTib5((>N_^HUHgP6*^EK<h{ompmjhLik7Q*zLtEE}Zm1h3vNS6%rdh}(r
zyJBYPPMcCS#nQ5}t}@rBsGV*m9L1Mg&9*fr^zusLF!Iy16^rfdZEY;qYKn2a%23YK
zX>s4`wLt6rOrW&Qb<0PH$orM!h7$o_RZcC%d*(dE`|4=ZyY5)@c0}WeDua=BN*zHd
z#vS>4${l2RKBTEa?(-56OBMXhl`KBWbi&FV(d<ec;mt-JReN~7E4zOU#Znj@y*}z0
z1>_SDC*49sx|$Y~m4_BPYz|debb7^g$JLh-JE}2H2j>@w-u4-Wf(PG@=EU>ELeG<-
zNP?t%dj@D5hIT|$BuPgSJZuK~r*ZBoTOvAAq9%<Q7po{J8>;3UgXOnoy=*2Ycwl@R
zEt4fNQyZpO6OMgsv0Sd=Yv!`Mk{#iEeuB#QoJKR^Sto8D)(^w-(n2mVWA&SyM7OsY
z|EVt2A8|%6G2xUQgmD#03p?N<-lD--f5Ece>$%)P*hAl?a-5C~v83LHC)~+eY}yJ~
zX!DC0pat{!b)z{(H8a!{g8hp;U`FnX{dq4<yOJB|;P%O~z5T6<>P3mi*V>rJd43*W
zsbKiNu{HP76S<u(|KM=68*GyYg^#}^tM<b3{rfq(Tw0jYX26G~CJ9T-8BS>gg`;&`
zZMW*NMz?6KHU7De(4^h_b*WWO<iZr1KqC_vgBYR^80vnvzdp+zM>saAfIS3na417a
zr<mKfg5VhuKX0&YA-7GbU4bjAQaF$O!IAC$M2xVPP?sbxvdG+X=v*`cv#?xcUxKG!
z(}sVng-KwWw}&90*k}4Ce?v(b31_;Z#-G8lg?$9+3)x*AWpx)7U3jFS#1dtTUsW@3
zN3O0;OzFF*8%*o-Yb8@oYn9k#v!99Rl<s#(i2!*Ac>EwtwuL_I(LD%U1>!{G{0mdQ
zYVF#wYGUF@-@FQAn;Rp)T65BAbDoQLrc1@ai1J=yR-AA$NKwtzc%bR=XmhjwxJ}zp
zaueh6acc|{ad!&j%^*I!mRXh3+!QpzsP~^{xPDsXh<+JczY;S$&iDh)a}W6D9yutt
zAd&2m{V%cBw@BlE8O>Y$S@?RHUlMa-r_FA`w+2)2m4Bp~U~BT02P~A{mm-tq&?>N=
zE28zwpYe~KKq-)k!OR>n;yz>;uUy~MF1HVOT%Q)z$#)>VMoia8axrPaB0q5}T)?~I
zmF4D`qiP|%ecyV)yVC4IpKE1x_{)=D^)YF<&I7CgJiwjvt1=x$aR}BJO#I-PEcgrZ
zKgI2C|1w+KFE;xe;{W><qN49$u5Vyv{Dm2@wfaIN|8JGMO4U*kXBo>!MNFfPW+*OD
zdo{Wj!|GQ^)I6JYT|z*eRjn~0aW0{~1$`|9(k4w6q)mn-PV;1u^#+@HR^jQOw3G*V
z8SS1M*_4!NdYaEEy&3<5r0=gTlXN~)*Ct4HKToXRrqiCh*MD$7?`od6e%O6uM|0Y@
z;%&<vPleP|5Wp)&#pEDQHm{qYAR#xNSlVYSG%7?Z<-qy%+pED~H2kn5fCm~R6*?kS
z@rL6lcqjN<7m;5L#7)z;Y{;F_Z`sIUB{(<EUc`Q;V0LvN+XKy@FF=4PPA$$f_)W)4
zSMCn?OSM`TMo%P&mO`!`mEZOFi$8#1%uQTSNG6BvtpRI3m7TOv*z}RpTZbC+wKY-S
zq9HgFUDt#|?9*+#ZX``@Z{oyGNpNOwS;50ZLo)T%$RwR6>VPiQV+eO%QADUOWOt-&
zR?J`^X)QL41UXQM5hL$maGx%B=so0Jrfp}acV%ZpLdo#&%uIN%F*WuNB5zTme!2_(
z#0iqgAEXx+y2Clqj8I#j7pPTM5oFB2D^s%>?ug%n#}KEC$sZR|vt^-I1Ux3wj0E~-
z&Di*>PC30DhGwL^xsoy|%=%6#dHG2Z*NoV*rc4@Nog}!kF~j*#mnYNetMv<Fr6;l6
zA;uFj4p!Z9<clR|#*$%P0oiQOJYzF5gDt!(@<@+);p&D8Btyi4-Y@)&mMn$@)G~kx
zS!_<`v`M*y>kbaNJ|L@9tQ>#I@nyeivcIKVCv`vI;BKh(fG3U;X+E_`*B-(67rP9O
z$*OmWO?3127gr*n3@f`WO;D$=tK1`%aWa#whg6?9B<fzI;O9#biErQsBkwvv8R=5a
zBwsRWTr9IXvx-zvIgLy7XANy~{l_5*%Q9qOsb;vmBJ!$%&m2cODr<w`BG)-Ov=VOL
zIMvl4NIjh;YVvS{_><7q<PYtuWoD;}MaqdK*j9~W+$O<!b1Z&^TSG0C+XyusG)deN
zl84V4Qi^?6H2&UmWS|naPfMzlG?vr><M^@`t!{-!*<$7>PE7L>Pg#lbpzJMk-G|m7
zy`B0H8d~>&IaKUzNCdmR@=!oT^9?l`g1%OtP24-aG)l5FMnsy8M}M6`aihC_6xmQ&
zgzi2&@>6wxdUK?;_fUX5g_`<m6MR9oVdsVVa$iTb%B|*y%+R&+2S_CH+HxGyJ&VnF
zXOyeahx{Nb;W99K1CXbAYSCT*RJ8vilPIGRRgxb>igjJyLMU;~t7Rg2v0Ed`a#3D&
zWA>%s{f$|jj8oohtj-af0Xn12wz<sq<|!Xj*MLp+t6_0+O^7?WdWu%91G544rfuaL
znkndx#?=fA_IY~P=J=Vk@iSJ`5++R?O{ojUC+25&4Ss-$#Gq;o=3}<R`KTWiFIiAP
zbl;wdH43N<i`2ffbQC$NhB+wFfoX?X#o+Q;HNGc(sOL)e^ZQ;qy0o-2<}#anGo}^K
zW&7o<QKB9+hj)t+xFuAj;!UcQnKL7Y)xP!WoJ-4DYwk)P7Abj|^VMtgaqUD$r`BGz
z#q>i_U297%xV<ZU8d=D7BKf56GWRgsm*er2>$6*RPuAEPNh9TU=>gzIycjQ1Ju-X=
z?Y$T%XS+zvI5|g}_5^&=8>TJKdN8}wDm{dK&#FC|ug|T}ZaBNssy*vazImWFgd2(=
z%}9J|AlCsg??P^V=Ya#bq*MJhbFE-y%wBle&9q(g4x2rHG5vhp?1P>}XC%!UCZqUp
zAu6@`JNJx;WrJAq?g<iOU!x?*`w8-I$<BrXw@6=Xf+cT;TSj<ws{QeGO;ty5?vmtu
z9YAP#KV4_+P|jYEu>)}=%%EQ-SJe8nNx`1!?}D-*nbRW-wb`*-;8C#s2?|z5xNEWY
z0W<vvA58AfcbWPN(|a7nH0M9emOB9>^0)=Cv`&A*;@L)+c@B7^Q9jt1ujGGMM`I)G
zkhtoM2VlDL!O9OwesWcNsjp;vzFAEdIlWBF_4i7XZv24`$jVyYIi<?u+-M4#jNIKp
zhv^<2@|1j0N<%Csd7*;Tq=x#0?gL5$XbG&?AOY2akgrbL{PFM;!)d9*sz|Q1$gb+c
zxN&<CYTJj`vF_qcr<r6k1`U<&f;!l1RRv>eu6%qO_zyh)Lc4@`O@6*htSlSXRlu)w
zxy{nkdfhc=$PJCZUg>qIqe%D4&>7hpY^5M}Ig|6)^iDA~{Q`+%SjD`j`Gm2mCQnT#
zPXn6XkZKLEWDCJh@0)jwY?5|Fr`Vy<-$(nP`Sw}9P&4`-JD%sX1jO7x@C{|e11jcB
zXvAnYns;f<V{J=yDqcVjZ1>oE2YdrMX$Ixdmqalg?Fbs|hTN)UQAJu;S|T-QDP8hw
zd6wu*&@@|Xh12fkj~f?AEpG1C$3r}Fxyau6g@3k~gJj?xd^!Lsx5@xYZgu6YHS*`q
z**DdPvL)Uj>!_VpMJRnTSNXuK4dwN+9i&W`q0w)Y0lt<Z)G&@(mI34YB6Sa&dn4~X
zT-r^fw-k@eKdtn8-H-mQ{)x9Cl2i1{KUDIc`-lDuZ~Z^4`$bCDU!Z?PpAf4RBXuOX
zhpmSLC9!~7R}a?_aGvi0e(tj*2B#R7@p%0T8Ji0ig7)1fT^kq`JdKSKfAW<!W9q9-
z!x?|f-XHcqOg!*x-aE-Yf7~CPI)3BN)6>H=|1LB_A}&Q`FEE@qCv{$n{4)D<MdUjd
zU0Ht)+(&>eN-CorRs+P|i?pc9FmB+{ZLuEasO_D#P3wlGT9O=>4)HkR_R-anf4_pY
z;(`#@MUEp6c}E|jWYO~IbiOUhgW1-tuziI(O8uCnjnTz&Yx`7D!IO0nx(x?NztvU>
zTx7GGw~!j4ZHo+TZ9uFiTMAG?&AEH^f!DI+RD-?sU~){Q;!x7LySUm^Y~?fFRMnlB
zsD7+R%$<v<!w_81rk$vfEin0x%tbIVHo_}Xau><rQxQ{%^f};1*M)&T&E<j!^;enm
z4C8dJ<SsP6T-fiy?Re*}GH18Y_EA}C2QrzR!f-_iz)ouTKBn=A4+sv5>J4}Q%I?f^
z0DADI{+QjJNp&Xm2K{EWib@UbW=*o=;Fv?1){On4Fg#4eMt-=Z+FYI09+wJcX|jrR
zrT*Xm+yRye-~A~j+15J;OxK?ujF&%Up8-YGv9mv-O^-X;AO&@|?E9ibQhq3@6)l8P
z=T_trM_Rr8r5bvZYf%83HT<FSdKm$oOV}3x33}JZkj=HBcdEn7z6K-qhgGg%gXT>K
zGwJf>{gkewKd#-8Aka_@dHK&cW^{=MG7eX%qBczyS>UKOw}(CwwD|NoaX>$Tn1?n_
zL5_JUUn8GcIk;I-8C{r3@mk=4YUB8v)MKd85hG?)S7_YqGRY4lVoo85l(-(6uDq;P
zgrVjay1uM4j`Wf&E}W6tZX`uP?h}jX&mnir1&M1dxJGSx-aSu2YSkLZs#z~?N7!5P
zlWEy2{S&N*cH(eyF}{#ngFDi_;0a>0!7|>=lEEHJT={vr30@M>Xw<(0dY;{py?fvq
z!^JN4PNjcq;LFV0aMg-es!`I==Bkjwd8YFHpin8#kmWmrm6havvl3;kk}r{E{XD<|
zh#Z*Sd{=*(ZNVhv3URzN$|+&o8l5k4>D&J+4HRIuOM$&|HYVR1oe~a``t#p#e*ZZ9
zSkSV5segG>k0HO1e*c+v^YssP{Qt_=NhBPdtVC>_%$?l-?eSY#Q*r%^0|md5Ogn(*
z2ooC=J3vNek*)w*DDI!GXF>Os!0nV<<zvjRKM)&+eMN9TvDA4>Uv?@EE}m%g9+&b}
zD)FQd0>xZAeGsTvyvpwMYWI9N*6sd;*n!V3I~m-B^th47ETG~WN+o$#0vHkj#L=E_
z#lPe4<ORs~rz$W;VWCm+C8QSytU|Et$MG<ei%ax&M7V4u9XN{5L8B`<>C5-l2hgKd
zGAtYq;P)RseA)XiPVrq`Y3UyDY6|Ib!1?x90<OcwLuS0^*#^Id^sex)3@u}UGRtH$
zvy@0@&?iT#UsYqPN0L~ZlbfoYhggnXmoxkXO2;_eXV=C983ymst~i(IT(KGxtsPy5
zn0R6mq`59zz&9zdTCJ;L3iQ&{WuJrekKx$q!9AuZ(eX65sWlRl&Tpk!l^nDfot8M2
z7f;?gYV_PrFiJE-v}c(6STFky)WtjEg8(~7@RaRJ=vXBeM;z`(iAD?j23*QncCGRx
z+AYEiv^WNudv-(Arwt*hi=mQ-mBvR3?gpL5**hYm<)fXr^icD4lo4mcnXIHiRoBZN
znr}-Cet;0Z2WBwW(ibT33hbrY>Rm=QR4WTN&@;4oG_SH<YOkst95~IF<h;M7-%h<}
zks4%HrwD$Sp6F<1rpu5wtE2!`;?s&AJRGQ7ThcW)m45j*jEtVR!{N$eRp(@;SQART
z;l=^z)pn=HHc+skSC;e)M30{FgqF>NipPtSj;kSHMBvyUi>n>63H!OBC1CIWZg(&=
zc1W62w)Z;*<URj^m04dNK45Chqzm#8rEKZ*v>MY9wS?9FfD#&@Htjs~H={wTVP)F?
zTi=nn@4%~^n4}C-xXa#IMpLAL?lsv|F3s;+V?G3}rR3>C(~caO(*`f2As69|af-DD
z;{etnv0lvMtBSeT#K37<^$^KmS5eLThayZ1FQT=FH>TXM#r1aTJu160+-GvC>ix6A
z&>KWp8Rl;O0bbqr54Qp9KI;rCg@Q}=H7zeMxkp4Eb8<N^4Pk-O9@{1{@o|Bt%l5$_
zNoK+5W%S}jK&8h8{}(@Mj=u&2Hs!=TfgSx1!g&}$k8!^0iDh!v`AHQ#fgjxV8<sP_
zid8kTwIFX#0Awv9kyP)`Q7&&wt$w)NKJgl-<y|s^LgE~n;BSJ3o=I+zKRvU|Dz?9z
zh(zHxd;u`wx`-a9<4F-8Yd5l`>!KXD5OG{I(H(<NgbR~Ei24QinV0q&+qdtNwljSU
zNGDJW&tM0qOWuvrU=_y*vt90f(b+qE`3hLlGYv6QhRs#voA~*bjtAd1Yhqxsf5Q~j
z$oED;)}gaBs0ge7cvD0Det~RL&j+aY0W^T{7zD292~pJIxb+&mWDnkc$0_q;`2k)4
z_Qe_o+lBD=f`I}p@?!)bVkGY13cWx#iw{v{%4p%~$n}3T5X7?l;z}xXrE>QPJ4ai=
zYI1=R3j6qPp`?Gtn3pZ6l*pI-yoCK98<qe282jInLDs)m|F%qNU#x!`>2w>XJQ!;(
z^<v}8-;A3itm2ZuIp`(vyL73niGj2fHZ)^JQ~`9P0isANT8g!N>pA2+ks=YqFYJFm
zoDq_i9SDZ--}|lc@d=}1>DRl%4esac_ngOU&n=W|o(D+3U<)9DrF{Z{^NSbX=%irR
zPot7p%^)xNkt#tO6o>X$?jSGmku0B$;P&7R;sYJR_K%gQcdr)RA$rS~2n2+eTV=1w
z7>A45+U1y0H#r&K%@|v~90KOr?NAW7!2D4VxF5z|BcX))Z^Z-%`$%x1EVxgG`1p%A
zv~b%?H+cN`{YY@4e@ch;!C&aIZ}!E#Wcw9;Xa=5PZoczq`w{Gk3i{9-V1aywhnW6R
z3pzd+mSz2zh$&hjruGE8H7D?)<M-JervD24>%P_rdNqP}qu=4|zE<J>$s(ZN5rOMo
zzKIt+T?@ie$7Ah3iY6mQinL<hgZ9v7u^3SOEf^jYCpU6=9Uj}@V`-*Ife9tj9&o<a
zjE#4s0Iq8w+Q;H?#-;e2G3my!Ht2nwY&U>968>1{rW*UJSGbhl%}3}Dwq+nq>$>2^
zb9{BgBgFwJmqBMpKskz2n&x<G)}<yYXfnVDri2|;7V}ovPPww6W;iUJ`mHZchPaDt
zL4RnE8!~f#wVL7mg*<4H#7zXb0t-O|MbqFmTW|b^27K*8rF3kB{)jY-lO6REpvKfO
z-Zxv@npvzgVXJsk32>g9*n6{EFuOQ6XWygEdkQ1;0XPQ{S?9T_`EW<#H*img(EvLz
z&)}S$a0Hka(4d;h1E3O^1aD>3AzcPMJPhO|OCAku9CdANY3TCq!ra~(nSoqutH@{d
zsCfyFC<a~(6^xTj$EFYd1{36JZ&v(O#4A|m_J78tqc~`P^B*2!{()9h$d?^h{Db$q
z1}j=*RMUoBh6BA)Go_>Jr_c#a#vZldEbVS}mzx+zLQJM}2cik@sjKhIq{c=VW**od
zzCmOyjLS>r3`6f*ctfF;3!VLghgLL76H<HH$@t6rhF8hKld?~#=fY9QRnGF#m4iyq
z)@h1l&9gPpcvjw$zQ?bWd>=G&5ec4=TCVqI0{D^&pc;al${~Py3c@ZpSwm1W<1B&n
z=xI>BP-1SssFuMqu|9%M?2Z_wpW+(tIJb&^Tp5Dii1!Q!7*Rx|pK7guHqH!E>vpgX
zt780Mzh$*N5wKg<wA)-&7}&x}*NVLWSsINHP$($|vvh8TKIiuv@7%}*Kiw%aCW?z~
z_YW6cPcRps-z1mDY_Z|@HI|ObeYB49eFQh@;d8;yFn;rw2AaPj`s&T*PjpZaRov?R
z-xgY2>qGKNN7d8=Gy$=z80=0R{@qj)jr1(^e}G~75Y1#BftDzpG`d&bhgs^n>kAzo
zj{9ws0V_)DD;*}<iv4F~aK7`mt{*})oicfEK~$O1?6=9$zI(dZpH=((Zkofsw?NQT
z<5PiIdrrP;xx{obF1jI7=zZ(QGwgMX^K%tz8=d8~Mu(<o*BkyQ*(wDpQGEsATPXu?
z!4EA6>=FmGF{TB%;B=IVTxipdinlV#nCiR4WjNI{ck0<?*4plq$khCrV#=KAyChvj
z@U}VSyuLNp*V;*}&F-)uB5Abqa^a|XrLyX=1vl-a3aGa9QnJ$*)M}$SBT8rokNRlq
zm8lV9s$W*}K!qb@ZRuX;bS`mKMN)b4;^Uxs?Guai^y&(%2?ACm)w36t>bZr{w)8TS
z+g^_p6Y2?^EcAop1RO1-^Nn7ZJqHy)lc@nnIQIH^e!id5RC&ZJ`J8Q(;iEb1BPLY3
z;erjqV3BRv3dv*nOu1^D9r^ulXhX`w!d;3?CUpBmW>+ig^u+B~L)+62?U2?XI$rg&
zD>4`HVQAINS8}XGNH(}>s}%_1I6bpc_o3&XLhD*Ge*rc`?l}!=iA|?8W~NLxbLkI1
z50?p;&2jngGnmo&_=H$&UaD|(<7SZ&$a$CASB%w;3&}I%1Y#bEVR_gtQ(<W`q)Igs
zRxZ7Z8Sey38gUBvRL@Az$VnT3PQ!-lMg2gX#kAo`zV{GVdT6z!<Bkp@<C3_|E>aSP
zr<c|14sEv6#))n6Cm=X4d269FPMl6%k2T?@rThkxX*SLk#Ja>VK+5{KGGZT0k|f2H
z$2ukGA!Zz_?2p=+%kRcrblHwxA~Sa%2@&)t@LvO5;%9A4(pG0cXR2xFw!Q^J7Jv~o
z&L$j?vnu7Cw!;lz+)0ei9^lNYP_pTujVZGLoX3&6P%$^}%-hl-mY6wXRE~+`I%PKO
zPjT!GKbf}(p<G%%1SVls=x3Rdoz<fM0^ylsb2y5dn#Eq_ahQn9p2OD6jO#35wXysC
zl(IB}K99X>tU-(;9Zh=Cv{D!kykAy`w(5>0zzo{+oeD&^{9%sdAWomV1GBroEAu&L
zZGyRCaO>RqOEpgR2^}2NV&3QADwI6;iC8vFHH>V4oJ2QFS4^O%fuJq652=-v1%KcX
zr8$*)pVFO)RHkHNHBrsqMu`}pSchi1D<tkg>+qm(0ErUiamXT1zm|6d@zm>zstEc+
zj>O|8#q`@C(-C|w$<G830LtZ)0CxZ>?uTgE5lCVL@IzUH&F{83*9h_uN0J=3XFx!T
ziv%b16%MNuw+FS(jNlHtJbDjRMusaO!3eWwff)060)nARpS`1K9;Y0C5RgRyql7mE
zi^LU{aPDe|pJK{2&U|^Ot_3Wb!jC)S6wLNcC7zc+_U?&K<F3!79uL-{yXBMP4|2z$
z{vmIFvcl{EV>P<ntA&+>a9>r23SyZVAwe#&%!IBdTB6U*Ttt9U8;H~v_JLstLZ@#;
zH|U@>WYm=z{t8vRg$CGE4%@MK*u%ckiafXDwb|L0@q&Ne|9vqi%>l@`MYS1ZZh@oU
zbLj}-e#x>UXKjP|+rPPRf}a%QSvE_j9P;&<k2R`<6b8s(%EqkP%tVdq!gz)BVE0tZ
z?FkK&r5@x^(4ogEJShs`qTCz1=+8`2Z{RSUuT&Sjlbm$E8*i*8UKja%Ze`zLIi@-+
z(jn#-)k8qIkd|2Fd4{f|1S+D*#*@bwS}r27Fgd+`FO9F$gIvU^_#y9z*o%wX6F{0h
znoUTvL1B+SQ1-)K1HPQh6MoMr+F|GC)K2ByK4$E|O~o=ZBadEb;l;T2X8lib1P
z?I0UYp672dlXoGPb|@sL_i4Cg)u3}^ikvEq0G=nq>K&fkH%Qd78hFG;E=YV9SW6Kx
zbyA0Fe0L6+<A9MkTejg5k9WR&3Wgw&c*n>Jh&m%-?wa7cM$%WKjQJ#mfy}mvHTp4%
z;O)rhL>M;(mV+vFD#2t{h;mBPrLD$Vp79et(^2S^kLpTfjmE8b<-L(H(`wx@sVV6M
zk6>!&L~B#i`pZ`up!Zx{$|{?WE~kQve8fqYxB>|!97Js<^R@g*QqeK&4sW}C`3Ilh
zS{6mT!cG%<i88$Y;E+HiYO(UuT{%eQQSrBWKo!=k8<#bN&M!(G12~_wSzmBvx1{EG
zRzA@h&19+CCVSe|g9E|x&ksSzhZ^SxdMD<eq`cPTopE5=CxRGUP_fY7tbF^wazsla
zG$TX%w-EKfwleS^*|El(<MZV%pebDPvt`}Fojp*i?M0&M_by;nI<f|#xfe!f#;8JF
z2-T-pId|cd?$D$wNX}pn%9s=EI_avH&tMB7wR5nj+3_qH>ynLnE$nOg&J7m1)L#9^
zzH_7?xN>c*-jp4R+r83h@tp_2xeBSY^f|R?^i_?3HunaM@Aea#+8it<C`KH1!e0x0
z{`dXfKhNi3T5Yl8Uqayd*N%_<Ka&~0Fw_4x2dkw0Rk{4t7*IbNKM75_qA~zfX@uJ~
zloVJHtn(956p9F$BYHGQxCj~~$ynX|xzAsx`uWW^^R$_H%56RElXUo4nkk&+wm|3N
z{fhJ0J?Gvh8^f39FI*2#7wZifIvilPA8ar_EJoO?avx=O8FrwK#z17?kwoRTEDVQh
z$*J;uh2aLv270>KfBH5!x-wc5`nIQxt4L0t#np^pRb{bSwNmh;{c)^b@L}W$%|Kw(
zk^`FRi%F&F+OLdXRN{ix2v;+a5SOXxdN-*td+T~(u!zJ}W2EY8y`AK2stALy@k^iZ
z_!Vv3W~J!+F!ZIwA}xdp;@V^VWr}e>m3vdVYIC%ua>Y&%H}EBYbP)RYDs>Q$K7*G0
zB;ih`&9~icB-RX>(}s$sbISS|czLrUbE0C7_neihewb9o=9;jsG6fgJdB(jrKDi%1
z52;;)fAXRr@SG;atydV{0|k>ckuCFFqT(>T5ZWHUO$gGgXocEQtn0w0Ev{OR_nxVi
z;f8}kMi;>m$xJ2_=?1e89r>4>4~5eT%6x0U+A8A(TKAkHb)~m3oIBUIOtn*mV{u*M
znP*6YAH>qtFS?!VN`HEQhRn&!(173>?MS!%1UjM5+X_6|SIJrMoWTrojuW01A0s^~
z<e0hl_+7p^;CC~dlu_Vs939@mqP}1)exLRqdd}ODe_@2jOqDWg$K9P{MWz=I%f8y9
zy5;J}bSB3f&D^Bxc|Gg*lxT|H8NXwfbYq0dUfC&tKK}s9HtsdH(Q~t!u}%Fk41y-h
zaG*UX8Z;5BfAAx_Dw&ipsQwrhOySwCE5zUgNxA}q%}l1j@demoAc_cU<oF_`1tuS%
z%ALzG5hq^THAz*KqNI__eGqjw<{ndoiW7Z<qsHuW&O9Eo3bY5g2HIh?f7NS_s#6u<
z6H*C|o5diW-$unlsR_ZJGt~Mcbv5!%DTO9z2a9V!9!qKrls@~4c+uY@zM;S#7BkD9
zUJ9AT=vz%5m}V1>DtrcwGtZhb5VsUZS$6M7{lG-w{rDz6OUzHiSA7^9r0bMS^n_V<
zGOhhg$4H|Wd3BIhVhy3v^8@#uQ|6WIifH_HqyJCxc%+kMbl7uvZ0-~H)HsekR0`Gr
zN1&8p#0E->KdimH6iVK$Rmk>54|FEB5=h2x5tUq)T+j#`HN1Rf4Uy9QG;^}<VS`2&
zgws1$+7M=IrBH#-LivGk>cH0g8i&Qv!#{A#tMJQSDVA0JNh4DHgD2t1X7jJGbT2U4
z`I0Gm)4<bepcVQj*#F)C|1%$m>ZgVmzGTSKfB267*?jmf^s$MpgZ00b1^*>QDm$3}
zn+~Zm`A<#q-%h7^@sfGL@7Cd75nd$LdWhXWMGC8`z~a#}8rAq{5)R^|#7+7##3_dh
zVA!hFTY93Z?IMrGs2!qP;vGM5R$ee#O!jZPCK|<X%8ySBwmMv|v$p@db!L1#9n126
zcSC7rz32;<xfmFwn8OaSm!P}0<cLDZ=O9KPmIsVIr$!*KI_(B&4IMHO4icDiL`q>y
z?RG?1p>o0{q|PDsgO|Ok4LV^!#Hz~AAPxf}BB}V~8HZ=&?~*Z}OfV)y97pY1)hg|$
z)$DMFz#IC8ao6`Hw-|&D5{)&t%tQW!`_@WNF;N)Gq%m8KYOv*4Ek$afP8dXy)Kw}n
zSvC~c9&jR3=`1>ozGa>-ngp><YL@^<zyq`Etm%d<iq9RGMvU>kTIxd7%N_cesaY#d
zu&Yhij1?1$dMG#_+YE6eAJgR#i!XItg?YEFSa5go)Iw!A%lfvN0dL}1tn<~F?y_nw
z#%={9SVnZaoyu;+*DNC8C|WD^<CzhoOb>D`-h2Uvm{{$z50F6_&h?ROr5YGgHB{qu
zy-=r-#W*KP<vYu#q@)Yqr%}<a7|r%2Nw;ojhRN8|33`G^C0CpIE(_-TqrF=S4H2Fc
z5@D1=8zaWKs&~qxWf^Ps(&14=px0;Q`;;NXMAG#2yuAvfD^!jIe+)b0p(#15QIxCA
z*nek5bH-!C4H0fvr~)4z)PR8HHX#%J-LQWjT=sf;`=R9G;^pI2A4@q=W_Hp7McD7^
z>}JM<>y_rEJZ*_-YCifNVD8f}sx3QARO%JF4!#R~(|ftRu_VXaP!Q<k{>#q<&_9nn
zlSadE3)g6F))r%)Ps1Q^COLpxYwNlZUPkXO4ny#^K1nB8a&DW<$5DGGWg2z4;CiKJ
zrr`|0No$j$8HveTcMy$0HJ#sQ&VP#Fpks8Jje2CNn0+E=x)cgeje=+nHx^ynwL%16
zNMIjuREezTokiCuNDMmGX*{4^>pbl-I4P1uyD^mp(#L7BAL{^r6120;Gh0=NakbF~
zM78j3V#e3VIQQo=uvsQS=4u-*hG&8wFb`{|)Ejcty~^EVtrmZ+jm<79V+geBq$N<*
z5M`z#$KJkMi{@KbBYVE^Yw@;qbDydvYDmjU!E?Qt!_E2-=#)6~XOW%Y<~OsofU<Es
zAm&|bvf0k81;YCo=hfnJt&+gUR&F;B36S_L$>h(42_pv<5=%XSLFX5G@;#vHKmB~9
zhES-BHl}ba5!%kBZsPW^#@gMOi3#(H!dEz_T-$=NYFA`*#+sdJJ^?r%bqU#)_oq-i
zBqe(Ss$0?C46rtZ9%u^4s|L`_YY*|^;XeIln1Dk`q9<^Kc+sIbdqai;M+WO7n@?yD
zytmSCzP&xf7kXl%dvVcjg@^t(^A_KbUcwVPG^yJ6Bd)J(M>^?=`G0%S;p_BTA}mR8
zL|rPy@+8&zLAD3^xL|p%@I*7B469?AVh)2<<o2MOF|q$#k>1b;)n&rat<!9ow%I3q
zhn-$Ie#!Fo=U>TE!TAE~W0xC3Qd-R6S@k2~ieNs+`THA&?GVmA(4S!{t%fzZ@DAI@
z*DYPqt_8~tYIjI;gHMN%@r`j8s%j)c?QW{jUGLgetO6ieBZX!@|67yCKO^+fBE)0!
zD<2&E^_V5~|8s;Y>YEs=I+#2C9}|^=wC(&aMDKGBd&>+U*qEs#3@T)}Qlz8&FEu5#
zh@F{o-iJo}rAeZ7oGR<JZsjuY@bCP71i`7!g49GL@OCSk&CCt9N0U>}1iIZIZvLip
z=__hMQPP3<Ty7V7k^Wf>m9TtwvOKX=91HcR9-(=U3P<%9%o`^Y+&KgcD|y&ZA&34G
zgYQ&0(4Etvl<I5W(e5AoEX}W&3$&w+dv~sGg{8zXKPaYy;T3gI1H7&wBnW<Z_3hU|
zO88`s=_8?%PK#>A00_gBlgoHGCg=2Y?>od2r=H43g-;#MBT^-7hsvlZEDH>&tjWxk
z0jE5SJ`g32sK4c_2=P^*0-aG6DkUK6!{n$Os2(rPX~>F{+;?}vDYcck(A(!m)U&3$
zt+@^iL97XAIrwZ07JC&#HvbYw=$}6G=i0s+hw*78kJa8Iyw-|0%oeKWC1aumS@prF
z6>b)3=3Jm>**wFjHM@eG18mTF)-+MSFNMm!EU`c@*McsL)XKZs<6UB@)=UXmX74FW
z@5*K|Lo2*Lht~XkiRBB(pXe7-Fq}Vip4NX{TH-IT7uijZU&U#msWfk!pOJ*Z4{y^}
z^lS-iZ~BGs{Dn{VT`Fa*uU-Zq)M`1-h3z6G@BI5sd`LLe$OrrFn<mbG95es-oA_Tb
zb9E>$r9r$;veg4pdIU&9++BFE4J%}HVPP3KL?^-@(tSwfd*fHcG&U~to6?ZLr2?R`
zrl$2G+X7X7GLT4ww7pjisVdjtJRI1#rs=7R-{jhzw%K9T7b4{Q;bO8i;rsc_da(MJ
z?+(+C)1WLG?xijIv4uIMU)y1YGPM1$RucYsWLJlCgFMuBM87%Oc2Cpc1&Di<;^}#C
z27>2#iwF14!c)3S2#0X2*Bxy$-~{-sg?u*J3j!B2Lfy$lwj=L;*zVvab%nQZ(-I=Y
zRlExYCu{MN9a3`8tB)so(-;lPlMra?j63Ma)fGcv=B6VG{)Mt9(wV!d4^ch1OO57q
zQy#YJDBop;`s~O35F57tQ0td<qKP%2?>TpH6Y7_BriuIb1IxdBBZ-HxGt2XVZEN8s
zIqdN9+u>8Q^(`x8`@99wcSI=f<E0>k|5PmsgXM!0f%PR4_p^N0mh($p#2#?GiH>%?
z%_ezp#k<}o!2T@T)deM15y|&&()aB|g97KOto7UdQaf+%{IJ5+kU%<nH>|1<-V5$%
z8X8!C%E@&uUNCHeFt6-YTW(pn7es>Hxh>T4A~$L9cKQE=o2}(v5kwR<B|#(w;d~4<
z39S-q-^eMwa%u}7!Gp`_9XXO~S=6qPap!L6C;6d{WLr9kjEMi~R>pBzG}M)Zb~Fh%
zF#$O)`=*+{Wk%7V-S?gjUR=`CoVFW=7Tuy6)Nxs*!q8T^NpM5Ckk)0g=aPjDB=CGP
z@SP#h9&4YPb5<I=i;cMhls^5aT6<bDq24fK`|(vh5W5Up$=vVrnzi91-27smNV=G3
z7rAc5+^I?9x?lzMl0keWwgCG!Q7dcH(wVokBqwKYG`=#kwS*2Wsm(<K(^y5nfXLcE
z`@2D;j@TI+YYY)C@2Pe<{;ZA*e25yJL^voGE(xcct5ZdDfdCrWzy;g8QvUu<&aR=m
zh}TMDWP!Q>1%4l)mDjoK{a)4>NXU5h^h0FqHn=>1kF+FrI!b=SHsjp+U9bvRmdGol
zQ(iJ@l~><DEOFrfBt0%nrA=!EPQ%=18FG3rZ`H7<(Ce6dKak787@sH$<{sL$r4O-2
znr*G$P{prjQrxSUPPgSi^pv%MPQ4bJXp(j>TrQ-Ky9UKYIlBTPQ=3=Zw#9^EFVC_w
zfMR7Cv!)8JDCQHO=ea;&r}|E;@JK|$Y9q2d%0Q4MGvus5G8Q-T%>#5-q8ku78<^#l
z++p)Gi0wO`LknyQW{Vm;85>rM5<DL#OTT4LOcex;728ZiZip|=3&N-6j;~S|BCZ`L
zXvhd+TDskhl#zT;FDx|d_5E%TJ|?Nqd2AWA{YdEvq?-Kml30ePa$yvog=a!f(9ql1
zT1b-fBWng5ixRtyhNh-&Q^!@G#`I7*TKWiEPzb#kWjpK!Koe}}v445Vx}LxM3|z%G
zEK#1RR05Mo^dP=^1}=^qRtOfQAFfdkh7*&D9#Tq%x)$!|Z4_dvvq`Ivo>KY*A;b0e
zLpY&>$hdS0h5-tBv#{BGxo_#1hGBIEnPd^Lj5<=a((H(>5~R+o;Q^$<X{BH5{ZyJ_
zhNpS$Fya2>RjSTVMelm(>JJ8!vzo<_RH_J4lzFu`8Fo)B11=k*tyKw2`UT-|LX)sG
z*!$k>>`L<x4oMC;d8#C(71JOvVWMv=yG+7q6wAWFJ>|@ZQdm5T&*cH~zD}OL2?}<5
z#bhQ}eY7SC+k_4=O2fF{*%^%nR!^||0OH-3-ApNU*&1{f%DsGPFb^UxH~!*Nh{w6}
zi1!1np!09eXHa03=*)6hHuB08gQ4V)qK-nFYj20j89YtrR296`Y|5V4*z;Kk6A1Tk
z_StGbCxtEPm<9~$g!N`a?HJbM6b(~dE2m05)km7MM#n>(vN4BGJ&B&81uQejDbiv!
zs9lq@#rav|N%N8)nFQl1$E;1%fZ|h8^%}5>ha@}Cj3dTAbU(8M+`vpS;W_8h+&%sf
zw}YF$t)&5%opL6yF91p8B1RaQYIRq2iOXtnVHWatMkRep=tbaQ#Y#D5S*(A)k+4s?
zLnD>}ca_%HJY;<vlL~FK74?vxOSe!7!KY+>=~tmL6(kQ_wJZo`T1au%$lmotXlv5o
zOIF|&9@5MYB<v?ha2b;`;kD}ZC6XTnP1l~rdPS&{e4r`A#<xr#vXn^4Jwe3NB4tlY
z!}ZSA6QODF%9o8}SUIXFi4tVa2(3cCWK((Q?G5}Q7%th0sz<SjRV54Ub|)onVF=dm
z;d>%Szd0{|2sp?R#TF`Zoq?C6jdkSJ9zHdWbr_YD=zoeCGiRkRRl@xUIpJWBH*Khz
zgsu;+=BNU;^Xnc63wgsU#cRX@)%@AaIoh>>D8rESIR2%^1hr8z8uZ$cynnwhDMqBD
z8xtkK(={q)e#gXgtF($YC?m0@;xaC<;pac%3Pm&=F%9s55cyD@>18@)o#V@%L)o<W
zg_FHfaO5uV=WnnP-DCWk7RyMY_jPqbs>4&-%c@55I~c-fsD#G!9Y;hRKF+s;Uczls
zEzW}q;mH)z?#To8ZHi3hgFul<ud>oKyyo;*FL`ENN{b`nkOp`{f?v4&Lp36qs}n@a
zXrVjw`vTzDM;y3mxEbOjk+{g=H{)X8h$CFUm-UI;GVSgv7Y>ne+T&K?L=BP_qpVU+
zLdZgKIS<-!H)r0Vq(g@4f-|iJ2wUlhwiCkbxL#f2&wcue#QQ+kXGYgaXgtI@0zHSd
z-s4=s_O*E#+TzH&aT#F~98F;RIb%5b#C?Wix1*4>4)OhEUgF|Q{*3SdiX6Ct0`Mrr
zD}P`9{M|&g;s2onu%W`753I8Xa8t+|-=&}(_q({>*?Daf#yuMdq8x|YOGW6{gH6*$
z>PxT}n_QM%4K^0na}*Qsyhikac;0-ASi}_#Pe;%XNslowQ3%f{W80xBzq8P|!Ups<
zDeXB2y|b9?drS<&sYTG|N5~4&cL}#|Mo`=1<k^~DuLrl+et+JFS7<}=d_^0UdDyX0
zSPLe%L!jJ@JhsbW8WJgVAni2duFj>j>03Ckpy%D+e*shFwQwd?l`UN)Z}pI=s#XZ$
zNoF}%9E)4^zj2MSo;!{k^zD%^pODvf0b_3AIA<Ump@cZr2S`;LP!ydtz-TR2Guar=
zqq1f?!Wa0>FF3SD=UK6{*%jdpt<J$2P}E$Ch$xESHlTB%Y9VQh5T#P|QgNIxwzwK<
z(3`M78bmW0!kP{<vPU~wEG9v3jZE_~3ti<CMJ|5$F&)sAyN7&z8(ZIm_=LfEq=GMp
z-JF=A_bB>_gWPc=%jOo{kRRQkaqLt5-Gl7^uqc1PD!<Tl35r|~+!sE8N<R@%b_(}*
zNWs?3&<u;6DjT>-V>vJz+7NTLqUYpudKWt5W%Uc-wmRX^Ki8kYGa=lbN>SzHr7?#!
zO;31QGe57G$Y6dnj7^Bnr@ne{8&60dWmo#Ui>mH^aM5?fA-}1+oNW8yBtVvr=1$1B
zv52X=!ydyA-I1laOX{bk`$-wZRZKHlLpQzgfKTj9u<Ie;7kwm~l2#KxRKLEbl1!Zw
z6})@Y<x)lmgWnsf9qiGE48B{X8zwGyNl$I-2X%~dcp<#H@ry(t|JEZ?-v(&LZ~0K~
zHnh5CMrV^gB{42K5tdxoqmDTXU_fhks?7~V1#l!M&kr7cmeOf01m0Uxd)NywjVs~z
z)Wbd)v<Bg!4Mzk=6N$PblpCn6M#5xJMc~?NH8NCCNZR20k$)FaM_w+c1Dt#{8d)pj
zE;>{c!yJB8mQ`{1X`pXrjkqcs;s4TxK>g9FHm`Jplyq^1Fc!l%$YK}cp`ULF(5GD_
z2C;&(E{y)kw2PRiZls?&^4ot#j>KUXnd>M_Kb1VhuxLay5Hmbd1Oyl+9~LI)6gJzU
z0O*A?ps_(0X^{pDYa4(*g^6?gjJTX&K}edg)h+JCQ4<6Tow>qT&q^In8VphIUb`H^
z4O`oC$fR@&tDm&g%Y`_s;tHan_&~^Zjp3%<L>2KQbtPR=87ku(*ym@mRmyb$#DA@_
z)GOyD({=X`DW?r2ol~9nwt*-!`rEKM3}m7@wX(HoEqR91eb-fVy~=gyg`64ydqR|s
z^)=Rri4pu9Ji&NDbNKsjG|kHTGFOqWcU<K!2G)PjkoFIISlPzmzj8tUB!ooV42|vn
z=}P<88%kWS#1{xFguH2UQR6FeIvBV!slpJpMJ0mDOH0&<UUSNJ@!KUKzR+2BJYlEz
z$4%aVI4V*Vx#NrL@wRVQ8flH~H2pU_FimBO{*Z)8#B{<&NU#z?=yl?mjhL%dz${=i
z=&1^w=@b|WHils_0kuF(`1;5~V9%>p0Gsu@&>$Hu4ZZr4Wt<Hyq{qF`NpLl2kg_D1
zGz}BWf+oSRcz7zeZp@L?JkIn%#ll93%`s@4=m>>6@d6pr(FRuXqg1y7Y2~x)=I7#B
zFUZGKQmQoE6YDV<q|&=ZxuFl~#u&HbF+tlDw$e|#dWoHjZeL-&Wk#4B3bKjfhbxFj
z>Th2)1FHKnP+>Sx*anOJZ9&tyjyGTjv%b2*RUXYzqwqAln&-s9pY<hRa)D?@97|_B
zDyQV<m<i;*wP&?Q>gQc0xA6Z{&*cei@i6}Sk?y}VU5@`uj8HW*{-?w4UskLHZN>Rt
zU*J>Pq9Ve8{2g{kAGwHH&_x&l8{Ezw_&rql*7agb9I{E1c-kjX_kKV`0rTfK-^6{+
zJeA*E1#WShyrZ7kyvLJQU&=!lh??MPFGDdNN9yk4B##XmMa$*SNN%192epGmE&L*$
zBXEas_(oIkAu3M`-O*pcaOzEU1Z*m&=jjA*F4}sz9L>bB-d1NCdX0Ob9u1r2r*4{y
zpp&CRioMYh-qG#!4Zu@!(8Gvu90idvOAB*l;v36wsY>W`s_J`~(=?Uwp!#{}gNkDK
zW;ENZm@<YW#FCw~+AGcNAalHS&@>s%onG^nn&w37u123<M#tjA^GNscJXgs4v%ocH
z{SLRekVeNRe}#%-JkPhX=|8QT1{j?EgOI<qrS2G_<t^TQ%N@U#V86vNo@)>K2C*>4
z)sWQqIwL_5{xXg-*L@}_TZ_hpm#vy#RS=`#UH@1c>m-TC5f_fg_66;avp5+hYitw3
zQcOyq)a(X7_#<^okIc4iZnkbn_dK3EcUo|ez?6a?=t`YknUTCv_+4ThumH%LN4YA^
zt;*>}OQp?De0-g6PleFM^Ml9AkgX8VnC~vSr4gxMfk}rc5`y$#`hjX>7d?aoJJa&3
z*%C=87PDZ47kQtDu5jkIE7#vA7Y#HC%BdTHA`(iAgf&nnmP_dVux6x-(z|De&>`t{
z&h&s1^DU_F9e+hU*b>Y$QII?uxn0iY8Ce8Wb&eLSdd?AUxgD)0A^ov+?n4w7??Yho
zXF)bz!BLx%4r3Zz)`hcfu~;F^Y^XBn(o-GKk@s)0!eLa-|2(>J7`jZmUo+<SmyY%y
zwhjCjNm1F!+=_(pU&r@LH$(YC?AgqHIaV|TUqcl5;GsgBs0fu<A%m!>{6U2!G+VgZ
zRhAa3@!UI=?`n3y_IeO@L<xs7<iI`7B`iI+I&L$trfatOeLz=w_YvVXtoBq;nuRuc
zH@`iDZXnbS&bZ|@I?!WTWL+@|d2f@%>vz^Pe#jjWn<ETT5EpK;*NsF6D{txeIj58d
zfWTHYYe=@|gy+WwT|7nMIWi*IQ?;V(OGQEJaO9!rqafU@9JJ1QrJH`-|7v*{DZ3bz
ziMgvSGFiEBdMDpgx{*3z{L8@=S4V8h!BP};=zn*nIt5BBTU5Dy!oeIoxBom>L<V(}
z8%##W*l`zRE^IODBq$({=JC_O^umhX*`|KD^;lS>jCd>xa2lklm7SWICkifdACNC1
zFuNVVgE$FOPO=4u@IDR-0@QR16NR0oUqTOw`kT>Pt1J)<kgV7MAXIV{0RhH$TrOjB
z2szrq7X)Rym3HwFy3~a@YRqv<lPC7vlCsQB$#0w7F;3G$D??P$L_)s|TLt+$;nWGU
zI4)Vl)V$x|E-Vjq3Yz5o;b}EA9YN^~zxy0i=XXMGkpiECFOys@xzBP|QW|jjBuYuj
zPUmQM_mZ)zl_#XNN;;!)8mm=(eoK5>e*U)<>pv2#T@|LL(N{Z}8O^tET>shB`#(qL
ze;=GGjW5w`agm>Vy<?(-1{MqxJ&Fc9J{AdVKz|l70IWVPNEtOWO_Yft4a<}aQA-Y~
zS;4wWvZ&>!#;gi8C_I#sd<Bt(_F2~g@Jh{6^-^`c=E--<lR1q<2(<Cj$K5f-ahmto
zcZ&CTBXatW=eD6Ri+^|RT+@Ryo3@Z|%JkpSV*>QIA&InyCc(c-C%SVVzQLbWGtFPS
z+Dg0hzEfyZip(;*<UaIZwBQCbAeB`^twm8Dm+VxWZ1w-5>>GnC+q$khwrxA<*iJgO
zZQJaiW83T#+qP{x>Dacv+*c32KliEHRcF`vv1?bIGuB*ljIriOy5-R01KBf5nG#6D
zG~NfsFTX+z(rvhwcOCx20E5spJHjJGE~d%o=pQ6kugHj@`AmvWMv@m~ADJ|CGs4Cf
z6tTxF%Qt}jy~e&INp|;IHND?t<!n#M#MD2CLh~4wPi9*}HG5pC_Srexa+|rFB|%4s
zZK8J$Et@D~JaH=RhEr<W@j0u&KB%`2trAt@fYPfm>CiFB>p;W3vv+}5EsCK`rCHYJ
z)Wp~?>ZDnaFACkZb{6>sn?RS6K-`@!CZ$D0sB3vpD$uedY4Q*WUDtHmsk}XNsv$mP
zYU}{btFzaZrph>`SJwbA0$+w|+o-_VG(1GnS60v<YS8u8I7&hI8_-Mi+#z7zI~z`k
z+u(q+G-_7Epk+0{c1pW$TL2fENWT|>+Nr)RW$YEun*x21qVeQNqeI4ITYrTn-S~1-
zN24~+R;j)$KVe*@d#-!x`m*6?YG%Z82E!s}G+F`)PORWY*gAY}H<#*&LybXOZf!03
z)u?}cl$Vytz^ad(o}%D2bhhWTlg~_4l~!1u@FglKsIhmIN`+^(B<<JH;2?Wz4R4eS
zh88d4n{X+l)NEkQ^jf`Z&bM$OJ1)8*3H-6H;6<&p|EWoMCLo;GSUh!^c^X|m-z*HU
zFOUB5E_JdoldS1hh7Q%jtMhiK4AD0s>n6U)op)i{WoOb)_40GWpbD0Qw`Xxtzk6l#
z#BI{bx>R-qA_G=OQE!vQZ6Na|ys$O6fQGts3<pPTK6y!5sLxhOnj)18YU}}VnbW1v
zX+7JVp&h?{wu45E5se})Xx)Gi(P0wab5*lJz*#k8>T;o1M{2g6CQbCQ3poGG1iQSf
z<ANn-4#!$%I`mm9KzED!_rZdQ;b{5=%u_CNnkd@6QJ6zSDigK8ZYojLD#o<snx>lN
zHu<Au7kMT6UGsayy20<eiJnOF2>M=@eRXL-L<8ajT9z=rI{{@LpB!2~sJ#fWh)*4Q
z*2dy$D_<o>xf08TICjxb?}{C>jlxsQQcYnW8S!pjOvGhE2f^8}66;5EA}3q-DLjnV
zT)Lh{b76+i2|BBN%7vbMrHED=C7Alcd%nP3#jG)wijFoZQV&@&*<a{k0?EcX9Dv<T
zC;m(Z?~)!YRrQTdwsB`k%SDF-R`WQ3Z^Z>aTa3ZA=Eh<g7vo&){HdUw3?!J*VI?g1
zdpdVDCHx4L7{mzE8P3dGy4aR#`++)O9z>{tp7=o)=BX{Dvo)!#2c7wO5Ijo#XbJW_
zdQqQB9{=c}Rd~kJZFvJb4F#6o!3b<FJkQWQu~EFmPE;U;X9K7ISl+uLN1vnA1I{IJ
z@jkfG+;g?pz$nrCsZ5CUJ{%^*<u~2YVCyUgwBg&Y#>!Lm5@d~_F#R#-!5Z+nCq<}T
ztBvhuYm0byQ#_cuAirw(@a_aJ@L67<r{!YOK$^D;@q9MSEEH=P_XG(v$Z7%LHX<o+
zb*=rrIHj4zfE320I>kj7qF6lG*YpYXw602#h(`16)=Hw_Elng`<Y!aEQU+)fhGT0-
zf}SLf)g+eaYIp$D>s$;Ni@OOKWYj*c|4fA96B{t~ZhHxlb6#CT@!Da`QGN#~+N`x4
z%uVFBTENe^)JE09pKqp`BjyMm0$e3iiI8`y&*^Kuo|LkUX$_3a=nv*jUh%SyC@neC
zsU^+`yv4H{^%?~kN2W=(1$5GNpBTsZmXdL^M^M4lmq*FwEPIYzCUdpoS^!wuOh*Q3
znLy=z880#cSSyTri@4&Jn>`=Z^m%m*#@<(jO6HR7xC{B=%iE*oG%K<DI&>Pud12(n
z)WN&5blGIO!E*Lhk#|}N;t9){bxMiU!G}6>*_3@K@TI5v4~+g}@H=V<mDV7i;@NZO
zkf18XXUk5}eXD0~YP;kqw`Z=Ti+mgOPTl>>>qi9+Tnh@AEx--JlW5XK?s@0~6*Nea
z9WsJf7QW&!kmnUgR+ZU2M%PD8ke%u?dNBFa%q_J|!5Xbs*{If&82V=Ejg42^sM}Q*
zwcT!;enMUacB<?Np2>lT5G0a>rcH|X<#rpLSIj8?!B3MEJcnu*NK-5c-Tl`mAAO_w
zt|T}(7dV>a`H6HjjTz(Z-^FiAonyTS#czaL5z{W2Ey6#Z(?$`XV&1ZWAZn~4N4cL3
zlH9IslOC@~FdZdHf`efU<}}8CP+#uD7YeHD1>c*f>!BmupkF9^5L~J~AHEd}&Xq;8
z^wTqcT?6zH5%eG?!A~ZLUFB_0`~kjKMqb^B{52hj#cv$^IkWgV?(x1kH%f0Tk`>v4
ztL5h^KEVj3Z?pu8&zwG+z4Q!O_gmx&g}oo~6mxsKqg?181*7ygQq<o4^jc47NxlPB
z#LHO;kb8&dnoq1rdPQ3#8R`|L4^*&~)TqwTW~h_2s0CZ{$4*2J;s96H3IvPq-n#Tm
zGNtU>^>651ba$7<Z{I%=8_bBSF}_<DQ#+$!OAx^M^6X}mZ6z#pB~QK9+J`P60tWD?
z=23LjVNfR#d$+FMYy0d}KJa|M<wR-4ifhOHFxy5@c>(b*xe<F~v|QP3`4*M-t+*5z
zh^|~qBtrcOC5eB3Ds^%mq2|K!#e-f-wy-i0X<`GP$q2+N#$uJx)9D7Bn&4n6Cegh0
zoa7qAG{gO@g#fMZT0fX%vF-vQ)V7L!8}cQH)P;Amj8+o5%zJAps<uVaS1pcCGGY*K
zY{N(3M+7-2t==L0*hY(aT4-zlm3zw+jQbvwnH=?$4Bv3FSlvebkF(1F$Qe1?R$jXy
z_0?OStQ}z9S~=i(yX@+NXiFU;ml*{O;{6U?!|r+#-RIjo&BiZLrQ8DgRCMZcL{*of
z_lAL?m~!96>xUj+1T=;#L)Euv+atFwY>fO&fkEj;_uL~~wZwi(#NVzDo{`8yn9%T4
zV-STqxp^JB{xP{DyI|wFTS2c(As$h(VadpFg9daL8B$789L=)%({B7k1%PV|No`@;
zx|5SqnlY=i;G%xfu4%zvgL&~C2<W?tyqLu!F<39BD3w1aJAo5O)mv(QWWrr1I|!Bw
zk_G<+o{QWqK}tXzVLB<pPibj(*o&%cv~?}GwndK?-OD+F#Na<NyasF6Y~z{B&yQsf
z5MLV&wOIAfElpe`&{j_J6v98*(KR#VxICKl`fX<l^}2UotPPkh)n9HNj*%&lpK=3k
zF?=D`@#7{d?54sASGMvq?LpQhY&I9QrippzB_qmSaL;5snODBlA5-iEU$z&S1J>=x
z?$%*g5aC&<r8UBud-7qqR8=y}(Glvz;+Y5`R2JX`_E~~a2&OM>NS7?~M3<_8c020C
zXUAR>@<(y6^yg3RLq__cajiX9>hjK0ddGCy+<6>T{9EX0kEMn$_cRUPI)WTO*jv!7
zBTh4RRI_NHDrh5QJIM3n8p3mVClslE44rLR$e7WKV>7|Jh+CHgS*cWbc|d?QC3T3d
zij!&v0M4e(dHq0Un|1dP<k&>~(T);Vk$m5v65aljEbh@OK+Y2pJJE9es$Fzq4*fx7
zX{i~60daO|_yVfs^^S$vth;uwxo#cAElk`J7UJE<0N@!=J*fFx&uY;gmpqMJy!<Gg
z_VLRYGumer0V&%PiymEh$<F?8U(J6VI&>ZSDfEM4hSix42@YUzhqo#%y(K~)g?d*d
zb+R_y#aHq>;Nvm=#pB4Azl8qHR{R9v$0vluJJHcr>O6h-mW(s=s;Y<DjIUh*-4mWD
zzhv%O=yioN&T2SM$5EHtEZh6z_f^@OtqlN$`0!1q-(|<qf`JXT&u#c4GR7@QqN?@{
zWC4FU^M+ql7SmNl?<3Y|p+}<B?J-{@EL-x-`yEP_2mU*%VeU(82xh{waAM_D#fk_P
zM2QE#$@dK@jW#L}@3w);eo8G()wT)ik_X(nB&#WAt>*_I(=l5D^G5I$nDIsZSH${<
zIeB~6vqA%6j#Ga*QnW2ADj3Z}5VD#z%;i$phcxJnaeus0zjxw4-h8n-aLQ;N)C@se
zKuK6#Xl>?Cg4nZyB(8Jz^~{DW$o$8QTtNJcTn_AL7rDKdSu9=4e4~8n+!oT{=Y=(G
z=4X@71B_fjZYPn2GtOKqKN?`8g&CyLrAg?EK@8#zmR(t@>A(w>{0^K6IYHEuh4VRf
z2C9c-k;%*i+I5yiVcRK)?py$I9kTqIIT4DGC;3V!{^)&GkT}LOB#12Ff{#MevXHI6
zC65mQUWw$>Ml5OgOF_y#20}tCgQb`pVdh;u#b8}9T;}UO)ViAOA+wK)5;hJJ7Lk%e
zL+0%;J__h0MKp79P;0KUB^G<bxLXn^drk9xabd^xb4d-q$?05-2h3|ptmtJpf7y`F
zr8%Q#nL>Lr@gyCkTy<h>r_j&Xdx8Ofh7Zn_0le@M?YiIWPJpL^<m&_)Qn&!5{Zj6C
zz{M?c5XL}>8|4HC8uHHyS9r2YfIGfo7VJizZ~M&0Q1anp(!E;=cQ8ulRWc17-o;Th
z_31v&TOvhnv-7ZL&Z3dp2$+P+MaK-z(|4fA-%E2=L6L)>`F`~i2))D*J`O31|5ilu
z4hC_=obQ6TCn(PDlm;ls1t6Qdqx{cB`}KuMt^#P)dDNiNUA-T;+1u1~YEB*z!?-r}
z=<k-fq>@*W!Y7f!Fi|2_c_U!B-T8MAWM7cuPpFnpuyDH)NJ|-G{UHlwFf1I-1a!yb
zXmOB9HKe3eO%<Rivm?T44f7Z20|!82<V2nG@LeK3BY7(QXH^a7*j?fci9QnoV|zwO
zb=Is0;r=xt_9U3{u&`ekNGdD{d7lMeOg=Ur(KeCDl_y9{Iw@*0g}i#UfPn{aP&z2|
zeuw;UEW0a-e}QlK<~Q*>HsLkJy*x!V)4{~@cr(g6W3v)()kx~bt4hTVR_@(5OqEtz
z_y})!Pq)|&0||C+My@pzgOr`>=2}J;3}G#cL`MFl%%S`hW=xZmbT9D4<aB9jD_8l(
zj#6@O$;GFkl4ZWB9FAHemMxP8wXeageb{-cbcwswe6lW;k$9OVRhQU4MFHr|)=cbk
z1zhu(tj5-PfDQ#p<^CP=tkO~QKJCg(c+I0xmpv{={Uwp(y-{KAss!|+8AGv3nmj@)
z7`PQVso1mR)iT3+*z6iw(L;e@R&WfpXb>uAkElLy3-h?XMTx`S8mHN!J@ma3V(TK}
z5Y1SeyxZ=LgJEX3QMWyg8*U3Q*VV)^?oMwRj{Hr_#2mr+ll|H>nfeKPV}If)lO&5r
z_)%vKx7ggNqeW-qvq0|k?$;*;W1VMSaT*!5H+FxHYp-TQI4W%^w#qzhTS9L3Swh_(
zBpy^rS4`>Shtt-4DU%1cf6{5}m8U4^+o(o$TLW3233|+#+2`)p{qZy{a6*m+ZS#2B
zlOJwG?ojolL)<|+##3h3ys*3{agJ#^{X4g1G6&Qg`Sb<?o-AFjSb4J9Z%e#*<@Rwr
z$hUgy++oyiR4ez_o^U&}I=m=CzG9yd-^ZSO?A=4{_CuceHlr5tHwR*_bfX2QD4rBH
zry!mfeW1?+%<*<8p22+5^|sBP;d})7b${mozd;{=g5k#D29|u~*EE6z(Q<)}SQA7a
zDdR4uAo@E3&h<St2w)7PO>aGbY9DFDU0S;B@Mkxy{y0M3RRu)A%}){EcZAV)z=^%m
z+1K0v;chk^<JH3(e7YU;UQuszA1!e-qwBZFZHh?&&EmxNu}fL*H|>hy(cKp3xd`x|
z%rZrLa&-xIEyT1&>E&-3u%S5e#yH;*0qd~M&J39zX&I~L1Vli@7X`G(Bowvo5t`gg
z#$#G=w_)VHp+9xNRBYt|z4<6Ia;5SKT9O=DfJBE7si=k4jCSdzip**cllNFGf7e8N
zyfSrntJ&UWv^=Kvt!Nb`NC@DUm}gh~>6^1OyK*B33$FHLl&(un5M6hNMXMHI0#Okb
z^I}q;U@s;jY#4I~JPR}UlgPXBwH79_#J<TS&bGrm+{9*ZUNcS8Od4y0PT3FK7O>zj
zdrwGroDbuo06Tk!MG_fzt}M@#oA6ySZ}l3_`MQt=G*qrlU{=b8Pdeb)X)lc49K~0{
z?S|l(?*oOm-?#AaiT)1!Gimd%YX-vHchGmKhZbD_a`!UEKHj<c4RXU}PJSZWkM@-U
z@1(CaKqBe&u)o8wOk;mif1Ql$DBjGx+h_F~-S>0A7&-~^3VoB^8Gr_TjooEBsjUQ-
zNE~{-OpqVfH|PoHwK^M`tU)iS9Gq1cz;K4&vvEp{Er}6u;y7&sye~T6t_C>RfR1T}
zE4q6KluI;R&^xN)BK4i?()&tV_f2Ixl2Ca5KWXXzPpc*Q8{D1AKT>M{{|8Y1y$2ZC
zIhxS_EBid%W-qGtC7j@W%~Sn5?DN-a{MS?d3c59Ma{AJ={^Fnin?!6--mpa$MEw9y
z-bnT@s8A_cT@6p>-*7i7RgOZAWDF%2L8cEe5lW%`3cL0D1M>u{`wV+uDvHuE*B`=^
ztwG(`Xi*VH%6&M_8FJ}$NOAi<G&J?iHYYPMnnt4BaH4yGbY~c=+4K)rK&M4pWBU~1
z6ow|O=E5mt@Jj1>_#j{lT`-{uuXcQiH-eiEfBB@-Y<{m1kI8zz17PL&TWhU1vHf)U
zd>WR_jhp9)GJpzq?grRkQPhX9clu#HW!9A%mf3JPE0_WYWXQlhqw4V~HUr+R?I0P}
zx=D+(py1?+0T)Nql+r(kB!30QTSPcAe`RkYubqBa>t0)eD5;mP`S3iuniR>z@1zF_
zKHwKlJ3V~sV<=;O3uyyytRZe9Y63b#{*e%6?wr?og58BY9t*m^nL1x5;Yr?S+qd8(
z6lzlJhBz`W30fhLQ|GN4a6dBqHOq1sh#_YszXE;zQ31Xn;BeR&+4Sc9``2vl>{jfH
zK0TXMQq@qh;I+?2ZrC*b5J4L*?T5MP-^Rwp_$jph&=8%MV2*l?*fvMMr0CrTbxw%R
zdlE4-idF1n+iE_o_?JGz#dAdL1pM(q?j!t4a%MSY*b_)e(kL(dJ7U(qa)gG}`(d+6
z9KMaPj96s$(2A7scaf9{GO2xpFDO2Xs*aKK5xS~PoovN^1U{7+T41cEly~;Ik}pdk
z#le|32f$LR_mivIBUrg3?*9}@#TuVu#}GLX*9$E^v`=P1w}{9eAU?;PoSQ4GhZ#mL
zolUlnYt|vw$$J{RqZ4~p^Z7U1@j{QS`Qn$#hyN7^`*)PS|NX=Mdlqbx>bV`N3F4>C
z&ko+oHFQmYzmVXMRhrsxv_#_RMgO3@UuvZy`DYuvbXtvVhZnk>^HZWbQn}Y;mR=Gp
zGngnwhCSlBJ`Ax(Ztr%HT`OyydV+jsJYVknt#%&fsrxBk-)FRLqvHG;kar87P#~hI
zP!7tyBkb^@Kpq-n@nHudia_I_Olbr4Au0p8A_wrP<KY5^_(85rnLMn#o0LPahal9!
z9~>0D5mcEN+hj=J^BF34bBB|oy|CA&tMUMO#lpv_)3M`a5^H!%)9G2YrnGZ4>k`Zu
zFOA$QWkfma#Gi|Zfu;S-79o~ghzEf4)i1~CeU?rh3(i%zq_EVY>w>)pSJfL5%_Sw!
zJ#;d&<#Xe34HJ@XEeIU1#?)_?ig=ag{PF2@=QA&T@SJ^gx-Lp+B~H_x+a!<qTL=qQ
zLkY>_+!Po({(RIRf?UgLMfrj+7zsc$v{vDofWam~D=*W7SuRhv)C!F7N+bw2iPJN2
zE^6Fk$4jP_&6niJOsLDQKriSQ?3EG5%44(mTCB<L7bz1Z;yUTB&===5Ca%@Se&E-z
zPDgEk!$W&$4(syR>i@P!FiP>0s)lohW+&55u}=va)5oYH)}u4q5LzZ;S56pZ|D&%N
zV$}^2anz;d2D5orf2hjMqwSj687niAQZU$@aW?XU)otY21f<iLE3#W4bmNS#sINP9
z*dz{xi5z?~!cY_y&b1-JD&=vw8x7Y~i^Q9=9<Ofdv7$_aTfgpc^HtlN!=8SBFuKLD
zWbZk$S@@<n)$hg(7cE^$Fia0qY{XNS3cALr0L@Q@jD?f7lMFB7tg*758$S`<rGc}x
zPg?@*3`)!4uHFe7mdz=yRKl}G+?JMc{?|}hCBt^~*(hca1}uj^h}(&nGm2n?r;|ZG
zM49l#GX-6We&)se`nr{S$Kc1h0`nhr!D%g$nP!XHNjIvzvPH-97rn4y%OY!bT$7J+
z-CgFHe$6xDh%mjtK~7FhUnAM@t#4bc$Q?k-lS57rCs&BB#61a8qfH&Msw`Y>JIp9q
zR)7(o1U{jXlp^xgaX9n06Q4-w$5^(!>^lac7{VaF)WpbAM*Mv_h~ZlkK*P6lJy7K-
z`s;Td`E&|<e}O($0naD0Vh{hV&U6pf`BAGtS+ley^NIF{-4V<q%nnj7qr#u)BhrTG
zFOJ19=G`21?U;f#<>^E6y%PLn8AX->g`mz8j?=_~Xo3`~K<ANy2=m}FFy_0C(^USt
z<i&N+=4!C3+z6hO;4;v~HNVt4P-5H*MASz-%8gm*up1x_FZWQ%EN+7%$t&jbon;gk
zk_GHYDdmYeMj5IAU{!{^x?0Y1I6Dk3H@Ave1n1DglF*;VK0-I>o|+kf7Q#-!W@A(8
z8Rwl*$r<YGi>s@v&LB2jCau0=w=U(sO@x+e;!LTotuRc{x*iIA9%t-OCT4e<G*VUG
z*y!)ue)}Lyk2eQN7rI2)+bnY(azwy8;x$3JpsWqr>T|QgoVWaPon;5?VzX__SodhP
zH#N0DTwX11?)P>KeHLsU+WUTkA-JjJ-@)_l-O7_YzQ&^C9~ycB*4vfxim18*Y2m+u
z`^ddx?~GW@+;+4Ug0TB!!0|E7ZeyFOnPGjn6i+nS^8MH1ZfLo5NbptIXTR3UzoQTS
z(^{!)XJumR^bcQzs+1F|3hIX~Q`)gK7gX9eA!5+TIAbC68AwAyNFsfE$UrD0M1Nl9
z6p0X7x3vwF9T)<bGWFv9yivEL<QT;<u>mH(S!xrJQtf8P!zug2-kZ#9Stbc`!1s%m
z!*$NXwnLAfKJTwXzk$yBzo>M3j_5Xrz!4H!cm_^QnVmdoMd@fpEMv#a5h!wDX<2IV
zA%^j@5)RQTb=V@b%rFwaI*0jPhmU<+qu*)_qrG70+46w8SOcOmLW}_8=Uo4Ge@4?N
z%t51O)Bvo$Kmit#+h7+#!Z_?D3YUrbim%o}r*HHT@<)DB-c~7(9#_2>oSv+Ef4}1_
z3-I^WrE1tNH9&2LQ6TKgSte?+99A+et+a7Ice$DL$d#)qyO{HmJ||D)lTk25HH}G|
zhm70ZS?atOuN^j)+^yHf=&@}y0*i&E##+*<!5Us8y~G&K;!216r0i?!X#y$-gMiq(
zlE(2<u#E?!`d$f*Ovz8@v>l00LI|4bN^g_uGw(#@mkL}Bq=drM2vrc=1_9QZ5dY>8
zr)W)pg6xT@;G@ZB;;!V>t`%5d8%x#@^DfhAU6)1MAJct<fB-v6I8z9#vSlEdfj((?
z29IxT%4Y_ZczD#-9MtjSyd&BaPT!r@(oTgSRH&6As|~InfW}fhj!Uop49UwghK&J3
z*rnW*^D-J}4b&r`OW*#I^B6_tm}lrojElG>sy<bs&Nd90bJrYTo-QVx=c5+Y@JZf>
ze2jz6Ldf0?pw3HOWgQ#KAr9dKl9vguC^U@RJ^kR%BCdYy`q8GJ{+%QGTro{+rGsiB
z;Ub^P+h*O#{CQi3YR%POYE{(|sXp_D)sj%{FcHi%L+u3bJ~O_45llpyo5@O>g|s1$
zg9f1ZT`Jm=Gl|SGN?7fFMfsG<v6-ylCK@FIdOqB{X;fSuvI?`Kae4K9z_e+@s8vLN
zet*>K6Q*6;w9wXL*6bvENojC~!GdR}2`VpdJ=W$`E&8gNCU`$4_H(ZTP?VQ!$mobF
z{UkX*KGu@}n3Q_^u20jEZ&TdOyBtitYQcBBUG?V}_F>X~3;#l=2fxUt5Q)N*UV^t?
zDI$-{1I}M{z!}h*V2(!}b|DPfAzw}K7?+Qp<iOwB6CfA^V!=Fpfeet;jH|-<wNnoQ
z0-8t-Qk$U~D2t!pP*kp`vj4^<A!>1B)m*NJ0QL>mIk5ccCEfTCHg{wg)^IFmQsH4T
zAteuJ{w3EFasc-*sbfV8U)f;#WFLS9Jb`R(i#BZx*;>V8o+)UR91x9EEC|>w`{f!8
z=zsxq5Sb?mE{L=n%Fy=KNmb{<sLuebFs*z&%2)T*@eQ8K^j*Nz(cV;`YGf1o$*d%y
zzeoIGfrifr9nA;r3PTjIb3v<|)|r~)kHM%$r#B?grKa*xa@Pa%Z48&8DjbRTLLz<!
z$z`9(DmE%ax|dj8(iRggb%MX=CvqU4NiA**Zs;QAwgdQ}pPE+laYk^9%NVr5jh7oX
z8I){@)>;uaaICR1*M;lcDz<Tt*rJq_u+L;mTbouQ(cK2KPcsG3ky@warHNb9K{xna
z=#0}X*^uS9=r*}9rlF^Yb%tZ==7Dxb%eV)G-;x(x&|&v9m8@UtLtbv9ZWh_?K`>ks
z;d%v*Jz=U{L+SPuxnulBddJoKBjpuR#Smh5h0{53nL0@Dgzswz?rV@->c~qeA8+bH
zqG^xltz4P|c5wnMMn-*$iwoU;@%c~ji+|ZNgp64*P`=ze5?@nDng4^%?4JU-la&7}
zfSVVjVC_4Mcn|##&@X-SB>We!3aVvT>`R=0cz4mUE3H)WhN)ZlJJ^>6ErgyNS`_(u
zqMyK|y{<x}5Bx5N*~x4&oAYpU?fLq4Ozj&A<&ij1MIHuL!zlT5O8%e1U@gneioSk4
zI25S$g}DCwXpTY_X{+X<JeWrpXCu+R@?g&3R8&7>akQrA@9cONs^cohYqn%Vh`#!5
zjhSZV1aeg<ESE`O!g4dN1GlTP5>Hm`dyw}vW)5aquZ`gu8H_C^5U{2*w>0Ecj#g5s
z@oKnjsHuK?wrQ^>4F=Fd^*nm1V^vGdttz)cB<=#J5@SwdjrF|jiPa<BZ(RkQlr}I@
zvtl;6lMJ}o^AiG3ZPBp@uJWvE{+2nmVWoydnVZn!8R(EL=&StPKI^{b8f3pZHSaAu
z$&#&2q!EHPRoy|%945QrSYb<Z5Z+-s#FQhl#dNhnIC-Y8rn`CY8ELbVk;m3nuGd91
zvzKtq1mp7+Wx|s^9j&`mm-yMLe-Q=eBvdd*{s119fHBfX@)&py++Ormi89#Xcy%Sr
zNPW9xat!G%Yp`6nr7Fu((M5757s<+{K^pk!0SZ{%mzzZ`<TjVj2=ZLO5ENiXcWqJH
zoxT0-kTP8CjhtH}lH`S>aF6141CQXZ9Vj0!j4iX!U9>DN=5o2r52XNSk%*1gAd5dN
zDC8L>9Q<+ZJnzfl#B{%!eA%Jkt8O?1*?~{xX;|E%Ofgp)usFZNl3he8#+=8QwgQo-
zw*~>dYVS8_TR+DUhFKWf&GKE*n57%DyCBw?A-<S5+&nq-Ae0hA5Vg+)7D*GSgCxj?
zWh&n=E#~M*m`Awo0V~Y#f!h;4c3u4Vi>Ks5sM|u^3b^ic|8)^{hVNPX%Hf2`R1}xv
zR^#ybjW<~!`$nFyMGA93iAzTmohB#QU^az#4^5MC^*pycDwvj8##>D|Dl(HnyYIem
z-(yEjayRXa!Ws8@p>IRx=9+qse@TF~WnNN6NM%oy##;%sCN@IEUZY>-gT(Gy6=+as
z@9E!o3qkf8Ys)W;Mf}YHAOE|x`HD5QbNt7Ek0fO+I}|m<kLX=@_ER!=_$7fHx19nL
zi56DU{GeEQMRriwIPrqq-TSz@W6z~CvfAQO$#=AK-#=g_iKR)aeD^tD2ZqKy_tj02
z_O{0})0l6w><-2+x<21OD1LFWz~c60`sF<Z4uG-I*EX{V9+;r3se6?g=?<yD!C2E_
zHwTk#dKd0GftYA7+4pq|(w;Vte4yc#mD^c73H8|kZ9u)L-|vV4FT6yrCpA*MH*SOq
zFWJ#U;@UTwH1BW=Mp#2rljn$))*rptwv#fjX|0i7I!-GBC$*lI-RI9KZ+oxYp&Efl
z-?5n-)n;)<TsPuCX%|BntR?FlThnkS+f3Prx}r*Tk@cZ-Tko&PB2vG)7U2Y5dyfQ0
zs!oTRSQa!X!3|1IDQqmmy@~gw|3ash8ws_g7NPb*^aKtu)B7GBhJ#wYe)(<2%&1t~
za8w0ax=iPoj7gQI!?rj#)Gl{jG&V3=)1{?w1Zc>~D=w_bezbpxcCyBufFLz>e?wwC
zm1A-T)HF0VgItjg3MC7>z+y*gp4H355YJ6odmlG-xm(8%r^*U|;>_i@Ww+zG<FRDa
zYfY{#zQ{=K8KapT<rkLW<;VGULaw^P-gLQyoVtb3<D*M*{P5}!&OK8{f_C9a-RPEE
z*@5l?(GNDNv!WU>#I57Y>0?Cyi~R5=1HJlj6u~fMGk<)l3%`F|(C@dSsKxJW6FJct
zA$S8rL2aAtyQM@W9RIetbp?1eb;THzV-b?wY`mpL(8+eB$5ryp9N&J%7nG=+?mEdf
z;25h?xkAm5KUfqV>E&RvEGengx&qVGJW|42<eU<OxbpqPWI80~*;_1_mpi<({$23l
zrU05R$6$T99E1S4#UFH_iv3?+;$`C5%=M;D9#MzatAPBr{!`uWRoLaQ=3%u@FYzu9
zoRU+b;x-1jdPR_8FA7+|m(4oTJJx*3Y~lBC2E3kNi`THHd0w>MsAUrBlQh+``RZUF
zVsO=ib1y}-W5`;dVp3xz4_eB9;O?!ch3T%UzW*F5nx19eDwS1+JH<#WRA>~>=-Tey
zqU0YU#Y*@D^p<Kqqbc#{-9W(e?LA=>f5qX>ITuHf<L@N&?aheEMV~Qd<v{!4A5$oA
zyQL02n*V`tzS>1};x}_YL*0G*{MXK8fnro>^b5XBUt@q-{(}-J=kgEi7AVU&;fNr5
zlZ<IvbcC5eQ4p~~Z7o|}k$Wu@NrKi?AX0?m#TwyaBwCTmB(hqa*Aj@zcVGS?u;1RH
zhE;~AlEr=E&7^8=h$k~H@Q>)blb*V3_oyl|`*?f3M){U<EilB{UbIV#zD!&DGic%!
z%dx7Ks=6h4@SY_cn@|5z7>~WWKhFe?#v+kr-T0D(t!Y+$!Cq^K^unCds+lHsHAObx
z71VKGr-hzQj15PX?C#t&k1)2fEQHBXNOMU=J|TN`)oEBlr!K=)9ThVzZ39*Odz%Xx
zgKlGnCEaQnwXd)$-T=T>hAU&XY2{Lyyid%P(7xpC1y0Jd_CZ`D$C|^Hwc1~v?R2*4
zHn0G<?BHcoGo}}A#QCmO3#wpB_w`66ow~tt6vn0r%Um60+H0Q@Ynt&`ASi=YR^RcU
znd6{BX;`vczMHUUenFg8BS%2j!QZ%8l5R>(up0u3R9Q-YKMmOOVl#U!QlwlY+KD8;
zt_&%_MLeNcIa8ghG-faUG#*xWk;Zm!X<jBni5<PjFdGD}{TB@QrXlmxfl9lnez4fo
zZo3~9+Z=~nnj?uKQ!4=l$r`swM{Aj7j-Si=+*OUAoIIm^e{lEgXNsts!sP)Qcd8G_
zW7;P55js<8%6*s-6~h%(Bj|ygDlIS!g@Ql^b=+YKpF>ACs-`O7&08#J(e{r<6G)ZZ
zVk!lW<%&&ksmM0Q*wF6fJuvjApG1mhRsTf@8<|n0mE8m!XBRL(EY%LmBrP`+B(yLj
z3e1k>HO<f9%#|DcXVi~(H(Z(M>2sJ+8&8deCu;7hIQ$DX-Q3S3TyJL*ar>58${w_}
zi=s7eY=4@}Gm#tUd6*OCgDS*%WQg-=jFD_|M13F$+Sx)HP&iBn2HioLc^DrY)CqwI
zZvm3|cz!&f<9QG%P-Sf38?FY@iFQF7Q_89tgZ7K*LZ<6h?!+b9ad`PS*XwI4rwhcA
z03byi%mR!)NVA<{c;FZgZ)rnYj%2pb1`&0HY=72;9#1C@RZqlI=H8b#D)l*=a?nqC
zG4(u~ca1rg0k$56x!_{&PzRQmo1}99`BUEM`mWyeYE5+7*q-yPS^f<sa|ydoUx{$$
z2U1!sm3jB6M*7lC>QUuqbeQm7D-kENM<`Dauh`fz5BX1ng#8wNNY@LD%$(SOhcGjV
zC61bo@YDIBb`1OQmg&`$`qg|MPZk1s>4;on#SgUPYgXHBoU=b#^H+GC-H$d=<SN6c
zCWF0XidsC_jJoANL#F9>ZPHKad)-#CJRS-Db!}KiwM^~*k|eIbm<zW5U~TxX3I6}b
zSR^TF$)PA9e#lz173kQ~{mF_@qZ|cxq|b%wDYk%?h%25+oqJGEwsy<dpnE8KBJm=M
zGxuWPd(DevmI^8?7p&!EHZwi+x}6y3?DFyb1ky*Bi^uH#f&89o9B1MbKJaeKL{Ob7
z+bymy+DEJ9B*D|qbBT_uZrqV?pwSmDFrLhMuS=M<l>#waov*_h-f6YEkSXvcpb7VZ
zqsMGBr-yNrp1O_}YRiE}Hl4z5qhdZUIl2)?CdC-8l)PB!EYqkpS=?pj3GC!CRDt~!
z?D})`%4C5_Dtr5Rwo<&Q7hYIHbj2a5hE7LgEpD7p!y&xW*}K+%Z)&7rg|@8Kj;pcA
zKt<py%`aapj79Dlj9N_Je8-wonnw_+O&g_VCmfV1+$yni)p}89-vd^PGhDWhuB?ds
z_VRhmES=E>_KTOcL3dNv9)iO&YL_C(GeX2VNzo|d{@x>Y{!7l60tb(?+`>KI2rtHE
z{3=I%+6FJedR)6+19<EZkBYk?-KYtVhV5jCMJ!cs?ke%8KGoLp<H;aQmCvlXpR$hX
zLa@<msl;~PbKUh?5fDq$z-NK)>O)GWg#vN5SkE;KTtvAXkyAUstS>%01%^nPHngng
z@hsDkeC<!8<ZJ2KA%kp;`7d3gK)&>!)i|*A;5}-Adt|ka`C!KvXKIj|aeah$Oe4C^
zaoU2YW#aOG&}#2?^|c3BXZ`6hM3|=)apW;7jt)@(q!#)Kzp{gVMNWsun<Xx)Q&y>C
zRsrL!66>zzv=2Jefz{*Je+xA$ibmu=BfN)ZY==h-j>*%6Y~O8U4Aa_H*Q8j~>h*j?
zDDU}3(>qlg)PRf%mtU)K9Xu^G>`ka+Lqop+9C_7e+t7hMj-ozXi1PJ%82!xRrV>S+
zf}de~NS;q}^d9w-{N7o-_mqMlw@=H-&P2x2ZUIh@AK(5J7ri$%$pc@w0RCz#IsXG(
zD4G~sIGPy!qi|*^*~p;?BKkBY>RQP8p<iWT=xxix2l~tZK=D_YLp217N>8<EqY{hW
z^l&44r}}{GiWO(^Veokn!!nBox8w{+ADcWIpWt~NAHRtC{WV}EwPzRgg)v)*fLtBZ
zTDG=%P56KpT}dKULfR_T;M51YE_GMudzi-}3^u;GI%+68&uf-IVKvQTfyJ2T1T9#$
zO4UACJX#Tcv8li(%9!c~v?^%pAVnjU)j|oi-=@Ec+Q6W$hDS!NHO-&{_3UPH_JHdc
z7J@6S9-*3jdpebl#)^U|p;e>GgA9M{ed%548AFndDz01_z4F41GTCyXG>M9fq~F~#
z^pvk?WrL|mi{JjdH=Go3dXY7mHy6!znf_QE82FG}O8>kPYPF{_2IFoiXsxB*>em?0
zhQd>-Ei>(KT28pC+-!AiVLhB8D)2?dP$E2bjdeo@v?b@ro9_YT(Llx}0lG91q3o$D
zdK46R9<)~O#YSK;&eBfFizjW-9&Bcxc{ae$b+y!!o7qaAymj;TIzuFledBc&FQaQs
zD*6{MmCx&LF>T*tT}@>09v$-SxqNm>e+6@VHi=|L>eEyg8(Cz_%s_?1Wt1ZzDZPtL
zmC||h69}fNBdR6PZ(!|9*Y{MUxRp3~M9!3*6dhva#e5fN#(``A?{N#-1FOCH0tfys
zGib%KAf{*Bp2rtBe&9-pEB+y?z01?r9z>h<x5N4ZhtOZ(cp5SSpjzlh{mK^o1v?j>
zU>3M&PFi(AsVgF>Nui4q*FI?90alOP_)Q!$Aw(S4Io31GwjCNNI6C)#z=1RK7dUWw
zJzpWp{SaveFYAIDFwx=i;e^}C>meOgW=kvDonaUT>Dw0`G&$r5&5YyI@OM#=HS%F+
zkLjnoNL)gl-VS;G!bV3HueTh;Q>t*@`LuR_s%?meo6o<UgfaT_?4A3ypPc+^2mh1(
z<UbF4EKt_5!}&Ubxy!NHP)AB`fh`I6Es#Jr(db1A7LqvVqNT|$<A5ASC}8yS#Jc{v
z(sd{qC=4U;mv1-!pP&@+sBm`y9+K;n(#^I_j*`>TDECxuH`B|^pOaZ_x0kzL0TT9D
zNw|eqy6{8Sd>IJt&qNu|v~(ED+6K2s88I@b(zMu5fof8m+5<&rI?UD9xx*JOC}be)
z%N-VflKrMYnQV?5=GlRF_ia{^qbV}rigJaURwyAcHG|;_j-A*b-vxqRv~HLqZ08oF
zfQ6asaDb0<_0)ikOqxnmHMv#LDo09-FlVbI?1Y2AS0zl;Z#t6rNty6lb1=m=(CwSA
zT&-K~{m^7PWh%c7&f_UM2pKJ*>>y8*uDnnSMX1`D@Bf-mJg*GU>B7Qlmhlqar@~Ue
zW>)kJD1efl<e`c3Fe4E)^#&%{t0IREBRNG$mDk2CQ7J(Qqz>nZ5|DHOt?Y{Rnb=yn
z&d`CPp_^(eq;hH)(1$WfR=(CUklC<rVIt8faFSl^#c`kOZL|Jf%Nf!{n`w5*nptfR
zVFFWC#~y{E92F`8+tlWN3*mUF(xf7z)f|Ba@<?00(-|b<^}YJ-6HK1M`L$0dj%Wg)
z*5l<nK$n<$v_502qyIt4ax7nf2I?a|z%c^LC7a*dSX5t!2R3<5$<go4QmINN&-&<B
zb^>gea6uRgr*fB}=>oZ{{HzhX5bYI<$SX<F!X^_~*xaWTBAr53mg&U}XC0+km_
zBnT)l49vmhiNMn@bH&kj7d6`lBVHym2g5i#yO=1y8E-_&fqC%OnI{8ry~kK?wp5@F
zz-h(r4~Sch5|)d@BSX~3x1gQQq2Z9BDZ`Prn4G0;exyqGLx%@~n-Tw<0U4cvrA3jq
z_%^)8GFyKOA9V}j0f(^T5(1wTwzT2bZpx7HZ6jYP)2F|)IwUe{GhhaxA=scCWh@Hw
z#GReT&oJh6*!m3rND(;QK;EfI?ieGm$peyRu5Yy8tw$XL+{om$rjxk5>URJuo>9RQ
z)rkSzP|)yNBOM!5bg)G2s{#&Y-(pVhKFU05m-$H02Lws<`z-!cRLn9$T-q;_xwp~Z
zm>Ye|m&3_6g7Ch+Ne>f6oiVo$pmcR89F1M?2+`*Tj-Pvbwwe0j;qgTuEpixfa^|Z)
zP|fF>E|0B3@_oddeF4P;R2LZGZ()^ZX4JP;HIZ}9adV_T@bFNYmmWWS1u}HP3v~b8
z2@p0fn$q!A4^O`KiT?@aRUEDVX_sjARSHpgl_Z-Ilf+=2M6aMkH01GxkYpf5Wt7CB
z&2z)j8jUn+oijEp=6>(QT)~9>*oD|N^G&?ow4svG2ry=Tob32{INoAr>ht-0jnd7d
zOUe*g0vgOPK|Zk!n-SuT%4f)o6M{CB>E{uRPjLkb!=n{x6!u>0R|KvKYUpx2KQHEI
z{2;Jcus<xhGHNwdnaB)$ovSrdnse-HJyE&rsRJ;x^pqoP-A+#I)?chF);_NWwBu>m
zqwY3~9G^){9W*CJo_Mceq>i=fuEeWotg9s_n+$z_O0F^~Anib=pxsv&SyEc8JUkOO
zjiqeypyQQMsJ^$7v|$S`EwyRd!BIzJ;Mu1<o?~;+JLbI*(|10x<{#%4B*U2~3`K7u
zja8)epSP@2xKF%fW>PuWNLN#)x3L9uNth=y%0wED_v^4dF0XgXprG(b5t|r-Qsrvi
z;`(iRCQQh)W1wJ_W4W6e;!VknUnA#{HHMMFo6#30b<cXhgkNmuXj#yYE|sb*<$VmL
z>Ga(ssktRK!oQW?4^}m*6ke3omamp>jAmDC@zD*xK_sA@6!~9TX55_|CJeW5sX0-;
z;5r6lj9YWeJ~9*ig~EoX_^i1}XNYyxZ2>eF@Pxa-;A1+`qdaB=QxZRR!Y9wz4rztp
zcEYWc4{$*eN7O`JBJN-KwKSoIXb#lvl5s1vgRI&V^iPHgtRQr5-|nYFeJnu8hCwnw
z@2EkIGer}bn#`pGZ%*KLlk!Bg`mMftHd5QBUyC46ztlYsFl+L@E85LOxB>O5*Odl!
zGbcw$tV0bkwbpE+EQa{%M}ev%`NY$egN6V2MJD7<)%!9(vjU|WxaA~u?P#CaZODZs
z_fXJ9oGe5v)A`9gt|yMWi~NZNh@5#htJac@VVnL@x><8<I1IIcu*m!LZ^=p`F^1a+
zUnNlUYkSE0A8Zf*<^21<>JHEHNY9FXjiaL>ij=wX;e*O7et;)7x`bNe6&u&4X}v!P
zS8h*+x%#9?Thea|gWPR0GtE>t)yz(po19LQ9c~AQRaINxq)DoX{qn<Y^Y^Ingyk|L
z+n_H-JS2mnU!e<)QWcPf%EKuSP<iC9<V7G3RGf+P^aXo}h5Jz|hhizuZiOo|)~Qc3
zvW?XDX@#9fs$uQYa$J~NWO6uvsxdgD!Ae;xBZT*^?1(50Pq>C<tgSQV>$r)w^Y)pf
zeqWZ=I7HK3MQI%xD^zfHS=#-|L~<<<#wgUS#mnjX`c2SN4ymIVz}%onb!#hh`k1Z9
zD6W(JIDHemHP$i6V%Qo&vHL<liwfI%Iaz{=F5A%FTeL=&By))sC}nLh`(+)1n)WFG
zb~jtFPq`-0=1YY-E|P{Dv9tAD3sfz_!UQj@kz)q(@VrMRM|==k4K|8K7Q==TJtS~r
z?&H;-3YwA+J$^P|B`d}02jOD*;VN=0Pbe)U#KcfMGu8fI;={oWmZ&g@xD<(KAGIU0
zQ<Pwr@i`_sJxN)oRh?$ZGCWyJNADQ1nO1gj94oHknA#zb@~C!Q-`jc{P<?il3hs6*
zDZTIT1ofl!Ay^Y+WGfXpFb3L#jyMX-{hsti>k4A-j}VTN+TZlCaj;egVV}gruSzuF
z=M6I0;)3IK0l#585=N?}vMk{{8V;AmZopBvM2|TorZa?_q#9W(R?TJJWp`C-Ygw4n
zcS}$hUNrgQXZ)>LTyqzE%ZXD3Ve6V@lhHwqzOj2v_s9bl82}!@qlnW&kn*7Hj6Y_O
zk9Zlab2t-1^Z9ZrAZAb}Mlt%Kj|q;rM7$_+$cZV;`K5ft?l4zFda1bFW`~X>fBzXx
zi^=>Ejz9Y64ak#Mu!+VGcSffVbMg36DgS!>kV)tb8I@C-MsyQ?bTu_5zT~!T-^n;X
zaGUL7o{S!)(->Q(fIshCyXxfUR%|pLK^K2$snJMMd0_dlJBhcGF(W}lkiJ7N^+#Nj
zdEPe^pS?Z1|82njf5#=o-$R(Gjq|??7g;8{vtL!~?(ef3e?3IV#n#x`<e%!+f9r!^
zb&G&TpXSLgd`n0H9jQS5j~{qcK6GL54}8)&S4yeIwuuY$SC}`}&aW1Z5A(Ozl^E9L
z#^P)unjxFh<@yS@*(9&q!P2GO77$ObBr-|!?|ugI6={dmuW?g=E1--JhjDWTcdm?l
zIwzi=xI;Xz6xi98>WJcr1x3~xYTUrbJDohS!DQ#@3O71)mHS}z!DX%!=<m^VX^qEK
zkg(FSHc&rcWL2PGF=VtlY!}Byy=lgh4Ka&|E9j2Xaoy1KKC+LY#?kPaOoxNZxR
zSjT981|LebQEyPwV~#Spo_5x()|a)XQIVF(j-*t|DcC<rX=+-jDEG1Bt<A-fBv;m=
zsu0KCBzCQqNa#D?7|TfW32I~r8vKYFLmn;$v0yEzTGUjoJ!E9VQ+7<Z72#!X3C;Ol
zh9$b-0F=jNTi4QOimT=#eRak&%f%!P(?6!eMDnieOuLg7+#XFvdz!larmkg&cZ)mm
zQKb#sQrD=Q>A6w!voYywWcY48=u+BOY|sDj8`y)bOGlD2J8Z@>Xt--?bdtX*v&Xl1
zWC4?Cvb)HT+YM7}(IR?QO+5~J5*gjv@mF?cpnSo1xARH<WW4kQLWxI+VgYu`SSHf<
z-8PAjDg#ry<Q+Lko?%EY#b4HD6n8lPDzFvC@S8ob=N}I+pi#pHv7T{fh~WN#l&t*G
zCfd2;b`-lzm9ZFJIg}ZG=$^m8&42K__{Hz}VSv`-13N~ECaPA>r9$qrVh&mbu-PD2
zvFEhg#(uK_Bnbc$CTH;pomI!obHf^P3t(EAxgfd^*8Vrk!N2&kcl8-UmApIrO6g3W
z4qODJ#9GxFMH8}x_r_GtqXb?*kibdIHKY4k?|VkH89zxf(ZDc87x6tv7|9W;IX`2z
z%<o-|&&!-$=D8n`_D4K1FMpJT`R_8bV2&3z^e;R3{}*bI-~N)&YXO$~s9!Em_OJQe
zf77}27fQZNo;C)~KMb7zfs`y2i7%A^^<y={lvECvBtbv9KMbQ9Z8#PYxqFcGS_pZM
zOx(3wKw8W4%puBDnVD`^*})G)4c;CK_m9wb3AAQt3{;44CHObW@JCUjmF&m_YUKsH
z<HwiNru(DczMpR}-JHr!9AQmP9DY#bm(`wWBT2L+YH89;X@*P_#=#?P<ds;>lRHtk
zo5FDg8YoWS2O8Q84hhe%<dWlK<mhSiY0V~oK+ySFs;&Q!_>C7j<5-Fi>aE9S%(@md
znWi}Zaknx8&U%r}ifSpHFU`Mfj?2x`lwv$pv_f+yHTCdad35JyzHpDuMl>hD(m_5-
zy(^RaV?J{|ubtOe>R+qvg0^*{mfuDS5_0ceCtSsy(>;(&P`*<8o#u3O(Q(2>RhWBz
zwrmtIiqq(LK4rO@eI1bgMS~b>IL^0}>di7u=ZgSo7gZcrgqK<kJqm#kz+n10Ccz#v
zF)Mq9SrOV>@6BM_-+{LzmLLM7ODMG!n3wKv7*3Pre`gsZnnqh|CQL+55eBF^v_R>5
zmf;sO?71IlkJy2tvF`pr<BXlqfFJISa3AT-klr-Bfu7W4;Um4@O$?fo22X`$!ZKuv
zRGROcFg4sz(1bg0X4}<#0&RjTSARkU^?@tXzNPHRHU^>{XH;xt{f2HUic>*UEx!Xt
zf)5H4QJ&tK^vXB>ya1;%gKnEcY`^_kucrSdF+}ZCaqu%NuRyfp0%G1j0e2!9uT+0d
zWpxws^dYKx6C1%&Tc@%_Vr$MaV*NED=7s)@bGlxJ?|U}oX|+dF$I{*L0p?Rr`5h!J
z!1G)-xO<7p=xI4iLM?b(T@ru_KVW`a<}QStH(;DVS(m-j(}KnQloa}I{w6z30W%DU
zI*iL_!ygGn==Wkc5N0HZcE<pXVVgmk9SnupS?Rq*tY2*;SyIT|FsJau!fOUbQBxqC
zu;ki>)g}M_q!7yvqO%GyFI%=N2tz4`ONl(~1sy6=7T~H|;PRcda<aa8)Y&|4M^iHD
zlt(whkNgN#?>ANEil8Ys(!7ncA(;@z=3O|F`cADQBF1b@B&ljpb!muxR&<T7+z?ZO
z`f1?TnRQk~BOU3XQSutgz<oS_R!k!u$)QoQ8sJ`NgdXhhnoaSc6G=mFS#_-teK;|7
zo44nv8q<=c_1zDlJCw0NaT+lisj+;Me3mCEPcpr8oVbstc(#vXb}=<fXQH)67>}|m
z9HtHqMZ(Q@i0F?f67D0S0r${DnCBw(6A_=O%q>BBDpO;h^n(0nOsbV(ugtF-EJeq-
zmYA;_4aHXc+^SgL=mK5G$O&$D1NxQQMEonbmn*u0C%pUH?<$`^J@NQwKPTnP|Co9C
z{WNZgA-MY1wUgp4vLfpdZiMvk^lvW7#rmRjmak1S0RC?uf%wN-BkN*gXyW*Pbva8-
z$NIl~l3J~E=hMG!1fhpx{2R4Q2B7I|N`x$Gn%`RFK^0OrWK*cxxYyEFW`T(bfr$aY
zA33>Ke-h}6!3>FsEYm~f(vKp@Uvk6Ri)S!oNVA!_ZQP35VpB~gKi?15oi1AHI(%*u
z%D$oR_+!8=p9}=JhmXva+Zxq&1S$u8(XN3K2q;Ms^a+#+c+xE7-qNm2VT@tS5)3nG
zq-1wL^{dT24TuJ2fBiqs-YL4$ZR;AYpyE_)TPwD0TNT@ODyi5;#kOtRwpBsJ75iVc
z&p9vlf3x53Znd^rd#*;GbId+^?;}tLAFhsr)PVhl7x|vaSFDfka9V2RvKNH@aG&sW
zT9V_S_eOVNm*G^L6euY64>X$4OSI2;f<}<@yowjN{*EkNx(@E$%V#10J&-8Ef>;Mf
zi)4e8Vhm5VN=1e?t`r3xmOw()uYeMl>)IKj^E2PmoDzS@2p5U<Rwe!uTbd=pNs@y}
z4UIvm;-W^bDC>BGjaHw{jpEnhToHh*yfJ3u0JxDudGbsJn_u5ro2?(QTo4nqCA5ny
zHNILDyc9>#@2uNU<Wn`cD3@Uk<MSCAzoHyl5ilvGurmd)WaKCd17>|KsXTE;&lN-k
zBfqT{wBv=S7Q?7LN7W8q&k-fK2o~-jIwlu5u?12J3(u>%@52g4WrlO7q{@wLtwW&7
zmJ~}VHxCLU5Y#Nau?=)OmTL%9=U9V9WhNSPKjp+LCn#G4&@|QBr7kpdL@`R_hE3I1
z7~5gx3-{|#630TsY8Rq=3v$!QFVkRhLtg4)X4mYqv1?oOiFi#!7UZH%_0Fk}L3IiD
z4S0z2(?`k4Gc~A;(4-Lz;v&`UrG^ZXu~S(XHTw!uM=kD~YMg@$)sl5hEU2WbYZr#*
zPB}!)JP9|WVBGSUwtCX>Gm@^+w~}XLCcQPzx>Q<T$c-@26^}AnV{6k@Ii1*y&rGy6
z@4ZJ>%z)bmwA47GyT2}<93bv-b5QK-Ottj!3TVRO#za1}7>C$rVYFb=?o+PQP{^c2
z8d-$2uQEl~8(n|kAp13~(?%X&w`8T%a3o5Ry99h$1#Io=_ozhqrC5G`o-o!=O2x%t
zrmol=R#1vE@5IJXw9Z8uudoWP9@6OpWS47Ub)BG4C;xO-r|s8FQ^~Vzmum@VNMG#@
zTi0aA7hs<ADfeHEVw*37j+ECC_x$2w)EH055MY}=JB!MZvES5MSjbzHVk#XiLWMWR
z*z;rCrb+RK)$>pLX9@0RLY<U_5~j(Cu0~Q?Mo;;0x`{$N6|isqos>JU-wQzTebd>w
zI!1S;aktK{&_kNJyi5Dnt#!Zjy1~zy6f`1Y3`oEJAUdXMF%O}m&<YmH8&?c;mCz7G
zjh*i;a6!cImR4i|V>SJRHm7{si-~v%q9H7B>hzsQN*+nG?N~F3xmvRI_pc(+bjoT9
z$HO~J|1XF~!`1Y6%Lw@^dMt1;IF{Vxg1LZxwuJ@f7O+9&<?MP*UWm2B@94}W&a;j4
zx_uF*`e-o*XzRSj6|AkbQX3lF&@{=A<+Ht7={V!3LsH0UzW5d7kXAaj6-w-C;WZGy
z^=TbymX2)wCuCF3Z2N3MH-vY*Zdh_xLB8>@n_~qew+lX?9D{)Jra(3fg24ZTsMMd4
zVm~$j<rT^izxm$8m4o9L@Qm3o2Je|6Adh%F%9A6FHxtz=SdQf!j&qCZmqk9q>>;pj
zJp=l_xcmKn9ww^*qI;XZX~v^Ke6O{(QHe{%rx&kb5r(dvR&~B<NRKab>eKO!PP9`=
zF8w3mnQ3{CXVV;mDY&s$vf#V#WdVJhKed*mWOyjlGr!n1RMFEnWzDiaJfFS!svJ|y
zdC7P&hW^X+UL`cs=;tbfLxu~|!U5N5!_o6B+3;o8X#?O7X{pllt_ZT`7h9zRq=}nJ
zqg<F9@y_07q%yHL)`{*wuV4rI)Nzig<RIz=+0gQK@DGMxqhEU+9%^IxFMOC@IBY>+
zpY}nGs}5TrHAV=U?K^ZJ8AFa=3Umr^ZiOwEO`h$3!Qi#Zmx`*_qGgl#)0=ZuE1#)z
zL{yiiZtswIOUG^RGJD6+UxUpOoLo|D^h`g3b%zSQQuDMBc|Xc7?6@h$@QZ%(4KsbE
zP2MFy>gzT{u???5+&@wl5sL{@IJVuE5huF=s~wzr9{u>+lyAAV7L5T&;|v3Dq<^xx
z3Mg#*a~sJ5&3Fc8|K0Wig>8R`&36dPX4-PXB+u^c9BP`aT1v}7*gaZS(mgP_^<2Oo
zBOVocK0V(f!7D;n%3m+UH^m{RrX;o+Lm6hXDNd)u^vkbp{J!5_zUYG|U>V0v=MWTY
zWSHK-MeMSqqDRyN#56LbcRT!GD|9Dzkm>4O$$}KY)HP`_F`4aU32RH#Og}#tqaV~Y
z;GQg1#DB4FRzqYMb7}rX$t4%PT2)yM>x}S4cD^uAT@|!bxv3m~@y8goJNbCDA!apk
zrUllDb#n$ZuU!b}QE^9(sidCTVN#*VWbJq^n&pX_iGoQ;A+D9Jq&9*o<{0*->6g?p
zbzsA4ELy!yu`H6G=WXL<YyO=B%g-?p?xfJT<QA-vn1P{%k$^m_=)1O}l1PLy@<^G<
z$wHwT3Os+#53J-ZN{_poyo(jw)pb*ri5hZO!yjQN0J%Dj?*Zh|HBDe(<U<bqBGHZM
zErJyosY=_PLgco&<~vPc&>M^n7+{G4t)g_E#Rfst8m@^==t9}awo4RcwQpLEpTo1t
zRfW@AAj>93eAPAdZ}r@$x8~xHT(@Wzziq>oxI(hkWx%~P-b1A%dXB22c}=OQf-njX
zS{JSCo?k=PCx!O(mPX~suYs^24^Co=fBupVUg;`LktTcZA2LT)BS3gpd<lAKRAizo
zKO1MD5lSTG9GX9v{}RIz%(a9614AW<dEaq!fh&dF)Ur|qFRPxhBz;m8B;;f|tMF1B
z<IS9dgcjo*0(_crbki8k9HXK5Mvu_k<y*MWL+nQI1tp;$V}U)q*C<nZ?@Gv91MEAb
z0t=YV#iw6INslcMiMe<z$IvoE-*NMj2&WCS#0@=c!uIb{=y-{A<&8Y>25Zr0HcP+-
z<lh&l<DUkoBkvTZYd<p&{1ydIvI=g_(b#`xOy9rGp@NXDhRg&iBEYFXK+_@w+8?dv
zK=Go+dU8A%g=<8b;nym5LC+)bpg%y)_AV96k!U2u%=VwA8Tj<=y7+~)n8sVO4SWWd
z2#z%e*_h^L9q27e0ncm0-^y3Ee7M9@KUJICV=tVu4?NOV?dw2BU8ksh5qk*n0sG(2
z&-Q*#&T=40;|e5c{vnt82ZVoDphznN$L#Oqf!0vc0*E3%iTDf@#ZW~<f0Ci;q2a6M
zUOCi~rxO7hS2x#I3w{Gh8r_okx!*gp0sLciW++g>sEHvbCl{&j&!-ou+rB=p;5Ct7
zAv8C}^r4y?Tk<E{wKi}Fopd9DSO8!VTAkUwU;v9K9Cvg5RH8*hTOA)mOj`WV;GL?g
zvJTXsX!Xh26Q^OPJPf#RH?Zw+qaAv2aQ&jg3F&uQn!((8XHs})>wTMOx%uZ!%vk5#
z;Rdb8A*yts2A9(KVP&U@XzFoS)Wj9$kU!|Q%SFAl1M`|loVR2K=|zbnN5Y-DiPUo~
z#t9w0<+0oc^aJOTgcP$H;%BR>{0+R{t<e}AbRhau78b)L(9;AdljigTzy3bWrPbp~
zyPaW-AcHsFLl%>ruyhcPko?NZSlDO~nc^Oa7W^(o^CUrWr}iYU78ge0ZmGXGz+919
zQ!~}`QI7>zjv>18=Ovd}qQndJ8atLb8<_TWv}SiKl%V8$w`#8>0ahL3jS``a*>oHl
z#C@Cr1EOl`L#G5Av{92gx^cUcpJ@_*jNS(PBJlvX4t>MnP6$pPNlk39I}dj7G;gqb
z6~!e?p(Af7GTz?EU3yziWRT&*mE(s`SQCoVtw-JM9VYTKbZjzlrY`g-W1V9I^BQD@
zoqhvyh%u>ssxkUE(&g9zt~qCi3_!gL7D@|pz}!pTI=1;8sscgf!4H%ixN`x&@4644
zTE%E2vrZd|Jb(YX9JC7XXA4_alh>V3u>kALqs;V~(c%#rlfv&k4)zT3>7Ym^Ff0jM
zx?@XRa^80SFqL1aj4ebd0*K{==p-dWPxFb=EDlK>^RL=2tMNeUuRVt^(93A$TU16V
z_BNPx8C^k{vMUlmfLg|LedgQDk8*O@nC$-F)vs+(L5K{jd;#Es^M5Eb`FHg@nf#4=
z`PXZxX!ByiHYB;ppIA!peQmQZG&EEcb<KaL3ALF{<LTt=;+)B(jd@~X37sJ=C8Y$R
zE1WzHGb-#^9|d-R65aQ?2L++)$$SsCnlJo1WA&sCPC2xx_2|RrVZ&)Ev-5r0O&!F#
z|5Va?pqG?w2QdLdbCLl|CYEd9fFZ$vTs);?fOOnAaC98Tktw>)9S{a|h|QJ5L^Jc}
z?vUOn!wjXI!u+0qg$ZW@kJyKiVv?&jr%aK^Lo<tKV5G_i^v5G+&rODNkmd3+=gOa?
zmHv>{T5^hXEL9guU^l8~)?DC?yEB#1yN(=9%UfwXf-aUZ^gqv6OPwsM<gOag_`Det
ze#tf#+$=6+r0ymsR548r16_%g4+y4C@Ysz!_E5G*?jR}VhB)<OJj`VK3eC-wtUTwe
zO`n0DR{TST<kGUL_(w#WvT*>pjE(o)eDKq;kCeN}5jSas+R{8;49mxBfH8Io9n?B=
zMIB9lG9h;#YMZnfRn?W_S0refwu>q#3VP)csH7k|Nu>`%gR);Eh8D+&N+IQgaWlA&
zEj-9t-s+VC&Z2ZNfnRzz2?zWv){&~lp_O!G`NNfRUMpV*GCR34vJpSWT&6Zs%L$&b
zW7br5L1}Yp4XT+_-!q;V)q%;Et_;qRTdO&sM~BlTx1|=O6r|oVtol!~z$-6~0T7l&
zgJ9*wL<doImE-nzFk_;__W=}^`}unXb|q1<;f!n}y_lsV^=0mjTC@mys-j3QrFpL3
zK*|--rWqQ`Bt@a;k#h_oj*K(R-uwg4Ka7G&Z@28!d($!+#@sF@)U4MXOUkV{nk^>L
zrV^=mZ2B4-g{yRM1hFBzt2DJyBOQcM$t3dM-=y-Usl5!-7`T|-0^qj4<lH}O(uj9^
z+p-d!-`m5h3{N^j+%fshdQ(N9Q0|_GK6MutPA}**vlA;yg*Yxea&8@AZz=}h$$05F
zjbdV$(X^ceXIaz~d);>50cbj??JLdF^YA}5J@oOuX|T@~>xzN#lf+{`B0Y6*@05No
z2HQfpqUBR3x*jKe=CJ4-u&|7i&<PePH&{a06l?e#CGtQd1{B}&XF;(kGc@f>?jd(u
z0L9^%E&@>vhI-52;|KhRK)H}X>Jro<0rK-}XsPPTD!QC&&WXRd&{LP0`96W+<>+{O
zJ5lq7xKp!1a>B6&lOHFVY=vlP!XxBp>~T4<wOi$QfzEIQP}k?CN2BPLexcFr4}a-2
ztT4;3MK-8l4m6?jTg1~p4;zvSuC?ytY6n-N?(w9<F6WF?C8{VTtC<5?x|!9m#5~0{
z$kYQZr|4P3iE0Ey-a#02wt_FA6O{Y;#)DSi!XqL~1t)$`L@Bv8q*;(zkeO5Qu+HI8
zs1_gMRrI!N#60|huot%10{hrgB?!Ld%bd7wR@x@+`o36tkDkmmlSbV23bS@N%N63P
zgu1=itF-d=i3)nV)4#CBi;PNg`;AcA;6b>6<>f*Z5VVPqkVmJW@?x3Hbv2Ub^(7|0
z!5YMCeYr;AXsiGuR!&d&NVK6~?&dh7e~rE-ykM#K-i7za)k?_iv1gS&FQ+YrT_QG^
zw*Wy+#PPuJZ3|y+vQIFGcQndlypL6P-)HZDW`>9ud+6*vrZ?Z1@<$N%D-xf69-m>>
zSHJ8l3ZEg_SO4xSn)e}>ZX~PH74})N?ea<IJ$URKkh6z$Cz`zgr=IE4Am6{KmTr!(
zo~D5;w<ge^%l&^CC>c09nf#r2Qr&d=vv1NS-L&~cX)TzTR!hK&KYlFSUlmqD8y0mQ
zK{iYyu};!<K5Bi_#7%iTG9O{;aW9fD2O$rE%O@uv!L^`=BOi?Zo5Ir%-04;8c|;}5
z$qC+v46lo~O(&m+jLGbe*L%qC!tNBo!;I+tAd&U%sguy?6zQWpgL^CylIUg{9eu=u
zhElx^kyvVGM($|UwaID>!#A3rv9k2k?d67Wm=0IDs&^(awXW6RFlusk^5A%b@r_qg
z6XJdlk&380*OQ`?Iv0dLhgYSxsm{!GS!o0zLCe0Igk*;2zjWEtDyfRQ@y69TwT<F0
z)_5x-UPPMck~4cQ)WChT1P=N2Mh1?wWEM-i7Qso&{7A0v%bc$-+F8dW%x{NS-!&Z2
zW8#7Cr&^~qZ_7VQ4m>>lJU`-@c66$y>vq$T1Ffw6^}bOv+88CdKkDasLv=f!rXYAi
z150fhO0?ZdGKG<%{~3((G5%(ed*8JEZ)7gW3;C@69~R@di~<Y=lgXU1GuW7D=wq-6
z+B^#66aIlM`mQc|G8J4^S3J=|LiJd<`CgO~+}a&KUQ(?U54`2bZGLQIa9CWyUwb+6
zj=ZSC5$75P4l1I{@5hGsSMd7jqJ0LGy2m&2p}zqjG%z*tigl=tw$##F!-=<&4aziv
z3k|V5UzrB{!#S6J)}X5xuUI>jrJ9$^8atI9;1sEC74G3$Lo4j=#KZlt$txTzF|GLq
zYd+C*GJ4EMK!!$x`x^J5N`xHEd-iooSGTEht^Oo_e}(SnT)$$aWtP3V%&wK_^z4+o
zT;V_oGN{^o^axf&@Q8HmA=z2kSjCv=1lmB0Y?rG4){iy<FIOutw1LL}e}t6ZV-A+u
zKiL%N1lBX>XhHMCmD#M6`a)dB-u-Cyi!MA!TtEx$DaE4NuZS$*mT2y3-pefm(ew9|
zB-uODF5sr&kSj?(b{XgU=)u&p>Z*08mm`EHlTYbi)n?3sF18HZRpI3c7Qk-tAk$`g
zI>oiX+;kZpf}DIg5Wt<_kelg8Ni|7Wl*My69Z-;?f*bWu5l7Wn;(7d_#B%lF<o&oQ
zRw4st%#&NLE!e@})j?S2LSMgvgwFyOQkxfj8DVB2Zukv|>UY_<EW=pF#p9B8F!?p)
z0zMriPz>bKx8o(MNYX+pgsXzu1kPv`5;4F^Hh-QIp;}GQh%<i$;l=kC!&1>KA7znu
z&x4`S>J5jm>(`iG9=5C+WP&PhfmhQDy%YLYp+TE0s&UVz@kX>1aTjJ~u(zPK#{+r`
z-O&K=00v?X_MsS<Q%nR&znHm`%_2X-V#tzaL3u0GDA*lB*P(Yev`ORx_HmPFCC?=f
zZO`LYsIteEhqID?ywa<MTM3=!wk5P~(@>S42}fq{R-<+roiK~r;#RA6dO=Fk<To3=
zSut=uQpBFLA;9DT>BU!!GP=G}A6;d2OkC+wmhW{8aj#1T5n{Wm=s1&_41ep&GbDw}
zyGYo3l7+L<9Q~#(Vmu@H8?2762>BzB>s>kTp4oD;{8ma&;oJwP#EVk(4sg4sJ%9Z|
zu<Nz<4PN~UtZN{q;ThJa58G$Bx+UQB5r-X2=>f$-eJ0xIRz>Dv6Q<Kwk+oAKQT^d4
ztcUseZ!>d<2MMEi;B(9v*p%}B^K(+k#KFbH$ywCa$j;cp*6hDY`u|}K005ntqOI<<
zqMGz2z1Ya}3nf(gl!Dt67G410@cfjsSk~9Cdk6zLYzT5c0pXo;Kf}fkf-UyZ{%~Sq
z>W@2MmEYI*75wUxd>!V{9l&~nVXuhM4$HwSc7hx0006*d%^pO)z&_6kGJ*Xf+&0;n
z{Mf^wyR~m~;l5$Vfkvy-t(a3it+Tyo1qaqTh!<?kSOOb7TXz}}rB+XUz*g<qM+(V$
zac+Nt-F_tVOGlj%b<EG2gXf@8XV-k|YNO0C@z5u8yv>25&xwz%v7U^tF>sEo8-1bl
zm5m*)4#;J+E*OgfbQ6GyD`5)le${{tvzme{aCH^N{J<^7HwKwQxd)U+eQd)N#3H*Y
z(NYwt+(ZzP1F4yK*6TUe+hX|}O}1FJA^YB;3M3~nnf>@Eto$hbM54tDCQNS4?IKm)
zhO3bw82t5-)SbnTEcpJ28%Ha_daOr>rzAB@i1<SWD+yOzGUIiWwN>TZ8?hj9FjGtz
z4`Ea=y@)SC(@FBf-Mn9NzM)MMqrnTiSaA<0(7U)HjksK(q!ftaSB304O%PAtqViU$
z5Cv1t5=BRQs2?@du0S?xZlbX2^nkvx_TRQMl1^kvN+-z4`yFs-es06s40y8BcSe3O
zCS?$G1P3Ekj~ie%ro1B7bY;g(NC_7>K~ii0@mzys5ukYb2}LQ*u0Wil&Pe#<gmly?
zXi5f9t%6(aBDF@Sn_k;dwWoz(9#tpv<m_|u>EsQiV2dc|0jW=g9XK{)VWwklS|w4U
zF|LJ*7zAoZ%I<492c%LyD%lGw&0l-G-)ZK$850PaBia09vMzcrN8W`FKM7N`-x&}Q
z;;x496EOEYQQGbP%>d)Hx)vJ(EO#kjx&I&DUqCJM-&7)*%KuV{%qQDwC))`keZH<o
zHBk{jk#?^E2`Cj%622XsupO>z+1xynll<>Guje0gH`A61f+yvh$n>Ik$nv^K{TBgo
z1wIXf*>?^qvoU*E_2tsSiC=y<05=>0y+NB=9|@rmn3xj}G8Nk_LdrXvNPsz14!Ngb
zukH@7tDL*fItI7OI_$K-CEV6hGaOs`=rYQn<igXsX{p8JO#@K>Ww?!gkp+c^=Z3&+
zxgCb7R_?R1LyUOebs)v^bvWF;AW$8{K!?Eo<adnhpp{amwTFvNwHL-OAK5SkMbwAw
zy!@ypTCkswy2d+<0Z3Bnb5L*rNN8>$1}T6n0`kM^VuO^}kUkq|GWIn=%6y4^B=<?X
zpr#FHmWNs&CTZ-60m>nn2}|bUN!72+jQO1gkqieFx-YZ!ld^5a#SqD|75a-JibwPx
zA=Gd`$IGm{S8qFgX{;&<uY|F^)ljT%B!WY#R9*>T9#1Kc!=#uX@`z}<ijC9fj>?X1
z+~iS?qp2}w!#;;{bv~6Y;NV@qT}53%0Z32eE&_I)`X+VUl^jG-lTiLeHfXmQM+Wh=
z;GGJrl|_0ylMCN=V=6s+j*iF6(|<qX5H(rDI)9pDXV5Aofl*2!<c?%n#TZdg`eM~0
z6t^llL|SC1;K`j>>6i5YQfOh)b^9Hr0jObYNczMiOCwCNY%xjt8(U(pQC5_Dz=}O?
z8Ghpov{E_AHk+0fpTx^K7$^bR`4-8rIQom&Tz<UJB>g;2D>rmd0{}8k3}}y;gjSRC
zt*?@*Hhi);o@-Hj4nG5TBwM@LR(uTFV1$_V=OVo-=9@VIU$h-$z4?37`wcRcat~PD
z#Q)sJ@`qgjR=13uk-`7aKxO_p#{W><Qq2uCKhUrI9j{?THIb-=kXXTyWj@Da=aE|$
zook@~0A?guJpXSE)buL4))-9K>O|{A*3G2bRO-{)(F?*SW_NUPe)7HJe$oh*c4feY
zYl2tIpfg->@Qd}-!1bqk>&d~`*{j$|5BL}s0F+4i+?x93=lE6~%_N`(sxIz9XP(aN
zv!Uuq+T8t#uk&bwtgmK{lcA$FVclM0qJZ60!{X4pu3#&@Nv~4mK5Aj(q{jg}8_9e0
z3AC|ev^JZuD7stX?s%OEI#2&ip-#MQ7(1K^7QwwYN%iZe;NPiY9R~;BPM!}wA63sU
zSyq-%cb%+c1&e}AswT(dXQJICc29~z!^vgPg^vyg#O5&V4Y@!Upt=b?TQ;gWBpop_
zi5_NtYc5%msmkk4T4EtN#T<x@P6yc5wuD=84XsEK7aDz{@~g7Ul+{ZZH#Ja4`-Z0p
zuyC(1!jgB!beD2biE+PcR9=oVXj%O@&K0=tsK~2tK3bt*zIjOs-$(v|bg0D4^HYuX
zCr-QWp!<btv^ZgG$w-}+gSFlwr8kQkmrpsC0E!N0gq%XXI{&(Pv{54;;qW&i8&D^U
z1#xDSM^vU?%x-Fc6OVsM6S2K-rl^dVmicDSM%@-x1~@ufd_3FmZf858D*Obj5WRyW
zbV=!@wPG*ie1m{-l8Ax2#H#^v@e!d43UJabGFiF^Luhab=-yA1X?};=-?=PA`3S%U
zCBdxz$f1~oXoR@)8-|2DT!Q{stY!Ba(Z;NBmvIEf1!2FNd;UV44PaBMo(Wn8=~Lh>
z^Xoxx2I_gChUeC5w~&|Gef8nNHSk`oaWr5BX9b8e(e0pU1HY!;%1L{KLFhyBzlyE%
zBXfL=7bMi)Vu&a&FwR}uN#F`mNWTQ_I{yaMrn<#_dkM=DzGXv@LB{DRirAf#;ho4`
zbF?QnR%s5{;Ql*sTFV>1MF4@L4ZIfq53j{P78eT}6D>R2|DF#01)YDJBLNttJD)#a
zYlS;@d?!WsD2>&pj!i_o8_a0>*Ui9b^IzC`1OuvkIoBO&a3s7roJ>v4x}Ho;r?b1e
zeZbs<e*%IX*kN%VB3tYxAjNoaNpBP(JYb!~XpI?ThQ+)L4SGS%B$|WP<Fhe`#(~Qz
zT4*{Ts*h)`u|=QT_S~a&O)y8M&zVT2eRP;2lkwzjo6=OVE<(#_Wb5=$fE*T{(L;u0
z=MiP_&pHCO7AO%Lc}H68DrMEL7Q2h08th-_blzJ_Jw$)u6;ts);}fO)T5Z#tB?dM>
zaBL%uOQoX%++D>09+MiO6RF%1EiuVXD^K9|y6j7`Ji9c55y|=b8OKVLKqV?Lu@SUx
zw55YKqmrX3M@<HMVDmFL)PTe+_O;&yM_CM~mr}TFvy#tM$*a7L-fFD~jko!#Z-_YA
z`rta=;H2BM@9Md(BW>IIS=ZP0FULuzJdPt?mGO#e;o%GQj-9GKk4kW^0E_YHL&KTE
zqs)`{>%HWs^AcyITyv;0?euIJuS#xTes2mMP*@8OaT<e1?D`H^UNUt`)yO|X9TN7B
zIWn7xq!%|eo)<z-xrw=XtRnW|SO#edT3N0)4AS9I>bc2de8B6c`~(g{5<lEgB)C}b
zAkxn!HU8zstDE{V`b?mO{NZ`<Gry^FK)6Qjh6Oa+{9HiSLP1&uDI~Mfor?@T3isS?
zl;+T{*P?&Az&3jclqZ^u6~o?yND$n{dB&jfi9jW6mf-u(PP9y{6var=#t#w$&;wM-
zD%Pmj#5JIA9zB&kQKGWT(1t4e+zOmVP>=Cn!_J6;pONr{9vxvEm`sh`@-kNcro}P(
zt^OJctZ{i@jsL@R$3K_D|F6K4{@db6H5@_s=<oli6<!xk2~Fnxp8}6q)m?UU?`+?&
zO@9aVjnb1K#peI3z*nvOKruoITwP6V4^z!dZ9iV$?r?fw0Y?mhFPtmx`UAp7d`x@S
zpHk)PMzm9yEr~)rcv#n%VPVlZgp0^Jie3j8)c6o-dwF-4Jw(N;^yuf7RhQlFu!Z$}
zY-5OYU@YSe3eKJ#%U4Ur%+*zRE#kq%-Mxq%qc&ZN?z+k`lg9*Aj)+mGx(>7!c$>>w
z=K89`N=$LTdcHad-{>?G@k8(xrq8u%Da;bj84vzsA8p)nH7?ogQAf{W)`+_;P*9;R
zFW6#^VvsqYXG3;k&t!;{p0Am4?8FoMtGbhNus9w2Sv$nNLIIcnoctD3qqR^h65E}k
zD5`vTqrlwmMJirTE%$a$LOh#!M|9ebhT1@Nw%_iPHIE<j`Wmg&qtMt<J^Tq87QqIH
zisSRaYUwmsjXb4KelSnkXjv2S1`Mb!nlRq9>!^InU6|cY*aGELIz!~PdM=hX^F-Bd
zL--<>f%5uD=V$IHaC#`NuBF8X(1qd9B4J+~4h}Ke@}gRQKiQy7^Z8ey)Zcy$KF(w;
zm}rw6kCpQU2M$`ootfJpVfcHF3%-m>7-SqUJWEs&$_i>$>~U$jQedK_L<*kh<(Y#u
zY=A9@Q@ovnQ;M_K2nwV_6E+_gj5?)HsSsDclj>?GHpq6kB71E1Zqm(Qo233u?R!OH
z3OSPK6zAs~fJ(?Lq5F4r%S+J44H^QHzpIh~ibEzD)y8<*FA}!~_KPip7|XBlQXPze
zW9(Ov3#fo2Bpsp0xd4t-hB_~YsWbln3|9W11>{Z+|DF5$FKH}q%*$RO5F%#({B`i>
zBYy@n|9d|9pVt8}V=6f*M(qj=jo%O5033V)+nsXJyevNPiqD3^WYpDdbCc~S!lRWp
z<6jQ>r=1w4t@g?$rN9B}`>9Oshb&IBiwU3)xC>N6kT1w#L)H-PVP&FlWWvds$gjc=
z7ZO9cC5G%i86_41zoy+#f3YX+`>c|yGKMth$y}}_l?6>P-FU7Y=Us;Y56|zs#Yg4w
z+CEyp-Jr8Bfr_1_h937($J<lW{Jb|_)mqm47FCl=n(aLgc1&1=3IYAjgJ+jg9#!5M
zCKZ?UGH@oSBxPlvC@`gUCU>iGJhWdrKg)-*43WbGLSAH)^(_rz$!-`aO=3!53M_3o
zReU50kybHKshi5zU}=}3;doF-%+Y1NP}j4n1HNNWmY=b`mHC)5?vMJwjCT}<!O^9q
z^b~}#q-*m4*Rp|<RDNl#4b@_9;DV8<FzW9q3KMs?CXS%+Mn)P9OCXk!kb$Xq8wP>4
z&Qw=*!GT}KDgm(bPTvXp;m8!zf}J;8<Bj$AB+!FhPM1PQdX`neR-yc2E1XV-xN-A>
zUa0NUj3izaG_zZ^60Ds^UG^=+1-&V~?0zA=x=8HG#-duGhWcHMNX9jw_<NE|T&xM<
zLiVSEy5_3L$tC&G34Y{k09f#G{yLJ!i8-#{j<m3AxM{pt@9YLeD1zb|%c?tS#xPl(
zDFw(6hafS(@{|*FJJGAeOl_Vag=#J|(H|wIoI)uV#x6)JMp7Nujq|m^@`ja&OTYMQ
z=5zpUcMU@t={ky%$Y}Y#2XD|VE(0~Q6m+XW>4p4aap{So^rf(F3%t?i8{%-^hGppR
z%;>>L#Etft<G1y3NkkKN%{>x3;U>1~JR)IvW#<cm(QsCZXkk<Ozf5L5Ag$pOlG<~Z
zb>IBW<J81oo=pp^eHtKX{txH!e*wtA(ZJ@v=%1v2FG-Y}vre$)H@Bctn1i4s#R*k)
z$S?UpDUtIjN$KYWsao5tsatI(W%qZz{?B1B1AZisKB$Hr(C~$-G+&yAr*BNR+=2ck
zpmE|XKUo}qo%6un4oMV}dud}bKk#MAQ$L%4YsKj*v==KvpA<(nxbaXR@-u?S$`Nh;
zYmIMD?6=*JE>2^KA2c?>GQ7VegOiE~#+vgD#LJ9kp$o{wb&wi@exHAXFr5gi#=1|B
z`{jfbaS?VPb_>>>-^xaO2EADS=?BR2C72IsA|^g;x|^c(eA5^v+ZaZWChe2%0+SFH
zG3jqzq=gh`6YE#Xg)jK?ooG=i>Rq>$X@&f|R%{s&WPo<c9uo~rdFINgn~qaB<K-60
z{JkD0#X%GdQ687tFm1S3ei}n}AG~}V_z*?+=tb;7hXOd^S(tQt+C`4oU<Bt0z0=1E
zjbI_ba~*z=nB2&>VvpGm^9zA(?QSXA-yoi8>FngS@mk8s!Ea;+#CKwWs4|KP2dH_~
zFZPlNRU*IqW}bJDb4f#39JwKu6BRAq*Q*0=lzG4`uAEqYe-a*J%cx*kUGQB~KOQ<U
zcBXUJ>*0%w>!Utj1>fk0U)wANTdK(dZwrgUdW!8(URp2DB4#x^LRlb@V-2g}yh{_U
zQ6mZ)I}@2rk6KLo3Gm2{d-kKXqqV7YG3MdI=py!l2@#?5;gPPFY5c^>p)$yp^+wjj
zBHbuTBRpcG<%Ybqx&5C5{9kA9vZ3v#9-ug@4QMm}Kh&S1i;1Jhf7hSt_McJByKS0j
zf-@`;5;&|Vc%y6_nqnC(Dx<8G)ian<`Ofi#jiY39{i=>DI~fO8G{SSiD_IAJ(ZF@@
zbt%HTARkjk{VF+;tbz9k=TVl^{rctWO1f|M`yKoD@ki<?Wq1CdgvalLs_63oKI3bo
zh*Xv^&8ha}0T+0uvyQl-;g-=Q3Q1I!iF!>LL&1JSY)<d7qe9YTP2Zy20s~Qj>M?=j
z%wToJ!FYkD1`@YI1Ic#NM6l@wt9sD>_iqsa7W}cg_Uj%!Au2j-qqnPaUzu%~Q&2F0
zi6*F_7#U^A99m2^jcX-#RCdC)n&GpV;SFqsX1_TdhXQQoF<QPlcBByjLmSk@2(6M^
zf8yK<wNrOea|55cA_Fap3S0f~qXS~!&?ej-VR5rLB(kBS6m&WFrc6ro3uUuPoQ}Ih
zx5`k85FIs!kz2zj!yUoqYrnylgK{>~R0hMT)Sh^bJ#Z4{d@j47TLl^P+LHUCs*E2e
z)4WQX^7ZVP??pPJY#*Sze2qQiTw$OyjMX%xxv{rz(F7-#+9z7HqHI<4Qq@?ArwZ-7
zA*R_M96eoIx)19u>GJqhtEiib3kDNK;yE)5m%HcdFy7aN+VAZuhAdWi<K8UqM+M-f
zy7wZ3rOS9Pt;J*T%Pu^YryNdJ*j>L}Y0)sbyQ}~&wq|S#54L(^Rb?p;GOB2Z11u;=
zmku#4bww~=&{j#$>I(yQPB+1^^>#%U`h%Zr^2FR|!q0gfI?yaoQp78_^zi($Aps|_
zyq~3?-_Jh%aqwZk(smR?jw*dLT`ljALU!uOyDBKnH3Z1!$vM;pIyt*!<Y`k!W7^Sb
zGV0DLWQX0lm#{+V+QuIpI|nro@@DvgUTde^LyWRm>`?d0?(=ARazkTWkz4pRU%7(U
zNTg<P$7fp-CC4-~ECg}-6U8r|^m6)lAPHrf7mF)cGwPW#&Vpn{2%x}WUlunCxJU46
zgndyXu1KmSheW|O^$+v$F9&ZC+c^zE#ElWS34peI1HVMv+7yP$imo}{%E2^}6(^CH
zg^ItG=Di4bNgKM7oyJr`+Th;p_)MpWzA1{d;d_hh^DB<>r?0p*0>#ZLi#Devh{c<H
zWRra$zy`tS=}fW7apY|HU9c#~$T{?KSBPy~>`SXHi+bAHzUjN4x)z7rg~1ee@6fJC
zwW~IZuq@=otVKFCV`-~P*-#PfH3LF++Hy{~TkaJide>mg;}`y2uh(z_PpxOlUxIMm
zJ37yH=)9YV?(~sgJs|$~k#OZF+EWHR5<Y-O0`EVYP5il%fUk03M`oaG=i+GeKi=gk
zn~v)$f8q!=n#$QMgruY;=90Syf<otnv@(jwqP4LXSQaF|+k*@*^(KiY2a<-^52H;B
zZ2RGuj`Y~~+AqTD2D$0C(Twv`%5nDxxplvBX1h&a%x-_YUsHT9U!mUvt-`R!zpMwI
z4KNWn0Nc998i~9Kk8+QVxtgJ=b<vGp@yMl{67v;(jmdqwQ!fwiiDw`D^a}o2eM@)3
z9Brm}R$%6*$|7nCllE@`>}cn7F<KbwW=(VstIzj-Fx1g-{j{smD6q8UTPxp;ndn@F
z&~8CRv+KHUKqI0y%Ffqj(|T6+=CTBu_B5sR`x<l_7cG`mYe-I`_qy+}=T;N^CSCU?
z#A41Bc8X3u%L+f&U29;)S#!Davh+!`CBp$+F~=DD?C|o7@}hj0x#Ma0@xHu(o1(`&
z3<sfc(A&mal6T;6fMN&4>J&rSP}nGjB&$alBhKm#L~T;2-__*4j@)l3^e6W;aK*}r
zi<NmELsG+W3TSRJU94?v%Cv2mRLKmBex199F?Hb?Xo^<HnygJRtL@pNF7600p))CI
z9Tl`fIHg?-b@mPy$F}5httsC}FPYCsYT!)mg2Kx-NXGsJ9vwZ6W$IDI)uo?t8KpW*
zzE1PuL<xFI&$W8BW;2cF(YAE`jXo6ou=QCu;1{>OigAO`_6pqFJE}QoKziv@nSrkn
z4R+>AvB7g)DRmZ3sW7n?LkzPG0<w7s^>jIVS9gte5+kN-BexH|JE0D7{^`^Mo6ycM
zlJw(O`PZv45}<0WL@dDV?XwLa_2ehz$3yKyCQ9kB+$EvMuLTjH2@m<3Fx||NB`%h(
znh=)mqQ*3tC*Le=?UeA9Z9<1kvY^)0)0`b*_kcxp+{EA%`!$zjXZm;c5s2O9niSkF
z@l~w3Vk!0LSSphk2DTiI0LJ*s*<LHkJx>{zs`M-c#=W#w|3bbKEul1{xwG%pm|p6k
zmqUo^RntikFQ!#<=2h1$>ZvVi@;hnLEme_+V}-4@D9f2BEr%#o&EifL7F93~HW@vQ
zvG%j-A%;KpaZcoF1W+dCtFN5GZBaB+gcAUy&Jb^P2OdA_j-``l-V!F>B~R3iv-Z3#
z%0|r7f@QQm@QP#XgB9+nOo1BA$Rftoh_|3ok_<8<o-gu@QX$2oBZIp?Fbn&cjm;e%
zar2!YfA-qY&cA<ZpQ#bA-=^69!7^W66J0%8N0@uXYyJ8i-ABml7$yt19aJ!VtYbOr
zZ$b{sBy5B~Q54qyoSOS{2&gz3*g6>)IRm$-{8x97nef-lCV1O#j@IPK@-q^m2x_i(
zWKJkdUTvQKFL9;5Ah-E*jbuRk=@ih}`^dVLBEg`GS=|D3_D)+bH^KM~u<$w^PNbS`
z1J&DqHK>3+MeNR$GZ6$^b0_8WQdC>4l%)$9Y|aTwJGvkbFj%fkE2s6IJU=psdVrAP
zZJ8e#I}BWEUls@A29j+MMt_ehO*x!S({Eg)wXAaGc&jF>kW;wxd1h|7unzTPxX#b(
zN!8^qWLVY_@g%Hc^?~&ypxV>>`otTJX#G;Xu+(24`___pP|=3zsH%i^lSLJlK<MzQ
z_&B_|5v!1s-|w4dwAzy3vRO%);bgMaDoj!noA1Qggxk*0gpmTl!vgIT&GUiUZ+aRq
zH*;NazUIcMvuy(1nQex+K{AwY$LtOm<K#@o%LnMJ-(+d+q`c-}WH<W5{a(oNcXGp2
zD;S;EWOcrMgtIe-BcZ4>4%NKsi5j{)&hm|~Z$E4>-=mjzU4AC&Pgzpkmx6$dhI`8T
z{UrU9om%X(C4T#{^tg}RI1`wc_~u?j_=J}&r4=|feFk}_4f#ye;j}W2s@S6HbyOOG
zM4>YQK2$Na5WPFuSO3p&RGJ90WVl(g$VXzoqZKUg;QnfJH$5<Ljf$==Cr@?Z2Zon)
zCo|;wz<H;1J;!Zs^QXc)fOf4O=l(dn9IWEF*_AkMh!@;K_;^{dUaGI;R!b-hfix^k
za7LtCuf%;|I<2cD4L^~^&FzRiXXIR?*``RMf}mJ6<YN@q=GPkhXCa(<gUMN0W)BMU
zkBP67wKPT{Xs|Nn>q|y0Wb41|2Us6=<(z{Hx5|Xv*MS$$K87zKag9o6=rjG0w4#?T
z4qNugi9kKp+`}YCD|t~Co@9vgGr_z?6hC>BHH<nlI=F5qG*7Q>yKcEyKITVator!d
z)d<LRORfT<f(wX>e;DNV2NkOJ#{bj6oAft8C?bl8<a)#9_$!ITYeg0LkgC#kr2oli
zIiqV=wtfY9$F`HPX8A8fu-kkFWt9CZ2s_nnDg!v@8J7Q4?w&G0XzI!MJ>4^9vA+`B
z7AIx?&>I;GU~a|eM+P>&cEDve*i+`m3Q<p-NZH2P4Y>IntYV;t3vCNqJQgw5oMD-q
zOTp1_XXrid2xy#~;bre0M;vcO8)eX_!F{T8RfvDbQLHNrZZR>qgxQ|kj$<ymulR0I
zx$~?_$D_EF@HMQ=CJ7Xua#tl#Z}tnFjoiz1Gd@+mF>MZi>@NptivE!ei&QPejJ@y>
zHsQKG^rS1a!Vt^sI2t{AX?e{m6wDUkZP^tR=?EP2^QMYk^0^jcL#Tf8i@mHc)L_;I
z;XVcJp7Oaa01e9N3WNRj0GM^!h+%~5mxh$w1T9&B#cx&_rixcPPRu%t!o<x0u;nNA
zN{t(yWpy~<-<gne{B?zUFMh+>kh<j@a3}YS5m^B3OIl3>{Y%Ve9>pZiWyLzVoYFpv
zxl`9qI@%XJxdy!cMbuf<UR`jYYy7^XXK4ymA3_}9H(1DZCwY0kT>D$ocL&x;;H%7m
z@wjs%E?zqJkxzZ2=}Yh@5eS*^sa$x07M@lCw^HrL;+d#grS{Q&ClL7#fn6Mvk%w6m
z>^1ZTE0j^!Gn^6QENPRUB6ndX;nW%N$@t-~1@ugF{i<Xt{4UrGKW(zmDeMu)FF0Yd
zuEE79tjz&|5Qgr|?LWlIvUEr$e93jq#-(wMPJ^EX1VSSa2z+9YtE1kc%Zx)zrT8|5
z&~o+HcwrEpqv3c)JPA^kG_u8EOFp^PAPF$@AFYLkiT99f1~WM6JtPzQAr)W6b6tr=
zl@%+i=Y6>*y00<*(;WUk6MpVCe<%E;qUb#qfiUU-!ss979R2yopAB9Ab*ua*4f6}_
zrfa)Ds-S3VD7$&#xGWtyBhsw7C1WY^E^y%U7u#3gUdj57^x;R}6&s385GkMbm>=ns
zJjYfS_WM7gmyA`tKQkYO5HIRy2VqeHTPa4eNeikuXeMTdjc_9|K{c(maLoxx8(mRQ
zSQvD)4O4|6^~30u($s29rKfLOJ8h$tWxBUI{bh%khE~BQkEd{Pr6)GQ$H6*CaBm*{
z$U&Z!q#H*a#xSYYKU!NSb%fVw%@($qd4g9v&edElu6}3DeA8u(iZAx!Yo^|)ln9}d
z>C|Mtn=BG`udC3ijo@<wW?|07{K>+E9cH&4SFRbzY3W1V$Y)BUc%9rA!wfExV?(z8
zk;woT4#9r9fl-%s#REOkBXwIybJ=Bs(neN_dfujujsU+Jx0IKX6o;*Zxxhd)h(<+c
zDAHfDFlG4Nech$(2O^#&7zK>E#t=|u3GWs=&k(>0?<RONm1S!RC;cHsx!#y&)0hzM
zGF+=e%t0>6>LT9)ul)Gjb#yGxQ_O1<T+m-`*x%$mTX1##I{Ijq`F+Eef#{dXI-2Lv
zXWd7LC<?0VBK?=3Hp!*-ST~+Rv;Kqsq+!ziI43xlaqG27x);@S9dWfllM<(IkzFVC
zC)+HfJ<caU)IW}+5zvZsUPF#Q8X23NJeDiq512jSB+Q2tCVfF9YW1g7Ln=1GB$wuf
z8S?lFC1BA_sRc^w1|oVa!r$Ph(&h&VeoF~{fSgI`K{t;D|8o&%=oIMd4P92FtY(Y^
zrXEpAC&v^rhlJw2ivA+=tVJP&BM@ywEFd2y8)lm&Z<IiXt<iu&r>IcENH?m$f1+tB
zx=rq2awU30swEgHN>uq;7O+6M`3r-zn<Q@fRfGwTGw?p^VuB)rs8QKAP~a0RjJ0Kh
zpJay^wjG1~)o^8`Vyom=_)tKg%(K>a*EfX!VC`Sr%=&J<!x9iCXh2=TKjdcq!rK4l
z2LIUR{tQN`Hs|OZX}1JBgcQ{jN;E`j4T;$#`pAAoaN5X^#h+iawc9)^zasrRRt0F9
zODz<jwTflob~2sHu<J_YEdEz&EJP401Y>I7r#e8<O2_z~E<)-&Ad>Wgf-&D9xe}6!
zX8^bQFk!^PePH}Ed<^Ts=QbNnWdd-Bi1s=nc<D7&Ba$nbcB%BR;D%ov=^89H%o@ml
za%0hfEK4}@F-=;NR{65j*m~l>b7PxsWq`S{?lnfwpv<Df<=AscKk-a}NtUT(+gD%~
z>ILcsA-RBj&H6}}lhL&zW6;v@dL#*YLYj%U@UJwJb^l^gB7nJ=0J3jm`A^gu`Ig{J
zC=}%eTaw``hw-7P7^DmZEh1PYNq?ncYK+zHE_Bv;S}?tB3G>ZImKuQ{xd1aU(+5=}
ze_<XiA_lt{1NYCnJVBAw3Uj?>8awm!#s?R3Wf^D|=l)I|0;z4<VK3BC{o;IZ^|gn?
z=mFfZIFs^EdMrWqT1k7=zM{HVs_^_((sGT8{@HU??XPz6C=7}Ax-yt(yb|)D7&Q5z
zY68d^+@p^G@73!>2cF={o(4*!X|qY_rC;cp*~EvQV)DK5UD+{&|B8^kNOUBR$Rrv2
zc=OScYeNIOrSrplJ9Z2#mjO~DUE-wlu}KuP5)a1RLNgfau)_55JRx-PPN7Elx1J7R
zfHy)+AXnb7gCj8umuLm{E06yD35rq_TZ23Y1BuY+c5u`ws_R-pcT=%L?PSJkPc`zu
z1&>`zK-vKIyNIhLL0IP(rS#(=wNM5}#6_VUv_E=+$e}r|f9nZMgeow*H_?}bG+1J%
zOb5M$A_&!qb!=(qH$fw>Pwg5zk*82nCcltFde!O0VhT}9bG^Yo%NN|wj&mQ4<iqD)
z+M5x)Wx~5q&Wk_uU#&AuiA@~Kx!dmj4Jh}$@Gt>D#-in)lbHVoiqn5H6@@A`b|~VA
zK1&YXO-_jHbb-ymT?x3f%cxRXxO2gzi9h<GQwYJ6j@NW2M336%H@O_keFRF*?T-0N
zsPCjn^VHrHu2TtAT@D>NN;$zx{!Ck4?^DeV5ARR-ec#~q(b>mR28vB^2Q1LdR$e0q
zSCLbl0DNZGqDV*KC0HqDr`}kwkMWJw;TkOVev5^~$?z35p0hp65Oi2AfY?j7PA^cD
zso;%7;L?QX&6&7UH%rjM$99eKi=S+tF&}i~%R?LbI!@a?1@(<R579vYpKZt(E?T<E
z9@=ElHWOv#8I5P+w`j3it&68Re0GLF>*Ww#tg*(Hz)Y-w`$9~uhqaz<uo_nlXr{?c
z@6#d;+s3WO&U1223Pz<IQJ#KFbr%YqL-<(lz{Eu+78_Tjw9R3l41q!xWz$EeVo)Bs
zE~8+Q6vib>p|<k)m8~V}%3C(hA&>x50!0XmpFzjzO}1g$HhYR`m0UZIJR;KO*u3D9
zkq`Z`1?erR@+1Qvc*}25omd@!acGaBgTsKW{ugq&8dua1SzJR0@Q}}9!d>F<Cr)HZ
zn?ma8IAw*hUxSQx(!#jZWEX146(S)U)q-)14C54GAF}VFX?`Lgjdy)}Nvoe%Mj3CR
z0|uou3-<U-N+PCs4K@U5N9kfhAbp#sqHDGrre3>EY+~P==|T?i8i@?5%TET?E9VO$
zaLbC(TZhk)cfUs)p;)~9GTY|rap2ze%kQuX>NTD*xB5i$w=wQA(_fM6H~hEpj;0yA
zC#7!>2ACWanG>}oyLg^D<R?F|1*6Rp8*pPR>Ih`-iNUAYMycv78(`O@mk1CW9JM8n
z9pYc0!BfQXk51-5x5&pgpo>^8=ja}*bIc*q*1=eWXg*#(mB?`0hkdUy{q8M5BcFv}
zkvVd}nl^aKrPC(Zft}h>#Fzj|J3}j{S0iVeU&AW$i%#rX*5BTqf?8BRYJHHj!Wv+N
zd5UlF?FF<#m}+U%x?+z(Euv<PzK1Jb|L3C(wtf`(ojP!ff*VwHa-5<K#{SjAZFzj&
z;bWL|_r4uN{ECZJ9*bfVet(JKMBe5r%1cvi_U67ZdU=NJ@EdrNO-C;U$^n&%;wEpY
z?f#^mq9Z_X481V3kg8-~K*~CN4rF_N;$46O;pB{h>sz4eYiRnT$Be%!^)>2Q;JxS2
zfp>f&<ICSP()Zc1Ass+ehX6M!{6o>`A5{NEL6`z#lm4q!%=|a9ryRV^j-ZI>W-!y(
zb7W=GX$m{iis*?1dK^B5#44FLHeoo;K25c0i&rhYelJrhluBA7=*1`ytJEs}b@X0R
z#(X4wmQtV7*uczP-#*PZJ@xqhe)PZ(lF|PID`OxDPHu-f9W-Ql#XGUcK5lZ@n$O^d
zDt&qdfYoBFuQ?1KZEI=|OT*J{vlAVi=cgJi1+lcU&1x?{{4FclrQ*~*hiKK7L(c+}
z-Zsp}fU~bs+vMlEZD&qzLF4abzxb#m>~kzz$Y^5U&~Ng(4<<7(>PpMj%W4tW!H0+J
zP+p_ulJFrBO*GP#VxrHdd3zFFljSgG!jEjjicF<htA4?-qSMvdc~oW71%)D;wKRTc
zl)FoTdi#OEWsaemr(N~|#aY`L7&2_iH)B$d;dxi@Xi~Jz<#naj)9}vLfg*TRplvj0
z5{;|&EV!9onjFdm=hiFAl4hKOZIW^<r&WbiPW;|rO1<<sL^RDo^T<+k&FQy1AWnor
zCe=UHf5NBV;h&(@^Z;Zs`Ycd@8NtR0!<s0tJYKK~<V7no^{EET<A-0!!@jQt5TDpA
zu`a1LssW=vP4<Y`T)b`fkh&OZBZslY);eK^p9%ca1Dw+|eomU&Ey`A0cT({yW$xFX
z*8pBrDy9-rT0$tWr#@oJEGavFsVrKt@I35{0<|f(-iEBJ251t#>v3aiFlkHYIj!5M
zx1VGce@JJQ8>ctPqv>t=Hn;nEp6ywMmUwnGw5j^$SW^!}H4Bd_7bXkOPBY3r5HL$e
zL-`BA{n?^I`!3%hH052}Ee-?O4fZmcFxdN(R)Ib%=Mt4661<se5_zLEH#_=O=D<ui
z+ixgS?jBC`^Ka}Y=XZ5;7G(OqO1lKSLB!Q@i9Hy&uY=sEshN{0{X8B~A0!Rwesp)A
zfLXbG+mK_ikX0x%lbEq?7Nk@+_)$R`y8RBo%UB`Iy>jq(-IWh`gGBM;v&#D!of7@C
z1aCpeIvi58i>oLU&;F4y^3h)Htxv^p;GOZOC6&NCK^|b93K>*6(<dvgJ}!coq>Eus
zDUCZ24Q8aJkZX-pA3%1EKZr&>k(z&Z4$>0sv4M`G$Gb%gRIFH9u%HoX5&pJ5C^s+K
zr065`JE?f)y?9_-0s;Fl!cSj8>WEpMr~YmOYYcG?Ub);XQCIpmj5=qc>JCAy{T{#k
z3_dY~wvQeMU5^B&Q~-G!4NCinOW2VF*A?ym$JsYV=e=*;Hg@AQwr!`e&BnGG8;xz-
zMq}G{(#C0=CpH?~r~90J&e{9Ccig`BLq6s|GBW2{zs0$tcX%w5&LwXURoVz7$K?5h
zTnyV@ltS$v_5O^A|2z96`Hj|u!@so(|N8@!zxRRv;l#9RX2?T2FfjkMQv5qJUBEx%
zkFWgK#omNJV)Nm*5;Tl4LkRE+w;#mnnkEpfqpCgeU(oTTLZ4h#@W<nAT<bl<AHuxu
zKqOf&7Y7hcGMAGh=ms8YSg!ejD!uhtr(ZWWecq)Gc);67x^6)#S<f*s%X4~+nfezE
z&a$v4(3ZgS#^lwjvD)Yl^;G(Cfn9^zNV^O!(SXv8UV8f-25YH+URLTT@+>;&K6)~r
z&q&HI(Mg!;J+U7@8K@9^_v>+5x|L48G5#T-p_z=!L!j=LoRohP;idn$Lfz6;$F9RK
ztl?SLKskd?*;y^+5`<0GoVt<zRkD^0X&iX3ro^Th1=CG1K*^<8sZbDIE5KNeCdM*g
z#=e=ZYK&E0kJ*zlrVywWJi0PTQ0}k0d)K#jZ{9|%HdXZm(P(ikJ;)H8xuuQDcgR-z
zMHCgR#mq2lk9k}$88~FG@xI<GOxJG%NoldksOqunIk6GU#t^{>RQc^q3x@W&qI4^H
z+;;D4pZ4OlwjNyM1>-RA$_k0N#WCZ>;jA1T*KwO}D5lL+{t!T2>!#u<{sZzp0^5NN
z)Y`U}9w<j2-#)Ku4gdG>CbA7UCp^hvdZ{V^4~IoeiW2v9bw8Qwr4qw>x><8$R`bs*
zqZVuUSqeOHaE@8ow`eu!4UA>2LfR{TdF2u$J<8DB7;7!JR55;y`s6RG60sjz0@@P?
z2itc^c6Z7SVTjB8P#X%nh&^VDp%m*_RCpsW_sydpYfOBrDmUUuo-9jmy~7K331+S@
zEM;hnR-lbo4U?hkWm3`mDs=;}toz_~qAbj0pbQM7QW5$(h-HEqGrs8uXE2husSJ0B
zN~h*XyotC1c(^yS`gjGunHd(3a$Gfyb`?J$+-|lGNM~N7U=FH-o!fsWd;Ht^zb~(~
zXN^F<R{;6`JKBZ+!S}ykT}{wZo>xEuGQJ@(IWd{qtrzY?ZxbbQYiUENHu?#)5fAS}
za`7;VOoEJq{)6VnT$YayfJlNddk(tq76zG@MD0KM&0KvcmJ@*Wnzwh1F&vVGmy~`)
zyrwKEqy>&Qfs?%BCAf4o8pf>yvsdr3Ykl#DBRJKzDTfqM4jD9n8f&mOdsk4Pvk1-f
z5OXHuapy4^Y)7A>(q(Cu>#VTv{C;Rvu0|+2n?rz(n|%9x7;KgrqV!3uzsb@MpR&IU
z$0zH9lipGBv9$N<ZN-_{5x8oBA{r)ip=Jugc%E7--u|#99hD1syjDr^P2wK6AZ~?|
z%Gibjz)5A4U9K*_P`pv_uw^wmUY2`SqT0(i6SK{R6T$nd3#qK??j7+K$I&v1gu-cY
zLsj;6_!V6VGKQIF%26!({dbPNrom04mg|>&PAy@KZ>${yGzdm51wYuv*^+l?ziHUk
zWE!`QI>51j&eTM8^lZO*Y5L7|j{#={oU*Ft#%d2*yHHZM>vI5pH}ckHHw8Tf;>%Sx
zb;lk=#%&xCn&Zkv^O#-%6d(3wZ}v|i*R~CNK!ty7(PXn$$tM?HhR1-Gq4qZcg5yu6
z^Jlkslpv>@`?cb>wPtE7vd)|6B_}L(qFy~XO=V`fW5vL+;O9RtBK9T_duAod0naU{
z|G*je085N%K>^|(=|7B0z6EI;|Dh#l6-a+iApPfq4zY-XYFTd3yNI8fWib@%;8Z$7
zNs}Ko;kBZh##ZRK@^OT#&XsV<d}FeIrWhGU9#P12;M5DH5*tVbYIK6KYy_mW;Ij0j
zf*ZuIr?T}`qM8OUW_;2o_heLdn;AN31{N$%uprHRQOGJ37be}MGj&KWqMwp@IMd+d
zAm>w$ws}R)nB@Te34r|*)B`Yk>VY!d(NR}>Sc8=1e~mo;qbeg<2XUVc^6uR}&>(*2
z7UrME@SnFZW5?zC8IeT4uCnIkb!^Iq;i-TIfLps+$HvCO;z)fsSzACWh*gP>c%WpL
zASA``dPfk1*`8N(7%V!(vcogXas7Dv3Zf5HLF6?NLTS)z8euY)3`z^7Zg3Gf0T0%0
zdV#2#Kfxqy?_D6sL17`y9J#1M%+Pi(TXvj}rEFH0EJkb#U1goc!RJ`P45=&aoDmTn
zYD>nEk5^$j#6l9EJVUp-wQ@nZ7@xDgAo}wQ(F}7kF^LG5R6;T{wQMGY1Df&NLKgq$
zmlgNA_gH=74HYEr<tO8LBsS||P>O<B1`sUlk*i4hp$6A_$(Sy*fH*TH{(-rR_DbQL
zFwgV^f*4}*OOxh#$;Mvns)Z607POO$#3V`z7POEu?%ae~jp{DH*-vi8`CniM715|{
zd%;S2Z6Xy^kHU^@Cj^I~{KEqT+QC;yW?tXLhQP?|6J`fUEq-v5_YOTz7xxX8_Wq!p
zIu#NlsZ#?0%+Yk{!Q~w<neVS5n|hXK>a(=twil+o5}Yax;#P2eaTcu{BH-}ZoUBxy
z^8TA>&a26deGw39K42E|JIYo6g8FYK8RN!nQJK(!eJL!8@gRl3ELu}4DXUZ}sNu@<
zZOe)Mh}o&ud7|0u*=oh{OUA5f1te(Q-r>XA%VEQ^Rw0p0wmv@R#GIb<clm(TMA(Lt
z<5%g!#4Pg~T(kDpgX4fsax5*oQ7UYDxl_+@UI~-T05r@#$_#;_$}QyPO0^#V6)se3
zGN&V=IO~#nbf-hK%axAe;uQCS@Kox;#}HI89R!0Z8xh62a8f=Fpe7N_OeKX82oudL
zpJbIelELjcEXVY=J%2GPlXq+EY@v+Bmv5vhxUH7D$aFBobN?{O3QPL*X<_?HBFL!Z
zB{mT>?UhFMrw>YlyVWDBD}Bl84>}f7^(ng#6<FNXOSRNBKR3nEzXNZh{k;6%&hPvp
zIVzVsULa#)(&uiF&s!n&*hLNF=?-={=gHoy2j(9_-Y%3z$}qxU<L&n#B8Wh>ykGeM
z+B{<V0b%!ZLJ5sPM4P&oMAy)|)@qL8&nh{yMZCEYEQ8a0E4i&u`bde>N6!1hZePAe
zpQJYNg-;v`Ja7w*$7N9!3*SW6yZzd_1iTrQ`JZ9_3^e~?<QvHiSjj--k%7qnPKV-8
z<p1-UUs9a3JSY?Jt=mJW&Zm6v83N0%^@xQViikm-1q;UfY*KcdZj$2E?!$mMG!Q`0
z0}SivMMx|o`6e1zuHT%wy}dnsKx$&5K$+FYNTN)P)FL$|4e27BgD3Ki+n+*-G}bLy
z3Znz6jVal6^s>b}qg7J!cN7a3;H`f&202W+W6B(9aTtHMf*kvi&v2qO+GxkyjC!R2
z*G;4H4ZLM;?S10zhqx{@xd5UMQtKGHBC!sQ?i6Pb_krgZ5mQ+W&ixJXT?D(*oAdAx
zb2%e8$nGA2Gjn6NS*funV;Ntc4B~r<Uo6Zcx;g;vH?e?5<lQ~9P@Q?YDng|uUdKtJ
zVaUmI?DQa72Mls169Y&SILB18?=PE}m;hgxliY7`&xndNfP1i_S~>nyKMg9zdDvy%
zEKYZ^k2;>9p1HE15OrysEn!S`OSxa3Io*R{&_cFJ%H>i4D|aL)IRGKtb@E9$nNs-j
zVDS0^rhyMBj4!A(Tw^OFORo&H>82Cq`gb^1m&j#`OCYs??wUho!zH0g4X?jNHYmZc
zP(DDMn}E*zcN)5X;{4aS^Q5@ZU;aGU*A*_XF3Fq6&M?8U2@E9^&L6BCNlEeC))JzC
zG#a-VU}Y~Lf&0t0ndFuSh(!t~B7LXdOmO-6_<2FU_lCzX?*}XPb-=;lWAM>3sYI*f
zpZwv(2Nk$y@kSXp6v8?VhiojWMR<sdmS+4yHTx)=ebA-vG)>^!5p0C$m5{ZiZACH5
zT!vU^;-eYyDC~^fbE9@s`a&P10z-guyQe{+Va)X#Ey#SmByoWq7Ew}t{a(qWo7LW%
zCKvKQ{bZ`<B=-%{3_{K6ke$oA*Kmxx%i76f&BkQ8pYHbB0#p_KJ`Hk`m!}Sa_uu&<
z_Sjvdkj>avCdfCLa>zE;!dKV^f1EBn5}muspxryrkXpDGHb^=vg}+DZU28xKF(0I2
z8QYumtkI%|#Vl4I9b|hzs|bLMRDdWKXA;wy@{(!YYU5}=Q+TlZ*{Vr_I1N)DQ2oij
z;!qyhA|8OUhux{nuN<LQ<|(rN7R3D$#huV@ruR3s!54i$Pd^}{zwYh*PSxm7MF0Dy
zSlmA!>7THHphXRPo%(~)eL_L1iX6}wrG|ojof(?Flu;zZqAzq9&|we+J>o<|MIC|?
zB4ZP`ZfBRA?p|%a?`i_j3EU^5NJ88{VDQp<s2ftARH!eL3%hvl_!GJ2w#OT^6&bqE
zojVtDp=O0r?<Kz%aUzOzI96mbV^AHd`8G$sON`uGw5t{v2PouiBtC<kcZRT~MQn(B
zR&hy+^W#G`2$+&9;^ROTcJ6d0tA>aX!M$o?qkfNLn{K^%n%w=F`5`1gfL!f}^R`CD
z$`J4H`<S1}h5x6$X6H@tD~VQnX@clYmkDCni||yjvQStl_*-A?z`V;8nwie*Xnvm6
z7t+~aF>U7rcsJ@vXHvRuDO8_Ka&Vt^BDJHKy&u`MsTpb8m{pu6VqD$sP%gs60rufR
z2KERa2e+lc$R+%4NQ+Cy(=rlSsy!W#G16R{`73P`LJ(mZQ>u}Bsh)I2(uuMPw2NKu
z%q;I{8s!$&^-7aIF92qAJpVR&@u+7(*9gRw{(tF_e=Q3dn9&<q8#p>9#mRo27eET$
zl*K(52Zu(Z)U(M8i5E(7pbSy#RPmPvm#B6)wArCOQ;Ytl`I-8%o>N5v_W|TZ5xpLV
zMwAYEF~oJK{+u^Gi?93P5w3@QiN}0f5{D?8+kJnxH6e*yEkoT1`d+2_<fE|n&SEGL
z=M3toooA`TqXj#jv?JvZmg<vmR;V>;q{EvkQ_XO>u^Z0<`CdNKXzi|AVH$QyM+0#V
zG>bhDVEKkP-sC%l!gly7rIol5Q*ezH%<NF*UY59$=j#U%a+hyWbDUW@_g@KE8l=UU
z%Nm>@w8(U*eVE!}hkV-mqN)_#0j*Vr21k0Xj82ApEMd>NYY6SvVa=HgLU5<huCp;0
zpbR8yuFJx_hTq$kK`~ukzr`LNsT@QUyQ!hA%;0(Y(AX29-l~qmfbsNU^O>Wb!S$@g
z7UDhapkWOTZ9#o^m9jjH5AJG-4rNWpv4i6azqx2pX7eR=jWTqtaSvW0<P?5EnHA1*
zO2F1jc#IO~OI@W&95+|?@%Mx~^npOYV{O@W_Hxc}JAc&=f>S$mIn|JMy8EEELv0nJ
ze*V^*PjOvovU&Z$@z;l${&T>iFOUWeK=c0JJj{PNk@RnOjbK7U#{(s2t%Lw-PX#Cf
z`s)@n4_9Rx%p&{U7FE3nFrn=punUDy`*Gr0Xk;pu?%``+e2Qs?82NYaYmZ1`_J|$S
z?F|<D(?gtt`^v(TY#5DQU3lPIi_av3Ta&~0_Hs9q_NAOi$`iG?krc%-_m(~nW_Bu4
z^$SX8#72mKbHr;Qi<M_wErhpF$V{WR)bh@VU0I>(gw;$jCP}R#&we3X%v!3#gvAfz
z+_kY%!ChLXeEebD{p_95%Z~%WTq`wP7J{IO`nAl6Mm)I}ZX;=P2@G|_aj!TlJ5$%O
z1qJp(Dz)DW27Q8M;nfu)IH4Qf@9f_B*}xJpUIZuIVmym~yNtD8LenRM{Fzub^wFNo
zdX`|UpHG94gKCgU(|#<{!RH+0Bw7SgG(5=O9_QoWTp`GOp@0Wu{leY^!Wh=K&Su}3
ziIP=<Pgc7>jQZvZkE6EGyvc~^Vy6`8=i47x*nTE?h%D^<!>+$~-oXA9&=%_G*c2e3
zw?IIDr^)@Nzy9lypV&=HY(cc4?pfz%+vYH)#n)Pd-Ko^V2-)feH)YBO35Ig@k@c4M
z+=8ygE+@*j#WM<rq6CD9st%^wl@LU`hSQmj`(E9TcWbXNFHizF;zVA&h>Cr18J)Ds
zOVAh8Jywv@p%aWXG>~suGDSyBXc-hFZSG&m{SCSqlrP;IG2!@jcetF(y^}5;L#-^1
zJC4%QCNNjLi%OXEu8heI`%4_TrnV<8oceAD*bQyAMJ$kgv%;K4N_2t+B3iew1joXp
zDCQ)RxPeWSkw7f&5Z&vs);fHwK0nPP5wF<0Q%bYW*8NSlK;}MZHXLepaJK;@{uvD6
zgO8&57;s6iCD@h8(nSc-7X2Sjv-9+GN-9OT9`hek%jvTsryPzyV0s4;sGuP!t_jC&
zQ}JfTUEs=>hA;IyHJ|4uW#w+uD`W_KhH<I|+x_uw5f|+sSLv9d;~WQ=O=Z#9TkLEj
z$vfJ|6vMf+Ew=dGPYWFai?r9H$bjRre`ZrF`!V!ohS92Py-z}wy~#MfKvg92ob`W=
zl>T?^^>>cV0FnMfgi#s{9H=Jt?jM1<N8XFwujjoNNSEIX*nWNFZ!#iDagx$tf=EGn
zW^6`l+g*6Pt$wF2NN9-R_@tpomm6sfM&mNmGwX5Bbcn=m7f=rc0|3nY7Q**3i^toY
zF@Us`ZzX2$wAA4h2Am)uCLWlzhP1J+;fuhEl6Z_qzE<iop+(Op8)KFM&jPMWDyK`&
zMp`IUl;nke4ODzx!@*dKs)Jv>T@cYWChmw^3!_w%9j^jT=*WyCw%9*&+dr39X??^!
zWr5c`iVjTDBo#^5F53*}={3qD*{~BkGT%IBnK{w2+{A<Lm83{aQ!Z;Vp=DGF^)T3N
z1k5bfWkX|ItOj1GJZ6Rbl(u%$MJG$F!0a_gN5wSx{(P>3dG{I~Xc1rdq+B^WRky$y
zOx7(NqGfSrc=S*;`H(gly3+k2`Op>pM-Ff5W-{Pi7N@gVXUiS5i#%}%?4puuOXL^J
z+x0JkN`!oY1`dxGM7No)U#s{D@8jOL%_EFm&>H~O7fIYi^};2L3gH&4Zld30CVh*}
zkeu&700uY!#vFXNe|y_~zt27r0RaX3{rciBQ2(dfDDgI*Q3R2O&8X}I<h9DG<QtQp
zz*XAGX1ijG)4#J@2rq#5MRaLJC(*Z-oX{1%sCO}vcU^!z<VCVT3Got=$6w^MroBBg
zH+upVqTfK?v6Z3|B2Hh&1~5wo6-w1fU-|DAL3m==K`smL(Krt1muXwDNOU8%#rH}H
zKVJ3s980XD;C-MO6x)JsrfbMQuxGNNR~^{OMLxv;kY`5^EU_Gv%MFl_JXg=?P}|u&
zm`z{I3wZY7!UcTM%@U-KFQ!`q$zK|a>cWKm$T+sQTRP93_M@~t-I|#)Q=5yKmHL7N
z?hZ?R#8M~3T$i9g`^UZ8y!qa}q58_e>9%!>U(`IfZMv05t(R-Maz#;x<haZ=Xwyd+
zqry9TzYF;$-s~3W=Ur|B9`B=6x2()G_3--lfgAyTF1uynF>hZBR!Q0sAk>=-5NucN
z5YJX?B<n=$WUnx@8QpIAIr_IQ^o-=T-2HMeZQl1W&IAjF-L-GWEeL<Y-iQ(M!4Hzi
zUc*YfAejJrq1C@3FJ=E|9|><%{DkoRgN%|L7#q$98avcQd@OwkH74d32vMim3*;fR
z){1sLBDO60fkp4kvcbTpI4hZ4czI;W<J1x++pV|vYgyttQc8LxxB4LHU&#c$8FSL*
zlr{+)yS}t>343$qq)P%d7H`)<0ZZ_=vtE|$l6+!-QBc4gd?Pr|b*WmsNASWmgvxUR
z>O#roP5tIyA0K9fS!ZHkK&c08G4uXjJLuoU`@3EtP`eB$-V!`5V3Ak3CfG}(n~P=w
zaT$)0lo8}WhbFvW+@>=Ydq&o-49Y)_I52?t`VM$=F;h1;%Z4Pb@I2G|AhV>uE8+F^
z`uf8=nSLL%rytHxH@!IVT=C7M=MpHS*QDo?A7i~pH3&6GHHbCHHHaQX;v;)3!Iv-t
zH(|9#zyp@Piv$ar_l~B)w<-6rbA+oc-MF|neUZ}}V{#+v=M$VpXCaLVoZeC$yS(Cd
zZM8QB#2>&BA0Kz^x<q?&F+0fvLXsC!@TRxx#wMqk%<pB>egqNsK^m1A`Sjg_HeWxP
z-hF4?#l<T-E$rC*ux5&+!_6l133m97B-Ri~aN{hkVtZ~5)uk&CZgkE?&+dZ-XXjuM
zD<6)cZ6iR;Gw;y7*d{Y+Gsbj*?{0~;aJsTmS%1ca5>io(x8!i!_4Lv7eGCduE~+z3
z_l6l1{8O!GRt~w1#lGxk#oeGA3t~xBJPiISO<D~LjHbCY1DJMA#6<gXe2znt#pOP=
zQ}Y!nkKk5X%3Tn$Mk)_`Z1|pB$mSo>kjIQgy<l#oy_k}bq;gk*?CcWk24Vqp<xOQP
zdDOCt^s1gJCi>yM5pV4h@F;KCthnP2Cp~s;hi%amSdnwS&gDOgU6mM%d`{Y*%Fl^^
zZu=W36lJ8k$O_}a!df!wC1^!$8bQS4s8zMy3Apr^tIls&K?LB!xH*IMhKhr348Dup
zMik+n(W795#de0yani=Bwz(we=`xxH{ifJY=7?(xJPiej8H}urwHB!LU9_L3r3s1o
zqx*Y0;Bat*E^%8fx-%@4b7<c@ie>4VuApL2GeVqe?fV}di2Mb1-Tv|_7Y2PH^rN%!
zJQ2GGYzr3<Y%(05@;+M1*eI8Mje9DFai$f(`z(V{u>h`gkfC4%0uV8>6e*%7b}oZq
z!_SrL+Yzwln9j>GJXSE$61~Cpku8_BeqhPna*k{P`6%@uhu$6ZU^8&e+AH55>F>LQ
z`4#y!J$#zbhu|_NW6KQe;UMZ#C-7YDQV;13{c^L~>*+((C12pV>ZQg2PUy7G;|+s!
z;HSTfznJ+d$?pPR^0?nGuKu#U|2hj0zxjEd5ox&Fc0Sm}AfQkGxwt164d!e5yF4P&
z(syC#y5Ubf85wSA;^`tyEa<N^_~fMc4`2@kNCyoo#j4PB@#iPk_a9x&_U?0Xy5HT*
zSo94yLIPUOCJ@YQxgE!cZ3t|FpWu?Hf5zvnxN{m_JZX?(sX<aF5k!ot1LO@e6$;r#
zgyJFt)y{YkJzPFv1y2eV8__!;pGnz@W|r3e7z$@a;dTJ2rrS(Ye-*?gF&v9-F0G4m
z(eg1-KZU;==-LXCF#6b_S#+6vT=X=!-h{z`mHxRnZ=z~UX=mrXaDe*P2v!GKn<+bG
z+rka`!aYy&5|f0wAP4wc*_Jh*WKFI{6DI!AzOF3I;HddxWuE@ZnLMuw?U$qiDgqv*
zFD&NZEfH#8Jk=5H2&_Qx^|SI^0j@@Fuicr988US@ZW}ct*D~|wr-P##8JRU9)1yc;
z72S1eF(OJM%l4_`3a6A<Of}Q2TP<EkM)~f$3L)$-h9B2HK{#F~*vy3`nC)7v6X<VR
zDEFc)dtjXq65>pNb4Hk44GeK9weGs^((I<R#k^NI@_;JECrU1h-}zP}xUC!3#+op#
zXzPkkC#0L(DgH`awW!qi<sP@o1*pGxAusuSLhvxI&g0jugi`$q@mHt)LCgEv6-XS*
z-_IC+5$A6uJH=KxFeWryij1G{`n=Iq1Y#M>DE-Zm2=kz0QHpXM+2!mSQaa=kH}gYd
zDIeZ_guU$eK}m^3bDH5gdE)kR_j(1J>$gtKtWMX{n~reIWxZQ78q25b$9w>P6wpr}
z;D~%j)-NOtapiJyUw9UpEuN)G;}rA_U32-V{wP%(orP6158nY9=3dc(Bsd!|$jeTA
z2)EvhP>n$F5WERT_Z*GMj&)Vbs`DdC(&RRm4F$EA4;lVZ=QF9!e1k4?!ehss=Y&E>
zW*ajzHT*ViQ>kr;(dihCiMMLkM<?qv6XQ4<BajFaYoidqw|V;hBRzPIn-|6hgT`S+
zG|T=PGdvl0+S`GI;F#^u%>m>vpPy!><WM%^bE;ruKjBY6Je?%5zEeP$A__3cqf;0M
zraiHIS7xSHm>{3@Mx#nTfTL7|9HS|nOD5ApEryo9Ex=N8HVeLq5ka>I9~Rjqb&Qv&
zn*7FJWG&_!N18(E3T<^mPXS9q@K+=OqWKz!KopC9Q#kF<jNq4A@Ly%w6Lo&Im4i2D
zVj74rO8vvbiT!7UNC^Eg6uR(EDObis&*#_^87)u}lp&ufo}fDJK%G16Zie7|6L+#3
z3L6P_%*~#%C(p7EtX<`wuD_*xeP?>9F2t{-cq913A!M93g^T`L`^-TD$v)<51Tt+{
z3xnVg7>osNggSC9HDO0(1~&-_BUd8@VT(Z$D~LDN`a-rU4aDSV8AJf@Wu&S~6yM_P
zqvJZ3F;p9kK9LcZiD={EwqG%0qxB)gC;K$ZWR;Quyzu_S7g%K%)!{{URk5Gr79hx<
zj6BN~$>z3<_Z9e*(1qE?rINYYG~}*5gv1-&I{0V>R=DXc+2`rz(JvLgNOY`)oucp4
zF>^iGYq<1{M<rvkBktXV6Br_B<<C@)rS7K=G)z}+JVkeyG+{h<*p&j+w(SBRsV?u}
zL6{KbY%ZQ8H9-2Q=h8GP0BDUiS?!SNKNGi+u)spcF^ABxVrs~DxSPdVBki#cn8T<*
zUN+KHi*ck*!Lg3NBYmk?P=+(HHk2M<mtRI^d?Qdsi+x?K&Q~o{-_PNxS6ywwCD%{<
z=2Y2|?r3Z-!{ubN7iNX}oq(=!q8&^_iw5wsO$~)`*8<zc5%svr_Gx(mP;=K-j%}Nw
zvG-PWQ#oX*-+dD%_o=D#eYz4sXT>vW9?=Z0<n(-k5X~e+-T(zO!N_4R#9YmRjDD<2
zHJLv2hh7Rdm=vmr&l`D-Axj$~S7>};TU4M3BJd#R^2C8$5~=qJ!i_iF;aW~<(C$em
zgjL@TdA4^x9X~J*L*W>YUelwvmxW>9l^OUjX_aztD+^aGnB-SG<wZ9ses(Di)+)0S
z(K#2wvntpC$e?SLt%|H43E_P%klS*huq;e^N-RyISMg}oDuu~;DwdNa^VR2m#G7pn
zC5zug;tRUL@4wWo+l%46uij7QClQMqIwC=mbPap<KO2-bG(FnIy?sD8js09sx%Vki
zsIDsCB8KxC=db2NeI<%84K$w%VA}LM@@fBRKK~WG0_QRW(1zdgQf81~6C+^5w;-h9
zqP{?niMDcEirbA{^k}8ilgXqH7>|G16zTpl{ZR#v0N4An7je&xoz8}eG1{g0z<TQJ
zb!z!~bNAc%uPez0I)WeOm<E`LCJGs`3|O)5gK{i~fl}HKOuPz=5h28!6cZhh;>`Hc
zq4eoZqbX#8@jLA(eO7XQl80mI?4GLhduh!D2Xx`2b<ufR?QLe^2bzo%h%$P8+Dn(=
z>1Ti;kogwfhKY`^kJ`;}ZJ&@pCU;hR!mL)?4!+e6LcpAU+-Yx9C0Fxh_ADhhN-tU!
zr5om(r>74MCl+6P9C);V85^qY)wbnsVhG4K**?u|5w!4ArmU%QoZ`(eU7uIvg;r+j
zEz_+3yoZ?98*oB2&NQ`OEvtq#Z8H@<v07J!DwVc|s>Ln)CZoPm!0aHm%<{dM%HcNK
zMp&#y)u}*ykPW_ET|{ZH1~W=uLC7_>eL_~cLao9Oh7?n-BwaIq8zy^99a&mUbq%$U
zjg)NSHAM)xJlZsECq*`FyPiP<To<s1Dah|Lnl#&p8*FhoY+r%fBy-Z?v^37On=%P*
z{aoiC_`X>qUGq8vTVOJ#j>BaAiUB#AyXyim=m7Jp|FKDojuRF`dBL=`gbqK5*b&09
z|AT0d)FDwuE=3eCOo#-4r7(uoT==sMa;y-6Mq}H%7tAlQ53tp9)U}UTkL*`?Wlj(_
zWp)sGki^jn7m}g+*s!Lc3j)sW2xMYTozPq&JB*LVH{FWE4Bsvk{SY}uq>!>muDnp$
zG)u$=Rc-P%I#RJMis(_Ck5B+3TmVYj#nR7K3o=g><a7K;-atwJ7ra^6T|`WohI!6A
zn6aOhoOcj-tn(uu;nPlF<35$qSfOc^bl?nZ4v^}yt0tCxO6;{+vnV^HADRkdQSqZ5
zII>1Ji+JBI3+3w_#(7iMv^5MS1o+!}z_)i39!CER7=A}=`JZ<3e-&F+l$GumK+CMM
zsHpW>JU5bGg4N-b5(R22q9LkzY!+L!kxdS*%U*tVN9qmW?;#-Tk`+Zn2M2Sn|GY7=
zOXmLO<_%^S`GN$}lw9-Wl-i~IyGdzgxk@WbaL~R%4pGaD@Mz7FYFWo91(?Oz03lKF
z#$uerQy=A~Z=4?v)%eVjC8}dwm^o=Hs(n6WvKGZ$9;2|l-Oj_yz@^q>tn@Mcyab{u
z_GVa1e~o$3aRg~e$Em3+ZLvQEag_Ts)|}I`+TM}1ZVmxUU`kBfMCM#sm0`?N_LMB?
z*ThXb*Vj0k97SQQBy6?XA-k*dQ>>}CD=`n|*`v>|y4fZxoWa3*hjCgK#bHif)+|0Y
zEa7iHOst0~5Eq|dCcerwO5p*cg}o)X@5)TNg_=|&V6=)=li<*`G9#sWL`fVu$jKdT
z&Nq>BF+8;2+1=gZYFL!L$sSO>*`+i~90ghgT|4bQ`+)w{&xvT=s^|gnQwRFG-)!mq
z3iyDXpTCv;vJ}UqfI%Oh#c)^UlG?G+(OCHm;dc49&}<MI2m1XHtDLeavv7R!Ycd?N
z_5+Adq8kf3K?@RYs;2|6K<vQc{;MNz7np?&YOSIu(jGa<+=MArB1Pjmq;PVw$prr4
zNP?O5NoqX9f;n+t4c^F5^Mw`dGK+ESp1^o(XpA}YMj6#UF3gU$6;-h^7zo{sL~0xb
zu;%yC-ivVkQ6;8>AHYPb1qcEb{m_=qZYT`N-DsT#pr$DCZl5KRev}m6YV|6#XNE94
zQZF_|+5n)A76PxN9$_*zn@>Dk@uVpiYr`S?FZuUP4`23R=Sd}R<q!1JP0H-y+kHa0
zn&&2fMZN*k=M_`5XLtCMIS7agd60=1=|-7fs7XV~>mxoM0Bd}5XL(YMT}ZjXCPHE_
zuw@;Oku_V3P$4mtUaeMKt7M4NsO%rgW5B!f^+YAD8s0-^+%!4dKk@t(HG-7l+9)7u
zcmHeD{;rA}_XldhZ#V3k$5ksHpS0b<0!k~SIP&4B+De^r<aSt1xLJ(nwyj!`dV>(R
zgu^K2Ju1StdVr8!y%A81UXSmfegU)IjT@ZfWCm8Z27Ai`*n-!>U=z!j3!7cB;nU`8
z$gqm7sAE$)ZIuC5vo~eRl|j`PI6^e-`0OmjRffSknx%a7#6OzIIQp(tS@vs@1*H#@
zZGZ(l*>4wZtT4gPx<LlC$;Cv^_;FIJjnRj2XAwO+pC+T7WCy1bP7&`SHk+}o%$lns
zBVhx+_i|UE;>%*DA{(xoqr1V(9(7ZNZ$b=|hVY$^Ihss!{B+;)uAnD`D*0kDfu<mo
z_Tz#;+^qC@&!OLz1HOy<xRVl=4WY||qIIu!!CMb|BaFlcSsdJ_8_{|W$IPIcH8tzc
zmTddacP`?husdjul8$ih;X!`yP*wZ@k}`2)=@p5}YMt$_F$*C)IZpSZ{is6jx!5Sy
zqW7YO8s#jB5jWEYuN0OZi5?OQ1$w17??@Jc209=9*1Q4umz5g=G1dfP{J)4m{zm~<
zMOpbipjQpLq6+uV#peo3t+~|aⅅ?ho1!t3}`N@tSLNYKNWh=!jBAt^8La;_RxeB
z<-u4hxp|UtZ^~`6xuK^ElDU-&4b=`&s5qXN-H$JPrwuXYgf%x=KosCuHXNU~rtH^|
z^^*h(VPJ%$cy7M>BA8gINiQKftvvNdWk~@Hutr-FkHd7iKnaAnS6#$N`eNh)YV)Ft
z6>M+Z6EC*Eus=4Y2n+VJoNlA(XL1aGPvX>z_F0*>Vk1-&j0*R?`_w$QMkf>V#P{2{
zcV*|t?z>}FCiAM@{M9zMWX7>{25=_9^S(u<Ef3NMmYd&t<!yZNgSnaE5r6@w5f&Y<
z#RKj8M_JtX+k^33!R`^iP9=SI=0#lR%vfYo&1wCZQBHZbjMxxL1-dE>g#k#S0-uDY
z$`<L=y49*3io&ji!9bgYV2by*i%ToL*@upC^Xyr8eRyp&VQo+U>c;$|k&<%fJowA0
z$^oJK%^CJzPW8WaN&k%-Z2muRn{`9!A3W?u;uGL>(;9=7Ua_605A5FSP5q;l68RbK
zk_10e_Q`a!gJa&}=dV<H3mi(6^E(}3l;-<e+&kb3Kea;fc&sfx0#>FpUo!k&Htg={
z8o{VJp%^~XVzx^V2U=X+OS;p9${@TMAD(OrbP!L{T4-2_7*k9X^bj$&mcMu~|3ffh
zBEz|}z?EbO5rH%d+D2xi<>ZD8E%?0%;}6$@G$+~Np;213Yrr{^@TKL^*bF7!0N07~
z=C|vSq;F$l6<(fdtKrfkgj#(VWAG(!)8lrpDI<$rUjqpGUU}i2jWMy=`{IY0HQnYe
zG;psnI7v6BT?GPsBEUS0daTvUxd5C*BohtUz4!_C*_P}?h>E$Insm9L2tc1oZlhtJ
z!f4X0H7qaTT^0eeN{%3p3#h1S4B(p$AufRhf@afJ5$195uYtt>?-trG{fWOi<^{JA
z7c(I8CBN^Oe|_YCklR$$k_H9Jm5b?o*4UV<W)O_EU=_JBeo(q;5XpV`2&j{*Y-i`8
zxvBRE%?<Gp;HT!UhYi9I{0UsTcg<j_KPUM5`Q21aPDoG{uF`jQ6N-R!_&dzGl)03)
z{#a|=dn~0-y(0#cD|4>41*1KRd`uV6W#4-h+`RJ&ml=8z@yBC-^u13UA5?)Ke*dlS
zc9(EB593v$G!CR?j@Rqrp>bv^OTlms)i#3&hr5lTBQ(Ao;iv8dcuYg)_=+jE6}y@A
zIH_=ON9QnATw~B8YS(zXrsQVSBo*F#l4>&1CIT^=lWk$E=;KfI5-}YC>@?7DN_2%m
z^8QDD`jMH(aW;7JgdRP6mx3c!1#GCB0@_pt7*nzQ^dh{Hq*+Tgy`Jn+NkVZpynv7q
zWx5Fn^@8^cUyY0m&SJR@7ABWiQ1s5cBJtx&kSP`p%0>N;4!O1i#!H_QleDKS6_-XC
zG;Yf6)#&aP`2S|N*ksz;%s}*@fav{Zzx)ph{B<c@;ZJ9)Du@=;PL4egi13L?TZWg-
z67<KbW_n%W>9))G+m*fy?;irf>;6nb0rrUJrx_e9Jj?en-#Ffp+-P$ivMLNIA`G)R
zVU>R)M)&AbIMbWJ%EW1f##+gi=x^t}6lNpgXO|dG02y>t>YL)3nU#)XisUULma~FQ
zCi;dp*f;G~Or;a6ss4p#vVJ&~KQ`Z3Y&JD7JIF)M-d4NK`?Dy{Hd7ID_x&e>++lWU
zllpa6pRZVJWfQ7M8?YG#w<f#|6XevT?6ooMU~gv3!4=(TeljR&uL`o)x0=*ZsMq!H
zPpJHs(TbNQ24u~OKS46+%MZ5MS~k9upJi-pCF>c?KAM=Q%5pROPBxCO{juPt$_4Ib
z!h8xYWFxuJv4-OsY_K0HX#WEBuO@V&TqOkp1mF@_yZ&E*@Hf@O_*L6q(@1YN+9i^i
zO@(wJ$;w>C^aJHcgo<eN0(42BrOu0RXYA3EI$SPo8wzf;^u(m}e@qYVv`9**5P4mm
zpPfuJzeV4FJ15`=vCdNy0Xc@4`0;*RC)tzsUIV{|ccLJDIQYvWb110JhY?kdXz<8y
z_TwMa&B5c|y1rRF0TkGU!&R_rDf&suKy}Rog$ba-delhNY{XrPTu*p3oBDIpIKz?^
zrOPp(aEr2bS)J}YyPiBKS64yz2EKhROtxK9#?MnLk3xOa;LeL&nF`qtJ3q2vSFw&F
zQ!RD`mlAPkRCyx&NFu$+N1q`bj9e>@Hs(&zJ(GU2&vU?%AT8e?Hm_6VUz(MjE$!CK
z+$lNYSC;h!NAY8~MidJjnqr;4(Q+R-zDA3G1%{di{`D24EiC8TGK=4bxAKc^Ig04l
zatF_K+e%h0l`HFxP3eNJHl0nlj}Sf)9=D46Ojgs3k<K2B5EmS9y{;sU=C^@jy^241
z1~}3ua%D6NkxP5O1h}Vb1d!6|$BFq#ml}W38QWcp?_3^^w7H4HG1!kI@s<jjhJNG~
z)xj?`qs*o=;Bu}N@&q&I3rN4yBp52J;=a_4s+}Mj-`z~Ct47cu2^dH>3D_^}#REM<
zc|L`J{KRsIT`iAQsC7VraE5xm1sZT;r?gbnuz&ZrV(167)P<iw!xjQ6!Tyfy9xzM&
zW!V20*}eElAh*zhrb)}@No~QX{FJ2f==j3|EJ0Av!JP$>t@AN{G{L#-5Uhpau102E
zY12}ZV(`903~Jd?mo-Kq`Z3t*T0Q+@y1&xx^Y#F<MU}mv*zbZc{#~)IV%IM|L<*nE
zU0bvyoIc=AGmw~1pVGC>3_huU<Q6j>4B10`C+>6<)fP&{0)aRL%1j%!aVjF|Mw=9#
z0V?iB7T@t;jYatks!wi$bT4nbr~<ZFW^z|rUsLxfxnwPTXpSg&(@b5`)C&G|N`Hi*
z1?yslBjz;kpwQd7rj5tQ^5xW^lqw$WLpH5KrAqkBG^H#D3oazDWb{Mnm$4{TG@-1q
zFL~TfHU~F5Uzk;;&^+B`4CdByx1of*qY9-NwksMwavkyH6)({1ddl0B6+{O|v#re-
z<d*DUEIC_KF00f9IS0SI;nMbJ_&RgXnxh3dwpZEXiZh$2XS`nz=M(qBz}JcP?qh!u
zVk;E~Q~p4-XknscjFu94uD?l1WkALO(ymUnNCC-eA4S~n+;Fvjze}%ZjoB%k7&%5Z
zraVABR;XjiYTm6I+{RUVK$$elT94Xrv<~hOE6fH_CF6cu*(T2G7+j=N%X-Vlymb0l
zSwwt{Rh!MAZ?jv;bFHBnck8eI6HYyY>-fw|t#QOdwDJ{nNo}ev<#z4uUlGGU!aPZK
zw{CQxr<wtJs^5&zf3fO+)NzZK{fx?l6s$*KFi*OQai!P=7X)fSZ4e&#u2DonK(PXv
z6y>&Oa+$5HVDfC+S;`lvtx+z8%jvKMoQ%yVf`Nbu>!13*lQw)l@$@r>K@Y@QzcZ3c
zn<g*xc&Sp|v46-`vtDzcirAJ#MFj<-uawej-l)_icw68?AP{VWO*1G!7Sc>QXsiM2
zYO;|pxUYUB1wH}~eeBbYq8=do5NZxXJRABhP|YO=0?t&A3?7ju4&M$L?z5f)38Wu@
zf|rT-Cg{%Qi&cNZJ;=EQGI?LUzenH3#~g`kZOqxIp%oJS0<MBfXJ1ObdJB`Jm$X7a
z4i`LqoQsdMCu|~{l^_}0B-KyFZ_qXpQY)|TgLH8{n45+rkzLLCTOGBQZLPY;yR8`P
z6#b6#!-6B&8nhD?TxtWa>FKvo`UBq5;rr)(7u|oc$+zq@dWUl^*kBpJvm3Sm<;Uuk
zI^e|-CXZeC!|Kw&<)QH?w!QXdfrrc+@(zRMrfvUlooUzFw}E;l9h-tjo<}Y_j(?sT
z@~21yF2)GAg&lf?@wz1F)V4Nkd44i_ci{={qm<PPbgSAA=tn9;5cj(KQoDe&&Yb*Y
z@*}LVYJhnmtoaF6LzW;O9G#5&9_v%6Ta20d6wG)p#8@rulc$rZ#_Dd>gU2xo?50G?
z?XX4t)UdKtv$>Ld=vuZ#TlOr2nPa=q=3;~GBgJ3e#TCw_@n6GyyFkYM=5*FCw*6fn
zEpA$FRRC$ITh@Ob986XSw8-~|h;kf+TrMF!p-0$ZFI~t6dlORx?yAP;tyWHve~#22
ztCRNRl_LU|^EaP)S$<x)xgzRA9jmIVSLweeh}2-&H^RypdzjG28<7AA2XF7+vjop6
zo;<=!^I<)f6bNp9>K5fMl<EA?PRxrcmCh-jd=n&t<>FZj+aeL@`NNUUU*S$U+Y;Gb
z$ep}5Y5$0E*B3?JocetmJY3n=m>>)}UM2e4^o&kvdonl5{4Z|+y{GE4^yu=9$kJCe
zVG^WKtl+Om(Q3@F%py!|&9}`dA~~`0g;-{nt=-XaE0jA~Q4FQa58<ELlV^>;ziw(^
zwY^c>@AMKz>n3v*kcK4{i&EM1wU-V#5y@@0Uui$#gZ+$f_V@(1Pvf7qF{(zny^HnO
zdPnyi0S~q`zOil>a({FM732}(ssV;}Z;)S7hme2sl}Rj52fKh%ly)xX3mx@|!UT(o
z74fv<{tbR(WdJue*9~KcCZuNiRk?;sjN4BZ+T%2nG>Q@Rs!G$ne{IP8f2SgUXs-Na
zn(y6@G=EAUU-p4Nzd6nO>mz>^0#o1vuGwJvz(S3<hv(OEa-|X~mPbSc4{nKQGY-@w
z75JsM9~XUNd8UIh+TKD0ib`(cf53{u+h{(YKPWi;c0Ww<g~rLt&74DVP!KEx0hejv
zvuggym%J6e3`RFs4|*(3lBAIk-fYQhN>gN_)42DdtjJ=mt>Ap^Dp>t{5*ZL5%Aix?
zwQ55bXm`@kN3~O1!CGp)(8ax4q((p6_ahn4y{}g&yrPO8DdllKl5O?-p4dxpycT$+
z+gg*Wa-TC80j(g+*F&!f|MFJEqWwk&?TmZ8`-ydGUIixt^@$VFR<&mhqLkfydjacK
z^BnJ_k#i$olc7hMwG7e<)XQ4AWLUoh4KY;5{$%44hZ?6*FZZCZl@gcRO6_RN<>rCd
z?d#0R+uznCtazTjgaQBSTfd)1{8KXLKXvEhMx}sbl)-OP?ASXPQ9u1DIBJj~5aYB(
z5K(|r?VT(Z<ank9C8$@L_#ziuU=Iq0w*wIQ#P6L{omF25RQVXb%1^(GuGJC2uSgg%
zm`rzu!g<e*1$#iPQalv9zWSMImp(t*IJK%mf&EEP3&1mbN2OdXUVWh@MC0izzc2HN
z41V}l!c%*o?^Mb*@Swt_50#`ZdIm28xV&hvb*+^rYDdvQ9grX~j|3t}?RlGx34InZ
zvm;xedZ;?D*w>)_s%t{2`(6hN2R$e(fG!v&zcFx=V0gX3bB>LQo*#2@d~<xjO3eFL
zW4$^374v$;C0XH%av$x!RH=TL-<zXGaD6wLEgHDuLy_g(A3l9pjuGh7!GKjcX+xi^
z0q~bK0-hU=>l!_bi76=;f7?u6k{o_F@b(hI0Li)_*47B(<+)N2Wi-ESiwT7k^lu|(
z*7v<Xz?k&_hUt972=Xw}1=X(pQHNQftn&8JUTIUH7{2+Y!(|jAd@n&#i2PzYa*H&d
z|LTR;ca5gjfY_e@es=OtZ2v<JDe2GbL{_OpQb!XQKjJEzCt-w<efW|~scjc4Ku-vv
z+PTgdaXdnCYD;~su1)yQ<m5O|%^{RBnU{s<=XCSV<?Hk93)B~SmvlS33O|Uored2(
zH9S{9%lH;AT*Ax^W_i}SaPUfm6D5{f2V>m%(4|0mj3JU@@m^6^==&hpQ;+n@v>gQ&
zr%n|JZR0-v<h4*jSg3R>lK4CY;f$>@;3?V%s65t1$e&Kt$@`Sim`gkx5}DBWVWeB<
zP$Wkg-m8*q&FxjovcdZmYbj|k^CI7B`3yQ`yo1SLpK==GE;9_m);OqT{QWyh<;kiv
zAcO-bzxIzv4Av}DbxpE=6`hKC-!Uo&;_y*c6~|Fz!IB@3MsF^CsPXyW=lQC#&O+^>
zA^Ha$>#gtztCp#rH^)Tym^alQCH9%*W~wjt$wgy~4K_Gj-;}aM<}Tu<9<;KMZ=AZ!
z=XLD$b08R38J8ieINeR_JvV#06chv#DwRoj)QOMfz;{zdS+sj#%dG8Vyavnf&%8zV
zD%&)S2^3_T3AM9Ji@|YbYeE<DTf}^#Hlz;<Kav6p9F@PpEy6cy7JnoH%yX$cm5>2c
ztzV-wX_P%hyg!CWr4)*EDynQgBm9*vXM}Pplt4FN4s0X;W_#rqUH%81orHf5-}*TS
zOwZ+4$ya@U5-D@Bk?|IuH*b)&4r3F--lQLvidkFNbxGNO{`c^0y({G@h*U>l+Vb+-
zv#rbB!{zm=>$~qDn*N}?wEhq=k!4u*7BcIpba41u7l8sk(+Jv~@`PHeykxPSWNn!O
ztw)g0r#<I(%cgjUEJ?+7sjg#%R!jZHayhNxJ+{gt_$EY-Q=E&H2d#LbNv47+qt%iM
zWfr@h4Rjj0A7PK0HNN_tt7-dQ@PUpun&xD&0BUo^<+;7j4ug-#anjbu9?1RX1a~hK
z+KCk~tSKtL^%2#?3TWjd?!RW(!fwpXA$Tx(eQYZ&kBmUU5E7>z?@21TJXAax>mQIX
z6i-POMe8`Q)E`(ZOrXpTdgX&lw;tx(+f!(J;vmcJB7>a!5mMb6R1{&f&hE^PmS-#s
zQN3b^YP(!xnqMBqzJ>2+_GYgKj{R2d5O^N3<zQlk6fCqIwv+%yML*3~ZJ`%*BM}7s
z>KIoOO<)Q#q5RG;`il$xCp11m{!eePyDX4cHM9FW#t7B9ji?~B0$6;0qUu6PR2$+s
zOn|4Q4<nJ~()M>$OD6+?Ng`~dsnEkAg;tmcGYmVQO~e57N;%Uqo$oow73(c5!OA?9
zOWnq)0H;`G46#oRrU1Y$%<kL*SRuY#UUii0*3_=<!Q28#A-;T`+OS7w1i=Eh<wsdQ
zK|ni|%5!^R>HQ7>s{3Cr(SHXLg#WJ@Toa4G6*E1@K+7kAzRnlu>llCIw?#~Vn_vzm
zDx#AASP6?#{$nM~JA<<p2b3!K>LsqpqHHxD9i^F&R3rjzw1-HMbgQAMxthdC{H_?b
zJCsJd6x^Q%g&&s5Dg?1iV5dLwz<s|nZTYtOoS^$%OUNW-vfbhU8ypRS_Amk*2i=-w
zuKz0e3b`5<05P9b2@$JYYbvzYEfX?6Z%-`Di{1Nl)S9v*6=_x08#zV<<H+qjHh^&q
z%VnJvt~C|<O~HYzkMqhQn<fsN7_KEAc{9O>mYHkq{63U75kR5H&n1DiM(0W!JrH@o
z%oAR;z2lW1wkva)2Ynxi!gsLP?f7a;0z#4t8r(Q9iAAm0V`pXn7$VFv?eao7y430(
z23Y!&V{`V`)FP#YHIgsQ&T4tF5H*?TEJcZ;xa4>m9nr`(_ttbiIJ}j}lAKSgkdH+*
z%WENIapKLB6xEGnP;(LH1j1+RN!qWIGxTOVq8Qq}#=D`oFT0AV2Z`RR@S`(!3f0Mm
z0~dR{n!Mrfx*oietvlc0Ws<DYqR#X&y9Zy_91K$Jsg7>G1dc`EwLgIjMeC6KL{HZ7
zjVNMfwj5^6!Oo#7YvXadmlk;=5%_?&#t^tdwyZ7Dt<xhK4^TLuX;E?VX)W!#`djL&
zl^U2o52OakZ&Kq=b)J7wL+PKlX3t!tHE8K!HATQJgsAMd#kawRpbVH~E%h{i_Q0hz
z^)nkU+nAOV`ilC3F?_V}`n4|->6$DiDHABOzrp2t-gz*w{`hzdyv8}L__as4DsmAP
z-=HdT*rd|aZQCHA*XFhlQ71Upo17jzMik|;dX_ru4in>Uo|J`{$s1Xol&l+WvzZ%y
zu*R`R!J`1hWCLZ*_695S#Yu!~u}R9<%;95f8wF%-L)Cm<=uaV<2s6Rq%<@Qs<}5&H
zL@j2vl&uI_h2Rj~p2Q(Chtg%gO2|#)hbD>G66W}PG5Fh4?TbV+B|V@#L%p>%&Pdr0
zK4d&-k~?g1_#l{C>y6BDg`;9rzQmBRv5MCsZ&NF8+O78p0$A?Z?%!`N(X;}gn3Z5;
z1;`664(?p@;GX4`IN3BC;u8`Lj*E*4qQbHERhRI_^SBk`6Fa&FonBvlM3GqMihPEk
z%nxSX7ce4H$yM!tW;;Q;`)ZKFUe7|TRRm2jJ<`sj*W0yA6=5vxUK8DJ{89l9u1-8{
zhj?!`ILt*<vjGpgsqh?`WV$u;1NGT-YahAU?MVC80w)&#=gh$cXoXuCTgMnx^4FCK
z$`cDLn$|if_tXBrP5&>$6LYoz3GxVh{1|@2cS!z2*5Tj$kd+6fsX*6Z4^7lSC41y5
zC`ydrw1^5-E(NVbrL-U%zu!}oJ`kZ{d}7`icJ=82QQHIbc7~uQMra}(T2+V|m$#lJ
z{eFMat-AW{8R7!s*aWRsvu~VP_lGmgXRnUiOF2UR@5itU+!U;2Sc<q~*=*eJT_KY1
z5;z;tRzXBj$rSeI^wyU)1S60Kzj80#;h<WxLxOJjpxBK%hz|pXcb!UQa)RR=CPqW^
zL9kA@-RJ6uxzWvCP*A0?=MU8-r40&0%AD}PnEe{0#_x_enVL2&>v8o;XhonvaWc}@
z(qxj-#Ky)FoK7w*O-*w8!0H-SInhRBTSlMy8+kPu(o*A|s<YYvI^U+>YxWXT^ByEd
z#@wTO^`!TJitC8_F@r{l%lFQ`Q53V)2d`Wz5?@>rP35SGgGO+lMlDJZSPXhDyASA|
zy&Vn_Eh%hWzjN@y{V28dST{1b=W7_l|6{4wC5$D$Q(y1F3FMN8rmT+6bQFQMzG@9)
z3nshnz_X{Gt0jZ&9bi)P4CRqUC4-H@6Yc6?;}K5_-MvXGa%~8<*{SkYYd3STQ|*Em
zRe9Qu!S-Lz&p!%et_q%;_CON&07*do8zfM5vatT=(*YbI?g!$ZkeZ6ScCTm$Lq=Ge
zpARjxjg$l-3JS3f6bcm^3OhmAjxjek7s$^o+$umaLJdTV)&G<}JJG>$ZF+zD@(9tx
zjv-ycsL_X3Y%}pal?=_rxo{GnNUtgjwX*;JaQ4nYvPN6_X4$rFyXur}+qP}nwr$(C
zjZ?OD%5@4;9k+YB@12<G`<sZ|e`RDu?)<)Q=X&0?*1KBkAc$jQmnB|)t2iii5}J+X
zw2}`wVP3M_kkUGpAP;sf#R3y@Ep{mmjuR}~5+M;2>y7p@NJcRi4RID!Cy9!Ayem@Y
z)hoGZ{t?}Y6dqwOU@A;;R_yF#Eu;)0wlL-q3YQlRFi%$(6X<araPp}|RQ)<Z4lOn)
z++@8F)-{XzFqfcU{k^@eG{(7InO?aqselTTuWwWv=s|<9`qe~c@aWZFv8k9#Nb^aW
zEDxEy@trtnr}=5(Qr72$J2n20S4s{pdED6Y3+XE2vwsx%jF1|>k=A%Z1!Y5(7m%W0
zx_A6uKF+)U4Cn8D%#7HPu7Q?Y{ht>f9ZQY0b2*aT1nE%*QN~nQ{JA^if6>cdGlV?=
zelA+(&+*RqZ(KNa8|$AE@E^kYuje;KQRk;u421_6x=ZAp&{E~YniiGBwUA7;gptu-
z0@+$Z!0_D=EPc@;Ri}{);VbeJkoReXTn7LBKW4^u0jnS(S8ZHvdChLcIoX~3jay;{
zkc*ca7_b3%Q*4j&g1g~Tcc`~K42WS3b-$d!6DoBj5e@7byu1&EOJ1X9oKEwhUmjed
z-G?I$k}1Ha?z+W5iuq&PGs$3f6)a^-DR;i6%&2G1sBY3H^(%_?cp}H3k2a{(yo<^5
z*e!SyDIoGLx%sgG3KMVbBY$j!-x-c{?WeiSb(|Pd2hsVb_t@{O%LOsGQDd7dq!mgc
z>w@X%k7*zyya|J2$%)uLK_$UhCc8)-Q8NYVGp3=CWs|1^jZo!2d{C@+6_Jk=vk!aW
z5er&_a8s<XK5^P8C*C3ygvtl+HTl&mu%uHotMWY`S&_pRSv}`!!1^<scW6sgW$)Ug
zNqh0&D8K7+Kw@*%jNkf7-fcmB9P0XGDgd;`G$AOJG=-=h+Bqi9_T1ba$bJZBc5$8v
zbnycdV>S(Omir^>RTSjJd<Kg#oZ6YR9FYAF5HrynzO%eFAp%^XGB?<T`wa>*8ex(n
z@@3eMoo?L+OJ$FZ_&QB&Xb)+S_a#>^wfBR)WutJDe!zHek5OA2Letj=rIi;MC)3F-
zOQ(qLz;3Yso67WP{cB#8UA=2??dKfe_;;ZBCk*|$o&KAE{`;0%u>9!(<4Lk^WR%g;
zVYO^-t$<|#;}XXAE{9MgMhS%9wxRIJB1yVVp0Q2OfPF*#4DEd_e%%9qRXEtTi7(Vo
zG5HA>9DfodVQ*iDm+SyK&6V~G<$DIGarFuVhfr)f)*a?d9OS-y`giZAhIH;E2l0PZ
zt2nmI)Oo}WjYO=$i6lvd-pWt$&6Y+6vWNrgl&i0-0=upO8F5LBurzP0)O+R1gerg;
zqm4&%qJ>!yG)>$$oUbyNV77e=h3HHToyj^-4T?iU&A7${<2q6z^Q4RTqt>O7cwjxl
zNTyUmK`I!9tk~0f_Czl{NND-ko1#VNXyAokRn;4Ic}*yan=SvoYlK$j6?>BGR!AS_
z?7H5XfUs5@#yrwX8|zrF-GOi!4``b^3QHx4rUrbU)|^rKA+Kqv)50A}4Awj0J~XHx
z4n;D3Nyjb=OZ+)M=6iiS1vbwsj9}uy%?}5oY6oNrmk;O#Q?1=Y+W(DuH9yBxL{Y00
zrevBdCC3-!Gbv`PNOL-aW~)%G1J^%fGil6wLkB<QO*nt$9zsvyD_r5eaF0X9r(biJ
z@+Z)9c7*<b6A^Gud;#zL$`E+2Ap-ra@SSwSQ9*UZfqu=6kMDc${}#Fbe*lZM>%RaC
zg^*}@7#sk=6v4l7Z2f#%(#hFc(BS9Tl2-l4-%g1-w71r&3g1}oj~6=jnCe404!KKW
zX#?q|<?m9NY_-pL>@wdGN1QU;;<e|N8tGIN9m*Ey>gbp;UEH{yMMer8LSRjM1Bb*=
zR}=p3R5Jq@FziFdQGXy{RgAcrzj?R16OqJRvhNRbyDvEpKD!=%r`c6%eGh|D!p%{;
zCuIhnGh%+)0%K=#-j5y`-^!u%uZ$lV)nD47^pkh!j_>p)Poz1$S7oe^nc44ElJ8KT
zEwX;Z{ks>BZoKc6d0)A`WOsbycP@ON#Ggqp-!wy)OdnBsUnyTRa=ZC{=#t-rr(a5C
zcJCFrJM-s#AI&l+-_J|ekD+nB$7SCI-z(?eAItpTdJ?;(w`Y%~d4mXfkjzbSQ{LKi
z<?J8ILzysmnBDm^oiM$UwfcN4dy+q+IM!Y*=+y*(bT3aWYws7j<9N>w{p0NJ?>X`7
zUhcv0?NB(|CJ~l9R^`IZS##Lm&LP$&>NP@XnUv4Hv+~~0SusK`U3N4jf(T&WH=TEC
zAFidX3W<TqH$y{Z;hJGvpO`>BWi!mC#RsKjMGZHkxqo%QhjA)Oa9NQx4Ve;|F{Z$`
z!7_Om;(h`voN>)R^FJ0tS7S!w@u0=PqVB1)pk3bFP7Sfz00Z-E<Jt&`wErP)04%L6
zKn7k&8hhs~(%JS|kR`jJ6Vpae3i*A0h93<TnBfhzu);-RuYnhfdyUx64IlSNrEav?
z6u~UiWRbv~7QyVXglR>@3w&NmyU9jgV_-#-HHp$ZXL1-39u)Mv)1d4~#5>X4YTmXc
zJ+&H)DW`rI|3ru&mF~)xSzlUX+=|WdU7W&WO*V#%MzOmvzn(NHEoxedjJTN{A*~V7
zoYFv?vl^Tsbu<S#@p*5|?S)Xt#sbG|fm`7qr9PIVs%PuDJPDIg1Susf6O$2P!2IL+
zD`L4((LS?Wt)5}wWIY*aJToEey&M}3JT^1!4l){!)6f**y3`u#89JbZoXVgyDyhyt
z=x;VH?7cN@_+~Ej(n8n(V@hVImB9>2js44{ETn-oDF#OWf~D!CcQh=GkLBtvsw}Z5
zR*XO;0~Fqdy3s?ADiu4+krpQhvuV*0klZ8k{COoKjr^#bI1EQN3sVbj^tUM3a^n<A
z+uY;=%hE|o?1A*Pigtq%&1w!Q9Tz*7vhXpJ<lzDJC9cb1g}9p^qwZAY-O3^Z?9#J}
zIyPdWo1rt<z3pcHuye7&%1$@bk~$Ura$5XhcuudReeg0%;KsBms6R<~Q-d}cFgg>i
zHlsW$Ggq2y8PmpiA(Fyb3Uf}|IWS$!5lE5y!E=0s+WVf2rMjRQw<UcsC)ux|AQ5<&
zvn;kIBPFPksuICbo3onr+a3*Iu4yK5Ea@8dyR+H?MZ`8PMNBCP;DOH4rZ<x-XQDow
z4A<1rWQ#Tv2M-qVx}J{xN`Jbm^{G3<r1RC|+W!4Se8d$}YoZAmw<UTd(qJhqqx*<<
z<E6h?sqpsVH3wbI+*k+O(`GTKx5Ro`9twY_Eym@6l^#nvlP)%fM-~6<vC&$=@1Hc}
zD5bPx=E$0vCH$070=fv+f&@EGVBA$suDO3{P=Zx?>*p>>kY<|Eq{OdjF`kgYk)sa}
z%+N2%UtFsqMffQxv^s~E=e!zGX`H7faSDuSJ9mV(__*xf;`4+YoT7wApfEMWaE)f1
z*GgOdCY)MUl?=n4zN4G)ews<5q3dIpOuVOigAwKps$TLAO8ab3reijB87WCsMPC_5
zBQ%<anPIAFg32&w#DU?IC6;zk+OY0qMM^lNb*0;2O3jST?^3YX$QLso&IgIXdgPeF
zN-k^`kQm4*jTYdeXty9#>RE;XyWQh*-m$O;W<Pm}qOqHgdc^s2|71zJL_0rv{!}Qm
zFp#t`Fz_XiBLo)KF_91Yo-JT@rjU~bYr7vl;P!_u=r(cRwpZ+Q8*F##<-B`ruV>5h
zj(5jyp8AohvEMOdeh)a>we)z@l8}T}0WyO~f9U`v8m&#g`3PDxO1=0PWouQj9FY^B
z>DAZP=y#)I4H7iYa>sVQn<MzrXbG9^+z9gF;>5YWmR~+z@0qcMx!bDP1@xQ*oBXwF
z>nipZ=;j@;_xheKui<>sqXQ;y#X}I-%RDsLMz9&GrcW?da*}?=zHZRp*YMd-F!(!#
zmG+!jjX&ZpTzY5JGtQid_{_LX1yOW-#1j(PY~zeUVXqj$dNAojr92^}sg&*3Pzm67
z*#kq~TYHH2=ZTk$)K+(pD^TbQ2*$vC(<r?GrO6c*B``b4_%rDl8f$`yT$b?$T?->b
zrSXhS5cGRkSas*?YuX|HD#|@QRD@j{bq&gb(bdJkje(Q+uEq>~j=eyh4<@#AlQRO4
zvmuK0*Y7;k*}2Vl*Q$AzMyU@o4VAKPF*YU-3uGNSR_@}HPO$TeST<)?Ej*TzD~$aG
z`~l~!DH{IItCy{nua8QzQm2jct4s;)>?b_rbAArMM{G6yur7-G>Cfyx3Pq+I$kT!e
z@zx5uI(ue`HI?4ODr@pjrKpyLq1Oz_6~S&UgCO80@8u&&5Ghwk+d9jwAN5Ne_AvDm
zvn~lK^{?9ZX_YN|r&?`k^@#}@-iHqamZX-rF;I#PHA(y!XLGVEQt&@@(BN#zwikO>
z64c+sW3ww2zi9B;4-akcbt;aXfA<%f{`IucC%innKWb-P;%kT=g;<2*Vz=y4=<F@%
zD!yOKr@u~t2X504cAr`kL?WU>VQ{CC`na5|pL}c&Zi!lJU1Y=}D|A7L=Y<?O3;wVV
z>f`h*hqwXxut)SpxZ8}}6Y}pXgXqP-dqEqp@s~pzxZZmeN32$$&0x{=AG7!EhG+$l
zLm5c&FN@sc*i#a@+q{o+mGw1F9F>`oa1(VZGi`RY6m3v*lD)QDW;t(Kp3^#`V&n~d
zf;cNsRkAq)a-fiR&7Bkiyyo^0JU*R(F8=C1`0L{s+Kpi&e?`c5R1wN{IY0~nw;P8$
zR3Oa9e=F~XM{j@b*r6Qu%Kc_s9zW10&IM2j(!t$+IF{4WPq$d@YSHLiO*i9{Zc+y%
zsH#hAjyh3ie+w`%HW5Z06-=cqsCAz6C<I6Ng(dsf-;1+ZLfMvAPV|ha=9fc2rSLi#
z;`7pxUj9?TJa-LjvQFUzlV^q{o%|k-N}DIpC6Eca#iz(`hA?1kEgtmqRaLurEnc~S
ze6_5y-}!F2Y%Lc8JP_q{XBlNP1m{_0v~r1Ir^Y@BwpmtB<EyHKM>K8pbZ+BFr4=Pz
z=enJse_DmYJTLqgjB`VBnV`Qun`QP*(7LAszbUqB@0g%<O~(w2oT*1&20w0r<KX*i
z_~2ym19Ny`eDT4@;^y(*F>JqKT$bh(@Ofl}9wmOJBq8kZ#mRGr&A+3Re<2mSr|yW%
z1zgt6BR^K{F^QR-dmM+1?S=6uM|`>ksj;u}N%IA&;J1HJd}07i2gBV4kZ{f_?|u8M
z`v}(T#I0zwyaTA-rCmyC@D${RS0_>xn~=^GY1i;V*sy$jf_xTZbL;iTf;h?T#YQzZ
zsc?y<#AaZh25KrjkV2&-5ulA@KThkEG87h2&U4Gr8hn5gVPqORkb`xsGRbwFB!h5H
z&_Bkiv{kgf!`Sx$UzrvBwIiNKH)r;N^QxPNd)F~Z8R9VD&vjdnqnz=C%6#evCyum*
z=iWD81=b5U<rFd4j1#DvK?yJswO32Z-CeoomW6Ine}%FMUU$nWxhSPJX3-<mlh-1U
zdus{|QFP-GYB890n}UQ~@S078%Q8QnV+)figqE`jGQ9T)o<m1u&<m8*EB$;#Em`G(
z`y0r__->(=f#EZ#LKf=pxP?-bHzK+9hypaNU?5*1d;}ko1%ySi)ib_PMd7330QIX3
zD*FRe_6vxd4@iI`Wdc1xiVyUisHj`?wzSM#sJsGGN+@~Tr=}5Zst%p9t)t)3i4csP
z`ozTY2~w?NCbEO#MOvVvsMZmckala?JK#oV^6ZIdn+htL3aV2D#ktDfW$6y3j`WsN
z<_nu$;0s+c{w0;{dnSv(uNK6khvm&~8{|!Hfxh$TZ#}VZ1suCh;or%#Nv7Vf)&s@c
zY+CyY(bT^tZ4AHa6oqEJW=nWr7DDW7AY7c|j-IEQUqDV)??8XE%l%YbRVYUj7}JAl
zsBN)vv_WrKCWwiU!*)2&9xohD>Y<8aan?saYHN`As08SuI^Ne&o>!f%>74V$SntdG
zZk2R%;c%2oFGXc9tfO!QpMI09u!G*HMa9Sju(gz1LN!-`E=IIc_*b54%b?=q>vSjF
zoaiSobU_bZxyon=$gtc(ITa90`+L@%9RT6(^OqrsnGnW3TPHNeBDTr1?ur7|(lZ@&
z0_C~T;m6RSDbOpGUHqxkE#S|c8Dt{cRuJx~<^OqoBK7Pk`hh4$)M5_?oN>G0mQ#C0
za_@K8=RA*d^DwjxD-tgLk_KZ}Ky5?OuoMay1M93F<QKDh#1>~I`Wy9@AEcd0#nxo5
z16QQ(Qq%=SAOHMe!s!U)@S;x-RB}qg6J60J7e5nl26|z&LbCQ$xLPqmog+J6#EEmR
zhF1Q}^c1wiUv*;*`XuGtoE;1PlxD$j)+5}&#OZr8V}@qbiCY)=%3FD)syX#{FEuFq
zT1a{BWeLt!h@*K4?<QYpOM(Zdq-aY7{vMcRWIOqgm}Ll_3K&MP0M~v|>f-4}u<8rb
zSqIBA6!<Z#@;9!a-XD$XZg=>YN3HVO&h&i!MvY}1Mh%47_P{Qa{C5A}S#|_2Pf(W4
z==Z!+#|cdD<30@?q`bHEmIPMIMkENHA-XP*Iid0gRo7=<t^TTVZvmZmQgTb3_B!RZ
zxuLqHJq>PY_Z{qd@brnQAxU8qV`Bydh`)n9sPib=cjT}aaHA{vH)Z?EG`;X`3U|x+
z<YR8}sU-a#b^bYr%;6L3Q~M*rz5cBK)fD?bsaDADCl4pBO2YULu1$%Nff{7^@#JdO
ztO4Z-gmx<|Fr$EqJP>r?vk~%xh#+YQbJ_>wPEJ1<t+7jI=f>!L@#M<|KpG|-L_idB
zUUf@~vY`bXvbM{SZb3{Na@m%bf?0~0ENN|_iW^kvgkUsKw@`BIRM3UIDNlAW?QkiE
zVghw*Jm$+583YJ*FH2^qAh8O0lEKZ9QY7Uwi5bTo`U6jKg10fG=EHYK+26klAarZg
zm+)<%lNrPN&)Z+hVORZx1^}qV_%~AM|FV5?16yNj6UTr22sP>!`q(RoU#4oQtA98f
zP`L;a<N1-s?h%heF(B?!ge&USB?FNIHMFob1b&8PgO{O*2ehI{7KA8T=Wn?bXiFe(
zkkP`@f<U2YLM1OI717Gyr2f6=-cF&xP8x3Z+sS&_neNW;VBYoWg7<NJ;Q>IKHza2}
zoV2#}%;5m_3GAE<sLB~<0$&S10Wa)OWm$_j@m$y<$i&WRhh(RIEjas&`Y|4%WnYEy
zu^zCQO@Sb3J9r(~DKwB%*f$l?vQAm*cDzTve%+soL&8XqIe;TQ6rX>CCixtBQU>K)
zx`)U3=2YODm)@;5Krj3)1^NPsexp{e7mbe)%9kEf@|u#5r+8N%D2DQ(8I9+%$4E~9
zDLP;mQaXnEAv?{tKb+()IdF^0U9$%dm8)<k2I}XyHz%unNH4gp7xLUk>8?891eL3H
z7Z}(_{TdeNN9C@7@senNZUX*A`r#$QQb+X~d#3SZRp_U~Vn^YwG@xbp?FW7R?XYJ9
zzC&pI_GDg|#IGCpdjT_I_z8;<nfz$YW~J34_ePlE$U?##w+vUzK7*#J#oee-DJ};w
z`Z9Ry@hDW5N7~+bOpuqhpNcHB*}agh*zJ5@IB0dGn@-6>92#8Rf(8Swes$|P+|Mg$
zr(o<*)0zvrDIuQtq`M#<Z(b0@tB@HZk2OzT7d--$TT}V+Y?%j=76GbtjORWW?b(X4
zj~wy$i3YM<a3wM0wpv@R%4QsVXi&s)@Y~2?Vs=-qepT%2#!-aJK>g1A_Db!Tx2D&)
zJ<(!8$f{LCK898jn*kA5UnXnlBSzQ~Hr!={C7givX$a}zhF@w)2#<UQc`6i<fz7=c
zvAa04;Y)69JbCStI~6kb#!k-sVQJCk#UUV@j+A<tumIjUkHQIZS$YP9XP`~uAUAEu
zYjw#|2Vso;>!}UDy{oe&V-0b^n6P&wyNXwjp<0KOHI<9~vqV<qFH~5uw{byF4*esN
zCa$M?zU#k@^k-e`F~1>`m{Kc=65?w^Ho9?`eX6*E2>G;BxZR3?Z;|-TvGr!7Fa6Om
zR3&&GM4J5fFw0oNN=X-SFXz?3M4pdLs%MdPE6)VgM=T&9FL+RGI8x#ql_jd?=W7dv
zSbP`G3O54%BV|EUtVQMnUR1pO;YC6(c_2~o_l<VqUMwC~S5|5(tF5Xmt1VpikWup-
zJCPEEIjkQEm0g_NpVB3nsL8QS?h};Djmg6#p-ifdigCazsE!vwM1v7APxB+Fjum<(
z=`xEI0Z}ViG~~k;_Nh9~Ap{Ey<c8iSIqhV$O6JzCYBW!)P$gCnBQB<6;X^!>lryQ;
zoj|>8e3I%~Y<x_bB$tMZrKDGt*{Ula*s3k9Dr~JQRqk!H2XpfV`b!rRUe!y^S%gZ8
z>>DJ-prx9KhxpagF_SM=b~-cJ^p2@!&6$UkGbNZY)cBHusb-M6j?5z2+18fXpp(p+
zkQHk4=u#r>BZ5xKm8C;cTZXn|s;IF!hJth!#Az6fve2wnSz})yolc?^x0E-uHRjkd
zvak3v(}tL6Y@y(?E?~(Y0rK!W&1)q|2fr1mh$$Gi@uSait0hdgPT3Y`nuqG_7CMCt
z*=n7#T4bPIoWe_8$&ePH;>0L&(Qo1AF2kKYR-0KoGMfSDr3Csoemka|1Pl<`Iip2r
z^U9IJ{}L71RP#!l8y7-F4;RjmgRUm2d1-A9e?W->X-hvqSY~_u&F1b?g}wInTXR+A
zo-soGrwI}97#Yn6u$&AhC&E9+lVZ~Uw1V+4-joVoEd$$qm_vaRj<R;ZKbN7loD5h#
zYSe$G!)SX*lA)Ij@3`u(pTA~rCl5FiTj?0=dZbsT5{eKewl=-3UjpzLp8MtKb4|95
z5tsgEA?Pnq=rPCiL&LbyN7?~AvS#ySdNke`A*h%T9U{Sq@LwVn6nIM@We!mz>>wks
zY^8+QpajB$T7dxxYF0gHJhmWz?m_bW`0;&$jfDF%iKOxVqMb0I|1!|2&Q{uqreVDO
z7&N?Hml$XzYtC=KhaPJT+*VLu@@(qW(LNREOP#m!;#j|TXBfN<V%1~G7;Pl)Q;K32
z?lv$gLJPPFrX0!p+imb5%Uc}GnVi80J82MP*;N>E{Xt+ny{`aU7v{duNXLc2E~&Jf
zf)gVwb}IXRXWe_^;%&B3xP33XaQ<%LEq#4LY5>ad;pcRMusyXHVn<xRZhXqJDtEgo
zn2phDcqo$A(%4uVf-C<E?3|e)^2$lp?COF80sx2Nmm@PTN4M|2aRg}BE6Bn2wL_IH
zIl9-F>|>De`D<Y*$dIXoKA0ax?qFWeM*J{#G^GT0XLRq-#iweW77t&4bndRcXrIcX
zhsOcym=V|9-C-<#IU=48T*g>`X5u1Gyd)Sw+PIfK^+r_nD&YD{Kch6&knuCaIZXl2
zIHF>uxuYAFmuLsAVO7BOmM<u>J=zurc9T6E_j&-7H!Aso_VONg_N+G5=8!5usBQSz
z16#I%X1dB4S`*$|MI*R-*mnG6Qo1~S_#)HVFv%ZJgUyMdEnR7(rdn@XC$N1<L&Y~;
zl=_qqLtl0>a)<Owd)q{NatC30&Y3q#6QOh}1N_n!RpV>1rtW23bGOY<dy;)H<u03$
zXF};T`F(q{4qTyh!UA*=!Pe<(2DP}vSF86ksF9j0_84dC?$0;Zi*M&W0?}#4bsLH4
zt09!30FBy>;~%7aMu;SVF`OO1&B$C-*oxv78r%9K6v?kyPeQ703F%0c{B)p6J&W_;
z(UU%1bVb6AE!+qFkfdHu7*sI#7$OE8ldvh@KK}c6OZ(Pi$QVvG>EC*m2qRD0yf|99
z23luYykVv!`jV+F&4yN0QCl4YhUWY6j9~{K`;29z277P%Kd_(V?Nl^<iq=_5)>E*p
zU_sZz$*8EcsI`(yvA#6Y(5Pj>l`sVgc(oYM@))h_4As$Mu|4Is$2)BPSW}L%dNm?c
zL&XSM2H`20<cF2gh9w?svIggYu%8?w7|IzzEyRWTe^k<?q-si3Fr})dODI<tEsZGG
z)HQ9^2_)BPOp}JJ?AvLrRxwtSQ`Xa~@SA9I=}Y3o@0KySBL|ce>FNiv>)cp>zQHIS
zOG>jNjddB*eDOjcNwxmF;JQ7cqXT5=o}%=KN%{mv3xpa|=u-i>8l$fEOx4;RS?!FL
zJ+bTk2Z0j(p6XY7cTA)M7wrIU@xCmS5xR>JdrlaSGh(7M=uN54x)i)2K2MC-Iqa5L
z-k$G7?583xUP9@i!nry(S<UdFB6e>4?C{d!vAbv|>YQYdyR0Y1oRr)?=($EWMNe#6
zaom05)iAXqpl*uUA*%<WZkpO2YzLm*WY%43^`VUi^-cn@yBaU_?F9P1&l{6BfnFT^
zG1q-UcNU39xbd4o<CI+D5dUBjq3@)Oz8<jrx)waKIRM<~4X1a89RSy%7xS#K^bAtD
zIbmu3tRXK`c~eFr%mq%VanSF9aI3>7Cylaz>gH&d4GrfqhaInm))wcBW<VD51x15H
z;0Mx%8-Tq`y2wK@G?9)84z|1SE3~sDNTw+5%OwoLdUK)NLof<kEk4IBwqJ7z!xGwR
zs2ZYpCJpO%s7>+oaPn}C=0H&9M8vLmrAs6z3V^AKgjf?X*B{3{L8V1`rU!JHHXt6q
zxOV0Oc=LvmNCo4eh?Vq))?%j2$$JO(Q(-QEN{vzMfBPhn3S-b8v9J!Qj~Epg-8H!-
zW<qIMiLOUOO$mn^(WsjUqd1r;Uo{Q0b)t1)D6wTMxE9~dT`1`<n1yZu1@KDGmH*{M
z{$4D}HOfVu!X`bNqY;Rm6n-uPK`uu@e#7=;^595>mY0lbh>ogEO)bog9Wa%}&7pcV
z^8ICN`fXRH2{SKA+!*x>t%YK=&7N^Aq$n}=N}oy~qY){Yl39TCzHHbtk>y_89yNo`
zDNu%*(VBJ4+d-M!;g5^Gec<}h=HlvR2ujU_yDUnE*J%Jg_ijt`8bcdRyObn2KbM%K
zQw8KXCYji8N3J3HarHK444*hs5^V!<Uwp_L9ci1B!Wbt%%9nAaFX(?}id2f?df=a4
zK*}F)(*L!-;h&k}A1pDFqNTJc`s3*|IEq#aA>6?tv%~_~jDaW*K|(?*ak*aTYFU2|
zYfk6ffUc!19!rA#Uh^9qmU%{ccN2c)Tw}w9_1c(>+l8g+^kX)cr%gk`@8j*#4j^^E
zlp*TY7=@f6NCs0&Fx5CYWGhtxv5~5X%veWMXdD-_OYmmmRd+m%Nf+`>a}=BK#pHv4
zB*}rmSV>e$obFJ5yfr#DzEs>dc{q-8D>P-;0m&697DQYgs&!_&dW1X93n|gVw2kIQ
zQr!5VL~$iPA1zKj?;NdZ({sg5rmKg}fa!8Qch0(Rpc*d?VRr&s3yDm!rCVWxGTh0*
zs7*Top$dyNQgxjsjjDL~BBc<d!|(_Sl~^kD-mx@sgXAT%fx13{a`oJq$;{gLLZq=6
zD`V1kWc&ywvJ~#%>K4WFE#Y2rSiN#h^m!P0iS5%YnT2OJA4a20q(l}~Cd=+A7QS7}
z2pkO^ms7@+HQfpd59`o(tT=!M4Y#ePiO$Nk{idna1kb(mtb1fD^+wC*GvriDW9+!a
zFbItJCBvjOT@La6{9E>hCsk?t(02Er*Z0Up1k3m0(gf+(Nz>C?+O3-<%wk4t&je4L
zwX#s*<sYGk<oBBnGM7ctrr-?tap5IfCqHNKUg^28>pVQIPBAgAtqaGsC8v-0r|Q1X
z;fl&7r!4Owl%%X!X=8~a<vUbijhWa(ckKagmdcCbAsbM)5Z?V)+?(8VLnj3cL)kgC
zdX!2$ausyTLGBw)x`iJ5qEk(%9?jxOI=c)yyTw(XfkT~>Mk7#a1EM@l<$5gJ#}OBm
zJAVE~R&$|&q55!MC+h5$_9}fD3_94wZLE#F*%?ZAl2)?s4XBv70?P4xYJ+2(H4|43
ze#X2uB(zzFN8p}3X1l!}_uR%*((GdB@1^5yxxC95uDFM*Kkwc_yaCLQzd%a!BeTSJ
z`#}pCJ(V4>#c;@VqwNFTDF>Mv@b*#edmyNXrx1Jjz4->0hN%%%&oyH1Ob);idnG>@
z2G_#Zh`e)N6@u*$_+sy5hQ-U+6IRKM-*T)Uq5FGX!6cN%fQDIE@$|KokO31jsle0c
zmzDkFSX3YxDk{){q%AI-{i8A~!P<)}(tx!Wma71HSC_2-c^8&10eM%Ju>pCPma_nP
zze%OPl2>81i(O*Cv<eMUEC4o_l|!Iv4&W@si)4Xq=Mh}Xr+K`C)SORPBi)5`VY)a7
zuF1KJC?@lry=8O{*i#1{474^e%3$&r524-A=j<;}6#ygd;xWPI!DNR31gAoqkTheP
z8|0bG{V_azqdpius1oiZdxoxgWH^U%{KovSDH&L!`9cNTd;4)DQkv<{&<r)<?2NFC
z{?&1npW+bhKSY|RpT+dE>>SPL4eSk!%uVQ>4a}@944vqmoPX2^14m<e=l?uWL~We^
zhei_<{XaAsFA(%vVHlnub$Jx@$iEiY??Td~5j@$@@OuTrDCo91W8Guep|?-I+<?On
zKCiq$p?k|)E@X+4P@(6u>KWSC9)21t%ZXjq%4FC|6$b>?8%MlkFjJ!F*|y0kfm&3?
zDOk2N71_?SHP&zN%yF3g2(~Fmp0pDf1{j5Kv!oS)_)D6`sRs9a$jo9_`&>Tc?I#9%
zi$n8o>o$A7>T87y|1#<ay&Q-X1rh+j9_imOJo)F{|C2;hqUPm}qK5jtJz?tBn2~HO
zl@FcVX3<EZ!4JivZzV3Mz7-rFtPdbV-jy`de-)IYA#GXEvaD)VRa4U<(UPoLl4>}T
z2umq>30&W7srOu<NZVVZnRoqietNjol~e|p_&(Qjn)~Y|d-rEK-DZEi9F76f4D4=~
zkFfq?@m`N{X-`$^(pf(gbv1Rs#jiab5_`1|!uE0~ijM14h{!VDx*8q3bC~TO36X18
z=y$swsmbn?86|)FprrHSGTTjvk~@?|znL5{vuDTW&5FWo4^!gNmY~PKNxA=pnRhz<
zxBcBG+oLb~lL>F{2;G>Q;xH=vBQYA73GcwXkLJ*T&PRTfm=4F$h_ZL^EpGC)GJ1%q
zm+X+S_cT137t;dslPPu*W6u@u^endH&IRrX+na-KDES^_?XDPl*LhzHX2XEiz=f$E
zKuA}aS%$Sx#VK_{9$~BYM)8wUiv2?-73+6Hq(NjsrfN)qNK3j(ohU1qoam&y5n`g`
zMFT{{am(1y_LF8fwX|!}J1tB{HaY_gZ6OwnY?Tr_I-My6>}V2VU#7fJPUfy6ap;ci
zyNpy!$cpj09cI_ZrOcE%c1vauZSh8jX59H|3e4BRgf)$YfxYs`5Qw{^e4NEog?U%1
zwdyA9z94ro7Okb?sa4kb9ss8HrFcOBDP}T1O(|&=1wg4NeyYsihoBbZzM446FARau
zn2~SnUPy=b``Yq-_7yt65|QcW<dO_bKDU(&M8R6kXGF#vRZX?PBk7y(aHAEPL6VVh
zT1-YP*TsJ2P^noH{{h?!<s{4T#YArI5v?j9KwA|k1uO}zDvGk;C}-tRw5aeSB7rtE
zXm}5w5w6G1;*k(LX8(QQB+kzXoE0QQp$aQT{8WZyIa_9r-zajVLccY0%odXO<Bqp*
zL1)&B^ATmT-(v#-R+E;~1(oi2K~R?qbO*p#DAvQl&}At&B9vhMxH2mkSm>k%-X2hf
zdMoarL4a9VQU}>su_?E8+G`Fhxr+|G-1&r_8y&Wjm0%mtR^;blzXIl#5Le3I;rs}1
zK)T9zLfuD$Q&74CRmxLEiz6ZUl&_4wg?li%N_R@!C3|Msp15YHA2@yb6e#W&T2w&+
z7p;>gC!_tDGBd2)^n&-nqa$(-?tRL4)O5LHBUTq!nOd8gRM?n~Kd~;TL}A~k9aA(b
zr7r)naJcPi(eG6EXx{JC+n2k~m6WHJ0e&AFEv1!EFk5PYUsx)4T-^fxSX9{5m%rJp
zEp4Hc*P2&WSXfn7SM6a?WYV^u%6DPMC=r^PA>!njee3q%xnU&5xG_~~qz?%QjQf|t
z)P5PN)Myryd8JtvLu}#SlL@WD#r)1|+77*yCTW4|i84?vGa;q=@U?B+k{+29x-a+h
zQ3~o4;7@pDh+E1-`M`W~9yF4R2i~mRqj%ro{p#dbLUzl;?+ffZu!E5z-_64~iKF=|
zJ0mWi^0%r5j@3k6NU$WS0wPj?v5sPQm|dZs*cFZ?Tvm}qwvPhycE`bzOQ}-ey43zC
z7WR6xCBCIHn2zxKO`e2RDY^FC4yU+08&YyxKeC$J?+}ZH1&>86tP<PEAGU>6u$ByI
znFw=|?5Ij-uvo42026I!`M`m;ON5V&{jwW9&MFV+5N5;(*VFj%NxqCsHO3NPIRBwI
zJo;CX15TR;%+hF|M7jAZ;iekMvAF(lgV{~Z;6Z;o+(ht-qKmK9L~~Kd8uk-lB^Qr0
zsrr(LifN{2_D$o{?PDqCoUK5a<?0wPqd|EDJ9B8p$Z2;ZW#uMWGClHsG&DsTz=|-k
zDtnI(1zP9CrC7`dK01xTEP2VwFmt#8S4NEk@j<e9zXA=Nw-}Mh;shlL?@^2RuG6rQ
zw-tJM`2()lPI#L+!L**W1dk*E^8N6-W_?h2$K#Hkm>;C9_{RyU<bhgE`gtoVvrfC=
z&iLtvx3Ag~XBLOE%hFO&h$^D-0v5$R?M2YhrC2I`6+GN7qjB5w&<1!~+>^k`G!Ab&
zJakHyMYh0bfbG$qrgrf5oguvGAtz1$lRKY}!Z-+}D0QnqxAWaV^g^{zGjrJT6*Uj&
zh#QEa23CiQ2_9)oHy#HZ^3--v)EoMo2+O1xBWcV>qY(vxJl-r{VAN9j1!XZ|jD>~t
zt$<mmpTs#pH&X6!^lIc)lKHge4UMxWE^zw99YAGwtl%ktsYJQGM^jHNpf*(jxQMr1
z#ahZ6r<Nd=6P0nDH&f6Yb<!Jl&Q-tPJ3YVw6XA`xkuAL`6!?k9Nty?4?i;W=!9E3=
z?s|eo5a-THkas~*xwRmo`qW#LBu`q&kKB;*Tq#`b{X9voDny0`n@Q0kvu@~2G{SSY
zIGG~q0bdG1_^m*Lm#RTzT<VZvr2bp7sR;j8)@Z{tfifc-Q*|wh$;+ifeWpQeYNWDX
zw+2D-)a1@XwbVfb-q8nc(G39Bd-j*VOA&y(%?4EB^~`wUw4j#h3W7LYljd1cNOWB^
zxohY*-dqZBI~BB#dtF`1hrPCp2t)Qo4@Kd<DaRQ;8+@A~mhF)9mh8DN_|IVA!FF)6
zk_EiPZqOG){F||$^*EtnKN#>chc|?s(IIO<xW*Cp;O*d{D_I;f@OzNUF-TV+@(pT^
znb|!HSF|~C=DTX;=+oj6cY#hEddV4g3CocwMReU1*TZOMVBMsf!OKM-4r)mo?35*5
zszJ6&?+p1@2UZ2T${PaZ3piOU?1fka6~2@loy2UYBpl>q(PWZxxWYydQ~~n0>3pNE
zZTjaVu*Cq>1LwGcMwf+ZslN?mF_lo@ppEYzq}(`*8zAtHwzH*ex5}Q|v!mGQLUJ=i
z-4Vx+>PNP;Q|Va2Qp<1{g;mx3$y<pasKiuJ&NTel{!Z<XSIzspl2+g|Ek&79vjmNq
z2F4l5xEX348Ap0uzmgF56)+Wsu`zZE?`_)e;ZgST(!=};!sls?V5&6OR+-A|htdKV
zjzq8Zmm?aBWRt@^dCS?g*j_E)6Gyzd?G*Ud>ut)`H));cX2fC6U5P|=av?3zd4;)1
zoFj6!*Cm_6$~CV>&@z))i1ohyrNlKR;Xw31dXGVV$n}5i$@`~B>p#I&#YS$^6on@=
zK3yN`p|kd~v!z-GeL4!dWLuR}6sR<Wj6W$J$R>@K5Po3Ufoap=QO^dSrdZ{7@2!|j
z*Ba#VZ)HecnN;uFU%ho>a@l=fU!U**%=U|~P;$!EaE35eRJn~aRTT9)Y7GOfN+Zmz
zBB-RTCa7B0)Ks}m+o}yiu4*IDt@JA0hJTYHsW#WB&^Dk@SzEofnsWoC55b<5%!}>g
z18V@FnpM_PenxY9>%BuM$^~n=6_@GP8>c*AOKo(Q@Xz5#5*u(1+N78CH*Jr02kw`o
zUV;z8QVpJu+X~uR`D7r6j?>qnRd2_*2u>(*s?<xCTp9fd_0n}=)|y6xsIx|a-f(pB
zsfurkWI?+py@V<4vj3%3s_jzKtU;@_X#xsal{ll+wPYz*gIl>`qqa?>NnN!G1x8^S
zHRf*I<yxPg&&RA=uvMa(Gm1B{S*v}^Vzo#el}YTexteQFHQ0ptGA?YdpTwK=mb%6u
zqIHEU&Wr#%R{KU)C6BJV4U<jmGy|WVVk$qYCQke$&f%&9qP$1(pohrUkCWB=7>k3M
z9_E|XHGbH?MbbnA#K`w`FeH#-%hh#^R(y*r#!RxAyVVwFaUCmm%e_FRIZ)%|Otg*7
z#KDE=#&o#wJSH>tNcqIiX><N|(zu0=d&&~qBv}*NMy_U!W_#2_u(YK()b<)H8$}-^
zZdS36ZQLpRGj5#)LmCEAp*72~?HGx5K)G=hI^8(g($#I5VZ=V4mV05DVTOOx&O-*#
zdAACTnMxe6m%HRfRE9V*wS<USy1aO3$X|J$0UK1@GYA*4nc@%+`P1%53)X4eydB@=
z_%!*`KLZqpDxK#WvSWKGn$@GIpTn;-FyaB^G?>2VYyujFwP-JG`bW9d)H9*`1Kq`c
zb)E5c59I?hcBTcP9XLA{%j<s_{C>9hww$vMvLAsVi<BE}kaDLCQwAwFR{tYw8Qi$B
zhl)YY4cE)AS;Od&dDH*cg5*Z+R|VgW-LVeB8@_VBPn79lZTFF%$Q_({#o-=;L>9b+
zoUuO&hXV@9g^FW#Vj0fQFA;{q=s+`CpQQ;#W4xP($HC~p-!~NK!QDp`=t16B6zIX;
zXB6l`-**(~!QYSADQt#0&n-CS?;}$r(vS+8VEILfR>nWhS&Z8xT86D|l)R>?3!_rI
z$8dv~ET5fgO)G)ca53QRgWvJ30Qp|gKEMDg<FefK4<9W<_I^B7doW2h76FN}m#g{r
zjEECHHy%BS=)y@As{l>admf)cI4Hm4+FoHyLfU?Hea$rhF7>?oG=uEoA6hkXdbFKY
z8z`52Z!vBO?DGAy>?H`QzWaX)sY(vk{~M%IP(()k15(9V|34v>z~Y7zdGkLYbw@p8
z>*&q?e?lt7e?w~R{|ltvB>xkn<}LmoK`IMH6rJo3q|ze)`;hvdyZ?Ve>dJpYDyFnL
z1crccetIwobT~nPrcmSF;!MysDNA5X(htQtG<I!dloV)c;_H{x__UF&7K)FwDwf2<
zCPc=y%GbBRSE>B1uW9{V>BHCiwe*~wG1CNy^!NH@``62K$LYt7$4&OzOA$E$%@E&~
zdK@;idB;Qy>??p$m-cHu_S^G`Q1{mK6m9p`<djYKm8%iFZQ8v7d+jJL({txNqIYrz
zzSF)eyXoB<&nt&gUi`g;uWzIY-^|q<%0bg>Hgq2Su+G_WNgaZd1G|!*KIzNd9}&#I
z##>X<f7L&IO?T)I0r>hz4goR2O}NLq=%-$xg1#!F!_*(+qw6~E>ao)f5l`?_?_Ds(
zjB!lPeK9pKftg|_FpQt#n92|7yn_&VN2ee$OQXl$u8`@t&j*!&-V|s}T%jQP_zm1d
zrEaUuLJ1jo>UFjYJef_kUqYo>9fz<0Ns}TgOW9})OILymM5o=E7>B7BRfZnVHPccV
zuvh40`i-a;SA?TcN)971EHYPfqi?L2i82k!&vT5wH5=!+`)aKiRnYA-a~zBo6ayyt
znQ$K}DOndQJY-l)$2MW>3@RhaGh;nve8Sv{3@!?6d2q}LXJ%XOg}1sT`?c6of{tl{
zVmpnK0nkAYAZr+xR%%OzEW2!V2r(6&&{%O#ePYk`{efz�zRmCb+(Y1*O&!fMH^E
ztJ4GDM1GN886io)d&ui6ZG3myDdMp0ER}e{wv1_6AvN(BS%&(|;lheW$5)xs2@}b3
z)sTxg;tVb%tVs`&kcQKqLuz(fAXfH=m@yOV#X477OhVDl+)!?6p1w4xQ2v-B+0+yj
zH`R(4EVc+wPx2x;TSc7R)u{E&Xr;Ba-^l<%XtS4`$&o5g(cnw+NO@?G$@8=fIWNgG
zCB>Rw9%hS(5Ytz^aYC^bi3mU#l=hbFVaZ#d#Z-xaV&B_>0_tM9TL>ownp!I&43nYv
z*6fkULXL07D92Phr9<@wEdh-fm(Jirys|BW{a$5V`Jq<Pfu+~lz}tPyfQ>_*PCDeZ
zB2CSKmyLe-J0U35m_Yn}4N$((pQ@2DIc;}=fhhNgN>Ay7_B$m|zM(nP4<LH#S5jH(
zS5&3GQEDjN5jzk`8t#~%Nwj`GS~eUwk9C_k&kmu&iIg!Ta*W-(RPHe&Wex3h1;4g_
zuPS0I-*t|#ur%qis%%y%SJNo#ZMGBc*=^0ERa#k^hEPgQ(1G?1-GV~3N3d>2v)_@C
zI+-iw*L1L{Z_cka|HApR_SgN?3Z}`y(WrL?vtmD{eJqcm1%u0!c}MXMytilRCU$vT
z^hqRuyGTpzPV6Is2p>1Zsg)kX8mg7`UC=;}2M}&8G?NYd65?u0c1e20y~n!d_c%!<
z@dVxNsC-kKM$Cc$C7#LLhsJ>3yf7m!KJ%zB<{vfgENJ&2J`_Ve`+n39SU+@i-lrXs
zdVS{!H%re*sx7TLmvYQ)9JI=8N!EC`$@WYtGQV(6V`=7^&@F41gc0P&$UhOLu}YV-
z<(w^<i3{YJzuT-3on(H&65MwDj7u7V%HD^CQ$UdqT<m9#K6E_p$Xbmrh{*rNx!leR
zw{9;*d{oiAig-&XC{t1{2c;}?vDk4z3f!2{tO3M4MHal*n%USuIt%L|NN_}GMv`$B
zJ~lcV4#wJIDt(O{1SD09iJlF~9d86Vo#~z}-{9En<P?}V!bkP>d`Ct3Am>h)QJ-m<
zEtV!tuBps3v~3VpIo2WV!*irOR4?g#xQWY-ypgk0ffXa+H^_u?z)QwZc2)h5-rZ@V
z7{QD=8|)7S8DB?ja#PI5u#9M~CU@)NnIS|z23t$Z`s@dz+bP;RDq2mkFsooH<0D38
zB!7g`$mwlG?K5`}7on0@);x<EYf<zS|6cUbMvHq(6klO%=}mi-9sc&nSRcSkW-QL_
z8<FU~qdCWavk~vLxYv@);#Ff7pEokX-EWa6hm(2w=w}Rl?MfW?+}}l&`Y2S1!LKW#
z%ZGzHmaxkSV8*9ST+A(qrX23uuF)Kieq3*I#?wqk5Kf>3YJ331q#(H^VjhCNW(eA9
z$lAI9Cl3LTL3-n|$0v3xk_Ah7E5dQkQana2Cs4rwRY4VH0jrV=-AHi}a>&q-tUJBO
zo@=PNJ;uNTEw|z@O<>QQ;fF%1G5u${lr##uiQ-zMY^JZ=5y6RsJD{V6^^F{HTI-y~
zA(a!%p`qV*IfYX)J1CvJU{obj?*eO>6v?w8eNHvC^Q!HE)Y!oyMw=?H`95XR_=~NK
z<25hf!M}YP$<4SSAKs}Nn&y$FlFG#$4fX&RDc0crjh@L(e9WYWqSZNBMP?GXMF@P#
z%V9*rm<M$T{N3?)+EMd^sYFQ`Q&i<oj_|tDVl679*~w)8T7*)eQ3O>ZEDdj{F`;RS
z_FRL;2Pds<af#6%RYSXhl)T<ioj+Gyf2E#(z#ULlh>K7xItHMHb#0yQPCH}df_KtP
zOg3Acb-3{!9pS4N=Zn?oZnLc=mJ(G(8{m1PCD#q^ppyGh39|)>Wb8><keKuyVA3L{
zKY*gN0J#Za%=#=nj83^Is~zl9`brSYs{#10Ju%!K84l46;#Odq1NB$LwjtqjcuBj?
zRy5ae&KWAXeH%xR&jIKb^-llifgT3|B?pC0Fn9?SHwo<+p#>^ls-U~DqJ#QHKcWSC
ztfZHNbSHGsB9FWD?>J<XZ}Jjk_erWL8)eVG<@R-DctprV^vZ?W;R<OMWxa>RKJhn5
zCA@;9nbdlvEQ!cyD+0;J3XFw+XeyI#uJT_t9fWEhw#2Z+!BsT`xMHic(x!Xd0a`Sw
zs~qBg9&nu-;+q_?JN{j?H;$ML4xztg4v@J6hVT6961(8uHK?r>gzduTN8Sbske#W<
z3KE5X#K#1SAvlJvMLEG=V1IL+Swve1hX{>dh{bPYaBv<%U%%hQ$UF#ksd^hZb<NN6
zA82Nv;3i2>Q~LRzQi#qC$?UQ(-6PSJ+-8g<6H}jAnbPVORNPUCoUumkT^>ELp99%x
z(3RKk!*}&#L}Dm(gd>`WRAaCZGId0)En!CzW}`}h5s21v)HD%Fy?ARGs<$OIa#;7c
z9r&CTAS1bIlJCl4g1Lul#__Pgku-LMl_q`Y{d0thZ9>$i@PoHwKU1szUA+BAjP_r6
zyKjpvg7CE}d)4G*Gbn(KAa9;j`b>Jg-yDJz7I@iiqe$-HjUEL>*c{O|tCH5_<i@s7
z=#KvC5D9_=-!DXHI!l(#pOUDTQj+s#+Lx1I=VteLs@L}km=9DI{&HUu+5&W<uu?z!
zObr{i;ajth-O36px4z11U2kLVKKYyxdTPziYTe*7Fp=qDjqU);<#BbgFli(Q0Q6pZ
zTa|w^!Ju5g|JCu>l?w$@yAEqsbh3Q4{ps36sL!G|mC($6{zAhArQN4Ss@QWImhe~<
z`xq*z?`hY!;7b|5X}6%M$$Hpq#pPOaV|{Zo?_9N7YXgnq?s#CO<$4KTc3(pr-|~_P
zG~&Fn)p^;qV3bLn!Ud%C<eN4*&8DMw4HE~iyf+Rk=iv4!bnarj$CL|FR!E%2Qp56B
zU@j5Z!@am#{F(cOpt=3B7N%46D5koG;m;NFoQ11+5?f;KW(p!HM#>lcJ8XgywerBY
zQo<7_jy<XimIf^oHdErtA2&NPm(k;`-oBc_c*A8OTZD488_EehFgi#~d3F7LpcM0O
zPbyBnkrKsU3Vxnf8icewiaY$E1uX@-69q5uacUc%2KME-o!t&i-?rmCbQMLxOgXOQ
zM08B07q1xXKV9pgRId_aWiXCIfVbJPS<$A2{O<+a#x|U`q*nnjM-8!{V4x?hqX8mt
z=Edf;L_D0f%(J27xv`|KQQOM<T<rxzf?E1d2Vz|uh*O5vfDZ@MpsDnNzC=PP^=fnr
z$|8GXiziy0rn_l$4;I>iUFsF7T+Wau=lg(A46n8GRu7N`FrP5Jbf@l-cQYunh`lL;
zSo<L;bV$0=203@vD7}*Ilp&`OyAlS#8h_3um&_G^ss$H}!Ye(%46rgVG?vmM8EvpS
zFg%v#4N;_vFpNf79x>FU4=tmA-io@9wZLH9`DB&omOkW}o^O{fq*^|sLhXyYboY<D
zix>8hHNi(LlT2`_9vFpccyjRAD#7$kruAmCuz_Dnj%b~qrmfrJ8S?7OMxP{&x{v^J
zlFlU2uS+~Lu}kTeKG-fR)G*{NW*a@nM=(^qchmN=i2QLxwEIG@0E<fc!1PXtj=Lk&
z2<nDED`qTP*q!2rocUKfGx9QPnY#bOEa!hT^Z$1x`hRCRv1&m7E6e!<kkBGqvYYex
zhEy_F``YdR@T8^f_LtlzJUa~DbuWjI1cLnozr4Y|)weH&YoSRoN41Prjw@xm9tw*?
zw@gZqRWbz4yeuB5jxiXgt2mLJi%8N26-y)6A&ex-l*<MyML!sp!U16hM6ERFQ89^O
zh1Lf{h;kx?v?qs|roYS#55jT1%Pv9IxF5AW&$#eApSIzxv^ZY>#m|JZML0|8rxZOE
z{og0Z|J?pR5oC=zv^&ZQ>eubnPnwe}p&r5hxP~z_zTO{^l>#XdLW&(ei4=i<h=j`+
zoxSUF79_CMQmeS8xkXhZNTs|+q^7*wn!nnx<+o*?CVoqAO`NL5_0YR{6pxu{qP3y>
z@bl(v*UOgE9M4aVbMEan$LC|u2Oi-6qU@c5L<yKB;jwMowr$(CZJe1oW81cE+qP}n
zJpbIgvGMPBV_){IBl@+wGApYpGmSRpl^}}Rx%|BaT-p&;S-sOS8k}>*0GfT($r+cO
zcgyDZ#LKSduphQfafA&%V2$pu6K^Z%mhth^ZtJRFL(K`;w{Hm!v(>?mdU9vv3g63-
z+pWVf6y5!R&d$w~5z?L66`s01HFKMZ>GuGvJ#_ij^u&kh#nG=f3cns2e#|3o^mF|#
z)QJ(D-|WH=Gj{APJWAa2DGi(dd2VUegl8rr$KYhv^PS%0OKGHb>#Z65@g7_6Ur|)4
z$yZ7;AMGI~=In$=O!OOW=1&)PuQ|Wo-iat?>ZC{bcxt<+=tw1#-XX1?xsRX2AuRh2
z%2>DsB{3C20Fab7OZrl?)yWx9p|JI`t5x1)*f6kc$cFC^4`427gU0e@bXkfX{vxY?
zm+whKSqcIMs=8|-S&gd|WTD(O31n_DRSg-Jgeq6c8G){+?f6&-SGDe<D{HsEj0WMJ
zsU8E~>MyzO!yv9Edtx1TIc-Qow3Tuz-jqzA3>$eG&;%;ZH|ZeGD_MFeLt|Kq@u-r8
zKMTnSD?69y3#)~unU8*ZnDO9PlKE_(2_rQc`QtBeFM%d!kLI98O5F5Vra+Uw?CRQL
zd0w}H#*Qo9Qh9I2ihEc;?b6^6bTeGUP*Y4<*Z<pusw--^M3YU3*ZJgE2VMQnO}Ek2
z{hcHDahD1Y?oPI|@Bh}gfm6X6wYXwt*uA&csNE7wst)pTAQr~2WD{{_f6q=pOcP`l
zfz%gs;C8qGvI?PcyeMEpcx)6}Y1y(jv4oa-n5r_2b#ifeDwk(3C}?Sla$0gpfupS=
z;hH%mw24cLeE9HxGk?r<hO<dkRh0*ioBS?-nB=TZ99CG+;1O0vlqw5Nh%u?!CXcNh
z$fFKD<zd@H3hZqm9xq8C8MIh7FY!iZt^+ZPx1<r7qt2`|&P*!;Co->NgCbf$ZOqLq
zZ9-+#M-_!|R2Xn-p;Yaek+N4h)C4@vRT!|cQ)z9z6$bF{<3g=#@v0hHY=;E6I|>lw
zzF5JA2(d;|30Fg3R!Tn2Lj451qI{wHA!G1ArJ=da16o*u`km_j_`jadQK5Vx<5RpL
z{LWP|{y81)Lj42=f)EEfEkw(sAfZRZ1qma{;V6i}Dbww%1<^QxLdkevWKawDU#v_x
zv@y0hShj^M*6^k;NZ{PYc@7jp&_|xud&t@fw-q<HHz*QL4?Qt9b~M;2QfRc6HJ4ZP
z<csy2u8EK~<uE89dLCeiMj^dNU_?hp+|?Jij{{E8jKN7Q9~hK%u<EpjIqggcibf&6
zgY@T0DT_uO>x!Av*V<RrSehh4qcFl{qWl5XCv{g+vCeL?<`08gK$pSL0te?L8lgVW
zuxV1OvxTG56MY+Y9MUQs=?r6Kw8AKl5cs<~yVQxqyqTEoPbv%R57r!5Qmhd)$Rmh|
z>`0gWHivw?)uDixc-N0GJIFdYXeLL|76fnGkY+?KV_R1qZakR?<ZH&N!nU#$tepxv
z7<ri*qMeySR}@#jtBlGh3*pa6JgVw{*tkzsF{~UU=Wk^jy@AU95iBLH<V@zKFr9+)
zO(gURH_bqw2!{L_5hB=jKDb>#cO5{-DhHq$*Im$KTfJg8Weft1GZWENlDU@$j`c|a
z1jAIEVsFZ~u?Pp>?1K$!p5Yvg6$#Hs10AMY-qb?2A{&$;h1da|gqys`#xup-zi!0H
z0dE~J+9l=U%ZD=%hpOW|K9r#`y7yVFCOeG{LN}BbSUd;AnPo_1&<HXD>xZhO_+Yu&
zicKobaQRgo*_y|}Q6<c@ZdJzE<7TQgZ<AaaJHdjc2wPo}8BlRqPog^_&38%4xz$rx
zSfQ5+LpBwifk6REhJyb<E2yaJsuJ$Zl4S_{kRZsKO=%3w+XKO5p(6X}n9)?7Xw0>m
zvT@JPgFXf;PL+<8q4#}y3ByiToH>|&u~4{Wx$*9jV2h@*X`cAjJG@UpoLK0nF_vZY
z=$h>8W?B{=r9vU{EpD>1K?rC6#(@I}4wuU9sksZ>578UD$k>ziRKvDSx9d3EzyJ6R
zA<5G)HdY^`%9tjluOWTz%#4oI>k*dl7H<4PedSxcy{J8Ub>43LQhBX+{Qf)1<(^-Y
z#qpAwS9XAnt_cYo=}Sn!>?BNn8c;m=<*ws=M@>%y&Db}9N_Yg$(nEG08cUPWObm&w
zlUt2}8$=CQ3}w2p#&fXzY<URiM1La{VrCCr{`mLY(TOD$p)`b63BWksF*hSaP70l(
zI@IHdo1Pmt&34C4FmaT$OtDi1e&KPrBTAq5W8~aNm#j2`_rQ!KT@PwBl>L2wHPQh)
z^chu3^yd#e^g?KULza3qDhT>cTT+UDq`<;;)&-^Ob*3kS{s5|e;D*-mW)u|)-poC8
zza3VA<fS-hF7|C@<(3r!8&x0keOH|1>y_EGcL~SMeZuPxOO$am2P3x`23hnM+6_1L
zExjG;rbws*C&yin5BK4U@Q$;;NYisuK|IsfSZH+!>5gm2YXaX)V=r71-_KbObYz*B
zCa8=0>|~@4T%T+JY0>JLvxwn*$b^z_X?;mf)$Ex|3vizBotoZT!rMGuocI_zd7F6M
zbCIr*Pi=0tv8RQ%$xam<Rtu6!yBg-X$eI~*OWbQVPjgGsv}F84^2c0jzplGwB{|bO
zWnruv{!v@QmVTz;m1Guut!PU;<J=xCpg3<qWv{j1Qaeph6@Dd&L(&R-W|FA}e9<P|
zN_oV3QpMqR+n=-LD!s&JpTGwvp)3C+*-=zWiM6Nk)hHggv%ak;7`QRR$}5i{cT~rU
zJ`njg9BcBo&@kfd4w>lqr?*Ay?PHy-2^D+NPV0r*ewCuw4apts3NKBzVd5Kvasal5
zX|}0W4cHQeWD^B*4-dCV+YHb-{&Ml`v9Qp3d7j|UVQvqFKSAFKeZmO=qeY2#Z7xtb
zaa#9HOX224()U$On6r}FcL6TEdPyyZq~~y5G~2Q2MdEiAPb7MYdi|FRn;ybkf7y!z
zJtp(_Y)4VLE-8ipM|HYRH3W7oVaO^W7+MgINFWhRABg^<DB3;n20=rJ=z@etOC-i}
z!qBjtF_^|>F_hC4kR)n}Ck+;@Act{U`U3l>LCP87ojc7hcu&Esg&Isog(rH|lLXGH
za-0(gg@RL7F37zszo0{*o9Om@l8yPE!g+kliT7{^dQs&@;5<4wSE)2N`2EaX;S2V_
z7Y*VF>F@bKjf7%E#!|rYji7v((GCbs71t&+gKlFC1k3H`-?D<bM=F}7ohDu)LOqM3
z<l(>x=@W#1@ECS7lt)tTB}nQDB?Y>zg-Bb1f<HvQCE$*gvzXy(g8_E7(wo6*GBQKc
zb!x~r*M}Pf2g=PgEbF<&)NYB-Em{muZG#iJ*$+D$%wc#{Qz9`+lQWgMoEW2Ma-+2u
z0N{OK;nIGkk&)#|$cVM41%Mun8!^I8mUE~@3W<m^_RvVxX(sJsF)l`Fb9#0F42_CC
zWc;~_-Aw5LA(@a9D5wHSdTZS7X~wn~QW8y3KN=>P^s<%#;N}l3xpq*7<HT)!)xJGY
zHIiG2);77Ny>D%+{-(L`G{24VRTWmvGONHa4}Z?QEe^Ex9|JEQHq+K*9p~`S9gorr
z(+zx%>#Q=bAf2xr4X#~O7EN1Xhe##)&^4_2LYpbw5m!lLu%vy~FT{I)_@CRDwPyec
zBEK?1#s7nh@V|)q|CSMK<&mXPd`p7ewAK5cL8rTWe);fOg#D}Dg{n0r8V$;(5`)#0
zK&abv!{(J7wBNxG`ga}S{1Co_U()@QQr&!7ANiumjOPrG^NgpNS?NE&?<decm<vmt
zK7K4SWej1tL1NQ?%Xb><<XAaWnX7j)>j5F0rjb}D$v!ptMOOhKqNe&~CdVWx3ml=x
zBvg`BB=-q`FdqSzP`!J11PFk_4MW={#D79W@>R;0B4EVcd2byj_w6PtBzN7kIYSab
zXJJX)O#``g`x%<lsOXrBsGgPTJ6iHqU~7*m!P$C6oS&_H+u8KX6KZK!)OMC5FI_Y2
zjwUNbq?f2Fmjj&e)@x|-nTMFy!A$8qWT_aGT6F8Tws#PGv+X&Ao{w#vO8b4Z_kA5C
zT5J;-bzi<xhPnSV($b7;$8;lVRP2(yW~R7!tr!txKiih-*~MX1kK%TYlaij9`lftF
zj@6(-^qxXkcEfX3M64yRK&5lidD4A;tQL*<a&9`OiXbRNc}ckZsW-h%xT>*FjDrit
z9Env3C)`GQxZ5LRUYGd3X)y+EYNE}GxdXPAv$?Nv?o+O`(p%j{d2HEei@(Ko(oSBA
z7fk8cu<_O-aM2kswX!Ou)xlLy&V4Y^e&cS*=qdpk#J!<*_y)MM#XUq+{n&zS;mHL;
zrpk+t(v&1}*$P|Zb&Yh9p+YDfaorj+#YL-tagX&)LiTa2c*hF#d`gB<7ANFC^bcEG
z9JR0tF(hxi%dA=6oO0v~Hg+I4b6N+>{=(>{6@UuqAbQHvA^i11$gdeE#3TA+3qTH`
zkKc#2e-D^N#>4p6b$}i0j&dLo*dys~8qkJ7j!)MROE%(5oYCtxj`_7uh8T^=4ojFY
zM3xwl$P!B{EXlG+IEw+6cSv%P1J!7VMNBx04VHK)Jy!9663hM&B>GiSB^s+*`Cc_k
z9N5n&TBKTeU46(?II1-*c!;I``TL<wl=))2*`aiILmEbzY(t2dlhwx>-kcu?O-dv(
zLlMY1cS%04D_x@Y;U)n+vddeAMQ#e*V@<wxL#67;Jj>g(fj8?PV=wcZK}RlsNN>Tt
z{g>bh!7WiXix}$%I3{s^z5Ra*d-Eo;Pm;fXBlNEiDC)0*AS<dONGmBPMsG~ZsLw#_
z<U;3SV{)x!YmX(4@B`Cp6uC4f<)AKJk;E2M=BP6sudN;ObgbOu&fdr6-I}`13-Paq
zxpNc{%>bK@EjbGwj;3*TX6AEB_x5^KrGe6dSmmX}73piqC~lYvas5s9@{hy1&-2Bp
zeg`@2OUv$+&+E^F%iHZTX5$|k(Iu0si^I;yN9C1^ko~-|HGHC#iK*z|C6_f%G;qT=
z-?tne44ryH{6=U*%bL?G5)aG}bH5gZeAarlf2=U}Z%N=KV*wh)hDM1FV2ZCJM?VxB
z&*w*rlK_5}gyg=>v7g>({4SH&PxnCG4z|G(2xh?trt~_x1VGG+8*a=wLi|5Pw)8rh
zdArcGADM4mjA|kE3wvycsEXtRM+vjvFYtl;pu|XSyjQ{2{G3`0^=R#+ayXPbeTk{9
zBfQikvK!3DN+erUvJjQKo%Kf}Z>k@qPaJ!kvE&FI{^@-hIixz|{>h7bzzu#8=CJfX
z4-)%gWvpb>chuD-Kz{dIDcJD=(SJ9E4&jN5(>syz>;fKwv^A*3KPCxnJuB3~Tkng|
z>5h&erB2-RVq+zR%ZWrSA><&zWf7_iH*W8VlBYWBCumI2R2`O~SJm7k`V0?vJ=x3$
z!_}DaBn{jKXq6pxECxkJf>@&f;;9TL2puR-Q6c_JCkrANwn{*xwl!;s1P33l>v1X9
zsGA=8&fOIwU?u#7NdtG+ee?(!-K#_g(B~CsX;Qswa4(PBHinQ%Ar9<QISH_ymoXw(
z#%u^Ah<M~DVtQQzJRnFKW<8_{zgvy#WJWjDfu4guBTWv3opS|E2y#=8-laHwV<MqV
zXGWth^yJ7Acr&)tW*1lru0x)sGYC{}R{3SB3|q*DTU{1=@_n=<T-B|M3?YM=Ft1=b
zSe_XLDTSB~qIlAQN|kMl2N|lNJ4~We;qP5#D<OG=Wby*9V-QE8&D66TVW`GQYYiiR
z&GVg5a4Dx9E5g5$b_H(V$PB$?_oyIMcPJH_pK?AC`_V6f`)nQ=jP9RwwlOej{YwnR
zW)UmC&Y#&AVB-n{b;M^tfR1Z)1}SI5%}}lZECx_cRmF&nB03!qiCLkaUt+}Z>FRO#
zX_UbUN$x8NsE_c^dppD-JvBbdbB9I1_5p8H!j`SrCe(=$e*l4;RQ*@oEzU&MRJH4u
z!+XqN>EVh8NN<|Lo0K>xOOoT@qt?O^J2?Gf5JEbNx!c*JE7G{jJK?`?<F6#oV-3T2
zBeE5S0j#3Q{NCU{%J?>wqqLtDHV?s4pn?>WoP_WRn?@TQ>82uM&{S+&5(cC3I=_sF
za#Ar}NEGR#OL+Cg$5^FUf@-CS?qzXR7dXPp+;fRcIy=&D>Jqrx?tVd!8DT)vz=esl
z9_aa(#?uHcD)=j0Q$v#S_0*vDZ#$2JL4EMfAP#&@4Fdt}viaE5KH>P`(sEE%CqY2J
zfNXi0;~K6R!D*9>Zd#>FMGi3_rBa`4NeF>Mr-!Ep%w6)Tu<WevK^le^oYbt~`F&sl
z72NeJUF7ui&X3PV@EeTX#N#(M8VFz^rhMqW?$%PG9aPB3B=%{})l7#j8uv%2_(d@i
z#=Q`p;BZXBA?H`(jRk$LXnW5%5;}1=)<||LbX5kevw{fAnF_IajxX2cNrK%I=fHv1
zG>mqp#=@VT4SCjPI;N?nbeBOMy5ihgz{zHT%bE}yGsb|yAZyj&Ikyc9d%3R7?JOlv
zue?HiM6qe0Z(2zUmh-j3h=34kU#lrmF<ptx*`f`S(UyF`X}m?`kH;fAKk+@!tP+fP
zL|#6Y6a7>MR_#Hc6%XbygO<{PTyfRPKUX+-d>a;LjOHqxI0VCVr6DNJ*MD!^03@8b
z{lcITXof}1dB-0Rr{RgKmGG&n!=T5T$<Gz=7&(WGf~MDFUA-r}3l9HHX;MA5+2Vr1
zMMnXbaZ?Z#ID!JHb!#vwwf8k9Q+YfqW{=GYY{(^PO9dUqX2hnEyVo1G;|(IBoVAyn
z9-s*2WF#JXh<Q?{U+)*-H&=a{qQctwj%))DrPn21K=OPl{mr3=-m<;D!0FY;lV)`$
zx!;$#z`S6Fe+unIENFSvbYmMMiZqSi^2!C}XUCpg)u?dSs{^%2ba|05k^kx#7t+4*
zd!;(|`%mmyJU*EO1P1`1qX7W;Jy7`{*z>=EXOj)#C+iDprtbtUthl)E?~JQ*lO<Tu
zSPFsM>b0_<w0S12Xa&jf&_7@IA{uGS1GknF4DBz%dWr`^PkQ*<7`(2oagt2`dZ9}6
z?7_2AIN;<nm9p{3ne)4@*Q@o}-X}QjtK<2fy-xPiQFTAvEQV2XrKlIoPLJ1*tEV(q
zFGn64luua_vCVeZxOHH+iUf+7U7c=2`%v_&2>G>i3{1O|D+VvDQSx4QgnVXKy4%rv
zalXTNT9u?T8aZ7o{lT)=`4dAbtmpl^!9|E&7YEY(XNXaF9N+U~ZjJ$1m;*6rSHU!`
z*wVnZ9Rb`c73@`Ip1?vAgw>ogQ^TQo-CsZI>?mYg0|aICiwvktX+C)4UAWpA4Ub)m
zSKNLwv7;EYz0dstAAL1Dw9%!GtHm_TRH9=!Y@ss#SETW3-i_TwGo<@0a^<jqzcwbg
z>Xhu3M@KYXk<@%6k~K3w5D53^7(JR4`(B*vJi>GS|BzDP*xLc6jl7Su5DN$Vafh1W
zRNX=7&f@P}_CJ0+-_r)t&=+X29U6H;`I#{@hT3B1j=kfL%i??uO%6HdC;DX@<(ZC8
zikf!sjH;#~rHbgs$TDS#(;${@fRfp;=aL>Pj-~v7Ozj1K-EZm|>fzMcXaT$PK6W<q
zc7y_|_`&DvH%0}hU`V79x855PQbAW|qi6ct-W!G;nE_k>)L24@vlUCjHovYaD-`>p
zZRnqM8m{NReo{hB6=(|00zJFM6{KsAK4IAES*cpPlaOw;F%<uX=|Mb8RxO@FcMis5
zwm4;sF|i-V+>`ik)ffK;ks0X7`m3hQKtZzzXpo^?kUk=CFv=bGnFs;eDUd8Ov}DXN
zfj0F~LJVH%aQZd^1hWuHvb4+u1TO2A?>qFDI!YJMf<ElirNbS7$_Bv|Ti3YQ@exW*
zurMb2pQSm(ImAO(-UHefEqcygs&Sg+L<(+MKxX%BLHP2JN%>cDLM@$H^CcjF)Fu`&
zkjRl`nSz9ME0yp9r8?>P=h?A@>$jDe<k6pCsUYdk;1)3-me67U8|XU)n&#!ja<+`O
ztUT317e_;cahb1NQK>0ptW4e9#>%jgg~+TN18%M=BwWZNSyd>9Xdo|zloE0mjfT8*
z9g}(`GpZ0X52lvTE-My6Q=7_=5FzN_hSM0CCU*&$S8C*!c+K+I4-NOeX_kk@>K@jC
zhF<b&9k@kj#e=q<z%+@w_uSV)y4y*A1M!vK?KMzDVceJl6!s>BWTP~P?G)qg+HJ_D
z)MCC;oursOqHSNRNLK0Z3+(K~u(t>(J*;kf6Xa;Xm?O(3UrPuZPK&9sYNLJ7fpXb~
z`nxYELFN|OKwWWi)x3h#rezeQx*r}DMf1gI@D~Rl^=8(R$L?EbV7y{<zp2{n>l9C@
zeq@k)>}4ibwXzNp>3)zqB({~^6%O91G>`*f7YNJ<(8(!+U^%bZ^9RY{li|@3?vS{0
zJR3u)3o!g7O8lU6lKGZuQemXw_oPS-hFEZ}{Ir|k6q!Q+9*c;A3k*y`m!;qa5YWjD
zl4m%^)Y{{s#?jZn<>w4%(><nEg80lCd_^h5tFtaa%k5_mM$POETWPHp&{P;sJFiK^
zDCst)4HYs$8M85zfY4-2L=>~wu^c0|pFoP#NM@9j#ITR&l_u>Y4UjS=WZlT5|Gkz^
zhoGbqEEYOB=uWWhy>)I)&of1V*EB!08#Sb^wOuep`NL}3trR5L&RwX2#nydf1GBCf
zGBl?1V7D<R`3q6XE0bBG&yre|_n9xYr_vlH#N!IMg{D6GgpaM9$seU?tnA5D`)+-6
zU(CDXWpe8#DVFAb3<<kIL>16F-^8P*&nl8KWH@XhFfC8nlsbvc=X(YnW)uVZ%zCrx
z%Fu7h>FkO<SSUhqAr+%7iEwr_YZPM2uEJ!OP71K6t+#jendo{)mi2XVK6Q@WWCMD@
zLfWl%A<2r^S63v*#UEj!LWd$Ewu4agCSj~2WnqL>iTk4wx_x^B=r{%FWq5ccM9o2S
zpve>hng^Rkp#M3e!*?q0@^US_V8l)NRJA16kYRNI(dpd3$L=HU*zQMmMBYOrXvc2B
zRP=3p?TiMY2w9S_9a0zWtgVid#3-u&G}iWWyoJV?y`nBH(ta#N*diJNapD7_?=Njp
z@Aj{UJgZtSG6Ixr;bpLgJVo87O#8I5<1*I(Jg1uhVdQSwRiBdEAg_J4p>^9SH}R&^
zEHp6+mqlAOo&C!h-Jw>SrR(h|AG*QGWZ8;Zf+rL5mbd%Dt373vZFcv+#Fu)&(68MC
z94Th@r?gjy`IqF+2^P(=-{hNWYWFWaSpA(Q_14EUN*Bpi>nxwmPAL7d@qe$qE#KJx
z37D)lXufa1o3f$&0040R0hs>{mfDK;zhLRx;tPss;0n#*wAc+(ooRTfMIhRNCfjjs
zn@74~MjeSIxqjcfyB%L(x>}#KCfVf%x<Q8IdF1nT<KbQe#;-5S%!a%nk=)C}6`qU7
z7*9@>{Qh=4UpmP?%8y&0D_>|~@XnDa3^wij_+VjVd*8MDZ_1p9%@mK^Y9mzrduxuF
zFop=suk87enpimY{SV%(UsN*QYc8*k*TTQc?RQZoL}gzZXJgMC72fDSc4x!wQf<ZS
ztZ)-p+E1rO9$)Jya@f<)2e;;axkKt?u7hACIm6`QrB4t)m_-95T4)^6i>>IXzug|6
zVfaFTCuN{-H>7KP$=KTg$EouEhk>_+x?c<|Z5YSPVNSr7px-eh8zXXY^<_NFNAvET
zY5DOvS+}6{n{{IkHhQM$n(qj6x>IG7vV9$!<Lhal8Z)GQRzeSSlL2wRZTbGNgr%4j
zU=o>I!HQs6tXr1JR@(9JCzFPblfvN^X=tSLFX@t{Wu3+sTG<aYP(SD2ey}})s`ptE
zu;S*D*Dx)N1;#A;l~ciT7CdwRRgiW`LeWylc$TE~nnE$OMKY5pl1B<{0D_|`1+Y+2
zx1MdQ8plSSesxl2PVSf5^E-yRLxlrjbC~5y>K~XXi0^EktP{rqCu%2Xl23-SS{}#f
z-yRK4nmUD}s^F1ZCaxTDk3fRcR&+w90P4+tq?shnp*vrYqy|awdygFe0V97o$uR{w
zaN8r`)<^)|K^G-?%R)Dcg+-?tQacrgzVwrIKsrg#1lQOrf0(~`iHH~XehT1y@V1!@
zO=VdiS1CxXS=`rDy^i>+^`Xj{uoTn+96C-)9H$9>lmP%jB{c+M%p$sm<^apJq?k6|
zI80Cti&GmFaL$s6f6-XErWYV?P;|*NX&wDBd<;MO8k&fjPXVAfN1FJ~5}2P{Du1UF
zISFJtA-`3udGrK1T_&v$wb3MQ$D#O8XEaGPUQ&SiiDc(oscPM=&T__A_1CQ{bjA+o
z-9u7~7Rteg!Tyg_(r|vZF$t1%BaRjKi<67=R<mnbZuHF@aojVIzI7jBu(Dxrj#Qm%
zpB}+tU#xh0LlBtZt+-L0bTa0hN}W)p2nO*&3RpC-zWscgS2Wl)_VRT*vw*%cm&+t{
z-@bij)t_5DWC~@o90`Wxie0K6=~&G7S8Se=Q!^dei#Z$<>@zwA+5xbW<pe~K;eL*H
zsSk0$?V+dv$dOR7d~_gh0QPu)c>w&M^FvO~4AUV4s!s;NC{-B=CQ_Z}fLKxZtvS#!
zun_@{1<<Sx-lR!Gi5wx}e@ovhwqZhj?m+zR&uk<ng`@RCEr?_$q({$~5Rlm~*DVOn
z_JRf;6-(g)VYpDV?`jt||KQG2UYwNGg|Xa$XL}-s{_K|BsN<}|(d~SoZH?#C)IXwL
zr>-^gE5uc-VFv1taWHfUn2!gZM$bXhOydiu=8viHv7JG41W+Dv#CGMS)V-~A1~l;R
z-dPQ>lIYYCtFUIG1`$9V(lI4^DsBj5w_F4~t?J!;pKTGL3RJ+i$3xnb@KHLo11$6f
zUn)=CD05;#!XgB{lTb~H9B}=u#@I+_6bA4fv@5~EGCUWTf^(3D%N94yX)_Vr7=HOi
zYkSVv<+`n9+hUiSh~c&)J-%t#QkPco_o^dPW@2pRFsN&!l`B02M!8byUtS-mlAFZH
zoiM-*#l8N%W0tAGyYhzpi%sy*c5!N8yWHBl^PbY;t(I>J6+eb(Qa)SQC~%&SF}Vfu
z7#u<~$VH*1QAJ&*vfbCF?1<XPt|TlZC>w|jVa>cxR^WDJ*@c6J+-f^GOGxK>fSD%7
zioM{?>AU!lP~}5cJ9Qm%zUg))nzIAq`J!>sWARu7+d`7#Mz^X9Eyp^pEdX5r2eX!U
ztYe0$?AcPb;0KnTpvPb=x{s(-XpvmZ>oJ+lOm?!riCC|7ylSt72aWPa!(fY|N?Izq
zb2;KW1Q(8&Cv1OZkc;7>;)*L#435-Jj*&Z%Cb6Jj1x2DItb&~Z)yX3H4r#2k5j3D%
z$Db_Dy57$_3ZF^|jA?zr24K<ir5NBG%kUa>`=6>!P>$)qNUkj6A!5X4!fY~?0e=rc
zJ+<@z8;zujc7mBo_8j+Mi>Se|4Eh(sZx&y$AEJgWTftsN)~>_8Qe;I@Mud!9J&py|
zV7@d`i?_hh(U#%*BD!uI49ijvQTlU2|1>Zrd*dc3)9TZ<Izb>Jrx^HOEJq+f<}1eb
z7b<?nq(D*BOr7sVL7Hr5CYEt>S%^i5SI~Po>^&<G@rf3geI4y55<;U*xCufr4eY{l
zHj1hc<xSLowIlp7ANh0gL!bO_>*9Bh-y`&jn{T8aY`|$&A*T<Kd4YHMdJP;gn0SG&
z7-NJwjwn@V6@L!1QPrSzRN61|$3LAO!^eFCl2-*$VU$Dm89JUhsq=jpPH}p}5$TyP
zXC+KI`ZYPZKnG4tQ<_y6T#4XI^*%ROM^Bp(ASE}6JNOP34@7G>xgX{guOZfL(V7=s
z4Pb3(&cObH&Z%8MjDh1q@o0@))u@rQ7);Fplc6@U_Q?i$wTPhY+zEZLZac}ip}X#*
zo%kuj-4DQW$ObKLJLG>dx<D`l$f!@_F72Pd=ovtN*FRNCLu^^xf?+vrjpAZM)Ak1k
z5qmc_arE&?oF$xWUu!D16*q=%vfol`y1N0EDqW|d7;}aQ@)Y~tFo23WrW3Dr+@v)}
zrn$l9471_LC6?iCUx6n%%C8>&Q0gLxi(xoeShBv&_P=fNU$`sURY(r5IQE(gCEvvo
z1<xa0&b~P@+6xL?b6=13TU~MYB)U!?he$!bdE&F<+<0quy;!s^MAmGUZ@kk1A+qM)
zHURVOc0<;dM%ZEcpjPp}xZ6X^;3P5~Zm^#3kDxwWkVljKeR!=yY!7G4{QJAqQQt|g
zCq5|JFPHhkc$dNrSIzU_?vhHX(836Tys~uQuEUVC>QwvDtr_OPd6|F(%b1AR>1CO=
zDy&}!o*;)Ja)T}RS)p{ss(!|<0}*|)_YSgrS+5({4rs+=VAIKo^E*Z9oN;z{y729Q
z_sib<b!JD~*R{0Z^KSyDjs-0WfmV;gQA+1CyOlBq4oPcsctJCJuiQ&}e*4kzAKGLP
zs3s`>@V_ZIV3S@hX=`GN+`S)owe=p)Jn>Frl$cw)hlOYFvfSXBpk=Kt!i}l<m+n*Y
z?oCHK*6bJ&72dooj?1SCoj#pnzr-dw)Vik2cYc-co?798!`E(*r&gJL^pCm^z5;k*
z)iX2Gm)1G9{7tSs3)&g2^3|m`lBcGzn@n;v`+Vcn`p$Vt)AtW5pChnJ2S;s)0w&__
zeC9VK5!^8}^GPp5WKT5x6xGDszdE4O`QHEJh<}gXB&UBZl;VFymEU!^|6f!wvvv6o
zNq_gh$>OYj|9ifCJqtKSTy+if5qeyoWz+_4T{lRQOG>(Ak(g4>a<8wrQp@qm<D67u
z(6Dc~EH1xq7q{<`B4&?%F{EaIip-sRxBshgEC9UdkjGbzJHO9`zTVH1v)>%?t+@Fh
zzFkg@d9SQpc!}dc0J9KTZq3N+YSHTJx8=+@F?6v)@IqXLv(v2b?5n*Q`;j3RAv0DY
zBQ!}eD5eK`kKbp0C`5Pg$~t||KcUnmWzJWj_>cIQuU>+)-m)oJQ!ifl9D1HV3&Ou^
zVL{)aSiMh^m{ATu!hWU0X#_IE2S#V=*irsk5apj)B@7v*ADS2W`j$*+?IwjjGWtn!
zU#|GZCQ-yC4MAu%uY)dZWEO&aGa)}S$ktF)Ni>Tg;mt#s2yAUf-*ILv5`U+HWy)7D
z5R|xp45_+jV5SntXbQ9>fVIB2;gKtntXc61jp6+VK|N+dCzLZD!Y0NR#}~Z&-nWXq
z*nXA)-@W7AEbQyZm1r>e2=n6vCSoiEPXt`)?g3|l*EA2-CaA^VfGU}aGO;&O3bkq_
z-<ZLR?I&q)Kdkk+786eTJr~vzHwM!@@ZI|v#2J0q2;f){6zAbVSNonJ7G#V8+&19a
zOrW$7y8)CM$o2!Iu&m-TO<Q)M*MbC7X~tM>_Orm}_&HThZSm6)(}FBmO2Y?6Gj~yu
zVJl@eZis1N#hQyr8knn|M|Kz}=8O>+KrTQHIzlXWp3?;OvhW*89TL_YAr4!rzk&sv
z(M}ggFA}88&~y(ODZ95tB;Xnaesu83+2Ifs^T(`8&o(YPomCo9e9^niB4(tL{ALxl
zPI?IWnIYD*k}0jq5@tCfmL(>jSCtU`Y-T9zG~ZA`LGqWtA_^M>OqeqBw=jTo<@N$I
zn5;=melsWhYN<Epk{23m-*(F<<5OH-i%G{kRorho8!%ueCp6|H5F^0hNS!c&9A(1M
zNB|P3m%{VvxcrTMOVvPB{NES6#LSRRY?l2C=Tw2u8FU9(=rsQ&A&>b}kekcYE>Fq;
zW=>N@vLys}&Vo&2Bm>BvYnvlokT`0iQBsH=W=MXY31FeMi)T<ifTM^lUkT>;jF`|u
zZZ^#bWHcr+nUfX8BEvC$*T29Kir(4FE8<jt8$Yjh%5n3^O`1#&kZE*_GBF~^rlNbM
zkd}1hWhr2ul3m)`*82&jC5uGoSWmots15wtA^EUvuiF{=sODs4@%81MVY{{}hxf$#
zTZLZR38ge>=saiEc!I%%Ov0@yG)abYpB2=e)Hisrg%<pmn=6FYuBV10CF`u<hs$n{
zAzWVI;U&Ck(3`dZuFZ7XOsmLWV&fE9I^MiYA-68cGFMhg{k5&kIF6lWq@n^i3gZ@w
zxT7QSW~PEU>G!#KG2Lo%K*vQ0nfuuUdg)HgHh!BmZ-DcDEvuw1fla%<I%N2($+$NK
zck|?OwRUiWa4_qG|Go$q^-^-Vg+>R^N!WFoJGm29?vOor^MP2%!#VMw&|n=MtKH|>
z<as7J<>aPL!X_9q-ieZp&O*H7^)e&}Ggm%ZezVj_Xa|uhTk+keHgVI?Nom>2Yi~ze
zUxnN{O>HJzzvBAbzyoO^F|MZ}@bgmD^>g({_;&X{E1=Jcj@9XJt~1H6gB;5Lr2_t+
zy|SDy=xHeL@`93qKxzlwN(rb^ku5_fc1vnN$_$fs_<{sg^v9*UxD=Zyw;fkyc*_QT
zz1--b_|APN@p)8^o;hVFP_ZaoE{t42E*OkS(x?!bJlJVs>!5h7?~kbmlY#u`Xd(X0
z4qxuCa2kM_Q)J{ewRYTTj($43Zh#SzsMN4Zq|{#1<S)Z-aLNQVaA)H+q9;qYo<x2n
zH1%t^#0`lTvLDF~+{B=Pp_~=65AHh*tUEz4(a6B&_y%b<2><J8u2}g>ev1$GX7*Pi
z%O&bs9IO}S5;4jVps<dV5S8W7k_RWa=P$|=k-8a$C)lB<nOOd-OszEO$fkks92u-F
z@B+cK#u?FZvh{}*Q@6p3tF+CtfVdP&2!IAF$js0<F=v!Vzd2={XAP4b%!mK-p*XW%
zr7@H9uri`^A~n+mKYU@5H7_6Egep?rumzxhCNr+Zpy`w<PTCWdN3gI*diweB?Tk>H
z;Xp(%ikXJPFmn@UgZ`GmUWY=SC6OPiSh%L8K&+6wVR=l5w8Ke8Y(TH{+=(czL#bLY
zF8(|>><Lk<2b5d~rAmPG;gFcgojTpBYN_^6qteLQpAlAst`r1uCiGR>AdBPm7BtM5
zbaICe#EO=_bSEZmyI$whMRrp*VAsMff!e?XS`6CYG8L#*i)WtL{YkAvs?6i_X|M2!
zNg(on*&%Oc)lvGn(!h{q%<&L~?iNs<+OodiO7~#}?`UGHDw&Wgb)4BfZRyjr^mm=m
zC2GArF%H0<)Qc1DOPK6+=X}(*uBYRf5YG-(+M1B;jJHkuu}5W^-p^LtR*ccs@1sI{
zM51zk^T8I_5Qs-D1|K*hA6QazwvO-xjm(9Xoo}wD!&2iE<UAWM>P<tG<Zvy`(6$)x
zM1So@3m|Yguopq=NN4MmfLReTAkRx+RO^keph^LC;jb2jM4(sQ*7MDfAohTQj5-oR
z^x4G-;Vj6sgj;8DgZbi{&t?#*;L6Q-r1h*pSfQ|i+$&f`Z;mu_K;ppCKm&F+Mi}so
zDzva1#mqf*U<+{$<uVvef(2LX$Fnw0#_pH_g&!ecs~ar(E$9Dgl{{q}vS-AmG<GnZ
zn)Qvu^V@w!cp*R?+-H?y>C@-(q6+)E8?IS+7GOzM>T~02f7cy-fAcU{PPy>EVhHY;
z@gu6Y87XbTi!~)L%Uf8`B`CE+v{KrrEy}0LF;-knk#`!d;rtPwuZIqgc{unfY$81S
z4rnUZ>cJ`0Q1ufHLPH2|FAGe{YnWYwCZ!xPJtonc4>yvcd0HmjQT0lZpd0JL*h~w@
z1Uz$vxGhSyB<IVlg7NXT(tNKmOHJPUC(Z!wRIb<-J?v|E(ZYm_JSjS3Jk6no%SEpW
z@@y9Y)rP6yh~B7anhx~&m1;9@({sa5vW<7YQ)t*uzn$4?hmEX1uEj12YGkm%n85(+
zKaZdwb4jDufM%9g%&JrY>mus-4OtF6S*@@%O7SWBY;9g-oZ~$WJ<TU1I%Ia~d5>Ax
z3}$oK0U!#R<Oa_F7dVFDClbYd0~71t2gdM@7XoHx`f1Kz9JC3jVA%TalyTDZGp|%d
zG*PKc7&=UKNl8chR*cP5kZMx7B)hh_>30wxUzzDcFU#+=v{4l<7ro(~_|mVysc)Q@
zg~p}&-7HI~H6$M~Jty<~E;Pefcn#;GuRc3Cz(%eQ+H+rTM|0_Q75A0|_m!lZu2yh~
zugYM&en)o<UVtP0lqZ0hk7^lwf@<A=Pk;*_yvq0t)%q6C0E_uuTKRW&fUk57Si-oa
zHrDIe&{jB!GG%oGKCGmso$NEGp<Ca$$9A_^ZQvGNm5+FNoC=#z!x!q1x>sUja;Kr8
zmD>=yCyVP+VO6HJoKoJzrjoO^tmho{Qr9ueW<U1kKauEoyo9V7&ydqr@O5#kp8>`E
zCcW1c?>TumZOia+AL5$0DABFPEA|RZHO@ErVmx!_?EOx8i#w_JyY%gwy}xIvKY;%U
z3>e~f+I3I>0Fg2P00{pB82%d+bZqUh*^z$!e4z&MJ=yeW4bKp+O5>p0{o&)NLoQT`
z9Q1)K)0HY{v?py(Sl0JrCV3TIkkZrsWpr$FD?6m2ljdf4d|AgYPpO|2MaFc=5(lx>
z#<#MO4{P#3i17R^zPGw9es=TvGZ381HW(3n!6)?}Ygm@qJ-045YiXWTk-YrjTn?4U
zl{4Frr?f)*qfI`3wIcJrOz9qpt$IYE*@^7-G2H*U+iyOI@#<T`lFjOKUsVpenb>QP
zb1ffj;9(^3+ji6Md_U!i-S85|&s!7i?Yq2D*9f6u<NyMhogsf*u^f)2;}3|ld~RN9
z&g<P}hVN$`H_a(8L$lzJFd3@>87^RQ-731HQ1ch!WH%Wj+gO>ySXe6cM%=Jynzj?O
z`Xx%U)2Y`)qLIpN;f)I)*mq`%I4XsK%;5f=)fsacQU^?r(x3n?hBq<uWqUh(I#Vas
z|K(niCn>FgZps6maUt6WGZ2_=0?<9yRDL8-5x4#%RIb1Q1R4P5=s(PPj(uRj0U`sI
z4>i7J=6N?Q@?Q1h*knziLciYXTd2@<ZC6u?<w*XTjiQ$QMogSq)j`9ob0Gq=TfN<_
zxwj;D55V2zU7skg&nIsNr@QyfWL+^fsAVyVen~XgcuCZF)X2T3SVpj9UbSI{5TpD^
zKRMPhM|=aCl}r?z4l0+k$W=}$$=?Iaj`ENJy16;#D4wG}n49+Wf|MXt*h`I4-)C%{
z%ZlUSz^+s1zdpE?LY}@=w(Q8Y3}>rQ&vG{_u@<mC@eM<^12&)-;VB_xfGuhan`V7Q
zC*VdHl-cmWXQpI0RUZvL_}F;TqbKTUPp=*s-~=F??*vn(`eiFMvZNdwc~bx)N*4LB
z>ymKpC~K{M1rQj)mk~uG@5D(a7?Sr0F$l)Xa!9V@tYI1g8PXjjG)mqGAvJlX)({Zk
zIC%g11Mwj+My=;ARNkz<bhiHE;voWnj$U&K@28Q44)jeJ){;xz@b><?+0GZQd32n2
zYK|>98UM_ph(WBeU7cqMCdmW87ABy~7zPaDT_E6mb2~eZOX#ge{zuoqj`$<X^8+3W
zyeFF_r%#3q3Q>{tX+-b`d$0aQ0v%072DmZAL@OvKTGW|P;*an<$-uL~kQ*q=J;Etj
zhI63hkMUYQB#$n?BrG@I7!a&^+1y^o<D|B2%um%MF0d6K^?<&l%@Rz}$dX>U1a=#Y
zX8xVJ22)=WmCSG*g+POV8<d7(e305BamEjRR5Kp$OIC8|`n~h(i{;i@CDGx0XjwuX
zRE#=0-gR^yYy&z?xyLl9>U@}vE=9%PA%T9)mj2CL!a<5Lq3E+k;N*8=mL0CxHWa=~
z9rBA!Po5(}by{JmsE<A!NfzU_GYRc~?dSdx;4J|~WTwA1WLT-ICQOvMHe@_`{UK;S
zut>XDm%f~wtxu`wIc*=WY)E_C3v+6yeb7-(TKLD!m#VT!iMr7bqha14m{sfL>8unK
zL~D|)swG0_N>^O6m%q#+;wMn8Q=InnP6I=X8Y!zQEclzt&_BQiaF#6niSs(p0yK3q
zTerjp>OcxM1gmPL<<m>$rLw+$IQgTsef-5xTHrn$mlqQI_~m9771P9!!}ec#Jp!wO
zLO`(3mRv~8)lDc>n;8Y5XUP0}j~QD{As!=aATD4J1nXV;s#7LKocxb_=YF_SSht39
z>pVjQb)FzlI|g}1)LI%gEE~cZyTl08w5M4cT8Pu6G^t455)da+%4NU67JHN~2!!7{
z=0-<yoo=VQB2=U-R42;O(U5`pD$%GFqB_)HlHK<u8v#H{azQ_+XYjDr*P3B@;qU(P
z<&e6f6H2#gm3o?DMk}09;V#Z!@w-Rjt?uo3WkSTGqUYTeIB9Nr+D3J=>tUehQOKF|
zP|4pwnr3cuy7O%ktQ9iLo0r)BhIjaw<7lH(xjb~)5jkTu**7=r`qijO9+%<>bcNkc
zqk^Iap)R0}Q+TK?xc>;%1cIz~;&Q$2y6?ek><^wGT8){Yxdks=SG`zES>zT3CxXwD
z-vjR7v4xPG;G9n7%+8ug3yoK@LXrD`D#;oT>1qQ2fCj&-EA-*pN1(YNSjlAAN>2Te
ze>;uqddkY|%(bfm%tJ}zh9Ne_5f0BHLE)1R=mhW5l3#+&+NvE4S5^y5FRO)B+AQ^=
z16;HBzpg3Ac~_5_qte>CK&2z;<!<fQu+FI;I(Ulwi3y`WPh%=OoO4)jes6!-T3svY
zM~1w7d#W@x3OakI01VVAUKjkqJ5LYASX8?-(xW))YO8Dv96SA;NrrLe&t2)rizl%M
z{#LlTE4-OlHz%V@P|m2c?SyTvbTa2x-l%`XCLa2s=`qnq^LpLHNRc>lkb3A9aG9^7
z1?~%Y%xSG{gM$F=w<!-fSRA8ihvJuEjMUi#az<r^E68@|ZoYxQH*@FtOw=namgNRD
zTC6XUPR|v9(Kc8%b)3|@f!BK7P>d6eyJT20AsTArgoTy5P$bfbLPSmoF1n+8&h8qv
zZ{y<Ft#yYrj4={h^$5V!n_OGzyop(j`I86&bQ)8*3a}0l7`>{m>;+?*hB^TBzXCfV
z+}9k`ap8>#Y*5i7T#N`EEUa&F(x{CNq1FAqGP-ZNb_fU785gn*Vz0OF)^{J7ZD$VI
zE_RYrdO;A{_8e?(k?;r$w>JuP(Z<?102|L9cBmb87(;KSb<%U2Ovm&`DJjDu)x=0*
z&Rr)=B)##|+$8-xq3By&=^NCES7g!*!J&<(X3L0$O3&VOX=g5N>B7DP6mF>jJO_Y(
zU29ViPxcwou_z-3G6C{08%_&d90VfMwuNHKv?fNk2hlIU++lRfE7p~=0p@Pt=9~m(
zLbExMJC6ch8|6S7Bn;=)-Cd)+qli2mcc;y~y}NS}O;j5Kr<~nb=g6MD43XfN)Hl3s
z<CfsLZc9F7F6D<ao6*@H_n4)l39WTH;yjknEQ3vBqle`l1NQKuQRY-Fn_6Z`$_Xhc
z!#~2Q(+bzX>jaq0q*yM<uEr~FOA9riUf#g}(~+l_y!R9{Wq;-_{PQgmE8*xihchX_
z6Tys4bqX-(JTwxi0}_5y$kiS!xHZa>JiI#8=_wl6sESu4jX{R&4Iq3UHmvn_Y|fFV
zBBP;|z-&&%P-OGOry%YMdG@6+E^f3{uRt3Wq;yjl+~o$5LqL0F7CV-g?MfA9Q633!
z6`P7sLF+y4QCOck0mZSCdk^hdp+C0}^KPoRIcpk|k9?WUyL{e#L5?CvLVmpC({f={
zu#b3?^)KPTv-E?dTV30!pq8}sbk$>8O78KaRxsMq$Iv}9bKS^iyo~F)AyP)rG^R#E
zPnn)^7m(8XsLP{OtO~`XQOJQ_S_VF{t=y^kp<zqp(Fu7bH;Ft67jTAvTir?P&nkBz
z>KKx!IC?XXX2scAL4kLJ(;B^Ksgz{vmSsq}RB5}`K9`&}(On9MZE)XYFuP|w5PdD6
z7H%C$cFOynsAb>5=KMjSlhXH(6C=s18ph00#Ug6Dv{jH_v6=#<XkvkiL~3fmxDaK=
zOmYFWy~>Hy{1a$W0XC!)Vxrac&W|6ARb}l-q`HbI7(VfSW@Ns4@Q+2X-48U<Thtf+
zf3n-1BS)FlU*R_Z2LJ&6KiI9^f05hibld+DeE;^Is^c`}Tm02%Xf#~Y86DQD>WiqN
z%s{zRLjje|wJ}4Yj8nO?8S~qXPcoU7G&ff?0}tDe8};5F<jzT&e>BbMN3|kO;t2<H
z<OfR9kqyqu7P+O@d+v$ddw<(AFj=QTMka8ylq+a&9%hiFTStwQr8KU22r5CcOqett
zIs*tea<CL3?$)3=7-p|uXgq4$#V5h{<>Wnep3;<;Fit-*%tjPG43$SUU-@kA$FWJ1
zN8>ox%^(`eOYiw*=I!|O(@U5(1^gvvqbvXd_=S{MHKO}C7`=SG9KnJ-f18rFqA|))
zq7z!O^vPx7>o0RmI75P`iID8%xh$o<ypq9<8yKX17!O3IbS$yeiky;~eq0)h(GEKY
zN*&Hu%_Ju~5_ugWFX|DlEoebro&86!5GWZSh0uyYjahM__N27Ly831iW&CxDfJzM}
zBoV>_C!THd32&Xc|0FFTHf^2XM`1FT03$U9%wvWDGa`2$GMai}vCj|HsyS9y>nmFg
z$uMbK;m9XV!~s=gdtA8F7#}^iyZ=C}h{I`bs7C~V>NIqX)$KHpr~8bAHkqcp+>m^H
z)T+Q?OVe!-GmNq1s%O|&46;dSMW~(NWur&}1JA%Lum>(cP}d-!U3p1|@Xr=4yd|Jq
zfleoL|HEHRnZ`vB<7BNvaPx(B%!oJ!i?F+|ZE`EUvLeUJ)i9<+#ROARv`J;Vh**#h
zX#|43<NQ4;qS_M)*5t}DWeX0MX2POj(IOgxnY#w(T=YvCCR5P659Qf}EO&*OYjciV
z=Y;?zi7p9fp}~hruNcgv)94ar(pBXnENy$zJm@lay(wFoEfK<oj(AkEw)!&{-T2R;
z)|1-&Tn=HrKVZVQ)$@pQIioV`Ty&ejt9omBr~!sy5QkKi<Cq#}F+;c0L=m<M*4t0A
z;)R$!i@X)#&)1U!gkJqFrqEp#F~~JdyeXgHH3CFrd$|{Ivguhej{kzSQ#IFVaI27L
zv3pA)^{A;N!!D5vTYC|}t>7WM>Ohua=25-MM;R$S6x0vtA{$*(M#@&kAa*PLYQ>Vm
zta76$kZytXM7o%=*@};J^TfHl*VLYCV(SW9ThVVwmvZ@2FnxxB6s#<WY~<O3g3yo>
z5w5K+T;TWiQ*diTgOge0#@n4pwXLR(mOkzI;kbIBz26y?<!q$P8roZi0!1cBy`Tvj
z1C!jM9>T{PWEXR+gEwe*7mM0)*{(uW$sp9n@J!Z=<R-VbvlRgQ>xtp}Oy^@VcI<9$
ztBoou3!1VJ>)ES!_VZbFgQR9a%f(AexrMCOwdhDy!xtQr3ewjoZ&+9KtdU24${>|B
z*0o>60YndXz)s#~&LJI8oKkN-nrbE<Q;5CKF^dy_N2S#)g=cPuYymwXbO}%EOvbZc
zF`8BgIHC8x>J?_=o=WSSFFGiXYimG3X91Z<TTETU7VTiFlwN*k(w|TC9A9nTKbaJ+
zC`qA9C!MK**ce)_7b5O2Xm@D6DZ=oc!uM=CLVH3`e-2tsK4P2}JNJ~)hFkvZaL@Z3
zEOIO{<|gmloOccC=n}fRID7GxNQv|IK*nkzi}L39A$R&P3o^au%n``r1?<aG^JZ0W
zyYqYrS9hNlk_@r(z5R~`DTmDD@OQx9;n!~+#Qi^Opo6KCt)+{Lsfo(}GX4LriWsac
z8@s`Pz?-PgIAJPZ@2^J%vM#M!j+(3{-EwVfn&6+t<#xdc^5b*OA#KPXRE)!Pdptem
zJ@fUmM!}IsYWe@Qb|&Cdb=?EMnTn(cl}ac{B2h>s^Gv2DQ!cJ~o+(Nh8jv|cB12L_
zGL(?9sA!N#GGr)<B2$L{It|_q*L82-|2~iJec$K#&ib9T_S$Q&z4ma1IN~zxX|5}2
zDm>6jI#AKj=SVZ+9{MEi&DH{{0}VOymfcNjy7$<x2pGN`k<!N6etFd9eAMRF1GRDM
z6|RiwHDrBRDd<v@+VRzAdMZmdVwVs{*yY%|&YDY`Oka^JY0@;*x?JOIE^+towUV=L
zE~7c_aYgK6W5|s+-})ZDIv)JvMWN)@TUJsdg{gZvcJnC74S0UX+<L>|E!b)?<ZDQ+
z&ytucO+z!G!Lem1J5-xfHJW)@7jKiSsQ<y|7iFfxltc#NZkv`ljrpi_P26DEqP4bH
zjG+)i?rMwk%KdaPQ<eWYO}}%zqLaVdl4}gP?Y7@fi!+4NNj_E-F}k*A`u!aZ>cqWk
ze76M!)Uh&(c0C=rsQDy~{J2}P&bE`XOjFuaek-wQ$u-(onU(j8E@_GsTYL<jFpQ$7
zDzfb?V_$4SUZ&^eG4XowYFA^73@`P-mdl5*0$U@G85mi`_gf5*x978k3#|8k{)zEU
zv6QoL&+ui-?QAixbuKa;j~;sJDbnBh&@1htWFhAESj(*kw*y=5Pqx^x(sn0jxt+;2
zZ(c?<c~E%ul<gi{k6n7(^yFOWovu9bzi^3bde-G3m35d?OUW>pdvFR0wP5OK<X~>+
zWa5Cs{Tx5TRczn#)B5#~F-d=k4DAzO3_AYiby?k_vQVb`OaV_TKN&w>`B7wYB<%Ah
z$G5cmZjxJwpDMX{>4f}|kDW!?nb%4x?{_+7m}s(H`cazy*<sw%GomoQ6ekp&bXvz!
zXhqrj?WxJ~o(bRgeNnUT(E7r&Uau*u=-3Jst`)^%!-ln8jPG-AS-j`okn6D{=IQr~
z+Z)mglW10U9I5N9QWjd(yeGpm=*7seq=MVS+d55~Ms%02TU1u|x!omYSeKUbfZ&nx
zHO9}wnakbzoe%Hpm9nY3Oy;{<>~@i4;9Iwq%bf?38&`Y#QBSO2m)*?#NJB>Th_l1^
zIsL6!7eA;8#iYC6*l_gT3O>)^a;ywo(6;KV#y$a8brt@`b5mSY627}CzkWZ%dg`d_
zATK|o$IVyCs-l7KO1jEUjj!_xIJqfEm8#h=udvu4e$j@*N)8vEoVok9S$~Ib9H+Yd
z!LMfz8oFB4cOR>WY-kW(Tz`ip&0aQ?h5S%eZfyeQ#DMDQJX&i74GqkO5_j*@iP|OP
z+H8+HDi|5BpDIcetrn{~Us?1mb4||cybW>=X{_!WxTHJ%viIaDS6zSTWZ<dzy*5h9
zEOyXRJVVvcmRkKp+>xdb%BBYIsAJ~I@l)3ya5nESK5_Q^7hHQv#%FSh@%j}?94U!m
zbmuAVnEPDq@7=X|(0X#eiQxFlI|?3d&$1uSIzgxZc^AJ4oN1ka>J8d|?5+M@a6h7R
z;4MF+SNGxA@9u$%UnE&qi<*ZoR?Blvipk;nusQWsh*4@0<9NSopN|lm!P+*Vb47Km
zC#NRjEDc{A=uY-wV&TadfAdzQWe9UHV`)OyhU5N?c~kdYZQqZ$9v?8z3@c*sdK*8%
zvf)&RBX`OkOvi?JIsYGZy@HYMl*goPa`bfklRcODZ#}Sjt*W10cp$d4o1a0m>?w;&
z*uF}-qT#a%d3G7&C2zQoeJ%Hh_;AnIm*>qI)gP(3H!jlLS9Lis%%J@-B(zEN>SWrr
z?UR*f7VQqsR*J;1UuHJkj<c4+yzv#vxb1e1{C+rBW%5lN%@W)4R?+0t*9tCKT&KwL
zSLBAC(CZhg-n@~GV%-4^7jsU@=UuW|d|S@Re`8Brn`*AKG;3w<&3r~m*CvY7!~I@-
z1$Xc6I*}92RoFg87AC4MlogbII)=mEA!1#~uoXAgwfJ51_ai@smM<H5(-U!(>Cs&Y
zGa&{tlSgsFIs7lF66Kt7RW7g0u)7;{({rPhqeVclpzhHti`}aE3=fsDoXZ=3)P2sL
zT1GJ1>fCj@G-)A<U2R&cdc86tq&l}O?+Dk+o={<9)M#8K{%n9dZ^?J_Qw&OpnRc6-
z$wb~z3RApoP{c|Xwx}I-YUQzG8Cd7oe^yG7%~e<GA+MQl-TCTe_M9tSpPl6nu}Xfu
zV;Py?XO*DO!IjQul(x&iGpI~X?tI$MT;Ar6+hQqZT(wxO=Ed~_hvBE%KJ}r;o_;A)
zIOkrRTNlYHb=#RctKYl*%7xym8RScCyn{VANW7w^eCCtL!9YV1A!BgOge&;DSJ9GI
zYnA6)8p~Vh>a*Lsx|(;Y7w_A(in>p2vrxmqZi@%Y*DH+;?Hi08zcgNwZ{#^Vq^Rhn
zD%z)6OMgt=Bl9iW82xTmkI+|&@lUt77qWUqbL!Av+^1w?6MKHGzDsY6{nh;L+{gTd
zE)rV)bSgb7GYrYCTWU&|>hx^Y!Sb1$zRXS4s=A(IGR%}Cz}J4nigvr%R4n~Ao;<If
z*m9j1*Th4^YTV=L!iirzdtbjZJ<=eW@V0uO>Fd}2yP<c}zC6$$UZ$t8BRqf!$4Q@S
z>izw6hNbaK#f*-Ky8=z-=WnYGUNUVyIqX(&@B%$gUu^6b(L#5sT2I?}sV!SS^$S{`
zmy0w0dSK#x+pMlxtS=%g3aLOp^h?xAu;Z_;`LpPMMCBsPi}p1X8@4-cb6&M2nC1K#
zmk0iO`GJ~ymU+;anOoT_g=mL<t17My4#hpr%9AMEz!&`B=B{;Obfzt9L(aF{5?rM8
z%8zF(_c;ATGi7*|V!m$S=N9Fbk(R=-&W0A5RV~XzpQpF|NdLIM!!px~ee@<d|J3M@
zo-Ueu5BOsl8KzpZ4w)EjGwIsZ{77U;S)0?6ys#b0jbySXQleW*WbD@XHJo&zPKeQt
z87UhG;yr3Wv!;CO(v>kjJh9)uDC_fens^qCo>)^Se~E+p7Ww53N5`M1yYOFKCXKCW
z*Ikm*X1~T)<%}bL+KXJSqkiO$+Y>Xt_W3P+y4b(8Q1FnC*XcpKE7ZaT1~CqwJ{yaY
z?Qa%1zJF&{SAp{)H({FQ0?E6FFTWV*$>&zu>{fd71>M!L<_na9CUs*9A7x4$m{V7W
zkL~czQr@i0<;_&n8d)0GeBonHKLh&&O=(QQhulkoPqSaN22K?OY-lKu?Qj^0xqG>m
z=E7#0wRAu3m_;XI?_O3YGt9dqcI(;Z8+AKa*LBHKcX`!c8=?H95-)JqbT>w;Ks)90
zF^jvV&)!@PNXcd1&2F$XUtqoX@Y_#6tm}ok_juLW2#-Cps-v@Pm9p&HZKir+pTH3_
zd#mzwap9T|4=ZxrH}qYcUY}@T?R+v`Lp6e{2wQtK#&QSy6w6Wzx-14op}s?t7eX1T
z?wWgt_Xt`DXQT}^MygW;ht#ine@Z2qlDR5M=gsq43f}AH=hXyR%zABDg-behKR(&0
zzB(sSCeHp`rlNanF59QhW%5qysgHI=1?E^isHogz_Mxx0Pa3NuzAQRIGR5<d;-H23
zz&;w+aeJGHZ5v+g(xKQw)^5%JZjt)!WT7ME;im*6tUR(pnUj-K1cOQ=lN}42jBZ8l
z{i?7dBPu9E&}2n*J%-YR0&7rVO+%|(y|X}%oBR3kLYvTFpUzLGECcisqF0E&&0?Yu
zyn0<I@Fqpv#<ZYM4!e3j3Fg1l6ioKg?eKiaeeYo`wN%-6$Fd61pa{`79=nteiX6YN
zVR?#;VJ+i@+Y=Hu#$LO!JQfo<E0@yX{Fs94u+L+E^~OYn>y8@clH-)BP!SX_%}qO0
z!QuRD&!Oircb+|T9l$*v`r3X(Z|~9r$~V6`wx;jTDs*Es<!t-R-cBo-M#s0kMXCDb
zbMvPku2s2xveA(B5c>RKO#a8U_??Mv!(I-$qElvWmmMYo+e3T>C0r-AZWsO%&=+2s
zbV<!q%yF@BDo>cvlkV6LA65?NvCvo4TuLm8i#rqqTPll{P9L=qKA^`q9g&z>81SV2
z`XHmscuJUhr_*VtcNJq=DJOIotIoZ+w>MrkQeow%=hTkLAq9CG-j%vVF7<h*Z9t>C
zN;sRFTSz?5@X_7u^WT(4`Zx3!Out>*_0V8q@ioCENp;-=!>$`jpRvLAio9;m{;`u&
zj$^CP<rfBz+(7|IA*a}8EiOW=LE=p3(Vz8~sb|OR2U3@v{U}22$8M)-Y`=Juytc55
zzbB8`x!g5sNs<~~V<US)L$}>mxy7!~=0eTz_Qku9k><Bj?gK7y3P&7_d=J@*dU`Z1
z%3z42*>&>e*v_%^A99OZ^j8SjS@Bgcs_8Zg$N4&rx!)csi416xd=4i_3+pv=N9-!y
z{V`J%je~cY?oL?TO-z4(U1+eS@uPY1NbS4NB1Z=ToPD!{(vn`}v^V>$%@f7)^?fc0
zwQKdVtw?>hI7V(itzb;8Y5akYO)2(|S<VQSw{qx~o;(x&w)||fZCks^-U45-&u2Wt
z)mYXHU1pGwdZU}IayTnMj)_q&s|&ZiyG}As_dD4wI*&bv3(xAAbtKAWJ|FF~T_vk~
z;;H2j!*pyPCFgdT!qHHL5P?*cA)Cy+ucLwj9^3<To0{yl98@DSi7hB?4U86A(JZ-%
zH!x*b!Yt#p%BDLm_sOW@vtzMN<^jIRVnf`5+|CXPwszeea=QyA@8?W1DFt45E}ZkK
zny2Dc2lv&@F#<K-oDbn*i^_;QnG80IX!}mDVZ8rB@hh9XMof0IM97(!B@KJI*EIz*
z)R7;)Y`~n;-b$+}bonGp(u!)o4_6OU3Xf}fOsG716U!pE<CRnPuANxNC#g;1J4Nb0
zro@<a+QmmjUz4!yR%A4Mwq}P+ac<9NLs99z%6t6O9yYgBDF)9{wKku&O_1?95^873
ztsA<7<)CBy0m{W?j><_(n7!Z&AWC$*2btBVZCaM!rdBMM;eS{7E_RJiCDz%8cIc9g
z-%0(D1PPpD6=RGexnSfH_@JbX@HA(iPS4AxOPjy76}4UTE!mVGwZr_Y%VYt2`>3e!
zLoQmwHeZ&*)mQu5+*iMsWt2F=Yc!@%^dYqLJ8ig&f#a34(XAh;m-uV2(q(h4W3!;J
z^gg${Qx}U%kB&0pO)ZzZ#i@1od;b}&M=gi$PVz-!OE8riY}>M0O~|?9seR9JuaHsR
z8UJxdL;znG`@uZUz|V#H6XID^9ko0!FSeBPF!vm9UfXlDgj}LB#GC((boXesv214A
zhl9&PmM}Bxu&?)}zLBq@pWbgttu&EzRI}!(hJ&2_E4BR=r;R>{MR_0F7SxeWS(Bxm
zFuljgMr|>lTtn`lWsOxCQ~a|#0%wZiOb!YZiOU4-qhV!eK3Frkxb=z-_x6vHdaJ%C
zS@fRkUQzX8t>+%{w-%%2PbwS9c}<t6nJ!;<W#4flF2=7H_c}7OuKD0vWE6SuX6o`s
zo|z{%XUo?NTMSh*JYnnDoA{(+v-+});VNUIE+NtUuif2mu5C}wp?6G(@-eBRwxX$8
z<*2?&HJx6LW#hBkH1dybJV;Wr#hN%Vw`b|y#-`)^jvI}5IP11OdZTSDLv`a(N)+~u
zCmC&2(o3opl9YC?_eU>nS`_wrV_@~WDe9I@8piVLg16?UUMe-IW$HR!`Z7{Jk-hvm
z>prP14%;NBv>Dm8PqNC5GFq*pR@k!gLU_A#SYVJ?1&jQdUE(6~iYZ+~EP3a62RYqJ
zM&c9qFQ(t}a(cRy;>KRiTWKYCE+$kxS===8bjR|#SA0KYA8Ykob^hXZ-9<tC$e8#A
z+RgC|>~hdxLXXrxJC`M#c}SbRUv8aL4PR`qQ_p>wn9Om3wfpwxlvO`z8~C=(HD(pH
z-IngQ&JXXXl{5NV+@DEL#C-km&4%J!q)ZB#UEu5X)VDR8WYaf(u5qqizBM2#X!((D
z3Q<+#!VVo>H~$@vzo{x!O|<UM^(hvJbuaQ?DQR5L>`rU4l)l~X!(kiAI>&2qvch%(
z>mJ#Ds4Khe(mQ>nqa!8l@Y6vd<%?Q(wpj<%-(zAc8|>r5o^Nfu7MoC{ZL!!(UdVO5
zTdZknU|8s_EmusZcj+>zGK#f2-(iTfm3b^?S5N+Wlt1_N<PK`1GiJVFoi5^;Y6k3U
zCydNak1f)5J2653oj;kTN`tvaGwhJe1&Uk3&rCZ;chL?VFyC<UV%X8U-i{4#9p%Yw
z1AOQwHoqNb9tvu>ePAT-M`7$vcXuV>rH<03LE8-vZ}7Qw(kk(hMZ(vY;oGAECWX?9
z#kY+yr8)ad3snlg2uQy5JhN)uw^Ncq635KLaviUSPGwMV6t)@^u}zbq#}}qR7Tt%C
z%d$avA9YcS+h3E+`lIh1+u;bHU$G=ErAjF?=8036hg`mSn3ErE1OH;{m#G1nl!sJv
zb<I^;i~BRI);+5D;BVggE%;R7{ieyB`|qnidTE!Rf9jj1!IcVIS5lc*DqNL{exj-~
z`TSt_<d681AJ^r*N!7peqin3caWuY-l3YyF;f1l)Xt(W|sWq0)Cr*ZQ_T8Zk$W>a(
zkt=sIp5jV>{KeYFPP0dqCn~8N4D*j>8}*luY@aeq@I6Ek>@_f{Bi4Q8DZ}=<tPPSq
z@6Rc8zfKuDl;rGq!m+(AjM*df_OM#<($NG>>AEt^y{Sr?b62BxoeRq-E)pjbdO;;h
zeNo2N-so!YZQi=UCy!c;yjrx?#5j7K<j?v@nQK;DDj4oG+iTDezqqd^zt?uJePSt<
zY>K#-h{Di&g;ng=sxM22X?5v74n8AfY%qD8ORc#{|4zcwCmr0&Iodk;kJgeMkhGCp
z{;K)Dbn0!RU91xkIs?T!+9HKrOe$*YdJ4+9Zq_~Yx7sRVOx2LmlqsO!+~iR~wOsku
z=cp>5?1~h+Xtozk=QD~=b6?sL`<7*W{PV2x%c@mN`k$;REia4Rvg`vDm#D4_S==dk
zOu`12$-oHS6#>SvTOX<kgb(@foR5$w_ojBjB_;)~SoSP7i*f~DvI~5YEkau$Yl)Ug
z=ZTl0s=oHu4adrxPcX5^Y*XrVr4eh9;cyo|bCK4_Whn~>_Dd2|jy7e!)F}ORXR6!f
zji>z2_3LfZ7~EOHp^6>bSsv&;u~k=X{}qAS!PUM_<(s3+g7uc~mR_QJ{;_PbPQ<bN
z@<jpC`|MBJxR)H-LT^>xcV*32+s%PXjvEL(Dg4%ZnWC;TDnGhMr66%a_t@6G?wPiC
zH}vc{KpBa>%ag8``$I!y!iT4R4O{AWn!wPj``_6Is*}S<IOO{HLKm^_r=&h|jA7fx
z<8Z2IR65P_&d!4jOS`f6n$u64SeM><3InRNC8yiB$;~fgWA2&fkZ-p-^{zK?;`%dF
zE5=n(Ip4#^N1E$`1nx_4^Ct9s39qZQ&=0hw%g>^GE<3r=dT(T7;HPk}`beEoGZ~XT
z2Gi*gxAfMxZHZa&vN!G8^%IKrT7CH^Z$!LsbqPx{r?C(^dqXAiNXp92aVAxaG1YqG
zv=Dh~+?_k_m)cJ)qjkFT+$A{oSamPA@ZOB7J}H5$j-n~c)f#2aE!5knK9!Hfmg7zz
zrn9Kon{}kjJ|@#rM@XM{$>29Cm12wB?(VO>!(VP@H+g39J>B@>Hs6gOKG&~vuK2b)
z#b?N__3=~Pq36nJ!=FN(D*G(-*>(u+5;d_-7hJjG;q6xJ5uA1QVRa?{+S_niHfVWC
zNZzJ#u1OJEd1l*Pk8CT-9=Lt<|1n~`mC0qqb7U`%{_z66wd8VSF0RGvzwXxCA3Xe3
zHI(}*`zbCa;fNC&;nV`gZ<EI}_B2ep?sIoK-)!X0T3MeIYyIh~-ER8&?)KxFd)hk$
zV~y@$%pUPvdphX0x%;%nZZ4CmHwkpvt9d)g1?nG~@tZJ5D!!3lGOB-WTy1nm|BfG~
zXU?$6IT_~2d2JJIFa6Rj{yO)h4&#mc?C(N)Uk<)E!!>Ll&C?&mF<jqvVql7X|D{hl
z$3%(>lOJ^MsjSBq6n~kvoSwB|kGhiYlN#*g9)nsw>VlA;F%QYA>yI8oRy9w$h*6pv
zd{^4WOG)LF){&?rz~+6QDl^aJ03~l6?`FodkZ_}uKi-ApawKQHE!S`FdYGl^T6Mpp
ze=7LPgP88nrzJ-c>J@%$8BcyH&MC@d;qjtqwO3z}`(Ur_yK6$n8}|21It_ny8mg_|
z?Ra8q#ptQ5^kT0Ky0O_V!a@GYh8v^}bM%fZF4$+hYU{c7Q7flPKL5j3<*8O|m3}dl
zd(P`ueI1LpepUA@mM5rV^m476u@V!f=ta#-m3jPM^xtx9lhHU9R8$C`Y+lPt{YtEQ
z1TF{R+t+iA{6W41JF}K%hugagy%dI-(Lx#NZgi9G+cWk(uX%BHN=jB=hs%ie*!InI
z?aIEqn~qUDuW2(Y5j(khsGX{D&|4*7%R1iv#yTrQoYDdHq)K~n4naPd>NugKt5eM?
zoAPo`*1a%c`FfgbjWoNcP<Bvyc+5@*2WGv*f_TT>EEDT@mLE$SFi!C4Wo{l==R7=d
z$w1`EQu0X2;g;PSE0f9JUa+KP+Ow7KW603Q7wfNWFU08X2@ZZ-`n7OuwYX!*Yx9-t
z>!ZZ&{do2~-(0-XD%fw?SQ8J=JE<J!i5^1*2A<kOMLUPLE%B_T@WX7R(_32pnXO`d
zPS8hcrJPqcWL?Lp7{@sSmc5X8zj`nr`(xB?!}FoLHFonFN7v*V?NzvH*Jnd+#po0u
zU{KGO{ep~oNsSN3u|gW%)t5^7yCfIge<~eH*=QkA!x-$n25#<<+%0yD+jnQ8{7zld
zMSGp2c9t-<p6BEJ`XM32SX-y3BAs^0I;Cc73ch%ajLyp%&%~WRF=4qMZoAD$;cFDf
zckkRGy701__dZoDQ#2TFVwzZczA%{4ErQ0QjMG}-?7pkqM$NBiJIbRE3%Syk=_qt3
z^Av<HZH||Ygqt-kJ1yF5)x};@Q1DRg;;M)No{udpCRg=U-s$*>9Y0<9fIqL4O#RYh
zk6OF_sWS<cKF1AXC1j)IpYJa1d%MW5(C&h*fBvo&!mV-RV?HwK<&To3{PM4@&aOS&
zj8ie#-@_NWwXo&0j@_HnK1pqNPMWs9*H|t8<5~FG!cSS1ZDwu3tt<Jc<DFl;2tD4L
zk$3HeL$AuwTiGjhUQ3B9=hp0$d{|+esv!IHv%c4QKa28Hx=8|?VsS}<=co@}OHSgw
zAW8G&@{c10E6W)g67;_Ct15`T)+Rf=pD)y;dGAU;A=!-&Uwm&rQn}SW=+rybx|0+#
zdnBDNU;;nC-xjki<NH20OV7IxZ!M#@wk}S-<sbY`d-+E$-hzZRw?rH1w5O{gGW4w5
zGS_LwRAB?hHCL;j*f1P;GBNp8UT$MT$c8H6PcKu-KPvNlOlQhHsd0uXyL3sP<-xQ&
z35vXOC1(y*`R5G2N%^w)*5{^irnEO-TZhC{(po)w%_@@=*ZFM<8e~_^jkC!7qShxG
z8F+|-|Kj$#p{(VdM<cf%TRll{ZYh8B@#e+t$F;oA+O<$yJln3O!a4jQX{Z{B!a_nj
zL`~PHD}||DxJ{=RWxD=F-sYI$;<7|0Q_=V2QdjQOpL`iKx#aOgW7lZlqN6Puecs${
z0$mj~SA0`hZ7uJ#u4w+EnlB|bIKo#_`i@?OO!wCA3?F;-EmmRcFAnRix;=fHT1-T-
z$k?W@Vl0WpF4wZ6{z#7Jo+8b=*CJ1xFSCjkxjeMhmOLockcy(SF2?hvs<TGdb#CRy
z;fu>2o;{iuY#@jkxi<XC(>x@hvd^3S$8$DI;py#$PqVkY*iN(k!IWSX)>9$r<+tH|
z<0~y1zweu_BrjGwx9#Qek>Jq>4Da2(kB;6Oj?D{9fBJ2Da(U|P_*>uDF1!XlXh{a2
z{6O6|;r6p~s;vXDmvQF438&B^+O!TsOBObnTq@_L&RbVGMGa-ou_%mv>vyH&e%$az
zG1l!%F6M#srsdx~yGtGE>fQINZd&7D?W0&r7xeM@qBisE93d@n>rXr=5SbV|RoG7@
zQI)-idz>OAwX2UUS7?uQUVme-dRXdCErqpyO=;%u<L$gwtQfU-JWwU8H7IwDe*J@F
z#rJm)1O)}X%`4XXUK+*Kr<PQiy>r`P7JG~4k_eh;=l)!*QZ}}5U;AX)@i6ywmp?up
z3G0`0vf?PlRXn7&t8>2CdRw(z<+_aD?YhZV_X{|xhN4O=!zATX_w6aWwPJIal|xjv
z&ks)i^(jxqD&3hktz*9LB4LrbZ-gQ>>WF#o;eb7#qu<-{HzeMt5j61Ge~4pLb*(9-
zi07lEvrz||jC!{f=1v#9w%B6e!*~Z9Oe=Dyz|WLCS>c>NCeY7A;R5Xw8<*9JCd$HQ
zr>ePYR`-N^EL(k^=3-RP^$4kP>XuQV5aGk`X%dt;x>!Aw+055pz9KL1SmF8$`PL<2
zqfO<NPZ;R#k0kT&z!-^Ce9MwKTmNZO-tI65$x)H;0{Sv{g{>V;^v2qou;T|<L#C3n
zCls4puSKQa{?fOHjQ<@u&L~5!)b7MMo2%+W?9K4DI2YLFoqN@g_fj9-EjD#C+RHDO
ztJW>MPd<2q!p+;0Nri6xw^yeV^j(`A53FkoYTKnHoKYU%?ET|ofSMw;q-BWLm;6n6
z4Noe?4XB3C9C}b`yiOzHEtlcz$kPvAUd*gF$=v(6&v*@=ve9dcMYgr6hjuP^qo>b0
zKeW5eAbR(my@@ZKYuHl7mtEQ$TlT4P=QPi%%W`_@j&)w&d!Nu=INo7XxW|CO+IU!9
zqMt0_Y38$nPEmSpH}WXnCT?n@l%q>72EMedF&}19%67eF(tB#jDb_(qYm$9mo?iWi
zZ2H_mzKtI!qI?agV%g;Q5BFe{8JLZGWclwlEecx4(?@ZrL`mJ@*<xBBDmn&wKen~I
z&iT?ue$}D%TyC%PBKJzOB>CF>cYW;1cC?q5hFquAy}&<QY2@vJT_$mDlVR&4-iFJ2
zYmzV=mu}wHrePHR8WH1z74PNY+^y7bJZ81kDucQ<zQqRuc%5&4+uTJ_(#UNu=BC5f
z`AUubSyHuV={om{&4Q6p=1gSR{Wo2w==vqX?@((MIjG_!MNV^wq}@Fg7I5EfPk%_u
z$@9*Gdo|kg<KWBnm8&Ye-%frCyuR5y(?KWxxNNn@k}7+${)2}<=bOl_wpe#-^$s82
zY}$ZTYv~SPe$bzAIUZj$a9ST`V7NLgoj=v6pj}A#g{}H^!4I`oy{6hBEg|wmtxs+B
z^HmJbRw?qamn1$9J8QZ(kXHRp>Jjb}+|}cEf<`k}X!Wq}Os@=;+xa?5y(9TV>*E4N
zql2rh_O6@Or+tXSO?i4P=H$TUYMqqa6zO->V0s(>n&lOk0}3IsCzK!i)|s?eNOIEC
zSCf-dH}7@GIY*WEy@RQM!`sZMZuA}prN+DI-0q5_U(0R=pN}B>Y#G8_|0G5wUt*{z
zk(HX7=?G25QTv=T>W=%o*M*w~Q4RD-@ZbK%93b$St}+BuT=LvokUql33CCD?%y{os
zA2NrS7^a7Vj?=7fqG?umF?3PB(ORup_Fc_Esb57lE4?+nnkQL6gw;c}@6!t9L;kH#
z*<UX8%qltB(fYa5vu`Da{>bR4Ml;hlzOi+uWYR*Sw|~uA&#*JIuEE`+&|H$CwoZB9
z$7trO0b3UdzT~IH?l#-`u2)z%yb4F&wuXf~Ug_xe*K4=znpE;(KX0to$9cr0ea8nK
zKINpIAhrC=SEp`mR@szo{zzr)RPXlyk%YH*X*1NzgB;>$t}i!Y;@q`TYr?YTMw0$f
zoy84#ji1`H<eOjr&`1<6p`d+LCv)!0`6};2)aEP^y(=s~X|OTJsN|epcI9$H`K{02
z7Io+7zM`+7e4vuFYVa#VxmL~8IW4g*Ps$C}lAjIIisH(w&0*k8qTt!8-tefR@tG}I
z{DY464Ou(iQ5r4MuI#av-xyIh=zz7(eReQg&gb)S-f1&h@qQzNzDq*ScE1YCsJ!|i
zy-hGHi<-G<lUrET(RYX5x*d*d(pGe6^Lo~J{&M4etcr4`%SnFhP5zZ<k`qdT&sALA
ze7o4I;6%q0`VcIGpS>|(^{bs~T;l>w8%kD5GAnHE31kX%JV`Dw;m*33p`%2hImRlv
z%J0p<Vv(1*OiCN_*AARZk!SC)xo42gZogw9P1sIwSvhOob`R>qy%dxYRf@7-7{A92
zG}49W)Rd0tk6xxVrbyl}yn3QA+NM>Y?Tb*?Zh<hpV}g5aiwDxYzHLxkXCd-qF?{;l
zEbEm17S{gq;A=WDol-Tf9Q>PyGHlLft$eKVq(HBKJYwSWr^p*F?~7cb&o^05W;0@{
z#k6HY4m>`yKIOyo{rWqGqwPV@uJ)X~SE>I<U^-!CxPE6~*3sv=+%^|1$VS3Oxb}JQ
zdoG`P@bSmZ_Zr{E9r&NJjE7;?7IbLJpP0x~Dh=J_>e|_vx7FM7NKk&bKhKHc<0p
zNfn-`*h(Ma{RVe4TSPr%vZpC{K7Q7V%S_>?VWzn@cI24Otsnl4??1M3>$y{W*I(KE
z#B|lmByawe{4X4jx!!%Ws!p_lHz36KKKCj~;Z8rJI|n2N)bIJjSAburFYd8nIySx8
zWU?ai{+b|WF{v}thie+VTyw?p$}ePp?ycT0Ud?*KhM6%wCZs+-=HO!~Ex}z)Z4D;L
zxAISV_u32yt0^raV<d-zR`AP_8QS^tUw;1&H3n)}KYuGQpCyognYnRzsu}}ZbN)QK
z1ak)-9aEJt{0jf4N3f|2S;77DOY-J{f1P<$MM70URz_2cPepdNgzSveGA$^W1py2#
zK^0`qNKjUgl2O%^;d63x`cDD|6E^GhVS(rO4|)Ap%ovOX)&=XfozOE#=Je}_JTp4;
zj3ds$#R}&{@L6Qm``@#hU>*Ax@6WRqj&=l}M>eGV_q-O~=PewatOyE$isN5G&do2x
z$kqY(m!u^>&DTDWH{t~QW6px@g#QSFe<pdCEg(tC*2dV}$=uckYX#f(G@b42Y~em?
zBP*<<<A3)41(D;bPvV5DMAP9L!dp;~fVKE+_EYDduL}?pb5s0Mtw$}?-ovYh!kud(
zD5)bHgrzFj7~|Y<#)q(0&Nvx2I|rPjBj|yjVkD7aP5~Rx_CwDQLQ%GHEkJR?IbdN^
z<9~!rJMc5|x3MP-fP5zCm4ElgByS&XQW^LOX?8DLSAwnlp%r$cw5a4GjzE;LFt1K!
zWrO&Y(0Sp_XMPae1PEi4ZEfwqjqty{yXDK%-5~4`h}}LT6me2+L88QJI$@oh9q|kA
zH+<Yg0j6O9)1ci*587gGhyKqwf4}o@*Wa{*5M}I1hro9D2%6oRU!Q3FqeYT;9&|h6
zDYJE$8w8<8{r({VZKu?{(&5UPIpN@e<$-&&;E99Kr@%30eo5Z2hityrL<A|@8ey$)
z1fzh{QJr(O(1J*xMSFRL+`_WWJzx#l)&>HC6V7c;oLR^WT?+FOU<be)GtlH{=zj*~
z<=}O>W{iM1+y+I0f;4cB&Q^2Y?pGANzQI=B80w|U(94nW@y{>GTV06=p$gWpg8*-M
zWu5qOG7;WX0t}08v?(<r1QTqu)?s$`FnH5K_(MJ|`sbJA-KRlNwx+tWj2q6#8EG^;
z9ebe$d#X9FbSEp9ISux5&8maQCl;x|4Cp9LrA1iKtgYvNeROg5D7G(cf~pWq%nvme
zIHNxEOY){ZNHRlh78muU!`b9-X%f0l5T35Uxp;KX*?yE%GJY3Izrm_~6EqrvKXfyH
zHy}vR{J9NV7Pes%upIOLLf?&$V5HE(I67lDq&xLvNszAM{<HVnI1x0~r1`0qC15Nr
zFc!Ku*qRX!n{B4K{`x0VMm7|EmMF8uU~C;s|8mT^PeAzp{X?GU{QU&h4r^rgcVag8
zK}ehadXUcU7wY$ePQT7fpvV!k5@U3ZxF5d&M<=X}G1kHOFG;@wSNw%&j%Y}M*dchK
zM|JlFBpt#z;LEJ$Y6uD2Um6~D#H-=V3&H^4fc@(==gRvp%S22aO_V%GJFJu0Us8W5
zzjeH(mJ|H8e>Dap_U9$xpGn^DNsua`DW#xrOv()Fpy}j*!&=XFuV1Wz;2bmh<?y9c
zRv3CvEQ3?TSmc)mzgP#QY>ja;no<iwC9kr)dkA4u9zvTa3i|pY2~a~vTPtTLoEq2=
zzjC_GWl`1OMbh9!;wVmk2nie~CkJyw1mu7-HaCL&8b3|2+~f8}hyu>bFqpk4+NucR
zX=+#pN0=cP;p~uM3_pod-z<F$2sp4IB)K!cB=7K8Qb_aJO(K)7r30iYgM9Q1?OhxR
z@(G)3eI}bUH#811|3^CkQ#|ny4V)DuX)XkufSs><<Q+7NEdA_xNMr)>98JW_WX-K$
zf`z|LZhmp)5(Rth0+l3YS_J8|)oCPRe!76eCPhUltd-R~QwXxX#j>BFijgWfTPvgV
zf5PF{DrzxY_6-_ILJyKeX_fl$pD-|-A~Drz9<@a1?l^9P`N~tsIb=}0>GFT#Y1vxh
zY*er|Skw6$F1xGfBn<?jA;=ccd0bEniAX$2=dUO$A6b0b82lUyc^taK_O+3~aKhQ)
zZ>HFiT@3NyeBYs|z#(RSN#0kxh?oD<R`>z;M?Q}hgAc^QL}Jg3c*MJddq@PRm^#Qf
zIM~kVMsr8h%`+fmM7{onFv!H&#s~?Sj&sJ-%!f+aAHnh+4A4DiWFjx$N3=}YKhkI0
z2ZITpmHDvGAduJIGD`Tht*|!e6mE7Rg|>nzG2&(w@P7H=uC|`3Zt#zz;OFR|o=&t(
z2^-@BaB>#wG`IPd{Io-;M*0<`G@A_0j!s>=e-L4ZpD!-qVD4mQjdL<LBFv({{HC=C
zn)NG$L9{|kr-)}cVBIyHO-#()W;g6Fg(!B5ntuR=#6cmcnTADthjsCypXv9koOmW<
z{MoQS6_UhZZ4_)wY=74P)f{ZWhEDGIfvJ`bbb-*zxS*(l?rBEUqyp!Sdx*=P6QI1>
z2%0Sd&CuzJ0wbxQ`Bg&d<tDOMyRQRDVNSYtf|+QNxeeCAov=etyzYn<gdn92379mh
ztxl}|H_m@`RQ!##jWfu52lOc(upv5!p=TwUXlrW)4x((1)Nb*VTYiQY<!H7Mh+YqQ
zXGgHhY{YV;Y;g`oNPNVv%5l#ZRLemP3-CP=l<__Y5|4m_5zg&r-4;JZEOq~q2uQ}3
z!juCYiWNkNr_7r|Ahx=m#C(qe6!{9F0o^7$#EC^no4c4B;|P0OgtSiOOPHmx!d^sl
z_z9FImLsDq;{q!J^T*T7hL(L6;9&IN)@aCGbrK-+PbUzI-79{Q`2!#m0NIUddM7QS
zA=Y+I3v|yn{;xCTp<(o)(2K@Y9wr)N<81wFi9-d8Cl^Ar*%NbVvH+ruE}+nH4W~;q
z#@-ogWxkL?o;iXk=|I{vC$72alSFbP>}kgj?E3l&v{?q;hVC@S4T$Ct_Ol6Uwm}t8
zB?R06odhSsBonDJEj-LE6f7ko)a4(5sa&9Aq8moalyn9ZHOy`BEZ!h4aMbUT2I2zB
zKodtfw6-O&Bv~t4m{{7Fs@a;`I1voaYK%O+WDwJ)Af};n9(!w|X}{A;1sfMw)xbaV
zM>NCkT@u~{ZBznD9J;Jo>qIO|4yr*g)@YewZ3z3Fow7LXG{8OqOb%s6Mz?=~ImjU0
zY5`}bXI?gD56~uX_<bm-+i_x{$hw8Ok-5_WLkpadlOw)0P{f#qw=d-*sCRQv(q8|H
z62L$1?Hp=#cEXEV;r*{DLHsDEjUz2CfNGng)%!F5irR@ECCaI@(-crOb5NOn|BBj$
zA4S&c>T3n4mvc}K=l&HXgdf$`>DOQmsLDC0-2wlK62^}b9<S7Ng&>s!Jq+#alR^KA
z62Xs3j%T7b0Idq=XjL2fuc+PlQ5_cbw6YKoWf*5qVa`YVBMLugdmT1`8uVEN8HEHY
zR&d7=4T8m8s0|U5@$GsPQ=0?BipZStJ|uxe9Kiu)D6A+K*&w3|HWWvx6?ctTj-n<k
zj$s|lv4&PSSRuBxa=};sLZaYar6jQ~aEv_gLG-X}n@TKA8Md=5Jf8S3;r%cPq&6T)
zqx8CcgJcp>gNZeZj5KnUQ#m*Zx-LeSK{S!j#H_L=n;t1HGjPl<>{(<I4X`!ETbx81
zhsV2I`W?93BX9?F&U`7KSotdEHqHwSx<PSEY+J!bsdLJEHTQ_d*cv-qEd)CIke<C2
z^mz{Ypq-7PglG_KcQCiJT41*EIc(hHBsBeZnAD&%TCq}MNvc@u-&?lu$DfeBwW)=m
z%`VUe9lq%+h-TQr2LcvOi`>=MZ8QUQgy&2Iw^WgUBAoEW-u3l11AX)n5UPWAJ|-IC
zY-L3-x-m4JI)KC*Er<f>hDod;7IMIWup&#&WNvE#MJk|S(8Y}AXT&np7IbEsXI1sC
z(D?%(@kcxJiswXA9L(V!LRi51ovY$^G#+Z2(nhe^bFdk@rqT9>c#`eUvLm5t=LKpp
z_Xe;VC3qQnD#OrBEa%sX9I{7q{x(8t-0}nOPJM%z^M!7<PBPGR#7#Mok<Hn`2<OOW
z_p7LCjzjGPML1{4!}F}bZWbJ~JL$y^k~zmLu=AjhXk9@az4kt+v~o^`<IpE!QNQN3
z1ba|fksf0wV5A^gqg%<WpIFR6q?}5`$gq4(Z!nb2FdE=}=m98gh$Pnh&VX2M;K@GK
zB2dX1N*q$C$Rj@dPnd;@5gGai)HFb^6wnJD>W=*&7WlKyNvJzjo3&ULf;PyyFgid`
zO%e|woW#vte}WqE?;o=Mv~G%6k{z=1zyY;-hBQrz)pYtEP+%We3f(lOq>7eNUTA3>
z0bcWCRr<IQzI>rKd-_0*AtN#{{MO|U5PwuHneP5k4Ux_bc1cP9u^Id`$y;XAKY|D>
zZzHNjK4|dY%myo+;<GC%_FMmvNO*x8fl@2dT@Zj_Dgl;7Bv5KjD3S>M*?a^xryw}~
z&Ytr|(2bQ?X8TJZ1QFum`tRn`G)LAG2yJ0PfVDpEGB7W~AUmqjgT4AO5`puqfFqPM
zBGx|03U~?xU1+_TUy`>X_FpLTFM}hr8S(HhJTw1+^k-8jxDaPVC!8aCw>2U-m*@Pq
z3*ZcAR?p79GD#DRENbF8TYxZ1MBnHYLxUijgV7n@MO%_y9%0N=P-`yR-?kAV(qmwt
zLu(?G^hhw!PlgN}E17Red$8JU-5S_Cl*vB3<hlVWdL)p3FZCdslc8nshoo0ub~!wP
z=4pk}iTF&rBOximmn4`PY<T&-aUK6IZls|&oQon|p&H)`2`qZ8`F<dYG-T+QU#-l$
zndzIL^O(+wv=<^t0%<xyaop(7W()*4XE}53fVgAEkVprjk0ps{2tJ73Qi516^}N_P
zvd`i4oJ85+U&PB|jllor*%1)0b>!_QP$3d{=wZs|%D<@MVD19-|DXLAi{A?)>ViUd
z01fG2XkuOb|3(xr#7}G*diJarbi6c2N27%Qk!XaUDC@P;@dFT}<`6Rz|3{)RexmY{
zpw6{Gdj)@zGcJkr?cr<xLUcBSMUJ1%h@Ut8x%44oQ>eMlO5E&||2N(|jksJ<9Jd`{
zY~VIhC<PxtnoUBa{N3kf6cm`pPtR7`Y`y}ZC-5hS0;*j9XP^QUgdI$<Mz}d6&)mqu
zJp)A|i&`2HP{&`V7U!hditNi8zk@g^9L@5MOQeYXZ{D-O&H{evE*3_Z7E3|wSC~-)
z@y5OzB&dOhH_xska6|~4e~~boXa3`7Vv|J}3r8k@&GqM)?j5h{_cM?O{D5gUdVM^d
zXqo?266TzDLSB2ZfbkLvNNTy^ozVpt@4Ljl_J4@^ixo>ZT{YH(7RiIKi>@fXdq^^8
zzGB7PmS97*#D(XCQE>d@uQr(5E4Wb79upzW$ky80)`p<aZ7891FBX2q-$Lh{K}N>!
z?H%&9Nf4%FVEjh6=MfSmOJSXi%<yjfML0XxB?KeuzMd4bGc2uo(ln4Vv$b`^%?rx+
zik907p`!=>(D^X?8`411IOqWm^OKAMmmNbAgC$@(t(ita0!K2GC<#S*#Bcs?6j@sb
z890bEbC^};_vRkRkR^<<c6hhiBSzg^tnEDs<g1{o8tM&1oByXb`29i($WFX@=L65J
zpJXFTG78Y7hfwt7cmEUp*KC)lchJyZSD+6Q(P!&tPZNgU|1a-=KaptMZ*6J~@s%DX
zCXy(Pvp<nc`#HsSoc91I(!P~kyf2_WhRFmAA4c&`ej$wqQy;h?;E#j-`Y#B>cCZT)
zch~`I2L<u@Hiu{};}TB<7e545lY^+2_&V_a{u21@F70Dti-Vqqe8f!y^$JuY|H~_=
z!OkhC!?4R5=kVJI`1vX)Xnn(0KzhY7d*=Ig?0?|nhjAP|G3E-5UH}Tqqm-?I(;1|M
z6;)V)lK69GYk^|bflouPXo30?{?MiL>$Id%4>+0O99+!_gy^>yj$Dv{j4Ki*!RQdZ
zf{sL%^B<qaZ_5cP{ZTkWg?R;k=qw_gku(w%{IJ&WKRBCt3KlEaIC*5iKe?ccpoD6+
zWTt;W{pqSdx$`8Fzc%LQf6tv%1TY6Aedw0cWchb6etS-RJmG<CA?SdRD}hpSjFmK&
z2Am*tfIVph<KG>RL`Q9iw>;o1=(5Z@*lJ2jSJ1#&+q%p@l<$wNH>d;q^+B}>?UA)y
zq=7VXgjK5Tra$8g>g<EXJ~U};2Wg~(4psz>m-#S{?LD-U=gQf|$2YKVhZN%-bTXf3
zJHE%{rZgRhQ`^BO#8LjRRGKu#VKW?ZRlz(O%}uR&W@yNisa%$5+U%P*ka2d6+VZk^
z=(iGJDs&fGCP$KBNoN~l0yl9WETxb8*DwO>5L8knXOuv)#wBVbu^>OP#yUwu1#2Fo
z{R$7MVylDuVZv4ns}RyC-iagsz*BX$HpDp)B+4JmaBKq&v*DZudTZ`e97#kK*h~f0
zTY@kOrWAHz2oa7*pF*j()RrXJ&p=BMb(Uv?>|O{G&fq2J;1}mWD#{VJV8gvhyc0qT
zW^{wZLkgvt$O+PMM6_F|;m&MJFl8{95?w?}_8|$VfwOmpg0zf{k*zUo94Bbh?$g>B
zUVsh)6m3-Jvm`+w@DkDcn6u4yzJ}hQ1c%DdxJ3b^;ug4e2kGqb`<`V+fOa}CVL-Q`
zP&BDHEpuy}wyh1}?r=+FcUK(*<6-bqag@_+iz5lR0Bxawter?SZT1~Nh}|d-Zs=bP
z9&rycM05zbMw(#gWmwIh)w1~qF)tg>#w}p8Z7^7(Bl7ArlC<~_MsPN<R7>MJAMmEY
zDbNx5>Mc@vaNHmA()kC@Ut_?l;8Occn8IBJ&qo(|__IkP!jcIrZ{fQu3~9FaFP2Fm
z=cgioh4wy?e3CdsX~lD3@XHTqv&YP{X(9JXqNzLM9NZVOVRe^@t_$d;21Il&`l*s6
z8ce%k-{$;lksp{Gt2P5@CHTHPstXr9AqfN#@js7TNWI*BETi|K$31~rzATC=^MWL*
zmIEvk!YUrJx;t+^_scEM)dn`GL!eThGoTtblEge{XAEi3{J6PwUUd4%*g-VT%^H1U
z8RGWz>6}74A<Ach{m?nR9%+J+H3WjA<&BKiFZB>Ql;${LZx=}_{4TD6$?#9~4kppu
zvw)ub0buBz3v2pF0x6i_WgtrlZv{@@RRXh>g4xiiTf-NU7|0fXRk(3S*?hj;1ZN%z
zQ~NH0t&gA*dK~urMl$LMas$c&`<wVZQx?M^OH3F5(Rqf^(7yo*u8gz#FWP$sW|X@*
zXHQ^QhyM*Xe|#EkpP+sV@hJ!5lOifoOu}hnBIlJzH$s~2r!A4)<#2tH(Vu-9_+7Ht
zJI&S>hRhd`52Lx_OaF~a+_8{-cP{LPSs*5Lj+?GpNfMXv3<K#AJDK9dk3x^@hO{4D
z&o5vm73KIRQQV{mx7f<qIKe4iWZ@0}`4@zK!j?=~1{(D>%oNf6@zmOXrq69l1a(&T
zUT_WAv=`bFz3G&VizF0`ar4F(j_hYu$Z6s0$Pj~aRB^bbfCNYVIi#7ubo+N~{%O&J
z4(5c-`Q5_L16dyN1wEBf_%r<f8(tG@0!4eIYK`Bzo$SwY#30qvnKQ|$7WkjYb8*P<
zcQZT9RR$D22(b>GI+()6y(HNAppC;%2Stu*5hzz94z$-l-ve0@7=-pkZ*^QDK@#(K
z-D$372qk3IF@ZMF45~}B2KE{$k|;mJ95MsJx5$E!>~5{rF@`kAY}@P%ol5rKNV7GX
zn*(i}aZ03wRtkY<p|-;Po%_rcxCJGUT$?C?b5^AhbJX3plRXU0yB@|FbVj8>g4F-E
zWZ<9tA*A|;HfFEEiC7_{LOaqp+?zmzL4LkJp>ztN7+N%RZvb6h00lh(+iXY@<=3L&
zydh80c;_nQs%Zrns|06S11T=XnG(+-kh4h$XIWVQ0NFW<4%~|@NdWv@jht7Ddai28
zYJdp9F!=XAnI!KL8{#1coaY}J-Y{B3m4knMg*HK_x6Ka36aLInXLq$FKR5W4e#?ri
z00tSf1^U3qkTda&KkFp(8q274%oA!Nm}k%;Xk)E#Cmus+96k3+_R<4T<P#VRO`w3?
z9K?1JSgx2?2bqh8ZOcIiZ7>yj-_puc#1rNT<#Xc{*G$hq0-y64q7bv!4Uldv5r@-<
zT{4)VIc{{1c%i?lmh;*s`>I7JBLpa6$YRi;qt%b-7yoaqU|!DaoYc!Z!Twk0EKDh1
zAd&N{);uq%AuEfCA6mN#Xy_Qy6hbuV_u9a`ko#pGyVId*kdh7BrH(}q4I$jYb+9+t
z7(l!@<jm*}t`|iL;@4WhyqXO542;!+1003116_Ekj3W)RK)X<l$Qy-%$&h=}(M8uU
zi9~~D)&A$z%CWI2*dJhu07Dz^9bB15L{LHc<4nzeUX17B=q>Gl;g}PI?_Vbc^Q+cB
zFQy><uIB~7=zuopHX2GN1@ousJ}=1V+u@0`06G95bh`2;gJ=)|%0j_1H;X9B?3z9j
zEcadf(GJ_KF{X1`{0H$up`bZa^2R^x=I&3A=LHN*@n&`WksRXR{dZLzKcd0V22%n7
z>>doc=-A?#M>OJ3(HTEtz+0x|1|X&Zfu4(>hjX<=bPuEjW*30*qbwp=mLtQv)g0fw
zSWGkuUG>Ee+7{;;nE@bC0HKqv<WizRGo{|yjD<WmwSp+d?D{U^xr%|?-C>g|rVw5n
zodER_FBF-K%-gNsw%xIR4FsmS3D9HWUz?!Q4nJH*gX|5@pX0Q9pOAu>XI~d$r{VZu
zf8-+#{*bq$V>$z@NfP0-i1BBNEqIJIw~aTVQaMg2_bh~Q`1>f}T!H90tO;=f@y=ln
z#`=$5hBie~1azprNrKdcW|pU>vcAB^drUe|(CJ|;?3N_L7=Pxk3(PDfvMEO{Ln#Eg
zumU}^OoI!`h~*HNSx(`G?2`eo4;%=c6^1vH03bZGY>CWSgPb0t2MD?+2el9nAvCjO
z@S|Dm1%zC%6FSJbz`ZiW+KF)DIcea194<@4ATwBWKa+1Kp0VJ}a_pEn?_I#~%`p}m
zEDI5<3Za=LpY55klR(G;MbOQ`)kQpk(9AM_Yfvz9l<qqa&_nfTH}QmjoLRPiBnp9V
zX6cbIX@@j1oOPMyMqHnW7P`R9^5mQ6W9%TGd`{??=p~v##LQA)*>h(O@S$TcETD^d
z&R<C6EHHyHJ*ja3xuZH{P7L|_m1xpJGs{&vo`cB#Y-BAF?NVEZh=vgE;Gbj?k0O^_
zCeN9*41FgBvB1o7>o=KYwSXA_2SCqS1jk6jEYL0um?s`azfFdoS?Wv>4I*}CDXsHe
z>lna}fM)3ExOR$Y*upc*4VO}~0s%8T2lITI6wCrM%TK4%ZWsba8!+fLy1R&ym>~Rn
zo=jlQ_p4laY1p{}F`FuY(CLaD1PCIcJpv*?nVV{%%W#}<)e;dDd^5{eZjW5x;#^GX
zoTjiKUg*LzOBPODT>-!>1`N96Z&^(IyAw>(`!sJUE&}miA%LL~x8Rf+k>(*hvs}d(
z^$ITb!AQdV7(KIGw3KKBaWhK=A-7^C(54QwLHq9EWkjQhnOQc8yskk;`40d?CtVfG
zi3a`i%rX=1BqyS2@XahSZPBN<z>9amA36d0PP|ZpGfT@o<EP+WSWN32r?p*4{A&|*
z+IJs}p24MPnEp9VtHeYKg22r33!AFe7SO;9Mk;hn_gF<Vg0z_>8){}bwq^kg&it=K
zyT2mp@oKUgPr)uH!7ltW(vZbCVU~rZ{W*OqqcFSD@k_c+lusgZSZm`P=^E=6mi}j2
zIiK`KS`HDoR}%xr+h%?B)sb~!>A%hwYRxCyRqgnDdl2pg!ndLf<HokI@cGwrN28_P
zF(C6YnB>2!P7s6d;8<Ah5o;^R%D@Tddu`z(_e&e#wUJwI(ZTr?T<JnE0)Tgb`2QSm
zE@JNRh<3mmuqBirV%CQ_k$TJ)DcS4(u$)r^qR{r}Awn9mZAcOe_E0{A-vdQFgFG{!
z`9|RnT@onTweZU#;-%oL*z<h45_$iZal(ftVR0p6_3U2%K!`NJydSMZFp*o5GRa{y
z<c9eP+D!CPBw_HINqkEOGh(Li@FxI&e||~cMsmc7m$h~xV5L>p$v7EdanKHq+n^IS
ztUO8b2^uLdq+J#X@DyMqbTF$?CxwFFMv|0A-s88?l0(Ev*R;1HV56N|F7T;>jd)>;
z4cbOjhe?u8&_-)<9L4HjBV=I{ZKE3oq)_nNh%41f<u*9aTt8BP6}yFE1Jd1)5Ttx)
zzAZ?icco)Ap|?e@nr$O_97*yC+URx<CKQeaVs6Z_(N{ZCDEMvk+*oA@+555-h83ni
z9S#1O<bB485~CucCBdtpD!bi?cgHb)UI!;WCoAK>zxVqy=yZ0~EP@(2AMC_}9yRkz
z@}BmXEdt;3yR4YKM#0tmVWJDMcjgD5VTU`i{(A*{&z|})s_+ydQ3$Z16=r@(-dX{F
zJqt4}0t$G(*0tz{JZTfeGR7GZhz$;f%oT#~HCD?F=w!lb^95z(`?~-AlDus%p(WsZ
zy5)ntGICJ=^g0X%E^wLoC3&mBH3BmRFtNe+uw6{VxiJ`HVIu%${mi4t%d4mU^)Osl
z0G9<j;f!ICz{=dv5ud2aI?O5L%JX~R4`^fhru`+#@#jaBP2eNS_=M<x-o<YM?m7XM
zL<^~aiu;T*Fe@d{BE|Y5!lIy1KS)5gh{5f-Lh!u?gGcV50O&ErHoHZh+(Apg_cT)=
zi|#|<vq6iXd&RbUe?9F+Kn3bbzE5i4RAbO6=w87FcR|kB;im|EuTbCEF1!YY4l;;~
f=w5NP{O{*~Jxd9y!hX_42N!YrVlbUg0F3!R41F>`
literal 0
HcmV?d00001
From 2c764028e36321d796ff7e0b2685146f6cf3c188 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Tue, 22 Oct 2019 13:58:07 -0500
Subject: [PATCH 2/9] Update saml-nameid.properties
---
conf/saml-nameid.properties | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/conf/saml-nameid.properties b/conf/saml-nameid.properties
index bbc1597..e489430 100644
--- a/conf/saml-nameid.properties
+++ b/conf/saml-nameid.properties
@@ -19,7 +19,7 @@
# Persistent IDs can be computed on the fly with a hash, or managed in a database
# For computed IDs, set a source attribute and a secret salt:
-#idp.persistentId.sourceAttribute = changethistosomethingreal
+idp.persistentId.sourceAttribute = uid
#idp.persistentId.useUnfilteredAttributes = true
# Do *NOT* share the salt with other people, it's like divulging your private key.
#idp.persistentId.algorithm = SHA
From 1f3d90b2a8bfc6f92345f83698e1ef67ea80a272 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Thu, 6 Feb 2020 18:22:31 +0000
Subject: [PATCH 3/9] initial 4.0 default
---
conf/access-control.xml | 2 +-
conf/admin/metrics.xml | 4 +
conf/attribute-filter.xml | 56 +-
conf/attribute-registry.xml | 26 +
conf/attribute-resolver-full.xml | 86 +-
conf/attribute-resolver-ldap.xml | 9 +-
conf/attribute-resolver.xml | 347 ++------
conf/attribute-resolver.xml.orig | 86 --
conf/attributes/custom/README.txt | 9 +
conf/attributes/default-rules.xml | 803 ++++++++++++++++++
conf/audit.xml | 2 +-
conf/authn/authn-comparison.xml | 69 ++
conf/authn/discovery-config.xml | 34 +
conf/authn/external-authn-config.xml | 2 +-
conf/authn/general-authn.xml | 31 +-
conf/authn/jaas-authn-config.xml | 2 -
conf/authn/krb5-authn-config.xml | 2 -
conf/authn/ldap-authn-config.xml | 133 +--
conf/authn/mfa-authn-config.xml | 29 +-
conf/authn/password-authn-config.xml | 23 +-
conf/authn/saml-authn-config.xml | 35 +
conf/c14n/subject-c14n.xml | 67 +-
conf/cas-protocol.xml | 6 +-
conf/errors.xml | 3 +
conf/idp.properties | 52 +-
conf/intercept/consent-intercept-config.xml | 3 +-
conf/intercept/external-intercept-config.xml | 25 +
conf/intercept/profile-intercept.xml | 2 +
conf/ldap.properties | 7 +-
conf/logback.xml | 7 +-
conf/logback.xml.dist | 7 +-
conf/logback.xml.tmp3 | 7 +-
conf/metadata-providers.xml | 31 +-
conf/relying-party.xml | 5 +
conf/saml-nameid.properties | 10 +-
conf/services.properties | 16 +-
conf/services.xml | 13 +-
credentials/idp-backchannel.crt | 44 +-
credentials/idp-backchannel.p12 | Bin 3377 -> 3377 bytes
credentials/idp-encryption.crt | 46 +-
credentials/idp-encryption.key | 74 +-
credentials/idp-signing.crt | 44 +-
credentials/idp-signing.key | 74 +-
credentials/inc-md-cert-mdq.pem | 29 -
credentials/inc-md-cert.pem | 22 -
credentials/sealer.jks | Bin 502 -> 502 bytes
credentials/sealer.kver | 2 +-
credentials/secrets.properties | 13 +
edit-webapp/WEB-INF/lib/jstl-1.2.jar | Bin 414240 -> 0 bytes
edit-webapp/css/logout.css | 17 +-
.../account-locked/account-locked-flow.xml | 16 +
flows/authn/conditions/conditions-flow.xml | 35 +
.../expired-password-flow.xml | 16 +
.../expiring-password-flow.xml | 33 +
flows/user/prefs/prefs-flow.xml | 25 +
metadata/idp-metadata.xml | 251 ------
views/admin/unlock-keys.vm | 9 +-
views/duo.vm | 4 +-
views/intercept/attribute-release.vm | 5 +-
views/intercept/impersonate.vm | 4 +-
views/intercept/terms-of-use.vm | 2 +
views/login-error.vm | 8 +-
views/login.vm | 16 +-
views/logout-complete.vm | 12 +-
views/logout-propagate.vm | 4 +-
views/logout.vm | 82 +-
66 files changed, 1666 insertions(+), 1272 deletions(-)
create mode 100644 conf/attribute-registry.xml
delete mode 100644 conf/attribute-resolver.xml.orig
create mode 100644 conf/attributes/custom/README.txt
create mode 100644 conf/attributes/default-rules.xml
create mode 100644 conf/authn/discovery-config.xml
create mode 100644 conf/authn/saml-authn-config.xml
create mode 100644 conf/intercept/external-intercept-config.xml
delete mode 100644 credentials/inc-md-cert-mdq.pem
delete mode 100644 credentials/inc-md-cert.pem
create mode 100644 credentials/secrets.properties
delete mode 100644 edit-webapp/WEB-INF/lib/jstl-1.2.jar
create mode 100644 flows/authn/conditions/account-locked/account-locked-flow.xml
create mode 100644 flows/authn/conditions/conditions-flow.xml
create mode 100644 flows/authn/conditions/expired-password/expired-password-flow.xml
create mode 100644 flows/authn/conditions/expiring-password/expiring-password-flow.xml
create mode 100644 flows/user/prefs/prefs-flow.xml
delete mode 100644 metadata/idp-metadata.xml
diff --git a/conf/access-control.xml b/conf/access-control.xml
index d8c1f04..a9184e6 100644
--- a/conf/access-control.xml
+++ b/conf/access-control.xml
@@ -30,7 +30,7 @@
<entry key="AccessByIPAddress">
<bean id="AccessByIPAddress" parent="shibboleth.IPRangeAccessControl"
- p:allowedRanges="#{ {'127.0.0.1/32', '::1/128', '10.0.0.0/8', '172.16.0.0/12', '192.168.0.0/16'} }" />
+ p:allowedRanges="#{ {'127.0.0.1/32', '::1/128'} }" />
</entry>
<!--
diff --git a/conf/admin/metrics.xml b/conf/admin/metrics.xml
index f9b5c16..fccf419 100644
--- a/conf/admin/metrics.xml
+++ b/conf/admin/metrics.xml
@@ -28,6 +28,8 @@
<ref bean="shibboleth.metrics.RelyingPartyGaugeSet" />
<ref bean="shibboleth.metrics.AttributeResolverGaugeSet" />
<ref bean="shibboleth.metrics.AttributeFilterGaugeSet" />
+ <ref bean="shibboleth.metrics.CASServiceRegistryGaugeSet" />
+ <ref bean="shibboleth.metrics.ManagedBeanGaugeSet" />
<!--
<bean class="com.codahale.metrics.jvm.CachedThreadStatesGaugeSet"
@@ -59,6 +61,8 @@
<entry key="relyingparty" value-ref="shibboleth.metrics.RelyingPartyGaugeSet" />
<entry key="resolver" value-ref="shibboleth.metrics.AttributeResolverGaugeSet" />
<entry key="filter" value-ref="shibboleth.metrics.AttributeFilterGaugeSet" />
+ <entry key="cas" value-ref="shibboleth.metrics.CASServiceRegistryGaugeSet" />
+ <entry key="bean" value-ref="shibboleth.metrics.ManagedBeanGaugeSet" />
</util:map>
<!-- If you don't specify an alternate access policy, this named policy will be enforced. -->
diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml
index 8a52dbe..7787d0c 100644
--- a/conf/attribute-filter.xml
+++ b/conf/attribute-filter.xml
@@ -77,16 +77,13 @@
</AttributeFilterPolicy>
<!-- Release an additional attribute to an SP. -->
- <!--
<AttributeFilterPolicy id="example1">
<PolicyRequirementRule xsi:type="Requester" value="https://sp.example.org" />
<AttributeRule attributeID="uid" permitAny="true" />
</AttributeFilterPolicy>
- -->
<!-- Release eduPersonScopedAffiliation to two specific SPs. -->
- <!--
<AttributeFilterPolicy id="example2">
<PolicyRequirementRule xsi:type="OR">
<Rule xsi:type="Requester" value="https://sp.example.org" />
@@ -95,56 +92,5 @@
<AttributeRule attributeID="eduPersonScopedAffiliation" permitAny="true" />
</AttributeFilterPolicy>
- -->
-
- <!-- Attribute release for all SPs (global) tagged as 'Research and Scholarship' -->
- <AttributeFilterPolicy id="releaseRandSAttributeBundle">
- <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
- attributeName="http://macedir.org/entity-category"
- attributeValue="http://refeds.org/category/research-and-scholarship"/>
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="mail">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>
-
- <!-- Attribute release for all InCommon SPs -->
- <AttributeFilterPolicy id="releaseToInCommon">
- <PolicyRequirementRule xsi:type="EntityAttributeExactMatch"
- attributeName="http://macedir.org/entity-category"
- attributeValue="http://id.incommon.org/category/registered-by-incommon"/>
- <AttributeRule attributeID="eduPersonPrincipalName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="eduPersonScopedAffiliation">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="givenName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="surname">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="displayName">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- <AttributeRule attributeID="mail">
- <PermitValueRule xsi:type="ANY" />
- </AttributeRule>
- </AttributeFilterPolicy>
-
+
</AttributeFilterPolicyGroup>
diff --git a/conf/attribute-registry.xml b/conf/attribute-registry.xml
new file mode 100644
index 0000000..8890f4b
--- /dev/null
+++ b/conf/attribute-registry.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <!--
+ The system comes preconfigured to load rules directly from resource files
+ configured in services.xml so they're monitored for changes.
+
+ You can add mappings here, add more XML resource files,
+ or drop property files into the directory noted below.
+ -->
+
+ <!-- Default directory for custom mappings. -->
+ <bean parent="shibboleth.TranscodingRuleLoader" c:_0="%{idp.home}/conf/attributes/custom" />
+
+</beans>
diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml
index e44ffbc..ad75dbc 100644
--- a/conf/attribute-resolver-full.xml
+++ b/conf/attribute-resolver-full.xml
@@ -27,116 +27,78 @@
<AttributeDefinition xsi:type="Simple" id="uid">
<InputDataConnector ref="myLDAP" attributeNames="uid"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="mail">
<InputDataConnector ref="myLDAP" attributeNames="mail"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="homePhone">
<InputDataConnector ref="myLDAP" attributeNames="homePhone"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePhone" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="homePostalAddress">
<InputDataConnector ref="myLDAP" attributeNames="homePostalAddress"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePostalAddress" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="mobileNumber">
<InputDataConnector ref="myLDAP" attributeNames="mobile"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="pagerNumber">
<InputDataConnector ref="myLDAP" attributeNames="pager"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:pager" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="surname">
<InputDataConnector ref="myLDAP" attributeNames="sn"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="locality">
<InputDataConnector ref="myLDAP" attributeNames="l"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="stateProvince">
<InputDataConnector ref="myLDAP" attributeNames="st"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:st" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.8" friendlyName="st" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="street">
<InputDataConnector ref="myLDAP" attributeNames="street"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:street" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.9" friendlyName="street" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="organizationName">
<InputDataConnector ref="myLDAP" attributeNames="o"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="organizationalUnit">
<InputDataConnector ref="myLDAP" attributeNames="ou"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:ou" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.11" friendlyName="ou" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="title">
<InputDataConnector ref="myLDAP" attributeNames="title"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="postalAddress">
<InputDataConnector ref="myLDAP" attributeNames="postalAddress"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalAddress" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.16" friendlyName="postalAddress" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="postalCode">
<InputDataConnector ref="myLDAP" attributeNames="postalCode"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalCode" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.17" friendlyName="postalCode" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="postOfficeBox">
<InputDataConnector ref="myLDAP" attributeNames="postOfficeBox"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postOfficeBox" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="telephoneNumber">
<InputDataConnector ref="myLDAP" attributeNames="telephoneNumber"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:telephoneNumber" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="givenName">
<InputDataConnector ref="myLDAP" attributeNames="givenName"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="initials">
<InputDataConnector ref="myLDAP" attributeNames="initials"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:initials" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.43" friendlyName="initials" encodeType="false" />
</AttributeDefinition>
-->
@@ -144,88 +106,60 @@
<!--
<AttributeDefinition xsi:type="Simple" id="departmentNumber">
<InputDataConnector ref="myLDAP" attributeNames="departmentNumber"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:departmentNumber" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="displayName">
<InputDataConnector ref="myLDAP" attributeNames="displayName"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="employeeNumber">
<InputDataConnector ref="myLDAP" attributeNames="employeeNumber"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeNumber" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="employeeType">
<InputDataConnector ref="myLDAP" attributeNames="employeeType"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="jpegPhoto">
<InputDataConnector ref="myLDAP" attributeNames="jpegPhoto"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:jpegPhoto" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="preferredLanguage">
<InputDataConnector ref="myLDAP" attributeNames="preferredLanguage"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:preferredLanguage" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" encodeType="false" />
</AttributeDefinition>
-->
<!-- Schema: eduPerson attributes -->
<!--
<AttributeDefinition xsi:type="Simple" id="eduPersonAffiliation">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAffiliation" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="eduPersonEntitlement">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="eduPersonNickname">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonNickname"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonNickname" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="eduPersonPrimaryAffiliation">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrimaryAffiliation"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" friendlyName="eduPersonPrincipalNamePrior" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Simple" id="eduPersonAssurance">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonAssurance"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" encodeType="false" />
</AttributeDefinition>
-->
@@ -233,8 +167,6 @@
<!--
<AttributeDefinition xsi:type="Scoped" id="eduPersonUniqueId" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
</AttributeDefinition>
-->
@@ -242,12 +174,10 @@
<!--
<AttributeDefinition xsi:type="Scoped" id="samlSubjectID" scope="%{idp.scope}">
<InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:subject-id" friendlyName="subject-id" encodeType="false" />
</AttributeDefinition>
<AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}">
<InputDataConnector ref="computed" attributeNames="computedId"/>
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:pairwise-id" friendlyName="pairwise-id" encodeType="false" />
</AttributeDefinition>
-->
@@ -257,13 +187,16 @@
<!-- Example Static Connector -->
- <!-- Example Relational Database Connector -->
+ <!-- Example Relational Database Connector.
+ In practice a <SimpleManagedConnection> is enough to get you going but you should consider a
+ <BeanManagedConnection> fully configured for your particular environment -->
+
<!--
<DataConnector id="mySIS" xsi:type="RelationalDatabase">
- <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
- jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
- jdbcUserName="myid"
- jdbcPassword="mypassword" />
+ <SimpleManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
+ jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
+ jdbcUserName="myid"
+ jdbcPassword="mypassword" />
<QueryTemplate>
<![CDATA[
SELECT * FROM student WHERE gzbtpid = '$resolutionContext.principal'
@@ -297,8 +230,7 @@
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
- expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
- failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
+ expirationTime="%{idp.pool.LDAP.idleTime:PT10M}" />
</DataConnector>
-->
diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml
index 69154c0..76e6d55 100644
--- a/conf/attribute-resolver-ldap.xml
+++ b/conf/attribute-resolver-ldap.xml
@@ -31,8 +31,6 @@
-->
<AttributeDefinition id="eduPersonPrincipalName" xsi:type="Prescoped" >
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
</AttributeDefinition>
<!--
@@ -42,8 +40,6 @@
-->
<AttributeDefinition id="uid" xsi:type="Simple" >
<InputDataConnector ref="myLDAP" attributeNames="uid"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
</AttributeDefinition>
<!--
@@ -53,8 +49,6 @@
-->
<AttributeDefinition id="mail" xsi:type="Simple" >
<InputDataConnector ref="myLDAP" attributeNames="mail"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
</AttributeDefinition>
<!-- ========================================== -->
@@ -87,8 +81,7 @@
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
- expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
- failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
+ expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
</DataConnector>
</AttributeResolver>
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
index a4b32d7..0ee236b 100644
--- a/conf/attribute-resolver.xml
+++ b/conf/attribute-resolver.xml
@@ -1,311 +1,76 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE configuration file containing lots of commented
- example attributes, encoders, and a couple of example data connectors.
-
- Not all attribute definitions or data connectors are demonstrated, but
- a variety of LDAP attributes, some common to Shibboleth deployments and
- many not, are included.
-
- Deployers should refer to the Identity Provider 3 documentation
+<!--
+ This file is an EXAMPLE configuration file. While the configuration
+ presented in this example file is semi-functional, it isn't very
+ interesting. It is here only as a starting point for your deployment
+ process.
- https://wiki.shibboleth.net/confluence/display/IDP30/AttributeResolverConfiguration
-
- for a complete list of components and their options.
+ Very few attribute definitions and data connectors are demonstrated,
+ and the data is derived statically from the logged-in username and a
+ static example connector.
+
+ Attribute-resolver-full.xml contains more examples of attributes,
+ encoders, and data connectors. Deployers should refer to the Shibboleth
+ documentation for a complete list of components and their options.
-->
<AttributeResolver
- xmlns="urn:mace:shibboleth:2.0:resolver"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns="urn:mace:shibboleth:2.0:resolver"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
+
<!-- ========================================== -->
<!-- Attribute Definitions -->
<!-- ========================================== -->
- <!-- Schema: Core schema attributes-->
- <AttributeDefinition xsi:type="Simple" id="uid">
- <InputDataConnector ref="myLDAP" attributeNames="uid"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="mail">
- <InputDataConnector ref="myLDAP" attributeNames="mail"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="homePhone">
- <InputDataConnector ref="myLDAP" attributeNames="homePhone"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePhone" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.20" friendlyName="homePhone" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="homePostalAddress">
- <InputDataConnector ref="myLDAP" attributeNames="homePostalAddress"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:homePostalAddress" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.39" friendlyName="homePostalAddress" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="mobileNumber">
- <InputDataConnector ref="myLDAP" attributeNames="mobile"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mobile" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.41" friendlyName="mobile" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="pagerNumber">
- <InputDataConnector ref="myLDAP" attributeNames="pager"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:pager" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.42" friendlyName="pager" encodeType="false" />
+ <!--
+ The EPPN is the "standard" federated username in higher ed.
+ For guidelines on the implementation of this attribute, refer
+ to the Shibboleth and eduPerson documentation. Above all, do
+ not expose a value for this attribute without considering the
+ long term implications.
+ -->
+ <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}">
+ <InputAttributeDefinition ref="uid" />
+ </AttributeDefinition>
+
+ <!--
+ The uid is the closest thing to a "standard" LDAP attribute
+ representing a local username, but you should generally *never*
+ expose uid to federated services, as it is rarely globally unique.
+ -->
+ <AttributeDefinition id="uid" xsi:type="PrincipalName" />
+
+ <!--
+ In the rest of the world, the email address is the standard identifier,
+ despite the problems with that practice. Consider making the EPPN
+ value the same as your official email addresses whenever possible.
+ -->
+ <AttributeDefinition id="mail" xsi:type="Template">
+ <InputAttributeDefinition ref="uid" />
+ <Template>
+ <![CDATA[
+ ${uid}@example.org
+ ]]>
+ </Template>
+ </AttributeDefinition>
+
+ <!--
+ This is an example of an attribute sourced from a data connector.
+ -->
+ <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}">
+ <InputDataConnector ref="staticAttributes" attributeNames="affiliation" />
</AttributeDefinition>
- <AttributeDefinition xsi:type="Simple" id="surname">
- <InputDataConnector ref="myLDAP" attributeNames="sn"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:sn" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.4" friendlyName="sn" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="locality">
- <InputDataConnector ref="myLDAP" attributeNames="l"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:l" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.7" friendlyName="l" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="stateProvince">
- <InputDataConnector ref="myLDAP" attributeNames="st"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:st" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.8" friendlyName="st" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="street">
- <InputDataConnector ref="myLDAP" attributeNames="street"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:street" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.9" friendlyName="street" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="organizationName">
- <InputDataConnector ref="myLDAP" attributeNames="o"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:o" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.10" friendlyName="o" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="organizationalUnit">
- <InputDataConnector ref="myLDAP" attributeNames="ou"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:ou" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.11" friendlyName="ou" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="title">
- <InputDataConnector ref="myLDAP" attributeNames="title"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:title" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.12" friendlyName="title" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="postalAddress">
- <InputDataConnector ref="myLDAP" attributeNames="postalAddress"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalAddress" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.16" friendlyName="postalAddress" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="postalCode">
- <InputDataConnector ref="myLDAP" attributeNames="postalCode"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postalCode" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.17" friendlyName="postalCode" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="postOfficeBox">
- <InputDataConnector ref="myLDAP" attributeNames="postOfficeBox"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:postOfficeBox" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.18" friendlyName="postOfficeBox" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="telephoneNumber">
- <InputDataConnector ref="myLDAP" attributeNames="telephoneNumber"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:telephoneNumber" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.20" friendlyName="telephoneNumber" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="givenName">
- <InputDataConnector ref="myLDAP" attributeNames="givenName"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:givenName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.42" friendlyName="givenName" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="initials">
- <InputDataConnector ref="myLDAP" attributeNames="initials"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:initials" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.5.4.43" friendlyName="initials" encodeType="false" />
- </AttributeDefinition>
-
- <!-- Schema: inetOrgPerson attributes-->
- <AttributeDefinition xsi:type="Simple" id="departmentNumber">
- <InputDataConnector ref="myLDAP" attributeNames="departmentNumber"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:departmentNumber" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.2" friendlyName="departmentNumber" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="displayName">
- <InputDataConnector ref="myLDAP" attributeNames="displayName"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:displayName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.241" friendlyName="displayName" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="employeeNumber">
- <InputDataConnector ref="myLDAP" attributeNames="employeeNumber"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeNumber" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.3" friendlyName="employeeNumber" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="employeeType">
- <InputDataConnector ref="myLDAP" attributeNames="employeeType"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:employeeType" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.4" friendlyName="employeeType" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="jpegPhoto">
- <InputDataConnector ref="myLDAP" attributeNames="jpegPhoto"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:jpegPhoto" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.60" friendlyName="jpegPhoto" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="preferredLanguage">
- <InputDataConnector ref="myLDAP" attributeNames="preferredLanguage"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:preferredLanguage" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:2.16.840.1.113730.3.1.39" friendlyName="preferredLanguage" encodeType="false" />
- </AttributeDefinition>
-
- <!-- Schema: eduPerson attributes -->
- <AttributeDefinition xsi:type="Simple" id="eduPersonAffiliation">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAffiliation" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" friendlyName="eduPersonAffiliation" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="eduPersonEntitlement">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonEntitlement" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.7" friendlyName="eduPersonEntitlement" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="eduPersonNickname">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonNickname"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonNickname" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.2" friendlyName="eduPersonNickname" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="eduPersonPrimaryAffiliation">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrimaryAffiliation"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.5" friendlyName="eduPersonPrimaryAffiliation" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.12" friendlyName="eduPersonPrincipalNamePrior" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="eduPersonAssurance">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonAssurance"/>
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:eduPersonAssurance" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.11" friendlyName="eduPersonAssurance" encodeType="false" />
- </AttributeDefinition>
-
- <!-- Semi-deprecated eduPersonUniqueId, should be phased out in favor of SAML subject-id replacement below. -->
-<!--
- <AttributeDefinition xsi:type="Scoped" id="eduPersonUniqueId" scope="%{idp.scope}">
- <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.13" friendlyName="eduPersonUniqueId" encodeType="false" />
- </AttributeDefinition>
--->
-
- <!-- Schema: SAML Subject ID Attributes -->
- <AttributeDefinition xsi:type="Scoped" id="samlSubjectID" scope="%{idp.scope}">
- <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:subject-id" friendlyName="subject-id" encodeType="false" />
- </AttributeDefinition>
-
-<!--
- <AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}">
- <InputDataConnector ref="computed" attributeNames="computedId"/>
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oasis:names:tc:SAML:attribute:pairwise-id" friendlyName="pairwise-id" encodeType="false" />
- </AttributeDefinition>
--->
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
- <!-- Example Static Connector -->
-
- <!-- Example Relational Database Connector -->
-<!--
- <DataConnector id="mySIS" xsi:type="RelationalDatabase">
- <ApplicationManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
- jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
- jdbcUserName="myid"
- jdbcPassword="mypassword" />
- <QueryTemplate>
- <![CDATA[
- SELECT * FROM student WHERE gzbtpid = '$resolutionContext.principal'
- ]]>
- </QueryTemplate>
-
- <Column columnName="gzbtpid" attributeID="uid" />
- <Column columnName="fqlft" attributeID="gpa" />
- </DataConnector>
--->
-
- <!-- LDAP Connector -->
- <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
- ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
- baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
- principal="%{idp.attribute.resolver.LDAP.bindDN}"
- principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
- useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
- connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
- responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
- <FilterTemplate>
- <![CDATA[
- %{idp.attribute.resolver.LDAP.searchFilter}
- ]]>
- </FilterTemplate>
- <ConnectionPool
- minPoolSize="%{idp.pool.LDAP.minSize:3}"
- maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
- blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
- validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
- validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
- expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"
- failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
+ <DataConnector id="staticAttributes" xsi:type="Static">
+ <Attribute id="affiliation">
+ <Value>member</Value>
+ </Attribute>
</DataConnector>
-
- <!-- DataConector for pairwise-id (example depends on saml-nameid.properties). -->
-
-<!--
- <DataConnector id="computed" xsi:type="ComputedId"
- generatedAttributeID="computedId"
- salt="%{idp.persistentId.salt}"
- algorithm="%{idp.persistentId.algorithm:SHA}"
- encoding="%{idp.persistentId.encoding:BASE32}">
-
- <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
-
- </DataConnector>
--->
-
</AttributeResolver>
diff --git a/conf/attribute-resolver.xml.orig b/conf/attribute-resolver.xml.orig
deleted file mode 100644
index 471bf0b..0000000
--- a/conf/attribute-resolver.xml.orig
+++ /dev/null
@@ -1,86 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE configuration file. While the configuration
- presented in this example file is semi-functional, it isn't very
- interesting. It is here only as a starting point for your deployment
- process.
-
- Very few attribute definitions and data connectors are demonstrated,
- and the data is derived statically from the logged-in username and a
- static example connector.
-
- Attribute-resolver-full.xml contains more examples of attributes,
- encoders, and data connectors. Deployers should refer to the Shibboleth
- documentation for a complete list of components and their options.
--->
-<AttributeResolver
- xmlns="urn:mace:shibboleth:2.0:resolver"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
-
-
- <!-- ========================================== -->
- <!-- Attribute Definitions -->
- <!-- ========================================== -->
-
- <!--
- The EPPN is the "standard" federated username in higher ed.
- For guidelines on the implementation of this attribute, refer
- to the Shibboleth and eduPerson documentation. Above all, do
- not expose a value for this attribute without considering the
- long term implications.
- -->
- <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Scoped" scope="%{idp.scope}">
- <InputAttributeDefinition ref="uid" />
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonPrincipalName" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" friendlyName="eduPersonPrincipalName" encodeType="false" />
- </AttributeDefinition>
-
- <!--
- The uid is the closest thing to a "standard" LDAP attribute
- representing a local username, but you should generally *never*
- expose uid to federated services, as it is rarely globally unique.
- -->
- <AttributeDefinition id="uid" xsi:type="PrincipalName">
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:uid" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.1" friendlyName="uid" encodeType="false" />
- </AttributeDefinition>
-
- <!--
- In the rest of the world, the email address is the standard identifier,
- despite the problems with that practice. Consider making the EPPN
- value the same as your official email addresses whenever possible.
- -->
- <AttributeDefinition id="mail" xsi:type="Template">
- <InputAttributeDefinition ref="uid" />
- <AttributeEncoder xsi:type="SAML1String" name="urn:mace:dir:attribute-def:mail" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2String" name="urn:oid:0.9.2342.19200300.100.1.3" friendlyName="mail" encodeType="false" />
- <Template>
- <![CDATA[
- ${uid}@example.org
- ]]>
- </Template>
- <SourceAttribute>uid</SourceAttribute>
- </AttributeDefinition>
-
- <!--
- This is an example of an attribute sourced from a data connector.
- -->
- <AttributeDefinition id="eduPersonScopedAffiliation" xsi:type="Scoped" scope="%{idp.scope}">
- <InputDataConnector ref="staticAttributes" attributeNames="affiliation" />
- <AttributeEncoder xsi:type="SAML1ScopedString" name="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" encodeType="false" />
- <AttributeEncoder xsi:type="SAML2ScopedString" name="urn:oid:1.3.6.1.4.1.5923.1.1.1.9" friendlyName="eduPersonScopedAffiliation" encodeType="false" />
- </AttributeDefinition>
-
-
- <!-- ========================================== -->
- <!-- Data Connectors -->
- <!-- ========================================== -->
-
- <DataConnector id="staticAttributes" xsi:type="Static">
- <Attribute id="affiliation">
- <Value>member</Value>
- </Attribute>
- </DataConnector>
-
-</AttributeResolver>
diff --git a/conf/attributes/custom/README.txt b/conf/attributes/custom/README.txt
new file mode 100644
index 0000000..98977b0
--- /dev/null
+++ b/conf/attributes/custom/README.txt
@@ -0,0 +1,9 @@
+# You can create custom attribute mapping rules using
+# simple property files stored in this directory tree.
+# Spring property replacement is NOT supported.
+
+# As an example, a default SAML 2 rule for eduPersonPrincipalName would be:
+
+#id=eduPersonPrincipalName
+#transcoder=SAML2ScopedStringTranscoder
+#saml2.name=urn:oid:1.3.6.1.4.1.5923.1.1.1.6
diff --git a/conf/attributes/default-rules.xml b/conf/attributes/default-rules.xml
new file mode 100644
index 0000000..b6289fe
--- /dev/null
+++ b/conf/attributes/default-rules.xml
@@ -0,0 +1,803 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <!-- Default Attribute transcoding rules. -->
+
+ <bean parent="shibboleth.TranscodingRuleLoader">
+ <constructor-arg>
+ <list>
+
+ <!-- Schema: Core schema attributes-->
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">uid</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.1</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:uid</prop>
+ <prop key="displayName.en">User ID</prop>
+ <prop key="displayName.de">Benutzer-ID</prop>
+ <prop key="displayName.fr">ID utilisateur</prop>
+ <prop key="displayName.it">ID dell'utente</prop>
+ <prop key="displayName.ja">ユーザID</prop>
+ <prop key="displayName.pt">User ID</prop>
+ <prop key="displayName.sv">Användaridentitet</prop>
+ <prop key="description.en">A unique identifier for a person, mainly used for user identification within the user's home organization.</prop>
+ <prop key="description.de">Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird.</prop>
+ <prop key="description.fr">Identifiant de connexion d'une personnes sur les systèmes informatiques.</prop>
+ <prop key="description.it">Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza.</prop>
+ <prop key="description.ja">所属機関内で一意の利用者識別子</prop>
+ <prop key="description.pt">Identificador do utilizador</prop>
+ <prop key="description.sv">Användaridentitet: Unik identifierar som används vid lokal inloggning i hemmaorganisationen.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">mail</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.3</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:mail</prop>
+ <prop key="displayName.en">E-mail</prop>
+ <prop key="displayName.de">E-Mail</prop>
+ <prop key="displayName.fr">Email</prop>
+ <prop key="displayName.it">E-mail</prop>
+ <prop key="displayName.ja">メールアドレス</prop>
+ <prop key="displayName.pt">E-mail</prop>
+ <prop key="displayName.sv">E-postadress</prop>
+ <prop key="description.en">E-Mail: Preferred address for e-mail to be sent to this person</prop>
+ <prop key="description.de">E-Mail-Adresse</prop>
+ <prop key="description.de-ch">E-Mail Adresse</prop>
+ <prop key="description.fr">Adresse de courrier électronique</prop>
+ <prop key="description.it">E-Mail: l'indirizzo e-mail preferito dall'utente</prop>
+ <prop key="description.ja">メールアドレス</prop>
+ <prop key="description.pt">E-Mail: Endereço de correio electronico</prop>
+ <prop key="description.sv">E-postadress: E-postadress som används av personen.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">homePhone</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.20</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:homePhone</prop>
+ <prop key="displayName.en">Private phone number</prop>
+ <prop key="displayName.de">Telefon Privat</prop>
+ <prop key="displayName.fr">Teléphone personnel</prop>
+ <prop key="displayName.it">Numero di telefono privato</prop>
+ <prop key="displayName.ja">自宅電話番号</prop>
+ <prop key="displayName.pt">Número de telefone privado</prop>
+ <prop key="displayName.sv">Telefonnummer (hem)</prop>
+ <prop key="description.en">Private phone number</prop>
+ <prop key="description.de">Private Telefonnummer</prop>
+ <prop key="description.fr">Numéro de téléphone de domicile de la personne</prop>
+ <prop key="description.it">Numero di telefono privato</prop>
+ <prop key="description.ja">自宅の電話番号</prop>
+ <prop key="description.pt">Número de telefone privado do utilizador</prop>
+ <prop key="description.sv">Telefonnummer (hem): Telefonnummer till bostaden.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">homePostalAddress</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.39</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:homePostalAddress</prop>
+ <prop key="displayName.en">Home postal address</prop>
+ <prop key="displayName.de">Heimatadresse</prop>
+ <prop key="displayName.de-ch">Heimadresse</prop>
+ <prop key="displayName.fr">Adresse personnelle</prop>
+ <prop key="displayName.it">Indirizzo personale</prop>
+ <prop key="displayName.ja">自宅住所</prop>
+ <prop key="displayName.pt">Morada Pessoal</prop>
+ <prop key="displayName.sv">Postadress (hem)</prop>
+ <prop key="description.en">Home postal address: Home address of the user</prop>
+ <prop key="description.de">Heimatadresse</prop>
+ <prop key="description.de-ch">Heimadresse</prop>
+ <prop key="description.fr">Adresse postale de domicile de la personne</prop>
+ <prop key="description.it">Indirizzo personale: indirizzo dove abita l'utente</prop>
+ <prop key="description.ja">自宅の住所</prop>
+ <prop key="description.pt">Morada Pessoal: Morada do utilizador</prop>
+ <prop key="description.sv">Postadress (hem): Postadress till bostaden.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">mobile</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.41</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:mobile</prop>
+ <prop key="displayName.en">Mobile phone number</prop>
+ <prop key="displayName.de">Telefon Mobil</prop>
+ <prop key="displayName.fr">Numéro de mobile</prop>
+ <prop key="displayName.it">Numero di cellulare</prop>
+ <prop key="displayName.ja">携帯電話番号</prop>
+ <prop key="displayName.pt">Número de telemóvel</prop>
+ <prop key="displayName.sv">Telefonnummer (mobil)</prop>
+ <prop key="description.en">Mobile phone number</prop>
+ <prop key="description.de">Mobile Telefonnummer</prop>
+ <prop key="description.fr">Numéro de teléphone mobile</prop>
+ <prop key="description.it">Numero di cellulare</prop>
+ <prop key="description.ja">携帯電話の電話番号</prop>
+ <prop key="description.pt">Número de telemóvel do utilizador</prop>
+ <prop key="description.sv">Telefonnummer (mobil): Telefonnummer till mobiltelefon.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">pager</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.42</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:pager</prop>
+ <prop key="displayName.en">Pager number</prop>
+ <prop key="description.en">Pager number</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">surname</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.4</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:sn</prop>
+ <prop key="displayName.en">Surname</prop>
+ <prop key="displayName.de">Nachname</prop>
+ <prop key="displayName.fr">Nom de famille</prop>
+ <prop key="displayName.it">Cognome</prop>
+ <prop key="displayName.ja">姓</prop>
+ <prop key="displayName.pt">Nome de Família</prop>
+ <prop key="displayName.sv">Efternamn</prop>
+ <prop key="description.en">Surname or family name</prop>
+ <prop key="description.de">Familienname</prop>
+ <prop key="description.fr">Nom de famille de l'utilisateur.</prop>
+ <prop key="description.it">Cognome dell'utilizzatore</prop>
+ <prop key="description.ja">氏名(姓)の英語表記</prop>
+ <prop key="description.pt">Nome de Família</prop>
+ <prop key="description.sv">Efternamn: Efternamn för personen.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">locality</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.7</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:l</prop>
+ <prop key="displayName.en">Locality name</prop>
+ <prop key="displayName.de">Ort</prop>
+ <prop key="displayName.fr">Locality name</prop>
+ <prop key="displayName.ja">場所(L)</prop>
+ <prop key="description.en">Locality name</prop>
+ <prop key="description.de">Ort</prop>
+ <prop key="description.fr">Nom de la localité où réside l'objet</prop>
+ <prop key="description.ja">場所の名前 日本の場合は市区町村名</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">stateProvince</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.8</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:st</prop>
+ <prop key="displayName.en">State or province name</prop>
+ <prop key="displayName.ja">都道府県もしくは州や省(ST)</prop>
+ <prop key="description.en">State or province name</prop>
+ <prop key="description.ja">州名や省名 国によって異なり日本の場合は都道府県名</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">street</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.9</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:street</prop>
+ <prop key="displayName.en">Street</prop>
+ <prop key="displayName.de">Straße</prop>
+ <prop key="displayName.de-ch">Strasse</prop>
+ <prop key="displayName.fr">Rue</prop>
+ <prop key="displayName.ja">通り</prop>
+ <prop key="description.en">Street address</prop>
+ <prop key="description.de">Name der Straße</prop>
+ <prop key="description.de-ch">Strassenadresse</prop>
+ <prop key="description.fr">Nom de rue</prop>
+ <prop key="description.ja">通りおよび番地</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">organizationName</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.10</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:o</prop>
+ <prop key="displayName.en">Organization name</prop>
+ <prop key="displayName.de">Organisationsname</prop>
+ <prop key="displayName.fr">Nom de l'organisation</prop>
+ <prop key="displayName.ja">所属機関名</prop>
+ <prop key="description.en">Organization name</prop>
+ <prop key="description.de">Name der Organisation</prop>
+ <prop key="description.fr">Nom de l'organisation</prop>
+ <prop key="description.ja">所属機関名称の英語表記</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">organizationalUnit</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.11</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:ou</prop>
+ <prop key="displayName.en">Organizational unit</prop>
+ <prop key="displayName.de">Organisationseinheit</prop>
+ <prop key="displayName.fr">Unité organisationnelle</prop>
+ <prop key="displayName.ja">機関内所属名</prop>
+ <prop key="description.en">Organizational unit</prop>
+ <prop key="description.de">Name der Organisationseinheit</prop>
+ <prop key="description.fr">Nom de l'unité organisationnelle</prop>
+ <prop key="description.ja">機関内所属名称の英語表記</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">title</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.12</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:title</prop>
+ <prop key="displayName.en">Title</prop>
+ <prop key="displayName.de">Titel</prop>
+ <prop key="displayName.fr">Title</prop>
+ <prop key="displayName.ja">肩書き</prop>
+ <prop key="description.en">Title of a person</prop>
+ <prop key="description.de">Titel der Person</prop>
+ <prop key="description.fr">Titre de la personne</prop>
+ <prop key="description.ja">利用者の肩書き</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">postalAddress</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.16</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:postalAddress</prop>
+ <prop key="displayName.en">Business postal address</prop>
+ <prop key="displayName.de">Geschäftsadresse</prop>
+ <prop key="displayName.fr">Adresse professionnelle</prop>
+ <prop key="displayName.it">Indirizzo professionale</prop>
+ <prop key="displayName.ja">所属機関住所</prop>
+ <prop key="displayName.pt">Morada</prop>
+ <prop key="displayName.sv">Postadress (arbete):</prop>
+ <prop key="description.en">Business postal address: Campus or office address</prop>
+ <prop key="description.de">Geschäftliche Adresse</prop>
+ <prop key="description.de-ch">Adresse am Arbeitsplatz</prop>
+ <prop key="description.fr">Adresse de l'institut, de l'université</prop>
+ <prop key="description.it">Indirizzo professionale: indirizzo dell'istituto o dell'ufficio</prop>
+ <prop key="description.ja">所属機関の住所</prop>
+ <prop key="description.pt">Morada da instituição</prop>
+ <prop key="description.sv">Postadress (arbete): Postadressen för arbetsplatsen</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">postalCode</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.17</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:postalCode</prop>
+ <prop key="displayName.en">Postal code</prop>
+ <prop key="displayName.en-us">ZIP code</prop>
+ <prop key="displayName.de">Postleitzahl</prop>
+ <prop key="displayName.fr">Code postal</prop>
+ <prop key="displayName.ja">郵便番号</prop>
+ <prop key="description.en">Postal code</prop>
+ <prop key="description.en-us">ZIP code</prop>
+ <prop key="description.de">Postleitzahl</prop>
+ <prop key="description.fr">Code postal</prop>
+ <prop key="description.ja">郵便番号</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">postOfficeBox</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:mace:dir:attribute-def:postOfficeBox</prop>
+ <prop key="saml1.name">urn:oid:2.5.4.18</prop>
+ <prop key="displayName.en">Postal box</prop>
+ <prop key="displayName.de">Postfach</prop>
+ <prop key="displayName.fr">Boite postale</prop>
+ <prop key="displayName.fr-ch">Case postale</prop>
+ <prop key="displayName.ja">私書箱</prop>
+ <prop key="description.en">Postal box identifier</prop>
+ <prop key="description.de">Postfach</prop>
+ <prop key="description.fr">Boite postale</prop>
+ <prop key="description.fr-ch">Case postale</prop>
+ <prop key="description.ja">私書箱</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">telephoneNumber</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:mace:dir:attribute-def:telephoneNumber</prop>
+ <prop key="saml1.name">urn:oid:2.5.4.20</prop>
+ <prop key="displayName.en">Business phone number</prop>
+ <prop key="displayName.de">Telefon Geschäft</prop>
+ <prop key="displayName.fr">Teléphone professionnel</prop>
+ <prop key="displayName.it">Numero di telefono dell'ufficio</prop>
+ <prop key="displayName.ja">勤務先電話番号</prop>
+ <prop key="displayName.pt">Telefone</prop>
+ <prop key="displayName.sv">Telefonummer (arbete)</prop>
+ <prop key="description.en">Business phone number: Office or campus phone number</prop>
+ <prop key="description.de">Telefonnummer am Arbeitsplatz</prop>
+ <prop key="description.fr">Teléphone de l'institut, de l'université</prop>
+ <prop key="description.it">Numero di telefono dell'ufficio</prop>
+ <prop key="description.ja">所属機関での利用者の電話番号</prop>
+ <prop key="description.pt">Número de telefone</prop>
+ <prop key="description.sv">Telefonummer (arbete): Telefonnummer till arbetsplatsen</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">givenName</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.42</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:givenName</prop>
+ <prop key="displayName.en">Given name</prop>
+ <prop key="displayName.de">Vorname</prop>
+ <prop key="displayName.fr">Prénom</prop>
+ <prop key="displayName.it">Nome</prop>
+ <prop key="displayName.ja">名</prop>
+ <prop key="displayName.pt">Nome</prop>
+ <prop key="displayName.sv">Förnamn</prop>
+ <prop key="description.en">Given name of a person</prop>
+ <prop key="description.de">Vorname</prop>
+ <prop key="description.fr">Prénom de l'utilisateur</prop>
+ <prop key="description.it">Nome</prop>
+ <prop key="description.ja">氏名(名)の英語表記</prop>
+ <prop key="description.pt">Nome</prop>
+ <prop key="description.sv">Förnamn: Förnamn för personen.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">initials</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.43</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:initials</prop>
+ <prop key="displayName.en">Initials</prop>
+ <prop key="displayName.de">Initialen</prop>
+ <prop key="displayName.fr">Initiales</prop>
+ <prop key="displayName.ja">イニシャル</prop>
+ <prop key="description.en">Initials</prop>
+ <prop key="description.de">Anfangsbuchstaben des Namens</prop>
+ <prop key="description.de-ch">Die Anfangsbuchstaben</prop>
+ <prop key="description.fr">L' initiales</prop>
+ <prop key="description.ja">イニシャル</prop>
+ </props>
+ </property>
+ </bean>
+
+ <!-- Schema: inetOrgPerson attributes-->
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">departmentNumber</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.2</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:departmentNumber</prop>
+ <prop key="displayName.en">Department number</prop>
+ <prop key="displayName.de">Abteilungsnummer</prop>
+ <prop key="description.en">Department number</prop>
+ <prop key="description.de">Nummer der Abteilung</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">displayName</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.241</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:displayName</prop>
+ <prop key="displayName.en">Display Name</prop>
+ <prop key="displayName.de">Anzeigename</prop>
+ <prop key="displayName.fr">Nom</prop>
+ <prop key="displayName.it">Nome</prop>
+ <prop key="displayName.ja">表示名</prop>
+ <prop key="description.en">The name that should appear in white-pages-like applications for this person.</prop>
+ <prop key="description.de">Anzeigename</prop>
+ <prop key="description.fr">Nom complet d'affichage</prop>
+ <prop key="description.it">Nome</prop>
+ <prop key="description.ja">アプリケーションでの表示に用いられる英字氏名</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">employeeNumber</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.3</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:employeeNumber</prop>
+ <prop key="displayName.en">Employee number</prop>
+ <prop key="displayName.de">Mitarbeiternummer</prop>
+ <prop key="displayName.fr">Numéro d'employé</prop>
+ <prop key="displayName.it">Numero dell'utente</prop>
+ <prop key="displayName.ja">従業員番号</prop>
+ <prop key="displayName.pt">Número de empregado</prop>
+ <prop key="displayName.sv">Anställningsnummer</prop>
+ <prop key="description.en">Identifies an employee within an organization</prop>
+ <prop key="description.de">Identifiziert einen Mitarbeiter innerhalb der Organisation</prop>
+ <prop key="description.fr">Identifie un employé au sein de l'organisation</prop>
+ <prop key="description.it">Identifica l' utente presso l'organizzazione</prop>
+ <prop key="description.ja">所属機関における利用者の従業員番号</prop>
+ <prop key="description.pt">Número de empregado</prop>
+ <prop key="description.sv">Anställningsnummer: Unik anställningsidentifierare i hemmaorganisationen.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">employeeType</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.4</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:employeeType</prop>
+ <prop key="displayName.en">Employee type</prop>
+ <prop key="description.en">Employee type</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">jpegPhoto</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.60</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:jpegPhoto</prop>
+ <prop key="displayName.en">JPEG Photo</prop>
+ <prop key="description.en">Image of a person in JPEG format</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">preferredLanguage</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.39</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:preferredLanguage</prop>
+ <prop key="displayName.en">Preferred Language</prop>
+ <prop key="displayName.de">Bevorzugte Sprache</prop>
+ <prop key="displayName.fr">Langue préférée</prop>
+ <prop key="displayName.it">Lingua preferita</prop>
+ <prop key="displayName.ja">希望言語</prop>
+ <prop key="displayName.pt">Língua preferida</prop>
+ <prop key="displayName.sv">Språkönskemål</prop>
+ <prop key="description.en">Preferred language: Users preferred language (see RFC1766)</prop>
+ <prop key="description.de">Bevorzugte Sprache (siehe RFC1766)</prop>
+ <prop key="description.fr">Exemple: fr, de, it, en, ... (voir RFC1766)</prop>
+ <prop key="description.it">Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766)</prop>
+ <prop key="description.ja">利用者が希望する言語(RFC1766 を参照)</prop>
+ <prop key="description.pt">Língua preferida: Língua preferida do utilizador (cfr. RFC1766)</prop>
+ <prop key="description.sv">Språkönskemål: Personens önskade språk (see RFC1766).</prop>
+ </props>
+ </property>
+ </bean>
+
+ <!-- Schema: eduPerson attributes -->
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonAffiliation</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.1</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonAffiliation</prop>
+ <prop key="displayName.en">Affiliation</prop>
+ <prop key="displayName.de">Zugehörigkeit</prop>
+ <prop key="displayName.fr">Affiliation</prop>
+ <prop key="displayName.it">Tipo di membro</prop>
+ <prop key="displayName.ja">職位</prop>
+ <prop key="displayName.pt">Tipo de utilizador</prop>
+ <prop key="displayName.sv">Anknytning</prop>
+ <prop key="description.en">Affiliation: Type of affiliation with Home Organization</prop>
+ <prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
+ <prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
+ <prop key="description.fr">Type d'affiliation dans l'organisation</prop>
+ <prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
+ <prop key="description.ja">所属機関における職位(faculty,staff,student,memberなど)</prop>
+ <prop key="description.pt">Tipo de utilizador: tipo de utilizador na organização. Exemplo: Estudante, ...</prop>
+ <prop key="description.sv">Anknytning: Vilken anknytning personen har till organisationen.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonEntitlement</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.7</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonEntitlement</prop>
+ <prop key="displayName.en">Entitlement</prop>
+ <prop key="displayName.de">Berechtigung</prop>
+ <prop key="displayName.fr">Entitlement</prop>
+ <prop key="displayName.it">Prerogativa</prop>
+ <prop key="displayName.ja">資格情報</prop>
+ <prop key="displayName.pt">Título</prop>
+ <prop key="displayName.sv">Rättigheter</prop>
+ <prop key="description.en">Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community</prop>
+ <prop key="description.de">Zeichenkette, die Rechte für spezifische Ressourcen beschreibt</prop>
+ <prop key="description.fr">Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès.</prop>
+ <prop key="description.it">Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità</prop>
+ <prop key="description.ja">特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN)</prop>
+ <prop key="description.pt">URI (retractado por um URN ou URL) que indica um conjunto de direitos para recursos específicos. </prop>
+ <prop key="description.sv">Rättigheter: URI (either URL or URN) som beskriver olika rättigheter till angivna tjänster.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonNickname</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.2</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonNickname</prop>
+ <prop key="displayName.en">Nick name</prop>
+ <prop key="displayName.de">Kurzname</prop>
+ <prop key="displayName.de-ch">Übername</prop>
+ <prop key="displayName.fr">Surnom</prop>
+ <prop key="displayName.it">Diminutivo</prop>
+ <prop key="displayName.ja">ニックネーム</prop>
+ <prop key="description.en">Person's nickname, or the informal name by which they are accustomed to be hailed.</prop>
+ <prop key="description.de">Kurzname einer Person, oder üblicher Rufname zur Begrüßung.</prop>
+ <prop key="description.de-ch">Übername einer Person, oder üblicher Rufname zur Begrüssung.</prop>
+ <prop key="description.fr">Nom personnalisable pour un usage informel.</prop>
+ <prop key="description.it">Diminutivo della persona, o soprannome.</prop>
+ <prop key="description.ja">利用者のニックネームもしくは通称</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonPrimaryAffiliation</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.5</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation</prop>
+ <prop key="displayName.en">Primary affiliation</prop>
+ <prop key="displayName.de">Primäre Zugehörigkeit</prop>
+ <prop key="displayName.fr">Affiliation pricipale</prop>
+ <prop key="displayName.it">Appartenenza principale</prop>
+ <prop key="displayName.ja">主要職位</prop>
+ <prop key="description.en">Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc.</prop>
+ <prop key="description.de">Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc.</prop>
+ <prop key="description.fr">Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc.</prop>
+ <prop key="description.it">Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc.</prop>
+ <prop key="description.ja">所属機関における主要な職位(faculty,staff,student,memberなど)</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonPrincipalName</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.6</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrincipalName</prop>
+ <prop key="displayName.en">Principal Name</prop>
+ <prop key="displayName.de">Persönliche ID</prop>
+ <prop key="displayName.fr">Principal Name</prop>
+ <prop key="displayName.it">Principal Name</prop>
+ <prop key="displayName.ja">プリンシパルID</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
+ <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
+ <prop key="description.fr">L'identifiant unique de l'utilisateur</prop>
+ <prop key="description.it">Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
+ <prop key="description.ja">フェデレーション内で一意かつ永続的な利用者識別子</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonPrincipalNamePrior</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
+ <prop key="displayName.en">Prior Principal Name</prop>
+ <prop key="description.en">eduPersonPrincipalName value that was previously associated with the entry.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonScopedAffiliation</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.9</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonScopedAffiliation</prop>
+ <prop key="displayName.en">Scoped Affiliation</prop>
+ <prop key="displayName.de">Zugehörigkeit</prop>
+ <prop key="displayName.fr">Affiliation</prop>
+ <prop key="displayName.it">Tipo di membro</prop>
+ <prop key="displayName.ja">スコープ付き職位</prop>
+ <prop key="description.en">Specifies the person's affiliation within a particular security domain</prop>
+ <prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
+ <prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
+ <prop key="description.fr">Type d'affiliation dans l'organisation</prop>
+ <prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
+ <prop key="description.ja">セキュリティドメインのスコープが付いた所属機関における職位</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonAssurance</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.11</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonAssurance</prop>
+ <prop key="displayName.en">Assurance Level</prop>
+ <prop key="displayName.de">Vertrauensgrad</prop>
+ <prop key="displayName.fr">Niveau de confiance</prop>
+ <prop key="displayName.it">Livello di sicurezza</prop>
+ <prop key="displayName.ja">保証レベル</prop>
+ <prop key="description.en">Set of URIs that assert compliance with specific standards for identity assurance.</prop>
+ <prop key="description.de">URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten</prop>
+ <prop key="description.fr">Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités</prop>
+ <prop key="description.it">Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti</prop>
+ <prop key="description.ja">IDの保証レベルに関して特定の基準に準拠していることを示すURI</prop>
+ </props>
+ </property>
+ </bean>
+
+ <!-- Semi-deprecated eduPersonUniqueId, should be phased out in favor of SAML subject-id replacement below. -->
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonUniqueId</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.13</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.13</prop>
+ <prop key="displayName.en">Unique ID</prop>
+ <prop key="displayName.de">Eindeutige ID</prop>
+ <prop key="displayName.fr">ID unique</prop>
+ <prop key="displayName.it">ID unico</prop>
+ <prop key="displayName.ja">ユニークID</prop>
+ <prop key="displayName.pt">ID único</prop>
+ <prop key="displayName.sv">Unik identifierare</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
+ <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
+ <prop key="description.fr">Identifiant unique de l'utilisateur</prop>
+ <prop key="description.it">Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
+ <prop key="description.ja">フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID)</prop>
+ <prop key="description.pt">ID único: Identificador pessoal que identifica claramente o utilizador na sua organização</prop>
+ <prop key="description.sv">Unik identifierare: En unik identifierare för en person, används primärt för att identifiera personen inloggning vid annan organisation än hemmaorganisationen.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <!-- Schema: SAML Subject ID Attributes -->
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">samlSubjectID</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oasis:names:tc:SAML:attribute:subject-id</prop>
+ <prop key="displayName.en">Unique ID</prop>
+ <prop key="displayName.de">Eindeutige ID</prop>
+ <prop key="displayName.fr">ID unique</prop>
+ <prop key="displayName.it">ID unico</prop>
+ <prop key="displayName.ja">サブジェクトID</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
+ <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
+ <prop key="description.fr">Identifiant unique de l'utilisateur</prop>
+ <prop key="description.it">Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
+ <prop key="description.ja">フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継)</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">samlPairwiseID</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oasis:names:tc:SAML:attribute:pairwise-id</prop>
+ <prop key="displayName.en">Pairwise ID</prop>
+ <prop key="displayName.de">Pairwise ID</prop>
+ <prop key="displayName.fr">Pairwise ID</prop>
+ <prop key="displayName.it">Pairwise ID</prop>
+ <prop key="displayName.ja">ペアワイズID</prop>
+ <prop key="description.en">Pairwise ID: A unique identifier for a person, different for each service provider.</prop>
+ <prop key="description.de">Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider.</prop>
+ <prop key="description.de-ch">Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider.</prop>
+ <prop key="description.fr">Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service.</prop>
+ <prop key="description.it">Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio.</prop>
+ <prop key="description.ja">フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継)</prop>
+ </props>
+ </property>
+ </bean>
+
+ </list>
+ </constructor-arg>
+ </bean>
+
+</beans>
diff --git a/conf/audit.xml b/conf/audit.xml
index 43f029d..a690ae0 100644
--- a/conf/audit.xml
+++ b/conf/audit.xml
@@ -15,7 +15,7 @@
for compatibility with V2 audit logging.
-->
<util:map id="shibboleth.AuditFormattingMap">
- <entry key="Shibboleth-Audit" value="%T|%b|%I|%SP|%P|%IDP|%bb|%III|%u|%ac|%attr|%n|%i|%X" />
+ <entry key="Shibboleth-Audit" value="%T|%b|%I|%SP|%P|%IDP|%bb|%III|%u|%ac|%attr|%n|%i|%XX|%X" />
</util:map>
<!-- Override the format of date/time fields in the log and/or convert to default time zone. -->
diff --git a/conf/authn/authn-comparison.xml b/conf/authn/authn-comparison.xml
index f167b7a..dcf0271 100644
--- a/conf/authn/authn-comparison.xml
+++ b/conf/authn/authn-comparison.xml
@@ -74,4 +74,73 @@
<value>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</value>
</util:list>
+ <!--
+ Mappings to transform custom Principals for proxied AuthnRequests.
+ Key is the input, value is a collection of possibly empty outputs.
+ Used by default to transform authentication type values from
+ SPs -> Proxied IdPs.
+ -->
+ <util:map id="shibboleth.PrincipalProxyRequestMappings">
+ <!--
+ <entry>
+ <key>
+ <bean parent="shibboleth.SAML1AuthenticationMethod"
+ c:classRef="https://sp.example.org/context" />
+ </key>
+ <list>
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://proxy.example.org/context1" />
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://proxy.example.org/context2" />
+ </list>
+ </entry>
+ <entry>
+ <key>
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://sp.example.org/context" />
+ </key>
+ <list>
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://proxy.example.org/context1" />
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://proxy.example.org/context2" />
+ </list>
+ </entry>
+ -->
+ </util:map>
+
+ <!--
+ Mappings to transform proxied Principals for inclusion in Subjects.
+ Key is the input, value is a collection of possibly empty outputs.
+ Used by default to transform values from Proxied IdP. ->
+ -->
+ <util:map id="shibboleth.PrincipalProxyResponseMappings">
+ <!--
+ <entry>
+ <key>
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://proxy.example.org/context1" />
+ </key>
+ <list>
+ <bean parent="shibboleth.SAML1AuthenticationMethod"
+ c:classRef="https://sp.example.org/context" />
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://sp.example.org/context" />
+ </list>
+ </entry>
+ <entry>
+ <key>
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://proxy.example.org/context2" />
+ </key>
+ <list>
+ <bean parent="shibboleth.SAML1AuthenticationMethod"
+ c:classRef="https://sp.example.org/context" />
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="https://sp.example.org/context" />
+ </list>
+ </entry>
+ -->
+ </util:map>
+
</beans>
diff --git a/conf/authn/discovery-config.xml b/conf/authn/discovery-config.xml
new file mode 100644
index 0000000..e21e3fd
--- /dev/null
+++ b/conf/authn/discovery-config.xml
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <!-- Specify discovery service location. -->
+
+ <bean id="shibboleth.authn.discoveryURL" class="java.lang.String"
+ c:_0="https://ds.example.org/shibboleth-ds/index.html" />
+
+ <!-- Alternatively specify a Function<ProfileRequestContext,String> to return the URL. -->
+ <!--
+ <bean id="shibboleth.authn.discoveryURLStrategy"
+ parent="shibboleth.ContextFunction.Scripted" factory-method="inlineScript">
+ <constructor-arg>
+ <value>
+ <![CDATA[
+ "https://ds.example.org/shibboleth-ds/index.html";
+ ]]>
+ </value>
+ </constructor-arg>
+ </bean>
+ -->
+
+</beans>
diff --git a/conf/authn/external-authn-config.xml b/conf/authn/external-authn-config.xml
index 8b3a159..9d6652a 100644
--- a/conf/authn/external-authn-config.xml
+++ b/conf/authn/external-authn-config.xml
@@ -14,7 +14,7 @@
<!-- Servlet context-relative path to wherever your implementation lives. -->
<bean id="shibboleth.authn.External.externalAuthnPath" class="java.lang.String"
- c:_0="contextRelative:Authn/External" />
+ c:_0="contextRelative:external.jsp" />
<!--
Default is to always use the path in the bean above. If you want to determine it
diff --git a/conf/authn/general-authn.xml b/conf/authn/general-authn.xml
index 5699022..b936f97 100644
--- a/conf/authn/general-authn.xml
+++ b/conf/authn/general-authn.xml
@@ -51,14 +51,6 @@
</property>
</bean>
- <bean id="authn/External" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false" />
-
- <bean id="authn/RemoteUser" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false" />
-
- <bean id="authn/RemoteUserInternal" parent="shibboleth.AuthenticationFlow" />
-
<bean id="authn/Function" parent="shibboleth.AuthenticationFlow" />
<bean id="authn/X509" parent="shibboleth.AuthenticationFlow"
@@ -134,6 +126,29 @@
</property>
</bean>
+ <!-- This is a flow for proxied SAML authentication to another IdP. -->
+
+ <bean id="authn/SAML" parent="shibboleth.AuthenticationFlow"
+ p:nonBrowserSupported="false"
+ p:passiveAuthenticationSupported="true"
+ p:forcedAuthenticationSupported="true"
+ p:proxyScopingEnforced="true"
+ p:discoveryRequired="true" />
+
+ <!--
+ These flows are often, though not exclusively, used to proxy authentication, so may need
+ the proxyScopingEnforced flag enabled by hand to honor RP/local proxy count limits,
+ and may optionally trigger discovery via the discoveryRequired flag.
+ -->
+
+ <bean id="authn/External" parent="shibboleth.AuthenticationFlow"
+ p:nonBrowserSupported="false" />
+
+ <bean id="authn/RemoteUser" parent="shibboleth.AuthenticationFlow"
+ p:nonBrowserSupported="false" />
+
+ <bean id="authn/RemoteUserInternal" parent="shibboleth.AuthenticationFlow" />
+
</util:list>
<!--
diff --git a/conf/authn/jaas-authn-config.xml b/conf/authn/jaas-authn-config.xml
index daef4d2..7edd41c 100644
--- a/conf/authn/jaas-authn-config.xml
+++ b/conf/authn/jaas-authn-config.xml
@@ -22,6 +22,4 @@
<value>ShibUserPassAuth</value>
</util:list>
- <alias name="ValidateUsernamePasswordAgainstJAAS" alias="ValidateUsernamePassword"/>
-
</beans>
diff --git a/conf/authn/krb5-authn-config.xml b/conf/authn/krb5-authn-config.xml
index d3590a2..f826f30 100644
--- a/conf/authn/krb5-authn-config.xml
+++ b/conf/authn/krb5-authn-config.xml
@@ -25,7 +25,5 @@
<bean id="shibboleth.authn.Krb5.ServicePrincipal" class="java.lang.String" c:_0="SERVICE/principal" />
<bean id="shibboleth.authn.Krb5.Keytab" class="java.lang.String" c:_0="%{idp.home}/credentials/keytab" />
-->
-
- <alias name="ValidateUsernamePasswordAgainstKerberos" alias="ValidateUsernamePassword"/>
</beans>
diff --git a/conf/authn/ldap-authn-config.xml b/conf/authn/ldap-authn-config.xml
index 56d1bc7..22824d0 100644
--- a/conf/authn/ldap-authn-config.xml
+++ b/conf/authn/ldap-authn-config.xml
@@ -5,131 +5,28 @@
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
default-init-method="initialize"
default-destroy-method="destroy"
default-lazy-init="true">
- <alias name="%{idp.authn.LDAP.authenticator:anonSearchAuthenticator}" alias="shibboleth.authn.LDAP.authenticator" />
+ <!--
+ Default behavior is to rely on properties to populate the various beans.
+ You can override these, particularly shibboleth.authn.LDAP.authenticator,
+ to customize the settings or avoid use of properties.
+
+ Be cautious of any direct dependency on ldaptive classes to simplify upgrades.
+ -->
+
<bean id="shibboleth.authn.LDAP.returnAttributes" parent="shibboleth.CommaDelimStringArray">
<constructor-arg type="java.lang.String" value="%{idp.authn.LDAP.returnAttributes:1.1}" />
</bean>
- <alias name="ValidateUsernamePasswordAgainstLDAP" alias="ValidateUsernamePassword" />
-
- <!-- Connection Configuration -->
- <bean id="connectionConfig" class="org.ldaptive.ConnectionConfig" abstract="true" p:ldapUrl="%{idp.authn.LDAP.ldapURL}"
- p:useStartTLS="%{idp.authn.LDAP.useStartTLS:true}"
- p:useSSL="%{idp.authn.LDAP.useSSL:false}"
- p:connectTimeoutDuration="%{idp.authn.LDAP.connectTimeout:PT3S}"
- p:responseTimeoutDuration="%{idp.authn.LDAP.responseTimeout:PT3S}"
- p:sslConfig-ref="sslConfig" />
-
- <alias name="%{idp.authn.LDAP.sslConfig:certificateTrust}" alias="sslConfig" />
-
- <bean id="jvmTrust" class="org.ldaptive.ssl.SslConfig" />
- <bean id="certificateTrust" class="org.ldaptive.ssl.SslConfig">
- <property name="credentialConfig">
- <bean parent="shibboleth.X509ResourceCredentialConfig" p:trustCertificates="%{idp.authn.LDAP.trustCertificates:undefined}" />
- </property>
- </bean>
- <bean id="keyStoreTrust" class="org.ldaptive.ssl.SslConfig">
- <property name="credentialConfig">
- <bean parent="shibboleth.KeystoreResourceCredentialConfig" p:truststore="%{idp.authn.LDAP.trustStore:undefined}" />
- </property>
- </bean>
-
- <!-- Authentication handler -->
- <bean id="authHandler" class="org.ldaptive.auth.PooledBindAuthenticationHandler" p:connectionFactory-ref="bindPooledConnectionFactory" />
- <bean id="bindPooledConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory" p:connectionPool-ref="bindConnectionPool" />
- <bean id="bindConnectionPool" class="org.ldaptive.pool.BlockingConnectionPool" parent="connectionPool"
- p:connectionFactory-ref="bindConnectionFactory" p:name="bind-pool" />
- <bean id="bindConnectionFactory" class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="bindConnectionConfig" />
- <bean id="bindConnectionConfig" parent="connectionConfig" />
-
- <!-- Format DN resolution -->
- <bean id="formatDnResolver" class="org.ldaptive.auth.FormatDnResolver" p:format="%{idp.authn.LDAP.dnFormat:undefined}" />
-
- <!-- Pool Configuration -->
- <bean id="connectionPool" class="org.ldaptive.pool.BlockingConnectionPool" abstract="true"
- p:blockWaitTimeDuration="%{idp.pool.LDAP.blockWaitTime:PT3S}"
- p:poolConfig-ref="poolConfig"
- p:pruneStrategy-ref="pruneStrategy"
- p:validator-ref="searchValidator"
- p:failFastInitialize="%{idp.pool.LDAP.failFastInitialize:false}" />
- <bean id="poolConfig" class="org.ldaptive.pool.PoolConfig"
- p:minPoolSize="%{idp.pool.LDAP.minSize:3}"
- p:maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
- p:validateOnCheckOut="%{idp.pool.LDAP.validateOnCheckout:false}"
- p:validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
- p:validatePeriodDuration="%{idp.pool.LDAP.validatePeriod:PT5M}" />
- <bean id="pruneStrategy" class="org.ldaptive.pool.IdlePruneStrategy"
- p:prunePeriodDuration="%{idp.pool.LDAP.prunePeriod:PT5M}"
- p:idleTimeDuration="%{idp.pool.LDAP.idleTime:PT10M}" />
- <bean id="searchValidator" class="org.ldaptive.pool.SearchValidator" />
-
- <!-- Anonymous Search Configuration -->
- <bean name="anonSearchAuthenticator" class="org.ldaptive.auth.Authenticator" p:resolveEntryOnFailure="%{idp.authn.LDAP.resolveEntryOnFailure:false}">
- <constructor-arg index="0" ref="anonSearchDnResolver" />
- <constructor-arg index="1" ref="authHandler" />
- </bean>
- <bean id="anonSearchDnResolver" class="net.shibboleth.idp.authn.PooledTemplateSearchDnResolver"
- p:baseDn="#{'%{idp.authn.LDAP.baseDN:undefined}'.trim()}"
- p:subtreeSearch="%{idp.authn.LDAP.subtreeSearch:false}"
- p:connectionFactory-ref="anonSearchPooledConnectionFactory" >
- <constructor-arg index="0" ref="shibboleth.VelocityEngine" />
- <constructor-arg index="1" value="#{'%{idp.authn.LDAP.userFilter:undefined}'.trim()}" />
- </bean>
- <bean id="anonSearchPooledConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory"
- p:connectionPool-ref="anonSearchConnectionPool" />
- <bean id="anonSearchConnectionPool" class="org.ldaptive.pool.BlockingConnectionPool" parent="connectionPool"
- p:connectionFactory-ref="anonSearchConnectionFactory" p:name="search-pool" />
- <bean id="anonSearchConnectionFactory" class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="anonSearchConnectionConfig" />
- <bean id="anonSearchConnectionConfig" parent="connectionConfig" />
-
- <!-- Bind Search Configuration -->
- <bean name="bindSearchAuthenticator" class="org.ldaptive.auth.Authenticator" p:resolveEntryOnFailure="%{idp.authn.LDAP.resolveEntryOnFailure:false}">
- <constructor-arg index="0" ref="bindSearchDnResolver" />
- <constructor-arg index="1" ref="authHandler" />
- </bean>
- <bean id="bindSearchDnResolver" class="net.shibboleth.idp.authn.PooledTemplateSearchDnResolver"
- p:baseDn="#{'%{idp.authn.LDAP.baseDN:undefined}'.trim()}"
- p:subtreeSearch="%{idp.authn.LDAP.subtreeSearch:false}"
- p:connectionFactory-ref="bindSearchPooledConnectionFactory" >
- <constructor-arg index="0" ref="shibboleth.VelocityEngine" />
- <constructor-arg index="1" value="#{'%{idp.authn.LDAP.userFilter:undefined}'.trim()}" />
- </bean>
- <bean id="bindSearchPooledConnectionFactory" class="org.ldaptive.pool.PooledConnectionFactory"
- p:connectionPool-ref="bindSearchConnectionPool" />
- <bean id="bindSearchConnectionPool" class="org.ldaptive.pool.BlockingConnectionPool" parent="connectionPool"
- p:connectionFactory-ref="bindSearchConnectionFactory" p:name="search-pool" />
- <bean id="bindSearchConnectionFactory" class="org.ldaptive.DefaultConnectionFactory" p:connectionConfig-ref="bindSearchConnectionConfig" />
- <bean id="bindSearchConnectionConfig" parent="connectionConfig" p:connectionInitializer-ref="bindConnectionInitializer" />
- <bean id="bindConnectionInitializer" class="org.ldaptive.BindConnectionInitializer"
- p:bindDn="#{'%{idp.authn.LDAP.bindDN:undefined}'.trim()}">
- <property name="bindCredential">
- <bean class="org.ldaptive.Credential">
- <constructor-arg value="%{idp.authn.LDAP.bindDNCredential:undefined}" />
- </bean>
- </property>
- </bean>
-
- <!-- Direct Search Configuration -->
- <bean name="directAuthenticator" class="org.ldaptive.auth.Authenticator" p:resolveEntryOnFailure="%{idp.authn.LDAP.resolveEntryOnFailure:false}">
- <constructor-arg index="0" ref="formatDnResolver" />
- <constructor-arg index="1" ref="authHandler" />
- </bean>
-
- <!-- Want to use ppolicy? Configure support by adding <bean id="authenticationResponseHandler" class="org.ldaptive.auth.ext.PasswordPolicyAuthenticationResponseHandler"
- /> add p:authenticationResponseHandlers-ref="authenticationResponseHandler" to the authenticator <bean id="authenticationControl"
- class="org.ldaptive.control.PasswordPolicyControl" /> add p:authenticationControls-ref="authenticationControl" to the authHandler -->
-
- <!-- Active Directory Configuration -->
- <bean id="adAuthenticator" class="org.ldaptive.auth.Authenticator" p:authenticationResponseHandlers-ref="authenticationResponseHandler"
- p:resolveEntryOnFailure="%{idp.authn.LDAP.resolveEntryOnFailure:false}">
- <constructor-arg index="0" ref="formatDnResolver" />
- <constructor-arg index="1" ref="authHandler" />
- </bean>
- <bean id="authenticationResponseHandler" class="org.ldaptive.auth.ext.ActiveDirectoryAuthenticationResponseHandler" />
+ <bean id="shibboleth.authn.LDAP.trustCertificates" parent="shibboleth.X509ResourceCredentialConfig"
+ p:trustCertificates="%{idp.authn.LDAP.trustCertificates:undefined}" />
+
+ <bean id="shibboleth.authn.LDAP.truststore" parent="shibboleth.KeystoreResourceCredentialConfig"
+ p:truststore="%{idp.authn.LDAP.trustStore:undefined}" />
+
+ <bean id="shibboleth.authn.LDAP.authenticator" parent="shibboleth.LDAPAuthenticationFactory" />
</beans>
diff --git a/conf/authn/mfa-authn-config.xml b/conf/authn/mfa-authn-config.xml
index f1b3918..3bfbcbb 100644
--- a/conf/authn/mfa-authn-config.xml
+++ b/conf/authn/mfa-authn-config.xml
@@ -56,40 +56,17 @@
</util:map>
<!-- Example script to see if second factor is required. -->
- <bean id="checkSecondFactor" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
- p:customObject-ref="shibboleth.AttributeResolverService">
+ <bean id="checkSecondFactor" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript">
<constructor-arg>
<value>
<![CDATA[
nextFlow = "authn/Password";
- // Go straight to second factor if we have to, or set up for an attribute lookup first.
+ // Check if second factor is necessary for request to be satisfied.
authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
mfaCtx = authCtx.getSubcontext("net.shibboleth.idp.authn.context.MultiFactorAuthenticationContext");
if (mfaCtx.isAcceptable()) {
- // Attribute check is required to decide if first factor alone is enough.
- resCtx = input.getSubcontext(
- "net.shibboleth.idp.attribute.resolver.context.AttributeResolutionContext", true);
- rpCtx = input.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext");
- resCtx.setAttributeRecipientID(rpCtx.getRelyingPartyId());
-
- // Look up the username using a standard function.
- usernameLookupStrategyClass
- = Java.type("net.shibboleth.idp.session.context.navigate.CanonicalUsernameLookupStrategy");
- usernameLookupStrategy = new usernameLookupStrategyClass();
- resCtx.setPrincipal(usernameLookupStrategy.apply(input));
-
- resCtx.getRequestedIdPAttributeNames().add("allowedLoginMethods");
- resCtx.resolveAttributes(custom);
-
- // Check for an attribute that authorizes use of first factor.
- attribute = resCtx.getResolvedIdPAttributes().get("allowedLoginMethods");
- valueType = Java.type("net.shibboleth.idp.attribute.StringAttributeValue");
- if (attribute != null && attribute.getValues().contains(new valueType("IPAddress"))) {
- nextFlow = null;
- }
-
- input.removeSubcontext(resCtx); // cleanup
+ nextFlow = null;
}
nextFlow; // pass control to second factor or end with the first
diff --git a/conf/authn/password-authn-config.xml b/conf/authn/password-authn-config.xml
index f27051b..502e73e 100644
--- a/conf/authn/password-authn-config.xml
+++ b/conf/authn/password-authn-config.xml
@@ -12,12 +12,11 @@
default-init-method="initialize"
default-destroy-method="destroy">
- <!-- Choose an import based on the back-end you want to use. -->
- <!-- <import resource="jaas-authn-config.xml" /> -->
- <!-- <import resource="krb5-authn-config.xml" /> -->
+ <!-- You can optionally comment out anything you don't need. -->
+ <import resource="jaas-authn-config.xml" />
+ <import resource="krb5-authn-config.xml" />
<import resource="ldap-authn-config.xml" />
-
<!-- Names of form fields to pull username and password from. -->
<bean id="shibboleth.authn.Password.UsernameFieldName" class="java.lang.String" c:_0="j_username" />
<bean id="shibboleth.authn.Password.PasswordFieldName" class="java.lang.String" c:_0="j_password" />
@@ -34,9 +33,17 @@
<!-- Apply any regular expression replacement pairs to username before validation. -->
<util:list id="shibboleth.authn.Password.Transforms">
<!--
- <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
+ <bean parent="shibboleth.Pair" p:first="^(.+)@example\.org$" p:second="$1" />
-->
</util:list>
+
+ <!-- Ordered list of CredentialValidators to apply to a request. -->
+ <util:list id="shibboleth.authn.Password.Validators">
+ <ref bean="shibboleth.LDAPValidator" />
+ </util:list>
+
+ <!-- Controls whether all validators in the above bean have to succeed, or just one. -->
+ <util:constant id="shibboleth.authn.Password.RequireAll" static-field="java.lang.Boolean.FALSE"/>
<!-- Uncomment to configure account lockout backed by in-memory storage. -->
<!--
@@ -58,6 +65,7 @@
<entry key="UnknownUsername">
<list>
<value>NoCredentials</value>
+ <value>UnknownUsername</value>
<value>CLIENT_NOT_FOUND</value>
<value>Client not found</value>
<value>DN_RESOLUTION_FAILURE</value>
@@ -87,6 +95,11 @@
<value>ACCOUNT_WARNING</value>
</list>
</entry>
+ <entry key="RequestUnsupported">
+ <list>
+ <value>RequestUnsupported</value>
+ </list>
+ </entry>
</util:map>
<!--
diff --git a/conf/authn/saml-authn-config.xml b/conf/authn/saml-authn-config.xml
new file mode 100644
index 0000000..4ff55f9
--- /dev/null
+++ b/conf/authn/saml-authn-config.xml
@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <!--
+ Optional Function<ProfileRequest,String> to supply name of proxied IdP,
+ otherwise flow assumes IdP discovery has been performed already.
+ -->
+ <!--
+ <bean id="shibboleth.authn.SAML.discoveryFunction" parent="shibboleth.Functions.Constant"
+ c:target="https://idp.example.org/idp/shibboleth" />
+ -->
+
+ <!--
+ Add authentication flow descriptor's supportedPrincipals collection to the
+ resulting Subject? This may be problematic if it happens without regard for
+ the information returned in the assertion from the IdP, so changing this is
+ likely to lead to violations of intent.
+
+ Usually this should be left FALSE, and appropriate bidirectional mappings defined
+ via conf/authn/authn-comparison.xml to translate across the proxy boundary.
+ -->
+ <util:constant id="shibboleth.authn.SAML.addDefaultPrincipals" static-field="java.lang.Boolean.FALSE"/>
+
+</beans>
diff --git a/conf/c14n/subject-c14n.xml b/conf/c14n/subject-c14n.xml
index 9740fdd..e4b772f 100644
--- a/conf/c14n/subject-c14n.xml
+++ b/conf/c14n/subject-c14n.xml
@@ -16,12 +16,18 @@
<!--
These are lists of Subject Canonicalization flows that turn complex Subject data into a string-based
- principal name that the rest of the IdP can operate on. They're used both after authentication and
- during operations like SAML attribute queries, to map the SAML Subject into a principal name.
+ principal name that the rest of the IdP can operate on. They're used primarily after authentication
+ and also during less common operations like SAML attribute queries, to map the SAML Subject into a
+ principal name.
+
Flows are identified with an ID that corresponds to a Spring Web Flow subflow name.
-->
- <!-- Flows used after authentication to produce canonical principal name. -->
+ <!--
+ ====================================================================
+ Flows used after authentication to produce canonical principal name.
+ ====================================================================
+ -->
<util:list id="shibboleth.PostLoginSubjectCanonicalizationFlows">
<!--
This is an advanced post-login step that performs attribute resolution and then produces a username
@@ -31,6 +37,14 @@
-->
<!-- <bean id="c14n/attribute" parent="shibboleth.PostLoginSubjectCanonicalizationFlow" /> -->
+ <!--
+ This is an advanced option for use with SAML 2 proxy authentication to a second IdP that
+ derives the principal name semi-directly from the incoming NameID value. It is functionally
+ akin to the c14n/SAML2Transform flow for SAML Request scenarios, but separately defined so
+ a suitably restrictive format list and/or condition can be applied to it.
+ -->
+ <!-- <ref bean="c14n/SAML2ProxyTransform" /> -->
+
<!--
This is an alternative that handles Subjects containing an X500Principal object and
allows extraction from the DN.
@@ -45,19 +59,46 @@
<ref bean="c14n/simple" />
</util:list>
+ <!-- What SAML NameID formats do you want to support direct transformations for while proxying? -->
+ <util:list id="shibboleth.ProxyNameTransformFormats">
+ <value>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</value>
+ <value>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</value>
+ <value>urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName</value>
+ <value>urn:oasis:names:tc:SAML:1.1:nameid-format:WindowsDomainQualifiedName</value>
+ <value>urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos</value>
+ </util:list>
+
<!--
- Flows used during SAML requests to reverse-map NameIdentifiers/NameIDs. The actual beans defining these
- flows are in a system file. Below the list are some settings that might be useful to adjust.
+ Under what conditions should direct NameID mapping during proxying be allowed? By default, never.
+ Any condition can be used here; the example is suitable for enumerating a number of IdPs to allow.
-->
- <util:list id="shibboleth.SAMLSubjectCanonicalizationFlows">
-
+ <bean id="shibboleth.ProxyNameTransformPredicate" parent="shibboleth.Conditions.ProxyAuthentication">
+ <constructor-arg name="collection">
+ <list>
+ <!-- <value>https://idp-proxy.example.org</value> -->
+ </list>
+ </constructor-arg>
+ </bean>
+
+ <!--
+ Regular expression transforms to apply to incoming proxied subject names. The default empty list just
+ echoes the name through unmodified.
+ -->
+ <util:list id="shibboleth.ProxyNameTransforms">
<!--
- This is installed to support the old mechanism of using PrincipalConnectors in the attribute resolver
- to map SAML Subjects back into principals. If you don't use those (or this is a new install) you can
- remove this.
+ <bean parent="shibboleth.Pair" p:first="^(.+)@example\.org$" p:second="$1" />
-->
- <ref bean="c14n/LegacyPrincipalConnector" />
-
+ </util:list>
+
+
+ <!--
+ =======================================================================
+ Flows used during SAML requests to reverse-map NameIdentifiers/NameIDs.
+ Below the list are some settings that might be useful to adjust.
+ =======================================================================
+ -->
+ <util:list id="shibboleth.SAMLSubjectCanonicalizationFlows">
+
<!-- The next four are for handling transient IDs (in-storage and stateless variants). -->
<ref bean="c14n/SAML2Transient" />
<ref bean="c14n/SAML2CryptoTransient" />
@@ -102,7 +143,7 @@
-->
<util:list id="shibboleth.NameTransforms">
<!--
- <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
+ <bean parent="shibboleth.Pair" p:first="^(.+)@example\.org$" p:second="$1" />
-->
</util:list>
diff --git a/conf/cas-protocol.xml b/conf/cas-protocol.xml
index 535cf0a..2eb1733 100644
--- a/conf/cas-protocol.xml
+++ b/conf/cas-protocol.xml
@@ -74,16 +74,14 @@
| evaluates to true under any condition, a server-side storage service must be enabled for IdP session
| storage. The most common non-default value is "alwaysTrue."
-->
- <bean id="shibboleth.CASProxyValidateIdPSessionPredicate"
- class="com.google.common.base.Predicates"
- factory-method="alwaysFalse" />
+ <bean id="shibboleth.CASProxyValidateIdPSessionPredicate" parent="shibboleth.Conditions.FALSE" />
<!--
| Uncomment the following bean if you want to ignore jsessionid artifacts in service URLs.
| Those sorts of URLs are commonly emitted by Java servlet-based web applications.
-->
<!--<bean id="shibboleth.CASServiceComparator"
- class="net.shibboleth.idp.cas.service.impl.DefaultServiceComparator"
+ class="net.shibboleth.idp.cas.service.DefaultServiceComparator"
c:parameterNames="[a-z]+sessionid" />-->
<!--
diff --git a/conf/errors.xml b/conf/errors.xml
index a9f4074..a5a8790 100644
--- a/conf/errors.xml
+++ b/conf/errors.xml
@@ -28,6 +28,7 @@
<entry key="TermsRejected" value="true" />
<entry key="RuntimeException" value="false" />
<entry key="InvalidEvent" value="false" />
+ <entry key="InvalidCSRFToken" value="false" />
<!--
<entry key="IdentitySwitch" value="false" />
<entry key="NoPotentialFlow" value="false" />
@@ -68,6 +69,7 @@
<entry key="UnableToEncode" value-ref="shibboleth.SAML2Status.UnsupportedBinding" />
+ <entry key="AccessDenied" value-ref="shibboleth.SAML2Status.RequestDenied" />
<entry key="MessageReplay" value-ref="shibboleth.SAML2Status.RequestDenied" />
<entry key="MessageExpired" value-ref="shibboleth.SAML2Status.RequestDenied" />
<entry key="MessageAuthenticationError" value-ref="shibboleth.SAML2Status.RequestDenied" />
@@ -88,6 +90,7 @@
<entry key="SessionNotFound" value-ref="shibboleth.SAML2Status.UnknownPrincipal" />
<entry key="InvalidNameIDPolicy" value-ref="shibboleth.SAML2Status.InvalidNameIDPolicy" />
+ <entry key="ProxyCountExceeded" value-ref="shibboleth.SAML2Status.ProxyCountExceeded" />
<entry key="ChannelBindingsError" value-ref="shibboleth.SAML2Status.ChannelBindingsError" />
</util:map>
diff --git a/conf/idp.properties b/conf/idp.properties
index e992125..b689c32 100644
--- a/conf/idp.properties
+++ b/conf/idp.properties
@@ -1,14 +1,14 @@
# Load any additional property resources from a comma-delimited list
-idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties
+idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties, /credentials/secrets.properties
# In most cases (and unless noted in the surrounding comments) the
-# commented settings in the distributed files are the default
-# behavior for V3.
-#
+# commented settings in the distributed files document default behavior.
# Uncomment them and change the value to change functionality.
+#
+# Uncommented properties are either required or ship non-defaulted.
# Set the entityID of the IdP
-idp.entityID=https://example.org/idp/shibboleth
+idp.entityID=https://idp.example.org/idp/shibboleth
# Set the file path which backs the IdP's own metadata publishing endpoint at /shibboleth.
# Set to empty value to disable and return a 404.
@@ -18,12 +18,19 @@ idp.entityID=https://example.org/idp/shibboleth
idp.scope=example.org
# General cookie properties (maxAge only applies to persistent cookies)
-# Note the default for idp.cookie.secure, you will usually want it set.
-idp.cookie.secure = true
+#idp.cookie.secure = true
#idp.cookie.httpOnly = true
#idp.cookie.domain =
#idp.cookie.path =
#idp.cookie.maxAge = 31536000
+# These control operation of the SameSite filter, which is off by default.
+#idp.cookie.sameSite = None
+#idp.cookie.sameSiteCondition = shibboleth.Conditions.FALSE
+
+# Enable cross-site request forgery mitigation for views.
+idp.csrf.enabled=true
+# Name of the HTTP parameter that stores the CSRF token.
+#idp.csrf.token.parameter = csrf_token
# HSTS/CSP response headers
#idp.hsts = max-age=0
@@ -39,13 +46,12 @@ idp.cookie.secure = true
#idp.views = %{idp.home}/views
# Settings for internal AES encryption key
+#idp.sealer.keyStrategy = shibboleth.DataSealerKeyStrategy
#idp.sealer.storeType = JCEKS
#idp.sealer.updateInterval = PT15M
#idp.sealer.aliasBase = secret
idp.sealer.storeResource=%{idp.home}/credentials/sealer.jks
idp.sealer.versionResource=%{idp.home}/credentials/sealer.kver
-idp.sealer.storePassword=changeit
-idp.sealer.keyPassword=changeit
# Settings for public/private signing and encryption key(s)
# During decryption key rollover, point the ".2" properties at a second
@@ -68,13 +74,13 @@ idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
#idp.encryption.config = shibboleth.EncryptionConfiguration.CBC
# Configures trust evaluation of keys used by services at runtime
-# Defaults to supporting both explicit key and PKIX using SAML metadata.
-#idp.trust.signatures = shibboleth.ChainingSignatureTrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeySignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
-#idp.trust.certificates = shibboleth.ChainingX509TrustEngine
-# To pick only one set to one of:
-# shibboleth.ExplicitKeyX509TrustEngine, shibboleth.PKIXX509TrustEngine
+# Internal default is Chaining, overriden for new installs
+idp.trust.signatures=shibboleth.ExplicitKeySignatureTrustEngine
+# Other options:
+# shibboleth.ChainingSignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
+idp.trust.certificates=shibboleth.ExplicitKeyX509TrustEngine
+# Other options:
+# shibboleth.ChainingX509TrustEngine, shibboleth.PKIXX509TrustEngine
# If true, encryption will happen whenever a key to use can be located, but
# failure to encrypt won't result in request failure.
@@ -82,7 +88,7 @@ idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
# Configuration of client- and server-side storage plugins
#idp.storage.cleanupInterval = PT10M
-#idp.storage.htmlLocalStorage = false
+idp.storage.htmlLocalStorage=true
# Set to true to expose more detailed errors in responses to SPs
#idp.errors.detailed = false
@@ -112,9 +118,9 @@ idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
# Tolerate storage-related errors
#idp.session.maskStorageFailure = false
# Track information about SPs logged into
-#idp.session.trackSPSessions = false
+idp.session.trackSPSessions=true
# Support lookup by SP for SAML logout
-#idp.session.secondaryServiceIndex = false
+idp.session.secondaryServiceIndex=true
# Length of time to track SP sessions
#idp.session.defaultSPlifetime = PT2H
@@ -173,6 +179,9 @@ idp.authn.flows=Password
# Whether to require logout requests/responses be signed/authenticated.
#idp.logout.authenticated = true
+# Bean to determine whether user should be allowed to cancel logout
+#idp.logout.promptUser=shibboleth.Conditions.FALSE
+
# Message freshness and replay cache tuning
#idp.policy.messageLifetime = PT3M
#idp.policy.clockSkew = PT3M
@@ -204,9 +213,14 @@ idp.ui.fallbackLanguages=en,fr,de
# CAS service registry implementation class
#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
+# If true, CAS services provisioned with SAML metadata are identified via entityID
+#idp.cas.relyingPartyIdFromMetadata=false
+
# F-TICKS auditing - set a salt to include hashed username
#idp.fticks.federation=MyFederation
#idp.fticks.algorithm=SHA-256
#idp.fticks.salt=somethingsecret
#idp.fticks.loghost=localhost
#idp.fticks.logport=514
+idp.sealer.keyPassword=changeit
+idp.sealer.storePassword=changeit
diff --git a/conf/intercept/consent-intercept-config.xml b/conf/intercept/consent-intercept-config.xml
index a089211..66f06a0 100644
--- a/conf/intercept/consent-intercept-config.xml
+++ b/conf/intercept/consent-intercept-config.xml
@@ -24,8 +24,7 @@
<alias alias="shibboleth.consent.terms-of-use.Key" name="shibboleth.RelyingPartyIdLookup.Simple" />
<!--
- <bean id="shibboleth.consent.terms-of-use.Key"
- class="com.google.common.base.Functions" factory-method="compose">
+ <bean id="shibboleth.consent.terms-of-use.Key" parent="shibboleth.Functions.Compose">
<constructor-arg name="g">
<bean class="com.google.common.base.Functions" factory-method="forMap" c:defaultValue="terms-of-use">
<constructor-arg name="map">
diff --git a/conf/intercept/external-intercept-config.xml b/conf/intercept/external-intercept-config.xml
new file mode 100644
index 0000000..1d0fc29
--- /dev/null
+++ b/conf/intercept/external-intercept-config.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <!-- Servlet context-relative path to wherever your implementation lives. -->
+ <bean id="shibboleth.intercept.externalPath" class="java.lang.String"
+ c:_0="contextRelative:intercept.jsp" />
+
+ <!--
+ Default is to always use the path in the bean above. If you want to determine it
+ dynamically, define a bean called "shibboleth.intercept.externalPathStrategy"
+ of type Function<ProfileRequestContext,String> that returns the path to use.
+ -->
+
+</beans>
diff --git a/conf/intercept/profile-intercept.xml b/conf/intercept/profile-intercept.xml
index 7b4c8aa..f086cfa 100644
--- a/conf/intercept/profile-intercept.xml
+++ b/conf/intercept/profile-intercept.xml
@@ -33,6 +33,8 @@
<bean id="intercept/attribute-release" parent="shibboleth.consent.AttributeReleaseFlow" />
<bean id="intercept/impersonate" parent="shibboleth.InterceptFlow" />
+
+ <bean id="intercept/external" parent="shibboleth.InterceptFlow" />
</list>
</property>
</bean>
diff --git a/conf/ldap.properties b/conf/ldap.properties
index c8811a9..d89412a 100644
--- a/conf/ldap.properties
+++ b/conf/ldap.properties
@@ -6,8 +6,8 @@
## Connection properties ##
idp.authn.LDAP.ldapURL=ldap://localhost:10389
-idp.authn.LDAP.useStartTLS = false
-idp.authn.LDAP.useSSL = false
+#idp.authn.LDAP.useStartTLS = true
+#idp.authn.LDAP.useSSL = false
# Time in milliseconds that connects will block
#idp.authn.LDAP.connectTimeout = PT3S
# Time in milliseconds to wait for responses
@@ -33,7 +33,6 @@ idp.authn.LDAP.userFilter=(uid={user})
# bind search configuration
# for AD: idp.authn.LDAP.bindDN=adminuser@domain.com
idp.authn.LDAP.bindDN=uid=myservice,ou=system
-idp.authn.LDAP.bindDNCredential=myServicePassword
# Format DN resolution, used by directAuthenticator, adAuthenticator
# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
@@ -46,7 +45,6 @@ idp.attribute.resolver.LDAP.connectTimeout=%{idp.authn.LDAP.connectTimeout:PT3S}
idp.attribute.resolver.LDAP.responseTimeout=%{idp.authn.LDAP.responseTimeout:PT3S}
idp.attribute.resolver.LDAP.baseDN=%{idp.authn.LDAP.baseDN:undefined}
idp.attribute.resolver.LDAP.bindDN=%{idp.authn.LDAP.bindDN:undefined}
-idp.attribute.resolver.LDAP.bindDNCredential=%{idp.authn.LDAP.bindDNCredential:undefined}
idp.attribute.resolver.LDAP.useStartTLS=%{idp.authn.LDAP.useStartTLS:true}
idp.attribute.resolver.LDAP.trustCertificates=%{idp.authn.LDAP.trustCertificates:undefined}
idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal)
@@ -60,4 +58,3 @@ idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal)
#idp.pool.LDAP.prunePeriod = PT5M
#idp.pool.LDAP.idleTime = PT10M
#idp.pool.LDAP.blockWaitTime = PT3S
-#idp.pool.LDAP.failFastInitialize = false
diff --git a/conf/logback.xml b/conf/logback.xml
index 2bf2c2b..9a91d26 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -14,7 +14,7 @@
<!-- Location and retention. -->
- <variable name="idp.logfiles" value="${idp.logfiles:-${idp.home}/logs}" />
+ <variable name="idp.logfiles" value="${idp.home}/logs" />
<variable name="idp.loghistory" value="${idp.loghistory:-180}" />
<!-- Much higher performance if you operate on DEBUG. -->
@@ -60,7 +60,6 @@
<logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props}" />
<!-- Especially chatty. -->
- <logger name="net.shibboleth.idp.saml.attribute.mapping" level="INFO" />
<logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec}" />
<logger name="org.springframework" level="${idp.loglevel.spring}"/>
<logger name="org.apache.catalina" level="${idp.loglevel.container}"/>
@@ -78,7 +77,7 @@
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
</encoder>
<!-- Ignore Velocity status page error. -->
@@ -173,4 +172,4 @@
<appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
</root>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/conf/logback.xml.dist b/conf/logback.xml.dist
index cda207e..ac19b1f 100644
--- a/conf/logback.xml.dist
+++ b/conf/logback.xml.dist
@@ -14,7 +14,7 @@
<!-- Location and retention. -->
- <variable name="idp.logfiles" value="${idp.logfiles:-${idp.home}/logs}" />
+ <variable name="idp.logfiles" value="${idp.home}/logs" />
<variable name="idp.loghistory" value="${idp.loghistory:-180}" />
<!-- Much higher performance if you operate on DEBUG. -->
@@ -60,7 +60,6 @@
<logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props}" />
<!-- Especially chatty. -->
- <logger name="net.shibboleth.idp.saml.attribute.mapping" level="INFO" />
<logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec}" />
<logger name="org.springframework" level="${idp.loglevel.spring}"/>
<logger name="org.apache.catalina" level="${idp.loglevel.container}"/>
@@ -82,7 +81,7 @@
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
</encoder>
<!-- Ignore Velocity status page error. -->
@@ -189,4 +188,4 @@
<appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
</root>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/conf/logback.xml.tmp3 b/conf/logback.xml.tmp3
index 88c28eb..4eebeaa 100644
--- a/conf/logback.xml.tmp3
+++ b/conf/logback.xml.tmp3
@@ -14,7 +14,7 @@
<!-- Location and retention. -->
- <variable name="idp.logfiles" value="${idp.logfiles:-${idp.home}/logs}" />
+ <variable name="idp.logfiles" value="${idp.home}/logs" />
<variable name="idp.loghistory" value="${idp.loghistory:-180}" />
<!-- Much higher performance if you operate on DEBUG. -->
@@ -60,7 +60,6 @@
<logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props}" />
<!-- Especially chatty. -->
- <logger name="net.shibboleth.idp.saml.attribute.mapping" level="INFO" />
<logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec}" />
<logger name="org.springframework" level="${idp.loglevel.spring}"/>
<logger name="org.apache.catalina" level="${idp.loglevel.container}"/>
@@ -82,7 +81,7 @@
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
</encoder>
<!-- Ignore Velocity status page error. -->
@@ -189,4 +188,4 @@
<appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
</root>
-</configuration>
\ No newline at end of file
+</configuration>
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
index 1c95d2b..0667e71 100644
--- a/conf/metadata-providers.xml
+++ b/conf/metadata-providers.xml
@@ -1,15 +1,24 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!-- This file is an EXAMPLE metadata configuration file. -->
<MetadataProvider id="ShibbolethMetadata" xsi:type="ChainingMetadataProvider"
xmlns="urn:mace:shibboleth:2.0:metadata"
- xmlns:resource="urn:mace:shibboleth:2.0:resource"
xmlns:security="urn:mace:shibboleth:2.0:security"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:alg="urn:oasis:names:tc:SAML:metadata:algsupport"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:ds11="http://www.w3.org/2009/xmldsig11#"
+ xmlns:enc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns:enc11="http://www.w3.org/2009/xmlenc11#"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:metadata http://shibboleth.net/schema/idp/shibboleth-metadata.xsd
- urn:mace:shibboleth:2.0:resource http://shibboleth.net/schema/idp/shibboleth-resource.xsd
urn:mace:shibboleth:2.0:security http://shibboleth.net/schema/idp/shibboleth-security.xsd
- urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd">
+ urn:oasis:names:tc:SAML:2.0:assertion http://docs.oasis-open.org/security/saml/v2.0/saml-schema-assertion-2.0.xsd
+ urn:oasis:names:tc:SAML:2.0:metadata http://docs.oasis-open.org/security/saml/v2.0/saml-schema-metadata-2.0.xsd
+ urn:oasis:names:tc:SAML:metadata:algsupport http://docs.oasis-open.org/security/saml/Post2.0/sstc-saml-metadata-algsupport-v1.0.xsd
+ http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
+ http://www.w3.org/2009/xmldsig11# http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/xmldsig11-schema.xsd
+ http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
+ http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">
<!-- ========================================================================================== -->
<!-- Metadata Configuration -->
@@ -75,18 +84,4 @@
indexesRef="shibboleth.CASMetadataIndices" />
-->
- <!-- InCommon Per-Entity Metadata Distribution Service -->
- <MetadataProvider id="incommon" xsi:type="DynamicHTTPMetadataProvider"
- maxCacheDuration="PT24H" minCacheDuration="PT10M">
- <!-- Verify the signature on the root element (i.e., the EntityDescriptor element) -->
- <MetadataFilter xsi:type="SignatureValidation" requireSignedRoot="true"
- certificateFile="%{idp.home}/credentials/inc-md-cert-mdq.pem" />
-
- <!-- Require a validUntil XML attribute no more than 14 days into the future -->
- <MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P14D" />
-
- <!-- The MetadataQueryProtocol element specifies the base URL for the query protocol -->
- <MetadataQueryProtocol>https://mdq.incommon.org/</MetadataQueryProtocol>
- </MetadataProvider>
-
</MetadataProvider>
diff --git a/conf/relying-party.xml b/conf/relying-party.xml
index 28c9193..5045b93 100644
--- a/conf/relying-party.xml
+++ b/conf/relying-party.xml
@@ -34,13 +34,18 @@
<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
<property name="profileConfigurations">
<list>
+ <!-- SAML 1.1 and SAML 2.0 AttributeQuery are disabled by default. -->
+ <!--
<bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" />
<ref bean="SAML1.AttributeQuery" />
<ref bean="SAML1.ArtifactResolution" />
+ -->
<bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release" />
<ref bean="SAML2.ECP" />
<ref bean="SAML2.Logout" />
+ <!--
<ref bean="SAML2.AttributeQuery" />
+ -->
<ref bean="SAML2.ArtifactResolution" />
<ref bean="Liberty.SSOS" />
</list>
diff --git a/conf/saml-nameid.properties b/conf/saml-nameid.properties
index e489430..7169c5e 100644
--- a/conf/saml-nameid.properties
+++ b/conf/saml-nameid.properties
@@ -4,10 +4,6 @@
# identifiers. See saml-nameid.xml and c14n/subject-c14n.xml for advanced
# settings
-# Comment out to disable legacy NameID generation via Attribute Resolver
-#idp.nameid.saml2.legacyGenerator = shibboleth.LegacySAML2NameIDGenerator
-#idp.nameid.saml1.legacyGenerator = shibboleth.LegacySAML1NameIdentifierGenerator
-
# Default NameID Formats to use when nothing else is called for.
# Don't change these just to change the Format used for a single SP!
#idp.nameid.saml2.default = urn:oasis:names:tc:SAML:2.0:nameid-format:transient
@@ -18,12 +14,10 @@
# Persistent IDs can be computed on the fly with a hash, or managed in a database
-# For computed IDs, set a source attribute and a secret salt:
-idp.persistentId.sourceAttribute = uid
+# For computed IDs, set a source attribute, and a secret salt in secrets.properties
+#idp.persistentId.sourceAttribute = changethistosomethingreal
#idp.persistentId.useUnfilteredAttributes = true
-# Do *NOT* share the salt with other people, it's like divulging your private key.
#idp.persistentId.algorithm = SHA
-#idp.persistentId.salt = changethistosomethingrandom
# BASE64 will match V2 values, we recommend BASE32 encoding for new installs.
idp.persistentId.encoding = BASE32
diff --git a/conf/services.properties b/conf/services.properties
index 0aa9007..9dc3dff 100644
--- a/conf/services.properties
+++ b/conf/services.properties
@@ -12,14 +12,24 @@
#idp.service.logging.failFast = true
idp.service.logging.checkInterval = PT5M
-# Set to shibboleth.LegacyRelyingPartyResolverResources with legacy V2 relying-party.xml
#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources
#idp.service.relyingparty.failFast = false
idp.service.relyingparty.checkInterval = PT15M
+# Set true to limit metadata-driven settings lookup to decoded EntityAttributes
+idp.service.relyingparty.ignoreUnmappedEntityAttributes=true
#idp.service.metadata.resources = shibboleth.MetadataResolverResources
#idp.service.metadata.failFast = false
#idp.service.metadata.checkInterval = PT0S
+# Set to false if not using ByReference MetadataFilters for a small perf gain
+#idp.service.metadata.enableByReferenceFilters = true
+
+#idp.service.attribute.registry.resources = shibboleth.AttributeRegistryResources
+#idp.service.attribute.registry.namingRegistry = shibboleth.DefaultNamingRegistry
+#idp.service.attribute.registry.failFast = false
+idp.service.attribute.registry.checkInterval = PT15M
+# Default control of whether to encode XML attribute data with xsi:type
+idp.service.attribute.registry.encodeType = false
#idp.service.attribute.resolver.resources = shibboleth.AttributeResolverResources
#idp.service.attribute.resolver.failFast = false
@@ -45,6 +55,10 @@ idp.service.access.checkInterval = PT5M
#idp.service.cas.registry.failFast = false
idp.service.cas.registry.checkInterval = PT15M
+#idp.service.managedBean.resources = shibboleth.ManagedBeanResources
+#idp.service.managedBean.failFast = false
+idp.service.managedBean.checkInterval = PT15M
+
#idp.message.resources = shibboleth.MessageSourceResources
#idp.message.cacheSeconds = 300
diff --git a/conf/services.xml b/conf/services.xml
index e04ac8f..5a4cdea 100644
--- a/conf/services.xml
+++ b/conf/services.xml
@@ -54,12 +54,6 @@
<value>%{idp.home}/system/conf/relying-party-system.xml</value>
</util:list>
- <!-- This set of resources supports a legacy 2.x relying-party.xml file. -->
- <util:list id="shibboleth.LegacyRelyingPartyResolverResources">
- <value>%{idp.home}/conf/relying-party.xml</value>
- <value>%{idp.home}/system/conf/legacy-relying-party-defaults.xml</value>
- </util:list>
-
<util:list id="shibboleth.MetadataResolverResources">
<value>%{idp.home}/conf/metadata-providers.xml</value>
<value>%{idp.home}/system/conf/metadata-providers-system.xml</value>
@@ -69,6 +63,13 @@
<value>%{idp.home}/conf/attribute-resolver.xml</value>
</util:list>
+ <util:list id ="shibboleth.AttributeRegistryResources">
+ <value>%{idp.home}/conf/attribute-registry.xml</value>
+ <value>%{idp.home}/system/conf/attribute-registry-system.xml</value>
+ <value>%{idp.home}/conf/attributes/default-rules.xml</value>
+ <value>%{idp.home}/conf/attribute-resolver.xml</value>
+ </util:list>
+
<util:list id ="shibboleth.AttributeFilterResources">
<value>%{idp.home}/conf/attribute-filter.xml</value>
</util:list>
diff --git a/credentials/idp-backchannel.crt b/credentials/idp-backchannel.crt
index fd26a59..c8886ea 100644
--- a/credentials/idp-backchannel.crt
+++ b/credentials/idp-backchannel.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEKDCCApCgAwIBAgIVAJ0iknQBSFLEkl3ybj6HYSWkOw+CMA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0xOTEwMDIxNDQ2NTZa
-Fw0zOTEwMDIxNDQ2NTZaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJI3OlyhXVII2YS2VGAZlCy/PE1
-RPLwTb9hIrBETcpA3JwVba2hBq8v0lWGpWkmvQfsjH+bKRJe611EyXwWQH04qGCU
-RDCFKBU8E9P87m6GTeh+DC6eVXxOB2h0pf3Zmktf48hlhV1X24NwIjba6v9X8oHF
-FTFFqopOPAaJWnODPQyul/d4DqkqkBfQer6p0RiDL/V79WpTVG87pJxmGH2FbchP
-PivVO9sMYfC5lqe37x/zu8huU0jDnB20eqEjnVNjvPjzbF36xPA06770FJuPxCYd
-5oebut50pO7DZY7MZGu4/UME0JfDrnCsyPz2L1gdxXX28mydAVL3YwIajZzuPVwJ
-HC+HJuF3YNgIZ7ZO6uN2Cyi1tKKAE5n3G19L8NLLW44MVxkS9ox9cFvw5e2Zm+ek
-Hh6iu6Y9/blyuFjlqVaffM6l6NVnAAXPiIpwnBdzWdJqMcJzgC5bTqOGEZdeR9hT
-ei0e1s+bmBj3/3cOB3hII74P5sCuGLfiYqSQzQIDAQABo2UwYzAdBgNVHQ4EFgQU
-hb0zxPkLe5m7vmD8AH0fjATSaIwwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
+MIIEKDCCApCgAwIBAgIVAIsUgQNNYuil54yiVLUFlzdr/qQUMA0GCSqGSIb3DQEB
+CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMDAyMDYxNzE5NTRa
+Fw00MDAyMDYxNzE5NTRaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOSJwBSKrIMjDCdjxHYxQ0YGz56h
+Vqb/DklBpsOeOgXnFMPoDf941IDu2kOvCpRKW12wWmDUskv9Vi+4RfiA9gUXUCdh
+jHTNBUj9GXYafCFFMReZ/fVbqvSRHCE/EBHHjo2qAHTfw/R0P8IBdAICs1LvkzCn
+W3prZJnJH3HD3+W/yubesNe5cG3/D9OnAeNMcwtNh7fyuGIFzUL1OA/pL0Gu+UXx
+W0sMjOPR4Tlt0yi1k2tsZGmB6AYMqX2Wjd/nhjTibqGEVC0OSRiDtr/C8nEx5MAD
+bl23mzHR8S/9vxQN8Y9N78FtObnMcB5PPtkkJsqBPpAlDiz2ONT27AnTM6EsaBjc
+VG3PH7Js7SSEvJPuibTfxIOWcLmVVSt6RozMSclXpvq2I9l35hoCq+OaoF+RXbSO
+8gaon5NYbCfWVSpbmKbw1o/wcOqsrM1F/4mtZp3T5VMYOZBARXlewwkh+xm0p5JB
+lmJO8x9WOIiQFjiPZKkK63GR5OgO5RwD5O3U4wIDAQABo2UwYzAdBgNVHQ4EFgQU
+3ztcEnBpdG+CgScY9MC0g81oOVcwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEADQ17KGVQJ6AZTqDUDxVAfrTlFXysuvQg1WntrMB1PUzlb6Pa
-AO6Nb24YiY0PonSk7iz+gOg4P/V2b9wX4NXPBcX5h86fxR8R3cwZYsYKhwBBQ6uo
-UZnqtNyYNY/3hM2Dj8sR1PMijwgNmo7KOzzBPKKhID2dtGL3bS3TrX8xjmc7NK+r
-5VE9LrK3kG3ht3qM0I7iPMNuQXBOuduRG8WGD8NsFwHcYfORJmK5Ac/AtjHMVLF0
-x+m4LyLxP53t9/5+5fiJ3bghXM7Uuzjjmes6fdZyUcxinrwFxvSIGz3gqXf35Omf
-EwFemewB5B9GkAVXJSq2J64+iWXTo556YEC/RUrX6ZA5db6zHIeHX4BSf7U5YUBm
-LRJ/RJZKKPKEBBJgvh8vUFLF64tDn0c9x3n1mw+ZLHnPcjdX5v/stLVgR020vRx7
-8CGsrydmj+80Gm3Ji1eGJfD2LdUslve3bNerEW2AUM3DFx6wDlR5K/0ix98Ah1w0
-AuAeyajXyLR9NkPm
+9w0BAQsFAAOCAYEAAsszcNm8lHWf31vwbNGY8m6Oz6XXrhYAmRcudvs86z2bWw3C
+oDLvKWFuyJAAeIP11UpbW4aSs+P2f4I9/ZfTVbqKxPfSYIG1LSdKl5ICFaGP18K6
+PBqtu6eu71Hrz083IvR8qddD7Kl12aGfwDhFUtqy2zhmYsI7LhfwRA8ayJX4204x
+tOmU6LxRtgJWsdlqjyzcZ9buafqfvoTCbjnzbO2gUoEPCDUxfTi+HRn+JppXVxzV
+vXbs9G5xWI6eeojYtZqKWn3xaLQcPcla2b0dJSYvZ0paoC44hpwr5eWX2mGQ5+cn
+AzK55H3uOq975QJDIdXpuuWIh99y+jC8/NcUFkFjb/86DSOs+LtwM2VhjiL5HL3I
+oVIuAVBS4YAxE8NDGgcuPrS7+m1UjnHiagOkEqbhMr0/j16/g++CivWpWPxjTYfL
+Rbw85j+b7/uzUTYXzQgVpSnvgB6cP92MH3WNWyIYf+d/mribIybrKpE65diSVUYC
+vwiLfazt2AHOsVki
-----END CERTIFICATE-----
diff --git a/credentials/idp-backchannel.p12 b/credentials/idp-backchannel.p12
index ef5ab52a6043df654a9163c83a7511c7ce1d8efb..f39cfa8df1b3447869fb29e8fef70eff16d3dd8c 100644
GIT binary patch
delta 3182
zcmV-!43YD(8nGIXXn%r3p$_>^Y)>M?yz?CW!mhU~&@ci60K-rOf(Hohf05eX3lGLN
zU936Se5tsI?o5@-R6}dj|3P^&-R~XNjR<Sdyub{rp<E~(J)CrHCzocx*Gz<~#`;_f
z%l<2vjY^GPV5_Dj&uo3Yo>KRM82^!(_0e#4fMYej>M?I~N`EzDiWabt+6vZ$x=6l=
z9g<W|0Z@NpnUw|~srSB>R<$%Z4}odk(OviReM4t}=+Ljl1`ZM#eqwpgx(<i~=%)fS
zC&mL(6@6}XHp|1c5(Usa!7F`7KsGU@qZMA^-he$6=W2pkUfzxNV!y|Qb0bJ#>(0d*
zMe`sTnxdpw^nWI^S&?C#r9SY&9C5zmnfjb`emPaRLtmKeY$9^gAm&*TnZ%!UCv|@u
zt!*HlEhYV!GI?okm-LB+gTyfW%7kaqC)I9KyOnj@B~vpJQi5r!aGDY9NWT~>SUc?t
zRUz>nr4>5@_P>jO4SA%R7iq~-JA(SkKka@<%f|diQGZ}=pL^$xYtK<0+7+iqGA8Gi
zUpuyr^ES0dKLnu@7{8P!mVu8Xo1I(QqPV<+D!c@olOM}r8IuM{XAvOM&)Pzi{PlFp
z=ZCu>nxR%tF@G^=p{*d`br$fDlD$xNc@EelsChzhbOP#!p~QRkpm-S%)K`&+naKJK
zhY{FT=6~A6^38yT4_ss&y#P-^(v9oI3TXMmq$ktMU*bB6+vI)qQMu`pRy}aW{n^A0
z?b701(piC<<(gt`(Ax7TVaMx(Sqc2y?p7Gq(a9wBYMpsjGPa8?<fIER!?b0ROO}Nb
zP$UQ#PcbylIXte{|D<UILEgeLcq0QwRrSV3?SJh>Q|zf>mT4KOauhM2BuPfE!Z5wH
z9ED^2THs|}*dS)E2DN^Sx^{<ob<f|mO+y%81|SFO8bl>c>{9d$ifWJF=qXVWijT%B
zbos&5oo2KjgGiHW2XqqDQoRmt*b#DE-F;mI(BA6nVYvPTt7FXwx{|W<3&=g71&+UF
z%zxt9!^uMr`Pw}<#^siAHhg(_kGo0>p5!1-VUC@yH3K;h(uoxRY$jpu4g&mb33;g9
z6m3pw`VWbx?c+mjPqOyM0WIF8`U6xLv<MBB<Y$_pbao5GAt`7I+P;A)^&)OT1iwSa
zyIYn0RbO<R$fTK>cluBdAixg|S{VK0_J5+9c#gEtxTAmhq0}(7okmE|%l(IPv0^TX
zkm+`_=%XQtl)DHBNE@kbOW}K85i#<UOuUb;xR&zG`p=D1Y7-?S#1Bz!N0&dP1cX4X
zj=sRhjPJ&qq-8Tj`8Lea5;2F=DOQEnd|Xyxa3hQf&K}7Qg*QsZ>fcX^@T#Qa)qj!s
zV(~l6-Ji&*PI~f`JYPVkvM=F-r(uUx;a_@jzvgOh!MjUA{3oODj)<0KcQmPyYj00-
z252;c8dIZXd<jz$OaLx)lmw09$_+)r`FZ;rmZ74{XEH$cic6n}Fp*F8;<gu6sQIge
z5mF0f8q(Jxd{{8rOmjvuujfl0xPOZs=LcRC#q)t3K@z$Y=Ep~5EmBR_s{klnD02(z
zvFf4mKLnS&4|4N9Z^(@ZbTLplHk`lb(iN>^LDu~3mgr~>$mERoPx9$cbDEpKSyV+P
z(R$omZ#zL?@{^!bP(o_9jvrCA5UR(9xpX@}V!=R-_PJ{3gLux2j6G$9`hT%VdiQLR
zG$(>108n0#CJ>jkzfGCnFBE!RI8xrXLs6t!&$pFLUBH6_5FwPP)}&l%94T=|Jgf6g
zo(I~{6ZRb!xN&i>^B#UyyD^&?pc10+Ui!sTs@S2tq+fl+`La=m-f!g9Td@NKyG3F_
z1gT9csAb;?E;H2@0PYvST7UTKEo@9xW?)XD=Mec;`pFz5gSZd$Z?1cjd8ZqvH2@^=
zvmpwPbxvJK57t4Vi+k{2%%$qUpr^psE$WY6LhD%@Ey92&<cU*3b!4zoLmMc6w+gd@
zC{%&;D*G`6*C{KpZ!J*)(+FkQ!XlxaD_6b9kdR-7gJKZQt0Ul3X@7W8H6o>PqSgn1
zT()V4RVK9+0+R$mE_IZad~$S=PG&wi-y~(7JR09FURX-TZ-b&fH>Q)@8eOqs`V_%W
zsSmqLW|glc=>a4uSFs9VJNb=c?2$Zr-uoe=$KY6LWEH@`SSXUO)vO`&2<`i_SW$P*
z%TqUD4%6{J6u`Z{E`NVn@h%M)c6|Vw;ML}NSTvuCZ_(8hYUM$aSP89nC~~uZZj$*9
z2It~VQkdD4d{4kbsES)^>`kn`0M~u#3d+={aR1IZMiCJ_2#5d0i@b|k;xFv)W0m={
z>Y9EH14$~hwh0JS|1%O#@D3NlSA#bWnHKheo2KOG3Hve+Rx_q#>$zAt=yJpRy+RrN
zBql_sm@tv{<;dd-o@HqVH-6%qM4MxmU5SO&a+O*a>WYG#a+8e*NeehJFfchaIW;ga
zGLzv4JAY-+|MyUg+3kDHU)>A)mTuAZ&JF?t0K-s#f&{n$gy7^bN{(~c1h-wlo>3Ny
z5vG}v6O*E8IP=r24@Fr2wUYmnF%Mnb5C>gd88@+ZaQlQqC9E%pj1LJvtu1wO`GPUf
zyc!Gy8B)BM(06t6DEOz`zaGEeG>|f32(8UUv44s1T;d4u1Q{q~1t%p7_XwhgBLWen
zDbTZ0MyB+5supnW1^=B^O+IMnzsG2^z5SH5D*PkiueyuGFuCuauy1T+^%FWtDuj%$
z?IM&!Yd)0O#*%0x(I&w~51tmxveDwSEj*<_l-;aHEK@cI+MDCvewCYL_P?xww*EH|
zv44ok<b1jR^G(}+U*N<MMXc!w0zkS70NBXsK<}jIXjugds>}~sN(c-*spqx{UR6FB
z_{c=snka&H^R2@jqUx*$Ls`yb$Q$sBecp7Y&@vZ6F?p}H1gSylt9!2oG*yTV)_bdh
zNx48p{h1t;w#A`_S(l_hv8^4{)xC9lYk!FRs)m?#Ho7;k$t?k}UGwcyY>=3TxbYmU
z0L%cqGi-d6L!;l42am7Sw-Mf`=KO`c?P(FNU{{?9JZMUM#<dBW?Au^N;%UXF@2PXx
z5=Fywi{s|FDcd*lA@=)1JKh`hbnHdTLUj(_i+cy*8t`O+W;GShpdfqSzNIH8bbsBT
z>*Wc7+fN~PxW=dBBvouw7-^|Dc8V9q?yVK93h$`Sd8AGBHo+D#7MNIwyxY*O<g-5|
zG|TI+2kSQs`bZ(jq6lIzGi8KHeCY7(>Zi~Liop9bp&--c8_L%XnNf%Mw$zYVs%yxa
zqDw2`a}-TTCO>%5`xQ(YQiN}ck$+SgC^c(2JGjBB?o=ko<;7)FnKXLt^$!=H)S$$f
zB@~E2AM;+Jv30UZgTLx4%f4AiPC%yUpF^HI<vgH>JixmS@CaSqn|R@&^yjBsKsGDE
ztJ17w9rgRDboX<C%=*4q*_TU|Ypf-W;b^Nk!!=iB-Z`#XX<M`{kuY={5PvfbLl005
zN~G;=)dZhS0LENygBc~Z9L&SuW>qHbOVUNJnwSV`A?T;}bNnI9ElA1Gy1B(ej3JXQ
z^61pm;|$1{ERPZ6Y&p2Qyk#C7q`E7_rO(S^dIwqf+;VBpcsqAnruYG>*g;4?DB5#k
z8ud6&&HF0}PJy`7&9cJz6MqgrGC-<Zfk@wJo2=7mFwJZ}{@oUH@uaLfHs`N?YP$OV
zploe`U;Z*SZi0izzs$;=CngX9WGYA_YOFmVSuiKVXr0f*Q|4w8K*L~@kc7rFr<w8=
zSb*!Hpb;Z-t#T~P2k1RgjMJG5Ld2J@^XU<s2;Jm5-z6`PRh-aFUw`DbCt*EdXBfNP
zHcE*5EMe)MbpR$ClH#V8vJrtNUa}5^%J8lTE1+)I&%FQ7wZCfKz7T3cyCKcv{<U!V
zJdL9}p5pL`IB!x&7@cwU5KY?ia7*`gp@n2ewpnwC_%wyI3(Bv9WR(puwES$t)Yg+`
zh|62>OzZOcO2`005r4Yv@A{HZ9Zh?g+(M323Ec{1P%p}=bW&IIceiEbDse2u9opTp
zEwrNdtKc|x<J!Q-o1K<Y`=Q1tVzXr=2gS4VoG<n2q0osMfozj?zN2YJsnQIZu?d%K
z*CHuRFg`FLFbM_)D-Ht!8U+9Z6uy+n9xmf6wI<p*TYm-#nIAR<kE{d~hJEJ>YoxkW
U1a?ETd)Rj8FX5Ll0s{etpy|0I*#H0l
delta 3182
zcmV-!43YD(8nGIXXn*2-8&^+L@DVz9rp!CjTaoW1z$yX*0K-rOf(HnW5kv0n6GSdB
zQG3DGeq0{gp7;iE3g}k7_#`t5X47B*QY|B-pP4J}j<Botad;UtszWr=q;=ZIW8wkM
z!j7`OJ+KCpI9TlpW0kFHJngJ;%ni-NOiM3iEQcOuE-(W$C4a+I0w72tmR=ln2ArF)
z|DHs$nvV+@_7)>f#ypCZw5aBjj&H{^t1_xi6BMpPFpg>X{9WkVhj9ibIZgtww2dt<
zfrv<%mo(k=Xf-TD$JQUwXxreLEoM@I4?~DTKu&+q8ne5YFOK$E^aw$3RM&;uLTK&U
z3G>+AJ@BXD9)BYWqNSq$RVd>s9=-hLc*+Qh-5(^DD^(y4hUIE3B~Cs9<WA$j`dvn}
za?XZ)05!IK-z!|D&3znmL$2X<ObzwS4}3MY(#$drTFhqby(D~o{IA|ot)-j`?)n3B
z=b!4Ev`H@p(>nny?grF_xvX#=los8e;PtFDM^%gqb$?qsdPJctk49PldXz8NR%3Ip
z>GN0=mx8b|-Tem7K1{QpkCas7y32|WWL!58W{Rgb!7Gg|whPST^%QZab8OGhwiHbK
zRH|e8<v5g;S|7yE-H$*CO^qq7AD5bB8{4ab1=+VLi=l``W#ct-Cq&%$;(gN^P9-c*
zDAp()SbwL`ScNT4vuR_tm8Qtd2P6kqjG&a5Kf*MCRI|UAGLGeiDcVDO9`MW)WGLu$
zVb!D1c!bs0kT9egWAIEqvUssx9~b;E0X(@C4vDEowyrX=Ssr*G!Av3wXw79ESF^;5
zc7RAX-DDnM@q+!$X<a`9M@LBLV_m29_sZxcB!5~u)!ojqiB?&Xx$g`|k6=6PAbsI-
zaNW-;c$h=^CN)Fm=s<Kw;rUj)W}%mx;@I{Fufc>?ZWl(hAn-N1BNv<n+mQ$yfdnRN
z#*9}0ZrwVX#m4w*?ED;>!to0@XUwY6_!vT6+jV7?Gh@5rz}A3I@_CU~%0VxJ!090c
z5P$Y%l2T|0AzrBZ^%<eJbpxYycPhA;PS*f@c=3FO9UX@yaP~1899nV`9!V?h2Z9z#
z>40#Ff!GH2?3{?~2`wO*IjuxERE;#d<X+u_S}OG>;kH8B5R-0PB>|*I+w}FckSCN@
zt@@Pqh}!oPh}EN%ZAvLwV#Oq4#=}f$w0}9N<lsgPL&y>=a;qFQeE~FcP%U##0O^tc
zkwZL9EFtT|IMw^}lwsfiUK=16+B*7XtO0%Zu(Iv2KRkTDBGLLp&eYT?<{^Ex6g&8X
z#w!k4AZQU(5AHvSU+U%;rB>1vNH;#^_5?aoa)Oyru{xN5vj!O&!nD?{ZT?I%sej45
zodpsX40c^M8JvN0)2+h^9c9-Q-OM+8Pbe?_sTOe2Ao?*y?F&FApPuSgUMsz|LJa{8
zn^i2MwR;+8=t@w0kL3Zyi)E(wVW%uY^8Cv6gFHan#6~Qx8sL{FS_%vZV`V-_mc7%2
zpExuqP*pCnvFbVQgv<MwKdQb%rhg2BWVxmvV)^g#1_QPxk2m>vT8p>dTG4z|&s-*Q
z-xicCIbKWg_`!lZbOe#VZjx~9TXT&3p2ejd?+C$eCb2d2^_)mZHQyI%?}YEd7{!^W
zEMPBXZ$W<ObX(Jd*-GL~nJSjvRcWE>^a6r)v5UJK74C%c1n)+LP-jap1b+=AN&gEW
zoccm5qE=*Z$!3(gg9-ix<Pk)thryfF@qkgbQ6!smK$sJvVZRLlJ6)UygIX9xW_JDk
zNnk4TaZ=}A)y7cWd=8jhZ(RH;6QEk^0e+hmG3rR=ceK?-ON@y(P4KUPIpb2~C(9L&
z$cP(WS6H-21fFETA3CP*8-H9b>MU^=%j!4G8pHAY4+O`Se#)#EAEu;lV2C73J9?T~
zH8@)8d3hDfTcS=!P`*G}7F)e2=Z@zHvJ&HVEEpxVHiLFlx>-~)435yR7_qGJ9y@%*
zWEXR15{enm49Bh^v<WD~yT@&ZAHL7%cMgjXm3B%qK8t`?&^vC>9e=3XJ)A2OpTd<6
zR|IGTr$`V7Qc89%kWn(K{EEN1t00YE)e!ahxF$Yx`s$)?N?!RyQH(l><{~V{xOPJc
zI;FE6y(Vm}25XsXYCv-Hdkk%7NFacs&_TQYYJIzOA#D0*QGN;ZoI*?~zBQyP4G)39
z{jN<lV%$<KJEPHnw|~6WIlBF+-ifTA3sJapYQolfD9?6|;V{Cm?TDKS#bwsFKXV()
z-@Xg$+U+P*=q-7l;l&z7*8wO)@v2z}-PP%h9L|Tleuu>aEQ-~aVvijn`TiX1zF$$%
zKS+vfdb>3dWlrouEn$lSbF^H*+`n}<Lj|0<S&qnsP$`o4B{P)1K$2_h&=Y7TbIlkx
zNUV%JkndhRgEOtlHw`u9)c<0<wkFicON{!~5uCb9=9aKy-jj_7NeeeHFfunbF*Y+c
zF_Ym3JAcjC<g~A(t9Xp13XC0XeK4XaX_W#40K-s#f&{qbMB1z@CP8bCK(D7#AqHl?
zs=$Mqjy2b{#7LEXs&81pT%347SM?8#GkSe{U#Lm2g3neAs%kc6!l))ZO&eo?&bxPG
zl&<&ahN0ErvHFP3)c(l8<O#T|NI^nlVhK4a=zr{oWif`Eq_R&!?dAplkb^^KO53o3
z89ea2U;mB69=QlKy|0@8!<N-CgAZ1>W4aUQTpNa6VEwgCY!kG#F$2jejnP9cy`nYg
zrNSe0JgK4%4dENDLX>&|oD2fXj-4Z+q)s40+0->ZiGbkaE85e8&f(G(saTr4ImnRx
zsDBBC%-Pk7q=}#+XY$UJGfx*Q%u*DU+Df+iM36U@ACd%9Zu%n{HhVIinky<nSRJvG
z>n2~q9|<QUVdaf!it$F+4R(&ps5I{K<)63DmLBO7UNmfp*S3$tJkR9*+E_n~kblx}
z{OHj!`?cFP=AVml0QH`XHlKU;9<`&$nSaX($6a9P;&SbXb&Nc@5TKYwCw?2~gnT~z
zOiNq7S^C%5_>p2aVy0_OT>Ees;1Uq=oD-1P>S}<ZPsA4)ZEbFvP6InqdxJV2s53#)
z3b(Vl#{-R|h6kJyndOiRmmDvK!i`0)=n+yaVOuk2k6*Q28T6A>)Qu)>y~SQGnSTh}
zCA+GsBaNfP%2_mX-oD);XF-*JnCp%{^>hUdxxB$*SLn`RaHCHw5M^dyK!Rc@PC_$e
zfJNTQWR}>F6!HhmFVL1q31DCNnWJ=6{Vc0rhH`I1V&8hf{(o0B69^)$+(Y%oNFU<s
zJNi=~?@r=VeQ<7y-CDT*`CoDCkbge-c_aG7#L_-TzD0D;DP;Qhv@ThUpX$+Cho(-E
zpq(4#+_8T9RB}oouL8)7_;5_J4IRgYk%)Iq=ry216bsWxhS%P4hCtBlXFFQ^#ytSm
zz?QQ=d!)<d;D3>|K*5jjl+EA6aGY;cjs;_>${vrR#>DT<!lr*CO~JzLG=Kl_8S`_F
zTrsfCEGc<IgKwmE^6{~j1I*X70Ev7&jHy?_D7ekvBC!8F?$Vh*9CA{_RhY370z)-?
zE`pX~2tL^lo@a}YpC4CJ!NA(QqTSFlIzKxMzU{n?J<!+%m@DH~WDe{npn%wAH)LjL
z%aa~odFTYaDoqeFGUTWW!+!|M!MJJIF2WfFWjKaR)m`XY1D#5Hm&4E%wlXG`a6#@0
zphh`E^WDJyD>8wNh@&-xp+Si#m=X963HX;DOv~vCOCi)@0k`9&ti}8I32};>^749B
zJCLnD(zq?-Ms~yXASSN@BuFI=HlRa>o6_svaK={d&r$iu_zpOh9)Dpm^MXVrqP$eb
zs>0;ihOnJ+I*Kbka~E)W_?Ctk-u-Pb42X~{c4nhheZfPTB!751l+xbM7FSy(ByIgK
zyxpE(vCN!BQwLCDodRixvUC!aGNkTIy0KkP*@{~2#bYM-b0DwJb}8vkQ*OES*P>cC
zw7hg`s!V+!4ziOVfq(Wk+AxUDa0{rXT_RfX>|#kA<k^cTUTcE+t7j1_qMXu;twyyP
z%C9%!^PN6&vWiXC_HacI&ID2YM?7&Uxd`lOpuAl+8C=s&!j@AV{hEj9UJDq@^G0A)
z6gc-XFg`FLFbM_)D-Ht!8U+9Z6bsSlhK5=K1)wH}N2H$39Up%uVN?VZ8XVy^mmc}H
U5Ey->6sLlOywjQz0s{etpbW|c)&Kwi
diff --git a/credentials/idp-encryption.crt b/credentials/idp-encryption.crt
index 23bbeb8..f834a3c 100644
--- a/credentials/idp-encryption.crt
+++ b/credentials/idp-encryption.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJzCCAo+gAwIBAgIUe0fsxBFnYrItqaF1zUSc7oTFFhswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NloX
-DTM5MTAwMjE0NDY1NlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlBwK5LM+22M0RLLhaVoTlgGJlF75
-0hfDGl45GqSVh7gB4X93icnoh2mUoGq/wgqx+YwCJ04hEJF0BXGRzmP5qQdSPw/z
-VV2e90emvoFvRD0OWrRDo4kn9GO2a4t8nAdLNe8dclsEpxyKktvmppMbna0jNGau
-h8OMsSNlTKH8C6qzIUtxOGnN75Qw1JAQ0N6U0Jl9w7x1LoR2tiyiTDKMAyx8v7xu
-eurxduh/Y1g/2fxi3UGA0i0znwTjEM0eZ/3JQMtuCKW6mTNTF/klBWiEhP6Vm3Yk
-WgbYDMgahiaEo2dzxmKgFfFysoSxkfV93zSh31+zKovj5NpNEU9LrlFDD8iRYPlK
-ZKjdleWOsGFbtyfvSV8Xq1bJvn9LScH02gCDbjkYFOlGgs32nGIqe4tr7ekT8A60
-S9dtIV54834ZdntBRzPkaLRaHb6FWY74U5+o1U1spd2JhWvFMlrkHCghcIWKmG87
-pzmZBFcyxSBIK0E6dhjm3EGXMmWdn80Sr1lxAgMBAAGjZTBjMB0GA1UdDgQWBBQ8
-+tUYkLiwLXUxRdIcfwUUs3s+dTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQBXnSl1RPlziZEpGUc3FGoQCpsu6FovK7jlieATyKWD3NY7lha6
-iOqiyxpNnrekh3Sf3XvmwvoxBHULQNS06GMMej8WtFBSaomNIkuztzMUAEmil2UF
-rP1xT0Gx+lT/Don9e60dGMMl2FWYIHobkQj4yhjSW6yN/emQRkwOhkj1DRGkZ1Zz
-wIRtH7/VT1YXH6n4P6lWNMgV+GInhT7ogitN5Vf6tCfMaZtowu3bb2I1gDlgYY/v
-0TrokTQteO7vcf+EpTODPRBiFV/Wwub5r8BDN4O3qGt52f2lhlEqdupFArooNVyF
-tU+zmj0gaclvvBBAaN2oh0Tj+j7HBh1YWB8p93vm62dKqY/9L9xSNAni6EI5o7dm
-58OUngvQopb7U7MDDuH2gM0XiH/R2BNp4c7/jqBP2Of5Bg68yKCZHB7D5XOJbQLf
-gjm4h9tRHtDijVkHcuIEICBwrie+JSEL225UnTfsesPiArDvo5BhQeNc3q1CPJgF
-2QOuaDoiGwFbc5s=
+MIIEKDCCApCgAwIBAgIVAJ9U0+AO1v0VbDiaql+oeEssbFCYMA0GCSqGSIb3DQEB
+CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMDAyMDYxNzE5NTRa
+Fw00MDAyMDYxNzE5NTRaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJyOGdr38pJc2pEZe+YcJSoo3ym2
+oP/5M2jW2mT2oJO13qrcTcBZi+x8/g+3wJmmJxX7BACnSquY2FZ0eDJl0rADInTO
+MihxesnjSVo9t8f63hTJ5SEpqM70NnanOcEbJuNQCr3ZRxXjD2Xnoiql1wY7EcDY
+S2B4LWNU41ruqZcZAitTHA9jIA2+jmIGjqKSh1mBmFqN4fVUQICW4NExfedIyo+L
+H4wijFi3W4wFdqYONYmXlxpG03fRokOplsFjwDoxLKR5h5lNnyd/vjQ6Prx+vedu
+FfdAt1TGAPJ6DXUtoPVpyajP6WZK96jXM7uaHlQ/uLMQQwJN7nzfvKobCLylHRre
+Y2aov0JOEAqMd5X9L7xPcB+DjKkhaUBowS+qb50SNK87eejpZQS8BEhQ9Xi/jHnJ
+T8tn9vL39NDwvCYu6vdpiY5kexKZ6WvVK3NltkUzaKMuvfULmHy2pg1ro30Wwb4+
+rOfwvLkE4UZdg07JyP94obkRVxh9uBliAqvDtQIDAQABo2UwYzAdBgNVHQ4EFgQU
+zOMLGuvLojqNEvGDS8IddKPwM/cwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
+hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
+9w0BAQsFAAOCAYEAC+KIjwmRVTPwbzvwkYum1ZCjBL99Z4T+rvFtYM9HWWZQqKo/
+YmQIF/bYtf6IzU2ayQXd77Wrm4gfJYXvIdLqpj3oE1+kBeZ+XJ1/sn9Rp7qw4int
+pyPZ9W+j+/IAD2OVs6ykbU32QnIrKYAotgIygwKTpzpkg+peuzQ1l/duCCT4m7Re
+e9RHjKfrp+pRwBG8ppTE2EupCkJV+wIokZCn1kepDJ+E1CodofVAIUuXkX9yAwz5
+eqfLj2VNIpHLHNi8U/LSutwOYTuulBdPWvjYQ8wZZoE4JId4K5u6wvMwbhpDad0e
+kar1XJR8zFBi63smQ3CJ/7jUCbanESVAs3U9S5o12Bl9sfQsAxz4icLhhHgEGAV1
+UhpcGn83CI/hWp/swjEVstIxlrQOpr9nd3G3zLSrTS6TRiBMMfVV/wkwnhBFfUaM
+cWp5+Rt6wo05o8+njQ2QETsFt8kP5SImFg5YNatqiXPrtlY6PBULB8yOil8mX4Bi
+OK0/vM0ibCFaRAzB
-----END CERTIFICATE-----
diff --git a/credentials/idp-encryption.key b/credentials/idp-encryption.key
index 3e9f81c..9fec9ff 100644
--- a/credentials/idp-encryption.key
+++ b/credentials/idp-encryption.key
@@ -1,39 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG4wIBAAKCAYEAlBwK5LM+22M0RLLhaVoTlgGJlF750hfDGl45GqSVh7gB4X93
-icnoh2mUoGq/wgqx+YwCJ04hEJF0BXGRzmP5qQdSPw/zVV2e90emvoFvRD0OWrRD
-o4kn9GO2a4t8nAdLNe8dclsEpxyKktvmppMbna0jNGauh8OMsSNlTKH8C6qzIUtx
-OGnN75Qw1JAQ0N6U0Jl9w7x1LoR2tiyiTDKMAyx8v7xueurxduh/Y1g/2fxi3UGA
-0i0znwTjEM0eZ/3JQMtuCKW6mTNTF/klBWiEhP6Vm3YkWgbYDMgahiaEo2dzxmKg
-FfFysoSxkfV93zSh31+zKovj5NpNEU9LrlFDD8iRYPlKZKjdleWOsGFbtyfvSV8X
-q1bJvn9LScH02gCDbjkYFOlGgs32nGIqe4tr7ekT8A60S9dtIV54834ZdntBRzPk
-aLRaHb6FWY74U5+o1U1spd2JhWvFMlrkHCghcIWKmG87pzmZBFcyxSBIK0E6dhjm
-3EGXMmWdn80Sr1lxAgMBAAECggGAOEnMDgzdR62VMMK3Dj3wkaL18ZCC60iimoPS
-ugBw38qb1GKIQLKej9AdbzYCuLEt4IRIUT3NLSnKaUM3QbQXLxkcNeFO/lN9VcdC
-ZMZ2Tf3SVcCKsD0xFR1MN+UkL3xKJi5BB7P1ubkMJTIzn3zrEuq5JXIcxHYaIzwr
-hItPafOu7mlolyMG5BVy1WYHLgpZjkm3VUtrUYmAQE4IRGM1eQNQSeJILqjZqfJE
-b7IbWjIkNKhvV/Fb3ASUc08xTh5R5daoC3JrdtcCUb77Og4Gn7UBht7miyBx78EW
-8kuy11kbZB7IO3h1DJkfsW7pwHkkrXFL7mmg8qS4sAMcIATom2oysgriYAGxaBZp
-Ub2lZlTj/pPoUuqG5bixedQozirV/m0bIPzFUP+2JDlqZJSkBV2f8VkTwKi4udk/
-fYiWM4POqaWD19DMcwZ3mMRYdmMXN1hYam3VRwFHt8xsToO31l1lI6/ndWNet1BG
-izrergy8vh3X9I2iL/MtfUXurKx9AoHBAPDDPf4U7mjU2SxlUtGXBjZQU/CIa7YE
-y1jXMuRKIpzCcOpIEqIIVD0Mbl7a7pGxuXIRjrvxgLVtTCN2c3jZlHkUxWfJ867g
-gaCYwqNz7PZBr5ChQl+UsEzrM2tE+Vd512HQW8Zu1XfoXdoEPkQTAQEy/21jERAu
-sVIzclkwUoAYVBn8Yi8V6TZvJiKobU2t+5N0ngiyOYa6FTsHG36yrzryEUdQjj5q
-QfPtZtCVe8k6gH8GzqL92h6HmKWbtGQgYwKBwQCde6oycL2fPEoJVG99aGwbenOp
-jAMYjZN1cvf7IYiRoJ1hY90TXs9I+Th0ASuuoaiqQWS5s0xVfU/ROWg8hz9AY0Fh
-EkR/iI7WdPXR1pfLc8Gc+IM8fx44cixL/wwIrmfz1TTUA58+36Topcgj3pO/7sBK
-dWX6O7f9e2iL2hFLKUYmkKLylFW1iy9TZHWYiW3A+P2eXoLqOXH067SFkmgVmRyI
-zo6aP/+ui0Ob+GqrJtE0qYCoIT9bx8M2aJ/qBRsCgcBv14K4wShu8lFgWkE6s5lj
-KbWUiwreJyP/RRiTDA1AHOMvMgPV2WCoa1nqHnGspI6s+pL/o5RSs08nOiMyBIEA
-LjH1oM7ecdRFsjDYlUWCr8jKut6GYB/121yrfAMIK8Vt3siDSYFIjlzqpgX2wY05
-7WLSga6vgcFFmjiITfZFIwgOejtx/A+2BbQFbZA5AZVYTlgLWh93AoJSRV70YDUe
-gMyeAEHTpLC2i5WzV32FYPPIDnV3Kc1lWUADzmziBlkCgcEAk3tfrbM1ce2lLE2d
-x6VGMQmhTfPoZlMX+JL9t3r1CeSP3sgGHwDYQO/ctY7vGLEeYquxJ9PJNfqQCFGp
-052ZV7RcYwsXiRQbKK4KFETSjV9Pv7BgPwSRCa2q3FTzMSIcChbuTWtC9D+/kXzI
-DQeB+OofvNtq8EiDC2lKREapkWkK4EztvR27krPRU1iuZHa3iVPlOC4sjivUE9m1
-iq3MugVU2q4OkFhFG3Iik+u2AajtnVLsQQg57LsMj2S19hRnAoHAdzabeYxnCZDX
-AHPwMTZyBltOApLU3yy1TqPSunDHHl+AN/56Ct5Ug2d1pLYgGvk5oIrz1j8txEki
-aGfjhIs26lfjOJ2y4HIbLdeNDvfWLHi7OreqNkN2Yq9UULvDSW5ASngom760o2Hn
-e/VPvoWQgvIFCrhw7jBC0GJFHVFwBpjs4kjUgmr8jbxkWgk3LC/SugclDZUnE4X2
-ecB5GgbcER+qYbt7WuDYf3690QTp3n+h7BXs9UTeJXIV9BzY1JqN
+MIIG5AIBAAKCAYEAnI4Z2vfyklzakRl75hwlKijfKbag//kzaNbaZPagk7XeqtxN
+wFmL7Hz+D7fAmaYnFfsEAKdKq5jYVnR4MmXSsAMidM4yKHF6yeNJWj23x/reFMnl
+ISmozvQ2dqc5wRsm41AKvdlHFeMPZeeiKqXXBjsRwNhLYHgtY1TjWu6plxkCK1Mc
+D2MgDb6OYgaOopKHWYGYWo3h9VRAgJbg0TF950jKj4sfjCKMWLdbjAV2pg41iZeX
+GkbTd9GiQ6mWwWPAOjEspHmHmU2fJ3++NDo+vH69524V90C3VMYA8noNdS2g9WnJ
+qM/pZkr3qNczu5oeVD+4sxBDAk3ufN+8qhsIvKUdGt5jZqi/Qk4QCox3lf0vvE9w
+H4OMqSFpQGjBL6pvnRI0rzt56OllBLwESFD1eL+MeclPy2f28vf00PC8Ji7q92mJ
+jmR7Epnpa9Urc2W2RTNooy699QuYfLamDWujfRbBvj6s5/C8uQThRl2DTsnI/3ih
+uRFXGH24GWICq8O1AgMBAAECggGAPFWDX2EZKhEA5tSkbD1CkWno/2Fz0NKQXoIW
+7rwhjGuV4dE/Ybbg9wYAv7v4TP68p3rywvG2FEW2cjM2s22McerzV4Kzz+RUBwRC
+G7YXYsmq1uYsGMi+VuvFJZsy5dn59ba+PQZEoAm+wG4xkDATm0IeiGyTOB14mIR5
+jmzWDPZFYL8J3GA+VS2wH9UZGUxRP0xzk8qEX5DVvvjmsZhaRk1GS2W5hb82yWX4
+sRDV9g8Z0OoMAMN08gNnfp4YDHXNX70NKxsmxaGkJOz/7VB3pF43iv+hp0Vmcc5t
+3MjbBHnnPY9g229g9fMEbbDzu4wvLA3XvG2ExF+cDEumX1KdtjoeFJXke7mi3tIp
+2xlSaDpDIc4dQDvIWnxpkkRXGh+QDWlaZJTPW7Ju6IATa9w9FYsDO90g1G1ezqMW
+emZkzzTi3UnBhZUmtNF14tIT+1PjGPjnTq+9EukDHTetNBcnX1ozv7huzeo76utq
+69oiorLK2YAAayC7k+/HX4iDNvvNAoHBANW0HaQ50Nr7Xq0kbVdV5p+zO9pxhIc9
+gBQGuzMGXU1jbT0j5rIglGfZMLWaqyMEw6ek9kF1azyY6ozjDb5a4+OHCd5JLeh3
+BmAufbosrYT0/yF5mDXb4zGuS2ZD2tlWBhed1MgK5KSTIF2tfMusA2n4DBNkVOsV
+J1Jf4Sd09fYNbEVB/MDYvVHgvXIaovmkQz9rlOWdy0XigxGlIiEledE1YaTSOUVU
+J9sshdt+JnULPG+qqWkEQTdcatlGTccN6wKBwQC7imX0Vgi78gEp+nMRaWW3ZdYv
+lA0dmQk5YTSV9XLcYVmaTic1uinFgwjbKPoxbAsi29qTClCAPhulY/2ixdw01o3F
+ei+rMiwaPBtrFyF43dQlNPJ0cbQBTyJI44pUcA+WKhdfN0X4KyTyzUFmAR8AiZq+
+gu80ToVu454nGQoH73GO4sAGnR8GxSpZ1jIatBNsUHmlwblRsoZhIzAaKlXWjnF2
+dVXiEk+BdsqdWSZKjS6hWeVEJnAm+OhOBp3W7N8CgcEAm+pgofwItGwnxD1KhSjI
+LYYwSgz+e0lUk8fhdrXTBu5euffijd2VSTs9/ZGOAOut8Dc778BCcCDFJ+tUkKhx
+kgRpH8PWeb+1aCEjW9zS8KlrJzo24jy+wvV+T2t8VYscwMhHgXfpH2W0fIRiA5tJ
+llwCO3e9ORLi8IfBlu8PsOhUMSeWyACaCA3nSkPC2k6NPc05Alog/6jmpc4MW5Cj
+Ew9WYVF7tWhT9+XA98ZPOp/rBTHHjjYrer+zuThA8NTnAoHATzEf4E88HPESIMHL
+OT0CYLE2Ap1H9Imc5YfwhqpAuGK7TXdXA077OJYedT0WeSwgf7XK1HB0kdKoJezV
+O5jFZeJ7tznjSy1Chkl/YndAASPa42M6RoWE91CNL641yXYQft6DRAe5GhRN4+Fc
+jlBG4Rk6KNxtWe8WVT70l5nxLGylzSpe3+wVH+y993WFbtU/pmtNEvt838y9BeOv
++jyKRrGbo+PkQjRtMkQRRuRQUQbQ+/1T3LVGgo50ug39NLaNAoHBAK5d0JIkk5/j
+QqJaFwIp2hnPHHIRb8BCtrIBzjzEU3jZ4AlVgMeRhdkObyZqSr0MQ5jiCKQR/mVr
+u7biW26CSbcF3+mj6aFYzeSXr2QIKQRnZtdBOcyTDnRLlWSe8Z4e4C888YuFF0gf
+Nnh0XrKdEUMuc6QeHtm//5X14nGj5noqm9lRYmQ/hk114Vxn5CEphCZOlxZwYVX4
+WcZ+73VyJ/E5W9zXEIqcNbtzvHfSOeOXKl1Rsgh6QHpsO0GrMbFD5A==
-----END RSA PRIVATE KEY-----
diff --git a/credentials/idp-signing.crt b/credentials/idp-signing.crt
index 0468315..034f9db 100644
--- a/credentials/idp-signing.crt
+++ b/credentials/idp-signing.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJzCCAo+gAwIBAgIUOCYqGG6JElEG1wHKL7CvULRTvEswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NVoX
-DTM5MTAwMjE0NDY1NVowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwkiDw0dpZmup6VpfVXkib8fiv7KF
-T1Z3z6tq7c/ki/CH2x8BYtLPNgIvQa8KhggHUKG+rRU9yBwWg4Yvdsi05h5pJwcE
-xE1hwE7oVWiY+DtMggv4zVbDm0TnbvJvXN9eYXNn/e9RL3hD3umPIzDSli3wwiNg
-GvMesn/4Npq6ERi80CPIkUENkL3N7XTDX+Fy/mhXCxc73Dv3Meo0qk0pii005nV1
-vHCP9jsUgPfDCBScUuikfQ8V9SPLgOSf1x3vc5RqSPWaHgLesqoXpFFTthlVjB8j
-cUzqjQllhOS6LKWJE7VIfV6MdpfkRZBWhsaeuT7I48kRmFuALLnIopkclqu3HtON
-0Fgd1oPPBHa04bLcPqbneqGL+2RzZOdnuarTtY+JOuCRnE1qCWUeRoH2yeMMdKPy
-amX6HZJ35Vsk3uJxJX/IyipduZ+nHPC5qi52Elu+oyBrJwTbVAhhlXwPehC6nU/c
-1LUnbo3M4SGOYWuPmI1ko5KF91MVUU7ttmkFAgMBAAGjZTBjMB0GA1UdDgQWBBQ1
-CuX1jKcG8rdC0xBBveSJAYoFfzBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
+MIIEJzCCAo+gAwIBAgIUFmFRSFCknM+R2MDTUOUxy4Ly2a0wDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIwMDIwNjE3MTk1NFoX
+DTQwMDIwNjE3MTk1NFowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
+BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApypXQpLV3wqhAtxqO99neORxrWkM
+pmTF3w6/R8dvbxNIUAmO73l5lssAKcBUumzsxJiyuXNfBqpUColP94EByCUSNxmt
+iYiqv2t57dIX+0xVnQCp+IV6FjNG7IqZtODIicSeJ515uBKC2iVURtIUPG8Bx1h7
+IucPXgAfO5+fde+82nCH4/QTNTHED6JnsuATQMhLicTmQRCMTXLBirIC1iGDqc6h
+fqBPMKUKyVJ9cpB1z4DMZ3dK+E7OUeO2ewvA0y43s2Bd2OV6paJ6ZHLcLWMIEYue
+gpxfh2pGGDZeryxyfG72BNbJ2mf3sMz1EtBgXFsHjCnGiSJ/BRLRJ0bs+Fr2Wsd+
+DmhMkJ0QyfFsbuyfMhPXA3j95l25NHHH+OqZB5UUssvqfUZ8X0hs1Mt01en1Gfp+
+uS+FSnytcO+/7jIL4DRFhrHOEXZHqnGpcRgwti6WmBcQgW9nWFCAPhEaSSARUxxr
+tinfyg7zD8I9Jg9iwRZU6W/y7oMH5aifaZ+rAgMBAAGjZTBjMB0GA1UdDgQWBBQN
+5NoPrBmezuYsRGNOlMrQiVMNvTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQA89rYZmayIfst0cGyt+zdeHpnvyo+zVfAk7OztXF5OXsakX9TV
-Iq8ur1lq4Q4KC/Ev+9p1za1gP7Ea9ugFJinuVa6ntpzGP0vh42pmphLNaRFvnPch
-pwgGCvcF2leYG6zZl/Qln0Kbv+pyByens7xPdKKA8U5ySVkouLuw7017XSIulPtW
-u5tPz51awJubHCK+FckcVH0yZZg44s4HmjzLpJCdslMIxmhtX7DW3vtqH1pL9Mir
-3qykySFUJGthV3ndHesG08y3Tni5HZaRqHHafGRBiezO8JCwVvWrdC29SdAwY2i0
-HhKB7zCDOpYrh3o8TTx3ZJd+6Uel/e0bCefs9uhMj7O5ErNySHyTtNRrFxTl2c98
-RDweMp6NLfm+P3+EqJycmpR9CKudcL6RUikN9hDvy6qqG2t5fW7pvU/+mzRm/3Cf
-gMxKHQM+OAry1E6pQSYh8qkPZYDezwiz4gINxn7SFAxFJQcTlaSVmFHLOQV7TetI
-g4sTktRrBmgU/vk=
+DQEBCwUAA4IBgQA9G+WW5ASr86DGtUZEwzp0ZQZ4EBj3/tAHG8VuORxbA8hMOFo0
+Iz/NfzFpurGJtd3S7o0DepEwQjMZoYja2bYSJkpHscm9sEcrIKyiu01kOsjCwncv
+xJ+cdILWS4JUZtk2vmnRjS/ufHLBPTcEYGrix0DoG3qPgqNXljRptrvrLfeDIvid
+AalmxNqWyKDNDgWua9iB9piEF3ZRe1Jc/Od5ByG1sjT8z+NbZuR7QHEwgziBl1ff
+4hpE84JvUhxDu8xhuwTJBkTh9Oh4+wKquRNwa95dhrQrYDF48oA90dboRaO4X4z8
+TxDy8v0QMbGFUIVqhDkVGPbzbir8Ni4vScjSRIzpkAX9FhfqoHaD8rl5f5DTpDPq
+dK6Kg9675akm5DKQ1SGq/3rl6ucDEtN1ma5UqBVZkXGKmo61PcnWMeTRioAprcnJ
+rYw6Kjf/0EqShDEbkSuiVR63dTr9bdFS9nt74uyuEpSBfT4ryRZxCOOlt/orIxUt
+Ae3vkDmc/eCooWg=
-----END CERTIFICATE-----
diff --git a/credentials/idp-signing.key b/credentials/idp-signing.key
index 9fe1261..191cf78 100644
--- a/credentials/idp-signing.key
+++ b/credentials/idp-signing.key
@@ -1,39 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG4wIBAAKCAYEAwkiDw0dpZmup6VpfVXkib8fiv7KFT1Z3z6tq7c/ki/CH2x8B
-YtLPNgIvQa8KhggHUKG+rRU9yBwWg4Yvdsi05h5pJwcExE1hwE7oVWiY+DtMggv4
-zVbDm0TnbvJvXN9eYXNn/e9RL3hD3umPIzDSli3wwiNgGvMesn/4Npq6ERi80CPI
-kUENkL3N7XTDX+Fy/mhXCxc73Dv3Meo0qk0pii005nV1vHCP9jsUgPfDCBScUuik
-fQ8V9SPLgOSf1x3vc5RqSPWaHgLesqoXpFFTthlVjB8jcUzqjQllhOS6LKWJE7VI
-fV6MdpfkRZBWhsaeuT7I48kRmFuALLnIopkclqu3HtON0Fgd1oPPBHa04bLcPqbn
-eqGL+2RzZOdnuarTtY+JOuCRnE1qCWUeRoH2yeMMdKPyamX6HZJ35Vsk3uJxJX/I
-yipduZ+nHPC5qi52Elu+oyBrJwTbVAhhlXwPehC6nU/c1LUnbo3M4SGOYWuPmI1k
-o5KF91MVUU7ttmkFAgMBAAECggGBAKiX0reX9a/qR9T3FnmOl8KWm38shKCXcXrl
-zvG1kSeav9n3avV96FB+ztFZ+3DZ8LcY1OVP5IANV8AkpnWWr9xtkWRLo+hRGj2O
-e/D5xpzKoJbNmsddvnqz7X2Kpfba4wT/58MldLcTzxnWZd7s1CF8lktx9UkNpprR
-j+yaklKZu+eG1dqur/3lp5ii1ZQTiP2aP8ahD9IKu3U2PyN1uFFu71P5pAS1TUgo
-dp9/4V/Wutz7gxn/CFflCwi73LUJBKfeJM4XaBccXkZhwNBQDvFUrBKZXIo6M7LZ
-XlOGS8d8E6EZgFFl4NhJpWk3ckKNIi7AlK5zhra6i5+JgpWrVYrWNk9tzsuL9b+0
-mia4is3XYo3l8nqnyZLNcvE+OKmci9Z/BMxDZ82tiFWSSjqrAnoDZR/oI9L6niOU
-0vk6UtFW1BqK8vUN0DrD6pOYKmsALwPx9JmnGnGS8vBOZZRKX2YjkOY7pFXGi+YH
-CZ5MTc8lyHJngyN8EgJ1T50kc4HjQQKBwQD1VhTmnRg6EwrtIGhXLSwY+dRL5WK+
-qaovpXcyMj6F2r+Dl/QBq+QD7uP3U5vI+kEa2JdBd9OOaxBXdXZK1/9zk+jfEUtT
-SvWCcKoB/Xrla4WHfGEtUxC7qitkfTy57PB5j1X5qDr87epZ15mRAz7r7F64XjwT
-pbuZT5wHAZnrphVs4TjBh2QjTP8ATj01J508XI6DC7KMxdYioApD1Kv5VV73fiNi
-cpS9NLtkaR646peZ77tYa+7pgcVcxmcj8lUCgcEAyrpafyiI9IyrFsZWAacvb3r+
-jRJh+fNF/u/VixDMwAFVwjy8CMIC4EbDfyHalsPHN8yr0NogCSZ5iao9/benx6gm
-4i/3mxhOY68h/N28etJU55cPoOIWGXcs4KJNEQNC7N78yU95sC4IXJyFwzI76VWx
-pCzPx8QYzYo1Uy/rALuMXJ6FFhZ/fPqwQKtxpNxO/jVGSHXA0Ibn1ED3vMBzD9vp
-fP0si69AjYfLaqk/dsq/rljIXxBmfYX3oYJHfyvxAoHAe8/PiHqraVOG5hi+z4/6
-ezhJjWvcI4CYZKdKukhlCURV9mFPQTCwR9PdtEm7ivfQt22rF90TJQKfIqQi6K6N
-OpTgpwKhUw23TPbytUJpLTLQFooMuMT84tiEQZh6dxI+YfqWVwIxkse2x1RpKafL
-r2CAhOb5xqiTPlHQ2jBSr3wHwAUBkZl0TeRjpJHXjeXKElZbjYLvvt9wq9S8mXLQ
-v2n4HUrJLLvKmJnuIER0vrmVfJhhocQGtE1LfwCZuKhpAoHAULbjgw8zgBJlp/qt
-kZjr5PnWUXqJMcgvDTKWFflJXATsDRq7Ts1X8c2a1oo3CqHGNqwxmETQTnRYHXx/
-k/3EOlTzrkikz8Zcp4m6AYCTI1+M2Gwnl8mMPPVbE9Dq2CQxSDf783bGH2QkhiL3
-iuD8Q4mP4arJy2KC8YreclF4wmDpoJKosEOi3LK+6/CWnantdX7mjcD8VMnxkWuQ
-d0E0TpMjIlV2n+LV08PGNKBQGU7eBF9q35abB80H6/D/4F0xAoHAea5EbTEhTd91
-c82Kus2Mo5NY1oN5V5gxjrp9MHqB9AQfo/Ihks/VLV+2TFDIncFgdQvdzWm1QTNj
-PPLMRcxkVDjqjjlE7ymPGVLHZIDRRuDosATqOD9j+JHSib008xJVdL5awm8yG32T
-zQz+o+rjD+b64KhWamVuKUaf0DXE9i9hIjeROlzw5c+TD4yo8RLRRxNekX8tfxZ7
-nIapUVjyooDHQ8UfdOqpBfWXprrNrwSVQOROCeQFmongU9ZIaYAo
+MIIG4wIBAAKCAYEApypXQpLV3wqhAtxqO99neORxrWkMpmTF3w6/R8dvbxNIUAmO
+73l5lssAKcBUumzsxJiyuXNfBqpUColP94EByCUSNxmtiYiqv2t57dIX+0xVnQCp
++IV6FjNG7IqZtODIicSeJ515uBKC2iVURtIUPG8Bx1h7IucPXgAfO5+fde+82nCH
+4/QTNTHED6JnsuATQMhLicTmQRCMTXLBirIC1iGDqc6hfqBPMKUKyVJ9cpB1z4DM
+Z3dK+E7OUeO2ewvA0y43s2Bd2OV6paJ6ZHLcLWMIEYuegpxfh2pGGDZeryxyfG72
+BNbJ2mf3sMz1EtBgXFsHjCnGiSJ/BRLRJ0bs+Fr2Wsd+DmhMkJ0QyfFsbuyfMhPX
+A3j95l25NHHH+OqZB5UUssvqfUZ8X0hs1Mt01en1Gfp+uS+FSnytcO+/7jIL4DRF
+hrHOEXZHqnGpcRgwti6WmBcQgW9nWFCAPhEaSSARUxxrtinfyg7zD8I9Jg9iwRZU
+6W/y7oMH5aifaZ+rAgMBAAECggGAIw0/ytfbPK+P33e0VuWbXsAYDhKO8n0C+Kiw
+9y4ccaALc6ztac2A71uVpyuLGKQqaXbTUwucC1u/z43HVNCaPQt47FDYEJS1qPmy
+UWnSWYFCGm+/NDtYxDrwTj0pycGwiyLNPuVIVo6bHX7iUw9N6vYj21b0SvdEQ6Om
+6OupliM06GDcPbI6LNdIkzaso9dUcisNm8/LsCz2Hm9Hoft9mMTiRMLtHg4jTMHu
+pxRC9bjQ2zfYpIFhGPv9SzKCWv61k1FC9VyYgV89xVtzdpxg9/h6hL8GGfzjgOSN
+inmxqmchFWgTlSJRJb18W146UXxLTFYPkGvoS4oj6dKHKcCbKIl1t0GmpGJiO8v6
+V4eeK1WM/M4L4ipX/4rBeyLtXfyIlJZpkVavyRAaObCglrpXgH5zqoe2i20Uy+bS
+YRjNkSuFBLmM3NZTM8+qfSMgQjYKpJBrmbyh0NmYNITDyfeXzpGPPc5PsfwB3DZL
+BE01YSHCQaCfpONV0uc0BG8HoF+xAoHBAM9VvjKStNnbaPGTs3HV5lUe1ubf/b25
+Cx7Mo9ZPkf5zifM8AxmZs7bQqhqyCKo02+esKd/+hGPYK+M3KCilWK0G9XNakmw7
+nxNJ0VI0mycTghoSFj1/m97epDD8HsKofQWWL1xG0JnlreE6Vv15+BCJ8tCnXElk
+QBDMkm8CrWfIznEViMKvnh18bH0XIVkZJCCXOAZno3RUBp7k5enyps4hvxcMQqTX
+FBEBADyByp/gjEUNQZtCUNPUpN7D0ZAERwKBwQDOZugvZyDkqlT679/75LCc4ym6
+wXuRFLTDE8VfYw1xZ/TIqkSabYRF0cJWTvqSb9YdGfKHLnyKELJdUEv0wxg0JGIP
+RB/xcMYdHvjpALUO/18lSei1wz5zMgNuAo+/aC0zO3l7By9tkgAfvTFjBMTP/pN/
+/m1N2+IjTY2AxIXzcfRw5doeJp/8RLO0uCKT8rzz3yAVnJTtTLAU8fyjkIoX0wfq
+qaK1rJcvWI2yIAnvOrwK8N8KnHZu8JPEZ+n9r30CgcBlqc5sL+F73YkUw26+x7p8
+THXlmTlrOPvJ61/+qt+UXATtfqSqfeJQJvrxwhBbnTWi4Jlb2woBhzLl49rOK11S
+4lGicWvQpF947r4zx9W4EGm/7NR47UR5wMPTvRw8KK+8+IpafeK1Q5jCEoArJA5N
+1cZ5J0cqOXzsf9Lhmfd7J0yKyJtZkxE9tg/gOmJAtQIw9NUk1tagKL9iVCykTTYb
+ZxKy83EOMOQG/m2mPaIkSM+e4EQmJBtL8z2weWYdbusCgcAhyjUOtZpr9PqujiCk
+Ez9an9HQEibRjIs/OHhickvcGgG37DAI/A7gg0OGb62T1Z0+7GWI/fJDhBI/NosI
+yfunZaFsEGIOW8EDOXPUaVo611HTP/NJ9mm94B0xoFe6JSrpLT5pBrcb///nMkjo
+hfpWdr3dAWERkwLFdsfIoeOwBCLZbLe1oeslGHY3CsIWaHHIlumgwB6dbqWQ+EC8
+4kfJOLIeF6FcjqG9jYi89YPK11m7jM1m5lB5Pwdh6wUik90CgcEAmhPeuvRrwg8L
+WWGG5d89i+tlqJ6ooeUJ8Dn8jFUe8i0XfLFys4min4KsDb6urDs25ZcJqpaQ/TXa
+j0zYdaog+fPY5hmO18PoDq6jcv6XczJnq/XkgPzYR1i5PAe6gjXdMPWua9VMgqCm
+aVqJxSCTdmd/RKhw8lUSqchT7p57B/5d22FHoky4fpJH7ihh53EVDHRYG/MSEqBl
+SV0LK7SZSqZA80+tFnDf7r4TLDWVpmkLl9fn32xIE7EKjyeXUcuk
-----END RSA PRIVATE KEY-----
diff --git a/credentials/inc-md-cert-mdq.pem b/credentials/inc-md-cert-mdq.pem
deleted file mode 100644
index 4b62170..0000000
--- a/credentials/inc-md-cert-mdq.pem
+++ /dev/null
@@ -1,29 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIEvjCCAyagAwIBAgIJANpi9/mkU/zoMA0GCSqGSIb3DQEBCwUAMHQxCzAJBgNV
-BAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYwFAYDVQQK
-DA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UEAwwQbWRx
-LmluY29tbW9uLm9yZzAeFw0xODExMTMxNDI5NDNaFw0zODExMTAxNDI5NDNaMHQx
-CzAJBgNVBAYTAlVTMQswCQYDVQQIDAJNSTESMBAGA1UEBwwJQW5uIEFyYm9yMRYw
-FAYDVQQKDA1JbnRlcm5ldDIuZWR1MREwDwYDVQQLDAhJbkNvbW1vbjEZMBcGA1UE
-AwwQbWRxLmluY29tbW9uLm9yZzCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoC
-ggGBAJ0+fUTzYVSP6ZOutOEhNdp3WPCPOYqnB4sQFz7IeGbFL1o0lZjx5Izm4Yho
-4wNDd0h486iSkHxNf5dDhCqgz7ZRSmbusOl98SYn70PrUQj/Nzs3w47dPg9Tpb/x
-y44PvNLS/rE56hPgCz/fbHoTTiJt5eosysa1ZebQ3LEyW3jGm+LGtLbdIfkynKVQ
-vpp1FVeCamzdeB3ZRICAvqTYQKE1JQDGlWrEsSW0VVEGNjfbzMzr/g4l8JRdMabQ
-Jig8tj3UIXnu7A2CKSMJSy3WZ3HX+85oHEbL+EV4PtpQz765c69tUIdNTJax9jQ2
-1c3wL0K27HE8jSRlrXImD50R3dXQBKH+iiynBWxRPdyMBa1YfK+zZEWPbLHshSTc
-9hkylQv3awmPR/+Plz5AtTpe5yss/Ifyp01wz1jt42R+6jDE+WbUjp5XDBCAjGEE
-0FPaYtxjZLkmNl367bdTN12OIn/ixPNH+Z/S/4skdBB9Gc4lb2fEBywJQY0OYNOd
-WOxmPwIDAQABo1MwUTAdBgNVHQ4EFgQUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swHwYD
-VR0jBBgwFoAUMHZuwMaYSJM5mlu3Wc4Ts5xq4/swDwYDVR0TAQH/BAUwAwEB/zAN
-BgkqhkiG9w0BAQsFAAOCAYEAMr4wfLrSoPTzfpXtvL+2vrKBJNnRfuJpOYTbPKUc
-DOP2QfzRlczi7suYJvd5rLiRonq8rjyPUyM8gvTfbTps+JhJ6S9mS6dTBxOV1qPZ
-3Ab+XKmq8LUtguGRabKgJgmJH0+inR/wVoal7EVHcWXfij9AT8DZOXW88shc6grh
-jUaFZBu/2+q8c8ee0e4ip8B+CVEnCwDKI0d+nTcSmPvAE34CNa33F+QGpXawv5yv
-VvIpSaLAeFQhc/jKcnNHfy+Zi7JmSnKZiMvQCbWANQmDjHg7pGmBW9nyQcm6P2/B
-0AVcEj1YTpAR8Mbh1pUdIhoB+chaNnFEIZsXeRsdbbAFpxodInlJ7WekfuvSQ6sU
-EXpoyBGOeuuTmR1va8k3QeL8Wc4yNu/g5LwjmtvPrh2jBF8xujc4J6VzP8K2BjA4
-xk4LnXgjHOT93dBAJhVYJkykDHwyvHUvsBHoP6lfjrt5P8zunK2mdP/AZKik+Rdt
-1GGlErV2AyWShTOaDLW6NxdP
------END CERTIFICATE-----
-
diff --git a/credentials/inc-md-cert.pem b/credentials/inc-md-cert.pem
deleted file mode 100644
index 3ab31d6..0000000
--- a/credentials/inc-md-cert.pem
+++ /dev/null
@@ -1,22 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDgTCCAmmgAwIBAgIJAJRJzvdpkmNaMA0GCSqGSIb3DQEBCwUAMFcxCzAJBgNV
-BAYTAlVTMRUwEwYDVQQKDAxJbkNvbW1vbiBMTEMxMTAvBgNVBAMMKEluQ29tbW9u
-IEZlZGVyYXRpb24gTWV0YWRhdGEgU2lnbmluZyBLZXkwHhcNMTMxMjE2MTkzNDU1
-WhcNMzcxMjE4MTkzNDU1WjBXMQswCQYDVQQGEwJVUzEVMBMGA1UECgwMSW5Db21t
-b24gTExDMTEwLwYDVQQDDChJbkNvbW1vbiBGZWRlcmF0aW9uIE1ldGFkYXRhIFNp
-Z25pbmcgS2V5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0Chdkrn+
-dG5Zj5L3UIw+xeWgNzm8ajw7/FyqRQ1SjD4Lfg2WCdlfjOrYGNnVZMCTfItoXTSp
-g4rXxHQsykeNiYRu2+02uMS+1pnBqWjzdPJE0od+q8EbdvE6ShimjyNn0yQfGyQK
-CNdYuc+75MIHsaIOAEtDZUST9Sd4oeU1zRjV2sGvUd+JFHveUAhRc0b+JEZfIEuq
-/LIU9qxm/+gFaawlmojZPyOWZ1JlswbrrJYYyn10qgnJvjh9gZWXKjmPxqvHKJcA
-TPhAh2gWGabWTXBJCckMe1hrHCl/vbDLCmz0/oYuoaSDzP6zE9YSA/xCplaHA0mo
-C1Vs2H5MOQGlewIDAQABo1AwTjAdBgNVHQ4EFgQU5ij9YLU5zQ6K75kPgVpyQ2N/
-lPswHwYDVR0jBBgwFoAU5ij9YLU5zQ6K75kPgVpyQ2N/lPswDAYDVR0TBAUwAwEB
-/zANBgkqhkiG9w0BAQsFAAOCAQEAaQkEx9xvaLUt0PNLvHMtxXQPedCPw5xQBd2V
-WOsWPYspRAOSNbU1VloY+xUkUKorYTogKUY1q+uh2gDIEazW0uZZaQvWPp8xdxWq
-Dh96n5US06lszEc+Lj3dqdxWkXRRqEbjhBFh/utXaeyeSOtaX65GwD5svDHnJBcl
-AGkzeRIXqxmYG+I2zMm/JYGzEnbwToyC7yF6Q8cQxOr37hEpqz+WN/x3qM2qyBLE
-CQFjmlJrvRLkSL15PCZiu+xFNFd/zx6btDun5DBlfDS9DG+SHCNH6Nq+NfP+ZQ8C
-GzP/3TaZPzMlKPDCjp0XOQfyQqFIXdwjPFTWjEusDBlm4qJAlQ==
------END CERTIFICATE-----
-
diff --git a/credentials/sealer.jks b/credentials/sealer.jks
index 47de93f3895c899bd5bb848384e079331fa59d6f..0274ab6272250f5fee11e95ab07036406c24bf2e 100644
GIT binary patch
delta 209
zcmV;?051Rb1NH-u90hP2gX?sWA?SbLLuEEvt-DJC0|N~}b#VZG00jU50Fda7tZk#z
zT=?M(2|V_kSE4pGn8?tf4y%~<ND=^Q;Aem-mACPm997&PoUX4ICWCg2s!1oK+(k>x
zXt40<_1SK725SroglXR^xj5k@z3b{YP$o4fev)q-Y6v*?b38t`aNZZE65l8<*a*`v
zE_V8%%KS(jqVG<O3aU+*gs@LGvkKxjG!fE5%M+|6L3|REumLg@;DgdE=EM1Z66qpi
LdMFic!m!VD@nBws
delta 209
zcmV;?051Rb1NH-u90hHR@Hu~xA?SZwIm_nHXJ~Q)0|N~}b#VZG00jU50Fb{Xc6OM~
z^oE4CFTZJbj|B-WzL?mz*Awx0#|wge6{j~fckdZ)juUC-U|?<NHhAvIw!`9LGVmdb
z#M5wy)7wNEUWq<P%bayS3QecF9Vq-oIdRGF$YHuA1=eexEC@a(jn3hh|Mw_DvgVdU
z$?KQ-%7z@VXf+Kg_3VNO(G@uiNxYXqee(`}$C9lBWzS!eumLg@6-T$x$`AmRLembF
LP#Rd$|1vu=8ERmN
diff --git a/credentials/sealer.kver b/credentials/sealer.kver
index d03abf1..81a9ede 100644
--- a/credentials/sealer.kver
+++ b/credentials/sealer.kver
@@ -1,2 +1,2 @@
-#Wed Oct 02 14:46:56 UTC 2019
+#Thu Feb 06 17:19:55 UTC 2020
CurrentVersion=1
diff --git a/credentials/secrets.properties b/credentials/secrets.properties
new file mode 100644
index 0000000..afd43f4
--- /dev/null
+++ b/credentials/secrets.properties
@@ -0,0 +1,13 @@
+# This is a reserved spot for most properties containing passwords or other secrets.
+# Created by install at 2020-02-06T17:19:55.442Z
+
+# Access to internal AES encryption key
+idp.sealer.storePassword = changeit
+idp.sealer.keyPassword = changeit
+
+# Default access to LDAP authn and attribute stores.
+idp.authn.LDAP.bindDNCredential = myServicePassword
+idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
+
+# Salt used to generate persistent/pairwise IDs, must be kept secret
+#idp.persistentId.salt = changethistosomethingrandom
diff --git a/edit-webapp/WEB-INF/lib/jstl-1.2.jar b/edit-webapp/WEB-INF/lib/jstl-1.2.jar
deleted file mode 100644
index 0fd275e94660402f80f01505d28b90a23f7e0209..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 414240
zcma%iW0Yl4lVw)gHY;u0wr%H2+s;bcwryLLHY;u0=2Z9hbx(KCO!wR$_rCSkj&)a@
zbz(={9dQ(-K|rB_{^e>CePH?5AOE~T0f7R^imC|GO3I1Re~kkHDf|-(3Do!(`YI=C
zbo&=N`U40E_3!iFp|XN<l47FDDs-}9$?=R<0}P14ZvI~b(NK%OZ6v|%B*%6XQUhd`
z9pmY10%&0*;ck0t4@@B)QsK3(d^|V2)br=W?+D+29zPmDyQ6ZN;W#m`YN+UgI-n0V
zYdAdZL4vTZy2^Y=9pt`paUaao#chLARd4Kw6O=tGV3Vd~UDEl>G)!#Ol>*DT4@ce{
zOyhw$+_Ck{I*`#)`Yb{V8(HCXKwcBm5KF;t)syy?Rg#YWDiK^3h^Fm23lwJG`tF5#
zWLcJBZUeqz_f1nfs=BZd=S{y!{Uh^Hs{XsNfzrUfy03g2%LOi%NBPH3@)>uybzSB@
zJIXAFCy@WVL=82i11e}hKrw><Wr<`Yg+=9*Md_T~ou{<5oz~kDe4lIkCe$=lBiLM-
z%;-FnOt^NjH1FmBOsnh~LDrM`5_kbkg`cgj<nJyZKLsNkvv|3i6QxMm=%ag{L&cn!
zdfU@y22~%lS+cjcL>iMZXKDsjyL4#xp3haIG8f#Dr&8iMa&>fNA@<l+F|*C~j2_-D
zE{sTO7S+r;21%I<VA@#58XIQaRMRnxN=;0I5;7t38%6lfiW18E;F6O&c*5=kQ;d`;
zG^vDB*}rr@w2s=UFLbq-wj(lm=Cr%xr#w?HA9=i7b$xlaH&3fd1X7QJdq#>?Xzp!Z
zNnlt}--Y%s(LEHglEXR!<Eqi7AJs-L7%=y?gT|V-*TzKVv}soL(2KWJ%4vkKCtq-k
zJ`~Y31{!zU_)-Ivt>@p|0-qwD&P->?FV#vFNGMf*ORat~%H9@Dgzg`6QJ+k%*%L?q
zrq67WIw|+j)5x!P&cCCDd2%Hwptn>`zN1t1CyXfqQ>0L`zBeLwED+$Du<xZ}dvGsE
z+d?2lN(}WsrG6}%_pXijbz#xEcJ@1|ZiJt3t$yQ9@hnNRsv&53NlfNZ3@}{t-Ws1a
zzK7q+cR0kq8KJ~8M=y_%(bPW<{zyF6C#lY^HisiY+R%mi{2*nD7d1$sTF<;B$nE{X
zao4+~v>#5gt->ua5&LmK0HyNvlVD6l1gC*N303Yncyc@+p(^{M!0nG*89gbazo9Y9
z7J(4g(9tjWbk=TVKIf)JP-P-USr@a#UMfThB+5)bRqP1N2180dlZ-d@bQsqLahG2^
zMd;a#-~6#1f-0HpH{fKLZ7D9eF=D;LZ1M{qP>$b@u59?>jO`dY>u<vOGRXmfHu2Xt
z32~CY!(rYqBSeZL{B}E&+JQrOJfIOJ#$6Lq?i%YwZ57JIv(-yzcRCvzpHsSJc)@76
zEJFYV2M$bt?4nP2x9MpzpT%aVJ1Zenj*A?YcJ$)v{WSM!MtZ$i&zCp41;T)*9WdJi
z{bQipjiVSYoyuQ6B%}u@bDsXcov2si$;%hHuZ7j(y?un2XW*FJQuxC^C>yzc@+WB<
z6*z2@4Jj@jsZuI+FOX8ZLyotlD9nwrk7H^>9pFDDkXH4duM}Zb;e%2L<?N5B2EZ)V
zDX3pk0ij)v(&jE>E;VpkEJqNtg*m^KjuS?Yv1=u~`heHt+ma3g6athuG}A4OnNt8L
zXy;CP;Z7UF-$Qvz_T&)K@fBVlCyw=R1rgC~MKY<tD?w^jByyfN5%3Ga&z*+rOMBSV
zpbyOfCE>K>zna^$*Ges3ymJynqrOQGCnt)PxkI{2Hc?Ut6<VaPDuJPtSmWas`^+?Y
zm9(#@CF^E#B_=`Xns;?1EemovLF`Cwz@#nd9Ww;i;?uj-O)#{=X$^uc=9xA^F_Ka&
z@dohmy-AnpCIh!n!gcj1v^82iVY2f)ZNuJP5o*7Ucaq@{*hw!0Ll_Wlu)&Spr~>0~
z#-C{ueyHC>O_cEY{H$g3hTCle-rXOcnu(eQ3blSJj@uG;b)-Cp*D}Qkl}?dkv=hVF
z0WZ(a24_7+P@-IB)FsKHL{P9RH&~IC^bK1Xv}`*otiL!63D^!TH00ld&LykOaR!b?
ze-$h_-2Ky{5OF8=B<16ui}hI+hpcg?KTV-h4fEKzv+>0P#7RdfFji+=;M(wVoR>%x
zlLlxlADs>czAReX5s!HW@kn1SMdsfT97hwLPuP!34uQ});#X9d_7Z?`Bwg<ZfJz17
znLy5eOETJ>Ig$#mJjCF06iynWEy~Stt)ttwgM<C3+I=Q0B9SL?|KV~MyUxb}>x0;Z
zgS=87ZflO#RJt=;L_lPqEZegg;7^N`9OQ_5EDJ?~Ml>j&x}gUbJq_uVSj%mLb1uu4
z%mu-wkA!qU=7JB-2^M0Hk%a=DF9LM<@KQEZAN?uQ>WI>JdE7>MqL6GYI>Ao;;lYI1
z*hSL0+}<BPFdv8NCQy%xzLncOaH<8>8+ISrzf5a)=?y4lFzza*S@Se)bh6lfjA<}_
z7%ETn1|MvmYW6X|1eLth^B5bR_23_=hKf@M-U*(cNv~-H`TQQY>*9yOdW9)%iJST!
z$XePGUa0{tMW@rKmi6|lQO+0|g=!PDK35SD!nO&?XLfEhn8Cl1pNtxiv-B<jL6W*0
zOr-3ZZ!B$8`&k#(!O|_8oU+6N54nX8ij{6-nP|s;3qJOij%$rF0z-P<e9WC`L+>^4
z865P@>(kZ7rt`KYz|W_RFT|&(gSqxQhYosM>MeCU`vEG7J-jzLr^rF{r$vQ8Y|3_b
z6C_J`LpMZ#q30-{HcZb5C)dy}uB6K41jB_qBwJba;lvpC(dpFAIXknEK7DjbyqlP!
zgGW7VnZe4Et_KFu>#;=rvrFhB9N}yIBWCt|33SssEte$=F5@EV8<{wPhuKa9V%|Ez
zit3GRdIoNB{d(?fHDA8Z){}Al#T;IVb1ASM5Jcm{`p+=Zoz~4K<lBa^=g_ObCA42F
z5yJNRcuq>4!s5F0%PNuNCE=TeTjw40$$uWNR>V7~QZ@j7Kv#X126zDa-a`0A3uJL3
z#Y_+$iA1xOPm0D#bj6A*1W~<BW8>Ivhl0xNm0!2GX#$B)l)u{P+}|Ma1;V_BV%#{n
z&Yo*y5;QN(S~g%JDK3U{>6hW?<tpf{I`1+;C6e+XtCoR878n|a9NERQ(R(hu)E?W1
z+Ob}^#97+j(k-QNtcb1<ldh+qTBOof)dtStvI%ICF4Yx>TkM-gbeVh9-EIgi5uRIi
zQ)YAUe~sjeIwiGdJ%?O#xg|kdSz=hG@;4v>(I(4(zk|TATm**1^uFEvm{*`__g-=l
zm|hcE>;;Rlesy>k?MS6)q<qMcHY@K*+S7BQ)=7~~C>&31_BYpic!tziw~GgT{&h74
zZ+y`);_fUecaU_AYRHIyR*kohr8W7gb)@DiXkM?Wk*Kq_8?)o8tTiApfe^e=2tu-1
zbsz$b9CS}3B$4%weQ$&BXoMPJxV3q!7IPk?S-x4FM%`zi8CQxA8FLNwtx$=wG}*?5
z${?Xjm7(-Ih#A0r9(+bpUBf1}XZ$5{>P!J2(@P?rQKz|nU2<0nOZfV8q53cd?V8@h
zjCV_(n;ojsAW@lf^(=wPB8SMTsA)i{!M^2Y?9s0f<jOqJ)<(oB3JJA!(#f_?o6RGZ
z7K?H+egj`lLg;$6U?Ct_t}g__B(Q=aqiVS_u~0UFC2Qq$HYn-UF}}JmQGkXHVio}}
z=|_MdqhlNeWWn@O&GAKEYm9GU9!f56>?roY+e4W7&QrWq#YEtY{1qvQ024_<`asPT
zwm02PS$V1+20X^j=H<5qpB0TVTP6gXbuLo^ZhBl60hZk5(+0=ReFPcObLo#%K<u4d
z^vI@@Sh90qi;!li((pQ+E2qoS`r+D|Ab5pLH*ha8cJ*6TI!&>0WZm04act9*jsh-e
zc&~HV(rGz8@cQwpU>WDZ;+fovF!&m(;vo-{S>63>56Wdvi)<SWjK~nKp3%D?Dc-ks
zImrxx^X7m`u;bU1z4>wEcsz`CrE}%$$%y#8;wC4zaPjl%s98F=Yj^SH?B6^OWu*z&
z6SIrhz=bWCf$hIC6=~<=p?@Zf60ei{ZTWNax;!6%51M^|jO{8AKW#&xtpi%1@m(V9
zVTri+9Ulg{=7D+xie=FXvQo$d&!8++h_*y%{5H~H=_U^J(~_-<&yIBp>elrk<oQjf
zGm}g|Eu~8a0iJPbAG{@YIk?6SYDIiw<LBJkT2;1EiTs^`V*WIhYAaOkCdp$-jvcP0
z+pMyU&9if3qB)+J9cohM!#m>P;1{CpGzEyp*0y^HE&f9`*?=OjN#-`?TXl2z=Mhqm
zER?U<eo&R51lU_M-`ld{c^Bu2b=Tm*564eto&!<n2Zs%lUOD@yohQ2wUvzme{O?mi
z0IP(6`QtL8=T7)@s7GQQrEJj7uYBp5dU5uJKzuwtX+^g-`OBXysn7Z^GB~VSS1Qt6
z1qV;wMWsRxq}wb5ULPR~s_gnNYFPN9EM>-B#^>#vbSFK{(q@}B?`KS)kc9P~O-H0*
zKTHYxu<6Mc9K2Cz2S2pDvFXwGSI?NQWRH49BTuAgj+d!*Vnn)7TO(iXZqev!%+%ct
zACZ<nE)KlOhF?01j<;e{ZyhQ4hALz4A1g|vsH4nshiY#xEGdXKz~WDy*F~Fj0#3XM
z_cGTlaCc34GG&(4Z!d&}0odDvm5ftX@VrADS^?p=(BC2jvAgG@sB;zSb1p2J{-mRv
zuVL&X*QIj`IwRB$(SVUX*Dj5r#7E~Y#Mbkn%Pdf>uvPCTsvKSVK8UXv_jJgKfEOaY
zFRA&OBkxCo^IMjXAQml899n^gzi+)+D|IJsA3T2bBuR<0^Bk(+^o&!%=lnAMK%IHv
zEW1Eg4-pZ_nmJMfyQR?^+Ak+?CC#LJx#g_%WXfGlUw$<L+Dbjo9Cc{b@mQZMfU08D
z^G2UAzt!e3M4>5IcbFU`yB`YRNS_f~`uO}3mZnv|wd@WE-a$9n!D<wXXwkCphOjrL
zTbdZXpDnGv#n!6}`-Vv+lrq6%c=JKttP!%aUh#(kfvYJPlI1b3-G$+4aA<-kXaDha
zP;iB(ktet-QtiZ}uV{t<h)!&u!ZnIq9OsOL@Y!eyC7zxBzNLB;20g?)+eF)_cC5~0
zuN4(C2MRxs^G9}by3nkWrG2`MZzBaYRz!h#nJqSklOUala3oacJfK;dP*k1-j^}n6
z&2H1n>v1;6Hy45myGL?~NOsk<^Dkno0E)TOt+{FYoipz^?BoOp|6MEuJV-D|pz1gy
zFX{D@rSB;~N!6pkV~+35b8M@a?B(H?42Hc`Y*iX(*w|~P6mj!NRNLVxpgVLEf+eH)
z>Qbb9qN@MWKrFyC?_<YeJAV~r_4CBXhRcZa*On8J-`S@gFYJc1swX5w-6(Ii%Wo(_
zeB^Ph#!9?xenHr?y{Ec$AF!zG4DJHTI~2@0+e2<(c*_`I(%1fG`_aMcpLF7>pIh8b
z`;dN4gopMN>U|3NvKk=a8Qr|$GTBC2{#RXsKC9;iG1yCix&!n-c3EU))if)j@;`P8
zxV@M7Oy=OP$b!8c;jo?*<p@@;ug-77P;5^=yR8uX!1VwE-f{7yb^AUgjyF;fr9!Es
z9>AA(oJ=0Ozu-r{aJDiUZenc>=w<Nn_J8)zOG#jTK_*X@)1Xslpcuu_^O3eG@9Zj;
za7iLG!*qNFU%PnKorCjTWIS1c&&&78#d*ib72-f#A>uVD>q#I|<;^`{dng2F4DUZP
zqIqpJB}4qNLZ&A>&peEX_)1U|@Ug=75!e*Y&Zg%BY4?t5LoWoc9rS>6QgGv!*+)Rq
zBY?HZ$5-|cA3I$8q|^hhrQwe$Ri=6!_;TdGpnnoZ06B}*JJPA{bZPOmZSNt)ZMgx%
z`lek@j729E{iS$KtTw<x^dT&7a7()AbO{NxGXyhC4yxQoOw1)9{<HRU78nZk%dZNL
zsttQPieJD1AIKXw@x@>Vhhw%^{9F!d2#D^-qQCIR@B!cCv3l+vCHg0e{s&b`<?AJ_
z9wFZLMvX=IxdV?bJ?8ahRO#~h>fpR<K^(2*xn3nZD4{mb{k*gi%mo9ALtfR)v<bn;
zFWYP44sK#=3G-zlVSy=t^=G+SV<FGo&+_GWTtI-YvBo*GW<k3obbG|GK-x<`HU!N`
zV{a`6EdKHWn#bm&kuQpUC+x;7@%qU#njf<$KBHlx{7A0E3_<^srNy?bJ7`8Wh?-Hh
zy9Zh$mH+rr%FL<r*BDZ;W-85m0kOe8Ir%229&2ld#YtQ`un_zHjLjd!Sw8M}3z8*b
ziYE|{uPA=-ND4K7m(;71$F^##7Xk0qLL|E+M%{|d*&JLcZQ&q-<QALaR(_xCs2cG|
zq(2qQ7<=Awa6OT^eqV-t#*4#G6&ppJ<X$`vzP^@lI-c)|byi`usr-5HdS5SRBg+_e
z^})Qon6Mu!uNG^U{q8iVO)9TZ{my{)J}QjVJ@4?#s>F~`V9AUQPZsO;k?{B<q7~dv
z_t&?(KcYV7ditK!)8Bf4@$+!x23E9Iopu4ypDk=n+OGPHS(a<_KeS#2;1Uaudftgf
zu7EpWXg1QF$DPhI5D=8Asqp7ol_M#(6r!1)?g`duyYPvJ^lp0}+ae45_3JpguCU)E
z1NP*CDK*+SD>>LyuSb49up+f^%{g=Bh~785YypA)fp~v}2=K}gwW;96bqGB4z}}iN
zx;n8QT3Yd*NXvCFp88hY4`Sn>RA1uWQ=Y3D7L)wyi@>Y!SWa2t-iwkG`>>A~V86Pr
zl9_8IYv6dn;y!Z$RpHKT%`k1H%>`C$*Igh`&6h2(DNJQZz684!2nDg}F1_PToRg&{
zH{j&RAFdEK?9Hm08If7YDqNkw&aQJ6+G>OA0xQ2$?eP%>UhH6g;x0v{Si@^Thwh7E
z|LL*4bt%_8V#Tdh#{W<O-6o!4SA?^~?U|s1UskL1opKa1C1{Xwj~Iw&NE{{oI*^^>
zpFt^mqdQ;sJV0W)&Udcm^r!;A!5)eObZeK~;O4)A1-3@dYU0)9&!J`PB(y+!1?nfX
zPm%8Pv+*5Kascv+ffPK6hK7v<3NXHYkKmDm2@OFb-k*)1Rj#^cEe<a^0QanV7NXG3
zuI?qdFrK*TLwcRe+fd!>Uk)ezSV%)v0Sy0jzhYw8d({wo%XsR0Jy6O0us{8H=A_L{
zHE|EE8;DDA$mK&T{gr`rceIEg0h9)%;Pw1qG#@HdbGU>5n2RJxyye?0_u&?EHCbIC
zo5uvQ2ETrF+v>F~o7rgx6x?&`$-8%iWiN_rKx&Jvh>nM2-tJwXE9sZm(Rlo<d}`~x
ziAy~f!*-XRw;{O|jj<-j@od)|`cRHc8EEQQsZ{#bYxNnVpNdDo1->-3Dc)t$>MN*~
zY0X1$lH90F8<u&y<L|)b+jP9nL(f-GPs8WnlucKYE)f;Z+g85GmS16PW;5#VVu7F!
zf5A1Zp88gX83N=P=`Uor9C_#on*|Qr+LSGR>$ITuxn=i`wdW&I%((1KG6vBpo~!%2
z&;4ojPAM12;pdGz!c$$HTM3{IhBtc=!cR`E7o4L%hG6ON;;LpE@?8L&J=aK{6eOnG
z7$?Pa!LwCdD0R-pqAr(h-ht|AH9^b+#?ncZM{J>s8QJXRp8wxeSRkOp|DtJw{}rk&
z4P6c0>Hpst_<zSZ0UTYe0nYyo7Wx0cS~}VPH+YQyE8fz{+4{dR!u@|68QVDm{@oJt
zU)|mNXnl4D0Rjs9>nr>JU@2^8YhvMSVP|V-tzu}V>|$?k=jcplY;EY|l&mUkx1oai
zbv4NBin~Cvz~(Qcm5{=8+ms!0BM0d$1hNo9_D3YXOr<==iQDC1ZTLxKbs&KqxE#iy
zzcAC5DqaOR9Dwnu7<SDyJz0iDSl@R1f}eYzea*vje~`=n4bBj#iX!eXCxXQ+)x{*i
zSec`zO0TE9ybRZ6xF_3HOlOCa#>`;1gXf|>ds`E3*k!hde8z?D(nYTj0hoVM{^1~O
zV6YwzHa?*}-J*P-ou_J5QjgJe1R4>JBbHzb=P$?(%htUJ0}`TAf@Q9^<p3z636Gf&
z$$kc=*B#ZXg)xuZB{L39?H16p+TM)2&1l?}PNs6k^V<yPb(x9Q@*I%{HD$);ZWb9{
z?~$?6mK;ocV`Yy5*xddK*stZRHsy}^%|R;f#B5z6mo=XTushK}o;5y|CMR^Kj6dzD
zxN|?WPmib+3_bF#9&jXwM)44c&0<kSPh=Tzy%;BzpW~fN9R~xm-6fIJ<ft8l;<4Ms
zjM3&OtwAFlW{{g4wUERk(0D<FgPGZDkGdweNoPpT86_Fx;yn<Fziy8iH`#@*fsS&e
zE(;~3hE*8`;1OuHg`oMTe{Tx;FN7K^F>Od%b?YUDcGr*~@p5JUv~Q@Dj~y6YK*<Xa
z=JuU82P<kzi>|sZYI7E@aG)U~W%pP1Spqbl_x+irVqg44{<R?Aw+E~vm2O&?&E!=q
z|Aap=KAhsb&_4Xo!8R6qLBYTH19dU)RYd`1nx$0A#yn#U1hT6yQ;fHN059J=K84d#
zkk_0)V26@tGJu>i77<;;aFz;IX9U%5sfSr^AGWzqnnT(S%sE@D8>jV>7xqGkSYz%B
zWQ`ZK83F`>tIn80X^Z55_ILY1ujEmy*UpI33&=42y~-OC-J`L0s^E{^fu5*R!(#!M
zC@O{2i!-_hx`=d5e$uHKrl5MCT3kWia&&6sKk!QkoNC=#Y)=gC2*NEbF!y|>m52Eo
z3X`zPe;Sf;q|yzWw0y~!F<az>Q%5u#!1+o)fD2y|j6Wj0drX(?7$WT$W3OKt-+T~8
zJVTAM_tkM>&K71kYwC&qL{iF$`b9xi5TD)B!}?W$KSC0#9N~-QUY*3w-lAOdKRY{9
z&8RB$vU-FRdqap_SpNWB&uGq%R6nx*r9XP0{`AWJ#s0As$T^=rA52s5^j`v5ocvD_
zDFhHuB?=G_#s3`0rWR)Zh}>*78#|mKbl+i*daF(w?4L~@77J`}F?iN_U8umtHRnw|
z91hsr7T6Sq`_@XW=gp0J<h#{>NsB@O`uTUX2pBM-Vz~Sv2qhR)kH5fAM95o|9r8Yi
znyd89DO0@KW!e@~*O|%m`z)uUbmsTVZ@zcnzDtd#0vz%U_eB^Cxf|Q@z>yc_8zXE@
z1k)Gg2O|hm-ZZEEA_z|U501kD3km!KpE$yH#hZM{aO#<RtY8FcZ<$?VQofQq#^l)Y
z4ZU=E8heMiXi|23vm1DLKuJQm1`C#%xoi$HdQce2s8f7X#lb=QkC5p4039VTO+1XE
zhLe62SoRyyz&VpU1D2<_`n5oEtd@)=<it4{B32$WX*jbz6fA@sB57~7M9c_z*^&^8
z{sq{~1@T1X(1P?66)sjb?81I#SYJL4)a*2DSv+a48`y!A_><ii6|NNQd|zvO2F8B-
zee;hK4W4XG{;ZhN1>AN=cPnQTlJu}sIaN8<?c7ACGvAO9fo%?9<0=N?1hcU$8u--v
zg@Od664H3H(m1pt2f;CiRZMFY`6DS<Uag}PB2q=oI1yII3YDS~sd#HaB;ut0RoofC
zKvo$OEVy-(co1j&gNlPBUfEWNNG^be)kkWw!em-?lIfz%ILbRIn5TVBWgI=?!2~Kq
z_*_@wd`8ishbHBMr_QCX`s59EJ^OMM)JI7*GM;#`cu0v-J+2mQfs~H%qG^(ZL^2Dd
zsEMk~$eWTHUDY-^i~2MKtK(d7VVc6*OzRTJ>agO;cJ-L5@_c#n&sqp;QX6w<Z7$iL
zHYmB%5-?w9ti9##^FQG2-BdF*hV+-Tf9_5^g$`UZ&=~bK@({1zxXmJAFS@@#7;OVx
zX^UJ1obpg>Wg0m>hRMtxg_}r=*mWtWH60j6&eP;;6%A{SNAxzv?C(99AtpF2#8f`q
z(Z5NQf+K@YM|y9vaAw|bfv1_=e~XFU?2C3CjQDVfJo3<>Mk>)!m#tZBsJb{8j_YvJ
zk5_njp4L!Ilpg*r*r-OMy_(}>*E^!9wMX4I@4Tf#>*Ff!i@x{m3W4eJ+KgqtvD?bt
zpN4z6CFnXG(SE7jO?84YGuO<Os1RN2sH>-wIsfgg>&{jiLh1`p@O;O0HU*Q+KyN5b
z46$v?>E1xmA~UXhG-(|GW=+K)hha+JR2Hsep$|3#Rh?a}%K-Q4?y6(a(kObbNq1E_
zFzI65nQVbRLOkWM6eK9f<Wi`Xz}Ag9AY+@u!&a5_>ZnTSY+d0n@YD9RF!X$sS^@mx
z)`MnW1rvv;Uno~$cvu<>Kb><mL$Lf&U0k3NAMp#$HX5g&&gv=IrBP3lmcgb4i~J9*
zRsgl`Ma{U=ADd;N3FHSbHX@3L?1BiXPgrc>6-k2T%?HiPAvVu#FfJI9_F3UO{KyUI
zJ6d#30mocX_ypXB(NB_X%lH9v@j)W?c<)Tnr#SCUQCq@S_{fU^GSAWqsZU)N<b3i%
zGvyoTm643`%|&*rK;E`c&)%9}K5eNvIPUdK=-*-BZy;t|{J`JIWe%HSmfU5Rg|10!
zCO1xPG5UhS=3vp)vWwMu?M`4<6KE*-=Y!B}L43ijN&{wdFSuX()i|{V3#lc`mj~=|
zrO^~|wfC5$vG`(GROrnT9WHhb{P?pUyn&xumM`mp90F?Y&WgkxhV!ltm9BDnL#7yX
zwG+z|*ixB2&=5!q3Ttqvw(oI<?=-7Nnr8sv{@S`m;Cuj@VI+)j>MX~GU%DD=;&bPm
z<xcaQFVJ<|1Km`YxYPB5txw)A#F!%j?>^?@-sO-X?i|l4E6;9|%npHA7Xs(-x%T5x
z$eBBTc^G?mzRN8<aq+q--(C2KSG}~^c(98MR-S7V^Jom^r!IBdEi!1Q55v)(D;CSq
z+r=K^5nD~YdGv=N7ir&e(xP3M*fz3m&j4o62&nH*rB4axH>l%VX1x)5cbwh~$<iAc
zOI?<77bIe>idP(R&A^njLa}*yO!2Y-wzkT)@*h?)9<0p0iXncjH|+x^TA@&DhQA!k
z6vfNXQ7Wpj&kzFM8i6g7rJfWl#3^#2T%6EQ*MGSlRsYgDOvF<OVG{{`oA{;0W;siJ
zp5{W(%xF1;&1!y5%A-{XJ*P5Br~amrCk9wM8>Cu_v0V!Hse%EqhM2Fy*|)|pX~DU-
zMwqVGdy9dcWjB~jhyWz2PMA`qOa&zOx5Y;&9tSi}sU|=8tPEdOD>pGYGh|<69#(X(
zeHk|R75)CA@~e6x$Gyx1D=S?4;#lQZD}}@xDKh*P4y1wz$RC!U<6Qh^y@C(Ph+0PM
zb?gaX$FyV<YXK9s-FHEebq%gD;!ZyJYGx|CE(c|w7#J~WY5-o-K+=^FL{LUD0Enyr
zKQ)M6n8|BDJ^X4fg@BdcRIz#}m^_)^gN*$k__y-^A2qYhi>1Q$-<mlA3J8efe@L~G
zwk7~~fQg!+wF^Mh-QE%4<n*_I{zvMqR@Jt{5yj*+=DrPvYv*9ihbx9keM`v*0k&C4
zlFn$6%Pt~`k^U`Obs66{XOy`qi`siPPR&n@P%WYhMS}0KBThJdVH<5_C#qyPw!dlD
zbDw>$Yx=Rg-TV1thpI=~0J^pCg~cC{FVYw}xAG7MpeMNlulC20-QTONHl;voY4Pr7
zM8chx`b3BpTcJDVP%1D=OB3v7mBa*_)>QT$-j8}RhL(BDwU{kustykd@f{yfb~t~N
zQvv>Yn364P)CgH|wxVVdL<>zZ;hnBd51lyE{-GNDR$7b7od>LL01Mo4OW)AL#AZY~
zbYXSVnUX=53CrQ|E`q8>@?(YMgi5(;p<Z^y>lF_1bdMp7&V3+LDX}tFFi7WAtueYK
zt+bM*F8;(@9hD+#7;8~#r9g-Lx@CB<{Xu<W(y6p(qvua6`1rYuR%!;kp!~WD+s*=z
zKE_V*bf_X+@bd8}T#vLMLp#ato>dlZU^`H&twIqpwW}tmwvSwo>a-3U<y8*GDnu;6
z<^b7(ps(c2OzlC7F_x@c-vdlfj_RY{mwQ>}#eBQ7fRPHettx^>vd`w$a|VH&*-AR&
z03B9LlXK&RT80`Id5d<an(P*<$~!%1>r+I*9780n|5$#!D$Y8#=}k$<eOunHZWo5A
z<^VhuHvVoUg=?~dyfC`Hl|~;sHuOu1nW;ig2!ey`fcT5XfXfD=2G2V#^kmnC$X`K*
zIo>sPc+nnX6&ij)xbja*%ED@b>jY1NOYn+v7~`MP1iO~SCX+Yu-Pe#a^Iw{I&f~YR
zCswmNwY`pQJ1F%JXLlTu2w$lOUBvy`o(Zkgh({8njBs+?+d>kz>50R~7Od7Evi5f9
zb`IU6t=C9|;1YmbK@&f5bGIj~-||RfM>$3Z;W+y?HOdbl;*0^*X*(=A0}yQ@6Ql^y
zoRgjGF5>{Cs|DCCLanmbr`0vSb?+zjsDlnn-I?!j6}k=4B)fW@oF@s4+mStoSWd7<
zdV4&FjXq3Ur7>j9)c2KRuZw$kg48iIvtbJpohKScKCjSt6?CVWRd#ee1AT>yS2|>Q
z@X>3=9iIdY$sV!!1nHc|fXC5eZ^y?Zx3PU1|G)K;i+?b;GLjy5coysl1@j)fi%Qu(
z66-}y2P9a_xy;3yJxoQE2C-N6MM71ya-;rG!Ay;19u=yj(Z%*lVNLbr@Isdle~to1
zR;=zrJ!5fK<TAu<HlKG@=<(*se(EXSp54Zb_lL>PK6%?;Nym%Q6fyE?Aq7WpI5Yqw
zhWQzPC0j>FUhl1u(BFZh`fqXh_;)GqEguN~nKX<AYb-#4fq?iyfq>ZlC(>{RI2t+w
zO#U}vkTCx9J6l=SZb1Oi=R7Eliw;Uvn&Pk#ZimAri--<#uozlNQ42l~zs)8=b$@iV
z`XU-_P=5~y87%;W{}(}UnhR~jJSt_1tE-vo(Pd`qxqh$T2WVa76S9=M!DI;tjy7QN
zb~a6%4S)T{ng#PBN!;ZR4&!16an7AV!2rd{=$OW!PN)>08O5n#+TuFwB@F<Zgh-A!
zKTy$8NLXA@e~4&hxkLn(YavmCL{jgaC@J4}>}E~7=>?fDnmA-H2OBa(ialx1p6M$5
z1@BrERr9ohFE+*<7n>ge9nKG&q3vBM!kvCkl8EBYL{REc_iPmZ?m$6?Rk+`(i`+S#
zvr=zA%6{<B;iiNg*~jKBc1WX`NSbVKTAMZeeNWZg{SRHvEED3QhWHb4a?st2z)3##
z%8f2d{bd2{@(?mE#>7fp{eD4kMkLU=GjF8pfI@b$406tduUer|$db|QVwu|UAMP!H
z+iJHvW_Sx5d!`BDDZ<I19LcbdWk-Jl62F^6Zcc}6t2dfjv!w{IIoZ&O8^yfFFzZ_N
z>=_mfs(H=Jlrn?gJ8H@|TrfRqg952`fyfSVO`=Pq3mCOVpoa*%!h~VYy!8|AH+9uD
z1(SD%pv1SJ{TI>3;G1_4HEgaKBHyHFTW~aPe)=oRmw3)$FxbX)!_|&$$r$gvH7iI-
zYQ)9+f0!El7rm;DhA{u;@18>YJC^w`1DXHOtNu-k`WJoaU-hDYm3}1ukA3yeU8T0}
zxS)orJ5o<<4C6=$g*XqR4BaA(_#l;u3LOI?=j6YkrK}Zq8CWP1A5}ElgaF$c-^%A4
zqRzFzBFnrmp=|aB@fqzau<k-KLKwb)#k249wA$MEyyhkScAuN;_ro4bzxW3FPMqPF
zVl(O@Q_64I4XJpliv2b%KFLB56wCBQhGIi5Fuc~}X*@V)Y}194!K@GuI2a4ukx~oq
zlIdcStCAbetK!*EdKT|=A$}P+034dXoW5s@1--;ftBzR@2i4DEu$Uv=5d;}>4TekA
zbb$vHV29;KOW;ow=_6yOskjy-OVp*aoQLE{L;t6WrfM|(Jnls%>xFWxMt?I-R;hi!
zLaG;F;gD1lib7gLPPK+Hi0H9Oz!R7^e#_EeRV*Ht*`C*BB<xV5U-bvElRE`O?F`+l
z!&WuZuNbI_c;!lJ!0A*vfE#wK8WB42*Ug5(aG+>pxsK(AP#gX_6GO@e*SEioijF)R
zaN-|c26I*{g*u`*AHw0^p!skIS`0dqEdc_>vMANa7MDPEGbxCguxacU6PgA;6F+<R
zih$i9#QbHB3?NsRezmqAlKSUQ!psLWb`%_p-x8{k!z-HMHeOYz#~Y^rzYYol(NhWI
z374I@gP6H=g*$Og6Bi1exrb%MAbA%VBVst4#4prCN{=9?tS-Kv)7e|H$AqyS(@BrK
ziFuyEYjbvr2_TU5179%R*Vv#Chm;zFfp)e6JhO6jzlt=McMEEE6$jJ{Q-Yf#s>IK9
zjTe}M&tJ8l?Q{sb^|PpDrY#K&_<+$isn)L#JFYJP{T9J`&bX(CHVe<iwLHA&Z7+^F
zPrtBSAiW3+k4_E@b;;s3EGA7OFVDAAs%vR8zEoE3yLRZr`@_M1E-1ZwAMLoe;=dIA
zsRHO9#fiyEk>B*>BzM(X#lmY2c%5OLVb-WKPj+Z(CW#p=Syx`*oOx)nc2@{u{@!|u
zPREP*l#?I}kJTimIMy1>v3ab!uqhr*8fK<{=i#!p#dv|n-ob%1Kla*H?Hca!$S%d4
z&J&l#KgDPDCXBtuxWa9-KYnnKpEZTVXvgMB9<|%wieC>Jg|q#c(pl%<axEMvt<#Bg
z{D!~$>;S564@<xRd9yYPYqxuO<FbIHM=vA=hDiJgzh$Fy&wiOqK>rM~=l3&nA0Ouf
zDI9K)SWSp$hSJs><q~Js(FRB2E)Dkup0^rw4Lt_3YF|dA6tu*V^lUqtKks*6s{|~s
z-_y1Jo(FScWfW}N4>*q=2XQC^e}gR&iB`x_4&&@T7a1eig|vQ~jR8EGM6G_@vowUp
zX~sye6C(U{2EW?$UUBc5pjR&u3XG#~!VsKSoQ-6f{JSl<a$b`Zp=HmaS$j-ngvn72
z9U^tzC+8ctqUE{V^$<Pm4>$`htM$P-S=>zT5a?pOa|z|y{(aoo?DN5x<7rxFC`A4{
z@zHBNv+l9$7@9^CJbiI`&XLwx;<{kHAJAN_bLwY&w<vP9dyBOguKW1JpnX0<uRx`S
z4JZ>dp1~ICP{k&@1jr}YKlDh-(EGLbo~M{-tvNs+ke10oRS$UsNqm}uH?ays@y^5&
zGwhV)5{a;7PjVZYu#6sy=Jx9myRG0(Y8y<X_?x4@lx*!$N}u-$f*c-1wPb54wR~kf
zqGbIUav%s(x0UB0mi+#6W-hm1*g^SQ&WHY0&p7`-8T9{J&u1rD$)gCOhHS5*Lj$au
zX)&6&=pTS}<08!!`+$`eB#0ymwp%ViTQs#U=s>>`2}t5IUit}kVwrN%b=d%#0V_pL
z{4<=#*^T$_Gc)=?WcBDnK&J0VLr!y(qPM{G#1s*}dKcZuQ&w{{B6XPk$OA5st#F$g
zdo~m1to$jdSS#Ei8s&eQth+7jPLKGm{qK#NEM|Kr;~1>BmTdI&IXA4Fq%oOgRIuOt
zean#U`wm)`>Yh&QGPSDz9BI8~iN@!<ZJA>~S%sWVszy(&(uUZVs~*GNM$8>tKf6_S
zb(gElYDubSv5rfZUYK9eg<Rqd7^S_Et1~?^_g8F6GC$Zji4%lOT0Cqls!@^TOd(tv
zsnJ=MY;7zpRl?~tLLrxPcEXnb#QCj-&xRAmD~~4ifXl%a{<BnZ;H~fR&2xdr2ooOu
ziFrs2%Le}v3Ggr<BvoRo85ENUcPi-XzF9A88Zb?o?NpP2<GOBcn+R?;%~e@I^OEYb
zSyYKV32Gu8AENaKT(Y@Pn_CVnh)I)bBF#|sfHXZ*$w;esU@m&ew{ut>P7&l3=BoAQ
zM;YcI4jOx$Lc9o7z~8UYs#&+aSfL@Rt%^}&nIR5nDl&#KhDU<nA%;CkAKOUeyiQu3
z%LRM7ge5n6s(eQS3o<#F4xD6HI|_;(qHeA|&L2W;U}%gCI)&*097;l>*rh>ni{ch`
zh{B8T3l}KaP>KXIpFk7E@_7e$<dAsM`$(23kjmUrHsGJ5$ZVmRO^(})#BQyJnW*9!
zH!?9n!okCC_RB7fBBf|&#_iXThvkY~kbd`B4^jgTQ237Uo;#RV@ywo=H$Vuw8v&C^
z_`i(_j2fufjtJ8t5evoLX^g!BO6jaqJa?6#{2u2@I)RmVGWNh&q%vMGCvz7!NTX;@
zPZ^*c;e!%SZk3NnMO~hBp;1Jy*QVQAK!mp8J-NePkRo-%ejqT?ZNg9Zh=P}Qgn2{w
z_zI?UCMb5BsF;&fK>q6Kh5<Qy9#{ef@eHBFU_2s9ira3O2b8;~EI6{=WBlhx16ur5
z-|#oWQ2rhQq5K~rO~%g7{%@D*9|cNuY(4aE0YnkALNaWWy1J&uIUxiq>3*rYFn;@x
zLk3WJI-Idq&6gj(N$!HwHZ&o@tLy_;`yQPj8idh^;+SF*koAVEi_^E7ko&9N>L-<I
z#e6u;{ODN|8F8MbW|yQWv@W6=-gRQC7d51jR27k_NmQ*dsuTE49{YR*W-YFqcJibs
z2{W#%Y=|X(s7PYl>PTe0f^#7_ihM}OkpAi;{J73gx(`77!XjIQ584EQ|HW|+tA&8$
zzYeSYb)5eH&v9jELuVJKf4Hw3J0bV?V2tQ>QbN!j71&q)szJS}xM;CNyhacjcVbL|
zNIc4_+#fsReux{zFo)3+jfPkPx0vB={#<<^d<UF;vf+rjvK2dUt5x^kn_N>k-OCk!
zN|b5|;8MTB<0QzKx%m*~mMos!>Q6%yke6+>wU0+i-Go#+bwZ6td7M;net*WZG3QXX
z>_wB@8MzY0%kH+Px<=U6k=mW7Kvi~~zp?A0>Am;!f`SpkaZrr7Za1h$p99|1lCuFW
zDgqi`-!dXUClSS%Qd1Zqf=a{0hEY(mqIG0=MutWw!qxqaI#OIh4*yF-<JxF!4fHQ9
zBmbr4|4C)}=Vtk5OOk}~KQ3N&@;_NQKe*)_I5{%H9iy2x6@3uLy;!Llbv7yPguL}q
z1O42#v6FQ0UoH{j0>-&Azdm~3KG0zEJ%k%^tQiYw3oFS!7H+5M$*!3mUayYN&*Kq#
zpn<l1VeSyr7bG=?Uyuj`eAr?fTvG!SrDi-Fm3^U3Sy{)szzD`XQC{|QfztRo=;jXS
z&Yko`3~?HZDNToUwAIB~&c7pFbLhx1<T6uW$z_=NO96?&-djys4)eN;aGQhz9Cav$
z_IiDItjtPzy!kkeB{vkL)tt1+g~>5N=}V6H8O2U|dd`i49s2WgS-@bH8w^EgQx+|>
zlz5x{o9`jghz+$S#VE8IDJ;1DH3D@KP{%C9I61Pk<1Bun^x5G!SnV`B(4hOp!DX5T
z;o_~v9RTj3YA+M{Rut?~Z&M*t7va24a2$5r^knqZm>3ystN?{LXOo-@lE1oL3S)M!
zgIV=Cp{YVUS+w(XlM697Z8jM5em@$Tx`V7J1edC_q0o>Zt`gFa3tD1Wd0YRS?4at#
z@1(vfzsWk9d?RdSDpL){i8-4=P%&3MwI6;yXkY>ByGe)nm)pvD$q^$~ID7q$&8;rA
zw|h>7dMZuMT5As=VIr;@<BLdB<@1H;x3Y^2g=`7&-#bd&&1mgoT{7ng&XUzc=5u&q
zjQ~~b^a{Mx12xO$^4JQs&8&UMZt9Oba)jMyr`%cUL2-4A4ht6q(L(bAguI})UcsQH
z*@xr?vWw#S;AsJ#LB0spnEX5l2y^re3&3y4sjg$VY9a4Xt75tDHmU3C6NJRp1m7sR
z`<&dzbNl<Ih@*G?GY<I*jxXqA^I+wDV?5f&w^BGC+=1H&1jYS*6rQUY`_41Y8SJ-{
zO8YZ!_p`?toHq{tM8GGD&QSN35@8p?+$~B^=V3#Ype9l#scqo^B7I(1>IqV9#cVg)
zLwWUVr{%1r@Pn05FX6*_$Vs2t$r84+w(tYDP%rsID7ZOBz|aEW!@@<$ca`AUK6nuZ
z;ncf-?|-J@*U5b*dKe%edn_OzhW}4C`j5^2Y;_NVELEiM?$k~1%*#|VS<fK0A_&@5
z>sZ;0ltM`m$&7hgNt}!oWR<n4t7Vf3SGUbVP!*M$ibLcXwSxw&*nm9Q01-h2ZO|?|
zBt!&(A3u-~##!%s=sWe<G7(?)GoQD*(mj~(kKDHdYqxz6esL*k1eso#+5hT4-Zbxr
zv(51FH)ChIA_He<ZVT?O?s^vmhrsd<?@#sEM+~gJxvPZj8QwXEg=cPycC%Z)fnz_~
z$)xj+To%WKwZwEZT#1(2IQ-qJ+m=~R4BIoX(>dvjFmvUy@6{ID|7q(@z`qks(BXhO
zg82+Y?{_d9=sp@9dTY$?8<1=Hk{*)VsTitn{!$#GZ}HL`vTgoS9kR_haJ|U^=Qn#3
zh6DFf7$UCgJ{di7OU}NuM+YZw{?ZuIYyMIh(hJ4m72RX6BJctR9c3=j7cYb5;D2ga
zNNo!`z&!xIJLCb(rMRLnBx9+K5u!Y7%P%{=<_7iz>K!l8G_#y66;$X02V7%96(>dh
z$9Htaf&^Kt%;skfL&BJSluBA<8o0OEU@I%4B+e?Y5gki9Sc;a4Byl~tQIU6Ng2S5<
zl0HKUgZE{<Mi=+&a&cJrR6lm~A2X+GI^whfUNa7CCUA4u;rTh#IWb^K?C~&CB#G!h
z)voi(pZgpd`@{AuS(Zeto|Y{M4@(-Oh!hqG;?c6Fo84js+_N~08m$@(h^yEVK^``Q
zc;#OVSe@2V!zKH-8UeJ9BGEq@3`$DLa=Wiu{PU3H<6TKK&k;!2DJ_*^ZPkdU_WeQe
zs!5~5kR;|O@gm}hQ7E~D<6l{MC>dx`t+ph=TL*<OpiqO2&IjfMNQ9jJ{s~tU@Cl5D
zp9#GA8NL#1tp@TgI2+%1cV+1wF@3?TRBZtb*As7~RTr<jv`OCzn|XGLf%MHqjJ%aS
z=^{l&0h1^e;VsYQF>Ke^!z6QCk*QMXiFyqs@|&>Z7M<CnB)Vpu!~bDUHC2iPBJ{`Y
zENQ40r_7paS~4cct;RfNw_5_$GbSvBj(nY2K>IdQ*hn-eB@Z#4&BWoN(5?wX+|I${
zOLC$lr8*7rT_%#A?dAJ>!9hulGkv<S1AzpkkMw(z!;?M#5VHf_l1xeod_zPQrIB-@
zzd_thq?MHwn0HPq${4Fk)PaDFnwW02P5m7nWD%sB+t7S?UOnIBt14fL0ocU+TwtS1
zR%D~Iwebypm-<L3RuGo8!G<UJ@$M$qbU!-YXIDJ}!Jm2*AFcq%Q+JG(vm543y{)z+
zNxt7ZRAlW5X1XWn8k{a5=*!U|db=kg&*Ft*1<96b^AZg;@`>xIrz=5ITwL{<2D|RB
zIEgeY$`BNem8$8rdb4eLDZx52lFG88dW7zo)I79HcTZxj^4x*&;FN4n*Ds+VX3jj3
z$Ic%pGgj_`BattuF_jL{A*s$EIP~W)2w#=N(Y)ASrTgFRq5}?iwR@~^wdd|2D*7dr
z7t*D_k@UUNP)wAb%lg=aIDbf>$DuGVQ&+H}hbufPx1<2(O#5RT*39B<<{oUtsQ310
za+G2dNLo1{tK7Y41xJE04d8+WK2<dCG0AE7Ri2ug*XbOG-=?(JGPK#P?JV?KH@7#J
z=8D6Cbvc5R`?wzkP&h1j9H?f+vwuIMtL%$F)1)h;SP)y(obaIJrngBnC&|Q?kK-(|
zi6<Rf(AstCC_rVSlf!8l&m~zV+~3!^nL?G_Wphye`12lA&)qU&E~ohLP@-J4aKVEo
zu4<PJ?WpY);?y#t=E(d4PMtSmM2R?QX={ZIe9yz0=$yofVjYi=ps5Lrb9eF%zYhAW
zoJn3mp1^YiHc(TZCPDGY4d5W8%;9;(O?g&S$%teIEANo%XE~b7iyKr<2rK}{m184E
z{t+`H$yM5+vrPi}s{gZ+EOwJ8R{lOuqhJOj3?kqY+zf@6FM-cfL|pg*@dl~*EJSiU
zWiI{o>Fg&GY6~#=u@^$LI4Al%zc>u^Y=n!sFcj_v(W&}m|EE&4uT{}g{;;dnMV;80
zhUG<*m}M1<lx>1#k#EJYja1A5c=a&;5Pdt&f`(*pE;d{Ly~Q6OTTp>`H%$1qEH|q8
zOVHB9hCV~C6Sg*cZr52U_HZNtdW)SMJ~>R`a$*HZOv`J|G+!4DaAAFp>)YVh7{8FT
zoZ|gl96z2Zw_V@@Q$Yko*6T;lSb;?L{3J1q8HC@O_AA;9VZgP<hzVxDsliW0fNif4
zOFYt@F}bE9pN%_Ghff13IEyeXY8R2Phhdd!qIw)hcB4XQDM(+C$8VWT6&rIR)fosz
z>eH}Y;q(TemCTDN`mhzlOm~Gk?Tr&DhT03Vv=(J95F4%49<|h>xu}G;ucCY)(BN10
zE;)rtD5_oS6q}O%PRXPz`SG1{+yhaerVA^|*v2wj%|Oc#mrjd^YXqSTBCA9uDw0<?
zbll`AF6K$T)CpFRaG%Xls;xS2Cx}0rA0?buOS{f{G&W#dlpqzL!Pifdji<M7VD6>d
zmd;8sZO?l#Zv@NGvQbU19@PwuH9iv>Mz)jqP@<L7Or<IwLrPtZBDwqOsh$X$GTJp=
z<p-ph5eSF7fjW7P)<g(SnyRSfMCd!fusBeU4+&;&KugyI5^$w#9HuCN0mu(3oL7dm
z;uKGbbgb*ykXYCCPjtD$+S|Xn5#$_tr=)|i=+X8*RU}?k5DrpV>D8BnNzQknOkAim
z;l1N(HoKZ#)TB}zd^dmXA*nniWphMTcsV8L@JPvd!ZHu;vq?`l3RNWRka_^D3LB1(
z6F*7Dd?QTwKhgglVvgT59ivlkcdR7!7UbKV86edYNOzwj>+;UBANv+d3A8IgQ*K_7
zO4wN;R4_s(2Zq6-F|tPnNmYjzGTu`v$(-nO<+PH(2~$6Dj2WQSEB^3-V;(wB8nDZY
zxH={Ag!3u_nJ7k~1`x_6V`CS?Of`&_xJ4GX9{4d#pb1W(Rd$=Yl(SV%09THxX^FNN
zKy+G$YTB}n5OS=<Wu3$`*GZ+U!|P;^D5jdm@X3igfwTn_P4h<BDjD1|x@=2h?qmKQ
z3!N2FepYnH<PJI`bYDxwCpBa8#AL;jPIq2K>{^EhXll+Qx?ABl!W(L;UGXT}nvQjf
zWU>~AbFm*dGWmg(NE65<HEYnE?<78!rB;sCR@Up~K=<;%9gnlF(Baf6vk}o|+P7P)
z9nt?Bz#gMaRoqNci8<PF)XCRz6va=~Ne|CH4~t#6l35_d@1!60%+tW4Td`l5MDFy_
zv_e-j3w}ss#Zjc2DKWPgAzJkZI5KN4gfky-raRXbP~iNzpOmSZ&FyqCBxt0o$^kLD
z?7|l>yA^}hM`K7feVJ@<A+?lRhwr`(YfV7c46ewVTl}SbHOR9XO4>l6hgCAWDVpyk
zIP9~bB4#Dei|2!0epm$l<d8AOc(tCYShwz|A6%@RUcSg8oowcmpiQPoq?|^)&=R2@
z&)NK&>yPh}>e=OhnN8h%*Z6o6=abBwZG8gCx~FP!YU)ZuA=Uog--JQ>2-Og8v)#$!
zv^l{|!KV(}?*?=Qc+Pj_9~W0x9)Ri_fiphD3##G&^~zFJ5c&hI62Sl*t~8CN^lHSB
zh?YytgE?S9W{EJ1FN*a+3R@7wI6}rS+AYe!MqYD4m%|v-%rvteOFUI5HC0heM{c<p
zBioUnWvsGJS}!v4@Uf+GJ=0-NPe+<lpqFzoqNZ@UlE!5hrHxO%aQYFA*R`?7aW9c3
zE{#7qRZ}kdb>T$@-;@!|bnUw;Aa@|UVry=OD0*>h8}#3b@BeeY80Y_8e4E<*??K{!
zOdWJv$#=m1ZS>s#ojRcV?+s<_j18>;|7k$CTFu4@MHSW8wsEY)5Xszv5HbLbQFeij
zf~X|e$coxX3wlWCe^K_%VX{9-_Hf&_`}S?ywr$(C-M4Mswr$(CZQJg?ZT$MXvopIp
z^X$Cu)>HLgX4dnG%FKupaZVJ-VEO@zmADIIJ2q9Oeab2C45qHh!mTyR#}15-I48sY
zu+NPsdsch9xd1i^xgkTV=i|mP*Hg#VWA?AFSL`108;n;wj^GbB?ZH$G0XE!0>^pZA
z8rz}Rp%Sej1GbQR`pA9%@aDXfQ2zb`r7r41@>Z$wLtIpJ<&N?_BtfGII@l*JK{EQ5
zo*XF+(B2wS!xV!ijVZ`Ctm#Ct`S{wqj)op<!7gx#!A?Uqn9&KO?%`x-(Um8OzQyDW
zsE>`fE;SeDX_*OCO4M-|QB04BzCTVw;bapK!@I%;X%Y=PDfyM+<4%KhoM+bO#5QPu
z+?QD<_D*(OQ2VPS`h$1Puoc2zt6FFSEcu<ik7=AwjF^UT_3s!4y$z2;Hmnr1r>Mg^
z)?ZPA)`cl#Y@xaO=e`_lLT+7XHC$5Lt7<U!c=)n%!56b1U5x3+SPBnXVoKUX#Ixyf
zLfERHhRfF6=^Hc9QI~6^fJ7aX>wl!*$RT&ZW!yYM6ed-?7f^cc8m*HstF#>0FokGT
zHJe&(<!62q4drZ45yi`M@xhsJ`2BZ#mSCimq7?Xt@UZalmv8VGuuSO6_v(V#wSJE)
zquygx?Ruj^V^!^oWSV$pVf>ICw|E9%W!~ru!QzRlZoZ}O=X=|rC*r_W4er#mlnFad
z45x#J=?{}R!xy4m-)i(i?f(=S7h$(t70y(3`;4B^)}g{=7j@OLL2J>Dh2pkN98WrB
zKTCF-pZy$aoYN8xey`u6;<QMlyp(YVoBExpPIr-y!^I8=6LOwv!;KG~-6X0gY4yh=
z^Q2^9V0js;Whefna#6|aT1}VI7P1(ybe@TjC`zPLwT<_9lXzj|_n;n8*3I>4@=u+D
z?mX|<Y`T;Tbq)BrbQxKa#!==PUhxxwjHS?Gt{}l!!DGN1F1Y#nbd!&u9yb`MT|YC2
z&{}6F?lps7v-Q_c^lagVS-|oRCcclv^OAt`O!PrOMM}^`>v;3@`1MiZ62s!(^a$Op
zsZ@)@O;T%i*_}jR#$CrcnB4q^=CQdk!@xRAIgdVOq2QBaNam8$n;S3}(vW3DX-fFn
zOf6AYjW9~=k%2@kgHtiCIzMQ8^9D*>8Ed{@Fx2byp0Lw}%8;vqkM_D{`n2K$9kf+N
z7AN8%_&=peZV2zpfGD3)I{B6Ai2$>Ihh)bO>&oHi#%=5BL+C0JclTm?Nq!-Ei>hqz
zBl-Mzj~Uq`wR?|je+FgoA@14^yJh9-!PjxIk$+G(z!E~DFz2@-kDEdqrxPKIPl%Y@
zsI)n<VIIj$FftZ+@aCIziL-D3@qfp>!MathCaL}a|NDjXw|m7&T{CR@J1_Ycqv_ui
zkpH@n{^MRT_t5`K1Mn>da58rLJN;ilU3Q%h;d7}~%mSh%p-3x;C&-tsgTM4uPKieN
zhke1BW@b$g>`+x4tiXrzk6D#7!C!p8lonGPjcEb~0!&>^x(!`Aetms>0_!2#N{kpb
zgyIabMJChvjRNVQ(-FtoKKcvlLPajEZ>1hTHr#D$uflp}CcW!TsX!ctP{+tm!76Po
zJU?VYCHT<BmQFE&)RpfN@Q*vAj$Ce;E4n;(nh2SQ^q-SW?Hj1zmsj=pBl5Vm*Et?Z
zUN*IFpUii?{ZSH?IcqOg#;6GPOFB-o+C1y0-nNbBOm_?HJr)#I*rtJwR5is*m-<ci
z$BnJOIcL;O!ZWz82t!f4b(|~SiYvf6-<JnlH~}i9iQYdM=w22(vM1-X_sO5owRkm&
znnD?`4Y24`_~0~E&2A;#1#W#lEnp{!>{0RYH-i6?!zH?q^t<mMfunf|aBxy#i;#UP
z$d-aNsBzf}B5VLgULtX(+8rZ3W7q+e<W!+pmEy*aQRy;k%+b<NG|9VY&KRo}*YOpu
z7;6{uX0^*TlSk4za+x<2c(Gjmw(Q7xu>q-!jFqrYW}Si8s!?;DMoKmGFrzJ$?u`_F
znpD7#WfX@anirx(E&3AGFTlTVkpGj%a<u<1Rm$IX7F2_R&gHkK68+v?r2o6e`fH+s
zv7@uqe{Lr2XlYp>dW7I@emzu_S)u(!Y%MD;&wznI5GH+FkFpu7w$rAT%e}j0u4mwP
z`JvSqx0=xh_6f%8iKppfbYD*`A+{Jg5}`0C%cosP*7(zNhD1;D@SLbnZM+2+VpsS;
zdCEyR=yqk|-Ly>=mN}BW7i#77nKVb!@Clw#Df_cUT?^_Vf@Kzc`xT)nZGGTfGX`x0
znnv9-sr$86ed6&WDw|FOuv*HyD31k^+Y61CzQA^hBs<Mq6rDrQe1EZzXiALT?I<&$
zzUQw}Z=l?Ovp;PeAlkmGg54&8`)Q;Y3pjfT(tVg;xRE~pF!kRoR)TLUW&{cVAoWe=
zp#1-1F>z}<tN$#Ks90Me8{>R&FI!gAHp8;Osp^rD&DltxI`0LOIe|uKlAhy40^Tp-
z?GH7oUR7y=Ly+9@=aZbVBJW%NOuGR@hb#r@1BVUE{xCAw1LuA1jUge~`D%5sUPfg;
z-Ms(xS>63Ley{bb?d^jaKz7dn!CFj$4I|Lk2mt$r;TLQOoxc)9zMF6#!4&3xI+JP4
z{be~42@wulPYfY{gJGOx^xd)&1XOg89S$jx)cqf3$g)68851HSVlyNehG!~AeIaVP
z3d}6U<3+XE*{GEo8_ob2{<up`siS(0FoFd7C<B^o1;@0>8D?d9)`fQ~s!KHwpClNd
zHtvdJC(&_+n*0N==B(vRZkSy$;Y}XHfgz@LGdA-{OevClWEg{u2@4q9eh(c<R7b`%
z=Bg=-fm0k7#xnX`4UTQqRH<Up(Va}ysJwEeVR{b6Vq-SDQvXIwQ)#@Ck<E_8;Ewqs
z;gv9Hjyy*RQt)+cdvX)YrH)+oTK0Cn7(=FlxCvAk1_UYv-DL_{u<px}Bt{b&gr*FQ
zpZ-q5<5TjvERA%SvpCLT&Poihhm*7Mw})P9P)Vt?R+{4~ULeSYkt%jhjJA>~#Mkv{
ziocyi^Aw-ND?7`S&M!UYtkub?Fl{f|74F;W?sLP(Thu2wVY0*$G#1p;gS{gN$Hn7A
z!3a}WB2+}ytM8Ls7RFlw+LLY}WaQ7!cAhkn+D1YYMBrJ*-4N1=PZ*BuH2et&LkO^T
zOw<_g`p_`lQy8FDXbmaxbaGY1<Mpk%=UNKQm54A+_3Uw)V8Dej?>Bq^i6J8xruH_V
z+#1)$*kYDTGoC2l+f<a3?EU(;AG?nt^~Zmm$>Xqw+6>KM;o=GMYO;TqHD~5Rf-M8~
z9|NcKkI(2U9-Q4VFj++NzIZCIuV}4tiq29RDpP29v_{R!caiQj!WNc?pNf#@N0m5!
zOOOu7BY*SPYjX!MAhE`9Ssg(a6>#UVDs(v~k+N)j{b}L(6n9>^>vGmg^Z1pYP{IqE
zDeE*WnTrd{9}}A?-IeOq@mhnpaS=x8H*-xxg)}Cl8V=1-tv@P61iSsZNPt)jkcBi(
z2WCV?c0z`<Pvu%DGr=^x^_Y&<&A!O!`;8EPUUhDr>vgjJkkSb`#v0%_y`=0Pruz{*
z$UqeAV_Ut~3HikgGT@WFr`VxuV0i5cLB>OmjfSd=$q#rc$>Z{}b&Xe5dkS4aKuQqY
zPxB<Zr}Buudx^KJSfT92olUSnsT1J!ZCmekUnk(pc*&ENXl7uaTHYKGw}M_CV!0s=
zKwy4{*-`E16+SvDa=>srsgMsEl(h>O@bQy7xe0*5cfS>b72P2Yz>u)V;6kX&pAKEl
z&<&Ye=p|Ns{$q9cxNP5KB86SJyqK<9S;8Rh_kF2zkhzp0Hkmn#9SA9@yuf@nWJNdV
z;Tt%a9l^P05KONqs-&D<F!Sv`@(sUe-Ow*=nSJ=W&xot~?$fn4Nu8f4A4rY&>V1g9
zw2hWX+R7GT1>SBj{9e)MS~|W4CvG^LKjaJcLw6xxE%`1BzA!ielRd)i7?VAMsX&s?
zNXG=-KP2p3<g2`&F{cryB_XzkeX*@$nS|>$q^Iu_SoeViSD~w#@pNW5Z|cf3ZZ-lH
zhCBe9Zvj54mc~|P^nD#cuDSfY`=w>8*h&P962>BwkM|2EjWyjvu6m|z^3&g*Jh*uC
zG)qKIjy8%Qt`!2GM()935u28NUJQ0w1Y%Tb9UU4fxb8Wo;<I9SS`OL6C`TbH?^jt|
z^`XinAeywy1s+rOIi@mv7WEpdP8$0MTQcLlNFZkwCb_}2XwZKA6Y~!5{q0xYw`=47
z4xIiCAp0-(_CEkwRNS^CHb25}x8sZbXzCDC)X+lHnIOTaAbc*h(jdA#c1sfzIbd(H
zWZOxQ<W<Ld!At!`yj(AD53fYVW=2VD9yDkD+h*$Y1(m1w{WVk%$r81ZJmc+}zn?O)
ztyBl|ZFKDBtw`1ealu&>4M8XRJ6fRdFm~AWzP_wb_eR#V#46-#)wVOC>?JZiwQOg~
zj1$<^K;~L)C`niB;}1A@iS6iVuXgIaT3XJ1I+&lW(j%jKB#2!L&U^iI1kKp8^B9Jq
z<hdT%+b^dVvfpG+9Xf?!#O-nhc-fUS&89ycZAUYiO#!@8#b~`}Ap0e>a9kfkF&ZB^
zW}qn}h+DkkHn4)apw);;M~^}!yidO&iKA{dXTv`7SrNRGEbh~7nA=wPf_X!*$Ya~+
z*14{&9tU{lI{-cog8(C}RU(|JYN#iGR=V}FMG+&!9nzHpyl;_)<mc&VVmVw-w1zb^
z(q+tqX`sA}4v`gkEYBFSQQeYm6o%2|hspzW#h-^KWH;|sQNPxIy?|HXFx;0PRoA-=
zv*O(>T7;FCH<h<-Cu;sZ3i_LC-gzV-i2ruU9p9gSQ#AYQ*H)C55_U5-bp9(${s)CY
zJBl05pARMQm>_)3EZ0>InssSO<9A8#3h!<ZpUR9eLB?bsup1fSI>YEYlkU-*=P!T@
zI!FW%3}llGqFG|D`rQyU`oKeqiB|o>R<Xs?EJ>@Ub8LOA#Ky406mtS9j-wd~t@R43
zstg-kft3~uW#Xb)17#g<PR+`)WEF0Iy6f#o2oQLg17xt9&Au8*`22q(eEv6y2`4L;
ze=5|^W1=fpe_I9Y`z-t$X7hhcG<L8yclu^Ff1Ab1+`v&uO64ES=E%;!C?0{P9}yz_
zl9JGtvf2D7Ai}+Rzr>SL>~s#UV0hAl;CBSW(5<XD^j$Dro^`H=k$Zpw0Qh}l5%9*-
z#oaO~Nh0B`Xj&aJL>Ls^t@1C;RYoL`f+;gg=8iblYdMq6eR=eCzOMS}N>MoFSIV0e
z`${F=`J~Z75Wui2SE&*klBo5S1OwwZkl$K%1`tiY?CEb8z`Eui{AH;dKCE;1U8gx8
zaLeXP-u@|W<1T#%>-fF~=pephxBoqE``=6;_fKXK)3-6QGIsb|VE3&Oaa<Qd`Bdo=
zvq!Pe${30jAO|#PZ@eG^v6CQ>P9y1U5y#Cys<Je-M=@egTuPm|StET0Ziwl42ug<Q
zB!Wry!^8;22hB*FR|w|}z`%2Q<TRc3X+N$j-}d=B@&q9EO5lTv2PP^)Vhc}(ks`fe
z(4oI6^Sk?DVkZ)|43nY!_^q<eeOLvV(w7N);m;WM7eIHSI#V+U9j9K$r({5(T=z=8
zR`0rT!6m4){uRP=sy4UUs1mr`REUyp*>Si6`>RqRJGar)YB|XilVrG`W@-sD&oNWF
z*RH^zJ#WpLHL!UI8%|vzQ6`?#`D#^ymq}!iA2XVJqG@DPTGS2ZJ4+5_JGI+IJ7Q0N
z@Ouc4U&=nM>mZBkI<(1-xZi?SV|>?Uyi9!BMU(MsZ0=TLNoT#*i({#R$S|KWXnQ<p
ze4YQ`OKlKg{ZJ;EBvl$eQOc2=Ytmj^i=daSe<Z)fnTpYuKd?$}<ss3Zt)Vjyi8wgy
z1_UNdqxhV8(7%#`XKuJWM@$-KKP8MbR^>z*EMR0@r<l-LNvb1=qW>f*fzx<g;S;p`
z94#%gsZmR_R>e)yS#kO;FATLJttAkvk@0Z)&p64_4NE_tETIXq^MX@FdP}6Ml+}(l
z?scjgzA`fYj$m-mSMfZC43F9%_3j14bo0^RaL4(`o6KO1yK!h_`5F=a6*ZK))~Q3t
z8u^Ewtge++L{Y}54IRwWHKl~C<Vd)krUPY8aTC)>od)b08+TX2<??9Q&d-<gCXK`^
z$Eby*@ZzoWXMq+ubKos2sBL^o)Kb{v{%#3xc<&MRTsG4$N>kOfXl3L$h>%Z{9N%<Y
zRR_(@Gfz)xG*XNrf$PTKn>~=P+&G2XppqnuummW6MKmy-K!gR-zl&y5Mh<NS$2Wx!
zNX)Sqi1rVFy@E)^(*R|@_1u*!H!$?zFjTTzV5>a5nc-Xf7aYO&rEGqdbh3pHJxHCH
zsnLaosV9Ii!L+j@Li4r2FlJ=KjJHaAaA4KDKm?3x=-qw}(}tm350P2zpw{>?o9SFz
z^D#ybz(mYiA*C?0-dtTi%tJQsw}ZL_Qih=i%T5>T7=t`_Y(LhU)rMRj=-&BMpG6yP
zkehB9c?M})BzUrSmwy~cqAW3$xuKDgqbA!!O(V{cKgiMrA0sOA<C6&GqMIdwo(KzQ
z_zpn|10@K<%@UFQDTY_%mF2OZ$r|4VJ<onb=8k!5ACS-aSqGp_1~y0uN=a&$F@%zf
z@-ZW7J~1C!a7+3>UC3Q2zn0TCn<)$7-)36=ms{d*w?U@rn=Z~G>erTWvU(B$kOk7+
zjC27QTAu(CuQh>)I6%N15(4njUJVSLy^CpPDsk-Eg6P^>Lt|sn;)C{E4gC6$N{?7$
z_4e!VgRI#bcRe%}2*g83>r;m3^hcKCH2YH)=hy4BXf}XZFYmY=QZ$pgxlZUV$_5!8
z;!s3iG7tJ-#Y1vlO1uxx&{3V34}S?dvlo4^gjU$Dq?>qJa-lnMu&O<CFzr4iRu@)3
zPp`N1YqhXFb$GStE$nU=`Q$m!12yb+^e%+X@{I@#yx3PJ1`qK^Iz3JRrNHv|t+tnJ
zzb4jJbS@%m!AlntFWE5sEg>v#w7o9x?2RHU@BB?P5X!@q)R5EkYVdJtR$mw3ytHPQ
ztqdIYd=v9-CM!dH)9IMhv7YVIjh*T6v)!8^_oivc5cnGSx+iLxCk<A;$Q%p9{3yY8
zBg4Ek6zXwC<S{npuYnpzl0RHLOmsXe+q_(#3wo@@s;ga(TQWg+%Acb=L1PzSlqgqY
zl%p?6nK%sI7G#+WRO=Z^a)waE?8|#I=9GpnrXx#>F=T<$?D0iZjSMEbG~D`a{X>D)
z;e#?`HKH)fNL_RokET=<7H}w&#N6|ljncgCv*UO7mj$-dB&;5$EvA7<fx_kfM`=yw
zZh_%bSWV34&qSu@HcwM%gy+t$Lk;Z5q~I&g7+td}UlU6LgznBs@u$q(-vCr%l5F9T
z?aIl4#+sCyCWGGkby3nKMNwqx5&AdkEIHz2euUkU9XBG5MK>KnthUIQ>xMhxBn8fv
zOacReqs(p($704+hGeQbeXaH6@F2v?;Y1p_CC4#XI=PO6?Us2`{KXY59_?h?QG#&L
zF4a@zO%I$_soY`O&;f@wPI-AZ^)L$Z&xr*C^gE2bfI%ewli<wb$w+7Rl@^}#D~C)c
zAAwx&_?c^#a19Pwih)R_a3^a?$9e(LO`G}#pL#*8G)o;|9)h0BFIv0b^C|$cEZK5w
zjg~#Nuk^JQL41NTQ_`v0NjTFV=_4$V4bd(ci?<MXi}rAp92_&H`}JnZY)t!at4l@-
z18E&vMdXJC@g3&=N;CEvMtxQL&m4GY91{B)_wShe9s;o*1ur;R$|q}^G8WA(l7oHO
zmd`=ax_hb|TZ7fk?_k}FH=MZFyH8l3Ir}j!qm-_OBU49Io(eRElkf=p99zTLCzWov
zw2iMV`s-7~v{yzKFD<-=L#WX*><mMVx9>=_SDd$yj5dY!(US8Tz>&P?&j8RIB(ZtL
z%^a;z((RnhP_DKP7VZm63P&BglXTWjR0iVxAsjZlglN7|oT??OcL!m-$<FVf_~*|c
z&{&^k`?k;R0tUyT(sZA-ZQYq7YPt53s0nAaBwGEMv}BGL%}3fM2=IQb=fDk;FKbCG
z<Vm8}USIW6rW2Bz{Mxd&VmxXs^w(<46kPMV_N@a9TC5}#&Uuv*lpEdO&77h)Zf#Uo
z7_DD7Q>~^<lTt*|ip>snlBu-Pe{A$xH;@bY(+ABvr_*eUn<q*qVXaoA?lK-en;h;m
z<@O=kuK(EPwV#!GSsxSiHa)D^P;5SR)<ta@x@#3Aw0>oBGh94pu0yJF2KJJ+&lK|X
z^n?<mT1>Z2$SO&p@6Z`$4hT30jbYk)Fvc9B#n32r6H`jUh>yp<Q9*G$ti|Q7JQIDk
z;~6Do&&ky|1JdoZJ`f0v<<%Y-fA1Ie!hB&A_G0HvO7%6Fg!E9sc{EPYU)5h1rWv&7
zsj?@k4YbSSsPml@YHac~%WJa&tQB&80dksB?!f2c8hYfR0M8OhxuN%0K{BIlvxh)O
z7$%!?RGAKNc(~QuL@tMtMMX&>SpX8SETMnYyA0o1{TVn1<R3Su!e?ek>uAhmIqfn3
zm=k#E$TZ29fNB6+QUTxu(s?otTw0zGU#TU_M3Y0rU(#+i$3P*9YyqiUxeG79iB%dF
zh;HvHZG`yLkhGM5r#sNejI)~l3~&a9CqZSneS-9;x=gjl2i$!YV1*ULMl`9<f&xpu
z*Co8s9r!HmT+f_=5SrhIdb0NOl|Q%D`9~BL^;8d}$FA-HZQ{)w^cU8z%D`lv>wtQg
z&<P<n9Y6FMd>%ML(HC_hJ4kr_tW>AedezWZB&`mq2Gx;HiG=c&p=|Ekbriw6Y=X;S
zfDb1OK{uoTA?X=cL5w1A8se-z2-9kigo1%a-!{H*AL?hVlGz`uL2*<tpbHpT`W*sy
zdgOtR(sy-t^W$tH#Y=yP(ByS-TZ4o`jq7q<F{ARMB-yrx$(T0zl!4z4sF^};9@@V?
zT>B>%h1d{Uu3<@foj+5$20Ogczp`M^zi5md!#dLZ{p5*m-Ax#2^(3Of!G^?nhnbLo
zUlzzPRz?F6_sje6^NkyfQll)?`oeOV7YloNwjmcTCZVfebD`q*LdM9XURmK&sR|qe
z)fMUxiyFy-2vg87XtMkoNB3r?&~yjx%fU;DYGfsGa5Q~AZ08SOsLfsu0gV|4pQ8=K
z!@PoZKxnfOygeD@<VHUkAwK>|$XQ;7r%~}8<3Id+Ao!OTS2T1mw{sG4FgE^gKqo4a
z{~PGQ2>)u(s01BEZm}bv!SMjA{Xs@Uab*eHXq=LiTI<Gwj@Kg?rl{4*xJ&AFcmEgE
z;R~DzxhDJpBJMnoIUHov$296BzploJ?^>*!%0jN+A)i_ym3zm%Zs~kW|C4HcT^nO5
z%7{`zkyD+#!fF8C2oI4DqFJI=XM6#JB~bj0#;DA}o-H{;y>CzVr%Cj3Z*yDKZbnGf
zI^L@dTqaO*?vgavKk44lcsqg!zxzZL!F<bD|2@k2pHD9B{vXvM8>jyPY%*2U?U0=@
zzO3U+n)UsV%m8ySD1(@C3#fAhG(n)mYBQ)0k@V9)*J-R+^<5RuVf{(*$a3buO`I^w
zq8ZqLsYCjoE8yX>_Sv)c{f3|S2w%O|naB(221C5QuD`UuuD3c|PcPg74&B&&4Jsyy
z<?wr$nCP0K`3VF5z_5VSAf}^O!R^pk?T&9kHQlvJ`wf{QV~54?F@gl3fmTwj7x5iC
zwnySZMFI@va|0kl4#h#a+?kWtpt3<JKyjdK^f$<`cvMHe8Ew!KRI3lbPR`+Q>n{;0
z6cO^5CDM&WYkJJl2gZ{`qh*RquDGaJMIKUNO5Jl>w{bU02^840FXcK9S?N2+{$6q6
z{NCcB>>{ESTaBFyNO`$cwQ&t)PKvHal4P*(x|Id;{?#P2R3ptCn<$ium(qO}Gifk+
zAm>Q-lV%H4nb+odF`4<HsvDZ|bh!E)<4pCd2uUD~OH4t^hGtFFVtEcLI#Re+5qa{~
zqWKFLdD?aoOAmu6j7;^+D%Wals~YT75`7j?&P~|#>0Ih32({#g5bIHz%#AMkq>U|V
zrl&ZUsB1_Lurj?8NC|WfrV@+~XxdCqo8D>rav8`~k6@{hj{M6kMwC)_@qNn<W3nQg
zOaZSUT6e25KgHoSf2P)CH1^40z8g?!)wzcraA=gDI2lA87}c+bQJzTW{U)qitmfPe
zCqpmP(AY>gZa7Jr%xo7Q0!I3wzwhiccT=u?1$K5yWhh6ZKlG<W0%CzwK}CydaTBdG
zk~bc<G$kx09FxrWf**ArQANJ*N8gX|n#d3(u1M{LhliC8z<x@@=5Wy((Lo)P7$X;x
zP-U*M0ePv3Z`S2-jpX2^+K+vERM{PIR9Ss|P*ttUJ##KWOlp-|Dnd{}((FAooo<eV
z0)wDECdf3KHG;=acFZ?rt{86$ogP4o)foWYRF~MSRK&c3Kn5KN48$=H(p);DuuO7&
z&cf&|8Uc-8-9aUj3JC({B;9smgAs1xeH&lg4M^c&kIw0IaeZ}$5yBB7mC1<VFx@Li
z9r`wjH+ITo@ETk)ezMfGl<iZ(EnzNeJ7+U&P<S3`>F<8fX3Fy}h^|_hpWu|wy`SS1
ze#xs|<QN_Y=DiJ2#WE?CGU?dV-b^TYOpl2qyjq$J3o1}8<Fh)|^(vnT<-fTV16RGM
z5yzHNs2Y<bR>%IxX9$tFQKu3SGUW=M>U#f{f?C!J;H2Slk~(#o+;yVHIqN-NbBCCH
z^1=G}HR2b-3ZRdt19XKco-NOFf9IxJKy2<jvqhP|4%X&=l7SSK<xe^XZ9Cuz#RJ9;
z^A2;+tj&1{0xgEW5~GDxB+ry;Xb*sFhkz=iJW8V8N3{X8Ro=YU^gyZGdw!PsJN_mk
zcrGZcuy+Fw1dfol?v}`_%lg5L746|xw8e{gd|KZ}hE>4({kJw58Emw}3t{TDX;*g)
zdmD7?@31bN1LIB_e}Nk^ch5+MC272_XizucKW@mHH)w128&P^L*~zC680iu2HcBKE
zkoPTWsQNnS<wIW2p%R+(xTm#F1<JFG7=*cNoZWVJ<zx|PS^P5r?p<MBJ1cmRoRPPI
zhfg^_aQ!9_M?5<fp1RTNd}RHkZkT!*6E5o?LN0KW?{Oz`J&C7Gz3^n?phqe37Yl(R
zO13U^l}Vy0mK9(5;!I%exdUm3;&`$P_lYhK{pEqYAI4WjdZzidTtLvL_1}kf0(GP+
z?v?8Y5T#=7+_6|6^yXg8>=^K+ZgGWwq?tbD*mWigJ4WXiIH1q^D{6_87&q8RSsubH
z-RYJdPMZbIX?*r-+$Cx_h@2NSBzdK(FsU8XdD`8ZOK}rqjvRCX2Z8YB*mU!K+!6el
z7G+Y#SA68j)$$4Fyv0=6ab((owi--c;m5VvwY(T&T?w!~?SICF+x6`5$G^ey5u)|U
z3;&38y@lQyt}gh%7S|cTf5!c_EBh{ZgY@Zgj+v(s7}}2FDkmO3a>uaXa4e7A_Gbck
z(pI}|8x1+c@-jxqlfamB_}b<2Gg7$d!8IV;i`MzYr(%G@6}ZBMd08%yFSf?ub(=SR
z>d@(@?8`rS-Vbx%Er@UYO!|$V|4qXEUp(*Mk@KY^_95a|rjFO$OU6LB_|G5G_h4~W
zqAUmyb?Hkh^z^lvOe{1qzII8|V?p!ct(>C{V!pvkx#q6|x@6QrE=B!B{d9sUkZ^uY
zrv;23Gu_3yuZ8p5j--@vgxEp1Zm!whE>EkQrmorZ-Cs|K+kg+dvQRGji7G(SzUqJs
zKojIEz}mfBbq4Mla=`$m14HGAL~D9KN&CZdDE+S>JbsQ)uK4;#)<bdVLz|2GMdbM-
zp`j$ylI>?iE~9V--ZRjUtwi5L;i2RpSC6|1_R4gS?}sqZjJZhy5tZa86|M^w9kI0$
z>d!y#$!$3}k8@Y3I~LhUp3F!wcGFduN=+_l5!%X2aS-U|4`)xTi1ac$tCD$U2p;-Z
zaz@i){81Y&K1;dlNV30w%nRf;G;N4ekx6tkDa%=nw&5%t?M07vKM18=q|G(%seyUQ
z3Do1FrzT)Z$eus#Nzp$=9^9y~ku|R;VV|w_5@9T6UPm~GVm!!VaWkuPK!Hs@u{n!W
z-08L~(yC9m%g3m7_O`G}19xF-;~XPA4NaQYZWG?OpB5-P!7{PXqI`f>)qvHdIEMIj
z_LLginpOcxzMDsCWTC>se7Y8#ShxXJoF=Smk?+H*%TwI%0$+J#T?+47TZ44>=^+bt
z#a$ol==2zwW&Z|07qcWzXlZUUTNDL+YilG#M656;WhmolUWlTrTA8Hyi@7Rkaopw%
zW47kV;v+2H5?cCgn4W%r0^S`)cyAZ}nH2M7;bd0uFj5EM=f=6UoU_kp?c;Hj)ogdI
zMk4s|oy(G<UC9Vi<)+nc=LEKKlIbjqnjL7{4}Di;d2t8~mCSsV+!F@MwxoL)PaW}<
zE}d*SIiAkB$|#4`mWihd8|O87$yP+p?E7lrKD~hT_U(vRM;>ziSq98G&sPsm;)j9s
z>tT>$>6{JE<vzns=7?cSblC-(N6&~+ui2>+!eG`PXE4{ucqJ))_Y~i)(Pydok^vwA
zJ!VPwMJaqDiBaET73?8x%b&vlWOscd$0>ZmDKG99)sYm3Y0fBog0m&vUa@t<Zg$Zr
ze8OCf-X*?!z++=}E8o)iknVG%c8g{QPQr$3^>w{b+N1vJc|&TdR6eBm425SCO7HgA
zeGNg{n;fFa^_1RM)Nq+dX=L`Sb&%S!IT^=NH;!}h{@^6cot#4#p&nkWfU!LM?UvWN
zT$&j(DDk|tI4m1VPPP>b*@Y*=KYkJborY0%=}ediOjzE&SKvu%zNdqBF2$?4AZ5yA
zd1&n|<~R^(xsZ2}oceZBeIzQ9&AP38RGJ13$+;wp^0D>O7$0k^r^3~`cuJ~oIe5`&
zc$@1i6OZudh6J_;yLb-vV!lZQ@kifVhca!EpUi(_gD-W6(L@I$rsXA3<~ouTtMl}-
zNoQpJ%6>Cf-v_r~?}?Kg-}>xQO6oq}hP4~Zj}FMd?l)8@`O)qb)K#foH2t26&x?H<
zBG1qw``rtD=+=RB15rRWAr+sPZw`Rp0eUR2D3Lqx?;QpWP&jJAmx=mkwq3#oh)BXf
zQ!&_EPG^jCdx&*9KU}tOQTxbaAADIki9geQK3tHupkv|^lzlN@KSI&=R*jaW8=Qp~
zHO=66@K@-zP&ZoyWSxXrD`!sSR2%Z!AV~9PuZ*qGK1K7n@lb!FLc1Hu#p=hvKuiZ@
z9gC9%GEQtlI_(hgrs@)16MHyA1-OBV=ICS92VzdY1$2d=UW5K&nv2W}nEhku``gNN
zW19fAAQLzNUr!}#&)X|m31hq5gwG5v&SPkN51~}w!h;owO$s;hol}A10hPlvZcdsj
z)&?;wTYTIVMCZHfCmYGvJ;mA_;-1<8i{Mro++bg=T!k^_x<T%*U1vnE3knJI7mBH(
z!<3H5kZxZg)T<^{m;TcwwS%_qw@PPM*NVpSh5I#wG3(ud=4wO2COz~=hP2L!(4GK{
zUb0`wR(c{N&xVI6N3oR^(nr@oG<TDKmXpJ_hqG^!$6m4ikh-Y?rN2)S-Wc<Q0{sfd
zZV_*_d|uIfYkXm7LR#y9Pezk?F!5tnHxZ?B_`<QKncZ_&IRRbM_U~2Q8o;i(At_91
zX&XSM*@N2JW0!mmJ+~Za4*d#m?ksbQk;fyz>#dJ9?=99azt>j?8EscORL8ST=!hxn
zpv03s*($qP8@N<0zktii&yEwty)BcHGrVZ|@ntjrm0yv9J26MUq@QBH)nhMJr-FLx
zu6TOyvxd&XA@HkzDs@K{1WD6p`QVR5od%cR*AkNj`1mh?6_j518-YQ&aJ7pd_0U~e
z6>|6`vXE7ES&uPNEQ*jcMV?hT_LYpg2-rm6N%C$b=`C&Jrk=CFN)^1DN8QIAav9zq
z5*D<_4RmYbIHEgWf6qz(E4k~NTnu3AVET{p-oK9c77hN#2z@(!L$m*CCH$`gznhT$
z_km7-EBF1kl@q^P*L;up$Lp`I#eaSGf3E!Z364(Rr7(R5qkqi&TQN2}BK2qLcQYk|
zZ?4o|Lh^q%Q^nZfzgn(EDQe5k>!J8;SyvRQ^!5S(A`bEc=KAZBg+hepD2AQn-S%~?
zZ$-vcX|F{OWbb6(EMe0wMAZJL3V2;Pb=_cP@RWV}J|nC8>bTmL7l3M~Hkio-RcjWZ
zzarRYLflp-h&-U2K~1ifEWmP3EBPomJUy<p(4Z8%*<RFt981Mcb+F9e6KV+~jxxy*
zv>e9XkYhM@#V*1>m(-Gd&-|Mryak=r3@L8B3DoSkQE!Cf7pAv;hsmJ6Oqtrz2mRIu
z<2KrK*L4cMLGDm(b`*H5SyexglPH8B4D&JM^yrK4Fn=U7x&h5KPX3!j{s^rWcqrY4
z#VXdbP%yX)&MCjA>KLs&$d{vN2a?yWvxF!LS*BI6G0cO;s@Ho~3N8pU2^k`UGl<1P
z5eI6$G9d_=NpUSp^AD84cpUaDp^1)5u^~VJOh9F3l`3^R85b@x#=JfLIgFLou(6R*
z1OIGCv^b`;xZ#g}1kd(TLu5l3xf{M=G`usm7<$lk4wsuyn@7`q$0%evsf-;en9ku#
z?s0sG);6MQr9efa6h;oMT-flVT;ND7&aeE%9&5fYrA^OcaDlC%N`*@&!fl61ZG~@H
zYll>;H?AI7;ZMT!Au(4A=8%Yo*<ylU6e%6xs|4Xv9&<Fa%#I+BK^YiRzomoq!1|5;
z1OpIa6q+_~xFl$aaCse$Ux#+`2y{dX!D^QhrE(--EhxF3SPWm0JDkt(>Jg2JXTsTM
z-e6666+GYpjeJPann+JlDV#!M#7NM}=OZn4<uymwGZ#dsCx5x<MLj&FgUy(MC-(u8
ze8SNoG33y^YK&XQ$94^fvEe`(hRIU5sTQPLEju@!ft(htIp3;e%5v<3v^^OW_y0Ea
z`3JS+Uysty|BwCsO~Q51|Ht|G*ZF@n1O9jC<8SjF?ev|@{;|s6P8r4P_%!i%uICy9
z0D$NJunNDTpt!iMpqajdqLYKMzV+YY??P2eyM#qdADPFrNu;=*U?S*negiduIWiF<
zKtBW~VgwK&WVw6eZesP7i>h{Pnxs6mGPLT&vO*2Wk|=bm+!P_<+}Hk6Tu<jB#!Qzr
znPOg!O5U~9&)Ulbp6i#cO|2C@OH<Qn_HFiSciL%B_T%@HZQE?%nNU|~#6ErVE{e$y
z9xh*S;|FH*XtDcPCV0=AQ1F;nxzJ&+n_c_V_qLcxWCoA95ZfJc^Q^}mO#HDMX?0GD
z$>zWvb@QzFqxCs1+DUqK+_<9__=rke(gOG10Cew^nB;?f&N&#*n>u*aJydv|Ke-}i
zmN#ikq}*<s0oN4IbC`t4u+<Tm-cV(l`XZJ;r&`@i(h;#E+01BAxH<zk=V#jqiOf~W
zm>w}^Q)aREn`z@$aKoy@9)$OyY~qNK%_Dfwq8vN*+O2j>*$}aD5YjGs%n_gCOGmPn
zd<Yk_Y&N-0>kTsn<e9Q?Cagvaeh&Exh!4|*+k}!}v53Mj##uB8T}2iM$(0M-`qtVS
z8tIBKhNeSRnR!j_$ds)%(V7oPN5AY=T<SDLX<POc05Niw3=j4CZHZZw8!M`d{<Ios
z!YnQET92p5N2oa%j&#%QU;0!ssHT#KG%ezlC{K1JQt*ZqnS*!|#bOZArCLk3L7<W*
zG-i>jOqh+8!AkuMUewfBU%y77rk)?^Z)P<nQY}Ub$aB%>s$;cGnZ{Z-Q^!|_={(P?
zO)*Z$SFuv~oslF|+F5U{%N92wglsP%Cm$8S&F}5KX018s=fMl8r2n~^yb;F~B_)(&
zKKWYSq)g;iT1}p&INl{j(mr<S)L?5J_zCSu8g*mW+CP_;-_(*?_(wf^NrRrZ0dH0L
zmrI|9>l4=QW`OwbZJN8yAprV3#trIOH>P@p+zuBDwT5O(g_zVP;Nn;vF=Hx-hzGWa
zoN516s4G4^8I7YOF-~K0kYUKRVPHl|+E`clT#GhstZ8h*)JMSlm_5^FnluExg7BfY
zmd;od%@SiL{QcA)VmX`!Yo?_Ti4IlLq1u4`8_X$qAv6)B&1z<JPF7;<dlbn`C=bsx
zpRUMhEeA3`n^-6i59{gbc$<j86n7!^rG=!Uwmsz6V`y_`V-j0>V=QM*dY|6eg64gw
z5>G8>4~CuRDg^TTD!5Vyv~aSmB@2<rdAnj7@V(jghZp;dVKqL?dZFOAZVW;4eIoT0
zlhzMHldaR==@4%XIh$T;r7)Nb!|<2K%~~T>#!D1W+GeOZUq3?gb#obFhAUDK%2*4<
zA<X?-85T|Jo|F1AO7AVf^64jctTX=X<I;g9dvAr)i(8pqSBbGPs>gqvN(uek7AuVW
z*cEc<7AR>lJj*(I<Wl6&A`)j6nlr~u^;?SoRtya%ErvFfF9SBLbm3e~4BvqoMlyFO
z8Oa9bprba(Tpu+OI@^x(x}!;}yEO`TV}!H}H+2jR`ALVISkjM_rTyoff)7|TxERM2
zNxZFF<Vj*rah^`d`B&y9ZT)d|v!_VpRr+O?eTk<?$Cc`;Q@OKl?|#Ov#HS_uDh%r{
zIqzK79Er{o_u)nY)(2}Gd>U7<m_3+o=x5gjb|YbtqjbBmihLT@{vqOeXTr1<>UhZ_
z8#~S<tp@$kP?E<Hqe90sIQV0lHHA|g0`HQD?AFGtE5sI&9bAzwrdJ(-ddX8d^_2dJ
zQF6^I4rpD~LQ523!<%e$q^NZWSLg`D2?%zP9X9Eea^-rB(R5Y7wUcP>l;I{wVJBO5
zZB6N?#TjR6r!AAV3zaqt-zpBFGjMyt=v|V?yiD^pJp6p%Zlly^kn|f?D-}E|d7q6u
zG`)0<z;z|YtDJ&M3sf6bY`qei2MS>Q#`r~3+`_8BbW6sOKO`+g5F<|!uO^G4S4aiI
z7U0GkeA?rSlPi4OxC`B|*z67rv1)lOLwpLNBm6eT-NmgspQbRoIZg&22r5uIAP2%q
zfdX)QN5oG4F#M_Xk(CS{aK!tT{c5NVk-2Ud<5o1$=<*qZ4j79Jgp?$$S$y&%rC||u
zT&t4}nb(b&Zj<r}PK_uqxl$^k@*Zf$+J-5Gn}@J->Ra>J4X&9*CC3<pR{F!ZX|&##
zC7iNKSHtaWqUY4`R|2T(J|1@H+!*`PtW!p^beZu|o9!o~DE5;G_52%Bzpi_9(DuA>
zE{FNO!ZxmmX+mzW;Pzo?FRtgNkL^H?ZxMI~`kx{3a+C1~ZEsT^*Sz+;@Kj@$O)U5Z
ztgB(^XPfB;QJe0@N4sDOTR_*T;O(3E=BMFMXJTi_fT-2W{Yjnu5G==9kln(!ywczU
zOrO1#B&nMp*Xj;t?I>;1iOQv>D9S5Juv>Lcm>Ujd1T<yj9i#Ik=JcW`R01;|oY|8p
zf(Zum@5s=`ER1UgNJAM{kLVhUX25h40X8Ro5qvQ^t%BS(9UbUWb5e%Xt{m0$%=Mz+
z8Y%q*l-Jo~Hw)M3=ZGXaBrc}pxZFsNxtp42S8Ia=xZ#?_`&mNz{09ha&brYpjM*!t
z@zr=~S2dNQy0)!L<~Sp7e0pZkb_W3Ykw*stZlAjC)*5G6{puZ1W}lnm^#k%IYntST
zC|XCMgJ=!za}umYLYp#o%=us%MQwQ*3i^fKvhs{MTyM2vn7fjda05-aBs`D3Ltin`
zpnV!=@D2zZkp(2^Fx_{zAf^8CM_{)b!LkPe_>`EGH(ryD50uVl_Wc)h<cZKVlZQAT
zi-ZJ*Pupf#jWHc@CS(3;{N$4*%I+nt546O|KX9;e<X02p!<os`__V#nAzll=N~g2$
zZpedvCky&W^Nfz?x@zF!pxZxN>cH)qJGZ3tZ{IuYL@gZE#G{J5tK}0)K^Z1Sr{(b6
z7RZ=RYtpn1#SfI>X2%`#x=lWlA|L1?=jD;0Z!jnPaF!SyTuOQ|y*k7U#El$sSIE^;
zfF2_bp>$HNfda>_W>U@_B&@h`G<MEPT+j7If%IMg%eZbi2sOQqzu!3H-cPII58J3A
zyO&t{t$|{QXmabX(mTG&b*3^|=8&jRq6q4R%2p%QI#afxRz0moJG~%ay{aI2oMFs~
z@kYs1#p#B{WYO-b$0`cP9d3WH-~zwmvMmAUuOV-CyWw6)Oof~rRep*LR))dDtQY~U
zUchcI{I_=#8!<eX<_JES5DGJ`NR;>&pb5wW?$ri;+k3r!gUqRfeTcW-y)Ln-L~nsz
zOBw+fGc*lzIvR*v+0o6NTo`c~)N<Jmm6BF7#pGN??Wu?{FCD3>6o9hS`nd^p^P>tT
z$DA~Fx&3*6j_~nfe+|LJs#lzxJ8xs?(`J5Z=*+?QszJjR0}gPSqElyNDa!Ftiu{U#
zB;}-d<s`;RD}jy;X6p_mS=42*`Kqj?h6CcgLq@4_;C*K%>(wt~4KIy(ky^d77PPdc
zy<aSq39K~@)Cb~O;sVAiA%**FG@KEX?RB(47Y(NunEic<rt<xid&-Jr6{LX6qVnn5
zbDV!jWTFjbOEb;}4d`jtge{mYl+FY9EDyqMgOdd%d*i9*{N-F{Ji>pQ-mu*-@?-`m
zRZJlsI1aR7jTb<Tg`YA>SFQAK)KhWl*X}uOwwNftUM|BGYs45V`hk`qm%Gn)OIuHB
zGap{XgSMt8tB`NVY>7XfnfmPsyTn(%aJ=o1Lz0(bNk{~zDY^Us>@^LQbe{jcP9HxV
zVb3IC#U9>V)PDJ7PT=~ir+%WwepMfyk$u3huzz9x6HhrlD<osVQd&kdeth=8g~=U9
zT1Qk-zX#PWtA~Xh?|3xYNHxA)rwfi#$)!(`H?WWa-42`+ILHA5oa+yFo9lAAw2mbc
ztK7;w<_!xfo=fR2bhTPW^ZFYc<s$p<3E`jWwq1b-uZCoqHQvvCqUyxKv>oVmLw^*y
ztfkfZhIco^Bm_`NIymL?Ue&Gg)k+M^<RQ`4h-9mo7%ULL7x1{M9{1E6;fEJ|GUQzM
ziJbvR7x^PgJ#V_&;PFcZpCdRTWfwmrO2HEpapf5o1<NG3E3}i0T$CBP9#5Ex0vv3I
ze{3@$5ixM&FwPc^-5O_xQ9oyP?t{IHbgO7_Mf@6cl_M0ajk?b8WV^fJex=tHj_Po(
z8lHA@w>coMyg{`-&HV!SdvfA$0OTgN!3+@|03ZqPTSWGM1|Z6UwnoOnih}=wL@L!h
zy)+lSzwk~a>Wo&CGDo5b)7x@EMC~uY{3YWN>@q+yQc{jUT~=<Q3RW1J4#pVlHLwIA
z=~N`#6B+@7aUoiKB}T(96J`o#lHigm^J~D`YJGUTn&y(aM8PSue|!Hr))8+q44J!%
zalCT>+^Tleb-OOj2T0lr1lN7w-?gEg8r&9pB0lZ9==a$m%=av8mu>6*v*QCF?0us@
z5F&sRI|yFjDc2S-$4#`^&l9;vImf-X{~)jKDb*G!)lHE<{EcExvtmyPPCsRebd#^d
zPlpPypY-}dKwH`YLJr?xPqQd`egkn)_uIbKz_^Z&=Fj2Y?`ZN+^)fQJtF+mA-r(ZD
zyjOuwyWenwZu6~44HKSwOwxcZ=E^N(NZC>U-ZFWF8_Gz48r<EYZ>i^H??I-9!jl2p
z%MK@Zo3xy8t8UFtHq_;Ccc!Z4SVEOm6ZP1Kq~UD34^EyJt8=Z1(Y(6osewZoLjDLi
zojg^VxKM;>ctkJ}<XWvEHxV%`MTPqORJuqzvSD0gnCUPdYjDP`CN&T=Pp!h+AYVzN
zHgFwMfEx5Zni27ACq~S4Qk&Mg4eUC&iiXuTe2mLmI}$EfGLsPzR}-f^U1wWqCQMp0
zs8w4^i%jWUpHR{|ddv&2K`ghulp|Woj#l*Wn6o9x1L;=maiLlp5;PCW8PusxJ+WAs
z%api6!Z?@}a~*cCY-LV8v!HvM6mzX0uy*+~<O;(S%8+M5vBtNiXwuKuoqA<swzjb`
z=dh@f>vVZ^R31nw83=N;p2+Z)t}x24KbIbQIX2dB8b#guRw=H64SK%U*@@OUr6FxY
zB}&scJC|e_gQ1jxF2rB%T5S0055aft6QKquyp3{+i6aKxGr6V&r1_R_!a>4dJ%t4@
zC@lm^#7O}YTZC(Ja5mX_#OLbhKX>OcIJeqAz`yvsG*I#h0r;C4zFCu6hfO0r)MWa#
zqO?(UBCLq2{d}56?aii_eTDX*0fOD8J|>RP<!Q|AXO>Q(oDSzEnWn~rysT3XizaPi
zg2Xyl<*<6|E7h*%CsGDr+)yj|l7JRe?z>-7ho;djsOg4M3hz2K^;U%8X%bI;#L4jz
zO`6d!E>u~k+qPs<miVz}1aE%<1bm0baJ0-)j4*~JqM+&=^HL_twhAuy!8kD3F*I_~
z@1`SYpqGUqmuD4U#GcCogHv8fkr$&!2YM7p`KU-enDuF{oio*RreN(4hUgq0YJP`4
z4LeA@G(8URpIb4<xBmF}$%o1<Gcgf%`e;2$yanUOs>?+RqY3z5zStmF_Pi=kzJKPd
zW2-PN-&-(}-ELxh-jTbmhk2nNnZQ2OsKL_;+9j4Wj28k@@HJ~EW1P(%3@e?q>#!4}
zYz97BP_R)ciYU$g=ykACY`yI!f#fT3X&_^VrhL?<K?E6y%+)GIrB)%%m*4ISzw@;v
zmpo!gwlODob>h=%dcnNZf-5;5!aN$N7i7GmpH{`^FVET+BNL_bDw)033ofFpSaW(9
zeE&a>Q#<$^y*&+MB7>`F+($cVUt{I`b%j}~zPM(=fS;rxF!0)QKx6S*7Y;?%*>5J-
zFj1!CwaWrc|7gm&bR2|wmbW)UB*o+jkh270O?#&r3XVndCg?eFOL6_JiL8pv@jO%P
z_@`E>J3ev>dpxYvOx~eX;A2N2%H%+5nVfFQ%WKfra|H02?T8E8_|C4i&$+Tc$w#H#
z=NGiF+P^d}u07t~!QR%(x(Ozb36DCWg!?PsDSW0=zDj6*`d{#jHN{^_H|f@Wq+K>!
zeGNW(HZ`w)_B?hgIH|dsSW`(Sq)(0?nNsRgdS-KeWm}89PeuN=H{QUME&73MX9|=h
z<qK>}vNH|>#R&L|L@ogm#T1A*l~C>y*$!v^u08U@Bi3WduDeJ58FgyNwg#fR-=Jd<
z=&F0x*R|xuwe;=DE-P;;(GPVjKzS^LL^+U|!Z%_Or$Y5`p_de5)K(lny(YDu+6qin
zZBPtjFPXz3a5wm72GIv;Y7WSW=dz9I8|Y2ICu8S+xMes7Oe!BI;9?5H_fwZowQWFg
z##Agto%Vy)wHUny0UgIF(okW}hjiAdnM-x=I;&t6Yn3t$xpigMZ>St&aOH<i2%MRR
za^Sv_yJ^Ws<yp0!LqM%lYVY63=A5XhJvO#*4DH|u+NWfmBM^7;Q7ex>OVvDN2%x^v
zbYZl~N3$_+g#?MsslJt#qtKWlo%a8*>0y4Rgwe-nr;nE1HP;#!y2lKD>U0BMo|mza
zgS*Iw-4LSQuHf<4Tu|`xOR-UoYLRB%hie3NEpyo@ywpeC(4zhMPPv1WnU9OR#>iQt
zJ^Wi>F_`jn7cQZk`5Af$g4CQB|JUem{&szqdM|8JNd7FaWknp~LcquzG8~t<>mCe=
z7L_p-lj~7Zj%fBvN?byZS|=RG`XyQhN=SKA;*fzGt~bO50~Vnn{bM%&{E{YAk~&)3
zdS#;c@TN9HB2OA^Q{e6-H&wsrP+CD9D@S|$Op}yc`#^$g{w&Uscz8yws5x>xf`}Lc
za6Cbn7{wdierL7<VP(N14NNWRD~>>EO(n?_5yW5)=E2PGHrBOPd)#4~%zc7A2!aq0
zZ{T8AAV;eLkW}Lb8C_}-_Wp8k^B7rUoHXV&c1QGy3{EEWAIzvfiZvjs?|i(p5LCiv
zC>nRyfgG@A5uY0k%xVUcjDjfO(=F9SG|g5B^6-Y=xs>mT$#yWf+=A7zjbGiO$@e^^
zfTv~iYW|==jTaQu3P5+62mQJX8x$Cam_j<v4Zs<|>AgT?&~{3Y*FtfT`N0%^fBFA7
zd&eNnf@}-4yKLLG?dq~^+qS#9Y}@8nc6HgdZQHJTHFxH|cr(A=+=%>_C*nlp$vnCC
z-fOSbR~7I+Oxn@*OVyZsbPPV1!TPu_Xyq-$F)+d>Kv!|tk|q>CHZJ8@kDfXI6Tu)e
z7f3IUv3->1iJ0n4PvX-``KC+Gkjju*g^V?AApCD?FB<doqNc&LCUt15CI2Bbwo2W%
zWHQAplx<RsprOIT@4B&#Q~7RoB9c1-qrrxH!YnNITE+<T)hPq$HLF>);fYfPnkK?b
zix~t|EMpXesZt2{NAYa{#sZ@in%PK1SwIt5yDa_-{OJ>UW`_Xc2TJ2JCh|lE4gGHc
z>Mzud&!zb{JId^4jKob-0?!bEWBB_Jx7rwqS2nT&U>Gp)v`9Eg^k^o+aEdWn2NPfz
zvG~A#f3G^UbN5(5R*H4tWKjAH)1E7{ZkEk=VQVAdw`I(gu_BI<laR;tl}^XE#qK2H
z({_7vAl5-p{9`PkkWMrxm|1T?B<~=^l;%%Kf^~8Sxr8!E9&YV{P}CMC=J44ll|cc^
zUfpT=N6z`<kttb0LU~}10xaH_1RC7DzGwSx{zPu-Isd$lgrn@TxsJeQmA+f`Wcy1|
z2|2NvKYownbup1vPt^EBy><1K4ndJtoOnY-68b8}lc=MCfXHK#d?C!>QtXpw^3v|T
zd-9i0Q5z%Ok>K?=jmkeRp&>5vlvZ(f8X=Wtv~_VVip}M}a>|7jRrWj&%di)KV3^f#
zm7y(|8aay5c03v}hE#ZUm0{h}UJe7fz^fTzI*KRz&Q6V<<r;DL)u^wf8sk$lFf3F7
zM2(`2<!G}r#j6Wo3wd-Z&82dsYx86-ZL8&-{aIe~uB;VR^JJ}&hmTOa(t>{zFspm8
z;;IH((g!aQlp0_cmC;wgxH+F6nW(jT+|qDYy)~Z7r$S_#tNyymhEwoiTMD)bQZj!?
z+e4WKCh)*!{_a)qCE*2T?xq|dHw$E7CT%kfj7?7hTcSkZ<0TIC)3D$`?R8-m+)h{v
zu1R=J?5>v|LMo%8YOD^n)`Q)r5}`!8+o_QT&-b}5!)BD*2&|u<Na$Ve)yB{o4!3S?
z0_!ZiSSNVwv4rAv?ypIb%tFe*tQ>QBZ&nOcIwcB81eVRSyupwvq~cVx3A(kP9#)MK
z*t1AcE_;71Bx&s2WRRj<p%|O1)Pp&7D%@r|j2Y9A*7oD9*gmYSDJ%A&&kf3%h*TYF
zURHeYU@2d-_xp>RQp#<g_7_>Lv~9YqGqmL|_Yv_v$&ej9@Fy1S1>R!Lsu;&Bi<m6$
z-(+GTsXgW<FuG=cuDgxha!Vv0zX1<NpVg7eywt0O<KD#?oWH&QGX$}-;=j<?;+sQ-
zA!M?sL`A2L<WUk4EOBr}`@rJ>D&49PO%(=^T16=01|iGvN#BKd`9AwH#9OC723G>f
zqwoe{o~cvy3gIu*>Hs_g2=7S4$y_NP)Ewm)IV2~lA-8`G@<V0WaW7NUJC4)hh?g^x
zvk`uQ@iui3E%CoLj444e`Vw!ukn>Z;vwg;2*a_;?V>?vDRUKGr8gObF(T#NyXwDxM
zX!8uX8wz!<)~bt-*@OO@A&r>*&$xAu8~hQCy!CZ#(J``OPdpl4JHYj-;ZwJb=7g;g
zB5j#W7f_=vKg@7?W*^VJINESnxybD&kzG9)E&?B}5BMSi&XX%V?nwcL?m$YL4B;Zp
zuY73b=;WXl%;<$rwShGd;|!@0fn0)%U0}U1xYKsTfNMen7ujTf+cVbOt#`teFsvDK
z9oy8mt5}_yUk<Hwa%sPZN|71n0TinIy=kYcEM@p}#ClU5cZFD!P_4l1CqL};v27RO
z4F<^FA4TR&$xHRsC0gW>q!WdaTsPav#vaaIVS|Hn6f^jR!d^KK%h}1pNX?0rTY}&@
z&*UOg#C^1pT(tqWqZuhmsq-UQqGkn*qi#d{_=MW?UQxmIGY8hr+}OO6gFt2l?8i`8
z@cJ41N*+SoZ)?~a4@_%E$}6C99}re{RiGPrO}WOlcGF5*WnGuA=0<+3<xrm7YyO~7
zn?7`lH8JY3&1+AOlnZPxsSzQ@z5^BvOYmnoAS-7D<S}Mp7`!ji%UDZN#?6!l&QlTY
z<W!X9TMGSMV!t{jhTq^49^2H*HjU<a!(idSXW@XCxU^d~b_P4(;Dd3!xfRFZIicbl
zPz-t%BF%7r;<zR5$PD4U#}Jn$7HDHeORDUqRv&T;YMOjF*Ml}BWHj(A3AApJ5qisN
zMMT;z(48nAJh!`!Bt6&q><PYSe41_VN}Z~7rY6skE!}dyf=2T+)TY>Ti-9h8lb_+@
zctGCBPMqj`{f8isU@q21&v!4c_;*7q*MAdr8#>upyEvQ3e^(O!MY&VdvO-}*`K)VB
zi&nB)+H7~#@>#a6tW^<K2qc2)CD={&-<2|D9~Ye+PajGAqycTr&5iNrm*h#PS{>2^
zBIhJO@;>5D$?59!2CfM^LlmR|Z9&*I48)?7A?!YYP_t+4cKib;q+>qOt;@`!s30EP
zCSl7=H)zNZzaAzHXxI)yHl;X^9RoH4r625#dX_2+QhK`urG&@OgilhqMC|*xJRw+g
z4eQ_Y7AG-9GTFa#q)&1cD@>=kAi@7uimoWX53Ah~Eq}%zU9*TgoBhbcF`a$L!a){o
zYfElNee+L|wa6~*o$;NYlH!h)Q%SOZbibY$Wglcw#ZdLhL?hdqYDi9-USp$vDs+&8
z19LoAw#7h`wq=tpb1AWO8X9#gs&iBqs2Jo3;OK6|a7s06aZ0zuu+3ySAMV(!eC6Ge
z`K-O-21p+s*&D(Qk%yvcR>!hci<&{j`6^g^nkt`Y#4{Im2xQT8D_$X3e}ETv<v*6|
z@C)yG*?l0V<9qjW#zULO@0)L<5!&TP(bDX)nSSI95v+N1ca>{5jH_Uir!}?11$M-k
z{}w&_(A!UL-ntXNiJJlm3qI&T^ZkFT(*I1yXs`FBj()Q)guhuAzy6zz;q2^aVfc@o
z;b>xPVf5{6^{?%rto0ASjL%>+ElFzm+&{U=<?@~eA_xcw!t=`@{UAd5c5@qfI(61(
zmlb9F1LXKV)9A>Q3dlZl{rDz4^@)PHB>mP*UX#s7w->GBIbB=7f28&nKzP~{2WA+o
zhv&i?8AOW34hmzW!8sFSi^`sOxJXk8L+`ngdu%EUJ3}xNuA3ZhD{`66B={3{c8+b?
zPwcu%tP#!A(K2bruTw%w^u}9cIHno!_$*%1Fx5^VXag`%nyoe(2AJ)tDKgR9&0o@}
zxSE?<ji@?)f|;y1V<s<B%S!C2RHX!wd5kbcR2@p%Vy`o@C?vowty86#*gS;3I*DO?
z8yXRGb`-bu6zP(|0fxHRG9L>TA895I8ja-K9ClHG_h15!Fc|{NMAz1DDP)ZSyPSXB
z4XJv8%^;=AxrAq8G=k?HWT28sCD%1wBsa5b4))UN%4aK<VT4=<CfBk}NHe0uR|PS8
z<rNM?*90N%6xREI`obrkKt9^&ZmW51)3}QnWM9jwB`#x?<0Lkma7Il!Wd7<lYC04`
zVT#cU<)_`%G*1LZsE6<JB^Mkkxk4C_hJ&j|?Gi3xpnY~R!YHA;@a-Ur11L}J81100
z_@bBsrPmM|C$gL}p;!izYozMVhsYZH9>Q(=IOFJ0$TTZ|<v$ot>&xF@1u**77MZsi
z2(r%c4tUhJP&-TPg(+xm;%UCJd6xQi&M&zqAR{@$#XcflKuovAa{d_m6g}r&)g1%|
zhxi;HTsv!-f9&)NLP;LEB+le!I=jx(W>6C&F`u7ljX5^sA0WuW6n<w8r8zbv#PW#L
zM>2BGF=m8?WoF5%cMs=;i8Hy4g{acUxF!|Je2LGm3XR#e3}_Kp9OX-j8e-Bz_zWNW
zX}$lOFq@cFQ*4Pl&>tTG#@muf(G9OA5<^wiSeli&*dBI?@^>UuqO~#3Lx<9TrY)KK
zJ*$bodCD%ZKYsB17w1IYz|ra3B+|&l{vXN_|2iY8A8sfIsJ}PQmyGKP4fN3!k+cJP
z>sHP!%jfg^EyIx@Ei4&Ar)NhljhSoGG|bExbBU-_dSd)Tz17#m7bx64yAOp#DoS`8
zlV7FY;O~b%<v+nL?k25=6`OdMH|{oDovwVYI<7jVveKmVd~Y%TXx;ev;~K0-=TJ_g
zz=Xt!eET^Hq!<gwx04jaW6au@khBR>1kO;{VKEkWC#p#aDD)ISoqHy3iz_A@yQO;J
zD>2a7J&KQYK;fmZ%Tc&1_V9tq1=a9JVi$Fl+(eR0QE?EE@~d5E`X8aT=Wgfv3qk2B
zU&s5W^tpp}$=j=A;m0LcOBx2*vji@I%quEPVQJ<KF-b-1OmZdD65t_*8jm$qW=xt|
zrPx9lztV8$%!F&YDo=4}cIv~VFp-KeJEdoh9q&a~nn;RFU{17PU!sJb>^WZ?bE+|v
z@@p<mROljI+pH~8Be)i}xJi$l0Yx-DT+F*#rTLp4G6zK4q<VN>pQ!p_E-HdvF-iBG
zpe@HfCx<b*N9hAXK;C&(qgz=XFpD?!@URyzCRXhQQZUsuDj5n_g4?ShJ|;_h`qmvb
zcEDNM3ajy_PDO@ljQ!Hfsd)--N@*LV4o|U;&JH%;keH6l^B*+?jXcZtli4ztvSggt
zBai`BDoW@3hH`;~x#I@}S>}5IgSwZ{tAFd)qDE;zuo|>&Lv%+iMOLPg8XZe9g9lw!
z6qtDLg<BwLItDK{Z-+x|=eT&xlP)TL=MVxqj!#dE4(NUgUjtjCsLSh*&60MMuB3x+
z+d~Wyx#JEI9}jLIR`fg(wE%C$=+j<CZqrpHXyJ$IBfo+sYi9&144=4yklV*^?jmN!
zyLLKrO-v5G7zr(AXaKCa{#G9CUJ$k;_RyRBVP{0>sWzS_wBBJ{-AhMKft($yF1iFE
z136W?sZgPaNlWYu`U#eI1gh1bxDMb?P#=5LB@Na3ZUK_V1L!m&$ckNKx8wG3yQeg6
z^3fE?NKVG}CmIVQX~nxrs7lmjmHZ9rLfA|Y^U)g}Ma=AZo9)r?WBtM(U1@od1{6-H
zyj)RozG5(nWWp`0Dl}*D;sCHx|H>wUHX16hLvBr;^_mndte0{mlkYCtJxCkeNJDw7
zm<)IS?DHyLfIsu-ON>GGTNJ+f3g6gHe{A^<A$XD^{XsXzxeG4WofHFB6ec>wf(!Lz
zl}@>)G}9`B?$ULMII5B1YlZEiP%O0dsNhqmENG<e-_@GEE7u3z@DTp!!QpTcnoV{%
zp087r$EbB>N-ind!(0(|q_|D>h{4t{m4$1}ld9yLenI$IfFyic1jgge$;X#j%#(AM
zAo9tLaoxw#iG|*~f-w38MdBEpn?&N6oo8Uagv^uiPN~Pd{YYuc(cE#wPSwg9dtl<u
z$(RF9%4GZd^oxZvBKS1Yd)%B4biu`!{{$rc*q%{mqz2K>iL}DGy>{0<G}>fZy>5?x
zQgh4+Uy9Ywl&>oP*o}9neM1cnrC?&?o_3#jB0}Mb@Cgj_QPB}9Pl;xehUiFn=1A-4
z%(kH7vwn_ahAORzt_~K}Hp?!G|FnxpR`1u|q6W=zssM73fgIvPNgIWHhJ<NN&D9@0
z>ECxrB>?M(qgnFWLd)iI)yV2cjKp#gr{CW91%QaRGWlWzowKJ(NMYd0lDHVK!wnbJ
zflIp^IYL*cF@Q6Zf}WZPe^|6-5{n*FK#@ut=HahDesZd9b~o?CG{x6hm^4aS08$&p
zI`2=2*%U41FA!DLx7M9iBc>wM1+p6~GL_fp@Y1_=RPFOV*uogZ*FE7C-TX@j|1Zdf
zU5Sc(wtx?ux{{ZyzxZI;MTbA&ocbr@xns~7f&yAXg`R=vck$gJzxv0X!Ky>KaL{Zx
zh-`Za<N6g0uBm4R8E>d`(TD7{rSGDiNw*M@0^kJ&&_gc7FbHPRZYrOQ9QnMXv*^%c
zmjMI~656>P!pDL)j9_JzeTkt4%qD!=C{gaAz$ZsJ)iUs1yG*>|?__k_qRII_3DDAL
zMgtakuEHP8EhiQIpWNCH*T3N%DYfBMjJaESwS&2%wwG9*O<+|a&5t~@tx%T`t1h(d
zq<6g~J3PRso23nzimGl~*p)1M_o9pE7x3H|ipY2`%Mw?291arGZ(DRI8|U^|=oczC
zCT^NJFectM2ZJS@7Ff8~7T4bqnRFwTz!aUzwJ0ng8$jIG<tIDFw^gS`@3eA=K-!vy
zN8VobB40N=oKwAj0A1B0nLX2RMF9PVhCZsv=-3L_LPS>T?}vHgAM5muT)Kvg-cxeD
zCgK<SJ(ZQ?w1j_6_!(;P9+pl|@qy$!q-T$r(r@^#LerxrJc?Nh<m)suJ)x^33ItzY
z@bf**XFXhOc@3;~UL-)z)$!6p#5N-WOr$@|?_ykQo80!3|AYPCYlfh@=75*)OV{K(
zf?@ivF5mx+T9RS~B>UtMg1;>03ZoVl*MHg1gx~LIIw;wrDwjI*OW=)AGeXkS?>1^f
z(((KWK_Z`l=7{i3wfju-dwKnQ2C)yK=*NioG4`Vb<ZDoQa06)&@Q}T2b0&?9R$F%O
z^OR}+)-ORx5`LCA#;Y~A<U8#YWC5Ac($u;eJSRv!<Y5u7+87Opv?;y^)K{zq>*V2y
zR6)*Zw`I*mjf(<YytmO+vzUv*WzGumFHa|nUnlRyOh2ZJpT>6#1Y6#xSbH7S^&FD`
zA^W*XM_C3W^v6aZr*7e|ij*TH9*#F~p4h8?rTpDa(jrG)VB-itcst?{fw=IO3IEaU
zD^LTsx%a(*(%%co{@*O*zk~cFxgN>BZ^zoX;;_MGw69-sr#(gY>NiC0P^$8tIo83(
zQqrTQTCZB!An?Ec;FH=K-dw`)9Cmoz>34SW^ZguWh+^!w2y_U9By4AGbZ`sYIamls
zSZ8lVAS)|7aCl1(^VzAm9o1MhuTr&^8G<+5mYhR6v@n7mz+Nn(7!on5`(DhmOq(j>
zD;j`nUzM_)s$;>*h(7{9yB6S}=No%=O-!V_WfF9UGQ7Fb8LVyq!p{V0>l@9{GmW<S
zFT=gx^keeO%8$B_UvcjbLw*v)7|`o(4;$TDbu;dMz8AWY^8fn=#H}F^ru>eQetgsE
z|C{hx(Zu>&Sl9Lc8$K(o*?yb-@@8br_1moe0!{>*bsTAA3<?K_5`j=Ciw6zO757;u
zp*Evlf_waXihl!zMCvbj4Tkg&v)}xt&=kc=9&T<vv%_)skF%#GyB~`)lRd&K-BC2Q
zhq1p*z&t9<>(hyy#=0+X>L`vJz};Y#VdpUvvpJMu;BENrY4~<O@@i1rv{#@j<sIz0
z1N=l{|7h)m0`eY2TeL@jZ_?p1`r(r>7#pT0t`M@_(}rdfEF*f#KJXt51<!QiU)S*=
zg8gZEZ<toE!nSFzT2Uxhf9JI6;EDTWgDF{32nAOVCss+>)~Yr?J^ySbBGnm7&dcXZ
z9b@>i<5;>W$fa*8l5MnCmDDnlp~;=B!MfAF<XntCg9>Sz0wP~U&-Qd!MkglqiOJi4
z*-S@owH1l^ixlb>2h;zn#5|Qkf3u(FP+Gf3CEl^Tkot8L9)?Axp=PkgA+Cq9VNxoi
zJAsw=bRgYlRZ|Rf)@fIc;pr(CViFwKvbM<y?5n(4Y!)&G^=}i|#svuNDdS`5j(bUM
zzW5_jmN$vT&x1jXiWlViA@Osx1f#-E_H;3Ec1^Ki??{W35jsMlMM0>iV_)?WmM05O
z_?k#qn%Rs|5===4iHnnbn#Tqhoy=lhT0BH90k6gz$Ta-axivG4N3Z>uxD8yRL0dA)
z)K7nHqzQO(CQ0!G9}wUSk{!sA)qMWDldwP_-X)51Xtff<Wbtm2L3`fGhWG!--w@Ir
zJ#Bo4AEJo=^t1f`Oa4~+N8(1*!us1J_@A*yrJ9X1iW=tc%il6}X@SNG1keqEqeFGm
z)`$@-7PTypHZ0zW2m}agvaTV<!=`SjX*NOt!z9&=CQX1Uuw<E@y3|6Z5)!eP2=CC|
z4bDT%tJp`ur-E<kk^6nl>pJ(`L@;TH{70?ZW&6{I=cd=z(d6g-*47K&pUTu|;;0)A
zwmbweL|0lf@`LT+o`vm!JOk~{#KOe_NB0UiWDZiZn6U-&)9c^fzxu$7_8WrX2jaRD
z91r>&SayjO-y*$zB<Xl)&G3`zVn%i_Ii*K;G&p(4Lyn48h7PVFPhKHm>CK-DgVC+7
z%QzPI<{T>e%vjnBcj|!@mY8kSa%-;wZ%X4RJyiMT%vyEHQyhygqM$-`{lJJb4l>ft
zl9^7~RgRy$L|r4n9u9@s^hQA?ou@aPwz@x@?GvqZ2K>)3L9b%t=+g|6;el$~D*X>G
zP?pnAskw+T``GFVOb3}oZx?Ga;$AuXMoh*brx=;4Y}^adK5)3$agjouQJspr>-Yfr
zm$Xsv8IuA=9C8x*)v2tvAuvPnSAGn;QJT_klcYl@DSob69#hT`v_vLA7wjoy7bL&@
z>?KVrl;&<cZx35Ea<6+5_4?WsFbrUE0SvRPBw^zQhCDeAQDNhBF}*wSW`D~mcH)gj
zpp-Eo=MPOZ9<lZ+MDGi~P=dR|2i_s)O{AjxwBI~LZNb{-OFY`m1o5yUxT|-ZyxE~!
znO@sAi9EyVR<I~ha9e9b#Au606Cp&UaL-OJlFssIo~WEFq;Tz$Gs$V~&_ws)2I~ug
zjf`6XJg|_Bf43N8w2-}E){1@oqNF6HgTq!v<0pjlm)tEnqR}npEV&0NPX2mdnFw(d
zRaC(HFeV@-q=`BP59yS-4biNzIq`x{-O4Ix%VVonGhNb|O8rJnL0ty%f{D@EeQk60
zJgF>fI{ESjTRHXDu-5V{;4qyW#mXK5CU$oPeG=JkRY-25-o{zr7fUK7*T?9*N0*Xa
zG!Chwi9+32rAt_-#eF(;XTMxvDB7c$JXwyU<+2rPlRdOGJE<aMz{On8GeSv@p4x-P
znmk($dUMW<jZbk9=%eQ945f#(ZcT$aV_=Z(&8#-C>tPm?7CU@4!PV<gbJ0%x){?1?
zuHI3>)f)oEtsYt7J6~cX2od6_FhUS>!AYnO**{0pUAlqIBo5eg?f~UVwp7~OhT4m|
za|eU69chYyYqrd>;R@!NIao|7L%l6ojb!&}Sh3@BSc4g|re14;&9UUJYLZtCKJE;&
zyCLZS?L|}9^57Gj;F)t|7JIyZIqTSClUoj#%=*+3qf*qp1-nvP5`^V$-s%!VE|Xbc
zw?JO<`0}t`0Y4_8XKqglPlBY;E}0n}P?G?!dT1$o71W)C23D*{Eo5D2E6aC!g3V#5
zXUY(lj5F@1YaRCyD%U*vYZ{ddxP0&v+{9{D))KXz!$CHe&{@hIgtGM_Ge(zyf=vdL
zhJ)<t@k<qIzP$VrKIl6d#m+r1_vQdqEkZjYtvGm6NzcJm5GFyjM~k=4%|7>jSTEmH
z+r?cToJw$`TFEls_U7IkZ~!NTS47*br{sn1(WCeVzB^-~($o)a9Ap?kH5}Q$U<aSS
z#gM>B$9#mGcWqyO_OI|ROEeQoDEqzf1#%YHrt=k?Oq=x2s^!8?<{vUyR!12iPfGOf
z<f2xE=e;cozz|YKqTSP|Dzb~N7<*pB3KPeOKh=lI5yoW;Y#h=ylM_2l7o-+9{0?`Y
zwIk@&yMVzutf2`6n4gD|6-eH#nWy*SIzB)l1z4OgutywXHsCyF*{UDk6KN*QU^Zln
z_^d9G)p)Sr(lA|<#AO<&WcOn6M6pR55@(A*(bve*@AA4s!W%&iNgT!O;K=UrWD^of
z&2#%0AB@W8LvNHLB^>Y26q>eiLIYMl-2XhZg(R*?bt$x`%tAc8Jrl#eq4vp9B&gus
zQYYV053V*K2uk<1{K0Aznd3V)`FYGq6GK3;;Zbp8X4e+p52N~Q>e5N$;ob>mkq@qW
z@Qh`3&83>KvSf(Wyu%c82?M{Ya=#Z+_=Qh7Zo%KobeQ+g@xzIfPnYs%r}m%fBBr;6
z=5YfPkUJ07()5o=U!LF5rtkSgu2P(?&}+MY!Z&(x)>O{XaQ3YY&i$~5bX9QQQX)U7
z2R|RaP%_ZX5xiolXYK0o+j_PdIV<4Qf<9q|zLF;%xl#X4uv3TF4#wr~Pn19Bf&TQ+
z0RQ;}mKk>qya@Q?)IzF^di50f1aA9<PYpq=5S;?Ct0KzjDx}`5+V_gw_nvn7SqD*(
z$5ip8(&Kq7TC=F!_e#C@5mocq2~iOO(C1Y&6_yxaLSOO9^B8hC*w0~kRs+2e0WN90
z1yI{x!xzgJth(PNV>V=ouy}`+Rb7MzHxI?n;1{$d#c-~Z4U=)l&n&9{a<jXdj$ehZ
zi7s>jJp)I^Hm$vRlenN-Bqe4RrxY_Y+}-u<#BNod1mL=mtRYy6V7L$kljRw7l=iSG
zM93nF#Y{W=n%^Th5EDrl{rGXWHfTCkN6Uh@xxsKkUX1n30eLEVL2JfW#9A9l+`f^o
zeN<vC??=}uF=pH?5x;`Esg^53M}(9u$4`bja2p;^77!o2pJKmlFSaf386Kpo+dozg
zMGt#`Z6R%O@CE(vpta)CjhyQn=(BzUSAqWm?EepD_@BI`BZ;J>kb$-JzbtEu6#hrV
z-$$ogMH}=6y5m%US3OE>9y$y%kODIB?OZWsca`+Q@Lelg`d>2sNdaO7GNzm38Iu_j
zZ#OTGaN9U<Dv320MoVH!xhT}c1YAH#UN$;p1YTuPq!SeB6ln^X$I}uiahM6XQV*FL
z@wTEX!f<ooCYlujY-kkNRgljcwi)sLkRZ55i8kc>nY;I=OMe6S-uN_1&UXZ(N@#Q}
z3+k=#+?;uK9WI<JKrDG}<}cnEm0iURdZi0eL=z*2PkHoW53KV&LQV;?*2FiCGXY<z
zPFzLgP&L6W_+CJjz7?art*O$({kL?P<)L~9yYT)T0YiGAiO>K7eyM9{ZQXrph-GND
z&8*tNIOFlO(Glu?XmGq!5$c4^pKKg(o%Fd14PMJM?`W!+0PVY)zU6nIfB!H*JYAv}
zs6T#`F#jLG+&@3eKf&C9CZu=bLgQCXngm%Ij6pm?6NxocpoHKbkp3SE#;~RakoxK{
z3C0k>5@eIo44R<m+T|)*XJAc&WmqCsA`*%Nm5qXpbd4%n4L+(`R$3Qc)s1bH?O!j4
zW9&i@soQtFzWd%!n^&7oQ!hFH(2>N}d)~h(`5~RumPs^Xh};HE1V;)<CxKEDP1^cA
zdXSh%;$Y<@A6_`BPl{Jk$Vs{pq&y-XPxw0SY!C~xu*i_bt=&c(Z(OKUr;S0jGRig7
z`Efi`u!>b=+z`(=LSod&Dm!Aa%BwTtULtM3!!lw|C_#4Grd=ZKXpryTm{3BpMF~o`
zf0D_QR-uLVw<aCwdIP0I+C`zyVzfeBqBj0S()2ixIdNRsu{a)yv_5fMl}SvZEWSQ5
zv(mUK-YIchiAiq+2z`}AD2=W`=!Xrh<EWueGNnfTzBcKBBvqm^SJ7yYNu4tHSZ3XN
zkflammSstWGHU4z66u(6Qm0mB<z3=D$=wAOt`?xuWhAp%cjQIVQl$`9(tEU0R-z*w
zOk_BR2)jsOgp9muF78kK1eb3_6BxC{?8^j{PedIISJ46`Iz*;a^7tJqYY^yVT{4=l
zxo!eI&Z8AO()zAl87%mk;KT2p^;`YY+UccJz}7x}<TF+VkjqZ5egD$zHZ&{B>l!hk
zo<Yk3`igRkA?1mp9>qDl3UvgOUPSc_emW^eyN8oaZc!txB6f7(d#7nn`){YLHbY$v
zjf+u_9<VQe)H}-~o7*5&4C!I^9t0KnWjoto{lD=@jlv*dgH92@MnULYdmlQJ7xg(-
z2}uwO67-!zWt13NNT+8x+!D5yx<#x&B>oO>Y4fp<Rwx`uuoTOoE-xmFnANCpi^Pr}
zHmu4Q2JuKOWkc1KWSC~4nxNeRx)pw6pMeHE-#0hEY7yoA!D8<4uD1hJ*U%!FQ)wSm
z$AB#0P}WMI&mb-r$imJHl-K!La{Tq{D(d;wJ#!9ipOe>WRe+P>O&b-&0@9PpYJs{1
z@H0QT{T0zwSJ@iPw+*nm1%UK;>djH<QRMnK$qzd?el5g2Yf(0Vv_#R*4>w}^hzl%h
z!G?m&$$@HY<hc+So+#?flU(=rXyZYMahz*T>t5MKf%u0T@1FmXB2c6n9_Rh(9Vhd1
zGQoAsc&Pj^zr*~DVFj{yUlyx07EVX*>tP`%K*k2K3l7>8?$6A6OOo+1%u7bTwCR1u
zfTM2$J<{@OUoUR>8N76=ZYGX_=Ww?@qfdG1*RSArSU*p_{^}XxaU;Pv8!SQVO6Na?
zXnOTstN5nA5Jks*{%~16%nPf1A+}ry+=Dhbml3g6Sy;q_<0C!CXkmzWNL`rg#S2U@
zoQ`8;jLIu(tihzg?{Sr##pc>nn!4PLp>~cB9h3C4FT8fe{pm^te*O~{wLKP#+tL8m
z4a<od&A&okEeogUT9wR|i<tg9hdU4;&|@rGsSdhRVuo_N!{<&=<TOtyH=&Fy{i!r&
zv4^dT580am{x7XLob{AuT7illr9!-No?7)?i{lb=p)Y^t;u!*`ULq}e5Md7`dWwTj
zODO`z+ZTz`v*hsjU&TpR(h`c{x-q@_Wr(1iJb>6Am^~%>ugQu#oG(wU%u63a1bgJC
z79m?rOv2M8%?@)we5JIUD)rU1VRX6)eTPeClx)uI%%n}+8?ejFDV!=g@3FsoZ&l@)
za$7LERP(mR`$kwc65g$?Jc!~k**Fm%>-FoZ7mTw{?PgF^rDPv?mV@i&&FqB;yw9KY
zskxtytD^B9Z4Mw^DjC87K|d#gvN@P#RUt5vWP5-!ksPHk_?-%X?OJXKIu8;<wN{M*
zT6Br7CEEMR5jVBD&&ou6MS6HJqLPCsR4H$nx1i11{_yLLW!A|1@Fb_RvmJeVoHjrI
z3W<x9{0ZX%7)NR~jhWcC;>fieK#{8L@-?4#!=pG|k$|mc6XTj7@h*?<@sZm7y`ky6
z8f?C)!T$1V-e`eIp?>L(5_9N|qTl6WuNpWQ*DpC_Sr@5tEI`%){=v%U^esxT!6ANd
zjgq~{Fbhz38e?^=lzq#`o;r?<|BZdsf|6%ldIKl2qiF54_x)Zf4?KSRJ>>VEC_QRp
zddnvj(vYO~!hLc{U4>g>(rRiCjS(wJUHMxfQZ+v;otQI_dOjfxr#-2bo+#|36&b4Q
zlp9p`&hkpF#HaNsZ!dY4Dz`o87Ge8EvvJ_jGbvl`zz9%K;P5<K90khg<6F2^0WJ2H
z1JTA2yX#KuD@7xPANylCdl7Ey&k(+@dqS*>u32sXe@A8?jZPwV?gM~rYmjTK)&X1d
zI-OgK2|1tZ-WExn)bO6{`C>=sVRAL#%FEEKw%nFEOP1jcWjl3fe~1#RaF3&^B{T?g
zu0W<5?gI{K#=W3b1lUj4(37hC`E?b~I-)-XSPB!^@ZgsyeqW?P<*HRaL)p;n91@c~
zV?gZ&MJ5xg+Y^{5a$I#%Ga1>Ef9L4)UhsHL@j~69W&wv(I7k6~+B1v=ggOCF4x-82
zXmar{CxTt_FXlJB3>+mWD=JHzUpfUM*JW46W}a6rMT~i~mX3m#>3agFHex2sweSpY
zoupCcZNDOuQJ~+dpTfE*DGJ8-sD_WhqS0;{w1uJ5qWofCW#YR=w$9mceES(~J*^=V
zR*s-mAv3&p!u5x{x_9IA+fp|+Qy|9>b%Zz5=SqH3*l7-L;jEwLtj(kBWm|`Hr<`ev
z>L@ObBao@D``+g--~;lIy`gIEUj1qj8gA^UnItf=^1c|?<HHZ}_gXjHS6NuGr>Mt2
zlMbCi80pegB0pIV?=+2gbevjl+BdzKtT3+ZSdKP~Z%tkqve~iktkWeTk7!N5R10z<
zjMszLR=NT*;DT|(a5jD;DBeL>Z`7n5x%4Q+Z3P96ip4I2nti&(H6T--7m~a6nB?pX
zJEQOfqx9$|q8fAI1*{GB^OlnMDZvpn7Gnp@@#=_U$4v)0^R>m!1QD)|vAn>T@Q-?j
z2ysR8)omfzlUqP4N(>PMZF@3AcSnn%k=3vw>O%1&C)E6@<k~l2zC{%LxysoI8?-!-
zRHSV7Gu)oMGZ>^(3(WKfhqB0e(1v$0fj{pv*v}^dan#O{Eas6j+jSv^%L5qjt*k+Q
zG>yW*FdW=WP?%f1{+jf5TbQfC(9~(VJrl%r3bsHDtgOhlR@lfzKAvBy7Miu9ab~CW
z*!6Tb#WClii?W3tZLvC+jc&wdF5qmQ@cM~1@Y<WUk(Ymz+Tbaw(}MpnEP75fEiDtj
zDnGXyvkn?24Kx~EknEMWv*B`u&Y2g?<xF}l&+22Ds9h&8M&OtlK^*F1^i&M;%<J=6
zLJHub<v~V3dSLQ)tWP_`G>RXThd>mRvK3FVf-rEQ0kg=ADJ#916hEfvP7$DvAUqSq
zqpaO9)+%zss>6}1%6Fe~*fUQ=t*?9Y<DE1jTIo3zym1!ulow`tNtbdURv1MQV+1ks
z>XyP`Wj%k(`@tC+%J7MdM}={~NfcTwYl$%~&5>H2Kw_Jd<JVS@+hWreQUp^r!J-x~
z%Mz_hm^I=S{5Z3@3zRLvCcl;mNt8N(ESw5Q=A)(Zj#-CPXmc}|g;W8j#nrjm*@}g8
zcQ(kctpP4*UDVp8;D}5N7%te_S3`@mch1vy8JY=!H<XvzB;>%wwO_u2{>#V-HqHsw
z2E7ceRLPb-1MMNYc4CP>*F!g;4c0FM<FAGByoxcpih13H*>lMSR(FQkWXte}y7+a?
z{GsEREwiJ~{~FIb#7><8d3VUY+uHj}hG%l&(WrZWqwhZWNT%6}?<bnmvl%<QTCGRR
z?fCaE=}aODNNd|g6uZO=IUjZ}l=F?tP=_K?fGMp9JaTLxa-bd~NQ!dayHlgzUPS<3
zeH5WFSilk(c%F<3$LYyb=|m&&N<!$w9n_<m2~~Tf#G{I*7+Q|<$#b>=*KK_ccH*+&
zZet3$0UlGh`l`OD6u)hSdC~OZaOKvM_hir%3`<uoc*Y@C6{mk5Yv9jGVGZ`2ArcI0
zrYAqCd!X$b1@Pq0$ilUu=<uaPLj=cb9ifA``_ijgRA1%U2Ow+F6KH7<GS7N0h5d(F
zya6jN#tvj=^CM>0wBKAqR#T^g<LBUBJvSUV;Ed^$OxYMiAZg|UH(~D4Bf=cykRiu)
zY*pJAGwYuSZ=x_P+Z;~hNI39{f%!Uve(954m`_AKpSiux@y$?M61v>7kBfM77C=$p
zKq-R5qR533ffjHFdeWRr3a3$tZ-#iGI>C8+Ms9y~lVq}z)3~C@{*ZpGuwm8e?H<z4
z*;e=0;@i~v_84}p8}p0GDR<3>-+n<VU0PubV0%V>VMKhvzis;}j>qiz2EK2Rd^NxB
zf8`H!ZS3n=f@~zHS7O({)_dJ6x62fK#JhL&rM}P^9aQfYQZyF2kHi}`Qx16UP3I_w
zuaMugHT)K22@gSY&k_7g7W|AB{LB{o-A(aGxVQ`N&|B3U=+i0}lRoDg@g9fwK<+s&
z=Hod}ol`IJDQfaH`SB@W@+D!ye>q3QUstGZAj$ZsRLCJaQJ|@6)F8eNW>g8Q+sM{3
z5_uO<Ds~c<WL%QTJZZRcF=0gV-7F`EXjG^RPV#dkJ`_iymqTJu*}=fCu-_z9q*#0p
zgUZ*s|Iqov-4yDnf>OK2?5m#N#8)=$txPg=E@Nb7OY<)JbN6|f9FIgCD_ES%ku*RO
zCJ#xdRya6MG`K)RbdVB-1yyoeBv&kN>6OXs^w&6Lf%)VN%TX%d#LM5t9%M2@Sl-de
zwJ^}&I_s%#i%H%KPzSH6$O|2P_95ArsHhs>^hjM%&SCdnmY=q1p)4Z<_G!XxUW@{_
z@<cDCi9qus`y8cMG^Lg@rT4}6qRPl+`Cp~P{89$!o)=m7(}m>PS%J|pSYE5aget7j
z4UDDb5)9^sue;?~W~(bg<y;DfE<9nRSsZFhNz`T6>8xhtR2@yS${xJ1qc)U7DGU3Y
zsW2&ShM-;xtn>CF?5eJYsBM7O<91n;vwVe7i%cI`*V#>TiwqmUs=;34T?~%V*LumL
zVJTldydmV$LIuNSCw|)&ZC)*bSs$U<wSHnZalJfEJ)_p4epRAj9#5FbEsN?1Gl$+`
zzQkk?x-ni=@=J>@+V)r-g4-C8w;USwFHa4-b?IzR)&)bdHS3d^lQP!q0l6Dy;B{i&
zZKez{=*)+5>c*>HtR_{9YG|vkr3JPsHb**b#c1iWZj7>icg<yLDFv#r8rfv6(|xVe
zOx%)5PpPbjWG>wCiZ8j&y34O|weq(UYU&eez%e!8g!*Vk&GMMq>U*3}pMmXD+og5h
z9zyz<d>ma-H{K_~-lO9C6h(I`%IR6;RzIImV}t+m8K*h5a11-;EO0(Ey^%K_Z$rXr
znOK>R`>-FUCd`_~(7m&Pt`>tSg`jUF=0DwQLARqEe(>r4eE#vfhf~3q;b(udv~TIN
zw=zq(AS7c-V3}?p-*j+X9csdXV4_qTsb>@EYa+)CHO&mQ^vvADk@Ouh1aP%N(8V0I
zj?BQ%OkW6#!HZ}a%V~j?hLX>XAWhwu$>w_|GMnL5;GE{*C8r^<)3QpaA+SlnHOqRG
z6HH7^%3*4_?3~$T1JV%05Md<V&Nm%a`!D(kG0tol7j7B7gENkgTSykcyZn>;az?e5
zX&JRk-p+~c&Nh;v10|F(cJYYoc-&ZxINgwCtN+oiB+Doq$N`n`zGbkVm3@Hr7=t~j
zZNiyD$@(8&N8-!4jEZVPfklL_{flnDJI1+gdDyn8Ui+NSLQxoG2lgwtj;pb*%T{_T
zKVxn0t58%3Xp{^hv4G7SPH}H|WZ`PgJaC;m#f_f1Bi0fPp)y|Ltikx(tl_<=3<MQ4
zoZe|59}jrN6F$&Pr4@&JAvkic`ntBA7`pY?#<lj+A*v+IR|~1mQOi>_&&A4$QrkXE
zM{epwZuRL4!Jzf9yZy7$q_!Fb*FD9R04w9_0~fyJKn1-u@$*e$vhZbGG()%4(4rIi
z_(Q+e;a@NuW6lkqZ`$KC^UTp5lEWR}4Y{%8PX^)Za-fd`Nx^1mKt(sE4^5PVbm6BA
zbS&UC=H%K?iuVyJwXfETx{*`tg;FzOBH%nP4ooT-bgy^ssVFl*UxdcP%_oWQM)BuE
zFimD-1!&r7sphRJWuS_bSDsLcV7KmjYo^{GEs;;1rJ2|=E#Y3jb|10fi2>}AEDZPs
zc=I<=yji*?PV8V~ZVU=|F@43$ujfyMSE&l%oe`m@I`>i5a((RE%hh@1GqnaW4g%`s
zuIAbW!RF)Tr`-jwj^vS1*sRNT;dn2D9mD%Z2~8=7(p5|dZ&^AwRp)}g`nrvlX;AFS
znwlW81(3gzNFv4ECDHjBL&%Hg`G^^rXO1sLCPM?q`$txHjM(GPi*Us^<HS4dj?RS*
z!M|{Q7|hV8pq{2Jbj&9g^?oRyS`*D4n-7<VgD%}YKv#O>%X&nMyb|h;!V&BJ{?*1C
zQ-1&owtQ5ptt;Hv-mibl)HF)nqWwFN`alIN9^a_>9b_wZNnP!`qw7}bJcXEpz;0K=
z1G;*Q9wsq`*>9@QP59zBt1P=_*mAhWvz)eA;gS*SC-j#Lx7ytVKBw5n9_$$ZCIft2
z)2A^`6UztgR>OjmX^jVcxK)JNFmkk`Df(1w2S#FwO*I?SsF=5w3pv=)$((}C{-L>M
zx@{pTsLMKDarrFHRB8vth^@w>v6$>zQ<nYV0Y^FP*~j4aL;eUaJAIoud0huw-!W7(
zZyObyhtcg63nWWj3xwyzqd84}Vx?UE$T-aEUhs=3cL_AQaEE?S?GE>AhZ-*L7h>RF
z#Aw{+%Hh1*uELYe9o#b=T`}K*AJ=rEBVH9TzlE4PrvN8c3`)PJ&Q8E1jqwem-u+Cv
z!OgdyO<#}&ZxP4-@Ef(g2fgf6KSK@Kruc4K-O3#X$2e5KN05E6XUEH3L*-Pj>8G)v
z;xXUS=9Bm`MrwWQR@Rc?9hjdfsM_<2ee#~YT_L`s`WF0rx_kb>{bG=QmGid7^Y~z@
zI!sP2Av^suf#_yC5N`4HdLJ~&hgN*{wPZl&Jws!7+774c__(4G-BEFzR#jiDvY+Ac
zYD;F{L_A2Y&vrUKpJ?*A%-FlG{e_*s6{O~*=p*vEQ!sUouzE{aAQ>rP`p#nNMA(xI
z)I1RdqeUgU0#-15*kh=LMP)5ivz{EL;@vgL2E(^zf41iUc4$D)+!$qGS>#uJscmNQ
zC?QADCuEvh9cihgp>M$)J@MK%Ou-;UU#_IL;)jB3`pJ_|>7xAz)^Wyc^VXm>PE|zE
zh8(B+kVXqFi%rd-1xL0bYEWmxQoK4SA5g1$TmrJ_SH%L{*_6%P-Y-F~=yR`@STL$}
zACd9-gQ~(A1l{oYKl#Y1;7Kpf--&&}Z{EJ(|1G)yt>6C-DMsgiW%q3o-xSwGQ3j_B
zjVhyl))&U!Cnp!fl7Nz0%u40QLTLQ)kL{tRqbpKo!x}0xGP9mJk;W&Miy!e#v%t@V
zUl?gVo3>4jHs!mxs(3u-e7iWl^4)wF5pF)2&ySsBD+yJKnu9CRk#&)cR~om7nd2(~
zmJP|o%KW|W+<!tYJCynR(7E^9B78#0P+=|~tsqlR%d8(rG(oqEeLP;bDaUzg7N?0w
zR28HD_XaE~ljvSsT-yaThLLh;yVEEmmB=jt1Rz_hx?EgW<i5T6WKqQ!hgy(dluHDZ
z1OSFDP|<D3a<I^}<WCXGCOe64FS^bj`BBQHsVF?k3pxu}cxWP>*Q-21L5{ptQL`;~
zz-%>nh9hGn+*25&ly+~dL8D9+9kV3j(*U$>CRfiXW60<WF|+iUk1r7W!M$(rvL}X{
zI&i7@Zfrn*mysWQWxRUs3bUBfd7*MhyGUKxPa18~V7WRTf$w)4{$}ZtYl+N6NWD>v
zo#pJFoz%=p71SS1I3tix&=HZY@MAa3K1BOdJCcuNUy=kEaB;Yqx8&b4mus(seQ+|M
zXrW}eO&VBpt~RNt^bI4!j7|CmM_ubR--i$b?kz8nMNyA@5)i03kKoFh&}7jPtITy4
zEv-889y%9^D~B}kt$bSKi>Y2BGe2`}$m!!3=jJElU7P1{R?BzhjO{H;y37Ll@jAOL
zmcQJ{u5iUFUubMhT8!_UF?A<qP<ilo1$_%I>3m>b`?uwK)L=hh-dlU1x9MRz!9HiV
ztGkzAzr8jvy@9>wwyS%_z^eb)1lal6VS9tWNA<Y%Ji&aTy=V1o1^6;N^F90Zz&+>n
z0Jg=z_`%x1s{J~kkHClS>HX)pY_>ZfJtaIIwsQHYQa(u*hr<|Gh9feqBO}_aQTkh~
z)$<9kwbknsC?Vh)g%L+ZAT?2tr{gJv$ookeXo_<a46(RKsirL$fh!??W+B$g6VeHo
z4S?UWPISzQfS#fUu<smW@Xm<Xb%6eRZH5D`-iZeD$B&6`B~y|A+qqJ<vof)jF|ai-
z`(M&c<9D4#d0~P7sPoB`Y$OmyV;M;zmR9;tEC^5_>91uVKagHDw2@dCV?nkA$PCF}
zwGfMyRHy(_A~uRrn&41<0sAsdsmh!-R2!R()9|+5`^>jXX*|qVpVvm%F0V<CBi|IK
zsn(-TudVCxR<YmEKQIjyNMwi5Q{Ux4;?UFD`}YsTy+QR%PFT4+Cs8-IL-?6J5=Jb@
z>=->VX1dH}{C@o@>SFR3$}PDn15r1R_eY}u{WN;F3+6@OXikIL^OI9v>tgmu8S#?d
zJi6r9za>oYWq1i48ItBRxTQ>(O7))Hhe@DM^&Z)$Ceven2_9*d?lijPO~6mhG;xfU
z_!IhrY*?6KCiPevhK!BOl?;vyQJN@Cn9+eL%yc$P0tOj9Ve-31Ui+)R7G;XWkBs6k
z!%4Z#k6&cxSThrJf7e7}#8ZiPafsqPkP;$r^2zV^#VODz<MLBlIQ+%!E-T<gr0x%f
ze$zadQ6?4rq-oWVG_oL&3Q)%ySLBLe50n7oH{}vWbK_GUBtd|YWeC4_!x4W*;m8h-
zG(i@UF%69>W-hObblX1X+zWw0`<A_<ZhivR_Xajs1-p||qCPxu0P6>toV2inQsuKr
zcX-wIa+;WSl#8482|?sAYce~|G`GB}8Trw+ffKQmt|7+s#<_R9-F{q)GHX$>S-eZT
zX#TURg4cl!;n@}3f@S(qLWb3fErASj8)@<WGn8eEpF%4SC;!Q*M-{=^<-E+6KFZ^i
zR_HA-x4uM1T-DSdvjQ1Ha7L#1Xo1EtD)G1+e9~vtO-nw(y2ej=;68XI##%TjV*g$D
zZTOGh*rRruLf~Kub~YGi;I9x6695J?A#KmZ1gW3oHXl+{Q3-0|yQm|<q4F&@i+N8=
z?u047F<6^Zz&#I%l8INFT7uBzIP5FuAPQTldzwOtJeA!(7<%`Oej+_{bj_i*7eyO_
za8Iq&-q3WXfS*#trO_$5J=HWbyMDVqSTu{~_IxKSu^R?`s-M>oL0hyQ5HUNp*?9Me
zYRu0_F4Ig8x@9OJ@+Vw;j{t{Rn00>j`k!o(9-|x<qSF<?MMkpVtaXzk4vNS%=A{di
zjuE8ASiBeoK*_0=e(ObpVWzaXX;R9dYMEoOncQej>1UzFx`Pa=Ra>Sf*9Yg<3!^)(
zjN^oLxP~o4k@lf+aB+JG1vrKcLXkTc1{FH{s{<Tu7%>P68m;3;IY+eE{sd?;^%P9B
zj>#f;mT@5(`_>UW>qId%!^DV00gi(RXF|abgmbU4CO#OJJ{YDx!%ciJ&3utHeCo8r
z4VtkQjRbR+0>umd(g4sjRcNM4G-J*GofxweNM7)#0f1_#Lf2KG8Eepfn>farG!p!C
zB2N`MI39FzbQJ3f%eQuG?}_a?eON5Cvcmd$3H|wf(^F36ccU37u|otD6)%A2L?t^N
z^<?1FQ*R<%0b)jFleO+bT8?$e@zwGa>qDxnbxA2IR!v^3i)cgXh!SvJ{KiXN?mdPz
zi~XLR?kMNu!4;)-C1F>3_e?!Igno2zM4y$RrgfR6oY~A$-K(TW!<{F9la%z(7{&T6
z-S-HFSG9a5R+GZI=p+I%E)<$y0%QVfVUEXmuz8R@NafqcmTuOj$+y2?4_|I}5@H#X
zGfqQaZWD{Tu;+~5w?Rc6@zLmV*q&rYM)yQR>V{SJGWRW|%e5vOfc9+J&WsI6@i;qj
zPgaQ|YszgJS7Mz~y4o`<n*TuM!!mo1ag}#KoFS6)0e;YGo7H0OQxftkBY!e?v98@v
zI((|UjThjMkqt4`xXQ6u#V|?d-=rrOLpzd+P#bM^v8d+WI;v(!0cx&O;MG7J*#=>L
z?_9lq@0G9`ZFl*tX9F8$%aU4kp{v1J;F{E25E5)Jrb+cAD7vrWKBhW}qbFN%TJ{2b
zC_%~#mXgz8oxNhgJ0Nyf=XaAF?4-H`M!mK_j49y9R9atTSfiR~k>UuVs_+1{71(H9
zcdcNgFwmbef<&H&qd|*~O-p&g7&6ZmNuDrmHrcP#x8axr=Q`J50gRRnZk+if%)2J~
zX6gM|3z4Ao1+3AdTL(I4J?fh;cH%CkLZN0|-|=G1P)VwkTB#W8KY|*e_C~>fI6rD3
z`>3Kaq7oJx$F(hnO`I`}C5T1(LEeniX(?L;eJ(kPs{18vnJ?{FuB;m4za(AQ+}YXm
z+X9u8T7?0B)DnONC=*P4Io6PkNJX+z+}SszXBQ5ysn46#I=llhJHyaXE$YS6&|Xv5
zJ0w+;kCFHy(gCk;lwA*B;=0jYKkTP%83|irXa!nY8vrR8Mn=wRL98yMeFDNf>ep)3
zK(2DxHMMQ>E6S;D2rj~1KJVY!WhB2G%#v-77~z$MGXNmt8_o_ELO^G6B#c;-4M-m{
zq>UNlCA>(ZF;E)R#f}h>MWoRfI6@{ANlT`=r_vZH4i;vHrHnX|QKu^ZKa{;wm}JqC
z{#{jFwv8^^wz6#7wyiGPwyiGP?y_y$?7~-P&YYS5%y%&}`D8wsH+$XWj=dsQ#QS?0
z(uW2|iW0^o$yB5((ia%YO%z8C6v-Z?vD04CS(r42j9C*yJ-XHE5Nb^C81P;999#zr
z-7yVT<TTZpRTt#;Zit;PTkFYK-YWihNEH3S=A?Y3wzR|&zg?`lQ-1xUMB(M#xLi64
zM@dRPL`fDtCS5WkiI+vhOkG@8QWe1Un1bLMQBIV5fi{0(*sg>ch9&z>I<1eVdxXji
zg%bQyq=dR#n{9{=Y{(`xL^Ek%K__*uo-sWKqRSP#3q`&)){bmlq6PIV2eZ8Bz}A>E
zU*1}NAg=*1fl78z9-gVl<*>MWX#;c0a_7_yiTi8UT{4B!W3N%%5~b+-@Kre9xrSY{
zckFiD({-%yiA>Etjo4T_OWA)^UYSUrEm*$GJ^qU!SrfVOm}K_vg`Yp(=UU$SzS01-
zVl*8Fru@}dpzqvUasEkI;h;3zS?N_}45e-l&*QAuikah<{5NI)#S;3!7ptyH=L$9G
zE}-L>>0F7VFVXVPWV@@Kyko|hel?_B2QH<T63TDd`=n~?Dq(SH9dWx=dxXRI$UF?$
z5fFha;MJLEH`aD?mwj5<JB^5G)lT(W&WLFh@0`7RG`&3c@I4qby`mSxp;QXr@I5Is
zdX<gB7p9?cRC=|I$`{8WH45GQR=HcrAvG%9V)v#!)`(>)-O`uhh-K=nyjHzi(IGX;
zZcPWzT*T|C%=m*;DY_RC5uTK7!34WF?PE7|J#!D@ly}P^zmgZzp;`s+$OD~n2v0o4
z2VYq^5dm`Hy=>&?QF>4X=|Nr2D;EH<AYvC}R$RbxViFNQzH>j$ji^Qs$`+ujAj#LC
zUFlN2lXSrgc(cId+Sbib5=Xy4cg^&2lT7RBW0rTmQvH!9G{?lpO_AFCYEX5i{QfD2
zTf!MA`nrU(=p&bSMoS>Z9>-RVcmt4fKl1DIlDKsf!QTPWx?11PKMa?%;BUcB5k=xp
z;C6rE^cfL0IdZO`IM{xsd~#z6rI3VXh~OL7_he`JuQ-JdVbMo5(K=@c3G8&SS}c>T
z`-h1pwnQ0MW><SoG;TEZ<Zwr8cwm7TXUtwqs>t%FLPc2<q+}{8sj`>Nj7lXOzy&FO
zwR_Z_L&ONxm11YZSkt}X8Uj%md}uj~HBwXv7z4Vb#VB+dkc;sWb{Z^>euZ=3d{#h)
zHw{6_!h`q0&zv`)3|-?r{Q?E<JaWd;jswCl-LlkXA!oyU02a*#0n<-aPiJs|FyU(l
zq@qDHZdK%}!RY*tBDK@3-cUAHYfenZcxT*GAkxvD{y~{AiAn#SmRJ+I1`pKr*CY}c
zn(-<#^Q;{AmI!mXjpCG5-h3pp@?hLUS?fSdH{|%3O?sk2^m$}W!&5%01s~K;Q5S+>
z+KRuM`BxY>?EJ0~TC)D0YKbqM`xN*Q>r5xGCMgPr!i9q&WJov}gIDs6rt#yeZBY3N
zMR}?4-M!8!^8(aA@u_IO9bMp(^1vew_uE&yjOeP*FoBE;Q>r_398eK>*LNT-!h`E-
zthphmB<XclpcU$BOn-N*=P{QCTW!dC(<c-+4d7|}B_fG4fNzTp?97|~nXv>`7dPpe
z`v~|$M-^JmQ|U~Tt9pkqNGyY;R4%W(3r@9O#zO*exh*Xv#=Q2k8BD79XwNk3x|y@c
z)Rbq?#eqd+qaN=*pgl{!Ix3HhwM;_x_j$+fjvO1iK8{6RQSgotcX0;pz}h5uK4|P)
zc=llSHp)(91Ra&3;|;pZ@h$L8t(~B%jCt5lZW=c=X9JiE=;k&&YuewmeYO`MnSxta
z@+~NfI!?Nqe?U8;&(`|Shvhc|T(yQfbl}y38cDg$$Ma%r49jKM!`m|n$@*-!!H`^Y
zl2Y_ZP9~4R8_hqku3&Lo_nMeCYBnAXkV;=(lqYm7`L#t%sFTrA5;;cRIH?FUoz0SQ
zOC`~h_uNmAG8jdhy++W+{*r<1Rl18S-oMKap?wlnYi+>Rx~3IJlf42Ed9bT|e|JT0
z_Pty|F0C!iD!`u^86oPRRO#WcICCd;=qS*c;XGLTBUipMY#Q=)ff{P+A9%QHdI@+q
z27M1|HYKhf?x_h*%LAGlcdF;$N7}8$0tQU9Qt^-^vI>zcLa2V{G)+C3i@1$W6G>H>
zDrs1qRRue-O1FsJlB>X$^TJEnlK@CKIsmTWzL*JzQGDG3y}AvmQmgROqYN`^-c>(-
z>%FD?+EmS3c5SWR>{||wZKInQM>}pxO+E@y`2$nSLPCSj%dL)#pOg*tq`nOAiA1vU
z$|D?#o&7u|12T3$OS&3DJ(Zm|kB_aRn^4Uj7~i<;x%GNAg)4@P=NP4Fl<gpL6G!~k
zhwk{$(OB0bw*L0_LG%k~Z}e7Y*XRTxR{+~vGBkVo6!(UdWq{qD-WvvDhnoXrdtl!l
zURDrDR}k2)5S$<nu3Ll~lmQy=WN->IP~xP&8#7dxF~@dN#{v0{mpJ|kQo{LDcDN}`
z==ea_om5x)czes)_)Ivo!uKKIQtrA`*&7IA$G6=ncaX&!8DjUI19Q6<_8rG`&y7PG
zpx+$UhdT=<7JkK{`7m5($Pk0UKN7x|$|124lPJP0i{!SiTnBMK^n*hOcNoM01ZJo~
zokZ5C&K==6Y}&s21sKB|oNkV5*RYzMZV}wDoDFuo(LudNW(3*>|E&?ZY9VD$(gsV_
z0!_WTdQj5_ZOOvwR<RoDyotI_umk*Kt*KRVJ*2X!<A%wGUAN}4kL;3gBM+}HdTrmm
z_=!iixXYh^UTg>5hst)bbie71=Dm#%qIMo*|M5++Q=xV!^MTbp(id*4Vmqki)NR+*
zhkh%cV2JzC=*8*-Y9s#(KJ$@(N9XO{z2%ebYHqvF>jB}0{Y`A8Ah&PxP0c;mV1QQ?
z^orH+#+MkKfT4XiP?YG3eeUL0d~|3O<I8VGBm%~gU8F+9SnQz}EhBt<=8D@^g~(W}
z^P3>=MLju)U$ZaRTVkai5FQ@cl(U`9JNTZb+~%%od%6ik<}p^czCy$nB`T;xG7t5B
zfwry)33O}b1&bqMW)K9>0b&pdPw8f;2~Xq95vElmKS)k@Sg>z@N`O1FQXTfK!SlY{
zXL0pemvVVK<8KY{NIm~}gkk;|!uu7OIM;#c*wS!Ln`h;PAaFhSpsQ$f;??xDU(55j
z&x{y5J=^wyn*IC*Ibi+|Yz|9M7LB+?EtfJ}suHT=o`sd--q;+kKR;=Psij9rx?!Y6
ziTV%keC97%szg1*Uw{7Uf6o2=fyRYo1Us7Re`~lCiE$Y*cv=>t<X`LY%Nr-}oL~uv
zU;>yOIhM>flBW%LPAfsq;3ce$nz)CQ8^tfuU2e}TjC_7(f&GDKEBgg;??<>9;xuV@
zAjkC)J<2owFTP#dOPrcBjG8lo8c8@cI7qd&0Tqkg3jf^-!QG0!-HHeM#W;Hv(N-#E
z?PRnXZ0s6r^qN2LYH$c@(U5A<uxf`vm7+TCyUPMZv;nC*4&G?G!^;-zU(8uU^NoHz
zGJo&%7&D(XyuC3n_W!C!5-67V0iIvw%u_#MV|TFLfA~tU_6*bCXc>%Liy-h&gBu7$
zp-@Bwlcm52SE0E&G}(tuHrj<EOIkybp-NEYiz`BjBuG*u1VAmKOO}~X<-3*#wWo`-
zC(BP)1bHfvE|{4L<<}rrR7z5`NR}~D<wqzBC6@<j79(3mN|tde3-OjAp9M*lVW<do
zl_H;cCCe+PUK#!LEFZ+KK(>mItO};8t57kt;Q%W1Q#Oo-Qj3ODI}E8D4z3&ytt1Po
zyz5s%8Bj^=S4kXDQR-Jw`sxTz{wj2|S@YvxK6~{8%(lODoxqlg;Cj;`&mij5;ba@k
z0f@2<==wE?u*OB`wPnmQstf41DBt$^7=h#>zNh4w&VAxz_`_h4i0cQ33^6}&=t?5u
z4dXFMEeA2{6b>S^2Hj_A$ilLTrW5QsgkGDelm6pNxts7yplGYXMLE=|9AR^|bYADv
z+?X2BuJe&LU)_cVoi<@#+7vMRxtmuyF{_amiM4~uOsK03wmC$0LU|-$$GCh)m@juC
zEJWZ9x}0dk^A`U*me#_CVLsa#5}MmP8xf`#kra^<{WCI_*0hucFBwJjb5hDhuYxa-
zq-_(MplFeN0E>q@2hlIpoIoxIbr2c*961b4D!-B<7_eI>O-9LLn}E%p;%BK`NK3eW
zFrwjRtw0TE+Y=>EIXNu!lQHxAq(bMe{7rge5jt(y55rc6%N2<hM^Z(gPp2p>GShdM
z7ey&|0piOI+CYEOl6=rYl_B*Q`?P*Lb6m)E*g_coCi|Ow3)m+{z+nt2O=%9?$><m_
z;59r{U(gx~Dpa3Prwbi#|GEwgk6aA`X;0BU5?ma^cl;nE=mL{S%#5E;biIc2ZNSnI
zX3S=7;CJiK=wMZKM<6-_N+;2^-qN3IoiMb;gSacu#TG|}rD!RXbyaA8l22@c4<)r{
zq0ub<3c3D?Ep)bY3TxUyJ~v0w1OG8}$e^taj56q%Mwp@RzoLJ;D`e8~!*rhX$f3TA
zJ8FddMxwr*nGY>1SiC6bv{)FU4C_640(X<VN7-$Pk)xbN(>IwJ;?ilP{Y7wpaTT1p
zoJl63HpE9_=5Y=b8pO}CK#Q3A&*Po2JesxDl$@{6{;J73!$^$@_kxH6pHp^4i-4?b
zkZh`-P7e-l-6Abw`FpBSs@mr$UeXl}fc?ISpvk&@X^m}_q0fPv1fru&-boi5ibo%K
z)5>Pk#7z@t0hc%w^8r7aSdF!R(O%|6_+2%RxV9BOsMR0+l+E!y8<E^L5Y&PD0kJ2*
z*a6}JnLDq?yhMKkEZvYi3b{kSz7^sqe7l!u7DQ^W>$mm>M3W)HLS)wr#Z_pf2#z-K
zw`_4wuvPXVuw&4dg95&n&;b!XGIXbm19W6?;HH&Bn){LXCWV9Qhn84r0I2;RoG3v%
zcmJNkUd!JUBsRs=1M@+my^gI|x$(~_nky003C4w+e$1aa=)ba$+Msd=_-}Z_K<wyH
zf%Wz&&w{&dgF7KkcY683Tj16i?!N-CQ`cfelg)4CwUi4+28u;ULyFi+Ao5!P#E_9E
zzqE0M_VNV{qmi{_R?6-*MZ`Ze=bjaebjY-H3{LC9XS$&`DP}84JevUQC~LKWq*^47
zw1gij9p}a!I3%8l06Vg8Bz}wJLn`tn-K-uGmq5Ooq;n|XI^kq9s2$BS7NAAqSqpeZ
z%qW@pOZt`vc$Rwjng0WAjcS%H9G{FO;I|+&H&LA!sVktFNAyHLm=9fuSh>SFI4fxs
zrG8VXesewuz7BApAypX#pW`Ll%poFPa(3;pdIT2UO);AaHK}+~oRWN70nj6NE))8q
znVm=W(JJsGbxsrdLdSm8F_CE&+Dg5&Bz?-aen!e4Kzj=}xwNlD!uWm2930&V<SJ^w
ziFfpAVon?LnOb>iB{Y(?eB6Tk!PmGqtgAni4OiW|0aMiqR2UW%(@?{)u%?EK9TdZ^
z&?u$67Nvk3P39aRWJI#2QQ&|q^OHp`Ux#!}ryv};D{LklS|-JuKKv=gTu+FcvatsM
zq0YmvL1=-DMY3Kz?ur#8t6-i22$gVdwd7>=#^{YNnpU$BZK?&rC7#t5Ds9siBbH)G
zt^N&gTZNH=RRb7=%h1!*;RKVyE4EtKP!zbPCYB8x5@GM2NwX-P6&7uso&l2l%qbjP
z5?l<+rUXw8BK%NCQqAiYhe)~5Q!$mTl`oWWm9^h@_Q+Gczwt+7BoX0>63)1?KbI)s
z@56=$cL9bq99e)WCtO)FbevG7u%V&dg}p%gaJrGGf%m;Yj%Yb*3O#X%Up?V3C+b>Y
z#O6l1!djkaHb+_pa2FxtJD^peE&9Y+g_peHY=3dr-Y|MyPC{{RF&>0gVAgN2R$~18
zxo;p=2t9jc89}a)?)BNT{hz|lcY!@^E-}b=2ye+6!|isEs$qC4;DYzptU1aT`x4h4
zZ&-9Fd~11slr}!^$hE`iE-3Aw`OtLM&<C+Udb(@%Amz^RqbEi)#mlAe)5|gXy^;Ud
zc1-<Iw;%L3v+m*BqMYsj+Ky2+F#8vj%<3OdGG1Y7m~o;A9`9Y41;wO8LdXINA~_rp
zDe+zaGc8Jckt=)0k0<gMqj$rCIPrq*4~1c7DG{PY^|^~KW~XW1XU3NMkCD_`An@A-
zQEJ;&j_CDh)DO{CbZ{EjwX%^oqyaYBotV0)70e+W7$fvy8;(}9LM)V!z3yNLbTY6r
zVijc%+L?^ir1d%4KXW0Oi}`A6X^7(1<8f(!b;ssG$rZb(LB=fnbf6lII}<#cAK6O#
zP132Ugm;fk97IBLR@LAW+jm4jgt7QH>`i{&gB@D7DLgpF<5*~DrtY>^{^3fpMHSbv
zZ;(nFp9_-9Xa#v{&s}6%;E8flM?@^bEsu6wqP9d!Xp&6^8~$APkO+y-pgdN|<Lv?X
z{nba&aHr4@w$6`Iw=ybnZl0TdT9^&VxT@Rr9CBWqdebt{Wu*0F`>JT)=HNULC=H||
zUYkAIfn5U)iB+(z)^(`M56^YHfmAYmT<K%UQBQMVh~)I2-FK1QsVJ|$VCr>MuyA9B
z-Wa0LpM}7LxL0Rj#K7ASDD4%fRwAD9VS(licd?kV1@kAk^Q2RmJe03*rh>?iC~#+v
zJF7O(b@o?cN~@S0m=IO!1(bdyl&I`D9+}5T^#DiBKFa<2HK36>m({hAaul~&#gq^#
zn{&*@+2%k5x3=8^(^&UFMKAoetvwz*<7b8sG`CBYTcFCP=ko55u&?4(bxt@@rj&DN
z8=xuAUgAdhvgi|)e@r1qB<O)55tR?T&oQ0dfG`ZE9p#_{0oWhJ(o*80UE(9Y#TwgI
zW@Eki<#~rFqZAyH=sym?%y{+|gL5@UAXj~s@5%TKI-sk<W4S0`9LS!epKS>&84R7k
z&roaQS#60-v12r2_Z;meXbRNs#eL+dG4M|j(H@!S2&AT|2_)4uC<T?v3_pp%3Zc??
zypbAaGx)?%d2^}I?9rV$CH<RRJx3q&LlLcD?8VX@@3fn$TGQyP)-WW-M>)8!YQiOh
z#Iw?g^z*<|riR^b*Rs~W*eJI<_rFG$c*^&-_>HtMfc(F4Rg|1f?Ee{A$;#_WI4YQ5
z*&8S+h(xKXzf1B6Nd(H4EVTq+P-Wm!CG){5pGY|2BFAkvE;KuxtN2bhV&=`Zz2{Q-
z7O<e0T}8L`hxz~9a(7t$N}D<{zRPy%9>0F?9?#+bdb@N3I+l+y08%oL7GppOM5q<J
zrP+$xi$HBanh;?i7*L@Zz0XwaL?c!R+tCEIlaf-15TQ&dGU1F$#`I)B>vL)AM(L~2
zwhO95ALbJ7B(hvu%BU<{|m?wN50=yT|K`qp`h@_0Zk-WbLs`uh8w9K&(tJC`f4|
zJ%fc>9%xpk)l)u4U;St<X9BPmPBfv}YQpAIs;E_Cg*cnuZ--Sw76Pak%#=?)YYHkN
zNxe!*CU827IHO1|xY$)Zo|1sAq)6#dL<XvkJfc%u09$)1GPH~LE|KSGwyJlA%S;~K
zy8BD$n>3b#EHz6QZ7N$t=u)!X#ObB8+%;ImAfyX#-cp<ISQe0K!G{5l#-i)VwTZZ@
zF)9qNvFo?ku1l>N7zrhjA}h+th$^2o?NYQ9I2rjE4-t7ksO6j7+--)KOV&wdQzWbx
ze^1t{%bUOz-qk~$7Vm&%nPGB8P?%?wIbKF+G`R)Y>TJ>~omJ#BKb(f})vRZvB>YHZ
z8WL-kY?Ju*l>@)c3Sf5E6@)g!dUGM9DmNXh0~W+=LABOb>ig|Xkg#Vm7GQGfC(+l@
zTD`;DNk0SutvevnZ#8MLq}mk0P|n@_nQyx>uVmY&NDO`T3kBImGR+wCFMpztyBIrd
zYO_c>#dCAz-5Zpenv_jpg?;rF@;(UX0II49dFnMEn95U&ZR#1mwqA+6`TF#hw3koV
zvZYWd6yBFy;;u?O2yx18g?)-{0<dR6zypPXn#FNqw2SIlbpyP|v4I&};4EUNIFn3i
z?T*;5rTh!Nl@&s++}@V>hil>+F;{(rzKa!nq19X7AU_8NQSlr?*d3mst^i27pW$k=
za@hofBJH=xOvaP#WthcyS=q)TS=k52POb_0xs9ArZQklhQ@-`Q){f!gbZtKdoyN?6
z)Da*W4_(xrZ~(H<4-pLtwoYw3iV3mYHbG(?Lr>h`!Wk_r&JY+VA0aR&#};REId>hA
zN59I_-)WFZj=vS}gQv6vy&$Bjd8jpnu_E>K@rPV&brI|8f#I30v05(y-AUKt_q=eO
zH1dCB8Z`1kWi!(na9p7QM*dK>G9H@6wBnrsV#Y!-iX6Wp&Ub*Bpwq2Ua6LDWJ2%;0
zaCI$FaBbn()<FLr{M`Zj0+=LNOpRtH>cEkdK=|+z3F0MX@H)Ro0k_>Fu+3ajLHuyT
z7EhqeoV?sm=cN!!{1(s_MPpv&!{p}S<nFQX6|TNzSwEj{L8J|*PC{LXLQIxvEn&s#
zVVCmgM7`6`T)dr#U8jt+0UR8;=2>_JpVX&zP#&x=3fWhe1^i+@$COC0IcUin#%QmM
z-&jTbgco0zc4v->STnPpY)v1MM_b4LJFqmXmlZkpTh;vdJ^b{op9T8gl2HC_D&yZD
zS_<Q`>jJ2}iEg+pyYX{EIQTlG$!iL$=ygC)P^?5S1>&17)(BIeX1J?~&0h;}$#HQ4
zXAn0EXv-+XRQf2f&ePf4&sko>PJgf8=zmSSU*|<laz(6E7_Jj;R2hcmJJ&e(_QqhH
z<-jIiQPN^zv++k2t^$~qi{XzRxlEoH>odaQEUCNdUI^VuoJZwk3Y=epotxfGFx}~8
zh3HE92_$R*n3VK~<w#tJ620Z5NIcol%zJ?^+LlD^r^;`V0M}{xRVB@IpAf@RZj#jj
zj=cEEiODhRy)omToue6HK1gsP1@%6<H0kk@Se9fte+|uD+Nay9Enb-kTGu(R=&ak3
zbA6h=W;vtH!s%m`*|zFNa_c?lQtI~lhhRctVal0lcrmZMj81VbX6}<uHLUVx%M?Y`
zM(c746OD+)ux)NhGtg6M&?$+{P}M9(ps);H2hdgsB%#d}s#XkfYAM?9!K*ahm~{6i
zQSL~gF=9tQ%tp@}*&OeHUChj?qqj%9MbT~L-(7>}0#k$`y~**e`Mc1!j@-P>xYynO
z>mJqdeEHJzJ>-@J4FtsffBnB@%p64=9qs;|eUq)KrKF^W`pMRoJxF1X2<FdbSV<^Y
zsA3f<IfTfH4InI_KtmWK3=av)$@*zi{bZ=%_023%%6`hnE9G%6DMWyi&OQ|;$Uc=j
zX^8!RkX>FQ2c~iuwlH1dvbuKpTH5ludpW)Sc6Sb0r^~t%&|e9h=NPaC^sRR~srHox
zI6<?389^gMCqO%64D+f78-P)Mmhg`5@JL~x8n5~U_&80NlTT+zfL&8CprWFtSt~x|
z{ZN9Yqe@e~seu6Q9I;MY{cEeJYZ!@;rsKLB0Yd;?6(u4oGQe9mJK8Jo_3KyIoGwQ$
zb(-cB?p(ddrYM|(rVGOsN^FSO7$1|qMuR9Mi)bwT<6uEoVY0k6mVpV}$n`Zp+Zs-|
zSpTg!z1<q<M!Ug5v^`%rjC-RolcKnJqNkvKA-}6`=A4iQZ7MWehA3I;+Gd@%RIe@P
z@-P$Uhq;5HH2dC~dW!3UI$yp?C=2nx`CSRc?*hrR3_wPsK|$27YJF@FSz-3l#wvk%
zrqGX}TZhe`>~_+*Q}P**Erf^<xiO-J<NKkNDOV8>1egntxTL(adB%^Yf=bMf&{P}o
zy%9`8t9zhWo(C0X8w-?~)Cw&97SSYflI(vUgaoDHM=bqZ@+O=^+PBfhamwS^%1P%u
zM;8=VC)5cCnPn|SnTq5xL(r+DEls&lr}bu>d?<yVM1ixsnA)ONWo}-$LqM05)8&)U
zYQiN+gYr~Il~!q|2Sm8s!S6+g^9e>r>psXY(OvVk7a?|r7;)WpiRt-<$#u1dN?AtZ
z8R<>!qe&ArVpchr12woCWF|yGm*`?M$H=g>{;Iw?<ek%P-0U%XPgTW!MCf|=jbnLB
zBqt;Ml7k;EP4A|Oo*Y@LHIK{g4$8`s%d?G~#uy{L8^VQ?lXHE=RNw;MBnfk+x7|y@
zs5QbUzIlZ@h>=xnWyNo*9Tx*<d~g`h^QuG1)(x5+mufHP{#pi{PSLpPZIyeWBUCU}
z9xIw^%4X|=ngzgXBLG`Hi*cW{b2N=f@TQ`kc;~}(*gLTG<h9{KtS-}66oBeSm=&eH
zN+w&q&zdhPUDKhCK${ez`z3p|$}3d%NCpjoXe+&gKFteSR-v1+U#nSIK%Sq*!_8P7
z3!ns?6hSyM^M|bnozEmZs%qM4)%!*-t*2JGA(r-`xD_NLKwE6(nLXP@T;yGch#?L*
zm4&aiuY-`T_#!v?HzQy4#Etk6u~%(75Cv1{ZgEQ;5K5wWgu@mj15(4*!cD{2kT!|1
z3ESBtAp{o{0`3oJeBmqTq~7?-s8XD{%i3vAJ>?(O=MMAQ`x7Se&YFtu1zn0svlD~i
zudDArAl<As5C3vJKvtHeYc|ycy)Cu3dz6tR&CHk}s47=ll&)@Bm+I<Byi(@R*4Ov9
z2Ue3-ae6G0ndW|?&=_3)fI7$=bTTL0k`cHFjKH_-#=x-umBAlIRIu=Fpq-Dy9>}*L
zz|ZOj>&EcQ3v&>GL+}^80ea~Tb;vEE8H3ym4-v&zKSj<?R#`Baa#T3k1qwZ3Fx{W#
zz~Ki_--}`Vm0NO=6)CiZUSidKTI{OmQ1Qo$UEpx^3QPWIcRW33s|9yyHrbkP5J8ke
zC837)m>@QEO>uQMjEFU^NE<ZfxdnEvquV(iT{49lmD~;E+()#TvqjhNQ)K2fJ;0=d
z3lN40`=%;s7@}p|oS=ug1{XjvI;lWaj|4A8r@=YM8_!tcTBEHN(PwoYDQzIcY+fhz
zv@-=bW{%-S4wCoX<oHr5OV6Wq=OP|$qbRE-2Sq;*cZWm6F`62rkFyio`~waLW1uRb
zg8SeFF8EzF<WA%0P@V=((Md?sVU;VCUjg0^j?QBn8-%vnCi=-#tk4NR6I;jWhF|N_
z%^Cgr59*JUaiIwC@P@d#KBjg!WV6g9OtX&fPiRt1lG(z~NXPi+xCysAy?^Zs|9?Ad
zvj1UUFm<st`Uig5>A#s_|L&90JpHbH_L09SDgWy=ME|wgzh@I_f7MWrv3x@|T@2h1
zMKI{~I~S<vDk~*G!4`=6+M(TnNzIk;QVg)PP1%_nz~{+Ipd{9{Gl$uR(%i$Lnu}>I
zyabGl=5jqVa<<mzA3SB(K4)^Yr%w6h|9UqJ{NAZpaC)h^e(s+B+nK7d{c)YS3}oGF
z4rE{soKzqOI|3b#>f{Gxl^3ZZ32VW)K@Uz0gp#6e^3H)Tz=)5S30%iT7y|L}l0}e<
zppTD_JTPF$K^Y?U{vw13b6Z9b3s$E-5h$p<<G{$XJAx6Y9zh?zI}XefUi$977HbB5
zYYjBLOATB#c;El)XhiM9U9i8(Q)aoU8kr~A3SRPtt)yKAigYrgrrGqZL%C4rRPwH<
zkrPcV0Rl}J#p`&+>d~?!2yT*+7)fPLvQsTuQ<A9MC0$`&@xgZJB<9KZp|!Z!nYrD_
zP=%b(ycoV{zGAj4O}Vk6zD<s^29Ow$6V|K|QbK;VwBb(DS9*FHMY?m)Ry1|A@B@YG
zBV(%?{^B(LH&^Tv&yyi?#DsLJg&isCuu^-mc{`^OSZJ8lo&rsNDeR(%&<q52_{<``
zE3l)nx@oBC<6KsS8@E($v~~ahknABnV(8HZ<y;OW6Kk>!?K0)qY}J@Qq6i0-X?i5f
zheKLZb7_fyM`BWer8alg^&t_D5V9oa2gjPNy!Y*nNi4<OczODVAq~c^buH)gR3W+@
ziVv^W$CRs_QHgDOVs*fyL530bFeu2w!|unXrQ-RrIHl5{QE`j}#q=K&8rsv*rqY=5
z_NTn)X$(0NXQ2d^B^|{@6rz=UZEvskw}n=d(gL*xBUXMfqbTx-<a(8I&yugOATZ8l
z86ISiDh5eZNMzNclNi!OOCbq1OsI%c)p-GJ8SeTVWwq^v498zH5^6EBo_`fH=qM%!
zMqmTgjVmmMo&ws}6|snGu4VxA>6fmdE_>-wQ~=|Ra3!V+2T2g)g&ixy6%r$yZn{Dg
z`adgCc3}pivGYuZty05uggPnw5<yF;K{3osy2I2=Q_#Dd^TDJv?H0Jf5l&1~F#8xc
z6;Y8wL+=u=!>HlSyz#f#x=Hdp9?JzqWB1WW$+zwDtWi?ZVV&PUWe9I+weR-VnM8X{
z8}^?1l7DMM!U1F!IdYV%&2!UZu9)U8C5gmLuVQ%rW@2Nz;jeDlPsgi!DM@7#Y{%c~
z2%4dFlM}xAvAs}cnL35zsvJ#*$#-uNbd0?c{uLftum6+j+$V4HdH>kr=npaLUeUu}
z?8LNi0$e}sTv`#>ubhKU!!V)v0yf`43NU?mb^NQGpPVt;faR+ZMr6*8zzrv1=TK|d
zjCeYjQxum$q=Ppaf!H}_Z9-q7Pc7$>w?4l>(dweRM`0~lLF8Y?L~)Q!i!*tEBYcSj
zg>N&;Hc}8|$;v%>k>X)kR-$ul>ijhr!TYOLOL<-y`AkO07jgWRnF{vSj*es&gQMn<
z?oWC&aQ6*I5qm2|FIP;%#ehpEy37E2uji-akBAkytM=VnOlZ+k-kS8g7hCH_0<~kG
zi}X)-tF4g>t*QO4B)T0Q{&$oKs>iFE`qCr&MNDtvnwr%cd+PuK?$*!7>IRy>Q?rz+
znQexU@{wF(UWJ8SB-$=m4bW5l*LWez%uH|xSGd8XHT}qH23?gmBqp6%YI1>6YnqU4
zd93wpJ^4(Y2p9PfUZ;J0pYEH}1T{9zyY{NZR_;wk?)W}y{VKquQlkf=_40$RdTw4<
z@AGZvd52zYSDkQfxsFZz18#dJIys}(<rEwcxn@OsEXG$bas$VB<v(G94VQhcz@IS^
zEq3?<UT6ey^ZN=ZLIWh7SAV6L$h7@B!xgxf5dG1tB!wi0jb|>$HN(a^^C$T5-jGw%
zH>CB9T32W$#0e?ba7|Icx33#MRV^yt+!?zDe^2t}3%83z)5zzsP9WxRXYF8bEyycO
zv|ddHz6MWvl%_@rzD5&5ZKXtX#bwl~6*^Y7-n_5^5kqVQF%8fR5{#<^NHHzmmNN#o
z+9o2vT6%XVz!?=(KPRekNz<BqNY}S5jlA)IFqo`HTFWaDdXOfigSjT`_e#5wMcyLj
z@k#>ri3$N<HOd+FSKIHebl6d0DkR?-+E7(IZ$##Vv19SZ>XXO>=C;Z$o;-GJkGOD6
z)?r^}2KQ*s!6-Xc*5&P(y*POdOQu8ybl3>g7PKmD#2C3&magH{KzoeH&uLs5(W^JJ
z;ogOKAK1Y<5xt*7zFz!N^9rr)A*aLgz>hV!A{ljobmS3^qfgvX6Ti_I{^Bvv`PqiC
z3a@L#?U60Q8#T~s%w5k4vqY+8bilqgWig>RE51~p+LV_ps4*>YVF1)gLTwq^FSh(#
z&uXIc)$8E1jk+w=X_wzfx<~ogEJDW78sU+>Tj4Nar^6j0-^6Y_?q1=ukpgF6OLBno
zAhAJXj??|=U_3XZ*$kqeMAzN7_?-TmKQEKtSRrP9k@~&0YfPx~Pu44v$u`lbRn)|K
z&_~SWm27v`NYBSbAyL6!?UCpFP1nwl_WBkT_23^I;v?(~<lML;7;)WI``H}E^FPWr
zDdXpzvuNqwjgsIAF?}J5jRmYR;PcbggVlbE2XLro@v3`+9rD~P+?N?bQoAe9?v=-C
z_aQ?Gr!iAVXm1nd8@;@V9q#SURV{qK>v78uYZgqZ%IFC!+9Hy(i*q}pRQA<B*m%8g
zzy18Y`wi+LA~~3FUnqs#Q@cN-y1%jrKf$=)=vOOzhtO}VLY~=;_gfww-K>Xu%!ogK
zY<G{CK8ro<%UM(V4MV*LH@&MZ-ENy7`mn9{%+K+^@V=BzzHJ^<hIir*o0)%Lsy)}0
zW8B~`xGlsCS~Ne=O=WVrt-vu)WvAXtI&Q)(O4O^3HNHIAIGrs_mhDYBC^x$|(?RKV
z{3?#WN#GV)wLiY>{#78JyaMN0w0nLnR-!D^O#2Zjacfty0P#NK6UMDRTzSLj?>8Fv
zHS%#lSJVjE1Np?pEu&xSd9gsb?<Sxu3A_xY<#+v`0yH3?B$0=2dCY&l2>*xN$=bly
z>_1X3AfV*`cKQF5zWv+fmQK#r|FOnDy=z!^Pd<;okAXD4n?wH-&H6vr5VSRxvo~=x
zaQ=^D0c9Pzd3j7<`13UdDuTe>8yqAZEQWXl{-2_R_rw-y?Gi-nN7j{E5*C>?#5Yo~
zZd)Gv!GnM>GEuwl7Eud96qp-h=Lx6WH0Sj_&-LG&r{`QdexL~hkq}r`e@ZM3>2X9x
zVk2};s20+RvADdaIeW2w9$~xN*Ec0vJ*q0^39DwUafeW~Gta4g)_DqcN4Quml`B;z
zvKGs>>JYOde67WR!j6rGO%rg3q2J$@1Hv?gwhWL~t}14jGq6&6cDAW5Era7^)g-JP
z{gZH4*q>gF6z(pCeGJO;T}FTQwp>@)utb?EnupxnDYPH72P)#Vv$$j0Mt)~ntkWj7
zJVdl?EK0g@TDn%3bc~<%fExGBKDg!NDul|+dYCMnHD=l`S&z@VK}pJrk1%+#c~He+
ziPy;_xCk3^_Gr!GP5-VA2?7iG6y3DVSbT?P&)g_1DB(&HB@Iw^x1U_vjL@xDvsqtg
zLt}|?MWIGxJ}c60%yd2o-)%AfUA@`BR~z7TQu?jIFi_}2zM^Ukm4JFi;{i&?=Zd!r
zpU8f-r927j|2?C#Q(@rXcFoaj)z!IFK_*<&k(T$%_w_VGO%~(crPS+n+l{WEID_gC
z(N;dSoLXvAq1!&%W`NoCVFrpb<y6Tk9dFXwRdImhgTVMLogwN~<|heqN%K61fZaU{
zbH=_>s6GU!CxdvQH1lsD;7ClOqM*<?SPIM#Mr5Q30BD`@^s#CyCJnD8Omvfw5@xZI
z?}=9iX~yD3ntjlU8l=?iDLSgstq%pI13|(KlF$X@EsDP{5h!%hw|bHqOlVrDUVK#S
zI39jbMUoHCxM&X~U;P)|9`fOGD0Qo}T$X!?Lvmc0RU^Ip0SE6gBa%r4Qs8v_)F()r
zq^X|}NnwBJ=uWB9X%C!sbO<A@+UY3T0Gzbw#JmEWSI|7JsTPzMQ4FYU^BOzS?;k$f
zgk79~Js3}f0IFPhV~b9-AhXZ^he7y{@J&#x%o+VYMlJqs|M2~9!uQ|ePteiA+1$p&
z*}~|*hETE6<Ugq9pKK0$WN@f!LRz1a{=#pCn!)%LB|-s3xI~eX@{j!%-`ri%8n>pc
zf(ILSP!4~N8z3IkvnmvSfR}v)0{8aB6gxlnzFv>tJLvDgQWy7DwGkhlo7<TY;*c|c
z>0+NTdE1&?26vl93|Oap>7n(8`5cCk&eS*)K4m01+17a3Tuff>IIIERGHG1<$wGff
znpl+8@qmfD#%URTad&KpfeErcYU0ZsWpyk(3xigbk|FtBP4Z*dLQ{@|+?SP)GIrE>
z8?<`Val8r+^pYlDPN3vG;oI4E{My#4GdCvunae2K%7q9dLA}@kMr*m$oP1x7h@fW0
z;`CUR5R6G#vp?uuF^iY7V`qw2&u0^Wy=dnKt#+Phn`Pf0Xv#i3w)${#m`^p_njxEp
z3(HK0NAL7DrI?ot@AnC?f{e0SP$+GsrBC-w9TgYTL+H0_)L+{$=hgYrUv+<Z7})8!
zeC9wBqKr-UaaPnoNGE1ACZnh23mX_+1@Ib3uuj=W$K(0se?yP09W4z<JmVG9e}TH^
zK&;?#%Ybk=qd2|#z_maoJ342|bBf)o=k-P=YF@k39qK4%Y5$Q@pSrKo{(r36|8b8X
zWvuLUf0xI%->l02!}HbA(ZEB=#njZo{htN$qMC&>jvCr$4n{Oj&S3N<hpI(pG+Xl_
zsYS*d2jNg8t~A<uvI)B^q$y3b4QIV*lxWQ+BE?L7aIpYoD`^mKF)678iit%^N|6NA
zjN)8<%3a`(_g@2?jfV&jj;(Gi2__np&ASM5ocC87Zr9IO9qXBHr+>znftGesMOv|h
znU)OIMIni0FOm>b6v7P1MLnVz^xTO4&|fDS{8R-+aY#oUd3m%g8BS*>+|4meGE5D6
z9{;9C4MW@rVm<E()4Uj@yh7ez?Jxf|@kS+}7Ukrl+eP7dmN31JzoCT6HN9hI;){fE
zKXQV-^T5*U4P@#L3tc&*AA4aUBjuR@i5<1yr><&D)$94Qzz3z5c;f=KjTmQ$=b6Ze
zibAn|g{LsG5b_%v%kl&la~9+X9C*asi=-?XX5(TpIv<?10z9M%TnP_46x<MwQ7IZ!
zg*Z(aJ3M_CeA<0s#;`69pU~zw&UEdqMOkGUB0o<A!4iaYOCE3@77K44qK5~GQo2wH
zv0z_o8T7Jgik>z=xb|mFqh`Sv^9<nTZO_0mH9R~wTvM6RQN7r8P+bPMvw|5BG$8{5
z)5yq*t0ps<!y(T)Ki;5C-K3U_K0jcTQAZe#$}YScLTl+P3~t|I5kw^10QPhyEDWla
zP5n7#9*NJ`<dDdlW7JKN!6dfR{AwGd556D&OTsqFp{n#cG7ED7e9?X7f{6us(OK%E
zT9HgF@h@Uo?s_+v@wB@@q~^HPOGz)0<oZ;ZX<3P_vs@JXiGlxJ#hG?xO8kj3GRf*e
zlkx)C)DiT{mkRX3yzWVPGz6$66KK_0-CR4ftt&j+`K>rZ$`c9YRvO{EsbeJb0n_VL
zTrmrSkZlgQiRD=9qKQ2vYrir5WQ>B5K4_1ndS5z-Gr)_IMiaU%^*NbjOe^a=L{@>F
z+%)&kWCpfHEbN(1GnrNwBVuzTe@{eaz((~*^sgoKJ$M%x(dlxtbF__!7D{tb`TiEv
zmszT~7N5}GgbQ`H5#imR$1N*0JL@ko0k$tEHlYC@Hxlm3eQvjDK_h712)bZy{iQoV
zIr1|Bs$kop->yTN-4q;Q!XPlEX<PCW%J!IYk{ks)6a%EFxC0Jg<Tq&niLmdeKXUsm
zpv+LeCs$$bqXZVMm4y2cFpq$ypsKP&BIIA3NFX!qW&1sJKQzEFFz<+R5^sdTQg4W%
z_*HLEcxrdhs}gSl0&@36fS+-hMEj;OADDFansilfoP2qM_2e-d&H?(9S<_h>=js~V
zVtBFa1Adjqo*4?&WwT}IP>S&?lNVIXTKU;oSzjeNmVr%97JLT_@=+3sT~e$>=pZUH
zZ2lpuyE76)+KE$fIGPz;?;n}GpPx@Ls?(}+R(^JgEhF>Wt4rIn`^7?W18)mdm5$a9
zrsM~jbW;0F(#Tm=MO8?xlwzgRJ|zk6QtHvSV#|$6Lxu?g66oKwbomL%EY24pW{@Wj
zY<<o9bJu;;lk_h!@t8ov3Icj*h#4bHE?VWejfD(n#ksFWq&2Tlu0OnKMEa4{xyfHn
zV#c$u!c{r8YuP!-W!bW66;E05We?Uix6ZHY+}v-OnwmVDo0oW*f4eR>ef^{DY!m%f
zX0DG4U#LuJ(^t(dfNK8izHcnGIch8)+_OH$S1Jk0EM|Q9Vb4E2Pqw#Z2Wl;ZSqA^=
ziL6Hu^XFAzuK(!yGERS%@Hu~HIYlj=d}U#66=4o_v5a4qsoYcUOl-(9QOhi(!zmar
zD@{=WaeZ;r9(6pD2p%~;e{fK{a|&^O<?7(!<0qA%TupZ=Q81NdcBP61<2uT{Ym3Yq
zJWH`z08-4pi}6tPr1PdJ9lz52w({y53*~tcBT#y94&dAUos$#&uq05JSNHn}a!^pp
z;0G@rdIJH@X*mhljjMHm!j5a_fT}IYDNjm`13@rHQgOBB8kz)@R%SUFQy_+o?0(}a
zhvOvUfr$YvfR9(0q8BpaH}elAS))H}WG_}RN0?6J)dzWXLF`90)lO)w&?uwRTYEuZ
zt(24*;57cBQOM{`Sl5jy)PmewCRj=V+&iR!X=?%Sjxyx4U?kfj#6Fs9>lF<?nR=RW
zT^BxBIg@f;&D_;%vU5Bw50t1+c!7n=lD%Wx5_w@|is|^@2J-`aaljocaOYxjbCj=s
zWNl!BZ_$5=wCTh^{*Xv&#|)^;C-(M(N)GmA6ji$4Wps;DO4%xCPJO^ik}DkfVi!jb
z)flEagP3^eyS@&n@5t&qfS@J5WJ@`6#u!13YY#dOS7Z$$4?8lZNY#_n%Iwgho4%4X
zBbl~Ua`>Oi?sx`RD>KompDDWAroSM(|2ch64ze}CAJJ-HvFn63Wb1L{%0*1{>L{<B
z^*{=41hN@AG+wIc9xi}6aZ;$NpxcqPawZUU0bzw0Ly=&>2wY@R&K^INZOhk{mQY?n
zo-e%|lgzQUmv~ZUVyG++$zF*ZIn8hiWX&m6?cJwV_h-MM*CynPE(mzxSuzR^3-cPJ
zYpr&mA0t&dt6g&9Cw(g1Iaeaxl&l#dT-bwbN-9+DA}<S(Q>w|y2jPh1%PPe7L1%2Y
zi<)=Y*X0R?IL)|4)cpygOA<-957ik2s#_v8RXbL%CVtoAj$b>setmk00QiXi^y{~J
zfzfzouYYp+bI2Zq;)ikg0-^CCry!w9KY*q{eJ9dIfm#_Xyg^1XONBa1_6N|SPU9IA
z>Dr)tfjmBBTPL(ZuNol+Xj-A(FeI?J!f@FuQm2-UKk}&4eV5#@O`al6n%6acP%Ott
zY(i^=(duKTD0vI>Tr6l7L=vA&5P7On&(0vF*B*B5#2GSVPeHPSQ21-##i}(ynr6uc
z=ptXW4!cwDilemUenlU$DeWz2y+qYSZNY=67&17UwTS~@JneL`oTCEYbwvQ5B`e8{
zg#!h+nrWD_LU4iK$r(*1mhl-kg_WbvNy$xGQU`v4|Euc&`EOM(C?}W2!FSp$@SQdb
z|F6?#Ark{z30qS;30q?mcN1fIN4xI=)Y;>o=~1!bKOKQ^I-n#rVTwU1cIN`*4e6+J
z+9ZC(Q3Xc=f$6^eZe|}7jj^e2f%F9?40=J13yX8#`SC(AxB_1s?dZ{)U}kD|JTbxf
zRJ+aZ3(^`su0pe`Z8~LkBm`%oU8Ua<fERMO>qHqaGWW3m%b=1M(GC<rWMN;^RrnM~
zcVpAgKBTsh=`PQ;6$k9D8aC&YBYv&Zi$Y1Sa&RzXS8{eVkx24&g3GdfF7fCFJlfQ1
z3;rpPBM#Qe25pS|udv)%YCjBR!)%NXl53Fasz+9%j9xM9^IF}NLp)>;eH&7jya%OR
zbQnl}pyA9<R>B^+^()a$cSAkw4oNM1!tK04+_%Xd8gv->?rI{FE2axpGZa1N26O33
zVLdL+s)j_|kF+sdwkC|*?x#cIWQ(=5{JCgrBnUKIC;3TfxN-Qi)<OH@o&z)WuaVDk
z_MdmKstt>MY#);*Z$q@67IgKcTu&_7Rd9w8X!VuOdk0vrq|Z1j7|@dH#9C8{wRN&f
zl+gCLI0sm=(qO4%eVgSwGFe$5&18M1RIM>eM)u<0zR)ty+}6)$kP}^OLStQg0gsP)
zYT3Vgy(-=Xh`dP-$k#rdw$^EH_O~>gGmH&AoI?r}@onOb(M_h0cyavxTV7pi<p>}B
zJ<dRm^FNO?{O7sFziy)cLKYcPgK}41MEkTeC8JO8gfu3UW*H?yBnwxP_ZJOAhDFQ-
zB|!p6Ixu;V1SY0Cm>L4P&DyTWbQrjG%*+h|Aq$+<$g^u&RW~oG&bB+(dG$>DZhqb$
zO-_s(CjdQF-upOxgGD~R(IPpA-6Nkq&s{)AJJ-SXyM?wiy(7jCw?y6`Etaj5lVjw?
zuSxQJw1v~+_Zk+ikmr|7Z&^6GBN)bSB5-<+M&8Ir<8$7{kZwDb*xg5>oZWOA+i|n9
zaNEuUfp%lYsW{uiZbh#(A=hn;SZ;reQ!fbOJ~}pU3{yjRZ7+s&f>%NX*`LO{yEuNP
zL9lLI4ikFojXt+J&|jh4eF&|SPX4IB$qNZB@>8dHHg^Y*g%)!b>_R|aZHW#L=px^Z
z>_ekyvc1+m{1y7NZ<!{^u9P=tVhLpzMg5a_o=r07L&@YZ{8$quQXooGSL`5_*|YqU
zbZj*hGQ_+3lfr}Si7m7vYEpEWVQH&`I@-QqQ@n_ROCvBmj~{iz(wVYM3XN(`v+-@<
z)0TLtb!blG`e=9pNwU)Hm?OwZqG)`93X^T^&67J?J+y}zASoe5vV&0lG!nqn5;g^p
zi<7_CBC4~^<v&As!0Zm{;YPiP`nHJoYaJ&zm)x_9AQ$SUnWUieGl+vQm#3)2FPXSl
zWbs@maR_$-!U^gR=48w1<Wi7IA~q#)kMvL5mBSn`PFX{h&`Icj+Ra#jybM=o*zmb>
zs8~WiMUR$!AfYsIPuerLOmI$4*lnjUpDp?s%q%C(xFtP*^b1J_lz6u_L=26}hHdOl
zFIa2aW8V055G6^Z!CXQ(np}V9j?jU%^bOPnWg4yo=|r}V!oYMbQ7GjCCd&OMdK4K^
ziOs32PPJ$OdB0Bbw*o#Ynvgi|hIDyUV}SsMEDF_1kj3WqeyiEz4sbYsNp-y7(l^#o
z27R|JeU5o+txyhN2P6@%4b5cL+e&9=f#MFQ<IJt#%BS%?7$Vn+^GGt!x6I4ZH8*>-
z3eAVV4ML&`$}{`dH@)FWV<qT?24BH_xkZO`6s%CV_&|St`HLF8ihQeSn<Z;E6!pv~
zFvW+~I?v+w9iPkzD@BwLJ^bVP>lKvt!-0;mGUqwTY(d}Bu$o`cAwWcVx=Dy+@#?)A
z&Q#JY1Fa$(pTRs6^j-Om>VlBgPsm|;jdfzk1G%?GBB4oO%=-ETMyXC?ESV9S#oi2o
zjV$E1U`#ZMAEX86Z*3RO-4UA4)dRrcVo%+1<tVb86iu{8sHzZK(edQ=%3|2kpNtw}
zXjdwX7_nWnL*TG|%L)<r=N#zJ??h5PLTH~yyk1b}>mcE{rcjb|=5CF6s_lnwjqUOH
z`<S_EhFrLOBg|0IyQ+cW8h9%AIp3uRrd@dGS9%avJjgLl1D*q7?hoyI25V2ijZFFB
z=+E4tMp!zl_R*@AZmjTX_gL|+2f%|X6b2*)&bhV(5@WV^TCjaf_n+OBCY%am_;+Ht
zK7;s6X}CkS&t4*La`-~l&t58bKH+3&j<L4TvNPT3QttN~w3MW<<Dd*isk5gxY0J$^
zc-_B?4#Nc^iPJOUzX7-xBT(}3_c27?Z7Ro}K*u$##hjz>TfbHECaM`zN>!%uJC;&R
zB8I8fD-Rpb6r5B%Oqa3$!kB(gXt-1**KMgJL^ob3i_+s1=)Z|*vz~dJLV*6xy+@r2
z&C-8d=j(&4kZVNiQ>djh6RhNo2N^4a8a5HnthycPznE~InwHwW-DR*3&dBpjmPw_t
z&|IDEEU+1<FNujcYBs^a&O~ovZK2iaYtJ}rufoU|7d`6NF6I+HJqZ_iJCtHkL!C8F
z6s>2U_i4cl6Om%DAsDTWuh|*SBXm9Vf90s2@He>qy#}^FrUty7wK!==(5G`6J3FM#
z%H0eowoECeHy7WWDAO<6JblN7!0&cjn4wBiQnw#6O*1)bnOL7+#8%qv2LZzVs_Kg)
zh|FJYcuN29Q1$CxZ1Aq9jgy@8#YLqPKv^%&dR?J@qPy0S|ABj8fVJ+O*a|tmdL{wR
zvM+=ZW3sl^nY7_?vAOjzdcSlLxRx!-0S4cEzBA~h5cWtmH%Q`!Jr=Es?|+;cU}vCf
zXdt`xBlP)amPac=O-cqa#SOlIuau1F2(sZ19EB)+X@R(t)b%3ie#v>BA&P#Hq>(D>
zT3D$+hYPZ;rY2J59H7gZ_+nP^$r*tZ_WIE>Cje{^nxLW993eXaQrkh;4P%u5kFs}c
z(j@G%M!Vc)+qUm=b=kIU+w8J!+qP}nw(TyRnwS$Y^PDf|eIqjS2V`EcbFaM@xT$Gd
z=aIBRU7YNsLFr5MLd@$yC@RZv1GzR%Thi1N<F(L|Bk6`M9JiuaisP0YE=i6Q_G=2_
zM0@GShkFb`Kc0y91+!t$zF40Pp4A`GKV76As;#{lIB1@iVe0L#19aYJWl$QIc$8ds
zZ0gbVnYPeAa`d0Yjma|TyvR3z94?Qould2A_W_p!QkVD!vxz;EOv;LaN*y#s8ru#!
z(uBF=o%<6IcH=ye4|x5rP4A5Q_!3M53e_=Op-e$4qJmfYRyE~aFL0Y$nk+5bXZAdQ
z?{Up;*>6PMyCx2>1_wb(OJ`E%NHEPqcGWM&Ud-@Te3X{a5h|6?WS>w-x`qyL2F?4=
z;^mXt-Vw-Zo?2Tc+VD$OEH@R2A{4nb9A>29njUyRF;Pp%lrxKGk5f-7xgyn%ra7rN
zimEp`T6FxK%SSV>?bYA2Hore)l$!66OfLDvr|>2#QMq6YmI=yTGgRNvzQ(x3)_FxF
zLEz_~;TNW3ZcX3{z(pDGW0<nIhf(g>i9aFRw-Op}<pb{k)dw4|f^Nxl|8TZW!M2wX
zaRwuV+`@21UI)F?uBg54a0@EgD6d#Pplhhfx8;hw*y-4|Y`N`cg7LFDYa;f9e`z~S
z!8(Zt5J$z6F_d?t)uP>F=Z3^x6)uwGMARpEy$K<8OK-}DXkyF}wm&k?dxY)wD@MBJ
zak!Tkgc6K9;vc<2WpDCVkr71)zNSz~zM+c_d{)4#YE<u}PP;VTS+(U#nYB$NwNSj^
z6C1T#8IkU=q1_K%lHy2qHHja_V^Nb!Pb1|4T9y20{UsNOBo;99ozy_7-=eX^)yySQ
z$u%(&vdS^|SO3WeY6n$_BC)cNPG-<rfd@_D@UOBELs7@tvQn4XHUv)H;t?+YbwyyI
z?JQphDc$G;W|JGpbTgp_*;eM#L*`wW#Cq6Mf{v|0%NL^+XtUr8vJgtr@Gm<DmQtOt
zDxcE3zcJ7qMDYz!?<+4I6)rqVgW5_}600I^NsREZm5AWj=i>R=VF~4^;$qC35@D}M
z65-@3v%cz;Vb^T4&8Fa<n$tTjl{hZN!V|b()Mv<mNew$tzMn$xwr{FmANJZS$JXPR
zDX^w4J=A(O{mJ93i|)iaQnH2JRH_pIlPg<3P&yKAI`7vq-nCi^04qn2P{N2%2A!e`
zS3ZZTlxNf$e>1kAhH*yqKerHCWC^XXoGWQgBU=|!FRA}$ZK&)d=YeX&3QJs*%)UJ{
zM};MBCetleUfHW1c=q~>XLRYepr#5g%)=ebhX-@wzlEgo9RLr$!z)9xCL8b8;a-p$
zq!T^PJ(7HL{mS$++QT&O{}8nP8!Ck{f#t6KKqa6bsKot$4VC^ABW3+3MuL=sBBg~7
zYpZkvB9X&y6&LeMMhiM=>XK%4u(IqD-ml>!64>{H-z`8e<nm)}74H9Ue3ZuV9Fw!t
z4e~>ycc$6(FtIT*sqmw+S)Q%d&(OE`A`rgSNY}?<uzD2P57^BM1=pG=koy;m?iz!c
zdFNRbnYpBcb#w6pjl8_*{u>(USDfyOBNlz!09!NwVvk8qOiDcQDn4o8NCqTih3}{C
zRuleZ-3p9XJ{jl+dgm#-WRqDlD^U&<=u|>zk@VwB*bEXV>5MB9=kuNB5?~dP9m<+d
zs?N!CV<)~Qn|CUDvQo-7n|rdpaCE5Tl!~Qk2m72{;(j|jnta>jbn7}ONRo4WhQ-(S
zVTat+Js(LXK`v*e?CK1k<px8;ou`@W&GAEX!N7mXDg`g`Vqd!xYsB`QJH4AN+^7}#
zF6O8Fj{EaeMy^rMYDP&Dr(KLpJ~K++s@uyWFV_dPW|8d`s$4H4|2IO7SQaVKpZZ~U
zOW~F?om9^f?;{^&v;T;az0e}#qx~JV+0zsFcsnh3e><!9-$#dPL~Spg@^!**TS#}l
z1^nZ#EnwcOEMZkKvSd+J%JRcGaB&m)XN_&g2lW3z*9kuh2NRLplhU6fBmSfK`~QpC
z{a?Vy+(zHQ{XZ8{S@C~tHy99tcN&bjoEN-0c5vI*gs}+4;)aAnK(7_@Fmc>YMaC+n
z0uaH%;r721NfrOXeFA;T3&+GG7n*|?0FNGQd3xRMm;U!QDu&H^@h(3og|?Fjz*{cW
zCL8F{!bSu-VnPFX5jTFgvZhXRRTj#k+Dw%2`wx=Jo0mMyrVwi2!00LfrA>^C$%$x*
zimtyu%!=lceUV6Vz<kfit&mCoguJb>A9I7;s(5~@aNted3ZP%I5mCIarSuX!T~2ef
z96ajyhg{3)rj-0niLAOu$(SP|PF&Iay~`IU@OhUgu1%4QTEk6Rjhf7)cqG6v&$R!J
zofF>e!rSo1our40cL1U^E8M}VQ2MZpgGod(F6pLEbwiN(;GgNyNZ04fuNQ7>R3NNC
z`0oecz^M1&-|rJ~;B!|1|CZ7_`lBB3(f7Tsu{9vk`z6<vTxy=h+5N65#MPtW7qz_w
zi={x(N&*7z<M0^S+Tn3dOP~>0os3nDTzC!-3EI}qBUZ`jl=!zs1!@!b^<f$Fk^zmO
zRqfS^r5k1uSFbIG-!tQvZ~rTv`o9)VpvwoD%s*Uz4cK45g#OP<#(#W&VK+MmV@Jmy
zw&(vlUQyZlQK+GOZ+Tsj(ahc(7nD}z5CSC|^uSnG5e!*C(aKp+H(SL^tF;@otigig
za4BAu!cV_i=z8CcVLAhvI1gSgcMeNWwyow#tV}6_);wprJg+%=9y(4kFL%DbzR3R;
zl#1NJFnP6(hP+|4*AeU~!06MAwoaZ1cegDD8Efqgga=k2@x<EGf`hFXdyOWkw9Sip
zoru7&)eVzI!K*`Z1XoY3m1{5Kj?_xPB>aTNDY0lyR9%!;ph^>8ltx!1-D_~vq-&Iw
z+OSub@o+K^A#7;XKK;bg7>DffnFwyoFNRyDS`6E1dDJxi*aBSVUpN2bPR3Y^S(%MY
zTEX;S77@>>u`+qOuTN$%FQGR)0yqj&V|!g$2X8tDc;##ql$aM3CbeMeH@#iCtncB=
za&!EPLnYd_Y05{Sq@{UAB=2x{T6g+~oJF;1HEAP%W?qnP%Z`g3zSSI=$tn@-nY=g7
zlYbs~08!HeI~T9XDj^)~C(_z)<DCMWOiPavjQrlto}K9dJu#Vk0xZa&Ny&h-e&pD$
zKymt!SZQl+BJ4=%=p)uxN^8XSh$Gz0#t?<0wTL^hNi;wkskL}nw#9feXE#iRHnurx
zV+1o7uj8!xyNd!0A8akVPJ)gyu6pb5u$@H@e_WbCQKI7o=Hdn-F{+dfy&394m(nt{
zNE5EoLpf;&9`e9zf_*Q-b~yxgM%A&CW^Zh4$y2;C<;mj%c+K|-zUtfoPNctJD772f
z3?;^K02C+lVGdrR03;X~3aZ6I0@5-n#;TkhG#N|7XCdXlU;-MpAA6-9aso*t1%<u>
zKb9gC%_@=&HN}AZZhpQVG(K~tcYF7Uom0$j<|)lwCdu3Q7_;W8lv4o_<PKXO*DW^7
z+LA7BIe6DdTy3=@QmLpweFpo!mfvvAjSEFrQ<cK1#2qRHJ20FVDnpYqYMi8_^(@xv
z#nnqdx~6h3Xyxozq~6sF^GTnsusQqBlMV{!qox^G=CdP+@I+FT85=Olyab+W?&~sv
z#E)z9(mPE29;KbV-=+P7+%(4&r3`n#QS|c?MQL+5GGD;Y#E?KZ#f(I(<YPFe1;P}&
zq@7aC1JrIyT$yB7zgA?5eZbz!4jvipJxZ(hvX191K_j@laUt;${A3Umy9q>MA3+dL
zLG6zj2^0pwTshC7iB=)^adi<4zX<%Z2&Q?#2U{Toh5}7TNU{*7K*k_`L#iYcpeQ?3
zPMss@|DuaKHg2C5e$<2fe54)kBDpxp&;jS}ZW|1M`yJ*9H&6GZF!R9s7_7PV2C`=f
zk1$sFuMq37f-)O}MW_vjn|adql+XZXM?ZRE0Dca&S6A+s!#YaYl{4}D0&!%-;uO`t
zB|3!L@CEqt{o6<82^V351;=af4Kl8ujnELbYxcKg^8WZ9%6)1;wEI88)^H*ly{xZ>
z#ZWdm!t3bJO6Y`b&}{-rv2{_q%zb$Iab2<wa^VjyJT4}dOGP)uO`s=x4^gSw1Se+g
z$7i}2ZWc~7_@M!o$0FiB<oVo1fnKZ>h$3(ha}K(dSzmk!ZY22cU_U1kx)EX)nC+19
zHS=<pl7c(4h$D=Zh!F)Zmc;1IgwQnGgE-N^NNB#C-CsOKf3IhoyhUnxM*!V?;JOB=
zx`<%91rj$myV(4J(xxh9$L_E49vcA*O0bNaT;!v1l*TrY5+rz5%=*{+G-r&2T|tii
zwH<C5USL50!65{sc^XoeRE90G2-DC;S93NYa{Aea?B1`h@BjHJ|5s6_A&vH9{9##9
z|MYSH7e8fNTdSX`x0Lx$^0>a$f0yE{c+LNk;g5W8TwJ%St@>-+{57EO4Oal<S@h19
zz>+ny&b63xC09+@Y;9rngzNI@fFU!czXE;84Kr`Z*XkK~aX21Na`ZT6-0*gLfz<lH
za{?yMQ+qSR-ErCM6bFE9AmvePNl}kzs06eZ#b_YwGJ}c;mc0I1N%o~*LHvn;RWl9I
zM7(H|;cDy;b=O97qD^uCQ-Lp1-E{U&XPSK_#I1MT?(gJ1V1q!Q=*Ug(QL0yL_Ogb}
z8g4G+ckr|<Nh|TVdgB1bv2pkMY}YasKxWxt#Aw|!u!#nZW1ljt)OZjmgbVmo-9(ll
z&xI=X;I?3N9lh}Dp~gj*k@TH>EZjQD3iW?L>3niQxMgtivOO%*Yggl>P0+Y#t?x0C
zcPe1}(4XCN7DdVUcBGmB*311H0bXpU2|$K%N23P6-nBui0H4mc&{GIy*(@OJHnI`R
zUHVq{7c+n|k|A(}O8$x>8W>?EJ0bSS#K8x>3h2R8DDw?-=cneVAEz?seugZ-IIB5|
zg4dpBko0x(|8n&w6Q7DxLHL|Y^C$8kODov`cPBYr98a2&gNs{@2`CmnzY|2IigFKb
zbR-t#1QRhkvG-#rS4$rJLx3MN-I+$?D{zk62vYbG%fWX%U~5O_;*KI173UcVe3oLT
zo^OF<j6@-s_#!uTh&Nx%DYMQa!es1DRlQqIq8t|qP3IN#yeWkz@EyurS3TTbhhM^T
z-X>5hT(1>@to;r7p9k@mR2sp{k5Z$L_Wxh4@ju<6pslfk;eTmA{`(9zsX==w9VLC|
zc#@}0+KH!f6YPD$=#vq4!o(89qsL;z#|El;4T@vL_l-$qO1b?8i^$yvX_RAm6|l^$
zDy3Wmw08)%R9S7gY-}wrpSxH#RamN4*=$@@cX($y-ehqhGjaO@-afnAcG^z3cHX{w
z9<pw{UYdBj9;JUdp81dqxXneUWd7c_Eqv27|C)}r<&2G7n0H@`R>iTy$m&Ts)^zdO
z@QY)&9{I7TPS{b!wHv#^gkU;+!N(bm-?`yr054IzO_zF%aq*f7yE(|gc?I&Ji1&5b
z*S#f<`&@+ttBH8ZVRt{y2_MJ4-#2yXq}*>Qd{agI)=Kwv+(&oQMDd}V`pIs()h2hi
zqbB#fzqx<@W4@ho%v<=zm#!Nz?kn+-2f!D9r~~xaGv&%=Mjk7Y3%=5mzkh3zbA5AR
zK6|F!_Za8%hUR<|Z+)XG@Fci@%eH^hPvHwclLI}OlKX`k7e*2!{j^JKl<FidtU{Fc
zhq1$Fg@}b=RwRanO6K!ItP)r$3G<WzS-Dc~aim*w^O1Fm&%YbxqE|681P+8sGcf7n
zA@2cm;t6K;44>_z#bT<+%!-)c(g`JJF6sIuS_1b-zO(r15^@hFRivxqg4o`Hjaa_3
zsv8Sy=g@5KnjkddHIPm2AeLSFJ&)3PwDWs6WRq2pK^xFr+S|==y843~c(*Ms=q{q2
zeNo%D!~K8RR&`q2xR5Al;NSYKzvOB=0#B?H;5KfLmaLv_?yxMJt1`T;<Ko%H-Fr8-
zv>oD*7X#Nfy!YbO2WamDwJp2+@NmWZTmA`wuGF?cKGO{_=sy>62-vCESUxxlgEnTF
zAc?$pTnv24_zw0A9j;`uG25;VHl#zAflEv04U4VfTag1u^DpYx7%S^@%562V38}A>
zj@Wx}k)QTycD~OmOr?mwtna|xER!6~M7+zOM7;jxSGMIRrkc1<Z+4#VS;miYl%pMm
zM<`Vj&`e@~9q)^jkR!n{n$n#WWi%M{p&GY#4q!hw3kM!Jt0o#w)K*%#lHjzI8|TUO
zp1|syDYHx^4_;9Wkm-AT>_Y%|yV&LeHn$hfphfmy{>~4z8D{2fj2E{<Ukv2Y>9W^%
zITY|BAyF81YHRyl73upH7A&COwJhCP()SSI{P|{W1Go*4w<5jGq1{>=u*Ua)J;S|S
zmCwD8X~PEh&Y=b<dc9?fs9W5Eb@o@X-KrXxzk;eBqCmd4djd;AC~I@WLTc@4RV>K4
zOUAJ6##qI~-M%J~>{&gi`UCG9n$I0g%Z}c<(!&R)#^`x^kK#uHtW%<rl72O1`aV~m
zvQBYYYCZBPt#huD^ODE^jae8L^KD7%gB_S2mV>u_Ir1q}Rj7h8YMw04gKj|($;tv@
z*^KVO;)(f#bv>wk>FB>$B#-A}@k)eu7|B61XXb{{g%z!bJ%jb);we;K(F(~Wus4bT
zvRsG8R!K%8b`X3f1#{O)v{;a0G;4;|7Sd{E%*f>q7%u_lnp!SJ2w_PVbi4w{7Q7w)
z7{O~7$s_&)d-TSlEfmJ0MXLf+;x?i?ctvP}DC8)V4=bhZ)92Eznp0>ODKJ*bm8V3t
zR3ei-Qp%GjrCl)tt6Fq>P_lHQT{3G7w_qtR@Q6}T3=oN0ES$sAsF>r_sF?$|NY-Bw
zckBYNi8&SkXtB10bfPq1;Wq&5Vmwi-;w@R6LPIrkCTH6;(tJi)tA-`HB82Djr)YO6
zD|Hz}SWmNP{fp2!pjg%{WShlvF7EBhm6x+-C30%xKD+LDw<K(j9P6Z0He6d|Jvl38
z@LSdTy>2b4>E2rZhJ;m18zK%OR22%iPGzF5`}Jj}`m*`>jyG%OwuUcXR?l=Wr!SoT
zl5(HmMZqzRS$V<d-6BEX6HZ`n**nrZ#H^?t)>cSkpHo9pB39^4O-icS9qURE?N9CA
zB#Yu{V!}zLA6`g2knX~S1Nzw)GS0Cwu*xk|8<nc*YbtHa%PWjsH@p!W;ASxPZ63j6
zU6MnQk>SgpT<)VKAp`SeXgPcdmlqM?tdoYMV`q=<lP(jS#)fgNGmR%Npg@kwSCmy$
zRTb4WHs+O96go_l)r~>)@7_$gPSyw&qgcdiCx;do%R8&<^E#P)s`Dd=*W2+i6d6&-
zAB>6`=iHUUB(LO`@2ekz13Wg_(^M)7ny}254oQL@d?WFA!mcz6Ra?Rsn1Lw6P7+Z8
z_x2(>Yq1(}L8Kybsb?I_HTGf%5sQs_g~ySd=Wbw#>1dNuS!pfYI{Yd1!2vA!X<XDb
zL^?wV5i->8$by=~i%t<BjPk_PU~c27f%GKP(oCXKjhPGv1vboN2Nk1_(6`3%j0eCL
z@)C4L(?-Vv$N3+JI(#!k;t9Ao9o0rBNjVqYahNR$<EqK5iOFo@f62o$94{5tGK)Hk
zS))z1(=qF|kWA^#-OZ(mP5UDQQ(~co&7~GlH%f~SXd<S}#;l}aEvcTOl-9SdY~dx+
z)$!n*k;rl$#_PwiAJ5<C+s5!W%|?GWAbW+e-!zeTHCGpP=T&#t=a~yi8Vf5c;vUR!
zocxAcw$UwY>=<jIbx_$uH#VrMbDiYF_3&47Hd|JAY*u0gj7~PC<OCwqyJ>M&Qdd;d
z*zQv`H0G6?8%t{cAs<c0st%!l;Ten=<16SIzRIe~`vno>!$vSUQ&HMF7~UlyqO7XB
zUwR%99DBO$f@#BwO&;L9fuFUK$^JzTBK4q-4<9_jr{pl^f@|&JcWeojbug|_6f#ln
zF%4qOk~A0Fc_tBTv`^ryj;OApF=wEpzoKK}7wZ-rK?4-LV|H@HqRY8p&go36+(esH
zv0_Jc)H(6e@hk>WOc082NDocI#%?pPNqwl>{Y^0T2|K&;%FoZ%GS+^pDAc+H1NNu~
z{mog6x}hcs?u$wF4YHICLou>zcLFbP^#aqs3|+D@&{gQ;le7s@azb)hED}D76Fg}?
zF7kMBuF-SEPd5Ylf#~u9NxbGKMHESl+CTvrWHhpL$j4#c9+Ch{UyIvvj!;nt!sT33
zamR6K5Yh3rHXOeZOT?yx{GsDRtTA;B6L~4v^-iMjE;rQG$dhPqtAsDndU8Ghd|mXC
z_tz8Cd-O=h1fR^Fz5;%26MG8+{biVe=GquPV9N!E^=VK}gpw<I&SXnc|IuX&`R-Kz
zS)q2)F^Av5L#F2)m7+_`z6Yjg=g;4|&kAl3jGYLlV;cb;NisOS`CnuWR2zqHaZ&bn
zF!MO8W^|VT{IbShn2o>Jlp=Auy=0C%ObKZlFedlDy;}oBA3o4h9-P1_qxnO$ZeV@K
zCYZ2$IF5W!H9X+B07d9<5Fx!vcYoT@F)uyue-+ba*_r7oU7ilTdf|#{e2GiBdO9I6
zPwK;rJ4%gYQjfQF%^s%dP6OUjNxkfNYkHO$5~fXH^gBrpw9$Uxg%qs&l%7A%ye4gb
zI%7KFl6`BHNj?^1aymoOa<B9SL&~xtqBS4b)?W(?evqv|XRoO4xb;~X9?&ve&9NA3
zFZb;!*AtM%p_JL*czJl-6D!(;?m)KrWjKG|?b#N(U=N(zjoW0^opS00UKVR-op<pz
zEs=Chz{ers5=ofaWLVnp0!Iqh20|Y^_wIjB;f!*A0joH|=(*Hj78bWp{05|mw_{A;
z^5wlHo6n#ILokZM3pA&nF{-z~DE8c$M3N7?Z%T?F>J<~C9awT;`_){quE!X)hotqS
z3_K8!&3%p*LDc^34n=)ruqZ>1di<S!CjWYB4|+;L^oZhdD!D2yd%*J#3U0o^EjD{V
z^(+x}{tt#_&?98T0rG$Vr!dcUs^%^37pjTt(S>;5*j|DM%ygLRABNDj&o>Vnggpvv
zH#39>p;M;7v&<Q?ZPLV}i!cGBG@MCf2u58Y^<cBc(kuKy;J7G8qcx%qPXyJc3upt<
zXrf4?Xr1G$cc}VP%~X+{<4~`pf;*Vxc~^PC8hsXTc-lwr<70@^VtfOxPq7od#%M2e
zV%}Whog&c`2ekWu6VYr>0-*a%5XjgQJdEJYI8QtF$IbT;e%Y}<==Uv{Z}gaN9g!cZ
zksp6VzIceg|Hgf%zwCvyhVk^1{eu-9B#-=PF(vHz<{rgoi2G^N@_Tj+30_V|MeRV*
zA)R7?wh9E%&jk9e8EZYAE{T>}!bkXS=H?=t;&xv!UjK0V#L=OFbAyB6WdX&Z<ph8}
z(<<+I$jUQn*AeQ9i_{s2rtR}}?GJhg50Dv?_)B29P!-gsxEe(UeoFPDJ0U%1j2Tlv
zhDaf8Gl{Qq1_q+M5J&_w5#*B!?nRhQ%Uu$+dr;UR(&C0|2(6F=a;Fi>@&_})Dkh$d
zDm&EirG*WR(^SfBmdfAHRifkyQwo(ZLFgO%;2c)Lyw$?FUoecqz5TNi`07&cy$t2;
zR#?q2HW5h*Otm_mXB?j6^2en&o~kd!IvEELtI~b=Q|=p`#SgYp>EiOW{f?@O523D9
z+^E&-qZ^>`(F*>tm6=b1I;2QSEv@W@F($2XLmlWz-mB?nD*Abf6wLQh@BFT*N5dWG
zw34rGK-%#LenU_sFuJTo+KC1=eH%Ds8FO3Vp3vMMtIZKA3e#=1OFcEgI0dik>{<Ss
zJUpv1I+kz8K@?yRsyd92Bb1a0+#vUNZJAOoQVD#!ua|A02sF0J$-p0JU+$)#hBR_b
z0yIbhK0J{Y=bo!pYb{E7+`3g}tpdcQVIxTEA4bU;jZ|%Ji`uLv5+5%Tt<js7>^?B;
zDT|C^%$}VyeaaBot_#1)g!4etP&3X3rj+Ci<t(JZlNzO>qMi!IVvZrTTU?h=^p!AA
z_pELvz$!38bn%2F?P$g#oLUVl7>(xNoO%?jR{mmIVUt4<#1VqkxIPIrJd-{Aoypmd
z+R<+^${4#vZm5=fjAQDU1F9o&8u{#giJvIHB-7d4%-yL6oNCqV5ZN=)4u^2ZkrfWt
z&Oq&P^GijYVZm`%Cx;X!#udl4diWRy@q|<{Le(Ld=VN*9Vo|9YVaFQf?ng2TUAz%w
zvOUFBi*O?nGOzp-m|?V2XF-cTaR3vvG>DpEB58n{C+Hg9=g3f(vnadctt|ZtdZsAU
zYj~fzW8D<;ium+QvoU$Y&{MojkpbH_jRu8<3OR>wqjh7cbu5gv^}rfNUyLn*usgE(
zxTe%8ed?^MTz=;WsLx-P@eng*9$~RJT;ykntU_?`hIq@U0<ZPe+Te$kgpb5YHo7=m
zy)_wa7rvPKPq*<xOWy85*+SkwQ9R7r(DvsD`_X%?{Fx3h{5VY*lfTg|>BA$A`L)QM
zbZlYTw=tZ6Ol)Q$?!aUD|MC1B64IvC<2m2>dq*n{@k+OXveo&CmeQ2DeRo7QN{ad;
z)3s;gHKO<Y=5T8;kI0$Bpy%V&e0d*m%Co8wcesKX#97wAQ66ZFRvxRxTqex@A~VJd
zjeF7SPVf!pr7@<?Ibw#IQ(_7kLLp~7{^$(7;^&4Au?rF^n(SSC&IHQ1e)bkr_e$v1
z3Jr4A(fnPUXl$j(wdz^^*5`mrm68KEXK=W(20Njr-PH6LAZIx6r8f4e>4A=OgU%YA
zsF)?o+qCw`Obak`3sU3K3G=-6aEV25Dn;xwPUiqT69{(s=!Slp8K?#i>Peg0ek(R6
zb(d6Q*VFoePS2P-$OmJuAme~c22$<yTXm&j*R#^d0cx!L52Ij;pSM{f5vm~RkKi3V
zVL>dEl18X;cx<^j>ZP9L@`qa|C`;ADsM|t(-_Y#~%-}VT_}H1$#)&5NM3*2H9v*wj
zG#zottMN!uDQ1^iJ`Qj7pCZzTy2||A-he@dzJ&i&FC|ZT27Ou=@p?q?nNT#BFU@1s
z>86zkc_<$-<x+U7v=@CyJEr*gl$c@wMuCfd_<EE;6NKcVb*X}Du5cG@);Zp0`Sn27
zxwe~B7yL{q#GStfujo3+Yu!JBZF&4*2n%{1`51&na!Tc^0{L@BtOC3e_j5;&z^fxQ
zb$@e{KxKOlW1-cmb}6Du8ErDeXW$(0A2+}WnFp3@aUY3(2rn3H`4`BMBs^yTRGW$x
zs=B?h(U3CY$daRn7Ak3I#mStlPnEibPx<&Ep97?KKx-S@oh#Z?QR@v&+G{#b$!fUI
zTNz`|hg8=hJ^OiueR7G0uAPjA4qUAZ(l;IRd9XnlwuM^~h-!r-d898C^B?3^5}JDB
zHIXSFV7jlnKS1Q)N_fKYSA#l9(cf><PePlWHtg=(EBdOwz|x<TTIblKD!#$u=NW3b
zUpT^>y7}EvMduyMrorN!a3ywZ4XJ%#b1Uw?6_*d(pO<8<tsfqK#txe_4Xc>!_zPJl
z2LBEMrQp@1Y#Gz48N2I}Fn3lZB5kdpf9`u_+O^km6SnU1wn!Fnwq=q5wS-B>sxec0
zp2bv4f!E+_me>EaXZ^2{uBZ1rIQ-8z*W!nS%Km@6XA`uwwzD#JQ_;6_HvaEn+LDU4
zBeF7vk4(Ht0-&*|C`oT9ztnu56$NS#oa%?kOcNwWqm*XfJSM&>lYV(=!--k*M!M}*
zz|2`-+>7}%Zr}L`|0=t9V%5D)HeJ}o%>17HlKJ4neY0Zn{rWyN^Xs?{bC`ig{!j#z
zSZ&#k+5cDal8LZ=3wYd+weYoBD>i?jeP=o7b=j3SY<n;S@cJ~dCfZbcuW*+|ibAmQ
zq3&p+W#ag8a)N_afda#&K)IEYM49ynZArcJL~^vD3N@zR?X*XgnDg21$kUDC>bUYY
z6ON*c=!$B|dFwUZP+9yDLA@f4Sm1$n^*GC>ELwA3#^!Nu%%uwVf=>O_;&nE7kZb4!
zIkbO|jS5?J<MrM8iIxg|&YX7iBQen~9s!U|8ff5{UgTT_Fg?_~0n<Klb+7u6#tc@@
zB>pRt;b(M^MlpWXDR+zpm!Xv%&FYkpnHKs_mjIbC)>Ah=P`anH%?V48KTAPlrpmoN
z%G6Mq*Y|b_{`19pV%G|DcIq>>2k(P;Hr5lJ8D|^r1<ZJoB^ujBd){}v43$!@f!<il
z6-7u>(yqkBPL@R)_QqSvpKAv^R!zIV3uCZ<PoY>QbxwqHSTMm2liKAIM2J*v+8oX4
z3@uiQ-~c;{Mr43Bk{(1DUAUXO696jhdvvPS+}$^n9NiqgjixAH<TD4&Pz>2ohupbQ
zQctzNDR>4&<+%l91`a5e??}RB`&6=c9cF~@l+w}#CE`rIhHyWt2<-Ms1D4qqE4O6`
z6R=btFaR`?Dp0`8ch~vO@W!4-!En>8x`EMeMUR!`Vbo>*Q6s9JFO{0suwV2)_|6yb
zmwn`W5b;a&-)rqou8$Rm0_@~3GO?X~x*=sdT(OT|cUdKN>3~yQ9g#@DIzlgI=ajM@
z(hVR9ow5oC6nPAvu$#BgdubutObpP3>Y8kqxZujT1QK||5L%Q?Fum8ML*Ny{zxfJ}
zaKnr~e&+5q+t?tE$-A;QNd4ON7l|1HCi;E=NR6~BgyGuoce|-qdEPQB&t{~Y{diOi
zw`kkhG4^#5?k71YtFAtuZ29C3VJpN{*?0SRuWf3U(uHLpXm@|&KDjRO<v>knC8_BP
zLusJyzrmI7kF-s}#)SF?8hZ9CLhgc-nb_VFu>+3ev7J72ylv3W5=?%a1tFfknNrYr
z9sfrY7{bkd7?Up0yP`g>pbz?WIL9f<-m$bbH3HV!5abB{Z`3NF_w&|f_?O20ktVd;
zAvqcp=;o(jv;cY*@LNxsRX^Y0Bp|9wt&Cfoekc2s53F;%#}m-l<0^kV171_^Q>sHP
zu1^jvJ+b}+y8U=`H8^N1lb#W6eM4|=x~P~n`41~2_^AcQ;1VDUodd_MfyT%GrOyAa
zBEwU{`#TBZ*Dq-J|GRPhe}vK|rFeQJsA7)z+HU;VgD*Qsv@j((BdeR|0l6Y#{0Npb
z)8o2rM~fOyVa%~5B+?T}f*g8wZYHg#rAri1*s@?6ckOyR8PnR`b6)=IdK>8Zc;zN1
zHy>^f^Zk))y?35)oN&yzXD2+~`)2dN>#=?*haIu&_+jwKhso{>aquXIG2x)QWxjz<
zlu+Mda;t~U>>F`pBe5%o-Lcc&a`?Qt`yoDa6C>0Vnor+r=_06&d1(;zag#Ije&qAT
zzeVzeyX)x1y7TLyKIHSIzg6-DzmfXUJWK!!PS*UcH1Sc^gMF|B9+;E_woIFWtTgn|
z*8B5N-wS^H0F0fsgRnaIQQT{C+ydInpo_3N?j^5>{jdSNk+y@l+V@f2D|7q;>cZGV
zUz_m;;`e6~AL`P$o1`}8jo9yV5+52z?@MTx;GqOKB$XGLee$EN7x9=LG@3~ljeYpT
zn8QaoS{J)?64W4VQLddlnb9twhPR#b9A|tOdAf7$PvWKY;B{e&Ny*4#NM|#ux>>M*
zj-~#fbvsSXk_C1w$BYnQ?F7bT;m!!(UCT7cyE}C43_i7w;2lg5$bnhz$Q8`rq>v%c
zZwxO5b>E%%>+cmCNM3d57M8v*$Wk&cWbhyBAXN@z2z_v(E0fYGo4lb(zFs&K0c>2Z
zB8H|F3r4P~WU-J5bXL)m8cG<syK?!&)cp{umI~4rjuWd~8vr(4OvsC9#J|oyge&7p
z)oQ+8;Xb9ZCJpoQk3}Y<lX->A=rEg&XL$!=!VG^4*9@TX9y}EWR4ye?E9PCsh!I(;
z^nrzAs8()5R$11K&%~{{vGDDs$Y}+mDupzHjO^Hc>?gdYsDEfy!t!g^o>K6nqVr>@
z(W_Q>!B!f1&rp&=Sw()3)qmL*(ds_`6_TN4zi|s_`*4Qdab!G~jw}1Egr`Of(CNl{
z^(Rx$K567=Of2b?f=m>H)D5Ue+M^yz7L^`yyKp5{O<XZQL@bq-o4veu;@Otg4p3Gj
z7?0q>&9UqB6;b82E{j5RR>PMMEE7%W7zk?&B$Jz#zi80$jv(H)kCJ}-Q(5Q_3femk
zp+@Rd3_PErI`T(n;L8p-xMEURr*7-#P9~g3$!B}r8BJngokkZ4&Rq*da<MNVOFIcI
z*!wIG*I$OSZ$USBmpSDyb7EYnBRZNCc!#;U4yTQYBy`O=*;b#uGp_|MBuLb=WaJ&^
ztfEgG+xUM-8|Y~aT-1b}8E)YerCFr|a3|u2gFRuSXxr1*57MOOI*;vStr)OnNyqH_
z^|md9A<Txx`z6<dQ+E<($4X(!`K#==kD7v7Gu#m&t_R+6PY1#sK8F2v_VqzlbTJD(
zDY8$a<YU>&xo0Zi$vKRl)|9-7P_L?FFBr~oUvYhIdZ}LpIlfMNb8b%@K8E~y_HDs!
zzIHsBb_+MzP8@bB9d|NkyqQH8C);f4F8v04m-xoGn;v&+JpB7#{(^k>^5VV{;JFY)
z`#`AFlc<5K#nVtG^Cv6Qm?y(XCL4zuvrJ$m>nAtST&OKKSm~{e)`uB0PoO1N(QK$S
zH(ctijnzjOvrXV7chS77JvZR!af~{I9x+THCKu3*%;rcAek%?wMi-3OxW0^dl;T`$
zpHk2B3FjS_UF8P^)EU+IrKu`Ev}cz33$rHW7%B{;PRXMv*;$ieWAEaLD^e~Wi;O7B
z@WLL+8O#AWlwuB8<$A^DASvlL83u{D4s9}Csv7F=tXOfSbg*r)p3vot9J9%+sqsqN
zA%Eto%kZ*d6Si8OEf~>h4JD;RP6167nn*axIVPECFc+jP;mm7QwTU>YIaVEWPCcb#
z1K2EV<~J+bgdHo6S*Nbjxd5&f*YlfIZK94f$2?P?=@0;T3%q&mN_U}$(qqOU1q?6D
z_-$EPnSB1v;yakgl2buQJObR3$SAki#W?K0@VkTtV7f$r@GSa-ro`4q6bUR*xpT|*
zz+p#<3(f$`!&bz^ggP(K{7)1rlgQkAoMG3gSU3%f{-ELno_ZY)H66)$fIrneQAjbg
z#npx#*XKiQgcX+XFK$6&`)s0)zaCnHv~FlE`$$pkkzBXjoOk}=opE1FrJ}HSc~L2`
zBT`<WJeU9zDxOHurA^5@#H8eyd0kBP;f2<b`!mY4+~Hm|nu-~Nee*;ycQlp~M)74T
z9r7C0%7g?|+gMw9uL`e>eH8ZsgRV~TJCiq;p|X42@P$L#a9D?Sg90msOhQvCR>_im
z8V=37tb3KAjl-*O*HKr>={QH!lQAyTlL=SqZPFVREduRun=^T<xMG6}t<qJpuJD&p
z;c%X{YBO=oIeK(za3eWJl7VnshcJVZO9d^eoq|^#_nQ58BO&`AJ2saIydfPr7D3$8
z11Bl15dY{REJyi}HzzaK0w9}7|1b`-0bm-Urri+(&P{}5eaJ0H$+Cf)B06o6tYyKi
z`b;Vw8RPU^V(C55r+4x5s|LV6(bJ{lVh+6meYcSJ3)9mo^`dNz!p#S^=xO8)GbkQI
z`CY7hh-l;wbpf!;Xowb#?P%Ap_Ln@8m0KLqSE^}r<Qw`w*Yc%>XzidsVB+q_DdPW}
zA0lM#Vs2#opQOzq6>CLgRTLjO_cfyiD1V}|#-^q!NCHi20~S40BogNgJtQIn%}uN2
z+OztMH7ktQZTc_JZ?I<OxH9I?b17e?l9TJ;*xw6~S1ApqGhHVfH>NK&J>Rd$z0zt#
z`>8Rz(V@2XY~h|_VHhL8zS=1E_&bnp1p9=^LNvrvq?ka|AFqf#T~q|r2C0HxGdVFF
z^6YPZJ7bWej-785aV$Wx82Lk1*KzTbM~*NL;a7`BO?eg@?U&^&3#EXg;tCDrrLys2
zi={)41(u`6I!mP|FF{wO6&D4VJ+J|$&370-q54S#t>y~Ofm#DKkLo7HxvY2%MscR{
z)pUzw<&oVRT>aTC)^r$ji*`>?_065KRkDF0A%(Jvj&j?MQ_f&zVn@QJIffU^XQV$R
zZxY%on~Qw$ef>(88q%%`V+p@dO1n!Kwaz)lFU>s$SgazrR^=X3=we<_mh1}j7Msri
z^J>kssyoCgX0O8-CNsx4MKh05b$~QyFTJ`8Nku+C7+N!v5<Y`D8;<mDgWJiNCv=Bo
zE^2)weB?};T#CFvXCPxp**d~KN3Dcgm<-@-$yY>P#z>rylx9sOX&_$7)qZFoP$fUI
zJSdyfM1Z(km@_1c6@%7S?WiQ}K;^v?Uq361%sG<J9$f0Ge(F1Y6xANF7N(l(Sgn%j
zw^+*Fv7QBH5jNq#q`HOp86Z8g=ryN2S{U9omlgA{&#pA9b+O2t^QAVHw#w#crP<*k
ze10cvivvmeeRck6aEzLKBPHhLLvOp1V>o&btE0U}LM9BbuYT@Ezj`Os>{`!xzliC-
zgd5eu-V`(J-eu$}{ZBK5|N8~D?uXBR{H+Gjou;%yfRh%j+!aPqVIui*E(U^C1o|2v
z(D9R*7j!=a>fF5niaD|uh5jI!Mu~C{n9yJMZdW#LwU_9Uv6+}AK)g2U>4J|TuD*&0
zEowep_2HINgdq}7zQgo(+J8(l6f#E&gGQ3Q2tFl$bcx6Y-2ImB0`nA{MBpK%nnzA8
zm}s#_^&)ml`F$M@A!1nuVpjlyfPu?-S|0LeE&y+dPxT4fOT0xaiIgywaChm^Q!C3o
zX3VWNs@D=`B%p_oeMzJ=%5E2-zwZ%)=x&!V-#XM)kh#mYU&u_L79NqS75(VniOvDs
z3h&I*j{fVKW@My}nW2;a?C^T)Dmk*3I(7;-*Wor1lNw>kC!Yx-ak?O=B}N~z#3m<L
zJrL&1*)epxdLI>lvua;;vFk6ilV_3-dUwCGkh@#fEJq68yyOVA6e8Q9{lXv^w@q+8
zCds9AJ+)#pdfu+(KIlKmJLnf!{hf2PoAi)hgWLL<2JIhQWZP~WJk@=GIgT2-mT#c{
ztSw1Gn!^h)zkcE2{@*yz2ulgO{0u4n$Kh*9719f33G>@`&5$g?FAx^8QVTIC_)_2(
zqrhLaP(o0oTu6T)6t)cUdZUJpYZ;1N{wj)n^|B`aCS{a7ov6Qr7(hwQYP8MSPZkx;
z%LU8J%j*`FS1;R>HUjbUf31Cc$a=gVraX7vuPw7*M+6~$N#!T79PTwc(ez#!tdS*i
z0d%gFYX9K6>W6@{xrArkP_=4u-^kn5faAV|rM#nh$qJIK1I*m`hUob9T)}0A@W9|L
zM*C#IuCRjjYScIf$9TZt!#c8{@Rk{X-&t^a`N3jBr$oVq4gJRn!FE({L0}E-GJ^5<
zYyC%94x!CM_C&GhWlP-@E<e;RaS&&bfjy{x)Pl0g+_c#<p-1ZcZyb5k4_G?AGl8}A
z<!<6b6I43#cje(Z)UQFoNSnp`Df@5f!7F#ce^V!F27`2=!EMW5qvXD5QEj2Sb`)-9
zIJbvvStdt3p?pL!(kWm;Ga~=hv(&Z5i3R4zVKL){1IT`-B~<`dfCN>UP-v;4hDwve
zTnn)J7t8m!Sx@Q-k;-FQTLJb1A(Q6Z4D|`fYN4k14B3@ZD5O&T#JmY~bTQzBu%J~*
zC++frW>6M1%cFz<of=x%>oXIQz;|-FbXFv`OqgB9&+BRg`eCBE#-J~eawJB{2*oEk
z6kGO^zo+NTx(KZh!!e*WG|wYn4g3Uel|%yk?Cztx&Hxz#R<R5J#_B5Tt(*xqu^0;G
z(dy_lC)xG$QXtEoR^^}NU?X4yD(-1(B%qQjN?bS8)mp;;Y<QOdCY_33eg|y>hM&j;
zFi<WqRr+nZuIvBS&6^DZmQzJ@N`AwJI>U32ZA$X7>Izztm@$#N^#1iIAe_ZwMIVX^
zp2hN4X(lrpyd22*mLy~EUcFh+v*?ec*H^6zuU=YK3?ogTCPoV-kMwxw7VUm&zFFmI
zyhunHP(vn}yewIa*X*>58(L%~Q%tk>dO;V>h!Rsa?4-d<VU(>@O(xZ*&``4mJvZj*
zpmplU91-oVRDhxoW8ViCRg_`C+N)$h7ma}<AnxJC`~HA)9<g#gTJv8_1!6`?%os^5
zbJhA9F~TAswtQYU8q8cYONBltvJZe3at&i2hb(yT3}dKv)inzp)&xGD>*N3ZTr_(E
z*<$a#1gA071N9Zu`sI+dn>)>5#bVOJY8P?g9MOVp6iY$t$HJ25Y~@8e4B=&{FSIQA
z&ZD1;2q~iZMq;Drm^x?DpNRbX{Y;>i&SH{TPFFYiH@Fe<r>px$5j}AUSOx}#v3aYW
zU7~$u!w)ZG%vPnadp&e9;=_K_+F69b%2iOb`xIV7x{(DBa2zPKFn+!qO!hmNbGomJ
z6YanXSF%<~l*PhnF)xUrY$uBL3;=d>@%jgb{}G;ZU+=ELqrAxQPq#qos_c1LK6&9k
zz7gTpR5_>4l!VHQTTxu!{t!^SBs7D#Xx;;2xN{@r`rFENA@<KesQB40dd{!#7-uj4
zo;#&`j(ffla4i`Mp1bjigPT{SK3*p;GO3iM28q*GD!K)ZL9vmP+EB}3dCD2s)(dYN
zg1JFYsG_q&0&>EZ8>fXaVVf)zukpK!nFaA8r!2tuY}yzs6zr@yfsJ0aS7KNcr*T;B
z8>h{pIRZ=&H>dG}UX}wz3S?y|as*{^s2bK_|25`(hC2lf?n&mTum1%?P;foYA*!l|
zGiO+*fhR^!wnv`KK+xYol{<XdGG((s8Deu3uJrq8a@qJaQHskQ-0Z}`>M{4kj@`@g
z@g(CDnsT~|vNE++J>#kU^Kh`E&F6nqWSK87PfO1-cC#P4lY-ym_r(?sTvkF@Q)KEU
zZKNDnLoiIu@TC71S-E;nNJzYrmpq5DGk0Eu&@GK!6l4CZ<4FFBI;t{I@e?T^Pe=^^
zj8-7VYdp4gmFtya3@{~NMhGW4#<uhvG*h7ZvYR-&S2PFUu*Nfcn;2M=tfIt-wCb)*
z5GAJU43u<{Cu|y#rySJ`x8^2s)ta?LA5E<Bmt#t=FXDy{wVFGuzf>TWi2RH<6R9-{
zr|MH)jG6wdV#Q!1DvtA|dVM%&RHzF1;BsUL3jAbR?5DJusW?kxs{Z}SOo(XvMRJkz
znn>07heLGQq*5;cR_a2q?`R}Cw)z)5E7*QRAi*2zf!i0xj;!Gr7WbbuwnKTa82<YX
zGPa)ld|8vTu;uo^t8D$Zq7gd*RtTFLz!{H8rF1Iz41IK|SX`!3HZ77O{sFch8W}U7
zXC}a2(vAs@0RAs@IR+wzg0NwtY<4ukmzz$!EM6Lc2;_dY?!*O?PeuUX3!>4#D;Ibt
zK+N;+&U|g=il5!B2W94_(}F#w%B^N~P?V#6c43)5sUo@fgI9(L?LlZp8f7}z0DfRW
zL~V$;KUXO-8`GXGLqP_~9ruMsxLdKb79S8APt+bK=o{rKK+sRK{_btWGfQWMj(ua#
zLbA?&qT)qjo)pc3ZT^YDY97`sQNuVNl29{H*-Ee^FdcIyh+#lx7+uM2w^1lJ?IU}d
z>%u#Pu@?DyU0d#1;E&p_rKm^UzA|1=Ggv^^IPq-w5^xRY_Jxh8NCx|Ci(Vu9>?fFK
zEZHHtDM<S)xJ08AHthpNW97BkVvz$P`0YQ82#-)<-^{Hi5|RDi!@HCy`|6o~C-Pyc
z>?k^hf}MV#+rvZLV9>}zv3+h>M3uGUYFPPJ7)kc=o|R_fe=iilwQ`tt|0M#gl)$uZ
zv*!Laz=^d<rVNCB4W6GWB{{a;DCOuRpWK`j!D&Rbi7ELJ3t0IHaOK_zG~42Xm*kE6
zVxVS?mOWh^xfdV{T8!Kb%^H-X1oUc>&VIbx#e+z?>N(X(vX7iNJL|RH#ynj+HyIYX
zJ+&}i5G5Mo1&^IDMb^S<O!h(IiJ&ek5tEC^bIRnwyt=c}?6=v0#{?d6r%xTI*T!?J
ziL|Nl4<O{n&6hf=Pe~N(=O;zg`fnK;un7804yM!vM=1v`)S_J!)}<>RTQ^T}h1=><
zOl|xDe(UI$@eh*X-&A6U;AAKly-kpXlGn>C45e-j6ps%K9GNE}={#T$hxL75wSv13
zTcvz472JS}!gqJ=JF<Lm-90oYxt&pgx#L`8DOjilYX@DEv`*F<qT9Z0rwMWEI65^$
zQ~`j1l!2-Pu-lZvy{HCA%6kFnAq{3eRK6v3xIwf+3`r%4l%~d&d^EC@iZ;{<5#m}s
zLIf^lMd7l)I~1&&t5h4IOBPjlhAsUP{~=~l^-pYsF*bQJHiPJvBAL4Iy?KYMqrJjK
z@s4(GrjBy=_E6rNo3q4EL25v;Wd&H34<Tp-&o$y4oM|mzb}ErhnM^{fcLUPe1w7<i
z-iXKJV|etng}vWOk>7qKS5%^51*2yh0saGW9Dls5qlr|bC9QB)gNukkV-M0NYqLS$
z{JBQ9oOfsJZS=q0Kdvxl(l7f!-)Tnv=-010qH(abnva-@vbMTyO}hmVX_I^#@SE-9
zNl~fb2wOyR8ep58lxoKAIeQ)&*VIFlSO<+zBapKnZo@@Bwh#3s!ewR)89-qx75nlf
z*7h4Xqlas~$EjZ2wp&<a=`<CCm^ulI;|#1}(aKTwt78oPYX22L2}hrXAz76wRl%6G
ztjAMz6w~jlCV`%pM#mrcA~mconsRUY0dAE)QI}TTOWTOZbtcg`N5(Csx<{ZLK<q@D
zebA6{=FusWQ53Um-$J85qvaQMdA5gRugY||pR7zqD38P&p9TeKy-#zp2YYisr8QM=
z=?1^TkR9;wg{w6|J2^(#gtamj-x~Hl`V@I`%w9RNVh18RbuqffCU2#D7iK=vM;l3-
z|7ExVpA;RB2&RSGvNz?Ac$MnWlDPB_88&y)=UcU>?W5v&2kO0xKk*xP_3}Zgf!n2M
zM$w8t<&}GZcJ$HRL~WKT$FvwMi+*iodUCu2_iUhnt_|6dOTM2d`|Qnt%LI02{Jhr+
zd|h7S@{u%VdLOrjW-%bq<IPMoEyy@d`UTc@B(n$`2ZvB6`k}vCPOTptc&jh378kEQ
zBH~J>van;0@5OGe3!bqZAM!f%;uJ_rs-w>DS&z8sfOCBU|L)xm;!oh`Vi?<*ey23V
zEziPRES$Kals@r|C{M?Vp6J$Or%gXw5%x~fHCon{;WnF5x=*k3wFSpND`Qc0=X)8?
z$24;Czf?V!-{m<Qz8O0fZ{paA4c(nJErxW0*-(<+enYst0kTXRj5Sf7x-klG0Q4kN
zcA#wItDF;1Hz36`;Y@LQdu)%U4HOo7WrCBns==rRJINT8{C&;VCAwhadpw5Xit{Ux
z=FfWU5+?(m8MY)(`6g@`#!2}W%DT7%x=2E9CWLNU;jd}l{|`>8UD^I)@uSf}{1H$7
zpF4H_;3PLgW4r%K#`y1jZc_Y}?Ytbya1Qj34!ni%a%zQ9H_xg9xgd=>qTMPi9BXUv
zbqX3#IjUh5@y}F0pJr~bM)IQ|@}yZ>mCa-yV*1a^^N%uebKvvo{ayA~Me7u!A2pNK
zl)w;+%pT_mY~nnHBgK6NFl|7%R*F$B{e*cX!|kVP^ObdYw<W{mBIka=Y)8MvMTckf
zr#PT}m@~j(r%}o_fKZ)k1ydozC1O#LWq~RC<pn#qfjS80Eqx1RtKCkj4IW-`JNt}D
z$+CH2Sy&eE0<(pDRlR2Cyn?JE$zGLfJo423PsRGeapBax*joN1O<{6A`Xp7wQ(I&7
zF&nd*dfjIM87lZ~ezam#VLM_=4ZDxGNx>Rhr_!ZbiN{z6a|TWgX2Ca%$k%J+noHVn
zBN2Ig=(>|=h{}PTcpx)eT&iqVUh1GY91NxG#(uk?d(9d%T0(XYO>kdF-b6Wg={uWU
zaPK!B*OAkM*=`VGN--Oe$DaWUMw*!ahqQN$uJq5=wJX+&?TVd>jf!pCwp~FbE4FQ;
zVpnY2woyqX6`$3;yZ1i*AMY4%@6(^MzUTVQIiHF9ejb-62+3KFJvCtC5ubkvC5pUn
zr8-$<eV(<YrcIjfq&~9JC|3K1KabSYrI_$FkhB!D^*hFuaRv)JiV<{!K$JNlIEN%n
zQ-nJA*FCOXutmOmxQ0Ml@)27ii?<{0ECj7}l1Ld=?L+(oiB2hU8UacPg}A|aoJ0xP
zm^;_O051~LF7oIqg2y*28M3?|qo&yr+ka+^KgZ_n=PRX4`3C)pY{l67ZTZb0o<P)a
zP|%mt+5Mij-*`C`%w`RxT%=wyiew1dnO{^q2kF~aFQ0(MiO`XQ1`KdqV&m7cU3&IU
zJd*qTUK^!9#q0$K099hpSZ@{Me-*@P@1CfA0pa@!!k7Es-bWC#b9DXd*|+LHj9wAe
z?Xe@Ewy&ue7Hh&tVY>o?ETK$LlgmaMK{E<7k4<^FH<~|mOqAdmIB%wV68>?wSMF9q
z%tGB08{Djq8^c-Y*MfrIpl3p1XnAJQg_OnMf1(zt=?+j};-1hl7Ag#4-qW?>iC`>a
z00vO*j?QV<X3>j{6njxb*aX@6)5oW#WLb5`SM9Zqk-jj(>iw#>!l3mQbFLiNOt5#Z
ztoou}RBn+<pq1$qJYIZ>#M&5*lS1Oa9Gp<j4ZKOyLj&Aq8HJyoDGRkWbQ+>1jI4^;
zPdP2$EP>&qAc%(;8EB0#jQQG?8)gDFM^)|PzubABbh;u|%I<2n?WeH=mq+b7SVP2=
zlKMM7`&80cq>lFy%D+i{{mt#NQS}UUQIGF5WGfSaIhx1ih6kMJ4lz?~pcC7b>~E%p
zw?{dboCUO399>rEV4wrH`w1tfJ)bO3ggKkUJbB@P>`^<E5EvVCj`$uJ8;eX4%uxGy
z^=XPs<-0^BI6SY;6?1u_Q4tG{#OQ!axqA{1oaYY_OuPq@I*Vm0ED!t|fS(T_&E`JJ
z$k0I`R@Y=SZm7P@fEZ4JVmErNnTD&5Kyu1K<7>eDZ`b!45#<n1l|xGAi*2#c@+U$8
zw<P=Ipy>2YVSPQ`fy?h0RPXqr87#COda28=%VJe9nN+&BYvkJeE3s%^@|tFCH>p`A
zz8oJpjv3zq<ew#RkbE@6)YELy(4t?g78O{nV5@(g8(xoC_JZN5WdsWG@CAQ2wfZf>
zb)e#DDghoO113a0TfgM!aF>5;SCbDsS0X4>$vH>P=x4*8+eU$N_}rKRTPm36#;zH^
z`2aRXyLXBxx@DhlfT}0v@r+QAsfeqd=~)#s%#qK28^_7UGCuPN%U9Cs^~{v3EI&;>
zjxD)|nXKGHm~?VUkJ28NTKfj?eXa$K>AB>TbyG>ZL$1Zp<rd*h*q5HyZ-Ls|CZ0O|
zY!R?R)hK8nG3+z2{WNI_8bRE4<{p7mTV)_1LF+u9{!4sgC3LA)64aE}hx=c>D0?@%
zzbWIJnaUac!{9YrRZj)q4C9+VT0$H>!@yjM^=W7`A{>fNnR=dB#Me47RRL?A?vz^e
z6nl5p4*U|&{p(uRt&=EMf-h%LP&BOG%LpIAAEJI+o0Dk5io=oo*UQ|X#eZ&#>1+S4
zKbSpgzVV{iCHt+3q6j64T!FYWTME16SJFyx!>braOkZM&C2#XFh?{PWgt{1|>oA6$
z(FoI0DjtjahMhKI_k{?Mp$ZPQnn)cxYisPwo+>Kwz4W7C2gKb}JRIOeS$>W$WY(&)
zmzQR)={9v1tVW(i^n$!#Xe);5t<QfE=!$Q$Z=$y9*Ip>=SC<X4GhA0th!{BiimA+~
ztoWJ1soIca;Gs(<Xr(@$QQf{)aoy2mX<5M#N2?7=)Fmz&>li0ve}uf<@9568X9-XJ
zzFJ^jbNl^K%liqet-@1-#;SzO3^s3nI0`y~cQyAuuRq4TB&B$AZc86Fx8G}L)v9UD
zB+>!UJV@TvktNd}MpJTqpmK``IQ1KPrvuTv)XF^<BUiOo*Wx;PpHnli2LKM7rWN%4
zrx0-Rnm{4jO%@74?Pzaj$;B&(il+8I?RM>~I&N>^R3i$}Quf1yUt+$?J~v^QfrY58
z%-DL&{#qc7HT|j0>Fd*by$~-?)?CEgW~g>qz)|c&=#i%fT~r)opM~05udtJFs!E4B
zUNYxP5s>MtyFlw)Xb7nVRoGg-gT_eP8Wa_T?@1M-fZ-b<0QL6E9CjJAGo%GGtIrC`
zMA;w5Pu5j%gSVn#hzY|NIE@MT{DtX{V7q=^Vcm1p6d21B44YZF|6#`2gmyEBm8IDO
z`*|8m)3CiG23Ne*oX#u)0g@gH0c;R@D6Voz8&z`Bk6%g0wA<PZyeNWB^FhnhCR>MU
zS;eZpQ1?3o8iAn4$!<N~GC-t#b^ZC5&iA)To)=L|e=ux_m-PkvU2po#b@6+Oy;%lP
zGC__!Sx;&zzsXNxSNg;F`ZuY<opqnSByWn_*kjjWu?0;o1QrX|VlcuO+9rOor8cCb
z>2*iN_FM{JH%QfIk^O<a`pJk3mg=Z@+483<wiJC7IaW!sh(Q1=o@jzOdAMF993OX3
zMW`EUaevrz>==y~7gdv$JcNF(WH61j#C!e$#q@jU4|MZn*!l$C(MH=$&Q<-USKpkN
zKKf;5wOFs{H~KqV0PY7T`7vw}-f<T6WV&>?NOt3D5=~6P5$u>zO*c;z3Z}ET7hP#w
zi*t<E2!R=xGtI~^kVFv3re2tF`s7eEaPJSg{y|P5f6Mh1fDn9}H0Ju`%E#3>a)H12
zg;-da=SgDo7c7ON<fP`wJ$_1K^7#%CkEC7ceRA66-P*0qy<;L)+W14md}v|Y`_&1f
ze)!JTl7asM)LcJGz_F=sro6|=D>h5__`7$n{mNYsZb4=P;8?Fq^bZBIJgyk;p&b%L
z`ja7wVUYi*j}W%3w|>d{Uu0ByGgIH%KteCNpb+)%YXgZnxf$77{Wa(R(|dpt<UIf>
zErXEsQ9v{oWZhJOqKpDl;9Oq@Sr+QN#ueERf6I7|C~Z(OJ(Kg5!1EIkJoC9KY!ku8
zUjGDV1MBw1M2!FY^E*Tj7EueTVR1BXEB>B-*h}ycLNeWBg5q_}HF{7Nk#wJLmGhJN
zFRRa&KFlL44LIkbrZ0W84!JxKoXSwUUR8E@aAXPbQCX6#?9>H);l9)tOk<)s;`@DO
zvscIABT2j)taI?CcCj-kL#Cm@R-8nUUyQLjIdR4Ze$#qYsKvNtNU!S%D)eYD)xDnh
zhJJ9_X0*@}-kxTio^OoO^v_J3z-D68DOg_1qg!Rod7<us8FlzL_97vr9c1UMh<2&J
z!=+3kxy^gb3PDVwAoF?#tMxUE|3o$_)!w5^MtIR!Qy=uc&2>U4u;%t-u-iKxu1@W6
zd7qP5bU#htec8sxt}2-7&i^?3{GmuM(oDKE&|Y_o>DreE<W8BKYXf49Ptkv}(>0Q_
zH8`ZseGR0+uhLP-v9E&MR^$~BsntWfm<W=G<7)>#{pt)kkFuuFHdOsGOKQ(_i?$z7
zm;zz&%UtVOeboPj^ItQTUn6TtB?t-f|CRR7-;r?n*D-Rovfkfh2KZanr;8&nUO%aR
z?rOwa2{=J8WP*+!E#XUw>sfEirWXNjnz>8QeGGgbfI*W3sSHr>Z(b@VQ{5bXo8o@V
zNpE}qy$|0*i=~^ytTE^dHLb^$R$1qz)GH%geb@9hxV^e=hraa^566cZxfOq31>1N=
z30lrs!7jPBLWSOPGHz;d;X&b9jV?yzV8IXmRRW*<_SG??+E4gaWg#_K${?hkpX*e*
zfvP=&4pHz7?&p^%>AOzNMhRLHS*W=!MRy?8rX;#~2E&JDR`~2i3_C5rQ&(!BjtFfj
zBh+JKB{t}5M)VR1LX03@I?ZR4<7CeT@~Vy4D8<c-Q{C3}aOe^$!AjNH`)=&U1nIIu
z=v2j(HPWh&Y4&9$q2%ooB2BYUPD}dR$kZoR6mu2Qm<WP9d0Q$jpYfcPRDFXWMlR~S
zsU<Vys=Hke&mJW|S6F0L_-`hBV{j=h;H64`IDn}Qa}NfJ7JzJFvQYa559Nv1Cx)V2
z5^RZ0f^_luw9#iMz9IBxH9kT*ujFcg>}#-#WB8s&5@UU!zvXtVUrMjV|84F3_qAjN
z_S*$eL_h>h{Qm#!82{(M|1Yz?LG^Xzb#)9qaFbPW=0G6IV*=aHAVj74`vk{oCpiT6
zofY7KoHnfv44H-|o>a+|iNW*CkCVp4Q@VWC5|xrmAHkB`nNxxKI7H7LzTZMTIyyeN
z4G%o$wjgI;{}1#Yy#-QOW0I)U8zo2+$p}pVSxBr{kr=($XJe9Jg+G62x)~%;dZZz9
zN&5RW#Hwy@+^(j?nSw)6GiZmm4@IaQr-5N|sIjE2flyce^aa#=E?}s<KTA*C2AS!>
z9$A2D@t7(!*G#KQwC(EkX6s7U6~^WDHJ}8%=<dp$eVb?w32D)kaWsK&LY%vTfg*`Z
zi_VlZYi(QIrDLovM00w8JBni_wyjDZE$A~9&``Jve)Z7qJlsxF&#vZVnewuqUQu7#
z2!0n+yhzJx!H;gC2bsY>mRixNWL{E;%RUyJAr*Q=vq;!na?wuVu4Pn4*d%pALqDKx
z7WX8hFv816qgQvCQb@8su{NJBvLYLk!A{VYr`rB=a&A3I$%T3#v---iy|W?>8>LCV
zqP||lOqY2cF;TVztBW1(=>}J^F_V(v%g)i$4Wy(w3=voh<0tyhoq9i#xz9N?mZV-G
z<;>Ql^*rja)|c?et^E_JUtc}~cWWTU<p%4u>PwC^<;+|+w$6g8D#b+_%r<#V;yaaE
z#%!hbL#fV)LwWgR`WQNCcQH4TZXgv-RrRzNNV`D#vuNNoIiUT(6)Vd~H#rZwz+eVn
z3LzmWVO$E-3P_+GoXU<j*Z5L|-E*Y$ijZ&+koL!pO^&NXA6si4fjRF+r9nxCyF}&{
zg9U}b2mxmaK?9;+td{Sh9@sAm{KSA&1lEgoE4&o4`M~-#J9H?*)503rwIAB5231%F
z7W|}?)y_XeB*;_fF`UOE@k8#_Inu{VTjpX_PHm06{G!`Cj5CTfz*P9l7ZV||t4#<*
zx;eJgmg3=E)XOD#xQ6%kN+lkAWq?hUaTh`BIk$NTK~xsFC++ILUm16b-LJt@?UOmz
zeM>kK)1%2t>l0POX{T|4iOOdjKi(h(LkP$J0O{h*BXW^D2*<iR3pd@vURn3~zirAB
zgN+T@JtxBo_l&!Scsk?@V!g{&1Fu?6rAp$pKSA$>qU0pbhAwx0-XYS5aX_~JwAGWz
zmXLDWocbEI2hPSwoaay<{w~q?z6J&z<o{XoLNG{^Pt=lpLzG-d1O5Axao#+y*9Bpk
zweZ*nknZJ5+2|%WA1e;kBalAdUvi5NTFFspa8xkNE6N1?jUWgnR>z5a!z+bZN}YIh
zA<^<6?jt|FkFA2h+18L2D=J)0^s!V#0*97pr^3_frVd5I0PxExO=A}?6z6GN47FIW
zb>F&xaS6}s3}+}uXH=z+RW|unT9_c+ApA_Dz&qJdW{CHSp7zbB>%6{jPW-0?{y_EP
zEtnmAi$D<o^>GwwhCqZ70htf0q7f}NVhBA^rS7ZkSCkA-qmPA$kDa|t2eId}0)dLM
zSlY9~2+&WW3XUMA4|-47E;2|ymzW2Vt%0UD*+_o{KC;5nlb9D*D!yuhJ?}`v_!1te
zo7jV=@RXNTh8>=t2<RB{OtHBxMuiZXunq5lVI4bCo)S28M7z)=VT5~w2D6VFYW|ry
zP$1X#q{$DMf6bJyaG&qwK$$Wg)G^`s_q!#3(M3yE?v?NRisDBXLR#=SFXtyFvU=x|
zC$ncoM%Zo_LuS3HUFK!VjS3N8y5|i9C^sfm;I!>f@;2PLn{Ta;cKLU9f#K|w1;V#;
zcyl1(SYxxK93|xM-46qn)L2jf3<g7c9R7gdZ##jcMf+4F8YVSnsQ!T|>0?p58w#!m
zzmh^#cJYX4a82#aJ^6OM_h^YEuIO3E2pN?b>SZbGhG(LKwZO;<%?Oz9v$_QLUG&wH
zsVSBRvnsRj_k5kdQEWi5qT)G-ygU4UB$Zjvwfu3BgkQdapW}T#fzR=fNL}Fm=4J+n
z-X+B-&*wDfK%ya{XhRxoqK975mfHc{wDk!m?_PA@nOc4no8#E741OqC5}HH`NYv39
zhG5mRN9g{F^8I}Pb&-ywQ#-nplJ}iw)jU1Gj_p&VQD|J>wQ;PywyQ<F!~B-Pl83-w
zy0JpZN|HZ8WsEy$Bkq4u-TwDKNX6CJ%HHB1CpKzw4j}nD{%Lo<{qoF4E5ft5xD;r|
zJuZ9DnGLU1z7@Eb{d0T;3T@!fLj$il3v1M{68S)k;4DKXBMO>iT*YU#TBE=LgMuth
z_w0cOQnO*>BmV8!J5Z~(>(=1o^_idtTtM0oClxWuP^!NJy1@Ep!O|le2EdY<_PD+t
zwEC))Qpr<e<!R6l10H_Ku46AlWeK0<t!bUcYre&i?fvfFMnWf~w4<p9{lZ*6G0{`D
zQlXO!PDU{vk6(RRe}A26mYD()g=4;iDRC&@CN!b<G)29T9{qjpHP1>HYbwBW-mGSS
zlo@!cD%ZUxkT(mscwMVG9ygzN&YtXP$!a%V<QuW3XAM}GfJiyMgc(d_7>2KbKXD#z
z)G_}`DrowA7bAIQCiQ4K-{etbU`y5nK0dY0@^cSt2kD#)Jaxl6+mZF{6SxwKMh4PZ
zfN3#!-=0gNn0I9j`pD+j@SBAFS&Hk*7^bEa6}Xk)lC!&AW2hJnvq{_4UP6PVs?C0a
zj(heWdRaZMmEpZ(<JB2G=>iMq)!GaIrX_c}IfN&x)+sA>mvvSy@KRO?H+GKA6odHl
zl#D4=hqcZz$vsGUO6EYdsdYmva4K&?sg0hDo)8VfdveOUoPkhHj4)aM>;tu9d0(>H
z`|Ya<68p=1R81~Y_3}yv{CFj7I(zRN*9vf#^l$tx6j$!2{?5DYEz-yv95_?ABD{SL
zH9P%MJ3e7AN?Cg^Z2pIBwA(Wm(<p+@=t2?Ko|d{jINPJ{pY;3FQK+MD<(&g(Q8D>5
z-=OwNb1ou{9yECi606;RBm#L{3nCk~dYR30N$0+^Pjr9E3&Tl??->J=EsV5sWv04?
z_8Y+1=NrxYaf@G|qku{`P$;7<tzstdf#k86F^7fVt^ENZ66?f5sBqqGVu^gKkYgyX
z)ij)@&cVQ&Dl<IidKx0ib4vxp&0G-?9{g4rPW7crVffMTqOwJDGC=2`L#U>OIfT~}
z#>1*RbbQ4W^YQd4sw4DIRtIet?0H4}E%Z8DNW(;SAA9pPy=#GA1gBGue^6DajvK`M
zeT3s9))o@G)lHUcnI;5lTCuft>L9^OYCt%_QMpXc5)SK^n_a|9*IftFvOm=^#>FRN
zq7pUu*4dgHBO%(+rY?HLB`*1jiL0|FV|jdQL<zg!?mf#CgW>tdkx)jAtq|q+QVAe4
zi|rF@MIsm(drii>_d*9sKO>GU!b2%TMbB57hAUUaifF0s>JVzVj#Wjd_B%53UC(v@
zYuwfXrYisKqgNIb8ovJ9aa-Kh!N?U94ip`%>|Os=PVFC}xS7E#%)pY=PlroBizU{R
zhj7{?B$he!Wec>*#GIpJn+w0i&*c`UgHoHp!~dp<+t3V0aR6o{bDo{<GBuI&`;pk7
z3(Pad4H=2Z(~<dlCqI;hXm!E_S>a}(H|V<<@GM8R$g6*51@`4N3x-*tU}wfMU9=<9
z4mifUhz?N6mmLV*)si?N+X|;)MXz9tUDuVt#~zK~j;HC@FLTAX0lUr#>$#y$$!3#8
zRPfe){Dt+lFd#&yzM)tOL4l4gO~w}MVO7=}&x09$dAlqNn2%?&BSIFFscZmm6|j27
zFOSXcI>95IM)UeG&J)X!PCk$Xwna}$Wp|3OFX+uCJXqc(0ypdEiCNQrEA^v^ytPdD
zu#+p;Zr#;IVZu}jEX^2tzI|LV*?!=A1%K=tBM@H<ws+eS2)>V0K6}PUiXUDXhJT~L
zexUij$~xzrS<pf~i?EQPvuvnA?N^cqnXCSV4pP(y$lKVF3gLvUlCFs8CYu;#^G1K5
zZ~ja5CE}OU9elC^S(~-GXR_22H#PdF%i|epNd1}RrHvyBd%XglsqOAwk4Pn)Xmh1U
z|GzjfDq_%`gM;p*-a&U#|GpFBKTYVR?A;wqK!E&ngjcPh<A}eA`yNAYQ~aC9J!!=>
zzmbF@+-_A#m;{Of5oZ|;RfnZ{A4L~$X--;SB4uH-X@AC<Zg&pLGH~l8c}~V#2A`U`
z2sdr2k#*w!r{9%LuBUBiXvwzLD98wj7ioU>B+GyLY1;qkeSG!p-2eR#Q2<1lC{w`n
z_-;}J5?@u1BI-cDa~cAu7^a^<I*3c{?*x~rX9#xUi3&2+j>-#5h+yeL0ao_~RvJnT
zy3?5OrX1F;1hQ%>IjV=mNED5H8B;M(zA1~qzfI$NYYn10m`YTBPgUa!aY=Zwf|{1x
zvQWDia!I(QgYT-?u>se%FHdu-R%SM%&j6pTgECnS!;Uf*5I9^@XZ8={17;g&vqfH|
z9kzmRs^w5D(+(WMbGQF0@oAKrdFc8ksMH&;oYJ9ZqCP9jz%Z5m(8#QDgOSQ2ZZuTO
z@T98)XunG#i^HK?eQH(WV7W8jVE+YWGZoHTqcnl%-dthW>x6KthLA952A`P3HfhCP
zUFz`D?2Q$iRKv}*b#(otf=uq6r`mS?S-Xud9x8CgsM4}c0@D5E<Tr0)G)GiTlHI(M
zrAu;r!4af;6}sc2GNZ*>qon3Qr;zp>yInuSXmxFyEk+6;wZ_1bjfB6&(0oHA6Vij7
zEwMy}mR`l;d%aVk@5pe=Bpeal;T^_u_ZEwHG6rlK9k>W$M{_!zBX1Yhkridx0KG|y
zjncK%j)N|8s)V%IvaVC6%Fh}mW&Pg@I}foDfWa#DWHOhZxYU7DRq3oL@K=!hbthTM
zHO8N7uh*DNoZE8F!Ixh?vDvrZ6;~b5;y2ex>J&5}+LA%_I~CPc9?Ajj8org4xxo@b
zP2YJ{G@4pW6sFM6oiC+s3ebp%0KVe^YZdxYJ3r5y=XT=h4=m%J2|#Vn+@OI>=OTa(
zdpdYs(bupS+XUn`n1#EH7ZzK9tD=Q(h}(nTpnh2YA%e#AHRwma5wR!7c$Msry~X3#
zbVyShQD=Aw4_an_#Sk?4Z5Lb%%-zSvo7zvs`xYV;SZ$LfWv-(i!4qU4v)FC)VJoIN
z_E8N~B2aS_>c776LBzfVe!aj;(C^PgyAs@CC_l0T&Xt0vEf6;)!xOBSejdVGX!<=G
zgT*pt){usYb8qt#pR<W!ax?zWW^oO#p}hPHXJg07vs%hZ=WbDFeW@7oFLN4i<jEFQ
z{_TEytES5#&SSQY2;F3g1wTGF`ecE49=Cf>Yg3+d`PoaGa_fpONxur487{XvcC%+K
z>jqjol4Ip{2CLc<rtBOK>spZPScvqwN2V4R#$Zd9eIEX7&~~-jQ@jM*icvza`Ze3~
z=)=BdD9_XpG5@rjoyZ<txEUBQ^)_bV=Hu6fd04nP;4c-Q8&;V=xR#N|xLU!`e}{cg
z49;E5ln0xiQq}oJO=gwh@VwblJ@rm}H5xa_!*AF8$6)=z>a<Jvo~LGXLDt)Jg-n8q
zYCe&kR=lQox7L9}ZTh}bkB979D1zs;yT5km3>$7^0Q(fFOB3eLKH;8Hr#Kg#Ay;kg
zKA6BDH^S5<goBXo{fhlA&Mz#%LE=0$Tt_<leR@Zf+!{i8&%IH86d(M(=#=>u?^2&i
zf~NU|_Ut3cVvn0wZ!+*|@r@&!0TO}-R?->kfnLO@KY+S8>DZmAjI6{1tNjgjM>xA2
z5s2?{;DxUvpOB%wsQXNGJSC)ec`Jv{`a1Y}LL{U{Ad0RlAl~ieCND4{74(H)G-XK*
zgib{1D@LS@9dV5UZ+pkXU^^pzGAmc~<jyDsQhHhQYJ8wZx{n>-X?zex+TRAN&NKmc
zKB>k$l0=!TL@;0UaJiF+LCg<01T7!F6_qf3KZVvXx2XwkV~y&t`ojoq1DX3<cNcR!
zy#^9E(o2BO3HTYy`14K9RYPx;wp3ISS*#G#7NHYJ!v9BrhaZW5;EirYe%a^V5b9?_
zsYcC%x}zQ`TTv*Zi9|rx8Jw6#M$GBJ@w2EVa<|6d33RVV?56XFiH768RE<I3FooLo
zkqcCAnP69BcDUraP?H43^||CpJdv9HLs_a*;=(E_eo?iz4^&6VLCNcOLFnPkJCXpm
zn>^<6k9RSRV50J!qewV4(AiNX=0!5rLwHm18f*UZr;onwr`ZuL*Sv1541#W&LmW|}
zO-;jy9P?SMTA0X*WKsz8eXwr>0+6W$7OnL`5>6>Zf<OdMg6kcrSH$VP+#<oAyM-HY
zkTMr(P-@ws*=)E*@RY_^+$EQjgYlVcz%IXR7;-xNBk5?=nJLot_`RYTipE{)0&_{k
zO_>v=Oi$sQY$``=d+sXXeVG)cB(JwvN9rxf+KUC{oKtfesa;kt9OVeq9CB?dsb^f@
z_axr&kK;}ZzmvZdT}FJcNhhEW<sOhnxZuBCbV)dyfu^9&s+LCff9WkJ{X@c5<jZ<W
z(*|niVuZAVBC4WnxKcjKNJ(_#-z03cT4YkL%sX(x6u!ZrZ~HD_6MsdQV!KsB7fian
zXv7efQT9ydcA3ihaG1(keS5hc{_=@c6P6@w^pmmBK)fUND2j4g0ux~naiS339NHB#
zB!W$w8imfpF%C<Fm5r7Ct+bjPuP*DoGryjPr(NQDrq%c5#(VWm=DEt|F~UVgbuR{o
zat;q!-u@kf1)KJ}v|jYcRGdzkqmr?i(i3*}mIl3&w@%wQ3q@wS4QeMHk7c>i<?=H(
zAefw63^{_&I%vZfCuT62;T_0{r08h-vjlZ&m|=XyWF<N~>}XuadT`YB@U%vKaDi=c
zYG57e1U99h%Y7q)2l8zRSffURSDP}CQFxU=qlL%~JiXh+6<*zpu;y;ps+37HN{eRr
zlG_lh0kB=2)HUe-dc@Nosp&(;<2hB$zf#^EI2bYOtC%0uW}>lxx#>q^La4vpnE6Fy
zh=S+D1n$vn!dQNYNt}FQ+%q5)5X<=5Y8E^*UOSWB1GIK*QP|)bvq(E-WUp*&m)-8W
zE#_mD6FEG%tL9UK*8-9hGe~MI`9I^G-qob7W3?<6j55vT``xmOo*JMObwl^J>QHH+
zt-7YN0j=0&SPNHExgdEz7sB|l0WG1Ab_V&LM-%WfnLd-3mE%~$%d$i9edm9vcI|fL
z=Z-(K0@?Ukre;3JK>D#sB$O+}b@esmz9Q26E;XV`C@*)qCg~imFEsXv8REnIokfm7
zu8x-022@4g*Dh?OpFxd^UnHw?s^{x#52{q%WUv3(c;3#n5^XLg_Umc0P+>^WH~8QU
z@Z)&Ae2+FLBQM)NTtYRy3>7ss91oRVtJXKj@s5oI&CegJmoE{;4z<88SVvAcym4c~
zk>xjGR|AfN0#hG@cp45mDG}vRaBD}cp(jeu<<h>DXuwwPO*dcgJz^ll?7qp@gdtvV
z??=IZ{c>@X{R;R1J)$$vBa--kdPL6uUxS+B|9(s@o6S{+q@O+MIEy*UU}@peP~ih@
zEsKi7yX3~TQ|LF{{_&WIeV705$26e`zia%}U@9wz_4p%`)uO%ooBtb<A<n*0Fe(Bm
zkubQFkuoU@&JfBRt$j#7DHbVf)gFfkHD@<hsl~5VF`(6^`?%HB&0IzNgXbzs<f7~1
zelq4&O%a1WP3dw)PI8V5;uWs_w`7fa`=deVmI|$5$2N<OeLx^wgRyrapi8r}Cr@^r
z4q7D9UOj3s`Zwv~ZGl+4`X-}OWsjc9YYh~p!(tUnV-li+0ZU7hej@|0SyR_w|I5>s
zkaLcW`dILt%Wz#Y4u?r-{pwzZ(yyUu3~rt2c0ES?E6>-~PlUa*(Z@L_C&8vYS}fz0
zNr*i2?t`oxqiWgw+`xR$yXs4yOxX1-(JQaOF~SL-oXBbju>jbLt1{BRiX4LXJ74_y
zEFYGo)A76L37Se;{Zc5z<pHR}VlH>9-2U+kJ~TK6h!DoaCM%%IT(OIEW!*|8%gdu0
zWz`xB15o*RJ78xMHo@V|oJlZpV&=EMTxJF2R<ji@TPS?QeXsPkT~FzyDLF_@VFh6S
zHsQXNv?#qNFw2bHV)lcOerWI4BXeMF%w<~t!{>eS9kt{dK_t~Ol`q-1-LPKn-X>UG
zyi%|Zp;<&8B4ZS21tp$8^SdRk^wLhaGAXaHpqi3N6aA)%!*+Qbg5~~1vHXX=v`Ud)
z!96?NvsE;u%60y?AP3$j2<x-bo8(JT7WS3mi$4F)>m)5-5++H5smOE5+JXk6uA~;3
z`Z|K;!()`sv+HxI8555aw=i{!uWI6d%+#F!GMv>`@QQ#Mn1$JM*cMU~_<HNdH>WG5
zjNYiy*s8D?w#IOWr_@0qlSto9eosIl>a&$4UaLTHzXbPl7}k$nIIvOFj6D50sK+Ww
zBNQi|hfFx?TY4-?p~04(D2p%bp7`7C{U~7O58~Op9;6^yBbkNoC&`4LH2DyJ-GM{J
zLVR)py|FdW0F3|Neq&M~NggW`D^~?$Ycms97jowR>KbMzZOZ>$X??!NRtKw06IBTk
zHJ^Aycm_ws#2A(`8Y&uxu`|=2$}Hp3zJXWfM#&fE3)3yxZQn_?!X5<9muL%jjq)(#
zk&<;*i>asVSnh`0?(UCIhM1LJ0Hfwl=o$!V{p{#>&mZmKQ0S3>exHqO4_}3Fzd@$?
zi(mX*4xywgE+O?DM%&*ec#Zj)%UA)M$vLWzI7eetE9&kzQEuG~I71n8=sHS2D1u5m
z4-?EgPkA>scLNvBRjtbOa9IL+tvz#Km-L8$L2Mow-)8E(a(O%Y)I0ab)Gb3JeC&uC
z?NWURBWiRzX3sn3;?I;S=?E~Vekk{m^+kG<?nv`tOozMG>4u}XkWuLQkZmS)Ni?^`
zDDrMZQ>TU$bwcLcoFxmYCAsFdw&$5V{9@UNQdQP%*7X`vTzM$$K}9Z7PmVe0s6t(+
zMx1tfQ}oW3%Xfck4zCY^ufTF1(V@;WHy-Unq-VuIF0`)<(4}9|G-~x512R{=<sMHD
zg+EYUvu^OH@mXi0!v>wSt-8N<g&EON#Vqx}B}njJF-EW73vS|2p88(XovF|%8%I8h
zuH5X^0#pu%wvYSp?oBiavZ9MFe-APD2WqwZQ0j@O)1NhvjpiAE^?MIUwTA=vi^`X_
z0@Sui?jqE2qh@@<Y~x0al1ydB4>*BNa{b&%%6)iR=RbXav!~r+t$yDIyBPoU`2)d`
z2%TmJuHFeAy-9&dKd+3tDV8bB?I?h7PJ9&Uf=>1Uu^3={Cc2ld+~f+DI8ZDDEKlmj
z_z`a0$)}vb9;ZcVX6i(vuQ%knQAL;5yV~md{A+;OS@16gr^Y{0TmQ!L=6}R8%RgDR
z1C8@hhCh552pC{g>BFdl!e(F&zOsqS$jU-Undl(m=>M_z*-WBX?(lArxGDTY=o=W0
z9R4M$>$eE*F;P-U0gm&jo4NZDXG257<J<7@mroqE@x4q~^)pVakzyNjbr|p4OLbKy
zAx8IM>oO_l)J|16N9UohVZ@nTH!-&P6C&Lf0>^|((S)>sejN~P%>Bl@1lxN8BJF3*
zQ2nBMJO#L}I(<I9IviS*=QV?uepjQ43Q<;WpZ%bjaM*`Y^%sx2zKr~;z49hZd~9|5
zEIY{CZ2MI5qjmmBf4#A7KL28j!)7ywfuTI72`QxbwYWp|Ce1OZ=B5=*VbI1{j{&2w
zZ}O|u`i4AK@p;^}q(qsYJ&fwObLUSSqC46_K{-{|*w$U(l;*f(H)@%uOS$kZg^2q!
zBA?8~$V?J(nFoWYVoNjOxVzt}E1oc6s~sT}gjf<F>a)q`$od#H2#?yKINr(jQa*TQ
zL*wk-UMT#b+9&_`Zak_r#4VFn|9oG7N(vQhJ)J&OpN3D$Iy$Pu+s5e`uV_S>C}K%?
z=8FYRKY;KSU98#~N}A0};}1KP^f;4F*_$6*)H@e2`TaJG*PuL`nOHOLymVg9v`yF3
zm%R8ib<mRQkbLvIII@=XA+lky!pv5DiBZ&6{{cjGxKl#3Vo58UERaoCT!6$j!J{>W
z<|hpPbJ)V@C&OywxF^K4K3DJ+F<M%q_E*GH&XJI;Um8W>?5=(CR{IAqm#D6G2wrwn
z1@go3aO_DnhQL<WX{O8@4YF+Ec?THU^~*|G85|nj$j0-u$P71#yH*UlYyknKnE2d(
zt$o<;cide6W0qO}$@2E!S?>0!=GR6lgZ(?p#3Mrg6PMZf{xtuzA4@pbbLo({nf!B6
zi2N-0Cm>u9jX0|7SpxU?8#UtJd3JX{Vr^jk2hZwt84^ehP-(5oJp?rwX|eA=(lwdt
zMwnWMH@$`*8&{SAtkHU1!;f|pLHrt)J{rF-Bs$5K(7)q}T*cfMb&WG=@bor!PR8jy
zt_K+vk?_}Hy6cd7_USNMiQ{+mZ`u)!SZ32UcuUYiGika_qxZItC!-a$ZQgv3ne^FM
zMQuJJ)M!qsW_w)Yvs`C<<iXJEaR0gPQcU){f2qc?F~guRI5ZgBU96|c^K%aBxo|lF
zm3^po`-6BpjbE%S43Dsb3ulooR>D5TO|S;tM|nY!&p<Si>x903#iSxt=y=kY0xrCq
zAb`NhK)j-k?1@nVwqgl*+}f3(Z=rHR*lkx}njaMr0(QWFp~zlmy33P-8xg9M$@3W-
zfkPd~KD*u!VDoYOROwjobJPdGsel=4v;hYxlp#!G4Kir;Aw8<j;?nbzBahYAHOy!|
z^>1gERgS#2qE(|?Fpl&Hsh~2#Es_4+9SdB%9<E&xB$7I``E7Cp(ct<f+a6w}8MP*%
zobn9{Ag&@mhlq0@SEBs(N&N|OpRgJLnB|q=VA3~AGo?!yb$~2HMLcFoL0cLDoup`N
zeLoZ+b#a8ud-?RV9pEHe6fit8KqIT#P4WUg7^d<TL0>mTP%E;=wA$;5H18S6yl*C(
zEy<^1O`bhW?sS@CM0@yU(8hVPi$7uYylWyVDZY2m(+zIksgBVE+G4+OewZqT`3C)8
zadstp+;Ruuy!#)8X10IgtfR1?2nx-m9dnz-JrQAHq+zf=LhxWF6L{#tOslPVPKd}|
z*_SyNM00kT4@o-`x4a;hQ-fg&zYP63DMbE;v43A+i!vBja+$@=+MUkIdYMWbdJR@(
zND&J*fswcG4c5?_Z^G!ky}<m#B+$q)cHIROpX+|$l;C&x#$IOz-aLZh^JWh#@m<V{
zB)}Q~@mNH*=m%V#qiH@Q1YQ8wu>fR<r(u`1%V_T^TlG?`YmN-|*Nz6_=c?&ydbmsh
zy=A;HH=MRakf1^Xzh;}cZMeFI3G;fT9y2X)Pd@X-ZvIF<w195C>XA=JTbbYb5?%(%
z#U|+{&ap4&rVR~w(8XAfF?oMrQV|rNWjR6d*{+6c0jWh~%uIk=A6&t+=~phT^ctDH
zYaTkN&{%<2b8eL_e~rqYaTVD{LpCkK<4w6%4$iZ-<4L)Mo;$ULTXb9Jk%k^C!x<rQ
z$O`}oU_i9g4k+?Ptf>mL;V{)rI37nqnP|QVP8)=vUou=VZwRRHodFLKf~tJt1?)xU
zo%vB&Qx&pnyTlVD7#LaPHW&U@Ym`l%M}P)a$ty?vs0)d;fW+eG?cx5DM-$Bx;`pNH
zre`?TAY72K^D~}S9ZpkR5&b3z=tTKBJhpa8mGUmI%Fgc(5$brr6Yj4ZGhHB{$^HQ}
zHVA0-(Z2z$|NYb<o|_Ar>jL7yAA-@C4~kESQr@WZ8Fdw#T0H9v#x&gRDu8enIEu7J
zb+Tp=Wo2M;<_W4b$WGBH!(=uGO~(wPmJc%gyyzRQ{nD*y$iCCvp3#=<8SC}4O$|$w
z5-SprJ^lq~9ts^c3lPxb{}Isa{{!@Y)y>uPNyUvLVx6Cj1NGwushOeo5qc%5C98IO
zTTb2Q<Qq1t8yX-5Ber{CWZ9tq7Mk;;EWUuN6Tz-tT&1(Rd^;9Ap1At44RV|G3~NFK
z7zx0jKZ@4{yiiKd`pga_gqs0pMXpkkJh3CbveGYiyv7l)1}cWu%(zROcfBPLMGxHa
zXtnk--OG9_3tE(=e8E-WHXN~kX6R+oPt93D@R7^kx+# (o4d<>w&jaIQx_b~1G
z1Z}f^7rf@`g#!DFull9J?oPmir*EnAa?IQiCc}rJM!R|ZXY(dvqm9GkbB$}!x5W#1
z37BFxGy%%aS}KfXV~I|xCEGSMhaRLR*UM^G<!7R5LVE<ip3S&MdWv<~9XN-=U)_<S
zkKy=sCqZqfxEDa4)hwl&PO}mAS4Hl<kSN_m2yYECNHv>r7hS<PeIJdJm~9rNW<{aJ
zJ|=Pc14Y(4<6SUHTzCsDd~KyL&|W$~p+=JlD3KcZs>3zAcIXHEO?PNA!YhqpnoGA8
zDP;3~xDx;V(r*hZv#WG))(U;^N@+k`SBu9wGL<J8Aa>@IC2yJka3V%qb=MWRMP>F@
z`dE%|cVC`<zgQ<sVvVS!)$W25EzhJC8=oJ^x44E~d!}J3FiZWN*&AsV565LB(N2tG
zFxrH)V3&td0ggVs@*6a7V6P+J*Aab5P>CUJS%hb9Eg1h6U<_ID_VodBnT5;TqLmNO
zcW8tMC5t=H?9KxxR~OIz9lx$fYeN>jstApBXc){2;kd|585pQ@d%|%waG24rhhcJh
z9~tff_^ZeX_>M=2Er{Ux|A=6Ye-Nzt_Xg#AiH;WaxEdqqzC`BBh;irO!XIHK6m9aP
zn*fFR%N2VNzpM?A{t+Ml&2Qn~_@&`Psb9@z-JW=w@&NTF1^xYBA#ZT#AWr&iktnZ_
z_rQoU(jtev&=DxHaG{Y~IjIIi6{#m{HLdO-zFE?dAoJy4rY!0CWD7Jwu1ImD;6CfO
zbyXU$V%(+P(_Ao{YJ3M8;*_^`t-$lTk$8A*l9_g*ac!*c&qW{6q%AUNFbDLm-T0Ac
z@Yf`LJ}{$*lgspIn@4LtlAErk)3LhZY_(k>ddzg!v6|jGaphlj`n~S0!=*jRPqi!3
zhs-PN%)l`yv6nH5y$5-r*pc%yg|R(Q!RIAY_}b|UIRk=J2Ao%)24hyJq-&~YVKAd6
zzM~rZf|Rp(SM79MB~-ra06u3BrT0Cf1cqug`}QsP;qzq0Om&_SsY8B1LC80N=19IN
z=(CSZmMJPnyxK~N5i7-rwX@Z@7biz|>dt>xv~a8gFkOQY>+DwaIl+$6OJY!#?&ljw
zCD$jDbI^Ln#>vwe{`NLrf}4@y_u6amT7pp&5_b$$W1J3KT-0rY<^~ufV~$;5QTt(E
z#~qIO=~%k!%gTwRtEj2j>7)_UnQ46vsR%O3;2dY|o`-4I4E=YK=Z9G$95=w<AbyHA
z<TLJflg(nPHLd=Gd4U7nuY}zH90Ev8lg70!2cFJ3m<k%vlhVEkKj45UHZFDTX9}~2
zDXEK;G7&7vmey5S8_5`o)|>;_mw=@xhvV+M#5O)!fG|daXxUq}+Xx?b!+vDKk|{Ni
zBPjeJ{@2Q4_Yk;j1;TjfKf;*vpBT%4DhrJFE7zh4#T=y10!lDxFwV@@VZE&+IAIWY
z!?lhcr7o;4RN3yf4sh=<%i^4jdN|l=mH@^m`!}Vb`OrKv1mTS4<8O~S*S^QI@2|gq
z;|FAFP8oe_@Jegt3ASmqFTnYEEIW~@X^69iDL<P!ErM$a4AGXjh~OuZ^k0t8Xlc5-
zMf6@k-;r{5Og7rdaZc`<R;0<EDedf!)4R(^FlsE(Z6kEYpYx~1Ln1+EpT?SsxlwDB
z@2vv01i%1GCFj!qlc++U;o5XS?iJYlMlBS}1&3wgJrE2VB{!KHsP>T_;FmX(_R~tu
zbFp}YR_A%G!hNB|`0mAD8hxn^P?lvug>sKbH9=R7J?(UH!*_;qk6`qKlqd4ZV7^@)
zh7aWU6QWyjIKqZhm0tC-#Dgg1CtQ)PtB@`RVo(?L{!}l5x=j1L=F&6JSw}~?<!4EF
zLI?{j7Ib_=oW$ZlK?puIQxu_CwN0)rJ$)c+RTijDZjnEFDs`-HqwofJ$YaJjH~C4C
z<14cj6SFcrPHRw|+zuB|Ec0oM|LkWRxFm~RY;9z-aiPMK0is$vqdDlf7M_j~g8SJi
z&^{}ytH3tgC#T={*45RO(SZ=2GNH!PueT=?!6r#Qv#1@zHWiqo{chxqG=qzC%_Q86
zxq84E5gvwUp~PisII4e$z5)gSz6k(RhgoEeY0b(?@k%NM<NUtghLt@Nu0mvu8s-wt
zM)!Pf*I<fXPGj2|YE%igk;d1W=falB=zU`AF{WiU@jXd=c>iLRp48tH;^~H(y63Dn
zgc&tFcY2LBjPr{4uMBfO52<*7)^i#`jqd;VCLGs48J>2)7sGfrw@8$`up>xFp^XC%
zY1I3WY$>L(N>sM|E+c%&Mv{zrA3*sqvSs<x#(h|6+<&e+03nn#koNo6%MggYo;H|Z
z6k%8rc>>fM^JQ|oGifEW>kA(T^RCA&&h06W58o%mfO$>gK^%GWxbK;RG+E6z6(Ov+
zfZ}&uEQ{L=qN4_`&^vF<nf`(hTm)?T&Z)Rf(3UT`;Mtfab5@ycxSi8{v{~b&%wcoV
zS?f5PZBd}dd<dwchuztuf{hD5CGdD)12|G%i37AnV2>=?`>2R750)szhf8Z>f0Gl<
zd3X_0Y3fV^13XBhj989hJJHiPccF>PX}F61q|l?t=xV|3s6!JH5k*|a7MkCTNWQLV
z<n7XUTxgnP(9*b_;HG^I0JPiT!cqJf(+OrjJV=DzsQKmFvXOh=7qAq=R$KwsEz?Ax
zurAxH(mD9LPXc|!8YLL4d5hKsbX`NnMG|DjjU~_SIfxGZ%Bgw)C6~d<t6F7l^|epw
zOO3nQ7>>s;VkT3LK6}+v4L(Ai*3jTYyr7sof`vCG%0CsV)wM>u1<{;0CDBfNCMMvi
z^t#P;!B*B54q~cD_SmTfk{fe+Yn}*Z2pYDXh{HoH>hzr^`?Rzi6`D;>h&F&b1us{C
z#Y4-Tzq(l=Ef2sVmzJ1aFP1!zUS>8<DeG(Y8r|>e*8Q6B5?y!*3WqCL()<v2dP*4K
zdco!&UxJOI?o%jrG3^-cC*%XN3hr9ja;i2(AgE4ubVzG}@$@hC3=o@E9C>RmjHiRR
z)aP{)m~z?S;@|55&-9W(<`;fhXHFr#%0{GU(8F!ahHn8l`URB?5-kMy#LE%n<3$$W
ziLUsdl?o*2w*cAvKTw*xj8W4gtd3zrM%obXoH-QhOB^g*QO9g}Im7oz;4;VXx!-^H
z;9gw_{W1F7huS$K@h3+edA38n6Zwu~sjF}1#e-RQF<{V#$)^@jHT5m>bd^XP$KIq~
zbctF785iQ(@7MKpu`;q2@W*fC^&WnLypJGmvn`{JMGR`*KM<O)5(j@2xcdBul-?2G
zUo|G~wrhJndU!t2m!Axz23=Iukjy$I>G4#r`C|6W9INK<;LXt}ZQi~$x&emK8RdIU
zJ=D)!Ol}m24}+VpoQ?09xqgLfd}Zb?MKfnkb`)=ya*lfa%d&KFE+(oWC@XdTM_Gyc
zpPvVRzbpc7TWO@EK*2YEj)2v!BVMV#rGxAbL8L^4lCt*R-E`%pnYZ=G+_d^GIQX#x
zMTz$vTigMZlNyM@)rA48uE!JUAj#?DiPir~N)lxyOo5ARu2pioj8~^4F#CRl=R8DA
zveB*CExHonWP`PHC%34AEPlJupif<MwxxpK48U;gxp?bLqiV;eCF4k;$~MAYruDd(
z72=2WKA-+|4zDA8P#Y5K(Ud7RJA)@l00JkfeINFRxyv^8!K!Vm{_+8YJt4fxZ4JYE
z*D2kVYwI$z-IeQP&JWv$E#j5Agfq7eD*D4?PO0lgN1)%X6NURAuQ3B=M83UCS&`k<
zK;)d8<+Z6s8CFYZkr_Xa9%QVi&Y-^@x%bzNov+wc#YNqms<XQZA$vMN*Lgzk6i*5W
z4R=`wim!@I?gW2tLp}!cxbpJALq|~KriqSy#WN$shbAH&kK-O+QzZ()DeE!y{5BZG
z%=g|sA{c_6%`af+>0Rur$}x@(S*{{O=otGbqUqMz;Qijix1;B@rhRN5N7~$Xrrg0`
zuoMU2Zr_@h6^3)jg+`0VeT>!fS6%I{5p*|7?qbLmU`-i?Y!OKj?`A6rqNF^BL%WYF
zRecAjKL-s+WKb~4UBj(G*x|F9;s?q(HKZY1w#Ho01d7=dD;QEqvJk|g{=!Cc)(nH2
z)a*BYf@yqAL-=}lJtObP5NP5K%oIv+#5~c)<i6Aj(+d+eu{C7a6Q{O<<J^bDuNx5k
z)t}awdR#<dERNRFx5{E4dZ^t?I1w^;I!!Ub{Dl9n$!Ont5g-m)3>3ro^ojTXbt3c+
za8qAg@E0+MyXk&(PI;RQ57n8NM42RfmKl;3MhhhmAqN@;63*cOz~HM6#PsvA*W6$m
z8!_fmO4w#tI*IL6#>hJRM36}0O0wloOrJ$Qg5)g>|Mus7CZFHpQM$4UJ2IYs%jIg-
zNAP&V<uS*{@BLh1`qN5)U^z}d#5l@OJ{Diu9*M6(FS4q&;6ya>uS{a6JJh9b6KjQ4
z{6lL-OW*p|6trG&ZDJc9T$W;L9}t#u3@=lw2+b~~mU4_QHLBjUd*^ANZ)<}r)Bv@<
z@`InpkJSKeft`6fVo+boHA7P|I}1qreyL$9rF1JX2c@=cJ7B)bixCWK*I{*Q++;*V
zgX9&7Z@lS1M=Y<NGQCc4c1w)wjOn9Z>noMV0J!W#+_yZU>9Z$S-;Aw;`E?3<;x7jb
zI@9Z{-tIX(O$Q@}_@TCNsXTAUgA9ePOg1aGQEE}w^Yg%yuiyK*?PV-IM(>)_qZLjE
zFQZl+HUu3sIV$IYX6YfFkPI!AniCl`o9-EtY@J2N<kU6BbsR<~4dUUUZFsngx}*+k
zi(UI6eSVZ)c3VaXPu6fE@jUTJ(~@z+2o3UO=36VgxiWagnZHe!q-02nEiCR6M(vD}
zF1Zu=V&$-;Ph0gDR9wV2mgcostp>UE8oaHRCQXOx8*W8oO3l_dDOknFnz_IRt%-Q&
zftTl>cbnUpIWM#s$ypEbvo}~AdDN)!8fnpZNc$tPBEF-`9J-knYO+nQ$PHy2-sv~;
z#8^6IrKnqJEtYh|$-8(popv34u8h<n+^MO>m##29X?EHbU0PPi@z0U2s3)M)+bfVl
zcq#CDY=7t}Z&53#6#bDzoBMXyg>r1$fs>mz+-QUHPSf~+7d8@MQ$D&Lp&hA~nU2uF
zxpPOG<)x#ZXTw5&oP9Qvg|>dSm)EoT&Zf_D`epYZk>Ni3_jcVuKuLnos$wa^U2#&~
z@WJHb;fuM1S0@mzv)YK)T{3L8RPgNEbK%}RakcMrVOKBw*6a=AR$^^iK4SkjbiA!$
zIK=JVMZBxNO}rW-ISV@~8>uDtx)ftOPMe0R=!O*YOYNm2&5juM#3ueKGtG{iCi<(A
zggM0|8xF}&b}^y?4oO1|?PgAA_@;KYo(IW@u^UCZ5Wdt#mo00Uh#jjF<4;Qc{Vi;K
z&Q-hdI_$nt&i(yA_He&ga)m3D_4$}N2)7(r`qOb0@2X^}-=qVloy7Zzol?%iJun@G
z8kNX=W%cV#joijve(MXVG1mW4j>pNlpD#zUT!Mli1B1XumT{D{Za?b4!LV2<Ks#QX
zFZ*!)Q!+PxgLGV0$&euP=Vt80x*ORbR(fMUnU)&`SHE5U;oH6pZL_HJwWD7AZja6e
z)G#68sPEdT`BwX^XPkWV$le6fwmhAFR_Ureq9^{0e;r)qsWY#5i!EYhEvAN&-<o(e
zO2&zl8^Nmx#bW$2Y@5o6p70fxv+jsZNT>V=zp(!Gi2X02!;BnGu500YgtFPhxPm$s
zVPdX#ha!ti^g+}SPw;U^jKnF+QqGdvWuuDL@Pee1HvwM_rt4zV4IApURq`)i1tM=u
zFA!X_#s7S2v&td&iPER8Lsv7{OoG|L(RL!Z^bD=PCDOabw)REh&iTskU7OoEj~ijN
zLGMdhhMeqiFDfWLj%^v40PqVkGi$6p40cdH&fjr38Q3O-$>3F$mF{B*)LiUuPN6X}
zy*243z3Bcwl)ZCsrQ6;v+DXT@ZCf4Nwr$(CZQHhO+jcrmI!<@)T>IPS+}i8A_nh@r
zy*2-tbIhu@YK))81Bj1X{wrw$)yMj&srmK8F<;maPd7<Ng6CC!>#Q&v`Xos-d{s@6
zb>2ZZ5JNlY;o7@;T$5`3DEzL7dM$`9S_Cfwgslq$da9x%THh<)!5ebGzdb+mTc?HT
zXo#X~eXi3OJO<N(8s0(-yLzqXGIeeoj`7N_69@BPh4(NcbWILDr#3_a)>;Mo<kXLS
zZ`gw#e)d?8nmRX%!uLw8_anRN_;$tAI|F&e@pRg=j+Mh5^XGd*Qv0w_#i!&uxZon6
zRjW<adMhFD4zXki9t@8DehII>IjmrTi;Mq+{yxEXwT}QyVAIQQN(23bV7jN^xdi)R
zF8)m_`hwrM3Zd1V(5xW4VjI#v8omUi&ih!`;R0+3vjs#_8!k%f5l7)Z>Seg*7n_^l
zTx}_>lN%WMo)HJ}YJ*tQ24fkXq4=KZgMVA$T9-!d5ZBuT<C2<YXI%OKB$*64`a(Cz
z(hbadZk*CLs2-&ZsYvW9g0Z+j-{lN{vasQCL{Pu5*(8X~8eB?x98WV^V`xy?ZKK`5
z<_+oFxdUajvg$2tc|&Chxg**XKZnX0NFm$u&`8;R-g?hCi(NDYc%y3`d(G34FA&ce
z)_Bt!KH#iQVMb4AT%|sy6MZy$&qMkJ0%I3R9G@S~M`Pe7c%YbL`7F~N`f`R+URe&7
z3J-2l%8;rbw}sJxu>E#eJk1e@JH$+6mj`|aGF$eK4-$lf?2sJ~k5?cR3y$u3`1;TE
zOh0c>012onfdCRK0{=Wc+d7+=nK=I6<j*yL1dNLQOa8n9wE!T04uiB!mL43wj>ewF
zy6wC%V~qyZ`x3=B;1_T$ZTwTZkMk(b(euU@=D>v0;M4K>s^f+G?Dtjg*WFy-H`~EP
z#4%?OW+vZZIfZQjO;MPpLl@amollyB+~|+=v<820!Ni1midg)}Eh(f%CNR+9Mt5E$
zVbo)E2Xb;k`n%F1VO0`t({Qw=jxfv8<T=LaidH2l3s{*w7R6dsW{;8#%g#)dm2At&
z<!a5!UFR9)RmYgj1MYpUZp&lr(4vmkBvXhv$EYqhOyCIP48nGOHP}#r6fIF(uPQ?h
z(i+1=WAzr785%1%^jjN%2Kuo~=p*aUZwQU;txA9fdWf)MjTKkst>A)7`(GO9H46+c
z7_P`V01fn=`5kAu#N9%bYb?+#*<6r({urH{1H&~1Q#E!hx;EMaeIZuecA{M+<)Ikh
zI-5m{;s$*sLAQt$tX{^@iKZW77tB0L))~{By!G4nC6opHp{6cPIs_f&c3hne<07Z@
zd75()2Tg$r-m?4MlWrs^sLAzI1=ahIt0>+vR#3TyI)luheTVF!0Ym&MTa^;8Is;(2
zQUt|N&Y&vs0|`otCHtVNsLS=E_80CAXKfuCs1^Z%GWG&Lq5dG8%2+cN^A*^kYLB9Z
zR_qd-c9i_^!gs;6eJ)K^;0j=p&Ms+&5$dK?mmET#X*fTaS>qI{WXJhQN9Y3JobAvX
zOG#nBrNnGkR^r)A&#F(9`j}sM9v-J8?a-9^bh6v2;`EN_^cuZZ9w$p9@72Nx(Ii~s
zHMes6gzCeJq2tQw6hrS)Y~UvSK{90c<7YsVuG#bkxi!Ep#0!s`w$RCHK{J`zVdJh+
zY>`6Y%}C9H7I9*WK}ZrGAp6D~ORQPDM{igvKfWX%W&w$%nsP8onZnt@wv{B@UL;n7
z%NN_;N>7xERcP~}Aa^|<MWQjP_6sp`$t(`B1e1hLoSPP>P;Y*V)^l;3nB^Jlij~pl
zHL+Y;PCt@vZ&W2bWnYJ=of;3rri86OhK*mp-L9_)?^*bzQ~5jYirpRU4v|V~uyCk<
z+R?4O%OS4l(Eu879RmjZpOAfZ=mNCCfbZfTN5tX7LEz!71arY;oqNUV6l6BI`F>xr
z%IA4rA(#bx1i$tS?=G-mVDsz@I7H2fX|*|slDsvb(RlzG=r~O3BmfO`vIRMoFbGwK
z;IZU(6)0m^O75bpxeHTJsrifMNIr!ZV7mEh(s!R%xHUx7gBBrlZD0v{TzW=P?YyxV
zWc0gs$Vt=q`n3t$$VMJ;)IDVK1-&S}c6^8r)iQwpB}o1kts%-%N#Fg375!KkD+W2|
z$;!#I-+#s#*72;lW&mxB<9{TKA@N^v=5K^C9lIq46dqftq|o}hT5InnIU5lK3}hrM
zK|%ARc%tX}ibcGg)yZuW*OT_}JWzUU;0XNwI6-al0&5faaA8O9Ii9oE-OJC{w<j)t
zGj;fV14jQiEj(NB^21o68?g4U4?H|~_i=eY(v;>pOik>2f4_Z&Nfjhqbz+sqrVWGg
zo)w<~23#r9-8k8<L7WF$$#Ly!FYar5Vjb;3RxcXnQ1k{iiQ%wrHyWa;BxTnoiYD!+
zjtg`#7^W=I+ho)ThKA<BJLj-TOuV1S1=$~ZD-6?QgRbtJNM53Osl!iIKYPDjyMY&)
zNo<qc-;5O?YLK;1rNca8XQ}0&;G8F1MDSc>TI$k0MjVBu3o#3Smx599gE6c@3Iiid
zZ8$Vw9mdjx+4^DzctU@XVL#IA7;bcQ34guplVRh@nVBLHC#;Nc*9-T>z`rODXuCD*
zmYu^={Q{18E~3{zEB7wV4~$<WkP{~Hio|a2(m-Ggx!5ibz?@Euxjj|i<e9sse1Tml
zdj4UVH|qMteb3Ye1+8fNZF8<j1<QJ2?d0<rvo@!Iw_>j+|7A)MBjr>by6<nms$WUH
zt<HdbAPZ;<`TudwkyKKaRyA<6Ffg<>Q8aO~vvxIc{9gl&Ikzoggt5M?^#;Q#o65z-
zyDC2a!(thc&C+5Q3Rqjgq|S(lC4|YjmTnHHNRna~U0a+E$6#VHTdJ@@>f5KMY5bM7
zjg)Iq3A|&6`Po@BS5q^!rpLKQaycOBLX~0cbejFhfGQE~q2z!|5pRDB)@=rRrHRM@
zOj14;d#Q;ym~B<Z)&4O_RoHC>$Jzew#5|1ls^h=_5z<>!Mt@D97ie`V{R{*1(I*{`
zD1&<L*3tMXFxmn8>eF|_il!Bm1u8pF;cCr&d%GC1+Qlvga`x?XgHkkMo2;<y4TRQX
zn>m|NSDKE!Lxrj5_Pthiql=BGm=#U>!N~CMc3Q%yn>3PVJjg@N9jy~>9zQqZ6E54R
zyT%=zlsFohTJaf=he&%%9(T|K1|X^e=tp9wH$P^BVz&)Aie$K4X$o!R#3y;0FS}_w
zdz))H+K$5II|K01<;i;xor%PzyQtn4f?_>1LRjw6W*NHQ>JBg^52R}R<z%Y!2N<f&
zhad$N`YR*A)tT=xS23r>Kj#q}mf4W=tk9x3N`G};6&Mn8!|<#fJdl0~-g}P|_nI6^
zl_WPej`BpBA5w>evVqt|j1RAII#xcZdKaw&5|by^iPrTY$iNGoO@D)JA!OLW=@&hs
zq|a@iVY_d;`-hPX-mF9I>epDt?<LJb;>8lDxX3T#H~&fRaR!%mAGFqGIR}%U68F`u
z@gMu1Z+w=HSMhT8a>h^Z=6#-Z%{Pzn2kspojhu^5)`BT4RVg|yrRY@a>ni40xkMaY
zWsA)P#q5Pd3z-{BhrOO^YN@JmzgCv36SdD#HTDWBt7u$aXP>m15`ATxh%XRzIr4*W
z=IQO>>Xg<>*d=J){YiM_vE~3?lEx&DM}C1ki>FR3a2D#L9#}KZK)a({B$&G+pqe7H
z)gnw{R~sc}80w8+^t_@sYRBYA)OoT}$bJUrj8G9K#{Kq&sLc7v>ZV{g64gbR_B0Km
zO#AMJ8kqJ(4Z0KlNf9no-*siGmoOPJrQ`o-F7mk{msw;NF3BEI*y@9zMjM7&w=u?Q
zXb<2dcqli7W8D~_PA&8PL|}QW(6Ui7dQZSwkXsh@Ep5Gr#`z3I^Bn{G;~zy1@stx=
z_OjZe#Of7in{}~)p#e@2)aQVh#t;r!_@hy$bZ#}H_v>%$Pj0DV-c!JQvJG(K@XxgZ
zq)nWh{!iqTf8pt44{KDFJpodyBmo$xkpb45;#SB$S*a~LjaRm<Q30>VZg&IVc~2wY
z^TJ3n-pj-ACfr=KA<2m-x~8-L2GpB={rR|u?q@+8gfJiqcZYx^>4{Uuu#lciha&cm
zK!C->e8Ch9Y1w9G{fnJ~raV<)+CD?gN_+HBS&(*_(K$6Eb7O4^W2*{~rCS>>*X+@)
zc3`%%f^(xaOCYQ-&g%RKA3&E&#wa$iQZhPMa#5PPwoYR$8=nI608^<Nj6rg9zU{h5
z-p<rD!zj1BNia6B>$1j#8M+Vd9ND`A>)Ge*)F92y+iGnXtH<U;oJnhIj_g`bDVq|k
zu~czFLoNd~hi<LxaqR(cQ@%fk>eeW*nA2;OR$V7jZUML{6@Ovq0o)YRu1=Fx6KUq@
zVKvoRjX`R#)<cupIz0lXoCA?h=l{)387PTd=$1bSY&lYHR@v#IB)(R&o0L+`-$%N3
zlo<UE%ABsk5RHiG1a*2JZ}7)(O;Z4)=NDDy)b2dYjY~MT*c;5!PKoJ?s^0}F4*r<Z
z6cdXq@7GV{mUt5kMLE!m`u8pPcwLu~&DM@0R9em^xEQHwLeV~dgx@q6qurbni4&zk
z#f*Y_%q+~AzbAz1zcYExiy5Vx>Z2i@&da4Pss{rR3S1A%E9o~<?qgqV*p+|>U*1P3
z>rtn8idJ<myOEri{m7K`3;aaw{k?2Ae!&OJl_4n?D-jkSYa%xCfD_|E_49`Wns_w{
zLlbNT*=UofgGPQ)yP#@Z{pk1u<Rw+Dg3H=Os`(0RLqpa~X5=xnyH=jK_bY_PJIusO
zNlklXKAA;{+99F}p{4RLYN05o6e3L@!L}v2u+i-tk-8a@A+6vQ%7JT=JP|EDbE2eQ
z*cZ*{7IL(B6e8hhd$?FQBi$?=5e6@aLz#;Q7GnMjIWRpup`Xwl|F2h!_`>^I|J@Jx
z|E!L}AZU+&1J2I@;QR>x<Ba&f&(Hr4FJ(>+Spkq0<7~TZG@zCF<r_W~H8uYtreL7}
z4w89sh_GFq2`zx-)u{tBob(k0POtlP2*i>gj2xHw3IJ*HND?NK<)>|IWU%keWwG16
zyyV&OeTz1rie@+zAQ8k6RZLF~j}B&xY>vz_C=U-CkFIDRL71ea;aOmQyFwa@w(Tlm
zadUUr5%=mg&Ipn0JiLFva$8$OqfcAJMxB$q6fH^AJ3Fb)^5__;kz8fezS+1z5z^nJ
z$=VeH)8lTK%%9%00uzd|O^qq3nF%~N^%y7=S8j{i);y`D+^rHA(PF2Du^}DeN}j&9
zMzfA8;K`k5f2H=VkIFvFJV846+;*tO4ZVJCux_n4K<TMq7MWeI*P+6^Q7+W=Z{0s1
zg_d)6mSoze$trP~1k2Iry29K#uAB|P89INvgE^RXU9jg~qEl0j2FQ_|oz89yI)Sl~
zQ=y}O6*wjskm~Y<D-oTo#^$o^?K>}2>XzHj?m9+|c2n9)$`w&_PzkeW^9L7Lyaz-=
z!nQex4e1zg&Q};J4)JW8xxf0Q=?F2i0D89y8f-Llr=wK^o}u*(NoG%*pTBHya2JiX
zT47`vN&C7J4cg1sPKKYd{ff^hwmcu4FP7*xv*6rfx@YDcCY6z)&x^i<(|xI7b_#VK
zlpijfCtByXICwC5eh+=<dmXbBq*$lt_Jg2sey}|>2Z@ABLT*xRRsj>M0O>Vbw5j67
z7i1Wf^lDPZ#H&UuvIEYR8BNCfw<l)ru8BN(rM}?0D>!l`;+;v}PqD@v$2X)68bNo-
zhaZVrDd`d4E2u=>)8<JR7%h9Go{@)49=sR30;`sF;NPHXI?344s-Ba})cLJ_DDH1~
zluw9J_R5fFP)S|VRU^^hE3g#2OmvAY>x?ZDPtt;WlY-UvwnRa?2n+f|&+CX`lp(8%
zNvVh@meoM87<KWDge{{X7{N?<1)~K#ToEVk2*WR1rkDws`5)cN=bjNi1Lt$I?-2<k
zo<oD-euMt!@v^}Z5rzgFuVKKTgZZByFAD&9(!l!PHKx*r?Gir<PtvA_^roQ2Mq4A9
zz_M^Rf#SPjiyWOY%8AdR^mc^yR^yn0FBBvR0usFUH~f(HT<OAA5XzH*HK#VGxr~#w
zTYNsC=KJbUQftooyZS&eRBls>JZFz|=ulR>aj|V!50v&>FQJ1fI3ZSq$>TNb84uJ|
z+wHQeN^;_RI=+jDU&OZ|SoDC=+DQeCH*)iG!!(9Az3lfi@@+n}+Cu>fuZ%28yeE&%
zJQxg9DrcSw;mM&uaW>+{h1V>xCMiiICHdXd1ZA#e5>b?cNW;8S7Fuybs)L~MLwl0N
zSrAG!CTDo}#UG&F#fq4qQNUgf2ngHTHZ^2j4#mUjjLV4^#-VFpQyKbT9>>&}Vj2#b
zW~2->FC+eE1)S0&{IPSpU`3GyiP99z);iKeK~3z>B86jWcfp@U9CAJl^if(0>}TC7
z)73+w9kJBzlXr)LYrzL6hEHBcB&Zsq#u%H>t?tY~Fj6t5Yn#Po#tT)3zYvWY(Q2s6
z6KfLA7WK|F^#*vC3PHlGHNdypg<EYi0iKrp)atA=cIBPQ%5AxR-#;8{KT>Xb*(w-z
zMt(NVGH-TK&h`#CXznR+hP4O+`@=2lmTtC{G2~#DG7o7FsZ64#XLmpJ1>>5h=SU2|
zjE;6rY^^g0S!<8M$_$LkY%h9Q9I@TR17Ho0cs?&r!Qg*qJdI8@BJKbh86=`_-<baS
z-m)_T%+LO7Yt5+XSfi|A^0;;H>d;@p;xfdO$q>-4U)63Ph;I&qd@{!;V~96cHSvp&
zKG)M+%|@H9(JD~2#4y|_ZI)HaXZwtQw?wHZQIuY$5U3H>JRw!A?0u4}SZ-^Dx6#e=
zbvt$Jnbx(7(a0KK&Eayp@!k7z_ThSy3;*>|^#XJioW&0{=e+OBot1xZiOUgwhJ-On
z$cqzuAP&sPJrs6!^a|F8cQORA$AdM*euN>Vk2Ch_lM6p)#F5a?nSDG2?aeWgrguCf
z#h4D0@Q`ppCA4;@@u+25dw!hz66xwv{1f1;6GzxtW{zIvg~|3r;bx6rgdjAVJYv6R
zzt9RNmqt!wx13F}5XpNboms-TME&5^fKic4sfytW!=+1T)_Ho2Nv*~TU2-T)s#cNt
zoO~g3B3Y_4o>QYN)nQO3U(YRw<lvKU6@}WX+zfqGYPJ+oP-FJt5Gp*Op)LvC?28j9
z8Rg?bU1Y|6wuKWL$9IF*NQK(8Pi*^&A>taxDeE$xU8}BGE|0O<{PkIUq8b$|bKHq?
z;ZX|bwoKJU+GI%!QTc6o2j_P}MANGA%HGBeoO_6v-54z%^OZ&=#Lsm(I!F;@Z7xhW
zdi+4nJEtj-6_8US82T2ZQqC1<+V8u;lXPHqCKcsLT-4&VkUKjt=&D(@ShFu`D*j}N
z+_QH_Ui1-I`jWk!FJ8Gv3sGsh8-|$}4y8R3m;4F%h*p7Vf8g*)BfuFGhSBf&k@N;u
zG02kA2fs6_OJs`%!1usl4@HBQMU_xaNgcvO!fYyKy<J%&oykiYVs~B;KpGk67d2-G
z!-m;i$QVLsVY<>?XK(V+z<-1LF&3uF>r8F{^8H|XccS1d&)TSs5Z9wav1RgC|AE;7
z=Sajfg43JM1RSoAOGtQTt<{DSOi!g#rGbR`2KuHSwSLm?`$}XQ#_C&(?RB>*dzDLX
zR&uz5@3CrZ5!%0+)5~WIkfjC|!f1anlZ)`xls9(=nQsd|g5Q&3;TLv&pFf8eFRlwJ
zVYU<M5_QAED`gB}!+IeK^f~9}V_Vt@)n^y+0J$^MD=m-yQ_d<fUF|2Qu(_MqQ21w3
zfKQakoyw45H`;lOPopTB`;6Zc&nB&&{87vK4^qMv_hy|TzyW1yn%EOH%i@{N@a-~u
zNiZxoKj670Lo6|uK7L(vK7i5k%AtCI@qD}pdQ2h}8RV2?fKOyu8h`zipo4_nAJ6(_
z0FEFAMr3-CTafzFd%XwvS>PQfjTE*2M%-+jn{!Aoml%fBd9lq(U_5y`We|>U?HbcD
z%0wSiB=j-)z-01nk_eL{%sy011T2kr%BVO9Mr$c!+)MmqD|qzX2l_p>JE-OHRgmLD
zB$7c2N4IK;iMFW>l#h2SVhpQ!o7BErP=UyK285%v!u}WC{y3F!yELJ%q{Z%CKyi>g
zlDH`FM0nu?X4o=XV6ztgdxHNmKL1ZCvrY6AGJFk?a>4pMrER@=x62&P?B7UceZw2{
zAV*DOs2q6+9Ch;DuAOjT9C@k-S1O0ye2dx(StxJc-;unJiFa^~6U4zu7X>QL^W~H0
zI8MbO9@Rikt$-ih{ol+vk$Z$}9<QSq6~zCDNxqPKVt@9;j<=IA(M3c{O^k&cdq1;+
zCXj<ByihnM*S`6Wmq(6&A@U6u_jt(s5rX6^LEkjvP3aMElpv+AI5v@aXe9GcK;}Iv
z-V`d%MJnb+E57nqX3U9bDdl`SH&n)s8s$VZqD<Z><t%MAwv;MurOBj?GL0&{*T@UJ
zz#I5AH_S4s7X-BAL{&OPtru?DY@wpT?r<G2<oc$a2g@K)TYLO-va++WvbMUCx^mJi
z+l6KL-D2Q<FYrma|K00C+FRr@D~`4_r0^<;WCVe(e#k{}TAb3f7=^j<>fcY{m3ONe
z;Rr9`h#3l>?Aiu@q?(Fib2E^j=5XfA2qn^yh_>;WH)AZAd<jOAVzkBvdQ&64sfph7
zWN$jE&w!bBs=9dUAAYn|QsWG0<2MP;rdAR9b1tg{Z*RsHlpLWx!gV+Mkl*>T)jud#
zvr(*MU1zhevVUy+aB6fq6+XM$@E5EWAY4WB9Q3nU1#Y0D9?^^;gQ`Ha+to@Fubpzw
z(Rn)I#FUSBTq)LO-O&1vXF<z*G$d+|Y+Js_C_EVFdsnG5OsF$Vogzytu~gz^+Pq9G
z;TzrRNz+=xA5qn9<JzLjP`-i_Sa!5mzTpN&&d!Yw^&wk*o)1>GhCO}gt_YY9ogMg%
z>SbbT839!TD3}t;dAp3j7=!DJV3R&E@{gfJnScTo(05v;`S=6+<b%58gCx={U?B^r
zUnS{*G6z>*`Bz`VuFn@t(*OEhqO^cISPWsQg}7Bj7ZYgcBFgy`JE*}xGi<OE@v{Z|
zUJ4~caw&fww$gmQd20N#A-`9lNNK-(CUDP5X}-V%A(5fJG}khbl0Jn@Kre7<egPSI
z_@o5Rl5E>H3WlUoeqAc1IfZ6Qx@=LkPut1AR{A_i3ka#`5!dns7wPB<{A;OioQ#0b
zhM%ZncLen27Pa}m-t4x6()>Isi)0kMz1*jp>R*e0J6S?uah@R~UD~x5{<c#2uh%$R
zMG5wb`eS4RQ`c6ax`A@_;(+t|H*_&|z_9QRU<y7Cn123qix3$LTbKW)4sBxvpp*Kx
zx_NYsrVYO%wXB|lCrNsV(?ZY|VxSIX2r5PTZfmbjrB3ZMv?0D12}j{WLH+sWm(0=D
zA&QNl$+vyQ-1NxJ%*D><=ko!yk9hNg!muNni?o`fzFwQqsV$gHsN}2kWz(ypZOLf;
zmmz99_rV|W_Dt{soMPKb50+!g^H6T6?I7i_8!b$k#T;RZTBDW``R&w%WjV}hRj<4O
zUqpD&AyPTfLUv5};LW3;cp?`-<=Q@%GX2SIewiSRX&Eq2p7?v{o&XLrRnz9y-|u*7
z(Wk~3MZN=AF7YnjplIbHyTOPa4!EFo6W5SD_cb3A<G`?yItcMciE-vYy)W-bb(HN(
zwvKZJr_YHE-!%ByucL^E5o(K3XUpEp4Uo$6e!^9(m5(?-Wf4e|P;#>(UNyzIQ9-G%
z;5f2tsRY%Cf&>XfDumM9ak|7d0rIKBsxf^r5Hxwx%Xvud&=?tQ0_7aCgTjP-)PWOi
zeOdtP0$R`XS0N<NN0jAEIqR}hrPzap-E)xZok#2?<_(p}ywB{+JSt6w7q%Lt2AIx}
z%VQ;$?KE{A%ShRe6SpsA+v#NNvgE1uA6aWY%ozIjT-7gQ^?il*#<@>r{X&gx(hFOC
zf79WN&4IAn2Q)5a0AGxM4xo~;Gj_55`>rVgSW^RJIDP3P)Elj*yr3dmTUNouBPdX|
z<~4P-&e`OV%%e27Nw(^pH+F2<#J#NmZnNKigZesz{*;~^kH+5`uyg%9=W`gn-`+tO
zjKcag)nhi-adwjXnC<kE#^?8r$&cTQ=zx@VX)iMT(T+9DAS&!^nCuq|u&NFYw`!kF
zlK@ik?jsZ&m7$A*PCo@VYu}{>Y9h*PZvfd#^3FJ#;^uSG>c_2hPot)@e+CEUJ?^Cg
zw|Eop=Lyv}Wb&24lan381T$Hh6-AYjps!F6oA{|og+B8mGC|==T3IdH+WE)X`9hW{
zS>2h_QmQ3&ti>3HWf+T)Q!T^mpw1)A9|h(jCYJHcg3(86$`x5E${dcF#thY89wV!-
zZV?x5sm(Y-N~$id(qvH7luBmiux=Amla+@*<TzSQjVE;Y8)$m^>(OfCWy?}mnvts_
zm3DYcn6p%_)z<{RJ1e-*&djS4V(Cd$r50s?N&N2g+%wQOLaC}TN#o!VX(sLZJRPE0
z)oj|G;Ivw1!EuQZA9yg-Kj+b$hB5q+o9!>s$eFw<C4z)(x+`0Sj5X(b*=zayFi+AQ
z0N|cz0O3o?$0Nn3#s^RlM$<vQB%s!l2n;p)gCjXti!;;@&bNCtF*3_NrRWbL-N^^W
zWP^Zvgr*8Lk{O^<Lgx7!ayImx5_`zZ-LdcwVnKPoDG!=)C(qr34&Cd3Zm={W^$rt5
z#@(axy|E7U`vJEGD{;)s>*YLzn^L$Mh@}<Oake;gWCMqeD@009tU6{FgY2kU2eGvQ
zp<@)TY!GHU)C%pmS-ZP3dH6VZnlkc|Pk9k)-f$_fyYb{e<8wPAta;;Tm(yipYH2Ot
z*r+@yQ&J>|4wAG4dTq$NH#Q<meXb+YRc%`A!UgluvKM4U3K7nwXC9D1qZQO%$6E|0
zZM5DtyQv9UWNIlVnf|c1TV*W&;!YEFAx-<h7aDg$-deKes=Z{kU7Mly)OA_lC#Dd$
z_?4NU=UBa%JVvH8HYJbMW&^k936F5p)U?#Zl5KuiDH?k4NvOidQ6%+S(v|DweT%-<
zX*$Pw6|r5i*G?I<#*zcaS0G1p&{ohK4mufummC7}pknflV+q#t=WWoag(tV%qSEaA
z062((Z=r?$;yam7j}(^-6-Z}Z01s&)n3)Bt1^D~L-M3xfJmVX}Y$q88UUez3*)*8f
zOe?m@pDlEkmLZjO)tfPRoFbK1@DRrk)ir0JvLd?qO+$LYcDS&(fAIHj>4@ZoYwVB*
zMdzGYo~#RRAUQ3dc?GnNe?TFo5ig=?j|JtTh2#E_Sw<(+ff1(a3x4MBir*S;h>;Sw
zDKfwf+7=^zX$UFpnw#I=Rus14^01~RY7QfJ?<SIUZ)nc%G43#m|JeAABp48XXOCR>
znU#m|=HZf;7r%e+`YE3X0RJCwwBA$eF5Zx`$D+B_48dSIL_u+jRrCmb$-Kl9;D+dS
zo6sz9l`TNGM&Ifmconvu_iUDupOf-%^c^7jjv1|n+wBl(l$SjYh0F5<8Jht0ge&%-
zzLR=oQ3SBK7Hicu#}#k=^`Shh81UmM7Mfc230dVx@w@Pw_D^6iNVVIPeD{PKhYFZ6
zX1W{ycUosfQ{4~5IzAVLrl?9hO(VL+&_92>ln5U{B-{ri+XX<f{pXhwGA`E67WUSE
zx8zb(_$%N3X?5!$Su2;ZUMX)W<xMYM7pf#`4mVVWSwoSgd~fflPP3tR8#5*TB^H79
zSHAWCQ+~L8g2hVE%zJg!*7WGZ%*91sw&w@z9<G9omI~dTG!_Z_eM*GM?XjE@rOS@X
zZd<L33pcdPw%9vtY#SRw%!x0)CxLm9`^ss>4H)lz_K!ID>@&wa6C9kIVL^NBGFeay
zsZd28BgWGxUeFuUPv}tUS{M;C?kmWaDK8)oD%<0G{W$83Z052GaK~Z!=MdhcD?B(a
zh5mYVyY`Py<UHeBOH!e{#S?ewH%zvlHLE|OT#5J4Et?jIT(2VIG6N7>58W2==LzxU
zh%i>^OVgDXZ1w6R*-Xk*)*k|^9bDP5sO7p-CB#xqwYqaz3WABOiP$i6KlkKP;>7}Z
z-@UKUC4Uacn_uMID-;bhn3rNyMxYen7*IuBap$m^n?<yFz_<$Q!;v<!UH22GyGKg}
zOC}L$%aWSQ*T+M0kAp-{Zm&`9Nb1ae<zp#XVx~m@O!QXF^5}E8GYP#c-6j*6_ZgL$
zSD`6=Axnk8r0fj6yr`ONXRPX0Ov*D$-uqJO;8dyoQ=;8JW6^h05(9MV*Z*n{xJ-8h
zfUkVX)rq~RWjsI7|8rh=o%HVM2bdQ=0i4|axi-11fsKi=D!{Vc<bPdDYgldZqlC;2
zM_G?;Bo}|A(p99fOad3|C!z@gliF%#CWfIw8F^JpSBeW_VSiN!Lec8ry=$JwQS}i2
zm^I|%@R&C*?s&<*oz=d$?bGW6qA_BPLcu$ZA05KMGw?-;Q(%y1kv9~_y}1(_&{u_b
z&(eZ(v$0YGU2LI-38hu;=2oJBgA%uOht<p}msGoIhO;7aAG4ArIa}#y8v9<6*F~RX
zsTT@EtwLW<d-M3-TaVI)s{vgj@6a|7Bx-GsKsB~F8^d$c4DzESPeQHIC3HiOPuw96
z>fUJ4!f^NMH2^~BqQl{vkZ7|+I5pI(x8}afHUF}TiFo0W=WgV@(<V{*up})h?j`CA
z^>1S#C^eofvJOK&%z_W>+$v$Q9G>D`&sDxr19#62LGjWJ$IHl8n&mT(R=UuJQ1ge>
zqFs<eO0H#0-{|Rj_XZ?P$E=*rJ7V(hCZ4-bngTl35<5i5<YB$#m=6r`6GlkTV7bQ)
z5L5k%xtX3J1{Z}kEY6b>Uko(x8H(2_Bk>gHvD&zF%s0uE%0&BcL&*=iY{6B=N{eg9
zK1jvveC220K5<rQT)vwx1i5&1^3<?*S9X0sxKTgecZx6OhRzF@iWnsxX&hN%7n4NX
zdQz!;K)DJhARbssi_)wxiWu?1^>L6B=1EFBC$vy_1Yfi-xI`sS?DX|Kp^n7o+htwn
zCT>KEok?SFs4g-j#If`{!J8LBC(ZNm#k0*ec}J2j7-#fT3!Qzlyj=!P2l0#77Xni$
zzl50rikz%(Bd))X_(r3w9aZCHNi?ewqa&}`^ANE+d}lAxMs6GD!JM%@g1esGxmn#U
zvZ8bB{5!8PfqSm38xRax0m1N}bHZfpod3Th&vF!}{xu9|cRd`2jSFp^PgNTs15$`e
z4U>lkE_jHqc21~7+L1|2;96N`JCZ2*gyQQD1x1aLB)A9iMmgMc_#P-@;H2j?*YPqv
z{V(C>_AqQ-OZ7^ljUg3$xKu3bT90;F^IyBpdLdd|TRMYB42%i{ij3=N0jLS8ziGy+
z!@~w)zSAC3aEw>Obw=!XvLkVB$pSoT7_oylOCwW!B<(kIbOJw!FeL{=<VPC0IIpCd
zh~G1*YZx#gdZ?o(9~;j%eNqrji7n(Py^e-_3n87ZW!(v4hmF1Guu#RgYpE8M;~=fB
zdzk5P$rMOtM9tz@%jRNeP!PhM=yPz8RKH@P<@a#T72EfuL`@0wDzz5|_1u~>tIP|5
z^5iu<1l@n-rR@ZVaUL9O0I+i#_mo)FpTAiDpazd*hZCn6=|)|{m|b2)_&hyBo~H*v
zWm@|@_xsrT`a9vUlFM-D$=^vG8A{l<k=Sdd$SJwkQ1E=f{**3gGEbRbyUOuifADg@
z0dJoj<HHyP+=~@g8IKo9rBl!POdACtx@hN8b*fauO?!ttK7-ttDaS<(^qJq*_b5hd
zenS3dr1Ma~AvOm@I`;pO<tkuX{7q0&X-jsCAAv_In}gA|BU$Sf)KemVphWxqTV*9t
zIh6*aqG0huE2EZ?ad&Eyz#aAPfZjkV)Md%v{=Uj94M(Nr$ArqMuBKzmW~bBB07B6<
zxW7m@6Tnm*uL%tAC?cTD-4r0X9Q)(@k7<<i^tJo!0(mbz4>P;fD%4O?Ez#N$p_?mc
zDTlR}Oxmgv_xiCSo~g3{E8ON}JC)+fP@+RgQ7f1Z7y7$pt5E5NW&L@!<6M1=#vXp<
z%`h3n6^|wIsd8G}8+P~Ok(cH23ZJ?WhQmlY<Ll#kN}tdM!wKGfvF@byQX+bLN}bfO
z0>8n#2KNiQ77qfPmerv}d}6K6+VE9LHK1_4^?hG1!ucaR-tG7Rq_Ic=crFGQ=rt*+
z8m`0P^lK)Jtg%>#6!M_dSf+zIK&a6xBHKzJZtZS&7)lGRM_4l%9EKHyDqd{R9~^|n
zjRIIPNsKi{pjI={=z8^&!N4q9{z7j@zB@mbGvB*lyQZ@MtLjUKr6eN1L8{3_zAU8M
zle~bI#o+33J?dj83@KrZ(Pm^ypNUPSgX96uJhb$iXeGX#SK3WDUl!Mf@r2Mhk2tig
z<7AMjYvaGoK5*s6U1V9b_;lVa-a?WPW#V#!a}}NZ7JAMi4m@?-9cZvP9g8fA1hHwi
zEeSM9$#3es-;A9rC2dC+V%k|?gh5`%!9tKh`h!)km;aQyS;a>C14QQohSn+I>Voe?
zS=^R9eJZCNg?W{XA>%ls(2nUomuS?DqE4XW<`7SzBd^iVpBvAWiy_PXd(d9OhdtbH
z=m#^20>6mqr8f#n)AzrbZDqHF1egP2n(kj4_#a=r$huft{|BHjML|YxkRK(xL_Yrz
zJv=fu8hu`0Xc>7l9fOq&7KeZYFRhVMYIU_a>fX$PJKg*c{!R>2PbvuK>0$S(J167!
z>$~q4$oya}C^9yv^5c55zJ8Us30EAJP=ni6hePfA4%|=!a&YbpemfUh>uGM{(0DA%
zix@Y~M&w5>PegMgmr@B%g~+%{7C`l~cliuPw1-iDTo;UZp#G=0o^$Do5aRQjJfe~-
za9R}*yh*q0L^a-2c)=m0&(kl2NQ%UOy`_R*JfSh3Lm78syivIgDC!(eDp(dzffnbH
zR+wHjwAq&wt10rsa3-(A%*}s%I@Im{s?7@C*j*}(%U983cX4HdtF~f*p3e_t-jPE!
zucXEaq#2dd%v}Ou2>ZG9?eyt`nJ5%m%Ey*)WE-T*S++t_hJ$jktty0)Jh_=CGtN4;
zrOTs0D-tB3)$_t`$qD-x!K1s_jr9_|B)0u%;VM#*w<iAvc|h9qm-`Dcqzr&O{PP-1
z&hc-7=P#iM1%yAcT|2Z>P-qnBx8de#z$Z7LhA_pthC(Z<NFI!3*PZ_Y3uyuO4UgmB
zjeti)Ajkl;PKu(N(4hu+QShIquQHhT*dJ#$e*Zq(g8$Z}o<JxhV<;$!mc%41J&`Ud
zI~X0Tfr+$Cr+G>;&Fq|#Tf;|rJT>AH+7WpD^T*AdrOuRxHhYXD@!DOx%8@OtnWNO4
z4J$XZnsZd_spFh$8s;$S5L0&;%zbp{073NzYfM3#zWS!8Q&(Y!i7ul>S)IOGN5_E9
zkY5}dXq_z!hGOR_u2AZ8D|PDxL%agCmUmcKH|ZQJP0l&ew!<_}=+1P7c|&7~O3z8G
zE2mY1{$=MWT@?V71t}}wb@qna0vS0=EmWt(a#6jJT6UdC{euu^=-1o11OaotVV3Y^
zXuqRxTjh^j11(rcXc(TD&K(x3H(Xn`4za@0E%72GeopRoQ!85)>aD6)8_R7dFtLSW
z$(3j_%CsvoTo3D4;-5SKk$L#4ePB-v!&Yhog#n}+s`fAk$QM-ZZz<WFgmwzk*)N8a
z=b?l3^BTLA1`ckw9BBrvP0ii~q@+T%P1*cBdR~g9o~jdT*K{X-dhHOYBq~$|T>`|V
z2{bNXZvcl3*tzwELCJE%jNT^IhM<fYS8I$CzaVKoq)<dZh~tRkrFo0%k~WXVXluhm
zge(7S47x?CBv3R0eMHKK<U53SV2Ds(7~yY9i2U93&mAdrU|MmqC8Jsu7BGvHd`~<Y
z5!IQvh_MJ?PzIEY8;&E+hWHcBuRw`+h=QLG5y*jfz#x&!i&BBq;KFi3_2J_$p$s_j
zRm-3D^9hks$0OfwnQG<zcG^R$evv?w;jc{~I|Lm9o5U_UAsZ=_%}u;x2yN))S1NAg
zAymx&F7K5y>-57$VZ|tIj>L+LG;9yKhj3>~WFX5PVUVN5h+;@=-^tun_lI-#3;T77
zFhPIL2_eiIFuv$XE<X49H#7r8P(95qAnc6*N;!^y9QNe@+cYrc-_9FaT(XCuQi2^I
z6r^|ji;<f1L@Jgc{2&MkDXPVl`wmAmv#PN+HSFTQDL_!+Q_6?I?-artjzW<jD?IM5
zGB$pgnT|bPzQpBy%iRxvg`OharZyZ24LD)S_z+>inCx-eX}h`ny+b!ticPt9!1xk6
zxUdax%;$hKGX$jeoqWIG7Ke<}{yEU05gU5MrMMNd8W&UYclLmJD;&nO+5$g=wu1>p
z=aGV5xz8><g`yL295}f4#PVEFDc)po!B1!(vJEb*ry_rYiVa8jH#6Rf?Ip=j-W2LP
z4!Bqhw#@5iQ0#wov|TG?fR0w~UmfksB7UM$G&v^B<s)UOjx(o|>q5cLUn#EL1o+uI
zQKOT{cE+3uKi}?a%f6TA!(@qD!N{F`38A7W7_N6>JeDMSav*7Xnt8LBYtU>Ghk8<p
zl=G)+5_O61g5}V})aLr*BCGR<RLhXpLn6=FN64Eb22W*x&_dLn0>?Q46}8^kNVYZ3
zM>#1QN!ApmD(NK3c`@U+bk{L!vmezeg6*7bqv#ANy4oFb5)uos+cSHqpthN&s9}9h
zML&dnQLU9tKKUg}we#ex4OuhvA5uogku&ra*=O@y+6AySx-}NMef<q`4K+Kq;s!t|
zL<8(O{`o9K-qFIw!r8*r<ln-q|L$v5b?mj&5dYYcXr+1+YyC;U<#IiY$C|Jx8n#$$
zmeu|&8x~j}Rm|QDAzN#$M>VD%cQk*qf`&_O<$qMlr?ioHKU!RjwPG}a$HmCU#ly&l
zk>khA^*4P7Nj``m^!B=mq0x!RfP>%Ex!&p8b9=tZb@IE<!~cWPuiO1|0MC0g2KTi(
ze69m=@Jz&8VE8v3_kI90{A3<|<ZEI$Df+BO{?XLK88s0e(!B~g-gAGL*zsHuQ7_ry
zC7t)scRsu%zB3VR1c!wXDLj@V2lU<x0qEY7!8V@tQ1ak06ZBkX<k!ZmHwtG&U&I+A
zO=0UH6Zl7Ov0){mT(tY>@Y_!Nk&r5^O0O}a@8rZo<Y1z5&v5woKiBeMckS`<F*oej
zUU085uP>q&ln`>y=)+$`;^5*&p^Rwt1hlXB<*oO_d8}r&5VUYH@i-MR%sZh9C(k@@
zr-soX+}w_v9abSoW8O02UprZpXP;)UER3j-<(LQa@DsfH8P>F&*-~a1ipltdf4r^p
zuyf=^%$4J~yaA<lNvR7fJ~F$a9VUf^Aw5P&w}FWfaFh;gq-Dlhl}D1C9tlM`CEYtu
zr%Nv?Axp?$PB0SZ#DAqOWn{=O+zyCS@gOtJVkkA;%a5i@kddJaLSq{FZi>rgnU|q6
zP0WjPGNz4_%#MbU%Z-&WK?lD~4>R{vC^OkkH-QC2==<hK_r-HFo06bImdn%=JU~f}
z*FgRPi@L0QvYf|EqAm;_<=4COOIEvFk{>WvkxOMjfK4rLL}RVc6hW;F8b};Lb5+zd
zaHCPzw!2P`K$k6r2|=HQSJaJwax%kQ$<tI0sfGV_7M5WfVU)zmFsr)JTinp^vw=CT
z*ZkTUD1ui}i+W3aU++kT%g*Fb6=(H*04b-Mbe(sC!)-nx)=43@Ni^|Mzc*v=I3}d-
z>^8_&bnpDBb8sB{W1qE%O><WdqpblR&93Uvrn{!6oP#B$xpNO$hPJfq@F2LdwMW5i
zs)}=vqwq+ByX?pV(QBc?C@)-yL)tdPCE*U;d7EnPCF*=MheXlv38|y{$RA{f>`>_Z
z0Af>>UV;862L(`D)H$funp(4K#7Ax{7fG>{FdrDy_{1UUc?mGgipQaE2AA0_%e|l8
z7<D==e>0e}7;u?OvAyV689y+zeyK?Iiv9i<7X}nXIxiku!@`lagv|tUA<Z^v}r
zSRjrOj(bUADHh8Lqf&^>N}aN`xAC_v59I3uTCEVM4OLCl#wN)<%ZuNsy!sbgG(Pi-
zZCdYeQf?ZVGX*R!dKNdei`#r99em3xpACKa2NX33EuuQB4Pe)-SXm6>8nxNi9HJFj
zK(7o$%eLMiLaS5YHEBIEa{WD#GE)?KAx0yqq}gdBQ3lcFH25RsDWp(go`8B8>I`*R
zA%!Puriuc6%=v8c(msa02EYbrNUQU&=$2jzSI6VW?oj|m7`jLLW{cck^o?qy;F~kh
zx;1!v*833%hsk#grElc+YLMURAmvNGRRX^C29`GhPcM)~Ah7t3q4o`#L>@-o3V4~)
z-_wEOTi-X9bs)5IbV&O;*nA}*@8~LKpqs#?TZb_%wFUQ^#U%6mhLi1*vV9#9rAwh-
zRLQ6JtE|>7McZ*$+~e@|CEUrbh1*5)vW>oEle|`#H){(_y+*J#&#E3I^Z{9rFeT)S
zDN_22#(_3R*H-HQPler7ea#CFUISA1q=g6TLL*cg`hJxtTxu4+eCf1wu9OSpM>3P2
zfC_1e{uDfAgT|CUgVqo%rNgGgC`chaucCkH)6fSjrF{@f=j80C6F@3tJIDm&j>vXY
zN_%+<=U$DYwa!sl?e)egyMYG#6?{9br5jbI-oSK);t{7=)j1*QB6-o?(pWpYtTWRW
zL@oIFZ7B98wX|xzu}VbLoLY>c^LW0MQ!a<E+xz!sEo@~C3FIdT-e)rT(wux4`>Vol
zGWL7eTtz-L6i$evvX>-lJaFQmt4&###Oq-kIXvBx&(B=5I$I)v+=USk9wu8dfgF$>
z^aseFg7!@!cY+dueI!?P5U*B(Jt9<ngad8jcWt*p`#C=XjUowd;|v2;m}<!c@F6|v
zPmzB?4q!#?k0gTliLLJ;-@ylaW-0#>5420#&)Wqb$i*3O5Q%ro61iiH+Q*aaiSCk^
zmkVq`>jOJDL-&Opw6jQR_5Qs><myLusu%vOwtR@oa)4!9xEtf<boH}=bgY(VtTyKA
zeLSQ_)-@**mtH4o=Ln~V>E~~5hU0XG4OX#Zf(r*6`&BL#pvxRbPwTS_L>))VEgsRi
zhbOm4ia#;^e&ok|>X9!HFLG!XJhJ0`jwsmmDhkd_j%u-nT$FI-z^w^~JduZGPHEeX
znRxrb#L#8%YfThIC#tDqFSnyK-MnKhG?mFZRacxQ>{MP;oScmmdSkUTRBH}SXe*cP
zq*3oKSF?o@wK6iag;~n|1+Ir^i(4~CjKY#$>X$v;Z(I^i_<55&eR*kS=tuDPs=U)9
zE{~eYXgzAE$N!CSK@ABtxB+ON769!N=RYq39qsH*9GyLsTue<Z-2a`<l`mwG6;S@r
z*-$ov7F$PB)2*XjgwqfKawMz-s3Gh^UR%x<6Gu+Q^mgKdJXt0Mh717OI_Yj|KtoG5
zg70*?{bTQKmh)xp_LdK5`oMwjJwb*bKpWrmusw|*rKxtDJb%BpYG&k~Al4&P-6v`d
zRH(Ck4!*t6si-u$xCXNYSg4z<*bZ;Tcn(;2O(vyUNMr^<E5=h}-OfYf<$M}y&8?%R
z<80qZ`NjfnNO7Ur3aZWBM2;eH&AH}^BKA0R(q;v|{#IOPqd`V${h@xjT(zY%E7mD-
zR=t!t>xxdr=<Rt|WoG^uYsjBt-!n+6!J@oy;;v!Ep{tvos&U?glYFEbF}4C9qHCX-
zwYZeJu0!Q~x?Jk8P@@V_r<IvGl-Fv9rPzFO2^s48_o@UZ%+!|_#DX%msEB3hLHiK5
z4mzs>s><&CNi3~70t@(*Tn3?EFA^pa_Dp1bx3~ih1I$vW%~Em)%k`o`kM&O&;$JpJ
z78`>O5N9um+)}1Pwc%-*T@u7)Zp62y*@8$FC}j2H{SPq6*N^VI^Uf;kbjFk+Vd}9*
z3Q*J(#r2T_p&?%yQlT9;+qoNTe06i8jMnHwhNV-cU)MP=a>7itS0|~YFewJl)p}(|
zO7qm2>)vhxK5d0$7O5;l1{SuJgYlXwMO*`)1m*r0wM1P~^fG#5C_BcGoy!<JEINrj
z#qj#^#|Swno?Wf#H_+?kik|j_-+&%5$TA*)#EpiDu}0MQy9Lkj&~vihpq@KsycQnu
zUJwJ?s$#sNn{^52s{F|_jK<C_h_Qu(kFfw^$W$Jif|)Q9NkEkLh-u@eiH@8vf2ta3
z<4kA3gIO4*4;|&NQMI1}hwWk4dQc481q2Fn*+Q~N>=N)uKW#ksAhkHLn^_WLo5Ot8
z7U#v+=P%};KnrxXj^Ty(@QG7naTJ^=zwE-3T!VXEMO#7~n2ftG3z+_n(~W}U^;iRR
zO`w2D=RY^7Q#7&umo1%v^?%MCN|a}8kr@&GWLr1RAembPDE`qZPi`%*s^lRE<cLod
zYAIBN=INi<NRKJH-hAk!@WI9dk|luS{std{VMoNz5+<`TG|hgLVP`$(?)UlmjN6Zf
z2YP4E)sMUV<S;kp6Z+1aA@Px2u&K#qddFEwj$uli5usK_u4AD4Xe*ifCO*Q=b1KT|
zb@j_y?-WLk*d#ID3hzb4+#_+)7Vk9GjK|i~V6uq>=a>x^USzUH8B-3vnPHo1$+X;|
zW{Ek}fEw!#-W$bt9yffwRmx*>C002RVo8@vj$dm&!QE~LlbmMtsX+R@nX`zCs>x7%
zevOzjbmn4`8N_Qy-P{ej17NMORkO208F#m8a(ye8_jGzo&D$tyD&ZAqX1TjBo|CEG
zooq{nHs|KCv|?Tu+8K93rg|5DFd-rqYEY*A6FS4e>6zT7N_$iHSC<fsK}U8h5}7M)
z$r1Vyx5XCz6zpqA-l88Lh#jWNJ70Sp*y*OoA~`k5Ot#x^=yfw-)am$Y^jQ@aaW*j^
z2>S>Y;twW~j$=1r4dR`3_wL?fACZ$KK9DWYfmsT3>HT@sX|zk&X~asDbE*Q%fYS#4
z;WY>^6qg+*QoHzrUx(^@G_8%w%Uw^<|L<@-MdTNY_}z~G0|0q*1NT3Pv43$>T^x-}
zoapTTE81F^IMt}h*lmd-@TBz_9w-49i!AN}AM-0%Wz`5%p`>h@LmP_J(4sBYc4}*)
z!F;{UUeWcDR6-@<(OT_IXR$w;3f}^AN)2&L+L~vEF37MI`l5)g-Iww8;Cl<4JI%Uv
z#s`jb*CiiPKa97~4HGX|$%<x2$a9N75TH)5SJO;PeW=Yvp(RO(-kL(@%pv;Zl6|vf
zh$v^n9?Wx#Od|zO(<IzZ#SM?or1`M{1P8LXIP5Q$WA{kjT9KYQ`Dp6PRE993!0$}u
zr~x^{I9HVhU#E7<fHcSYNefE;5by~E`RBwV0KY_>GmG>-n(V>{U>Ba=DxqlAyJIo^
zZ9Oq3k*oF>5W!xbZUQ)ITd)RRIxKjv1DhU58!Sd3h|7<0$%jRIttN6fdM@|)LXVh}
zG6}Yl3mfjywI*L_@$HnCp>Mh^+bA7~q125hp0sMYVo4;jSUO!90kztc^3@B@eROQy
z3a;^W1R)fx$Q=sBS#o9R1}vp+&e=Zq<j|g_h1P9bIMI!<Si^z>Ghd!6Hu^GLm{$Tc
zFO>+?f3)3X@V8uyzb6c`U#(3+5k$6b#XA0UCLO)&PT*^0NHv0W{bfBjiRPhq-co}P
z#<DFh=d+%nm`T=uhY-{<!N5c*Df2Cwas=*nym9f>rN?wL;8?nS+mSMtpYa7r$l}lV
zirhTtOz?+*{}MzG1LT>-4tUw4jh8@G5T>L5lv6rS8c!?p@hk)Kv>k_k9?75IZlVYn
zgJM5x5o-&sY677LQXzm>zuyuNY9ak1tP%kNO7j~!Z)-B5)=9xY^J-VU{CQ%AGsM!$
zw$g^u7iGlK^y*pjinnA9DL5{e7QeKuzM0jAF%o+OX-15t=0V%)1N<9x47q-vCZ^!B
zj5rg=rP~JtK2_1S-v`$&E$PZF<?M$j>?ULzu?IsAnb?{NU0V?b9Y4YnNq*YWb=z+O
z<uFhCOLE_MU+fS48I<o+VHIUdm>gbO!BXw=@UH-EWITTBH{I!bm=m~kMpA#r={ca5
zTyrlI;|aHwYa*E0ZMDix{x)uU61UKkZ}QylDPR|FEdLK>-xys<xTPJVW81c^j&0kv
zPuQ`Ij&0jEJ9bAW=-B8uU+&DT`R3j=Kkl4W>#X`!>zvwEd++z%4`9wGEOZy0(?`on
z`j+ZfBnFN#=mSup#idlPbUJD05a&c=ruNvl*<MK4nlxWAn@uYZdJG`Ie_ou-Qvj)q
zy|YG|?y4I0Wf?y&RqVF+DP^uK@99|5y{lXG0)$#PB=|yB<*IFvnvW4i7G($eO`R3V
z(iMj*@gZ7QrLfKK?*{Xxg%FI7?3#qFJ`_hdDb}dinfXln0(uQyL6aN{UY;rqny3uN
z%#;>Q`wYeWT|Ph6QC}AGINKD_heo5Y=AQ-|QSHvC5wev({hB9AEJDi_otp%Ji+=#N
zP?NO_1GJf$>pj1pp3yIDey|t3Gq!h+)S&h#kJ7FA+ME!L2;@AYl}wYenPha?@@9ny
zr+Z|RCplRj_8Y^6s~Q~Z_~HGLRK=nBK3c?-l27^>@$@I)LDgwto)mI{I?wSkBUzot
zjjd~kOe?sXmcwAOqXKQwNW_S9D@=T)MHXZ=9-=*wi>a@>_o9^fy6cag8+)!JQY_iE
zF8U{-`D!$Exv8);5v_4zKWQ5?)P>ji#&WX^_A}f09Qi%T87^2{Ulx79jN;kvcHt&4
zI_xVj{~4Uy3;F`4{q=MIH(_P|x&iniCg)u>o-28(C^ypmfcJmNq!HjLZFXOsstxJ?
zW%~Tznbgq6_<tnREgji^BvV1nzMyLw9`s#XX@@{U>de-4nPM4b>!42JCpm=npH))f
z#MeJ&FX_{|Qm9pvYRHexh3^{fesRqbtpB)rZX%Buyx&kvBJNfg>&1fts^6bo9GCr$
zEwJFwr;}U7r!!ol3N_G4Wvy)t-z_j0+|laWA}(qk*D=l77QT*5-f^h6(P+ctQ+0hx
z;^(mSCNln2=s6w4-*O&PEd}lj<55rN9D6!XttUrW@#&BGddCyWuV@mK4(7MExx-aY
z4U%eSLK5y9;qt<>z_B(Q^h-UqZ)n?-HH5lYE|@P4*+v_^`)43&ejMa#DJ)(2{_&n)
zS%T4!s$Gl(8&~ctgy#_Z$SYRC%@wATzO7vIL`JjSBzPr3b3DQfp8C;V^rPE=2Y71@
zDtFsowv!HH5r*8EJ*z)s6XEQgGBiD?8B)uj@!%oc`2bixH3~iOKVbCfIFpddCnkAx
zYbIoir=}UM8z3XYYs$Qa04|0>k{{DuP=x)Hutn&oL?l)THL~fg_EK|mAUFGNr&L_?
zhl1>xF{4Xf5ctE{vDjd!I`LU=AGJz=_I!S}^1Mpge38Lbr5fMrl`|X2D~)<*M3Hac
z8ua)jfyoaiM`O<DZ9GO1uC)|)Nr6C{V1ba9?cT+ZZy%I`OL;C4Ad*(fSYzb5oO(gm
z3qP(5ORqL327gdml)oz*XtI8n?uvm#t5zquX5K5mB#&sgj!@kz8-dqG3sB7u4?14X
zmv3tP1*hAN=ZbD|x2nAVFt>;vKjGJ9megtNR<5DJpk?GRGC0W^f=Ca?BA>8=<zV_Z
ziDrcVL~EHlQm>q~<Fz@=@zBO>1s{H8TBS1RInKBfC$vn`tZB0a?@OJ?>8kAK&YpLE
z&_K?unl@&myq3E2PALsR)xp>1i0dDDex3wdQ2<eshUrw}td9MOg8pn#543b*vQe&5
zQ_HmKu0;t^ftYTWU4P=q!jK+dQx<K<x<?~##sR-e32k$k_Vw+@5^mBTj7Ygem)v+M
zRJu;RMmImI9f7L{-4b=1Lt1H8>O{6dyBlp_M2wM4j&<2ugkHpH<FN!-JZ9ARfPC}R
zFMG$P1hMM7%g1KDJ&hIa@1WImcMqqRz@q*xDwnqN&7$@c#TYW{>Xe5sE4Dk2`kd1j
ztd-EC#+fi4slK$>A}bLEZEMuTJ$`~$mJ%jI#;b|IN^4TynmGrN?ULh=g$?Wm@p%qQ
z(?rb?;VmNF_V>qO;@G#fyRP#Go;+$4OH!rABG3KN+BEpAg;y$Fb4c4YL#$Y#oJ7}b
zW*cZ!1YADbO}%feO{Az{r$#vS%g@)}nWX2~J<d*kM?N($Z)X(BqwZjtF+pE%7*m20
z)^Bx;qiGf1IQFLbwk05uv9R7S1(Qe3rqUtV|Kxl9`_s$3RYy>x>cO(FTbD^w@|Qqs
zioCHxKkB4{16d}J^eCANS`&)E%=m#hr&YpWAu_~jPV$c|uQwNBQWkqAfvbPnSyOEO
z^zal?FN2u3hMeGZrl?68^vY{}tbLKa1Ru$OFCwC(P=ZMknZ2~-T}J6vlBD~4XKpc?
zQ1JQUarZtsrybnj(x)j<;g4hv>!aLHZ=~~Z_8zmA+a&7KrOKP6YB%p!Mc$;-K6#H%
z>->u_@SoOAID8$7+%vtY6PN{fKd_@liC8y9JU0;Oha$2aip1Aq>JlqZlkD}XECm=Z
z<rF<fr$ouX6CsS6)lw1lm*Zkn(ztg?sCQ5L>HGN7_KMCdUz=A6)Fc;iPMXKiJ~JSE
z)NF2kehMb}^Y_)6*^~@WsU59&6%$Uoc;6)frmcA?KeKJG!NJ#0>`(#1qz~!WTDT7G
zMv3wa(K^_g6oSL6W`(DsFHDD)GK34ZPM)dz+zPZ<mWQ3KlF8X;O&EhuSTDLrH0!WD
z-7#3OH?)~jdg*W;rI7Y~YXpW3kp{`bJ`%qIR5M>1P&`Ybw9clXwKv!K6_f+1@hTl0
z&3|1obsp6rg;2grd)<uyyy=pc?}o18M;4X({5@u@jNb)fKHwLt#E&DTO{U_=K$Hwe
zs26`r3#rwKibmE}3gSW*@D)8!A?lfsFmkx>pDmH4Hbi=pNOGqB8kzSG&o3KQ6E~^i
zAg2|Y`h*M;>9~uB<nQIyuP-3^TddO>&s{4WEdaA4Zh)3ddg7_}lshoL`~L0!F9=e;
z76c=(8F*b^3j(w+v9y1mzM<;oV(no0PmqHgbzN0_b>t63J|FYJcT{jIa>_vMiBTuz
zK?bu>sYX3i7>FR9p-T`^&aSg_<Qtumkz}UR;EJe2(PEhjtI5GH3L5>C<y0Op>r?oB
z=F3Zk1f#NbmdEeKckA8#@AXli;t%L+-0j$W%p768n0y$0mFqczK%y_tlzh!7L9cFd
z@jiY7L{h@Qs9fajl(PWz_uG?vbWKtKoT!Rk>X@xCc@Q=xj9V7Y;w478gAD!2-+L{c
zS^8m#qn|OwTg&`3`NK^#qWSE`7BPv3U9Mpq1+yg;6;fu&-rg#0a$b)qQ9V|FAUDvo
zZAnUx?hgu4njS)%dD7w!?FEt-YEsTjXdKH-_gl>^Fi}hGwY)o{=MN|!?i<1Vsj&mE
zyHk7k5_?R|Ai^HQ&Ia8$gxWNbn)jGXzh~T^;`q#`GGVti5o{tHPbY#B1Zt+}p(8tg
z$bE!C__|KrfsG-p8yMu~anbi)my`r2Br2ZroIcw~?55|q|Kk5V^zfiIH?woyHjC8L
z&&cSLnbUs{WOWReZkH)#uTN@<@!g)b*n|tLEG1Koh_OtoDQ2<a^{bDcab3_GasKlC
ze!)Lfa)z>mw27k>1&c4o9!ZZnYcDXtN27Hp6dfTig|I;qVq2uiXtPQgZBuJ5ls^o~
zK`_x7fp@4%Pu;Wc7VSk8#Io{g#qU1WuA<~&2i33}FmQ{jb|UU5*L~+4E3z)nNJTpC
z$WD}oUE&x)LhDxjJLeGz8Dv3eUL7;jg&bn%RqAoKK&5ebsh&M>EdBc=EEs{+;p``x
zr5>mF^1vC(5ohz(2Q=PrmRk2TlN`f=VT8~l7=(h;s;nQ%Y5?X|$Wv+;>5{Sp{soW!
zq)GWv?P!Y#xPhAz7yy<k5{1&GD0~@|$TOfbw9xtj);CLu(*qfNM!zh$w9|t-RI@$I
z*&DiOc?gCNTM}gWFGvVZ2wXqn1IS0Id%)Qm=G$Tx40$tHkWA&+YLy%HvdlZ~Mzc*x
zfKqrL5LBjU`2%cFwRhWnN$qvYf{3)(iRk9ODoX3~s?G{Daf{nqS%ycBRI(jUoM-g-
znOC)afO~X42sX(B4T~EjCtU=~;pP`Sl$B?!zW$XFgw>C4@>Y~1>Hq@VLM5|JLK>0}
zLqMw5+e}ejXvBgK&r5`FE_&!;cRNn>UH8r1h+j>0L%`mZlMY>$JLiM0(!@YRR1%oX
zglI(*O}?FJR(82BYHkvKVgXd6tGI2#K?1F`gu0qYXj!*8LF^LO<uX^NH)<(&$g|X%
zs$x%G8;Y7rW_dq>MY3td&XBm)G)=tlnweY1^wyAlcRWvZe?PR;zUa2U*fWdZK$+Iz
z37l_O-A%`kDIOaUrB9M%C_e%Z|4T&9{o0u+q~7EBoI;=8+DV$Mo;g!$z3~)Lf1SOP
zY6G4-?0f(d%CM&I-(R_xbT@M%x8Q#YwvOnmcPMc#YF{z^cT9gtisa=l@K6gpxZ9S`
zpAzV&7U?pOT7FW;d-~eo3+<A)zUB(9D#Z|S2MD>?5zQYdc7JB93z%T`ao=PY&!TlN
zck}=59zVGL(o74xz*poN^<dgJ8P$4+ws|Z$LtJ<CS)hNkFi5blei;4y=ZrYitB-#8
zl@Ue1$VvbHu9~`ov5VLL!fGqg_)3dkUIV=JeCNy|kYMBnXpx;$P%C<JBHvLNyHFbG
z(;?B9cF$SqMZ+@OEq;EFp;W%XERyg8{^Bx>tjM$*p_R?6ZuGrD($3A*enh2)yDuqw
zJ^N7b%)853yc^qz_Xl;t--$Z@{)1p9x;+3CG?+AunVxv`OWz3VhBgleg?SP>?TMJg
zNKOnq$(NbYNJI>|?q<Lolm>+%9i3z^DS!sWKK&0{UG%l9s-qEQfOa>{9`iQp4QFjc
z`VgP52xh_`ryl{CF#%p--)+dfSWvR?6<M=ou`M`hj}E2_QCkkHOG|6Y&8J?v?Per7
zv}YyK=yjtNP8vHnOHaLQ`ODH9?bCbUKLph^FZ{zYl>nIoTxQdB@UgJ!nn}-x%_a(y
z*0BkHLJ|{Otk>0^+hJbL#g|R2CTSmkPAqM>Y|LRJh73khc!@tgDz2AST3UDM@T4uS
zU}K74H0_^IP?-L`3^>0ufhEgQpWeRq0CyXH#>j{p3ahB{+EVUxchFh6y=?K=T{;Yd
z-_p>qhax$`u{_@XZHzs<W+O4NURj_EW>wYM8>4aGlFoW-ArV=%8F}$#ee(;60tneH
zHFkkoPfQXm9=5wrh><U&HMm?^VN9ktpO|l~9l$v7U16{*pYNQBNe0_nBM4Gggpf{M
zHQ1K3q0U%+5VtlNo7O|0UCyLC91nGS3>y9Ab`z!}#(@z?>7bstmq~(l!YP<?jUtFy
z&j>{GrQKzN&D)2A9sBOtO$L<R#JElksr%Xuz}qzCel<*G08-~#a(6&~V5S0}F0~rO
zXa?cSJjXJam(7<oG|?69Qus+J6zARH?F$lRFtD6aRoy)Qgu{<aJB_e3SN=Q$s7!pJ
zOIoS02R+BTujwb4hdL&Um3a%(KH(?(j!qLObyq&6)E%?7X<;4h^@Xl%I?}7v3aMkk
z511AA-dKlHOZn5~AlZ{VGsJP2kfUvL3n<uiCV<42#nKPvqxoaI75zBDsql!mZ><2<
z6dD>C=fZZH!860kN)VTnG|VWm3|0{hOhCe<(q_|MSe$O8rjE06ql+EWOzEZu!*<E_
zm|QYk_G89YaH(6IOAV(y1vKOAbgbeu0wVmZ{EXaiC7o5pG&B)bj3=EY?Pea({^iSH
zdBmL`Oxi1BRpHkfuaBbDYgm_;?BF7|$gCx_z$JV*z$-sD{zc8a0%87`+z-dkmX9cC
zt87LvqypmvF1v7qsVLbysSO5Y6=MIe$}0csDD~R0h`jVHfWuhIL~X%S))7~0RrvEB
z@{aLL;LZWLWGCSt><CUp3c2KvFR%diLlZP8xRY>4c&7ynEGs0EP~*qw>YphrVrPvZ
zsGvl{`CX$vzq$a4I7k8d<NS$_+5n5V7Q6h!dQ52O^S!V_=txAJw(1ryrL5q`R4_!B
z@hf3}=<rQfHy(fqc#Xaga6$oEQ5>KDViyN`w(~DF&)&C<3WB0&1(NT59KzGctg;2^
zWZ}imKM6bT+M~F8^k}?WEE36vgAnmnPXsz+)i+Dpj(j%zk?tqoB6I-(?)-(T2a21{
z1e=Nq{NF&C=83Z7>A!Ic8$URYVdl*Elu;*5U*wc-3$}TNX{_d#QAfF!i#keU6I|lv
ze^}z@dPR^SU2pnv`5!(>lwY{ky-W)Ia{@)eIZOEdHI`8Mn&tibE#-eC(0`st<opMU
z71<A599>yZOuz@ch%*E*2w(x&90a)R{A{78*|O-ue%8*F<9`BwQy!%$zd8H9X?FB$
zIxC|)$Ir{p8)|OUAJ*#}eV*DRt=^;5#C#U^*}_)JiSb?vl{Po(aM|uu)|KHcg3VnK
zniTh2QR9=q$y$R9Y*{X60UatzOo^>HHjR+GD&1ZpGZ`1E^Ra>oUI$kL^PN9wZ2g8C
zY>U!Hyc2WY3oj{qCW9mC<#40DQEZebBSQpv<e!k=f3RAw6wQpfewb-2?w@=yzJI?6
z1Sp+uL9;f<j9H`j;3M5nL)@w`{JgoKpwjliLHrgnBg83O{(=78s*bb#$nVq*F=0RN
zmjYqRgmKrXa(E&(TzGsww1*3IBLfSVq#hu~{c&=N)Q%ZEynZ4BzODY3TqsX?!(>})
zy7CY3e-6v_w17hIS6#D*|Eg{O_IUN5!XgfEa`_Utvvzd&&pGQqiW{CewtsInC+t)K
za=mi%!yGCqF$05AL9<RVhFrm+nlk$qc~*V9nWqOAx;L;~H0Op3u!>ikJ&#kOn&aGk
zJ1ATCj%DCQ*1PkkT{>NwjO~?RXXvgwJpS$GYPJuoJtha_rM^F0T+kO;3<eg|Gx(Ym
zIEI>+7JNJ`Aav<z1X<;)g;qa9!Sx2{rw}~Il4pEO42XxcV}bBUb6-!O|7DaeWhKGL
zc%tI18>g$Hpsr%E*<9=^!OH5aK6$jqS6VW<dY9y^q>*I|qhXg0FAzy!tr&$xFCI&U
zzF7DgxAp9|l_0M=e+$3Q;9YU*gvPU836>KD-v+zPR%UJ%b{UeCmiDcSW?d^;g*NA&
zvbnj~K`LzUZ;5DpOAT^K)&;lgAeSxBFuFO^9}v7yqWLR=gM}oe2R$WhF1l2-lu3nY
zFc#_oH&LNcC#$xKVQgcdebFs5!z$G^79*}kw60~ZtM&ln3~FfqQABIDS3u4$4!K4r
zENPY{Wb&r%A*u`=rcXl}TlHAi$f@j`c32a_Lfg0X>glQ_rYmV1;l^@^zUZY0hBA)>
zx2f`}k#5qg%uXu4wVl-a42fn2Tm`ER{0uw?F^Rbc9tOvWS4_tW%D<pJ@Zm4{`lM!*
zy5nUGQN0sc>l4vYOk|cNK{i`#2i1*NVk*)x`B+}eF+JFhP)v$Q6ja=Oc|YCp!U7bn
z`YJJEntgSF@ngF*vjf;;q=iJ_qy~f9D8}9Nq;ZNkP??$#>hfY@s7T^c*kxN@U!91x
znb>%~O6P(EQ^dVt=x<!i#G&>GTY&B`XStZ==c?_P(}{Ri6woD_Hd3a)BAT=t%P*;R
z>KT4Ws+eUW7D3y(fsG^n=ybqAMir+syAHhPv-DQ0Rp6$U0wL^UT;#5^t@&1TmqO|k
zRJ2w5to8SF*<XBvG9n0)m(<<T_{wi@@!zI$D_X7K1ArLt3s1BcdtXw1J@Z5Zy=9?r
zb@RtfNOimTu_nqOM-$vu?@-(HG>Xa1(Xx`JLV@o}Wdg>wNaz$Y8@>;iInHHRP7Say
zngS7L^1|>W3-BRTgu}6_-{Do|+83!!<iEF{2~TrDvINar5N|#ZUuJ`u#Gnr5j5=4C
zNmAe-{VF(S1DuyjNJgl;Eg8E9FoXP+b_reRh+?c(-dMF~nlJPpku67e?A<HYe~j|+
zSfpw3o4DJdn2q-j^t{9Ijnt}hg8u|J!0IEz-@ju4d!t^#J6J@a+-eHuH=ms!xJDQC
z6?noggzGDCrQtkH5pruNN*3xM`ODH7g|+qQ7L#k!UlxgYjqLBe)0s$mZB5$&ADBk7
z%QHPU)C>|@er1&WD1E-ic3}Ly3c?6fK&=~G%sGbIphV@MnJ6`Ak7`0%ZoQx^E$$Kk
z@=*{1VWr>_(2zJ^PjxOZnqh6o0!AVj>c`^0#&^Lts218m#YS@vx3dQ(bb>Vrn*JF6
zt{y51JUBk6tFM!}FTA*P4SIoWIZj(bGE`P3QUS>|LNPQAUeSFTrEC#zj8^-RosxG9
zzg`T1*p_rcZauS>p`fxjy^)f<1j2POMjYvRU7G_WcQB5lEr*^0#IyUVZRO*I{l4F7
zxas*<Hd(EKqLRv2)hhj}TK_)t;y<{N{}XzWsxqK3_#N2~E|j#8I6t>X8Ob3+G6pNS
ztTGb&@^@njMT>o_?x3R=>rK9=&?I-sF!D`6*7@{IRz{m6)$8-aBVvC1BJbq!+VKXr
zMY%zRREBMs%PbC?7T1j!E4x0%#OwKb@{2Tpgv9<!ii{gm=kNx%d0MUnKFy&ToDmf`
zOU^|KlbUwB6k$br9}-Ub?TMd*geaOhxyX)JeF{{RD#4;%u31hMLz1jW9i7?DCyoyb
zPPrL_8e{b!C^NJ`R>&I<5@}oS#o`*ev8s4aIG#0jD0IoTbh<oYC(^9G#$3{b3lXf)
zwKbJxDO}c&GRz=ngS!BLZn=@xMw@4CYbt}~<qD2T3;+IOHoe{7u$S%E-21#$PJx&Z
zrJ;Gf9{f73cs4(oA<qv;p8`=>&h^u8Zc1doslU~S^BS?7qb0q9<ExZP^F;ebKh9V7
zz5k05+@#gEZTDC8;{6KMzmNL;-$j;V;{?8a#VT~?3G4Ga-c^2VbS%tD11bdMt90Wq
zf-Gs5?X?{yVZUf3o*0TfKDNbnzwg!7Wg1-o&I>3nXlF=ZV(VPVW|K0$wX{~uDoz?b
z`%%RjPtmR0v-7%GM$DGWtq-Z&kSl$>0!9bI+?}^(wj8}?<zAct=I^qi3=N3EZsv+z
zvN32H{4yPJ4XrV+K}xS%wzKA^4@&qxG-Qj<hQS9utLX3L1++HEr&fTi`^rp)oxmMi
zE200!LW6+(V;Ar1hWz)3;p@!N#gfU`$=KA&oXO4D($3n%mC4o3*ul)$#f-_$*uj#?
z#?{S^$;sHo)!c>YpWB2|yU!}VubV6I^&b5DZNh(DN?cCqKdwnGBO_{TXXpA~ZGy6Z
z;t(^kpMowJMM;S-h6R*SKk>lus#4$*Ef{&_rGkwL*1noY)RV596g+&)8}%>+gAho)
z+uzIFtL>cg*}67Qknpw2!VnH3JV71!5;0t;731<vx--_WBIXuYEK?LDidnHj^@H}Q
z5F8l3U7hrhc)ikREiEdBs}iJz?1Y4RSkd)y%Z2N%t=72>76<~<VtZR)cJck5=Uy7n
z9>s3<-fCvEf|Zu9ERe6u4|h!gI;nt=maL8{KCxK<#o8p(7#D5}OXKi4hTc+CTvzRC
zAu{$bb+Th)HsL)HfC_4(b=xrE^jIg4gWIv$d`*cvk)C__q?p7VAZZAd0#`*W<a!O4
zop%TaGtS1kkyo#PLN%Q+xlOkQ2T6!4PM3IyM6Zf32RBE*AyAF(j}aZB-g#HAu=WD=
z&#@^ABa}TM0|BYk|G(&_{7Y>9GbR^$umJSs##-L32{XzZGggxCQeYuD6B27A=g7?I
zklG;uV4|$wiSd$QgW!UQcYEn}F_1@K3JXQPE9)_}Z~JVuGqxA*F*^M9RzFa8&pUAo
zgOvmP?Y;83^6~e`5iEOMs!)B<%;7Dg>V6tCeFY_!lxqZ{^W{dX5(IF^N=u_Fw5jq0
z(;cz!<W0yqWQ~|{Y6@^>?+0Mhw-{%D@71&8_HeI;-L+?5fnfdo4b;)=zhX2~87N+e
zQ`fQ|!i8=g65rfwGG%yquAPaCz5(N7{NiTz%*9~=M?AVA($;TO^c==8060Qg)??~`
z4g$@6+}hffeGEVeLET{01pvXocI@ohn{PXSYvYEpJHxPJB&>~>7}{}vl9%$#zI_1n
z{o14UO}gWLI1<g*6FNCoj&t3q2|R2!M{gZ9)RRX_(o+(s0lgjkpbTJ|eOJJ9aQ#l`
zaFljw+88|X>6^y8nC=j7Z&|v-yOa9G<~HXoi)%<zd$^Aos|7t?WA;_KNSs_}6C>
zbn#k&PcZQHd4$UTDFu9HNQF{S63C_}IMoV>o5;(+H*!hX@z0%rlQS^8MNLl2=pH;^
zLR<?hdAl`CZEXTYH(L1FpTEZG(!!7|MVh!7Hq{X&#w)Vr5^B@$_gM<UKZ3+w1{P$f
z%uXc)SPrXme&$W)O7FHF5=GRqj(PT^bY$`R9d^ZS#LzpHI>hNa3#tix)qCy_BjSbO
zWB)CiQ9Tm>v_9tR88Sf?Q?1x>!Pd)XQ}$QT@)k0g$?K;f%X4Oj-_U_B<xT_oSmBM&
zTi`@ICm>VT-{h99?-Qx_l`7fr>HSAT><{ywee2hrc!ZMmu|z@}s>;gI`G=b7UVcS%
z{4Fg8wJ%jz-c?^J%&X5bJupRZm40`P0vx#u&)ar=mImU_*&F9NePxx?`*c&a*J{6}
z43y65#%ph$Y<hanyMtg~ewkUQ99P^<-@Uk?>|xTUs~f1R9_6W@{q+(^g&EQv^;GdP
zmk;&4_l<W<nh5|%90!r!+v8B_vtBBYsz0NUKDdy8{UPHnSJ6GKsH~{vpe@GeGl-m{
zE6$BNJq<lnzmu5x>pfY%=oUhKc~C=-ZOxoDCL(@XcSIb4^E`^DmbF}U^OJD>r1dX-
zUSHH&e7duR_a*7CbldtnFKutp4X+Xy7B%m*B|z0%uM1~wl~JH&169|Ip+TZwZQGLJ
zuhB>cUuzoBU>o)U)*`l9!&TQBmVmZOIn8jL6Phw-oxkbEPD_yFiwPDkKDn~9lA38K
z-h1CBtGdPAQ(a+Da(OTee&%;BsXEt=Y0kK>mwWr(MOcf#SQN{cPQrlC$cYaRCbktX
z>FzVt{jui0`?-{mYg1tn6F65XsW>%0;)<DIQ=WBNbFGmn1LyrG&ro3+Jui(JeSnG8
zHrg9*()PKhJ<-4KN>5QdhwI+x4}0Phc{&r<q!dUQBJfvt0~U+gcqvTJY;n~PZ@0#I
zlSWacZMPs233S1a^lr&iO)p>BXmg=IS1rsjMTCNV?l3+^Fe=t=`&DYuINItKev7GX
z<uj_vmxea>b{zA%Kx0!M+Uj2{WK)@s4AoWFX{&1NCwN?;;w`QBaIQ(JL4UAyWj$)H
zF|#(J<`857wKZ9MZN9J~dCWX`$MbwAm%DeTTSf4K=PUCsbZ7_Ql8I#tx|EV%vOTdq
zR_Lp1os}vp#{SDDE?RxHQ6$E9yd7LOG4u8uZJWBIq8tx&iwNxBAl*~Zqt|{=<0?B<
z_4eyxrtgzibom=cFR1x6p!vcxelCC%1sb#2Y$OB3m&Y+t9g1g<v^QLU^jiSw!uqq4
zkJca;p@LE{5-K}|MmXmQ2j}=T<>h4z1I1JxyC)gzjpSH6tpzg<Vml3a-bS@&b$_N3
zBuirT#oXbl<+UiAAmin3*yTfbh6!h_r!Se;ytJ9Z&Zuw6`cEEhZu?H@h7tjmv-!*@
zt_rG54Vu?M(y|%T>fWxW`H$mQ(i!26A*xAII>DHCPow+W5=rxxd)3*3_cBQSiFx-x
zs!@4`eY&4*uIa`MH8_c)lU0-NL&zJC%zDk;nQAiYS<^j$z%iFNGu8}Q_-EW6=J_ne
zY%611Gxo$=N}ZI9aJF_7W4rhtqP-K{p?L=`3)3>z!2AGKS&L|JDOby%%qG^+O)JRS
znKlO+%F7t$$q11qW-~YmN(D)KyZm*1<6Xl{hNncF%|XR+q=HG%!htTzSO`ZnbXkWF
z&y{|GEM(pXM@=hQ^cm0+fT~kkOOob>19q>a;i(LiS+X8kY6(}=;<At$nw!IL1HT!I
zQE?gDigS6K`ctfWB7h56MtQn$daJ6%cZ8O0aq<Cpg(lM;^=!qN+gJV)?@DpDQt6S@
z)KyOVcsA9;0I)9^bzfV7=!qlz<om7JH5Ua1Q!tHb6Y+$!JQN7Kr|>W;X4RqG<CR?o
zK$b@#?s;I3m{U3w(V!$QexM@zMyz1XK=M7vtC3;I=4aR?pqbRAPXg_f4zaF=6EyQX
z35+hoFXULM8d&ji_JD{vG4gK+agEn`Y|n^-4X|01g&{dX=NaUYvB5VmhzM~kQ&tug
z*4F}>Che%UXwG`P98ZCG`yG3Ykr0f!>tdv7HTH!FY4#jXiH0(JGJIK5e^|wX^V(Tb
z=`QRG!P5xrNn@uJIOj8_7&+%tryMxvbEXJ!-_QhwvAv->j29~&mUcZ=a3qY#Db9cm
zc>2GxfE3;qL;Rb#qej(X6>A2;Xy|;q+;4$%RV7|TcQUKYID#U_(+S#1;t4u>zz0i)
z@|uZEy5!Cc`ivB7Qc<&8jd9JRmPmSeGq??)$2i@wRqw|9{+&m4<)deHO;tt3<8zO>
zc5_0WHR=S|A1kXNY6Jr8FHb<smaB{d#}wTbZt;DfkL~d=072KdFs!B_HjGhjuAYH%
zU5rTn9^;*T-tfLD5;PN=8Y+}Q->H%9Y5EQ|3ws*-*D^E0Z&eVanMTRwRMnKf)+Q0y
zGKuj9grg0XMB#<{^}4~58T?-Y+$NR?RC_Q8UDx_tl)*6OYdKfED1l=@ScF_)!UH`&
zL8~Nt(|4O|{5S1j@aa3^^Fs{&<8G1QBOoM#fr+u9!*jsEk(Av65SJf5o;c>s(UNf5
zJ_L#nSWxe`-l=DsE<T8iGY}(jyCo$bV<LL6hl~I{S3F`xX<9BHGx&iUH{y(oNChVh
zu6u#8G8JuxkVrMUG0ZKWEiQrjeBDYp8r{U993YOXKur40dKpE$Pzw!h7lH5^UtZ2`
zspGJn>>Qi0ICCBy<d{MMg`S^^q2}SPA!--Ac&!wgve``4K?K%3K6zG;JHF+)%KgUy
zm-h^eJLBTL813AH-nO24QsiJ<)JX4WPM4pG|9pE;_r!=eFt3dLk*c6HBx_km!8j;B
zDd>#9%t=&BU3=ebP{6(3Z4!Ym>ST<iWrRVH#AYLY6c72&hWZ5(p^H+xZvAd;hq0vy
zq*>v_oq&35Fe1F?EWuLpC_cKutTTEIbte}AC)c#GsM`zz-?ld2YfuZp<x!w2^8^B4
zclrjObPNi^^5+C=2u>Z9+LHDt!r$M)Em*P3RNV$&b#`T7P$1H7fx%Y|I!;tK?sPX7
zI2O%v7(F%B%@B_z|9TkKLqk{1SY>O{@6<;F;XaMP_o$L??RDPrkKe4n!i6K8fU}u2
zbY`>}61mVliTk<mv#42`3-@BsX?465`htofnZdxyi{#fU7yaCHne?{FGd`xk>{*^s
zE~Y2kgGTv~lcf_Lhu1@Ys!(0!#u33q#RDfBHHECcXmdDf=MIis?rZ4D{y_ND=|QCG
zt<Log^-~Cs$@zGYw3qP^+cE!!;HsuR4bt$f=mv0Fp=t;LdgX4fen>cZaZgH7J~nL@
znQbU2ar5FvIlqrLpwOcL$s<;@UzveFSm5M$_c9tTk|)9+n^aHOvga4g+lY=sL4}v1
zr`HP29cpsO-ncMsCpq|M5E6&pvetx6lGy{)Uq$1zLBWsc78D07K@ib@z38g2d?Yp0
z*c+8?r<e}N05scDJwE>9jw6Wg#4I~&rs%Co!K20(F*wh^eC0Lyd%Y5%VEB$ZiFD9P
z1Sqe6G`mtnbvv(4LG_^f)|aQnPrjHoZkDx?IsSfl@z)ltXzO~qR%XgeJZx$#_UriA
z27Uezp2+jq_kJ$?$lZ<YFzBT}t2=%WGz#zQH>~*Js>BHTkj0DGf!4ZZju6O4FXjs1
zeIV(XsuD9j!3by~!Tr`RO<+)@V_SsQjp(R^gOGSliC<XpmSaPk%5s0s0Qij!u|t7K
zn@XUE0;zSp4Vh@d#=Ys&uYtr_yIppM#Cp%7O#wo4+Z){lTKMg>fGyR7Hu=OaT!g%H
zO@6^f^{=qp1Yv|<BTg#~X0G(DU<G0Jw8ZlI($Jp8%Om_eSL`88(k;5Q7pcg2vNJO3
zqcHv!9~|2PQ78aZm5nvF@niTP2E5u;Q+l*0Apjy#1M-AVKGhKBB2s~><yQa<H_^)=
zJvKy>G0b#eqS80hemHSvEXpB%ZY0b>o$|0MBa}@rK`m&1k#Up3K}fUblHn^6)`gL4
zK|Qd%e%2@4pF=EKpnd)3>~-qckZGpu)uY^6!4*!S4hCEqXOP&CS0Gt&@X+BC-ETuR
z=z#bQYCR*qy(iEKTaM@O>%`$@D_U*+d56>#m4se6RJ^jIIU;?@@{aAGQY#)Qa`|Ud
zm&8&lUXek(YAV^4noX2y$41dJur{{1D+XFOmc3n#Jr6u*1IdSnpA9+_4TTdpf}yiP
zqr5h89N9Wget5A9qc$X_-?F5Zeqpw9PH+a<T;&Wu-ht?DN;qC40ekxgXc6Ox|JcK2
zx<;$PcGGum%%}b;fp98@xPJKMHq(4BpXA5am7`r<<$ZkWVS(q#8(~lK{f(I%qtQ)V
z`czmd#fh*Q%7HX#2_Af28ileMnxX=_zXNF_wV0|x+N|gx2XlmBj>?&7zy`0vh);Xh
zA6p8PJuS$RFm$Gg+U|u$NnZ@;f)hGEMZ;fPG6x_F9dSoT<x=JD&JqD~f<1$y!~9jk
z_LV{MV@e<~DCWLL9e6Zv1Xgt#hs{%aiX!@g8YV&frXKYb4+BO#hDHYdouFCM`Zn(f
zvqbyA1GclEFNOy0Z;9*F#lD+X3aYAL+YfKuFBc73R1E6K9Sh1<49bQ8Zh>ua_Q%5l
z*OO*?8V6?~sKRa_<)@aD5jLi8c=H3}$u9HB6?o$=O5<*s*}&|0P+l@*A32=AIObaz
z{S$-sHTLG0Tqx29i07bUJ%&H!?@w^TkRM4kKMEjEH5<1an{(e3IC&JZKLci!Ss2=v
zn|D2;A^X@Fo&v20ib^4cV2uY%LE)mt;NkZC7lSTDwVn8MnZs+vI)0i>&`}*P{5~Tw
z;0giCJa8BA#C=a<zdfg@GZkKa@Xdk3iA2SzK`<lF9JjI;mr#>3bEB>fk5(KK(!Nz>
zd7{dCQ>}ixAbIwrhv)YU(W#d{WcYqaWL_qADA27_Bq6H?FJ?k7X3CFlghxF}o~{tR
z{M_tjUmALDE*HGofQCQFcunXLiqyd88!E8ta}N7C=*As~1CuV#4*hE6cpmTPO#L{7
z!VNMz8VEo{97LTSxpRh@88vQ44&NvB?nIXavf{_mIl~*odI8|#hGGGjE2e@DV>eI4
z5B~U6=@Eho&We)kjJ9Izmq^68M6krTe<6`$eME_0UO@^|J>kWoZRN$vIHHe*``5Ej
z;$NWkgAbOA1p>~kz}E}yo5n|bFt^VRIOf`)GW_M)7;k+$6@vRABKtL<z|iC%S{q4~
z;3E4KLLayf*x&XkexwZuZ691U-p0dD^s$k=U0Xj<O;qI!2u&R9%uEV#l7BK91FY~S
z`f3LHV!ysqf9Oel=*uIyhds_UV*-wEvJ_7WJ_8EO9#BQ@-3D*r2cP89WA2P;83TCQ
zk-N2E`5K@Qi;&`s7<|LruMrr-Oxq#+$v#E8kuLx&qq`Kx!-oey(oQ}&F`33h^kUJR
z7-stE=7Kd%c%F?Y41zfT0w1uB!(G>u-Qm8s{@oa!d%T<BXE)ZH0Zem?n%9VLcn+gG
z&e2NOj3|-1;_%yK*?>B!QF~H^w&>h;QM0}GLM%aQ7w0nUNTf(#UomtbBMYo&^j*C$
zz`3q`P;vzFDZL%}Z=~#vvonVv!8IVMYvCH8ymWlCw-GQFoeCO{r3uMzP>le*5lYvV
z3Z546XBO!FZQYbGgBqzHLqB|d3djhnw)J=9oLdkQfAs9i$-!Yl67?KJS?<JcA*8I-
zD^Ompp;(uyQ!T8F(xmoHRC+)?c`_GSHZ&&gMeKN@j2RJ4h<6-7^@V0E(La{qm&42X
z3&ec`ap*?^TD)O%0#VkY^7`MOaQI^+jgkBj6@ggSVE&MGz}0I;fAFjQwvh2Fm`I_F
z8y^b$UokNU#<CK(!5NA89BfHf(=i8U$SZI2(^8L9F~tMT7PA)no|;}ah%Ktu81*(m
z(;}2yd7*D+z#+^FhPte07rrjsN4I2w9Y;*ubyS=!v(~vBug;vUY3`*h+;E-H7||2s
z;SNI9nFsbgJ*4CxigcgD32$t2Vy%d=<GBnIVzdg8QlsFz&LRgyA>(KV>tGTvd@-2w
zO62U^lEZ^Kz>qUB{!MZ{rz)wCBQZRHbaQB5gvWKMR9KrBEk4Qx5N;l{7t8v(=@_Cf
zqION(ZOm;RyeS0lHPQ`VO4+)3e9$*B_9y~Bo78)seI83zT!<d)-8m6EB6@_lTMB+u
z9lfI#Mf6641)eJsh<+hqBp}|XZ&Dq3n#HVOK@rWMEghVZx@l=a5udI-F@s$GF(LNA
z>WwPQzoHUDSj|af*!Zvw_06ko|EGB;J&(`~3~^Vin1|lo+hxmjS0|1?o<cBpo0wi_
zAa`42yBpo!MwpnMg|YxVJDG__A|a6vPRn`W_nqQ7Xi4Ra(1#!RCSs)-5q1!THefd>
zQ+@&k?V6xuYz{;RDMm>$Dv#S4&LAcoxq;rxL5mmsLdsHS$}D0Lk<1cu!OkYUa_DSE
zQQSlhm`y+$7HGsM6@W4TsLq15jeG|LS4PZ>g1n9`|5|AeDi-4Uqj5Ni(2J1R%rm}W
zlby~<(-}8v1zDTWJfdS6m$qX!jZm!V(hq@tS*#;Z!M4#k6}HDXb$zppT0Taxb*j~h
zh8w{E1hz*x`Eb-?uAV%d%W}UE+Q8%qot5j^=A#~|EWOG|mh>;Dn7_&0Mfazo=4q&X
zEb^~DhizaJMAt_wtsFI1m8#ZeTCb=#<>+znAxHOyW<ZnZ;8szyk<|n2i~dC1=e*_{
zO7mVUzj9UnU>;t$urK~_H$rO@HEe)|ir_O&Sp)OhbHHY5RcUXBp27G#DA$0%Z^8!{
z@ncrxH_DxlEjzfvdP-y5BRwhR+{pj5DF+{CE`}(HMD^!d49B=V|0~9JHiVm#RS@Fh
zRRc>~b7ASiK)QuMy}NrQ*OL9Gg$v)Vw)V(uNLmm4Z-4#+vV0wUDdB$BgP%dj)A-M}
zL)d!{2jTuL6_NI=5wg)c!tdvy(Id(ABK(k5!)#8e0L)sf*#Y~#*?M98keWR&!1r#D
z_z0{5;ckfV5xVQdCpcfy52&3;O&XOxsId`}EinS=0lNG={%_>svS@w~7ozw`gyBNu
zyt6;Uq@DO&pYGj=;AwzpO9IU7#}F#`l;_=+Jb`k|%K4$(VgiB0LoT*9`}N)APGa)j
zxEjdJB2xTDg~Q-y56b%szv)X_-sNglAM7u+T}^Q>;L8j9JACe@#PPmFS=?H_aRVyd
zoF*-JA^NqK0AYQyKPq|xX}}w6fj-6%W2fNA$;F)#oc-kp$U{o5vD@ILxtq{l6el=7
zMs`I6RJWrV_<__nG{X_I`KjFBh@$eShd<;<9<l5w{D(OAxIIvR7->Q>iwaLGLm;Z4
z;}?qUagW4_M}e17&uf)hX_XA81C!3_ZjgiFtidU);*^_dRPK{s6@irR*SZ5Vb2#eW
z8{~SoSNRmgSIGf(3W0%06bc<iF6jqI6#L_MPvA4!rO+PSEzlm|d;v)yI5MOM)HMZl
z3z$$e(#&GgVa_t&&}l1}#ZQbt-_&>p@K2`->S1@Ek0xBc9bFqHt7aT~@Rl&#!TlY0
zLTwyfj|Dp>>Pm4iQtb>by|0H)p@v@QSNN?oe?JBN3891Nmb;`L^*h5N(kdqg2P<Wc
zRS)|<Lu8`xrqR0FAR+%iYgCS9%&ia;pZO{LkIVGcK{{Pl<bi7O(L$6c5C%Y2+jcm?
zs%n4_88xmUT25cu$drm!KAnGyZ#@-R%D|Vq@pFhcu9Oo*f;yN)aU!%SrNFGum{}M{
zm=hm%F=gJVmleu_&UBzECiq!KaEW%`xWa|ATB&*mM^lF50A=<swWxh16xFCK$ENjL
z5g2n3PCAqaZDxoy{Pkb)G7B^FWRK1qmeGrYoEL~i5xKc+1FDF^6M6D-g)qTMbnJY&
zU}G8B7?qhK>s+Mdl#Ca2c2RO3$f{jNxrCtj<h<s+O$Eta*L8z*RP=KUrUA2BaVBSr
z`gmTRwY%9pMFT~<QE!)8J;hQeBxPYywXm+->-bAWLefcWlT7?VazKO*?jX@4vOSA5
zA`47N?W9#3+Y0mIz0rzn<U=TCjb!+oH{TuJA$EnkJYy4ypbG6&<o>tl`b-+Ti1?JZ
zBiy9FHEJ&HI6-eCS*mF`XA|A%Zq%4=?BGhg=HWOg1i6xHyh1&o7M&I-6Zuu37F?4i
zM)n-#leiJeD?zdyU`Z*q`8_UQLesUujFSi!gTkgVIFN_weWxsjp@Cn2sY&mRi`H#y
zfw7SDa(yeO8;{?C3+O*{zopcPH#r{Kjn`kgvbZa{C38!dp4CW3?Ykudwgp9y;y$OY
z?TAv`g&uNQ4}M-Uz&m%lh?1MX&G-==Q6HAK%H56Y^2BHL6wCfbiR<sWHsm=t<MKp-
zsx@R)|9nOwvLy@#;5;@wmN}vAf+kHN=v<%7@~dW-S<cinICQ9|(<M>wfcB<FS5Ea|
zXve3daJ|`ad6O(z6IR(&RN?=w!Y`$A4o@S#nxI0@9g1GTkYs`--H=smMNIRUfbJtI
zGyf~aBq@bd{_k`>6f5TC7>SNoP=5Um>-S8a@1Cv!XT@jnrXG;&tD)TuQdHB+qFD)S
zf~m^%Ce4eViCLBv4?I>SZyA4l0#Gx8n?VE}BT4tCcVJ@%3BA#UKXk=Jxf`+o*Yi%A
zxXpv|QB}qFK<6<Bo!NGJ<?O@}3fg2C%0wCG$k<xy&TKvB4Lx<SBE4m?i(1@5#2$)`
zmWc8{w<xjB%c!yL&yk}YrxCmlWjE9PBjkb7bd-^DI&9WM#SF>hloxu@k(6DG#F>K#
z6}1#%zrS3y?!yW8&wi>VV(!32c@C-YfO~6}&;`{>t%i~dB~$x{ml~n-Q<Mo(@u5K{
zTT$XBV^cQB?WJ>P4D<bNJm-~<&=fSg*#~~Hdb<bdb@5{D^{{T}_c$D67w9fX0ff`!
zBknA-qVr|Wu!_M%?g!qPB5YcJ;s9WbTL@F@%yj8`f3~6NX#DFo5YoCP099KvtgS1!
zHio)MwUs`*QCm(F%eAy5<9Z#?wc7}*N)I}xZd(rNLph`ws?DtIBkR`DH;V!2%H1+X
z?~$fUQV)l(Z6JC2jEd{fX)0r9R40n@oF58R5q&8%S1S3wshbxF5t`c}tEr-Z=v&Wj
zQ7^bQYDd!^UIZeIvVB5#D8UN+QO%UU*Y&r8gzAF*b*V@<K8Iu|6~6SH)RJJ~@K0pq
zM!cblB!$Ey?WRspK~=|5IO!Fl+;kwu011iv41Qx3;ouLraNG735U!8cBM16~yg*T&
zZ;_KnbIQ*_n88c~HNKETsdY57Z=?L|6EM@z5}Y&87Mal_a;|~`EU%yXx1Z&*+xJ38
zNjok56!D3&{)&vx;2j6?2T4MSvLAAc&qyv4KU&8re5BK+9abnDKZu+r3@0dlkfpul
z=-qO691tBOQ5kWU*dJA`k*1wf=(9?8lGluO%8tJE$$ngUOx%A)oSj&9RHF8tRnQ8S
zN$eUfOZken0Ds${`&Vs*mh#HA`EY@#@>@7}VJ}{o)N}EZZz&9-6DBxl-V<e7`UtKm
zn^JScLYCn|M^>V3RNN%gbml9`GwaijxHaHMM`L6#YLJ_I-t@VV2qDKXBSsqYIgZPG
z^BiD+CN|i~nP-qM$Ti!?9ZQ62Pi?hpOGjHY>}2p_yEu~Z5N_tpqMY<ht7tmunaVcz
z9HJ(`nygpjncvncedLT&<og<(-0zTyIfD8mMRgeqwAo=-ujD-eQbl9{kz;EoGrJ_o
zI7$dkugSuXj-s7ba2YnJ_Zq(klsIrkD`=S2<wNh59+?#{K$dMJudA%<buJ)Q%X5I<
zHht<BP;FHLMok-Nt(6XU+%32Z^+b<UHPgii9A^m(U0X{)kB=s&1!MBfSa6ye$IdN6
z^tG$PWWdd8nR{$k1pi8`B*XqY6GxIil8BEVm7dLf?I!x_;^;VoAzPLSI78P1Bi)K9
z??t+_xOfJ1zB{GR=C=ljJUQ>O@{i%wB|A^5vhzS890Et#ZE~)S*xwl+z7nMtiSLcD
z+CBNfnc(0{+ss-Q;QPz|A@v{3@&qtVOTx^W1n_C)9rY3fHia|bTjVQ$k}jc=6|_vx
z<YH@*aifp=D$@v?)K;<konV`<Syo}#B_tLF%6U;YDvOBq2@ragSl9#kr!bw{(Wwc;
zQJ)Z4II({;f9C`0D|HY)Va1e;YVT!>4BFjd9%mNFV*L^~7T{*1XT>;07Ra8b4((-A
zyCV@MP|WAY^R9%P%exFO7ccEZE$D)+GA>ODD=4L-0bO`tqY|Fm4jwAbb}i|Afl3h@
z+Hpos3T_dDDkXJ+ZredAXWtU6LL*W5(ob5Z!Q8q>$fmpzvL^=ZPGp}vnh00<dJ2MG
zki#ouPtSk7Y<nU6Hr{vR93DN`^9F<v)k6F2#^T>{;V||&!(GR7aNfLUE>)Z8n;KGA
zUrpf|v4sap0u@3Ym;<j`iTNQt=RbqVl1Lw2$KJCF;(6sxh%&G%G~2%0sEC=EVQQAI
zK`2kwd)L=Rk@pf6*M^UKzkCkIEg|#^wRUA2+6Hu~uACYAthB32k>M>j9_)?o@+SAe
zRWyw=ScrC?1}dE5k1NSeIG8hwJcxj%qAhzdYv(8q6ysx7!5M{iB5PD)pi9vjC+k3Z
zRxUenEw@z(0;C>>7+Vl?)v<=MPEqxz&}bBKVJ?cdG)1xA8BsAs8RJ6A9{N7hql%o^
z*S%P)`&q6-;^IXq1repG_PY4D*7u%w3KLpiw4kyK5qcclAAjgE>{66{Vn#?SDpQ`(
zO~&85JzOBC&6MzJ8x|aPrqtERRxcm_n#;30I&X(;?_{TtmDg{y6IfeNRsTqwZ~Pui
zwzbaU-pZ@Zbz=Jh;&YH7u%P-<9gf~sNfv0IUyQChUC{T2SqG0t)6g|mLoE?NI)9cI
z(De=B+{qrUd1~%T6>rx795?wMRA{fsTjIy)P`y2po#Xw0`J10&PsF(wi`6N`oQ%GN
zG7#0OjxoIU^jqVFc|uWbknrgtvxYu`_$h9BL2b#k2ZdU>rZ7VbL&;HE<*I6WS0H8#
z9?;@}Qit9l%%|Kw+#7ElKya?HIwa^0j<4hxzPc>*McnkSaA3cXmu-QMwiHIpEz#{o
zLLYC%NMO9m4Og(>e_DRSyl42c4`{puJ&v|C4Rp8?p-;LA_)$Hm)h~f9=@Q&IvbSUf
z)xEdqxrtj?6#WTAUB3~{*n8TfrSO?dIEY|)L2c&m@H7t78}@1`dwspX)9=(~TCFjA
ze&@J`O#GBh3~~cD9aTIakA(NDRxE}M#spJ&)QU9TNC-68r7UTcUzV_2;c0vDiLVow
zEx*!y=LbPsg0@cFkmie%G(tQ?c0I}Yw(<F8K5w+!%neEj<Y{h(i?TJ)KcWwu&Au4^
zeqIzZqlFa}gM(?F$#yQ*hKDF3QaZhC6@?ddN|KpnJ>ZwMx_g|m?i(a^_QqQ~Q_xJw
zX3n*Vl|3gQfxQLI_~5KVl^a0sE(E-l)^W&VU5zT8$fBfRTu|)v!rZ@qrbch0I+^!j
z<%fAw2M4Nj5(cz>{)^CR|L4)`<d<9!0Pg?d%KR?~B2h<&f1t_S{tMpa_w!j7O%i)-
zCzTAmus<I_BBBNXNoruvu>jS$dzv(SZX&;23QAf?GJtGXv+>${^>wUlENb`|KK5R9
zy>q?XcU@@^%$N1~{(0|a%gD*d@yx@2vb^#qwJGQmxNpy=f)JoNrV&<z^Ol%%5T5<E
zL3Yd|JPYS7JQp2gfO_AU-xFkja$ouXI6J2xO`>Scc9(72w%ujhwr$(CZQJ%=?5Zx?
zw#})zcV=SdzTL?<`H&|fpAwO|&$rjg_X&K0_LP}958Og{D9vvJ>7hNr6}X1-l$&`E
z<U?@gp9u@(Lwab)mjm&kI$;*bgMJg7Nek>ndT7bF1M#6g;TG72eiN993-m>LXv)_E
z`J_5w7wAKug?tDL`+Ats!#X_Og^OVkDss5Yc(A8Sn68m17ESb6L9kFpgbLexTl+CN
z(*PIL)V1W$$rLe7!U@}y%#X*-mM=i8dY0kEWQEp<0hcB{nJcdvgaWrBo<)ldViY_<
z#ekGThCLw2=@!qrPsVZ?r6>TfR9b!-Bx!23E(5~xqVai6t3_X3o3-5bkYb>?fJy;O
zaJU7wN#HS~51tepmWL%AQTpk5dZG36whn`iaOfNb!seZ;P;i{w1Du14**Rl`X4E;q
zxy;BN##YCtjcr|_!m@KB84gU#ekQ15pr*tLD)0A7hYG{0f7;gJ-CRI%G6oDgv&sh~
zGHqu0->Guk6rtm&t^ka}e{Clt%=W@`M8{GzFjf|A)<lP+Ir+4R<!024KsG}baTRqp
zaLk-JR$?;RyT0n3{DPd;44$ixIvJ0T3E_eRv+bOXrr8a)cPYxUI1j4fp%=P{*yzoB
zMFH;KV{BY7yl2LmH&`*X;h6AkHPQDv&W+I7PV+YFxJ?L3AThE*U1%1{w&|r?m<;=u
z)Ic05-=egxu4Qf@^?u0#1-kA$tZA!>(%3-}UnCO-IUSr0w7XKIbDw<FX}IFg^g~;p
zJrw~D{I#f7b$04OF)e0q44n%&;^acaLA>MDIVTc?O4cT#jXmSBzs0Crm=nj~$eX~S
z?b=r}a8g*`FjqqGT_Rt}-{KVF$Bw<sF8e2^?w2^~R=W6(*(}<|3n`!DDy2Rw8^2dX
zB5Do42O@)$U*l+4iz`3B)uJ%uPo_-75`S3!U5p7>u7!ejo+K%ICRc`R%vv4^pPXoa
zq$YH}?+!Oe+8p=YXj2YK7h8OnEp?>GJrX@lftwOKk~?BM0yyJVhqEUi0zkKV18l6D
zR>7EkHcFYV?krc4PWgPbb#U1;XxO>k?rf8SggP$6B|pNhtDKm-nR}*H9O%iB@cwK|
z3!{D&)tXpAZpy)%FJz8Cy(0-lY{^LI(aq*zonSt3x|Pr;Tsql}9qnpQun#|vxh;fn
z?a_sJv5|W@g<$c0OXX<EDVbxw-X`c>dAC=f`WEhy4**BD4XmTW54r%jcXA@@{IMhJ
zg6kAFg54<b0>e<_`qilMLbM{+Z)^d}{c@__v^=FRls7Jsbzye$AIk39xAQxY0I!{%
z$mfBiNW0)?>Rw2`{1?*~G=S2L0AT(mdQa%4CemzoDDrrRIMOaCul5D=<}xx5a=YL~
z_Jt1cFEFp>h4aP<^$)yn?;d(Tz48aq3m{Sts89KJawm=27xY6CP#36I^TK*#h1v(_
z+q1{sZ>Ri0_A(W@4b-P{yS~##?F;@P3%Cy4u6g0T@e*4c^(i_7W}Wa$0^t>hFYv)Y
zD)aujUeIVY#<ytT;T(xPoaCWaCAhCqFQBP6#M3Yb1V5-ZGzwDk$I$?V(11l9sMo8f
z`Wqc`)C<RgkB%$achdk%nQ*F;k*d>C^HY-hqdF3C2&e`kAClB7%7T%PQ|=gZqGl77
z1t^)Ia>&SnR~fT%=uH2rGJ)j~S_)*HgI=1*$XA;NGMiZ4q0s=JPIc<%(tw{%fYtBG
zhGrY{*wJ2vm`;+>FR}*9Du%aCy%)%{{(U?Nsvo5dK^Gs@AL7W^E>8CweR98=*ZITt
zM*`6=*c>buC>nPM?S7&6|E5h-dzQn<2!8!a;{Wwa?7tf-{@+PpWjiYqTNwjega6}(
zuHlAsR~DI5*|a<AktQ3TG$O-+B-w>Q7Kae)AB)M){vD{#5lo0V$S-aP5$5iXgXg{%
zgAQTNBaaA~zejuKSzlXwUQ>QPUg=&3eo%Mz{G)Qc>ijx5KRY|S`q_WB+|he6d{2~L
zP{FyswhdCCFZ{65DtSRHF|r2$nqX19>S0nCT9x}uwOZ3V(qPo--e^HhnAt-++F;Zj
zt|{89D=T9w9(01er3)u-6|-NX2a9z56;&Tfmi?(f0SN^=d4mw8H9+zz(G*Z-2_p=Q
zg5yA@t)T;&DrWL~b6n_Zfl6H4S8Y%@U>a~lD0U13c)~5=(QGVp>6+BS^EgnMP>2b-
zSd18!QTV&Se-{pKl!&x<97|6bq6kc_JtOyG_YqMEnV8ZQo`g`Bp>yVNR655@m|MlP
zuM=YsXm$S5t_w@1$y1KvMPOCD-gA9cE=9~qhMdI2h|%XCG^&7UY&<H~s!>mrOuCQL
zo7sZ~!NSxU+oJ|mVQLTUXu^BPEtBp%wkJffGqfjQZVd03N<<2RNp@;EZxrvF!fQt?
zW4coxYhhTk+G8KLdFTUgT@84469@F?{Jo%SUF_;;&uQ?&=t^sN$5<a&`Ha3azW6=j
z%DB|Oe`#7D7UiY$MC794$n)b?G`y(~cz2%>(~gD3k0FSu{X6u_A$jx?RZ+#(EUY70
zkdkw<B%ZLcBQ_4}B|RVx`z1I)4(la3Kn}ZoyWb4Pd#V2z<|8WLANEUN06o@AVgNYI
zM^ykl_6s|(9^;J)@VD)b71-BM|1zxiP(M4Y_hf$?toLZY8?5)g{%2So^Br(7U-KO?
zu&??4IM|P1@}~-Dt_BP-x^VZPL+LN+(SI%<f}=tZ5r+jGQdE*>mO=v}5MK_^fl@)Q
zyJsH}ExVOmS>8l~gMpw<LoP}}COrtl(TonkTMq7d9Nl&}Tl8@B(L?W}yTAzD&}hmb
zsq^^*oim1bW-Ng%`U88NYYw}e@;3F34~6=m%gvbvQ5u-lm1E?XLn^2wMv5lp9cSEx
z?crLaj9n)CIE7f1wVslXgYu|>1McI4_OLNnwUru*>|PB;0fhUNR@8SvtOJd&1s|RI
zA|~!vdmjLofyz65n+{$g3FQnu<Z2z9$|-tC`pOEJm~{N=n6pUtWmWnLDsn^~8eUjk
zq)MTg$<zf$ArKq^&oV`6w&IG?<gg>qH032g`4fz?fiS9*JqNW4E!0v%_#txDWd#?Y
z!Jt-F7pIb&()R~U+1y^gSw>_|Tsiqe)N$CYoCzk4ItsNc136Yj0${1>pjBsMRl_>1
z5?Z?453%fo|0yj=*e9bBw(#?=k4$YyWg%4;vq7VwsHm!KNSoC-Njd^GODgGb6pcHT
z%}ikBk>FKVMc2h5;)+$kA^<Eb$<$|&t!alYQu@e`&Tc4Zl`kZqS#i^9vv0F8TpgCW
zRuYEp+4wo%jvbm5WOmxSph}!-TGxrLgF=s}(ZjN$H={Era{fK!poMA=Ni8ZBbc{{M
zr_$muQ1{?O7Q076NQgx2QX7<O8LcT%Nh8b+qOaXgHd#y<u_e_O04dl^$698Xqnbtg
zJBzBSc>lV)Yj#&HoX!;`3AVcxjd)X@fJ^M0R6tdN71`;I5fQw*U#BH7-$Kce`v&bR
zRy0~i{gTtUrF}esS%gxfqL%v1WjoK;H&jZ$46yi17XzWn81QITzc@oNpQU_*1p}iN
zat=le^Y1lDH+Xp)*Fl2#i-z4qR@7vnuAMwgG%3GXo{eeMLCqMjQE#k~?meDt$=ai^
zJMq&*igx7uZ4_AU+Z=Rq64Lwq1F_c~&MgOZyRLy)l*!*8M4Ue7;4h<amva|vX<2M(
zq8@Kj0Pd1k)#)%sWEF3Y8t`boIM5PBi=%>c5Gz)Bq^pHY2?<K@zy_YA$_aT)R;I6@
zg-%dhA#6Tax>HxC|A6@8F&kHk&aGdH9#tQO?xQWu9~b+5x0m*kf}X^XA=`wu5sQA$
zupO1tp+#;QA3hjWlOB-97{zE@jgIEtfKuk=KqPy&CvL0#cT<!(D2Z`YYRj=2UCaUC
zK0?O8@%!DqAzr`^EUAM21L%*}?lz3Ck$v!h0$2<Pg*DNI+K8lmXRMyrEyF*?5K;*f
z`9P&^jvxRhY#9N{=j|h&o&tBG8fbybJt%%JiMGZxbxM&Yib+gudF4@Lwf*9pzDYYz
z)L(AtW0lmqAPo@>-4C!nlN(%2dEHc|&uUT?llusZa-M%t+xze|4{=;`EMGA!4YfS5
z5t-<IyPbNBCxGqxGW0lmfWinCBr<<G{|JatB4f<56WR2gA$)0vI((Tue2&VIr~p*)
zZZP(MH6JI_^0e9Qs%BU4-w9TF^^WwowMx>IgNj=mNsr{Q4`ER5?SP9?NW>tphJri+
zeF7uvBtr%x)Myjtk<>WO<W8kCfr{`s7|AAzL&Y-*N`A_`RzDASN&_7TEoB+8*y_ro
z-9||0J4BLBSJM7T;%UCD0~p%M3htz*X$fL6SZ)^_T93IC$R@E|Hix^h#Kc(ua`%a$
z3f2wtVErFlIu-@3+YQhHrbL^YAAz;73o3ghaUA=J9H*)yY;wxF050c0M49EMA8s?D
zC2>_+eEF5WObpkU*AdS7R42ZW<3-MgHW&b+Psv6e=Nuz}{&*#Hfv6_r_hQ7%d)&1=
zRveKc_~pOEPdVL94o>B=K##`4`kW?ie7s5swHT!>E(2Q_xme|x@RzHOTT*zHxN54l
z^|Jzqqn7amRmcL2D}{}0jrL=(Ni@2GD1OgrXRhVA#YG53G~*$+8{SP^KmS&c@vf?O
zHcqLO@4bUQu2(x*-{J8%E{~#|CVCZ45BrJr#(xSOljEC_TcJK-6R;`Jd^{9wFD&vM
zYKK^P#Aly`po=DXpA8eV<aUP#eB{qnJlF{H^{fKEoD@I>c)S|{8({tKi|#fZ)w%Rc
z^|%8pU7)2#p`9|F4ZIeCAJln{aCuGqO8-zc=dV?5I=SG9Kk8Ic;fE)JtJnj{^I83m
z*62>?xs<sd`4S=dP9SjenVkda9+qRiI;(b@_?h-kZZ;XC$O54zM`B5`0c9n`V;r58
zO$6fs{GLmA_9a$MPySwBO%aCx2iaK1{~V=5E4w@)6O}#$L1c*Hc0U}MQ4aE|wJjE3
z{2Tu5Zw{awZp&cX^!@1i0Fq;BueKG4fPOj#S0O=Q_cOu*@qI+#OX4J=BCtOi>V?FD
znP+_dJCMps!Y<^AlHgPdKjv**4H-8W3Q(6Qs6|>TWp*)&5l6@*5<Fb%SoacT)f#cK
zxSqf9yVXu+lD)rb?(uGH;msQ(rfsHRNCm{=MMbF`x~KhH5zxf=rWu~ON}VN>I>==p
z#-ug>S*$&^?{;wv<pGAwMlv$2;7M%McoW;I&>~1ggk^LH19mW|<Ot5x#R;n<f^JFl
z7#{-1i`$Vfz{*6_7(kJd*WA&{gcn^S8xgm_P+~Y6!z9M5d#^~0Bt7v2oRFRKX;|eu
zp{q~Vvcc--qEu+r&_-ReOUQVU6L*|7n^xn22iiB$?Y=rJTWDf;vkfLK)X{2R#kmVq
zJarx3G>4<7V)BMZ8qrCFpBUlSgha9{T*G7Mf4_67&i;PqEY-xobx3T&L;^nbGT&u}
zU@`0S57rbnRmU9VW1QeaeCNJEcJLqi3Z{6UFK2CQ1G0n~-pm+on-Z%iXyE}?EMT)m
zq2`K2%?U=$8HSu)%oL_FJA5lDq7cqXS{`&xo#B@nm!OT(LiKYd=wprt2=q<qQiJ43
zgAW^Pl!I<G<7gH{p^KNIYkdjkERQc7N!$IJzq2c?=>?x#X`U+3+R=qKGJ9fg|I}0~
z+D>sx!#Z|czgj#=q9|#C@}A+El25(9KVM_Bw;IlA&9B2VrHIX8A39Kvky?a_dg%PU
z@i<fFF&ZmV=`-ae)i+sZV@p#t+RGzIRlNpeMpZCHc-%_x+|1E2pR-W(n(o18j*ZPs
zt-85TsRNk3wW|)(v6MFwDcEI~evTXjfj^`P8bzzV)h_ikY9wV%tLX$?4Sj+23*62+
zl8{=1K9$T(%8Xh+USa!=`D^vjdAKcHdbzwhnN+pBin9b&%%^HmFo}C(WsIuoVNuYE
zsg1e5kGq@jQ#^xlv@k5kpe7U6#zISc2jYmMabd-%4?VFOFRCWy?up;n6hZKRbf(b}
zJRUe?0Iw~M@nE&dvdV|64PoBp;=rygTVn4A*b{4mu@9)&GcQ_)YMt6)TL*OMQ*Q{Z
z$hN~`<>TRnaqm#JBYz39(hqLlu&==Rg}v|Cto*(n_`Jd7;cu9?T?2<V0C&e|GQf8Y
z5v%9s3H8}^xPX`2A#g_u8&u+e%pIY;p_%qSzHxT{O}!&h9hhd1iPPV5qt=b1JD~Fe
zs>aeCHQR;thTIxX+okn}-5O!v(fNSc8WOtU^92UK^?KoN-w`tCA0-0iL$$c+81ttW
zX2U_!*^x>B){7XpX~BRB1E{}<ULH=Ghvh+J-3mJ%gGumikBG-|pDdXmse-oc5ey=U
zm!6+WE+O)etO7WK&2<y)P~k{56Vt`32EaoGy7>06A+Sxk2?s-|$w@>QV+o{#gdLc2
zgFm_yGcn3#^>Vz&#>6>-?z4yN?K*9$U}I|<#U?=Bk1L>ZfdT42Y)yAy)8DHpr(3ec
zaFGXd6kCOgsZ<@8m9dramTgDv(&U|%OPswL%Vbm94pWYMS)iFLPGXsW5D%%-;@^=4
zO%#=|@_#p?_73?_h~W!g+#x8<Fhp966b3;eL*<0nvt=FZF#-Me6mL0kx{fyz^}$42
zDaA!D=}_mhfl{;JX+~Jq#qLjJbIX^_x$BI$SL9RIL|yAL2{ISzE7*@qUPXxiw#@U{
z&)f-(;ZbcKt<ePMLSFk|3FW@<fxB}@A#co)JI2O%(xpaa;kk0XzAAoQCyV=&gUkP6
zn}58Zw(&xy4yc3qbv)B<b?Hd5o04p6e?yyG4t-VpfKWnC$t!n?Drv`l`RoPx$MH@m
z+1E7Y``PDvTQM@J%~teZ^iY?=MA<^#Ts)e4wsb{060WzQEA%7kw*VMd@^GVn#-!^W
zFqF8b0*BR6dHoVNsBA|M?olRgc6U^go8z4{`Sry?X)E{}!`vdFam9wU3H-cT!=pgK
z#FTOtS3f4r`sw^EV&Rwt@60$j_p3ZP{?!3F=PL#IAHeu1$14YU-cEFqVH|Omb?2iq
zHwaBXH04ZZv|)!8rEhnLVaNKo#<tY72RrA!*!V1;Q0(I`&KbX%Rxf<9{W1=;zLDD(
zVA+0R4uy96M)6^!StvQwQw|yDLB)h9W?}qnQrY2ELl7{4It?-@1`>0<V6uTa&2Wez
zBOQ{NL5q5j+3*#;q0hq?6PKeOBDeK(0Jvsn--EfMpTKlte=ps#0+#Tpx1@k1xWACI
z|8l@Js&h`6H{v0WE-E(xxAOqc#J~J(8bnJ<e5?DxS1NPR?!dby%5CxIA|TiK73%y9
zUX5{KO66GYgr8OJId(~lOL;J1N*i3s+(K{BWak$349i7w$3+sA6k!z`X?88_S;@j?
zSB15TNLTDxCTlEa%rR+<3^ajABJqkLztFR`@V62XkC=$Ne^Iws$Ij`fHO+;%rqr5n
zv)&DG0%b$NC(idpZDWl_b_rT9R?ym#&uOR!7ij`ebYUz!$ZI<q_Mo}Y>^qVxfmNsc
znnGc-n(ipe1I+GxKh#Kh1Sdl8aP$FmcSt|`-(ok83%5|x09a!MwYgnK)T5*r`2O?p
zQoDXecjVOgo_~Wf>H%6~U~PLE?Xb&<pL(H>3ukbJTM_H0bpcO9M(+50QC*sy19MmQ
z)1ZSy>?@4MtgihIv>Nn%qaTSm9gau#Z~)#|pv-h9#{}wplP2D-Rx!D#&we!pzO&z@
z+=u%mi&GQm?9_TPr*M+bW=Z?@sxv08ZE8{GB9Uwf=DgXcB!;he>1FX2(ek<lnxN$>
z1WT6LN}LQ6tyxOr%!<@GP?#vXBC4KDI`6-p=OW$-isw#K1L6e9_+VDs;T>-fA$E-H
z33J@l_LNXUd1MU6d{+Yg4Fov@@kP)pa=asj)X^)2zd?D&*3Cus6{v>(JGC}5;h=dT
z^)&nr++Ubr7_k~Yet0>-GU2vrX0(lIPF)@=SsKH==j`Uo+}8j~rlN!`ZC0O}fBK0d
zNJw(}0NKuCFM7z&GDW1~%#&Td+Y28Dw`;2I>i0tKa~BV~NrYS{K>Z;>?UkeA5vTg_
zSAIbh@yYAg{y?F+g;tmR-B0xaMK?H9ymYOlygX9g$tJqk!dO`giRdyQw-C43LL;kF
zo4R<YdNyZth6VT36Tb*x%9fyvGpkWfz@3>YF83_ud@9cB!Fg=gQWYh9_x@m~+&5Dk
zp)ZauDvs8Z!0bz4ij8N&+C?GMZ;WS9YB$K8DG+tnQXXt9M@kh*si&z7-WxL#-a~yd
z3jTuoBbuJ`HD(q3(R#QH@k+JwePUc%RrD4bYq63wC+_0$`_9Q#`-P~aPCU)ntFUTQ
zHoCx>t3*ZiRa0_7RbI<srr=Y&BTTVXC)IgkJR*4_n~65OJ9&<+>?0l?jU$e*=CiZH
zt|%*fTFuo5UU_NqiBBCxO{aemRCx;es0v+dF}cg8RE6a)$Q2<RrQ+z6GcE(KX=7ne
zt+_`QAi%%$jTad+Mep~p?w&P+SrEs)lCewA%25!Omwp3dew8eCrn4sU_PDJ)GNLML
z`g&kDvbQ|86=QP<8gC}d+^%{Ggq%0@2W@YN1q1vCO{J1IyFOVuUM^y<A+-VWvnQFZ
zJM-*AB^r08{nngemQ<nVz&%j4E|#4~k}q`TLz9+tj06jterbB?9xKa8m0o|d@+8^)
zD4dM@DlN}65V0sahVO$wjuBZ{x?g1>UUd54IpbOs;+oR%S`+M3My_BF9+n}@6_h;5
zLMmvm4CC420*?c>wk4V4{XMa(o9ytFegk|em(6ifd8wR&*-uYa#H^^8xsVN_Y`w?{
zuF(vwzNy2DERpeWc||J(o)*Zv%URoB&kmluLUO3s_rg)P;+LMfiTCWTq$Hw;BS>8f
z)vs!eSBh_QlXpbAeF{lt${PC#HHFTkxhC0+tF#x`<#&A#r7nwB>=j$p;foQw(#wFR
zl+Eh!RT-<Mm_jhag}?r*OV(xOeE8Y>^2mm&`tLCrS-WAT*S@Bj4#T#lY%N(7`0hmd
zrCFGNab3kUx8}3uxc8iVs{fTdt>xI&ZBD3*==`M{L^O5EWIpHrJ0fZsHtP8hcYBJ+
zuzuf?7(5Z%Z2fc2=t<R4LY#Pv-yW$dZfjrQX9N3pQIi1fTK4+|cI?~2E7CDRE%^Ir
z*{8nWsP{|*;O#|hHRVj<X~_sS-~s*HwJYH%r-zAUbInx6$!L<fMq_dOi3+AgZ8zAo
zWfK>mI0`panP{}u^62(Z_WeL*?fTYZw(AGqmKXAP{J8wUPLvSpJcQgV#ub2)Lnz?<
zn?9$fMws247HCH1K(O}Yw~q)O3<{{d{6mOPAwn<e=dKvzFJEMG{vry&IE?TLLxeYg
zzBIZ}eGo?E<}d>d!car_)g&=Mf<qvBxMB~blRIw2kumgY(&)672QDrAwp|-#ABz!@
zzLfj1#SqFCrEJfX5w$JC!o7^+Ck=nv9(J_`ACd7AoF4KHIDH9Bj{z4(*hX=>#qA98
zBbm5WLL8(A@bJ(a?bi`SivfUkk)TBa%TXu|6Y7Oq%;_zKQ#pj3kz0t=XwX0lWgk$b
z00<4z(TLQ-5gby|sAf?bdpL+F$C35w5<UNl))tk!LhD-$aX)parqR{Hp#d>_L=7_9
zL|4QUvJM&U^4fHG1({{TV7Jljk{>eKv|EVF5psaXJ%*Mql?{^E$gC2n4I<=WvJ4_N
zDJkoOQ^TqYD%&*BLR~l%xABBMTTX=y>f`Wt<B%0fD**5vPJ@;%-P4#AK*%x4U44rZ
zFQseP=#KHW*jtu|R1fvvSln>a9rSJYhd_6J07t&YUY(}aZDlIySFH<Dodqx8eC^k5
z>Qk({+`Dpjoev?L<#srHGyZVcTHPM;W%<iW3IU(P>+o@{^lb<=L9g>8vR+4Mq@A`A
zpsluI4}97Bwx~+><AO`<W3N*l$3cfQw$nD@q%v)=MXpl^y!gsf##0;Ir0_gm+SP|%
zX#;Z3QL8bft4G@Dcx>s4uQA6fU)oJBG2?39IMplk;(#tKXA{~4-7V+hj8D$hNskEl
zDv0TykNQzpUsBIT-x$!d!m8G?F}_aP=fhH?{56H#jMpTQPdrYwT!PR8rek}reC$lx
zgu>hFov}|4PL&@0=y{fLgYOSMb(@s@^mzj5)0b1kPd2ym4}IBL-MGc9*;l|_-qSvx
z1?A+(#^K7c?~xn*aPAXxUl$zr`oE8>`}&s8zt_DWJwH=lsuvl0e&k4g$VWW)|8qaL
z<NEiZ`)P8V(bv+u?Qvu`x_!l|mK?JnTGs8?g~pe+0$Ig$H?KWGd#=fA?)WatLC^b#
z`>vhd=%4Xffco@re9*B?V~Dpgj~O{tVf=6l2v!aG6@p`p_P)$Q`4xQ^7yW4Rb0S7^
zv0>pp;v-eDztn_peroyfCA!Hc^`SsJb)eQ*dJL}`R)@0cJ{K%YI8vHkG!~l;#rJWf
zIx~%u3w583NN*FC92&X5=MN3lNz(d%Fi^FH??YrAK(;AnfC_UfWf83+sx>T?*`@Nx
zRxT>RFDRxr!st%{89JSOI+%;#C@lZI3E6iZ*mxucF^62Nc-Z>f0l>#%4B~r9hMynM
z_((il#2uD7X<dl(E0FOxdO=h-B+%VayI!7Cky@WN4=OJS88p*ly55P?b3bW7^rpQ<
zQ(iM^4$+<J%^2<IYsi-A#0m?m+kqVq?vqpY_B1ol@A0z4d!-Qo4|6WcHonpRs;LKd
zj0?AVBcA3Yx4EI)hzuDqmu)C>Edalrt7wX7wO!@i-vx71eo7X2UaI9TplwEAB2Q60
z4Sks%&-RHnq#JzWPPcPs3mnr?Y(xGsrvRzHjE%H1q9wm=(_SRX)64%slrh@+rS6f9
z_-#rcrl?K#w3ar%Y#Ss8KNPkEeki5HYlrImY|~!m&9;51Gd6zH{-<cg&NtGBTw}-A
z(GyRAPZH#gad+6;KK>XvF)I}_?U^0Xls)^*m6RoGIsY^WyYGl;;g9V$C=>mNm$$yJ
zA>Ifam1Uv#Xzs7&c)3>!wsMi*#@3GpzPa{m9p|AHtew|QtjXt@1LF>o;V@}Nl@FBn
zM=Y#&6}Eeai9w$iGJoLYz?FS9X4`MfgKL&_VPk+XJwPCl6X`_U6i<#|2H#Qi$&sta
zd@*~zNGxmlvrLpKdgL}5oXcHq*>hRRVT%%5CF#~}<=cPfq_vvA#eGFXA~)F3Na!|S
z6H~NMT@!y8)OGm`e@s5zzKgY8170+yvh8lGB>Nn%+{ND)FvzJ`xoU?!qf>y-o=+6!
z(V|^5b!(-Sk9vP!^>nDo3EPc)rP8xOea8z`Ag=+tsUTxXzA?JM(-46pS<DYM=Ok8r
zbfR|4`Y5*Twj|l}awCb_*&v=45{fJ!yRTi;a9&VOAyD*7cfK{y;IbS%&InqhQ!(5O
z*&Q{p8ME6;hXR_i-?h%AXuJJ46S1}C*|h1^@$Y4&{&U-^m2qDCZ=>c1I)(yN&>AIu
z*6Jb~W*G8>q6nTeUU+B3<hp?Py7>{Wxad=(yJ+wM`ai+0cf@1K-@(?elrSlJ{S+P$
zBNKiDB(J2>33@})9vEi_?Dd+y;OB?W_8}j?YZLwq#@vy&Ykk2yPZHn6TL*tOm+8(U
z^e&Nj*C7^m%v5zSYTWB{(;{|RQLbn)-wM;Bf?J`%&1>$G)bPsAdUL4U8&#x+Ml~<B
zD_R9rwY0X&T7{uoV!Agh{jQr~y7i=mZnMHoX{h@}|1xmSvuiR(GdZ?Gs{IRT67|xH
z%LO&2Tk(&GRQ}|R3dSA+kX-O1M;rq?TqtyXU~5?HkUs77C_^58Gwp>9$ql78zc$FD
zhjs`F7DhY6o^s3Ww4auUkDg)0!@zVzNhZ9j42=uriRsI)>@rK_a=HSIDXOw<+eN#&
zN+0pXtD?1^&owFe2eF7=F3CTx)vR!%Iu0#yN;W`?HN2&C0~H#_3p|+YX!HNrnV&r*
zODs^*EKLO+DkdLL(mJP-_Y^l-qNHG%i`o~Qvo0aeOvwa>{t~6@n<77?^94qf=H)M2
z%P@>v3o)!(OEHKnW>&JPENVt-Q3IyR+Fv(8=A40Qrbq&9{u&3`OeqImN=NB;?xh!S
zw5l1o<u~B_tD5c--#Aw^yCx@Fsw<u~KBXmhLe5fRCQH+$Ycr`Z1_Xo&5CPXc!VHj{
zYXpujIe{ou_aU&<97C3B(jzoiqeHef>Jpta!67_o`H`lZ_DI*aJhBJcRI5R>w&;?s
zOuumtIG?iyVlMrGXl>IaUm5TW(l31^8=yI-4P0GX2jSMdMz}EUk*aTc#2cVndI#y!
z1c!8O;v+~m@)57^dPE%Xf0PUCSQ-WKQqM!Uu<(&&`1cmA-}}fppu2<)0_`5zgZW@E
zlP2(o#^aZ*<EkdNux8VjNHG1BAlom2bGh-7*)yeDB_<GhUSPV6%JlyJA%cW}Gy$X_
zV=&4@^y~&@Fti|57;l&lm^qAQ)0t2KEwD?BV&*aZnOp&Iund?+3}fb#v3%s9X_!ui
zlZkxnARMqwOc0C%rjvnu@*p0tR~S!53jLWZ0emnY%m-v+)n|(*zSqd7ksdhTbo)mc
zQYtkqkPnGh#}j^si(d&aN+MLskoeW;HM_2}aCqpKyRe+N>|;&<C&wIjCEcIIdfNE)
zA=sXLMfP;z_kUrRLQ29#G5xrn3t)f!68P^%5&i>7CgN^nV(<KakxMt-ke3m^b*xNk
zj02_uVd&UYq<;}kD()d=3fgD3lQ=NcVk0X7QR+xpdHg&zs?>(!f&>K;1o$C|!F6OY
zlodibPFS8F1CX#Xa`Vk4r&4;JZwsS*$$f;U*H;tjC@o>la~(}h%uZ%U(;r8YYJa|O
zp!~USdm}dqH$twfW>jE8<3-8BT^L9(6G^DY>q$yka1xB=esv(AjirHNs2Gg@FpmTP
z$W#{uk@h5%5{>M`J#v*8N%Zf<hrXzC<7s6oJVkr{k!HXg7=t!*+k`yi<M&i>QseN-
z-T8YWsPq*ag?r_ZX)4`?dy5FVL+~m%Nh6~rhjAq1;PyoR%b?AM1L9epwbXW~xLwJv
zcdh>J(gfLbtE~o{>vvu-Qu;b_ThpZvfw_2Wim|y<89@N$+1Z+CTQfz@&52UcNLf0S
znae_hvJD+<P^=inH@E0$>J#={3QW~C3aA&?s|z#;PQ?x0N;B910JoRuLr>>%^>%{{
zwG=!bah_4;qH@b~dg`e&ly%G}{VHP+72+}+1clBk407c)BW+O|3zzxI`olmr;rv+H
z<A%R&)?E*ca<)Md`P##w<4IE7l#xZzPP&Ii<=aFc{0Wb<(&Ju7C+K~O)3y&|hC7Ms
zCx3uKk-Bpf&IH!<Qb!tTL(AeBm1z44t^riJ6Q?-&n|fbI-n*sE(CWFU2^x@#Ct1@v
zMd@SU#l@K=r!uV2e&z#12AwC-8%XM=v74WT`B=RL?%BVzi{@K@N~zwLku%amy5GUK
zGS-Od=|<a$B0(ujygXq*?!?jT4ouOq8`vYB-n`LWw=oQC`bHSf`bisa_83~T)b$TX
zB!9I>>W4T&<{!{t_oJKdNs}a6|4hJRH?B$^OQjmEh?1>g^{+Dc(g1gd^fGLv3V_$=
zjGD)s$tshH)Bj26RB{(1NDnW)@0cqWIpui62+l>fU5-+y`;s;UUiS(j$Sh0xKsbz9
ztU~MWVDOE+H|UPaYgp<6Giin#=S);jgpn|mnxh)Wl5o9McDq6D_qr=bFRn%z`R5?O
zm5#FV;>Vw}nI+dIxF+uq?jtgaL0S*7#K*12U~QJyzp3Ky5+z@?2n{+!6uNE)nSJQ%
zRCIR0o4`N%BLY+xoy0JzN#QMxzGCmmqT?_(mXX?`1Da~M`cCD~v06Jc+#kV8nXjC}
zR9(V!wfi+~ZR4rlcAZ3cn&y<!4ggLov!3lP%~GGn5*9V8?vjjTfkTrD0ytt#8tHt`
z()!sg-HsyM2qhGW$&Q^m<>Bx@k7FJvCETBCLctyQ6hGfzg1(ghRvl$!jLK|3nopLx
zkt<@Wl_o~8%L>JklP1Qn%M(2zqP3b4=>+;c*Cjuhp*cJj6Wx=YP!!!0nb0R<vvD6i
z<^IdQ1H1y2?is<U%Av#7^w`PCvpstr?HM<G*i1n!BOwlRsw}_b3ZDd5j2D-#fEttS
z!iFv^CAKXY7k;JzW(~vcy{$?0eq%^6rYHbi4Wy^`Sk&(M5tw!ENcRox&hg%G;Um_|
z3iHYCmJ(#T-n|LJFFyirn@rCP+GK$G*uGMOi5A!Rd}4!a+mp0V8=aiqXdqUD#yU%Y
zH-u0QQ6Ui*#T=G|S$)At9T8d2`{;B+D@FQ_B~|resk!ks2G6R*@-`bE{}W>^QI~3g
zQkadR_wg&d?-i#J@w>b0DRQMpW&#E4pT0<lEZNyP#X0$mYDMCalv#bXA^Q-{6Z6ff
z<g-jJeg*)gmnrB_)2XC51gWFXaWe81St3Qt=n%KMw)ypJs?0Q$np&n%MVjit#zf&A
zeA(a*XBLiUTmpmm<Ow-g&H*h~lsR_*3x^*HoYN`n#qWtgnn!NR0B3(#Cb26#jUj~i
z1w!nWQg>wg7V0ZN?G{uQnU#Y~(_VWcwumSedC%c13ug#>4`B;spM!FGKlug3Y*^1>
zDddn?es<vXo$U>x7w{qR0mq5YHxfSiN{Ta?UxTh@K`+oH{_*>BVM$-IdXR0x`$e2(
zUtzj@kls&;S3Jt<fq)RVD|%f$cBzI=RU<y-ICu$7!PNe}7$?lFBk+bV&b~rBF4d%~
zLr}YvJAdbo-HjfHI%R&!xkxRm_GpKzLrzXVAh^{Mtg1~;pQxbbw!IBW^Y6YaNplOH
z8%Y6x_i8nG>BylZIQ6ET7qVt^-<f_9HwSjsVOnx1;NHD_L!Wm1s+EOBTX4ea9?Z{B
z)&-nY=8No49QIgy9OlNUhKFwuWMQLG7tYAP@9}cIEU|C^H)4Cgr1YJqCqCx~kjIlR
zy>Eoi#kYVoGJ4Z+Kk3t#P<QMkhlF%@40X3B--y=>tlL-WQr^s+(g#%EXx**Y2dJ6@
ztRIrpO@?~pA7t7jL(&o?*qn<+*5Ml+*9E!v-xvKx7dAQSM}-0jIoVx<W0%ge`H>Wi
z^-&(sJXc5GJ$}Fc-)tbm;Yp;?4@g`J>;Hois$^kfZ*3xEZs7Ri5i&8b`CpV!H7on%
zMND7Wr_3obk^$Hbf50zB8bU-sIEf>)Kv95xyZJAh-UF>f*sM(xdhO~G%?d?&_hm&|
z_J-R)T9hR90{PF~<|Wq)4wq8qoYr~0oF)8AX}{(_R6bkxK3yF)^)*dR$Jy7}&)sRq
zKL5P7?st!`bwTPu(C-n4hvs;QrU>zSW5i4z(plo9?t@vvc-`lM%Dl%$=lNc4qNVxH
zjqbCfbDw{l5EN5xJREyMl)cne^b+@t2;Op;MRPbwN9`=+#*f7;buaZ}YYvi`YP>JK
z@J@^*_;nKZo#1va4ET1Q_G@8S1vLX&b07Ud_@4Hn18LHj753Mi;j?A=t&}LO!-d&V
zrL9;A&SL^j1v{q_*V3Wa&<Vvdgg?-pU}90Z;O$;zYc+~avIX>5s&)yqI8xd-agK?{
z?#sr2yq*SePkD1D;4+b&IC4QR&9@j~t;Q0kL9=(RkU)EuTv;1QQo)gYL5KHWBJ9CN
zusMW7Fr=9@3EV=Ehzo`CEan&M2y1C`FomUo)HpgxTN12V&w!ZnamGK{E$e8uCd)|7
z75&k!XAOkBE69@8t=3dFaX;kp8c`ye?WbZ%N)Vb?MB=sO`i?({>(o-pgBfS=^JgiS
z4Z?asi0q#4La>xY^hj3{Y!IoX2@Ewlz~jorgtjD!1;Rt6H~KtCNGi1NV`FXX2E%IP
zh8DBDf3ViF8m7%+Y{shNVB)u2cEyJq|0+<2R>-TW2re$ocGj_@$b}dwNXi?)hVlxO
z_^i2Q0irzrC@A-QG|_J%vBxNj-&l-u)U=9_xL4FsW-3kg%2PE>Tt2kg*@Vkp9Li$t
z?mBjru!_|vFbkbG@zt~t`I_@GRek*pZn?T*^mHrPC+d?q=!y|A6pm}p8k)7Y3=!10
zJXkTenlHv<wh)u!(@7B5KtMZj029aqZ9?4*z{w7t{Y!bTnKUhr%_?7xrDcm9wHl2U
zkR1h;GJlyUbJ&620&ELgvIZ8zcjl#XIp|;@k!jx?mwhkM5Mdhfe2ap>%83^n?&?S+
z?2}_<1SH(g06sU)Sj`N#g9gnvl6eUn+de@WgDYh0|E)93L`6=Arh%P`@Su^uhM#44
zDr^`2o2rlu+`Fgza@0kAZxpKfVIPd<cBdNu&miZY)QN`}^M`#h3snP1pZNWcTadV^
zRx+f9V0=5`OELV=&vxDRYJn*HsdhjR;vdo5So}XDBQR|dV#2L94@1IZahEG+qf7=f
z!2sV4nxaD{P1+*3g7ZPP)!Az?m`^BF&JPpND0$M72xv;;4)?}?#<w~l8cD~?#Y2cw
zJ3MqRx5&k)wy%mFrhyl+xdHNamW5pJNfq(g=)?&OPtPNJ@2G(-mr2hoEr;oIjKpGI
zJ`@=XyO`xUSUG~qEVm4d1f*pQJC<#2@v!&dRqRMop^eOME2H~_5;0Luj5$mu#G^wy
zGJtBztxW;l%zhZ<e7Go&w#9pDcvx%9aK}xFzb9W{o754)GDG?cpE9m}e{=g*uQ0JY
z?HavAv#&7MJM~QFYnDE(b)R9R@AM|e$=Y9o&Y*i?RrW-lL6_eyX4(v_+cz{^K#pH>
zM*E7U38|TwwgZ$*aa~q1+2}HAu$P8yGqia;g4P?{Cqe;3nJdIesMF)zJlR=|C4-#O
zZ~Ewenyfb0LwB)4-5@^aPrN{<YKw=24d9rm%bYvTdAxN{YY|bR2mK_(S!{<kXlX(f
zFq~nA98&Ams>oUbQ#9~2Ph)x0hguOqo$WAnv}B$aXI!S7b;)&H(REnG)p&)^gxXO@
z?Xg8?LZRD%^YU@?m<YW?V_vwqQoys4@wFCstW}^L+AIfqlACpE26-)cVHQL1O!Cz(
zjdL}`DyVmkGzmMlz|uf|zi!o1*YP=~5zxwWQy7uD&?>nZ@;*Atf2&&WjE(afGVNgj
zOYlm<DYkqj9C^Od^TYzrMLdo+2;LA8l*!}4aD`{3%|J4Nl-NULnLIE>jxL4PQ=MRl
z%p#<&YU7m2Cl5G6EHV*OlXc_@3(QnRKr`{IPSxjJw_v(YA)>gk9^;BtRLABY@JM!v
zGAeaVYKfS6{HtBwa>*>rH3CtC<i48mKD83tBrUvSnBNuAwDYk4F_6BW4*d3H7?k9g
z7{c3kh`m3#DkVoAW)=B6*PisX70@Hy@y@Xp2mFH7!OO3WH<-l{?&Kca4WIB{)E+!~
z<HQrIw+rd{%HSJE-m-jzbS%{#+Rat*8?mj&H5=RqIj()s)R%KLtq?@3e(?^$?4IRQ
zWq=0@2}dBG(@15}B8Ol&Q}GHUw~SqHXJ}W%7k^f9vbv|0#zT1{q>FrvDn)BtlKM>b
z3f&XdCL?JkRbio;xIEd2LCSP8NcOEWTIx_J{y@P21lqWzuyTbw{Jwr_Z#Gj{>oF9>
zoc#Os1O2QSa?fUJyie0r6~-W8${@ESh>~lpTpg&edc~<9r6trEV>}^^S!c^2&*zom
zoFgm51pD`|*tv^+kVld}-2tG^8nim5FnC6_z7d`eu(*k=zqNL=oMtC?PR_UM?Rnr&
z0$bnU9-sIlT^s|{k0`#8P402AzJ55}X-wep#L!zv6=2rjxh4A{l~J84cp^RON|dfD
zngUh#xh`AXK*f`MziLa$$dTOTW=0g0O_sBQREpAh>7W8xP+orFeMD1vhkLw$%6yVG
ze5F@@WWMep8-8L_y`FMBc3D4ici1^PCo^1KH^6F4=t`iN^w;7iT`W=i&1iq3rA$5Q
z!b(H-W+ugPljr@>3y@=fE&o=``{#H=8IX`9WGnNPnk4kEnTw;;{zXg{u4n#?A!X=~
zlcWBWh0}@!xOz-1jYPPrvC3(d?48q5?qQ<Ug}plG{`SEu=Y#_$G=)A5m1U!Vju2#G
zUUG76>)$?m`fI!keg5f$zXypkv`I}`wM_vj3@az;wJ>y8rlxtcRZi8+xG>_5GiuiT
z9s{Im++KMb`>NNN^Uko589CX>oO!QBXd>$288m+<G?J$ZY!{<%tWuy|CZ;;KgG{LK
zX(z(Cl>>UU+NuO?Ru!d=t4+8OOlM0T%>BLZ9?a3j;CLhL4;EbE*Ic(n-~u%T>}M}H
zNdeOEYH<~($Y7Nye5^`Q(3-^>4xs-zS~(DrT0)vvEYbzDr#A#m6~tdT>|{_24`K|M
zKaepa508}D8PdG{2mR^5=<$qTd>Zts&wB+wthPTs)Fuv-*$I1V&Hf5bg-T5ow5k;e
zPnn=9#sI3FZI$mGqBQ+gU1+(KX{mEVs_g^!yNyk0nVRY|G*<prr~M4Wc~1)vy$l$A
zV3p3R?;AyHP5MKG#$-X;4<P#67&GRJwjO0Hp12O3C{c$gXF^xz25mmLsyUi%#k<X#
z6#6MDy-Yx*v$imKY0Syl_@3%qw933;%R3ZePBvR%8H9!uVa?C+dh7{(KUEmKExD?j
zH)XZqd?sU{M-sqgCOSsXe8hR@Sik+pg7fijC#^nOVqGxzu!l}LREL05cIWIqeLKa&
z#H3Wl?3n^Bn==k8b$MB~us&Bw8(+Z2RN{Iei-R*T#H_Ir9WwaLmQT1-zNj^>t3Ubz
zv^5O0rDVrK*BR)wmFgT*Dp!R(z3_soEHZMDv+^amDHoNgq8Q3CLw5cklJ_s41v4@l
zwd`_?g=)q26j*j8y2!*Z4_~Hg6+@m*f^`O+ixJp?4bAJ}ol|4(dR?9})bs7Du|@B6
zZ+BFXBvMHtO$C{@&Re2NR|W{OvoR90vLy}{pcMxI4)}ap=gZ?(AF+VOr5^EC&3#Nl
zN!*;i65Uha+_jjJ=vg{(X6eL<vHc04&z`uj9D!^9K9;afK{ATH2zO)cJU=|o7cwE^
z`FTex9|2ue#`5=~u>6+uX}j8dG%Z@jnu0rUa|7v)c?H+8Jh?kZJHCAC4U%+;CU;5@
zU&^W_==j2r9I?Ug{7?{$D44tkt#RntP;VvcZW-CxjDQk+WF7SS1vvY?MGxN?%NcI^
z2yvY%RQ(H2NRl_;ebIoYBzIWqj1oslZok+QtgiCdUbDwv;gM)dP3$JY6VgwGeqZmb
zT=6X3u`<ar)Kf&IQfbY^A-C2tbd)a#{UraQs|!kRS%9br_>H7f8MC)Q&XBpv&}vlj
zL$>chyV}fma(N#q)R3C`7M%0$WbGph$Ky5hJN<fswAvX3AK&n_?d!i375@c$h!p*p
z4nTl^{o?rV78U=aujxO3Tyhj9W!L#pc$3_4=J~}b|J|sQ>MQ`M7z!+cCdA7VtNX{V
zxLCtagP7s0CZ+lr0wXCF6W#v)EU#QfRuf2;IZwFia5~QQns)d7db<VDN9RV1G*?L&
zHO16IGpLHT2_0-v<^$$7E$<|XuOv^=FVE=44%sg-q<}t@J6D<bQjT&Q1FmHC1pbQQ
zCR7V>DmAJI1kS7)jxl{%iQ4PmCBAwLDe^#&WOqQCO8IBxCy7bI<t)l0D}0eHwk(La
zE-N~i#KYnhI!9hn{Pj29&W+C8mHkelEmxBZ6J7@~&xxHymMAU^ohS8_j~dNcj|>JC
zS7wTlWj$w^MlJaz7xJntj{Ez#8%4*5(Qkn(YNUZY*7$6IX%t^k0UO$UrJixL{`ndS
z=AQYy?26wVYyBZp#PbkJ9N%Q(gb7oXxtXcjMEnhGJKxrROFx&XQOqI16^@XYrZ>-j
zQz=m>$#5Kn{U)`L*QP(QfPM!z^_%Dqf!lMS_ZyT)$daWfU-8vLb%$rvLsiKx;_D<N
zRFei8;Z4d>`@bXBhSW`mO=sJW|DsU{;;;$s`)PtM{V_c9|9@S088b%_M@Kuy|8)cW
zXt0#jP`=nYa)v4F5kMhrhE;_EMXP!U6&ZzNz!btMB!3p#AqL`Sl8~Eg7IkSX?KEx7
zD(Cr{_mjh>ogWGUDwusvikLqkeV!V=`%g9BN%%>pIi~(<nqBr>ZLfLB;qktH!vEs7
zpA1RDgMjg}hbqg6p>WS~o2I}}u~!W!)t44f6p#$K8f*u*VyGsV+J=N@N;f{u4y5Ul
zYp{#OygblguGzr_4GjzgN|K4hYc>)c@Bl?e={^@gxMsvQed^6hMqk|nHciuRzZeVy
zs@k7TY7m$6X5nI(`9nZp*o;1Y3{{%S9M){D(54`itcolBKw_An&=?1&zEq6}6w^Q~
z#CxlLZBB}!C90t@bo>4u7yBfNJS$GLHkrltyUiBEgE&#{6bO$tB@!)htyvdg1t(n2
zl3A0Z>TqsXV1Ddiu4`S*7IKC5c+H)x44+aq=2TP=dvY!o>mPZ`MZBr8yUrF0sH!rg
zQc^a7O)v$qK6QGi|NP7pCN1?$^PqvAgSR&O*cA3My)lJM@;U+ps4T#+A?21>MaoU&
z{TcquGd3|7NxtzdL_mr85sGRfp}&$zaCHv_)AOLxY-52ki&}$)2pLNvx7qgTG$b&U
zEUqQsj6VYz^Q@OTmwnE_MpH`m#6U^PjM*rJ;U7l{Cgr3_qrU0Te5S%oj6IQ`?7znn
z*i`}%2UinE%%&^`sAhP`>MEvE3~Ftq6h{crn)tFctz6Jp=Np)#C{e}jyo9EAxiy;$
z!H!C~fv6&mqd_rU?`XO1_CPs{OkyM5zk5_tWKB3t4yIsDY^GZ2F%Z>ynCwY1jQvlS
z5BvPf+U-{WvzKfQ{CCuzm%y~9mqaS+JfObpSUu)Xjm(_97QI;(?hgr0zCQj<w!S}^
zQb$ponfbYA56p$mFr5+zHo6=AGW5Db=gEWk1o7+K;=4=kTVJw&Fo$PHVf`)vRVOz@
zfx5bLE|(wQMkVV_AOap`R~GW+Gu63LS;&qL4{RJs&JUgtI$i`zvgo4~GIHk~$^4^E
zI-3CM=10z{L+P<zUkOxVlzAQsz+bgWZS-(JWv-uF0f#CDb_+=5#uy;dJAeu?70Q0<
z#%M*ZtfE0PeY0Dyq=eAA_?S)nIu}?5q97=DuI7Wq5W8k*a%tV7$7uBpRr6ZAbxS0>
zRBi(jKM!rLTLAuM8)a2sTLzvm^jHD8&7}=Ys{WJ2GN^`h#g8z~OW0Pu&qx?bp|IO6
zbWDgv;DD4VToqY|#F99ZbWPAX$vpVv3g;?JSqyR-+3AI|xRd7eJ-$+Xt|tDhwb+Vq
z(MTdq@Qg}|NvLu;kxb~!Qi_Wj8h1<S_#4qyZ?nXU;|0O0JVUdkHrP{7XA?*nNz(kJ
zIgF~ZrFq`ku2re7Hu)oY##}?gV3SY}@?2KCA)<r)J6KZPPY>vo>=s8e+zlDQtDrC}
z^BTZ;QFa8MACAH52a$HVHdP3}JS#Va53qsRp#!@Gjz!KFN*|K=h&15ox1d2_frp&v
zV~8B(ptdZ4L^Ude^a4PO7bP`b7BcdR{_2_q<^C#$@G1|)av#?0771#(MX1Q7!;3dB
zsC=3YXTPy&6O9ow-aj~_Mqpv&B4w$<7B@F32nmLD%P;TcyeLmkDD9nX@JC0xA&PLU
zc{?O~x32bAt!tH#PRp46Lb8;t1m>XcI&GyANR|&uh8r82m=j2}EJkU1BRY-0$SfH;
zI46+uT$u0)Ii1Xn-Qi*5&AG~yK5l`r4-Osh6FYgN=f2iH`j`t6F^j9-0Xyt|js69E
z_-k}5(MlT?W@`U1|C-%e7ph6L(l%+I9pz37bHXko?SHWLPSKhDTe@&6wr$(CZQHhO
z+qP{xso1ttvF%DK`Lgjp-|5|b(YyOxtTo=7wZ=Q1-&~W=oKvWQS$rCTg2ea&`_rA{
zL#6%D#|pglRTJxKI#%=qu$8&<7{R@B<K~olCxHT#I&Byk2GNY51jxi0i+F~Wf?>w>
z`+}vwp`9%kKs_S7A;`EH`uSI8^FOarqWW(e2WJx}=YLtG)Jhe3AN5_c3_=G0VEy-A
zBxqt_%kWRzl4jwI{N2%DH9(qW4T=Z|DhNE}6gV*eKuJw`IDr2PK^O#qY&@RY)-`P#
z0&u5|aOcHmH``K}8{iI@8$oUeDemRt<RMQkPld<K)5;g$Ls?EuP0dF~XPc?(U{{R|
zsE_@%2Rd{R7LiNBn}1&j5ij92eTa;hm!u(T$c)%E={0)@jkuTi4ke;a!du7?F2YXY
zlH^VYxtA^k&rlwQPw|TkkuPZtEePRO3fVVizz#CmWz~$4Vo^L!i9e%^U&8H=<7BZc
zj|*mJG`0&Sa=2^Tw}wQ0(nKM@wv~uFL1oO!kZ@Bp1I=J5V+=*NRLyVhVpv>EMTEry
zns){Poz}LdX4$78+Qx8ehG64`RRaxENU?XYzx3}zuZVV?oFd^CZbnD1hwlsyq6QI-
zS*JMOh>8bHqTH*IxTkW4@QY#BMnP{)G3;KRAQ1@+JZNR4uZ>#X)GC;rI^;YMT`|95
zJV>3-kZe6V@R$^LL+^m~`rPkMiPSRPiHzcaaBG#d$j!;H)l5eQ0d;0Oa?H?{+E97?
zCge;WMIWJC&UwQ^E+$MZ(sG`iHY8TCR|pfDVQ64if<qU8icN6IOxBh8YT~GVr#cr6
z5*-+AX0Fd{nVg)UrJ+fP7Hx}<F*}H#a7>2IC6DJ7cu&a-r>nA}CMSMZDn=TsQGPd-
z(@c9shO5dQlW3I5waO9{*#y~KkP~Wt-ybLER%)D>M<nSc-!sEkBv<CEtHKLAeBkHM
z;{=&+o{2P}GEmK~Xc^ecfN9LupkoOOr|U7Yc^TTnz+<v(K-G}uGr#W$LQXfy1w6S;
z>b&`p<}u6#%oi4bo5E!hRYq}!`fziVnnuyTFC(vSAaO!^b+3>vZ4q+>WpJNgq+ed3
z@xmVOkhyQJc?;*|V_NQBRN*db!1YG85q5NohV^Uu@atbX+g?C09&eD#Fb^*~Ky`gi
zeSMIPXF3A6921zxLjRo411&4nOTG-;S4!xX*ua<5@~G<!bjEh=eK;bGlQToC<Q*(_
zA-(^8q{Y8KTYtPeOJC#VLE0_D&8~hIwe{IR8v}-Z=et%{=x+^+*!bkKx8$}D;{YSO
z;n^7M^!fbo>ZZQnQ`;9lQ?0vAz1g`?PrjViO-Q4uVi}1Se>Z!_j3jK)gVId^)q^e+
zzjA03|6@=ler3SP^(<wqk0<tQ6+9Eeqgf&m^qkQEHaYy`l0Gd1$FPUSnjpnE1cp~y
zqBLm*Vn0@xu3<%5u6Em6cEO5_wAC0|M$Ld2yLf<{T|GqTmplq=(4Y!CAT!Fjelw)l
zfC42pjFEEqpgPLWGiQ{ML0}Zp0R~EJsL={~2-2!}e+o)$II?nkLTMEP%m`0&`GN#t
zBxx1>;5e=>vJ_61q@gT=)#mE$Da~<d%!FauIK@33cfpV|`$R|@dZCac1Jbh{CH>3K
zRD9Jqyr<;WVbiV<E1cNfU;vg^JT$mRxK%n$=>T&EsKR04a8xG(P3bUm2BN~@;&9Xl
zLQUxya|W)$Vc-Z<Ct^+MBy$F(!eQeG*UUx33E|DtW|`RDbqfZH!r|_4RHYzAFc8yz
z>*O+U(vOd!R`*A#{OXY~LUt6B2>IBMMfu9sAKA16<a3Zt+2cv`o#EADtIvUr0+}^Y
z>&vYnOj)@zeawn;9rmO^3dBOvh6FQ#O&sBb7=#Fb3~(>;fiq!F=;6MM!aPt705eDU
zzsKQY2;iX_{K-!}^y%RdF!qg63t=`m!o#5%sDKNBs?q{8>%#-cQwfgi;dADO1&}A<
zorLfc-JQu#4cT{t$nWtbSHx{m>)|O*pYeb1;R!@vh9F`X8h{I9&e8}N<4+nBcB(oy
zg@>pEb_7aeFF+|^6jA{b#-)LRwB(143!ib0%Y=rgL!u!Y?}zJ>rx2tD^HUFEMd7Co
zLXskxT#&F$s)s}E6@EXv4rRhP6bT<5b@y42pVn6bEi4_{o*mK-{q*-=jKKSl4tkXA
zz9>Knv_jR!1ht`7?BR|WhAQAgEw6?7`K$d;(7}{KTQh>y!C36zDxvL6z=kNjCFG|u
z_DDeUdZF(AA?+Bpd-%U6;o(B~w<7DrAw98Z8{rN8q3?*H9KdQ50?_e=xN!g-&}NGA
z-3ED}g+rhlQbXF&t`G1jjl-V^;9m|#e}MP^;2PsonuNzt4+-7UgDFr5SwjZ61OJpJ
zKP|dN2V#&9U7HZ(hLy922Qv8{-48Ffe*z2Q6B$yTNYL5@FZTei!Z<VoA8v*nZnnn(
zY8VgQ5EbH%tLg+FWE{Rt0B?005m;+N06Gcpr5^6WJ*1CeXa_#z31$eCHxFdY_b&L+
z{mb}K#7>LsS5~y?kZ#a<Q&p&SaDf)Fo*%F(@`LIl;v?f(dBWlySypV?-6{QKc|zKq
z+8Cp5f1EvJCxosEe&{&7UlV*?{{{9CJ;r_>{I`FD1^}`Rt%V-02_YC!53jW+16!yX
zC@(39-?}#o2l*Sd`|4GK-M6qAr=>Hx02Et<M@+$e^i6$8&m*?zZpV^!Ab?jcx|C9g
zpm3?4%2Q9>_6zPWKLPyjD;N7X*K~e<XAcCvvj_hJ^UnAW^PZA8X}ide9Qq}(K#U{3
z5xV0K&?A^x3GFNa8HMkH(qBl9SlO9AMC3-e8hZ&b3!+G;nD86GhkPg_!lbep3zgT*
zbcSR1<LA{T-zpox&cQUb>0NeEkwQOIEFq>!ck`PHiWO^}TD?L)snA<B*<gcVxm(zM
z7;-^0po1|Y4v0;tWxlkkp7k~NlEQE7cjcUmb8#PxyeE}=nP;KVC@{v$ap6rLS9QiR
zPLs8p5efW5aah?DdPZ;;K9q`t1Ue)?$9{U20(wf8!Xo2lyO!dP)RJQ#3N9W-rU}dm
zFwTWzB$y0$MYCUGckCGDLN+1xVm?+BxVZff^?@{@DHhgd)k1nC!p=aWxUF}Y0XgpK
zA~Ad0Uzi5zUv8tTpYkx!LJen2lk?&tyn{PJ&(}C63mfWXanomAOrB$q!-zF_MWPO|
zu7Qm;)6Fyez6*u^9+4()?O`C1JH<a-xE=CEs7(g(%DeQtw7Ssrf0mYpWa;KQ8!x)H
zT!ugLI?Wi2?A1^qm#VY;CJ101=f$VOyP@}(IplC+VKdE86**vw+^v(ZoYhX0Wt6DU
zEwGO`Z{D53`5CiyqqO>T`7a*d)*#;=(f8WS@o$m%@9!r4yX*KjkB?Er*uwe$<P?-_
z><|UueNzF!R+Zp4HFqg%T8@St)%6Sm87N9+q{B1k;(xV;Y--18-_*K!$^4=Cg#O7-
z7~%UOhGF)j=EtA>w9BdMsY`CBhbiCp&o?N4G51QMuo&p;Gjc<v!PL-qPQ{7lnnxfK
zS7+jes)Ax8j4saF!s>#;f{A$FJ@;7e@p@%SH}u3hZz=ji%~-OXp)wu>+=pDLRKdv`
zr?x>Mu^h9JVr~b*&=VTIW*OYu&j@;wHk~rGjD*A7VWCOq4zsKv@y=4@1m>(julKN2
zqCfTh@iD>N;jzOZ#_BXJpdZ<Cbj>EG?yf@1$&jU=1BF=veBGx}{G7dFA*VKcu<!e0
z3d2W!LX{O+p!e+~@n;Sf*<B5Dw{v~Cme5*h5qe#<^&MXD8+R4Ahjo|GY{&Ci4F{Tp
z#A~E&kx9uSK&0oOca3#(D;Vcr8<;?Gcfot>UoFW6>=aF6rDNV`zXQOJ!Yb-;zyk0T
zi5?#O1dZ@#46j9<h`X;~g!Nb_ZYcc00&b~8d-xif^)sJB!6(GO$i^fs801Cfpq-Up
zJ_C39NoA~I&!zk+P$f`LjT23al~NGa$|Bx5#~+8<gHRGjm;tKPiDak^a|)M^m^_gn
zo<bob&f%r-8W=<yxkM|u1UvI#5(u13!!N;quTG#(Zl8mXz^l;)Kqdn+3u-LY%M`Ch
zaDjBP%5VdzbY-=R{A#nvBd%G=kx1?O|5w2NLmxd%m}6rg007hz008j)d*OzNtAVwP
z!QaS{%HLtkKjRJ!FMVy5`8)~M4z{dK)*c^F^DdhZ(skm^V!BL1n?<l<nFUEfsfnU3
zW4lBfwysT|<WNNcYB&%}4{%hEAmn<>)3Pl7VwL$q`8mo+a?0>>|8RWY$h_1Wwv%gH
z*G2j2KSr}t*&I&CQy-=?9cPPTczpcAEFWxaSI69JJOgjTm-~P@P}|NwtT-<iQODyp
zWuQ9LjRs|GXBIt@ql=ErqN%CpJ*w$TM-H}(BS+jZ$WFNxP9z%pjoH%fB@B;^W8~&N
zB1e>5a#e?Lb88=>33Dk9Mk8O9G32QBH5gM-67)vy2_whU6^3*%sG`~<%c90DV|;Ay
z@2q32w%BEAMx3^o#YQ@8Gs*5fY&H8HSak8bX3_lQ&@2n2SI0Lv6KED*q1k8<cKK=_
zGHi9Hq?~mtoqA>_opoy;Aam3#y;HMPrP@^=*6$bb`Kk`hT0WRj<3A=}e&TB<S)EPH
z$QEQmrBz$$o@9DE3AVFv)}`DbVdfP%Ma|T3=2bm#Ce*CHa<jEK<&N0cX8Q^;<jta;
zdKXB4Gi9+@de>yKhLogEo(-?{f6lay<jfokk4Xo2IbW}E;8U@lb!)&PBbSPu#77&v
zMIh65xEM_C=6N|J&S(k4FLN9pvy(aRP#%zQ+9frpok*E%)jpUoUeCQHF@FDd6h>dk
z6DpR^<{2)RUdfXxmtN5mE0@pcnY`sU&X_v4Mcf&xW2{5^F6Yl|V4t=uyTdHz-gTLm
zTN=W*?vE`^;5!>mKY<e-&RyCqG?!kX1Fj6nS@2-MJEn~L$%$2lj?|Dptc&R*{A0GV
zkIkF&s#QGT5$ovJ^??`F=KQb8b0{~kL+Pk2p+!2pRE93jo4xJJDA3KL-VN<2_gV@+
z>C8hqy|WDO^66|x_j^&aYV-#p!3GLc>!Z>i%>@(a4{5BnjBQ%H1M2NMP}(pB6NJ4L
zM4MSL!H2c>6*kW`h<lG+fHOuo7cG-a1gKDhL_)1tz6#_h+y)e?C&6gQa2nf7eUi2b
zWREvDIn%i<EwkuM#o9ox*r|oRs|*uRHaRcDv%w>oLf;p$W9y*F1V61wXm+p~91^#t
z@xg;TjhoV?kHjzqr4K~I!2$6!lERr}&>2|kcM)KRuWaVhSp!F{YG}POiU4%nMjFyb
z+!$hF)#uZ%+HIfk6U$O@E{xv572L!cQ47M&H{@B>Km(r(wPg!xc&JCyGczjWoLx5*
zHscoe@-rUV2_@-%^7w~KbBJn*kQ8O#pw%oGeFwAlV#sv1zq&hY8BoNsw{y-uX0)vc
zr(2HCm1lC2ix@8fNCMXG{T*40F99!(Mu&gLmwN-X0^nO_7pNA_!&f?lZp1}5R*S9~
zXY6A1Ewg7s=SZrfBV1)ND_ltX<81~Y4cS!8npjB7&{2JfD>Fb=3^|Y>zybTj{7|{r
zBI+>_-!c}#pSBv6Z6R9_KDVJ#E>c~Yn8p5h^xs#neM8k+wp|Kct;LmM<Y>73K={=y
zyDSZtAD4_KoGRL-Z?OfQxh7tHSe1-MY{<@hyM!n!%w-Kmf8dCv-I7j!I@vs%&vq&k
zbHn<I+l$sa!~DwIn->A?>wm-YD)o`y@AXDdDlynrBL^Jli^bEg-av!cV#I)6_kjLE
z&u4g>){x#S#|Mzi5anv}t~IZl{pKUxi)0<Vu(H?QueVnhDI;b(%6(^_19sHF3xD%G
zq{QVN^UmzM^y`mfU{CN>Deg}Z!0)QQF!XVC{AjG`paR4BTX|{3M|0SqK(Wrj7sKnt
zBaDEf9rkLoJkGYN@&U0T;svbO0p<&l*lBn=WT=o%yc_5s>LHMSJ70F+Rmq(ZC?Bms
z)+0enO!Xc9;`pcqTjBjQHPoOd%;F)O6{K_-cHLRT9vMI>!tXADcL)M@0O31<fMvQf
zlG0A3^4w}go70GVMX2}#OsLyP{Zh&mgxIxD%$V=NMs06g6=$x=s!KbG{sGORmY_Ah
z(o;W<>M{6!8Hx}JEv%Di9)R+V@3Opld5`@ndwmD}^3P*^#o)ERZTiUW=R3s1@DBEi
zhUvP}r?<Y9D-M(lRfE4pQWBO4t(=y3VqDS=$}4+WbWr0lwqUk=l6(hr46A0v_tbG!
zUT{`F$iw_#@{PAhMu8mdx+)j59ASM0`RwSYyQf=_O6hN^QD^&&o8Pg1oswFWjBu@o
z`GNRFN#pNT6!vTd9BI;Yvaq=Cv~(^0tCsb3^#f~clSDuD@X{nmZ*O<NKitx6n0w|7
z+BXG{@zw1^)6!CQW$8vl6J0@+`7@~B?{IZ7P%~&3eg7E!;}||H{!hfNq|*cR=L0<3
z?yt76b`a1n5%#uiq==Ww_G9A-4{L(R0(){Tl3h!%p~&PhiQt44dv%?8%2H@#v@)}l
zp$zMWgHhrij4`|83u=<FZs!7)b70MK2W~K*RCpt`>n+sd?&6Yn^~k@dKygaQ=BbQx
z$`&DkkrXzSjv%TMpPdbVbZ$w<>G1#>=FXV6j~bPAKGD+%&EY)=&w<+f?7xZFra3RI
zP_kJF!mM<)Eay}aT0X<9OyyUVf>DV|Ip69UYvO^Iv}+!0;<4Jq$$e-myXFh~8E>)Y
z_osaJTnomkk?V`WMp5^x^(d_lru5F_h)Ad1)*3Tr^l+m;%B^^`yxW1lune_OK%;++
zzGsO__pv#gc|reFh<Xo4K0MSUY_6k{cYiy}iDlAFnmhZNMTO|fx4XpkJkg}nGgv2%
z${}}`h<hxaiP>GRYMEuh`q`=GL)~sqDGf)hHDS6jVdvc_Gy-0m+9CH#Bd2kvqcx#$
zrL~31F;mm0F56u@6-WC3Rgy5%s7Ivs5qn&+W6H^M)X}AEFl5G_`Dmctt>Mu1KA!p=
zhEAzONQuMFEo1P200HO~k~44*U0ROAmR+HrfvcA}R=S1k(BEWK&Vq6urcsGOwG@yv
z?x7Kea7iRwo<gEWJQ80)L7_0UIWbsHBDDgHhPb^nIiH}0@FhI4T5?mNLAfx6&{60R
zSZO@9%!KA_(@8p1;i`i)XMT!F53?2TiK*18eLuMI9wBdOf}y$^p&aJR93D*c$eUrT
ztf4t}QLMc2U{wcn3lU3wAk=ideimWfZpAOTp&Ea6B1|Mz^xUJKoXxYPLYs3vN6mF#
zj~j!1tRxyd+y6&LfKhJ>d7b@tvs1%^LE60u1m#DtO$~@7AkLXw19eaf$5uABE$w3D
zmoHO<RrBI`y_J(&cG}?d>>ldjFR|^r_1VE4^{tWVy~Z{W;Lca#g0n~PD^<TYD#BDb
zwhv#BE$rx5-J-xq-+eKG!+Ev4ixKf9Nm|adUeF2q<nlON71CSnFi_}QE@g2}QQZ9Q
z(#TQryo!!<3d$|18|92zVw5deqp5*PVhf3d7x@M><9S`q{qmKL?w~{4i!#GS@dfg!
z7|8{5^W;uYb7>s`(^g=n5)cW@3u(ASh`aXAfdxS)ZxxFlYNQr|IjIVH<mZ~AJ<43d
zi%dyLib+XH%9-nPS;a}uiaIN)WrwyMX{Fd^_dr()z{MH4#X`=Fn0h4?75c4<#vhvC
zrFoI#q)D6>s4hw*AY)=#7C%552&3i2%EMacR3jH;Bj<6xr^!(WfSn<(y%STv>=(T%
zdSX0QIb-yQa-HrvgD^UkNGg&oxYCAz>m`aWt6CNkKN0b8SunuN85J8m8GB}fGQ4LN
z_Ci?xxa1W8`=!Is6V(GN-&>s2E3%8)?*ALs6)dxU)$PoSeUTtsC!RZG=zwVZ2VhTt
z0zXm>e=XK@g>H(S4WG;f6Ay-|XC4R9;M64(U#fxZ6_eZ~ebeu$MrfrSGgag7z5|U6
zgUa8Opyi!(K$|MzH1kjF%P`EDt^u1d)?4C>r>2xeTJU#T7P#A@P!@2@i&xEv47x(!
zLzlN@(B^oY8Mec+x8kU|%LzH>IS_bcz>q(@PBG-OBl?h4Aj6bO^obm8r!Iey+Ts%H
zVOd(bF5)jYt2`^&<XFWYH>Y&|wy@Rd|2D`E&x_vWH0D+3Ws4V(U={{i76yFy<teDi
zmO#zo^q!*21ew8&udlk46^s4m1Ig!LR0LqBv&bF@=rZXGg+Xxx4H!$}7kgu#mP$nc
zbkPjZ_90CDo#CW=FBiXhf5iA=g2YP$N}B?p>hc@n#&!bJvqJ%x3-7P)uhoeE_MAft
zY>oHk16+s!06x=D_XXAGfsW?|v;UL_xy9x;#;xXs(jchDi06aAmjz_^6BbLZdwMkb
z4KeN~eVKo9R#qu-m7f=2_}ZGIo1bUo+<zVQ2o>xO?kjTd7Kr>|tHdeHTh_qrk@H<7
zrfDt;{O~~}D$stXL=gPrTJY?9>rIMX){otvE&3DC)i-AAXEf#;jmN2*{XLwrfFH2$
zj`C<_pDJb!<TQ{vPiCp0-ZISj8=LI5zb6JVoYPARvg(RZ7dq2s#~FGtGn9NK@Hg|e
z{1uq8DWuYZiUyt>g_0a4GE(&%v7S1&E)5l%P{(s2!-8FU?qwMTCL$n~(+!mJI>_FN
zQ__@ZYc1T`R=L1j1PFn*P?U`MWX}EL6KIQX@9`_(9WB;7xwPoXeIEbV375tMt;R5B
zrCzp%J96e=-uXw`oah)Q!RC}LqyTQ1H`bwr^HiB5@EiDC12U@~2qN>^u75tBKzJ#j
zOPv5|F6;bF0C4}fYw_Usjd-|Ug0835K5;vHhre@)CCv}-5(vkmC8!zrkJs5bWYdmz
z=!JzxNXLM-Mt*qHR1*}+yne0V84X_X@|=zJqhQ^*Rv=X6x>h5TgjF}mm4xO+$P8Kc
z!C5wOi|4dcQZww-Z{ik@X&4F4-6|ddwC1BMwASX1sVL12$f+0_n~>vS8i_{G3Y=7~
zOiHlvT~)@;yvxyYrnnWgOdSe9n%Yf*o-tMZcvge{<5Ec`^Ji|+0`GF;mCU_p;sw^+
z)<>nO=rUo`feU#<Q>zdU2xvPgoT+u+OEBCuaYefl4~xXss2vlEkmJg`W+1RiM!M1H
z<Y^R?<1)}w$+dENJ|2E96o+L1otkhf&{ItjZ&QEXs_+ZYQ%{jCdj77ZnRDzI-3O;P
zxw-3PtK%42`tW5L8jJDi3V050Qr+WFW%(&B%Eih&ISiSqQX-cs4=c^1*64dQPz$(Y
zJ2@(<k%o5>lb6_J%Mg#U;7Y?&M~}1_{ykZO93JM>vPB8*Ak%y4%0mt2v`KS<v_-?(
ze3Z+QWo-$oj>r`!7M(HP`v>cdAr@zrJlQUHg6(0K<}|c<U*4eK9t=2#B#+E=C28%s
zJI5xEymVzn-HA}I*0{qk-i&qoXWf}{gUgE3)7){Zw}iTrQm@)mwFge_JbAMx4SAdG
zVQjam_Gu5p-Y{C;P;C!ETm2HPZvbxhN?XHX?0t2&roK5rAGoU6NA^4BJBe%wMIMXn
zscJJ3-Rs>n57lcSlz)(VLd3C$jP_?AS<5@D=k!i-y5U9lFy3g(xwBV_e+EvR05Q*K
z^w%u{d&;RE$^>89J^qZ>5rU(la{qmzGPmncG*)$w_vl-h^)tjW#WuH`UEZE8MH!pC
zJ8KKb8BI6D4Q_$Q2IZ~gkF#A7p^hM{2Nl>UuQ?z8WO6fq@pOs`kn<NV<)$25v7W8o
zz$6Sho)zyYH#^g8mmztEmjEnJ(8+-!ac?9vJ9lVZiGw$e%+W<fwwnUWjVQRS@Pu7q
z)2k`utqt-akGZ{@@pbrc`^RSlC<&VoV9bLadf7hUpEgU)qjuG}zzG{oJma0?vdUF3
zz@|K0Mm$-L5uqEWUNrS?IbHL8`iFmQOkKKWaUA<D^8P~pcc?`Fs1|>Z#Qxr-;B4aV
zEb-kB^B0v!#~ND=<<s<P+hrxI(-m=4CVR++pgLzrYk`!e;bMeAqN(NK;)A&W*wk(G
zf}x2iD?`I9DK)QkF0~bTsf`dGoH#x{0Cgi6J^~UL5QIRNKc6t({Q^mj`%eCDo9keG
zecb`IVPWUXY33!z>6>}>9+dY5*e7<k3=LXP){ra!=n0w^&;Xkyj}k+HDaG8Ps~wsX
zniQHPK=+8dB=VCwld90dIKE%S;WE=a7j>G+!kaZ_mO@-rt`bE?V0SCAv-<d=*7h*2
zq6GqkXL)hssPnkpkiCv0);0sOvud#=GjOTc_WU|Iuy*T|qjpB!q(Ydj<>1Lup=q{U
zB!~*gNmYVnrlOVh_|vehtDFmx^n|)AQO(NILSeGYa(FIEcE>@bse0q6yC5^=Bk=&!
zBMto?@F?1(Q*)3;*$VW|1Q<|<<<Uyn;*j`LbZ7q3M9AskL6;BV=OvSt(`toAX_3b!
zZlcHP%Jjt0@PJ4^+m#ggT6d^UZiCu(+n*WyQ@zc$a(yu{amdC@8?Dyc(e*{Afk7L5
zl*i0WRanDP?c%n`rx1|o+_W7<NXV56msL)~r5q86<vC>o-V5{VW+|58&dD<|$Eyt?
zDzZo^&GDRg4E;(K8FL#*xaK_N`1d?!)ZmF?rAA9Yr4o?E8FZK;htmB%G()*sy}4<}
zG2y%#l^PS8=0=Jcat7Fujb9`D=*>(w3=zu%>d+x@cx6O6foD<H<28b*Y7g}qb(XE?
zjI~2Kg<BDvOx9wy%!zDLvNT`8N?djqwWd*<14ROYTdS_#^Db6zMb;lognkrz%b_tH
z>U9t)0uksIO6#ddJt?NRRPAmy0j8Bo`}Re}%i0iLPEfJ>L0~tjm&NQ+LxH*xP7;$p
zAfMX6BPJZdFh3#o(m*DA2Ox*D>ndv7c{(*1&kH|o)Q#^LnfF@YFAKD(EfYv|G>e9s
z)q_-`er1Skb`qYKA#WjfA?3w28Zwl?lukFguCU5Vu8o7-+`~zdty<IFhNY<#)pn-V
z=(|}fT1XE(FEaN8c&bA27@1>CVx~mbmJoY7vursDP=f*~7&z5p1Wa|Sv`K9s=x~!_
z5z!5{!;c%HZ=&xV4|7y<MtQF;yn3VR^)+c&kI19Ggqud0w;GbioHV-Q>K*<u|6Q+-
zt|`J&dId?ByPg=MAcj|YA*x|NgRMA8)aV{#d`HrapNZDw4xxwIjyt(;(w#V5^(u*4
zw}%1(_W9)|-{0zb6FNh$l*yakAYMv5_waP(RGUd+8v8xUM0z%SE6y7zTJ)GYnFeZV
zH?y2K?r>vLXo?C!O-RwQrZl5l%8OI^2^CGro?Wed(KXJ>Lu&pUg*!n9<<9#iIsg}{
zxlK5%vh!@pQjI9YTP3>Adcup{o{nz{^bKKknhyzP-z{#}?(V&&5igX`G3Cm2CRY?q
ztgpz3EkAl&aDM>C`49B=4gNZ#RLj%?O;c`LIeq}nf^y^)wE^}JKq*6@5c()IDZ?m3
z{8Kc-wa+EWRvg?LKkdUV(Mslo;{7cMh5N?lBgpXS;2Oot+a;kG1Ow(U`dj!s?PY4O
zel`R?g_s97{vO505{_8rpPfFqu0zl0Hz|TGN&j~N?n9{Dd;tT;KWm%f*Bd@a7oGOK
z6~sgdDHZ%lk)qv$KjNO&#EK)auSN&CX_EQ&sr>S=fulxR@x~VOZWSU~3VgIVk<y{C
zzIaVJWLV0QvP-iTd9t6G%Qo!@oc2&XF=j6NeqXd(ZMr<_jBc~dec2|Bvh!X12zr&-
zZ#kWuO!tqWXm<y6!5%~rtqdr$k0~-EUS)vu>T5x;w|UhbJ~fJt9P0;KI%)8Y<}$2P
zYwU~&0N#lfKGLwzpW{MBKYfA$H%aPk%mOCR*2Q?%X2){aL;rez<wIvA-A036oHmH#
zi|({;KWiLQagX5FGj;8e9I3k#^o~K>dy*$r2E0w_<3c$@N`Qz1<?XnBFFqaIitoc}
zuflPv$0dNT7Fz?ps9H)ct#UKO*<?%4&@(%F1-08^i@4AdezL(HcC$y_9WJ};ktdJ*
zk!1)UNini`V83}%k9<6LBgaZA%$N(gc=|%Nv+_xw<m<O@V-rI})SCI$mBt4DO3?8U
zuI)Re`AS+fqSbB1XJG6*f%wE4dw`Q&SVp%8>P#w|w5r%=MKN@dKYPK$H>}M!JR_!P
z4flogfu>oGYh&P+A2N3hAC`{A+5HUTlUD9G?){E(^3xRePbk`6n>+T;1Dc-c@ISb6
z`*8NRqw=twKe*V&1lY#<EmG~{PA+^uN(b(wT<e03Ql)Ey50a&8f{l`->zr$Z?=R${
z$MfdHe%`A5rn>4Dd-N-s{hX2dfGhkmBZpP`u~2~z%k<hFXUFH|Kv^I>Is8t56TvSg
z=!nb-dk|hXxQJ19pjQxvkH8Ha_dx2L_~BM<9Dr~}{FbLauCWpin+R!062~ygB~fZf
zBKON!Y}~r~kfL`xhZxL|<iw%0=up1;a6SL{GU?*#rn8YJ8F6nm(y6!MAxC9vS712F
z8-c5QtfpX}FwawNSSd&OQbTE&%!e>7&<$m0RY7@pN1g$^>NQyp8aegNK?7PD^;wp{
zgPxU`#245l(VJXVaZpffJj{rM%CYtJUp8qFy7Z>Hfq#1mZ~y>Y|6Xn8@53t`|F61?
zs+GO68HO*c7e`i-jeiI{s-$|PKCKr+vZ4;<k*!jaKYu?66wi2Wun?PBn$wISeTm_f
z3cMtgO+S?G#t2jkjAbG#r0WvnibE+*4(I1%ToIEiHXR?fSu^j=x(q8@y%D2V?~T{b
z7caWmm+l)5yU&vrDge#f&d_CcZ5S+B@Y+zq*x*|WjQ2wa<v~Sn(%?^cTzLm+Ar{!M
z+x+Oflu-wmyg?xXZ{6WR0`5YBKrt2W(gM`DDtAF4oZkHX;L!4DG8SsoH#8RNehQSb
z;olT6ZTk`#ISE%~hnGr(UYfXOEZKuhl)1}u{wKnYy0~bS<e!S*da3xmhy!Xu?c{}Z
zA-66lyYhE3ApKm@lg_IYw=B%ps=s!VXE7m7+cHw;6)vxsFLgZ4ViU!+dZlKsR&113
zObT{+%sC-#?It&QD0=eUaF`WqcaoU6a*_|uRaM)XDza^#ieWiyX^${tvo>lsVQU;a
zRRzXqH5p41jze38ek1Uh94lqHsM)nZinv|1f0x5FuVq(RA9q?1&E{CM4QEo?xlv{z
zUSz7mOnpT4(gM@lmeUHmh&TpKphK3nWeueC(iH5cyGbHrtsXSYTac%+`uUWot*I7d
zuA&pj=SFHcD09{7n-hmsnarwly6@qyr=t3Q-{r&%U)v6{Ha-fa9i;vNk(*t$U~DB>
zZ0>m-N%7H`kCdIwM>Ox(l0t{HBn>Oc@07pS-FSA9Yb9M6U-{V9wT~jLke1MoJ+o%*
z(WjZEy=lJ-b<;**xh{dym65VgCoyl<q$x32{u0)ZMPlVhrGe3INmgZa_8QO^Xx17b
zt&+rQ+^v%Ogu;B5IZ55h-$=QkIb{uiL}p#%nX=k}&V)3LK*<AB&Obfn;m*IBLc5|Z
z0)DuZq#!<WM{hHTi9{Q4M*xCMKBDYJ8EL!20RcbgLI*!U)P+3oa?fCE_3cS%L+o5M
z$$Y$j51S<~&%zuUDa@F}G=ANJp#{kiSq;aTcM>7OfjU5e4t2l)qU^;Rfx8vjcm#Ab
zwB^Mi60+0gVeXWmi|n)=hTfdnG;|gxtm}exAnrE+iL&c6QNYO1H-Jn)q3*^#K;H5$
zibNc&yDv2*KcK(v6B~4gu^K>686``A7)<PXRY2z(K>^u|&>dcybSzg<ehHh8s+p3!
zW>~4o>L|1sLTu<h;a-^r!d+8Cp^h`@3A8udcI{;|eME_-T^*BEETOYVlC93?icNqy
zAT#V<J&@xhH5gj6PAW0YqGsDXRBw`*I3g=qCmoh-9H>|SX%WN0fqIem>t5Yj&o5)X
z<f#YJ_WdU&r&aGjpG{6!`Zn;8R-4S>Ofyt!T0nu>(QuKzuh4-s3X54~G|F(j_3FA&
zC)j!kmT9^A8EAGQzQBRK!Yqf<qhx@mr=@^;LQ}1g#15Bdfxfy1NJIv5X~YBwxg94P
zAFAW|pMWkAN)@*U>fOvh{qFvW>wLS4la!muuI4|ugEnm0iZ2<P^nYBM>j|^g_D!fX
z*E5$kOz7rvs5phW=TauQMh>$$&f7ufpRs&M?Ur}vD8Ue!1bl(Iy{#$KN8-|#<M~h`
zoyB<VPR><hts}viVT3RajZt~0%0>`g*+0w&#qebol>{-ZI8-Gvl!8E$JzvW~vaLN)
znvk1E>j>EW5AMS4z(1kVaUh1m;IRWeahIpFLqYBJiYc!l0ugF@Jdl?&41$T+U<yL_
zGYO_jRlR|oI7eQN6?4&dvG{#VtaL4`d`(_@dIdx`1B5O~6C8Oj=(A>_lXjypF9#jB
zCcih&nTwJcoEegCb34Fu8F-#}I`D0(!p0HBA+cW?)Mvik9D*HlZjEQtP!D)o|B^l;
zI}@D%Zb(`Sp2nRbYXH&07#(GQaq6BFs%eSN?03R+i>0`d93{783icCtCqHMrGoY4!
z7ekm9{xhha3>$6eQ0jrsreq^Q$`JkA*&bPnY5o_zp#=+OcqNfKs!Eu>)IQ7-LgW!p
zdJ?Qd!2}^@CuUjpm@ogKigtNpxT+40v3}ca;0t{`53pGrnq?|Q(9iE&aG)LEqG`Q0
zk9f>Mdj!Sm9zm{eFg&j$FOMjFu6`q#`3-XG0ki9#geJF0zMRk~#s-g+|183infV(v
z-}CGqdG0Wf`%I7<m|(L~SeHZ>eocsl1yz5I5Z4!1w>q04mJL|9I&VMHttl7B0UO}&
zvj^N*-;HgV-Cl`b4=T!ldAw#G$ucPvo0l*+#<nW^n1H=ffeBL|Y5T$QJ@`!lFTPB$
zqmr3Gy88BXi84UyeR5GDAJyS|B%p7Qne^f8e89vtq@9Wl-*aL^m-2Hjkv`{mcvX%i
zBk^r=2T*!pC$$rVD?1kJn&pfn!{A8>xbLV0Q#1=E05g_N3V#$R&J`)jD=(GnjWrs|
zkYl<7dB=kqIhVueNUEs}8H;IRl|{Oy7|<L{W9y@Xxo3fKle;#68|&PTATo2&=gqEm
z{H6%{#8Bfin^<-Kjb=QNb;<S9c>W`@b!T6vR|e~bet8!$a(8|~i+Zq4!}Dk9u-h-i
z9kDlbu9f@*P8{P=(2edmX?Y7jx`Q)(;U{gkd$NSqrsA7B_XW9~6!!(VqN${!M?&rl
za5uOP4a3o{WC*TE88tvOhO#rsTf%09>c_ZWK}F_c%x|hNMGezgzfCrFrcA%LL!UH^
zCxHrYAjn1Mzj0&I67jB7A(o(~MHfrTP;soxR#qUt!I!1Lc87|9egv4@iapoz8Q^|S
zA@7m^`w1ZWnXvuF@_2M3y@PwM_G_&E6zTiqnd#utkS0Y!Ek#*hygpH%EgbW}XKrlw
z<j4XS6z5%<s0%^SWiu-K8J#*->8LMxw46UBD1N7)c#aVA1^6GiZ}lzpRm9&7RA&Fy
z7RkS7J(Qfki6%y(F1AL0@lF1@MY2S7+X+bp`Aa9Wk<B2Wu_au--h8RpLW82l8<?^M
zPhNr`Q@z4_Or}w$&9>2@sbUzw*RS{exQmXnC|XHbbl2O!`%&+<AL9!IXLj2rE8bdu
zbjJB+XZNlB<YT78%;}~M&lk`hJx`QA+!^@&E-(;{=u|M1XfQ$L7ICy2SQqwy5S7p!
zB#oWcNqet-;*N5Z1-3uoU`)y&VDOjvA-N;9NPb^(oC!#sNIjed2&!0wk+uMbG$2>t
z59QW97j|rwSP9rPqsXEW2i1Pa!IdP_b>~rxPQyEo(79qAdUV&)sYZuh)d>t))kA8*
z=Hwi-m2P|K4m~iT>qHF`_MFC?LRw0~pT?)P<eH|nm1;T)wBTj=T7}w6X;rl)U82j&
zOttpYAJR41ZZcijB;}dJawG<+7_OtVC8@)aw=s;hMyXK}bhLZOXT>`J3_w)l;XDG<
zEHpl{%EXdCa6i)$Wa_}HNVPW;TwAAF9i~FI8WY?k;4^fmu~0BvRQj=o(#et0JB^x}
z?lc&Y9_d!Gf#{a0SF6=mBX$e-W>R%BG?U~6qYL+ld4!VgA>-!*dTX{M-q+ppQ$;l~
z6e`t6viE4$K_+qy)Tno4#dB{-(UMZjC9jDvx{eQHFqBfA<@kMIC9qH+pex*QPtYH~
z#wdYKUllleX?_$s%(tpk?{@~WsVq4N^~<2N-J+`SXyWxqV2fT5MId;dMXX4?0pH<b
zVPLW&l9kVfv4ZaoEt~gf*r+w{lrAh5GsdH%6O~)JyQ}B^VIAaezFx$$Qa1R*!ipLv
z1vU?pVyc1ESi7>jUok92-6wTXRaUu=(@iyby91h_>o6O6o~ZV4_vHqKk?i7l#@gZ>
z5&6PUwh!c8{)-3&?*PfLJ;Uvsuw&c&87C%2?=W}eU6^OrpOp?(2WQX@({h;3@G9+3
zK=|$)ZhfU1jM*@w_CyEa`u9#;9;!%z1!f5{n@HznnO5yge*<J@jLgPK?Yd6T=_1-L
zQI6-gjnbO3@eLBZP;wGB$DeqlpHz-!2v9x^&qjynmr(h_``MSr5p0852h7TX%ru8<
zQ?$ip7z4_Xe(ZDgu=WlWF+<19I7ah@0M5HWB0vA|CZ3K(PCcpfPyNtn7Gf928xa`e
z3poak!SIA#luc6#TDk7$(%+q%M8z&VQH6_6K$rIc;g-?Uz>h}2CZJ(7{TW0ge6i-X
zme?6p8^Q%X4P&vrv7$>JO~Tw8di%B+4qa!EHM9)-`V9LT3;Q|)>n;c8tp=tI)n_s9
zxq2I){Nhr-x&6bh9jKQKz%Kr~WRnX~=omi6E1a@`K+-uHew!rxf{l<nOb#tb%^j4*
zF4?q?&O7Mf9gFk|Dd8=Z$#;P4+u!txQg(+$dJC32n3rx$Al<+#-Q+t}Z;)+Jl>P+C
zb&3|p9XC%q1e<hIq->osJpS$wY0I}M^qKUyc~-oHzfNK4@4z{DlWSDmBqI5I-SuoD
z^-$c+<ofOyX+Ch#3qQ;(a8FMf)J@&uDe)DQMj_qia*v5?;gZx-mt<x?a&g!s9Bk(u
zteD(*`#mw#>qh@(l?IlUl><B}2*R#}uEh_<KCU(}`ff$%vdC)AuNLiHDQF`g_}Tm=
z4qg4UGbSh_B;LDrui@s7{SP+IQX#}u1Xy^Uw7FaeH^Y-$6MpL4et}F^Xg<QzkIs`m
zlgM*O5ucRK3rvwLAzYBHzJ1avY%1Ml6I<A2>sUtXrOdtVle>Z4zqIgw?o?v<_o7O}
zZ@Q_|zpz)!B6)w0eG{4kzZE<0|KxR|21eiXRgZrpvP+V5<d6iALw6}kXa*s}cX$2E
zX&{kS;G$Iv(KF+jB?}4e99_9mEmm}xxJd5w&QKzVKLGra@1!dtx~^d^wX@x3#+`P?
zv!_0O|9L>~<6L2%G3to*!bT~3;i#0wvtP<)<-nBH!rnTA3_E!w7>!;ObE#%r+TdJq
zO)@B4-!LlgmGO);Xst4OvVA3yKQ4kMtekR7k{9(_Fi(q%Qt7Hw3Psx<dJOrX9P}Zn
zz7*pW7qK+iN-8BI#CRFTZ%L@9Y$23qlob&RWo6jaWt0vRm8fbh@1D8sT<7drzy7u&
z?2coYzcVf!NWBK?eVzwh4XdWiFev%F_7|m}sgrEzZ{f!0f-8%*AG`11S3vLiJ<~@)
zLR~W^nXGerw@-t99;89nO=ROGU%Z%%L%j-U1l3my#O=Ll@Bs~GdqI#*z3b--Mu|+#
z)45gsIL-whj!K456y@x21b+@<MbR!)$3jVS$S8CJ`~_K?D7%MQ8<&L^j;n!NaDN7m
zv}-Z@d1i;`Qxsl{$dgf~7SXFAyc%A6Vv%>M)&7TX8{d;s&JNzEEc{ql?&OSh9!jKH
z?6HIUPw43|p=apnI`?)#J9Fm4Hs4<&_Yab3p0fJp`L}GOe#?pQ|3pUQ9W7i9oK61T
z;AZeoNs*tH9OQ@pY?VQZnMcj*3j%xkwa`=&9#|$1T=F8(Sgf@Yb7}iqHy0R=*B_2V
zR+SESI3UCBI7{#N;Nc3V54#E52-}o>f*wU2ZR5Ni89gtj4kU52RsnEPQLE)VkMan&
zf^iBvO-II5Mi%Z4E+aVR8F1C)L{nl`*)AD+2~)@83}`)6n+RrI)z*ieksQysWX#j!
z<}o&~b5CDZ4e(89wM%pRto=gm*-?s%GG3ps{$rOgV0ahoF=gK6auh=Jqe}poN^dB=
zkqiUO)bS4TZeRu+W0N_tY|Ti^8%-b2!<sK#Wf<*0Vwo}*o5=8u<KGzL|642>4gZN{
z!r!n&4w+@PQL?hKs;TXQw+8uMwNCNrj}MHJd~LVzJtc`WQTkrH6H)sWfH&Da3w8c_
zXn5-<$L>+zpI2`$F#F&f&WW|^f&;@zk=5Z={wHCvjacC9Pkn0n-f%L>{G&5*9kaMz
z$?I`8?lX4>epBg)+?Pp%by*im`}1K5^0SD*io{gGqCd)|sf7?ENEYOfN7OB%nkkxR
zRFR4vS*O|6oF}HIcu-4%CZooTx*Jz;-55vB0Cpc4kknM?ZVsuy=Za{yzIS0x9zZJX
zfYbD?JX|V0-VHX7d{%&0Ds+Hme!CfOqF`zXD&s&Pmf^VAy&?P|a7z25I~`RHBpgsP
zDSy<$)Aqe;;HSd6%AKsKfz?kSwb>dPg5gr@7b$q^^1b-vPq1uIDxd%5NH!j4W-h+P
zI_>{~crzOP*Ww+OkE{K?;6mXRSy<jPPbSrQvNPd3o|;Vh)em-CFeLG~P{dCEFzx*?
z>FwL&2f#i^J&N9i@ysX<vLJOJoedQo7mEfsZlh%tU}2Hndy|{;ELTj;^lqY+pcBvL
z^C3m*U=i5ovi@6i0ZK)RhKOaQ9AAi7Evc@AWOYm>TvZgOP&rdO9&V?a;v5ThrV1+H
zqv6WC<YubgipZ<8kOf7Y9wGh9E}?IE7tDDg)AE!ITYqTwLZtp)BAUW0vB8X#%nrWp
zGCICN2J9YQ%Q`9#(3%Ku!!5LOAL~ELx2P|()8RLm>HjalH2yEZjFkH&A`eIFsS>Gt
zN|7A6@NWH2UGe^ZbcG^aF4sT7{POnw(LQVuOAyPHZHx|83^$U&j)1PKO9PTv*17_C
zu)xl<+f8|;C$3>SGto-eMQqpk8YjI!0UR*e_!LvjR;j8fYFVuy5Gr0vswX8?n{WYN
z6U`}H!Q6q5wqs3kP66ij)WiR|W$RsHR=WE{=hak7^9?3q`emE>?hnWl^xGFsglcaj
zqlsMO%k=ptupurkAY<#r-0r>~n}%xsLWe%@3VJFZ{}O6RgU23yPjCWQ`o0AJM;h0~
z(AvW2|LQ0%iSPfLz774dSzumSS=j(9$6tW#e6&6j=vR^#823q}JxgUtFkU=a_)8?Q
ziXYE$Ki4z<{LC=;>BsvMK$^jNP-J)10V)Vp7Pvb@wj~FO{Xl~J*N!O^$sCk(<@IEm
z_|YsfMlEz8H7Sx}ZB;jIr)vdNfJgjMM6p_Anxv*=bS$KXx+GdMU2y?(Le&7Kg^Gbm
zF*(hl5e5d%?yZj}%`dWvP-9734s5wVlp2dD9$_jJE!XC}M#i}1oZ69Rx6`VLEdiul
zezx(;G1~7?;ELsaR+HP*4=#IP@1{x?s4#PUV_(`489NIN5B?_0EN^)edDgyfV;ysD
zgg~s{qb-!qY7K*V=Xve{XX#BSj<t5@UmT*ZtAYN%X@it+=!O25(Ep{M<z=M4vG-Xl
zjTkXs_WLF9Ex$ZfH017(gycQ5q*9$GGRAI;Uq=$Rzu<1gBC?i))Eq!@A9lPM@$&3$
z08H0r8AfbFd!UsBJu9@XPJ-{o&l2OeoLdN`rM4@(J|!sM#}<H(>Mto-rCL3I@fq%`
zZ6KhUm|^wLYS$#+ZlTlU*ynC$+R#9^#i(=H1*^?KRkXY8_oj)etrFypLkWJ)J+&&f
zd8T{ba(VO~!=Q=N6KMajf-(4f@vUOJRKf0JA0Y3xrH90og-iz}B?KcitIJP=kB$eC
zE^?2q@gH{k(V8&&oTIMd{V(%E;UxJ@=)Q5p|2B62ODq}x@*5KVj%Dbs%|_|UN^65>
zE&dv0=USCsIX<`m$hYUvS*o=noG9a$_U$=*e*2c}fA}TiJTpAZo_$QgjxXL1kopi>
ztH=vg0!|DUMK*_1`QL;`H*z7^w|DsS-BX}b_y<=TI;Zo1Qg{{h+YjC(#7+4ta#x~E
z=VP5o?XSr!h|fX>5)xAhi-M$0Q}+o<ge=Ho580c(ZJh=Nc_foZ9++rYTJ^g#wR}V}
zPW-rsY1ih%D02aa8(OrA`MQFS_&u}os^@PzD-6EuPAl?3lyb3%tF?r4>El7!ua<Ov
zCl{oED8AV4h#JW}a%G>(zC9uE<X1|NnQqQeNVUYKU)mdfVeVNxbq>_CnO)_M)zdKQ
zW*{pr*3`d(KrY=wR#BYoAY6RsN2ZoP{^dNvM{G%Rzh!#r`}*(icK>?@=by2|-_?r5
zH+{v?)WFE(pY4n~F$|Cc{KqvnMvAv*$CXf`$0zyk8{mwv3fECv$BZU=kR-2P#R
zNSBPm^utqGvoBAe^&{*8iTEVNq5~;5M8WHZ9@KB+6OJZJ6jUN%GzN|pSY;-9YpqOt
zY#B6<1(5r;)h12nsKGi{(feQ*UFCfvs2OU!_9;!1U)>8}Re`VhjC&JRyy5g$d2!&u
z;5p=^(C}^$gDXVQzJJ-L{~SJ1{C7TYCl`DB?*VoHq9r5=VAh|$A0PhjD(JsnBjRrF
zXyWAb-F5ZP{;R)Q|6*dNC5PydL*zy{aYpg9I~{AVg17|Sgml95>3jQfSeH`gg14F<
zA-u`a{^k(xXu`KN(ZkbnoZKIIeYyJp*+zf-^>qvEVr=9?qe&Rkoai)&d*_QV!g
zPFz?x^2P)k0x$Y1=zfa4B~(*0#0k``2hU`dTRn3sTKq20E8kk-mF#kqNlwv|h0EGF
zRLD-%$iu>;TD6Z9@~G3na&*$tXy6|A#Di{XUN65M7zR*icPLmor0`=63anwR=1^3U
zCm*3}f7%HtZ=*+!{i-C-mc6=J^ShWvK{iF7p;lNE036#I*1lI>5Iz>X-l-2bBKzxX
z{t;);3m;=5gMO=u?}DkszjHSK1*kFxw%<&ve~xOZQL|D)R)gn3OU*Gs7xoaAV9pmk
zYPcLKp9kpg1NAokK@?6v$8;Gx8E;_9#1xg!z?*2!e0;|+&Nn9~T-6s`nLbphoWYmm
z7ccn&ZHu}FLS0jn+3VD4x9imP{+#pYeOJ#9s2**1axG{Pp_|BvO_U0MZ`%>Ghs=m;
zC+#*M8qOgU509Zx0zD}{IX+Qge9<}8%tRS~n#hwJJxyPjo}dWT0s>D=e`0NFa2%W(
zW0q)|YK@WcRXA`^NgD$9osWh<E0!WVsR3yb(UdqFt^6G4Og8%*7nj?EH1`x26R})Y
z+FU8q(o$6u=N@}d(hXdB#Afn|c@k@Ws+tyGW21Pd&IH&J@S)l){aj%hhb;bburx>Z
zB9@=pfXhN<(tO-O=c&2bBD#apOVUD?Qr&pqNt$JE^I=MMkg=OKV4?IFAwYghcHUD3
zVsHVhG0CWtsX8WubFn!olcSIW^e0^)f!&rpi07*A(zGdK>p?}&B8Hfo&S0x&nYmS_
z8P}i85)f@dPyd7yD;cW6MoL6BmQ@&ki{<4U3Z)nGDvaYIIj{5jRN7)50nNx3F;bjq
zk899T(#PV_j5%&iE9#3gpk%-w8najY`~_%?i%Nq`7z;L<{b2)=7f{{poD2bxQ(wZs
znBT*{EgqQ3YLYBgm4<V<$9onfcn%OGGqC+k4fL4mmxcL8i_A#Fug3u|*!ZqsK{#mV
z%kazy;@q{JdbXa&9Y-C5er#SeHK|sn&oeA8EoQFgNG~*s!~_;un^#Y=L23v{taG$V
zZ3@t;?iJT?Nig!PH7oWIVu1|y*yY3&uqDjaTT`C$?GbyG3KTP0(6T~%jLjfc@P2>E
zLU%zpMy!y^-PHMr5$gPet>T2w>B7+xL+QfQCxZQ1rz*FUu$1N^%KaeTlyh&)AOzp@
z1ZM3e`c1U|Ki1wkI`XL77L9Ei9orq-wr!gg+qP}nw$rhlblgcg_RBfn!9Cx-<DGlo
zeKmfyN7Wy-N7b%Xd+jxA%{dhv(DPtzbZh9#?bK4A9NCl1>j8lIM-zCKkq?h7!}&q6
z$_AjMM=@~yJ!$Y&hn&N^6oEsn2a0+YOY@oJmN9D{YYowNdPkLZF>tqIJj-4y-dY&7
zMgi&Bl!T^VQMMiMOwjCTa0jLRI~282u}iB<*6KPzAoCO*Z=_pFH}Jite!I}ac?0O=
z^^PwSMX>$$i(RmITY)FdR+`|yw*6Mz0{^sE8Mx~JPE<5rJBU=bSgf*O=v6W&Q0j!M
z*prvjLtA9T+LS<St$%4bkv?ZWT>@#%(mlN_Homg4^88sld4??x;@4byFy)=4V{Jda
ze{h+nc#EgTDxi}Ul{`V8{1tt1mXwT?g{p-4eF}X5v)wG3x!5qttuu}Mjr_W_CA-@r
zKy^MJY^LyhS`+Nc{3L@j<^5YCR8rhFJ=g0@mW)awwPjlP{ZbxaIv?Iw`ZTW$4OdSH
zDUs?-NKTWRP1eOY(RrTuMrq4X#b9k2)4CkyD@Yl=p3Ra$dh^pK67db8D^QX{gl9ia
z?+*K}93Q{e6`$*t>nc=Smm?Z!X2+lXm#l~<6nsL@K~e-mVg^y2DXBFmbHOW80<tZ5
zNAbA!#z`Z8deWg%*1ujCER-djDSSb{P`=e=z~P4ZgB#k!-Knyjp(wPzgo+>BC7QsZ
zAHOmnr{Kg1XIr<#O%RUnnfo_dImgR3q3jVw30J}h?imEIbp?)3d48&>&wRsh2w4)-
z1zcQlnI*5C0$(~zAE^TR`Z8Za`Ma5A;^-gqmXB?lLb&GZL45jlKi;uEWR0>-5qUM4
z?G(nb%qKXcNA2U;M>Uye6K^-~2_qd-qnqFs*!*!kJHz{n49q7yGk;I#1D~8BE`w*f
zCRF}KAv<NB=@xRXJK)$ZgU~HQZI`3@Ru_BS9;MqV5Sydomx|yKsJJXbm!9YZ7KfrC
z_9DP9nwRx+$rf{epV#)q<`EiXNQC+n;AcXWo-{zBz<^aGsncm^qpNXmxZ=~xei)Jg
zw)NgqR|}rT#b9qAVE+h+C#?AC_ZRvn3OTA%@GKmIPEb-a-upb#vdQNlGM94P++W{a
z%z9JcO{ya9KLs|x+~U^<C4kG$FkA0#(H*MOAAt0D<<B#$7sP*0J>MsN(R<eKZ1W#C
z^6y9XPUZ}T4u-}SrVK8I<~Ei_&J4~jhIS@~P9_ZB`P<&r$=LLtq10_Uxrd-{5r8*n
zARxB??KzbGeYStpx;-ko_Nd}$yvB7sSv9B!zmSY9;L(H|p?7|RPKrax7TuJPib;l>
zY*gZKYd2XmiFI92E9t-fYU{m~wxDTIEO~^y7cbcP-nOP2CG1o^Znn7H|L~qnS6_d;
zEfe|yrw>I&fLs#8?JFm>-jQR}mmgM2CRju8p$=Sd*)b-!t+e9CwW+Q4YT8%VUh-Jj
zFh|$$AMQGC9{P^$#Dc6|Zy90fUA-C(e^{h>@rDs&He*psnlU)>dQCxh_2gf9&)+@q
zgi%LI*ItWF!M#+R=|b4HbcwrCtmy8pUtYCk8-%s-i2rik+}b=2pm}627nR?RH?-@)
zb+P%(Zp-6x8|Kd4gs~+yj)U}aBcc)(B|xcLcPxabfCGd%(98A!GR~^sEctfJyq&M|
zuXy5gI;&%|;MkeZ`z~SGwC1wilHn&fh9;s-Jdu@V9e6>#1Wxhtygs<8PQyS05M)^9
zZkGK-@Y0O~2EKMVAk1`4p7-$^5vmWVhoYV;jSWm!v7$>_DZ19SV!1DCX*Qfi*mQK0
zQyoBx$l#1c#%fSf84C{Gpr<&77&A+0_LIXmm)0MOn=TrgF2r+m)xR$hvaNv=$@M;L
zC^*bm^QBPSP?xSE;pGdsvfZEKSfLiVq;-Rg$Yr9lf+kbQ&TY7tcj2YmZ41a};w2Al
z@_E%65qGS4u&e{l<^98u29zV*Id1puM_Fh^ZKW+T+*!0F+V#GWZ=7=YMJ-s6m=1|6
zN{Rl6Omc4FJHCO9BDXx6j%M$H*$=pX8I&KMUeDpP$vOK;KUgDGjEY%M&XCu6){!Hc
znYf*yuCV4vVQr8m&7uMH6RGKg+);5*%S6B9s8XeGRmkRGwuOn{wKwu8S?^dj!zfEl
zuZPjf5=BIrWQtGD-d*=#QQ8Ijg_PE*CH6{xW`Tbe%ll~tq>;7X@DVfAd=(bIWLmH`
z9;!9Om1?#piY~`iR2K^<#?VwcN|JTs0AA3}$Ry8^E1u<5X?aCAXyvRlr{9?FjFd{!
zX(Brc(`gblJ<=u?m2gUnL$9H$BwDSoHE}XuO^Bt(1!+w<sZ@n3r6g3LE2xQ8sYE;$
zkI<D8X{pXAxaKETs^{;=I98Te$)hv}eWOFR<$;pxGf~u(2d$(uWTC4h4F|J`>((gd
z`>W6YfJJ4x$?yl?(l`|kY34<5HtR){EPwqEHPgTB43NwwP+;Gl7gXQd0@weCU$uji
zy@RQfi>0Y^i<YhZCI`yrAALcN{!U;N_pZ0&_(FFDn`K4y)b7M=@)2MNlEqf73@0+`
zh`MpVKI}x#mL9ptW`Ru&48qwdmZ1zoIXS&E`IBHc6yLe_aFkr#{xRpjOp?&j%FpgI
zjnVX)Vi=Z<<hYrUl+(tUD1vG0*vK?uN~vT39OlHDM4ntwpifQ;`%@~-c`q@_eV3VW
zd~LC8ac@b29}PbOn4F>;IIDL0xXBC$!DHHoQ=$?>-m%@1s_xabsHrZ(9aF!VIVH)D
z@7W?gE8@UO(Fr`p&LGySk}w)Hlahnzr!O5_`VqAvv?E!P-l$hVuR%;8oy|pE$)%gt
zIO5LKH&MLOSJoP@R-b3xKUO4%bYwC6O2;jD&8;?BNT7HwoN&?!KQ{&0A@_Rz#O>yF
z2E!zXxpx?lMjE#kJ9d*@=8kfr@6jg2)6X5YOA8FzVdgw()9!qEJl$_9b^GZiJ>z1C
zMd{lmp)x!0HZ5Z7bky3<PG<%1KGay#v@f?ha;5`Cyg-nKGowKNAV~bmmYNw-1(6Xu
zmQ3B1Y+Rf)xUm!allaoQ$Yf8xbGd*uTMO^?txc))+c+)@jd<2-MI7u=@Wq5+1|Y9e
zu1OGT5CP6%<RylNMmvZVEZ~`sy}wt+sr`!w!!=EbZ>-K^aE?$d!C*a9D6s!Dl&2_w
zvCzfli909G0N2=o?GDtL*?B9&{8gFzW=6nz54M$<_?QP7$@*yb2p^!qgb>-33^PqV
z!7EL?>Ol)?=uNJ|Sh!K2Bsr8~B-enPISw=3P{)o%UjE9S%M*|O4h}+XQR?61-4sD$
zV1`Lh*OZuGd)fan<?@byzpX0xH|7>@CBZdUGKYvxlm|6AjQQH9<f)lZx%cwTKuv{l
zId${yz&LN@!`h_;nhzpRka<i-os&g4rCiLyIOuZ417tyZfOqjH$VI1EZiV?pG($|R
z-G!7r-_I?C;u#gj2EYL3L>=65w{$;Yi)nv?U9M2LG^jsc#iQnvZJRy}*x)pu_CN|Z
zyqUTn<Gc`n7NTwFEbw>qN){<PGsh8UNcWKYzRfE_7HnX309+DJeTPmDqPN8hDhZZO
zM(&Q$<eBdDFB@rtq_X@_WCzV)B%s88(2^O^ge3urdURj!r==@vR2|__T^m^Ges23)
zZ`D)7OcU&RF=CZb?UL?e3_g#G^QB^J6=hE7As*R)OsXPh(#YhJ!FpR~lQkqwfp^CW
z+#?VS7yv!U9A^yMCr_G*^`&D0I<!S(>9~d`;m{XxIvUX4{0Umn@k~WE6bGN9bHfC9
zeboFz)*`+kpBEDTP91V-hbx&9F=_EZDk}*K(1pe<6d2bFXM`L=)UakSw6i*EzUc;<
zjgiNw2ZYUiO#x?+e5o?2z!vg3L#G<woG8YO`x>IhGg#r|ks-4=H64}8B6d5F=UHc~
zCC5xq0T>^NF1fnfRPz$L<?Iq?cfRAO|B4CNZ826{1e672a)=IHQy9Mkh3a|xm{f#I
z6XSZlXQhUPA`3ZL9}&1UE@M-{%lti$vjziUtbuBv{T|eHW%P2&fVzG$5V5f$2qab#
z@bKi;iypKQr$eOH(E2c_VfWu+`lXFxB1!62QH4LMrTtKF_9_JCq5gLUB#a&XKQa`g
z86{GfhpKoJyXpjnR}eO~9OPEy0bvCQkv26&nAV_YgZSL60o?c!`k7R9;X6N$PG}aX
zG;7Zb1{*6eh9mK>{H^Ex+An!fH`}eii9j|&kY`Nri{pPQM!JET2~Pwpr#<}9mn$>w
z0v$^2Tn}Z*#3?d5aRiGE8y{6>f;<qA3vEBpsPjkRt<e0oy}tbB0ZA$xWF1O6aO1Ws
zQ{2F;r0?C(_5ao>-pmWIKM89%drJWcLk+GqLl4#q#(19UuBoZ%0jG+ZVOe+^ZFS8^
z?1@b?om&I?DL0l@s($<7wm{8KEVrt{@$wpb#@tK<khfuXePD<LvJz^;>OgEl@)^sY
zLnVNVZs|Db*kM|CZ}b0~eEN!pSKuiJbyK;fG=)gXo-S1A4AC~X$;%LhI!)LJw70Lu
z42H&W4nwsY#WVk{;1!N>5cTnER6S3X13w{$+Br!>Ollimp*|p^&<5O9-#IKOc1O@J
zG;fmtA1467iV&)h+(!#TN}C%K!1lAReHM8wH+<z1_9%TvS_|%l7E^Hx@&50J)dZri
z!{+0x;PLO9@i8=CnV|)T{NpG$0UyLa`FOs=EDJdd4l?lf_4-=*btkF3)cAiViAO%?
zsorGV`Y9mcpJdYTq$t6U<V#T_KIRJaoTp(ydZ=C#bX09`r)6A)z7@#i%ufYT^-OOA
zY@dBmeRG9iw<h<_v7wD&V#p8_r3(aghTO|`^6yV}<S;W85lT>12F$@k%6f6Gt=>Um
zT=?J_AX!us#)ZmM@tiY+6Xu?OB$Pl0@s<4~ImJYu`O__h*++%JY~>N}OyuvP2<~sH
z1ib~B0W#;{ZH%N*8x(t6hH7)4DTYdQjGY2QJtc^wz&n&nL7PNB06=t6Eq-)bvFu0O
zx?O{LytOh1UFH%RX^RccR$bnq>`@-0*Rgw{k2TUc8HWhDw$>N0PTC76-Oq_Vgb1OU
zRGX|w7MYY}t4D_D!5hO{`k8|2U=oVfV<b-1p>>hYmp@0Hh|UblIlUCZi$S~Kr41E|
z(`Ax2N(|Fq;kh9HbOsYMxBGbc;?sBz$224REfKJ>9He4^X^<I5JMEYTL|_?~#PM1x
zb$ZPy-4=u4#j>hcLn_n=9*;1ZLMj*7&aoD#hY0(T*s29RhcCdiV-VlS)*Q$IDdap9
zRg&X4ZwI#;$25JiQOMiu$>f<Yl1IwnnD1$n?i2Tx0_nEr=<5gdGtT(obFKY$Ywj}_
zuZk_eCG73-KGlkO;VaX2uP(d<&ieI~3{exYq9r^PK&=_&N{3Qg;M1VX;`71dVM>J1
zK(?mz*qYKKRg|9T6eb-8F_Npul^vhepc_-fB!Yk1Sry@K-5DJwD$g3Wz>Z3-)>0u_
zD%R`FIVqPht{nXX!RLvSQipW&!@MRoCXd71I)Ty|YsE?2O9^{LV<IJ{MxUuOfxi?F
z=fz~A=&QjAM@jCm;P{%i_OP=!-f%Lh4IviUYAYEfb#W|Ck@g()^YN7ha9qH^DWNbv
zvk(_ghH`rJ&|To;)NkgKv+T&f<>!8fuY9VFj;CYt4K^~_dvg;xJp(TTcQy>#n1XEn
z4GQY#Se<fAuTX#uR0}D=7t{iS9IMXt*ZO^Rh=iczPap<**qTL|+~!WK`cw_uDC<P!
z7vpW!xZCYNat-6mZgO?y(b6Y=QE`|7>VBl5KPh}wzQQ?%OAxEnRMffhBtr3?h~K2a
z+M3NZS^}RyTGy}hhSOMys*)BA3fPPW8}NF1CZHCl|IrW<2OG-buN4Yt>6$|QJAr5;
zQLxw3-}@=LT9i~N1U9v~N`0IOoZLV2LmF8<C6MDyHR<&2K(4nEs(}aY(y+|!nhuaf
z^=|a;cZM*9tvdq{ohU5Lg5?CLXb;Gnn?RfXOamQT@bYjD>NlQxqBB>4{D~ILlQjRr
zI#SUf6IR%b${(r?#nawsgGU*srM!rA%9iF7cmM?mSXFoilDrLjZGc8kXBX6+1(DJd
zw*-D7dU*S=BTkm%yQ=zhdfe^(b8_xhO|GU)x|*f4OizgxNdT4RMvaJy#2!eGIw!(*
zQRAZGY6uuOk!Nt1Ed`1SXk<2^B0v%U`V@y^Gj2>ZM>45iVHk{O$2NO6ag-V#d9l>a
zG0gar)wKZbgy!BwnXRmGaxj*6E;x0^O#0}b@`ozY{NW~!0z`n&bFWr!=0$i2dtKt!
zsBTQ?#l&06YlM~tWMyEpx<VCwPNthauIUv8#rF9_>S0yLD+uW45L6gPpHmni9_O4$
zlK@a%BH+SPDAWs}xX^vVN*|@<nMnR?w)Vlc^0JL+_!R$0IvJFq>3D$;xXP7_9hIbA
zN!pxTP3)Irfb9(?6<;~E+HL`fQrD4^1g2~8pn53##sE#U%%Um1S74eT%{LZ0CI73y
za-W*6K}tMmyS-5=Fr|;*_47Ya2dIBV9bifGO_aaE?zZnv5Z?du+CtyTkp4f*i)9_{
z@A3k}_o<Eu#ef;SRg=4clskxzGB(pgt@XRSC=CLEAXAJm_n8=XD%%$PdixunEU}G8
z;Rv}2Qsn4Lj5v49jY;tM{4C(7HD*z-=R;oQ(yM1nf2zM*_;dl5Kw7X$wr+F7yPnUX
z$uLhMw*Y9@-2*Fm_Ps+)=0i%3pYhBJ2D2qt*%TFl^yjyqpL>S)?9YQ9v<OK913&WZ
z)tXU%I-LW&`g`Ab+Qe38c=LM%4L(qh+@a&9`83C_+jHT*N%5elFlp6IM3Uac_arL6
zJ<?_7B`Om+^blKg5hEAw(yv0}UwoThdyYW*yrs^}NuH4YKAKs3#<&Tn&0`)KdwS%N
zaQORx!SEYdZeMVw?2+!{-r%n#zC-mPNLS<!KGKQ)p4+8X^U~|Cp{WY{p0_0srmtoR
zzn7}JtFpIy%zMi!SI>>ID}XlQ-Ue@wHG_b-UrQhUz@Y+3UaRNZv_YJ(OY;Uj#!YbV
zsNTwRQaU_J5y__v`_lee&Q6(aS~CfkR(_tj@?*VN+4X2U$ry9^drgDmrg>P3|C7WZ
z;C)-vAsQmqx<xApckH%0!<D_hZ0E-9)DNxjxjE(#LAzr|)kE^75FF<?%`E$2O?mo{
zd&ajl0~;G9G2d%6V=qMih#i<a$Y@jk3>nBOWw7<Q*x1S6DwbE@I0N!LzBIFB-kBqy
zReYuMHm#NI;T+ve^(O7b+)6F6ULJB&Hsjq^Zqb>A4fAdHjLCpZNwS1<)gOWItH!X4
zjD+`;KbUst7b*`PvAjrH6$Ui|*K^_<*iW0vY?3*W-8pcXe>c5Fm!|6q>%MHyoYFV&
zo3p4t6>7jn9|>{Tx9lkAFhR1j%(am>HLy6-*;~Ek9@Au(C|K;@2vP?G=rk5cKS@L~
zTUwnE=V(MZ5<bgQc8ImrOhtG_hu7w6n$Q0p#&7M`8^-RIoG`9+A!6l2KPTeUi))nr
zhWNute_HrNfO~&?qL^pacJB@&DKr$=$8?K{m20iUyt#mpEIdSZDkNu?nRIY&gsF0_
zcS2|tge9aV(Cx|CqjrEXhVNS(wDT3Mw%9BZ?wF}Dx!S7CBZJ}xERyM4p<#wEQb`NA
zzP3v!=wCw$-KJbqS!zfPafpj=iU76#8kK8JEyM%v{-T=Kz6c9Q4i&J`%?z}{5K6=w
z;&Nq1qb;~h_rZE)pIyq^e*PpK8|W=S26I2X*6V{L4c+o`Xm!G~cBceoX~pt{YegF_
zju4d*{yjD3n)o{vME~)I6X+MGI7sdN`NAX7r`4&fjGu#XhY>U=eE@86zlI`0vWv$z
zCx8=gScEJ9=ax{rQL^rLmUwn3BB>%P>w=*0+o+whp-m;Vtlipz6&0ixFod1Mof>>I
z4O-N8h2!0Og@&^nNt#63%`ToZKqp`wE8W^BpQySKfzKH@IWW@u`Q6rXVcU*Aub>D>
zSn@JsH(_Bv(w`G{pl4Vx{exb>O?-6^2edZFF={AUVlcHIAEG~?0QVk0sF!+zev~;;
zWwW(bHp_@7q*W1r-ISH2A8Q-Q_%57!dgrW7vQBChe3G>q^Bmu@Y|AOcD<(laaSnF>
zCnd&q(!H?IKGVw!e3$528t|d`c#bZ=cEbuA$J{In0(ycP8#OYx6Dza<j(HZJoic+g
zlpY@wc9VbS#1B#JO1_qeD?*)f@vSfRR{kKuI`dCGW?#C^IBD;`R`1H&p<6an-YL#9
z8XS^DM$-=B67vwu9|Uo&&_@;E`wFvv=e)Cjk>$r27=~lQat%iQT8a}gOG&A6Ev)TW
z&P=c6%v2<L3RPc;{+z*io7q#$I_>vbYSOB5z(+4~tl0%Fx5EViTCZZYADen-Be)O0
zhoY&zFmKj83=o#=a>3hV9)qzR35eXe4QI3p4l4NMk!>|mZ^Sqp2`$IobnfQLx`T@j
zzM*7Fotg(#3En9Ds#M3sIc&_Iz~w+?i(5kiAE&WH?M|K#C>P^K)dMdol5O`TUG|`c
zU7$xQi<9TVTU;{rV9RQEF=CgW)BDM;L-Lr+$P$5d;n7NzSeGO6T<WC@^{6if@;kWR
z5)?t1=gU~>AOaCGczgJ7cRaUk0DR;K`!N#RzDgcLk{RnUPeXlwpb$%<UQUbZ;;yIl
zb2R2APL81gZkQHEMr8pX{CRN6N_7<kfp7J)PkX~Cr_^6+F@lCggF0A6)Kx5^s?`%N
zbs0OfeAx4I%$V1apguU+y(xaeaq6$wCK3fK@ik0Gg;HR%(@`;6Hq{w^L9AsXVLFZz
z=m91iH_t=0DL07H84>%e!;1=l?t+z<tgf==>(wkY>WCzIcHr;!p0G{Z_D5{0LWBXb
zJaI5U<4S^iWkeRMxL_|^<};x=s5#f;cHFKla3+EHO!2ic78Tc3!ZAQJGzw*h*ry>K
zjP#x1;;^<O*sv(+E51&3l=WC)cj(m}``&8|KLahOtVnt)h2X?^V0-k!Bx3Q_4LiR0
z$19G$SE8>^wQ}gz6f}i;b~glry9`{mtwQIQ{Em`oNMhXu*PlP=E0}xko0?y6AF=$0
zi{N_Od4K2k@P&h4AmSmJGVJbE(Q2tMS)t4sT`eVep4;a@RJKpsxD^zk0Aj;5rW%q-
zBtJV~?qqNJs))t`UD^>9G4|v8uI-GjF)-}%Z=e<q0LS<1E$K@g<CaeSr9PvF6uQW_
zz*rrS33p--P3k)$FB+kqkt?D{O^7F_q)uiZYxX6*{pNFHeZ*!Pqw%u${qffs>}xhh
zjI7+^JF*ws9-}*^tCVozJFD>-vV$dv?8^^ZF8%CRBTDq5a22cGkit>t^PH2Dl80<_
zzuWh?N1A8CdCZ>si-QiK@e+CPTP+*``nQFCS)()%<~xq&PpZYA<@$h)oS!cw)<!X4
zR_M0?Cy!Wyl{0}H96n`Kz0wd_f+mb`UnIW?jMkx-%c|dDF1(_t*MARPmp*3n-mw5*
zt=cs-?jBXc&Y+w3OF27~8Gbu7sm3TKeE`v1YoX!P{wUCHu+h9hb*(mhQ<K$_x)CnZ
zS(8b<Md#8#L~XQ!^v6_>9>Qv+LS#Q+Rgov;YYl9SZAFDnA-o<x_2stf)YF2n<uf#`
z@-XerQC+~UPb{6)ppJNcMEV0`xXxHyYo%8krF9AA;$+0#EbScg!G++<kofn)$;Qn!
z3i(SFTxS~3;XMnR!-*ZpQq-##Sm<Q#Ekm#{T^jb06<kPVs9wT3suxPb!+Gp4$IFZU
z943$WF_GoqZpp?@<|+$n&WiJjE>l@ctsi&3em~uv+Xtmfr6`&W4=^gbFjD_geJk%s
zth$)-H$LV3<-8xQ-*BoW1Hiz2jfU?WWlx8m^X-^DL3&|bY1T3xn^RfrRH{Bb<{Cr;
zX+0<pjUHPOFjR$h*8r9s$N`0oLuGE|>1@mZTPzzcZB@Zu|Kxd+*2;H8)NI<H)G$fj
zCs)A2I`Ybu#b;lhbgU?1g2X(ZH<Pzv#;A%96hHs-Lj;g?U`Ob8GnPuK|Fo9l9SviM
zo>j1>51hODDl|w}zcxmj_y-4hbMZpTj@=ED8ks5158y(yH5A*9^$ePSv4~_!`XXdc
zGvYIESZ2|7gDI60{s4n9vRn_TCq6jr3Xyt(F2GzAVA;0->t=8jc2<QPoS7$>&Y&|H
z0Y$1nysrpSKu`ze%enpDz(LnuXp~#zEO6L(UbWi<?RE)BJ`Gtpz;_W!s~6HULm|1F
zb>;J5+y5IulxKgI_t^_5{wjfO%_aLhsQuc?J~CqJ%=go(b4Sqr;SWB-aYr;bVL><Q
z_O@twS=fZLq)>!ktK^iI<`lJ1W6}wkSVm^>z1t}S3D(si;uUoz(7kaDjKt*7NVm2#
z-;qb&-YN8Gk&@d$Hfl4yRqMan1ujBbP+bC>;GQr|&}!HfuCgx$nmk&-)OZF{(4;1>
zKUg}*YLCUmgV6BBh8Qb6Q@=TsJL0#Ck0zySM&N3gZT?~jkn5$zWRud0%$2$t>gf2h
zsxgoSTTs_H_VecxwXw3h#m+HpGj&KXzATYZSx7__CGH-|d*)_A)!6s`DSA^ETQ^*n
z0sMnMi9vE_QNcFHd&Vc_+qCJXkG=vp6)5WbMY+gCv|ty|+Sg=D#5frYjQQ-Vh8iq2
zC?&T=;F%(#R3L|;m6_at=2`wxj=q$#EbG;a{1MEX>M!DOg_AhtN?}bJ3Vn%&3&agg
zAsf8P#x`^Ygd=Z7n>dW(S_w6m=(plto99Z+MiJZg_6+{3UB<;5EW$zSx_e5BuP3``
zq@8HYt;YDC*)OY&<!+}^%3G0|rd)~%ziXwxg8<QQ3bj3mCd4j#00pk_*dFKa+VWy$
zej<G7-yenSQTNxSo?Jf}Y|q`-sIbR+OPG$=)aTSq8<pZN_ZIBWPYU$b=cgW4et8tS
zQITW@;p1?N^?CNj2yu{~ZMN;6>EOVgNk}Ear*!*F84FCcZ3)Tz*;JP*5y87g{yVYB
z?OL>*=5a6L$Pfle_uDbl$W|WhslWATU2=t#Hhiu#iXn%F>X{;Lo)yUG_nXO+73V%(
z$vY2DIYB+_V>5TB|NO7J(8G%%`uu=uEVk<C<XB!-FmLK1NOob|SJgW3dB(q@zWpVP
zo(f}azXye!FCod@)iMhtQtY>1sA=34RJELQOu%IvVBQu+ctrQl&d%m5h-5^-kAvDr
zngo_Heut8@%R7{g!;R%^9bFyDkYqHp-VMsyE}F^u*G}VHDiu`EHCEv<dkKb>0Fg!h
zeo3IQ_oPy-spcu+TPzX-&`cEQj7)h7j5ORkbV;sGz4%E6FSx#V^SuI^<dm9YcZpnX
zA7wQ;)B$L)X!`H2JN}%^w1?LzbVO-dw1Ms9fF2bL?1^bbG`NdP+(MH+?gALUzs(UT
z;a2rim?!|#*g9Jvr3WBE)Oca59FvF2SBRxSwZ3w^d{no_eBV5`ug+WP)Uh`gds+A0
z6xD>Gek+Nh=A*^0fTuF1{+J>N@8c%OnJ$r;GANY?Yd9dJ94hn^eD_?>jUq*jY%XSo
zrolg?nvk%KA{=m*9N@03&lI!{^_mQ=REA|v*fC|{=f+j8>`WiHpJ&s7LNRASY6F~4
z?$f8p0gZ5ShNOB%fkl59?>$GvI~BwyqsLt8Xb#~qVV&YIp(vg<$uvvm@G?;WCpw>2
z@ZN&iI%H^O`-I!=&Vjp<=?e^-yITLL`t?8e2oU`@)%thSz<+cM{?Cnv6#pBqHnz95
zwYU3!nS}O#e-dMRC)59!=^wpz42KeP#oukYqTjr)|L$+ifB7)~_ICbtCSgMtV+$2S
z^M7<K<orA5%QB6=239mVlBn=NoN6-iucIO<3JOXhHE9i-pnd74WS2?TrcD|8XJp?1
zF6#U+EJM$YIQHCn>Vm+-Aku6`9LrqyNzPT>?yet@#()?M)s{SQ1SF4Vdht97f+j)~
z)lvQMenSKWd8+Ih$ZaefI616%BZ;m2D_d8&@M_&LI7+O|>baHx-h#>EgKm!~WMh;m
zurWnBb%4vj!}5h&QQ=@>wMV3607*|HoNn$D2E4AjHpoQ?QT2KwRZeGPOEti*#I&vX
zzKXf}Z{QVJjM$zsOiB+)i!y_xno;Paa^nc88gYCjgeaY`>}EnCZ)F9<JaoX>r2u=0
zCziJXIv|zq^m6H!Zh#5fnyb$lfMUs3`ivQuC8g&QE=Xx4AD_!=_4sjgwwT_zCInii
zg>hyd0ut63V>F@l291V1SJNX_71mk<Q{#hB91P>R(73B)Ft)7OXUWQ`fotWbE#~Ho
z8In@jdY^g-1#<Q7O$xc~C0K8%ZotdnaT4SSxXH>EKP(t6vx9b$eo8BOSfj8Fp2m6|
z9+mjX)7rXAIgX$>Jl-rEr%Xw^G@&a@F+S5PN!pn>l5r7LR<qokfMcQ=U^38&`3XMo
z(>Ska!5VE0xvU)m^a5)HqIPlm9K#p}doobp5sH!zE}7yNd4L`q@W^x4X@HvLs8>Wb
zM~I`Gq#}f#5!fbZu!#Po?DRd9HE&=>RG!iBvkP#8e0UIW@VfZ)ff}Ntgi(hZ`4jl4
zyo`d>jl;yVltxhf$sl<J1|{+dyy6t;k*&y_3p6iR+;0bNC(GX5OPa<|wrRKP2?d;&
z@cZ>|dH7RNLPV-QlC`%0470cIextVQ!nVRTbHcRH=hJxTW#Ej6-f5Bhp89F8`HYZ%
z;<K^h6~w!I$G#8Pe=p4QKgGU<y}h&P{}BAU@{0;+V}0&4G)qhlf&55<BFLo+>Heg#
z&yD%BGQ@Ur{gBS9JIRT)x}MiiUy+}nz0X300~UqXpNgZ-Q?yaEe9ym}=Xg)<oqJD;
zKVB{_+<~49wd)zJ4Z&7h*x7}4;8E{}+Aa4nFlgcSTO&kKrQr@6H<h-$22;wx642;D
zH%-TD-U{jnm`pI!GU3F?oWO@PW)MfB?7GMfAnd`>s8)W2LCO-mz3#x`Sk0xuS+`I=
z+U)Gl=GIq;@3j@vp(E-Nba5GQD|X?BxC{^0UWzXD4)ibwVMhr#NR|hVeK<%D+v-d4
z!=Un#+Fy#e_FQlXwQDsWi@A;%i~1LrOBKWji@Tupkjo}Zq!L67K9u8fA2igJU@Wvw
zy}kRNFhvRxEN;kHI3oZ;zXhT}2|V4{pn}Ihtx7~9%h*(M?d(?AckFD`t?JH~%~~3a
z59A2k9py>Vu+_e-G2!kyp9<(iy^)|yucu;bF~TP8PG7ilC`&WUX4QC;a`*xs`!>de
z$Y~NDr}znKCQ#2i;uABOXlYmE+!fRt2tAKWnutRu1Vdz}=P4}a$0p+EX~-DF`K~fA
zv9>2&n7PEI#tiOFVowtXIMzWLP1Fqx(1$$y?_8$x(2Bxgp<RrKD7m5T;{{AXY7l{D
z3{fz>@>>WjzWcC8z0yY^vDV|LXwyj9--wE+j+83RqO{Jpl0&<Pp4s89(46%R2#lY_
zC!XOBRrC^qf$I#7vVO0Rpm(1Y$(J<gmCBG8)Gbsvn^8%V9;#%EQtbV*|MN&ZO<)vB
z5cEU6!ip=Ub0O#$Wo=%++F#>}PmMmsnXV%H1^(YV*Z#4QxBF&@Q-61%pMKx}JNub`
z4rUQkV;e)K{~?+cy5vBakg{hkh`>Ph=Sg5dP&CkpiivQLmLtd&Jx`2u@pNY?@=!zO
z3WW;yK%XgxHzGt55HPtPFQ+djclq=5f$SWXM9?9TxsVZ{V<2;^pCroN7(#<LlCWun
zxK}znbLPY*5soO0OHs2#%!Dml{OTq$vrZEo2ywGuG{;Q}gOe;v#Y-r2rpFdyd5KZJ
zbuP09sBfziWwc@?yn@SB?7me^R~*@MCqvLOrj_U2)lMwu>_w#cy^BOG9%r`5&qd#4
zH~cDA^)`jzT?e<nFi5gr;!7w~bWJ8BEHynkw73SYKD#NST{%QU`WEtF#u1M;_R<VU
zM_-R2PkEb3YGVX)jiaos$@+h0MhEBgd)(RnGG6pRkEW>ly>V*awFY~)A=vi?`(M8U
z;~04Te<5^2eJ4|u|HHH_X742W-Djx$51Iiflc=4mt*O($`mzX`7&?42E&h>aYm{}r
zt%1;Zhkj@qXj6Xlzb;pn3s|?wdN;;ISXwBRSSSqz*$*)XjF>{0LmtNc6-31?`d0$X
zEdrTXKyUc^<yObZ4)4iM4mZEA?;C;vp_gTGeMUeOT~}Am2>w=!^u!1+=94aufk9w_
z#`UfH7GWmiUu&l|%*-r>3DD5wvrtFNxc&NCm$4I20+$eb4+<FV20~o=O`SHnJ;=&k
z^~7k5&xQrINgiAT2r1ktXROIzJcbsjC&Zn_vr<XKfZ~lMsagW5d8|imp}vEf@OU9z
za2_isd@VmXa$9}0x1eLoEX3$va61vnLWH6`vEawu*+qK`pUprY@NH9vp&s^F*-ppb
z`t;(nRvk|B2E(Rfe)H!M{hwXa893(xcwwzKDShB>wtTL-NrJ@(3T|>CXO*o{kzv%W
zye9hqjp5iZR%Utv&o$Bcpg8!@(J$L*Vt!5Dp(ak&(LWIlT#?Vt%HxNAW#$?`ts)hY
z8L}DxqXt614P0(mo2^+|$`x_ql@BUJ3%|*0RMQ*C*j;Odo0oxxz|fwj1_9nX1Z=uq
zVK<_*^O+>qoFn*+9p{gn8V|52%Q?;*c~DYB@)wElO#};<@TnTXrh_X~VtM)gYzECu
zDA0vE;*K)!;j|=K6~3W&=#rs`eVoca2am$1y2f#wnRG@*Z9-|_2r003W(^!1Y?EE_
z*~iHpQQPXJx<Cx68fot7k+kFheL(*;D9QV@0zSTjG5>pGQ24(K%72Sd$?sq^{7<i{
zcv-n2Mx>D4WF%pz=64;S2+^(qBUtGrsTw5O$;h0n*aeXa{B^sOriMKrJQzcg;OF)I
znZ>u?09KYd`#A=nT8AI;u=mhLC0o4ix%Dh~yvU7?>JAq)MLGTc@uzVI>kcmJRW*q*
z3nktfOFGY4@wr(sbRJ4<G8{Qr+-f6My_VX>AEwi=c&KKhsY)#c!wXf76&P|{b@xi^
zreKYX7cKLGv{QMq^n6!KO{zN@LSKjzWm-)=w#m+yP(i!SD6=Hz#l~H>Yf~F7PQN$A
zRekBC+dseJsRDipd-ssyp-A3z4T#EuBCoy43Ayo`CG1mLgg$=(g;{<g{MV(Px1Da>
z{$6Iu?*oO}|J_n6TYjqooBl5sye3K7eo+8v?8_K3tJDs4p}Cuo4j3hfQ6fA4KuNIz
z30*`1aqH(S_4;JPj3=l!B?6HmF~<$?vqHEgJJI}+NPG$4jlHSqF)nYn7qmUj0h)kb
zb^oxjrIz-Px>mE{?65N~H4Ya{DcI~up&NaExSVu@MF}?POdM=3T4ladeC>~!Csu^c
zFbOs`lZ;AVI1I@`z%NkT@B<s3S*35DY*&WwU`mf<uK9+>Y^ziXK<2as6L<!<(OIDU
z(gakp+*OtOiQ=$#sZNA{U!o{$<Oe5`mZl$0^_np9ikDS3h113XdmPebNyQR(1SQOb
zDFY@}J6jw0^$=l%k$x{bSlc#WhNPrq(Z)SCE<M}@i}#vva?P%8V~U(BwQEwY@6kP~
ztCg>xIS`1Z9o+z0mGBA(mjibXZ}#mJN$>rd1?ijul8i?;e+sVeC+fcHtuDJ+AMoIi
z-*vR?CzCgl+|Yj5D&*3ITfsYI2cG@_^%RcR9LIHIZAe?3z&<9&ehx`{9>-DstW%53
z2^?Ukbrk#YC&yS_et>I!vkh!mg14~p4d}{nCysCE8#?-67{5&2bb2B>p1Q22Nu4|2
zKHB~v^k5e!7$l|?09kegzLm$u5FTA`6vNJQ;Ge29B|W?jy>FlTS^WQAVEUhv`hQI*
z|41G!Y0w@j%jjcY?kIl;rzD7i>&a|Pu@mDH@HGobGb~O?6(|gVYr0A2OdOb5dNYXf
zT`S64=xb_H3Rha_YL;QBQR4$O=xlAb(OdplS1tJ1*Sz-G>*<*>BXa3u_g&BMy3h7p
zXYcYp?Koe1-4{VVf~Hf!sIVT64%{4;{;2M6Gj(iw_lgSq?!}YEXsc=m-Bncdzpi|L
z<JGiDv-i~(RQY@f01=+#Mz@Lo8wT@J5|9>nSJJIL5Tf)cF)*UEQ)Cd8%#Ef)e=G<7
zBn8L|d@I>1AtE-d3*1)vqj=+=>}7gu9MLR4;ETTOp)df9j<`=D>VXwkUOpg?jz>E@
zr}B>1r@#aoNBvw933yHk98;m~KZMCuXh4#u_K+Ge;;GrgMsM*@8*rwU8zcswt12IY
z6;1aSN9!&h3`>h-L}$R<N3Q_1Ak|fTE6Kp@DBP6xhYQqm<1FBkgvwiATSZ=kV#HyA
z{3&(NU_TeuqAeXm>n2mko;O!utaTp)d;bidKU*%eS?Y1DVL`Kr0vJ1f7cJQMO8d5P
zF7D!kXrX^vrolW5=fjcnc>2$O1PBRpw^3Pk4EO16<^zPa+84XJZF_bI%)JH<3^=gr
z(8up&^vUA&3D15-oFIliq~`wlxoxq$A=K&3xlkLTW+|rd*_QlrTT2Abzz1RSgHl(k
zT67nS9eV|;yf@~`la(Mk*pi#yrZw5KlzW~=Q8>;DLJ>_E@k}ea<*&v<<Ia31RVF9q
z1y4q3>B-OEKYlPa%3i~T`s~NT`D1+h-GaYZqd0)GL0H*N-ee9s_9&<MgpQD46J?rT
zl@Y@HfOmHwsUK`|la0;kSaEuwJi*aot#pTj64fOgd_b1ts-5aM<O=1O*)DC*y;se1
z)_(vot>``PVimTI%es>Z3&`e%b9gJ`f^#8br_W(K-qK96bl04{qQ_+v{*-8E;S3$k
zezU?usvlJlX#!b^cQ%Iyb<+?o4x7l3#aAo6h=3H{d6l3Xju|V?yrbKheK@_8%%@8k
z@TD39E0N;^yI0xmb&zkfd0_?V7dAga)`8AWkeaU+b^g<%O|W`K50UK@(2jg$G}m$n
ztPV2;n`ROX`M8EwY$9!aWW$TMWm8JUhIGcX@i3a-Eea>^u1ccsVvH{5e5eAp#R01C
zV2odGJt7sL*yvNFjtEe<EFjo!OK|tsh#qh|wCz3|?Rt(0-0i$2*l|Au#d9kH?ZnMF
zbt=-uxf0XBI2kV#$G|mp%%!D|9}#VA7r{t#wB@9;S$6{$&+E7}nNsbB;;MyM_lW6t
zv`ivPS%rba$C9Y%lfy9i!e3$WGR?kVmgqBA;|#TQ?XIVO4#M>t&O>`&kLla1TbSDg
zBPRzXT#SJy=KZ5f80DEZQdpx^=A%zya`;!-NBTmZv&qhKC_}cU_qTswU)L?-yE4v;
z`UYh+iRRCDZ3BtdeX5qP{S60>-zJM;I`^Omq!pj`nfMt8C67hTvu4bx=W&aLxiVQx
z&Zb4jSVCMZrlV<Y7K$j&6(-arH2WCz31#8l0rTQp3}BV1Igrq_?_V8Y)GR0VKC}c<
zZja(WoT#s6r<~GgI9?GxXtx>fV?Sr88Att!W2V6r(U!R$UZGYyx<BHc%nR#IulqmI
z#jpAq>g9O<+->?zRnI{$cGaZiNne^TKzZ=U>EiJV|Gj6t&U(oue}QIe_WO~B6WSVK
z*(eb862wd+=h*A?)JNP!cdk9$8mc46o$hmqeWKg%OuK6sd%_xa$eSrEm!2_hyrcYP
zCG#iRki|Ul7Bl_a1Bo*mha{V8l0j)Mv$$M3^0gR>bfmG^LM9S|O6`~$&Qcu$hkj|u
z(O6mF#05?|3$zlWq{Ovpjx`LJ6Q0TM$GZi@o=`8(jmA_O1->b^GV+{YYTilTdVB>m
zmdZM8!=kq#n{*0_#&Fu8#!x2rI<&Q8r)A_Ag_i`VGcBmq@rT2eU~a!|YYIryaU>dS
zrRl!RVq`yUDo;p`EmOc1mchmOmtj>5sPslB48W{TYy-yyi9+HQ38vLhsHB=eV1S;o
zvGPVey?+mENf$0?JyT$wzP+`mJkijxX@f9BlG5bGmGYT9bl)@Cn8wP11ml35c3|el
z&<n=c7@{ct37qDcu9?a!Wns!OCD7M|NdiNvZ;W{qzdh{wy5Hb(7-=hNznx)3x`LOX
zJB4)Ynk$PL5s9UeU@+d6vZ9*HpV%9P(r$-dOp$wO0pU2QpV3NpDOF<wh40(lV<&cK
zDOGDji4QtD{}HLhG_^Ha9)zTVSKx|LnmbY+q^P1NX@e=%4K5FCRLKj!<v6u9TOI^`
zNl)O4Lz+8Q9^|m%s?crlCz|wCFc`T~OJb#Ds+AH*UO{DS<wUBL6Nqy8UnRC>C0SVm
z9MxkL0Bs6Iz?lksZM9T>V@Ic7hwUgwYMf&x;RzT|01Qur70<}WU)J**xXc^cp?5rr
zN2Ip#yVC*KwLnZqGT#{78x*^tsq9+yUs39gNOkiI7dAdY$5|ZFZ62VWxP*uJivI4R
z(0oWmjv6xiBUO>^q?`@zj*jprV3R!;gDzceg}U07tFx`vn42v%ZdZ0)kM+9TCaXJ5
z)`XACA`QA(CT&i{no%+<vxV-0YH7<Gecif$<!tD#r8^utz?ky1E2;gq`BdKSQj@3n
z-Se9(y%{Ri)1HjP45FlMzMemN$~AR0TX1)HIrJFqSlo-RftaAEhg7N2qRX;>z|089
z=EJg!k%T{(&1TvgR;Ca12ZtvzTz9FdX-w`kt~z=#S-VbLZl^Csbs&~fV9$=>ELN;H
z*e_LQ6v;`mcRy$w+aB?+_Z?9VNoWyf81)Rd>IFg-Vq9{j&d|Jw^-j;LzC9W0IqTVq
zE`M$+s_8ah-l?gpPX8Hs?@#67c3T#Y(B*^?0S^s##FFMzjAkdMw(R{CshbPHy5FBB
zj}?pt5n~E%2SnctjY8W9;;aRdu0gK{%95|41<I2B%P<9E69n&83*I^pZDWYDCKTw{
zh-nI|CR>jURz<u97YJwq+B6BWZS9|R2GP!jXiYb8_G%#2uIB{HlCB5*%kZM<pJN~7
zGY`_$4_(a#U!7^d_WN@h!G>ud6{$MaKpM);2*Ut#!+;p}@&`rz25Y@mAi&GfsMP=-
z><+m)!GJF?CmVci<mXx%ZM}4Mznl~(cZ9*%laXbsfo~uiYITUg448H<_!<W8r4sBV
zGevzTYdu%s%%!MLt3eHzwq(8PzYL3wKwVo9Z;jw?A>eBE$D;=(c3VLZW5XVvQbx3`
zvY3Z7c$&;idZyUbEpU~RK?tqQXxf#w(qym8sWsNjwl6Z;F`%{&cmpfyw`@}@EvYri
zwAv*;puCy}h;oj2SHID!N?Mndc4+$yHG5_oarXGJ{}_7BH+NQ=Xfp6^>S)ef$o5Iz
zb<*1jCbTc}p}hp!x?wR?tuE>y=h%<5t!;+b{@!Fa;5^29tlP&FhSjaff7c1f!qmK>
z50d|<x^tc1*4*}+28j&$-)q<WFV3zi_SU9$&i@97{NwamqN1(5sD<|FrY!-Dj07f%
zNUfK@B)#OkbclQlGNP>&k0FL{?y_hnZIx+~xMVm>=y=cmoX-LhJL>^>5a+DT84V;m
z4?<kG*6)3&v9IZI>-F||0`9k@t;8ChpuY^P-AisRJ9ZEo*?krlMKMRuR(9Zv@l)05
z_oMD~P#h=*(^YB!Rd#aIoUI+-uRQ81HP9M>6Ar@;@0|N(zx1qJtG!iw?mWe&h(OQm
zq84o0nuh^8*Ieb2c>@~iGm|7{pfxW!0r+8a=eI8zD7pAEh$_^?%qW7G?MekqxXy5+
z@K-qlY~64g9q~&Jb6aY=`J`)e28^0aB(Eulp6UrbLmd?Fp6Zm&qbvWOTZk8WM?qSS
z=XS${hftntw}QXEO?&O(1TESsD*aQq;!I6y2yS|;Z1*J06RZ&%)W~+3gIoJrN=7)1
zsJbc`iz1tEaPxVA#~{j9nq#Eg5KWY(aw*dq{aNw-@(rdKE1V(w5J5*nC9Jgmftv7<
znq>WTk`z4Wv{id7E{vU3d&njZ+!6Nc#t=*NPf726-WHMkRd4ma<1R8i+v90QM(#F+
z%&r_7G(x>DuDcsEsx$^_N{jTNZZwxL!{@Tq3PZ$DGAqF$y~{;~;q*`xW}H~VV8g%i
zwGqT!x_&c=)#O_aco|Z#Tl&axAtw=&W;IxkIQ&&4x^it(RYn^PK{ttrSl{e#dk`r8
zztTWKVjuA=T2lq(WP_(QJ_nMh^eRK~6T^Z=U9w-QbW|1fJ>EY1Z_!$@2S-%e3*(Hb
z>pOW3blg~w#bI0oO@wimCF;p#G?SWz^q2n0E>rGkbjn5d7udzS8Yooj7p&3~KVj(D
zkk{oHU(hVJ<Y{tfNj4L<fxKjszz{@;_P`Jp%GrRiMhfD8GjdW0otQV%%waUy$3I6O
zIpa-Fo>7pl#wRYK`QTri>V!3hilC<Y2J}9icCOa-iatR!$E`oDIo6$}kuNp{?6BS2
zMy?}<h=Ef7P1XiJOfTEL$CsHmrZjYn8Xu83N>HHu5V7EiY>@bqL8*>iY>&^a-&*43
z4y()+YKfQOQTnNFD}(4e#2Rqf`l@_z#TsXHK6i8&mmNh+%qWw_9zWCgW__AqYNo=+
zS^U$QLj=rU5`pc04;sQiQGclo49gCjgTOQA8REYp8>19-3m@OeM*TOkq5gk}Y<&A0
zeG8}jJFxkWXWwjR2YWkbQ*|dphi_UWDbv5zr^=gl-_Qo{BB|>+4vv-<eTe|EK<1BZ
ziEbh!l;j_xFe34lJoeeDjpGe9+p?B^&>n&Z<OJVRb}&pA!CAo`0{e!%m~+`IEZlF$
z7iDumneDy)C_lZY54+=->7U!fWf9YObjYVS3z(Nn!)St+S16@he5hqp$;J2<e@qpV
zgVm5Gcv4`DN(g%_$UP9DWrT+^Hya^U<wD1xOX{EYItMFq;gmqb(hWhIxo2}Kevk~=
z(jUf3CHF|LRn6e}Sm!BxtKufsFR4X%^AJ1~@1XXi^G;o{qTKfWnp{^lpN9_t5^`Tz
zR>|73JquA=xn0t#<v72!M1J2Mk}y+qY!9olabIkRJrYjAe8qi^IXMt;;O~+|D-$CN
z5??@A^aVnU0tV56RTxSQ^Yl;BIOfg*;0DX84;fk%^M#kdccHFhZ`#;&sYx^at(QHW
zPS31A2p3KXt(lFBK!#ysm(~|aU@hISV1;_+r&WIAe)%AwxwfQ>^}R}Ga6haA4%YtC
zLFwB>=`-4yk{Z!vwRZLf!8?@Yo!yXa%^9n+?*m=tH~912#WlPOXb<s?kjfRLhoPuH
z__Y=3kSy%MC<=9MFG#4U;TLxx54ZbKq^?oC$~n7{>=$_0%$9A`y;zN@nJWlves}4b
zJ>_$Z2d-hJkF82uPkY?)&k?5rPa#nFjial<0|BZ2{~vMx7H{g>4ydYFpK@A_mYu(l
zEE2Rk&}D?CK(tB%mz7|_l#~($Y|$OF@D^(<8!zqZAL#XNxcDxrSY|m6L1*Jv60rLr
zvF`=N^Sm9!%)Os}#@fezt#9jOVoU;=na%ml`hDJge7)Frz5L!~pa)(HanGtpmSie^
z=ZHl`3H?|L7AK2--XAGn1IP>>`m!3T3`+86I!ZC-p#@QgGBFjCnRxH{@`O|qPBGD^
zX9kynpBEF_j=w1&#e1TXJ8XneyfYfW=uCwb2D6~#8s4O{Hjj`mu~ZhKCl{Mqyj<27
zXl|`d{bE#O#Qv$$`XsO2J;%6o<}tqzg(2zesx+P<WEVxpUXs4Wk#v}v=wgvmU7dmO
z>6m1WwN^gk)QX?F+N@F~;ZHmHtGY^aM}J(~dy+a!NtMa)d{RNxf3Ihy-OTOMWDS=F
zOH*`t`JO|amMv>>R3;?;4tseVDm0N^Mh@ez2wbfQ#Y3PWSyU$xh*@6hYPDWyQo&}w
z=J3W1bm-`(P$*0Da5E3TRyN+Dm=yjLG6fb*@$%NUq1Nz*>Cebbre-cHl&vLLKoTNu
zWvz1%9`?*h$9$f$Y*Nx%gEo7Qu^{|WdMRyN_A^s8ObAT{lSqWID#{o?W6JN&l6g&N
zWtX1IEgpll^ITn8-PDY&#*dUXrA4lee72+0>57-?th!c`_2ipxx4Xu4r2mJsZw#*N
z>zAHnl1%IqCllMYZQFKoV%xTD+nR}ObK;3@zIiXI?(_e0>#6%;pQ`<F*V%im{&lbJ
zw$@w1q1Dus1*SdhY<smh(jS)?8j(}(51fxzg~+pO9zv?XQjLF<vGDgXKMTo}woACT
zCo;~rMJIL0YWGE^l$k{^za|D3#2@}(=ITBCc8U0nk+V)EBp@3(C;1vD$83d_O>!@#
zm@3rVzF(z9xa9Bwv|T@6mheG0sUA}cW9iR~{MahjSw@TwEFwe~u@Uw~N<D5iV@I8k
zD44+s`J$hQBS(&kBVkWh!molAh|t~eg>rLhR{J_S7s_-=*gH5$H;o}GcB;Hr;~>P8
zE6RQw;g*sBN^sn)>7;8cU3ASqX?AP&gc(@kBkZARQEanxJ2aSfd$_$EQaiDvdpe#E
zPLEFUO1rKrv#>gBsT6=`z=3kukk!Vf!Xe&tW(;o*=13_FrerBr{XLs?_1)HpDhs1^
zhi)rHq<pY7!l3O1sLOEPNh!lUUlL<4B^xM9n}u3^Iq?`1G>wjH94BnMpQKAZTD!c}
zS-Z*JG2C&JQ$?P851^Ob`XsqkfW7JJhiLF=&ETT9YW{}o!CjkWlF&3_*{^S_zva*u
zvoszR!(wHwn7ehvjuXv^ytP4i-Gm?W)5V<FGZmTYC{$`>h-iyH^pz};`0?>G2&yxG
zm+iaEyCGC>i4kFi@uIHk29V8h1cp$VXALHdh`5QF5+rXITA;|hlh9|d#tNGfq}DMv
z;4Dk3qa9P{A24anb~D?OqV&=lKy^ladxf-G9bOsY?X_hM#B%}fK9h1v)W#l7)Z7Tg
z`<(;D#ACeleML$cgH3cuVfu?s0tNkvZ;v!C7SKCgZ-_=kCx#_u-W}G0w01W;&lsrE
z*mmkQn1G)R@d}OH8IgR3rP^3)GuaS$Y`G;CJ9C52(`_8Qmx9V6BHoN*Z>4d2f;9=U
zrmk6gsx^0yd;F5)^e$gmxw$xaMgO7=xA~y4tD^H4(04YB^;j3-iSbaFD;gq3UxzUu
zw;ar_FN8BdfL@Sl9F)Y?kRqrtcnw4QnqKfE1((tqaL}A6r7r?p8B{!DA$O+LUoCYe
zeb?NJApyAJ2u#4;d%7I?6UFpripZPQ9d@BS+Y;u$sCxo3H#F=wVV8Wv@M+S=GXy#j
z&3fSs(X`c~Wx0sw9<W9Jx;EAE%?y16^?ej*zhQ^2@UfKOmXAmD`XPuR>1~Icd2PZ?
zPqy#G!R_@jcuMOd%(5gYV;|E^yboA}+*%bn!+(7KW2O)eGPN`L5?GhNV2I-XX;b)$
zBDQr>bFlc5vi=K${O6AFC9i%R<iPNmTFuj<_z9mDR;Co<f~|OsEg(UhL9H<Z_C4Iy
zY~5hN$;NSw!u12ER>GK6_v!na!q8*WIB0{Lf%N?2>#h5G?ysKDZ*?&?C@5{|q2XE?
z)S2W)g9A1jvk5i@0TrYy-zy=OVA)~Q^U#@4v40MT?X>wfqEjtj;*hhYSSI#D2PgPs
zoxn2nw;2pPrJQzN!-Pcebd2OuBzuRP$<Cy}&ciLIc6Qq;Rk#)$#~05)YWA(8k1f9Z
zPK%D+2=lTlKhaP6PSPhYXT0dGSAi=h9AA{SDVoO_11WMU&RKutX3OMIp#Ef&zqYpB
z6kyAC6;5%y&}opj+pSxs@oea>X?HerDk2t?SpD}<A<=+fa|Ff5tnPSxYsUb2@_?cL
z&3^ACQ*D?AbI5i(aef2Fqk=@QbF|>EN9{2z3{#s~Z(mU`g*3K$tNl*|Snj4P$XFWg
zUZwBYXgLP+eP}sM6ER1|elgd22JG{HqY|qg%GRf%U!XA@fN@yleKp#CaaZY_dQo+s
zMc|+dJs34y2V9J@`DW@k3XX0myXFYqT{(ALK#wiXa+_m`P2gzF@~5KRUhb?2)C(Cn
zJCD<`aDfq7)(4$7p(g%0&oSmM)8ZOio#i=dSBFQ$gak5&RFfZdco6bmdUuF<?nsV?
z)H&`6BM@=o%}|nri=tQU-rc-uvxvh1wF<rX{M5(zb0g~HA?#-9YJ|erjb3zPY%+;-
z<dpcIu=Qa;EW%KV9I^OJav;pO7pMs@2TqANmEIuoLCUBD+;So%RUin5Epb!O_<+n!
zdRwKV&-Z`D)-qnO!HI}pX^e#5zVZEEUh4mPgVkZYv<{p<e`+ixADj*Vb7F9_5Djs-
zVs4!RvV+)LjJU3;S`xRvIU7F@sm76rB;0PxWTvDjYLXX|m^ATQu;!6O4Z_0_)j2~I
zYpJaqiLQ6g@pL$2Ypt%lsIPu*P>nlO1&LXGUOaODd7gUBlB<0?!KVABPLX?05ToWD
zw$qHm>RU3IYjxYf`e*)-uIX9IW^3l~Rrl?8=+E6+*tceM-@X1nyO&-g{qEm=FZ*G;
zP6qjoKKQVn$mo2|2CI1|hWJhap9Oz?3krP~XMb7TUh;N@f6`y&@+NJUMjX+AKhf!Y
z*x777?D$^&;(deVTRx^s+SYry@_kC)dWa#o$`>3!Ohrf@lMFTn65Gbyi5DAsD>cAf
zo7-XR-b=z?BIZsxIu0gvX;;Ntgh)Rc1QtBy?^`hiDpAasme{^6P&JO!Of2;~-fd_L
z9X`(x2e&ioMZi)#7-Uk@?=uQXdYLB%ceINmX<sA{a<=!yk?=YxX)2!d%VwDosl60Q
zr&uaoBtzejj&~_qj5z$PNu?B0#b}rd?QR&Os&o&OG!Lm#pj`4O)}+w+n|!~fS1c3F
z=)FbNth<_b8?C!qgxs!~IT^Bm*)SOAA%q2Mfr{!h6tFXJp-yiw=ra5^TLwT$quHqg
zR3bd@0jX%yHW_iE2at7Cxv`*zt5MZ^YdV%vLV7M<4u@KXdR`7YYHVp+E*^j0sRh67
z^j2Je#Um_1-<-J9?;w!5JPQ$};Qz`8T5V1(<@5|ayu^g0Jdg@3iBl8PgT~wUac1Ge
z`4jk7G2n#3B7(Ofyto^=a3hA_bTvUbw9T13|M+UsOTE;_iBjgM^su4VUH%yxB#OKw
zJ4ovZmQ%)e_>)x4v=n~r&EPYyz}zx=0HX3u!B>BzLh|W{Q16FZ@*MYeEZmWx3O*w@
z4pd{LhRVb0MSR)VL4=dA2NlOEt~9JODcy}VWJqAR%znQ0F|B_mFC#x%Nh?IZ>g$O8
zFTm;bV<>g9Ht{yX`OR<uryOkuijcr=nYZ2o$BSfwSj2|pHysoFx$LW9WS$R!ObqB*
z6WkIXr39;Eb8eivf^dD}38S8cAXK*>gwZ=7uVoB~<&R{bLILh37Hb!n5hCyui_K#t
z#EM~bD=fxT&1{IPSg@}``9uTgje;qBvbH?HNK!$Y3EE6c(TGK-Z$tMN2Tkh?Q1g8B
z`cfN`M^nj|h{mGF@VBrsr+G#h?jOJX<Mk&T@WC3#QcN3;s`P^rGE);aQsTW|tI}BF
z8hF&Y_?mNF7X0^mzyPF_<g$UsSWsjE{i<J??e%{8`EZVHl(vKLAyvXEt@EY*P`$L{
zu&S3&sQwOR9|BYcT!B=q`07r*;k2i}!vJ#3V0#LSbut#J^e*Ccdx2Wp0L(qH^PsBX
zMGbn|QztT3W<)0~=2C4g_8=4<G3A}(p=4S}gmB5I8AB6c`biMz#O7?BYRaj2eo2~9
zl?XEHue|JeF9IA~33-bYU-f#<gvNK%X_2p1#VvkfR47+b=AMCeob#4lpdnh4DQEm>
zgBS2GWcOr?tEb^B&0_}<QN3R?i}`S*grIIsnY0)5V_KVDW+yN)e7(6{CbMvDBY(1b
z%?mV_`P#rM$j~sxg0UF$PXUK?OUV1R`C^M(l58$=oxZ7*mYJBE+@F+=ke-^MrH-7G
zFZ*{>S_7PK)gzzjh>O6U9dQP<zGP(+R7=-SuXCb&d7S{zbF+OpqD_=0k`iS+HXxbq
z(%~Ly&hTaC6FIM`WTz9xoW&UYG2vIeN&&^DTLNU!@Bj)9l0zv)r*SL6a@t(w#wEjn
zCMADO;;9UGfG6y89EEqo@_-spo1V;ZL_X`|dXoaAKgow%e{T4PbiHw|{;07G90~Gl
zg(<5<s@zLGMPMJj&Wr8u7$fLIQfH~|hjZIwi;I=j`Q?rIc?&~ncepVhAzOM9;{KAL
zYhnax5;hD)TVg^5C3tb^@E9whTb(!%Zy_mHGaUq}Fj~#HsI({6NpW~+A=zO&_T92D
z1Z;<aB<urH(ebDu-h2zqQK5im^w=pSd2NgonRX3Zh67bG=hoR}v<!#NF`K0}Bz8q?
z1V2*`ZN>xm=Q@I)3<qUi3rVrZ99$TT$LS8GURl?9#hrx??=Q`2DmAF6reWGBE%)I-
z&m0{3Vax@tMPkxHA*GAH?^RU^mX+&so69SUivlv<ir(+CaF~ilW19_X@_#Q8VAWqC
zLIYmyAmKuZX1~|F8SZcA_lwz9tt(Ck)RwoKtUoNZJj6`l>TL3Gxt{lwxK2kTSE|-(
zXm#7Zs{qESWS)~Y3RltqlWXszGw3)gBU+Zu@AEj?He+VWIgexB0hPRU!F7UZ6+Suo
zIaO=OnCyLNsR7iT<i>JmVLDL7lIhNuTxazLk|=Lj$1F-vxh1E{2O=`MM>QF?%*_MM
z`T%8}h_Ez3YolCNI|s)ukaUohGU5iY>N8IuH$NR@{AYw-oCep+<2>^DL<aT&;C`<*
zFkz{j^Em69K9-KX#JAD}>4PxWYV=_!gYF|4;UN<>pJSm!nB9g)C!xpy5AuZ=BoihL
zM452Kn3hq~S&|lw1<^%jbqJZ7iZ&!j5$0{VSdISpK-CQVLu34TQp>?tg^MZSIFb@q
zdX*eA>a?eC=^8EugJ#S7Q94yV+?ErX5P;-Gx$0!a;-)oy#+`cQ9KwcCiukMcz+(=(
z*+B$$d~OCI%yeaGz1;#RZ0eqc9wArDhLeK(9TM6!RspqAJzVxwy9Z$@x8Ix_y@b6w
zO9hNm;jwqaiKJYmRmCJms~XQaC-cT0YFmtz#$KN5o(&JMcq!p68Ys{?Zt0LqJwM`2
zJZ7}@9;~`b{*YXi-KTWHKuPcQ+T$}9@O`(Y?QCl9iL_X=Gfb8xPAGefU18ZM`f(}@
zTYy{EO#D-9&;)ZrU(g%A%!qOR==V-|fghm%2`(K^-jVT=y(L36y$Ff(pq|BMgJI~8
zha(wXQE=t`<#~4QXvNq#qi*iATEMXd1JU#M7+-sOQ@9tDr6&ZQ1<Sc>Zq1TK5*&o8
zU+VJ3Rvv<?Zt}RxO!^A7Db;CF8TCflo=Apa{lQ?O`UQw=yQGk|5N)gj&omadr`t=d
zc*C~dplk2vE|+tmd7HQ3=8s~Dj=TY9In#ulf0<@4E?XYW5ZQjFS@TV5(0KCB#3}JY
z?ELi@f_R5rw-_<R-U|l0Nt|_OrNh%-^qbkVy()#hKo)vRji2+aIwEVlZM-!+yFX!)
z?a-tqc8z-@_k>46yMfz7rtZ+A?Lm%_$A^!nkkX-e!6RIO(V?)(wY9nUK3@{NQjaxJ
zjo=19<Ci#|H4hKR`C_?ugU`zvykOi+A1!Jelrj{$!h%bJgG`g|n8g^PP3H`qZ3S?E
zI}X!dN^=w|xFO%RUviAc%oik*A3FKdUQ^)>nhY}(s@Rod4E9AZP;>72L?l6!Wfqc4
z+^7jD1aMO3o2Km0Ru%EG%G=}aA80zD<LkX%yGOjha6cl-;Suelx8K&$gmSdV-a=l3
zYY{$@k=*3jz`@SH#YB&X$j5vQ^J9+cQ&a4beZ-p(t8H1`cBqjOoi#DL&^kDS30~7m
ziRtyVT7k_Js<eT<55Sh;(FMD`FO^m035%d7#*#amu$41<;{|r#C*GQKU)8Z>zk_nB
z2)55Cmn*%m<P;tr_Z@AJkiuGT_wgVJuqB?U@}wwcH3q!ac)~GBjyav;iJ*$@-+YPk
zo+fl)NdNVBwTJ&>N}pAC|AP(c`iFV|pQJ+509sSOp2Zmd&(R}QS|1bij>T5-H!7!e
zJ2QK#-a<F(aB~zn3Za}EXwDfhwA}6&%7$yrj5KZv2KTe0JYg>qCfe!XHeIrsOC7M~
zS>l>urM8oVHit1PS%YI@SC^S?fy18M5L&We+E9>jfkze1_`sTEL52FV5(mnZ=z=#v
zufOgWVyr#E@W#-&u`X_jH2gn(LWxMupw^0Q^fXcvX-<^!NDiM73a*(cJr<LP>!Mn8
zN7d`Pq91e@J4f$H_Gz^2|B$Pm@qSEYYHLaSC<mf<OfMLpR?)x0LTNeoU8gV78B7L_
zxRP4w3EsQ4X{5rk&5c<twQ?X?)_iwOp2`u5hN&K|XK7#RpvJ6OB4zj$#xm{SUj5F@
z8rKt@tdabzQn<n#Q7Klh5$a5Ad`sTaq>|Nd{i=HZaAs0Elc%O;Kl6ms(lMj!E?cOn
zTU&FqWWju&a{ATSUISDkwWD_83r(T6G%}KTu&_R*nZWCRU`iYgUM)1Qy+&m$*_WwW
zCyI@MK32hHy1F4sJA^IXrBbhOC0ngi6Pwkj3ml;0fk%)`wsp?V%Ln8~AmtBSSe+l$
zDR`!nL>8lxxcq{ycKHQmBLU+MdSLA<%JT`zbS;G{!I~2GLuI$$a#W-lL!C}{Y$23$
z3Y!>#M$yl2LQwgTfHat$_!d}+y2GpCXVicgJ4(n+6?xr}v;(IRkt+_^N=bfduR@Nk
zA^~S9%2$vqRvk0`uEsWowL0)wX~OiGStP4z5_y&Yu}U@RAg{SkV9`qRga_e&-?Uqb
zA+S-@ma+40)wE4WZHD8Wp-p3m%-x$5A8ZEX$jMhRi-*s}b!;$+=6TVH$xx@|9(Oy6
zpS+8l4ix3L{laK5$bSgRf2W-z+1=JCxy7iPUO(7vH<f6+Gt)47LaOwwoX!1I#Qg)L
zA!Vg|+*16*Q4+FH-Q)O-;UQZFocDKmU{pA>EabVct;HE+VX-YAC2f19KD011TQZ_|
z*52cYp@Le_GD2k}nWSQde#q);j**d}YLk70JD1&i*%EBcSPZpnh%L+;vR8$!X;h=s
z>)ZNKpMN8Ah8z5AEzM@dG<96p#uk_{ImtQ%S3@|t)*#nZzKM2MS;$O{Ewnw61RlZL
zhjqq^#(I0DBf5s%$u}*3fT06Bh-$zFyBePE0CzartWLa~uUs?CxGJ@GI*bODrvXu?
z^I#APYnTd~FBi}zV9PHYrf1kDQ_v;^zm3NcHa$wfO&xme%n@)oBIBlFJ7nbmGc|7W
z6u*(fm}9E=2nskQa5i;l3LHI!6@wu9MfwMw!vllr3VCuQPas<#`c-I7cWmZKrlf&-
zi7?jjo?0e90#mGV$ogg@ci<80#>UZ+;p}kz@UQ^P$Io$8|5a6V50l7+tf=)GBABY+
zq;V>rzc5C}G1`zHhM^`WEelnr(V*>6KgP;dQ;}M7F~fEDz<9EbGF_)T;sUj*lvEAA
zCZXwe3#KBL`!Jp>-3OQOQsyvw@!)S<_Pw%uZ;t}(gRQ-{hM5L-WF(%5L9aYVWau{e
z1J}5ij>B8_&rUL08WPF2l-~1-py6g@@EVo0g9_1jE8LWhrNV%{<eD|*n+&0ng?5(e
zYFX9Cd3D9EK9-)fyWv}6_vwC{<)Q41@*^Ny(_EAqASh`hdO~gS!KrOUMhwzUlmF%B
zJXw4#B9&@Z1~3?P`y*{dSJ4luH<c;r_hJ~18p>gNM*YBIfWtCtm7~otgc{X}wvD+<
zvr%Vdf61?`J8FaE4>A{fLKBG>#~I;Qj|``2Lz`FJOfK|~g`U5iRj2;XL44x190S;y
zD?fLpVAqy(MxK5DmG2<b@OpOr(h}Rhh&=Islkbpqwzd{<a&oXRbapZkaWgWp|Nljz
z|4DolD~?NkXF%n#u&Q+ST6{Fhr>c$+XpNB1B{u@c?M$9vj-r@PPbk{8Ygg2M0`W<5
zQv!fRVl%~gUZiI_IwW>=|LOu=8JfeVG?6x}hysyLrB~{s76Qr@k6kcT)jZPx>D&nC
z()6^d=iDB@ntbU|;TubgF>X~TPd8o2o$>pE(jsz22rVG1wLe7A&axR{#e7PPXgLWx
z5;r2)74mn6BAO_i=8?F^*3PMm^GIr46N^ko8P7D`-w;P*R5Uuq<4PsX?yQXNq}0dd
zd!{-#6UfHg=^mC>9V#VA%CfhX?7Ti((7@Epez5fdp&aoJ>$mg6L_z{TFVhVM+j;DX
z?!5_V?9$=+*s}Qt_$;6FL^U&X<wEqliB6bO9t5$73{P&~E;~D6wHO<`(=2~EW?c}e
z+USFWd$8HkzeJGFa*JzZKXHrLb@#Ed<-~gme#GD4gqYJRImOyxa0U4vOlyvH=cI%p
zMI|H%83j264SQCS@&1FMl{>jxfc^S&=fAH1tw->mr#|GI%uO6zE&iviF0TH|TYxH3
zJKvO_FTcjePwhuZ$O;C4K~@42Qixy48jy@a=5oM!qCg`hhT!#!732<u1z@|isa?L{
z{vz}Jj}EOt?tyRf-#kG~VGE0u=X4oi;bWIzKa!`w`k7NCH=0xkCvfE?B@gRm-P;dE
zJ30`&wMIgAxR*#{-6rP+g;V|(OJ|hTYnyBs(}pSPd~M^HNSkYdX=bZ4M9<*;?2D9%
zs+NoASHBT!oU9aqG@D_ormv$!zPl(-7>rr(uB7L$=yyGc5oIb`%WLXq{e_o~!`~e<
z<6_DpMlheRp5V@!JK@E}blm)C=0@ed4?&K4Tf2q_qVt?R)BPG5ggCw@?w3_N|0ij<
z9;qHF@YRu#0`u?Nz2uz#TaEwE4<}pI!u3l9^|57?STo2gM$B766CPlt0n?yFtu_Rw
zK#gdM1`Uu-AjnQI-8BYvMz??6{qcTy0n&_j(3S@l<Dsk_A@)u<{3}oI{m1UDtfeOY
zu7ktj7T4ouj%)VY)o`iaw>GHh6Z0Wf++{;gnp7VRml20nYOY{T{89mpkRUpwULK^4
zN+SrDWBNL+VZ4n}Bf5v<wx6#=^v=xq<wU_v@KSAx?Dz$kJ6I`$HG`1w&;;1M=3pGb
zGXzXpO{iEeq7y=<+*XH-*B|>~$u~<>VDn4<QWD>Dto||*FKPxSrMF(-PEwX_LbGs;
zOa9p@`l$^0$MCOpZRT#Z4HS6wu*5vSPHuK%3%Xch3YR%)V~+%xi785n)%fdv@gdwg
zcyP0KOlEkdI}?lbAP-Ywb7HVtFO#Fiyv(==_d!$)Cx>kf;F8Yc`=Hkr5WI<W2|!qr
z+&lrQa$;fjn@PuRX5uN$0|2^|CfIbAdOqO!$`(^x)n&%TK{-Q32d0?l!g@GoqEIT{
zZKdg5U+>oIfM7yH$E!Fp?3#vIIXvpVl-BC=m>i!(AEYxbtyLrFJ$NSjDY~0Q%{b-H
z!!sc^Msa8^dM`;`CTAe(BiY&4=Sxq=o=Bu@ub$ryeVHQofw%nN)#)61&@?-3ye4;W
zU+wAPQA<hEBRn=LH!m51U_h0LHy8PR*MQyXfN_gHn?ig8a~7oZsHEyEuc*zIQfquL
z&L6vOfj^Ww(mvZCjheX*V;NhWaGa5VeFVD=unD1R6y29anXY7B9?{vSzYWr6SdHj!
zmIuieAOrzF&TG0Yz+FUtI=6xGbsAszs?2}*$_-3z#Ao0)?h%7M>M-mbAzp7HL{8tl
zpr>g5?I)n7FIugDj7teCwZ#xzmEDZkedn(hrHMtdlMG7MzEO)6cj-nCw4>H~1&edl
z{n)w%TVQ{Uqx#wcT>#1F5cLm{p_>mzE#G#Ra^NzaNwIEonTF!R9Nl@VJ@WG(^k&lN
zA*^J{i)2%~4ro5Bg-d^E-(BRSgO7u<GGq*c>>UoC{*umKXBl|j>Sh^Dw?W@>KZ0q~
zbsFmZ>LeRek@R%Jnm$>oOHFXm8R}&h`&d3)$Oan!Q})HoXM))$qt+*~mY83Sz_uSn
zu5Ds@Mcr*%BdzxvfXB5JOmbfTSg$43nnuL^j(BL+d<fV4Xgkq#OopacFI<3#)+kw%
zIdzFkuIQKDEX@TgA46`3q8QE?#T3`Ote<sa@WCRYFfk&z$qf(`ZwcwDc<>DgUR9v1
z4hQHESpc&SV=wm<XL!PFX_(8O`CHqz*-P-o1I^=#7@_xeX3*b$#5a?_pSdP)dhro6
zO6Qzp!kRBoLk~G}%FpibuN#BSSWkdLVs}&v3RC-q2;}QX`hc~M6FPy+1#CP5O1Vt9
z!p6jGOL(9K6EqHK&gCNa$x-ne^oJ7SCvxIP^&Lu;SFM@~x3}}$JX{c#57f>}-IF|%
z|6oJ1JexoGd{=xX^2sp@CY>YY_76uu_KbzK%3wO$5)wN!ky}vG@N5tn<OL*0j04`!
zN<Up5xVsQ4{^hYV+CWwJt?(&yLz0QDtvh57&Z+zzk&T6G09HrS>irY<0>E+sOGqF`
zDy^}S3C9iBdE5;NE|uQ(ZMSw$ocffUK(nt4XiYO-+t%?`H6+j6bw+&{tM_Jub1Tvz
zWwjuwjxSXxUjj|r3k|Mo3av-*uq+?De0+d?*0l%w0aZ1aS+(3c6WyBL=bF~wTL1l0
z;er_DlNaR`gpc;;E`e8&7%&3(f-#K}DNHrJGG%1u((sMh(mKDzxoJU`N@oG9B!wh#
zp}Q!x{Ku+@$q7SCKMghiaV`3OKjahHvCl!S?VdKI{2|B2lr|WZd)&s&D~ksAuSB66
zdek#`7fXfeWA+Xs1si8Ga;%EWFQ>Co8!49ND!>+2F0YuQ0(W>K2IKLNIdNuoM44HH
z#m4tBF$3$@lQYu+++3#DjWT&BBzhbum)JMGM(mzmP_OZrrx*ctxz=B17H{IqK7<>N
zuz#m<u+dizem(81NykM#btW1>DsfIpG>6X!Ii1r=N??SHG*2P)BP!KzA@s*xdinhV
zvEJFdqbJuy^z!!oM`__3gzi)B7p`0Qy8gE`%YQ-uc>@Ono39@eTc`irn@pnX;rr-e
zg{O;~{4kzi^a%_N_00r9%aJ?Rh4WQ1^O&!IuwLJO28*ln_w_&D8UNwYd;H<YGQ@F%
zL)4d4%-ygj>wW-vJJ_>>9hnl17VO$QyYAb-jYJyU-645?qKagi8-_pjq{2;RT{Ry-
zr=6XARkhx6CUUtd?!pMFuv*hdN?kfI?Fsq%fIB9t!b^mRJdmG6&yR&0B7kCS_pitn
z5ub!g<V%_+gZ%bQ>fc1R|MBGieMs&<ZvM5pO6AmUT^aRrb0Au2`7Yii))tP+$jK&w
zChD)cUfo;_e*=6&vlIP_%~^*nE*JY0tBkl`3j%lWQ&60K2C0C-u7Z9MW%9NbAAS=b
z6#Md2MhzS?KI*|!m&4TM+eQ17o$uQlj2}@QU?b81lL%T6!&VfhP>`EqK#4JiDvn_z
zfPou#uq_G-oW|c<aEJ+7^E(kylUbpgEO(>ezVPlSIqBeSQo!G9K~#5xEVSJyL=Mb(
zMqOj`26qKIrY1A=C-9sax02+k3=_LJ0tbIB08%3J@Dk>V#tmG0%W*V)(Cd#9a>he*
zREzP97M}*iti{cFuO&h`>QmG<mO&k*6_(Qd$xLNgo<SYm31B96hm`48O1JC8?m>gO
z3*l*-Xhy1=fv%kAM%~1!L&q6VYp;eB=Qu!#nv<1Bo98@rOihwx_#WQ6M(RnW#-c~+
zQ8+j7y*CW4HQH&*QDz-u<Kns$IV%jaMI@Xq7ZocVJERhOWBwfttgBYw-CvX>P2vx1
zpu;Q>ebjlV8N<bHoLe_N6Xwt@TDF%7muq-a#IT3(Ce!A9H+xEQtGo@|yAPGv)w*QA
zj=W;`8=n5rn%D1#f|_t6)p~?($_o@jz6-Mzwb1x_YOI+tPv-rn;s9M_4C9G1_Q+I>
z-*t@)rU1G<oc@|~h50$*CqP%lE;su%J#~@>0Nh*<#cHY45dN<*2IV0^8x{bCx=cNY
zq;Q1(<Cit$xfkyC{#k(T6^7<z5BL{~L+X#2G{fG9ho5nd8#^@F`~~ZjV<7Y>Y-y_R
z$+(H5OL@$?$hlCa8aV&hj<u2S+3Kk>9qS>xT|jhc*XCFLrSY`*B1yHv*?rLVTsXza
zXwB2fOd$c7T}@$>GB1<|n#Ma$!-0&S6|b|O9xF`?K#yKf1CQ>xlteV-$O}G;<#$LF
z*FfW+8cIEIcciMnk*y#ntMK1YiaOSk@R6RkYVG5UVUb72iU06pZw=se1^e8T3E;xw
zg9GK@ckHW&hwsMec|uWI5ud?mtm4X@?w0pC755VoD$U^yIGbbO88a3A+k;pQ29thQ
zeP4+sA8kF3-NgmHqUF5Ci+<yM=KCG^gedeh@?!y;xf%pnGh=sRIVKK`@ST7g$Ilps
zSsrE3)(#{+&isX?DK7u8j|d3j26&|3;HPa4QN4l5QuG3x6MRL4MykwG#M!x3990+&
zJH3}CxO|tSY*BKn4OyMb)hn%7afW*~el-VlitXl~u4q+e7g^TZBA4gQHT+J{?#(e$
zY(-6-TAmYDMm@XBJkP#JsW{S*rM0VL^@mT$MYhUCvRa-Ao}LY)iyJ^Ty&~y$?g<cb
z0sph@>=jA%6vM7N<oxEB`Gj=Z7W}7vmx(I?l7Tl`?1~)dm6+xW8;jzr7T2rrM~vI{
z$_HESsq0a`*eD6TU^*|>Dy-u>^x$q&7!>m-_`j}JZTBtjl3%M8;a5-5zdNe^&(-R`
zhloujY!%c`ofYH6Nkx2csx<@!XbC@Ct69Nv707%=p)leZL91gK2dKzV+YKFzH<YaF
zQS{RHA1}L+Oeu=l3b|uZzDaxSFksLWig*sZ7deg>&ppq7|NQv`vxiFwam0Y$!}Tga
zdQw(oBgRl=Ae6JMz<}FH37NLn5`xSPy$TLth?2@L3V|vj=Au~T!s;1N26Mem4q+}K
zf+Q?76cte&T!!^X;p*a?q|rr#uUAST$ubV^tg**LjZ^~{V(uPWZdce*T^(_cu}Buf
z1U>C)5d9h0N4Z8qxI)O#Dm{K@%fvjqds~!y_p7NyM#^}p0(@uRJ%3lLDYA=k8dvG2
zGc=;raITnbzD0@EEgD@dXy@8tkh(486j(Wsoxn{W;nHlW6@+8(^znDel4bpRgi2&<
z8j*69qB7~P$)7}ufPIp7@m$)MUTcgR`z5MACe_UhW=dA>!2MC-x*=SH`2CS}u7rD)
z(Xf;?@`wzxwUkQ36ai;p5&P7F1&4<WCDg<c*!K6lSG6J|PG0`jn8>!GLODfrd)?tz
z_G$aQq>G~wg6SD==8I0-Xv3P$v6*<>Ox#S}jP&upC8UZ{1I3K)07uS4pj?MbE(j%>
z6ZNitOz4y7AQ7&VTUDTxJimg7MCk8^h=v#dx2nO3`d}+3Wf>!EZc7KOw_Vjno6buP
zVYyU^tf$2E>8*Xe!4y1kmE&rYq>-vZTh93gQ#ZiZ1;f;ExOLS({Dwtz?{hh22uQ%u
zci%b2V){sa($sKO5`3Bf2-#YhC5U0mIGqv=U>>&#l{+}{Z5^VzAjnSdt04C%1Zw_>
z2VEqw(8}SH>$Zajdg;YzA8~}^2&L_=I~Efy(PIQdp0tZcFL-yu&2=vPjy>!7R<6UY
z>UTCfnRJ9D!&cnF<<jQXj@w1%u&_%2a+6C<s#f+Gkz=puQ21h?<DJQyb2|ZTVq(jh
zy{0qT4`=D#$2#L)zCRsswU2+7Ju%lcClfox;W3<%KT<7{M5vY)Yf=83Hi|2DCA3RA
zBaCWKdJRgQ&n<?6H2G^z0)>|lgT#Htsze{vAgT~t;%+9qr!aW@=-%Y@1WoJ>+fSUZ
z7cDnX8scHnBFJB&&lNr`{4B#Dj6fFII0P;({aZGVOqPf}jAe%}wv8`-6C#|QfT#b6
zUicqGw_w%qf)`TF9Q+lux8hGbu+n4cQCQnOMkF)ce31f~CR-w$MW$);6<i+_8%)B?
z9DLa_Z<N_ob}70%M*L_O3az6rkCl`YYvA46tw3&J<%xn!LAHL#2h4=Lu!a*sEXYLf
zZ*N!wf5irIUo^b90il;0@e3>JLP!LXH~xiK@;$ROAJGtUON4B3`B~$W+>1lfpxhZb
zRZIzLBSf{M3na~#hPFwkFTJXE?ozWGbs1{>3n11W%OX)L)*+x0$k!eW^LE8NdTE5X
zmX~%Q{?Bamq_5tkk7F;7fv;6+@5=@+@NZ%&MH6ES2NR=zWjm@>wOkjJQ9l?bnX{Rj
zwKbb4*+k4s`S}t39c(D%(^BRvBCD5~n1(Iz69<TuBF53*F+V``+<-JN<W}X=yibYR
zK4h44>(oUjLJz!-4b!d<A5*R_hq1qWo&molxS1LJ6j1E+tN0yd(t##5RF3@vGSX?}
z+bRADH-(lSis=+6uJqN17a3^+tG}zlIVN0<eq2!8#`}YRk0gD$st@<^GTc`Bo{RaU
zEhNU|#BxTti9X)v60Fub4m@(ZM}iYwd^BuFW-`|Z!n#pdL@0u=5fn1R7n}`aR-d<|
zr{GpdjjAW*mJ2be2_qbBWs~$#Zxz9>keZ7T*>t9i#~tje46iF8J*)U*{)DGPehyZ#
z0Sn3(g-|_g!kCSYGaXLHklLH?4)>C#XGGaeGMuP1DJl}uSg<Rp60Qfh=z_$(?_?<-
zmV$3=Z>zR8HJ*erVX-9{z;Q|jRSGxeu7y1QxgnV;SrZ9zkVGZ5U@1YusCtKE(OAF}
zash<n&_lCL+^Tv$P!GDUDkDR^f}FTcu7EWhekA;|OD|{eT`VT}Woa9@P}J?MqqsK6
z4;qsfmW*>oMTG5VaemOsf)DJ7S_DwJ5civ?4LvC0{CJSbaNuN^k5GPrET#(9G){Rp
zRZm{V6><4Px*J2q4|BOw7hE`Y*1wLnrFe)Budx#Q9RfpMV6hJ>i&=jD3o{)J_31W8
z52Qkzprvf9x5fT|(1w9?!-D^%Sr6d_1Jcugxa%JbIm~iq+g}qBhz)Wn=I>1f?MAK<
z6^tPxGTaan|CuKiVR5Rf-4A0G`_e47!4&yszivGz9!vGuTy3V)OV;w82c1jO=Kjp1
zsas&-Vb$034Xfk31N}pR<2juTjlKtsA0=;NHK-ul`pACq_2$7H#HMF)<U7JBZ1ZVf
zcY!W~iOzsS$D#v5D^d04TsPfjjPl|#vFtHCyv>;1X)<3cZUZS+L|IfV9$AMbfzc#;
zan<=Mo#hHeH)ZB4O#Ad?(uye2@uKd8yg+>}t$r(}wU)>A!C!_>)E9)sR{w5Qz7e~l
zZ_Hic+)j&WPdrO1fAglxZIj(v$_E<FW?dO_aHAg}eWPcr?t*uf%)K1=Nb>`mYV!jh
z2tnw8vnH_DsmTz9VLQYZ<`7Pqz!M$c`ZAiD0waKjf|f{6S#5zMoD+J#pF$dj5M9l6
zCvOjY+b{5{9gLV(KRTdEOiv@b^a=|xQ#wuk%_x|G9M+<sJdw(;im9o(nwC1~!5uSt
zR^pUCnZ~)!(`{%>ZGYwxd+R%zHe^giob<umxSzZ)U^<!CXl=F(y<Bmkrf#HLa#ssS
zsA3#3a(mxj?$kLGTzLlnl2daBOOW2iviYmcM4xazcxY~$Ap`1MZ#XgqK1SQSDC0*@
zygHuMr)QYT6U;7ZlNSb1?ml90m5R*%J|6M1zA?ER$SeA|!t>=_c75Qy!+d{1Im4XE
z-M#<Qf#;a2#4eYA*W5tG$oKo;Pb<VCro1!3Z3M=B98izRA=tqqh{7w;*f+ynrvz*2
zx;h6(P;>Yj6^4ZPnm<)rT%1!_LZ`TllXcmR18Kh!4bNXTOAeAVE!rnrT!UxnVKrn=
zz$IxtmfSh(mcY(G#?D5M0!Pg+rzO=FAI$Y{FOfEOF8?F>OKH|&T^N;Tojs+HJceqG
zA4UceJb{u~(q9puL|?m<ouwS5)SX<(6x9>B5Kluen(hU|_Zx<8V!Q9^_m3+D*uP^n
zdkOGN^cmf*mlvCk(>a|lx3zyhzuCihlG5(HgYu^JQa#oAt?%+tZpS>u!aNDTm6A@D
zOk6}fOHZWWylI>2rIGJRF#u2=<yq=%wtM=l+h@zZT2KPl`gOoNKNh&IH-4WwZ<u1e
zc2AY`X_K6hlrKvmbm!FqqD-4tC+4ExPqqpzZ}|z9$^X<+N|RO78%9)6pf<WQ&Cz^v
z>9w{$sT-UOL;`MH-*a+p8MM2BBmK#BlR~%7ze-(SH;Hh6x{3LtaT<)nz;~~tx;3Rq
z#l8#g$nr#S)u6jq8=aTvl3m3jtC_cSx6#1ZQk}W<<LOjwdT+wXh2cMrN&pjLo%6bb
z!h&7Y&zsxRkqDg|J=W$FPHwj#dI<jr-`)`WxZij2I|PEFWb{{NPS*Wwy=$S<j@;`w
zb(reQR4+NyMFsa6PXtAyHS#w`&L-A)(nK42dF_!^gi#}&5YZLWYKs7ep;B+DBW_&2
z4hgnWZ>poTVmZTb)6b7_X3)c4X}&^)3ts<}q6j|idtQ)n@<KjZ@XioUsFqVoU7z$p
z4Q6oG=FV+S6gC2P*D;u8OS&oQQ+)UG*`xM<Z-1zT@*)F@)@Lbx7Wzo0qwCJ4WZaqT
z{n~g_IQe01Vzx1s>e3lv@*$i0q=!{k>@M$?JPYpA;$(;O7eg;S>^7=ab^sjyfj+Y_
zI^E3Z_;zAPD&IR&A@VfBXZ0B{R!;{@f3VUHQi99H=eM&G3}V`5_K_u^U8+OOktYbv
zW?+a*(gwDrU+)Q4vuksqDJ0(&=-TK=wHL5n7(gNhM}JzEbRZ2!?;2u<g6RdEUm^JT
zK5^TdZIB|GCW&_l>6obd5M+KW(jX!|%L>^pCi6h%XF9~swoR|)mqV}hpqiye|M;DD
zZqjjrSLj%5Wts^76q7dPhVMP_)`;>JZv7$1q$iuanUS)2D1L9u6NjyQBko;wNtbm<
zqma;SVbZ!;2sehQD%fBNQp!|HqaSeZ8`I3xN6BgRs~642k<Oeei6{?MXCj}?Ukhgs
z?b$x04STg+%l98=zWK5i^=H23t~1nsU%pW?`By-bt>*6a73%Y0YszSs#w{3TAfXPn
zks$5l*Aih3ZA_jokvIAcZlQ!OF_oS^ovkZ<U<QqCp(B5hl0`kWLqy>e0)^0|kyW{>
zlcvR`RkJEdRjc0jj_my+bJRGYOZbTH*M{ex_CFktS&q{jj}!URIqNX`5WM&L@CA4i
zLm@~w(i{W(h^a!AIBUfFitUz<`b0ekL#;ed@T?SV(!B?^+B?0;ZDWDj)+u?FJZ%um
z9#=Zre|zuS1bnv0Lo@g5L<DVB?IW{(r3MmiP=>B^vt$2x+;-WB53GLj|KVC7l+z$n
zbK$TTdK1?P*x2jsZj(ECC2H@`>-`RmclSFobi+-3Dih!&X@aMC6&4^y68>N_Y;^N9
zd~gzu^M)bkafO=mu#L%GsUI4U4Z3Qh*`|U%Qmb9sY|&GPX7NB{rC$1D&k@X_dUCA{
z50)kPP86hG^EY65!jy-0J0?R^nQagI)p2=fQobmCBZhTyAEX{%!MHk)+bWx2nuQG&
zYVa?LmUe^U@AeUMVkc!2@&dKi7Um;Uek(|=HB14TE=4Ax8!i#2q2&-m&_+tQ#??}h
z=55VQ^yQ5H{E##{v}MBRj8$@|p1j#PLt*yxj#|~&<rdMx5Q=lhv3YP*C4^JWD8kL?
z5WYE#nGBlfvik7_qiO@ghBZwvXd0$<Z;zGbN~vVDVgzz3DLZtG^&eMiFYAF{(LRiX
z8-RV<G5dsaw%}tUy<|K+D`rXlFv0?-(IgfL^}w1h(&~T$J@vFc4>Mv2&V3<F-HN{K
zG<q&@o-s%@sNbUzP51YtI`!=x6QhW#@NNmx9`4Ab^g=u9i;D2tkvkNmdTUPjV-cSl
zj8TASQFI0btZ!#hH5&x$nANX5H+y{(d9>hWb!*vhovU&WK7qm?K!rf(`XfUc@mhKa
zvQn>~^OG%gc#pv8R_1QGJ8?xc;lju$ac#T5$tf#Lh{*6HHnIYvnL;KLcM2#>HR(<s
zncF>q+6+8BibEf1yS?rNdmA$RHjFgf&7zf<3+SQ7!m%fjQ@6y05p+i35tba(eS!c-
z2Dw2m?IOc^oUt9Xdg%+&nPUCa2wQHlZ{VFOZ^E?0W?<Ax?Q&W#<4Z4h*^Fsc@BS~r
zFk`1y=rmdvwRDeP0{p_$IN(g79{sh*!2s|I<nO(u^oc-6eUlbJfTw(Fk3a{C4@x}+
zN2Fdy;DmK!-0ri8r#1}<8T?EX8w9mjsdSSWJarQq%yg6LrBiu>4h3{o?=F8O|F|l@
zp-q=R;ri6>B0LrH`zzOYXz-N!{VM4h`>EbgrG0Ww=HKN%TeLk*xizS#Y;G?9l@wI^
zty3D1W_b!w4Pq8udtXih1uRmbE2}0g)79pOT7o)D|CyE=UO?(6E%bXtRaEFj0{q;z
zqvRb>0Qe3wfPczg%Xt-T8v#BA0|R_3pTLH}r#?R|i+^(jz6-J^_P5TMZ-{>u#dE+B
ztEZ#vEU&Ukr1YlsF<4A-W8zr-q>(d4uFY#3xY!)U7EhE5#xw+ffHUJk>6aW#t1WRI
zyxRw=bn#jWYMsrk$_8eUUmtTic0|LZJc5MfGE@5%%j>$Dyf|6|B@Vgf$;f=^lY<*q
zD?~AClYa+ELj~qE0EMh)>(q0p{Yh9q%5W;SCnzvIBGDAD0@y{En}#Ub-N;AZx5A(`
zq{PxaB4<m?=wq7=TJma$oqmgy1g-W6#F$g@uv<N`S+j%Ka{lqC29rHSukMyxVP7}Y
z7uQR4CO8JflN$Mny>w?tZ0Qn<<d_PTsFB;+vk7#U08+ht#u+TsziE+6)-GutX{Gk$
ztH2CHaQk%g8h)lp9Z@o&E+=*)=*|1YU@l-za+a&tP4-_4h0B-@I!qRg0bSD1=nYkQ
zG>jZYY7nU|Ju+PKqeZM_84-ufZXlL2hKd<Ot8Ddm?Y*TG=N-BwjIc9GWGL_o+>fmU
ziM4DTm~@~a8t=u#c}7jw!Jw2;5vIK;-;*XC83)S2mz3D@Mhze5Y9ZE`4Mc=48#ch;
zvcY-vi9N@UOK&J^^#3MEpDDwbtski9Q~K6U`dbfWHQ4QqQE0JQ^|0ShZiPCgSYK47
z!)3G3wb(-kS%2eDy|RKgdvL)}SOf3<tSY5BQjBT0x34PtP1&|e>l3VJi7aiI99$_2
zqbZxUK}AUesC4bCN12*a{GqnWwL|HA5j01}k*l5ufwxfb4FuItB;>9j$%!CS9-C#;
z#d1ku-?E~8NK{7PphuD!oFgWoBCa{l=|>jNNW78>nW_EMg`bwaH`+3h2fd;!lpDOE
zun+ubd-)~Uf+Q_2&&uh!|1pnWJZ_sG>YzK_jSEpLt?vTuzO%s{FY+x4JB@!pMFZY`
zvIOg;Pn5L&M1?G{a?tT7=|gCAlfIzg{#OWDJXF*<YO4Lg$?vqS?ERs(A{R6g|7(eM
z!=X3_u3%L86(Vg1PQL<p=|{W)_UGnYwzlsm9SjUGm7GB4z{B$);!t9|lmRf(%f92y
zG(!1<v`h9s977r{k3QCv*n3&&zm-ShemB80lR%kGOwms8hJlU?n2l}fuuE}<%iaM@
zrNXCp*gK~bPG}}%w{eCiXi=9*<@;_+rd-ZLT5Dz&gB!fl)eS(hZfjj4rcl&m)<_3E
zPj9AWBKhp}$RsQF(@k{JdZukjI6AI^z1?eucTlwkT&}?+2f2a5UXZygz5$p^UZ6}$
z43Fu_5;9Rm%~8#WLxwy<L{U&-d9V;b?6k=0i7pw~opFqjR3ktQKM||rBi4XD&99oh
z<><FgC@mmU%MKcM*m~Xf)<PK9E3skKt`M$kc-O5#9rlpUYle$nU*J#KZIGS5enN!U
zFi>vFi0ibp=;1+bZi<SlDD@CC5nPur=M@S=@h}&s@Y8xN>t4Ki-0Atg_gx7b#7#GW
zt{}W?#%sG>5g<nB08*F8xE_+&H6@L&49@Ur(_1w4_GA^38<!O`O9F=r-;H@^papj<
zCM$3EO|cq;C{yqEyH!<F3kT;a*TGvJ>DOd?h5p66spU8tOM4Qg)oIVNg2Br4NsXrB
z?|P-ba0L%9ptS|pfL8Z##wNX*i%N`+oXMBB=3<J0cAEEbn;?(RL^LYWws|46Q}Zr6
zk&Ayx8~3H4viR0Dj?RX_K^c|1O`s+`Ecr)0V)tH~P9P%}ex#rul93e4rc|~sjXD7K
zz0Kl{7@dY90=)`nC&GXU>yu>~q1J@UOtuLglVlk#b=n>p{I8T*!v#LVcf(8RMu}y2
z>9mz|<DjbvDb36zRILl0Fz5|0W5{P%>MXHJv2qN^pQCY^nJJm$PcmcC>Rv<tw7gFL
zMG6f58ti!B|9zyW;$ZzR0Xo%c8jh$cs2`l^MNHZ7K|1`bCK9HQfdSMIabTceWW>Y-
z2BA6WrgQAacpaXCh)E(q5Fj|XFc=$k<d3R^Z;B+`7RjFjYQBC4uAP~qaZv^oKVLT1
zA9G%_9eX@4+Bd)Q4o>a9>HbE5ww$Tf$7>0pXo0HN3BwgULp4kd*jy>(@72YGnstfX
zDN;{DuI&i$7N<J$Cou9Q8QNyKPCzP9^M{fWRUHBWM=_vE0~4EQV{`x<DcK{wGs07(
z#au{A51tmdszY{yeg!i6vkhhx3SOs0?J>%ZxJe0W<fe=sBM%KdT6t?y7p5PphgxBq
zcIXCVHA$;ox{@S4Sg<B%7bO=rEPN5Om8+VyL;^M_*=UmsbDYi#rt=HuESQr(r>UA)
zEf>xblV;;sJjZ6IA#rww;l+t0)6xNcYK!{^O;T*FSa*5ccI%~v&DG#GrxLGV1FQ?m
z7e%FY5`v~7$=T#tVE+Q!fd@**W;qF?F0rcOxRXT-!B${z+`7?BritACBpMgWli)3Z
zLAEY?$2v({nmkh$!;Ts_fYU2OnI`!rU`D5RqKl9!!YD|(CO)sI3SO;oQ<mmjL}n?u
z<fACZ8E)LkxJ$;0qH<K)9U9PbVazcV+>`&2R=Dnsxfy-mX3N^*U(o;49Dx~AHGFGY
z-HQ#DYH1^b4WFFMn6|&{An5R@D3C{M`Y40Gz<zG*?zw+67O;-k`oN`e;ijp#XQtt8
zQ;$PE3H3I1mX{NR8T;*KgF9{>_hibG7(It@nH*PjO7`RwHlDul2b-_|H~D%Dy7Dsg
z0(b=g5&@cFe8h7>>o*2WGL^5{O{FVfk#Q?==I+;iPsF6TT0K-X<<>9-W~qvo9}^?5
z@--4~3jO1?i`F0+d-1N4SII8*)aaA;Ai6q*fp+|6D!mo^Fm^Vz5>0L4E;lWtA#KGI
zaw_qJJ9UKy-^ijGCGB2Rkc7}<7lWCxBH>9b_!B_8IB=52rusbF6AOFk!on_s&56~O
zW%NtNXeG=WR4?D<@}e^sozJ!<9lcU7pHhxs(JU8=;;3!E3vW#lWNUZuP~e4u)O!-%
z>V$|D5#iLcj#wg6jWUtT4CMZ<$!T+HF}b)Npvl*o7H?SU@|>t{a{+j`F|C9xCFq??
zaC~1=WNtV|E{RqLQ)ikBY@c?jDaTcW3PJC$vn6$}w6=(CbZd-ZYiml$`$=6+gx<C^
z;KOsg#1?s?BimWcp->W%4$IoT&Z>PWo5|V7T)R#^iCEg#>=lVTw2WHJ#n|AQ&C}v6
zuN|~?UQh%Rvpexwav-2ng$FGIDYhXc+q&~0jv><JcgHFNn`E_GWm`hLz@yp$_9G|7
zkjNyu%~sgk#qb=#!-txtW6%E2S67D>rkVH<n3hr}4|8O$CQF=rBx8^;$lq2i@g%zz
zl7b3P8mji?hL%P+rQGCP2dF<MtCEJy4lu~M3AsFr#Yu(olI<COaAo{NDc3Uh$@MsN
zo*wt^d9o+r?G*80P4A?Vc7&+$wgu8*H{wU6`vUvnPUz;lWV@VELmpAX5YnQK{=pRf
z;80X`jCFMpl~OAyVg&;~g_XKySq*I;5J_J&K?07T2!+!sZ`9#HRN0Zcqa#AIZg)5_
zZ&E<p?D1%&dA-?nBS5sXl%X1uM(D^Rr+)Igk#Et~te@{p-m%=eL1%}12vBXor_}uk
zW3hgJr?@|?Aau>Q?hKYx)O7KNeBxCm)cLKe@~vk{>c`fa*U|yO=b?I-&Htn9oq{t9
zyRO|%I?fZ@w(WGsw$ZU|+qP}nwr$(Cx%1UuwX5E5{|Ea$Tqo=3UaQ7E=9t$AnhJVJ
zxR<leFB4*y*%lcb9X$z8As+&l^~BR>T@<?3v4Gseru^K@M%W||<o2;$rteq5#lz_d
zFxRv}i*H(l*-35FNb#s{`{3j;=~ceCIYG|q7S;BpF0=J<zm7}7_Wv`2%p<uSE&ERX
zC}T6oa4}$u&VDM?lJbsycvN9Lm0(vC=2}0S&x|C<gMs6+nBS0gZyP<wPpW>$(M~S<
zRTqr3P4<Y4mO+c(NbLg`ex2kq)@`CHn;ITd3q8=v_f@npydX9Ehn|h`X%$Ga-KW%<
zAyb1b{|eSf9KELkA{&U?naGX^v!tZ!N=OlUZ;00$tKM37ipScm3LINU5IX4?=c$z&
z8sqq6%k|6T-vEeLkK`~(n`<hcCV_~`>|}IU=L-Vl#{nqnZRYW6s9R~uy?F4!<4d6M
z1A}Pnq;wF+hz=xNP|b!=yC3xuwaJGe;D00YYkHgUw|_=Eo=CrbvHq9drILfG#s3*T
zC#pcZC=Q~0SwGoYv!)-k)tRso@F&!)64L?~Ap)la=%D`g4FCbsXkFc~NV0NT-fV|x
z%2O<B>cT5Av4n4&HM3ku^FhW_nq4bytZZE5Em1zN-(GJ1G<%=!Y!~~`B>#+?$YioV
zn&9~UIG#8NjK+1x?lFDo2@Gt}>?NVq^rfSCsq>@y`S<LYfi9D`DEB%tRyps2ZJh8U
zSRtCV3)<TgO!d$(S~>2rU!YD}=C%G~)<%GG4mm2%!$6(Ho!y{F>&$DFV0NZz5$Rnv
zh-jflN*-@n4y4>5+dtoP@1}qB319aR2!RVbN@o-fyb{QBT?rJqp#hCX)dlPetptDO
zJ*Pz2qhQP4Sb~D1a98a>V#tiSi2H3UHWd|Dx>th83>#U7qehtCiq@=)3hl=VA%<xn
z-8SS7MrzR{&6aL$E^XqRX_DlYxIUgm$(rA*E5s!?(pX=e=3t08yBni*PbFH8^Yc)V
ztZ;FvWDZW>Wktb47GCDoueENwZkDgB3ru3i^0V%B3HFJd7T`vi)h_YT6b8cZBwo$M
zQ}9#{!%T*d?jc%Wu{F)vDKO)*wDcTRpBC;e3I5@sx(pe5R7%a|<!Mwt4?iW$5mXI-
zG%GEMsrPr%r%y|wuO^BO18FQk#a-|ZLJbvqpW{O?=}tOB``v4!XY$h(Lskgx9$^xp
zLyoX{0!tRhy#MHpSeXW&FQakalwf7>V~PxP+22vK$3dD0Rus!Cn^ZMb>he(F=Nt#R
zaaNE#+6U<&mfgF?UZWeD%XJ3;`{p1YWxoiA8fhEp{FO<4H~XoPj5xgwVHiPLlBclL
zkZ@{aHzy>^ehKxgz_@Y(?kBYd;BKs0igm8;IA{;)5F2A-LA~<ZJe<as?D*gsqeq!=
zr{>l_wXhbX>veY}?mRd+HVpQYnt|%&tTCcUfw=FTN;0O3Vz_me@|7di%ykgMI`VTY
zyw<i(HY^oG-u%EBq{tw0X$UlH5dOwF>sgMo3Rt6#I2r-oMt(V1hA3yC732l|t<vLn
zEF0pqPjag=Y16=(5kjTs^)4~;57-YeN%ry*mcb$|b$qia3OroWQJ1j{Jr%Z@p^xiz
zV%=Q&>%<2;1rWow2saLTNJxT_lvblGIA&PWL)Q=_+4&;Fo~@WejxtnOSj-$L=zF^>
z(Q(Kf$yXSpWaC#Q*ypn1jx;_IQI{#61klaJjjA$dOggt}<IONK2*lXa>&DrOUPl`R
zK}b>~MBgyQgfbvd{<-=*a$syB%*<dHz?g2cg_sVt%y!O)+jiUs^_Y&VpP|)t^CE;k
zyl%h!{UOWz$8LYvWi~Q9<cOpKVNz!E1;guVXk70C%|$5UQ$FHT9Dd$mVz%DN^%Dcp
z2s;r6(L<yt;AUS5vKSjWHt@>4Z&SPd)>ZRh$XXDhdk_k8_;|MotGgeH4R-&TQOkKB
z=EK)f5juR;%~wP?{Dg7KVV~v)>auS2qhU5(;I5f!%q+=A>zh=D0ryA@qjH{i8?VrI
znSmD*pWf#cAdYw3obRmXy8HS9O9-|h5es^!vcyw~mFjPzLaD1r+-YzfI+9^U{{LEW
zO~*Yn#H1O&zSSD2@$S(oJ8&P<*wCmvV`JgftmgO%+#*XR3HM8P4G2>btLD0ES&-if
z9z)GE_yY4Kse}o^SDC%F$WDdf*d)~O$BZa04aDqUTIn{aC5_+a)R45iaa9Ih>jf~m
z`U!FS!w9heG?LH9;XdPLpRVS*U0l8?2{?Qj6N&H9V1E4-ogc6RjHX(au(uWT6EkFp
zbDX|Onnfu_q*;Umw)nB?sF8w^)btTnPYjEa;Zm1vOVenR1|zPt9o&Tr>CS#?oF#=S
zaW9q(o*~N?YXu8n=H;PSc@y5m{V9WN2mHM4nm4%!;rO|s@<84ms@y_N3R;XpPO@5@
zLQe9$_F>ctR#}8p2^vKsfe9MLBeV&+7;B^lhYLD#M%^*`9mFeHQWPUUt%gMOu%`qH
zjsBJM*cHR#O;!>><uj(V+L0`)gV{{Kf16!OW%>1>TeRo0rwPmM)*6$L6(UCW$6?zk
zy#7YgP-Fm`F#&=>oh=BXecOl>uNcIB$N@W_xGdJtuyKlQZ3^Nftl~d=ltqo|5ak}!
zch1+h-GO)GnaW@a7n!+=wV#qTdmvXhI^zyh8<j4d+aD8W6+Z()uB?W+@OQ@^lu?xA
z>;fsYAWFy^Fl8#7zUvM~H`0M1Bal`>5~LNw%#cY|2;h<GfvK9*;b}_cn{3z+s>Vn-
zsbqqy_Q53V0M6)_;}Qu&KXJ3DflpR<g#~Vsu#|FWG+;=dQ<Bf$T-v$eq<qRN-#S;F
z*?HhxByrX~?U(JGa*ec0^?<k^vlci7!fx*3UuA}s$?x1aUkRUMbm!qZ{M2Xn%3Rjn
zUQjfmiyx-9+>{PxzRL!09YH{+DLzEZRnw(NS{>fO$^2D-rq!e(-xkK*nHJC*l%pAp
zWXmIS4>mCr335O>(LZU@LvwIxX|Q+6-OYu*M$ddEY{RD85e&a2F>=)})Upjy7QVZr
z4+O-S+(b2cE3?lOu-RY#C;Bf32>MFG;SlT^;zo?C*mEj<n=MeErg^>y*jp~r0zbg!
z5A;kt2a&}Ee%!qID_al}=7pAfFD`q5Ty>@ZNjl~QkYjB!Up6~O<2)_sfb1%|hcUQ?
zKDkQylTMna?cd6>oTIoO41o}4qpi*?I;G?)imdU`n_n=A1TYHIP>=RDaR!Yf=#Cun
zJ)R`p5XJ-VOD&%LE&9>^ukjH+yE90;GqIvc1%t8qgJCAXr&^zL2+$vE{$*)&et`Q7
zh#pKKxx1e;*NA$!GZ#eL&L&t<MqzPmdXg3cP<SobFRU>j<zEV5u;5w#^9mg5RJ>%4
z5JsUsqLqo@^!A_ZMvz*#e;420)@(C2Oz`+j^ZOHq8Mww(YxU@yKs#XfjOUz=aFLfw
z1v}j~A(~t=-|3Cn#LqgWuqtwGQa8`B{k3Ilj6kl0TfG2{MC|F=ZNjTdIWCEeueY5h
zB?`vjB#wr4DyekZB}rB)i=HLf*y)^g3IyxfXho7+a7(Emboh?Pi1!L1r-dy5-wVip
zLyT~|l9w)lC0%3Ko-iaHFmEpx<$LAUtXjuy%`JB@8BuI%E8C<_*Yx$<By-mY`_G{l
z-~-Px4Ijo9!`dd_cn$9=n!eo(kzY~fw=zFn^eg_}x**?2t=<F2$H6Y4gD-|_?oxHB
z#Tf@z#q}G*YL3{NH1-D`P0eYI#gV7=;Su8YbgA#x25$`vp6V%Htq&X%Z3eZw^i3%i
zH?e$Z^h!|ZlkqEKX@>fe;I;%*U77B;pc$P&xCK!yIB%Y1PGn&oXMxVWy52p-tm$(>
z70k;Cs78fvx)aZ($1wR@#aWyY9K4Q8^hU1>m;L0=rM|i@o@W`l32%zu^iZB=leo20
ztZKgHpub5lti<?22g;Qx`2!UJ-HLub1$yxZeA&#FW0#B8Lo`;^mo4n)??V@tO1L)}
zZFqcXRfch5E0fHd(euO+OVXr;!M*}%f&8UVxTTne@|OwgrP#^zi2<%~T|M~+<w3H?
zS1Sdn4n3)7bN(sM5Q<BNjcZKVjqMr^>D<tEn<QED_M4P40##hY_Y|`z%k>6s3ZwlX
zbm)P@j@;HS;;4a`T9VMBjfEa;qAz);uZI6Sx9RptT&nT2J4yGGiu(IsN@f)kLn}pH
z<Nt7lG8HXl7XHF}C2>{BQsF~{(T#-f;NYVqq(CspasSZIT|#>445~LD#N90CH;F!e
zd;5QYb-jQ_kal@IieMOz^U;eiuN5$HO;1g6&!=8SXJ>c)N*Vf%gld)2;*$;r2G}s`
z&j}>}q>tzg2!b^~9+hZCVzlVvPsgM`3uyBgjT}Iy16Bh^Pym@Ee~`-`)rE+$IuPOK
z{)J)VTHFmRJN=$0E2G0Wl91b5<vx;DS_yOa)sAga<aTh~GwX56Q>TFvBkA)}K-mR*
z9(!buLSz}%X_HgC6+}pxQzcbqkP$3F2NUP=NWNZ`CvNwZeTs^3{99XWVYeI{?j9AA
zh!;5b*Z0CsQ3kvA#N3Og`#5c`mReIVIM7y-e&P%II?xPREH)0?jI@zZe~ptQ-<}Rd
zrFmJ)Iw3h5r5P=0X=zO8cRcEqp16Gt%|?GiAO_7<zW?s*x3^HxsgXFBJSfbW+{s%S
zD%?~S277Y^6H9|Te<d3yLkitTCE8OqlxTn?7ty5(8Pypoi3>$R0XabbmDv~PW~P3e
z@>amQY6igYkaaBDzrJhxM-xqKGMVvErvD+S%tm^wxHsuBY%aUUHozt@9VZV<m+#L{
znuuA{Db6t7sNkn?xQDl3{U5PC1-rilaiu=ELw+!Gzu`k%GVe!}l`8aU@P4q#Dy650
z5#GP-*v&Jm&yWp-h-#$m7!JX8UUeq$gM}~LB?bc{I7aZ|)1X=5JIF$}FfVF7kZFc6
z6v;i%NlD0hRjJYkoMLm?(b?%7IF*n&rMkL;_tVZK;m)uBw;t{PTYXCP|Nr0`Svvf$
zS{w{nxc=;)9SgpnOXGi$T>hUI@jF@>SQ!4t`7cy?x5rY!;8{-Ui0ZJ_8<gJTPGdjN
z9j!x2LzO3!QsAPMioIBHiX&w%pfa_jN^BT2OXM`AkR>mKTPu>qKZF6j7bS=mc0x)k
zpg|}9_{9VO^aBJ^b%VO|Y_7~2lPm_s{EZx(pSP}EyX?E$->=@$=zhP@7kREkq`>J8
zpxKCy@Fn+$U<)7irF2NV*?_>k$MCNO0|20Epdy~Kx^Fe`t!}Ek2ey*EL{LNLwj04D
z?7RMWwQk&J{rWEn4Ua7uuMHjVl03XrFn@OYk8fN#xKI1hZW8?H#8Zn4$C&0$>!Gsl
zcO_i9farFFI5HG(;t~oa|Gq)&jN840VQVShD1mAt$-d{g2f<-S0Uow+PLXazqD+Px
zY_`OU`Vfe!3Lh+i9~o$hjT;)Ss)`#XOk747<5T6TmJOvmi8*Lz*z*eI8EC$2<dpu3
zVccq&Zy>H%P(=mXx4BXmYU~oVQhzH`a>q4=WyO&(Q<)mLMMe}xYs_6d8IYP@!k1XW
zT_D{&U_z#8B8wS4e0gvdrT42-8x9jMKARfJ^K!-Gnp3ADokXD@nW&DN-7@f4nC6!n
zP@_$$sgvfWLUJHPVVyR_*7l!_8Y5D8l4nn176E#QKB1{`7Aq+cpf=WUUv|`JavFJH
zwI-u{)m+{Xhhhp-mugte$hy-NJojyRsAvw6Ju*qe&^=QH<?v1Ex0CX63lO$=cE;wC
z^v)<U50P5BJH>0<8{|5X*QJOR;v=CeTBH62nG8fJ+8N_J2}X|>zC7loLC;7HsHL-p
z_PjCLiNv>JN5Y(O5LpjB+Krs)vBH5UCyXY8gk#4Z#1t5Fh{UA|D%S7m18+6hFEYJ8
z==vHOzIkTMNln_$#$=Al>KMOo5FcOl_jt^@v?fT#qOI>!7%#sBS;V@>J>iz_I3+g}
z?7=#euTTW9+op%n*u9W9mASzGro0-;2~%(p>Sa^(K-!kSu|(PKr3Kwqy5;fE))7M)
zgKU_robqg?E<GD7c>!_~d#;9B$&GO4nERJ-71wy7N7F8EZ(h0+Oz9O68n*`%|5xYM
zA_8<J$vYxDfj^53;$N?f(g&beiQ7kj@n;!hGv}`k?&6qL$sKyDQt!0V2e7eX#vlji
zu~J7AH1K(qjO1xojvk@{<yMc7FHGXE2sLF^54zyoy@4Dr=IUdJ6%v&0fpjR^@)o~x
z%B{Y268f=|!aW?dcx@Eudvo7Pwsm$;)=3%|6x9Hm=va1X(w4Yp#Y1t7R7|~v8i|zL
zmmx~7?uk00;maDgt*kzpDN^p3<H@u#nhb^uw)iBgxrH|@TQ!Sw67|ZAVZvs!B>4rC
z(z^3Q4i#$*5`kWGRxo!XmkDOv*x}5|<||ArLaP+F6x%3b(^;bR#J}5<PMd0*?NP+@
z@~vv4?Bl-v!0Wuf!h<sOoq|N6#mTC_z5_I08Ii2Io$xB>9G;b!VF|0u2ds6ut<x&p
zPh0Qs>89pXp!c2o&ZSISH3w!8<A5ts_6#K!)VwNBexTV`&)YMpwlH+}xFlAzi7hOL
z1~Q|DuV8t}W_Ih5iw3MYU2@GlkQJHrzp1d$|5<nOA+Abpn~&Ppm<|ce+D`EpRj)Hr
z?UZsiYn0L66go(b3!Qe-6&8zyXMC;+zp)vF_%U&$lU$LS#ZVthX7!--p0eCwjB`&(
zb9(=_X%8xn%!WvRE!-P~a-F!DBAT{;cWd{o>=n6q#dIAI!1d(s`em~*RBYLC$35V;
zLk#lGVr)5kiH#*UUYi{RCL7JuGA~y|@3cd!VO4Bi5^QH@X-iKI`_sV!>f*Nt+);lC
z(;KWy-M7W)9**Pgca6&v)mej-!uG=1VXR5y_;lcJIHsl2iq>96zC5MuRZ?b$ca@u<
z*cEO&)>wq!c>eM%$)`)YHD5)5SKWg?FPem5ZWrM>A*{Wl_2t}dgtwou05z-k!>bY9
z2i==02KE4Dmdv5BgM@~2K%QA)2o+L6UCt~51s$)A!wt()p@+nuRP(<lRjE@A%>Sqx
zUyr3O+@SQb*$R$cX9z4CK(-BU8XPRmyBmCvmffADRHe~L%!~3ZCZ{OJgpbYfzC}*U
z%iZpwnhMzR`$op(S9!hr1H>|tP9n%K$Dj}q$*jnH!+f2kJ28zoeVp10J#i+q;g?(k
zNw*GELBmOa0dDar#hSc|-dYF#Y%dJPq6!e_9_=9!Hx^QSaF!IfykSF|>2sm&_0~a@
zm<IVAFRJNSpFc|-DvMG^ZE5Vb#~eR!GcGqqq{>60mKsJ@9t&Uv`z+UdUBY-BVss6w
zyk-wxRA?#mVNp<}0!3W|&NG=_zl4#>CsFKaGo^+ZJ4fba-W5iH$<zf_;}-d~h8+{7
z%Q9^5!8u((8>0u>ut&H|htR_|8#=!6q(bhV*ytKeoke=+B_Zk+?CF9QeB*BN@>~7|
ziRK$4dY{e(*t;;gdwzV|2Jstz;QPS*%iRU#yAR}RvU%ZqCFdGHgzOTBYhn#a8r;j3
zOassjOhE-L*T15*AGI~i*jVfEzG}m5F#EeOZpX5in1>LPTIW;ABBgKWYl^K#>_#C!
zp6$|)0;G*c$f3Qna?A9Egt2l<p6`tG>wS0z;OqDBt0Njy&Oa~@RU#1FvQL6`DOZC0
z1og2+;iX2Q#ERE)1AFiU*klMu_=4oNX$PNISD`}03wV{|sfFXp!7kwy+wRUadJZwZ
zbD}uE;s6xn5*g}*J@8E$tTT0;gP4q;6?FY$^3K<frn+akacXX#!lkgIc)N%XrXStG
zbS4n&&J9N4U$Ag3(4-!ba=23k0#F5#1_DYu1Ag8IZK#eYpyia+P6c^<ZldOoDH-oU
zf?`qoG6&T`W`NKePMvP4?)aaJr%<Vd_->(Oc=jFZCpMY9b8hAAMy_K?<4*s50VmIf
zZ=nBN+LAc^gMs`beUuUYt5%i&kv>0#fR?%rg1Qd>TmG0kU^}9GOVy29u+Ecil2Sl=
zA_h#7>Ow2!iqXJ`QHH0Bv=fj3Ns*<C)j8JJUr5dsp~?ceQj*_6C?N>?$>$2)<tVL%
z6+x7|e3Tr&%vxvd8%K9@)vsElNfidey?bvRUvIr{b6tNwKXCo38rJq~K_KGwK+Pw?
z-ebg$+Z|^lHb9Rjpzx;<7z=KXO-elUkF>=jwOI)!N<pR&QSulJc4RNw!%e+bvdu=*
ze#}MGzR$(fR<Z341MhH|3AWxLz%#q4fs5XeL%2@?M8Dric}NKUA?T0i^}yPeyG?-0
zj@!rdSPm~1+G5h;rfT9Q(^Synz8<ty^O_F79{>1_Lg#WTFngZ|$F`%3LRb0{3oN4{
zA=3`*eGtQ&8;s~?M~vJ!e|sQW@5fSUG*|anuvtzv1T*&(z$JQ)g6gcsyt|dqezEVw
zjbJu!=|6$%&Nzt0Qn=m}D;+l(6^-#}G^bisX?_!fP(LcmC^%HYlZww5I%BjHh~$=*
zR*^z+mr&!k_wUwVV{5Yf?>{=0#x#KritvGW;p3N;oY<>baHJ?qrXn)8M+eQPRDoz7
z%x2_^sFc&#n5;SdeBqHL5yV?QD&i^F(^CQth{1_k1||$l+<F1`$%hoHaQ)d^#WBh7
zR@_?OCRMQAT;D|BMEEdAEkwb8>zx8d?sg?2c(&BVM1i&F(QL=`O{5OvW{WiKpQ00@
ztF}xOBLJ>9$b3J_<Q3Ma71+5dQ)0@RXv&h2Pyrb*t1Xlvsk2fCx_u+^jYO3X_)Reg
z0|^2<Vh;K+Z0)2-h%!?m-IFAIJP9l{1#BvR-^2^Yay2c{%mf^k;dusqYt06g%D*3+
zx=S`xeVA<qCjHVdm5dwI0_^~IgBNTkbCX^g%%{D3O0A_E{f<0c%<8h2(4g!+78Ek(
z4?uOfi$K3v#vDC_x@^6HHZyOMIJ$(gnG4c8vPFkt&Ol3cJu>YSFzCz;suA;qUQ|z2
zM2w%MoeQx6#%XAPZZND`>5QdvSZZ8i)lOLFzjrQmH?V>?Fe_72tQf?L>oW@#hU#6*
z4AkFGrR+puUb(x;E+YME849*q{na;BLE8Iln5Z^<gYKAKRIruP@d$)Ro=43I`9W|u
z1We2-jxF`gB#2h_Y_nNiqU}N3yU&<kKG6joCkvF=dN+i_csP4}^SFyQWFM*6t^}%+
z-xVWWS5CHHbWl#7aem6O?ec$8i80WFs2882ONot&B4;iEjOAX$@4pT_iC$n6ib_JG
zD-W{#XkrtK9Ow{g^jQDJ`GBUf4oyJj4;F>>+G;>iMjzF1%b>i5#f9?aYmh#;@Z(A~
z`_R;OUrl*j^WPi(#bdEZrVB4U8SB7driyd*iRk(EC76Dc?@4>VM^{gtc9N1QM2z1I
z|CV1q0-}s2CRDN5;He_32+vD<<tjfnRy<vn4+Xy)<o&kCX+zF1?YF}fr)u!F9UP7?
z;{=T7eM42L{hPo0el8k^SkH4^EfM;o=AmrcxiB_pA%KsU`1{L-RIVCUbHnYx(ecub
z@KktW@VJ#QCRr$-f&(Ri&WmdQYC(}9f0l(dF(bBPPmL=kifOatU`#@@{!~mZvh%^Y
zE$k|5w!u{uYSFi7V{-gPG|pPK{2n~>dGmCdTgocA(QQlnLp3p0j2^(%nafQ7=zC-M
zv6*Z*rWfk%DZF<#AN2RdZeZ)7b}yc6F3Zwl(fR=VFU9+5dJPga;0g+Ur;EdQd*rh!
z<I~BdV0CAWh$n>UdUWFAPev<Cy|w)ju&F{uY9*v`V%^HDO-E$A(Ub+MEMkU#pLQ=r
z@B=jVa$d~77gShZIIbYRRG>fvtOKXRKQ%rga=WWDzuug=KmPn*+)U(l&Vx*{{$qd+
z#sm=8T@86ff4wMh*&wbL-?`w)6A_v#VpQit^2%{?rI|=ijKX$`TpxSenk>#F;<t=>
zbSX?bV#QWP49GgOA7JRoR$fI?L`9s=C%1Sq#z`0!0aQN6o_O7!I7B5Ct#}5Mpe7%V
zEmdA)qd4&kY6n_PtimnuM+URn-EsP0+T9+~RH!ko`LW#6Y>f|_Ka4&3^+9c$Pi5qB
zjdW7|jZFXc0f)b%XC0Z8Q1RTsZrcGjWpNFk^0Dk`b=qK1sZfb)lTUiR;1^()yUOHF
zQor3@jwg`uIZs{Md@84C+WU~3bxL<$ZMehL!s<@Z9aVNt^)huZN!Zp5RfA}r+%b8b
zu*zR49CoQ4SBoW*#*R6B?M+RSC(<#Ku*(*8nR#k=tscZD=8|A0Q?=S9fpKseP73YC
zxCNN{Y6$WUWXu*_gFdv}29Cc4kL%`_uXo5sbj+8nxJ$z7EqYf7nQcsVWxNa2^PVZU
zsF=)-8uqZg3yK1J;PEOB-mq&&kI}u5M?mroTStU<jpa94`;&LA{x_SJ0&<2dx640@
zehT%+pgLT##L9yN;+Dk3g-DhboKC=_bVnbc%b&y^{+S{8eV5=7)9Ch}ys-GC-YEIH
zNhYxb#CLBp{oid^&c(7DXf@v~ni8DUF=}<KL@U}Zsi1j|LAiuVQ7@$yjF9elVak`3
zIlhl@RM{iA5j|8#g_51IePh-0)Jqtg`5&F2>7;hjJ=F=gtsCv;ac`v<PnB@wDW#m+
z3F7^R&CM7tKE6q<haszX0ypJ=Z~@v9BI$-Qv-O4T9-i^+Q8^F*FhSTlorqvS+?to0
zyEhF*)h2+Sm;+IOoE+9*L}l&%Z_QE6iym_g`1PwB^VcuI|IWAhKbk|@(NfRQ?mtZz
zRd<hd6~}K}jX9Yl?@$F2+lq$LcxE^?r;4sP)+nSic4=EZu3o1NcFW|kyXh!Dt;7Rn
z-HP0G&Xu98%^cl|2pAiTz(+ph`IsL_X)b76(ybTZ$)IC(XsHuw`~Lltdb}wkVft&P
z^LWF3s`WT)ndcAB^H{tLP>ZzNZ}cH;FdKBdlHHpSSiFT@0nU#^*yyvH6xitVn*dn6
zrQHfxA)KjGdXyfKn*#ph-!J5}ATvJ2A1<6epDiWhc+flhE<-(J4#)98lKZQ_cmrjy
zT&8;Ny*x;LruXcDDte)TK3KE>J0u=jrgWGu>AzTapuxJ(dq_RR9zW~w;7*TJkYCGu
zt6y&&QEp%cyGwz;lx4n>aNjI(zG!{AhyS3zi2VLW?or-c4MO{PF)sX!g8kkbc6R*A
z!rNA1@yb#EmR0d8n2APt3+4YVo9U)_xQ6;v%>9-<`GexN+T;CtyAAav^9%g88|VX1
zi{XZ;+ovT2&)5Z~bT6|&ogiAfBj^Rd00PtO1cQ5dg@t}`a(=<-R+HbI|9rA@(_00^
zck`6BUyD?0!kB~`?L?~o`T^@(eJy)^RpoV+WC@FG7y7{Noa|sU_sUQG4?T>8jM}&R
zUe?=NMf<p>hka#ndv%eG{3gqWb({nnox^GnI-zD^3wuQUc0jcc6J-R!x7dbK0*nZY
z3b{g4U1x~Qj)My4&tfXZ;m{n0!;YdEar^;4p|?3LQ*5Df@ExV$p$mpOsizvHQytg8
znxV>#tO1w2m}B2fznPCi4(iYc?xdNILdH8Pax-gMR61hDQ;fGo=%pii;yGxHqv}Kk
z#q5wnlSL2id|`EY#z?n_JxY#Ro>*yQr&yK^X2E+-<%)B$g37MYg^)z7h)7~fIK#c#
z16k^1*^Pe>$WbKZ&q-O5R@|85Lwmy&CIqZmk`V{_XYaGBR*GnOw~~~JVj{!xfhSv%
zv?x^Ub>O6RtCG^5mvS^EQd@c*H&9gl(E8$!_whPCt(o4;^NF}P5s~X{^9qZn47Alh
z92aR@=?hMb<~lRxETe<Vot!gsoHIYiI`~ZirXoGD;0;K;#u(X?F~;0OKeHhVJz>K6
zVoAl<UgC0T1EWA<#@VaiD1kG+TY{Wid;*GOOt<ptlE{doC6?ad2fm1Ok8F0zb76;z
zhPN3gRI2XAC}xm!2G;7DqdMI2xDpXE2V;hs7+Mj0opKV^4s8s=gYwF|szwb&Y|?{C
z+gcQbB!j<b*GJU!#jXV1Eu|4(_UrfRYBi}@MjV!Bq>?i)gX|Yi(C;l7z{^%ehDDD;
z*9k7i+d+G`ab?;Vu7948&_^T>_LjB+h8zR}e_1XvNoEXCAQd~-*c6AN3rh|#nC+$H
z?Q<eKpwI8NSQ$8op2jTiTH%n!Fb`OZM}kO}qRjuGu&EO{6_Ug<e-&vG@F^sXLkTFS
z$<vjqnjDe&Q@|iH8Z=U<j41_G%)XlO?HlT8+ce5&L>yIagcc};;7%Lozu&Dg`ps<p
z{_Mo@7s=eKn(q0#JX`hk_4_l3Ijv54X%@b2E5=-M6(0*`)nLpBvONxMn)uKRu|hpS
zyqSpf3*DNjP)%Jjqt`zo56YCR#jGlf2`)Upu&iZpVEs0Sq7sqiP@Uz{(XNw%Z6q?t
zg2fQ)Djk7`4MUBGGA&rBC}QY%AdiBrw2p1x@(o)JkmJysa2ZyWRj%W_Eh{4PjQh^8
zNZvLr=ogD`S=T>s9?M+#&nZomszD;Rg1=ghym*ENDzk^jey?Yg;%KKu>7+?}t;KK;
z!iud>zzORIU5|UJ_b)}|9`vzou8h`%1`bi-X{@rSL%B_ARRqVd`=N$%Wk8)@-I&R9
z`MY`xnw5^3X_cAW$yiusc7tThT>DV&R&pu~H!n@{=5`KC?iOQLL5{0We<cU`gsHbE
zOQLLlt~STQg~fsTq|C=NMMtQmRNnc3phx|r{wgcvl#5wJu33|{cC&O+zKiCC7?e#}
z_F;z_=&-7l7$~2>xR8;oA_{mKFO_^o@DW9Fp>l9jv_PaX9$ZzQXV;2FUG3&_RB{Ez
zN4METyuLK9(EZ5XM1`$=DP9iRvIS5qA4}&}`gcUlwLRcC|C0%RoO5%={P4b`d*=wM
zSdre9L|ce<lGBAcxmDzy;9abu`a`pBOEx_Usa8;4EOU9~$$kDZ5%(3R`)?48Drj(Z
z0<&Avdx(OXv4Tz@9TIPNF%Xm8a4b|9tJ0jOVPThl(P~=>4w`j$f^}*<@#enikxTLB
zh2q3HQF3%&oQ$V_l?JPlc!xOl7rzl{u~ZX}AqKLSQm)}~LUa^I&gZ{;4OCQamgYl5
ziw>8q#N-vD?36=>1ba|WPFvP{F!rtN(#866zA9V?t<u#&&Mkwh<ybNgL6m=kky|UH
zf@Xv)*S|%=djUY}C4nF?^%eKs|1gbGkE|D0M$7);cau?~JM4m+v?ilI#KMGM&Vq+N
zgif5hzFwkeYUi5&Y`6{d4Zoa*7m^$98}eHn37DhMsZtDpp7%>7OZ?_+t60o>ZBW8f
zM0J&VxeGm13+_h;tAQ$Sw8n41bl#DM@Cvm-X+rv=9>j*wT@J7g7ID|<!?pCkOpUDN
ziEh1b;li^&4v=u($Xxwgu^$_pr_Hjxtq9+~+~Yu-UUx}+T7Tl!tp;z9s5725%G}2a
zx!jrP!eoiHhyN<Wtyl9(-IrIi$8JV>P-taCWWv$=fVyftl}-lf1m$(Nb|xkinaX>k
z=0<?s5*<*xxi!8y{xe?Rf)FBD7P^!bc=}gjO3!q_9@ViPv*Nfl=ME?>Cu+GnNCobG
zZTWuevcn3znzMY-N`<O7-6p$ykygBH?;@P}{zPpQ$o&!K22la>5jK&EFW2u<vbQ?P
zz_F#yjBrvxl~qJeWTR8@*&($hEv^Ogtq0-R{KfG~PIIx{R28o=vOfMI(gS^qspRnB
zG*gi1n5t+tM**SN6m!ToOm%CW5vHD`B`+k=*al_!a~{I3OeLnfjZm59o@efkfjOhM
zDJk4UbxB>Y<m{hn*$A@oy^lJ0N8HX`*S#tec1N2bRHVj~?&W+F^)&L5l&<G?lIaGW
zC2rNCWWE|1&uf}<&Mh}9Al^$q{h6B;=3IKj9X5TPJKlkYt&d65k)(>L1ez70oR-iI
z%$$&5nuA$JFEA_zN~36|jIqS;N>CsxiLmN2H6Z)mk!MQj+_-A(V&m~mtYW#4(8`2%
zPdM?2Bigc`Kn8)WG$lQ|hy{Jrd4{3b7Da1_s&Crc3;baO$ifllg<YNf3#^uHo~Aoc
zy#r<ZhD$YSyC3X>H_ycf;n~SykMCh0hdsbqVNaW$YO7z>gD(HjGvOOT#wBI;*~^Y6
z%sDUQPd{=gFaHTQ?OwhM5ZVo5R-Z~pXN2($6t9paFTvtV0my9z^Ny?OfUyA&FIoC+
zUc(;AYT&d4co#m;3nR-{UI(mpT>A|R*UXiUNoQ!Q?H|YLq6yBkZ&VkGYS`{kcNf<;
ztlRaD$Y2l0j@j!wFF;!=APL=Zapqw}Zp%IZ)rBl;5N`*L;u@$uqsI2=I$Au{%U^@B
z!+tz4{`WRvfAe_UoCYPzhnpiIo=lvu#JDckRXGM>?`2_4iJ@I11MT`azt9iykp|l$
zyS^#joa$m_weUP*$NmQvOB0>s5GG5t!!^(qp7?@m{_w0;>g}Wa0nc?yloWxN5B;YX
z-plN~V`;WLp*h%60OB>+f=D?rwLtt&{=azcizG0ZIiItk*Cawt_Eg%o_7G|5M%uRG
z5L#)8e-73N&35X0dDS#|?n`x*01<jczz5)sOq569$gH$axXm@(#U|fnmX_Bc%=dGT
zuKX`gVfw?$+qu+~tob_J9ig>Gf9G+b%9~5sZN)!dkLkYql)QP>@)KtMX#MSmPUD$9
z4ToB5M67YukfmvYIeCMJT4fklS{?87;Pl?C;aLqq?R2(-QY#DySE2Zazv<D);Oh}F
zKd>0zo%5oZ?IXBX|K9}qL7WFfuJux0>%>dU+5<(b(RuzGPgWFrvLi@$s0_^J4eqle
zR8~d-!5HfZAcYv?sWRupVUu<=d3HQ7&cB^TBbhgpFA^<JV$<o#*BPiUTNIoKY1?BH
zc~W9%Gmf0Uf5fx3Auca|r;F&@4errC_#r-Sq5%0AJne|3i!dxxbo7e!$egY1g?{G?
z(tGRH=*F8u(ST{&1Hn;Rv@6z7`-&DipklEC_4x*pLJzcjJUf0LIEmgnb^5Fzjw+k3
z^=`g`*V*ogUVmG{gjHXI{MfTFqO)I1A38q?w@NE2$d_yet0OYW3;3OMcl8_nIhkGv
zbL4cTdW-jwv}$Yck=<DsUQeGPevM!%zJmU3i`PQq^Yah*f10?WN>%o|KPGM+;(yin
z^*<)Al%c)7uJM05xS1;MF35{0-<t-`#!MIx#Jja2vLMVB5aa!5kkLW#>IQ5eefhm*
znHSPYy^~X%OyQ7~(aMyIVM=n8JMBrbLggr|zN&ai`FS*Ew{q)cm(P#YU#s8iSxoiq
ztHfAZ@1E}0tv^dXT-EMVo%UzlWZJ)LAifi9Q2>w>7(e4W8xpJ7QijyJmfBV^`}+8F
zjn>noS^s~BF9co#la}1h?Gaoy#SwV>WL_JCpH^94r4jA5!_nEJE#S}MFRcOZ29kqX
z7(g3zyJ*yxKp6A4_-t^t^)f^KE`mc|AM$<qj7I%8`@f#STUW=&gAKTYhSlDXHn=Hv
zDKPGDnc1dqmb4ijsoA=dY*HFe5^V(gtU-n>t<*L<j4UPY&(fDznxPegoJ+VCW%;Fs
z1T33M$@XCe77U1KG^Exv76jFiWUZFmFfG@q(VGezO14VP8Gve~a`K2WBS;#6ivnS7
zoJZy+G9f2nFKgr<nvrs+Xt|JC^UV0S3)k9WiPf5xEZGkDpmHRf%ZhxK!!RlQkj+6o
zC>9mlseK`<_DnTo0{Yqp-#y143aqMgELrZGAY9TS&@am%&c!N8HWzbK(-)!whFI%g
zXv#|O*||<@o6kYk;aMkKM5Rh+FV#ns_aQs`p=#;$$}sjrWfxA)7~`Ta5GLyuT9%Te
z3jy&gH#NWoA%(H$qW5Af`J3Zquc5h<EMwI}dX*OQ5Lb^lTn#0cHpyj19xerS;lOqi
zCiP15TLnWn^`ioI_RfkDwZ=4%)3H7&vl$VsfHpovvev(C2<q*;)9X8J$`WyJk7#@T
zN>&qhwD2JG`Jxx5SVA0vZZ#z!B7euR4uxk^^B3=Em#ZU<G6>}zJsJAPIbrH08Z9F`
zux&72kPrFmhSW&9=4j&wCMe*MW@*CrYUJu88ZZ`vTzhzYfajrJ>?5jj0b;}2e+iM&
zF07)Q#uhjqt<uKMq!LO=m=_7ft?XH=XEB=0UVPPh_>n7wnP^}jEtsVmgQFY#luYDn
zU?-uJ_b@@Xh4cLiB^UGgdKsxzYJg!7vs7%5=|o-RdaZBc{E}VAuW!Nv^r51Nh;n84
z{xAZ|+W2uu>;3I3hw_SE9`Q?@lIc5#`f0H$p1eUKq&Ig^tge?wp5>1AV~f=d|H8Mq
z9K<CAwcfP^z1ETKZ3jHVZpGhp`6;~o?F)wb3i$&miIJ*WKIcX_G@P3tDQAO;NAZH5
zE&9ULz7ydmbDQcneJf;jeRAKICW8C{s!jPq^;NWU&HVwT4Xx>P^}ApP>q9{2R0s{;
zmuhGtT}ikim^<@0Lyj30v{&6F%S;eP0oszZy+nTCUa8b%H*b&8%VqX(4LLkguJuIy
zMwkMIocIu@piAMTwM&!N$yJqQKqQs**yE)HwPq_S3V4y_K5WwjNqEY(m(7u~jrTIC
zAuWefA&c<j!jPE0J|wDA00828s)hlP(x9GgR8k?HpVzp!Q0j%SKw_*$N>(JQ+jqMz
zEd8t#dxJb-v1WzYeAjrSi5JiLXi&j`u}Hm6-+cD;R1{zq+k0+4rBwv|D-#E1Z~|R<
zi7b9psLIKAQ0Sjc)bX$2MivcqHstw6dR#Q$?wvlT7O22_G?lLmnC>=ATKv~_JCoOf
zEYWFTN-B!Bw#JMcs%gVl6BhOpUY5kUxP&yvK}OdF#U__HP^A4RSWuO$o(J8bs5bcG
zs7B#ZFReL9fw{_~s)Wt`4!sgP(Wc!Ee@%@e6mK9^f!UG8>{zW5Lj8?7tN0Y`=eT<=
zNh1F87!f3%%Bgh!v+`+Ap9p#emG`jJl9;}aze`+mtfq4IPuNq0m6^?hOyRspRe5x%
ze>_<=BhCLhQ$>o?qv3kNz+diy`_9j&_nfM*?<0D#vGefYWMpX}!^Z6xgEyL+IN*qf
z0+;!F!uJ9tG(6`%uyZp%bX{D$!8RraKw0EC5mC+rQCjpl_rgIL(=8#w-dBz9moe`(
zrt;ZhcjX+j6Bm8(0n_P=8<ly84gf?KtOC)t{Ue+Z>mz-t$?Cgh%-N7b(o<2$;Dw2)
ztUz-UWUrx@;#vq4S5qSq%8u|Qom%T4Br6><C}-k^%_j5`LCxQDWA=!4o8sXffm`ah
zH8Eb-0yUzSs5j22GZ4AKWG*2isCt)TLrfF&je+vwL=;EPv2X@h?_5LuTNW^WA4a$U
z@1Lfza{}M6${#)fXD1p1v2lS5>Og-sAN`V8p3%hMc;G-lMF6JZ+R=IM??mp_FF_wr
zykbnD54lyN^bg%#<0EfOOvF&c>9I(wp3;#&JOC6u=;@9B0={&_kSss%C#jaX!9k%J
zkn@5M_g6~Uik3L%0h-1K2Aal7(Yl6lVM;;RbuyBuChBa%+YWos!;G~v@B*vXTwRoW
z+OGqeD9Yz7wzC3DUY^?~U~I|TV)BL$4lNDh1Gg=)f{(ACa8%RMg9h&qoGgEC;RQfp
z4}c|C6;|VK|2k?`QGUv;(y}vD0l_Bp2knev6YZ4k{Ii1>fE@$ul~z0z-^+jIfk9pN
z9CMFuOw9t>&lW-f7&P!9D*z-t9Q_-$IT$;0qkE6@WTM%bbc>&J!WeYMDcXw&2~nm-
zbsylZ%^teqco`G>YBy;}&ub5s?%_%Cai?&+?#I3mf`EhX69~A4$i2wdbW5qT`eV2b
zv>`e*V*??^4F)ZvgO)Xr=>p}vZ_4iq2DhiS$19o9$?Og?y$|YE(jD@A3Vpz=)rZmH
zM`r{0E*gIJo(cZW)gECdAl)rUi2`Cks}95Lpg`TFv1Qpp9lxzojeHga!HXj)9uW4x
zM|=@geNnv_BGZFgZGp><cgzkGxlKJ8OrBcp!rK?SwpC<U8^vossj$uu+a>8Vj>lo^
z5kN$)J0g7%^Fs3aYd9*Rt{Dz1ND!N0s))s023&m0&WRA5d_#rJO?NC%RTD~-@Q|^B
zYnvkP&Efhej4%Y7Mny9I9he?^2N<ss>_Vm;Eh=|*k#a<OG+(=s;>&ZpAFLeTmHfi{
zPxS<XQbfS^gS)c-pRMTs&W`@SU`rJ>6z2aTe=QXi1cZQgXv-q!A`@>R$kpl`>Olj9
zIwFXy(hCDj<0a!5Ulcw-yI%70PfjA<jw1ey-CC3s;=Ak;7}pzj^Bi+Ee}3)n8~;L!
znS~dL4)PRbjXO!qlNsbFJyp>iu+bt~5rUzl9qk{-tlB9H0@9p^AIu3mrwl^Rqv}vZ
z092+LcJ)OfHir*6c&Q-+b6UW{*;kRPh9}Wutmp>?VI^6DHlq`UX1RhHE-;*abwwD4
zmx^=Hb#P?S1)^pG(@ok>$Gw-yLncvY>(cML2>G{n)DTDbph+liv3>ZglRit9(nCqN
zUaSo1anKvJ43D>lopWXp7m7Xu80N*+kFe>21W7}%DAxPQm0`49s7Mgd$GfO1Ll=AS
ziT_#Iw31oy!+yf~SKN5k)%6mXty%?En4B*9+58@_^+aJqSCmNrd8Ux1IaciOYcU@!
z(Kr)0Nk(?W?%~53E;QjQk7B(jZn#K`k4n#pbNImhD!7(EVaWo38_Cy~Ui3YDwr&h$
zKJc?<ju#HiQ3g3~2#X_P%`${>QO<E*=}8W@L_tQJrVQ`|`TkRm%5@)Ji(o&pCsY$?
zvc?kj1cWD97G3z={2q4K0hP!nxl+)UBKz9-<tT-_g?{#`(U0y8wT$GYYPg;9`6!Y|
z7nY-r9aJTlIj*^*=2UxTA0I}z1}nP1m{7bC!RZ9=WVt-$Ai`>6P<5|u1Be`O+{Ebr
z8fY5W({Qv4;VG9y8j)hExIukdJkB@PI?V|tlfGWWC9fMlm5GhSt&)`fH7d}6m6tfX
zmf`^?yq&eYTi8#WjzGX6idID=+(Xnbzue0nrcZF?GC3o)Hd<dq>>e!2cn3SCtk8V&
zh!rH<*`-@nY8JK&vIa>b)k)C6e=b@FGYe-j^57-#fwUk}Sqo?40e2~Jts+=&LHUY0
z27UK}8e5udQq*V)^M?5({g|mCVBfK;6v_9;6?lju26Duf(~tT!y`N$t9}8|aScLv2
zfZtObJ39~%e@<Nn(06c(yJ03e5d@cxKU5%|mUSX3P@BF`duuZjYgL@Ia<DgIQ3v8f
zLp_&As4UFm5+wEdU&QwiDm-ECADWfpPagNbV08Y^edgzjv^V^}WKvumG!0R{Jx712
zfE}!cZ3Ptn=1@%;#kc~?bmZ0NnG<&m7{nAXDGv?r(j+q{08DhI>U`>gazJSC5<;kn
zh)I4vlgzRv&<V&kpd0Wg$cnPIpTqgbE+3oETBPv?h$p)fsqdD~ubw}tT(52SFYjoa
z-!`ychl6epuC=hApv3I~0Ekr@gXkC;s8;@wM1Ee914;t-&XwTu!e>*us$Sy`@<C&s
z7Ui|+(TC&C7vQS<J-3aWL9|;Ewyuj_m5vq!Hdncb>af-H&6hMZ=-TZ_jRKyXq2*51
zAdStJAn;~aTdpg37-y*0BCPGZo%Ot3+F2V}zy^)MOt`yEHP&;hZ8uuE%}Dq!ShpJ=
zAJ-ZGYlx*_!Qp;f?!8{;LiZJa0#gNC>{zFjNRdq!$==4=qDtvrw2ji|bKel$OW20A
zP@9H!bzNag>NMuZlGQ4aH^5!fB3sNd5up=X^|n^3X=9}=5%LxSYa6m6`0C`QZB^@j
zn<-`}Iq0NK^$+hFbN`aX@rs$B^b%$0QE(1oh~Ld1qHr1@0{n!n2G!;;Z^GgXE#O;X
z|JM5H=4TU^o06jV2=!{-KU>opC1H4Y38H{?z9%k6kIjPl?#2}<n7(D2j<9*@Mo6u1
zJZJb65D$e0q91zYgS#xiBiyslPP98^@Rxh8kgUys5I*ejX(-PZr_(4$t;ZVK#q-vM
zngGiV5`<q2(}Cc2k|zDa2<VtVpd4m%9;H0osqu6Z)#i$b4SDZj574_7k|nuxCRT5S
zZ!j=vLoKerLD<oA#25(#E=?+8#V(xG$|}K*T4Ft>ISDPY@9D>~*Yal@3XE@hT$XZu
z9a-Yxtgao~KDsX>g1nJqw-Pteh;U*|70tBDb>8Vz&$%xI-7OBRQMM0Xpk9ATo0a41
zP=Rlh#EjA^@{xppsHkQqn~MRrTu@nnYK_?e!jwNUNSFW($`n<eu0VQ()I+de=%pkm
zI#);l9>xlL@rFHX#s)CF$)39_#$C8;%3b&ihU_*X2qD96Ukzq@*OjfSc=!Fq7wgZ$
z4bevmA2P^qAgk&>dMUn{qb@sn2Hcl0L)EQCg^gD28P%7OQtOv;HKk3Ys>egnm|6o8
zb-tFEdo39k`dcP2&qG8*DKg9-AnVAe(#b4&XT=dS0|^T^OdlEG`gS@fVNCE=C95s}
z#{P;Z5bb{Q5BvmgBs%hTRbCqVK1$<aITCY+u9g}bm>Wl6y@_hH7H=@U%6FYzHY3@X
zKXAQeQ!+{HQId=tDdA*?c)!UB?8HuIZb-M}RTFf(yJ|a0Rl8?#8=5R(mP}uezAAR<
zTr?<wp0ob_ed49OQ3-EmGI}z3!TRFek~8(KoHY0Z|0<RJ#Dxm)3mbJWiePsWs4!=H
z&N|Zkq`eH#gCwd+tu+EYlSa$0cno7Ht%)~s;YblqV4Z@Mh92JCr{Fo?ys52%{xyz1
zE}`byls-BrO;;Xa>za)#CjIMdgX|DzDRRzIH4MDOMGQ4(QXjC;ZlVsRg$J3>wq(7K
z(y+a1JSTKt*HWTo_LgB$7$!C`x%hCt8=}eVq*i~EtQ~jR#+Auz$|9*ji{nvixXuD;
z{-DJ&w$%%x5FDSXv>6L(;>vpAds;&lQJ_>F@0&D>d(L*tiatsl$xvQ*sMVx7^Wef=
z*Y5fdTT2+Oi8>G=OE4L!)Kph`Db=x2CQU?{uXmc$(8cyF15`?%+M2vqXQ5el%zdtP
zB<B&l$*J=As=#T#AvTVR`u&h+$rHLl%kdkPI`W1IR;fu<lGPli-UF;w43}0SL!9B1
zawQIei7Dh{!Zc}+iCJG-PW&L!Xh=AGj=KF~!C6F&#k_J@Vo7{;7g^ywl+#g9nz~vD
zIquhjMzyu;mr}xF_K<nWh}Z?g>uS`{ZGEEQV{!h{I6i2k$qMCMRbAAb)3UtRQpNG|
zB7nLlSnhWq4EEuUW|TS8(6Ma?gT5wca!1{Y^QgeM8J)w>qx5)l^5Wg0VPoW!NBrW^
zi2J13E4Ti6krnTyD4V_FWKuLE@=NsJ+wA+A!8K`4q}GD;(h?k8i(MI9Yg8uMA?5ID
zqRJ9D*QGVg?(J&MpqTM)a|qWd`fTrKc<!$af;D-8o3~bVavsZx1HHW8iKx4XPtCd<
zyitsrVTmi!GXIi*bR&QB#oDL;*2QT&sF{3Lnb}EEu4Y-6^5IDea%D}<=X0A(8b+y%
zJS($xKzX4GV(=FwD|-j=L>!e>iBVShE3$q@OLBoNmuw%Wb+EL6i}HXc+zWK|LC@XG
zN3F|c4{~29mTLmSl&KYl2ZBO0L+N2$u*2mOm@$p#8$D@pdZ(Szm!b9=yfTkTDWjXz
zn7|d$+Mi-9g)MZey#1k@fZgl2|20O$ULVVSg^*CitxMrhTw?;?MY$|Ty+NseM{TO8
zMEle!llSl|tk4;_5Ed#LhjS`Y$1`p8m>x#oG|?Qs{4&rGT-Jb&I(`)tHSI9p1mv84
zs?092MOe0`ZXmJmT~TRkEDU+7Y7A>&qs&9%{~_(2f-G&DcERqlZQHhO+qSD#*<H46
z+qP}nw%uLTRa4(gOzimH`48sZ`)nOO2P-1;&b;zMUeqT&{Ww3+7hn^3xDfAK?(Cz$
z7<SB*Dr73D2Sp9eC~g9*E&ZUZL0fQ&Q<|AJy?P+F6*XL;Qmx=yrJ$`MaotBnUNee7
zz{<HXjB#W3dE1ZK1~lnFitIoid%!pHY(+N7$|JDKxU<TvYbTJV<pn@)w<lb!ZgRvn
zzbPu-tjBlTqx%E{Adow-=k)V_EVQTM|9HJ0_vP2`3%#@F@%uUuJnko+2pz1z5Vk_Z
zQ!VDGP}>8E=c}Q*57L@!^`OmBv*jpnF%Sv9!<o-j;&oTME>IgEwiW5g6+K}(b5OKG
z<3beT^N5%O4J@C*!Qt(;`oUc#)2%^!cyF;c^LoI~Lt^;H3W45`ym3nu2Y2d84==Y&
zRn6V{0be@zgH;Z499y67%J=~YRBwu-)#H4jAD;Q$;jVDdG&#ek!XGe&Ef{~Rb6!+;
z^5dlL^r8C~2EGB2cby@Ew)bhY_SAE>J-u&Oq-sya(?LO#37I-;`-w(+vl>UbPC`s_
zJEe}oZw0ImDwKqtsd?(O$=If2_hisB)|8u7O|{*;-JPP;9iyq;5!I*yn{PUWNC(`N
zZ~))&DnI8?Dd*uwYLiX+*FT`<wSvZYm~W`r9pT3h;eWj>Ihp=X)E)JAFBEfBU-I>7
zn-Iz%0ly!|N_Dbq{<LaUWGFC(^GnlYc0i>45sA}vm|NTHGczUOFDK2_sVyrjXiF_C
zE%6&#Wz%4Skp-}{)mmRae?98odHjity-i=YX)ptRYnx?0?aaQ-dgX4t-K75F`(pFc
zed`R_=BU|6mRL@Vf~*h9LU=$Wv?RnN)Ff;P!MTagDI|nf7yfxjxJ7*(BqMM2M%7cY
z&$m^(|C6WeARnQpW*_^lB!tXcdbpL9<&c{SZ>8>MY}kXi>7kqH>}!y>{xH0dyUYs@
zomUP*JU_}qQ3(D%C8~VoTYU%`Phmc)e9&E089$|$eDEEz<u9y(*&-jhpl^Xo-oYu<
z#X+d&t2i<gmN9u0fH;Azp?u8mQe$1EGyuEf+GdBf;l_|ymjN}X1O7V+-u*QWsF^?G
zEM^286=d}9@Ub3u9CP9dU=l|)4~80|Es?XPoO94cmb}tHbH?GpY)THxva#yhE%ZE$
zpIocjTYiOAxnwa_R-Q`3b~+X<tQMCY$7+_`c0TXvj=`&{>iFhZN&3?8;-*Esy@ANg
zblRPe*@!D}B&=3d1(yv+dZc*VkK61R^(t~*j>_mL>L?8p5UsL-H7-5`Rv5xeg&bd$
zJ-)U+b{~a(p4#|U01nljb=?+(kAMJ@$Zp9-WMidiqvelIH0TG<$6_VkSQsca5jc}r
z_IrFPESoHc_S0-N%Yhi&{Us`%&w?9s5ciI=tWHd%O26;4KSGXVI?H-p({V|QO*6wA
zZ8GNRiB<<zYhA}b%zDu^p^X<D@wEdK=`Zu22<}sNG3vsR)BOrHG`Wuo;}Th7`Df1s
zM%dLW`fz)D&8zp7VpS_(*M7+iaN7Ijjp2}8N^Tc#wA@8RbjKg9muuuEwQ+KUUJju#
zvw70utxp9UWe1|Ty?xSL-#1OF66X)3Qq``CLv@boA6$Bamt4Nl>?&FF05toGx9FHw
zhU$VcW3W>c8>D4q#2hOg+m3kT-#SM#-ZeHLpxE!7NWk;Pz7@EUuegt+^*uK=8Y;u~
zE?J|X{X6<dElr)lmu@V5NIDH4Ubw^(7i;w5-q`3aA3uK;ai>PW)2Z$~g3pT-&=dC2
zg-`LHzcKI3Ge%BQ?JVEpeJ}i~q**97)mE@0uIb{V??#&)Rj2&8_<QtRpHL%u6q*h=
z%$ZqB_w1OJoQZt14;uIrb?rdr@*fWBRi}OR{rR6|0o<RpO{xx)Mr&K7D;xH)a!9`E
zk1Ll;Nlm!Sj$!lDPQ?@Ddd*l2hpEvDu#?r3hg5BxuBsfQd?mv#m;1^J^gnn^X-a9U
zm#usTf6YotI#<Eqn(inw6rrga++uSYl5Nkd7}l1Q%E+&RxY*VNbpOinudwT)0;X;;
zHoF2eP8NU02S`^|mm4+XQ5INNpu>QX%WtvTX;_xu_<G#S&3QI$BrpEv7n$`t|MNb9
zNZ8@sP3J$oZEH5k3RB+{i)oiVsOs0EHi*}b<vKd$<-&|FIrXd|9p1V+by^;kuSQEy
z2`Zu793YE+RYSC=m6~#;J^Vg9ITSI;H^)R1DR>*w&eriz{8&z^s3KzB92i{N<Ki$?
zf16D4pl~VDO~9aCBVCPN;nL)pyVaN}4cS&Ev2(0Z<CX@iu8Fp(5Zx)lH8D8Qe9F|;
zFTb6mk}_Pj*%?xaMnHBiHSk!ye%Spxp#*<zyEuV|e{*czx0hj77Odr=xdYo#zh;yi
zz<q`gV>LH(Uy2?@jN?XwaVsQHWA*~<$nAB#v*4~@ejI$={4RaDt*1@Q-nIIGWnQU7
zX8&seFNSOV;g6V)I~Y`NMkC&3cG0AwG?##2AjCcb-);X(8lrIRC^|i~RQ`;%HSA+4
zjC^5=zMsAWmdpNzWtpKV7UB7FDDdLk32ODJ+8%_OaairUq0NAz%^>=3v0g9#g_Q&)
zP@gk;%57;#R-4NKTNMs^#YZ!7#GrFYjYFqo5{X+sb8S$4ipdMA@e26X?7;>ozn(Tm
zt$r<nnjV^(oRa5ZQj1zFMD<0X&U=jsF;X;N=!@@+4`uYs0kf7rG%J$IL$Hk+dKakm
zJS%L_-PHh5L|F3r_{Zi(3zJ5rj*liHEbI$CWBR2{Urg8?rEAVAuF&P3Ay5`r)*8;x
zW@ZgH#c(HHhR8aWoH^w+=bzKU*UTEbh;4qb!VL>JY5gN_DDX4Cu}$T9=Wh%;%fqIn
z#0|u?5w*F1lr1hGJfZ9gf?HU@&FlUa!~(8yMo#=<AB>gP$ecvCws0s8QYfoZx~qk!
z`-uh`ny-oAg|u}Ku+M>QhQ*~6Am@*JhI5Bp7jVQqv|9T#a7LwM_Q+(6z`rtF_I$an
zesbLsYJC`j%@V_;iJ#|=#`Pb5biSgr=a}7MW(_r_5&58&I)KgI)BgG9HHcdIhIhy-
zzfXFrb_e{rqkNa=GyV!*y+_<p2yjmfo1ws(p_)#6;mI|C$s)-RJQ4Qm#B#uJBb3NN
z9by>rD;zy-5Z0VENNM935Z_m%@4Fd<9`aykzC>E>2{KN4Fs0Yjba=x&_U@=oO6#8}
zdJ?|pVb{@!!|rz!dJw$?&l@F%^cFcUCJ$)Tm|vsICi)Jdf7+Ybp}ew;QkmMGXipi@
zMRmeI-Ljg!Z5`*)rSD(%Es3I(QQ7mia-SmW8uZRFZP6Q%>zagm!n>SDB^!HZSq{ZJ
zq2;S_{DX5JHTY$IgmAc|l4i2BX#Dw)VI#qarNR0enT`8KX2t*Au%ToMa4~gq7PT|B
zH?g$)Z-atj6>WQLQ4HS1HNDaGl5%UPr;NEKS)2pg^WdbQNI=#~d1h06Vn7^(wO1Yc
zTBn&C&O@yGK4^Fel|-L1b@Epb$G6fXQ3DkT{xP~I-D$=xeX_Fm*I(Q|SRNUIaA%-W
z27a-}9yaI=6Qnu^pR73egSPT)Z7{o0fH=L6g~5E^Hi+C_AqZKWiNSi`C{SYN?@{gF
zN*?5H{GIK}6RDsH!@6FxEg3D^tx^+iTYnPz!n01nCR~?Wwyz`})E+9=tBpL!dvi85
zD64jn!)~5irmO~E9_^MZ<Eap|U3J8Lh#0uITWJx-Jy-+e&~Vjj+_X^7Q?I3zFTOWy
zJG;%E!oLoT1z2(fanzo^+YOtp&4je3tC@17b<SL@o3-bll^4xgIo3X#N-HHFJ;cB+
zX@cd8c3wS3u!z}V0$nG^+gj^2Zpu`1t|Y>`*U8uJD=FAd91X4%3A?ouEsi{?OyNDq
z7zVl_^qC8A6!8=uxV=>BxY>W&_dQIUQIKyBs=_I4cf=-!xHr5bW?@WZy<@WcQIS2W
zpo&<1`H>}l)l!bbZQxX-8x~{sq7xQk<4Kqv;N3i0#Ngp0Qzx;Zp`qLF>b4mc__6w@
ze<@Y<IkR`5inU^FYe8>Z>Eat7{8V${74^UR;v@B+93@Vmd`%uM^I01HPN5;;+aU{g
zQ;Vl`D0j#CI%D+<_1usC;aW$hn%2;_bhU-puVfF0xWxTc;^U8U?8w8~S#i{-Eg3u@
zj+ZOxtTtcijAFmiyndKBKmaIgpswVKRAFG5(iR4J+Ki&Uy&EYC6#!G4fZcr;<X3zk
zTKw=y_{bva8Yztj0-nPb#4!h$_2H8TwDO9)nC0sOU2}R$XMvv9KQTkZ#OHQ4JvJd@
z6zdZ2|1^zk6PUg72Oy?)w3YYF(RzB)r=ZC*{?Q`s$6OOYi3LM3$_KLN-XRvE{uq|P
z(v~m%)qkce!Xc`6z*Tzo(`eQZqHCyWCz|ZA9ysc6xClO5id;<S4D?hG&NXi+X8=B+
z;tiXuCyT#t{I_}9hcVL&a^R`L0NdB8UInHrwEKWjuYsrjJ^L4y+Z}AmJb`2C8ru9W
z;=Bm#wH>GVn2%8KWZF5J8a#9-lItI;(PrO7yO8ae&(6heJQs;I>@&rt-NJP`$D4m#
zT22GBe$al`^W%3t|4Ur=JEY)$vRY7;wExewr37#><Z=!KtB|sgLP~;=+ALs^@2sq-
z0h}DCam2B>lx!^iQWVj4=hWsPSfBvd8}r8xc0bf0Ycee7n2OrXWZ!+?dF6R&z0K|Y
z(dK6g`<J6oP@GM6QIqrdC~4IJ?(`dw3-qUq4xle_kQ_ACQ3R+Cvj|rhfo-u~W*N3M
z8QNup7<aH1(s*xHqhcobAG2B{Rx^;W$>!$2mRxTbrA%F|tAd&CR4#l9jJy8+Yt}vR
zm)vX^a-V0?Sxt5~#q~&Kr~{W_Dv77pEDd&1>okPHIz|^VN+8W{`KfZjP(!c#rhP<9
z7sHh9hGn~AaB^B~@Da3Li3GF&$)TQ#Gup(>DfLJRMZpd|uEI0Y?m1i&I$W8x;!yLk
zK$Jmwe?JA$;n(8+z#0S=OAxXdd}W<}=D^FA$1G|WDWpXtZ6tdUy#gS*&-=zfDZzC@
zZ?W|)fp!vieY~51`TRTKh)e9a2_BdWjIqcV1DLAjvdzCBCNoWuvGNejt}<;A0R9NG
zzpqAEph=JcD%mK&0zG4w@t?dmqwxGUd@E*|8@13G1)#vCsKS`rm=0_fqjZVmUnGVe
zeC#<;oB27*2QMzy3@-Jxf+__8m?Is|5Bsw}thSnYCF+GkVd~Ex*cdd{dyB4xd~R#E
z>iJI$=FW9<kwNq=p^#`cMeE>Z11G>*MF65Z3E{gAklccA)-7EuAhUH{uS%U{sw3x(
zOY*z5ASfQ-XXWC0feyHE*Ln;d@)mf6l@ip2tl94%VuhzZ7#aB<`2K!&5doVLhH&8H
z3!D8ML4$@{7BDQrDO;D5^|U086KF}<3eXY@-Sc%zKbO%38FBjOA*@p5o+V1!KhP5R
z6`SU~Vij&eA<|t{f(UX=f*W#-8CP_Il4p)v=ii~r*|vx)t^wdWTp`kl4z_KF7=^r$
zuOUluii_>=3YH`-@l^8}9}zM~QYV&5d_;fIgcn$=f@5r-U|)J76JwFI_b|)99fa<I
z65YcW-9>v5Dg&pSMM8YJIQ#(xOoAywmn6}N^>3*KbY#D-4LS#0xD4DRa-vB2QN?mT
z{~`QEYp`Tl`4-_wWB>2eqKv(<;XiFpG$7so6B}Z0HhmOKN)it;*b_9)WYa(r7KDH%
z2}A}0OYz3!Aqhst3^)lcpj`pgZf@C7vlbK-AvLN#5Q0!bNDV==tyZgUb}6skeqC9y
zTlm`XNS8@q44S1M_i^KV-E#VD+;VcdC@hTuPNN)guLIG4&Vy+!ZD<!}(@&hv#`DJI
z=9L(wL%(_Gi|*WBqwVz~dFG|NN;Y}zsGkjdcj(RX7NEOLl?}DQOPc<Pj^}uYjmHyZ
z?->^@PBJNO>NFQU%HxhBU$ifYlh7^44mT;7ih~2#r$mpD>e+oTV2bf@z>%Naf#iIR
zvdKxFcCzE47yaFmRH!|ZmGs_wIN(+cSGsTqq?a`PdQ|RZ^60bPMUsi{e#fMDzZdF0
z9IVbuF>Kx7q07dfFpW)D1=t^@>!RG#QS3Dn6>avTK$oD04=pIcV_H4$cO4XCi3H(s
zS(c`@vYJ$1RT)c{1&XP5)Fdc$Z0u2e1$|a%w09Xa8?;Y>YHPWO|DpM$Tf<81ufUv&
ztN5!e+G|+KUxyAnz*Bfm11+ZMqC_%bqD~(kOVM8u+h}uhT3`-6^Vs!tK!C!44yo=~
zUZ3269-cj6{cb{Ftjx~dmVwBcl-r|at6nZ*pq|x|T^s1g+t-w1;c9Wy`B&sV^Ye*8
z9^plz75hcJ80Y?DsJ8YXp}unEc_r)A+J5u3t?ho;(j1*Af`d40BU_1#+NXeOvHQ)4
zgJ>C`dZ+5Bcw{E;0Clva)-fl-*0*pPW)6bxBS=9kDlcDLGH0bkyg;nD*~6;gFo7{E
zH^?DO+ZIvyg5rGR*$nUEA#_vN>_{qu0l|u;1u}}{2dh|9^udT|CNei5lio_C1q^nv
zm2=}nTNvz#W^v6d1&&7=D4FQDtOSCsDT4*eWxtj(do%|X3U%=`J;M!*xx!5t>8ilN
z##*bm15&IN+teo<g#nCYV$b9gZq1v;-NLiv7CYr!O^HOCYWvt)Kj(s1Mp6<?&T~@$
z6y8m#baLh<2RHHf=d>bo*@s3pdYe=#$IHP{kv=Aq8t&1heZGCGXcU?My15cxIaT>I
zZ$FU&Ba1jkA^yVSp%;aoggvPfwu>3I-I~lL>pZU4v^wgd@p^g;euW2)SXp;6=WSNd
zFq9l7;<n>B=x^Xx*yK(Kg`eSqnq~DoX!<EYH^HBI$rm8aGS(&pLr%t?62~2HYc0!n
zuhW#5X;FiS>B?4v*NDCKGz8HJ%lw(Blek!P-zOw#lSZgyEVTn6Sk*Gu{Zg!NuN17E
z{!Sp`KiV>bvv)Z^SUzxi=jQxI@Cra^S#<&t0=3f%*O<f^rxj^@8q<0-aik;Yx@z}R
z-;zUquvx#c`WEiDzGd6^*6zc%sTdsifheL`me2~B@rX-csHLW=s@YWNb(c3(d3xxs
zKR}^>mhH>GH7+@K+k6sb_ClFxHKD3nudLWp>FcU@x0LJz_gcPj^EvF}V||9hvwlE-
zq20k12oALsY=>nGf1;(A%EEs2dtrS>eldP!5tcJb=MK9x74a@%wC04wI%pLJLZnK}
zJFxB~17}|Os13qxQDkC+l)w{tB;vuaoqf{sj%Y=*X4FB4vXts0%QcK7_2e%ZW!Uzh
z+8mUtP}V}WO1MDAk}U+4ggZ0JAP+(YVi0D=yU&s`u`o)Rbcm?o^N0VYq9tlz1;Fu2
zMvW9_j3KrI73c0%prx^B2t_ML<4U*~HqrJAFo#eC@#8RhyOc~#+?@1B0<Qq!CD5>D
zJiQQ@j!nsD;9rs0%W7O}OLIbY;YGc04^#}5)V3awjtA#~n3CB*jZKhH+5b5<&#eW|
zX;<1grc=eMI-xb1)u%+2jc#EVSw{1}`befuyhupS_1?i`5t=4LF0f}HzUxr8q`Rm*
zKOg>4!&IQC+5@A+{LJgnA7@o^^t{uQzpPy}g^gl!@_w>|6g<Az@MWMXvy%t10M(u9
zq?SM}Ek%l0Noq84Ne;)sLU@M?D?fb{<4DH4ZI2Zn5y!t(HdS?B$CP-%)|AOZ|I0xK
zsheC{@6?nKD~@yjz;9g%Z>f;w<ig}LT>+Q0PMKTk9hyHcW8$V<?T?x$P$L)xUyxMA
z+m$PX4oef#WmQm}^c|n%_3|s_sbvhgoBuujZD2&e6S3F%Ve$CEXM^|D^?WJcg|>ky
zsqS87t!S(oW1=butR|4iGI69PJ*^0C_4sFdW31h!r(Olq2Gt=wZoA6P<J!227pYZG
zaaT*KCTg2EbJBB{-r<DVvAp~rtLYn4B(LI^x_Hb4Ir~LyOExbShh%Sy^!)}2kzS>c
z=@1eR-tjCSpozMmSSNBv#hBtec!#6_QyhAEj9NckHMgrx)AG_2jkEj96n6gJL5WGn
zI9por;*W+t;fhxVkS`@XW$hIzq2IfHtR~Kg?5lZj4G1bj8ljP>+oS+7X$kUGG52nx
zzl3XW{Ws0{0fqd%T<&dN9Ivkr*oODWWuu;v`j~FT6#Y;gdsl;Fg=lO_WwH^Hu2FMF
zL|&>(Iv349Qypa+xJB<tRKIf}_#odU-8=RwuKJ8PJ;83WDN?$T9o&dm2N%PevUy27
zR)F|h=q$1%Bd3d`)drbD(C-e<3Qlko*W!t@;73ifBb_~{#A%bL`{vEGY@neKhhUnF
z*o1;=qE|WtlrodraDBb01Zzt;)}q^@w4kkEL0^tP77xMFY&93=S0fnf_y%D&krCW9
zWRy)2Ef~`TrP@!Ppej5VX8Oy`_;c$vB?YOfx1;N~jc7f%IA80^9@HX{ye4!)-9!}0
znJ!Mblx~PQh}kp)-{X&)O*y$3D>gEZ>-2ZRr;xl9*?Ed)Hi8kw<8^ZZa_D0CVl#`J
zEXzj$b|yHYo<52prF#sHm0WdOSa>5CF=$6??Jn{_hB4bjIM%SnL5w@6T3ygyE>(hL
zo4h#N!bL9w!Cr)4%<P!(b1LtaBfw8%p%@ae3Y+5L+k#jp0IX|BqjwU0flvo(IAipV
zI&5(X51IXDijeT&)T?Txnsgzkz!8~!OZWt3Qscql#*FpG$0Hx-R4by36nWA~K6b$H
z%q@yN`9lR1bc}%w)EfS3w2b}8+W>J|pH&4iGPgmkZ&aq3ArIL-d5KXC(y=O&PqdkL
zV5Pm|U)qYd7^G$Clf>WKLbFN!T){h-N<#AWA2Wh~7<^cRjdcCPOy91pU~uy0p~Vax
z(Mysz9C5bCW&v4!M{+W>_0sP$mtrsN-1#2Meuf1-;N7}owe<CF##aO)1w-f47(2n|
zq%}C|>><Z(5gmK90N1`l)7reD^h2KT`JJc%4p}XD*mc-RfGczS5eKQTdF`?(1rWZ%
zHay|3AMx)ktiZ)I5%OHJH=1ukIjS8ETDb-xPZ^438S?oWK|_5!d^%Z=aZ8wv$S{Tt
zs>d4L$UYb2Pxi?0HdUE{Y$K|d2+KA4E~tYH3<ZDzJi$a9dc|r?HI))P!`rF?5q7s7
zc1@8Yi|3MRk<%PR<(*}VoTm)uUprzSu?(ZmV?yw8!3;ad#H@hIiZ}yQKDh9p3GE7P
z1x*K}b;ddpQ7w4T!BN`9>#+d6C>0=M=h85)q6ilW^i%@rCF7<wzxx9w8MI6V0=iK7
zvovxnMJkws<$@<%{KSz3cF@S=rz(|t0ZDq?Q2O<@U!_AInV3OBDC*4QM`*l(PuUXG
zMlGfv6SbYtJrzN7*%X4P>dJlAduXdd$g74)Z8<<UeHZ}XXb<JB-eP)v<kt)9YK5$z
zOB%xm2i{vbY~Z+AE9t7gI)FRwP$L(k5y+{lfvSrF;xyVi<ioXeVuAajRArl5k))XO
zD~`Xe0ZGc`EJNE#j_ib6fi?j6K^OXm;cg0)cZl7;X{0aIlBaiFkX>}9OY4wdDBdyW
zt0iilMY)ArB2xU){uu=(J@XOcl0_*@w`i&@qAl$&G+zDpK5f(5ai+P;;g1kySBP`h
zn0QpIsjJ&`G)Atfmrl#qr-uVwYePJ&j48;E#>kJ$A{|CX`b++p9-RtnxxO;+y%^1E
z?nrjc#-X~-S#acj%0i}uF^E}*b&;ivGFbvK?r6rtP9WzVBO8=&!_W*vk!{~>$IT(?
zwm@gM@YO@Vb_Z_WGA&Gx)(5&WJ$M;6O@?*Lrc6w0wv2b^`^iTiXog?tXjK<NlE;ck
zD_*hqBSJuFr=;%8hYWIeC({wYoK<m!a#_Cs;7ZAQ_P2HQKIL`DkuijSAyLNnE`~tK
z>(Y90UiGHy=Q3oIPv@Lwg+tOJbr@p_S@D^NfoKp&HOB6dW@-^46^Q8s0?WcGv&3iH
zM9Z_r>s59}KE=Ehmp$xKl=PJ*%<H;QTgxy1PF_6Ke*6Q#$mN}>Oa2Bhw88)N_46CR
zP_eW%)v~wyZ?R3W%C_U87zS_VSV}d75lqkmngx_CZm5=mg(WtF>;g$J7l}b)r1PJ~
z6n3$4n)Zc>L-l>gwsTqY43@=6xNb}HKR7;cA@-)CWB{r3eWA|x>m1(Q-@a;JJnw(u
zf2h|R?vYS|Mbtg8=qL`VvU;2BVbz@8)%zR2iHyPmdw6FInp=J9jAj9Cvp7I6<Je)p
z0X=ekZ|+Pco?Fo%!u2iFUR#dst1T-Tn*%9M&KMiMsc`GKA@_Lja03@i4qa^h4eYqH
z@u~w!W^5QuqTkL_WY#g{H=@}k5LjL3BYfVOo!C4MN!d155An!MTQ$E0HxG2}_>oeM
zY*#Hq)F|3l4+N!cHClGh-*TFl<JEM>LKYD-d&n;oTQ9+-s!Bu{j)Vv=f!9l=3$2p-
zXaw0*SlUy1kD9T%aHUHLoS5=WIau4UB}bcIvg6T>%k3j;oW1Fn?nwjjAk^>T=rCOP
zp=|1}%F1S<q^c<RknIm>kr%Dpfz4&J1}u@4ISP%(hnUnP#wV->htvr;g9jgEw}w|?
z7!(JoNS##*!o4&W>+KHs@ECMd!hA_l1ZPo62(K2%x1mhy8}KV*I>N#5n6^Btv97!t
zk?hetlv_pgwUQ1|TzpYn*sn@FOxqqJm~8kFR)iyRpjLf7mMPPbuk(#U78J`0rEBIb
zL$L~2oJ<}gbBS(3LO;mlEzA->Tq!{#d&nu_VbHA#=WF4Ain!kt{{TzuaMMe8HzWBX
zj#DIbQ`zn1o~X(&j1xcDbzBlA@C->__&W0zE!|-G>mj$WYmJj};i45??iy?E`Gdv0
zf2lC<-nQYyq6AF5=K~wV$GCTB&WQz&9BHmsdXUFaqtBx(6d@4s^LD81Jjue};i5``
zu5lVS>Q;c-ntKfAL_5SERc0X&`vDb+PYRQc%=^*Vng)%nGxX{w5iy?zvEn7;_|lKG
zxUyvw(TanPqy<&v4jYe@A>5M+Vqtp6v1Hly2EYo+s+W8249aRRN`=s~X7vYkQ?DV~
zGw+d=yn^aW?il}wX|rd<2VK;`5Z%<M@Z9>5g@G(gm2rgC2ffU^vktAf<=B<c1EgG8
zwGrXY+F-cQ%c+V_G7_Y>@JcJnvzv*JJk&1%P@L8IA=ot)41ZD^LsYoowrDh85o|i5
zH+qpRdFhQoa0<mPW|Q)Sl=Dp4NpITo)T!?bsUpRN;IrTkvxN@5n0S1?f1DwzIXF+|
zzRi(ezA32!|LzR&KbCy9>ZTL2D$b`|=XA*?=*FDNWVIu;C6un9U=eD5@vzZGK{V|#
zkzImqhf5<i8@9+7n7B9&{qyi>&s`of5=OS7dp{=r-$0z+#_baSlCd|3nViQ?-`>sj
z-p}99Za+r%t=EDPVI{kkXRfQZc47{*Lg2F087l;bHE__6+;oP6j`WxA;K+{86GGhL
z=NW=6QJJaetj`9#u#nvKhpU=0k~hHtQ<iC?sHo6Dwym<IR*)o2lP9)|4l=D4Q%5P)
z-V8Jd@K*^g%TD9BdWY)3n~V*J$w>8xo6UiZK-J~`oIg#cs1@ABM_jAVtticZYcih(
zopg7dPo?+J-XbbOrd&nzNsK&3hG?=qN~a*EiH^>wMoAfTfG*NY1jN5ek<PNBNegbj
z+BECDcta}1Lx6BasKr$eUQ5EVfLEb*t@k|zR%yZr$|tb+lG`T(Z#q#^)i7NIu-~Aq
zfY`*2Bv_Z&%%)|PPcEcfXvdhUQ7~pgiQZtKPWE1F_}A-DVy8|Qu%5L0yO3kp4VW1m
zVLUN+fv#w*KhdVvH+#05`lmSR<=yh*ATAf&CJQ~i=iDZv1<rzi;94~5EzfErx6nwx
zGIQc3s5w9FqvHPkcGl$OdNIQH*Ug%^;0Uk=%Etc7jQ!T4y#&Bz2gy4W-ZBBVfm0k6
z=O_<oaT>d%=u@gMD-6S?N^xE@nB&eY(lhuv>7!GffT^G>JT%^l%ft0&{_5>@PTHG*
zPzC}QE)|YnB;-1V$|9_Qt%i?)k{8Ep1&Ogqe^;!%qs$k>(<mwFXA#MiGR={_QKK!4
z(>8)!-RxBihBe);$bb{4OW)wR0k-)Y^B_hIdF5kQIgcZ5S27{2e`KeO@YsW^!N==%
zgyCF9@!tOHas+2Pu5cqCJs#PDJg%7l)Ri9`BDa&NIKUjKE@y%B_kqV{$bzg07R5U0
z?z>2jalW48yestSc9$w7&#&)Lq!FCP0g+i2FAOZRx_*N)#x0t7`RObFY47#mE5lu;
zw0P0XHB?A(gOA{xVl$uRHH-=0Pgd7^@MR#;8DIB<x5rAMF*pBr-<^=($9;voe}4p2
z9-k^a{dm2$IQESJn<0)-#0m1o5HiFW*jK3OwL5d!A^ARzyv}zRiXNh4h+~ss(F_qm
z3&mKP^oQj&760;oP~H}xA(3OHXkAVQk1I)1(Tm=qS7?8hzmg!|z$0?SpP-_XS}-o7
z<{*@h&09f`Z(7Z(<{@28jaj=4x<<?oY;Ey!5wIKqnPQB8JR3qSaq(ZPJz%L}%wA<2
zA7u{AJUYP=pclylZ%0vzam1}0>=n(JS~T=rvR)gReZg{Fnrn}!nX;Flfmx|@y8GGj
zbr!V^4eOepX$`9c?*zm*psPXV65iY@=_d5bn<Qz39Wns2D2hx_yE6Hv)eRy4JfMY2
zD%C4Vcu;k4Ki0RKlw?3Qw6rHjf?r_%XAPMohF9nzYN2xJZefXP;e2Qkex4dqzOGf>
zBPs^<tQ*Qn*3LanHI1ud9;_4t=#JA~A7MK6YNi(BLYM9LYE>Wm&^>MAZ(O-OFEyj!
z<hO4Xy>ZwJO=el<B}g$!4PQumD0zX&ZVt%6B4t-UhE|zNM&N=FJ+XUYlbX_O5J$-W
zvXlQma^-dc*!;tl8$=cV7UTO;)B*jkRL%eS(6<1<P}$za(b)8VWjYnBy?=LIlux_H
z@etd(G^D05qBp6<4b`OzluANaED3xT%le2F+XmUzqRhHZ+UM_Mk2n7aW;VbX!~6}^
zEDg;B<@@&tztrCwvT90MQ?Xxb?;PKlbkF0~`)Drz2gshUcMW08pkb8N7-8*yL?$75
zB)FEtWIWYILc`2dIm-_4F%|A~QKzimPUo<hhGl6B4#aTQ3JP(;j4;YGi;fiIhGM~}
zBUK@A7=}2BMGald<lx$(q)`<in*bdt7m`eBc^=NGN(}{o5JA#RaRRZWzlH0H2E$W>
zVd_)XsfKI0yn$1NQD=^!*P)ol4hqCcD133KyLGOqwqCCQ!44-~UJ;dOPKzn+CQe3f
zCR277qbghRoK!zWEOrd(t4qPbv__49e#=3UbD<TAnann`l&ST^a&be!J_@NIy~@c6
zRm%+?{UvaS`4QElTtCiZRfC8cQ}?ehpmcZO&;4@E#=Ym?Nut}V*})Cx=Z$u%_>59y
zwhvRHwY5&i-qGF@a421({<hD?n`wp2Ps!RWJ5A_H35CN)4x3sngukTd(WWZQRc*qT
z80A=qqHDmV6qf_~W-foA%|*ZlwAcpeYpcq$lOJ3Hcjg}(W_l_yhY%Ae!L*v97e^Bj
zBUmFWTIiKoag5-gK7X~k;{l?qmYpfems3>&Dds+H8iQam?Fd!VTY2eVPlx|7ahRsi
zWQMGY;MJLAG}lh2<5AKEc+C?#q}uz+Z_n~RG4t1M37hbKxoZp?fzTh2`qQowA-0*y
zE-_buO;W4^52sBob~m+FFl!RIW7b00*rv!=9yRMBuHD;PqV@-_&2DMu(t~ebP@yZH
zz?qYSC;T?CbGKnh&Y6OVCT~plAO9GV&>F5p><U>emY0LNdgq^y+=K1H?5E5!Yj767
zL)(ej!|lTE_u?R~tE8OiQnd2xINs~~Tso3)WZ~pU$HK#&P+m}^Jo*d4*EbHqmqf9d
zNkXX0!H|I|A6t`=Izi^t4#78oX}LeTFd$F#rXuxQM#|%f-z|r=U7=FXfBSMe@mz#5
zhVqcdmeDZD5-m}H%Qu^7w@j<n5+mQS*wLnk%HcKS*=HK|?{1W<%xdfWvbee$4f)HO
z;G#?T%^y!SX_l2JfDRGcbpre07xS9D5NJy}Nq6ZGbM_T$#jbTosWk|bjpJ$QmS?kV
zq&bspGNsNG<Ie+Z0ZU(LC)ryAKm`L^hAIDvSzkSx47n<sPHM84^`M?<@dCc3(X8he
z+wx-7E1SXtv)pme2l<~*OVSudGf`N-t!RXq@CfB0x*miBZ`CFPZmxJgfz;m3ejm3%
zzK|cQHUJzKCFhv{Cx&_$K)-o=tnnE6&ZsyPLOG)WJl-CTnZ8GuP8ZDv1&zc8BV*bd
zu9kY!F%nQ{8%)GwxPG2@@D4SE91Ssxv%N}plmoQyNJ+O;Xu=z&lus>ej__(6iH=av
zWp-D&Pw<M!wZ$Z=O-|U31ElTbnq%`jPrr>ge}YA|FmGQgl!RqJa!~fsq=jD+%Lb#w
zjN#RYVE``aD2BY#S}YHoQPv@%%$_CAvBf^;?vk(6nr!a#fni2TA#AKe@tqt-tP#B>
z3!2Xw_*><ud*Cm#onKiS+7$RlW=^4GoA%qX=;uWY^1ht`*ym9eYJU+Y4D$HrDnUF0
z{dW{-k~D<gHF<Kwf>Y|6)uTs@E|6NjLmzoteWP=3(h|ZzkJn|T+c?poDe0fU<f(~D
z%66r}U1UUB-{Crrt(-?Ere#Zk4{!qfKNkrBH?{WGOeqePNps7%YmGsh9m%}C`!U}(
zB5NLSxL(3NRl2xKP47rIXArc9GnKmAf;qd(%eV*5ZmCgysc&Gr_uCqge!{Uo7n=Yf
zDcVmPGzCv`Fium_nZGsi*(;uo0X&j7f^AQ|p+LW~+4P8>O>gvufqv`vOMW8A?IU-|
z(%ve~hAutf%^bj_tmXbP@%lv7f1Br;V0R=hF2(?$vKNk(;TwR=8c`QMlc+y&<`}(9
zHvJ7}oOr8mpL)Y5dSRm>p2YrH&@I6Uj?sxhXAo9tAWQ?=D1kOIw)@{=P+vQrb&Bs<
zpXNJ5Q0V{vtpDGSj=H0vgM+E#|C1$Htfr}qEspRhHl{_0W{ix`;<S$=;&(VLixiXQ
zK(a<n2N{M-K4Za(C>^fb)!Fb{+(WhkDO0K<ft~+Nym+Cz6N#GecNxzd^Wx&)=he|F
z_dmC}zkuHms6r#tE=NJ9PV4+?HMYhK5%n824kAs_sA<%kzW?(EjYS9MNNvtEijzEJ
z-NBF$Sy*i#VbxjRysqMor@t;9WgsEbz`q5sT+WxGl=jx;Y}Ev~%hal}ZIuZ&?~>6q
z&0@#S^Dk9FnVedT!J&bCg2#3JpAxi50|^&hmpl*a3c4DqmV_Nv6P|U?*S%ws&kc58
zK+$AYD={A=wB9EmOsehFy$9iol#}(6QA3XL@H%4lcWbdHnc_%W_cg6%6UD_Rh!X~T
zpi;OOF=?}=Ln%+xVrX4Z)@lx|*H#o36v$`=w`@wd1VXdbTD&)GNO?4r`x7oXCX68b
z>jz9wLdUc95GtEQ$q(iaJzJoA>7u;cL$@7-e1(U`oUL1wTi}y7AqMoSAkX4`XB&Z!
zNy9d3>Lu3%odq?7eaQtn>PCteyhS-x%0&b2KiImYgKHeFR?!2ZULaB<H(IS8A&zFB
z9=W{E+kz&!^!md>aB(}=7VmNGtlJ6?y|$L`fqj=4BM@;t(2Q-|<;8#U*T<oBtF|tr
ztXpwD+xrxH*ETh_x7X|HX|5>D8|F{kkAR+h&JsZBaM<pO9s7BbG7MB4!h!qWD^FUO
zY#S`wax8<)2aRV8k^pHx$igRj>Moo3%r_+6lFJ|^O}ytM@bs$<J|-cv%o0!cOK2!&
ziWLgNF98sgSadayN$6YC$!pvbxacf`d|eOCS$0i#Zl46Wkp1hxah@5dK+x;5omFg^
zCR#i2eBdJ%;#tjfz4KRJ4sPumHdl*7tM9AIACmBAg6wVB-JV3sUPP@(0O)CFxK!l>
zs()VeL4082#UgUy{yG=EMF&~)>5UG!_+6a^$9D;l2dW8PwwI40^ah*NCQJoQSi46T
z;bHE%bO~1WWnz$1yY2|#U;E9MpYz9M$mQnUB1+_V1x@Wxu6Zy4^AU$(8r_LPWW?ea
zE9@{@3#R|jZ1@Fje~8P~E8S020)5oahY44bU2rONjgvo19>+|3B%=X7<5<A0)`ENq
zW=Q+eH!-Sl>oR(AJETQcm5irh%&7J=5g?e|mWMo$^#^yId~C7cKIQX|d>r$y{vVZc
z3<h#v8xbzSa{~O&lqmDDE*Cdo!&?PVDM<C?2WylI@`hYBt{G~)CIDJ9K%|DlDA-qk
zub2BB$SJ<@S#HdF8#Yj^ct~{-*u8HW$}LB?igwr~i=AQ^<^%F9v?1w8EhZ7<>(9Sl
zPe=~nv;OZ8_@fSy0PGw{H-5!+lb?M3rMAi4Qi=SJOnsxge*C4Si#rYU!n5oDjOm6}
zQ7WVR?n9s7NTbNV?n9>kw=n&m!A!-fyUN(#6EGbJ8x3^70)n=*bS0|L=5uRvlK@FS
z7_!8;P^Q&z=CrNG)>TO-HdyY{Fy>eA1N_@TB(ql8l!i|^^QR~uXHF+1N$?tAB((cA
z$E)X?{y58P{@s$k9;p3V4JtSyUsbyz;Qv^(k%hve>ZEcrL)nP{l!s|fR4CF?Gsk_O
z_6jM`REpx%>dFp`x0Dct$s$NWbIUMNCaVInA{0$fXvFJ@vX4}w4E6eLK`UVb#mG|W
zFvfL!2PsY#VeYTcc27E{vm^8%cqYrI7+`4HV(=ZvHBMc18J;97O9b_)EOBax`_);M
zUTxS7gkklc`x>56;6Xetx(zwi7$)a<Ih*CcpzYHA>Z^{!jy;=6cmh*x2rb*lT36f6
zCEMFEA=zki4f!rTQL|Uu+9{v>)NLw{E)(?9y-eHlGwqr$xH`V-5ZPyW^;q4D6>67t
z=n1e8#{&qpTo>iiSqO7s<|_g697XLoO1twu`?i}zbFCj(KK{6WXtrib+=3)e9dVh+
zepz{rqOejT^G`cx+wS9%Nz=Bu%%Vi5@C;~x^QoIsz^2}Xgit%W!`522g*m~5f6WL9
z{{$Nxl8hwn75hURA`&3O{xH65VrOhRO<|&BNm-l<3u=wE0uWDVuiVF#ED7^+9`{#8
zO**iW?JvdR8}#WYxN{^$E-e1g83gNzd(qiJr!4c#0bX!Tcbx0VhC05FncB3-jc*#X
zvUZrI`E~+HSJCiFa1A$n`BDWN98M$|leq%%<hDBUKTb-Fkt}uX=2oj~H*m_e^EGV{
zUT?ZG-|(bvN=x@-%n|%G@6WRzT6}z28A?sn8Uf)r@H!4XSUjG1&9huSD9-h>T+p~n
zr=%&=1Ihm`hEQEfdjLl0Xb#}DfdqfK^}>ug`aA^mI@~*y4}|UgDc_$r$B1<-l-({O
z%G^#;sB>ws>pv^0U=rY)X?||M8Mufs%E^#LUJeaRBHuI)NT6>TCk`9aD{>KGGvi=h
zuVRr)U=e06Y^SdW7t>#j&0j}}4m>LX#K4>&iXuTKG=X6(w&5Jq;Ba<GCM-RZug#vN
z2p_doqSVU^4;y7xewI*&RL()t>iP(u(Piw)!W5e0clYL#bN>Yofy+ZVocDRU7WBz@
zgWR6YLpc7lZ1)AKh8FJT#~H>cT?HFc3_|tPcu3+8WU3bnx?RXrh2e~1J7D2_O5DyY
zGIsAwFJ)X<v@aUJq(7kNyjAKNV;(v}!FP}97jGk={D@hj>yg7DP)j;6hPmD+l^S_n
zgUY{mJ-efW34m+OD-}A^fxxv4jkz(3$Sb5hn<RW%`Z*GDuU^#8CwIF)wWu~yt32b6
z)LlrnESv5~eWn6`23oy`#s+{#yD^R&q2C`IX)Qb8ZgU5zy>@lYOt(A^RBSPcdi^I|
zY$<L4PzU<sN8UGOjO$<aBS%YDQ^)US^#9I7+HU{Z!%Ji{EtzzXpePh5j*T*f0-Few
z1iXZm7olafDHJYQFc*_7$);pBBG4676jZ#Qm(lgS`<h8;Olf@<n?DrkdYPFeO9@fv
z;nN#mb9{Qbd%I`(68XRW9IOAJKlFvTPO}-1PD6^dyl<m8RDxh`qdAO-s$>!ia#7>i
zfit250Zk;Nx`mL0HR20%Mo32}NK48Of8IuDA)+SXBho;);oR?`D6$q>2yP-N>JnfR
zqS)(jPh+ZLut71Unbe4{#~Shy+=@fM%#x6Smz{zoc~>fLpYMq$gq%Mr=%^ZTVa<&$
zwP8-3eUVyYF*u^tp59!n&|4xI8w~sl?4*n=2`Q^gNz~?b3^>ri$;3#iBQ-urVRaHv
zr?pnmJ;>QJGUL0pv8-DV^GBoXrxlfE)(!n*x|}rUPL?{mep=SzCL;|2gMrzznJ{(S
zJb$pzWhPhg*g^KdvQWWSoxz#!HR9JD*GQ5jgJs56gSPY(fY!QPm6O?eK=c)5Wfnx3
z!<Lc~<-OHWGYXz9Lay51IKE(`o?6%a_gpG0O6UobPC353NQX@pjyhE;?W7#4Ud(DS
zK%2t2$Y!|-b827w6KU7}6%<QL)*6)C{3u;kH$-RVFEw37bxBk~`U+i!ReoN&2&5`O
zHNlSgeuHUD&k0Mb+tP(s8i6NWb;LH(3m07_07-j=l{?2#JqK1>yIHiXs+MKHsuxTM
z+q?~RaB6N|_Q6|@#n!19SQkjYA2LgYLuwRt2vOMqhS9Yp&#ak%PvMS`@4%3$`BHSc
zfl@QWl#v&7d!SvMBlkBysq!6K0+iiBRgf(!7O~;iA0`^D;I}$egHOKP?B(Sv`je+9
z4)spt-=?awrdr#Oma>s_O(&Ygi`7te`^KQTVc!(}mH<Y=>_JV?L!k@g1yDjCs-oFD
z4+J-qtzmSio}q3>D_uP+U72Wp?OUQnI(9t-eabhiT?vcLzE-A6a5e`m?Ct0-sN|a0
zkJNISz*=hdY>$Hj?`$eGsF3fxrB*X#Z`^gQZA3US`1lHK)kZ$H-m>EBotVii)XI@6
zmI&hn^4!8^yRcFjy+cmC2HPa!Q7fBgO)_*DV^JN;nP_6W#O8I#NXa`hxq+Ue#jep+
z9E@gDVQ@&O`FEQV2K}b-8lS_dt^*PgJ;a%(KimRBm2UAi4$@caXT0wsOCbC|4=ctU
zH;qi-z6yn2jre=Lu0LSd4biy}0)ynNTr3KGhf48_e3we`3wDkd;U7mUN8@8XsBekQ
zuV0?<%we72YpMD4^Iaoc!>uV^FqCNSAYAyldP;+$snc}*xb=&R+HyFe^=i5r9ae-n
z#pU-mF)qD>{#XSuTjZ4rtnGVxKnO)}<B$Lhmj<9zjJxHkddv-QAM5lg4Sa45pT)7c
zq%A(+3_}lqoy7x9g#(Q(A}36R3ys4>GIauRpld2804qNw>Wl~1rXtw`NW2&Wd@xK`
zN7iBiW{&=<xde|WjoA;!oBHFexjI|k?^aIms!qKkH_WqpJJ*KKt0PeA#=4{{SIl*u
zJXJqo9<uxX1e)jNTwWnlFvr$Yu8$u!v<K0`I~W{65;4mo6#Hm5wFg~`ORe=62W5-n
z9R}|PT}F~#Azj`ey@WLv2X)uy*2VTZkmI|MHm!X1#W8&`+a1ozvW}Sevs7c*MtUcT
zGNVbnU?nc6?;&BwjiO?}C99FGPl>_ocL`gq5R*27+V9C8ke7kB!9DW!rt6iPbt^S9
zB>&l62hhQb`jTGByNYf4j`(x&RH-mXK^TAvRz1*c8H~O9B-`8vussGv-O1d^$G?%S
zK%hDZgL>z~t-!b>=GzH+n`8psIrB%XL!jF8g?bc1twK5m72F8<rl;FpvlP&&@{#n)
z#;`v2soY=Jw$15#p8Lh9aH$5RaIovipV|L=Ki*w{6@LE?3r+rh3k3e%JMcfwq}eLk
z^2mbUuK@~LOQZ^21QEnUF^Y*OLVV_yRe<GB$~?Y!OE((nmQEKpsk_=YaPRx!p&wQS
zJcb9cOgXw#1S&#PX0z#>PISB9LY$9}=VNR?K@t@afVyC51eY`AS&dk11cs+-5MnK%
zVXpii)vZB4DA<mGcRu_mf*^3H5EK|@6+5R&3XF?HZSTxWv{t7-N@mg~#~i}TL6(`0
z5&1+boihkIPB2Q<(itrpG$+ghy2qH*46Y4ZTBkMVx6%W3TP(aG;YEih&U$<6viZ_E
zjZ;yjUJ09EZm{}!=Gopm^)9#3#q>_8r|KSbx-=*_tDy?E9FUs?ia(6}8Bp7(ZN}&D
z33lecU8}W)F0}RheJw#_7G@K}apP&F7VF2;aLPe<U;ik!SQ(L1Lw)9#?h#%u%FRzl
zl$OAE-NQuu<c|pfV__Pi$5$SNz+-gIYIQ$BJ^R1_5@t@fqnWLmDq>4nQCoz5g#4AN
zp`*%BvCla2adwDRQ=m5pLWU}1=^kJS%baEwmXkzBtGie-*Jv@%5b6<9|JCaolJmGX
zE^;N|v%<KOvtmP?c~Xv(sh8QpXlx!#j{6!+$$m<6qxg$vcw(s@WvF(mya$G6#EX8#
ze2#u%4OLIUN?!kWW5L5|kPPH3F+I$7{n7e6&G3h`2xhW!5o5T?ncWGFHkj?kU;DO3
za?hihM<!1g)}Ut!3>T{^nmPvB2NuedIw!|OuoP@C7Yzkn!eB2jPs=T@)j`}R1CetV
zLUiBSc`6ZWEAIl?rp0jPgXDYOy4e1E)&f<3hL}r{W@1p5L$SRxGA)Toc0LhMpT0?V
zV4?Ri4grewSK#?th~A3YE%9Z%q+1%)ub>NI5$_bwSh)k%P>bhvx+Pr^rN7{FVYdY@
zxKx@IwO`CNK?v1<9HPuYn){J4`w>W4qO>tYv7;5yM<9+lc*BrMvWp-ygc8n(WGApr
zfIqIqF{Iy!CE{JEkLSf&Y@JC7x5zxwNUopUKp1a7!2Y|isO2AT-oHVoakPJ3Sc)#D
zjvoJ?WltT_T}Ku5^VTGRJ-w^Qc7tUbX#=c5CPT(w2)er1GE<5{T5=%?h^=d?iv*dB
zd2p%-nxHI?0t(2qUR2b9vN9kcn#$A`lwARkin}%JBlz>n$()JVlDzormGpF``*o}F
z!@T{K_xA}fJP?PTtWzPRdMAL3FJ9g;I?g&+hukDJ?lO3b;7E*+9rAZk+_un58-SV5
zbZ^m4W^ftw4aP41c(%i#61#QZ35@Sn46?^yFOuno)uGd$Tc>R?y3?T*`_Um5T0dbt
z)zq;z%`w-%7UQh~8`Ve)^v2C_EqWLue!MIU-^myUzD+UWJ6X_d?~;z^ObqwN#qifp
zyn#WYvv?q$h*21xn-M0QxN$+?T?ga#Fi#+PC}Q;<%C23<{Y|^7Avc}38f^Lfb0BYd
zn%_Op{0_#nV#BTGK_3brf5-Y_VLyiY<Y7N#2+cE5RVnQ7>RL2+@=z}xU55(&6?Ub9
zx6<fw>QPk^g$$QAdUhhTarg7fW^=srs?GaehCK{Q_=o2a>wWxp{H{;$8_P*u1r_=+
znp~SgTSrk!$bXsEwHpDbu}%vD7SZ8?QKXQ#+?P6IpqCIKLd!;Q>kC%$a9azBDEnEy
z7ufD;|1>sYgiQ%W+wN>dYLvz&#^5ehe+7b`j24wuXT{Nux^J46HC)iuN`5~c_lD&&
zNVB<NF6vc7!OwJZ^z8f3AIa5LaN_S>YC{jtn>%gG=rB)1T}|9atp&cCcYg)~1NY-v
zeoql{cQh_uTw+9s3@9>AQKHQyq~YEoElF3vhw9om#pe_I`}D*JQg0Vmr|j+m%pOM|
zZ{ZQ+U;-f&3=59n-5?5@1m33zPJ%os%@jw{gHEvr<^`#D+6K+V6A(^=yuc_zwu;XQ
z6x_&SxmgLB=zg^^9<6rZAkLr{#o9(~z@%N5vI4y3;2@FUAh)Yn<U4V(p+>lE)~Uzq
zY8&~ncIXKAIwVJuU<xpn%~7aWzToVqV(g$d0Jj1({}*T97+hPoZ5!{{=8kQ1$F^<T
z#*S^<wrx8rws&kNJ9zo(zVlAqdw-obt5(&l`D4u=ee^zCAEUL_2fo}Hgc#&-K5w|F
zug=xdl(JR)N22%dKK9`J<IrHQjF+F+Zk^ANqRuiX9p??M)2v@fir%r3nY{+IBgEBE
z+wZ_gZ>=x6#~Y$>bCaxsr}Cq*T=uK^6ouhwiQq(kr;t}|AjT1;xrmFdOcJ78538d1
z5@rHS4HM&BozqT`9c$tm>xPF!vn=+lvy2K*Xvs2yn+m4;W@X+%W*cl5L|KFjmu2gR
z`kcseMq$Xly_BFMSzRB;<yV*&ACb>IJymk8DIs*(ZlQHm(&A%8l_+eV*A!5ChkkmE
z<g1wNs~Pq&+9_c|{|PN!$Ep{H5TcAM>MY)?dTN=*+rq(F=f>{D+1S`vhkIWivb)jp
zKX-FxO{^|&uFP+@=)U;Uee#m=1|l%#GO6Y{<5+xe7V^*2>-r0-YebdPAus#^7|IQL
z$MR#mQA6=d9N!6k7h+IPT0((f7XmofH#Apw7B=QL))&_|C-R2zu{Jr^+Nkfy6tc5o
zzm$gi?YW>33@1Z;+U);w7uqXwi|Y?Zw!w}98-8V%=?bn!8E0r0g<}IQP7*Sh{?Z~W
znNW}wEDv1RT3-dMwe@)U2$>0qZInE@M3+n?L!K}ct95Fzv$Eq*%_@gDVo~`eBxALq
znc=2G);Jo?DT7b2sN_>Aay<I=N}yK2BjCrba_?_98+?(>oKbRe7jnA@Nwad#BCVIn
z@^7#wfhicADr8*4h}m3|rLfe7^(<DWJnkQWtFW}g-Qw>jvk$Y5s)+~$)zra_o+4DT
zPx96=PS-gWc;Q~<vn5z}1A87_zy*~x*1y>dncV)|$Q(n1ylp^$2UuZb+D_RfpkMPM
zdv~omuS82&koeZ4pmd{iqZfihQ#b6Uf)`lFa?Qra%Jv{oHx5%~F7i+#*Mqlo6mrE|
ztMhPFa#ixE@npSB|9oaBW<3GXHc2TnF7i!?MULUc=G%TsNRp6|jk$>O5a3?KxXz`x
z8du}ZG$e8GGUX9Tk-dCSM#%F}x^5U>>sYqddG=;B?%`t6lXR+VtY&AGIC1ppw~s1U
zbRD8eQA@_N3tKqCr!wy4sF<3^mMoIT7Mz-K=jh->yw<~LGMrj$u})?NI9EyRKZKJg
zE8Q_8A{Y4rQ!*o#b_K#`_?nY?#`9b-{W8mFa87G2|H>%ec4%y<X6`ifhv7VwZ**=d
zsoEmS1&B+NT*$2HKF^4}A6W%}n(gvZ?2d(^_J-lzrR<+1xuxL0LM#}SZo5qkO2_Jq
zKTdmI#f_%pzp^YGw0rgfN$R>5ZDmy-mT??;iRQmtx5+i;h-n7l&ePG(i5Q@pnFe6-
z-dOPYNzNr7CU&FcWEmW~;||(;@^G3V5W8V|G?=<CGH46l1-AvGLNfBs7@(FsE-whr
z9cp7=l$1A?8PT~UIkg6;Dl2*6J?8RXP8yi4HWOK-?pxZ;*DNKS?WP@<7gsc)x9UdA
zPl9U>T!5)52D~G`fM@k2RfQB)dCOg5Mv!4;Ben+eUrr&W<|3!YeipR>K_u+AAnWf@
zJ#QjB3!r*D8LX!$NMqQyDRReP!CT9oQ;-eynK0OM`uSm+v=IrZc}S{p&X|>i)%=8L
z7t^VTFeA<Cq~NqenAwxp=5dP3wQT+|r}&pa($y%W^ocMjN}tWB6@$7>y#r@-!tfOH
z=wvt|#V4(`*xlFArawU;>2ihoj}eC{D$KK2nouO>arX_&<OrYgT(MDkjXu~Ynp(nQ
zOkTtwWQElq_p2?ITlcB~3$6*DATx*gz2-DoPdvQsV5~NL(l%fid*TXv6uFC|bS-yF
zgymgR^x<kAAMV*55hypr0B#4`D*%wk$vd_nx?oy@SzR6xcHX_h_=%Xy)rI5$#scXO
z-^`agbWda&dHW`3S;lZO=#)16w3otEJsD#)R{pGTV;uaQ-8jDVPG|@1@FO<%wQs}W
zW))|4%!YAn9j(kjiDuh{;ZUquyVn`Xdm%@@EiU<;!0BeFiPjO<pDtYdVF}tzP7MS4
z3QcDInr!|yTQF*5$Q7soWUJ3iDRF2q`-z9H&eKhF?O-c)eyFleNV*$HvsflI0;Ahs
zvU%|O@bHF&Ir<8G<GQz~UJDD>KW1+p8fkiuA?NNf2Vka#FetB8B)!w?dISEx3Or%{
z>Y>pI@Hng{++jP~MKrNBE9Mwi6L@hu>*7hXq>Mcf)S=YEtckQ|RAUml<I_%ngpxgy
zzS~yl{G~$Z!Ie~Nq8v=Df(EZGsY69-!}+z7YpJ)9P^?4g!0}rV9s-o2(IJaUo;y<s
zZpw#14lO?kU8d-a=M3UkU&PC_a>NQFfgNHiy94eoPqM1?SqGvmDy7f6NQQJ{C-YR2
zHBxD&Ee12gKbWe#LCLgI@F&<4TiH|PZlq3@<B+QCQeP}j`_4><1dAo)FKK$EGD)PZ
zByb~jCCTjzd3~F-$x}oN9qltnRc4$pW|!SfcGNiLzb5JTHXuwvl7K@U`*)9J>zNp}
z&<do{`U_3_DkJKpr-vL_VWKO*E+335GZ3_Bg?lxB1FM8YssxW1VDaMWQ|gZ39~I>|
zdWU68Gwmjz5@DQYM(Sx@=&9`zkHd}~r1fPI6piDyB{3C|t0LtdII5=7VwD27!8ut?
zW*yT~;*3K47`eT|)y^q=>UmV`NS;B@Q-RBx2>hlJqB~Y8lb3Xe;0Hc4>J}QRt55}3
zI73r^NYO1hThbkUjW$12e!~2BU_EhUs_pvSt;&CcYwrK7V^uV9a<O)nu(7xPudT~$
zRUK<36HH%Oul2?jGaPGFHGPU*Irb!~fj&493h;<6h;!U1sQW73DCUhE$C*=Kpy+UI
z^F`rqX2wsl0w|0&adA>aIu;ULFB8N4;8b0A3qugT9g7v$LU)6Cr=DxC-e;ff<B!*#
zh1}~;dze0Eciu2nT-7+(fxtoFszIb%Ps$)v2qDaYx`0AKM`;?-AP(A;LTFu826TRy
zm>+-;6hkxZF4+*o5n;&M-K2m8!z|^S3J@9TQdDD9W6~E|CtG=HN%iCmfN8V(IHO~I
zk^wg;a=_+BZyb&BqX$%eR66w^7$HsFR#InK<wYk=1FjTTnnDJdz~2U?QC)i{U@5Z5
z-mwY{Sr{b31!yjRwdvRjHj1+nm$Uti8_c8waM>F>f}WBT=0YW3DYvkfN*t4%i>9Jd
za29BUswxG?cN3F#GnX7m)yij#+$}|CA@?PN&n0u3Kln{{qPaH_-PW7NvJKD1W;6nU
zIu%P;@fIR9kE-yUnohGAO-8N7sEt{vsln=_(q}V+L*^1*4P$`tBaf^yhH3MIAyb$Q
zXX34NGmnEh8cdGU+u&rRAzZ|`^Ek0(gutC%q`fJ7mJ3Wwoi~;n(W3MX`3f=c25DBI
z)9_6+-Ke;A06F15g4R`4DwaHHT{6jJ%|~$l{?r!I*@nu8Hr}K`!-d*5N03@pIFI>&
z36v6Wii}2<&LpKSBw!H^-#E9}B+FB=?#D`LkoC<qv4AO%P_gE3jfg%`WvJe#fdyx#
z(iO^r>rP0C2)zx9z`dh_7B5>3nx0&wGLTf)d1kRZ<w`6X5LUS1C>;o>9zc2`ouW!p
zVvG$od9Z9(alpq&oB2WNE7M3**+y}4{jTRjZjcC+6}#5Knz@j@8l`i1aESe&-mDo~
z99wLOcYq%Fqv7E5vl7+09EQ|7>gnArwZ`kl)(Au8Z=s8ZR(Or%6U#YOd)};)kBzq;
z7h^iEBzegEIN(s-(9!*n-!KRV&LbxCwZPOO#sY5fIyae{XcH)#Ud1=~;4PS`bWNxj
zcj25irL2|Pvv>I;p+w$hvQ~r0a;@rSb0~*g$U(YwgH*UsCZo9Ylrh=npljwychoK-
z=rQh9W=~)*bcA>&g8Po9jTiw~?AK$<u0jn#A%kEfV)3(Qt<YIF@a&6=d#yl?oR8Mz
zjnqjhu_IPQ5TBmisv8RJ3S!*fcLTrGXSC&K-&p=tdNX3jRXx$Uzz5P^=htll-TeAJ
zsVX9I@c{?5H;m%s$5Hpvje9KB(2uQL;zeq`Ku@ejke+6}cK?=JktV&-icj=*dPI0g
zIZ&-Ze<oG0IRX;l(BC&wAN^s-@N-@acoq)j_Vv8TG=&RNxxjDl@rIo9iX+$vF-}*J
z6v^$AW3MwZa|hnN{m#HpC4YXdJA{SHFxiOJp#`q?U*E!Djwr+!i5npoattztqI9v2
zcyMP8X{GgTykGQ0F1&<c=Mn|l#SIfVZ{|JG>gu@Z@2XAs9X~#jSAU7(f87*xNF|Y<
zd>}`*NAeV$7_^T7G_q+OFGv%A_Vnqhq30oh%I#B9JUBydARg?1rl82(=R$0*x$;aV
zM6SVWx^J$@&U8hcvp)b5rKj}jGMNalyni2S+kGr1S#b85A><rq!VRAA(rLDepWwX|
zRT}PhhudRW@wP>WzI19znc-{!VTfN7jrW{}l&S(%ppuq2+o5?UtsB}kmd)WciMIks
zZ+vvG<xcLDd7Yt7p%JbDgMWoT>-q<eGD0!xYtINr6fRzcGZzKkYi<%DjP$16f9<Or
z2rsoYVs{=#q$MH6+na#r){Y-D5r4J-H#9<c^aX2<i*+{y%o-~3{m`iv`uZQ<(1&PF
zqh#OZ9Oau8D*m69^KS{xzlov$YrjNQ%V|Ls@l*CfJ%$L9W49$q%3lzVTzykgC_kS}
zwoe(X&S;^Cw%nRJCcua?!O>qguN8~y1043(@6;aWl6L8IN;{8}*fVD}wwQ96JQ3z~
z-c;TlU$bVj*w44WvA=+``sA444U|U&w9kkf(nT_c(a>}2=G3)K7)SOqqR!j;tD~Z5
zMo13_#wOds<xH$cgMuWmkVc|*nW1u}UWlT!m|Tq_qI;5%f@c!J(M8Znu^>tYDJIkW
zDGgKyY=GN~ygZjR?IS|?g)^5hT$&5iCeNA&suUh(pdM^Bjcp3eWiv%3_@$x68;b=Q
zQvo@8X^*&#nkB)!q@&s_S$h#z9Y$}sd!ZQGgXQct*g6fk0cXyUDKbJtw2119c>Z%9
zjh3E5i_wpNzyk(V!;idJ8ZDz}r_f-{wCR<-dsG!_4_!tNeSH{CrqgQpB^$FEDmFYF
zM&x<BwHaY*zMI?TB5qQA`N-wXEEScl*N6<(E@h+C15eIQ{f(5tP6Q^Df^%%$7Evd+
zDwoD7CSfuUQ~K1Zs#0$Jy%+908<(Uog+;yA3+~MaQ9iIjHvbqJ47d&EYN}~)$*Y9E
zIlr|jvL_j_*6*=nnC<=&!X%?*m>p8Oe=@ep#{D<`22hZsrGuc2qGcI4U|v&k1QbHQ
zAt@o60Y>+E(V@^mImq%0^x;*&(XFBGp>gBxKOTQ#&KM5gENZN%*0#9@;{VZl3Smo@
zj3IAaaZKNfFR#xkk+?yn(T~@Fh0gNJHm6WGjM`?qMdw&e!5c0ZH&vrboQX9qnKybZ
zN|BX;vl_Qn?Pt1T810<8r3TkClJ94y=^4%o@`AoP;Pxl(2^8KE2*8~?S3wqLt@oHC
z@vhzd@lIiX``D<yYkyv2US5AuKCL>c2T%bx!m=Kxqj91Csg4CN_HC8P38}6Sy8?qZ
zuU4+H!<H|}`Ow>G5jE3l=L7*cRksrGg7WXdz*BUg){WVFbFInnSS}b8v97_ckvahp
z+XybzS&EX!l4wSiovpx<e;Qt=!?6zB>3D6CI?$rW%XO$CrK|Q$P7L2pHZ$qX<Z2g{
zINp8~RoQ7Z$pS}hko7#QuG<CduTtO2F$W7(k9h}KdPux1kgezhV6>rnjUW4plsY32
z6j9?s5|90f)fA}t-BVI=eBRR$v*OZQ%iV_l#<lk>gs3ekk(0O0IUnGx<_#CH9kb)T
zkVw)>%zp<0>?3WP$RWa8Y#O!TzSGLR07Uh-k6%x_>L(&X)lbY)G3lDT#BIdxdFTP2
z4K#!r{%z-`&=e3#XG1V1(RzYZ^VrmIn~re{y{+=TADC6#GRT6Vvps%zTeJQXpTaR|
z$3Ai9({=Cz)xeH@nZGuE<5Ua=?|%&4?Wm&&+c!W_FZMyd=9^R@Q0C!9ktU$F{+#BG
z_=@R+AgVf1S+1Ayiqcwy<r|72U*$tO)fkOoz3_emiw|dg&@JY)0NnzuQma2_EHIKo
z%ns{vutu}1IjA<WTD?y)8?1ECbTLQs(r~LW-1#jUT>~e)hQ<C@VytrY3zOS}!m*D)
zeU#f@FZ@O#!XV;v-4bV7A7h+|Bxz2{&q_hsh`?u^!*;<tS<oc@gQ(j6M63Owur-LX
z!+oMnh}n%%4r7LCiygrpp?A*bKJE$;e)U^nL|?q%;VsN3c4B59hD^<$hC$Ju;LAa<
zG{`BpZRv{fL4%$Y1~M2e%&juJI&<9E{1lBp7m%BoP|_IBLb>C3_&?;3Exgz-o!<=o
zDL5b?(f_O#D?1w4IvE%_TiDtD?@DatgrkP#yPQI+p*t$rQzWyltu2YlDV!v~P9mcv
zq8brF!<lfw20^tvue$AAsG@p4Bq1f#-uy?AB3N;d;bX`cb0CSKNkTtl%HAS>>L$8(
z@TN=b&eLep1e5P#&8PO*qjo;@>+^#EnCEvh#g!OoM68i-*k}N*-1u!1uGxTk)GmyI
zH<DfiQIuJbM)dw9Lr8tlI>Q-5@Ut~$G-OI)*dCUFrehY|K|ACH1)069HjBtbSP@#k
zhexMl6Y))fdVeq^ooF3)e=#Io=&d&<eb6l$TqjkrbAHy0vg5E|bCS%gGV}1-ns#wQ
zHUM!pmz55aa>JZW(PXwcBl-Yalu5Sn5=+LezfMgW?%Dd5K@aj})u+^*F0-ac?x;~x
zX;4SNf>Udv_`Y2v{vLm&jl;-YbWOv->L^=3LdtA9LyW=5MXzv^$!fVVMPnt8))I0l
z%T#Glc(lT2TNcSJQ8i_uXfJNb)mjL$;@Ca&Kr?z1!tMsC(!wLw@<a|-JFhiLi97_*
zwZsBLeViiQYDlvNovg%s0Y2Cqbj2jJ-LSN5&ve}uodjUAoHU(a#%^g|l$AI;3(>+5
ztvJf!K4wAdh_GVW2nkU8rtT!GPCAed#O=-@R&$%o+Vf7Jk_j%mFU&;WOqAZQEoH2o
zL10$@aAYrER88I%l@*y}C)^g_8fQB{3$foC$JDh+N0S7*)75azjzm6ikcc>Xecd8~
zI}j;pyUJ?F2(i&C__fj`Qz%2>x$ywvkt1$>$#}ap`&QQlw?IvgQ=_p%fgdP~yIE2J
zkkv1xDIciGq2#4W;o^%7b<T=A0QS}tgU+45mB3wg0Lul`m1fc{bn9p8o>_M$dp2y{
zIf>{`xw?c@Ytzl7GObw}@Z};LM8wqYlRD_m-LiV~M%kUbkoBOA{6iBxWzb!^wc#l_
z5NJ2?o7IA3wFem6^Ft3?didJbs8^i4!1q)hc)3SYUaWy&k2Dr5)+_rEY3)g4Kx_OF
z8hyS6^?&W?d(V$yznLpxynwY+(KvsJKRg*NXc}aV_EgbazT;`cAIaqM4QOQ<O42Vr
zjpU%HSz}r=w+^WgSJ~nuZgFX6CVGajn?gh9cxGPGZcmeg5gR=Cx;`;)v$OKFFt70}
z&r>z@qJ2)t0PYPR^=#@0Srj95nQl27bFFCl9Hui-o6WfVo{)AEt_wP6bq(KIHf#GF
zCNsGGuDa=j1HJg`?U%8=5&4u?%CwDmQ2$n@l(kOJ7kFR)rRt13z3=hFZd~kRntcpk
zGsqu!nuP4jOOkwHS+)sCw0Y{BL<JqH3lRe`p3+1^BB=-I_d#B&CRRLNnM48`&topU
zDwlW>?a`LhsC6f72+I~?E#{UrxTWcP>X5DNCczZ|O~})I?%;=hpaEp3JrI;H!QoB<
z-vwbd?A%{*xgRGVMF`+0ltISqcibeAinnd7OPS}2-2}?lgzNT=ciw4>4n3@UWOn=q
z3vN2)_<!0#KX~L844{yb9HNr86-w5KC9i|7%fuy(Q6w&P9?1Xhh=}(<99r2Ao{~Vg
z)7^MOEAT`sWc72PgU*n5%&>l+E}4rQuR{tzrm-jV4)*<69al4ltN-=Wn+(4_JRc`)
z8yzWkFLUmG{8S4Q@RNV+tTz}>FzU|hq0|ta8|5pFDKc_x7u$7GYRHb53|(-0K%F2c
z@57y-#?Vn!Ll)l?f!l7sMu^@1`ErgGg!lLHEs?*QAkWAYFkH^$DqQ9~x|BoCUfWo~
zw6*STZjXv1-NF?#?H_O8+5^($5Fgk_=zVuw3s2*@tsvaI+QhM&9xN5pPs9818geL^
zJ7K>Hlsh_^pT}s2TMKw&3m}|q?$uf%Tcewlla+_v5U;N|dv+_jpRjmJ4Se%>JcjH`
z!zjWI&~nZSt3^f1i2?f`vTSyH_`oO`**(<{MwlDU_nC)1BA>Gq8b(6zo3le4JLl<X
z7uz&?xk7Yt;pDI0+t<Ub<+N|<@F9g8%kGP{4&qB~pijEsY_-_09U$IGD>a}g8sNSH
zS1Oy)dI_Is$Cub9*Yf8pxZ&qC3*TK!_6fw#^2wL(?B{;`Q`z0V>;()Jq^{8uTd)wL
zJ~xI)LH2`d2B`wAm}`Ud=NbbJ&c5`{i1e2p7g2G>n4#xd=79)CwA?d>2V<H7j_kd*
zT5en%dw8R?<6O+YxofL_drz;_IEOx0MF^N5JCJABQEx&m2ftQ#za9$7X?o2~=)#5b
z%o+Kdv>CE_ir#tZAbW4=@s+3i9;XB(ERw%K|NG8U_-yow!nbBv;XfN=^N*H5#opM!
z+2ntH8P&eW2!30vT}_d=F||VxBIb|<2r{J;!csj7fWZ+a?ZyptG3bZ0Gp8EQk59QD
zLx8B%RW~<Zhl=z|ma80qYFQ8xjs&!@Ha(R$UoUIcUpIHCZhZf~7JZMWrl&~K<+VTC
zjyJuow*OvyTwY%|%}9OuJi-2^z7a#PtX~Oq!KBh}lw<iTa?c0YB+TFzapGtBA>x$!
z<9hT*(8v#!&FXz2s;gW57zU;v1g;0f_^5ljx3>xi5x0!__YMer{&Jo-l-`;wxeB)$
z?0m=lJ}+HAr0mNOpAUe)eKH7Rb_LM%ZuB{?&?*qhInMf_y#awnFA0d=>cgqLH->hE
z`2B@c_$U#Bwmet<1afV+MQKlQKjik@33JeOeTSoKJ?)e2PxyF<7iGhatPC4!D>=&d
zlOmAN3Zb*SoRtJD>hyLBe-wCDvCo;N$E({_2Xq-z<S?L8L_<eN`&^T4&2Q`nnvSJa
z%xx~%1<_DV!IYA&Ba2cra2p1d_XIYQ*u_%W2k+OX1vDhlg@Qcd=Gl_q7j}^6XTJS5
zz%o@7kdQQ=ix39w7gx-PCDC$Tu-x9VJ*zLGTS7h5BM29%g3B7z+8XCPJ1}@-C&vuO
zk_iOm4Oy#s7A_vWjl;iOoDO?w`Jtn#7nE3yFfzUUJ7-SFN3?I=t1v#t_@~8beVuK{
zF#k_f0?e?{qFFqs5DCz3o4|14P1KzBAQ)#-3-xS}8K!G#o?s_i=%!+R+PGadMqLQ}
zm{yIbC^i$!A+5ce0a#fZ_8&MQf})1V<qtoy-9iuG>gyI=NM3v-M5~8c!pf0KTqZFY
z3<p*kXjaz$PQB>*gN?FM75%}Cv>^FW=&dk#>$wH}NU44}T}}m}M4^rtV;3{@VD3z?
zw=!t(w#k$}XA!p=6`$ddP`OgaB(1-@eWpRN&k#}~$^f2hk1l{Ao=<2&B&03*2S!*p
z2xmujzLA2R^j>7jTngO=bQ>oBSM~z(Z%AG_k5*114h^<!{mS5!ke@9U<|xym-<sMe
z9F{H|EfyBT$`BdzIr~I&TjA^wxHf@d3pgWpRiR(oQjMJBMR@}w;|$NjaMW|T(qJuQ
zC>kIzrAi(L`XtzF(r^dvF_apu(u3^wqJtU$u-mS0Gb9<bo%tJ^EQQ;G5UAT@+zwQl
zSxy|I>5RG{cvp5-x7OyBW_D{Ub4#^bJjP+S;752gdW#qQp4xt4#bE@NcX`a5)W8gE
z-yj0&w9MBf%*H6)Jx@gXN_UY#xtofRT*Hkb;Pgzcg~jJ^u=1DmklX_dXj|`6ZNQDx
zdxSn)Qwv+`_iLKI-*L9ByrR3Zya~{pZTiq8vB-hsWnSM}M1uXck`LM0XGQDHL^ee?
zEY_fkmdSSMACUp6TVZ|2*TLTI^MJG4M}W565y)1OXJz(SWDKe58*z8nYbkP59d~ug
zr6E66+{>g~&uuEeD#6Ydz>x&EqMQGc-(&&7n<AYwvg<fHqM4*=dG#bR7-~~lIz&!m
zG``nU#$DewB}s&p>G!^tR+wn3c0bF`KVtZ0B|&>ZSVH5QLZh184`XOI>Cl0OK|E?m
zD__4wm4219iZML~<R6Y*uNztX%bswvU1{tt8MaBb2e20z(BPT?P@?Abkt~WZTaIZm
zb&YJibdfUsnw+;0x5T2%LAe2QNC1Mny)NbivKxmCliAszxKs8O;H<C3R?QZ1^MV+r
z*@kiI+r}#X(<RT6QzUu2s1qm#c2(1OQO0AHd>Jz|;KFFyACb91tg7duEXPDVy}iac
zG@N`Hyja(tt&&rYLUM*uXIgsI(W+p?#O-8RACbua#MsCv7WGBWxYTI#e(w}b-S$*~
zoRHX2V{H73mgBTZT+HZEn%7~DxoYtT0_paMcInR*NBk43y}n0v1orRB*;U0cq&l-r
z%I3Z1l$iQq`uA6>-`YLc&%c?6UxF0-b$u=2dd(MTPvAWY6yCVxMdr*Kh8$~b3;Hmn
z-RZP>#X+x2RDagzL-vzUzAAhsC^<w9kY#er?|k@<W0d6O`Y)ZbzZt{##$+8)NB*vd
z`JnjDcNI-|_YN>rbHS7Kfo_@E8i{HfiPVcHb>utzQt(f&d|#-O_?#V?DPG0F;FOdb
z0q!X3&|q8(EoatR;Cx>esPh}AM~2SqIVLqfZEAkUlum64uHemY>I{j9S3e@@ME`~z
z#K0AESm8KwjxHE-L#{!ZqNO!CAn50DB~H605LsL6I$+XgS5h_hs{5S}<Ys^IQ|y|A
z<cB>e{da3_UPhwNUA(QiQL9BtsZR0IWj0T50!rKda-4>YN++Es@7!;Y)Swslrp+**
z72*dX;%p6oL?;j!=SXo*rsIv45>@bBZqE_)_+(U`E2#}3cr9#eGKHOVx4;%vQBuwN
z9RF!0YOg^xhK)p$%!8snaOHT*6@#YJ)SYk*PFzMaj)7T4p2O_{Dr-=OR&0%Md+tm0
z33R{})!x-XHxQ^E5?Y5XCUG8G{s@WDS17#4c=k&ICKe@<JZw{`?Z+tPYtxVoZTxBg
z@`WHfmS1JjrcJ`%(RrR<&^o5Byn-k3sN<rnL3P=em9L}?mp8dGjbwVJ2gc||xE3QE
z`u23BHa48OTc@neJ0*t2zdb-;*4ksmCk~_YCHomrQZ)4pi?idlX@(M5w5akLd}0dC
zI6gtXvW6A$J5%>Wst)VD<_n82$TgJGb#=Q>8b4M=Sb_-9hz5`4FK|LrIjhl`or1t_
zIO}*DWhF@)b&oD;Z$4C#?qRdTdx-FSz=>#dKp3|Ltaa%MYIa|M@8&6?M|kY<YCQ2j
zZ7Rv?0`AL0ZLpVDS+rRLmIM^kHwRY*fsZ+%R3vNKDp`L1S%$3O1fP{Xh#*UNkX-IJ
zpwT`~5VXQ@!s<C^sX<TpG&@<MJ1Rj?TVu2#8|@2h0j*`MS;1Pti8|&n@<QQzhXQ_2
zmwtn(>DSXR{ThM%l7;!oi}qWX_=UCC+h+TfXsZ2-R+zER+zlxdlR83w)1T$wD(;U~
zydu=5Ei+xNPyG~qEj!yW{Cr4XXT(dDvn_=lYls!<onL+Lrprdf9i#U7uE;eP`IRfx
zpk4NC5#_gqVL+q@y~5pag-EgDPn`z<iI{%;#Xx<9^L)jjpu%D1ss@u(e%S2yAgp7*
zf8n)nKC8$B%l8h(|GTKa@9Z4S=nd=*jLc2woej*aEexILotzD9jSU=)|9L=fWM^Yz
zXG`yH^FN&nzI_wfSiWtd>c00zc>c3L5^=Y8RC2Mmw{vv<zh{ohR{s!Wc^A-AY}Iaq
z!{~**lT@)hpzm({^Yp<JiGWdLLN3))tUEKeC?9HH2;L2e3`qdjpA-k##gxKq0@J3~
z7gJeYSJ}+ZSF?IMJ)oHU{X-U;j1JIl3&wBFdk|Nr4t>Hf5Y1TgrmI7cqHvq+45mbZ
z4k+mO=3h{ti4Y~2nnI_NT8vqg))BP*ItsM+1<+ZR9sz{3LRv45&HGGs>_Ius6)_p6
z;--I9F%_A0C77BpvMRKzRF+NZXqI)#$9c5csEO<!y6V#uab(9BRBr;9Fna3PNz@81
zxXuX?lFL$r<>z5GpQzAkC(hAQXO}<n)bD-h<&$J3#mpF_bQQw+X(Jtz#(9Jabd4}S
zFpieg1Z}!hW2CyO{b8->7|D&Z^NsYNMi1_#8eO#BCT=T&m@*URfGqUENU|YMjZft(
z424ExE))oxRZRhv;4N8BO{k^t*_C>Ov{_=M!PM(n{TeXGbNvkOzmDr~5Mx<(j9}y#
zjP@u^;ifd)Lylq1jAlmW3f0belKNAq(RN^cdJx}=>`;sh@L@6@gM&9tNb0|?(Xl*Z
zM~K?0sAX?6$|~!z@FY185*MP>R1U}IbT}gXT!8X6I&*j-kaZL_D#(uYvql9fP<#~H
zZ4lPF4pm-=nn8jYTY|I_rLN0o8pWQCB#CP-KUK9hU`X^T%1bOIYDHZS+X{O)QJpP(
zzI`{jd@}Ezl=L}Lqh)9?lr}?EQ`kZ5wAi@;#hxdA&KaNTP@ZK)r_{xj86)TnI#<T@
zbJhW(qDEY;Frs$*N{5RgPb3M(*NF$1>kKiGER9e7-%3}cE6GIj2vbk`L?dqTBSmiU
z4+&P0`cebMP+WNvY-MGq6SAg~H-17^Ut<JXtM*y*tzd<*<DP<OvT=Ix-o?m=k}L1v
z^mp~uz~+>%0F+mqtal{9b^+TsOMsp*_1f{A%wjP3rm(-O9#P~lMLceBBSo~;3E>W%
z<P#TEO5O*`$#8U-T~Ykew79tFyEMCDRM@2h5nbYf6|w`VsIaL28@BKQz{ejxl^h8{
zeaifi_Vk&~kfS%&lHr8jXOt^k`!Mkf?q6vQ36%7m))h6oS4-bgN~!;h0Ps&*i`qGg
zeCPjnANGHfQN>0LM+MQ>7Lo=E1{nHfep$1Mm1e!!PB}jX1THuOgcKEKX@IOfsCe9V
zbL*Qr>^B(edmBmcfJ<4;JDOViNfFDONeU%VF`AQ=?RC7}KFjQ6c63zxJv{=h&%+yO
z*s2YyUt)?f?f6y|)#fEmBw=ZTM{9S@5F^DtbhsfPDIi&PGujZ1Km-u&WnGU>T0ax^
ztnraHOy2eM+YE<>O@q}v#Wdc4wUVD|75T*8MAwwZ|MM`W-s;3-aN?A5ma%#>h`-as
zteAREYmLUkR97yeMode=&uV*OqTzQMhCCDLXnYES2{-2lU^ptL8RiXSE#7BTWr3;N
z3dH6%Ud8_gmKJ6xp@bAeGPucEHOg7{EtFZ*cgbFQIdHhH)g}Q)&0D|F+_<Iq3ah;<
z-PL7<xvFZ<*h64;H8{ZL^pBu!ZgVymRt+X@n4+^Wz#fuHnGP!IgCNgKDx}pXRq(hB
z<xdoiXNgTb_e9Gc-B`o%Xp^k2W)Bl0L3!uo@B{o7Js#Q<K&r-;0=~G<e!Mk|x?4Fe
zw%^@J@MWKC+*I>OI`U=zzH2_GrYuR4-oRuWXI#;MK@NR<<}uV<)|0vAk4m<6d@%!g
zxU`b%`1qJcBK<Gb&T*%Ugosu|wOfc8NNvw}FXi|_w!$>3lKR4ZR9&@O#3l#qL1<_y
znpLWZmn6wrfRz8jg@}e*absp`PR{}Qqn2&_W+j=}?&`(9qoJj#t&xF4a1TznvZ087
z;Xv@{;sMq6kOmq%N7A!;QeEXf=y#tHw!~DKSmir%hF_^v<r~x1_XmSY7`S@v5pQKO
zv7Pv_$i@k^T(RDqJ1MxPAU<&^DqE5*SLgeT<}T#m%V1#1F+Ul}L;5e*v*cvMNktbj
zO!A68&9?PIfqLdnR8AqacKT7y!$v5699xB4&EMCQ%fhdXXzuw(nB}EZ1hZt%URs@0
zLllmUifm0@4_;sP;s_=q+w_Dtad|VhYiti@D|e<7o@B17nWA(14ZB`j+tv=9NBh*y
zc&c|2-erDF!WyrP;I^}mc+Cldawdz5fL&Q)PQeV>!n}GN?%ywK><i+qFOkHUq~)rx
zH*DLtP&0tNI6scd1>ix=4L-ryxt5ZTfE(cT#PzZ#FuWqlSim<ff@{y60lG%n=6GWe
zkkx(E2%!=OmLm9Y?vk21_K}6oJp|W=O{-lP(}hD43F{eC5(e)HMg9cdYazhdPpgVF
zqR=lJ?GBm*zQTVU_KjjJX%XE$-;;^Br0ftBkNJdp<bL22de-!tMHzyh``gL(_G8iK
z0pQ=0ThS#H1UjW3ryGDGj`$>Fm{l3+OmkxtXR8mZ79&jcatevef<!_g2z6F^t$s=6
zb@GMVCKQ?i2v^pLiwDx46N&x7zjA_#;$~j>SKg9B!OtZdw@2?-SL}Bma}BwxVSu7a
zd&w{mbxH6uV;<hlXx<a1P_%|Ge;$r-okR_`%WgfDdsOa7$ZBnKiAT7FE?I^ewnc+5
zaky!ux#Mhpx^+SOcE*uP38yRzIktss*byP%FuddjH=~>^!=fTUUZ@g}GFdV_MYBm0
zj%>(}LI58laGqch>`%PNklnAG$0hF?<=s@0UZUJyvYnoOpq}bNtSWSgfnThD5&nC%
zR4Ib)u>2PI9DY|!w*L&fNSOY+P$ug9gId1Fs1+AaN}_@H3fu%L@<FVR;6SnqqtpvX
z*DG9=Y~<6dUD>*pt`hu#3y%N{5$t|zdKwoctx*Con7PfKd1tfkXD(uM^?E_o#fAqs
zj%d`=j+X{$@c&S_TN6f;^U&I>?=Bgl57VT8G1Wgc8G(^ij-Cli$i32PFvp*_vYnil
zoOhZ^=@-?hV~E@RkfDvM?daLQY{KDMSA&yta@?h;tszQ1*q&_SbTsl;WDV0)44&Ye
zpD#-}W;4XX`NOWVc!)6%wSL)`y46CihkHf6&4Ht!K}9Ax1NB~Fwb>_E!GS35!VMxv
zFXYo%It9Qv@Dy&zalyl5qMtELf2n6{&iSDfEP#^Gvj#3%4W2y)nAN$Ok(AUi>5hgv
zw3)hL3GU+m<7e4eAD|*Cfn%lKYH$z{jXVKjmFgm|pAB<9p)N+A!*<63Z-E(`6rZxu
zORIt(Zk5ddOLS&u%V0(hF9B$k*5^^Cm3b9)qcm#aN^5u)<9D6K_#`y&t4?9_F||;K
zV3i;s)r%QEJlsjeTZ3J9OtmGkVFo~gbTIhpc;J1U$?NAcP~bSW{YV4-q6XTccFj^P
zY$^dQex(w@c|d)bLYw_*UL;E?zK1=Hf|>7;?pul$Wq_85x^`@+JsJ(h#fr+p1glIW
zpU$65n8#A$khlozDRYL(Yv(8QrgKXyIvZC`ht~U3s(;n&knf>im1y(lswqe|pWKB&
z`<50e)TTrWVw=<f{?#+pHWBMN^Kh{oCih2VhmdG@7ytA_S(hOb4%fnUk6^sGx*=qx
zXw?UdjoI7hG}*+DUZ8)k-hUwc22((@)Hm`T_(tBm|Jmx5R8p3fwKF!6ws86v^#0c(
zPPegW)uB+P5P=RTdjQoq6e@!@hZU9<ff9dkv|u-p>9krG319hyvhCg*fssKCBonoJ
zBtNlJn3Y}$PQs2}yYSBOIO4sY@_xPjB>pX>9>w3^7U6nAC@qXMLaHDgu}7&O9m+s_
zHc2=Y;VFyyide%SY+Y(>n<27N&Nu`U8$}+{bD)XV&FGq(f0<#Tbp;|M_jc%Pnn-A$
zhzMIBV3JwMy+qsCVqmQz?e7#JYO+wKQE&|hv1wB|6GzX{++fSY7O_!sh5aX@S!LzC
z#vnCHQv&uxq*T+z+NV_$U{`C0s%nuKpyDQ>pr=Xa%cZg?C9Cpm7L;c1P^zkx9I#Jb
zU{2e3qGzz{8cYbtAXeh7SDj1uF%}xGn|#}<7Bdz$nz@DJ;S<5qs?k6@S7oY31*h#a
zzG5mf9j?k~@fv(I)XGb0kZ7bz24A4-++azVk!SPoc#L9-sp95tE@-!gD&)rBWZt~|
z>#TkdP?V3N#_IfYWbWHn2AgTj60@HZZiS)N09Xiit9lb)4_p{zp0f})QWk>S0NeQG
z(ZYn+pvWjm%9Z^fX;n(h(!Iz4BjkLJHrKv@5RaEk)yxeLG0F0r+<gF!zu>O3zM_4x
zI&;WMxP|WX{n_U$Se$2zEyYp*5TYGR$zvM7cuezxocnP|dJmcus*IwMF82pMJOl%C
zq8J|OP<^@wSk5CGw2AlF`s?_a7%C7_A(6NbZO9$*qYI8WOP9X+*j-q1V&0UPgeaU3
zc{5lcOSCsB{n_Lwe&9E`(_G@~?*b9!28oimByRo_aS`pJK~_b8EEU(>q|xY<_**B5
zLkJ6tE7qOstE5$+axLp+!r!PHd{f6<#GXPL*eH(?*jPAm`WmpHDBxQ1EQPUjyT9Ms
zJ@yz1)=qKVtV0*#ey_1IFi{VBGIs*>^6sI(4w0qyu?Ui<3nZ2U%(VQ=Ma34-9~u_P
z;?~o0)^LLy)F_2wyQHpLotznni+(_lC`7g1GB*1ow|hox7JM>;9_wOrC-v@49<e2#
zC9H)r1VZI}l8*|fzX}Sb%ck_?AJ%yni!MM7{JDNVHH14WBs7Uei5c!Ee;vGyr<{)(
zFAnSdJ4^pT<bh-CP{F`JK>vJag#Pm^RhKt#HW#w9{ihjscKR=5UaT-FImnO7tMpgg
zs#%jjr4mNK9PN^#<_v|VgCd`bwwSKe!kTzoI05jcwJ#`t1Nu&JD@)UXs5aBL$xTjf
zHnZ2`*VP5Q+Aj$Kaio~WF3%7*^D`uvMNwVafHIg!=<dD9SJR3SbsEQk9{(lq*pZTl
zy9+I4njUBI3gxmdK8DK>le)GQYoE2(jQLPnY(1L0*6If>zy)eNvxjuE1rpbXz~6z@
zUNFRH0pU$M?yB!d@<FE*=T07K4Mji>bn}jPHZ?xjv(dzrE(m+kyPT7X1Y^YiPmH&5
z#;1<{npuo*-c6<sz@h<DEXCk<))>|bwAl8Ug8)7>dCyjad$U}%vTK3GgBp>k>j_lu
zoW?9(G-U5aj}Wt@3F``a?f7^LXG0OTxZxF)O=WlN^V80_J6a_pOTejEd>z(>aXl$M
z4yxl)(L@;qXI4KJa4f;~xaco4R3D7%vPO?w!XUH6|EZNHjN9#48>aJT^zPP-Bqz>0
zYI{*}{A9(3%Z%uCP42%(nZc*zhxT`r6ThP@@c$WQ(Qk@~oukLUVk{#C%82N5+WH;h
z>U}_>4FZIKe3>T_^aPQm6u_th&c>LX@~^^*UvX(bz^^_6QnC$A$x{iZw5cwSdot$N
zH{UNX`yd?{4eKL?mbd{`{0$FfNJlflh?{_)I@K<aOsN&4P?9Zi?__r!n|6&gmGKSL
zxJRyO^wK=w%zOM`V8<<Yf0N+SnRi)?ebk&mv4f<a(sr1ET#}9{C5&c^SE^e+>?a2V
z5;^nl^svFe$8%A_^lLR6b63NLq1f>)<H#sw8a1iz@U~G)Tuc;>=aSIkg>rTu=&#%F
zLTbu)2+iM(@B>h?iv>tdvnGs@35Bktj^@eH5l+36EoAN0bokz{*RMVDHj$ojCM~AL
zx$@;5MJrwEVxvA?ofLnXa<8L13qQ&{WLL)uY$rTKw6ufq{4Ta}5bUdX%KKogl8cOO
zE*sY%5a&f^5`A+K$mc87pGK90vO4%5j>q_+z&wHQKtP<NKtO!|pP~CVZN6LGOJ8Zl
z<IAVzf;!R)b_6ps6qx*XJOMPAq9J6zJ}3k+cZ&m~g_!Z{I(jmx2!ee^RLRDClg@_A
z<$MT@vsH#zXE9FxaELo?zD{DbRpuOv&#zYJb9|khSQo9%9nOSWQVljHo9ECO-sjD0
z@11L}oa>XsUhlU;AhvNr3`zTZuuumDIJrs#ML560kl3=lLRoF5n<$i2ofk|#+g&>y
zhFd7|9G87gP`~2=qW5m1_ad0D-*V-93zjcY*g5Ps0sho<%6p9wM<N)Zv+Xy?eAh!5
zSugt_-cWjMH)t5kyOj_<M}o9Hw!1iV+Oc*OdjbA-?RCIkWxAi^eUlM)8<sC-<e$Ug
z&r~rx4*PmKFYND~{$KV6%zXLiy_F$fEH}IuwgYBx-aElIFaG`nDZ64X^+aFc86V1U
zzmx`Nmu~b(U%)>%g1`E|uwRNjKPQ5DL4<<n6?X@8DV3Q+u_MsM>oG$(mZYG-BPQd(
zWwVMS46zk0#{`=-O~;6Y&|%QCZ$v<Q{PUJ<h6nmlRF&)U58AGS?53F6upgpCyl;_a
z<LP32G=etTJt&awMnU)HRM@Yli4Kn<>{%GHrdgV^WMmZxcgoNrU*4B<>?v%chr!Pm
zgxB<Vw`sT}H8I0Ah5YL+OgFgS_Y~x4knVyC2k{BY#i~%(f!IZadh(9j>}d8m=NyYF
zsg0P|XmJ|6Z-p1n>fdoY3k-VEBEba*K{zLN^70ylZh1WlcbLUFs}1}N7ojOhhPgrV
z`MpbbTRM26vr0MHpP+EP1_D#^s)!LAy21g#)a#Y%P!rq(zIyf%E|vf!0;nOdX*>(E
zu)iUJ{{Cs?=+D6rJ^+E{-TZRVLBi-=emT3)lpQ{7D8=jm6c*Ed#L%mqIzF*vK^4Yt
zeoACtb}f%hT0UU4jwx_`AL>nTFek@73BM3}rfj;=(p}X7=bY^*8<p)WU4RGYEbFRi
zZ|ablIt$mLCCI+PNzh@8-UBr*L4Inx)tCdLwF8#N>BtZY%lWl{v3R5-$_A+$yK%w9
zjR+BUkqQ+a9v0xPR=Rb5KRO8LY!kuUV?SJtLzUqW^4}9)EVW)@J8C7eEP%!aG?R&n
zU1u0dvm+kTtZ8##Vxm>eyl;AllZF<HdsEiHp9j%XoYZDw{kEXa1|6mSMVljL18p^*
zb}Vj*kdNC+6rgpiw6Z?3uSy{r#F$ct;$Kv*vy2&OB25c}{*q{G6{}U4erhyHJHLq~
z=OMm~G{IY<do3YMv}dl}PB~k>AaICT2oA=sn^>;hGN|#HHNgs{m$f&anCj&?@@hjh
z*J?Lq@-uN+8th=)?Tr#Ozl_x)X<L|K744hmMO;r~JiNc0*G;0H(NgY4g3VWc7DF`v
z?d|C}RM;bLO@WK|_#ivY<iQQHo?lZoY(%r@l^W1w2tSMo<*z=WhaTISu{lg^0-ob<
zB3)=(?IuMt?wfao?aivEg%Jc2aLzm*-=dEd72lp3N(`FLNucWALpy6c<zS4tNP;YH
zcCw5sZCXBM<Ek4!2+$rtvu>swnZC>yC)!4l75-T6s@}zIvRb)=E#ajVn=kx{Cg)#Q
z+Rg0K%~A3Py231YNRpWV&QY^I?5Ivzbg`Uyq<xS;x>>a5u%>%`;13q9SmM6Xz(A->
z7k01FKqxRu?GO@5Yh^xxm`oRRR9~^p)~II3Gv3C+{-f&?{>GN;lvi6}AUNNKKFPF4
z9FC&x1ai54(`<HS5V2Hg+u@0pSxySOp3{A~a_`0v<EDXlG38{@M3SY3?F2My)lhdp
z$!oU9)RM*HdI6v=fv{5gh0%Q9rEMh+TS;{id)<HpKbFOdC!#0(CNl{e+x!fc0!x|P
zj0HCar(rosvpr_TpU0{*!LxfeMeqDwQF<8wcF!%hSo25&d5_48M#Jln`^7pziKN6P
zj@O;7>!m!*Xj0g=BtILgd6sdCvOM(nhN3a4-g9-ssjafIv9q=MQQb}Jde8Q{e*3eA
zO$b}sB8g1kvMF;tP{3*x!#W)PoJB5jh<$IG41e(8Vys3nXdWbwZYOaNHFmSlY9%YX
zRK{kEOo{CPNy#>ew!~VcF>~<-n$>!cIAqgWveDC)-6V9Lk(N_y5NdrTNz1tOZnipL
zc!9tzbWmVYjHk0m#K+{~I)%5S2^y|tCCR5jug(MiIQmXG7LC1F2R_Z69e=7XfkvYQ
z7Zp9OVvUN*>j3vr*}*HJ-=#X020bO~2;F+3I5+lp>0@Cnub3wn{P*-`gUBt}_Fof~
zl`ch<#cqC<$$u!sD0_Kl3+*jxK<ns<OO9-p)-;2v5-$l&U|o(_4xLETZ0|8j^=vg|
z-wMtQwMyw@i{BTIVIUwhZWgz?vK$*;%8vNVl!~8fyQyFWf;;Gp+21!ad`!k1$kkcN
z{q+szRTiG(dfIVP9+)})RupK~T{dnT4m2{()Ig0pX?&#SX_jSu;GSNdNDYAs;Pa(_
z<up+*EFXKpEyqlS)tBoZzJXlsmeuqJ(7v*yVYz5AGgdK9=E~ze{J1xWb3iy9qkCF0
zPqga1<>j&Ky8Oz$sW7|LT)P+^9Op2CSo%{%O@=~U-9R^)C)xYHcnC{kSp_YbMOxcd
z+S<9*8H;j06GV@hNt(0Dgzkkvu)eiCowmBQwgy<<H=(?BZE0~3;PqVhT+7v#!jltQ
zX#dN<k+ZE)@tnnGQi>ZXwgkt-SkZZ;s&c0J_@xEPgZPNOWFLYV-p@}ns)s=(%Kaj;
zWq_J|)w^PbH0^0r(an{dFe83{_C-kTD6X~=X)l>Ay(0Hjm{&<ltIR&?Lu5udsEI2I
zrB1ac?B9V7<b9`@m)lypt(WY13@-R<P3D~Z8ri!;`FPR{+z&lu%qFc7442~Yp6eNG
zi1t`vmyRb^u(k8^#Dim|aO~1{x9Wu_s+6S>DQ5CprW&cW0W}#J+y<v|B1-FtxSPr<
zk-`zP0_2HKA`EC$2%wom6r_Z-BO&;a>!KFAt2>Oaz+tIxe<3w^E4j}hi2Je1&j}sL
zJ-#ubXl7L2Sifk2g67B?B@V3uCZZX+{&rkfuzC6dDftF7sl$s=w>w8N^%(+{r0ckX
zvd5Amc?HbLX?{k^aw}O=LmEMuNkcfnjkLsMWh2}iW+5EFu@#?m1-Q<;A_zICqRmsM
z-!8|>kO)A<`F6<4LU|iVpNnkF?@gJzCYw?U@}<x3<wH0TV_jt2Oa}FIV0&Qy6ZEMG
zEo0lm4&F@(>bWL;0)8byb5@(%w|`GD8#Co5AMJ*G*I70asC>YJeJd}kl3}fqVUMsN
zD)6OK@k=Q=z*+@=JU>E8hejz=%!MDgl1_hIpw$Q$?P|b*#wE7!?xJ5p`H^|ElHMZ0
z(NHrbAGkZ_eu#4>EoXNHMtY;PxleMQQ(koCJxBHk`JL~RKe7kGPCT4X8hY66k(0&`
zUInAh5SJREV^S@7WlW^XbyrAzMs5K+`JAL(8bBaK$rpp>zPwzMgm`6^K&7cW$e|dd
z9Ipz@%Nox5@hAwIj3KLEt(Ji|aXnk$iroBRIYH2?y`s$$e*U*IlB}*~?G{Y>k<I^c
z8s37g!d2QZkjPa!&lVR4hi=dZJ2`qOCd6!4wQE#iNBaQ`-J$&F>vo@w$O1MC3h50c
z_7U^qk%#gDc*$qvYQ(Goj;<g~PnfDVR`(0``Ja{3YP$v?pGg1bhGpkpQsFo-H=*v4
zGeJtO`dI^7STqG@c7p^8x>%D#8@HnmcASyp+?bZ|ceW$ByTDgI7?jDct+%5vY7@G(
z2N))`%&-?KuKMg1eYUP;V>Pa2bGFi7>q#F=TO7c%Lh3rcLJ0*9xS1v9Y*raK>9|wz
zv=4&Kfs0zR6?W{WcC~Gb7iFfn+f_7fSkt8niaHOl8T2wJh!=Pr5E*YC2+86Z&p;}{
z9D8xd%3<Ny8ey80gQk?D@a4jlG(x#Fqj(M2#0?Ng8j)pHgS-v+rN*FFiCkSOZ2Q^s
zWz%^1<<yvsR0w#h*0XOHYml)W3oK=Uc66rKxsI*`m4630gp_gyEW3XAl?*;bT~;u+
zRL<<qHdiiQbW1M@ZqTwjJo>n^B>x}M-YGEBcHP$Qq?2@Pvt!%tsAJo<Z9A#hwylb7
z+qP|Vdgohv{(G-A&*uKm>bUBu`+47Sk8usk=NoDH%X0qE%l(yGM4*F9WcH#XP;q+6
z!KEUbcHb%`JIP_GZ`B-?Gn>Y14t^lG+-DSB!<gG;jMimJAtcH%Wr#$}8#bl{)aZMY
z!Wz#^tgr+2)SLYU-+FA2BerqE%KUWE5>#W^VwPfs=i*rx)P-tA`$g5|+2axkk}iT9
z4*g#4uPQQo)dk((!>F{OLZ&5q<%DReI%q0UROMEWPX>&=SN@V3@?`IFwC{B?@O{L1
zD|A_A33Rxz_zx2FZ$&X6voZS)sIFs|9E3GPn+~wHaUj;ov`Vcx?$2ObHIbj+f&Tb2
z)fl{r#Z-DKWRWiVDn8yn&G~Sp9vO=OzSh64nNKFDR`1>#uL>8?RV+lM&8aMk4MlD+
zUd9u{;ucnw671PnO|qrqm6Z+!jwZ}$;zH{bwi51P%j@D63S$e$ec7|6L`D!4NDm~0
zJmOBq=#aZFLHp-}ZtZcXr8+fM=Clr~>Bi(Ojuc&>(`L$5T+WXRtcVxyE46(fQeR?^
z&Brj*d~}Rn-NO%$?`imT4f4Ig+Yc&E;%#?II{+ZBY<qWj$ywKXKCk#&blby$EL%c%
zLOfLbefxKYnMpZ2nIEVaho&tw{KJlSFqi4gjNXn(MRcC%&8E-HD10N)YrPFW)ypH)
zinVy6|3+BGoUiISy3EpP9M458p{<{)Ufi?`M&-;A+8h6#Rq(g70jgbRVV#3h*I=KE
z>z@+w4RjH!V|?8X^2+7&&0*5j9@rO{&c2^YCIAe#9hw%9NN6^F^WLLIU?~&n@~DnU
z#68uYVA_OQD0hiw-+A6eL)>B3`|y7^=DzHGK&^je2phjLgcARcueUP#*2a!s<`CmA
zA<D_v?O&2{)mMrT<trf$6mLH@F_+|6Q0esp_t;V>7mTDpm54Mi1B2fEX_G;!y>by^
zG><-gOk5D1C4bAZkLF?Q+!%(3pvtu$tojM<8}#CpVVw><g~iZ0ShwB2=H<D*@49Y&
zz2DC90jb4VMq|;J8;T8phE>@I!A-bzgJc9x!i3is7J!QmWx(!3A<RV7u*V`7;y~+5
zb>qex!XoM8h;%gItl0t0hTSJZX3AEOixH?hF%XCRb88{>ld@l~7Cewp3wb(GjSMaI
zA6zD^<Zq1tgL8A@lv#2>W)NK6_*-K2q4xY7#N)<6ZT4w`T+?==^s`^kFURrJAieGc
z7LtV_sddcJlHsTeaqo?M5@bg*Crhd6^u0|Ch)wZ?>>ma)Y(=L4=C2e&cKyU{X0oF*
zcbRE|V6OC+v(C_x*<6wvoga&vxx77rICA9;Z=KadD`0g)3!>o1_*6Kmg<^;%3%9d@
zSf9*x-`r&)x@$vm)|sU`twDBLrTu6oQg|Y#@};p(5-~H%?;%#a41o$Prv-L+Eyil`
z(#*N44zX>gsLG%y(%evrS#5I3oZb8^zpW0onWPX25Q~Y4R%EuM6Wj@tM@vB(#Pd<3
zIB2N$u@-uiSS5%%b;W?hymN=xQbMF^WY@b@D8n99<E=K6Nv`1UXp?4fwLZ$HN*4ok
zQ0poAu<FTib5((>N_^HUHgP6*^EK<h{ompmjhLik7Q*zLtEE}Zm1h3vNS6%rdh}(r
zyJBYPPMcCS#nQ5}t}@rBsGV*m9L1Mg&9*fr^zusLF!Iy16^rfdZEY;qYKn2a%23YK
zX>s4`wLt6rOrW&Qb<0PH$orM!h7$o_RZcC%d*(dE`|4=ZyY5)@c0}WeDua=BN*zHd
z#vS>4${l2RKBTEa?(-56OBMXhl`KBWbi&FV(d<ec;mt-JReN~7E4zOU#Znj@y*}z0
z1>_SDC*49sx|$Y~m4_BPYz|debb7^g$JLh-JE}2H2j>@w-u4-Wf(PG@=EU>ELeG<-
zNP?t%dj@D5hIT|$BuPgSJZuK~r*ZBoTOvAAq9%<Q7po{J8>;3UgXOnoy=*2Ycwl@R
zEt4fNQyZpO6OMgsv0Sd=Yv!`Mk{#iEeuB#QoJKR^Sto8D)(^w-(n2mVWA&SyM7OsY
z|EVt2A8|%6G2xUQgmD#03p?N<-lD--f5Ece>$%)P*hAl?a-5C~v83LHC)~+eY}yJ~
zX!DC0pat{!b)z{(H8a!{g8hp;U`FnX{dq4<yOJB|;P%O~z5T6<>P3mi*V>rJd43*W
zsbKiNu{HP76S<u(|KM=68*GyYg^#}^tM<b3{rfq(Tw0jYX26G~CJ9T-8BS>gg`;&`
zZMW*NMz?6KHU7De(4^h_b*WWO<iZr1KqC_vgBYR^80vnvzdp+zM>saAfIS3na417a
zr<mKfg5VhuKX0&YA-7GbU4bjAQaF$O!IAC$M2xVPP?sbxvdG+X=v*`cv#?xcUxKG!
z(}sVng-KwWw}&90*k}4Ce?v(b31_;Z#-G8lg?$9+3)x*AWpx)7U3jFS#1dtTUsW@3
zN3O0;OzFF*8%*o-Yb8@oYn9k#v!99Rl<s#(i2!*Ac>EwtwuL_I(LD%U1>!{G{0mdQ
zYVF#wYGUF@-@FQAn;Rp)T65BAbDoQLrc1@ai1J=yR-AA$NKwtzc%bR=XmhjwxJ}zp
zaueh6acc|{ad!&j%^*I!mRXh3+!QpzsP~^{xPDsXh<+JczY;S$&iDh)a}W6D9yutt
zAd&2m{V%cBw@BlE8O>Y$S@?RHUlMa-r_FA`w+2)2m4Bp~U~BT02P~A{mm-tq&?>N=
zE28zwpYe~KKq-)k!OR>n;yz>;uUy~MF1HVOT%Q)z$#)>VMoia8axrPaB0q5}T)?~I
zmF4D`qiP|%ecyV)yVC4IpKE1x_{)=D^)YF<&I7CgJiwjvt1=x$aR}BJO#I-PEcgrZ
zKgI2C|1w+KFE;xe;{W><qN49$u5Vyv{Dm2@wfaIN|8JGMO4U*kXBo>!MNFfPW+*OD
zdo{Wj!|GQ^)I6JYT|z*eRjn~0aW0{~1$`|9(k4w6q)mn-PV;1u^#+@HR^jQOw3G*V
z8SS1M*_4!NdYaEEy&3<5r0=gTlXN~)*Ct4HKToXRrqiCh*MD$7?`od6e%O6uM|0Y@
z;%&<vPleP|5Wp)&#pEDQHm{qYAR#xNSlVYSG%7?Z<-qy%+pED~H2kn5fCm~R6*?kS
z@rL6lcqjN<7m;5L#7)z;Y{;F_Z`sIUB{(<EUc`Q;V0LvN+XKy@FF=4PPA$$f_)W)4
zSMCn?OSM`TMo%P&mO`!`mEZOFi$8#1%uQTSNG6BvtpRI3m7TOv*z}RpTZbC+wKY-S
zq9HgFUDt#|?9*+#ZX``@Z{oyGNpNOwS;50ZLo)T%$RwR6>VPiQV+eO%QADUOWOt-&
zR?J`^X)QL41UXQM5hL$maGx%B=so0Jrfp}acV%ZpLdo#&%uIN%F*WuNB5zTme!2_(
z#0iqgAEXx+y2Clqj8I#j7pPTM5oFB2D^s%>?ug%n#}KEC$sZR|vt^-I1Ux3wj0E~-
z&Di*>PC30DhGwL^xsoy|%=%6#dHG2Z*NoV*rc4@Nog}!kF~j*#mnYNetMv<Fr6;l6
zA;uFj4p!Z9<clR|#*$%P0oiQOJYzF5gDt!(@<@+);p&D8Btyi4-Y@)&mMn$@)G~kx
zS!_<`v`M*y>kbaNJ|L@9tQ>#I@nyeivcIKVCv`vI;BKh(fG3U;X+E_`*B-(67rP9O
z$*OmWO?3127gr*n3@f`WO;D$=tK1`%aWa#whg6?9B<fzI;O9#biErQsBkwvv8R=5a
zBwsRWTr9IXvx-zvIgLy7XANy~{l_5*%Q9qOsb;vmBJ!$%&m2cODr<w`BG)-Ov=VOL
zIMvl4NIjh;YVvS{_><7q<PYtuWoD;}MaqdK*j9~W+$O<!b1Z&^TSG0C+XyusG)deN
zl84V4Qi^?6H2&UmWS|naPfMzlG?vr><M^@`t!{-!*<$7>PE7L>Pg#lbpzJMk-G|m7
zy`B0H8d~>&IaKUzNCdmR@=!oT^9?l`g1%OtP24-aG)l5FMnsy8M}M6`aihC_6xmQ&
zgzi2&@>6wxdUK?;_fUX5g_`<m6MR9oVdsVVa$iTb%B|*y%+R&+2S_CH+HxGyJ&VnF
zXOyeahx{Nb;W99K1CXbAYSCT*RJ8vilPIGRRgxb>igjJyLMU;~t7Rg2v0Ed`a#3D&
zWA>%s{f$|jj8oohtj-af0Xn12wz<sq<|!Xj*MLp+t6_0+O^7?WdWu%91G544rfuaL
znkndx#?=fA_IY~P=J=Vk@iSJ`5++R?O{ojUC+25&4Ss-$#Gq;o=3}<R`KTWiFIiAP
zbl;wdH43N<i`2ffbQC$NhB+wFfoX?X#o+Q;HNGc(sOL)e^ZQ;qy0o-2<}#anGo}^K
zW&7o<QKB9+hj)t+xFuAj;!UcQnKL7Y)xP!WoJ-4DYwk)P7Abj|^VMtgaqUD$r`BGz
z#q>i_U297%xV<ZU8d=D7BKf56GWRgsm*er2>$6*RPuAEPNh9TU=>gzIycjQ1Ju-X=
z?Y$T%XS+zvI5|g}_5^&=8>TJKdN8}wDm{dK&#FC|ug|T}ZaBNssy*vazImWFgd2(=
z%}9J|AlCsg??P^V=Ya#bq*MJhbFE-y%wBle&9q(g4x2rHG5vhp?1P>}XC%!UCZqUp
zAu6@`JNJx;WrJAq?g<iOU!x?*`w8-I$<BrXw@6=Xf+cT;TSj<ws{QeGO;ty5?vmtu
z9YAP#KV4_+P|jYEu>)}=%%EQ-SJe8nNx`1!?}D-*nbRW-wb`*-;8C#s2?|z5xNEWY
z0W<vvA58AfcbWPN(|a7nH0M9emOB9>^0)=Cv`&A*;@L)+c@B7^Q9jt1ujGGMM`I)G
zkhtoM2VlDL!O9OwesWcNsjp;vzFAEdIlWBF_4i7XZv24`$jVyYIi<?u+-M4#jNIKp
zhv^<2@|1j0N<%Csd7*;Tq=x#0?gL5$XbG&?AOY2akgrbL{PFM;!)d9*sz|Q1$gb+c
zxN&<CYTJj`vF_qcr<r6k1`U<&f;!l1RRv>eu6%qO_zyh)Lc4@`O@6*htSlSXRlu)w
zxy{nkdfhc=$PJCZUg>qIqe%D4&>7hpY^5M}Ig|6)^iDA~{Q`+%SjD`j`Gm2mCQnT#
zPXn6XkZKLEWDCJh@0)jwY?5|Fr`Vy<-$(nP`Sw}9P&4`-JD%sX1jO7x@C{|e11jcB
zXvAnYns;f<V{J=yDqcVjZ1>oE2YdrMX$Ixdmqalg?Fbs|hTN)UQAJu;S|T-QDP8hw
zd6wu*&@@|Xh12fkj~f?AEpG1C$3r}Fxyau6g@3k~gJj?xd^!Lsx5@xYZgu6YHS*`q
z**DdPvL)Uj>!_VpMJRnTSNXuK4dwN+9i&W`q0w)Y0lt<Z)G&@(mI34YB6Sa&dn4~X
zT-r^fw-k@eKdtn8-H-mQ{)x9Cl2i1{KUDIc`-lDuZ~Z^4`$bCDU!Z?PpAf4RBXuOX
zhpmSLC9!~7R}a?_aGvi0e(tj*2B#R7@p%0T8Ji0ig7)1fT^kq`JdKSKfAW<!W9q9-
z!x?|f-XHcqOg!*x-aE-Yf7~CPI)3BN)6>H=|1LB_A}&Q`FEE@qCv{$n{4)D<MdUjd
zU0Ht)+(&>eN-CorRs+P|i?pc9FmB+{ZLuEasO_D#P3wlGT9O=>4)HkR_R-anf4_pY
z;(`#@MUEp6c}E|jWYO~IbiOUhgW1-tuziI(O8uCnjnTz&Yx`7D!IO0nx(x?NztvU>
zTx7GGw~!j4ZHo+TZ9uFiTMAG?&AEH^f!DI+RD-?sU~){Q;!x7LySUm^Y~?fFRMnlB
zsD7+R%$<v<!w_81rk$vfEin0x%tbIVHo_}Xau><rQxQ{%^f};1*M)&T&E<j!^;enm
z4C8dJ<SsP6T-fiy?Re*}GH18Y_EA}C2QrzR!f-_iz)ouTKBn=A4+sv5>J4}Q%I?f^
z0DADI{+QjJNp&Xm2K{EWib@UbW=*o=;Fv?1){On4Fg#4eMt-=Z+FYI09+wJcX|jrR
zrT*Xm+yRye-~A~j+15J;OxK?ujF&%Up8-YGv9mv-O^-X;AO&@|?E9ibQhq3@6)l8P
z=T_trM_Rr8r5bvZYf%83HT<FSdKm$oOV}3x33}JZkj=HBcdEn7z6K-qhgGg%gXT>K
zGwJf>{gkewKd#-8Aka_@dHK&cW^{=MG7eX%qBczyS>UKOw}(CwwD|NoaX>$Tn1?n_
zL5_JUUn8GcIk;I-8C{r3@mk=4YUB8v)MKd85hG?)S7_YqGRY4lVoo85l(-(6uDq;P
zgrVjay1uM4j`Wf&E}W6tZX`uP?h}jX&mnir1&M1dxJGSx-aSu2YSkLZs#z~?N7!5P
zlWEy2{S&N*cH(eyF}{#ngFDi_;0a>0!7|>=lEEHJT={vr30@M>Xw<(0dY;{py?fvq
z!^JN4PNjcq;LFV0aMg-es!`I==Bkjwd8YFHpin8#kmWmrm6havvl3;kk}r{E{XD<|
zh#Z*Sd{=*(ZNVhv3URzN$|+&o8l5k4>D&J+4HRIuOM$&|HYVR1oe~a``t#p#e*ZZ9
zSkSV5segG>k0HO1e*c+v^YssP{Qt_=NhBPdtVC>_%$?l-?eSY#Q*r%^0|md5Ogn(*
z2ooC=J3vNek*)w*DDI!GXF>Os!0nV<<zvjRKM)&+eMN9TvDA4>Uv?@EE}m%g9+&b}
zD)FQd0>xZAeGsTvyvpwMYWI9N*6sd;*n!V3I~m-B^th47ETG~WN+o$#0vHkj#L=E_
z#lPe4<ORs~rz$W;VWCm+C8QSytU|Et$MG<ei%ax&M7V4u9XN{5L8B`<>C5-l2hgKd
zGAtYq;P)RseA)XiPVrq`Y3UyDY6|Ib!1?x90<OcwLuS0^*#^Id^sex)3@u}UGRtH$
zvy@0@&?iT#UsYqPN0L~ZlbfoYhggnXmoxkXO2;_eXV=C983ymst~i(IT(KGxtsPy5
zn0R6mq`59zz&9zdTCJ;L3iQ&{WuJrekKx$q!9AuZ(eX65sWlRl&Tpk!l^nDfot8M2
z7f;?gYV_PrFiJE-v}c(6STFky)WtjEg8(~7@RaRJ=vXBeM;z`(iAD?j23*QncCGRx
z+AYEiv^WNudv-(Arwt*hi=mQ-mBvR3?gpL5**hYm<)fXr^icD4lo4mcnXIHiRoBZN
znr}-Cet;0Z2WBwW(ibT33hbrY>Rm=QR4WTN&@;4oG_SH<YOkst95~IF<h;M7-%h<}
zks4%HrwD$Sp6F<1rpu5wtE2!`;?s&AJRGQ7ThcW)m45j*jEtVR!{N$eRp(@;SQART
z;l=^z)pn=HHc+skSC;e)M30{FgqF>NipPtSj;kSHMBvyUi>n>63H!OBC1CIWZg(&=
zc1W62w)Z;*<URj^m04dNK45Chqzm#8rEKZ*v>MY9wS?9FfD#&@Htjs~H={wTVP)F?
zTi=nn@4%~^n4}C-xXa#IMpLAL?lsv|F3s;+V?G3}rR3>C(~caO(*`f2As69|af-DD
z;{etnv0lvMtBSeT#K37<^$^KmS5eLThayZ1FQT=FH>TXM#r1aTJu160+-GvC>ix6A
z&>KWp8Rl;O0bbqr54Qp9KI;rCg@Q}=H7zeMxkp4Eb8<N^4Pk-O9@{1{@o|Bt%l5$_
zNoK+5W%S}jK&8h8{}(@Mj=u&2Hs!=TfgSx1!g&}$k8!^0iDh!v`AHQ#fgjxV8<sP_
zid8kTwIFX#0Awv9kyP)`Q7&&wt$w)NKJgl-<y|s^LgE~n;BSJ3o=I+zKRvU|Dz?9z
zh(zHxd;u`wx`-a9<4F-8Yd5l`>!KXD5OG{I(H(<NgbR~Ei24QinV0q&+qdtNwljSU
zNGDJW&tM0qOWuvrU=_y*vt90f(b+qE`3hLlGYv6QhRs#voA~*bjtAd1Yhqxsf5Q~j
z$oED;)}gaBs0ge7cvD0Det~RL&j+aY0W^T{7zD292~pJIxb+&mWDnkc$0_q;`2k)4
z_Qe_o+lBD=f`I}p@?!)bVkGY13cWx#iw{v{%4p%~$n}3T5X7?l;z}xXrE>QPJ4ai=
zYI1=R3j6qPp`?Gtn3pZ6l*pI-yoCK98<qe282jInLDs)m|F%qNU#x!`>2w>XJQ!;(
z^<v}8-;A3itm2ZuIp`(vyL73niGj2fHZ)^JQ~`9P0isANT8g!N>pA2+ks=YqFYJFm
zoDq_i9SDZ--}|lc@d=}1>DRl%4esac_ngOU&n=W|o(D+3U<)9DrF{Z{^NSbX=%irR
zPot7p%^)xNkt#tO6o>X$?jSGmku0B$;P&7R;sYJR_K%gQcdr)RA$rS~2n2+eTV=1w
z7>A45+U1y0H#r&K%@|v~90KOr?NAW7!2D4VxF5z|BcX))Z^Z-%`$%x1EVxgG`1p%A
zv~b%?H+cN`{YY@4e@ch;!C&aIZ}!E#Wcw9;Xa=5PZoczq`w{Gk3i{9-V1aywhnW6R
z3pzd+mSz2zh$&hjruGE8H7D?)<M-JervD24>%P_rdNqP}qu=4|zE<J>$s(ZN5rOMo
zzKIt+T?@ie$7Ah3iY6mQinL<hgZ9v7u^3SOEf^jYCpU6=9Uj}@V`-*Ife9tj9&o<a
zjE#4s0Iq8w+Q;H?#-;e2G3my!Ht2nwY&U>968>1{rW*UJSGbhl%}3}Dwq+nq>$>2^
zb9{BgBgFwJmqBMpKskz2n&x<G)}<yYXfnVDri2|;7V}ovPPww6W;iUJ`mHZchPaDt
zL4RnE8!~f#wVL7mg*<4H#7zXb0t-O|MbqFmTW|b^27K*8rF3kB{)jY-lO6REpvKfO
z-Zxv@npvzgVXJsk32>g9*n6{EFuOQ6XWygEdkQ1;0XPQ{S?9T_`EW<#H*img(EvLz
z&)}S$a0Hka(4d;h1E3O^1aD>3AzcPMJPhO|OCAku9CdANY3TCq!ra~(nSoqutH@{d
zsCfyFC<a~(6^xTj$EFYd1{36JZ&v(O#4A|m_J78tqc~`P^B*2!{()9h$d?^h{Db$q
z1}j=*RMUoBh6BA)Go_>Jr_c#a#vZldEbVS}mzx+zLQJM}2cik@sjKhIq{c=VW**od
zzCmOyjLS>r3`6f*ctfF;3!VLghgLL76H<HH$@t6rhF8hKld?~#=fY9QRnGF#m4iyq
z)@h1l&9gPpcvjw$zQ?bWd>=G&5ec4=TCVqI0{D^&pc;al${~Py3c@ZpSwm1W<1B&n
z=xI>BP-1SssFuMqu|9%M?2Z_wpW+(tIJb&^Tp5Dii1!Q!7*Rx|pK7guHqH!E>vpgX
zt780Mzh$*N5wKg<wA)-&7}&x}*NVLWSsINHP$($|vvh8TKIiuv@7%}*Kiw%aCW?z~
z_YW6cPcRps-z1mDY_Z|@HI|ObeYB49eFQh@;d8;yFn;rw2AaPj`s&T*PjpZaRov?R
z-xgY2>qGKNN7d8=Gy$=z80=0R{@qj)jr1(^e}G~75Y1#BftDzpG`d&bhgs^n>kAzo
zj{9ws0V_)DD;*}<iv4F~aK7`mt{*})oicfEK~$O1?6=9$zI(dZpH=((Zkofsw?NQT
z<5PiIdrrP;xx{obF1jI7=zZ(QGwgMX^K%tz8=d8~Mu(<o*BkyQ*(wDpQGEsATPXu?
z!4EA6>=FmGF{TB%;B=IVTxipdinlV#nCiR4WjNI{ck0<?*4plq$khCrV#=KAyChvj
z@U}VSyuLNp*V;*}&F-)uB5Abqa^a|XrLyX=1vl-a3aGa9QnJ$*)M}$SBT8rokNRlq
zm8lV9s$W*}K!qb@ZRuX;bS`mKMN)b4;^Uxs?Guai^y&(%2?ACm)w36t>bZr{w)8TS
z+g^_p6Y2?^EcAop1RO1-^Nn7ZJqHy)lc@nnIQIH^e!id5RC&ZJ`J8Q(;iEb1BPLY3
z;erjqV3BRv3dv*nOu1^D9r^ulXhX`w!d;3?CUpBmW>+ig^u+B~L)+62?U2?XI$rg&
zD>4`HVQAINS8}XGNH(}>s}%_1I6bpc_o3&XLhD*Ge*rc`?l}!=iA|?8W~NLxbLkI1
z50?p;&2jngGnmo&_=H$&UaD|(<7SZ&$a$CASB%w;3&}I%1Y#bEVR_gtQ(<W`q)Igs
zRxZ7Z8Sey38gUBvRL@Az$VnT3PQ!-lMg2gX#kAo`zV{GVdT6z!<Bkp@<C3_|E>aSP
zr<c|14sEv6#))n6Cm=X4d269FPMl6%k2T?@rThkxX*SLk#Ja>VK+5{KGGZT0k|f2H
z$2ukGA!Zz_?2p=+%kRcrblHwxA~Sa%2@&)t@LvO5;%9A4(pG0cXR2xFw!Q^J7Jv~o
z&L$j?vnu7Cw!;lz+)0ei9^lNYP_pTujVZGLoX3&6P%$^}%-hl-mY6wXRE~+`I%PKO
zPjT!GKbf}(p<G%%1SVls=x3Rdoz<fM0^ylsb2y5dn#Eq_ahQn9p2OD6jO#35wXysC
zl(IB}K99X>tU-(;9Zh=Cv{D!kykAy`w(5>0zzo{+oeD&^{9%sdAWomV1GBroEAu&L
zZGyRCaO>RqOEpgR2^}2NV&3QADwI6;iC8vFHH>V4oJ2QFS4^O%fuJq652=-v1%KcX
zr8$*)pVFO)RHkHNHBrsqMu`}pSchi1D<tkg>+qm(0ErUiamXT1zm|6d@zm>zstEc+
zj>O|8#q`@C(-C|w$<G830LtZ)0CxZ>?uTgE5lCVL@IzUH&F{83*9h_uN0J=3XFx!T
ziv%b16%MNuw+FS(jNlHtJbDjRMusaO!3eWwff)060)nARpS`1K9;Y0C5RgRyql7mE
zi^LU{aPDe|pJK{2&U|^Ot_3Wb!jC)S6wLNcC7zc+_U?&K<F3!79uL-{yXBMP4|2z$
z{vmIFvcl{EV>P<ntA&+>a9>r23SyZVAwe#&%!IBdTB6U*Ttt9U8;H~v_JLstLZ@#;
zH|U@>WYm=z{t8vRg$CGE4%@MK*u%ckiafXDwb|L0@q&Ne|9vqi%>l@`MYS1ZZh@oU
zbLj}-e#x>UXKjP|+rPPRf}a%QSvE_j9P;&<k2R`<6b8s(%EqkP%tVdq!gz)BVE0tZ
z?FkK&r5@x^(4ogEJShs`qTCz1=+8`2Z{RSUuT&Sjlbm$E8*i*8UKja%Ze`zLIi@-+
z(jn#-)k8qIkd|2Fd4{f|1S+D*#*@bwS}r27Fgd+`FO9F$gIvU^_#y9z*o%wX6F{0h
znoUTvL1B+SQ1-)K1HPQh6MoMr+F|GC)K2ByK4$E|O~o=ZBadEb;l;T2X8lib1P
z?I0UYp672dlXoGPb|@sL_i4Cg)u3}^ikvEq0G=nq>K&fkH%Qd78hFG;E=YV9SW6Kx
zbyA0Fe0L6+<A9MkTejg5k9WR&3Wgw&c*n>Jh&m%-?wa7cM$%WKjQJ#mfy}mvHTp4%
z;O)rhL>M;(mV+vFD#2t{h;mBPrLD$Vp79et(^2S^kLpTfjmE8b<-L(H(`wx@sVV6M
zk6>!&L~B#i`pZ`up!Zx{$|{?WE~kQve8fqYxB>|!97Js<^R@g*QqeK&4sW}C`3Ilh
zS{6mT!cG%<i88$Y;E+HiYO(UuT{%eQQSrBWKo!=k8<#bN&M!(G12~_wSzmBvx1{EG
zRzA@h&19+CCVSe|g9E|x&ksSzhZ^SxdMD<eq`cPTopE5=CxRGUP_fY7tbF^wazsla
zG$TX%w-EKfwleS^*|El(<MZV%pebDPvt`}Fojp*i?M0&M_by;nI<f|#xfe!f#;8JF
z2-T-pId|cd?$D$wNX}pn%9s=EI_avH&tMB7wR5nj+3_qH>ynLnE$nOg&J7m1)L#9^
zzH_7?xN>c*-jp4R+r83h@tp_2xeBSY^f|R?^i_?3HunaM@Aea#+8it<C`KH1!e0x0
z{`dXfKhNi3T5Yl8Uqayd*N%_<Ka&~0Fw_4x2dkw0Rk{4t7*IbNKM75_qA~zfX@uJ~
zloVJHtn(956p9F$BYHGQxCj~~$ynX|xzAsx`uWW^^R$_H%56RElXUo4nkk&+wm|3N
z{fhJ0J?Gvh8^f39FI*2#7wZifIvilPA8ar_EJoO?avx=O8FrwK#z17?kwoRTEDVQh
z$*J;uh2aLv270>KfBH5!x-wc5`nIQxt4L0t#np^pRb{bSwNmh;{c)^b@L}W$%|Kw(
zk^`FRi%F&F+OLdXRN{ix2v;+a5SOXxdN-*td+T~(u!zJ}W2EY8y`AK2stALy@k^iZ
z_!Vv3W~J!+F!ZIwA}xdp;@V^VWr}e>m3vdVYIC%ua>Y&%H}EBYbP)RYDs>Q$K7*G0
zB;ih`&9~icB-RX>(}s$sbISS|czLrUbE0C7_neihewb9o=9;jsG6fgJdB(jrKDi%1
z52;;)fAXRr@SG;atydV{0|k>ckuCFFqT(>T5ZWHUO$gGgXocEQtn0w0Ev{OR_nxVi
z;f8}kMi;>m$xJ2_=?1e89r>4>4~5eT%6x0U+A8A(TKAkHb)~m3oIBUIOtn*mV{u*M
znP*6YAH>qtFS?!VN`HEQhRn&!(173>?MS!%1UjM5+X_6|SIJrMoWTrojuW01A0s^~
z<e0hl_+7p^;CC~dlu_Vs939@mqP}1)exLRqdd}ODe_@2jOqDWg$K9P{MWz=I%f8y9
zy5;J}bSB3f&D^Bxc|Gg*lxT|H8NXwfbYq0dUfC&tKK}s9HtsdH(Q~t!u}%Fk41y-h
zaG*UX8Z;5BfAAx_Dw&ipsQwrhOySwCE5zUgNxA}q%}l1j@demoAc_cU<oF_`1tuS%
z%ALzG5hq^THAz*KqNI__eGqjw<{ndoiW7Z<qsHuW&O9Eo3bY5g2HIh?f7NS_s#6u<
z6H*C|o5diW-$unlsR_ZJGt~Mcbv5!%DTO9z2a9V!9!qKrls@~4c+uY@zM;S#7BkD9
zUJ9AT=vz%5m}V1>DtrcwGtZhb5VsUZS$6M7{lG-w{rDz6OUzHiSA7^9r0bMS^n_V<
zGOhhg$4H|Wd3BIhVhy3v^8@#uQ|6WIifH_HqyJCxc%+kMbl7uvZ0-~H)HsekR0`Gr
zN1&8p#0E->KdimH6iVK$Rmk>54|FEB5=h2x5tUq)T+j#`HN1Rf4Uy9QG;^}<VS`2&
zgws1$+7M=IrBH#-LivGk>cH0g8i&Qv!#{A#tMJQSDVA0JNh4DHgD2t1X7jJGbT2U4
z`I0Gm)4<bepcVQj*#F)C|1%$m>ZgVmzGTSKfB267*?jmf^s$MpgZ00b1^*>QDm$3}
zn+~Zm`A<#q-%h7^@sfGL@7Cd75nd$LdWhXWMGC8`z~a#}8rAq{5)R^|#7+7##3_dh
zVA!hFTY93Z?IMrGs2!qP;vGM5R$ee#O!jZPCK|<X%8ySBwmMv|v$p@db!L1#9n126
zcSC7rz32;<xfmFwn8OaSm!P}0<cLDZ=O9KPmIsVIr$!*KI_(B&4IMHO4icDiL`q>y
z?RG?1p>o0{q|PDsgO|Ok4LV^!#Hz~AAPxf}BB}V~8HZ=&?~*Z}OfV)y97pY1)hg|$
z)$DMFz#IC8ao6`Hw-|&D5{)&t%tQW!`_@WNF;N)Gq%m8KYOv*4Ek$afP8dXy)Kw}n
zSvC~c9&jR3=`1>ozGa>-ngp><YL@^<zyq`Etm%d<iq9RGMvU>kTIxd7%N_cesaY#d
zu&Yhij1?1$dMG#_+YE6eAJgR#i!XItg?YEFSa5go)Iw!A%lfvN0dL}1tn<~F?y_nw
z#%={9SVnZaoyu;+*DNC8C|WD^<CzhoOb>D`-h2Uvm{{$z50F6_&h?ROr5YGgHB{qu
zy-=r-#W*KP<vYu#q@)Yqr%}<a7|r%2Nw;ojhRN8|33`G^C0CpIE(_-TqrF=S4H2Fc
z5@D1=8zaWKs&~qxWf^Ps(&14=px0;Q`;;NXMAG#2yuAvfD^!jIe+)b0p(#15QIxCA
z*nek5bH-!C4H0fvr~)4z)PR8HHX#%J-LQWjT=sf;`=R9G;^pI2A4@q=W_Hp7McD7^
z>}JM<>y_rEJZ*_-YCifNVD8f}sx3QARO%JF4!#R~(|ftRu_VXaP!Q<k{>#q<&_9nn
zlSadE3)g6F))r%)Ps1Q^COLpxYwNlZUPkXO4ny#^K1nB8a&DW<$5DGGWg2z4;CiKJ
zrr`|0No$j$8HveTcMy$0HJ#sQ&VP#Fpks8Jje2CNn0+E=x)cgeje=+nHx^ynwL%16
zNMIjuREezTokiCuNDMmGX*{4^>pbl-I4P1uyD^mp(#L7BAL{^r6120;Gh0=NakbF~
zM78j3V#e3VIQQo=uvsQS=4u-*hG&8wFb`{|)Ejcty~^EVtrmZ+jm<79V+geBq$N<*
z5M`z#$KJkMi{@KbBYVE^Yw@;qbDydvYDmjU!E?Qt!_E2-=#)6~XOW%Y<~OsofU<Es
zAm&|bvf0k81;YCo=hfnJt&+gUR&F;B36S_L$>h(42_pv<5=%XSLFX5G@;#vHKmB~9
zhES-BHl}ba5!%kBZsPW^#@gMOi3#(H!dEz_T-$=NYFA`*#+sdJJ^?r%bqU#)_oq-i
zBqe(Ss$0?C46rtZ9%u^4s|L`_YY*|^;XeIln1Dk`q9<^Kc+sIbdqai;M+WO7n@?yD
zytmSCzP&xf7kXl%dvVcjg@^t(^A_KbUcwVPG^yJ6Bd)J(M>^?=`G0%S;p_BTA}mR8
zL|rPy@+8&zLAD3^xL|p%@I*7B469?AVh)2<<o2MOF|q$#k>1b;)n&rat<!9ow%I3q
zhn-$Ie#!Fo=U>TE!TAE~W0xC3Qd-R6S@k2~ieNs+`THA&?GVmA(4S!{t%fzZ@DAI@
z*DYPqt_8~tYIjI;gHMN%@r`j8s%j)c?QW{jUGLgetO6ieBZX!@|67yCKO^+fBE)0!
zD<2&E^_V5~|8s;Y>YEs=I+#2C9}|^=wC(&aMDKGBd&>+U*qEs#3@T)}Qlz8&FEu5#
zh@F{o-iJo}rAeZ7oGR<JZsjuY@bCP71i`7!g49GL@OCSk&CCt9N0U>}1iIZIZvLip
z=__hMQPP3<Ty7V7k^Wf>m9TtwvOKX=91HcR9-(=U3P<%9%o`^Y+&KgcD|y&ZA&34G
zgYQ&0(4Etvl<I5W(e5AoEX}W&3$&w+dv~sGg{8zXKPaYy;T3gI1H7&wBnW<Z_3hU|
zO88`s=_8?%PK#>A00_gBlgoHGCg=2Y?>od2r=H43g-;#MBT^-7hsvlZEDH>&tjWxk
z0jE5SJ`g32sK4c_2=P^*0-aG6DkUK6!{n$Os2(rPX~>F{+;?}vDYcck(A(!m)U&3$
zt+@^iL97XAIrwZ07JC&#HvbYw=$}6G=i0s+hw*78kJa8Iyw-|0%oeKWC1aumS@prF
z6>b)3=3Jm>**wFjHM@eG18mTF)-+MSFNMm!EU`c@*McsL)XKZs<6UB@)=UXmX74FW
z@5*K|Lo2*Lht~XkiRBB(pXe7-Fq}Vip4NX{TH-IT7uijZU&U#msWfk!pOJ*Z4{y^}
z^lS-iZ~BGs{Dn{VT`Fa*uU-Zq)M`1-h3z6G@BI5sd`LLe$OrrFn<mbG95es-oA_Tb
zb9E>$r9r$;veg4pdIU&9++BFE4J%}HVPP3KL?^-@(tSwfd*fHcG&U~to6?ZLr2?R`
zrl$2G+X7X7GLT4ww7pjisVdjtJRI1#rs=7R-{jhzw%K9T7b4{Q;bO8i;rsc_da(MJ
z?+(+C)1WLG?xijIv4uIMU)y1YGPM1$RucYsWLJlCgFMuBM87%Oc2Cpc1&Di<;^}#C
z27>2#iwF14!c)3S2#0X2*Bxy$-~{-sg?u*J3j!B2Lfy$lwj=L;*zVvab%nQZ(-I=Y
zRlExYCu{MN9a3`8tB)so(-;lPlMra?j63Ma)fGcv=B6VG{)Mt9(wV!d4^ch1OO57q
zQy#YJDBop;`s~O35F57tQ0td<qKP%2?>TpH6Y7_BriuIb1IxdBBZ-HxGt2XVZEN8s
zIqdN9+u>8Q^(`x8`@99wcSI=f<E0>k|5PmsgXM!0f%PR4_p^N0mh($p#2#?GiH>%?
z%_ezp#k<}o!2T@T)deM15y|&&()aB|g97KOto7UdQaf+%{IJ5+kU%<nH>|1<-V5$%
z8X8!C%E@&uUNCHeFt6-YTW(pn7es>Hxh>T4A~$L9cKQE=o2}(v5kwR<B|#(w;d~4<
z39S-q-^eMwa%u}7!Gp`_9XXO~S=6qPap!L6C;6d{WLr9kjEMi~R>pBzG}M)Zb~Fh%
zF#$O)`=*+{Wk%7V-S?gjUR=`CoVFW=7Tuy6)Nxs*!q8T^NpM5Ckk)0g=aPjDB=CGP
z@SP#h9&4YPb5<I=i;cMhls^5aT6<bDq24fK`|(vh5W5Up$=vVrnzi91-27smNV=G3
z7rAc5+^I?9x?lzMl0keWwgCG!Q7dcH(wVokBqwKYG`=#kwS*2Wsm(<K(^y5nfXLcE
z`@2D;j@TI+YYY)C@2Pe<{;ZA*e25yJL^voGE(xcct5ZdDfdCrWzy;g8QvUu<&aR=m
zh}TMDWP!Q>1%4l)mDjoK{a)4>NXU5h^h0FqHn=>1kF+FrI!b=SHsjp+U9bvRmdGol
zQ(iJ@l~><DEOFrfBt0%nrA=!EPQ%=18FG3rZ`H7<(Ce6dKak787@sH$<{sL$r4O-2
znr*G$P{prjQrxSUPPgSi^pv%MPQ4bJXp(j>TrQ-Ky9UKYIlBTPQ=3=Zw#9^EFVC_w
zfMR7Cv!)8JDCQHO=ea;&r}|E;@JK|$Y9q2d%0Q4MGvus5G8Q-T%>#5-q8ku78<^#l
z++p)Gi0wO`LknyQW{Vm;85>rM5<DL#OTT4LOcex;728ZiZip|=3&N-6j;~S|BCZ`L
zXvhd+TDskhl#zT;FDx|d_5E%TJ|?Nqd2AWA{YdEvq?-Kml30ePa$yvog=a!f(9ql1
zT1b-fBWng5ixRtyhNh-&Q^!@G#`I7*TKWiEPzb#kWjpK!Koe}}v445Vx}LxM3|z%G
zEK#1RR05Mo^dP=^1}=^qRtOfQAFfdkh7*&D9#Tq%x)$!|Z4_dvvq`Ivo>KY*A;b0e
zLpY&>$hdS0h5-tBv#{BGxo_#1hGBIEnPd^Lj5<=a((H(>5~R+o;Q^$<X{BH5{ZyJ_
zhNpS$Fya2>RjSTVMelm(>JJ8!vzo<_RH_J4lzFu`8Fo)B11=k*tyKw2`UT-|LX)sG
z*!$k>>`L<x4oMC;d8#C(71JOvVWMv=yG+7q6wAWFJ>|@ZQdm5T&*cH~zD}OL2?}<5
z#bhQ}eY7SC+k_4=O2fF{*%^%nR!^||0OH-3-ApNU*&1{f%DsGPFb^UxH~!*Nh{w6}
zi1!1np!09eXHa03=*)6hHuB08gQ4V)qK-nFYj20j89YtrR296`Y|5V4*z;Kk6A1Tk
z_StGbCxtEPm<9~$g!N`a?HJbM6b(~dE2m05)km7MM#n>(vN4BGJ&B&81uQejDbiv!
zs9lq@#rav|N%N8)nFQl1$E;1%fZ|h8^%}5>ha@}Cj3dTAbU(8M+`vpS;W_8h+&%sf
zw}YF$t)&5%opL6yF91p8B1RaQYIRq2iOXtnVHWatMkRep=tbaQ#Y#D5S*(A)k+4s?
zLnD>}ca_%HJY;<vlL~FK74?vxOSe!7!KY+>=~tmL6(kQ_wJZo`T1au%$lmotXlv5o
zOIF|&9@5MYB<v?ha2b;`;kD}ZC6XTnP1l~rdPS&{e4r`A#<xr#vXn^4Jwe3NB4tlY
z!}ZSA6QODF%9o8}SUIXFi4tVa2(3cCWK((Q?G5}Q7%th0sz<SjRV54Ub|)onVF=dm
z;d>%Szd0{|2sp?R#TF`Zoq?C6jdkSJ9zHdWbr_YD=zoeCGiRkRRl@xUIpJWBH*Khz
zgsu;+=BNU;^Xnc63wgsU#cRX@)%@AaIoh>>D8rESIR2%^1hr8z8uZ$cynnwhDMqBD
z8xtkK(={q)e#gXgtF($YC?m0@;xaC<;pac%3Pm&=F%9s55cyD@>18@)o#V@%L)o<W
zg_FHfaO5uV=WnnP-DCWk7RyMY_jPqbs>4&-%c@55I~c-fsD#G!9Y;hRKF+s;Uczls
zEzW}q;mH)z?#To8ZHi3hgFul<ud>oKyyo;*FL`ENN{b`nkOp`{f?v4&Lp36qs}n@a
zXrVjw`vTzDM;y3mxEbOjk+{g=H{)X8h$CFUm-UI;GVSgv7Y>ne+T&K?L=BP_qpVU+
zLdZgKIS<-!H)r0Vq(g@4f-|iJ2wUlhwiCkbxL#f2&wcue#QQ+kXGYgaXgtI@0zHSd
z-s4=s_O*E#+TzH&aT#F~98F;RIb%5b#C?Wix1*4>4)OhEUgF|Q{*3SdiX6Ct0`Mrr
zD}P`9{M|&g;s2onu%W`753I8Xa8t+|-=&}(_q({>*?Daf#yuMdq8x|YOGW6{gH6*$
z>PxT}n_QM%4K^0na}*Qsyhikac;0-ASi}_#Pe;%XNslowQ3%f{W80xBzq8P|!Ups<
zDeXB2y|b9?drS<&sYTG|N5~4&cL}#|Mo`=1<k^~DuLrl+et+JFS7<}=d_^0UdDyX0
zSPLe%L!jJ@JhsbW8WJgVAni2duFj>j>03Ckpy%D+e*shFwQwd?l`UN)Z}pI=s#XZ$
zNoF}%9E)4^zj2MSo;!{k^zD%^pODvf0b_3AIA<Ump@cZr2S`;LP!ydtz-TR2Guar=
zqq1f?!Wa0>FF3SD=UK6{*%jdpt<J$2P}E$Ch$xESHlTB%Y9VQh5T#P|QgNIxwzwK<
z(3`M78bmW0!kP{<vPU~wEG9v3jZE_~3ti<CMJ|5$F&)sAyN7&z8(ZIm_=LfEq=GMp
z-JF=A_bB>_gWPc=%jOo{kRRQkaqLt5-Gl7^uqc1PD!<Tl35r|~+!sE8N<R@%b_(}*
zNWs?3&<u;6DjT>-V>vJz+7NTLqUYpudKWt5W%Uc-wmRX^Ki8kYGa=lbN>SzHr7?#!
zO;31QGe57G$Y6dnj7^Bnr@ne{8&60dWmo#Ui>mH^aM5?fA-}1+oNW8yBtVvr=1$1B
zv52X=!ydyA-I1laOX{bk`$-wZRZKHlLpQzgfKTj9u<Ie;7kwm~l2#KxRKLEbl1!Zw
z6})@Y<x)lmgWnsf9qiGE48B{X8zwGyNl$I-2X%~dcp<#H@ry(t|JEZ?-v(&LZ~0K~
zHnh5CMrV^gB{42K5tdxoqmDTXU_fhks?7~V1#l!M&kr7cmeOf01m0Uxd)NywjVs~z
z)Wbd)v<Bg!4Mzk=6N$PblpCn6M#5xJMc~?NH8NCCNZR20k$)FaM_w+c1Dt#{8d)pj
zE;>{c!yJB8mQ`{1X`pXrjkqcs;s4TxK>g9FHm`Jplyq^1Fc!l%$YK}cp`ULF(5GD_
z2C;&(E{y)kw2PRiZls?&^4ot#j>KUXnd>M_Kb1VhuxLay5Hmbd1Oyl+9~LI)6gJzU
z0O*A?ps_(0X^{pDYa4(*g^6?gjJTX&K}edg)h+JCQ4<6Tow>qT&q^In8VphIUb`H^
z4O`oC$fR@&tDm&g%Y`_s;tHan_&~^Zjp3%<L>2KQbtPR=87ku(*ym@mRmyb$#DA@_
z)GOyD({=X`DW?r2ol~9nwt*-!`rEKM3}m7@wX(HoEqR91eb-fVy~=gyg`64ydqR|s
z^)=Rri4pu9Ji&NDbNKsjG|kHTGFOqWcU<K!2G)PjkoFIISlPzmzj8tUB!ooV42|vn
z=}P<88%kWS#1{xFguH2UQR6FeIvBV!slpJpMJ0mDOH0&<UUSNJ@!KUKzR+2BJYlEz
z$4%aVI4V*Vx#NrL@wRVQ8flH~H2pU_FimBO{*Z)8#B{<&NU#z?=yl?mjhL%dz${=i
z=&1^w=@b|WHils_0kuF(`1;5~V9%>p0Gsu@&>$Hu4ZZr4Wt<Hyq{qF`NpLl2kg_D1
zGz}BWf+oSRcz7zeZp@L?JkIn%#ll93%`s@4=m>>6@d6pr(FRuXqg1y7Y2~x)=I7#B
zFUZGKQmQoE6YDV<q|&=ZxuFl~#u&HbF+tlDw$e|#dWoHjZeL-&Wk#4B3bKjfhbxFj
z>Th2)1FHKnP+>Sx*anOJZ9&tyjyGTjv%b2*RUXYzqwqAln&-s9pY<hRa)D?@97|_B
zDyQV<m<i;*wP&?Q>gQc0xA6Z{&*cei@i6}Sk?y}VU5@`uj8HW*{-?w4UskLHZN>Rt
zU*J>Pq9Ve8{2g{kAGwHH&_x&l8{Ezw_&rql*7agb9I{E1c-kjX_kKV`0rTfK-^6{+
zJeA*E1#WShyrZ7kyvLJQU&=!lh??MPFGDdNN9yk4B##XmMa$*SNN%192epGmE&L*$
zBXEas_(oIkAu3M`-O*pcaOzEU1Z*m&=jjA*F4}sz9L>bB-d1NCdX0Ob9u1r2r*4{y
zpp&CRioMYh-qG#!4Zu@!(8Gvu90idvOAB*l;v36wsY>W`s_J`~(=?Uwp!#{}gNkDK
zW;ENZm@<YW#FCw~+AGcNAalHS&@>s%onG^nn&w37u123<M#tjA^GNscJXgs4v%ocH
z{SLRekVeNRe}#%-JkPhX=|8QT1{j?EgOI<qrS2G_<t^TQ%N@U#V86vNo@)>K2C*>4
z)sWQqIwL_5{xXg-*L@}_TZ_hpm#vy#RS=`#UH@1c>m-TC5f_fg_66;avp5+hYitw3
zQcOyq)a(X7_#<^okIc4iZnkbn_dK3EcUo|ez?6a?=t`YknUTCv_+4ThumH%LN4YA^
zt;*>}OQp?De0-g6PleFM^Ml9AkgX8VnC~vSr4gxMfk}rc5`y$#`hjX>7d?aoJJa&3
z*%C=87PDZ47kQtDu5jkIE7#vA7Y#HC%BdTHA`(iAgf&nnmP_dVux6x-(z|De&>`t{
z&h&s1^DU_F9e+hU*b>Y$QII?uxn0iY8Ce8Wb&eLSdd?AUxgD)0A^ov+?n4w7??Yho
zXF)bz!BLx%4r3Zz)`hcfu~;F^Y^XBn(o-GKk@s)0!eLa-|2(>J7`jZmUo+<SmyY%y
zwhjCjNm1F!+=_(pU&r@LH$(YC?AgqHIaV|TUqcl5;GsgBs0fu<A%m!>{6U2!G+VgZ
zRhAa3@!UI=?`n3y_IeO@L<xs7<iI`7B`iI+I&L$trfatOeLz=w_YvVXtoBq;nuRuc
zH@`iDZXnbS&bZ|@I?!WTWL+@|d2f@%>vz^Pe#jjWn<ETT5EpK;*NsF6D{txeIj58d
zfWTHYYe=@|gy+WwT|7nMIWi*IQ?;V(OGQEJaO9!rqafU@9JJ1QrJH`-|7v*{DZ3bz
ziMgvSGFiEBdMDpgx{*3z{L8@=S4V8h!BP};=zn*nIt5BBTU5Dy!oeIoxBom>L<V(}
z8%##W*l`zRE^IODBq$({=JC_O^umhX*`|KD^;lS>jCd>xa2lklm7SWICkifdACNC1
zFuNVVgE$FOPO=4u@IDR-0@QR16NR0oUqTOw`kT>Pt1J)<kgV7MAXIV{0RhH$TrOjB
z2szrq7X)Rym3HwFy3~a@YRqv<lPC7vlCsQB$#0w7F;3G$D??P$L_)s|TLt+$;nWGU
zI4)Vl)V$x|E-Vjq3Yz5o;b}EA9YN^~zxy0i=XXMGkpiECFOys@xzBP|QW|jjBuYuj
zPUmQM_mZ)zl_#XNN;;!)8mm=(eoK5>e*U)<>pv2#T@|LL(N{Z}8O^tET>shB`#(qL
ze;=GGjW5w`agm>Vy<?(-1{MqxJ&Fc9J{AdVKz|l70IWVPNEtOWO_Yft4a<}aQA-Y~
zS;4wWvZ&>!#;gi8C_I#sd<Bt(_F2~g@Jh{6^-^`c=E--<lR1q<2(<Cj$K5f-ahmto
zcZ&CTBXatW=eD6Ri+^|RT+@Ryo3@Z|%JkpSV*>QIA&InyCc(c-C%SVVzQLbWGtFPS
z+Dg0hzEfyZip(;*<UaIZwBQCbAeB`^twm8Dm+VxWZ1w-5>>GnC+q$khwrxA<*iJgO
zZQJaiW83T#+qP{x>Dacv+*c32KliEHRcF`vv1?bIGuB*ljIriOy5-R01KBf5nG#6D
zG~NfsFTX+z(rvhwcOCx20E5spJHjJGE~d%o=pQ6kugHj@`AmvWMv@m~ADJ|CGs4Cf
z6tTxF%Qt}jy~e&INp|;IHND?t<!n#M#MD2CLh~4wPi9*}HG5pC_Srexa+|rFB|%4s
zZK8J$Et@D~JaH=RhEr<W@j0u&KB%`2trAt@fYPfm>CiFB>p;W3vv+}5EsCK`rCHYJ
z)Wp~?>ZDnaFACkZb{6>sn?RS6K-`@!CZ$D0sB3vpD$uedY4Q*WUDtHmsk}XNsv$mP
zYU}{btFzaZrph>`SJwbA0$+w|+o-_VG(1GnS60v<YS8u8I7&hI8_-Mi+#z7zI~z`k
z+u(q+G-_7Epk+0{c1pW$TL2fENWT|>+Nr)RW$YEun*x21qVeQNqeI4ITYrTn-S~1-
zN24~+R;j)$KVe*@d#-!x`m*6?YG%Z82E!s}G+F`)PORWY*gAY}H<#*&LybXOZf!03
z)u?}cl$Vytz^ad(o}%D2bhhWTlg~_4l~!1u@FglKsIhmIN`+^(B<<JH;2?Wz4R4eS
zh88d4n{X+l)NEkQ^jf`Z&bM$OJ1)8*3H-6H;6<&p|EWoMCLo;GSUh!^c^X|m-z*HU
zFOUB5E_JdoldS1hh7Q%jtMhiK4AD0s>n6U)op)i{WoOb)_40GWpbD0Qw`Xxtzk6l#
z#BI{bx>R-qA_G=OQE!vQZ6Na|ys$O6fQGts3<pPTK6y!5sLxhOnj)18YU}}VnbW1v
zX+7JVp&h?{wu45E5se})Xx)Gi(P0wab5*lJz*#k8>T;o1M{2g6CQbCQ3poGG1iQSf
z<ANn-4#!$%I`mm9KzED!_rZdQ;b{5=%u_CNnkd@6QJ6zSDigK8ZYojLD#o<snx>lN
zHu<Au7kMT6UGsayy20<eiJnOF2>M=@eRXL-L<8ajT9z=rI{{@LpB!2~sJ#fWh)*4Q
z*2dy$D_<o>xf08TICjxb?}{C>jlxsQQcYnW8S!pjOvGhE2f^8}66;5EA}3q-DLjnV
zT)Lh{b76+i2|BBN%7vbMrHED=C7Alcd%nP3#jG)wijFoZQV&@&*<a{k0?EcX9Dv<T
zC;m(Z?~)!YRrQTdwsB`k%SDF-R`WQ3Z^Z>aTa3ZA=Eh<g7vo&){HdUw3?!J*VI?g1
zdpdVDCHx4L7{mzE8P3dGy4aR#`++)O9z>{tp7=o)=BX{Dvo)!#2c7wO5Ijo#XbJW_
zdQqQB9{=c}Rd~kJZFvJb4F#6o!3b<FJkQWQu~EFmPE;U;X9K7ISl+uLN1vnA1I{IJ
z@jkfG+;g?pz$nrCsZ5CUJ{%^*<u~2YVCyUgwBg&Y#>!Lm5@d~_F#R#-!5Z+nCq<}T
ztBvhuYm0byQ#_cuAirw(@a_aJ@L67<r{!YOK$^D;@q9MSEEH=P_XG(v$Z7%LHX<o+
zb*=rrIHj4zfE320I>kj7qF6lG*YpYXw602#h(`16)=Hw_Elng`<Y!aEQU+)fhGT0-
zf}SLf)g+eaYIp$D>s$;Ni@OOKWYj*c|4fA96B{t~ZhHxlb6#CT@!Da`QGN#~+N`x4
z%uVFBTENe^)JE09pKqp`BjyMm0$e3iiI8`y&*^Kuo|LkUX$_3a=nv*jUh%SyC@neC
zsU^+`yv4H{^%?~kN2W=(1$5GNpBTsZmXdL^M^M4lmq*FwEPIYzCUdpoS^!wuOh*Q3
znLy=z880#cSSyTri@4&Jn>`=Z^m%m*#@<(jO6HR7xC{B=%iE*oG%K<DI&>Pud12(n
z)WN&5blGIO!E*Lhk#|}N;t9){bxMiU!G}6>*_3@K@TI5v4~+g}@H=V<mDV7i;@NZO
zkf18XXUk5}eXD0~YP;kqw`Z=Ti+mgOPTl>>>qi9+Tnh@AEx--JlW5XK?s@0~6*Nea
z9WsJf7QW&!kmnUgR+ZU2M%PD8ke%u?dNBFa%q_J|!5Xbs*{If&82V=Ejg42^sM}Q*
zwcT!;enMUacB<?Np2>lT5G0a>rcH|X<#rpLSIj8?!B3MEJcnu*NK-5c-Tl`mAAO_w
zt|T}(7dV>a`H6HjjTz(Z-^FiAonyTS#czaL5z{W2Ey6#Z(?$`XV&1ZWAZn~4N4cL3
zlH9IslOC@~FdZdHf`efU<}}8CP+#uD7YeHD1>c*f>!BmupkF9^5L~J~AHEd}&Xq;8
z^wTqcT?6zH5%eG?!A~ZLUFB_0`~kjKMqb^B{52hj#cv$^IkWgV?(x1kH%f0Tk`>v4
ztL5h^KEVj3Z?pu8&zwG+z4Q!O_gmx&g}oo~6mxsKqg?181*7ygQq<o4^jc47NxlPB
z#LHO;kb8&dnoq1rdPQ3#8R`|L4^*&~)TqwTW~h_2s0CZ{$4*2J;s96H3IvPq-n#Tm
zGNtU>^>651ba$7<Z{I%=8_bBSF}_<DQ#+$!OAx^M^6X}mZ6z#pB~QK9+J`P60tWD?
z=23LjVNfR#d$+FMYy0d}KJa|M<wR-4ifhOHFxy5@c>(b*xe<F~v|QP3`4*M-t+*5z
zh^|~qBtrcOC5eB3Ds^%mq2|K!#e-f-wy-i0X<`GP$q2+N#$uJx)9D7Bn&4n6Cegh0
zoa7qAG{gO@g#fMZT0fX%vF-vQ)V7L!8}cQH)P;Amj8+o5%zJAps<uVaS1pcCGGY*K
zY{N(3M+7-2t==L0*hY(aT4-zlm3zw+jQbvwnH=?$4Bv3FSlvebkF(1F$Qe1?R$jXy
z_0?OStQ}z9S~=i(yX@+NXiFU;ml*{O;{6U?!|r+#-RIjo&BiZLrQ8DgRCMZcL{*of
z_lAL?m~!96>xUj+1T=;#L)Euv+atFwY>fO&fkEj;_uL~~wZwi(#NVzDo{`8yn9%T4
zV-STqxp^JB{xP{DyI|wFTS2c(As$h(VadpFg9daL8B$789L=)%({B7k1%PV|No`@;
zx|5SqnlY=i;G%xfu4%zvgL&~C2<W?tyqLu!F<39BD3w1aJAo5O)mv(QWWrr1I|!Bw
zk_G<+o{QWqK}tXzVLB<pPibj(*o&%cv~?}GwndK?-OD+F#Na<NyasF6Y~z{B&yQsf
z5MLV&wOIAfElpe`&{j_J6v98*(KR#VxICKl`fX<l^}2UotPPkh)n9HNj*%&lpK=3k
zF?=D`@#7{d?54sASGMvq?LpQhY&I9QrippzB_qmSaL;5snODBlA5-iEU$z&S1J>=x
z?$%*g5aC&<r8UBud-7qqR8=y}(Glvz;+Y5`R2JX`_E~~a2&OM>NS7?~M3<_8c020C
zXUAR>@<(y6^yg3RLq__cajiX9>hjK0ddGCy+<6>T{9EX0kEMn$_cRUPI)WTO*jv!7
zBTh4RRI_NHDrh5QJIM3n8p3mVClslE44rLR$e7WKV>7|Jh+CHgS*cWbc|d?QC3T3d
zij!&v0M4e(dHq0Un|1dP<k&>~(T);Vk$m5v65aljEbh@OK+Y2pJJE9es$Fzq4*fx7
zX{i~60daO|_yVfs^^S$vth;uwxo#cAElk`J7UJE<0N@!=J*fFx&uY;gmpqMJy!<Gg
z_VLRYGumer0V&%PiymEh$<F?8U(J6VI&>ZSDfEM4hSix42@YUzhqo#%y(K~)g?d*d
zb+R_y#aHq>;Nvm=#pB4Azl8qHR{R9v$0vluJJHcr>O6h-mW(s=s;Y<DjIUh*-4mWD
zzhv%O=yioN&T2SM$5EHtEZh6z_f^@OtqlN$`0!1q-(|<qf`JXT&u#c4GR7@QqN?@{
zWC4FU^M+ql7SmNl?<3Y|p+}<B?J-{@EL-x-`yEP_2mU*%VeU(82xh{waAM_D#fk_P
zM2QE#$@dK@jW#L}@3w);eo8G()wT)ik_X(nB&#WAt>*_I(=l5D^G5I$nDIsZSH${<
zIeB~6vqA%6j#Ga*QnW2ADj3Z}5VD#z%;i$phcxJnaeus0zjxw4-h8n-aLQ;N)C@se
zKuK6#Xl>?Cg4nZyB(8Jz^~{DW$o$8QTtNJcTn_AL7rDKdSu9=4e4~8n+!oT{=Y=(G
z=4X@71B_fjZYPn2GtOKqKN?`8g&CyLrAg?EK@8#zmR(t@>A(w>{0^K6IYHEuh4VRf
z2C9c-k;%*i+I5yiVcRK)?py$I9kTqIIT4DGC;3V!{^)&GkT}LOB#12Ff{#MevXHI6
zC65mQUWw$>Ml5OgOF_y#20}tCgQb`pVdh;u#b8}9T;}UO)ViAOA+wK)5;hJJ7Lk%e
zL+0%;J__h0MKp79P;0KUB^G<bxLXn^drk9xabd^xb4d-q$?05-2h3|ptmtJpf7y`F
zr8%Q#nL>Lr@gyCkTy<h>r_j&Xdx8Ofh7Zn_0le@M?YiIWPJpL^<m&_)Qn&!5{Zj6C
zz{M?c5XL}>8|4HC8uHHyS9r2YfIGfo7VJizZ~M&0Q1anp(!E;=cQ8ulRWc17-o;Th
z_31v&TOvhnv-7ZL&Z3dp2$+P+MaK-z(|4fA-%E2=L6L)>`F`~i2))D*J`O31|5ilu
z4hC_=obQ6TCn(PDlm;ls1t6Qdqx{cB`}KuMt^#P)dDNiNUA-T;+1u1~YEB*z!?-r}
z=<k-fq>@*W!Y7f!Fi|2_c_U!B-T8MAWM7cuPpFnpuyDH)NJ|-G{UHlwFf1I-1a!yb
zXmOB9HKe3eO%<Rivm?T44f7Z20|!82<V2nG@LeK3BY7(QXH^a7*j?fci9QnoV|zwO
zb=Is0;r=xt_9U3{u&`ekNGdD{d7lMeOg=Ur(KeCDl_y9{Iw@*0g}i#UfPn{aP&z2|
zeuw;UEW0a-e}QlK<~Q*>HsLkJy*x!V)4{~@cr(g6W3v)()kx~bt4hTVR_@(5OqEtz
z_y})!Pq)|&0||C+My@pzgOr`>=2}J;3}G#cL`MFl%%S`hW=xZmbT9D4<aB9jD_8l(
zj#6@O$;GFkl4ZWB9FAHemMxP8wXeageb{-cbcwswe6lW;k$9OVRhQU4MFHr|)=cbk
z1zhu(tj5-PfDQ#p<^CP=tkO~QKJCg(c+I0xmpv{={Uwp(y-{KAss!|+8AGv3nmj@)
z7`PQVso1mR)iT3+*z6iw(L;e@R&WfpXb>uAkElLy3-h?XMTx`S8mHN!J@ma3V(TK}
z5Y1SeyxZ=LgJEX3QMWyg8*U3Q*VV)^?oMwRj{Hr_#2mr+ll|H>nfeKPV}If)lO&5r
z_)%vKx7ggNqeW-qvq0|k?$;*;W1VMSaT*!5H+FxHYp-TQI4W%^w#qzhTS9L3Swh_(
zBpy^rS4`>Shtt-4DU%1cf6{5}m8U4^+o(o$TLW3233|+#+2`)p{qZy{a6*m+ZS#2B
zlOJwG?ojolL)<|+##3h3ys*3{agJ#^{X4g1G6&Qg`Sb<?o-AFjSb4J9Z%e#*<@Rwr
z$hUgy++oyiR4ez_o^U&}I=m=CzG9yd-^ZSO?A=4{_CuceHlr5tHwR*_bfX2QD4rBH
zry!mfeW1?+%<*<8p22+5^|sBP;d})7b${mozd;{=g5k#D29|u~*EE6z(Q<)}SQA7a
zDdR4uAo@E3&h<St2w)7PO>aGbY9DFDU0S;B@Mkxy{y0M3RRu)A%}){EcZAV)z=^%m
z+1K0v;chk^<JH3(e7YU;UQuszA1!e-qwBZFZHh?&&EmxNu}fL*H|>hy(cKp3xd`x|
z%rZrLa&-xIEyT1&>E&-3u%S5e#yH;*0qd~M&J39zX&I~L1Vli@7X`G(Bowvo5t`gg
z#$#G=w_)VHp+9xNRBYt|z4<6Ia;5SKT9O=DfJBE7si=k4jCSdzip**cllNFGf7e8N
zyfSrntJ&UWv^=Kvt!Nb`NC@DUm}gh~>6^1OyK*B33$FHLl&(un5M6hNMXMHI0#Okb
z^I}q;U@s;jY#4I~JPR}UlgPXBwH79_#J<TS&bGrm+{9*ZUNcS8Od4y0PT3FK7O>zj
zdrwGroDbuo06Tk!MG_fzt}M@#oA6ySZ}l3_`MQt=G*qrlU{=b8Pdeb)X)lc49K~0{
z?S|l(?*oOm-?#AaiT)1!Gimd%YX-vHchGmKhZbD_a`!UEKHj<c4RXU}PJSZWkM@-U
z@1(CaKqBe&u)o8wOk;mif1Ql$DBjGx+h_F~-S>0A7&-~^3VoB^8Gr_TjooEBsjUQ-
zNE~{-OpqVfH|PoHwK^M`tU)iS9Gq1cz;K4&vvEp{Er}6u;y7&sye~T6t_C>RfR1T}
zE4q6KluI;R&^xN)BK4i?()&tV_f2Ixl2Ca5KWXXzPpc*Q8{D1AKT>M{{|8Y1y$2ZC
zIhxS_EBid%W-qGtC7j@W%~Sn5?DN-a{MS?d3c59Ma{AJ={^Fnin?!6--mpa$MEw9y
z-bnT@s8A_cT@6p>-*7i7RgOZAWDF%2L8cEe5lW%`3cL0D1M>u{`wV+uDvHuE*B`=^
ztwG(`Xi*VH%6&M_8FJ}$NOAi<G&J?iHYYPMnnt4BaH4yGbY~c=+4K)rK&M4pWBU~1
z6ow|O=E5mt@Jj1>_#j{lT`-{uuXcQiH-eiEfBB@-Y<{m1kI8zz17PL&TWhU1vHf)U
zd>WR_jhp9)GJpzq?grRkQPhX9clu#HW!9A%mf3JPE0_WYWXQlhqw4V~HUr+R?I0P}
zx=D+(py1?+0T)Nql+r(kB!30QTSPcAe`RkYubqBa>t0)eD5;mP`S3iuniR>z@1zF_
zKHwKlJ3V~sV<=;O3uyyytRZe9Y63b#{*e%6?wr?og58BY9t*m^nL1x5;Yr?S+qd8(
z6lzlJhBz`W30fhLQ|GN4a6dBqHOq1sh#_YszXE;zQ31Xn;BeR&+4Sc9``2vl>{jfH
zK0TXMQq@qh;I+?2ZrC*b5J4L*?T5MP-^Rwp_$jph&=8%MV2*l?*fvMMr0CrTbxw%R
zdlE4-idF1n+iE_o_?JGz#dAdL1pM(q?j!t4a%MSY*b_)e(kL(dJ7U(qa)gG}`(d+6
z9KMaPj96s$(2A7scaf9{GO2xpFDO2Xs*aKK5xS~PoovN^1U{7+T41cEly~;Ik}pdk
z#le|32f$LR_mivIBUrg3?*9}@#TuVu#}GLX*9$E^v`=P1w}{9eAU?;PoSQ4GhZ#mL
zolUlnYt|vw$$J{RqZ4~p^Z7U1@j{QS`Qn$#hyN7^`*)PS|NX=Mdlqbx>bV`N3F4>C
z&ko+oHFQmYzmVXMRhrsxv_#_RMgO3@UuvZy`DYuvbXtvVhZnk>^HZWbQn}Y;mR=Gp
zGngnwhCSlBJ`Ax(Ztr%HT`OyydV+jsJYVknt#%&fsrxBk-)FRLqvHG;kar87P#~hI
zP!7tyBkb^@Kpq-n@nHudia_I_Olbr4Au0p8A_wrP<KY5^_(85rnLMn#o0LPahal9!
z9~>0D5mcEN+hj=J^BF34bBB|oy|CA&tMUMO#lpv_)3M`a5^H!%)9G2YrnGZ4>k`Zu
zFOA$QWkfma#Gi|Zfu;S-79o~ghzEf4)i1~CeU?rh3(i%zq_EVY>w>)pSJfL5%_Sw!
zJ#;d&<#Xe34HJ@XEeIU1#?)_?ig=ag{PF2@=QA&T@SJ^gx-Lp+B~H_x+a!<qTL=qQ
zLkY>_+!Po({(RIRf?UgLMfrj+7zsc$v{vDofWam~D=*W7SuRhv)C!F7N+bw2iPJN2
zE^6Fk$4jP_&6niJOsLDQKriSQ?3EG5%44(mTCB<L7bz1Z;yUTB&===5Ca%@Se&E-z
zPDgEk!$W&$4(syR>i@P!FiP>0s)lohW+&55u}=va)5oYH)}u4q5LzZ;S56pZ|D&%N
zV$}^2anz;d2D5orf2hjMqwSj687niAQZU$@aW?XU)otY21f<iLE3#W4bmNS#sINP9
z*dz{xi5z?~!cY_y&b1-JD&=vw8x7Y~i^Q9=9<Ofdv7$_aTfgpc^HtlN!=8SBFuKLD
zWbZk$S@@<n)$hg(7cE^$Fia0qY{XNS3cALr0L@Q@jD?f7lMFB7tg*758$S`<rGc}x
zPg?@*3`)!4uHFe7mdz=yRKl}G+?JMc{?|}hCBt^~*(hca1}uj^h}(&nGm2n?r;|ZG
zM49l#GX-6We&)se`nr{S$Kc1h0`nhr!D%g$nP!XHNjIvzvPH-97rn4y%OY!bT$7J+
z-CgFHe$6xDh%mjtK~7FhUnAM@t#4bc$Q?k-lS57rCs&BB#61a8qfH&Msw`Y>JIp9q
zR)7(o1U{jXlp^xgaX9n06Q4-w$5^(!>^lac7{VaF)WpbAM*Mv_h~ZlkK*P6lJy7K-
z`s;Td`E&|<e}O($0naD0Vh{hV&U6pf`BAGtS+ley^NIF{-4V<q%nnj7qr#u)BhrTG
zFOJ19=G`21?U;f#<>^E6y%PLn8AX->g`mz8j?=_~Xo3`~K<ANy2=m}FFy_0C(^USt
z<i&N+=4!C3+z6hO;4;v~HNVt4P-5H*MASz-%8gm*up1x_FZWQ%EN+7%$t&jbon;gk
zk_GHYDdmYeMj5IAU{!{^x?0Y1I6Dk3H@Ave1n1DglF*;VK0-I>o|+kf7Q#-!W@A(8
z8Rwl*$r<YGi>s@v&LB2jCau0=w=U(sO@x+e;!LTotuRc{x*iIA9%t-OCT4e<G*VUG
z*y!)ue)}Lyk2eQN7rI2)+bnY(azwy8;x$3JpsWqr>T|QgoVWaPon;5?VzX__SodhP
zH#N0DTwX11?)P>KeHLsU+WUTkA-JjJ-@)_l-O7_YzQ&^C9~ycB*4vfxim18*Y2m+u
z`^ddx?~GW@+;+4Ug0TB!!0|E7ZeyFOnPGjn6i+nS^8MH1ZfLo5NbptIXTR3UzoQTS
z(^{!)XJumR^bcQzs+1F|3hIX~Q`)gK7gX9eA!5+TIAbC68AwAyNFsfE$UrD0M1Nl9
z6p0X7x3vwF9T)<bGWFv9yivEL<QT;<u>mH(S!xrJQtf8P!zug2-kZ#9Stbc`!1s%m
z!*$NXwnLAfKJTwXzk$yBzo>M3j_5Xrz!4H!cm_^QnVmdoMd@fpEMv#a5h!wDX<2IV
zA%^j@5)RQTb=V@b%rFwaI*0jPhmU<+qu*)_qrG70+46w8SOcOmLW}_8=Uo4Ge@4?N
z%t51O)Bvo$Kmit#+h7+#!Z_?D3YUrbim%o}r*HHT@<)DB-c~7(9#_2>oSv+Ef4}1_
z3-I^WrE1tNH9&2LQ6TKgSte?+99A+et+a7Ice$DL$d#)qyO{HmJ||D)lTk25HH}G|
zhm70ZS?atOuN^j)+^yHf=&@}y0*i&E##+*<!5Us8y~G&K;!216r0i?!X#y$-gMiq(
zlE(2<u#E?!`d$f*Ovz8@v>l00LI|4bN^g_uGw(#@mkL}Bq=drM2vrc=1_9QZ5dY>8
zr)W)pg6xT@;G@ZB;;!V>t`%5d8%x#@^DfhAU6)1MAJct<fB-v6I8z9#vSlEdfj((?
z29IxT%4Y_ZczD#-9MtjSyd&BaPT!r@(oTgSRH&6As|~InfW}fhj!Uop49UwghK&J3
z*rnW*^D-J}4b&r`OW*#I^B6_tm}lrojElG>sy<bs&Nd90bJrYTo-QVx=c5+Y@JZf>
ze2jz6Ldf0?pw3HOWgQ#KAr9dKl9vguC^U@RJ^kR%BCdYy`q8GJ{+%QGTro{+rGsiB
z;Ub^P+h*O#{CQi3YR%POYE{(|sXp_D)sj%{FcHi%L+u3bJ~O_45llpyo5@O>g|s1$
zg9f1ZT`Jm=Gl|SGN?7fFMfsG<v6-ylCK@FIdOqB{X;fSuvI?`Kae4K9z_e+@s8vLN
zet*>K6Q*6;w9wXL*6bvENojC~!GdR}2`VpdJ=W$`E&8gNCU`$4_H(ZTP?VQ!$mobF
z{UkX*KGu@}n3Q_^u20jEZ&TdOyBtitYQcBBUG?V}_F>X~3;#l=2fxUt5Q)N*UV^t?
zDI$-{1I}M{z!}h*V2(!}b|DPfAzw}K7?+Qp<iOwB6CfA^V!=Fpfeet;jH|-<wNnoQ
z0-8t-Qk$U~D2t!pP*kp`vj4^<A!>1B)m*NJ0QL>mIk5ccCEfTCHg{wg)^IFmQsH4T
zAteuJ{w3EFasc-*sbfV8U)f;#WFLS9Jb`R(i#BZx*;>V8o+)UR91x9EEC|>w`{f!8
z=zsxq5Sb?mE{L=n%Fy=KNmb{<sLuebFs*z&%2)T*@eQ8K^j*Nz(cV;`YGf1o$*d%y
zzeoIGfrifr9nA;r3PTjIb3v<|)|r~)kHM%$r#B?grKa*xa@Pa%Z48&8DjbRTLLz<!
z$z`9(DmE%ax|dj8(iRggb%MX=CvqU4NiA**Zs;QAwgdQ}pPE+laYk^9%NVr5jh7oX
z8I){@)>;uaaICR1*M;lcDz<Tt*rJq_u+L;mTbouQ(cK2KPcsG3ky@warHNb9K{xna
z=#0}X*^uS9=r*}9rlF^Yb%tZ==7Dxb%eV)G-;x(x&|&v9m8@UtLtbv9ZWh_?K`>ks
z;d%v*Jz=U{L+SPuxnulBddJoKBjpuR#Smh5h0{53nL0@Dgzswz?rV@->c~qeA8+bH
zqG^xltz4P|c5wnMMn-*$iwoU;@%c~ji+|ZNgp64*P`=ze5?@nDng4^%?4JU-la&7}
zfSVVjVC_4Mcn|##&@X-SB>We!3aVvT>`R=0cz4mUE3H)WhN)ZlJJ^>6ErgyNS`_(u
zqMyK|y{<x}5Bx5N*~x4&oAYpU?fLq4Ozj&A<&ij1MIHuL!zlT5O8%e1U@gneioSk4
zI25S$g}DCwXpTY_X{+X<JeWrpXCu+R@?g&3R8&7>akQrA@9cONs^cohYqn%Vh`#!5
zjhSZV1aeg<ESE`O!g4dN1GlTP5>Hm`dyw}vW)5aquZ`gu8H_C^5U{2*w>0Ecj#g5s
z@oKnjsHuK?wrQ^>4F=Fd^*nm1V^vGdttz)cB<=#J5@SwdjrF|jiPa<BZ(RkQlr}I@
zvtl;6lMJ}o^AiG3ZPBp@uJWvE{+2nmVWoydnVZn!8R(EL=&StPKI^{b8f3pZHSaAu
z$&#&2q!EHPRoy|%945QrSYb<Z5Z+-s#FQhl#dNhnIC-Y8rn`CY8ELbVk;m3nuGd91
zvzKtq1mp7+Wx|s^9j&`mm-yMLe-Q=eBvdd*{s119fHBfX@)&py++Ormi89#Xcy%Sr
zNPW9xat!G%Yp`6nr7Fu((M5757s<+{K^pk!0SZ{%mzzZ`<TjVj2=ZLO5ENiXcWqJH
zoxT0-kTP8CjhtH}lH`S>aF6141CQXZ9Vj0!j4iX!U9>DN=5o2r52XNSk%*1gAd5dN
zDC8L>9Q<+ZJnzfl#B{%!eA%Jkt8O?1*?~{xX;|E%Ofgp)usFZNl3he8#+=8QwgQo-
zw*~>dYVS8_TR+DUhFKWf&GKE*n57%DyCBw?A-<S5+&nq-Ae0hA5Vg+)7D*GSgCxj?
zWh&n=E#~M*m`Awo0V~Y#f!h;4c3u4Vi>Ks5sM|u^3b^ic|8)^{hVNPX%Hf2`R1}xv
zR^#ybjW<~!`$nFyMGA93iAzTmohB#QU^az#4^5MC^*pycDwvj8##>D|Dl(HnyYIem
z-(yEjayRXa!Ws8@p>IRx=9+qse@TF~WnNN6NM%oy##;%sCN@IEUZY>-gT(Gy6=+as
z@9E!o3qkf8Ys)W;Mf}YHAOE|x`HD5QbNt7Ek0fO+I}|m<kLX=@_ER!=_$7fHx19nL
zi56DU{GeEQMRriwIPrqq-TSz@W6z~CvfAQO$#=AK-#=g_iKR)aeD^tD2ZqKy_tj02
z_O{0})0l6w><-2+x<21OD1LFWz~c60`sF<Z4uG-I*EX{V9+;r3se6?g=?<yD!C2E_
zHwTk#dKd0GftYA7+4pq|(w;Vte4yc#mD^c73H8|kZ9u)L-|vV4FT6yrCpA*MH*SOq
zFWJ#U;@UTwH1BW=Mp#2rljn$))*rptwv#fjX|0i7I!-GBC$*lI-RI9KZ+oxYp&Efl
z-?5n-)n;)<TsPuCX%|BntR?FlThnkS+f3Prx}r*Tk@cZ-Tko&PB2vG)7U2Y5dyfQ0
zs!oTRSQa!X!3|1IDQqmmy@~gw|3ash8ws_g7NPb*^aKtu)B7GBhJ#wYe)(<2%&1t~
za8w0ax=iPoj7gQI!?rj#)Gl{jG&V3=)1{?w1Zc>~D=w_bezbpxcCyBufFLz>e?wwC
zm1A-T)HF0VgItjg3MC7>z+y*gp4H355YJ6odmlG-xm(8%r^*U|;>_i@Ww+zG<FRDa
zYfY{#zQ{=K8KapT<rkLW<;VGULaw^P-gLQyoVtb3<D*M*{P5}!&OK8{f_C9a-RPEE
z*@5l?(GNDNv!WU>#I57Y>0?Cyi~R5=1HJlj6u~fMGk<)l3%`F|(C@dSsKxJW6FJct
zA$S8rL2aAtyQM@W9RIetbp?1eb;THzV-b?wY`mpL(8+eB$5ryp9N&J%7nG=+?mEdf
z;25h?xkAm5KUfqV>E&RvEGengx&qVGJW|42<eU<OxbpqPWI80~*;_1_mpi<({$23l
zrU05R$6$T99E1S4#UFH_iv3?+;$`C5%=M;D9#MzatAPBr{!`uWRoLaQ=3%u@FYzu9
zoRU+b;x-1jdPR_8FA7+|m(4oTJJx*3Y~lBC2E3kNi`THHd0w>MsAUrBlQh+``RZUF
zVsO=ib1y}-W5`;dVp3xz4_eB9;O?!ch3T%UzW*F5nx19eDwS1+JH<#WRA>~>=-Tey
zqU0YU#Y*@D^p<Kqqbc#{-9W(e?LA=>f5qX>ITuHf<L@N&?aheEMV~Qd<v{!4A5$oA
zyQL02n*V`tzS>1};x}_YL*0G*{MXK8fnro>^b5XBUt@q-{(}-J=kgEi7AVU&;fNr5
zlZ<IvbcC5eQ4p~~Z7o|}k$Wu@NrKi?AX0?m#TwyaBwCTmB(hqa*Aj@zcVGS?u;1RH
zhE;~AlEr=E&7^8=h$k~H@Q>)blb*V3_oyl|`*?f3M){U<EilB{UbIV#zD!&DGic%!
z%dx7Ks=6h4@SY_cn@|5z7>~WWKhFe?#v+kr-T0D(t!Y+$!Cq^K^unCds+lHsHAObx
z71VKGr-hzQj15PX?C#t&k1)2fEQHBXNOMU=J|TN`)oEBlr!K=)9ThVzZ39*Odz%Xx
zgKlGnCEaQnwXd)$-T=T>hAU&XY2{Lyyid%P(7xpC1y0Jd_CZ`D$C|^Hwc1~v?R2*4
zHn0G<?BHcoGo}}A#QCmO3#wpB_w`66ow~tt6vn0r%Um60+H0Q@Ynt&`ASi=YR^RcU
znd6{BX;`vczMHUUenFg8BS%2j!QZ%8l5R>(up0u3R9Q-YKMmOOVl#U!QlwlY+KD8;
zt_&%_MLeNcIa8ghG-faUG#*xWk;Zm!X<jBni5<PjFdGD}{TB@QrXlmxfl9lnez4fo
zZo3~9+Z=~nnj?uKQ!4=l$r`swM{Aj7j-Si=+*OUAoIIm^e{lEgXNsts!sP)Qcd8G_
zW7;P55js<8%6*s-6~h%(Bj|ygDlIS!g@Ql^b=+YKpF>ACs-`O7&08#J(e{r<6G)ZZ
zVk!lW<%&&ksmM0Q*wF6fJuvjApG1mhRsTf@8<|n0mE8m!XBRL(EY%LmBrP`+B(yLj
z3e1k>HO<f9%#|DcXVi~(H(Z(M>2sJ+8&8deCu;7hIQ$DX-Q3S3TyJL*ar>58${w_}
zi=s7eY=4@}Gm#tUd6*OCgDS*%WQg-=jFD_|M13F$+Sx)HP&iBn2HioLc^DrY)CqwI
zZvm3|cz!&f<9QG%P-Sf38?FY@iFQF7Q_89tgZ7K*LZ<6h?!+b9ad`PS*XwI4rwhcA
z03byi%mR!)NVA<{c;FZgZ)rnYj%2pb1`&0HY=72;9#1C@RZqlI=H8b#D)l*=a?nqC
zG4(u~ca1rg0k$56x!_{&PzRQmo1}99`BUEM`mWyeYE5+7*q-yPS^f<sa|ydoUx{$$
z2U1!sm3jB6M*7lC>QUuqbeQm7D-kENM<`Dauh`fz5BX1ng#8wNNY@LD%$(SOhcGjV
zC61bo@YDIBb`1OQmg&`$`qg|MPZk1s>4;on#SgUPYgXHBoU=b#^H+GC-H$d=<SN6c
zCWF0XidsC_jJoANL#F9>ZPHKad)-#CJRS-Db!}KiwM^~*k|eIbm<zW5U~TxX3I6}b
zSR^TF$)PA9e#lz173kQ~{mF_@qZ|cxq|b%wDYk%?h%25+oqJGEwsy<dpnE8KBJm=M
zGxuWPd(DevmI^8?7p&!EHZwi+x}6y3?DFyb1ky*Bi^uH#f&89o9B1MbKJaeKL{Ob7
z+bymy+DEJ9B*D|qbBT_uZrqV?pwSmDFrLhMuS=M<l>#waov*_h-f6YEkSXvcpb7VZ
zqsMGBr-yNrp1O_}YRiE}Hl4z5qhdZUIl2)?CdC-8l)PB!EYqkpS=?pj3GC!CRDt~!
z?D})`%4C5_Dtr5Rwo<&Q7hYIHbj2a5hE7LgEpD7p!y&xW*}K+%Z)&7rg|@8Kj;pcA
zKt<py%`aapj79Dlj9N_Je8-wonnw_+O&g_VCmfV1+$yni)p}89-vd^PGhDWhuB?ds
z_VRhmES=E>_KTOcL3dNv9)iO&YL_C(GeX2VNzo|d{@x>Y{!7l60tb(?+`>KI2rtHE
z{3=I%+6FJedR)6+19<EZkBYk?-KYtVhV5jCMJ!cs?ke%8KGoLp<H;aQmCvlXpR$hX
zLa@<msl;~PbKUh?5fDq$z-NK)>O)GWg#vN5SkE;KTtvAXkyAUstS>%01%^nPHngng
z@hsDkeC<!8<ZJ2KA%kp;`7d3gK)&>!)i|*A;5}-Adt|ka`C!KvXKIj|aeah$Oe4C^
zaoU2YW#aOG&}#2?^|c3BXZ`6hM3|=)apW;7jt)@(q!#)Kzp{gVMNWsun<Xx)Q&y>C
zRsrL!66>zzv=2Jefz{*Je+xA$ibmu=BfN)ZY==h-j>*%6Y~O8U4Aa_H*Q8j~>h*j?
zDDU}3(>qlg)PRf%mtU)K9Xu^G>`ka+Lqop+9C_7e+t7hMj-ozXi1PJ%82!xRrV>S+
zf}de~NS;q}^d9w-{N7o-_mqMlw@=H-&P2x2ZUIh@AK(5J7ri$%$pc@w0RCz#IsXG(
zD4G~sIGPy!qi|*^*~p;?BKkBY>RQP8p<iWT=xxix2l~tZK=D_YLp217N>8<EqY{hW
z^l&44r}}{GiWO(^Veokn!!nBox8w{+ADcWIpWt~NAHRtC{WV}EwPzRgg)v)*fLtBZ
zTDG=%P56KpT}dKULfR_T;M51YE_GMudzi-}3^u;GI%+68&uf-IVKvQTfyJ2T1T9#$
zO4UACJX#Tcv8li(%9!c~v?^%pAVnjU)j|oi-=@Ec+Q6W$hDS!NHO-&{_3UPH_JHdc
z7J@6S9-*3jdpebl#)^U|p;e>GgA9M{ed%548AFndDz01_z4F41GTCyXG>M9fq~F~#
z^pvk?WrL|mi{JjdH=Go3dXY7mHy6!znf_QE82FG}O8>kPYPF{_2IFoiXsxB*>em?0
zhQd>-Ei>(KT28pC+-!AiVLhB8D)2?dP$E2bjdeo@v?b@ro9_YT(Llx}0lG91q3o$D
zdK46R9<)~O#YSK;&eBfFizjW-9&Bcxc{ae$b+y!!o7qaAymj;TIzuFledBc&FQaQs
zD*6{MmCx&LF>T*tT}@>09v$-SxqNm>e+6@VHi=|L>eEyg8(Cz_%s_?1Wt1ZzDZPtL
zmC||h69}fNBdR6PZ(!|9*Y{MUxRp3~M9!3*6dhva#e5fN#(``A?{N#-1FOCH0tfys
zGib%KAf{*Bp2rtBe&9-pEB+y?z01?r9z>h<x5N4ZhtOZ(cp5SSpjzlh{mK^o1v?j>
zU>3M&PFi(AsVgF>Nui4q*FI?90alOP_)Q!$Aw(S4Io31GwjCNNI6C)#z=1RK7dUWw
zJzpWp{SaveFYAIDFwx=i;e^}C>meOgW=kvDonaUT>Dw0`G&$r5&5YyI@OM#=HS%F+
zkLjnoNL)gl-VS;G!bV3HueTh;Q>t*@`LuR_s%?meo6o<UgfaT_?4A3ypPc+^2mh1(
z<UbF4EKt_5!}&Ubxy!NHP)AB`fh`I6Es#Jr(db1A7LqvVqNT|$<A5ASC}8yS#Jc{v
z(sd{qC=4U;mv1-!pP&@+sBm`y9+K;n(#^I_j*`>TDECxuH`B|^pOaZ_x0kzL0TT9D
zNw|eqy6{8Sd>IJt&qNu|v~(ED+6K2s88I@b(zMu5fof8m+5<&rI?UD9xx*JOC}be)
z%N-VflKrMYnQV?5=GlRF_ia{^qbV}rigJaURwyAcHG|;_j-A*b-vxqRv~HLqZ08oF
zfQ6asaDb0<_0)ikOqxnmHMv#LDo09-FlVbI?1Y2AS0zl;Z#t6rNty6lb1=m=(CwSA
zT&-K~{m^7PWh%c7&f_UM2pKJ*>>y8*uDnnSMX1`D@Bf-mJg*GU>B7Qlmhlqar@~Ue
zW>)kJD1efl<e`c3Fe4E)^#&%{t0IREBRNG$mDk2CQ7J(Qqz>nZ5|DHOt?Y{Rnb=yn
z&d`CPp_^(eq;hH)(1$WfR=(CUklC<rVIt8faFSl^#c`kOZL|Jf%Nf!{n`w5*nptfR
zVFFWC#~y{E92F`8+tlWN3*mUF(xf7z)f|Ba@<?00(-|b<^}YJ-6HK1M`L$0dj%Wg)
z*5l<nK$n<$v_502qyIt4ax7nf2I?a|z%c^LC7a*dSX5t!2R3<5$<go4QmINN&-&<B
zb^>gea6uRgr*fB}=>oZ{{HzhX5bYI<$SX<F!X^_~*xaWTBAr53mg&U}XC0+km_
zBnT)l49vmhiNMn@bH&kj7d6`lBVHym2g5i#yO=1y8E-_&fqC%OnI{8ry~kK?wp5@F
zz-h(r4~Sch5|)d@BSX~3x1gQQq2Z9BDZ`Prn4G0;exyqGLx%@~n-Tw<0U4cvrA3jq
z_%^)8GFyKOA9V}j0f(^T5(1wTwzT2bZpx7HZ6jYP)2F|)IwUe{GhhaxA=scCWh@Hw
z#GReT&oJh6*!m3rND(;QK;EfI?ieGm$peyRu5Yy8tw$XL+{om$rjxk5>URJuo>9RQ
z)rkSzP|)yNBOM!5bg)G2s{#&Y-(pVhKFU05m-$H02Lws<`z-!cRLn9$T-q;_xwp~Z
zm>Ye|m&3_6g7Ch+Ne>f6oiVo$pmcR89F1M?2+`*Tj-Pvbwwe0j;qgTuEpixfa^|Z)
zP|fF>E|0B3@_oddeF4P;R2LZGZ()^ZX4JP;HIZ}9adV_T@bFNYmmWWS1u}HP3v~b8
z2@p0fn$q!A4^O`KiT?@aRUEDVX_sjARSHpgl_Z-Ilf+=2M6aMkH01GxkYpf5Wt7CB
z&2z)j8jUn+oijEp=6>(QT)~9>*oD|N^G&?ow4svG2ry=Tob32{INoAr>ht-0jnd7d
zOUe*g0vgOPK|Zk!n-SuT%4f)o6M{CB>E{uRPjLkb!=n{x6!u>0R|KvKYUpx2KQHEI
z{2;Jcus<xhGHNwdnaB)$ovSrdnse-HJyE&rsRJ;x^pqoP-A+#I)?chF);_NWwBu>m
zqwY3~9G^){9W*CJo_Mceq>i=fuEeWotg9s_n+$z_O0F^~Anib=pxsv&SyEc8JUkOO
zjiqeypyQQMsJ^$7v|$S`EwyRd!BIzJ;Mu1<o?~;+JLbI*(|10x<{#%4B*U2~3`K7u
zja8)epSP@2xKF%fW>PuWNLN#)x3L9uNth=y%0wED_v^4dF0XgXprG(b5t|r-Qsrvi
z;`(iRCQQh)W1wJ_W4W6e;!VknUnA#{HHMMFo6#30b<cXhgkNmuXj#yYE|sb*<$VmL
z>Ga(ssktRK!oQW?4^}m*6ke3omamp>jAmDC@zD*xK_sA@6!~9TX55_|CJeW5sX0-;
z;5r6lj9YWeJ~9*ig~EoX_^i1}XNYyxZ2>eF@Pxa-;A1+`qdaB=QxZRR!Y9wz4rztp
zcEYWc4{$*eN7O`JBJN-KwKSoIXb#lvl5s1vgRI&V^iPHgtRQr5-|nYFeJnu8hCwnw
z@2EkIGer}bn#`pGZ%*KLlk!Bg`mMftHd5QBUyC46ztlYsFl+L@E85LOxB>O5*Odl!
zGbcw$tV0bkwbpE+EQa{%M}ev%`NY$egN6V2MJD7<)%!9(vjU|WxaA~u?P#CaZODZs
z_fXJ9oGe5v)A`9gt|yMWi~NZNh@5#htJac@VVnL@x><8<I1IIcu*m!LZ^=p`F^1a+
zUnNlUYkSE0A8Zf*<^21<>JHEHNY9FXjiaL>ij=wX;e*O7et;)7x`bNe6&u&4X}v!P
zS8h*+x%#9?Thea|gWPR0GtE>t)yz(po19LQ9c~AQRaINxq)DoX{qn<Y^Y^Ingyk|L
z+n_H-JS2mnU!e<)QWcPf%EKuSP<iC9<V7G3RGf+P^aXo}h5Jz|hhizuZiOo|)~Qc3
zvW?XDX@#9fs$uQYa$J~NWO6uvsxdgD!Ae;xBZT*^?1(50Pq>C<tgSQV>$r)w^Y)pf
zeqWZ=I7HK3MQI%xD^zfHS=#-|L~<<<#wgUS#mnjX`c2SN4ymIVz}%onb!#hh`k1Z9
zD6W(JIDHemHP$i6V%Qo&vHL<liwfI%Iaz{=F5A%FTeL=&By))sC}nLh`(+)1n)WFG
zb~jtFPq`-0=1YY-E|P{Dv9tAD3sfz_!UQj@kz)q(@VrMRM|==k4K|8K7Q==TJtS~r
z?&H;-3YwA+J$^P|B`d}02jOD*;VN=0Pbe)U#KcfMGu8fI;={oWmZ&g@xD<(KAGIU0
zQ<Pwr@i`_sJxN)oRh?$ZGCWyJNADQ1nO1gj94oHknA#zb@~C!Q-`jc{P<?il3hs6*
zDZTIT1ofl!Ay^Y+WGfXpFb3L#jyMX-{hsti>k4A-j}VTN+TZlCaj;egVV}gruSzuF
z=M6I0;)3IK0l#585=N?}vMk{{8V;AmZopBvM2|TorZa?_q#9W(R?TJJWp`C-Ygw4n
zcS}$hUNrgQXZ)>LTyqzE%ZXD3Ve6V@lhHwqzOj2v_s9bl82}!@qlnW&kn*7Hj6Y_O
zk9Zlab2t-1^Z9ZrAZAb}Mlt%Kj|q;rM7$_+$cZV;`K5ft?l4zFda1bFW`~X>fBzXx
zi^=>Ejz9Y64ak#Mu!+VGcSffVbMg36DgS!>kV)tb8I@C-MsyQ?bTu_5zT~!T-^n;X
zaGUL7o{S!)(->Q(fIshCyXxfUR%|pLK^K2$snJMMd0_dlJBhcGF(W}lkiJ7N^+#Nj
zdEPe^pS?Z1|82njf5#=o-$R(Gjq|??7g;8{vtL!~?(ef3e?3IV#n#x`<e%!+f9r!^
zb&G&TpXSLgd`n0H9jQS5j~{qcK6GL54}8)&S4yeIwuuY$SC}`}&aW1Z5A(Ozl^E9L
z#^P)unjxFh<@yS@*(9&q!P2GO77$ObBr-|!?|ugI6={dmuW?g=E1--JhjDWTcdm?l
zIwzi=xI;Xz6xi98>WJcr1x3~xYTUrbJDohS!DQ#@3O71)mHS}z!DX%!=<m^VX^qEK
zkg(FSHc&rcWL2PGF=VtlY!}Byy=lgh4Ka&|E9j2Xaoy1KKC+LY#?kPaOoxNZxR
zSjT981|LebQEyPwV~#Spo_5x()|a)XQIVF(j-*t|DcC<rX=+-jDEG1Bt<A-fBv;m=
zsu0KCBzCQqNa#D?7|TfW32I~r8vKYFLmn;$v0yEzTGUjoJ!E9VQ+7<Z72#!X3C;Ol
zh9$b-0F=jNTi4QOimT=#eRak&%f%!P(?6!eMDnieOuLg7+#XFvdz!larmkg&cZ)mm
zQKb#sQrD=Q>A6w!voYywWcY48=u+BOY|sDj8`y)bOGlD2J8Z@>Xt--?bdtX*v&Xl1
zWC4?Cvb)HT+YM7}(IR?QO+5~J5*gjv@mF?cpnSo1xARH<WW4kQLWxI+VgYu`SSHf<
z-8PAjDg#ry<Q+Lko?%EY#b4HD6n8lPDzFvC@S8ob=N}I+pi#pHv7T{fh~WN#l&t*G
zCfd2;b`-lzm9ZFJIg}ZG=$^m8&42K__{Hz}VSv`-13N~ECaPA>r9$qrVh&mbu-PD2
zvFEhg#(uK_Bnbc$CTH;pomI!obHf^P3t(EAxgfd^*8Vrk!N2&kcl8-UmApIrO6g3W
z4qODJ#9GxFMH8}x_r_GtqXb?*kibdIHKY4k?|VkH89zxf(ZDc87x6tv7|9W;IX`2z
z%<o-|&&!-$=D8n`_D4K1FMpJT`R_8bV2&3z^e;R3{}*bI-~N)&YXO$~s9!Em_OJQe
zf77}27fQZNo;C)~KMb7zfs`y2i7%A^^<y={lvECvBtbv9KMbQ9Z8#PYxqFcGS_pZM
zOx(3wKw8W4%puBDnVD`^*})G)4c;CK_m9wb3AAQt3{;44CHObW@JCUjmF&m_YUKsH
z<HwiNru(DczMpR}-JHr!9AQmP9DY#bm(`wWBT2L+YH89;X@*P_#=#?P<ds;>lRHtk
zo5FDg8YoWS2O8Q84hhe%<dWlK<mhSiY0V~oK+ySFs;&Q!_>C7j<5-Fi>aE9S%(@md
znWi}Zaknx8&U%r}ifSpHFU`Mfj?2x`lwv$pv_f+yHTCdad35JyzHpDuMl>hD(m_5-
zy(^RaV?J{|ubtOe>R+qvg0^*{mfuDS5_0ceCtSsy(>;(&P`*<8o#u3O(Q(2>RhWBz
zwrmtIiqq(LK4rO@eI1bgMS~b>IL^0}>di7u=ZgSo7gZcrgqK<kJqm#kz+n10Ccz#v
zF)Mq9SrOV>@6BM_-+{LzmLLM7ODMG!n3wKv7*3Pre`gsZnnqh|CQL+55eBF^v_R>5
zmf;sO?71IlkJy2tvF`pr<BXlqfFJISa3AT-klr-Bfu7W4;Um4@O$?fo22X`$!ZKuv
zRGROcFg4sz(1bg0X4}<#0&RjTSARkU^?@tXzNPHRHU^>{XH;xt{f2HUic>*UEx!Xt
zf)5H4QJ&tK^vXB>ya1;%gKnEcY`^_kucrSdF+}ZCaqu%NuRyfp0%G1j0e2!9uT+0d
zWpxws^dYKx6C1%&Tc@%_Vr$MaV*NED=7s)@bGlxJ?|U}oX|+dF$I{*L0p?Rr`5h!J
z!1G)-xO<7p=xI4iLM?b(T@ru_KVW`a<}QStH(;DVS(m-j(}KnQloa}I{w6z30W%DU
zI*iL_!ygGn==Wkc5N0HZcE<pXVVgmk9SnupS?Rq*tY2*;SyIT|FsJau!fOUbQBxqC
zu;ki>)g}M_q!7yvqO%GyFI%=N2tz4`ONl(~1sy6=7T~H|;PRcda<aa8)Y&|4M^iHD
zlt(whkNgN#?>ANEil8Ys(!7ncA(;@z=3O|F`cADQBF1b@B&ljpb!muxR&<T7+z?ZO
z`f1?TnRQk~BOU3XQSutgz<oS_R!k!u$)QoQ8sJ`NgdXhhnoaSc6G=mFS#_-teK;|7
zo44nv8q<=c_1zDlJCw0NaT+lisj+;Me3mCEPcpr8oVbstc(#vXb}=<fXQH)67>}|m
z9HtHqMZ(Q@i0F?f67D0S0r${DnCBw(6A_=O%q>BBDpO;h^n(0nOsbV(ugtF-EJeq-
zmYA;_4aHXc+^SgL=mK5G$O&$D1NxQQMEonbmn*u0C%pUH?<$`^J@NQwKPTnP|Co9C
z{WNZgA-MY1wUgp4vLfpdZiMvk^lvW7#rmRjmak1S0RC?uf%wN-BkN*gXyW*Pbva8-
z$NIl~l3J~E=hMG!1fhpx{2R4Q2B7I|N`x$Gn%`RFK^0OrWK*cxxYyEFW`T(bfr$aY
zA33>Ke-h}6!3>FsEYm~f(vKp@Uvk6Ri)S!oNVA!_ZQP35VpB~gKi?15oi1AHI(%*u
z%D$oR_+!8=p9}=JhmXva+Zxq&1S$u8(XN3K2q;Ms^a+#+c+xE7-qNm2VT@tS5)3nG
zq-1wL^{dT24TuJ2fBiqs-YL4$ZR;AYpyE_)TPwD0TNT@ODyi5;#kOtRwpBsJ75iVc
z&p9vlf3x53Znd^rd#*;GbId+^?;}tLAFhsr)PVhl7x|vaSFDfka9V2RvKNH@aG&sW
zT9V_S_eOVNm*G^L6euY64>X$4OSI2;f<}<@yowjN{*EkNx(@E$%V#10J&-8Ef>;Mf
zi)4e8Vhm5VN=1e?t`r3xmOw()uYeMl>)IKj^E2PmoDzS@2p5U<Rwe!uTbd=pNs@y}
z4UIvm;-W^bDC>BGjaHw{jpEnhToHh*yfJ3u0JxDudGbsJn_u5ro2?(QTo4nqCA5ny
zHNILDyc9>#@2uNU<Wn`cD3@Uk<MSCAzoHyl5ilvGurmd)WaKCd17>|KsXTE;&lN-k
zBfqT{wBv=S7Q?7LN7W8q&k-fK2o~-jIwlu5u?12J3(u>%@52g4WrlO7q{@wLtwW&7
zmJ~}VHxCLU5Y#Nau?=)OmTL%9=U9V9WhNSPKjp+LCn#G4&@|QBr7kpdL@`R_hE3I1
z7~5gx3-{|#630TsY8Rq=3v$!QFVkRhLtg4)X4mYqv1?oOiFi#!7UZH%_0Fk}L3IiD
z4S0z2(?`k4Gc~A;(4-Lz;v&`UrG^ZXu~S(XHTw!uM=kD~YMg@$)sl5hEU2WbYZr#*
zPB}!)JP9|WVBGSUwtCX>Gm@^+w~}XLCcQPzx>Q<T$c-@26^}AnV{6k@Ii1*y&rGy6
z@4ZJ>%z)bmwA47GyT2}<93bv-b5QK-Ottj!3TVRO#za1}7>C$rVYFb=?o+PQP{^c2
z8d-$2uQEl~8(n|kAp13~(?%X&w`8T%a3o5Ry99h$1#Io=_ozhqrC5G`o-o!=O2x%t
zrmol=R#1vE@5IJXw9Z8uudoWP9@6OpWS47Ub)BG4C;xO-r|s8FQ^~Vzmum@VNMG#@
zTi0aA7hs<ADfeHEVw*37j+ECC_x$2w)EH055MY}=JB!MZvES5MSjbzHVk#XiLWMWR
z*z;rCrb+RK)$>pLX9@0RLY<U_5~j(Cu0~Q?Mo;;0x`{$N6|isqos>JU-wQzTebd>w
zI!1S;aktK{&_kNJyi5Dnt#!Zjy1~zy6f`1Y3`oEJAUdXMF%O}m&<YmH8&?c;mCz7G
zjh*i;a6!cImR4i|V>SJRHm7{si-~v%q9H7B>hzsQN*+nG?N~F3xmvRI_pc(+bjoT9
z$HO~J|1XF~!`1Y6%Lw@^dMt1;IF{Vxg1LZxwuJ@f7O+9&<?MP*UWm2B@94}W&a;j4
zx_uF*`e-o*XzRSj6|AkbQX3lF&@{=A<+Ht7={V!3LsH0UzW5d7kXAaj6-w-C;WZGy
z^=TbymX2)wCuCF3Z2N3MH-vY*Zdh_xLB8>@n_~qew+lX?9D{)Jra(3fg24ZTsMMd4
zVm~$j<rT^izxm$8m4o9L@Qm3o2Je|6Adh%F%9A6FHxtz=SdQf!j&qCZmqk9q>>;pj
zJp=l_xcmKn9ww^*qI;XZX~v^Ke6O{(QHe{%rx&kb5r(dvR&~B<NRKab>eKO!PP9`=
zF8w3mnQ3{CXVV;mDY&s$vf#V#WdVJhKed*mWOyjlGr!n1RMFEnWzDiaJfFS!svJ|y
zdC7P&hW^X+UL`cs=;tbfLxu~|!U5N5!_o6B+3;o8X#?O7X{pllt_ZT`7h9zRq=}nJ
zqg<F9@y_07q%yHL)`{*wuV4rI)Nzig<RIz=+0gQK@DGMxqhEU+9%^IxFMOC@IBY>+
zpY}nGs}5TrHAV=U?K^ZJ8AFa=3Umr^ZiOwEO`h$3!Qi#Zmx`*_qGgl#)0=ZuE1#)z
zL{yiiZtswIOUG^RGJD6+UxUpOoLo|D^h`g3b%zSQQuDMBc|Xc7?6@h$@QZ%(4KsbE
zP2MFy>gzT{u???5+&@wl5sL{@IJVuE5huF=s~wzr9{u>+lyAAV7L5T&;|v3Dq<^xx
z3Mg#*a~sJ5&3Fc8|K0Wig>8R`&36dPX4-PXB+u^c9BP`aT1v}7*gaZS(mgP_^<2Oo
zBOVocK0V(f!7D;n%3m+UH^m{RrX;o+Lm6hXDNd)u^vkbp{J!5_zUYG|U>V0v=MWTY
zWSHK-MeMSqqDRyN#56LbcRT!GD|9Dzkm>4O$$}KY)HP`_F`4aU32RH#Og}#tqaV~Y
z;GQg1#DB4FRzqYMb7}rX$t4%PT2)yM>x}S4cD^uAT@|!bxv3m~@y8goJNbCDA!apk
zrUllDb#n$ZuU!b}QE^9(sidCTVN#*VWbJq^n&pX_iGoQ;A+D9Jq&9*o<{0*->6g?p
zbzsA4ELy!yu`H6G=WXL<YyO=B%g-?p?xfJT<QA-vn1P{%k$^m_=)1O}l1PLy@<^G<
z$wHwT3Os+#53J-ZN{_poyo(jw)pb*ri5hZO!yjQN0J%Dj?*Zh|HBDe(<U<bqBGHZM
zErJyosY=_PLgco&<~vPc&>M^n7+{G4t)g_E#Rfst8m@^==t9}awo4RcwQpLEpTo1t
zRfW@AAj>93eAPAdZ}r@$x8~xHT(@Wzziq>oxI(hkWx%~P-b1A%dXB22c}=OQf-njX
zS{JSCo?k=PCx!O(mPX~suYs^24^Co=fBupVUg;`LktTcZA2LT)BS3gpd<lAKRAizo
zKO1MD5lSTG9GX9v{}RIz%(a9614AW<dEaq!fh&dF)Ur|qFRPxhBz;m8B;;f|tMF1B
z<IS9dgcjo*0(_crbki8k9HXK5Mvu_k<y*MWL+nQI1tp;$V}U)q*C<nZ?@Gv91MEAb
z0t=YV#iw6INslcMiMe<z$IvoE-*NMj2&WCS#0@=c!uIb{=y-{A<&8Y>25Zr0HcP+-
z<lh&l<DUkoBkvTZYd<p&{1ydIvI=g_(b#`xOy9rGp@NXDhRg&iBEYFXK+_@w+8?dv
zK=Go+dU8A%g=<8b;nym5LC+)bpg%y)_AV96k!U2u%=VwA8Tj<=y7+~)n8sVO4SWWd
z2#z%e*_h^L9q27e0ncm0-^y3Ee7M9@KUJICV=tVu4?NOV?dw2BU8ksh5qk*n0sG(2
z&-Q*#&T=40;|e5c{vnt82ZVoDphznN$L#Oqf!0vc0*E3%iTDf@#ZW~<f0Ci;q2a6M
zUOCi~rxO7hS2x#I3w{Gh8r_okx!*gp0sLciW++g>sEHvbCl{&j&!-ou+rB=p;5Ct7
zAv8C}^r4y?Tk<E{wKi}Fopd9DSO8!VTAkUwU;v9K9Cvg5RH8*hTOA)mOj`WV;GL?g
zvJTXsX!Xh26Q^OPJPf#RH?Zw+qaAv2aQ&jg3F&uQn!((8XHs})>wTMOx%uZ!%vk5#
z;Rdb8A*yts2A9(KVP&U@XzFoS)Wj9$kU!|Q%SFAl1M`|loVR2K=|zbnN5Y-DiPUo~
z#t9w0<+0oc^aJOTgcP$H;%BR>{0+R{t<e}AbRhau78b)L(9;AdljigTzy3bWrPbp~
zyPaW-AcHsFLl%>ruyhcPko?NZSlDO~nc^Oa7W^(o^CUrWr}iYU78ge0ZmGXGz+919
zQ!~}`QI7>zjv>18=Ovd}qQndJ8atLb8<_TWv}SiKl%V8$w`#8>0ahL3jS``a*>oHl
z#C@Cr1EOl`L#G5Av{92gx^cUcpJ@_*jNS(PBJlvX4t>MnP6$pPNlk39I}dj7G;gqb
z6~!e?p(Af7GTz?EU3yziWRT&*mE(s`SQCoVtw-JM9VYTKbZjzlrY`g-W1V9I^BQD@
zoqhvyh%u>ssxkUE(&g9zt~qCi3_!gL7D@|pz}!pTI=1;8sscgf!4H%ixN`x&@4644
zTE%E2vrZd|Jb(YX9JC7XXA4_alh>V3u>kALqs;V~(c%#rlfv&k4)zT3>7Ym^Ff0jM
zx?@XRa^80SFqL1aj4ebd0*K{==p-dWPxFb=EDlK>^RL=2tMNeUuRVt^(93A$TU16V
z_BNPx8C^k{vMUlmfLg|LedgQDk8*O@nC$-F)vs+(L5K{jd;#Es^M5Eb`FHg@nf#4=
z`PXZxX!ByiHYB;ppIA!peQmQZG&EEcb<KaL3ALF{<LTt=;+)B(jd@~X37sJ=C8Y$R
zE1WzHGb-#^9|d-R65aQ?2L++)$$SsCnlJo1WA&sCPC2xx_2|RrVZ&)Ev-5r0O&!F#
z|5Va?pqG?w2QdLdbCLl|CYEd9fFZ$vTs);?fOOnAaC98Tktw>)9S{a|h|QJ5L^Jc}
z?vUOn!wjXI!u+0qg$ZW@kJyKiVv?&jr%aK^Lo<tKV5G_i^v5G+&rODNkmd3+=gOa?
zmHv>{T5^hXEL9guU^l8~)?DC?yEB#1yN(=9%UfwXf-aUZ^gqv6OPwsM<gOag_`Det
ze#tf#+$=6+r0ymsR548r16_%g4+y4C@Ysz!_E5G*?jR}VhB)<OJj`VK3eC-wtUTwe
zO`n0DR{TST<kGUL_(w#WvT*>pjE(o)eDKq;kCeN}5jSas+R{8;49mxBfH8Io9n?B=
zMIB9lG9h;#YMZnfRn?W_S0refwu>q#3VP)csH7k|Nu>`%gR);Eh8D+&N+IQgaWlA&
zEj-9t-s+VC&Z2ZNfnRzz2?zWv){&~lp_O!G`NNfRUMpV*GCR34vJpSWT&6Zs%L$&b
zW7br5L1}Yp4XT+_-!q;V)q%;Et_;qRTdO&sM~BlTx1|=O6r|oVtol!~z$-6~0T7l&
zgJ9*wL<doImE-nzFk_;__W=}^`}unXb|q1<;f!n}y_lsV^=0mjTC@mys-j3QrFpL3
zK*|--rWqQ`Bt@a;k#h_oj*K(R-uwg4Ka7G&Z@28!d($!+#@sF@)U4MXOUkV{nk^>L
zrV^=mZ2B4-g{yRM1hFBzt2DJyBOQcM$t3dM-=y-Usl5!-7`T|-0^qj4<lH}O(uj9^
z+p-d!-`m5h3{N^j+%fshdQ(N9Q0|_GK6MutPA}**vlA;yg*Yxea&8@AZz=}h$$05F
zjbdV$(X^ceXIaz~d);>50cbj??JLdF^YA}5J@oOuX|T@~>xzN#lf+{`B0Y6*@05No
z2HQfpqUBR3x*jKe=CJ4-u&|7i&<PePH&{a06l?e#CGtQd1{B}&XF;(kGc@f>?jd(u
z0L9^%E&@>vhI-52;|KhRK)H}X>Jro<0rK-}XsPPTD!QC&&WXRd&{LP0`96W+<>+{O
zJ5lq7xKp!1a>B6&lOHFVY=vlP!XxBp>~T4<wOi$QfzEIQP}k?CN2BPLexcFr4}a-2
ztT4;3MK-8l4m6?jTg1~p4;zvSuC?ytY6n-N?(w9<F6WF?C8{VTtC<5?x|!9m#5~0{
z$kYQZr|4P3iE0Ey-a#02wt_FA6O{Y;#)DSi!XqL~1t)$`L@Bv8q*;(zkeO5Qu+HI8
zs1_gMRrI!N#60|huot%10{hrgB?!Ld%bd7wR@x@+`o36tkDkmmlSbV23bS@N%N63P
zgu1=itF-d=i3)nV)4#CBi;PNg`;AcA;6b>6<>f*Z5VVPqkVmJW@?x3Hbv2Ub^(7|0
z!5YMCeYr;AXsiGuR!&d&NVK6~?&dh7e~rE-ykM#K-i7za)k?_iv1gS&FQ+YrT_QG^
zw*Wy+#PPuJZ3|y+vQIFGcQndlypL6P-)HZDW`>9ud+6*vrZ?Z1@<$N%D-xf69-m>>
zSHJ8l3ZEg_SO4xSn)e}>ZX~PH74})N?ea<IJ$URKkh6z$Cz`zgr=IE4Am6{KmTr!(
zo~D5;w<ge^%l&^CC>c09nf#r2Qr&d=vv1NS-L&~cX)TzTR!hK&KYlFSUlmqD8y0mQ
zK{iYyu};!<K5Bi_#7%iTG9O{;aW9fD2O$rE%O@uv!L^`=BOi?Zo5Ir%-04;8c|;}5
z$qC+v46lo~O(&m+jLGbe*L%qC!tNBo!;I+tAd&U%sguy?6zQWpgL^CylIUg{9eu=u
zhElx^kyvVGM($|UwaID>!#A3rv9k2k?d67Wm=0IDs&^(awXW6RFlusk^5A%b@r_qg
z6XJdlk&380*OQ`?Iv0dLhgYSxsm{!GS!o0zLCe0Igk*;2zjWEtDyfRQ@y69TwT<F0
z)_5x-UPPMck~4cQ)WChT1P=N2Mh1?wWEM-i7Qso&{7A0v%bc$-+F8dW%x{NS-!&Z2
zW8#7Cr&^~qZ_7VQ4m>>lJU`-@c66$y>vq$T1Ffw6^}bOv+88CdKkDasLv=f!rXYAi
z150fhO0?ZdGKG<%{~3((G5%(ed*8JEZ)7gW3;C@69~R@di~<Y=lgXU1GuW7D=wq-6
z+B^#66aIlM`mQc|G8J4^S3J=|LiJd<`CgO~+}a&KUQ(?U54`2bZGLQIa9CWyUwb+6
zj=ZSC5$75P4l1I{@5hGsSMd7jqJ0LGy2m&2p}zqjG%z*tigl=tw$##F!-=<&4aziv
z3k|V5UzrB{!#S6J)}X5xuUI>jrJ9$^8atI9;1sEC74G3$Lo4j=#KZlt$txTzF|GLq
zYd+C*GJ4EMK!!$x`x^J5N`xHEd-iooSGTEht^Oo_e}(SnT)$$aWtP3V%&wK_^z4+o
zT;V_oGN{^o^axf&@Q8HmA=z2kSjCv=1lmB0Y?rG4){iy<FIOutw1LL}e}t6ZV-A+u
zKiL%N1lBX>XhHMCmD#M6`a)dB-u-Cyi!MA!TtEx$DaE4NuZS$*mT2y3-pefm(ew9|
zB-uODF5sr&kSj?(b{XgU=)u&p>Z*08mm`EHlTYbi)n?3sF18HZRpI3c7Qk-tAk$`g
zI>oiX+;kZpf}DIg5Wt<_kelg8Ni|7Wl*My69Z-;?f*bWu5l7Wn;(7d_#B%lF<o&oQ
zRw4st%#&NLE!e@})j?S2LSMgvgwFyOQkxfj8DVB2Zukv|>UY_<EW=pF#p9B8F!?p)
z0zMriPz>bKx8o(MNYX+pgsXzu1kPv`5;4F^Hh-QIp;}GQh%<i$;l=kC!&1>KA7znu
z&x4`S>J5jm>(`iG9=5C+WP&PhfmhQDy%YLYp+TE0s&UVz@kX>1aTjJ~u(zPK#{+r`
z-O&K=00v?X_MsS<Q%nR&znHm`%_2X-V#tzaL3u0GDA*lB*P(Yev`ORx_HmPFCC?=f
zZO`LYsIteEhqID?ywa<MTM3=!wk5P~(@>S42}fq{R-<+roiK~r;#RA6dO=Fk<To3=
zSut=uQpBFLA;9DT>BU!!GP=G}A6;d2OkC+wmhW{8aj#1T5n{Wm=s1&_41ep&GbDw}
zyGYo3l7+L<9Q~#(Vmu@H8?2762>BzB>s>kTp4oD;{8ma&;oJwP#EVk(4sg4sJ%9Z|
zu<Nz<4PN~UtZN{q;ThJa58G$Bx+UQB5r-X2=>f$-eJ0xIRz>Dv6Q<Kwk+oAKQT^d4
ztcUseZ!>d<2MMEi;B(9v*p%}B^K(+k#KFbH$ywCa$j;cp*6hDY`u|}K005ntqOI<<
zqMGz2z1Ya}3nf(gl!Dt67G410@cfjsSk~9Cdk6zLYzT5c0pXo;Kf}fkf-UyZ{%~Sq
z>W@2MmEYI*75wUxd>!V{9l&~nVXuhM4$HwSc7hx0006*d%^pO)z&_6kGJ*Xf+&0;n
z{Mf^wyR~m~;l5$Vfkvy-t(a3it+Tyo1qaqTh!<?kSOOb7TXz}}rB+XUz*g<qM+(V$
zac+Nt-F_tVOGlj%b<EG2gXf@8XV-k|YNO0C@z5u8yv>25&xwz%v7U^tF>sEo8-1bl
zm5m*)4#;J+E*OgfbQ6GyD`5)le${{tvzme{aCH^N{J<^7HwKwQxd)U+eQd)N#3H*Y
z(NYwt+(ZzP1F4yK*6TUe+hX|}O}1FJA^YB;3M3~nnf>@Eto$hbM54tDCQNS4?IKm)
zhO3bw82t5-)SbnTEcpJ28%Ha_daOr>rzAB@i1<SWD+yOzGUIiWwN>TZ8?hj9FjGtz
z4`Ea=y@)SC(@FBf-Mn9NzM)MMqrnTiSaA<0(7U)HjksK(q!ftaSB304O%PAtqViU$
z5Cv1t5=BRQs2?@du0S?xZlbX2^nkvx_TRQMl1^kvN+-z4`yFs-es06s40y8BcSe3O
zCS?$G1P3Ekj~ie%ro1B7bY;g(NC_7>K~ii0@mzys5ukYb2}LQ*u0Wil&Pe#<gmly?
zXi5f9t%6(aBDF@Sn_k;dwWoz(9#tpv<m_|u>EsQiV2dc|0jW=g9XK{)VWwklS|w4U
zF|LJ*7zAoZ%I<492c%LyD%lGw&0l-G-)ZK$850PaBia09vMzcrN8W`FKM7N`-x&}Q
z;;x496EOEYQQGbP%>d)Hx)vJ(EO#kjx&I&DUqCJM-&7)*%KuV{%qQDwC))`keZH<o
zHBk{jk#?^E2`Cj%622XsupO>z+1xynll<>Guje0gH`A61f+yvh$n>Ik$nv^K{TBgo
z1wIXf*>?^qvoU*E_2tsSiC=y<05=>0y+NB=9|@rmn3xj}G8Nk_LdrXvNPsz14!Ngb
zukH@7tDL*fItI7OI_$K-CEV6hGaOs`=rYQn<igXsX{p8JO#@K>Ww?!gkp+c^=Z3&+
zxgCb7R_?R1LyUOebs)v^bvWF;AW$8{K!?Eo<adnhpp{amwTFvNwHL-OAK5SkMbwAw
zy!@ypTCkswy2d+<0Z3Bnb5L*rNN8>$1}T6n0`kM^VuO^}kUkq|GWIn=%6y4^B=<?X
zpr#FHmWNs&CTZ-60m>nn2}|bUN!72+jQO1gkqieFx-YZ!ld^5a#SqD|75a-JibwPx
zA=Gd`$IGm{S8qFgX{;&<uY|F^)ljT%B!WY#R9*>T9#1Kc!=#uX@`z}<ijC9fj>?X1
z+~iS?qp2}w!#;;{bv~6Y;NV@qT}53%0Z32eE&_I)`X+VUl^jG-lTiLeHfXmQM+Wh=
z;GGJrl|_0ylMCN=V=6s+j*iF6(|<qX5H(rDI)9pDXV5Aofl*2!<c?%n#TZdg`eM~0
z6t^llL|SC1;K`j>>6i5YQfOh)b^9Hr0jObYNczMiOCwCNY%xjt8(U(pQC5_Dz=}O?
z8Ghpov{E_AHk+0fpTx^K7$^bR`4-8rIQom&Tz<UJB>g;2D>rmd0{}8k3}}y;gjSRC
zt*?@*Hhi);o@-Hj4nG5TBwM@LR(uTFV1$_V=OVo-=9@VIU$h-$z4?37`wcRcat~PD
z#Q)sJ@`qgjR=13uk-`7aKxO_p#{W><Qq2uCKhUrI9j{?THIb-=kXXTyWj@Da=aE|$
zook@~0A?guJpXSE)buL4))-9K>O|{A*3G2bRO-{)(F?*SW_NUPe)7HJe$oh*c4feY
zYl2tIpfg->@Qd}-!1bqk>&d~`*{j$|5BL}s0F+4i+?x93=lE6~%_N`(sxIz9XP(aN
zv!Uuq+T8t#uk&bwtgmK{lcA$FVclM0qJZ60!{X4pu3#&@Nv~4mK5Aj(q{jg}8_9e0
z3AC|ev^JZuD7stX?s%OEI#2&ip-#MQ7(1K^7QwwYN%iZe;NPiY9R~;BPM!}wA63sU
zSyq-%cb%+c1&e}AswT(dXQJICc29~z!^vgPg^vyg#O5&V4Y@!Upt=b?TQ;gWBpop_
zi5_NtYc5%msmkk4T4EtN#T<x@P6yc5wuD=84XsEK7aDz{@~g7Ul+{ZZH#Ja4`-Z0p
zuyC(1!jgB!beD2biE+PcR9=oVXj%O@&K0=tsK~2tK3bt*zIjOs-$(v|bg0D4^HYuX
zCr-QWp!<btv^ZgG$w-}+gSFlwr8kQkmrpsC0E!N0gq%XXI{&(Pv{54;;qW&i8&D^U
z1#xDSM^vU?%x-Fc6OVsM6S2K-rl^dVmicDSM%@-x1~@ufd_3FmZf858D*Obj5WRyW
zbV=!@wPG*ie1m{-l8Ax2#H#^v@e!d43UJabGFiF^Luhab=-yA1X?};=-?=PA`3S%U
zCBdxz$f1~oXoR@)8-|2DT!Q{stY!Ba(Z;NBmvIEf1!2FNd;UV44PaBMo(Wn8=~Lh>
z^Xoxx2I_gChUeC5w~&|Gef8nNHSk`oaWr5BX9b8e(e0pU1HY!;%1L{KLFhyBzlyE%
zBXfL=7bMi)Vu&a&FwR}uN#F`mNWTQ_I{yaMrn<#_dkM=DzGXv@LB{DRirAf#;ho4`
zbF?QnR%s5{;Ql*sTFV>1MF4@L4ZIfq53j{P78eT}6D>R2|DF#01)YDJBLNttJD)#a
zYlS;@d?!WsD2>&pj!i_o8_a0>*Ui9b^IzC`1OuvkIoBO&a3s7roJ>v4x}Ho;r?b1e
zeZbs<e*%IX*kN%VB3tYxAjNoaNpBP(JYb!~XpI?ThQ+)L4SGS%B$|WP<Fhe`#(~Qz
zT4*{Ts*h)`u|=QT_S~a&O)y8M&zVT2eRP;2lkwzjo6=OVE<(#_Wb5=$fE*T{(L;u0
z=MiP_&pHCO7AO%Lc}H68DrMEL7Q2h08th-_blzJ_Jw$)u6;ts);}fO)T5Z#tB?dM>
zaBL%uOQoX%++D>09+MiO6RF%1EiuVXD^K9|y6j7`Ji9c55y|=b8OKVLKqV?Lu@SUx
zw55YKqmrX3M@<HMVDmFL)PTe+_O;&yM_CM~mr}TFvy#tM$*a7L-fFD~jko!#Z-_YA
z`rta=;H2BM@9Md(BW>IIS=ZP0FULuzJdPt?mGO#e;o%GQj-9GKk4kW^0E_YHL&KTE
zqs)`{>%HWs^AcyITyv;0?euIJuS#xTes2mMP*@8OaT<e1?D`H^UNUt`)yO|X9TN7B
zIWn7xq!%|eo)<z-xrw=XtRnW|SO#edT3N0)4AS9I>bc2de8B6c`~(g{5<lEgB)C}b
zAkxn!HU8zstDE{V`b?mO{NZ`<Gry^FK)6Qjh6Oa+{9HiSLP1&uDI~Mfor?@T3isS?
zl;+T{*P?&Az&3jclqZ^u6~o?yND$n{dB&jfi9jW6mf-u(PP9y{6var=#t#w$&;wM-
zD%Pmj#5JIA9zB&kQKGWT(1t4e+zOmVP>=Cn!_J6;pONr{9vxvEm`sh`@-kNcro}P(
zt^OJctZ{i@jsL@R$3K_D|F6K4{@db6H5@_s=<oli6<!xk2~Fnxp8}6q)m?UU?`+?&
zO@9aVjnb1K#peI3z*nvOKruoITwP6V4^z!dZ9iV$?r?fw0Y?mhFPtmx`UAp7d`x@S
zpHk)PMzm9yEr~)rcv#n%VPVlZgp0^Jie3j8)c6o-dwF-4Jw(N;^yuf7RhQlFu!Z$}
zY-5OYU@YSe3eKJ#%U4Ur%+*zRE#kq%-Mxq%qc&ZN?z+k`lg9*Aj)+mGx(>7!c$>>w
z=K89`N=$LTdcHad-{>?G@k8(xrq8u%Da;bj84vzsA8p)nH7?ogQAf{W)`+_;P*9;R
zFW6#^VvsqYXG3;k&t!;{p0Am4?8FoMtGbhNus9w2Sv$nNLIIcnoctD3qqR^h65E}k
zD5`vTqrlwmMJirTE%$a$LOh#!M|9ebhT1@Nw%_iPHIE<j`Wmg&qtMt<J^Tq87QqIH
zisSRaYUwmsjXb4KelSnkXjv2S1`Mb!nlRq9>!^InU6|cY*aGELIz!~PdM=hX^F-Bd
zL--<>f%5uD=V$IHaC#`NuBF8X(1qd9B4J+~4h}Ke@}gRQKiQy7^Z8ey)Zcy$KF(w;
zm}rw6kCpQU2M$`ootfJpVfcHF3%-m>7-SqUJWEs&$_i>$>~U$jQedK_L<*kh<(Y#u
zY=A9@Q@ovnQ;M_K2nwV_6E+_gj5?)HsSsDclj>?GHpq6kB71E1Zqm(Qo233u?R!OH
z3OSPK6zAs~fJ(?Lq5F4r%S+J44H^QHzpIh~ibEzD)y8<*FA}!~_KPip7|XBlQXPze
zW9(Ov3#fo2Bpsp0xd4t-hB_~YsWbln3|9W11>{Z+|DF5$FKH}q%*$RO5F%#({B`i>
zBYy@n|9d|9pVt8}V=6f*M(qj=jo%O5033V)+nsXJyevNPiqD3^WYpDdbCc~S!lRWp
z<6jQ>r=1w4t@g?$rN9B}`>9Oshb&IBiwU3)xC>N6kT1w#L)H-PVP&FlWWvds$gjc=
z7ZO9cC5G%i86_41zoy+#f3YX+`>c|yGKMth$y}}_l?6>P-FU7Y=Us;Y56|zs#Yg4w
z+CEyp-Jr8Bfr_1_h937($J<lW{Jb|_)mqm47FCl=n(aLgc1&1=3IYAjgJ+jg9#!5M
zCKZ?UGH@oSBxPlvC@`gUCU>iGJhWdrKg)-*43WbGLSAH)^(_rz$!-`aO=3!53M_3o
zReU50kybHKshi5zU}=}3;doF-%+Y1NP}j4n1HNNWmY=b`mHC)5?vMJwjCT}<!O^9q
z^b~}#q-*m4*Rp|<RDNl#4b@_9;DV8<FzW9q3KMs?CXS%+Mn)P9OCXk!kb$Xq8wP>4
z&Qw=*!GT}KDgm(bPTvXp;m8!zf}J;8<Bj$AB+!FhPM1PQdX`neR-yc2E1XV-xN-A>
zUa0NUj3izaG_zZ^60Ds^UG^=+1-&V~?0zA=x=8HG#-duGhWcHMNX9jw_<NE|T&xM<
zLiVSEy5_3L$tC&G34Y{k09f#G{yLJ!i8-#{j<m3AxM{pt@9YLeD1zb|%c?tS#xPl(
zDFw(6hafS(@{|*FJJGAeOl_Vag=#J|(H|wIoI)uV#x6)JMp7Nujq|m^@`ja&OTYMQ
z=5zpUcMU@t={ky%$Y}Y#2XD|VE(0~Q6m+XW>4p4aap{So^rf(F3%t?i8{%-^hGppR
z%;>>L#Etft<G1y3NkkKN%{>x3;U>1~JR)IvW#<cm(QsCZXkk<Ozf5L5Ag$pOlG<~Z
zb>IBW<J81oo=pp^eHtKX{txH!e*wtA(ZJ@v=%1v2FG-Y}vre$)H@Bctn1i4s#R*k)
z$S?UpDUtIjN$KYWsao5tsatI(W%qZz{?B1B1AZisKB$Hr(C~$-G+&yAr*BNR+=2ck
zpmE|XKUo}qo%6un4oMV}dud}bKk#MAQ$L%4YsKj*v==KvpA<(nxbaXR@-u?S$`Nh;
zYmIMD?6=*JE>2^KA2c?>GQ7VegOiE~#+vgD#LJ9kp$o{wb&wi@exHAXFr5gi#=1|B
z`{jfbaS?VPb_>>>-^xaO2EADS=?BR2C72IsA|^g;x|^c(eA5^v+ZaZWChe2%0+SFH
zG3jqzq=gh`6YE#Xg)jK?ooG=i>Rq>$X@&f|R%{s&WPo<c9uo~rdFINgn~qaB<K-60
z{JkD0#X%GdQ687tFm1S3ei}n}AG~}V_z*?+=tb;7hXOd^S(tQt+C`4oU<Bt0z0=1E
zjbI_ba~*z=nB2&>VvpGm^9zA(?QSXA-yoi8>FngS@mk8s!Ea;+#CKwWs4|KP2dH_~
zFZPlNRU*IqW}bJDb4f#39JwKu6BRAq*Q*0=lzG4`uAEqYe-a*J%cx*kUGQB~KOQ<U
zcBXUJ>*0%w>!Utj1>fk0U)wANTdK(dZwrgUdW!8(URp2DB4#x^LRlb@V-2g}yh{_U
zQ6mZ)I}@2rk6KLo3Gm2{d-kKXqqV7YG3MdI=py!l2@#?5;gPPFY5c^>p)$yp^+wjj
zBHbuTBRpcG<%Ybqx&5C5{9kA9vZ3v#9-ug@4QMm}Kh&S1i;1Jhf7hSt_McJByKS0j
zf-@`;5;&|Vc%y6_nqnC(Dx<8G)ian<`Ofi#jiY39{i=>DI~fO8G{SSiD_IAJ(ZF@@
zbt%HTARkjk{VF+;tbz9k=TVl^{rctWO1f|M`yKoD@ki<?Wq1CdgvalLs_63oKI3bo
zh*Xv^&8ha}0T+0uvyQl-;g-=Q3Q1I!iF!>LL&1JSY)<d7qe9YTP2Zy20s~Qj>M?=j
z%wToJ!FYkD1`@YI1Ic#NM6l@wt9sD>_iqsa7W}cg_Uj%!Au2j-qqnPaUzu%~Q&2F0
zi6*F_7#U^A99m2^jcX-#RCdC)n&GpV;SFqsX1_TdhXQQoF<QPlcBByjLmSk@2(6M^
zf8yK<wNrOea|55cA_Fap3S0f~qXS~!&?ej-VR5rLB(kBS6m&WFrc6ro3uUuPoQ}Ih
zx5`k85FIs!kz2zj!yUoqYrnylgK{>~R0hMT)Sh^bJ#Z4{d@j47TLl^P+LHUCs*E2e
z)4WQX^7ZVP??pPJY#*Sze2qQiTw$OyjMX%xxv{rz(F7-#+9z7HqHI<4Qq@?ArwZ-7
zA*R_M96eoIx)19u>GJqhtEiib3kDNK;yE)5m%HcdFy7aN+VAZuhAdWi<K8UqM+M-f
zy7wZ3rOS9Pt;J*T%Pu^YryNdJ*j>L}Y0)sbyQ}~&wq|S#54L(^Rb?p;GOB2Z11u;=
zmku#4bww~=&{j#$>I(yQPB+1^^>#%U`h%Zr^2FR|!q0gfI?yaoQp78_^zi($Aps|_
zyq~3?-_Jh%aqwZk(smR?jw*dLT`ljALU!uOyDBKnH3Z1!$vM;pIyt*!<Y`k!W7^Sb
zGV0DLWQX0lm#{+V+QuIpI|nro@@DvgUTde^LyWRm>`?d0?(=ARazkTWkz4pRU%7(U
zNTg<P$7fp-CC4-~ECg}-6U8r|^m6)lAPHrf7mF)cGwPW#&Vpn{2%x}WUlunCxJU46
zgndyXu1KmSheW|O^$+v$F9&ZC+c^zE#ElWS34peI1HVMv+7yP$imo}{%E2^}6(^CH
zg^ItG=Di4bNgKM7oyJr`+Th;p_)MpWzA1{d;d_hh^DB<>r?0p*0>#ZLi#Devh{c<H
zWRra$zy`tS=}fW7apY|HU9c#~$T{?KSBPy~>`SXHi+bAHzUjN4x)z7rg~1ee@6fJC
zwW~IZuq@=otVKFCV`-~P*-#PfH3LF++Hy{~TkaJide>mg;}`y2uh(z_PpxOlUxIMm
zJ37yH=)9YV?(~sgJs|$~k#OZF+EWHR5<Y-O0`EVYP5il%fUk03M`oaG=i+GeKi=gk
zn~v)$f8q!=n#$QMgruY;=90Syf<otnv@(jwqP4LXSQaF|+k*@*^(KiY2a<-^52H;B
zZ2RGuj`Y~~+AqTD2D$0C(Twv`%5nDxxplvBX1h&a%x-_YUsHT9U!mUvt-`R!zpMwI
z4KNWn0Nc998i~9Kk8+QVxtgJ=b<vGp@yMl{67v;(jmdqwQ!fwiiDw`D^a}o2eM@)3
z9Brm}R$%6*$|7nCllE@`>}cn7F<KbwW=(VstIzj-Fx1g-{j{smD6q8UTPxp;ndn@F
z&~8CRv+KHUKqI0y%Ffqj(|T6+=CTBu_B5sR`x<l_7cG`mYe-I`_qy+}=T;N^CSCU?
z#A41Bc8X3u%L+f&U29;)S#!Davh+!`CBp$+F~=DD?C|o7@}hj0x#Ma0@xHu(o1(`&
z3<sfc(A&mal6T;6fMN&4>J&rSP}nGjB&$alBhKm#L~T;2-__*4j@)l3^e6W;aK*}r
zi<NmELsG+W3TSRJU94?v%Cv2mRLKmBex199F?Hb?Xo^<HnygJRtL@pNF7600p))CI
z9Tl`fIHg?-b@mPy$F}5httsC}FPYCsYT!)mg2Kx-NXGsJ9vwZ6W$IDI)uo?t8KpW*
zzE1PuL<xFI&$W8BW;2cF(YAE`jXo6ou=QCu;1{>OigAO`_6pqFJE}QoKziv@nSrkn
z4R+>AvB7g)DRmZ3sW7n?LkzPG0<w7s^>jIVS9gte5+kN-BexH|JE0D7{^`^Mo6ycM
zlJw(O`PZv45}<0WL@dDV?XwLa_2ehz$3yKyCQ9kB+$EvMuLTjH2@m<3Fx||NB`%h(
znh=)mqQ*3tC*Le=?UeA9Z9<1kvY^)0)0`b*_kcxp+{EA%`!$zjXZm;c5s2O9niSkF
z@l~w3Vk!0LSSphk2DTiI0LJ*s*<LHkJx>{zs`M-c#=W#w|3bbKEul1{xwG%pm|p6k
zmqUo^RntikFQ!#<=2h1$>ZvVi@;hnLEme_+V}-4@D9f2BEr%#o&EifL7F93~HW@vQ
zvG%j-A%;KpaZcoF1W+dCtFN5GZBaB+gcAUy&Jb^P2OdA_j-``l-V!F>B~R3iv-Z3#
z%0|r7f@QQm@QP#XgB9+nOo1BA$Rftoh_|3ok_<8<o-gu@QX$2oBZIp?Fbn&cjm;e%
zar2!YfA-qY&cA<ZpQ#bA-=^69!7^W66J0%8N0@uXYyJ8i-ABml7$yt19aJ!VtYbOr
zZ$b{sBy5B~Q54qyoSOS{2&gz3*g6>)IRm$-{8x97nef-lCV1O#j@IPK@-q^m2x_i(
zWKJkdUTvQKFL9;5Ah-E*jbuRk=@ih}`^dVLBEg`GS=|D3_D)+bH^KM~u<$w^PNbS`
z1J&DqHK>3+MeNR$GZ6$^b0_8WQdC>4l%)$9Y|aTwJGvkbFj%fkE2s6IJU=psdVrAP
zZJ8e#I}BWEUls@A29j+MMt_ehO*x!S({Eg)wXAaGc&jF>kW;wxd1h|7unzTPxX#b(
zN!8^qWLVY_@g%Hc^?~&ypxV>>`otTJX#G;Xu+(24`___pP|=3zsH%i^lSLJlK<MzQ
z_&B_|5v!1s-|w4dwAzy3vRO%);bgMaDoj!noA1Qggxk*0gpmTl!vgIT&GUiUZ+aRq
zH*;NazUIcMvuy(1nQex+K{AwY$LtOm<K#@o%LnMJ-(+d+q`c-}WH<W5{a(oNcXGp2
zD;S;EWOcrMgtIe-BcZ4>4%NKsi5j{)&hm|~Z$E4>-=mjzU4AC&Pgzpkmx6$dhI`8T
z{UrU9om%X(C4T#{^tg}RI1`wc_~u?j_=J}&r4=|feFk}_4f#ye;j}W2s@S6HbyOOG
zM4>YQK2$Na5WPFuSO3p&RGJ90WVl(g$VXzoqZKUg;QnfJH$5<Ljf$==Cr@?Z2Zon)
zCo|;wz<H;1J;!Zs^QXc)fOf4O=l(dn9IWEF*_AkMh!@;K_;^{dUaGI;R!b-hfix^k
za7LtCuf%;|I<2cD4L^~^&FzRiXXIR?*``RMf}mJ6<YN@q=GPkhXCa(<gUMN0W)BMU
zkBP67wKPT{Xs|Nn>q|y0Wb41|2Us6=<(z{Hx5|Xv*MS$$K87zKag9o6=rjG0w4#?T
z4qNugi9kKp+`}YCD|t~Co@9vgGr_z?6hC>BHH<nlI=F5qG*7Q>yKcEyKITVator!d
z)d<LRORfT<f(wX>e;DNV2NkOJ#{bj6oAft8C?bl8<a)#9_$!ITYeg0LkgC#kr2oli
zIiqV=wtfY9$F`HPX8A8fu-kkFWt9CZ2s_nnDg!v@8J7Q4?w&G0XzI!MJ>4^9vA+`B
z7AIx?&>I;GU~a|eM+P>&cEDve*i+`m3Q<p-NZH2P4Y>IntYV;t3vCNqJQgw5oMD-q
zOTp1_XXrid2xy#~;bre0M;vcO8)eX_!F{T8RfvDbQLHNrZZR>qgxQ|kj$<ymulR0I
zx$~?_$D_EF@HMQ=CJ7Xua#tl#Z}tnFjoiz1Gd@+mF>MZi>@NptivE!ei&QPejJ@y>
zHsQKG^rS1a!Vt^sI2t{AX?e{m6wDUkZP^tR=?EP2^QMYk^0^jcL#Tf8i@mHc)L_;I
z;XVcJp7Oaa01e9N3WNRj0GM^!h+%~5mxh$w1T9&B#cx&_rixcPPRu%t!o<x0u;nNA
zN{t(yWpy~<-<gne{B?zUFMh+>kh<j@a3}YS5m^B3OIl3>{Y%Ve9>pZiWyLzVoYFpv
zxl`9qI@%XJxdy!cMbuf<UR`jYYy7^XXK4ymA3_}9H(1DZCwY0kT>D$ocL&x;;H%7m
z@wjs%E?zqJkxzZ2=}Yh@5eS*^sa$x07M@lCw^HrL;+d#grS{Q&ClL7#fn6Mvk%w6m
z>^1ZTE0j^!Gn^6QENPRUB6ndX;nW%N$@t-~1@ugF{i<Xt{4UrGKW(zmDeMu)FF0Yd
zuEE79tjz&|5Qgr|?LWlIvUEr$e93jq#-(wMPJ^EX1VSSa2z+9YtE1kc%Zx)zrT8|5
z&~o+HcwrEpqv3c)JPA^kG_u8EOFp^PAPF$@AFYLkiT99f1~WM6JtPzQAr)W6b6tr=
zl@%+i=Y6>*y00<*(;WUk6MpVCe<%E;qUb#qfiUU-!ss979R2yopAB9Ab*ua*4f6}_
zrfa)Ds-S3VD7$&#xGWtyBhsw7C1WY^E^y%U7u#3gUdj57^x;R}6&s385GkMbm>=ns
zJjYfS_WM7gmyA`tKQkYO5HIRy2VqeHTPa4eNeikuXeMTdjc_9|K{c(maLoxx8(mRQ
zSQvD)4O4|6^~30u($s29rKfLOJ8h$tWxBUI{bh%khE~BQkEd{Pr6)GQ$H6*CaBm*{
z$U&Z!q#H*a#xSYYKU!NSb%fVw%@($qd4g9v&edElu6}3DeA8u(iZAx!Yo^|)ln9}d
z>C|Mtn=BG`udC3ijo@<wW?|07{K>+E9cH&4SFRbzY3W1V$Y)BUc%9rA!wfExV?(z8
zk;woT4#9r9fl-%s#REOkBXwIybJ=Bs(neN_dfujujsU+Jx0IKX6o;*Zxxhd)h(<+c
zDAHfDFlG4Nech$(2O^#&7zK>E#t=|u3GWs=&k(>0?<RONm1S!RC;cHsx!#y&)0hzM
zGF+=e%t0>6>LT9)ul)Gjb#yGxQ_O1<T+m-`*x%$mTX1##I{Ijq`F+Eef#{dXI-2Lv
zXWd7LC<?0VBK?=3Hp!*-ST~+Rv;Kqsq+!ziI43xlaqG27x);@S9dWfllM<(IkzFVC
zC)+HfJ<caU)IW}+5zvZsUPF#Q8X23NJeDiq512jSB+Q2tCVfF9YW1g7Ln=1GB$wuf
z8S?lFC1BA_sRc^w1|oVa!r$Ph(&h&VeoF~{fSgI`K{t;D|8o&%=oIMd4P92FtY(Y^
zrXEpAC&v^rhlJw2ivA+=tVJP&BM@ywEFd2y8)lm&Z<IiXt<iu&r>IcENH?m$f1+tB
zx=rq2awU30swEgHN>uq;7O+6M`3r-zn<Q@fRfGwTGw?p^VuB)rs8QKAP~a0RjJ0Kh
zpJay^wjG1~)o^8`Vyom=_)tKg%(K>a*EfX!VC`Sr%=&J<!x9iCXh2=TKjdcq!rK4l
z2LIUR{tQN`Hs|OZX}1JBgcQ{jN;E`j4T;$#`pAAoaN5X^#h+iawc9)^zasrRRt0F9
zODz<jwTflob~2sHu<J_YEdEz&EJP401Y>I7r#e8<O2_z~E<)-&Ad>Wgf-&D9xe}6!
zX8^bQFk!^PePH}Ed<^Ts=QbNnWdd-Bi1s=nc<D7&Ba$nbcB%BR;D%ov=^89H%o@ml
za%0hfEK4}@F-=;NR{65j*m~l>b7PxsWq`S{?lnfwpv<Df<=AscKk-a}NtUT(+gD%~
z>ILcsA-RBj&H6}}lhL&zW6;v@dL#*YLYj%U@UJwJb^l^gB7nJ=0J3jm`A^gu`Ig{J
zC=}%eTaw``hw-7P7^DmZEh1PYNq?ncYK+zHE_Bv;S}?tB3G>ZImKuQ{xd1aU(+5=}
ze_<XiA_lt{1NYCnJVBAw3Uj?>8awm!#s?R3Wf^D|=l)I|0;z4<VK3BC{o;IZ^|gn?
z=mFfZIFs^EdMrWqT1k7=zM{HVs_^_((sGT8{@HU??XPz6C=7}Ax-yt(yb|)D7&Q5z
zY68d^+@p^G@73!>2cF={o(4*!X|qY_rC;cp*~EvQV)DK5UD+{&|B8^kNOUBR$Rrv2
zc=OScYeNIOrSrplJ9Z2#mjO~DUE-wlu}KuP5)a1RLNgfau)_55JRx-PPN7Elx1J7R
zfHy)+AXnb7gCj8umuLm{E06yD35rq_TZ23Y1BuY+c5u`ws_R-pcT=%L?PSJkPc`zu
z1&>`zK-vKIyNIhLL0IP(rS#(=wNM5}#6_VUv_E=+$e}r|f9nZMgeow*H_?}bG+1J%
zOb5M$A_&!qb!=(qH$fw>Pwg5zk*82nCcltFde!O0VhT}9bG^Yo%NN|wj&mQ4<iqD)
z+M5x)Wx~5q&Wk_uU#&AuiA@~Kx!dmj4Jh}$@Gt>D#-in)lbHVoiqn5H6@@A`b|~VA
zK1&YXO-_jHbb-ymT?x3f%cxRXxO2gzi9h<GQwYJ6j@NW2M336%H@O_keFRF*?T-0N
zsPCjn^VHrHu2TtAT@D>NN;$zx{!Ck4?^DeV5ARR-ec#~q(b>mR28vB^2Q1LdR$e0q
zSCLbl0DNZGqDV*KC0HqDr`}kwkMWJw;TkOVev5^~$?z35p0hp65Oi2AfY?j7PA^cD
zso;%7;L?QX&6&7UH%rjM$99eKi=S+tF&}i~%R?LbI!@a?1@(<R579vYpKZt(E?T<E
z9@=ElHWOv#8I5P+w`j3it&68Re0GLF>*Ww#tg*(Hz)Y-w`$9~uhqaz<uo_nlXr{?c
z@6#d;+s3WO&U1223Pz<IQJ#KFbr%YqL-<(lz{Eu+78_Tjw9R3l41q!xWz$EeVo)Bs
zE~8+Q6vib>p|<k)m8~V}%3C(hA&>x50!0XmpFzjzO}1g$HhYR`m0UZIJR;KO*u3D9
zkq`Z`1?erR@+1Qvc*}25omd@!acGaBgTsKW{ugq&8dua1SzJR0@Q}}9!d>F<Cr)HZ
zn?ma8IAw*hUxSQx(!#jZWEX146(S)U)q-)14C54GAF}VFX?`Lgjdy)}Nvoe%Mj3CR
z0|uou3-<U-N+PCs4K@U5N9kfhAbp#sqHDGrre3>EY+~P==|T?i8i@?5%TET?E9VO$
zaLbC(TZhk)cfUs)p;)~9GTY|rap2ze%kQuX>NTD*xB5i$w=wQA(_fM6H~hEpj;0yA
zC#7!>2ACWanG>}oyLg^D<R?F|1*6Rp8*pPR>Ih`-iNUAYMycv78(`O@mk1CW9JM8n
z9pYc0!BfQXk51-5x5&pgpo>^8=ja}*bIc*q*1=eWXg*#(mB?`0hkdUy{q8M5BcFv}
zkvVd}nl^aKrPC(Zft}h>#Fzj|J3}j{S0iVeU&AW$i%#rX*5BTqf?8BRYJHHj!Wv+N
zd5UlF?FF<#m}+U%x?+z(Euv<PzK1Jb|L3C(wtf`(ojP!ff*VwHa-5<K#{SjAZFzj&
z;bWL|_r4uN{ECZJ9*bfVet(JKMBe5r%1cvi_U67ZdU=NJ@EdrNO-C;U$^n&%;wEpY
z?f#^mq9Z_X481V3kg8-~K*~CN4rF_N;$46O;pB{h>sz4eYiRnT$Be%!^)>2Q;JxS2
zfp>f&<ICSP()Zc1Ass+ehX6M!{6o>`A5{NEL6`z#lm4q!%=|a9ryRV^j-ZI>W-!y(
zb7W=GX$m{iis*?1dK^B5#44FLHeoo;K25c0i&rhYelJrhluBA7=*1`ytJEs}b@X0R
z#(X4wmQtV7*uczP-#*PZJ@xqhe)PZ(lF|PID`OxDPHu-f9W-Ql#XGUcK5lZ@n$O^d
zDt&qdfYoBFuQ?1KZEI=|OT*J{vlAVi=cgJi1+lcU&1x?{{4FclrQ*~*hiKK7L(c+}
z-Zsp}fU~bs+vMlEZD&qzLF4abzxb#m>~kzz$Y^5U&~Ng(4<<7(>PpMj%W4tW!H0+J
zP+p_ulJFrBO*GP#VxrHdd3zFFljSgG!jEjjicF<htA4?-qSMvdc~oW71%)D;wKRTc
zl)FoTdi#OEWsaemr(N~|#aY`L7&2_iH)B$d;dxi@Xi~Jz<#naj)9}vLfg*TRplvj0
z5{;|&EV!9onjFdm=hiFAl4hKOZIW^<r&WbiPW;|rO1<<sL^RDo^T<+k&FQy1AWnor
zCe=UHf5NBV;h&(@^Z;Zs`Ycd@8NtR0!<s0tJYKK~<V7no^{EET<A-0!!@jQt5TDpA
zu`a1LssW=vP4<Y`T)b`fkh&OZBZslY);eK^p9%ca1Dw+|eomU&Ey`A0cT({yW$xFX
z*8pBrDy9-rT0$tWr#@oJEGavFsVrKt@I35{0<|f(-iEBJ251t#>v3aiFlkHYIj!5M
zx1VGce@JJQ8>ctPqv>t=Hn;nEp6ywMmUwnGw5j^$SW^!}H4Bd_7bXkOPBY3r5HL$e
zL-`BA{n?^I`!3%hH052}Ee-?O4fZmcFxdN(R)Ib%=Mt4661<se5_zLEH#_=O=D<ui
z+ixgS?jBC`^Ka}Y=XZ5;7G(OqO1lKSLB!Q@i9Hy&uY=sEshN{0{X8B~A0!Rwesp)A
zfLXbG+mK_ikX0x%lbEq?7Nk@+_)$R`y8RBo%UB`Iy>jq(-IWh`gGBM;v&#D!of7@C
z1aCpeIvi58i>oLU&;F4y^3h)Htxv^p;GOZOC6&NCK^|b93K>*6(<dvgJ}!coq>Eus
zDUCZ24Q8aJkZX-pA3%1EKZr&>k(z&Z4$>0sv4M`G$Gb%gRIFH9u%HoX5&pJ5C^s+K
zr065`JE?f)y?9_-0s;Fl!cSj8>WEpMr~YmOYYcG?Ub);XQCIpmj5=qc>JCAy{T{#k
z3_dY~wvQeMU5^B&Q~-G!4NCinOW2VF*A?ym$JsYV=e=*;Hg@AQwr!`e&BnGG8;xz-
zMq}G{(#C0=CpH?~r~90J&e{9Ccig`BLq6s|GBW2{zs0$tcX%w5&LwXURoVz7$K?5h
zTnyV@ltS$v_5O^A|2z96`Hj|u!@so(|N8@!zxRRv;l#9RX2?T2FfjkMQv5qJUBEx%
zkFWgK#omNJV)Nm*5;Tl4LkRE+w;#mnnkEpfqpCgeU(oTTLZ4h#@W<nAT<bl<AHuxu
zKqOf&7Y7hcGMAGh=ms8YSg!ejD!uhtr(ZWWecq)Gc);67x^6)#S<f*s%X4~+nfezE
z&a$v4(3ZgS#^lwjvD)Yl^;G(Cfn9^zNV^O!(SXv8UV8f-25YH+URLTT@+>;&K6)~r
z&q&HI(Mg!;J+U7@8K@9^_v>+5x|L48G5#T-p_z=!L!j=LoRohP;idn$Lfz6;$F9RK
ztl?SLKskd?*;y^+5`<0GoVt<zRkD^0X&iX3ro^Th1=CG1K*^<8sZbDIE5KNeCdM*g
z#=e=ZYK&E0kJ*zlrVywWJi0PTQ0}k0d)K#jZ{9|%HdXZm(P(ikJ;)H8xuuQDcgR-z
zMHCgR#mq2lk9k}$88~FG@xI<GOxJG%NoldksOqunIk6GU#t^{>RQc^q3x@W&qI4^H
z+;;D4pZ4OlwjNyM1>-RA$_k0N#WCZ>;jA1T*KwO}D5lL+{t!T2>!#u<{sZzp0^5NN
z)Y`U}9w<j2-#)Ku4gdG>CbA7UCp^hvdZ{V^4~IoeiW2v9bw8Qwr4qw>x><8$R`bs*
zqZVuUSqeOHaE@8ow`eu!4UA>2LfR{TdF2u$J<8DB7;7!JR55;y`s6RG60sjz0@@P?
z2itc^c6Z7SVTjB8P#X%nh&^VDp%m*_RCpsW_sydpYfOBrDmUUuo-9jmy~7K331+S@
zEM;hnR-lbo4U?hkWm3`mDs=;}toz_~qAbj0pbQM7QW5$(h-HEqGrs8uXE2husSJ0B
zN~h*XyotC1c(^yS`gjGunHd(3a$Gfyb`?J$+-|lGNM~N7U=FH-o!fsWd;Ht^zb~(~
zXN^F<R{;6`JKBZ+!S}ykT}{wZo>xEuGQJ@(IWd{qtrzY?ZxbbQYiUENHu?#)5fAS}
za`7;VOoEJq{)6VnT$YayfJlNddk(tq76zG@MD0KM&0KvcmJ@*Wnzwh1F&vVGmy~`)
zyrwKEqy>&Qfs?%BCAf4o8pf>yvsdr3Ykl#DBRJKzDTfqM4jD9n8f&mOdsk4Pvk1-f
z5OXHuapy4^Y)7A>(q(Cu>#VTv{C;Rvu0|+2n?rz(n|%9x7;KgrqV!3uzsb@MpR&IU
z$0zH9lipGBv9$N<ZN-_{5x8oBA{r)ip=Jugc%E7--u|#99hD1syjDr^P2wK6AZ~?|
z%Gibjz)5A4U9K*_P`pv_uw^wmUY2`SqT0(i6SK{R6T$nd3#qK??j7+K$I&v1gu-cY
zLsj;6_!V6VGKQIF%26!({dbPNrom04mg|>&PAy@KZ>${yGzdm51wYuv*^+l?ziHUk
zWE!`QI>51j&eTM8^lZO*Y5L7|j{#={oU*Ft#%d2*yHHZM>vI5pH}ckHHw8Tf;>%Sx
zb;lk=#%&xCn&Zkv^O#-%6d(3wZ}v|i*R~CNK!ty7(PXn$$tM?HhR1-Gq4qZcg5yu6
z^Jlkslpv>@`?cb>wPtE7vd)|6B_}L(qFy~XO=V`fW5vL+;O9RtBK9T_duAod0naU{
z|G*je085N%K>^|(=|7B0z6EI;|Dh#l6-a+iApPfq4zY-XYFTd3yNI8fWib@%;8Z$7
zNs}Ko;kBZh##ZRK@^OT#&XsV<d}FeIrWhGU9#P12;M5DH5*tVbYIK6KYy_mW;Ij0j
zf*ZuIr?T}`qM8OUW_;2o_heLdn;AN31{N$%uprHRQOGJ37be}MGj&KWqMwp@IMd+d
zAm>w$ws}R)nB@Te34r|*)B`Yk>VY!d(NR}>Sc8=1e~mo;qbeg<2XUVc^6uR}&>(*2
z7UrME@SnFZW5?zC8IeT4uCnIkb!^Iq;i-TIfLps+$HvCO;z)fsSzACWh*gP>c%WpL
zASA``dPfk1*`8N(7%V!(vcogXas7Dv3Zf5HLF6?NLTS)z8euY)3`z^7Zg3Gf0T0%0
zdV#2#Kfxqy?_D6sL17`y9J#1M%+Pi(TXvj}rEFH0EJkb#U1goc!RJ`P45=&aoDmTn
zYD>nEk5^$j#6l9EJVUp-wQ@nZ7@xDgAo}wQ(F}7kF^LG5R6;T{wQMGY1Df&NLKgq$
zmlgNA_gH=74HYEr<tO8LBsS||P>O<B1`sUlk*i4hp$6A_$(Sy*fH*TH{(-rR_DbQL
zFwgV^f*4}*OOxh#$;Mvns)Z607POO$#3V`z7POEu?%ae~jp{DH*-vi8`CniM715|{
zd%;S2Z6Xy^kHU^@Cj^I~{KEqT+QC;yW?tXLhQP?|6J`fUEq-v5_YOTz7xxX8_Wq!p
zIu#NlsZ#?0%+Yk{!Q~w<neVS5n|hXK>a(=twil+o5}Yax;#P2eaTcu{BH-}ZoUBxy
z^8TA>&a26deGw39K42E|JIYo6g8FYK8RN!nQJK(!eJL!8@gRl3ELu}4DXUZ}sNu@<
zZOe)Mh}o&ud7|0u*=oh{OUA5f1te(Q-r>XA%VEQ^Rw0p0wmv@R#GIb<clm(TMA(Lt
z<5%g!#4Pg~T(kDpgX4fsax5*oQ7UYDxl_+@UI~-T05r@#$_#;_$}QyPO0^#V6)se3
zGN&V=IO~#nbf-hK%axAe;uQCS@Kox;#}HI89R!0Z8xh62a8f=Fpe7N_OeKX82oudL
zpJbIelELjcEXVY=J%2GPlXq+EY@v+Bmv5vhxUH7D$aFBobN?{O3QPL*X<_?HBFL!Z
zB{mT>?UhFMrw>YlyVWDBD}Bl84>}f7^(ng#6<FNXOSRNBKR3nEzXNZh{k;6%&hPvp
zIVzVsULa#)(&uiF&s!n&*hLNF=?-={=gHoy2j(9_-Y%3z$}qxU<L&n#B8Wh>ykGeM
z+B{<V0b%!ZLJ5sPM4P&oMAy)|)@qL8&nh{yMZCEYEQ8a0E4i&u`bde>N6!1hZePAe
zpQJYNg-;v`Ja7w*$7N9!3*SW6yZzd_1iTrQ`JZ9_3^e~?<QvHiSjj--k%7qnPKV-8
z<p1-UUs9a3JSY?Jt=mJW&Zm6v83N0%^@xQViikm-1q;UfY*KcdZj$2E?!$mMG!Q`0
z0}SivMMx|o`6e1zuHT%wy}dnsKx$&5K$+FYNTN)P)FL$|4e27BgD3Ki+n+*-G}bLy
z3Znz6jVal6^s>b}qg7J!cN7a3;H`f&202W+W6B(9aTtHMf*kvi&v2qO+GxkyjC!R2
z*G;4H4ZLM;?S10zhqx{@xd5UMQtKGHBC!sQ?i6Pb_krgZ5mQ+W&ixJXT?D(*oAdAx
zb2%e8$nGA2Gjn6NS*funV;Ntc4B~r<Uo6Zcx;g;vH?e?5<lQ~9P@Q?YDng|uUdKtJ
zVaUmI?DQa72Mls169Y&SILB18?=PE}m;hgxliY7`&xndNfP1i_S~>nyKMg9zdDvy%
zEKYZ^k2;>9p1HE15OrysEn!S`OSxa3Io*R{&_cFJ%H>i4D|aL)IRGKtb@E9$nNs-j
zVDS0^rhyMBj4!A(Tw^OFORo&H>82Cq`gb^1m&j#`OCYs??wUho!zH0g4X?jNHYmZc
zP(DDMn}E*zcN)5X;{4aS^Q5@ZU;aGU*A*_XF3Fq6&M?8U2@E9^&L6BCNlEeC))JzC
zG#a-VU}Y~Lf&0t0ndFuSh(!t~B7LXdOmO-6_<2FU_lCzX?*}XPb-=;lWAM>3sYI*f
zpZwv(2Nk$y@kSXp6v8?VhiojWMR<sdmS+4yHTx)=ebA-vG)>^!5p0C$m5{ZiZACH5
zT!vU^;-eYyDC~^fbE9@s`a&P10z-guyQe{+Va)X#Ey#SmByoWq7Ew}t{a(qWo7LW%
zCKvKQ{bZ`<B=-%{3_{K6ke$oA*Kmxx%i76f&BkQ8pYHbB0#p_KJ`Hk`m!}Sa_uu&<
z_Sjvdkj>avCdfCLa>zE;!dKV^f1EBn5}muspxryrkXpDGHb^=vg}+DZU28xKF(0I2
z8QYumtkI%|#Vl4I9b|hzs|bLMRDdWKXA;wy@{(!YYU5}=Q+TlZ*{Vr_I1N)DQ2oij
z;!qyhA|8OUhux{nuN<LQ<|(rN7R3D$#huV@ruR3s!54i$Pd^}{zwYh*PSxm7MF0Dy
zSlmA!>7THHphXRPo%(~)eL_L1iX6}wrG|ojof(?Flu;zZqAzq9&|we+J>o<|MIC|?
zB4ZP`ZfBRA?p|%a?`i_j3EU^5NJ88{VDQp<s2ftARH!eL3%hvl_!GJ2w#OT^6&bqE
zojVtDp=O0r?<Kz%aUzOzI96mbV^AHd`8G$sON`uGw5t{v2PouiBtC<kcZRT~MQn(B
zR&hy+^W#G`2$+&9;^ROTcJ6d0tA>aX!M$o?qkfNLn{K^%n%w=F`5`1gfL!f}^R`CD
z$`J4H`<S1}h5x6$X6H@tD~VQnX@clYmkDCni||yjvQStl_*-A?z`V;8nwie*Xnvm6
z7t+~aF>U7rcsJ@vXHvRuDO8_Ka&Vt^BDJHKy&u`MsTpb8m{pu6VqD$sP%gs60rufR
z2KERa2e+lc$R+%4NQ+Cy(=rlSsy!W#G16R{`73P`LJ(mZQ>u}Bsh)I2(uuMPw2NKu
z%q;I{8s!$&^-7aIF92qAJpVR&@u+7(*9gRw{(tF_e=Q3dn9&<q8#p>9#mRo27eET$
zl*K(52Zu(Z)U(M8i5E(7pbSy#RPmPvm#B6)wArCOQ;Ytl`I-8%o>N5v_W|TZ5xpLV
zMwAYEF~oJK{+u^Gi?93P5w3@QiN}0f5{D?8+kJnxH6e*yEkoT1`d+2_<fE|n&SEGL
z=M3toooA`TqXj#jv?JvZmg<vmR;V>;q{EvkQ_XO>u^Z0<`CdNKXzi|AVH$QyM+0#V
zG>bhDVEKkP-sC%l!gly7rIol5Q*ezH%<NF*UY59$=j#U%a+hyWbDUW@_g@KE8l=UU
z%Nm>@w8(U*eVE!}hkV-mqN)_#0j*Vr21k0Xj82ApEMd>NYY6SvVa=HgLU5<huCp;0
zpbR8yuFJx_hTq$kK`~ukzr`LNsT@QUyQ!hA%;0(Y(AX29-l~qmfbsNU^O>Wb!S$@g
z7UDhapkWOTZ9#o^m9jjH5AJG-4rNWpv4i6azqx2pX7eR=jWTqtaSvW0<P?5EnHA1*
zO2F1jc#IO~OI@W&95+|?@%Mx~^npOYV{O@W_Hxc}JAc&=f>S$mIn|JMy8EEELv0nJ
ze*V^*PjOvovU&Z$@z;l${&T>iFOUWeK=c0JJj{PNk@RnOjbK7U#{(s2t%Lw-PX#Cf
z`s)@n4_9Rx%p&{U7FE3nFrn=punUDy`*Gr0Xk;pu?%``+e2Qs?82NYaYmZ1`_J|$S
z?F|<D(?gtt`^v(TY#5DQU3lPIi_av3Ta&~0_Hs9q_NAOi$`iG?krc%-_m(~nW_Bu4
z^$SX8#72mKbHr;Qi<M_wErhpF$V{WR)bh@VU0I>(gw;$jCP}R#&we3X%v!3#gvAfz
z+_kY%!ChLXeEebD{p_95%Z~%WTq`wP7J{IO`nAl6Mm)I}ZX;=P2@G|_aj!TlJ5$%O
z1qJp(Dz)DW27Q8M;nfu)IH4Qf@9f_B*}xJpUIZuIVmym~yNtD8LenRM{Fzub^wFNo
zdX`|UpHG94gKCgU(|#<{!RH+0Bw7SgG(5=O9_QoWTp`GOp@0Wu{leY^!Wh=K&Su}3
ziIP=<Pgc7>jQZvZkE6EGyvc~^Vy6`8=i47x*nTE?h%D^<!>+$~-oXA9&=%_G*c2e3
zw?IIDr^)@Nzy9lypV&=HY(cc4?pfz%+vYH)#n)Pd-Ko^V2-)feH)YBO35Ig@k@c4M
z+=8ygE+@*j#WM<rq6CD9st%^wl@LU`hSQmj`(E9TcWbXNFHizF;zVA&h>Cr18J)Ds
zOVAh8Jywv@p%aWXG>~suGDSyBXc-hFZSG&m{SCSqlrP;IG2!@jcetF(y^}5;L#-^1
zJC4%QCNNjLi%OXEu8heI`%4_TrnV<8oceAD*bQyAMJ$kgv%;K4N_2t+B3iew1joXp
zDCQ)RxPeWSkw7f&5Z&vs);fHwK0nPP5wF<0Q%bYW*8NSlK;}MZHXLepaJK;@{uvD6
zgO8&57;s6iCD@h8(nSc-7X2Sjv-9+GN-9OT9`hek%jvTsryPzyV0s4;sGuP!t_jC&
zQ}JfTUEs=>hA;IyHJ|4uW#w+uD`W_KhH<I|+x_uw5f|+sSLv9d;~WQ=O=Z#9TkLEj
z$vfJ|6vMf+Ew=dGPYWFai?r9H$bjRre`ZrF`!V!ohS92Py-z}wy~#MfKvg92ob`W=
zl>T?^^>>cV0FnMfgi#s{9H=Jt?jM1<N8XFwujjoNNSEIX*nWNFZ!#iDagx$tf=EGn
zW^6`l+g*6Pt$wF2NN9-R_@tpomm6sfM&mNmGwX5Bbcn=m7f=rc0|3nY7Q**3i^toY
zF@Us`ZzX2$wAA4h2Am)uCLWlzhP1J+;fuhEl6Z_qzE<iop+(Op8)KFM&jPMWDyK`&
zMp`IUl;nke4ODzx!@*dKs)Jv>T@cYWChmw^3!_w%9j^jT=*WyCw%9*&+dr39X??^!
zWr5c`iVjTDBo#^5F53*}={3qD*{~BkGT%IBnK{w2+{A<Lm83{aQ!Z;Vp=DGF^)T3N
z1k5bfWkX|ItOj1GJZ6Rbl(u%$MJG$F!0a_gN5wSx{(P>3dG{I~Xc1rdq+B^WRky$y
zOx7(NqGfSrc=S*;`H(gly3+k2`Op>pM-Ff5W-{Pi7N@gVXUiS5i#%}%?4puuOXL^J
z+x0JkN`!oY1`dxGM7No)U#s{D@8jOL%_EFm&>H~O7fIYi^};2L3gH&4Zld30CVh*}
zkeu&700uY!#vFXNe|y_~zt27r0RaX3{rciBQ2(dfDDgI*Q3R2O&8X}I<h9DG<QtQp
zz*XAGX1ijG)4#J@2rq#5MRaLJC(*Z-oX{1%sCO}vcU^!z<VCVT3Got=$6w^MroBBg
zH+upVqTfK?v6Z3|B2Hh&1~5wo6-w1fU-|DAL3m==K`smL(Krt1muXwDNOU8%#rH}H
zKVJ3s980XD;C-MO6x)JsrfbMQuxGNNR~^{OMLxv;kY`5^EU_Gv%MFl_JXg=?P}|u&
zm`z{I3wZY7!UcTM%@U-KFQ!`q$zK|a>cWKm$T+sQTRP93_M@~t-I|#)Q=5yKmHL7N
z?hZ?R#8M~3T$i9g`^UZ8y!qa}q58_e>9%!>U(`IfZMv05t(R-Maz#;x<haZ=Xwyd+
zqry9TzYF;$-s~3W=Ur|B9`B=6x2()G_3--lfgAyTF1uynF>hZBR!Q0sAk>=-5NucN
z5YJX?B<n=$WUnx@8QpIAIr_IQ^o-=T-2HMeZQl1W&IAjF-L-GWEeL<Y-iQ(M!4Hzi
zUc*YfAejJrq1C@3FJ=E|9|><%{DkoRgN%|L7#q$98avcQd@OwkH74d32vMim3*;fR
z){1sLBDO60fkp4kvcbTpI4hZ4czI;W<J1x++pV|vYgyttQc8LxxB4LHU&#c$8FSL*
zlr{+)yS}t>343$qq)P%d7H`)<0ZZ_=vtE|$l6+!-QBc4gd?Pr|b*WmsNASWmgvxUR
z>O#roP5tIyA0K9fS!ZHkK&c08G4uXjJLuoU`@3EtP`eB$-V!`5V3Ak3CfG}(n~P=w
zaT$)0lo8}WhbFvW+@>=Ydq&o-49Y)_I52?t`VM$=F;h1;%Z4Pb@I2G|AhV>uE8+F^
z`uf8=nSLL%rytHxH@!IVT=C7M=MpHS*QDo?A7i~pH3&6GHHbCHHHaQX;v;)3!Iv-t
zH(|9#zyp@Piv$ar_l~B)w<-6rbA+oc-MF|neUZ}}V{#+v=M$VpXCaLVoZeC$yS(Cd
zZM8QB#2>&BA0Kz^x<q?&F+0fvLXsC!@TRxx#wMqk%<pB>egqNsK^m1A`Sjg_HeWxP
z-hF4?#l<T-E$rC*ux5&+!_6l133m97B-Ri~aN{hkVtZ~5)uk&CZgkE?&+dZ-XXjuM
zD<6)cZ6iR;Gw;y7*d{Y+Gsbj*?{0~;aJsTmS%1ca5>io(x8!i!_4Lv7eGCduE~+z3
z_l6l1{8O!GRt~w1#lGxk#oeGA3t~xBJPiISO<D~LjHbCY1DJMA#6<gXe2znt#pOP=
zQ}Y!nkKk5X%3Tn$Mk)_`Z1|pB$mSo>kjIQgy<l#oy_k}bq;gk*?CcWk24Vqp<xOQP
zdDOCt^s1gJCi>yM5pV4h@F;KCthnP2Cp~s;hi%amSdnwS&gDOgU6mM%d`{Y*%Fl^^
zZu=W36lJ8k$O_}a!df!wC1^!$8bQS4s8zMy3Apr^tIls&K?LB!xH*IMhKhr348Dup
zMik+n(W795#de0yani=Bwz(we=`xxH{ifJY=7?(xJPiej8H}urwHB!LU9_L3r3s1o
zqx*Y0;Bat*E^%8fx-%@4b7<c@ie>4VuApL2GeVqe?fV}di2Mb1-Tv|_7Y2PH^rN%!
zJQ2GGYzr3<Y%(05@;+M1*eI8Mje9DFai$f(`z(V{u>h`gkfC4%0uV8>6e*%7b}oZq
z!_SrL+Yzwln9j>GJXSE$61~Cpku8_BeqhPna*k{P`6%@uhu$6ZU^8&e+AH55>F>LQ
z`4#y!J$#zbhu|_NW6KQe;UMZ#C-7YDQV;13{c^L~>*+((C12pV>ZQg2PUy7G;|+s!
z;HSTfznJ+d$?pPR^0?nGuKu#U|2hj0zxjEd5ox&Fc0Sm}AfQkGxwt164d!e5yF4P&
z(syC#y5Ubf85wSA;^`tyEa<N^_~fMc4`2@kNCyoo#j4PB@#iPk_a9x&_U?0Xy5HT*
zSo94yLIPUOCJ@YQxgE!cZ3t|FpWu?Hf5zvnxN{m_JZX?(sX<aF5k!ot1LO@e6$;r#
zgyJFt)y{YkJzPFv1y2eV8__!;pGnz@W|r3e7z$@a;dTJ2rrS(Ye-*?gF&v9-F0G4m
z(eg1-KZU;==-LXCF#6b_S#+6vT=X=!-h{z`mHxRnZ=z~UX=mrXaDe*P2v!GKn<+bG
z+rka`!aYy&5|f0wAP4wc*_Jh*WKFI{6DI!AzOF3I;HddxWuE@ZnLMuw?U$qiDgqv*
zFD&NZEfH#8Jk=5H2&_Qx^|SI^0j@@Fuicr988US@ZW}ct*D~|wr-P##8JRU9)1yc;
z72S1eF(OJM%l4_`3a6A<Of}Q2TP<EkM)~f$3L)$-h9B2HK{#F~*vy3`nC)7v6X<VR
zDEFc)dtjXq65>pNb4Hk44GeK9weGs^((I<R#k^NI@_;JECrU1h-}zP}xUC!3#+op#
zXzPkkC#0L(DgH`awW!qi<sP@o1*pGxAusuSLhvxI&g0jugi`$q@mHt)LCgEv6-XS*
z-_IC+5$A6uJH=KxFeWryij1G{`n=Iq1Y#M>DE-Zm2=kz0QHpXM+2!mSQaa=kH}gYd
zDIeZ_guU$eK}m^3bDH5gdE)kR_j(1J>$gtKtWMX{n~reIWxZQ78q25b$9w>P6wpr}
z;D~%j)-NOtapiJyUw9UpEuN)G;}rA_U32-V{wP%(orP6158nY9=3dc(Bsd!|$jeTA
z2)EvhP>n$F5WERT_Z*GMj&)Vbs`DdC(&RRm4F$EA4;lVZ=QF9!e1k4?!ehss=Y&E>
zW*ajzHT*ViQ>kr;(dihCiMMLkM<?qv6XQ4<BajFaYoidqw|V;hBRzPIn-|6hgT`S+
zG|T=PGdvl0+S`GI;F#^u%>m>vpPy!><WM%^bE;ruKjBY6Je?%5zEeP$A__3cqf;0M
zraiHIS7xSHm>{3@Mx#nTfTL7|9HS|nOD5ApEryo9Ex=N8HVeLq5ka>I9~Rjqb&Qv&
zn*7FJWG&_!N18(E3T<^mPXS9q@K+=OqWKz!KopC9Q#kF<jNq4A@Ly%w6Lo&Im4i2D
zVj74rO8vvbiT!7UNC^Eg6uR(EDObis&*#_^87)u}lp&ufo}fDJK%G16Zie7|6L+#3
z3L6P_%*~#%C(p7EtX<`wuD_*xeP?>9F2t{-cq913A!M93g^T`L`^-TD$v)<51Tt+{
z3xnVg7>osNggSC9HDO0(1~&-_BUd8@VT(Z$D~LDN`a-rU4aDSV8AJf@Wu&S~6yM_P
zqvJZ3F;p9kK9LcZiD={EwqG%0qxB)gC;K$ZWR;Quyzu_S7g%K%)!{{URk5Gr79hx<
zj6BN~$>z3<_Z9e*(1qE?rINYYG~}*5gv1-&I{0V>R=DXc+2`rz(JvLgNOY`)oucp4
zF>^iGYq<1{M<rvkBktXV6Br_B<<C@)rS7K=G)z}+JVkeyG+{h<*p&j+w(SBRsV?u}
zL6{KbY%ZQ8H9-2Q=h8GP0BDUiS?!SNKNGi+u)spcF^ABxVrs~DxSPdVBki#cn8T<*
zUN+KHi*ck*!Lg3NBYmk?P=+(HHk2M<mtRI^d?Qdsi+x?K&Q~o{-_PNxS6ywwCD%{<
z=2Y2|?r3Z-!{ubN7iNX}oq(=!q8&^_iw5wsO$~)`*8<zc5%svr_Gx(mP;=K-j%}Nw
zvG-PWQ#oX*-+dD%_o=D#eYz4sXT>vW9?=Z0<n(-k5X~e+-T(zO!N_4R#9YmRjDD<2
zHJLv2hh7Rdm=vmr&l`D-Axj$~S7>};TU4M3BJd#R^2C8$5~=qJ!i_iF;aW~<(C$em
zgjL@TdA4^x9X~J*L*W>YUelwvmxW>9l^OUjX_aztD+^aGnB-SG<wZ9ses(Di)+)0S
z(K#2wvntpC$e?SLt%|H43E_P%klS*huq;e^N-RyISMg}oDuu~;DwdNa^VR2m#G7pn
zC5zug;tRUL@4wWo+l%46uij7QClQMqIwC=mbPap<KO2-bG(FnIy?sD8js09sx%Vki
zsIDsCB8KxC=db2NeI<%84K$w%VA}LM@@fBRKK~WG0_QRW(1zdgQf81~6C+^5w;-h9
zqP{?niMDcEirbA{^k}8ilgXqH7>|G16zTpl{ZR#v0N4An7je&xoz8}eG1{g0z<TQJ
zb!z!~bNAc%uPez0I)WeOm<E`LCJGs`3|O)5gK{i~fl}HKOuPz=5h28!6cZhh;>`Hc
zq4eoZqbX#8@jLA(eO7XQl80mI?4GLhduh!D2Xx`2b<ufR?QLe^2bzo%h%$P8+Dn(=
z>1Ti;kogwfhKY`^kJ`;}ZJ&@pCU;hR!mL)?4!+e6LcpAU+-Yx9C0Fxh_ADhhN-tU!
zr5om(r>74MCl+6P9C);V85^qY)wbnsVhG4K**?u|5w!4ArmU%QoZ`(eU7uIvg;r+j
zEz_+3yoZ?98*oB2&NQ`OEvtq#Z8H@<v07J!DwVc|s>Ln)CZoPm!0aHm%<{dM%HcNK
zMp&#y)u}*ykPW_ET|{ZH1~W=uLC7_>eL_~cLao9Oh7?n-BwaIq8zy^99a&mUbq%$U
zjg)NSHAM)xJlZsECq*`FyPiP<To<s1Dah|Lnl#&p8*FhoY+r%fBy-Z?v^37On=%P*
z{aoiC_`X>qUGq8vTVOJ#j>BaAiUB#AyXyim=m7Jp|FKDojuRF`dBL=`gbqK5*b&09
z|AT0d)FDwuE=3eCOo#-4r7(uoT==sMa;y-6Mq}H%7tAlQ53tp9)U}UTkL*`?Wlj(_
zWp)sGki^jn7m}g+*s!Lc3j)sW2xMYTozPq&JB*LVH{FWE4Bsvk{SY}uq>!>muDnp$
zG)u$=Rc-P%I#RJMis(_Ck5B+3TmVYj#nR7K3o=g><a7K;-atwJ7ra^6T|`WohI!6A
zn6aOhoOcj-tn(uu;nPlF<35$qSfOc^bl?nZ4v^}yt0tCxO6;{+vnV^HADRkdQSqZ5
zII>1Ji+JBI3+3w_#(7iMv^5MS1o+!}z_)i39!CER7=A}=`JZ<3e-&F+l$GumK+CMM
zsHpW>JU5bGg4N-b5(R22q9LkzY!+L!kxdS*%U*tVN9qmW?;#-Tk`+Zn2M2Sn|GY7=
zOXmLO<_%^S`GN$}lw9-Wl-i~IyGdzgxk@WbaL~R%4pGaD@Mz7FYFWo91(?Oz03lKF
z#$uerQy=A~Z=4?v)%eVjC8}dwm^o=Hs(n6WvKGZ$9;2|l-Oj_yz@^q>tn@Mcyab{u
z_GVa1e~o$3aRg~e$Em3+ZLvQEag_Ts)|}I`+TM}1ZVmxUU`kBfMCM#sm0`?N_LMB?
z*ThXb*Vj0k97SQQBy6?XA-k*dQ>>}CD=`n|*`v>|y4fZxoWa3*hjCgK#bHif)+|0Y
zEa7iHOst0~5Eq|dCcerwO5p*cg}o)X@5)TNg_=|&V6=)=li<*`G9#sWL`fVu$jKdT
z&Nq>BF+8;2+1=gZYFL!L$sSO>*`+i~90ghgT|4bQ`+)w{&xvT=s^|gnQwRFG-)!mq
z3iyDXpTCv;vJ}UqfI%Oh#c)^UlG?G+(OCHm;dc49&}<MI2m1XHtDLeavv7R!Ycd?N
z_5+Adq8kf3K?@RYs;2|6K<vQc{;MNz7np?&YOSIu(jGa<+=MArB1Pjmq;PVw$prr4
zNP?O5NoqX9f;n+t4c^F5^Mw`dGK+ESp1^o(XpA}YMj6#UF3gU$6;-h^7zo{sL~0xb
zu;%yC-ivVkQ6;8>AHYPb1qcEb{m_=qZYT`N-DsT#pr$DCZl5KRev}m6YV|6#XNE94
zQZF_|+5n)A76PxN9$_*zn@>Dk@uVpiYr`S?FZuUP4`23R=Sd}R<q!1JP0H-y+kHa0
zn&&2fMZN*k=M_`5XLtCMIS7agd60=1=|-7fs7XV~>mxoM0Bd}5XL(YMT}ZjXCPHE_
zuw@;Oku_V3P$4mtUaeMKt7M4NsO%rgW5B!f^+YAD8s0-^+%!4dKk@t(HG-7l+9)7u
zcmHeD{;rA}_XldhZ#V3k$5ksHpS0b<0!k~SIP&4B+De^r<aSt1xLJ(nwyj!`dV>(R
zgu^K2Ju1StdVr8!y%A81UXSmfegU)IjT@ZfWCm8Z27Ai`*n-!>U=z!j3!7cB;nU`8
z$gqm7sAE$)ZIuC5vo~eRl|j`PI6^e-`0OmjRffSknx%a7#6OzIIQp(tS@vs@1*H#@
zZGZ(l*>4wZtT4gPx<LlC$;Cv^_;FIJjnRj2XAwO+pC+T7WCy1bP7&`SHk+}o%$lns
zBVhx+_i|UE;>%*DA{(xoqr1V(9(7ZNZ$b=|hVY$^Ihss!{B+;)uAnD`D*0kDfu<mo
z_Tz#;+^qC@&!OLz1HOy<xRVl=4WY||qIIu!!CMb|BaFlcSsdJ_8_{|W$IPIcH8tzc
zmTddacP`?husdjul8$ih;X!`yP*wZ@k}`2)=@p5}YMt$_F$*C)IZpSZ{is6jx!5Sy
zqW7YO8s#jB5jWEYuN0OZi5?OQ1$w17??@Jc209=9*1Q4umz5g=G1dfP{J)4m{zm~<
zMOpbipjQpLq6+uV#peo3t+~|aⅅ?ho1!t3}`N@tSLNYKNWh=!jBAt^8La;_RxeB
z<-u4hxp|UtZ^~`6xuK^ElDU-&4b=`&s5qXN-H$JPrwuXYgf%x=KosCuHXNU~rtH^|
z^^*h(VPJ%$cy7M>BA8gINiQKftvvNdWk~@Hutr-FkHd7iKnaAnS6#$N`eNh)YV)Ft
z6>M+Z6EC*Eus=4Y2n+VJoNlA(XL1aGPvX>z_F0*>Vk1-&j0*R?`_w$QMkf>V#P{2{
zcV*|t?z>}FCiAM@{M9zMWX7>{25=_9^S(u<Ef3NMmYd&t<!yZNgSnaE5r6@w5f&Y<
z#RKj8M_JtX+k^33!R`^iP9=SI=0#lR%vfYo&1wCZQBHZbjMxxL1-dE>g#k#S0-uDY
z$`<L=y49*3io&ji!9bgYV2by*i%ToL*@upC^Xyr8eRyp&VQo+U>c;$|k&<%fJowA0
z$^oJK%^CJzPW8WaN&k%-Z2muRn{`9!A3W?u;uGL>(;9=7Ua_605A5FSP5q;l68RbK
zk_10e_Q`a!gJa&}=dV<H3mi(6^E(}3l;-<e+&kb3Kea;fc&sfx0#>FpUo!k&Htg={
z8o{VJp%^~XVzx^V2U=X+OS;p9${@TMAD(OrbP!L{T4-2_7*k9X^bj$&mcMu~|3ffh
zBEz|}z?EbO5rH%d+D2xi<>ZD8E%?0%;}6$@G$+~Np;213Yrr{^@TKL^*bF7!0N07~
z=C|vSq;F$l6<(fdtKrfkgj#(VWAG(!)8lrpDI<$rUjqpGUU}i2jWMy=`{IY0HQnYe
zG;psnI7v6BT?GPsBEUS0daTvUxd5C*BohtUz4!_C*_P}?h>E$Insm9L2tc1oZlhtJ
z!f4X0H7qaTT^0eeN{%3p3#h1S4B(p$AufRhf@afJ5$195uYtt>?-trG{fWOi<^{JA
z7c(I8CBN^Oe|_YCklR$$k_H9Jm5b?o*4UV<W)O_EU=_JBeo(q;5XpV`2&j{*Y-i`8
zxvBRE%?<Gp;HT!UhYi9I{0UsTcg<j_KPUM5`Q21aPDoG{uF`jQ6N-R!_&dzGl)03)
z{#a|=dn~0-y(0#cD|4>41*1KRd`uV6W#4-h+`RJ&ml=8z@yBC-^u13UA5?)Ke*dlS
zc9(EB593v$G!CR?j@Rqrp>bv^OTlms)i#3&hr5lTBQ(Ao;iv8dcuYg)_=+jE6}y@A
zIH_=ON9QnATw~B8YS(zXrsQVSBo*F#l4>&1CIT^=lWk$E=;KfI5-}YC>@?7DN_2%m
z^8QDD`jMH(aW;7JgdRP6mx3c!1#GCB0@_pt7*nzQ^dh{Hq*+Tgy`Jn+NkVZpynv7q
zWx5Fn^@8^cUyY0m&SJR@7ABWiQ1s5cBJtx&kSP`p%0>N;4!O1i#!H_QleDKS6_-XC
zG;Yf6)#&aP`2S|N*ksz;%s}*@fav{Zzx)ph{B<c@;ZJ9)Du@=;PL4egi13L?TZWg-
z67<KbW_n%W>9))G+m*fy?;irf>;6nb0rrUJrx_e9Jj?en-#Ffp+-P$ivMLNIA`G)R
zVU>R)M)&AbIMbWJ%EW1f##+gi=x^t}6lNpgXO|dG02y>t>YL)3nU#)XisUULma~FQ
zCi;dp*f;G~Or;a6ss4p#vVJ&~KQ`Z3Y&JD7JIF)M-d4NK`?Dy{Hd7ID_x&e>++lWU
zllpa6pRZVJWfQ7M8?YG#w<f#|6XevT?6ooMU~gv3!4=(TeljR&uL`o)x0=*ZsMq!H
zPpJHs(TbNQ24u~OKS46+%MZ5MS~k9upJi-pCF>c?KAM=Q%5pROPBxCO{juPt$_4Ib
z!h8xYWFxuJv4-OsY_K0HX#WEBuO@V&TqOkp1mF@_yZ&E*@Hf@O_*L6q(@1YN+9i^i
zO@(wJ$;w>C^aJHcgo<eN0(42BrOu0RXYA3EI$SPo8wzf;^u(m}e@qYVv`9**5P4mm
zpPfuJzeV4FJ15`=vCdNy0Xc@4`0;*RC)tzsUIV{|ccLJDIQYvWb110JhY?kdXz<8y
z_TwMa&B5c|y1rRF0TkGU!&R_rDf&suKy}Rog$ba-delhNY{XrPTu*p3oBDIpIKz?^
zrOPp(aEr2bS)J}YyPiBKS64yz2EKhROtxK9#?MnLk3xOa;LeL&nF`qtJ3q2vSFw&F
zQ!RD`mlAPkRCyx&NFu$+N1q`bj9e>@Hs(&zJ(GU2&vU?%AT8e?Hm_6VUz(MjE$!CK
z+$lNYSC;h!NAY8~MidJjnqr;4(Q+R-zDA3G1%{di{`D24EiC8TGK=4bxAKc^Ig04l
zatF_K+e%h0l`HFxP3eNJHl0nlj}Sf)9=D46Ojgs3k<K2B5EmS9y{;sU=C^@jy^241
z1~}3ua%D6NkxP5O1h}Vb1d!6|$BFq#ml}W38QWcp?_3^^w7H4HG1!kI@s<jjhJNG~
z)xj?`qs*o=;Bu}N@&q&I3rN4yBp52J;=a_4s+}Mj-`z~Ct47cu2^dH>3D_^}#REM<
zc|L`J{KRsIT`iAQsC7VraE5xm1sZT;r?gbnuz&ZrV(167)P<iw!xjQ6!Tyfy9xzM&
zW!V20*}eElAh*zhrb)}@No~QX{FJ2f==j3|EJ0Av!JP$>t@AN{G{L#-5Uhpau102E
zY12}ZV(`903~Jd?mo-Kq`Z3t*T0Q+@y1&xx^Y#F<MU}mv*zbZc{#~)IV%IM|L<*nE
zU0bvyoIc=AGmw~1pVGC>3_huU<Q6j>4B10`C+>6<)fP&{0)aRL%1j%!aVjF|Mw=9#
z0V?iB7T@t;jYatks!wi$bT4nbr~<ZFW^z|rUsLxfxnwPTXpSg&(@b5`)C&G|N`Hi*
z1?yslBjz;kpwQd7rj5tQ^5xW^lqw$WLpH5KrAqkBG^H#D3oazDWb{Mnm$4{TG@-1q
zFL~TfHU~F5Uzk;;&^+B`4CdByx1of*qY9-NwksMwavkyH6)({1ddl0B6+{O|v#re-
z<d*DUEIC_KF00f9IS0SI;nMbJ_&RgXnxh3dwpZEXiZh$2XS`nz=M(qBz}JcP?qh!u
zVk;E~Q~p4-XknscjFu94uD?l1WkALO(ymUnNCC-eA4S~n+;Fvjze}%ZjoB%k7&%5Z
zraVABR;XjiYTm6I+{RUVK$$elT94Xrv<~hOE6fH_CF6cu*(T2G7+j=N%X-Vlymb0l
zSwwt{Rh!MAZ?jv;bFHBnck8eI6HYyY>-fw|t#QOdwDJ{nNo}ev<#z4uUlGGU!aPZK
zw{CQxr<wtJs^5&zf3fO+)NzZK{fx?l6s$*KFi*OQai!P=7X)fSZ4e&#u2DonK(PXv
z6y>&Oa+$5HVDfC+S;`lvtx+z8%jvKMoQ%yVf`Nbu>!13*lQw)l@$@r>K@Y@QzcZ3c
zn<g*xc&Sp|v46-`vtDzcirAJ#MFj<-uawej-l)_icw68?AP{VWO*1G!7Sc>QXsiM2
zYO;|pxUYUB1wH}~eeBbYq8=do5NZxXJRABhP|YO=0?t&A3?7ju4&M$L?z5f)38Wu@
zf|rT-Cg{%Qi&cNZJ;=EQGI?LUzenH3#~g`kZOqxIp%oJS0<MBfXJ1ObdJB`Jm$X7a
z4i`LqoQsdMCu|~{l^_}0B-KyFZ_qXpQY)|TgLH8{n45+rkzLLCTOGBQZLPY;yR8`P
z6#b6#!-6B&8nhD?TxtWa>FKvo`UBq5;rr)(7u|oc$+zq@dWUl^*kBpJvm3Sm<;Uuk
zI^e|-CXZeC!|Kw&<)QH?w!QXdfrrc+@(zRMrfvUlooUzFw}E;l9h-tjo<}Y_j(?sT
z@~21yF2)GAg&lf?@wz1F)V4Nkd44i_ci{={qm<PPbgSAA=tn9;5cj(KQoDe&&Yb*Y
z@*}LVYJhnmtoaF6LzW;O9G#5&9_v%6Ta20d6wG)p#8@rulc$rZ#_Dd>gU2xo?50G?
z?XX4t)UdKtv$>Ld=vuZ#TlOr2nPa=q=3;~GBgJ3e#TCw_@n6GyyFkYM=5*FCw*6fn
zEpA$FRRC$ITh@Ob986XSw8-~|h;kf+TrMF!p-0$ZFI~t6dlORx?yAP;tyWHve~#22
ztCRNRl_LU|^EaP)S$<x)xgzRA9jmIVSLweeh}2-&H^RypdzjG28<7AA2XF7+vjop6
zo;<=!^I<)f6bNp9>K5fMl<EA?PRxrcmCh-jd=n&t<>FZj+aeL@`NNUUU*S$U+Y;Gb
z$ep}5Y5$0E*B3?JocetmJY3n=m>>)}UM2e4^o&kvdonl5{4Z|+y{GE4^yu=9$kJCe
zVG^WKtl+Om(Q3@F%py!|&9}`dA~~`0g;-{nt=-XaE0jA~Q4FQa58<ELlV^>;ziw(^
zwY^c>@AMKz>n3v*kcK4{i&EM1wU-V#5y@@0Uui$#gZ+$f_V@(1Pvf7qF{(zny^HnO
zdPnyi0S~q`zOil>a({FM732}(ssV;}Z;)S7hme2sl}Rj52fKh%ly)xX3mx@|!UT(o
z74fv<{tbR(WdJue*9~KcCZuNiRk?;sjN4BZ+T%2nG>Q@Rs!G$ne{IP8f2SgUXs-Na
zn(y6@G=EAUU-p4Nzd6nO>mz>^0#o1vuGwJvz(S3<hv(OEa-|X~mPbSc4{nKQGY-@w
z75JsM9~XUNd8UIh+TKD0ib`(cf53{u+h{(YKPWi;c0Ww<g~rLt&74DVP!KEx0hejv
zvuggym%J6e3`RFs4|*(3lBAIk-fYQhN>gN_)42DdtjJ=mt>Ap^Dp>t{5*ZL5%Aix?
zwQ55bXm`@kN3~O1!CGp)(8ax4q((p6_ahn4y{}g&yrPO8DdllKl5O?-p4dxpycT$+
z+gg*Wa-TC80j(g+*F&!f|MFJEqWwk&?TmZ8`-ydGUIixt^@$VFR<&mhqLkfydjacK
z^BnJ_k#i$olc7hMwG7e<)XQ4AWLUoh4KY;5{$%44hZ?6*FZZCZl@gcRO6_RN<>rCd
z?d#0R+uznCtazTjgaQBSTfd)1{8KXLKXvEhMx}sbl)-OP?ASXPQ9u1DIBJj~5aYB(
z5K(|r?VT(Z<ank9C8$@L_#ziuU=Iq0w*wIQ#P6L{omF25RQVXb%1^(GuGJC2uSgg%
zm`rzu!g<e*1$#iPQalv9zWSMImp(t*IJK%mf&EEP3&1mbN2OdXUVWh@MC0izzc2HN
z41V}l!c%*o?^Mb*@Swt_50#`ZdIm28xV&hvb*+^rYDdvQ9grX~j|3t}?RlGx34InZ
zvm;xedZ;?D*w>)_s%t{2`(6hN2R$e(fG!v&zcFx=V0gX3bB>LQo*#2@d~<xjO3eFL
zW4$^374v$;C0XH%av$x!RH=TL-<zXGaD6wLEgHDuLy_g(A3l9pjuGh7!GKjcX+xi^
z0q~bK0-hU=>l!_bi76=;f7?u6k{o_F@b(hI0Li)_*47B(<+)N2Wi-ESiwT7k^lu|(
z*7v<Xz?k&_hUt972=Xw}1=X(pQHNQftn&8JUTIUH7{2+Y!(|jAd@n&#i2PzYa*H&d
z|LTR;ca5gjfY_e@es=OtZ2v<JDe2GbL{_OpQb!XQKjJEzCt-w<efW|~scjc4Ku-vv
z+PTgdaXdnCYD;~su1)yQ<m5O|%^{RBnU{s<=XCSV<?Hk93)B~SmvlS33O|Uored2(
zH9S{9%lH;AT*Ax^W_i}SaPUfm6D5{f2V>m%(4|0mj3JU@@m^6^==&hpQ;+n@v>gQ&
zr%n|JZR0-v<h4*jSg3R>lK4CY;f$>@;3?V%s65t1$e&Kt$@`Sim`gkx5}DBWVWeB<
zP$Wkg-m8*q&FxjovcdZmYbj|k^CI7B`3yQ`yo1SLpK==GE;9_m);OqT{QWyh<;kiv
zAcO-bzxIzv4Av}DbxpE=6`hKC-!Uo&;_y*c6~|Fz!IB@3MsF^CsPXyW=lQC#&O+^>
zA^Ha$>#gtztCp#rH^)Tym^alQCH9%*W~wjt$wgy~4K_Gj-;}aM<}Tu<9<;KMZ=AZ!
z=XLD$b08R38J8ieINeR_JvV#06chv#DwRoj)QOMfz;{zdS+sj#%dG8Vyavnf&%8zV
zD%&)S2^3_T3AM9Ji@|YbYeE<DTf}^#Hlz;<Kav6p9F@PpEy6cy7JnoH%yX$cm5>2c
ztzV-wX_P%hyg!CWr4)*EDynQgBm9*vXM}Pplt4FN4s0X;W_#rqUH%81orHf5-}*TS
zOwZ+4$ya@U5-D@Bk?|IuH*b)&4r3F--lQLvidkFNbxGNO{`c^0y({G@h*U>l+Vb+-
zv#rbB!{zm=>$~qDn*N}?wEhq=k!4u*7BcIpba41u7l8sk(+Jv~@`PHeykxPSWNn!O
ztw)g0r#<I(%cgjUEJ?+7sjg#%R!jZHayhNxJ+{gt_$EY-Q=E&H2d#LbNv47+qt%iM
zWfr@h4Rjj0A7PK0HNN_tt7-dQ@PUpun&xD&0BUo^<+;7j4ug-#anjbu9?1RX1a~hK
z+KCk~tSKtL^%2#?3TWjd?!RW(!fwpXA$Tx(eQYZ&kBmUU5E7>z?@21TJXAax>mQIX
z6i-POMe8`Q)E`(ZOrXpTdgX&lw;tx(+f!(J;vmcJB7>a!5mMb6R1{&f&hE^PmS-#s
zQN3b^YP(!xnqMBqzJ>2+_GYgKj{R2d5O^N3<zQlk6fCqIwv+%yML*3~ZJ`%*BM}7s
z>KIoOO<)Q#q5RG;`il$xCp11m{!eePyDX4cHM9FW#t7B9ji?~B0$6;0qUu6PR2$+s
zOn|4Q4<nJ~()M>$OD6+?Ng`~dsnEkAg;tmcGYmVQO~e57N;%Uqo$oow73(c5!OA?9
zOWnq)0H;`G46#oRrU1Y$%<kL*SRuY#UUii0*3_=<!Q28#A-;T`+OS7w1i=Eh<wsdQ
zK|ni|%5!^R>HQ7>s{3Cr(SHXLg#WJ@Toa4G6*E1@K+7kAzRnlu>llCIw?#~Vn_vzm
zDx#AASP6?#{$nM~JA<<p2b3!K>LsqpqHHxD9i^F&R3rjzw1-HMbgQAMxthdC{H_?b
zJCsJd6x^Q%g&&s5Dg?1iV5dLwz<s|nZTYtOoS^$%OUNW-vfbhU8ypRS_Amk*2i=-w
zuKz0e3b`5<05P9b2@$JYYbvzYEfX?6Z%-`Di{1Nl)S9v*6=_x08#zV<<H+qjHh^&q
z%VnJvt~C|<O~HYzkMqhQn<fsN7_KEAc{9O>mYHkq{63U75kR5H&n1DiM(0W!JrH@o
z%oAR;z2lW1wkva)2Ynxi!gsLP?f7a;0z#4t8r(Q9iAAm0V`pXn7$VFv?eao7y430(
z23Y!&V{`V`)FP#YHIgsQ&T4tF5H*?TEJcZ;xa4>m9nr`(_ttbiIJ}j}lAKSgkdH+*
z%WENIapKLB6xEGnP;(LH1j1+RN!qWIGxTOVq8Qq}#=D`oFT0AV2Z`RR@S`(!3f0Mm
z0~dR{n!Mrfx*oietvlc0Ws<DYqR#X&y9Zy_91K$Jsg7>G1dc`EwLgIjMeC6KL{HZ7
zjVNMfwj5^6!Oo#7YvXadmlk;=5%_?&#t^tdwyZ7Dt<xhK4^TLuX;E?VX)W!#`djL&
zl^U2o52OakZ&Kq=b)J7wL+PKlX3t!tHE8K!HATQJgsAMd#kawRpbVH~E%h{i_Q0hz
z^)nkU+nAOV`ilC3F?_V}`n4|->6$DiDHABOzrp2t-gz*w{`hzdyv8}L__as4DsmAP
z-=HdT*rd|aZQCHA*XFhlQ71Upo17jzMik|;dX_ru4in>Uo|J`{$s1Xol&l+WvzZ%y
zu*R`R!J`1hWCLZ*_695S#Yu!~u}R9<%;95f8wF%-L)Cm<=uaV<2s6Rq%<@Qs<}5&H
zL@j2vl&uI_h2Rj~p2Q(Chtg%gO2|#)hbD>G66W}PG5Fh4?TbV+B|V@#L%p>%&Pdr0
zK4d&-k~?g1_#l{C>y6BDg`;9rzQmBRv5MCsZ&NF8+O78p0$A?Z?%!`N(X;}gn3Z5;
z1;`664(?p@;GX4`IN3BC;u8`Lj*E*4qQbHERhRI_^SBk`6Fa&FonBvlM3GqMihPEk
z%nxSX7ce4H$yM!tW;;Q;`)ZKFUe7|TRRm2jJ<`sj*W0yA6=5vxUK8DJ{89l9u1-8{
zhj?!`ILt*<vjGpgsqh?`WV$u;1NGT-YahAU?MVC80w)&#=gh$cXoXuCTgMnx^4FCK
z$`cDLn$|if_tXBrP5&>$6LYoz3GxVh{1|@2cS!z2*5Tj$kd+6fsX*6Z4^7lSC41y5
zC`ydrw1^5-E(NVbrL-U%zu!}oJ`kZ{d}7`icJ=82QQHIbc7~uQMra}(T2+V|m$#lJ
z{eFMat-AW{8R7!s*aWRsvu~VP_lGmgXRnUiOF2UR@5itU+!U;2Sc<q~*=*eJT_KY1
z5;z;tRzXBj$rSeI^wyU)1S60Kzj80#;h<WxLxOJjpxBK%hz|pXcb!UQa)RR=CPqW^
zL9kA@-RJ6uxzWvCP*A0?=MU8-r40&0%AD}PnEe{0#_x_enVL2&>v8o;XhonvaWc}@
z(qxj-#Ky)FoK7w*O-*w8!0H-SInhRBTSlMy8+kPu(o*A|s<YYvI^U+>YxWXT^ByEd
z#@wTO^`!TJitC8_F@r{l%lFQ`Q53V)2d`Wz5?@>rP35SGgGO+lMlDJZSPXhDyASA|
zy&Vn_Eh%hWzjN@y{V28dST{1b=W7_l|6{4wC5$D$Q(y1F3FMN8rmT+6bQFQMzG@9)
z3nshnz_X{Gt0jZ&9bi)P4CRqUC4-H@6Yc6?;}K5_-MvXGa%~8<*{SkYYd3STQ|*Em
zRe9Qu!S-Lz&p!%et_q%;_CON&07*do8zfM5vatT=(*YbI?g!$ZkeZ6ScCTm$Lq=Ge
zpARjxjg$l-3JS3f6bcm^3OhmAjxjek7s$^o+$umaLJdTV)&G<}JJG>$ZF+zD@(9tx
zjv-ycsL_X3Y%}pal?=_rxo{GnNUtgjwX*;JaQ4nYvPN6_X4$rFyXur}+qP}nwr$(C
zjZ?OD%5@4;9k+YB@12<G`<sZ|e`RDu?)<)Q=X&0?*1KBkAc$jQmnB|)t2iii5}J+X
zw2}`wVP3M_kkUGpAP;sf#R3y@Ep{mmjuR}~5+M;2>y7p@NJcRi4RID!Cy9!Ayem@Y
z)hoGZ{t?}Y6dqwOU@A;;R_yF#Eu;)0wlL-q3YQlRFi%$(6X<araPp}|RQ)<Z4lOn)
z++@8F)-{XzFqfcU{k^@eG{(7InO?aqselTTuWwWv=s|<9`qe~c@aWZFv8k9#Nb^aW
zEDxEy@trtnr}=5(Qr72$J2n20S4s{pdED6Y3+XE2vwsx%jF1|>k=A%Z1!Y5(7m%W0
zx_A6uKF+)U4Cn8D%#7HPu7Q?Y{ht>f9ZQY0b2*aT1nE%*QN~nQ{JA^if6>cdGlV?=
zelA+(&+*RqZ(KNa8|$AE@E^kYuje;KQRk;u421_6x=ZAp&{E~YniiGBwUA7;gptu-
z0@+$Z!0_D=EPc@;Ri}{);VbeJkoReXTn7LBKW4^u0jnS(S8ZHvdChLcIoX~3jay;{
zkc*ca7_b3%Q*4j&g1g~Tcc`~K42WS3b-$d!6DoBj5e@7byu1&EOJ1X9oKEwhUmjed
z-G?I$k}1Ha?z+W5iuq&PGs$3f6)a^-DR;i6%&2G1sBY3H^(%_?cp}H3k2a{(yo<^5
z*e!SyDIoGLx%sgG3KMVbBY$j!-x-c{?WeiSb(|Pd2hsVb_t@{O%LOsGQDd7dq!mgc
z>w@X%k7*zyya|J2$%)uLK_$UhCc8)-Q8NYVGp3=CWs|1^jZo!2d{C@+6_Jk=vk!aW
z5er&_a8s<XK5^P8C*C3ygvtl+HTl&mu%uHotMWY`S&_pRSv}`!!1^<scW6sgW$)Ug
zNqh0&D8K7+Kw@*%jNkf7-fcmB9P0XGDgd;`G$AOJG=-=h+Bqi9_T1ba$bJZBc5$8v
zbnycdV>S(Omir^>RTSjJd<Kg#oZ6YR9FYAF5HrynzO%eFAp%^XGB?<T`wa>*8ex(n
z@@3eMoo?L+OJ$FZ_&QB&Xb)+S_a#>^wfBR)WutJDe!zHek5OA2Letj=rIi;MC)3F-
zOQ(qLz;3Yso67WP{cB#8UA=2??dKfe_;;ZBCk*|$o&KAE{`;0%u>9!(<4Lk^WR%g;
zVYO^-t$<|#;}XXAE{9MgMhS%9wxRIJB1yVVp0Q2OfPF*#4DEd_e%%9qRXEtTi7(Vo
zG5HA>9DfodVQ*iDm+SyK&6V~G<$DIGarFuVhfr)f)*a?d9OS-y`giZAhIH;E2l0PZ
zt2nmI)Oo}WjYO=$i6lvd-pWt$&6Y+6vWNrgl&i0-0=upO8F5LBurzP0)O+R1gerg;
zqm4&%qJ>!yG)>$$oUbyNV77e=h3HHToyj^-4T?iU&A7${<2q6z^Q4RTqt>O7cwjxl
zNTyUmK`I!9tk~0f_Czl{NND-ko1#VNXyAokRn;4Ic}*yan=SvoYlK$j6?>BGR!AS_
z?7H5XfUs5@#yrwX8|zrF-GOi!4``b^3QHx4rUrbU)|^rKA+Kqv)50A}4Awj0J~XHx
z4n;D3Nyjb=OZ+)M=6iiS1vbwsj9}uy%?}5oY6oNrmk;O#Q?1=Y+W(DuH9yBxL{Y00
zrevBdCC3-!Gbv`PNOL-aW~)%G1J^%fGil6wLkB<QO*nt$9zsvyD_r5eaF0X9r(biJ
z@+Z)9c7*<b6A^Gud;#zL$`E+2Ap-ra@SSwSQ9*UZfqu=6kMDc${}#Fbe*lZM>%RaC
zg^*}@7#sk=6v4l7Z2f#%(#hFc(BS9Tl2-l4-%g1-w71r&3g1}oj~6=jnCe404!KKW
zX#?q|<?m9NY_-pL>@wdGN1QU;;<e|N8tGIN9m*Ey>gbp;UEH{yMMer8LSRjM1Bb*=
zR}=p3R5Jq@FziFdQGXy{RgAcrzj?R16OqJRvhNRbyDvEpKD!=%r`c6%eGh|D!p%{;
zCuIhnGh%+)0%K=#-j5y`-^!u%uZ$lV)nD47^pkh!j_>p)Poz1$S7oe^nc44ElJ8KT
zEwX;Z{ks>BZoKc6d0)A`WOsbycP@ON#Ggqp-!wy)OdnBsUnyTRa=ZC{=#t-rr(a5C
zcJCFrJM-s#AI&l+-_J|ekD+nB$7SCI-z(?eAItpTdJ?;(w`Y%~d4mXfkjzbSQ{LKi
z<?J8ILzysmnBDm^oiM$UwfcN4dy+q+IM!Y*=+y*(bT3aWYws7j<9N>w{p0NJ?>X`7
zUhcv0?NB(|CJ~l9R^`IZS##Lm&LP$&>NP@XnUv4Hv+~~0SusK`U3N4jf(T&WH=TEC
zAFidX3W<TqH$y{Z;hJGvpO`>BWi!mC#RsKjMGZHkxqo%QhjA)Oa9NQx4Ve;|F{Z$`
z!7_Om;(h`voN>)R^FJ0tS7S!w@u0=PqVB1)pk3bFP7Sfz00Z-E<Jt&`wErP)04%L6
zKn7k&8hhs~(%JS|kR`jJ6Vpae3i*A0h93<TnBfhzu);-RuYnhfdyUx64IlSNrEav?
z6u~UiWRbv~7QyVXglR>@3w&NmyU9jgV_-#-HHp$ZXL1-39u)Mv)1d4~#5>X4YTmXc
zJ+&H)DW`rI|3ru&mF~)xSzlUX+=|WdU7W&WO*V#%MzOmvzn(NHEoxedjJTN{A*~V7
zoYFv?vl^Tsbu<S#@p*5|?S)Xt#sbG|fm`7qr9PIVs%PuDJPDIg1Susf6O$2P!2IL+
zD`L4((LS?Wt)5}wWIY*aJToEey&M}3JT^1!4l){!)6f**y3`u#89JbZoXVgyDyhyt
z=x;VH?7cN@_+~Ej(n8n(V@hVImB9>2js44{ETn-oDF#OWf~D!CcQh=GkLBtvsw}Z5
zR*XO;0~Fqdy3s?ADiu4+krpQhvuV*0klZ8k{COoKjr^#bI1EQN3sVbj^tUM3a^n<A
z+uY;=%hE|o?1A*Pigtq%&1w!Q9Tz*7vhXpJ<lzDJC9cb1g}9p^qwZAY-O3^Z?9#J}
zIyPdWo1rt<z3pcHuye7&%1$@bk~$Ura$5XhcuudReeg0%;KsBms6R<~Q-d}cFgg>i
zHlsW$Ggq2y8PmpiA(Fyb3Uf}|IWS$!5lE5y!E=0s+WVf2rMjRQw<UcsC)ux|AQ5<&
zvn;kIBPFPksuICbo3onr+a3*Iu4yK5Ea@8dyR+H?MZ`8PMNBCP;DOH4rZ<x-XQDow
z4A<1rWQ#Tv2M-qVx}J{xN`Jbm^{G3<r1RC|+W!4Se8d$}YoZAmw<UTd(qJhqqx*<<
z<E6h?sqpsVH3wbI+*k+O(`GTKx5Ro`9twY_Eym@6l^#nvlP)%fM-~6<vC&$=@1Hc}
zD5bPx=E$0vCH$070=fv+f&@EGVBA$suDO3{P=Zx?>*p>>kY<|Eq{OdjF`kgYk)sa}
z%+N2%UtFsqMffQxv^s~E=e!zGX`H7faSDuSJ9mV(__*xf;`4+YoT7wApfEMWaE)f1
z*GgOdCY)MUl?=n4zN4G)ews<5q3dIpOuVOigAwKps$TLAO8ab3reijB87WCsMPC_5
zBQ%<anPIAFg32&w#DU?IC6;zk+OY0qMM^lNb*0;2O3jST?^3YX$QLso&IgIXdgPeF
zN-k^`kQm4*jTYdeXty9#>RE;XyWQh*-m$O;W<Pm}qOqHgdc^s2|71zJL_0rv{!}Qm
zFp#t`Fz_XiBLo)KF_91Yo-JT@rjU~bYr7vl;P!_u=r(cRwpZ+Q8*F##<-B`ruV>5h
zj(5jyp8AohvEMOdeh)a>we)z@l8}T}0WyO~f9U`v8m&#g`3PDxO1=0PWouQj9FY^B
z>DAZP=y#)I4H7iYa>sVQn<MzrXbG9^+z9gF;>5YWmR~+z@0qcMx!bDP1@xQ*oBXwF
z>nipZ=;j@;_xheKui<>sqXQ;y#X}I-%RDsLMz9&GrcW?da*}?=zHZRp*YMd-F!(!#
zmG+!jjX&ZpTzY5JGtQid_{_LX1yOW-#1j(PY~zeUVXqj$dNAojr92^}sg&*3Pzm67
z*#kq~TYHH2=ZTk$)K+(pD^TbQ2*$vC(<r?GrO6c*B``b4_%rDl8f$`yT$b?$T?->b
zrSXhS5cGRkSas*?YuX|HD#|@QRD@j{bq&gb(bdJkje(Q+uEq>~j=eyh4<@#AlQRO4
zvmuK0*Y7;k*}2Vl*Q$AzMyU@o4VAKPF*YU-3uGNSR_@}HPO$TeST<)?Ej*TzD~$aG
z`~l~!DH{IItCy{nua8QzQm2jct4s;)>?b_rbAArMM{G6yur7-G>Cfyx3Pq+I$kT!e
z@zx5uI(ue`HI?4ODr@pjrKpyLq1Oz_6~S&UgCO80@8u&&5Ghwk+d9jwAN5Ne_AvDm
zvn~lK^{?9ZX_YN|r&?`k^@#}@-iHqamZX-rF;I#PHA(y!XLGVEQt&@@(BN#zwikO>
z64c+sW3ww2zi9B;4-akcbt;aXfA<%f{`IucC%innKWb-P;%kT=g;<2*Vz=y4=<F@%
zD!yOKr@u~t2X504cAr`kL?WU>VQ{CC`na5|pL}c&Zi!lJU1Y=}D|A7L=Y<?O3;wVV
z>f`h*hqwXxut)SpxZ8}}6Y}pXgXqP-dqEqp@s~pzxZZmeN32$$&0x{=AG7!EhG+$l
zLm5c&FN@sc*i#a@+q{o+mGw1F9F>`oa1(VZGi`RY6m3v*lD)QDW;t(Kp3^#`V&n~d
zf;cNsRkAq)a-fiR&7Bkiyyo^0JU*R(F8=C1`0L{s+Kpi&e?`c5R1wN{IY0~nw;P8$
zR3Oa9e=F~XM{j@b*r6Qu%Kc_s9zW10&IM2j(!t$+IF{4WPq$d@YSHLiO*i9{Zc+y%
zsH#hAjyh3ie+w`%HW5Z06-=cqsCAz6C<I6Ng(dsf-;1+ZLfMvAPV|ha=9fc2rSLi#
z;`7pxUj9?TJa-LjvQFUzlV^q{o%|k-N}DIpC6Eca#iz(`hA?1kEgtmqRaLurEnc~S
ze6_5y-}!F2Y%Lc8JP_q{XBlNP1m{_0v~r1Ir^Y@BwpmtB<EyHKM>K8pbZ+BFr4=Pz
z=enJse_DmYJTLqgjB`VBnV`Qun`QP*(7LAszbUqB@0g%<O~(w2oT*1&20w0r<KX*i
z_~2ym19Ny`eDT4@;^y(*F>JqKT$bh(@Ofl}9wmOJBq8kZ#mRGr&A+3Re<2mSr|yW%
z1zgt6BR^K{F^QR-dmM+1?S=6uM|`>ksj;u}N%IA&;J1HJd}07i2gBV4kZ{f_?|u8M
z`v}(T#I0zwyaTA-rCmyC@D${RS0_>xn~=^GY1i;V*sy$jf_xTZbL;iTf;h?T#YQzZ
zsc?y<#AaZh25KrjkV2&-5ulA@KThkEG87h2&U4Gr8hn5gVPqORkb`xsGRbwFB!h5H
z&_Bkiv{kgf!`Sx$UzrvBwIiNKH)r;N^QxPNd)F~Z8R9VD&vjdnqnz=C%6#evCyum*
z=iWD81=b5U<rFd4j1#DvK?yJswO32Z-CeoomW6Ine}%FMUU$nWxhSPJX3-<mlh-1U
zdus{|QFP-GYB890n}UQ~@S078%Q8QnV+)figqE`jGQ9T)o<m1u&<m8*EB$;#Em`G(
z`y0r__->(=f#EZ#LKf=pxP?-bHzK+9hypaNU?5*1d;}ko1%ySi)ib_PMd7330QIX3
zD*FRe_6vxd4@iI`Wdc1xiVyUisHj`?wzSM#sJsGGN+@~Tr=}5Zst%p9t)t)3i4csP
z`ozTY2~w?NCbEO#MOvVvsMZmckala?JK#oV^6ZIdn+htL3aV2D#ktDfW$6y3j`WsN
z<_nu$;0s+c{w0;{dnSv(uNK6khvm&~8{|!Hfxh$TZ#}VZ1suCh;or%#Nv7Vf)&s@c
zY+CyY(bT^tZ4AHa6oqEJW=nWr7DDW7AY7c|j-IEQUqDV)??8XE%l%YbRVYUj7}JAl
zsBN)vv_WrKCWwiU!*)2&9xohD>Y<8aan?saYHN`As08SuI^Ne&o>!f%>74V$SntdG
zZk2R%;c%2oFGXc9tfO!QpMI09u!G*HMa9Sju(gz1LN!-`E=IIc_*b54%b?=q>vSjF
zoaiSobU_bZxyon=$gtc(ITa90`+L@%9RT6(^OqrsnGnW3TPHNeBDTr1?ur7|(lZ@&
z0_C~T;m6RSDbOpGUHqxkE#S|c8Dt{cRuJx~<^OqoBK7Pk`hh4$)M5_?oN>G0mQ#C0
za_@K8=RA*d^DwjxD-tgLk_KZ}Ky5?OuoMay1M93F<QKDh#1>~I`Wy9@AEcd0#nxo5
z16QQ(Qq%=SAOHMe!s!U)@S;x-RB}qg6J60J7e5nl26|z&LbCQ$xLPqmog+J6#EEmR
zhF1Q}^c1wiUv*;*`XuGtoE;1PlxD$j)+5}&#OZr8V}@qbiCY)=%3FD)syX#{FEuFq
zT1a{BWeLt!h@*K4?<QYpOM(Zdq-aY7{vMcRWIOqgm}Ll_3K&MP0M~v|>f-4}u<8rb
zSqIBA6!<Z#@;9!a-XD$XZg=>YN3HVO&h&i!MvY}1Mh%47_P{Qa{C5A}S#|_2Pf(W4
z==Z!+#|cdD<30@?q`bHEmIPMIMkENHA-XP*Iid0gRo7=<t^TTVZvmZmQgTb3_B!RZ
zxuLqHJq>PY_Z{qd@brnQAxU8qV`Bydh`)n9sPib=cjT}aaHA{vH)Z?EG`;X`3U|x+
z<YR8}sU-a#b^bYr%;6L3Q~M*rz5cBK)fD?bsaDADCl4pBO2YULu1$%Nff{7^@#JdO
ztO4Z-gmx<|Fr$EqJP>r?vk~%xh#+YQbJ_>wPEJ1<t+7jI=f>!L@#M<|KpG|-L_idB
zUUf@~vY`bXvbM{SZb3{Na@m%bf?0~0ENN|_iW^kvgkUsKw@`BIRM3UIDNlAW?QkiE
zVghw*Jm$+583YJ*FH2^qAh8O0lEKZ9QY7Uwi5bTo`U6jKg10fG=EHYK+26klAarZg
zm+)<%lNrPN&)Z+hVORZx1^}qV_%~AM|FV5?16yNj6UTr22sP>!`q(RoU#4oQtA98f
zP`L;a<N1-s?h%heF(B?!ge&USB?FNIHMFob1b&8PgO{O*2ehI{7KA8T=Wn?bXiFe(
zkkP`@f<U2YLM1OI717Gyr2f6=-cF&xP8x3Z+sS&_neNW;VBYoWg7<NJ;Q>IKHza2}
zoV2#}%;5m_3GAE<sLB~<0$&S10Wa)OWm$_j@m$y<$i&WRhh(RIEjas&`Y|4%WnYEy
zu^zCQO@Sb3J9r(~DKwB%*f$l?vQAm*cDzTve%+soL&8XqIe;TQ6rX>CCixtBQU>K)
zx`)U3=2YODm)@;5Krj3)1^NPsexp{e7mbe)%9kEf@|u#5r+8N%D2DQ(8I9+%$4E~9
zDLP;mQaXnEAv?{tKb+()IdF^0U9$%dm8)<k2I}XyHz%unNH4gp7xLUk>8?891eL3H
z7Z}(_{TdeNN9C@7@senNZUX*A`r#$QQb+X~d#3SZRp_U~Vn^YwG@xbp?FW7R?XYJ9
zzC&pI_GDg|#IGCpdjT_I_z8;<nfz$YW~J34_ePlE$U?##w+vUzK7*#J#oee-DJ};w
z`Z9Ry@hDW5N7~+bOpuqhpNcHB*}agh*zJ5@IB0dGn@-6>92#8Rf(8Swes$|P+|Mg$
zr(o<*)0zvrDIuQtq`M#<Z(b0@tB@HZk2OzT7d--$TT}V+Y?%j=76GbtjORWW?b(X4
zj~wy$i3YM<a3wM0wpv@R%4QsVXi&s)@Y~2?Vs=-qepT%2#!-aJK>g1A_Db!Tx2D&)
zJ<(!8$f{LCK898jn*kA5UnXnlBSzQ~Hr!={C7givX$a}zhF@w)2#<UQc`6i<fz7=c
zvAa04;Y)69JbCStI~6kb#!k-sVQJCk#UUV@j+A<tumIjUkHQIZS$YP9XP`~uAUAEu
zYjw#|2Vso;>!}UDy{oe&V-0b^n6P&wyNXwjp<0KOHI<9~vqV<qFH~5uw{byF4*esN
zCa$M?zU#k@^k-e`F~1>`m{Kc=65?w^Ho9?`eX6*E2>G;BxZR3?Z;|-TvGr!7Fa6Om
zR3&&GM4J5fFw0oNN=X-SFXz?3M4pdLs%MdPE6)VgM=T&9FL+RGI8x#ql_jd?=W7dv
zSbP`G3O54%BV|EUtVQMnUR1pO;YC6(c_2~o_l<VqUMwC~S5|5(tF5Xmt1VpikWup-
zJCPEEIjkQEm0g_NpVB3nsL8QS?h};Djmg6#p-ifdigCazsE!vwM1v7APxB+Fjum<(
z=`xEI0Z}ViG~~k;_Nh9~Ap{Ey<c8iSIqhV$O6JzCYBW!)P$gCnBQB<6;X^!>lryQ;
zoj|>8e3I%~Y<x_bB$tMZrKDGt*{Ula*s3k9Dr~JQRqk!H2XpfV`b!rRUe!y^S%gZ8
z>>DJ-prx9KhxpagF_SM=b~-cJ^p2@!&6$UkGbNZY)cBHusb-M6j?5z2+18fXpp(p+
zkQHk4=u#r>BZ5xKm8C;cTZXn|s;IF!hJth!#Az6fve2wnSz})yolc?^x0E-uHRjkd
zvak3v(}tL6Y@y(?E?~(Y0rK!W&1)q|2fr1mh$$Gi@uSait0hdgPT3Y`nuqG_7CMCt
z*=n7#T4bPIoWe_8$&ePH;>0L&(Qo1AF2kKYR-0KoGMfSDr3Csoemka|1Pl<`Iip2r
z^U9IJ{}L71RP#!l8y7-F4;RjmgRUm2d1-A9e?W->X-hvqSY~_u&F1b?g}wInTXR+A
zo-soGrwI}97#Yn6u$&AhC&E9+lVZ~Uw1V+4-joVoEd$$qm_vaRj<R;ZKbN7loD5h#
zYSe$G!)SX*lA)Ij@3`u(pTA~rCl5FiTj?0=dZbsT5{eKewl=-3UjpzLp8MtKb4|95
z5tsgEA?Pnq=rPCiL&LbyN7?~AvS#ySdNke`A*h%T9U{Sq@LwVn6nIM@We!mz>>wks
zY^8+QpajB$T7dxxYF0gHJhmWz?m_bW`0;&$jfDF%iKOxVqMb0I|1!|2&Q{uqreVDO
z7&N?Hml$XzYtC=KhaPJT+*VLu@@(qW(LNREOP#m!;#j|TXBfN<V%1~G7;Pl)Q;K32
z?lv$gLJPPFrX0!p+imb5%Uc}GnVi80J82MP*;N>E{Xt+ny{`aU7v{duNXLc2E~&Jf
zf)gVwb}IXRXWe_^;%&B3xP33XaQ<%LEq#4LY5>ad;pcRMusyXHVn<xRZhXqJDtEgo
zn2phDcqo$A(%4uVf-C<E?3|e)^2$lp?COF80sx2Nmm@PTN4M|2aRg}BE6Bn2wL_IH
zIl9-F>|>De`D<Y*$dIXoKA0ax?qFWeM*J{#G^GT0XLRq-#iweW77t&4bndRcXrIcX
zhsOcym=V|9-C-<#IU=48T*g>`X5u1Gyd)Sw+PIfK^+r_nD&YD{Kch6&knuCaIZXl2
zIHF>uxuYAFmuLsAVO7BOmM<u>J=zurc9T6E_j&-7H!Aso_VONg_N+G5=8!5usBQSz
z16#I%X1dB4S`*$|MI*R-*mnG6Qo1~S_#)HVFv%ZJgUyMdEnR7(rdn@XC$N1<L&Y~;
zl=_qqLtl0>a)<Owd)q{NatC30&Y3q#6QOh}1N_n!RpV>1rtW23bGOY<dy;)H<u03$
zXF};T`F(q{4qTyh!UA*=!Pe<(2DP}vSF86ksF9j0_84dC?$0;Zi*M&W0?}#4bsLH4
zt09!30FBy>;~%7aMu;SVF`OO1&B$C-*oxv78r%9K6v?kyPeQ703F%0c{B)p6J&W_;
z(UU%1bVb6AE!+qFkfdHu7*sI#7$OE8ldvh@KK}c6OZ(Pi$QVvG>EC*m2qRD0yf|99
z23luYykVv!`jV+F&4yN0QCl4YhUWY6j9~{K`;29z277P%Kd_(V?Nl^<iq=_5)>E*p
zU_sZz$*8EcsI`(yvA#6Y(5Pj>l`sVgc(oYM@))h_4As$Mu|4Is$2)BPSW}L%dNm?c
zL&XSM2H`20<cF2gh9w?svIggYu%8?w7|IzzEyRWTe^k<?q-si3Fr})dODI<tEsZGG
z)HQ9^2_)BPOp}JJ?AvLrRxwtSQ`Xa~@SA9I=}Y3o@0KySBL|ce>FNiv>)cp>zQHIS
zOG>jNjddB*eDOjcNwxmF;JQ7cqXT5=o}%=KN%{mv3xpa|=u-i>8l$fEOx4;RS?!FL
zJ+bTk2Z0j(p6XY7cTA)M7wrIU@xCmS5xR>JdrlaSGh(7M=uN54x)i)2K2MC-Iqa5L
z-k$G7?583xUP9@i!nry(S<UdFB6e>4?C{d!vAbv|>YQYdyR0Y1oRr)?=($EWMNe#6
zaom05)iAXqpl*uUA*%<WZkpO2YzLm*WY%43^`VUi^-cn@yBaU_?F9P1&l{6BfnFT^
zG1q-UcNU39xbd4o<CI+D5dUBjq3@)Oz8<jrx)waKIRM<~4X1a89RSy%7xS#K^bAtD
zIbmu3tRXK`c~eFr%mq%VanSF9aI3>7Cylaz>gH&d4GrfqhaInm))wcBW<VD51x15H
z;0Mx%8-Tq`y2wK@G?9)84z|1SE3~sDNTw+5%OwoLdUK)NLof<kEk4IBwqJ7z!xGwR
zs2ZYpCJpO%s7>+oaPn}C=0H&9M8vLmrAs6z3V^AKgjf?X*B{3{L8V1`rU!JHHXt6q
zxOV0Oc=LvmNCo4eh?Vq))?%j2$$JO(Q(-QEN{vzMfBPhn3S-b8v9J!Qj~Epg-8H!-
zW<qIMiLOUOO$mn^(WsjUqd1r;Uo{Q0b)t1)D6wTMxE9~dT`1`<n1yZu1@KDGmH*{M
z{$4D}HOfVu!X`bNqY;Rm6n-uPK`uu@e#7=;^595>mY0lbh>ogEO)bog9Wa%}&7pcV
z^8ICN`fXRH2{SKA+!*x>t%YK=&7N^Aq$n}=N}oy~qY){Yl39TCzHHbtk>y_89yNo`
zDNu%*(VBJ4+d-M!;g5^Gec<}h=HlvR2ujU_yDUnE*J%Jg_ijt`8bcdRyObn2KbM%K
zQw8KXCYji8N3J3HarHK444*hs5^V!<Uwp_L9ci1B!Wbt%%9nAaFX(?}id2f?df=a4
zK*}F)(*L!-;h&k}A1pDFqNTJc`s3*|IEq#aA>6?tv%~_~jDaW*K|(?*ak*aTYFU2|
zYfk6ffUc!19!rA#Uh^9qmU%{ccN2c)Tw}w9_1c(>+l8g+^kX)cr%gk`@8j*#4j^^E
zlp*TY7=@f6NCs0&Fx5CYWGhtxv5~5X%veWMXdD-_OYmmmRd+m%Nf+`>a}=BK#pHv4
zB*}rmSV>e$obFJ5yfr#DzEs>dc{q-8D>P-;0m&697DQYgs&!_&dW1X93n|gVw2kIQ
zQr!5VL~$iPA1zKj?;NdZ({sg5rmKg}fa!8Qch0(Rpc*d?VRr&s3yDm!rCVWxGTh0*
zs7*Top$dyNQgxjsjjDL~BBc<d!|(_Sl~^kD-mx@sgXAT%fx13{a`oJq$;{gLLZq=6
zD`V1kWc&ywvJ~#%>K4WFE#Y2rSiN#h^m!P0iS5%YnT2OJA4a20q(l}~Cd=+A7QS7}
z2pkO^ms7@+HQfpd59`o(tT=!M4Y#ePiO$Nk{idna1kb(mtb1fD^+wC*GvriDW9+!a
zFbItJCBvjOT@La6{9E>hCsk?t(02Er*Z0Up1k3m0(gf+(Nz>C?+O3-<%wk4t&je4L
zwX#s*<sYGk<oBBnGM7ctrr-?tap5IfCqHNKUg^28>pVQIPBAgAtqaGsC8v-0r|Q1X
z;fl&7r!4Owl%%X!X=8~a<vUbijhWa(ckKagmdcCbAsbM)5Z?V)+?(8VLnj3cL)kgC
zdX!2$ausyTLGBw)x`iJ5qEk(%9?jxOI=c)yyTw(XfkT~>Mk7#a1EM@l<$5gJ#}OBm
zJAVE~R&$|&q55!MC+h5$_9}fD3_94wZLE#F*%?ZAl2)?s4XBv70?P4xYJ+2(H4|43
ze#X2uB(zzFN8p}3X1l!}_uR%*((GdB@1^5yxxC95uDFM*Kkwc_yaCLQzd%a!BeTSJ
z`#}pCJ(V4>#c;@VqwNFTDF>Mv@b*#edmyNXrx1Jjz4->0hN%%%&oyH1Ob);idnG>@
z2G_#Zh`e)N6@u*$_+sy5hQ-U+6IRKM-*T)Uq5FGX!6cN%fQDIE@$|KokO31jsle0c
zmzDkFSX3YxDk{){q%AI-{i8A~!P<)}(tx!Wma71HSC_2-c^8&10eM%Ju>pCPma_nP
zze%OPl2>81i(O*Cv<eMUEC4o_l|!Iv4&W@si)4Xq=Mh}Xr+K`C)SORPBi)5`VY)a7
zuF1KJC?@lry=8O{*i#1{474^e%3$&r524-A=j<;}6#ygd;xWPI!DNR31gAoqkTheP
z8|0bG{V_azqdpius1oiZdxoxgWH^U%{KovSDH&L!`9cNTd;4)DQkv<{&<r)<?2NFC
z{?&1npW+bhKSY|RpT+dE>>SPL4eSk!%uVQ>4a}@944vqmoPX2^14m<e=l?uWL~We^
zhei_<{XaAsFA(%vVHlnub$Jx@$iEiY??Td~5j@$@@OuTrDCo91W8Guep|?-I+<?On
zKCiq$p?k|)E@X+4P@(6u>KWSC9)21t%ZXjq%4FC|6$b>?8%MlkFjJ!F*|y0kfm&3?
zDOk2N71_?SHP&zN%yF3g2(~Fmp0pDf1{j5Kv!oS)_)D6`sRs9a$jo9_`&>Tc?I#9%
zi$n8o>o$A7>T87y|1#<ay&Q-X1rh+j9_imOJo)F{|C2;hqUPm}qK5jtJz?tBn2~HO
zl@FcVX3<EZ!4JivZzV3Mz7-rFtPdbV-jy`de-)IYA#GXEvaD)VRa4U<(UPoLl4>}T
z2umq>30&W7srOu<NZVVZnRoqietNjol~e|p_&(Qjn)~Y|d-rEK-DZEi9F76f4D4=~
zkFfq?@m`N{X-`$^(pf(gbv1Rs#jiab5_`1|!uE0~ijM14h{!VDx*8q3bC~TO36X18
z=y$swsmbn?86|)FprrHSGTTjvk~@?|znL5{vuDTW&5FWo4^!gNmY~PKNxA=pnRhz<
zxBcBG+oLb~lL>F{2;G>Q;xH=vBQYA73GcwXkLJ*T&PRTfm=4F$h_ZL^EpGC)GJ1%q
zm+X+S_cT137t;dslPPu*W6u@u^endH&IRrX+na-KDES^_?XDPl*LhzHX2XEiz=f$E
zKuA}aS%$Sx#VK_{9$~BYM)8wUiv2?-73+6Hq(NjsrfN)qNK3j(ohU1qoam&y5n`g`
zMFT{{am(1y_LF8fwX|!}J1tB{HaY_gZ6OwnY?Tr_I-My6>}V2VU#7fJPUfy6ap;ci
zyNpy!$cpj09cI_ZrOcE%c1vauZSh8jX59H|3e4BRgf)$YfxYs`5Qw{^e4NEog?U%1
zwdyA9z94ro7Okb?sa4kb9ss8HrFcOBDP}T1O(|&=1wg4NeyYsihoBbZzM446FARau
zn2~SnUPy=b``Yq-_7yt65|QcW<dO_bKDU(&M8R6kXGF#vRZX?PBk7y(aHAEPL6VVh
zT1-YP*TsJ2P^noH{{h?!<s{4T#YArI5v?j9KwA|k1uO}zDvGk;C}-tRw5aeSB7rtE
zXm}5w5w6G1;*k(LX8(QQB+kzXoE0QQp$aQT{8WZyIa_9r-zajVLccY0%odXO<Bqp*
zL1)&B^ATmT-(v#-R+E;~1(oi2K~R?qbO*p#DAvQl&}At&B9vhMxH2mkSm>k%-X2hf
zdMoarL4a9VQU}>su_?E8+G`Fhxr+|G-1&r_8y&Wjm0%mtR^;blzXIl#5Le3I;rs}1
zK)T9zLfuD$Q&74CRmxLEiz6ZUl&_4wg?li%N_R@!C3|Msp15YHA2@yb6e#W&T2w&+
z7p;>gC!_tDGBd2)^n&-nqa$(-?tRL4)O5LHBUTq!nOd8gRM?n~Kd~;TL}A~k9aA(b
zr7r)naJcPi(eG6EXx{JC+n2k~m6WHJ0e&AFEv1!EFk5PYUsx)4T-^fxSX9{5m%rJp
zEp4Hc*P2&WSXfn7SM6a?WYV^u%6DPMC=r^PA>!njee3q%xnU&5xG_~~qz?%QjQf|t
z)P5PN)Myryd8JtvLu}#SlL@WD#r)1|+77*yCTW4|i84?vGa;q=@U?B+k{+29x-a+h
zQ3~o4;7@pDh+E1-`M`W~9yF4R2i~mRqj%ro{p#dbLUzl;?+ffZu!E5z-_64~iKF=|
zJ0mWi^0%r5j@3k6NU$WS0wPj?v5sPQm|dZs*cFZ?Tvm}qwvPhycE`bzOQ}-ey43zC
z7WR6xCBCIHn2zxKO`e2RDY^FC4yU+08&YyxKeC$J?+}ZH1&>86tP<PEAGU>6u$ByI
znFw=|?5Ij-uvo42026I!`M`m;ON5V&{jwW9&MFV+5N5;(*VFj%NxqCsHO3NPIRBwI
zJo;CX15TR;%+hF|M7jAZ;iekMvAF(lgV{~Z;6Z;o+(ht-qKmK9L~~Kd8uk-lB^Qr0
zsrr(LifN{2_D$o{?PDqCoUK5a<?0wPqd|EDJ9B8p$Z2;ZW#uMWGClHsG&DsTz=|-k
zDtnI(1zP9CrC7`dK01xTEP2VwFmt#8S4NEk@j<e9zXA=Nw-}Mh;shlL?@^2RuG6rQ
zw-tJM`2()lPI#L+!L**W1dk*E^8N6-W_?h2$K#Hkm>;C9_{RyU<bhgE`gtoVvrfC=
z&iLtvx3Ag~XBLOE%hFO&h$^D-0v5$R?M2YhrC2I`6+GN7qjB5w&<1!~+>^k`G!Ab&
zJakHyMYh0bfbG$qrgrf5oguvGAtz1$lRKY}!Z-+}D0QnqxAWaV^g^{zGjrJT6*Uj&
zh#QEa23CiQ2_9)oHy#HZ^3--v)EoMo2+O1xBWcV>qY(vxJl-r{VAN9j1!XZ|jD>~t
zt$<mmpTs#pH&X6!^lIc)lKHge4UMxWE^zw99YAGwtl%ktsYJQGM^jHNpf*(jxQMr1
z#ahZ6r<Nd=6P0nDH&f6Yb<!Jl&Q-tPJ3YVw6XA`xkuAL`6!?k9Nty?4?i;W=!9E3=
z?s|eo5a-THkas~*xwRmo`qW#LBu`q&kKB;*Tq#`b{X9voDny0`n@Q0kvu@~2G{SSY
zIGG~q0bdG1_^m*Lm#RTzT<VZvr2bp7sR;j8)@Z{tfifc-Q*|wh$;+ifeWpQeYNWDX
zw+2D-)a1@XwbVfb-q8nc(G39Bd-j*VOA&y(%?4EB^~`wUw4j#h3W7LYljd1cNOWB^
zxohY*-dqZBI~BB#dtF`1hrPCp2t)Qo4@Kd<DaRQ;8+@A~mhF)9mh8DN_|IVA!FF)6
zk_EiPZqOG){F||$^*EtnKN#>chc|?s(IIO<xW*Cp;O*d{D_I;f@OzNUF-TV+@(pT^
znb|!HSF|~C=DTX;=+oj6cY#hEddV4g3CocwMReU1*TZOMVBMsf!OKM-4r)mo?35*5
zszJ6&?+p1@2UZ2T${PaZ3piOU?1fka6~2@loy2UYBpl>q(PWZxxWYydQ~~n0>3pNE
zZTjaVu*Cq>1LwGcMwf+ZslN?mF_lo@ppEYzq}(`*8zAtHwzH*ex5}Q|v!mGQLUJ=i
z-4Vx+>PNP;Q|Va2Qp<1{g;mx3$y<pasKiuJ&NTel{!Z<XSIzspl2+g|Ek&79vjmNq
z2F4l5xEX348Ap0uzmgF56)+Wsu`zZE?`_)e;ZgST(!=};!sls?V5&6OR+-A|htdKV
zjzq8Zmm?aBWRt@^dCS?g*j_E)6Gyzd?G*Ud>ut)`H));cX2fC6U5P|=av?3zd4;)1
zoFj6!*Cm_6$~CV>&@z))i1ohyrNlKR;Xw31dXGVV$n}5i$@`~B>p#I&#YS$^6on@=
zK3yN`p|kd~v!z-GeL4!dWLuR}6sR<Wj6W$J$R>@K5Po3Ufoap=QO^dSrdZ{7@2!|j
z*Ba#VZ)HecnN;uFU%ho>a@l=fU!U**%=U|~P;$!EaE35eRJn~aRTT9)Y7GOfN+Zmz
zBB-RTCa7B0)Ks}m+o}yiu4*IDt@JA0hJTYHsW#WB&^Dk@SzEofnsWoC55b<5%!}>g
z18V@FnpM_PenxY9>%BuM$^~n=6_@GP8>c*AOKo(Q@Xz5#5*u(1+N78CH*Jr02kw`o
zUV;z8QVpJu+X~uR`D7r6j?>qnRd2_*2u>(*s?<xCTp9fd_0n}=)|y6xsIx|a-f(pB
zsfurkWI?+py@V<4vj3%3s_jzKtU;@_X#xsal{ll+wPYz*gIl>`qqa?>NnN!G1x8^S
zHRf*I<yxPg&&RA=uvMa(Gm1B{S*v}^Vzo#el}YTexteQFHQ0ptGA?YdpTwK=mb%6u
zqIHEU&Wr#%R{KU)C6BJV4U<jmGy|WVVk$qYCQke$&f%&9qP$1(pohrUkCWB=7>k3M
z9_E|XHGbH?MbbnA#K`w`FeH#-%hh#^R(y*r#!RxAyVVwFaUCmm%e_FRIZ)%|Otg*7
z#KDE=#&o#wJSH>tNcqIiX><N|(zu0=d&&~qBv}*NMy_U!W_#2_u(YK()b<)H8$}-^
zZdS36ZQLpRGj5#)LmCEAp*72~?HGx5K)G=hI^8(g($#I5VZ=V4mV05DVTOOx&O-*#
zdAACTnMxe6m%HRfRE9V*wS<USy1aO3$X|J$0UK1@GYA*4nc@%+`P1%53)X4eydB@=
z_%!*`KLZqpDxK#WvSWKGn$@GIpTn;-FyaB^G?>2VYyujFwP-JG`bW9d)H9*`1Kq`c
zb)E5c59I?hcBTcP9XLA{%j<s_{C>9hww$vMvLAsVi<BE}kaDLCQwAwFR{tYw8Qi$B
zhl)YY4cE)AS;Od&dDH*cg5*Z+R|VgW-LVeB8@_VBPn79lZTFF%$Q_({#o-=;L>9b+
zoUuO&hXV@9g^FW#Vj0fQFA;{q=s+`CpQQ;#W4xP($HC~p-!~NK!QDp`=t16B6zIX;
zXB6l`-**(~!QYSADQt#0&n-CS?;}$r(vS+8VEILfR>nWhS&Z8xT86D|l)R>?3!_rI
z$8dv~ET5fgO)G)ca53QRgWvJ30Qp|gKEMDg<FefK4<9W<_I^B7doW2h76FN}m#g{r
zjEECHHy%BS=)y@As{l>admf)cI4Hm4+FoHyLfU?Hea$rhF7>?oG=uEoA6hkXdbFKY
z8z`52Z!vBO?DGAy>?H`QzWaX)sY(vk{~M%IP(()k15(9V|34v>z~Y7zdGkLYbw@p8
z>*&q?e?lt7e?w~R{|ltvB>xkn<}LmoK`IMH6rJo3q|ze)`;hvdyZ?Ve>dJpYDyFnL
z1crccetIwobT~nPrcmSF;!MysDNA5X(htQtG<I!dloV)c;_H{x__UF&7K)FwDwf2<
zCPc=y%GbBRSE>B1uW9{V>BHCiwe*~wG1CNy^!NH@``62K$LYt7$4&OzOA$E$%@E&~
zdK@;idB;Qy>??p$m-cHu_S^G`Q1{mK6m9p`<djYKm8%iFZQ8v7d+jJL({txNqIYrz
zzSF)eyXoB<&nt&gUi`g;uWzIY-^|q<%0bg>Hgq2Su+G_WNgaZd1G|!*KIzNd9}&#I
z##>X<f7L&IO?T)I0r>hz4goR2O}NLq=%-$xg1#!F!_*(+qw6~E>ao)f5l`?_?_Ds(
zjB!lPeK9pKftg|_FpQt#n92|7yn_&VN2ee$OQXl$u8`@t&j*!&-V|s}T%jQP_zm1d
zrEaUuLJ1jo>UFjYJef_kUqYo>9fz<0Ns}TgOW9})OILymM5o=E7>B7BRfZnVHPccV
zuvh40`i-a;SA?TcN)971EHYPfqi?L2i82k!&vT5wH5=!+`)aKiRnYA-a~zBo6ayyt
znQ$K}DOndQJY-l)$2MW>3@RhaGh;nve8Sv{3@!?6d2q}LXJ%XOg}1sT`?c6of{tl{
zVmpnK0nkAYAZr+xR%%OzEW2!V2r(6&&{%O#ePYk`{efz�zRmCb+(Y1*O&!fMH^E
ztJ4GDM1GN886io)d&ui6ZG3myDdMp0ER}e{wv1_6AvN(BS%&(|;lheW$5)xs2@}b3
z)sTxg;tVb%tVs`&kcQKqLuz(fAXfH=m@yOV#X477OhVDl+)!?6p1w4xQ2v-B+0+yj
zH`R(4EVc+wPx2x;TSc7R)u{E&Xr;Ba-^l<%XtS4`$&o5g(cnw+NO@?G$@8=fIWNgG
zCB>Rw9%hS(5Ytz^aYC^bi3mU#l=hbFVaZ#d#Z-xaV&B_>0_tM9TL>ownp!I&43nYv
z*6fkULXL07D92Phr9<@wEdh-fm(Jirys|BW{a$5V`Jq<Pfu+~lz}tPyfQ>_*PCDeZ
zB2CSKmyLe-J0U35m_Yn}4N$((pQ@2DIc;}=fhhNgN>Ay7_B$m|zM(nP4<LH#S5jH(
zS5&3GQEDjN5jzk`8t#~%Nwj`GS~eUwk9C_k&kmu&iIg!Ta*W-(RPHe&Wex3h1;4g_
zuPS0I-*t|#ur%qis%%y%SJNo#ZMGBc*=^0ERa#k^hEPgQ(1G?1-GV~3N3d>2v)_@C
zI+-iw*L1L{Z_cka|HApR_SgN?3Z}`y(WrL?vtmD{eJqcm1%u0!c}MXMytilRCU$vT
z^hqRuyGTpzPV6Is2p>1Zsg)kX8mg7`UC=;}2M}&8G?NYd65?u0c1e20y~n!d_c%!<
z@dVxNsC-kKM$Cc$C7#LLhsJ>3yf7m!KJ%zB<{vfgENJ&2J`_Ve`+n39SU+@i-lrXs
zdVS{!H%re*sx7TLmvYQ)9JI=8N!EC`$@WYtGQV(6V`=7^&@F41gc0P&$UhOLu}YV-
z<(w^<i3{YJzuT-3on(H&65MwDj7u7V%HD^CQ$UdqT<m9#K6E_p$Xbmrh{*rNx!leR
zw{9;*d{oiAig-&XC{t1{2c;}?vDk4z3f!2{tO3M4MHal*n%USuIt%L|NN_}GMv`$B
zJ~lcV4#wJIDt(O{1SD09iJlF~9d86Vo#~z}-{9En<P?}V!bkP>d`Ct3Am>h)QJ-m<
zEtV!tuBps3v~3VpIo2WV!*irOR4?g#xQWY-ypgk0ffXa+H^_u?z)QwZc2)h5-rZ@V
z7{QD=8|)7S8DB?ja#PI5u#9M~CU@)NnIS|z23t$Z`s@dz+bP;RDq2mkFsooH<0D38
zB!7g`$mwlG?K5`}7on0@);x<EYf<zS|6cUbMvHq(6klO%=}mi-9sc&nSRcSkW-QL_
z8<FU~qdCWavk~vLxYv@);#Ff7pEokX-EWa6hm(2w=w}Rl?MfW?+}}l&`Y2S1!LKW#
z%ZGzHmaxkSV8*9ST+A(qrX23uuF)Kieq3*I#?wqk5Kf>3YJ331q#(H^VjhCNW(eA9
z$lAI9Cl3LTL3-n|$0v3xk_Ah7E5dQkQana2Cs4rwRY4VH0jrV=-AHi}a>&q-tUJBO
zo@=PNJ;uNTEw|z@O<>QQ;fF%1G5u${lr##uiQ-zMY^JZ=5y6RsJD{V6^^F{HTI-y~
zA(a!%p`qV*IfYX)J1CvJU{obj?*eO>6v?w8eNHvC^Q!HE)Y!oyMw=?H`95XR_=~NK
z<25hf!M}YP$<4SSAKs}Nn&y$FlFG#$4fX&RDc0crjh@L(e9WYWqSZNBMP?GXMF@P#
z%V9*rm<M$T{N3?)+EMd^sYFQ`Q&i<oj_|tDVl679*~w)8T7*)eQ3O>ZEDdj{F`;RS
z_FRL;2Pds<af#6%RYSXhl)T<ioj+Gyf2E#(z#ULlh>K7xItHMHb#0yQPCH}df_KtP
zOg3Acb-3{!9pS4N=Zn?oZnLc=mJ(G(8{m1PCD#q^ppyGh39|)>Wb8><keKuyVA3L{
zKY*gN0J#Za%=#=nj83^Is~zl9`brSYs{#10Ju%!K84l46;#Odq1NB$LwjtqjcuBj?
zRy5ae&KWAXeH%xR&jIKb^-llifgT3|B?pC0Fn9?SHwo<+p#>^ls-U~DqJ#QHKcWSC
ztfZHNbSHGsB9FWD?>J<XZ}Jjk_erWL8)eVG<@R-DctprV^vZ?W;R<OMWxa>RKJhn5
zCA@;9nbdlvEQ!cyD+0;J3XFw+XeyI#uJT_t9fWEhw#2Z+!BsT`xMHic(x!Xd0a`Sw
zs~qBg9&nu-;+q_?JN{j?H;$ML4xztg4v@J6hVT6961(8uHK?r>gzduTN8Sbske#W<
z3KE5X#K#1SAvlJvMLEG=V1IL+Swve1hX{>dh{bPYaBv<%U%%hQ$UF#ksd^hZb<NN6
zA82Nv;3i2>Q~LRzQi#qC$?UQ(-6PSJ+-8g<6H}jAnbPVORNPUCoUumkT^>ELp99%x
z(3RKk!*}&#L}Dm(gd>`WRAaCZGId0)En!CzW}`}h5s21v)HD%Fy?ARGs<$OIa#;7c
z9r&CTAS1bIlJCl4g1Lul#__Pgku-LMl_q`Y{d0thZ9>$i@PoHwKU1szUA+BAjP_r6
zyKjpvg7CE}d)4G*Gbn(KAa9;j`b>Jg-yDJz7I@iiqe$-HjUEL>*c{O|tCH5_<i@s7
z=#KvC5D9_=-!DXHI!l(#pOUDTQj+s#+Lx1I=VteLs@L}km=9DI{&HUu+5&W<uu?z!
zObr{i;ajth-O36px4z11U2kLVKKYyxdTPziYTe*7Fp=qDjqU);<#BbgFli(Q0Q6pZ
zTa|w^!Ju5g|JCu>l?w$@yAEqsbh3Q4{ps36sL!G|mC($6{zAhArQN4Ss@QWImhe~<
z`xq*z?`hY!;7b|5X}6%M$$Hpq#pPOaV|{Zo?_9N7YXgnq?s#CO<$4KTc3(pr-|~_P
zG~&Fn)p^;qV3bLn!Ud%C<eN4*&8DMw4HE~iyf+Rk=iv4!bnarj$CL|FR!E%2Qp56B
zU@j5Z!@am#{F(cOpt=3B7N%46D5koG;m;NFoQ11+5?f;KW(p!HM#>lcJ8XgywerBY
zQo<7_jy<XimIf^oHdErtA2&NPm(k;`-oBc_c*A8OTZD488_EehFgi#~d3F7LpcM0O
zPbyBnkrKsU3Vxnf8icewiaY$E1uX@-69q5uacUc%2KME-o!t&i-?rmCbQMLxOgXOQ
zM08B07q1xXKV9pgRId_aWiXCIfVbJPS<$A2{O<+a#x|U`q*nnjM-8!{V4x?hqX8mt
z=Edf;L_D0f%(J27xv`|KQQOM<T<rxzf?E1d2Vz|uh*O5vfDZ@MpsDnNzC=PP^=fnr
z$|8GXiziy0rn_l$4;I>iUFsF7T+Wau=lg(A46n8GRu7N`FrP5Jbf@l-cQYunh`lL;
zSo<L;bV$0=203@vD7}*Ilp&`OyAlS#8h_3um&_G^ss$H}!Ye(%46rgVG?vmM8EvpS
zFg%v#4N;_vFpNf79x>FU4=tmA-io@9wZLH9`DB&omOkW}o^O{fq*^|sLhXyYboY<D
zix>8hHNi(LlT2`_9vFpccyjRAD#7$kruAmCuz_Dnj%b~qrmfrJ8S?7OMxP{&x{v^J
zlFlU2uS+~Lu}kTeKG-fR)G*{NW*a@nM=(^qchmN=i2QLxwEIG@0E<fc!1PXtj=Lk&
z2<nDED`qTP*q!2rocUKfGx9QPnY#bOEa!hT^Z$1x`hRCRv1&m7E6e!<kkBGqvYYex
zhEy_F``YdR@T8^f_LtlzJUa~DbuWjI1cLnozr4Y|)weH&YoSRoN41Prjw@xm9tw*?
zw@gZqRWbz4yeuB5jxiXgt2mLJi%8N26-y)6A&ex-l*<MyML!sp!U16hM6ERFQ89^O
zh1Lf{h;kx?v?qs|roYS#55jT1%Pv9IxF5AW&$#eApSIzxv^ZY>#m|JZML0|8rxZOE
z{og0Z|J?pR5oC=zv^&ZQ>eubnPnwe}p&r5hxP~z_zTO{^l>#XdLW&(ei4=i<h=j`+
zoxSUF79_CMQmeS8xkXhZNTs|+q^7*wn!nnx<+o*?CVoqAO`NL5_0YR{6pxu{qP3y>
z@bl(v*UOgE9M4aVbMEan$LC|u2Oi-6qU@c5L<yKB;jwMowr$(CZJe1oW81cE+qP}n
zJpbIgvGMPBV_){IBl@+wGApYpGmSRpl^}}Rx%|BaT-p&;S-sOS8k}>*0GfT($r+cO
zcgyDZ#LKSduphQfafA&%V2$pu6K^Z%mhth^ZtJRFL(K`;w{Hm!v(>?mdU9vv3g63-
z+pWVf6y5!R&d$w~5z?L66`s01HFKMZ>GuGvJ#_ij^u&kh#nG=f3cns2e#|3o^mF|#
z)QJ(D-|WH=Gj{APJWAa2DGi(dd2VUegl8rr$KYhv^PS%0OKGHb>#Z65@g7_6Ur|)4
z$yZ7;AMGI~=In$=O!OOW=1&)PuQ|Wo-iat?>ZC{bcxt<+=tw1#-XX1?xsRX2AuRh2
z%2>DsB{3C20Fab7OZrl?)yWx9p|JI`t5x1)*f6kc$cFC^4`427gU0e@bXkfX{vxY?
zm+whKSqcIMs=8|-S&gd|WTD(O31n_DRSg-Jgeq6c8G){+?f6&-SGDe<D{HsEj0WMJ
zsU8E~>MyzO!yv9Edtx1TIc-Qow3Tuz-jqzA3>$eG&;%;ZH|ZeGD_MFeLt|Kq@u-r8
zKMTnSD?69y3#)~unU8*ZnDO9PlKE_(2_rQc`QtBeFM%d!kLI98O5F5Vra+Uw?CRQL
zd0w}H#*Qo9Qh9I2ihEc;?b6^6bTeGUP*Y4<*Z<pusw--^M3YU3*ZJgE2VMQnO}Ek2
z{hcHDahD1Y?oPI|@Bh}gfm6X6wYXwt*uA&csNE7wst)pTAQr~2WD{{_f6q=pOcP`l
zfz%gs;C8qGvI?PcyeMEpcx)6}Y1y(jv4oa-n5r_2b#ifeDwk(3C}?Sla$0gpfupS=
z;hH%mw24cLeE9HxGk?r<hO<dkRh0*ioBS?-nB=TZ99CG+;1O0vlqw5Nh%u?!CXcNh
z$fFKD<zd@H3hZqm9xq8C8MIh7FY!iZt^+ZPx1<r7qt2`|&P*!;Co->NgCbf$ZOqLq
zZ9-+#M-_!|R2Xn-p;Yaek+N4h)C4@vRT!|cQ)z9z6$bF{<3g=#@v0hHY=;E6I|>lw
zzF5JA2(d;|30Fg3R!Tn2Lj451qI{wHA!G1ArJ=da16o*u`km_j_`jadQK5Vx<5RpL
z{LWP|{y81)Lj42=f)EEfEkw(sAfZRZ1qma{;V6i}Dbww%1<^QxLdkevWKawDU#v_x
zv@y0hShj^M*6^k;NZ{PYc@7jp&_|xud&t@fw-q<HHz*QL4?Qt9b~M;2QfRc6HJ4ZP
z<csy2u8EK~<uE89dLCeiMj^dNU_?hp+|?Jij{{E8jKN7Q9~hK%u<EpjIqggcibf&6
zgY@T0DT_uO>x!Av*V<RrSehh4qcFl{qWl5XCv{g+vCeL?<`08gK$pSL0te?L8lgVW
zuxV1OvxTG56MY+Y9MUQs=?r6Kw8AKl5cs<~yVQxqyqTEoPbv%R57r!5Qmhd)$Rmh|
z>`0gWHivw?)uDixc-N0GJIFdYXeLL|76fnGkY+?KV_R1qZakR?<ZH&N!nU#$tepxv
z7<ri*qMeySR}@#jtBlGh3*pa6JgVw{*tkzsF{~UU=Wk^jy@AU95iBLH<V@zKFr9+)
zO(gURH_bqw2!{L_5hB=jKDb>#cO5{-DhHq$*Im$KTfJg8Weft1GZWENlDU@$j`c|a
z1jAIEVsFZ~u?Pp>?1K$!p5Yvg6$#Hs10AMY-qb?2A{&$;h1da|gqys`#xup-zi!0H
z0dE~J+9l=U%ZD=%hpOW|K9r#`y7yVFCOeG{LN}BbSUd;AnPo_1&<HXD>xZhO_+Yu&
zicKobaQRgo*_y|}Q6<c@ZdJzE<7TQgZ<AaaJHdjc2wPo}8BlRqPog^_&38%4xz$rx
zSfQ5+LpBwifk6REhJyb<E2yaJsuJ$Zl4S_{kRZsKO=%3w+XKO5p(6X}n9)?7Xw0>m
zvT@JPgFXf;PL+<8q4#}y3ByiToH>|&u~4{Wx$*9jV2h@*X`cAjJG@UpoLK0nF_vZY
z=$h>8W?B{=r9vU{EpD>1K?rC6#(@I}4wuU9sksZ>578UD$k>ziRKvDSx9d3EzyJ6R
zA<5G)HdY^`%9tjluOWTz%#4oI>k*dl7H<4PedSxcy{J8Ub>43LQhBX+{Qf)1<(^-Y
z#qpAwS9XAnt_cYo=}Sn!>?BNn8c;m=<*ws=M@>%y&Db}9N_Yg$(nEG08cUPWObm&w
zlUt2}8$=CQ3}w2p#&fXzY<URiM1La{VrCCr{`mLY(TOD$p)`b63BWksF*hSaP70l(
zI@IHdo1Pmt&34C4FmaT$OtDi1e&KPrBTAq5W8~aNm#j2`_rQ!KT@PwBl>L2wHPQh)
z^chu3^yd#e^g?KULza3qDhT>cTT+UDq`<;;)&-^Ob*3kS{s5|e;D*-mW)u|)-poC8
zza3VA<fS-hF7|C@<(3r!8&x0keOH|1>y_EGcL~SMeZuPxOO$am2P3x`23hnM+6_1L
zExjG;rbws*C&yin5BK4U@Q$;;NYisuK|IsfSZH+!>5gm2YXaX)V=r71-_KbObYz*B
zCa8=0>|~@4T%T+JY0>JLvxwn*$b^z_X?;mf)$Ex|3vizBotoZT!rMGuocI_zd7F6M
zbCIr*Pi=0tv8RQ%$xam<Rtu6!yBg-X$eI~*OWbQVPjgGsv}F84^2c0jzplGwB{|bO
zWnruv{!v@QmVTz;m1Guut!PU;<J=xCpg3<qWv{j1Qaeph6@Dd&L(&R-W|FA}e9<P|
zN_oV3QpMqR+n=-LD!s&JpTGwvp)3C+*-=zWiM6Nk)hHggv%ak;7`QRR$}5i{cT~rU
zJ`njg9BcBo&@kfd4w>lqr?*Ay?PHy-2^D+NPV0r*ewCuw4apts3NKBzVd5Kvasal5
zX|}0W4cHQeWD^B*4-dCV+YHb-{&Ml`v9Qp3d7j|UVQvqFKSAFKeZmO=qeY2#Z7xtb
zaa#9HOX224()U$On6r}FcL6TEdPyyZq~~y5G~2Q2MdEiAPb7MYdi|FRn;ybkf7y!z
zJtp(_Y)4VLE-8ipM|HYRH3W7oVaO^W7+MgINFWhRABg^<DB3;n20=rJ=z@etOC-i}
z!qBjtF_^|>F_hC4kR)n}Ck+;@Act{U`U3l>LCP87ojc7hcu&Esg&Isog(rH|lLXGH
za-0(gg@RL7F37zszo0{*o9Om@l8yPE!g+kliT7{^dQs&@;5<4wSE)2N`2EaX;S2V_
z7Y*VF>F@bKjf7%E#!|rYji7v((GCbs71t&+gKlFC1k3H`-?D<bM=F}7ohDu)LOqM3
z<l(>x=@W#1@ECS7lt)tTB}nQDB?Y>zg-Bb1f<HvQCE$*gvzXy(g8_E7(wo6*GBQKc
zb!x~r*M}Pf2g=PgEbF<&)NYB-Em{muZG#iJ*$+D$%wc#{Qz9`+lQWgMoEW2Ma-+2u
z0N{OK;nIGkk&)#|$cVM41%Mun8!^I8mUE~@3W<m^_RvVxX(sJsF)l`Fb9#0F42_CC
zWc;~_-Aw5LA(@a9D5wHSdTZS7X~wn~QW8y3KN=>P^s<%#;N}l3xpq*7<HT)!)xJGY
zHIiG2);77Ny>D%+{-(L`G{24VRTWmvGONHa4}Z?QEe^Ex9|JEQHq+K*9p~`S9gorr
z(+zx%>#Q=bAf2xr4X#~O7EN1Xhe##)&^4_2LYpbw5m!lLu%vy~FT{I)_@CRDwPyec
zBEK?1#s7nh@V|)q|CSMK<&mXPd`p7ewAK5cL8rTWe);fOg#D}Dg{n0r8V$;(5`)#0
zK&abv!{(J7wBNxG`ga}S{1Co_U()@QQr&!7ANiumjOPrG^NgpNS?NE&?<decm<vmt
zK7K4SWej1tL1NQ?%Xb><<XAaWnX7j)>j5F0rjb}D$v!ptMOOhKqNe&~CdVWx3ml=x
zBvg`BB=-q`FdqSzP`!J11PFk_4MW={#D79W@>R;0B4EVcd2byj_w6PtBzN7kIYSab
zXJJX)O#``g`x%<lsOXrBsGgPTJ6iHqU~7*m!P$C6oS&_H+u8KX6KZK!)OMC5FI_Y2
zjwUNbq?f2Fmjj&e)@x|-nTMFy!A$8qWT_aGT6F8Tws#PGv+X&Ao{w#vO8b4Z_kA5C
zT5J;-bzi<xhPnSV($b7;$8;lVRP2(yW~R7!tr!txKiih-*~MX1kK%TYlaij9`lftF
zj@6(-^qxXkcEfX3M64yRK&5lidD4A;tQL*<a&9`OiXbRNc}ckZsW-h%xT>*FjDrit
z9Env3C)`GQxZ5LRUYGd3X)y+EYNE}GxdXPAv$?Nv?o+O`(p%j{d2HEei@(Ko(oSBA
z7fk8cu<_O-aM2kswX!Ou)xlLy&V4Y^e&cS*=qdpk#J!<*_y)MM#XUq+{n&zS;mHL;
zrpk+t(v&1}*$P|Zb&Yh9p+YDfaorj+#YL-tagX&)LiTa2c*hF#d`gB<7ANFC^bcEG
z9JR0tF(hxi%dA=6oO0v~Hg+I4b6N+>{=(>{6@UuqAbQHvA^i11$gdeE#3TA+3qTH`
zkKc#2e-D^N#>4p6b$}i0j&dLo*dys~8qkJ7j!)MROE%(5oYCtxj`_7uh8T^=4ojFY
zM3xwl$P!B{EXlG+IEw+6cSv%P1J!7VMNBx04VHK)Jy!9663hM&B>GiSB^s+*`Cc_k
z9N5n&TBKTeU46(?II1-*c!;I``TL<wl=))2*`aiILmEbzY(t2dlhwx>-kcu?O-dv(
zLlMY1cS%04D_x@Y;U)n+vddeAMQ#e*V@<wxL#67;Jj>g(fj8?PV=wcZK}RlsNN>Tt
z{g>bh!7WiXix}$%I3{s^z5Ra*d-Eo;Pm;fXBlNEiDC)0*AS<dONGmBPMsG~ZsLw#_
z<U;3SV{)x!YmX(4@B`Cp6uC4f<)AKJk;E2M=BP6sudN;ObgbOu&fdr6-I}`13-Paq
zxpNc{%>bK@EjbGwj;3*TX6AEB_x5^KrGe6dSmmX}73piqC~lYvas5s9@{hy1&-2Bp
zeg`@2OUv$+&+E^F%iHZTX5$|k(Iu0si^I;yN9C1^ko~-|HGHC#iK*z|C6_f%G;qT=
z-?tne44ryH{6=U*%bL?G5)aG}bH5gZeAarlf2=U}Z%N=KV*wh)hDM1FV2ZCJM?VxB
z&*w*rlK_5}gyg=>v7g>({4SH&PxnCG4z|G(2xh?trt~_x1VGG+8*a=wLi|5Pw)8rh
zdArcGADM4mjA|kE3wvycsEXtRM+vjvFYtl;pu|XSyjQ{2{G3`0^=R#+ayXPbeTk{9
zBfQikvK!3DN+erUvJjQKo%Kf}Z>k@qPaJ!kvE&FI{^@-hIixz|{>h7bzzu#8=CJfX
z4-)%gWvpb>chuD-Kz{dIDcJD=(SJ9E4&jN5(>syz>;fKwv^A*3KPCxnJuB3~Tkng|
z>5h&erB2-RVq+zR%ZWrSA><&zWf7_iH*W8VlBYWBCumI2R2`O~SJm7k`V0?vJ=x3$
z!_}DaBn{jKXq6pxECxkJf>@&f;;9TL2puR-Q6c_JCkrANwn{*xwl!;s1P33l>v1X9
zsGA=8&fOIwU?u#7NdtG+ee?(!-K#_g(B~CsX;Qswa4(PBHinQ%Ar9<QISH_ymoXw(
z#%u^Ah<M~DVtQQzJRnFKW<8_{zgvy#WJWjDfu4guBTWv3opS|E2y#=8-laHwV<MqV
zXGWth^yJ7Acr&)tW*1lru0x)sGYC{}R{3SB3|q*DTU{1=@_n=<T-B|M3?YM=Ft1=b
zSe_XLDTSB~qIlAQN|kMl2N|lNJ4~We;qP5#D<OG=Wby*9V-QE8&D66TVW`GQYYiiR
z&GVg5a4Dx9E5g5$b_H(V$PB$?_oyIMcPJH_pK?AC`_V6f`)nQ=jP9RwwlOej{YwnR
zW)UmC&Y#&AVB-n{b;M^tfR1Z)1}SI5%}}lZECx_cRmF&nB03!qiCLkaUt+}Z>FRO#
zX_UbUN$x8NsE_c^dppD-JvBbdbB9I1_5p8H!j`SrCe(=$e*l4;RQ*@oEzU&MRJH4u
z!+XqN>EVh8NN<|Lo0K>xOOoT@qt?O^J2?Gf5JEbNx!c*JE7G{jJK?`?<F6#oV-3T2
zBeE5S0j#3Q{NCU{%J?>wqqLtDHV?s4pn?>WoP_WRn?@TQ>82uM&{S+&5(cC3I=_sF
za#Ar}NEGR#OL+Cg$5^FUf@-CS?qzXR7dXPp+;fRcIy=&D>Jqrx?tVd!8DT)vz=esl
z9_aa(#?uHcD)=j0Q$v#S_0*vDZ#$2JL4EMfAP#&@4Fdt}viaE5KH>P`(sEE%CqY2J
zfNXi0;~K6R!D*9>Zd#>FMGi3_rBa`4NeF>Mr-!Ep%w6)Tu<WevK^le^oYbt~`F&sl
z72NeJUF7ui&X3PV@EeTX#N#(M8VFz^rhMqW?$%PG9aPB3B=%{})l7#j8uv%2_(d@i
z#=Q`p;BZXBA?H`(jRk$LXnW5%5;}1=)<||LbX5kevw{fAnF_IajxX2cNrK%I=fHv1
zG>mqp#=@VT4SCjPI;N?nbeBOMy5ihgz{zHT%bE}yGsb|yAZyj&Ikyc9d%3R7?JOlv
zue?HiM6qe0Z(2zUmh-j3h=34kU#lrmF<ptx*`f`S(UyF`X}m?`kH;fAKk+@!tP+fP
zL|#6Y6a7>MR_#Hc6%XbygO<{PTyfRPKUX+-d>a;LjOHqxI0VCVr6DNJ*MD!^03@8b
z{lcITXof}1dB-0Rr{RgKmGG&n!=T5T$<Gz=7&(WGf~MDFUA-r}3l9HHX;MA5+2Vr1
zMMnXbaZ?Z#ID!JHb!#vwwf8k9Q+YfqW{=GYY{(^PO9dUqX2hnEyVo1G;|(IBoVAyn
z9-s*2WF#JXh<Q?{U+)*-H&=a{qQctwj%))DrPn21K=OPl{mr3=-m<;D!0FY;lV)`$
zx!;$#z`S6Fe+unIENFSvbYmMMiZqSi^2!C}XUCpg)u?dSs{^%2ba|05k^kx#7t+4*
zd!;(|`%mmyJU*EO1P1`1qX7W;Jy7`{*z>=EXOj)#C+iDprtbtUthl)E?~JQ*lO<Tu
zSPFsM>b0_<w0S12Xa&jf&_7@IA{uGS1GknF4DBz%dWr`^PkQ*<7`(2oagt2`dZ9}6
z?7_2AIN;<nm9p{3ne)4@*Q@o}-X}QjtK<2fy-xPiQFTAvEQV2XrKlIoPLJ1*tEV(q
zFGn64luua_vCVeZxOHH+iUf+7U7c=2`%v_&2>G>i3{1O|D+VvDQSx4QgnVXKy4%rv
zalXTNT9u?T8aZ7o{lT)=`4dAbtmpl^!9|E&7YEY(XNXaF9N+U~ZjJ$1m;*6rSHU!`
z*wVnZ9Rb`c73@`Ip1?vAgw>ogQ^TQo-CsZI>?mYg0|aICiwvktX+C)4UAWpA4Ub)m
zSKNLwv7;EYz0dstAAL1Dw9%!GtHm_TRH9=!Y@ss#SETW3-i_TwGo<@0a^<jqzcwbg
z>Xhu3M@KYXk<@%6k~K3w5D53^7(JR4`(B*vJi>GS|BzDP*xLc6jl7Su5DN$Vafh1W
zRNX=7&f@P}_CJ0+-_r)t&=+X29U6H;`I#{@hT3B1j=kfL%i??uO%6HdC;DX@<(ZC8
zikf!sjH;#~rHbgs$TDS#(;${@fRfp;=aL>Pj-~v7Ozj1K-EZm|>fzMcXaT$PK6W<q
zc7y_|_`&DvH%0}hU`V79x855PQbAW|qi6ct-W!G;nE_k>)L24@vlUCjHovYaD-`>p
zZRnqM8m{NReo{hB6=(|00zJFM6{KsAK4IAES*cpPlaOw;F%<uX=|Mb8RxO@FcMis5
zwm4;sF|i-V+>`ik)ffK;ks0X7`m3hQKtZzzXpo^?kUk=CFv=bGnFs;eDUd8Ov}DXN
zfj0F~LJVH%aQZd^1hWuHvb4+u1TO2A?>qFDI!YJMf<ElirNbS7$_Bv|Ti3YQ@exW*
zurMb2pQSm(ImAO(-UHefEqcygs&Sg+L<(+MKxX%BLHP2JN%>cDLM@$H^CcjF)Fu`&
zkjRl`nSz9ME0yp9r8?>P=h?A@>$jDe<k6pCsUYdk;1)3-me67U8|XU)n&#!ja<+`O
ztUT317e_;cahb1NQK>0ptW4e9#>%jgg~+TN18%M=BwWZNSyd>9Xdo|zloE0mjfT8*
z9g}(`GpZ0X52lvTE-My6Q=7_=5FzN_hSM0CCU*&$S8C*!c+K+I4-NOeX_kk@>K@jC
zhF<b&9k@kj#e=q<z%+@w_uSV)y4y*A1M!vK?KMzDVceJl6!s>BWTP~P?G)qg+HJ_D
z)MCC;oursOqHSNRNLK0Z3+(K~u(t>(J*;kf6Xa;Xm?O(3UrPuZPK&9sYNLJ7fpXb~
z`nxYELFN|OKwWWi)x3h#rezeQx*r}DMf1gI@D~Rl^=8(R$L?EbV7y{<zp2{n>l9C@
zeq@k)>}4ibwXzNp>3)zqB({~^6%O91G>`*f7YNJ<(8(!+U^%bZ^9RY{li|@3?vS{0
zJR3u)3o!g7O8lU6lKGZuQemXw_oPS-hFEZ}{Ir|k6q!Q+9*c;A3k*y`m!;qa5YWjD
zl4m%^)Y{{s#?jZn<>w4%(><nEg80lCd_^h5tFtaa%k5_mM$POETWPHp&{P;sJFiK^
zDCst)4HYs$8M85zfY4-2L=>~wu^c0|pFoP#NM@9j#ITR&l_u>Y4UjS=WZlT5|Gkz^
zhoGbqEEYOB=uWWhy>)I)&of1V*EB!08#Sb^wOuep`NL}3trR5L&RwX2#nydf1GBCf
zGBl?1V7D<R`3q6XE0bBG&yre|_n9xYr_vlH#N!IMg{D6GgpaM9$seU?tnA5D`)+-6
zU(CDXWpe8#DVFAb3<<kIL>16F-^8P*&nl8KWH@XhFfC8nlsbvc=X(YnW)uVZ%zCrx
z%Fu7h>FkO<SSUhqAr+%7iEwr_YZPM2uEJ!OP71K6t+#jendo{)mi2XVK6Q@WWCMD@
zLfWl%A<2r^S63v*#UEj!LWd$Ewu4agCSj~2WnqL>iTk4wx_x^B=r{%FWq5ccM9o2S
zpve>hng^Rkp#M3e!*?q0@^US_V8l)NRJA16kYRNI(dpd3$L=HU*zQMmMBYOrXvc2B
zRP=3p?TiMY2w9S_9a0zWtgVid#3-u&G}iWWyoJV?y`nBH(ta#N*diJNapD7_?=Njp
z@Aj{UJgZtSG6Ixr;bpLgJVo87O#8I5<1*I(Jg1uhVdQSwRiBdEAg_J4p>^9SH}R&^
zEHp6+mqlAOo&C!h-Jw>SrR(h|AG*QGWZ8;Zf+rL5mbd%Dt373vZFcv+#Fu)&(68MC
z94Th@r?gjy`IqF+2^P(=-{hNWYWFWaSpA(Q_14EUN*Bpi>nxwmPAL7d@qe$qE#KJx
z37D)lXufa1o3f$&0040R0hs>{mfDK;zhLRx;tPss;0n#*wAc+(ooRTfMIhRNCfjjs
zn@74~MjeSIxqjcfyB%L(x>}#KCfVf%x<Q8IdF1nT<KbQe#;-5S%!a%nk=)C}6`qU7
z7*9@>{Qh=4UpmP?%8y&0D_>|~@XnDa3^wij_+VjVd*8MDZ_1p9%@mK^Y9mzrduxuF
zFop=suk87enpimY{SV%(UsN*QYc8*k*TTQc?RQZoL}gzZXJgMC72fDSc4x!wQf<ZS
ztZ)-p+E1rO9$)Jya@f<)2e;;axkKt?u7hACIm6`QrB4t)m_-95T4)^6i>>IXzug|6
zVfaFTCuN{-H>7KP$=KTg$EouEhk>_+x?c<|Z5YSPVNSr7px-eh8zXXY^<_NFNAvET
zY5DOvS+}6{n{{IkHhQM$n(qj6x>IG7vV9$!<Lhal8Z)GQRzeSSlL2wRZTbGNgr%4j
zU=o>I!HQs6tXr1JR@(9JCzFPblfvN^X=tSLFX@t{Wu3+sTG<aYP(SD2ey}})s`ptE
zu;S*D*Dx)N1;#A;l~ciT7CdwRRgiW`LeWylc$TE~nnE$OMKY5pl1B<{0D_|`1+Y+2
zx1MdQ8plSSesxl2PVSf5^E-yRLxlrjbC~5y>K~XXi0^EktP{rqCu%2Xl23-SS{}#f
z-yRK4nmUD}s^F1ZCaxTDk3fRcR&+w90P4+tq?shnp*vrYqy|awdygFe0V97o$uR{w
zaN8r`)<^)|K^G-?%R)Dcg+-?tQacrgzVwrIKsrg#1lQOrf0(~`iHH~XehT1y@V1!@
zO=VdiS1CxXS=`rDy^i>+^`Xj{uoTn+96C-)9H$9>lmP%jB{c+M%p$sm<^apJq?k6|
zI80Cti&GmFaL$s6f6-XErWYV?P;|*NX&wDBd<;MO8k&fjPXVAfN1FJ~5}2P{Du1UF
zISFJtA-`3udGrK1T_&v$wb3MQ$D#O8XEaGPUQ&SiiDc(oscPM=&T__A_1CQ{bjA+o
z-9u7~7Rteg!Tyg_(r|vZF$t1%BaRjKi<67=R<mnbZuHF@aojVIzI7jBu(Dxrj#Qm%
zpB}+tU#xh0LlBtZt+-L0bTa0hN}W)p2nO*&3RpC-zWscgS2Wl)_VRT*vw*%cm&+t{
z-@bij)t_5DWC~@o90`Wxie0K6=~&G7S8Se=Q!^dei#Z$<>@zwA+5xbW<pe~K;eL*H
zsSk0$?V+dv$dOR7d~_gh0QPu)c>w&M^FvO~4AUV4s!s;NC{-B=CQ_Z}fLKxZtvS#!
zun_@{1<<Sx-lR!Gi5wx}e@ovhwqZhj?m+zR&uk<ng`@RCEr?_$q({$~5Rlm~*DVOn
z_JRf;6-(g)VYpDV?`jt||KQG2UYwNGg|Xa$XL}-s{_K|BsN<}|(d~SoZH?#C)IXwL
zr>-^gE5uc-VFv1taWHfUn2!gZM$bXhOydiu=8viHv7JG41W+Dv#CGMS)V-~A1~l;R
z-dPQ>lIYYCtFUIG1`$9V(lI4^DsBj5w_F4~t?J!;pKTGL3RJ+i$3xnb@KHLo11$6f
zUn)=CD05;#!XgB{lTb~H9B}=u#@I+_6bA4fv@5~EGCUWTf^(3D%N94yX)_Vr7=HOi
zYkSVv<+`n9+hUiSh~c&)J-%t#QkPco_o^dPW@2pRFsN&!l`B02M!8byUtS-mlAFZH
zoiM-*#l8N%W0tAGyYhzpi%sy*c5!N8yWHBl^PbY;t(I>J6+eb(Qa)SQC~%&SF}Vfu
z7#u<~$VH*1QAJ&*vfbCF?1<XPt|TlZC>w|jVa>cxR^WDJ*@c6J+-f^GOGxK>fSD%7
zioM{?>AU!lP~}5cJ9Qm%zUg))nzIAq`J!>sWARu7+d`7#Mz^X9Eyp^pEdX5r2eX!U
ztYe0$?AcPb;0KnTpvPb=x{s(-XpvmZ>oJ+lOm?!riCC|7ylSt72aWPa!(fY|N?Izq
zb2;KW1Q(8&Cv1OZkc;7>;)*L#435-Jj*&Z%Cb6Jj1x2DItb&~Z)yX3H4r#2k5j3D%
z$Db_Dy57$_3ZF^|jA?zr24K<ir5NBG%kUa>`=6>!P>$)qNUkj6A!5X4!fY~?0e=rc
zJ+<@z8;zujc7mBo_8j+Mi>Se|4Eh(sZx&y$AEJgWTftsN)~>_8Qe;I@Mud!9J&py|
zV7@d`i?_hh(U#%*BD!uI49ijvQTlU2|1>Zrd*dc3)9TZ<Izb>Jrx^HOEJq+f<}1eb
z7b<?nq(D*BOr7sVL7Hr5CYEt>S%^i5SI~Po>^&<G@rf3geI4y55<;U*xCufr4eY{l
zHj1hc<xSLowIlp7ANh0gL!bO_>*9Bh-y`&jn{T8aY`|$&A*T<Kd4YHMdJP;gn0SG&
z7-NJwjwn@V6@L!1QPrSzRN61|$3LAO!^eFCl2-*$VU$Dm89JUhsq=jpPH}p}5$TyP
zXC+KI`ZYPZKnG4tQ<_y6T#4XI^*%ROM^Bp(ASE}6JNOP34@7G>xgX{guOZfL(V7=s
z4Pb3(&cObH&Z%8MjDh1q@o0@))u@rQ7);Fplc6@U_Q?i$wTPhY+zEZLZac}ip}X#*
zo%kuj-4DQW$ObKLJLG>dx<D`l$f!@_F72Pd=ovtN*FRNCLu^^xf?+vrjpAZM)Ak1k
z5qmc_arE&?oF$xWUu!D16*q=%vfol`y1N0EDqW|d7;}aQ@)Y~tFo23WrW3Dr+@v)}
zrn$l9471_LC6?iCUx6n%%C8>&Q0gLxi(xoeShBv&_P=fNU$`sURY(r5IQE(gCEvvo
z1<xa0&b~P@+6xL?b6=13TU~MYB)U!?he$!bdE&F<+<0quy;!s^MAmGUZ@kk1A+qM)
zHURVOc0<;dM%ZEcpjPp}xZ6X^;3P5~Zm^#3kDxwWkVljKeR!=yY!7G4{QJAqQQt|g
zCq5|JFPHhkc$dNrSIzU_?vhHX(836Tys~uQuEUVC>QwvDtr_OPd6|F(%b1AR>1CO=
zDy&}!o*;)Ja)T}RS)p{ss(!|<0}*|)_YSgrS+5({4rs+=VAIKo^E*Z9oN;z{y729Q
z_sib<b!JD~*R{0Z^KSyDjs-0WfmV;gQA+1CyOlBq4oPcsctJCJuiQ&}e*4kzAKGLP
zs3s`>@V_ZIV3S@hX=`GN+`S)owe=p)Jn>Frl$cw)hlOYFvfSXBpk=Kt!i}l<m+n*Y
z?oCHK*6bJ&72dooj?1SCoj#pnzr-dw)Vik2cYc-co?798!`E(*r&gJL^pCm^z5;k*
z)iX2Gm)1G9{7tSs3)&g2^3|m`lBcGzn@n;v`+Vcn`p$Vt)AtW5pChnJ2S;s)0w&__
zeC9VK5!^8}^GPp5WKT5x6xGDszdE4O`QHEJh<}gXB&UBZl;VFymEU!^|6f!wvvv6o
zNq_gh$>OYj|9ifCJqtKSTy+if5qeyoWz+_4T{lRQOG>(Ak(g4>a<8wrQp@qm<D67u
z(6Dc~EH1xq7q{<`B4&?%F{EaIip-sRxBshgEC9UdkjGbzJHO9`zTVH1v)>%?t+@Fh
zzFkg@d9SQpc!}dc0J9KTZq3N+YSHTJx8=+@F?6v)@IqXLv(v2b?5n*Q`;j3RAv0DY
zBQ!}eD5eK`kKbp0C`5Pg$~t||KcUnmWzJWj_>cIQuU>+)-m)oJQ!ifl9D1HV3&Ou^
zVL{)aSiMh^m{ATu!hWU0X#_IE2S#V=*irsk5apj)B@7v*ADS2W`j$*+?IwjjGWtn!
zU#|GZCQ-yC4MAu%uY)dZWEO&aGa)}S$ktF)Ni>Tg;mt#s2yAUf-*ILv5`U+HWy)7D
z5R|xp45_+jV5SntXbQ9>fVIB2;gKtntXc61jp6+VK|N+dCzLZD!Y0NR#}~Z&-nWXq
z*nXA)-@W7AEbQyZm1r>e2=n6vCSoiEPXt`)?g3|l*EA2-CaA^VfGU}aGO;&O3bkq_
z-<ZLR?I&q)Kdkk+786eTJr~vzHwM!@@ZI|v#2J0q2;f){6zAbVSNonJ7G#V8+&19a
zOrW$7y8)CM$o2!Iu&m-TO<Q)M*MbC7X~tM>_Orm}_&HThZSm6)(}FBmO2Y?6Gj~yu
zVJl@eZis1N#hQyr8knn|M|Kz}=8O>+KrTQHIzlXWp3?;OvhW*89TL_YAr4!rzk&sv
z(M}ggFA}88&~y(ODZ95tB;Xnaesu83+2Ifs^T(`8&o(YPomCo9e9^niB4(tL{ALxl
zPI?IWnIYD*k}0jq5@tCfmL(>jSCtU`Y-T9zG~ZA`LGqWtA_^M>OqeqBw=jTo<@N$I
zn5;=melsWhYN<Epk{23m-*(F<<5OH-i%G{kRorho8!%ueCp6|H5F^0hNS!c&9A(1M
zNB|P3m%{VvxcrTMOVvPB{NES6#LSRRY?l2C=Tw2u8FU9(=rsQ&A&>b}kekcYE>Fq;
zW=>N@vLys}&Vo&2Bm>BvYnvlokT`0iQBsH=W=MXY31FeMi)T<ifTM^lUkT>;jF`|u
zZZ^#bWHcr+nUfX8BEvC$*T29Kir(4FE8<jt8$Yjh%5n3^O`1#&kZE*_GBF~^rlNbM
zkd}1hWhr2ul3m)`*82&jC5uGoSWmots15wtA^EUvuiF{=sODs4@%81MVY{{}hxf$#
zTZLZR38ge>=saiEc!I%%Ov0@yG)abYpB2=e)Hisrg%<pmn=6FYuBV10CF`u<hs$n{
zAzWVI;U&Ck(3`dZuFZ7XOsmLWV&fE9I^MiYA-68cGFMhg{k5&kIF6lWq@n^i3gZ@w
zxT7QSW~PEU>G!#KG2Lo%K*vQ0nfuuUdg)HgHh!BmZ-DcDEvuw1fla%<I%N2($+$NK
zck|?OwRUiWa4_qG|Go$q^-^-Vg+>R^N!WFoJGm29?vOor^MP2%!#VMw&|n=MtKH|>
z<as7J<>aPL!X_9q-ieZp&O*H7^)e&}Ggm%ZezVj_Xa|uhTk+keHgVI?Nom>2Yi~ze
zUxnN{O>HJzzvBAbzyoO^F|MZ}@bgmD^>g({_;&X{E1=Jcj@9XJt~1H6gB;5Lr2_t+
zy|SDy=xHeL@`93qKxzlwN(rb^ku5_fc1vnN$_$fs_<{sg^v9*UxD=Zyw;fkyc*_QT
zz1--b_|APN@p)8^o;hVFP_ZaoE{t42E*OkS(x?!bJlJVs>!5h7?~kbmlY#u`Xd(X0
z4qxuCa2kM_Q)J{ewRYTTj($43Zh#SzsMN4Zq|{#1<S)Z-aLNQVaA)H+q9;qYo<x2n
zH1%t^#0`lTvLDF~+{B=Pp_~=65AHh*tUEz4(a6B&_y%b<2><J8u2}g>ev1$GX7*Pi
z%O&bs9IO}S5;4jVps<dV5S8W7k_RWa=P$|=k-8a$C)lB<nOOd-OszEO$fkks92u-F
z@B+cK#u?FZvh{}*Q@6p3tF+CtfVdP&2!IAF$js0<F=v!Vzd2={XAP4b%!mK-p*XW%
zr7@H9uri`^A~n+mKYU@5H7_6Egep?rumzxhCNr+Zpy`w<PTCWdN3gI*diweB?Tk>H
z;Xp(%ikXJPFmn@UgZ`GmUWY=SC6OPiSh%L8K&+6wVR=l5w8Ke8Y(TH{+=(czL#bLY
zF8(|>><Lk<2b5d~rAmPG;gFcgojTpBYN_^6qteLQpAlAst`r1uCiGR>AdBPm7BtM5
zbaICe#EO=_bSEZmyI$whMRrp*VAsMff!e?XS`6CYG8L#*i)WtL{YkAvs?6i_X|M2!
zNg(on*&%Oc)lvGn(!h{q%<&L~?iNs<+OodiO7~#}?`UGHDw&Wgb)4BfZRyjr^mm=m
zC2GArF%H0<)Qc1DOPK6+=X}(*uBYRf5YG-(+M1B;jJHkuu}5W^-p^LtR*ccs@1sI{
zM51zk^T8I_5Qs-D1|K*hA6QazwvO-xjm(9Xoo}wD!&2iE<UAWM>P<tG<Zvy`(6$)x
zM1So@3m|Yguopq=NN4MmfLReTAkRx+RO^keph^LC;jb2jM4(sQ*7MDfAohTQj5-oR
z^x4G-;Vj6sgj;8DgZbi{&t?#*;L6Q-r1h*pSfQ|i+$&f`Z;mu_K;ppCKm&F+Mi}so
zDzva1#mqf*U<+{$<uVvef(2LX$Fnw0#_pH_g&!ecs~ar(E$9Dgl{{q}vS-AmG<GnZ
zn)Qvu^V@w!cp*R?+-H?y>C@-(q6+)E8?IS+7GOzM>T~02f7cy-fAcU{PPy>EVhHY;
z@gu6Y87XbTi!~)L%Uf8`B`CE+v{KrrEy}0LF;-knk#`!d;rtPwuZIqgc{unfY$81S
z4rnUZ>cJ`0Q1ufHLPH2|FAGe{YnWYwCZ!xPJtonc4>yvcd0HmjQT0lZpd0JL*h~w@
z1Uz$vxGhSyB<IVlg7NXT(tNKmOHJPUC(Z!wRIb<-J?v|E(ZYm_JSjS3Jk6no%SEpW
z@@y9Y)rP6yh~B7anhx~&m1;9@({sa5vW<7YQ)t*uzn$4?hmEX1uEj12YGkm%n85(+
zKaZdwb4jDufM%9g%&JrY>mus-4OtF6S*@@%O7SWBY;9g-oZ~$WJ<TU1I%Ia~d5>Ax
z3}$oK0U!#R<Oa_F7dVFDClbYd0~71t2gdM@7XoHx`f1Kz9JC3jVA%TalyTDZGp|%d
zG*PKc7&=UKNl8chR*cP5kZMx7B)hh_>30wxUzzDcFU#+=v{4l<7ro(~_|mVysc)Q@
zg~p}&-7HI~H6$M~Jty<~E;Pefcn#;GuRc3Cz(%eQ+H+rTM|0_Q75A0|_m!lZu2yh~
zugYM&en)o<UVtP0lqZ0hk7^lwf@<A=Pk;*_yvq0t)%q6C0E_uuTKRW&fUk57Si-oa
zHrDIe&{jB!GG%oGKCGmso$NEGp<Ca$$9A_^ZQvGNm5+FNoC=#z!x!q1x>sUja;Kr8
zmD>=yCyVP+VO6HJoKoJzrjoO^tmho{Qr9ueW<U1kKauEoyo9V7&ydqr@O5#kp8>`E
zCcW1c?>TumZOia+AL5$0DABFPEA|RZHO@ErVmx!_?EOx8i#w_JyY%gwy}xIvKY;%U
z3>e~f+I3I>0Fg2P00{pB82%d+bZqUh*^z$!e4z&MJ=yeW4bKp+O5>p0{o&)NLoQT`
z9Q1)K)0HY{v?py(Sl0JrCV3TIkkZrsWpr$FD?6m2ljdf4d|AgYPpO|2MaFc=5(lx>
z#<#MO4{P#3i17R^zPGw9es=TvGZ381HW(3n!6)?}Ygm@qJ-045YiXWTk-YrjTn?4U
zl{4Frr?f)*qfI`3wIcJrOz9qpt$IYE*@^7-G2H*U+iyOI@#<T`lFjOKUsVpenb>QP
zb1ffj;9(^3+ji6Md_U!i-S85|&s!7i?Yq2D*9f6u<NyMhogsf*u^f)2;}3|ld~RN9
z&g<P}hVN$`H_a(8L$lzJFd3@>87^RQ-731HQ1ch!WH%Wj+gO>ySXe6cM%=Jynzj?O
z`Xx%U)2Y`)qLIpN;f)I)*mq`%I4XsK%;5f=)fsacQU^?r(x3n?hBq<uWqUh(I#Vas
z|K(niCn>FgZps6maUt6WGZ2_=0?<9yRDL8-5x4#%RIb1Q1R4P5=s(PPj(uRj0U`sI
z4>i7J=6N?Q@?Q1h*knziLciYXTd2@<ZC6u?<w*XTjiQ$QMogSq)j`9ob0Gq=TfN<_
zxwj;D55V2zU7skg&nIsNr@QyfWL+^fsAVyVen~XgcuCZF)X2T3SVpj9UbSI{5TpD^
zKRMPhM|=aCl}r?z4l0+k$W=}$$=?Iaj`ENJy16;#D4wG}n49+Wf|MXt*h`I4-)C%{
z%ZlUSz^+s1zdpE?LY}@=w(Q8Y3}>rQ&vG{_u@<mC@eM<^12&)-;VB_xfGuhan`V7Q
zC*VdHl-cmWXQpI0RUZvL_}F;TqbKTUPp=*s-~=F??*vn(`eiFMvZNdwc~bx)N*4LB
z>ymKpC~K{M1rQj)mk~uG@5D(a7?Sr0F$l)Xa!9V@tYI1g8PXjjG)mqGAvJlX)({Zk
zIC%g11Mwj+My=;ARNkz<bhiHE;voWnj$U&K@28Q44)jeJ){;xz@b><?+0GZQd32n2
zYK|>98UM_ph(WBeU7cqMCdmW87ABy~7zPaDT_E6mb2~eZOX#ge{zuoqj`$<X^8+3W
zyeFF_r%#3q3Q>{tX+-b`d$0aQ0v%072DmZAL@OvKTGW|P;*an<$-uL~kQ*q=J;Etj
zhI63hkMUYQB#$n?BrG@I7!a&^+1y^o<D|B2%um%MF0d6K^?<&l%@Rz}$dX>U1a=#Y
zX8xVJ22)=WmCSG*g+POV8<d7(e305BamEjRR5Kp$OIC8|`n~h(i{;i@CDGx0XjwuX
zRE#=0-gR^yYy&z?xyLl9>U@}vE=9%PA%T9)mj2CL!a<5Lq3E+k;N*8=mL0CxHWa=~
z9rBA!Po5(}by{JmsE<A!NfzU_GYRc~?dSdx;4J|~WTwA1WLT-ICQOvMHe@_`{UK;S
zut>XDm%f~wtxu`wIc*=WY)E_C3v+6yeb7-(TKLD!m#VT!iMr7bqha14m{sfL>8unK
zL~D|)swG0_N>^O6m%q#+;wMn8Q=InnP6I=X8Y!zQEclzt&_BQiaF#6niSs(p0yK3q
zTerjp>OcxM1gmPL<<m>$rLw+$IQgTsef-5xTHrn$mlqQI_~m9771P9!!}ec#Jp!wO
zLO`(3mRv~8)lDc>n;8Y5XUP0}j~QD{As!=aATD4J1nXV;s#7LKocxb_=YF_SSht39
z>pVjQb)FzlI|g}1)LI%gEE~cZyTl08w5M4cT8Pu6G^t455)da+%4NU67JHN~2!!7{
z=0-<yoo=VQB2=U-R42;O(U5`pD$%GFqB_)HlHK<u8v#H{azQ_+XYjDr*P3B@;qU(P
z<&e6f6H2#gm3o?DMk}09;V#Z!@w-Rjt?uo3WkSTGqUYTeIB9Nr+D3J=>tUehQOKF|
zP|4pwnr3cuy7O%ktQ9iLo0r)BhIjaw<7lH(xjb~)5jkTu**7=r`qijO9+%<>bcNkc
zqk^Iap)R0}Q+TK?xc>;%1cIz~;&Q$2y6?ek><^wGT8){Yxdks=SG`zES>zT3CxXwD
z-vjR7v4xPG;G9n7%+8ug3yoK@LXrD`D#;oT>1qQ2fCj&-EA-*pN1(YNSjlAAN>2Te
ze>;uqddkY|%(bfm%tJ}zh9Ne_5f0BHLE)1R=mhW5l3#+&+NvE4S5^y5FRO)B+AQ^=
z16;HBzpg3Ac~_5_qte>CK&2z;<!<fQu+FI;I(Ulwi3y`WPh%=OoO4)jes6!-T3svY
zM~1w7d#W@x3OakI01VVAUKjkqJ5LYASX8?-(xW))YO8Dv96SA;NrrLe&t2)rizl%M
z{#LlTE4-OlHz%V@P|m2c?SyTvbTa2x-l%`XCLa2s=`qnq^LpLHNRc>lkb3A9aG9^7
z1?~%Y%xSG{gM$F=w<!-fSRA8ihvJuEjMUi#az<r^E68@|ZoYxQH*@FtOw=namgNRD
zTC6XUPR|v9(Kc8%b)3|@f!BK7P>d6eyJT20AsTArgoTy5P$bfbLPSmoF1n+8&h8qv
zZ{y<Ft#yYrj4={h^$5V!n_OGzyop(j`I86&bQ)8*3a}0l7`>{m>;+?*hB^TBzXCfV
z+}9k`ap8>#Y*5i7T#N`EEUa&F(x{CNq1FAqGP-ZNb_fU785gn*Vz0OF)^{J7ZD$VI
zE_RYrdO;A{_8e?(k?;r$w>JuP(Z<?102|L9cBmb87(;KSb<%U2Ovm&`DJjDu)x=0*
z&Rr)=B)##|+$8-xq3By&=^NCES7g!*!J&<(X3L0$O3&VOX=g5N>B7DP6mF>jJO_Y(
zU29ViPxcwou_z-3G6C{08%_&d90VfMwuNHKv?fNk2hlIU++lRfE7p~=0p@Pt=9~m(
zLbExMJC6ch8|6S7Bn;=)-Cd)+qli2mcc;y~y}NS}O;j5Kr<~nb=g6MD43XfN)Hl3s
z<CfsLZc9F7F6D<ao6*@H_n4)l39WTH;yjknEQ3vBqle`l1NQKuQRY-Fn_6Z`$_Xhc
z!#~2Q(+bzX>jaq0q*yM<uEr~FOA9riUf#g}(~+l_y!R9{Wq;-_{PQgmE8*xihchX_
z6Tys4bqX-(JTwxi0}_5y$kiS!xHZa>JiI#8=_wl6sESu4jX{R&4Iq3UHmvn_Y|fFV
zBBP;|z-&&%P-OGOry%YMdG@6+E^f3{uRt3Wq;yjl+~o$5LqL0F7CV-g?MfA9Q633!
z6`P7sLF+y4QCOck0mZSCdk^hdp+C0}^KPoRIcpk|k9?WUyL{e#L5?CvLVmpC({f={
zu#b3?^)KPTv-E?dTV30!pq8}sbk$>8O78KaRxsMq$Iv}9bKS^iyo~F)AyP)rG^R#E
zPnn)^7m(8XsLP{OtO~`XQOJQ_S_VF{t=y^kp<zqp(Fu7bH;Ft67jTAvTir?P&nkBz
z>KKx!IC?XXX2scAL4kLJ(;B^Ksgz{vmSsq}RB5}`K9`&}(On9MZE)XYFuP|w5PdD6
z7H%C$cFOynsAb>5=KMjSlhXH(6C=s18ph00#Ug6Dv{jH_v6=#<XkvkiL~3fmxDaK=
zOmYFWy~>Hy{1a$W0XC!)Vxrac&W|6ARb}l-q`HbI7(VfSW@Ns4@Q+2X-48U<Thtf+
zf3n-1BS)FlU*R_Z2LJ&6KiI9^f05hibld+DeE;^Is^c`}Tm02%Xf#~Y86DQD>WiqN
z%s{zRLjje|wJ}4Yj8nO?8S~qXPcoU7G&ff?0}tDe8};5F<jzT&e>BbMN3|kO;t2<H
z<OfR9kqyqu7P+O@d+v$ddw<(AFj=QTMka8ylq+a&9%hiFTStwQr8KU22r5CcOqett
zIs*tea<CL3?$)3=7-p|uXgq4$#V5h{<>Wnep3;<;Fit-*%tjPG43$SUU-@kA$FWJ1
zN8>ox%^(`eOYiw*=I!|O(@U5(1^gvvqbvXd_=S{MHKO}C7`=SG9KnJ-f18rFqA|))
zq7z!O^vPx7>o0RmI75P`iID8%xh$o<ypq9<8yKX17!O3IbS$yeiky;~eq0)h(GEKY
zN*&Hu%_Ju~5_ugWFX|DlEoebro&86!5GWZSh0uyYjahM__N27Ly831iW&CxDfJzM}
zBoV>_C!THd32&Xc|0FFTHf^2XM`1FT03$U9%wvWDGa`2$GMai}vCj|HsyS9y>nmFg
z$uMbK;m9XV!~s=gdtA8F7#}^iyZ=C}h{I`bs7C~V>NIqX)$KHpr~8bAHkqcp+>m^H
z)T+Q?OVe!-GmNq1s%O|&46;dSMW~(NWur&}1JA%Lum>(cP}d-!U3p1|@Xr=4yd|Jq
zfleoL|HEHRnZ`vB<7BNvaPx(B%!oJ!i?F+|ZE`EUvLeUJ)i9<+#ROARv`J;Vh**#h
zX#|43<NQ4;qS_M)*5t}DWeX0MX2POj(IOgxnY#w(T=YvCCR5P659Qf}EO&*OYjciV
z=Y;?zi7p9fp}~hruNcgv)94ar(pBXnENy$zJm@lay(wFoEfK<oj(AkEw)!&{-T2R;
z)|1-&Tn=HrKVZVQ)$@pQIioV`Ty&ejt9omBr~!sy5QkKi<Cq#}F+;c0L=m<M*4t0A
z;)R$!i@X)#&)1U!gkJqFrqEp#F~~JdyeXgHH3CFrd$|{Ivguhej{kzSQ#IFVaI27L
zv3pA)^{A;N!!D5vTYC|}t>7WM>Ohua=25-MM;R$S6x0vtA{$*(M#@&kAa*PLYQ>Vm
zta76$kZytXM7o%=*@};J^TfHl*VLYCV(SW9ThVVwmvZ@2FnxxB6s#<WY~<O3g3yo>
z5w5K+T;TWiQ*diTgOge0#@n4pwXLR(mOkzI;kbIBz26y?<!q$P8roZi0!1cBy`Tvj
z1C!jM9>T{PWEXR+gEwe*7mM0)*{(uW$sp9n@J!Z=<R-VbvlRgQ>xtp}Oy^@VcI<9$
ztBoou3!1VJ>)ES!_VZbFgQR9a%f(AexrMCOwdhDy!xtQr3ewjoZ&+9KtdU24${>|B
z*0o>60YndXz)s#~&LJI8oKkN-nrbE<Q;5CKF^dy_N2S#)g=cPuYymwXbO}%EOvbZc
zF`8BgIHC8x>J?_=o=WSSFFGiXYimG3X91Z<TTETU7VTiFlwN*k(w|TC9A9nTKbaJ+
zC`qA9C!MK**ce)_7b5O2Xm@D6DZ=oc!uM=CLVH3`e-2tsK4P2}JNJ~)hFkvZaL@Z3
zEOIO{<|gmloOccC=n}fRID7GxNQv|IK*nkzi}L39A$R&P3o^au%n``r1?<aG^JZ0W
zyYqYrS9hNlk_@r(z5R~`DTmDD@OQx9;n!~+#Qi^Opo6KCt)+{Lsfo(}GX4LriWsac
z8@s`Pz?-PgIAJPZ@2^J%vM#M!j+(3{-EwVfn&6+t<#xdc^5b*OA#KPXRE)!Pdptem
zJ@fUmM!}IsYWe@Qb|&Cdb=?EMnTn(cl}ac{B2h>s^Gv2DQ!cJ~o+(Nh8jv|cB12L_
zGL(?9sA!N#GGr)<B2$L{It|_q*L82-|2~iJec$K#&ib9T_S$Q&z4ma1IN~zxX|5}2
zDm>6jI#AKj=SVZ+9{MEi&DH{{0}VOymfcNjy7$<x2pGN`k<!N6etFd9eAMRF1GRDM
z6|RiwHDrBRDd<v@+VRzAdMZmdVwVs{*yY%|&YDY`Oka^JY0@;*x?JOIE^+towUV=L
zE~7c_aYgK6W5|s+-})ZDIv)JvMWN)@TUJsdg{gZvcJnC74S0UX+<L>|E!b)?<ZDQ+
z&ytucO+z!G!Lem1J5-xfHJW)@7jKiSsQ<y|7iFfxltc#NZkv`ljrpi_P26DEqP4bH
zjG+)i?rMwk%KdaPQ<eWYO}}%zqLaVdl4}gP?Y7@fi!+4NNj_E-F}k*A`u!aZ>cqWk
ze76M!)Uh&(c0C=rsQDy~{J2}P&bE`XOjFuaek-wQ$u-(onU(j8E@_GsTYL<jFpQ$7
zDzfb?V_$4SUZ&^eG4XowYFA^73@`P-mdl5*0$U@G85mi`_gf5*x978k3#|8k{)zEU
zv6QoL&+ui-?QAixbuKa;j~;sJDbnBh&@1htWFhAESj(*kw*y=5Pqx^x(sn0jxt+;2
zZ(c?<c~E%ul<gi{k6n7(^yFOWovu9bzi^3bde-G3m35d?OUW>pdvFR0wP5OK<X~>+
zWa5Cs{Tx5TRczn#)B5#~F-d=k4DAzO3_AYiby?k_vQVb`OaV_TKN&w>`B7wYB<%Ah
z$G5cmZjxJwpDMX{>4f}|kDW!?nb%4x?{_+7m}s(H`cazy*<sw%GomoQ6ekp&bXvz!
zXhqrj?WxJ~o(bRgeNnUT(E7r&Uau*u=-3Jst`)^%!-ln8jPG-AS-j`okn6D{=IQr~
z+Z)mglW10U9I5N9QWjd(yeGpm=*7seq=MVS+d55~Ms%02TU1u|x!omYSeKUbfZ&nx
zHO9}wnakbzoe%Hpm9nY3Oy;{<>~@i4;9Iwq%bf?38&`Y#QBSO2m)*?#NJB>Th_l1^
zIsL6!7eA;8#iYC6*l_gT3O>)^a;ywo(6;KV#y$a8brt@`b5mSY627}CzkWZ%dg`d_
zATK|o$IVyCs-l7KO1jEUjj!_xIJqfEm8#h=udvu4e$j@*N)8vEoVok9S$~Ib9H+Yd
z!LMfz8oFB4cOR>WY-kW(Tz`ip&0aQ?h5S%eZfyeQ#DMDQJX&i74GqkO5_j*@iP|OP
z+H8+HDi|5BpDIcetrn{~Us?1mb4||cybW>=X{_!WxTHJ%viIaDS6zSTWZ<dzy*5h9
zEOyXRJVVvcmRkKp+>xdb%BBYIsAJ~I@l)3ya5nESK5_Q^7hHQv#%FSh@%j}?94U!m
zbmuAVnEPDq@7=X|(0X#eiQxFlI|?3d&$1uSIzgxZc^AJ4oN1ka>J8d|?5+M@a6h7R
z;4MF+SNGxA@9u$%UnE&qi<*ZoR?Blvipk;nusQWsh*4@0<9NSopN|lm!P+*Vb47Km
zC#NRjEDc{A=uY-wV&TadfAdzQWe9UHV`)OyhU5N?c~kdYZQqZ$9v?8z3@c*sdK*8%
zvf)&RBX`OkOvi?JIsYGZy@HYMl*goPa`bfklRcODZ#}Sjt*W10cp$d4o1a0m>?w;&
z*uF}-qT#a%d3G7&C2zQoeJ%Hh_;AnIm*>qI)gP(3H!jlLS9Lis%%J@-B(zEN>SWrr
z?UR*f7VQqsR*J;1UuHJkj<c4+yzv#vxb1e1{C+rBW%5lN%@W)4R?+0t*9tCKT&KwL
zSLBAC(CZhg-n@~GV%-4^7jsU@=UuW|d|S@Re`8Brn`*AKG;3w<&3r~m*CvY7!~I@-
z1$Xc6I*}92RoFg87AC4MlogbII)=mEA!1#~uoXAgwfJ51_ai@smM<H5(-U!(>Cs&Y
zGa&{tlSgsFIs7lF66Kt7RW7g0u)7;{({rPhqeVclpzhHti`}aE3=fsDoXZ=3)P2sL
zT1GJ1>fCj@G-)A<U2R&cdc86tq&l}O?+Dk+o={<9)M#8K{%n9dZ^?J_Qw&OpnRc6-
z$wb~z3RApoP{c|Xwx}I-YUQzG8Cd7oe^yG7%~e<GA+MQl-TCTe_M9tSpPl6nu}Xfu
zV;Py?XO*DO!IjQul(x&iGpI~X?tI$MT;Ar6+hQqZT(wxO=Ed~_hvBE%KJ}r;o_;A)
zIOkrRTNlYHb=#RctKYl*%7xym8RScCyn{VANW7w^eCCtL!9YV1A!BgOge&;DSJ9GI
zYnA6)8p~Vh>a*Lsx|(;Y7w_A(in>p2vrxmqZi@%Y*DH+;?Hi08zcgNwZ{#^Vq^Rhn
zD%z)6OMgt=Bl9iW82xTmkI+|&@lUt77qWUqbL!Av+^1w?6MKHGzDsY6{nh;L+{gTd
zE)rV)bSgb7GYrYCTWU&|>hx^Y!Sb1$zRXS4s=A(IGR%}Cz}J4nigvr%R4n~Ao;<If
z*m9j1*Th4^YTV=L!iirzdtbjZJ<=eW@V0uO>Fd}2yP<c}zC6$$UZ$t8BRqf!$4Q@S
z>izw6hNbaK#f*-Ky8=z-=WnYGUNUVyIqX(&@B%$gUu^6b(L#5sT2I?}sV!SS^$S{`
zmy0w0dSK#x+pMlxtS=%g3aLOp^h?xAu;Z_;`LpPMMCBsPi}p1X8@4-cb6&M2nC1K#
zmk0iO`GJ~ymU+;anOoT_g=mL<t17My4#hpr%9AMEz!&`B=B{;Obfzt9L(aF{5?rM8
z%8zF(_c;ATGi7*|V!m$S=N9Fbk(R=-&W0A5RV~XzpQpF|NdLIM!!px~ee@<d|J3M@
zo-Ueu5BOsl8KzpZ4w)EjGwIsZ{77U;S)0?6ys#b0jbySXQleW*WbD@XHJo&zPKeQt
z87UhG;yr3Wv!;CO(v>kjJh9)uDC_fens^qCo>)^Se~E+p7Ww53N5`M1yYOFKCXKCW
z*Ikm*X1~T)<%}bL+KXJSqkiO$+Y>Xt_W3P+y4b(8Q1FnC*XcpKE7ZaT1~CqwJ{yaY
z?Qa%1zJF&{SAp{)H({FQ0?E6FFTWV*$>&zu>{fd71>M!L<_na9CUs*9A7x4$m{V7W
zkL~czQr@i0<;_&n8d)0GeBonHKLh&&O=(QQhulkoPqSaN22K?OY-lKu?Qj^0xqG>m
z=E7#0wRAu3m_;XI?_O3YGt9dqcI(;Z8+AKa*LBHKcX`!c8=?H95-)JqbT>w;Ks)90
zF^jvV&)!@PNXcd1&2F$XUtqoX@Y_#6tm}ok_juLW2#-Cps-v@Pm9p&HZKir+pTH3_
zd#mzwap9T|4=ZxrH}qYcUY}@T?R+v`Lp6e{2wQtK#&QSy6w6Wzx-14op}s?t7eX1T
z?wWgt_Xt`DXQT}^MygW;ht#ine@Z2qlDR5M=gsq43f}AH=hXyR%zABDg-behKR(&0
zzB(sSCeHp`rlNanF59QhW%5qysgHI=1?E^isHogz_Mxx0Pa3NuzAQRIGR5<d;-H23
zz&;w+aeJGHZ5v+g(xKQw)^5%JZjt)!WT7ME;im*6tUR(pnUj-K1cOQ=lN}42jBZ8l
z{i?7dBPu9E&}2n*J%-YR0&7rVO+%|(y|X}%oBR3kLYvTFpUzLGECcisqF0E&&0?Yu
zyn0<I@Fqpv#<ZYM4!e3j3Fg1l6ioKg?eKiaeeYo`wN%-6$Fd61pa{`79=nteiX6YN
zVR?#;VJ+i@+Y=Hu#$LO!JQfo<E0@yX{Fs94u+L+E^~OYn>y8@clH-)BP!SX_%}qO0
z!QuRD&!Oircb+|T9l$*v`r3X(Z|~9r$~V6`wx;jTDs*Es<!t-R-cBo-M#s0kMXCDb
zbMvPku2s2xveA(B5c>RKO#a8U_??Mv!(I-$qElvWmmMYo+e3T>C0r-AZWsO%&=+2s
zbV<!q%yF@BDo>cvlkV6LA65?NvCvo4TuLm8i#rqqTPll{P9L=qKA^`q9g&z>81SV2
z`XHmscuJUhr_*VtcNJq=DJOIotIoZ+w>MrkQeow%=hTkLAq9CG-j%vVF7<h*Z9t>C
zN;sRFTSz?5@X_7u^WT(4`Zx3!Out>*_0V8q@ioCENp;-=!>$`jpRvLAio9;m{;`u&
zj$^CP<rfBz+(7|IA*a}8EiOW=LE=p3(Vz8~sb|OR2U3@v{U}22$8M)-Y`=Juytc55
zzbB8`x!g5sNs<~~V<US)L$}>mxy7!~=0eTz_Qku9k><Bj?gK7y3P&7_d=J@*dU`Z1
z%3z42*>&>e*v_%^A99OZ^j8SjS@Bgcs_8Zg$N4&rx!)csi416xd=4i_3+pv=N9-!y
z{V`J%je~cY?oL?TO-z4(U1+eS@uPY1NbS4NB1Z=ToPD!{(vn`}v^V>$%@f7)^?fc0
zwQKdVtw?>hI7V(itzb;8Y5akYO)2(|S<VQSw{qx~o;(x&w)||fZCks^-U45-&u2Wt
z)mYXHU1pGwdZU}IayTnMj)_q&s|&ZiyG}As_dD4wI*&bv3(xAAbtKAWJ|FF~T_vk~
z;;H2j!*pyPCFgdT!qHHL5P?*cA)Cy+ucLwj9^3<To0{yl98@DSi7hB?4U86A(JZ-%
zH!x*b!Yt#p%BDLm_sOW@vtzMN<^jIRVnf`5+|CXPwszeea=QyA@8?W1DFt45E}ZkK
zny2Dc2lv&@F#<K-oDbn*i^_;QnG80IX!}mDVZ8rB@hh9XMof0IM97(!B@KJI*EIz*
z)R7;)Y`~n;-b$+}bonGp(u!)o4_6OU3Xf}fOsG716U!pE<CRnPuANxNC#g;1J4Nb0
zro@<a+QmmjUz4!yR%A4Mwq}P+ac<9NLs99z%6t6O9yYgBDF)9{wKku&O_1?95^873
ztsA<7<)CBy0m{W?j><_(n7!Z&AWC$*2btBVZCaM!rdBMM;eS{7E_RJiCDz%8cIc9g
z-%0(D1PPpD6=RGexnSfH_@JbX@HA(iPS4AxOPjy76}4UTE!mVGwZr_Y%VYt2`>3e!
zLoQmwHeZ&*)mQu5+*iMsWt2F=Yc!@%^dYqLJ8ig&f#a34(XAh;m-uV2(q(h4W3!;J
z^gg${Qx}U%kB&0pO)ZzZ#i@1od;b}&M=gi$PVz-!OE8riY}>M0O~|?9seR9JuaHsR
z8UJxdL;znG`@uZUz|V#H6XID^9ko0!FSeBPF!vm9UfXlDgj}LB#GC((boXesv214A
zhl9&PmM}Bxu&?)}zLBq@pWbgttu&EzRI}!(hJ&2_E4BR=r;R>{MR_0F7SxeWS(Bxm
zFuljgMr|>lTtn`lWsOxCQ~a|#0%wZiOb!YZiOU4-qhV!eK3Frkxb=z-_x6vHdaJ%C
zS@fRkUQzX8t>+%{w-%%2PbwS9c}<t6nJ!;<W#4flF2=7H_c}7OuKD0vWE6SuX6o`s
zo|z{%XUo?NTMSh*JYnnDoA{(+v-+});VNUIE+NtUuif2mu5C}wp?6G(@-eBRwxX$8
z<*2?&HJx6LW#hBkH1dybJV;Wr#hN%Vw`b|y#-`)^jvI}5IP11OdZTSDLv`a(N)+~u
zCmC&2(o3opl9YC?_eU>nS`_wrV_@~WDe9I@8piVLg16?UUMe-IW$HR!`Z7{Jk-hvm
z>prP14%;NBv>Dm8PqNC5GFq*pR@k!gLU_A#SYVJ?1&jQdUE(6~iYZ+~EP3a62RYqJ
zM&c9qFQ(t}a(cRy;>KRiTWKYCE+$kxS===8bjR|#SA0KYA8Ykob^hXZ-9<tC$e8#A
z+RgC|>~hdxLXXrxJC`M#c}SbRUv8aL4PR`qQ_p>wn9Om3wfpwxlvO`z8~C=(HD(pH
z-IngQ&JXXXl{5NV+@DEL#C-km&4%J!q)ZB#UEu5X)VDR8WYaf(u5qqizBM2#X!((D
z3Q<+#!VVo>H~$@vzo{x!O|<UM^(hvJbuaQ?DQR5L>`rU4l)l~X!(kiAI>&2qvch%(
z>mJ#Ds4Khe(mQ>nqa!8l@Y6vd<%?Q(wpj<%-(zAc8|>r5o^Nfu7MoC{ZL!!(UdVO5
zTdZknU|8s_EmusZcj+>zGK#f2-(iTfm3b^?S5N+Wlt1_N<PK`1GiJVFoi5^;Y6k3U
zCydNak1f)5J2653oj;kTN`tvaGwhJe1&Uk3&rCZ;chL?VFyC<UV%X8U-i{4#9p%Yw
z1AOQwHoqNb9tvu>ePAT-M`7$vcXuV>rH<03LE8-vZ}7Qw(kk(hMZ(vY;oGAECWX?9
z#kY+yr8)ad3snlg2uQy5JhN)uw^Ncq635KLaviUSPGwMV6t)@^u}zbq#}}qR7Tt%C
z%d$avA9YcS+h3E+`lIh1+u;bHU$G=ErAjF?=8036hg`mSn3ErE1OH;{m#G1nl!sJv
zb<I^;i~BRI);+5D;BVggE%;R7{ieyB`|qnidTE!Rf9jj1!IcVIS5lc*DqNL{exj-~
z`TSt_<d681AJ^r*N!7peqin3caWuY-l3YyF;f1l)Xt(W|sWq0)Cr*ZQ_T8Zk$W>a(
zkt=sIp5jV>{KeYFPP0dqCn~8N4D*j>8}*luY@aeq@I6Ek>@_f{Bi4Q8DZ}=<tPPSq
z@6Rc8zfKuDl;rGq!m+(AjM*df_OM#<($NG>>AEt^y{Sr?b62BxoeRq-E)pjbdO;;h
zeNo2N-so!YZQi=UCy!c;yjrx?#5j7K<j?v@nQK;DDj4oG+iTDezqqd^zt?uJePSt<
zY>K#-h{Di&g;ng=sxM22X?5v74n8AfY%qD8ORc#{|4zcwCmr0&Iodk;kJgeMkhGCp
z{;K)Dbn0!RU91xkIs?T!+9HKrOe$*YdJ4+9Zq_~Yx7sRVOx2LmlqsO!+~iR~wOsku
z=cp>5?1~h+Xtozk=QD~=b6?sL`<7*W{PV2x%c@mN`k$;REia4Rvg`vDm#D4_S==dk
zOu`12$-oHS6#>SvTOX<kgb(@foR5$w_ojBjB_;)~SoSP7i*f~DvI~5YEkau$Yl)Ug
z=ZTl0s=oHu4adrxPcX5^Y*XrVr4eh9;cyo|bCK4_Whn~>_Dd2|jy7e!)F}ORXR6!f
zji>z2_3LfZ7~EOHp^6>bSsv&;u~k=X{}qAS!PUM_<(s3+g7uc~mR_QJ{;_PbPQ<bN
z@<jpC`|MBJxR)H-LT^>xcV*32+s%PXjvEL(Dg4%ZnWC;TDnGhMr66%a_t@6G?wPiC
zH}vc{KpBa>%ag8``$I!y!iT4R4O{AWn!wPj``_6Is*}S<IOO{HLKm^_r=&h|jA7fx
z<8Z2IR65P_&d!4jOS`f6n$u64SeM><3InRNC8yiB$;~fgWA2&fkZ-p-^{zK?;`%dF
zE5=n(Ip4#^N1E$`1nx_4^Ct9s39qZQ&=0hw%g>^GE<3r=dT(T7;HPk}`beEoGZ~XT
z2Gi*gxAfMxZHZa&vN!G8^%IKrT7CH^Z$!LsbqPx{r?C(^dqXAiNXp92aVAxaG1YqG
zv=Dh~+?_k_m)cJ)qjkFT+$A{oSamPA@ZOB7J}H5$j-n~c)f#2aE!5knK9!Hfmg7zz
zrn9Kon{}kjJ|@#rM@XM{$>29Cm12wB?(VO>!(VP@H+g39J>B@>Hs6gOKG&~vuK2b)
z#b?N__3=~Pq36nJ!=FN(D*G(-*>(u+5;d_-7hJjG;q6xJ5uA1QVRa?{+S_niHfVWC
zNZzJ#u1OJEd1l*Pk8CT-9=Lt<|1n~`mC0qqb7U`%{_z66wd8VSF0RGvzwXxCA3Xe3
zHI(}*`zbCa;fNC&;nV`gZ<EI}_B2ep?sIoK-)!X0T3MeIYyIh~-ER8&?)KxFd)hk$
zV~y@$%pUPvdphX0x%;%nZZ4CmHwkpvt9d)g1?nG~@tZJ5D!!3lGOB-WTy1nm|BfG~
zXU?$6IT_~2d2JJIFa6Rj{yO)h4&#mc?C(N)Uk<)E!!>Ll&C?&mF<jqvVql7X|D{hl
z$3%(>lOJ^MsjSBq6n~kvoSwB|kGhiYlN#*g9)nsw>VlA;F%QYA>yI8oRy9w$h*6pv
zd{^4WOG)LF){&?rz~+6QDl^aJ03~l6?`FodkZ_}uKi-ApawKQHE!S`FdYGl^T6Mpp
ze=7LPgP88nrzJ-c>J@%$8BcyH&MC@d;qjtqwO3z}`(Ur_yK6$n8}|21It_ny8mg_|
z?Ra8q#ptQ5^kT0Ky0O_V!a@GYh8v^}bM%fZF4$+hYU{c7Q7flPKL5j3<*8O|m3}dl
zd(P`ueI1LpepUA@mM5rV^m476u@V!f=ta#-m3jPM^xtx9lhHU9R8$C`Y+lPt{YtEQ
z1TF{R+t+iA{6W41JF}K%hugagy%dI-(Lx#NZgi9G+cWk(uX%BHN=jB=hs%ie*!InI
z?aIEqn~qUDuW2(Y5j(khsGX{D&|4*7%R1iv#yTrQoYDdHq)K~n4naPd>NugKt5eM?
zoAPo`*1a%c`FfgbjWoNcP<Bvyc+5@*2WGv*f_TT>EEDT@mLE$SFi!C4Wo{l==R7=d
z$w1`EQu0X2;g;PSE0f9JUa+KP+Ow7KW603Q7wfNWFU08X2@ZZ-`n7OuwYX!*Yx9-t
z>!ZZ&{do2~-(0-XD%fw?SQ8J=JE<J!i5^1*2A<kOMLUPLE%B_T@WX7R(_32pnXO`d
zPS8hcrJPqcWL?Lp7{@sSmc5X8zj`nr`(xB?!}FoLHFonFN7v*V?NzvH*Jnd+#po0u
zU{KGO{ep~oNsSN3u|gW%)t5^7yCfIge<~eH*=QkA!x-$n25#<<+%0yD+jnQ8{7zld
zMSGp2c9t-<p6BEJ`XM32SX-y3BAs^0I;Cc73ch%ajLyp%&%~WRF=4qMZoAD$;cFDf
zckkRGy701__dZoDQ#2TFVwzZczA%{4ErQ0QjMG}-?7pkqM$NBiJIbRE3%Syk=_qt3
z^Av<HZH||Ygqt-kJ1yF5)x};@Q1DRg;;M)No{udpCRg=U-s$*>9Y0<9fIqL4O#RYh
zk6OF_sWS<cKF1AXC1j)IpYJa1d%MW5(C&h*fBvo&!mV-RV?HwK<&To3{PM4@&aOS&
zj8ie#-@_NWwXo&0j@_HnK1pqNPMWs9*H|t8<5~FG!cSS1ZDwu3tt<Jc<DFl;2tD4L
zk$3HeL$AuwTiGjhUQ3B9=hp0$d{|+esv!IHv%c4QKa28Hx=8|?VsS}<=co@}OHSgw
zAW8G&@{c10E6W)g67;_Ct15`T)+Rf=pD)y;dGAU;A=!-&Uwm&rQn}SW=+rybx|0+#
zdnBDNU;;nC-xjki<NH20OV7IxZ!M#@wk}S-<sbY`d-+E$-hzZRw?rH1w5O{gGW4w5
zGS_LwRAB?hHCL;j*f1P;GBNp8UT$MT$c8H6PcKu-KPvNlOlQhHsd0uXyL3sP<-xQ&
z35vXOC1(y*`R5G2N%^w)*5{^irnEO-TZhC{(po)w%_@@=*ZFM<8e~_^jkC!7qShxG
z8F+|-|Kj$#p{(VdM<cf%TRll{ZYh8B@#e+t$F;oA+O<$yJln3O!a4jQX{Z{B!a_nj
zL`~PHD}||DxJ{=RWxD=F-sYI$;<7|0Q_=V2QdjQOpL`iKx#aOgW7lZlqN6Puecs${
z0$mj~SA0`hZ7uJ#u4w+EnlB|bIKo#_`i@?OO!wCA3?F;-EmmRcFAnRix;=fHT1-T-
z$k?W@Vl0WpF4wZ6{z#7Jo+8b=*CJ1xFSCjkxjeMhmOLockcy(SF2?hvs<TGdb#CRy
z;fu>2o;{iuY#@jkxi<XC(>x@hvd^3S$8$DI;py#$PqVkY*iN(k!IWSX)>9$r<+tH|
z<0~y1zweu_BrjGwx9#Qek>Jq>4Da2(kB;6Oj?D{9fBJ2Da(U|P_*>uDF1!XlXh{a2
z{6O6|;r6p~s;vXDmvQF438&B^+O!TsOBObnTq@_L&RbVGMGa-ou_%mv>vyH&e%$az
zG1l!%F6M#srsdx~yGtGE>fQINZd&7D?W0&r7xeM@qBisE93d@n>rXr=5SbV|RoG7@
zQI)-idz>OAwX2UUS7?uQUVme-dRXdCErqpyO=;%u<L$gwtQfU-JWwU8H7IwDe*J@F
z#rJm)1O)}X%`4XXUK+*Kr<PQiy>r`P7JG~4k_eh;=l)!*QZ}}5U;AX)@i6ywmp?up
z3G0`0vf?PlRXn7&t8>2CdRw(z<+_aD?YhZV_X{|xhN4O=!zATX_w6aWwPJIal|xjv
z&ks)i^(jxqD&3hktz*9LB4LrbZ-gQ>>WF#o;eb7#qu<-{HzeMt5j61Ge~4pLb*(9-
zi07lEvrz||jC!{f=1v#9w%B6e!*~Z9Oe=Dyz|WLCS>c>NCeY7A;R5Xw8<*9JCd$HQ
zr>ePYR`-N^EL(k^=3-RP^$4kP>XuQV5aGk`X%dt;x>!Aw+055pz9KL1SmF8$`PL<2
zqfO<NPZ;R#k0kT&z!-^Ce9MwKTmNZO-tI65$x)H;0{Sv{g{>V;^v2qou;T|<L#C3n
zCls4puSKQa{?fOHjQ<@u&L~5!)b7MMo2%+W?9K4DI2YLFoqN@g_fj9-EjD#C+RHDO
ztJW>MPd<2q!p+;0Nri6xw^yeV^j(`A53FkoYTKnHoKYU%?ET|ofSMw;q-BWLm;6n6
z4Noe?4XB3C9C}b`yiOzHEtlcz$kPvAUd*gF$=v(6&v*@=ve9dcMYgr6hjuP^qo>b0
zKeW5eAbR(my@@ZKYuHl7mtEQ$TlT4P=QPi%%W`_@j&)w&d!Nu=INo7XxW|CO+IU!9
zqMt0_Y38$nPEmSpH}WXnCT?n@l%q>72EMedF&}19%67eF(tB#jDb_(qYm$9mo?iWi
zZ2H_mzKtI!qI?agV%g;Q5BFe{8JLZGWclwlEecx4(?@ZrL`mJ@*<xBBDmn&wKen~I
z&iT?ue$}D%TyC%PBKJzOB>CF>cYW;1cC?q5hFquAy}&<QY2@vJT_$mDlVR&4-iFJ2
zYmzV=mu}wHrePHR8WH1z74PNY+^y7bJZ81kDucQ<zQqRuc%5&4+uTJ_(#UNu=BC5f
z`AUubSyHuV={om{&4Q6p=1gSR{Wo2w==vqX?@((MIjG_!MNV^wq}@Fg7I5EfPk%_u
z$@9*Gdo|kg<KWBnm8&Ye-%frCyuR5y(?KWxxNNn@k}7+${)2}<=bOl_wpe#-^$s82
zY}$ZTYv~SPe$bzAIUZj$a9ST`V7NLgoj=v6pj}A#g{}H^!4I`oy{6hBEg|wmtxs+B
z^HmJbRw?qamn1$9J8QZ(kXHRp>Jjb}+|}cEf<`k}X!Wq}Os@=;+xa?5y(9TV>*E4N
zql2rh_O6@Or+tXSO?i4P=H$TUYMqqa6zO->V0s(>n&lOk0}3IsCzK!i)|s?eNOIEC
zSCf-dH}7@GIY*WEy@RQM!`sZMZuA}prN+DI-0q5_U(0R=pN}B>Y#G8_|0G5wUt*{z
zk(HX7=?G25QTv=T>W=%o*M*w~Q4RD-@ZbK%93b$St}+BuT=LvokUql33CCD?%y{os
zA2NrS7^a7Vj?=7fqG?umF?3PB(ORup_Fc_Esb57lE4?+nnkQL6gw;c}@6!t9L;kH#
z*<UX8%qltB(fYa5vu`Da{>bR4Ml;hlzOi+uWYR*Sw|~uA&#*JIuEE`+&|H$CwoZB9
z$7trO0b3UdzT~IH?l#-`u2)z%yb4F&wuXf~Ug_xe*K4=znpE;(KX0to$9cr0ea8nK
zKINpIAhrC=SEp`mR@szo{zzr)RPXlyk%YH*X*1NzgB;>$t}i!Y;@q`TYr?YTMw0$f
zoy84#ji1`H<eOjr&`1<6p`d+LCv)!0`6};2)aEP^y(=s~X|OTJsN|epcI9$H`K{02
z7Io+7zM`+7e4vuFYVa#VxmL~8IW4g*Ps$C}lAjIIisH(w&0*k8qTt!8-tefR@tG}I
z{DY464Ou(iQ5r4MuI#av-xyIh=zz7(eReQg&gb)S-f1&h@qQzNzDq*ScE1YCsJ!|i
zy-hGHi<-G<lUrET(RYX5x*d*d(pGe6^Lo~J{&M4etcr4`%SnFhP5zZ<k`qdT&sALA
ze7o4I;6%q0`VcIGpS>|(^{bs~T;l>w8%kD5GAnHE31kX%JV`Dw;m*33p`%2hImRlv
z%J0p<Vv(1*OiCN_*AARZk!SC)xo42gZogw9P1sIwSvhOob`R>qy%dxYRf@7-7{A92
zG}49W)Rd0tk6xxVrbyl}yn3QA+NM>Y?Tb*?Zh<hpV}g5aiwDxYzHLxkXCd-qF?{;l
zEbEm17S{gq;A=WDol-Tf9Q>PyGHlLft$eKVq(HBKJYwSWr^p*F?~7cb&o^05W;0@{
z#k6HY4m>`yKIOyo{rWqGqwPV@uJ)X~SE>I<U^-!CxPE6~*3sv=+%^|1$VS3Oxb}JQ
zdoG`P@bSmZ_Zr{E9r&NJjE7;?7IbLJpP0x~Dh=J_>e|_vx7FM7NKk&bKhKHc<0p
zNfn-`*h(Ma{RVe4TSPr%vZpC{K7Q7V%S_>?VWzn@cI24Otsnl4??1M3>$y{W*I(KE
z#B|lmByawe{4X4jx!!%Ws!p_lHz36KKKCj~;Z8rJI|n2N)bIJjSAburFYd8nIySx8
zWU?ai{+b|WF{v}thie+VTyw?p$}ePp?ycT0Ud?*KhM6%wCZs+-=HO!~Ex}z)Z4D;L
zxAISV_u32yt0^raV<d-zR`AP_8QS^tUw;1&H3n)}KYuGQpCyognYnRzsu}}ZbN)QK
z1ak)-9aEJt{0jf4N3f|2S;77DOY-J{f1P<$MM70URz_2cPepdNgzSveGA$^W1py2#
zK^0`qNKjUgl2O%^;d63x`cDD|6E^GhVS(rO4|)Ap%ovOX)&=XfozOE#=Je}_JTp4;
zj3ds$#R}&{@L6Qm``@#hU>*Ax@6WRqj&=l}M>eGV_q-O~=PewatOyE$isN5G&do2x
z$kqY(m!u^>&DTDWH{t~QW6px@g#QSFe<pdCEg(tC*2dV}$=uckYX#f(G@b42Y~em?
zBP*<<<A3)41(D;bPvV5DMAP9L!dp;~fVKE+_EYDduL}?pb5s0Mtw$}?-ovYh!kud(
zD5)bHgrzFj7~|Y<#)q(0&Nvx2I|rPjBj|yjVkD7aP5~Rx_CwDQLQ%GHEkJR?IbdN^
z<9~!rJMc5|x3MP-fP5zCm4ElgByS&XQW^LOX?8DLSAwnlp%r$cw5a4GjzE;LFt1K!
zWrO&Y(0Sp_XMPae1PEi4ZEfwqjqty{yXDK%-5~4`h}}LT6me2+L88QJI$@oh9q|kA
zH+<Yg0j6O9)1ci*587gGhyKqwf4}o@*Wa{*5M}I1hro9D2%6oRU!Q3FqeYT;9&|h6
zDYJE$8w8<8{r({VZKu?{(&5UPIpN@e<$-&&;E99Kr@%30eo5Z2hityrL<A|@8ey$)
z1fzh{QJr(O(1J*xMSFRL+`_WWJzx#l)&>HC6V7c;oLR^WT?+FOU<be)GtlH{=zj*~
z<=}O>W{iM1+y+I0f;4cB&Q^2Y?pGANzQI=B80w|U(94nW@y{>GTV06=p$gWpg8*-M
zWu5qOG7;WX0t}08v?(<r1QTqu)?s$`FnH5K_(MJ|`sbJA-KRlNwx+tWj2q6#8EG^;
z9ebe$d#X9FbSEp9ISux5&8maQCl;x|4Cp9LrA1iKtgYvNeROg5D7G(cf~pWq%nvme
zIHNxEOY){ZNHRlh78muU!`b9-X%f0l5T35Uxp;KX*?yE%GJY3Izrm_~6EqrvKXfyH
zHy}vR{J9NV7Pes%upIOLLf?&$V5HE(I67lDq&xLvNszAM{<HVnI1x0~r1`0qC15Nr
zFc!Ku*qRX!n{B4K{`x0VMm7|EmMF8uU~C;s|8mT^PeAzp{X?GU{QU&h4r^rgcVag8
zK}ehadXUcU7wY$ePQT7fpvV!k5@U3ZxF5d&M<=X}G1kHOFG;@wSNw%&j%Y}M*dchK
zM|JlFBpt#z;LEJ$Y6uD2Um6~D#H-=V3&H^4fc@(==gRvp%S22aO_V%GJFJu0Us8W5
zzjeH(mJ|H8e>Dap_U9$xpGn^DNsua`DW#xrOv()Fpy}j*!&=XFuV1Wz;2bmh<?y9c
zRv3CvEQ3?TSmc)mzgP#QY>ja;no<iwC9kr)dkA4u9zvTa3i|pY2~a~vTPtTLoEq2=
zzjC_GWl`1OMbh9!;wVmk2nie~CkJyw1mu7-HaCL&8b3|2+~f8}hyu>bFqpk4+NucR
zX=+#pN0=cP;p~uM3_pod-z<F$2sp4IB)K!cB=7K8Qb_aJO(K)7r30iYgM9Q1?OhxR
z@(G)3eI}bUH#811|3^CkQ#|ny4V)DuX)XkufSs><<Q+7NEdA_xNMr)>98JW_WX-K$
zf`z|LZhmp)5(Rth0+l3YS_J8|)oCPRe!76eCPhUltd-R~QwXxX#j>BFijgWfTPvgV
zf5PF{DrzxY_6-_ILJyKeX_fl$pD-|-A~Drz9<@a1?l^9P`N~tsIb=}0>GFT#Y1vxh
zY*er|Skw6$F1xGfBn<?jA;=ccd0bEniAX$2=dUO$A6b0b82lUyc^taK_O+3~aKhQ)
zZ>HFiT@3NyeBYs|z#(RSN#0kxh?oD<R`>z;M?Q}hgAc^QL}Jg3c*MJddq@PRm^#Qf
zIM~kVMsr8h%`+fmM7{onFv!H&#s~?Sj&sJ-%!f+aAHnh+4A4DiWFjx$N3=}YKhkI0
z2ZITpmHDvGAduJIGD`Tht*|!e6mE7Rg|>nzG2&(w@P7H=uC|`3Zt#zz;OFR|o=&t(
z2^-@BaB>#wG`IPd{Io-;M*0<`G@A_0j!s>=e-L4ZpD!-qVD4mQjdL<LBFv({{HC=C
zn)NG$L9{|kr-)}cVBIyHO-#()W;g6Fg(!B5ntuR=#6cmcnTADthjsCypXv9koOmW<
z{MoQS6_UhZZ4_)wY=74P)f{ZWhEDGIfvJ`bbb-*zxS*(l?rBEUqyp!Sdx*=P6QI1>
z2%0Sd&CuzJ0wbxQ`Bg&d<tDOMyRQRDVNSYtf|+QNxeeCAov=etyzYn<gdn92379mh
ztxl}|H_m@`RQ!##jWfu52lOc(upv5!p=TwUXlrW)4x((1)Nb*VTYiQY<!H7Mh+YqQ
zXGgHhY{YV;Y;g`oNPNVv%5l#ZRLemP3-CP=l<__Y5|4m_5zg&r-4;JZEOq~q2uQ}3
z!juCYiWNkNr_7r|Ahx=m#C(qe6!{9F0o^7$#EC^no4c4B;|P0OgtSiOOPHmx!d^sl
z_z9FImLsDq;{q!J^T*T7hL(L6;9&IN)@aCGbrK-+PbUzI-79{Q`2!#m0NIUddM7QS
zA=Y+I3v|yn{;xCTp<(o)(2K@Y9wr)N<81wFi9-d8Cl^Ar*%NbVvH+ruE}+nH4W~;q
z#@-ogWxkL?o;iXk=|I{vC$72alSFbP>}kgj?E3l&v{?q;hVC@S4T$Ct_Ol6Uwm}t8
zB?R06odhSsBonDJEj-LE6f7ko)a4(5sa&9Aq8moalyn9ZHOy`BEZ!h4aMbUT2I2zB
zKodtfw6-O&Bv~t4m{{7Fs@a;`I1voaYK%O+WDwJ)Af};n9(!w|X}{A;1sfMw)xbaV
zM>NCkT@u~{ZBznD9J;Jo>qIO|4yr*g)@YewZ3z3Fow7LXG{8OqOb%s6Mz?=~ImjU0
zY5`}bXI?gD56~uX_<bm-+i_x{$hw8Ok-5_WLkpadlOw)0P{f#qw=d-*sCRQv(q8|H
z62L$1?Hp=#cEXEV;r*{DLHsDEjUz2CfNGng)%!F5irR@ECCaI@(-crOb5NOn|BBj$
zA4S&c>T3n4mvc}K=l&HXgdf$`>DOQmsLDC0-2wlK62^}b9<S7Ng&>s!Jq+#alR^KA
z62Xs3j%T7b0Idq=XjL2fuc+PlQ5_cbw6YKoWf*5qVa`YVBMLugdmT1`8uVEN8HEHY
zR&d7=4T8m8s0|U5@$GsPQ=0?BipZStJ|uxe9Kiu)D6A+K*&w3|HWWvx6?ctTj-n<k
zj$s|lv4&PSSRuBxa=};sLZaYar6jQ~aEv_gLG-X}n@TKA8Md=5Jf8S3;r%cPq&6T)
zqx8CcgJcp>gNZeZj5KnUQ#m*Zx-LeSK{S!j#H_L=n;t1HGjPl<>{(<I4X`!ETbx81
zhsV2I`W?93BX9?F&U`7KSotdEHqHwSx<PSEY+J!bsdLJEHTQ_d*cv-qEd)CIke<C2
z^mz{Ypq-7PglG_KcQCiJT41*EIc(hHBsBeZnAD&%TCq}MNvc@u-&?lu$DfeBwW)=m
z%`VUe9lq%+h-TQr2LcvOi`>=MZ8QUQgy&2Iw^WgUBAoEW-u3l11AX)n5UPWAJ|-IC
zY-L3-x-m4JI)KC*Er<f>hDod;7IMIWup&#&WNvE#MJk|S(8Y}AXT&np7IbEsXI1sC
z(D?%(@kcxJiswXA9L(V!LRi51ovY$^G#+Z2(nhe^bFdk@rqT9>c#`eUvLm5t=LKpp
z_Xe;VC3qQnD#OrBEa%sX9I{7q{x(8t-0}nOPJM%z^M!7<PBPGR#7#Mok<Hn`2<OOW
z_p7LCjzjGPML1{4!}F}bZWbJ~JL$y^k~zmLu=AjhXk9@az4kt+v~o^`<IpE!QNQN3
z1ba|fksf0wV5A^gqg%<WpIFR6q?}5`$gq4(Z!nb2FdE=}=m98gh$Pnh&VX2M;K@GK
zB2dX1N*q$C$Rj@dPnd;@5gGai)HFb^6wnJD>W=*&7WlKyNvJzjo3&ULf;PyyFgid`
zO%e|woW#vte}WqE?;o=Mv~G%6k{z=1zyY;-hBQrz)pYtEP+%We3f(lOq>7eNUTA3>
z0bcWCRr<IQzI>rKd-_0*AtN#{{MO|U5PwuHneP5k4Ux_bc1cP9u^Id`$y;XAKY|D>
zZzHNjK4|dY%myo+;<GC%_FMmvNO*x8fl@2dT@Zj_Dgl;7Bv5KjD3S>M*?a^xryw}~
z&Ytr|(2bQ?X8TJZ1QFum`tRn`G)LAG2yJ0PfVDpEGB7W~AUmqjgT4AO5`puqfFqPM
zBGx|03U~?xU1+_TUy`>X_FpLTFM}hr8S(HhJTw1+^k-8jxDaPVC!8aCw>2U-m*@Pq
z3*ZcAR?p79GD#DRENbF8TYxZ1MBnHYLxUijgV7n@MO%_y9%0N=P-`yR-?kAV(qmwt
zLu(?G^hhw!PlgN}E17Red$8JU-5S_Cl*vB3<hlVWdL)p3FZCdslc8nshoo0ub~!wP
z=4pk}iTF&rBOximmn4`PY<T&-aUK6IZls|&oQon|p&H)`2`qZ8`F<dYG-T+QU#-l$
zndzIL^O(+wv=<^t0%<xyaop(7W()*4XE}53fVgAEkVprjk0ps{2tJ73Qi516^}N_P
zvd`i4oJ85+U&PB|jllor*%1)0b>!_QP$3d{=wZs|%D<@MVD19-|DXLAi{A?)>ViUd
z01fG2XkuOb|3(xr#7}G*diJarbi6c2N27%Qk!XaUDC@P;@dFT}<`6Rz|3{)RexmY{
zpw6{Gdj)@zGcJkr?cr<xLUcBSMUJ1%h@Ut8x%44oQ>eMlO5E&||2N(|jksJ<9Jd`{
zY~VIhC<PxtnoUBa{N3kf6cm`pPtR7`Y`y}ZC-5hS0;*j9XP^QUgdI$<Mz}d6&)mqu
zJp)A|i&`2HP{&`V7U!hditNi8zk@g^9L@5MOQeYXZ{D-O&H{evE*3_Z7E3|wSC~-)
z@y5OzB&dOhH_xska6|~4e~~boXa3`7Vv|J}3r8k@&GqM)?j5h{_cM?O{D5gUdVM^d
zXqo?266TzDLSB2ZfbkLvNNTy^ozVpt@4Ljl_J4@^ixo>ZT{YH(7RiIKi>@fXdq^^8
zzGB7PmS97*#D(XCQE>d@uQr(5E4Wb79upzW$ky80)`p<aZ7891FBX2q-$Lh{K}N>!
z?H%&9Nf4%FVEjh6=MfSmOJSXi%<yjfML0XxB?KeuzMd4bGc2uo(ln4Vv$b`^%?rx+
zik907p`!=>(D^X?8`411IOqWm^OKAMmmNbAgC$@(t(ita0!K2GC<#S*#Bcs?6j@sb
z890bEbC^};_vRkRkR^<<c6hhiBSzg^tnEDs<g1{o8tM&1oByXb`29i($WFX@=L65J
zpJXFTG78Y7hfwt7cmEUp*KC)lchJyZSD+6Q(P!&tPZNgU|1a-=KaptMZ*6J~@s%DX
zCXy(Pvp<nc`#HsSoc91I(!P~kyf2_WhRFmAA4c&`ej$wqQy;h?;E#j-`Y#B>cCZT)
zch~`I2L<u@Hiu{};}TB<7e545lY^+2_&V_a{u21@F70Dti-Vqqe8f!y^$JuY|H~_=
z!OkhC!?4R5=kVJI`1vX)Xnn(0KzhY7d*=Ig?0?|nhjAP|G3E-5UH}Tqqm-?I(;1|M
z6;)V)lK69GYk^|bflouPXo30?{?MiL>$Id%4>+0O99+!_gy^>yj$Dv{j4Ki*!RQdZ
zf{sL%^B<qaZ_5cP{ZTkWg?R;k=qw_gku(w%{IJ&WKRBCt3KlEaIC*5iKe?ccpoD6+
zWTt;W{pqSdx$`8Fzc%LQf6tv%1TY6Aedw0cWchb6etS-RJmG<CA?SdRD}hpSjFmK&
z2Am*tfIVph<KG>RL`Q9iw>;o1=(5Z@*lJ2jSJ1#&+q%p@l<$wNH>d;q^+B}>?UA)y
zq=7VXgjK5Tra$8g>g<EXJ~U};2Wg~(4psz>m-#S{?LD-U=gQf|$2YKVhZN%-bTXf3
zJHE%{rZgRhQ`^BO#8LjRRGKu#VKW?ZRlz(O%}uR&W@yNisa%$5+U%P*ka2d6+VZk^
z=(iGJDs&fGCP$KBNoN~l0yl9WETxb8*DwO>5L8knXOuv)#wBVbu^>OP#yUwu1#2Fo
z{R$7MVylDuVZv4ns}RyC-iagsz*BX$HpDp)B+4JmaBKq&v*DZudTZ`e97#kK*h~f0
zTY@kOrWAHz2oa7*pF*j()RrXJ&p=BMb(Uv?>|O{G&fq2J;1}mWD#{VJV8gvhyc0qT
zW^{wZLkgvt$O+PMM6_F|;m&MJFl8{95?w?}_8|$VfwOmpg0zf{k*zUo94Bbh?$g>B
zUVsh)6m3-Jvm`+w@DkDcn6u4yzJ}hQ1c%DdxJ3b^;ug4e2kGqb`<`V+fOa}CVL-Q`
zP&BDHEpuy}wyh1}?r=+FcUK(*<6-bqag@_+iz5lR0Bxawter?SZT1~Nh}|d-Zs=bP
z9&rycM05zbMw(#gWmwIh)w1~qF)tg>#w}p8Z7^7(Bl7ArlC<~_MsPN<R7>MJAMmEY
zDbNx5>Mc@vaNHmA()kC@Ut_?l;8Occn8IBJ&qo(|__IkP!jcIrZ{fQu3~9FaFP2Fm
z=cgioh4wy?e3CdsX~lD3@XHTqv&YP{X(9JXqNzLM9NZVOVRe^@t_$d;21Il&`l*s6
z8ce%k-{$;lksp{Gt2P5@CHTHPstXr9AqfN#@js7TNWI*BETi|K$31~rzATC=^MWL*
zmIEvk!YUrJx;t+^_scEM)dn`GL!eThGoTtblEge{XAEi3{J6PwUUd4%*g-VT%^H1U
z8RGWz>6}74A<Ach{m?nR9%+J+H3WjA<&BKiFZB>Ql;${LZx=}_{4TD6$?#9~4kppu
zvw)ub0buBz3v2pF0x6i_WgtrlZv{@@RRXh>g4xiiTf-NU7|0fXRk(3S*?hj;1ZN%z
zQ~NH0t&gA*dK~urMl$LMas$c&`<wVZQx?M^OH3F5(Rqf^(7yo*u8gz#FWP$sW|X@*
zXHQ^QhyM*Xe|#EkpP+sV@hJ!5lOifoOu}hnBIlJzH$s~2r!A4)<#2tH(Vu-9_+7Ht
zJI&S>hRhd`52Lx_OaF~a+_8{-cP{LPSs*5Lj+?GpNfMXv3<K#AJDK9dk3x^@hO{4D
z&o5vm73KIRQQV{mx7f<qIKe4iWZ@0}`4@zK!j?=~1{(D>%oNf6@zmOXrq69l1a(&T
zUT_WAv=`bFz3G&VizF0`ar4F(j_hYu$Z6s0$Pj~aRB^bbfCNYVIi#7ubo+N~{%O&J
z4(5c-`Q5_L16dyN1wEBf_%r<f8(tG@0!4eIYK`Bzo$SwY#30qvnKQ|$7WkjYb8*P<
zcQZT9RR$D22(b>GI+()6y(HNAppC;%2Stu*5hzz94z$-l-ve0@7=-pkZ*^QDK@#(K
z-D$372qk3IF@ZMF45~}B2KE{$k|;mJ95MsJx5$E!>~5{rF@`kAY}@P%ol5rKNV7GX
zn*(i}aZ03wRtkY<p|-;Po%_rcxCJGUT$?C?b5^AhbJX3plRXU0yB@|FbVj8>g4F-E
zWZ<9tA*A|;HfFEEiC7_{LOaqp+?zmzL4LkJp>ztN7+N%RZvb6h00lh(+iXY@<=3L&
zydh80c;_nQs%Zrns|06S11T=XnG(+-kh4h$XIWVQ0NFW<4%~|@NdWv@jht7Ddai28
zYJdp9F!=XAnI!KL8{#1coaY}J-Y{B3m4knMg*HK_x6Ka36aLInXLq$FKR5W4e#?ri
z00tSf1^U3qkTda&KkFp(8q274%oA!Nm}k%;Xk)E#Cmus+96k3+_R<4T<P#VRO`w3?
z9K?1JSgx2?2bqh8ZOcIiZ7>yj-_puc#1rNT<#Xc{*G$hq0-y64q7bv!4Uldv5r@-<
zT{4)VIc{{1c%i?lmh;*s`>I7JBLpa6$YRi;qt%b-7yoaqU|!DaoYc!Z!Twk0EKDh1
zAd&N{);uq%AuEfCA6mN#Xy_Qy6hbuV_u9a`ko#pGyVId*kdh7BrH(}q4I$jYb+9+t
z7(l!@<jm*}t`|iL;@4WhyqXO542;!+1003116_Ekj3W)RK)X<l$Qy-%$&h=}(M8uU
zi9~~D)&A$z%CWI2*dJhu07Dz^9bB15L{LHc<4nzeUX17B=q>Gl;g}PI?_Vbc^Q+cB
zFQy><uIB~7=zuopHX2GN1@ousJ}=1V+u@0`06G95bh`2;gJ=)|%0j_1H;X9B?3z9j
zEcadf(GJ_KF{X1`{0H$up`bZa^2R^x=I&3A=LHN*@n&`WksRXR{dZLzKcd0V22%n7
z>>doc=-A?#M>OJ3(HTEtz+0x|1|X&Zfu4(>hjX<=bPuEjW*30*qbwp=mLtQv)g0fw
zSWGkuUG>Ee+7{;;nE@bC0HKqv<WizRGo{|yjD<WmwSp+d?D{U^xr%|?-C>g|rVw5n
zodER_FBF-K%-gNsw%xIR4FsmS3D9HWUz?!Q4nJH*gX|5@pX0Q9pOAu>XI~d$r{VZu
zf8-+#{*bq$V>$z@NfP0-i1BBNEqIJIw~aTVQaMg2_bh~Q`1>f}T!H90tO;=f@y=ln
z#`=$5hBie~1azprNrKdcW|pU>vcAB^drUe|(CJ|;?3N_L7=Pxk3(PDfvMEO{Ln#Eg
zumU}^OoI!`h~*HNSx(`G?2`eo4;%=c6^1vH03bZGY>CWSgPb0t2MD?+2el9nAvCjO
z@S|Dm1%zC%6FSJbz`ZiW+KF)DIcea194<@4ATwBWKa+1Kp0VJ}a_pEn?_I#~%`p}m
zEDI5<3Za=LpY55klR(G;MbOQ`)kQpk(9AM_Yfvz9l<qqa&_nfTH}QmjoLRPiBnp9V
zX6cbIX@@j1oOPMyMqHnW7P`R9^5mQ6W9%TGd`{??=p~v##LQA)*>h(O@S$TcETD^d
z&R<C6EHHyHJ*ja3xuZH{P7L|_m1xpJGs{&vo`cB#Y-BAF?NVEZh=vgE;Gbj?k0O^_
zCeN9*41FgBvB1o7>o=KYwSXA_2SCqS1jk6jEYL0um?s`azfFdoS?Wv>4I*}CDXsHe
z>lna}fM)3ExOR$Y*upc*4VO}~0s%8T2lITI6wCrM%TK4%ZWsba8!+fLy1R&ym>~Rn
zo=jlQ_p4laY1p{}F`FuY(CLaD1PCIcJpv*?nVV{%%W#}<)e;dDd^5{eZjW5x;#^GX
zoTjiKUg*LzOBPODT>-!>1`N96Z&^(IyAw>(`!sJUE&}miA%LL~x8Rf+k>(*hvs}d(
z^$ITb!AQdV7(KIGw3KKBaWhK=A-7^C(54QwLHq9EWkjQhnOQc8yskk;`40d?CtVfG
zi3a`i%rX=1BqyS2@XahSZPBN<z>9amA36d0PP|ZpGfT@o<EP+WSWN32r?p*4{A&|*
z+IJs}p24MPnEp9VtHeYKg22r33!AFe7SO;9Mk;hn_gF<Vg0z_>8){}bwq^kg&it=K
zyT2mp@oKUgPr)uH!7ltW(vZbCVU~rZ{W*OqqcFSD@k_c+lusgZSZm`P=^E=6mi}j2
zIiK`KS`HDoR}%xr+h%?B)sb~!>A%hwYRxCyRqgnDdl2pg!ndLf<HokI@cGwrN28_P
zF(C6YnB>2!P7s6d;8<Ah5o;^R%D@Tddu`z(_e&e#wUJwI(ZTr?T<JnE0)Tgb`2QSm
zE@JNRh<3mmuqBirV%CQ_k$TJ)DcS4(u$)r^qR{r}Awn9mZAcOe_E0{A-vdQFgFG{!
z`9|RnT@onTweZU#;-%oL*z<h45_$iZal(ftVR0p6_3U2%K!`NJydSMZFp*o5GRa{y
z<c9eP+D!CPBw_HINqkEOGh(Li@FxI&e||~cMsmc7m$h~xV5L>p$v7EdanKHq+n^IS
ztUO8b2^uLdq+J#X@DyMqbTF$?CxwFFMv|0A-s88?l0(Ev*R;1HV56N|F7T;>jd)>;
z4cbOjhe?u8&_-)<9L4HjBV=I{ZKE3oq)_nNh%41f<u*9aTt8BP6}yFE1Jd1)5Ttx)
zzAZ?icco)Ap|?e@nr$O_97*yC+URx<CKQeaVs6Z_(N{ZCDEMvk+*oA@+555-h83ni
z9S#1O<bB485~CucCBdtpD!bi?cgHb)UI!;WCoAK>zxVqy=yZ0~EP@(2AMC_}9yRkz
z@}BmXEdt;3yR4YKM#0tmVWJDMcjgD5VTU`i{(A*{&z|})s_+ydQ3$Z16=r@(-dX{F
zJqt4}0t$G(*0tz{JZTfeGR7GZhz$;f%oT#~HCD?F=w!lb^95z(`?~-AlDus%p(WsZ
zy5)ntGICJ=^g0X%E^wLoC3&mBH3BmRFtNe+uw6{VxiJ`HVIu%${mi4t%d4mU^)Osl
z0G9<j;f!ICz{=dv5ud2aI?O5L%JX~R4`^fhru`+#@#jaBP2eNS_=M<x-o<YM?m7XM
zL<^~aiu;T*Fe@d{BE|Y5!lIy1KS)5gh{5f-Lh!u?gGcV50O&ErHoHZh+(Apg_cT)=
zi|#|<vq6iXd&RbUe?9F+Kn3bbzE5i4RAbO6=w87FcR|kB;im|EuTbCEF1!YY4l;;~
f=w5NP{O{*~Jxd9y!hX_42N!YrVlbUg0F3!R41F>`
diff --git a/edit-webapp/css/logout.css b/edit-webapp/css/logout.css
index 26f1893..dcd10d2 100644
--- a/edit-webapp/css/logout.css
+++ b/edit-webapp/css/logout.css
@@ -1,12 +1,17 @@
/* Success/Failure indicators for logout propagation. */
-
-.success {
- background: url(../images/success-32x32.png) no-repeat left center;
+li.logout {
line-height: 36px;
padding-left: 36px;
}
-.failure {
+li.logout.success {
+ background: url(../images/success-32x32.png) no-repeat left center;
+}
+li.logout.failure {
+ background: url(../images/failure-32x32.png) no-repeat left center;
+}
+li.logout.pending{
+
+}
+li.logout.na {
background: url(../images/failure-32x32.png) no-repeat left center;
- line-height: 36px;
- padding-left: 36px;
}
diff --git a/flows/authn/conditions/account-locked/account-locked-flow.xml b/flows/authn/conditions/account-locked/account-locked-flow.xml
new file mode 100644
index 0000000..5fe7523
--- /dev/null
+++ b/flows/authn/conditions/account-locked/account-locked-flow.xml
@@ -0,0 +1,16 @@
+<flow xmlns="http://www.springframework.org/schema/webflow"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
+
+ <!-- This is a placeholder flow that does nothing out of the box but reserves a subflow ID. -->
+
+ <!-- Rudimentary impediment to direct execution of subflow. -->
+ <input name="calledAsSubflow" type="boolean" required="true" />
+
+ <on-start>
+ <evaluate expression="'proceed'" />
+ </on-start>
+
+ <end-state id="proceed" />
+
+</flow>
diff --git a/flows/authn/conditions/conditions-flow.xml b/flows/authn/conditions/conditions-flow.xml
new file mode 100644
index 0000000..53c4994
--- /dev/null
+++ b/flows/authn/conditions/conditions-flow.xml
@@ -0,0 +1,35 @@
+<flow xmlns="http://www.springframework.org/schema/webflow"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd"
+ abstract="true">
+
+ <!-- Rudimentary impediment to direct execution of subflow. -->
+ <input name="calledAsSubflow" type="boolean" required="true" />
+
+ <action-state id="ValidateUsernamePassword">
+
+ <!-- Call outs for exceptional conditions. -->
+ <transition on="AccountWarning" to="CallExpiringPassword" />
+ <transition on="ExpiringPassword" to="CallExpiringPassword" />
+ <transition on="ExpiredPassword" to="CallExpiredPassword" />
+ <transition on="AccountLocked" to="CallAccountLocked" />
+
+ <transition to="DisplayUsernamePasswordPage" />
+ </action-state>
+
+ <subflow-state id="CallExpiringPassword" subflow="authn/conditions/expiring-password">
+ <input name="calledAsSubflow" value="true" />
+ <transition on="proceed" to="ContinueSuccessfulAuthentication" />
+ </subflow-state>
+
+ <subflow-state id="CallExpiredPassword" subflow="authn/conditions/expired-password">
+ <input name="calledAsSubflow" value="true" />
+ <transition on="proceed" to="DisplayUsernamePasswordPage" />
+ </subflow-state>
+
+ <subflow-state id="CallAccountLocked" subflow="authn/conditions/account-locked">
+ <input name="calledAsSubflow" value="true" />
+ <transition on="proceed" to="DisplayUsernamePasswordPage" />
+ </subflow-state>
+
+</flow>
diff --git a/flows/authn/conditions/expired-password/expired-password-flow.xml b/flows/authn/conditions/expired-password/expired-password-flow.xml
new file mode 100644
index 0000000..5fe7523
--- /dev/null
+++ b/flows/authn/conditions/expired-password/expired-password-flow.xml
@@ -0,0 +1,16 @@
+<flow xmlns="http://www.springframework.org/schema/webflow"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
+
+ <!-- This is a placeholder flow that does nothing out of the box but reserves a subflow ID. -->
+
+ <!-- Rudimentary impediment to direct execution of subflow. -->
+ <input name="calledAsSubflow" type="boolean" required="true" />
+
+ <on-start>
+ <evaluate expression="'proceed'" />
+ </on-start>
+
+ <end-state id="proceed" />
+
+</flow>
diff --git a/flows/authn/conditions/expiring-password/expiring-password-flow.xml b/flows/authn/conditions/expiring-password/expiring-password-flow.xml
new file mode 100644
index 0000000..10e041e
--- /dev/null
+++ b/flows/authn/conditions/expiring-password/expiring-password-flow.xml
@@ -0,0 +1,33 @@
+<flow xmlns="http://www.springframework.org/schema/webflow"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
+
+ <!--
+ This is an example flow that displays a view template in response to an expiring password.
+ The view might display a pointer to the password change portal while automatically continuing
+ after a few seconds.
+ -->
+
+ <!-- Rudimentary impediment to direct execution of subflow. -->
+ <input name="calledAsSubflow" type="boolean" required="true" />
+
+ <view-state id="ExpiringPassword" view="intercept/expiring-password">
+ <attribute name="csrf_excluded" value="true" type="boolean"/>
+ <on-render>
+ <evaluate expression="environment" result="viewScope.environment" />
+ <evaluate expression="opensamlProfileRequestContext" result="viewScope.profileRequestContext" />
+ <evaluate expression="opensamlProfileRequestContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationContext))" result="viewScope.authenticationContext" />
+ <evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationErrorContext))" result="viewScope.authenticationErrorContext" />
+ <evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationWarningContext))" result="viewScope.authenticationWarningContext" />
+ <evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.LDAPResponseContext))" result="viewScope.ldapResponseContext" />
+ <evaluate expression="T(net.shibboleth.utilities.java.support.codec.HTMLEncoder)" result="viewScope.encoder" />
+ <evaluate expression="flowRequestContext.getExternalContext().getNativeRequest()" result="viewScope.request" />
+ <evaluate expression="flowRequestContext.getExternalContext().getNativeResponse()" result="viewScope.response" />
+ <evaluate expression="flowRequestContext.getActiveFlow().getApplicationContext().containsBean('shibboleth.CustomViewContext') ? flowRequestContext.getActiveFlow().getApplicationContext().getBean('shibboleth.CustomViewContext') : null" result="viewScope.custom" />
+ </on-render>
+ <transition on="proceed" to="proceed" />
+ </view-state>
+
+ <end-state id="proceed" />
+
+</flow>
diff --git a/flows/user/prefs/prefs-flow.xml b/flows/user/prefs/prefs-flow.xml
new file mode 100644
index 0000000..c79093b
--- /dev/null
+++ b/flows/user/prefs/prefs-flow.xml
@@ -0,0 +1,25 @@
+<flow xmlns="http://www.springframework.org/schema/webflow"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
+
+ <!--
+ This flow allows a user to adjust various client-side preferences.
+
+ It's partly example, partly a placeholder to allow adjustment of a few
+ existing cookie-based options used by some features of the IdP for the time
+ being while leaving the option of a more comprehensive UI down the road.
+
+ As a flow, it's nothing much, just a view rendered to push some JS into
+ the browser to maintain things. Notably, it doesn't require a user login.
+ -->
+
+ <end-state id="RenderView" view="user-prefs">
+ <on-entry>
+ <evaluate expression="environment" result="requestScope.environment" />
+ <evaluate expression="T(net.shibboleth.utilities.java.support.codec.HTMLEncoder)" result="requestScope.encoder" />
+ <evaluate expression="flowRequestContext.getExternalContext().getNativeRequest()" result="requestScope.request" />
+ <evaluate expression="flowRequestContext.getExternalContext().getNativeResponse()" result="requestScope.response" />
+ <evaluate expression="flowRequestContext.getActiveFlow().getApplicationContext().containsBean('shibboleth.CustomViewContext') ? flowRequestContext.getActiveFlow().getApplicationContext().getBean('shibboleth.CustomViewContext') : null" result="requestScope.custom" />
+ </on-entry>
+ </end-state>
+</flow>
diff --git a/metadata/idp-metadata.xml b/metadata/idp-metadata.xml
deleted file mode 100644
index a1f33a1..0000000
--- a/metadata/idp-metadata.xml
+++ /dev/null
@@ -1,251 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This is example metadata only. Do *NOT* supply it as is without review,
- and do *NOT* provide it in real time to your partners.
-
- This metadata is not dynamic - it will not change as your configuration changes.
--->
-<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:shibmd="urn:mace:shibboleth:metadata:1.0" xmlns:xml="http://www.w3.org/XML/1998/namespace" xmlns:mdui="urn:oasis:names:tc:SAML:metadata:ui" xmlns:req-attr="urn:oasis:names:tc:SAML:protocol:ext:req-attr" validUntil="2019-10-02T14:46:57.225Z" entityID="https://idp.example.org/idp/shibboleth">
-
- <IDPSSODescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol urn:oasis:names:tc:SAML:1.1:protocol urn:mace:shibboleth:1.0">
-
- <Extensions>
- <shibmd:Scope regexp="false">example.org</shibmd:Scope>
-<!--
- Fill in the details for your IdP here
-
- <mdui:UIInfo>
- <mdui:DisplayName xml:lang="en">A Name for the IdP at idp.example.org</mdui:DisplayName>
- <mdui:Description xml:lang="en">Enter a description of your IdP at idp.example.org</mdui:Description>
- <mdui:Logo height="80" width="80">https://idp.example.org/Path/To/Logo.png</mdui:Logo>
- </mdui:UIInfo>
--->
- </Extensions>
-
- <!-- First signing certificate is BackChannel, the Second is FrontChannel -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIEKDCCApCgAwIBAgIVAJ0iknQBSFLEkl3ybj6HYSWkOw+CMA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0xOTEwMDIxNDQ2NTZa
-Fw0zOTEwMDIxNDQ2NTZaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJI3OlyhXVII2YS2VGAZlCy/PE1
-RPLwTb9hIrBETcpA3JwVba2hBq8v0lWGpWkmvQfsjH+bKRJe611EyXwWQH04qGCU
-RDCFKBU8E9P87m6GTeh+DC6eVXxOB2h0pf3Zmktf48hlhV1X24NwIjba6v9X8oHF
-FTFFqopOPAaJWnODPQyul/d4DqkqkBfQer6p0RiDL/V79WpTVG87pJxmGH2FbchP
-PivVO9sMYfC5lqe37x/zu8huU0jDnB20eqEjnVNjvPjzbF36xPA06770FJuPxCYd
-5oebut50pO7DZY7MZGu4/UME0JfDrnCsyPz2L1gdxXX28mydAVL3YwIajZzuPVwJ
-HC+HJuF3YNgIZ7ZO6uN2Cyi1tKKAE5n3G19L8NLLW44MVxkS9ox9cFvw5e2Zm+ek
-Hh6iu6Y9/blyuFjlqVaffM6l6NVnAAXPiIpwnBdzWdJqMcJzgC5bTqOGEZdeR9hT
-ei0e1s+bmBj3/3cOB3hII74P5sCuGLfiYqSQzQIDAQABo2UwYzAdBgNVHQ4EFgQU
-hb0zxPkLe5m7vmD8AH0fjATSaIwwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
-hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEADQ17KGVQJ6AZTqDUDxVAfrTlFXysuvQg1WntrMB1PUzlb6Pa
-AO6Nb24YiY0PonSk7iz+gOg4P/V2b9wX4NXPBcX5h86fxR8R3cwZYsYKhwBBQ6uo
-UZnqtNyYNY/3hM2Dj8sR1PMijwgNmo7KOzzBPKKhID2dtGL3bS3TrX8xjmc7NK+r
-5VE9LrK3kG3ht3qM0I7iPMNuQXBOuduRG8WGD8NsFwHcYfORJmK5Ac/AtjHMVLF0
-x+m4LyLxP53t9/5+5fiJ3bghXM7Uuzjjmes6fdZyUcxinrwFxvSIGz3gqXf35Omf
-EwFemewB5B9GkAVXJSq2J64+iWXTo556YEC/RUrX6ZA5db6zHIeHX4BSf7U5YUBm
-LRJ/RJZKKPKEBBJgvh8vUFLF64tDn0c9x3n1mw+ZLHnPcjdX5v/stLVgR020vRx7
-8CGsrydmj+80Gm3Ji1eGJfD2LdUslve3bNerEW2AUM3DFx6wDlR5K/0ix98Ah1w0
-AuAeyajXyLR9NkPm
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIEJzCCAo+gAwIBAgIUOCYqGG6JElEG1wHKL7CvULRTvEswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NVoX
-DTM5MTAwMjE0NDY1NVowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwkiDw0dpZmup6VpfVXkib8fiv7KF
-T1Z3z6tq7c/ki/CH2x8BYtLPNgIvQa8KhggHUKG+rRU9yBwWg4Yvdsi05h5pJwcE
-xE1hwE7oVWiY+DtMggv4zVbDm0TnbvJvXN9eYXNn/e9RL3hD3umPIzDSli3wwiNg
-GvMesn/4Npq6ERi80CPIkUENkL3N7XTDX+Fy/mhXCxc73Dv3Meo0qk0pii005nV1
-vHCP9jsUgPfDCBScUuikfQ8V9SPLgOSf1x3vc5RqSPWaHgLesqoXpFFTthlVjB8j
-cUzqjQllhOS6LKWJE7VIfV6MdpfkRZBWhsaeuT7I48kRmFuALLnIopkclqu3HtON
-0Fgd1oPPBHa04bLcPqbneqGL+2RzZOdnuarTtY+JOuCRnE1qCWUeRoH2yeMMdKPy
-amX6HZJ35Vsk3uJxJX/IyipduZ+nHPC5qi52Elu+oyBrJwTbVAhhlXwPehC6nU/c
-1LUnbo3M4SGOYWuPmI1ko5KF91MVUU7ttmkFAgMBAAGjZTBjMB0GA1UdDgQWBBQ1
-CuX1jKcG8rdC0xBBveSJAYoFfzBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQA89rYZmayIfst0cGyt+zdeHpnvyo+zVfAk7OztXF5OXsakX9TV
-Iq8ur1lq4Q4KC/Ev+9p1za1gP7Ea9ugFJinuVa6ntpzGP0vh42pmphLNaRFvnPch
-pwgGCvcF2leYG6zZl/Qln0Kbv+pyByens7xPdKKA8U5ySVkouLuw7017XSIulPtW
-u5tPz51awJubHCK+FckcVH0yZZg44s4HmjzLpJCdslMIxmhtX7DW3vtqH1pL9Mir
-3qykySFUJGthV3ndHesG08y3Tni5HZaRqHHafGRBiezO8JCwVvWrdC29SdAwY2i0
-HhKB7zCDOpYrh3o8TTx3ZJd+6Uel/e0bCefs9uhMj7O5ErNySHyTtNRrFxTl2c98
-RDweMp6NLfm+P3+EqJycmpR9CKudcL6RUikN9hDvy6qqG2t5fW7pvU/+mzRm/3Cf
-gMxKHQM+OAry1E6pQSYh8qkPZYDezwiz4gINxn7SFAxFJQcTlaSVmFHLOQV7TetI
-g4sTktRrBmgU/vk=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIEJzCCAo+gAwIBAgIUe0fsxBFnYrItqaF1zUSc7oTFFhswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NloX
-DTM5MTAwMjE0NDY1NlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlBwK5LM+22M0RLLhaVoTlgGJlF75
-0hfDGl45GqSVh7gB4X93icnoh2mUoGq/wgqx+YwCJ04hEJF0BXGRzmP5qQdSPw/z
-VV2e90emvoFvRD0OWrRDo4kn9GO2a4t8nAdLNe8dclsEpxyKktvmppMbna0jNGau
-h8OMsSNlTKH8C6qzIUtxOGnN75Qw1JAQ0N6U0Jl9w7x1LoR2tiyiTDKMAyx8v7xu
-eurxduh/Y1g/2fxi3UGA0i0znwTjEM0eZ/3JQMtuCKW6mTNTF/klBWiEhP6Vm3Yk
-WgbYDMgahiaEo2dzxmKgFfFysoSxkfV93zSh31+zKovj5NpNEU9LrlFDD8iRYPlK
-ZKjdleWOsGFbtyfvSV8Xq1bJvn9LScH02gCDbjkYFOlGgs32nGIqe4tr7ekT8A60
-S9dtIV54834ZdntBRzPkaLRaHb6FWY74U5+o1U1spd2JhWvFMlrkHCghcIWKmG87
-pzmZBFcyxSBIK0E6dhjm3EGXMmWdn80Sr1lxAgMBAAGjZTBjMB0GA1UdDgQWBBQ8
-+tUYkLiwLXUxRdIcfwUUs3s+dTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQBXnSl1RPlziZEpGUc3FGoQCpsu6FovK7jlieATyKWD3NY7lha6
-iOqiyxpNnrekh3Sf3XvmwvoxBHULQNS06GMMej8WtFBSaomNIkuztzMUAEmil2UF
-rP1xT0Gx+lT/Don9e60dGMMl2FWYIHobkQj4yhjSW6yN/emQRkwOhkj1DRGkZ1Zz
-wIRtH7/VT1YXH6n4P6lWNMgV+GInhT7ogitN5Vf6tCfMaZtowu3bb2I1gDlgYY/v
-0TrokTQteO7vcf+EpTODPRBiFV/Wwub5r8BDN4O3qGt52f2lhlEqdupFArooNVyF
-tU+zmj0gaclvvBBAaN2oh0Tj+j7HBh1YWB8p93vm62dKqY/9L9xSNAni6EI5o7dm
-58OUngvQopb7U7MDDuH2gM0XiH/R2BNp4c7/jqBP2Of5Bg68yKCZHB7D5XOJbQLf
-gjm4h9tRHtDijVkHcuIEICBwrie+JSEL225UnTfsesPiArDvo5BhQeNc3q1CPJgF
-2QOuaDoiGwFbc5s=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
-
- <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.org:8443/idp/profile/SAML1/SOAP/ArtifactResolution" index="1"/>
- <ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.org:8443/idp/profile/SAML2/SOAP/ArtifactResolution" index="2"/>
-
- <!--
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://idp.example.org/idp/profile/SAML2/Redirect/SLO"/>
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://idp.example.org/idp/profile/SAML2/POST/SLO"/>
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" Location="https://idp.example.org/idp/profile/SAML2/POST-SimpleSign/SLO"/>
- <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.org:8443/idp/profile/SAML2/SOAP/SLO"/>
- -->
-
- <SingleSignOnService Binding="urn:mace:shibboleth:1.0:profiles:AuthnRequest" Location="https://idp.example.org/idp/profile/Shibboleth/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" req-attr:supportsRequestedAttributes="true" Location="https://idp.example.org/idp/profile/SAML2/POST/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST-SimpleSign" req-attr:supportsRequestedAttributes="true" Location="https://idp.example.org/idp/profile/SAML2/POST-SimpleSign/SSO"/>
- <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" req-attr:supportsRequestedAttributes="true" Location="https://idp.example.org/idp/profile/SAML2/Redirect/SSO"/>
-
- </IDPSSODescriptor>
-
-
- <AttributeAuthorityDescriptor protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
-
- <Extensions>
- <shibmd:Scope regexp="false">example.org</shibmd:Scope>
- </Extensions>
-
- <!-- First signing certificate is BackChannel, the Second is FrontChannel -->
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIEKDCCApCgAwIBAgIVAJ0iknQBSFLEkl3ybj6HYSWkOw+CMA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0xOTEwMDIxNDQ2NTZa
-Fw0zOTEwMDIxNDQ2NTZaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJJI3OlyhXVII2YS2VGAZlCy/PE1
-RPLwTb9hIrBETcpA3JwVba2hBq8v0lWGpWkmvQfsjH+bKRJe611EyXwWQH04qGCU
-RDCFKBU8E9P87m6GTeh+DC6eVXxOB2h0pf3Zmktf48hlhV1X24NwIjba6v9X8oHF
-FTFFqopOPAaJWnODPQyul/d4DqkqkBfQer6p0RiDL/V79WpTVG87pJxmGH2FbchP
-PivVO9sMYfC5lqe37x/zu8huU0jDnB20eqEjnVNjvPjzbF36xPA06770FJuPxCYd
-5oebut50pO7DZY7MZGu4/UME0JfDrnCsyPz2L1gdxXX28mydAVL3YwIajZzuPVwJ
-HC+HJuF3YNgIZ7ZO6uN2Cyi1tKKAE5n3G19L8NLLW44MVxkS9ox9cFvw5e2Zm+ek
-Hh6iu6Y9/blyuFjlqVaffM6l6NVnAAXPiIpwnBdzWdJqMcJzgC5bTqOGEZdeR9hT
-ei0e1s+bmBj3/3cOB3hII74P5sCuGLfiYqSQzQIDAQABo2UwYzAdBgNVHQ4EFgQU
-hb0zxPkLe5m7vmD8AH0fjATSaIwwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
-hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEADQ17KGVQJ6AZTqDUDxVAfrTlFXysuvQg1WntrMB1PUzlb6Pa
-AO6Nb24YiY0PonSk7iz+gOg4P/V2b9wX4NXPBcX5h86fxR8R3cwZYsYKhwBBQ6uo
-UZnqtNyYNY/3hM2Dj8sR1PMijwgNmo7KOzzBPKKhID2dtGL3bS3TrX8xjmc7NK+r
-5VE9LrK3kG3ht3qM0I7iPMNuQXBOuduRG8WGD8NsFwHcYfORJmK5Ac/AtjHMVLF0
-x+m4LyLxP53t9/5+5fiJ3bghXM7Uuzjjmes6fdZyUcxinrwFxvSIGz3gqXf35Omf
-EwFemewB5B9GkAVXJSq2J64+iWXTo556YEC/RUrX6ZA5db6zHIeHX4BSf7U5YUBm
-LRJ/RJZKKPKEBBJgvh8vUFLF64tDn0c9x3n1mw+ZLHnPcjdX5v/stLVgR020vRx7
-8CGsrydmj+80Gm3Ji1eGJfD2LdUslve3bNerEW2AUM3DFx6wDlR5K/0ix98Ah1w0
-AuAeyajXyLR9NkPm
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="signing">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIEJzCCAo+gAwIBAgIUOCYqGG6JElEG1wHKL7CvULRTvEswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NVoX
-DTM5MTAwMjE0NDY1NVowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAwkiDw0dpZmup6VpfVXkib8fiv7KF
-T1Z3z6tq7c/ki/CH2x8BYtLPNgIvQa8KhggHUKG+rRU9yBwWg4Yvdsi05h5pJwcE
-xE1hwE7oVWiY+DtMggv4zVbDm0TnbvJvXN9eYXNn/e9RL3hD3umPIzDSli3wwiNg
-GvMesn/4Npq6ERi80CPIkUENkL3N7XTDX+Fy/mhXCxc73Dv3Meo0qk0pii005nV1
-vHCP9jsUgPfDCBScUuikfQ8V9SPLgOSf1x3vc5RqSPWaHgLesqoXpFFTthlVjB8j
-cUzqjQllhOS6LKWJE7VIfV6MdpfkRZBWhsaeuT7I48kRmFuALLnIopkclqu3HtON
-0Fgd1oPPBHa04bLcPqbneqGL+2RzZOdnuarTtY+JOuCRnE1qCWUeRoH2yeMMdKPy
-amX6HZJ35Vsk3uJxJX/IyipduZ+nHPC5qi52Elu+oyBrJwTbVAhhlXwPehC6nU/c
-1LUnbo3M4SGOYWuPmI1ko5KF91MVUU7ttmkFAgMBAAGjZTBjMB0GA1UdDgQWBBQ1
-CuX1jKcG8rdC0xBBveSJAYoFfzBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQA89rYZmayIfst0cGyt+zdeHpnvyo+zVfAk7OztXF5OXsakX9TV
-Iq8ur1lq4Q4KC/Ev+9p1za1gP7Ea9ugFJinuVa6ntpzGP0vh42pmphLNaRFvnPch
-pwgGCvcF2leYG6zZl/Qln0Kbv+pyByens7xPdKKA8U5ySVkouLuw7017XSIulPtW
-u5tPz51awJubHCK+FckcVH0yZZg44s4HmjzLpJCdslMIxmhtX7DW3vtqH1pL9Mir
-3qykySFUJGthV3ndHesG08y3Tni5HZaRqHHafGRBiezO8JCwVvWrdC29SdAwY2i0
-HhKB7zCDOpYrh3o8TTx3ZJd+6Uel/e0bCefs9uhMj7O5ErNySHyTtNRrFxTl2c98
-RDweMp6NLfm+P3+EqJycmpR9CKudcL6RUikN9hDvy6qqG2t5fW7pvU/+mzRm/3Cf
-gMxKHQM+OAry1E6pQSYh8qkPZYDezwiz4gINxn7SFAxFJQcTlaSVmFHLOQV7TetI
-g4sTktRrBmgU/vk=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
- <KeyDescriptor use="encryption">
- <ds:KeyInfo>
- <ds:X509Data>
- <ds:X509Certificate>
-MIIEJzCCAo+gAwIBAgIUe0fsxBFnYrItqaF1zUSc7oTFFhswDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTE5MTAwMjE0NDY1NloX
-DTM5MTAwMjE0NDY1NlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAlBwK5LM+22M0RLLhaVoTlgGJlF75
-0hfDGl45GqSVh7gB4X93icnoh2mUoGq/wgqx+YwCJ04hEJF0BXGRzmP5qQdSPw/z
-VV2e90emvoFvRD0OWrRDo4kn9GO2a4t8nAdLNe8dclsEpxyKktvmppMbna0jNGau
-h8OMsSNlTKH8C6qzIUtxOGnN75Qw1JAQ0N6U0Jl9w7x1LoR2tiyiTDKMAyx8v7xu
-eurxduh/Y1g/2fxi3UGA0i0znwTjEM0eZ/3JQMtuCKW6mTNTF/klBWiEhP6Vm3Yk
-WgbYDMgahiaEo2dzxmKgFfFysoSxkfV93zSh31+zKovj5NpNEU9LrlFDD8iRYPlK
-ZKjdleWOsGFbtyfvSV8Xq1bJvn9LScH02gCDbjkYFOlGgs32nGIqe4tr7ekT8A60
-S9dtIV54834ZdntBRzPkaLRaHb6FWY74U5+o1U1spd2JhWvFMlrkHCghcIWKmG87
-pzmZBFcyxSBIK0E6dhjm3EGXMmWdn80Sr1lxAgMBAAGjZTBjMB0GA1UdDgQWBBQ8
-+tUYkLiwLXUxRdIcfwUUs3s+dTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
-Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQBXnSl1RPlziZEpGUc3FGoQCpsu6FovK7jlieATyKWD3NY7lha6
-iOqiyxpNnrekh3Sf3XvmwvoxBHULQNS06GMMej8WtFBSaomNIkuztzMUAEmil2UF
-rP1xT0Gx+lT/Don9e60dGMMl2FWYIHobkQj4yhjSW6yN/emQRkwOhkj1DRGkZ1Zz
-wIRtH7/VT1YXH6n4P6lWNMgV+GInhT7ogitN5Vf6tCfMaZtowu3bb2I1gDlgYY/v
-0TrokTQteO7vcf+EpTODPRBiFV/Wwub5r8BDN4O3qGt52f2lhlEqdupFArooNVyF
-tU+zmj0gaclvvBBAaN2oh0Tj+j7HBh1YWB8p93vm62dKqY/9L9xSNAni6EI5o7dm
-58OUngvQopb7U7MDDuH2gM0XiH/R2BNp4c7/jqBP2Of5Bg68yKCZHB7D5XOJbQLf
-gjm4h9tRHtDijVkHcuIEICBwrie+JSEL225UnTfsesPiArDvo5BhQeNc3q1CPJgF
-2QOuaDoiGwFbc5s=
- </ds:X509Certificate>
- </ds:X509Data>
- </ds:KeyInfo>
-
- </KeyDescriptor>
-
- <AttributeService Binding="urn:oasis:names:tc:SAML:1.0:bindings:SOAP-binding" Location="https://idp.example.org:8443/idp/profile/SAML1/SOAP/AttributeQuery"/>
- <!-- <AttributeService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://idp.example.org:8443/idp/profile/SAML2/SOAP/AttributeQuery"/> -->
- <!-- If you uncomment the above you should add urn:oasis:names:tc:SAML:2.0:protocol to the protocolSupportEnumeration above -->
-
- </AttributeAuthorityDescriptor>
-
-</EntityDescriptor>
diff --git a/views/admin/unlock-keys.vm b/views/admin/unlock-keys.vm
index 3b15f3e..a8228ae 100644
--- a/views/admin/unlock-keys.vm
+++ b/views/admin/unlock-keys.vm
@@ -43,7 +43,8 @@
#end
<form action="$flowExecutionUrl" method="post">
-
+ #parse("csrf/csrf.vm")
+
<!--
If you have multiple key strategies defined, you'll need multiple pairs of form fields for
the passwords, labeled in the order they're fed into the shibboleth.unlock-keys.KeyStrategies
@@ -52,12 +53,12 @@
<div class="form-element-wrapper">
<label for="password">#springMessageText("idp.unlock-keys.keystorePassword", "DataSealer Keystore Password")</label>
- <input class="form-element form-field" id="password" name="keystorePassword" type="password">
+ <input class="form-element form-field" id="password" name="keystorePassword" type="password" />
</div>
<div class="form-element-wrapper">
<label for="password">#springMessageText("idp.unlock-keys.keyPassword", "DataSealer Key Password")</label>
- <input class="form-element form-field" id="password" name="keyPassword" type="password">
+ <input class="form-element form-field" id="password" name="keyPassword" type="password" />
</div>
<!--
@@ -67,7 +68,7 @@
<div class="form-element-wrapper">
<label for="password">#springMessageText("idp.unlock-keys.privateKeyPassword", "Private Key Password")</label>
- <input class="form-element form-field" id="password" name="privateKeyPassword" type="password">
+ <input class="form-element form-field" id="password" name="privateKeyPassword" type="password" />
</div>
<div class="form-element-wrapper">
diff --git a/views/duo.vm b/views/duo.vm
index cf4f96a..d212df7 100644
--- a/views/duo.vm
+++ b/views/duo.vm
@@ -57,8 +57,8 @@
>
</iframe>
<form id="duo_form" method="post">
+ #parse("csrf/csrf.vm")
<input type="hidden" name="_eventId" value="proceed" />
-
</form>
<h3 style="text-align: center">
@@ -67,7 +67,7 @@
</div>
<div class="column two">
<ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
</ul>
</div>
</div>
diff --git a/views/intercept/attribute-release.vm b/views/intercept/attribute-release.vm
index 20bde46..c170b69 100644
--- a/views/intercept/attribute-release.vm
+++ b/views/intercept/attribute-release.vm
@@ -22,7 +22,7 @@
#set ($informationURL = $rpUIContext.informationURL)
#set ($privacyStatementURL = $rpUIContext.privacyStatementURL)
#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-#set ($rpOrganizationName = $rpUIContext.organizationName)
+#set ($rpOrganizationName = $rpUIContext.organizationDisplayName)
#set ($replaceDollarWithNewline = true)
##
<!DOCTYPE html>
@@ -35,6 +35,7 @@
</head>
<body>
<form action="$flowExecutionUrl" method="post" style="padding:10px" >
+ #parse("csrf/csrf.vm")
<div class="box">
<header>
<img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")" class="federation_logo">
@@ -79,7 +80,7 @@
<td>
#foreach ($value in $attribute.values)
#if ($replaceDollarWithNewline)
- #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML("$"),"<br>"))
+ #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML('$'),"<br>"))
#else
#set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()))
#end
diff --git a/views/intercept/impersonate.vm b/views/intercept/impersonate.vm
index 2bae957..37c486c 100644
--- a/views/intercept/impersonate.vm
+++ b/views/intercept/impersonate.vm
@@ -34,7 +34,7 @@
<div class="content">
<form action="$flowExecutionUrl" method="post">
-
+ #parse("csrf/csrf.vm")
#set ($serviceName = $rpUIContext.serviceName)
#if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName))
<legend>
@@ -48,7 +48,7 @@
<div class="form-element-wrapper">
<label for="impersonation">#springMessageText("idp.impersonate.login-as", "Login as")</label>
- <input class="form-element form-field" id="impersonation" name="principal" type="text">
+ <input class="form-element form-field" id="impersonation" name="principal" type="text" />
<!-- Defaults to input box above, example below populates a select list from an IdPAttribute. -->
<!--
diff --git a/views/intercept/terms-of-use.vm b/views/intercept/terms-of-use.vm
index 1bf12c7..67b2c15 100644
--- a/views/intercept/terms-of-use.vm
+++ b/views/intercept/terms-of-use.vm
@@ -42,11 +42,13 @@
<div id="tou-acceptance">
<div style="float:left;">
<form action="$flowExecutionUrl" method="post" >
+ #parse("csrf/csrf.vm")
<input type="submit" name="_eventId_TermsRejected" value="#springMessageText("idp.terms-of-use.reject", "Refuse")" style="margin-right: 30px;">
</form>
</div>
<div style="float:right;">
<form action="$flowExecutionUrl" method="post" >
+ #parse("csrf/csrf.vm")
<input id="accept" type="checkbox" name="_shib_idp_consentIds" value="$encoder.encodeForHTML($termsOfUseId)" required>
<label for="accept">#springMessageText("idp.terms-of-use.accept", "I accept the terms of use")</label>
#if ($requireCheckbox)
diff --git a/views/login-error.vm b/views/login-error.vm
index 44676b3..224976b 100644
--- a/views/login-error.vm
+++ b/views/login-error.vm
@@ -2,11 +2,13 @@
##
## authenticationErrorContext - context containing error data, if available
##
-#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0 && $authenticationErrorContext.getClassifiedErrors().iterator().next() != "ReselectFlow")
+#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0)
## This handles errors that are classified by the message maps in the authentication config.
#set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next())
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login"))
- #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId"))
+ #if ($eventId != "ReselectFlow")
+ #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login"))
+ #set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId"))
+ #end
#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0)
## This handles login exceptions that are left unclassified.
#set ($loginException = $authenticationErrorContext.getExceptions().get(0))
diff --git a/views/login.vm b/views/login.vm
index 4ebf9bf..7609d40 100644
--- a/views/login.vm
+++ b/views/login.vm
@@ -46,7 +46,7 @@
#parse("login-error.vm")
<form action="$flowExecutionUrl" method="post">
-
+ #parse("csrf/csrf.vm")
#set ($serviceName = $rpUIContext.serviceName)
#if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName))
<legend>
@@ -58,12 +58,12 @@
<div class="form-element-wrapper">
<label for="username">#springMessageText("idp.login.username", "Username")</label>
<input class="form-element form-field" id="username" name="j_username" type="text"
- value="#if($username)$encoder.encodeForHTML($username)#end">
+ value="#if($username)$encoder.encodeForHTML($username)#end" />
</div>
<div class="form-element-wrapper">
<label for="password">#springMessageText("idp.login.password", "Password")</label>
- <input class="form-element form-field" id="password" name="j_password" type="password" value="">
+ <input class="form-element form-field" id="password" name="j_password" type="password" value="" />
</div>
## You may need to modify this to taste, such as changing the flow name its checking for to authn/MFA.
@@ -77,7 +77,7 @@
#end
<div class="form-element-wrapper">
- <input id="_shib_idp_revokeConsent" type="checkbox" name="_shib_idp_revokeConsent" value="true">
+ <input id="_shib_idp_revokeConsent" type="checkbox" name="_shib_idp_revokeConsent" value="true" />
<label for="_shib_idp_revokeConsent">#springMessageText("idp.attribute-release.revoke", "Clear prior granting of permission for release of your information to this service.")</label>
</div>
@@ -100,7 +100,7 @@
#end
</form>
- #*
+ #*
//
// SP Description & Logo (optional)
// These idpui lines will display added information (if available
@@ -125,9 +125,9 @@
<div class="column two">
<ul class="list list-help">
#if ($passwordEnabled)
- <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
#end
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
</ul>
</div>
</div>
@@ -140,5 +140,5 @@
</footer>
</div>
- </body>
+ </body>
</html>
\ No newline at end of file
diff --git a/views/logout-complete.vm b/views/logout-complete.vm
index d780252..7341e69 100644
--- a/views/logout-complete.vm
+++ b/views/logout-complete.vm
@@ -14,6 +14,8 @@
## environment - Spring Environment object for property resolution
## custom - arbitrary object injected by deployer
##
+#set ($activeIdPSessions = $logoutContext and !$logoutContext.getIdPSessions().isEmpty())
+#set ($activeSPSessions = $logoutContext and !$logoutContext.getSessionMap().isEmpty())
<!DOCTYPE html>
<html>
<head>
@@ -32,12 +34,18 @@
<div class="content">
<div class="column one">
+ #if ($activeIdPSessions)
+ <p>#springMessageText("idp.logout.cancelled", "Logout has been cancelled.")</p>
+ #elseif ($activeSPSessions)
<p>#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")</p>
+ #else
+ <p>#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")</p>
+ #end
</div>
<div class="column two">
<ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
</ul>
</div>
</div>
diff --git a/views/logout-propagate.vm b/views/logout-propagate.vm
index 86b3fa1..470eff5 100644
--- a/views/logout-propagate.vm
+++ b/views/logout-propagate.vm
@@ -40,8 +40,8 @@
</div>
<div class="column two">
<ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
</ul>
</div>
</div>
diff --git a/views/logout.vm b/views/logout.vm
index d31ae0e..0b9103b 100644
--- a/views/logout.vm
+++ b/views/logout.vm
@@ -18,20 +18,26 @@
#if ($rpContext)
#set ($rpUIContext = $rpContext.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext"))
#end
+#set ($promptForIdP = $logoutContext and !$logoutContext.getIdPSessions().isEmpty())
+#set ($promptForSP = $logoutContext and !$logoutContext.getSessionMap().isEmpty())
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
- #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() )
+ #*
+ #if ($promptForSP)
<meta http-equiv="refresh" content="10;url=$flowExecutionUrl&_eventId=propagate">
+ #elseif ($promptForIdP)
+ <meta http-equiv="refresh" content="10;url=$flowExecutionUrl&_eventId=local">
#end
+ *#
<title>#springMessageText("idp.title", "Web Login Service")</title>
<link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
</head>
<body>
- <div class="wrapper">
+ <div class="wrapper">
<div class="container">
<header>
<img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
@@ -45,30 +51,37 @@
<br>
#if ($rpContext)
- <p>#springMessageText("idp.logout.sp-initiated", "You have been logged out of the following service:")</p>
- <blockquote>
- #if ($rpUIContext)
- $encoder.encodeForHTML($rpUIContext.getServiceName())
- #else
- $encoder.encodeForHTML($rpContext.getRelyingPartyId())
- #end
- </blockquote>
- <br>
+ <p>#springMessageText("idp.logout.sp-initiated", "You have been logged out of the following service:")</p>
+ <blockquote>
+ #if ($rpUIContext)
+ $encoder.encodeForHTML($rpUIContext.getServiceName())
+ #else
+ $encoder.encodeForHTML($rpContext.getRelyingPartyId())
+ #end
+ </blockquote>
+ <br>
#end
+
+ #if ($promptForIdP or $promptForSP)
+ <p>#springMessageText("idp.logout.prompt", "Choose one of the following, or wait a few seconds for the default.")</p>
+ <br>
- #if ( $logoutContext and !$logoutContext.getSessionMap().isEmpty() )
- <p>#springMessageText("idp.logout.ask", "Would you like to attempt to log out of all services accessed during your session? Please select <strong>Yes</strong> or <strong>No</strong> to ensure the logout operation completes, or wait a few seconds for Yes.")</p>
- <br>
-
- <form id="propagate_form" method="POST" action="$flowExecutionUrl">
- <button id="propagate_yes" type="submit" name="_eventId" value="propagate">Yes</button>
- <button id="propagate_no" type="submit" name="_eventId" value="end">No</button>
- </form>
+ <form id="propagate_form" method="POST" action="$flowExecutionUrl">
+
+ <div class="form-element-wrapper">
+ <button id="logout_local" class="form-element form-button" type="submit" name="_eventId" value="local">#springMessageText("idp.logout.idponly", "Logout Locally")</button>
+ <p>#springMessageText("idp.logout.idponly.caption", "End your SSO session.")</p>
+ </div>
+ #end
- <br>
- <p>#springMessageText("idp.logout.contactServices", "If you proceed, the system will attempt to contact the following services:")</p>
- <ol>
- #foreach ($sp in $logoutContext.getSessionMap().keySet())
+ #if ($promptForSP)
+ <div class="form-element-wrapper">
+ <button id="logout_propagate" class="form-element form-button" type="submit" name="_eventId" value="propagate">#springMessageText("idp.logout.global", "Logout Globally")</button>
+ <p>#springMessageText("idp.logout.global.caption", "End your SSO session and attempt logout of services accessed during session.")</p>
+ <br>
+ <p>#springMessageText("idp.logout.contactServices", "If instructed, the system will attempt to contact the following services:")</p>
+ <ol>
+ #foreach ($sp in $logoutContext.getSessionMap().keySet())
#set ($rpCtx = $multiRPContext.getRelyingPartyContextById($sp))
#if ($rpCtx)
#set ($rpUIContext = $rpCtx.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext"))
@@ -78,8 +91,21 @@
#else
<li>$encoder.encodeForHTML($sp)</li>
#end
- #end
- </ol>
+ #end
+ </ol>
+ <br>
+ </div>
+ #end
+
+ #if ($promptForIdP)
+ <div class="form-element-wrapper">
+ <button id="logout_cancel" class="form-element form-button" type="submit" name="_eventId" value="end">#springMessageText("idp.logout.cancel", "Cancel")</button>
+ <p>#springMessageText("idp.logout.cancel.caption", "Cancel logout and retain your SSO session.")</p>
+ </div>
+ #end
+
+ #if ($promptForIdP or $promptForSP)
+ </form>
#else
<p><strong>#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")</strong></p>
<!-- Complete the flow by adding a hidden iframe. -->
@@ -89,8 +115,8 @@
</div>
<div class="column two">
<ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", "#")"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
+ <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
</ul>
</div>
</div>
@@ -103,5 +129,5 @@
</footer>
</div>
- </body>
+ </body>
</html>
\ No newline at end of file
From 04c8a9c957aa7a8f2aa66edfe0efe594ac066fda Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Wed, 19 Feb 2020 13:42:04 -0600
Subject: [PATCH 4/9] remove secrets from idp.properties
---
conf/idp.properties | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/conf/idp.properties b/conf/idp.properties
index b689c32..8dcc273 100644
--- a/conf/idp.properties
+++ b/conf/idp.properties
@@ -222,5 +222,4 @@ idp.ui.fallbackLanguages=en,fr,de
#idp.fticks.salt=somethingsecret
#idp.fticks.loghost=localhost
#idp.fticks.logport=514
-idp.sealer.keyPassword=changeit
-idp.sealer.storePassword=changeit
+
From 50093810308416b033560ff8a3b690af26ff531d Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Tue, 10 Mar 2020 20:28:16 +0000
Subject: [PATCH 5/9] update to beta2
---
conf/attributes/default-rules.xml | 62 +++-------------------------
conf/audit.xml | 18 ++++++--
conf/authn/ldap-authn-config.xml | 2 +-
conf/authn/password-authn-config.xml | 22 ++++++----
conf/idp.properties | 10 ++---
5 files changed, 39 insertions(+), 75 deletions(-)
diff --git a/conf/attributes/default-rules.xml b/conf/attributes/default-rules.xml
index b6289fe..24e6b09 100644
--- a/conf/attributes/default-rules.xml
+++ b/conf/attributes/default-rules.xml
@@ -31,15 +31,11 @@
<prop key="displayName.fr">ID utilisateur</prop>
<prop key="displayName.it">ID dell'utente</prop>
<prop key="displayName.ja">ユーザID</prop>
- <prop key="displayName.pt">User ID</prop>
- <prop key="displayName.sv">Användaridentitet</prop>
<prop key="description.en">A unique identifier for a person, mainly used for user identification within the user's home organization.</prop>
<prop key="description.de">Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird.</prop>
<prop key="description.fr">Identifiant de connexion d'une personnes sur les systèmes informatiques.</prop>
<prop key="description.it">Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza.</prop>
<prop key="description.ja">所属機関内で一意の利用者識別子</prop>
- <prop key="description.pt">Identificador do utilizador</prop>
- <prop key="description.sv">Användaridentitet: Unik identifierar som används vid lokal inloggning i hemmaorganisationen.</prop>
</props>
</property>
</bean>
@@ -56,16 +52,12 @@
<prop key="displayName.fr">Email</prop>
<prop key="displayName.it">E-mail</prop>
<prop key="displayName.ja">メールアドレス</prop>
- <prop key="displayName.pt">E-mail</prop>
- <prop key="displayName.sv">E-postadress</prop>
<prop key="description.en">E-Mail: Preferred address for e-mail to be sent to this person</prop>
<prop key="description.de">E-Mail-Adresse</prop>
<prop key="description.de-ch">E-Mail Adresse</prop>
<prop key="description.fr">Adresse de courrier électronique</prop>
<prop key="description.it">E-Mail: l'indirizzo e-mail preferito dall'utente</prop>
<prop key="description.ja">メールアドレス</prop>
- <prop key="description.pt">E-Mail: Endereço de correio electronico</prop>
- <prop key="description.sv">E-postadress: E-postadress som används av personen.</prop>
</props>
</property>
</bean>
@@ -82,15 +74,11 @@
<prop key="displayName.fr">Teléphone personnel</prop>
<prop key="displayName.it">Numero di telefono privato</prop>
<prop key="displayName.ja">自宅電話番号</prop>
- <prop key="displayName.pt">Número de telefone privado</prop>
- <prop key="displayName.sv">Telefonnummer (hem)</prop>
<prop key="description.en">Private phone number</prop>
<prop key="description.de">Private Telefonnummer</prop>
<prop key="description.fr">Numéro de téléphone de domicile de la personne</prop>
<prop key="description.it">Numero di telefono privato</prop>
<prop key="description.ja">自宅の電話番号</prop>
- <prop key="description.pt">Número de telefone privado do utilizador</prop>
- <prop key="description.sv">Telefonnummer (hem): Telefonnummer till bostaden.</prop>
</props>
</property>
</bean>
@@ -108,16 +96,12 @@
<prop key="displayName.fr">Adresse personnelle</prop>
<prop key="displayName.it">Indirizzo personale</prop>
<prop key="displayName.ja">自宅住所</prop>
- <prop key="displayName.pt">Morada Pessoal</prop>
- <prop key="displayName.sv">Postadress (hem)</prop>
<prop key="description.en">Home postal address: Home address of the user</prop>
<prop key="description.de">Heimatadresse</prop>
<prop key="description.de-ch">Heimadresse</prop>
<prop key="description.fr">Adresse postale de domicile de la personne</prop>
<prop key="description.it">Indirizzo personale: indirizzo dove abita l'utente</prop>
<prop key="description.ja">自宅の住所</prop>
- <prop key="description.pt">Morada Pessoal: Morada do utilizador</prop>
- <prop key="description.sv">Postadress (hem): Postadress till bostaden.</prop>
</props>
</property>
</bean>
@@ -134,15 +118,11 @@
<prop key="displayName.fr">Numéro de mobile</prop>
<prop key="displayName.it">Numero di cellulare</prop>
<prop key="displayName.ja">携帯電話番号</prop>
- <prop key="displayName.pt">Número de telemóvel</prop>
- <prop key="displayName.sv">Telefonnummer (mobil)</prop>
<prop key="description.en">Mobile phone number</prop>
<prop key="description.de">Mobile Telefonnummer</prop>
<prop key="description.fr">Numéro de teléphone mobile</prop>
<prop key="description.it">Numero di cellulare</prop>
<prop key="description.ja">携帯電話の電話番号</prop>
- <prop key="description.pt">Número de telemóvel do utilizador</prop>
- <prop key="description.sv">Telefonnummer (mobil): Telefonnummer till mobiltelefon.</prop>
</props>
</property>
</bean>
@@ -172,15 +152,11 @@
<prop key="displayName.fr">Nom de famille</prop>
<prop key="displayName.it">Cognome</prop>
<prop key="displayName.ja">姓</prop>
- <prop key="displayName.pt">Nome de Família</prop>
- <prop key="displayName.sv">Efternamn</prop>
<prop key="description.en">Surname or family name</prop>
<prop key="description.de">Familienname</prop>
<prop key="description.fr">Nom de famille de l'utilisateur.</prop>
<prop key="description.it">Cognome dell'utilizzatore</prop>
<prop key="description.ja">氏名(姓)の英語表記</prop>
- <prop key="description.pt">Nome de Família</prop>
- <prop key="description.sv">Efternamn: Efternamn för personen.</prop>
</props>
</property>
</bean>
@@ -309,16 +285,12 @@
<prop key="displayName.fr">Adresse professionnelle</prop>
<prop key="displayName.it">Indirizzo professionale</prop>
<prop key="displayName.ja">所属機関住所</prop>
- <prop key="displayName.pt">Morada</prop>
- <prop key="displayName.sv">Postadress (arbete):</prop>
<prop key="description.en">Business postal address: Campus or office address</prop>
<prop key="description.de">Geschäftliche Adresse</prop>
<prop key="description.de-ch">Adresse am Arbeitsplatz</prop>
<prop key="description.fr">Adresse de l'institut, de l'université</prop>
<prop key="description.it">Indirizzo professionale: indirizzo dell'istituto o dell'ufficio</prop>
<prop key="description.ja">所属機関の住所</prop>
- <prop key="description.pt">Morada da instituição</prop>
- <prop key="description.sv">Postadress (arbete): Postadressen för arbetsplatsen</prop>
</props>
</property>
</bean>
@@ -376,16 +348,12 @@
<prop key="displayName.de">Telefon Geschäft</prop>
<prop key="displayName.fr">Teléphone professionnel</prop>
<prop key="displayName.it">Numero di telefono dell'ufficio</prop>
- <prop key="displayName.ja">勤務先電話番号</prop>
- <prop key="displayName.pt">Telefone</prop>
- <prop key="displayName.sv">Telefonummer (arbete)</prop>
+ <prop key="displayName.ja">所属機関内電話番号</prop>
<prop key="description.en">Business phone number: Office or campus phone number</prop>
<prop key="description.de">Telefonnummer am Arbeitsplatz</prop>
<prop key="description.fr">Teléphone de l'institut, de l'université</prop>
<prop key="description.it">Numero di telefono dell'ufficio</prop>
<prop key="description.ja">所属機関での利用者の電話番号</prop>
- <prop key="description.pt">Número de telefone</prop>
- <prop key="description.sv">Telefonummer (arbete): Telefonnummer till arbetsplatsen</prop>
</props>
</property>
</bean>
@@ -402,15 +370,11 @@
<prop key="displayName.fr">Prénom</prop>
<prop key="displayName.it">Nome</prop>
<prop key="displayName.ja">名</prop>
- <prop key="displayName.pt">Nome</prop>
- <prop key="displayName.sv">Förnamn</prop>
<prop key="description.en">Given name of a person</prop>
<prop key="description.de">Vorname</prop>
<prop key="description.fr">Prénom de l'utilisateur</prop>
<prop key="description.it">Nome</prop>
<prop key="description.ja">氏名(名)の英語表記</prop>
- <prop key="description.pt">Nome</prop>
- <prop key="description.sv">Förnamn: Förnamn för personen.</prop>
</props>
</property>
</bean>
@@ -485,15 +449,11 @@
<prop key="displayName.fr">Numéro d'employé</prop>
<prop key="displayName.it">Numero dell'utente</prop>
<prop key="displayName.ja">従業員番号</prop>
- <prop key="displayName.pt">Número de empregado</prop>
- <prop key="displayName.sv">Anställningsnummer</prop>
<prop key="description.en">Identifies an employee within an organization</prop>
<prop key="description.de">Identifiziert einen Mitarbeiter innerhalb der Organisation</prop>
<prop key="description.fr">Identifie un employé au sein de l'organisation</prop>
<prop key="description.it">Identifica l' utente presso l'organizzazione</prop>
<prop key="description.ja">所属機関における利用者の従業員番号</prop>
- <prop key="description.pt">Número de empregado</prop>
- <prop key="description.sv">Anställningsnummer: Unik anställningsidentifierare i hemmaorganisationen.</prop>
</props>
</property>
</bean>
@@ -536,15 +496,11 @@
<prop key="displayName.fr">Langue préférée</prop>
<prop key="displayName.it">Lingua preferita</prop>
<prop key="displayName.ja">希望言語</prop>
- <prop key="displayName.pt">Língua preferida</prop>
- <prop key="displayName.sv">Språkönskemål</prop>
<prop key="description.en">Preferred language: Users preferred language (see RFC1766)</prop>
<prop key="description.de">Bevorzugte Sprache (siehe RFC1766)</prop>
<prop key="description.fr">Exemple: fr, de, it, en, ... (voir RFC1766)</prop>
<prop key="description.it">Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766)</prop>
<prop key="description.ja">利用者が希望する言語(RFC1766 を参照)</prop>
- <prop key="description.pt">Língua preferida: Língua preferida do utilizador (cfr. RFC1766)</prop>
- <prop key="description.sv">Språkönskemål: Personens önskade språk (see RFC1766).</prop>
</props>
</property>
</bean>
@@ -563,16 +519,12 @@
<prop key="displayName.fr">Affiliation</prop>
<prop key="displayName.it">Tipo di membro</prop>
<prop key="displayName.ja">職位</prop>
- <prop key="displayName.pt">Tipo de utilizador</prop>
- <prop key="displayName.sv">Anknytning</prop>
<prop key="description.en">Affiliation: Type of affiliation with Home Organization</prop>
<prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
<prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
<prop key="description.fr">Type d'affiliation dans l'organisation</prop>
<prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
<prop key="description.ja">所属機関における職位(faculty,staff,student,memberなど)</prop>
- <prop key="description.pt">Tipo de utilizador: tipo de utilizador na organização. Exemplo: Estudante, ...</prop>
- <prop key="description.sv">Anknytning: Vilken anknytning personen har till organisationen.</prop>
</props>
</property>
</bean>
@@ -589,15 +541,11 @@
<prop key="displayName.fr">Entitlement</prop>
<prop key="displayName.it">Prerogativa</prop>
<prop key="displayName.ja">資格情報</prop>
- <prop key="displayName.pt">Título</prop>
- <prop key="displayName.sv">Rättigheter</prop>
<prop key="description.en">Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community</prop>
<prop key="description.de">Zeichenkette, die Rechte für spezifische Ressourcen beschreibt</prop>
<prop key="description.fr">Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès.</prop>
<prop key="description.it">Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità</prop>
<prop key="description.ja">特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN)</prop>
- <prop key="description.pt">URI (retractado por um URN ou URL) que indica um conjunto de direitos para recursos específicos. </prop>
- <prop key="description.sv">Rättigheter: URI (either URL or URN) som beskriver olika rättigheter till angivna tjänster.</prop>
</props>
</property>
</bean>
@@ -653,6 +601,7 @@
<prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
<prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.6</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrincipalName</prop>
+ <prop key="saml1.encodeType">false</prop>
<prop key="displayName.en">Principal Name</prop>
<prop key="displayName.de">Persönliche ID</prop>
<prop key="displayName.fr">Principal Name</prop>
@@ -675,6 +624,7 @@
<prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
<prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
<prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
+ <prop key="saml1.encodeType">false</prop>
<prop key="displayName.en">Prior Principal Name</prop>
<prop key="description.en">eduPersonPrincipalName value that was previously associated with the entry.</prop>
</props>
@@ -688,6 +638,7 @@
<prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
<prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.9</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonScopedAffiliation</prop>
+ <prop key="saml1.encodeType">false</prop>
<prop key="displayName.en">Scoped Affiliation</prop>
<prop key="displayName.de">Zugehörigkeit</prop>
<prop key="displayName.fr">Affiliation</prop>
@@ -733,21 +684,18 @@
<prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
<prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.13</prop>
<prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.13</prop>
+ <prop key="saml1.encodeType">false</prop>
<prop key="displayName.en">Unique ID</prop>
<prop key="displayName.de">Eindeutige ID</prop>
<prop key="displayName.fr">ID unique</prop>
<prop key="displayName.it">ID unico</prop>
<prop key="displayName.ja">ユニークID</prop>
- <prop key="displayName.pt">ID único</prop>
- <prop key="displayName.sv">Unik identifierare</prop>
<prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
<prop key="description.de">Eindeutige Benutzeridentifikation</prop>
<prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
<prop key="description.fr">Identifiant unique de l'utilisateur</prop>
<prop key="description.it">Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
<prop key="description.ja">フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID)</prop>
- <prop key="description.pt">ID único: Identificador pessoal que identifica claramente o utilizador na sua organização</prop>
- <prop key="description.sv">Unik identifierare: En unik identifierare för en person, används primärt för att identifiera personen inloggning vid annan organisation än hemmaorganisationen.</prop>
</props>
</property>
</bean>
diff --git a/conf/audit.xml b/conf/audit.xml
index a690ae0..7245127 100644
--- a/conf/audit.xml
+++ b/conf/audit.xml
@@ -11,11 +11,10 @@
default-destroy-method="destroy">
<!--
- This bean defines a mapping between audit log categories and formatting strings. The default entry is
- for compatibility with V2 audit logging.
+ This bean defines a mapping between audit log categories and formatting strings.
-->
<util:map id="shibboleth.AuditFormattingMap">
- <entry key="Shibboleth-Audit" value="%T|%b|%I|%SP|%P|%IDP|%bb|%III|%u|%ac|%attr|%n|%i|%XX|%X" />
+ <entry key="Shibboleth-Audit" value="%a|%ST|%T|%u|%SP|%i|%ac|%t|%attr|%n|%f|%SSO|%XX|%X|%b|%bb|%e|%S|%SS|%s|%UA" />
</util:map>
<!-- Override the format of date/time fields in the log and/or convert to default time zone. -->
@@ -30,4 +29,17 @@
<value>http://shibboleth.net/ns/profiles/mdquery</value>
</util:list>
+ <util:map id="shibboleth.AuditFieldReplacementMap">
+ <entry key="urn:oasis:names:tc:SAML:1.0:am:password" value="password" />
+ <entry key="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" value="password" />
+ <entry key="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" value="password" />
+ <entry key="urn:mace:shibboleth:1.0:nameIdentifier" value="transient" />
+ <entry key="urn:oasis:names:tc:SAML:2.0:nameid-format:transient" value="transient" />
+ <entry key="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent" value="persistent" />
+ <entry key="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress" value="emailAddress" />
+ <entry key="urn:oasis:names:tc:SAML:2.0:status:Success" value="Success" />
+ <entry key="urn:oasis:names:tc:SAML:2.0:status:Requester" value="Requester" />
+ <entry key="urn:oasis:names:tc:SAML:2.0:status:Responder" value="Responder" />
+ </util:map>
+
</beans>
diff --git a/conf/authn/ldap-authn-config.xml b/conf/authn/ldap-authn-config.xml
index 22824d0..22a760b 100644
--- a/conf/authn/ldap-authn-config.xml
+++ b/conf/authn/ldap-authn-config.xml
@@ -27,6 +27,6 @@
<bean id="shibboleth.authn.LDAP.truststore" parent="shibboleth.KeystoreResourceCredentialConfig"
p:truststore="%{idp.authn.LDAP.trustStore:undefined}" />
- <bean id="shibboleth.authn.LDAP.authenticator" parent="shibboleth.LDAPAuthenticationFactory" />
+ <bean id="shibboleth.authn.LDAP.authenticator" parent="shibboleth.LDAPAuthenticationFactory" lazy-init="true" />
</beans>
diff --git a/conf/authn/password-authn-config.xml b/conf/authn/password-authn-config.xml
index 502e73e..73ac7f8 100644
--- a/conf/authn/password-authn-config.xml
+++ b/conf/authn/password-authn-config.xml
@@ -12,11 +12,23 @@
default-init-method="initialize"
default-destroy-method="destroy">
- <!-- You can optionally comment out anything you don't need. -->
+ <!--
+ You can optionally comment out anything you don't need, but make sure not to
+ reference the corresponding validator in the list below if you do remove any.
+ -->
<import resource="jaas-authn-config.xml" />
<import resource="krb5-authn-config.xml" />
<import resource="ldap-authn-config.xml" />
+ <!-- Ordered list of CredentialValidators to apply to a request. -->
+ <util:list id="shibboleth.authn.Password.Validators">
+ <ref bean="shibboleth.LDAPValidator" />
+ </util:list>
+
+ <!-- Controls whether all validators in the above bean have to succeed, or just one. -->
+ <util:constant id="shibboleth.authn.Password.RequireAll" static-field="java.lang.Boolean.FALSE"/>
+
+
<!-- Names of form fields to pull username and password from. -->
<bean id="shibboleth.authn.Password.UsernameFieldName" class="java.lang.String" c:_0="j_username" />
<bean id="shibboleth.authn.Password.PasswordFieldName" class="java.lang.String" c:_0="j_password" />
@@ -36,14 +48,6 @@
<bean parent="shibboleth.Pair" p:first="^(.+)@example\.org$" p:second="$1" />
-->
</util:list>
-
- <!-- Ordered list of CredentialValidators to apply to a request. -->
- <util:list id="shibboleth.authn.Password.Validators">
- <ref bean="shibboleth.LDAPValidator" />
- </util:list>
-
- <!-- Controls whether all validators in the above bean have to succeed, or just one. -->
- <util:constant id="shibboleth.authn.Password.RequireAll" static-field="java.lang.Boolean.FALSE"/>
<!-- Uncomment to configure account lockout backed by in-memory storage. -->
<!--
diff --git a/conf/idp.properties b/conf/idp.properties
index b689c32..7ea2766 100644
--- a/conf/idp.properties
+++ b/conf/idp.properties
@@ -69,9 +69,8 @@ idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
# To downgrade to SHA-1, set to shibboleth.SigningConfiguration.SHA1
#idp.signing.config = shibboleth.SigningConfiguration.SHA256
-# To upgrade to AES-GCM encryption, set to shibboleth.EncryptionConfiguration.GCM
-# This is unlikely to work for all SPs, but this is a quick way to test them.
-#idp.encryption.config = shibboleth.EncryptionConfiguration.CBC
+# The new install default for encryption is now AES-GCM.
+idp.encryption.config=shibboleth.EncryptionConfiguration.GCM
# Configures trust evaluation of keys used by services at runtime
# Internal default is Chaining, overriden for new installs
@@ -222,5 +221,6 @@ idp.ui.fallbackLanguages=en,fr,de
#idp.fticks.salt=somethingsecret
#idp.fticks.loghost=localhost
#idp.fticks.logport=514
-idp.sealer.keyPassword=changeit
-idp.sealer.storePassword=changeit
+
+# Set false if you want SAML bindings "spelled out" in audit log
+idp.audit.shortenBindings=true
From e0fcf674aa7a571ae5a377572defcf071e3998c0 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Tue, 10 Mar 2020 20:32:24 +0000
Subject: [PATCH 6/9] merge fix 2
---
conf/idp.properties | 226 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 226 insertions(+)
create mode 100644 conf/idp.properties
diff --git a/conf/idp.properties b/conf/idp.properties
new file mode 100644
index 0000000..7ea2766
--- /dev/null
+++ b/conf/idp.properties
@@ -0,0 +1,226 @@
+# Load any additional property resources from a comma-delimited list
+idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties, /credentials/secrets.properties
+
+# In most cases (and unless noted in the surrounding comments) the
+# commented settings in the distributed files document default behavior.
+# Uncomment them and change the value to change functionality.
+#
+# Uncommented properties are either required or ship non-defaulted.
+
+# Set the entityID of the IdP
+idp.entityID=https://idp.example.org/idp/shibboleth
+
+# Set the file path which backs the IdP's own metadata publishing endpoint at /shibboleth.
+# Set to empty value to disable and return a 404.
+#idp.entityID.metadataFile=%{idp.home}/metadata/idp-metadata.xml
+
+# Set the scope used in the attribute resolver for scoped attributes
+idp.scope=example.org
+
+# General cookie properties (maxAge only applies to persistent cookies)
+#idp.cookie.secure = true
+#idp.cookie.httpOnly = true
+#idp.cookie.domain =
+#idp.cookie.path =
+#idp.cookie.maxAge = 31536000
+# These control operation of the SameSite filter, which is off by default.
+#idp.cookie.sameSite = None
+#idp.cookie.sameSiteCondition = shibboleth.Conditions.FALSE
+
+# Enable cross-site request forgery mitigation for views.
+idp.csrf.enabled=true
+# Name of the HTTP parameter that stores the CSRF token.
+#idp.csrf.token.parameter = csrf_token
+
+# HSTS/CSP response headers
+#idp.hsts = max-age=0
+# X-Frame-Options value, set to DENY or SAMEORIGIN to block framing
+#idp.frameoptions = DENY
+# Content-Security-Policy value, set to match X-Frame-Options default
+#idp.csp = frame-ancestors 'none';
+
+# Set the location of user-supplied web flow definitions
+#idp.webflows = %{idp.home}/flows
+
+# Set the location of Velocity view templates
+#idp.views = %{idp.home}/views
+
+# Settings for internal AES encryption key
+#idp.sealer.keyStrategy = shibboleth.DataSealerKeyStrategy
+#idp.sealer.storeType = JCEKS
+#idp.sealer.updateInterval = PT15M
+#idp.sealer.aliasBase = secret
+idp.sealer.storeResource=%{idp.home}/credentials/sealer.jks
+idp.sealer.versionResource=%{idp.home}/credentials/sealer.kver
+
+# Settings for public/private signing and encryption key(s)
+# During decryption key rollover, point the ".2" properties at a second
+# keypair, uncomment in credentials.xml, then publish it in your metadata.
+idp.signing.key=%{idp.home}/credentials/idp-signing.key
+idp.signing.cert=%{idp.home}/credentials/idp-signing.crt
+idp.encryption.key=%{idp.home}/credentials/idp-encryption.key
+idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
+#idp.encryption.key.2 = %{idp.home}/credentials/idp-encryption-old.key
+#idp.encryption.cert.2 = %{idp.home}/credentials/idp-encryption-old.crt
+
+# Sets the bean ID to use as a default security configuration set
+#idp.security.config = shibboleth.DefaultSecurityConfiguration
+
+# To downgrade to SHA-1, set to shibboleth.SigningConfiguration.SHA1
+#idp.signing.config = shibboleth.SigningConfiguration.SHA256
+
+# The new install default for encryption is now AES-GCM.
+idp.encryption.config=shibboleth.EncryptionConfiguration.GCM
+
+# Configures trust evaluation of keys used by services at runtime
+# Internal default is Chaining, overriden for new installs
+idp.trust.signatures=shibboleth.ExplicitKeySignatureTrustEngine
+# Other options:
+# shibboleth.ChainingSignatureTrustEngine, shibboleth.PKIXSignatureTrustEngine
+idp.trust.certificates=shibboleth.ExplicitKeyX509TrustEngine
+# Other options:
+# shibboleth.ChainingX509TrustEngine, shibboleth.PKIXX509TrustEngine
+
+# If true, encryption will happen whenever a key to use can be located, but
+# failure to encrypt won't result in request failure.
+#idp.encryption.optional = false
+
+# Configuration of client- and server-side storage plugins
+#idp.storage.cleanupInterval = PT10M
+idp.storage.htmlLocalStorage=true
+
+# Set to true to expose more detailed errors in responses to SPs
+#idp.errors.detailed = false
+# Set to false to skip signing of SAML response messages that signal errors
+#idp.errors.signed = true
+# Name of bean containing a list of Java exception classes to ignore
+#idp.errors.excludedExceptions = ExceptionClassListBean
+# Name of bean containing a property set mapping exception names to views
+#idp.errors.exceptionMappings = ExceptionToViewPropertyBean
+# Set if a different default view name for events and exceptions is needed
+#idp.errors.defaultView = error
+
+# Set to false to disable the IdP session layer
+#idp.session.enabled = true
+
+# Set to "shibboleth.StorageService" for server-side storage of user sessions
+#idp.session.StorageService = shibboleth.ClientSessionStorageService
+
+# Size of session IDs
+#idp.session.idSize = 32
+# Bind sessions to IP addresses
+#idp.session.consistentAddress = true
+# Inactivity timeout
+#idp.session.timeout = PT60M
+# Extra time to store sessions for logout
+#idp.session.slop = PT0S
+# Tolerate storage-related errors
+#idp.session.maskStorageFailure = false
+# Track information about SPs logged into
+idp.session.trackSPSessions=true
+# Support lookup by SP for SAML logout
+idp.session.secondaryServiceIndex=true
+# Length of time to track SP sessions
+#idp.session.defaultSPlifetime = PT2H
+
+# Regular expression matching login flows to enable, e.g. IPAddress|Password
+idp.authn.flows=Password
+
+# Default lifetime and timeout of various authentication methods
+#idp.authn.defaultLifetime = PT60M
+#idp.authn.defaultTimeout = PT30M
+
+# Whether to populate relying party user interface information for display
+# during authentication, consent, terms-of-use.
+#idp.authn.rpui = true
+
+# Whether to prioritize "active" results when an SP requests more than
+# one possible matching login method (V2 behavior was to favor them)
+#idp.authn.favorSSO = false
+
+# Whether to fail requests when a user identity after authentication
+# doesn't match the identity in a pre-existing session.
+#idp.authn.identitySwitchIsError = false
+
+# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
+#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
+
+# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
+# to key user consent storage records (and set the attribute name)
+#idp.consent.attribute-release.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
+#idp.consent.attribute-release.userStorageKeyAttribute = uid
+#idp.consent.terms-of-use.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
+#idp.consent.terms-of-use.userStorageKeyAttribute = uid
+
+# Suffix of message property used as value of consent storage records when idp.consent.compareValues is true.
+# Defaults to text displayed to the user.
+#idp.consent.terms-of-use.consentValueMessageCodeSuffix = .text
+
+# Flags controlling how built-in attribute consent feature operates
+#idp.consent.allowDoNotRemember = true
+#idp.consent.allowGlobal = true
+#idp.consent.allowPerAttribute = false
+
+# Whether attribute values and terms of use text are compared
+#idp.consent.compareValues = false
+# Maximum number of consent records for space-limited storage (e.g. cookies)
+#idp.consent.maxStoredRecords = 10
+# Maximum number of consent records for larger/server-side storage (0 = no limit)
+#idp.consent.expandedMaxStoredRecords = 0
+
+# Time in milliseconds to expire consent storage records.
+#idp.consent.storageRecordLifetime = P1Y
+
+# Whether to lookup metadata, etc. for every SP involved in a logout
+# for use by user interface logic; adds overhead so off by default.
+#idp.logout.elaboration = false
+
+# Whether to require logout requests/responses be signed/authenticated.
+#idp.logout.authenticated = true
+
+# Bean to determine whether user should be allowed to cancel logout
+#idp.logout.promptUser=shibboleth.Conditions.FALSE
+
+# Message freshness and replay cache tuning
+#idp.policy.messageLifetime = PT3M
+#idp.policy.clockSkew = PT3M
+
+# Set to custom bean for alternate storage of replay cache
+#idp.replayCache.StorageService = shibboleth.StorageService
+#idp.replayCache.strict = true
+
+# Toggles whether to allow outbound messages via SAML artifact
+#idp.artifact.enabled = true
+# Suppresses typical signing/encryption when artifact binding used
+#idp.artifact.secureChannel = true
+# May differ to direct SAML 2 artifact lookups to specific server nodes
+#idp.artifact.endpointIndex = 2
+# Set to custom bean for alternate storage of artifact map state
+#idp.artifact.StorageService = shibboleth.StorageService
+
+# Comma-delimited languages to use if not match can be found with the
+# browser-supported languages, defaults to an empty list.
+idp.ui.fallbackLanguages=en,fr,de
+
+# Storage service used by CAS protocol
+# Defaults to shibboleth.StorageService (in-memory)
+# MUST be server-side storage (e.g. in-memory, memcached, database)
+# NOTE that idp.session.StorageService requires server-side storage
+# when CAS protocol is enabled
+#idp.cas.StorageService=shibboleth.StorageService
+
+# CAS service registry implementation class
+#idp.cas.serviceRegistryClass=net.shibboleth.idp.cas.service.PatternServiceRegistry
+
+# If true, CAS services provisioned with SAML metadata are identified via entityID
+#idp.cas.relyingPartyIdFromMetadata=false
+
+# F-TICKS auditing - set a salt to include hashed username
+#idp.fticks.federation=MyFederation
+#idp.fticks.algorithm=SHA-256
+#idp.fticks.salt=somethingsecret
+#idp.fticks.loghost=localhost
+#idp.fticks.logport=514
+
+# Set false if you want SAML bindings "spelled out" in audit log
+idp.audit.shortenBindings=true
From f8d3464c9f0bf8c077920bba91f244de7a88257a Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Wed, 11 Mar 2020 15:21:30 +0000
Subject: [PATCH 7/9] update to 4.0.0 (release)
---
conf/attribute-registry.xml | 9 +-
conf/attribute-resolver-full.xml | 251 ------
conf/attribute-resolver-ldap.xml | 97 +--
conf/attributes/custom/{README.txt => README} | 0
conf/attributes/default-rules.xml | 743 +-----------------
conf/attributes/eduCourse.xml | 50 ++
conf/attributes/eduPerson.xml | 266 +++++++
conf/attributes/inetOrgPerson.xml | 510 ++++++++++++
conf/attributes/samlSubject.xml | 67 ++
conf/audit.xml | 8 +-
conf/intercept/consent-intercept-config.xml | 4 +-
conf/logback.xml | 8 +-
conf/logback.xml.dist | 8 +-
conf/logback.xml.tmp3 | 191 -----
conf/metadata-providers.xml | 36 +-
conf/services.properties | 10 +-
conf/services.xml | 42 +-
17 files changed, 1007 insertions(+), 1293 deletions(-)
delete mode 100644 conf/attribute-resolver-full.xml
rename conf/attributes/custom/{README.txt => README} (100%)
create mode 100644 conf/attributes/eduCourse.xml
create mode 100644 conf/attributes/eduPerson.xml
create mode 100644 conf/attributes/inetOrgPerson.xml
create mode 100644 conf/attributes/samlSubject.xml
delete mode 100644 conf/logback.xml.tmp3
diff --git a/conf/attribute-registry.xml b/conf/attribute-registry.xml
index 8890f4b..133930b 100644
--- a/conf/attribute-registry.xml
+++ b/conf/attribute-registry.xml
@@ -16,11 +16,14 @@
The system comes preconfigured to load rules directly from resource files
configured in services.xml so they're monitored for changes.
- You can add mappings here, add more XML resource files,
- or drop property files into the directory noted below.
+ You can add mappings here, add more XML resource files, or drop property
+ files into the directory noted below, but they won't be monitored for changes
+ themselves.
-->
<!-- Default directory for custom mappings. -->
- <bean parent="shibboleth.TranscodingRuleLoader" c:_0="%{idp.home}/conf/attributes/custom" />
+ <bean parent="shibboleth.TranscodingRuleLoader"
+ c:dir="%{idp.home}/conf/attributes/custom"
+ c:extensions="#{{'.txt', '.props', '.properties', '.rule'}}" />
</beans>
diff --git a/conf/attribute-resolver-full.xml b/conf/attribute-resolver-full.xml
deleted file mode 100644
index ad75dbc..0000000
--- a/conf/attribute-resolver-full.xml
+++ /dev/null
@@ -1,251 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE configuration file containing lots of commented
- example attributes, encoders, and a couple of example data connectors.
-
- Not all attribute definitions or data connectors are demonstrated, but
- a variety of LDAP attributes, some common to Shibboleth deployments and
- many not, are included.
-
- Deployers should refer to the Identity Provider 3 documentation
-
- https://wiki.shibboleth.net/confluence/display/IDP30/AttributeResolverConfiguration
-
- for a complete list of components and their options.
--->
-<AttributeResolver
- xmlns="urn:mace:shibboleth:2.0:resolver"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
-
- <!-- ========================================== -->
- <!-- Attribute Definitions -->
- <!-- ========================================== -->
-
- <!-- Schema: Core schema attributes-->
-<!--
-
- <AttributeDefinition xsi:type="Simple" id="uid">
- <InputDataConnector ref="myLDAP" attributeNames="uid"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="mail">
- <InputDataConnector ref="myLDAP" attributeNames="mail"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="homePhone">
- <InputDataConnector ref="myLDAP" attributeNames="homePhone"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="homePostalAddress">
- <InputDataConnector ref="myLDAP" attributeNames="homePostalAddress"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="mobileNumber">
- <InputDataConnector ref="myLDAP" attributeNames="mobile"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="pagerNumber">
- <InputDataConnector ref="myLDAP" attributeNames="pager"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="surname">
- <InputDataConnector ref="myLDAP" attributeNames="sn"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="locality">
- <InputDataConnector ref="myLDAP" attributeNames="l"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="stateProvince">
- <InputDataConnector ref="myLDAP" attributeNames="st"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="street">
- <InputDataConnector ref="myLDAP" attributeNames="street"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="organizationName">
- <InputDataConnector ref="myLDAP" attributeNames="o"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="organizationalUnit">
- <InputDataConnector ref="myLDAP" attributeNames="ou"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="title">
- <InputDataConnector ref="myLDAP" attributeNames="title"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="postalAddress">
- <InputDataConnector ref="myLDAP" attributeNames="postalAddress"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="postalCode">
- <InputDataConnector ref="myLDAP" attributeNames="postalCode"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="postOfficeBox">
- <InputDataConnector ref="myLDAP" attributeNames="postOfficeBox"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="telephoneNumber">
- <InputDataConnector ref="myLDAP" attributeNames="telephoneNumber"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="givenName">
- <InputDataConnector ref="myLDAP" attributeNames="givenName"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="initials">
- <InputDataConnector ref="myLDAP" attributeNames="initials"/>
- </AttributeDefinition>
--->
-
- <!-- Schema: inetOrgPerson attributes-->
-<!--
- <AttributeDefinition xsi:type="Simple" id="departmentNumber">
- <InputDataConnector ref="myLDAP" attributeNames="departmentNumber"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="displayName">
- <InputDataConnector ref="myLDAP" attributeNames="displayName"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="employeeNumber">
- <InputDataConnector ref="myLDAP" attributeNames="employeeNumber"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="employeeType">
- <InputDataConnector ref="myLDAP" attributeNames="employeeType"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="jpegPhoto">
- <InputDataConnector ref="myLDAP" attributeNames="jpegPhoto"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="preferredLanguage">
- <InputDataConnector ref="myLDAP" attributeNames="preferredLanguage"/>
- </AttributeDefinition>
--->
- <!-- Schema: eduPerson attributes -->
-<!--
- <AttributeDefinition xsi:type="Simple" id="eduPersonAffiliation">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation" />
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="eduPersonEntitlement">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonEntitlement"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="eduPersonNickname">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonNickname"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="eduPersonPrimaryAffiliation">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrimaryAffiliation"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Simple" id="eduPersonAssurance">
- <InputDataConnector ref="myLDAP" attributeNames="eduPersonAssurance"/>
- </AttributeDefinition>
--->
-
- <!-- Semi-deprecated eduPersonUniqueId, should be phased out in favor of SAML subject-id replacement below. -->
-<!--
- <AttributeDefinition xsi:type="Scoped" id="eduPersonUniqueId" scope="%{idp.scope}">
- <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
- </AttributeDefinition>
--->
-
- <!-- Schema: SAML Subject ID Attributes -->
-<!--
- <AttributeDefinition xsi:type="Scoped" id="samlSubjectID" scope="%{idp.scope}">
- <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
- </AttributeDefinition>
-
- <AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}">
- <InputDataConnector ref="computed" attributeNames="computedId"/>
- </AttributeDefinition>
--->
-
- <!-- ========================================== -->
- <!-- Data Connectors -->
- <!-- ========================================== -->
-
- <!-- Example Static Connector -->
-
- <!-- Example Relational Database Connector.
- In practice a <SimpleManagedConnection> is enough to get you going but you should consider a
- <BeanManagedConnection> fully configured for your particular environment -->
-
-<!--
- <DataConnector id="mySIS" xsi:type="RelationalDatabase">
- <SimpleManagedConnection jdbcDriver="oracle.jdbc.driver.OracleDriver"
- jdbcURL="jdbc:oracle:thin:@db.example.org:1521:SomeDB"
- jdbcUserName="myid"
- jdbcPassword="mypassword" />
- <QueryTemplate>
- <![CDATA[
- SELECT * FROM student WHERE gzbtpid = '$resolutionContext.principal'
- ]]>
- </QueryTemplate>
-
- <Column columnName="gzbtpid" attributeID="uid" />
- <Column columnName="fqlft" attributeID="gpa" />
- </DataConnector>
--->
-
- <!-- Example LDAP Connector -->
-<!--
- <DataConnector id="myLDAP" xsi:type="LDAPDirectory"
- ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
- baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
- principal="%{idp.attribute.resolver.LDAP.bindDN}"
- principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
- useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
- connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
- trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
- responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
- <FilterTemplate>
- <![CDATA[
- %{idp.attribute.resolver.LDAP.searchFilter}
- ]]>
- </FilterTemplate>
- <ConnectionPool
- minPoolSize="%{idp.pool.LDAP.minSize:3}"
- maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
- blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
- validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
- validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
- expirationTime="%{idp.pool.LDAP.idleTime:PT10M}" />
- </DataConnector>
--->
-
- <!-- DataConector for pairwise-id (example depends on saml-nameid.properties). -->
-
-<!--
- <DataConnector id="computed" xsi:type="ComputedId"
- generatedAttributeID="computedId"
- salt="%{idp.persistentId.salt}"
- algorithm="%{idp.persistentId.algorithm:SHA}"
- encoding="%{idp.persistentId.encoding:BASE32}">
-
- <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
-
- </DataConnector>
--->
-
-</AttributeResolver>
diff --git a/conf/attribute-resolver-ldap.xml b/conf/attribute-resolver-ldap.xml
index 76e6d55..19b68d6 100644
--- a/conf/attribute-resolver-ldap.xml
+++ b/conf/attribute-resolver-ldap.xml
@@ -1,66 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
-<!--
- This file is an EXAMPLE configuration file. While the configuration
- presented in this example file is semi-functional, it isn't very
- interesting. It is here only as a starting point for your deployment
- process.
-
- Very few attribute definitions and data connectors are demonstrated,
- and use of LDAP is assumed, with the LDAP configuration primarily
- supplied from the ldap.properties file.
+<!--
+ This file is an EXAMPLE configuration file containing some example attributes
+ based on some commonly used approaches when LDAP is the principal data source.
+
+ Not all attribute definitions or data connectors are demonstrated, but some
+ LDAP attributes common to Shibboleth deployments (and some not so common) are
+ included.
- Attribute-resolver-full.xml contains more examples of attributes,
- encoders, and data connectors. Deployers should refer to the Shibboleth
- documentation for a complete list of components and their options.
+ This example is in no way usable as a substitute for reading the documentation.
-->
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:resolver http://shibboleth.net/schema/idp/shibboleth-attribute-resolver.xsd">
<!-- ========================================== -->
<!-- Attribute Definitions -->
<!-- ========================================== -->
- <!--
- The EPPN is the "standard" federated username in higher ed.
- For guidelines on the implementation of this attribute, refer
- to the Shibboleth and eduPerson documentation. Above all, do
- not expose a value for this attribute without considering the
- long term implications.
- -->
- <AttributeDefinition id="eduPersonPrincipalName" xsi:type="Prescoped" >
+ <!-- Simple attributes are exported directly from the LDAP connector. -->
+
+ <!-- eduPerson attributes requiring post-lookup manipulation -->
+<!--
+
+ <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalName">
<InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalName"/>
</AttributeDefinition>
- <!--
- The uid is the closest thing to a "standard" LDAP attribute
- representing a local username, but you should generally *never*
- expose uid to federated services, as it is rarely globally unique.
- -->
- <AttributeDefinition id="uid" xsi:type="Simple" >
- <InputDataConnector ref="myLDAP" attributeNames="uid"/>
+ <AttributeDefinition xsi:type="Prescoped" id="eduPersonPrincipalNamePrior">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonPrincipalNamePrior"/>
</AttributeDefinition>
- <!--
- In the rest of the world, the email address is the standard identifier,
- despite the problems with that practice. Consider making the EPPN value
- the same as your official email addresses whenever possible.
- -->
- <AttributeDefinition id="mail" xsi:type="Simple" >
- <InputDataConnector ref="myLDAP" attributeNames="mail"/>
+ <AttributeDefinition xsi:type="Scoped" id="eduPersonScopedAffiliation" scope="%{idp.scope}">
+ <InputDataConnector ref="myLDAP" attributeNames="eduPersonAffiliation"/>
</AttributeDefinition>
-
+-->
+
+ <!-- Schema: SAML Subject ID Attributes -->
+<!--
+ <AttributeDefinition xsi:type="Scoped" id="samlSubjectID" scope="%{idp.scope}">
+ <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}"/>
+ </AttributeDefinition>
+
+ <AttributeDefinition xsi:type="Scoped" id="samlPairwiseID" scope="%{idp.scope}">
+ <InputDataConnector ref="computed" attributeNames="computedId"/>
+ </AttributeDefinition>
+-->
+
<!-- ========================================== -->
<!-- Data Connectors -->
<!-- ========================================== -->
-
- <!--
- Example LDAP Connector
-
- The connectivity details can be specified in ldap.properties to
- share them with your authentication settings if desired.
- -->
+
+ <!-- Example LDAP Connector -->
+
<DataConnector id="myLDAP" xsi:type="LDAPDirectory"
ldapURL="%{idp.attribute.resolver.LDAP.ldapURL}"
baseDN="%{idp.attribute.resolver.LDAP.baseDN}"
@@ -69,13 +61,14 @@
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
- responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}">
+ responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
+ exportAttributes="mail displayName sn givenName departmentNumber employeeNumber eduPersonEntitlement eduPersonAssurance">
<FilterTemplate>
<![CDATA[
%{idp.attribute.resolver.LDAP.searchFilter}
]]>
</FilterTemplate>
- <ConnectionPool
+ <ConnectionPool
minPoolSize="%{idp.pool.LDAP.minSize:3}"
maxPoolSize="%{idp.pool.LDAP.maxSize:10}"
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
@@ -84,4 +77,18 @@
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
</DataConnector>
+ <!-- DataConector for pairwise-id (example depends on saml-nameid.properties). -->
+
+<!--
+ <DataConnector id="computed" xsi:type="ComputedId"
+ generatedAttributeID="computedId"
+ salt="%{idp.persistentId.salt}"
+ algorithm="%{idp.persistentId.algorithm:SHA}"
+ encoding="%{idp.persistentId.encoding:BASE32}">
+
+ <InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
+
+ </DataConnector>
+-->
+
</AttributeResolver>
diff --git a/conf/attributes/custom/README.txt b/conf/attributes/custom/README
similarity index 100%
rename from conf/attributes/custom/README.txt
rename to conf/attributes/custom/README
diff --git a/conf/attributes/default-rules.xml b/conf/attributes/default-rules.xml
index 24e6b09..c865157 100644
--- a/conf/attributes/default-rules.xml
+++ b/conf/attributes/default-rules.xml
@@ -14,738 +14,15 @@
<!-- Default Attribute transcoding rules. -->
- <bean parent="shibboleth.TranscodingRuleLoader">
- <constructor-arg>
- <list>
-
- <!-- Schema: Core schema attributes-->
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">uid</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.1</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:uid</prop>
- <prop key="displayName.en">User ID</prop>
- <prop key="displayName.de">Benutzer-ID</prop>
- <prop key="displayName.fr">ID utilisateur</prop>
- <prop key="displayName.it">ID dell'utente</prop>
- <prop key="displayName.ja">ユーザID</prop>
- <prop key="description.en">A unique identifier for a person, mainly used for user identification within the user's home organization.</prop>
- <prop key="description.de">Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird.</prop>
- <prop key="description.fr">Identifiant de connexion d'une personnes sur les systèmes informatiques.</prop>
- <prop key="description.it">Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza.</prop>
- <prop key="description.ja">所属機関内で一意の利用者識別子</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">mail</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.3</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:mail</prop>
- <prop key="displayName.en">E-mail</prop>
- <prop key="displayName.de">E-Mail</prop>
- <prop key="displayName.fr">Email</prop>
- <prop key="displayName.it">E-mail</prop>
- <prop key="displayName.ja">メールアドレス</prop>
- <prop key="description.en">E-Mail: Preferred address for e-mail to be sent to this person</prop>
- <prop key="description.de">E-Mail-Adresse</prop>
- <prop key="description.de-ch">E-Mail Adresse</prop>
- <prop key="description.fr">Adresse de courrier électronique</prop>
- <prop key="description.it">E-Mail: l'indirizzo e-mail preferito dall'utente</prop>
- <prop key="description.ja">メールアドレス</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">homePhone</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.20</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:homePhone</prop>
- <prop key="displayName.en">Private phone number</prop>
- <prop key="displayName.de">Telefon Privat</prop>
- <prop key="displayName.fr">Teléphone personnel</prop>
- <prop key="displayName.it">Numero di telefono privato</prop>
- <prop key="displayName.ja">自宅電話番号</prop>
- <prop key="description.en">Private phone number</prop>
- <prop key="description.de">Private Telefonnummer</prop>
- <prop key="description.fr">Numéro de téléphone de domicile de la personne</prop>
- <prop key="description.it">Numero di telefono privato</prop>
- <prop key="description.ja">自宅の電話番号</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">homePostalAddress</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.39</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:homePostalAddress</prop>
- <prop key="displayName.en">Home postal address</prop>
- <prop key="displayName.de">Heimatadresse</prop>
- <prop key="displayName.de-ch">Heimadresse</prop>
- <prop key="displayName.fr">Adresse personnelle</prop>
- <prop key="displayName.it">Indirizzo personale</prop>
- <prop key="displayName.ja">自宅住所</prop>
- <prop key="description.en">Home postal address: Home address of the user</prop>
- <prop key="description.de">Heimatadresse</prop>
- <prop key="description.de-ch">Heimadresse</prop>
- <prop key="description.fr">Adresse postale de domicile de la personne</prop>
- <prop key="description.it">Indirizzo personale: indirizzo dove abita l'utente</prop>
- <prop key="description.ja">自宅の住所</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">mobile</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.41</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:mobile</prop>
- <prop key="displayName.en">Mobile phone number</prop>
- <prop key="displayName.de">Telefon Mobil</prop>
- <prop key="displayName.fr">Numéro de mobile</prop>
- <prop key="displayName.it">Numero di cellulare</prop>
- <prop key="displayName.ja">携帯電話番号</prop>
- <prop key="description.en">Mobile phone number</prop>
- <prop key="description.de">Mobile Telefonnummer</prop>
- <prop key="description.fr">Numéro de teléphone mobile</prop>
- <prop key="description.it">Numero di cellulare</prop>
- <prop key="description.ja">携帯電話の電話番号</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">pager</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.42</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:pager</prop>
- <prop key="displayName.en">Pager number</prop>
- <prop key="description.en">Pager number</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">surname</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.4</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:sn</prop>
- <prop key="displayName.en">Surname</prop>
- <prop key="displayName.de">Nachname</prop>
- <prop key="displayName.fr">Nom de famille</prop>
- <prop key="displayName.it">Cognome</prop>
- <prop key="displayName.ja">姓</prop>
- <prop key="description.en">Surname or family name</prop>
- <prop key="description.de">Familienname</prop>
- <prop key="description.fr">Nom de famille de l'utilisateur.</prop>
- <prop key="description.it">Cognome dell'utilizzatore</prop>
- <prop key="description.ja">氏名(姓)の英語表記</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">locality</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.7</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:l</prop>
- <prop key="displayName.en">Locality name</prop>
- <prop key="displayName.de">Ort</prop>
- <prop key="displayName.fr">Locality name</prop>
- <prop key="displayName.ja">場所(L)</prop>
- <prop key="description.en">Locality name</prop>
- <prop key="description.de">Ort</prop>
- <prop key="description.fr">Nom de la localité où réside l'objet</prop>
- <prop key="description.ja">場所の名前 日本の場合は市区町村名</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">stateProvince</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.8</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:st</prop>
- <prop key="displayName.en">State or province name</prop>
- <prop key="displayName.ja">都道府県もしくは州や省(ST)</prop>
- <prop key="description.en">State or province name</prop>
- <prop key="description.ja">州名や省名 国によって異なり日本の場合は都道府県名</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">street</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.9</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:street</prop>
- <prop key="displayName.en">Street</prop>
- <prop key="displayName.de">Straße</prop>
- <prop key="displayName.de-ch">Strasse</prop>
- <prop key="displayName.fr">Rue</prop>
- <prop key="displayName.ja">通り</prop>
- <prop key="description.en">Street address</prop>
- <prop key="description.de">Name der Straße</prop>
- <prop key="description.de-ch">Strassenadresse</prop>
- <prop key="description.fr">Nom de rue</prop>
- <prop key="description.ja">通りおよび番地</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">organizationName</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.10</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:o</prop>
- <prop key="displayName.en">Organization name</prop>
- <prop key="displayName.de">Organisationsname</prop>
- <prop key="displayName.fr">Nom de l'organisation</prop>
- <prop key="displayName.ja">所属機関名</prop>
- <prop key="description.en">Organization name</prop>
- <prop key="description.de">Name der Organisation</prop>
- <prop key="description.fr">Nom de l'organisation</prop>
- <prop key="description.ja">所属機関名称の英語表記</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">organizationalUnit</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.11</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:ou</prop>
- <prop key="displayName.en">Organizational unit</prop>
- <prop key="displayName.de">Organisationseinheit</prop>
- <prop key="displayName.fr">Unité organisationnelle</prop>
- <prop key="displayName.ja">機関内所属名</prop>
- <prop key="description.en">Organizational unit</prop>
- <prop key="description.de">Name der Organisationseinheit</prop>
- <prop key="description.fr">Nom de l'unité organisationnelle</prop>
- <prop key="description.ja">機関内所属名称の英語表記</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">title</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.12</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:title</prop>
- <prop key="displayName.en">Title</prop>
- <prop key="displayName.de">Titel</prop>
- <prop key="displayName.fr">Title</prop>
- <prop key="displayName.ja">肩書き</prop>
- <prop key="description.en">Title of a person</prop>
- <prop key="description.de">Titel der Person</prop>
- <prop key="description.fr">Titre de la personne</prop>
- <prop key="description.ja">利用者の肩書き</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">postalAddress</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.16</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:postalAddress</prop>
- <prop key="displayName.en">Business postal address</prop>
- <prop key="displayName.de">Geschäftsadresse</prop>
- <prop key="displayName.fr">Adresse professionnelle</prop>
- <prop key="displayName.it">Indirizzo professionale</prop>
- <prop key="displayName.ja">所属機関住所</prop>
- <prop key="description.en">Business postal address: Campus or office address</prop>
- <prop key="description.de">Geschäftliche Adresse</prop>
- <prop key="description.de-ch">Adresse am Arbeitsplatz</prop>
- <prop key="description.fr">Adresse de l'institut, de l'université</prop>
- <prop key="description.it">Indirizzo professionale: indirizzo dell'istituto o dell'ufficio</prop>
- <prop key="description.ja">所属機関の住所</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">postalCode</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.17</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:postalCode</prop>
- <prop key="displayName.en">Postal code</prop>
- <prop key="displayName.en-us">ZIP code</prop>
- <prop key="displayName.de">Postleitzahl</prop>
- <prop key="displayName.fr">Code postal</prop>
- <prop key="displayName.ja">郵便番号</prop>
- <prop key="description.en">Postal code</prop>
- <prop key="description.en-us">ZIP code</prop>
- <prop key="description.de">Postleitzahl</prop>
- <prop key="description.fr">Code postal</prop>
- <prop key="description.ja">郵便番号</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">postOfficeBox</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:mace:dir:attribute-def:postOfficeBox</prop>
- <prop key="saml1.name">urn:oid:2.5.4.18</prop>
- <prop key="displayName.en">Postal box</prop>
- <prop key="displayName.de">Postfach</prop>
- <prop key="displayName.fr">Boite postale</prop>
- <prop key="displayName.fr-ch">Case postale</prop>
- <prop key="displayName.ja">私書箱</prop>
- <prop key="description.en">Postal box identifier</prop>
- <prop key="description.de">Postfach</prop>
- <prop key="description.fr">Boite postale</prop>
- <prop key="description.fr-ch">Case postale</prop>
- <prop key="description.ja">私書箱</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">telephoneNumber</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:mace:dir:attribute-def:telephoneNumber</prop>
- <prop key="saml1.name">urn:oid:2.5.4.20</prop>
- <prop key="displayName.en">Business phone number</prop>
- <prop key="displayName.de">Telefon Geschäft</prop>
- <prop key="displayName.fr">Teléphone professionnel</prop>
- <prop key="displayName.it">Numero di telefono dell'ufficio</prop>
- <prop key="displayName.ja">所属機関内電話番号</prop>
- <prop key="description.en">Business phone number: Office or campus phone number</prop>
- <prop key="description.de">Telefonnummer am Arbeitsplatz</prop>
- <prop key="description.fr">Teléphone de l'institut, de l'université</prop>
- <prop key="description.it">Numero di telefono dell'ufficio</prop>
- <prop key="description.ja">所属機関での利用者の電話番号</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">givenName</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.42</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:givenName</prop>
- <prop key="displayName.en">Given name</prop>
- <prop key="displayName.de">Vorname</prop>
- <prop key="displayName.fr">Prénom</prop>
- <prop key="displayName.it">Nome</prop>
- <prop key="displayName.ja">名</prop>
- <prop key="description.en">Given name of a person</prop>
- <prop key="description.de">Vorname</prop>
- <prop key="description.fr">Prénom de l'utilisateur</prop>
- <prop key="description.it">Nome</prop>
- <prop key="description.ja">氏名(名)の英語表記</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">initials</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.5.4.43</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:initials</prop>
- <prop key="displayName.en">Initials</prop>
- <prop key="displayName.de">Initialen</prop>
- <prop key="displayName.fr">Initiales</prop>
- <prop key="displayName.ja">イニシャル</prop>
- <prop key="description.en">Initials</prop>
- <prop key="description.de">Anfangsbuchstaben des Namens</prop>
- <prop key="description.de-ch">Die Anfangsbuchstaben</prop>
- <prop key="description.fr">L' initiales</prop>
- <prop key="description.ja">イニシャル</prop>
- </props>
- </property>
- </bean>
-
- <!-- Schema: inetOrgPerson attributes-->
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">departmentNumber</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.2</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:departmentNumber</prop>
- <prop key="displayName.en">Department number</prop>
- <prop key="displayName.de">Abteilungsnummer</prop>
- <prop key="description.en">Department number</prop>
- <prop key="description.de">Nummer der Abteilung</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">displayName</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.241</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:displayName</prop>
- <prop key="displayName.en">Display Name</prop>
- <prop key="displayName.de">Anzeigename</prop>
- <prop key="displayName.fr">Nom</prop>
- <prop key="displayName.it">Nome</prop>
- <prop key="displayName.ja">表示名</prop>
- <prop key="description.en">The name that should appear in white-pages-like applications for this person.</prop>
- <prop key="description.de">Anzeigename</prop>
- <prop key="description.fr">Nom complet d'affichage</prop>
- <prop key="description.it">Nome</prop>
- <prop key="description.ja">アプリケーションでの表示に用いられる英字氏名</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">employeeNumber</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.3</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:employeeNumber</prop>
- <prop key="displayName.en">Employee number</prop>
- <prop key="displayName.de">Mitarbeiternummer</prop>
- <prop key="displayName.fr">Numéro d'employé</prop>
- <prop key="displayName.it">Numero dell'utente</prop>
- <prop key="displayName.ja">従業員番号</prop>
- <prop key="description.en">Identifies an employee within an organization</prop>
- <prop key="description.de">Identifiziert einen Mitarbeiter innerhalb der Organisation</prop>
- <prop key="description.fr">Identifie un employé au sein de l'organisation</prop>
- <prop key="description.it">Identifica l' utente presso l'organizzazione</prop>
- <prop key="description.ja">所属機関における利用者の従業員番号</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">employeeType</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.4</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:employeeType</prop>
- <prop key="displayName.en">Employee type</prop>
- <prop key="description.en">Employee type</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">jpegPhoto</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.60</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:jpegPhoto</prop>
- <prop key="displayName.en">JPEG Photo</prop>
- <prop key="description.en">Image of a person in JPEG format</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">preferredLanguage</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.39</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:preferredLanguage</prop>
- <prop key="displayName.en">Preferred Language</prop>
- <prop key="displayName.de">Bevorzugte Sprache</prop>
- <prop key="displayName.fr">Langue préférée</prop>
- <prop key="displayName.it">Lingua preferita</prop>
- <prop key="displayName.ja">希望言語</prop>
- <prop key="description.en">Preferred language: Users preferred language (see RFC1766)</prop>
- <prop key="description.de">Bevorzugte Sprache (siehe RFC1766)</prop>
- <prop key="description.fr">Exemple: fr, de, it, en, ... (voir RFC1766)</prop>
- <prop key="description.it">Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766)</prop>
- <prop key="description.ja">利用者が希望する言語(RFC1766 を参照)</prop>
- </props>
- </property>
- </bean>
-
- <!-- Schema: eduPerson attributes -->
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonAffiliation</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.1</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonAffiliation</prop>
- <prop key="displayName.en">Affiliation</prop>
- <prop key="displayName.de">Zugehörigkeit</prop>
- <prop key="displayName.fr">Affiliation</prop>
- <prop key="displayName.it">Tipo di membro</prop>
- <prop key="displayName.ja">職位</prop>
- <prop key="description.en">Affiliation: Type of affiliation with Home Organization</prop>
- <prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
- <prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
- <prop key="description.fr">Type d'affiliation dans l'organisation</prop>
- <prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
- <prop key="description.ja">所属機関における職位(faculty,staff,student,memberなど)</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonEntitlement</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.7</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonEntitlement</prop>
- <prop key="displayName.en">Entitlement</prop>
- <prop key="displayName.de">Berechtigung</prop>
- <prop key="displayName.fr">Entitlement</prop>
- <prop key="displayName.it">Prerogativa</prop>
- <prop key="displayName.ja">資格情報</prop>
- <prop key="description.en">Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community</prop>
- <prop key="description.de">Zeichenkette, die Rechte für spezifische Ressourcen beschreibt</prop>
- <prop key="description.fr">Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès.</prop>
- <prop key="description.it">Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità</prop>
- <prop key="description.ja">特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN)</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonNickname</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.2</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonNickname</prop>
- <prop key="displayName.en">Nick name</prop>
- <prop key="displayName.de">Kurzname</prop>
- <prop key="displayName.de-ch">Übername</prop>
- <prop key="displayName.fr">Surnom</prop>
- <prop key="displayName.it">Diminutivo</prop>
- <prop key="displayName.ja">ニックネーム</prop>
- <prop key="description.en">Person's nickname, or the informal name by which they are accustomed to be hailed.</prop>
- <prop key="description.de">Kurzname einer Person, oder üblicher Rufname zur Begrüßung.</prop>
- <prop key="description.de-ch">Übername einer Person, oder üblicher Rufname zur Begrüssung.</prop>
- <prop key="description.fr">Nom personnalisable pour un usage informel.</prop>
- <prop key="description.it">Diminutivo della persona, o soprannome.</prop>
- <prop key="description.ja">利用者のニックネームもしくは通称</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonPrimaryAffiliation</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.5</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation</prop>
- <prop key="displayName.en">Primary affiliation</prop>
- <prop key="displayName.de">Primäre Zugehörigkeit</prop>
- <prop key="displayName.fr">Affiliation pricipale</prop>
- <prop key="displayName.it">Appartenenza principale</prop>
- <prop key="displayName.ja">主要職位</prop>
- <prop key="description.en">Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc.</prop>
- <prop key="description.de">Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc.</prop>
- <prop key="description.fr">Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc.</prop>
- <prop key="description.it">Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc.</prop>
- <prop key="description.ja">所属機関における主要な職位(faculty,staff,student,memberなど)</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonPrincipalName</prop>
- <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.6</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrincipalName</prop>
- <prop key="saml1.encodeType">false</prop>
- <prop key="displayName.en">Principal Name</prop>
- <prop key="displayName.de">Persönliche ID</prop>
- <prop key="displayName.fr">Principal Name</prop>
- <prop key="displayName.it">Principal Name</prop>
- <prop key="displayName.ja">プリンシパルID</prop>
- <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
- <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
- <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
- <prop key="description.fr">L'identifiant unique de l'utilisateur</prop>
- <prop key="description.it">Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
- <prop key="description.ja">フェデレーション内で一意かつ永続的な利用者識別子</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonPrincipalNamePrior</prop>
- <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
- <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
- <prop key="saml1.encodeType">false</prop>
- <prop key="displayName.en">Prior Principal Name</prop>
- <prop key="description.en">eduPersonPrincipalName value that was previously associated with the entry.</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonScopedAffiliation</prop>
- <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.9</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonScopedAffiliation</prop>
- <prop key="saml1.encodeType">false</prop>
- <prop key="displayName.en">Scoped Affiliation</prop>
- <prop key="displayName.de">Zugehörigkeit</prop>
- <prop key="displayName.fr">Affiliation</prop>
- <prop key="displayName.it">Tipo di membro</prop>
- <prop key="displayName.ja">スコープ付き職位</prop>
- <prop key="description.en">Specifies the person's affiliation within a particular security domain</prop>
- <prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
- <prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
- <prop key="description.fr">Type d'affiliation dans l'organisation</prop>
- <prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
- <prop key="description.ja">セキュリティドメインのスコープが付いた所属機関における職位</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonAssurance</prop>
- <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.11</prop>
- <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonAssurance</prop>
- <prop key="displayName.en">Assurance Level</prop>
- <prop key="displayName.de">Vertrauensgrad</prop>
- <prop key="displayName.fr">Niveau de confiance</prop>
- <prop key="displayName.it">Livello di sicurezza</prop>
- <prop key="displayName.ja">保証レベル</prop>
- <prop key="description.en">Set of URIs that assert compliance with specific standards for identity assurance.</prop>
- <prop key="description.de">URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten</prop>
- <prop key="description.fr">Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités</prop>
- <prop key="description.it">Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti</prop>
- <prop key="description.ja">IDの保証レベルに関して特定の基準に準拠していることを示すURI</prop>
- </props>
- </property>
- </bean>
-
- <!-- Semi-deprecated eduPersonUniqueId, should be phased out in favor of SAML subject-id replacement below. -->
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">eduPersonUniqueId</prop>
- <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
- <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.13</prop>
- <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.13</prop>
- <prop key="saml1.encodeType">false</prop>
- <prop key="displayName.en">Unique ID</prop>
- <prop key="displayName.de">Eindeutige ID</prop>
- <prop key="displayName.fr">ID unique</prop>
- <prop key="displayName.it">ID unico</prop>
- <prop key="displayName.ja">ユニークID</prop>
- <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
- <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
- <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
- <prop key="description.fr">Identifiant unique de l'utilisateur</prop>
- <prop key="description.it">Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
- <prop key="description.ja">フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID)</prop>
- </props>
- </property>
- </bean>
-
- <!-- Schema: SAML Subject ID Attributes -->
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">samlSubjectID</prop>
- <prop key="transcoder">SAML2ScopedStringTranscoder</prop>
- <prop key="saml2.name">urn:oasis:names:tc:SAML:attribute:subject-id</prop>
- <prop key="displayName.en">Unique ID</prop>
- <prop key="displayName.de">Eindeutige ID</prop>
- <prop key="displayName.fr">ID unique</prop>
- <prop key="displayName.it">ID unico</prop>
- <prop key="displayName.ja">サブジェクトID</prop>
- <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
- <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
- <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
- <prop key="description.fr">Identifiant unique de l'utilisateur</prop>
- <prop key="description.it">Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
- <prop key="description.ja">フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継)</prop>
- </props>
- </property>
- </bean>
-
- <bean parent="shibboleth.TranscodingProperties">
- <property name="properties">
- <props merge="true">
- <prop key="id">samlPairwiseID</prop>
- <prop key="transcoder">SAML2ScopedStringTranscoder</prop>
- <prop key="saml2.name">urn:oasis:names:tc:SAML:attribute:pairwise-id</prop>
- <prop key="displayName.en">Pairwise ID</prop>
- <prop key="displayName.de">Pairwise ID</prop>
- <prop key="displayName.fr">Pairwise ID</prop>
- <prop key="displayName.it">Pairwise ID</prop>
- <prop key="displayName.ja">ペアワイズID</prop>
- <prop key="description.en">Pairwise ID: A unique identifier for a person, different for each service provider.</prop>
- <prop key="description.de">Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider.</prop>
- <prop key="description.de-ch">Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider.</prop>
- <prop key="description.fr">Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service.</prop>
- <prop key="description.it">Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio.</prop>
- <prop key="description.ja">フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継)</prop>
- </props>
- </property>
- </bean>
-
- </list>
- </constructor-arg>
- </bean>
+ <!--
+ Many if not most of these attributes are not suited or may even be actively discouraged
+ from use in federated protocols, but this is merely a set of well-known definitions, not
+ a recommended set to support or use.
+ -->
+ <import resource="inetOrgPerson.xml" />
+ <import resource="eduPerson.xml" />
+ <import resource="eduCourse.xml" />
+ <import resource="samlSubject.xml" />
+
</beans>
diff --git a/conf/attributes/eduCourse.xml b/conf/attributes/eduCourse.xml
new file mode 100644
index 0000000..6794da6
--- /dev/null
+++ b/conf/attributes/eduCourse.xml
@@ -0,0 +1,50 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <bean parent="shibboleth.TranscodingRuleLoader">
+ <constructor-arg>
+ <list>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduCourseOffering</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.6.1.1</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.6.1.1</prop>
+ <prop key="displayName.en">Course offering</prop>
+ <prop key="description.en">Unique identifier for a course offering</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduCourseMember</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.6.1.2</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.6.1.2</prop>
+ <prop key="saml1.encodeType">false</prop>
+ <prop key="displayName.en">Course role</prop>
+ <prop key="description.en">Specifies the person's role within a particular course offering</prop>
+ </props>
+ </property>
+ </bean>
+
+ </list>
+ </constructor-arg>
+ </bean>
+
+</beans>
diff --git a/conf/attributes/eduPerson.xml b/conf/attributes/eduPerson.xml
new file mode 100644
index 0000000..afe1299
--- /dev/null
+++ b/conf/attributes/eduPerson.xml
@@ -0,0 +1,266 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <bean parent="shibboleth.TranscodingRuleLoader">
+ <constructor-arg>
+ <list>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonAffiliation</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.1</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonAffiliation</prop>
+ <prop key="displayName.en">Affiliation</prop>
+ <prop key="displayName.de">Zugehörigkeit</prop>
+ <prop key="displayName.fr">Affiliation</prop>
+ <prop key="displayName.it">Tipo di membro</prop>
+ <prop key="displayName.ja">職位</prop>
+ <prop key="description.en">Affiliation: Type of affiliation with Home Organization</prop>
+ <prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
+ <prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
+ <prop key="description.fr">Type d'affiliation dans l'organisation</prop>
+ <prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
+ <prop key="description.ja">所属機関における職位(faculty,staff,student,memberなど)</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonAssurance</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.11</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonAssurance</prop>
+ <prop key="displayName.en">Assurance level</prop>
+ <prop key="displayName.de">Vertrauensgrad</prop>
+ <prop key="displayName.fr">Niveau de confiance</prop>
+ <prop key="displayName.it">Livello di sicurezza</prop>
+ <prop key="displayName.ja">保証レベル</prop>
+ <prop key="description.en">Set of URIs that assert compliance with specific standards for identity assurance.</prop>
+ <prop key="description.de">URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten</prop>
+ <prop key="description.fr">Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités</prop>
+ <prop key="description.it">Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti</prop>
+ <prop key="description.ja">IDの保証レベルに関して特定の基準に準拠していることを示すURI</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonEntitlement</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.7</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonEntitlement</prop>
+ <prop key="displayName.en">Entitlement</prop>
+ <prop key="displayName.de">Berechtigung</prop>
+ <prop key="displayName.fr">Entitlement</prop>
+ <prop key="displayName.it">Prerogativa</prop>
+ <prop key="displayName.ja">資格情報</prop>
+ <prop key="description.en">Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community</prop>
+ <prop key="description.de">Zeichenkette, die Rechte für spezifische Ressourcen beschreibt</prop>
+ <prop key="description.fr">Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès.</prop>
+ <prop key="description.it">Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità</prop>
+ <prop key="description.ja">特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN)</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonNickname</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.2</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonNickname</prop>
+ <prop key="displayName.en">Nickname</prop>
+ <prop key="displayName.de">Kurzname</prop>
+ <prop key="displayName.de-ch">Übername</prop>
+ <prop key="displayName.fr">Surnom</prop>
+ <prop key="displayName.it">Diminutivo</prop>
+ <prop key="displayName.ja">ニックネーム</prop>
+ <prop key="description.en">Person's nickname, or the informal name by which they are accustomed to be hailed.</prop>
+ <prop key="description.de">Kurzname einer Person, oder üblicher Rufname zur Begrüßung.</prop>
+ <prop key="description.de-ch">Übername einer Person, oder üblicher Rufname zur Begrüssung.</prop>
+ <prop key="description.fr">Nom personnalisable pour un usage informel.</prop>
+ <prop key="description.it">Diminutivo della persona, o soprannome.</prop>
+ <prop key="description.ja">利用者のニックネームもしくは通称</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonOrgDN</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.3</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonOrgDN</prop>
+ <prop key="displayName.en">Organization distinguished name</prop>
+ <prop key="description.en">Distinguished name (DN) of the directory entry representing the institution with which the person is associated.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonOrgUnitDN</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.4</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonOrgUnitDN</prop>
+ <prop key="displayName.en">Organization unit distinguished name</prop>
+ <prop key="description.en">Distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s).</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonOrcid</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.16</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.16</prop>
+ <prop key="displayName.en">ORCID</prop>
+ <prop key="description.en">ORCID researcher identifier(s) belonging to a person.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonPrimaryAffiliation</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.5</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation</prop>
+ <prop key="displayName.en">Primary affiliation</prop>
+ <prop key="displayName.de">Primäre Zugehörigkeit</prop>
+ <prop key="displayName.fr">Affiliation pricipale</prop>
+ <prop key="displayName.it">Appartenenza principale</prop>
+ <prop key="displayName.ja">主要職位</prop>
+ <prop key="description.en">Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc.</prop>
+ <prop key="description.de">Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc.</prop>
+ <prop key="description.fr">Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc.</prop>
+ <prop key="description.it">Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc.</prop>
+ <prop key="description.ja">所属機関における主要な職位(faculty,staff,student,memberなど)</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonPrimaryOrgUnitDN</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.8</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN</prop>
+ <prop key="displayName.en">Primary organization unit distinguished name</prop>
+ <prop key="description.en">Distinguished name (DN) of the directory entry representing the person's primary Organizational Unit.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonPrincipalName</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.6</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrincipalName</prop>
+ <prop key="saml1.encodeType">false</prop>
+ <prop key="displayName.en">Principal name</prop>
+ <prop key="displayName.de">Persönliche ID</prop>
+ <prop key="displayName.fr">Principal Name</prop>
+ <prop key="displayName.it">Principal Name</prop>
+ <prop key="displayName.ja">プリンシパルID</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
+ <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
+ <prop key="description.fr">L'identifiant unique de l'utilisateur</prop>
+ <prop key="description.it">Un ID personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
+ <prop key="description.ja">フェデレーション内で一意かつ永続的な利用者識別子</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonPrincipalNamePrior</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
+ <prop key="saml1.encodeType">false</prop>
+ <prop key="displayName.en">Prior principal name(s)</prop>
+ <prop key="description.en">eduPersonPrincipalName value(s) previously associated with the entry.</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonScopedAffiliation</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.9</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonScopedAffiliation</prop>
+ <prop key="saml1.encodeType">false</prop>
+ <prop key="displayName.en">Scoped affiliation</prop>
+ <prop key="displayName.de">Zugehörigkeit</prop>
+ <prop key="displayName.fr">Affiliation</prop>
+ <prop key="displayName.it">Tipo di membro</prop>
+ <prop key="displayName.ja">スコープ付き職位</prop>
+ <prop key="description.en">Specifies the person's affiliation within a particular security domain</prop>
+ <prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
+ <prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
+ <prop key="description.fr">Type d'affiliation dans l'organisation</prop>
+ <prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
+ <prop key="description.ja">セキュリティドメインのスコープが付いた所属機関における職位</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonUniqueId</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder SAML1ScopedStringTranscoder CASScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.13</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.13</prop>
+ <prop key="saml1.encodeType">false</prop>
+ <prop key="displayName.en">Unique ID</prop>
+ <prop key="displayName.de">Eindeutige ID</prop>
+ <prop key="displayName.fr">ID unique</prop>
+ <prop key="displayName.it">ID unico</prop>
+ <prop key="displayName.ja">ユニークID</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
+ <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
+ <prop key="description.fr">Identifiant unique de l'utilisateur</prop>
+ <prop key="description.it">Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
+ <prop key="description.ja">フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID)</prop>
+ </props>
+ </property>
+ </bean>
+
+ </list>
+ </constructor-arg>
+ </bean>
+
+</beans>
diff --git a/conf/attributes/inetOrgPerson.xml b/conf/attributes/inetOrgPerson.xml
new file mode 100644
index 0000000..da4cdcf
--- /dev/null
+++ b/conf/attributes/inetOrgPerson.xml
@@ -0,0 +1,510 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <!-- https://tools.ietf.org/html/rfc2798 -->
+
+ <bean parent="shibboleth.TranscodingRuleLoader">
+ <constructor-arg>
+ <list>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">cn</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.3</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:cn</prop>
+ <prop key="displayName.en">Common name</prop>
+ <prop key="description.en">Common name of a person</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">departmentNumber</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.2</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:departmentNumber</prop>
+ <prop key="displayName.en">Department number</prop>
+ <prop key="displayName.de">Abteilungsnummer</prop>
+ <prop key="description.en">Department number</prop>
+ <prop key="description.de">Nummer der Abteilung</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">displayName</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.241</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:displayName</prop>
+ <prop key="displayName.en">Display name</prop>
+ <prop key="displayName.de">Anzeigename</prop>
+ <prop key="displayName.fr">Nom</prop>
+ <prop key="displayName.it">Nome</prop>
+ <prop key="displayName.ja">表示名</prop>
+ <prop key="description.en">The name that should appear in white-pages-like applications for this person.</prop>
+ <prop key="description.de">Anzeigename</prop>
+ <prop key="description.fr">Nom complet d'affichage</prop>
+ <prop key="description.it">Nome</prop>
+ <prop key="description.ja">アプリケーションでの表示に用いられる英字氏名</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">employeeNumber</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.3</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:employeeNumber</prop>
+ <prop key="displayName.en">Employee number</prop>
+ <prop key="displayName.de">Mitarbeiternummer</prop>
+ <prop key="displayName.fr">Numéro d'employé</prop>
+ <prop key="displayName.it">Numero dell'utente</prop>
+ <prop key="displayName.ja">従業員番号</prop>
+ <prop key="description.en">Identifies an employee within an organization</prop>
+ <prop key="description.de">Identifiziert einen Mitarbeiter innerhalb der Organisation</prop>
+ <prop key="description.fr">Identifie un employé au sein de l'organisation</prop>
+ <prop key="description.it">Identifica l' utente presso l'organizzazione</prop>
+ <prop key="description.ja">所属機関における利用者の従業員番号</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">employeeType</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.4</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:employeeType</prop>
+ <prop key="displayName.en">Employee type</prop>
+ <prop key="description.en">Employee type</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">givenName</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.42</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:givenName</prop>
+ <prop key="displayName.en">Given name</prop>
+ <prop key="displayName.de">Vorname</prop>
+ <prop key="displayName.fr">Prénom</prop>
+ <prop key="displayName.it">Nome</prop>
+ <prop key="displayName.ja">名</prop>
+ <prop key="description.en">Given name of a person</prop>
+ <prop key="description.de">Vorname</prop>
+ <prop key="description.fr">Prénom de l'utilisateur</prop>
+ <prop key="description.it">Nome</prop>
+ <prop key="description.ja">氏名(名)の英語表記</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">homePhone</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.20</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:homePhone</prop>
+ <prop key="displayName.en">Private phone number</prop>
+ <prop key="displayName.de">Telefon Privat</prop>
+ <prop key="displayName.fr">Teléphone personnel</prop>
+ <prop key="displayName.it">Numero di telefono privato</prop>
+ <prop key="displayName.ja">自宅電話番号</prop>
+ <prop key="description.en">Private phone number</prop>
+ <prop key="description.de">Private Telefonnummer</prop>
+ <prop key="description.fr">Numéro de téléphone de domicile de la personne</prop>
+ <prop key="description.it">Numero di telefono privato</prop>
+ <prop key="description.ja">自宅の電話番号</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">homePostalAddress</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.39</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:homePostalAddress</prop>
+ <prop key="displayName.en">Home postal address</prop>
+ <prop key="displayName.de">Heimatadresse</prop>
+ <prop key="displayName.de-ch">Heimadresse</prop>
+ <prop key="displayName.fr">Adresse personnelle</prop>
+ <prop key="displayName.it">Indirizzo personale</prop>
+ <prop key="displayName.ja">自宅住所</prop>
+ <prop key="description.en">Home postal address: Home address of the user</prop>
+ <prop key="description.de">Heimatadresse</prop>
+ <prop key="description.de-ch">Heimadresse</prop>
+ <prop key="description.fr">Adresse postale de domicile de la personne</prop>
+ <prop key="description.it">Indirizzo personale: indirizzo dove abita l'utente</prop>
+ <prop key="description.ja">自宅の住所</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">initials</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.43</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:initials</prop>
+ <prop key="displayName.en">Initials</prop>
+ <prop key="displayName.de">Initialen</prop>
+ <prop key="displayName.fr">Initiales</prop>
+ <prop key="displayName.ja">イニシャル</prop>
+ <prop key="description.en">Initials</prop>
+ <prop key="description.de">Anfangsbuchstaben des Namens</prop>
+ <prop key="description.de-ch">Die Anfangsbuchstaben</prop>
+ <prop key="description.fr">L' initiales</prop>
+ <prop key="description.ja">イニシャル</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">l</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.7</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:l</prop>
+ <prop key="displayName.en">Locality name</prop>
+ <prop key="displayName.de">Ort</prop>
+ <prop key="displayName.fr">Locality name</prop>
+ <prop key="displayName.ja">場所(L)</prop>
+ <prop key="description.en">Locality name</prop>
+ <prop key="description.de">Ort</prop>
+ <prop key="description.fr">Nom de la localité où réside l'objet</prop>
+ <prop key="description.ja">場所の名前 日本の場合は市区町村名</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">mail</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.3</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:mail</prop>
+ <prop key="displayName.en">E-mail</prop>
+ <prop key="displayName.de">E-Mail</prop>
+ <prop key="displayName.fr">Email</prop>
+ <prop key="displayName.it">E-mail</prop>
+ <prop key="displayName.ja">メールアドレス</prop>
+ <prop key="description.en">E-Mail: Preferred address for e-mail to be sent to this person</prop>
+ <prop key="description.de">E-Mail-Adresse</prop>
+ <prop key="description.de-ch">E-Mail Adresse</prop>
+ <prop key="description.fr">Adresse de courrier électronique</prop>
+ <prop key="description.it">E-Mail: l'indirizzo e-mail preferito dall'utente</prop>
+ <prop key="description.ja">メールアドレス</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">mobile</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.41</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:mobile</prop>
+ <prop key="displayName.en">Mobile phone number</prop>
+ <prop key="displayName.de">Telefon Mobil</prop>
+ <prop key="displayName.fr">Numéro de mobile</prop>
+ <prop key="displayName.it">Numero di cellulare</prop>
+ <prop key="displayName.ja">携帯電話番号</prop>
+ <prop key="description.en">Mobile phone number</prop>
+ <prop key="description.de">Mobile Telefonnummer</prop>
+ <prop key="description.fr">Numéro de teléphone mobile</prop>
+ <prop key="description.it">Numero di cellulare</prop>
+ <prop key="description.ja">携帯電話の電話番号</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">o</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.10</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:o</prop>
+ <prop key="displayName.en">Organization name</prop>
+ <prop key="displayName.de">Organisationsname</prop>
+ <prop key="displayName.fr">Nom de l'organisation</prop>
+ <prop key="displayName.ja">所属機関名</prop>
+ <prop key="description.en">Organization name</prop>
+ <prop key="description.de">Name der Organisation</prop>
+ <prop key="description.fr">Nom de l'organisation</prop>
+ <prop key="description.ja">所属機関名称の英語表記</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">ou</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.11</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:ou</prop>
+ <prop key="displayName.en">Organizational unit</prop>
+ <prop key="displayName.de">Organisationseinheit</prop>
+ <prop key="displayName.fr">Unité organisationnelle</prop>
+ <prop key="displayName.ja">機関内所属名</prop>
+ <prop key="description.en">Organizational unit</prop>
+ <prop key="description.de">Name der Organisationseinheit</prop>
+ <prop key="description.fr">Nom de l'unité organisationnelle</prop>
+ <prop key="description.ja">機関内所属名称の英語表記</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">pager</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.42</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:pager</prop>
+ <prop key="displayName.en">Pager number</prop>
+ <prop key="description.en">Pager number</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">postalAddress</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.16</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:postalAddress</prop>
+ <prop key="displayName.en">Business postal address</prop>
+ <prop key="displayName.de">Geschäftsadresse</prop>
+ <prop key="displayName.fr">Adresse professionnelle</prop>
+ <prop key="displayName.it">Indirizzo professionale</prop>
+ <prop key="displayName.ja">所属機関住所</prop>
+ <prop key="description.en">Business postal address: Campus or office address</prop>
+ <prop key="description.de">Geschäftliche Adresse</prop>
+ <prop key="description.de-ch">Adresse am Arbeitsplatz</prop>
+ <prop key="description.fr">Adresse de l'institut, de l'université</prop>
+ <prop key="description.it">Indirizzo professionale: indirizzo dell'istituto o dell'ufficio</prop>
+ <prop key="description.ja">所属機関の住所</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">postalCode</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.17</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:postalCode</prop>
+ <prop key="displayName.en">Postal code</prop>
+ <prop key="displayName.en-us">ZIP code</prop>
+ <prop key="displayName.de">Postleitzahl</prop>
+ <prop key="displayName.fr">Code postal</prop>
+ <prop key="displayName.ja">郵便番号</prop>
+ <prop key="description.en">Postal code</prop>
+ <prop key="description.en-us">ZIP code</prop>
+ <prop key="description.de">Postleitzahl</prop>
+ <prop key="description.fr">Code postal</prop>
+ <prop key="description.ja">郵便番号</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">postOfficeBox</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:mace:dir:attribute-def:postOfficeBox</prop>
+ <prop key="saml1.name">urn:oid:2.5.4.18</prop>
+ <prop key="displayName.en">Postal box</prop>
+ <prop key="displayName.de">Postfach</prop>
+ <prop key="displayName.fr">Boite postale</prop>
+ <prop key="displayName.fr-ch">Case postale</prop>
+ <prop key="displayName.ja">私書箱</prop>
+ <prop key="description.en">Postal box identifier</prop>
+ <prop key="description.de">Postfach</prop>
+ <prop key="description.fr">Boite postale</prop>
+ <prop key="description.fr-ch">Case postale</prop>
+ <prop key="description.ja">私書箱</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">preferredLanguage</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.39</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:preferredLanguage</prop>
+ <prop key="displayName.en">Preferred Language</prop>
+ <prop key="displayName.de">Bevorzugte Sprache</prop>
+ <prop key="displayName.fr">Langue préférée</prop>
+ <prop key="displayName.it">Lingua preferita</prop>
+ <prop key="displayName.ja">希望言語</prop>
+ <prop key="description.en">Preferred language: Users preferred language (see RFC1766)</prop>
+ <prop key="description.de">Bevorzugte Sprache (siehe RFC1766)</prop>
+ <prop key="description.fr">Exemple: fr, de, it, en, ... (voir RFC1766)</prop>
+ <prop key="description.it">Lingua preferita: la lingua preferita dall'utente (cfr. RFC1766)</prop>
+ <prop key="description.ja">利用者が希望する言語(RFC1766 を参照)</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">sn</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.4</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:sn</prop>
+ <prop key="displayName.en">Surname</prop>
+ <prop key="displayName.de">Nachname</prop>
+ <prop key="displayName.fr">Nom de famille</prop>
+ <prop key="displayName.it">Cognome</prop>
+ <prop key="displayName.ja">姓</prop>
+ <prop key="description.en">Surname or family name</prop>
+ <prop key="description.de">Familienname</prop>
+ <prop key="description.fr">Nom de famille de l'utilisateur.</prop>
+ <prop key="description.it">Cognome dell'utilizzatore</prop>
+ <prop key="description.ja">氏名(姓)の英語表記</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">st</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.8</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:st</prop>
+ <prop key="displayName.en">State or province name</prop>
+ <prop key="displayName.ja">都道府県もしくは州や省(ST)</prop>
+ <prop key="description.en">State or province name</prop>
+ <prop key="description.ja">州名や省名 国によって異なり日本の場合は都道府県名</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">street</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.9</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:street</prop>
+ <prop key="displayName.en">Street</prop>
+ <prop key="displayName.de">Straße</prop>
+ <prop key="displayName.de-ch">Strasse</prop>
+ <prop key="displayName.fr">Rue</prop>
+ <prop key="displayName.ja">通り</prop>
+ <prop key="description.en">Street address</prop>
+ <prop key="description.de">Name der Straße</prop>
+ <prop key="description.de-ch">Strassenadresse</prop>
+ <prop key="description.fr">Nom de rue</prop>
+ <prop key="description.ja">通りおよび番地</prop>
+ </props>
+ </property>
+ </bean>
+
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">telephoneNumber</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:mace:dir:attribute-def:telephoneNumber</prop>
+ <prop key="saml1.name">urn:oid:2.5.4.20</prop>
+ <prop key="displayName.en">Business phone number</prop>
+ <prop key="displayName.de">Telefon Geschäft</prop>
+ <prop key="displayName.fr">Teléphone professionnel</prop>
+ <prop key="displayName.it">Numero di telefono dell'ufficio</prop>
+ <prop key="displayName.ja">所属機関内電話番号</prop>
+ <prop key="description.en">Business phone number: Office or campus phone number</prop>
+ <prop key="description.de">Telefonnummer am Arbeitsplatz</prop>
+ <prop key="description.fr">Teléphone de l'institut, de l'université</prop>
+ <prop key="description.it">Numero di telefono dell'ufficio</prop>
+ <prop key="description.ja">所属機関での利用者の電話番号</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">title</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.12</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:title</prop>
+ <prop key="displayName.en">Title</prop>
+ <prop key="displayName.de">Titel</prop>
+ <prop key="displayName.fr">Title</prop>
+ <prop key="displayName.ja">肩書き</prop>
+ <prop key="description.en">Title of a person</prop>
+ <prop key="description.de">Titel der Person</prop>
+ <prop key="description.fr">Titre de la personne</prop>
+ <prop key="description.ja">利用者の肩書き</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">uid</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:0.9.2342.19200300.100.1.1</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:uid</prop>
+ <prop key="displayName.en">User ID</prop>
+ <prop key="displayName.de">Benutzer-ID</prop>
+ <prop key="displayName.fr">ID utilisateur</prop>
+ <prop key="displayName.it">ID dell'utente</prop>
+ <prop key="displayName.ja">ユーザID</prop>
+ <prop key="description.en">A unique identifier for a person, mainly used for user identification within the user's home organization.</prop>
+ <prop key="description.de">Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird.</prop>
+ <prop key="description.fr">Identifiant de connexion d'une personnes sur les systèmes informatiques.</prop>
+ <prop key="description.it">Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza.</prop>
+ <prop key="description.ja">所属機関内で一意の利用者識別子</prop>
+ </props>
+ </property>
+ </bean>
+
+ </list>
+ </constructor-arg>
+ </bean>
+
+</beans>
diff --git a/conf/attributes/samlSubject.xml b/conf/attributes/samlSubject.xml
new file mode 100644
index 0000000..dac9a59
--- /dev/null
+++ b/conf/attributes/samlSubject.xml
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <!-- https://wiki.oasis-open.org/security/SAMLSubjectIDAttr -->
+
+ <bean parent="shibboleth.TranscodingRuleLoader">
+ <constructor-arg>
+ <list>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">samlSubjectID</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oasis:names:tc:SAML:attribute:subject-id</prop>
+ <prop key="displayName.en">Unique ID</prop>
+ <prop key="displayName.de">Eindeutige ID</prop>
+ <prop key="displayName.fr">ID unique</prop>
+ <prop key="displayName.it">ID unico</prop>
+ <prop key="displayName.ja">サブジェクトID</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.de">Eindeutige Benutzeridentifikation</prop>
+ <prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
+ <prop key="description.fr">Identifiant unique de l'utilisateur</prop>
+ <prop key="description.it">Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
+ <prop key="description.ja">フェデレーション内で一意で永続的かつ難読化された利用者識別子(eduPersonUniqueIdの後継)</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">samlPairwiseID</prop>
+ <prop key="transcoder">SAML2ScopedStringTranscoder</prop>
+ <prop key="saml2.name">urn:oasis:names:tc:SAML:attribute:pairwise-id</prop>
+ <prop key="displayName.en">Pairwise ID</prop>
+ <prop key="displayName.de">Pairwise ID</prop>
+ <prop key="displayName.fr">Pairwise ID</prop>
+ <prop key="displayName.it">Pairwise ID</prop>
+ <prop key="displayName.ja">ペアワイズID</prop>
+ <prop key="description.en">Pairwise ID: A unique identifier for a person, different for each service provider.</prop>
+ <prop key="description.de">Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider.</prop>
+ <prop key="description.de-ch">Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider.</prop>
+ <prop key="description.fr">Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service.</prop>
+ <prop key="description.it">Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio.</prop>
+ <prop key="description.ja">フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継)</prop>
+ </props>
+ </property>
+ </bean>
+
+ </list>
+ </constructor-arg>
+ </bean>
+
+</beans>
diff --git a/conf/audit.xml b/conf/audit.xml
index 7245127..a9faf4c 100644
--- a/conf/audit.xml
+++ b/conf/audit.xml
@@ -14,7 +14,7 @@
This bean defines a mapping between audit log categories and formatting strings.
-->
<util:map id="shibboleth.AuditFormattingMap">
- <entry key="Shibboleth-Audit" value="%a|%ST|%T|%u|%SP|%i|%ac|%t|%attr|%n|%f|%SSO|%XX|%X|%b|%bb|%e|%S|%SS|%s|%UA" />
+ <entry key="Shibboleth-Audit" value="%a|%ST|%T|%u|%SP|%i|%ac|%t|%attr|%n|%f|%SSO|%XX|%XA|%b|%bb|%e|%S|%SS|%s|%UA" />
</util:map>
<!-- Override the format of date/time fields in the log and/or convert to default time zone. -->
@@ -40,6 +40,12 @@
<entry key="urn:oasis:names:tc:SAML:2.0:status:Success" value="Success" />
<entry key="urn:oasis:names:tc:SAML:2.0:status:Requester" value="Requester" />
<entry key="urn:oasis:names:tc:SAML:2.0:status:Responder" value="Responder" />
+ <entry key="http://www.w3.org/2009/xmlenc11#aes128-gcm" value="AES128-GCM" />
+ <entry key="http://www.w3.org/2009/xmlenc11#aes192-gcm" value="AES192-GCM" />
+ <entry key="http://www.w3.org/2009/xmlenc11#aes256-gcm" value="AES256-GCM" />
+ <entry key="http://www.w3.org/2001/04/xmlenc#aes128-cbc" value="AES128-CBC" />
+ <entry key="http://www.w3.org/2001/04/xmlenc#aes192-cbc" value="AES192-CBC" />
+ <entry key="http://www.w3.org/2001/04/xmlenc#aes256-cbc" value="AES256-CBC" />
</util:map>
</beans>
diff --git a/conf/intercept/consent-intercept-config.xml b/conf/intercept/consent-intercept-config.xml
index 66f06a0..6e899e6 100644
--- a/conf/intercept/consent-intercept-config.xml
+++ b/conf/intercept/consent-intercept-config.xml
@@ -54,9 +54,7 @@
</util:list>
<util:list id="shibboleth.consent.attribute-release.BlacklistedAttributeIDs">
- <value>transientId</value>
- <value>persistentId</value>
- <value>eduPersonTargetedID</value>
+ <value>samlPairwiseID</value>
</util:list>
<!--
diff --git a/conf/logback.xml b/conf/logback.xml
index 9a91d26..817de02 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -77,7 +77,7 @@
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
</encoder>
<!-- Ignore Velocity status page error. -->
@@ -85,7 +85,7 @@
<evaluator>
<matcher>
<Name>VelocityStatusMatcher</Name>
- <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex>
+ <regex>ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\.</regex>
</matcher>
<expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
</evaluator>
@@ -109,7 +109,7 @@
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
</encoder>
<!-- Ignore Velocity status page error. -->
@@ -117,7 +117,7 @@
<evaluator>
<matcher>
<Name>VelocityStatusMatcher</Name>
- <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex>
+ <regex>ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\.</regex>
</matcher>
<expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
</evaluator>
diff --git a/conf/logback.xml.dist b/conf/logback.xml.dist
index ac19b1f..2b76770 100644
--- a/conf/logback.xml.dist
+++ b/conf/logback.xml.dist
@@ -81,7 +81,7 @@
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
</encoder>
<!-- Ignore Velocity status page error. -->
@@ -89,7 +89,7 @@
<evaluator>
<matcher>
<Name>VelocityStatusMatcher</Name>
- <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex>
+ <regex>ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\.</regex>
</matcher>
<expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
</evaluator>
@@ -117,7 +117,7 @@
<encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
<charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
</encoder>
<!-- Ignore Velocity status page error. -->
@@ -125,7 +125,7 @@
<evaluator>
<matcher>
<Name>VelocityStatusMatcher</Name>
- <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex>
+ <regex>ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\.</regex>
</matcher>
<expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
</evaluator>
diff --git a/conf/logback.xml.tmp3 b/conf/logback.xml.tmp3
deleted file mode 100644
index 4eebeaa..0000000
--- a/conf/logback.xml.tmp3
+++ /dev/null
@@ -1,191 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<configuration>
-
- <!--
- Variables for simplifying logging configuration.
- http://logback.qos.ch/manual/configuration.html#variableSubstitution
- -->
-
- <!--
- If you want to use custom properties in this config file,
- we load the main property file for you.
- -->
- <variable file="${idp.home}/conf/idp.properties" />
-
- <!-- Location and retention. -->
-
- <variable name="idp.logfiles" value="${idp.home}/logs" />
- <variable name="idp.loghistory" value="${idp.loghistory:-180}" />
-
- <!-- Much higher performance if you operate on DEBUG. -->
- <!-- <variable name="idp.process.appender" value="ASYNC_PROCESS" /> -->
-
- <!-- Logging level shortcuts. -->
- <variable name="idp.loglevel.idp" value="${idp.loglevel.idp:-INFO}" />
- <variable name="idp.loglevel.ldap" value="${idp.loglevel.ldap:-WARN}" />
- <variable name="idp.loglevel.messages" value="${idp.loglevel.messages:-INFO}" />
- <variable name="idp.loglevel.encryption" value="${idp.loglevel.encryption:-INFO}" />
- <variable name="idp.loglevel.opensaml" value="${idp.loglevel.opensaml:-INFO}" />
- <variable name="idp.loglevel.props" value="${idp.loglevel.props:-INFO}" />
- <variable name="idp.loglevel.httpclient" value="${idp.loglevel.httpclient:-INFO}" />
-
- <!-- Don't turn these up unless you want a *lot* of noise. -->
- <variable name="idp.loglevel.spring" value="${idp.loglevel.spring:-ERROR}" />
- <variable name="idp.loglevel.container" value="${idp.loglevel.container:-ERROR}" />
- <variable name="idp.loglevel.xmlsec" value="${idp.loglevel.xmlsec:-INFO}" />
-
- <!-- =========================================================== -->
- <!-- ============== Logging Categories and Levels ============== -->
- <!-- =========================================================== -->
-
- <!-- Logs IdP, but not OpenSAML, messages -->
- <logger name="net.shibboleth.idp" level="${idp.loglevel.idp}"/>
-
- <!-- Logs OpenSAML, but not IdP, messages -->
- <logger name="org.opensaml.saml" level="${idp.loglevel.opensaml}"/>
-
- <!-- Logs LDAP related messages -->
- <logger name="org.ldaptive" level="${idp.loglevel.ldap}"/>
-
- <!-- Logs embedded HTTP client messages -->
- <logger name="org.apache.http" level="${idp.loglevel.httpclient}"/>
-
- <!-- Logs inbound and outbound protocols messages at DEBUG level -->
- <logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages}" />
-
- <!-- Logs unencrypted SAML at DEBUG level -->
- <logger name="org.opensaml.saml.saml2.encryption.Encrypter" level="${idp.loglevel.encryption}" />
-
- <!-- Logs system properties during startup at DEBUG level -->
- <logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props}" />
-
- <!-- Especially chatty. -->
- <logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec}" />
- <logger name="org.springframework" level="${idp.loglevel.spring}"/>
- <logger name="org.apache.catalina" level="${idp.loglevel.container}"/>
- <logger name="org.eclipse.jetty" level="${idp.loglevel.container}"/>
-
-
- <!-- =========================================================== -->
- <!-- ============== Low Level Details or Changes =============== -->
- <!-- =========================================================== -->
-
- <!-- Process log. -->
- <appender name="IDP_PROCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <File>/tmp/logidp-process</File>
-
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>${idp.loghistory}</maxHistory>
- </rollingPolicy>
-
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
- </encoder>
-
- <!-- Ignore Velocity status page error. -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator>
- <matcher>
- <Name>VelocityStatusMatcher</Name>
- <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex>
- </matcher>
- <expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
- </evaluator>
- <OnMatch>DENY</OnMatch>
- </filter>
- </appender>
-
- <appender name="ASYNC_PROCESS" class="ch.qos.logback.classic.AsyncAppender">
- <appender-ref ref="IDP_PROCESS" />
- <discardingThreshold>0</discardingThreshold>
- </appender>
-
- <appender name="IDP_WARN" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <!-- Suppress anything below WARN. -->
- <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
- <level>WARN</level>
- </filter>
-
- <File>/tmp/logidp-warn</File>
-
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>${idp.loghistory}</maxHistory>
- </rollingPolicy>
-
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
- </encoder>
-
- <!-- Ignore Velocity status page error. -->
- <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
- <evaluator>
- <matcher>
- <Name>VelocityStatusMatcher</Name>
- <regex>ResourceManager : unable to find resource 'status.vm' in any resource loader.</regex>
- </matcher>
- <expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
- </evaluator>
- <OnMatch>DENY</OnMatch>
- </filter>
- </appender>
-
- <!-- Audit log. -->
- <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <File>/tmp/logidp-audit</File>
-
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>${idp.loghistory}</maxHistory>
- </rollingPolicy>
-
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%msg%n</Pattern>
- </encoder>
- </appender>
-
- <!-- Consent audit log. -->
- <appender name="IDP_CONSENT_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
- <File>${idp.logfiles}/idp-consent-audit.log</File>
-
- <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
- <fileNamePattern>${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
- <maxHistory>${idp.loghistory}</maxHistory>
- </rollingPolicy>
-
- <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
- <charset>UTF-8</charset>
- <Pattern>%msg%n</Pattern>
- </encoder>
- </appender>
-
- <!-- F-TICKS syslog destination. -->
- <appender name="IDP_FTICKS" class="ch.qos.logback.classic.net.SyslogAppender">
- <syslogHost>${idp.fticks.loghost:-localhost}</syslogHost>
- <port>${idp.fticks.logport:-514}</port>
- <facility>AUTH</facility>
- <suffixPattern>[%thread] %logger %msg</suffixPattern>
- </appender>
-
- <logger name="Shibboleth-Audit" level="ALL">
- <appender-ref ref="${idp.audit.appender:-IDP_AUDIT}"/>
- </logger>
-
- <logger name="Shibboleth-FTICKS" level="ALL" additivity="false">
- <appender-ref ref="${idp.fticks.appender:-IDP_FTICKS}"/>
- </logger>
-
- <logger name="Shibboleth-Consent-Audit" level="ALL">
- <appender-ref ref="${idp.consent.appender:-IDP_CONSENT_AUDIT}"/>
- </logger>
-
- <root level="${idp.loglevel.root:-INFO}">
- <appender-ref ref="${idp.process.appender:-IDP_PROCESS}"/>
- <appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
- </root>
-
-</configuration>
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
index 0667e71..fc81612 100644
--- a/conf/metadata-providers.xml
+++ b/conf/metadata-providers.xml
@@ -20,19 +20,19 @@
http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">
- <!-- ========================================================================================== -->
- <!-- Metadata Configuration -->
- <!-- -->
- <!-- Below you place the mechanisms which define how to load the metadata for SP(s) you will -->
- <!-- provide service to. -->
- <!-- -->
- <!-- Two examples are provided. The Shibboleth Documentation at -->
- <!-- https://wiki.shibboleth.net/confluence/display/IDP30/MetadataConfiguration -->
- <!-- provides more details. -->
- <!-- -->
- <!-- NOTE. This file SHOULD NOT contain the metadata for this IdP. -->
- <!-- ========================================================================================== -->
-
+ <!--
+ Below you place the mechanisms which define how to load the metadata for SP(s) you will
+ provide service to.
+
+ Some simple examples are provided. The documentation provides more details; in most cases,
+ the modern replacement for these older plugins are the "DynamicHTTPMetadataProvider" and
+ "LocalDynamic" variants, which provide dramatic memory savings and more reliable operation.
+
+ NOTE: You do NOT need to load metadata for this IdP itself within this configuration.
+ -->
+
+
+
<!--
Example HTTP metadata provider. Use this if you want to download the metadata
from a remote source.
@@ -42,7 +42,7 @@
it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
The EntityRoleWhiteList saves memory by only loading metadata from SAML roles
- that the IdP needs to interoperate with.
+ that the IdP needs to interoperate with.
-->
<!--
@@ -61,8 +61,8 @@
<!--
Example file metadata provider. Use this if you want to load metadata
- from a local file. You might use this if you have some local SPs
- which are not "federated" but you wish to offer a service to.
+ from a local file. You use this if you have some local SPs which are not
+ "federated" but you wish to offer a service to.
If you do not provide a SignatureValidation filter, then you have the
responsibility to ensure that the contents on disk are trustworthy.
@@ -74,11 +74,11 @@
<!--
- Example CAS metadata source.
+ Example CAS metadata source for managing CAS services using SAML metadata.
-->
<!--
- <MetadataProvider id="CasMetadata"
+ <MetadataProvider id="CASMetadata"
xsi:type="FilesystemMetadataProvider"
metadataFile="PATH_TO_YOUR_METADATA"
indexesRef="shibboleth.CASMetadataIndices" />
diff --git a/conf/services.properties b/conf/services.properties
index 9dc3dff..6edb015 100644
--- a/conf/services.properties
+++ b/conf/services.properties
@@ -62,9 +62,8 @@ idp.service.managedBean.checkInterval = PT15M
#idp.message.resources = shibboleth.MessageSourceResources
#idp.message.cacheSeconds = 300
-# Parameters for pre-defined HttpClient instances which perform in-memory and filesystem caching.
-# These are used with components such as remote configuration resources that are explicitly wired
-# with these client instances, *not* by default with HTTP metadata resolvers.
+# These settings impact the behavior of the internal HTTP Client used by default
+# with some internal components, but notably *not* for metadata acquisition.
#idp.httpclient.useSecurityEnhancedTLSSocketFactory = false
#idp.httpclient.connectionDisregardTLSCertificate = false
#idp.httpclient.connectionRequestTimeout = PT1M
@@ -72,6 +71,11 @@ idp.service.managedBean.checkInterval = PT15M
#idp.httpclient.socketTimeout = PT1M
#idp.httpclient.maxConnectionsTotal = 100
#idp.httpclient.maxConnectionsPerRoute = 100
+
+# These are deprecated properties that configure the old caching HttpClient
+# beans that are no longer supported. If you want to manually configure
+# the caching clients, you should define the beans yourself and if desired
+# rely on properties of your own devising.
#idp.httpclient.memorycaching.maxCacheEntries = 50
#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576
#idp.httpclient.filecaching.maxCacheEntries = 100
diff --git a/conf/services.xml b/conf/services.xml
index 5a4cdea..350f298 100644
--- a/conf/services.xml
+++ b/conf/services.xml
@@ -9,43 +9,7 @@
default-init-method="initialize"
default-destroy-method="destroy">
- <!-- Advanced configuration of services from HTTP.
-
- To use an HTTP resource you first need to configure the Apache HttpClient which will be used
- to communicate with the web server. Any HttpClient can be used, but two Factory Beans allow simple
- configuration of in-memory or file-based caching clients.
-
- Examples are:
-
- A resource which will be supplied from an in-memory cache for as long as the file on the webserver does not change.
- If the webserver becomes unavailable the resource will be unavailable.
-
- <bean id="inMemoryResource" class="net.shibboleth.ext.spring.resource.HTTPResource"
- c:client-ref="shibboleth.MemoryCachingHttpClient"
- c:url="http://example.org/path/to/file.xml" />
-
- Two resources which will be supplied from an on disk cache (suitable for multiple or large files) for as long
- as the file on the webserver does not change. If the webserver becomes unavailable the last used contents
- of the file will be returned (even if that was in a previous IdP lifetime).
-
- <bean id="fileResource" class="net.shibboleth.ext.spring.resource.FileBackedHTTPResource"
- c:client-ref="shibboleth.FileCachingHttpClient"
- c:url="http://example.org/path/to/file.xml"
- c:backingFile="/var/shibboleth/caches/resourcecache/file.xml"/>
-
- <bean id="otherFileResource" class="net.shibboleth.ext.spring.resource.FileBackedHTTPResource"
- c:client-ref="shibboleth.FileCachingHttpClient"
- c:url="http://another.server.example.org/path/to/different/file.xml"
- c:backingFile="/var/shibboleth/caches/resourcecache/differentFile.xml"/>
-
- In all cases you should review the "idp.httpclient.*" properties defined in services.properties
- -->
-
- <!--
- Otherwise by default we look at resources whose names are derived from %{idp.home}. Services not configured
- using native Spring syntax also need to load the property-placeholder file in order to pull settings from
- property sources.
- -->
+ <!-- By default we look at resources whose names are derived from %{idp.home}. -->
<!-- This set of resources supports a native Spring relying-party.xml file. -->
<util:list id="shibboleth.RelyingPartyResolverResources">
@@ -63,6 +27,10 @@
<value>%{idp.home}/conf/attribute-resolver.xml</value>
</util:list>
+ <!--
+ This is suitable for new installs but will usually produce duplicate Attribute
+ output if a legacy resolver file is used that contains AttributeEncoders.
+ -->
<util:list id ="shibboleth.AttributeRegistryResources">
<value>%{idp.home}/conf/attribute-registry.xml</value>
<value>%{idp.home}/system/conf/attribute-registry-system.xml</value>
From 54b4708a1e3a3d0199c70d313df4080940765d48 Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Tue, 30 Mar 2021 20:16:01 +0000
Subject: [PATCH 8/9] initial 4.1 config
---
README.md | 1 +
conf/access-control.xml | 2 +-
conf/admin/admin.properties | 55 +++++
conf/admin/general-admin.xml | 74 ------
conf/admin/metrics.xml | 11 +-
conf/attribute-resolver.xml | 21 +-
conf/attributes/inetOrgPerson.xml | 4 +-
conf/audit.xml | 2 +-
conf/authn/authn-comparison.xml | 73 ++----
conf/authn/authn.properties | 213 ++++++++++++++++++
conf/authn/discovery-config.xml | 34 ---
conf/authn/duo-authn-config.xml | 29 ---
conf/authn/duo.properties | 30 ---
conf/authn/external-authn-config.xml | 70 ------
conf/authn/function-authn-config.xml | 37 ---
conf/authn/general-authn.xml | 173 --------------
conf/authn/ipaddress-authn-config.xml | 37 ---
conf/authn/jaas-authn-config.xml | 25 --
conf/authn/jaas.config | 11 -
conf/authn/krb5-authn-config.xml | 29 ---
conf/authn/ldap-authn-config.xml | 32 ---
conf/authn/mfa-authn-config.xml | 78 -------
conf/authn/password-authn-config.xml | 56 +++--
conf/authn/remoteuser-authn-config.xml | 75 ------
.../remoteuser-internal-authn-config.xml | 63 ------
conf/authn/saml-authn-config.xml | 35 ---
conf/authn/spnego-authn-config.xml | 74 ------
conf/authn/x509-authn-config.xml | 44 ----
conf/authn/x509-internal-authn-config.xml | 21 --
.../attribute-sourced-subject-c14n-config.xml | 44 ----
conf/c14n/simple-subject-c14n-config.xml | 27 ---
conf/c14n/subject-c14n.properties | 40 ++++
conf/c14n/subject-c14n.xml | 9 +-
conf/c14n/x500-subject-c14n-config.xml | 37 ---
conf/cas-protocol.xml | 106 ---------
conf/errors.xml | 1 +
.../attribute-resolver-ldap.xml | 17 +-
conf/global.xml | 22 +-
conf/idp.properties | 64 +++---
conf/intercept/consent-intercept-config.xml | 118 ----------
.../context-check-intercept-config.xml | 63 ------
.../expiring-password-intercept-config.xml | 31 ---
conf/intercept/external-intercept-config.xml | 25 --
.../impersonate-intercept-config.xml | 25 --
conf/intercept/profile-intercept.xml | 42 ----
conf/ldap.properties | 9 +-
conf/logback.xml | 2 +-
conf/logback.xml.dist | 2 +-
conf/logback.xml.tmp3 | 191 ++++++++++++++++
conf/metadata-providers.xml | 10 +-
conf/relying-party.xml | 11 +-
conf/services.properties | 3 +-
conf/services.xml | 11 -
conf/session-manager.xml | 29 ---
credentials/idp-backchannel.crt | 46 ++--
credentials/idp-backchannel.p12 | Bin 3377 -> 3377 bytes
credentials/idp-encryption.crt | 44 ++--
credentials/idp-encryption.key | 74 +++---
credentials/idp-signing.crt | 44 ++--
credentials/idp-signing.key | 74 +++---
credentials/sealer.jks | Bin 502 -> 502 bytes
credentials/sealer.kver | 2 +-
credentials/secrets.properties | 2 +-
views/admin/hello.vm | 73 ++++++
views/admin/unlock-keys.vm | 97 --------
views/duo.vm | 83 -------
views/error.vm | 2 +
views/intercept/attribute-release.vm | 160 -------------
views/intercept/expiring-password.vm | 54 -----
views/intercept/impersonate.vm | 90 --------
views/intercept/terms-of-use.vm | 69 ------
views/login.vm | 2 +-
views/logout.vm | 2 -
views/spnego-unavailable.vm | 49 ----
74 files changed, 882 insertions(+), 2433 deletions(-)
create mode 100644 conf/admin/admin.properties
delete mode 100644 conf/admin/general-admin.xml
create mode 100644 conf/authn/authn.properties
delete mode 100644 conf/authn/discovery-config.xml
delete mode 100644 conf/authn/duo-authn-config.xml
delete mode 100644 conf/authn/duo.properties
delete mode 100644 conf/authn/external-authn-config.xml
delete mode 100644 conf/authn/function-authn-config.xml
delete mode 100644 conf/authn/general-authn.xml
delete mode 100644 conf/authn/ipaddress-authn-config.xml
delete mode 100644 conf/authn/jaas-authn-config.xml
delete mode 100644 conf/authn/jaas.config
delete mode 100644 conf/authn/krb5-authn-config.xml
delete mode 100644 conf/authn/ldap-authn-config.xml
delete mode 100644 conf/authn/mfa-authn-config.xml
delete mode 100644 conf/authn/remoteuser-authn-config.xml
delete mode 100644 conf/authn/remoteuser-internal-authn-config.xml
delete mode 100644 conf/authn/saml-authn-config.xml
delete mode 100644 conf/authn/spnego-authn-config.xml
delete mode 100644 conf/authn/x509-authn-config.xml
delete mode 100644 conf/authn/x509-internal-authn-config.xml
delete mode 100644 conf/c14n/attribute-sourced-subject-c14n-config.xml
delete mode 100644 conf/c14n/simple-subject-c14n-config.xml
create mode 100644 conf/c14n/subject-c14n.properties
delete mode 100644 conf/c14n/x500-subject-c14n-config.xml
delete mode 100644 conf/cas-protocol.xml
rename conf/{ => examples}/attribute-resolver-ldap.xml (84%)
delete mode 100644 conf/intercept/consent-intercept-config.xml
delete mode 100644 conf/intercept/context-check-intercept-config.xml
delete mode 100644 conf/intercept/expiring-password-intercept-config.xml
delete mode 100644 conf/intercept/external-intercept-config.xml
delete mode 100644 conf/intercept/impersonate-intercept-config.xml
delete mode 100644 conf/intercept/profile-intercept.xml
create mode 100644 conf/logback.xml.tmp3
delete mode 100644 conf/session-manager.xml
create mode 100644 views/admin/hello.vm
delete mode 100644 views/admin/unlock-keys.vm
delete mode 100644 views/duo.vm
delete mode 100644 views/intercept/attribute-release.vm
delete mode 100644 views/intercept/expiring-password.vm
delete mode 100644 views/intercept/impersonate.vm
delete mode 100644 views/intercept/terms-of-use.vm
delete mode 100644 views/spnego-unavailable.vm
diff --git a/README.md b/README.md
index 8fe42b3..dc2e6bd 100644
--- a/README.md
+++ b/README.md
@@ -14,3 +14,4 @@ to complete a deployment.
* Internal Testing - (TEST) branch/repo that uses the "test bed" which is something that I2 provides (LDAP) and an element to make all integrations. Appropriate for Jenkins and testing environments
* `release` branch
* External Testing - (RELEASE) branch/repo (ultimately will live in Subversion?) for end users
+
diff --git a/conf/access-control.xml b/conf/access-control.xml
index a9184e6..3853722 100644
--- a/conf/access-control.xml
+++ b/conf/access-control.xml
@@ -34,7 +34,7 @@
</entry>
<!--
- <entry key="AccessByUser">
+ <entry key="AccessByAdminUser">
<bean parent="shibboleth.PredicateAccessControl">
<constructor-arg>
<bean parent="shibboleth.Conditions.SubjectName" c:collection="#{'jdoe'}" />
diff --git a/conf/admin/admin.properties b/conf/admin/admin.properties
new file mode 100644
index 0000000..7f14b56
--- /dev/null
+++ b/conf/admin/admin.properties
@@ -0,0 +1,55 @@
+# Configure properties controlling administrative features
+
+#idp.status.logging = Status
+#idp.status.accessPolicy = AccessByIPAddress
+#idp.status.authenticated = false
+#idp.status.nonBrowserSupported = false
+#idp.status.resolveAttributes = false
+
+#idp.reload.logging = Reload
+#idp.reload.accessPolicy = AccessByIPAddress
+#idp.reload.authenticated = false
+#idp.reload.nonBrowserSupported = false
+#idp.reload.resolveAttributes = false
+
+#idp.resolvertest.logging = ResolverTest
+#idp.resolvertest.accessPolicy = AccessByIPAddress
+#idp.resolvertest.authenticated = false
+#idp.resolvertest.nonBrowserSupported = false
+#idp.resolvertest.resolveAttributes = false
+
+#idp.mdquery.logging = MetadataQuery
+#idp.mdquery.accessPolicy = AccessByIPAddress
+#idp.mdquery.authenticated = false
+#idp.mdquery.nonBrowserSupported = false
+#idp.mdquery.resolveAttributes = false
+
+#idp.metrics.logging = Metrics
+#idp.metrics.authenticated = false
+#idp.metrics.nonBrowserSupported = false
+#idp.metrics.resolveAttributes = false
+# See admin/metrics.xml for other configuration
+
+#idp.hello.logging = Hello
+#idp.hello.accessPolicy = AccessByAdminUser
+#idp.hello.authenticated = true
+#idp.hello.nonBrowserSupported = false
+#idp.hello.resolveAttributes = true
+
+#idp.lockout.logging = Lockout
+#idp.lockout.accessPolicy = AccessDenied
+#idp.lockout.authenticated = false
+#idp.lockout.nonBrowserSupported = false
+#idp.lockout.resolveAttributes = false
+
+#idp.storage.logging = Storage
+#idp.storage.accessPolicy = AccessDenied
+#idp.storage.authenticated = false
+#idp.storage.nonBrowserSupported = false
+#idp.storage.resolveAttributes = false
+
+#idp.unlock-keys.logging = UnlockKeys
+#idp.unlock-keys.accessPolicy = AccessDenied
+#idp.unlock-keys.authenticated = true
+#idp.unlock-keys.nonBrowserSupported = false
+#idp.unlock-keys.resolveAttributes = false
diff --git a/conf/admin/general-admin.xml b/conf/admin/general-admin.xml
deleted file mode 100644
index 2814bf6..0000000
--- a/conf/admin/general-admin.xml
+++ /dev/null
@@ -1,74 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <util:list id="shibboleth.AvailableAdminFlows">
-
- <!-- Status Page -->
- <bean parent="shibboleth.AdminFlow"
- c:id="http://shibboleth.net/ns/profiles/status"
- p:loggingId="%{idp.service.logging.status:Status}"
- p:policyName="%{idp.status.accessPolicy:AccessByIPAddress}" />
-
- <!-- Service Reload -->
- <bean parent="shibboleth.AdminFlow"
- c:id="http://shibboleth.net/ns/profiles/reload-service-configuration"
- p:loggingId="%{idp.service.logging.serviceReload:Reload}"
- p:policyName="%{idp.reload.accessPolicy:AccessByIPAddress}" />
-
- <!-- MetadataResolver Reload -->
- <bean parent="shibboleth.AdminFlow"
- c:id="http://shibboleth.net/ns/profiles/reload-metadata"
- p:loggingId="%{idp.service.logging.serviceReload:Reload}"
- p:policyName="%{idp.reload.accessPolicy:AccessByIPAddress}" />
-
- <!-- AttributeResolver Debugging -->
- <bean parent="shibboleth.AdminFlow"
- c:id="http://shibboleth.net/ns/profiles/resolvertest"
- p:loggingId="%{idp.service.logging.resolvertest:ResolverTest}"
- p:policyName="%{idp.resolvertest.accessPolicy:AccessByIPAddress}" />
-
- <!-- Metadata Query -->
- <bean parent="shibboleth.AdminFlow"
- c:id="http://shibboleth.net/ns/profiles/mdquery"
- p:loggingId="MetadataQuery"
- p:policyName="AccessByIPAddress" />
-
- <!-- REST AccountLockoutManager Access -->
- <bean parent="shibboleth.AdminFlow"
- c:id="http://shibboleth.net/ns/profiles/lockout-manager"
- p:loggingId="Lockout"
- p:policyName="AccessByIPAddress" />
-
- <!-- REST StorageService Access -->
- <bean parent="shibboleth.AdminFlow"
- c:id="http://shibboleth.net/ns/profiles/storage"
- p:loggingId="Storage"
- p:policyName="AccessByIPAddress" />
-
- <!-- REST Interface to Metrics -->
- <bean parent="shibboleth.AdminFlow"
- c:id="http://shibboleth.net/ns/profiles/metrics"
- p:loggingId="Metrics"
- p:policyNameLookupStrategy-ref="shibboleth.metrics.AccessPolicyStrategy" />
-
- <!-- Attended Startup Unlock -->
- <!--
- <bean parent="shibboleth.OneTimeAdminFlow"
- c:id="http://shibboleth.net/ns/profiles/unlock-keys"
- p:loggingId="UnlockKeys"
- p:authenticated="true"
- p:policyName="AccessByAdminUser" />
- -->
-
- </util:list>
-
-</beans>
diff --git a/conf/admin/metrics.xml b/conf/admin/metrics.xml
index fccf419..208ab6b 100644
--- a/conf/admin/metrics.xml
+++ b/conf/admin/metrics.xml
@@ -26,6 +26,7 @@
<ref bean="shibboleth.metrics.MetadataGaugeSet" />
<ref bean="shibboleth.metrics.NameIdentifierGaugeSet" />
<ref bean="shibboleth.metrics.RelyingPartyGaugeSet" />
+ <ref bean="shibboleth.metrics.AttributeRegistryGaugeSet" />
<ref bean="shibboleth.metrics.AttributeResolverGaugeSet" />
<ref bean="shibboleth.metrics.AttributeFilterGaugeSet" />
<ref bean="shibboleth.metrics.CASServiceRegistryGaugeSet" />
@@ -59,12 +60,20 @@
<entry key="metadata" value-ref="shibboleth.metrics.MetadataGaugeSet" />
<entry key="nameid" value-ref="shibboleth.metrics.NameIdentifierGaugeSet" />
<entry key="relyingparty" value-ref="shibboleth.metrics.RelyingPartyGaugeSet" />
+ <entry key="registry" value-ref="shibboleth.metrics.AttributeRegistryGaugeSet" />
<entry key="resolver" value-ref="shibboleth.metrics.AttributeResolverGaugeSet" />
<entry key="filter" value-ref="shibboleth.metrics.AttributeFilterGaugeSet" />
<entry key="cas" value-ref="shibboleth.metrics.CASServiceRegistryGaugeSet" />
<entry key="bean" value-ref="shibboleth.metrics.ManagedBeanGaugeSet" />
</util:map>
-
+
+ <!-- Add any desired properties into set to expose them as IdP metrics. -->
+ <!--
+ <util:set id="shibboleth.metrics.ExposedProperties">
+ <value>idp.entityID</value>
+ </util:set>
+ -->
+
<!-- If you don't specify an alternate access policy, this named policy will be enforced. -->
<bean id="shibboleth.metrics.DefaultAccessPolicy" class="java.lang.String" c:_0="AccessByIPAddress" />
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
index 0ee236b..8d16a59 100644
--- a/conf/attribute-resolver.xml
+++ b/conf/attribute-resolver.xml
@@ -1,17 +1,16 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
- This file is an EXAMPLE configuration file. While the configuration
- presented in this example file is semi-functional, it isn't very
- interesting. It is here only as a starting point for your deployment
- process.
-
- Very few attribute definitions and data connectors are demonstrated,
- and the data is derived statically from the logged-in username and a
- static example connector.
+This file is a rudimentary example. While it is semi-functional, it isn't very
+interesting. It is here only as a starting point for your deployment process
+to avoid any dependency on components like an LDAP directory.
- Attribute-resolver-full.xml contains more examples of attributes,
- encoders, and data connectors. Deployers should refer to the Shibboleth
- documentation for a complete list of components and their options.
+Very few attribute definitions and data connectors are demonstrated, and the
+data is derived statically from the logged-in username and a static example
+connector.
+
+The file(s) in the examples directory contain more examples that involve more
+complex approaches. Deployers should refer to the documentation for a complete
+list of possible components and their options.
-->
<AttributeResolver
xmlns="urn:mace:shibboleth:2.0:resolver"
diff --git a/conf/attributes/inetOrgPerson.xml b/conf/attributes/inetOrgPerson.xml
index da4cdcf..f2aebb1 100644
--- a/conf/attributes/inetOrgPerson.xml
+++ b/conf/attributes/inetOrgPerson.xml
@@ -447,8 +447,8 @@
<props merge="true">
<prop key="id">telephoneNumber</prop>
<prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
- <prop key="saml2.name">urn:mace:dir:attribute-def:telephoneNumber</prop>
- <prop key="saml1.name">urn:oid:2.5.4.20</prop>
+ <prop key="saml2.name">urn:oid:2.5.4.20</prop>
+ <prop key="saml1.name">urn:mace:dir:attribute-def:telephoneNumber</prop>
<prop key="displayName.en">Business phone number</prop>
<prop key="displayName.de">Telefon Geschäft</prop>
<prop key="displayName.fr">Teléphone professionnel</prop>
diff --git a/conf/audit.xml b/conf/audit.xml
index a9faf4c..42d82b8 100644
--- a/conf/audit.xml
+++ b/conf/audit.xml
@@ -19,7 +19,7 @@
<!-- Override the format of date/time fields in the log and/or convert to default time zone. -->
<!--
- <bean id="shibboleth.AuditDateTimeFormat" class="java.lang.String" c:_0="YYYY-MM-dd'T'HH:mm:ss.SSSZZ" />
+ <bean id="shibboleth.AuditDateTimeFormat" class="java.lang.String" c:_0="yyyy-MM-dd'T'HH:mm:ss.SSSZZ" />
<util:constant id="shibboleth.AuditDefaultTimeZone" static-field="java.lang.Boolean.TRUE" />
-->
diff --git a/conf/authn/authn-comparison.xml b/conf/authn/authn-comparison.xml
index dcf0271..0730bcb 100644
--- a/conf/authn/authn-comparison.xml
+++ b/conf/authn/authn-comparison.xml
@@ -12,62 +12,33 @@
default-destroy-method="destroy">
<!--
- These beans can be used in the AuthnComparisonRules map below instead of the defaults to
- support more advanced matching rules. The top example shows how to configure a matching rule,
- in this case a rule that the two listed classes are "better" than the password class.
-
- To use these beans, configure the matchingRules map as desired, and then reference the bean id in the
- desired value-ref slot in the AuthnComparisonRules map.
+ This is a map used to "weight" particular methods above others if the IdP has to randomly select one
+ to insert into a SAML authentication statement. The typical use shown below is to bias the IdP in favor
+ of expressing the SAML 2 PasswordProtectedTransport class over the more vanilla Password class on the
+ assumption that the IdP doesn't accept passwords via an insecure channel. This map never causes the IdP
+ to violate its matching rules if an RP requests a particular value; it only matters when nothing specific
+ is chosen. Anything not in the map has a weight of zero.
-->
- <bean id="shibboleth.BetterClassRefMatchFactory" parent="shibboleth.InexactMatchFactory">
- <!--
- <property name="matchingRules">
- <map>
- <entry key="urn:oasis:names:tc:SAML:2.0:ac:classes:Password">
- <list>
- <value>urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport</value>
- <value>urn:oasis:names:tc:SAML:2.0:ac:classes:TimeSyncToken</value>
- </list>
- </entry>
- </map>
- </property>
- -->
- </bean>
-
- <bean id="shibboleth.MinimumClassRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
-
- <bean id="shibboleth.MaximumClassRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
+ <util:map id="shibboleth.AuthenticationPrincipalWeightMap">
+ <entry>
+ <key>
+ <bean parent="shibboleth.SAML2AuthnContextClassRef"
+ c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
+ </key>
+ <value>1</value>
+ </entry>
+ </util:map>
- <!-- DeclRefs are rarely used in SAML, so you likely won't bother with these. -->
- <bean id="shibboleth.BetterDeclRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
- <bean id="shibboleth.MinimumDeclRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
- <bean id="shibboleth.MaximumDeclRefMatchFactory" parent="shibboleth.InexactMatchFactory" />
-
-
- <!-- Registry of matching rules. -->
-
+ <!--
+ Uncomment and add entries to this map to support "inexact" SAML RequestedAuthnContext operators.
+ Please refer to the AuthenticationFlowSelection documentation topic for details and examples.
+ -->
+ <!--
<util:map id="shibboleth.AuthnComparisonRules">
-
- <!-- Exact matching, should be left alone to avoid tricking the IdP into behaving incorrectly. -->
- <entry key-ref="shibboleth.SAMLAuthnMethodExact" value-ref="shibboleth.ExactMatchFactory"/>
- <entry key-ref="shibboleth.SAMLACClassRefExact" value-ref="shibboleth.ExactMatchFactory"/>
- <entry key-ref="shibboleth.SAMLACDeclRefExact" value-ref="shibboleth.ExactMatchFactory"/>
-
- <!-- Minimum matching, leave to allow degeneration into exact, or replace with custom rules. -->
- <entry key-ref="shibboleth.SAMLACClassRefMinimum" value-ref="shibboleth.ExactMatchFactory"/>
- <entry key-ref="shibboleth.SAMLACDeclRefMinimum" value-ref="shibboleth.ExactMatchFactory"/>
-
- <!-- Maximum matching, leave to allow degeneration into exact, or replace with custom rules. -->
- <entry key-ref="shibboleth.SAMLACClassRefMaximum" value-ref="shibboleth.ExactMatchFactory"/>
- <entry key-ref="shibboleth.SAMLACDeclRefMaximum" value-ref="shibboleth.ExactMatchFactory"/>
-
- <!-- Better matching, refers to empty ruleset that has to be populated to work. -->
- <entry key-ref="shibboleth.SAMLACClassRefBetter" value-ref="shibboleth.BetterClassRefMatchFactory"/>
- <entry key-ref="shibboleth.SAMLACDeclRefBetter" value-ref="shibboleth.BetterDeclRefMatchFactory"/>
-
</util:map>
-
+ -->
+
<!-- List of context classes or declarations to ignore if an SP requests them. -->
<util:list id="shibboleth.IgnoredContexts">
diff --git a/conf/authn/authn.properties b/conf/authn/authn.properties
new file mode 100644
index 0000000..56111ef
--- /dev/null
+++ b/conf/authn/authn.properties
@@ -0,0 +1,213 @@
+# Properties that control authentication generally and the behavior of
+# specific methods.
+
+# Regular expression matching login flows to enable, e.g. IPAddress|Password
+#idp.authn.flows = Password
+
+# Default settings for most authentication methods.
+#idp.authn.defaultLifetime = PT1H
+#idp.authn.defaultTimeout = PT30M
+#idp.authn.proxyRestrictionsEnforced = true
+
+# Whether to populate relying party user interface information for display
+# during authentication, consent, terms-of-use.
+#idp.authn.rpui = true
+
+# Whether to prioritize "active" results when an SP requests more than
+# one possible matching login method (V2 behavior was to favor them)
+#idp.authn.favorSSO = false
+
+# Whether to fail requests when a user identity after authentication
+# doesn't match the identity in a pre-existing session.
+#idp.authn.identitySwitchIsError = false
+
+# If using IdP discovery feature, provides a discovery location to use.
+#idp.authn.discoveryURL = https://ds.example.org/shibboleth-ds/index.html
+
+# Properties below override specific method behavior, as an alternative
+# to defining Spring beans in XML. Refer to the documentation for a complete
+# list. Many of the properties below are mentioned only because they are
+# atypical defaults assumed for a given method.
+
+# Flow selection among multiple equivalent options can be managed with
+# the order properties, lower will be tried first.
+
+#### Password ####
+
+#idp.authn.Password.order = 1000
+#idp.authn.Password.passiveAuthenticationSupported = true
+#idp.authn.Password.forcedAuthenticationSupported = true
+# Override this and removeAfterValidation to require all validators to succeed
+#idp.authn.Password.requireAll = false
+# Override to keep the password around
+#idp.authn.Password.removeAfterValidation = true
+# Override to store password in Java Subject
+#idp.authn.Password.retainAsPrivateCredential = false
+# Simple username transforms before validation
+#idp.authn.Password.trim = true
+#idp.authn.Password.lowercase = false
+#idp.authn.Password.uppercase = false
+#idp.authn.Password.matchExpression =
+# Override default form field names
+#idp.authn.Password.usernameFieldName = j_username
+#idp.authn.Password.passwordFieldName = j_password
+#idp.authn.Password.ssoBypassFieldName = donotcache
+# Unset if using customized Principals per validator
+#idp.authn.Password.addDefaultPrincipals = true
+# The Principal collection below is the typical default if not otherwise noted.
+#idp.authn.Password.supportedPrincipals = \
+# saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, \
+# saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password, \
+# saml1/urn:oasis:names:tc:SAML:1.0:am:password
+# Validators are controlled in password-authn-config.xml
+
+#### Password Backends ####
+
+# See ldap.properties for LDAP authn properties
+# Kerberos settings
+#idp.authn.Krb5.refreshConfig = false
+#idp.authn.Krb5.preserveTicket = false
+# Set next two for KDC verification
+#idp.authn.Krb5.servicePrincipal =
+#idp.authn.Krb5.keytab =
+# JAAS settings
+#idp.authn.JAAS.loginConfigNames = ShibUserPassAuth
+#idp.authn.JAAS.loginConfig = %{idp.home}/conf/authn/jaas.config
+
+#### External ####
+
+#idp.authn.External.order = 1000
+#idp.authn.External.nonBrowserSupported = false
+#idp.authn.External.matchExpression =
+# Unset if you plan to return full Java Subject from external source
+#idp.authn.External.addDefaultPrincipals = true
+# Servlet context-relative path to wherever your implementation lives
+idp.authn.External.externalAuthnPath = contextRelative:external.jsp
+
+#### RemoteUser ####
+
+#idp.authn.RemoteUser.order = 1000
+#idp.authn.RemoteUser.nonBrowserSupported = false
+#idp.authn.RemoteUser.matchExpression =
+# Unset in most cases only if using the authnMethodHeader or
+# subjectAttribute settings
+#idp.authn.RemoteUser.addDefaultPrincipals = true
+# Most other settings need to be supplied via web.xml to the servlet
+
+#### RemoteUserInternal ####
+
+#idp.authn.RemoteUserInternal.order = 1000
+#idp.authn.RemoteUserInternal.nonBrowserSupported = true
+# Unset in most cases only if using the authnMethodHeader feature
+#idp.authn.RemoteUserInternal.addDefaultPrincipals = true
+#idp.authn.RemoteUserInternal.checkRemoteUser = true
+# Comma-delimited lists of attributes or headers to pull from
+#idp.authn.RemoteUserInternal.checkAttributes =
+#idp.authn.RemoteUserInternal.checkHeaders =
+# Simple transforms to apply
+#idp.authn.RemoteUserInternal.trim = true
+#idp.authn.RemoteUserInternal.lowercase = false
+#idp.authn.RemoteUserInternal.uppercase = false
+#idp.authn.RemoteUserInternal.matchExpression =
+#idp.authn.RemoteUserInternal.allowedUsernames =
+#idp.authn.RemoteUserInternal.deniedUsernames =
+
+#### SPNEGO ####
+
+#idp.authn.SPNEGO.order = 1000
+#idp.authn.SPNEGO.nonBrowserSupported = false
+#idp.authn.SPNEGO.enforceRun = false
+#idp.authn.SPNEGO.refreshKrbConfig = false
+#idp.authn.SPNEGO.matchExpression =
+idp.authn.SPNEGO.supportedPrincipals = \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos, \
+ saml1/urn:ietf:rfc:1510
+
+#### X509 ####
+
+#idp.authn.X509.order = 1000
+#idp.authn.X509.nonBrowserSupported = false
+# Servlet context-relative path to wherever your implementation lives
+#idp.authn.X509.externalAuthnPath = contextRelative:x509-prompt.jsp
+idp.authn.X509.supportedPrincipals = \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, \
+ saml1/urn:ietf:rfc:2246
+
+#### X509Internal ####
+
+#idp.authn.X509Internal.order = 1000
+#idp.authn.X509Internal.nonBrowserSupported = false
+#idp.authn.X509Internal.saveCertificateToCredentialSet = true
+idp.authn.X509Internal.supportedPrincipals = \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:X509, \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient, \
+ saml1/urn:ietf:rfc:2246
+
+#### IPAddress ####
+
+#idp.authn.IPAddress.order = 1000
+#idp.authn.IPAddress.passiveAuthenticationSupported = true
+#idp.authn.IPAddress.lifetime = PT60S
+#idp.authn.IPAddress.inactivityTimeout = PT60S
+idp.authn.IPAddress.supportedPrincipals = \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol
+
+#### Function ####
+
+#idp.authn.Function.order = 1000
+#idp.authn.Function.passiveAuthenticationSupported = true
+# Unset if you plan to return full Java Subject from function
+#idp.authn.Function.addDefaultPrincipals = true
+
+#### Duo ####
+
+#idp.authn.Duo.order = 1000
+#idp.authn.Duo.nonBrowserSupported = false
+#idp.authn.Duo.forcedAuthenticationSupported = true
+# Unset if you have advanced Duo integrations with individualized Principals
+#idp.authn.Duo.addDefaultPrincipals = true
+# The list below should be changed to reflect whatever locally- or
+# community-defined values are appropriate to represent Duo. It is
+# strongly advised that the value not be specific to Duo or any
+# particular technology to avoid lock-in.
+idp.authn.Duo.supportedPrincipals = \
+ saml2/http://example.org/ac/classes/mfa, \
+ saml1/http://example.org/ac/classes/mfa
+# Default Duo integration settings are defined separately
+# in duo.properties due to the sensitivity of the secret key.
+
+
+#### SAML ####
+
+#idp.authn.SAML.order = 1000
+#idp.authn.SAML.nonBrowserSupported = false
+#idp.authn.SAML.passiveAuthenticationSupported = true
+#idp.authn.SAML.forcedAuthenticationSupported = true
+#idp.authn.SAML.proxyScopingEnforced = true
+# Discovery options:
+# Define shibboleth.authn.SAML.discoveryFunction bean
+# Set proxyEntityID property
+# Fall through to discovery via discoveryRequired property
+#idp.authn.SAML.proxyEntityID = https://idp.example.org/idp/shibboleth
+#idp.authn.SAML.discoveryRequired = true
+# Generally left false with bidirectional mappings in
+# conf/authn/authn-comparison.xml across the proxy boundary.
+#idp.authn.SAML.addDefaultPrincipals = false
+
+#### MFA ####
+
+#idp.authn.MFA.order = 1000
+#idp.authn.MFA.passiveAuthenticationSupported = true
+#idp.authn.MFA.forcedAuthenticationSupported = true
+#idp.authn.MFA.validateLoginTransitions = true
+# The list below almost certainly requires changes, and should generally be the
+# union of any of the separate factors you combine in your particular MFA flow
+# rules. The example corresponds to the example in mfa-authn-config.xml that
+# combines IPAddress with Password.
+idp.authn.MFA.supportedPrincipals = \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol, \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, \
+ saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password, \
+ saml1/urn:oasis:names:tc:SAML:1.0:am:password
+# Most actual setup via mfa-authn-config.xml
diff --git a/conf/authn/discovery-config.xml b/conf/authn/discovery-config.xml
deleted file mode 100644
index e21e3fd..0000000
--- a/conf/authn/discovery-config.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Specify discovery service location. -->
-
- <bean id="shibboleth.authn.discoveryURL" class="java.lang.String"
- c:_0="https://ds.example.org/shibboleth-ds/index.html" />
-
- <!-- Alternatively specify a Function<ProfileRequestContext,String> to return the URL. -->
- <!--
- <bean id="shibboleth.authn.discoveryURLStrategy"
- parent="shibboleth.ContextFunction.Scripted" factory-method="inlineScript">
- <constructor-arg>
- <value>
- <![CDATA[
- "https://ds.example.org/shibboleth-ds/index.html";
- ]]>
- </value>
- </constructor-arg>
- </bean>
- -->
-
-</beans>
diff --git a/conf/authn/duo-authn-config.xml b/conf/authn/duo-authn-config.xml
deleted file mode 100644
index 2867f48..0000000
--- a/conf/authn/duo-authn-config.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize" default-destroy-method="destroy">
-
- <!--
- By default, the Duo flow will use statically-defined integrations defined with the
- duo.properties file. If you need more flexibility, you can define a function bean
- called "shibboleth.authn.Duo.DuoIntegrationStrategy" to return an instance of
- net.shibboleth.idp.authn.duo.DuoIntegration based on the state of the request.
- A second bean, "shibboleth.authn.Duo.NonBrowser.DuoIntegrationStrategy", can be
- supplied to use the AuthAPI for non-browser profiles.
-
- The Duo flow is designed to operate in conjunction with some other login flow,
- usually orchestrated by the MFA login flow. It obtains the username to send to
- Duo based on the output of the other login flow or a previous session with the
- user. You can override that approach using a function bean called
- "shibboleth.authn.Duo.UsernameLookupStrategy" to supply the username from a
- different source.
-
- Various other beans are supported, per the documentation.
- -->
-
-</beans>
diff --git a/conf/authn/duo.properties b/conf/authn/duo.properties
deleted file mode 100644
index cb4b4aa..0000000
--- a/conf/authn/duo.properties
+++ /dev/null
@@ -1,30 +0,0 @@
-## Duo integration settings
-
-## Note: If upgrading from pre-3.3 IdP versions, you will need to manually add a pointer
-## to this property file to idp.properties.
-
-## The first set of properties support DuoWeb "iframe" integration.
-
-idp.duo.apiHost = hostname
-idp.duo.applicationKey = key
-idp.duo.integrationKey = key
-idp.duo.secretKey = key
-
-## The second set are used for direct AuthAPI usage for ECP support.
-## A seperate integration has to be created for this to work.
-
-#idp.duo.nonbrowser.apiHost = %{idp.duo.apiHost}
-#idp.duo.nonbrowser.applicationKey = key
-#idp.duo.nonbrowser.integrationKey = key
-#idp.duo.nonbrowser.secretKey = key
-
-## Request header names for Duo non-browser credentials.
-# idp.duo.nonbrowser.header.factor = X-Shibboleth-Duo-Factor
-# idp.duo.nonbrowser.header.device = X-Shibboleth-Duo-Device
-# idp.duo.nonbrowser.header.passcode = X-Shibboleth-Duo-Passcode
-
-## Enables auto selection of factor/device if not specified by client.
-# idp.duo.nonbrowser.auto = true
-
-## Enables transmission of client address to Duo during authentication.
-# idp.duo.nonbrowser.clientAddressTrusted = true
diff --git a/conf/authn/external-authn-config.xml b/conf/authn/external-authn-config.xml
deleted file mode 100644
index 9d6652a..0000000
--- a/conf/authn/external-authn-config.xml
+++ /dev/null
@@ -1,70 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Servlet context-relative path to wherever your implementation lives. -->
- <bean id="shibboleth.authn.External.externalAuthnPath" class="java.lang.String"
- c:_0="contextRelative:external.jsp" />
-
- <!--
- Default is to always use the path in the bean above. If you want to determine it
- dynamically, define a bean called "shibboleth.authn.External.externalAuthnPathStrategy"
- of type Function<ProfileRequestContext,String> that returns the path to use.
- -->
-
- <!--
- Add authentication flow descriptor's supportedPrincipals collection to the resulting Subject?
- You would normally only unset this if you plan to return a fully decorated Java Subject from your
- external authentication source.
- -->
- <util:constant id="shibboleth.authn.External.addDefaultPrincipals" static-field="java.lang.Boolean.TRUE" />
-
- <!--
- <bean id="shibboleth.authn.External.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
- c:_0="^(.+)@example\.edu]$" />
- -->
-
- <!--
- Define entries here to map error messages returned by external modules and classify them as particular
- kinds of errors for use in your templates and as events in flows.
-
- Keys are events to signal, values are error codes.
-
- The examples here just allow external signaling of the exact type of condition to record.
-
- If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
- -->
- <util:map id="shibboleth.authn.External.ClassifiedMessageMap">
- <entry key="UnknownUsername">
- <list>
- <value>UnknownUsername</value>
- </list>
- </entry>
- <entry key="InvalidPassword">
- <list>
- <value>InvalidPassword</value>
- </list>
- </entry>
- <entry key="ExpiredPassword">
- <list>
- <value>ExpiredPassword</value>
- </list>
- </entry>
- <entry key="ExpiringPassword">
- <list>
- <value>ExpiringPassword</value>
- </list>
- </entry>
- </util:map>
-
-</beans>
diff --git a/conf/authn/function-authn-config.xml b/conf/authn/function-authn-config.xml
deleted file mode 100644
index cf7876a..0000000
--- a/conf/authn/function-authn-config.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- Add authentication flow descriptor's supportedPrincipals collection to the resulting Subject?
- You would normally only unset this if you plan to return a completely constructed Subject from
- your authentication function.
- -->
- <util:constant id="shibboleth.authn.Function.addDefaultPrincipals" static-field="java.lang.Boolean.TRUE" />
-
- <!--
- The entire flow depends on the execution of a function bean you supply. A pathological script example
- is below. The function may return a String, Principal, Subject, or a null to signal failure.
- -->
-
- <bean id="shibboleth.authn.Function.ResultLookupStrategy"
- parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript">
- <constructor-arg>
- <value>
- <![CDATA[
- null;
- ]]>
- </value>
- </constructor-arg>
- </bean>
-</beans>
diff --git a/conf/authn/general-authn.xml b/conf/authn/general-authn.xml
deleted file mode 100644
index b936f97..0000000
--- a/conf/authn/general-authn.xml
+++ /dev/null
@@ -1,173 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- This file provisions the IdP with information about the configured login mechanisms available for use.
- The actual beans and subflows that make up those mechanisms are in their own files, but this pulls them
- together with deployer-supplied metadata to describe them to the system.
-
- You can turn on and off individual mechanisms by adding and remove them here. Nothing left out will
- be used, regardless any other files loaded by the Spring container.
-
- Flow defaults include: no support for IsPassive/ForceAuthn, support for non-browser clients enabled,
- and default timeout and lifetime values set via properties. We also default to supporting the SAML 1/2
- expressions for password-based authentication over a secure channel, so anything more exotic requires
- customization, as the examples below for IP address and SPNEGO authentication illustrate.
- -->
-
- <util:list id="shibboleth.AvailableAuthenticationFlows">
-
- <bean id="authn/IPAddress" parent="shibboleth.AuthenticationFlow"
- p:passiveAuthenticationSupported="true"
- p:lifetime="PT60S" p:inactivityTimeout="PT60S">
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/SPNEGO" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false">
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Kerberos" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:ietf:rfc:1510" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/Function" parent="shibboleth.AuthenticationFlow" />
-
- <bean id="authn/X509" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false">
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:ietf:rfc:2246" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/X509Internal" parent="shibboleth.AuthenticationFlow">
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:X509" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:ietf:rfc:2246" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/Password" parent="shibboleth.AuthenticationFlow"
- p:passiveAuthenticationSupported="true"
- p:forcedAuthenticationSupported="true" />
-
- <bean id="authn/Duo" parent="shibboleth.AuthenticationFlow"
- p:forcedAuthenticationSupported="true"
- p:nonBrowserSupported="false">
- <!--
- The list below should be changed to reflect whatever locally- or
- community-defined values are appropriate to represent MFA. It is
- strongly advised that the value not be specific to Duo or any
- particular technology.
- -->
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="http://example.org/ac/classes/mfa" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="http://example.org/ac/classes/mfa" />
- </list>
- </property>
- </bean>
-
- <bean id="authn/MFA" parent="shibboleth.AuthenticationFlow"
- p:passiveAuthenticationSupported="true"
- p:forcedAuthenticationSupported="true">
- <!--
- The list below almost certainly requires changes, and should generally be the
- union of any of the separate factors you combine in your particular MFA flow
- rules. The example corresponds to the example in mfa-authn-config.xml that
- combines IPAddress with Password.
- -->
- <property name="supportedPrincipals">
- <list>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:oasis:names:tc:SAML:1.0:am:password" />
- </list>
- </property>
- </bean>
-
- <!-- This is a flow for proxied SAML authentication to another IdP. -->
-
- <bean id="authn/SAML" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false"
- p:passiveAuthenticationSupported="true"
- p:forcedAuthenticationSupported="true"
- p:proxyScopingEnforced="true"
- p:discoveryRequired="true" />
-
- <!--
- These flows are often, though not exclusively, used to proxy authentication, so may need
- the proxyScopingEnforced flag enabled by hand to honor RP/local proxy count limits,
- and may optionally trigger discovery via the discoveryRequired flag.
- -->
-
- <bean id="authn/External" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false" />
-
- <bean id="authn/RemoteUser" parent="shibboleth.AuthenticationFlow"
- p:nonBrowserSupported="false" />
-
- <bean id="authn/RemoteUserInternal" parent="shibboleth.AuthenticationFlow" />
-
- </util:list>
-
- <!--
- This is a map used to "weight" particular methods above others if the IdP has to randomly select one
- to insert into a SAML authentication statement. The typical use shown below is to bias the IdP in favor
- of expressing the SAML 2 PasswordProtectedTransport class over the more vanilla Password class on the
- assumption that the IdP doesn't accept passwords via an insecure channel. This map never causes the IdP
- to violate its matching rules if an RP requests a particular value; it only matters when nothing specific
- is chosen. Anything not in the map has a weight of zero.
- -->
-
- <util:map id="shibboleth.AuthenticationPrincipalWeightMap">
- <entry>
- <key>
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
- </key>
- <value>1</value>
- </entry>
- </util:map>
-
-</beans>
diff --git a/conf/authn/ipaddress-authn-config.xml b/conf/authn/ipaddress-authn-config.xml
deleted file mode 100644
index a3ee096..0000000
--- a/conf/authn/ipaddress-authn-config.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
-
- <!-- Apply any regular expression replacement pairs to address before validation. -->
- <util:list id="shibboleth.authn.IPAddress.Transforms" />
-
- <!--
- Configure the address range(s) and principal name(s) for IP-based login here.
- The ranges provided MUST be CIDR network expressions. To specify a single address,
- add "/32" or "/128" for IPv4 or IPv6 respectively.
- -->
-
-
- <util:map id="shibboleth.authn.IPAddress.Mappings">
- <!--
- <entry key="jdoe">
- <list>
- <value>127.0.0.1/32</value>
- <value>::1/128</value>
- </list>
- </entry>
- -->
- </util:map>
-
-</beans>
diff --git a/conf/authn/jaas-authn-config.xml b/conf/authn/jaas-authn-config.xml
deleted file mode 100644
index 7edd41c..0000000
--- a/conf/authn/jaas-authn-config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Specify your JAAS config. -->
- <bean id="JAASConfig" class="org.springframework.core.io.FileSystemResource" c:path="%{idp.home}/conf/authn/jaas.config" />
-
- <util:property-path id="shibboleth.authn.JAAS.JAASConfigURI" path="JAASConfig.URI" />
-
- <!-- Specify the application name(s) in the JAAS config. -->
- <util:list id="shibboleth.authn.JAAS.LoginConfigNames">
- <value>ShibUserPassAuth</value>
- </util:list>
-
-</beans>
diff --git a/conf/authn/jaas.config b/conf/authn/jaas.config
deleted file mode 100644
index 232e93d..0000000
--- a/conf/authn/jaas.config
+++ /dev/null
@@ -1,11 +0,0 @@
-ShibUserPassAuth {
- /*
- com.sun.security.auth.module.Krb5LoginModule required;
- */
-
- org.ldaptive.jaas.LdapLoginModule required
- ldapUrl="ldap://localhost:10389"
- baseDn="ou=people,dc=example,dc=org"
- userFilter="uid={user}";
-
-};
\ No newline at end of file
diff --git a/conf/authn/krb5-authn-config.xml b/conf/authn/krb5-authn-config.xml
deleted file mode 100644
index f826f30..0000000
--- a/conf/authn/krb5-authn-config.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <util:constant id="shibboleth.authn.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" />
-
- <util:constant id="shibboleth.authn.Krb5.PreserveTicket" static-field="java.lang.Boolean.FALSE" />
-
- <!--
- Uncomment these beans to perform KDC verification using a service principal and keytab.
- The keytab bean must be an absolute file pathname and not a reference to a classpath resource,
- so if idp.home is not a path, don't use it in the value.
- -->
- <!--
- <bean id="shibboleth.authn.Krb5.ServicePrincipal" class="java.lang.String" c:_0="SERVICE/principal" />
- <bean id="shibboleth.authn.Krb5.Keytab" class="java.lang.String" c:_0="%{idp.home}/credentials/keytab" />
- -->
-
-</beans>
diff --git a/conf/authn/ldap-authn-config.xml b/conf/authn/ldap-authn-config.xml
deleted file mode 100644
index 22a760b..0000000
--- a/conf/authn/ldap-authn-config.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans" xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p" xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
- default-init-method="initialize"
- default-destroy-method="destroy"
- default-lazy-init="true">
-
- <!--
- Default behavior is to rely on properties to populate the various beans.
- You can override these, particularly shibboleth.authn.LDAP.authenticator,
- to customize the settings or avoid use of properties.
-
- Be cautious of any direct dependency on ldaptive classes to simplify upgrades.
- -->
-
- <bean id="shibboleth.authn.LDAP.returnAttributes" parent="shibboleth.CommaDelimStringArray">
- <constructor-arg type="java.lang.String" value="%{idp.authn.LDAP.returnAttributes:1.1}" />
- </bean>
-
- <bean id="shibboleth.authn.LDAP.trustCertificates" parent="shibboleth.X509ResourceCredentialConfig"
- p:trustCertificates="%{idp.authn.LDAP.trustCertificates:undefined}" />
-
- <bean id="shibboleth.authn.LDAP.truststore" parent="shibboleth.KeystoreResourceCredentialConfig"
- p:truststore="%{idp.authn.LDAP.trustStore:undefined}" />
-
- <bean id="shibboleth.authn.LDAP.authenticator" parent="shibboleth.LDAPAuthenticationFactory" lazy-init="true" />
-
-</beans>
diff --git a/conf/authn/mfa-authn-config.xml b/conf/authn/mfa-authn-config.xml
deleted file mode 100644
index 3bfbcbb..0000000
--- a/conf/authn/mfa-authn-config.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- This is a map of transition rules that guide the behavior of the MFA flow
- and controls how factors are sequenced, skipped, etc. The key of each entry
- is the name of the step/flow out of which control is passing. The starting
- rule has an empty key.
-
- Each entry is a bean inherited from "shibboleth.authn.MFA.Transition". Per
- the Javadoc for net.shibboleth.idp.authn.MultiFactorAuthenticationTransition:
-
- p:nextFlow (String)
- - A flow to run if the previous step signaled a "proceed" event, for simple
- transitions.
-
- p:nextFlowStrategy (Function<ProfileRequestContext,String>)
- - A function to run if the previous step signaled a "proceed" event, for dynamic
- transitions. Returning null ends the MFA process.
-
- p:nextFlowStrategyMap (Map<String,Object> where Object is String or Function<ProfileRequestContext,String>)
- - Fully dynamic way of expressing control paths. Map is keyed by a previously
- signaled event and the value is a flow to run or a function to
- return the flow to run. Returning null ends the MFA process.
-
- When no rule is provided, there's an implicit "null" that ends the MFA flow
- with whatever event was last signaled. If the "proceed" event from a step is
- the final event, then the MFA process attempts to complete itself successfully.
- -->
- <util:map id="shibboleth.authn.MFA.TransitionMap">
- <!-- First rule runs the IPAddress login flow. -->
- <entry key="">
- <bean parent="shibboleth.authn.MFA.Transition" p:nextFlow="authn/IPAddress" />
- </entry>
-
- <!--
- Second rule runs a function if IPAddress succeeds, to determine whether an additional
- factor is required.
- -->
- <entry key="authn/IPAddress">
- <bean parent="shibboleth.authn.MFA.Transition" p:nextFlowStrategy-ref="checkSecondFactor" />
- </entry>
-
- <!-- An implicit final rule will return whatever the final flow returns. -->
- </util:map>
-
- <!-- Example script to see if second factor is required. -->
- <bean id="checkSecondFactor" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript">
- <constructor-arg>
- <value>
- <![CDATA[
- nextFlow = "authn/Password";
-
- // Check if second factor is necessary for request to be satisfied.
- authCtx = input.getSubcontext("net.shibboleth.idp.authn.context.AuthenticationContext");
- mfaCtx = authCtx.getSubcontext("net.shibboleth.idp.authn.context.MultiFactorAuthenticationContext");
- if (mfaCtx.isAcceptable()) {
- nextFlow = null;
- }
-
- nextFlow; // pass control to second factor or end with the first
- ]]>
- </value>
- </constructor-arg>
- </bean>
-
-</beans>
diff --git a/conf/authn/password-authn-config.xml b/conf/authn/password-authn-config.xml
index 73ac7f8..4529b6f 100644
--- a/conf/authn/password-authn-config.xml
+++ b/conf/authn/password-authn-config.xml
@@ -13,34 +13,18 @@
default-destroy-method="destroy">
<!--
- You can optionally comment out anything you don't need, but make sure not to
- reference the corresponding validator in the list below if you do remove any.
- -->
- <import resource="jaas-authn-config.xml" />
- <import resource="krb5-authn-config.xml" />
- <import resource="ldap-authn-config.xml" />
+ Ordered list of CredentialValidators to apply to a request.
- <!-- Ordered list of CredentialValidators to apply to a request. -->
+ The four supplied variants are shown below; the HTPasswd option
+ is an OOB default for demo account purposes, and you will
+ want to remove it after initial install and testing.
+ -->
<util:list id="shibboleth.authn.Password.Validators">
<ref bean="shibboleth.LDAPValidator" />
+ <!-- <ref bean="shibboleth.KerberosValidator" /> -->
+ <!-- <ref bean="shibboleth.JAASValidator" /> -->
+ <!-- <bean parent="shibboleth.HTPasswdValidator" p:resource="%{idp.home}/credentials/demo.htpasswd" /> -->
</util:list>
-
- <!-- Controls whether all validators in the above bean have to succeed, or just one. -->
- <util:constant id="shibboleth.authn.Password.RequireAll" static-field="java.lang.Boolean.FALSE"/>
-
-
- <!-- Names of form fields to pull username and password from. -->
- <bean id="shibboleth.authn.Password.UsernameFieldName" class="java.lang.String" c:_0="j_username" />
- <bean id="shibboleth.authn.Password.PasswordFieldName" class="java.lang.String" c:_0="j_password" />
- <bean id="shibboleth.authn.Password.SSOBypassFieldName" class="java.lang.String" c:_0="donotcache" />
-
- <!-- Simple transforms to apply to username before validation. -->
- <util:constant id="shibboleth.authn.Password.Lowercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.authn.Password.Uppercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.authn.Password.Trim" static-field="java.lang.Boolean.TRUE"/>
-
- <!-- Set to TRUE if you want the password kept in the resulting Subject as a private credential. -->
- <util:constant id="shibboleth.authn.Password.RetainAsPrivateCredential" static-field="java.lang.Boolean.FALSE"/>
<!-- Apply any regular expression replacement pairs to username before validation. -->
<util:list id="shibboleth.authn.Password.Transforms">
@@ -58,7 +42,7 @@
p:lockoutDuration="PT5M"
p:extendLockoutDuration="false" />
-->
-
+
<!--
Define entries here to map error messages detected by validation actions and classify them as particular
kinds of errors for use in your templates and as events in flows.
@@ -72,7 +56,12 @@
<value>UnknownUsername</value>
<value>CLIENT_NOT_FOUND</value>
<value>Client not found</value>
+ <value>Cannot get kdc for realm</value>
+ <value>Client not found in Kerberos database</value>
<value>DN_RESOLUTION_FAILURE</value>
+ <value>Cannot authenticate dn, invalid dn</value>
+ <value>Cannot authenticate dn, invalid credential</value>
+ <value>AcceptSecurityContext error, data 525</value>
</list>
</entry>
<entry key="InvalidPassword">
@@ -81,17 +70,31 @@
<value>PREAUTH_FAILED</value>
<value>INVALID_CREDENTIALS</value>
<value>Checksum failed</value>
+ <value>Integrity check on decrypted field failed</value>
+ <value>Pre-authentication information was invalid</value>
+ <value>Key bytes cannot be null</value>
+ <value>AcceptSecurityContext error, data 52e</value>
</list>
</entry>
<entry key="AccountLocked">
<list>
<value>AccountLocked</value>
<value>Clients credentials have been revoked</value>
+ <value>AcceptSecurityContext error, data 775</value>
+ </list>
+ </entry>
+ <entry key="AccountDisabled">
+ <list>
+ <value>AcceptSecurityContext error, data 533</value>
</list>
</entry>
<entry key="ExpiredPassword">
<list>
<value>PASSWORD_EXPIRED</value>
+ <value>CLIENT KEY EXPIRED</value>
+ <value>AcceptSecurityContext error, data 532</value>
+ <value>AcceptSecurityContext error, data 773</value>
+ <value>AcceptSecurityContext error, data 701</value>
</list>
</entry>
<entry key="ExpiringPassword">
@@ -107,6 +110,9 @@
</util:map>
<!--
+ WARNING: This set of features is generally discouraged in favor of the MFA flow,
+ and while not deprecated, is not recommended for new deployments.
+
Configuration of "extended" login methods to offer in the password login form.
The String bean is a regular expression identifying the flows to offer. These flows
diff --git a/conf/authn/remoteuser-authn-config.xml b/conf/authn/remoteuser-authn-config.xml
deleted file mode 100644
index 4b7e722..0000000
--- a/conf/authn/remoteuser-authn-config.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Servlet context-relative path to wherever your implementation lives. -->
- <bean id="shibboleth.authn.RemoteUser.externalAuthnPath" class="java.lang.String"
- c:_0="contextRelative:Authn/RemoteUser" />
-
- <!--
- Default is to always use the path in the bean above. If you want to determine it
- dynamically, define a bean called "shibboleth.authn.RemoteUser.externalAuthnPathStrategy"
- of type Function<ProfileRequestContext,String> that returns the path to use.
- -->
-
- <!--
- Add authentication flow descriptor's supportedPrincipals collection to the resulting Subject?
- You would normally only unset this if you plan to use the authnMethodHeader servlet parameter to
- supply authentication method string(s) from the external authentication system.
- -->
- <util:constant id="shibboleth.authn.RemoteUser.addDefaultPrincipals" static-field="java.lang.Boolean.TRUE" />
-
- <!--
- <bean id="shibboleth.authn.RemoteUser.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
- c:_0="^(.+)@example\.edu]$" />
- -->
-
- <!--
- Define entries here to map error messages returned by external modules and classify them as particular
- kinds of errors for use in your templates and as events in flows.
-
- Keys are events to signal, values are error codes.
-
- The examples here just allow external signaling of an exact condition.
-
- If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
- -->
- <util:map id="shibboleth.authn.RemoteUser.ClassifiedMessageMap">
- <entry key="ReselectFlow">
- <list>
- <value>NoCredentials</value>
- </list>
- </entry>
- <entry key="UnknownUsername">
- <list>
- <value>UnknownUsername</value>
- </list>
- </entry>
- <entry key="InvalidPassword">
- <list>
- <value>InvalidPassword</value>
- </list>
- </entry>
- <entry key="ExpiredPassword">
- <list>
- <value>ExpiredPassword</value>
- </list>
- </entry>
- <entry key="ExpiringPassword">
- <list>
- <value>ExpiringPassword</value>
- </list>
- </entry>
- </util:map>
-
-</beans>
diff --git a/conf/authn/remoteuser-internal-authn-config.xml b/conf/authn/remoteuser-internal-authn-config.xml
deleted file mode 100644
index 9e68c85..0000000
--- a/conf/authn/remoteuser-internal-authn-config.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Check getRemoteUser() for identity (the typical case). -->
- <util:constant id="shibboleth.authn.RemoteUser.checkRemoteUser" static-field="java.lang.Boolean.TRUE"/>
-
- <!-- Populate one or both of the lists below to define HTTP headers or Servlet Attributes to check. -->
-
- <util:list id="shibboleth.authn.RemoteUser.checkHeaders">
- <!--
- <value>User-Identity</value>
- -->
- </util:list>
-
- <util:list id="shibboleth.authn.RemoteUser.checkAttributes">
- <!--
- <value>User-Identity</value>
- -->
- </util:list>
-
- <!-- Simple transforms to apply to username before validation. -->
- <util:constant id="shibboleth.authn.RemoteUser.Lowercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.authn.RemoteUser.Uppercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.authn.RemoteUser.Trim" static-field="java.lang.Boolean.TRUE"/>
-
- <!-- Apply any regular expression replacement pairs before validation. -->
- <util:list id="shibboleth.authn.RemoteUser.Transforms">
- <!--
- <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
- -->
- </util:list>
-
- <!-- Uncomment/configure to install username whitelist, blacklist, and/or match expressions. -->
-
- <util:list id="shibboleth.authn.RemoteUser.whitelistedUsernames">
- <!--
- <value>goodguy</value>
- -->
- </util:list>
-
- <util:list id="shibboleth.authn.RemoteUser.blacklistedUsernames">
- <!--
- <value>badguy</value>
- -->
- </util:list>
-
- <!--
- <bean id="shibboleth.authn.RemoteUser.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
- c:_0="^(.+)@example\.edu]$" />
- -->
-
-</beans>
diff --git a/conf/authn/saml-authn-config.xml b/conf/authn/saml-authn-config.xml
deleted file mode 100644
index 4ff55f9..0000000
--- a/conf/authn/saml-authn-config.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- Optional Function<ProfileRequest,String> to supply name of proxied IdP,
- otherwise flow assumes IdP discovery has been performed already.
- -->
- <!--
- <bean id="shibboleth.authn.SAML.discoveryFunction" parent="shibboleth.Functions.Constant"
- c:target="https://idp.example.org/idp/shibboleth" />
- -->
-
- <!--
- Add authentication flow descriptor's supportedPrincipals collection to the
- resulting Subject? This may be problematic if it happens without regard for
- the information returned in the assertion from the IdP, so changing this is
- likely to lead to violations of intent.
-
- Usually this should be left FALSE, and appropriate bidirectional mappings defined
- via conf/authn/authn-comparison.xml to translate across the proxy boundary.
- -->
- <util:constant id="shibboleth.authn.SAML.addDefaultPrincipals" static-field="java.lang.Boolean.FALSE"/>
-
-</beans>
diff --git a/conf/authn/spnego-authn-config.xml b/conf/authn/spnego-authn-config.xml
deleted file mode 100644
index 6c0fa48..0000000
--- a/conf/authn/spnego-authn-config.xml
+++ /dev/null
@@ -1,74 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- General Configuration -->
-
- <!--
- Enforce running SPNEGO for all users, independent of user's autologin state.
- TRUE means that SPNEGO login is always tried (if available).
- FALSE means that SPNEGO login is run only if the user has enabled autologin.
- -->
- <util:constant id="shibboleth.authn.SPNEGO.EnforceRun" static-field="java.lang.Boolean.FALSE" />
-
- <!-- Kerberos Configuration-->
-
- <!-- General Kerberos Settings -->
-
- <util:constant id="shibboleth.authn.SPNEGO.Krb5.RefreshConfig" static-field="java.lang.Boolean.FALSE" />
-
- <!-- Kerberos Service Principal(s) -->
-
- <!--
- For each service principal/realm, a "RealmSettings" bean must be created.
- For each "RealmSettings" bean, the following settings are supported:
- p:servicePrincipal: - kerberos service principal (required)
- p:keytab: - path to the keytab file containing the kerberos service principal's credentials
- (optional; either "p:keytab" or "p:password" is required)
- p:password: - kerberos service principal's password
- (optional; either "p:keytab" or "p:password" is required)
- -->
- <util:list id="shibboleth.authn.SPNEGO.Krb5.Realms">
-
- <bean parent="shibboleth.KerberosRealmSettings"
- p:servicePrincipal="HTTP/aai-logon.domain_a.com@DOMAIN_A.COM"
- p:keytab="%{idp.home}/credentials/http_domainA.keytab" />
-
- </util:list>
-
- <!--
- <bean id="shibboleth.authn.SPNEGO.matchExpression" class="java.util.regex.Pattern" factory-method="compile"
- c:_0="^(.+)@example\.edu$" />
- -->
-
- <!--
- Define entries here to map events or error messages returned by the SPNEGO module
- and classify them as particular kinds of errors for use in your templates and as
- events in flows.
-
- Keys are events to signal, values are error codes.
- -->
- <util:map id="shibboleth.authn.SPNEGO.ClassifiedMessageMap">
- <entry key="SPNEGONotAvailable">
- <list>
- <value>SPNEGONotAvailable</value>
- </list>
- </entry>
- <entry key="NTLMUnsupported">
- <list>
- <value>NTLMUnsupported</value>
- </list>
- </entry>
- </util:map>
-
-</beans>
diff --git a/conf/authn/x509-authn-config.xml b/conf/authn/x509-authn-config.xml
deleted file mode 100644
index 18b015a..0000000
--- a/conf/authn/x509-authn-config.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Servlet context-relative path to wherever your implementation lives. -->
- <bean id="shibboleth.authn.X509.externalAuthnPath" class="java.lang.String"
- c:_0="contextRelative:x509-prompt.jsp" />
-
- <!--
- Default is to always use the path in the bean above. If you want to determine it
- dynamically, define a bean called "shibboleth.authn.X509.externalAuthnPathStrategy"
- of type Function<ProfileRequestContext,String> that returns the path to use.
- -->
-
- <!--
- Define entries here to map error messages returned by external modules and classify them as particular
- kinds of errors for use in your templates and as events in flows.
-
- Keys are events to signal, values are error codes.
-
- The examples here just allow external signaling of an exact condition.
-
- If you want to "fall-through" to other login flows, include a mapping to "ReselectFlow".
- -->
- <util:map id="shibboleth.authn.X509.ClassifiedMessageMap">
- <entry key="ReselectFlow">
- <list>
- <value>NoCredentials</value>
- <value>InvalidCredentials</value>
- </list>
- </entry>
- </util:map>
-
-</beans>
diff --git a/conf/authn/x509-internal-authn-config.xml b/conf/authn/x509-internal-authn-config.xml
deleted file mode 100644
index bad3029..0000000
--- a/conf/authn/x509-internal-authn-config.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- You can define a TrustEngine to apply to any candidate certificates by defining a bean named
- "shibboleth.authn.X509.TrustEngine". You could also define that in conf/global.xml if you need
- to share one between the internal and external versions of this flow.
- -->
-
-</beans>
diff --git a/conf/c14n/attribute-sourced-subject-c14n-config.xml b/conf/c14n/attribute-sourced-subject-c14n-config.xml
deleted file mode 100644
index 938b30f..0000000
--- a/conf/c14n/attribute-sourced-subject-c14n-config.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- A list of attributes to resolve for normalizing the subject. For example, you might
- intend to lookup a uid in a directory based on what the user entered. You can make this
- an empty list if you just want to resolve everything you normally would.
- -->
- <util:list id="shibboleth.c14n.attribute.AttributesToResolve">
- <value>altuid</value>
- </util:list>
-
- <!--
- A list of attributes to search for a value to produce as the normalized subject name.
- This will normally be something you resolve above.
- -->
- <util:list id="shibboleth.c14n.attribute.AttributeSourceIds">
- <value>altuid</value>
- </util:list>
-
- <!-- Simple transforms to apply to attribute value used for canonicalization result. -->
- <util:constant id="shibboleth.c14n.attribute.Lowercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.c14n.attribute.Uppercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.c14n.attribute.Trim" static-field="java.lang.Boolean.TRUE"/>
-
- <!-- Apply any regular expression replacement pairs. -->
- <util:list id="shibboleth.c14n.attribute.Transforms">
- <!--
- <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
- -->
- </util:list>
-
-</beans>
diff --git a/conf/c14n/simple-subject-c14n-config.xml b/conf/c14n/simple-subject-c14n-config.xml
deleted file mode 100644
index 3cddfa6..0000000
--- a/conf/c14n/simple-subject-c14n-config.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Simple transforms to apply to username after authentication. -->
- <util:constant id="shibboleth.c14n.simple.Lowercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.c14n.simple.Uppercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.c14n.simple.Trim" static-field="java.lang.Boolean.TRUE"/>
-
- <!-- Apply any regular expression replacement pairs after authentication. -->
- <util:list id="shibboleth.c14n.simple.Transforms">
- <!--
- <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
- -->
- </util:list>
-
-</beans>
diff --git a/conf/c14n/subject-c14n.properties b/conf/c14n/subject-c14n.properties
new file mode 100644
index 0000000..3811493
--- /dev/null
+++ b/conf/c14n/subject-c14n.properties
@@ -0,0 +1,40 @@
+# Properties that control the behavior of post-login subject c14n flows.
+# A few more advanced settings require XML configuration, see flow-specific docs.
+
+
+# Simple username -> principal name c14n
+#idp.c14n.simple.lowercase = false
+#idp.c14n.simple.uppercase = false
+#idp.c14n.simple.trim = true
+
+
+# Attribute resolution -> principal name c14n
+#idp.c14n.attribute.lowercase = false
+#idp.c14n.attribute.uppercase = false
+#idp.c14n.attribute.trim = true
+# Lists of attributes to resolve...
+#idp.c14n.attribute.attributesToResolve =
+# and then select a principal name from
+#idp.c14n.attribute.attributeSourceIds =
+# Allows direct use of attributes via SAML proxy authn, bypasses resolver
+#idp.c14n.attribute.resolveFromSubject = false
+#idp.c14n.attribute.resolutionCondition = shibboleth.Conditions.TRUE
+
+# X.509 certificate -> principal name c14n
+#idp.c14n.x500.lowercase = false
+#idp.c14n.x500.uppercase = false
+#idp.c14n.x500.trim = true
+# Precedence is to check for a subjectAltName and then an OID RDN
+# Comma-delimited list of subjectAltName type numbers
+# (See https://tools.ietf.org/html/rfc5280#section-4.2.1.6)
+#idp.c14n.x500.subjectAltNameTypes =
+# Comma-delimited list of OIDS
+#idp.c14n.x500.objectIDs =
+
+# Proxied SAML NameID -> principal name c14n
+#idp.c14n.saml.proxy.lowercase = false
+#idp.c14n.saml.proxy.uppercase = false
+
+# NameID consumption from SAML requests
+#idp.c14n.saml.lowercase = false
+#idp.c14n.saml.uppercase = false
diff --git a/conf/c14n/subject-c14n.xml b/conf/c14n/subject-c14n.xml
index e4b772f..b354535 100644
--- a/conf/c14n/subject-c14n.xml
+++ b/conf/c14n/subject-c14n.xml
@@ -21,6 +21,8 @@
principal name.
Flows are identified with an ID that corresponds to a Spring Web Flow subflow name.
+
+ Most of the simple settings that configure these flows are in subject-c14n.properties.
-->
<!--
@@ -31,9 +33,8 @@
<util:list id="shibboleth.PostLoginSubjectCanonicalizationFlows">
<!--
This is an advanced post-login step that performs attribute resolution and then produces a username
- from an attribute value. Most of this configuration is handled by attribute-sourced-c14n-config.xml.
- To enable universally, just uncomment, but if you want it to run under more specific conditions,
- set an activationCondition property to a condition function to use to control when it should run.
+ from an attribute value. To enable universally, just uncomment, but if you want it to run under more
+ specific conditions, set an activationCondition property to a condition to apply.
-->
<!-- <bean id="c14n/attribute" parent="shibboleth.PostLoginSubjectCanonicalizationFlow" /> -->
@@ -54,7 +55,7 @@
<!--
This is the standard post-login step that returns a username derived from the login process. If you
have more complex needs such as mapping a certificate DN into a principal name, an alternative may
- be required such as that above, but you can configure simple transforms in simple-subject-c14n-config.xml
+ be required such as that above, but you can use this for simple transforms.
-->
<ref bean="c14n/simple" />
</util:list>
diff --git a/conf/c14n/x500-subject-c14n-config.xml b/conf/c14n/x500-subject-c14n-config.xml
deleted file mode 100644
index 1ae25e4..0000000
--- a/conf/c14n/x500-subject-c14n-config.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- First priority is given to any subjectAltNames specified (emailAddress is 1) -->
- <util:list id="shibboleth.c14n.x500.SubjectAltNameTypes">
- <!-- <value>1</value> -->
- </util:list>
-
- <!-- Second priority is a list of Certificate Subject RDN OIDs to look for. -->
- <util:list id="shibboleth.c14n.x500.ObjectIDs">
- <value>2.5.4.3</value>
- </util:list>
-
- <!-- Simple transforms to apply to username after authentication. -->
- <util:constant id="shibboleth.c14n.x500.Lowercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.c14n.x500.Uppercase" static-field="java.lang.Boolean.FALSE"/>
- <util:constant id="shibboleth.c14n.x500.Trim" static-field="java.lang.Boolean.TRUE"/>
-
- <!-- Apply any regular expression replacement pairs after authentication. -->
- <util:list id="shibboleth.c14n.x500.Transforms">
- <!--
- <bean parent="shibboleth.Pair" p:first="^(.+)@example\.edu$" p:second="$1" />
- -->
- </util:list>
-
-</beans>
diff --git a/conf/cas-protocol.xml b/conf/cas-protocol.xml
deleted file mode 100644
index 2eb1733..0000000
--- a/conf/cas-protocol.xml
+++ /dev/null
@@ -1,106 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:util="http://www.springframework.org/schema/util"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- | The CAS service registry defines verified relying parties by endpoint URI.
- | The default implementation treats the ID of each entry as a regular expression defining a logical group of
- | services whose URIs match the expression.
- |
- | This bean is reloaded periodically according to %{idp.home}/conf/services.properties.
- -->
- <bean id="reloadableServiceRegistry"
- class="%{idp.cas.serviceRegistryClass:net.shibboleth.idp.cas.service.PatternServiceRegistry}">
- <property name="definitions">
- <list>
- <!--
- <bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
- c:regex="https://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*"
- p:group="proxying-services"
- p:authorizedToProxy="true"
- p:singleLogoutParticipant="true" />
- <bean class="net.shibboleth.idp.cas.service.ServiceDefinition"
- c:regex="http://([A-Za-z0-9_-]+\.)*example\.org(:\d+)?/.*"
- p:group="non-proxying-services"
- p:authorizedToProxy="false" /
- -->
- </list>
- </property>
- </bean>
-
- <!--
- | Uncomment this bean if you want to override the default list of CAS service registries.
- | The default configuration tries to find the relying party in a SAML metadata source and falls back to
- | reloadableServiceRegistry if a match is not found.
- -->
- <!--<util:list id="shibboleth.CASServiceRegistries">
- <ref bean="shibboleth.CASMetadataServiceRegistry" />
- <ref bean="shibboleth.CASServiceRegistry" />
- </util:list>-->
-
- <!--
- | The default ticket service as of 3.3.0 serializes ticket data into the opaque section of the ticket ID
- | for service tickets and proxy tickets. Proxy-granting tickets still require server-side storage, and
- | a StorageService defined by the idp.cas.StorageService is used. Thus for deployers that do not require
- | CAS proxy capabilities, no stateful storage mechanism is required; that means no memcached or database
- | is required for HA deployments that want CAS (without proxy) support. A notable limitation of the new
- | component is that the one-time use feature of service and proxy tickets is not available due to the lack
- | of a ticket-tracking mechanism. Instead, tickets expire when their expiration period is exceeded.
- | If this limitation is of concern, one may consider decreasing ticketValidityPeriod on the profile
- | configuration from the default 15000ms.
- -->
- <alias name="encodingTicketService" alias="shibboleth.CASTicketService" />
-
- <!--
- | Uncomment the following element and comment out the above to enable the previous default ticket service
- | that uses a StorageService for ticket persistence. Use this if the one-time use limitation of
- | EncodingTicketService is problematic and can't be mitigated by decreasing ticketValidityPeriod.
- -->
- <!--<alias name="simpleTicketService" alias="shibboleth.CASTicketService" /> -->
-
- <!--
- | The predicate used to determine whether IdP session validation is performed during the process of granting
- | a proxy ticket. When the predicate evaluates to true, an IdP session is resolved and validated prior to
- | granting a proxy ticket. This feature prevents issuing proxy tickets when an IdP session is expired, but comes
- | at the cost of requiring server-side storage of IdP session data. If this is configured to a predicate that
- | evaluates to true under any condition, a server-side storage service must be enabled for IdP session
- | storage. The most common non-default value is "alwaysTrue."
- -->
- <bean id="shibboleth.CASProxyValidateIdPSessionPredicate" parent="shibboleth.Conditions.FALSE" />
-
- <!--
- | Uncomment the following bean if you want to ignore jsessionid artifacts in service URLs.
- | Those sorts of URLs are commonly emitted by Java servlet-based web applications.
- -->
- <!--<bean id="shibboleth.CASServiceComparator"
- class="net.shibboleth.idp.cas.service.DefaultServiceComparator"
- c:parameterNames="[a-z]+sessionid" />-->
-
- <!--
- | Define the list of static certificates that you trust to secure CAS proxy callback endpoints.
- | Typically these are CA certificates and apply to _all_ CAS proxy callback endpoints.
- | This facility complements the capability to supply relying-party-specific certificates in SAML metadata,
- | which is the preferred mechanism to specify CAS proxy trust material. In the case of metadata, self-signed
- | certificates are recommended.
- -->
- <util:list id="shibboleth.CASProxyTrustedCertificates" value-type="java.lang.String">
- <!--<value>%{idp.home}/credentials/your_ca.pem</value>-->
- </util:list>
-
-
- <!-- ============== Advanced CAS Configuration ============== -->
-
- <!-- Configure a third-party ticket service. -->
- <!--
- <bean id="shibboleth.CASTicketService"
- class="org.example.idp.cas.CustomTicketService" />
- -->
-</beans>
\ No newline at end of file
diff --git a/conf/errors.xml b/conf/errors.xml
index a5a8790..a9730c0 100644
--- a/conf/errors.xml
+++ b/conf/errors.xml
@@ -26,6 +26,7 @@
<entry key="ImpersonationViolation" value="true" />
<entry key="AttributeReleaseRejected" value="true" />
<entry key="TermsRejected" value="true" />
+ <entry key="EndpointResolutionFailed" value="true" />
<entry key="RuntimeException" value="false" />
<entry key="InvalidEvent" value="false" />
<entry key="InvalidCSRFToken" value="false" />
diff --git a/conf/attribute-resolver-ldap.xml b/conf/examples/attribute-resolver-ldap.xml
similarity index 84%
rename from conf/attribute-resolver-ldap.xml
rename to conf/examples/attribute-resolver-ldap.xml
index 19b68d6..ec375b4 100644
--- a/conf/attribute-resolver-ldap.xml
+++ b/conf/examples/attribute-resolver-ldap.xml
@@ -62,6 +62,10 @@
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
+ connectionStrategy="%{idp.attribute.resolver.LDAP.connectionStrategy}"
+ noResultIsError="true"
+ multipleResultsIsError="true"
+ excludeResolutionPhases="c14n/attribute"
exportAttributes="mail displayName sn givenName departmentNumber employeeNumber eduPersonEntitlement eduPersonAssurance">
<FilterTemplate>
<![CDATA[
@@ -74,17 +78,24 @@
blockWaitTime="%{idp.pool.LDAP.blockWaitTime:PT3S}"
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
+ validateDN="%{idp.pool.LDAP.validateDN:}"
+ validateFilter="%{idp.pool.LDAP.validateFilter:(objectClass=*)}"
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
</DataConnector>
- <!-- DataConector for pairwise-id (example depends on saml-nameid.properties). -->
-
+ <!--
+ DataConnector for pairwise-id (example depends in part on saml-nameid.properties).
+ Note that this relies on BASE32 encoding in accordance with the attribute definition.
+ Older uses of this plugin for legacy eduPersonTargetedID/NameID values may require
+ different settings.
+ -->
<!--
<DataConnector id="computed" xsi:type="ComputedId"
+ excludeResolutionPhases="c14n/attribute"
generatedAttributeID="computedId"
salt="%{idp.persistentId.salt}"
algorithm="%{idp.persistentId.algorithm:SHA}"
- encoding="%{idp.persistentId.encoding:BASE32}">
+ encoding="BASE32">
<InputDataConnector ref="myLDAP" attributeNames="%{idp.persistentId.sourceAttribute}" />
diff --git a/conf/global.xml b/conf/global.xml
index 457a814..c485f3f 100644
--- a/conf/global.xml
+++ b/conf/global.xml
@@ -15,23 +15,23 @@
<!-- Use this file to define any custom beans needed globally. -->
<!--
- Algorithm whitelists and blacklists that override or merge with library defaults. Normally you can leave
- these empty or commented and use the system defaults, but you can override those defaults using these lists.
- Each <value> element is an algorithm URI, or you can use <util:constant> elements in place of literal values.
+ Algorithm include/exclude sets that override or merge with library defaults. Normally you can leave these
+ empty or commented and use the system defaults, but you can override those defaults using these beans.
+ Each <value> element is an algorithm URI; you can also use <util:constant> elements in place of literal values.
-->
<!--
- <util:list id="shibboleth.SignatureWhitelist">
- </util:list>
+ <util:set id="shibboleth.IncludedSignatureAlgorithms">
+ </util:set>
- <util:list id="shibboleth.SignatureBlacklist">
- </util:list>
+ <util:set id="shibboleth.ExcludedSignatureAlgorithms">
+ </util:set>
- <util:list id="shibboleth.EncryptionWhitelist">
- </util:list>
+ <util:set id="shibboleth.IncludedEncryptionAlgorithms">
+ </util:set>
- <util:list id="shibboleth.EncryptionBlacklist">
- </util:list>
+ <util:set id="shibboleth.ExcludedEncryptionAlgorithms">
+ </util:set>
-->
<!--
diff --git a/conf/idp.properties b/conf/idp.properties
index 7ea2766..24c20d9 100644
--- a/conf/idp.properties
+++ b/conf/idp.properties
@@ -1,5 +1,9 @@
-# Load any additional property resources from a comma-delimited list
-idp.additionalProperties=/conf/ldap.properties, /conf/saml-nameid.properties, /conf/services.properties, /conf/authn/duo.properties, /credentials/secrets.properties
+# Auto-load all files matching conf/**/*.properties
+# Disable if you want to manually maintain a list of sources.
+idp.searchForProperties=true
+
+# Load any "outside-tree" property sources from a comma-delimited list
+idp.additionalProperties=/credentials/secrets.properties
# In most cases (and unless noted in the surrounding comments) the
# commented settings in the distributed files document default behavior.
@@ -72,6 +76,10 @@ idp.encryption.cert=%{idp.home}/credentials/idp-encryption.crt
# The new install default for encryption is now AES-GCM.
idp.encryption.config=shibboleth.EncryptionConfiguration.GCM
+# Sets the default strategy for key agreement key wrap usage for credentials from metadata,
+# if not otherwise configured on the security configuration
+#idp.encryption.keyagreement.metadata.defaultUseKeyWrap = Default
+
# Configures trust evaluation of keys used by services at runtime
# Internal default is Chaining, overriden for new installs
idp.trust.signatures=shibboleth.ExplicitKeySignatureTrustEngine
@@ -123,28 +131,13 @@ idp.session.secondaryServiceIndex=true
# Length of time to track SP sessions
#idp.session.defaultSPlifetime = PT2H
-# Regular expression matching login flows to enable, e.g. IPAddress|Password
-idp.authn.flows=Password
-
-# Default lifetime and timeout of various authentication methods
-#idp.authn.defaultLifetime = PT60M
-#idp.authn.defaultTimeout = PT30M
-
-# Whether to populate relying party user interface information for display
-# during authentication, consent, terms-of-use.
-#idp.authn.rpui = true
-
-# Whether to prioritize "active" results when an SP requests more than
-# one possible matching login method (V2 behavior was to favor them)
-#idp.authn.favorSSO = false
-
-# Whether to fail requests when a user identity after authentication
-# doesn't match the identity in a pre-existing session.
-#idp.authn.identitySwitchIsError = false
-
# Set to "shibboleth.StorageService" or custom bean for alternate storage of consent
#idp.consent.StorageService = shibboleth.ClientPersistentStorageService
+# Default consent auditing formats
+#idp.consent.terms-of-use.auditFormat = %T|%SP|%e|%u|%CCI|%CCV|%CCA
+#idp.consent.attribute-release.auditFormat = %T|%SP|%e|%u|%CCI|%CCV|%CCA
+
# Set to "shibboleth.consent.AttributeConsentStorageKey" to use an attribute
# to key user consent storage records (and set the attribute name)
#idp.consent.attribute-release.userStorageKey = shibboleth.consent.PrincipalConsentStorageKey
@@ -169,7 +162,18 @@ idp.authn.flows=Password
#idp.consent.expandedMaxStoredRecords = 0
# Time in milliseconds to expire consent storage records.
-#idp.consent.storageRecordLifetime = P1Y
+# Leave commented out for the default of infinite
+#idp.consent.storageRecordLifetime =
+
+# Path to use with External interceptor flow
+#idp.intercept.External.externalPath = contextRelative:intercept.jsp
+
+# Policies to use with Impersonate interceptor flow
+#idp.impersonate.generalPolicy = GeneralImpersonationPolicy
+#idp.impersonate.specificPolicy = SpecificImpersonationPolicy
+
+# Picks outbound bindings more sensibly than based on metadata order
+idp.bindings.inMetadataOrder=false
# Whether to lookup metadata, etc. for every SP involved in a logout
# for use by user interface logic; adds overhead so off by default.
@@ -202,11 +206,10 @@ idp.authn.flows=Password
# browser-supported languages, defaults to an empty list.
idp.ui.fallbackLanguages=en,fr,de
-# Storage service used by CAS protocol
+# Storage service used by CAS protocol for chained proxy-granting tickets
+# and when using server-managed "simple" TicketService.
# Defaults to shibboleth.StorageService (in-memory)
# MUST be server-side storage (e.g. in-memory, memcached, database)
-# NOTE that idp.session.StorageService requires server-side storage
-# when CAS protocol is enabled
#idp.cas.StorageService=shibboleth.StorageService
# CAS service registry implementation class
@@ -216,11 +219,12 @@ idp.ui.fallbackLanguages=en,fr,de
#idp.cas.relyingPartyIdFromMetadata=false
# F-TICKS auditing - set a salt to include hashed username
-#idp.fticks.federation=MyFederation
-#idp.fticks.algorithm=SHA-256
-#idp.fticks.salt=somethingsecret
-#idp.fticks.loghost=localhost
-#idp.fticks.logport=514
+#idp.fticks.federation = MyFederation
+#idp.fticks.condition = MyFTICKSCondition
+#idp.fticks.algorithm = SHA-256
+#idp.fticks.salt = somethingsecret
+#idp.fticks.loghost = localhost
+#idp.fticks.logport = 514
# Set false if you want SAML bindings "spelled out" in audit log
idp.audit.shortenBindings=true
diff --git a/conf/intercept/consent-intercept-config.xml b/conf/intercept/consent-intercept-config.xml
deleted file mode 100644
index 6e899e6..0000000
--- a/conf/intercept/consent-intercept-config.xml
+++ /dev/null
@@ -1,118 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Terms of Use configuration -->
-
- <!--
- Terms of use is driven by a lookup function returning a key into messages/consent-messages.properties
-
- The default mapping returns the relying party / SP name as the key. The second example below
- demonstrates use of a custom mapping table from the relying party name to the key to use.
- -->
-
- <alias alias="shibboleth.consent.terms-of-use.Key" name="shibboleth.RelyingPartyIdLookup.Simple" />
-
- <!--
- <bean id="shibboleth.consent.terms-of-use.Key" parent="shibboleth.Functions.Compose">
- <constructor-arg name="g">
- <bean class="com.google.common.base.Functions" factory-method="forMap" c:defaultValue="terms-of-use">
- <constructor-arg name="map">
- <map>
- <entry key="https://sp.example.org/shibboleth" value="example-terms" />
- </map>
- </constructor-arg>
- </bean>
- </constructor-arg>
- <constructor-arg name="f">
- <ref bean="shibboleth.RelyingPartyIdLookup.Simple" />
- </constructor-arg>
- </bean>
- -->
-
- <!-- Attribute Release configuration -->
-
- <!--
- Attribute release whitelist, blacklist, and match expressions to determine
- whether consent should be obtained for an attribute based on the attribute ID.
- -->
-
- <util:list id="shibboleth.consent.attribute-release.WhitelistedAttributeIDs">
- <!--
- <value>mail</value>
- -->
- </util:list>
-
- <util:list id="shibboleth.consent.attribute-release.BlacklistedAttributeIDs">
- <value>samlPairwiseID</value>
- </util:list>
-
- <!--
- <bean id="shibboleth.consent.attribute-release.MatchExpression" class="java.util.regex.Pattern" factory-method="compile"
- c:_0="^exampleAttribute.*$" />
- -->
-
- <!--
- Customize the order in which attributes are displayed.
- Attribute IDs not present in this list will be sorted according to their
- natural order and displayed subsequent to any attribute IDs specified here.
- -->
- <!--
- <util:list id="shibboleth.consent.attribute-release.AttributeDisplayOrder">
- <value>mail</value>
- </util:list>
- -->
-
- <!--
- These beans define mappings between audit log categories and formatting strings.
- -->
-
- <!--
- For terms-of-use acceptance, the default entry is :
- 'YYYYMMDDTHHMMSSZ|TermsAccepted|jdoe|example-tou-1|rHo...rrw=|true'
-
- For terms-of-use refusal, the default entry is :
- 'YYYYMMDDTHHMMSSZ|TermsRejected|jdoe|example-tou-1|rHo...rrw=|false'
- -->
- <util:map id="shibboleth.consent.terms-of-use.AuditFormattingMap">
- <entry key="Shibboleth-Consent-Audit" value="%T|%SP|%e|%u|%CCI|%CCV|%CCA" />
- </util:map>
-
- <!--
- For attribute-release consent, the default entry is :
- 'YYYYMMDDTHHMMSSZ|https://sp.example.org|AttributeReleaseConsent|jdoe|email,eduPersonAffiliation|rHo...rrw=,rHo...rrw=|false,false'
- -->
- <util:map id="shibboleth.consent.attribute-release.AuditFormattingMap">
- <entry key="Shibboleth-Consent-Audit" value="%T|%SP|%e|%u|%CCI|%CCV|%CCA" />
- </util:map>
-
- <!--
- Specify custom symbolic replacements for attribute names to shrink the size of results saved to client-side storage
- such as cookies.
- -->
- <bean id="shibboleth.consent.AttributeSymbolics" parent="shibboleth.consent.DefaultAttributeSymbolics" lazy-init="true">
- <property name="sourceMap">
- <map merge="true">
- <!--
- <entry key="myAttribute" value="900" />
- -->
- </map>
- </property>
- </bean>
-
- <!--
- Condition to evaluate to apply attribute-release consent to attribute queries.
- -->
- <bean id="shibboleth.consent.AttributeQuery.Condition" parent="shibboleth.Conditions.FALSE" />
-
-</beans>
\ No newline at end of file
diff --git a/conf/intercept/context-check-intercept-config.xml b/conf/intercept/context-check-intercept-config.xml
deleted file mode 100644
index aae07f0..0000000
--- a/conf/intercept/context-check-intercept-config.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- Condition to evaluate to interrupt SSO flows to check the state of the transaction before allowing.
-
- Typically the flow itself will be activated based on configuration in relying-party.xml, and this controls
- whether to proceed if the flow is activated. The most common use for this flow is to check the set of
- resolved/filtered attributes and values to see if the user is authorized or provisioned into a service.
- -->
- <bean id="shibboleth.context-check.Condition" parent="shibboleth.Conditions.AND">
- <constructor-arg>
- <list>
- <bean parent="shibboleth.Conditions.RelyingPartyId" c:candidates="#{{'https://sp.example.org'}}" />
- <bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate"
- p:useUnfilteredAttributes="true">
- <property name="attributeValueMap">
- <map>
- <entry key="eppn">
- <list>
- <value>*</value>
- </list>
- </entry>
- </map>
- </property>
- </bean>
- </list>
- </constructor-arg>
- </bean>
-
- <!--
- More general purpose approach using a Function that returns either "proceed" or a custom error Event.
- This is a cleaner way of applying multiple conditions in different cases or triggering different events.
- -->
- <!--
- <bean id="shibboleth.context-check.Function" parent="shibboleth.ContextFunctions.Scripted" factory-method="inlineScript"
- p:customObject-ref="shibboleth.context-check.Condition">
- <constructor-arg>
- <value>
- <![CDATA[
- var event = "proceed";
- if (!custom.apply(input)) {
- event = "ContextCheckDenied";
- }
- event;
- ]]>
- </value>
- </constructor-arg>
- </bean>
- -->
-
-</beans>
\ No newline at end of file
diff --git a/conf/intercept/expiring-password-intercept-config.xml b/conf/intercept/expiring-password-intercept-config.xml
deleted file mode 100644
index b3bf96d..0000000
--- a/conf/intercept/expiring-password-intercept-config.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- Condition to evaluate to determine if expiring password view should be displayed, false means to notify.
-
- The example uses a built-in class to evaluate an attribute containing a date/time of password expiration.
- The format pattern parses the value and the negative offset determines how soon to warn the user beforehand.
- -->
- <bean id="shibboleth.expiring-password.Condition" class="net.shibboleth.idp.profile.logic.DateAttributePredicate"
- c:attribute="passwordExpiration" c:formatString="yyyyMMddHHmmss'T'"
- p:resultIfMissing="true" p:offset="-P14D" />
-
- <!-- Name of cookie to track when user was last notified. -->
- <bean id="shibboleth.expiring-password.NotifyCookieName" class="java.lang.String" c:_0="shib_idp_exp_pwd" />
-
- <!-- Interval (milliseconds) between notifications, default is 8 hours. -->
- <bean id="shibboleth.expiring-password.NotifyInterval" class="java.lang.Long" c:_0="28800000" />
-
-</beans>
diff --git a/conf/intercept/external-intercept-config.xml b/conf/intercept/external-intercept-config.xml
deleted file mode 100644
index 1d0fc29..0000000
--- a/conf/intercept/external-intercept-config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Servlet context-relative path to wherever your implementation lives. -->
- <bean id="shibboleth.intercept.externalPath" class="java.lang.String"
- c:_0="contextRelative:intercept.jsp" />
-
- <!--
- Default is to always use the path in the bean above. If you want to determine it
- dynamically, define a bean called "shibboleth.intercept.externalPathStrategy"
- of type Function<ProfileRequestContext,String> that returns the path to use.
- -->
-
-</beans>
diff --git a/conf/intercept/impersonate-intercept-config.xml b/conf/intercept/impersonate-intercept-config.xml
deleted file mode 100644
index 7dfda2b..0000000
--- a/conf/intercept/impersonate-intercept-config.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- Names of access control policies defined in access-control.xml to control impersonation.
- The general policy runs first and determines whether to offer the impersonation option.
- The specific policy runs second and determines whether to allow the requested impersonation.
- -->
-
- <bean id="shibboleth.impersonate.GeneralPolicy" class="java.lang.String" c:_0="GeneralImpersonationPolicy" />
-
- <bean id="shibboleth.impersonate.SpecificPolicy" class="java.lang.String" c:_0="SpecificImpersonationPolicy" />
-
-</beans>
diff --git a/conf/intercept/profile-intercept.xml b/conf/intercept/profile-intercept.xml
deleted file mode 100644
index f086cfa..0000000
--- a/conf/intercept/profile-intercept.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util"
- xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!--
- Intercept flows are used at various injection points to modify processing. This is the master list
- of flows available that provide interesting features to deployers, but flows are actually enabled by
- specifying them in various profile configuration beans via relying-party.xml
-
- This list of flows is merged with a built-in set defined in a system configuration file, and may be
- empty, but should not be removed. You must add your own custom flows to this list if you create any.
- -->
-
- <bean id="shibboleth.AvailableInterceptFlows" parent="shibboleth.DefaultInterceptFlows" lazy-init="true">
- <property name="sourceList">
- <list merge="true">
- <bean id="intercept/context-check" parent="shibboleth.InterceptFlow" />
-
- <bean id="intercept/expiring-password" parent="shibboleth.InterceptFlow" />
-
- <bean id="intercept/terms-of-use" parent="shibboleth.consent.TermsOfUseFlow" />
-
- <bean id="intercept/attribute-release" parent="shibboleth.consent.AttributeReleaseFlow" />
-
- <bean id="intercept/impersonate" parent="shibboleth.InterceptFlow" />
-
- <bean id="intercept/external" parent="shibboleth.InterceptFlow" />
- </list>
- </property>
- </bean>
-
-</beans>
diff --git a/conf/ldap.properties b/conf/ldap.properties
index d89412a..45b0be0 100644
--- a/conf/ldap.properties
+++ b/conf/ldap.properties
@@ -7,11 +7,12 @@
## Connection properties ##
idp.authn.LDAP.ldapURL=ldap://localhost:10389
#idp.authn.LDAP.useStartTLS = true
-#idp.authn.LDAP.useSSL = false
# Time in milliseconds that connects will block
#idp.authn.LDAP.connectTimeout = PT3S
# Time in milliseconds to wait for responses
#idp.authn.LDAP.responseTimeout = PT3S
+# Connection strategy to use when multiple URLs are supplied, either ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM
+#idp.authn.LDAP.connectionStrategy = ACTIVE_PASSIVE
## SSL configuration, either jvmTrust, certificateTrust, or keyStoreTrust
#idp.authn.LDAP.sslConfig = certificateTrust
@@ -38,11 +39,15 @@ idp.authn.LDAP.bindDN=uid=myservice,ou=system
# for AD use idp.authn.LDAP.dnFormat=%s@domain.com
idp.authn.LDAP.dnFormat=uid=%s,ou=people,dc=example,dc=org
+# pool passivator, either none, bind or anonymousBind
+#idp.authn.LDAP.bindPoolPassivator = none
+
# LDAP attribute configuration, see attribute-resolver.xml
# Note, this likely won't apply to the use of legacy V2 resolver configurations
idp.attribute.resolver.LDAP.ldapURL=%{idp.authn.LDAP.ldapURL}
idp.attribute.resolver.LDAP.connectTimeout=%{idp.authn.LDAP.connectTimeout:PT3S}
idp.attribute.resolver.LDAP.responseTimeout=%{idp.authn.LDAP.responseTimeout:PT3S}
+idp.attribute.resolver.LDAP.connectionStrategy=%{idp.authn.LDAP.connectionStrategy:ACTIVE_PASSIVE}
idp.attribute.resolver.LDAP.baseDN=%{idp.authn.LDAP.baseDN:undefined}
idp.attribute.resolver.LDAP.bindDN=%{idp.authn.LDAP.bindDN:undefined}
idp.attribute.resolver.LDAP.useStartTLS=%{idp.authn.LDAP.useStartTLS:true}
@@ -55,6 +60,8 @@ idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal)
#idp.pool.LDAP.validateOnCheckout = false
#idp.pool.LDAP.validatePeriodically = true
#idp.pool.LDAP.validatePeriod = PT5M
+#idp.pool.LDAP.validateDN =
+#idp.pool.LDAP.validateFilter = (objectClass=*)
#idp.pool.LDAP.prunePeriod = PT5M
#idp.pool.LDAP.idleTime = PT10M
#idp.pool.LDAP.blockWaitTime = PT3S
diff --git a/conf/logback.xml b/conf/logback.xml
index 817de02..bf38b44 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -14,7 +14,7 @@
<!-- Location and retention. -->
- <variable name="idp.logfiles" value="${idp.home}/logs" />
+ <variable name="idp.logfiles" value="${idp.logfiles:-${idp.home}/logs}" />
<variable name="idp.loghistory" value="${idp.loghistory:-180}" />
<!-- Much higher performance if you operate on DEBUG. -->
diff --git a/conf/logback.xml.dist b/conf/logback.xml.dist
index 2b76770..730f583 100644
--- a/conf/logback.xml.dist
+++ b/conf/logback.xml.dist
@@ -14,7 +14,7 @@
<!-- Location and retention. -->
- <variable name="idp.logfiles" value="${idp.home}/logs" />
+ <variable name="idp.logfiles" value="${idp.logfiles:-${idp.home}/logs}" />
<variable name="idp.loghistory" value="${idp.loghistory:-180}" />
<!-- Much higher performance if you operate on DEBUG. -->
diff --git a/conf/logback.xml.tmp3 b/conf/logback.xml.tmp3
new file mode 100644
index 0000000..4674e93
--- /dev/null
+++ b/conf/logback.xml.tmp3
@@ -0,0 +1,191 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<configuration>
+
+ <!--
+ Variables for simplifying logging configuration.
+ http://logback.qos.ch/manual/configuration.html#variableSubstitution
+ -->
+
+ <!--
+ If you want to use custom properties in this config file,
+ we load the main property file for you.
+ -->
+ <variable file="${idp.home}/conf/idp.properties" />
+
+ <!-- Location and retention. -->
+
+ <variable name="idp.logfiles" value="${idp.logfiles:-${idp.home}/logs}" />
+ <variable name="idp.loghistory" value="${idp.loghistory:-180}" />
+
+ <!-- Much higher performance if you operate on DEBUG. -->
+ <!-- <variable name="idp.process.appender" value="ASYNC_PROCESS" /> -->
+
+ <!-- Logging level shortcuts. -->
+ <variable name="idp.loglevel.idp" value="${idp.loglevel.idp:-INFO}" />
+ <variable name="idp.loglevel.ldap" value="${idp.loglevel.ldap:-WARN}" />
+ <variable name="idp.loglevel.messages" value="${idp.loglevel.messages:-INFO}" />
+ <variable name="idp.loglevel.encryption" value="${idp.loglevel.encryption:-INFO}" />
+ <variable name="idp.loglevel.opensaml" value="${idp.loglevel.opensaml:-INFO}" />
+ <variable name="idp.loglevel.props" value="${idp.loglevel.props:-INFO}" />
+ <variable name="idp.loglevel.httpclient" value="${idp.loglevel.httpclient:-INFO}" />
+
+ <!-- Don't turn these up unless you want a *lot* of noise. -->
+ <variable name="idp.loglevel.spring" value="${idp.loglevel.spring:-ERROR}" />
+ <variable name="idp.loglevel.container" value="${idp.loglevel.container:-ERROR}" />
+ <variable name="idp.loglevel.xmlsec" value="${idp.loglevel.xmlsec:-INFO}" />
+
+ <!-- =========================================================== -->
+ <!-- ============== Logging Categories and Levels ============== -->
+ <!-- =========================================================== -->
+
+ <!-- Logs IdP, but not OpenSAML, messages -->
+ <logger name="net.shibboleth.idp" level="${idp.loglevel.idp}"/>
+
+ <!-- Logs OpenSAML, but not IdP, messages -->
+ <logger name="org.opensaml.saml" level="${idp.loglevel.opensaml}"/>
+
+ <!-- Logs LDAP related messages -->
+ <logger name="org.ldaptive" level="${idp.loglevel.ldap}"/>
+
+ <!-- Logs embedded HTTP client messages -->
+ <logger name="org.apache.http" level="${idp.loglevel.httpclient}"/>
+
+ <!-- Logs inbound and outbound protocols messages at DEBUG level -->
+ <logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages}" />
+
+ <!-- Logs unencrypted SAML at DEBUG level -->
+ <logger name="org.opensaml.saml.saml2.encryption.Encrypter" level="${idp.loglevel.encryption}" />
+
+ <!-- Logs system properties during startup at DEBUG level -->
+ <logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props}" />
+
+ <!-- Especially chatty. -->
+ <logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec}" />
+ <logger name="org.springframework" level="${idp.loglevel.spring}"/>
+ <logger name="org.apache.catalina" level="${idp.loglevel.container}"/>
+ <logger name="org.eclipse.jetty" level="${idp.loglevel.container}"/>
+
+
+ <!-- =========================================================== -->
+ <!-- ============== Low Level Details or Changes =============== -->
+ <!-- =========================================================== -->
+
+ <!-- Process log. -->
+ <appender name="IDP_PROCESS" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <File>/tmp/logidp-process</File>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${idp.logfiles}/idp-process-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+ <maxHistory>${idp.loghistory}</maxHistory>
+ </rollingPolicy>
+
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{short}</Pattern>
+ </encoder>
+
+ <!-- Ignore Velocity status page error. -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator>
+ <matcher>
+ <Name>VelocityStatusMatcher</Name>
+ <regex>ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\.</regex>
+ </matcher>
+ <expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
+ </evaluator>
+ <OnMatch>DENY</OnMatch>
+ </filter>
+ </appender>
+
+ <appender name="ASYNC_PROCESS" class="ch.qos.logback.classic.AsyncAppender">
+ <appender-ref ref="IDP_PROCESS" />
+ <discardingThreshold>0</discardingThreshold>
+ </appender>
+
+ <appender name="IDP_WARN" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <!-- Suppress anything below WARN. -->
+ <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
+ <level>WARN</level>
+ </filter>
+
+ <File>/tmp/logidp-warn</File>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${idp.logfiles}/idp-warn-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+ <maxHistory>${idp.loghistory}</maxHistory>
+ </rollingPolicy>
+
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%date{ISO8601} - %mdc{idp.remote_addr} - %level [%logger:%line] - %msg%n%ex{full}</Pattern>
+ </encoder>
+
+ <!-- Ignore Velocity status page error. -->
+ <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
+ <evaluator>
+ <matcher>
+ <Name>VelocityStatusMatcher</Name>
+ <regex>ResourceManager\s*: unable to find resource 'status\.vm' in any resource loader\.</regex>
+ </matcher>
+ <expression>VelocityStatusMatcher.matches(formattedMessage)</expression>
+ </evaluator>
+ <OnMatch>DENY</OnMatch>
+ </filter>
+ </appender>
+
+ <!-- Audit log. -->
+ <appender name="IDP_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <File>/tmp/logidp-audit</File>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${idp.logfiles}/idp-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+ <maxHistory>${idp.loghistory}</maxHistory>
+ </rollingPolicy>
+
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <!-- Consent audit log. -->
+ <appender name="IDP_CONSENT_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <File>${idp.logfiles}/idp-consent-audit.log</File>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${idp.logfiles}/idp-consent-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+ <maxHistory>${idp.loghistory}</maxHistory>
+ </rollingPolicy>
+
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <!-- F-TICKS syslog destination. -->
+ <appender name="IDP_FTICKS" class="ch.qos.logback.classic.net.SyslogAppender">
+ <syslogHost>${idp.fticks.loghost:-localhost}</syslogHost>
+ <port>${idp.fticks.logport:-514}</port>
+ <facility>AUTH</facility>
+ <suffixPattern>[%thread] %logger %msg</suffixPattern>
+ </appender>
+
+ <logger name="Shibboleth-Audit" level="ALL">
+ <appender-ref ref="${idp.audit.appender:-IDP_AUDIT}"/>
+ </logger>
+
+ <logger name="Shibboleth-FTICKS" level="ALL" additivity="false">
+ <appender-ref ref="${idp.fticks.appender:-IDP_FTICKS}"/>
+ </logger>
+
+ <logger name="Shibboleth-Consent-Audit" level="ALL">
+ <appender-ref ref="${idp.consent.appender:-IDP_CONSENT_AUDIT}"/>
+ </logger>
+
+ <root level="${idp.loglevel.root:-INFO}">
+ <appender-ref ref="${idp.process.appender:-IDP_PROCESS}"/>
+ <appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
+ </root>
+
+</configuration>
diff --git a/conf/metadata-providers.xml b/conf/metadata-providers.xml
index fc81612..d5cb34b 100644
--- a/conf/metadata-providers.xml
+++ b/conf/metadata-providers.xml
@@ -18,7 +18,8 @@
http://www.w3.org/2000/09/xmldsig# http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
http://www.w3.org/2009/xmldsig11# http://www.w3.org/TR/2013/REC-xmldsig-core1-20130411/xmldsig11-schema.xsd
http://www.w3.org/2001/04/xmlenc# http://www.w3.org/TR/xmlenc-core/xenc-schema.xsd
- http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd">
+ http://www.w3.org/2009/xmlenc11# http://www.w3.org/TR/2013/REC-xmlenc-core1-20130411/xenc-schema-11.xsd"
+ sortKey="1">
<!--
Below you place the mechanisms which define how to load the metadata for SP(s) you will
@@ -41,7 +42,7 @@
Get the public key certificate from the party publishing the metadata, and validate
it with them via some out of band mechanism (e.g., a fingerprint on a secure page).
- The EntityRoleWhiteList saves memory by only loading metadata from SAML roles
+ The EntityRole filter saves memory by only loading metadata from SAML roles
that the IdP needs to interoperate with.
-->
@@ -49,11 +50,12 @@
<MetadataProvider id="HTTPMetadata"
xsi:type="FileBackedHTTPMetadataProvider"
backingFile="%{idp.home}/metadata/localCopyFromXYZHTTP.xml"
- metadataURL="http://WHATEVER">
+ metadataURL="http://WHATEVER"
+ failFastInitialization="false">
<MetadataFilter xsi:type="SignatureValidation" certificateFile="%{idp.home}/credentials/metaroot.pem" />
<MetadataFilter xsi:type="RequiredValidUntil" maxValidityInterval="P30D"/>
- <MetadataFilter xsi:type="EntityRoleWhiteList">
+ <MetadataFilter xsi:type="EntityRole">
<RetainedRole>md:SPSSODescriptor</RetainedRole>
</MetadataFilter>
</MetadataProvider>
diff --git a/conf/relying-party.xml b/conf/relying-party.xml
index 5045b93..439e7f1 100644
--- a/conf/relying-party.xml
+++ b/conf/relying-party.xml
@@ -27,20 +27,17 @@
</property>
</bean>
- <!--
- Default configuration, with default settings applied for all profiles, and enables
- the attribute-release consent flow.
- -->
+ <!-- Default configuration, with default settings applied for all profiles. -->
<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
<property name="profileConfigurations">
<list>
<!-- SAML 1.1 and SAML 2.0 AttributeQuery are disabled by default. -->
<!--
- <bean parent="Shibboleth.SSO" p:postAuthenticationFlows="attribute-release" />
+ <bean parent="Shibboleth.SSO" />
<ref bean="SAML1.AttributeQuery" />
<ref bean="SAML1.ArtifactResolution" />
-->
- <bean parent="SAML2.SSO" p:postAuthenticationFlows="attribute-release" />
+ <bean parent="SAML2.SSO" />
<ref bean="SAML2.ECP" />
<ref bean="SAML2.Logout" />
<!--
@@ -61,7 +58,7 @@
for SAML 2 SSO without encryption. This is a common "vendor" scenario.
-->
<!--
- <bean parent="RelyingPartyByName" c:relyingPartyIds="https://sp.example.org">
+ <bean id="ExampleSP" parent="RelyingPartyByName" c:relyingPartyIds="https://sp.example.org">
<property name="profileConfigurations">
<list>
<bean parent="SAML2.SSO" p:encryptAssertions="false" />
diff --git a/conf/services.properties b/conf/services.properties
index 6edb015..8150d3a 100644
--- a/conf/services.properties
+++ b/conf/services.properties
@@ -15,7 +15,7 @@ idp.service.logging.checkInterval = PT5M
#idp.service.relyingparty.resources = shibboleth.RelyingPartyResolverResources
#idp.service.relyingparty.failFast = false
idp.service.relyingparty.checkInterval = PT15M
-# Set true to limit metadata-driven settings lookup to decoded EntityAttributes
+# See MetadataDrivenConfiguration wiki topic for details
idp.service.relyingparty.ignoreUnmappedEntityAttributes=true
#idp.service.metadata.resources = shibboleth.MetadataResolverResources
@@ -25,7 +25,6 @@ idp.service.relyingparty.ignoreUnmappedEntityAttributes=true
#idp.service.metadata.enableByReferenceFilters = true
#idp.service.attribute.registry.resources = shibboleth.AttributeRegistryResources
-#idp.service.attribute.registry.namingRegistry = shibboleth.DefaultNamingRegistry
#idp.service.attribute.registry.failFast = false
idp.service.attribute.registry.checkInterval = PT15M
# Default control of whether to encode XML attribute data with xsi:type
diff --git a/conf/services.xml b/conf/services.xml
index 350f298..24e2b1e 100644
--- a/conf/services.xml
+++ b/conf/services.xml
@@ -11,16 +11,13 @@
<!-- By default we look at resources whose names are derived from %{idp.home}. -->
- <!-- This set of resources supports a native Spring relying-party.xml file. -->
<util:list id="shibboleth.RelyingPartyResolverResources">
<value>%{idp.home}/conf/relying-party.xml</value>
<value>%{idp.home}/conf/credentials.xml</value>
- <value>%{idp.home}/system/conf/relying-party-system.xml</value>
</util:list>
<util:list id="shibboleth.MetadataResolverResources">
<value>%{idp.home}/conf/metadata-providers.xml</value>
- <value>%{idp.home}/system/conf/metadata-providers-system.xml</value>
</util:list>
<util:list id ="shibboleth.AttributeResolverResources">
@@ -33,7 +30,6 @@
-->
<util:list id ="shibboleth.AttributeRegistryResources">
<value>%{idp.home}/conf/attribute-registry.xml</value>
- <value>%{idp.home}/system/conf/attribute-registry-system.xml</value>
<value>%{idp.home}/conf/attributes/default-rules.xml</value>
<value>%{idp.home}/conf/attribute-resolver.xml</value>
</util:list>
@@ -44,16 +40,10 @@
<util:list id ="shibboleth.NameIdentifierGenerationResources">
<value>%{idp.home}/conf/saml-nameid.xml</value>
- <value>%{idp.home}/system/conf/saml-nameid-system.xml</value>
</util:list>
<util:list id="shibboleth.AccessControlResources">
<value>%{idp.home}/conf/access-control.xml</value>
- <value>%{idp.home}/system/conf/access-control-system.xml</value>
- </util:list>
-
- <util:list id="shibboleth.CASServiceRegistryResources">
- <value>%{idp.home}/conf/cas-protocol.xml</value>
</util:list>
<!--
@@ -63,7 +53,6 @@
-->
<util:list id="shibboleth.MessageSourceResources">
<value>%{idp.home}/messages/messages</value>
- <value>%{idp.home}/system/messages/messages</value>
</util:list>
</beans>
diff --git a/conf/session-manager.xml b/conf/session-manager.xml
deleted file mode 100644
index 7372029..0000000
--- a/conf/session-manager.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns="http://www.springframework.org/schema/beans"
- xmlns:context="http://www.springframework.org/schema/context"
- xmlns:util="http://www.springframework.org/schema/util" xmlns:p="http://www.springframework.org/schema/p"
- xmlns:c="http://www.springframework.org/schema/c" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
- http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
- http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
-
- default-init-method="initialize"
- default-destroy-method="destroy">
-
- <!-- Flows that propagate logout to additional services using supported protocols. -->
- <util:list id="shibboleth.LogoutPropagationFlows">
- <ref bean="logoutprop/cas" />
- <ref bean="logoutprop/saml2" />
- </util:list>
-
- <!--
- List of client-side storage service plugins. If you use server-side storage and don't need these
- services, you can remove or comment out the <ref> elements, but don't remove the list bean or
- a default list will be substituted for backward compatibility.
- -->
- <util:list id="shibboleth.ClientStorageServices">
- <ref bean="shibboleth.ClientSessionStorageService" />
- <ref bean="shibboleth.ClientPersistentStorageService" />
- </util:list>
-
-</beans>
diff --git a/credentials/idp-backchannel.crt b/credentials/idp-backchannel.crt
index c8886ea..a4d86af 100644
--- a/credentials/idp-backchannel.crt
+++ b/credentials/idp-backchannel.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEKDCCApCgAwIBAgIVAIsUgQNNYuil54yiVLUFlzdr/qQUMA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMDAyMDYxNzE5NTRa
-Fw00MDAyMDYxNzE5NTRaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOSJwBSKrIMjDCdjxHYxQ0YGz56h
-Vqb/DklBpsOeOgXnFMPoDf941IDu2kOvCpRKW12wWmDUskv9Vi+4RfiA9gUXUCdh
-jHTNBUj9GXYafCFFMReZ/fVbqvSRHCE/EBHHjo2qAHTfw/R0P8IBdAICs1LvkzCn
-W3prZJnJH3HD3+W/yubesNe5cG3/D9OnAeNMcwtNh7fyuGIFzUL1OA/pL0Gu+UXx
-W0sMjOPR4Tlt0yi1k2tsZGmB6AYMqX2Wjd/nhjTibqGEVC0OSRiDtr/C8nEx5MAD
-bl23mzHR8S/9vxQN8Y9N78FtObnMcB5PPtkkJsqBPpAlDiz2ONT27AnTM6EsaBjc
-VG3PH7Js7SSEvJPuibTfxIOWcLmVVSt6RozMSclXpvq2I9l35hoCq+OaoF+RXbSO
-8gaon5NYbCfWVSpbmKbw1o/wcOqsrM1F/4mtZp3T5VMYOZBARXlewwkh+xm0p5JB
-lmJO8x9WOIiQFjiPZKkK63GR5OgO5RwD5O3U4wIDAQABo2UwYzAdBgNVHQ4EFgQU
-3ztcEnBpdG+CgScY9MC0g81oOVcwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
-hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEAAsszcNm8lHWf31vwbNGY8m6Oz6XXrhYAmRcudvs86z2bWw3C
-oDLvKWFuyJAAeIP11UpbW4aSs+P2f4I9/ZfTVbqKxPfSYIG1LSdKl5ICFaGP18K6
-PBqtu6eu71Hrz083IvR8qddD7Kl12aGfwDhFUtqy2zhmYsI7LhfwRA8ayJX4204x
-tOmU6LxRtgJWsdlqjyzcZ9buafqfvoTCbjnzbO2gUoEPCDUxfTi+HRn+JppXVxzV
-vXbs9G5xWI6eeojYtZqKWn3xaLQcPcla2b0dJSYvZ0paoC44hpwr5eWX2mGQ5+cn
-AzK55H3uOq975QJDIdXpuuWIh99y+jC8/NcUFkFjb/86DSOs+LtwM2VhjiL5HL3I
-oVIuAVBS4YAxE8NDGgcuPrS7+m1UjnHiagOkEqbhMr0/j16/g++CivWpWPxjTYfL
-Rbw85j+b7/uzUTYXzQgVpSnvgB6cP92MH3WNWyIYf+d/mribIybrKpE65diSVUYC
-vwiLfazt2AHOsVki
+MIIEJzCCAo+gAwIBAgIUEtJU0oOkMid5473At++VFGAbX3gwDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIxMDMyNDE1NTQyNFoX
+DTQxMDMyNDE1NTQyNFowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
+BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAq+6x7Ay8s9vl/r+trvJMbwdXiFxH
+PwQeJ/Oof48EWuP61zluBENhk9E5rdf2zlCxkfiB78G8YFZh9ZjcWkIR63xIO9YA
++NuQg+WOPu8fvegcly0ulg2dRXvi0b7q/FsK1MtKcxRECpTNu2DD6K5oHkjf/nmp
+nJIlAxvYyP0aqwEy+qq1NFC+WTjoFP7ZyKt+oSz08ONV2v/1dNRwcjfgc8MJcoq0
+Nw56mGZ2LlTidXP8lQBpsQ6/gJvdnVv/B4q8fVS3zpFgokkyQM6eW1ZpGjPY9K1A
+paLcAio+MCoPbRJwAlI+5tdgKMMvz+xq4RN0e68IIZS4IgmkVem52uJcfUiX297F
+Ar1QdH4NZvijir2Wt4xYMxpThsV6n7F88wWzJj/D5bErZeIWG+DWJq2FZ7rqq3Oc
+tz22TH3iBkYrSvFG5nwyHQJaptDDMm6OpWTfmcjh9jT9H6mz4BdBln2uJUswVNGG
+bR9w9OcXqYN6X8bll9Q9XcVZh2uBgPB3NWGzAgMBAAGjZTBjMB0GA1UdDgQWBBTc
+BIECuv3b1y5K9FBK2zKFc2j4HzBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
+Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
+DQEBCwUAA4IBgQAQsx5PLHRi8+WjBTSW6RiNiSRFTpNKPdFzoKDhpaCVSlrpjgzp
+0qD7QorlKPVJNUhl56Fs2S6oWy6e7lb1eBPBAfCNqTalFJNnDdMvZh02FCecbE87
+6Wv7JcD5kA+f6HUDwmaB15fabheSE3YMGQFtaEidmd/jd23CaDL5RNeHUoKS6JHC
+yNsUlZ+R0Cq2ia2wLhW2Z2CYpNh9JM/LOmcTslOgmThNeCnrMIikWSTLQ4C3H9/R
+/iN8NaQhKn4vcYTwEqiaVFQbIU2mQQLT+YK63L4S4S339IsjZiqGEw8DKBnfjL7b
+D1snXa+G6MiQJNcuChuvGfGSlXCSFjtUr9vivzHeGW2h+6uStzTuZ7t5NhQMRTFD
+qT+gyCR/bzsEUh1Lj3J2mFPM/cUSlhH3H0TJcVT9GZUzFNAP0qbaFs9PxXH2gpDI
+XrshYcEiXlj+dsSUNhaCqYibPwkHrRBIAqoDGdMFI+Y5SePVo4ksA55m0gPeY+FM
+mUbCNQngUzNlYPU=
-----END CERTIFICATE-----
diff --git a/credentials/idp-backchannel.p12 b/credentials/idp-backchannel.p12
index f39cfa8df1b3447869fb29e8fef70eff16d3dd8c..9e30c3da6a4bbef31a0e7c20f460929c8952461d 100644
GIT binary patch
delta 3183
zcmV-#43P7&8nGIXXn*YfJdj6e;luH6i=;NX7vH_d0NDZq0K-rOf(Hmdqae-z-+KVr
zb#B;EG(Cu5KtrG?3qZ(diZ1MLLmp9~G&cAW?V1sSzNhBKoeNJV3F?*YPH$r+<ww;}
zu`x4b4tq)9rWx^aDG4XTQYIb4HMS3tZq78`10L*G&&bpbMSni6dO#IU4r`UjcNpQT
z$QBM`_ib<mi1IAVm8bwv4P$gEOx}JfFIfpj0~cWJZ<G49x+9qqCBU$V{-}|&+4MX|
zXD&y0ew~#5Y{~u(R~78=|LC*&I|N-thlC`k&<P0^_`DZV7b&s$q&=(nR4^?D2p#3l
z=JttP>nVJzt$&ZK@OR*3enr~jZTqrOGK65#G881u?NF7>?505V$_^=3ZJ|<FBtQJF
zm|PB`SU0LS&Kds{*zSUesrE`jh7P!IbBK=9^t!Z7WgUn;a@djD#N<d$qKsEd#4J!T
zEqg{eXtX_h?kT}nOW%gTo}+jTeRm9U6v8RlAarsJ%YXHGJ?n#EH~&BnS8^$e4C;H9
zRp8OWn?6q83dR++3A8N(1Wp|oqK@lqDaJ|gHj1vA3!cCs%Y(Y&^Mo~Zy6ob>+bCeB
zMG1(te5H)8XRl{z)!rs^?0*I9NEkn`P{$v+gsQ9vWW4p8jbt=w(qLQKXc;LT;!NBi
z(&!uoi+>B5c&Z(38Q0`0?^<;t=~Jv5S5X`E!}nWS=}WfO#EntSbd|hcQR$EHP_`EN
z@Nn|9p{@|djGo>{e3KUN^t@lh>-z>YiK^HBq1#WMv;u}vaoRxDCUoE;(t*G@>i(aV
z<Ry@&0(t2uLj6+9YSk2%(D_kdl*WE=;BTl3l7Fb&8I61il*Z*@Sas@t^Jr<WWz2H)
z;Wkl$uj+Z+=S?>Vkf?`86u?c=!6wQ3pZ^cmb|N;UrNw0Dko9k@mlKir;Oih!v<<|0
zzwm`tdBJ1800yHiazHHI#gYHsyfy;`fx%}{-Ons<>_InPX6CKHdq<8LOQOrhAHD?}
z<bSAFuDf&4*EKN0UE=C5oO7kdFMNP^0;(?iBmH){)E?_=OIZmY60M6sX$%zkV+~|?
z6ims<V!~a{+S<Zq$Paa%5Flm$SO;9fJuS93!^^TozCH`e3ZD6{Ph?woz1S<R5uv@_
zpChT&v&4eAtt$|^mT-w`*yL`!var6z8h`8A*FbbMBqPHKQWP2_Ly7fvY+)loQrcwD
zV6=EmE>9?lJtLF$g_&<FTmZxqJ&CZLoShR*`p%`79B}Quq8Ic~xe`5m`-#oQbU(s`
zK#(F4a9&KHMv?o&M7)=8yTlQVE;HdRO`bN2W2KO)bw2RMh>VECi=XrqMq}&y!GGNC
z6ExTujfV(LgV<*johvk%5FJK{(}Ki(evkbUmRJ*monA6(ap+0Rn@|XB_DI0U`H}+r
zR&~QO#;Sb@rV}50<v$wciBU*Di8fh^nl(8(X`!d8{P`n6qgpRQ9`)=A&8kq+#!A$+
zP0}CqahivXMC^fh@%1#|do63{7Jn^dWN2*-F3L@hjEx}GW$c}G6Qi{N-jgTUO4jUA
z@S!#yRTx!MoeoaMh^sC;#-DySS*FbMJ<Lm2>m<2X`spR@YUMS4&PP9d)!`~PW912E
zRg!qt<f<Ui9IIDk3hx9v{|?a#L4$(35N||2M#%sozq@|t#_6_>IBheUJAcQ5Anhi!
zbP&^NZ%~*M!!^*7+^$W<sPNR)lJORhc-A#xH4Ze(tZg6O>kCBr$3<Uul7ZbP2EaH~
zekq-A+@=?qMq;CMw9AH{c?LgfE)>;z7Ov$@=U_^++xQEPTvpS^b}t(XTmX*73&5$0
z0I&uOPa^C@7-vq&jtPB~sef$y>a;bXCN)HEeVUHayJmln)nP4LUsswrAlg}0(sbdw
z<U#@Vv&;b_*j#j{i;?bIT`B3~V)qpf82)at$Ok6_iq(fRAmwmC5)tGKl2Z0TX{8Jv
z3L#xO$nuCZ@ebLa>;ke%nUDmIv3c1qivm}^qI$)Ji=s4y{=Gmu&3~FDYDj%;P@1vj
z47)2k!*9$T_|xy?SvWuz$r=SUr9U1%Gy{+tCgJupEm+;o3(G5YCFmq8GtX>HzoB^a
z(cz%3(GS&4)FcbOIZG2x$ILlM9kWahAiZ9|lUV1xif9<>x@;&M!3N$#2yyjb;t1Qi
zzmX0o0&5cFG_mWAhJU>wY!}=X2i~Oz`WMsFjGv8cN$2{9yFFG~au&_&_O2`Ih@Fqd
zEAg6Y?)m333q81Nr}t2#UI^k_*m_E}<f#8$i>pLg>6HvJF*7VY$UlJHxasz=j^EC|
zS|PxW?#VAF{{-IKTDaFU1AW|9oBg!l{orgc_dgnRYuG_XIy3T34=?9w!>D+r+p+<l
z!Sf7zy>Psduvr#89>k-6Y1Qz2=P#(H)|yEX!XU^y<fSfa$&-x-NDMYHHa0LZGBz|Z
zI5m^u2RnZ!$toU&_hdD37X76w>gLUOhYtY)0|3KNfPw_L<?xX{$KR(uSCLFG*($9+
zl_h<MZ<)k3yHyMkTSnEHpcGfWr~qU@_XmfZIH_mx6F$g_8R2AX|08owPK(8Han8fT
z*(!fTc*csK8xKe;C8Vzmr)Jg6<=E0o_A)JJ=@5TKE}$y{S3IYmke@{LCV-Ul1IHHu
ztWK%}e*-tJ^*uf87^$YF@r2NHbAUov6vM6{R=%SMnxio>K8c4ySTx(@fcx8n<fsPD
zwvt0zH#qGdjix7nSEwf)Y~&+WnAd88bfCO80Mi)&IXQMwnvQBhU<#u6@Bmv~I%XDc
zuIPW;TKIW`F%fe)LmOXo&l9XKC=m%}jE|>(1Y%A|Oyt{l20uEC{ha&fHyohG<7wd-
zJH#ZA)Y6c#eYrx$tVJR{>`)ys^W2qwC3<Mp6c2`rTTC`H*6h!NP_q>(ViWZTj=b?-
zc#l&b2nW|&fFj#bx!e+6ejH-^V}%9>ZQXyZ;?0j{{O4+?FbCUv{8k#R-g^`kA_X?1
z?#gnL5d}H#h1F$`RXnGIMEHTeC#^p_ZIc4@b|;KCYx2{_>G6cvWRD}ljVf|p@p70V
zh?=l!toL-&6Hn^ROrC$3__Z;0H&w}tHKK|1#oUX37D!D^as3MGqt-6xSoW=?4%UAj
z`?$t6HmAFYj3e?Bk<H3LBM*3h^Xf?YugkhJM>;+x--ljhDJ;q@cV?X1h*4s@y@d01
zh}d9iv<&WDp)q>hNw#)vKdSC9s-yT)<n-CewC6~-0xw5qz=CcU9aMuazK5E{t$v~X
z^Z&ryGP)J6E=B#lNSO=hX+-fIcKm;@WC0Q}&+zrXCj#tT>SGy^D2#q6LVl-<>lyK5
zEvi!4b4;rfA^r!8y@oPl;IL2o|3l5@Jp&d9S<={FrI>jgM;6Wz0s8GLRa4bF{0;`h
z7)KXa4?x+vvKP9NDJ2jvH(n<5)vlFFa$g!P1$a>-j}cdz({qzU+L%NSE|h;$$(^16
z!p~4sWK4F=gezTZ(xdGpb?>|&8~!o&L%-qR4=qN3{lp7)KGs6ZSn%Yri99^_k`m)*
zgtrks;k@1uV~~sDgaRe8^R%e{a0(IJuDuO}Ei+B3uwYH11CusRWW69)dIgAbA52SE
zj4-ICSQJGMvuC^Uv0W9_f*gNR^|_>g;>}K_KrwtHoDo{rfx9hZ1SIoMErb-T4|Jf(
zl(Ui2n(>KpP_(9+`cn{_b)+Qg#p*i6-VhL<^W>~>2NS=`{D!hP?1}h5#&3dx{D2$N
zcpz49QQ%QvG&yBjF!twbUwba|ZZ6fu3{j+?OFbqjXu)40FWlwsggbxf!Jan3-E98|
z`3k{A3jDJvWYV!ModkA3Yt0barSvKGcvC)K=fkXMv2~U5ODn8w(cIs<kL?=SE_X|r
zTZu5%TjsknWXEu8kRx8(8^|l7#n(7wkjKU>ori271f-%Kpt}^o&*dFP)U`jxQ8-ng
zo&X5BqKN|PMg&MDS3!SKfMv`bEX!lc1aZ|k1vbR@p$}p%rT}dI|3cI;zVoZi=-Gqt
zU|b}(HxlRz{K=n4aJ(V!TnQK8YE3uRV5NRErH1qC{~1p4(2bp9l%-AbMX^=)xz!V+
zdioGzp)fu$AutIB1uG5%0vZJX1QY~Z#<hlnt+7m@nMdNL*rXqI5j-yh6wGA8^jNk+
V_b)o^^rdp$T3UUdgaQKrhM*P<6Q}?H
delta 3183
zcmV-#43P7&8nGIXXn%r3p$_>^Y)>M?yz?CW!mhU~&@ci60K-rOf(Hohf05eX3lGLN
zU936Se5tsI?o5@-R6}dj|3P^&-R~XNjR<Sdyub{rp<E~(J)CrHCzocx*Gz<~#`;_f
z%l<2vjY^GPV5_Dj&uo3Yo>KRM82^!(_0e#4fMYej>M?I~N`EzDiWabt+6vZ$x=6l=
z9g<W|0Z@NpnUw|~srSB>R<$%Z4}odk(OviReM4t}=+Ljl1`ZM#eqwpgx(<i~=%)fS
zC&mL(6@6}XHp|1c5(Usa!7F`7KsGU@qZMA^-he$6=W2pkUfzxNV!y|Qb0bJ#>(0d*
zMe`sTnxdpw^nWI^S&?C#r9SY&9C5zmnfjb`emPaRLtmKeY$9^gAm&*TnZ%!UCv|@u
zt!*HlEhYV!GI?okm-LB+gTyfW%7kaqC)I9KyOnj@B~vpJQi5r!aGDY9NWT~>SUc?t
zRUz>nr4>5@_P>jO4SA%R7iq~-JA(SkKka@<%f|diQGZ}=pL^$xYtK<0+7+iqGA8Gi
zUpuyr^ES0dKLnu@7{8P!mVu8Xo1I(QqPV<+D!c@olOM}r8IuM{XAvOM&)Pzi{PlFp
z=ZCu>nxR%tF@G^=p{*d`br$fDlD$xNc@EelsChzhbOP#!p~QRkpm-S%)K`&+naKJK
zhY{FT=6~A6^38yT4_ss&y#P-^(v9oI3TXMmq$ktMU*bB6+vI)qQMu`pRy}aW{n^A0
z?b701(piC<<(gt`(Ax7TVaMx(Sqc2y?p7Gq(a9wBYMpsjGPa8?<fIER!?b0ROO}Nb
zP$UQ#PcbylIXte{|D<UILEgeLcq0QwRrSV3?SJh>Q|zf>mT4KOauhM2BuPfE!Z5wH
z9ED^2THs|}*dS)E2DN^Sx^{<ob<f|mO+y%81|SFO8bl>c>{9d$ifWJF=qXVWijT%B
zbos&5oo2KjgGiHW2XqqDQoRmt*b#DE-F;mI(BA6nVYvPTt7FXwx{|W<3&=g71&+UF
z%zxt9!^uMr`Pw}<#^siAHhg(_kGo0>p5!1-VUC@yH3K;h(uoxRY$jpu4g&mb33;g9
z6m3pw`VWbx?c+mjPqOyM0WIF8`U6xLv<MBB<Y$_pbao5GAt`7I+P;A)^&)OT1iwSa
zyIYn0RbO<R$fTK>cluBdAixg|S{VK0_J5+9c#gEtxTAmhq0}(7okmE|%l(IPv0^TX
zkm+`_=%XQtl)DHBNE@kbOW}K85i#<UOuUb;xR&zG`p=D1Y7-?S#1Bz!N0&dP1cX4X
zj=sRhjPJ&qq-8Tj`8Lea5;2F=DOQEnd|Xyxa3hQf&K}7Qg*QsZ>fcX^@T#Qa)qj!s
zV(~l6-Ji&*PI~f`JYPVkvM=F-r(uUx;a_@jzvgOh!MjUA{3oODj)<0KcQmPyYj00-
z252;c8dIZXd<jz$OaLx)lmw09$_+)r`FZ;rmZ74{XEH$cic6n}Fp*F8;<gu6sQIge
z5mF0f8q(Jxd{{8rOmjvuujfl0xPOZs=LcRC#q)t3K@z$Y=Ep~5EmBR_s{klnD02(z
zvFf4mKLnS&4|4N9Z^(@ZbTLplHk`lb(iN>^LDu~3mgr~>$mERoPx9$cbDEpKSyV+P
z(R$omZ#zL?@{^!bP(o_9jvrCA5UR(9xpX@}V!=R-_PJ{3gLux2j6G$9`hT%VdiQLR
zG$(>108n0#CJ>jkzfGCnFBE!RI8xrXLs6t!&$pFLUBH6_5FwPP)}&l%94T=|Jgf6g
zo(I~{6ZRb!xN&i>^B#UyyD^&?pc10+Ui!sTs@S2tq+fl+`La=m-f!g9Td@NKyG3F_
z1gT9csAb;?E;H2@0PYvST7UTKEo@9xW?)XD=Mec;`pFz5gSZd$Z?1cjd8ZqvH2@^=
zvmpwPbxvJK57t4Vi+k{2%%$qUpr^psE$WY6LhD%@Ey92&<cU*3b!4zoLmMc6w+gd@
zC{%&;D*G`6*C{KpZ!J*)(+FkQ!XlxaD_6b9kdR-7gJKZQt0Ul3X@7W8H6o>PqSgn1
zT()V4RVK9+0+R$mE_IZad~$S=PG&wi-y~(7JR09FURX-TZ-b&fH>Q)@8eOqs`V_%W
zsSmqLW|glc=>a4uSFs9VJNb=c?2$Zr-uoe=$KY6LWEH@`SSXUO)vO`&2<`i_SW$P*
z%TqUD4%6{J6u`Z{E`NVn@h%M)c6|Vw;ML}NSTvuCZ_(8hYUM$aSP89nC~~uZZj$*9
z2It~VQkdD4d{4kbsES)^>`kn`0M~u#3d+={aR1IZMiCJ_2#5d0i@b|k;xFv)W0m={
z>Y9EH14$~hwh0JS|1%O#@D3NlSA#bWnHKheo2KOG3Hve+Rx_q#>$zAt=yJpRy+RrN
zBql_sm@tv{<;dd-o@HqVH-6%qM4MxmU5SO&a+O*a>WYG#a+8e*NDMVNF)%PWH90jf
zFfx<j2Rnad(Es;PjM?pb&0pOM`<8Ce_RbCh0|3KNfPw_L0fgY>FiMVd*#x&;z@AYS
zixH-ok`t4nX*l!KtPe$4|Fx3;lQ9on+z<y{T^TpAc5wTILnW*)hl~#iKdmiwa`}QW
z(7YN91Q}Ain9z51@+kPH+`k^b-!zaiVF<0wMX`U0@Lb{u@B|qsWCbTB3-<`3ha&<J
zr76&}Qbwlqc&Zj~?gjsyR!u%==fB5jv%US4v?}}~;jg-j#4x$<pRjLiWc3p|Nh*Yl
zuk9j~L~A~j*~XG+B+(|pMGu}9%(Btqv@JZPK$P9AM=Vn|2ilwC-hP#vW%j?UfwulP
z5V3!V$>e;w|MN}TeqZ3k5k;)&2?9X63IN#1=|JzK=V)043#!ZyT1p5EJgMil30_q`
z8TiOV+L|bWcJr;n9ir;2218lSWXK!vi+$d7rqD7MK{0u+wgjm`>Z^ON1~gTO4c2?B
zf=RhRMg5r^l(xm8hFO=SK(VbI)YZLpduxA){HlhSbvC*;u*od}uwC=*Qf!czhq&<^
ztN_dayfbWkltZK6k_V5k)wdDesOJ2IyzOZbu3%T42|Q>@e8#m2n(W(PL*i-0r|+qA
z*b+s<bc^HWxGCE=@*(#7LOb3Y^>pk-%R+Sy-ivz&;TrH{fo3%o&!8ZC-@c_MCv<<^
zpzGxcf!j|Zceuu<<0MsVR2XTgH+G5_#_p{ZtP1a_&UvIw^ftj3F&3Cuh`ig-uH>^n
zB{a+HuLtWl4EjhR$f5{hFf(O@Nqp$=?CPh`2a3S^Goc{U<r~V^4w+Gh__oxLSgLEt
znxac9;d2yCNG3mc(fbul8d8LBijjX*8YneuIXk$)s_s-K$mPXlQ<*e+?)48BpVXkl
znI#m6Kp*p7p|N$cNrS)YE6cuFNKQbe=$}KLJLNo}h&;f%4)6$F-J5vfq4ejcTtGG}
z!K>1&WF7VUsC4&pfz0~8SlO3Lm20dejp1mkIKwqpW!^ciT4`IfEs-#E8xVgp4MPu5
z4N9c#ZPf&yO#sGRZi5*mwj9jE;AT}O?Mu={ubP+$Y9Z*S_H+Cp%q>XC(7L(BLyRGl
zF7oKq)Z+}um@JPG<7_#&yS!x{9HhD{#HG*6VtNNz_}p@7&v-j`Tc-E{s@OqDKPcLB
zVjA^0PtE%)2~L5y)6KHN`4fK*KQch7TY*U5X`8ImX)w)fKK|VnbMd6CJ2vO9erme<
z{-A7afM5PHHg1B0$iK|WohK#`0c0vjBWkQYAXzXc!)Tq)#8c*G5<tUXlaPeQGpCvI
z7FdAmp`Z~Xa;<VK%m?T_QjF7?3qr(~uJh>;oCw|II^QKPk5!z|OkaQGwkKgdVP_b-
z-8M>y`z&GUo^=2w8<OItma-9nCtk7+gv#))2rHm&*U!BF&$Yj5-o6lOLc1Z&<Nmd9
z`8<uIJD%e3h&XRjNEn@Q_7F|l^KeV|cA<r2N48mWi1;*xv<u3wgJhKrF|_<_!_?N3
zW{AsM@J#FS`bx+ELJ@zu?eF@MP#sNsncPB-R0-V*Wl%55s&rCU^LMvp<tlM3#U0w+
zvMsct_p9JIcH`Q>$D5s&Qv0FCC}Oi^BnQQ_^PDgB>Y>ny8i8z+b-tr%N2$^bnz0F&
zY}X<wO)x$%AutIB1uG5%0vZJX1QfoM$sR7_E43!tIa_}Q37H=@1&^!*6o!503Tvdg
VRRnfJw0qcg=P%)xF#-bthM<bKBn|)o
diff --git a/credentials/idp-encryption.crt b/credentials/idp-encryption.crt
index f834a3c..10fa34d 100644
--- a/credentials/idp-encryption.crt
+++ b/credentials/idp-encryption.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEKDCCApCgAwIBAgIVAJ9U0+AO1v0VbDiaql+oeEssbFCYMA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMDAyMDYxNzE5NTRa
-Fw00MDAyMDYxNzE5NTRaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAJyOGdr38pJc2pEZe+YcJSoo3ym2
-oP/5M2jW2mT2oJO13qrcTcBZi+x8/g+3wJmmJxX7BACnSquY2FZ0eDJl0rADInTO
-MihxesnjSVo9t8f63hTJ5SEpqM70NnanOcEbJuNQCr3ZRxXjD2Xnoiql1wY7EcDY
-S2B4LWNU41ruqZcZAitTHA9jIA2+jmIGjqKSh1mBmFqN4fVUQICW4NExfedIyo+L
-H4wijFi3W4wFdqYONYmXlxpG03fRokOplsFjwDoxLKR5h5lNnyd/vjQ6Prx+vedu
-FfdAt1TGAPJ6DXUtoPVpyajP6WZK96jXM7uaHlQ/uLMQQwJN7nzfvKobCLylHRre
-Y2aov0JOEAqMd5X9L7xPcB+DjKkhaUBowS+qb50SNK87eejpZQS8BEhQ9Xi/jHnJ
-T8tn9vL39NDwvCYu6vdpiY5kexKZ6WvVK3NltkUzaKMuvfULmHy2pg1ro30Wwb4+
-rOfwvLkE4UZdg07JyP94obkRVxh9uBliAqvDtQIDAQABo2UwYzAdBgNVHQ4EFgQU
-zOMLGuvLojqNEvGDS8IddKPwM/cwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
+MIIEKDCCApCgAwIBAgIVAPyKe4kuv7ZzU9YkyhDT6PWudYj5MA0GCSqGSIb3DQEB
+CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMTAzMjQxNTU0MjNa
+Fw00MTAzMjQxNTU0MjNaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL+i5PmO/JsPcM25CSY0zJeJ+rim
+4mqlr0sT7BRIEEv6ja9RAxRI3fRXOYfz6PxfF6AMsYy35bCueOAOcbr5IyCIhHiu
+HemT3ieiROoOUY3P0D4KdwC3cSxANc53pEIVsNd05Xxe2mVnGJ9liomWGl0Zsj4v
+TC6f7PFjAEV3JyaETMyLpKVH9rt9FVKPZ3zl9FN/nqA0KodjQVbJYjIyJsib3WBB
+WWZ6VgwErHQriCk2gIGrYbltcZe3ujKOpNaRiIraG1VPs/YaP0IcsPekS0Vy9qcF
+6Xq4xErWdR+Fh0v5iI6bZ3feKnGDO1q30M5I/cfkwW9CQd9zqLjM38MilFJYCoqI
+KbZRPvvKAt1B/JZJMhZZJaBy9y5CtTHnZiEZxdovz1R8BsZgmYgMRfIqTAN3+bYl
+kzfgaS/PmQkiY+iUzsi7Bi753Eqlaksa1xqeV7tkpVRDOUeTMOvjBzueQS1wdP7i
+VgiQrWF+EqBBxGY6QqlYdPbOZOwcL8nOE6+BwwIDAQABo2UwYzAdBgNVHQ4EFgQU
+N1YcXFUpP/ioF9ByIell/FLIxCIwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEAC+KIjwmRVTPwbzvwkYum1ZCjBL99Z4T+rvFtYM9HWWZQqKo/
-YmQIF/bYtf6IzU2ayQXd77Wrm4gfJYXvIdLqpj3oE1+kBeZ+XJ1/sn9Rp7qw4int
-pyPZ9W+j+/IAD2OVs6ykbU32QnIrKYAotgIygwKTpzpkg+peuzQ1l/duCCT4m7Re
-e9RHjKfrp+pRwBG8ppTE2EupCkJV+wIokZCn1kepDJ+E1CodofVAIUuXkX9yAwz5
-eqfLj2VNIpHLHNi8U/LSutwOYTuulBdPWvjYQ8wZZoE4JId4K5u6wvMwbhpDad0e
-kar1XJR8zFBi63smQ3CJ/7jUCbanESVAs3U9S5o12Bl9sfQsAxz4icLhhHgEGAV1
-UhpcGn83CI/hWp/swjEVstIxlrQOpr9nd3G3zLSrTS6TRiBMMfVV/wkwnhBFfUaM
-cWp5+Rt6wo05o8+njQ2QETsFt8kP5SImFg5YNatqiXPrtlY6PBULB8yOil8mX4Bi
-OK0/vM0ibCFaRAzB
+9w0BAQsFAAOCAYEAq3MFr90wgCFV2fUdxACwnytfK3tlpT7bczA4ks3iUlMM2o8t
+QuaMe5pru+5nhMk+D8Be3RoIIks/ddxHwVKbwLjzJFEG/9S43MduXP6P3weMr0Y8
+lIqZrd65uaaEbAd0ldGSn6ekB+ERwDNC2aYghwMIPqyCvQo6vLRsBsnLEa3q63Xr
+GYbkCawtvMTINYxAgFP0vavxNXF7A9qqDCpS/m4QgdbL7DLEJTN/wCgJVPTA9f9M
+SyjcmSRJ2FMNHyRgor26jT0rCeUNJ1MgM0kA3hwqW5eK+nj9OZWWVjOZaAkdVRn1
+mGJoRmtK/dGE4SEXfyIgWqQfdGOpIAEkIG9EHaH37Kg+slMjb/ZwN/riShIxPacT
+YPkAC/AqRaiJOzvi4ZB9OtjC3wyoyak5e33p5DnCIQ2+hEbebAsnYWP6Yf/c1KMw
+1Z56FlQwmY1yBZ6+yTIR0jCKWj5mFuahsDW7VSkRUBmt55Q/o24YbHfLioYRSJAi
+uADV9N9NCGawgJnf
-----END CERTIFICATE-----
diff --git a/credentials/idp-encryption.key b/credentials/idp-encryption.key
index 9fec9ff..b8ed07c 100644
--- a/credentials/idp-encryption.key
+++ b/credentials/idp-encryption.key
@@ -1,39 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG5AIBAAKCAYEAnI4Z2vfyklzakRl75hwlKijfKbag//kzaNbaZPagk7XeqtxN
-wFmL7Hz+D7fAmaYnFfsEAKdKq5jYVnR4MmXSsAMidM4yKHF6yeNJWj23x/reFMnl
-ISmozvQ2dqc5wRsm41AKvdlHFeMPZeeiKqXXBjsRwNhLYHgtY1TjWu6plxkCK1Mc
-D2MgDb6OYgaOopKHWYGYWo3h9VRAgJbg0TF950jKj4sfjCKMWLdbjAV2pg41iZeX
-GkbTd9GiQ6mWwWPAOjEspHmHmU2fJ3++NDo+vH69524V90C3VMYA8noNdS2g9WnJ
-qM/pZkr3qNczu5oeVD+4sxBDAk3ufN+8qhsIvKUdGt5jZqi/Qk4QCox3lf0vvE9w
-H4OMqSFpQGjBL6pvnRI0rzt56OllBLwESFD1eL+MeclPy2f28vf00PC8Ji7q92mJ
-jmR7Epnpa9Urc2W2RTNooy699QuYfLamDWujfRbBvj6s5/C8uQThRl2DTsnI/3ih
-uRFXGH24GWICq8O1AgMBAAECggGAPFWDX2EZKhEA5tSkbD1CkWno/2Fz0NKQXoIW
-7rwhjGuV4dE/Ybbg9wYAv7v4TP68p3rywvG2FEW2cjM2s22McerzV4Kzz+RUBwRC
-G7YXYsmq1uYsGMi+VuvFJZsy5dn59ba+PQZEoAm+wG4xkDATm0IeiGyTOB14mIR5
-jmzWDPZFYL8J3GA+VS2wH9UZGUxRP0xzk8qEX5DVvvjmsZhaRk1GS2W5hb82yWX4
-sRDV9g8Z0OoMAMN08gNnfp4YDHXNX70NKxsmxaGkJOz/7VB3pF43iv+hp0Vmcc5t
-3MjbBHnnPY9g229g9fMEbbDzu4wvLA3XvG2ExF+cDEumX1KdtjoeFJXke7mi3tIp
-2xlSaDpDIc4dQDvIWnxpkkRXGh+QDWlaZJTPW7Ju6IATa9w9FYsDO90g1G1ezqMW
-emZkzzTi3UnBhZUmtNF14tIT+1PjGPjnTq+9EukDHTetNBcnX1ozv7huzeo76utq
-69oiorLK2YAAayC7k+/HX4iDNvvNAoHBANW0HaQ50Nr7Xq0kbVdV5p+zO9pxhIc9
-gBQGuzMGXU1jbT0j5rIglGfZMLWaqyMEw6ek9kF1azyY6ozjDb5a4+OHCd5JLeh3
-BmAufbosrYT0/yF5mDXb4zGuS2ZD2tlWBhed1MgK5KSTIF2tfMusA2n4DBNkVOsV
-J1Jf4Sd09fYNbEVB/MDYvVHgvXIaovmkQz9rlOWdy0XigxGlIiEledE1YaTSOUVU
-J9sshdt+JnULPG+qqWkEQTdcatlGTccN6wKBwQC7imX0Vgi78gEp+nMRaWW3ZdYv
-lA0dmQk5YTSV9XLcYVmaTic1uinFgwjbKPoxbAsi29qTClCAPhulY/2ixdw01o3F
-ei+rMiwaPBtrFyF43dQlNPJ0cbQBTyJI44pUcA+WKhdfN0X4KyTyzUFmAR8AiZq+
-gu80ToVu454nGQoH73GO4sAGnR8GxSpZ1jIatBNsUHmlwblRsoZhIzAaKlXWjnF2
-dVXiEk+BdsqdWSZKjS6hWeVEJnAm+OhOBp3W7N8CgcEAm+pgofwItGwnxD1KhSjI
-LYYwSgz+e0lUk8fhdrXTBu5euffijd2VSTs9/ZGOAOut8Dc778BCcCDFJ+tUkKhx
-kgRpH8PWeb+1aCEjW9zS8KlrJzo24jy+wvV+T2t8VYscwMhHgXfpH2W0fIRiA5tJ
-llwCO3e9ORLi8IfBlu8PsOhUMSeWyACaCA3nSkPC2k6NPc05Alog/6jmpc4MW5Cj
-Ew9WYVF7tWhT9+XA98ZPOp/rBTHHjjYrer+zuThA8NTnAoHATzEf4E88HPESIMHL
-OT0CYLE2Ap1H9Imc5YfwhqpAuGK7TXdXA077OJYedT0WeSwgf7XK1HB0kdKoJezV
-O5jFZeJ7tznjSy1Chkl/YndAASPa42M6RoWE91CNL641yXYQft6DRAe5GhRN4+Fc
-jlBG4Rk6KNxtWe8WVT70l5nxLGylzSpe3+wVH+y993WFbtU/pmtNEvt838y9BeOv
-+jyKRrGbo+PkQjRtMkQRRuRQUQbQ+/1T3LVGgo50ug39NLaNAoHBAK5d0JIkk5/j
-QqJaFwIp2hnPHHIRb8BCtrIBzjzEU3jZ4AlVgMeRhdkObyZqSr0MQ5jiCKQR/mVr
-u7biW26CSbcF3+mj6aFYzeSXr2QIKQRnZtdBOcyTDnRLlWSe8Z4e4C888YuFF0gf
-Nnh0XrKdEUMuc6QeHtm//5X14nGj5noqm9lRYmQ/hk114Vxn5CEphCZOlxZwYVX4
-WcZ+73VyJ/E5W9zXEIqcNbtzvHfSOeOXKl1Rsgh6QHpsO0GrMbFD5A==
+MIIG5QIBAAKCAYEAv6Lk+Y78mw9wzbkJJjTMl4n6uKbiaqWvSxPsFEgQS/qNr1ED
+FEjd9Fc5h/Po/F8XoAyxjLflsK544A5xuvkjIIiEeK4d6ZPeJ6JE6g5Rjc/QPgp3
+ALdxLEA1znekQhWw13TlfF7aZWcYn2WKiZYaXRmyPi9MLp/s8WMARXcnJoRMzIuk
+pUf2u30VUo9nfOX0U3+eoDQqh2NBVsliMjImyJvdYEFZZnpWDASsdCuIKTaAgath
+uW1xl7e6Mo6k1pGIitobVU+z9ho/Qhyw96RLRXL2pwXperjEStZ1H4WHS/mIjptn
+d94qcYM7WrfQzkj9x+TBb0JB33OouMzfwyKUUlgKiogptlE++8oC3UH8lkkyFlkl
+oHL3LkK1MedmIRnF2i/PVHwGxmCZiAxF8ipMA3f5tiWTN+BpL8+ZCSJj6JTOyLsG
+LvncSqVqSxrXGp5Xu2SlVEM5R5Mw6+MHO55BLXB0/uJWCJCtYX4SoEHEZjpCqVh0
+9s5k7Bwvyc4Tr4HDAgMBAAECggGBAIQTUJxu38o+qhAfJx8d5KPMhPAelI3MAzRL
+VrnjsNesp1ndC7I/RjnQo+X/ROQq5a15EiVZ2QQcO1KwodGrQ3p4nFRQLG1/a+0E
++VoW5D5Iq80WiU4FIArPdkYGTz78lBTqi/9boEmi9GVnJkQNH75qp14UWv0HW9ZB
+1T4LEQCKziNrWt5O6s3tN3TfQQPjuLCTlE/1pBoLXkziHrtZtUEtqzVb1LG8PvGp
+hvHJzt4Yohi8dW3G8DMQfVO63ADF65OwjaMO4SmU/lbRDqJSvb4LxRiahRasBLYC
+qoqi53Y3grDiZMVd6XAnDrr12JzsgGDj2/j4GiMHSQKkPBMcy+SQpiVYV2jFiaGn
+31vJufShqP+70Vez+1DVwjj9Gf/R/3zipib9q8sz7UDkpi2Du5I2mX4K5uEmx9Aw
+hkZoqIM+yHegfDSIwCqHqNqh7mHOwHOmOAgFqkY2DNyTpA513iIUzggQ1pNKsg+d
+cLljbubz7KppNApcTBaZUSGy7KzFAQKBwQDnKoxT1feWZhsDPOFa474sebHfpsMK
+vlvnEUzG4UvBz/QqR8ib7BsT2ZuF90lo+NTDg6Wohn5J/gTc6z0J5SBhjDay21a4
+qaGTA2BZL6D1el3yBTI0dK9AA/1UaNGQN1MUNmHEXlxFuAh6KEEbau0qNNgxJXpQ
+90FzQaonHdstGRj49iHbX1xO28AYlRkYFzraR9u1M8wFcWnVpoJ8nHP3LH/Qwq3m
+8ov63Jl9YkxPgvOnZb3Irj3Pz20CIgBWUPkCgcEA1Dk1ewLqkxYgMEcRnGGyF489
+3K88pe28/HCL7qWUuIHyHHnym10S0qRHxApTPKhpJS7L/h46lqFfPuxvLHLfB8I+
+uXxq4TKHVRbLHxbcC6h7oHJS5Ezi+PCIFP8nINJ97wq7OWaPVn388MU8sA9khy5j
+gsyPoRj8QnJrWi37j6RFJWoYiCwFRRtCzhMRJUafuOba865h2wXUZwhfMPCuhA4u
+go5621Sld/RD9PajGsfiGx/5uMdtdvPwDzLXOhObAoHBANUKI1VIBes3ooFzZASN
+isAWT1VcrLeEA9KJ4QYQr+6oJc+pZDo+eB3tGCV4ZtE1MXAWLV+Iw26Rig3HRfOO
+lC8SN37SIbQBsQR5whuvh1l0MoxPOZuaRcBrbNaT2z5bnlcsXyHIDKW8GyPpYUdR
+Xczd8rgoX/eqR0lfJN7z5wBC9v7KZx1zXvDWGM0O65eGIRj1zIfMeqQxh2X9FJie
+30jWW90a7YW/1j2VfGdPZiCJAOAvJZ6C5jhUY5PpngHukQKBwQCk7Qy920dXJWPA
+gQqToGzZ2Ez4Gwsj3Dz5ZbGpte588Sepr6+1w8AkCN1o4alMQ4jrB5Iqm21msGQn
+r3C6d08SZYd/eMxK1IzNuJgEQiyhtr7UsuPuXj4pvivTPXM4E70grxNPCYAtdF3E
+81M1c9DpKUjWVojsZlFshiUdgQy11bCS4f/Mm4FA8m2ZXsH9WQQ5mtbfd06++qnV
+pHDtxK2rHKZSec3Kc97f+OlzDtU0s8/oypG0Yu+T+QE/noAaty8CgcBLiCGm3D4z
+eQvCyp2ifIx3aS0EPClKYME3x5TyZJbQ5EKYEsmWk5zpfNczwQCSjgnURs1X4Txv
+4vTShW6isvC4D1+nmK19jajlhk9humMshhLSkSsbWAMIJYtqwz/w6CN4b7QvXhcB
+x7d3BR8cL8/aLAJxBLx0hcenbEM6u8f3nAivllcrW0kMrJDErjT8unkQJdLWV3ct
+qvrSqBArpykBjayM52USIUuNZFUIvjmwN2XUlC46+388fWwIiPwnfM0=
-----END RSA PRIVATE KEY-----
diff --git a/credentials/idp-signing.crt b/credentials/idp-signing.crt
index 034f9db..a7f2528 100644
--- a/credentials/idp-signing.crt
+++ b/credentials/idp-signing.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJzCCAo+gAwIBAgIUFmFRSFCknM+R2MDTUOUxy4Ly2a0wDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIwMDIwNjE3MTk1NFoX
-DTQwMDIwNjE3MTk1NFowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEApypXQpLV3wqhAtxqO99neORxrWkM
-pmTF3w6/R8dvbxNIUAmO73l5lssAKcBUumzsxJiyuXNfBqpUColP94EByCUSNxmt
-iYiqv2t57dIX+0xVnQCp+IV6FjNG7IqZtODIicSeJ515uBKC2iVURtIUPG8Bx1h7
-IucPXgAfO5+fde+82nCH4/QTNTHED6JnsuATQMhLicTmQRCMTXLBirIC1iGDqc6h
-fqBPMKUKyVJ9cpB1z4DMZ3dK+E7OUeO2ewvA0y43s2Bd2OV6paJ6ZHLcLWMIEYue
-gpxfh2pGGDZeryxyfG72BNbJ2mf3sMz1EtBgXFsHjCnGiSJ/BRLRJ0bs+Fr2Wsd+
-DmhMkJ0QyfFsbuyfMhPXA3j95l25NHHH+OqZB5UUssvqfUZ8X0hs1Mt01en1Gfp+
-uS+FSnytcO+/7jIL4DRFhrHOEXZHqnGpcRgwti6WmBcQgW9nWFCAPhEaSSARUxxr
-tinfyg7zD8I9Jg9iwRZU6W/y7oMH5aifaZ+rAgMBAAGjZTBjMB0GA1UdDgQWBBQN
-5NoPrBmezuYsRGNOlMrQiVMNvTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
+MIIEJzCCAo+gAwIBAgIUZMvUeW53jFMs4M1rlNztvoKNXGowDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIxMDMyNDE1NTQyMloX
+DTQxMDMyNDE1NTQyMlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
+BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvtENeKgTFxJ3l8ZTeaFifLRLS4da
+xjnKy7JpTfrVOqZHGUQ3zAwY4xifs5rbiBkOAiLLBIqjJJalZQ6A+fSu34eVYdxp
+5VY5L2gAcF/6kf+wOMCU2zdEwiewM9CZMo6HN77Z/ZEC1737/OBaRHwCEtC8l1Bx
+U0V9TgEB/n31mtg5h7FWDPe6dgo1NSeCjsKVGHrdG4Ozo+JHvklqy6knbqnNvPqm
+cLv4nrp/wQnRalqv7/26dlzoecXmCICH4cToBVACILXs331bpWEdHEc+bxInja15
+BOwb4pWLbqD5Qaj9hnPFCAKFtA+Ivb9PKV+44eNN3n73dYEPmx21QeqXWVfn3Ukl
+4lIIhFC9XETbmSI+V8HLYl7e7n6GKN3hdVip0thN5vyPWYBt2DskW6+QFXry2F+E
+qMxNHUqJt0k3uu4pTZ9f/DsQaA+/e+H23DGBIOytNzBz1jbU0Do/35td39YvRGN4
+T5KOuwmGTjrB6cM0/WOxJhaKourpM6qiDs0bAgMBAAGjZTBjMB0GA1UdDgQWBBSA
+UDgNLBosYiGapWvY1CIRGm5f/jBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQA9G+WW5ASr86DGtUZEwzp0ZQZ4EBj3/tAHG8VuORxbA8hMOFo0
-Iz/NfzFpurGJtd3S7o0DepEwQjMZoYja2bYSJkpHscm9sEcrIKyiu01kOsjCwncv
-xJ+cdILWS4JUZtk2vmnRjS/ufHLBPTcEYGrix0DoG3qPgqNXljRptrvrLfeDIvid
-AalmxNqWyKDNDgWua9iB9piEF3ZRe1Jc/Od5ByG1sjT8z+NbZuR7QHEwgziBl1ff
-4hpE84JvUhxDu8xhuwTJBkTh9Oh4+wKquRNwa95dhrQrYDF48oA90dboRaO4X4z8
-TxDy8v0QMbGFUIVqhDkVGPbzbir8Ni4vScjSRIzpkAX9FhfqoHaD8rl5f5DTpDPq
-dK6Kg9675akm5DKQ1SGq/3rl6ucDEtN1ma5UqBVZkXGKmo61PcnWMeTRioAprcnJ
-rYw6Kjf/0EqShDEbkSuiVR63dTr9bdFS9nt74uyuEpSBfT4ryRZxCOOlt/orIxUt
-Ae3vkDmc/eCooWg=
+DQEBCwUAA4IBgQBb9ncPd748rnxrJ7tat50vDGAj/wnFM/9qt6gfwSv7gCikj29V
+QYgZ0gB76xH7RdLw/iuR4g3stuoARt+CYrzkh/A/pG6/FAFI6HZvX/Lic7YLv/rp
+m0aRcBLDzu6gYZ66qm05iXLs1Kueq8Eh0txpbg35LUVZGtXxE6t4da8a/XfSfgDs
+KlUj7ANT1vkbDYXJiio60EqGWxMiyxTacEFOSUqRTlDL1wdvU8hrcyO4ZQSf20Mv
+uROvXwki8Zb1Hoakn51fgJIKvIM6ttLpNdwsXFWpopMw9s5obtrNAB4KbbuISXdn
+3AjJtynK9HuIOyBkphetJcOXj99bAn6VLyl3ieuPPLzXPQ9byNmLlwp0njJE2xtR
+HjztBijmO8wtif3di+nUSwHRG0DcuE7f06Z28+pSrpB0XHDmALSefbq5g51aIR64
+fgC3txaEwILjHFjdK7Iaf0DHqQDUyxqC00IWATB9Dr9dtMIeQVN46x4681AfKp8p
+oHdTCGNvbFo8vGI=
-----END CERTIFICATE-----
diff --git a/credentials/idp-signing.key b/credentials/idp-signing.key
index 191cf78..cf8eb60 100644
--- a/credentials/idp-signing.key
+++ b/credentials/idp-signing.key
@@ -1,39 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG4wIBAAKCAYEApypXQpLV3wqhAtxqO99neORxrWkMpmTF3w6/R8dvbxNIUAmO
-73l5lssAKcBUumzsxJiyuXNfBqpUColP94EByCUSNxmtiYiqv2t57dIX+0xVnQCp
-+IV6FjNG7IqZtODIicSeJ515uBKC2iVURtIUPG8Bx1h7IucPXgAfO5+fde+82nCH
-4/QTNTHED6JnsuATQMhLicTmQRCMTXLBirIC1iGDqc6hfqBPMKUKyVJ9cpB1z4DM
-Z3dK+E7OUeO2ewvA0y43s2Bd2OV6paJ6ZHLcLWMIEYuegpxfh2pGGDZeryxyfG72
-BNbJ2mf3sMz1EtBgXFsHjCnGiSJ/BRLRJ0bs+Fr2Wsd+DmhMkJ0QyfFsbuyfMhPX
-A3j95l25NHHH+OqZB5UUssvqfUZ8X0hs1Mt01en1Gfp+uS+FSnytcO+/7jIL4DRF
-hrHOEXZHqnGpcRgwti6WmBcQgW9nWFCAPhEaSSARUxxrtinfyg7zD8I9Jg9iwRZU
-6W/y7oMH5aifaZ+rAgMBAAECggGAIw0/ytfbPK+P33e0VuWbXsAYDhKO8n0C+Kiw
-9y4ccaALc6ztac2A71uVpyuLGKQqaXbTUwucC1u/z43HVNCaPQt47FDYEJS1qPmy
-UWnSWYFCGm+/NDtYxDrwTj0pycGwiyLNPuVIVo6bHX7iUw9N6vYj21b0SvdEQ6Om
-6OupliM06GDcPbI6LNdIkzaso9dUcisNm8/LsCz2Hm9Hoft9mMTiRMLtHg4jTMHu
-pxRC9bjQ2zfYpIFhGPv9SzKCWv61k1FC9VyYgV89xVtzdpxg9/h6hL8GGfzjgOSN
-inmxqmchFWgTlSJRJb18W146UXxLTFYPkGvoS4oj6dKHKcCbKIl1t0GmpGJiO8v6
-V4eeK1WM/M4L4ipX/4rBeyLtXfyIlJZpkVavyRAaObCglrpXgH5zqoe2i20Uy+bS
-YRjNkSuFBLmM3NZTM8+qfSMgQjYKpJBrmbyh0NmYNITDyfeXzpGPPc5PsfwB3DZL
-BE01YSHCQaCfpONV0uc0BG8HoF+xAoHBAM9VvjKStNnbaPGTs3HV5lUe1ubf/b25
-Cx7Mo9ZPkf5zifM8AxmZs7bQqhqyCKo02+esKd/+hGPYK+M3KCilWK0G9XNakmw7
-nxNJ0VI0mycTghoSFj1/m97epDD8HsKofQWWL1xG0JnlreE6Vv15+BCJ8tCnXElk
-QBDMkm8CrWfIznEViMKvnh18bH0XIVkZJCCXOAZno3RUBp7k5enyps4hvxcMQqTX
-FBEBADyByp/gjEUNQZtCUNPUpN7D0ZAERwKBwQDOZugvZyDkqlT679/75LCc4ym6
-wXuRFLTDE8VfYw1xZ/TIqkSabYRF0cJWTvqSb9YdGfKHLnyKELJdUEv0wxg0JGIP
-RB/xcMYdHvjpALUO/18lSei1wz5zMgNuAo+/aC0zO3l7By9tkgAfvTFjBMTP/pN/
-/m1N2+IjTY2AxIXzcfRw5doeJp/8RLO0uCKT8rzz3yAVnJTtTLAU8fyjkIoX0wfq
-qaK1rJcvWI2yIAnvOrwK8N8KnHZu8JPEZ+n9r30CgcBlqc5sL+F73YkUw26+x7p8
-THXlmTlrOPvJ61/+qt+UXATtfqSqfeJQJvrxwhBbnTWi4Jlb2woBhzLl49rOK11S
-4lGicWvQpF947r4zx9W4EGm/7NR47UR5wMPTvRw8KK+8+IpafeK1Q5jCEoArJA5N
-1cZ5J0cqOXzsf9Lhmfd7J0yKyJtZkxE9tg/gOmJAtQIw9NUk1tagKL9iVCykTTYb
-ZxKy83EOMOQG/m2mPaIkSM+e4EQmJBtL8z2weWYdbusCgcAhyjUOtZpr9PqujiCk
-Ez9an9HQEibRjIs/OHhickvcGgG37DAI/A7gg0OGb62T1Z0+7GWI/fJDhBI/NosI
-yfunZaFsEGIOW8EDOXPUaVo611HTP/NJ9mm94B0xoFe6JSrpLT5pBrcb///nMkjo
-hfpWdr3dAWERkwLFdsfIoeOwBCLZbLe1oeslGHY3CsIWaHHIlumgwB6dbqWQ+EC8
-4kfJOLIeF6FcjqG9jYi89YPK11m7jM1m5lB5Pwdh6wUik90CgcEAmhPeuvRrwg8L
-WWGG5d89i+tlqJ6ooeUJ8Dn8jFUe8i0XfLFys4min4KsDb6urDs25ZcJqpaQ/TXa
-j0zYdaog+fPY5hmO18PoDq6jcv6XczJnq/XkgPzYR1i5PAe6gjXdMPWua9VMgqCm
-aVqJxSCTdmd/RKhw8lUSqchT7p57B/5d22FHoky4fpJH7ihh53EVDHRYG/MSEqBl
-SV0LK7SZSqZA80+tFnDf7r4TLDWVpmkLl9fn32xIE7EKjyeXUcuk
+MIIG4gIBAAKCAYEAvtENeKgTFxJ3l8ZTeaFifLRLS4daxjnKy7JpTfrVOqZHGUQ3
+zAwY4xifs5rbiBkOAiLLBIqjJJalZQ6A+fSu34eVYdxp5VY5L2gAcF/6kf+wOMCU
+2zdEwiewM9CZMo6HN77Z/ZEC1737/OBaRHwCEtC8l1BxU0V9TgEB/n31mtg5h7FW
+DPe6dgo1NSeCjsKVGHrdG4Ozo+JHvklqy6knbqnNvPqmcLv4nrp/wQnRalqv7/26
+dlzoecXmCICH4cToBVACILXs331bpWEdHEc+bxInja15BOwb4pWLbqD5Qaj9hnPF
+CAKFtA+Ivb9PKV+44eNN3n73dYEPmx21QeqXWVfn3Ukl4lIIhFC9XETbmSI+V8HL
+Yl7e7n6GKN3hdVip0thN5vyPWYBt2DskW6+QFXry2F+EqMxNHUqJt0k3uu4pTZ9f
+/DsQaA+/e+H23DGBIOytNzBz1jbU0Do/35td39YvRGN4T5KOuwmGTjrB6cM0/WOx
+JhaKourpM6qiDs0bAgMBAAECggGAXXk7CCgNcffx7b+RlLuh60TGvbEInqIg3bgA
+Ldr6KUja+12Xl7U1W8nsMadic0ESw6kXmpnvYTUKwH5iYA+kuotIei/nEBk02iww
+Stw5etuuD58HTHu+iv22Kyu8YC/BvWUYlEY9BkJi9nVQwsucmGr4d4dIfGpF/7gu
+qeQ6NChHxljwtlmEVd6aQfeg1R4su1k0hw31Kgrm6ig80JeEYYl8515BumfaWqcx
+ffa5R0g1d3LrrJ/GoiB3lyKfbdFuns5Nw6Cd4gBwTFoFwZrRPGXQGnBNLhaicSFQ
+vchLZQDe+SCdfOcdCmYI7pm9i8jbI+deTzDCT1am3gqvoil0Y+TW9EDk20a4vVnH
+unSsz+kIpVw1O8Hkc7U4yPXxLbS8qTMJUmp0GwLV9egGy8iVVjPXp8VbyjiEDNIJ
+Sp8y9wvjvDPDPxPg7H9Jkgk41muBVuo4KfpaojXSRomlqSD8NfzL6TIMSCPFq2vO
+brp3Gblf14jwj1gPaHiQ7Kr1cH/BAoHBAOLoUvcS1kbxp0NDDBiEgCLPXpoG8MMc
+Y3iSAZ9dtDXyqaUiFEyrpOCtJdIo/YW+on7J86t/+2t5hhJ1VQq7jUpHvoCnIOEj
+SuMAv806owV7XueoFBpaKBEMp28gWFAygeKhGI9g75hjq23f55XT43jPB4NOmYmW
+/Qle2ZS3G/lWKfMbNPbk4MAvvCULVWjaXgzOKnU3L4LybXYq1KzW0xxI7bAEj5ft
+38SyzCJn0pIhpvDgQe0TpkBGajDeHEQiNQKBwQDXSCJbWC8B8dF/kjdTPeeDo/gX
+sK2nBRxQuNJ6BwpAHaPcOA6G3Xcb9LNDFuRReh5jFDs1G86N4ZhL2dVthsQJHt/9
+1pNrn7/UlOjrgRKVZDR8gFZxvuxn/TifuR3xv6+kTgaqknMepA5SpD4VB55VBeJP
+B5OJtSrHxHh4fty+OMvvmpBNC+505yxY69nIRxAtOaFH6xFyM/klp7jgKsJV4lco
+Un1WO0BqflPkLXlbMx4FjcSjikUnkhzbJxdnHA8CgcARfOxgBIClSRymD3XQMe4a
+QLc+0cgekYKNGVusp7Eq8z/l7UF5Q0Va151xnB0mALJPaUsxbZS4DM6rf4WFZT0X
+e34QNlFPaMPtyPH/ZESKOJ7w5cBe45Hw9nO1Gd4UmD/wcpANBOCScyQUPMyBfKos
+dnBSy20D8LIh1cCZOJ+cUOq8xN0JJky4IzWx+TSk9yeGfyFAlXdA9WRAVj6773an
+2GsRRNi4UeoMI+edwzi0cImISRBrsDcA/yxSBdxR1/0CgcAry0zR8Dp/1sWbgg8n
+K+yw5uZNS2/IDk4YTcDjehMnv9/ZqL2rydm1Ii5lc3625HTSCweQYju+uSnWJFY6
+lbPDdzhx1vjeZ/0KLdDEN9mj8mKLAUCUmxZUgTrHo0zoJOqCLi1E/c3VaeJQBYFr
+ncUj3rKPCSeGWAh/4wPu3z/gooU6FONOCSNVPMHUxQXkrDAqQxMAIl3GMbR5aIk/
+cPNfrU+1sDI3HI6aG2DNhkKtvtRYpOJfsn0m855TJryoCRkCgcAHnLZQEkXP624q
+Pq5i5OaKUUeVfIlxHW4S9ucTDw/+G3iHdV9Gxeq3bmMh5B8c8VL9YIHHTKn1xs+h
+iOolSuroDbzzjn+7wF6g2+6wxGg5G0JAiU2WNR4Lv1yJ57tkL42wmEhbzEdqtg47
+RPHPnKhBTxQ4dRMQ9/wCxFsgM1CuD4Fpog4VK06HGt9fXB2iDNQrZmgHbKuGmCL/
+p/9Ftzzg5fo/D3Vd28r2rVo1r4M/LmPuQ5ODWffn4leVNkkV3Gg=
-----END RSA PRIVATE KEY-----
diff --git a/credentials/sealer.jks b/credentials/sealer.jks
index 0274ab6272250f5fee11e95ab07036406c24bf2e..f10f00a4a073bbfb450ac0ac38b6916a718230ed 100644
GIT binary patch
delta 209
zcmV;?051Rb1NH-u90hn}@v#??A?SZv`isdo%~H_<0|N~}b#VZG00jU50FZL8`SfIM
zgBn&&>D1>t^aJr}_cD2WR23JufY^6SWyqVAThb9(gt~w}CH8(vU}ywdu~{j5GIj`&
zP>wgYP~J=5xq8uIuRC4YQT^a2ykF6JMS+=~HA~UJ3c0dkDGoHF@5Ba?^%E$pRqXl4
zpJA>uA&k)l_F39(E`BetU|{8c=O@2UOxlGSM)>-&8WE_IumLg@I4&r{u~*8X8ynbH
LB!H;Qd+^vsDClA>
delta 209
zcmV;?051Rb1NH-u90hP2gX?sWA?SbLLuEEvt-DJC0|N~}b#VZG00jU50Fda7tZk#z
zT=?M(2|V_kSE4pGn8?tf4y%~<ND=^Q;Aem-mACPm997&PoUX4ICWCg2s!1oK+(k>x
zXt40<_1SK725SroglXR^xj5k@z3b{YP$o4fev)q-Y6v*?b38t`aNZZE65l8<*a*`v
zE_V8%%KS(jqVG<O3aU+*gs@LGvkKxjG!fE5%M+|6L3|REumLg@;DgdE=EM1Z66qpi
LdMFic!m!VD@nBws
diff --git a/credentials/sealer.kver b/credentials/sealer.kver
index 81a9ede..aa1fae9 100644
--- a/credentials/sealer.kver
+++ b/credentials/sealer.kver
@@ -1,2 +1,2 @@
-#Thu Feb 06 17:19:55 UTC 2020
+#Wed Mar 24 15:54:24 UTC 2021
CurrentVersion=1
diff --git a/credentials/secrets.properties b/credentials/secrets.properties
index afd43f4..26d4af7 100644
--- a/credentials/secrets.properties
+++ b/credentials/secrets.properties
@@ -1,5 +1,5 @@
# This is a reserved spot for most properties containing passwords or other secrets.
-# Created by install at 2020-02-06T17:19:55.442Z
+# Created by install at 2021-03-24T15:54:24.596740Z
# Access to internal AES encryption key
idp.sealer.storePassword = changeit
diff --git a/views/admin/hello.vm b/views/admin/hello.vm
new file mode 100644
index 0000000..33a0528
--- /dev/null
+++ b/views/admin/hello.vm
@@ -0,0 +1,73 @@
+##
+## Velocity Template for Hello World page.
+##
+## Velocity context will contain the following properties
+## flowRequestContext - the Spring Web Flow RequestContext
+## encoder - HTMLEncoder class
+## request - HttpServletRequest
+## response - HttpServletResponse
+## profileRequestContext - root of context tree
+## subjectContext - ProfileRequestContext -> SubjectContext
+## attributeContext - ProfileRequestContext -> AttributeContext
+## environment - Spring Environment object for property resolution
+## custom - arbitrary object injected by deployer
+##
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <meta name="viewport" content="width=device-width,initial-scale=1.0">
+ <title>#springMessageText("idp.title", "Web Login Service") - #springMessageText("hello-world.title", "Hello World")</title>
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+ </head>
+
+ <body>
+ <div class="wrapper">
+ <div class="container" style="width: 100%">
+ <header>
+ <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
+ <h3>#springMessageText("idp.title", "Web Login Service")</h3>
+ </header>
+
+ <div class="content">
+ <h4>#springMessageText("hello-world.greeting", "Greetings"), <em>$encoder.encodeForHTML($subjectContext.getPrincipalName())</em></h4>
+ <br/>
+ <h4>Authenticated By</h4>
+ #foreach ($result in $subjectContext.getAuthenticationResults().entrySet())
+ <blockquote>$encoder.encodeForHTML($result.getKey())</blockquote>
+ #end
+ <br/>
+ <h4>Java Principals in Subjects</h4>
+ #foreach ($s in $subjectContext.getSubjects())
+ #foreach ($p in $s.getPrincipals())
+ <blockquote>$encoder.encodeForHTML($p)<blockquote>
+ #end
+ #end
+ #if ($attributeContext && !$attributeContext.getUnfilteredIdPAttributes().isEmpty())
+ <br/>
+ <h4>Attributes:</h4>
+ #foreach ($a in $attributeContext.getUnfilteredIdPAttributes())
+ #if (!$a.getValues().isEmpty())
+ <br/>
+ <h5>$encoder.encodeForHTML($a.getId())</h5>
+ #foreach ($v in $a.getValues())
+ <blockquote>$encoder.encodeForHTML($v.getDisplayValue())</blockquote>
+ #end
+ #end
+ #end
+ #end
+ </div>
+
+ <header>
+ <h3><a href="$request.getContextPath()/profile/admin/hello">#springMessageText("hello-world.reload", "Reload the Page")</a></h3>
+ </header>
+ </div>
+
+ <footer>
+ <div class="container container-footer">
+ <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
+ </div>
+ </footer>
+ </div>
+ </body>
+</html>
diff --git a/views/admin/unlock-keys.vm b/views/admin/unlock-keys.vm
deleted file mode 100644
index a8228ae..0000000
--- a/views/admin/unlock-keys.vm
+++ /dev/null
@@ -1,97 +0,0 @@
-##
-## Velocity Template for Attended Startup Unlock Utility
-##
-## Velocity context will contain the following properties:
-## flowRequestContext - the Spring Web Flow RequestContext
-## request - HttpServletRequest
-## response - HttpServletResponse
-## profileRequestContext
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-#set ($title = $springMacroRequestContext.getMessage("idp.title", "Web Login Service"))
-#set ($titleSuffix = $springMacroRequestContext.getMessage("idp.unlock-keys.title", "Attended Restart Key Unlock"))
-#set ($eventId = $profileRequestContext.getSubcontext("org.opensaml.profile.context.EventContext").getEvent())
-#set ($state = $flowRequestContext.getCurrentState().getId())
-<!DOCTYPE html>
-<html>
- <head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <title>$title - $titleSuffix</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
- </head>
-
- <body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- <h3>$title - $titleSuffix</h3>
- </header>
-
- <div class="content">
- #if ($state == "end")
- <strong>#springMessageText("idp.unlock-keys.complete", "The system is unlocked and ready for use.")</strong>
- <p><a href="$request.getContextPath()/profile/SAML2/Unsolicited/SSO?providerId=https://sp.example.org/shibboleth">Validation Link</a></p>
- #else
- #if ($eventId == "InvalidMessage")
- <p class="form-element form-error">
- #springMessageText("idp.unlock-keys.error", "Unlock failed; check log for specific message.")
- </p>
- <br/><br/>
- #end
-
- <form action="$flowExecutionUrl" method="post">
- #parse("csrf/csrf.vm")
-
- <!--
- If you have multiple key strategies defined, you'll need multiple pairs of form fields for
- the passwords, labeled in the order they're fed into the shibboleth.unlock-keys.KeyStrategies
- bean. If you have none, remove the fields.
- -->
-
- <div class="form-element-wrapper">
- <label for="password">#springMessageText("idp.unlock-keys.keystorePassword", "DataSealer Keystore Password")</label>
- <input class="form-element form-field" id="password" name="keystorePassword" type="password" />
- </div>
-
- <div class="form-element-wrapper">
- <label for="password">#springMessageText("idp.unlock-keys.keyPassword", "DataSealer Key Password")</label>
- <input class="form-element form-field" id="password" name="keyPassword" type="password" />
- </div>
-
- <!--
- If you have multiple private keys defined, you'll need a form field for each passwords, labeled in the order
- they're fed into the shibboleth.unlock-keys.Credentials/PrivateKeys beans. If you have none, remove the fields.
- -->
-
- <div class="form-element-wrapper">
- <label for="password">#springMessageText("idp.unlock-keys.privateKeyPassword", "Private Key Password")</label>
- <input class="form-element form-field" id="password" name="privateKeyPassword" type="password" />
- </div>
-
- <div class="form-element-wrapper">
- <button class="form-element form-button" type="submit" name="_eventId_proceed"
- >#springMessageText("idp.unlock-keys.unlock", "Unlock")</button>
- </div>
-
- <div class="form-element-wrapper">
- <button class="form-element form-button" type="submit" name="_eventId_cancel"
- >#springMessageText("idp.unlock-keys.cancel", "Cancel")</button>
- </div>
-
- </form>
- #end
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
-
- </div>
- </body>
-</html>
\ No newline at end of file
diff --git a/views/duo.vm b/views/duo.vm
deleted file mode 100644
index d212df7..0000000
--- a/views/duo.vm
+++ /dev/null
@@ -1,83 +0,0 @@
-##
-## Velocity Template for Duo login view-state
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## authenticationContext - context with authentication request information
-## rpUIContext - the context with SP UI information from the metadata
-## canonicalUsername - name of user passed to Duo
-## duoHost - API hostname for Duo frame
-## duoRequest - signed Duo request message
-## duoScriptPath - path to Duo JavaScript source
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-<!DOCTYPE html>
-<html>
-<head>
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width, initial-scale=1.0">
- <title>#springMessageText("idp.title", "Web Login Service")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
- <style>
- #duo_iframe {
- width: 100%;
- min-width: 304px;
- max-width: 620px;
- height: 330px;
- }
- </style>
-</head>
-<body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- </header>
-
- <div class="content">
- <div class="column one">
-
- <h3>#springMessageText("idp.login.duoRequired", "Authentication with Duo is required for the requested service.")</h3>
-
- <noscript>#springMessageText("idp.login.duoNoScript", "The Duo service requires JavaScript.")</noscript>
- <script src="$request.getContextPath()$duoScriptPath"></script>
- <iframe id="duo_iframe"
- data-host="$duoHost"
- data-sig-request="$duoRequest"
- data-post-action="$flowExecutionUrl"
- frameborder="0"
- >
- </iframe>
- <form id="duo_form" method="post">
- #parse("csrf/csrf.vm")
- <input type="hidden" name="_eventId" value="proceed" />
- </form>
-
- <h3 style="text-align: center">
- <a href="$flowExecutionUrl&_eventId=cancel">#springMessageText("idp.login.duoCancel", "Cancel this Request")</a>
- </h3>
- </div>
- <div class="column two">
- <ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
- </ul>
- </div>
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
-</body>
-</html>
diff --git a/views/error.vm b/views/error.vm
index dcb8e2b..a44bd6f 100644
--- a/views/error.vm
+++ b/views/error.vm
@@ -34,10 +34,12 @@
#set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "error"))
#set ($titleSuffix = $springMacroRequestContext.getMessage("${eventKey}.title", "$defaultTitleSuffix"))
#set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "$defaultTitleSuffix: $eventId"))
+ $response.setStatus(500)
#else
## This is a catch-all that theoretically shouldn't happen?
#set ($titleSuffix = $defaultTitleSuffix)
#set ($message = $springMacroRequestContext.getMessage("idp.message", "An unidentified error occurred."))
+ $response.setStatus(500)
#end
##
<!DOCTYPE html>
diff --git a/views/intercept/attribute-release.vm b/views/intercept/attribute-release.vm
deleted file mode 100644
index c170b69..0000000
--- a/views/intercept/attribute-release.vm
+++ /dev/null
@@ -1,160 +0,0 @@
-##
-## Velocity Template for DisplayAttributeReleasePage view-state
-##
-## Velocity context will contain the following properties :
-##
-## attributeReleaseContext - context holding consentable attributes
-## attributeReleaseFlowDescriptor - attribute consent flow descriptor
-## attributeDisplayNameFunction - function to display attribute name
-## attributeDisplayDescriptionFunction - function to display attribute description
-## consentContext - context representing the state of a consent flow
-## encoder - HTMLEncoder class
-## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl)
-## flowExecutionUrl - form action location
-## flowRequestContext - Spring Web Flow RequestContext
-## profileRequestContext - OpenSAML profile request context
-## request - HttpServletRequest
-## response - HttpServletResponse
-## rpUIContext - context with SP UI information from the metadata
-## environment - Spring Environment object for property resolution
-#set ($serviceName = $rpUIContext.serviceName)
-#set ($serviceDescription = $rpUIContext.serviceDescription)
-#set ($informationURL = $rpUIContext.informationURL)
-#set ($privacyStatementURL = $rpUIContext.privacyStatementURL)
-#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-#set ($rpOrganizationName = $rpUIContext.organizationDisplayName)
-#set ($replaceDollarWithNewline = true)
-##
-<!DOCTYPE html>
-<html>
- <head>
- <meta charset="UTF-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/consent.css">
- <title>#springMessageText("idp.attribute-release.title", "Information Release")</title>
- </head>
- <body>
- <form action="$flowExecutionUrl" method="post" style="padding:10px" >
- #parse("csrf/csrf.vm")
- <div class="box">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")" class="federation_logo">
- #if ($rpOrganizationLogo)
- <img src="$encoder.encodeForHTMLAttribute($rpOrganizationLogo)" alt="logo for $encoder.encodeForHTMLAttribute($serviceName)" class="organization_logo">
- #end
- </header>
- #if ($serviceName)
- <p style="margin-top: 70px;">
- #springMessageText("idp.attribute-release.serviceNameLabel", "You are about to access the service:")<br>
- <span class="service_name">$serviceName</span>
- #if ($rpOrganizationName)
- #springMessageText("idp.attribute-release.of", "of") <span class="organization_name">$encoder.encodeForHTML($rpOrganizationName)</span>
- #end
- </p>
- #end
- #if ($serviceDescription)
- <p style="margin-top: 10px;">
- #springMessageText("idp.attribute-release.serviceDescriptionLabel", "Description as provided by this service:")<br>
- <span class="service_description">$encoder.encodeForHTML($serviceDescription)</span>
- <br>
- </p>
- #end
- #if ($informationURL)
- <p style="margin-top: 10px;">
- <a href="$informationURL">#springMessageText("idp.attribute-release.informationURLLabel", "Additional information about the service")</a>
- </p>
- #end
- <div id="attributeRelease">
- <table>
- <thead>
- <tr>
- <th colspan="3">
- #springMessageText("idp.attribute-release.attributesHeader", "Information to be Provided to Service")
- </th>
- </tr>
- </thead>
- <tbody>
- #foreach ($attribute in $attributeReleaseContext.getConsentableAttributes().values())
- <tr>
- <td>$encoder.encodeForHTML($attributeDisplayNameFunction.apply($attribute))</td>
- <td>
- #foreach ($value in $attribute.values)
- #if ($replaceDollarWithNewline)
- #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()).replaceAll($encoder.encodeForHTML('$'),"<br>"))
- #else
- #set ($encodedValue = $encoder.encodeForHTML($value.getDisplayValue()))
- #end
- #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled)
- <label for="$attribute.id"><strong>$encodedValue</strong></label>
- #else
- <strong>$encodedValue</strong>
- #end
- <br>
- #end
- </td>
- <td style="vertical-align: top">
- #if ($attributeReleaseFlowDescriptor.perAttributeConsentEnabled)
- #set ($inputType = "checkbox")
- #else
- #set ($inputType = "hidden")
- #end
- <input id="$attribute.id" type="$inputType" name="_shib_idp_consentIds" value="$encoder.encodeForHTML($attribute.id)" checked>
- </td>
- </tr>
- #end
- </tbody>
- </table>
- </div>
- #if ($privacyStatementURL)
- <p style="margin-top: 10px;">
- <a href="$privacyStatementURL">#springMessageText("idp.attribute-release.privacyStatementURLLabel", "Data privacy information of the service")</a>
- </p>
- #end
- <div style="float:left;">
- <p>
- #springMessageText("idp.attribute-release.confirmationQuestion", "The information above would be shared with the service if you proceed. Do you agree to release this information to the service every time you access it?")
- </p>
- #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed)
- <div id="generalConsentDiv" style="display: block; background-color: #F6F6F6;border: 1px gray solid; padding: 10px; width: 92%;">
- #springMessageText("idp.attribute-release.consentMethod", "Select an information release consent duration:")
- #end
- #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed)
- <p>
- <input id="_shib_idp_doNotRememberConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_doNotRememberConsent">
- <label for="_shib_idp_doNotRememberConsent">#springMessageText("idp.attribute-release.doNotRememberConsent", "Ask me again at next login")</label>
- <ul>
- <li>#springMessageText("idp.attribute-release.doNotRememberConsentItem", "I agree to send my information this time.")</li>
- </ul>
- </p>
- #end
- #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed)
- <p>
- <input id="_shib_idp_rememberConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_rememberConsent" checked>
- <label for="_shib_idp_rememberConsent">#springMessageText("idp.attribute-release.rememberConsent", "Ask me again if information changes")</label>
- <ul>
- <li>#springMessageText("idp.attribute-release.rememberConsentItem", "I agree that the same information will be sent automatically to this service in the future.")</li>
- </ul>
- </p>
- #end
- #if ($attributeReleaseFlowDescriptor.globalConsentAllowed)
- <p>
- <input id="_shib_idp_globalConsent" type="radio" name="_shib_idp_consentOptions" value="_shib_idp_globalConsent">
- <label for="_shib_idp_globalConsent">#springMessageText("idp.attribute-release.globalConsent", "Do not ask me again")</label>
- <ul>
- <li>#springMessageText("idp.attribute-release.globalConsentItem", "I agree that <strong>all</strong> of my information will be released to <strong>any</strong> service.")</li>
- </ul>
- </p>
- #end
- #if ($attributeReleaseFlowDescriptor.doNotRememberConsentAllowed || $attributeReleaseFlowDescriptor.globalConsentAllowed)
- #springMessageText("idp.attribute-release.consentMethodRevoke", "This setting can be revoked at any time with the checkbox on the login page.")
- </div>
- #end
- <p style="text-align: center;">
- <input type="submit" name="_eventId_AttributeReleaseRejected" value="#springMessageText("idp.attribute-release.reject", "Reject")" style="margin-right: 30px;">
- <input type="submit" name="_eventId_proceed" value="#springMessageText("idp.attribute-release.accept", "Accept")">
- </p>
- </div>
- </div>
- </form>
- </body>
-</html>
diff --git a/views/intercept/expiring-password.vm b/views/intercept/expiring-password.vm
deleted file mode 100644
index 4395844..0000000
--- a/views/intercept/expiring-password.vm
+++ /dev/null
@@ -1,54 +0,0 @@
-##
-## Velocity Template for expiring password view
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## authenticationContext - context with authentication request information
-## authenticationErrorContext - context with login error state
-## authenticationWarningContext - context with login warning state
-## ldapResponseContext - context with LDAP state (if using native LDAP)
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-<!DOCTYPE html>
-<html>
- <head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <title>#springMessageText("idp.title", "Web Login Service")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
- <meta http-equiv="refresh" content="20;url=$flowExecutionUrl&_eventId_proceed=1">
- </head>
-
- <body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- <h3>#springMessageText("idp.login.expiringSoon", "Your password will be expiring soon!")</h3>
- </header>
-
- <div class="content">
- <p>#springMessageText("idp.login.changePassword", "To create a new password now, go to")
- <strong><a href="#" target="_blank">#</a></strong>.</p>
- <p>#springMessageText("idp.login.proceedBegin", "Your login will proceed in 20 seconds or you may click")
- <strong><a href="$flowExecutionUrl&_eventId_proceed=1">#springMessageText("idp.login.proceedHere", "here")</a></strong>
- #springMessageText("idp.login.proceedEnd", "to continue").</p>
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
-
- </div>
- </body>
-</html>
\ No newline at end of file
diff --git a/views/intercept/impersonate.vm b/views/intercept/impersonate.vm
deleted file mode 100644
index 37c486c..0000000
--- a/views/intercept/impersonate.vm
+++ /dev/null
@@ -1,90 +0,0 @@
-##
-## Velocity Template for expiring password view
-##
-## Velocity context will contain the following properties
-## flowExecutionUrl - the form action location
-## flowRequestContext - the Spring Web Flow RequestContext
-## flowExecutionKey - the SWF execution key (this is built into the flowExecutionUrl)
-## profileRequestContext - root of context tree
-## rpUIContext - the context with SP UI information from the metadata
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.idp.profile.context.RelyingPartyContext'))
-<!DOCTYPE html>
-<html>
- <head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <title>#springMessageText("idp.title", "Web Login Service")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
- </head>
-
- <body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- <h3>#springMessageText("idp.impersonate.header", "Account Impersonation")</h3>
- </header>
-
- <div class="content">
-
- <form action="$flowExecutionUrl" method="post">
- #parse("csrf/csrf.vm")
- #set ($serviceName = $rpUIContext.serviceName)
- #if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName))
- <legend>
- $encoder.encodeForHTML($serviceName)
- </legend>
- #end
-
- <legend>
- #springMessageText("idp.impersonate.text", "Enter an account name to impersonate to this service or continue normally.")
- </legend>
-
- <div class="form-element-wrapper">
- <label for="impersonation">#springMessageText("idp.impersonate.login-as", "Login as")</label>
- <input class="form-element form-field" id="impersonation" name="principal" type="text" />
-
- <!-- Defaults to input box above, example below populates a select list from an IdPAttribute. -->
- <!--
- #set ($attributeContext = $rpContext.getSubcontext('net.shibboleth.idp.attribute.context.AttributeContext'))
- #set ($usernamesAttribute = $attributeContext.getUnfilteredIdPAttributes().get("impersonatableUsernames"))
- <select class="form-element form-field" id="impersonation" name="principal">
- #if ($usernamesAttribute)
- #foreach ($username in $usernamesAttribute.getValues())
- <option value="$encoder.encodeForHTML($username.getValue())">$encoder.encodeForHTML($username.getValue())</option>
- #end
- #end
- </select>
- -->
- </div>
-
- <div class="form-element-wrapper">
- <button class="form-element form-button" type="submit" name="_eventId_impersonate"
- >#springMessageText("idp.impersonate.impersonate", "Impersonate")</button>
- </div>
-
- <div class="form-element-wrapper">
- <button class="form-element form-button" type="submit" name="_eventId_proceed"
- >#springMessageText("idp.impersonate.continue", "Continue Normally")</button>
- </div>
-
- </form>
-
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
-
- </div>
- </body>
-</html>
\ No newline at end of file
diff --git a/views/intercept/terms-of-use.vm b/views/intercept/terms-of-use.vm
deleted file mode 100644
index 67b2c15..0000000
--- a/views/intercept/terms-of-use.vm
+++ /dev/null
@@ -1,69 +0,0 @@
-##
-## Velocity Template for DisplayTermsOfUsePage view-state
-##
-## Velocity context will contain the following properties :
-##
-## encoder - HTMLEncoder class
-## flowExecutionKey - SWF execution key (this is built into the flowExecutionUrl)
-## flowExecutionUrl - form action location
-## flowRequestContext - Spring Web Flow RequestContext
-## request - HttpServletRequest
-## response - HttpServletResponse
-## rpUIContext - context with SP UI information from the metadata
-## termsOfUseId - terms of use ID to lookup message strings
-## environment - Spring Environment object for property resolution
-#set ($serviceName = $rpUIContext.serviceName)
-#set ($rpOrganizationLogo = $rpUIContext.getLogo())
-##
-<!DOCTYPE html>
-<html>
- <head>
- <meta charset="UTF-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/consent.css">
- <title>#springMessageText("${termsOfUseId}.title", "Terms of Use")</title>
- </head>
- <body>
- <div class="box">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")" class="federation_logo">
- #if ($rpOrganizationLogo)
- <img src="$encoder.encodeForHTMLAttribute($rpOrganizationLogo)" alt="$encoder.encodeForHTMLAttribute($serviceName)" class="organization_logo">
- #end
- </header>
- #if ($rpOrganizationLogo)
- <div style="float:left;">
- <h1>#springMessageText("${termsOfUseId}.title", "Terms of Use")</h1>
- </div>
- #end
- <div id="tou-content">
- #springMessageText("${termsOfUseId}.text", "Terms of Use Text...")
- </div>
- <div id="tou-acceptance">
- <div style="float:left;">
- <form action="$flowExecutionUrl" method="post" >
- #parse("csrf/csrf.vm")
- <input type="submit" name="_eventId_TermsRejected" value="#springMessageText("idp.terms-of-use.reject", "Refuse")" style="margin-right: 30px;">
- </form>
- </div>
- <div style="float:right;">
- <form action="$flowExecutionUrl" method="post" >
- #parse("csrf/csrf.vm")
- <input id="accept" type="checkbox" name="_shib_idp_consentIds" value="$encoder.encodeForHTML($termsOfUseId)" required>
- <label for="accept">#springMessageText("idp.terms-of-use.accept", "I accept the terms of use")</label>
- #if ($requireCheckbox)
- <p class="form-error">#springMessageText("idp.terms-of-use.required", "Please check this box if you want to proceed.")</p>
- #end
- <input type="submit" name="_eventId_proceed" value="#springMessageText("idp.terms-of-use.submit", "Submit")">
- </form>
- </div>
- <div style="clear:both;"></div>
- </div>
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
- </body>
-</html>
diff --git a/views/login.vm b/views/login.vm
index 7609d40..c7b15c9 100644
--- a/views/login.vm
+++ b/views/login.vm
@@ -90,7 +90,7 @@
#end
#foreach ($extFlow in $extendedAuthenticationFlows)
- #if ($authenticationContext.isAcceptable($extFlow) and $extFlow.apply(profileRequestContext))
+ #if ($authenticationContext.isAcceptable($extFlow) and $extFlow.test(profileRequestContext))
<div class="form-element-wrapper">
<button class="form-element form-button" type="submit" name="_eventId_$extFlow.getId()">
#springMessageText("idp.login.$extFlow.getId().replace('authn/','')", $extFlow.getId().replace('authn/',''))
diff --git a/views/logout.vm b/views/logout.vm
index 0b9103b..3d8d50b 100644
--- a/views/logout.vm
+++ b/views/logout.vm
@@ -25,13 +25,11 @@
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1.0">
- #*
#if ($promptForSP)
<meta http-equiv="refresh" content="10;url=$flowExecutionUrl&_eventId=propagate">
#elseif ($promptForIdP)
<meta http-equiv="refresh" content="10;url=$flowExecutionUrl&_eventId=local">
#end
- *#
<title>#springMessageText("idp.title", "Web Login Service")</title>
<link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
</head>
diff --git a/views/spnego-unavailable.vm b/views/spnego-unavailable.vm
deleted file mode 100644
index 3673f02..0000000
--- a/views/spnego-unavailable.vm
+++ /dev/null
@@ -1,49 +0,0 @@
-##
-## Velocity Template for SPNEGO unauthorized page
-##
-## This is not a Spring Webflow view, but a special view internal to the
-## SPNEGO login flow, so it doesn't contain all of the usual SWF variables.
-##
-## Velocity context will contain the following properties
-## encoder - HTMLEncoder class
-## request - HttpServletRequest
-## response - HttpServletResponse
-## profileRequestContext - root of context tree
-## errorUrl - URL to call to indicate error and return back to the login flow
-##
-#set ($eventKey = $springMacroRequestContext.getMessage("SPNEGOUnavailable", "spnego-unavailable"))
-<!DOCTYPE html>
-<html>
- <head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <title>#springMessageText("idp.title", "Web Login Sevice") - #springMessageText("${eventKey}.title", "Error")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
- </head>
-
- <body onload="window.location = '$errorUrl'">
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- <h3>#springMessageText("idp.title", "Web Login Sevice") - #springMessage("idp.title.suffix", "Error")</h3>
- </header>
-
- <div class="content">
- #springMessageText("${eventKey}.message", "Your web browser doesn't support authentication with your desktop login credentials.")
- <ul class="list list-help">
- <li class="list-help-item">
- <a href="$errorUrl"><span class="item-marker">›</span> #springMessageText("spnego-unavailable.return", "Cancel the attempt.")</a>
- </li>
- </ul>
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
- </body>
-</html>
From 53828be1cdd6f18ccff0bd2291aa8521624b800d Mon Sep 17 00:00:00 2001
From: Paul Caskey <pcaskey@internet2.edu>
Date: Thu, 12 Oct 2023 13:58:12 +0000
Subject: [PATCH 9/9] initial commit for 5.0 default files
---
conf/access-control.xml | 2 +-
conf/admin/admin.properties | 34 +
conf/admin/metrics.xml | 5 +
conf/attribute-filter.xml | 8 +
conf/attribute-resolver.xml | 5 +-
conf/attributes/default-rules.xml | 1 +
conf/attributes/eduCourse.xml | 7 +
conf/attributes/eduPerson.xml | 105 ++-
conf/attributes/inetOrgPerson.xml | 29 +-
conf/attributes/samlSubject.xml | 18 +-
conf/attributes/schac.xml | 382 +++++++++
conf/audit.xml | 4 +
conf/authn/authn.properties | 52 +-
conf/authn/password-authn-config.xml | 39 -
conf/credentials.xml | 9 +-
conf/errors.xml | 1 +
conf/examples/attribute-resolver-ldap.xml | 3 +
conf/global.xml | 3 +
conf/idp.properties | 45 +-
conf/ldap.properties | 11 +-
conf/logback.xml | 25 +-
conf/logback.xml.dist | 29 +-
conf/logback.xml.tmp3 | 29 +-
conf/relying-party.xml | 13 +-
conf/saml-nameid.properties | 4 +-
conf/services.properties | 10 -
credentials/beta1-keys | 100 +++
credentials/idp-backchannel.crt | 44 +-
credentials/idp-backchannel.p12 | Bin 3377 -> 3530 bytes
credentials/idp-encryption.crt | 44 +-
credentials/idp-encryption.key | 74 +-
credentials/idp-signing.crt | 44 +-
credentials/idp-signing.key | 74 +-
credentials/sealer.jks | Bin 502 -> 502 bytes
credentials/sealer.kver | 2 +-
credentials/secrets.properties | 15 +-
edit-webapp/css/consent.css | 150 ----
edit-webapp/css/logout.css | 3 +
edit-webapp/css/main.css | 165 ----
edit-webapp/css/placeholder.css | 802 ++++++++++++++++++
edit-webapp/images/dummylogo-mobile.png | Bin 8208 -> 0 bytes
edit-webapp/images/dummylogo.png | Bin 13742 -> 0 bytes
edit-webapp/images/placeholder-logo.png | Bin 0 -> 2525 bytes
edit-webapp/index.jsp | 31 +
.../expiring-password-flow.xml | 2 +-
flows/user/prefs/prefs-flow.xml | 25 -
messages/messages.properties | 6 +-
views/admin/hello.vm | 101 ++-
views/client-storage/client-storage-read.vm | 39 +-
views/client-storage/client-storage-write.vm | 37 +-
views/error.vm | 47 +-
views/login-error.vm | 8 +-
views/login.vm | 184 ++--
views/logout-complete.vm | 74 +-
views/logout-propagate.vm | 59 +-
views/logout.vm | 79 +-
views/user-prefs.js | 45 -
views/user-prefs.vm | 60 --
58 files changed, 2098 insertions(+), 1089 deletions(-)
create mode 100644 conf/attributes/schac.xml
create mode 100644 credentials/beta1-keys
delete mode 100644 edit-webapp/css/consent.css
delete mode 100644 edit-webapp/css/main.css
create mode 100644 edit-webapp/css/placeholder.css
delete mode 100644 edit-webapp/images/dummylogo-mobile.png
delete mode 100644 edit-webapp/images/dummylogo.png
create mode 100644 edit-webapp/images/placeholder-logo.png
create mode 100644 edit-webapp/index.jsp
delete mode 100644 flows/user/prefs/prefs-flow.xml
delete mode 100644 views/user-prefs.js
delete mode 100644 views/user-prefs.vm
diff --git a/conf/access-control.xml b/conf/access-control.xml
index 3853722..9ed4242 100644
--- a/conf/access-control.xml
+++ b/conf/access-control.xml
@@ -47,7 +47,7 @@
<entry key="AccessByAttribute">
<bean parent="shibboleth.PredicateAccessControl">
<constructor-arg>
- <bean class="net.shibboleth.idp.profile.logic.SimpleAttributePredicate">
+ <bean parent="shibboleth.Conditions.SimpleAttribute">
<property name="attributeValueMap">
<map>
<entry key="eduPersonEntitlement">
diff --git a/conf/admin/admin.properties b/conf/admin/admin.properties
index 7f14b56..8713a81 100644
--- a/conf/admin/admin.properties
+++ b/conf/admin/admin.properties
@@ -4,52 +4,86 @@
#idp.status.accessPolicy = AccessByIPAddress
#idp.status.authenticated = false
#idp.status.nonBrowserSupported = false
+#idp.status.defaultAuthenticationMethods =
#idp.status.resolveAttributes = false
+#idp.status.postAuthenticationFlows =
#idp.reload.logging = Reload
#idp.reload.accessPolicy = AccessByIPAddress
#idp.reload.authenticated = false
#idp.reload.nonBrowserSupported = false
+#idp.reload.defaultAuthenticationMethods =
#idp.reload.resolveAttributes = false
+#idp.reload.postAuthenticationFlows =
#idp.resolvertest.logging = ResolverTest
#idp.resolvertest.accessPolicy = AccessByIPAddress
#idp.resolvertest.authenticated = false
#idp.resolvertest.nonBrowserSupported = false
+#idp.resolvertest.defaultAuthenticationMethods =
#idp.resolvertest.resolveAttributes = false
+#idp.resolvertest.postAuthenticationFlows =
+
+#idp.dumpconfig.logging = DumpConfig
+#idp.dumpconfig.accessPolicy = AccessByIPAddress
+#idp.dumpconfig.authenticated = false
+#idp.dumpconfig.nonBrowserSupported = false
+#idp.dumpconfig.defaultAuthenticationMethods =
+#idp.dumpconfig.resolveAttributes = false
+#idp.dumpconfig.postAuthenticationFlows =
#idp.mdquery.logging = MetadataQuery
#idp.mdquery.accessPolicy = AccessByIPAddress
#idp.mdquery.authenticated = false
#idp.mdquery.nonBrowserSupported = false
+#idp.mdquery.defaultAuthenticationMethods =
#idp.mdquery.resolveAttributes = false
+#idp.mdquery.postAuthenticationFlows =
#idp.metrics.logging = Metrics
#idp.metrics.authenticated = false
#idp.metrics.nonBrowserSupported = false
+#idp.metrics.defaultAuthenticationMethods =
#idp.metrics.resolveAttributes = false
+#idp.metrics.postAuthenticationFlows =
# See admin/metrics.xml for other configuration
#idp.hello.logging = Hello
#idp.hello.accessPolicy = AccessByAdminUser
#idp.hello.authenticated = true
#idp.hello.nonBrowserSupported = false
+#idp.hello.defaultAuthenticationMethods =
#idp.hello.resolveAttributes = true
+#idp.hello.postAuthenticationFlows =
#idp.lockout.logging = Lockout
#idp.lockout.accessPolicy = AccessDenied
#idp.lockout.authenticated = false
#idp.lockout.nonBrowserSupported = false
+#idp.lockout.defaultAuthenticationMethods =
#idp.lockout.resolveAttributes = false
+#idp.lockout.postAuthenticationFlows =
+
+#idp.revocation.logging = Revocation
+#idp.revocation.accessPolicy = AccessDenied
+#idp.revocation.authenticated = false
+#idp.revocation.nonBrowserSupported = false
+#idp.revocation.defaultAuthenticationMethods =
+#idp.revocation.resolveAttributes = false
+#idp.revocation.postAuthenticationFlows =
#idp.storage.logging = Storage
#idp.storage.accessPolicy = AccessDenied
#idp.storage.authenticated = false
#idp.storage.nonBrowserSupported = false
+#idp.storage.defaultAuthenticationMethods =
#idp.storage.resolveAttributes = false
+#idp.storage.postAuthenticationFlows =
#idp.unlock-keys.logging = UnlockKeys
#idp.unlock-keys.accessPolicy = AccessDenied
#idp.unlock-keys.authenticated = true
#idp.unlock-keys.nonBrowserSupported = false
+#idp.unlock-keys.defaultAuthenticationMethods =
#idp.unlock-keys.resolveAttributes = false
+#idp.unlock-keys.postAuthenticationFlows =
diff --git a/conf/admin/metrics.xml b/conf/admin/metrics.xml
index 208ab6b..7ac0735 100644
--- a/conf/admin/metrics.xml
+++ b/conf/admin/metrics.xml
@@ -31,6 +31,10 @@
<ref bean="shibboleth.metrics.AttributeFilterGaugeSet" />
<ref bean="shibboleth.metrics.CASServiceRegistryGaugeSet" />
<ref bean="shibboleth.metrics.ManagedBeanGaugeSet" />
+ <ref bean="shibboleth.metrics.ModuleGaugeSet" />
+
+ <!-- Note that this accesses remote "state" regarding IdP and plugin updates. -->
+ <ref bean="shibboleth.metrics.InstallableComponents" />
<!--
<bean class="com.codahale.metrics.jvm.CachedThreadStatesGaugeSet"
@@ -55,6 +59,7 @@
<util:map id="shibboleth.metrics.MetricGroups">
<entry key="core" value-ref="shibboleth.metrics.CoreGaugeSet" />
<entry key="idp" value-ref="shibboleth.metrics.IdPGaugeSet" />
+ <entry key="updates" value-ref="shibboleth.metrics.InstallableComponents" />
<entry key="logging" value-ref="shibboleth.metrics.LoggingGaugeSet" />
<entry key="access" value-ref="shibboleth.metrics.AccessControlGaugeSet" />
<entry key="metadata" value-ref="shibboleth.metrics.MetadataGaugeSet" />
diff --git a/conf/attribute-filter.xml b/conf/attribute-filter.xml
index 7787d0c..c2bf890 100644
--- a/conf/attribute-filter.xml
+++ b/conf/attribute-filter.xml
@@ -14,6 +14,14 @@
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:mace:shibboleth:2.0:afp http://shibboleth.net/schema/idp/shibboleth-afp.xsd">
+
+ <!-- Release home org signifier to everybody. -->
+ <AttributeFilterPolicy id="alwaysRelease">
+ <PolicyRequirementRule xsi:type="ANY" />
+
+ <AttributeRule attributeID="schacHomeOrganization" permitAny="true" />
+ </AttributeFilterPolicy>
+
<!--
Example rule relying on a locally applied tag in metadata to trigger attribute
release of some specific attributes. Add additional attributes as desired.
diff --git a/conf/attribute-resolver.xml b/conf/attribute-resolver.xml
index 8d16a59..dd5545f 100644
--- a/conf/attribute-resolver.xml
+++ b/conf/attribute-resolver.xml
@@ -66,7 +66,10 @@ list of possible components and their options.
<!-- Data Connectors -->
<!-- ========================================== -->
- <DataConnector id="staticAttributes" xsi:type="Static">
+ <DataConnector id="staticAttributes" xsi:type="Static" exportAttributes="schacHomeOrganization">
+ <Attribute id="schacHomeOrganization">
+ <Value>%{idp.scope}</Value>
+ </Attribute>
<Attribute id="affiliation">
<Value>member</Value>
</Attribute>
diff --git a/conf/attributes/default-rules.xml b/conf/attributes/default-rules.xml
index c865157..db8f1a1 100644
--- a/conf/attributes/default-rules.xml
+++ b/conf/attributes/default-rules.xml
@@ -23,6 +23,7 @@
<import resource="inetOrgPerson.xml" />
<import resource="eduPerson.xml" />
<import resource="eduCourse.xml" />
+ <import resource="schac.xml" />
<import resource="samlSubject.xml" />
</beans>
diff --git a/conf/attributes/eduCourse.xml b/conf/attributes/eduCourse.xml
index 6794da6..96341c3 100644
--- a/conf/attributes/eduCourse.xml
+++ b/conf/attributes/eduCourse.xml
@@ -12,6 +12,13 @@
default-init-method="initialize"
default-destroy-method="destroy">
+ <!--
+ Note that all built-in rules rely on URI-naming and thus include the implied settings:
+
+ <prop key="saml2.nameFormat">urn:oasis:names:tc:SAML:2.0:attrname-format:uri</prop>
+ <prop key="saml1.namespace">urn:mace:shibboleth:1.0:attributeNamespace:uri</prop>
+ -->
+
<bean parent="shibboleth.TranscodingRuleLoader">
<constructor-arg>
<list>
diff --git a/conf/attributes/eduPerson.xml b/conf/attributes/eduPerson.xml
index afe1299..115967c 100644
--- a/conf/attributes/eduPerson.xml
+++ b/conf/attributes/eduPerson.xml
@@ -11,6 +11,13 @@
default-init-method="initialize"
default-destroy-method="destroy">
+
+ <!--
+ Note that all built-in rules rely on URI-naming and thus include the implied settings:
+
+ <prop key="saml2.nameFormat">urn:oasis:names:tc:SAML:2.0:attrname-format:uri</prop>
+ <prop key="saml1.namespace">urn:mace:shibboleth:1.0:attributeNamespace:uri</prop>
+ -->
<bean parent="shibboleth.TranscodingRuleLoader">
<constructor-arg>
@@ -26,13 +33,13 @@
<prop key="displayName.en">Affiliation</prop>
<prop key="displayName.de">Zugehörigkeit</prop>
<prop key="displayName.fr">Affiliation</prop>
- <prop key="displayName.it">Tipo di membro</prop>
+ <prop key="displayName.it">Affiliazione</prop>
<prop key="displayName.ja">職位</prop>
<prop key="description.en">Affiliation: Type of affiliation with Home Organization</prop>
<prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
<prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
<prop key="description.fr">Type d'affiliation dans l'organisation</prop>
- <prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
+ <prop key="description.it">Affiliazione: Tipo di affiliazione presso l'organizzazione</prop>
<prop key="description.ja">所属機関における職位(faculty,staff,student,memberなど)</prop>
</props>
</property>
@@ -48,12 +55,12 @@
<prop key="displayName.en">Assurance level</prop>
<prop key="displayName.de">Vertrauensgrad</prop>
<prop key="displayName.fr">Niveau de confiance</prop>
- <prop key="displayName.it">Livello di sicurezza</prop>
+ <prop key="displayName.it">Livello di garanzia dell'identita'</prop>
<prop key="displayName.ja">保証レベル</prop>
- <prop key="description.en">Set of URIs that assert compliance with specific standards for identity assurance.</prop>
+ <prop key="description.en">Set of URIs that assert compliance with specific standards for identity assurance</prop>
<prop key="description.de">URIs die eine gewisse Zusicherung für spezifische Standards des Vertrauens beinhalten</prop>
<prop key="description.fr">Un ensemble d'URI qui attestent la conformité selon un standard pour les niveaux d'assurance d'identités</prop>
- <prop key="description.it">Un insieme di URI che asseriscono l'osservanza dei livelli di sicurezza richiesti</prop>
+ <prop key="description.it">Un insieme di URI che asseriscono l'osservanza dei livelli di garanzia dell'identita'</prop>
<prop key="description.ja">IDの保証レベルに関して特定の基準に準拠していることを示すURI</prop>
</props>
</property>
@@ -68,13 +75,13 @@
<prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonEntitlement</prop>
<prop key="displayName.en">Entitlement</prop>
<prop key="displayName.de">Berechtigung</prop>
- <prop key="displayName.fr">Entitlement</prop>
- <prop key="displayName.it">Prerogativa</prop>
+ <prop key="displayName.fr">Membre de</prop>
+ <prop key="displayName.it">Diritti</prop>
<prop key="displayName.ja">資格情報</prop>
<prop key="description.en">Member of: URI (either URL or URN) that indicates a set of rights to specific resources based on an agreement across the releavant community</prop>
<prop key="description.de">Zeichenkette, die Rechte für spezifische Ressourcen beschreibt</prop>
- <prop key="description.fr">Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès.</prop>
- <prop key="description.it">Membro delle seguenti URI (sia URL o URN) che rappresentano diritti specifici d'accesso validi in tutta la communità</prop>
+ <prop key="description.fr">Membre de: URI (soit une URL ou une URN) décrivant un droit spécific d'accès</prop>
+ <prop key="description.it">Membro di: URI (sia URL, sia URN) che rappresentano diritti su specifiche risorse e basati su accordi tra le comunità interessate</prop>
<prop key="description.ja">特定のアプリケーションもしくはコミュニティ内の複数リソースへのアクセス権限を持つことを示すURI(URLもしくはURN)</prop>
</props>
</property>
@@ -91,13 +98,13 @@
<prop key="displayName.de">Kurzname</prop>
<prop key="displayName.de-ch">Übername</prop>
<prop key="displayName.fr">Surnom</prop>
- <prop key="displayName.it">Diminutivo</prop>
+ <prop key="displayName.it">Soprannome</prop>
<prop key="displayName.ja">ニックネーム</prop>
- <prop key="description.en">Person's nickname, or the informal name by which they are accustomed to be hailed.</prop>
- <prop key="description.de">Kurzname einer Person, oder üblicher Rufname zur Begrüßung.</prop>
- <prop key="description.de-ch">Übername einer Person, oder üblicher Rufname zur Begrüssung.</prop>
- <prop key="description.fr">Nom personnalisable pour un usage informel.</prop>
- <prop key="description.it">Diminutivo della persona, o soprannome.</prop>
+ <prop key="description.en">Person's nickname, or the informal name by which they are accustomed to be hailed</prop>
+ <prop key="description.de">Kurzname einer Person, oder üblicher Rufname zur Begrüßung</prop>
+ <prop key="description.de-ch">Übername einer Person, oder üblicher Rufname zur Begrüssung</prop>
+ <prop key="description.fr">Nom personnalisable pour un usage informel</prop>
+ <prop key="description.it">Soprannome della persona</prop>
<prop key="description.ja">利用者のニックネームもしくは通称</prop>
</props>
</property>
@@ -111,7 +118,7 @@
<prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.3</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonOrgDN</prop>
<prop key="displayName.en">Organization distinguished name</prop>
- <prop key="description.en">Distinguished name (DN) of the directory entry representing the institution with which the person is associated.</prop>
+ <prop key="description.en">Distinguished name (DN) of the directory entry representing the institution with which the person is associated</prop>
</props>
</property>
</bean>
@@ -124,7 +131,9 @@
<prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.4</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonOrgUnitDN</prop>
<prop key="displayName.en">Organization unit distinguished name</prop>
- <prop key="description.en">Distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s).</prop>
+ <prop key="displayName.fr">Structures de rattachement</prop>
+ <prop key="description.en">Distinguished name(s) (DN) of the directory entries representing the person's Organizational Unit(s)</prop>
+ <prop key="description.fr">Structures d'affectation (composante, service...) de la personne dans l'annuaire</prop>
</props>
</property>
</bean>
@@ -137,7 +146,9 @@
<prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.16</prop>
<prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.16</prop>
<prop key="displayName.en">ORCID</prop>
- <prop key="description.en">ORCID researcher identifier(s) belonging to a person.</prop>
+ <prop key="displayName.fr">identifiants ORCID</prop>
+ <prop key="description.en">ORCID researcher identifier(s) belonging to a person</prop>
+ <prop key="description.fr">Identifiant(s) ORCID d'une personne</prop>
</props>
</property>
</bean>
@@ -151,13 +162,13 @@
<prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrimaryAffiliation</prop>
<prop key="displayName.en">Primary affiliation</prop>
<prop key="displayName.de">Primäre Zugehörigkeit</prop>
- <prop key="displayName.fr">Affiliation pricipale</prop>
- <prop key="displayName.it">Appartenenza principale</prop>
+ <prop key="displayName.fr">Affiliation principale</prop>
+ <prop key="displayName.it">Affiliazione principale</prop>
<prop key="displayName.ja">主要職位</prop>
<prop key="description.en">Specifies the person's primary relationship to the institution in broad categories such as student, faculty, staff, alum, etc.</prop>
<prop key="description.de">Spezifiziert der Hauptbeziehung einer Person innerhalb ihrer Organisation in groben Kategorien wie Student, Mitarbeiter, Alumni, etc.</prop>
<prop key="description.fr">Spécifie la relation principale d'une personne avec l'institution selon des majeures catégories comme étudiant, collaborateur, alumni etc.</prop>
- <prop key="description.it">Specifica la relazione principale dell persona con l'istituzione secondo le maggiori categorie come studente, collaboratore, alumni, etc.</prop>
+ <prop key="description.it">Specifica la relazione principale della persona con l'istituzione secondo le categorie studente, collaboratore, alumni, etc.</prop>
<prop key="description.ja">所属機関における主要な職位(faculty,staff,student,memberなど)</prop>
</props>
</property>
@@ -171,7 +182,9 @@
<prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.8</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:eduPersonPrimaryOrgUnitDN</prop>
<prop key="displayName.en">Primary organization unit distinguished name</prop>
- <prop key="description.en">Distinguished name (DN) of the directory entry representing the person's primary Organizational Unit.</prop>
+ <prop key="displayName.fr">Structure de rattachement principal</prop>
+ <prop key="description.en">Distinguished name (DN) of the directory entry representing the person's primary Organizational Unit</prop>
+ <prop key="description.fr">Structure (composante, service) dans l'annuaire considérée comme affectation principale de la personne</prop>
</props>
</property>
</bean>
@@ -186,10 +199,10 @@
<prop key="saml1.encodeType">false</prop>
<prop key="displayName.en">Principal name</prop>
<prop key="displayName.de">Persönliche ID</prop>
- <prop key="displayName.fr">Principal Name</prop>
- <prop key="displayName.it">Principal Name</prop>
+ <prop key="displayName.fr">Identifiant unique</prop>
+ <prop key="displayName.it">ID personale</prop>
<prop key="displayName.ja">プリンシパルID</prop>
- <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification</prop>
<prop key="description.de">Eindeutige Benutzeridentifikation</prop>
<prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
<prop key="description.fr">L'identifiant unique de l'utilisateur</prop>
@@ -208,7 +221,9 @@
<prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.12</prop>
<prop key="saml1.encodeType">false</prop>
<prop key="displayName.en">Prior principal name(s)</prop>
- <prop key="description.en">eduPersonPrincipalName value(s) previously associated with the entry.</prop>
+ <prop key="displayName.fr">Anciens identifiants EPPN</prop>
+ <prop key="description.en">eduPersonPrincipalName value(s) previously associated with the entry</prop>
+ <prop key="description.fr">Liste des valeurs de l'attribut eduPersonPrincipalName précédemment attribuées à la personne</prop>
</props>
</property>
</bean>
@@ -224,13 +239,13 @@
<prop key="displayName.en">Scoped affiliation</prop>
<prop key="displayName.de">Zugehörigkeit</prop>
<prop key="displayName.fr">Affiliation</prop>
- <prop key="displayName.it">Tipo di membro</prop>
+ <prop key="displayName.it">Affiliazione</prop>
<prop key="displayName.ja">スコープ付き職位</prop>
<prop key="description.en">Specifies the person's affiliation within a particular security domain</prop>
<prop key="description.de">Art der Zugehörigkeit zur Heimatorganisation</prop>
<prop key="description.de-ch">Art der Zugehörigkeit zur Heimorganisation</prop>
<prop key="description.fr">Type d'affiliation dans l'organisation</prop>
- <prop key="description.it">Tipo di membro: Tipo di lavoro svolto per l'organizzazione</prop>
+ <prop key="description.it">Affiliazione: Tipo di affiliazione pressocon l'organizzazione</prop>
<prop key="description.ja">セキュリティドメインのスコープが付いた所属機関における職位</prop>
</props>
</property>
@@ -247,18 +262,46 @@
<prop key="displayName.en">Unique ID</prop>
<prop key="displayName.de">Eindeutige ID</prop>
<prop key="displayName.fr">ID unique</prop>
- <prop key="displayName.it">ID unico</prop>
+ <prop key="displayName.it">ID univoco</prop>
<prop key="displayName.ja">ユニークID</prop>
- <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification</prop>
<prop key="description.de">Eindeutige Benutzeridentifikation</prop>
<prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
<prop key="description.fr">Identifiant unique de l'utilisateur</prop>
- <prop key="description.it">Un identificativo personale che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
+ <prop key="description.it">Un identificativo univoco che identifica chiaramente l'utente in seno alla sua organizzazione</prop>
<prop key="description.ja">フェデレーション内で一意で永続的かつ難読化された利用者識別子(後継はサブジェクトID)</prop>
</props>
</property>
</bean>
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonAnalyticsTag</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder CASStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.17</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.17</prop>
+ <prop key="saml1.encodeType">false</prop>
+ <prop key="displayName.en">Aggregated analytics tag</prop>
+ <prop key="description.en">Opaque string that aggregates the use of a service by a set of subjects for the purpose of reporting or analytics</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">eduPersonDisplayPronouns</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder CASStringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.18</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.5923.1.1.1.18</prop>
+ <prop key="saml1.encodeType">false</prop>
+ <prop key="displayName.en">Display Pronouns</prop>
+ <prop key="description.en">Personal pronouns by which the person prefers to be identified</prop>
+ </props>
+ </property>
+ </bean>
+
</list>
</constructor-arg>
</bean>
diff --git a/conf/attributes/inetOrgPerson.xml b/conf/attributes/inetOrgPerson.xml
index f2aebb1..2ab78ef 100644
--- a/conf/attributes/inetOrgPerson.xml
+++ b/conf/attributes/inetOrgPerson.xml
@@ -12,6 +12,13 @@
default-init-method="initialize"
default-destroy-method="destroy">
+ <!--
+ Note that all built-in rules rely on URI-naming and thus include the implied settings:
+
+ <prop key="saml2.nameFormat">urn:oasis:names:tc:SAML:2.0:attrname-format:uri</prop>
+ <prop key="saml1.namespace">urn:mace:shibboleth:1.0:attributeNamespace:uri</prop>
+ -->
+
<!-- https://tools.ietf.org/html/rfc2798 -->
<bean parent="shibboleth.TranscodingRuleLoader">
@@ -26,7 +33,9 @@
<prop key="saml2.name">urn:oid:2.5.4.3</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:cn</prop>
<prop key="displayName.en">Common name</prop>
+ <prop key="displayName.fr">Nom et Prénom</prop>
<prop key="description.en">Common name of a person</prop>
+ <prop key="description.fr">Nom complet sans accent d'une personne</prop>
</props>
</property>
</bean>
@@ -39,9 +48,11 @@
<prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.2</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:departmentNumber</prop>
<prop key="displayName.en">Department number</prop>
+ <prop key="displayName.fr">departmentNumber</prop>
<prop key="displayName.de">Abteilungsnummer</prop>
<prop key="description.en">Department number</prop>
<prop key="description.de">Nummer der Abteilung</prop>
+ <prop key="description.fr">Identifiant du département dans l'organisation</prop>
</props>
</property>
</bean>
@@ -58,7 +69,7 @@
<prop key="displayName.fr">Nom</prop>
<prop key="displayName.it">Nome</prop>
<prop key="displayName.ja">表示名</prop>
- <prop key="description.en">The name that should appear in white-pages-like applications for this person.</prop>
+ <prop key="description.en">The name that should appear in white-pages-like applications for this person</prop>
<prop key="description.de">Anzeigename</prop>
<prop key="description.fr">Nom complet d'affichage</prop>
<prop key="description.it">Nome</prop>
@@ -96,7 +107,9 @@
<prop key="saml2.name">urn:oid:2.16.840.1.113730.3.1.4</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:employeeType</prop>
<prop key="displayName.en">Employee type</prop>
+ <prop key="displayName.fr">Type d'employé</prop>
<prop key="description.en">Employee type</prop>
+ <prop key="description.fr">Catégorie d'employé dans l'organisation</prop>
</props>
</property>
</bean>
@@ -195,7 +208,7 @@
<prop key="saml1.name">urn:mace:dir:attribute-def:l</prop>
<prop key="displayName.en">Locality name</prop>
<prop key="displayName.de">Ort</prop>
- <prop key="displayName.fr">Locality name</prop>
+ <prop key="displayName.fr">Localité</prop>
<prop key="displayName.ja">場所(L)</prop>
<prop key="description.en">Locality name</prop>
<prop key="description.de">Ort</prop>
@@ -398,7 +411,7 @@
<prop key="displayName.ja">姓</prop>
<prop key="description.en">Surname or family name</prop>
<prop key="description.de">Familienname</prop>
- <prop key="description.fr">Nom de famille de l'utilisateur.</prop>
+ <prop key="description.fr">Nom de famille de l'utilisateur</prop>
<prop key="description.it">Cognome dell'utilizzatore</prop>
<prop key="description.ja">氏名(姓)の英語表記</prop>
</props>
@@ -413,8 +426,10 @@
<prop key="saml2.name">urn:oid:2.5.4.8</prop>
<prop key="saml1.name">urn:mace:dir:attribute-def:st</prop>
<prop key="displayName.en">State or province name</prop>
+ <prop key="displayName.fr">Etat ou nom de province</prop>
<prop key="displayName.ja">都道府県もしくは州や省(ST)</prop>
<prop key="description.en">State or province name</prop>
+ <prop key="description.fr">Etat ou nom de province</prop>
<prop key="description.ja">州名や省名 国によって異なり日本の場合は都道府県名</prop>
</props>
</property>
@@ -494,10 +509,10 @@
<prop key="displayName.fr">ID utilisateur</prop>
<prop key="displayName.it">ID dell'utente</prop>
<prop key="displayName.ja">ユーザID</prop>
- <prop key="description.en">A unique identifier for a person, mainly used for user identification within the user's home organization.</prop>
- <prop key="description.de">Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird.</prop>
- <prop key="description.fr">Identifiant de connexion d'une personnes sur les systèmes informatiques.</prop>
- <prop key="description.it">Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza.</prop>
+ <prop key="description.en">A unique identifier for a person, mainly used for user identification within the user's home organization</prop>
+ <prop key="description.de">Eine eindeutige Nummer für eine Person, welche hauptsächlich zur Identifikation innerhalb der Organisation benutzt wird</prop>
+ <prop key="description.fr">Identifiant de connexion d'une personnes sur les systèmes informatiques</prop>
+ <prop key="description.it">Identificativo unico della persona, usato per l'identificazione dell'utente all'interno della organizzazione di appartenenza</prop>
<prop key="description.ja">所属機関内で一意の利用者識別子</prop>
</props>
</property>
diff --git a/conf/attributes/samlSubject.xml b/conf/attributes/samlSubject.xml
index dac9a59..3ffa3cc 100644
--- a/conf/attributes/samlSubject.xml
+++ b/conf/attributes/samlSubject.xml
@@ -12,6 +12,12 @@
default-init-method="initialize"
default-destroy-method="destroy">
+ <!--
+ Note that all built-in rules rely on URI-naming and thus include the implied settings:
+
+ <prop key="saml2.nameFormat">urn:oasis:names:tc:SAML:2.0:attrname-format:uri</prop>
+ -->
+
<!-- https://wiki.oasis-open.org/security/SAMLSubjectIDAttr -->
<bean parent="shibboleth.TranscodingRuleLoader">
@@ -29,7 +35,7 @@
<prop key="displayName.fr">ID unique</prop>
<prop key="displayName.it">ID unico</prop>
<prop key="displayName.ja">サブジェクトID</prop>
- <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification.</prop>
+ <prop key="description.en">A unique identifier for a person, mainly for inter-institutional user identification</prop>
<prop key="description.de">Eindeutige Benutzeridentifikation</prop>
<prop key="description.de-ch">Eindeutige Benützeridentifikation</prop>
<prop key="description.fr">Identifiant unique de l'utilisateur</prop>
@@ -50,11 +56,11 @@
<prop key="displayName.fr">Pairwise ID</prop>
<prop key="displayName.it">Pairwise ID</prop>
<prop key="displayName.ja">ペアワイズID</prop>
- <prop key="description.en">Pairwise ID: A unique identifier for a person, different for each service provider.</prop>
- <prop key="description.de">Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider.</prop>
- <prop key="description.de-ch">Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider.</prop>
- <prop key="description.fr">Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service.</prop>
- <prop key="description.it">Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio.</prop>
+ <prop key="description.en">Pairwise ID: A unique identifier for a person, different for each service provider</prop>
+ <prop key="description.de">Pairwise ID: Eindeutige Benutzeridentifikation, unterschiedlich pro Service Provider</prop>
+ <prop key="description.de-ch">Pairwise ID: Eindeutige Benützeridentifikation, unterschiedlich pro Service Provider</prop>
+ <prop key="description.fr">Pairwise ID: Un identifiant unique de l'utilisateur, différent pour chaque fournisseur de service</prop>
+ <prop key="description.it">Pairwise ID: identificativo unico della persona, differente per ogni fornitore di servizio</prop>
<prop key="description.ja">フェデレーション内で一意かつSP毎に送出される値が異なる利用者識別子(eduPersonTargetedIDの後継)</prop>
</props>
</property>
diff --git a/conf/attributes/schac.xml b/conf/attributes/schac.xml
new file mode 100644
index 0000000..2e0db26
--- /dev/null
+++ b/conf/attributes/schac.xml
@@ -0,0 +1,382 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:util="http://www.springframework.org/schema/util"
+ xmlns:p="http://www.springframework.org/schema/p"
+ xmlns:c="http://www.springframework.org/schema/c"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd
+ http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd"
+
+ default-init-method="initialize"
+ default-destroy-method="destroy">
+
+ <!--
+ Note that all built-in rules rely on URI-naming and thus include the implied settings:
+
+ <prop key="saml2.nameFormat">urn:oasis:names:tc:SAML:2.0:attrname-format:uri</prop>
+ <prop key="saml1.namespace">urn:mace:shibboleth:1.0:attributeNamespace:uri</prop>
+ -->
+
+ <bean parent="shibboleth.TranscodingRuleLoader">
+ <constructor-arg>
+ <list>
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacMotherTongue</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.1</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.1</prop>
+ <prop key="displayName.en">Mother Tongue</prop>
+ <prop key="displayName.fr">Langue maternelle</prop>
+ <prop key="displayName.it">Lingua Madre</prop>
+ <prop key="description.en">Mother Tongue of the user</prop>
+ <prop key="description.fr">Langue maternelle (la langue apprise en premier par une personne : fr</prop>
+ <prop key="description.it">Lingua Madre dell'utente</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacGender</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.2</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.2</prop>
+ <prop key="displayName.en">Gender</prop>
+ <prop key="displayName.fr">Genre</prop>
+ <prop key="displayName.it">Genere</prop>
+ <prop key="description.en">Gender of the user</prop>
+ <prop key="description.fr">Genre de la personne : un chiffre (0 "Not known, 1 "Male", 2 "Female", 9 "Not specified")</prop>
+ <prop key="description.it">Genere dell'utente</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacDateOfBirth</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.3</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.3</prop>
+ <prop key="displayName.en">Date or Birth</prop>
+ <prop key="displayName.fr">Date de naissance</prop>
+ <prop key="displayName.it">Giorno di nascita</prop>
+ <prop key="description.en">The date of birth for the subject it is associated with</prop>
+ <prop key="description.fr">Date de naissance au format "YYYYMMJJ"</prop>
+ <prop key="description.it">Giorno di nascita del soggetto</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacYearOfBirth</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.0.2.3</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.0.2.3</prop>
+ <prop key="displayName.en">Year of birth</prop>
+ <prop key="displayName.fr">Année de naissance</prop>
+ <prop key="displayName.it">Anno di nascita</prop>
+ <prop key="description.en">The year of birth for the subject it is associated with</prop>
+ <prop key="description.fr">Année de naissance au format "YYYY"</prop>
+ <prop key="description.it">Anno di nascita del soggetto</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacPlaceOfBirth</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.4</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.4</prop>
+ <prop key="displayName.en">Place of Birth</prop>
+ <prop key="displayName.fr">Lieu de naissance</prop>
+ <prop key="displayName.it">Luogo di nascita</prop>
+ <prop key="description.en">The place of birth for the subject it is associated with</prop>
+ <prop key="description.fr">Lieu de naissance</prop>
+ <prop key="description.it">Luogo di nascita del soggetto</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacCountryOfCitizenship</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.5</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.5</prop>
+ <prop key="displayName.en">Country of Citizenship</prop>
+ <prop key="displayName.fr">Nationalité</prop>
+ <prop key="description.en">The countries of citizenship for the subject it is associated with</prop>
+ <prop key="description.fr">Pays où une personne est un citoyen : 2 lettres au format ISO 3166 (fr, es...)</prop>
+ <prop key="description.it">Cittadinanza</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacSn1</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.6</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.6</prop>
+ <prop key="displayName.en">First Surname</prop>
+ <prop key="displayName.fr">Premier nom</prop>
+ <prop key="displayName.it">Primo Cognome</prop>
+ <prop key="description.en">First surname of a person ("the surname" in international terms)</prop>
+ <prop key="description.fr">Premier nom d'une personne</prop>
+ <prop key="description.it">Il cognome di una persona</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacSn2</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.7</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.7</prop>
+ <prop key="displayName.en">Second Surname</prop>
+ <prop key="displayName.fr">Second nom</prop>
+ <prop key="displayName.it">Secondo Cognome</prop>
+ <prop key="description.en">Second surname of a person</prop>
+ <prop key="description.fr">Second nom d'une personne</prop>
+ <prop key="description.it">Secondo cognome di una persona</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacPersonalTitle</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.8</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.8</prop>
+ <prop key="displayName.en">Personal Title</prop>
+ <prop key="displayName.fr">Titre</prop>
+ <prop key="displayName.it">Soprannome</prop>
+ <prop key="description.en">Nice name used for the user</prop>
+ <prop key="description.fr">Titre de la personne</prop>
+ <prop key="description.it">Titolo usato per salutare l'utente</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacHomeOrganization</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.9</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.9</prop>
+ <prop key="displayName.en">Home Organization</prop>
+ <prop key="displayName.fi">Kotiorganisaatio</prop>
+ <prop key="displayName.fr">Organisme</prop>
+ <prop key="displayName.it">Dominio dell'istituzione</prop>
+ <prop key="description.en">The domain name of the person's home organisation</prop>
+ <prop key="description.fi">Henkilön kotiorganisaation domain-nimi</prop>
+ <prop key="description.fr">Nom de domaine DNS de l'organisme d'origine d'une personne</prop>
+ <prop key="description.it">Dominio dell'istituzione</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacHomeOrganizationType</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.10</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.10</prop>
+ <prop key="displayName.en">Home organization type</prop>
+ <prop key="displayName.fi">Kotiorganisaation tyyppi</prop>
+ <prop key="displayName.fr">Type d'organisme</prop>
+ <prop key="displayName.it">Tipo di organizzazione di appartenenza (internazionale)</prop>
+ <prop key="description.en">Home organisation type: university, polytechnic, etc</prop>
+ <prop key="description.fi">Kotiorganisaation tyyppi: yliopisto, ammattikorkeakoulu jne</prop>
+ <prop key="description.fr">Type d'organisme d'origine d'une personne</prop>
+ <prop key="description.it">Tipo di organizzazione di appartenenza</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacCountryOfResidence</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.11</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.11</prop>
+ <prop key="displayName.en">Country of Residence</prop>
+ <prop key="displayName.fr">Pays de résidence</prop>
+ <prop key="displayName.it">Residenza</prop>
+ <prop key="description.en">The country of residence for the subject</prop>
+ <prop key="description.fr">Pays de résidence : fr, es...</prop>
+ <prop key="description.it">Paese di residenza dell'utente</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacUserPresenceID</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.12</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.12</prop>
+ <prop key="displayName.en">User Presence ID</prop>
+ <prop key="displayName.fr">Identifiant de présence</prop>
+ <prop key="displayName.it">ID utente sulla rete</prop>
+ <prop key="description.en">Identifiers that user collect on the net</prop>
+ <prop key="description.fr">Ensemble de valeurs liées aux protocoles de présence réseau (sip, xmpp, h323...)</prop>
+ <prop key="description.it">Identificativi usati dall'utente sulla rete</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacPersonalPosition</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.13</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.13</prop>
+ <prop key="displayName.en">Personal Position</prop>
+ <prop key="displayName.fr">Position/Rôle</prop>
+ <prop key="displayName.it">Ruolo ricoperto</prop>
+ <prop key="description.en">Personal Position of the user for the institution</prop>
+ <prop key="description.fr">Position/Rôle de la personne au sein d'une institution</prop>
+ <prop key="description.it">Ruolo dell'utente nell'istituzione</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacPersonalUniqueCode</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.14</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.14</prop>
+ <prop key="displayName.en">Personal Unique Code</prop>
+ <prop key="displayName.fr">Code personnel unique</prop>
+ <prop key="displayName.it">Codice Univoco</prop>
+ <prop key="description.en">Unique code for the subject it is associated with</prop>
+ <prop key="description.fr">"Code unique" pour le sujet auquel il est associé (peut être le numéro d'étudiant, le numéro d'employé, ...)</prop>
+ <prop key="description.it">Codice Univoco legato al soggetto</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacPersonalUniqueID</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.15</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.15</prop>
+ <prop key="displayName.en">Personal Unique ID</prop>
+ <prop key="displayName.fr">Identifiant personnel unique</prop>
+ <prop key="displayName.it">ID Legale Univoco</prop>
+ <prop key="description.en">Unique Legal Identifier of a person</prop>
+ <prop key="description.fr">identifiant unique légal (DNI en espagne)</prop>
+ <prop key="description.it">Identificativo Univoco Legale associato alla persona</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacExpiryDate</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.17</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.17</prop>
+ <prop key="displayName.en">Expiry Date</prop>
+ <prop key="displayName.fr">Date d'expiration</prop>
+ <prop key="description.en">The date from which the set of data is to be considered invalid (specifically, in what refers to rights and entitlements)</prop>
+ <prop key="description.fr">Date à partir de laquelle l'ensemble de données de la personne doit être considéré comme invalide, au format "YYYYMMDDhhmmssZ"</prop>
+ <prop key="description.it">Data di scadenza dei dati utente (diritti e titoli)</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacUserPrivateAttribute</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.18</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.18</prop>
+ <prop key="displayName.en">User Private Attribute</prop>
+ <prop key="displayName.fr">Exigences de confidentialité</prop>
+ <prop key="description.en">Datas that the user and/or organization policies want to keep private</prop>
+ <prop key="description.fr">Exigences de confidentialité, telles qu'exprimées par l'utilisateur et / ou les stratégies de l'entreprise</prop>
+ <prop key="description.it">Dati che l'utente o le policy organizzative vogliono tenere private</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacUserStatus</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.19</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.19</prop>
+ <prop key="displayName.en">User Status</prop>
+ <prop key="displayName.fr">Status utilisateur</prop>
+ <prop key="description.en">Set of status of a person as user of services</prop>
+ <prop key="description.fr">Ensemble de status d'une personne en tant qu'utilisateur de services</prop>
+ <prop key="description.it">Stato di attivita' per l'utente sui diversi servizi</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacProjectMembership</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.20</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.20</prop>
+ <prop key="displayName.en">Project Membership</prop>
+ <prop key="displayName.fr">Appartenance au projet</prop>
+ <prop key="description.en">Name of the project the user belongs to</prop>
+ <prop key="description.fr">Nom du projet auquel l'utilisateur appartient</prop>
+ <prop key="description.it">Nome del progetto a cui l'utente appartiene</prop>
+ </props>
+ </property>
+ </bean>
+
+ <bean parent="shibboleth.TranscodingProperties">
+ <property name="properties">
+ <props merge="true">
+ <prop key="id">schacProjectSpecificRole</prop>
+ <prop key="transcoder">SAML2StringTranscoder SAML1StringTranscoder</prop>
+ <prop key="saml2.name">urn:oid:1.3.6.1.4.1.25178.1.2.21</prop>
+ <prop key="saml1.name">urn:oid:1.3.6.1.4.1.25178.1.2.21</prop>
+ <prop key="displayName.en">Project Specific Role</prop>
+ <prop key="displayName.fr">Roles spécifiques au projet</prop>
+ <prop key="description.en">Set of roles inside specific projects for the user</prop>
+ <prop key="description.fr">Ensemble de rôles dans des projets spécifiques</prop>
+ <prop key="description.it">Insieme dei ruoli svolti dall'utente su specifici progetti</prop>
+ </props>
+ </property>
+ </bean>
+ </list>
+ </constructor-arg>
+ </bean>
+</beans>
diff --git a/conf/audit.xml b/conf/audit.xml
index 42d82b8..3c9c408 100644
--- a/conf/audit.xml
+++ b/conf/audit.xml
@@ -29,6 +29,10 @@
<value>http://shibboleth.net/ns/profiles/mdquery</value>
</util:list>
+ <!--
+ You can freely add/change this map to map constants or frequently appearing strings into
+ shorter values in the audit log.
+ -->
<util:map id="shibboleth.AuditFieldReplacementMap">
<entry key="urn:oasis:names:tc:SAML:1.0:am:password" value="password" />
<entry key="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" value="password" />
diff --git a/conf/authn/authn.properties b/conf/authn/authn.properties
index 56111ef..405c522 100644
--- a/conf/authn/authn.properties
+++ b/conf/authn/authn.properties
@@ -24,6 +24,23 @@
# If using IdP discovery feature, provides a discovery location to use.
#idp.authn.discoveryURL = https://ds.example.org/shibboleth-ds/index.html
+# Login flow audit logging (defaults false for log compatibility)
+#idp.authn.audit.enabled = false
+
+# Revocation (administrative logout)
+#idp.authn.revocation = false
+#idp.authn.revocation.lifetime = %{idp.authn.defaultAuthnLifetime:PT12H}
+# Name of BiCondition to apply for check
+#idp.authn.revocation.Condition = shibboleth.RevocationCacheCondition
+# Set to true to treat lookup failures as being revoked.
+#idp.authn.revocation.strict = false
+# Set to true to check for address-based revocation.
+#idp.authn.revocation.addressBased = false
+# Default implementation based on a StorageService bean.
+#idp.authn.revocation.cache = shibboleth.AuthnRevocationCache
+#idp.authn.revocation.StorageService = shibboleth.StorageService
+
+
# Properties below override specific method behavior, as an alternative
# to defining Spring beans in XML. Refer to the documentation for a complete
# list. Many of the properties below are mentioned only because they are
@@ -92,7 +109,14 @@ idp.authn.External.externalAuthnPath = contextRelative:external.jsp
# Unset in most cases only if using the authnMethodHeader or
# subjectAttribute settings
#idp.authn.RemoteUser.addDefaultPrincipals = true
-# Most other settings need to be supplied via web.xml to the servlet
+#idp.authn.RemoteUser.checkRemoteUser = true
+# Comma-delimited lists of attributes or headers to pull from
+#idp.authn.RemoteUser.checkAttributes =
+#idp.authn.RemoteUser.checkHeaders =
+# Advanced settings
+#idp.authn.RemoteUser.subjectAttribute =
+#idp.authn.RemoteUser.authnMethodHeader =
+#idp.authn.RemoteUser.authnAuthorityHeader =
#### RemoteUserInternal ####
@@ -127,6 +151,7 @@ idp.authn.SPNEGO.supportedPrincipals = \
#idp.authn.X509.order = 1000
#idp.authn.X509.nonBrowserSupported = false
+#idp.authn.X509.saveCertificateToCredentialSet = true
# Servlet context-relative path to wherever your implementation lives
#idp.authn.X509.externalAuthnPath = contextRelative:x509-prompt.jsp
idp.authn.X509.supportedPrincipals = \
@@ -160,24 +185,6 @@ idp.authn.IPAddress.supportedPrincipals = \
# Unset if you plan to return full Java Subject from function
#idp.authn.Function.addDefaultPrincipals = true
-#### Duo ####
-
-#idp.authn.Duo.order = 1000
-#idp.authn.Duo.nonBrowserSupported = false
-#idp.authn.Duo.forcedAuthenticationSupported = true
-# Unset if you have advanced Duo integrations with individualized Principals
-#idp.authn.Duo.addDefaultPrincipals = true
-# The list below should be changed to reflect whatever locally- or
-# community-defined values are appropriate to represent Duo. It is
-# strongly advised that the value not be specific to Duo or any
-# particular technology to avoid lock-in.
-idp.authn.Duo.supportedPrincipals = \
- saml2/http://example.org/ac/classes/mfa, \
- saml1/http://example.org/ac/classes/mfa
-# Default Duo integration settings are defined separately
-# in duo.properties due to the sensitivity of the secret key.
-
-
#### SAML ####
#idp.authn.SAML.order = 1000
@@ -193,7 +200,12 @@ idp.authn.Duo.supportedPrincipals = \
#idp.authn.SAML.discoveryRequired = true
# Generally left false with bidirectional mappings in
# conf/authn/authn-comparison.xml across the proxy boundary.
+# Adjust as needed to reflect IdP's capabilities/support.
#idp.authn.SAML.addDefaultPrincipals = false
+#idp.authn.SAML.supportedPrincipals = \
+# saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport, \
+# saml2/urn:oasis:names:tc:SAML:2.0:ac:classes:Password, \
+# saml1/urn:oasis:names:tc:SAML:1.0:am:password
#### MFA ####
@@ -201,6 +213,8 @@ idp.authn.Duo.supportedPrincipals = \
#idp.authn.MFA.passiveAuthenticationSupported = true
#idp.authn.MFA.forcedAuthenticationSupported = true
#idp.authn.MFA.validateLoginTransitions = true
+# Defaults to set AuthnInstant based on oldest component result
+#idp.authn.MFA.useLatestTimestamp = false
# The list below almost certainly requires changes, and should generally be the
# union of any of the separate factors you combine in your particular MFA flow
# rules. The example corresponds to the example in mfa-authn-config.xml that
diff --git a/conf/authn/password-authn-config.xml b/conf/authn/password-authn-config.xml
index 4529b6f..dc10fa1 100644
--- a/conf/authn/password-authn-config.xml
+++ b/conf/authn/password-authn-config.xml
@@ -53,7 +53,6 @@
<entry key="UnknownUsername">
<list>
<value>NoCredentials</value>
- <value>UnknownUsername</value>
<value>CLIENT_NOT_FOUND</value>
<value>Client not found</value>
<value>Cannot get kdc for realm</value>
@@ -78,7 +77,6 @@
</entry>
<entry key="AccountLocked">
<list>
- <value>AccountLocked</value>
<value>Clients credentials have been revoked</value>
<value>AcceptSecurityContext error, data 775</value>
</list>
@@ -102,43 +100,6 @@
<value>ACCOUNT_WARNING</value>
</list>
</entry>
- <entry key="RequestUnsupported">
- <list>
- <value>RequestUnsupported</value>
- </list>
- </entry>
</util:map>
- <!--
- WARNING: This set of features is generally discouraged in favor of the MFA flow,
- and while not deprecated, is not recommended for new deployments.
-
- Configuration of "extended" login methods to offer in the password login form.
-
- The String bean is a regular expression identifying the flows to offer. These flows
- must also be enabled at the "top" level to be available for use.
-
- The ExtendedFlowParameters bean can be used to transfer custom parameters from the
- login form into the context tree for use later by other flows.
-
- The last bean provides the set of custom Principals to use for results produced by the
- Password flow itself. You would use this if you need the Password flow to run as a shell
- to run the "extended" login methods, but want to limit its own results more narrowly.
- -->
- <!--
- <bean id="shibboleth.authn.Password.ExtendedFlows" class="java.lang.String" c:_0="" />
-
- <util:list id="shibboleth.authn.Password.ExtendedFlowParameters">
- </util:list>
-
- <util:list id="shibboleth.authn.Password.PrincipalOverride">
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" />
- <bean parent="shibboleth.SAML2AuthnContextClassRef"
- c:classRef="urn:oasis:names:tc:SAML:2.0:ac:classes:Password" />
- <bean parent="shibboleth.SAML1AuthenticationMethod"
- c:method="urn:oasis:names:tc:SAML:1.0:am:password" />
- </util:list>
- -->
-
</beans>
diff --git a/conf/credentials.xml b/conf/credentials.xml
index dde530b..b40778d 100644
--- a/conf/credentials.xml
+++ b/conf/credentials.xml
@@ -13,8 +13,6 @@
default-destroy-method="destroy">
<!--
- NOTE: if you're using a legacy relying-party.xml file from a V2 configuration, this file is ignored.
-
This defines the signing and encryption key and certificate pairs referenced by your relying-party.xml
configuration. You don't normally need to touch this, unless you have advanced requirements such as
supporting multiple sets of keys for different relying parties, in which case you may want to define
@@ -30,8 +28,7 @@
</util:list>
<!-- Your IdP's default signing key, set via property file. -->
- <bean id="shibboleth.DefaultSigningCredential"
- class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
+ <bean id="shibboleth.DefaultSigningCredential" parent="shibboleth.BasicX509CredentialFactoryBean"
p:privateKeyResource="%{idp.signing.key}"
p:certificateResource="%{idp.signing.cert}"
p:entityId-ref="entityID" />
@@ -48,7 +45,7 @@
<!-- Your IdP's default encryption (really decryption) keys, set via property file. -->
<util:list id="shibboleth.DefaultEncryptionCredentials">
- <bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
+ <bean parent="shibboleth.BasicX509CredentialFactoryBean"
p:privateKeyResource="%{idp.encryption.key}"
p:certificateResource="%{idp.encryption.cert}"
p:entityId-ref="entityID" />
@@ -58,7 +55,7 @@
to point to your new keypair. Once metadata has propagated, comment this one out again.
-->
<!--
- <bean class="net.shibboleth.idp.profile.spring.factory.BasicX509CredentialFactoryBean"
+ <bean parent="shibboleth.BasicX509CredentialFactoryBean"
p:privateKeyResource="%{idp.encryption.key.2}"
p:certificateResource="%{idp.encryption.cert.2}"
p:entityId-ref="entityID" />
diff --git a/conf/errors.xml b/conf/errors.xml
index a9730c0..8d629ab 100644
--- a/conf/errors.xml
+++ b/conf/errors.xml
@@ -27,6 +27,7 @@
<entry key="AttributeReleaseRejected" value="true" />
<entry key="TermsRejected" value="true" />
<entry key="EndpointResolutionFailed" value="true" />
+ <entry key="MessageAuthenticationError" value="true" />
<entry key="RuntimeException" value="false" />
<entry key="InvalidEvent" value="false" />
<entry key="InvalidCSRFToken" value="false" />
diff --git a/conf/examples/attribute-resolver-ldap.xml b/conf/examples/attribute-resolver-ldap.xml
index ec375b4..74b3033 100644
--- a/conf/examples/attribute-resolver-ldap.xml
+++ b/conf/examples/attribute-resolver-ldap.xml
@@ -59,6 +59,7 @@
principal="%{idp.attribute.resolver.LDAP.bindDN}"
principalCredential="%{idp.attribute.resolver.LDAP.bindDNCredential}"
useStartTLS="%{idp.attribute.resolver.LDAP.useStartTLS:true}"
+ startTLSTimeout="%{idp.attribute.resolver.LDAP.startTLSTimeout}"
connectTimeout="%{idp.attribute.resolver.LDAP.connectTimeout}"
trustFile="%{idp.attribute.resolver.LDAP.trustCertificates}"
responseTimeout="%{idp.attribute.resolver.LDAP.responseTimeout}"
@@ -79,7 +80,9 @@
validatePeriodically="%{idp.pool.LDAP.validatePeriodically:true}"
validateTimerPeriod="%{idp.pool.LDAP.validatePeriod:PT5M}"
validateDN="%{idp.pool.LDAP.validateDN:}"
+ validateOnCheckout="%{idp.pool.LDAP.validateOnCheckout:false}"
validateFilter="%{idp.pool.LDAP.validateFilter:(objectClass=*)}"
+ prunePeriod="%{idp.pool.LDAP.prunePeriod:PT5M}"
expirationTime="%{idp.pool.LDAP.idleTime:PT10M}"/>
</DataConnector>
diff --git a/conf/global.xml b/conf/global.xml
index c485f3f..0bfa7bc 100644
--- a/conf/global.xml
+++ b/conf/global.xml
@@ -41,6 +41,9 @@
The example below defines the bean as a map, which allows you to inject multiple objects under
named keys to expand the feature to support multiple injected objects.
+
+ You MUST NOT change the bean(s) referenced in this way, they should be treated as read-only from
+ within views.
-->
<!--
diff --git a/conf/idp.properties b/conf/idp.properties
index 24c20d9..59a6299 100644
--- a/conf/idp.properties
+++ b/conf/idp.properties
@@ -1,3 +1,7 @@
+# Set false if you do not want the IdP to check (asynchronously) whether
+# it can be updated or not when the container starts
+#idp.updateCheck.enable=true
+
# Auto-load all files matching conf/**/*.properties
# Disable if you want to manually maintain a list of sources.
idp.searchForProperties=true
@@ -18,37 +22,48 @@ idp.entityID=https://idp.example.org/idp/shibboleth
# Set to empty value to disable and return a 404.
#idp.entityID.metadataFile=%{idp.home}/metadata/idp-metadata.xml
-# Set the scope used in the attribute resolver for scoped attributes
+# Set the scope used in the attribute resolver for scoped attributes
idp.scope=example.org
# General cookie properties (maxAge only applies to persistent cookies)
#idp.cookie.secure = true
#idp.cookie.httpOnly = true
#idp.cookie.domain =
-#idp.cookie.path =
+# Note the path is now / to allow defaulting to __Host- prefixed names.
+#idp.cookie.path = /
#idp.cookie.maxAge = 31536000
# These control operation of the SameSite filter, which is off by default.
#idp.cookie.sameSite = None
#idp.cookie.sameSiteCondition = shibboleth.Conditions.FALSE
-# Enable cross-site request forgery mitigation for views.
+# Enable cross-site request forgery mitigation for views.
idp.csrf.enabled=true
# Name of the HTTP parameter that stores the CSRF token.
#idp.csrf.token.parameter = csrf_token
# HSTS/CSP response headers
-#idp.hsts = max-age=0
+#idp.hsts = max-age=31536000
# X-Frame-Options value, set to DENY or SAMEORIGIN to block framing
#idp.frameoptions = DENY
# Content-Security-Policy value, set to match X-Frame-Options default
#idp.csp = frame-ancestors 'none';
+# Set to false to disable filter that forcibly applies UTF-8 encoding
+#idp.encoding.forceUTF8 = true
+
+# Enable and control MDC filter
+#idp.logging.MDC.enabled = true
+#idp.logging.MDC.createSession = true
+
# Set the location of user-supplied web flow definitions
#idp.webflows = %{idp.home}/flows
# Set the location of Velocity view templates
#idp.views = %{idp.home}/views
+# Do we fail on velocity "syntax errors"
+#idp.velocity.runtime.strictmode=false
+
# Settings for internal AES encryption key
#idp.sealer.keyStrategy = shibboleth.DataSealerKeyStrategy
#idp.sealer.storeType = JCEKS
@@ -57,9 +72,9 @@ idp.csrf.enabled=true
idp.sealer.storeResource=%{idp.home}/credentials/sealer.jks
idp.sealer.versionResource=%{idp.home}/credentials/sealer.kver
-# Settings for public/private signing and encryption key(s)
-# During decryption key rollover, point the ".2" properties at a second
-# keypair, uncomment in credentials.xml, then publish it in your metadata.
+# Settings for public/private signing and encryption key(s):
+# During decryption key rollover, point the ".2" properties at a second
+# keypair, uncomment in credentials.xml, then publish it in your metadata.
idp.signing.key=%{idp.home}/credentials/idp-signing.key
idp.signing.cert=%{idp.home}/credentials/idp-signing.crt
idp.encryption.key=%{idp.home}/credentials/idp-encryption.key
@@ -96,6 +111,8 @@ idp.trust.certificates=shibboleth.ExplicitKeyX509TrustEngine
# Configuration of client- and server-side storage plugins
#idp.storage.cleanupInterval = PT10M
idp.storage.htmlLocalStorage=true
+#idp.storage.clientSessionStorageName = shib_idp_session_ss
+#idp.storage.clientPersistentStorageName = shib_idp_persistent_ss
# Set to true to expose more detailed errors in responses to SPs
#idp.errors.detailed = false
@@ -111,9 +128,14 @@ idp.storage.htmlLocalStorage=true
# Set to false to disable the IdP session layer
#idp.session.enabled = true
+# Set to true to rely on persistent cookies for session management
+#idp.session.persistent = false
+
# Set to "shibboleth.StorageService" for server-side storage of user sessions
#idp.session.StorageService = shibboleth.ClientSessionStorageService
+# Name of cookie used for session
+#idp.session.cookieName = __Host-shib_idp_session
# Size of session IDs
#idp.session.idSize = 32
# Bind sessions to IP addresses
@@ -149,7 +171,7 @@ idp.session.secondaryServiceIndex=true
# Defaults to text displayed to the user.
#idp.consent.terms-of-use.consentValueMessageCodeSuffix = .text
-# Flags controlling how built-in attribute consent feature operates
+# Flags controlling how built-in attribute consent feature operates
#idp.consent.allowDoNotRemember = true
#idp.consent.allowGlobal = true
#idp.consent.allowPerAttribute = false
@@ -182,11 +204,18 @@ idp.bindings.inMetadataOrder=false
# Whether to require logout requests/responses be signed/authenticated.
#idp.logout.authenticated = true
+# Whether to handle logout lacking response endpoonts as asynchronous.
+#idp.logout.assumeAsync = false
+
+# Whether to hide logout propagation status reporting.
+#idp.logout.propagationHidden = false
+
# Bean to determine whether user should be allowed to cancel logout
#idp.logout.promptUser=shibboleth.Conditions.FALSE
# Message freshness and replay cache tuning
#idp.policy.messageLifetime = PT3M
+#idp.policy.assertionLifetime = PT3M
#idp.policy.clockSkew = PT3M
# Set to custom bean for alternate storage of replay cache
diff --git a/conf/ldap.properties b/conf/ldap.properties
index 45b0be0..a711d75 100644
--- a/conf/ldap.properties
+++ b/conf/ldap.properties
@@ -1,5 +1,5 @@
-# LDAP authentication configuration, see authn/ldap-authn-config.xml
-# Note, this doesn't apply to the use of JAAS
+# LDAP authentication (and possibly attribute resolver) configuration
+# Note, this doesn't apply to the use of JAAS authentication via LDAP
## Authenticator strategy, either anonSearchAuthenticator, bindSearchAuthenticator, directAuthenticator, adAuthenticator
#idp.authn.LDAP.authenticator = anonSearchAuthenticator
@@ -7,9 +7,11 @@
## Connection properties ##
idp.authn.LDAP.ldapURL=ldap://localhost:10389
#idp.authn.LDAP.useStartTLS = true
-# Time in milliseconds that connects will block
+# Time to wait for startTLS responses
+#idp.authn.LDAP.startTLSTimeout = PT3S
+# Time to wait for connections to open
#idp.authn.LDAP.connectTimeout = PT3S
-# Time in milliseconds to wait for responses
+# Time to wait for operation responses (e.g. search, bind)
#idp.authn.LDAP.responseTimeout = PT3S
# Connection strategy to use when multiple URLs are supplied, either ACTIVE_PASSIVE, ROUND_ROBIN, RANDOM
#idp.authn.LDAP.connectionStrategy = ACTIVE_PASSIVE
@@ -51,6 +53,7 @@ idp.attribute.resolver.LDAP.connectionStrategy=%{idp.authn.LDAP.connectionStrate
idp.attribute.resolver.LDAP.baseDN=%{idp.authn.LDAP.baseDN:undefined}
idp.attribute.resolver.LDAP.bindDN=%{idp.authn.LDAP.bindDN:undefined}
idp.attribute.resolver.LDAP.useStartTLS=%{idp.authn.LDAP.useStartTLS:true}
+idp.attribute.resolver.LDAP.startTLSTimeout=%{idp.authn.LDAP.startTLSTimeout:PT3S}
idp.attribute.resolver.LDAP.trustCertificates=%{idp.authn.LDAP.trustCertificates:undefined}
idp.attribute.resolver.LDAP.searchFilter=(uid=$resolutionContext.principal)
diff --git a/conf/logback.xml b/conf/logback.xml
index bf38b44..034886f 100644
--- a/conf/logback.xml
+++ b/conf/logback.xml
@@ -48,16 +48,17 @@
<logger name="org.ldaptive" level="${idp.loglevel.ldap}"/>
<!-- Logs embedded HTTP client messages -->
- <logger name="org.apache.http" level="${idp.loglevel.httpclient}"/>
+ <logger name="org.apache.hc" level="${idp.loglevel.httpclient}"/>
<!-- Logs inbound and outbound protocols messages at DEBUG level -->
<logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages}" />
<!-- Logs unencrypted SAML at DEBUG level -->
<logger name="org.opensaml.saml.saml2.encryption.Encrypter" level="${idp.loglevel.encryption}" />
+ <logger name="org.opensaml.saml.saml2.encryption.Decrypter" level="${idp.loglevel.encryption}" />
<!-- Logs system properties during startup at DEBUG level -->
- <logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props}" />
+ <logger name="net.shibboleth.idp.admin.impl.LogImplementationDetails" level="${idp.loglevel.props}" />
<!-- Especially chatty. -->
<logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec}" />
@@ -155,6 +156,8 @@
<suffixPattern>[%thread] %logger %msg</suffixPattern>
</appender>
+ <!-- Top level loggers. -->
+
<logger name="Shibboleth-Audit" level="ALL">
<appender-ref ref="${idp.audit.appender:-IDP_AUDIT}"/>
</logger>
@@ -172,4 +175,22 @@
<appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
</root>
+ <!-- Example routing Password flow auditing to separate location (extend to other flows as needed). -->
+
+ <!--
+ <appender name="IDP_PASSWORD_AUDIT" class="ch.qos.logback.core.FileAppender">
+ <File>${idp.logfiles}/idp-password-audit.log</File>
+
+
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <logger name="Shibboleth-Audit.Password" level="ALL" additivity="false">
+ <appender-ref ref="IDP_PASSWORD_AUDIT"/>
+ </logger>
+ -->
+
</configuration>
diff --git a/conf/logback.xml.dist b/conf/logback.xml.dist
index 730f583..0124fce 100644
--- a/conf/logback.xml.dist
+++ b/conf/logback.xml.dist
@@ -48,16 +48,17 @@
<logger name="org.ldaptive" level="${idp.loglevel.ldap}"/>
<!-- Logs embedded HTTP client messages -->
- <logger name="org.apache.http" level="${idp.loglevel.httpclient}"/>
+ <logger name="org.apache.hc" level="${idp.loglevel.httpclient}"/>
<!-- Logs inbound and outbound protocols messages at DEBUG level -->
<logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages}" />
<!-- Logs unencrypted SAML at DEBUG level -->
<logger name="org.opensaml.saml.saml2.encryption.Encrypter" level="${idp.loglevel.encryption}" />
+ <logger name="org.opensaml.saml.saml2.encryption.Decrypter" level="${idp.loglevel.encryption}" />
<!-- Logs system properties during startup at DEBUG level -->
- <logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props}" />
+ <logger name="net.shibboleth.idp.admin.impl.LogImplementationDetails" level="${idp.loglevel.props}" />
<!-- Especially chatty. -->
<logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec}" />
@@ -171,6 +172,8 @@
<suffixPattern>[%thread] %logger %msg</suffixPattern>
</appender>
+ <!-- Top level loggers. -->
+
<logger name="Shibboleth-Audit" level="ALL">
<appender-ref ref="${idp.audit.appender:-IDP_AUDIT}"/>
</logger>
@@ -188,4 +191,26 @@
<appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
</root>
+ <!-- Example routing Password flow auditing to separate location (extend to other flows as needed). -->
+
+ <!--
+ <appender name="IDP_PASSWORD_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <File>${idp.logfiles}/idp-password-audit.log</File>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${idp.logfiles}/idp-password-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+ <maxHistory>${idp.loghistory}</maxHistory>
+ </rollingPolicy>
+
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <logger name="Shibboleth-Audit.Password" level="ALL" additivity="false">
+ <appender-ref ref="IDP_PASSWORD_AUDIT"/>
+ </logger>
+ -->
+
</configuration>
diff --git a/conf/logback.xml.tmp3 b/conf/logback.xml.tmp3
index 4674e93..989cf30 100644
--- a/conf/logback.xml.tmp3
+++ b/conf/logback.xml.tmp3
@@ -48,16 +48,17 @@
<logger name="org.ldaptive" level="${idp.loglevel.ldap}"/>
<!-- Logs embedded HTTP client messages -->
- <logger name="org.apache.http" level="${idp.loglevel.httpclient}"/>
+ <logger name="org.apache.hc" level="${idp.loglevel.httpclient}"/>
<!-- Logs inbound and outbound protocols messages at DEBUG level -->
<logger name="PROTOCOL_MESSAGE" level="${idp.loglevel.messages}" />
<!-- Logs unencrypted SAML at DEBUG level -->
<logger name="org.opensaml.saml.saml2.encryption.Encrypter" level="${idp.loglevel.encryption}" />
+ <logger name="org.opensaml.saml.saml2.encryption.Decrypter" level="${idp.loglevel.encryption}" />
<!-- Logs system properties during startup at DEBUG level -->
- <logger name="net.shibboleth.idp.log.LogbackLoggingService" level="${idp.loglevel.props}" />
+ <logger name="net.shibboleth.idp.admin.impl.LogImplementationDetails" level="${idp.loglevel.props}" />
<!-- Especially chatty. -->
<logger name="org.apache.xml.security" level="${idp.loglevel.xmlsec}" />
@@ -171,6 +172,8 @@
<suffixPattern>[%thread] %logger %msg</suffixPattern>
</appender>
+ <!-- Top level loggers. -->
+
<logger name="Shibboleth-Audit" level="ALL">
<appender-ref ref="${idp.audit.appender:-IDP_AUDIT}"/>
</logger>
@@ -188,4 +191,26 @@
<appender-ref ref="${idp.warn.appender:-IDP_WARN}" />
</root>
+ <!-- Example routing Password flow auditing to separate location (extend to other flows as needed). -->
+
+ <!--
+ <appender name="IDP_PASSWORD_AUDIT" class="ch.qos.logback.core.rolling.RollingFileAppender">
+ <File>${idp.logfiles}/idp-password-audit.log</File>
+
+ <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
+ <fileNamePattern>${idp.logfiles}/idp-password-audit-%d{yyyy-MM-dd}.log.gz</fileNamePattern>
+ <maxHistory>${idp.loghistory}</maxHistory>
+ </rollingPolicy>
+
+ <encoder class="ch.qos.logback.classic.encoder.PatternLayoutEncoder">
+ <charset>UTF-8</charset>
+ <Pattern>%msg%n</Pattern>
+ </encoder>
+ </appender>
+
+ <logger name="Shibboleth-Audit.Password" level="ALL" additivity="false">
+ <appender-ref ref="IDP_PASSWORD_AUDIT"/>
+ </logger>
+ -->
+
</configuration>
diff --git a/conf/relying-party.xml b/conf/relying-party.xml
index 439e7f1..26c6c17 100644
--- a/conf/relying-party.xml
+++ b/conf/relying-party.xml
@@ -27,24 +27,29 @@
</property>
</bean>
- <!-- Default configuration, with default settings applied for all profiles. -->
+ <!--
+ Default configuration, with default settings applied for all profiles.
+
+ Take care with any defaults you apply at this level because you will have to create
+ overrides or apply metadata tags for every single SP that requires a different setting.
+ Changed defaults should be things you really do want to apply to nearly every SP.
+ -->
<bean id="shibboleth.DefaultRelyingParty" parent="RelyingParty">
<property name="profileConfigurations">
<list>
<!-- SAML 1.1 and SAML 2.0 AttributeQuery are disabled by default. -->
<!--
- <bean parent="Shibboleth.SSO" />
+ <ref bean="Shibboleth.SSO" />
<ref bean="SAML1.AttributeQuery" />
<ref bean="SAML1.ArtifactResolution" />
-->
- <bean parent="SAML2.SSO" />
+ <ref bean="SAML2.SSO" />
<ref bean="SAML2.ECP" />
<ref bean="SAML2.Logout" />
<!--
<ref bean="SAML2.AttributeQuery" />
-->
<ref bean="SAML2.ArtifactResolution" />
- <ref bean="Liberty.SSOS" />
</list>
</property>
</bean>
diff --git a/conf/saml-nameid.properties b/conf/saml-nameid.properties
index 7169c5e..08b66c5 100644
--- a/conf/saml-nameid.properties
+++ b/conf/saml-nameid.properties
@@ -25,7 +25,7 @@ idp.persistentId.encoding = BASE32
#idp.persistentId.generator = shibboleth.ComputedPersistentIdGenerator
# For basic use, set this to a JDBC DataSource bean name:
#idp.persistentId.dataSource = PersistentIdDataSource
-# For advanced use, set to a bean inherited from shibboleth.JDBCPersistentIdStore
-#idp.persistentId.store = MyPersistentIdStore
+# Controls which JDBC error codes are treated as retryable
+#idp.persistentId.retryableErrors = 23000,23505
# Set to an empty property to skip hash-based generation of first stored ID
#idp.persistentId.computed = shibboleth.ComputedPersistentIdGenerator
diff --git a/conf/services.properties b/conf/services.properties
index 8150d3a..6e507a2 100644
--- a/conf/services.properties
+++ b/conf/services.properties
@@ -70,13 +70,3 @@ idp.service.managedBean.checkInterval = PT15M
#idp.httpclient.socketTimeout = PT1M
#idp.httpclient.maxConnectionsTotal = 100
#idp.httpclient.maxConnectionsPerRoute = 100
-
-# These are deprecated properties that configure the old caching HttpClient
-# beans that are no longer supported. If you want to manually configure
-# the caching clients, you should define the beans yourself and if desired
-# rely on properties of your own devising.
-#idp.httpclient.memorycaching.maxCacheEntries = 50
-#idp.httpclient.memorycaching.maxCacheEntrySize = 1048576
-#idp.httpclient.filecaching.maxCacheEntries = 100
-#idp.httpclient.filecaching.maxCacheEntrySize = 10485760
-idp.httpclient.filecaching.cacheDirectory = %{idp.home}/tmp/httpClientCache
\ No newline at end of file
diff --git a/credentials/beta1-keys b/credentials/beta1-keys
new file mode 100644
index 0000000..1767e17
--- /dev/null
+++ b/credentials/beta1-keys
@@ -0,0 +1,100 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBE56gwwBEADI6Y7tBIdYr8t0zfHU2hRbD7GfuanIkn4Fhf/CZ7ICN+SfA/XP
+JAx3HDRkM/nc65U2mKG7vG3zlNOcKgeFoCwqhlLc4sSGP6DDoPYKtZOLEHwA/sIy
+Lldw3re5KbCFIElnbBW/0av15IGHXgyylmG24jhlY/ufjLd53Qm4agxv51kdYdgH
+cI0djzLqvMWTabWhw8QtmitPZSKdqOwTqkIt6bYAdOvc9r5bvAzemw6IO01L9aX7
+/yFIVJAYySL/UpbEtLcl3B/qXUXwhiq2bAUtvdmV+35FSMrAgfD25bYv+dVoJdtX
+Gb4tQcPteSRDIQYswT+bilEtGOOu9vqLvko3hSHOK2Yqc8SufDakrOlCWO1R00Sw
+QHGSkPKgA5O3RpOz3qbuPN6sDt/7FgqyzB6VqF9445bTqWDfIihXEAFr97gf28Xg
+ngAn2Tp8ZZ6zTzYWv3/GGvCedCcrHrIG/nKf0Z0/1q9Uf8P7crv2udGuZjs3bMtY
+RQNKzki/wKRuGnZ7HjgOEDIe8E+QMs+568i5vYqdaNrmCxUodRFjwkZ/0aRuHzxo
+JNQaB/r2Ckj5X/yEX6f45D0hiwBmIFz2+VUnis7RAPelcUl1X/kT4p/3gvKSsFE0
+Ti7JWCY9e+ntnzcsb4ywisFen9tQQPP4G++qnhGyApz323LfDVPJkFWWJwARAQAB
+tB9TY290dCBDYW50b3IgPGNhbnRvci4yQG9zdS5lZHU+iEYEEBECAAYFAk6DTO8A
+CgkQ70D8KeoogrukNwCdGX5zZOsC44CjV2AopI8KoMFJto4AoMH+qA35GIBUkEt8
+IoRVFs1rp3TGiEYEEBEKAAYFAk6ApGIACgkQpXtW80eQXRUgxwCePIV9LehYh+Ji
+o8mtQ74I/NWvfDQAoLmXTfmKAganE+r/FcCcwykzj70ViQEcBBABAgAGBQJOfS4a
+AAoJEH8LUwap169VyrAH/1lrWiCJarm8eFLNlajcDt5TR5ZpanZVUbuzAp9Jk8Xt
+BkCMssnuzcqqSbGmq3P6CuaSTx0BybBOhRgC+UCb/DCS0TGomJYUTcG7e7MyJZC4
+ocarORGURABk1UK/fkgEBn+9o2jdDlf7bm7JHlZJ8huLjiAq5fapzp5WhTUAcreH
+jYieTS5umt01yxFatxhqiTbNXzs1c7Hc19rW4cTLREm6YQUNwTIxqJ2hHyDfU13e
+phowv1DpoAwLXdHAsNy/C8RKRlr0Qc4snihVkGevLNWatYK4HP6M0tEvGX9CpnTX
+pOsLZkfp96RMtE2TEvMEEA0HVoZPE7/kCyYR5DForeqJARwEEAECAAYFAlQtSU8A
+CgkQWcpz+XPnY1H5dQgA4p+myZvcKjMAfhgvQZtEeqeSloZIcyYF1NyWJp0WAUUK
+pZKdYYauaxPVd9l+iqz0dBlVotx5CHuymbqnj6JiX55kfKsbClWcDUs0wE6NGH3m
+evosr55/17u01yFGw2KhbevdpgO5i+rNAliFe5LkZ+50CEzWcO0Io2ZhXy+qYpcz
+Oy71ezwstgTJG2guH5BpbcIKku75dauPkD106wmSSswA+D95nXiJ5CFSdK3c4+Q2
+GDbXoIxJtKECb0c6tsjhU1TSPgc/XeeWqAaH/z4u8S5QlQCrMYHOMmvi8ExIrZG3
+3ba8qvB4RhSMKq+5GeJ3Gsgytp/Kc7UnVo09XFYkYokCHAQQAQIABgUCToOQYAAK
+CRCagE6X1wecd5lDD/9ChSLSg/WWnsyNsUoai8KIJBTWoTRgQMemSQPHCP/KgYrf
+KU4Z3fat6DPdO6hXgA/tkXt5m+shexUHmnZvwUvgiQEmL39xdQl1n5zL/QJ3u+K9
+3jycQFM1m8c2TIrKMVbz8VwTYjLKUkhv1pxXZadmAap84ynyT+UpzN/M1ppXcUVV
+jXlDVDuF5JSICh/zn93EA6hbSLWPt2ZE0QpEciZ7S/vVC/4nvXhz3m6ODV3zeshr
+m5V8P8R4Fsmf1a9FY7s49jKWG7Ike6u29DYIkv39FQveYixo3FMfB5d8q4uzJigi
+RAvsekMgYOlnmM8yu9JJ4//zCBj81Q2teFixUrTQON369X3bnEOt0Djqk0QXgXCU
+vhYUdmAa6s/EZgngxeV5axDbW3vQa9Mki3UWsXnlpi4clx/nH7xWKcba27WkImDl
+v3g4n2SbUFj/GOCc3DFp+qmWwFV8yMs300zSPbAqr+CXO0GAitoqpmhxCLmiauaG
+ImnWqt051YWFG0hjaQLKhfjzXfsVuyEDD870RMXqnkS4oQd35OOy1OFbqgghxtJX
+o8oCL2fRwvlREv0ko7X6rpCxPhiyy6LFoHRt+4X0G5h2/LbGjIV4oPi436pJyozb
+83kCh5yGP1oh+GrKFfgTHxakp3MTNXzil8a+9aTyQRlARIevaFlGrKSR0umqaokC
+HAQQAQIABgUCTpRR2wAKCRCgs8sJ0rNzUwVbD/4ufRZKllrocevu/7MEiNPyBYo1
+xOHhBjXXBKZqZmYUnoWmcp8mxAGdLDmHrKFni4v6mv9eHOcNkljKF1Heei9qbKsF
+9UkeSlCNzELzRoQJ2wjP7enW80QoEWcAN7P3SBRwVE1XF3zBo5mwN/RXBGy7xy/6
+6Yy378uunCwnPyZabNTWrMhOIAw3Qhd2fMCoDt86sVm9x8CfQzJI8YPJOFSwbSuX
+YMkfx/Va9sO5A9LDaX79abafHAHiwJBiGeu8W7VwJYh5acr/lTUQbUW8Hlco5IKz
+3Rjd8t7qfCWpcALR2pOPYJaii97lEonrtT9Hx+iL9gma9PN1D80ty7bMYYtOdMsk
+udH8XD0FBKEi0ViT83lzl2Wz3T/2INdJsuHLhLMo+R2wrE9M4jLsp6P4qRJ3NVpj
+DkNe3CXwVQgQ6Q+EjtXGb541MvZY1442pHPE7c6eTDIgw5P7LpH0Jcim/iXQdpPW
+apdLB1zxntmCRyYyDYhd0KNvWNDRsr+PAE2XK82KD8fF2r3m8eULm4buGA8tf2sq
+uQ5K2okLlZT1NLIXmgThSDgSBjy/iFUz95AmtYdy2eqT5oRgXAsJDKMCl+nO5/1s
+IRA1sRHaXCnPczQkiXhKidiVOuRpkThx3mMxYhIV2wYCG/pEpoeCHkuUMiBDSRpG
+DaxucQQJR9r83xK5JIkCHAQTAQIABgUCTnvvowAKCRD6QbX3MKI2LppVEACA4l4N
+BK1m38ziJZ0IBlWBKgXi4v0LK0jv1WrsrQzLWijoHSaLMt9wzbXjDyAlugxq+8Gf
+PXr3bmV5Zyo6MeJiybLzQCXzbsPhpN3iT7tRAnU5EX7Qef390oWHB9GSTr2jE8yw
+3dmx3UGFuP4ELmHIyxYvWSdSjGTPROVONRruR6/yVCrzy/51VPY4vw59Iv+JxbjY
+5iE00TNtaXNcH2M9K7xnwrjSAGE4cViHpV12gqRdD94X8F/xKCxPD+kJCaAIKD2u
+fGcdanabU6lM+UyrscNvnpXjDUFHdldE245yfdBgbm8RLWzJJKz9ETz/rYto+A6F
+NZPRocbaeSv0A1J6v5MkmqNVISORxyCznhu+30s2Knw2Mn02quM/CxadxrrN/3ZW
+Gcat29R3KG7OF9qEMV+5NJ84MHNqmUdCYSjdKrh4VGZcvA/+KrxDdlKmuk5Lj5Qt
+b3QAv0ql6cUEEJ+ekunzQmW8UHz4XOwJ5r3OI1wuGdPShK6ItLls2W3Hxu3vDRFW
+2trbj5/GHn67aJCRqkLtxRpgN4o9YPvC8kdj8WO/iMw10w7OfprEA8S1CjnOwkZw
+Q6Mqr+JZZk/MKFHAeywIiLE1i1VPel2s4o7NXaaFthoFR33RIW3LMGFUsyfqyL/t
+RGzDG3fso5VOy/4fiGulJ8YrWW9KjXGudQIb3IkCNwQTAQoAIQUCTnqDDAIbAwUL
+CQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRA3i4RUAid5Yun8D/9dC3GDJEIVzg3j
+tvkJD08TNVTMUwSQozN2V+WaQgglKJSboR5ajZY6SVMeqtlT+1LzcdU9c3lpQq0n
+B1GZ8WkugYdFk8/0njXTI9Tw1i2Xhp/hKJEUzUkcx1NlyYHZ1EQjW/KVnq0rhPAb
+qDDlyET/qo/38SrzZqOauMye8uT+aqUElF8W3U7l4t4C7ollnwychRrOaOJjSAwL
+tK1WJIneDqLxzDv+bVmoZL+7Vw7iry4xwYovZ+7CpaZsicTJMYvo/CXG2qhyrvJ0
+DcxEIdhk0KiPkiP7Nd3b52vA4Z30yjfwqkoC1XlpzeD4v7il+L6HdcOigl4PDr85
+Uhoo//5SB654tmTL2a32w8GnCK/b8ySu6XwlUISiUABKGerycBeThz65c8Ud67Hi
+P9QDK7+sEpqANxuX1IfwhCAnvdDKc96Y8kO8aC4pfO/bTFhhkyARMW98CVyP4XCy
+wPXQQ75w5ekS/wecgKzYk/4S4aH1vErtDeY3WF5IDNTAOau747vgbf8nz0gxBwWg
+Kdlwh11zslKV1fLPML7tiVyT2id2pGGOO3gUJ5Bu4LeUkLndQZeERZwWcd0IhDsE
+JWIazg0lbEWCLtW7Cf/B0/X6MT9wq8aq64UMksnOU6iI91ZkH3mj2I8Ty+nl+ZXU
+t1cVgj+AyYdyHIWLHfZkQLvkH5oJ5rkCDQROeoMMARAAtzb8+leM9ELMiTgwb4EG
+KwY7wNt6mWOcrlvwp+mnGN4VPJa0ftDn/kFyPxtFkg4oVlHlmPUGk5RukRrl9K3q
+zHMuWa+NqhjM69Fw9hZlvCcL0bqqq/CKB0GyJX/bn2V/WRgAuVQAL8P4fAQ/t8Sf
+80lTTQ40ImE6F//n52AFsK0S5+gG71iCANY6DuMz4GUPbwTV1FKZqaYVdiz4Erxd
+/qaurPDcgcaqtiSQnOf6qrYIX/LZqwQrpEmruj8l5xP1N8eTLtx0iW/mB0AXYyH2
+eXmtclHTYHjvoPgZajSO2obnLdDngqJ5zHZXkCX4RLFgCq/3A4NvxLOtVDYyiID3
+HcQ167aDbpjMHetleUKXMWIA4/6o+WZs9bhbgf6xDa73Qqug8RP4VX7FBrEe2s0x
+cc9d15YbA8rGrq4jvGB3hUEw/tK/3uVuft+mRrHqNFEjKs49MKTc8vu4CyxQN21O
+6dfrp/84MD93VjQUkYUrL2zxbJcBvQTA5SuE0mqBR/e8IH8UBYmuM4nWdUuHNTsw
+KqzRsAqdPfZ1bNnfo9empNFEl2me2IXhNgiBpbpGEFWY02bEXdtCId/hpMNhE3y6
+pxJwTtxqj1Kw+u32qcL0lswz5tCF0CrW5ha9UDzO5xH3kY19/NXUnb2WFNqViy02
+KwpbHG5jQcQ206Amwo/Fun0AEQEAAYkCHwQYAQoACQUCTnqDDAIbDAAKCRA3i4RU
+Aid5YjyED/9vz1JX0q4TEFVxzgla8BbhVwlaXoOmbJcOxw8ne2qO3NZ+ecnoWS0d
+DRe1AJLcaAgC2hwpDpZ3Or5bCpQSUBlwdA/rxOMJom7GKYO9oGp54V+cjNlzJpb1
+1cKuYzj6HdmVGKbzo65G8tYUK0fDTsjWWU4Mh7HAztZH9Umh0e9103DfkGf2uS8e
+A8WVc2sBwCtlfJTilyJ7LxVO+vfodb9RKTPx0PGbQBNbFaxmK64Sz4xjVUTZiHn9
+j329rTDv7yzQuCiO+CWSy7Ti789bRcUgPWv2bbg4UlTPn40OIfAUb/s1P39J3lID
+g4GstZcBjGNTa5o65tF3m0+s2mDbDAToGqzqv0fHE6iDDvctudFZoUbgJ/5DSqsA
+5Xe5VCRRvwR3S9t7OJS4eQdxDYWxgPGhoovNdzPePTbdIfkWBw+Wwokj0rsAUKfx
+7jXZtjYXfG6NJdEHqGQLYeW23kMmxIdoY1jjWOEJwdD0q8p7M2aum9Ncjn1sW/RU
+PPLu+U3rtjc6fhf4VWpvp6NVp7a8/6cgSTZL4eavYIOuXDCa44KsnGhWpPBOJNeZ
+WvCkgGNCUbzArnre3iDTnf6iJ1aMrXToN838IV2svifkAvEnMkhYfjUgDIFOMOrs
+fLhRULAR6zzyXiJiznT6rjlxlixsKazyy9dLC3qlwC4pCIpol0QKbQ==
+=96Mf
+-----END PGP PUBLIC KEY BLOCK-----
+
diff --git a/credentials/idp-backchannel.crt b/credentials/idp-backchannel.crt
index a4d86af..d42aba2 100644
--- a/credentials/idp-backchannel.crt
+++ b/credentials/idp-backchannel.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJzCCAo+gAwIBAgIUEtJU0oOkMid5473At++VFGAbX3gwDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIxMDMyNDE1NTQyNFoX
-DTQxMDMyNDE1NTQyNFowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAq+6x7Ay8s9vl/r+trvJMbwdXiFxH
-PwQeJ/Oof48EWuP61zluBENhk9E5rdf2zlCxkfiB78G8YFZh9ZjcWkIR63xIO9YA
-+NuQg+WOPu8fvegcly0ulg2dRXvi0b7q/FsK1MtKcxRECpTNu2DD6K5oHkjf/nmp
-nJIlAxvYyP0aqwEy+qq1NFC+WTjoFP7ZyKt+oSz08ONV2v/1dNRwcjfgc8MJcoq0
-Nw56mGZ2LlTidXP8lQBpsQ6/gJvdnVv/B4q8fVS3zpFgokkyQM6eW1ZpGjPY9K1A
-paLcAio+MCoPbRJwAlI+5tdgKMMvz+xq4RN0e68IIZS4IgmkVem52uJcfUiX297F
-Ar1QdH4NZvijir2Wt4xYMxpThsV6n7F88wWzJj/D5bErZeIWG+DWJq2FZ7rqq3Oc
-tz22TH3iBkYrSvFG5nwyHQJaptDDMm6OpWTfmcjh9jT9H6mz4BdBln2uJUswVNGG
-bR9w9OcXqYN6X8bll9Q9XcVZh2uBgPB3NWGzAgMBAAGjZTBjMB0GA1UdDgQWBBTc
-BIECuv3b1y5K9FBK2zKFc2j4HzBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
+MIIEJzCCAo+gAwIBAgIUZZ1ALRCNTEGZYSBsigxOeq+v1C8wDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIzMDkxNDE4NDczOFoX
+DTQzMDkxNDE4NDczOFowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
+BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAmYDThO5zYOJ9ZHwIXdr9NoifSnYZ
+QpSJzwYr8dX+DxOyL3gWs2N+z5PnZJlBuxtCKKvgmJGT0uomKj+PFD1OSgSz5gv9
+LwBJxGIzqQpiXyYX2Lol1CYlBno+p2oqM4eGadjMp9doHxRH+sbVzn6+5pjC6zIE
+dYLZ4oGdWZrel9JcjRXTuYzPMKrnioQd6bWS5UJDtXuPxAODP9t7R7e6RSEREoMe
+eJ/jO0M92383l99wB3OkkdjJpvzFnJLHuOG1h22ObhWIqUCyjBpN1W3jmGfkonfX
+j2IVqjXerP9RWUP6yE5GH/m4dTlmoy1nMkwE+kkYD8CLNsjnV1ztqjR6gFdaQTuH
+i2mKwvC0wh9gh/tqkYju7FtjT8mMgQh1rv2g6qtinM5aP6XLsUN9X+NTR2bhpP4N
+Rx32uBnwVPjUTuSXSUgNdnf4kT++UT/waznAjYB6pYUvqix0re6hhrTrOvkWSLSR
+KIrSxtR88oL+t+DgPfbYTYI4FypPUXr0TNhvAgMBAAGjZTBjMB0GA1UdDgQWBBSY
+fAaupAgeAd0fKfSj8Xzx4+cVajBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQAQsx5PLHRi8+WjBTSW6RiNiSRFTpNKPdFzoKDhpaCVSlrpjgzp
-0qD7QorlKPVJNUhl56Fs2S6oWy6e7lb1eBPBAfCNqTalFJNnDdMvZh02FCecbE87
-6Wv7JcD5kA+f6HUDwmaB15fabheSE3YMGQFtaEidmd/jd23CaDL5RNeHUoKS6JHC
-yNsUlZ+R0Cq2ia2wLhW2Z2CYpNh9JM/LOmcTslOgmThNeCnrMIikWSTLQ4C3H9/R
-/iN8NaQhKn4vcYTwEqiaVFQbIU2mQQLT+YK63L4S4S339IsjZiqGEw8DKBnfjL7b
-D1snXa+G6MiQJNcuChuvGfGSlXCSFjtUr9vivzHeGW2h+6uStzTuZ7t5NhQMRTFD
-qT+gyCR/bzsEUh1Lj3J2mFPM/cUSlhH3H0TJcVT9GZUzFNAP0qbaFs9PxXH2gpDI
-XrshYcEiXlj+dsSUNhaCqYibPwkHrRBIAqoDGdMFI+Y5SePVo4ksA55m0gPeY+FM
-mUbCNQngUzNlYPU=
+DQEBCwUAA4IBgQBfVjToMenwC4TUFk/cHv0/AfblQLKA+qeJNxZVAleKbkfAncqD
+q7PTWFGSTX4z0jfR/STUArVLlmKN15PRS7D/b/7SbXvWPP0cMIc/JOqZCSO4MC1T
+sRy94BNUKmifY0WzR4i03XwAkl3MKZ7Y1dj8xDAe6a0owLszyZfECjrOwgEoe1Gd
+RLJ66EtweqrOyjfyIy0r2VRE4HIE1jaKMyTZHTKksM8vaJVMUjm3czymDPOBikKY
+rvCGmQdh8QH/8kOIAlgKiMnoAYX5WjNa4Ai7om+gpTBACfBj32n/nDWhTlxwJ3nZ
+6R8dxYBFiAo4WOzcSbY0ig/sFyzPRhdvs2SivJYyxSl8tloXYzMUAdPmlVA03NYq
+7j8R8heok2y508RH/v/OqqXKm0JCT5OeL9TwGXMt81sIdTINU1GVEXa8aeHE6T/6
+fe5APorQU5n5RNEeC5dVODD92cF2JSk/fi73I1phtexF027d58CTzPpUJteQ9VRH
+JysbXuA3viPdblE=
-----END CERTIFICATE-----
diff --git a/credentials/idp-backchannel.p12 b/credentials/idp-backchannel.p12
index 9e30c3da6a4bbef31a0e7c20f460929c8952461d..b5501a98d8c84af93aa956e38de3e209e172c779 100644
GIT binary patch
literal 3530
zcma)9S5y;<vQ0vXlwhcWbc3P+ArYjBAVrB3MF=3hb3m#HNQXpPfP}7q^s1E55x77A
z3DS#7?+DVX6hpnf_1-#Xy{~&eX3fl=*|X+r_8J5h(g6ZeA+QiPS~_?bD(naX1Ov0M
z5KC$-#Pknrh`?R~{J#=-ml_M+L}0<Ie{6}C;s02S^gvJ+799Ks^henJ&7grG3=uN_
zq>Km=YPNBLL+IE~`{{XX;t1@8RIx~z=L-->7zzRkAQ)*c{qIB&9Ss1%OG{@Fh637B
zQ3K)BP)u8i!QfF_(!7{{;?eW`vp<VKwQIPC5_)+{;TIn3`_~=pGjB?7MX+aH)c<O-
z9vjm7;v#sC(vmnIDBBqur0d&?M3)Ww%M>^jpHsxjZK%@s0xQYvoFo2mr5=yJyxK8j
z!`5qTrk^i&4c|#2pMGLb-A2TEFT<w;+w(2)NwyR1(gND@ED;s*L{sNZp$N6nR4cYI
zwh5~&x!Wx(r2#@uTYTvjVK;VydAQS)o?hi8UhHwQ?3U%{iRp2S8Ws8oQC<m2RHp}>
z1)r+;(E_BLhASTRmc$cwOKhM88sld{%n^OnpV~!pUu_*mW_ed9k2Ks%hISGY_dm=*
zY()Y%QmB_E%Rg>#SO22o2=`EPh(EqLf+pRY8e2K))5MhNSLs5;BeR=qnSBFFENc)^
zLJpg%!13=3O=<<xz2RJUnI11-Aa|<7av)p2U66MD5v)-prQw=K4%x*>RFqbGabc0a
zarCe<y|O43tzcA9@gVjc?D<tuyZOdUa<N|%l$(5LoxQ3%OQxmmSbvYW<s}=0*FW=G
z`VGx}|2d|l26W8qx=3>HRk8q3da*vI>!XiARj_CfhOf@O$opL^U$Xq2PtUPLtaj<k
zHJAz4Ml=U5H%f_#{S*_XLe-&@NA(eu8dPMbgX<4-mmNJZEsLwpX!ah9+>}elfj1!9
zbFvWl)B(zCpw5KSDLEOT+n|0Zj^hW!R>Ro^1G@<bCxRIaV6n>l-TggXJ=UEkea3&y
zHHR|T9c#k7!?i(=VrLPETNkr0l$qO7V}0_Vws5y1XC}KUoXH5K<m>IIC)`Hn@I#8H
z4mk<W?nD{#1u*uRs`fqOPlaePJ%0Q0%;2?MgaF0Xn7)W-ed*yNVkV3HcnUaZk-9@s
zTj!E%9?S0(YS9-@K)Id6s&s2HKsBR<Aq|)yIiRU(X)ey{rdyb$QB1Gse8P}8<n4Zy
zB+*TAaB$kDX(hkBv?s2p&)oROQV7^7*_S04;;C7ZE?tk(JE;rK*l;}z#g>X@W)h5}
zp7<!dog>=*&P(9+EHg}Q4)gSNrDQYlEhI#{af@8DXoBDHSp`3ppSu~?Fn4T*&eP9f
zL_aU{I)E68-hXwfsC8wXY*wU)SAkkn@vOu}4zxjR2w4!yy&k!WPB!6D=Skk<-d{qI
z^xYHhhgj3T(-?U(3^&*hZGI_D2E42O30Lqnp;?D|;daD><Tsd}Twl1(WH9G@S+iqP
zKGf9{{P7z`76iH-AylNTLD~#&CJ}&YCI;P^=D*MNEPI>t$}v3bGq?sNIH1?ECqn>N
zh`--=AwT;xAWbUqHs|hF!_9b9;0LvvCeCIpA#nik(~~c;{ZGV84k?R*X%1C*HCcIW
zEnXjt25lfOEP6&IZ?SZ|0Id8lBnd!YBoW1^=l^u2<>CMeznrHUK5P+EikBosFH@8=
zp7oMbro?1%r%Z;|t4yaT_ihPgkY>NRPQig8Ye4-78!Rdms9af&*I}EO^c4OOu-28h
z0A;Ngd?bX)k?Ks{88$a-@|*bFDUx<sW=f|9zw~)4X_(yCL6%lGcO2Q030;H#l#=i;
zp-R=jflqz}0?Nop{qUdSWR=z}OrXWThIyJ4+3^n?>Q?6E^O>IIJ4E82iSsY4^+?vN
z4Q=gSezixFMtUpQU{ZB=l7}Hl;TD)a^LdqlTw`DP7@NSjvjqo<PV{lgQ-rH(<(!nV
z=vmJa`h`Hb1R?!dpG9u5(Y-yXuSdEP>UC|r$>W~Jwr{hY;})w2{5Ba<K`ROzdqK7}
zf;4yi@_H(>5<RE*4O)jGu5fIByt74e=iJet^;)J4Us4x|%?X%b@fAHx8#+Ioat1y?
z=!X^vZ?drpCxurir)_d!#E0j%S*;BW7i4M#6?R*wE`*vc@LnhSG0hUEoFyl^`d5?e
z>2OIRmRy(*53Z{}%u^8PkTae|ZPk5eSxCdxVV|1EJb1HfedEnkC|5kl%u+2GYNaHS
z5C1DemXSe6m-bd|>>zp~NP1^krx<oPM|$J9ESS&bza0`5iz*oU$;2f=)X*I+I6+Md
z<`AFTej76F=En%mdMaCoYBq+}8{BQVrua~AR8fO6AHO3RZW=$ivta`@4OjVE^DKL$
zM9%P#b?^{Bf77^2tH!@t>|>@CZg{Q8@WK!R!8AIDmqM*R-FKmGM|Ckr-51U9{8bxe
zW-vw%sx`|!E6ydJFSXuI`J%!)6T<mMhH+n?s;IXME@peSG;Q>z{8nU*Vt&%Tvwr_T
z+<+d+i4Z)xcyR7U^E^VI@*S)`GnA{EKkMspjnw6G+dI0&H><X)i7f_few_5d{nE5Y
zCNap!n-v}VE1bFlQFT?f(ydk53JhKSaro_O@Px2lPh-KU_VN$cMx=-(%vK{j-pZac
z{A&CM?pQ~p4&wITa!bdC6yW0nH~?$_ZU8ZWEx;RK32^=sJN=2p0ImRcz+VW#f7;oR
zY}71h2WMLWq?D|rG*bG`T^VU<BmztG?C&NpZ5EbB`46N30s{Ux>3=G~|0Mj>cG7|J
z!v2qTzt-QKOrL4$r+UQr-w6Nv2572qL0}mvop`tz?8g|4rEWR9tn->`S0`fdi~^eZ
zrC5L7mdn%^d3o#$ImO`x-(x$TD`}jGA31B-_EaZ{2_V$lWq3#KY$dVqvL`aGmep}U
zGN{njdssXh7mM`1&qd>9DHHQ>Upi{+XU~X;I^fo!W%_){T7}{#MO?t68y<VBG9^62
zGPel_*H^eYk<6Oc1DWynD%U=L^A*1nos}iMl5s`FDTn(#Q{!EhdkZ1kE+q;&7X=}W
z70Z~*Ma88cj`fD%`2-ffL?5H}wlj)G$R0*}BF(QB?<rr$XlJ|+ad2QR`}p*7+PQSK
zv30!jsmDxATy97K+dAK?`<FcA8%MNpn^DO|{&iNM=I=iA-N^DG?L^GB`%oT3j<n?t
zde*nlrAbNBKf)!bzg))5`%XJG3&V6|G)<xJ>rSJ7XLUt*@e2%0$6>#?OId6Q!cY_z
zjnc`^MF(~#YA1{*SCn4=*Jr^?jw)xR&-b@PLi2Nu^Ifn%ZlW~H_&R=~yYL0?Ka(<T
zv(ipK)7RV3vx>*T`hbhxkEfSBcHMq6zqn#VoIBwytXQEjVh{bG7vt7W9-r)j`h5R3
zQFsYv-lxOczvb&*@>rkPjz8LKX&BA(Je4EKHy+yiApbH$cPp6)y$Hw^&H44}$!w}9
zKqe3NO|QTU&tc)SZn0BtdYn2rQjSX*@Vc>CT4;D?{B6dCg-s<d2e#buR&8*TzO4TN
z?8D&`zJm!>WK8F9Um3vze}7aVP<N3!m49=9BT42Ex9$F>x+S}5eCJg3L~*Ct-R;R{
z5qc0G^2tfpCiE<bVbv64r(8gOP0j}BcL>_~`IHi5yw^0PSW;(1f_pSZ35fNW2cq#c
zs_KqwBG>Q%-rpC5n6({`sL+zpLagMun87@;(bN3$Nk2!CPN*L&=L$hGK2ZLSxJgmY
zMwMOnkhOpRvd>IH2C>Y2%UxTiN`NzaC;yk`fcl~|AX1T=AR;iR@ES2<$X%jAu}s{e
zpcXXB^8*N+IUCWsdR=zOuR9<a7KJ<KS4_^%JRFz}*tzZ7{1hy#y*p~c>Y%cv5W9J$
z4xNJ<uZ!eMeRz_a)=S!Ef59ZWb-hQkqtY^a+tC0PCP!G_`!*$-+rQt&4N{H{L#(^L
z%Amiza;hbm(;l?lPm3bnlpB!sN?dgeeEx-0l-++0d_%#w)|Bzw==gRa#4<vJiSw+H
zADeSApDrn+>9zC}Ukcx7tcAoklE^Pl6@H5OV3E1v(e96>x9_A{y%e71e%2z&G6Wei
zy(;Iu&QUOR3qpH?*Ts3C{XC-m>*sc-NwD0Bl+bj`P8CDlqZ<05u&9>rZZtOxIeRoF
z6R1pKOhCr+O3F+Dr}oTU#1?})KU1H%N`02oT<w)PE;BfdfhF%DZ?hdG;N`I)QFJXR
z+JIpHTK2lTYHWpEIk5HJ{)BzoE<fFFRx8+<SKDmoH-ZRP&esyza6GPVwv;q^u&tI;
z%Moj=x}9l@b~)%{Woc1R6X;Jq7R=gW;uKasU|wYTRMx2dK}nBfk%~EJPbVW|<vp|t
z65fRLv`Q3nnIHKu>UHA0N?XN{nz*_elE^>;VrF0CQx0mu-~L2X(Y3tQicM^44^0D1
zH>rXWk^>Q12qXgX_kRNd(g3IhY}E_9SBbj4V!UDOD-x3X<x)Xyt99+LlUCk|9_ktz
eYPOH!?;MgCfN$tKnp8NdWVm=<I{N(23H>)*+lcG{
delta 3339
zcmY+FcQhM}8pb1H$4<=}wMRn`K^3Xp5*59~ro^VUYK>?pu~&UxY3*4>Df-o{8PsZN
zY>F?c2(|aPz31F}zH|S0&wI}AInVR&?=ycL9}b3Rh61UmVR-NlS_YX|!`LHcDmtnH
zJa`g>2ao^8qcA*O%l}1mRUkZF#cy2l`wD28{@VgGQUMF_bn3sM3QU@o@qhUDI6nwN
zxxAfb;IY)b^C+<d(ain5tq(8_qz2%+O@EKkBa4Mc0N=v^)4`9X&~OccBT}b8iV4~8
zo*+l@)e%G&!V$+Dn>p<G_VORZT&DYy4C`5&Cce(%D+VOfIt3*xOW57TGTxm4X$Hw|
zGYNri<qxdsk4E4N)PfYuX#Y26J<aN;$ZIAnURnK*d6wSxbFnxd`S{TgaJx5$vMK<k
z%+5j5#tV@$@>UG`)ZC7nzL}?u&7#>H;vKbw%Zl{+>HXUVZgK{pk-0A}y$3E?FxM#C
zS3m1d)j@W8aWP^QUl<s;j$66SxTWikOElgd{|g4Cr59Kk`EeL;yCEI^wmP+H`|%<+
zQg7yOpR@O9#TdsiMTpq&CeAc#h*E|;_{<`0;Zta4DW-K^^U{{3$Wo<JWrX(%GPQ*#
zyg9t59n133H;|ArzTez{auFbC1WcvR^pFirijpu!JvU7ipkexI?hP7YThg5vqwldD
zdBvg35s$$EkS^(I;h+HU;K37(jp&CeS4dV&fOG<QJ?szj#jjnjaGECH8Hv{#85*F}
zAQJ(eqLdA9Y2w{&L_$ptQ(ni7!RY4Yy%^=-X3BEMtdwJ!9s{8<yfmrC?VXzkX+a{8
zf}^1r@@UnX_6aq`R94YrTMu3(W8ofSjy5yyywU>8#&g1BKd;jyGG&KW3i$9&l4X8b
z2aBvdsN%<<`S-hVM>f`LMjs}6lF`FKS*;G}wbX6X4_qhPe!C5YHEhJByaj{sOs?(y
zR)?OAGg^3j<>Y1I?ESn3U@Y2y21$|#S`-<3)}gw7nV&@#Pb&vLS(DPfFdOtFLH_)5
zf_8jCjPzUdtzgWknBz?jXLvzed1x8D9=Yf4@y=x^V1EgRKtFr8{$y?yr9z)p5oZAD
zK#g@u44ma(u}*}DAWBMmv8!nZzEyv6rXMeE2%{UAd!BsSes1xk)43f$TMP|A-kk4E
zzglQTP}4l?bVJXN-t?v1QL%UZQQZ+{kiu(JG)NR`r{O18U}{<dzf3B_y6l$M<zEMu
z66M3A9s_Zea%Z9!Ax+-|H@u9j7=$>g6OkTZ$cZyE_A$hGV8E%%Ze(Vr%e9|1IFC)(
z<;s%Iwo3#0L8W`}y<WQ}(`UxKlbZWjo6xo?*&6o3wuOArH>CO=d{eb7Tk{`&@t#xU
zN3HK`+k5#orYDg>a52$t1~Uksm`?mbi1$O$J7%~U>=(y|P?X$#sdx?1%){r|zOuG}
z9!`z;+T7Q<oT$^0(m${JZMGG0@0&JpXoR1|4-<p5x?+%NBJ6(l#s&K6XWhE3fBLrc
zuqVqYEkRLvhy>@-w8~)3Z6YCw(4CmS57BqtIP09-<b+T0B*)RCqNm&-xw7zVHUWLY
zI1b+v5t(|y@rNa6bgsRkr~l8pL$6Hfy$=mL`cE=|XBNTTO2o<thB8i}@D(k-AMt2I
zt$2i0LXNW9Esw(T%JUP^JH^)W+JXlZhT%%nG2*>%ji@o9egB-eWL?U$(47PLVi?qG
zl?#f+y8AH8eMY4wB@2^WD7nF$#f^XkT&Cpoy$K3>yAUC0&SU-{m&Jrgcq^w)%#T#D
zDjV9<7&5|ah&5qO*TgqHSCk`1479>YOEN0XD-5pY8KD#8O5v~9-(s+gzd-6&EMFP#
zMB`i7e04ST2LK|US|V48YadcneUx(4`|!e>5)DCY;~u`IFFCuFzhunSpn5BC+uukT
zJ6vg@6Uq;jS>S_JK0*r{Ou8q1dJZ8O&*mj*J5<dhrE`7f%DA)jor;4R24nM|&}w<g
zK}b)zYF1FIj`!+kkC{?zEynvo<oTIw0VzbLjyDN_T3YaZ5sEI4o5?^5L&S?W-e>C#
z%7qfjx{o4qQpQ?bajB$-P#XsvCPz(p#>!$WXsLy)O?6m5L?t?98&sZ{zGY)4z4o`$
z(KS|{%SUznbduBwq&Owv6+a{gI~kl|c6i656fDSi!|qo9E&;y7GM!HWzQ32921==W
zGA*A7#IzSZ?R}nD1dq9FL#hwwh<h4F_?YI@t$<r()w_L%1dhjlk*#p5NUi}s8s$<g
zK}|Sy8lS|{AslKsKf*L98!Y})Ojc>s+xSyq=>FHGf|{?aB-A%Crgk+WPLsYNHA8`V
zV;12y`;JV@)z$=ep7myLsq3Az3p(`v2ae11v(2B<S)_no9AtRiMsjT14R7u_F1m$M
zx>N4)@ud7@@4Ks~aV<Cv3+n)`;f=!@*$qN&Dp7VP$8+msRgp>KqgVNnX^B1kvdz@f
zdyV9ZE4#$Ex>jphU_}L`o45P5qUJxY9oD9NANgc`qa$T&Kwk0+v@mP^aZ-soV$R~#
zMZ@C7qBrbFi!aD)>W==cT@<VQsz-N4XzA>Gs{GD9a9EpPYkKW<D=rPeo?@H_X*+yX
zzM^a*=PrAfaKAdaRL*N4bByjTP62^{DJUY~3aZL5JPr6C6Vn#pK^HJQ=mbaw`2BYO
zNvQr$zqJ3+ujGJ?;PWG_vOm{FsqFfX;m|l%s^9wUHjToAKCW!1YxaFF*Tke7!=`1b
zwX(z`2)@}p$}Q$#cASkqDZ2oIX|Diakw<iKuT|f;?Qm-LC-5#|y{|+AO-vGd{ryL}
zyQgJvx}n5`e129#S@Dv0;Br^e(8|=9(V-&LZH-M&u0R%uxm}*0malst5%pq^x{sTx
z%A}GSN3BwGprJwGc~e%l6Z0h~FiP7J(p@8L(OyiSQ>>tX(~OVPwuH};qt0fd$rZFC
zA2M`oR8%*GlFKBcFcp#l-eggWmy@3Opn_HeV4N4ArWS(EN%7QnWGp(~2H4o$a^>=^
z`8jKS{3Kd|Jy1=D-yvv}vr1lyoxwFJwHya>GBGqJ&pxKrx|MYC`fOF@dI9lok0l=U
z9<j7<V`+7`h$d}fm7a(O#Z*9HZ!RlR{HZ$$!Wx@sV~kLmpo~VF)?brx;yj>BY29%M
zO?@ClPd8~3B{GX{n&YsGyzX@7{G67~XTExQIMwxh)w3K%Hyd_t!B@Qy2Dv6egDBqm
z9FWOQqxS1L$tBhNc6qe!@w0ZxYAto2OyGWqWReQbYj?bFZ6{_5n=0CsEE8bA6Yx@m
zkW=efbrdwtd4GM_I1l&oxKSZk#e5)9xhQ_WcP<gfWr#xgUodVIPspuW9#)sIObDKR
zBq}4yTL?*_yPWC6pOK=hp;3G5hNtfan-vXiX-a&Lvv-lc`5F4y_4O<P?bOm1vlmR5
za`ePCfVb=l6`s!D{Se}#Rk;PLEIu|P?@tdjtQ!6Wls9ngz(3*^_*b-idt6R$b!6ei
z-c`q(V)L~cIlYTE!)&IX9=baMA?NR~R2&MU+XtT{ffU<yXWn$Fq(~|4$nwMu-W_LX
zrP*|#@mtOtmvo73v5L-%wfE1ibcTOuP;=4atj4AsN?$$^FyI<tr#jt~HGe=-KWCxs
z;W6O0WJOLlzvphwkQQfysn|>Gk!rH;1vv0QX+qJWsqC1X@xV--nU}h(axWeX<mLgo
zMok}JjYEcGWbM4hiZ{iAf3*tpUn(5xd|Fy$h3ZFL^e}~JPG}EWZj<ZcZ{I%3;P~4O
z7xNdp=2Ghdn{!&?atu(sZm*%@%8!wKuBMGS2C9UrtaU^cQD-7dux-Mar!<5BA!8#<
z60D-k5~9ai@7A(YXLpT+zixKWR1&p3Y*LC;2p4_LZaw*|1?mhE+q(~qfmE>u6%4$n
zPan(Ki4QPsD9bs0!1gM*L~NsX{Z=n-fsHMHk6h(P$N6dSJoddRCH@#m^u^=Pqxi=|
zg)My1i)cr<nu|5;aMjBpOm6Ry9H|$KF3C62kdSuobhsfux3U$ZzSfzC=$!YyqCa8m
z)MY%cm&T6OL32SNNUveGnbLjf!_Wts4y)Z&?sdUgyGF8A-e2dwH>Ym$P2=Pq8)e(X
z!zOHgv?yWw{Jhdc?PvM>Ws7<zRk3M(#GAQs-ol`gBEf<dNayH^fd02eEh1XgydV!i
z-&7P2T-OH~iev7eqg;jrZVozs2KkdzX%Ia}g{)3;WdQHXEA4Lz?R#&Be@;hlJKBo<
zrNZ%(>3ksH(69BzFIxugMHf$$%7kNSB)l|sZ{v#BWamqAuG5QB)UIBg`B4*zv-s&L
zn^Pf76Ltf}KuaUbLJj1j0e~PNTVi8ubakC^VYb0?*;Gj|`)zp;WC+`}Z}~y{Nd6XO
SzcgUp+BzaX21rd6Tkvm(Aw2c~
diff --git a/credentials/idp-encryption.crt b/credentials/idp-encryption.crt
index 10fa34d..c5e4b2b 100644
--- a/credentials/idp-encryption.crt
+++ b/credentials/idp-encryption.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEKDCCApCgAwIBAgIVAPyKe4kuv7ZzU9YkyhDT6PWudYj5MA0GCSqGSIb3DQEB
-CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMTAzMjQxNTU0MjNa
-Fw00MTAzMjQxNTU0MjNaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
-DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAL+i5PmO/JsPcM25CSY0zJeJ+rim
-4mqlr0sT7BRIEEv6ja9RAxRI3fRXOYfz6PxfF6AMsYy35bCueOAOcbr5IyCIhHiu
-HemT3ieiROoOUY3P0D4KdwC3cSxANc53pEIVsNd05Xxe2mVnGJ9liomWGl0Zsj4v
-TC6f7PFjAEV3JyaETMyLpKVH9rt9FVKPZ3zl9FN/nqA0KodjQVbJYjIyJsib3WBB
-WWZ6VgwErHQriCk2gIGrYbltcZe3ujKOpNaRiIraG1VPs/YaP0IcsPekS0Vy9qcF
-6Xq4xErWdR+Fh0v5iI6bZ3feKnGDO1q30M5I/cfkwW9CQd9zqLjM38MilFJYCoqI
-KbZRPvvKAt1B/JZJMhZZJaBy9y5CtTHnZiEZxdovz1R8BsZgmYgMRfIqTAN3+bYl
-kzfgaS/PmQkiY+iUzsi7Bi753Eqlaksa1xqeV7tkpVRDOUeTMOvjBzueQS1wdP7i
-VgiQrWF+EqBBxGY6QqlYdPbOZOwcL8nOE6+BwwIDAQABo2UwYzAdBgNVHQ4EFgQU
-N1YcXFUpP/ioF9ByIell/FLIxCIwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
+MIIEKDCCApCgAwIBAgIVAJLvssEzx/CNl7hX6vhAYmUSTlbPMA0GCSqGSIb3DQEB
+CwUAMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzAeFw0yMzA5MTQxODQ3Mzda
+Fw00MzA5MTQxODQ3MzdaMBoxGDAWBgNVBAMMD2lkcC5leGFtcGxlLm9yZzCCAaIw
+DQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAI4Lg9rN4x3rux40VV0rDGp+LY4h
+UXvXhAWVmeqFvl4BV8ndCoaR04BiEOs7jl2WVljWh6bVNgGe/oekDdztVMeeumNQ
+r9Bnl9VuSR5BbNM8RpA/KaDYluKv97CntaWOYCkwZljb9Sn5/SpKEod/b6r6aHqN
+5W2tShg5HIwlTqhAq3SnygYQk133B4r1TzTiRfk4Ti5kVw3Nc04Gmv6fdq5nP7gC
+I3tgl4zEK8XuHDgdN6mG3prE8LFTLO6VARFpEWQQg71Iu0vJhqpGBjKbQliejiti
+dzD3AvGSakA7Gum2A6V/BDXFZd/pjctgutXqJ1aBQ1F4DgEredLqORkyK3h6+ufq
+1hG47fxGvgJF5NV9KyPrxNVdNJ9c7i9oDEjoYD1oX7T48xCnUQChLK+80pWBNDSS
+5YdxeCdoci3C/T3uIePZetsEQ0u+zc97feqaINI983CIN839hFOOQQ6Y9TBBxTkd
+i4VXkWa3E6RqiUBAld4H1SN6rkRiGNhoeZ49uwIDAQABo2UwYzAdBgNVHQ4EFgQU
+4JYXPboLsz/+QjOITS7Ht6imKUAwQgYDVR0RBDswOYIPaWRwLmV4YW1wbGUub3Jn
hiZodHRwczovL2lkcC5leGFtcGxlLm9yZy9pZHAvc2hpYmJvbGV0aDANBgkqhkiG
-9w0BAQsFAAOCAYEAq3MFr90wgCFV2fUdxACwnytfK3tlpT7bczA4ks3iUlMM2o8t
-QuaMe5pru+5nhMk+D8Be3RoIIks/ddxHwVKbwLjzJFEG/9S43MduXP6P3weMr0Y8
-lIqZrd65uaaEbAd0ldGSn6ekB+ERwDNC2aYghwMIPqyCvQo6vLRsBsnLEa3q63Xr
-GYbkCawtvMTINYxAgFP0vavxNXF7A9qqDCpS/m4QgdbL7DLEJTN/wCgJVPTA9f9M
-SyjcmSRJ2FMNHyRgor26jT0rCeUNJ1MgM0kA3hwqW5eK+nj9OZWWVjOZaAkdVRn1
-mGJoRmtK/dGE4SEXfyIgWqQfdGOpIAEkIG9EHaH37Kg+slMjb/ZwN/riShIxPacT
-YPkAC/AqRaiJOzvi4ZB9OtjC3wyoyak5e33p5DnCIQ2+hEbebAsnYWP6Yf/c1KMw
-1Z56FlQwmY1yBZ6+yTIR0jCKWj5mFuahsDW7VSkRUBmt55Q/o24YbHfLioYRSJAi
-uADV9N9NCGawgJnf
+9w0BAQsFAAOCAYEASeKc1xHMb18Qw5SF7D7sRRqyDoVwrN8ZHUDEE7zVMVeCkjCm
+L2GvSmbNpJfJbs78EsQt3mTTfroHByuH3LnTYv1i+CangdHrEe0K8u63pth0JjUn
+kZ3m6UPzGq69hZXIi3cLu0v6l3aywxjiQkNQg/3ndTrdL99/2AJS1TMknznRptGu
+bTbxvMomvKYp0O6WU0zcn3ElupZs2EnsOuM05QkLndh7KWodT5AjVODbiawVjfSl
+WB7INmDk1TVtk2nHRaoagjbcDKUWGHlXUsGgtqDuxb7THx2+glFaRGuUoT5LqZU2
+Zr1rwj9z7gKqZrpbkn2/xrA5W6M8WxUWGiPn6F+P+8liXbeq0MMrn6DWN8HKScVK
+vQy1G9fo3hHn0x+yAtWgEgi4GhuoaLFarw9oaVZP6yAlFrL39LWoj7sowCjoIK17
+pvgBrNqgolW25QHWLLG6SbAqIq9JxfiOxSs+XLWJorFtrmQuIap0e5mZw+hsuun/
+AcPlbssPcPJmxeCU
-----END CERTIFICATE-----
diff --git a/credentials/idp-encryption.key b/credentials/idp-encryption.key
index b8ed07c..4ff57eb 100644
--- a/credentials/idp-encryption.key
+++ b/credentials/idp-encryption.key
@@ -1,39 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG5QIBAAKCAYEAv6Lk+Y78mw9wzbkJJjTMl4n6uKbiaqWvSxPsFEgQS/qNr1ED
-FEjd9Fc5h/Po/F8XoAyxjLflsK544A5xuvkjIIiEeK4d6ZPeJ6JE6g5Rjc/QPgp3
-ALdxLEA1znekQhWw13TlfF7aZWcYn2WKiZYaXRmyPi9MLp/s8WMARXcnJoRMzIuk
-pUf2u30VUo9nfOX0U3+eoDQqh2NBVsliMjImyJvdYEFZZnpWDASsdCuIKTaAgath
-uW1xl7e6Mo6k1pGIitobVU+z9ho/Qhyw96RLRXL2pwXperjEStZ1H4WHS/mIjptn
-d94qcYM7WrfQzkj9x+TBb0JB33OouMzfwyKUUlgKiogptlE++8oC3UH8lkkyFlkl
-oHL3LkK1MedmIRnF2i/PVHwGxmCZiAxF8ipMA3f5tiWTN+BpL8+ZCSJj6JTOyLsG
-LvncSqVqSxrXGp5Xu2SlVEM5R5Mw6+MHO55BLXB0/uJWCJCtYX4SoEHEZjpCqVh0
-9s5k7Bwvyc4Tr4HDAgMBAAECggGBAIQTUJxu38o+qhAfJx8d5KPMhPAelI3MAzRL
-VrnjsNesp1ndC7I/RjnQo+X/ROQq5a15EiVZ2QQcO1KwodGrQ3p4nFRQLG1/a+0E
-+VoW5D5Iq80WiU4FIArPdkYGTz78lBTqi/9boEmi9GVnJkQNH75qp14UWv0HW9ZB
-1T4LEQCKziNrWt5O6s3tN3TfQQPjuLCTlE/1pBoLXkziHrtZtUEtqzVb1LG8PvGp
-hvHJzt4Yohi8dW3G8DMQfVO63ADF65OwjaMO4SmU/lbRDqJSvb4LxRiahRasBLYC
-qoqi53Y3grDiZMVd6XAnDrr12JzsgGDj2/j4GiMHSQKkPBMcy+SQpiVYV2jFiaGn
-31vJufShqP+70Vez+1DVwjj9Gf/R/3zipib9q8sz7UDkpi2Du5I2mX4K5uEmx9Aw
-hkZoqIM+yHegfDSIwCqHqNqh7mHOwHOmOAgFqkY2DNyTpA513iIUzggQ1pNKsg+d
-cLljbubz7KppNApcTBaZUSGy7KzFAQKBwQDnKoxT1feWZhsDPOFa474sebHfpsMK
-vlvnEUzG4UvBz/QqR8ib7BsT2ZuF90lo+NTDg6Wohn5J/gTc6z0J5SBhjDay21a4
-qaGTA2BZL6D1el3yBTI0dK9AA/1UaNGQN1MUNmHEXlxFuAh6KEEbau0qNNgxJXpQ
-90FzQaonHdstGRj49iHbX1xO28AYlRkYFzraR9u1M8wFcWnVpoJ8nHP3LH/Qwq3m
-8ov63Jl9YkxPgvOnZb3Irj3Pz20CIgBWUPkCgcEA1Dk1ewLqkxYgMEcRnGGyF489
-3K88pe28/HCL7qWUuIHyHHnym10S0qRHxApTPKhpJS7L/h46lqFfPuxvLHLfB8I+
-uXxq4TKHVRbLHxbcC6h7oHJS5Ezi+PCIFP8nINJ97wq7OWaPVn388MU8sA9khy5j
-gsyPoRj8QnJrWi37j6RFJWoYiCwFRRtCzhMRJUafuOba865h2wXUZwhfMPCuhA4u
-go5621Sld/RD9PajGsfiGx/5uMdtdvPwDzLXOhObAoHBANUKI1VIBes3ooFzZASN
-isAWT1VcrLeEA9KJ4QYQr+6oJc+pZDo+eB3tGCV4ZtE1MXAWLV+Iw26Rig3HRfOO
-lC8SN37SIbQBsQR5whuvh1l0MoxPOZuaRcBrbNaT2z5bnlcsXyHIDKW8GyPpYUdR
-Xczd8rgoX/eqR0lfJN7z5wBC9v7KZx1zXvDWGM0O65eGIRj1zIfMeqQxh2X9FJie
-30jWW90a7YW/1j2VfGdPZiCJAOAvJZ6C5jhUY5PpngHukQKBwQCk7Qy920dXJWPA
-gQqToGzZ2Ez4Gwsj3Dz5ZbGpte588Sepr6+1w8AkCN1o4alMQ4jrB5Iqm21msGQn
-r3C6d08SZYd/eMxK1IzNuJgEQiyhtr7UsuPuXj4pvivTPXM4E70grxNPCYAtdF3E
-81M1c9DpKUjWVojsZlFshiUdgQy11bCS4f/Mm4FA8m2ZXsH9WQQ5mtbfd06++qnV
-pHDtxK2rHKZSec3Kc97f+OlzDtU0s8/oypG0Yu+T+QE/noAaty8CgcBLiCGm3D4z
-eQvCyp2ifIx3aS0EPClKYME3x5TyZJbQ5EKYEsmWk5zpfNczwQCSjgnURs1X4Txv
-4vTShW6isvC4D1+nmK19jajlhk9humMshhLSkSsbWAMIJYtqwz/w6CN4b7QvXhcB
-x7d3BR8cL8/aLAJxBLx0hcenbEM6u8f3nAivllcrW0kMrJDErjT8unkQJdLWV3ct
-qvrSqBArpykBjayM52USIUuNZFUIvjmwN2XUlC46+388fWwIiPwnfM0=
+MIIG4gIBAAKCAYEAjguD2s3jHeu7HjRVXSsMan4tjiFRe9eEBZWZ6oW+XgFXyd0K
+hpHTgGIQ6zuOXZZWWNaHptU2AZ7+h6QN3O1Ux566Y1Cv0GeX1W5JHkFs0zxGkD8p
+oNiW4q/3sKe1pY5gKTBmWNv1Kfn9KkoSh39vqvpoeo3lba1KGDkcjCVOqECrdKfK
+BhCTXfcHivVPNOJF+ThOLmRXDc1zTgaa/p92rmc/uAIje2CXjMQrxe4cOB03qYbe
+msTwsVMs7pUBEWkRZBCDvUi7S8mGqkYGMptCWJ6OK2J3MPcC8ZJqQDsa6bYDpX8E
+NcVl3+mNy2C61eonVoFDUXgOASt50uo5GTIreHr65+rWEbjt/Ea+AkXk1X0rI+vE
+1V00n1zuL2gMSOhgPWhftPjzEKdRAKEsr7zSlYE0NJLlh3F4J2hyLcL9Pe4h49l6
+2wRDS77Nz3t96pog0j3zcIg3zf2EU45BDpj1MEHFOR2LhVeRZrcTpGqJQECV3gfV
+I3quRGIY2Gh5nj27AgMBAAECggGAAsxxje5KQwcQSJindQAPihBSoefXsUlEJzlJ
+TEWN236QdgBM2mFxPJFyECnfAG1+Wh6NZKfFBdubrWK/lHKEb2r3DCYoJEK0EPzb
+admCavrXc28b4Fu5590zPIWmeMbjTMUt2fRANUaPllKT7JvHqVILywVDI1nUSXv7
+TiTXqjYos1288DHsl45O7N91y9G3G35sF+mg0xh5qrJLEzRjYS13r5pKF9u0St+T
+fnttjqIFGWoD5Nx3qKSPkHqJWYg9EV72Gl5OUxY5lCxk4+ZK2Aj4cEsTIHS7TKlX
+wr/mfm3j462EVh/aHo6Terej2wD1QQiuQZZIKW1iNXnjfpYk7/0pViFyBpbVZJfb
+XWOjSg+QTVyM49zVGQI3xp3qILrItZ6lfVv3gDQd2lahLxH10Rc1wqbV1bdyLomp
+SwX5nQFs9KMRftYHy9Rbq0BnjxDgu/a2WhZMrva2YL1ycKHLdWGfVAP9ZMwO9LpE
+dWkrzuiVxzgDH6GqFcKVWUhBfueFAoHBAMOdHzH4mU3IWqfktPqh759Q/iQipn7L
+n4xkmwbsya9K7iSwlAzVqnuHCqq0wpGjwSdbr51UHbqNo0BF910VubWCB+wZbQG4
+4ceUjfizHso3GMpZdeFS/rpGCqwU1fro6PlTGcC3G/x1y9K181UfE569ohr7sZyr
+ZXhRIHYcFQXGpQshcf7GVV8X5Z0d2oKmd6qO+hilxCU4+uAkI2zRM4PdWTTClB0n
+UkbVS2xTJPQjg9y/gZ9ETrtIlFS1R+bv3QKBwQC55PvCzt+YlZLPTBmHuo+yP1jc
+BpZ0idO2l0geIVhKjfNoJDgfhtlB6WdSaV3fvVTo92DzKWwqX5WSLkLiXbHM8CAH
+tjxUa0raUhNQFzQe4GsBYjUPuaucwG+CThS3RiGHNHpI7qlPVUJUS3mvpD92h2IK
+QrE1Lt10P2kVp9gjE6kHQFubsZ2Q/R+ydHCaYHABkuuqwTLNgLDjHX9LvhiMhPC1
+FkcovtPBKwVIwXAx+Sg2jFMwyVvbDBYeZRiq1ncCgcA1kJ7sNiD0tbptYylTwGg3
+fhw5lOt2qRelgB8bhFeuEpynm1rPMOsgLFh1ak4lR2wq9OZf9Jq3bPWZMg+Mg9h4
+pYS52DSLVi8tUbaWtaXmxbOaJWksLGfoZimh+YqmzISPUXwp03psZW1M49ogIwRi
+YZc0QFvghOaiTcTP0tzG2iBzrdLjazgRdB/CKFyfjioSoFhHy4ysjK/WFM9GivrK
+TyCQW//nA8956gpfPV1PJTKEjkRWcoQEsNk9YO6xhFkCgcAXcv4bHdNwwPVq9tOF
+no//0SPZZW9XNgeh0cWEH3qutOdObLszpuQC/3lMGQSBc7WhSYtOQRxm3/XTIcjI
+Gz+RdXzk3CUSFRK1JYNQKA0oE/ELlKLS3/344QFv83+DevJBxuniB1EOM9gRIBAy
+isqCniNM3grShZ3jyxfrZmfKTPGWe5TSt/4DSxrTfQKzRpT6bdkSihppd+FYVOE4
+4brhBugCP9QsHJ5DkLSy78vCUgazktHvpobSw9yKawBIlJMCgcAmB89kc4xVTo5j
+9IH7eLD0MfATPN52lpKvTM77te5wCmWS4HdSwiTFx7tjZGGtP4zhVJRX4CuoZf7E
+WaTKXoTQlc+TddUhdJYvdrPtahCl+IfMydvgSV5FDrTg05pJbNM/vdqc+K9G+BGA
+fNRexLtGu/3Dzgd44+RIG4V2I4ew41k0LG0ZXFhJXwo/iVOWk0hVxf6ss/WouXpX
+QoPoNFqvRng0Xc2FpEA/elinM51zno5xq7GI15q/8rCaOC4dBZA=
-----END RSA PRIVATE KEY-----
diff --git a/credentials/idp-signing.crt b/credentials/idp-signing.crt
index a7f2528..0996181 100644
--- a/credentials/idp-signing.crt
+++ b/credentials/idp-signing.crt
@@ -1,25 +1,25 @@
-----BEGIN CERTIFICATE-----
-MIIEJzCCAo+gAwIBAgIUZMvUeW53jFMs4M1rlNztvoKNXGowDQYJKoZIhvcNAQEL
-BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIxMDMyNDE1NTQyMloX
-DTQxMDMyNDE1NTQyMlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
-BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAvtENeKgTFxJ3l8ZTeaFifLRLS4da
-xjnKy7JpTfrVOqZHGUQ3zAwY4xifs5rbiBkOAiLLBIqjJJalZQ6A+fSu34eVYdxp
-5VY5L2gAcF/6kf+wOMCU2zdEwiewM9CZMo6HN77Z/ZEC1737/OBaRHwCEtC8l1Bx
-U0V9TgEB/n31mtg5h7FWDPe6dgo1NSeCjsKVGHrdG4Ozo+JHvklqy6knbqnNvPqm
-cLv4nrp/wQnRalqv7/26dlzoecXmCICH4cToBVACILXs331bpWEdHEc+bxInja15
-BOwb4pWLbqD5Qaj9hnPFCAKFtA+Ivb9PKV+44eNN3n73dYEPmx21QeqXWVfn3Ukl
-4lIIhFC9XETbmSI+V8HLYl7e7n6GKN3hdVip0thN5vyPWYBt2DskW6+QFXry2F+E
-qMxNHUqJt0k3uu4pTZ9f/DsQaA+/e+H23DGBIOytNzBz1jbU0Do/35td39YvRGN4
-T5KOuwmGTjrB6cM0/WOxJhaKourpM6qiDs0bAgMBAAGjZTBjMB0GA1UdDgQWBBSA
-UDgNLBosYiGapWvY1CIRGm5f/jBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
+MIIEJzCCAo+gAwIBAgIUN5wi8O8FMY2nZCXakMaHkvb261QwDQYJKoZIhvcNAQEL
+BQAwGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMB4XDTIzMDkxNDE4NDczNloX
+DTQzMDkxNDE4NDczNlowGjEYMBYGA1UEAwwPaWRwLmV4YW1wbGUub3JnMIIBojAN
+BgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEAxM/ZTukRf08tonAflzexZJSSLGoW
+BOQ3JXzqWYh9gRW92S/MSyeBb0Ry05skyqgXXmuyg/lx9eJ+sziHcHdR0kkjE6d7
+0Un52SqgG5d1DHkB0kDpop0ePD811LQfBqXuZNYtlCqghR7e5mKGVZsKUmUL254V
+i3pSNyk5Kxae3R/WFpAg6Vo1i5e3odAc3Qr5H4raxY8IJfwK0GOzX9PMVq5O9dgc
+Fq2l+0NpmBGuovIjUEyqmK9FJykUJToXunjTdghnkuucR4Kpg0JjACSlcnUjO+2H
+2G3hMuoWdkAGhoj95kmIy78Q3OEv97F+n1ifvrWa3l2yzuUFHiUilnfusTFdM1CQ
+f5hkC09JNRnrNgyMi6dwgjkFVm3uOPuEov9vlbfma97INDnkPUIHAmXz5YF+FDgp
+nPCDa1G+t0DgrfOnCSUTJlleRWft/BcF/Y8uA8Bf0jkhebkwZrACbKPWl1Mr84FW
+9UAcJixAlGo7g/beF3vIDFZ2ehDyS/ARSHPLAgMBAAGjZTBjMB0GA1UdDgQWBBTP
+nlImROLHrQIuJJ1bGfmnCifpfTBCBgNVHREEOzA5gg9pZHAuZXhhbXBsZS5vcmeG
Jmh0dHBzOi8vaWRwLmV4YW1wbGUub3JnL2lkcC9zaGliYm9sZXRoMA0GCSqGSIb3
-DQEBCwUAA4IBgQBb9ncPd748rnxrJ7tat50vDGAj/wnFM/9qt6gfwSv7gCikj29V
-QYgZ0gB76xH7RdLw/iuR4g3stuoARt+CYrzkh/A/pG6/FAFI6HZvX/Lic7YLv/rp
-m0aRcBLDzu6gYZ66qm05iXLs1Kueq8Eh0txpbg35LUVZGtXxE6t4da8a/XfSfgDs
-KlUj7ANT1vkbDYXJiio60EqGWxMiyxTacEFOSUqRTlDL1wdvU8hrcyO4ZQSf20Mv
-uROvXwki8Zb1Hoakn51fgJIKvIM6ttLpNdwsXFWpopMw9s5obtrNAB4KbbuISXdn
-3AjJtynK9HuIOyBkphetJcOXj99bAn6VLyl3ieuPPLzXPQ9byNmLlwp0njJE2xtR
-HjztBijmO8wtif3di+nUSwHRG0DcuE7f06Z28+pSrpB0XHDmALSefbq5g51aIR64
-fgC3txaEwILjHFjdK7Iaf0DHqQDUyxqC00IWATB9Dr9dtMIeQVN46x4681AfKp8p
-oHdTCGNvbFo8vGI=
+DQEBCwUAA4IBgQAkFQeq4iMNgzk1JVHdn4qVK8Y4vOUlHIDL4LOlYG0Nsyp9/L62
+LzF4/q9RU2+CQ6QuvwL1FXuH+pNxb4A2L9qx8X23u/fmdpGdH+YXfezOiEKW74v1
+usD18bFIw/E9aeyWQgWrQajqXkiLk4C4+ZOQ8IDxIBrVawV65tqyujx7DOHYd8zq
+VcdJjnchudt1mRzRPz6ajG6X5Zd4htNSim/Trd9JGymr4Xr3ILqHEnWihqpEETNd
+snwzij6jtdXixmSGPeVI/YlGiKJuBgC6j+wjXrXglvnA5WD/5aNtqo409/1rnzLK
+0XElMIvUTqtM2L/9MNALKcQqAoEzfjdtAqJ/yZ528+/H41gEfjoqyZicT8Av6Gf2
++EOx61jXmz9NLB5eUp1h2u94OrkZEpdYQN3VxVEdxR4CFdfllIev1lxMYwxQjai7
+J7bOAjiQAUK8peLx+HvQRMaCWW9VYCHVT7Fs/icq95yQPiLSUaQ0m86rSYG9IZGQ
+YQdqqQZaO3Z2nw8=
-----END CERTIFICATE-----
diff --git a/credentials/idp-signing.key b/credentials/idp-signing.key
index cf8eb60..ec2fef1 100644
--- a/credentials/idp-signing.key
+++ b/credentials/idp-signing.key
@@ -1,39 +1,39 @@
-----BEGIN RSA PRIVATE KEY-----
-MIIG4gIBAAKCAYEAvtENeKgTFxJ3l8ZTeaFifLRLS4daxjnKy7JpTfrVOqZHGUQ3
-zAwY4xifs5rbiBkOAiLLBIqjJJalZQ6A+fSu34eVYdxp5VY5L2gAcF/6kf+wOMCU
-2zdEwiewM9CZMo6HN77Z/ZEC1737/OBaRHwCEtC8l1BxU0V9TgEB/n31mtg5h7FW
-DPe6dgo1NSeCjsKVGHrdG4Ozo+JHvklqy6knbqnNvPqmcLv4nrp/wQnRalqv7/26
-dlzoecXmCICH4cToBVACILXs331bpWEdHEc+bxInja15BOwb4pWLbqD5Qaj9hnPF
-CAKFtA+Ivb9PKV+44eNN3n73dYEPmx21QeqXWVfn3Ukl4lIIhFC9XETbmSI+V8HL
-Yl7e7n6GKN3hdVip0thN5vyPWYBt2DskW6+QFXry2F+EqMxNHUqJt0k3uu4pTZ9f
-/DsQaA+/e+H23DGBIOytNzBz1jbU0Do/35td39YvRGN4T5KOuwmGTjrB6cM0/WOx
-JhaKourpM6qiDs0bAgMBAAECggGAXXk7CCgNcffx7b+RlLuh60TGvbEInqIg3bgA
-Ldr6KUja+12Xl7U1W8nsMadic0ESw6kXmpnvYTUKwH5iYA+kuotIei/nEBk02iww
-Stw5etuuD58HTHu+iv22Kyu8YC/BvWUYlEY9BkJi9nVQwsucmGr4d4dIfGpF/7gu
-qeQ6NChHxljwtlmEVd6aQfeg1R4su1k0hw31Kgrm6ig80JeEYYl8515BumfaWqcx
-ffa5R0g1d3LrrJ/GoiB3lyKfbdFuns5Nw6Cd4gBwTFoFwZrRPGXQGnBNLhaicSFQ
-vchLZQDe+SCdfOcdCmYI7pm9i8jbI+deTzDCT1am3gqvoil0Y+TW9EDk20a4vVnH
-unSsz+kIpVw1O8Hkc7U4yPXxLbS8qTMJUmp0GwLV9egGy8iVVjPXp8VbyjiEDNIJ
-Sp8y9wvjvDPDPxPg7H9Jkgk41muBVuo4KfpaojXSRomlqSD8NfzL6TIMSCPFq2vO
-brp3Gblf14jwj1gPaHiQ7Kr1cH/BAoHBAOLoUvcS1kbxp0NDDBiEgCLPXpoG8MMc
-Y3iSAZ9dtDXyqaUiFEyrpOCtJdIo/YW+on7J86t/+2t5hhJ1VQq7jUpHvoCnIOEj
-SuMAv806owV7XueoFBpaKBEMp28gWFAygeKhGI9g75hjq23f55XT43jPB4NOmYmW
-/Qle2ZS3G/lWKfMbNPbk4MAvvCULVWjaXgzOKnU3L4LybXYq1KzW0xxI7bAEj5ft
-38SyzCJn0pIhpvDgQe0TpkBGajDeHEQiNQKBwQDXSCJbWC8B8dF/kjdTPeeDo/gX
-sK2nBRxQuNJ6BwpAHaPcOA6G3Xcb9LNDFuRReh5jFDs1G86N4ZhL2dVthsQJHt/9
-1pNrn7/UlOjrgRKVZDR8gFZxvuxn/TifuR3xv6+kTgaqknMepA5SpD4VB55VBeJP
-B5OJtSrHxHh4fty+OMvvmpBNC+505yxY69nIRxAtOaFH6xFyM/klp7jgKsJV4lco
-Un1WO0BqflPkLXlbMx4FjcSjikUnkhzbJxdnHA8CgcARfOxgBIClSRymD3XQMe4a
-QLc+0cgekYKNGVusp7Eq8z/l7UF5Q0Va151xnB0mALJPaUsxbZS4DM6rf4WFZT0X
-e34QNlFPaMPtyPH/ZESKOJ7w5cBe45Hw9nO1Gd4UmD/wcpANBOCScyQUPMyBfKos
-dnBSy20D8LIh1cCZOJ+cUOq8xN0JJky4IzWx+TSk9yeGfyFAlXdA9WRAVj6773an
-2GsRRNi4UeoMI+edwzi0cImISRBrsDcA/yxSBdxR1/0CgcAry0zR8Dp/1sWbgg8n
-K+yw5uZNS2/IDk4YTcDjehMnv9/ZqL2rydm1Ii5lc3625HTSCweQYju+uSnWJFY6
-lbPDdzhx1vjeZ/0KLdDEN9mj8mKLAUCUmxZUgTrHo0zoJOqCLi1E/c3VaeJQBYFr
-ncUj3rKPCSeGWAh/4wPu3z/gooU6FONOCSNVPMHUxQXkrDAqQxMAIl3GMbR5aIk/
-cPNfrU+1sDI3HI6aG2DNhkKtvtRYpOJfsn0m855TJryoCRkCgcAHnLZQEkXP624q
-Pq5i5OaKUUeVfIlxHW4S9ucTDw/+G3iHdV9Gxeq3bmMh5B8c8VL9YIHHTKn1xs+h
-iOolSuroDbzzjn+7wF6g2+6wxGg5G0JAiU2WNR4Lv1yJ57tkL42wmEhbzEdqtg47
-RPHPnKhBTxQ4dRMQ9/wCxFsgM1CuD4Fpog4VK06HGt9fXB2iDNQrZmgHbKuGmCL/
-p/9Ftzzg5fo/D3Vd28r2rVo1r4M/LmPuQ5ODWffn4leVNkkV3Gg=
+MIIG4gIBAAKCAYEAxM/ZTukRf08tonAflzexZJSSLGoWBOQ3JXzqWYh9gRW92S/M
+SyeBb0Ry05skyqgXXmuyg/lx9eJ+sziHcHdR0kkjE6d70Un52SqgG5d1DHkB0kDp
+op0ePD811LQfBqXuZNYtlCqghR7e5mKGVZsKUmUL254Vi3pSNyk5Kxae3R/WFpAg
+6Vo1i5e3odAc3Qr5H4raxY8IJfwK0GOzX9PMVq5O9dgcFq2l+0NpmBGuovIjUEyq
+mK9FJykUJToXunjTdghnkuucR4Kpg0JjACSlcnUjO+2H2G3hMuoWdkAGhoj95kmI
+y78Q3OEv97F+n1ifvrWa3l2yzuUFHiUilnfusTFdM1CQf5hkC09JNRnrNgyMi6dw
+gjkFVm3uOPuEov9vlbfma97INDnkPUIHAmXz5YF+FDgpnPCDa1G+t0DgrfOnCSUT
+JlleRWft/BcF/Y8uA8Bf0jkhebkwZrACbKPWl1Mr84FW9UAcJixAlGo7g/beF3vI
+DFZ2ehDyS/ARSHPLAgMBAAECggGAMgQcVqh2cOMfVsuly5k0tLnpF+5x4BZbSWSg
+bdZ5BqgO0jYKdgL5Kty7Tbl8tR/YqH84I7/tzS4dQtCX4uX/3jAGAQWsOrjRDPZ/
+L+PitCPAab1jYpcJSwhJVt/bjqX2mpuvg5r9pjb9MJFTUEgRbHUPeWWIViTk5e3N
+AH1ELC/eCWfhZUwulWYeHbo0y5vxSanRBSnfST/vQ5xCxpSdtl2f5WxhXwYMS3mL
+SUEdH33nqY2CQUExks0muHs18oanzGnFPohA0PLCtUnPe//mK/xc9b6f9FpDeYYZ
+LTnEadz9f9n6FD7Sw8q/PdpL70odySvR4JbNh+1ntTG12KXdJw186QfEoe1P88SK
+dNLFuCttHTVjr6TCsaA/BnoyUv78SvO1MEr6nf78yqontmEqNM0C34UvFSMNZdkv
+2B9vn/Bl3ojOSNG2r1seMugFfVrXMv2MQVi96WO3T6WG329OCGKPFmjg0NQ77xYw
+V3OwMHnw345AxGHmDPFKVCjlTcAZAoHBAO5A1xco/my2RI0IFqvaUUlPPpg1s+pR
+vzVM5lAfU6NpZaYgYJ5EvssCXHKNHqOS8+8sBx2Bq6kkJIJamKLnZJ+kixPHDK9t
+tffhb2RY0jB1wDSNnculoOX29jPJBqVG2rrW4Q3GOiejD0Ig68OIYMOal4nr5GIE
+Y9HG9l7AuApyzJtlLI290mUp6aU4tszidG8PUx9rzL+a9V5HWUoTinIED0w7AJ+O
+6bIJkoOStF0/sYEXTIZKEcGOxZaJZogJ/QKBwQDTeMd1wgrkSebj3fgxUOOx1Pt2
+pFuT0ZZV0Wg7WwlOqpowlTbmQE+pmkmaus/T1o/8Nf1/djm8nlBr74FC7aShaRmH
+HDvl5t21aflV1K/m8AF3mi+ZIkYTfOhE/3Lr0x9Q1Y1eN1/oEwfszfm+lUL9ZJ99
+CDb97dokDe4+x/GutVELwCoz1kFD5Ne3t1afsU/wsIICe/BWrMyK0RzFE3LuUZhA
+C5Y0aelAz4R+T98CCfSpOEGBLlc+NqdoDUtV22cCgcBXFvSIzr9R1b5xHwfKgd88
+wO7MjLTbbk5KmXWGzCyyixBRDXzD3bUwWAibBuKwQENSpfFj48Zv6Xo+/AbXZWXu
+xSLhc907MwtVNN6W+7C5bhF4JFwN2Nlbtk6A13bKa4AA1BMoCdGwM3acYZRMwUk9
+twC1tbih66DhSa09LY0YpKYOF4mVtlF2EUAK2RRZCF4vSpbD4Y/Saj5O3B3Tahkt
+XDaLUvYDXSYnokAgQDwV6fZkjbO3UtPywNGRGWCVUbECgcBr7oQW9S+r7pAakwr+
+2KMt+19Q4XggDOOm71c8nC026loCG9ZGVGKUVLvmbhxuqV8ZwdCdQpEbVM4FGNun
+djUFcOfnjqB/qYJU+j6Y8RHKU4rcKWTLyrNrdN/zf1F/TWT5U9VwVeDsSPJNiZ9D
+B1mGjNnd7dhrZ/9jUXzcrB4NJlu0HKMti9gJt/3ltXxPyyba2KuyauFyy4UmAK6n
+Y1LQkfKcFY3XOIslWgTslwViPASUbbL5JNbAWRK+R7LAolcCgcA20+/3jIyTBOxM
+T2LrTYdPi2RxfnLavSjz9EuAs/WWRdpd3x1MGyz+H5fml4FxnJw0pACm9VRfW1F9
+AJL7Dnlr8eDIpuvFJeNvb0BHYbCecNLt5N8yjIljorY04iiQRLjN2XeyQ2Dh8DjW
+JK4gynLpB8bXgqU7fpEfUuiy/fOF6b5IQPPuSV90UZ6zWY+1Gm7X4pefg4eveD1R
+KFEkG95gmxR++xIDhXrI/uV+OFxkbr5qmR4riliqO31Hs+ZNbZs=
-----END RSA PRIVATE KEY-----
diff --git a/credentials/sealer.jks b/credentials/sealer.jks
index f10f00a4a073bbfb450ac0ac38b6916a718230ed..db5ab6d6a3efc151ea62c75e637a74eb0c97ae4b 100644
GIT binary patch
delta 209
zcmV;?051Rb1NH-u90iJ%1uTJ)A?SZREFliI(vJ!P0|N~}b#VZG00jU50FWc>2eG0j
zP_9c>6g%>4G~Iz4Kq4ELR4I^SnIq-oiwms>Y0{RDIF6~8OQHop0(4EqR^Gs*dt8cq
zfOlHsBYYO3(GL?f<q!Cf_@)$|!90|%!7#iBHwnnAMhj;E*$@z*zV@kq)a59w=CPRZ
zE@U&1joyDW^JKc}Ox&7_%Q#d%=B1i|$2Q&P9%~0d5j%C0umLg@Xc}1;YSeB=gjFcn
LWgT2^ZoG63x>Q+?
delta 209
zcmV;?051Rb1NH-u90hn}@v#??A?SZv`isdo%~H_<0|N~}b#VZG00jU50FZL8`SfIM
zgBn&&>D1>t^aJr}_cD2WR23JufY^6SWyqVAThb9(gt~w}CH8(vU}ywdu~{j5GIj`&
zP>wgYP~J=5xq8uIuRC4YQT^a2ykF6JMS+=~HA~UJ3c0dkDGoHF@5Ba?^%E$pRqXl4
zpJA>uA&k)l_F39(E`BetU|{8c=O@2UOxlGSM)>-&8WE_IumLg@I4&r{u~*8X8ynbH
LB!H;Qd+^vsDClA>
diff --git a/credentials/sealer.kver b/credentials/sealer.kver
index aa1fae9..9604208 100644
--- a/credentials/sealer.kver
+++ b/credentials/sealer.kver
@@ -1,2 +1,2 @@
-#Wed Mar 24 15:54:24 UTC 2021
+#Thu Sep 14 18:47:39 UTC 2023
CurrentVersion=1
diff --git a/credentials/secrets.properties b/credentials/secrets.properties
index 26d4af7..93658fc 100644
--- a/credentials/secrets.properties
+++ b/credentials/secrets.properties
@@ -1,13 +1,16 @@
# This is a reserved spot for most properties containing passwords or other secrets.
-# Created by install at 2021-03-24T15:54:24.596740Z
+# Created by install at 2023-09-14T18:47:39.214769704Z
# Access to internal AES encryption key
-idp.sealer.storePassword = changeit
-idp.sealer.keyPassword = changeit
+idp.sealer.storePassword =changeit
+idp.sealer.keyPassword =changeit
+
+# Password for idp-backchannel.p12
+idp.backchannel.keyStorePassword =changeit
# Default access to LDAP authn and attribute stores.
-idp.authn.LDAP.bindDNCredential = myServicePassword
-idp.attribute.resolver.LDAP.bindDNCredential = %{idp.authn.LDAP.bindDNCredential:undefined}
+idp.authn.LDAP.bindDNCredential =myServicePassword
+idp.attribute.resolver.LDAP.bindDNCredential =%{idp.authn.LDAP.bindDNCredential:undefined}
# Salt used to generate persistent/pairwise IDs, must be kept secret
-#idp.persistentId.salt = changethistosomethingrandom
+#idp.persistentId.salt =changethistosomethingrandom
diff --git a/edit-webapp/css/consent.css b/edit-webapp/css/consent.css
deleted file mode 100644
index 5daabee..0000000
--- a/edit-webapp/css/consent.css
+++ /dev/null
@@ -1,150 +0,0 @@
-.box {
- width:600px;
- margin-left: auto;
- margin-right: auto;
- margin-top: 50px;
- background-color: white;
- -webkit-box-shadow: 1px 1px 15px #999999;
- -moz-box-shadow: 1px 1px 15px #999999;
- box-shadow: 1px 1px 15px #999999;
- -webkit-border-radius: 8px;
- -moz-border-radius: 8px;
- border-radius: 8px;
- overflow: auto;
- padding: 1.268em;
-}
-
-body {
- font-family:Verdana, Geneva, sans-serif;
- font-size: 12px;
-}
-
-h1 {
- font-size: 13px;
- padding-bottom: 12px;
-}
-
-a {
- color: #00247D;
- text-decoration: underline;
-}
-
-a:visited {
- color: #00247D;
- text-decoration: underline;
-}
-
-a:focus, a:hover, a:active {
- color: #F39800;
- text-decoration: underline;
-}
-
-#tou-content {
- font-family:monospace;
- width: 95%;
- border: solid 1px #666;
- margin: 4px;
- padding: 10px;
- overflow: hidden;
-}
-
-#tou-content li{
- margin-bottom:10px;
-}
-
-#tou-acceptance {
- width: 95%;
- border: solid 1px #666;
- background-color: #F0F0F0;
- margin: 4px;
- padding: 10px;
- text-align: left;
- overflow: hidden;
-}
-
-.service_name {
- font-weight: bold;
-}
-
-.service_description {
- font-style: italic;
-}
-
-.organization_name {
-}
-
-#attributeRelease-consent {
- width: 95%;
- border: solid 1px #666;
- background-color: #F0F0F0;
- margin: 4px;
- overflow: hidden;
-}
-
-#attributeRelease {
- width: 95%;
- margin: 4px;
- border: solid 1px black;
- overflow: auto;
-}
-
-#attributeRelease table {
- border-collapse: collapse;
- border: none 0px white;
- width: 100%;
-}
-
-#attributeRelease td {
- padding: 3px 7px;
- vertical-align: top;
-}
-
-#attributeRelease th {
- text-align: left;
- font-size: 18px;
- padding: 5px 7px;
- background-color:#00247D;
- color: white;
-}
-
-#attributeRelease tr:nth-of-type(even) {
- background-color: #E4E5E3;
-}
-
-.federation_logo
-{
- width: 50%;
- float: left;
- padding-top: 35px;
- border: 0;
-}
-.organization_logo
-{
- width: 50%;
- float: right;
- border: 0;
-}
-
-.form-error {
- padding: 0;
- color: #B61601;
-}
-
-/* Device specific styles */
-@media only screen and (max-device-width: 721px){
- .box {
- width: auto;
- box-shadow: none;
- border-radius: 0;
- -webkit-box-shadow: none;
- -webkit-border-radius: 0;
- -moz-box-shadow: none;
- -moz-border-radius: 0;
- padding: 0;
- margin-top:0;
- }
- #tou-content, #tou-acceptance{
- /*width:87%;*/
- width:auto;
- }
-}
diff --git a/edit-webapp/css/logout.css b/edit-webapp/css/logout.css
index dcd10d2..5cd06c1 100644
--- a/edit-webapp/css/logout.css
+++ b/edit-webapp/css/logout.css
@@ -1,4 +1,7 @@
/* Success/Failure indicators for logout propagation. */
+ol li:before {
+ content: ''
+}
li.logout {
line-height: 36px;
padding-left: 36px;
diff --git a/edit-webapp/css/main.css b/edit-webapp/css/main.css
deleted file mode 100644
index 116b31e..0000000
--- a/edit-webapp/css/main.css
+++ /dev/null
@@ -1,165 +0,0 @@
-* {
- margin: 0;
- padding: 0;
-}
-header, footer, section, nav {
- display: block;
-}
-html, body {
- height: 100%;
-}
-body {
- font-family:Verdana, Geneva, sans-serif;
- font-size: 12px;
- line-height: 1.5;
- color: #717171;
- background: #717171;
-}
-a:link,
-a:visited {
- text-decoration: none;
- color: #717171;
-}
-img {
- max-width: 100%;
- margin-bottom: 12px;
-}
-
-.wrapper {
- background: #ffffff;
-}
-
-.container {
- position: relative;
- left: 34%;
- width: 540px;
- margin-left: -270px;
-}
-.container-footer {
- padding-top: 12px;
-}
-@media only screen and (max-width: 1020px) {
- .container {
- left: 45%;
- }
-}
-@media only screen and (max-width: 650px) {
- .container {
- position: static;
- margin: 0 auto;
- width: 280px;
- }
-}
-
-header {
- padding: 20px 0;
-}
-
-.logo img {
- border: none;
-}
-@media only screen and (max-width: 650px) {
- .logo img {
- display: none;
- }
- .logo {
- background: url(../images/dummylogo-mobile.png) no-repeat top center;
- display: block;
- height: 115px;
- width: 100px;
- margin: 0 auto;
- }
-}
-
-.content {
- padding-bottom: 80px;
- overflow: hidden;
-}
-
-.column {
- float: left;
-}
-.column.one {
- width: 50%;
- margin-right: 48px;
-}
-
-form {
- width: 240px;
- padding-bottom: 21px;
-}
-form label { /* labels are hidden */
- font-weight: bold;
-}
-form legend {
- font-size:1.2em;
- margin-bottom: 12px;
-}
-.form-element-wrapper {
- margin-bottom: 12px;
-}
-.form-element {
- width: 100%;
- padding: 13px 12px;
- border: none;
- font-size: 14px;
- border-radius: 4px;
- -webkit-border-radius: 4px;
- -moz-border-radius: 4px;
-}
-.form-field {
- color: #B7B7B7;
- border: 1px solid #B7B7B7;
-}
-.form-field-focus,
-.form-field:focus,
-input[type="text"]:focus {
- color: #333333;
- border-color: #333;
-}
-.form-button {
- background: #B61601;
- box-sizing: content-box;
- -moz-box-sizing: content-box;
- color: #ffffff;
- cursor: pointer;
-}
-.form-button:hover {
- background: #FF6400;
-}
-.form-error {
- padding: 0;
- color: #B61601;
-}
-
-.list-help {
- margin-top: 40px; /* offset padding on first anchor */
- list-style: none;
-}
-.list-help-item a {
- display: block;
- padding: 6px 0;
-}
-.item-marker {
- color: #be0000;
-}
-
-footer {
- color: #ffffff;
- font-size: 11px;
- background: #717171;
-}
-.footer-text {
- margin-bottom: 12px;
-}
-.footer-links a:link,
-.footer-links a:visited {
- color: #ffffff;
- font-weight: bold;
-}
-.footer-links a:after {
- content: "\00a0\00a0\00a0|\00a0\00a0";
-}
-.footer-links a.last:after {
- content: "";
-}
diff --git a/edit-webapp/css/placeholder.css b/edit-webapp/css/placeholder.css
new file mode 100644
index 0000000..c1dbe1c
--- /dev/null
+++ b/edit-webapp/css/placeholder.css
@@ -0,0 +1,802 @@
+/* Colours pallet
+
+To change the colours, use find and replace with the values below:
+
+ #ECEFF1 - Body background, header / section border, read only / disabled input fields.
+
+ #1534E3 - Links, buttons, list items, selected radio, selected checkbox.
+
+ #1A237E - Hover buttons.
+
+ #32424A - Body text, input fields border.
+
+ #7A2D00 - Output message.
+
+ #B50024 - Error messages / fields.
+
+ #1C7D40 - Success messages / fields.
+
+ #999999 - read only / disabled input fields.
+
+*/
+
+html, html * {
+ margin: 0;
+ padding: 0;
+ border: 0;
+ font-size: 100%;
+ font: inherit;
+ vertical-align: baseline;
+ box-sizing: border-box;
+ background: none;
+ background-repeat: no-repeat;
+ background-position: left top;
+ border: 0;
+ outline: 0;
+}
+
+html {
+ height: 100%;
+}
+
+/* HTML5 display-role reset for older browsers */
+article, aside, details, figcaption, figure, footer, header, hgroup, menu, nav, section, main {
+ display: block;
+}
+
+/* Default document styles - fonts, font sizes, text colours, font weight */
+body {
+ font-family: Segoe UI, Helvetica, Arial, sans-serif, Apple Color Emoji, Segoe UI Emoji, Segoe UI Symbol;
+ font-size: 16px;
+ font-size: 1rem;
+ line-height: 24px;
+ line-height: 1.5rem;
+ color: #32424a;
+ font-weight: 400;
+ max-width: 3000px;
+ margin: 0 auto;
+ background-color: #eceff1;
+ padding: 24px;
+}
+
+/* Links */
+a[href] {
+ text-decoration: none;
+ color: #1534e3;
+}
+
+/* Link hover states */
+a[href]:hover, a[href]:active, a[href]:focus {
+ text-decoration: underline;
+ color: #1534e3;
+}
+
+/* Heading styles */
+h1 {
+ font-size: 24px;
+ font-size: 1.5rem;
+ line-height: 28px;
+ line-height: 1.75rem;
+ font-weight: 700;
+}
+
+h2 {
+ font-size: 20px;
+ font-size: 1.25rem;
+ line-height: 25px;
+ line-height: 1.5rem;
+ font-weight: 400;
+}
+
+h3 {
+ font-size: 16px;
+ font-size: 1rem;
+ line-height: 22px;
+ line-height: 1.375rem;
+ font-weight: 700;
+}
+
+h4 {
+ font-size: 14px;
+ font-size: 0.875rem;
+ line-height: 18px;
+ line-height: 1.125rem;
+ font-weight: 700;
+ margin-bottom: 0.5em;
+}
+
+h5 {
+ font-size: 14px;
+ font-size: 0.875rem;
+ line-height: 18px;
+ line-height: 1.125rem;
+ font-weight: 400;
+}
+
+h1, h2, h3, h4, h5, h6, p {
+ margin-bottom: 1em;
+}
+
+h1:last-child, h2:last-child, h3:last-child, h4:last-child, h5:last-child, h6:last-child, p:last-child {
+ margin-bottom: 0px;
+}
+
+/* List styles */
+ol, ul {
+ list-style: none;
+ margin: 20px 0;
+}
+
+ol:before, ol:after,
+ul:before, ul:after {
+ content: " ";
+ display: table;
+}
+
+ol:after,
+ul:after {
+ clear: both;
+}
+
+ol:last-child,
+ul:last-child {
+ margin-bottom: 0px;
+}
+
+ol:first-child,
+ul:first-child {
+ margin-top: 0px;
+}
+
+ul li {
+ padding-left: 22px;
+ margin-bottom: 4px;
+ position: relative;
+ list-style: none;
+}
+
+ul li:last-child {
+ margin-bottom: 0px;
+}
+
+ul li:before {
+ content: '';
+ -webkit-border-radius: 2px;
+ -ms-border-radius: 2px;
+ -moz-border-radius: 2px;
+ -o-border-radius: 2px;
+ border-radius: 2px;
+ background-color: #1534e3;
+ height: 7px;
+ width: 7px;
+ display: block;
+ position: absolute;
+ left: 0;
+ top: 7px;
+}
+
+ol {
+ counter-reset: item;
+}
+
+ol li {
+ padding-left: 22px;
+ margin-bottom: 10px;
+ position: relative;
+ list-style: none;
+}
+
+ol li:last-child {
+ margin-bottom: 0px;
+}
+
+ol li:before {
+ color: #1534e3;
+ position: absolute;
+ left: 0;
+ content: counter(item) ". ";
+ counter-increment: item;
+ font-weight: 700;
+ top: 1px;
+}
+
+ol li:nth-child(n+10) {
+ padding-left: 30px;
+}
+
+ol li:nth-child(n+100) {
+ padding-left: 38px;
+}
+
+hr {
+ width: 100%;
+ clear: both;
+ border: 0;
+ outline: 0;
+ background-color: #eceff1;
+ height: 1px;
+ display: block;
+ margin: 30px 0;
+}
+
+b, strong {
+ font-weight: 700;
+}
+
+i, em {
+ font-style: italic;
+}
+
+small {
+ font-size: 0.8em;
+}
+
+big {
+ font-size: 1.2em;
+}
+
+.cc {
+ clear: both;
+ margin: 0 auto;
+ width: 100%;
+ max-width: 649px;
+ padding: 0 0;
+}
+
+.cc:before, .cc:after {
+ content: " ";
+ display: table;
+}
+
+.cc:after {
+ clear: both;
+}
+
+img {
+ max-width: 100%;
+ height: auto;
+}
+
+/* Main content area */
+main {
+ clear: both;
+ margin: 0 auto;
+ width: 100%;
+ max-width: 800px;
+ background-color: #fff;
+ -webkit-border-radius: 8px;
+ -ms-border-radius: 8px;
+ -moz-border-radius: 8px;
+ -o-border-radius: 8px;
+ border-radius: 8px;
+ -webkit-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ -ms-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ -moz-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ -o-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+}
+
+/* Add a border top when 2 sections are together */
+main section + section {
+ border-top: 1px solid #eceff1;
+}
+
+/* Header */
+header {
+ display: block; /* Change to display: none to hide */
+ border-bottom: 1px solid #eceff1;
+ text-align: center;
+ padding: 6% 8%;
+}
+
+header .main-logo {
+ display: block;
+ margin: 0 auto;
+}
+
+.service-logo {
+ display: block;
+ margin: 24px 0;
+}
+
+section {
+ padding: 4% 8% 4% 8%;
+}
+
+/* Output Messages */
+.output-message {
+ font-size: 14px;
+ font-size: 0.875rem;
+ line-height: 18px;
+ line-height: 1.125rem;
+ font-style: italic;
+ -webkit-border-radius: 4px;
+ -ms-border-radius: 4px;
+ -moz-border-radius: 4px;
+ -o-border-radius: 4px;
+ border-radius: 4px;
+ background-color: #FFD8C2;
+ display: block;
+ padding: 4%;
+ margin-bottom: 20px;
+ color: #7A2D00;
+}
+
+.output-message:last-child {
+ margin-bottom: 0px;
+}
+
+/* Output Message Success */
+.output-message.output--success {
+ background-color: #DCF9E7;
+ color: #1C7D40;
+}
+
+/* Output Message Error */
+.output-message.output--error {
+ background-color: #FFF0F3;
+ color: #B50024;
+}
+
+.boxed {
+ -webkit-border-radius: 4px;
+ -ms-border-radius: 4px;
+ -moz-border-radius: 4px;
+ -o-border-radius: 4px;
+ border-radius: 4px;
+ -webkit-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ -ms-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ -moz-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ -o-box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ box-shadow: 0px 0px 10px 0px rgba(38, 50, 56, 0.11);
+ background-color: #fff;
+ padding: 6%;
+ margin: 30px 0;
+}
+
+.boxed:last-child {
+ margin-bottom: 0px;
+}
+
+.boxed:first-child {
+ margin-top: 0px;
+}
+
+/* Footer style */
+footer {
+ z-index: 1;
+ position: relative;
+ text-align: center;
+ margin-top: 20px;
+ font-size: 12px;
+ font-size: 0.75rem;
+ line-height: 16px;
+ line-height: 1rem;
+}
+
+/* Forms styles */
+fieldset {
+ display: block;
+ margin-bottom: 20px;
+}
+
+fieldset:last-child {
+ margin-bottom: 0px;
+}
+
+fieldset .field-validation {
+ display: block;
+ margin-top: 10px;
+}
+
+fieldset .error {
+ color: #B50024;
+}
+
+fieldset legend span {
+ display: block;
+ text-indent: 100%;
+ white-space: nowrap;
+ overflow: hidden;
+ height: 0;
+}
+
+/* Form labels */
+label {
+ vertical-align: top;
+ font-size: 14px;
+ font-size: 0.875rem;
+ line-height: 18px;
+ line-height: 1.125rem;
+ font-weight: 700;
+ display: block;
+ color: #32424a;
+ margin-bottom: 6px;
+}
+
+label:focus {
+ color: #1534E3;
+}
+
+/* Form input fields */
+input[type="text"],
+input[type="email"],
+input[type="password"],
+input[type="telephone"],
+input[type="tel"],
+input[type="url"],
+textarea,
+select {
+ background-color: #fff;
+ border: 2px solid #32424a;
+ -webkit-transition: all 0.3s ease-in-out;
+ -moz-transition: all 0.3s ease-in-out;
+ -ms-transition: all 0.3s ease-in-out;
+ -o-transition: all 0.3s ease-in-out;
+ transition: all 0.3s ease-in-out;
+ color: #32424a;
+ padding: 13px 20px;
+ display: block;
+ width: 100%;
+ -webkit-appearance: none;
+ -ms-appearance: none;
+ -moz-appearance: none;
+ -o-appearance: none;
+ appearance: none;
+ -webkit-border-radius: 4px;
+ -ms-border-radius: 4px;
+ -moz-border-radius: 4px;
+ -o-border-radius: 4px;
+ border-radius: 4px;
+}
+
+/* Form input focus */
+input[type="text"]:focus,
+input[type="email"]:focus,
+input[type="password"]:focus,
+input[type="telephone"]:focus,
+input[type="tel"]:focus,
+input[type="url"]:focus,
+textarea:focus,
+select:focus,
+input[type="text"]:active,
+input[type="email"]:active,
+input[type="password"]:active,
+input[type="telephone"]:active,
+input[type="tel"]:active,
+input[type="url"]:active,
+textarea:active,
+select:active {
+ border-color: #1534e3;
+ background-color: #fff;
+}
+
+/* Form input errors */
+input[type="text"].error,
+input[type="email"].error,
+input[type="password"].error,
+input[type="telephone"].error,
+input[type="tel"].error,
+input[type="url"].error,
+textarea.error,
+select.error {
+ border-color: #B50024;
+}
+
+/* Form input read only / disabled */
+input[type="text"]:read-only,
+input[type="email"]:read-only,
+input[type="password"]:read-only,
+input[type="telephone"]:read-only,
+input[type="tel"]:read-only,
+input[type="url"]:read-only,
+textarea:read-only,
+select:read-only,
+input[type="text"]:disabled,
+input[type="email"]:disabled,
+input[type="password"]:disabled,
+input[type="telephone"]:disabled,
+input[type="tel"]:disabled,
+input[type="url"]:disabled,
+textarea:disabled,
+select:disabled {
+ background-color: #ECEFF1;
+ pointer-events: none;
+}
+
+/* Text areas */
+textarea {
+ height: 124px;
+ resize: none;
+}
+
+
+/* Dropdowns */
+select {
+ -webkit-appearance: auto;
+ -ms-appearance: auto;
+ -moz-appearance: auto;
+ -o-appearance: auto;
+ appearance: auto;
+}
+
+select:read-only {
+ background-color: #fff;
+ pointer-events: unset;
+}
+
+select::-ms-expand {
+ display: none;
+}
+
+/* Checkboxes / Radio buttons */
+input[type="checkbox"], input[type="radio"] {
+ position : absolute;
+ opacity: 0;
+ height: 0;
+ width: 0;
+}
+
+input[type="checkbox"] + label, input[type="radio"] + label {
+ display: block;
+ font-weight: 400;
+ font-size: 16px;
+ font-size: 1rem;
+ line-height: 24px;
+ line-height: 1.5rem;
+ cursor: pointer;
+ position: relative;
+ padding-left: 30px;
+ padding-top: 3px;
+ margin-bottom: 4px;
+ margin-right: 12px;
+ display: inline-block;
+}
+
+input[type="checkbox"] + label:before, input[type="radio"] + label:before {
+ content: "";
+ position: absolute;
+ top: 2px;
+ left: 0;
+ height: 20px;
+ width: 20px;
+ background-color: #fff;
+ border: 2px solid #32424a;
+ -webkit-transition: all 0.2s ease-out;
+ -ms-transition: all 0.2s ease-out;
+ -moz-transition: all 0.2s ease-out;
+ -o-transition: all 0.2s ease-out;
+ transition: all 0.2s ease-out;
+}
+
+input[type="checkbox"] + label:after, input[type="radio"] + label:after {
+ content: "";
+ position: absolute;
+ -webkit-transform: rotate(45deg);
+ -ms-transform: rotate(45deg);
+ -moz-transform: rotate(45deg);
+ -o-transform: rotate(45deg);
+ transform: rotate(45deg);
+ display: none;
+}
+
+input[type="checkbox"]:checked + label, input[type="radio"]:checked + label,
+input[type="checkbox"]:focus + label, input[type="radio"]:focus + label {
+ color: #1534e3;
+}
+
+input[type="checkbox"]:checked + label:before, input[type="radio"]:checked + label:before,
+input[type="checkbox"]:focus + label:before, input[type="radio"]:focus + label:before {
+ border-color: #1534e3;
+}
+
+input[type="checkbox"]:checked + label:after, input[type="radio"]:checked + label:after {
+ display: block;
+}
+
+input[type="checkbox"] + label:before {
+ -webkit-border-radius: 4px;
+ -ms-border-radius: 4px;
+ -moz-border-radius: 4px;
+ -o-border-radius: 4px;
+ border-radius: 4px;
+}
+
+input[type="checkbox"] + label:after {
+ left: 8px;
+ top: 5px;
+ width: 4px;
+ height: 10px;
+ border: solid #1534e3;
+ border-width: 0 4px 4px 0;
+}
+
+input[type="radio"] + label:before {
+ -webkit-border-radius: 100%;
+ -ms-border-radius: 100%;
+ -moz-border-radius: 100%;
+ -o-border-radius: 100%;
+ border-radius: 100%;
+}
+
+input[type="radio"] + label:after {
+ background-color: #1534e3;
+ height: 12px;
+ width: 12px;
+ -webkit-border-radius: 100%;
+ -ms-border-radius: 100%;
+ -moz-border-radius: 100%;
+ -o-border-radius: 100%;
+ border-radius: 100%;
+ left: 6px;
+ top: 8px;
+}
+
+/* Buttons / Submit buttons */
+button, input[type=button],
+input[type=submit],
+a.button,
+.button {
+ display: inline-block;
+ text-align: center;
+ background-color: #1534e3;
+ border: 4px solid #1534e3;
+ font-weight: 700;
+ padding: 11px 74px;
+ cursor: pointer;
+ color: #fff;
+ -webkit-appearance: none;
+ -ms-appearance: none;
+ -moz-appearance: none;
+ -o-appearance: none;
+ appearance: none;
+ -webkit-border-radius: 4px;
+ -ms-border-radius: 4px;
+ -moz-border-radius: 4px;
+ -o-border-radius: 4px;
+ border-radius: 4px;
+ -webkit-transition: all 0.2s ease-out;
+ -ms-transition: all 0.2s ease-out;
+ -moz-transition: all 0.2s ease-out;
+ -o-transition: all 0.2s ease-out;
+ transition: all 0.2s ease-out;
+}
+
+/* Button hover & focus states */
+button:hover,
+input[type=button]:hover,
+input[type=submit]:hover,
+a.button:hover,
+.button:hover,
+button:focus,
+input[type=button]:focus,
+input[type=submit]:focus,
+a.button:focus,
+.button:focus {
+ background: #1a237e;
+ color: #fff !important;
+ text-decoration: none !important;
+ border-color: #1a237e;
+}
+
+/* Secondary button styles */
+button.button--secondary,
+input[type=button].button--secondary,
+input[type=submit].button--secondary,
+a.button.button--secondary,
+.button.button--secondary {
+ background-color: transparent;
+ border-color: #1534e3;
+ color: #1534e3;
+}
+
+/* Secondary button hover & focus states */
+button.button--secondary:hover,
+input[type=button].button--secondary:hover,
+input[type=submit].button--secondary:hover,
+a.button.button--secondary:hover,
+.button.button--secondary:hover,
+button.button--secondary:focus,
+input[type=button].button--secondary:focus,
+input[type=submit].button--secondary:focus,
+a.button.button--secondary:focus,
+.button.button--secondary:focus {
+ background: #1a237e;
+ border-color: #1a237e;
+}
+
+/* Secondary button disabled states */
+button.button--secondary:disabled,
+input[type=button].button--secondary:disabled,
+input[type=submit].button--secondary:disabled,
+a.button.button--secondary:disabled,
+.button.button--secondary:disabled {
+ background-color: transparent;
+ color: #999999;
+}
+
+/* Full width buttons */
+button.button--full,
+input[type=button].button--full,
+input[type=submit].button--full,
+a.button.button--full,
+.button.button--full {
+ width: 100%;
+ padding-left: 30px;
+ padding-right: 30px;
+}
+
+/* Button disabled states */
+button:disabled,
+input[type=button]:disabled,
+input[type=submit]:disabled,
+a.button:disabled,
+.button:disabled {
+ pointer-events: none;
+ background-color: #999999;
+ border-color: #999999;
+}
+
+/* Placeholder styles */
+::-webkit-input-placeholder {
+ color: #a9b0b4;
+}
+
+:-moz-placeholder {
+ color: #a9b0b4;
+}
+
+::-moz-placeholder {
+ color: #a9b0b4;
+}
+
+:-ms-input-placeholder {
+ color: #a9b0b4;
+}
+
+.grid {
+ margin-top: 12px;
+}
+
+/* Grid (used for 2 columns) */
+.grid:before, .grid:after {
+ content: " ";
+ display: table;
+}
+
+.grid:after {
+ clear: both;
+}
+
+.grid > .grid-item {
+ margin-bottom: 18px;
+ min-height: 1px;
+ width: 100%;
+}
+
+.grid:last-child > .item:last-child {
+ margin-bottom: 0px;
+}
+
+@media screen and (min-width: 760px) {
+
+ .grid.md-2 > .grid-item {
+ float: left;
+ width: 48.34436%;
+ margin-right: 3.31126%;
+ }
+
+ .grid.md-2 > .grid-item:nth-child(n), .grid.md-2 > .grid-item:nth-of-type(n) {
+ margin-right: 3.31126%;
+ clear: none;
+ }
+
+ .grid.md-2 > .grid-item:nth-child(2n) {
+ margin-right: 0;
+ }
+
+ .grid.md-2 > .grid-item:nth-child(2n+1) {
+ clear: both;
+ }
+
+}
diff --git a/edit-webapp/images/dummylogo-mobile.png b/edit-webapp/images/dummylogo-mobile.png
deleted file mode 100644
index 8ba3c95a12a93606734df54750d674bee02eaa96..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 8208
zcmV+rAn)IaP)<h;3K|Lk000e1NJLTq003kF0046c1^@s6ZZW5K00009a7bBm000XU
z000XU0RWnu7ytkt!bwCyRCodHoe7u}#r43ex_g#g5ZDD4Q8c0vPy{s|@jmc?ctqoY
zCPsr-^vhp~;zf{S7!J`y#XBZyG@7Vr{4|M41W}0b)~E@W2(pSGD6j{x?9tc%S2f#n
z?9R;2?C!uww!UwstE*nUs(P=^_g+;?-}gnQD;x?Kg;SKyk|+vvGNi!TK_^2Bj3HKm
zl_#k<PNe7egeOlB!rw;-*^lY2LQ1*Jvcz*@Qq_NwfOn7=S&)<ZEj#b*)Hgif3;*m?
zbe2*$LdrX>-sO|UnB@(rV7{qgh1f%+)6g&*W*ip~6$X5Xze4zODB(TnDVFg4o1Bg7
z@rZE&+>Y=pxE^9p?s+wYy;l)e3Rxvg{{kyq^HLMBr4uf@PWaw!EY?jagzKB)$WXZE
z-KO|&{G+fK5*cne-iK8TqdO_e8m4ik8Ls+Eb1FMiN`K{h{tYUeIc2^Tsb-!L0%lDi
z?Lg%Z^(ekV+_0`z`IUpwPXKMu+r9w)7b?t|T>1+bJIs(`vpICcRqmp>7t;gJ@qPJ1
zXlnIu70kAFg*9ZEi@xo<QD#7h#i^K~2xJv?x!tL+AFFx^uLr2GsPjhhJY4&0>&Ebm
zF$6|j0J98+yTycShR_91VCXxUu#L{5xs}9^S7~ALE9$vDTtO{+UE5(b)#Rl3An>+$
z-u%^9zLaZJI7I9vX6{nn0w%YBQV?k-!Hlgi$j&W!$3YiV4}rLYgQ`hsd>;5yJ*Dth
z(L=ta;+(pMK~!XYD!6RIbWf9FNyxI!6O%SBAq_#>#}!l$feO_zGWcHim_LQb7gEnN
zD#{AUc)Ap@*#sHFxEW@s;cUAxLzT0j7$SwSG)6pM?h*5+@JL_ic(u|J-Y&~ifaDZp
z8lGatc6SBE5X&ryGen3J#mwD$r=pM(E<KUeP??IOIj<DqMU72x@z!0`9bPrLUzT@g
zUTCeZl>zwne707|ZCkeRnhmUmURRky@a}fqmRs<~39BL^ebrE<!nI=(ej)G!x+Ug!
zYIh6#&K7t7z+dRkf|}G7v8+(h<&NF>5iPnHwp`&%?zx*Z<)fY}DhyK&^E~fHxHTk7
zSox`Cbej_O>)x^|@Y{}eeP~A6B&WgH)fe8cgYZIs7FG{Y)S9?{8QX>NbPGNF@OP@`
z`p@$EzUO+62Fzd=U&rq<5ni)3AhI;X(?L4mF0vcE&wSy$N!Z@NZVuoI`B``jfm)%d
zRd=!87>;*YD&j%hc~+4aW=*a7XJWh+uAayK<Yx?H@l}_UE5J3<mttcgY@zxKOLUTo
zN;CTOcN(32*mv~v4XeT`Dp@ARuWpUFQcN!&guuiRgGYQOMm^)ELS2Yqh0l;eq*@-!
zRFFef9_w51s5==_U@YonNGC%Ii~<E#oX#H7$&do0K!FvfvxgKILpny5g~raUuls?n
zn<2kSr+Q7Qd!%dtyS3w0m?`83B3$|3r1)+566xQ^@oKMBSt12kVn(W--<H`Y=G7q#
zvFo-D0I4<#ke>e*{uYJ_iJ2<D>-mRzzW=E5Bd?l7LGsU#NS}Qi&$&?Li3P>qt?<S-
zwcl(gN0&cc`4O?qMo}MSNIH0(C_jH4!jSwFt>dw}o;w&d@dS<8^OX1{%8)c!<qDq$
zO-{l8Qw&K<nZYM~5?b-EzB<0Kal2YVZWD$$lgo}n;dF(N{(*?XEBO79(b`EzASY6G
zEJMi87(g)b(Qxk>()g1Zsr*MQ&5Yi=+l|gN^==r(3#K6|9M``PJ<13Kk#&U5wG88S
z5#G2-!Pw!lYozdoE5C9G@y<Z=*xxdWZYLkZcI{t9WBj*5Lfn@gUOZ{L;(7&Z7_!ow
zQZ*);F8YuDW-|JIZLAUMV%;PrY|z#*i7=V`d1r_{x%3Jt{rj0HF#pu^#Sk8+p&6W?
zs$fpI=On_X@M~HD0*x`7@4J`SlgqA)islJ%P~rMww2H)Nu7~4_la!WGzpFpt9p-rc
zaaJTUT!h0OOj67`L`U%l?D6~^FAVol46!_HATQ8yQYu@o`_jW(j|$g41`NA<o-fSl
zrFV&m)t~CLkv&nWNz94-5}u#Kj4yR~4uAPw_F^<mZ@3FWXvVXGSwPtyBWxpMd91Yt
z<+UTFhd`tV@K_kiY7|cQ@ViUHQ$vV6i&lMd03STTbru9(jp<N?R{H?V_Ea3<$2#ua
zM=8HF{5v50Bg(HFWqE<XYlT&^E*g^jp9voPPY2MpEl&^pj#qgc<$xLBkHYBI6vSuq
z%qv4MnjRArkitA}O|2dtnp$&-Wm<bt<S&{RP`Y9QHGuFq!~c;rrRExbV`;P(1+c_l
z68M9sVpzy5Io^s?O);lbU&W9SC%ozD;lm8qJZ%X1*B}jwtk*)3s=L$aRx-g`hI}%>
z!_XIF2w@|GaLbZU1^!%~d1VM~G-h02m?mo2Cdar=3%WOW4W2AHhblj<w@!L;cQ;&m
znflQ)c7y18vc>!-kpN9e<$EH$?&|;#`7R9nzAJkK{tkPFt3CqPQjJgg#|o@kl%Jmc
zy=a(N($@1Ud7VROse4jPT}D&*uWL`!A7;<XnYiOYkq9=={s0xCdKHyRY3xi~cL8iX
zAq<q_^Tc;TFbhh+ogCRAZ#0l6$zdAhEOP6dlg&u4_d&d`LQbP;Q}0k|^U4tLLzuux
zWtJ1ubz?;`Ac)aVCSEal)@BG<MrGGBzTc4)pY*aIi6L~U{8B$D@92wFB%iVyeZ9(K
za;Mk&y#p{67x;61=9eM9_=Ex-qzYww?r|(97X<}m-aWYm6{Wun(qg?XOD&`Sy$J?z
zLd+=JL!Fyqa&bg>z9S;N0#w`Q$;wKGd%i;tIgEMaR7L}BxW{7T-Po$D4JAu%X>CA|
zDG6iH3$b`#UT;TwA1)$2dqw93(PFhkub8Xg)sSVoUpypkDc?mzdiP*uH9?v5*sfQ>
z?)l~z&UScM=?)Ojo~M?$S-Dj3m@DbYorbkDrT)G`#MzQI_YRdluM9CG)z2`#zojyw
zsCx?6d5cZeMr2qIGw^>E4Uhj@z5Cq4TVP}R6Q{m$4YH^8EMKQ9C|chZv&fnePm!C?
z426_syLP@Oe(o%qQ!l3V-Y*Di{%j3CWQLxh%epEZOfjje7b>=9H^-C9dtMo$%4u~q
zPobcHO)M0IeT}AYNn)7xbAU5cTzn$_$EYZyf!a`uA{D2G0<0Pj%5~?f@dkerzg`Za
zM-<^y5V$Sjv9?R+T7wUNy$*b@#*+JTfw+17+Sq#=JXDx!ZwsgFs~l%POPEU#XRK~D
zOAM`@y4s;adc}x07K-rtFI!EMEr8llTbnrK;~By^aE+dmGNsJ`&u}^p8s4gsa|CZR
zs)xrjp=vE|+cBiIl6({6ncr;JrHA+j(}Oo*XS_?IX=_`ml;2fWTT1i|NyCBBmtn+k
ziW^-RNan=^JL9%iBj0mKTgz4W>7?IPP2^1lU2I9w=EX*0WjlLFA~kaGV`qH5A^cuQ
zAeh?@T-543lqK%YIV4L$Z7Z<OA!}PvI?H@I8ImQTwiQ?>L$(#Av&^SWle!!3`D6CZ
zU0dcM>yhQGv`ooHE~?9J3A61(+;ExFDC%>GR`E^`rc+AAO12$s#@fUXHurZ>K?G{e
zU3Ay)c(U3LmrX?@H>)|s_IO8j_Cxjz=jpr~>!0JfF;h9Vi_KV5f$}nBAxhxx5bsWU
z(vLD#yfdyP1=`J!P{`arWES-gbqR5NS)78T?!_P*j4~z#{_Xh;ndVPJC0+ZfpBQq&
z^6goc*79!Ckd=hgD_M)kV1o(+*%~pubeYrWpQa?WNL2@l-yRYYSG;d$dp8xjlAkgh
zp2=LaKjuSSK%?~I^R51S|5D*m`PkvoE0K2}tNhq&J&nCqT$&syAB2rnSjEve7GhX&
ztL-_XMV*V{ixa*}=HJL8CaBESW=ur-cXhn2%GBp*hVH$n<HywW9jip%DaKXSs63R*
zw!Ts5_<#Eu62}$wb?d%P*qiH+ZFi->mZ<)`m<Su{WWJj!GPKC?RzJybcTN-$Y|&Ga
zuf*{uI%}4nZbkZ?sf-!u)|H-!+EHPzrHmM23~^lhY>0J%!r?13pQz{P*c>9X+Ep_o
zSDP^!+n%=T&jIB?jh8>lxCehD?OJ(OXhxq?V(Nj`>Kh<v_H6f%)eN6-t2e8Q!t@G^
z7W$RAY5nGAFe&e*vb{A|1<aspVPhpHVtsNWtxv0csrccxSAUDbWg2CFRnpZcUO8Oc
zJCL5#<fMP9@{zY2>QWT5p9-R5&m3*WR657@@8+SILC<)TGW>$yKchJPVNRp{Ow^zB
zpR&G55D72s?jep_`;Z?l)h0T$m+vr?3<~h0XMQE{2TvM3rw^LlO-1j(PGO?%5CB?6
z=tT4%N*}N8HhIu-8`sfax&d<ut#pP6S67gyS}k3o!kx<X$54@ZB2rdL*byojEO}XQ
z(OJ~r@;`;m*k}zE6{*t*{N0mMO)EQqMxoWTFykF7Qgc*O{B7t&(5?I5CH_dkkQpmG
z04eL6ggE)7-8}??{D3Zde)Jb-1}%G4sH7x1WF+T_vas3RRL0tYR4A}oSe{rR5&n7$
zdc)Tg3My>4cGMgci^f01(0WmOD3+`0x<1{=r0G8qi%;pv&1TGXyrFS4a#dh6)?^>>
zMG)t>4i+fMu0?&5qm$m+-9x~J!C2IAnn}2p$@nu!_eRJldsvLGs87nR>81JIR8)5F
z7@Sh?ws7)a;5<bILvTH0SYqq~N6cD7gXj-4m4Vs~>^GvrmD0V7ZgB&P7Wlv;<eutZ
zxmIn)fFa*+Yhdm7N0D+=@SgNEM9-vmUYggpd3@q~yBQKPcRDs$WhEkR#b22i4-@q&
zO@(1(7OQvw12OiB`GttWDm$+5tS6zVS~cy5S<tr_O1=jyLH_euD2o~coaCC>W(+_&
zXEiF{AjxCc5ywoLf<XQBFav7olIq(sIv&z)hQv{|-Dj0_{n)N+n){{CINZN$5<#Un
zsi`qD{lssb<G8^eP@yV@a3agQ8D{iTeyk$@pq?3Bjy7YM0dY%F6eEmZi5>ABG5ojn
z>M81@7pgG>#u`^FJ_k=hFht3gB$KpSWl`xO*Q>qLjP#!<M17;<xmPh>4A6CA#bpgW
z>CIUE)VaiP=_2BXlJ;^H&gyEdHDpAK#Y8MklSkQ%v2p#OevR6U{W~O_Ph3x)McB#B
z;jQBC?>lu{s_1<f#K{|&$ltb%@65N|4>`l4=c|2TRHIeo?oHY)&C_T5-tI{~+l*R+
zvkYG?A@x$0x!_9M-LjquvKm6`r7o3qAog|5Z}uTf_XZlTsq-+ftIgu}pImLmbfb~}
z7?lTQ>cMZW<9-0){r3slSLZFo17gC)FSNgne+9!35w2Nb8R9!IB{l{_WazD&tUzUY
z3^!809DR@fTSexR05uIJ3>c=N85D;|>&wk%3^Zn>=8xQJH%hG_6;?9U`ycXeP<tkh
zPF$BZw=5$HQ-vGp+s_e=Lzyp%O^c%i6RH#eVnolfZrOw7YBR=_=)zn$&~@E`bjwwu
zSD&RF^_7OgWJva;+~FV#XUN*&NZYmwbuy%Fbjw?+PKM--v~5G&$&j|uEpMsv#}E$Y
z2&A}qD|x;VtHV4w9O&t&;^c=R=qE6Acv|dI+%ZelNa;an3G=RcbtAn_<;2zyMO<g`
zoZFp+b0(xBG}^$`Vp^|Zsp8rjmKTON8`fWkc>I|_<=WmtZmaaZ=UvXH77lMMKQ^C7
z3UAkCt--Y=-fBytjA>Li_r*BG-@7WfrjLB#lSiOnT53(LnXXi)?DLv*CB}nXmvN7R
zMLx7Z8pgw1DSiX-UAfL-JR*+gR9vESrj$h>-ud9HXP5j8dUGva5o&|i;QS8QL)qgm
z;P8G#pBKNqUpISm{oTNhq--mE(;wITLt=Kg=NNX|!@1V{AQ3LxsAL3`rJUaIJR<1B
z5!cTT^(ntZZ2*z4-D8DTUr#=tawp1IENm`g_udUj_5GCP_QbO0>hJg-vSj|Z8K<fP
zX)Ti1{#0}-S5<7_+flPIT04`<jz=~%7K@ehIU)74sNtO|x_<<OzBpw1=fVtitHZ-B
z=Amh2XeIqqLZ)?gs3-(e#QzDjc`7w3)Y;qs@v+s#Jb*lw+qVCR3b!{m{03t6wnEkj
z6j#5Iu6#)yK2>pn3mII9<BNCU!-Hlw>s1xb9V(;I@%%~n=DFl~h+DZassr&QSAZB@
z1@~zIbtx7%Bc*Trggmd&8p8l-8=f7`5Z80|rBW5m%JQDNCPQ#$4{7ODx+O(w=7>p^
z3$aAF8wqdJh)pH(jj)ny(KDWf2(LS0^|48~Jii7(<ONtpE)j0ydWf*b^~AwVggC;I
zy~Zg4pVhPb6o~m}acgOr^t~TqO*vLf+^|$#nL(P5Tw!WuRt$HzrjqblzQpi#U<W{h
zcvi`;tf`f6VBPW(jRgk8og<uG>Ggeu<CX*SFUv4dAA9TK5V`w0e8_^}gMtrs#fl@v
zzXLzS-<#fXDAyR>q{0v;hIo7	L-jZ1QHv_zWT(g{@D_sziiBb#9|Q*$?+TTlYjE
zifI5GVYdgM=&BImCN1UIFY2h=G=|56i8mbAdsj?uQsyzd(E9%t<eBbC?_M3m`DjCF
zAYFrZ_2lyZSNVkB<6H~%8an><$f163nb%EEgvr(4;XQ;F?^3W7W~NO=lcI)Jbv1KI
zU;Q)6c0tN}TD;(OvAanSaSvncPHJ&(qjNKQj55ox28JRvgURc^Dy=1qk0E^D*isdH
zFjh?$GW;o9DaYzjvS%#M60w_Qbp3Ta&on-d`zA6u6jPS$7PiXE%h8)(O+&oM_3k<|
zQ<B!=I-ViY{|^U^_fD5F!^o?&?DK^>*~-s$s~&Yw5C!m#E2G2L^zy-k9U3x>w}LqJ
zq-F0zp<mX<+}KIc$BxoRo5Pi>$hU%zL!PVP+_fu4vpD#^7&5X#^;mavy|&d7Tzuwi
z^%o0ctHPh`e5H8wN|FQ9zq$3^DD*b>i^>aaeYu)1(2c~5HPR={5Yyod;Ry3P^niXX
zCgY|;G@Zrk&D~NJ{61&+>TOB$wuCYs!=7Uy6ZAV&?$+kFl`_QL$FMk^i_YG{PU;C(
zK#$X7CMXjiTB$N6dYEBqh3APeAydv&$|@EWm(ts2vf^9fG`dR|C+}zV^<hGu+DqD(
zr7x#pNpeo}xK!_EvGFXpj<wxcD^+=@%dTek;-^!=W*e3l@w@uWDXXNv=!rRXNhGVB
zs4)W*cmP7B8Z2X{{@htpB)XY3iJwjlVDxj=?j>SVZ8^+ZrQaj{`o^wj($ayi`m{LL
zu8ip_H_|IgzRYNpp}ui7<oLR5w2sldl{DhZLCkIIGueS9l|REvUKpY*K$t{-&zgLA
zhP+!u#Te3LE8GI$e;}a4hb&Dq)pAWSQz&bU+?-mWY|Smnjs=~c9<pQ6Xq(n1KRu))
zs?gEW){e%PTOFl7mXSr8b~A*H(M)7eQCU(J8D<NTN!pqgM+T`dpXa`g>zIC(Hf;w)
zIFoxH!Gb2b$;If}jg+0C&=P*Qy=KJ+*<{gfhGdh;{|by%-s=NoY$vJux?bbK(aWH7
ztG$&CxD)AhwD8<>k@dLj#MQ=aIaj4#D#BHtC8dv)@5<?=JJ|dof0B!dyA4|^ZAIvY
zd!6R_E^$ajg?!#D-D#XayupfWf5-Fg1$Hm?7q5g2>*v7<-gMGdb<>>F(D)E}9D^vP
z0{PRmR=8?GQdx+k_uj%r@*MUD?BWr_2;b2#>7>613vJh##NOs@%6JZCKR&>TQ1l|w
zA3)d*>Xtio3lKQRDj60Mfzy58JI0d66E-HTp-7*pT*Ea(?Xlb`Wz>zE=aB0-;j$_0
zhb{)^hLCAo%(8t^fIoO<)kE0mDaq&<q@mSZ@OU&Licf4$s1;F?b3FTMn6cLCQhX4^
ze4Gm02LRWyl<h%*XB*PIQAu3+6zZW)_2!@J>-#+S6`1^I7<>$%n2tJ+2S_1iN@*+1
zn9YW4p;aOV7$)WL{O34F(l1D-o)GY2Dt|WD(_V{A>M!^&4dT;Ff1R!n@eG)87Q{~6
zta7uKw(ZqY1jO%$QO^UAEbHEY_~10~uSUwy9l{?ZM8B2P<sS0;h#T<qa1PCeC<cW>
z#`mGfCywjR2+EWA%!(mR3D$8)WjaP{pR*gi9trA*=GV0%sr{Q}beYTs>1&iC*xZVJ
zxYKqg&KzDytDC3K0wQts4LJq{)~Bv;sUYXtr&ismdRxfob~9;C6|`WLCp+hs($?vH
z)p3NQ*xk<*zo@P<!_|M{eGx-Mf;<eFt3IM2?=r)ce+TAau+3LETbKU&#hhgym2}TM
z$wEU${u_dJS2`DP9ZAo88sZ<NP;x8jF(D)Lvhr)k*Q*WbeMJSf#&4LDo9M{bC<!->
z^#SU(ZvdY7%z+{56Q+trxEt2h^6v?8&p!G+_UBuU*Z2aH{08n_SI57!qwoW0(MyB(
zP`LViMM&R6=H-iFNPfT8KX=O#U<^^)*jvH2khY?<;xyHs6yoDxSW|Gc&Xt7qRsO)y
ztA`^8dn0%!|F@Oj-l~r_Xz6c|FTsb=8?`_bVdiHkFBXW}3(t2Q=LmZAk+k$X$#{RE
zqy&P?n!_7n66;u=2_8lZBm^9xz@a{<W#}$Rh>m%)W(Y*>9!o_bAOIC`*2TiqvQm0a
zLd3@{V{Ex)l#LAH7y_0;v|WOCK`VDA_hN_=HT0ahF)6H)0GmbMVr-2XET@pRT9&mK
zc@wvlMq*{B<qk$fpCp82SXhakWcMIX2%>tHXpi)lI?RJ{M^pEK$ihB?5sMwK;s0n7
zdY%mOO8Jyrq@IO~RjM^u#?1YK8$2n*MZhmbkrY3Ovg8f*wSwNJ@Lp6c!S$*XjCS1h
z{vu2{QQy4_;~cx;ZfSZu`-VB6N)1<{76s@=dR}0=jSKKn=QNJbKM?tu>&=P^0FmAT
zInWaQ-%Lv3ix)lLyHKAsVG*G7R{*(4f0Ga@W){sO=*Q4PO~&ez0k1KCT+Pu272eEo
zs!WQMy`ULj(reZXQADsE=NYxmrlp{NHh-FgNq?MPK4yFJL!`AIQkVnjmhahHY`)>K
z{u5g9i%z5WvAuBaa?&-LLq<Fw3U5@y$h}OG%atV7^W;qMUY3M6#S0eb(<#qmDjz;v
z{67AvNtZ5@#_D4I9-1BOxLa1R2>5^=GGC+0LHgSwYwE#bi6h_gbsguUm=ZL?F2yYv
zVjA2>FZ_Ke<L_GF$q<m0=tOOB=&IK;6tSw9H9(z$1t(=m;nd~FwpXjicr}czc(XJ%
zCM!L5vFRoru-6#)C>Q#P{=(}|uUnLG)GP)5AV^L8wT(!Ot(E#<Xb_(GR95QZzk@`N
zt`&NTofwy`^fxh0u6}iC!lu<lX{FXF@a4vkNc9ORaC8QBAO*4-vP{!j#u&^H(CP9`
zfvkE+z6;TbKTd(HdPp3+)0dV4YEH^s|I-59j>V7!X>U3ybh_{sl*u)qa;xdodM~82
zCCC=tj>V8{Yn>0c=&jas9Pf*9?Lp77umfENX>VdK>N|yerfxjD^h4Mf&PT9#1+uJa
z>}dai<n}3+*jE9Md{5rQr(DlNN^k~m?{c^Lh1x_l%X|{^OzF=cHAXsp3L8r#w*FQM
z@{lLI6R`vPiINaF-mIyJO)jNOY;VM`ku=Nzzi*Y4JmS=CU5ahkEm<2$G%Hw#_K>vF
z-e#FX@O!Du?N&&BmnbTz8K9tsVX1fpwzSv6gbz_F%)?@^4l~fxsrg{n+j_nN$~GSb
zo5`h>8e`RhbowcF;4^6yQxH^MPy5if4B76Th)TprHlBy^`HT~=1^Y4kw9z`B@oO<{
zm8QL9&cT`T%@o(63`r;LO)3DJB^p*=cKd@x-@R934|^%U#3l7KYwE_gq-kJtC0t8(
z!Pd9xBX;_8Va_0pD~(h+DWBF}GDwZxO|`?xOPeuaE;<hp|2^~s8AT~CXA2O$AYkHp
z^@*nYQAGVHA-fgWhYd}5&&k`d458PilJ+K*h->-~kMJ2*Io4UTq7sGB-NJN30Sv;!
z)yj_%VIwqH72ky;8}daHTo(BR2-7?>NsYOs?qsO1L_FG=!qAdp^+Nan(=gtN#?ZY@
zQ%Rc3gLj^vV}RNt;XNmB$1x;>v^S|l7_yngUEd5vst0m;%uz6=#I_T@EWj-<N$|~I
zvdyP?x@PYgrN-DNBeT*1Pn8UfW?WJ&{l$)OcMH&=3mI$}!DpRxXgNcj5-qjKbsR%7
zNPCk@R@K9<+w!4avvYY2U*DWft5X`u>|ECQw1O^!)R-aZ4Z6YzWe2Q{w|)QWI5znr
zL)1muHkl5?&iZuzW6CLd3q8nF>gzVSj$=qBX>VfDfTKnI&DrXGi6ZM&Cd>#bsb407
zWb|j7Pevrs$aGR;Gg9?Dgnr0wbQjo*=B`9)&36_329=8W?g<`9k*ii9p<YUOo!Mij
zIT|CIL(abRRw91=-iE)97oB91_9hmP>%4_&mZ(ECiNRU>v(2Y9gsG&)S_|lwiXp>4
z6-)NRGGf*Vn0H)>Y3wMCP7Rw&UL8mW*_3EQjFI*z#@mq$$CtO3ZMyi5XGpr7zDeOQ
z+itMmrYBE>=o>h9IE8s(Mh4??T|0XGJgdkW9lI*F4R!8hNE)K4Pl=-{J`;^#H})bg
zvHYEz1~eMXaR`=y-)$8xBNEupexMbQ&ggAPf&T~gFM2&ku^z<$0000<MNUMnLSTaZ
C`x=k{
diff --git a/edit-webapp/images/dummylogo.png b/edit-webapp/images/dummylogo.png
deleted file mode 100644
index e89ede6e2089b0e21db8f5374d6ab9f5caa2fbc3..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001
literal 13742
zcmd6ORaYEM7cLMSg1bv_cY+2dNN^c6gy8PZ;BLVkg1ZD5+}(X}55a;n$N<C1`>k_v
ze!{uv?%J#Nu8Zzo)w>^wR{x^#9-Ryw4i4`9XGK{}I5>FOe`9l0<bUS_exH|r7c^%@
zfEyef2L68sJY04z2^^fj*Uz$2+TQTzd1yfd!^@A=9e$nw__f0u6#^t|*?224iFib8
zyhK@5ejXmiKZ3GLBu=ErxbckJJoAroucP#~5(3-ah=~<E+ac&h`@tdX4U@DD8w#($
zWxlONalTH`Cea3zEpEe=YCWBLlU|W$@yb-Z@f3BMpP!_I!w{rN&~Wk4KM*J~C#lmY
z2g}kh=KdS}H%Ebl7o6E3{a+Fqk}H8C;<o{GG^GD>$24egqtMv?Z;`@(MK%9l74@Bd
zPHkX%zdo2WV$HDZDIM()uAZLcnxOp+q&Z@5H?eS3;dD7~?YB2K9hUq~nk=U!c6jYJ
zBW%xAEDJLfOlUe4N|vC=l~sWKfM;rXMWW!HgWS?0+q)v`yH`ZBNxwO@%Z0vJW7o>*
zIF0uM_T8nEyPJiFuc&}N`+in$&B&%S<M^TG7ZaZ~_o<H1l$8<((TN<}?cVm@87TtK
zVngYH&x-V~dY_5dSg}&9S*1^U!Y5L*1`!ZG!~w(Z;I1#R0UREZbQRSEwMQ~nl~Qf&
zt@k%l_pAb3VQHtusW^sVdnWsh;t%c-zwkp&J1i&X%W%9<_VRZ{^8Gqpw*uDdm8+9d
zPBYLdEtO?VEX#5(?Wudp%LSckj0D6@mAx2Yc{h7E{t0+ChdxXwa}mvIB|s<4f$rgR
z&){QAvM<{C9c0SL<nFTkU++D{j&yh`Vg7bXw+xj1Oebd%2p7Mhk_(Ze$fYb=32LP|
zrsxBQZOeTcUp_7eX-L19ZUd4^xkf5sXIsCo5!KJ_xw^I8{o?G-h1B7NeH{{!mv;6_
z+Q}(5psv&ywNoDcTZ$RX9p1G%z65OH=0NkpMiMJUW~Gfll%$=CL0PxmJx%}*CO)^Z
zt-SPzPJEfDkw9X#+^o`}<pcjRE-hcGfon=!inXv&X~FafRpfddOUx6r$4}4SVX`5c
zI$FsfRzug@qzUZ3P8c7fP_K{dR5Ec;e3~sxFKaMCeGy+t0}7}>^wlM2Q{MlzqE_*y
zXc`KB@`hmChV-w*+-95}T5|ab>VF^8Q9w#7GoF0+20ix7`Q+ZEHxseji72Z;(xI8H
zkeyZffa22Q_vHYA)u%GW##^J~lvaej^`ut5jm?1bTLIl>Yt*43d9ZTCdxGk7jj^k6
zx-ETvzjN0gn0N!;4k%_|c7h}SdqDY>4aGj>oPt(pipt3USCy7`V6O}C+UE=`?VVns
zJWXiDUw2H9Z&bFF`X}T1)b!G)#Cu$Y>)B7;%v)6wh_@)XK4t^pi-q^K7DWF8S#m7#
z`hZh9#&2(iVSb?PI}Qx#l5?~i`%|Ybil(Nx2xrCpkr|;zS{9n3v-F%F!)+l*#VLz{
z^4&C>VSz6<<_5VhYdS*Y+p_hfHg)W6_7T!NVaMTo6GF)rBTg2^mpHK2XO~zVW=wiG
z-HwybSUPoyf3yakOUL3q8kbnL*s3!bOD1If=8zI3xu0K3wO~Tr>qDBAd6Y4;FSUIj
zKH|u(UOfK{>HJ(th59v|m$PLGYG=Ic&yq7DY2`T)2hJKRsFu#;^!=;yda<CT7h<V*
z7!x>PLNDt(XD>sN;rz$P>Ekg3P23PuPrAUk(!6%&AS$g+X{DDXJlkw}JWjZ}oh5=z
zt2gaD28iUcfYWOD4yx**SJR#vd^9?jc#f8zM)9EpMVu?uhmq-Z7V&E4H&i)X(~r+?
zJ%aZ(@yG-vz6CDN(IVZr5Fgbv82^G#Y4D{n%LJ+p5XL;P)x~$3<Jz;8CIQcvevvtM
ze|_Klpl)0iDEuf~5SmE->nH20MZ>qtE3*bl>aX9iJv#f;C>@Kj%wM^~n#<TXQsH0W
zK#_F}j(!X7lFqE;KD;u5&EiL7EWh{cX_rx0@|DSjhk|>s%LQ?mhM`xd8ZGzxBY<5D
zCtk(D$FwX*R*@Rk5=s5~U%b=A(HN2b{Wcyj@>GSFjUi$u1)e#P?drvf(Z;)W;F(m6
zo?c)1+pjoy$?+qn(F{_p1Ml1Nq&Jk^HCdSfV0J5!8~FhPOT1kyqbyk&-<^Fq**Sy9
zEY-eT4rVBgOi0Yhn%Tth<J~f^EhjvPVJyQ~nu~-q%q+rSUl1#>ZzPKoj=)tBuGknz
zL{O4t$(qjC9h|V@9(&}2U*QG|$K35a?l_6S$BCF#|0D4N4L?p@{lany%v<IabPhYg
zO-ymjjN|rCc=6LxFeN$t{=zubihqrtr*o?MgA}CtfxMDsy%>ZVNO6VjrCZaJ_u6He
z%*2N2M#}F<yTz3EIrIU;g}LS3^|R(o1NRrdUlte22KrRokg&lXc;*eTt8+<Cw#|-V
z<IBXWe2ofa+ZhS|p1(F63cMh1_>&^85g}cLn!WSS0NQ$+9*i@Zp%LE(y!>*c<NMMW
zaA?DMN4@&aLGb{0kX#v7h{;Z)UbNo%R8n_{_w`wO7sgF^A^Z72xkA{9%WP}0bGn(>
zF_UOMY5XYljPKyzDOB7DHTBk=h1MSKC7UHXnya0Ltu!^dIe&QKKP-1DlpWpYGe9&7
zE9q*I8cuwp1M$P{(ULN2Nsy*55s~rdHbcasrVa)QRS%0b;g?S(8QmLZ!+<h`XI+9B
zLK93q{#vp?ku!af>towp)&ZCPT}oVEAx(J`9QmNH6rX)X@N|BAEJ76QNSwo(0!X6J
zS{sV{ve6t`A@Kd(P1gQPYWbHTM_1NHOKRCaOT4uB9gUx|PPT|RVkJJZlYs-DYnkqM
zhiy?0O8qTsx7M^>M;j=_Q1_Exs-Kg9Z}qhjmT1O_&H<^M8zK>E=#h^hhZXD6z8CKO
zVRS)h5yW*-?i2yuieNMvXTJBQMgHk+{qzvtmw1|`A7^cLFx2h`CzOO>jeyQ+cVyPi
z<@P+m5gVecO+=smTk?S052(Z)lnYJVGU0oUxKZpL=JX7dZ&K|L&alJNK?B05rOEng
zB3|bW(Kc+-vP@IQfQ?W$d#7JJ{U2$zDK1*0(Ntu!kVwi0w$Cp=({73}z;HN1p?OXY
z`a*NO@q0$LlAo1GYtNWh>{#;whd4AUrxh|OW)n{3Dm))_?CjAJdS$QqWL9Ic%HCWX
zDJ1wU@-368fGnzZrj)au!`R<^lo2O}&A@;M_10xtbO!m@N(lV`H`R&HL9tmF9G6)d
zbvH1xPBMkq%buW#|4?+^d1}_)H1Z_&@amH9?z%U`eN^ixh)tyPWh&{<3WxdCr`N?m
zDF3D!vZqX|#dHZxuK+Y@bpNEroA<pa%E@|ZT)o_2-zbzVTle=7BWewG4$d6*16i4m
zu!BUD{FY)4nBXv0c9oC%l|}f*;~S`eH{N(vsp3EyferfrjM{c(ba`jpHnxK$9{ZIo
zu7NeI9=(l!2?T|CT=lh4Bg3$aD<x$4!xP_hlt~PfsaSRzY_$%MP{efD`b~SP=*=Hh
zd=MWV@@Iy-`&gi+e-G_&Vr*qGIf<RS|6C@6<Rnykre3Eir7|H`1*^dMRG1siC<f%+
zix=V^-HP_8OVX7hXCRAk;Drj=ovI?$j8Yp$2S?m33%Ajz>TM?`AbT`yg<fJ|@TnQE
z=f?S1CeQu#T`K;J>|b3EW=JPv;-ct>tJ`D|-ClSvq`jGTTZ92Fks$78?asma#^^Ar
zu_^88TZgn@IJ(%(zU|F|pm8mw*}K#jN_5^+stFV5Bs`~lP9#9HiK)s2egDn`)aHCV
zyuUeI5aqOU5(5Z@VS%HiI*5YqX6>XhyG*fP=7yUv`2;tx7L?jS^nuD^s$&w(5SK|Y
z$g$#^#7ufn-3Il$Ogg=oCi+^U2($cg%;ow5V4M3250^+2)hl{eyAS8(y>Cu1JY<;8
zNVfU&tY#nK$gl`#pvxF81BpJSiiMbzQWMTFs@h29uwTkwNXNlUalX##axCYE75{~?
zt1|)Wp#5RnUps3{+XE@|r=}GeQvKI~;e744C5I^$-H0E_cJ#Sd;d@ai>vf<Z8}^-V
ziFKCtWfP2n!o|^2b%&q!er0(cW=zA%&A-hypi@-nykvdP{CH$WG@<OP_`B8WC-+j)
zlKD5kR)mU&0`GQ6u#yQ0o-?=xhKJii78%%gt9`*QLH^^p`aluGCsd4O#l;IFD3#U;
z?d7A8q*hN`Pq5|#)?%9fuU`&fV^dfkt~SMS&5nyp9e^Pz=7s<>A1Fxr`_2#f!0$29
z*x@JZ#o-;P!1xiDJ})DF3P`KmEVGK$E9QqY*dG6h!?4`IuG!K$@0HhY*K9pFww()R
zHNAy2SrTnG%gky_E^w50_iwFhXThPV1H$^2QtjkFGaB=VCaG+h^F~DRx38>iRkB3)
zWDbq4Y?ivQ7<;SU{+&r{0VFKxL#BrVxo3>_SX9skgU!{rpo#neRu8zQV;GdP>TEnT
z3LC}SCcCx%+@QZTmidN`Z_(YY(}D#cJodPYnz8DMEzKo(CF{bgKaCjpM#I^v<6eMu
zRv(h7G2P$kAZUC}FWe%3#o?tF8@h+lUArfls=+K4T9RBx@J;z9Qf;C+AM>3Lwob~_
z<I=Ie_DpMs#drRMes`_W&aTfTT#52_KqI234oq|@*FC}GHDq_W`D-QZ)Rx=6{42{*
zw@HqJJ&=t14AH!{VA@L6r!ZQw;zOOuSyW-V9tWBNw&;y5v;5S0=PPp4G8=ts9=dFl
zU~U>R$4M^nVqhizdPj-2e`553cAA~+n?gWf&6(`8U3;uAjnlIvpnw{0No&@<{V~7^
z=ORRu82-j4vtT8kmw3U8T9ILg2L-$hn2Cg+;8wc9xub&b`Pa#q;vl1oQRH&O$=kr9
z!%N%JCRFELeCOQ6ohaPfQAWnOG6ak<WftqZ6n2oKuLzp09hDQ|nm}HaKwOiR*cGjn
zcrr(QM12BU<(mp*yV!g=W)a+Z4g?+sTg#274L<k6_1rUxXV=m5HP4N{N_G`~5hYJY
zUSiZ0PoBr<D-Tl2<iTQX^2MfvNgM1Cks;9gHgi2aGT3w=w}$X-^Z>UEK*iv(ufa=d
za@kCloT|>qA1tq#m?)34Iby78N^?4KGeBL2M8}sXgP^&)ZAz%hrfHJD@o<J`tWKhl
z9hpi5lB#8qu1Yo}4ctRsSxSQT%Sav}3H<Qi@?i542nen)6Z_eNY<v-}FoGhMTsoP2
z2%mtp1r90w>{;5+MpEmJ6|2dBMB-Nz&W0PX^YDZ<sVhC}tt{cN(DcFG;>Q*pPJm^e
z_8XP^mWZjb6E7_EX75{pgWnNuwdfG=7rpLcq*UhOS!NPEFA#|yt|Rb)099Uom0J-|
zUU%~$?ngZmW{+wm`f8B?s3vBh@2}g}dl$1@+WKgUiLm*Aar0=c0{0;cjKWRE4r9~-
znQ$1Rgllb>*3E{WOwJRgg&>z#a}|S6AIjB@mxxCuz}cTJ$uY11V+P83Dk0H@cL0#T
zOaQh~|4B3>17f^bw6nJ#mPi#yoyGHuIo7r{?8WYHzKCXw;+w)yu60$<Df}Q+G-J9y
zb7yJXq)Fxn#Tcxp&WaMa&q?Q9GkGX0xJdAc(YvfW#4Gm*EH!pwM&_Ta@XHE*VNc*^
zAP4SDQ_d<J<RV?3U<_{Y;mEQgm=DQ+8rZpc2%zKcSt0CYk3%1rO4#QLFUP`Kkj{V)
z@-vp)eUNz@m2=)Z)5oOs%}^*XQNDgCTyTdmf{OX69}}rQKupYWF2?I@Dzmu##(Ez|
zFnXw1tK0-RH}U39HY<U}I0<X398ba!B$Lv`&;}FL%p7|Gany`+qN_^tSp3+V(=)Y>
zi_-iiV*UlDrw7gGExCI*cH~;F@<=iCdfu^fym$Hv!H)P*&|5nBcA)G=B^Qa?@Bw_l
zn!dF~-lkWmqQa+tKfZ`Y2{agI7(WXB+?{t=2Wl+7nTtpm>G#>l^m*m);xqk}6#oX8
zA$}+R?f$C+2-0h&Z#ljeNxBa=>hZ?%aw!`vlk_p=boMLqT`^qQoGNMMsI`-wgh?J+
zcLF*R6;s?r`K3vJcU{iY*6~{^)MGp}MJ$=~8FSBmP3Ob;-mW$TL=s4-Azn7ucns{v
z4L#0+w=_^9Gc(-PTfBd)6ZY-JGydtn?b-STgRI}rtyQ?5N3ig;S^MADmG0{~92US&
zWjAA>P3GlqsiHyBLXR>)XqZOqQbkDoxRW+fl~N++OzlD8j5w4D&Pftyi0685lFP^H
z&b2*-^cS|jg!pd_?=+cT(;;GK3-6JpI@tM{Cr|Z6X$5_g;LLhwrjDrnC+=uXb^Q^3
zz(~*a^D@2|IF#B3CL^uzv@=!5i`*EOC0-&}T^AiDJlpayZM?}>I8p?8Rb#lhs{Wa>
zru>@zj=~EfjU0rX`{bsF1EaiS{%C%GTS`3p$DNCEcaG2W7y?Z2TC>U(lsu`?#SmA^
zBPcmrLv8x&7V6w$1ieaO<~*FRd-A*o0J&orn-A&{6~3(OZ)zTwv=ecfXRuZ%xm1$5
zaK0|!6&*Awl<Ra`m7`40OO8Ue%Qps;rww)i0s>ayR~m_bfGkwe@<@TR+;mN&G$8X8
z{x9uW9*)A~;na2?Mcb!cxSTBe@|{{iUGLH<*9TMAKjlkz6C-k?j=9Wa>tO876YoME
z($2&%wrQnALSOjg^xQ&*TK;-gf4aMLB>l73+-Tiw*SU3LZdO%{V1XI#OhNLJoKgLe
zEU~acstqxx$L%Edx#(o;P>63DI&@iP{RDuo0L{gfAAIay+;M94LH%~_eO21*<%<~!
z6V$G(KlVhq_GKJz$&U6X#S4AE(7Dgb6<CB(OU~>^Z7Jz+0VGP-W5KF(4CkwcBX%&d
zj+gM3$GITnY?AGHe3S@i6RW77eFqi2s#(D7kbLIGeWVC}8w7cq%Jg%UBJON@ww(RG
z%5c9U3fGkUi5EZb4ke+?oG2KUdQhu;qb@q(>D6VW8%}h84fTE;3{rTIT}?#YZ^p<c
zo{s@;uA2<YPR2ny^=LHlYa2fZ*gwv2KO#X(<8?Vt%Vmtdkkl(>2^819WDsa1)ktpL
zkr@E)bV7yti8%|#XKlJ)+^TxVAL{6O%QfQ6@<yC1Aqw_hYV7u+W(pWGcCNQs-1s_<
z2YZ@qIZFpmxmSMNM)qYye|8tx-wkJIWm)J&y6D`Ml(ECOUNe5a5a!7lvS6`U5IO}Y
zx|9RQTbt63%lxemo+2%xjE`@L*J}{G>T9x>9R20A`Eg`#GmG|mDx8;XcDn`8wJJ@4
zJl~cLtb>!eh>p^3)jN2JkU2h@WA8#fVJ0|Ks*XdC9s{yl*2V(ZI)$lH)hUS&;T?MI
zmRX7r*eg)JS&D12+3$YAAJQU{HcP0i2iva#>x3Z(SoNtxN(Zj2AOlYsg1SZ(D=hR6
zzHu~h%UUR$Z_;^9FSlFjxB|%iHy{hgE4q=mn^8A8QYG1jOJ)f_plHuGl7pXav%4P_
zYIwG<B(GWFO(4v*u{;8Hna*23B^+mMf6Mm|#7tDep_ErR1^Ydt!o(qy<Y*5P^<ezt
z+I==gC(L&YovgO$7I!kFGT1z0!}*MtM<(_*24z?I__>aHD&I{DzE6@^W)^F>v~Kbf
z5HFB#<DK}}v5x2*Vu~x%=(f9{bx5ed0~_2V%|6YV$Y*>L<lC)q{yP}2mJI?if34*h
zLfZ~Q&?*09ovicTQ_RJL8Ph{*qOI=qkO6f?6#WB&OZVB$_U7&x%0`_~eFKs`4|@}I
zk{sh8#aTL7iDm9Qk~K|NI9QEYJp_R`mM?>o4Yxp+fuJG^VH~rO&Xu8WODUL4o3#eq
zfpK?^Io_>#4NnghFfxVOwSw7Lx@OgBK5C!v8Mo*2%U;quy7sPR)pLUJ(HW-yBK!ly
zSCRG^0Qmnf@MA*)#e1A*T_9ua=YP<7A;y0IIdN3Rch&zQCyl}*RM}cQ)Q#GJ*e)IW
z_hl3T9#7o>4?V(hjj$N5fOWn`14PqW)Y{LVGq%VJE{XuyWjcwtQ3-5LUiL=~9-rBS
z#2?iq-Za}x4KohYb#yJ~#wvK2A8Hj6K^gTXCvAEc8zzB5TEIBRl$1)z2JtrAQV0Rr
zy6U8<=Vlp7^)e@aV^>8>qkGt_jr~jKR@X~u!Y<gO16G3@FY|^qxr~ohP%fN0A--G&
z2x=ATq;=_N!gcJ}^Og`;ov)(yR`miGkETuwjUV^roK@+ZD4m7j;qoU&J!`N~FMiQv
z$w%z*(h90Cv~vD<vQ|i#klZ^j#$XH6tdWy|Q`)>(p{UIuXO4KK)SIlU()W>B2$myg
zSWt%4&`9zzhbYp4QP49}a)2!o%}whL%~kOYn*J&qK$Uz|P0Kg(kS<Tlx%`DR(n%H7
zp}^}v=8_jeVi%yfMYg3iNjLk@++5<^r4X3|4PU9*W<2u6l`ALTj8oy~1Mej~Rp%}+
zn$fO!>RFdZ1-9Q@a_FpsUNy2Z#s*))k;H=c&3Vvz1F^<5OnZXgalw)@R0K*^E9oO7
z^Koal<BDkMP<#+auXuvRUg4w1`|Croc93adDD#B4v}zT#P1c`A+FWgGSe+zFsBEN0
zy=oK?zH`1DxlFU=-fXYE{O5%o`bb~EaQ;jQtslmTWoG!LN`6}NiN%5%(`zw~Q*e3f
zLQ?5I760LPONHk_^4qjzp<=)*RR5MY)XP=Oi%e<RlZlGZ<;G`Hn?%j@-Vw8orcj`+
zINUPCWV+D%O5l+Nyh1BXW@iL>Lb^JaxXQCpJovnb(@T6(hK)dS>_;fJ`2F*x6NqhA
z*5#71VvKd2_uE<^k1(jUjQyF>$L#Z?r16`UV>xyBL`(J5)Iv==Vy)S0O8diH??XB7
z^h%>qPl#u&tiYyEAOK3a>!MrVrKL)C2ed}&(2ay>5l#Opgqae&eL;BG1|zS20e4`9
zDzI%jZ;7hwJ@6lz{8q@2vLo2r9y-dv7{}N0SMGK!i@){0WU@0lT$ti&O#yZUjK>v<
z#u2;2SJe@rIB<)(k%U-wov+)34ZP>RA365D_h1;H(Gu6QDOzdd?@D<TX_kHCQo-}&
zrhavrytL+bltj!g9)BY^oQi~~d32Q~YGKKx`+rb+cY!|<nk6fFL-U=Gb-as>a;057
zSw`e`M~<&i1Yh>jMi}v!`xHWa`V*<^Emdm;PS9B^V!r763`MDC!R-S3r)4}Yhx?z#
zdUTkxM{)%UQy8g!aor<WX+27Nj&&Oss7`GK^nBiNNi)6P!4bE3rd(;>@xIgvpS%G^
zy!KzQ9DXd4+e9_5X7_mKZf`9o-AJs9#eqzYa!STplDe1ci^8FjeF@UmFv4O2uOD|7
zOY6Pc`IOku8ye)a(Y?~f-_P~h+n=U1#8lq?lF?J0zBxSH>T&b<v3GRlFAk&=&b6w`
zJah?05cUmZ_zha2tmO}3hKc;BP548@aWNsV1VMFyf6eqm1)BC!=ielt@8>?<dX{%b
z{?c|_a(Tr5a|sXVE#Ik4>!IeWT4H;dYNW_M@t;Q_0~Sqs=}l(Bd5IsXQ_dnDn!h)d
zs6Euff%wwIN@`NU#d~7V^&2xzhft(-Zn5FCz$6&%BZGIibUebQe{$b@vAeBsK^c{J
zWR#c+-oH%8F`^WTL0ZA7e_Z00GH8W?S>z{06*Z~X;d!J!YVfd6W@D0l%+KHO_eC`d
z=OjHI74s5aqj!S5YN)bEval7dPN$(VAzCUX4d%zW^+oj;2+q{OKW|cMrxhIfnIF)a
zLZT&lCeE^JN1jyc%LU0HT9n+F2Waxo_y>#vI`KM8LKfg#@r9m2jQ9mTOLk%`NDHym
zkKb=16QWdPD`mE|GPUEXM~ijE9FwcDo>(4wtyI~O_KPdA*2i{ak{AMCMgMI}fq7Nr
zZ9)N&gyFgHAHEy|07k($`l-A_+gC#$!M`o=Ysng^`Hc>RO@u3m)MbEu&J3aI#mn`U
z#9K^P!$RKI!0_Ks-w41qgx11(IlKp(DHdm3C*=hO0?EXH5{iu+qVQ5|_ZQ&WC1u(K
ze}H5*(c`@BRNo}~%r$H@@zx`vN_<bCS^en!3LlV6*^siSz@Ki6ylu$?-3I&ExyrF`
z+|m*tYi5takC7y6)bwTZeUI*TFg^Wzk~EcEw{DIHBPduz^^AFf4)~FuZ9-d0_5pne
z=~ghL;xBE?gVHkTNO$a|_9e~<X~GvT<I4|U=UG_HBe|@9$T4#hDQB4);0dY-sFqlT
z8?<rQ{7Elz&_``DAm)>MtFj;yvi9$n$%<bZCMfa<N}%_r8!!O8v*UXI^{)JTMTjJT
z?3AaUFiYu-Z2x489yjQR1v;O^PDI?IZ6sfmFnahC;-9G68EomnPX@<e2ky<krd~h_
zknmEDwPFE3T@8!^gg{QuPP=1;{AY25NbkH71sfzt6~}@hQSU>=bz6LQX0l&29U1oI
zMwLEcK;nQMYD{IXdi()o<M@G7GSe!;2~!dn3;+CM^~UgE1>rNV-6a3g(HtHDtB&0-
zk9kn?^3t&j7j!@k&6GyuqTEk?HV}1i61QvvHMJJ{SRxGf@T8Px<SyG(SjVGxTX5sh
z%KdrO{+%R;A4G8n?5&<V-&WMroRFqPr;atP^qoz#%I^W^J@)wo4BAri>AUBndNTv}
z00?JDw+>3!)Nh?^$w>|)BaP<|_h%vl`vvhDOH#Mhe!G?mN{FE0yVIs_bD~uQ6-_xP
zQsD+!XFS$cLQwYa!V44*S{S4Tppp3p(3n%Q;l=zN97`C|Qc%R&kfPM{VMOT-KzF(z
z4-CHK8O(~fu0*q4ut>D)$bR=MuCD*4`Q%6VzBE^X{5b#Rohd)=-r`7*q*&gEWj>#%
z8tgW`V9^;sw=cQ(?vr%~f44&x;MW0-N&Luxm6uF+c*E_}I4<Z9A=O6;SQpRPEX<;T
zN|iduz<xZ@0V5AELvY0Tr2o9(&yD-j5-ceX4Fr%lNrqja=*Ih`Z0)PK7#iFQ)$hET
zEZigQg*)uqu>E|O-IDd*+{7N2a?iIK%dE^faii<zD{?4oHSoSQT}1f|G=Z@{Sp<OF
zL~Av)ib~*UDvnL%C_Up`kv%Y5HRBGgHH8iQ<7Fl52b49uX>BFqBh92sb>U*K*sqO*
ze`9!d1TrE#pqb=$<3<!5|Ipv~7A<{ygJ}g0{_5~t*;VIo5L2ek1mt2STdAXVOG~$j
zFPWA+5{m4gp1dE}$vdo;Tmm_7OrJ5`(~)_8A_vd>Wr3D6UrRA4BXZPmkKz+o1m?0u
zKxrJ&dVU=5jEnO|7D#-{;hZV{`kL9+$x}grRdgp8*ZWQ^oKtXWjecb2m*DgnSIV+h
z4^7&QG1Ohs3ij+butHwA`1WI<i!wsA5McNOISsk@zd)Nc6+C-Y34^(6Ej_1X&Mb%+
zP~D+fElT;f^JDC?c?2+4@N2c~a%c&<2r0SkR=7Izk^%d)t($d(uB_<nT=@%BfjkZF
zZViXj3T=k-eHE(MAc^09a3CjQ+S^B<jw3prQSOP?sI_fXsTe*Vb#M{MX}LQEUkLU`
z04&*rOd+1^V^;rLv6$CUs>^x-YptES?y|8eapPjuQYz_6=(Fz+Qi-6!vICOodh>ca
zbeHoB`g;a4Uc0BU0@{udiRO(RThtSd;rwh|EfzZyl8jsK$AGA$gX{al*{1g6+~W5G
zR@C>bl5-NfZ?zA#O^xln*?L4hwjLvv{9xtg>2G_!r)=Ci5>r=d(`I@7yCXIot*9d=
zLkpeG$mG@1I`3){v^!uD+vS6hUw}^3L%&dRio8M(f7gfr*DIcDK&x68-WkYVY2$=a
zK24`9v%OS4lF(ZtvB&W&CbTH&@AY3RAx;DH&iWU2GA=PD<k7}gT-1=@Rh?YY&`G4-
zryty4GPf&r;QFP4`JJMVYwqPrgcziF$c-#f+|3sjHXnHl8#%j*%|#oYI6bAWgHd-j
zUL%eA9ggF;`OYi7k;UX2k9Bcua(B-yMp|2!4YA$TkG?fFTG|fkDxHUa@Ea70Cs+Pn
z&#m*EJTv<DZ;-xbSs>fMUuDaJrHEHcdJ^5f;)Bq(J`YQA5z6OX>agcFDd~?F?XiH$
zF@Vw2N3<UDFpaWucfqh3%rGwG%HKkJ#sQ0c#2bf&HOQDbPp$OLr<9ks<4e`S;&+Dc
zy3*#dGfwGQdpwf#I_s>TeEGZTUbaMJ?y!{?AhV0{4iu<E<6qxbv~L2|e3OqRY*@8=
zSMdazjQ0Mb7aL&=`lqh<p^6U8Rt~lQJ>)O5wWW4*@WWi8uA_&YFU{>W%A_<9RGJ)h
z3<+Dg96W);W$N4vw$3XyY`QS%?=bsu?LdvZ<~dp|uGx!4UxIMoR<f3^?99jn`36&b
zDnYViDszvlb$0q_V$dMVg~D0=2>&z<Z;CR~f&@mr{qhT_`?dXr?`uqo4q|{q`~e6S
z<Yo0C=bKOe4$;E4(xB$~d?fh^G>0?@IA%Q4RAX?fJG2=A8l4F0Y@h%QS$V)G+!9Ue
zoJavfiNEXynyxF28``f>$eUQMC3D2(QY`pQq@0!~pL-cCwht*qpM~Y{wkPny_w!)+
z7JvbMgLen?SAR}aX#Su?a+hg{4tg49E>&z*JX=V4D7XK9)gKkL(}hh<V0N&19&546
zkh+vLp12>*90kecMW`DFss3deuuq#asLG((gU$W@1_E5}34g^t7D=OC2?bZiStXso
ztdLc=6<-{kUs6l7yM?>=lW+QQYzUwI6Z<hS#8v`uEPa?PGELdU%*=UxkY&499UXj7
z_FRP!?0r}*{OfBiVwYzx!~9Nm`BocXQLa>Q4`P%1$z1Yt|Ij10niWBO5@O;qADZG@
zoUrQ@k$i?5Av17n+s(B??<pa;Mb@qUn#-RJ(x%@~Xuh8Msj#>v_?0uHoNC|e{RX}=
z|1`-oP{H`}R|HmfL%hA2J6E~cYC>NMukDwJ9mjBF;u8swgB20Njbi#w$vw^2Jb0s@
zIj5$#cHSqB$Rp#P)xLUdGq-nd2Uo)m8v1slp>KU2xhw{X*1{mBKQx#vv{1e_12;JW
z5MA$`Rgin}omFJuc1`q3Yh|ca416LeGEwTqO#EFL=c3UpGsokGj5=#PIYmtt3|_pE
zAWoGWE2!w};leubvShc1G2<ZomD)LX$o`g}k=U*15gcCd;Ju}^TO_Ya4vJn}fWp&H
zMPEN_$R$0Yc2n~`N1v~1k@geAQU4S4jHLI)!K{umBrLKGQ5$c|LEh$GB&(_p5~nS{
z_&Mx0+AdBVINatY`}3oKDDy@<(z&hPf`n*MjB=L8AR`*;OkR$^5(+)v(QG%QjNdi<
z!(0P~uq#$UE-c@*A|1}wFBH3HcvYPegzKNWHNQ$375p@tE0oUg%SkZ5tT0;3<R#z6
zd~V07;}&ZPv>PQfG!*ctkNJl+6EQ}b^?2|9df?37)|EUs9OxGbGhE4^N}B%YZffM|
zCt5-6?<!J1$gtV6NtU0jhu39fU=`tjUiV&Z9XP5~WU%pLiwnnwHj+q>?jNK~Z{XzV
z^%UJbb?%=JJ`90!hlE80w7FHU@Q>?G8Bz%J%pP8PVjorM{aznl!cU(XNCrRgyTy8x
z{<1w!=I_r}FTB(WdN*OWdh3@NJ>@yk%z4blae<34-^<N0RnYLcTUh{ga{J$|w$`ws
zsRb6Vw@qDJasI&n*G}AE>%M`Z1!Zz0*!NN(&7|nz6*{y?pFR~3lKh$eKLOz}gy5Kz
zZ^%S#qy+vyN#PyRKU}Ag>+ah^#D8MLD(QccLf!B<wB-LH=>KpRVqYE`8EJS`_*&Du
z2l59~yP-J|i6$@e6$9L@cwyYAt*v)?%muT!2Sm#v!Nt?;r8P~p(>LoiiZ0S0iC`1K
zEF)bP=FKs{z}Ym`_9ll<vCoz3yyh%<38fP!%ykV^%yX}G=PgEy8a>;&`KUuCtA61`
z%T;S(n&36CrO$GWpVL6N^tw|KYS^Wx-)yMmrSfC$9V!!Fg`$t#rH$OPz`4mG*7*v@
zXNORPv-P6&4$k^`%ZI#U46-(-YET2_d^IAS{IBfc-_Wzi&1-`nq@AjT<2{$|m^-kC
z(h>J64hwxGyV>=OyviNpj(rsg*PVou`=<P#unDAF@yA@7D3As2()eegxI_AvVs%~@
zZjp1{ueQ4^%>^%uN<!k4eTBLAzC9=TR-~t#?2RWIZ>E1j?hqt|dIfA5IBYdktCPII
z&6@<f%<epqSGRo~CJG)`8-M{3!<w$bAl_qLM?e46LjzIFiTa^KKUb?icW(0_{||S|
zo^F4Nj(7j0x=bwdoby${%jm4H6^<ws%l@eL$Jt<hSkKQ6yGfcvV2d!owgfz`SJ3ZB
z^NAApOK$a~_3Ga%9Us)yC_G&<Fe?b-^migx0~51(Jv=uBu~|VP4JM>)lEk~!zj7SR
z3J!hisT|N<6j(C1DOydqvL;*5M`~Y^!99275!Rmrk;|UZ3%GxNmW}K4KTYXUEWa8E
z-|@7}AlW{spnk^U`aM`->kCgAt6&a0M%%Hs?vqk_#WtW%7`)lJ?RzhGenZb*D@gm4
z=*Z|q66@MLQt<A@9#mi4NDX^YtAbz3vWQ2ANTq9`oVJpPRW#9A4gI?_Vha<c<YcB3
zw%E**EuIzCx+nB`S&0&#%EtLmISk6;KXJ^Z6FNNHRCEZRUR8nb#j>bXb*cAqBO+*;
zsiX1dW;;l)p)ACvL>>S5=SuqdD6R3o4Rp{|kaup!S^pjN)jY-QEn}g_k&Wq3mpTc5
z&y}B$2|OJp+flE6n_}w+^3p{=ufI@HnJEBL@v}dM{c)z@sn_8Wl#Rmhb;V_=1;^^L
z(9cJv`Rz-yf1>%xRgaU-l$PEAg))a*-%K#6j)do%0N0!j>Jaf@SDjdXhI8~kK%E$2
z*?hZ1N+=lLExnE?_i5UL-?JEsUkz042^7VDPjk%mf=Zc$!bA5a-bdO|5mc0KKFFQ_
zH|`5LL-G+~lT7+YO0d+db>29nWyy}oA+J`Et(~((x`Wn0#8GW(-3+wV!MuJA*GzF~
zN2WA;wq%t#6_NlB4F#2CPR#SicETR4eWC9yHp4W3oL~x%E?k5@{=TKCxi&5_3(HSy
z-<Ry!`PwtA#VH}FRw-#cDW!jI{rP%ObDZITwFH|mFO+a>@ZI#6yAwIoy{1h-V!+M|
zsEstGOyexgOuX6BTl=j5*=c($=ELtD{XFi+2*)v>tJ^kxe`>UvR=y#n+K~S5JQy~C
zfeiBWUHVFg4oc-C6s{b~2WrJHKX`|!8xDQcX)rwus^mGr!fPc|1mSW=+f3;`N+wPw
z9oJfxc9*>CTDqgyliLSAjZAb&mwmsF8Ke@FPH}#-9O`~){Wn|IGN=hTVa6J+keugE
z2ly!yfR&bw$_MoUVk(_et3cHA48TZb@1oh;XD;)kRG#7L!+i{Of{s;OC}Viw5ZsHB
znL*AT`blW=vO5i?z!#9J<09vV0E%sEH4*I^mM;nwc^wL7d_9-A3MY6LMZkj)@RhCk
z-okqZye<*R|2vlisU>+T3(}OOhKYF~aBIGuY%$@4>)1()s*ogzEcvTx_Xqp(f=#@L
zKb!%&y^3>0w1!$)pdJZCq@m{r+3Mx!{D(Ir_ExOMxa&`)?lR|rqvtG(>t<byhv9{z
ziZt^&?amtPqdu|Q!@u^GEWd0Vdmm3usdgF4`k8fAHrtGCYH{|!^{he?N+d5i5}cUI
zq@g7$5KqjFCuOUj!2xJu?WGCj?>7d#EDY=8_7>n}x&|das@VzyN%)~NP1`d#Y%S=>
z?}pRuuR<k7eCy`*hp<!xid;|!n(_qL{@{CIt@EEcTlHxx$eT&`P8hmi986pnE~Up)
zc5}5LYr!iJWs}raV4bJxv210&i_|??mo@zNOayORQ-ZEYM=oFKk~$NlK#OWMukK`&
zf|;f+rr9tmhs<sxf3t`RCOes|SL<Tl;8hRkaXM&D$uw?$7rj<bo;=u;6fhaQTEU@s
z0_lhNM69x4*h?jve~o<kM|VBYU4+wYd!?;M0}SpNrflK!Cn{b{CN}-!KAm@9yNx#l
z-z#;s6Z59`E(A$H?j(BgwR1u*&vH#hkUkNf1reO!Z7B)V8remb-gpv>PQKx8;Q2j`
z<Q4H<wo>f`cMroV>a)vT9-Y^3sQgOi0Y$Fec|{hfv0T|qSLQNLsOYx8JjISrXzD0h
zHKD5mTZ{~Jj6PiUs|c{g^@@-7!H2BPCIEc}>xMLHtFk*<qXJ*>2I)5j-F_uVTbAbP
z{+wUXwqEfG)Ke0Z??cq0rI?vKR@^YhPwo%%#tzi`gU5}Xv59<k&{7JVxbWqVIQoL!
zIK~2Jb2=S_VAaT<dOlz*Ws3{p3pqs7Q0}_bkLWRGm9H-isfkZ@n(NzRyCf6^13dI%
zoY~kwpGS1w6B>wcGHBb>+OGuBn!QRB$_+<BCASNTdG#P+^yequVTeu2bY3ItXpRA!
zvPY*c62F|CV`^*wk5iFAg)5DprC~WF4!|*%?eHm7YW%wOyx(s6k+rCO>>5HFxNL^2
zp<+~Sm1_C|V7d)QQtU;`q%e-I4>>U^GTp!vfidmi$;zWvoVN0iGrsS3)&H~!sn++}
zs;B)*r*l6&Ky?co2JL;O|K1t6E<B+$JYtdB{bx|EV|q%&%O<bZWxL5_&)qz~^&8`T
zD?~7KckTqCPBdT?)ZI&(6>*#S;^w*g8YN|kV*33EorBm^gA#y?Ba|Q-JW5dNL7>4B
zAO<l6De8WsIM?`#6<?H>(O+<xJ;Dj=?&k!AO@Tew$`IZXW=ceDrJX*TI$1?^gif@e
zgLSRS;$Zlz7)$qG85^3j`;DCFik|>oO7-}WXmV6v3QMB}of%XFkKSrI;BJy>o2O*P
z{V1D~=^a)&yJ~qwVibbTE6td_=o6Ga;x4z{NUk_Q>JifnBVB8nJklJ)9auNk&CEtz
z2i7ywS+EaM1L+xZkL<l#1TTGs2>iq?z*LzGlt2iB&ESxB#qS0wL+d-?tTd9ZdcAYQ
zpLPz{A@Oc$p|dD6Z!VIpy;u^XHBLJsCK3wUdT0S8Bx(GwY~oh5o2Iu$9>nhs%UK3@
zJ617AN7o5slk`Ww!%<<?OD5Nw?OZdEHF=n(+Y#2B2WDhyY;iZ#MBIe0E#P1qq-4A@
zCd;j-L|jCtZO>-D55yT!tEKLrawX;Z-634d){AwhZ*?ZJCC&Soe^X02a+`+V;j3M{
zwJI#1ZJWtZ1IVnMi!>^wHZ7jSvTKH$C*DtEb8J$H1^5qDePei3%Fy(&XSg#nT?@2>
zI<n9<Hmp$WXkjTKmx-UH!Rs&mlh8`a(U>?cFUMQ2oPOok;<{l%Xl%+W#g>z3EimUg
zl(2Jc5_HcGXoK#zoibds=6$uyh7rj!InI^^Ia#R390WXX`<Ssr_vX0$$<xfT4B)Wp
z20l{UdU(TVy<vZQ6yqRX*p1cQ<G*BF%?r92yG{9GG_=S$c9IDv69HekzTUU8b{fnt
zLq9xq%EHI#NOBlkRh@rS8*?9|WY3Z`$9EA^>>W{H-8sX%kx0&ZH#i7L#s(qZ<*X}Y
zYcIt?e6bs&$Oz^2-<|bTms}e<c7PidJZJ~h3xszZNx`%T!2sG0#4d7{q!tRR1PgUP
zL^E%GQ5UOUM=PwV2h4nnf2rl&%^|+B^ZsW&^aY<_HCG9Ci4{g^tUuVZs%6IzRsZt|
zbr<|cvOYYRErk59kC*+gkB?45%l<F&mHdxCeSYS)k@_!Jr|1(M&i`8({ps&(KxXs*
zyhp76IgE7ZzK1aW=S138`?t<LOhU!re=egm<|Nc1R$N}G|CyLB%m1z82c%}?_|L*r
qsPrEXn}(WI_&-+mL2LKz-D;Amgu*~8$3FuW+-JEjvUSp5L;eq!6Y63B
diff --git a/edit-webapp/images/placeholder-logo.png b/edit-webapp/images/placeholder-logo.png
new file mode 100644
index 0000000000000000000000000000000000000000..f5807ed22e984a2744a274be616e35fa0cabbe27
GIT binary patch
literal 2525
zcmd^>`&Ux=8pcskFjBNkyI7i+vB{2B)X|ey3NtF9OiV>VGcogqnZl@eYf5u8FDJD$
z)6<Nl7}<EuTg042I^v}=Bt((av{3NEhzg=-(>i~}Is1pb_j>p9e)sc!_gc?q-@SnG
z)Z4Oq3kU?#L!Uu;gFqSt;QlI92RILO`Go-&aQsQM4-`03pjWd&Al>_D6w-%Ekc_cn
zO~ZF}FV5_8YT0A)a`IYY!|z4!PFHXFkzNI{O48JKA&U&G3X<GwypeR#n`+MukRus+
z#>fs@tTpOrUTA5qkEEY5@~}p|i1Tf%vr0T4TAn9?blJY$jSWxal_x0_74_I}(z(t-
z*-za}noJr+Kgt>$85v1oj&DAv6OJ}wvwILEc`hA;C7&Q<f;6F2`(Tn2z1`XZPgi{E
zlb*+7$Nd5WM;)UUPe@@WDhB>MkV7ykG{GfAjPl}4HKFDPFVkzqy#oUSdWLP>m{y1G
zZwb#uU6grY_>%*Qvqm0^jy7L*f(_iOGBks5UB=yuZl24o$EdvFVY|PSs>>czb2Zx+
zoq>hY)3fm!Za*zeVP^&^l$2u6u!Y1E6|hT}E{z)$UJABI2i%#S6}cf02qw|b&(AIy
z7qK8u>bl%F$FbP9_xb_-(;yA7K@V7tnhL1nDk2M~PO$`%#LDf3Jk-_aDq^moJ0Liy
zJ(?BEygRvy*~r%VtoZu=*C9L}A6p|nQ~-DYX=3fG=mJ&hrpdW;=im*Ed!fQ(Uc?#S
z-=AeoZv_PIgg1S@MOJIvtV{>5AzOOV4m)5tP)0r>m_k`;l_V-#oMgf5NYaQTF|CR&
zGgFZt83MN4-BImvrkjDdXoJoQ%*>bC+S+>LEnp;b@=eW-j*hfztpXl|#Su#1BjZVc
z-hBJvMy?fFI83Og^!BCpNJ0Zmf%m^DguN1QQlCU2O#g9AOKn)G8Pma{)yNYJf6_Ji
z?&VjL>?dE_VT6^xHJ|fzGqqH!ps0&C1={lz5339<wVf*CjE}Te@{))B+@q$q)CxTl
zGI4*Rt<dcFXoeivs*C__s4$>y*H%Dou%FttMLlL2P%C5Y(g$kh)Ha>}v62>3M|!Bf
zN1?dWxv<`NLp=2-vehgqrdP5eJ)1J!^oV#JzHfF}$~kK@#(Pk?`CDK+HFcBODC=DR
zP~6-7f|=atgV-!v*O0DGIIhh!o{;4iS44(2TXreo@Z2Eh7@xGT$;Yua+q%Q`AB5$H
z?PK5Zbg8V&I#|DcB!l=kFFIeOmm*fGUawCMC*QacgRx_hBi>0E0?O6+WPAg;H`8_#
zHh(Y9jUV||Pk5z3AI1wAbO|Juc5v#7;LPU(gF&eT5{Yy+`C$_ieXCXM73N+4#@=&8
z$po<k>F4(2B`(Qv5$~d1-!%jeKpr_gU0wYR>AiI!?sBIz0TGXY_>TG4kn+PnJ4fAi
zj7duX$1diDe#~KNl#)X6R@6O5m-z>Ij1-wIKjd>UoQckKfOV~xyme&Zca%t*{i$um
zq>Vw`(0^OKvPIE7_C$0!IQG=EE0b78+)t|e+<=?3V&SJuTe9#woc$SW9Q6qGmslM(
zEs!@f4Jp6XHG5H2tR2g*K5`xIAke8D(He;Lx-VIrZvA=pjflTDcxARChX``sMu_bn
zDTjR-RHZ<rqKVcQ`PZ8cIU|<nqP;B>{k)6K6aCDGuj1Pn#SJ2t^9v^9TYH_CO1(GM
z`c@As$MxC|?cpC}392IOVM2O=t&W#}PaC;*3!%G=@pZ}UPF^GT!YGH4<i#yN?Me-Q
z`V3-bXFLwN!=Q5>Czpv5mcx;Aaz1u&5FT))?q5h|%57g=p-w-I3kkwej!(^}^qjPV
z-D^+@t`uC=@M|7B{4Ge2-C@6!P!e66J2ZZAesOxXw`C7hsH0jk?Ch_Y3!&`Hjjx=o
z3GL0aQeLPR*DKikp7}V}ep)AchqPwI2KeAAKICo~-jFRRr7Nkjx`}B5BZM-L<1n{Y
z?F2ShxR5SdCVL;y)d2rtY)<|6V`BR$kOo{EN`TwkE&>82N+a|CQ`*Fv?Fu8s?;Adi
zRwp=Flin`LT=7CUZ4aaz`&kXW16A~upoLUHpIwrlne~1k4OzN1;s%(oj+AKqN_q_n
z<lVvrcU)|{h{o=FEe@gGSNDN!f=Ou~xm+%LyA7uEM~mHoS>M-NwGJl9Cy}3?Mkw0p
zc565@t~y{tbRY1q7g@!^GfO3RUj9%TW8nS<tMQ$Ql@L}WN&1V?_+_rP8>jjp5YQqj
z>;XRs;8-nvWaD*A+0)BD%i_hDJh7T$ZrXiw6m-$(P43=RcZNWcibVyamU!XRfLJv8
zBoNG2xFpNN{g>II=!blYPlBA<;>iV`rV}+ua-!i{SdmrN2T=k%v14ooHFZ43UKY7j
zqoV=7SDk*hrykE39!puSUXcO=c;INuel6(t>Sh~FDQ6qHXr1AQ`BM7BhhwUy?38~-
zL$IWRqk!R0&{vY%d_JFIY;0V@$=RofZqCcgV|VA9rP=0KY%Di~BEA^qfHcjXr7L;e
z3e|>_8nJZo&b8wqh;q!(UoyJF8mIc$%{K_O1omqmEb0ND7{C}F$0daORao9~*qp#T
zlidc;$+4JlO`n9QLFPV1q$gS4o1}EJ9eox^HVJhifS9a4JJiLdYourWQApgHn}4qD
zU>tzj=it65JdWqH{8=azYT;;Z_a;|788Mu)bu(*BQWT6BF#`OrfzTcp)QgkBng0PT
CAAgbn
literal 0
HcmV?d00001
diff --git a/edit-webapp/index.jsp b/edit-webapp/index.jsp
new file mode 100644
index 0000000..087cee2
--- /dev/null
+++ b/edit-webapp/index.jsp
@@ -0,0 +1,31 @@
+<%@ page pageEncoding="UTF-8" %>
+<%@ taglib uri="http://www.springframework.org/tags" prefix="spring" %>
+<!DOCTYPE html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title><spring:message code="root.title" text="Shibboleth IdP" /></title>
+ <link rel="stylesheet" type="text/css" href="<%= request.getContextPath()%><spring:message code="root.css" text="/css/placeholder.css" />">
+ </head>
+
+ <body>
+ <div class="wrapper">
+ <div class="container">
+ <header>
+ <img src="<%= request.getContextPath() %><spring:message code="idp.logo" />" alt="<spring:message code="idp.logo.alt-text" text="logo" />">
+ </header>
+
+ <div class="content">
+ <h2><spring:message code="root.message" text="No services are available at this location." /></h2>
+ </div>
+ </div>
+
+ <footer>
+ <div class="container container-footer">
+ <p class="footer-text"><spring:message code="root.footer" text="Insert your footer text here." /></p>
+ </div>
+ </footer>
+ </div>
+
+ </body>
+</html>
diff --git a/flows/authn/conditions/expiring-password/expiring-password-flow.xml b/flows/authn/conditions/expiring-password/expiring-password-flow.xml
index 10e041e..75bb86a 100644
--- a/flows/authn/conditions/expiring-password/expiring-password-flow.xml
+++ b/flows/authn/conditions/expiring-password/expiring-password-flow.xml
@@ -20,7 +20,7 @@
<evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationErrorContext))" result="viewScope.authenticationErrorContext" />
<evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.AuthenticationWarningContext))" result="viewScope.authenticationWarningContext" />
<evaluate expression="authenticationContext.getSubcontext(T(net.shibboleth.idp.authn.context.LDAPResponseContext))" result="viewScope.ldapResponseContext" />
- <evaluate expression="T(net.shibboleth.utilities.java.support.codec.HTMLEncoder)" result="viewScope.encoder" />
+ <evaluate expression="T(net.shibboleth.shared.codec.HTMLEncoder)" result="viewScope.encoder" />
<evaluate expression="flowRequestContext.getExternalContext().getNativeRequest()" result="viewScope.request" />
<evaluate expression="flowRequestContext.getExternalContext().getNativeResponse()" result="viewScope.response" />
<evaluate expression="flowRequestContext.getActiveFlow().getApplicationContext().containsBean('shibboleth.CustomViewContext') ? flowRequestContext.getActiveFlow().getApplicationContext().getBean('shibboleth.CustomViewContext') : null" result="viewScope.custom" />
diff --git a/flows/user/prefs/prefs-flow.xml b/flows/user/prefs/prefs-flow.xml
deleted file mode 100644
index c79093b..0000000
--- a/flows/user/prefs/prefs-flow.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<flow xmlns="http://www.springframework.org/schema/webflow"
- xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
- xsi:schemaLocation="http://www.springframework.org/schema/webflow http://www.springframework.org/schema/webflow/spring-webflow.xsd">
-
- <!--
- This flow allows a user to adjust various client-side preferences.
-
- It's partly example, partly a placeholder to allow adjustment of a few
- existing cookie-based options used by some features of the IdP for the time
- being while leaving the option of a more comprehensive UI down the road.
-
- As a flow, it's nothing much, just a view rendered to push some JS into
- the browser to maintain things. Notably, it doesn't require a user login.
- -->
-
- <end-state id="RenderView" view="user-prefs">
- <on-entry>
- <evaluate expression="environment" result="requestScope.environment" />
- <evaluate expression="T(net.shibboleth.utilities.java.support.codec.HTMLEncoder)" result="requestScope.encoder" />
- <evaluate expression="flowRequestContext.getExternalContext().getNativeRequest()" result="requestScope.request" />
- <evaluate expression="flowRequestContext.getExternalContext().getNativeResponse()" result="requestScope.response" />
- <evaluate expression="flowRequestContext.getActiveFlow().getApplicationContext().containsBean('shibboleth.CustomViewContext') ? flowRequestContext.getActiveFlow().getApplicationContext().getBean('shibboleth.CustomViewContext') : null" result="requestScope.custom" />
- </on-entry>
- </end-state>
-</flow>
diff --git a/messages/messages.properties b/messages/messages.properties
index 5f94396..b59fc89 100644
--- a/messages/messages.properties
+++ b/messages/messages.properties
@@ -1,2 +1,6 @@
# You can define message properties here to override messages defined in
-# system/messages/ or to add your own messages.
+# the system-supplied message file or to add your own messages.
+
+# You should alter these to point to different files of your own choosing.
+#idp.css = /css/placeholder.css
+#idp.logo = /images/placeholder-logo.png
diff --git a/views/admin/hello.vm b/views/admin/hello.vm
index 33a0528..6268c6c 100644
--- a/views/admin/hello.vm
+++ b/views/admin/hello.vm
@@ -14,60 +14,55 @@
##
<!DOCTYPE html>
<html>
- <head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <title>#springMessageText("idp.title", "Web Login Service") - #springMessageText("hello-world.title", "Hello World")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
- </head>
+ <head>
+ <title>#springMessageText("idp.title", "Web Login Service") - #springMessageText("hello-world.title", "Hello World")</title>
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")" media="all">
+ </head>
- <body>
- <div class="wrapper">
- <div class="container" style="width: 100%">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- <h3>#springMessageText("idp.title", "Web Login Service")</h3>
- </header>
+ <body>
+ <main class="main">
+ <header>
+ <img class="main-logo" src="$request.getContextPath()#springMessageText("idp.logo", "/images/placeholder-logo.png")" alt="#springMessageText("idp.logo.alt-text", "logo")">
+ </header>
- <div class="content">
- <h4>#springMessageText("hello-world.greeting", "Greetings"), <em>$encoder.encodeForHTML($subjectContext.getPrincipalName())</em></h4>
- <br/>
- <h4>Authenticated By</h4>
- #foreach ($result in $subjectContext.getAuthenticationResults().entrySet())
- <blockquote>$encoder.encodeForHTML($result.getKey())</blockquote>
- #end
- <br/>
- <h4>Java Principals in Subjects</h4>
- #foreach ($s in $subjectContext.getSubjects())
- #foreach ($p in $s.getPrincipals())
- <blockquote>$encoder.encodeForHTML($p)<blockquote>
- #end
- #end
- #if ($attributeContext && !$attributeContext.getUnfilteredIdPAttributes().isEmpty())
- <br/>
- <h4>Attributes:</h4>
- #foreach ($a in $attributeContext.getUnfilteredIdPAttributes())
- #if (!$a.getValues().isEmpty())
- <br/>
- <h5>$encoder.encodeForHTML($a.getId())</h5>
- #foreach ($v in $a.getValues())
- <blockquote>$encoder.encodeForHTML($v.getDisplayValue())</blockquote>
- #end
- #end
- #end
- #end
- </div>
-
- <header>
- <h3><a href="$request.getContextPath()/profile/admin/hello">#springMessageText("hello-world.reload", "Reload the Page")</a></h3>
- </header>
- </div>
+ <section>
+ <h1>#springMessageText("hello-world.greeting", "Greetings"), <em>$encoder.encodeForHTML($subjectContext.getPrincipalName())</em></h1>
+ <p><strong>Authenticated by</strong><br />
+ #foreach ($result in $subjectContext.getAuthenticationResults().entrySet())
+ <small>$encoder.encodeForHTML($result.getKey())</small><br/>
+ #end</p>
+
+ <p><strong>Java Principals in Subjects</strong><br/>
+ #foreach ($s in $subjectContext.getSubjects())
+ #foreach ($p in $s.getPrincipals())
+ <small>$encoder.encodeForHTML($p)</small></br/>
+ #end
+ #end</p>
+
+ #if ($attributeContext && !$attributeContext.getUnfilteredIdPAttributes().isEmpty())
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
- </body>
+ <p><strong>Attributes</strong><br/>
+ #foreach ($a in $attributeContext.getUnfilteredIdPAttributes())
+ #if (!$a.getValues().isEmpty())
+ <small><strong>$encoder.encodeForHTML($a.getId())</strong></small><br/>
+ #foreach ($v in $a.getValues())
+ <small>$encoder.encodeForHTML($v.getDisplayValue())</small><br/>
+ #end
+ #end
+ #end
+ #end
+ </p>
+
+ <a class="button button--secondary" href="$request.getContextPath()/profile/admin/hello">#springMessageText("hello-world.reload", "Reload the Page")</a>
+ </section>
+ </main>
+ <footer class="footer">
+ <div class="cc">
+ <p>#springMessageText("idp.footer", "Insert your footer text here.")</p>
+ </div>
+ </footer>
+ </body>
</html>
diff --git a/views/client-storage/client-storage-read.vm b/views/client-storage/client-storage-read.vm
index 1993c14..1afe818 100644
--- a/views/client-storage/client-storage-read.vm
+++ b/views/client-storage/client-storage-read.vm
@@ -17,37 +17,32 @@
<!DOCTYPE html>
<html>
<head>
- <meta charset="utf-8" />
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>$title - $titleSuffix</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
<script>
<!--
- #include( "client-storage/local-storage-read.js" )
+ #include("client-storage/local-storage-read.js")
// -->
</script>
</head>
- <body onload="doLoad()">
- <div class="wrapper">
- <div class="container">
- <header>
- <h3>$title - $titleSuffix</h3>
- </header>
- <div class="content">
- $springMacroRequestContext.getMessage("idp.client-storage-read.text", "Loading login session information from the browser...")
- </div>
+ <body onload="doLoad()">
+ <main class="main">
+ <section>
+ <h1>$title - $titleSuffix</h1>
+ <p>$springMacroRequestContext.getMessage("idp.client-storage-read.text", "Loading login session information from the browser...")</p>
<noscript>
- <div class="content">
$springMacroRequestContext.getMessage("idp.client-storage.no-js", "Since your browser does not support JavaScript, you must press the Continue button once to proceed.")
- </div>
</noscript>
- #parse( "client-storage/read.vm" )
+ #parse("client-storage/read.vm")
+ </section>
+ </main>
+ <footer class="footer">
+ <div class="cc">
+ <p>#springMessageText("idp.footer", "Insert your footer text here.")</p>
</div>
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
+ </footer>
</body>
</html>
diff --git a/views/client-storage/client-storage-write.vm b/views/client-storage/client-storage-write.vm
index 4b92d6b..066cbdb 100644
--- a/views/client-storage/client-storage-write.vm
+++ b/views/client-storage/client-storage-write.vm
@@ -17,37 +17,34 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
- <meta charset="utf-8" />
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>$title - $titleSuffix</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
<script>
<!--
- #include( "client-storage/local-storage-write.js" )
+ #include("client-storage/local-storage-write.js")
// -->
</script>
</head>
- <body onload="doSave()">
- <div class="wrapper">
- <div class="container">
- <header>
- <h3>$title - $titleSuffix</h3>
- </header>
- <div class="content">
- $springMacroRequestContext.getMessage("idp.client-storage-write.text", "Saving login session information to the browser...")
- </div>
+ <body onload="doSave()">
+ <main class="main">
+ <section>
+ <h1>$title - $titleSuffix</h1>
+ <p>$springMacroRequestContext.getMessage("idp.client-storage-write.text", "Saving login session information to the browser...")</p>
<noscript>
<div class="content">
$springMacroRequestContext.getMessage("idp.client-storage.no-js", "Since your browser does not support JavaScript, you must press the Continue button once to proceed.")
</div>
</noscript>
- #parse( "client-storage/write.vm" )
+ #parse("client-storage/write.vm")
+ </section>
+ </main>
+ <footer class="footer">
+ <div class="cc">
+ <p>#springMessageText("idp.footer", "Insert your footer text here.")</p>
</div>
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
+ </footer>
</body>
</html>
\ No newline at end of file
diff --git a/views/error.vm b/views/error.vm
index a44bd6f..0f01e89 100644
--- a/views/error.vm
+++ b/views/error.vm
@@ -1,7 +1,10 @@
##
## Velocity Template for error end-state
##
-## Velocity context will contain the following properties
+## Velocity context will contain the following variables during controlled errors.
+## Some error paths involve runtime exceptions handled outside Spring Web Flow by the
+## MVC layer and will not generally populate most of these variables.
+##
## flowRequestContext - the Spring Web Flow RequestContext
## profileRequestContext - root of context tree
## encoder - HTMLEncoder class
@@ -45,31 +48,27 @@
<!DOCTYPE html>
<html>
<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <title>$title - $titleSuffix</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
</head>
<body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- <h3>$title - $titleSuffix</h3>
- </header>
-
- <div class="content">
- #evaluate($message)
+ <main class="main">
+ <header>
+ <img class="main-logo" src="$request.getContextPath()#springMessageText("idp.logo", "/images/placeholder-logo.png")" alt="#springMessageText("idp.logo.alt-text", "logo")" />
+ </header>
+
+ <section>
+ <h1>$title - $titleSuffix</h1>
+ <p>#evaluate($message)</p>
+ </section>
+ </main>
+ <footer class="footer">
+ <div class="cc">
+ <p>#springMessageText("idp.footer", "Insert your footer text here.")</p>
</div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
-
- </div>
+ </footer>
</body>
-</html>
\ No newline at end of file
+</html>
diff --git a/views/login-error.vm b/views/login-error.vm
index 224976b..4a9e641 100644
--- a/views/login-error.vm
+++ b/views/login-error.vm
@@ -2,11 +2,11 @@
##
## authenticationErrorContext - context containing error data, if available
##
-#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0)
+#if ($authenticationErrorContext && $authenticationErrorContext.getClassifiedErrors().size() > 0 && !$authenticationErrorContext.getClassifiedErrors().contains('AuthenticationException'))
## This handles errors that are classified by the message maps in the authentication config.
#set ($eventId = $authenticationErrorContext.getClassifiedErrors().iterator().next())
#if ($eventId != "ReselectFlow")
- #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "login"))
+ #set ($eventKey = $springMacroRequestContext.getMessage("$eventId", "authn"))
#set ($message = $springMacroRequestContext.getMessage("${eventKey}.message", "Login Failure: $eventId"))
#end
#elseif ($authenticationErrorContext && $authenticationErrorContext.getExceptions().size() > 0)
@@ -20,7 +20,5 @@
#end
#if ($message)
- <section>
- <p class="form-element form-error">$encoder.encodeForHTML($message)</p>
- </section>
+ <p class="output-message output--error">$encoder.encodeForHTML($message)</p>
#end
diff --git a/views/login.vm b/views/login.vm
index c7b15c9..20ed38e 100644
--- a/views/login.vm
+++ b/views/login.vm
@@ -11,134 +11,96 @@
## authenticationWarningContext - context with login warning state
## ldapResponseContext - context with LDAP state (if using native LDAP)
## rpUIContext - the context with SP UI information from the metadata
-## extendedAuthenticationFlows - collection of "extended" AuthenticationFlowDescriptor objects
-## passwordPrincipals - contents of the shibboleth.authn.Password.PrincipalOverride bean
## encoder - HTMLEncoder class
## request - HttpServletRequest
## response - HttpServletResponse
## environment - Spring Environment object for property resolution
## custom - arbitrary object injected by deployer
##
-#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.idp.profile.context.RelyingPartyContext'))
+#set ($rpContext = $profileRequestContext.getSubcontext('net.shibboleth.profile.context.RelyingPartyContext'))
#set ($username = $authenticationContext.getSubcontext('net.shibboleth.idp.authn.context.UsernamePasswordContext', true).getUsername())
-#set ($passwordEnabled = false)
-#if (!$passwordPrincipals or $passwordPrincipals.isEmpty() or $authenticationContext.isAcceptable($passwordPrincipals))
- #set ($passwordEnabled = true)
-#end
##
<!DOCTYPE html>
<html>
<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>#springMessageText("idp.title", "Web Login Service")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
</head>
<body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- </header>
+ <main class="main">
+ <header>
+ <img class="main-logo" src="$request.getContextPath()#springMessageText("idp.logo", "/images/placeholder-logo.png")" alt="#springMessageText("idp.logo.alt-text", "logo")" />
+
+ #set ($serviceName = $rpUIContext.serviceName)
+ #if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName))
+ <h1>#springMessageText("idp.login.loginTo", "Login to") $encoder.encodeForHTML($serviceName)</h1>
+ #end
+ </header>
+
+ <section>
+ <form action="$flowExecutionUrl" method="post">
+ #parse("csrf/csrf.vm")
- <div class="content">
- <div class="column one">
- #parse("login-error.vm")
+ #*
+ //
+ // SP Description & Logo (optional)
+ // These idpui lines will display added information (if available
+ // in the metadata) about the Service Provider (SP) that requested
+ // authentication. These idpui lines are "active" in this example
+ // (not commented out) - this extra SP info will be displayed.
+ // Remove or comment out these lines to stop the display of the
+ // added SP information.
+ //
+ *#
+ #set ($logo = $rpUIContext.getLogo())
+ #if ($logo)
+ <img class="service-logo" src= "$encoder.encodeForHTMLAttribute($logo)" alt="$encoder.encodeForHTMLAttribute($serviceName)">
+ #end
+ #set ($desc = $rpUIContext.getServiceDescription())
+ #if ($desc)
+ <p>$encoder.encodeForHTML($desc)</p>
+ #end
+
+ #parse("login-error.vm")
- <form action="$flowExecutionUrl" method="post">
- #parse("csrf/csrf.vm")
- #set ($serviceName = $rpUIContext.serviceName)
- #if ($serviceName && !$rpContext.getRelyingPartyId().contains($serviceName))
- <legend>
- #springMessageText("idp.login.loginTo", "Login to") $encoder.encodeForHTML($serviceName)
- </legend>
- #end
+ <label for="username">#springMessageText("idp.login.username", "Username")</label>
+ <input id="username" name="j_username" type="text"
+ value="#if($username)$encoder.encodeForHTML($username)#end" />
- #if ($passwordEnabled)
- <div class="form-element-wrapper">
- <label for="username">#springMessageText("idp.login.username", "Username")</label>
- <input class="form-element form-field" id="username" name="j_username" type="text"
- value="#if($username)$encoder.encodeForHTML($username)#end" />
- </div>
-
- <div class="form-element-wrapper">
- <label for="password">#springMessageText("idp.login.password", "Password")</label>
- <input class="form-element form-field" id="password" name="j_password" type="password" value="" />
- </div>
-
- ## You may need to modify this to taste, such as changing the flow name its checking for to authn/MFA.
- #if (!$authenticationContext.getActiveResults().containsKey('authn/Password'))
- <div class="form-element-wrapper">
- <input type="checkbox" name="donotcache" value="1" id="donotcache">
- <label for="donotcache">#springMessageText("idp.login.donotcache", "Don't Remember Login")</label>
- </div>
- #end
-
- #end
-
- <div class="form-element-wrapper">
- <input id="_shib_idp_revokeConsent" type="checkbox" name="_shib_idp_revokeConsent" value="true" />
- <label for="_shib_idp_revokeConsent">#springMessageText("idp.attribute-release.revoke", "Clear prior granting of permission for release of your information to this service.")</label>
- </div>
-
- #if ($passwordEnabled)
- <div class="form-element-wrapper">
- <button class="form-element form-button" type="submit" name="_eventId_proceed"
- onClick="this.childNodes[0].nodeValue='#springMessageText("idp.login.pleasewait", "Logging in, please wait...")'"
- >#springMessageText("idp.login.login", "Login")</button>
- </div>
- #end
-
- #foreach ($extFlow in $extendedAuthenticationFlows)
- #if ($authenticationContext.isAcceptable($extFlow) and $extFlow.test(profileRequestContext))
- <div class="form-element-wrapper">
- <button class="form-element form-button" type="submit" name="_eventId_$extFlow.getId()">
- #springMessageText("idp.login.$extFlow.getId().replace('authn/','')", $extFlow.getId().replace('authn/',''))
- </button>
- </div>
- #end
- #end
- </form>
-
- #*
- //
- // SP Description & Logo (optional)
- // These idpui lines will display added information (if available
- // in the metadata) about the Service Provider (SP) that requested
- // authentication. These idpui lines are "active" in this example
- // (not commented out) - this extra SP info will be displayed.
- // Remove or comment out these lines to stop the display of the
- // added SP information.
- //
- *#
- #set ($logo = $rpUIContext.getLogo())
- #if ($logo)
- <img src= "$encoder.encodeForHTMLAttribute($logo)"
- alt="$encoder.encodeForHTMLAttribute($serviceName)">
- #end
- #set ($desc = $rpUIContext.getServiceDescription())
- #if ($desc)
- $encoder.encodeForHTML($desc)
- #end
-
- </div>
- <div class="column two">
- <ul class="list list-help">
- #if ($passwordEnabled)
- <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
- #end
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
- </ul>
- </div>
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
+ <label for="password">#springMessageText("idp.login.password", "Password")</label>
+ <input type="password" name="j_password" id="password" value="" />
+
+ ## You may need to modify this to taste, such as changing the flow name checked to authn/MFA.
+ #if (!$authenticationContext.getActiveResults().containsKey('authn/Password'))
+ <input type="checkbox" name="donotcache" value="1" id="donotcache" />
+ <label for="donotcache">#springMessageText("idp.login.donotcache", "Don't Remember Login")</label>
+ #end
+
+ <input id="_shib_idp_revokeConsent" type="checkbox" name="_shib_idp_revokeConsent" value="true" />
+ <label for="_shib_idp_revokeConsent">#springMessageText("idp.attribute-release.revoke", "Clear prior granting of permission for release of your information to this service.")</label>
+
+ <div class="grid">
+ <div class="grid-item">
+ <button type="submit" name="_eventId_proceed"
+ onClick="this.childNodes[0].nodeValue='#springMessageText("idp.login.pleasewait", "Logging in, please wait...")'"
+ >#springMessageText("idp.login.login", "Login")</button>
+ </div>
+ </div>
+ </form>
+ <ul>
+ <li><a href="#springMessageText("idp.url.password.reset", '#')">#springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
+ <li><a href="#springMessageText("idp.url.helpdesk", '#')">#springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ </ul>
+ </section>
+ </main>
+ <footer class="footer">
+ <div class="cc">
+ <p>#springMessageText("idp.footer", "Insert your footer text here.")</p>
+ </div>
+ </footer>
</body>
</html>
\ No newline at end of file
diff --git a/views/logout-complete.vm b/views/logout-complete.vm
index 7341e69..2d332ea 100644
--- a/views/logout-complete.vm
+++ b/views/logout-complete.vm
@@ -19,49 +19,43 @@
<!DOCTYPE html>
<html>
<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>#springMessageText("idp.title", "Web Login Service")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
</head>
<body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- </header>
-
- <div class="content">
- <div class="column one">
- #if ($activeIdPSessions)
- <p>#springMessageText("idp.logout.cancelled", "Logout has been cancelled.")</p>
- #elseif ($activeSPSessions)
- <p>#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")</p>
- #else
- <p>#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")</p>
- #end
- </div>
- <div class="column two">
- <ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
- </ul>
- </div>
- </div>
- </div>
-
- <!-- If SAML logout, complete the flow by adding a hidden iframe. -->
- #if ( $profileRequestContext.getProfileId().contains("saml2/logout") )
- <iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed"></iframe>
- #end
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
-
+ <main class="main">
+ <header>
+ <img class="main-logo" src="$request.getContextPath()#springMessageText("idp.logo", "/images/placeholder-logo.png")" alt="#springMessageText("idp.logo.alt-text", "logo")" />
+ </header>
+
+ <section>
+ #if ($activeIdPSessions)
+ <h2>#springMessageText("idp.logout.cancelled", "Logout has been cancelled.")</h2>
+ #elseif ($activeSPSessions)
+ <p>#springMessageText("idp.logout.local", "You elected not to log out of all the applications accessed during your session.")</p>
+ #else
+ <p>#springMessageText("idp.logout.complete", "The logout operation is complete, and no other services appear to have been accessed during this session.")</p>
+ #end
+
+ <ul>
+ <li><a href="#springMessageText("idp.url.password.reset", '#')">#springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
+ <li><a href="#springMessageText("idp.url.helpdesk", '#')">#springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ </ul>
+
+ <!-- If SAML logout, complete the flow by adding a hidden iframe. -->
+ #if ( $profileRequestContext.getProfileId().contains("saml2/logout") )
+ <iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed"></iframe>
+ #end
+ </section>
+ </main>
+ <footer class="footer">
+ <div class="cc">
+ <p>#springMessageText("idp.footer", "Insert your footer text here.")</p>
+ </div>
+ </footer>
</body>
</html>
\ No newline at end of file
diff --git a/views/logout-propagate.vm b/views/logout-propagate.vm
index 470eff5..ab73382 100644
--- a/views/logout-propagate.vm
+++ b/views/logout-propagate.vm
@@ -16,43 +16,42 @@
## environment - Spring Environment object for property resolution
## custom - arbitrary object injected by deployer
##
+#set ($hidden = $environment.getProperty("idp.logout.propagationHidden", "false"))
<!DOCTYPE html>
<html>
<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
<title>#springMessageText("idp.title", "Web Login Service")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
<link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/logout.css">
</head>
<body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- </header>
-
- <div class="content">
- <div class="column one">
- <p>#springMessageText("idp.logout.attempt", "Attempting to log out of the following services:")</p>
- #parse("logout/propagate.vm")
- </div>
- <div class="column two">
- <ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
- </ul>
- </div>
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
-
+ <main class="main">
+ <header>
+ <img class="main-logo" src="$request.getContextPath()#springMessageText("idp.logo", "/images/placeholder-logo.png")" alt="#springMessageText("idp.logo.alt-text", "logo")" />
+ </header>
+
+ <section>
+ #if($hidden == "true")
+ <p>#springMessageText("idp.logout.hidden", "Your single sign-on session has been terminated, but you are still logged into many of the services you have accessed during your session.")</p>
+ #else
+ <h1>#springMessageText("idp.logout.attempt", "Attempting to log out of the following services:")</h1>
+ #end
+ #parse("logout/propagate.vm")
+
+ <ul>
+ <li><a href="#springMessageText("idp.url.password.reset", '#')">#springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
+ <li><a href="#springMessageText("idp.url.helpdesk", '#')">#springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ </ul>
+ </section>
+ </main>
+ <footer class="footer">
+ <div class="cc">
+ <p>#springMessageText("idp.footer", "Insert your footer text here.")</p>
+ </div>
+ </footer>
</body>
</html>
\ No newline at end of file
diff --git a/views/logout.vm b/views/logout.vm
index 3d8d50b..ab01600 100644
--- a/views/logout.vm
+++ b/views/logout.vm
@@ -14,7 +14,7 @@
## environment - Spring Environment object for property resolution
## custom - arbitrary object injected by deployer
##
-#set ($rpContext = $profileRequestContext.getSubcontext("net.shibboleth.idp.profile.context.RelyingPartyContext"))
+#set ($rpContext = $profileRequestContext.getSubcontext("net.shibboleth.profile.context.RelyingPartyContext"))
#if ($rpContext)
#set ($rpUIContext = $rpContext.getSubcontext("net.shibboleth.idp.ui.context.RelyingPartyUIContext"))
#end
@@ -23,30 +23,30 @@
<!DOCTYPE html>
<html>
<head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
+ <title>#springMessageText("idp.title", "Web Login Service")</title>
+ <meta charset="UTF-8" />
+ <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+ <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0">
#if ($promptForSP)
<meta http-equiv="refresh" content="10;url=$flowExecutionUrl&_eventId=propagate">
#elseif ($promptForIdP)
<meta http-equiv="refresh" content="10;url=$flowExecutionUrl&_eventId=local">
#end
- <title>#springMessageText("idp.title", "Web Login Service")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
+ <link rel="stylesheet" type="text/css" href="$request.getContextPath()#springMessageText("idp.css", "/css/placeholder.css")">
</head>
- <body>
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- </header>
+ <body>
+ <main class="main">
+ <header>
+ <img class="main-logo" src="$request.getContextPath()#springMessageText("idp.logo", "/images/placeholder-logo.png")" alt="#springMessageText("idp.logo.alt-text", "logo")" />
+ </header>
- <div class="content">
- <div class="column one">
- <p>This page is displayed when a logout operation at the Identity Provider completes. This page is an example
- and should be customized. It is not fully internationalized because the presentation will be a highly localized
- decision, and we don't have a good suggestion for a default.</p>
- <br>
+ <section>
+ <div class="output-message">
+ <p><strong>Note for deployers:</strong> This page is displayed when a logout operation at the Identity Provider completes.
+ This page is an example and should be customized. It is not fully internationalized because the presentation will be a highly localized decision,
+ and we don't have a good suggestion for a default.</p>
+ </div>
#if ($rpContext)
<p>#springMessageText("idp.logout.sp-initiated", "You have been logged out of the following service:")</p>
@@ -66,17 +66,13 @@
<form id="propagate_form" method="POST" action="$flowExecutionUrl">
- <div class="form-element-wrapper">
- <button id="logout_local" class="form-element form-button" type="submit" name="_eventId" value="local">#springMessageText("idp.logout.idponly", "Logout Locally")</button>
+ <p><button id="logout_local" type="submit" name="_eventId" value="local">#springMessageText("idp.logout.idponly", "Logout Locally")</button></p>
<p>#springMessageText("idp.logout.idponly.caption", "End your SSO session.")</p>
- </div>
#end
#if ($promptForSP)
- <div class="form-element-wrapper">
- <button id="logout_propagate" class="form-element form-button" type="submit" name="_eventId" value="propagate">#springMessageText("idp.logout.global", "Logout Globally")</button>
+ <p><button id="logout_propagate" type="submit" name="_eventId" value="propagate">#springMessageText("idp.logout.global", "Logout Globally")</button></p>
<p>#springMessageText("idp.logout.global.caption", "End your SSO session and attempt logout of services accessed during session.")</p>
- <br>
<p>#springMessageText("idp.logout.contactServices", "If instructed, the system will attempt to contact the following services:")</p>
<ol>
#foreach ($sp in $logoutContext.getSessionMap().keySet())
@@ -91,15 +87,11 @@
#end
#end
</ol>
- <br>
- </div>
#end
#if ($promptForIdP)
- <div class="form-element-wrapper">
- <button id="logout_cancel" class="form-element form-button" type="submit" name="_eventId" value="end">#springMessageText("idp.logout.cancel", "Cancel")</button>
+ <p><button class="button--secondary" id="logout_cancel" type="submit" name="_eventId" value="end">#springMessageText("idp.logout.cancel", "Cancel")</button></p>
<p>#springMessageText("idp.logout.cancel.caption", "Cancel logout and retain your SSO session.")</p>
- </div>
#end
#if ($promptForIdP or $promptForSP)
@@ -110,22 +102,17 @@
<iframe style="display:none" src="$flowExecutionUrl&_eventId=proceed"></iframe>
#end
- </div>
- <div class="column two">
- <ul class="list list-help">
- <li class="list-help-item"><a href="#springMessageText("idp.url.password.reset", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
- <li class="list-help-item"><a href="#springMessageText("idp.url.helpdesk", '#')"><span class="item-marker">›</span> #springMessageText("idp.login.needHelp", "Need Help?")</a></li>
- </ul>
- </div>
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
-
- </body>
+ <ul>
+ <li><a href="#springMessageText("idp.url.password.reset", '#')">#springMessageText("idp.login.forgotPassword", "Forgot your password?")</a></li>
+ <li><a href="#springMessageText("idp.url.helpdesk", '#')">#springMessageText("idp.login.needHelp", "Need Help?")</a></li>
+ </ul>
+ </section>
+
+ </main>
+ <footer class="footer">
+ <div class="cc">
+ <p>#springMessageText("idp.footer", "Insert your footer text here.")</p>
+ </div>
+ </footer>
+ </body>
</html>
\ No newline at end of file
diff --git a/views/user-prefs.js b/views/user-prefs.js
deleted file mode 100644
index ab994f9..0000000
--- a/views/user-prefs.js
+++ /dev/null
@@ -1,45 +0,0 @@
-"use strict";
-
-function createCookie(name, value, seconds) {
- var date = new Date();
- date.setTime(date.getTime() + (seconds * 1000));
- var expires = "; expires=" + date.toGMTString();
-
- var path = '$environment.getProperty("idp.cookie.path", $request.getContextPath())';
- if (path.length > 0)
- path = "; path=" + path;
- document.cookie = name + "=" + value + expires + path;
-}
-
-function eraseCookie(name) {
- createCookie(name, "", -31536000);
-}
-
-function readCookie(name) {
- var nameEQ = name + "=";
- var ca = document.cookie.split(';');
- for (var i = 0; i < ca.length; i++) {
- var c = ca[i];
- while (c.charAt(0) == ' ')
- c = c.substring(1, c.length);
- if (c.indexOf(nameEQ) == 0)
- return c.substring(nameEQ.length, c.length);
- }
- return null;
-}
-
-function load(id) {
- var checkbox = document.getElementById(id);
- if (checkbox != null) {
- var spnego = readCookie(checkbox.name);
- checkbox.checked = (spnego == "1");
- }
-}
-
-function check(checkbox) {
- if (checkbox.checked) {
- createCookie(checkbox.name, checkbox.value, $environment.getProperty("idp.cookie.maxAge","31536000"));
- } else {
- eraseCookie(checkbox.name);
- }
-}
diff --git a/views/user-prefs.vm b/views/user-prefs.vm
deleted file mode 100644
index 8de0503..0000000
--- a/views/user-prefs.vm
+++ /dev/null
@@ -1,60 +0,0 @@
-##
-## Velocity Template for user preferences view
-##
-## Velocity context will contain the following properties
-## request - HttpServletRequest
-## response - HttpServletResponse
-## environment - Spring Environment object for property resolution
-## custom - arbitrary object injected by deployer
-##
-<!DOCTYPE html>
-<html>
- <head>
- <meta charset="utf-8">
- <meta name="viewport" content="width=device-width,initial-scale=1.0">
- <title>#springMessageText("idp.userprefs.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences")</title>
- <link rel="stylesheet" type="text/css" href="$request.getContextPath()/css/main.css">
- <script language="Javascript">
- <!--
- #parse( "user-prefs.js" )
- // -->
- </script>
- </head>
- <body onLoad="document.getElementById('content').style.display='block'; load('spnego')">
- <div class="wrapper">
- <div class="container">
- <header>
- <img src="$request.getContextPath()#springMessage("idp.logo")" alt="#springMessageText("idp.logo.alt-text", "logo")">
- <h3>#springMessageText("idp.title", "Web Login Service") - #springMessageText("idp.userprefs.title.suffix", "Login Preferences")</h3>
- <p>
- #springMessage("idp.userprefs.info")
- </p>
- </header>
-
- <noscript>
- <div id="content" class="content">
- $springMacroRequestContext.getMessage("idp.userprefs.no-js", "This feature requires Javascript.")
- </div>
- </noscript>
-
- <div id="content" class="content" style="display:none">
- <div class="form-element-wrapper">
- <h4>#springMessageText("idp.userprefs.options", "The following options are available:")</h4>
- </div>
-
- <div class="form-element-wrapper">
- <input type="checkbox" id="spnego" name="_idp_spnego_autologin" value="1" onClick="check(this)">
- #springMessageText("idp.userprefs.spnego", "Automatically try desktop login when available.")
- </div>
- </div>
- </div>
-
- <footer>
- <div class="container container-footer">
- <p class="footer-text">#springMessageText("idp.footer", "Insert your footer text here.")</p>
- </div>
- </footer>
- </div>
-
- </body>
-</html>