From 55e3c1a8a1a1691efa25e30afa89e8b1b3014329 Mon Sep 17 00:00:00 2001 From: subrahmanyaman Date: Tue, 1 Feb 2022 07:33:33 +0000 Subject: [PATCH] Merged keymaster keymint common code --- .../javacard/kmapplet/KMAndroidSEApplet.java | 428 ++ .../kmapplet/KMBootParamsProviderImpl.java | 53 + .../javacard/kmapplet/KMConfigurations.java | 32 + .../javacard/kmapplet/KMKeymintDataStore.java | 890 ++++ .../javacard/kmapplet/KMRkpDataStoreImpl.java | 193 + Applet/AndroidSEProvider/AndroidSE_3_0_5.opt | 5 - Applet/AndroidSEProvider/AndroidSE_3_1_0.opt | 5 - .../java/io/javacard/io.exp | Bin 212 -> 0 bytes .../java/lang/javacard/lang.exp | Bin 881 -> 0 bytes .../java/rmi/javacard/rmi.exp | Bin 280 -> 0 bytes .../javacard/framework/javacard/framework.exp | Bin 8344 -> 0 bytes .../framework/service/javacard/service.exp | Bin 2901 -> 0 bytes .../javacard/security/javacard/security.exp | Bin 14393 -> 0 bytes .../javacardx/apdu/javacard/apdu.exp | Bin 113 -> 0 bytes .../javacardx/apdu/util/javacard/util.exp | Bin 306 -> 0 bytes .../javacardx/biometry/javacard/biometry.exp | Bin 2254 -> 0 bytes .../biometry1toN/javacard/biometry1toN.exp | Bin 3084 -> 0 bytes .../javacardx/crypto/javacard/crypto.exp | Bin 3588 -> 0 bytes .../javacardx/external/javacard/external.exp | Bin 857 -> 0 bytes .../framework/math/javacard/math.exp | Bin 812 -> 0 bytes .../framework/string/javacard/string.exp | Bin 1494 -> 0 bytes .../javacardx/framework/tlv/javacard/tlv.exp | Bin 3011 -> 0 bytes .../framework/util/intx/javacard/intx.exp | Bin 309 -> 0 bytes .../framework/util/javacard/util.exp | Bin 845 -> 0 bytes .../javacardx/security/javacard/security.exp | Bin 403 -> 0 bytes .../upgrade/javacard/upgrade.exp | Bin 1705 -> 0 bytes .../upgrade/javacard/upgrade.jca | 245 - .../java/io/javacard/io.exp | Bin 242 -> 0 bytes .../java/lang/javacard/lang.exp | Bin 894 -> 0 bytes .../java/rmi/javacard/rmi.exp | Bin 337 -> 0 bytes .../javacard/framework/javacard/framework.exp | Bin 9048 -> 0 bytes .../framework/service/javacard/service.exp | Bin 3002 -> 0 bytes .../javacard/security/javacard/security.exp | Bin 17189 -> 0 bytes .../javacardx/apdu/javacard/apdu.exp | Bin 143 -> 0 bytes .../javacardx/apdu/util/javacard/util.exp | Bin 336 -> 0 bytes .../javacardx/biometry/javacard/biometry.exp | Bin 2325 -> 0 bytes .../biometry1toN/javacard/biometry1toN.exp | Bin 3158 -> 0 bytes .../javacardx/crypto/javacard/crypto.exp | Bin 4015 -> 0 bytes .../javacardx/external/javacard/external.exp | Bin 926 -> 0 bytes .../framework/event/javacard/event.exp | Bin 519 -> 0 bytes .../framework/math/javacard/math.exp | Bin 844 -> 0 bytes .../javacardx/framework/nio/javacard/nio.exp | Bin 2219 -> 0 bytes .../framework/string/javacard/string.exp | Bin 1562 -> 0 bytes .../framework/time/javacard/time.exp | Bin 1555 -> 0 bytes .../javacardx/framework/tlv/javacard/tlv.exp | Bin 3084 -> 0 bytes .../framework/util/intx/javacard/intx.exp | Bin 444 -> 0 bytes .../framework/util/javacard/util.exp | Bin 913 -> 0 bytes .../javacardx/security/cert/javacard/cert.exp | Bin 2833 -> 0 bytes .../derivation/javacard/derivation.exp | Bin 2265 -> 0 bytes .../javacardx/security/javacard/security.exp | Bin 433 -> 0 bytes .../javacardx/security/util/javacard/util.exp | Bin 503 -> 0 bytes Applet/AndroidSEProvider/build.xml | 81 - .../javacard/keymaster/KMAndroidSEApplet.java | 205 - .../keymaster/KMAttestationCertImpl.java | 909 ---- .../javacard/keymaster/KMOperationImpl.java | 271 - .../{keymaster => seprovider}/KMAESKey.java | 22 +- .../KMAndroidSEProvider.java | 1169 ++--- .../KMConfigurations.java | 3 +- .../seprovider/KMECDeviceUniqueKey.java | 78 + .../KMECPrivateKey.java | 15 +- .../KMEcdsa256NoDigestSignature.java | 2 +- .../android/javacard/seprovider}/KMError.java | 47 +- .../{keymaster => seprovider}/KMHmacKey.java | 16 +- .../seprovider/KMKeymasterProvision.java | 341 ++ .../seprovider/KMKeymintProvision.java | 141 + .../javacard/seprovider/KMOperationImpl.java | 380 ++ .../javacard/seprovider/KMPoolManager.java | 335 ++ .../KMRsa2048NoDigestSignature.java | 5 +- .../KMRsaOAEPEncoding.java | 2 +- .../android/javacard/seprovider}/KMType.java | 111 +- Applet/JCardSimProvider/build.xml | 60 - .../lib/hamcrest-core-1.3.jar | Bin 45024 -> 0 bytes .../lib/jcardsim-3.0.5-SNAPSHOT.jar | Bin 492079 -> 0 bytes Applet/JCardSimProvider/lib/junit-4.13.jar | Bin 381765 -> 0 bytes .../android/javacard/keymaster/KMCipher.java | 45 - .../javacard/keymaster/KMCipherImpl.java | 239 - .../javacard/keymaster/KMECPrivateKey.java | 38 - .../KMEcdsa256NoDigestSignature.java | 191 - .../android/javacard/keymaster/KMHmacKey.java | 43 - .../javacard/keymaster/KMJCardSimApplet.java | 35 - .../javacard/keymaster/KMJCardSimulator.java | 1408 ----- .../javacard/keymaster/KMOperationImpl.java | 82 - .../keymaster/KMPKCS8DecoderImpl.java | 223 - .../keymaster/KMRsa2048NoDigestSignature.java | 145 - .../android/javacard/keymaster/KMUtils.java | 438 -- .../javacard/test/KMFunctionalTest.java | 3928 -------------- Applet/README.md | 20 +- Applet/build.xml | 26 - .../android/javacard/keymaster/KMEncoder.java | 420 -- .../keymaster/KMKeyCharacteristics.java | 111 - .../javacard/keymaster/KMKeyParameters.java | 386 -- .../javacard/keymaster/KMKeymasterApplet.java | 4154 --------------- .../javacard/keymaster/KMOperationState.java | 334 -- .../javacard/keymaster/KMPKCS8Decoder.java | 36 - .../javacard/keymaster/KMRepository.java | 1022 ---- .../com/android/javacard/keymaster/KMTag.java | 39 - .../{keymaster => kmdevice}/KMArray.java | 114 +- .../KMAttestationCert.java | 60 +- .../kmdevice}/KMAttestationCertImpl.java | 653 ++- .../KMAttestationKey.java | 3 +- .../javacard/kmdevice/KMBignumTag.java | 139 + .../{keymaster => kmdevice}/KMBoolTag.java | 65 +- .../javacard/kmdevice/KMBootDataStore.java | 45 + .../{keymaster => kmdevice}/KMByteBlob.java | 99 +- .../{keymaster => kmdevice}/KMByteTag.java | 81 +- .../KMComputedHmacKey.java | 3 +- .../javacard/kmdevice}/KMConfigurations.java | 3 +- .../com/android/javacard/kmdevice/KMCose.java | 591 +++ .../javacard/kmdevice/KMCoseCertPayload.java | 137 + .../javacard/kmdevice/KMCoseHeaders.java | 203 + .../android/javacard/kmdevice/KMCoseKey.java | 239 + .../android/javacard/kmdevice/KMCoseMap.java | 165 + .../kmdevice/KMCosePairByteBlobTag.java | 134 + .../kmdevice/KMCosePairCoseKeyTag.java | 97 + .../kmdevice/KMCosePairIntegerTag.java | 96 + .../kmdevice/KMCosePairNegIntegerTag.java | 95 + .../kmdevice/KMCosePairSimpleValueTag.java | 78 + .../javacard/kmdevice/KMCosePairTagType.java | 242 + .../kmdevice/KMCosePairTextStringTag.java | 99 + .../javacard/kmdevice/KMDataStore.java | 180 + .../kmdevice/KMDataStoreConstants.java | 69 + .../{keymaster => kmdevice}/KMDecoder.java | 412 +- .../javacard/kmdevice/KMDeviceUniqueKey.java} | 26 +- .../android/javacard/kmdevice/KMEncoder.java | 761 +++ .../{keymaster => kmdevice}/KMEnum.java | 100 +- .../KMEnumArrayTag.java | 90 +- .../{keymaster => kmdevice}/KMEnumTag.java | 55 +- .../android/javacard/kmdevice/KMError.java | 137 + .../{keymaster => kmdevice}/KMException.java | 33 +- .../KMHardwareAuthToken.java | 133 +- .../KMHmacSharingParameters.java | 54 +- .../{keymaster => kmdevice}/KMInteger.java | 123 +- .../KMIntegerArrayTag.java | 82 +- .../{keymaster => kmdevice}/KMIntegerTag.java | 108 +- .../kmdevice/KMKeyCharacteristics.java | 159 + .../javacard/kmdevice/KMKeyParameters.java | 519 ++ .../javacard/kmdevice/KMKeymasterDevice.java | 4624 +++++++++++++++++ .../javacard/kmdevice/KMKeymintDevice.java | 613 +++ .../com/android/javacard/kmdevice/KMMap.java | 194 + .../{keymaster => kmdevice}/KMMasterKey.java | 5 +- .../android/javacard/kmdevice/KMNInteger.java | 186 + .../{keymaster => kmdevice}/KMOperation.java | 4 +- .../javacard/kmdevice/KMOperationState.java | 331 ++ .../javacard/kmdevice/KMPKCS8Decoder.java} | 126 +- .../KMPreSharedKey.java | 2 +- .../javacard/kmdevice/KMRepository.java | 113 + .../javacard/kmdevice/KMRkpDataStore.java | 64 + .../{keymaster => kmdevice}/KMSEProvider.java | 349 +- .../javacard/kmdevice/KMSimpleValue.java | 74 + .../com/android/javacard/kmdevice/KMTag.java | 102 + .../javacard/kmdevice/KMTextString.java | 103 + .../com/android/javacard/kmdevice/KMType.java | 403 ++ .../{keymaster => kmdevice}/KMUpgradable.java | 2 +- .../android/javacard/kmdevice}/KMUtils.java | 123 +- .../KMVerificationToken.java | 113 +- .../RemotelyProvisionedComponentDevice.java | 1450 ++++++ HAL/.clang-format | 10 + HAL/Android.bp | 222 + HAL/CborConverter.cpp | 454 ++ HAL/CborConverter.h | 194 + HAL/ITransport.h | 51 + HAL/JavacardKeyMintDevice.cpp | 323 ++ HAL/JavacardKeyMintDevice.h | 106 + HAL/JavacardKeyMintOperation.cpp | 85 + HAL/JavacardKeyMintOperation.h | 69 + HAL/JavacardKeyMintUtils.cpp | 45 + HAL/JavacardKeyMintUtils.h | 41 + HAL/JavacardKeymaster.cpp | 514 ++ HAL/JavacardKeymaster.h | 127 + HAL/JavacardKeymaster4Device.cpp | 839 +++ HAL/JavacardKeymaster4Device.h | 158 + HAL/JavacardKeymasterOperation.cpp | 368 ++ HAL/JavacardKeymasterOperation.h | 164 + ...cardRemotelyProvisionedComponentDevice.cpp | 252 + ...vacardRemotelyProvisionedComponentDevice.h | 72 + HAL/JavacardSecureElement.cpp | 166 + HAL/JavacardSecureElement.h | 127 + HAL/JavacardSharedSecret.cpp | 31 + HAL/JavacardSharedSecret.h | 30 + .../4.1 => }/JavacardSoftKeymasterContext.cpp | 168 +- .../JavacardSoftKeymasterContext.h | 28 +- HAL/KMUtils.cpp | 227 + HAL/KMUtils.h | 74 + HAL/README.md | 7 - HAL/{keymaster/4.1 => }/SocketTransport.cpp | 98 +- HAL/SocketTransport.h | 55 + ...ardware.keymaster@4.1-strongbox.service.rc | 0 ...rdware.keymaster@4.1-strongbox.service.xml | 0 ...hardware.keymaster_strongbox_keystore.xml} | 0 ...ware.security.keymint-service.strongbox.rc | 3 + ...are.security.keymint-service.strongbox.xml | 10 + ...ecurity.sharedsecret-service.strongbox.xml | 6 + HAL/android.hardware.strongbox_keystore.xml | 17 + HAL/keymaster/4.1/CborConverter.cpp | 412 -- HAL/keymaster/4.1/CommonUtils.cpp | 353 -- .../4.1/JavacardKeymaster4Device.cpp | 1522 ------ .../4.1/JavacardOperationContext.cpp | 383 -- HAL/keymaster/4.1/OmapiTransport.cpp | 49 - HAL/keymaster/Android.bp | 143 - HAL/keymaster/include/CborConverter.h | 231 - HAL/keymaster/include/CommonUtils.h | 104 - .../include/JavacardKeymaster4Device.h | 168 - .../include/JavacardOperationContext.h | 155 - HAL/keymaster/include/Transport.h | 112 - HAL/keymaster/include/TransportFactory.h | 76 - .../4.1/service.cpp => keymasterService.cpp} | 17 +- HAL/keymintService.cpp | 67 + ProvisioningTool/{ => keymaster}/Makefile | 0 ProvisioningTool/{ => keymaster}/README.md | 0 .../{ => keymaster}/include/UniquePtr.h | 0 .../{ => keymaster}/include/constants.h | 3 +- .../{ => keymaster}/include/cppbor/cppbor.h | 0 .../include/cppbor/cppbor_parse.h | 0 .../{ => keymaster}/include/json/assertions.h | 0 .../{ => keymaster}/include/json/autolink.h | 0 .../{ => keymaster}/include/json/config.h | 0 .../{ => keymaster}/include/json/features.h | 0 .../{ => keymaster}/include/json/forwards.h | 0 .../{ => keymaster}/include/json/json.h | 0 .../{ => keymaster}/include/json/reader.h | 0 .../{ => keymaster}/include/json/value.h | 0 .../{ => keymaster}/include/json/version.h | 0 .../{ => keymaster}/include/json/writer.h | 0 .../{ => keymaster}/include/socket.h | 0 .../{ => keymaster}/include/utils.h | 0 .../{ => keymaster}/lib/README.md | 0 .../{ => keymaster}/lib/libjsoncpp.a | Bin .../{ => keymaster}/lib/libjsoncpp.so | Bin .../{ => keymaster}/lib/libjsoncpp.so.0 | Bin .../{ => keymaster}/lib/libjsoncpp.so.0.10.7 | Bin .../{ => keymaster}/sample_json_cf.txt | 0 .../{ => keymaster}/sample_json_gf.txt | 0 .../{ => keymaster}/src/construct_apdus.cpp | 0 .../{ => keymaster}/src/cppbor.cpp | 0 .../{ => keymaster}/src/cppbor_parse.cpp | 0 .../{ => keymaster}/src/provision.cpp | 0 .../{ => keymaster}/src/socket.cpp | 0 .../{ => keymaster}/src/utils.cpp | 0 .../test_resources/batch_cert.der | Bin .../test_resources/batch_key.der | Bin .../test_resources/ca_cert.der | Bin .../{ => keymaster}/test_resources/ca_key.der | Bin .../test_resources/intermediate_cert.der | Bin .../test_resources/intermediate_key.der | Bin ProvisioningTool/keymint/Makefile | 58 + ProvisioningTool/keymint/README.md | 41 + ProvisioningTool/keymint/include/UniquePtr.h | 39 + ProvisioningTool/keymint/include/constants.h | 103 + .../keymint/include/cppbor/cppbor.h | 1113 ++++ .../keymint/include/cppbor/cppbor_parse.h | 195 + .../keymint/include/cppcose/cppcose.h | 218 + .../keymint/include/json/assertions.h | 54 + .../keymint/include/json/autolink.h | 25 + .../keymint/include/json/config.h | 119 + .../keymint/include/json/features.h | 51 + .../keymint/include/json/forwards.h | 37 + ProvisioningTool/keymint/include/json/json.h | 15 + .../keymint/include/json/reader.h | 360 ++ ProvisioningTool/keymint/include/json/value.h | 850 +++ .../keymint/include/json/version.h | 13 + .../keymint/include/json/writer.h | 320 ++ ProvisioningTool/keymint/include/socket.h | 53 + ProvisioningTool/keymint/include/utils.h | 30 + ProvisioningTool/keymint/lib/README.md | 25 + ProvisioningTool/keymint/lib/libjsoncpp.a | Bin 0 -> 2640366 bytes ProvisioningTool/keymint/lib/libjsoncpp.so | Bin 0 -> 1388960 bytes ProvisioningTool/keymint/lib/libjsoncpp.so.0 | Bin 0 -> 1388960 bytes .../keymint/lib/libjsoncpp.so.0.10.7 | Bin 0 -> 1388960 bytes .../keymint/sample_json_keymint_cf.txt | 28 + .../keymint/src/construct_apdus.cpp | 612 +++ ProvisioningTool/keymint/src/cppbor.o | Bin 0 -> 1488864 bytes .../keymint/src/cppbor/cppbor.cpp | 626 +++ .../keymint/src/cppbor/cppbor_parse.cpp | 389 ++ ProvisioningTool/keymint/src/cppbor_parse.o | Bin 0 -> 1478184 bytes .../keymint/src/cppcose/cppcose.cpp | 210 + ProvisioningTool/keymint/src/provision.cpp | 329 ++ ProvisioningTool/keymint/src/socket.cpp | 109 + ProvisioningTool/keymint/src/utils.cpp | 96 + .../keymint/test_resources/batch_cert.der | Bin 0 -> 694 bytes .../keymint/test_resources/batch_key.der | Bin 0 -> 121 bytes .../keymint/test_resources/batch_key.pem | 5 + .../keymint/test_resources/ca_cert.der | Bin 0 -> 689 bytes .../keymint/test_resources/ca_key.der | Bin 0 -> 121 bytes .../test_resources/intermediate_cert.der | Bin 0 -> 664 bytes .../test_resources/intermediate_key.der | Bin 0 -> 121 bytes README.md | 8 +- TestingTools/JCProxy/JCProxy.iml | 15 + .../android/javacard/jcproxy/JCProxyMain.java | 24 +- .../javacard/jcproxy/JCardSimulator.java | 7 +- .../android/javacard/jcproxy/Simulator.java | 2 +- .../cts_tests_tests_keystore.patch | 0 .../device_google_cuttlefish.patch | 0 .../hardware_interfaces_keymaster.patch | 0 .../omapi_patches/JavacardKeymaster.patch | 0 .../packages_apps_secureElement.patch | 0 .../system_sepolicy.patch | 0 .../device_google_cuttlefish.patch | 0 .../hardware_interfaces_keymaster.patch | 0 .../system_security_keystore2.patch | 0 .../system_sepolicy.patch | 0 .../device_google_cuttlefish.patch | 60 + .../hardware_interfaces.patch | 1129 ++++ .../system_keymaster.patch | 441 ++ .../system_sepolicy.patch | 20 + .../device_google_cuttlefish.patch | 62 + .../hardware_interfaces.patch | 1213 +++++ .../system_keymaster.patch | 441 ++ .../system_security.patch | 13 + .../system_sepolicy.patch | 40 + 309 files changed, 32693 insertions(+), 20711 deletions(-) create mode 100644 Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMAndroidSEApplet.java create mode 100644 Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMBootParamsProviderImpl.java create mode 100644 Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMConfigurations.java create mode 100644 Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMKeymintDataStore.java create mode 100644 Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMRkpDataStoreImpl.java delete mode 100644 Applet/AndroidSEProvider/AndroidSE_3_0_5.opt delete mode 100644 Applet/AndroidSEProvider/AndroidSE_3_1_0.opt delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/java/io/javacard/io.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/java/lang/javacard/lang.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/java/rmi/javacard/rmi.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/framework/javacard/framework.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/framework/service/javacard/service.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/security/javacard/security.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/apdu/javacard/apdu.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/apdu/util/javacard/util.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/biometry/javacard/biometry.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/biometry1toN/javacard/biometry1toN.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/crypto/javacard/crypto.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/external/javacard/external.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/math/javacard/math.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/string/javacard/string.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/tlv/javacard/tlv.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/util/javacard/util.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/security/javacard/security.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/org/globalplatform/upgrade/javacard/upgrade.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.0.5/org/globalplatform/upgrade/javacard/upgrade.jca delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/java/io/javacard/io.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/java/lang/javacard/lang.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/java/rmi/javacard/rmi.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/framework/javacard/framework.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/framework/service/javacard/service.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/security/javacard/security.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/apdu/javacard/apdu.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/apdu/util/javacard/util.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/biometry/javacard/biometry.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/biometry1toN/javacard/biometry1toN.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/crypto/javacard/crypto.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/external/javacard/external.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/event/javacard/event.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/math/javacard/math.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/nio/javacard/nio.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/string/javacard/string.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/time/javacard/time.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/tlv/javacard/tlv.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/intx/javacard/intx.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/javacard/util.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/cert/javacard/cert.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/derivation/javacard/derivation.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/javacard/security.exp delete mode 100644 Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/util/javacard/util.exp delete mode 100644 Applet/AndroidSEProvider/build.xml delete mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java delete mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java delete mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java rename Applet/AndroidSEProvider/src/com/android/javacard/{keymaster => seprovider}/KMAESKey.java (78%) rename Applet/AndroidSEProvider/src/com/android/javacard/{keymaster => seprovider}/KMAndroidSEProvider.java (52%) rename Applet/AndroidSEProvider/src/com/android/javacard/{keymaster => seprovider}/KMConfigurations.java (96%) create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMECDeviceUniqueKey.java rename Applet/AndroidSEProvider/src/com/android/javacard/{keymaster => seprovider}/KMECPrivateKey.java (80%) rename Applet/AndroidSEProvider/src/com/android/javacard/{keymaster => seprovider}/KMEcdsa256NoDigestSignature.java (98%) rename Applet/{src/com/android/javacard/keymaster => AndroidSEProvider/src/com/android/javacard/seprovider}/KMError.java (71%) rename Applet/AndroidSEProvider/src/com/android/javacard/{keymaster => seprovider}/KMHmacKey.java (83%) create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMKeymasterProvision.java create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMKeymintProvision.java create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMOperationImpl.java create mode 100644 Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMPoolManager.java rename Applet/AndroidSEProvider/src/com/android/javacard/{keymaster => seprovider}/KMRsa2048NoDigestSignature.java (96%) rename Applet/AndroidSEProvider/src/com/android/javacard/{keymaster => seprovider}/KMRsaOAEPEncoding.java (99%) rename Applet/{src/com/android/javacard/keymaster => AndroidSEProvider/src/com/android/javacard/seprovider}/KMType.java (77%) delete mode 100644 Applet/JCardSimProvider/build.xml delete mode 100644 Applet/JCardSimProvider/lib/hamcrest-core-1.3.jar delete mode 100644 Applet/JCardSimProvider/lib/jcardsim-3.0.5-SNAPSHOT.jar delete mode 100644 Applet/JCardSimProvider/lib/junit-4.13.jar delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipher.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMCipherImpl.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java delete mode 100644 Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java delete mode 100644 Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java delete mode 100644 Applet/build.xml delete mode 100644 Applet/src/com/android/javacard/keymaster/KMEncoder.java delete mode 100644 Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java delete mode 100644 Applet/src/com/android/javacard/keymaster/KMKeyParameters.java delete mode 100644 Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java delete mode 100644 Applet/src/com/android/javacard/keymaster/KMOperationState.java delete mode 100644 Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java delete mode 100644 Applet/src/com/android/javacard/keymaster/KMRepository.java delete mode 100644 Applet/src/com/android/javacard/keymaster/KMTag.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMArray.java (53%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMAttestationCert.java (79%) rename Applet/{JCardSimProvider/src/com/android/javacard/keymaster => src/com/android/javacard/kmdevice}/KMAttestationCertImpl.java (56%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMAttestationKey.java (95%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMBignumTag.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMBoolTag.java (68%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMBootDataStore.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMByteBlob.java (57%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMByteTag.java (65%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMComputedHmacKey.java (50%) rename Applet/{JCardSimProvider/src/com/android/javacard/keymaster => src/com/android/javacard/kmdevice}/KMConfigurations.java (96%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCose.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCoseCertPayload.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCoseHeaders.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCoseKey.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCoseMap.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCosePairByteBlobTag.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCosePairCoseKeyTag.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCosePairIntegerTag.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCosePairNegIntegerTag.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCosePairSimpleValueTag.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCosePairTagType.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMCosePairTextStringTag.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMDataStore.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMDataStoreConstants.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMDecoder.java (50%) rename Applet/{JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java => src/com/android/javacard/kmdevice/KMDeviceUniqueKey.java} (53%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMEncoder.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMEnum.java (61%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMEnumArrayTag.java (73%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMEnumTag.java (73%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMError.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMException.java (70%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMHardwareAuthToken.java (50%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMHmacSharingParameters.java (66%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMInteger.java (59%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMIntegerArrayTag.java (72%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMIntegerTag.java (67%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMKeyCharacteristics.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMKeyParameters.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMKeymasterDevice.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMKeymintDevice.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMMap.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMMasterKey.java (88%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMNInteger.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMOperation.java (95%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMOperationState.java rename Applet/{AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java => src/com/android/javacard/kmdevice/KMPKCS8Decoder.java} (61%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMPreSharedKey.java (95%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMRepository.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMRkpDataStore.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMSEProvider.java (70%) create mode 100644 Applet/src/com/android/javacard/kmdevice/KMSimpleValue.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMTag.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMTextString.java create mode 100644 Applet/src/com/android/javacard/kmdevice/KMType.java rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMUpgradable.java (95%) rename Applet/{AndroidSEProvider/src/com/android/javacard/keymaster => src/com/android/javacard/kmdevice}/KMUtils.java (80%) rename Applet/src/com/android/javacard/{keymaster => kmdevice}/KMVerificationToken.java (50%) create mode 100644 Applet/src/com/android/javacard/kmdevice/RemotelyProvisionedComponentDevice.java create mode 100644 HAL/.clang-format create mode 100644 HAL/Android.bp create mode 100644 HAL/CborConverter.cpp create mode 100644 HAL/CborConverter.h create mode 100644 HAL/ITransport.h create mode 100644 HAL/JavacardKeyMintDevice.cpp create mode 100644 HAL/JavacardKeyMintDevice.h create mode 100644 HAL/JavacardKeyMintOperation.cpp create mode 100644 HAL/JavacardKeyMintOperation.h create mode 100644 HAL/JavacardKeyMintUtils.cpp create mode 100644 HAL/JavacardKeyMintUtils.h create mode 100644 HAL/JavacardKeymaster.cpp create mode 100644 HAL/JavacardKeymaster.h create mode 100644 HAL/JavacardKeymaster4Device.cpp create mode 100644 HAL/JavacardKeymaster4Device.h create mode 100644 HAL/JavacardKeymasterOperation.cpp create mode 100644 HAL/JavacardKeymasterOperation.h create mode 100644 HAL/JavacardRemotelyProvisionedComponentDevice.cpp create mode 100644 HAL/JavacardRemotelyProvisionedComponentDevice.h create mode 100644 HAL/JavacardSecureElement.cpp create mode 100644 HAL/JavacardSecureElement.h create mode 100644 HAL/JavacardSharedSecret.cpp create mode 100644 HAL/JavacardSharedSecret.h rename HAL/{keymaster/4.1 => }/JavacardSoftKeymasterContext.cpp (58%) rename HAL/{keymaster/include => }/JavacardSoftKeymasterContext.h (68%) create mode 100644 HAL/KMUtils.cpp create mode 100644 HAL/KMUtils.h delete mode 100644 HAL/README.md rename HAL/{keymaster/4.1 => }/SocketTransport.cpp (50%) create mode 100644 HAL/SocketTransport.h rename HAL/{keymaster/4.1 => }/android.hardware.keymaster@4.1-strongbox.service.rc (100%) rename HAL/{keymaster/4.1 => }/android.hardware.keymaster@4.1-strongbox.service.xml (100%) rename HAL/{keymaster/4.1/android.hardware.strongbox_keystore.xml => android.hardware.keymaster_strongbox_keystore.xml} (100%) create mode 100644 HAL/android.hardware.security.keymint-service.strongbox.rc create mode 100644 HAL/android.hardware.security.keymint-service.strongbox.xml create mode 100644 HAL/android.hardware.security.sharedsecret-service.strongbox.xml create mode 100644 HAL/android.hardware.strongbox_keystore.xml delete mode 100644 HAL/keymaster/4.1/CborConverter.cpp delete mode 100644 HAL/keymaster/4.1/CommonUtils.cpp delete mode 100644 HAL/keymaster/4.1/JavacardKeymaster4Device.cpp delete mode 100644 HAL/keymaster/4.1/JavacardOperationContext.cpp delete mode 100644 HAL/keymaster/4.1/OmapiTransport.cpp delete mode 100644 HAL/keymaster/Android.bp delete mode 100644 HAL/keymaster/include/CborConverter.h delete mode 100644 HAL/keymaster/include/CommonUtils.h delete mode 100644 HAL/keymaster/include/JavacardKeymaster4Device.h delete mode 100644 HAL/keymaster/include/JavacardOperationContext.h delete mode 100644 HAL/keymaster/include/Transport.h delete mode 100644 HAL/keymaster/include/TransportFactory.h rename HAL/{keymaster/4.1/service.cpp => keymasterService.cpp} (61%) create mode 100644 HAL/keymintService.cpp rename ProvisioningTool/{ => keymaster}/Makefile (100%) rename ProvisioningTool/{ => keymaster}/README.md (100%) rename ProvisioningTool/{ => keymaster}/include/UniquePtr.h (100%) rename ProvisioningTool/{ => keymaster}/include/constants.h (97%) rename ProvisioningTool/{ => keymaster}/include/cppbor/cppbor.h (100%) rename ProvisioningTool/{ => keymaster}/include/cppbor/cppbor_parse.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/assertions.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/autolink.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/config.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/features.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/forwards.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/json.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/reader.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/value.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/version.h (100%) rename ProvisioningTool/{ => keymaster}/include/json/writer.h (100%) rename ProvisioningTool/{ => keymaster}/include/socket.h (100%) rename ProvisioningTool/{ => keymaster}/include/utils.h (100%) rename ProvisioningTool/{ => keymaster}/lib/README.md (100%) rename ProvisioningTool/{ => keymaster}/lib/libjsoncpp.a (100%) rename ProvisioningTool/{ => keymaster}/lib/libjsoncpp.so (100%) rename ProvisioningTool/{ => keymaster}/lib/libjsoncpp.so.0 (100%) rename ProvisioningTool/{ => keymaster}/lib/libjsoncpp.so.0.10.7 (100%) rename ProvisioningTool/{ => keymaster}/sample_json_cf.txt (100%) rename ProvisioningTool/{ => keymaster}/sample_json_gf.txt (100%) rename ProvisioningTool/{ => keymaster}/src/construct_apdus.cpp (100%) rename ProvisioningTool/{ => keymaster}/src/cppbor.cpp (100%) rename ProvisioningTool/{ => keymaster}/src/cppbor_parse.cpp (100%) rename ProvisioningTool/{ => keymaster}/src/provision.cpp (100%) rename ProvisioningTool/{ => keymaster}/src/socket.cpp (100%) rename ProvisioningTool/{ => keymaster}/src/utils.cpp (100%) rename ProvisioningTool/{ => keymaster}/test_resources/batch_cert.der (100%) rename ProvisioningTool/{ => keymaster}/test_resources/batch_key.der (100%) rename ProvisioningTool/{ => keymaster}/test_resources/ca_cert.der (100%) rename ProvisioningTool/{ => keymaster}/test_resources/ca_key.der (100%) rename ProvisioningTool/{ => keymaster}/test_resources/intermediate_cert.der (100%) rename ProvisioningTool/{ => keymaster}/test_resources/intermediate_key.der (100%) create mode 100644 ProvisioningTool/keymint/Makefile create mode 100644 ProvisioningTool/keymint/README.md create mode 100644 ProvisioningTool/keymint/include/UniquePtr.h create mode 100644 ProvisioningTool/keymint/include/constants.h create mode 100644 ProvisioningTool/keymint/include/cppbor/cppbor.h create mode 100644 ProvisioningTool/keymint/include/cppbor/cppbor_parse.h create mode 100644 ProvisioningTool/keymint/include/cppcose/cppcose.h create mode 100644 ProvisioningTool/keymint/include/json/assertions.h create mode 100644 ProvisioningTool/keymint/include/json/autolink.h create mode 100644 ProvisioningTool/keymint/include/json/config.h create mode 100644 ProvisioningTool/keymint/include/json/features.h create mode 100644 ProvisioningTool/keymint/include/json/forwards.h create mode 100644 ProvisioningTool/keymint/include/json/json.h create mode 100644 ProvisioningTool/keymint/include/json/reader.h create mode 100644 ProvisioningTool/keymint/include/json/value.h create mode 100644 ProvisioningTool/keymint/include/json/version.h create mode 100644 ProvisioningTool/keymint/include/json/writer.h create mode 100644 ProvisioningTool/keymint/include/socket.h create mode 100644 ProvisioningTool/keymint/include/utils.h create mode 100644 ProvisioningTool/keymint/lib/README.md create mode 100644 ProvisioningTool/keymint/lib/libjsoncpp.a create mode 100755 ProvisioningTool/keymint/lib/libjsoncpp.so create mode 100755 ProvisioningTool/keymint/lib/libjsoncpp.so.0 create mode 100755 ProvisioningTool/keymint/lib/libjsoncpp.so.0.10.7 create mode 100644 ProvisioningTool/keymint/sample_json_keymint_cf.txt create mode 100644 ProvisioningTool/keymint/src/construct_apdus.cpp create mode 100644 ProvisioningTool/keymint/src/cppbor.o create mode 100644 ProvisioningTool/keymint/src/cppbor/cppbor.cpp create mode 100644 ProvisioningTool/keymint/src/cppbor/cppbor_parse.cpp create mode 100644 ProvisioningTool/keymint/src/cppbor_parse.o create mode 100644 ProvisioningTool/keymint/src/cppcose/cppcose.cpp create mode 100644 ProvisioningTool/keymint/src/provision.cpp create mode 100644 ProvisioningTool/keymint/src/socket.cpp create mode 100644 ProvisioningTool/keymint/src/utils.cpp create mode 100644 ProvisioningTool/keymint/test_resources/batch_cert.der create mode 100644 ProvisioningTool/keymint/test_resources/batch_key.der create mode 100644 ProvisioningTool/keymint/test_resources/batch_key.pem create mode 100644 ProvisioningTool/keymint/test_resources/ca_cert.der create mode 100644 ProvisioningTool/keymint/test_resources/ca_key.der create mode 100644 ProvisioningTool/keymint/test_resources/intermediate_cert.der create mode 100644 ProvisioningTool/keymint/test_resources/intermediate_key.der create mode 100644 TestingTools/JCProxy/JCProxy.iml rename {aosp_integration_patches => patches/keymaster/aosp_integration_patches}/cts_tests_tests_keystore.patch (100%) rename {aosp_integration_patches => patches/keymaster/aosp_integration_patches}/device_google_cuttlefish.patch (100%) rename {aosp_integration_patches => patches/keymaster/aosp_integration_patches}/hardware_interfaces_keymaster.patch (100%) rename {aosp_integration_patches => patches/keymaster/aosp_integration_patches}/omapi_patches/JavacardKeymaster.patch (100%) rename {aosp_integration_patches => patches/keymaster/aosp_integration_patches}/omapi_patches/packages_apps_secureElement.patch (100%) rename {aosp_integration_patches => patches/keymaster/aosp_integration_patches}/system_sepolicy.patch (100%) rename {aosp_integration_patches_aosp_12_r15 => patches/keymaster/aosp_integration_patches_aosp_12_r15}/device_google_cuttlefish.patch (100%) rename {aosp_integration_patches_aosp_12_r15 => patches/keymaster/aosp_integration_patches_aosp_12_r15}/hardware_interfaces_keymaster.patch (100%) rename {aosp_integration_patches_aosp_12_r15 => patches/keymaster/aosp_integration_patches_aosp_12_r15}/system_security_keystore2.patch (100%) rename {aosp_integration_patches_aosp_12_r15 => patches/keymaster/aosp_integration_patches_aosp_12_r15}/system_sepolicy.patch (100%) create mode 100644 patches/keymint/aosp_integration_patches/device_google_cuttlefish.patch create mode 100644 patches/keymint/aosp_integration_patches/hardware_interfaces.patch create mode 100644 patches/keymint/aosp_integration_patches/system_keymaster.patch create mode 100644 patches/keymint/aosp_integration_patches/system_sepolicy.patch create mode 100644 patches/keymint/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch create mode 100644 patches/keymint/aosp_integration_patches_aosp_12_r15/hardware_interfaces.patch create mode 100644 patches/keymint/aosp_integration_patches_aosp_12_r15/system_keymaster.patch create mode 100644 patches/keymint/aosp_integration_patches_aosp_12_r15/system_security.patch create mode 100644 patches/keymint/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch diff --git a/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMAndroidSEApplet.java b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMAndroidSEApplet.java new file mode 100644 index 00000000..0338b004 --- /dev/null +++ b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMAndroidSEApplet.java @@ -0,0 +1,428 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmapplet; + +import org.globalplatform.upgrade.Element; +import org.globalplatform.upgrade.OnUpgradeListener; +import org.globalplatform.upgrade.UpgradeManager; + +import com.android.javacard.kmdevice.KMArray; +import com.android.javacard.kmdevice.KMBootDataStore; +import com.android.javacard.kmdevice.KMByteBlob; +import com.android.javacard.kmdevice.KMDecoder; +import com.android.javacard.kmdevice.KMEncoder; +import com.android.javacard.kmdevice.KMEnum; +import com.android.javacard.kmdevice.KMInteger; +import com.android.javacard.kmdevice.KMKeymasterDevice; +import com.android.javacard.kmdevice.KMKeymintDevice; +import com.android.javacard.kmdevice.KMRepository; +import com.android.javacard.kmdevice.KMRkpDataStore; +import com.android.javacard.seprovider.KMAndroidSEProvider; +import com.android.javacard.seprovider.KMError; +import com.android.javacard.kmdevice.KMException; +import com.android.javacard.kmdevice.KMDataStore; +import com.android.javacard.seprovider.KMKeymasterProvision; +import com.android.javacard.seprovider.KMKeymintProvision; +import com.android.javacard.kmdevice.KMSEProvider; +import com.android.javacard.kmdevice.KMDataStoreConstants; +import com.android.javacard.seprovider.KMType; + +import javacard.framework.APDU; +import javacard.framework.Applet; +import javacard.framework.AppletEvent; +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; +import javacard.security.CryptoException; +import javacardx.apdu.ExtendedLength; + +public class KMAndroidSEApplet extends Applet implements AppletEvent, OnUpgradeListener, + ExtendedLength { + + // Magic number version + private static final byte KM_MAGIC_NUMBER = (byte) 0x82; + // MSB byte is for Major version and LSB byte is for Minor version. + private static final short CURRENT_PACKAGE_VERSION = 0x0009; // 0.9 + + public static final byte CLA_ISO7816_NO_SM_NO_CHAN = (byte) 0x80; + private static final byte KM_BEGIN_STATE = 0x00; + private static final byte ILLEGAL_STATE = KM_BEGIN_STATE + 1; + + // Provider specific Commands + private static final byte INS_KEYMINT_PROVIDER_APDU_START = 0x00; + private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = + INS_KEYMINT_PROVIDER_APDU_START + 1; //0x01 + private static final byte INS_PROVISION_ATTESTATION_CERT_DATA_CMD = + INS_KEYMINT_PROVIDER_APDU_START + 2; //0x02 + private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_KEYMINT_PROVIDER_APDU_START + 3; + private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = + INS_KEYMINT_PROVIDER_APDU_START + 4; + private static final byte INS_SET_BOOT_PARAMS_CMD = INS_KEYMINT_PROVIDER_APDU_START + 5; + private static final byte INS_LOCK_PROVISIONING_CMD = INS_KEYMINT_PROVIDER_APDU_START + 6; + private static final byte INS_GET_PROVISION_STATUS_CMD = INS_KEYMINT_PROVIDER_APDU_START + 7; + private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = + INS_KEYMINT_PROVIDER_APDU_START + 8; //0x08 + private static final byte INS_SET_BOOT_ENDED_CMD = INS_KEYMINT_PROVIDER_APDU_START + 9; //0x09 + private static final byte INS_PROVISION_DEVICE_UNIQUE_KEY_CMD = + INS_KEYMINT_PROVIDER_APDU_START + 10; + private static final byte INS_PROVISION_ADDITIONAL_CERT_CHAIN_CMD = + INS_KEYMINT_PROVIDER_APDU_START + 11; + + // Keymaster versions + public static final byte KM_40 = 0x00; + public static final byte KM_41 = 0x01; + public static final byte KM_100 = 0x03; + + private static final byte BOOT_KEY_MAX_SIZE = 32; + private static final byte BOOT_HASH_MAX_SIZE = 32; + private static final byte COMPUTED_HMAC_KEY_SIZE = 32; + + + private byte kmDevice; + private KMSEProvider seProvider; + private KMKeymasterProvision seProvisionInst; + private KMDecoder decoderInst; + private KMEncoder encoderInst; + private KMRepository repositoryInst; + private KMKeymasterDevice kmDeviceInst; + private KMDataStore kmDataStore; + private KMRkpDataStore kmRkpDataStore; + private KMBootDataStore bootParamsProvider; + + // Package version. + protected short packageVersion; + + KMAndroidSEApplet(byte device) { + kmDevice = device; + seProvider = (KMSEProvider) new KMAndroidSEProvider(); + repositoryInst = new KMRepository(UpgradeManager.isUpgrading()); + decoderInst = new KMDecoder(); + encoderInst = new KMEncoder(); + if (!UpgradeManager.isUpgrading()) { + packageVersion = CURRENT_PACKAGE_VERSION; + initLibraries(); + } + } + + private void initLibraries() { + kmRkpDataStore = new KMRkpDataStoreImpl(seProvider); + kmDataStore = new KMKeymintDataStore(seProvider, + !(kmDevice == KM_100) /* Factory attest flag*/); + bootParamsProvider = new KMBootParamsProviderImpl((KMKeymintDataStore) kmDataStore); + if (kmDevice == KM_40 || kmDevice == KM_41) { + kmDeviceInst = new KMKeymasterDevice(seProvider, repositoryInst, encoderInst, decoderInst, + kmDataStore, + bootParamsProvider); + seProvisionInst = new KMKeymasterProvision(kmDeviceInst, seProvider, decoderInst, + repositoryInst, kmDataStore); + } else { + kmDeviceInst = new KMKeymintDevice(seProvider, repositoryInst, encoderInst, decoderInst, + kmDataStore, + bootParamsProvider, kmRkpDataStore); + seProvisionInst = new KMKeymintProvision(kmDeviceInst, seProvider, decoderInst, + repositoryInst, kmDataStore, + kmRkpDataStore); + } + } + + /** + * Installs this applet. + * + * @param bArray the array containing installation parameters + * @param bOffset the starting offset in bArray + * @param bLength the length in bytes of the parameter data in bArray + */ + public static void install(byte[] bArray, short bOffset, byte bLength) { + byte kmDevice = KM_100; + if (!UpgradeManager.isUpgrading()) { + byte Li = bArray[bOffset]; // Length of AID + byte Lc = bArray[(short) (bOffset + Li + 1)]; // Length of ControlInfo + byte La = bArray[(short) (bOffset + Li + Lc + 2)]; // Length of application data + if (La != 1) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + kmDevice = bArray[(short) (bOffset + Li + Lc + 3)]; + } + new KMAndroidSEApplet(kmDevice).register(bArray, (short) (bOffset + 1), bArray[bOffset]); + } + + private boolean isProvisionLocked() { + short offset = repositoryInst.alloc((short) 1); + short len = kmDataStore.getData(KMDataStoreConstants.PROVISIONED_LOCKED, + repositoryInst.getHeap(), offset); + if (len == 0) { + return false; + } + return ((byte[]) repositoryInst.getHeap())[offset] == 0x01; + } + + + @Override + public void process(APDU apdu) { + try { + // If this is select applet apdu which is selecting this applet then return + if (apdu.isISOInterindustryCLA()) { + if (selectingApplet()) { + return; + } + } + short apduIns = validateApdu(apdu); + if (((KMAndroidSEProvider) seProvider).isPowerReset(false)) { + kmDeviceInst.powerReset(); + } + + if (isProvisionLocked()) { + switch (apduIns) { + case INS_SET_BOOT_PARAMS_CMD: + processSetBootParamsCmd(apdu); + break; + + case INS_SET_BOOT_ENDED_CMD: + // set the flag to mark boot ended + byte[] buffer = apdu.getBuffer(); + buffer[0] = 0x01; + kmDataStore.storeData(KMDataStoreConstants.BOOT_ENDED_STATUS, buffer, (short) 0, + (short) 1); + kmDeviceInst.sendError(apdu, KMError.OK); + break; + + default: + kmDeviceInst.process(apdu); + break; + } + return; + } + + if (apduIns == KMType.INVALID_VALUE) { + return; + } + switch (apduIns) { + case INS_PROVISION_ATTESTATION_KEY_CMD: // only keymaster + seProvisionInst.processProvisionAttestationKey(apdu); + break; + case INS_PROVISION_ATTESTATION_CERT_DATA_CMD: // only keymaster + seProvisionInst.processProvisionAttestationCertDataCmd(apdu); + break; + case INS_PROVISION_ATTEST_IDS_CMD: + seProvisionInst.processProvisionAttestIdsCmd(apdu); + break; + + case INS_PROVISION_PRESHARED_SECRET_CMD: + seProvisionInst.processProvisionPreSharedSecretCmd(apdu); + break; + + case INS_GET_PROVISION_STATUS_CMD: + seProvisionInst.processGetProvisionStatusCmd(apdu); + break; + + case INS_LOCK_PROVISIONING_CMD: + seProvisionInst.processLockProvisioningCmd(apdu); + break; + + case INS_SET_BOOT_PARAMS_CMD: + processSetBootParamsCmd(apdu); + break; + + case INS_PROVISION_DEVICE_UNIQUE_KEY_CMD: // only keymint + seProvisionInst.processProvisionDeviceUniqueKey(apdu); + break; + + case INS_PROVISION_ADDITIONAL_CERT_CHAIN_CMD:// only keymint + seProvisionInst.processProvisionAdditionalCertChain(apdu); + break; + + default: + kmDeviceInst.process(apdu); + break; + } + } catch (KMException exception) { + kmDeviceInst.sendError(apdu, KMException.reason()); + } catch (ISOException exp) { + kmDeviceInst.sendError(apdu, kmDeviceInst.mapISOErrorToKMError(exp.getReason())); + } catch (CryptoException e) { + kmDeviceInst.sendError(apdu, kmDeviceInst.mapCryptoErrorToKMError(e.getReason())); + } catch (Exception e) { + kmDeviceInst.sendError(apdu, KMError.GENERIC_UNKNOWN_ERROR); + } finally { + kmDeviceInst.clean(); + } + } + + + private boolean isUpgradeAllowed(short version) { + boolean upgradeAllowed = false; + short oldMajorVersion = (short) ((version >> 8) & 0x00FF); + short oldMinorVersion = (short) (version & 0x00FF); + short currentMajorVersion = (short) (CURRENT_PACKAGE_VERSION >> 8 & 0x00FF); + short currentMinorVersion = (short) (CURRENT_PACKAGE_VERSION & 0x00FF); + // Downgrade of the Applet is not allowed. + // Upgrade is not allowed to a next version which is not immediate. + if ((short) (currentMajorVersion - oldMajorVersion) == 1) { + if (currentMinorVersion == 0) { + upgradeAllowed = true; + } + } else if ((short) (currentMajorVersion - oldMajorVersion) == 0) { + if ((short) (currentMinorVersion - oldMinorVersion) == 1) { + upgradeAllowed = true; + } + } + return upgradeAllowed; + } + + @Override + public void onCleanup() { + } + + @Override + public void onConsolidate() { + } + + @Override + public void onRestore(Element element) { + element.initRead(); + byte magicNumber = element.readByte(); + if (magicNumber != KM_MAGIC_NUMBER) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short packageVersion = element.readShort(); + // Validate version. + if (0 != packageVersion && !isUpgradeAllowed(packageVersion)) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + kmDevice = element.readByte(); + // Initialize libraries after reading kmDevice flag. + initLibraries(); + kmDataStore.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION); + kmRkpDataStore.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION); + } + + @Override + public Element onSave() { + short primitiveCount = 4; + primitiveCount += kmDataStore.getBackupPrimitiveByteCount(); + short objectCount = kmDataStore.getBackupObjectCount(); + + primitiveCount += kmRkpDataStore.getBackupPrimitiveByteCount(); + objectCount += kmRkpDataStore.getBackupObjectCount(); + + // Create element. + Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE, + primitiveCount, objectCount); + + element.write(KM_MAGIC_NUMBER); + element.write(packageVersion); + element.write(kmDevice); + kmDataStore.onSave(element); + kmRkpDataStore.onSave(element); + return element; + } + + private short validateApdu(APDU apdu) { + // Read the apdu header and buffer. + byte[] apduBuffer = apdu.getBuffer(); + byte apduClass = apduBuffer[ISO7816.OFFSET_CLA]; + + // Validate APDU Header. + if ((apduClass != CLA_ISO7816_NO_SM_NO_CHAN)) { + ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); + } + + kmDeviceInst.validateP1P2(apdu); + return apduBuffer[ISO7816.OFFSET_INS]; + } + + private void processSetBootParamsCmd(APDU apdu) { + short argsProto = KMArray.instance((short) 5); + + byte[] scratchPad = apdu.getBuffer(); + // Array of 4 expected arguments + // Argument 0 Boot Patch level + KMArray.add(argsProto, (short) 0, KMInteger.exp()); + // Argument 1 Verified Boot Key + KMArray.add(argsProto, (short) 1, KMByteBlob.exp()); + // Argument 2 Verified Boot Hash + KMArray.add(argsProto, (short) 2, KMByteBlob.exp()); + // Argument 3 Verified Boot State + KMArray.add(argsProto, (short) 3, KMEnum.instance(KMType.VERIFIED_BOOT_STATE)); + // Argument 4 Device Locked + KMArray.add(argsProto, (short) 4, KMEnum.instance(KMType.DEVICE_LOCKED)); + + short args = kmDeviceInst.receiveIncoming(apdu, argsProto); + + short bootParam = KMArray.get(args, (short) 0); + + ((KMKeymintDataStore) kmDataStore).setBootPatchLevel(KMInteger.getBuffer(bootParam), + KMInteger.getStartOff(bootParam), + KMInteger.length(bootParam)); + + bootParam = KMArray.get(args, (short) 1); + if (KMByteBlob.length(bootParam) > BOOT_KEY_MAX_SIZE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + ((KMKeymintDataStore) kmDataStore).setBootKey(KMByteBlob.getBuffer(bootParam), + KMByteBlob.getStartOff(bootParam), + KMByteBlob.length(bootParam)); + + bootParam = KMArray.get(args, (short) 2); + if (KMByteBlob.length(bootParam) > BOOT_HASH_MAX_SIZE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + ((KMKeymintDataStore) kmDataStore).setVerifiedBootHash(KMByteBlob.getBuffer(bootParam), + KMByteBlob.getStartOff(bootParam), + KMByteBlob.length(bootParam)); + + bootParam = KMArray.get(args, (short) 3); + byte enumVal = KMEnum.getVal(bootParam); + ((KMKeymintDataStore) kmDataStore).setBootState(enumVal); + + bootParam = KMArray.get(args, (short) 4); + enumVal = KMEnum.getVal(bootParam); + ((KMKeymintDataStore) kmDataStore).setDeviceLocked(enumVal == KMType.DEVICE_LOCKED_TRUE); + + // Clear the Computed SharedHmac and Hmac nonce from persistent memory. + Util.arrayFillNonAtomic(scratchPad, (short) 0, COMPUTED_HMAC_KEY_SIZE, (byte) 0); + kmDataStore.storeData(KMDataStoreConstants.COMPUTED_HMAC_KEY, scratchPad, (short) 0, + COMPUTED_HMAC_KEY_SIZE); + + kmDeviceInst.reboot(scratchPad, (short) 0); + kmDeviceInst.sendError(apdu, KMError.OK); + } + + @Override + public void uninstall() { + kmDeviceInst.onUninstall(); + } + + /** + * Selects this applet. + * + * @return Returns true if the keymaster is in correct state + */ + @Override + public boolean select() { + return kmDeviceInst.onSelect(); + + } + + /** + * De-selects this applet. + */ + @Override + public void deselect() { + kmDeviceInst.onDeselect(); + } +} + diff --git a/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMBootParamsProviderImpl.java b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMBootParamsProviderImpl.java new file mode 100644 index 00000000..467ce7a5 --- /dev/null +++ b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMBootParamsProviderImpl.java @@ -0,0 +1,53 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmapplet; + +import com.android.javacard.kmdevice.KMBootDataStore; + +public class KMBootParamsProviderImpl implements KMBootDataStore { + + KMKeymintDataStore kmStoreDataInst; + + public KMBootParamsProviderImpl(KMKeymintDataStore storeData) { + kmStoreDataInst = storeData; + } + + @Override + public short getVerifiedBootHash(byte[] buffer, short start) { + return kmStoreDataInst.getVerifiedBootHash(buffer, start); + } + + @Override + public short getBootKey(byte[] buffer, short start) { + return kmStoreDataInst.getBootKey(buffer, start); + } + + @Override + public short getBootState() { + return kmStoreDataInst.getBootState(); + } + + @Override + public boolean isDeviceBootLocked() { + return kmStoreDataInst.isDeviceBootLocked(); + } + + @Override + public short getBootPatchLevel(byte[] buffer, short start) { + return kmStoreDataInst.getBootPatchLevel(buffer, start); + } + +} diff --git a/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMConfigurations.java b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMConfigurations.java new file mode 100644 index 00000000..99f4d894 --- /dev/null +++ b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMConfigurations.java @@ -0,0 +1,32 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmapplet; + +public class KMConfigurations { + + // Machine types + public static final byte LITTLE_ENDIAN = 0x00; + public static final byte BIG_ENDIAN = 0x01; + public static final byte TEE_MACHINE_TYPE = LITTLE_ENDIAN; + + // Maximum cert chain size + public static final short CERT_CHAIN_MAX_SIZE = 2500; + public static final short CERT_ISSUER_MAX_SIZE = 250; + public static final short CERT_EXPIRY_MAX_SIZE = 20; + public static final short TOTAL_ATTEST_IDS_SIZE = 300; + public static final short ADDITIONAL_CERT_CHAIN_MAX_SIZE = 512; + public static final short BOOT_CERT_CHAIN_MAX_SIZE = 512; +} diff --git a/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMKeymintDataStore.java b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMKeymintDataStore.java new file mode 100644 index 00000000..cf19c0b2 --- /dev/null +++ b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMKeymintDataStore.java @@ -0,0 +1,890 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmapplet; + +import org.globalplatform.upgrade.Element; + +import com.android.javacard.kmdevice.KMAttestationKey; +import com.android.javacard.kmdevice.KMComputedHmacKey; +import com.android.javacard.kmdevice.KMDeviceUniqueKey; +import com.android.javacard.kmdevice.KMError; +import com.android.javacard.kmdevice.KMException; +import com.android.javacard.kmdevice.KMDataStore; +import com.android.javacard.kmdevice.KMMasterKey; +import com.android.javacard.kmdevice.KMPreSharedKey; +import com.android.javacard.kmdevice.KMSEProvider; +import com.android.javacard.kmdevice.KMDataStoreConstants; +import com.android.javacard.kmdevice.KMType; +import com.android.javacard.kmdevice.KMUpgradable; +import com.android.javacard.seprovider.KMConfigurations; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.JCSystem; +import javacard.framework.Util; + +/** + * KMRepository class manages persistent and volatile memory usage by the applet. Note the + * repository is only used by applet and it is not intended to be used by seProvider. + */ +public class KMKeymintDataStore implements KMDataStore { + + + // Data table configuration + private static final short DATA_INDEX_SIZE = 19; + private static final short DATA_INDEX_ENTRY_SIZE = 4; + private static final short DATA_MEM_SIZE = 300; + private static final short DATA_INDEX_ENTRY_LENGTH = 0; + private static final short DATA_INDEX_ENTRY_OFFSET = 2; + + // Data table offsets + private static final byte HMAC_NONCE = 0; + private static final byte OS_VERSION = 1; + private static final byte OS_PATCH_LEVEL = 2; + private static final byte VENDOR_PATCH_LEVEL = 3; + private static final byte DEVICE_LOCKED_TIME = 4; + private static final byte DEVICE_LOCKED = 5; + private static final byte DEVICE_LOCKED_PASSWORD_ONLY = 6; + // Total 8 auth tags, so the next offset is AUTH_TAG_1 + 8 + private static final byte AUTH_TAG_1 = 7; + private static final byte AUTH_TAG_2 = 8; + private static final byte AUTH_TAG_3 = 9; + private static final byte AUTH_TAG_4 = 10; + private static final byte AUTH_TAG_5 = 11; + private static final byte AUTH_TAG_6 = 12; + private static final byte AUTH_TAG_7 = 13; + private static final byte AUTH_TAG_8 = 14; + private static final byte BOOT_ENDED_STATUS = 15; + private static final byte EARLY_BOOT_ENDED_STATUS = 16; + private static final byte PROVISIONED_LOCKED = 17; + private static final byte PROVISIONED_STATUS = 18; + + // Data Item sizes + private static final short MASTER_KEY_SIZE = 16; + private static final short SHARED_SECRET_KEY_SIZE = 32; + private static final short HMAC_SEED_NONCE_SIZE = 32; + private static final short COMPUTED_HMAC_KEY_SIZE = 32; + private static final short SB_PROP_SIZE = 4; + private static final short DEVICE_LOCK_TS_SIZE = 8; + private static final short BOOT_DEVICE_LOCK_FLAG_SIZE = 1; + private static final short DEVICE_LOCKED_FLAG_SIZE = 1; + private static final short DEVICE_LOCKED_PASSWORD_ONLY_SIZE = 1; + private static final short BOOT_STATE_SIZE = 1; + private static final byte BOOT_KEY_MAX_SIZE = 32; + private static final byte BOOT_HASH_MAX_SIZE = 32; + private static final short MAX_BLOB_STORAGE = 8; + private static final short AUTH_TAG_LENGTH = 16; + private static final short AUTH_TAG_COUNTER_SIZE = 4; + private static final short AUTH_TAG_ENTRY_SIZE = (AUTH_TAG_LENGTH + AUTH_TAG_COUNTER_SIZE + 1); + private static final short BOOT_ENDED_FLAG_SIZE = 1; + private static final short EARLY_BOOT_ENDED_FLAG_SIZE = 1; + private static final short PROVISIONED_LOCKED_SIZE = 1; + private static final short PROVISIONED_STATUS_SIZE = 1; + + // certificate data constants. + private static final short CERT_CHAIN_OFFSET = 0; + private static final short CERT_ISSUER_OFFSET = KMConfigurations.CERT_CHAIN_MAX_SIZE; + private static final short CERT_EXPIRY_OFFSET = (short) (CERT_ISSUER_OFFSET + + KMConfigurations.CERT_ISSUER_MAX_SIZE); + + // data table + private byte[] dataTable; + private short dataIndex; + + // certificate data + protected byte[] certificateData; + + // Keys + private KMComputedHmacKey computedHmacKey; + private KMMasterKey masterKey; + private KMPreSharedKey preSharedKey; + private KMAttestationKey attestationKey; + protected KMSEProvider seProvider; + + // Data - originally was in repository + private byte[] attIdBrand; + private byte[] attIdDevice; + private byte[] attIdProduct; + private byte[] attIdSerial; + private byte[] attIdImei; + private byte[] attIdMeId; + private byte[] attIdManufacturer; + private byte[] attIdModel; + + + // Boot parameters + private byte[] verifiedHash; + private byte[] bootKey; + private byte[] bootPatchLevel; + private boolean deviceBootLocked; + private short bootState; + + public KMKeymintDataStore(KMSEProvider provider, boolean factoryAttestSupport) { + seProvider = provider; + boolean isUpgrading = provider.isUpgrading(); + initDataTable(isUpgrading); + initializeCertificateDataBuffer(isUpgrading, factoryAttestSupport); + } + + private short mapTodataTableId(byte kmStoreId) { + switch (kmStoreId) { + case KMDataStoreConstants.HMAC_NONCE: + return HMAC_NONCE; + case KMDataStoreConstants.OS_VERSION: + return OS_VERSION; + case KMDataStoreConstants.OS_PATCH_LEVEL: + return OS_PATCH_LEVEL; + case KMDataStoreConstants.VENDOR_PATCH_LEVEL: + return VENDOR_PATCH_LEVEL; + case KMDataStoreConstants.DEVICE_LOCKED_TIME: + return DEVICE_LOCKED_TIME; + case KMDataStoreConstants.DEVICE_LOCKED: + return DEVICE_LOCKED; + case KMDataStoreConstants.DEVICE_LOCKED_PASSWORD_ONLY: + return DEVICE_LOCKED_PASSWORD_ONLY; + case KMDataStoreConstants.BOOT_ENDED_STATUS: + return BOOT_ENDED_STATUS; + case KMDataStoreConstants.EARLY_BOOT_ENDED_STATUS: + return EARLY_BOOT_ENDED_STATUS; + case KMDataStoreConstants.PROVISIONED_LOCKED: + return PROVISIONED_LOCKED; + case KMDataStoreConstants.PROVISIONED_STATUS: + return PROVISIONED_STATUS; + case KMDataStoreConstants.AUTH_TAG_1: + return AUTH_TAG_1; + case KMDataStoreConstants.AUTH_TAG_2: + return AUTH_TAG_2; + case KMDataStoreConstants.AUTH_TAG_3: + return AUTH_TAG_3; + case KMDataStoreConstants.AUTH_TAG_4: + return AUTH_TAG_4; + case KMDataStoreConstants.AUTH_TAG_5: + return AUTH_TAG_5; + case KMDataStoreConstants.AUTH_TAG_6: + return AUTH_TAG_6; + case KMDataStoreConstants.AUTH_TAG_7: + return AUTH_TAG_7; + case KMDataStoreConstants.AUTH_TAG_8: + return AUTH_TAG_8; + default: + break; + } + return KMType.INVALID_VALUE; + } + + @Override + public void storeData(byte storeDataIndex, byte[] data, short offset, short length) { + short maxLen = 0; + switch (storeDataIndex) { + case KMDataStoreConstants.ATT_ID_BRAND: + case KMDataStoreConstants.ATT_ID_DEVICE: + case KMDataStoreConstants.ATT_ID_PRODUCT: + case KMDataStoreConstants.ATT_ID_SERIAL: + case KMDataStoreConstants.ATT_ID_IMEI: + case KMDataStoreConstants.ATT_ID_MEID: + case KMDataStoreConstants.ATT_ID_MANUFACTURER: + case KMDataStoreConstants.ATT_ID_MODEL: + setAttestationId(storeDataIndex, data, offset, length); + return; + case KMDataStoreConstants.COMPUTED_HMAC_KEY: + persistComputedHmacKey(data, offset, length); + return; + case KMDataStoreConstants.MASTER_KEY: + persistMasterKey(data, offset, length); + return; + case KMDataStoreConstants.PRE_SHARED_KEY: + persistPresharedKey(data, offset, length); + return; + case KMDataStoreConstants.ATTESTATION_KEY: + persistAttestationKey(data, offset, length); + return; + case KMDataStoreConstants.HMAC_NONCE: + maxLen = HMAC_SEED_NONCE_SIZE; + break; + case KMDataStoreConstants.OS_VERSION: + case KMDataStoreConstants.OS_PATCH_LEVEL: + case KMDataStoreConstants.VENDOR_PATCH_LEVEL: + maxLen = SB_PROP_SIZE; + break; + case KMDataStoreConstants.DEVICE_LOCKED_TIME: + maxLen = DEVICE_LOCK_TS_SIZE; + break; + case KMDataStoreConstants.DEVICE_LOCKED: + maxLen = DEVICE_LOCKED_FLAG_SIZE; + break; + case KMDataStoreConstants.DEVICE_LOCKED_PASSWORD_ONLY: + maxLen = DEVICE_LOCKED_PASSWORD_ONLY_SIZE; + break; + case KMDataStoreConstants.BOOT_ENDED_STATUS: + maxLen = BOOT_ENDED_FLAG_SIZE; + break; + case KMDataStoreConstants.EARLY_BOOT_ENDED_STATUS: + maxLen = EARLY_BOOT_ENDED_FLAG_SIZE; + break; + case KMDataStoreConstants.PROVISIONED_LOCKED: + maxLen = PROVISIONED_LOCKED_SIZE; + break; + case KMDataStoreConstants.PROVISIONED_STATUS: + maxLen = PROVISIONED_STATUS_SIZE; + break; + default: + KMException.throwIt(KMError.INVALID_ARGUMENT); + return; + } + short dataTableId = mapTodataTableId(storeDataIndex); + if (dataTableId == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + if (length != maxLen) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + writeDataEntry(dataTableId, data, offset, length); + } + + @Override + public short getData(byte storeDataIndex, byte[] data, short offset) { + switch (storeDataIndex) { + case KMDataStoreConstants.ATT_ID_BRAND: + case KMDataStoreConstants.ATT_ID_DEVICE: + case KMDataStoreConstants.ATT_ID_PRODUCT: + case KMDataStoreConstants.ATT_ID_SERIAL: + case KMDataStoreConstants.ATT_ID_IMEI: + case KMDataStoreConstants.ATT_ID_MEID: + case KMDataStoreConstants.ATT_ID_MANUFACTURER: + case KMDataStoreConstants.ATT_ID_MODEL: + return getAttestationId(storeDataIndex, data, offset); + default: + break; + } + short dataTableId = mapTodataTableId(storeDataIndex); + if (dataTableId == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + return readDataEntry(dataTableId, data, offset); + } + + @Override + public void clearData(byte storeDataIndex) { + switch (storeDataIndex) { + case KMDataStoreConstants.ATT_ID_BRAND: + attIdBrand = null; + return; + case KMDataStoreConstants.ATT_ID_DEVICE: + attIdDevice = null; + return; + case KMDataStoreConstants.ATT_ID_PRODUCT: + attIdProduct = null; + return; + case KMDataStoreConstants.ATT_ID_SERIAL: + attIdSerial = null; + return; + case KMDataStoreConstants.ATT_ID_IMEI: + attIdImei = null; + return; + case KMDataStoreConstants.ATT_ID_MEID: + attIdMeId = null; + return; + case KMDataStoreConstants.ATT_ID_MANUFACTURER: + attIdManufacturer = null; + return; + case KMDataStoreConstants.ATT_ID_MODEL: + attIdModel = null; + return; + default: + break; + } + short dataTableId = mapTodataTableId(storeDataIndex); + if (dataTableId == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + clearDataEntry(dataTableId); + } + + private short dataAlloc(short length) { + if (length < 0) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + if (((short) (dataIndex + length)) > DATA_MEM_SIZE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + JCSystem.beginTransaction(); + dataIndex += length; + JCSystem.commitTransaction(); + return (short) (dataIndex - length); + } + + protected void initDataTable(boolean isUpgrading) { + if (!isUpgrading) { + if (dataTable == null) { + dataTable = new byte[DATA_MEM_SIZE]; + dataIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE); + } + } + } + + private void initializeCertificateDataBuffer(boolean isUpgrading, + boolean isFactoryAttestSupported) { + if (!isUpgrading) { + if (isFactoryAttestSupported && certificateData == null) { + // First 2 bytes is reserved for length for all the 3 buffers. + short totalLen = (short) (6 + KMConfigurations.CERT_CHAIN_MAX_SIZE + + KMConfigurations.CERT_EXPIRY_MAX_SIZE + + KMConfigurations.CERT_ISSUER_MAX_SIZE); + certificateData = new byte[totalLen]; + } + } + } + + private void clearDataEntry(short id) { + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); + if (dataLen != 0) { + short dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)); + JCSystem.beginTransaction(); + Util.arrayFillNonAtomic(dataTable, dataPtr, dataLen, (byte) 0); + JCSystem.commitTransaction(); + } + } + + private short readDataEntry(short id, byte[] buf, short offset) { + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); + if (len != 0) { + Util.arrayCopyNonAtomic(dataTable, + Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)), buf, offset, + len); + } + return len; + } + + private void writeDataEntry(short id, byte[] buf, short offset, short len) { + short dataPtr; + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); + if (dataLen == 0) { + dataPtr = dataAlloc(len); + // Begin Transaction + JCSystem.beginTransaction(); + Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET), dataPtr); + Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH), len); + JCSystem.commitTransaction(); + Util.arrayCopy(buf, offset, dataTable, dataPtr, len); + // End Transaction + } else { + if (len != dataLen) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)); + Util.arrayCopy(buf, offset, dataTable, dataPtr, len); + } + } + + private short dataLength(short id) { + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + return Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); + } + + public short readData(byte[] dataTable, short id, byte[] buf, short startOff, short bufLen) { + id = (short) (id * DATA_INDEX_ENTRY_SIZE); + short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); + if (len > bufLen) { + return KMType.INVALID_VALUE; + } + if (len != 0) { + Util.arrayCopyNonAtomic(dataTable, + Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)), buf, + startOff, len); + } + return len; + } + + private boolean isAuthTagSlotAvailable(short tagId, byte[] buf, short offset) { + readDataEntry(tagId, buf, offset); + return (0 == buf[offset]); + } + + private void writeAuthTagState(byte[] buf, short offset, byte state) { + buf[offset] = state; + } + + @Override + public boolean storeAuthTag(byte[] data, short offset, short length, byte[] scratchPad, + short scratchPadOff) { + if (length != AUTH_TAG_LENGTH) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + + short index = 0; + while (index < MAX_BLOB_STORAGE) { + if ((dataLength((short) (index + AUTH_TAG_1)) == 0) + || isAuthTagSlotAvailable((short) (index + AUTH_TAG_1), scratchPad, scratchPadOff)) { + Util.arrayFillNonAtomic(scratchPad, scratchPadOff, AUTH_TAG_ENTRY_SIZE, (byte) 0); + // prepare auth tag buffer + writeAuthTagState(scratchPad, scratchPadOff, (byte) 1); + Util.arrayCopyNonAtomic(data, offset, scratchPad, (short) (scratchPadOff + 1), + AUTH_TAG_LENGTH); + Util.setShort(scratchPad, (short) (scratchPadOff + AUTH_TAG_LENGTH + 1 + 2), (short) 1); + // write the auth tag buffer to persistent memroy. + writeDataEntry((short) (index + AUTH_TAG_1), scratchPad, scratchPadOff, + AUTH_TAG_ENTRY_SIZE); + return true; + } + index++; + } + return false; + } + + @Override + public void clearAllAuthTags() { + short index = 0; + while (index < MAX_BLOB_STORAGE) { + clearDataEntry((short) (index + AUTH_TAG_1)); + index++; + } + } + + @Override + public boolean isAuthTagPersisted(byte[] data, short offset, short length, byte[] scratchPad, + short scratchPadOff) { + return (KMType.INVALID_VALUE != findTag(data, offset, length, scratchPad, scratchPadOff)); + } + + private short findTag(byte[] data, short offset, short length, byte[] scratchPad, + short scratchPadOff) { + if (length != AUTH_TAG_LENGTH) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + short index = 0; + short found; + // short offset = alloc(AUTH_TAG_ENTRY_SIZE); + while (index < MAX_BLOB_STORAGE) { + if (dataLength((short) (index + AUTH_TAG_1)) != 0) { + readDataEntry((short) (index + AUTH_TAG_1), scratchPad, scratchPadOff); + found = Util.arrayCompare(scratchPad, (short) (scratchPadOff + 1), data, offset, + AUTH_TAG_LENGTH); + if (found == 0) { + return (short) (index + AUTH_TAG_1); + } + } + index++; + } + return KMType.INVALID_VALUE; + } + + @Override + public short getRateLimitedKeyCount(byte[] data, short offset, short length, byte[] scratchPad, + short scratchPadOff) { + short tag = findTag(data, offset, length, scratchPad, scratchPadOff); + short blob; + if (tag != KMType.INVALID_VALUE) { + readDataEntry(tag, scratchPad, scratchPadOff); + Util.arrayCopyNonAtomic(scratchPad, (short) (scratchPadOff + AUTH_TAG_LENGTH + 1), scratchPad, + scratchPadOff, + AUTH_TAG_COUNTER_SIZE); + return AUTH_TAG_COUNTER_SIZE; + } + return (short) 0; + } + + @Override + public void setRateLimitedKeyCount(byte[] data, short dataOffset, short dataLen, byte[] counter, + short counterOff, + short counterLen, byte[] scratchPad, short scratchPadOff) { + short tag = findTag(data, dataOffset, dataLen, scratchPad, scratchPadOff); + if (tag != KMType.INVALID_VALUE) { + short len = readDataEntry(tag, scratchPad, scratchPadOff); + Util.arrayCopyNonAtomic(counter, counterOff, scratchPad, + (short) (scratchPadOff + AUTH_TAG_LENGTH + 1), + counterLen); + writeDataEntry(tag, scratchPad, scratchPadOff, len); + } + } + + private short getcertificateDataBufferOffset(byte dataType) { + switch (dataType) { + case KMDataStoreConstants.CERTIFICATE_CHAIN: + return CERT_CHAIN_OFFSET; + case KMDataStoreConstants.CERTIFICATE_ISSUER: + return CERT_ISSUER_OFFSET; + case KMDataStoreConstants.CERTIFICATE_EXPIRY: + return CERT_EXPIRY_OFFSET; + default: + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + return 0; + } + + private void persistcertificateData(byte[] buf, short off, short len, short maxSize, + short copyToOff) { + if (len > maxSize) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + JCSystem.beginTransaction(); + Util.arrayCopyNonAtomic(buf, off, certificateData, + Util.setShort(certificateData, copyToOff, len), len); + JCSystem.commitTransaction(); + } + + private void persistCertificateChain(byte[] certChain, short certChainOff, short certChainLen) { + persistcertificateData(certChain, certChainOff, certChainLen, + KMConfigurations.CERT_CHAIN_MAX_SIZE, + CERT_CHAIN_OFFSET); + } + + private void persistCertficateIssuer(byte[] certIssuer, short certIssuerOff, + short certIssuerLen) { + persistcertificateData(certIssuer, certIssuerOff, certIssuerLen, + KMConfigurations.CERT_ISSUER_MAX_SIZE, + CERT_ISSUER_OFFSET); + } + + private void persistCertificateExpiryTime(byte[] certExpiry, short certExpiryOff, + short certExpiryLen) { + persistcertificateData(certExpiry, certExpiryOff, certExpiryLen, + KMConfigurations.CERT_EXPIRY_MAX_SIZE, + CERT_EXPIRY_OFFSET); + } + + @Override + public void persistCertificateData(byte[] buffer, short certChainOff, short certChainLen, + short certIssuerOff, + short certIssuerLen, short certExpiryOff, short certExpiryLen) { + // All the buffers uses first two bytes for length. The certificate chain + // is stored as shown below. + // _____________________________________________________ + // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 | Cert2 |... + // |_________|________|_________|_______|________|_______ + // First two bytes holds the length of the total buffer. + // CBOR format: + // Next single byte holds the byte string header. + // Next 3 bytes holds the total length of the certificate chain. + // clear buffer. + JCSystem.beginTransaction(); + Util.arrayFillNonAtomic(certificateData, (short) 0, (short) certificateData.length, (byte) 0); + JCSystem.commitTransaction(); + // Persist data. + persistCertificateChain(buffer, certChainOff, certChainLen); + persistCertficateIssuer(buffer, certIssuerOff, certIssuerLen); + persistCertificateExpiryTime(buffer, certExpiryOff, certExpiryLen); + } + + @Override + public short readCertificateData(byte dataType, byte[] buf, short offset) { + short provisionBufOffset = getcertificateDataBufferOffset(dataType); + short len = Util.getShort(certificateData, provisionBufOffset); + Util.arrayCopyNonAtomic(certificateData, (short) (2 + provisionBufOffset), buf, offset, len); + return len; + } + + @Override + public short getCertificateDataLength(byte dataType) { + short provisionBufOffset = getcertificateDataBufferOffset(dataType); + return Util.getShort(certificateData, provisionBufOffset); + } + + private void persistComputedHmacKey(byte[] keydata, short offset, short length) { + if (length != COMPUTED_HMAC_KEY_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + if (computedHmacKey == null) { + computedHmacKey = seProvider.createComputedHmacKey(computedHmacKey, keydata, offset, length); + } else { + seProvider.createComputedHmacKey(computedHmacKey, keydata, offset, length); + } + } + + private void persistMasterKey(byte[] keydata, short offset, short length) { + if (length != MASTER_KEY_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + if (masterKey == null) { + masterKey = seProvider.createMasterKey(masterKey, keydata, offset, length); + } + } + + private void persistPresharedKey(byte[] keydata, short offset, short length) { + if (length != SHARED_SECRET_KEY_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + if (preSharedKey == null) { + preSharedKey = seProvider.createPreSharedKey(preSharedKey, keydata, offset, length); + } + } + + private void persistAttestationKey(byte[] privateKey, short privateKeyOff, short privateKeyLen) { + if (attestationKey == null) { + attestationKey = seProvider.createAttestationKey(attestationKey, privateKey, privateKeyOff, + privateKeyLen); + } else { + seProvider.createAttestationKey(attestationKey, privateKey, privateKeyOff, privateKeyLen); + } + } + + @Override + public KMComputedHmacKey getComputedHmacKey() { + return computedHmacKey; + } + + @Override + public KMPreSharedKey getPresharedKey() { + return preSharedKey; + } + + @Override + public KMMasterKey getMasterKey() { + return masterKey; + } + + @Override + public KMAttestationKey getAttestationKey() { + return attestationKey; + } + + public short getAttestationId(short id, byte[] buffer, short start) { + switch (id) { + // Attestation Id Brand + case KMDataStoreConstants.ATT_ID_BRAND: + Util.arrayCopyNonAtomic(attIdBrand, (short) 0, buffer, start, (short) attIdBrand.length); + return (short) attIdBrand.length; + // Attestation Id Device + case KMDataStoreConstants.ATT_ID_DEVICE: + Util.arrayCopyNonAtomic(attIdDevice, (short) 0, buffer, start, (short) attIdDevice.length); + return (short) attIdDevice.length; + // Attestation Id Product + case KMDataStoreConstants.ATT_ID_PRODUCT: + Util.arrayCopyNonAtomic(attIdProduct, (short) 0, buffer, start, + (short) attIdProduct.length); + return (short) attIdProduct.length; + // Attestation Id Serial + case KMDataStoreConstants.ATT_ID_SERIAL: + Util.arrayCopyNonAtomic(attIdSerial, (short) 0, buffer, start, (short) attIdSerial.length); + return (short) attIdSerial.length; + // Attestation Id IMEI + case KMDataStoreConstants.ATT_ID_IMEI: + Util.arrayCopyNonAtomic(attIdImei, (short) 0, buffer, start, (short) attIdImei.length); + return (short) attIdImei.length; + // Attestation Id MEID + case KMDataStoreConstants.ATT_ID_MEID: + Util.arrayCopyNonAtomic(attIdMeId, (short) 0, buffer, start, (short) attIdMeId.length); + return (short) attIdMeId.length; + // Attestation Id Manufacturer + case KMDataStoreConstants.ATT_ID_MANUFACTURER: + Util.arrayCopyNonAtomic(attIdManufacturer, (short) 0, buffer, start, + (short) attIdManufacturer.length); + return (short) attIdManufacturer.length; + // Attestation Id Model + case KMDataStoreConstants.ATT_ID_MODEL: + Util.arrayCopyNonAtomic(attIdModel, (short) 0, buffer, start, (short) attIdModel.length); + return (short) attIdModel.length; + } + return (short) 0; + } + + public void setAttestationId(short id, byte[] buffer, short start, short length) { + switch (id) { + // Attestation Id Brand + case KMDataStoreConstants.ATT_ID_BRAND: + attIdBrand = new byte[length]; + Util.arrayCopy(buffer, (short) start, attIdBrand, (short) 0, length); + break; + // Attestation Id Device + case KMDataStoreConstants.ATT_ID_DEVICE: + attIdDevice = new byte[length]; + Util.arrayCopy(buffer, (short) start, attIdDevice, (short) 0, length); + break; + // Attestation Id Product + case KMDataStoreConstants.ATT_ID_PRODUCT: + attIdProduct = new byte[length]; + Util.arrayCopy(buffer, (short) start, attIdProduct, (short) 0, length); + break; + // Attestation Id Serial + case KMDataStoreConstants.ATT_ID_SERIAL: + attIdSerial = new byte[length]; + Util.arrayCopy(buffer, (short) start, attIdSerial, (short) 0, length); + break; + // Attestation Id IMEI + case KMDataStoreConstants.ATT_ID_IMEI: + attIdImei = new byte[length]; + Util.arrayCopy(buffer, (short) start, attIdImei, (short) 0, length); + break; + // Attestation Id MEID + case KMDataStoreConstants.ATT_ID_MEID: + attIdMeId = new byte[length]; + Util.arrayCopy(buffer, (short) start, attIdMeId, (short) 0, length); + break; + // Attestation Id Manufacturer + case KMDataStoreConstants.ATT_ID_MANUFACTURER: + attIdManufacturer = new byte[length]; + Util.arrayCopy(buffer, (short) start, attIdManufacturer, (short) 0, length); + break; + // Attestation Id Model + case KMDataStoreConstants.ATT_ID_MODEL: + attIdModel = new byte[length]; + Util.arrayCopy(buffer, (short) start, attIdModel, (short) 0, length); + break; + } + } + + @Override + public void onSave(Element element) { + // Prmitives + element.write(dataIndex); + element.write(deviceBootLocked); + element.write(bootState); + // Objects + element.write(dataTable); + element.write(certificateData); + element.write(attIdBrand); + element.write(attIdDevice); + element.write(attIdProduct); + element.write(attIdSerial); + element.write(attIdImei); + element.write(attIdMeId); + element.write(attIdManufacturer); + element.write(attIdModel); + element.write(verifiedHash); + element.write(bootKey); + element.write(bootPatchLevel); + // Key Objects + seProvider.onSave(element, KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY, masterKey); + seProvider.onSave(element, KMDataStoreConstants.INTERFACE_TYPE_COMPUTED_HMAC_KEY, + computedHmacKey); + seProvider.onSave(element, KMDataStoreConstants.INTERFACE_TYPE_PRE_SHARED_KEY, preSharedKey); + seProvider.onSave(element, KMDataStoreConstants.INTERFACE_TYPE_ATTESTATION_KEY, attestationKey); + } + + @Override + public void onRestore(Element element, short oldVersion, short currentVersion) { + // Read Primitives + dataIndex = element.readShort(); + deviceBootLocked = element.readBoolean(); + bootState = element.readShort(); + // Read Objects + dataTable = (byte[]) element.readObject(); + certificateData = (byte[]) element.readObject(); + attIdBrand = (byte[]) element.readObject(); + attIdDevice = (byte[]) element.readObject(); + attIdProduct = (byte[]) element.readObject(); + attIdSerial = (byte[]) element.readObject(); + attIdImei = (byte[]) element.readObject(); + attIdMeId = (byte[]) element.readObject(); + attIdManufacturer = (byte[]) element.readObject(); + attIdModel = (byte[]) element.readObject(); + verifiedHash = (byte[]) element.readObject(); + bootKey = (byte[]) element.readObject(); + bootPatchLevel = (byte[]) element.readObject(); + // Read Key Objects + masterKey = (KMMasterKey) seProvider.onResore(element); + computedHmacKey = (KMComputedHmacKey) seProvider.onResore(element); + preSharedKey = (KMPreSharedKey) seProvider.onResore(element); + attestationKey = (KMAttestationKey) seProvider.onResore(element); + } + + @Override + public short getBackupPrimitiveByteCount() { + // Magic Number - 1 byte + // Package Version - 2 bytes + // dataIndex - 2 bytes + // deviceLocked - 1 byte + // deviceState = 2 bytes + // interface types - 4 bytes + return (short) (12 + + seProvider.getBackupPrimitiveByteCount(KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY) + + seProvider.getBackupPrimitiveByteCount( + KMDataStoreConstants.INTERFACE_TYPE_COMPUTED_HMAC_KEY) + + seProvider.getBackupPrimitiveByteCount(KMDataStoreConstants.INTERFACE_TYPE_PRE_SHARED_KEY) + + seProvider.getBackupPrimitiveByteCount( + KMDataStoreConstants.INTERFACE_TYPE_ATTESTATION_KEY)); + } + + @Override + public short getBackupObjectCount() { + // dataTable - 1 + // CertificateData - 1 + // AttestationIds - 8 + // bootParameters - 3 + return (short) (13 + + seProvider.getBackupObjectCount(KMDataStoreConstants.INTERFACE_TYPE_COMPUTED_HMAC_KEY) + + seProvider.getBackupObjectCount(KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY) + + seProvider.getBackupObjectCount(KMDataStoreConstants.INTERFACE_TYPE_PRE_SHARED_KEY) + + seProvider.getBackupObjectCount(KMDataStoreConstants.INTERFACE_TYPE_ATTESTATION_KEY)); + } + + // Below functions are related boot paramters. + public void setVerifiedBootHash(byte[] buffer, short start, short length) { + if (verifiedHash == null) { + verifiedHash = new byte[32]; + } + if (length != 32) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + Util.arrayCopyNonAtomic(buffer, start, verifiedHash, (short) 0, (short) 32); + } + + public void setBootKey(byte[] buffer, short start, short length) { + if (bootKey == null) { + bootKey = new byte[32]; + } + if (length != 32) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + Util.arrayCopyNonAtomic(buffer, start, bootKey, (short) 0, (short) 32); + } + + public void setBootState(short state) { + bootState = state; + } + + public void setDeviceLocked(boolean state) { + deviceBootLocked = state; + } + + public void setBootPatchLevel(byte[] buffer, short start, short length) { + if (bootPatchLevel == null) { + bootPatchLevel = new byte[4]; + } + if (length > 4 || length < 0) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + Util.arrayCopyNonAtomic(buffer, start, bootPatchLevel, (short) 0, length); + } + + public short getVerifiedBootHash(byte[] buffer, short start) { + Util.arrayCopyNonAtomic(verifiedHash, (short) 0, buffer, start, (short) verifiedHash.length); + return (short) verifiedHash.length; + } + + public short getBootKey(byte[] buffer, short start) { + Util.arrayCopyNonAtomic(bootKey, (short) 0, buffer, start, (short) bootKey.length); + return (short) bootKey.length; + } + + public short getBootState() { + return bootState; + } + + public boolean isDeviceBootLocked() { + return deviceBootLocked; + } + + public short getBootPatchLevel(byte[] buffer, short start) { + Util.arrayCopyNonAtomic(bootPatchLevel, (short) 0, buffer, start, + (short) bootPatchLevel.length); + return (short) bootPatchLevel.length; + } + +} diff --git a/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMRkpDataStoreImpl.java b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMRkpDataStoreImpl.java new file mode 100644 index 00000000..e1d4d275 --- /dev/null +++ b/Applet/AndroidSEApplet/src/com/android/javacard/kmapplet/KMRkpDataStoreImpl.java @@ -0,0 +1,193 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmapplet; + +import org.globalplatform.upgrade.Element; + +import com.android.javacard.kmdevice.KMDeviceUniqueKey; +import com.android.javacard.kmdevice.KMError; +import com.android.javacard.kmdevice.KMException; +import com.android.javacard.kmdevice.KMRkpDataStore; +import com.android.javacard.kmdevice.KMPreSharedKey; +import com.android.javacard.kmdevice.KMSEProvider; +import com.android.javacard.kmdevice.KMDataStoreConstants; +import com.android.javacard.kmdevice.KMType; + +import javacard.framework.JCSystem; +import javacard.framework.Util; + +public class KMRkpDataStoreImpl implements KMRkpDataStore { + + private byte[] bcc; + private byte[] additionalCertData; + private KMDeviceUniqueKey deviceUniqueKey; + private KMDeviceUniqueKey testDeviceUniqueKey; + private KMSEProvider seProvider; + + + public KMRkpDataStoreImpl(KMSEProvider provider) { + seProvider = provider; + initializeAdditionalBuffers(provider.isUpgrading()); + } + + private void initializeAdditionalBuffers(boolean isUpgrading) { + if (!isUpgrading) { + // use certificateData as Additional certficate chain. + if (additionalCertData == null) { + // First 2 bytes is reserved for length for all the 3 buffers. + additionalCertData = new byte[(short) (2 + + KMConfigurations.ADDITIONAL_CERT_CHAIN_MAX_SIZE)]; + } + + if (bcc == null) { + bcc = new byte[(short) (2 + KMConfigurations.BOOT_CERT_CHAIN_MAX_SIZE)]; + } + } + } + + @Override + public void storeData(byte storeDataIndex, byte[] data, short offset, short length) { + switch (storeDataIndex) { + case KMDataStoreConstants.ADDITIONAL_CERT_CHAIN: + persistAdditionalCertChain(data, offset, length); + break; + case KMDataStoreConstants.BOOT_CERT_CHAIN: + persistBootCertificateChain(data, offset, length); + break; + } + } + + private void persistAdditionalCertChain(byte[] buf, short offset, short len) { + // Input buffer contains encoded additional certificate chain as shown below. + // AdditionalDKSignatures = { + // + SignerName => DKCertChain + // } + // SignerName = tstr + // DKCertChain = [ + // 2* Certificate // Root -> Leaf. Root is the vendo r + // // self-signed cert, leaf contains DK_pu b + // ] + // Certificate = COSE_Sign1 of a public key + if ((short) (len + 2) > KMConfigurations.ADDITIONAL_CERT_CHAIN_MAX_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + JCSystem.beginTransaction(); + Util.setShort(additionalCertData, (short) 0, (short) len); + JCSystem.commitTransaction(); + Util.arrayCopy(buf, offset, additionalCertData, (short) 2, len); + } + + private void persistBootCertificateChain(byte[] buf, short offset, short len) { + if ((short) (len + 2) > KMConfigurations.BOOT_CERT_CHAIN_MAX_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + JCSystem.beginTransaction(); + Util.setShort(bcc, (short) 0, (short) len); + JCSystem.commitTransaction(); + Util.arrayCopy(buf, offset, bcc, (short) 2, len); + } + + + @Override + public void createDeviceUniqueKey(boolean testMode, byte[] pubKey, short pubKeyOff, + short pubKeyLen, byte[] privKey, + short privKeyOff, short privKeyLen) { + if (testMode) { + createTestDeviceUniqueKey(pubKey, pubKeyOff, pubKeyLen, privKey, privKeyOff, privKeyLen); + } else { + createDeviceUniqueKey(pubKey, pubKeyOff, pubKeyLen, privKey, privKeyOff, privKeyLen); + } + } + + @Override + public KMDeviceUniqueKey getDeviceUniqueKey(boolean testMode) { + if (testMode) { + return testDeviceUniqueKey; + } else { + return deviceUniqueKey; + } + } + + private void createTestDeviceUniqueKey(byte[] pubKey, short pubKeyOff, short pubKeyLen, + byte[] privKey, + short privKeyOff, short privKeyLen) { + if (testDeviceUniqueKey == null) { + testDeviceUniqueKey = seProvider.createDeviceUniqueKey(testDeviceUniqueKey, pubKey, pubKeyOff, + pubKeyLen, privKey, + privKeyOff, privKeyLen); + } else { + seProvider.createDeviceUniqueKey(testDeviceUniqueKey, pubKey, pubKeyOff, pubKeyLen, privKey, + privKeyOff, + privKeyLen); + } + } + + private void createDeviceUniqueKey(byte[] pubKey, short pubKeyOff, short pubKeyLen, + byte[] privKey, short privKeyOff, + short privKeyLen) { + if (deviceUniqueKey == null) { + deviceUniqueKey = seProvider.createDeviceUniqueKey(deviceUniqueKey, pubKey, pubKeyOff, + pubKeyLen, privKey, + privKeyOff, privKeyLen); + } else { + seProvider.createDeviceUniqueKey(deviceUniqueKey, pubKey, pubKeyOff, pubKeyLen, privKey, + privKeyOff, privKeyLen); + } + } + + @Override + public void onSave(Element ele) { + ele.write(additionalCertData); + ele.write(bcc); + // Key Object + seProvider.onSave(ele, KMDataStoreConstants.INTERFACE_TYPE_DEVICE_UNIQUE_KEY, deviceUniqueKey); + } + + @Override + public void onRestore(Element ele, short oldVersion, short currentVersion) { + additionalCertData = (byte[]) ele.readObject(); + bcc = (byte[]) ele.readObject(); + deviceUniqueKey = (KMDeviceUniqueKey) seProvider.onResore(ele); + } + + @Override + public short getBackupPrimitiveByteCount() { + return seProvider.getBackupPrimitiveByteCount( + KMDataStoreConstants.INTERFACE_TYPE_DEVICE_UNIQUE_KEY); + } + + @Override + public short getBackupObjectCount() { + // AdditionalCertificateChain - 1 + // BCC - 1 + return (short) (2 + seProvider.getBackupObjectCount( + KMDataStoreConstants.INTERFACE_TYPE_DEVICE_UNIQUE_KEY)); + } + + @Override + public byte[] getData(byte dataStoreId) { + switch (dataStoreId) { + case KMDataStoreConstants.ADDITIONAL_CERT_CHAIN: + return additionalCertData; + case KMDataStoreConstants.BOOT_CERT_CHAIN: + return bcc; + default: + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + return null; + } + +} diff --git a/Applet/AndroidSEProvider/AndroidSE_3_0_5.opt b/Applet/AndroidSEProvider/AndroidSE_3_0_5.opt deleted file mode 100644 index ba998254..00000000 --- a/Applet/AndroidSEProvider/AndroidSE_3_0_5.opt +++ /dev/null @@ -1,5 +0,0 @@ --out EXP JCA CAP --exportpath ../../AndroidSEProvider/api_export_files_3.0.5 --applet 0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1:0x1 com.android.javacard.keymaster.KMAndroidSEApplet -com.android.javacard.keymaster -0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1 1.0 diff --git a/Applet/AndroidSEProvider/AndroidSE_3_1_0.opt b/Applet/AndroidSEProvider/AndroidSE_3_1_0.opt deleted file mode 100644 index 3de07eb5..00000000 --- a/Applet/AndroidSEProvider/AndroidSE_3_1_0.opt +++ /dev/null @@ -1,5 +0,0 @@ --out EXP JCA CAP --exportpath ../../AndroidSEProvider/api_export_files_3.1.0 --applet 0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1:0x1 com.android.javacard.keymaster.KMAndroidSEApplet -com.android.javacard.keymaster -0xa0:0x0:0x0:0x0:0x62:0x3:0x1:0xc:0x1 1.0 diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/java/io/javacard/io.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/java/io/javacard/io.exp deleted file mode 100644 index 931133af56f823aa1846e3a8dab5097b4202ae0a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 212 zcmZShb?P1?69XS31Dj1|US^3MBLlOBW*Cs0T3DKxQ_RR9s^OEBSeB@tlbDyT@1K;F znp|S78O6vT3>MAI*Z1^ytw>HSD9OyvV`pGtWDr1C&d$IFQw}yHB%>(5JTWOJm7ReD zMFPnjE=C4+s0F-?3_J{s>}W(IZ!P6lqEC{Pe60>+F$HZuU5 Cc`vd6 diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/java/lang/javacard/lang.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/java/lang/javacard/lang.exp deleted file mode 100644 index f34981865d8e0cab8c21ed73c4bae3ff537d147d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 881 zcmaLS%}&BV5C`xX3Y7ApDB=ew7d*g;2hf-x@nB-ai1FZUDJv`~t+rbPpT_6$A$$-| z4n*A*$u?=TyZ_(JPT}+Y0~1g~NS_K{$TI}1(Y&WEe~y_KA(R_eV>V?ikNLw^w?F2t zJZU~46jx7eNFtQf>D?#{URdAbHl+Uq7c-YXNfG!qWDqK<;x_iBm~bu6BGgrW=@0m< z8_VwFc@X=9NP~HVhJx)dWOIYwKsZ+Vnh%*2Q@*U~iC2AqB0^1*vFF_c!k0YM?%qZ? zRHoyxDC)3CYGMcBNQrhRaBa5b`vP*tSI-I&x|1N$pI=ns1`2=!qr2+nVh0!;;I zzX3oWs5TGuP0@~?#A3aCk=7Q{&i+YPvILzwgi<8_S6Y?B+5qNkk~VdEQtf7$dRZT#TS56o4f!3 diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/java/rmi/javacard/rmi.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/java/rmi/javacard/rmi.exp deleted file mode 100644 index 209cdf37f8ca4652fe85fc78ee82d9a6d17d75f5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 280 zcmZ8cNeaS15Uid=CoVBAC_X_?d4S^0gCGP%Jb0UgK}WK<$)wiHBe-eBNHG=aFa!qv* jzXAwhp~280^Nwk3nEWw93ARBMxbSj{<*bcDK8oN^-L^l| diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/framework/javacard/framework.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacard/framework/javacard/framework.exp deleted file mode 100644 index fd14eac73b233cbc5bd7a78bfb20d2967abf1535..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8344 zcmbVR2Y6f66+YKX-Yc=4U`E0y4x>q!fiUtUJvk3#N!5FbW87AGmY;1UvSgm5#K9eu z0^Kd$rGwIzE}$*ldvCh;qIB;?cgsrubKjG46~92feqZvPy#Jni?zv}Qh3>!mUeP3C zf;y_je6d`y3k5;VW1DsfI&rVP-_F_Y?B+SwUUUwW+M|#@iDXt!r;}+x!W7gKDY5WkWtUy3I?aa;-9&7ZvbrSkxbgKrn07`Ss4>YSy@xF3^Qiv zQSjxj^R~x~xSll1Px1;i3u$cl?Q6^ zcyiJ^?nXf)Sk+RgxDHM9xE`^xF%757V{gXwvFu%j4~L3-ul24U%OoP6{+U!NnYQGP zy-yP~fE`kQzFaJsNwBEBxY!yjr1eNL?Ws{;!sU36k-!qxt!!#*>Kxt!?G7LBgZp5~ zwcxJtdM5UaU+~wAnjsX;7Hj+B+A6J!SnGt$OybH!ax#IVOF+7T$a};x@i?mkYqJmI z$#Em1#j}x}S|XvxS4mrd4K{*L`dZIU=%%TSbAU)^D=IC(CdYwsQcKGK;+W8(1PdOQ z=A3~V>-b2`v~Xk3h5GIkj3n0=U^+gkwuGHtEUr2Vx_2gHF%w>n#5F{A7&jumw~xYR zj0mKYkEFITfJ~_a>=bG~48$W0AZxm7qWu`5R^*qD>AP`c4G$s1aDLV>lNWB=dI64S zUwLtd)H-yVp!JMklb%k%$XdqQsV6KL+|rqWO%{;czPu161hti&0@7Jf%h*+$t`gKf z>!=9I!^r^>CaQ%>-jqA-nSv7{OHgZW!O86t6dIcjn_-qUFz-|>H}90w&Z3=1*_oFm zCyZ<5%P0`}S-axQN(|hsE>4Cb!vW`|j6{f@0Bx&Fyr+H$)a#Om9E|4|^Vr-45tdu~ zY8eZ2fg6xuqaMcxoRU0HbX**@93mVsGVA1AXAu?f$UB_%NP8#qm4%e+)HjD{K~T_X z=7Q}yp7r+PW|zP~mCNuC=jy6mD5GqQ#rYhy=x%4LcBGA{?(>X#JVzF9BPu!DVVdy4 ziUVP7?37Kge9w~YR`PbCCZP{JDG%~l+s91lKrjcnLNlTv+RyP~vTZ|^1-Ep-fayCR zDec(hQc-#o&7cEzuOX)g*erscldcvk`9()x&N)k!e5n|sC!_WqzPQEWJu5x6VL{n} z5+cLgGu3K|$ot_5eIl8j%34z?J)6?greRvh6m$f2!Affh(*Taji{wXZ3|@_5m5aZi zK`ouue6itVGOlaLsXi4%-$QyUh`AH>Ur?_C8LY{G0wlv%Nb$p5nzZa;y=n`+5ge7y zCKEMH2kO9K<&b5TYZuFT#PCt#2~J+WXzz3CeBn~5;MhgYb?t*3Hpt{@1l@2W6N0LN z17b!RILw8TTWMfHJgjSA@#YAhXG9*fI^bbU-ZWk)&DaH>cX$k;9K_m*2;AkkWrPt_ z#|L5+p)uw$2P6qXv`{MTt1d~#6TQMEB?mJ1&p7k>qBNDA<6wnj?HOFO0UF4a7Ey~D zur*Ld0iuX?RD}_snPRo<%tqvvh`nUz@)g*9EmkJ%ZQkk40q1XIi52FU3Aof5)QOtUD9?0 zQoihoiJ~#EdCcn460E}|e#k{xbIO%Q2ILRxR4(V|i!j21T`W2nOMCNWPfrb2-j7l| z8c;m0h?ob<6=yL-??l-*;&FW(9WY}e+j_#8SWHi6!#qyG1f5|m>Q9$wa7KM#9l-2r zZOM-77ScV1fl%iTeLFg|wKZ$RqFF7BRAuZA2=$oLx?!3b$#|!r4FQU2sc1$iP9H^Q z8w*PZ^y9MiwihedXor2W>1oB;OmU`A;`Z5(qIm>U(DiG*Dny?~6k`s6`-Ldx0G|rW%ShGP=)okbF{Aya*d4s z5PgeBWjQ}$0JID(jsoX>r?fPG%kg>wV<^wzl99(+1?~0FWX2j#O19BPzz?^q9FbQ^ zKfFzqUPC$H+TaRLqI_Io8a^^oG2R{Gc~@%ZF*QUjmLEncsq03Phr)+o8x?JgYcM>B zOQ+IFD;Y_~F_1?MEjyu^SMuKbkg@e8*-PaL6z)Uh9bVbe@U;~NsIPefqk2rs#L@LO z9Jtx9$!bMGcq&b~rAjGR;(~^+NY!=Ghxt4dw4?MS4qmVNE9~Lw z+#IJ$%h;xAp5RzmT&q{ho&$EiqAyn*GK-W{p;w2u~2(_TbQP zIM=NDtZt^X2uwRrGi`kZp;^P^fY*g>==8}_QW0v6)I=Q&bSgj>1KkSH!$7YB^fAz{00RsRD!>{B)+)dd1H%e1!oWHO zSkJ(53NXsR@d|JP11BoLNepaIfQ<~CtN`-1rz*f{%<&inIGuqp1=z&E847SF17|6~ z*$g~Z0X8$RMFF-laE=0;%fNXGa6SVUD8PjbY*T=X7`T|W*Bx~U1D7hmWei-d06Q4a z6d=q%L;<1<=n4>HU|a!qGGHixJoX9&xRN>I3NS%5fB?&Q0mdr z)>?RN7ftfoZklQWxr(NnK^{+H4LIkRlQ$6J^AUJku$HAgtspi{wSmk~E(9`5xwVj! zXE{xfGY3f>|F5KW2%LwSy@L2hVwqIP9zh3cUm?!20_}kfXpt~j4B&^}r6&0`*$i?u zxh)`NnrsEBP_-2soJm?@T^Ouw*=o(sS!q<~%xgERTg@1xq zX6Oxy2c(Z~Q~((o&rkpv8qZV!$?+@&kQ~oe02w^bQ2-e{&s6{!JkL`AsmJpbK%Vjf z1=vCBI&sOH=!M-NFQOOsfV_lW+6VG7dU-F%E9mASkXO>HIzV1cE6pIUpKDC%Ll! zkhdf7K;A)9YeDX!CExtrIOJn6cg;^vAqsKmzgtOCdB684fVAR!6+l|?eF`A0_BkX?^y9ex zB-^ruK1F6bzK~!;AYZ~?gk3Z1^;yN4^7fxo0D1e*D?k{<07m@+ebHBgGyU71IK(l2 z=ttNKcIlUCPZPS%S7^Gf@LKvRJDACyW{|IW3a3f1!e6I5S>Y5-bJl-@zS&6waHP~! zcAM`gddR^1t^!Eazo!6F_3tZybleXVKsxS+3LwM(M+$Hc8|cRha4!QtQGlN^@G}MY zIRn2?fL}83D+Ty91HVy#-!kw!1(28fy#mO~{XqdF#~&5oPb}ll3h);O?o)ujGVnJA z_&WptPyu|yasQ+h_TRs_P<7D1X^J!KKlEQt!u#m~PQnK{;5z6bI0t|H%Jwilz`=Nk z*AM|hAQ7? z)4d?QG~EZ%M=Sjx{j@RwG9aTz3}HI*GWrce0t7;QFCT%!`&aL%n#Es`8b}EM}w`&ggqqS>}yhzQr9r!UxoF~q20=Yn( l9|E~hY-w42h5FI%ehk!{4gp!ndo033V7t#wQKr72iB9J9jk^`X^RdJR?V9Ty02Y8!4 zPamQW(m(APT@pDB?%)3KH`dwN-I+6IX6dg#{w$TKCsC!>@3uq~)&1DlLWwRf>#zI+ zzvcILt1tV0N4)9wUsq+T-dtOGA<@~)UFmi@ezUB)VYPnxSZxtb2-V z*EdbQuG)ypk!XH+$1^_Obx>P@0}6b6%3^`mV9E=!3l4u9)($^ zbw~<5rl^kN8K$9fMkLW(j-`{OF1x72Ob#k$qahnO?|hDAV*EBudG&WFpMK%o6 z^<*XCRWmS}GsYH%m%v-T#>`LPruP!n_5kC$BMR%UPHw|Qv;T6&I7tpW_RMD5sYn!(H1#_u+L7?Ib*GrB z323+sh{pJx;x`YbL{bT63}0}$!Y=Gt{+kwPicaBs8m=We&A^!gP+{O~0hnQ6wg8-C zV2;iYpK+l8BxlSQfQvMFVr*jw@dLUv4zoau6EGjrVhI6X%L9I2R!EE<964R!M!rrr z*xaO#@a!@XAc2WsU;M^lKBgt6>l3;)3A0R68D@oUPr=-wCFbQ*x;+i^87-ZL`JAd} zV7?%!0&|zDXJPKq>I}@6v^op(6|J6w`I=VeV7{UIe36Wc%k-cG&XEfvH|+W(-3cE5RMo;FRt@4ol&?gJhryC;8C$L9>* zZ|>Z=Gjr$8ouSRo9(&R@*(a@8I6mzZDo32t)--qTJZ4R7(y8W(cRKQ&bHB$<&$!?H z)+{T|rc1?Yu`msx36VN(&FWhUw-?3>m5E)m&iGuVSUtT9I%8&`HSMh0HC-r8?ixLD zi!)x0nZ?$0H8#jO;}xeW&6ZlTVAiQ-(0%t!{ka?sBe>2j4x@mXsBUHTPMFDW)}lb| z+D7fkLD9U%nu{7MGnL})g{mVG>mrTI%$=Anj*Gy0Yt}WYNao^Fdy#9z4JcqRicOKS zy2s6KlN;S8C^kkn2~5~-&0=UDC_2*<1DJ*-wU6FmXz7*-YwgYjGZ%N2V*zPa)-8@; z{V`#p1_VDThJs=!D24)J>&DA7r<3KAg<>gFs1!~*Ri`pLP${3pbaoFlnwv^sG7fRs zB9=lbV`eY3!xnGxP(%znmCzG)&~0(OYZi(PQ9Y}rdNw=+UBDLn;7H_$_zZ^F+1Pq; zI8MuB2Gy=_VF*#Hoyv(=Dsp{~lq*i5luMT5@<@Dnkko@QWfrnui^5<-1OY6 z>t3n~ifdI7-W_O{(MS6;g@U2o6gkOpZ<2on>s>_5!N!d8HS}_*pRTs#gfm$z9djzh zo3Y+r{UDlo~laHkkK@(2hgEBcV~O z3M4UhYnFRL`0x!uG!0SL6a-97J!5u?kVFmrH+v@G5@ z{NUp5{^L6%LZ9aY$>O9lTRmjWHfdEmF+B6N8_dmb>TOOnYY4OV3jv+cNQ`AzTI-NMQp+O<|$_0Y0ds7>Eo$n{zwXuamC1J zK6f-Rn8ywr&8Ei&aeOaLkDygLnWr>{?yEYQgQ8e<@8LooH{k`%v6izQp|kJnhuJ&o-#(2g%i_G%zPqLp;~;(n)N}8>|Ci@Jn5+V z&*(M2nHjq!%%t+kR4zZ3jgREgsgbdKHkC`kPr4$i zAeb6TB~ZK2uf?RwPaMGc%+da#G$yq@AldY>_!#_bRShMwWBH7a-L}Ye>)HzOg;q*i zEbc(>a80fw1bxvJHJYhO2F<}-K^|SW6S$*CT2McF)-Us?AYAWH0Y#Sk^8gWkw^_4U z3^+2HO~ps@%-HHxBY>YrL~CE+Po&buUREO06ctP^>(x`B14(q0fUg|;yH-v4)xO!X zhVBeS>0RU79xdmqr^>a~Y?nSLs#ZKoEiOnqE+DH_cly>UABj?nYn40G(Q;a4moMu3 zSo9oNbBWkFuawrg0hw}5y5@LMhHk{!e_lzgb`wIK2s4Iw+igo2s6KSdErs_CfP zC*Jub-Kmw9)2asjp{%cI@kbxe#)ng5sVwHPGgOK3sJdWwWRIwtU>4ZBs_;{Bcvg^w z;{%B>5)iKJnL6I*aURls){Yf*)9EG?ru+MN`Dl8oj_x}E+FU1l;2>q2&jhJ8C$VR@ zTtgN>*w51i_a5L)r==e6l@43$@jD|4DhAga;?%Tbem!YL~c+YMzupQVR zIHy@se+~BUI}mh32@WBcM6PKj-{ao5W{~1}ljyB=Pfs8EHn%l2=!MpL*}fji-qRrK z-U1(NY_Lz1pKEAv5Z9M_AAMiWQ!`>+HT)mK87s@_mv4b#19 zF{_~-ORwvFE3w7gC0Bs1hV0_RTyc5=SsS0l`g4)@Lq1pFv8TKLy!GpRP1oZoA~#j2 zI1}#kn>BrC8gcKW-t%-A@#={d{j}Gq#B2fn!N`-zrH&>?^GGg}qezT}o8^X1MX96DWz`vxBYzDe7Ts# zhL*<~#3=76#XAW+j(C7uHfPe^?=ac_$l#{V-@NU#z&rS4b#>%L!G9P#6tT>8w+Ot` zm9UPPLa~B=aV7NXt=Zfibx~K%VH)M7Gb91g;x$tupG&=-WA;U!FW_X!geZuUml*u`XQaX_5y#9v|}d6|x{Zkm$u} z(VV~ITfAf8_9?AP$SV~T5NlB$4`uCPv zK5Gl(rJla&-csj>vj``RHtK3wWPKcQPCYLdr>HH6YjGVDlfw&ju-9)N;yknF(aSWW zPOqDmnM>5%d(Wq?cXG*h)K{VhaY9yh*H!XNtX1x;tK@-LtGrZseyC5bDpg-rFW~p< z3tV0&Q0vU5pSj;yTVc-mv*JF)pF^>`9wN1n99og3Zqyg zW&WaM;Ywj3CqTQB5XXSy)g%8+X|<~GcCn-*x`DrorJ_wWpnKzKPLVnvMU)>NO{VgY zz~Q?@ejiI^(*t(3iPwj zpNBS%x2b(w7k$X!Z1!F3}fdojGeNc&Ah5+ z=31DUpqWi@%4L{K*^*RR`dX@D?I=^h#r9bv;qAL`TcbLvirdfVn5hVG4wO$ z&qXIjv;0E-JnV*r5jQMg7#z)LXfzqupRaR!!SLzNS<^;;M#xx*K9B1@7hb5(qi&za z+&-^&XYdAW9%y>5uc-^x|DQFjf~M#Bnx3XF`aaQ#wzsk^3@|Z{C2yY3pjvfv z1cQ-dZe~!PG%fU{Dbq}ED7tg>klTFiFA$uk%}IQfpsUH031$?yji92yEJ0O)IfC02 zxP#!70;dV?RNyXx7btKy!3!055y2S+UQF<-3fx2RYYM!C;MWy+DZy_j@G^qmtOviP zz`d0CZ3SLV@H+~;g5Y-*xR2nK3W$zZDIhvtt$^tGJq7M#V$f;Mn%6X;c&&LI(}(-9 zDERO7<_%ohH<|~yv{+0o?UZTZ(mrS`mlkWf5!?K2SidFaAv(oEsyk=i>??pCDnLO6 zD5wAh6`+6uz68I;*!58Na7fQHG=x6(cJq!+u;)E^xu!i2(;^w*IrFY(W)U>ST*LUt z{Bb;EFEO7qpEjR0kK#?6Gyh)mKGe9*E57=E1;kfBpn&-52Ne)s{g48u(FYXX&->gW z^I_Ai4E_i*JJfyDbg#iEzmA{Sfs1Ix@2kZWD?V2bKCgh7^@V!yMFqspFDW2)epvz8 zQ(sX)_S9nv+>PT6rkyokZSaoJNC^0$0zcwdeyqTg1b?K!Qv`pk zz)uMNL;(pSf2zQrQR2@P_zQx+RN$`&{#pTvJb$CWPbu-Y3j7_x-z)GB1plbOKN0-1 z0{=qruL}Gd!M`i;9|ZrYfW)SsDezyE_-_S%PVhep`~m=hC^#Y*&a4f9Z6at^U;#mk z0<8ow1r`!4QeZK`k^mSwon5K`oz5;(fKF$ZD?q2SZ3@uoY`X$FgQ>=yZ0i0(3gNP60Zd?NoqHXV)u0r?XuO(CO?&3ef571_kJJ zcB2YqJelmK0NBk0TNKzzuuXyO1Q#oC3Be8px(RkFa4ErM3S3Tbg#uR+>{4JiL5~8x z1bqtZA=sDe!FSxLSd02(DE?W-P8iKP3_hBneUq z3=kYvKqh%mfixwaqree@Aq9pBMidw&$S80fK~@2=G^c=cJEnjrJ*t2-ITipT4s(4y zxFGLOe3Jrukjj`v_PG}S_c4p-;qqnk_W9nqio2#Qxd)F#iE-u85(6d_ zkQm@7ATi)(1tbPcDj+dnN`bqOF(bsCwZ(>G(cU7DEcRA;WUH z;w~QkNMr0N{-ODPd%9-p3VWxqNMr0>_64-{Zu>%9^z9R_b+RR1tQ3iLI`0t3QH#5$dsOB{Zwl8`v8Q+0{MFH;f{hjs2QaaiZ>5{K_qO(YKMWM1O%%az1a z+(kOO{|Uh>l!U}#o$gB}wTZ zHeg?;0J8ymzXHq#?CTX^HelbN0J8!6Mg{IAct8PW1NK1$eopWv1tc4INCC+P&IQ2D z2HvcIWCL$eK=%1t6_9M;Z3;*>@OA~>K|9{5z{3RZQsCVL?@{2r1n*Pe{RAIS;DZDo zQsBb`A5q|=1Rqo2;{=~j;FAQO3V`9=&VE_}*+8FBKsL~46_5?|hyt>K9#ud#kiKKc zZup#%kRA1T1!Q}CK>^ufUsOQ0*q0O#OTVnZEG}^pD!;;O=~??&L&Ri=<3$3G3%r)% z8G;crZ@9~2odvV~4jbk6@`x9<-cz?3Ea^U^Re$76PcOmGmT+r{SS&?bd_mWxvMEQQ>{N&wdd+*wgJ2>YDhW#&{ C*x{4_ diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/apdu/javacard/apdu.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/apdu/javacard/apdu.exp deleted file mode 100644 index c9183d4f3edb36531a14ef9ce3ead21832429a63..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 113 zcmZShb?P1?69XF~gKSn}Sz>ZxQA&k=VnIr&zH3EEYF;Ly_Qha@UQie0auraY(Osfawy>WzmJe$l2mo}_Tom#UrA*jashA;iJ_gz~( z?)S=T_N@PHM>fpYtGSP+wO*$X+qcdd*l?$u)!m^m&q=vJ7>yS@^`fLxzLBf#&eZXG z!jE4a(pt6pRjMbQWQx|w>Fv#C!%K-i;ry>x;+Sypk2mBGf_m=&wi%nJ1P}&1Cmf*w Y`V1mQ29Ysx2*Egl$QcF1K`7Dt23m1Qb^rhX diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/biometry/javacard/biometry.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/biometry/javacard/biometry.exp deleted file mode 100644 index fb46fa306f4a42a95473efc641b5ca5ed90ee7db..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2254 zcmbuA*?QYl5Xa}pi{k7n(9otp3$>xtVP9GbvVH7`XfcxPk_Hg6eVQn-N!>%U=XML2`f+S!tS9A|6u3N&u^C+o=L+|2Dq+Ti$ z)E4n597YWCMO2b77mJZdQcat|8ea3_P>dWg2*N0gju;fsCT5Uyj~S?RZE|lgAv-6* z??E?+dr!-qa5xZ2d{L&rmx-yc#bA{*<$e$ymF>=n=q4(>&LB&E|8t4K^W!smZA86c zJ&Xb@@^+eCE9&%z-BT^AIK%5Wb({ic|I(?zSEo_Ny7`&kwep@qI92*Oa!J=;AQLjzL-SI72K$K5rpWcV<=E)7M$WQ02-65HH`V8`Ko6*759!TadUG{7j)&(u zmLe~H8wdRnx-1%3i+!I)sDO=iL@=V><4|Ga3)uE4xjB8`*(UO*U2&G+yr}R6gN^5o zJ&HT2#aA;Aq#O6Kd(Uq;<0uISLVErUgFDl(QkknbN-v7PWw2b=syY_D&NZ)+;2L%<>9HWTMh19o(j67ySR*+g-;yr>6UhRTH4dBn&05I$vx+Q>Yc}WxO&4% zT@z4oU-tQd>pAv5cZtkle+|8f3)|))A6WZoWkOv+2ErhS^17{wvo0(xs`y63yz zfsv{fF<`~69r$+5c1W^>>s!0bkj~5KhHK7DmMaWaCa*YyS8*JhnqkhsHN4;Ey5%=D z&*P3oKG!iuQ*+%%wv(oXJF!;db**K1K7P!+rsilS3GpMf+8Kv^c`+E2ij_(!9j`0< zes$Zh^>Ytc!M^WH3M}2$^lYawO?-^W6 zUxa~zR)GwGEIyoq9298J^4M!MbD%0{3NW9c<%7j6nk87yp;>{|JeoCFRMD)%#vGbW z*kBm$Eec0bv4yYbu7F;z!S+0wH(`4L&2?B^L~{dn6r6{5D3pSsZey@l%{_z8zJwf> z>T7ra5AlZya#W#rkxwi19)UX&C=w`1;C%ugNZ>Ak4<&F9W8kq2yHwndV3$rG!zUEw zQ}|3l^EvEhvA7}ri;deP4;obPG-+I#MO6Z67BvZ^S#SxYS=1$PkDN9nutz|b!1o09 zC14ORC14S-CD0`Bg9ID`t^_;+EeW&3-8j5Wr{c*v?5v2$ZX&lmbqH8t7eUi)6186vQk<>YUMH)qFU2ELvhO+ zo+w)mXTSu5g>o+%#C{al{mwAR0^9)x$5SMP)FHU(~SY?(YQY zk9yD_guRGCzW7iTYnb2+8pMVlx3(D+2qrYwP01;AVEB7x)7m6IL3gKv8C3k(PeP#m zMbyxucCcq{>i!`0gc-b|y?l_$n2Re#v8F%vpZP7n-`*=V!(KOt`};TIo>_Xy!z~8q zCu=4L2>Jy$$>1odl{$X3RkE6ogH~LC(|D~I-ySwQVJppkx+q46y)@aceBuI}W3aq4 zOm1}S7*~tpzn)?Z>vcM*UM*^NdaWl))D~2}eLd`kSkkGYN;=p7J(G?x zQa`+-ix`Efepqmfmmls>Zy{>;s$t}J7+jffEhB&9cXNfolK`cF!UqTlQU1t>ANI?{NlF%I30Cvbzok*ZSG6y2+G#jPb1sN%!{!||zG zTA6#cqnR$D45F%Lu5;%QWpNfXM-w=`ib*!#>(j%!;?pErYvGgY@!f zD71AmiAkVYiRM7E+EV{i%W>s&KE zTX9|PB)74QF>FPMdzO==wTgSE!mCP6cRk#LuB|wVLCN5LTWk))j#O|4*NQ?_Cyx54 zqYnB5M;+T=RUiH@la*0Wxh=@ko8!tB82n}tL%%WEmyGhk)1luP;Bqe}yFgw*w`hZ3 zoY2lV7qstGx-!~exZW2uUFYlA7j;FiaV&;r;(uBtc_tXF)J##cZOd_a#ZxuQa~n2l zoiwfV7dLEOak6Kn~_;m*jCTpqPe22E`1_W>L(+{1l1>n9rd& z0*iSRM`5XeVi}gEQ5=Jn85GB1WfsK=c!y!|)igLjmRzGbxyA_O`YgPgL6u9SLTLi} zO~1aK_;cv&Jvcv);(fTVfZ_yvkj02s(}=4WG5^}M=){+yNGD!{BAxg{n4Q9H^$}TS zFxTs7`*v?Dhwg8t?pG7{ufMT8ssyA4utEj=7(T&YX+=LJ@RjX9=pb_{^0(S}M5-|$A+?POuzyk?9gdAYcKY|~q^&i2H85AD;lud+B^V5V@0mT3{&%h9NVIO|R zx0F0>A|ETpmIRVwY)c?1Mks-#7>^~86yu2ml45iupisUHxjWLOBnzYy(0dE-7w6Ls~ib7dq8`E}6V1p{jOZ_i-P`~Ro%2swfxb(RaP+V zpN$`+PtuumIr}7#DW4uyOM#kl1&u2XXf)y(ZgG7?juq6!AIQn6A^7puGJ!m-r_07}7xG~O^0 z%S+2k=2noju1?wzX}g{Zl-$&e1yW#MjSO@xTFZbGJ;EO;oY64xMlKF5M{_^rv=PmN zRiG`Tj0ial&WFQc3g*TA);SsTj`|b~)nP6ABH8+cE!T@+Kem%>BUs32JfUrx!BDta zQZgB6YvS1Rpn}nQL{7s@MD!#r9#Swxn$1K?k8GQUuE$Kr(&07+jgFFsk=F3bA!ml8 zZA~0u##&553yV%K7uuRQyo}r3qiRu-&fZRR(sFMn?cUbcHhOzeETd>nr&FD@?DUdw zN^2WVrxgrp8_9J&#jV9;odAuSzeAv!5tu^U|fPAzOE)t(p)PK*_^#|1?)&Xia7P;hyON{hG7S)J=2)l z4x7L<)+3?Ne0#pI*p|1SlZ+pEEf^dkw{CtKleZH5|v+EEswa^;|T! zQVLj|TGc}HH<$68-b%!DJV3S7z2r{)QQx*7ef2{@+evkuot^!G%kdW2;G;ETDY)W~ z?wxlHT=hrKH|V{cFXpRv6mkmvo%?4AO5wzQfrrV9%C{P&}V zfxolZOuCyQgWYlWpt<@+(*RPu! zLzVNDt!g=Mome~RT!Uk`yeC#U|L~Nlhpi3j?R3iqBYGrOFWe9ICxHCkz)R_;UgiE3 zkCg{_ga6!3p9DR4#JK6Canbcm7e5LY-r*=JHQlWR5f#(Hy zfq-9tSpqK#@DhQS1$c$Ps{#ZF+!P>4ASA#Xfq4NI2rLS)L?A4{GJ#tHtPr>@z-t8V z2=F?AHw55TMg-tiMg`zjY65U8V*+q1bpg1Qs{(K<*92InJT?U2Jl+(5^Vk%C^N0(; zd29*5d29>7c_akjJdy(NNWCQhk5ozko)1F+o{t>?cs}k5!1J*y0MEzU0`PpiBLL6G zJpp(=_5|S3zApfe_PYY`Xul@_*Yte>xTdB6AAk?A5otURSY+_Hg)CU~-SH4|bO!80 z-i6`-4!ckk;88b=Vh@TEood2t2{l!;MD={@`gb1ywk%yF;(!4h6YG zLGD--=@=q+D99ZObmu{F0u}}SvF^2-Cg)V_;UfYc3-AenPX+jlz~=&d0R#BY$p6`> Z2U9A*mtGWK!Pk8#zJYIjD87U5{{!ba$MFCF diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/external/javacard/external.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/external/javacard/external.exp deleted file mode 100644 index 4af91e53addd3e0a22b689258f9ddfbd0055a81b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 857 zcmah{+iuf95IyUZx&cy}mQoTfY&wb_ioPjl|d@D_IB@)#a7X@!xuj$te20_R@ zYKd&BxZS?faof?M<2!_{yWNocU8fUq-|zXlgA!GLF-k`2CBuppH2Mst`jDkFSJ8B+ zH(!c8O&Cg+HolxMk-fh>il0w|&tv&Xjnc%#F2mMx5~0=>!?85+@KT_V@tAyHX86-Y zjV7`Xe?s0~)VAMeVj^d0_R((9KKx1Er;%Tfm)lZdXn>jD$bq3z!n2ZIjVqw$34x*4 zN6()QLt9kE)>+K>g&NjSrrXs8@tOv%7k~<75VVdPB!CT64LTl>wuwjB!&6vfx=y-@ l?aL~+3P43Ob_&34QXqN_bs7Thpnk4SgT`Il(?#y1{u`7u$#wt$ diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/math/javacard/math.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/math/javacard/math.exp deleted file mode 100644 index 89a1ac6c55c95a8554309066ac86f73d930477be..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 812 zcmZ`&+fvg|6kR(>o3v1+3I@C)UTE~8AAsYGK^Y!E99tL%ADq+lSc19KlM`(J#_#bX z{19JspA_&i_93%Q*4dY}RwnrI?K@d`N~k}JvsgbT*qz{ruso7_UrfTOmPM}|k8`Ev zu)6FK7Na~nlS=pVT{$5%JMY6@kDuVLyKws@VIeLUcXE{qO>nEq;F#CR&!tET!b)fF zRGf)!BC=8UU~noUy=4m44I2qHoOC}bk;*T*`qbqiCtaR*sN=-N0%7UjUKcGEv~%!w z|3&{prGP?0Ydg;hEi!#1l2Y0L=y%obt9OR62u`PGyf=%=dz_Xj!K);PhIdRtoPii} z5?)abv=R{$URowP9w$>mBg)gUP_myBHfPTM?;#$&F4KWjTLH_v*uh6v=T+vcnZJNJ z?#XPVPmH+G29;D8&jU|S3hYBob1HHX24XG$7q68Alv^;ti$hO1cOw>EcM zxMqm!e-O)P%_gs$Pre*NxB=hd&Q3Y*f6g}hEk)4e=3vKBNl;W_N&;q8=6w6V9sbU+;PFwh)Pf^B+z|pwUWa-=V zdHN82kp5}!RV+tc_@VD;&bj;C!JohXA#!*nu+nci{Z6Od?OB_y)oQdio2_jD;Rwt( zR2XY7)VtpBSWW>D0;^5iwzliG+v@L_R@dEXcX#SN7IQ4NcI$R?(=~tYS*~Nf>Qh9E z#VLX5XF(X~4S{^cS=$vb^kJktt(SjgUbA`@fCqWzqjSqXz(V@ zga6kbQJ3dGu5DfXo5?)$?9p)C2Rz&Y9k!hv_c0%)1!kH~+pX0eK5^HXF$Bt;Zo4zN zUf235xv}R03%=Ty9TkMSp{NJCmC75_ad^bD6RA%8Y{EMvvUX{rnR1{aDX^pl1G*FQ z*G3wU?z436l(-naIvROwI#+qkInq2v5bn#f_8`qM;UhU3dOpWa!lXWgNqJh?>QqJz zFD8?j)MPC6N265A(+V6>V<)`DoW@AS6iZX7q4a3A#=XVqC!q~jk0 zeaM4Kdv^F06lJ(SR!Z^l-uZ^7R>?d$?u~To-uoK*Iv5(*887hvKb(1iHbn6^TA#gK zF^^7;UO&nxU>U3U03YFFdenarGA}?feF>4z5CyiF&JYGgpkomw+78UnN2giLag2E^ z5E%c(6TT-pzqD7@vm#~Djn@!9vu~0QGVF^of!DOM-U*qrb zNBBehqVH@HI4A*p9`itE^X{CP^Ul0y4*mK2A0k9eL9ypv!}DJV3MW$~L4#G-*Bfo$ zX;fT6bII3hmX$INofD_xwDwNZ`z@#LzHPSNr2X1SdQB_ZMrl>h(23jf_TOzZTXn}5 zq;%HpAUxvPPE}BXA^fE*JOeb`M%6!n1LF+F++U8JT3gUWGRT*%IgM&MzkBFb{M8gf zDSmV9o$tcqaq{XdIaO>4d=NF#_I?GC2$MY97w|_{Q&Q+XL1XMAZ$qKmf*yc$*;cdV zjG6T*Z?cyVG<}Iz zCU4r>E4yqJw2Z!?XV^6)XzCKzLQyZNw#FV|LHBwd_I5!lBaCGiw=%Z2j%}i#cP_lf z(wuIChoIS@Cs%eoC~+cb?eu!u=_AM|e5Yz2*LU3(3gNYbQnZdMzPs0JHd4pol&Lvw zG!uQoDtrT;?zFz2)R2_DI;kMmE1T$475W67Pg<<&m~(XGHn4@rzQ-oc#&l01ih)3^ zT@{-BcOWrA;UMbOD=UO^!2(?RF9ETM;4EBIhi>TDo?CN$sC%Y=4&Eu;gQ#m)yK!}| zVfHs!_J|9h~-rmMhrXJkrjejS`QL2-fFRV2%GsiZ`Gf(wshZ`*r4^1C7xa)F z%&iEV$ZZ_}? z1@xY0`t<|hwbP1w4mfc7va?TisEs@_v)_n-jmuZ z-L)Cqz5jN8Bj|3QjSdT{lZgL@>h6Z(VZvt7%v-pICIHbOdJBX5CP5(zhhQQU4a3Ap ziNM7159a|wxgZ!ygkWMc9EOS0NCak-Mxuy0M&kk|4FsWMf6*k}p}Y8X4+%mv$-tBZ z+-Kl{1UzKmkp#TYzz6i5%EEO0kgmbTqK3_FOkCe zm+4a}N8id}IV#6F#^^I8Fwf#Ji?ot}`JBEOfLWq12Vs_JHH`e<1o_jPf1r~edpK*- z4e4OP7(L}wWAuXisGqYMkyxqRbFS(dv&zuAlL#jdItRjPQc+*j0pdwQO0^#K)AP`0xIMG3GNuq9xNfszD#&%i4Q m*k)iy0$wxlg9QA@z)uoT1`}+%E3cnvK`OmNBP`loTKF5|vydDB diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/framework/util/intx/javacard/intx.exp deleted file mode 100644 index 881a9612d59a35ba904ff74d3d0e24d68bf58c35..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 309 zcmaKkJ5mBc5QhI=V26hf2nY;}NM@rsfRSsomQ@Bz1W|({wXh83?4WoX&*LFHh><;N zL_jBB*Z;!z=NBay5!9A9ws1i{oy%nfp`*((GF{p5Yo&Ug|0&JCqM}k{C1D%~rk-6> zSr_BC-t)VZb(v@LxME-STsM-`4{Ls9Q?px{$Hm$%!%a3LOrpAE|8y|Vp11aG=Qm~_ zs@ha89L)WlKw&@_9@iDl3D+m<61W8QJ^(C|F3AW1Bb&Mtm@`%V^i3Cki)#YJ0>FS>FpqEo_?W^f|D2saUG=)M`8 z$jCem!vd@o64vMBueI`w9>o!1<#+34oFw~F$uxtUc_>G(|Cuxzi&S1I3e6OF30r%! zjq3PH?-U*LVK2t&$@dKgDG zuJhvgz--hAwN4QD`(AL=_ku&8K)kco)@oveGJTOuWeEWB8}#12^^XoZ;epp{zw%#X zu*LqK#VR(>3FT(k>Jx19Db;5kL#Pg==}Ixtico51w^S!HWaq!O581na9?7wZwX$)C zP@g&PWz)qVkv8uA)yOFx5H@Ct?o^q0By;^ogx$;Sxy;&};lJc9{yvxF`Gh&X$3&H{ zoW#JY5OyqJ6*oXwVhA?iaN+D6SfB+iCGdxKPzIH_EMT$B#YTl$sNx#OkGl*n;XWQ> q6Wbi|Pi8D*g*&S}%)-qKsONxNEa2`M8rh87Xyk^i!{N=?K;swML)y&% diff --git a/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/security/javacard/security.exp b/Applet/AndroidSEProvider/api_export_files_3.0.5/javacardx/security/javacard/security.exp deleted file mode 100644 index 5153a68de41361ac16c3e58ba895715a58a0dd5c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 403 zcmaKnO-{ow5QX2wNt`xqY5BPTtFX!eSOc315Up5r=Y~;96{W&k-0oZ*#8yxVwJF|Oc&pG>?8GQZxg+=g^A+^3)D{ULAm0G#Pz={l+W!Lco?gSg$ zZiy%W)(xvH)oP^`Nktga#_CpSyI8H3OG|6C)nG`rsm*ng8VcZb_en+JQYcT{LK8y?>kg_13fgcB^v$l}0}#(J;neNiqcfEii+g-O$V;Hg=E2s;;8wzZY zu^uf>if&O*$c2J*3biCDiH_v3{O-z)Y5K1vwU4cz)J;(yArXqoq~)rkD3g}UuITjN z8>HY0gW7ARf~yR&^2&vYnRK$&i6UD>bz->Z`tw#;RsJbff{T1ZQ61g z3=`x^%@fC#+wyDNJmd|rAw1u5X_CgxePJH<{JXTe!k}pHibheVk;s^yphP+)GU!^- z7QAxy35Me|D%IS!q zULtvdh+_mXdeo3&A*3TAWTGKtV+1*05wZ+5o(U$5>%DoGE_#DX_V=VED$6}^nXZWgpR$2sZoMiWFwT+ZJ88h zMAj0i()V - } - - .interface public abstract Element 0 { - - .fields { - public static final byte TYPE_SIMPLE = 1; // B - public static final byte TYPE_MAPPED = 2; // B - public static final short SIZE_BOOLEAN = 1; // S - public static final short SIZE_BYTE = 1; // S - public static final short SIZE_SHORT = 2; // S - } - - .method public abstract write(Z)Lorg/globalplatform/upgrade/Element; 0 { - } - - .method public abstract write(B)Lorg/globalplatform/upgrade/Element; 1 { - } - - .method public abstract write(S)Lorg/globalplatform/upgrade/Element; 2 { - } - - .method public abstract write(Ljava/lang/Object;)Lorg/globalplatform/upgrade/Element; 3 { - .descriptor Ljava/lang/Object; 0.0; - - } - - .method public abstract canWriteBoolean()S 4 { - } - - .method public abstract canWriteByte()S 5 { - } - - .method public abstract canWriteShort()S 6 { - } - - .method public abstract canWriteObject()S 7 { - } - - .method public abstract initRead()V 8 { - } - - .method public abstract readBoolean()Z 9 { - } - - .method public abstract readByte()B 10 { - } - - .method public abstract readShort()S 11 { - } - - .method public abstract readObject()Ljava/lang/Object; 12 { - .descriptor Ljava/lang/Object; 0.0; - - } - - .method public abstract canReadBoolean()S 13 { - } - - .method public abstract canReadByte()S 14 { - } - - .method public abstract canReadShort()S 15 { - } - - .method public abstract canReadObject()S 16 { - } - - } - - .interface public abstract MappedElement 1 { - - .superInterfaces { - Element; - } - - .method public abstract write(Z)Lorg/globalplatform/upgrade/Element; 0 { - } - - .method public abstract write(B)Lorg/globalplatform/upgrade/Element; 1 { - } - - .method public abstract write(S)Lorg/globalplatform/upgrade/Element; 2 { - } - - .method public abstract write(Ljava/lang/Object;)Lorg/globalplatform/upgrade/Element; 3 { - .descriptor Ljava/lang/Object; 0.0; - - } - - .method public abstract canWriteBoolean()S 4 { - } - - .method public abstract canWriteByte()S 5 { - } - - .method public abstract canWriteShort()S 6 { - } - - .method public abstract canWriteObject()S 7 { - } - - .method public abstract initRead()V 8 { - } - - .method public abstract readBoolean()Z 9 { - } - - .method public abstract readByte()B 10 { - } - - .method public abstract readShort()S 11 { - } - - .method public abstract readObject()Ljava/lang/Object; 12 { - .descriptor Ljava/lang/Object; 0.0; - - } - - .method public abstract canReadBoolean()S 13 { - } - - .method public abstract canReadByte()S 14 { - } - - .method public abstract canReadShort()S 15 { - } - - .method public abstract canReadObject()S 16 { - } - - .method public abstract getMappedObject()Ljava/lang/Object; 17 { - .descriptor Ljava/lang/Object; 0.0; - - } - - .method public abstract setMappedObject(Ljava/lang/Object;)Lorg/globalplatform/upgrade/Element; 18 { - .descriptor Ljava/lang/Object; 0.0; - - } - - } - - .interface public abstract OnUpgradeListener 2 { - - .method public abstract onSave()Lorg/globalplatform/upgrade/Element; 0 { - } - - .method public abstract onCleanup()V 1 { - } - - .method public abstract onRestore(Lorg/globalplatform/upgrade/Element;)V 2 { - } - - .method public abstract onConsolidate()V 3 { - } - - } - - .class public final UpgradeManager 3 extends 0.0 { // extends java/lang/Object - - .publicMethodTable 1 { - equals(Ljava/lang/Object;)Z; - } - - .packageMethodTable 0 { - } - - .method private ()V { - .stack 1; - .locals 0; - - L0: aload_0; - invokespecial 0; // java/lang/Object.()V - return; - } - - .method public static isUpgrading()Z 0 { - .stack 1; - .locals 0; - - L0: sconst_0; - sreturn; - } - - .method public static getPreviousPackageVersion()S 1 { - .stack 1; - .locals 0; - - L0: sconst_0; - sreturn; - } - - .method public static checkPreviousPackageAID([BSB)Z 2 { - .stack 1; - .locals 0; - - L0: sconst_0; - sreturn; - } - - .method public static createElement(BSS)Lorg/globalplatform/upgrade/Element; 3 { - .stack 1; - .locals 0; - - L0: aconst_null; - areturn; - } - - .method public static matchMappedElement(Ljava/lang/Object;)Lorg/globalplatform/upgrade/MappedElement; 4 { - .stack 1; - .locals 0; - - .descriptor Ljava/lang/Object; 0.0; - - L0: aconst_null; - areturn; - } - - .method public static nonNullReference()Ljava/lang/Object; 5 { - .stack 1; - .locals 0; - - .descriptor Ljava/lang/Object; 0.0; - - L0: aconst_null; - areturn; - } - - } - -} diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/java/io/javacard/io.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/java/io/javacard/io.exp deleted file mode 100644 index 36b9d18b5de6cc36a93aec729d6767375ab34682..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 242 zcmZ9FOA5k35JampnlWlLAl@NatgSu$w zuBv{8$L-D>1O#`iv??bA7Dh{Z%H2^E2f{F%=i(&dLg;mzq`Az>QM4iqDpi?ymP{|1 z+?L8{js_w4k8`-6cm-K(_U0_oLUOczj4w``z~2Qvp$p=Qs} Sf`P+B$G*UMDbFnym*~@|T!-5kj?jJz+D}_Lx6v_XZR0 z%G1^(LV11HhBQJ&?cR^W;FS$LZbSB8a5;DRvlM}ELk^*)D(+%miYeFfJi@WculymO z_hQ+5x(H%_7-_JG&{VJ!hHPQb8we*#-|!KWV#ZfheetGWpp4MaWbApjf$${{wX?So z4wdP8EQ-1;lA72-I8ve$3OSx~DO`>0BGeV>b2lcn(7^s$4|-u=2BCi08iMoJqeQm? zwBG?>08|S_pkIcT^re>b)j*nCh_tkSZJGNl-%v4=9FeM-I7If$Bv0hPObSHmX7UYVIh)D= diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/java/rmi/javacard/rmi.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/java/rmi/javacard/rmi.exp deleted file mode 100644 index 8c6952376e8ecb8638c21dc6ea152906f094fc24..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 337 zcmZ9IOAY}+5QhKiK^u(MAdbLl4nXWIBoc{;g*o(ld$i=uLI~ zUse5;!t?&H7+QqNMx2Fr*eY)-w>pv>AXF1E5aG(3_#3&5I2a+yQC-WSrxYd;d=F(}e1hhxcpgmvAnMK{QOiPfk1r4QYEWFw{=2n_s z_r;5kkf3p}B~LiIU9|K$&Bz(Knc~5N-9#=HN3b|=nSio-ZpN7fyaMUVUx?iIImeU#yD(rD8Yhfq&b(M#%?}RvmM+xaG`!Y z406T@c zH-T)5fgYGD6y1su>O~5+F#R}=4DlF}5a$;S+r0I*L$}~~_Eivf$i9n@3EIO5HtALl zMplwSX9hM|MEXx_WmQk5jWK~MyTID)wNO{?9c*_z4cdw6=p~ytU zd3hrjqaT2_&2`?>J_PCw%0n(>%WGw99)t+T55Ib*lUxH6671CD@`zK+b5+mBQRicH z3aP&Am3(gvMRMyMZuowC=gW=NyzjL)$EYkQ>NI=R^}WD)uv*_8Fi_(z{Ndf-bSrg~ zjp;0(qt@laY}L4Br1cihRKT;fz8h)D*$>ksFEl&|>tm$R%%DEdVlb`OzjBW#vJTe6zf zMtRNC&zHRQM!8mv(T||^ZC>1A@qv{d=vYv8gkc_-YP&?F^TeD!XIdwU&WXHU%39)lS>Pk&?$)vTB;(fNQ5uE+*O9&m1m0w%(Rro=18uP%)()dIRBE*|&2`DR zH)t49#txWwE_o~Esti20#6EmWIzZ#gBm zq}+A4RBj-O$FMTzp5F?O14d0hTdpOFPg*+K)#kM5aa!r}6oSE?|=s#~pkcrgsa`%+I0Rz8a^I~7s1kEHAi^@g_=qhCV27}=~o zgUO>{qsk2>3z>{=6_Y&1a$F>}bZhX(U}3c15(zvjoP)&~-9bspV-VMQGWswkBj-@j z$fS!}5+#zck3eX^Z0Uw=7bN2om@Fd{)AH$p(iDCh6UB5=I$$R*+a5PE6&GX3h#WSw z>T;pFRH^aUvJ=f}3scnf!x6PUGQbq=zl+BOU7>sx=M87Jn78z_p28bR zwwjrKHz!^crWShzdMqC7uFUqRHhpMMG83kEcdU4d8O10RV5=lL)| zFy$$WQ?ODythNPcY~8Pwym}q8OmwKi`iD8%_e8lyMpcadf}bdIZpYy57+MzXBKXd0 z7JtiU%^b#me*Z{DeoiRpaDbWxXU3FlQ=LF7+=}vPvQ7HtHdT6va=`V$6@f(g?!_x) zYoubVzR2$ksa?R-5w%$U9#TnNH%uPJzYE)_XlGo5;b~ktZ<&snGP8IHr46k(r`bn& z?>CXL?Ik(G$Q39&g2>xkIoR=a2nJ}c1p?E0Mk{17ZS32!fLF1jrJO9@U%`;1@wphe zo|Q4ljE|@a21gZax$-C?X3JT#DFct_bfGwdCmip7@)C~8z^I5&qnhM=waYI?ed6KO zY&H~xUjuo+)~J&Tr=bb%@V%0UTH2bed1yvq#9&-qZb7}%wj88~+E}*6 z4<-4Gk}Kn=Ohy&mjgz&yYy}eGY2dj1N=-hjMwKsc**GD1`GhQ4ue!qBkHv*pu7>Nh zUS@2}*6rQH(qV*t@J0_z_2wW5sS4Ee8en@PVesMLN6*eaPZdBmb z6n@JL6m(_85va6^kmtd9(9-hiwWg2Chm)g&r_F%~ieX0(n*3KVeZj#peqwNR@K@Ap zuq`DfZbD$Y^}6T7Yz=S4my=24?1gd*XSBKC^Ljbx+}A|Ga!^i`%!irsqlY zr0DT^poGcaZ?Q$SrnV-*kuh;=w8;@Lipg(B5#g%Xeude2Ed}Q#Lg%$t5d0w~N60~J z!z^JIEas2YNDeK^VRy5P9NMxugPlmq5q?2+AcL)WhIq8_!% zxT%~5=BSya052^u!dg%JXJVqTfF^jXiZHJ!oMEKmqhsM0b|J67S^gy0He~i&?r}8f*-5f z6KzO{6a6CgD7x2@5ICG!`DxIzK;GH|5=T*bgX1-P1lYZO3U|G5hAJm$Do0j3$)uK?FEaJ>TDz`%_Pa1#Ru z6yP8OhZNvu2A;0~FJRz>3UCVpw<^GG4BV~&FJj;@-O={koebQi0CzKRj{;~6Bo!dV zKw1HG1~LjT!@#Tp7z`Xy0D0_D1;{eToC4$!SP6vOu^{9)$`FY6k|jWFa!6pY7%ukk z;yfMa#S^s91#*%WyFu;)%Pz3;KZ5k~4noX+ALbsc{UEu$AWO8+2U4Qt7>Gy9GzLMZ zSx^@Qtw2=#|0}8=5?5(~x`qYuKMTlQ!!V3L&xfBe&b~ErVF;>H4ON-e>HaSHb-WwI zr+N=agO2xtH0f+#FLu0ydLZsWdWar|hAf$-pt!~9#dLwcq%c80L>pcB`eC}z-H-jh zjK9GwGxcSPC#0`lt^hJbeoO&mi2S$$NRFRS0Lk$R1&~4XN(GQX^eP3ALG)@RcBRnQ zD1a3Dh_Xd$`dS5$TVAIC8tol`9bQjw*a7lJdeacdo9QhhAaA9&4THR$-Z2jHPI}iQ z$h+y$%Rt^k@0|j9A3b(C$ouI7yForkwLKsoqQ~PPAEu3NkdM$4gCHNJpJapo6l@Ce zBncEr`e{^Jke{K2evpsRMlZ<6X`>J16ZFJRkWbR5CM5ZE56I8bQwfltqs38>pC_>k zCJ@`UObAThIIZu9{ zt=U6=Ku$ltkhAe|(68eEh~jS6><<;s%lrS40?7M+Q2|mYF|g~G=*yuVTtEIYkViC# ze@Q|fardOJk=up#_Q$jsveFp+2|JmI+YR!kfyy=sR{87n6svqMEpjROGy3!X0ZNE{ zf$VYC^{*67WE}ss0!ZcmMggSqf2#n}d4Hz>(s_Tc05YHcK>@zO$Nr-N{1XHJtN{PQ zz`rWMHyQXh1^9Oc{zC!&lY#$IfNwGIZ3U2*`)>u1m-`lrVThy^l<5m!!-*?Gjx&|GEwx4I5JTTaLmQUAe@8$f?6qd zh&bX=4Dp%}!(s&SD0YejoGV7fE;v_=(FP_WF-{wZM=>E1h;lJW7Y0Cf(+1>;J+y#a z6_?Q><}NWsi^Cw7)8Yuo6|}JvWG`(bK(0i}^AXoz5)0D$QcF3Xb1n8L#h{Cg@f;;h z+2lf%M5h+F9KP#T-^MV;5U#9qdxy{B_$U!(yJD;D8|5_c#7CzQBT z0XU(=T?!x*N-eS9xHKcO&oiC+^|EYDku4pRQ~;@8N&%#PX$6o8uc|Y1Y3gw7&7!o) zctO13fAAB>0!p0>32t4_I5}|49uFNH#}9785J$Q|j*25OkgS;N2FZyz0x?Ct7vx@H Q^?=yI=>sW3Y*v5FOb`>;NVq3neLgo033V7t)0ipp|7M5y+A&$zkcDD$XSl*s_u20B_Uh z=|l8E`lp@-CbRlV5L0*NlJ>My-R zujz$*M?tFm0LHa6CtOLR7MS32#s7wjD=INt2V5?wzbJQCrd-xOuLFAFpw z(JcFwTVAkVHg{i&W?Y~ti7wYIv#wgsGgmX}4aZeXV^gcDhNH>4<~)-~svu{j6GX8W z#5-QAC-OujNp#^@q-HqkmW3F$=Onr^w3`j*grnIFX)PUh8#$*a(L&wQ3`MKUx~s@m zb=%ads)f94i55pqu4dZ}ww*uH%k{d88+K5W#W&_9n(-sK7axcq_M2WTfa%1l%~->r z9C$$>TDEBRLcxa0z|hBkV7NIJbOihHyCL`&C0ZThZ;5s%7DMmL5>4Ir13!K!QGRu8 z2S3H@p4W;{Z=WmKCMF~)g`z3^L!kxCit(HRY-b`7*ZVBw>c=qXkk+PU|;TbTLRODj^OGWW7=8qBELE8 z=Jyz}s=6sRbjP)78m4T=e5^v)j@3{c%`}*mcR};Cw_)2a_ZhLl=v@F-T5#BTh2}jne(cD1S-z-(xK__MgO2w?zWCQ2T4>akT==~KLF9Lgg=@dUR)yT zl2k}c{OZlIW%LxdgvHc_gNsQp1_Xw97@Ma~o?cT#y(0Hv5(84eeU#@%kRMct97#Ed zJZuttF0l{07XG0nD$+E5pMr0WPP5`nMp0tL*^FX_6|)(|IabWk{OB1A8AWo&Vn%VE zrcO*Qj~qXu3lk7av^)v%F)dRL8DAM>{K2}owtGij3%n?<(lr*>=@Zn=SO5pcf_?En z0r4rVFk+w4jVXv#pbD`@H;WLrXoZpaoNk_i_<~kWLwrf)GZ0^qRD!ro<+BiXXnh9a zYg(U$_=eWcL3~T=a}eLr-Fd!A#?1w~mjmpmhC$oNpm?7a`x!s@e`Jh=AJPvCld}@3 z_y$|H0N_MF$7>)mRp>zuLZM;Cj9`PE;mGxEXX?{f@hGE6nD#iMNLZq06wDHwc9m)w zNDMN$iFGo$i9eCW(AsoklKUo@(zH)Ly`nbt*}aqDU2^A>j3T-7X-09L(|nduBy@kC jQT)svzho4@vf{Ul!bKKH26;0~zmKHv(JrUoq+0$x?Twr& diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/security/javacard/security.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacard/security/javacard/security.exp deleted file mode 100644 index 11514947727e2d9699b4639892e0a8960f55cc4e..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17189 zcmd6td3;<~b;s`=SsKamBH5PXC61lgPGl#+mgG%1gp6j!mavw|jO;iGFpQ;%tVEho zMx!KV4LfOo09`0e1A(xWEfh-AlmZEqQlONrlv0|FKq;k^t?Wzq{my;w&3Q9VHsr$} z^~ayjoA z=ibLp&AImhYnD&X50$2?(}fubO^Vc2)^uH4xS=pns7&sfFHS5}rmLrRL1)~wTGPRz zT{DH!)UL4;*A^$LakJE#?#2pxSzF5t`+3u?cayd4G;Bxmkj0YNp;uaR~K%@B1Qan(4R-^XRplDua&Do8GnacDH zg=$eGHbgp?SvWB>Js|>TTeGfFMJkt&(sP^>$MJx}cx;Z8)fUflRjzbZ@Hi*BO3j7y ztyv1~ho*}&lZVg^?ZHd$2()xdhqZL)YCV^5$}!w@E9)Ld5H091Q3HaX6vKmJcu))v zh^?C_&z(w@XA9G%U@YekRm!vI&hFtxchgC9#z78S#860K-0X*T_~H#79udt>Cv`_1 zbTzJUZsD;h%CZ`&CnG{&0>0n}Tf!gbHC8%YEEOx$6Dk6eer%yD);Crd97(W+adXI* zLsO%oBApYlp~yHmQmzyWrCd6l5+U?+=g83Ta5|gMCI*H^^W*8aoJiLb1shV=?N7(%F&3xQG$OtZCz@l^05r^N|x0ojHqXUOhEloUh72x(Nv@5uKkJ z)SZt8Mszo1YGH|JXD_ERJ>HMY@uL|egQ>}Za3%a9CHTRThylsw5}xg3#VrZXKzpGn zebZdIR4i370q{0bo?Mt&KwCKhR1w~SqKNrd(=PpfO=RmSRBPJF$l=Y6>=6yuMwTYL z!Jk3APGg0|!V)!CpyA*Er%L;Y;?#8M7$Wf+gsHdkVepsCPfwK)1F{riy}KII8o1?# zup}1kW$2S&(RI-)YL*PiB)n`!KyQ!|QopuZy-JnRFBAwJqHPS4Fiw zd9pZh-TcBVTHJC82l-O`C|Z4RvR~O!-O8cGLz1y(z*P2HZhtT zN{^1`v*}zKYvsm>A_%63(@B)J`lT2P`H7VzpE)`(JcP06sFCc@vBY@Vnl%ARX2(CdiwbVn zQ8rd1eTfp#%GY2C3}mRa%Wr^;tLv*MO;)FSP5-5o8bRc`b}{kU7a50ERLFU~G1sugcSE)Yl~Ko{4GEPMNDCAHekShGZ! z>yOMs4&xTA9bu}vMOQx;>&2pivLaC3dH!stk=g{>>Nlx|7csL9`&?jV@s@A*=PDH@ zvWb!OcseT+>wK*AP65}9P|*d}td$~v7(%7pSnz{VbbF|9hp+W;dNiFK!tRq!X4B(r z@=kwdBMsvFh5kGC-KNLz&s+ALQ)%pQvJ1#776Wf%a;0jSlZ~lHU00w1+${wAjqsLK z*?B?*eihlqf)anlt5+2S8d9vl23HI$&B41`S+w7JX|D;Z36J$N&`~$Jz5Uy@)Q?Q9 zycROZ4FWBG>w{6kA{Q#uBk1kR&PFIKbT5QLNmmJvxgI|ZIkK1G^yuO7L2i;9|I4rp z*GON!_eff{e`IhW-skcAFfToMcFo=%Zv8P6ru+N$kv?2U_Zj%Y|FAbyl1yK*a7S} zoU1Jw9tQjO9jKY11e;LnL`Fa+-y_{+=CG-IjrAg76L&GiixdZD#mwy%e>FKm$A z$G$OlHdfdt%I|8Z(2q9MEAJQC`|D+UWjxHo4SX+$4;gt7F0Q40()IS{dcL=p&c~1| z`n}04q=(H60lKC^?_Q++8pr^w^?Fgwbf;^BS0G75ZV;o99~d4>9?9>+n4Dc-2<57H zQ++Yo;uVXZ4drk}m-}8~hPoI~fU#GbgEAr86XWAqwa1|=mpSC^NRK^sGg#}1h3T0| zWW2n+8OTK*YO!5%UjNZd>0ioBs{D;0054xFkM=P^$j&*n8HaeE_fY07g& z+|ukglf`XgrDE=6nP=DLiJ9^|E*G|)PPs21x6ej`!t24qiQ)XQ#PCs^9XpSX4vh|t z4<&|&u0o%n^;pJmK_=&MAt4G8bytvRG!iZU0==79F)YXCoAO}hpH|l zvc$&U)GMo8^6J3qIAs@i5n|HP=j4G7TN8G+j`4VtLM#J-;ZLCkYMOsFbEq!A$^dIIl8 z(3I_q+|+otiK*!++%_ZJw_<@(Uz$S2wVSrxi)dS{Cg)M5h+vJpCkz>h+xK|O2r||@ zGWE#7r&Q#@*}-m z+7NhJpw^{IKrH&+N_(*9FB$FqMWcJ9S zAQffy%TUW}FfiWf%y-=z>ikF+J5i&Lx>yET=dkQkFUln-f&porvqD&w^zBH53bb&kQuM$=e$g%m@LoEEmVt>gN6B%=nD5WuYs?Z^N@U& zbLxVe8+!!GlGAf1ixmY|^B7Q=e9Drs4 zxRY?88HvMf`k#^bcO1=SVy?QRJx0d~^(o~ETer?#L^!q`c-hHzi+ zZgFr6u1%CQu#?6|B8|QFZNVp^Fm}@TKBO=fMW-8|g~HfLui)`07Zqd?mk1bOL^2B^ z4@iwQ;xR0U5ns0#OB~~|Ct9;VIzShzqhhtUaSoiRRy_73Y>W-{mfP5q<2HUL_JBFR?2vW;C9iw(q5JNe1A4L3dQ(21K*gcm0X9x>Cz zdAY>$cELhv}r5Ri=|>R+~nrm*TO-bhYDgE)2E6&;`DsO}}qL+nk~8 zFw_Y{2mG#B$+mR6(b-{kvMY9&3)vMHxvsd_bp^a@Z+nTHcL_YDZf+Y0h8u9Cd{B& zhswjhQ)Sd*W#};5Q28h;b8(72hE-<7jN*L^&5xN3!Q~2M0a0@a{&)qC9KH;l4Fy+F zft$|jQSXe?xwaZG2oY}#LQHN3AtpD25TV5`sYVpf|?Fm$DFXcPSUy&A$irXkE~ z6NjM!4KWNh!pw>@O{%Nh@^rOZp3o4s=c%FgJk3q2r#my~08XmB>Exv1s@MvnQ`%_j znT(!rMkk!nN!N)*sA_|%Xpl(7ZoR9j?_v_2X{4Dcq)_;!Mn4jym zr{_WR0*JnlqD`pbMqGMqu?jSZMS%vf%hMosd5$=D`EDqCaZOp!{f|po7nHu*HA1H5 zOUz60rl#i06v)ClX2mTA*S$;3tq{cjmz!6x(IuBApqtofuQa!@4d|xkwRpbWS!m~6 ze~nTolm8Fv!5=A*WtBg!2Y;f#Ybo)k3cQZs&lI?w;LjDfgW&ZFyn*0O1>Q*TCI#+7 z*8|;R-W=8Rw=iD3roRe@U*O@E;@Nt@rHfHd))3P_9IrGT{P-3myH-lKrD z=xzn1MekKWTJ)C++(pOUr@;FO{z`!l5d5_Q_YnMz0{0U9tpXn;_&WtYMDSq+K0mbVFhGt zRi6p z)6>)>$q+nUfh<8@0WLiD847UWu>}RV@YoXy+`;t6np^Dz|FG#+JL!7@M~Vi^iM7|* zDf}gyJ!z+x5ZY^-ahA0=DKBT0Lh-VsfOuI}K)jq&K)k$O0r9e;fOv^a#m+ZmDz+*~ znq82)9D9Sg-p_2ez}x2_*KCKck`1Hjr|dI>23o0#ma!@xtcpf4DaPBgjBUXm$k~_T zPw?99E%sLX3VR#=9*-UP+}ilcSpJ^wH~q(cdxDi=htf#5WjR@Dt_s_RQ%F;sf>fpOSw(i z*D9slrmRj>Wt)1Pl8|jmXRfkM-L52Lo6@Q5Jyd#!l8`;;^$N%a@`ieFrvhK5jyEds z5W$;jz=~sURzOyax72_U9dA`YbiAzwoQ}6EAUbqr{1A>tNFZ*p?})+vJMFs~0+{Ct zm1^H;ni0VE-R`7>!$u3PjAHz=Q=I8!>3na^o*QMI0m~@APf5rqzh40vWt|esD1Sgn z$SCU^Sw{IDB_X4%lV<76dzFNYvd*Gqls~8>WR!JUeJ@AoLrUU<1Rqx5Lj)gDKmy}F z1@5QB{R(`H;G;EQ1=MHa_Tx1PBf+IpbIDFVp(L1zTb-*j6StpK5}zf|$vZP~`)MWd zMFO48e~I8TN#AlVnR|!6+zyk!IS3n~63kp0!i7zVfD1kl^FcY_5QWDI> ztv(_!6SrSh63oP{J~J>Aw_i~b-zCt82xj8;t4iXB1o~9*BZ3EN681rYhZK02;1LDB zM)0TtUnls60(TMUV}@*3->gX(nLzs7Art6ZNl@ku9A=`_B{n;0)1ZrnLs~KKqk-+6_5#}PdC!qA1R3}E^=gf`Z1O#tWrN|T%NEW za(Tif5idb-oy7gMWPi$woQk>4yE)=TPSySlSCRJT_7}K{w7)dB;VRPp%KnV|)~`)7 zuI}t(rWsdvG3=u&a7P(y=Jt%m4gWgehdmX;*G6~!f(I?*LCbj1G9R#v2Q9;QtdDWL z(K0qkTE>Hx@t|cqXc-S$W$z||ah_F~&ZF7$;C1_V*8G$iUdMX*)@@nf9=>nX88fsF)bE3k>+90fKLY*FA`g7XyEO0Z3V?F8p5Z~;NL0y_xQ zVJCJWfjZm7c(#eDvrTLlfjZm7dI)-z(msMc3hc!lJ0m)_FBs3x*nZ?v8xVd6L!(}Q r>vyL87-5V+i*H8wTna1g_HHP|KW_Ah;7bC7a%Fg?0HP`vN3FjB4yyvB diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/apdu/javacard/apdu.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/apdu/javacard/apdu.exp deleted file mode 100644 index ce4ac0c97eb15a934cced0ab8cdd6435590c11a4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 143 zcmZShb?P2769We$gKSn}Sz>ZxQA&k=VnIr&zH3EEYFda80}n3~VqNplPg(4D5^y PY>YrABLg!~IS>E-Q5xl_K%mz%9A zo2v;gzwElDs`YEGo^+eHjdl6-_IkbMB!wiL{^e2}63+kOGCmMAcn7eFBoX8VTMn{J8lHyd z;URbsZpw^oC&y_o_`c?5a(?=snb9mV{QLJm=@gtY*fum%Gn$6yG%FSEIJKtk8LC^^ z^_+@ja|X;|uv8g@!`KhwmfstRG{E=3U~?=pIj=gNfm*Msx@!6b{xMhxhNum?ek{5S z(uLwv^b!oUFo*->e-hn16metJ?gbrJ^iO*zt@^RgV6NaClpUvtf#*?D4hHV|sYtw( z$EYQuVK4|8UK>$& zPzyr8$6zbTt{Jv_gU*Q>b{$IZTo3wmGgBxR@!IWIWMG|zBAQ9#7K1yl5IRSGB)T)o zcNyH6Dof8Izc0=P(Mc&$`t6=j;5N2I({)}~b+4uBO^%HP#$Zu1@u*eD{X~{xuwhy> zA-i5#vpkm@4PA8;eH#0S&!))nxM^GHv`Wr0I0(}SO()T3u|N;0WRK|09eQ&mK8gls z8kQm_ejoY0A-XK+SBw3CMktSswS_;V-s4bVlzL1`O$KdWXtW@R-j?&BG#|*C3)QW}$uW{9FCi{gm zz0k6>3ileeX1aK)X=a_b_@HEt@1uxW3g%hIGD$Zn$dCWVy^>dHjkqcm>C?q3XsAT*dn>u9;p# zbzN?o*2@DZK$?tkPtsoEA3IxlNWG|RA(L$eBt3Ys-opF^_&>%cJHI~0$?;uO55zdX9V4qNkR-iECO zG&f*n5zS55h7``!dlV~$vF>2B*UmnT-oAz`R_j}M2#@gB4YE|E_mNMF^Z|jp5-1QT zO5j5RA4%XIfsZ9{A7kLL1UppUPhf{mpTcJp<#YHVh2~4xNoTOY0sfE8+aMPzl<_of zUXn&d0!bQG2_$K72_$LMBygXc)+Mk@K$E}^1okAL6EGxT60juDAn>CEYyyr1TmnrA zv3-8j5Wr{c_{u>@2$ZX&lmbqH8t7eUi)6186J@H3);&EsZ6-IRJ7OB2i{|^<@MWprDo9U`cZ%XTGZ1^&w04P z;OunGcmsYv2gey4Cbd$>3%5!}^MT)ra&Qul72})3W+!MR+2@P)XtNil`xSSbgEI`4 zcZTtaPHf|H(f+TySi^dqjH_1*o1I?kp%k`lD&M{ubOS8uOi?DCtN(H`#%}2MUp$^^ z+Zd^j&*(fxp{kDyj`6a?9lBeH+P!KJdL0IrrX0)2-{jd`VsLSafxYeZ{Wc~%&fp4z z(<9~5X5Z`jyS@IyQmp7TJAMvI3@(o}p1T-hcasTRV{oV{l@&>Kt6XwwaRV{J0u4yT{Lnwu)s_5(78lyD!f?_E)cCVz9&J5~U+);FCj52tSHYB~`u5&}oVA90nbs;0&%5ZCRe$ z>Z2QVa6hos@%qd1{r_dMG72hQ3-a{pxS|CHzh1=9uT1tiqpbgE=ye7-+>7xn5C_l= zn&9WBTxaYHns+iC8BH)8?+c2m@^!oybxEypEQX@vKcx~s6AV^rx?M9(!*Y1Vl@-Hv z8YXHT*Nx3sjf?wdbJWY)g*ea)R7Cps()HV!KC{vIo zFe88r%+WN;;$%UQhg_Tl%%<^c4(4Z2EWmsQ#UWVCqBsmoITXvVlt*y{RthMN!pba) zWAFwrjJ}#g2S}4|v?t#ff_$HbHz9>O7f6Q^1@xROzn%={(AisXb{@ssaBcy`F?a{k z81ixwauq{nUz!+g`XUr*(`!(qO}`7XFoQGiJu*#UwpY>kHJ?}p{a;V~ug3nToLUxj ze9{A0p)$S?AK+I~*AEGNB!G_zd?J8P34A7i8w73&;Bx|B2;fTsw*(*&kOfdCP!Rwp zP!+&BfeisD1ili$Z33zQGy=K+3<9PAz9wJ^z$V}bphloBfI9^43ZOyYo&fGc2A}}n zz_-|iD85UfaN+xOEIjI>CbU=%026S5Wr_aMZ_bTs4?bf)1<{-1iY}OX<=ETRfMv}CZ_F{;08$vDBzVI>3!e# z^`U=H|A_t#y*~Aeof&pvRv=%R=gBkjn|Wv6Ire>D`1iNp-7fe=f$pqXSv2?6+~$T^ zQef0Swsb4Klg^||>wAGrX@9d)3{;h~Xk2y}pY*r19a~l4bb})dq!rj{u2}Fun*vA3 zCXi1TvVp{nTV|%>fer=wBTJW!n5G+QR5g|p$w*8AC8|J=S}c?+=|W{So!>Uy0H7!^ zB#jsJ#LV=}v=I-I*40WIBCY#SpyZ;ePm%)nRoj84Myop@MZ54v3THIjcx^8ZEl2Yl za$1YliB+H!QhJ0O1}DPdFa`5szBVUg&ZtX)J{wk}Pm!%p*mAuHc4IrqHiCtWE+y1O zBNz(TOG+j^O-&p*_bM=8N91i7iHMe@#eE8lkY+KF(jv=-u4ysDvGhn2gIY()Lw{rV znUHgb15HgFVU9MKgeIq)UXC?2ad;WDx<}QbO*(r!)Jn^}9kzOFudVg=xL8KfoK8nt zY1!!s;gr_aoQ^8ct1cwxwG_7&H|qpwTnE-y?e;Y}ilBoZt55aO+H6UQ<^N~g*Ao(9RI6`v`#b~PGC`~mS$5$^HdJy%TGUC`?R;T9F(8PrqD}Z$Xq1w>Z zc`dFP_I4XJSo!XFBBtT7uBNUfSL~nKvh~wvA64o~%6)Kf@CSyhp}8o{z)68{pa`8p zgg4j%Uke#ifm8nI+P$u@)Bfna4LUC73c1Q91>AnR#5&Ba?R373ZL3~(@~)a4TT{TZ zUYyGn(s>2C{MVzpj{nDSOz2*X+6uCj5Po#DKi1@#Y-YC6WD3x}t2K(y)4{`yq00G6W~G!fcg&S^w#Knr-W{`)ySdM_ldW~??Px=S5iJt43-^un ze35S@yimXMD4t(&G;g@@apJALZ+ZZJ082y9mVVoJZ3NKbCwr~pg701MBmCS(@1b@) z{XFOrT=X`fR}TsoxPj!|sxo!}BhU$6{ME&lJ_6kW^bqJ3ppU>20s09H2ym3ZF#!e% z3<)qy;J5%I1WpJrO5mgbrwE)D;0%HL1h}8TSpgm(a87{p1RfONAp(8@#t1wtz#{}6 z72q)fj|&hWa6y0|fsg>>1SSNSBrqkwG=Z=HGX$OxV3xo|0iGmqNr0yaJS_mXG9m!C zGAaPKQWbz(854k8sR_WXoD+asd07B%<-7pg$^`+qmCp#kty~mUiD6Zd?2(9$?C#)LhM9q7hP5_t zcin#A_xE|wZoYC{&cJF^z8*(uCZen-MiZ$6U<{Q!o4@sWr@UHKX2V*SeBnBVw5s$SSRfKqxX~*<$r1zSYs%4x`Fqm{+fO@ukZQ1 zO)Zg4X0y|CTFpkV@3;q#!PW$jDd6z~$Coi_eWT=7}-^hW1MjjN;>zTllc|>i% zdGewXQJxjfl8NzH!&5xh)pA_|*+-ht)B>svqCjB zOiCeW1=mOct0*yz&TUdRa34E(1d9fzvaVy}qRfpPU@FFD4!B7QL@%R44dWInb9n-9 LLBzs!rX@BF!RZ-&>L<>s-xhp(%gGj$?t<5DB{`qhumyzhQEe|kSh70kDtXS(_5J|YWstrA diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/math/javacard/math.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/math/javacard/math.exp deleted file mode 100644 index af2f608c931da886a746ffe29acf78ff7bc25e44..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 844 zcmZ`%*>2N76g}5*VmoP|ffl!{r7VqEln*FE!iB02Ekz_$s63!aGNdkE!gySgzu|lM z2tI@txZ{wrh&)(l=C0?QF}{EOR(oyHIe<}xh+Z1e==s>99r1L?EM1IcH#|{rU>F~TaI*J`M2+RNWI%qPX-NV-h z&wB4m1{4ySJ6W1*k?JE67qS9?epl_icxxgS!ESer_Ih4wkCGxGxFzM##BJjcdmx7F zgqs(At;B!>Zc@ZL8pl(DH^`E)P_ma1wr0xyuOS+}ERw!d+X2&?@8F}Ov(j_s%r9V$ z`!XHr6GJXE{#KP_dW6lz{>*1PxWjDA>e+^4qhfL6E1@Di4I}Mfi?Ft60UI2E+%N1| z-*VYD@B9&(z(bHzra*W=c*NGWu*8=OT#p(%&%o|`u)u$w2OHH2Lk(4%!GUW^Jk+_S zg}bvx>j&0x5zBmQal3^}CUE(WzzTS`8NK>z^n3~jufVq$*5Fqd*5TU>SK(I~uEDP{ mT*nQkgqtqIE%+Y825#3GHbD)G_qO?5ieO3SBJSb-eA7?nOs}^9 diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/nio/javacard/nio.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/nio/javacard/nio.exp deleted file mode 100644 index 667743fde8957190f3d4d736d095b7a0ee6aa148..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2219 zcmb_dYg-dX6n-b0WS2`Y2$YM80z!7Z1$%F?DiO46si}hfP(Sz#%LdkNcGFE_^xyRN z^hflE^i$uNm=M&g`CuNBch1b5bKY~A1OEHxUn7I30(t+hwhWsBbN1dV`C67k86B6a zhp&9EwdMRFV0p43y`c40z_1;c8;!Ubw1PMiShHP6Yk4v`dQ+|?vhH`{ z$)jo%lBvZT+esq1%*ig!zVmt}K!FK;T&>lbJ}Fv3b0`dTKcywzhC}rCy}h=HTy-y zO>37y9h;X^nq=^5E>6f;U_Gs?s8Chc*o|(t&p%qx{7cT^3F)b~%~MDe$seKix> zy^WH+KXUe5rAxn~YUJtHjp#K`e|n*~Gnce6YHJnM?C8#kZZQNlKG8b;RyK8^)pS@L z`ilCMFtNj_RB<1@+fd6Htk%eJs z$Ylw67OJi&xz62@RzgmGA7gb5hqgh>=8XnG2TNy0f43WOr2rwHd^oFmMjP$bO4 znilkXk-iqNj4N1GTr!HwB9?lTG8C_-UomKHmx>FFh@TrEwRLPT1t`JJXmEP=$no=q zNMkBQQdA*Q8VHe_DnxEx!}aqTZp;vhxH-$STPV*FHestWY{Ho*+{Tv+8k|K9_7X$e z#8(#xxAFBwEq!xIOW!UNzQgyI2|wV+D_YuG(bAn&!cQ>P2zRk@RZI8QwRC@ju#HNI n@BkH?FpG+#%KVs4*$^zjA|B#Vw-P_A1rO98TO>!^ORvZOc)=X~ diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/string/javacard/string.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/string/javacard/string.exp deleted file mode 100644 index 47df6293300897796d9c446ddabafe9115a89013..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1562 zcmZ`(>3Z8l6g}f5vXVHBv#^x4KwGD!m=xN&w1irY5)6v%T6Vhq(5EQlM6IJS(q!Rn zcpe^t2jLIgnOL@1`a|E*oO9=Hb7%19?|-Qddn~E_QD&1bE zJ3U^{ey&gK3Byt#4tZCEk!%X8flj6R%5q)R;)SWyAbvsfE{RIJGSw_T6ftL55yK&! ziS=tUbx7xFUT)G`j6j@>ePy~>eW_xkaf~oJi38sZ^j5IHAJM)D){QhK{cc7b&5HTSAPuPop)dod(XRrj=H-iF+(! z*@`4T;xR+1`YM%|wd{!KXsS+9xon~ti0F*RvM(~_SvtvyvJ(r+t{5Ei;0@J57cQ2` zvrrzZMx`~o>K2rEbU0DWby@lH<^Dl8HNAMNySs#TGXo_$^=hvdr7Yv)B;#& hE)#6St`O|NULn}U)+)h|Xsr?agw{I2&v4Q%{tdMiQ9A$t diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/time/javacard/time.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/time/javacard/time.exp deleted file mode 100644 index 8621ad8f4bbb08ccf61e8222d1d993e14c4a7430..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1555 zcmb7E*-{fh6g@qYWD+2(qKF$V$OMpxD+q#QQKl*+Ru-z%2Wt}B5KLy`WCG-G{2o8T z5Aj9sosh~XQihi~-KTHgd+ySMpWlC|3Jig$k=@_P7^#o+Eu{rSfw-h?wOrG3_sx1+ zssMz*NYAj8HHyqB0-?>CRdcrl0(v2~FQB;xj(u#nbRxgD&3a22 zd?+jKM(n*nq$=IKG+VYMpz1M-8fo>JMZQxpolht6&yLxU$F}n&?$#PIo-$ooq(%Cq zBAaf_wls_ijQ<@&!??gypDnU5vs{-NCjU6_`MD%8+rN=-TO81Lepz6lr^_cRNixqG z&rl88B(Na`7P~e0XFi-us_mGZ$_CePt{37=>V-~=tuI6 z3WdSVqZDaRHf*O;>@+DBwLT#*RBL5rm1=O*rD#4>vrN+y(+790TCz$xI+Esyrm12# znx-R*_C@MX1r6$y4`ZWdwMoL;ftxpQ&6YUCz}A6gopq>QS}Xbos`mwMYp$K>xRM-% zPp?vL+y!Pc(yF=#-RDd6{JEp&pHdAw0yF2CMg@`(;cqmLWhG3r6=6&7`A2~?gytRb zA7!%VqyL!5pQQE2pLCUAq+6XbM0?cWjtWfD~PKE53$PGKEi5{;4xN11W)i( l^Wa&S;5pVJ9;^=$yujM92kRpQ8`z8zyu{Wh!8Trv{RT@Tc%=XU diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/tlv/javacard/tlv.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/tlv/javacard/tlv.exp deleted file mode 100644 index 142d99239bca25a75d3f5f29375159e87456d0c8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 3084 zcmb_eYg-#t5T29UX2ZQLZJ`&n+>&Yy7cDBax(N%c-E3lZiG`|h2}=kK2~8H-`fL0> z{s@1FU-X?#0tY34&to27Ht)`vnRn(r=Rkk{{zo`OZ9%bTwMNZ`k`J>O`w zeYa8Z1kEO2Wo$cT9=IoN#cl1rOYgPZL+@>~^*Zg>PtqB^=$NGyL4zk=tG4%kt=T$s zeL+fR-8RA_p5s;psSM#KW#bv3={2hUJ{%ZlFy_5EcI&8UJQ?Im*WE@no!>d|D*j3e zp%lNFdGCAhc$B=nB)5u^zz0zy?b@#(5@C|3bpd~PIVFW|2pVM{xeSGF3Azu`Wk*{t zXHCtv%Q?+{QQowSl3uhmQ;^6A8p<|<7WyT(e(Z$_A7s2>omMEAMpko-yv1HZ(9{K9 z*}UcGFP*Yo(6h#xk!9DApvend3q_-(IXZiU1>Nm=I9mn1j4-xS+{`-qD#}DdZ=ZXO zr8&a^4?#1*OfH>z&|)=dZ}(=}nIp)nzFW194|lv48c}Npt!N!rd~dfmY^09EDO-2j z7$)X~Rrm{dsx$h2QbSVq>ZF2LFCC&=Rp?VpK54VAWA4$B*FXu8y&9W18_RnKQ6vJf zc2#KguRvmg#zE98mv#vIf(5wvUjm|tU@u(Jhi>TDu2=VbsC&A94z3jLLDbCUZrt6g z7zwIe8RV)M*Evs8{kG>nhG3QydL}5E#2JDqUw0X6;~PQ4IER8Qn%~=Ndyv9V_mJv| zdZ444z^5ye-iYS=_o2|L9oGEXiPx1$Z^>ZGJF2@CuNyAj%PwfHAKi1InC!-Notffy zU}RV&%`{fa1+A#%u#x{1ls^<#M79VM6&t{2_kOp9W5HlBOH$E?$kYnuqUM#(h6LJlV>Z6#|^)B=t=Ku z(s-r2HjBIW-_EZE-RV>4kf1{n@!!zholqQCfqI&Ch^R?I310DybE6mHEFWCn#Jeu= zXoTp9S_;eICN8pZ1f>C}0|swZ3K9O5Q1Lw)hKZ39fr;Z6&Iv-pAvsb*Ffkem!^CMg z0y9FxQN$djv6z5O148WBUo=6t=?=c#MTQVfFfb_r_ZYY@0S_2>C;=ZZ@F9J48Y5Wp zNCGC1R%S583)0*wjnxl`S_?Du_ zF_;8>q68$L#6vVjUxUy%+K3Md5HR!H!Ua;efJIWcfF=4&O47G?SkAo*%;!pAp2lGo zXjz5%g1$_^EYep4FiW&D7)Al#1_h+KfJCPN6mdGIYZAhOQF_9;M(MfAvoy|l4NJT< zo;x=-!@RPzD&@KsFP(X1X^eBN(HQeuCp8fTlNbL#6Yk|MMKPg0+NT4mL+C6elX7^| zkz*hwO9BG*N&c Vl--rsFElST-=$$z?heg|{{|ULpCJGM diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/intx/javacard/intx.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/intx/javacard/intx.exp deleted file mode 100644 index 3900865729eda201615cbe1dcbff6a02144dc02b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 444 zcmaKmJ5s|y5JY<<>jxMxU?>720;EU>aD<3NQAMy60g6^;F|uV*tmO~4;XE9IgAg$* zWN^eLz18!&XYlp$XW)<1jNC9wewdS!yNo zQVp80t6t}_obj5lq2p3kqxd!-t6@Ee9th{_j@3rVye`VPsOnXGeZ}IT%V!vHGwxxJ zaQ1JUV?Cna9YAjRM1Gu9O0ON9(KV8aVtFFl!d28 ZEQ`fP$7XThb`UV&J1haVn8G%8=o>VXXwCot diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/javacard/util.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/framework/util/javacard/util.exp deleted file mode 100644 index 35523adf2dae1018042fb0cc2c0f99f6c822f880..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 913 zcmZ`%?NZZF6x@>((yHaFQVD*bqR`-vK7fuhp+@XXP^T%KQGYPE;aUS}Qqx<3xAA#= z2p_~hdcx2q*7)np?C#mKcN6^j@l)6EjIb<{L|nGw(Pc-DgnvfZYq+Q4n`nk28Z_Va zPo=M(dtL!%d4!F*^|x_kt9Tgrgq17mbr6OJGLlIOne$LiUb}W0jzl778--yCvUt{h zb}>4c?VCl9`Lyq)*%#&4i3rDp^#YOgk+7Zi;EUwsqWL)yLwO!2XU&NU!ls>;=Ej4- zH*k{=&lhH(N~pG7*Ez7=Lw!l&^R^;X22ypT7{?JoZ=`Rjj5B2Czp;-vyK~{okqY9- zz+FNuOWsZ0ML(1V?*B#PHns?x*+yp)sbDB`{3F8d^m?wd7I*lsc$cWp=g-?1GFdDs69V>X98}iB-Oquwq9;1A7{(ov!&(Z|a=>j~V0In# T)Z`B8Q#S@TVDf2fqOSh||4`_C diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/cert/javacard/cert.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/cert/javacard/cert.exp deleted file mode 100644 index 4312b4d4b7b4b8329b234ba970d7a10dd30bd14b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2833 zcmbtV+j<&R6keM{2HK)Y)7aLiNo};CwN!0wYucIthGZH7$PAc+aU5Wh5-CI&+T>2( z#OLuLe30JgzZe)cXd>U2i)1tZ`q$cfo$2kLe+2_{BuF`QT=VqU5fqFk3_(}$UF=nx zjoPMjDrhO5$Q{|Q?V8=GC%aCq*J-$?NuRJPXy&!kX&ivM96y(t*cEhpXzFBStLAjv zWE%e(2aTHTIttAQnq^|LX}1oOh3b)0a}|mRdNhT4(e8Ae&Wd+z*sXfg=_qtbP`KUd zdvq(FGXBq}2h(2!oBl2D2)f*EX(z7J>NeUfL6P`gYIiTiu0KA@{B;L_*N@5!uj6x|*}{<*k%fVsT(xtgq))vs}_FHMh><5b`+E)(xZVsUef|BRpR) zEj4R;qFF)L#ziSDTPSI4Zh7qGMmhCDOPefM6LfQ=R4k`*dfM95b}T)gEimD?F{|D~ ztg@bg44%`%NO@p&APkIzX{}`HSv{?q8V3%VAqbZ|O<8D6L?Hs&;yE-}ng!(&+OFbs z24#bfLAt|nBe9qA+S0EKudobH5(C+nbOk*dwc%u!O;(1lHmHu(L`Be@DGOC0H2Mhj zwW5jQWSy{}_b22-6G${OFf?YKHd+n$xu6h&22T|CWvBf{cOh|p?b%HPXTb}OJXuz` zJEI6<$+5fKw9)S9_uaFCA$6>FQge=7^t(cEcb+vo`zBv+SDP4Vg)xDo@jV$H`j$vjP)2olq;MJ)v#+AQc>>B@lqYX3KR@1&AddyqIb9?P# z@8Lq+znF>hT|)IHrl?Xcr3(FwnSBO5Ca6jx@&~%98VFJ)QE8JDwu&$Tueb;8@zdN1SlB55uz{&a4ruy z*gW`rmp>WhDGu5dict{w`~*Hra})x8eFDEm3ls+a)Wa2u{Y^LN2L8~KFdCpm20oC0 z4;lDK0+tw9mVjFfd@KRC8Ca2kPZ;=A0`4#nmw*HVpGm;y4BVA~FBrHd0Z9h#OTd>5 zd?f*2BgFp|*&x6NBtkeI(l=ookLd9Xjwkdj%^(zcL_bPJDv?PQ%vm=4OfuXL(sK#u z2kAQrSYs7c0{T%)NkEzz841vEDele^7D|*hXq~@wdco^@lLRm39IXcxywk>SRE}U1 iKS(AP@p=fhX=kVl@-FRhMeWj$?DszX#D4FS75)c>;>nu; diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/derivation/javacard/derivation.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/derivation/javacard/derivation.exp deleted file mode 100644 index 5c740cff8f9e1955d2e7ce12e00acf400cd73144..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2265 zcmb7E+jiSj5S=4gmYw1@DGfA0?-yjCxNaacq%E~AyK!U3#tL0s?St2ee3G~*Qjm|j zn!n+D_y|6Pmv%<7F2Nx#d6{_6?0x1c_~);`RRt^tpX>`+bM`%dEDsJDs7ATYpopL) zY+pzQIivgT+2hJc z_~W-+jy<=sWwvVWWc+e{ZPhvwwhlUjMWR$3?(SE5yKjUobtp10Vxd$g$+ORWeki2y zBaL$mt{LUdEFr34OB`=7SiywbF6L`;$?Iaz^F_l8Tohq&IqR$KA(prn(KY=M7kWQ_ z=s!!G61v_VqcjZWTY@N}+-=>@xv=#P(tGj>HAlL}jyie6%%QQ|KcROhO-gc$8| z`}dUoIRibco5o51S=_;Sm*+}t9&$S>>q`a;X@5Ru_-&heU0;qO{?%x&l5tKxNLZ@}G=ci0MCo0c-l?O`9}uW9Sc+xZ&1Q2*C6gncbu?T*ieW~rYh?+}$ZDsnEToKv2gaz2}R zE{D{wQtHX)!m?JP=e|g&pdsg4%27|G7;>(F3VDpWd1lmgjM6dcP8y|n(H_ z&^{wKp6Yv8fxGZE{xY!h3X}=>CIfs+z;_wo9s%EHfC>TkGeDJq2N__MfFClzj|8k` zfS(9>m;u(INc-?J;Bpt?5j@7VfG6+^)$kN*G;RD|(Q4G8K_jb!Nz-mZBOe-5FTxUZ nu%rbn7XMIh1va4_3!xqfp&=nOBorD`LqkHLF?BT0VWaQ?LEZ^4 diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/javacard/security.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/javacard/security.exp deleted file mode 100644 index 30b3ed6eae5e8f897e6f7d6e10db414970c2e70c..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 433 zcmaKoO-{ow5QX2w`E8rh@^=7MVU+{01~wHSTCwQP4WrU3N`>uIa2w9UAvg%DPGl$& zNNoH(pXWV|2cPdBD!?gWpsi)&E}vUnTf#{(S?jGXYuzl%+r^qIcX9qe==rvpX_=sk z4)r~{5}&Z4uWop$-D>*-?lyMi!B@nb&4v&b(=KD|UDt-SV>5fw%|2bw(JNo z|2O2EaMq1pY4i9}TCQ5NaSv9zNPWFjOc1dv^42%(fn1Qm+JP?1Oi6^j6AB9b9Z<>(>p?tLgp IzyLYz0N>?h00000 diff --git a/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/util/javacard/util.exp b/Applet/AndroidSEProvider/api_export_files_3.1.0/javacardx/security/util/javacard/util.exp deleted file mode 100644 index 7f443343be09ea219bd4775e858591d709dea16b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 503 zcma)%O-{m46ot=if!BgnP*HIO?LfN#W_4sDaZutwN00hKO3Ev?uZFT3*W)5wh$C-H zVw{*T`f|?wI~U)dU$%v7!eFV)y)KQ^i6Y$kaTGkPaa3t7S3{= zn_Q>KU0!LUiYcL|-YS`ugt6a_g_+dL@NuzHiJ1n^1dsR6)H*NfdA;EawjV?U!ET)H z_Btjwr7}-4tJo0!OBBZen>IJ`g+@1Wkm{sRYo$$86FPotx=Fs?$U@C?!p%OyLCKqi z?mqiWZrfNK)<5)ffm6b;>Hhn$z&YXapB*0I0_1!ESXf<~&;O2lz!gZeCGZBqgn$vw tSd6(JePF_1lVE{o`G0gRMi0VfIB+|RJ_cRJ5xgGb7_Mk>;xL97xj)^TdZhpW diff --git a/Applet/AndroidSEProvider/build.xml b/Applet/AndroidSEProvider/build.xml deleted file mode 100644 index 137c169a..00000000 --- a/Applet/AndroidSEProvider/build.xml +++ /dev/null @@ -1,81 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java deleted file mode 100644 index befab92f..00000000 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEApplet.java +++ /dev/null @@ -1,205 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import org.globalplatform.upgrade.Element; -import org.globalplatform.upgrade.OnUpgradeListener; -import org.globalplatform.upgrade.UpgradeManager; - -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.Util; - -public class KMAndroidSEApplet extends KMKeymasterApplet implements OnUpgradeListener { - - KMAndroidSEApplet() { - super(new KMAndroidSEProvider()); - } - - /** - * Installs this applet. - * - * @param bArray the array containing installation parameters - * @param bOffset the starting offset in bArray - * @param bLength the length in bytes of the parameter data in bArray - */ - public static void install(byte[] bArray, short bOffset, byte bLength) { - new KMAndroidSEApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]); - } - - @Override - public void onCleanup() { - } - - @Override - public void onConsolidate() { - } - - @Override - public void onRestore(Element element) { - element.initRead(); - byte firstByte = element.readByte(); - short packageVersion_ = 0; - byte provisionStatus_ = firstByte; - if (firstByte == KMKeymasterApplet.KM_MAGIC_NUMBER) { - packageVersion_ = element.readShort(); - provisionStatus_ = element.readByte(); - } - if (0 != packageVersion_ && !isUpgradeAllowed(packageVersion_)) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - packageVersion = packageVersion_; - provisionStatus = provisionStatus_; - keymasterState = element.readByte(); - repository.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION); - seProvider.onRestore(element, packageVersion, CURRENT_PACKAGE_VERSION); - handleDataUpgradeToVersion2_0(); - } - - @Override - public Element onSave() { - // SEProvider count - short primitiveCount = seProvider.getBackupPrimitiveByteCount(); - short objectCount = seProvider.getBackupObjectCount(); - //Repository count - primitiveCount += repository.getBackupPrimitiveByteCount(); - objectCount += repository.getBackupObjectCount(); - //KMKeymasterApplet count - primitiveCount += computePrimitveDataSize(); - objectCount += computeObjectCount(); - - // Create element. - Element element = UpgradeManager.createElement(Element.TYPE_SIMPLE, - primitiveCount, objectCount); - element.write(KM_MAGIC_NUMBER); - element.write(packageVersion); - element.write(provisionStatus); - element.write(keymasterState); - repository.onSave(element); - seProvider.onSave(element); - return element; - } - - private short computePrimitveDataSize() { - // provisionStatus + keymasterState + magic byte + version - return (short) 5; - } - - private short computeObjectCount() { - return (short) 0; - } - - public boolean isUpgradeAllowed(short version) { - boolean upgradeAllowed = false; - short oldMajorVersion = (short) ((version >> 8) & 0x00FF); - short oldMinorVersion = (short) (version & 0x00FF); - short currentMajorVersion = (short) (CURRENT_PACKAGE_VERSION >> 8 & 0x00FF); - short currentMinorVersion = (short) (CURRENT_PACKAGE_VERSION & 0x00FF); - // Downgrade of the Applet is not allowed. - // Upgrade is not allowed to a next version which is not immediate. - if ((short) (currentMajorVersion - oldMajorVersion) == 1) { - if (currentMinorVersion == 0) { - upgradeAllowed = true; - } - } else if ((short) (currentMajorVersion - oldMajorVersion) == 0) { - if ((short) (currentMinorVersion - oldMinorVersion) == 1) { - upgradeAllowed = true; - } - } - return upgradeAllowed; - } - - public void handleDataUpgradeToVersion2_0() { - - if (packageVersion != 0) { - // No Data upgrade required. - return; - } - byte status = provisionStatus; - // In the current version of the applet set boot parameters is removed from - // provision status so readjust the provision locked flag. - // 0x40 is provision locked flag in the older applet. - // Unset the 5th bit. setboot parameters flag. - status = (byte) (status & 0xDF); - // Readjust the lock provisioned status flag. - if ((status & 0x40) == 0x40) { - // 0x40 to 0x20 - // Unset 6th bit - status = (byte) (status & 0xBF); - // set the 5th bit - status = (byte) (status | 0x20); - } - provisionStatus = status; - packageVersion = CURRENT_PACKAGE_VERSION; - - short certExpiryLen = 0; - short issuerLen = 0; - short certExpiry = repository.getCertExpiryTime(); - if (certExpiry != KMType.INVALID_VALUE) { - certExpiryLen = KMByteBlob.cast(certExpiry).length(); - } - short issuer = repository.getIssuer(); - if (issuer != KMType.INVALID_VALUE) { - issuerLen = KMByteBlob.cast(issuer).length(); - } - short certChainLen = seProvider.getProvisionedDataLength(KMSEProvider.CERTIFICATE_CHAIN); - short offset = repository.allocReclaimableMemory((short) (certExpiryLen + issuerLen + certChainLen)); - // Get the start offset of the certificate chain. - short certChaionOff = - decoder.getCborBytesStartOffset( - repository.getHeap(), - offset, - seProvider.readProvisionedData(KMSEProvider.CERTIFICATE_CHAIN, repository.getHeap(), offset)); - certChainLen -= (short) (certChaionOff - offset); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(issuer).getBuffer(), - KMByteBlob.cast(issuer).getStartOff(), - repository.getHeap(), - (short) (certChaionOff + certChainLen), - issuerLen); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(certExpiry).getBuffer(), - KMByteBlob.cast(certExpiry).getStartOff(), - repository.getHeap(), - (short) (certChaionOff + certChainLen + issuerLen), - certExpiryLen); - - seProvider.persistProvisionData( - repository.getHeap(), - certChaionOff, // cert chain offset - certChainLen, - (short) (certChaionOff + certChainLen), // issuer offset - issuerLen, - (short) (certChaionOff + certChainLen + issuerLen), // cert expiry offset - certExpiryLen); - - // Update computed HMAC key. - short blob = repository.getComputedHmacKey(); - if (blob != KMType.INVALID_VALUE) { - seProvider.createComputedHmacKey( - KMByteBlob.cast(blob).getBuffer(), - KMByteBlob.cast(blob).getStartOff(), - KMByteBlob.cast(blob).length() - ); - } else { - // Initialize the Key object. - Util.arrayFillNonAtomic(repository.getHeap(), offset, (short) 32, (byte) 0); - seProvider.createComputedHmacKey(repository.getHeap(), offset,(short) 32); - } - repository.reclaimMemory((short) (certExpiryLen + issuerLen + certChainLen)); - } -} - diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java deleted file mode 100644 index 7e5eb5cc..00000000 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ /dev/null @@ -1,909 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import com.android.javacard.keymaster.KMAESKey; -import com.android.javacard.keymaster.KMByteBlob; -import com.android.javacard.keymaster.KMECPrivateKey; -import com.android.javacard.keymaster.KMMasterKey; - -import javacard.framework.JCSystem; -import javacard.framework.Util; -import javacard.security.AESKey; - -// The class encodes strongbox generated amd signed attestation certificate. This only encodes -// required fields of the certificates. It is not meant to be generic X509 cert encoder. -// Whatever fields that are fixed are added as byte arrays. The Extensions are encoded as per -// the values. -// The certificate is assembled with leafs first and then the sequences. - -public class KMAttestationCertImpl implements KMAttestationCert { - - private static final byte MAX_PARAMS = 30; - // DER encoded object identifiers required by the cert. - // rsaEncryption - 1.2.840.113549.1.1.1 - private static final byte[] rsaEncryption = { - 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01 - }; - // ecPublicKey - 1.2.840.10045.2.1 - private static final byte[] eccPubKey = { - 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x02, 0x01 - }; - // prime256v1 curve - 1.2.840.10045.3.1.7 - private static final byte[] prime256v1 = { - 0x06, 0x08, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x03, 0x01, 0x07 - }; - // Key Usage Extn - 2.5.29.15 - private static final byte[] keyUsageExtn = {0x06, 0x03, 0x55, 0x1D, 0x0F}; - // Android Extn - 1.3.6.1.4.1.11129.2.1.17 - private static final byte[] androidExtn = { - 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 - }; - - private static final short ECDSA_MAX_SIG_LEN = 72; - //Signature algorithm identifier - always ecdsaWithSha256 - 1.2.840.10045.4.3.2 - //SEQUENCE of alg OBJ ID and parameters = NULL. - private static final byte[] X509SignAlgIdentifier = { - 0x30, - 0x0A, - 0x06, - 0x08, - 0x2A, - (byte) 0x86, - 0x48, - (byte) 0xCE, - (byte) 0x3D, - 0x04, - 0x03, - 0x02 - }; - - // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension. - private static final short[] swTagIds = { - KMType.ATTESTATION_APPLICATION_ID, - KMType.CREATION_DATETIME, - KMType.USAGE_EXPIRE_DATETIME, - KMType.ORIGINATION_EXPIRE_DATETIME, - KMType.ACTIVE_DATETIME, - KMType.UNLOCKED_DEVICE_REQUIRED - }; - - // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension. - private static final short[] hwTagIds = { - KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, - KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER, - KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI, - KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT, - KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND, - KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, - KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, - KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID, - KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH, - KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE, - KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE}; - - // Validity is not fixed field - // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys - private static final byte[] X509Subject = { - 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, - 0x64, - 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, - 0x65, - 0x79 - }; - - private static final byte keyUsageSign = (byte) 0x80; // 0 bit - private static final byte keyUsageKeyEncipher = (byte) 0x20; // 2nd- bit - private static final byte keyUsageDataEncipher = (byte) 0x10; // 3rd- bit - - private static final byte KEYMASTER_VERSION = 41; - private static final byte ATTESTATION_VERSION = 4; - private static final byte[] pubExponent = {0x01, 0x00, 0x01}; - private static final byte SERIAL_NUM = (byte) 0x01; - private static final byte X509_VERSION = (byte) 0x02; - - private static short certStart; - private static short signatureOffset; - private static short tbsOffset; - private static short tbsLength; - - private static short stackPtr; - private static byte[] stack; - private static short start; - private static short length; - // private static KMRepository repo; - private static short uniqueId; - private static short attChallenge; - private static short notBefore; - private static short notAfter; - private static short pubKey; - private static short[] swParams; - private static short swParamsIndex; - private static short[] hwParams; - private static short hwParamsIndex; - private static byte keyUsage; - private static byte unusedBits; - private static KMAttestationCert inst; - private static boolean rsaCert; - private static byte deviceLocked; - private static short verifiedBootKey; - private static byte verifiedState; - private static short verifiedHash; - private static short issuer; - private static short signPriv; - - private KMAttestationCertImpl() { - } - - public static KMAttestationCert instance(boolean rsaCert) { - if (inst == null) { - inst = new KMAttestationCertImpl(); - } - init(); - KMAttestationCertImpl.rsaCert = rsaCert; - return inst; - } - - private static void init() { - stack = null; - stackPtr = 0; - certStart = 0; - signatureOffset = 0; - start = 0; - length = 0; - tbsLength = 0; - if (swParams == null) { - swParams = JCSystem.makeTransientShortArray((short) MAX_PARAMS, JCSystem.CLEAR_ON_RESET); - } - if (hwParams == null) { - hwParams = JCSystem.makeTransientShortArray((short) MAX_PARAMS, JCSystem.CLEAR_ON_RESET); - } - - swParamsIndex = 0; - hwParamsIndex = 0; - keyUsage = 0; - unusedBits = 8; - attChallenge = 0; - notBefore = 0; - notAfter = 0; - pubKey = 0; - uniqueId = 0; - verifiedBootKey = 0; - verifiedHash = 0; - verifiedState = 0; - rsaCert = true; - deviceLocked = 0; - signPriv = 0; - } - - @Override - public KMAttestationCert verifiedBootHash(short obj) { - if (obj == KMType.INVALID_VALUE) - KMException.throwIt(KMError.INVALID_DATA); - verifiedHash = obj; - return this; - } - - @Override - public KMAttestationCert verifiedBootKey(short obj) { - if (obj == KMType.INVALID_VALUE) - KMException.throwIt(KMError.INVALID_DATA); - verifiedBootKey = obj; - return this; - } - - @Override - public KMAttestationCert verifiedBootState(byte val) { - verifiedState = val; - return this; - } - - private KMAttestationCert uniqueId(short obj) { - uniqueId = obj; - return this; - } - - @Override - public KMAttestationCert notBefore(short obj, byte[] scratchpad) { - // convert milliseconds to UTC date - notBefore = KMUtils.convertToDate(obj, scratchpad, true); - return this; - } - - @Override - public KMAttestationCert notAfter(short usageExpiryTimeObj, - short certExpirtyTimeObj, byte[] scratchPad, short tmpVar) { - if (usageExpiryTimeObj != KMType.INVALID_VALUE) { - // compare if the expiry time is greater then 2051 then use generalized - // time format else use utc time format. - usageExpiryTimeObj = KMIntegerTag.cast(usageExpiryTimeObj).getValue(); - tmpVar = KMInteger.uint_64(KMUtils.firstJan2051, (short) 0); - if (KMInteger.compare(usageExpiryTimeObj, tmpVar) >= 0) { - usageExpiryTimeObj = KMUtils.convertToDate(usageExpiryTimeObj, scratchPad, - false); - } else { - usageExpiryTimeObj = KMUtils - .convertToDate(usageExpiryTimeObj, scratchPad, true); - } - notAfter = usageExpiryTimeObj; - } else { - notAfter = certExpirtyTimeObj; - } - return this; - } - - @Override - public KMAttestationCert deviceLocked(boolean val) { - if (val) { - deviceLocked = (byte) 0xFF; - } else { - deviceLocked = 0; - } - return this; - } - - @Override - public KMAttestationCert publicKey(short obj) { - pubKey = obj; - return this; - } - - @Override - public KMAttestationCert attestationChallenge(short obj) { - attChallenge = obj; - return this; - } - - @Override - public KMAttestationCert extensionTag(short tag, boolean hwEnforced) { - if (hwEnforced) { - hwParams[hwParamsIndex] = tag; - hwParamsIndex++; - } else { - swParams[swParamsIndex] = tag; - swParamsIndex++; - } - if (KMTag.getKey(tag) == KMType.PURPOSE) { - createKeyUsage(tag); - } - return this; - } - - @Override - public KMAttestationCert issuer(short obj) { - if (obj == KMType.INVALID_VALUE) - KMException.throwIt(KMError.INVALID_DATA); - issuer = obj; - return this; - } - - private void createKeyUsage(short tag) { - short len = KMEnumArrayTag.cast(tag).length(); - byte index = 0; - while (index < len) { - if (KMEnumArrayTag.cast(tag).get(index) == KMType.SIGN) { - keyUsage = (byte) (keyUsage | keyUsageSign); - } else if (KMEnumArrayTag.cast(tag).get(index) == KMType.WRAP_KEY) { - keyUsage = (byte) (keyUsage | keyUsageKeyEncipher); - } else if (KMEnumArrayTag.cast(tag).get(index) == KMType.DECRYPT) { - keyUsage = (byte) (keyUsage | keyUsageDataEncipher); - } - index++; - } - index = keyUsage; - while (index != 0) { - index = (byte) (index << 1); - unusedBits--; - } - } - - private static void pushTbsCert(boolean rsaCert) { - short last = stackPtr; - pushExtensions(); - // subject public key info - if (rsaCert) { - pushRsaSubjectKeyInfo(); - } else { - pushEccSubjectKeyInfo(); - } - // subject - pushBytes(X509Subject, (short) 0, (short) X509Subject.length); - pushValidity(); - // issuer - der encoded - pushBytes( - KMByteBlob.cast(issuer).getBuffer(), - KMByteBlob.cast(issuer).getStartOff(), - KMByteBlob.cast(issuer).length()); - // Algorithm Id - pushAlgorithmId(X509SignAlgIdentifier); - // Serial Number - pushByte(SERIAL_NUM); - pushIntegerHeader((short) 1); - // Version - pushByte(X509_VERSION); - pushIntegerHeader((short) 1); - pushByte((byte) 0x03); - pushByte((byte) 0xA0); - // Finally sequence header. - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushExtensions() { - short last = stackPtr; - if (keyUsage != 0) { - pushKeyUsage(keyUsage, unusedBits); - } - pushKeyDescription(); - pushSequenceHeader((short) (last - stackPtr)); - // Extensions have explicit tag of [3] - pushLength((short) (last - stackPtr)); - pushByte((byte) 0xA3); - } - - // Time SEQUENCE{UTCTime, UTC or Generalized Time) - private static void pushValidity() { - short last = stackPtr; - if (notAfter != KMType.INVALID_VALUE) { - pushBytes( - KMByteBlob.cast(notAfter).getBuffer(), - KMByteBlob.cast(notAfter).getStartOff(), - KMByteBlob.cast(notAfter).length()); - } else { - KMException.throwIt(KMError.INVALID_DATA); - } - pushTimeHeader(KMByteBlob.cast(notAfter).length()); - pushBytes( - KMByteBlob.cast(notBefore).getBuffer(), - KMByteBlob.cast(notBefore).getStartOff(), - KMByteBlob.cast(notBefore).length()); - pushTimeHeader(KMByteBlob.cast(notBefore).length()); - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushTimeHeader(short len) { - if (len == 13) { // UTC Time - pushLength((short) 0x0D); - pushByte((byte) 0x17); - } else if (len == 15) { // Generalized Time - pushLength((short) 0x0F); - pushByte((byte) 0x18); - } else { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - } - - // SEQUENCE{SEQUENCE{algId, NULL}, bitString{SEQUENCE{ modulus as positive integer, public - // exponent - // as positive integer} - private static void pushRsaSubjectKeyInfo() { - short last = stackPtr; - pushBytes(pubExponent, (short) 0, (short) pubExponent.length); - pushIntegerHeader((short) pubExponent.length); - pushBytes( - KMByteBlob.cast(pubKey).getBuffer(), - KMByteBlob.cast(pubKey).getStartOff(), - KMByteBlob.cast(pubKey).length()); - - // encode modulus as positive if the MSB is 1. - if (KMByteBlob.cast(pubKey).get((short) 0) < 0) { - pushByte((byte) 0x00); - pushIntegerHeader((short) (KMByteBlob.cast(pubKey).length() + 1)); - } else { - pushIntegerHeader(KMByteBlob.cast(pubKey).length()); - } - pushSequenceHeader((short) (last - stackPtr)); - pushBitStringHeader((byte) 0x00, (short) (last - stackPtr)); - pushRsaEncryption(); - pushSequenceHeader((short) (last - stackPtr)); - } - - // SEQUENCE{SEQUENCE{ecPubKey, prime256v1}, bitString{pubKey}} - private static void pushEccSubjectKeyInfo() { - short last = stackPtr; - pushBytes( - KMByteBlob.cast(pubKey).getBuffer(), - KMByteBlob.cast(pubKey).getStartOff(), - KMByteBlob.cast(pubKey).length()); - pushBitStringHeader((byte) 0x00, KMByteBlob.cast(pubKey).length()); - pushEcDsa(); - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushEcDsa() { - short last = stackPtr; - pushBytes(prime256v1, (short) 0, (short) prime256v1.length); - pushBytes(eccPubKey, (short) 0, (short) eccPubKey.length); - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushRsaEncryption() { - short last = stackPtr; - pushNullHeader(); - pushBytes(rsaEncryption, (short) 0, (short) rsaEncryption.length); - pushSequenceHeader((short) (last - stackPtr)); - } - - // KeyDescription ::= SEQUENCE { - // attestationVersion INTEGER, # Value 3 - // attestationSecurityLevel SecurityLevel, # See below - // keymasterVersion INTEGER, # Value 4 - // keymasterSecurityLevel SecurityLevel, # See below - // attestationChallenge OCTET_STRING, # Tag::ATTESTATION_CHALLENGE from attestParams - // uniqueId OCTET_STRING, # Empty unless key has Tag::INCLUDE_UNIQUE_ID - // softwareEnforced AuthorizationList, # See below - // hardwareEnforced AuthorizationList, # See below - // } - private static void pushKeyDescription() { - short last = stackPtr; - pushHWParams(); - pushSWParams(); - if (uniqueId != 0) { - pushOctetString( - KMByteBlob.cast(uniqueId).getBuffer(), - KMByteBlob.cast(uniqueId).getStartOff(), - KMByteBlob.cast(uniqueId).length()); - } else { - pushOctetStringHeader((short) 0); - } - pushOctetString( - KMByteBlob.cast(attChallenge).getBuffer(), - KMByteBlob.cast(attChallenge).getStartOff(), - KMByteBlob.cast(attChallenge).length()); - pushEnumerated(KMType.STRONGBOX); - pushByte(KEYMASTER_VERSION); - pushIntegerHeader((short) 1); - pushEnumerated(KMType.STRONGBOX); - pushByte(ATTESTATION_VERSION); - pushIntegerHeader((short) 1); - pushSequenceHeader((short) (last - stackPtr)); - pushOctetStringHeader((short) (last - stackPtr)); - pushBytes(androidExtn, (short) 0, (short) androidExtn.length); - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushSWParams() { - short last = stackPtr; - byte index = 0; - short length = (short) swTagIds.length; - do { - pushParams(swParams, swParamsIndex, swTagIds[index]); - } while (++index < length); - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushHWParams() { - short last = stackPtr; - byte index = 0; - short length = (short) hwTagIds.length; - do { - if (hwTagIds[index] == KMType.ROOT_OF_TRUST) { - pushRoT(); - continue; - } - if (pushParams(hwParams, hwParamsIndex, hwTagIds[index])) { - continue; - } - } while (++index < length); - pushSequenceHeader((short) (last - stackPtr)); - } - - private static boolean pushParams(short[] params, short len, short tagId) { - short index = 0; - while (index < len) { - if (tagId == KMTag.getKey(params[index])) { - pushTag(params[index]); - return true; - } - index++; - } - return false; - } - - private static void pushTag(short tag) { - short type = KMTag.getTagType(tag); - short tagId = KMTag.getKey(tag); - short val; - switch (type) { - case KMType.BYTES_TAG: - val = KMByteTag.cast(tag).getValue(); - pushBytesTag( - tagId, - KMByteBlob.cast(val).getBuffer(), - KMByteBlob.cast(val).getStartOff(), - KMByteBlob.cast(val).length()); - break; - case KMType.ENUM_TAG: - val = KMEnumTag.cast(tag).getValue(); - pushEnumTag(tagId, (byte) val); - break; - case KMType.ENUM_ARRAY_TAG: - val = KMEnumArrayTag.cast(tag).getValues(); - pushEnumArrayTag( - tagId, - KMByteBlob.cast(val).getBuffer(), - KMByteBlob.cast(val).getStartOff(), - KMByteBlob.cast(val).length()); - break; - case KMType.UINT_TAG: - case KMType.ULONG_TAG: - case KMType.DATE_TAG: - val = KMIntegerTag.cast(tag).getValue(); - pushIntegerTag( - tagId, - KMInteger.cast(val).getBuffer(), - KMInteger.cast(val).getStartOff(), - KMInteger.cast(val).length()); - break; - case KMType.UINT_ARRAY_TAG: - case KMType.ULONG_ARRAY_TAG: - // According to keymaster hal only one user secure id is used but this conflicts with - // tag type which is ULONG-REP. Currently this is encoded as SET OF INTEGERS - val = KMIntegerArrayTag.cast(tag).getValues(); - pushIntegerArrayTag(tagId, val); - break; - case KMType.BOOL_TAG: - val = KMBoolTag.cast(tag).getVal(); - pushBoolTag(tagId); - break; - default: - KMException.throwIt(KMError.INVALID_TAG); - break; - } - } - - // RootOfTrust ::= SEQUENCE { - // verifiedBootKey OCTET_STRING, - // deviceLocked BOOLEAN, - // verifiedBootState VerifiedBootState, - // verifiedBootHash OCTET_STRING, - // } - // VerifiedBootState ::= ENUMERATED { - // Verified (0), - // SelfSigned (1), - // Unverified (2), - // Failed (3), - // } - private static void pushRoT() { - short last = stackPtr; - // verified boot hash - pushOctetString( - KMByteBlob.cast(verifiedHash).getBuffer(), - KMByteBlob.cast(verifiedHash).getStartOff(), - KMByteBlob.cast(verifiedHash).length()); - - pushEnumerated(verifiedState); - - pushBoolean(deviceLocked); - // verified boot Key - pushOctetString( - KMByteBlob.cast(verifiedBootKey).getBuffer(), - KMByteBlob.cast(verifiedBootKey).getStartOff(), - KMByteBlob.cast(verifiedBootKey).length()); - - // Finally sequence header - pushSequenceHeader((short) (last - stackPtr)); - // ... and tag Id - pushTagIdHeader(KMType.ROOT_OF_TRUST, (short) (last - stackPtr)); - } - - private static void pushOctetString(byte[] buf, short start, short len) { - pushBytes(buf, start, len); - pushOctetStringHeader(len); - } - - private static void pushBoolean(byte val) { - pushByte(val); - pushBooleanHeader((short) 1); - } - - private static void pushBooleanHeader(short len) { - pushLength(len); - pushByte((byte) 0x01); - } - - // Only SET of INTEGERS supported are padding, digest, purpose and blockmode - // All of these are enum array tags i.e. byte long values - private static void pushEnumArrayTag(short tagId, byte[] buf, short start, short len) { - short last = stackPtr; - short index = 0; - while (index < len) { - pushByte(buf[(short) (start + index)]); - pushIntegerHeader((short) 1); - index++; - } - pushSetHeader((short) (last - stackPtr)); - pushTagIdHeader(tagId, (short) (last - stackPtr)); - } - - // Only SET of INTEGERS supported are padding, digest, purpose and blockmode - // All of these are enum array tags i.e. byte long values - private static void pushIntegerArrayTag(short tagId, short arr) { - short last = stackPtr; - short index = 0; - short len = KMArray.cast(arr).length(); - short ptr; - while (index < len) { - ptr = KMArray.cast(arr).get(index); - pushInteger( - KMInteger.cast(ptr).getBuffer(), - KMInteger.cast(ptr).getStartOff(), - KMInteger.cast(ptr).length()); - index++; - } - pushSetHeader((short) (last - stackPtr)); - pushTagIdHeader(tagId, (short) (last - stackPtr)); - } - - private static void pushSetHeader(short len) { - pushLength(len); - pushByte((byte) 0x31); - } - - private static void pushEnumerated(byte val) { - short last = stackPtr; - pushByte(val); - pushEnumeratedHeader((short) (last - stackPtr)); - } - - private static void pushEnumeratedHeader(short len) { - pushLength(len); - pushByte((byte) 0x0A); - } - - private static void pushBoolTag(short tagId) { - short last = stackPtr; - pushNullHeader(); - pushTagIdHeader(tagId, (short) (last - stackPtr)); - } - - private static void pushNullHeader() { - pushByte((byte) 0); - pushByte((byte) 0x05); - } - - private static void pushEnumTag(short tagId, byte val) { - short last = stackPtr; - pushByte(val); - pushIntegerHeader((short) (last - stackPtr)); - pushTagIdHeader(tagId, (short) (last - stackPtr)); - } - - private static void pushIntegerTag(short tagId, byte[] buf, short start, short len) { - short last = stackPtr; - pushInteger(buf, start, len); - pushTagIdHeader(tagId, (short) (last - stackPtr)); - } - - // Ignore leading zeros. Only Unsigned Integers are required hence if MSB is set then add 0x00 - // as most significant byte. - private static void pushInteger(byte[] buf, short start, short len) { - short last = stackPtr; - byte index = 0; - while (index < (byte) len) { - if (buf[(short) (start + index)] != 0) { - break; - } - index++; - } - if (index == (byte) len) { - pushByte((byte) 0x00); - } else { - pushBytes(buf, (short) (start + index), (short) (len - index)); - if (buf[(short) (start + index)] < 0) { // MSB is 1 - pushByte((byte) 0x00); // always unsigned int - } - } - pushIntegerHeader((short) (last - stackPtr)); - } - - // Bytes Tag is a octet string and tag id is added explicitly - private static void pushBytesTag(short tagId, byte[] buf, short start, short len) { - short last = stackPtr; - pushBytes(buf, start, len); - pushOctetStringHeader((short) (last - stackPtr)); - pushTagIdHeader(tagId, (short) (last - stackPtr)); - } - - // tag id <= 30 ---> 0xA0 | {tagId} - // 30 < tagId < 128 ---> 0xBF 0x{tagId} - // tagId >= 128 ---> 0xBF 0x80+(tagId/128) 0x{tagId - (128*(tagId/128))} - private static void pushTagIdHeader(short tagId, short len) { - pushLength(len); - short count = (short) (tagId / 128); - if (count > 0) { - pushByte((byte) (tagId - (128 * count))); - pushByte((byte) (0x80 + count)); - pushByte((byte) 0xBF); - } else if (tagId > 30) { - pushByte((byte) tagId); - pushByte((byte) 0xBF); - } else { - pushByte((byte) (0xA0 | (byte) tagId)); - } - } - - // SEQUENCE {ObjId, OCTET STRING{BIT STRING{keyUsage}}} - private static void pushKeyUsage(byte keyUsage, byte unusedBits) { - short last = stackPtr; - pushByte(keyUsage); - pushBitStringHeader(unusedBits, (short) (last - stackPtr)); - pushOctetStringHeader((short) (last - stackPtr)); - pushBytes(keyUsageExtn, (short) 0, (short) keyUsageExtn.length); - pushSequenceHeader((short) (last - stackPtr)); - } - - private static void pushAlgorithmId(byte[] algId) { - pushBytes(algId, (short) 0, (short) algId.length); - } - - private static void pushIntegerHeader(short len) { - pushLength(len); - pushByte((byte) 0x02); - } - - private static void pushOctetStringHeader(short len) { - pushLength(len); - pushByte((byte) 0x04); - } - - private static void pushSequenceHeader(short len) { - pushLength(len); - pushByte((byte) 0x30); - } - - private static void pushBitStringHeader(byte unusedBits, short len) { - pushByte(unusedBits); - pushLength((short) (len + 1)); // 1 extra byte for unused bits byte - pushByte((byte) 0x03); - } - - private static void pushLength(short len) { - if (len < 128) { - pushByte((byte) len); - } else if (len < 256) { - pushByte((byte) len); - pushByte((byte) 0x81); - } else { - pushShort(len); - pushByte((byte) 0x82); - } - } - - private static void pushShort(short val) { - decrementStackPtr((short) 2); - Util.setShort(stack, stackPtr, val); - } - - private static void pushByte(byte val) { - decrementStackPtr((short) 1); - stack[stackPtr] = val; - } - - private static void pushBytes(byte[] buf, short start, short len) { - decrementStackPtr(len); - if (buf != null) { - Util.arrayCopyNonAtomic(buf, start, stack, stackPtr, len); - } - } - - private static void decrementStackPtr(short cnt) { - stackPtr = (short) (stackPtr - cnt); - if (start > stackPtr) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - } - - @Override - public KMAttestationCert buffer(byte[] buf, short bufStart, short maxLen) { - stack = buf; - start = bufStart; - length = maxLen; - stackPtr = (short) (start + length); - return this; - } - - @Override - public short getCertStart() { - return certStart; - } - - @Override - public short getCertEnd() { - return (short) (start + length - 1); - } - - @Override - public short getCertLength() { - return (short) (getCertEnd() - getCertStart() + 1); - } - - @Override - public void build() { - short last = stackPtr; - decrementStackPtr((short) ECDSA_MAX_SIG_LEN); - signatureOffset = stackPtr; - pushBitStringHeader((byte) 0, (short) (last - stackPtr)); - pushAlgorithmId(X509SignAlgIdentifier); - tbsLength = stackPtr; - pushTbsCert(rsaCert); - tbsOffset = stackPtr; - tbsLength = (short) (tbsLength - tbsOffset); - pushSequenceHeader((short) (last - stackPtr)); - certStart = stackPtr; - KMAndroidSEProvider androidSeProvider = KMAndroidSEProvider.getInstance(); - short sigLen = androidSeProvider - .ecSign256( - androidSeProvider.getAttestationKey(), - stack, - tbsOffset, - tbsLength, - stack, - signatureOffset); - if (sigLen != ECDSA_MAX_SIG_LEN) { - // Update the lengths appropriately. - stackPtr = (short) (signatureOffset - 1); - pushLength((short) (sigLen + 1)); - stackPtr = tbsOffset; - last -= (short) (ECDSA_MAX_SIG_LEN - sigLen); - pushLength((short) (last - stackPtr)); - length -= (short) (ECDSA_MAX_SIG_LEN - sigLen); - } - } - - @Override - public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, - byte[] creationTime, short timeOffset, short creationTimeLen, - byte[] attestAppId, short appIdOff, short attestAppIdLen, - byte resetSinceIdRotation, KMMasterKey masterKey) { - // Concatenate T||C||R - // temporal count T - short temp = KMUtils.countTemporalCount(creationTime, timeOffset, - creationTimeLen, scratchPad, scratchPadOff); - Util.setShort(scratchPad, (short) scratchPadOff, temp); - temp = scratchPadOff; - scratchPadOff += 2; - - // Application Id C - Util.arrayCopyNonAtomic(attestAppId, appIdOff, scratchPad, scratchPadOff, - attestAppIdLen); - scratchPadOff += attestAppIdLen; - - // Reset After Rotation R - scratchPad[scratchPadOff] = resetSinceIdRotation; - scratchPadOff++; - - timeOffset = KMByteBlob.instance((short) 32); - //Get the key data from the master key and use it for HMAC Sign. - AESKey aesKey = ((KMAESKey) masterKey).getKey(); - short mKeyData = KMByteBlob.instance((short) (aesKey.getSize() / 8)); - aesKey.getKey( - KMByteBlob.cast(mKeyData).getBuffer(), - KMByteBlob.cast(mKeyData).getStartOff()); - appIdOff = KMAndroidSEProvider.getInstance().hmacSign( - KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ - KMByteBlob.cast(mKeyData).getStartOff(), /* Key start*/ - KMByteBlob.cast(mKeyData).length(), /* Key length*/ - scratchPad, /* data */ - temp, /* data start */ - scratchPadOff, /* data length */ - KMByteBlob.cast(timeOffset).getBuffer(), /* signature buffer */ - KMByteBlob.cast(timeOffset).getStartOff()); /* signature start */ - if (appIdOff != 32) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - return uniqueId(timeOffset); - } -} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java deleted file mode 100644 index de304d8f..00000000 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ /dev/null @@ -1,271 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import javacard.framework.JCSystem; -import javacard.framework.Util; -import javacard.security.Signature; -import javacardx.crypto.AEADCipher; -import javacardx.crypto.Cipher; - -public class KMOperationImpl implements KMOperation { - - private static final short CIPHER_ALG_OFFSET = 0x00; - private static final short PADDING_OFFSET = 0x01; - private static final short OPER_MODE_OFFSET = 0x02; - private static final short BLOCK_MODE_OFFSET = 0x03; - private static final short MAC_LENGTH_OFFSET = 0x04; - private static final byte[] EMPTY = {}; - //This will hold the length of the buffer stored inside the - //Java Card after the GCM update operation. - private static final short AES_GCM_UPDATE_LEN_OFFSET = 0x05; - private short[] parameters; - // Either one of Cipher/Signature instance is stored. - private Object[] operationInst; - - public KMOperationImpl() { - parameters = JCSystem.makeTransientShortArray((short) 6, JCSystem.CLEAR_ON_RESET); - operationInst = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET); - } - - public short getMode() { - return parameters[OPER_MODE_OFFSET]; - } - - public void setMode(short mode) { - parameters[OPER_MODE_OFFSET] = mode; - } - - public short getMacLength() { - return parameters[MAC_LENGTH_OFFSET]; - } - - public void setMacLength(short macLength) { - parameters[MAC_LENGTH_OFFSET] = macLength; - } - - public short getPaddingAlgorithm() { - return parameters[PADDING_OFFSET]; - } - - public void setPaddingAlgorithm(short alg) { - parameters[PADDING_OFFSET] = alg; - } - - public void setBlockMode(short mode) { - parameters[BLOCK_MODE_OFFSET] = mode; - } - - public short getBlockMode() { - return parameters[BLOCK_MODE_OFFSET]; - } - - public short getCipherAlgorithm() { - return parameters[CIPHER_ALG_OFFSET]; - } - - public void setCipherAlgorithm(short cipherAlg) { - parameters[CIPHER_ALG_OFFSET] = cipherAlg; - } - - public void setCipher(Cipher cipher) { - operationInst[0] = cipher; - } - - public void setSignature(Signature signer) { - operationInst[0] = signer; - } - - public boolean isResourceMatches(Object object) { - return operationInst[0] == object; - } - - private void reset() { - operationInst[0] = null; - parameters[MAC_LENGTH_OFFSET] = KMType.INVALID_VALUE; - parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0; - parameters[BLOCK_MODE_OFFSET] = KMType.INVALID_VALUE;; - parameters[OPER_MODE_OFFSET] = KMType.INVALID_VALUE;; - parameters[CIPHER_ALG_OFFSET] = KMType.INVALID_VALUE;; - parameters[PADDING_OFFSET] = KMType.INVALID_VALUE;; - } - - @Override - public short update(byte[] inputDataBuf, short inputDataStart, - short inputDataLength, byte[] outputDataBuf, short outputDataStart) { - short len = ((Cipher) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength, - outputDataBuf, outputDataStart); - if (parameters[CIPHER_ALG_OFFSET] == KMType.AES && parameters[BLOCK_MODE_OFFSET] == KMType.GCM) { - // Every time Block size data is stored as intermediate result. - parameters[AES_GCM_UPDATE_LEN_OFFSET] += (short) (inputDataLength - len); - } - return len; - } - - @Override - public short update(byte[] inputDataBuf, short inputDataStart, - short inputDataLength) { - ((Signature) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength); - return 0; - } - - @Override - public short finish(byte[] inputDataBuf, short inputDataStart, - short inputDataLen, byte[] outputDataBuf, short outputDataStart) { - byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray; - Cipher cipher = (Cipher) operationInst[0]; - short cipherAlg = parameters[CIPHER_ALG_OFFSET]; - short blockMode = parameters[BLOCK_MODE_OFFSET]; - short mode = parameters[OPER_MODE_OFFSET]; - short macLength = parameters[MAC_LENGTH_OFFSET]; - short padding = parameters[PADDING_OFFSET]; - short len = 0; - try { - if (cipherAlg == KMType.AES && blockMode == KMType.GCM) { - if (mode == KMType.DECRYPT) { - inputDataLen = (short) (inputDataLen - macLength); - } - } else if ((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && - padding == KMType.PKCS7 && mode == KMType.ENCRYPT) { - byte blkSize = 16; - byte paddingBytes; - short inputlen = inputDataLen; - if (cipherAlg == KMType.DES) { - blkSize = 8; - } - // padding bytes - if (inputlen % blkSize == 0) { - paddingBytes = blkSize; - } else { - paddingBytes = (byte) (blkSize - (inputlen % blkSize)); - } - // final len with padding - inputlen = (short) (inputlen + paddingBytes); - // intermediate buffer to copy input data+padding - // fill in the padding - Util.arrayFillNonAtomic(tmpArray, (short) 0, inputlen, paddingBytes); - // copy the input data - Util.arrayCopyNonAtomic(inputDataBuf, inputDataStart, tmpArray, - (short) 0, inputDataLen); - inputDataBuf = tmpArray; - inputDataLen = inputlen; - inputDataStart = 0; - } - len = cipher.doFinal(inputDataBuf, inputDataStart, inputDataLen, - outputDataBuf, outputDataStart); - if ((cipherAlg == KMType.AES || cipherAlg == KMType.DES) && - padding == KMType.PKCS7 && mode == KMType.DECRYPT) { - byte blkSize = 16; - if (cipherAlg == KMType.DES) { - blkSize = 8; - } - if (len > 0) { - // verify if padding is corrupted. - byte paddingByte = outputDataBuf[(short) (outputDataStart + len - 1)]; - // padding byte always should be <= block size - if ((short) paddingByte > blkSize || (short) paddingByte <= 0) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - - for (short j = 1; j <= paddingByte; ++j) { - if (outputDataBuf[(short) (outputDataStart + len - j)] != paddingByte) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - } - len = (short) (len - (short) paddingByte);// remove the padding bytes - } - } else if (cipherAlg == KMType.AES && blockMode == KMType.GCM) { - if (mode == KMType.ENCRYPT) { - len += ((AEADCipher) cipher).retrieveTag(outputDataBuf, - (short) (outputDataStart + len), macLength); - } else { - boolean verified = ((AEADCipher) cipher).verifyTag(inputDataBuf, - (short) (inputDataStart + inputDataLen), macLength, macLength); - if (!verified) { - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - } - } - } finally { - KMAndroidSEProvider.getInstance().clean(); - reset(); - } - return len; - } - - @Override - public short sign(byte[] inputDataBuf, short inputDataStart, - short inputDataLength, byte[] signBuf, short signStart) { - short len = 0; - try { - len = ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength, - signBuf, signStart); - } finally { - reset(); - } - return len; - } - - @Override - public boolean verify(byte[] inputDataBuf, short inputDataStart, - short inputDataLength, byte[] signBuf, short signStart, short signLength) { - boolean ret = false; - try { - ret = ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength, - signBuf, signStart, signLength); - } finally { - reset(); - } - return ret; - } - - @Override - public void abort() { - // Few simulators does not reset the Hmac signer instance on init so as - // a workaround to reset the hmac signer instance in case of abort/failure of the operation - // the corresponding sign / verify function is called. - if (operationInst[0] != null) { - if ((parameters[OPER_MODE_OFFSET] == KMType.SIGN || parameters[OPER_MODE_OFFSET] == KMType.VERIFY) && - (((Signature) operationInst[0]).getAlgorithm() == Signature.ALG_HMAC_SHA_256)) { - Signature signer = (Signature) operationInst[0]; - try { - if (parameters[OPER_MODE_OFFSET] == KMType.SIGN) { - signer.sign(EMPTY, (short) 0, (short) 0, EMPTY, (short) 0); - } else { - signer.verify(EMPTY, (short) 0, (short) 0, EMPTY, (short) 0, (short) 0); - } - } catch(Exception e) { - // Ignore. - } - } - } - reset(); - } - - @Override - public void updateAAD(byte[] dataBuf, short dataStart, short dataLength) { - ((AEADCipher) operationInst[0]).updateAAD(dataBuf, dataStart, dataLength); - } - - @Override - public short getAESGCMOutputSize(short dataSize, short macLength) { - if (parameters[OPER_MODE_OFFSET] == KMType.ENCRYPT) { - return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize + macLength); - } else { - return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize - macLength); - } - } -} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMAESKey.java similarity index 78% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMAESKey.java index cec6388e..fd85435b 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAESKey.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMAESKey.java @@ -13,13 +13,14 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; import org.globalplatform.upgrade.Element; -import com.android.javacard.keymaster.KMMasterKey; +import com.android.javacard.kmdevice.KMMasterKey; import javacard.security.AESKey; +import javacard.security.HMACKey; public class KMAESKey implements KMMasterKey { @@ -33,22 +34,23 @@ public void setKey(byte[] keyData, short kOff) { aesKey.setKey(keyData, kOff); } - public AESKey getKey() { - return aesKey; + public byte getKey(byte[] keyData, short kOff) { + return aesKey.getKey(keyData, kOff); } public short getKeySizeBits() { return aesKey.getSize(); } - public static void onSave(Element element, KMAESKey kmKey) { - element.write(kmKey.aesKey); + public static KMAESKey onRestore(AESKey aesKey) { + if (aesKey == null) { + return null; + } + return new KMAESKey(aesKey); } - public static KMAESKey onRestore(Element element) { - AESKey aesKey = (AESKey) element.readObject(); - KMAESKey kmKey = new KMAESKey(aesKey); - return kmKey; + public static void onSave(Element element, KMAESKey kmKey) { + element.write(kmKey.aesKey); } public static short getBackupPrimitiveByteCount() { diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMAndroidSEProvider.java similarity index 52% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMAndroidSEProvider.java index 41f468ed..9c554dde 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMAndroidSEProvider.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMAndroidSEProvider.java @@ -13,11 +13,23 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; import org.globalplatform.upgrade.Element; import org.globalplatform.upgrade.UpgradeManager; +import com.android.javacard.kmdevice.KMAttestationKey; +import com.android.javacard.kmdevice.KMComputedHmacKey; +import com.android.javacard.kmdevice.KMDataStoreConstants; +import com.android.javacard.kmdevice.KMDeviceUniqueKey; +import com.android.javacard.kmdevice.KMException; +import com.android.javacard.kmdevice.KMMasterKey; +import com.android.javacard.kmdevice.KMOperation; +import com.android.javacard.kmdevice.KMPreSharedKey; +import com.android.javacard.kmdevice.KMSEProvider; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; import javacard.framework.JCSystem; import javacard.framework.Util; import javacard.security.AESKey; @@ -35,78 +47,22 @@ import javacard.security.Signature; import javacardx.crypto.AEADCipher; import javacardx.crypto.Cipher; - -import com.android.javacard.keymaster.KMAESKey; -import com.android.javacard.keymaster.KMAttestationKey; -import com.android.javacard.keymaster.KMECPrivateKey; -import com.android.javacard.keymaster.KMError; -import com.android.javacard.keymaster.KMException; -import com.android.javacard.keymaster.KMHmacKey; -import com.android.javacard.keymaster.KMMasterKey; -import com.android.javacard.keymaster.KMPreSharedKey; +import javacard.security.KeyAgreement; public class KMAndroidSEProvider implements KMSEProvider { // static final variables // -------------------------------------------------------------- // P-256 Curve Parameters - static final byte[] secp256r1_P = { - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF}; - - static final byte[] secp256r1_A = { - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFC}; - - static final byte[] secp256r1_B = { - (byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8, (byte) 0xAA, - (byte) 0x3A, (byte) 0x93, (byte) 0xE7, (byte) 0xB3, (byte) 0xEB, - (byte) 0xBD, (byte) 0x55, (byte) 0x76, (byte) 0x98, (byte) 0x86, - (byte) 0xBC, (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0, - (byte) 0xCC, (byte) 0x53, (byte) 0xB0, (byte) 0xF6, (byte) 0x3B, - (byte) 0xCE, (byte) 0x3C, (byte) 0x3E, (byte) 0x27, (byte) 0xD2, - (byte) 0x60, (byte) 0x4B}; - - static final byte[] secp256r1_S = { - (byte) 0xC4, (byte) 0x9D, (byte) 0x36, (byte) 0x08, (byte) 0x86, - (byte) 0xE7, (byte) 0x04, (byte) 0x93, (byte) 0x6A, (byte) 0x66, - (byte) 0x78, (byte) 0xE1, (byte) 0x13, (byte) 0x9D, (byte) 0x26, - (byte) 0xB7, (byte) 0x81, (byte) 0x9F, (byte) 0x7E, (byte) 0x90}; + static byte[] secp256r1_P; + static byte[] secp256r1_A; + + static byte[] secp256r1_B; + static byte[] secp256r1_S; // Uncompressed form - static final byte[] secp256r1_UCG = { - (byte) 0x04, (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2, - (byte) 0xE1, (byte) 0x2C, (byte) 0x42, (byte) 0x47, (byte) 0xF8, - (byte) 0xBC, (byte) 0xE6, (byte) 0xE5, (byte) 0x63, (byte) 0xA4, - (byte) 0x40, (byte) 0xF2, (byte) 0x77, (byte) 0x03, (byte) 0x7D, - (byte) 0x81, (byte) 0x2D, (byte) 0xEB, (byte) 0x33, (byte) 0xA0, - (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45, (byte) 0xD8, - (byte) 0x98, (byte) 0xC2, (byte) 0x96, (byte) 0x4F, (byte) 0xE3, - (byte) 0x42, (byte) 0xE2, (byte) 0xFE, (byte) 0x1A, (byte) 0x7F, - (byte) 0x9B, (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A, - (byte) 0x7C, (byte) 0x0F, (byte) 0x9E, (byte) 0x16, (byte) 0x2B, - (byte) 0xCE, (byte) 0x33, (byte) 0x57, (byte) 0x6B, (byte) 0x31, - (byte) 0x5E, (byte) 0xCE, (byte) 0xCB, (byte) 0xB6, (byte) 0x40, - (byte) 0x68, (byte) 0x37, (byte) 0xBF, (byte) 0x51, (byte) 0xF5}; - - static final byte[] secp256r1_N = { - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, - (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, - (byte) 0xFF, (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD, - (byte) 0xA7, (byte) 0x17, (byte) 0x9E, (byte) 0x84, (byte) 0xF3, - (byte) 0xB9, (byte) 0xCA, (byte) 0xC2, (byte) 0xFC, (byte) 0x63, - (byte) 0x25, (byte) 0x51}; + static byte[] secp256r1_UCG; + static byte[] secp256r1_N; static final short secp256r1_H = 1; // -------------------------------------------------------------- public static final short AES_GCM_TAG_LENGTH = 16; @@ -115,44 +71,12 @@ public class KMAndroidSEProvider implements KMSEProvider { public static final byte KEYSIZE_256_OFFSET = 0x01; public static final short TMP_ARRAY_SIZE = 300; private static final short RSA_KEY_SIZE = 256; - private static final short MAX_OPERATIONS = 4; - private static final short HMAC_MAX_OPERATIONS = 8; - private static final short COMPUTED_HMAC_KEY_SIZE = 32; - public static final short INVALID_DATA_VERSION = 0x7FFF; - - private static final short CERT_CHAIN_OFFSET = 0; - private static final short CERT_ISSUER_OFFSET = KMConfigurations.CERT_CHAIN_MAX_SIZE; - private static final short CERT_EXPIRY_OFFSET = - (short) (CERT_ISSUER_OFFSET + KMConfigurations.CERT_ISSUER_MAX_SIZE); - - private static final byte[] CIPHER_ALGS = { - Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, - Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, - Cipher.ALG_DES_CBC_NOPAD, - Cipher.ALG_DES_ECB_NOPAD, - Cipher.ALG_AES_CTR, - Cipher.ALG_RSA_PKCS1, - KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1, - Cipher.ALG_RSA_NOPAD, - AEADCipher.ALG_AES_GCM}; - - private static final byte[] SIG_ALGS = { - Signature.ALG_RSA_SHA_256_PKCS1, - Signature.ALG_RSA_SHA_256_PKCS1_PSS, - Signature.ALG_ECDSA_SHA_256, - Signature.ALG_HMAC_SHA_256, - KMRsa2048NoDigestSignature.ALG_RSA_SIGN_NOPAD, - KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST, - KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST}; - - // [L] 256 bits - hardcoded 32 bits as per - // reference impl in keymaster. - private static final byte[] CMAC_KDF_CONSTANT_L = { - 0, 0, 1, 0 - }; - private static final byte[] CMAC_KDF_CONSTANT_ZERO = { - 0 - }; + public static final short SHARED_SECRET_KEY_SIZE = 32; + public static final byte POWER_RESET_FALSE = (byte) 0xAA; + public static final byte POWER_RESET_TRUE = (byte) 0x00; + + private KeyAgreement keyAgreement; + // AESKey private AESKey aesKeys[]; // DES3Key @@ -166,30 +90,18 @@ public class KMAndroidSEProvider implements KMSEProvider { // Temporary array. public byte[] tmpArray; // This is used for internal encryption/decryption operations. - private static AEADCipher aesGcmCipher; - // Cipher pool - private Object[] cipherPool; - // Signature pool - private Object[] sigPool; - // KMOperationImpl pool - private Object[] operationPool; - // Hmac signer pool which is used to support TRUSTED_CONFIRMATION_REQUIRED tag. - private Object[] hmacSignOperationPool; - + private AEADCipher aesGcmCipher; + private Signature kdf; + public byte[] resetFlag; private Signature hmacSignature; //For ImportwrappedKey operations. private KMRsaOAEPEncoding rsaOaepDecipher; + private KMPoolManager poolMgr; // Entropy private RandomData rng; - //For storing root certificate and intermediate certificates. - private byte[] provisionData; - private KMAESKey masterKey; - private KMECPrivateKey attestationKey; - private KMHmacKey preSharedKey; - private KMHmacKey computedHmacKey; private static KMAndroidSEProvider androidSEProvider = null; @@ -198,34 +110,22 @@ public static KMAndroidSEProvider getInstance() { } public KMAndroidSEProvider() { + initStatics(); // Re-usable AES,DES and HMAC keys in persisted memory. aesKeys = new AESKey[2]; aesKeys[KEYSIZE_128_OFFSET] = (AESKey) KeyBuilder.buildKey( - KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false); + KeyBuilder.TYPE_AES_TRANSIENT_RESET, KeyBuilder.LENGTH_AES_128, false); aesKeys[KEYSIZE_256_OFFSET] = (AESKey) KeyBuilder.buildKey( - KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false); - triDesKey = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, + KeyBuilder.TYPE_AES_TRANSIENT_RESET, KeyBuilder.LENGTH_AES_256, false); + triDesKey = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES_TRANSIENT_RESET, KeyBuilder.LENGTH_DES3_3KEY, false); - hmacKey = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) 512, + hmacKey = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC_TRANSIENT_RESET, (short) 512, false); rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); + keyAgreement = KeyAgreement.getInstance(KeyAgreement.ALG_EC_SVDP_DH_PLAIN, false); initECKey(ecKeyPair); - - // Re-usable cipher and signature instances - cipherPool = new Object[(short) (CIPHER_ALGS.length * 4)]; - // Extra 4 algorithms are used to support TRUSTED_CONFIRMATION_REQUIRED feature. - sigPool = new Object[(short) ((SIG_ALGS.length * 4) + 4)]; - operationPool = new Object[4]; - - //maintain seperate operation pool for hmac signer used to support trusted confirmation - hmacSignOperationPool = new Object[4]; - // Creates an instance of each cipher algorithm once. - initializeCipherPool(); - // Creates an instance of each signature algorithm once. - initializeSigPool(); - initializeOperationPool(); - initializeHmacSignOperationPool(); + poolMgr = KMPoolManager.getInstance(); //RsaOAEP Decipher rsaOaepDecipher = new KMRsaOAEPEncoding(KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1); @@ -238,23 +138,78 @@ public KMAndroidSEProvider() { // Random number generator initialisation. rng = RandomData.getInstance(RandomData.ALG_KEYGENERATION); - //Allocate buffer for certificate chain. - if (!isUpgrading()) { - // First 2 bytes is reserved for length for all the 3 buffers. - short totalLen = (short) (6 + KMConfigurations.CERT_CHAIN_MAX_SIZE + - KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE); - provisionData = new byte[totalLen]; - - // Initialize attestationKey and preShared key with zeros. - Util.arrayFillNonAtomic(tmpArray, (short) 0, TMP_ARRAY_SIZE, (byte) 0); - // Create attestation key of P-256 curve. - createAttestationKey(tmpArray, (short)0, (short) 32); - // Pre-shared secret key length is 32 bytes. - createPresharedKey(tmpArray, (short)0, (short) 32); - // Initialize the Computed Hmac Key object. - createComputedHmacKey(tmpArray, (short)0, (short) 32); - } androidSEProvider = this; + resetFlag = JCSystem.makeTransientByteArray((short) 2, + JCSystem.CLEAR_ON_DESELECT); + resetFlag[0] = (byte) POWER_RESET_FALSE; + resetFlag[1] = (byte) POWER_RESET_FALSE; + } + + public static void initStatics() { + secp256r1_P = new byte[]{(byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, + (byte) 0x00, + (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0xFF, + (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF}; + + secp256r1_A = new byte[]{(byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, + (byte) 0x00, + (byte) 0x00, (byte) 0x01, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, + (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0x00, (byte) 0xFF, + (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, + (byte) 0xFF, (byte) 0xFC}; + + secp256r1_B = new byte[]{(byte) 0x5A, (byte) 0xC6, (byte) 0x35, (byte) 0xD8, (byte) 0xAA, + (byte) 0x3A, + (byte) 0x93, (byte) 0xE7, (byte) 0xB3, (byte) 0xEB, (byte) 0xBD, (byte) 0x55, (byte) 0x76, + (byte) 0x98, + (byte) 0x86, (byte) 0xBC, (byte) 0x65, (byte) 0x1D, (byte) 0x06, (byte) 0xB0, (byte) 0xCC, + (byte) 0x53, + (byte) 0xB0, (byte) 0xF6, (byte) 0x3B, (byte) 0xCE, (byte) 0x3C, (byte) 0x3E, (byte) 0x27, + (byte) 0xD2, + (byte) 0x60, (byte) 0x4B}; + + secp256r1_S = new byte[]{(byte) 0xC4, (byte) 0x9D, (byte) 0x36, (byte) 0x08, (byte) 0x86, + (byte) 0xE7, + (byte) 0x04, (byte) 0x93, (byte) 0x6A, (byte) 0x66, (byte) 0x78, (byte) 0xE1, (byte) 0x13, + (byte) 0x9D, + (byte) 0x26, (byte) 0xB7, (byte) 0x81, (byte) 0x9F, (byte) 0x7E, (byte) 0x90}; + + // Uncompressed form + secp256r1_UCG = new byte[]{(byte) 0x04, (byte) 0x6B, (byte) 0x17, (byte) 0xD1, (byte) 0xF2, + (byte) 0xE1, + (byte) 0x2C, (byte) 0x42, (byte) 0x47, (byte) 0xF8, (byte) 0xBC, (byte) 0xE6, (byte) 0xE5, + (byte) 0x63, + (byte) 0xA4, (byte) 0x40, (byte) 0xF2, (byte) 0x77, (byte) 0x03, (byte) 0x7D, (byte) 0x81, + (byte) 0x2D, + (byte) 0xEB, (byte) 0x33, (byte) 0xA0, (byte) 0xF4, (byte) 0xA1, (byte) 0x39, (byte) 0x45, + (byte) 0xD8, + (byte) 0x98, (byte) 0xC2, (byte) 0x96, (byte) 0x4F, (byte) 0xE3, (byte) 0x42, (byte) 0xE2, + (byte) 0xFE, + (byte) 0x1A, (byte) 0x7F, (byte) 0x9B, (byte) 0x8E, (byte) 0xE7, (byte) 0xEB, (byte) 0x4A, + (byte) 0x7C, + (byte) 0x0F, (byte) 0x9E, (byte) 0x16, (byte) 0x2B, (byte) 0xCE, (byte) 0x33, (byte) 0x57, + (byte) 0x6B, + (byte) 0x31, (byte) 0x5E, (byte) 0xCE, (byte) 0xCB, (byte) 0xB6, (byte) 0x40, (byte) 0x68, + (byte) 0x37, + (byte) 0xBF, (byte) 0x51, (byte) 0xF5}; + + secp256r1_N = new byte[]{(byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0x00, + (byte) 0x00, + (byte) 0x00, (byte) 0x00, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, (byte) 0xFF, + (byte) 0xFF, + (byte) 0xFF, (byte) 0xFF, (byte) 0xBC, (byte) 0xE6, (byte) 0xFA, (byte) 0xAD, (byte) 0xA7, + (byte) 0x17, + (byte) 0x9E, (byte) 0x84, (byte) 0xF3, (byte) 0xB9, (byte) 0xCA, (byte) 0xC2, (byte) 0xFC, + (byte) 0x63, + (byte) 0x25, (byte) 0x51}; } public void clean() { @@ -279,172 +234,6 @@ private void initECKey(KeyPair ecKeyPair) { privKey.setR(secp256r1_N, (short) 0, (short) secp256r1_N.length); } - private boolean isCipherAlgorithm(byte alg) { - short index = 0; - while (index < CIPHER_ALGS.length) { - if (CIPHER_ALGS[index++] == alg) { - return true; - } - } - return false; - } - - private boolean isSignerAlgorithm(byte alg) { - short index = 0; - while (index < SIG_ALGS.length) { - if (SIG_ALGS[index++] == alg) { - return true; - } - } - return false; - } - - private void initializeOperationPool() { - short index = 0; - while (index < 4) { - operationPool[index] = new KMOperationImpl(); - index++; - } - } - - private void initializeHmacSignOperationPool() { - short index = 0; - while (index < 4) { - hmacSignOperationPool[index] = new KMOperationImpl(); - index++; - } - } - - // Create a signature instance of each algorithm once. - private void initializeSigPool() { - short index = 0; - while (index < SIG_ALGS.length) { - sigPool[index] = getSignatureInstance(SIG_ALGS[index]); - index++; - } - } - - private Signature getSignatureInstance(byte alg) { - if (KMRsa2048NoDigestSignature.ALG_RSA_SIGN_NOPAD == alg - || KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST == alg) { - return new KMRsa2048NoDigestSignature(alg); - } else if (KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST == alg) { - return new KMEcdsa256NoDigestSignature(alg); - } else { - return Signature.getInstance(alg, false); - } - } - - private Cipher getCipherInstance(byte alg) { - if (KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1 == alg) { - return new KMRsaOAEPEncoding(alg); - } else { - return Cipher.getInstance(alg, false); - } - } - - // Create a cipher instance of each algorithm once. - private void initializeCipherPool() { - short index = 0; - while (index < CIPHER_ALGS.length) { - cipherPool[index] = getCipherInstance(CIPHER_ALGS[index]); - index++; - } - } - - private KMOperationImpl getOperationInstanceFromPool() { - short index = 0; - KMOperationImpl impl; - while (index < operationPool.length) { - impl = (KMOperationImpl) operationPool[index]; - // Mode is always set. so compare using mode value. - if (impl.getMode() == KMType.INVALID_VALUE) { - return impl; - } - index++; - } - return null; - } - - private KMOperationImpl getHmacSignOperationInstanceFromPool() { - short index = 0; - KMOperationImpl impl; - while (index < hmacSignOperationPool.length) { - impl = (KMOperationImpl) hmacSignOperationPool[index]; - // Mode is always set. so compare using mode value. - if (impl.getMode() == KMType.INVALID_VALUE) { - return impl; - } - index++; - } - return null; - } - - private Signature getSignatureInstanceFromPool(byte alg) { - return (Signature) getInstanceFromPool(sigPool, alg); - } - - private Cipher getCipherInstanceFromPool(byte alg) { - return (Cipher) getInstanceFromPool(cipherPool, alg); - } - - private boolean isResourceBusy(Object obj) { - short index = 0; - while (index < MAX_OPERATIONS) { - if (((KMOperationImpl) operationPool[index]).isResourceMatches(obj) - || ((KMOperationImpl) hmacSignOperationPool[index]).isResourceMatches(obj)) { - return true; - } - index++; - } - return false; - } - - // This pool implementation can create a maximum of total 4 instances per - // algorithm. This function returns the unreserved Cipher/Signature instance - // of type algorithm from pool. If there is no unreserved cipher/signature - // instance of algorithm type in the pool and Cipher/Signature algorithm - // instance count is less than 4 then it creates and returns a new - // Cipher/Signature instance of algorithm type. If there is no unreserved - // cipher/signature and maximum instance count reaches four it throws - // exception. - private Object getInstanceFromPool(Object[] pool, byte alg) { - short index = 0; - short instanceCount = 0; - boolean isCipher = isCipherAlgorithm(alg); - boolean isSigner = isSignerAlgorithm(alg); - short maxOperations = MAX_OPERATIONS; - if (Signature.ALG_HMAC_SHA_256 == alg) { - maxOperations = HMAC_MAX_OPERATIONS; - } - while (index < (short) pool.length) { - if (instanceCount >= maxOperations) { - KMException.throwIt(KMError.TOO_MANY_OPERATIONS); - break; - } - if (null == pool[index]) { - // No instance of cipher/signature with this algorithm is found - if (isCipher) { // Cipher - pool[index] = getCipherInstance(alg); - } else if (isSigner) { // Signature - pool[index] = getSignatureInstance(alg); - } else { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - return pool[index]; - } - if ((isCipher && (alg == ((Cipher) pool[index]).getAlgorithm())) - || ((isSigner && (alg == ((Signature) pool[index]).getAlgorithm())))) { - if (!isResourceBusy(pool[index])) { - return pool[index]; - } - instanceCount++; - } - index++; - } - return null; - } - public AESKey createAESKey(short keysize) { try { newRandomNumber(tmpArray, (short) 0, (short) (keysize / 8)); @@ -725,7 +514,15 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta // This is hardcoded to requirement - 32 byte output with two concatenated // 16 bytes K1 and K2. final byte n = 2; // hardcoded - + // [L] 256 bits - hardcoded 32 bits as per + // reference impl in keymaster. + final byte[] L = { + 0, 0, 1, 0 + }; + // byte + final byte[] zero = { + 0 + }; // [i] counter - 32 bits short iBufLen = 4; short keyOutLen = n * 16; @@ -748,10 +545,10 @@ public HMACKey cmacKdf(KMPreSharedKey preSharedKey, byte[] label, short labelSta // 4 bytes of iBuf with counter in it kdf.update(tmpArray, (short) 0, (short) iBufLen); kdf.update(label, labelStart, (short) labelLen); // label - kdf.update(CMAC_KDF_CONSTANT_ZERO, (short) 0, (short) CMAC_KDF_CONSTANT_ZERO.length); // 1 byte of 0x00 + kdf.update(zero, (short) 0, (short) 1); // 1 byte of 0x00 kdf.update(context, contextStart, contextLength); // context // 4 bytes of L - signature of 16 bytes - pos = kdf.sign(CMAC_KDF_CONSTANT_L, (short) 0, (short) CMAC_KDF_CONSTANT_L.length, tmpArray, + pos = kdf.sign(L, (short) 0, (short) 4, tmpArray, (short) (iBufLen + pos)); i++; } @@ -767,15 +564,6 @@ public short hmacSign(HMACKey key, byte[] data, short dataStart, return hmacSignature.sign(data, dataStart, dataLength, mac, macStart); } - @Override - public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart, - short dataLength, byte[] mac, short macStart, short macLength) { - KMHmacKey hmacKey = (KMHmacKey) key; - hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY); - return hmacSignature.verify(data, dataStart, dataLength, mac, macStart, - macLength); - } - @Override public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] data, short dataStart, short dataLength, byte[] mac, short macStart) { @@ -787,17 +575,26 @@ public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart, short dataLength, byte[] signature, short signatureStart) { try { - AESKey aesKey = ((KMAESKey) masterkey).getKey(); - aesKey.getKey(tmpArray, (short) 0); - HMACKey key = createHMACKey(tmpArray, (short) 0, - (short) (aesKey.getSize() / 8)); - return hmacSign(key, data, dataStart, dataLength, signature, - signatureStart); + KMAESKey aesKey = (KMAESKey) masterkey; + short keyLen = (short) (aesKey.getKeySizeBits() / 8); + byte[] keyData = new byte[keyLen]; + aesKey.getKey(keyData, (short) 0); + return hmacSign(keyData, (short) 0, keyLen, data, dataStart, dataLength, + signature, signatureStart); } finally { clean(); } } + @Override + public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart, + short dataLength, byte[] mac, short macStart, short macLength) { + KMHmacKey hmacKey = (KMHmacKey) key; + hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY); + return hmacSignature.verify(data, dataStart, dataLength, mac, macStart, + macLength); + } + @Override public short rsaDecipherOAEP256(byte[] secret, short secretStart, short secretLength, byte[] modBuffer, short modOff, short modLength, @@ -811,38 +608,6 @@ public short rsaDecipherOAEP256(byte[] secret, short secretStart, outputDataBuf, (short) outputDataStart); } - public short ecSign256(KMAttestationKey attestationKey, - byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart) { - Signature.OneShot signer = null; - try { - - signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256, - Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL); - signer.init(((KMECPrivateKey) attestationKey).getPrivateKey(), Signature.MODE_SIGN); - return signer.sign(inputDataBuf, inputDataStart, inputDataLength, - outputDataBuf, outputDataStart); - } finally { - if (signer != null) { - signer.close(); - } - } - } - - private byte mapPurpose(short purpose) { - switch (purpose) { - case KMType.ENCRYPT: - return Cipher.MODE_ENCRYPT; - case KMType.DECRYPT: - return Cipher.MODE_DECRYPT; - case KMType.SIGN: - return Signature.MODE_SIGN; - case KMType.VERIFY: - return Signature.MODE_VERIFY; - } - return -1; - } - private byte mapSignature256Alg(byte alg, byte padding, byte digest) { switch (alg) { case KMType.RSA: @@ -901,8 +666,10 @@ private byte mapCipherAlg(byte alg, byte padding, byte blockmode, byte digest) { case KMType.RSA_PKCS1_1_5_ENCRYPT: return Cipher.ALG_RSA_PKCS1; case KMType.RSA_OAEP: { - if (digest == KMType.SHA2_256) { + if (digest == KMType.SHA1) { /* MGF Digest is SHA1 */ return KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1; + } else if (digest == KMType.SHA2_256) { /* MGF Digest is SHA256 */ + return KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA256; } else { KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); } @@ -913,11 +680,10 @@ private byte mapCipherAlg(byte alg, byte padding, byte blockmode, byte digest) { return -1; } - public Cipher createSymmetricCipher(short alg, short purpose, + public KMOperation createSymmetricCipher(short alg, short purpose, short macLength, short blockMode, short padding, byte[] secret, short secretStart, short secretLength, byte[] ivBuffer, short ivStart, short ivLength) { Key key = null; - Cipher symmCipher = null; switch (secretLength) { case 32: key = aesKeys[KEYSIZE_256_OFFSET]; @@ -936,46 +702,37 @@ public Cipher createSymmetricCipher(short alg, short purpose, break; } short cipherAlg = mapCipherAlg((byte) alg, (byte) padding, (byte) blockMode, (byte) 0); - symmCipher = getCipherInstanceFromPool((byte) cipherAlg); - switch (cipherAlg) { - case Cipher.ALG_AES_BLOCK_128_CBC_NOPAD: - case Cipher.ALG_AES_CTR: - symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, ivLength); - break; - case Cipher.ALG_AES_BLOCK_128_ECB_NOPAD: - case Cipher.ALG_DES_ECB_NOPAD: - symmCipher.init(key, mapPurpose(purpose)); - break; - case Cipher.ALG_DES_CBC_NOPAD: - // Consume only 8 bytes of iv. the random number for iv is of 16 bytes. - // While sending back the iv, send only 8 bytes. - symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, (short) 8); - break; - case AEADCipher.ALG_AES_GCM: - ((AEADCipher) symmCipher).init(key, mapPurpose(purpose), ivBuffer, - ivStart, ivLength); - break; - default:// This should never happen - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; - } - return symmCipher; + KMOperation operation = + poolMgr.getOperationImpl(purpose, cipherAlg, alg, padding, blockMode, macLength, false); + ((KMOperationImpl) operation).init(key, KMType.INVALID_VALUE, ivBuffer, ivStart, ivLength); + return operation; } - private Signature createHmacSignerVerifier(short purpose, short digest, + public KMOperation createHmacSignerVerifier(short purpose, short digest, byte[] secret, short secretStart, short secretLength) { + if (digest != KMType.SHA2_256) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + KMOperation operation = + poolMgr.getOperationImpl(purpose, Signature.ALG_HMAC_SHA_256, + KMType.HMAC, KMType.INVALID_VALUE, KMType.INVALID_VALUE, KMType.INVALID_VALUE, false); HMACKey key = createHMACKey(secret, secretStart, secretLength); - return createHmacSignerVerifier(purpose, digest, key); + ((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0); + return operation; } - - private Signature createHmacSignerVerifier(short purpose, short digest, HMACKey key) { - byte alg = Signature.ALG_HMAC_SHA_256; + + private KMOperation createHmacSignerVerifier(short purpose, short digest, HMACKey key, + boolean isTrustedConf) { if (digest != KMType.SHA2_256) { CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); } - Signature hmacSignerVerifier = getSignatureInstanceFromPool(alg); - hmacSignerVerifier.init(key, (byte) mapPurpose(purpose)); - return hmacSignerVerifier; + KMOperation operation = + poolMgr.getOperationImpl(purpose, Signature.ALG_HMAC_SHA_256, + KMType.HMAC, KMType.INVALID_VALUE, KMType.INVALID_VALUE, KMType.INVALID_VALUE, + isTrustedConf); + + ((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0); + return operation; } @Override @@ -983,28 +740,17 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, byte padding, byte blockMode, byte[] keyBuf, short keyStart, short keyLength, byte[] ivBuf, short ivStart, short ivLength, short macLength) { - KMOperationImpl opr = null; + KMOperation opr = null; switch (alg) { case KMType.AES: case KMType.DES: - Cipher cipher = createSymmetricCipher(alg, purpose, blockMode, padding, - keyBuf, keyStart, keyLength, ivBuf, ivStart, ivLength); - opr = getOperationInstanceFromPool(); // Convert macLength to bytes macLength = (short) (macLength / 8); - opr.setCipher(cipher); - opr.setCipherAlgorithm(alg); - opr.setBlockMode(blockMode); - opr.setPaddingAlgorithm(padding); - opr.setMode(purpose); - opr.setMacLength(macLength); + opr = createSymmetricCipher(alg, purpose, macLength, blockMode, padding, keyBuf, keyStart, + keyLength, ivBuf, ivStart, ivLength); break; case KMType.HMAC: - Signature signerVerifier = createHmacSignerVerifier(purpose, digest, - keyBuf, keyStart, keyLength); - opr = getOperationInstanceFromPool(); - opr.setMode(purpose); - opr.setSignature(signerVerifier); + opr = createHmacSignerVerifier(purpose, digest, keyBuf, keyStart, keyLength); break; default: CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); @@ -1015,82 +761,74 @@ public KMOperation initSymmetricOperation(byte purpose, byte alg, @Override public KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey) { - KMOperationImpl opr = null; KMHmacKey key = (KMHmacKey) computedHmacKey; - Signature signerVerifier = createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey()); - opr = getHmacSignOperationInstanceFromPool(); - opr.setMode(KMType.VERIFY); - opr.setSignature(signerVerifier); - return opr; + return createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey(), true); } - public Signature createRsaSigner(short digest, short padding, byte[] secret, + public KMOperation createRsaSigner(short digest, short padding, byte[] secret, short secretStart, short secretLength, byte[] modBuffer, short modOff, short modLength) { byte alg = mapSignature256Alg(KMType.RSA, (byte) padding, (byte) digest); - byte opMode; - if (padding == KMType.PADDING_NONE - || (padding == KMType.RSA_PKCS1_1_5_SIGN && digest == KMType.DIGEST_NONE)) { - opMode = Cipher.MODE_DECRYPT; - } else { - opMode = Signature.MODE_SIGN; - } - Signature rsaSigner = getSignatureInstanceFromPool(alg); + KMOperation operation = poolMgr.getOperationImpl(KMType.SIGN, alg, KMType.RSA, padding, + KMType.INVALID_VALUE, KMType.INVALID_VALUE, false); RSAPrivateKey key = (RSAPrivateKey) rsaKeyPair.getPrivate(); key.setExponent(secret, secretStart, secretLength); key.setModulus(modBuffer, modOff, modLength); - rsaSigner.init(key, opMode); - return rsaSigner; + ((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0); + return operation; } - public Cipher createRsaDecipher(short padding, short digest, byte[] secret, + public KMOperation createRsaDecipher(short padding, short mgfDigest, byte[] secret, short secretStart, short secretLength, byte[] modBuffer, short modOff, short modLength) { - byte cipherAlg = mapCipherAlg(KMType.RSA, (byte) padding, (byte) 0, (byte) digest); - Cipher rsaCipher = getCipherInstanceFromPool(cipherAlg); + byte cipherAlg = mapCipherAlg(KMType.RSA, (byte) padding, (byte) 0, (byte) mgfDigest); + KMOperation operation = poolMgr.getOperationImpl(KMType.DECRYPT, cipherAlg, KMType.RSA, padding, + KMType.INVALID_VALUE, KMType.INVALID_VALUE, false); RSAPrivateKey key = (RSAPrivateKey) rsaKeyPair.getPrivate(); key.setExponent(secret, secretStart, secretLength); key.setModulus(modBuffer, modOff, modLength); - rsaCipher.init(key, Cipher.MODE_DECRYPT); - return rsaCipher; + ((KMOperationImpl) operation).init(key, KMType.INVALID_VALUE, null, (short) 0, (short) 0); + return operation; } - public Signature createEcSigner(short digest, byte[] secret, + public KMOperation createEcSigner(short digest, byte[] secret, short secretStart, short secretLength) { byte alg = mapSignature256Alg(KMType.EC, (byte) 0, (byte) digest); - Signature ecSigner = null; ECPrivateKey key = (ECPrivateKey) ecKeyPair.getPrivate(); key.setS(secret, secretStart, secretLength); - ecSigner = getSignatureInstanceFromPool(alg); - ecSigner.init(key, Signature.MODE_SIGN); - return ecSigner; + KMOperation operation = poolMgr + .getOperationImpl(KMType.SIGN, alg, KMType.EC, KMType.INVALID_VALUE, + KMType.INVALID_VALUE, KMType.INVALID_VALUE, false); + ((KMOperationImpl) operation).init(key, digest, null, (short) 0, (short) 0); + return operation; + } + + public KMOperation createKeyAgreement(byte[] secret, short secretStart, + short secretLength) { + ECPrivateKey key = (ECPrivateKey) ecKeyPair.getPrivate(); + key.setS(secret, secretStart, secretLength); + KMOperation operation = poolMgr + .getOperationImpl(KMType.AGREE_KEY, KeyAgreement.ALG_EC_SVDP_DH_PLAIN, + KMType.EC, KMType.INVALID_VALUE, KMType.INVALID_VALUE, KMType.INVALID_VALUE, false); + ((KMOperationImpl) operation).init(key, KMType.INVALID_VALUE, null, (short) 0, (short) 0); + return operation; } @Override public KMOperation initAsymmetricOperation(byte purpose, byte alg, - byte padding, byte digest, byte[] privKeyBuf, short privKeyStart, + byte padding, byte digest, byte mgfDigest, byte[] privKeyBuf, short privKeyStart, short privKeyLength, byte[] pubModBuf, short pubModStart, short pubModLength) { - KMOperationImpl opr = null; + KMOperation opr = null; if (alg == KMType.RSA) { switch (purpose) { case KMType.SIGN: - Signature signer = createRsaSigner(digest, padding, privKeyBuf, + opr = createRsaSigner(digest, padding, privKeyBuf, privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); - opr = getOperationInstanceFromPool(); - opr.setSignature(signer); - opr.setCipherAlgorithm(alg); - opr.setPaddingAlgorithm(padding); - opr.setMode(purpose); break; case KMType.DECRYPT: - Cipher decipher = createRsaDecipher(padding, digest, privKeyBuf, + opr = createRsaDecipher(padding, mgfDigest, privKeyBuf, privKeyStart, privKeyLength, pubModBuf, pubModStart, pubModLength); - opr = getOperationInstanceFromPool(); - opr.setCipher(decipher); - opr.setCipherAlgorithm(alg); - opr.setPaddingAlgorithm(padding); - opr.setMode(purpose); break; default: KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); @@ -1099,11 +837,11 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, } else if (alg == KMType.EC) { switch (purpose) { case KMType.SIGN: - Signature signer = createEcSigner(digest, privKeyBuf, privKeyStart, - privKeyLength); - opr = getOperationInstanceFromPool(); - opr.setMode(purpose); - opr.setSignature(signer); + opr = createEcSigner(digest, privKeyBuf, privKeyStart, privKeyLength); + break; + + case KMType.AGREE_KEY: + opr = createKeyAgreement(privKeyBuf, privKeyStart, privKeyLength); break; default: KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); @@ -1116,16 +854,6 @@ public KMOperation initAsymmetricOperation(byte purpose, byte alg, } - @Override - public KMAttestationCert getAttestationCert(boolean rsaCert) { - return KMAttestationCertImpl.instance(rsaCert); - } - - @Override - public KMPKCS8Decoder getPKCS8DecoderInstance() { - return KMPKCS8DecoderImpl.instance(); - } - @Override public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label, short labelStart, short labelLen, byte[] context, short contextStart, @@ -1134,248 +862,273 @@ public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label, contextStart, contextLength); return key.getKey(keyBuf, keyStart); } - - private short getProvisionDataBufferOffset(byte dataType) { - switch(dataType) { - case CERTIFICATE_CHAIN: - return CERT_CHAIN_OFFSET; - case CERTIFICATE_ISSUER: - return CERT_ISSUER_OFFSET; - case CERTIFICATE_EXPIRY: - return CERT_EXPIRY_OFFSET; - default: - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - return 0; - } - - private void persistProvisionData(byte[] buf, short off, short len, short maxSize, short copyToOff) { - if (len > maxSize) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - JCSystem.beginTransaction(); - Util.arrayCopyNonAtomic(buf, off, provisionData, Util.setShort(provisionData, copyToOff, len), len); - JCSystem.commitTransaction(); - } - - private void persistCertificateChain(byte[] certChain, short certChainOff, short certChainLen) { - persistProvisionData(certChain, certChainOff, certChainLen, - KMConfigurations.CERT_CHAIN_MAX_SIZE, CERT_CHAIN_OFFSET); - } - - private void persistCertficateIssuer(byte[] certIssuer, short certIssuerOff, short certIssuerLen) { - persistProvisionData(certIssuer, certIssuerOff, certIssuerLen, - KMConfigurations.CERT_ISSUER_MAX_SIZE, CERT_ISSUER_OFFSET); - } - - private void persistCertificateExpiryTime(byte[] certExpiry, short certExpiryOff, short certExpiryLen) { - persistProvisionData(certExpiry, certExpiryOff, certExpiryLen, - KMConfigurations.CERT_EXPIRY_MAX_SIZE, CERT_EXPIRY_OFFSET); - } @Override - public void persistProvisionData(byte[] buffer, short certChainOff, short certChainLen, - short certIssuerOff, short certIssuerLen, short certExpiryOff ,short certExpiryLen) { - // All the buffers uses first two bytes for length. The certificate chain - // is stored as shown below. - // _____________________________________________________ - // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 | Cert2 |... - // |_________|________|_________|_______|________|_______ - // First two bytes holds the length of the total buffer. - // CBOR format: - // Next single byte holds the byte string header. - // Next 3 bytes holds the total length of the certificate chain. - // clear buffer. - JCSystem.beginTransaction(); - Util.arrayFillNonAtomic(provisionData, (short) 0, (short) provisionData.length, (byte) 0); - JCSystem.commitTransaction(); - // Persist data. - persistCertificateChain(buffer, certChainOff, certChainLen); - persistCertficateIssuer(buffer, certIssuerOff, certIssuerLen); - persistCertificateExpiryTime(buffer, certExpiryOff, certExpiryLen); + public boolean isUpgrading() { + return UpgradeManager.isUpgrading(); } @Override - public short readProvisionedData(byte dataType, byte[] buf, short offset) { - short provisionBufOffset = getProvisionDataBufferOffset(dataType); - short len = Util.getShort(provisionData, provisionBufOffset); - Util.arrayCopyNonAtomic(provisionData, (short) (2 + provisionBufOffset), buf, offset, len); - return len; + public KMMasterKey createMasterKey(KMMasterKey masterKey, byte[] keyData, short offset, + short length) { + if (masterKey == null) { + short keySizeBits = (short) (length * 8); + AESKey key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, keySizeBits, false); + masterKey = new KMAESKey(key); + } + ((KMAESKey) masterKey).setKey(keyData, offset); + return (KMMasterKey) masterKey; } @Override - public short getProvisionedDataLength(byte dataType) { - short provisionBufOffset = getProvisionDataBufferOffset(dataType); - return Util.getShort(provisionData, provisionBufOffset); + public KMPreSharedKey createPreSharedKey(KMPreSharedKey presharedKey, byte[] keyData, + short offset, short length) { + if (presharedKey == null) { + short lengthInBits = (short) (length * 8); + HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, lengthInBits, false); + presharedKey = new KMHmacKey(key); + } + ((KMHmacKey) presharedKey).setKey(keyData, offset, length); + return (KMPreSharedKey) presharedKey; } @Override - public boolean isBootSignalEventSupported() { - return false; + public KMAttestationKey createAttestationKey(KMAttestationKey attestationKey, byte[] keyData, + short offset, + short length) { + if (attestationKey == null) { + // Strongbox supports only P-256 curve for EC key. + KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); + initECKey(ecKeyPair); + attestationKey = new KMECPrivateKey(ecKeyPair); + } + ((KMECPrivateKey) attestationKey).setS(keyData, offset, length); + return (KMAttestationKey) attestationKey; } @Override - public boolean isDeviceRebooted() { - return false; + public KMComputedHmacKey createComputedHmacKey(KMComputedHmacKey computedHmacKey, byte[] keyData, + short offset, short length) { + if (computedHmacKey == null) { + HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) (length * 8), + false); + computedHmacKey = new KMHmacKey(key); + } + ((KMHmacKey) computedHmacKey).setKey(keyData, offset, length); + return (KMComputedHmacKey) computedHmacKey; } @Override - public void clearDeviceBooted(boolean resetBootFlag) { - // To be filled - } + public short ecSign256(byte[] secret, short secretStart, short secretLength, + byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] outputDataBuf, short outputDataStart) { - @Override - public void onSave(Element element) { - element.write(provisionData); - KMAESKey.onSave(element, masterKey); - KMECPrivateKey.onSave(element, attestationKey); - KMHmacKey.onSave(element, preSharedKey); - KMHmacKey.onSave(element, computedHmacKey); - } + ECPrivateKey key = (ECPrivateKey) ecKeyPair.getPrivate(); + key.setS(secret, secretStart, secretLength); - @Override - public void onRestore(Element element, short oldVersion, short currentVersion) { - provisionData = (byte[]) element.readObject(); - masterKey = KMAESKey.onRestore(element); - attestationKey = KMECPrivateKey.onRestore(element); - preSharedKey = KMHmacKey.onRestore(element); - if (oldVersion == 0) { - // Previous versions does not contain version information. - handleDataUpgradeToVersion2_0(); - } else { - computedHmacKey = KMHmacKey.onRestore(element); + Signature.OneShot signer = null; + try { + signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256, + Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL); + signer.init(key, Signature.MODE_SIGN); + return signer.sign(inputDataBuf, inputDataStart, inputDataLength, + outputDataBuf, outputDataStart); + } finally { + if (signer != null) { + signer.close(); + } } } @Override - public short getBackupPrimitiveByteCount() { - short count = - (short) (KMAESKey.getBackupPrimitiveByteCount() + - KMECPrivateKey.getBackupPrimitiveByteCount() + - KMHmacKey.getBackupPrimitiveByteCount() + - KMHmacKey.getBackupPrimitiveByteCount()); - return count; - } + public short ecSign256(KMAttestationKey ecPrivKey, byte[] inputDataBuf, short inputDataStart, + short inputDataLength, + byte[] outputDataBuf, short outputDataStart) { + Signature.OneShot signer = null; + try { - @Override - public short getBackupObjectCount() { - short count = - (short) (1 + /* provisionData buffer */ - KMAESKey.getBackupObjectCount() + - KMECPrivateKey.getBackupObjectCount() + - KMHmacKey.getBackupObjectCount() + - KMHmacKey.getBackupObjectCount()); - return count; + signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256, + Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL); + signer.init(((KMECPrivateKey) ecPrivKey).getPrivateKey(), Signature.MODE_SIGN); + return signer.sign(inputDataBuf, inputDataStart, inputDataLength, + outputDataBuf, outputDataStart); + } finally { + if (signer != null) { + signer.close(); + } + } } @Override - public boolean isUpgrading() { - return UpgradeManager.isUpgrading(); - } + public short rsaSign256Pkcs1(byte[] secret, short secretStart, short secretLength, byte[] modBuf, + short modStart, + short modLength, byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] outputDataBuf, + short outputDataStart) { - @Override - public KMMasterKey createMasterKey(short keySizeBits) { + Signature.OneShot signer = null; try { - if (masterKey == null) { - AESKey key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, - keySizeBits, false); - masterKey = new KMAESKey(key); - short keyLen = (short) (keySizeBits / 8); - getTrueRandomNumber(tmpArray, (short) 0, keyLen); - masterKey.setKey(tmpArray, (short) 0); - } - return (KMMasterKey) masterKey; + + signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256, + Signature.SIG_CIPHER_RSA, Cipher.PAD_PKCS1); + + RSAPrivateKey key = (RSAPrivateKey) rsaKeyPair.getPrivate(); + ; + key.setExponent(secret, secretStart, secretLength); + key.setModulus(modBuf, modStart, modLength); + + signer.init(key, Signature.MODE_SIGN); + return signer.sign(inputDataBuf, inputDataStart, inputDataLength, + outputDataBuf, outputDataStart); } finally { - clean(); + if (signer != null) { + signer.close(); + } } + } @Override - public KMAttestationKey createAttestationKey(byte[] keyData, short offset, - short length) { - if (attestationKey == null) { - // Strongbox supports only P-256 curve for EC key. - KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); - initECKey(ecKeyPair); - attestationKey = new KMECPrivateKey(ecKeyPair); - } - attestationKey.setS(keyData, offset, length); - return (KMAttestationKey) attestationKey; + public boolean isAttestationKeyProvisioned() { + return false; } - + @Override - public KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length) { - if (length != COMPUTED_HMAC_KEY_SIZE) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - if (computedHmacKey == null) { - HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) (length * 8), - false); - computedHmacKey = new KMHmacKey(key); - } - computedHmacKey.setKey(keyData, offset, length); - return (KMComputedHmacKey) computedHmacKey; - } + public short getAttestationKeyAlgorithm() { + return KMType.INVALID_VALUE; + } @Override - public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length) { - short lengthInBits = (short) (length * 8); - if ((lengthInBits % 8 != 0) || !(lengthInBits >= 64 && lengthInBits <= 512)) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - if (preSharedKey == null) { - HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, lengthInBits, - false); - preSharedKey = new KMHmacKey(key); + public boolean isPowerReset(boolean isForStatusUpdate) { + boolean flag = false; + if (isForStatusUpdate == false) { + if (resetFlag[0] == POWER_RESET_TRUE) { + resetFlag[0] = POWER_RESET_FALSE; + flag = true; + if (poolMgr != null) { + poolMgr.powerReset(); + } + } + } else { + if (resetFlag[1] == POWER_RESET_TRUE) { + resetFlag[1] = POWER_RESET_FALSE; + flag = true; + } } - preSharedKey.setKey(keyData, offset, length); - return (KMPreSharedKey) preSharedKey; + return flag; } @Override - public KMMasterKey getMasterKey() { - return (KMMasterKey) masterKey; + public short hkdf(byte[] ikm, short ikmOff, short ikmLen, byte[] salt, + short saltOff, short saltLen, byte[] info, short infoOff, short infoLen, + byte[] out, short outOff, short outLen) { + // HMAC_extract + hkdfExtract(ikm, ikmOff, ikmLen, salt, saltOff, saltLen, tmpArray, (short) 0); + //HMAC_expand + return hkdfExpand(tmpArray, (short) 0, (short) 32, info, infoOff, infoLen, out, outOff, outLen); + } + + private short hkdfExtract(byte[] ikm, short ikmOff, short ikmLen, byte[] salt, short saltOff, + short saltLen, + byte[] out, short off) { + // https://tools.ietf.org/html/rfc5869#section-2.2 + HMACKey hmacKey = createHMACKey(salt, saltOff, saltLen); + hmacSignature.init(hmacKey, Signature.MODE_SIGN); + return hmacSignature.sign(ikm, ikmOff, ikmLen, out, off); + } + + private short hkdfExpand(byte[] prk, short prkOff, short prkLen, byte[] info, short infoOff, + short infoLen, + byte[] out, short outOff, short outLen) { + // https://tools.ietf.org/html/rfc5869#section-2.3 + short digestLen = (short) 32; // SHA256 digest length. + // Calculate no of iterations N. + short n = (short) ((short) (outLen + digestLen - 1) / digestLen); + if (n > 255) { + CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); + } + HMACKey hmacKey = createHMACKey(prk, prkOff, prkLen); + Util.arrayFill(tmpArray, (short) 0, (short) 32, (byte) 0); + byte[] cnt = {(byte) 0}; + short bytesCopied = 0; + short len = 0; + for (short i = 0; i < n; i++) { + cnt[0]++; + hmacSignature.init(hmacKey, Signature.MODE_SIGN); + if (i != 0) { + hmacSignature.update(tmpArray, (short) 0, (short) 32); + } + hmacSignature.update(info, infoOff, infoLen); + len = hmacSignature.sign(cnt, (short) 0, (short) 1, tmpArray, (short) 0); + if ((short) (bytesCopied + len) > outLen) { + len = (short) (outLen - bytesCopied); + } + Util.arrayCopyNonAtomic(tmpArray, (short) 0, out, (short) (outOff + bytesCopied), len); + bytesCopied += len; + } + return outLen; } @Override - public KMAttestationKey getAttestationKey() { - return (KMAttestationKey) attestationKey; + public short ecdhKeyAgreement(byte[] privKey, short privKeyOff, + short privKeyLen, byte[] publicKey, short publicKeyOff, + short publicKeyLen, byte[] secret, short secretOff) { + keyAgreement.init(createEcKey(privKey, privKeyOff, privKeyLen)); + return keyAgreement.generateSecret(publicKey, publicKeyOff, publicKeyLen, secret, secretOff); } @Override - public KMPreSharedKey getPresharedKey() { - return (KMPreSharedKey) preSharedKey; + public boolean ecVerify256(byte[] pubKey, short pubKeyOffset, short pubKeyLen, + byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] signatureDataBuf, short signatureDataStart, + short signatureDataLen) { + Signature.OneShot signer = null; + try { + signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256, + Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL); + ECPublicKey key = (ECPublicKey) ecKeyPair.getPublic(); + key.setW(pubKey, pubKeyOffset, pubKeyLen); + signer.init(key, Signature.MODE_VERIFY); + return signer.verify(inputDataBuf, inputDataStart, inputDataLength, + signatureDataBuf, signatureDataStart, + (short) (signatureDataBuf[(short) (signatureDataStart + 1)] + 2)); + } finally { + if (signer != null) { + signer.close(); + } + } } @Override - public void releaseAllOperations() { - short index = 0; - while (index < operationPool.length) { - ((KMOperationImpl) operationPool[index]).abort(); - ((KMOperationImpl) hmacSignOperationPool[index]).abort(); - index++; + public short ecSign256(KMDeviceUniqueKey ecPrivKey, byte[] inputDataBuf, + short inputDataStart, short inputDataLength, byte[] outputDataBuf, + short outputDataStart) { + Signature.OneShot signer = null; + try { + signer = Signature.OneShot.open(MessageDigest.ALG_SHA_256, + Signature.SIG_CIPHER_ECDSA, Cipher.PAD_NULL); + signer.init(((KMECDeviceUniqueKey) ecPrivKey).getPrivateKey(), Signature.MODE_SIGN); + return signer.sign(inputDataBuf, inputDataStart, inputDataLength, + outputDataBuf, outputDataStart); + } finally { + if (signer != null) { + signer.close(); + } } } @Override - public KMComputedHmacKey getComputedHmacKey() { - return computedHmacKey; - } - - private void handleDataUpgradeToVersion2_0() { - short totalLen = (short) (6 + KMConfigurations.CERT_CHAIN_MAX_SIZE + - KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE); - byte[] oldBuffer = provisionData; - provisionData = new byte[totalLen]; - persistCertificateChain( - oldBuffer, - (short) 2, - Util.getShort(oldBuffer, (short) 0)); - - // Request object deletion - oldBuffer = null; - JCSystem.requestObjectDeletion(); - + public KMDeviceUniqueKey createDeviceUniqueKey(KMDeviceUniqueKey key, + byte[] pubKey, short pubKeyOff, short pubKeyLen, byte[] privKey, + short privKeyOff, short privKeyLen) { + if (key == null) { + KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); + initECKey(ecKeyPair); + key = new KMECDeviceUniqueKey(ecKeyPair); + } + ((KMECDeviceUniqueKey) key).setS(privKey, privKeyOff, privKeyLen); + ((KMECDeviceUniqueKey) key).setW(pubKey, pubKeyOff, pubKeyLen); + return (KMDeviceUniqueKey) key; } @Override @@ -1394,5 +1147,93 @@ public short messageDigest256(byte[] inBuff, short inOffset, } return len; } - + + @Override + public void onSave(Element element, byte interfaceType, Object object) { + element.write(interfaceType); + if (object == null) { + element.write(null); + return; + } + switch (interfaceType) { + case KMDataStoreConstants.INTERFACE_TYPE_COMPUTED_HMAC_KEY: + KMHmacKey.onSave(element, (KMHmacKey) object); + break; + case KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY: + KMAESKey.onSave(element, (KMAESKey) object); + break; + case KMDataStoreConstants.INTERFACE_TYPE_PRE_SHARED_KEY: + KMHmacKey.onSave(element, (KMHmacKey) object); + break; + case KMDataStoreConstants.INTERFACE_TYPE_ATTESTATION_KEY: + KMECPrivateKey.onSave(element, (KMECPrivateKey) object); + break; + case KMDataStoreConstants.INTERFACE_TYPE_DEVICE_UNIQUE_KEY: + KMECDeviceUniqueKey.onSave(element, (KMECDeviceUniqueKey) object); + break; + default: + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + } + + @Override + public Object onResore(Element element) { + if (element == null) { + return null; + } + byte interfaceType = element.readByte(); + switch (interfaceType) { + case KMDataStoreConstants.INTERFACE_TYPE_COMPUTED_HMAC_KEY: + return KMHmacKey.onRestore((HMACKey) element.readObject()); + case KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY: + return KMAESKey.onRestore((AESKey) element.readObject()); + case KMDataStoreConstants.INTERFACE_TYPE_PRE_SHARED_KEY: + return KMHmacKey.onRestore((HMACKey) element.readObject()); + case KMDataStoreConstants.INTERFACE_TYPE_ATTESTATION_KEY: + return KMECPrivateKey.onRestore((KeyPair) element.readObject()); + case KMDataStoreConstants.INTERFACE_TYPE_DEVICE_UNIQUE_KEY: + return KMECDeviceUniqueKey.onRestore((KeyPair) element.readObject()); + default: + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return null; + } + + @Override + public short getBackupPrimitiveByteCount(byte interfaceType) { + switch (interfaceType) { + case KMDataStoreConstants.INTERFACE_TYPE_COMPUTED_HMAC_KEY: + return KMHmacKey.getBackupPrimitiveByteCount(); + case KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY: + return KMAESKey.getBackupPrimitiveByteCount(); + case KMDataStoreConstants.INTERFACE_TYPE_PRE_SHARED_KEY: + return KMHmacKey.getBackupPrimitiveByteCount(); + case KMDataStoreConstants.INTERFACE_TYPE_ATTESTATION_KEY: + return KMECPrivateKey.getBackupPrimitiveByteCount(); + case KMDataStoreConstants.INTERFACE_TYPE_DEVICE_UNIQUE_KEY: + return KMECDeviceUniqueKey.getBackupPrimitiveByteCount(); + default: + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return 0; + } + + @Override + public short getBackupObjectCount(byte interfaceType) { + switch (interfaceType) { + case KMDataStoreConstants.INTERFACE_TYPE_COMPUTED_HMAC_KEY: + return KMHmacKey.getBackupObjectCount(); + case KMDataStoreConstants.INTERFACE_TYPE_MASTER_KEY: + return KMAESKey.getBackupObjectCount(); + case KMDataStoreConstants.INTERFACE_TYPE_PRE_SHARED_KEY: + return KMHmacKey.getBackupObjectCount(); + case KMDataStoreConstants.INTERFACE_TYPE_ATTESTATION_KEY: + return KMECPrivateKey.getBackupObjectCount(); + case KMDataStoreConstants.INTERFACE_TYPE_DEVICE_UNIQUE_KEY: + return KMECDeviceUniqueKey.getBackupObjectCount(); + default: + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return 0; + } } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMConfigurations.java similarity index 96% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMConfigurations.java index 6e5090a1..7fe11ad9 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMConfigurations.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMConfigurations.java @@ -13,9 +13,10 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; public class KMConfigurations { + // Machine types public static final byte LITTLE_ENDIAN = 0x00; public static final byte BIG_ENDIAN = 0x01; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMECDeviceUniqueKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMECDeviceUniqueKey.java new file mode 100644 index 00000000..d82b80d3 --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMECDeviceUniqueKey.java @@ -0,0 +1,78 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.seprovider; + +import org.globalplatform.upgrade.Element; + +import com.android.javacard.kmdevice.KMDeviceUniqueKey; + +import javacard.security.ECPrivateKey; +import javacard.security.ECPublicKey; +import javacard.security.HMACKey; +import javacard.security.KeyPair; + +public class KMECDeviceUniqueKey implements KMDeviceUniqueKey { + + private KeyPair ecKeyPair; + + @Override + public short getPublicKey(byte[] buf, short offset) { + ECPublicKey publicKey = getPublicKey(); + return publicKey.getW(buf, offset); + } + + public KMECDeviceUniqueKey(KeyPair ecPair) { + ecKeyPair = ecPair; + } + + public void setS(byte[] buffer, short offset, short length) { + ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate(); + ecPriv.setS(buffer, offset, length); + } + + public void setW(byte[] buffer, short offset, short length) { + ECPublicKey ecPublicKey = (ECPublicKey) ecKeyPair.getPublic(); + ecPublicKey.setW(buffer, offset, length); + } + + public ECPrivateKey getPrivateKey() { + return (ECPrivateKey) ecKeyPair.getPrivate(); + } + + public ECPublicKey getPublicKey() { + return (ECPublicKey) ecKeyPair.getPublic(); + } + + public static void onSave(Element element, KMECDeviceUniqueKey kmKey) { + element.write(kmKey.ecKeyPair); + } + + public static KMECDeviceUniqueKey onRestore(KeyPair ecKey) { + if (ecKey == null) { + return null; + } + return new KMECDeviceUniqueKey(ecKey); + } + + public static short getBackupPrimitiveByteCount() { + return (short) 0; + } + + public static short getBackupObjectCount() { + return (short) 1; + } + +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMECPrivateKey.java similarity index 80% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMECPrivateKey.java index 3188ad19..fea64d35 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMECPrivateKey.java @@ -13,13 +13,11 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; import org.globalplatform.upgrade.Element; -import com.android.javacard.keymaster.KMAESKey; -import com.android.javacard.keymaster.KMAttestationCert; -import com.android.javacard.keymaster.KMAttestationKey; +import com.android.javacard.kmdevice.KMAttestationKey; import javacard.security.AESKey; import javacard.security.ECPrivateKey; @@ -51,10 +49,11 @@ public static void onSave(Element element, KMECPrivateKey kmKey) { element.write(kmKey.ecKeyPair); } - public static KMECPrivateKey onRestore(Element element) { - KeyPair ecKey = (KeyPair) element.readObject(); - KMECPrivateKey kmKey = new KMECPrivateKey(ecKey); - return kmKey; + public static KMECPrivateKey onRestore(KeyPair ecKey) { + if (ecKey == null) { + return null; + } + return new KMECPrivateKey(ecKey); } public static short getBackupPrimitiveByteCount() { diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMEcdsa256NoDigestSignature.java similarity index 98% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMEcdsa256NoDigestSignature.java index f90b834f..4707f637 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMEcdsa256NoDigestSignature.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; import javacard.security.CryptoException; import javacard.framework.Util; diff --git a/Applet/src/com/android/javacard/keymaster/KMError.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMError.java similarity index 71% rename from Applet/src/com/android/javacard/keymaster/KMError.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMError.java index e2c74dcb..e9164389 100644 --- a/Applet/src/com/android/javacard/keymaster/KMError.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMError.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; /** * KMError includes all the error codes from android keymaster hal specifications. The values are @@ -59,19 +59,27 @@ public class KMError { public static final short INVALID_NONCE = 52; public static final short MISSING_MAC_LENGTH = 53; public static final short CALLER_NONCE_PROHIBITED = 55; - public static final short KEY_MAX_OPS_EXCEEDED = 56; public static final short INVALID_MAC_LENGTH = 57; public static final short MISSING_MIN_MAC_LENGTH = 58; public static final short UNSUPPORTED_MIN_MAC_LENGTH = 59; public static final short UNSUPPORTED_EC_CURVE = 61; public static final short KEY_REQUIRES_UPGRADE = 62; + public static final short ATTESTATION_CHALLENGE_MISSING = 63; public static final short ATTESTATION_APPLICATION_ID_MISSING = 65; public static final short CANNOT_ATTEST_IDS = 66; - public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; - public static final short NO_USER_CONFIRMATION = 71; + public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; + public static final short DEVICE_LOCKED = 72; public static final short EARLY_BOOT_ENDED = 73; + public static final short ATTESTATION_KEYS_NOT_PROVISIONED = 74; + public static final short INCOMPATIBLE_MGF_DIGEST = 78; + public static final short UNSUPPORTED_MGF_DIGEST = 79; + public static final short MISSING_NOT_BEFORE = 80; + public static final short MISSING_NOT_AFTER = 81; + public static final short MISSING_ISSUER_SUBJECT_NAME = 82; + public static final short INVALID_ISSUER_SUBJECT_NAME = 83; + public static final short UNIMPLEMENTED = 100; public static final short UNKNOWN_ERROR = 1000; @@ -83,6 +91,7 @@ public class KMError { public static final short CMD_NOT_ALLOWED = 10005; public static final short SW_WRONG_LENGTH = 10006; public static final short INVALID_DATA = 10007; + //Crypto errors public static final short CRYPTO_ILLEGAL_USE = 10008; public static final short CRYPTO_ILLEGAL_VALUE = 10009; @@ -92,4 +101,34 @@ public class KMError { //Generic Unknown error. public static final short GENERIC_UNKNOWN_ERROR = 10013; + // Remote key provisioning error codes. + public static final short STATUS_FAILED = 32000; + public static final short STATUS_INVALID_MAC = 32001; + public static final short STATUS_PRODUCTION_KEY_IN_TEST_REQUEST = 32002; + public static final short STATUS_TEST_KEY_IN_PRODUCTION_REQUEST = 32003; + public static final short STATUS_INVALID_EEK = 32004; + public static final short INVALID_STATE = 32005; + + public static short translate(short err) { + switch (err) { + case SW_CONDITIONS_NOT_SATISFIED: + case UNSUPPORTED_CLA: + case INVALID_P1P2: + case INVALID_DATA: + case CRYPTO_ILLEGAL_USE: + case CRYPTO_ILLEGAL_VALUE: + case CRYPTO_INVALID_INIT: + case CRYPTO_UNINITIALIZED_KEY: + case GENERIC_UNKNOWN_ERROR: + case UNKNOWN_ERROR: + return UNKNOWN_ERROR; + case CRYPTO_NO_SUCH_ALGORITHM: + return UNSUPPORTED_ALGORITHM; + case UNSUPPORTED_INSTRUCTION: + case CMD_NOT_ALLOWED: + case SW_WRONG_LENGTH: + return UNIMPLEMENTED; + } + return err; + } } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMHmacKey.java similarity index 83% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMHmacKey.java index 98f623b2..791129e2 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMHmacKey.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMHmacKey.java @@ -13,11 +13,12 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; import org.globalplatform.upgrade.Element; -import com.android.javacard.keymaster.KMPreSharedKey; +import com.android.javacard.kmdevice.KMComputedHmacKey; +import com.android.javacard.kmdevice.KMPreSharedKey; import javacard.security.HMACKey; @@ -36,7 +37,7 @@ public void setKey(byte[] keyData, short kOff, short length) { public byte getKey(byte[] keyData, short kOff) { return hmacKey.getKey(keyData, kOff); } - + public HMACKey getKey() { return hmacKey; } @@ -49,10 +50,11 @@ public static void onSave(Element element, KMHmacKey kmKey) { element.write(kmKey.hmacKey); } - public static KMHmacKey onRestore(Element element) { - HMACKey hmacKey = (HMACKey) element.readObject(); - KMHmacKey kmKey = new KMHmacKey(hmacKey); - return kmKey; + public static KMHmacKey onRestore(HMACKey hmacKey) { + if (hmacKey == null) { + return null; + } + return new KMHmacKey(hmacKey); } public static short getBackupPrimitiveByteCount() { diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMKeymasterProvision.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMKeymasterProvision.java new file mode 100644 index 00000000..77ada381 --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMKeymasterProvision.java @@ -0,0 +1,341 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.seprovider; + +import org.globalplatform.upgrade.Element; + +import com.android.javacard.kmdevice.KMArray; +import com.android.javacard.kmdevice.KMInteger; +import com.android.javacard.kmdevice.KMKeyParameters; +import com.android.javacard.kmdevice.KMKeymasterDevice; +import com.android.javacard.kmdevice.KMRepository; +import com.android.javacard.kmdevice.KMSEProvider; +import com.android.javacard.kmdevice.KMDataStoreConstants; +import com.android.javacard.kmdevice.KMTag; +import com.android.javacard.kmdevice.KMByteBlob; +import com.android.javacard.kmdevice.KMByteTag; +import com.android.javacard.kmdevice.KMDataStore; +import com.android.javacard.kmdevice.KMDecoder; +import com.android.javacard.kmdevice.KMEnum; +import com.android.javacard.kmdevice.KMEnumArrayTag; +import com.android.javacard.kmdevice.KMEnumTag; +import com.android.javacard.kmdevice.KMException; + +import javacard.framework.APDU; +import javacard.framework.Util; + +public class KMKeymasterProvision { + + //Provision reporting status + private static final byte NOT_PROVISIONED = 0x00; + private static final byte PROVISION_STATUS_ATTESTATION_KEY = 0x01; + private static final byte PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02; + private static final byte PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04; + private static final byte PROVISION_STATUS_ATTEST_IDS = 0x08; + private static final byte PROVISION_STATUS_PRESHARED_SECRET = 0x10; + private static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x20; + + private static final short POWER_RESET_MASK_FLAG = (short) 0x4000; + + public static final short SHARED_SECRET_KEY_SIZE = 32; + //protected static byte provisionStatus = NOT_PROVISIONED; + + protected KMKeymasterDevice kmDeviceInst; + protected KMSEProvider seProvider; + protected KMDecoder kmDecoder; + protected KMRepository kmRepositroyInst; + protected KMDataStore kmStoreDataInst; + + public KMKeymasterProvision(KMKeymasterDevice deviceInst, KMSEProvider provider, + KMDecoder decoder, KMRepository repoInst, + KMDataStore storeData) { + kmDeviceInst = deviceInst; + seProvider = provider; + kmDecoder = decoder; + kmRepositroyInst = repoInst; + kmStoreDataInst = storeData; + if (!seProvider.isUpgrading()) { + writeProvisionStatus(NOT_PROVISIONED); + } + } + + protected void writeProvisionStatus(byte provisionStatus) { + short offset = kmRepositroyInst.alloc((short) 1); + byte[] buffer = kmRepositroyInst.getHeap(); + buffer[offset] = 0; + short len = kmStoreDataInst.getData(KMDataStoreConstants.PROVISIONED_STATUS, buffer, offset); + buffer[offset] |= provisionStatus; + kmStoreDataInst.storeData(KMDataStoreConstants.PROVISIONED_STATUS, + buffer, offset, (short) 1); + } + + private byte getProvisionStatus(byte[] buffer, short offset) { + short len = kmStoreDataInst.getData(KMDataStoreConstants.PROVISIONED_STATUS, buffer, offset); + if (len == 0) { + return NOT_PROVISIONED; + } + return buffer[offset]; + } + + public void processProvisionAttestationKey(APDU apdu) { + // Arguments + short keyparams = KMKeyParameters.exp(); + short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT); + short blob = KMByteBlob.exp(); + short argsProto = KMArray.instance((short) 3); + KMArray.add(argsProto, (short) 0, keyparams); + KMArray.add(argsProto, (short) 1, keyFormatPtr); + KMArray.add(argsProto, (short) 2, blob); + + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + + short args = kmDeviceInst.receiveIncoming(apdu, argsProto); + + // key params should have os patch, os version and verified root of trust + short keyParams = KMArray.get(args, (short) 0); + keyFormatPtr = KMArray.get(args, (short) 1); + short rawBlob = KMArray.get(args, (short) 2); + // Key format must be RAW format + short keyFormat = KMEnum.getVal(keyFormatPtr); + if (keyFormat != KMType.RAW) { + KMException.throwIt(KMError.UNIMPLEMENTED); + } + //byte origin = KMType.IMPORTED; + + // get algorithm - only EC keys expected + KMTag.assertPresence(keyParams, KMType.ENUM_TAG, KMType.ALGORITHM, KMError.INVALID_ARGUMENT); + short alg = KMEnumTag.getValue(KMType.ALGORITHM, keyParams); + if (alg != KMType.EC) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + // get digest - only SHA256 supported + KMTag.assertPresence(keyParams, KMType.ENUM_ARRAY_TAG, KMType.DIGEST, KMError.INVALID_ARGUMENT); + short len = KMEnumArrayTag.getValues(KMType.DIGEST, keyParams, scratchPad, (short) 0); + if (len != 1) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + if (scratchPad[0] != KMType.SHA2_256) { + KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + } + // Purpose should be ATTEST_KEY + KMTag.assertPresence(keyParams, KMType.ENUM_ARRAY_TAG, KMType.PURPOSE, + KMError.INVALID_ARGUMENT); + len = KMEnumArrayTag.getValues(KMType.PURPOSE, keyParams, scratchPad, (short) 0); + if (len != 1) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + if (scratchPad[0] != KMType.ATTEST_KEY) { + KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); + } + // validate Curve + KMTag.assertPresence(keyParams, KMType.ENUM_TAG, KMType.ECCURVE, KMError.INVALID_ARGUMENT); + short curve = KMEnumTag.getValue(KMType.ECCURVE, keyParams); + if (curve != KMType.P_256) { + KMException.throwIt(KMError.UNSUPPORTED_EC_CURVE); + } + // Decode EC Key + short arrPtr = kmDeviceInst.decodeRawECKey(rawBlob); + short secret = KMArray.get(arrPtr, (short) 0); + short pubKey = KMArray.get(arrPtr, (short) 1); + // Check whether key can be created + seProvider.importAsymmetricKey( + KMType.EC, + KMByteBlob.getBuffer(secret), + KMByteBlob.getStartOff(secret), + KMByteBlob.length(secret), + KMByteBlob.getBuffer(pubKey), + KMByteBlob.getStartOff(pubKey), + KMByteBlob.length(pubKey)); + + // persist key + kmStoreDataInst.storeData(KMDataStoreConstants.ATTESTATION_KEY, + KMByteBlob.getBuffer(secret), + KMByteBlob.getStartOff(secret), + KMByteBlob.length(secret)); + + writeProvisionStatus(PROVISION_STATUS_ATTESTATION_KEY); + kmDeviceInst.sendError(apdu, KMError.OK); + } + + public void processProvisionAttestationCertDataCmd(APDU apdu) { + // Buffer holds the corresponding offsets and lengths of the certChain, certIssuer and certExpiry + // in the bufferRef[0] buffer. + short var = KMByteBlob.instance((short) 12); + // These variables point to the appropriate positions in the var buffer. + short certChainPos = KMByteBlob.getStartOff(var); + short certIssuerPos = (short) (KMByteBlob.getStartOff(var) + 4); + short certExpiryPos = (short) (KMByteBlob.getStartOff(var) + 8); + short recvLen = apdu.setIncomingAndReceive(); + short bufferLength = apdu.getIncomingLength(); + short bufferStartOffset = kmRepositroyInst.allocReclaimableMemory(bufferLength); + byte[] buffer = kmRepositroyInst.getHeap(); + kmDeviceInst.receiveIncomingCertData(apdu, buffer, bufferLength, + bufferStartOffset, recvLen, KMByteBlob.getBuffer(var), KMByteBlob.getStartOff(var)); + // persist data + kmStoreDataInst.persistCertificateData( + (byte[]) buffer, + Util.getShort(KMByteBlob.getBuffer(var), certChainPos), // offset + Util.getShort(KMByteBlob.getBuffer(var), (short) (certChainPos + 2)), // length + Util.getShort(KMByteBlob.getBuffer(var), certIssuerPos), // offset + Util.getShort(KMByteBlob.getBuffer(var), (short) (certIssuerPos + 2)), // length + Util.getShort(KMByteBlob.getBuffer(var), certExpiryPos), // offset + Util.getShort(KMByteBlob.getBuffer(var), (short) (certExpiryPos + 2))); // length + + // reclaim memory + kmRepositroyInst.reclaimMemory(bufferLength); + writeProvisionStatus((byte) (PROVISION_STATUS_ATTESTATION_CERT_CHAIN | + PROVISION_STATUS_ATTESTATION_CERT_PARAMS)); + kmDeviceInst.sendError(apdu, KMError.OK); + } + + public void processProvisionAttestIdsCmd(APDU apdu) { + short keyparams = KMKeyParameters.exp(); + short cmd = KMArray.instance((short) 1); + KMArray.add(cmd, (short) 0, keyparams); + short args = kmDeviceInst.receiveIncoming(apdu, cmd); + + short attData = KMArray.get(args, (short) 0); + // persist attestation Ids - if any is missing then exception occurs + setAttestationIds(attData); + writeProvisionStatus(PROVISION_STATUS_ATTEST_IDS); + kmDeviceInst.sendError(apdu, KMError.OK); + } + + public void processProvisionPreSharedSecretCmd(APDU apdu) { + short blob = KMByteBlob.exp(); + short argsProto = KMArray.instance((short) 1); + KMArray.add(argsProto, (short) 0, blob); + short args = kmDeviceInst.receiveIncoming(apdu, argsProto); + + short val = KMArray.get(args, (short) 0); + + if (val != KMType.INVALID_VALUE + && KMByteBlob.length(val) != SHARED_SECRET_KEY_SIZE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + // Persist shared Hmac. + kmStoreDataInst.storeData(KMDataStoreConstants.PRE_SHARED_KEY, + KMByteBlob.getBuffer(val), + KMByteBlob.getStartOff(val), + KMByteBlob.length(val)); + writeProvisionStatus(PROVISION_STATUS_PRESHARED_SECRET); + kmDeviceInst.sendError(apdu, KMError.OK); + } + + public void processGetProvisionStatusCmd(APDU apdu) { + short resp = KMArray.instance((short) 2); + KMArray.add(resp, (short) 0, kmDeviceInst.buildErrorStatus(KMError.OK)); + KMArray.add(resp, (short) 1, + KMInteger.uint_16(getProvisionStatus(apdu.getBuffer(), (short) 0))); + kmDeviceInst.sendOutgoing(apdu, resp); + } + + public void processLockProvisioningCmd(APDU apdu) { + byte[] buffer = apdu.getBuffer(); + buffer[0] = 0x01; + kmStoreDataInst.storeData(KMDataStoreConstants.PROVISIONED_LOCKED, buffer, (short) 0, + (short) 1); + writeProvisionStatus(PROVISION_STATUS_PROVISIONING_LOCKED); + kmDeviceInst.sendError(apdu, KMError.OK); + } + + public void processProvisionDeviceUniqueKey(APDU apdu) { + kmDeviceInst.sendError(apdu, KMError.CMD_NOT_ALLOWED); + } + + public void processProvisionAdditionalCertChain(APDU apdu) { + kmDeviceInst.sendError(apdu, KMError.CMD_NOT_ALLOWED); + } + + public short mapAttestIdToStoreId(short tag) { + switch (tag) { + // Attestation Id Brand + case KMType.ATTESTATION_ID_BRAND: + return KMDataStoreConstants.ATT_ID_BRAND; + // Attestation Id Device + case KMType.ATTESTATION_ID_DEVICE: + return KMDataStoreConstants.ATT_ID_DEVICE; + // Attestation Id Product + case KMType.ATTESTATION_ID_PRODUCT: + return KMDataStoreConstants.ATT_ID_PRODUCT; + // Attestation Id Serial + case KMType.ATTESTATION_ID_SERIAL: + return KMDataStoreConstants.ATT_ID_SERIAL; + // Attestation Id IMEI + case KMType.ATTESTATION_ID_IMEI: + return KMDataStoreConstants.ATT_ID_IMEI; + // Attestation Id MEID + case KMType.ATTESTATION_ID_MEID: + return KMDataStoreConstants.ATT_ID_MEID; + // Attestation Id Manufacturer + case KMType.ATTESTATION_ID_MANUFACTURER: + return KMDataStoreConstants.ATT_ID_MANUFACTURER; + // Attestation Id Model + case KMType.ATTESTATION_ID_MODEL: + return KMDataStoreConstants.ATT_ID_MODEL; + default: + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + return KMType.INVALID_VALUE; + } + + protected void setAttestationIds(short attIdVals) { + short vals = KMKeyParameters.getVals(attIdVals); + short index = 0; + short length = KMArray.length(vals); + short key; + short type; + short obj; + while (index < length) { + obj = KMArray.get(vals, index); + key = KMTag.getKMTagKey(obj); + type = KMTag.getKMTagType(obj); + + if (KMType.BYTES_TAG != type) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + obj = KMByteTag.getValue(obj); + kmStoreDataInst.storeData((byte) mapAttestIdToStoreId(key), KMByteBlob.getBuffer(obj), + KMByteBlob.getStartOff(obj), KMByteBlob.length(obj)); + index++; + } + } + + //This function masks the error code with POWER_RESET_MASK_FLAG + // in case if card reset event occurred. The clients of the Applet + // has to extract the power reset status from the error code and + // process accordingly. + public short buildErrorStatus(short err) { + short int32Ptr = KMInteger.instance((short) 4); + short powerResetStatus = 0; + if (((KMAndroidSEProvider) seProvider).isPowerReset(true)) { + powerResetStatus = POWER_RESET_MASK_FLAG; + } + + Util.setShort(KMInteger.getBuffer(int32Ptr), + KMInteger.getStartOff(int32Ptr), + powerResetStatus); + + Util.setShort(KMInteger.getBuffer(int32Ptr), + (short) (KMInteger.getStartOff(int32Ptr) + 2), + err); + // reset power reset status flag to its default value. + //repository.restorePowerResetStatus(); //TODO + return int32Ptr; + } + +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMKeymintProvision.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMKeymintProvision.java new file mode 100644 index 00000000..936d2d08 --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMKeymintProvision.java @@ -0,0 +1,141 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.seprovider; + +import com.android.javacard.kmdevice.KMArray; +import com.android.javacard.kmdevice.KMByteBlob; +import com.android.javacard.kmdevice.KMCose; +import com.android.javacard.kmdevice.KMCoseHeaders; +import com.android.javacard.kmdevice.KMCoseKey; +import com.android.javacard.kmdevice.KMDataStore; +import com.android.javacard.kmdevice.KMDataStoreConstants; +import com.android.javacard.kmdevice.KMDecoder; +import com.android.javacard.kmdevice.KMDeviceUniqueKey; +import com.android.javacard.kmdevice.KMException; +import com.android.javacard.kmdevice.KMInteger; +import com.android.javacard.kmdevice.KMKeymasterDevice; +import com.android.javacard.kmdevice.KMKeymintDevice; +import com.android.javacard.kmdevice.KMMap; +import com.android.javacard.kmdevice.KMRepository; +import com.android.javacard.kmdevice.KMRkpDataStore; +import com.android.javacard.kmdevice.KMSEProvider; +import com.android.javacard.kmdevice.KMTextString; +import com.android.javacard.kmdevice.RemotelyProvisionedComponentDevice; + +import javacard.framework.APDU; +import javacard.framework.Util; + +public class KMKeymintProvision extends KMKeymasterProvision { + + private static final byte PROVISION_STATUS_DEVICE_UNIQUE_KEY = 0x40; + private static final byte PROVISION_STATUS_ADDITIONAL_CERT_CHAIN = (byte) 0x80; + private KMRkpDataStore rkpDataStore; + + public KMKeymintProvision(KMKeymasterDevice deviceInst, KMSEProvider provider, + KMDecoder decoder, KMRepository repoInst, KMDataStore storeData, KMRkpDataStore rkpStore) { + super(deviceInst, provider, decoder, repoInst, storeData); + rkpDataStore = rkpStore; + } + + @Override + public void processProvisionAttestationKey(APDU apdu) { + kmDeviceInst.sendError(apdu, KMError.CMD_NOT_ALLOWED); + } + + @Override + public void processProvisionAttestationCertDataCmd(APDU apdu) { + kmDeviceInst.sendError(apdu, KMError.CMD_NOT_ALLOWED); + } + + @Override + public void processProvisionDeviceUniqueKey(APDU apdu) { + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + short arr = KMArray.instance((short) 1); + short coseKeyExp = KMCoseKey.exp(); + KMArray.add(arr, (short) 0, coseKeyExp); //[ CoseKey ] + arr = kmDeviceInst.receiveIncoming(apdu, arr); + // Get cose key. + short coseKey = KMArray.get(arr, (short) 0); + short pubKeyLen = KMCoseKey.cast(coseKey).getEcdsa256PublicKey(scratchPad, (short) 0); + short privKeyLen = KMCoseKey.cast(coseKey).getPrivateKey(scratchPad, pubKeyLen); + //Store the Device unique Key. + rkpDataStore.createDeviceUniqueKey(false, scratchPad, (short) 0, pubKeyLen, scratchPad, + pubKeyLen, privKeyLen); + short bcc = ((KMKeymintDevice) kmDeviceInst).generateBcc(false, scratchPad); + short len = kmDeviceInst.encodeToApduBuffer(bcc, scratchPad, (short) 0, + RemotelyProvisionedComponentDevice.MAX_COSE_BUF_SIZE); + rkpDataStore.storeData(KMDataStoreConstants.BOOT_CERT_CHAIN, scratchPad, (short) 0, len); + writeProvisionStatus(PROVISION_STATUS_DEVICE_UNIQUE_KEY); + kmDeviceInst.sendError(apdu, KMError.OK); + } + + @Override + public void processProvisionAdditionalCertChain(APDU apdu) { + // Prepare the expression to decode + short headers = KMCoseHeaders.exp(); + short arrInst = KMArray.instance((short) 4); + KMArray.add(arrInst, (short) 0, KMByteBlob.exp()); + KMArray.add(arrInst, (short) 1, headers); + KMArray.add(arrInst, (short) 2, KMByteBlob.exp()); + KMArray.add(arrInst, (short) 3, KMByteBlob.exp()); + short coseSignArr = KMArray.exp(arrInst); + short map = KMMap.instance((short) 1); + KMMap.add(map, (short) 0, KMTextString.exp(), coseSignArr); + // receive incoming data and decode it. + byte[] srcBuffer = apdu.getBuffer(); + short recvLen = apdu.setIncomingAndReceive(); + short bufferLength = apdu.getIncomingLength(); + short bufferStartOffset = kmRepositroyInst.allocReclaimableMemory(bufferLength); + byte[] buffer = kmRepositroyInst.getHeap(); + map = kmDeviceInst.receiveIncoming(apdu, map, buffer, bufferLength, bufferStartOffset, recvLen); + arrInst = KMMap.getKeyValue(map, (short) 0); + // Validate Additional certificate chain. + short leafCoseKey = + ((KMKeymintDevice) kmDeviceInst).validateCertChain(false, KMCose.COSE_ALG_ES256, + KMCose.COSE_ALG_ES256, arrInst, + srcBuffer, null); + // Compare the DK_Pub. + short pubKeyLen = KMCoseKey.cast(leafCoseKey).getEcdsa256PublicKey(srcBuffer, (short) 0); + KMDeviceUniqueKey uniqueKey = rkpDataStore.getDeviceUniqueKey(false); + if (uniqueKey == null) { + KMException.throwIt(KMError.STATUS_FAILED); + } + short uniqueKeyLen = uniqueKey.getPublicKey(srcBuffer, pubKeyLen); + if ((pubKeyLen != uniqueKeyLen) || + (0 != Util.arrayCompare(srcBuffer, (short) 0, srcBuffer, pubKeyLen, pubKeyLen))) { + KMException.throwIt(KMError.STATUS_FAILED); + } + rkpDataStore.storeData(KMDataStoreConstants.ADDITIONAL_CERT_CHAIN, buffer, bufferStartOffset, + bufferLength); + //reclaim memory + kmRepositroyInst.reclaimMemory(bufferLength); + writeProvisionStatus(PROVISION_STATUS_ADDITIONAL_CERT_CHAIN); + kmDeviceInst.sendError(apdu, KMError.OK); + } + + @Override + public short buildErrorStatus(short err) { + short int32Ptr = KMInteger.instance((short) 2); + + Util.setShort(KMInteger.getBuffer(int32Ptr), + (short) (KMInteger.getStartOff(int32Ptr)), + err); + + return int32Ptr; + } + +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMOperationImpl.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMOperationImpl.java new file mode 100644 index 00000000..ec7d0ad1 --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMOperationImpl.java @@ -0,0 +1,380 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.seprovider; + +import com.android.javacard.kmdevice.KMException; +import com.android.javacard.kmdevice.KMOperation; +import com.android.javacard.seprovider.KMError; +import com.android.javacard.seprovider.KMType; +import javacard.framework.JCSystem; +import javacard.framework.Util; +import javacard.security.KeyAgreement; +import javacard.security.PrivateKey; +import javacard.security.Signature; +import javacardx.crypto.AEADCipher; +import javacardx.crypto.Cipher; +import javacard.security.CryptoException; +import javacard.security.Key; + +public class KMOperationImpl implements KMOperation { + + private static final short ALG_TYPE_OFFSET = 0x00; + private static final short PADDING_OFFSET = 0x01; + private static final short PURPOSE_OFFSET = 0x02; + private static final short BLOCK_MODE_OFFSET = 0x03; + private static final short MAC_LENGTH_OFFSET = 0x04; + private final byte[] EMPTY = {}; + //This will hold the length of the buffer stored inside the + //Java Card after the GCM update operation. + private static final short AES_GCM_UPDATE_LEN_OFFSET = 0x05; + private static final short PARAMETERS_LENGTH = 6; + private short[] parameters; + // Either one of Cipher/Signature instance is stored. + private Object[] operationInst; + + public KMOperationImpl() { + parameters = JCSystem.makeTransientShortArray(PARAMETERS_LENGTH, JCSystem.CLEAR_ON_RESET); + operationInst = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET); + reset(); + } + + public short getPurpose() { + return parameters[PURPOSE_OFFSET]; + } + + public void setPurpose(short mode) { + parameters[PURPOSE_OFFSET] = mode; + } + + public short getMacLength() { + return parameters[MAC_LENGTH_OFFSET]; + } + + public void setMacLength(short macLength) { + parameters[MAC_LENGTH_OFFSET] = macLength; + } + + public short getPaddingAlgorithm() { + return parameters[PADDING_OFFSET]; + } + + public void setPaddingAlgorithm(short alg) { + parameters[PADDING_OFFSET] = alg; + } + + public void setBlockMode(short mode) { + parameters[BLOCK_MODE_OFFSET] = mode; + } + + public short getBlockMode() { + return parameters[BLOCK_MODE_OFFSET]; + } + + public short getAlgorithmType() { + return parameters[ALG_TYPE_OFFSET]; + } + + public void setAlgorithmType(short cipherAlg) { + parameters[ALG_TYPE_OFFSET] = cipherAlg; + } + + public void setCipher(Cipher cipher) { + operationInst[0] = cipher; + } + + public void setSignature(Signature signer) { + operationInst[0] = signer; + } + + public void setKeyAgreement(KeyAgreement keyAgreement) { + operationInst[0] = keyAgreement; + } + + public boolean isResourceMatches(Object object) { + return operationInst[0] == object; + } + + private void reset() { + operationInst[0] = null; + parameters[MAC_LENGTH_OFFSET] = KMType.INVALID_VALUE; + parameters[AES_GCM_UPDATE_LEN_OFFSET] = 0; + parameters[BLOCK_MODE_OFFSET] = KMType.INVALID_VALUE; + parameters[PURPOSE_OFFSET] = KMType.INVALID_VALUE; + parameters[ALG_TYPE_OFFSET] = KMType.INVALID_VALUE; + parameters[PADDING_OFFSET] = KMType.INVALID_VALUE; + } + + private byte mapPurpose(short purpose) { + switch (purpose) { + case KMType.ENCRYPT: + return Cipher.MODE_ENCRYPT; + case KMType.DECRYPT: + return Cipher.MODE_DECRYPT; + case KMType.SIGN: + return Signature.MODE_SIGN; + case KMType.VERIFY: + return Signature.MODE_VERIFY; + } + return -1; + } + + private void initSymmetricCipher(Key key, byte[] ivBuffer, short ivStart, short ivLength) { + Cipher symmCipher = (Cipher) operationInst[0]; + byte cipherAlg = symmCipher.getAlgorithm(); + switch (cipherAlg) { + case Cipher.ALG_AES_BLOCK_128_CBC_NOPAD: + case Cipher.ALG_AES_CTR: + symmCipher.init(key, mapPurpose(getPurpose()), ivBuffer, ivStart, ivLength); + break; + case Cipher.ALG_AES_BLOCK_128_ECB_NOPAD: + case Cipher.ALG_DES_ECB_NOPAD: + symmCipher.init(key, mapPurpose(getPurpose())); + break; + case Cipher.ALG_DES_CBC_NOPAD: + // Consume only 8 bytes of iv. the random number for iv is of 16 bytes. + // While sending back the iv, send only 8 bytes. + symmCipher.init(key, mapPurpose(getPurpose()), ivBuffer, ivStart, (short) 8); + break; + case AEADCipher.ALG_AES_GCM: + ((AEADCipher) symmCipher).init(key, mapPurpose(getPurpose()), ivBuffer, + ivStart, ivLength); + break; + default:// This should never happen + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; + } + } + + private void initRsa(Key key, short digest) { + if (KMType.SIGN == getPurpose()) { + byte mode; + if (getPaddingAlgorithm() == KMType.PADDING_NONE || + (getPaddingAlgorithm() == KMType.RSA_PKCS1_1_5_SIGN && + digest == KMType.DIGEST_NONE)) { + mode = Cipher.MODE_DECRYPT; + } else { + mode = Signature.MODE_SIGN; + } + ((Signature) operationInst[0]).init((PrivateKey) key, mode); + } else { // RSA Cipher + ((Cipher) operationInst[0]).init((PrivateKey) key, mapPurpose(getPurpose())); + } + } + + private void initEc(Key key) { + if (KMType.AGREE_KEY == getPurpose()) { + ((KeyAgreement) operationInst[0]).init((PrivateKey) key); + } else { + ((Signature) operationInst[0]).init((PrivateKey) key, mapPurpose(getPurpose())); + } + } + + public void init(Key key, short digest, byte[] buf, short start, short length) { + switch (getAlgorithmType()) { + case KMType.AES: + case KMType.DES: + initSymmetricCipher(key, buf, start, length); + break; + case KMType.HMAC: + ((Signature) operationInst[0]).init(key, mapPurpose(getPurpose())); + break; + case KMType.RSA: + initRsa(key, digest); + break; + case KMType.EC: + initEc(key); + break; + default:// This should never happen + CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); + break; + } + } + + @Override + public short update(byte[] inputDataBuf, short inputDataStart, + short inputDataLength, byte[] outputDataBuf, short outputDataStart) { + short len = ((Cipher) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength, + outputDataBuf, outputDataStart); + if (parameters[ALG_TYPE_OFFSET] == KMType.AES + && parameters[BLOCK_MODE_OFFSET] == KMType.GCM) { + // Every time Block size data is stored as intermediate result. + parameters[AES_GCM_UPDATE_LEN_OFFSET] += (short) (inputDataLength - len); + } + return len; + } + + @Override + public short update(byte[] inputDataBuf, short inputDataStart, + short inputDataLength) { + ((Signature) operationInst[0]).update(inputDataBuf, inputDataStart, inputDataLength); + return 0; + } + + private short finishKeyAgreement(byte[] publicKey, short start, short len, byte[] output, + short outputStart) { + return ((KeyAgreement) operationInst[0]).generateSecret(publicKey, start, len, + output, outputStart); + } + + private short finishCipher(byte[] inputDataBuf, short inputDataStart, short inputDataLen, + byte[] outputDataBuf, + short outputDataStart) { + short len = 0; + try { + byte[] tmpArray = KMAndroidSEProvider.getInstance().tmpArray; + Cipher cipher = (Cipher) operationInst[0]; + short cipherAlg = parameters[ALG_TYPE_OFFSET]; + short blockMode = parameters[BLOCK_MODE_OFFSET]; + short mode = parameters[PURPOSE_OFFSET]; + short macLength = parameters[MAC_LENGTH_OFFSET]; + short padding = parameters[PADDING_OFFSET]; + + if (cipherAlg == KMType.AES && blockMode == KMType.GCM) { + if (mode == KMType.DECRYPT) { + inputDataLen = (short) (inputDataLen - macLength); + } + } else if ((cipherAlg == KMType.DES || cipherAlg == KMType.AES) && padding == KMType.PKCS7 + && mode == KMType.ENCRYPT) { + byte blkSize = 16; + byte paddingBytes; + short inputlen = inputDataLen; + if (cipherAlg == KMType.DES) { + blkSize = 8; + } + // padding bytes + if (inputlen % blkSize == 0) { + paddingBytes = blkSize; + } else { + paddingBytes = (byte) (blkSize - (inputlen % blkSize)); + } + // final len with padding + inputlen = (short) (inputlen + paddingBytes); + // intermediate buffer to copy input data+padding + // fill in the padding + Util.arrayFillNonAtomic(tmpArray, (short) 0, inputlen, paddingBytes); + // copy the input data + Util.arrayCopyNonAtomic(inputDataBuf, inputDataStart, tmpArray, (short) 0, inputDataLen); + inputDataBuf = tmpArray; + inputDataLen = inputlen; + inputDataStart = 0; + } + len = cipher + .doFinal(inputDataBuf, inputDataStart, inputDataLen, outputDataBuf, outputDataStart); + if ((cipherAlg == KMType.AES || cipherAlg == KMType.DES) && padding == KMType.PKCS7 + && mode == KMType.DECRYPT) { + byte blkSize = 16; + if (cipherAlg == KMType.DES) { + blkSize = 8; + } + if (len > 0) { + // verify if padding is corrupted. + byte paddingByte = outputDataBuf[(short) (outputDataStart + len - 1)]; + // padding byte always should be <= block size + if ((short) paddingByte > blkSize || (short) paddingByte <= 0) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + + for (short j = 1; j <= paddingByte; ++j) { + if (outputDataBuf[(short) (outputDataStart + len - j)] != paddingByte) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + } + len = (short) (len - (short) paddingByte);// remove the padding bytes + } + } else if (cipherAlg == KMType.AES && blockMode == KMType.GCM) { + if (mode == KMType.ENCRYPT) { + len += ((AEADCipher) cipher) + .retrieveTag(outputDataBuf, (short) (outputDataStart + len), macLength); + } else { + boolean verified = ((AEADCipher) cipher) + .verifyTag(inputDataBuf, (short) (inputDataStart + inputDataLen), + macLength, macLength); + if (!verified) { + KMException.throwIt(KMError.VERIFICATION_FAILED); + } + } + } + } finally { + KMAndroidSEProvider.getInstance().clean(); + } + return len; + } + + @Override + public short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLen, + byte[] outputDataBuf, + short outputDataStart) { + if (parameters[PURPOSE_OFFSET] == KMType.AGREE_KEY) { + return finishKeyAgreement(inputDataBuf, inputDataStart, inputDataLen, outputDataBuf, + outputDataStart); + } else { + return finishCipher(inputDataBuf, inputDataStart, inputDataLen, outputDataBuf, + outputDataStart); + } + } + + @Override + public short sign(byte[] inputDataBuf, short inputDataStart, + short inputDataLength, byte[] signBuf, short signStart) { + return ((Signature) operationInst[0]).sign(inputDataBuf, inputDataStart, inputDataLength, + signBuf, signStart); + } + + @Override + public boolean verify(byte[] inputDataBuf, short inputDataStart, + short inputDataLength, byte[] signBuf, short signStart, short signLength) { + return ((Signature) operationInst[0]).verify(inputDataBuf, inputDataStart, inputDataLength, + signBuf, signStart, signLength); + } + + @Override + public void abort() { + // Few simulators does not reset the Hmac signer instance on init so as + // a workaround to reset the hmac signer instance in case of abort/failure of the operation + // the corresponding sign / verify function is called. + if (operationInst[0] != null) { + if ((parameters[PURPOSE_OFFSET] == KMType.SIGN || parameters[PURPOSE_OFFSET] == KMType.VERIFY) + && + (((Signature) operationInst[0]).getAlgorithm() == Signature.ALG_HMAC_SHA_256)) { + Signature signer = (Signature) operationInst[0]; + try { + if (parameters[PURPOSE_OFFSET] == KMType.SIGN) { + signer.sign(EMPTY, (short) 0, (short) 0, EMPTY, (short) 0); + } else { + signer.verify(EMPTY, (short) 0, (short) 0, EMPTY, (short) 0, (short) 0); + } + } catch (Exception e) { + // Ignore. + } + } + } + reset(); + } + + @Override + public void updateAAD(byte[] dataBuf, short dataStart, short dataLength) { + ((AEADCipher) operationInst[0]).updateAAD(dataBuf, dataStart, dataLength); + } + + @Override + public short getAESGCMOutputSize(short dataSize, short macLength) { + if (parameters[PURPOSE_OFFSET] == KMType.ENCRYPT) { + return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize + macLength); + } else { + return (short) (parameters[AES_GCM_UPDATE_LEN_OFFSET] + dataSize - macLength); + } + } +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMPoolManager.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMPoolManager.java new file mode 100644 index 00000000..a9fd7008 --- /dev/null +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMPoolManager.java @@ -0,0 +1,335 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.seprovider; + +import com.android.javacard.kmdevice.KMException; +import com.android.javacard.kmdevice.KMOperation; + +import javacard.framework.JCSystem; +import javacard.security.KeyAgreement; +import javacard.security.Signature; +import javacardx.crypto.AEADCipher; +import javacardx.crypto.Cipher; + +/** + * This class manages all the pool instances. + */ +public class KMPoolManager { + + public static final short MAX_OPERATION_INSTANCES = 4; + private static final short HMAC_MAX_OPERATION_INSTANCES = 8; + // Cipher pool + private Object[] cipherPool; + // Signature pool + private Object[] signerPool; + // Keyagreement pool + private Object[] keyAgreementPool; + // KMOperationImpl pool + private Object[] operationPool; + // Hmac signer pool which is used to support TRUSTED_CONFIRMATION_REQUIRED tag. + private Object[] hmacSignOperationPool; + + final byte[] CIPHER_ALGS = { + Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, + Cipher.ALG_AES_BLOCK_128_ECB_NOPAD, + Cipher.ALG_DES_CBC_NOPAD, + Cipher.ALG_DES_ECB_NOPAD, + Cipher.ALG_AES_CTR, + Cipher.ALG_RSA_PKCS1, + KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1, + KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA256, + Cipher.ALG_RSA_NOPAD, + AEADCipher.ALG_AES_GCM}; + + final byte[] SIG_ALGS = { + Signature.ALG_RSA_SHA_256_PKCS1, + Signature.ALG_RSA_SHA_256_PKCS1_PSS, + Signature.ALG_ECDSA_SHA_256, + Signature.ALG_HMAC_SHA_256, + KMRsa2048NoDigestSignature.ALG_RSA_SIGN_NOPAD, + KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST, + KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST}; + + final byte[] KEY_AGREE_ALGS = {KeyAgreement.ALG_EC_SVDP_DH_PLAIN}; + + + private static KMPoolManager poolManager; + + public static KMPoolManager getInstance() { + if (poolManager == null) { + poolManager = new KMPoolManager(); + } + return poolManager; + } + + private KMPoolManager() { + cipherPool = new Object[(short) (CIPHER_ALGS.length * 4)]; + // Extra 4 algorithms are used to support TRUSTED_CONFIRMATION_REQUIRED feature. + signerPool = new Object[(short) ((SIG_ALGS.length * 4) + 4)]; + keyAgreementPool = new Object[(short) (KEY_AGREE_ALGS.length * 4)]; + operationPool = new Object[4]; + hmacSignOperationPool = new Object[4]; + /* Initialize pools */ + initializeOperationPool(); + initializeHmacSignOperationPool(); + initializeSignerPool(); + initializeCipherPool(); + initializeKeyAgreementPool(); + } + + private void initializeOperationPool() { + short index = 0; + while (index < MAX_OPERATION_INSTANCES) { + operationPool[index] = new KMOperationImpl(); + index++; + } + } + + private void initializeHmacSignOperationPool() { + short index = 0; + while (index < MAX_OPERATION_INSTANCES) { + hmacSignOperationPool[index] = new KMOperationImpl(); + index++; + } + } + + // Create a signature instance of each algorithm once. + private void initializeSignerPool() { + short index = 0; + while (index < SIG_ALGS.length) { + signerPool[index] = getSignatureInstance(SIG_ALGS[index]); + index++; + } + } + + //Create a cipher instance of each algorithm once. + private void initializeCipherPool() { + short index = 0; + while (index < CIPHER_ALGS.length) { + cipherPool[index] = getCipherInstance(CIPHER_ALGS[index]); + index++; + } + } + + private void initializeKeyAgreementPool() { + short index = 0; + while (index < KEY_AGREE_ALGS.length) { + keyAgreementPool[index] = getKeyAgreementInstance(KEY_AGREE_ALGS[index]); + index++; + } + } + + private Object[] getCryptoPoolInstance(short purpose) { + switch (purpose) { + case KMType.AGREE_KEY: + return keyAgreementPool; + + case KMType.ENCRYPT: + case KMType.DECRYPT: + return cipherPool; + + case KMType.SIGN: + case KMType.VERIFY: + return signerPool; + + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + return null; + } + + private Object createInstance(short purpose, short alg) { + switch (purpose) { + case KMType.AGREE_KEY: + return getKeyAgreementInstance((byte) alg); + + case KMType.ENCRYPT: + case KMType.DECRYPT: + return getCipherInstance((byte) alg); + + case KMType.SIGN: + case KMType.VERIFY: + return getSignatureInstance((byte) alg); + + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + return null; + } + + private KeyAgreement getKeyAgreementInstance(byte alg) { + return KeyAgreement.getInstance(alg, false); + } + + private Signature getSignatureInstance(byte alg) { + if (KMRsa2048NoDigestSignature.ALG_RSA_SIGN_NOPAD == alg + || KMRsa2048NoDigestSignature.ALG_RSA_PKCS1_NODIGEST == alg) { + return new KMRsa2048NoDigestSignature(alg); + } else if (KMEcdsa256NoDigestSignature.ALG_ECDSA_NODIGEST == alg) { + return new KMEcdsa256NoDigestSignature(alg); + } else { + return Signature.getInstance(alg, false); + } + } + + private Cipher getCipherInstance(byte alg) { + if ((KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA1 == alg) || + (KMRsaOAEPEncoding.ALG_RSA_PKCS1_OAEP_SHA256_MGF1_SHA256 == alg)) { + return new KMRsaOAEPEncoding(alg); + } else { + return Cipher.getInstance(alg, false); + } + } + + /** + * Returns the first available resource from operation pool. + * + * @return instance of the available resource or null if no resource is available. + */ + public KMOperation getResourceFromOperationPool(boolean isTrustedConfOpr) { + short index = 0; + KMOperationImpl impl; + Object[] oprPool; + if (isTrustedConfOpr) { + oprPool = hmacSignOperationPool; + } else { + oprPool = operationPool; + } + while (index < oprPool.length) { + impl = (KMOperationImpl) oprPool[index]; + // Mode is always set. so compare using mode value. + if (impl.getPurpose() == KMType.INVALID_VALUE) { + return impl; + } + index++; + } + return null; + } + + private byte getAlgorithm(short purpose, Object object) { + switch (purpose) { + case KMType.AGREE_KEY: + return ((KeyAgreement) object).getAlgorithm(); + + case KMType.ENCRYPT: + case KMType.DECRYPT: + return ((Cipher) object).getAlgorithm(); + + case KMType.SIGN: + case KMType.VERIFY: + return ((Signature) object).getAlgorithm(); + + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + return 0; + } + + private boolean isResourceBusy(Object obj) { + short index = 0; + while (index < MAX_OPERATION_INSTANCES) { + if (((KMOperationImpl) operationPool[index]).isResourceMatches(obj) + || ((KMOperationImpl) hmacSignOperationPool[index]).isResourceMatches(obj)) { + return true; + } + index++; + } + return false; + } + + private void setObject(short purpose, KMOperation operation, Object obj) { + switch (purpose) { + case KMType.AGREE_KEY: + ((KMOperationImpl) operation).setKeyAgreement((KeyAgreement) obj); + break; + case KMType.ENCRYPT: + case KMType.DECRYPT: + ((KMOperationImpl) operation).setCipher((Cipher) obj); + break; + case KMType.SIGN: + case KMType.VERIFY: + ((KMOperationImpl) operation).setSignature((Signature) obj); + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + } + + private void reserveOperation(KMOperation operation, short purpose, short strongboxAlgType, + short padding, short blockMode, short macLength, Object obj) { + ((KMOperationImpl) operation).setPurpose(purpose); + ((KMOperationImpl) operation).setAlgorithmType(strongboxAlgType); + ((KMOperationImpl) operation).setPaddingAlgorithm(padding); + ((KMOperationImpl) operation).setBlockMode(blockMode); + ((KMOperationImpl) operation).setMacLength(macLength); + setObject(purpose, operation, obj); + } + + + public KMOperation getOperationImpl(short purpose, short alg, short strongboxAlgType, + short padding, + short blockMode, short macLength, boolean isTrustedConfOpr) { + KMOperation operation; + // Throw exception if no resource from operation pool is available. + if (null == (operation = getResourceFromOperationPool(isTrustedConfOpr))) { + KMException.throwIt(KMError.TOO_MANY_OPERATIONS); + } + // Get one of the pool instances (cipher / signer / keyAgreement) based on purpose. + Object[] pool = getCryptoPoolInstance(purpose); + short index = 0; + short usageCount = 0; + short maxOperations = MAX_OPERATION_INSTANCES; + if (Signature.ALG_HMAC_SHA_256 == alg) { + maxOperations = HMAC_MAX_OPERATION_INSTANCES; + } + + while (index < pool.length) { + if (usageCount >= maxOperations) { + KMException.throwIt(KMError.TOO_MANY_OPERATIONS); + } + if (pool[index] == null) { + // Create one of the instance (Cipher / Signer / KeyAgreement] based on purpose. + JCSystem.beginTransaction(); + pool[index] = createInstance(purpose, alg); + JCSystem.commitTransaction(); + reserveOperation(operation, purpose, strongboxAlgType, padding, blockMode, macLength, + pool[index]); + break; + } + if (alg == getAlgorithm(purpose, pool[index])) { + // Check if the crypto instance is not busy and free to use. + if (!isResourceBusy(pool[index])) { + reserveOperation(operation, purpose, strongboxAlgType, padding, blockMode, macLength, + pool[index]); + break; + } + usageCount++; + } + index++; + } + return operation; + } + + public void powerReset() { + short index = 0; + while (index < operationPool.length) { + ((KMOperationImpl) operationPool[index]).abort(); + ((KMOperationImpl) hmacSignOperationPool[index]).abort(); + index++; + } + } + +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMRsa2048NoDigestSignature.java similarity index 96% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMRsa2048NoDigestSignature.java index 08e11436..89c390bd 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMRsa2048NoDigestSignature.java @@ -13,7 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; + +import com.android.javacard.kmdevice.KMException; import javacard.framework.Util; import javacard.security.CryptoException; @@ -135,6 +137,7 @@ private boolean isValidData(byte[] buf, short start, short len) { } } else { // ALG_RSA_PKCS1_NODIGEST if (len > 245) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); return false; } } diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMRsaOAEPEncoding.java similarity index 99% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMRsaOAEPEncoding.java index ac099bc5..2f2da22f 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMRsaOAEPEncoding.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMRsaOAEPEncoding.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; import javacard.framework.JCSystem; import javacard.framework.Util; diff --git a/Applet/src/com/android/javacard/keymaster/KMType.java b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMType.java similarity index 77% rename from Applet/src/com/android/javacard/keymaster/KMType.java rename to Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMType.java index 00704df2..0bfc0b1a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMType.java +++ b/Applet/AndroidSEProvider/src/com/android/javacard/seprovider/KMType.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.seprovider; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -44,6 +44,20 @@ public abstract class KMType { public static final byte VERIFICATION_TOKEN_TYPE = 0x09; public static final byte HMAC_SHARING_PARAM_TYPE = 0x0A; public static final byte X509_CERT = 0x0B; + public static final byte NEG_INTEGER_TYPE = 0x0C; + public static final byte TEXT_STRING_TYPE = 0x0D; + public static final byte MAP_TYPE = 0x0E; + public static final byte COSE_KEY_TYPE = 0x0F; + public static final byte COSE_PAIR_TAG_TYPE = 0x10; + public static final byte COSE_PAIR_INT_TAG_TYPE = 0x20; + public static final byte COSE_PAIR_NEG_INT_TAG_TYPE = 0x30; + public static final byte COSE_PAIR_BYTE_BLOB_TAG_TYPE = 0x40; + public static final byte COSE_PAIR_COSE_KEY_TAG_TYPE = 0x60; + public static final byte COSE_PAIR_SIMPLE_VALUE_TAG_TYPE = 0x70; + public static final byte COSE_PAIR_TEXT_STR_TAG_TYPE = (byte) 0x80; + public static final byte SIMPLE_VALUE_TYPE = (byte) 0x90; + public static final byte COSE_HEADERS_TYPE = (byte) 0xA0; + public static final byte COSE_CERT_PAYLOAD_TYPE = (byte) 0xB0; // Tag Types public static final short INVALID_TAG = 0x0000; public static final short ENUM_TAG = 0x1000; @@ -59,6 +73,11 @@ public abstract class KMType { public static final short TAG_TYPE_MASK = (short) 0xF000; // Enum Tag + // Internal tags + public static final short RULE = 0x7FFF; + public static final byte IGNORE_INVALID_TAGS = 0x00; + public static final byte FAIL_ON_INVALID_TAGS = 0x01; + // Algorithm Enum Tag key and values public static final short ALGORITHM = 0x0002; public static final byte RSA = 0x01; @@ -143,9 +162,10 @@ public abstract class KMType { public static final byte DECRYPT = 0x01; public static final byte SIGN = 0x02; public static final byte VERIFY = 0x03; + public static final byte DERIVE_KEY = 0x04; public static final byte WRAP_KEY = 0x05; - public static final byte ATTEST_KEY = (byte) 0x7F; - + public static final byte AGREE_KEY = 0x06; + public static final byte ATTEST_KEY = (byte) 0x07; // Block mode public static final short BLOCK_MODE = 0x0004; public static final byte ECB = 0x01; @@ -172,6 +192,9 @@ public abstract class KMType { public static final byte RSA_PKCS1_1_5_SIGN = 0x05; public static final byte PKCS7 = 0x40; + // OAEP MGF Digests - only SHA-1 is supported in Javacard + public static final short RSA_OAEP_MGF_DIGEST = 0xCB; + // Integer Tag - UINT, ULONG and DATE // UINT tags // Keysize @@ -186,8 +209,6 @@ public abstract class KMType { public static final short USERID = 0x01F5; // Auth Timeout public static final short AUTH_TIMEOUT = 0x01F9; - // Auth Timeout in Milliseconds - public static final short AUTH_TIMEOUT_MILLIS = 0x7FFF; // OS Version public static final short OS_VERSION = 0x02C1; // OS Patch Level @@ -198,6 +219,8 @@ public abstract class KMType { public static final short BOOT_PATCH_LEVEL = 0x02CF; // Mac Length public static final short MAC_LENGTH = 0x03EB; + // Usage Count Limit + public static final short USAGE_COUNT_LIMIT = 0x195; // ULONG tags // RSA Public Exponent @@ -207,8 +230,10 @@ public abstract class KMType { public static final short ACTIVE_DATETIME = 0x0190; public static final short ORIGINATION_EXPIRE_DATETIME = 0x0191; public static final short USAGE_EXPIRE_DATETIME = 0x0192; - public static final short CREATION_DATETIME = 0x02BD;//0x0193; - + public static final short CREATION_DATETIME = 0x02BD; + ; + public static final short CERTIFICATE_NOT_BEFORE = 0x03F0; + public static final short CERTIFICATE_NOT_AFTER = 0x03F1; // Integer Array Tags - ULONG_REP and UINT_REP. // User Secure Id public static final short USER_SECURE_ID = (short) 0x01F6; @@ -274,10 +299,16 @@ public abstract class KMType { public static final short NONCE = (short) 0x03E9; // Confirmation Token public static final short CONFIRMATION_TOKEN = (short) 0x03ED; + // Serial Number - this is a big num but in applet we handle it as byte blob + public static final short CERTIFICATE_SERIAL_NUM = (short) 0x03EE; + // Subject Name + public static final short CERTIFICATE_SUBJECT_NAME = (short) 0x03EF; public static final short LENGTH_FROM_PDU = (short) 0xFFFF; public static final byte NO_VALUE = (byte) 0xff; + // Support Curves for Eek Chain validation. + public static final byte RKP_CURVE_P256 = 1; // Type offsets. public static final byte KM_TYPE_BASE_OFFSET = 0; public static final byte KM_ARRAY_OFFSET = KM_TYPE_BASE_OFFSET; @@ -295,46 +326,30 @@ public abstract class KMType { public static final byte KM_KEY_CHARACTERISTICS_OFFSET = KM_TYPE_BASE_OFFSET + 12; public static final byte KM_KEY_PARAMETERS_OFFSET = KM_TYPE_BASE_OFFSET + 13; public static final byte KM_VERIFICATION_TOKEN_OFFSET = KM_TYPE_BASE_OFFSET + 14; - - protected static KMRepository repository; - protected static byte[] heap; - // Instance table - public static final byte INSTANCE_TABLE_SIZE = 15; - protected static short[] instanceTable; - - public static void initialize() { - instanceTable = JCSystem.makeTransientShortArray(INSTANCE_TABLE_SIZE, JCSystem.CLEAR_ON_RESET); - KMType.repository = KMRepository.instance(); - KMType.heap = repository.getHeap(); - } - - public static byte getType(short ptr) { - return heap[ptr]; - } - - public static short length(short ptr) { - return Util.getShort(heap, (short) (ptr + 1)); - } - - public static short getValue(short ptr) { - return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - } - - protected static short instance(byte type, short length) { - if (length < 0) { - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - } - short ptr = repository.alloc((short) (length + TLV_HEADER_SIZE)); - heap[ptr] = type; - Util.setShort(heap, (short) (ptr + 1), length); - return ptr; - } - - protected static short exp(byte type) { - short ptr = repository.alloc(TLV_HEADER_SIZE); - heap[ptr] = type; - Util.setShort(heap, (short) (ptr + 1), INVALID_VALUE); - return ptr; - } + public static final byte KM_NEG_INTEGER_OFFSET = KM_TYPE_BASE_OFFSET + 15; + public static final byte KM_TEXT_STRING_OFFSET = KM_TYPE_BASE_OFFSET + 16; + public static final byte KM_MAP_OFFSET = KM_TYPE_BASE_OFFSET + 17; + public static final byte KM_COSE_KEY_OFFSET = KM_TYPE_BASE_OFFSET + 18; + public static final byte KM_COSE_KEY_INT_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 19; + public static final byte KM_COSE_KEY_NINT_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 20; + public static final byte KM_COSE_KEY_BYTE_BLOB_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 21; + public static final byte KM_COSE_KEY_COSE_KEY_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 22; + public static final byte KM_COSE_KEY_SIMPLE_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 23; + public static final byte KM_SIMPLE_VALUE_OFFSET = KM_TYPE_BASE_OFFSET + 24; + public static final byte KM_COSE_HEADERS_OFFSET = KM_TYPE_BASE_OFFSET + 25; + public static final byte KM_COSE_KEY_TXT_STR_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 26; + public static final byte KM_COSE_CERT_PAYLOAD_OFFSET = KM_TYPE_BASE_OFFSET + 27; + public static final byte KM_BIGNUM_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 28; + + // Attestation types + public static final byte NO_CERT = 0; + public static final byte ATTESTATION_CERT = 1; + public static final byte SELF_SIGNED_CERT = 2; + public static final byte FAKE_CERT = 3; + // Buffering Mode + public static final byte BUF_NONE = 0; + public static final byte BUF_RSA_NO_DIGEST = 1; + public static final byte BUF_EC_NO_DIGEST = 2; + public static final byte BUF_BLOCK_ALIGN = 3; } diff --git a/Applet/JCardSimProvider/build.xml b/Applet/JCardSimProvider/build.xml deleted file mode 100644 index 3d06a8fd..00000000 --- a/Applet/JCardSimProvider/build.xml +++ /dev/null @@ -1,60 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/Applet/JCardSimProvider/lib/hamcrest-core-1.3.jar b/Applet/JCardSimProvider/lib/hamcrest-core-1.3.jar deleted file mode 100644 index 9d5fe16e3dd37ebe79a36f61f5d0e1a69a653a8a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 45024 zcmaI81C*p&lQmqnZQHhOn_aeT+qTtZ+wQVmUAC*b%)j2bGxN>8@64Yo^W@64;>nfg zWbD|nBO+5l8W;o$00062fW7oo0N{VzAOS!CWJOg3X(i>v=s(8+02Kby6as+l+w|#c zNwVhK91suy0OkAnzfENYJ+q&~~XcVMg@)Q>u853k!`i`Ur45 zyu5Cd37@2HgH)`Wy1`l;*oM6)AovI`MZ*5P^GAe-{5dEZG0FFgLIHB7%e7m@~IKQ2JFQMZ<9=GfFm*%A&yCZ2FhNHwGWyrhp(buKg?hqDS+*3t9 zd{fJ?i!iu3WWuibV>u(s!C7Y9Ec@WNo2&8wt$(Q78NE9faKyXMFZx?z#3g=W!ggoW zxBju_^2Gk#d1;@npM{AJMlo8%y|Ejj#qPY!E?ZE}{zt!8D)Sevt(Mlx?wUpBu7Pd- z+&=5f)$cT0MHpK#AxKNtLgIJ;1o0;w;U`Im=XE0^FJ`(EW^RqEi|ti|O73QiforP# zZ4`hWX!GNBWxLS!_Nha8kt+qvaywJz^&^fC8TLt%rr#0pz;rRNvOOFu-M3nI=avGe zGeQvShWz>WK)WN5I{5e2?{Wf-#LUiZA$BZ*U2cs9(rD%v`A}Y>;3#xQ{>62Eo>{k^kl!@X(KI9@K zP|&oX8WJ<-Sx`mN@Uw|3vJ}OpTfpgEQ$i8C2HuxCnNO7>v;M|S?XW0&?ONp#Xsq{bsj*Uh;RjX%HgjZ zDcD81yIB87fQn~>(|C4lNp49A0PPu*kkf1B#@2_ChL&1Ygu98+J^LoG$hkZK#b=S&+3y>I$q^Pesl7%RmMS5C%3|Beac-R%1#O@FxO1 zgA!Vxayv;1V*Dj>CYT#C3woj>nT!jiIa1715Fwi6L6eK+)cMN&Tz(BxQ|^%LTr5K$ zk^Rrc^G%HwiAcP{>{ZKiZ<@NrpM`v~-eSWZ$sa8#XjdrgO{MX{fuTSLc!5`kTVoSg zkx^J3fwyDpx4}j+V|NjI`)N0O`^5TV&nOHkC@tDhIZTCD*PJKU(a}w;ry|kT2x(5AaXMUN2y6CRpK%|^ z8zX`PGgBCxWr6}~wM(DmZ$S+2^~1@X-|@^qkVAw$29(R2s*U(<$*W+veIM?&1gJPA z&jf1a4fTmkn53m2AI{uCYb&0EV)^%2xmcvmVyAR)RO^<|r`!`65={#m>2uhQQ>R6q zQx_b-V^1_t0Pgy{x}^j^q|~2G_ahv3mo>AId%ES4yqvQ~v8lEeZ_z%B_ieJ3Z)0QK zZgcByNKyTkZ_(dX1=S6VKZE0a81awaxMFw1BjKIjVQWvH5&YC=RY*#lFGPD|<8DG@ z{dV$TrV`K?NrvOmfP+?bE+P)Njmu~#HT>#nOqe*YgBh(ThQp)|_Fic28i__O?DHtS z4;ay#B`2=r(=q4#h+nQDB{wf80Mq1S%nkyiP{Y(WV@p~AV#*upqgtb+h`}c<5-t-0 z?NT2Dulu5m0bZIZnVAoH)2|uZ>`B`M>^)^ew$8l6#^Z829~mNHxDT_>If7E zVJZSK$$4y{Q9kc!rXpDH(YAKf%!_SKQSzA)*@R@N`V{}zz}8bbEn+T??gM;5gCjXS zh^u~U93JSUN$b*BTt2fqUm4q*p~FT5wH z!9xXmu2r!m{0{U$Lh-o1|EI;6AhI)SSfnTj?f_6Oq3|J3W^^WA{|^!L0%)^ARi%AM zTXpnxxUoy&%^J!kUFz0O%vO6imp|qV16Bi8gXhylzQHo*=yUewfamJtOZSm8hre*d ziAQ4~ejr!WVOrINRH8K*Qu{UN4F_$FD6}$BZDvR5@KAp7-qtVQv@q30h)M!0D_ZYx-={x%~$*|j6x@uqG^rA#UV;D`c4 zTxv57a%R2oCZ}LDmAB1J<%hx#^|gV~FUIvWsNA47P^?iz-xx=i;F4>KOiX_Y-Rr^+ z-Ec`ePh78D_TT?~PewAJJ(R@>8vF}Jfs=4?hmcmqX^vdX=V_UfBu)yMBwuy+6m_mU>2c@>7 z+PLl1WXwrH4SkNh503CP;up1p17UO14ZUS>Z7QorCE`_Llo+vhjLss~uGOIsbEfxC zZiTU1!R5K6stovuuLs0S%G|r6Dv7xIE}m&@_e}CPkj9ttE-0>xU3}9nGvn(H@iW;k z{J*Cf<)rvf+CTsR0^dnH-v5?r$Qn2snVUHNm1e{!>pIN~pzuOBH35dqYgtr(+#s(* zsg0udPcOQ97rKaHcu&%dL2VF1Ceir5Q~S)n?!e!Ob8dNafEZRz+FzSKC{L~X!S)s49! zrBz7HE9nzwy`iWhIr`{rbNtR*3*Y{`R-R$8-5hGh-b6lIYUa)Z^DIT<_I#_ILB;45 zj2zJPz=<7*z62@tS_fz}o|$|Y5_n$(2726rT7BIoG)0P44DCv3*iie?re=h$-E;GT zN1l!6J?#TXwKvX9uUCfH6cCj_=^5m%*j z*M`v>9qnGo2C_W^cXFXsYM~UKT{r`$G`*;dcs%-U^GdyrzDa^u-hpp*(LTnIkEYKB zg#x|IHI;(CKqTeV{|fZuqY-4uF*=g;r-n!~%vUQ?fh`DmWgDgiYXXtnz-5{ex zTYwCd9eFoP1;7%z0^F-j*n=X!pX!L#Y<;-PX5m>xs9|xy9Jed??lk+PPj37Ch+lis zfGI+&M0B2;FYw>p@~*f3Pu{mXPJTcB%`JuPY>h4cmHUz~{^gc7(SlF|3<#oM=FM7B zuB3FjZEW{2qWvLlHz16#Hc~PK5qQ%f;5Q0}kvrr3llXj-Z?#YRkoh9HM6wBp4UOHL z-=bc6psS%&O;EG(@;L_?jhndXVVp%AQ%k!n9Z_wWwdzoPw;28+%vuTv;-w$slxnIw zEmz@QRK{tcZlNTJ2qE?B#Sr%tum@{IPzF-$mJCBYZ)9o@{-HeG`+w9e{w2lVS9d7Y zzh$!icY;syPsIJdt^I{NLJ1x-cd-Vd!YZ`t43vOvY2cYc8*rOas!eU35ff?E+&utXsq1i=YQ~QH z`jBQl`iKSswH6dn1Z>6zvKKW)bvsYpVpMIz&PLm6ZM%#*Y&u+JmtI5rFm158(XavZ zT0vr>3aT^_Yt$a)()hc@JpBSp+nP&NTPWumB>vpoZR@G}_onh!IBh)%vAQhQ=-RdNgZX%P)bJhv*h+`h5gTcCyRi;}2fE#DftKNa`hpF3@| z_Xkhxe39monl3yD{(X0Tu+AuV*_n~6oto{FV~2ME=*=tIJ5uF1uB{T&zFtY^Q#P%J zv}=yJVL*RKGblm~qJJG4Km|#Z#EXfIDnZ5FXpA~S$=|Sqpq@5HvIZ!3>jRUsYz7do z7JUL4DYhONi?mGB?8h*bhS!wq_^^j7YJYn{kik|204wDxeJocCCmEy16 z`4~C{;F~hUYKn7PBLmW=1DI;mAEZ!7%O`W1P&*N$`@-Fu;H#qqHGQT7OrOqt)}7PL zhz?wE$UvP(3DC`w7dQvdH#t1;#WmU-^`I*|!zi)1LVpFfSCrEvy9NJy%ppIz9M<@z z!e8H1NdA8VQ_jx$Z`ce`7W@|{ex{OuAV8~Cr)b%rQY&cx|}58su?>Ovh}x6JCTwlwa@ExnX2Z!wu*8gI=GjaS*S<{M<^?YW>ku9$(>j@`FcagxfEDjg zZuWp51dLUJ4|>BqZRfGQ-=3lut(Lk17OmW_oVs|5>F>L0#KDQxi104O*s*ctn>mSC zGao{b!R114pRmPD@;ht%bMo4nU%uOXja)r*8Wgt;{Bl;hrY?&Z0)|F&k1)4}$ofBP z5cCJ@^x2D4MjF7MQZ3q%YmK_=hnaOUOWi;f&?HX`DNRpTJp1cBE~!h7QFVo{&H9@# z)b{1XkaDPRLX<9k7m4|Gf!&r%KwPq{pnO-w=He5o>YPY?<4-b50F*b2O}20dx(*#fP@NxL@Mi2p!t4ntJ~>96Kf@mF_z`8dSCpQR$y;ikE_<%q<|X!DJspGuPKqN$p~7fKRmGK|@cI|M&+X(mttr?tVLE z#do!v@c(vBWoHxnzbGR|j?s2N03jRH$Os%lHM0q&xL*oen}vWxT7qs8obKoVhso^x zDm=NiWCzegWeBra!oSj*nY*!*`R&h}56DeqeHb`Au~6KS%ZsRn>BW{Qku9psT#!Qe7i z>@WSBpS@RcS)15S7d z8PLX;<4J@V*T8J*o;X{r=JI2djTF}Z%#^=n~+#DbvD%^-qP`c zc+l9!X2Z@V2~4!CV^XAB;(%2u)`R>-ax1sG-&WV}jsrA#tu(z0XJVO7xJ>+&=gxmP zQPhbRHS~(hnBjhDKk}^%sFJJMT8|Q~TFX6U>L}dc{>!nHxF8KTqQ)H8wd_zv*0tNC zF$wuk+ErT7$|ZFS`jXP}Y$TdtjzXZwXlx>P%k&^?T9-w0qH+SA9e^bVRKjkzxM7pW z+X-Fc)x$+cISKzxPi@jlAoWTC$$|BBJ91$&aaD?^d!@a#@sddl{*~CuK8SkCY=9hO z5Jn7P7FG>`T@JFjcDl6nfd9!om3v2OwOl?Mz<>YQf07T zydEOtd;Q6Qcf5632K>`0>#f6pc}bMok>q?fGl*;z1D6y7NV-&i2N{(gkaTF<(#a-h10=i$Y-(|b zNhi;MyF)~uP~|iA?lNfdH;eV|;xLY13DDu4^&H&dbzDOQ4G6^PBh1i5ftWmQLQT^B zPkI`eIHoO_T^2b|wF&o}sHRJ(J<4DR_M8v`BNI>nWy?d4*&AHM2N7Sz(7~>huQ&1# zWvUtMiLtng)LktHJegHP@4>i$nL#^#?wMmn5)C27)MK4OC;vlc{;O3bI`dxC`VGw! zS^xn2e}|`|$$!dBr@s)oqzUPbV}k0JbYYr!YTuOHQcv6BpIKy645ZZnBFvRM%u;O& zN2r!-y{S+UMHm&(uN0AUq!kKv};5sM>%y3J1hf;xk1=T*5O)#GAyX z{2n0a$SyJo9?7jFQXbK*1rmIMyGDTcjv`VVpG?X`H zkI-Hvls9ZH$*l{Le8O`m&~~sL<&DiVT*Nii4ev8wL>cNcAP&*3FcLq}tr4g%5I^ZH zGpH|Iufk5+4K-+Pfd0e{HfC;0K9y;yY^P}8c*m+-p)~CNNT@O{^p&a zgv~Oa*p!R#ef=VsJERvFlim#@L(R?o)tc2rZx)A#%bBIdXUC1@X0D$KkNcsSy9`y8 zHBGshR=%4twOBljR?IBY~x-fR_Yc6kO2>vjNdE8@SJ5NnNt2bi>0!Yt477BU&laQprGO z;8ZYjX|q=1cQ9S7x*i6mmR3-3w0d!IhMIO!wEM%*PWFJ>Dps)uF{RcRU&y^Ab>jdB zi@lW6B`QJIo{UvtjX@-u3TToZq90Ub1PhbZEgM7utA)N$hq8F{v}L+PWSv#;x;TYE z(|#*B6#KuMXvCLnNmdzRTnrvNex7QGdTP3Xkmj@Nfbr;A_SYDK9v5X_=aYVnk1S{B zo=xshFb5{x12!T-qje6*Xt(6bVco0o_WpdwUM;t+n3`v>s4Qk?vz1kDHhu$+iZm-(m^Bna;wfoOS8fl^`O*sIHuu0!wF%ov^7Fx@ zmq8v0X9hhL#A=)mRce+e#t1bRA5`4wm|m<9^H_P2Qu&6Wf8MaVIYgWtut#hZ-Fkd4 zg9D2O@we?muAocdX^RY12I>i zKyt#G!?t2SSf!Q}{nPqS-Kz^8#b}vqAEHMK_6Xppprhk%F?(_J0#;aixXpH(GuopK zuJ=L-{i_cQ&>ib&MeB~;>uQaywRKl*yVMZmg!ef_+&2$l+yaUKkA<+M)ljR36NY#W zj#=#F202GpJSJDTR#wo4YKAH|XWI;M3cDJ`j;u3^_BfMt%~-hb#Zf11^rZhZvB*mc z(}oFTBewOC-jL~ZLFiQ`^o=|G+{4W7$6(>$!V9vD6KtOF7pommB;8M3S>f@STKHaI zA8^$!qnA9>mfq|G3f)!1Rc(xMjB{5wqgPI2Q%9w5-6`?thYv-I;BZ7S2D?g*G%a)g zT0&FdR$!yg#nR4sfBlSvn%LFC#tpN~waKoxak%GcsTfszSgpX*UNVs`Qs1W-cRyxi zffxS6@L!8C40+(n50Gaa)O$r(d0xaq-cAhb*18r{Ja=Wy=HJQIutdRoIFAO z7R##`xQ8lH@_H7|NcI`gf!W5c~h_)NVxY3{w z-v!xP+V8;-i!#Irk?z8v6V>pRM(CS9Hpsj0*8@~{tW)3VVFvU<4MMHwO$g&=f`$T#^{PX-~|$%YYhCOr!^M;#lv%chQAMg5Grm~+FhLk z{spY)#v&}}#$rr*a8__TZ$y~v>km7+@yjWlg$p#a9cT{?YGc4HqF~*TK|NN=i)y?J z8;DME4afzB#%{XVOt3=QC)Yam5})yP~A55^cH0gqNgyO7#|`c`n?Dq zH38$i_+L>TMDigd4f^RPX*YGBw6BkaBHPoXul@)vv0*-BBp0{?y!E-;$a#PIee-|F zcOeU2AqBG76QF*wzri~axIqhIdBl70#d~=ZpxzL&y)wY;xZuUU?jkbeqba%LhOU1B z{aunRWE?HMe9P7DZ&^n0Z#kcfle3-8-^Yi%t z+M|kaW2oR!wmm{{tRX3t=TkH z2UlvR4NYlLQF6mzv+`?|_k<~D_9MVpo-RR}DN@u2VY~Jk=zD>C^5lsx&DAZvR|tji zI`-XR3-dkzAzGYjq*(ks!CaYE01?r`m^@$C0`cVj1XcThm)dC2#tj^oFL)hz#C)`h zLUuYI?Yy9|V?OAZSJe>*WZbsecsjmtpX)`4wRJ%o#lKT{FE2e84K2Tbl~0T4rhZG#W-nN@)eTGs+sJ zlK5ime3f1hEAPQGGZH=2q%;YiYIZ(?k62Ghoual7mSNoDI;&5B0q#Dwag8W1MzH02 zz#+|qHjEl&+w{_IY-igaNj zlBFHBG}~Cxj}+Tl(zgo)#bqMIR}hH!{6e~QXvnZFwKg3zRok0EN-hlKgZiYny&zi! z!G1WL%;5Cux#q?<^Lu}PN9_YvX_P2R7ov;_qA_es6NEB_Gr=jf=MNzcor2~>4I(!* zd~>WSDZ{wSk^W3&*Qv=CQ-4$9lnrf8RZ(iibfxl3t>g_IYG+4)!Nx5gn)tDZ-ZT7G z1F_4K)yaD`al_{)b5fAafaAimZ2|N0>v33weL5)OQEa)h{^Sn&Hqgq8!kcIY7VY7Z z4tRdWY4*%7znP|TjqKM2OanblT!D(_l};UTW_4Z1Wc;a=xC8EU@s7cSXVZ_F%FmKI zm&WeR9x25YXm4$vq+N;-?BTqSSujTqQ;x1ukE@P>-7BMQNHL+)GG*<_YARX@R&fxE z$B=Rg^?>tKVUj@sur(ApnCwEKy04b_g6CEbjJ=fErVrKJxu5^xKoRAp9Gw;gYS_6H z3vgu?-4=~Pr^&+ll7#z6ml?fcvCt>cVcGn1E?+0ji5>&htRrSE zjCb(4?*eV5Q>ax2s2q5~*n2y_Wr~4Nzu8@!y9k|j+PdIHi9Ix*6bN(ulIhPPI*%o? zdnKIXV)~q`a%RUG<>82$z(~8a<-Nj{76oWPv37gKMxcOpb?$<61?J*~IcvYkI4m)E zpo7ICh)YYpjzpMv8^q*Bl{6f2_ zz|1Yi@)L*RXEttmGBvn|N$zs4x4;opAeE59qJe(eHWJt;N0>Ss))`Id;KpL{Kev?6 z9KXGWO7AZYLLHd^0XEMhyJK?{YkIMDYhqb3S z$?QuF;z|tYzL0;x+e8{Pp!iwEpioY|3I zkG>bQ5xv32AKQ&iZz(P&YrR3Y2b5ZO5Gc9Ie%gzqw$l7I6yvY|9tr+yE|8C(Yq9M+ zG=lwa&HDevk)`E{1Q9;55)k`AT~u%C;UE0hL>k0X>>XGc3GIIv8uG9T53*Tc&odi6 zo(+E)@uZvYeYfi|t@_dvhHnv%8J1K}uN6Wzgg!E~SplrVJT!AK(IQwix9;ef>e z^Wq<>rj`vu1gaooRDs`1Abbm>DYGz*xsEzWv()(fnmnV(hd+)UPA^`?;!UAnBz03_ z+ZS7d&^fd!s_z={2^mRHj*iSVWP!daP4M-Pb}_M6*xls!cRu`0hyT_t7O^le zv$b=wur>QzCY6#XEx#dvF#46n;c(Fr5}c^CK0g}q7%>GQEk=_w z$`E@E4rx0A8b>Pv7~daW)x~u`k&LqXY>>yzmzn!K3txQ&!1ZQa3{akyXD|~Mct&-#9V&UmHcPE^32&kAFEI0Szs{Z&LRHi-QOD(XmTA2q z;hCQa6YealUYD_j{BokLtn@N$Rp;KXn~hK%XY@{+oAdtz`>F_RwZd!bbGthZJ4!#uT>)WEP$5u#S6&M$r;l8ZH# zlh9dRN!^geIsSR^N>w#*;bb2EVz@-ltzIXD2U7>GoH)qQ z<-N&D}P|j6$WG2AnCk*_7mpkQEBHA-Aee`u(LBhvr>@E zgc1JZhMCr<&&RFpK7GHhPjdgPpRqZ8TGcn$x?lO+Fy{w*0&*1gQ7aGA^=1xXG87an=2od|5LlKD zklIE%T~@ems$zvls>_a;8-HZURVv)-OjsZ?VG>N3W(|l*ry6-s!#p+a(#VB!Sd6J+ zE-uLh?aA6|!qGpivtD7DP8|h`l-aJUE;JAEGE{8!ESa>iWIGL-xo-O3*U`H$-1Ksd z*BfID=hIg1s)E{Z+t`=|rmD(zj=E*StTX`k<*X}b+B3S%41|P{MfL(i&>t+i@I$DYk(;DYTI*4T<+>no7;Cw~ znbjqQfd2fvPi=J0M+~~yc=#Mka4GG83%(mpIwf4l6ty z`!a)@W4u8nwu3CplHPJZ)TZAn=j6UnD$7ms27NSq6P;fc@*x|t_)2g3TFitl*0x6# zXC|-O>4m*;DP)p`12<>Kq~zkH&%OdS%on4G;NJEh*DKfx}5iCzZ? zQF#3zRP}j=R;@gh>?4+0I0J=-erXavH6G-arp=61yb<1j9szjVQHCc;;3beJ==Gam zQX}mgzdbwW-KAAf8E^IK7oDsmz(VwvVGwOJ^xWXhHGIO2?;#o@zK6c>{2qx#h$CR7 zYaPAg^a~CKI!t-3(4V3yY%;Z&Qnbx!pxptxdxnw*Mx}kC)*{QM`(BK5+e9GSCD?ik zIoEyOz43cR-0@ZO)q7L17r#dxLdLW*jS+Kx(ICjX#JBDE1e2)R^8^GB`O0?pl5)Q4 zPTq5xp3urCfa1$KPJwvu4IQh+|LMpkW_ST_A}@zjeeq|u>leWyTM#KZ2LXMe+#bPg z_xl6?ckr{in&{Df$HspN$bXBEf8)py#lPaCk(H6vQiUqQmw*?e`;DQfLPZ%`zZAS) zsw`8fcB1T=J9*GJUXy@Fq=5#?54&r0Y@p?t_==e{9 zUFK?LYG~rt!K<=%J`P?XpJGGWOCGa<;jyXPnHTvlZHu9?-y2#1^YshX(G4DWcO_EU z=1z=%1Pg@B{R-$TuV{O{5FWo6$`K)?>8P%@sZ@nfC;SJox{%Zr+#bLp8_x=lJhR}^ z>eRN*S1IZrp#FZy0TQQIP~Q=D1MGh(?EL2;3pzQOI6D7lfK|~}M^eQ24IbZbARlGeThc+t`C@HzS&FXwy9woo@2>p#=KRW;=mFf*FZ1g@lww zV%_A9%$dpW;uv0pO(XkaDvuZghU&ED%U1_AW+uxP5j4AwL}h8Oih@5*3nvUwo-qbg zx{Oe_g`U~WO_`Y6N>e(D%xadbQw+#34OFffg_cagz^B9yNm%sdheF=uUd4x#A}jYG zVf!jhrn5@AA)ajE|8*LQ^yqOwT zAq_bN3RX~eX;QT~uQNmS=tw@zpsu>qCNMph7O71_BOd#jsqqP2u`;#x6}P5SVX}BR zoJT%^srA#EfUizkueAM5z@5K3Q#ukB*qjTB*j$F(K|x!0ObAqC4a5ehL2K&=>|3jQ zm-0iZf>l8&tLEGf9+IdK=kB6>LC;rr$oTylT#~Z3c4!AzQCCx-z0X4x8Bw|h$wqH- zO*gcE!3g`w#~KuCzn3taE?`^|JrPV9SFPaQ&6H>@jlV>@3c(uchT?R|0Sv0SMmZeE z8xYRsHddy~nxa9tE|{)JUK(V6+6eE& z0Y^iJYz;a`E=Xkx>Yu<|K-*Yj6tpU1^nKgyz zNhV)l?_L0Hy)5c3GU_12Ab3)$6?)n(vP&3j;1GwHfd0>!o&d;X>&Wj6rS|*rZ<&g+ ziM8oplFsluz5feH+z)mud|+T;!eDZ)V6LuUaAIIJ$%}gjg_FgL@!n!!ny`8Ah0Y(* zLz@SMi+e~u=yf`RlBT}7&88R%4)(qlijEc9rgBuoLH72Ra#$jwN~U@pdTNH6M8rWX zk$^v?Ffc&`BJZ7${>(poBsC}{Nv~pHVqm6Y2>2(2Bm`sxfDRe{08NyEvHpifaTFNr zx&AJ=n0^O@f72++&W_(3_&0U>U9OYI`YzXr#fN|n6B(j5H$4VMMLsQCRsNJj)=ILp z_SX54%-U8tq4XB_s+FW>DZBpk`Lon46&3xrIlk-TWV`n^yV>;n%iAAxe@SZzjHG@B zI%5B-XmAYp1Xe-=C3owmY3LR;rR7`KNDMN_^_$7JE zmcldewWWQdnzTis5PBw%R2JPvH41v(hKZdSOwwtDDJw2NeQqjyCvg&{p*u0f>Whj} zvd7p3yOd@sVJf?H@U;d{6&8=Baa--uQv9kvmUD}-v{SPYrSzAy0`_3EMT!Fq89ji* z)Nio)K*Q+bIs`FDfmc;6B#bay5rW>950Uiw>q;1&^Q{FTY+_{>7QrmUZ?0DRP6_%s zW9rQ^a~SZlpU%@Ybn|IO;bpuj6B}YvG6zHv5Ia1y81jTC$bNZJ2^MyoQou z2*T`xv%gyr`l0ls-I4nNQ0if%G-7rbmoYkc<$lfjO}!VCYOf=@fhKVlsZo|V4@%`^ zW)3Tpva8~70(MU`%obY8Ry(GV8QO08Pqa4AF!*ibG>K@7SD$M=sO`q1TfFY;HI6du z_T1}evbMfR#+-|8F`3iOh~B0nriQZ$Ohdbgqgy=aT1tO7EnnvUiKe0mQ_z?!KGhc`? zK>QjOZ#iImN^f{M4*!ciDol6yQm#I)<8g?RuOLSuPo<}T*D1gro6lG9{x>PtqhU^w zi-=#|+OPqa=}>?i0t$mrkK!FwF_rKrPGh+e2ztpchTL^p2{!HcA!Z(O8o{rDC_ayX zny<1vqHP+FvIyHyileI%`6S~xD$f?UkK~1p{QM{LkA_OG{v#FRi>f)lzcZ*0JDEw^ zH-kccYZRJ)YLx$~ZvS86URBp=K@5c#n>vA51PA-U|i-4;sf}58YaLU%+&oL0Dt(th6ZKAHS}h0X{*-hnzQpfE^n&` z+#VMmRc8N)1nF6@pZ5Kyz_3kychT&OJk(Vo$$oAihb`0uJ<+E+W|YHZ_$nzTD&_oh~&{o@o*pYf9RDj7rN z^9e8GCAE%;#Hw=yxyT&TwX)3^vqqXQ>D+XJt;;9uy$t-r#3w*Vt_8NXeek!7QI@tm zW~7$>=HLh&VRE65YTJhMB=5|{YRS7k3}&_7m(VYfwI*4+fXvy@j!8QP3F#bKOGZUz zo1T_!Tl+Fw7Mg})%bZdJ8;n@W#{k7USD7@yC_^Z;Aq3O~^EKR+Chf{k2%CKyq$ zk{Y~5u?#U3>nWHAdJPm}l;&DRd1DH_HnVVx0TOUS25)8|u>N9W&n{Yb%sVC-yO$>R z=Ze$UkRB~r%Uu<2i7O|DY;LXyLOolpfS%Uzht9!p=(!8g!9(CKs`DJ5GD&L)MLJx{ zK~_brVa~~Nj*tZ=HI?_!H>wKve4>ctn?vLGnnEzy5vrWTBCMI}OKmmdUqkVt)$43- z-Z|}+hG1qYC=4_C`1)3J^H_tMw{Td48AWYG0pJ;=SK6C@-iQyI-owd%cxH8I#CD;y zBc|Dlm>TwpP-WOIx$+L$-u3elH;LMgbsW#Smsqm)5}KScW|xvXM{^K1pHP!JgXFkv zXNJ;91|H2iq9G0EmeoQx+0Al^RTjGS-w$9%cNgozpr5)$s(shFG-V9Y(#+GYMEA8D z2EWbB!(1QF^yrezoncTrY)#KQtmvROx>}HRYet8H8Wx>;gBu zT1BJ65%3FZ(RT@ZH%5&CQ_O^a9>*Kf3k^Z`Ze8|RIPS7=W~#->BtbizCW5qmDUj-8 z4CK59Fv$BM z1j!vxg!O8FY|cn`1$AU_apIjDo}rF_GMrPxl@Nq(47iH-V=aeFh+$+IJ%hM~km8T=sMYk$2WR zV^Mj)l*ueJsA&RGGLH&oQLRgUY(B^E@~BujUfrN)lSry(y>f3V+6v?F7?bGqV--f- zD*~F2)F;pGRPM5`glhp?=E*nkr68f*(L>ZeTPmkg);@>V42?7*%lhm~f|3Y@oP#;K zRmWRf!Gg~y{R*r@-$w>hZ9Yz-69o|^D}$@mDpm1NJM?nIm8cPz$g8}%Ga)Q?j!l;+ zarY)Q{!IsGa5y!uhdSKg>Jai&HG)uB2>~~j`i+%Y<`G@kN9!64=GaoU*TVK-oPCB_ z_cElTXyb#vB6(e0Ed~T#mSO4X|D)`kq9l#7tHIEh}sD zKWDU{nF#{gm3{KJ4l6I%=uzy%8AV z@cuNyDY~b6@u3>8Kg$ereOS2G4{WemM+76mjIcqAbW*#4QDbmjR<9J}CH|4HOQIKQ z%g`F@bKOXS=u*4SSq{;zWcqIzXhgqbk6u-N1~)G5t1NHqa{xD4V%mXo}e z?eEq#_pD>jE3|;lNq%12wzfzgR?j3&w^1IgOAvG!2Cg4I@dFBJMVy?0v7k4M9hrak zx`_<&x=6yuq57DUg2Be>z2FPoc7i26Y<^}%85?P1VA?M9UWln~ zImor%cyRmqgi>^$DRt;S$xfN~@=atByyM76uZ%g4Eie|%J^jp=N561Uy$tu0 z8X$L6@f;{cK+eU$zX9)E5jdhR)9D^W?!Ql!|88;N zx3ZEo`Nv^lS#`q^SsCNYI%8U!A|HLASS2W<#Jp1v(Oi;6j;_CjfR+}t%PLX2Gmgx; zF&OO{op0$@dz2mDOCKkD-hU$M^&qh4_2_G_@HM-!lYF{bifin|$z-)|K-F`eYb?uoc(|tHp)mzRx z%~;W#p6RE__hl_67RWbCD@;6E49AcAGlBKF2$QcgRNFRJ2L}p%UnHJE4;^-7r1ipP zCMQ{OJA7IriuWUV-r8t-+9`_>63s*eJldk=%_NJHi>(}|%zLiA=p=F(beQVj>66(r z3NtMZy~)C(t%W&@45QS0e6(@!yJHk?w1kkVU+WO1ru3HPj%Ay^LewR&-t$Y)FZox{ z1FO4jmLx=Kbl$OLa|z|gG-f9L)#9LJO3E@STHRxUl50Bn{z2L2^N9#!H(QPCB&6%8 z+M&>=2vbR9Bx6*IDgs?Dr|0#{A>`ndkfdx18S9g5jbnd`yUOX!6g}ii)yBPg^eSN7 z>nl)3ms!fYnTF0h>)Eb4oYv1d;xd|5gC0!JAnI#2Ub93Cn)_MC#AnV#=8HD8mllG( zLG}O-h~o{sb4W?Sc?&{-gXJ zcYdbTBe!(#h`Q|$*)e2(**5c9`olKmRjm%eg$RFuO{j|^s4i@^i$Q>507f5DwOqSA zm@)wDf2vw_eyO=p>^;QJJ7C`F}sUXg^>{XI@afPrw!u@crUTSFg;_7~D1983g zfdFR5H?Xn*FSEd~g!))H_~^Ym9F1TDz;gCGZ%mm(G4_^f>sZbUk!bCtvw$zyYVNGJ z`%B~Oc5h*?rOD>*boRXI{<#1Ep}gMEuyl%>vefLJi43cZjMVtmXcE(`9ZCgv6O=Nk zp=lCse^^dw3k9q)Bo5bPOIrZB=$7Z&xX2t6j@H!Q<0iqUC!7>l{WHHm-6Pr*^dW*- zs5?)TR)gSC;aFKa<7{RWSDFzha{|5W)q*UL{6x3jn#io=U-GzXU4cDT9 z+sq_I1U=e+Oql$ViEK*sC88y_ z&{4OM^B$!~Lszf7Rr-k11$UduJc)jnE2<4-?j8YVLs0G>rjzI@rlZd zF6g5YqK!dX@>UrnbI$3wve(ys2eGbo(YO5K5C3>)_!%LQXVA6`0)vRYACfCV5=C_f zMXv zq@6mN$WdMPp(2(#B-d4;u}DwkO1+yEs2JsRvreq_y~$U_prT_hJ0Ke zAV70Ao^-xPMc}SWdu)MD_(EZ*hUBv02Csa;b7|y_H5!H=eej&HYrmUqTL;_Lb`x*X zuJu;YH^x93@ydL_J4b?huzs{E49GJzI$NFCsC~>5-E@9PJ?W9!pqJ?T;hXTN=@p}V z%V~4}veolVZN;WO*L9jQ15)Rh05S9D7{(V>m8to_HTu*IPA^9%+p~+P3&YEXvY~r^ zdK`MpMk|mF85AN>j?RuXq_VERsNA&>VrjWnY!z zqp5{oC7~m$1S1NfAmaZ#h{YLcv~|iBjF%RKBj(1^iqhz&FWlfgi10))Vu_*U7d?k<Zaz|9RI?WxxljEJKWjCJ|sMAY-Kg zj?y=+`a?*XeBE^$w-Z;|MXEd=nWmOp(RIW+`-15%edr`BdkxnKjTl7=zvxz*NE#5IQ>JUKo9G02LGF<42{GgMe;MAR1VjhA{aO^Ge z8g{wn6F%SHbH{s++*oJD6&YOFbC~WpxpEVZ9R)z&a*v$PX}DBNq+aHn%-nN~>X@_{ z*6PvsVEdxA9r+;b9HG#3=^h?PP_K4VnWk6Lnx%^3tW<;^j7m^mtff)MTX<}?m^k4> zasTTR=2L`wF*Y@22bnyK=0`kV5T5romPfHCTyE|;&-j4~k2}+JrwV!Fqu(;QG8sjG2D1ug=uu~TF^}w-u~8e$yFeG?DYXwD0rEOX-?)E zBA@@aaO(h)HhL<{+C*bLhEA}$33Q|KMcQW>^o+F|$AP!E0if$t>DWTd_7JD+fdwr* z++lSOtgV6YYn+j}Df7{&ER+L&b#hL=!%w?2dIV%^Y7X3qTCi4*zOehRx7pPFlyVQI zecvCDt(iI83C6PzS(^ID7LMNOJ7BHV5Im0j6O(9HAPzX->C&E~t(L;rjV^8v{MP9g zcdih}S2}=i_D~xpN+I2Q#xTZU+40+I_(xP(piUnv?UhTR1$~VWcmU1&I=P(FdaP$1 z1JhGM#-za&0ssS7WJ!=y%e@zJ_x?ht=l5rv!SAvVE+h!Mzb25&H2k6`q#LYo4 z3ULYS<{Msxa^kC#f@Dw?9QlMHa$5q0rKOB-M`GOUMMifDgg( zG#RI@IH#{c3Nv$2R^zRe7SzPZ+n^o+4A>w6(G^183wTz+27(hf{?jN-3d(roZdn3Qd^uxElq`lpfXm)f?Tp-8H^A-dpKTv!Pf|lDGye}N`nT4 z2DGqcz8Nh_weh|_O1v*fF7rHZ(=&!cDq(Mg3EV*^fxE7n926E6v`8{&;Y5JE`OjDp z#9@C9lBu~MOy{VA0S1(id0g1Exr2H1bB~f352#_j(uNPw45t!vI_WGmQdp{F(bS0} z#o|0%v0}hJ;%mjwoo8mk!6p*BwKOAW|0piYkGQ!wOX@`uy~F-t^_EOeLW2V z5z-%JH(yz4Tdh;FLD`_NIdDkVA4CZ#9DcVD!Blb7dfl(!m)mU4!pMrTfEi-ytA74Grp4- z&t;SSGae$rW8WaWe=`z{3SqX`WxCz(Sq{HmZ?7kqnu6I%icoM?w^^g{v7dX&c zhhAN0%VN=(a$fuAiRw}TMMlyggCP9kCW>h}KygZ*#d1`y`OiY} zhIcblw~kpEt$D0=8KwLrqn-+RY2=FS8e$K+8nS*8p=kRvx%Xeuv$M#Owf~JClW+9! z|Nlmhu({KBebK+*r}#T)u=pK~cl;%#wU_}!=P%%oCZ^~=Of7!T2LeQCt=t?jfoQ-=3V#X;%Z}JbNTjhJWBsVR=!aWU;}Er$!xzP z@U!x@*#zJp9tuN6=ui7#)gjE1G9#K$CC<3c&94ACZ`A3Ty!k)c+PR|VmGmG>W(j;Ly5$&svAkc zEa|bz`MQ!ktgbLe$UP!qv16^Y1cLRQ!LYG>|A?TnV`8B{Bf!j zA%gO`!hr!D@3+r4MM?;XU?{kmvK@x2F;G00F{cMEvEGz?IZR*l0WqT{vhh?pn`kxm?ZXE^I zVx@h_iss2^)?undy*O3YXl!WKVV3rByFpd2D$ULujUpeW^VxF|*2c=ENig>6sLFWb zFtnwL616ulQw%tz32F4mKb#7eQ{@>J(~Kku{VQbbm;=xr!BX0jl~}$Fy7cyi6lRP= zcOL5H)>I)>+grnR&6P-Bw<4a#Tf3M$q`6kUh0%fC$lT@k7-Q`|n{Xx9uasFQ_5c&K zBwQVCy)lw|`sC{*De3u&^uG&|IxP*+Y-sK3Y)ib7%gq-Djt)}IZrU7M4l((aH5qI_ z2K79tVQ_~+^;yILRt)6^^hs{=rWoQm`BFX3s_&o!a!pW!g)Wf1raCnzDcZ)=rlOBT z;!vkXwXp$hs){r^xv_w+Di^9 zlxPb_M)qw5;L_7-jZK94Msp{MWT>k-df65!q~)Y$W2#! zUy_Z1SGzOzpaszrh&|JXb$Ufnh{dDI8|ql`sF{GzMUOdAHbWyun?_7$D>ti<_#qO) z2z4m)fjf6t&#s`Aq*2QZ6Zp7%`I~j8eZo@ERAMbi{mIxcqia$Myui`|LeFQWZ6YOd ztcGbp7kSK&x}N=4o&3!($6G@u8+_u1Yzh2=bA)+8v0gW|?8ldQMGkv-@|g6JvQgga zp&b0buI7(A+y__4Mw~xhW{Tql3trmBe#fJ-Co=>Z%VCq2u4Z8T>DY~FatOo_3CnaO-OKuZatdjsN)&=&jL+#1}tLf}}s8N1*Z4>{;q4rPvh_Mm>KWi0=Ri;(3 zl~KN=krLuCH6;9zDA1blUjmeZqDdIPq3<_P2XQx@}D$2&Fi9N2e#dueV&UueaYiZSRhM_kP0dI(wn=qqJ(w2XA<# zhwt)s;SUg~ng~zn=SaE|sr79^pv50b(gncRkpS?19h`kY;OV7T;@dk1=hoaE61v_{ zfN%=@y3?oFlqLir+ja6!kH}Y{QC@YZ(xMzkyL6eVnap(PAh8^FT47SE<{%?bN})B5 z#sumxbuLWPNt}%6m!jr9zDN|eRH3zKP-Yzy%`KgGqhn7YoZKzZs$fd|L9;sCk*I4L zAv_8g0#t`WBe!o(54-=AA1$&dFK+6Ou%hlJ&_rWqxiZsQR-z^*K<0*8$1W8edQR}` zE7Bp@BsW!#o>rZ7H#s=)8m|ed87n6JBiDXq16IYFyqn97BQOt}lG7lWVHynSI7O%O zad|n>6M8?YyH&e%FnM&SWtNb&!6UGVdSB;8z&8i~)V&fZ)(@IY9QnDnx26dGP`@AM z?1eP9v8m>#%NC*2U0s+s+)`CVijCHvi8$92Yb3*Z=><~6+rWvZ&)2Nh4z@(s?04}+ zB-?18ho|$~;&VaBdV9`Ll)6K0nWlLvMM;sgK-w(BW}L_Se(XSIGNKrJ!-LCK~bZ(tNjf9THyL;zg^}yN}z>Wpz9AO1y@xP>>*`ui~Vv;%Aw5UB|1c2oJRmU$cv}Tct1@u zx(tA7mJ|&fq}dv*3MW{CqlaTLV~Ia4;(=n7tMyzHz&eMW$ii5D2}W-gPEA{EI~`uF zO-XH@|GhS6Q(AIpSJ2lW6dk0}TMOK}-Ouq)Daco)e%HQ(^E%VB6=|f9ouJo>hfR!M zzsb5BE#wgfUqbqtV#&M9DF_)2zXbx5l%m#nmhp=@DkLP_!_?xLy3sh>-dC|85VBga5t62YN{W%my)9t_Dm9VEXurc;S~|P2TYn zG-@~E{L?mIroZ+xh(Y+~vcP#JSNxLbj#ebWt27tI9(@6C-K%Z1HK4qYPNu7GJf62{ z5f3wK!t3i=_ai1S=6Y^#b931Ic!eL6Ug4Gx7D3#Scr!cb6p0XzI4d#fk%zQLpbdVa zLu1km)mAUbE^-V&wO!=3QO0Atm!YXbKDn%s^1#!s{)-6ucWYf_+PYvVK6o0D%c02l zwKDgWpP^lB3ht+FZkiv%iqT z`fpCiqXKSIwf{;CGyU8>^T6zd22Rjb4Wcy^ z`{mB*zh`JVP0V))zDH%|w;KPSbu(cXOfdS5K#)`ZuoHq)uQ(WH<2ebaL(KC`$cdv*N{?UiJsN8@Pcl| zqhNl)8fso}>t8ShVOMB#&P#>NTMt$p$}EWtFVS$f?vLHW%oEj~R&24bhKTDH4+xYe z>5_hjSXSG+Cm3>WpV&P65ISs?#+Q?=Yb-mbMbw!kE!t%ghFaw1&%rCkhqq8eE|6{F z2W@;&2bUZ&Wm)fO=!vhJxVf!2WS*F*+HSWW;1>^x18^Pg3{jU2t9?f5lK%J<{8Dyw zR<1q7Tg#w~yW7%XW2rQ_Q_RHn@OcdL{}Zr5-PnDHTy22t<+o!X#z`-oxr!UwLfC*; ziSd`KJRVuL6g!FV&u&UoEpWVkfiDXTzX4gppYz)6#7-ZW?9oZ{kqQO56$!9Gr6VNc z3Cpf^Oa~=oWx_hJL4)3v)74yi85izLww^uR`Gp=5RoaW%2Ni>6S!^+4-^~EqgrFWj zOy9Mo@8Jj6Hhiity$Y*|s#KlBxuHOk(8*SAxHG#6-$UwNzT&0PYPK1i=*i`<6x-EnkR5f1i2J;vEetrOv1k|HF!U!>_ z?rt1m!I`;yo)d;BRL_tq6yCmNh`zeRak!>A=+3TY$hkL|ieB^r%HNUlU9trj=C5c< zSU!;^-Js4yk-uY8ud;dtsuDYs$jj@?Ie!)qlL?9@B`YqAJo^-Vs`tH}$}wwRmbBV% z&sAM3{5(7=PL~sgv@e?I*U1>W*Xp+Je=p!I;65$h_P)h5q&f+lAY9`z)99uZ6sY`m zQJVNdLenYSDMWnLFD#1mDc}`v{h@%7$DEuqvnsAo!prArb;VxSenAiMF4RgeVuo9S z8%8YD^X-}A*b>3Dmf8g)kd1j7uW6;cradH-T@1&X9QGFP0XNf~Z9y5aE= zvF{c|LVV*6;s{}wqkgT>@xd!IK234(DR=`trQg;%0EcK_)i(2`I9;xRh%J?xJLw9E z?=X|L61-#fUUcmb-+^R=07bafF?8;+4l@U*-t?6b)b=MJS`WrmW4vGg7C6`|EfQY& zcJlrBzQg8!1rGjOk{AEy@|B(J>xdAGcCcZ(gB-Y!+B<-ApQy7)K$2 zgw4=AbJB*R>43{|b9J)zbb!xQXjs79^FudjztMBlzRy1b!}MLR+mA9^&94L zC6cI%NTJ;>+H0&jw(-V23yf~(K^rArPtlN1OHLz0n7EoK6EgCg1Cct;Z_uekst?I@ zqRH@~;?Bh-W4DNF~(kFn?Nd3sFW!jp|p)v$u=jI5(?! z@lxwqn@1F}&2QUG+f6jH(qhC*+pX1cQze7+NiN$4#kCIwRpU- z^#OkTF>R+-%sgQtu%(-OF&N^N%G|sg2yZ1_apMh*bdD!!qxmtBZAnA%F{}21`rmmk zfl*|f^Rj}HecDYEwXlvsCVsYXdgrX&ni%CO(p#lb)iu2~HgP0I72_v*p=5oht-0hm zw^r&Z5$X5cib}>Z!R2P@N=}XSJ?hNADxp!LvzU0%TG16|yiWpWUm5m{6=a?}Pi~PG zGzS#DT$A$h#*_B##t@YJ%z@~e1v^2|4~7D{%>KXKL#WIFbBD7D~ zYII-J2EP|Iaa2#-<3;9Z{42%wSv>+im07yAftRKxdpHg{@t%)>?vSR-m`^C%WxZ_3 zo}dk09ES{_8Gp`hKlrWpAVYowPJgDSWBpMvCX z(#e{m+(MDTW*xGUlhFLyOY`fvGhkPTFQR6R`511*>qMF zbb){z>=kOqRRqy5#N`Ev2BeLZMC_Doh^q^@W^Pr-e;t5Ju?R{3S9|P!_UXbEkZ|wR zX7|&k3y!xG+5Wx$iIp0H8`59*xrnB zqU?bVWuC>`6)Xe5!H!COx#<`&SP{AWHBs3JOQ6iLu`5=hw00D^KALR;^b6S22uBUC zVGM%}uwFFUVIh)tT+i`hHGW3x)q_`g{b|V>e%?qyZ-|2}RHG{i=YheMmG*#{#U!iklyV~IhS8$2CW+nHoi4etXn96qr1|h<8-Mdt z_Xy$isC0rZR*q;uNp#e(U06k9iTJUFWn?d>U5p`-N%he7H0U`s(~iC1U}vOada-Y|q*)p+Eb@~W zZ@K;mmb;XGhFZ}`)ESV&?|5F0K%WX8rw?>{-S$kvViy}aleAdO6!X-vE~7k3%hHN` z$@&D2CZ6;J@*OhoIHG01g&>c@+y1{1@LWGK%Q3!fXSMMEp-8u>e3E5k$>7v%>smq*c}B8U{eRuQbH0aC71phBTiwjz$9cVQI3 z94K(v{b)e{yKlAU86eoHqFG#Xcy=baYT+x4|Bl`KHU*Oyo-TJXnYHoD(|70B&L7jy z_v6*kAFsFCAlYqeAc(fY^D&b0Q+g@B+c5y98Wun{MU4O;P=GkXivc|ZCm;46kw%XZ zhBN?8D-xhxhM1Ih+w6cL+0~5~GBZb0=^(x`)n$Z+Zk%zFMR5+DE?lm(WIQ;X8(*0MDV#VhPPtB9MYFw)@+Pn_>+Hei9qCYL zD9Wh>D@9+BBl>NHT6>vQV+&`kFe?nNL^t%Ox0aAcLgriJ^x69<9ok<6;kbh{ZCYm8 zLgEZ^lNmbmu}oUYz|pNnMB}h^@A@Y6KTl25Zbucmvr{c~Bt=op`Khs$BH76o$Bf+7 z=_d@K=pQ=YD?RX^2n^6+5V`9VgTfCPY{J^YQ4uTM=%X}=wnxE1IJS^SLWzD2j1v9o zFNNVQ&XH&@zUo-SL(JV{6EtYFg$A$Vj+zzr@+agPiO>jj*48*oI3&{zxlIn^ekO>j z74{0W6~@_rv~D&>xCMe^z**BGI<+8mQ000XZE(q(cevXHB?YJwoV-I9f){?JX!i{EPmLU)B2u{g0#=$<>(x}f9PNn z17%$utFL@GCXldI;{7FimV|v#h(99pN=-_7gDq&CCGyiLKmN7I@XU2l%76VwbNm5t zoza;oh)jHmgMxn^M~QQz60?c7QY&u#5<2jXk;-$gFuSIBo; zeAd6xB&!L>7$}BzI9*qcXZn+)Xs<@3BU&+45$yeOj_Ll z>U?^*UJ`6l)^lFa2Uew6R5jPiv(hOhPS6&=;IAycMDUl4qmV(WLsPhc5E&Q5_P;L1 zOCA4l_)_F-f{CNne z5RN~Ojq*$uttuwRF5cS8BP1-PwvK+90JkV^U+|_?;Hgz0YM-LQ8LR{=f3+Wk8m^h` zSWP7~>lxk>qd>J|XEOxj4xu4T@fUl2u{W>KA<_CTi>8^U6}9YbJ6~J+a%Pi_v9SEP zF~zP>?m(sr_XqvIvf1);cx7bY6wUj0BIIx(dq0HbFyM@< zU&ve~?@C>H;~|p{H^Ov$C{bofy4PW>>!|3=;}U{|kV$titIz27TW=(Q9LUSZ!m0liEw$d65HmFJEmYf5*Gt48B$ zws`=0s^&GcS`eA`UL|@t{j&8ULbw;#BJ)uENAPPL!s-yW!GooN>z1qVpmqi49!r|# zdeXykGvF^ed`+a}nP-P{Bl;D)^-e`&!l8Om2<(Q7S7PfDa>OZ5yR^66CNY;&@o!Dn zXWB(WUZeG#MJH;j4M4+U@dz4cTukG$+$hJ)Nt!5|{~On%+){mzB$vbHU3?7E4h>Ny z@hmO8lUGzI*W+z?jOa6q|Ln8>YmN-Te5H0+dDF4{qp>Ut;1BJ5}l51Ap2@ z1cDee>M>2o@zFlK$J6iuvlt$^mrqaYZlQAs6LVJ47m5H^)w>GLeR3fgL|!=a zeH0+B^%6xvE>!wZr;ad1((HiAF|nHjkX6v<+A!gpJna-RuSPL>E^9d6gSlHMolC$R zY3RsbI?f!i7~_4;5Xag0FkV3#kE}Q3#u3Vp90Mlu68XTR=f#wrv1|f+8mt7gO~LO| zA)0B~)_oFx3Z8Tgajh{;nB_jT;8M*kJ6U5Jaif@HN|BMGU`rhNiFpq&d-N)a4OXq> z<}iY*Bp^nS7K`6v2iDK464-$!2nU|6+14DwimE9~g316Gk|; zH=JVj^MiY3BM();Ba_5Fx<)^kq>fDO7=m74ANzsa|K3#KQ);Xig~}$}B*%V%!`~-h zZ(G6!YHD{NQAzbiCB;5iEg(e*xc?(2KJ-CD#P>x0q7d!}sw!xoQmS#t(Jo_^9A|&K zr2)QLt)cRi<-Z@!VzlPE%f3fU=r>hE@*f2=aYu0*M<;z7L*xH3mPV^+Yho)S_^^ws zv(fw%fCSaRqA(DnsMqMt2)k1+r(8lRUyAiez)2XMw(00Bm-`?->sIZ~^QLKjbbtS; z^PK3F)d-m>TgT3AdX$y!ew@wO`S#T7`w6;>u!J7x{~Az*?E1Mw0ZKuG9{0t4+X+aDIE`)JS#|8%R2pu3M<|Ee+)NHAhw ziM|6lE)pOYP{VkUexT?k2H7VNIv0Fsd6Ib`4vTr?b=MY}T>EZ0L*R*j^&WiB-PoACe52 zfy4Q0@ui;z)ImevUj6L2C+zgH8_2S9*_gOQ{!_lfq|%<<+7wZkE@E-@3$>E7ize*k zCUH)4#frTt=ytJC3<6Dyb+oZ0NV1+83F)VIaEQMaYpg7!<5rtFq{{~Fl0-Ne;s%mU zNh3Q~K7G!BPOI9f6&tA-PNya-PW6;4i)JAn9cIWW!_Nhmx6O<8nY$Qs+=Rqj%us_) zUQOPkk@Et_+1%)B5A13zYOIoK%;7{wZKUvRt4w9;*;Q7?6v65HPJ)@rFhRvzFcame zJ>1*8;xuSe99Zz*!8-q zIZojmIUfLDDOJjked^#lOxta@o?HOdC=rYuO!GUB4|@8ud0}I;;_n$;lXO8_ypF$< zx@Es>n$Ds1yzE>yYIo@o-JXT2R;iPCmwUu!`95Zhv*+&#C%wevVRoVwOfez5sdX&H zhnMtx`a*bp#^bn~lFDJRT+4Y+Gili3zdY(tB;F*0x9D+z@Z+0dWZ%9o9RE_Izxx$y zf_^!M4>+Z^XCU6}^alPk@fqX^ZqRnB%~Pvp)d^MV20B-*h$ySIIWPDLfT+JP$AHn3 z7tA|`gF@4jzbwH`d8L2jOFT4wn-j`n6IjnJhKNCXt}~b)^I9KJ_#7y+N&fwjiYSm| zkwK(Wa{IGJFS~6D=@BQp4B-{DmT0mXQJPi5Cc13ZEnCe4{dzv8>{fMRpS+!n)JM?l z7mj7?vSr2fqfKoF9Bn&TR0=Wj=t9uDA@pdtbMo(S*(4!%4k?l8%RzYB*=yM z>+DZb4pEJ;K3JqI$O6~!G41>VAe*L?HOm>S?a~Dj*S~}|Z3m@sHNaa{vHT>6IS$B3 zeE9rjq`qgya2=%z50yzaSpH$Dqye!MY#%#%i1^3>?(Dfc)0JHV4|LIglEJ=suS811 zbwP8RZmDTteNyYRo;2;BRCIq&2YyL69u=$Gitkry+5!|+ZQlRwCL_kr2%Woc8VV8o z|4r`_cl^G_=%1^UlBMjT9EQ(2Y=;YKl0Ej=Fty>Lw36If7Es`jkpKV{ z7y&Qj79#eKsd`_8P&_$OjzMzu3P=$r1naO0JZt2j+jbLGxnOaLhQ^>wx5Gyg5!ypU z{+hJpKEoC}r6Ns9V-jcDJnYttL)geGyXNLT!Y0e)k~v2$_PR`?%0g9vLPdfpiEV|1 zvuwRn%TpHro1CrO;FV8>xp{eNH147d_Yn8F%-L~sqmS^hm+9N0(_mC(DI6k34e*KBx z=>)KgM{y5{Yu8w=OvBBQERCrWcBj^&y6mu;wdS54g5=$+uz+HQm}uz1rs}d5^K3c! zuG|=(B=DGIi$ppmzAzjWFF3yb$#A+S`iq)Ba#$L&*-8wVDHYb|R%s-r4hdD!QI%t3 zarVM}%$SO4C7i{Bv(RG`-wiiREA{>Q1E%k4AFMw!nH<#O?2%hJq+a9m7f09pq8_>R zZMAD0!$^vCR-+u`-*#gpHT?suPeqDVo3AJ%+m>->wt(R(dG{6OD!^?dPJ3|+KMvMB zc9bd}3eBg`q&M?YDWz&LKNO|(8U&m68KZt`B-%9L5z2O`6+b5 zEriwtWq?97asnOI`KJjRJS%y_yMUVQPXughTwzlIwF}12H#{4XPgpMi%uhUgLXh8t z7|)wT3}WMX18jChpg8@`Q*M0?iRia}r@RAM;P+QJWQ^b8y&v#kt|9z*w(G}9SxM?t zY4`pa6UkZ51R2Lx|C6zhn3MuyG@g2!{TNl()j;(d zJ% z{jaMA|9SHGucFw0{9FFvJx1WoEOG{bNI-WBh-=!2Yh<8Nq>@olRZ}TL9WGEnY_r8A zcQ{;(xgdNH>A3loqQ$uh0}2ruTQ=5Y-UWy*FJ^K$9ZgI=j;~{Nf2`C~5(g?^O{!Pz z_5>+oQYH;4q|}Ev*LxD|5e}LuGqadR5~@?MVJL8$NE%~QnumDIowF!c&SY}AlUbAu z`~_=ev46~_JQi!jJhCWRro+FDF(_|QRFRUTz1{%l)vjfb3I>+#IPQO0E3@d<`BNZQ zK8SlLRt%FEyw3PFHp#`leyBQasBBL)3=cDfG67bDagbs`owA~I9+XBOq!u!@@%Ap}@ zZPp^SUfBtt6ABJ#B)N|i| zp?aPvxCC$X_lEKCO$&RleSnd^ty%{jg)h6gEBj$PYDG_6036wh95K4sl9BryetbhXich*D7#ca@HyN4RHj-5JGJ< zDwqS=0HbO@UFs>##;>CD2}}7Gv-}_x;<#;+^Dy5_raqGdAG&T5{bDig_Rl%WVZAI# z4{>^5XOF?3?(_npQbVRG0~@oDC=AZ}Fc@eXl(^6Er8mVWFK5(;WqSRb6%ZSu>o+v5 zkYVVMuE;{RT>S?ag(N-N5I?*O**eKq8Y05AzGMIVB75joK|#bEZli7*S8$`pMmI;< z)S0+PXRyYumunix9Zz`BRkVL!e|O(>kqSbWb(S)Ks-Ad*{~>fY7(9-zjNtaC7mC4(y&|_X$XSw(tf-hI}(jKM_iP~60R_SBV+}gi( zD;~^NIW)%b9Lrn2NEr<5A;(ZC5s#lrxm@dK8`Qex&}*KF^8v6?dX`vl1B81w5OT(` zaS0){B3;im8xMJ*N&;IhnNccgRx6s^SMP%Gm1tIxleK$CIs+(<6Z<~43Ehl|EFzn1 zB%6gDil~|=fh%d>Av<;yJU1;FPo(!WbG8slChN4Mka%EsJp3=Y^yjVaDeS63-IxOR z5-YSv;oA)3?-n=^#ozDc>c}%8#4_?wt!>ibWAm#lY6#(5oZ z*mo7u@nzU!HuqF^J>Ebjz%J7O(YKr8H-=Y{h!)*PkGzr>YYzH<`dwCxaDm-7+46`d z<055C%K$O{uvS=Yk)AMC$@=;W1;)wg^G|6o>z4907WxY|Vuat7x{EBso>;dUUX0Cs zjoB+FR*8|*aC6Svr;&)y&)p+?ZG2yHgunkb^-4D1` zN}phd&|3-|;-)z?W0H!nu%#y;N8o>)xM72~^Io+8);`ZE*i5;Ewm&1CBy^Yo)2WiW z`Cfh*pJ7gCi*ek7?gUearaoioqWWXzLGCYMiQk20L?I?aaul;AaB(UG;cyJadThws zy7ns20YD%SRyBpB z3mxKkFgs^WWE;vJU8t?%99hx$LB?G(*y z9h?lEo&K3C`7fp7A4pGDwpK)vNAaPfqZ@c6qD;?Uh-}XjvDJW(H&;iq05yNK_Lpwq zPf<@PF?l8aTW;%fE2;QLjafSP4e=xCY;y}#Fr`6%&2hHfH20q87?18dRq_e7%d_%+ zGVBBox9{*nH4Z`#O#D+UybX(wec_iDvi(*pp46LN;D-8V+Wnr%k5&eHKuZ`mOb_fZ zO_EaK$Xu#>36CnkxVQmNmqA%@Jaw5wP*z2=mcnF94wJ5}sEDbf9*>?98&t45{Z<&8 zo;7`vbn!v|M8+I-T8bGbd5cO&6(fkVTkIy3Nkdq>!uCL!c=QP)0JA$UNfkwKzXus* zDnZ0+R0A5_Nif<}vO^#3>?o@zel@JQL^X`R4E4~s*`KBUcUV$!u>OQ}-|q)U_kt}W zz~&eEfWv3H21DXJIm~B)1~rC;&h#mapab=Rv}LVD_?{ghdK@{z&HO3++&5MX`+LaLT*!9ALHVkOMbqR zZAYa74g*)7ihYrea0`mFa%l<7GPLP;QSM6;*hF!XUBaV^)1T<0r2N9qq$a5@A zEvYWZ81m`XkL!E|6B02iZ)N-ec}>#2r6xJ@eMn7cK+uTv;3llAEDRO0(rt>NqZX5N zC7XrGX}oK?|Np7%Jm9hX{{K%%xb00wHrab;-9#aYWW;TgRQ6tR8)bKAXA{aMD|^dM z$;h6GvNL~|&!@USu8%(d|M&8^jmN`zo^xH-xz2UYd5_ojR3_ZoJU#W2*s?T5!!{eP zo^lRX4$pO*q%66YI% z=|e%EG-EoCDL=g}74LmXkb18&Cf{nAI+>){bJn#FpXar_sLB`Akl7Bm_C1s2dgB?o zDOaVtIGzFnO=uZSQG)#uDKj zzbzKN^K6PaA;{Cm0@DC;Em}fyOGwdj%4`?DN;wtFTZ`8J_?wM_I@|g)dzFr5CU_urZrD~|5r@PU z51R+{yOhToTFrEurcJP%ES7f!Lemrj2d^@SIj}}PubWN#tvYc8;v!LK7!4EsBK95O zE$P?WoV#IhRql*{I!!QQrf3o9G-dyfP6M?y zwZ9F-eEmJRhel1<4)T(;UU9Y>F@;f&f8aZM4WZCueMt~QjUX_-jlmQWGTGBT*2<TmY9P^C3I&Q8rzFIS{R71L9I=pPn96j|}Exf@smKGb{5_Y{g+T%U>ve;VN zY>wkVM4ME8M$zlR{>XO}!V)=D8C*X=sl z!(7Is2&HHaGTU!Mp4y#PY1Z!&>|po-hncxskd<)QphCLu6m~Sy+0!V>X(T4hJ@)lb z(sG{Toe~FTA^UY$`xXKB)AFx$5pyY}u?i?J?9eOUlv?#omBtdEOjR3l$6l|t%9ndY z-|fqzPWy!>nni~6t`C$`tB^D$jH*d;OSP(XG;OQ3EUMDtdgIBQ}dx-v3(dpgh;0e;i*!a-A$lGe{1CyHyv z=PjPq8m%_5_b_8!-KCyON|WT&dylQnwJhAtVw^wkk?8k|G{UIn{v}%3kL~=aJC?%k zpGBS-3Wrarp_Lz@xKzkg`fkbD6UMw+=I@5w#$Fo&#hVs)#t<$5eWecQD{TKUz-T(a z>>N(@79cPXh_y9zwyN@9d0g!Dv>=qP^#c}1^PD2He`(%1BH5(L9^AV?pN*b@?5gYg z_{X9XUGbp{5LJ8ISjBLaX>?&%s#mOSJ3QI24y__wLfTqq>qZMOrsyQMyrvTND87BK zqI+_+O@vpRxH$>gJD9Eb#N!6dg3}2GhBu8X_?q+zg zSrOG*uBOz+Z!x@RZrvC5gZC!G$FFRfjr{W6h#vfmFlWk|n#G08(aE07>{rvVtW!CQ zpQa2uJzDD7?xiR+mc1L0e69q!rZ+km>m|+Yn<|9sT)xYyuT*q{WQmsj5!-~uc* z>{w2byE0ksq*gE8pX-MsxR>c1mNrk=mn(KN(xNt_B8${mv?8d=OsbUgLG~6Uf+zL| zZ)+tJDwcP84PR#y^AlaUrnJ=o8wPVA*9um<9Tt}2DA_cjLmVgZo{xFSf~WkJ*%$Ox zCZi2}pTMqX)H>`!w;vAW=J&sQ_;&O2E+{yVfbeqgFt9Gt1lIq5=q!%L_J6&QPDPOh zJX6)Ak|lsopz7=Bv>1^HQ4wDEGg9b&V;J18BW5Wn6Q^RQYvf*gJ=-t_p>;FtF z!>%V>CDTHOkf8Kcd{W%1SJnR4hPq>~!}EntoxRW_Z}RywU*YPKeue%GUER}VzRCX4 zR%2ky^fH1xZ@Px%xg(Eo&9Lc>*KQw*Rnu=8UHD4#h1D%L<2H6qX^o!AjSrzAu;>NL zgDTgfh=vk_ZhQFT3ymqd;q;J6JQearvcKwfkT4 zjfM8^P^l>yVtz7tQSxA^%dzUcm?f)<&hu(?r|WV?Lib5HstiP|{4Xa_@>>XTJ2+*P zd%f)eM1`t!MeIF35`-I-y1#$IpeTQ#KnOAu2B%=5JYT!4&9vM?jjQLusb7*{+aOi4dPFj2 zFDiI3a3k150b?p4V&NPbH`5%|&Dn(+tyC{89AXFkM#koI*{pO4e$OvJzkwd(nBf*7YO^H2$eB$>ukThXsCqekkDc2J&``wfxZa!ko6 z-ZZQ?`C)JX@^7XQbN^BbJRNg@;p|_bvsShaW_GqP8y;CZJD967@COVKp!oUbeWrKf z*w}VF_}sRdQ(MpWZr?eE`-B`JBDNz0s_}x~e4^^3($KG0;~z^1XCtWU5+n&91knz-Be5INqeN6PG<8 zJLL28VG|=Le6eOm%sMiaXV8_Qx|QJ0`Wtllv{@J9N{w-nb=(PufUwD!%Ien4^p9L7 z3R;QcO*$PhPPL7BX6(xxYc48R!>fPzspVhA$@fskq9na*Nah}LDY3)0?-7sArg?Ep zCLJPec`c+qj{ix4czK(ae3V)FV4al}TU+;WsOZE}*;Re}p$F~7E??2j4B8*5&=vLt z!f@C(bzMR%&cD!$Z6RoCr_5ihYMi%~9SP-NKd>&~wC?;aMKr#l74N>3!bc@!F+~-1 zex8fdsJ{`X#+2fU{M)VNP~Gkr6`R-Z9jN@p+Ninh)fp3vGiaD|w>HZ+^Ri_r6p!V- z;CWxIZ)_!{@ip6|KG(mS-I~Siz``5l6D&+D^dW~lK1aXecAkp(3!1S!Ux7T5QEq7O z8?|P3ePx&O+=ChIfim1^{9vaJ+wW0%k6~`&ST|ZOT*?{B#v~uW%@mW{mfjo`mC4(= zFo?$+FM-|_utOLxDzl3c8NMi{_|c8u?ZOO`NKyFk8x;PlGq?&?f>@;TiL|EJWN^0G z3m9+JBo0-XevG60@g$v-k{M&DGoOU6!vuHcYZ(>lh6$&WjTEFAiH_{3*r|3i&gBkm zKG2{9V!)r2$#|3dCeP1)z^Wj0Rm!~Ba4-U=k_=QyN*l<~Ar_K%Ta?0dljv0 zP0fBj0SGNU&5KZyBR6L!OgL6dKmf|6J6KWUFc>Ze{0T)vXgkqU8yGkxEMEt*L09Bkbd#)f-9u&AH7bfrWL?Z1tUkAH5GOP;C9~ zT{WsAeH%+?tQ{mqx@H~Q=1z6r7Uz5I@Mn#p6k`o}>MXrNrVn#u9`qlosRUnH?h?>h z>9oZ6eFzx7@hDvO^2TKS<<|*jJrTN|meTwn%Be$X;JxG-%+C{TX&qc3|HKl*WWvX&^pSIiH@Q`34XGBf;`rbFc zrK-CT?7~2qfKiURw(#pI{Bts`}m$2w$nBVMZtQ$%!>JG*MvDeO`{fx zxRgiOsyPRfu}R(_|UL^aqJ|BMjU5}BDC+>a7~0ZtH*XE(^pD+31>EE6D=v| z{viC=IvCs$m(iar>AQy>e@pj;SB#NT?=i#9hqCkqZ^_5yTaf#D*?pQZYJIi`ArxFW zctos=lF*N9#h3irweAei6PciksM{sxk5Sl0eic5PM^CMu6?m$aCKke^Arxe(E$l!d zmX=DdDhL@MQZRdwwh@(~bsAK&E%ueAy4+lyq<+Z^Uukm2_sCCgh{Rw!YPSIEm2P0Y!t=+G=CmS!Hq6HH z=U#p2P1O^*FV8Pbjx!ZZ9@#fW)`#E(Agr5M!gz=@1L8qg1O+082E~Q zuvE`ho(kfJL(aAC7LDQf6d^R9ZcEZa(c3GzUGEBJMm>50s}w#oD(H&10&(}}ev?Tw zp}6oONPiV0SY~k}rHe6V&BQ`l8X*r?lz6(=!+vFlk?$!@jxixSttbs);>F-pI%V}- zuiF+XVy{f&yzo|srKOUyl!rtAv58b1@qs=WhDCcqX~SR1 ze#kZS9ioom_3Gye6dPG+Kj(J9HFAw@@IEs%-OrU?EOP}XZg`r>T=iMZV(E2?=Zj8l zRZi(g)U85x=e@=*>nXpw9*@Ax-BuWC<;XSBO0c2QyY6ta?4!=LmAxycd&KVT)gVb= z+QkbPYefE+9&vgShKN4NltchOcEn=|vx3Ey&Wa)oYO=-O*a%&0rm)eL^T-y5o+-F`Z2}jp&YeS1s&`pet&TBJbZATE+3xp4 ztgZf*N36u!WVphrolEag>1aamrRCGCYqE}#jEXdb(wNf`8Fnuys)z{_8Py{3&>d}7 zH@joT8T&V^J|?*BKa%_$6i6oIYL00q{CY0z?F-Su48;VCpd!X4@%7=p)S2Qip;rPF z3uIbK7zyh&IWtxMw;qPVb{bPH0gi!g@Q+F8{a4EVkxnK6u&c_sR` z+O7!6f#}-eRn$9V?+>x(Fo__^=8l81EOhS&v#T53=B_Ge!*0$*{P64P(w`!aD##im zY2q75Ug*ozT$FQN^&ji%o!5d?a15aZqvlfkKR(B zy2+;x?CfA|jW>qYe?D<3K|M!;2KdSW(;tznB^jU>{ywl!fO*kh2LZ}g*^^&Xp|@nY zl+_e@jyh2Qb&y|0FQ5nmMR$&el=FdqLIuV+lD~@m{Vl`y#8&gWsH&`*vLaOT7PqP* zl7NCD1giX3)hH+@mE!=+2X+>KJMphN|J__5?a$BSq{N9n)JX|T*nJZ_Gkb?qMZuL3 z{VMraWjf%Zf7wm{Sv9yk*{SkD;PStxkx0hhQlIwdml7@kuY);Y000tv{5~>#YXHV| zWqGKYCY0O3#Q|KfAw5mwGH}a$fD6s=yBG>ehVO}L=&AFTgV~$?OP2-A%VDO&)&oW& z8KCrud&I9J!}k$zS^vd5wM7DEt=AQ8Bm;nVz~?mU0s)8x?ERZsofzqu`2Jo`f>{T{ zlkB&F3uFkKE7Pw=0Y5W*Xa3CkyLF~#6ItiKw&(z7+76s4>nWlKa4k=rDYA8d8`Xb8 zxpuVNrT|zjaMv!Kf>M(I5vu86_VDaBy4pJsngM6c4rDU8cnT**@h9BBNhgmpwD%zW z4M17s`rG0D7c9efnEGF&--?MpZ86}R0hW44!rn21VgD9>2h+d`;7A%8+nKaqiYfou z`M|2sNGg;AME%D@akfS@xW!;$UL>0qxV)#j&Og}yzA-1G2UzeG$sz*ghNoF)%fEtK z2Nn%Q66yIs#8VQYU=CPW6UmY12XoHQ*#zUjT75{Ij4%lIpEnjPM~CEO0#m0`7wjkJ zpW<}jR)IyikhHJjAlm5(`Pp|9ERBW4l}mteXA5P48wl18LJ}9GLBwCr#UGS}z+|v! z36k6{_XqNS-Waf40g^|n1mgYm9{q=S0k~=4Y|uy)w%VB}WNv6M3Y?4-iTa><77Ce& z^ykU`S87slW#HVE$jV5x|JTaS$Ycqw4xH!^S)I1d|5tTqcVcj=F(me~!CBb9$2enT z;xTYL!3lYgKyBl*fd5F(14e-pa3E1d=4YXPrQ-l|z@hs{PM!7HoYR5)U>-PV8p%W4 zKb!aG5Na?R94v=q|FA!s{g2Q&Fbo_PgM{h3oDBm9$$*Jq_j4ps(erHLZ)bEc3hbPV zMA`fN0rlHe7t8`XKq6UskI!Zy-66p&u)i6SB?>=_^+)eBFc|C`g9Oh7p9wz0QwGcg zyG|gPR8RlRJncvUW`a%ZNTy=gpP68TJD3W##UiQp5oc1*w9JC3U>g>a8W|0u{$7ur zVbKC(!S(?p_UZFKVgGC`0Mo&Hf=K#y{GaHjCnW#aAq2z0+e=9Jg{1!hetNU%#x)GU UgpPtD2z>DYYp}SJr5?)v0beu;=l}o! diff --git a/Applet/JCardSimProvider/lib/jcardsim-3.0.5-SNAPSHOT.jar b/Applet/JCardSimProvider/lib/jcardsim-3.0.5-SNAPSHOT.jar deleted file mode 100644 index d756d67b5252cfb5e2d688e340e5d200f15e372a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 492079 zcmb5UV~}XgvMt(NZQHhO+qP}nwr$(CZQFMDYP(nWUEjI;ym&9-?H%XLnDuK`W@T2) z9GNw;QtSH_0Bme*~fV>nK_&+m%{xwbh z-wGrDo$>z&%LvFyh>9pF)5?fG%1lp5OVQ9Sz(~^p z+0gxOT!s9XjJ1W4iS_?V66yaVX=!BOXzXP1zgryr|6hfnfs@Jq$`sQ7phv*o*hT2C zLRuqh11F~#l_@18H|!s4-7XC_bfp2bO&Us4ga}D*0b%%pe1v#V>;ARIjo^`)(GBZr zvN0n#o;If3Y}q)T{ML~QrOO(o8@=Tqo4&q1TDmFa#Ed_^e0yi4eqVp4DE+yq0V@^i zPOPWsZ?+Q)x=un>rfAM#nAqORx3LLDgYoh8v={NNIJDd`NdtNY0+Ii5u|CJln3#e#+n7yEQ?f@MQ45s??ua)Y6jP+NnJ*}tR5dhI+H(%E zDzoscCi>4leXZcM_!<-4x-YeoU8Npn{JujP@;=sZ5fhHphbSxMGJ$XosM&(aP}?Lr zVm^=NWW6?OwNZ8Pny+ECDm}6ZlPw9<=BYpgp$U3Z?fZ)o^?;HHH^Q*5F?^h-GzG-cv@(} z3@X%4dPEtDLe4vW2C3<7E6u-_E~I9XveLrFkHa}4d8HB+s_C{;SfL5C@{mKkEnhzs z*HeLi;Dofik2(4CYY!2=5yo?b+^$-;f?2wfiPJn|Nl9 zzQCjN{;u?!+&-bjbBSddVTu)OR(_TI5AG-!Y`qSE@DX4Na3@v1BtH_MjR7)+>k$6~ zzSn|8til)BIusxju?xHj-aE>s?`VPBdYg12K#&*XmhXez*g-#^+%tVmHl)cOzfTza zBV2*B+(_F#li&zyFgzAM55^$*U^xBl^~4KG_Bif0L`K>bx{WY~V(Qu~yQ)umQ42gM zE#f7~Wd|B*T%~+$(mCYi6oLsy(FR_^`$5oRA>g&B1@Q7Vh4be?pcI69U3#%2(_Jnq-9()w#(7RCt}d`fROa_7xee#H6t5wZ|+n@KiQePRg!+aXc~| zo~2*B&Pi|4)UeoE@zoS|+qlC>F3;PUg}~-9&ull5)nf52&q#O0Ed4EwoR7>t2(z>j zo)Ysp#-X5l7+57#$A#NT%TJb1UUVrC)_2@T*N~r<$Dy1zR(c6`rtF;nun1|ny#b!W3P`# zctk&fZ`_*Ud0tzj&c1HG_X^;>UXk)-%8((dbiWv&wBN$s6?sx_MF_Mo_7}R-Z81(4 zz2{q^9Z&oZHc8rxNep}LJQUxOk@PkSR3hdk+EgSGE;?Q@ zt!Y7fJW*LweCGjN$0p2@$czxg+> z{rj{)@gLAp=r3x^7}y$^nK=GmfJ{-gQ9@Ef_O)%C2!)SlTOjWxPzEBX&{qhslvs}Z zRUMkf>3uPCDu~L~m9bND-u4|l`vmt^qt}olP#(K9_ea4dZ>M;W-63@Ldbj5_*D3cg z`*FL=@6VqxFaWl@o_>{~iZhxec~#%7c-s}GtM|w!<=*j;#O9M!M;GvbT$}fzX|2WG zNxlkes-ZOml<{1A?}e9?E((|uBGGK4RBeBX{EX*Nl6a~=c=a3sZ`~GI-#7v1>ZUXy z#GFa<@r3z$OgsS#NdSmsDl9#rPcfT*U6)kQBu83jyFC z>N^hQBB?2Z0G?b3V-}0VvHYjQ=RgcXp~-|;paBQ@S_1sOODQfbSM78UCu+HMm#=!5 zl?Pd|HAmh3`dED-BVL@e;O9nIA&vzbHBu7V!zKY%WXDBD={=0vBt9+k=IWDZ=@?Wk zbF65m@7W9?2+^*Gl)doc))akrlWNG+xb;)@1xDi_$D^RL%>wGrGE!ox1-TDXEMw1F zAt_8J$d2P=3=woL*+}R3Z%iaSW3X}%GfV9W!|=U`>?d7|FPEiy&X+D0YFY0>0(OV0 z{l8g*iY10N=1>G-YacLUZzuo<+=_F~$S6SvKUh?B&7QgqT3{W17C^NsI%aFD)vY;P z@CtZ4Wlj>+Ml-@jI#TARGmQ-nv2ga-1}$eT{5KI@iGlra3*`LHnp5G z7ReZvPYFVMgJiab9h|LCp*}v(xkO$ZkMShZEl=Xd@Q=v6Ju66HC$b_g?Q*`La3%o12XSr zezC>-G1FwbIZ`{NoT=SmVfjVXvSka`4>GK53$w}IcTKY4{>~;6hV#@Ka6>5Jn}5gp z7$bvaKp)u^3m+(jFtbMmH?s(hGSVl)2Kxp^D%y^5T8r$Fqc$sA;^FHV6;;jp&EX#N zz@_b-dlO-Xv}EUCqM9XcwIQsU$2;7DzS@EHdEjHnn!38!aL!A*y42u&EmZv>bvwu2 z??U@(+A?9TxiuzTpSztkj%&y&*a{eg;)rQT0eBTQ?@?MtALij|iF$U=qQL~wX&(k^ z1vsRt6{sPf18yeZBG6{_7TRR4euj(%p{opoahgH!Afr7-bGR#-aKv<~VN&X1S^?h| z3ABoyAbO04$&7=rxWF(1CO9U~CZhdDo;wmO@BroW3U}v@C-*J<<@WRw`FrdZ-s2l} z&*7QW`NA|WsseThP{dfp=?j<=XMl)_?)eqD^ zaPp^djrt83000Z@Kfwv({|rtfY@JOUO%06xRe0IRaKQ%hBWH(!Tbf+KFf-U1nURo^ zqQ``gtQcuHOgu~g;m!^MyOR?!t4cFuNSr>t_wE9;rX#L4PKPWgVkAhkO4K+ZIMoan zFrm@1tFTgIn%q*Sz!6R}`8LvP7awApNwV^a29L=5E{S!C7G6bSy|1fDV4bEAgr9iq ztEU|YYgz*yA6`d@yRs9OESQ*>WhAX|0BWpV_If$)|YQ0*3dEg=;U8w+4vdE|z) zBx9JUtey5Qg$A@Oz4^HpxVMy9<$+DhK9^Fyg1ir|?A8|^vMhXvfLZ5s4vsUP+t2K? z9@@U2$0a6!p|?<4JGln+{w^Ik!o^t_8`ePq?VB;Ht0DK6c$2hL%&(V%BV^` zc3G+A+-A3Du1x0YX+XKqIc4^IJV}Ddh1^nvR;)*zpsUg=27jwIAniam#Bflq57qlg z6+*s*!W*KidzmaUKNGTzWgC_hYwc2j=$Wlwg>mUtw(D*;_PEQ&U6nMpAq)0J@;Zk# zz(|4tt?NxSK>ws4-I1sb07BBci7=wWlAbojsKiUKmNG;Kxhsuexkn8)xU$(I&2{68 zmP>e686vP9g$_8C>W<)vGaK3f<;nNS-h*G)l6j zsQKWsbzDtaUhHuzK!#%cV)L`)DK1Yiq7=Q0T@O)txaJ9swfr6xR&#l9+*szZ=+9>{ zj4oyKmf0K^-Pm}dJZUZWLhNQsu-<8=w2)c(V9hk2guJh|qQ|zoaCNMDFg@3VtJ#MZ z8qXg+%Ds_)t@iR>OjFYE_J`wgKusF1d)FNpWA;F8=c?IzHZIeHGJ;&n89&5Mi6a^5 zvRbc8bwfw9S2&*uc0eo>4y09Df6_v+?S%QGdj$^E7g$BnF^!nRU9c%pw9o;s928$4}f#Efu1);&8B&q41*WT=M3 z#L;JzTywjM9r?Z0p^Kkyp*rX6l-lihyn`4u^hRT7v5cxD`}bSoc=XsKTbcU?-`Hvv zO^Q`%#}AK0tGNb)S!h=04WAG43P#uAu}gv%c7ej8DBdSPq2cNhEu|?L`fu?H$wj-7 zX@Uuz#II=lKY(S5RO`9lFbQSr9B4Z&f$NV0n-?q|o-aM@FEb*qHTd7$DZar0%lnjw zRqRjTVSf10_^IYGYWLw23jDtdhl3_`z`Y`dcs9$zA>xT^DH2O1%)lA239p8pBshR# zzI8B49oZv{-U6B3h~5&D10jJRJ&~V)5@-c)hPQ&rx$noN4m_w+Y(GJXoCeC8p$$l#QiF7vCe`8oV zS6go`^BwMQR93G9Zux|R%C}K;3|(aigk;9R+ud|uG`nNT8D%(NdYi2SlJVyr5QA0< zlC#e}0Q@j_ia1bCLFe;7*hYdmq0xE2C=Y^PnSSQ#ogK*Ff?VkEz5 zmQ6TiMr0Q&=;62MCPzXQy`w9KZ2Z)P#~|J8(sfjEY?2!|Q;nZ0EeaV^hab=siEvfO zN~M}vhO1VP6SGTz<=9_+#_RnG%D!Lyj321&glp=BBQVq&u-OaKg(Nl)4zox3lTH+6 z<;*9StDWZSOmN4B2+7{@5ZG468dQ3}trya=jin{Dqr8tpIzP5jt=cYR1-zx*^Vayyx< zZOpi-la&PaKzJm(q6D-6#wb86X+nQ}@?vs2&)7;oGamckONZCz8mHa+U;~OYJ+zhq zB)Ke*5_Hl=thve_ifhv{th4qAu`IpxvsuMHRp~E zj7t(-N9+iF!cEU}6Y;FRrpPZdjM-}(x-3#VOw$dUU#M+=Vn1_?*jIgWvI6L_wpHR) z5`-cNHts7mfj~Wx7VWbv4+Q(HpUMe`6%o3_{jX}2C zAQTrXo8U%Y7uIirm9bQ_?whZp)1>mHu|MR&y$w7OKNuh&QTf)u!L(mnBem2E83|3J zLT}a!ZPTlc(}#63qM%b>VfHd64<;J5|>#K->zE)&ZHirM{ zKS_QSDHG^(9wA`03Z*i3;7f#hp7%YmtJw)!h^&9N)UR=3TZ~rrDf)ICF&Fvt(&HwD z#o%!apMK`uDFBwL;SA6^lNvluFXBKdV~}1Fg~d-?bo}x^IFqL`LyD0hmhctNjBAct z_)+l1DtaHZiav>|W6*VvOTdv{T^wt5c+hchbJP62xQE80hlIVjNYV9GzBsIT{M&)2nbq+T*(w|T$IH}@PyaEU)9|v>xW@O z|ARLA4GvS8M-DA2OcGKc&m?x`vK^kddcp16{+JRzptQL_9*(|EBIS`Ov4{NycCRVT z=n=%VqNzP-d!YLagX>&m<~d)tpb1s;>j&(g@MhZ=1&H}uQwIIVnv&x`gtwA~jf=H` zvz;TcfW5u7iL=l@Jl;P=)_)&aW0bEHm*nBUVUZODLllK+Ap`SUOW=|3RD}Trq5>#G zDwXUk9Ea&G7A2GpFubw+)Uk8!0lmq`cr4mo(X*wOn7a1b((GQ3=l1gY0H^WC=xex0 zMi^aeDY!aMF;SX|ky{|u98D`MEpm@yX_BW{#=evr07Lc>NCRal} z2REkY9maE!=|dBomc-3X&Mn7B<}ZC%sf?7Mi!M6^7D4iuY?iXj(qn$Wdh>DZh;qio z=6`j-$h7y*Uwl%}?5ci65<4qeZIxYK#gQ#5^>A+#_3}Q4KfO$?l@8!cMu&?wM(JSZETLy3&WM_pfL%t?2Z8|2!HU0^%ET! z@GD`NQ!d~hG(>w)gB!pMiQy!Bc;lqq375KPqY6Df>#b}T6|kV7S{Q~lS!o%b56D9Z z60vVEO1w-EjQV?~DjFK3Vh4qyDBaSKGlslZzcf`Rced*C;#7YsMXc0uK?`dJ|-p;-jL5MSSt< zQY-ZLP?K59ytZ|6(QEWv3PU}_8E2O2)dnZzUX8Qd)49V++(p;TpX2%|@;p!6VUire zI70E|u|R{@G=$eUp6g!F^>EH%yo3Xh?gHuX_jQPmC3z*FSWk4EmV~zGZ~qloL$#_0 z4}V)3MSpYWzdxvu{Z9hx|1v){8c^=aV=mufU7KB+s0D4!`UD#IQq{z$1OW}hLy7VH z>fi&A_5H2g;%E)^n<}nq=wIOsB%`)V!?Qy%I&Csvgbq3A_S6POSXheLr8e88aAynM z*`*%M5?W*yIBTsRbK6~RYKxEpT7Kegzqd1-X8mR}{ALsSUIwD-0L+ouz_oecF2UtrTDpE-28>p^CX^DyodUn$whmUj;1_#8m4`f+1I!?8dqvo*UmFV|^~{;007ExR?d)tXydSesv~H&hoC z6!?xzhMsuS_SvQ&Ie|VRfL+~DM}K_<^MljO@&yAbAWwmR3`=CwX&GHV$P1(<91f)GhSh$wF_cJ%J;Ey;O# zb!vKUfpUi;9exzF+cn`vfrdWCiaWEzm(fXTdU|$ldVOwnYJPoBY%%^41fuHvMjI&5 zrs2el1q*WlyuC(j#jxs_;XsTTCIUvVbghOB4Z3duYP}@kS}a>PruZIeXy>gi2;>zf z9%#MU>B-63+EI@V(NGVbl)%VdS0JHx6OVfpCL;1=#$7ggl6poQvMRdQA5Z&QydFh# z*C`i`;n#XTF_NOQnSf=RR5%m-l?u6j^clF^WA0kvtg?eb&bF+56Nm!?WNRX+9{1U5 zcePj_sL%_oG1Jwh_?p33=RyEgwXN=7)d*e~ad4^AG##;Gn>;{MhCUD?k>(Z`D#(+N zPaOOr1pFb+jSgYez8j$!FnD=UwlcqXDhRduc&tln2!jIzdZArwP=r;&h{aeR(Hnlr zz+?N{u}F&30+{s?pH${z2Q6kBbsed2nWnfdz$bgzYg*XFsEU~m*cgij-3kvk0#B8r zYbr+9+N}U-diSuRUsEiIK*WfxbDk{da35oJD2TFlsfXTXa(m8sJ0`0*JZpzMK&NieeqX9c4OXH&qA2y5k~T9Op6H?(wjS%qd4tLAzKb; z9?ou6p0e_F+#{NuE14sb9DMR>WWS91h51A=(9rm4dWDSFt=x z?d)+JX!PZ@{F(3>gnSiA!=P}8he zB|Kg%`FmgVUS`ig|%HzJ4~}ES}5UX zIyaBXTmd^UZe%AXquj}~*ty7P4p_=PYEt-M5(Yd_DD5P;gJtN`lkm(wFkf-QqA0b= zX-RpssO`_jlAC1sOS%!5Oo(>aWO+0q$p(JGo> z9_9?Z_1bt^GY{LS&2-D?itmlQ7H{my?OjTU#=aBZ+MJ0G!AV#V3;xI^?S9#Qf&Uy2 zYP~UJ1c@wx!%as!mM_CUDw!r4)M4?Z{rZCb5j2bx13p-{kI%)zg&i*xW2|X>Kzl23 zp6p{-`Gttbq!M#Fx+UuHLPc9kgR_0f<;$BLfUkkAd{l;G(lZzB*ZPtTkV|1TcZKbGI z#-zF)yb}@>DAP>t1}WpOW1ni>`jh~_WmP3jFSpyvzdTnJyb`s`z2vRQ;}ooQY4Ccr z-^owTI)WAy4k?QLCMML4|d} zDoVRh@CEUAf&nW`J3S%8Io-K;?Gix|z6+DZV(p+>~6zTfd35XF*gStIA zbyjGsxv{!x=aNL;t`_N~j=LsxnoC}Hs7TQ@$h1|B{$|T*id&k~Gyk}CObb`)PD^sw z3`K3y2#bQr1V+m`h3X?DKHEJk_?X-HWM2EG@=9h|qO}-4W-{u_q~7#Tt-ks#F3xU| z*i1&px4Zs+|7m~tyDqcG)NnIt`!EqDX!zBMa%dfG$o z)U5}_EvPr0v?YTYMBc#*$A+iHB8b6h&ii`rz_}X0hV% zEg&+_^DxI{j6=rUz)?H+HP5kybDpSb-ntu;YV0wWxuT7%wo{MlDi0i|xxx~8TqhGga4nlgb9`EQvZaX1J_ADD$wC>ku-Pu}fzxr%!EN1tO+^bxnx$p+u9w0NX z%@)?!Vs$(~joMF`ZCm=Fz4B_FpkF@5;19RaMKc+Zq9W-U#uct6u!XuM9?k2D@>h@O z^=JjBsB9aj2J~wv#*NehVM~yR+c?mQcH9eiP<-o__9fMSuz z3$$WiJQ}UDJ?*ja?%Buee`bwX9SjW*C^}mZtnhdIcvh>*WI&DRv~D0lzg$XCEvCAu9)htn_w3fphyeHaqB!YeNqgNc)d7g7Xi=#@f)(7;Bdby7uMq`+Kh zJ2~z?wr*T=ziwsV?o?tnVSLZL8okrV2$_-YAsfAaFP%mjw{%>e+n36nj^g%ZVf2#C zNk%#(20bf;)b;-5iqaN?tRvMVcf>IoBw2m5EXv1IH*1jM(f*?MeG>Nid}^AD*vir`2}9&PG_<^_UPO9 z;KE^zq`fa6%VFs*`NvDs^NlIPwjsBQc!Z}o+hyAxRky$;!#g$Nw{o4cRM~n7TsMo$ zBF=WQ0PggVR4EZ=M@&Hf6tY1Y5VcscMl3lKPQpNQa=s0!xzQ=;toZz63Kiez23Yw~ z(((hoiC-Y}2LrcytJI-QBEz%w-P%I6_uT zw4(H@BwAWUS#wL`hIReCCTDLXA7fTYpEs&zUdU=#9U~ai^7)*{i;d+I+MCpe#Gy{P zv{z_muXwj!;n&i#eWIgWf=;f|I+cE2yn?JgAE7W}&*~(|3aQ8gl`64ap^IYCmX?y0 z*M!B9g6~oBNTF!-cIt}ll;vwPdWVwXu{={Uy;QgQY#XZTW+kNOaO#pT#N~WsFfwt1-=pW@k(lA71Tz`ub_x(NrUF9gyHlGQN$u5&?C9>tFmfDKT#e& zwux-?sp&3yiBqP2?<5R;WWU!6%G5BOfo<#gVf0=dsZe{@HQjP9H^~JZTDZz;vA@bw z6>(5pVPu~~R>Gn1PS|K31hruZD;d1i9Q2+@ z7c(v{ldAph_d{zT_WCmt>(NXU=34KBn3M!HGXaK3g~g$f zo6W46nuCJkV=9+ShuQ>K$&i`vpx{x<>>;|*TK~`#VKr{Rn%WkzFk_!tRL;U_8-v>- z`V^Yda;Abu{r2ggP}2UW@}X9v#JfWDBSI0D1VWk`9ih2#T$?3X`8X3*&wWD340}lk^*{*R7^p^E z2VA+>&X~tU!dxxbOcK$u%v}#gc0xW7B7@`uPl;fn*JNwyYAQQ5D~tI^oXe=eVEkQ> zPp|g|UUh)bK6hBa``NBeP<1GLZ-`Ic43E4RL8s`~NPYm_HKY7+VQSYElHN*5%^L3A zw7x#ht!{$zY^B0mPtP0WZWj3i_z(SPuh0TLd@{5i!v%ZPDm=qKRYs; zEEl7ri>Zp5)$k;GCKQDE6)Vih;ib(+*__dGZCO?wCa<>JaPxhmVtL;Bp^FNp$z-@+ zMc8vY!EpgFNQ_B5WM{ihv$t-%tUuqcYkL5+Mrj3?Z@D*;V(l*lLqWRaJYIQWgTE!| zTs@A#_C_cZbIEHm^r3Cf;`h#4r&a=bn*7MK%NHad5X2T?Ze%tdRM5Q$)#bLID*h<- z^W68t{oa`I-9tIfb6xJ;T{ovk)|)dWoU*r#jwU6=IMp?C5EwHekDJ;QjxE4fL3dcg z**96IhztCxeZgbv%1YsZQmRK^9kUJjMTmndq1VE~d;&lJiXmH!4gdAIO~Vn~cap>> zWHT?QL%(&Of&>;IpCALleX%|x+^j+jD?E?x`54SWV5*Kj5@NvENj0=6f?3&|AYM|~ zvs#k4@JpzVyLXFA9z8^D%?I|81D)OE0C?K`ra1&DePxqTsI>YvdpOKPT0exK>YZVE zEL1~t>8t%HoOk7q?v6#}t_)ATaIsB6v?T7Cf(d(8 zV)dsLI)vR7T1?95m~akwT2~OH_P7xWYY+!I2<6~570&sG0I}y*_g;N{s1(QX{e^gE zQLBM`s6gl3L;5I6=2zcv-jp953YFcZRG89Q07j8 zf(gVyVa0Ev~^MmVdydR#u3z zD{zmB!i?GGOV79^I)j?n!H6?sNA6%Ql86n&JrVyHEc1<5K3=Qh8C)<}ZtUsv3|!(o zqNDv(@C`9;py3@j{(&gHUA7u){~+s~-VfVrVB{un5XG~6fA}&8)FaZw81@S=N5guP zBqF%68Z;wbM}+``MpFt6(>OAtMhB$DU~r8FdrO@qi_g%}rDTQhbOQfF3A$PUwX&(y zd@0xPjLxQ~Iwj zzWd*%!s>r)DhU2>qWYiSf`yTRvxS|lgsqdaf$e`^Tq#kqu|g7n_kD4kA-T7<)Mai} zRkC?b9Nk4j7)As~A%I7Y{uPTHC}thqE;~kyKTIZXc8N+mrFJJOHaXHVFTT zedl+s3*#RTyZek1w2i?TAXbN{(_Xab^M+*4fT0~gI1;?h!wN*`k=&<|q6#)-gF}j^ zAdB}j-xpYigG85}XO0$Z0 z&=onq@tF=L0ySZclLg**?GeqyZPMUD70Ig)xARX7LJGVi&mZ(vLbVf+HL=Jx({hq+ z(wfXQef+R5yMGdmZMEtc(O)`V`R{eie^1BL{x5#Xf3fnOQ2NR%Eiam0xMUgF55xlp zCdU}05D4<~{^sEM3&i+HxPVo%q+|xhj7hW7@SBvYmNd#Wt(Gu8Z#*3$tryIhxwj|p%%;fjG7)i#4f<3}FmJR~DQ3Wx zdU;llK=G`rUUeZ6sW5~e3$$(U=+lpgb3I?gSzb0=T2zk)DrCR zKc8U9`{dW35xEH-siT;T8x_j2B2s{2*7@#pa%~DyIHJ34HAG!DbSW)sKr_?%`aO%O zRw<2AushrP95F77-8dkrS%FH`!m~TU%px@cQAGu*Rok>yUqx>~;#DALrJ|>nmZGn? zrOJRZ5NJ3Njsl#R>u$)l6zH&FjRis3C~XTy26LrmXZ&zRj3MRERHH*dwQAwAncr)# zM+nHRAAS*iuWmwlE~Cyxbl+S2iyCKwpZ)=`9R@4}Qc68$xbwaj#otFFdd(OI;vS8| ztX6JV>E50jQodfVdIK(GL{e3&r{c!Gdb%Ke$6|v3P&`X43?|5@ix(1vwsc9c#rfZVgMtG_KAeVP}9$rl8sQl?iE%NR#oh;i7dW zQIQMjOp91r7IWO`6uG%#3eTo_VqWQ_IaA;nJF2xj7qq#$eawP9qs2Vy^?9peRgFD! zay=)BdMToh0X;y;bfsoJO&FIcpa9}+5tWZKsLlxUQF8t-f=B7VGPd9$RYr`9@WH1Y z6)h22gUcrcFb#_n3+$@H`*M^(!vn<8S^4HU&9#vJ0Gt^ke}1vx+WQ4p!Ef?#jWt-Z zl6RG@(ab-A4N9cX^3vtuS^A)`cFRSWCxeBJ7}6A_kUKY|XdiC(Al}O&En$vt2c~iXug7wL2J)!g76d9tM=PiJ ztSELE*iGA#t>D%z9Hm)6<9Qt3P9<>11NKr66(r@mvUA!EcQ!=rSt($QH>7io|@euzl(?PMc-e-?F9ExIy1= zi*R413$yw|=&Uh$?4!cp_e&q>@=3S_Vm?nOA85wx>JhWON;&SiL<(8VNwdg3e5F-Y zZ?V0)Jtn3rttta5N48RDg$XDL0>JDpVJ%$bry7ieQTmW!I0Z$Z%;I`t>KF~i^GMPj z3CSnM`H=`-S=k==?vb%*^GVJ?ia1@i^K9^pZDENub0dzOoB=NUjBq&!eiQ5P2z zDjYe-TTeIvpR}-ZGtB~fU~a3QpMna(B15R~uy25W=Edfg;_UUwfyQ24*+nwhc2`o6 zCESZttFN0V-cS#q0HLv79?VKUeApc?w%X|{Q)9Sg8V=qRbXd;^(E z@Tubs6-#XJe_+iS$irToy(XOUXV`e!!2DZMR^-m`lD~$HKaW@Glekv zU@mRn16!7k0Rz1_07A#hEK9liRXH%N#PHgRJX1_7xfNyDA`Baka(Z9RV_h(JB*Q{< zn2c)-oo5v)RB<80lmhTsQ)$yuOcAsono|lXNGx z8GFW$d1a4>#@#rXqGWbW=J4Y&?m}~Smu-{y$W8X}{lLduMGz;JO;Abe(lG7fU-Q4N zVMr7cGP)B0SaS>JAJ&Fy3q{nu$&G+K&u(wQNPp8eds>=<-r`C zQL`uT+J;VQ9AiRKc^Y87mQcOAdc_Xq&cAS-Y}d2DVjG8c8fu|@qM=TR(pOS5dmmO^ z?1Ii|E$(;#ZX$(?TSo)2Rz3}OTQwy9Jl`jVVnz!O)R64qGG^skc5r<`v3y)8BY8tJsF zs&;2mtTa|C5!~3jlosnn-ooQt?-k7H5VtV)0ClqSim0>pZD8?^$h@7Q_#(nFcVkhk z-d2}m9!oNBW~RZFU?z-OffW{%I_W}XSh!L3w)^kN> zrsnRP#&Z!t2`do9Pk?NVq$9ILd)Cn}VM2%~!d)0uH3hpw<>b&T-9iZ!A{eg>ROh8r z87Z6owxHc?H*DfJI0P19GeRjZQw_C#J1(+~pT%h*oYb~H+mfNmN*N`&`M4~iKytY) zk^ZFn5hI+EeNb{YEJ>b!FzDGTdC4ah#4zW0lu6!;CBE#gC^iYi5A^Qp?gR|EBALt8 z7+VtiPtZx4Dt|%6P`gl^>$urS+t1~x|A8xV7~zTs;&$-Do7}Nx4w~nDIMrx9J?$Zxk%!sZ#6JGH;vW#kgZ2M*Daby!O_jjPbcLfrZFx!NVRn*x#1+AIgw)=K6X@MhsUsQd z4Fz+$TX|cTTg8hH6~!K%5>BUK63>S%8B`uWES=X^ER&jIK=UxiXVGM(FN_P@i|!7! z!q7Ra5~S2-E(QSxb1b7w)TrEX3lOWZYoie%nw{<5GLmzsj51jdl4J|&VYwM0PwWXN zsKE5ND#OvBj$qu1*DayN%Y0*N3lby=zDVCch%VNNu5oXM2 z)~&lUo|gIQ+EYo;kPTX7CIxz>_)~*ruk5sfvUJzYL1vTtplQ@a{`1a1&btz`K!}o5 zWvcG|T(?EOnuvXnTUa%*e`SN0MTwyQ_(HZ;j&hrV2$^0RE6Xy1b8PHK{%o@6OD|-` zWN~DKFhg#@j3sY$?WD?@7-O!xtS!6nC_$Bvdgu4_f+@q`37~4$(W>`0KH;;f^P3U} zbg39t36HB`RxkX8!&k|Jvu=Qo0lESaHUMD#hYmRkS5UdJU`21Rx1m+Eo94rfTCcq| zBnctsN!Zg_Tj8nrwB^m!MLpuI^oV%s2iqi*zTV)d(HcbZ9$ z+-RO-Wxso)x9f@=pUldf1+xyH*?E~(FVwkN$s>1^>BX6KW>KC~&KY-RU7pG;QUvy# zrQy3|Y!cmo7Ei~Wtnshdg~1mAPOtb>Y{W?Ar0Gp7XV{#m3MqzEEW^U7eygU@rt#4s zxrBm~J4OBYS>W1_7b52cd=}hN7NT8R-1}8z@}8%N?xAIDdz@0$cMUo|tm85nUsljc zxTVy^8er!ZD+j3}+ChmytTI-AUt0v2mZxO(IkQEqC- z&V>eC-7cO7T;(os`Mr_yTMZi&5zhjoSe7?!?DiCKFw=-x@9&RxmKfN6Ph+c6R!6KdzKiIjHraIlm z;S!MoMb#Ac!X_79V7*8)j^@o(bD<=`retMF2>hL*ro_|*;g^Ppl{t%!q!nNbZn8B% zD1L}Jk&aZ>IqRlioIDqg>=yq7$`f-BT(d5WWgQ5Q+Cm+9ai)VHMnzJ(a_E9vGF~Qws2D>j_ z+0g8%7y%$%?wQeJW|4FB1vyWQ^Y53gI7G};-^%2L*L2zW$7kHWGS81_zz+vLk3YFV zV6xwlC;V!nJdgWfd;w+dASR+HXG?MfwyQ;cAwT3io`AWBi@_@9Z*YdMVfleq^>%Q{ zzCoz@614=Btmj!xdxN~GaAdF-c}|4`phOaO6%OEeYDuMCEv=sZ-!*xXAdN5Ne-sT? z0p96M6Z9aYGC>uCz0>k%;{5=dJxF13NL}dgUk3*GWX}c=Q&R@p?8#+>A(x`;`SDPT&VX> z_aE60d9hysRPlnrxQjXXuMThufq?HrE?%GV)(Mfj0r@wUVIH!Yi>u-m^N@|Laf{Zr zVgx>>?z_nzHgzg%c4GW+zaBd`H(}JYtZLSFgB!n;#LUf|ZV(!1Gpa%j8n#5TfXCLi zeus^$Ks$Z|$RU!Uzqm8JGmGuOilI9Y_y7cI2%gz9L{EvxFegdXU(ULBhaM7!-D)I< z?TPhY6@fp1H9W$zEE=u9vVXnPyDa#p0t!AcbIFyX8otXOo*z7_BLcE1!`&UD+S@mv zio~Ff_)^ZL8^jQ04;pDN=#H8}KQtc!=_=VgdYLDWVlsZQ+&Sk0PVzJdlH40xT}yoN zhM2ox&&v_<`ViGL5NPVpKk_WGCX7qi}H6J(hrTwFCxKX zxhHJkV)ulhJ0*$jsuQLp{eX4#L8IRj8h_)peh!D?UxTTZxr~9WW%o?9DBq5=pYKDfe!$|^m73aREO-vEfutH z@6CgL1$6AfohUCD{54I#e`cZ|*~IL$EYTEyQu)UjBX#X%>5`vimo7#9gL(#TJ^zVv80XFlc4@8grL*A`Amx2$ zPQjq2ig>XO=Uo5vPti+P{%zU+;p`oQJo&b5(eAQs+qSE^Y}@*kZC96V+qP}nwrzLm z_1SyJJ@3Oi|99_=SQ)W0KjepuwQ|li$CzWJ`MfM_ZpwkyTLU-$%+Ih2mCm*Wy?=Vb z(}HRExc&)8_k@?*=`ql>sCB(X&(=|gOAdQqe2`lL*4&L+eTKP9?RNtgHA9E{foDR4 zms@e(r5=7k+Vf)G-JV0X(*CiH?Dh1+b^P+@{e)o3YP{|#*6uY<>iETj=;Z4|^h$d& zO2~D=+Wlo~Oz{}AR}Mo<;cGPbskZy}3&N6rf$GeX+~LxR(cc&vwdKLobaqRSN(Qy4pH50sU#dRw{di2i4An$Bu{6)$&-+`&&*h;Wc;s?@L^zSKTWX8;?ZP68RX9Mv?B|O^HYJ$!}D7Utk^Ee(&x6KM0l2xbkmucFyrw z2CXuaD8?cit1@a0Aw-u&xR(XG!cALN`7N~h*oXozgib#30hkXF_RDUQ}=KnU1=uqikwWyG z5Kv`JJh)T(T-=#**6gFkTJy3SZ3f?&bjQBjigc!6x8hgm4gXyyVb85P$__}V$!aNb zo-pmY-`7H&#CF=s%6pDE!Yue5-6|=XLJ;9UF4)}O5T=H2w3NHyV&dPRWd+Z>aW){* zHv@Kes3ah`Ja8%Kj-@ikJt>{&?VEaz8M~h&4hIf^;gyQuKE1M(als0rn|5qxherD1 zjwCFrl(I8bGAJuz|CB$JN0G`J93}Uk>s;=~7`sGKjcCq6Nzk|qcr6ek?G%DUdGwnx$QgEGfJv`Z&SKwaP>FfFmi-By6@-t_q^|=|?pk4qR+)NT#rww= zcz5b68#y64hPX)_)BqUe^N=Ian?G?=xqqM+^EB@o=_vOjrcZ7uPjj1bd9@+wa^)PP z2k|&G^_kR0yvcqQ3SFt(nj&gygD#%nJgo*=6A zoG;(-#I6C4h2h#uVR;n8WQz zLcg&oC$|)ozJgSpaGN3TNLtRk4*g z+jjEI8GHlqQ-c`-x{b@_Ap>i2pywqITe8(uq&?U5Vu9mJig000~FHSox zXWdr7z+WjzI^#WBwp8A?&YIH+S~W0jk@}|l>f(olGb5NxI>k+Kmx;OM#>!J&RCk8; za+whyOzzMLTSLyQzT(k-2wH-7nj@*(?5T#FOW`I@2%HD|-0#J4{V?^-L>lm$KoeNQ z_~}I&)l#c4;>tHoj?=02s}+Hrl|km32_%P(z<fz`(XHqN@y(tmJ;7lZ0&X*r1!woCk*|fB$WMu*|w=G5T8%|~@ zJER(+Ru0*svTtChw=ME|JP9@mvx%eRPui<5344f_)sP0?c(uOxtG+)j`6q|Jvc6$2 z>3_V>{Qf-Y{fe-0046p=Sd2z2Uv~ z2KMav#(U`w>ze6l>53zx5808QL{jOMWQmfruqtK^6&H=1*R++0v>Z*wHv8It#P|ETFIyiw*>F1emwu4Y) zgN_QPYKPi*X+h_{n{&t{n6)mGY+M>~lT8e$5;cXUh=ry~keUdr14sovrM{8^{s{6y zD!_+8cCemAqNM7@XUoTY;Swi_n6e)G$hdNjCL78MMwa8jox98`U|Nk2CkFwiAEmsp z7uXw1oIP@&0gq6dRgQ3=eLpw8iR_7g!TU_Dbs~X}*>4Lx8GK!xo}Nu1>@A^h@n|oV zdNfi_NPO2g!&Rd*#CQbKQQ&DRe4K;+Y_t+u*=b|i)vaH|y`|AOhjdFp>GAl?lImi9 zPUzXx`3QP1Yuq&2lq+s5Ea-TWvN9f(F*R#idblC^9gqmPwX2&EEI-(pxFV_-|NV_j z%&vcOkI!&Ft3eU)6&mN-s;o%u_bxceBA=%z0w|B0majOYXwyu!#!L8GJpGZ88z%v?$_--?)>+))Jkh zexr|uuRi<+qnC{Nq5>_#`;>W52kAb7nqGnsd_+pw*|S=}JTHX~o|0+4TO2$Du!U;Z%@5QSbckXm zRxuY`rH6H$0E=JVKSwuwBfYME`u@7g?Qe7T!QTjq-GLQ8$|km8luz<3B8%4)cVXCt zn{9h4-ocTVlDi%LBk?6MazPG2QRJ`8_|yLg$3IGoA%D_#GoiRe2yub6F4c0sbH)() z0r&#%^7pxO_R;F;34(%_OJ=$Pustr&0l*RRo&^_9gv9vTb@=ppt)Wh1Qnjj8b6eh+ zk1C+`lM;U4!Bpx(wBY(L7m6~A{7UNxY&$2~U}CU{r557V1n3z)Xj{|T@FH2>oyMt0 zpdZBqT?s#kSrEHz zfQZ-zpIGGqEU0x#o98T?L4%f5oTAQiyUL+CxX)Yw3O(zx@MRFVs`!QIi@F{XR|P3c z&X3{iLcYrEvlr(BkEYJVT}3vNG}ExzrE?J@9env$W*qRXigBAc1~`eqp|u!W?N%T;jcuw;SYy zHDS3$fE29GO`2cIIwb+^;M0_0Qba}mME6DRN#FlQ`l%TZ1mAIf{6H1>Cs>vCe+O1o za(8qBSpP4T8`}jF6ka(b@%`dnK}=W#v}NbQpYhhUeP)!#(G&H>=1GOPNyRGB2cWLe zI&0IbK9hVm7Z{2Ws^%Ll67Mo*>+YE>uti8Zg{$4RC)u9YM&A!NH@-hw16chof;Xtw zk`302tc6~|F*uVn zQ8a)sP1UrFTUxSKH5IWnI#jf4?r2h}S!#+1uoMV{z@w)Y@+venF?5!fUql6~#`VF2 z6ptY4f~R^k$hOa5c+W6r<<7YRRhU9)SK=z#@IFa*DLKM!Wuwc-#Lz5mQ;i~c`NUC} zQm-qzcP+15RIX?(p~~diIsEWjfKE07jR2ba*c62_&s0MgNED!Pvv>n?v<1gDldTLq zdiA@;$oymS1rh{KqnJ9FMncp&=!{b#fulBBYYDdax0Mn8Ct~$JFQ~>L$UXTL_Q?C@ zEure#iwu3Ow%7yDN<_f>%<|TzT^{FmE{`jN2@rm~-Ioj(FzEx73F8R!1->~=?DLcW z?yjm>y7i$P-P*T&N`IXel!ydH1ky{R{^~$gj<1Z(OWJmG*#tRLoaruD2Fd{0Q1w-_ zvuDWYPMdDctJ{fL4hY|o0Z*Wk_14QlD>Z_th)#;pOtj?^49~>bbc`)?z&pL?M`m=a~?0Qdbzse@_-IRc~ap^3!^jM${a5-ef> z?ACQck|Luk&%!Kl197aCrj8i=A3R{jrK?dukeHp&3k~FKJi4rA15U&CO_Pl6X_^&S z``u@FH*;fB@x}{`<5<0nHgOvUzgtP%UXC7wBufEwnkBZtgvgadsc-Cf;=X0q;N$8r!4;rIg!bB@g+$ zC`omF7m9kHw+X-gCyyg~>Qk&EFO;dwU%4Bc7Ci&OY3kD7IOmK1l3z)Y>heqa%j^OA zM`q7I?RRAd0~<$kfQ^$3z}nWq{ongNOV#o(S?{k3OT!r(yN6W7tp8}0M6U3mEFuYL z;W~7@CIu)U!zSH2!D`D2+Ibk7Il4ve{L~E8bdmm(0N+>?+Rfmx!gshPI$+;XwmC0_ zVSuAy&3ndk`+;Z1edp!!IL6nv9bBK@1cZypg)ps!$%KzHjxn&CL#P4igiJx0??$k6W`u zr`m?b%A}bI8%&9^>CRB8Uy-}0xb{afB@?z@#>jHeMaqQj96^p#<4fLSE$lI z7lITP?s(!FEse?EBPne++r8E<7x(9*ld=?4bi6{v_^jo)F&`3>*zZs>gbt*d!4%$_ z{R9-E&N<*{utUtim$r&a;Q2HKwD#GE!g3V&y|7{V^Uv}yyNb|c@9^kC@QoG92FH?uh6Ub=hnJ^KTqFKtB2iZhLBdl4kC5)KqKejLYuTSJ$sbnahK{ixw&MNob|T3vv|fAR$02|;3;O=ugR<;9P?n;pdA?79Y_ND9+I3sv#LdgF-^mD^2I zKdC_=l?B>)V~0f$-Xc|hT53CYZhzNI|KK!)bf80OIl=IKJJcZW1i zIL~x-_l=Rias2pc?c?6+U%L-MX^ClXJ)-jn{dmY8)c?$_YT4L2X;|9e)V(#Tf=rtDHC3}b+`5i9O>BoM{>i8XX9s@gj zBeY_F%-4KAn?L6}TS!d)CHSy2ssBcM5pSib@%8@V8(6^RMdc|4fp@ z`v1=6j2ztUoNWJ(bYWTk@lC%R-L0(wP7dZqLgsd600#+cJF9<(iz3w&}#5i|sdvLEd6{$ahVa6lc+Lj4|1&FE4cxDfJ0X~OH?}TH8 zR}8qX^J%SvQ!v*2MGO4pkDV>|L_o$oprReFI~_OOp3`kNeBUQMzCF;p3_j!xChbq! zQ*2e5*Y)OZDm&FD(ltvEo7#Q0OBbrUYbIkhm72P3+ok3RKr^~*)fn^c-V>}&vk2&? zzKivYZGyQQrB$ujxRuMG!U_ZcPU>bO$VfRpqA1dqvsBuJ+ko^ZJK3Rh%jzI*9OTtG zhH{k+4bC;V*I^gn=9Ra$XgB7)R2a*5zzCdGfr(y2xwMC$1U+j?3auPLvpB@o-b&Bi5pv#u9uz|khghZt}}74DX8v-Nid<9&$V_DLjJ;RjZq8C za*z$C6#*9wJh=-uE#%NzR9E#ZrI5&L?nFy<6FcY!`n5B!< zJXGPW4p{ud7xN_ophVFrfW(UGmSk?7^2U$ea!U%x%W`bXW%n67uMG!(L+VYevh4^0|Xs`_F@sjEk1sfCG&dscH!Aag~P)*X;BB+pP)XL75NQpi)x zw(K5*=Jkx7?zVO)b5{`bxcj9om~Ytu@COx55Q5amc33GtyH<>Yk>xzK%>r{3WQR%J(}>%F zAA0tOdF;2FUKzVB_0w^hify*()3Ld#?j+dE?VFa*C$@wrkV%7UEp>+}@XS>kskhu6 zx>8-QDv8n0js`uWmk-=oO9pDT+84554i=UjyzT(>>lw4Mn%GZjwV^x0oQ{4S2LBWl zx&|sszZkQaGB2^v695s$5cKHX_s=g-=UA0LP~(lot13JDE1-vWb^YciAPzGlB((W7Uj#UFAwn36t`0)WS6I319~UQfx? zy)!Ukh^bB4`tTeAF19y&&#b(F6V?X7im!zxg0)0u(HNsJi;1gRAejF4bE2Ne=k)}7 zipRP8R}51QU!WBI=1XMgz3zZVe&icUW5+CzZY`<%%?x#q5wBzZiT8<|4&ozVMiLZL z@WQddDSA-aOYV^9-dS48iLW@YOrShRf^6+=2sP-&f#D}EN)T_2FyG!Q8BT4fTAWwO zsVM;}t){DlljEcRkfYzNW6jyEB8~LEd1dzCMOGx?#-S%C*Izu1#%Z^;1dyj zW5^*oUQdi4h$*cEvRR7-xJ*Qj!tS9sk}3^x)!4PA^(+E^_EgKEo(}e?ts3uOmHFY@{F5h zP-=G{m4B$s9%+)C&21HXiJ9%gG)AlR$leHU(j7| zFMPc!7@k6)9?W z@6g%x9~Bu>*CtozCPC^wP~)%?YZ?-PW72>?$apt#0!R($d?5ZtO`SrK`RdLNAZYHG zc(P_CcI$kSY6&BPDk(wKk~~p@1AVhnNEa()cKgi2Fzo$Bdy5h{i7YZ%neQ~um+Nys z#OW6mFV~yRG-lK3k8e)X>D8Ie_d$stQbRy~B6((V=B^yZPAS(gphj1Bc5>zv%R3pN z$*RNeo*t3HG&oR!+(doCdXuGBXIIMvAW$w~uAoI;=9>^tL;Yc2idy0UO1ZDRAm>qT zJgWvQn0cpk#LG2=LbcJP^T=P4VgZ;v{Uzk(AU!J^wZJ#4o8=pfGWsZLt58`Ivd$) z&4;F_$Jfy_GUnweYQ6lqq<8m=Wcek|AJJqIV^R84w&vv3oLgHGKBS$R+iZfuuAaDx55VYoMiWD~-JU{`V3mxJ=G+f1 zYKv7URhA@Gj3TpV7dBED*4c-oNu%mcx10`;{DzQ&jRu3!PE%uoxWen?bNA29H9FnQ z<5NYr(4-8vW0C;?30f&<8qXZfWSSQ1HjR<{momUw{*VOi5f@cqa+rr#{K2pQ!Pqq| zkn86+mqnGtCAd>%|9RL(ws5Y`RQ=&|g_H8cmE7V`0#&*N_R4aNhO+!V#MYX5` z(g_z2VJc(59y8f=3SuO z7|aZF%_);<==giXNVE#|kmU^=W>=UUOTIzF@8r`+5!V&6LwCejHa4S*XxdlgpWm(P ztX4`P<81U~d(AXfBUeDADLY^#R!0WQ7?GfD*oHNGvVNdy&K4HCaT!|%B#N3CgCY-P zl75&>Wn-wifwS2`s<$9LMP?iC%fvq|1;xLDQf59PL*lw1dQZ<7x|%g z)JfgjxBO1=PAX&a_pfIaBjvwFg$}rR)SI*Z~PL8v8Zcm(- zJ|?2W6sYb;f$LQW2|ymQZ3Oo5+K=lXONB^hE1c@lBWM}O4YAX6NfcMhZs{72klUR( z%EmKp0swalIka$NT~KYsLo~R26bk6d`|IFdUD<|;QX$V}+l{X0_*3o<>Fp_TeIezb zjfP@^3`WfK(yREY>enmltm8&HCE6tCp;%p*NIW3?im6DSB*2{@ztkuGX;@j4X_t-} z0bgRt(r?V1P(_kugBHDq`&d&+65;0_d5+V-4Lb@GJt58?NSzU+dqegHo#4 z=>r;bhB2ttH7b%F*-#_X>B52>J}F-2@SOuv&1ytkwPV&&4T=U88CQTY-haR`yv5ip zI^oVp^Lb^@)3>O>KK(2qMmJXx+2~kaI6)$6dq6!V?Ghh*MHbnem@Q+?9fc4xr352J zr?-V0$qX%Pf+jsyDr?f>JIwBsIgCkl$ymkA`LJs~&m*Zjz}|+SQq3s1^~=UgXZ7@0 z#ORko`tc9=d~q?6KZcA(V(he3D*M`xm^>8+INgAt4Gux9>=KbpGXRBfLq7~EX5|J+ z>&cxpF8!{^y|j`AF~~rU&F{9)aQ7x%FYukDe0uZIgp};x!8Z#}ZdK(_Hc=U?Yw!L=q*_$KpWS!Id;1Ha!e?-$r`rO zgiYAsyN721qekV+c%w*gINXTC6~niNz-yugc3YUG<)}O|3{!#`8FL#Zd&nE6;f9+Y2|Wrd2?mC# zDvw*O>IIu7U-o_j8DiGX0qs>n!VGS_9HWlTSG`VZ$ZnFWqr9Bw`{wzvuLFSoR58^q@BDqRD@Z~EblbDm|Vlb*{6s}KQ z6Qjf-lyt`?ReEYA+_BCaoyTdoz1=1s zqgjxi^xP1uVL7^QaLk!qs23NEPOqhd+4vmv$TVR6tguC0LW(URFPASq#D9lJSoAFw z{oP)Gj(tQrJF4&5MKDXX;BYLn_`ITV+G{8=+<0MUepq{{Jbk<(BG`Xxs!v@#yE7wz zs^oAnh*(rePc8$o!J{5HOuw{(Z`IQKqFIeu^HHFY9*t=^r~`KL*nJ;p?wEfRoA(f3 ziu>uANUKX@x2$Ex?*Q*;3qIHMgRv3&nNeFr%s1Zcfz6!sndXC~#v8HMWr_znXPt?XNIB%3pL`>4 zAE8Xq`^c%=4nWLW(FV(qlY1BKMyZ}CA|W_?6Va$0tvy1~SWqZR`aTi7njSFhWn&Ku z!)T6H66>k-)>fD!}flxml9{U%YDC)&-a@ z9BTkSch)#mCVyhD>9MEh$VeXc)e%vqOUK=+$DwEykGB84o0pEe7!EINO(4=Mh~N@I z^ess>2o&9KU`7(qb0b>$Rt0R=A4^wa1=x?KlofLsRu|ZH-rC83_-R#45M~E_nw?V}h7PveadW|qcGp$w06p3)lQrl*?%P>N+ zaXs9Z9YJd38lOF04U8>-3@(7?#zA!Ax)xf!gLLAAE7-V06~>t%Jm-k%z_BGfeq}|P z9y@iE?Xxk(d=53#FR?1Ku|1_boD^NG@YE9U@n?E9-fA_jIv@u7p>P6z_i%;%0BmzoXc@+!*RAonT zdbg9MTgrZ(-({UwXuFQu9|~R>FV#8wj3Rb_k5mrZeJP!7#0Xmfo|C``MIVYZ602a= zTwQ3+WvE-_ClJ0jMFDBuvtmKNk$LQsc?rU{qQ5nmpMI!97LKeH*b!x7dS2r#j-1{jl*r%2)EuCTJ{M-VsO!@w7&G zStqz|`nCBN7SPnI)!&Q|yTq_G;rr1oD?<)>Nhz6Wa{UE%<(W>M0|oK(hi9|Xlk%wjbe+@GE@+S%{ z8x(_TA|YZ5-49-B2|3ODPq_CUDU2SmuoTDxc!&dd&Xb*582%|2yLAhsKvx&T!xLbG^iyP0w)-%PfuBU*d?n#sYmq=vt80|}u zVxU|x1ibgr59TNDb8p3>P+*!6xC-_gEFA9qZSu6Gqjw%%#T#hjUH_{KA!9>cxg-4f z3#PCeRgdkMvn+16QU0lJn#)4+?*8Nt_)+$~owae3(diMn)%3yK@7jAic)W&r8L|cc zG#jS7{3B|nY`XPshq>sI2p1lm#)GqbTsibBw|4P}o*K!(h{rq*mLsK{L1!v#vsc=y z4_wpFY`!OOB0EUvQlBEbS`;V42)jC(F@3+oVcEPr-M)QM<9#C2}OGQ zZ>a_4c_~4${8&EvU3v)j{MNI*UT&gN0)_EAdv{2?6{@2-Mmd2+CWQz1oSs7%48*#{ zd}`yAI%SJ3i;I>@Dn|bv3QhBp=GDrQ$e@MA2pWc9_kkbyUk!{plYLh9ypU~vfs+7l zp8_B%A+VRx%xC6fP{)8SWqNq(PY|E&_?HMHw+G6O=2Av6D`aOA*ahLNwgDD}5v^qQ zvre?s?ZO3DY1{cb%d{*d=P(LPgAv=ye1b`P4a%z&{VdTtzU_OJ3K#tPspayJIa^Y= zj)8<1{*c(X7tb^?b)r(9eN{ne0nKjFwXy!aFRtk(jt5=1#@1*Exm;4AFE~is?%}uv z+G!*>6g+fyoHRN;A;a}$!#(9SOL1-PQPT0Pc-xcQ^{*dzh774ZY;%`T+m=umlQv{a zSPB%y)Vt3cy;mtTWohqYNsya9j1xdMJ-ET|3)8*{M@6ZG&{vku)x1e>Jb=n{=k+fLTI`IJC_MVAjPFPWHANvyGAaU&lEoD}cNM;IAK_owF0bSk6J% z+!WyGB=2DB_8(9>NlC{RTLgvIsHQ8dAq;uM+&o<#i()mScq3*uxfQl)0Ysx!hO~fS zv1H8S+)DjM^MbMb4Y%{I7k?C3JP}FY2(hdOlJI)c#;PS8#62y>({!5iWjbx;`{Nm^ zm&*l%ZL9X+HJjS&WcEm*;=~z;9m@%Dy4dft3)k!>_h(;%Qy5ViY+YV@fzU@57g(hLR1eVuBcPl%sE# zWm;IxfMW$0aj=i~`UO?@Unp0YaD2Njp zIaRsB9ZU$%jW-y)q%UU=v^0LLIaZ|yS2UaFl;;??JWrj9U9@ICF%G?v8g2R@i_+NM z&mjGJkV580D-U&rR(mjhoL=ek(jCH{xwx}#UFCi`SNC(UV|qX~3NA9-07(oHpWVRq?>;)# zZ5Op7A4&0xR=*6+|MKF2dp8cJiPD_*k{hi9I}e$jW0udOCa!G1iC}xFQ0Ukpw6x}T z6;bmr(BDtMVT(0Qz4Z@GxPo<|ONKP4Z-C5PUN2W>tz{5_6eN1;;2R@`xAQWD zZlOQQ-YLLy?fNW|C|sNo-=W99zh#_b8T>hl%AHMbm*#|(YiLGC@jbgDLn$`L^UEH3 zfkoB4Md}V^%Ke?x#QGTs)bj~6oc|1(6>Db5oMslvqi7eS*-VE3X%{H!gt9pllL=TU zSfY2u+=S)iGDm@Dm}nqINSk_^q!o&`f;h#DL@F!#mTq9qm&i+iScCr8D-&g{07Os^ zL)C9OJR?$26(f(z;r`lTpzRe3D97OGAArTpI0-MC6R zTKofIqsZat85r|$Vdf%IbOoaDMBTMU$ruGa@^kFekt*bK_jbV@!n`jyOxTOgU*3_H z<~U{Y9?lXnH9kY_+3Zim^!QyxPe@7pSD*(mkVq&M()1XGj*E3qulw>^ z?yGh8wMKw_)%E(s4moNgX+Y927A7F#PrFR#u(~CAk#|^|kz^sWANC&{X~dWD2@F0fcOA zoD9ru{#(g@=f5qu7 zcz=Hwnf5>|kIG_ge~HQmCFnkIqR1Sln9Esw;1NL_;aCh56kKbK2K~jtU;n{jiAwuT z3Tn}58OcAaq+_HYT&E-i>oT`1r$q{?6Y!m2p7YxFO9;X>PY zE{lVJ0G>8>__2tB>{3$fR;hpE!hndACpAWea)MhXK^ATlYRM5!2O7dg9b0GJpuY;N zYp~52@%85FaGYt|HU!a*$^!Q=*@8AX4ZH4qs!&TWt^;K3Jwt`|XWW9EmBdc_SJw^H zHgL8nO}L?xOkuto7`e!Yk`@<1hx)w?x&H~uB}1U+bk+gAhjXYy$|Ine5g@#YZl^i$ zz)_H!JP#>FJ`L5R8%dB)AQ>EObPUYa#3YSkAS_I|CVmB^#vg@>Pqt8>R8juQ^*)yKys3q$heAZXh}l;fOfwAf zJt@pUp(bKoU3UWYYX*{4#GyZe1#|*(6Q#bpkJ!;q@^+M2>Y@4fbOtG16XyoYXuAZN zM_>JwK?}!jM|2W#qt#`i!1w^lTYU_6rDAY`C1$hp#^l7`gJ5f8#z`tWY&+)w9y8BG zYU32*onozJEHD?(jdZ%MzWL}MQ5%=hROs%eO75E@>0owy|3IP666IMV{^KwCk6`mL1Vz!ECSeLm;;>%%{HAN0p%e4lC?|gO1Gy$q{%^{5ek`B-nt>mL7ANXjxGF7 zEqAi?i+SF67bj);=G9v;U(mvbWVPk2Zk^Q_kDzNX-TIo9_qjB>;~MT~{_wJ$yLL=n zwbqegEL78+YjE+k(>?c~f}jhxqTsWw9x&~hMnxwlrvDoO+W$#?uh9_bZQ zl9P{{V-2ul*1tu}0yVQm4Y+=a?tJYG5igads2U$=;5f-^+TfY5RI5Uai5 zv}AjpulAWtSRQ8T`?5be7A4Ia^Zg|!f0ca}(KfUtUo-;KZ_XrHR5vVGuMDX2Ak^=EM>w8M<_(_L~>VJnm(o#4{wE z`jO@avDT0>D1YJSxq>Ke*l=j=JX6*#%Y%%mB{+fZ6JHETl6FWIvZvLAs6A1>ijNNB^`L8ry%;~mqPE^iqZ#4?B2jMW0!M2md z=AKJV!3&xfY9{wPOOGKfOg6W#jRF-vv{Ej#fW+%GQ+loLIiIKx_^Z|Q6cgq(qaS^B zP>d$w*X6I!G?P9Bt`vfxDG`!dg|H?+ZWxf~7&~s6y44*>9i?tu!(mf`Bm{2!n?3L@-b_`O#WqcG)bQ`UxUG+AwpWCRo0F{jEF6h{> zvuzTjpH&4mH$2R4M-7|2Y(iSAez@$mCSDtc9%HVai+!04(5^C)ZV}N zA$V&DF)WUu-l0bsh+Ug=skc9Y|Fnc!ina12V}2rj*7*@fR!Zl z6krgiM-F2SDOWXW^2jIXGw0o_D+kPAVz2fs}3OG~4 zoqj%KF1!IV`+;|T)lstM{R$q(2n`2Go4j+an(b)OMUJ zR|=oVT@8a!g5RWSh1>15iKb$bbh=(~0D!zsy%9w%Hw+1D1J3yMeqz$4zz{hMbIC{N zZ5;}u@J=OCqM5l?cdYJSpSV@2O8yY~)EzQa0TlO^>0Y-ne)PL|Ur@u*S7>kF1tvdM zK+o5|{MAC)Y93_&iqb*-W2*Z9`-5U;`cLPCijEb^-xSrv)x^}5D@ZZzegVG{s!{9G zFamnr-z6m(s0h@>yh_BNJ!?L%gL~>)xs*)QeSus;B2+H5n}u-@q+jmuLE%+@KVXg> zc}LofrCZZ~`DPopc`z1(JCezW>_w{|E=I7-=qdzWZP3&j~CwWe5YJ-## zpe1%R3GLX6K8`Qz`g%T(V%2BPX9TSztUe)wzU@npi1*;oWa0r7*8nt_68kgX^!!@6EhId$~1c-y0{7Z7wQ3#p*puv8fk(jZuofhgPhlrz7-$ zZr#ialufh<`Wor)$S}4>?A0iaFgY+(d2+GhHGNXzLBf*JN2TrGT8$5WHFh>9=EgoY zjveF|6ZxO{M z;_8J9JM`rcV%ToiWR6g%zzD~XfGl&2_nVq@#?yOH#-(#a`o!rAg!Ik*`GHe)AIXio zm;g3nr`-xa*QM}0F#z8oisDWgQkuINZ!gqqLKkh>8Q*l`{f9)-PlV^ zM5ZwuE2s;@MLjrAjZ?kes7CYdGKb&v@BoKc+(l{gB&0h%9kWill0C_-QAe@Lafp_+ z_tsyi1jW*XxidYLU3=p1TEHa^V{P2|rZ{ati~}bZngRx4L`}47J;d1^gm5(ASE5aS zjqGYa%su?Xv$Gv63TYOxGcw%zrQ*a>X*#mhZrgC6spIIvqv*=-iJr0F-t157T6dKk zY2nC9?Xwy!dY!-&AW)lNNv&BMfx0b|LB;~!_H2jFM|gGIlOLEJiuCtmte{=)hTYO2 z7lm%kR_^?+uGTjdQ~H2w4$4rQWpt6cZ!St{gvy6Bhv%eL^gzstBr60dx2jkaxI>O|zCLpkQ+nXNgeE6e71k3h=rt0VcCqbWPpZ(M z&d=797ENBk6VKdGmReA&^_A{E+e3YfJY%nD1;?Bx*wH152;EfyGsl6!D72^0j~%v* z_lwmHA>=Ha6U!pgXcGS|QT?tkva#CV1{>hNJuXTPL|sxV2Q@ z760tXMNJaB3MfL=Po$zZ|0l!G{@8RrfAKLy7^cAOgEz43%5llcU2#R!crucxd9tzy z2#NDYJErx-NR7JUJU31;~Zqa_IIsrz)( zp+FQZUF^6{ntBcu^Nu1YdvDE@RosjM=X4R~y#`cF$)?sm8x^M(&N$R918pNmF87dk zJ6ux=Ot0(Fu&^)(RqTfFxm?By3}~!|aCT!Om=8aDNvdx+{9PGNM%q_YWQXhZTjpuS z`8hxQJG7TltD}(*U!Xr{yaGMMj~Inl3YxeF#<=A9gw^D!uBmfkqh}=AnS$A?-uXT$ zZu}(4F`@fZwAG9c&c~g7RuhvCoINTnoH*2vAHfT6xHa1^sbs-~AN@Ez253FZ>p2vo zYrH>Q69US|*@J>aQ{EehD{{SLY= zatedP+co90@W*7is(dq#Te;?S-~T0)YaGa^RQ@+R6^8t$g698V5dWX-R9IXJ;QrqP zuOoFW*T3B8Z6j!Csy=C^H+{q*Lku+`d9J`I? zqfHW0W(jQ83A$=}e`a}R8=Eu?s;c>(@_fs5bUvpesi3ur5$2adMx`8|FCC}1ce=BQ zzd!YIK7&Gy|GVctt!e(wYYNXK)H!S!3H@yt24??Hqs{}Isu%;R2u%q>iMM* z^{xs(G7ZCCJCX10otNE22_0{U( zU|Hb>oXzLszX`a&Sj=Qao7^UxQU4#p&M~_3F3Qst+jhmaZQHhOS5g(*wr$&$8{4*R zCzH2()~wYt-S2$7_xpMN`#gJ}-(CaGQKxml6`xfdYeH3Khh0*U8FCQSL}bx!23=A# z6`ogBMZ#TEM3cl|TkA-`Upc4ds0qSwpXG~=k3zwPV~rTF@hnQzp731AJ^mu67}Fcn zE+^VXiM$5sQNoLymk2KnCKQusJ<}(;8Ve^iwTU}oU7M8!iq+L)ypNF!+kB`d* z^afg=+KDCFsyi|UK_TJDj*Me!l!Vj$i0G`Q$T!836Z4a2iDFj~4#LB>mkvK4E;hyC zqVMo0t6-~HE2glFFSU*O^qVjo5m&5X#y%9)TSRJ3rdOVM&lw;)CQ^{pfF)L)iBnmN zqY-Dql|``?Ji^mGNJC)NWfC1aWL2Iw!~{9KWmr}dSsUiaH`T7Tq6nw6@TbEHCc;U- zNDaB`(E>3>gkT!JU;V-A)9=}T27NJ#2F4;j`PA}10ZzC9(5nK>NRFE{V12vE3-f z+mi260)*O7OBj1$(5Vh83V_DtP16DZCvBivMNo%D=ET!DbTUfGo=2d%+ruk>F@*jo zDuei!H_zx<1QNzo?!iYrV6WtE269$g(*_zK_xeJC4V8p@B3-jobBZ17MC#0)`uS=>V48Kxuj=GX|AFDGZO}|RIWoD_m#-UHODQcylOx>>aUgPH_ zV;G-n$W9DIx{?bEkRHJ6@4|c1gVKhpUZgxNfhE~8R=vJ9N89X$)3+F&SgCV4x(4E| zxAv<+gN#<`4@R94lkjh922Z^I@E2LHB+VQ*q7A-=KzXHX zidSO1TcgbUz;I!!u}@r9sK&%kmh{T#9_znWW+A~1T1XeE(@Kv0!CoC0FxUI>nPE>jVawq`b&OKHEf;y(3}!64jZ4~z8Ig~ z&6XQ|tL?&Y?*ktE^_Ckm4jX#c4l%uV#+_XPRk@+jPt|h?UGB$!=edeLWx8-ozQ8%J zLlhRLZe+wdC}ep6`rB(jW1;v%cTmS1;2#?r#IYK4E-2hL&WYf!pHjCgoBT5ZU)U$s zETHum`;^}sb$e#;9bU1Z;OCaHt$2_xsx3_tWwC}g1$p;->yr^hF^mLUpx5VWHv?;E zw(Cwv7T=MXxx?Pbvm*B}d#BW}s|`E+9>%ldHd(pu7zf?gi=AQrVrPAYMz0fkhWqIh zM8LYS7+mgh`Ft!cj<}|GtBT{jSQhrlXH9>91+YcUG6hWl+XW4T?U+rC1Vhmn$4uvj z!`ToqFHKn|$J`zkQQdV&ftwcPm+@}57HlfZa-2rCfr`$#TEYuqvCi;&p0BE<(E&!$ z@5QIDJ(#W-jB=YrcHL#|e)M7+r~qmAGVk=;CWaUTQt5n={c%>U_rhvgsTvVo?fhz5 z#W{dWV^HRpN46bR(-&c(mj{(>5j;O z6YWyq@8EXRKHW-~9u*8eMf&-9ymFa`jS8(L%Y#L>2!$pabo-@OySWy2s#fM%9rs6~ zE}<=;>L{)1Sw86L7qw~gY9iE%JS^M!TZDQ9AWl0lR&L)hD%?Gfr7L00fxP7D21v!_ z_FM?hdZoMUz@JmG>}HeK>OO-TAUCEpS4GTmXF(3o_mQ=SIY^+*?r&2brHQ6mU;F$zvh`|RM46%zYs)m z?5m>(@`YH6T?xW~GL0X}Ypq(VcfU)w-^&w&Gs@vtVRmhaP(&!ayNe5tSBCGSc>Csz zYJuJrhfcw!N!l1I1FEjG~U}ODCzbPJ>*B1l3K59{;CMqe+Tl7L=lFW>zde)Mtgpy522e z;+$^rJMD~rn*L*YGI6?$8IS)-+|_IHGF?I-_%viaGt+zWE^{g4_vgo%{g0(u(%8jH zF8~Y6#yHP{iuV}fDb|D?t1fjzW4js7l!|&!K@0RlF{L16B!Sr$BP>+r?{Yrn6{5Z4 z)n?n)D&9ZHM8G$C;aG0Sh*MxngDuPlTGiPt*wt1nF5J`(Hk%fhm;M4Ano>z%LL(}g zez2lqm>|Fj;(_rD6vV+mU>_X5xIUOf5<}0DC9zV_d;*zCC6eE{HkIR)905pbWEz^x zxPB+Xz*iF~MpL8+^)(u6a8*TR(blImSsCS3i+DZb)--3;cHEkB9=$Ug)lvqZ!?~UX znsXPt4$ySl`7)eQil#nFers1)MZL3MV8_Yj5yU&fqs{H?YeD;d15O+s>?~jj5~HaC z;X^_3@F<_ce$1d_cd2C+cC-o1XzH6GJDY6(TT+yiViUB9I>2!5<#rMJ{g== z%@6xfSaAlYQRUjiev(S0PStLi`~yVX2|hh$r{%IAinaS!t4xGmQeZg^WWlObaXY9M zyl@MJva7evcX9so4k5hZHY%vY_+24yR{af9i1FGDRRl2A{xyh6jwt$X1+y3a{%`B8 zn2T*k`b=LSer@hKcu+XNXZDsaZ{vkuzP7iqyv4~!RkU7q!Qsip>81;8^WkM%N5TfR z67)-57ha+*AW`cl+^lZ7`{k<$?hA)!WARP4*014)r>RBlL4vx)@~JsIugb^dnqrBQ z_9sj3ka2Jf>6?RL_tJma+#H=CN@feVG3AB;?hLQox=(S04&S5unwcOxVfZq@ubUka z)0|=~7!0A(F3i!OblxUMAoUM_Xf~zU763(h=^i0uatbLR>4Zc-7RF1`NYY6*rk&9h z5=T-FUPpSXLez%>Q}U7x_@ULBtF1fakC9YP1-x`4Rf!7B+?iKtw}rZMzQNLJT>yws^9 zq*u7$Sn~^qzlY6A%h)`_n(lf(Lw^VCPT2F}8ovqY2M3}-`z-813tmH8=mBQ`Bc~uu z34R&m+p01A>&1%xU$wu8go3NlcSqp=;)|{_iaDyUUVLk-CP_XLl#(DViJ)YiRgyws zn1WJ4QPf|eN8^Udk=2QzbGy~zufLyuoA>$u$(Ne90xn*2_YH$@zKCviauQ5A^KHG~ zUFrV@X$`jZOI)lpml2+u7+02UYPK!No~e`@voyP`tZJbyY_D*Ken|eNiw@5?4+AWe z43Fw>g%u*>Gp#kI%t<{SC?vl*A5iCWqMux-sy7onZP5is8F1pP*zHMZ9L*Liu;!9K zGii!Of%8ntD+Pjyh$9L8(ujp5F_V!7V*Lei`J;g%5eseKE0rZk!Ag+Kcd(GTve03i zp(l+ZgP_nCVYLk&V|(9bi>94N0>-H)+=S08$}du1skf4?%3RkfZn(Bw#aqs4j<`+E z#+#@Wf_zT_`hk5^I`vxTlKB@E>dKhj-T7@uu>t+wbGk zSwLWz8gNzJUetCE8JdZbld?OIx~!DH*sAY5>$*)SZow^BiM@{N{V6WhU`O2=go8Wm zFHqQz?B`d7`_TUKO_!O$c^uUeF$^-vq~SJfj^F;KZe(wQ6Z5JOuLaxDEtb@Q$IxiM zM&mITOGScpa}QWl5*{tqHYUWO`37_!De4s!e|q2JUsgcHPzg%NO;~+uIH3OWD~-%} zp2bPh!$9TP1`O8r@qT5#5J1y(ew<6>%Gq@09b7RbY@Rg@3O}Z5W!u}$88a){Se0w4 z(F#|kzJl<921nf6ZP+hSw;xFF=U&Y(=fxLTZEY!Q*CZC1t-F%$AfKg2Tw5O;!ON72xiVnE%UJJwc2+`&C3FBV4|2-< zxQxn{27aAf5IxQ$O25MdfX(WN0H^5GKmDqQ%c0qnXImQ#@=f;;Kp`)c=9_>-`eSuC zGma=5&vKvsf@*qedL`oZNLt+Svv}p6faBm})aAyIU!G`N5^;((=Lj?i+6yed)t_-Z z?w-pome-kw#4VcW6gVg2m}m_|*1P-%OStGSnaf|=`6}S+Yqsq{Iz%f;<8x1{r7nAJ z8--J*G;fquaikE$-Y&ZPzhRcicx8LZAZ+TV0JuXsBd%PQ5kB*zuV!UJXj-QGbkJQi zsPad9kI?l3H>MkzpjRz1s`qtbP-mOWnfKe5`~j$+Xgi1@IIAGs?GTGFwpeIf#F(M< z%*eLYG4IP&5EH8H5fA!5ML$JOz>3*hgdCux?9 zqsjt61kwtD7O$*h3#RT}-iqo87USHEd<9Ts*inke`h66YQdFmPfes z!+j5H8;61E)wA{eWS>1^G-zNgxA(LxOJ`uNBY4-A+a3ftj)tBU3)yBg)l%|Y=8`16 zOLB13NQg$Gvm4i%44bwG;{w_ROxKBp)ZZAN2oNq>#=F60dv*&>&)uxKo76Z3QH!cT z5BD`VT6N61oFCL~izl$B6^iT=FvqhAjf#0S^AJlBL>wWN+-`|cQ)({Y~y&Q4u`Xzv0rUi-SD!v4^4`lZY@_709_**S^l4M__J zr9FH!R4p36iBA+NqEsP0g_S!lsJxM_V%uL6R3D_HRPd6kXQf9&S5bI$HOaYZX%+x! zp-rC*RI~Du=2pC!!ySc9jQ47mj9E^f!Gmb|K!;QP73_itDFh|Uu?u)pvA)`F2V5u5 zB;$zjEhvKJiy@H$(Wcsp1u^ZX+ch?~&+II2_J7d2w)?9sNz5kk^-We1j!SgTkw=s6 zjwZmbyaJx}mUzh2T(yL)yLMeAE@r#_EM{84C;lwyg0WEiI{)hdx-?Cu50xQ}ZC^Rp zM5?}&1d?&uScSWcAN$_l4X(mUEXV4HI;b7$+CGwU0gMg24fuLwhO3vZLveTZTY zba4-+@wa)l$9qFT@n(!~&1(@ujD6F3-J^n$O^eVayu9QG8oy!*Z{ryC8yCmo+ub_K zY||PuU-D5Zm|-EFoBcW9wh3xr^AI|>;=9KG-UUn7SiC^450qm#5Q1B+qUD`o{A2^< zfB8vB5W#I(DAr+_Q`0%;qmM;RZO>)m+CC<34Ad7EH57Jwghkt7J~rh3Tfq9wp0}u+ zu4!ZM>~-@GItb@(*GS$L6+vp6tFt!FFY-`fJqPwOMeb(%2T5gb+>haw3H`!wvpLl~ zd+^4iK!+aC*>2qe`xy`k``G5b1FNs$o3@Uw-^X84dRg7V2rsxFbXg=#(5|_bzCycc+loqGXSO%@uAVg>tuIn;*c8F>r;)>T;d=L6iR4XEKSg)O;aWC z9EVIv;wfCluNijYLTxPsL#1TKk;#QFl(2Bn)K3@<78R_Ss)-GiD`#k?NCiykq|nwG z7eyR#rF4tPfnR$iQ~v5mSP~Q7Qm`^jI1fvXdXzE`1;qjUc}JA-DANiJtFw^U5(p#G z_SczN@uW~pawf3J3ES#e&9O9v(gsLba)67b zlN(|O^Tb4sHAwisV46T5<&%uT8biB~OEK5N#@|wXtPhQ7*fuN=XHo_3+FlE62%I{fzMGGyftCcdKwwcvAu1i_lBon2s7NQqo#Zd?1LLC(~&JqmH2@1xsd%!)hW^nxscL^^sz9O7#Rz<-*GWN7c)4z)>D~nk6KX z=T46Pg{~r|thk4jyB#jm5y3KMLyL5-HM+y}9L-{;bIZ+Q%!0nO43W+YOO5EwlVji& zL=3ET9Bvb+42-lf6Ad0d+?KRJ3-UB-oEIVi6k|oWp!@&f7;&bNi=7WkRtkhJqjyg0 zfF+!UeT9v2u1W&sDN#;fh$WRr{!Ws^v04w#m#3w&Xf_h8>8%+cf1)ig2rsIf+8G_xE#+Xo$opYC2 z6isN;|H{MA%%WD##7vP6U~ANrL*v5jp9QNE~1eW^$`! z?w3nV1u%=GL&c3?Y8nSgGo4KT(M7J8xuI}9-nJkFsGYQM1pd0LvL}c4d}Q`MzXDEQ z!@eu2Y?>%ezZcI(>u~JzN`rshe1E&;ShQQJnLj4=V$BWd2}GGb+UhWO&h3imxkOO1 zH>gP4P;+c_S(c{;N7wo!S?%&2-#ujieU_?7%&ppxcOSa8L(nR2Kd9>Z_UW_Ax<*`r z(3IHboPllsdx1UL<#~?X8FBMLA%Tv$*Z}%=C^D zyQ~0}KdK@q$?JpZpFUZ}fdTzak`MsVMn5*8ot=JDgd3_qZRvD> zNzWm>4;7c1H)9y{Dq4V1b-P-3-rh8EgkerQ`#rX8xx5b`Sgyk^XfZYBv6i*qX-;5u zV*D)aq!b(>RA3d@8wDpIFhtIPOh5!|K@pa=Q*g>^q710Pz#?FH{fQd~)@b#muhW|q z>CKyLWvn-W0X0EqOEa25bUO8`>F!Oe^z^J-zkc}9CJLvkpN6QM@JVbq>zyI$tZMQN z$k{VG`3RaLxazh7D!RZE0I zh0~Rn%h8C1J+5-gh%!KQvVfTy(zWjoQaiA&w4)i#%~@Oa#~531u6T!1BSxBxo7;3t zn&QWa8=sowRSl|)s}}3jthFpu5^Q5M@S-cX#-TH=~6~o<Zbi}nD9SERsIvI4D#+r@@vY}@dlbnXi1A@W zX-5hS7${c-Z)?q00k#B$JGKP5p9S|-y43PE_kF_8T)z*v@4GC|Ot}&9j=+2f;5^J? zynb-t7pmS*lXIx`F;$zBMsEvq{NclP0bBFG=tJA+L*sRh-yE#*GW|`Dj*31l4{bY~ zM}%}z*8P^SSwP}G@g=Fhh5BKmO~|h`yaw}fBh;PW@$6Cme#|NHGyy|(kt9E%@e+YW zjWDkBQZYHo>f^l%lap0<&CZP8&EUKfkrkA5NmOg=uddq+iK4gKRC)yYu~WH8>17-K zdAxEF+umkUxNKb-E2Y$dctV9oa{~Kl9f6%I=l&DR?!*e=>DXANiia*GqZ-K{S7)I5ote07Z3Q06j8E zkU4A;ERyRUj$Qta@Xr7sSklIwD$I``Cm8>x8X5n8#rl8e8mp3Yo#(_*gSQ?an8N*K zEnrb83T1lHK3G z)sUTbLCHXLG_)=*J-^osXE%I4_4IrJIbg8{SDLXo2Uj~1KWQje$!gmlvQ(_OjjurAec!Wt*CDpO=%YeJkh80Xi7)BlJau}c-gB?bh`Dlp! z7{M5Ec|sBSh`Q&dZG-RZZ*0|N_H*t7-Kk%vGKne}Xo?=0YSOZj7Z+647@w`xw43IO zyHMK54qFFky~P5xenBiVi2n5wA~_`)D4odaBN{mGei7~3*j_|@M#)U3bTvPYMDi~t9>U&sQ73zSMfWl=+@G1m%uZeYN#ri^d5l_^h1di136} zZeLpVgnZ5AqnmgmOjVxWCdodlu`;hxP_EUk#r&*$V-T8h!lZM;V!eKAzMorvoGV5h zUC!H9)vQmiHXdDclhNMCC z_vj7c%s%7%LxwW9}n~Sop{#T)dyZQwh~VJGTw( z;coYK5^XtZ#H3JPkWJ0f7Ry$A7KzyjdQFN$4!%{uSO2KAOqKUCccFr3kT);SvGLv$ zVG6msWu*dMbvyuX>471&)Oo>G_Lbltz!bP5Bm#fi0K0#+0so&~hO*#);~J}yY`^(} zIP`S{fr=WGssKTOKxzxzEW}te%|?>?R}Pqr42m^1xUs0-sSfORVAx6fDPx*`n%!q+ zveB(%+{I%9VX&4Oiks1IZ_Ifkv?SmnCV_)#~v@>uSS=LS||QgUNDDJFTDb6eQo7#UjC**eVuOM3_h%E%K@U zihd6L?0l6(!HjUi93F^-zXX1@7_ov)_Vl&%#SZfx)Y)KE>XU$}Ar6y1*3&I$vo_db z%Pu9;E5Z#hmQU#ZbEYGjzB`=X9uoOCGRhVb9Pb3ssN)P1GSPwfvh}KHLoyb~gJbIsk*Nt{i+p^V}4_r}8 z>KGSRwxX4MDo-xN4%LQBw_c3h$A}JK=a|5rVLP=BPWsTs`nI4eIjC>Her{|j#(p3! z=j4Zbx6&*8l9laB__K9{qXR%FEvsv$4;ctiH zE6ce!O8gFA7Q+z#6nmFXhu`7$ihk2R_CdWC8*<3}u{HOM2=s>p6&a@h-S{~Ks1vhy z=;4G;?n2;f4o?R5cF6nP@mHig@Fyncr3gyjqiNp4xftp0;k`|xM0{Jo8{RrQ5LCrBo-oOXq#EWGm zqJLS=_;`Qju!WeciNh83jbLgJI-5TSI?GEzFi^TOI8djU`Ca>ps*J<;2v3Qcy`u-Q zsR*aAa2UA%^r}H^6E2_tdUzVOK=hXcOXgnOf6Lx4lgbjM95%t8X{rn z92kY}!S-=vi`uxjhZ#H6-I5311ZJO9aWZ}gw4C|p2IeK~OUHY+29JfB+w<;4QgIH) zDOW+pM8X*{{63@#{9QH(9gwzWyO1gH@;wveAkF9xiRVe|Dk7;wQPtb?_mKyyiR zn+=@jbz&8xLbxQIiD7+jq_N3gzXYAs@DcEJ%(FnaIoN$`i(o%sxFjshk~}AnJysUw zpVVT(uqsCW>l{HiH`Sq%;MQ;|#?9-6IA|?tH>742HO!bXv{3G`r&Rj$ONM|63z=NK z+nn#zvGf*>nBfS<)89X{u|Z09Tri*}(I`UWwtosq^AeX3sr~}DBFSPdYPBmX)3=QhRaY!R;5Y}20F5_xY#tO5kYB0sd_zeKn$plXVs4&tUqW=i0JOD8- z=SPVIv0z#NtT3D$v;R=f%HzO@TL_3b{8ZDY1-pij)lckklJ)~%9COGHhk?t?H9j{2 zL1A?X^Am!zWl<<3JPe-g&Bc@+!z%#!SOQ-yOe@LX5MY!diI%3+A4l%-Me|u`=x)|D zO{EN&bI(GyJwflm3WMk;gb+ggp5hJ;!wSt6ChCbiu`)KduAoHOc-5-zud3n^{b>=r zx_bfKCK<1UqKPl+kXWLr#OA=+ZZfRfH*PdqX$-(PD^rsnyLYM1K2|gedV~m4BFcv~ zo$#94z0k5r>C_$Kw#C-Z04x>XG+F+#g(l$r(}H*NXz_d--0BzeJw0!@4$zrn<5s=jWI< z$>BgAw0aKXmTukxjp{Xt9p56qXNPgw&kKyh1NUyf|Be@RHq{y%GF85+*4(YOdg`pi zoKuq1nEL4u(ME*}IpZT&q#J^Aa*ADa(uZM6u|@Cj_I9-87iP44A58xhz=Uv-Y$Vv8%7soW5^NYyfo=!#F7(Go;DCYURDFo-qU0Lka68Qf97Y{6na_@BF{k06rU1Y_|!BETZDUe<}n&X zegk(>?lQ>Abihlz;-gj)O$IV0U6$b>VNb(;E!%aIKi+V$WAQ60k{@IXP{q{WZM;p) z)V6%h>$8Uo!XL|?`Ak?g?4n}2O{y7jdtKk8Y`cxtb%$bY-t3oil9huJb&_&%kh$Z9 z#BHUS?V;V=QUd?w`Mn^~z3yp?#S^BRzr4F!d0m)sM$I zv|b78mouN@^9MNxDhZ?pr&afnm+f7y*BzH@wm_;neuO}WBa&TXAfJ%SZe)h87Et2# zK)B!o#r^nI*PqpGpq-k!cH%zVw*|HyZZM5uRbdk?4wA`&j9h3GCUi7=#t?>5 zu7%xUT|Yo%JU+@J?H$$9r19(7Qe6ZOBY;#4=7~`yXq*F=Xp0ouAsQEccqbM&6$;O! zeZ_>Iij1is99WT}_U@~ayg|+7(|~vGS^My$6)p8mFljP)h9KGn z4)*QUqE)!vcn|R_KR-K&S&1hLBivPth=$EQrBMq4)XfGilgv>qdMw8R1 zz4uv$uJC@_G0ZYwW+6oOc0!4Rg!%r0D_ORzxONLeXDhtm?m)ZBm>!8jq}Zz9Uyc9*<1$V76NGAE(--&LLNRi#+B{b z{Hi^mWa|aXm?0kBYlpifZV^QwiV}FTS@k>%e5D@9jAlP%G z;bZ=38S7umM~2x>-Z@S1J9|nlPE#D)mD_c%a3Mlfu^8D^qZA#BubG61lT~d)%s&dA zv-r(X09`^rfF{N{G&`)D6qkAQ9J@CDa?9eRZccK<%eP;>{mT@)&6+8`g5&$g?k`tt z&hD+sSRDY$Y4Uvr+-9ZEGRrjSTf$npizJ?*_6h!4s4sV%-Cn7whTQ^wN^}`$^;Xoq z|BlqI3#q7sB@*hRqSetWOR@cM=#fY-FF@ooFLCd0ZS2nsrroFLA77I!@9gG( z^%;TRJ7%x9{IzM{sVjLdlV4uoIqIK`L&nEJnCrb2#JUqG&*@%gHmHc#2%Y96u6Hb7 z4zzhlvg{$O`{g16EgGQ(*^3|h+T?27PK@fM)#JZCZb2P{^II(W@0#7Cy`v-ZVuE>9 zF*%&-jTmolM}1?0^u?qU=>ikd>mX2kOqatvUP&ZZhx1xg&h*PKhHewE5W3hW5K%MJ?npYHHUZr~lj8(+hj)%`M@?WdC6 znF98}KBLSFfTehxdS%Yk-Z?0q64;zxm|KX+EvfAes9!xgO#+j4s8Yv2GpUQ9DR*K# zsv*cvH#(E_>^?lmLvluU7P8c`q+I!}DHrIkrLBJcEq+jcZkiojEL65N#rB?<4Z8G& zuTA0&O}HlM$S$GSnxk2oGC<2Ftv=cwy0bxnM_PlKAB&J8FEH?is1m&o-`Z|TR(H`@ zm?Q4W$GPOg)f2ydI_P@d!*7ykDzmcx)5IeQ&-;w>nVCGQm*1pkcJ?vqUCkLy`b_^^ zAAgaGIBGZ3CNN7wOV$+5V#Otov1e~1kefTGRz<7kVtXITvq1SYHCN;O zRGXg-mtoDAV}AREsa1UqzCx^|821&EG>AY|*>yk+`sx8okwv}sm#)wKAe zc^0tv3T6FK-o#hA6ffU~KDfBrPu~8pdN^;b9i@ZOru(FUrx~~Qg71-ZK8xAl z+;h7n3yDe|*d<_sA_aLgia(Fm7B#=HPFRf|x(@5U5ElMnWRn29ng+!fz2)Icex1=< zQ>vZ_&k$OwKo#QOD0u!0KbwM#v8GLth%ACKS@3jW>`b=3PkWpj7=Zzm0A15V&15fj zc);2SR+d%GB<$A?;$A9%46-Ga0uUkei3Zi(C(5}ro7xcfMCZnFUF;lZfhdkDf4;v( zqPRmb(x@qQg+d-yrq-@2!KOlZi88l{7K+u?@BKq~(PFl$7FXNUaWqA$j!lu)zMrrV z{}zhVb7?zu$P+g63+x}WGPK9pRRsIvhc4m2soQ@yE26^xt+`dT{b%0{Z;NERX#;8F zG;k5EN+Ss+GLm3jk~(OW3M#LfhwO=iI?aek09ebDwlz%<3c@l5g(Q}%S6xpgq3@?wT-P!%LP;A2=hK1k9Ptz}fsf!r^LJ_mNU(7E@`?QjK|nZM zAbmKf5Fe=6vbesmOT3Kp^jD2nv}{>Ph)2O2@;|!L(ZFs;K5C^V-8QT=&E_gbF?!+V zSgj{`pQ)`Ry=HAEix)xbzwj$CM1pv$o!AH&mJ{{dl?^U?uQ@vup<+I?6Z^#V|ID0|hSlX@a>yYj_|U3BgheHI69 z3xFwd@>97JTiX?yV{RZ7!EmJ~+R_W#)N+C3*QQ3FITzi|-JdFLNs#Z@4ya#*4k}PZ zXIfhv(=Ok2+14W?gBz71c0GF(fe2zrR&<3*Wb49mX@# zrfN7lVjzF_I=s$5!-LOF#c6EyUDt3tMppPd2T%R;l$rthxnPf@@6O5v*|^bb_{MOH zO0;?oQ)tzk6Rp0|u_oqf=6)QW%ssBqeAT03j0Ic6HC4!KZS9ZpwDzw zX9vEfDRz%+s(dc&o}Pp4j=XqHqQx-}gJ%Xv9+3yd|Lk*975s)#eRDu`6785bo@%uf zfs1bjkVI#|wS4*ma6`y_A>HlW7$($Vdf^qz=i6VtK0W`7Nu)N9OL>OWuP3860>qksDr z-+%Qj|2{bS&7A*taI{LzR{c9o%$E#`W`pLSD6t%jHlKxlwbUm8oKiM72$_nNg?6xI z!b}LAZNb9{1g-7}l}iSLQ-_t)J} z&JVgBM&b3^3d%8-)}&QNmy-STg~T0}v+OLb(Q5Ya#-`B>>V@{AKa4UxTMWzCh7Q7tE}?u*6WhY_fu)Ca~bBx5vI2{ z{@`eeXh;^YM+jm0+a$sqhXnX)jDbjSARLasgqcR69%yr>65W5xvMXY>N9pYCSk5x( z5^uI{51)2vr)qJ%@l|H*<|B*qIfQ1i_6}o=z&Y}<* zCBO#IJ#l5gI)?;Lr9VKsd;Qt!<4iK*5Y@ar!AjN}TfnNX0TSzbOWd%%+%Rp$^sYXJ z7f^GpiQf(W(J+yovgm-%h{hbsTo~=4As8=6dRdfinBozJ8#dU&gw6LC42|IDAcMdN zBA07Wa|;tuF2NoO;Zy`{Lro^85z+P=i4^d}QBZjCr*@U5r`HL0z!L9VHRZEPtv=fM z5=GXaSlc*W@HBc^#}-`*R6H4ajjcBtf9c<8dd%IzXTOVWDr}}!LVfteCprUg#`y`j&DmstDeYUBSMaBq+2k80$ajD z`U7Z#gZA<%pGV~tns?4`3e^00MBse_>{Wlk={_1#?!&?&J;C`#IBLc75 zH9iMpVg@_i%XZ9_qPL+`mR>NC0l^>gZY=B0olUXbxeYKr%g*hl5=n{*xJvhgJ_FD8 zK!LE7$Wukd9A5zS-$O)_P0F1cGu)sGXS`v4z!~>UTS3A{9sPpI1aSN`H@^nY!f0T> zLDy_!;is%Z{>vJKL_#{Y@~23^o6swoJpRq2BZ4H(W@iI_uGN0Q410)WlNeUrNz|e< zlCPftfL7lo#eFXd&0#mU65BaagDL$Pl!lH>`)j_xNbmhJLk1;3re?Iudfz);ts2ow zVt12VuMan=6(xbTkoynR?+Q4~L0rCsyf7oZV6pM)Ihu7*r>tz4YYVb?X6YWVb;#r7 zfWT5dU6=^|2NEIMhB8|=Rs$5=4<}OZA30jqh{d?PgP&N?lcOk+km=}ZIRattp%NOg zL8NJi8DJ)O+u9b>%OTSzV16PWoC4Vhu}y#ZE}v`Nx#Mnk8tFLn87lUTqm3HH-t>PG z81N#4-bcoz;P4Bayx}2OyqaE8nz2bTi~12*`nA+b$CrPsyRFGP(rjaq<*k+y#7^^4 zkPK5u{!U%B6V5it$A2tr814C|luBPH(e(Ppn*4Vs{C`eP6#7?<{4J3M&7Dk5ZNHcI z{qx?KL{wNrLd@01=KuWrpAi&QD%SESiio@z;kHXjDSw`Y%1hU7HINjLL@X)m>WD;y zjh-8I?M4TE+7RMD31nFm3&N5`Q1;A!CptFM1_?ybz8bn;POf`TrloPe-7PI${V2Zq zW2o06yMV~WK5wh*%+70A-mdNROWWtKbcAS%bAq<-q)TL+joHbLlL4lyJ!)j0xAxkM zif}{tX+l5S(#YB*!`zP+1Bhh3S=K4`XM9PmyFlL`wE=lw3^yXfy|Gq$R;Y}@*~DI0 ztNPc-15VwNuF;29#U*CU71hf#zvOr-@*>{W9}Y3)#$lwNVFD{imP|8+N&+Fh45R)8>*8UoM3I-1ukv&b}> z4L9=@ioc;vmX7h3gAACAwZ-4V774hs*w4}GF6rc~iJqrx=by=kySq=W zkh{-KIp_5v3I9<8dC58`S5O09EAh#IEFbmR`>o$E17KA^SYsVr(T|Ro`POm%UMKS$ zIp%>s#X}OApainrdsIe_l}%yN>}g>cQ*SZc@G$8CCUnPtRn8TbL!7cet(Q-`ARgPU z=jr++UejDEof5i|Yi{EWZYl4B3}R4eD6ZE)!bqc$JrvhmhSQjo>~C(DR?6zJ4UUYBq}jxlJ3vS{M?G4MNRNy zwcK3ZC+9R$M(NF#&h|Lg^j7qeUJbG*q_P?eg?x|7Z}-yt_a`~i_8$ndtDlqOPEh$^ zD@UBplW*B~oAgKL`u4v)P}NW#zbU@%QE5`Bqy*bG1DYwv8UGBh7El>c}-8e z#HLnnWHwcPf;ML_09ZU3l%^9z$7+Z89p(JgbKMvZf3v>vq_&3j>1>=J(Q@Ii}|Q&%F!bCaYNYrwnO7)Vcg8q6xW=v+Dw8Z z@;kcP1~d~i1(=mNxyZ7R5EX$~?Xis0tL8-7YmVf;9wsglR$Hcqu^)Z?!W|m(^m}pa zjuDLT*h)(UWD%`v*?u6fLH|uID`c~_5aGH?Xr^ASBqDhM&z0(S1;%?CWN%KrK}XY8 zED#cm5_k*u+$=j`Lqm|(Tf4kB7|*-xjGe!0jvJ%$P!Xt`Q@i}No}4WsLBJP%L4_}@ zVQ}RWqApkvPIgj51zOa@C;RBON&$JUL1lRvzY*yi1j`%+wZ% zn|;LHj*+uPTT527=96Az>Z09ZA*tPJ*an8kd~3OpPHqQdgpjSYqV))U-d*FQB5-vM zv(*C5G(X|d4*gck9}1yBJK&-q8lgfdp}cl9mM}O7teY|0&@Ng+a$i`)Okw3gkuKrD zLIT>nwUII7s2y`q-wdcWr1S`uJW^;!!%?4!60Y_x5TnX&dPuZ`vMKg99Vf<`kP|<2 zKkmTCjS~?E%hoG?@wD{tb2Jq=%F4}^H~6|8;21JhB#Eiu2>yGkJ;9T+%Me39``t4i zxt=Yq5mQ`R1EG3#lrr#9VonfEn9*?%#nl$&+Mrd-8H^pTn}Q0wG)k;kw#1sDhkQ20 zW-!z+=&nuB7PP=j?vV78b=Ead3Fpgcm=u*;1&2v|n(>;bZ@kf<h}<7#=gHprgQG1nXpQ(dgv714y(>4VGjv~UZE(bFp&9KFJuIU0a`A0Z(=8MHHO6`>du@=t=Lak zfIPL!iMH2D!SMK%@Qd-~bYS=JIYlMaLonB@j7#Af4cq$2m@|mu4_wj;Gm|Ywh(9k~DvM1OXyi{~zUmL*fBukqSj+^HIwzZ!Y z8HZL1JG6Iup3z#ktNr|F!{~}t+?JdAF1Hmus`LuqO)Y)m4V;}<>Q7CxWaJwdcH!n; zUof(C4e|p2Oz245Mn_zcW~a(s?;F{&f4C-c5HT>>V81tu=N~g@Se47ob~mdni%}Tk z;ZA$(={Mu~JB&ki9G$u0V`vseR9Vl(vMQEO4;=VqMNZ)8L~>E{DE!Vi%uHya6P0$W zZ_+Hp?5;*&8q7;v9Of2)7RIT9kaOpjE`>hY;yA54j$aj8XMqXG#^wHgMTxaqTb2_` z;0NL5fkHrQ7VKIPshLpQwBJUo)eT$W93%27D7zo7resd%K#n>pC8}b(te*70@neQ|_&vjdzHM3oTAO zqzq%$wlwIN?+BjPN6Etx_IhSP)|fP1f_sc41f3UxTbevQ5Qy*ibC5j>+$cSCg)uDa zDlP>>`Q6UNRS-1Ck)`|in2uq>wZeGN?sQ8C=Baj4%khV8s1bj(!$OD~?Ej+dor7h0 zw{Fe77xuDk+qP}nw(Y%a+qP}nwr$(J&N&f%Zg=$eySFPc>W|8Ztf;Jre8)TI9M6Db zkAy}&G4$o}=Y-y6!yJN=uL{2ICcGoPnWLMS3QK~z6t7r|<6#GG2YELTV-Nv@^yQ>saihnU6KywO+JdnFYJ%1w zZr)(#2N9jmJ0p~Yl;XT1I$`F`fhIQ$lhu6-bT6zKGq50OLR@lV1cSRc7IG>u-St#8%GqpedWU&^di`^ zi-A#YXp}#OU9p?p*gS6XR(zAq1}T21TS&n-X{ZC|dyHF%XqxcI)IU9W-0@uKu4uap zW@1E5r5=%!#cx>&X{bpIDxqu`A&$ksy+i5rR_UHyxB1s&n#nRK$-gZgg~X zw>vO5B4{QMERmQ;lNaf3HuUe0pSNH;kRFguaDS?*10FVgciJ#Ydyv@C26H_q;?s2x z)^#BZfBWoJO$T#5cQM4^H^u6e{J0=DM8j&8?eqni>mW(K-?+(0Ln(QV#;|dkbExvy{(>N4m{)=8=W{q>JBD+olnxl?m2!v5(6YrI-<+NzprWyXK2tL6e|De;?*{$?}$a*P1=?``<`{5-1OF+26l@N&iT||5^S~{O|rG zSv|A=C8)Mh#luoV1?wy7@__is>8wFwj!`V0@^Wuwb)!+LIj+DW(@;%x$;i%ZIm)Wj z&KiLw%F2>Nqv=+4_zy<36X%~&UJL+aMxX}2ipip?bRY--!Wdp$yh|8Zcu-hSApW(6 zK9{M^S}E=EHmccMw&Ser&(5yx*Qr*X){j1kU(WjxJx`|g_=wR$lddO*3!>46`UttE z?(B(DL2r|%d<02X>7s*7pue}p48}kQBL_@Rns(!j8OwV|i-Gl*#lU>!3AocFhwBUw z0PrVXTiCdCiG}M8GDLvFe%d3FzFodZ6)+?u2(zapv75|P5EefYA39(GAgf&jQ?)XeW^u~^HU6R3n9L^J{rKF(etKh3N#9ZxC z>!uv_1#^_e4vFyXb)nHhV-J7=%TV(#r72TU8R!0dGR>p;ex5_s`4~abH_0*R1xvbo zPz3{{C%5p%i!3%fF=8fgSjFom7>vP;C z_N6Mn=7Iv*0Np3X;!YSJX>&pph|f=VO2|=+vc{YFVrqU}3&3;9NWzjJxxO5y7w|sR z=J~Tx(pL$3^j^Ma^xQtS{@cn>@J6(0A4H_{t?%X&AmQW=GBxJiCrW_VVtyrJbaC7C=i|hgK)U#ZW=yv-g!jPfoBka|!$kslpKI`ewkGI%; zsno(T)_}oTP$I;oFEU_*!@@AH9T$O&h1)Uks9l9V+m3)@lBLqRtC+&XOMHjb<gFnWc^806a8z?vlPs5$^`j|3bof#b0(Fc`Ak;3V{M9Yo!MI^H=L zs7YU{=;hSjYidb43{=c4Z>6?oMry%9-cHz?Ff z-XwiduO;3)>Z41sxr*Zox0`=F%M_f&JBjHI*ywN)?|oFsqB_^)#1nDCNaIwl)X{vBMfz~2xU}#gWe9mzIC<3$qB-I3ro6Rc+^;&U zMMwhHevCU6Td1zEUs=MS(>HYwOpd$ftRXfx3tmYkHzl=jPGcn7$Jf|>ogary&EBv0%WeiW z+Q{vf@|}wJ8Dk?thd46>PXRxs^6mQddFS-T^+A`~Od3oOP09(i2B0v-ZPXb>9V}8g zFSi`k$HL#)m`jHhVXbTr$hdB0#K=Iz5O1qrfJEYYY0l6S4)rsZESD+Jl@|i$`i!@K5nRkr*3s@d?s!9C%o6hK~OJ0(n%a48euEbtJfOUYmZIs zBOr&f-7Aqk_>p58U;W*NOW2O5`1))85zF?1ka{sqdyBI5_bW)`)`c_5hnD19P`a`MZ21hPnSqO|80_M9Dyawt<8HBvUX$st?vAOS@ z(3FX7rU*2xz|Ua{+QbAKN8St@w|h;47iZnO31cOwVJa?4?P8AIYw*IKTc%j%c*k7F ztay5ouQ6Iee&E>RR_ZDt#Q;}_tx&OAh+;tu zYy=Nl0_y<=eVVB-=Rn>c!0TKN>5}-%@rJyb*t2m$z0fz{ze+^}w#D!BKZ4Hp9|he% zdy0NaMJi^Frm}kWdOsoeM)nT>sTE~LPm2T6!47qsS*VmlWN|)#HGv-OS#^TB*W{?y zu;57rGfOa&i7BtB-0uLs$m%!YDk;Jq(=tqCU$fl5J$(S|V6yEhwyL96u7rq-bwjrO z?EBJB2B4Z9u$Eos#?uJiV|+n}6FuYlMBCw;!^4y&W=JwTF}Tl-l|(t*aa7{f6L|#f=8=IR5CD z>_!CY?M!b-R+RC?mn=&O)FGsexdf**rRA zAVQJRncY1e0lQHoc(UIe8Z8BoA3$_$NGg~BUx`%`s(ak3pdoFZNkz*pkfDI3;?Dej zEn)N3xk?V>eLG231m>CHua7H5*(C;3G%CTGrc`0hwcKZiyb7rcjIi@i)slJf^ib5; zusryBqAC-5aB-4WQ3S3qG)?kUTKJ?$AB`^!>mDHl=%lQszF7j!b>jF8Ml#!F=H*MJ zowCaH^I=UO#uhnh0B3-QygnG7FfY=cOK;a*gnVFcQ&RZ+>K8fV^()z$F9>)e9CC!S zjjqD2*ga{eaJj2skTPD4yd1;58V(O=bU1b@rJYDLXe_{W%%DdAq49IgYv6dZDMogsjY&v?{mj*b*eK9=932E87QOpq@Vs2_L_6qiZ9AXG(W-52hI3=bED+s$i??NxQ+vSed?or{>yL+l=!HTHJO6u!v zf^lf}h{-7h9waZFNGYt%T{L@rJ*bZ>?alU9O;d0JsYszdtvXo$b z+n~T9Nne{CKX~m?@k(QSd_=m;iMakWq;@g_Lv;ZA{HStzoaOo#CQ`_Hkmr3B-gZau z2+McvxQm!|7vnQ^ybVqX$Io(E`lV6(d4ZXSW?IK(S>JUeU>S*ZODZ;da zJ`>53WF}}^%OUMthSkBv+UfX{ojw-{b4aK>CW2g&6};YYhj6VBdsTq}1lErawZy$j zKbV%9a@7;Mj6I?c{(1&xIZ?+-mK{=>qs*grf8_1&4$z zxh1E))^CqdHcA+%2D#Y)i`fA1YEZapEx@aQZVW;oZiz8%RYT(jNPRW9sjhp&U!@ky zh9JVF#SdxG5jm4*my*xQI2nw06o=7mDI7IBSr z7eWzHwmU5BENo3(g`;~2t-`9&2Z{QtC=&^kFV-C8Zf6n2=q`le-OAu<0%zP2HVNdV zou<15uepU(W_!jlBo7T1?(1sU7jvM$K-y3}@vmxA&Ko+mEd-o7`KE85#fjbS0+3<+ zX0CDFVYSw7t^QaEo2)8@<_TH$k=9mpu z1IfJx%5gLGl#N!#y1Rb5w{?6DiVa+=)zTs9yyckdV(Lo2v1Ix{N~C?tY0{AO@ixoUALEol1e_!4utE}{*-;=00(IZ)JvO6vi`>j zm{%qGO>4Uh(_7Fm51ERPSqAHc$8AKXYE?nyIp>~dWlI#}IHf`o)?iMC>H=4oP4wOh zDfV`blKGV!CmFaXS1@p5npDAq#rb(x*s-vkIcg#UiFEXy65L=+h`y-hfZt)cc+VTT z7eJG|>vBT5BUX@&|Md6`b!`0mt;`2Rsb(p+G*nXFpXyjF9FF%*SFCN4aQ0V^NMxL^ zF>EqR?vLQGE?1Dc(REbi$j>Mn0580vw)XvFR5SQKQl3(c& zidDe|JD~e$2T{>E=pw7+QM2c)8iNLu-}{ue2o(YGoc-|=F~zUXklMP@T;azzzk_Z# z*1iLhQSZlJIHd0jOx%`KP+!qJhm!EZyy-p)g{r1yPn4~7#YT%Ou4QU921hYKH~!M( z;VXsc%+F2=Sna=yT+q=YC32uPu=e~dFI_`sW7ax2Ged8u*o0F$6~>t=CmHiV!zh{=mO9#(XFzGJPlN}DJV-?E31%z& zvqJ47?9=-Wu7+}4^6IAF8R|~nl%;-IMBmv!VjIh$jeFGI0ohH$mH`tzsS$i&wFOl& zc_20N;o!+Ak+11`FZ{~w<3rF1{+|jXj2#5i=?_nH2=1SB6!kwAujKWt4Q;Fh^&Iv7 zE20V&&gJKMe*({>zyk0aa6zqen|Nro6Y=w%J}^&(~po&AX2LU^MNQW|*uEpP3e^S>4&n zR~y4DjIzs(d&#RytJ<`yQ0Y+x>~*}V!)hw}8_O!&8-sqrID@9@tBD5ygOC?V)eyT> zjCI+9h^>e~Q<0W* z0rLbJa-<>TF*C?Q2nWakGgCEpG=diHp&VB_j`aGF4#@#zuAtJ)-;PFeBJs1OIS^Km z3a8`Bm))8-7H7(^A~J}Rrf^J;^0QZ2SG0!Ie(g1(1*#1P%l(0oeA3qkcW!uE->+L$ z?x@kwjM{ci;|X^Ddb>R6#QE9Ay$2xHRY&&2COSGOhfw+@NPwtCNmt6@Le>lc&I1Li zgL(a0=;@qVkZBk$(Oa=(({8@GBqMF6H%K}rPq`9bEb7F;Kg0~XNf!4 ziBWV2<~i9<0)TIVyxE{92u^RHr?e8v;@2IB)9bo-cRaMp+EQT|9fAdYxix|2n_k{{CeP$wP}db0NO=1Fn_ao>weBKu>HqS}4!T%p#A7Jb&~o zG#A%}d}rQ9vks@fXf57Sd3|pvw_qB+Im0xaqq{24lExrvpoL`KR-}OMS|OlwWPFLf zxrDTO>o2o9O&X5LSlLLo+?;o4IxGz;H|wYGV1T3w zUFEk=!%GvDra0+=Mx%42gS3hj>XSy>JdwxE_rkzGQObE)q6S{SMQ(Ox7|`5@JEkT@ z?ZMUA5D3@q97CxGf7-?BYRRUdMm@OART)^F3HF;HO1q?7W0EMhC_7JmTQgBwl%ue| zc_hp}$+~LE=lo)@3Btp}W6U_DD>fvgo4`$Wy1rBY^9DZ(mNnrh^oTsCmY>ng*(qrz zZ;LAOf?^hwIq58lnhS&sWy9Y*w&k}oO5qAKY=}8%m(?hp+Q2bdv$@zAqySmmTp=}8 zLVYszM-DNg4+Jws(E4%TnDxC#|6Q6n&tN6dlp6ARhaltdkZEW}T0aY>jhAmK`2w@Q zbU7*}Pkh1%Vie#J#rM9>8A-EGXey<+d2sE6(}k8kxiFQBMC`sz*i}99Vo_H~Kl9ay* zlnuT=caG@BKnaEv6rYaxQtmf$?8Rk?hFtbDxjf9~rCphtK5kDU_oCw@x6^Zo#ODO- zQ~@vWUH(#HE<&F=A&P-b{{V!ZQl=!0!Z}rdWBFtKKh*=z(d%)%+R$ zP2p2wC4KD^RepUsL`;J9hQbSJaQR{5oL~nR`gh-+q@=1NTAavs3>TfS6}kqgen<-)nBqD;a*&%t}1E_E7u7IOYC; z425gPnkIIQI4EF$9-;Q-BQ3ehHU){nIn|h%JUQc%J^-D5f={79R7lK%C zOrcsf4~I-WirF9jwBLEHHNHmxktnk=!L*y_hOdmtewZTwEk0;CJWzCAR)??(L#)IB zP4v{kYfWK^cJA2LVdy@93*`?T{L>-4ozk!2vnyBc>@^V7M@gnsLSF6n23?gXU}MWU z__QAN!D1OY5`s`ifKWf!4=G`0o|d^dSM7xFw#dBl<2=Dn<>;Pi4IhNR5pZ>*yf=UT zJ43eGC08=>=RwZ^^-m9b#(&mSKU|OhK*|N|9e*l*|5a9#DjF(3obsPs@IU=Kf$|ji z`W-&+bH7Z3ZCN=E=GJ&jcEI z^D$J?A(3I#e3!Zs$q0o07|kVF7e#7w$eEUIickmzNfO{`S|FN8v^?y8<3#>%{7+WjKRaRSPG96pX&6QT; zDD5XVh6;-`T?yQrYZYN9ne6DnY)hK_^kN4ZBujY+mKhV(kbq(F}GQJUB z`gF;VRi8M|Y+SSkl`+6>C7QVg(j3jsj5=Km;|IfWKIRiK3LVt~((bX?nSHa5D-G`0 zDVUdBtg@FGC*-Q0Lv5p)DCNsQ6R~Y%OcJ?4zr(u}tReOJSjcR-tm_$SWX7 zR4;K_O&EUdWP3=d-DmXrzmef=nY zw-$xcviRnXz{c}FASdjLQ{c>ZwF*;Mv|*vo1i;x?ME&aWv(cXWT~QXpV{L(*05kx` z`%7kL? zWV1mdF19NkIRW_}KAyiXAx=~iw_xq2Xi&Hmk+}k-HEjj2>lIwW2C;b|gn~)mScP2V z9ciQuV6j?8zo-mhTmpQgI73&k-k>5uzW6o3P$W)v%fu?(7t7QttICwZ)uGCicq^@K z8#PT`)J$27I(9)fhb(^|r*=ylKLG>^&rD@#A7O!tW9nZJyzh2=fGn)-HL)b$7zg4O zG>ri@xoX(7r09S{1L6)xVBg zdIw9{SJZRmW9CkiB`I5cO2-xUkN|6PEktkf!#t;~1r&lCU23oA4hxhsIhcL&b!~LA$pwsm|jq?SXgVhbsn$QS7+L6k1H+ouO zeLQB2m)b}{G%RjR9_Y8bV%#)LDTU_TCOc*U3&2tINYR$i*+h5>Zdw9os=B|R=f;~O zJuRc&bSjAiBq)w+iAXY;hi9AT14S}axvJk3w>U1nrCJxCmYG6pNsv6Iv5KbRliXum zpFy1#ReC&mE*#Y+Qu-bsHYet*i@!)uDI0H!7KI;11qW2i6h_;?4pb8fFqNQ&ELwHg z|HeCGDXR_}Lh_b;BbpR>K?ztvD1(tmZRB!ot{pAE=0RnVfH_ZYzJe#K!+a;aWcT>& zUUQ)?Qx9oG;w*&9%NeG=Fe>W|;mFMufu07WZ;>`%qmttUcp|$r8SB*%FV@dizRu1T zB<0!;PleHGxSV^~uO-JBjU!xx0|KNi9l_m*4Wl`6hU z2aX;E#;Gx55^>+8O_?q{E2e~*zux53hAeF;Pi0U_8nrJ1=a^Gp23ek{ctbA@1~ep(t{P3k0%|G7uP#kZ;1SD|iM@1V za3;$6_!v>R0e=~ugHla@U`O+`^O710mgFQ%{T_+W#as<4n5w@yjunVBh1!s@XoCFM zfl?9C6nNYuQ4#0X$(mY0-hoF>wyL~DnoP7{^eoFhIU5(X$4Nb+iI#NYQBdzH5GQ=% zXBP=P-yNh~B(Xv{hK^9e6#md@$!adPO_E8*ZZ^qI-5pg<w6o=m z=SPM}RMN5h5X3;6%n%+=58}YK*Qm_%-r7SUQ)azTLk0GwmYkD|>FZw!V8g8xfWfuD zUd?{dx|8cj1c0FeEX`FqlM#MXfU~^mOnj#u`-TAJR(zx4()Bv`?c>;>HYf4t_m<6mf4|e zPz&b}FmAc+uZj9TjO;g*%Wuz#SG8pS%NJjlA2UnKAipbBf>ThVTe9gq6v`vDpS})cJ!o{&g2u2K9 z<8viju>jHaNP-J#nmq)0bXe56nGeyj{EDFCfQ)otZXz;KE~v3Vf~s)+5kQlutwo!fXKj>i!(@^FkqJ;3;kT1SuZ=IoA48? z+g~ea+C3KKa;}q)VOofTPrx8e=;qvwQ8=Ds@98~w~Nai z+V$SI!hzHMoCn#a$f=55DD!sV&~vE-z8hxllkEXq_g_XBQ7A5cX;|#Oa@6uz>;W{I z-h$`3?-;?iu51mt<(e-D2C-P7hBSMmzg(=Px_W-A=s2Y8FG zfH8`#)NQxMWViHJy2MAd^8GgPH;TkZ`dH1l1J&ADKmn(*c|llh-%u&}5cna;SFnS6 ziYd>M;$UWB#?F`($#l3`M}M75dfB8SFtKZIJS7amI_;!#DoG)2L<|VmT4c9UBdL9-9#uKxA*Z)Y{~%DT00eY56K?# zRfx>3MWPy=Woe}FS7cq#CzO-07DCH?2Ye0>N8!Q(Z}PCpOV5Z8a|FZ$;|6bq!ADg{QWepny5yY>d zWXnBPY0wyZFtSsqVNFS2dkNFfOjvnHJXWZHhJ;D?cuF;o&Bvm_kg~!&no7k-d?h7U zQXA0{7)5fiMNy>bPbsB!2V>@@cvy2;#(D;asf_FQsR^{>YM-wcgdR9o0I>d16033A z%L6C@7Y8DWY{m`yS% z>f1}{W(vx)xOT0<EuX)^s>T-Yk6d#0i zE0C>J)6opvcdOWBlEFXVF_a&YOXUa43>F~1M5VxMn7lM}uf*QA{yrk&D!86Kr{ zBiTH3{Fk@mZ2r2<-K`~t!6s_LgJ7P_q$`GE(G`axB;UaruOhsyT;WSHS@UgAX8azp zmT@dd`_9sV=+vy7)uL^&vooVU-pQK!t_glwgy`=dWQ6O~0u4uaK)3?Bk!M@_!UGt( z{dz+FOC;9YK1s2s3G>y?+hS$0&e@7N+Qi7hb;oJ@I@2m)yWa$oulSiMEa&XmkRBB> z*hfT$1S`>WY9{h_I76$i^vgZ47TK_-_;KJ;JEosN3QYzRrCtM`FKV23`fMAyVdf(R z$KuEIm7VO%duVE#i6Z#pfcJ6QBW$l*Z8BE=F9Fz&5RS#{*@65h6qg4lp%&AuLDtdd zRfRIEN2o3Um1tu_fv+D4r*9NgYBDTGQ|CfH*rlAjgrsp!M_T=y2CKwvr%=#%A%7V0 z0sMA@Q@u&uFa;brH^FA{=$hpCJy)_3eE}o^(paJwIY?j%a=J3 z53`U)fRWf+;2GaNMVfamw9F}6TJDIM_p^P*Hp&w0qL6JERX|nV<`~t3qx9O;qQOUX zKx5HVT+>5HlLHSY9`sVsQz(NUm1r(`NBjY|Q&=o+%r)4nW1Ns%aN9Vr*#b$HKb4$! z5-GBF-26V2tTZX8yLMM!?YE zMH%f0Y%ZL&K4iBn4ce$Gz`F3k;jVn5_~Z|2LtL*L4;Mnh@1Qez5%#uUR398$8p7^= zD*WLsbphqkMrjw+LU!v(nMuy>5k2VCI%1BQOAFW%})QYe3-O!dvl5!Y$hlxGE7}OU|M!g&<`*Ag>@BeNVnX$&N zY9N)vx9x;m^{b==9+D^~DyP0_5WX|3@f2={a~OX6$=jmn%xyO->hj3_q&Tb3z`kST zqgORrMVXez3Gmc@!QrTD>EOr<{tCvys)0qq9U42-x7Mv{U0Vl)Ouv;xznRYdV1Y`M z!i1VuZhiD+0CX9!;JfaQnu@il>kX=t>_jH41>8|&N9jjoZyR#<9pQoxpIZej?d zLNEf!p$pR;P5S#$wBWK>8vkIK=XSf>{-yyH!ltRMz6!})Fb}0!&Z_v>RSgbValo_C zvoU1K*9z{Gjr%>Y4C~9k(<_=Tyizn!vsl`S>y8>dftF~_C1NvLj)~)3jfm;2u&U?< z2H9&;$ujR-BT-ldZ(;@oSxDS4Rlt{!_i$~TZ$ye?%lC~mrljii!5o^-e zdilx{xN~AynOTq4C&QKNr}u0EpU3+EvV(6X%z}VSD&nViw-4_!u{B-H)L>2O1>}tN z*dVPiYh0v5QEYN1F=*-{aWGx*lVx&g6hy6L1xYbI`a5we1_xmfD(+iqN~KIfrDHe~ zB4AkZxPV)d+jhsh*Uv6BsisSnoh;RW6r#8FWV9JI5kFp7hcdk!T`a=JA5AE#Q2RJo z5L8rKsw^@q> zSR~$^9BwmtEXtVPjKT!+Y7{kz8e^nG`i=x3_R7&Zu-kMnC00Wvf@SrR4XX$c!Jz*L zWw@CsV@T$-_4hEGpTOwSNI5wg(_N)9H!~<@-0-Xc+T4uXUh}!yn%q~u>-^R}@{ zV8^)}9t|8KpG|ix@YMIEPwSn~2CC$nitd zE*{h24^`=CoU=KGEkjB!^TEhWp4m1W zt=h2;O8cs+jSrOgCND+2-XdD36S{E7?e9c!J-`@3;wz$Rj|WUK8phShDVYgB`HR|4n2DInC_!o`uqfrkwVl=cS}pt$`G=Hi(qR?DYghHqZ$BTG+hAU94N&`B z5+R)5IdAlYZf*&xZAE>6c@BkEb%|Zz)sxsf341(MySdUyZyZ>?D`9Ungw9_LAhm4Q z15U>;pWh74n$%+xmuKt4*j`ue&sZ4`84ZnMKBRn7JA_OG3~!v$OVQgrr!Y}7h#iFt zYaY?h8ya&Kq3=2EPnws5O6e-{Dcw*)XV>m43y*3aTYJdyk43`EODBk)feslm#b2UU^3=$6ra#+K+|F|-0bvDAdV-5V>P@6+Y?07l-*9Xooo}~47 zHF-5XfdoE)1@>%Ek-r1TxCikH5ygo766)a1jF7Hm&-BRBV-=j|K{i<{FbCj>qS_PW zFqNWqun+Av$~i;d6Zc(t-GE`puXpf_Fr!K1T_szn|yrDN&|>yq*Pe$q=Ft3Iive0(91j+5nNSwR?NO-`=-dB zWsBl=6dbSSB`dd^l)!isBoQ7!yH1bRN+?Q1ixTF&#T{+K?`#E_kJ-3!1`Vo`@_`aU zJ3rv5%9E+Gdz$@H+BlV_*m(w%_QkXj^%P`o-AS1r8B70CQR!Fv_$qgZQfT+Vf9M)Z zWaWlN(fbg~EG1o?jtPcEQi5IqDo#+GVuvY}+04-j9DxYZ5Sq zah)-vU$+RGD)!Uy=hH{Qp)1`%FN8)v7oXZ~b!P|+fNBXxS58f2Jf_5X+oe5#U1xo4 zcixPfxp$nCq_d-SC(jaGjCC;Xdrll5B=f%nOh0!a_FcbxjA$!8{9F4C*~T-b{9wAK z|1sGG>;GH(8UM?6;bLQNK?C?B96^3&=YIYAaen^$^*;+qqM!2yHdZu0sjxOtQM&lGU5iM-R+!h%uOvcvnLqlzqR!+^MYVW)8*B^9JU| z#vaqhV7`L&%{xnd73Wn z?d>=pk&sQ&8=UTLeY|b(#PQ7s4pVPIlRmu6SS>!RvH()}w#yN)&wwG`f#6fcw>Y8B zNLY)*TE9U=FoP5sJS=uIZ3i}aoS9ZiYVkpd%IKzala3+ckF%X@NUN>LqIi=wqoKR+ zY!_DE=t6G^QSmB*(fk4=hXF;?kt;iPq4XK}JolL~;rh6-9TjliR~KY6hcuU7m>kX3 z@Z3eh?`kIk7GuNe7WNF-R8p)00nPzEVX1HztI4)JvY2UHyf6obDhPFFm)`pb{1vEt zd!Zb`(&@;xXt&KW@VUJ!^2Eyq@_*YXep+SP=aJC$VdiIXt*&xD3U z<8J}BYsr}GU6H9dHtz$@5^6H{FR-&J;Zss9i1=vYya)QuJ`t2WQf(7QFwKg(GV_h* z6jZ8{Cwrz)T$zZ6m8)ikt1AhqeR)9C3CPf|00%rbsYW;R1aY@X=Q#kT`fL%2BP4=g zN2T#1>+Q<1WeU=m%7g<_*4gE5fp!rI{^%Xb*1Jgj~&9nyuC6X z#hIu+=`-5H%e3x6+%YfyY1jrk`5318SA>CNeqY4it$*^YfmWj%Ntwcb70=uwWj9=9 zUfG%qm~pQOP^}E_17(hY%rtSEL=c#+XE6x#taa8591pnu)#m46t>Js`E=Jx0_QqG+ zDgc~%!2>REiqPiNPy^Q|n}Q<(xy|v|62L?Z37*BtO@_@jz$qkd7$y@GtAGaZ0jOS_}yBOq&f-11De*Yhp; z`@5|{8)WOsw^_ya+DYC4z6XWY1+Lk>6kx4y9>FG1HeH1A=O=$~2ku)%V8>p#Ai<2@ zR+}^rw6V;d?mB^UatF975c>^Q&oO85J5kFNg|+5 zjOINwkbMR6-~mpY=Ka1OQrs$P7-@xzMWvVdW7hIzl*nc1wm$v_yjD8o`!S7pBGE7p zdXSbM#=9AreUjUAGrt*~Uj3{)!jkfiTzI2381aPue^K_9L2<8J_HaTVxVs0phT!h* z*0?tWcXxMpcXtgA!6mr6ySoN`x#!;hhnaWIshO(o4_(#ORsDOmu4nDFndtaf94=FH zF1|c{-uL=+8y%Tze25R)uq)(8O|P#JxM<*Y3vs@1zLq*MZLeJ|V(lAK%Dq|ckX*=U zP@CJh;*lNa?m5@3Jz#@u2`!jcV5KJcBm{rc2K@s0ujJxmq`8y*fl_GvBbA8%f13w{ zKGKe&p{2Ehp`5;%p@D<0uSMU!{WkpGm2| z4G>fl+TJ;x)c?*jQ&4QI-Z5ak2@yj6bk2rtFm~={C=(Kj2%OWND}HjwOqPWeUF)YXiDl4T<13X-)#0j+$qiS5FkN zH|(uMTS$R_yK>m`iO76?IHgAU?SUc@YKD(c3E3;Jki&icvOhGIx{h8@?MS}kxWA|J zH$60WzQZ1XmAIZ>^e|SzqWw2!z?@bG>d%ebXNey_C?yfd=}isrnxI?K^8nJw86+T` zOH?O0l3eJKv#QrTc`9$7-Ay_p3u%KS`pK%AN@5b6)jwCVEYt|+Al^U#5;=BVv50mV zsn;>Cx-}b%a^;R?xSC|{2&*VCmZ?mG1Wp$ocz#MrRSu zZl4OX?jdi1-h$o&C-a`;X2{oQx7S6SIoMIUQMeMcYDr8MTJx@zZeEpa@FFNCAdFi1X?LS=RN(%gxj>1q~09WE{X75WITCG90-F$+EPY# z&O`ZLbH$4j&>+~oQro_}WAlyXLfsLg;(885;g`_fh2a2Of3eNY*z5_xL%QF79-*0L zYVPX#E>zI%=fk&@8o7ym8x%WW>&x@=sU0-G)IuImh)7W&(aE1sm>lt>hRm%x$2+ll zdgd3!Ls0yMu5byJw4T11ZPc%0m_M-29lS6eOeRT(y84i%9tVb?9_&{enDbN5Bw3!a z^B~Ld&E&jxANBZU##u9FnK~H(Mn;XtmtGK~L4f)+=e^I45_GB&1~>vYJ>JUF^qJ(; zmVVnvdQv50sy?D=6zgbt2p@a;_z)Bw@j{471T3?Al>eMPNlHnX4*KG|4-~ZyrU{Y6 zSDK{4blLGKJRUzPiAV{p^-!vK?D7~7)iQ=+j*-Kp%F(eQSzufyupl8w{V172cQLd+ z`#bLbONrGu7cBB&TvL2XetBhj;3^e(-cau0>VdWZULrd#=62RN(Agj5q zvOkPYQ=QEa#u;__BXEO>ZzDre>(8#V(?*7>2PDz1*1;S8c~x6d7nAmxF7fi*n|uAb zpatxicBg2?32T%?!+X^hMplL7$IB|$U?%dBmiIyV^-7r=qPd)O0{xM70dftF6Dg-L z^ogQ`D?rxa>igK%ExsB0a^t10AUVJ~Vay+$Yzq)j zD^P2r54RiiZAL!r=UQ z+5gc5evF5O*&o;B_VOjz+zFNEPM(^<5OO%cCRX}!kjE51#*^DKf;6^9d^(Lqd<>_+ z2!5IhQ4v}f!~GGD#G@LiBLmOOWRNV*3~ca<+SfgkHNHM2Z=aFO+6GU1ODlDN*cSkr z4=jhzC4bj`3*agdEmwODN1D&?x4PHZyC9%t5-ukqco9LTvgM_NC3msZE={>68y`S3 z+@J9>+*#*io3vrH`DXKWq{}d=!`PnA*4Ud%P$gzN{>x9g@)mBK$#ScztgvYli*9m! z0!vKo@>6{Lx7+4d?!ogc3MANiCX?DeI-0r>N$v}oEVZIFMs=eW2r*>1Si-Qd^F1Rc?ofL#X!n9xtsx-|2ysurcd`ri=oN6f z+bmWd9{1d`i#-t$I^;$WP5uz&zJ|0RE(Y;+QFwTTO{gtLYyD2oT@REaU0!~Zp&OcN z?wKje&@dqI>TqvU1UxRcob&Z|_^Lf*>un6IOv%}x!rR>po^wHoNPPpJs`EHU^KQn; zQL(F5ts7=dKD}-UB-m5^1kg6r7~^il=gU2i8>;wj;v64uvL=(nXK=Ai?}}V@)wBQJ zcHWHm?}fEY{W=JrK4=KE|5z-t{BP5&qKw3UAcKEbh>1!Ya*7Ig?|A%3VCaIvB1|Iz zQm#KeY<{i=I2aId3N*Tb21kaXbj}SQbSmZvfrva$+es~RD$$m&GL=v3u)SlWm67ff z92ch@O461T9ZR9Lc_y3Z>J6nlL03sGh8n?Tv=t=7rCjNSX3n@^ z1}S`-Vyl%M1@&E)rFY@4a7#2{&cY)O!kunDpvMfeZp$AjUUeO{jha;~lrxmd$C`2r zrls>vPT>vHDuKS}FS|ymL~}6%v96SoL1$|CW3fdFE;~>`YQ5JXjrRxv`}BPyboFKp zKjgY$gf3&5Kg5q?M&A<0<|KkJXIpBkRXAHaEG2u9=by}F>b3KbM6q6$w0OdZNQt2~ z-Ov`05PE|Z6gT~(s+`f`^dms^gF6B$_)<8}G;8-)P}?av>ROY?g5+V8`gHruLS3#@ zmO=g3-a167GAlh)+PvlbjhoANQvNl;%SolsD|Bg<7;I^9sa1!t3oVVWKb*-PGJ=}r zniG%b90Mu$VCB<;Glmb84w zQCG*wn>IazF2@X2#;?M+x^}w2JJQAe6RtECRTv6i3cE@w@HqzZks(STz|=dsLyfmt z@re2tPh_?V-(C>C^Z^9tufm_v^QL=n5{5tipq0Kj_jP=G1H|(7?y`}2hv8D_WJ_Ks zHQ_MzL0hwlmcTuj@(H|j0jN^R*ERd>a7{-+FwQmNsi2w-w9CNN2{Z_T$(`Y-873+C z(fE2vG&%|SR8kg-tXunIy==~p9W?}weItAHp8|>Pg%|r7sm|YerX}A{69%#ONE9!S z#v?pjqJ6t+-xfNDK0O> zohiT36+>6G+$1dPp&YQ2Xfl)CBrqDw;>^*xU+2l`GdKbl6`D+a@3DIsSKFjXq1v_m;4C^W4ZY0e{xC@NY|bk)LNA+a4*u~-%H{jy+Mdt9?fT1eycOIUR$v{`Fzi8?$} z4geAn-_CJ_h59-KtP>4Ozd9f~l(PaHKPk$9>oX}t-UWsLXsnj)4jm}V1~y?TuBW4y z=lWivrL#xVxBRB`MCisn8&OwHg!~j?LV_w25g~Umj*#TvWCz-CJtxA)>D%)RmW2_7x(?fPT9}Lp`H1$OUdRuwmJLDW!XV$ zv@}(8?HIlFj*ZY1W&k&BEd!%;$KE~w+Iw;LRB}mWY>u|6B;7H~LT0I4(a<>A;b#d~ z5Q?(EFYs|AI4Pr(MD!y(wbtt@on^Jza!7Mp>xIm?cH@+|vy~oOn0nBsvrQhqFq|hS zn>E`Xm9}fHKk#?c=TwqI(rB|HCART4FskE;kylLCqR#WY0S?_w!BSk!jlsW9C#&nL z^R7&{n7WJu_4(p&j$u9$PKaMh~%S z2!-TMwiobh7dJM`D=qcWkR#7(1w^=R&Hg=;2pvn^@!H((sQ7M?n4R$lXjz-sZkzsN zht8?qep(&=vQk0nl{tOO+{WwWG4jbMlYhW`#v%3(4vJ@jY+2TNwJB3Ce0#{(AaKD1C(;OK1H z{f`L=1%b?N?3e^yLZMTcKU1(DI~Ja=z-#(K=z$IBqBN{|O4FIRmVs3w1m{K9r*w+8 zV8qgruE{;WkEt7r;}YeNkc+&xw@;9kqj2v7C^HG6GijdZKw=>?uCd4i>qBL=%Lfe& zb)1kSv~`5X7boe!_W2;L01SN()P4a0uz<6?hZWwhzDPm2nkL?VMfX`1*u{#EKREsI z{`*Hj`?rrk666H>7c}POH(kzb3a+YPgD6|EYHO&u0Pe245eJ~5sfUvLz`Ix9nF zloIIKaN3PKiTdIc|7t~^8OeMVE18j|hPpMc79edP1S-2u&5YLrGpDLGp4f6y6$CU` z13C;HRq{4W>c9{KonUFEnY;Q*dgF;Hc^|mLuW3(!2%DlZ0k%2CvmdRMezI-azt zcX+RwyG?{&we+Tem-VuV{Aq~NaxUcsNm?*qE!%#%tEl4l3Uc{%{nH*PuEw4I4-qCK zwcBb<5Cc%c-(bM?_nSh*pe^`UON8=0*s$5DNJbsL@%;P=k;-B0KCtAw_Kgd+MQ^NE zr{=uZH#q~EH;Pd*{*dxY{g{#e`xE?|37L=l{I3&q0a}9W9R8Pf1y+oS^S;$+V)T#+?NHsm@cWcVZb)29z{Db&T^GFI4?dkK2 z{C28E4W;=U|9I-lM8-x-jP*um#wV8m_kd>*4rDBhAsSwQAR-ewBsIKF2;z1LA*^L9 zfLAVJ)>?!T9|>eBIL!Zp@vxjdIzXbq9|m-U7y$`cfqE>bls8JAyUq5%J-gLhqMs(u za-l2=<@P?Oo-TGpQTVdFWR-=5K62k&U@VnI!R`h?)p(EkHi|E)I~+n5cI>)?q9Y?Dj}z2V)ya!KTVUOrW~pO7S9Y= zVBM-USlG7`%hC!c9f1T4akDU_Z`{9U9GnBXosv(jVvVg4MNwJOTwE_>``Azvu0BEv z-_>_460e_@2IBNR>@ zoi_W=sI#S@OhYVj!ho^>LJ$;+Pp&gx6P$A(?|1t@fCr1<8s+KC5zVCfB{FUJ(rKf<@vf5qL)vsC>9coU&YHA|E4oWhk0*Wg&R8M8|;KQO#Jo-br7F z`&+5R?jg$--eUsHX+p`&MQMY~I4<=c|BvR1It)CAi zF9Bl_Fk(Dr?7?1+9Kzb~s%T}LGppMpe%tI5IjPgyJ6W}i9Y*`ux1KAsmaktE<^B`_ zLR!I5;KI1HU&u zgd5>~Naf{DSU3$2D{97SCrrZbtnd7n5d*C60HCy$s|o-;<95+pzE z{AkL{n0GJm&bA_qSr%g6Lf(qX%Po2EPeDtL@DzT=O{s4<`&h+Qf8(#8C9nlMxuNh9 z3_W`dtq@3?V(dhZ)kWS4bKVO#Q#kmDsYTU(-XUjw-myZwg~TrH5Nkt~st#iUo=-Z% zf3F@@*or37Dt?mFI78fwQAoJ&Iii_oajWsSNG8PjBhFy zDwjrlRe~?pPI{7nJn&Pka^Ce{E^4u;qksF+a9Ms_Uj2PQ{~H3se_ZsxITp~w(LvbS z*-G5n+Wg1g0I!R~QnCPAs7;DDl1BZb?>8&pBxH z9K+>PcE35C$z>1ZWp0G=32Tq`mHv3f#)Zeh=*!dV4uua#yMBsuf^kdFR#n5nV(Ss? z#PllgbCXVZ{s4JXx|S*xz0L-_KijcTU7SfrC-sWN&c0T&m$Nj4)lx*PVUinIVwBhAR!LN5dq6|shp4@s^5hl!` z110$dyRx&Bat7@}dv>M1gKz@^yEdU`^0iL6uKeejlJz;nJPezOJ= zPFU%G{`32nxU2HqE?i)mokbJK9Aw?*L4yM4$wKt!d2(f+^Zs`J%gU0sF=3xmW0m09 zB?~h4K4-xJ?fLvF%rE zeniug^TgmmFh?Au5^e#svA)C?GP?$&6AVTz4q@H9*g>7!psgu3Y0-PCid~L<)JH!h zTBnR1j$UZx0|w~`Yt(zibnCuWyoc!4sL7R2IHr#YxQh2gdrkB~B+@%rBWNr!k3W#U zD!42W?BS>!(#04d%>mFU4$lRi{xWgmxyC2A4-=pJM@->wq_h4<6aSA@tDfk7EdB99 z0Kfst4{`dGLtF+Sh;Y!p%qu|$MXpi{h80N!uk|vva{WwA6)CBdSShfaE>cZr{Z;6^ zQZG|R?n5+pYqWgp^*W7sR_t}eH~HpeI(;x&QzOi5?%ir{b>Uh)@tl>cs_T8l=!5a1 zoWpBXm<|-xDoT^Ix^BMqE%%jWF`-a66Ya0Lm)6g0;7>V+;Ov)WQ!m3B%%1R zIwudPF=H@{Cq`LRr#u*|?Z`J^O~#Rg7`CJFU4yX4!WwCHRxci<8{sU?)%upuNg_X5 z4wl}UtjC_mRp;6zZVYTSUpfOTe1@B`d4L5!HdqNZ$u#~6Vi|nmq}XQM!AU9wL8Q)G z6T*NvdIZ30By(Dj91ULaUmN!{Y-tK}sYB+Di!hp`yC!-GYW`2CI7AtmAIvLK}U#FWxnpKB~ z-GiJM8_d8zk_43)B=DrR>;(1j)Zt+)o6cS5uTCP8Y|4(&XIp4}mQ%W|a-iWTNyfQ~ z#}cQmsS2v1>1|VEzm*nEn{^sgTyHfpmjyR?`m|nIP-B#|KvpLyipwz&x>VrcUXZ^n z9Xzi);-5?=>c1FCN>gn9r;P~9?B-*-4KVUJo_#tu6UXu`Zf9GhXlAsi(E5vdVT?+Z z(v?n}u#jkuowTzXK+~z{M;i2=i{qsl6l(?yHQ(yOy)OJP&LEWtZ!J44 z_Z>@nu(Zh&o)tMnBgU>mo#*%UVrlmLV`EYC)|I{o7_m_sMU?)bnc!#4L)w}SN+g*#@^)@oq1(iR^Tg@mGKX8YAy zhplGr7Nh`o`FaIXQsT@!Aq<}OwS+g2%kHN7%}xtSuvf&FC-4p~T%(2q<2yKV-z>2Q z-cVXq?0zrH&O%{JgP^$A@~9<~wN9S}Qt~B=R8W?9i5GxjBbruFIcxU=a64}w)jx0G zBYF`=w}j+3Kb40+~vl%!2|D&W=KvoUotm6&c3-N!#BIV z{D{sP!beb3=b}SjPSs#&%ytr!bjCZ<`*MZ7xdG|N*OR#M=|EcX{5^_hs5ZsG(E+Dv zRR8Xhxy&7BK?Y=5Z;R8Eb)bOkHDR487j&1=oo?ABS_hL0mR^&pvLv-uT(pNkux5x=*%7nB=+#e&`Nyi_DIcJKg z;wx8)R4kkMc122%iek9YweF-Dm#RV*b57X9{MERh%3d=(muF>|4zVK#&pggAJQtiq z%t->T6*SH;BO4P8?OBF-S~nwG7j}(ya~vKX_(-6O*pBk89k&~T^Mg*;B_JyPvg7g< zh((0mxdqP0RYX4kf}uFTy4Gm$wiMCyft8^p_N9Rb*0?!q394*T&D!-$KQhX?kB5R6 zT~5OBx?Hrdy&-!!d?i$DQ{4*Sn^r-gQaG6wKcZ3N3m-hVd&DXfmGqdJaoLu9MCH(+ z&HDv$1_%ox@fAOUE0fK*v{v47YikHWHr2%{ zc5CeQNkpJR8khNkw|eZR0r`X@~J4lYt;i%?Xu z3s<&Lo)K^lCfyOYmU@4$%0cutAbfU)n+y|pffW+$ttshds3jOQo$%C0JRi(1nft61 zu%UO1X8tj`UKk5+>KuLZpsOF(>n(qa1BOGe`pBull5zju8T8fbJ@R<&CZ!{jZj&(5 zKGiA7y$r5i*!T*N|FR0p&IfDB{=_}bCcWdj&A~nzko_?q9vw1Gh#Jgi4yD!eJ-jBy zS0Q`Q<7*@RpiW^0OTrD!OPUgH4NPaZ^^wEgv1Tbl4wD{9LFf&$uUk@vXoOEV4>a)LAIFjZ<{t3>SC~l1e=I_`cCa?E zw)js=`~NO4B*g1P;k&8H9tA5|zVp|cl|$%4A<4jtLr)Vw)>)`%OV_22iGqsG9&^2O zI`ed2a+qk3lm-bW3Fq!x+D_s=aVDmowzyBUOxTaxk86KuPgOU48qX(>nHklnGBa^w zX{st!DKwq6OVVMoT977=a zMt|*{(`YLQ=I^c;A>rUFF48dPnxD&5wTpyfWF=6kI=Wm?bTnqvU2?nw7WSr8y&}U_ z=iF0*dynqRPyGw6m$wfMyp}HrDo^2dQx7hz?HCnmIXbeaYiU}{jDNbuX#NC{@vT(f zO=9z~4bD)-zDS#1^KN)FsEEy?w<6e9SZ~u)B;cyFE7nqGq|tDea8FY-u^mK;4hQ0+ zQc)dL!3EeiaQ6d7L@Sk*EoagiBZ^zmyBU(IS#jKc5!0tppY`F&T`XTy4j8cef`+bB zyO2))=xrV_UZOo4q*nnq<;@;rBlu_SxRjTWkVIrf`%Rua!_1U_mbL-ynD5?v<5n>*6MK;VXy|1JWH6euD3=ZA z5?j2t{p{DohbMS=gsn7l1b$1<7?LU(X(k?Nrbe1EOY}3GzfNylzXc0pkS6}#QnbkZ zbypJ+!cFCRcN^DwnQ5fv&U77|FEr)nUMImbKdnfr0P=>UUpkoQxP%z}yNmEX;A)Sw zSoNAgtA~xzD@%yZT2G?dora>RBpd0@Ff6=CS8j^K3s>s;@j+WR^x9}<-W&u#1FM_SnKSN#GE@fTW1GB@R-t86 z(bI&7W@nG%%&?C&lywsjef`Put0o%E%v<-)D7`e*7vAbB&E$;c2DpruEY#EJ?)vFr z;r%l617G_1->9M@ZN0N^Jo=g>M4^`bQ&|yy^bv-Ph;5@cxm_;87URCM3!7g$fBMWD z9lOc?S#I(j8i7fp=QSWkh$GcCvU_gP8menq0pEp_O+@*=D}$Svl;^lXUW|1J>{9e$$H?bHuzj+H#~s zhkz?P(B>%(B&qlm#o?kX*D+9pr|hh@WukZ(711So;WB^= zbgPvN1y|0=5&Z8p9|isQ!h|2lhZoF0p&yL@OIY#0hF?SZ5!oJoG#-*Y+OWLs6ofor_U@2vy*!Y!&>9IK{&G8s~+J}M5l(KdXgmTd^R6Apltz+a#N zf>mjdcC^C_s)H7N1XL4k17HqyZPTNb?b$zMJ{l^E$Ecwym|2=~Bzs;gbLh}Fh z7!y@rRq<4@y@E2=e20RnYfK-_#Ldp?+J?w;MFPQTz~d^BruoI8F|eE<>wY*x1}~wR zX_(@go1ciizLhAKvnc12H-Pd>uf!&<2q&{&xVQ;ecpt{;0Y7$XGk)4%tUj+lxbkH^ z{OZ+xy9ws{M9_bMPCBE)n>tc7re()qxtO|V!E2iCI>HeDx|A5oR20i_cI7)$Y&lXp zts?86m*X|n{Dah96hy?q*<@0L5C0h=^j&POC@aS=DGUiR&s@d;| zbZ}R(+7Ex9?B`~LD+&vCFN0!WA@RXjmBYLw!G;>1y~WJ$n*_RD(eNlVizVX2s;9WB zH~6W^DGQ>LTPi4FE{dKKF@FT~NEoF9K_~U@tt~`s5n>b5a(TT&G;SpP^#}^u-xwHf zz|wJOh&EP$bR2JDnF7$C`V=@xClW5pDwc#cEwW-H9k;X8?wYhUd5QE33l|TI$I(N&dwuJjY7KXw z_k)hd>nG-C^DdscX*bTCj5ToX$>uxvhG%@ywAA`?2m)Nn<=@B4tuw6V0%0PhKyC8F=g$>;aB)e)Fe;hjb zf+$8h38NASIZ?+m4D=^ndsFa~edMyrWL6a(V?s$htTX?q9}M8KWg^4V;+|88Oja{ZKM(=1c=-Bu{@4xMr~J}M(+VLV9&@hSN5iQzP%eGmK3lzM68OgC zXid)*Op_uSS-s^5T1%FIAGC{xg;Bkvi>Tf<7rcj`|8kTUqtwlj48d}PON}l}O{}1z zB7wDm{;LCj!yvBDQ)xYZ#C=h2@yoU2?_IMy?9FuArX-4hPXJNTkgtoT70a|{%V1RD38vIY9D3IK{>k{@Fe z-$xXy`^e!t?=7>CEM6<4Ha0ocfvFz1_Fcm%d7sryN!UP(>IQViQQ?qnTQ-e)S#fW! zG+cvtB%Zc?YS-(I?{WIXw+!Vb#bdb^<9)n!>JVchF-$sw?L=jLJm16`4LIsZhHGV` z8WIi+M-MI@lXgpN;07cY9fiVvO&Bj~3!@U_Szlwu(cpWW4}3{L34Rxawq+RWvm zTvrhslsWZAoFaFq+SybFcUN*Q*S5mn9*G@Vd|vE~I!EEPMg674v0v#?7O=y{P+x0j zVz9Rh?{`jW!K8s4v)_Nn0^+&p0|ZhO_%b~*2bpH2MA~4)3|tsn_)s?Vl~M@sK>kS* zMnq89r!R8#t^^7S%@qWxK#+BWbg|wz47*JsP~l;^<<2WnbF%k^)QdF-pLu;`iw)9g|ym%f>%jn-|yML4K_ zVj0f4y>$K1fV6$MqV*c>xzsD>Su9%QoEFpMD0>O- z$Gc;HfNZh%yC|hCxly~6ua+16E!yyysqTy23GC?yLV|_*IKgH|LZYm01|-3e&2L$J zos)5%m2*ZDIqDn$v!N{&fvrrxpI#Ge^gCKeY17Cs8qV(1$>=75^K7w9zKk%|p80z1HorgMJq+Pw^#olh(u30$-QISwy*N{ngzA zUl+3l;jzVv#Gu31dN}O7y9rAsre5sQ(qr(aY13-@{xP5s9%B*^ni*Tzn`M*yf?(#N z(2JA(k_`F28El&PNOvvGJE0I$7Ie7L3FEjM1i(y8HMKqTgOIpVA(vsu~kO6o1-zm%HgU!VBVE|sHo6hNs5;x?2P9~ zy}w)|P|E@D4CF5PS$7Batkx6nJI^*iF*pBoJc8$6d3UD|*D!yv<>HCk$4jWMtG=ua zm5%ZPcT0I|%n3kQLr*@k^oG3>&XCX@HUGEXYxd5LCH8% zsb2rs2g=v$sWjC$;G8H=9Inmlfw`VY5VrLFQp)e^B8E3vx-k@_O(c^t4kpQaR~dB7 z8d1gdnYvla=pkQl@Z%CvKkRN_`0l6_BiragC$eIK_f=kuDCl<7d4`Q8zIfWZnBFz4>gf4Xt_gFKG+Xv>L9tvv z30Lfo4u1R}1w;QvLHa)({Qo1hDE@WdEo5P8Xyx$l2EH(9<%4~QH`qx*Dl8;_4igsU z;_CxmKG�ovhL2lc?6Nro%i#6rp}7bVGL;~Zt6EgngyW7D3Sb+*PSVp@*< z4njsZxl$d3ckfag9!IONMlCr!%!nZNOM~(&L0>!=NjKB@X>p^%4Jts>%)I37Ex|02 zEO)XJ+%%D>?~6~eqb|-f5e9<8e+YuIeJ7DKOC=a4SH3ASvl6f;`h)reI@LFF=v7nG zKx0?y@$_|Oqj6XY<56CW`~^g)s#6RAFPeFz`pHD4SZs&xyxga9Gi|& zi?OD7A!-{+Rtdx>Ti39-o?(FKWRa3isnaKg60dHS0jy(c)u?|5*We0UnbdUv^ThT< zW}T&}U`7l{iVSR#L$?fa_uP@RRLvMhJPtFAw3pblz^0{VsgXcEoKS%IDfHMSYDU63P1nZeL=w^0f zoRPRd_0gV?9Gvj=mP43`!`3vFTQ8?#q^4Rlf$vt=g5O6M z$;PtMMk57s~xK#ciwxm|B&_BGqG1P>N z4B;I$?RPh2@F&x|N1|5@ys>H7jN1YRqKV0P-h7AgFx^m&3cP9+0ZGb($&52)M`OY- zeYWwc6qaNS^hJPujQD}LRK*Fi)-YBlYorRgccP0QyiK-v0_dvemnUDTDL>Z_5ad;v zKaiZ_MdO#6tM_(%dh7Fgdky>YK!wzG;4z>D!s{dI!p0X3HfTrB)PkRM;Ax$d`RUA| zdGNdG#?^-g@=yFWQpct=8CiL4X4+|@v~@ND&Es?)asFF2c^C*CyzIQ`$T8~&<8*pzxWW2GaapyU5eVKNA$|GmS~{AGMA_THJhI;pXSS z>2Gm7;u6&yG~IGN?H|HBF4R{dP$4*$yH%x{=|E^`U}z3n5Tdi7oW~pPJukSzvmjJ< zcC8^QcH&rcB5cIR48gJyMHS~%w;mK}7f9j0H`VY=ZG6I-PQ|-V)IXKbx~_3VY$L}w zIrj3Q5ySD1%!N$RxNEDP(0&Lt^T@;D^JGEL3}lM45HKcP5=2OELk|kWs&a)JNr1W0 zK4D-+&8@Y=@2jEN6qTFt>C!$wi3oBTy?K2s`V9>tqMCuWj&gT z9lYeHhXMUHfL=e(gng!Nm#4>q`-(ta{bKU`s{(3(rWH9J4zwQHx49o$G3|cg z+KFx&TR8f6T=e5zffOxvkkTmf#O8Xa&K+l6 zr>lyW^bO3hAwj#la?JhW*S6rx#=3j-#RJvrXZH&yg^Mf6JIbVAye5}Vn@;>HJrK#iam$CK=d*;{JEEkG52rRr5gP1L85gaVY*G_c5KJ&Ua!e7D{b{390 zpEh2Evv#SDGoZd<{)7SzH`R4LL{1BlLh zFdeKisV?w&d%l0(MAw08S5im8s{9RJ8|RdELRypXBg&8MS_=UyaL*}$vre~w7*SA< zX}`DYw*y8ySEK|7;t1GT+_EsFH#30>ID*yX5k@kE#@5P|1T)-V@8!p8iyB7{Q+$r{ znI)p$X8I6^X~Ub4Q;sDTW{5QM_?dMNtKZOlZ&zc{px7i)@A%>%xBUEG?{WvT5{P?h zIeaf=W@k<*9t)_H_i)Ce1z3Ac^|&ZHoU0buI|;rIS^BdI=^NoTfh1DKOqhzN443JH zZyeYJLE+!lI0ZPf!JVp)`OKU#6g%io(Pr(a^D5Ma!{J7}j7Oo3cijjDeS>tftV)>9 z*?u*pjwl&{JH42b`vsl=+S?n>oU3pr=D$hVQvlhLj0Cuoyo-qrWD;mA@)njS%eqi- zHrd_TppJIgD$b~hb~1@{mi#C&t$^rA0Eb$ZHGZt1jp=06V#S71F>&UL2*mgH znh;9MKvFWb8ftX;s}7NZEN{PT#IOl2rnV(Z=lK0z#5SgjJMN8(o7awwhs@-+hf(ZL z3!57##0(_ZGA0Zx$oP>|`!R)N`9*2W7A&n&92NCH%NI=VOZP!@2}BajW(gz;Or;{U z#Z0ZL3;JP(ZK%$OQDqF8qNM?j$uR4=D`gxNeM;DdC}uDWV&J6#iu#j&<6yu2!wN;8 z>wj?OE(R?DKswQazbbL(n48V$T-9nVm6w$7fQ&nA^6ZB^M45*l2Xf2(}Be za0c5I9q9E~Bi<9HE@7xePQ-muzg}-;F2U*ELYN5F!ob}ow4P_QP(>fs1Q){n;@71K%2w% zn+Co10B%FsClAA^IFcBpqa^TAhQ}%}8knHFMI=OKL=+Lxpb+Apu8-C;JgmlX7n$^N z#1gu}?JwQPTVspRmFY5!gxy07Q5BTq(B3i^6}uN3B@Y+PscajDplw40h4F}pv5APQ zkYWV|12pP>>i1ra?U_t0#!pZfq=R#iaiTcXmGKt{>pAHa6RrrXc^oT54m_vuoqA(( ziV!$SlsL>6TGArlF=_#6vD;n`k-4fkdw*$5)w~o;tH0^g{t8(S<_VC&fSpcIzb*o3M&bx>$3v=6Fom9tg!fi08CYy(I>XHo(>8FneqC@`XnrrJ*Ua& zlp5zhI@$p=KX8daD02(J4KB+{!VW@v@~P{R)P-TURshmv5p4p9FL;9?dQ+rI0YTG# z`Jo}fq>npgYlRxbhiJ@NHU|{B&$ZZJnHE`B*FUY(a2n8)0mNPR3eyuqa7)Pjw}p+; zvt-Mv5CiIBF%$`m7GY&$ZIycRko%7rr5!Z|Wy)GDISilpKQ(R6|H10D1emqD&E5xn zXI|mS_w)P8BNkGNn~;IcqvCEn2|bpr$fC&q@QX~Y@N8Af5`APC19jz4{6X< z>&L~H(Xa%4jcuRrb*WrnkE8^*JE)Hdi!L{>++)1GaqQYL*RU8TYTww3o5j$X=%#%f z1C?ukPIesRO@kCV%{jwQ-4#?3OARs~HGx+*?7ZqJ%kIH_sA?eMSxE&~a2mvz4~amYrf;Gv@tBBu2) zVLu4_|6}bPqbv)zCDE!xrFPn`th8<0wr$(CD{b4hZQHi(%+7O9_q(@8zjM0#jrVi! zA8U-g_FD6sF=IwVf0jzS9p`G*3Vugvg4A@=ak>ZMiLClMtL{yii=@qG0#!XGe`#~( zZEWUp5nLFJdp~a8Ov#CvGaGAhs#Y|&d!7Lf)p1?Iat;+?0{S`qtdRtA0y4SEpl7zi zyJA=sl9$b|=Sj$^m^+J&NV>@%i}TVtwjW4-AM(ZLSv(6MiCmF}J*z>YKzye{saqNsro@j4v zoNhJJ!dAD5U)&0#G%z3FG|6+kFxV37yx8CHC9Xk4Jnly7LYT~rTXft(cCdfi^jSJt z;l{2a_p`nwuTvOoGrS*e9}=fy!acm|8i(Qf^p9oUj-ze7g;p42Is7!XFAnSyzHy`; zazD``%}S7WDew9urO@Ze(y_=&?=C@H(ST{OuWiu?z1k)vP9ncyASAOTNIkk=PmZhb zGhNqb8@7cHD&-&|T0P+)b6!(0EGey3P{c`aaSy^sIQ+YrF8oT-c@|@alpis5$}xMO zI6i)KXHsQbWN2DeSHJL#Ga{DWRQKGOC&1|CgBxqL>a)WE?1JF(OJk}?MSUlxi$$`f zAA49%X`2v1lr?*VV>;iM>_VW)4Ph4eF5C-dVj~{=3%11Ie*Y1EvkspAtt_Gj1Htn~T2Y7rs8YF4ILEN)ieNLK6OC9wWciZrW!@V)WZ`Ktv$Hwu z+Yjrg38To%i{xbE2b+tL(;DRRiz;GNd}ZpV>DFw@c^0$0DGr0}O2Xl+K+>}V4!rd- zD&_YoLk1(I7hzK^>q_>1q1YAc#9$QCqLC>h7h#DJN9yKSX<-|tQ@c*x1&noUOk=|Y z;Bva1h3tv^>I^~-O3_>?bM1A`>sy_avLp{z409+hO$+#)u z;keKuYVHAd55ix9%(8xFqlQL#7Kk7)7u)H=gykT}^0>bS?;MqRyH}H84%RmfA6-CP z&F4JgBUFHUY9JF0BSa_Z#YQ~xOI4c0Z$`UTD7gkQ(0WB4sp6j0h&zTkke%Rx0LVVM z$Qyr=o}i2%>DvJkzM*MJD>Zyvbu-wKW}|KFcQdtFN#3q$+=E5#A{zrWPCpQ9nK z&G%LR`$RWVic=bx7T{@BrR;`tbltqTHekXByZ23>$!`iPh02X(kcK3#dzG{GSmLD<>=cF^JtU% z^YzB~$B>Pt&ai`WU8A8GyZZ)1yI7yv1XIL9D<$SiO`$F-wzivMUwjLjr5Av2d)qsG z1T(UzGPS#sQV*cXY=r@&mJ^Q%=W401zZb>hZd=>VK%a>@r-A{pE2f=HIvGXIuRfN; z;%X&!!seK%ojROAUHn5DWHk|{>>y;-C?+Q8$}Ki=fWs5GfB>6_0;->)Xa}=VlC&e4 z`snQlG`EOi=vG)&xz(F1l+%UKm+AhtoY-8+A3WBDk>PR1o%P6d(DIi`W~mb9tTMvh z(t84k!#&XrozvinJ56ZPU%6RKpw=!uMi7{!Puvq?^!Ce^LW^q~>(=~d`Jr0HDV2mK zjVmE0W=_SRL7hhaVWWgDKjMXq6FxNBH-?xA z803&pAipzRFvi=79*>->>I+jQYlFQ-*Qux3=Z4a2dzlw5ffSm3+l*N2b)K-eR4#~|) zxWsVo+E*80s6JU5s7az4m2Oc}uMnTV6OLqD$aQss!q6Z7FB?Vjp%V=CinCI2dWunc*)-QrYMr&DuT5?0jG z&*=fh;XR;H9Ja<8`|T2JQnB)_mlCB4h~$JZ2+r5RM|4#tuiOn3>%cj==Y^o257kt; zlbsIs#!blGhd;&2g2T$&=e`bUWE%8i_`0n30fYnlDAlk4e_ndp_=mr)iY+dD;V&;- zm7y63D*QZ+O`MsQOpMTT?9jqo(hu|d{9NFYV>Y`bF5J*c%l8!3p=ZwHC$NT{N@85+ zjTeL)E3jxAT^ZcZpc{_>?gUS7aqflJ(Q#N2bAJr(V4R(gKwloUp>+(q2=^NtH+s?x za4`9p?g!i<#`CL2F2h*HbBuYM9siY|lCYBlZOV#v0|6*Bwp;=WdVHeFHVMi2&&c8y zKBpJ@8v4KtPM+Am2s1c8aK_^QoF6;WkO~5$l+E`T6Y>Ed(hoyrUo&$aDArQ(oAmdc z($_PO+GO|D{3gQR;0v!I3UAOyo5NK-d|AtP{^)BP6_Ss;Cn!?vpc;Kd(l_=}c#2ri z*hB!s_sIZ?K)rd$79Dk@wci@Sd9TH|xseI>a1b;es^I39vdy=+4tBTX;h`xSerqGC z6%9JebVDAJ{BuKT2L95h_Iof@_C3P<*ENy$-ybC+h87mq%GP!k2LDq*R8qH5S4P%U zZgo>h#2m?<7d41wfVO=PF-=cqFqI$_E5YbT|Q`N`nmxUM1~jkRY*;7bo}Y=lPhoMbyJ(> z+)EniBBTNR2%+-=94U+0f*B0Lb3yWU-t1vC3Iqiq z+41GE zO|4XF)Z=djjR`eqN-u9O{vI(5%Fr2!k`?i43;Xzb&2|4=GeBqC^~-uCeL_}vCHg6x z8U|}R`v}1(Mt(6BU|u?T5Tc>H`!zhp-|jie)JLC?no^Ris4BZ-;TTn>Q6tBA>k6%I zy{E;I5tcEQdbglaa?IP6-62U4akK5w5^vbf7_f%W#EOB=MrS9|Tc4wMIAOu4oZdho z=gYn$j5Q>%0A`I#zTnN?3Xq@h+i9AUm%|1T@EJ9mYO)5iqQ#zR-ZoH>>!<$0yuZkO`Bjv}=-I1+3$DT?JU;h)F z*6rp`AGHZeQSd~03cEg;KuQHD5@=E^uCv<8LkNqGl04MH3WD^rYz={l(DxxQ3d%hh zA}N|~I9HN9V5(RgDrdV$#b)^Q2M0N2NF@wl-&}O%V+?nKKyXwTmY#)oY5L$)f%M(v4?HUNHw!xWGub^eO$s6*y z39MQ3p(irCI`tlpaC4C|Z1BCPr`=06TxIo|R?8Z{Rm|D~{Grhs`SJmvC8;XcT!P_P zx#mjozOia&Q_&UXhA;}a-4I{>jCYdF>G}#znaW}2^sU)09GWG9i>HE%XN|F;HEWT5 zo{W!`SgHAvFsS=CBVmged<~wN_uoxud3y}YVVOJd$Gdr1tfNVm62xaZY0#Vw(ZWmL zK7YxU!Gu$FFse*cs!%=0un_(jh{{bN3-04Quw}yF|<* zOzuKNNzV>NZ*!!L&$)zkY;$B5EFN705?gA44(>L2Qh9G%pQp|c(4Hlh;jC)to#nE{ z?UJt+Qo=gGG&L)6J_G~!+^X8f+C~llC$Xv2x_8bpot^7vhx-KTvbBA6Q2N+-PZ*Pq zAuOokJBLGEK+?~YHh{SS8uCYoAPt|aa$tH>VEi&-#m-hV9N*y)0<@msk+~C@Fsde- zD;$S4HIQ!qd5FcLa0Pr#*jSu7pNmaG4F(t2S=g{=48NDey6qU+gNgUlVx@~ z^9TM_*geohNn2 zi#sN=rVKo75k-#D*QNuyA%oR>(h3~Q&>uhGY0_ns@*w#?8$2kt|upPwbR7<<;3H5ebobN z;E$$TXF*+}nor=Tui*@CS~c&(vOCmK$wlifi>?q$C35?x@@za8QV|d~PEOAXU-nKR zHzf>-Yq>l1)6v>*5x%54b`rJ|QQ-40t#W5?sH85tFYEE}uDMiincXaptIq-Fmo0%i zZZhL{n{^(Uh5lckLfuC#<|}MPRv!%wHoF_g zUAnPZ#$;)MHhEI?{Y5}Ld`+Vw#RhSgGhe7i%SsKaiU%n+wrPgMAsv^zfBu8oMU4>Z z@A%%J>Vf%pz0v;$FG@OEIGBoB**oZ3>Hkl7J3&G78!w`HHLe(}F$BtiYahsi%rU{` zqs1ih#d^V|HVzXBl1y7MuQ{9;HCZwJ)?(3m21|F#V;*JrARi5h2ljdpabxJA|DArQ;$)UjrGnH? z3()LkNl3v;qn1pXmuRFR!m15$@|(?(f}B4>a7v9VvzOX<1SFxBBK%3rt3op*Ya%4^ z3Ne%w8#i3A*rEUql3cqNN;b%~W(opkK@-Gu3%$ZXt`o{eg8>`FkI))#u6z{XThmA+ z38xnqXY50i>!~K+v_qnE(+|V>HtT1LC#lC6f0&v5OJcbto(?I8z(y97R6$J{Dl`(>*r?lA$_>E2{{=moz$hKA%VMJ`XQRP4 z4lPp`&5=iBCj7KS1H7uN;x!X- zALNKO1Q??WwDOJwXk5D zD!LZ?w06%8TJJ3*eTWa~se7tQ(?OeY>*$A}WrIeN&2~XMJd$;FZXaWP?H6s#Wg=D1 z97GVS7z-Z+bKdFWI7qh;223*U>sF) zBdul?6^2#cY=K*9CtX1W(|z&jyygZPGbQkl=+BfYK@dooTx{(4vfT=vcsJuXoV?A2 zZ*?If z>@q>p!ACNZB*oMIvn(Fe+jnk#sv4Y&3Hq4h;*XQ_mwfvw?ki4F=5IXea?kMoaB@9f z@Ym@n&F%*{ko{H(aj>o}oOJ#1AFT86l<7( z-unA7iwic}G9YLDZ^nJO6HiLwsB)Y3D9_$4jHF=(8!th(8eaE3j4&%m_B{Y{k1u~# zo!zRa`$^RbtvM;fn*p zIr3_dppJZ-DqLgGakuyxgz%6hoZ1FadzUFwC+c8bpXu%yH2gU-B@6sS({Jr>DF4w^j@CO|B#dgo}o5Q=%xiIp#q%uIOa|#t%8f z3Iq*JT!oka5T+_yaevW&%c9!93-iAQtpA(Yr@VA0#-?jM5(td>q#H4KJ zPkeYtz9gXz9{9m50i}$Hx`8-({2CLhWD-%Et+Tuub%;xkvxjZ^%nTU1r){$DtZXoG zR`Lz5jgYp7oe;LrRz+7GrUed&crT@*oD z>hW0if2eA(q2o=Boju|77taR`0?ka-L_~KpgZFR?ZSrT-c-XBH5hN+E;4!S)e&N+y5N$5qrxEEX@+Dv!WBxf6UZ^bywot0VTsa0 z@Wjav=8bn8x+udn!I+vY(PgXDqLLSjFmA9IB9XjgmgwUgMnb^Oqb=`yB}tu@+G-?0 zk0L)uV|oow3&|W_ZsZaMM(m4=i^?_>j7y#R4u)`b*hBP_uaWGjjkN(Y;4tE?<_SGd zi6SOK<_BZT6ZwtKk5%>ua0&_vuXg+4u4RZE5=(uA_dX2$jyLLiQ7ni0FQgl!qQG|8GyGVn8eEzrnQgMk1a|9OgAn! zNRf#IsyhxIjX)XXg_YQh52+?D&XU!L_UnB^A5zI?iQ2NVxXlgV>TNDFfB{Oo)?>1}^lRyuu zBe~A3u>JD@h`;f@^|7Xsfv^dgVoG(B&_VdYPSR~yRZz;(wJbYH*l}%|cvMdSrrc_i zWN;GelSrFepoH3dT7N!? z`Ix-8%3@l*xQXf5az4v!I_q%gs5{P8m=&zKEs+HDN(OVk)k8MPGrVxlxkeW!&DwR_ znbqpH>AKumMoj%03s%gOeBaYMy7pX42kayr3Ie z?H*|x1ns~5)U=~$LpEvBi_RWxoyPA^wlLh=f4qVwi;1o=K|Tc_uIA2!1W->z6ld~t zl?SSOap9EJW3gu_G5I7;TbFoGx&P5wo1MK^SbP`puYX&_|Ah&%{XZ-k^}lWM{x3b1 z`ToTa^S@l~ALe`Vrk0Ktx(?QM1poNNZ=!2uWoYrAfoB;CqVoS>ezg$L=pu4?V+c(& zrU`s_K~Q<(`zbMOd22|d`mO_VjB<>KP?TD*+K&gq-ENp&rpbKCN@m-*M{BpnlYdK? z?i6gzYI}b;KDEEx+?_H1;BOwHDO@q?nP#*?N@Q3_adxcRPA%OF^|wM5tCu)2T9Dyf zVOHq^kO$i|L)pi`wrGKmWn z1{M|c)f^ohC%2yhb9fcM_aCy%UGSHOd`x*ATvM=N#H6W;_p*D_0HA}k@4f-ini|7^e&|}(~H&XrwTQ4_yqb#nJ|3W*fja3%l-Z>Iq@$H0RL;5_+Q`a|9qi4 zl+7Km4AH%em`4cKMCDNtj-i?IlP8Ey3a9U*2u0OJMCC13&D3Ox<4%l5FDKd9*TNV4 zoCT4fR6woQYkcG&TSNl%%GMPHWM1-c924s=~q@ZEPA$CKbK#OHm^E3 zt{&bVPnK}Jkh}Re2b21TFN()kv((OV9;lAG*j%67K>x8s;Oe zD;GYtJwZLoH3f{8pN)ofGNTHbRn!Vcoae$ogd6Aci&WCi27NF=i09HHTCP-XQ>1J9 z|2Px}7aDldpaA3m9bLPh31TmVkhnng`WYs`8PqeV<0@S%G0gJ_)%m&I zpzwqTEYSPMR&6YFP=zeQnavbt!`KH54j_;Tco0x{$GNGZyRoI!-E-Iw*=58mcyLoW ze5j0K+|+HRNt{A3o*0;Za7j)r2c;y|Nbq$`W3QAM;rD@>mDc#F&zv~!y*7{q9Q;Oe z{ji!k6|7V&w3gD!DJc2|jY|U&^@q-4ihNCNjaD%<%&T&R5iNoX4~EPJ<;H+KO7=G7 z`|VgbGaJ$~rq;SO&_>z-=w^vtiqvKf?Jr|DCo#6{D2WY0%>@+{8C&hZiHOWgdc>eY zq7NquYDGA+*0$-mFq29Z0?XAH3#vF;O5%NWel$4Q495ooYSov?O}1eN8O_%k6rDOc^#u7WnAKlBTRV`f@t9S*=R2q8JW-K+l^FggO>&Pr!8^ ziyV#xDC;?V_ERESvfY^@^f~IU%_-nPrVU9@T%NAqUezStm2~LJqAYnNs)t&RBqP<{ zA$8$WiKO>XY-~s#^A!WpHz+#lW^8G67E+vRba9+U-+R5s!!ue=pHeuQ6P=UoN&(r zfzBhTmZ#(=XX{!kwxM>xOM6gDA}saL&6@>D zx*ABxFFPaFLKU_&158qQ9FoG1t+LuR{zfHi~%=e6wNpWo%dVOKK)MRXcWoIRKSq&wP>p1SmJm=v}#<<`s zKcf$G#y7ezTc_Con6XeF@R#!xQoEWe2yz(9o4=Jv>{55*8=Nkus1T#Bn(v8*6SQCH!oy>NR}N9Dk{$t=>}{Vt2_Edq1ewapgQ0T z>V1MAIm?;Gp$Trhg25Z}a8F7=bpr0-2)zT6cgTd{5l+vuVrbeG)r`2tgQndM%RDNs z+9_RM&Jpfc%jKFVBS6CLTmOaZ@@Ym{b^6|^7`-z62oBFo@CnJ z5hpo8ffB1Etv`qtNR1|F)Ak;l@}{n`dx|Xh_IH*AhO}gQS+;YDC*+^F0>vSXsqK`>t!l`dww79wkXK9Q2y7{C0KM zDHTCwO|x8^a534%GNap4kE0=s_h7PEu0K3PSSO6t9B=oLW7o-84&~1$C84))=N7%Y zcem>^{^~U`*v$%fdTwcUgii!}2v#f@HkOUNza)Wde(?zCyJOYsdUqw^_-t*euGi=cF{dp!^q|c?Bmsjx>BktUChKNNx zly3(Cxibh>nAZIHKA%FA@SGxl&pXV4%8xpQU-7GM8KyzQSby`M0SBh!gQWZ4c#8$; z-wn<<{=a}Ec?VsG{~r60A#eWeRgT0tx72vXSMytJK)GTzamWwIObk4K5oB&Sc!4PL zrq4muc9<*H^SUjcK#u`~>n$(Bxe;0YAbf+!{^&g2{qoxbh}+BS1x5#38jVSEYQ|Dm ztA^6g=i#!AI3ByQne4DKS z4t2|WYPu9a8##@7soTNkrHt8U2b~7S`$6|H1M6Epu~QhvaELBP?oFx=mp2Hah_-j8ylNo#tx-eV4J{D-24Yjd4g{)`=Lh;1rdYj zm4`So$eBm$mU2g}>d&|7X_f0z)P^fj)7m;J0<6{{!1nl-=GL?dLu)^65eg5sp7S;A z-33Fbx=w7>^wql1=`bI{CzmM%kxmNvphE1IU2?A?O*uT7Y<%=;-#zg<%h0$mA0XOf zqTd+r=12zXdZ{GJqYMS1VXE0NDqx@ZI$5d0+i$Iz-&O?=PgtZ(L4`lo%STQryxWA+uC-4IWbX-kt^g zTQBf`;fD1up};>SbQMaf_H#<#o1098jex-bPf>6N7AL=qztw~V1X3nBzC2ibh>1!u zf`9PED+&0Ig`N_rxU;Q2Pvvn(B}9!zC4z}@UenkzGRa38Z9w~*VHY*0o-*z-?5`fQ zzus?%eRSW4r>QXm;|oW_5=X~kQ|jjVM#)49C%{T$MrGm@p$H{wq2+(*qk&gvM;;Zh z&zdEw+r`7OIrWbZR%jSd*BU9?%6D??VZgQR4_gvFf++ zcuknkxfh4&Lrxecnm8MVa<}>d$7-E5Y?8NU=@KeTT3o2do&F?blKwI=iuoe9Fdbl z9x)Pctw1TJdJJ9m@4!13Mjb(fo#mXitGCWn#{tiQ;EZQ>7i>U_nonq&fm3U~(fNIG zH=%LbhX)=Ke%#*(WA~@$Z#lon&ksC6ws^nO`Sv3zeB1iwZ-1RuSvmryN^t2)(i0`# z26~~K-zN&gdpFs+Hp)ZPl3M5&P%2r9<+(ZPVRgQ`U*XQ+ER)q&ffPVevlI2@%ZN`F zfwS`nS8YsqdPw?s>AhzP+&AWklk?!4+vuEq)1yULImCP{z5sreN4W471pXy)pu9aw z)x_5FDf9#2ZW|gIm@o95gEijFsI!)GJ^K4WPh{@8cx8jNx$_iK_#>N4;`r{ zU=flGLJ3GygDi)C4Zyu!X$6U_q?EM#qvb%7i51F8UGDho|H^ll?Wa?6@gZ9%h;>G= zUy}sL28*7SCgX`FB9F1fOBJD`oOP%&d94a!4bXH^Z5o@XNh*hevED?shMu`6j~eis z;@-)A=`3@j?f6S%aDf_l`$0yWUdJXmd1Y`ENgY$Yz~SDs?dw-g=`1Aadksasff2v^ z$9ce2nw{dZA~+kIkcc{s5TL5j2}$h;nheJ>QKyvF=absM^TSA&wc6DvsK`lJ6Y+Wb z?XRKc=Q6_>M#hqo8!K|bP07Bbp+{1I5A^Us$?r5gJJUk z^J-A(bS_+M%i81+NtMoQpkM!7TSfSZ4Tj6X$!pAbgAuFOe4Z;C7Zq?UoE(<1hjnek zaO+pqk2vCZkC0sbS4DUWpP+=Br&|~YPxAssk+reS2?y*-b_3xQ*tjC0llWvUlCr-6 z70fo-qtLsX<&aj|ZG2{krRJ|l<<33E;1cbNIy8TMFWdmqq#M9eDj+W4gJ|;>&b#nq zVjhOjOE~pMQP%cupurcliRnmb2KSWRv;qxHJnO32tPH{XZMIh%M1O}Y&m)qpcV;~xsv!M< zI~WuWYvJMp+JKfO^Jd;jC4Of_v`4~e=x3Br8^kL&IQjZCaipCc84fyY^M`N+z0lua z19MXq!5ph6o#6-;s(qkgSyc{f7_k~JS#Wj>WD1IQG3?~S8PnJaEVo3$y#9P7aucah zzZA;U^DY=v?@i>it}8$+7lSq+%ZSdY=o)1qX>eAPZ!(0EubA}OS3_<%J!Dv~tV-9O zMPK%pQn8v`7u%h?V)w`JX{KravZ@g@7)Ax~3_-}1${|}oQ1w%VaQ!8DI|C|8R z{_}vykkgc&lR@*E>}-wfEzAYT@RC;N$noq8>8Ixrguneh>xZHmS9R{4JXf1@I_AFp z#&5JixZAMTM`&A4sjjs6c&1xN97nEQYggP|nZU~f{6U;!*vF0a0ToY_myVvS(;q*d z{Qin4SHaZ>GXI5Xl4M0&<*?zjRR5_z{PaS)WOJRzm6;_JuK*W3ShVme9piS7U? zA5Ezb+}x-eIOq37^*ydKsA`bG{#12A%9Vl6!|8hk%7Cf&fGMIFO@CAw;Dk7l z5*wYvFa%XxnBmC<6M6|ttpk|!ymH5N=Z7+yT+uoXWR`B83R|V7N$L<;r7lxApt3A^ zP~sQuxNL`A#bCA94%VH@uuPQTuK_~l+1$)BGOHb@WY19DQaP)OE-G&3NFnus4B39o zUyQBX7U=lAm=I+E`WP9@WT7%mOD2W#==|NRH(}NBH}7D&*qtEMYRHC(oUuBvW#T z*DTdeI4V*OyhyCu0N9WWJSpPs1Jrevuf>-lFRk*PsJ|J75IrKdpQWtcB(R^7?9j zN+V7@b5BCN1Y(WS2Cyn~eUQuHEA_#m!JlLXxpI8@lLKfi`Xv5i zg84tb{mR_&rklO(t>wu;x#kJ$_ zWWl`$Yf>YiuFK7dNPC?0R~8y_J$St}K%rY*L&C;Y66`9Asj*Ogjw1Y>Zs9 zQbMEJ{wrvlyj_vDmmo?;G}VjjPcx;q(iAm3ei@-MzA>~wiIsgnH2W&2C1WyH!nsc$#5nWKV^Fm`wLZwgfokU-rsk_ z5^IQfyUhP4IG8_#je@fZ-H<%z$j(g^ zf2)pymKWjTTOQl7(8LN+H9B(BI%A!Iv_h3O@+N|p7JJSuS42Bs5sW~g3Tv36n8aCw z+{W`cO<7EojY z(#pIzb5ff*W=3&~`+SqwZpx;lk=OH}BMp*vjgKLX8m@+CK4%|3s5nGp`w8JiX89#C zkQO3x@-4?Ayn-yVm{ql&A6|vU@%Pl_vOJ~hXMO2Q;WEi+Uwr=xx0&il|MQDRgYfove0EnZYvWBi})*Ql!qBi3A@` zOOoT+Y=e7dJ^1AXx_@Cl<=m>D#C|(jdHj$ay7!ZV?}e$Lt4Dv06SFm(KgS)MYJDKD z?AZM`j0}gEtqpR{^fj3fAAT7cRAl9@$}udOO5YxS&ek53cfUN2#(PL1hf8!9-VlY< zZnzJnXj34i=n$rbXzO_oHAz`Q!;huSCd%iZGe4_L_|r^=e%7D@>*4a{#!*L5MTA>P zgncBVa9Y`P*3jaQW~-0WA#+AY=PWZ-;1b@NX8UzJDc<**<`vPnO+DRSonbzxT-tkYPZZpaZIg{)^8*xZ z-W%@FmLYs-8#OvlGh)qZx&S?}vGjvv@j-u^{$4-UOJXLv=y+&^^8H8WuQ|M^;o02Y z6!m+33%ncUP}VrlNGuUIqV`OPtz*yn2s&8pCn=ZUtGpHVoxJ&zj!65A&NUVa=2{Xh zyD+}qQ99ewg9CP^qWxR*g)!>3f&QK3@)GH*Ztq;%{khCRX|6w9kkk=r_a{VJ4Z>i7 zwnUA%RMU}3xq1(6M923^n?u^0LBur zW)$luqQs(>PfYc(;H}kfO(A2ScWH2Jn9}(d?mtLH$>~5inr}ie5^0lICz{ z3Q%iURaoDmlrGzBOtym^dG4iP)lNy?tku8e)oW5au?HgN0S8sUsFm~=EQYDzR znDlCT`sBKL%Je*WK%M-#>|^R{X-f{z6xnPQ1l!N(&SFT=TM}TzZl|lV10Kw^A%!M7 z5rH0BU&5NG8P}C|Di)Cf8PFXDyxPoUEBF`>RMma!hp;53w3P2_eMcXj1_eSh=Ajq_{{ev|*j zi9AM9R0pRH42afI$X$n1QAT7pVX=kyz)+T!%*;#$8bP`S(78DG-0MRiI86T`ol;bx z%O-QNO~4=>`ER7XV{oMnw=LQ+J2pG!if!ArZQHhObZk56*iJgOJGPUP_e0&gPu=gm z`|MM-s#ewdvHm>snRCoJ<{YDaoU}VJ1{(Vnco|+mG}`HI)5X-*bb9IouGnf481W}z zv^{SyK8o5|#BszBhv#d%i-5c zwF-K&D#rbwU{~LZ*e~>IcAfbsV}aE|6Qbw`7{2L*={mEyZGyiS z^l_km#ZJ?8aLHY-NLfCwS85nHI$5jr&Nnix6*6c#O42oq=iv{c1G|CiqFiCKk1OM( zdS7B@As~3rG^)D9+Echj1=$p3NpC7WuPh*$!`9zviey%GttMk1e=ek>zQ}y>#}aAa-!&(1~cf zJGI323W#_Hih41xEai>N1n-@N$? zbJU^=&w&crVQ)`y)P;ld47&sLA-ytVa*od3{EK}FJ-$bIu6byo%*Nm1cQm+qvspC24yi4X)y6Jpw z!Xxcvb5wZkUM}unz2Xf_b}+ymP{>~|i_;&Uo+!GW*zYEn(|Lq(kfHeT-n=D?Xc^X0K*>2=+vQgl6- z=a8dTj)E-=lWm1)?O+s<IS+eqyp;OM|MsAXd%RoN5s&@@X)5@_*Dj`>Ibsz zhGAO=r4GXg^mrM{YN&5sm}DCkwmB4)CSG7A^}))q-}WyZddP}dw&otw;oN%7Bvy&^7F0H#^+6L31J{vmVV zsX0LRcbhVuD0-X3VLtE>UB({#(-6LJQ-Fm=dntt-!yTSD3&AO-$%k+lFl(R!cSyc6 zcao9;h6J+(=Y*mJUF#9EU_%0IZ*4a2Qd@lVmc}&HqJ)qNX4cL~IXuAZzAu<1Bqp%3 z(bz&ng&!i2mn>X-Stxov@E86lssxxeY__YyJuwv625djXRYG+n^-@jxih~Zu@96K! zD1a(Ga<*QCa@ro9-*-`YK6f6oWXdiorx20r`|kQsjy5xaiFe(dYA7Nh`dsVegmd4N z!;yKi`ttVi$}1|J|I{QC)jK5h8lqBW!fNjfA&qedHZZVivBqZbcp}NudLS5@HN%N; zWAhZ0#2X%6_Op?8${{@FV{V$T(GAWR$&H6C7;nsv5G#J(#*c8C!272GM@Ji)p^K<6 z4&-}sBJt?3muZq41?^LpYUv&n4=p*@5u)!(A?{5&_-Lmo|75ndzyDyMRWY<}mt#?` zD;@pSVuaDBHRE1JERj|~(|QcSzg|zV&pu-7AN!j<;=yc5JVn%X2JbZnZi(z^Da(KA z?gkCbaBF)@C@)~JyN`BOT;QwiDP$9ZCjjX_n(MZ$gc z8+}akkql*v&tryS4Y%LLX&0Ar+sa&f6oY%8odRiQjf5e7U>U7Bn?lBF(mg;7_l1Se z`4RTjNH7ju;mo`FkGqMZYPLqI?t>7t`p72;#>*l=zW5fX#?#U4Dm0Bd-#C-^%nWkFFgGInuw+REoCSDKLy%~ z#)i%g=1%TkmMAXfM#c`r{~Fd-DV@uFIkj{5)3}r=r$qcJ*j*|ZFVIwxr$<0)2 z1NXO)lo>Tn#8pgKsngl#=zmaOfz!-9=2Z69I+0datQT2t@x}L!;1FV;kJNIBN?SY# z`wNGpCiC!<{L$_^MgXTXA%u@4$el4(JCzM~$UZ)Fs>BeXVw_A&6b_y5;b-Wz;P!`U z9in?9>)N@dW3tO`UqX}*tl$$*^*miiC!=a21Sp%%_DQcZ*n_lSLN`^a0nP6x$98pm zN`1-~`(s*^pn2lCLcO^k(4Gy!Edj1s(8f?BKO-NB86!PO%UfmtoDCxO3mi1El@M{G zG;Zrn4Iunk=n$D9jc{T70cdVb@mfR992MAQEj5~S(QEQoYS&TD@1Y)e@Qdy1 zgqx9>F{)WgKxIP%1m>*$4g-rZE7hb-LVUPE?lM}XW4Z3tX?-Aj$C)w^A z!}T2`Qov=&Kj^p!GZDP2`t^2nT{Xd@Z{_hd}FLqjf(gv9x;e*sX)2V~Wm;eYmNzOscLr=M^<;PFTH>v=M zvH&&?9V)h)YLXh{a8W<(*uFAI;=eS2Cqjf!j-duqOu25OhZ%3ZKd%q4{fHVNV~eB> z3yT=8g`iXSIihcs*mN;ghqzTr#)>$QP4ec;z7$G-^Np6xe{6&|FlLjh0wH1{(<9q= z`|WP2rPq4u=e!QW^v!-Q$n}EjA6*JS%Bs%Eoz@0O_YHw$n}5d1*|>%Ty#&WrvN3TAYr!Nx z=PJ1V%f|1tRb1`X)_ID$s+2%xxgnfT$eSt{6S`z@q;y^Y!NNPcEOp-L=XxJ9?Ae0& zy%4&{6W4gsDQ5f;jn;2n0}2sN&i~5X6-iRN~61u`>89c9G6mq>Aa- z(#1{r%dF20&^xkt8fhQy%4of>`MJ6CiWY}+=6OqHxr?^4K?Q%L6lL{yIrcpN-g@lV z+Mo9I@rKQV*rK}=^B}0EOsE_xA)Xz{lpwG{6YAfE5RQePNlA_lCAV*OK;u-sr^3Z?s z^<#pJgHXG4dk`9{aDQi{^YaMsvYjl^cfp+VD6v8spMaMW(?& zrgownw4k-9lRj=UecN@UsEHnF>tatj;JM0Z3{j%LcYhjWRmuSjF(X)J*G|H!c^T;j zEo(5MSIaYgqee4ew9||VOU^O_ah8!vQ;+a8GBSx;fZG3of1M3E!o>Pn#Qt2{@dr9d z3iQmlRF^ub5VfuTV}Ek<+XK;VC`>jiZUs5avB5GEf#yod)58L#3G)Cjo1YD@K^Wt} z?|D2R2q@@Trer8Ug=+mWt~!7i;)%}VjV*`>cH@)?Owi0Y85YP~95m$WkC1pxVzlM9 z&b-pf7d3w@sQZoc3dfdGn}(Jw=cHe}dOWfgARL{GIyo986?n%a&zL}dZ95YS1WRvK z)=Laz8kU9%5n~^4k@3?qrPS<@!5|gf+4kt*n-0GNvPhi4va)-woU*%sk}M{&3;*v* zl2qd;{k5B`5^G^+($NZ^tUaOv`xzRfr~;Bucki8d9wYODu)%`L157xs#1!UEBz)R! zLRYVF|M-$|ub^WR+>omHnU=oaU{5DJxMv&#N8BNb zlZZ^4hB7cICw!Jk%VE)-Uc*5~y<1lD|6-!o+()=tcBB-vL8H)4p# z#KOSFodCVkp?G;sYA}~futG}4BtSu_5MXes#@vB+q7YU_RV@B_vwjY_(G0{*dmCOL zS>VCXgkrCi+~BpNt-|EKKod1CqCOW_Cv;*VL7g%USTtcA6juD4|1FQ>E7I~^98cvb zlTTpY$dIq7jv|vyOtBZ_ZtY?|5GHpPiyW#Bx2n-s=F_Y4 zoA>@c=%42-3eKk(Vw;Q7Q+TF{LIC=owEk+c*}-`{pPRRsFPB=?LxKYB1~&rK=*eBP zGraV+Y`dKVn6n{zvf+NS;YgGp;6SuHY{7>Vjq^}!l0e9ib8b)s;n^4@RrKYw(X_`^ z5Y>8tiF&r|{5tHkB4HsiTm$2eDU0Mufj8frWA>qKZetBcv%p4;am6ELsW=9yGKTqR zUfkgNN6jc7TDQCx=FiMup#tknrt|kUt5q(EqT1~sJP+fiCik>#;L>NF)%P{J8iT55 z7$RAZu6`qnsygiK0^ncWcUs&*9Tp;6F4+gE1CaX>A&_XNLCNex9?o08sMVySa|dRU zQDW|Eiw8v5A0eK{1z`HKnwf7>icL#mwjm)Y(yOdE%Y;{;=rf=-eht7PW<^_DPuRnt zXPQ4ORmEj8c%*hH2}bhYQ@k7%oLv`uKZ!)ivSCg-NjX0K~n4w|My<90LB|t7{VfI%E0Y5pS}Bw&h=lx1}S)I_lhI&Eow}XmxEz@W3Ds zWJ&-v8g&I)^TN@J(ehM+(HOD%agV|kh}RXwQ{h0SIf}XW3g5-V*UlxotIf^r(j)%2 zhpVI+cxR*m$|QTb@4?{=$)M_lQaX4^a53PWF-i_rcT&Q0jjwQFGg%SokOuKG0groS zu#OPSeZ|6zm}nvg=)HCFjHu(`Q98kGb7g_pLH89AKI%e{hgJjpfp(6%MU=ch7C1H( z;c0B>Q*z5H-=k_+vJ`Jf^lKPh<;}gYB_q}N=7n+b@^zZ|+<0nKI;H^&Qt?Q?IW~3{ zF&!QDgffJR2zgNSt0#kbtBA2$C6DWKZQtK`eLlWEvwBL4%yzNaQ;}I$1&$lX95=Z( zTwK2d(IedkSn-aT)DKC1If8nT!^+hN|?)l8fsT_L=h#cUs8R6Mq3UX0k+ za4wbBl`DZRNT-mD`FBL5DnImcLc?^r1X4^keGx3l2bh$4XG*8ae2IqQ@ zq<%HU0_J;>bxygk;jPCB#&?hYp%&UHVh%s^1suHp7C8I|=g7Ycntx)3WI0XCe@q?B zJ5JkKu&g_ml)S_UoyzV2gh^qgpn#u3URe`x*Fh_|Y3ZOZ4PF*yU)wCA;iiTG8o3Pp zS*NZvx9?Bx&$z!3AHW!lBPZhKNHZx<9At$LVNL`N;wCpA)#1z7>|JEqTo8l!94U_& zZZ#%xf*a0ct4V7;n|AYnVQ{M1k5}}Ato_eZl@#1a$dyY;dS-p*m`aI+D^grEBSnBijVsg(AH!T^s2M zoVf$zPU?BS*w$$42$;c8BbgNANH8pvr6Q2Smn-9)h^TWJ7h`B-EV;uj&$`oAw^(AG z^E|JM{ccjr5nvl-NsV9kh^A=;G-7-3P*D z)HQ4i!JMLfahKKe9AGbtb_{4#Ba4bfyS@6y*y)9g3OfGlnXi7e82?$?fcpO*EJ_F} z{*@~J`KYs%EEU&8P`E7(rGo4<1b^7(ng5CfedJ$bl9^wf8V@G`1*x*1Hv!m2E2!Uy zIgmb6yrUZzFNmj`_dJR^d#EZzf0q!r<#%oBc+6>d+-!J#0u%_8&O?yZ`H{3g zd7;jHUNcFFva3iySfCeDrW~U`964;;J47+xeTaUv)=eseO=fmfqpyfBBwndqM~Oag zelKkZGeoUi=Wb=1BCXFIwJ=QbAre;gQx#}8%~Si3fd9FE`o%xMT}vTfPpe+1n5dnz zz2DC2M+jrtoh2B(OnS{qilsT)y%XgZE3AH4$ePmSQuPG3$J1O01@wHtB!TXz4g_erhwy zpuNT*q0%uqNh-*tTs*WGNgNay#3Eg?cB0lyl>yJ$cbH(}cL~FBQhqRXpM9tU>1qzE zn=qpwdb-O>UbBs5Lr0h0&G4lY*@wE28@8{K(O#&YRC6d{Z7s<>Y_$WaItU;(lDAb{ zWgs!$$x7w+T<>#cAJ(S}_q9L`bCVL)acqe=uwPfV@6NqIRlzncAQ^ z7?s~6%R(rnPJIS(g3%!1jBF+s4J<6^b*X6!yVm85QzQg3ACR7>8Pt0~`1 zJFFR9p>FX_vBxA4up}1J5u5o5z9<(zrQ*;>h81pN#@DoR zW8EEUL3s2BI!Tz@CaK0y_{ZAXQ-Z}&nOA$YpYWTx`}$9tYmxC?Qe^6RO~P6CZ*z^D zd+MWEh4Hf(<8L7=y05k6Js7_vYUOQ(+vm0615yL^f&&t3?2>or0vteh9P1_Vru1Ke zTjq7iUJ=2BH%VIkhK)pzKapQ}gbDpd=g1ycE(jo9KzBD025vg|D&hFOMDDK$F5=Y+ z>J467RU~yTcPe^b)Eqx#dPbpbc2D!Vx8!u%l|+dc^>z6r(Z<_<4gAZKPM5!|8^4j*8%)Lb4j$4 z_17XKiqFL{dBuS>IYSUoH(v`7*Z?ayId+;JngJhukgT@qPb2HpYR0&y#J9ZgC?RAY zKi)An8_gDKmU?Q=$92zX_bEpm8{hX2`|o&C8r69l5*d zaqp$C^Taf+l^U!IDFf)Ga?EoZZ{aH767fRfWm<$UdVknif)_1lPjCg6LVSa@O3ioO zXq2{1)bF+o+n68_j7?xqBH&N?k*6y{I{<2cku)0$x)c(g>1y#CbAiUce}HW;HbnLA z7E6_(=y)z}1%VYN>j6t;#m-wJNh$Zp!exVjI|M*7wpB+xS#8y|;gcKNx5fI0dAJ(8 z8>nB2DKOh{qtw0FF!Jkee@#1qkQ5XA^9Ck-B(1MCi0SK~zFnn)iTwC`r};#{f>Ndp zGnNo`ZWjTPp!o z$VuiJw;YT0WY@Co^FRztC#`a*ZBT(?K8d=6Q+qzFA%yoR8_ zvm}H}|6=r#$>J|qWw|_fktm-#7q4g?xT>xnlIw)e5iX)mn}Vl$56~bh>m(ud$f;sJ zx46w>G7w7`z1F{$*l=!{;V=aK?|$N2B^YH)71QzgC^1Kc=qqWo$#T8o3hHWZJJ?|a zpbNPC0!eVCN88DIb11yU5zio~-<`ttf${^5&9XEo#`R`uH7iQ_<<0AWO&Llk?tce` zf2R-ml0LQDSlqx%@0rvgP#nI#DS$j~+2bLxGzW2}j zsHpjHg5|HuYXJUtFV24prvIb*{+su4{P$owSz+zV$P0lxF*9+Sg`$xOkc#$)MZ7JI z5CQ&&5UK(NiMngF^f1c9F=d1h2Kk;3ZTfBO7E^nL-21*q1HKE9#}4|_ zY44n8ZuF{g#D_5H@5nw(risvf&I<{~)Z$rgWo>73h2w^cS&Sg7eDE*I5gQ@%?4;=T zsKhh=2~!m*VDy>C^sW2x^Fbr%4P;n3Cjt*?uIYub@8%kgdMk&c5SL^_pAqtnuOElN z^~ZV{EL3LGi_WW3OIytz&S50E9{(_`35=M2{Co47wZQ!XV@j>oHYPe`#x&CfiK)#= zYtZ=h9csYl@&&igb>mWFri$)xGSR4VpVge1x=X{7tup|3NZv9#&iqMGN3^Vp%Uqfa z1oLk2*8wf#*;(g)^v8hkS}u6Zx;#BOGxzYl;K8}85z|fR*~SeQCX*Io2m^J^4GH5L zuR6+^|czL~As~(HCJ{K*^;X{5B6lJQ)n;!`l~`_RIWQWdi->IsXn}BBFr0F=%ypSVU0&>m`G8$9 zIi{e0(~r=(*cWC5aa>?xq!1c*D&$Y+ZBmRMY^K~hI1bkpdbx0iBd*&HBZ!=|_OQcMrBrOm1fX&f7w93ZgOi3b-rimA80c36U zb_wB9_7YvM3u9#}FZO+uWZE&HV7z|@>O_pGo%kl)f0R>jkEx0}19K8!7<&BlB_oZA zmFSF+eXP)flBZ1Y&ZHyAN)q3DX%;i9#U}7_PheB&HFSPWi;?D5lSU^(tC+-4e|;E3 zCpC4bYQ)qz=1ojp%?5GWhLtrprT`wovWq_qqVQ0fUm3Fx89&yptluA$5oCOoG^8$o zG~+{9Vn`l591*m`kyDCvG?J6I%B(y@T}9l4_G!27$22)-6ERB{PI1F&J~&ZUi4`xA zi?*NqBie?DTicqL5N=O>%l5D72eL%~N!C|d{c8g9pYh0luwePGjjZB-AJ{A=#7?wLBL9 zX(MB2f7~a&#HY3WCQ~=1*OqVVIft6F;n?;E_NOhpS2bZ*e7?7`t(F5T^kN~;< zmKfoQeKXG#GQr70P^YA>pt$u<6G#a2RmezNTgL zNfj~8P26}+=b0|Dt@4u=vjFevR#}-Nn@fNIzQRg;8sWq|2}ymNpp;{A%RXr={y ztyKXEZ#AAvkPLGBx}`md`x>&eHhHw5dUdFeW@!*T_KsZJu7U?Jr`YW0aXk3^maucO z3t3PUohM!2IwL@VToDi@o|Z;dIm2`Uy8I(?ayc&!BMZ6Md^@iG!HH_tTP#~!+DcJ7T19>CUr$Z~Dy~fXD{+PWZ97W$-$IiA zE{6Y_J}7Itt_dN0sJIXbC(kd~tR~GRH8v(^Gs&EwW}yY_@kQ@p;q-}bv5Y0y#1;Lh z$$vxf0ixwf(gfMZ*{(YJlAM^3u&^MT%I7juX<)oPXH8B1@{NAv{kA?}3QIzJmgIc` z)zf)?ZPq}=d0-PNDnZ3Sy;O0ojOc9i%NsdL-y+j@Fc-E}$=v-UQ6J+HCS(2scI9wa zBAQ@p#$x5DSEa3r5YtK-L&nB3sQGN73$k91-iWJv)UKL7D38a<+A;wc~He3YxiN}Q81l7axK$DYBqE`m@mTj;?<|{@DW@R?HQa<|Jy0&Q= zhDu;70jt%-9w`WwdMh^@WL;)>2b0R~INoCigdLuZm7+h@peWoX|KQM?T3)Ya7ptv5 zsojL9luSYLoZS_k4bCtQ8fNvIYlZV1X}SHQj`Le$kOfOhtyDi%$Le~7kSZu;H)8B@ zz0YKk23#SK;_oU;?Aw#F`Hk~i^>s0=O0a3!nlFqBu006SH1v+w#Hsn6HTVNI2=8&p zjrci)R;5XgZ8px|?12NDP{P&0da#RDS|?bW*QX7#)l-Q7U_1$drGSN)~Hm@XV~ z#uXYc2OE{}b4_q=&QPqPc~+Y2nckc^!k`gNqJvF+RZ#z3HEUz=v`6nxD8@E&g3N9J zj9cJu7H&f)1iSEnEg`(rQJ&~XihX8{CSOwCm%DF5#qb8ioA%;5ga|}%?=f7k8oV!v z7miV>K0^zP6Cc5Cx!Y4*qBiiir_U`e_NUY7Z`r1;kAR_3#?K2|x2-(A(4_PyZ+OYm zpJ%&)CD(NseJ7wCMR{A*!(V$RGz#u~h1>$3U@w5IUclHfoJ6Z+y}-O1eg*xB6#=XM zj-tm>aEHKjs9W4zt~4WS{T9C1I$M&P^|wM9E2OBkpT=-{#1qlphu~Oh;^|~&(Ljxd z`i&Ex{FaaT>Ta#P)JKL?c2V-YcW!qO(urD;J2CJ7m_02^p%TY_Arzgzm0H65|9;t> zoy@Hq|Bt+h$p7w-zFfAHzy9&xxH(u++V%@KduOsa|6w!7TAfMp2|_aK)473JVHKgYF2HkfF>yJZ%v{;f_3ieC zxPtvlSHRYct=XJ?=-0jvZ*Axhd1Ll3vu52ck|H(LUJM-<@HcK&oQoU`TMv+NSZu>s zNEVIFtE^Y9yEp9T=**Z9ADBrEYI&DXU?#w(EWYHIH-)U9s~NKLUbrLd*ucx z`X);*=XS9KI+XaQV*E>SUpnYevgdyJ%WYl8yX6@Pk%L!_OjRZ39}bxWm>wH5EgQ%o zt4e-1$z?Hx*c=yn{DC3D;KcTiJ!R2`O4N)KB5yHVA%k<$Sq_@R+?5t;y;%2C=RVo` z=2-Fepk1MAeEMyfcDq3_EfVvay~?r2yu57*5uzN2@$(3R;pNSp-6YT+q^>b-wzoNk zxKO=xOLf|(c1&mLKKtUXf;Kt0SGOZM=c{Bi@S?jZjn%9-(w18(Wi{IK*T956dch?+ zxj71J&VZhSs~@$%T*ZH&W=Q5)!{!S_1yq8W0$s4UkdkRfyhuqxD8;?c25{;dm&_)` zrYXh$kV<@z>-!trlQsTP-RC8U*W^G^InTWpSkY0Tsq-O_R6XELVn=MAVUdeF7G5U< zguvb`4}e7I5{(JZp^Op`jn>R}^OJ#DB{IX4EGpIAU{fRrjI)eB(-k~rDF`XFE4=$x zVO2>c(N^E5=ggD@;9{bdAck{`3xc{cCpc?h4Gt22?*C(jW2u{TQ~ax->HV!4FX?|H zJpWnBf|IQkkyTNKKP7>&4g640%Vw~8Dfj*Tpn3e%fO&)v@dMzKcv@Gq`gTnOSu+W} zmt@w`yN{)^eFCPQfEu%birKD>OWrBpp|fQ^U0uNj@{C3{Jio5)K6)Idx}INqcrCuk z^s6Auj~6wXANNVoo@8j3ViY+o(oaZu5OO-F!c(Gv&61o`0jw=l=)Dfg9>j+S#p*5Ha>C|Zemd%Gr6#0g$_cYS;Yo~?K;HTXfj;h9fcL7z&0}?Af z#6(dsj*^PPX-Oq{9k#R$AJ0(%@Gbr(<;Ct5R%$V|wA{Z3>kX3tr~qi-1xx|#>=?|H zohT}{WA^)p1Dv(mh{E?rLO1wx{YC>`^*<2G_Hz8CJ8S`%CxjKlwp@q7s>ienx+&~B;J1T{l`OyVA-A|0v@c;>3{kH z^iZ*kG%}?0QL}}?pvfk6XvieN92SXEIb$x=ox=Yx%i((;uxG|mBM#UTM)?pg)35O~ z6jMZGuQpPLTnYo@xEz-gCsl=P4zjPwO2GfTnLdPTmRLWJd(v)2c+z}a> zJIK${8cNmc^5fH#6xi`$c9`6o4vh8VX_aFyqe*zr%s`3Qi2AchRtntCx{}p1raRjr z50B_6@chKxc}X zlo)scI#KAk-FGS>^#?-?GnDO+m7EQzG=ee5BraE4j&|BnIIH-Q0om6Q^hBO7r259b z?zp+@jJ?jv@QdaZUTqd9740haQajqveRJar^5VLvvC8{tNda+Gi0jGREHLG5LF4*N z+r2449;yOepsq;dnh=|SqfY9h64($x;siq|K=AO9(N2d4L@7621x$AgB?m+ZHVnO+E)aAiS%+dT=m9_wH2 zM9xT2BBV)!70Q|_M*p!Y4@YkDWI+@QZf8Z1EVAeYPR*HB{YKiem!sRbLq7bDAp-BA z%?-j95?fjXG5mZ|wNH@{9VwwBn)AzU%<#W=BuI5lqcmeD?lQ7*0*qPRMjucubqy4;|0?7|k^?#Az~;dxxYOP7H_{iXOga zm}7x>WqK`hDR0Z4i|Xc*avjC+@AFAD<;wBX8LZp>viU389}03jl216_UH5x zS9{9_E0X6HTV%>e^S7A3TW$Fc^ZK)P>w#39el6t<>HN=s_%Y!Awiz+|Y9phe|E`q; z{B7=*6H-<*bTGGbQnIzR`d2ri2IG~qnEaV*M7m|f07Xx~4GJ8H2<3i@;2a>2#8*fl zgv5u}EJdo@x80c*ig2xdZS9@cWZEQLkb^6Q0&-3Cl%W=B%^?)k$8+8I1sN;LQoFd&eYoN5|d$*b| z7lMTZDR8gb{M?1HrN>(xAJZ&$IOzAVJg16F30=h*bUZ7K#g@f8GT42XF){}hN>YEK z1Sz4!aAkdeD+Cm3s34GV6@H(|&L$c*x#OVkGX8)%5(M;#Q!a5qjaK4)7`d~BjOgq= z@Oxqd|0})m&ZYoLZtO6oDoD`DYB2+0V$2KO?tWVlWPh<`J__rpTBph}!X&7vg`n0G z*&*QY{Nidc*|{ELb33}eX+S>prXpAa%4JNk+X%WOc_Kx1b`5oL8K(5=z$Tz>#6?$k zhRJRf)bs&%5ZPpek7Prz1&Z>^%)r@E73yO0E?7e=&A(hgYFMgwh}nKC@8q7G2VQ%r zRC_7SUc1mmdrxS|JtZps9VD*REM^hPcP3|s~sL!KFN zA4q9o|E34VR4)d3ku8zT_yW?7vpEBfSvSyKMnjj1O}R#qMZt^MVh9O{(I#&*96UJO zd<9||ku-|oB@@MoybJS|f(7IH9!91D^Hv3|rrC%9jUwI@>g+?0*rwgC8CZvLY6sjg zZ`dzYRByj?h4%)UJCF1aRPJnr!~B zJwEK~%Se$)x+?3DgGR&RIZC(v@mei&bprCcJF;XrS`r;%JGhMSWD~7kKe#G(6>xOj zD9J3l!o;1lFtr96r?OF)T8V7LF1EpS{zkHi2Ql(}m`6smwRut*j@*b@PP$fc5Btbfu#f8^@mzUGVI8+@c?84e8A)`m z#2M}0b*<^B`I%sY@{+4^skBCv;+VP?%H#c`apu{?xT_F7z$nvogk+KaKpsw!wA~Cy zjHwWlahNg#&U0(qeQ2N&bYWEi1$5TpiDdXW$?9cPVQ~iVvQnro2;YS$g1(7y8ia+P z{aC0Lv)sCofk6dqQ}pf)G|n=fZPX*dCq}=bPT<@82bf) z-48#mE#JVhqHacMX0<}KKxa6hRGul=*{|kI7=W~J+J{P@3wM8f*n<==;mEFa!l8GE zcO-RpFhaQ(K)|k3rFmOn{$V!E=UYbC+PNhoq_=tHv0TI5aqB~WVAOZYdTN~i(THO& zuyQxra^;8oxVI)HAI=n?R#QFNq`^)?L@?Flc@?Men!TqoPj3PeTbeYj&6q9)Im?8G z*S{yj6+u>C;puYzRGnwEO9pg%$MY{;b@M0O3^bE2RO&gn38 z>G+hh>zPB6=tbGqdQ~viC9B`Fodm0c&6t7ng!~)IQB$GAR=|D|2O?1n8X{{s1kvJ> zyJp2-l|1L3RO%)Cm)9A%`A)@Ccm1Iphfd4^{S}8`^6!@CT_E3AH2ize@YX#%>x|%f zUq5_~YjB_a0h@#Ja^xFqH_dDA+{|f8DN0ogH`V0&G+G?^vdF=?3@w+a+oSb23r4)? zpsIaA!A}(5!vW5x@LvZlDi7rf6l!h`ePjoHkJtWVV!Vdh;YFxL2Y@jW+W>lYFrTp4 zq+h!GLKY7WAillaM(B*-V|7R;zmC;z(sNH&y$h&^4v@BWLqoD3zyu$uaDkzL4V)fSO@x2*yUT3k*X27AvAS|(%ps4n|JKEh!S~}ENNTf7}#HIp=xcU>IK| z&TJEyT)|(#bAi-s6+nvul{bIj+=ne7e#bOo-HBt2Ei+SpSR(hoEww&-`JE#U3?tk8 zU^JL4`6ozPH-~A4q!YF6r+9M9#$2V%JAp)#ZR~*3@?lww?+cVon3Q*UHtwat&5Hph z3Vvh?#3055YW z6$gqAO|(#^qu0IKFHuv@*B26RL96DB=Q0Rl78aIbUXC^F z!xkNxp@S*_UT7s(&N(GsFm9o2yY^gxTrOD!ShD5vh>&zJF?@%ntkEw+%n>|gkCXan z>yS!gDF#9g4wmL3Fzv$u&-$E96_#Ug+T%S&1eIYlYZZ8wVt4)?kF;{UCnTd<$3zLb z5*RnKom5FFuBtD^;C%tGDK7n)qs7E?F3x3Xzzro`5H4$fJW*T$&y;5WmV)RgLOrf$)*V2?Y%=FVI9$E zHLd3p0`4s3GBd2?y!HfPFH z;EN~=I zON@nQoa4z%OrJ!T!l?wzVTH+3y=-X+UeLSMx@HlN(haAmuvACavLrz=RGyEsy-`I| z!?GXpw^54OhgrWSq{85;ewvPE3Ti3^m6f4Nt2O%s20CM`!J(RgiN`sz*cSwf*l+H6 zAbjTrxo5++d54>iH|?+4(iggaMf6Jj9-`SrlDk#2t9YN{Rd;&nv5MGBS1Mp$J0+JExbSGwPu6 zgG*y6qG$N|DXGzy1zW+@LaYwkuCdxd9~hEzRQCBIES1-U3#aeO@%xA{P~Y>RY$ zhfI}p@0kT#7*&w8Gb+S{eT`w}(qZ#rxuR^0p4rCLtgJ|#qxS}o7GnT*XLCKasNLEc zIrbo~(0H~^#~M$7=kMeVaw0c5@1m>PmS5U&eL6J+I-(!DeGvjJ_6XC^4+h<9rQ}>; z=r^UuWhgq7p6tPao^}=wjZ5@VecHhcUU$PbqAO<5HSRDQ!4#b*&Xg6K9w?bN=;+EQ zC$U{>2hGYTMOS-E*EvfEF74VBZws1P;0ovwlHks9~JMalFrrh)oKi=&gvvHrfPwdZr&s!oT#$*S8d9Ff6)6JHi z*|BbLx>t3`!#bawm?@a#>wSHzxs8#3nbK~QmlU#-! zZfRSd^nBRh6uvMz`2br(sxAkxcf_A$0zn>X3-GankYel!Seq3)T)-Xvz4NhotG_M^ z)8I;mo_PeNVI8J^y@TU1U;XqiIj#r})&E3F2H&K+it!4E1G&U}D)P6^?Uh-@SRFUd z73ffW9~+iaHKRR}`JVhLT9+C2ROyHky2Lo^TUXCRaxAeoU};$W(n>(`to{AKKvsN5 z(C%iw2|_r-_UYJGj9grNrJvkoEp3rTi#5s{=b+?BkwICSQpu%)jXZT;fgv#e*X%^n zgb$=?seTh)`=VV8UP|eX7TlxWMH+KbCYt41R)PizoAnU5Yj6Hs02y6Pj6Yd4MS9N# zu}Zf5V;@F6Z2@mzt1=owiA!;vr7=N#r3Hpje3mdA1W)3i5TR}LQ&$$?2tigcJ!<+O z!fS%?kQb4*h&!P=0qwJdx&&IEo)A0f^cTXC?qD)!+o6Th9#+AbM)AaH8d{C1L?=+{ zHuk^(u4NM%G3O~{URN47^wtZ#w|4ol=9mNw+(=Q);sGs2e9rA3t3Qhx zrm8iA&F#SN%}bas+H$I{Bfo1xMTGgydk@lUs7y;S%m?c$*agL(XzFE!-G#d?VSRo^uM>m&)lU z)Cq49*(TXNh{2WVzyXBRK7Kub;HF2*)a#ER}V zhW{GN#7%y!OQ8f$6U%7hlmIA_a&HvPNai3HvDNr0ROA;WQh<@@{}gnLx-CeZE*o=I zD{Th3j)Z&{qjvj-2W>yx9MBFT$@n*|U>RDXA7rQ6q5{MG?m79DdK6{8JW?vr9gZW`rr#XWG?m{jca>C-qq-ToH2B##S~Rj z;aX79Y+jGQoC&Mv2Xm=BY=@dt-s|_>Y8@`;+2btNh)4QhVdTg)i#m(Up8AGv+4}U4 zsd6x1CAst{*kNl&U^k{nJYo}ekqprcDzBG`6U||vaC(Q*J@(`sOkg$C=Lc6Q8+>nA z0pTJ()ji`OfS(!qHZ6f}iR_CTYw-aDMBR5@GoLhN#bYAua%6-adt_9z5Hr(9Z#*q2 z3zJ#YNA6k&c?thl>@@x_*4{bBwr}eeE!(zjyLQ>OZQIzpcGI0qQ^UqW<|b@BfIM{|=k@bJ?HChT(4^ zEwrV=1)>rPbkIWDWYlUB45Yv2Yb>O-A+hwPE3*0{u4rav3R|P}WKf}Gzy83R@YE}J zfH9^|WSrYgaWcOjo)1q0Tp9WqP=&1dQUD{qwF53!syBTOj4(VUBO~*o)-sg83u1yt zKDI{apTO*mp9DtbI58d349zXp@R?Jus{UoDzX-D^ z0qzyq_?WzXxda9kJ%7{s_KnjpGV>`eIC#9rU1!cX> z@-QtJyXDjnNeRYZ6rTpX8mW}K(GAF{&~nmMUUblv!Dd)Uye$taG_;O4;xiu@Yh1Fx zus?Bi$3Sp&HL*lQs}>KGXJbe6u2Q~YJutVMF43Iik~Wtc?YTgKYQ#n~6mG!Cf>&3C zGFMFyZAW&INy!`+-5F`B7Ro41jiuf z4st4-So`HquA9XYu4bnZ-;XH48@^wOP6HgWMSyp*oI12|bFJ+mZ%|z@hQ}B8;HN*6 zfQnq4-NSXl#3}`9o^-q&%zlBEByOuS-D^YAYOPQL9OL~{01Mo^*&#Ox^`s$P;qmT1 zng?wscjHF>wY%*y<-70L$gY4V7caw{=gz;S4T$YmDGh#5MDu?{5h?%aBwEly$j;Wu z#m2<(-*Iab*$LIhj}Tz?DZv8u28T8@WK|KNPN5EoM)q{<5dfVme7E1P@dEHG!96rk zUt8Vv$tcC6>k1wK8U_+Mc1W6@V_gfV-9w1r*u4S=$pSKm5!Yg?xpZ#i zHM&>mB@v=bs4~g71Fk$KrFS>epeP`d&ZByXUq+>p>*R`#L!oGrxw*>8ygk8={{8xu z+zc?JV0NMqc^FYusy$6p8m3X(a2R1^)s{HQ+x!Y7VZabHMS55oH=8I*%dDomSB5JZ zlWVhXDy+>ceCEw+l{V%S#7{Xrqgdpn7mJZ%VTfX_WVJvCpX3NLoPMSuwtS7L*?)9& zP&TG!J!u|*7)daI(3Z!_@{T36?8^^tXfEW1QhB0}u^FtiYL9j1q*800*$%?ok&A_D ztC>pKg*5~iCci6)+%M1|j5th4#2?Us0CW2tgjyll+WSdoEU+22L(z{|mzuRTOcewY zrvNfTdzJ`Ij3WfGi#Au_nz&I9pPy_GF6j|{IZE+nALhqf$Sh+P8YRjSVY#@+2FYc& zaM8A$sam3elrs|3X6u}nJ!S|lDYgdCbX1cvQ@)p-h&y0OqYoW&)9gO?pijX z6qY&1naJY8_P1UkB5Y4gIH1iS3}0{WCjS7IY#!^sW>Q6j#HWVwS2HO=vFF8}Q&lLfzEypntBBsMU>zS?h$1-n?oJ>f@-6$>4Vs z8qBcrE3M2iiwNKtzCH(8lV1Vao5%@6$pdRRfkaR5!?n4W|B@k3li!rvsf_a{{}}<* zLxcxegMRSo^{f`qd!z07;22-al$U0 z0W1=A;)BNo14H?4jHbywU4) zPGzF+UJXGGe`~uPVtFhoKZ$s5tv0%ghwKiM_q-Y~@Yj1@+F2;6(pzpU|(-t z56Ft3L`t)S|7u9P$nZwlEo>nrfdTnGE{3N7fahu1A4xC z5uA|QuE`Tf2mYj7JIBqf4s<}E+53}rglFp0qFDQF2#1t-nJGY|KRj%o^~*p`J^V_L zjjD7LRh^fxaIn^ancaIU=N-{4+>z8>Z%roQT^{-SCE~3-%a)rsk4?db{E$Yt&z$gK z>OQqCubF+#@!Y~C$@eulP4OL&wR~mBJ~_Czs4f5cU)&TnZ`$LhpNx|9XA*^Zrva)bK!lOJZiqhdDzBN5wunfla(rB;B~gIRZt2 zq5`c`+(#C+Us7zij2rJMA=B(biMdJ9XThRp-J!y|s1&Cuq?&)8e(ri?Rs)Ru{cj#| zn3MCJsL3g|Dz+Vct#4MYZk!KO`7Wc!2#+T4rnkr!)17g3=so$Z4COn@^ihRZDwMn> z3tf$G;BhzQYXw8Gbm)il0hq`KksY&;=YpeV?lWOU^d9cN%H!+3R@CgDoVxyx>|3$_ z>tGOZH!`tzwy?APuc-J568HZRB2&?ES{MFF0OPk}i37C?e<2$vLF_Mz_VT@pP!!`) zz{x3H>@B$aBl0ddByC2;9n-p;!A#xv0Jr>@`jKJiArZhe&36;=2kqSoIVc^-3tt4< zy`Im00Pn5D@3;3QT!3QxK!Y{sG|zq}45i0e0I`Nb z;3>@FPXuA2{9e4nkWBpc2~&0%&^F_66_14}V<{fei3Y$>PnAA+1^^qv)j&6yaQeNd zVPJlQKa%AiOU=u3k;}NV>Jk+-$skf|980@Mv0zG;Sz)$l({I;~BI%-{q}c=xUpRtg zO1qVVRQ1am@|`GL(Rmt*WZV{zDoaEc=L1B@degk&d$EiVPDqd{qgFzXg-^i>i{=B;o$qXyj#xk0~)I$H8rv^cHpoO2etD5|u(gV`V^%TVP`u6nup`hZu zOnzyNLF1fvouHQPGp^+^U!Z%KPbQC3&v0<_{!SFA50MP?>u#~+Vu|GA7hskmA{^x4 z(-cvE@4ARXFg+yryCTC?@7zu8BU_Bq>bD>dmo4+abLB;gcCzfo0YTbz*B8cpyrC0u z)VG?4S%}-lKQE8t3IpH_;?vI-kBE68vnjO3bAz~8j$>>MeFto!O%yl+GGE*yC_G^q zAY+Q_5lDYhc%#TkB+$ele^HtJmG2cvGaCSh(<6$i4*9au+%9-7X%~EhFBIQ1NY`m% z7AP1;>vh=EcYGot6g#*mjiLSPFiK`Bw~whv<^FE`)%;Miyn$^--GmC@Cd~Sw?muKl|e=NI1jf&L)t0~BdA75B5fqsK6FV7H-mb}5O+es zQ-q)(J~hybAjm#_j~G{*qKH29p#g0Z7<(1mRqf)5l5l0K6(0OekQ(fku}q!lF>ipA zOG-aJPs@3aPf_ecSTq*SdY<+qCX$;YT+be`8)=Caqa~8d*FSRG0od(^@@kLy!*BYQ zyjD9d!$G@J9Y+n*ce-x8 zhp82Skdm+z`{-Y9?$5VZ`|$Xm28Wbg#}_plNpq^%KBhYMmj?wvs1B637zzrEVRoqMdzLs4>gNy z#sxgol>!|XkCzVpE>7prAXN7W()l zCZ2AZ{*3)H104+}g9{s52QiIO1jbyVeMl7NNmT=TLCiSk_j66m6VZc3^F|(G@j_Mn z9u%Xm*) zbh(T?CHjcLK%lg&ho4-borUj86c8TQt0rH^(^C5#a=P^N&%?sb-d&XSg)juPN#)x} zgkiBkp@>#3()&sT8>1H0l_CJDmK4$wn@%9|g(bCI5{xnvnjjY{4hn}?>cdR>6h^>CnJt4(KV z7jt)6o$pF^pEUEcfQYr3tH_9qz-sl=eJlG+vHEQ=*I%La? zZqLp8%M2R~Ue7(#d#b*@J})Qs^_W-C!%;jBgbbgM=x9IZ7!rTDa@xjXqe z7v*^yk=2;&(9>*`m{n4&{%jZaHRVwIjjo@Hqgcr(lYx^A;+4sb$C9}_KBCO1UrT+- z{qf;0@QXgi_3-C{SG!g1+oi!e+90p@U7;4V|9h`U!)Gx1^a!z+}5V&{R_ zn8IgFT;h?DAYbX>%sL#{j9CY$;=+elhG~8H^Our?5Y-G5=(Zd;SImr~j zjp{pE`D_`*CkEmO+W!-`A~YZ-iS+Y@#1phdx;5M!i0}9fANe>t=G(Wo;{$2^hFbHL zHSHFA?UNR6&kdvJ+5zb|!T4wF(pNz6joI2a^y3FA-@x{bk7XDEOMf6CEFdhqc?d+L z8JTpxuF!dRtq+y~98Wab+W;+DI;Z8r3-DOJN;(#`e`4-fpTq{D4NkC^ZlShd4Ldg} zx+W)&v9kGL9Ny1z*DyF!Ae<+!pJ0@rC@x{d(Tf!8SFKwA)l2_P0`i@Q7gu^cwaqDp zHh0qD%+A0Xx%wczb2U#>m-;dKrC6f4$ddsr9gm?dksb zch%lIa#aI&&>^%}vw~B~$nK;DjqQMBadY2~Xt$4RRvTH@HU0p%)tXv82b@}p`~c66 z(nl=-a!5^fyXzp9_hC5Y-H%tp{}S!pM_l+~t+`9cokGkI}Rd8aI-g9O289BvwLZSR_^W^w?oD`&fv| zrq@q);gyer#9`$VaP_4{K0se-L}&l)rosL+j(Hpz_kM8k46_7At9{G!){m#j#kRL7}82%(3Lg#1-Y94mY5r*cOd8yc@YT z+q^(2f88O<0|JVGh#bl(suzYRBYqJ2A}R{{ zeeQaHYW?QDCHZ4CDCifs>(26H|0hb)z+0iUDZz{-Sv>J0DI~dF${s(Lz`$MMz9LSx zpM)=%0Jz--d~tqS@JMLxGS7Pmy`mP!q;?;|$s`N{CM|$5MP} z&6&nTG!lpS2oi@&dpE2B^EAnilj)D;Y07A2ZKmhIMb=_w;x>a+FVI>ZIg)5addee{ z7sx2;28J*$n&j$Zzbe-buGyi2Jz~vypCgq{kv1jL73v+0FRMmC{tSdCEAGLtmH1T2(*_)8Z zm033lfsCj|CdEvkMeyUeRxxVzX)KN~6-Uo}ehH4Ok)ZNJp@4E52*rT-%u<~d68~lm z{UwSv@OimjG_qva)DKBg`+=4raUHW=>ryHFW$IAj0r6IO$ml)PbTPnML@cEgnm_(W zZA@MrZt25iJ;t&T)Sm8NsN}F9?Fv1jF2r)rE z-v)QCph?n&&NSwTAjdD$m~5 zvv}e9fR{gb!5FuSyB!z)B9Q8l0cDFlKh@}2!Hs7#tJFq)?<&U~yn?cEs&l37muV^| zEmug}pZMIWeFHm&eV};bF|-PtIgy#EEWdr);dFNb4OGtyU|v3L(4HKbYx`J3CH-^) zz1nS^7-cs8<2RyrVPb?Ddc%*X9_Q58A~Qbc&-r6+H*yebgQBYC2GvCBO0O!VObP$dd`H4!*B3$kr|I9Rv;=DTa7G@jenDt8c#IFY%A^ zntedyaQmt;A99cH>MiQIL93Tv>!MA*`L;fpOj~}f3e_uHR-$BAf5}itEJ0TC)k^d= z6w1htQ+0&_@gYL-tUFEWri?P%#Ktr{76+wn_UhzxEh)i=3-j$H=1n4 zdF+4<#ygRxameZ7*pKd}Ft?9sYz@X0NP}xHYWh(3h@#Mk`${StLD95U(ijQSl7FG- zA#AY*&BE=GXeBr%%U=A-e%1mvL9q>=S5dLa&lTSKF2~&nlK=^j2OYa}T%?DiL{&Q2 zBxP^Aq#-JRk+RYyjK6I_Wy_d(bHh@N1LdM9yTL1uOd&gWPLqup_csjE@gLYVQUO@T zt^{|o=2%ZbMHm|LkEx4)P5tKNYU*POVU1#H{|nexpK)1Qf-C+3(6<&@~xy~|o!n;Il zRW}0jYlRRcnxGJG)S$uv2Nt;z;#3bKgLvpJM?nn+`i{GH5VAdP(vB(14jjv#t>bnu z@-0D9Elh2L1=SSbe zQCr6)J$Rqs_y~FT185(~-oJ22myi&^Qx45SUX6eCP|frs(Fg;khk{W1Yk@cJgd}%)9AVXI4+g22#Vwe0TwiQHgwA(wIeCR=YsxYg& zU+MEXTc}SYS73j{Ug(gaIr7DtrB3QE__{PCcMZ8mKt(4u?e|55f}06E1nI&re<8n6 z82a)Wi~d|C|4y0_x;A>%_vI1(?K}%tth&`xtvJQQcl$A7*u?>D)U8_aimTl{r@}%& z#!dmv%4eW)yfisHxFBfVa9bkIL+8A!-e*iXnr8#V4~1c;3= z?j8krET1Q$At5Q@;DcqeGPu}Yi|eE9MfbGhtvxzxR8jD5kC@d<>JFED1bRl3aS3+D z;!By~q3>>hMXC-nXNj556;#5DO}H&MnT$>lR2yNi;2j-y>RoeZ&*H>CVL`Fv&2+6- zbq_IGLbXi-_Q4e9D*gd8D$lUQbp#K#56BJDabOgk*$>J?H&uV%7!&;0($IJxipkiMnRJNZ@z?(q9x=a&OC!nnK8007W9|I|TH{}X;9 zZ)fxWfN1|sE>eed*H%IOvNQFFA1$ybk{PwKN~O!SNHfjhr;dkm4&;vu`TBjzr}(P)PYLfhMcUU{Qf8gCK&42=fo14!{ngN{4>?*fEWg5Ldq5 z9d7>U@E&J~U@s2H{Z#q&Fxb(cXB>FFL|fPFUxl>6*(A$-XN*%jgMv9e>L z@oTLVbGBlJR7^8~k}l<|b~$*G<+e)UoxERyl*aO_+CW=oZi;0?l}1Qmb)1QlKI7GN zv}htvo|ExH*%J1%7>AShEHMsS>p zbaqaRT|mV_6|Mw%f3yiQ(TYM`3T8l^Kj?M#gX-60^wxo3)_$1%B9gH%TI^&11)U81RrCzh0DdeC%Fz{ zOsM*X7h0vDM27&mXz-$7X!YfRbjasW-NQp4ps{Ezh18KOPruy)brzzlB1bcxD=o4q zHU6UzzUrZHM`rh>2d7B_+ulN9&+SF4B}d5-YCBu6(bn8k=AXcJ>Ow0Ln^s$Z!|2VQ zQ)c9%H6Xnnd*wVOE$*Kss2^=hziD0=Tib0I@WlgPDTxN0wr=A>LB$UiF1KL=xw z2$Pk_A(Nv^WEZa3Xf8Ug>A4hEB|eIuqYkS#5xj0y){Bc7jQkpsAOp=-CNr`~%kv5x=0wP*yaQBIB}3(xLqI2QTU1YJx<%>hBy2FBXFvUTJ$SeO%|D z+7O;e#i9B9M zwW~ltXP+gR$BEU&-4{hoDr;Fj-gydcSF^dwTU+0=t3bptHNf;dG$b*6ylXjAip&eR zC2LnT@07AdfnWr{mbh%G-@RP}EsJWSFE7CXItr~jBq$a&uc^z}BmS=sPlki_3}ey_cex3yTaJ49(C;P--?Dk5|_=F-_M^ zfUc3fA&3!l0xOMc&B|gOsnfc!1j}n9=H^5v$nc)z8xxJ?E~X-7I3tP`DGLv|a@(hs z^bF1-(tzsSbJUe!JNp5wEVc=4%lxd!f_7pLL}E|f27osUTz^`%q?n}JJoyMf9tuo6 z{cJq1vK_)9c#)X&#!k#l#60GJpEd;)ZcpLquK{6DHCrfFZ76n6GiN%gD5TI*?69#( zQQy31DBU65kf&fyT(YaV#u-7iD|j+e9bf3R6lWGv%IxmeHcQ&#$O=Lae25apbeIDa z5a0L$UaAk!3nHk6oRqUw%49Ss(Iu!CI^)6Ra>p4fX-8NN@Fl^Rk$F|JA0fQIZduCz&c2o8*)0Ud zVW%G-6SvQw-6nIfHHs~)Uq$QVz6VD3R3uh z3GyhD_z5;FxLe*GKv{cV{2SvBoKSLUc|&s%yvEfHf4%NUz!#gD;s8+J2B$Bp#&_1| z^v;mIQ}her);-wN_hrDhqq{Peg&T1-I6l}xj+8EU{FTrXUv|44|MC+0t%mGKrIUw~ z{Yc5@{Z?R+{ZHiI#5B2RazK!6^ zvOKVbyI+oZ$$h8aB` zZj6-a9@|Kg9!zF!g)Ok-6uXXF-GA#U3zW-O3T69|IWp546`GkT7E>#{DrpQa_b9el z(7(zA7N|-xxkAW%gK7YELD?zcWt+ujce8$d+|o@bce45hp8{l=zOF_(UK4HOCD=WO^9s=~y|}i)WW~ZjwJ?gP zgbBaoI#tLAsq@1IWIGj7sEvmgxa%5@zIgP$BXsCwecbwX%(dcoALW`U)R3hFU-fZY zddSSQ%KgxUsr$NJUV~b^H+59QRzMKT6@}m?GdW~oJ)lUC7ej$xI{7O!D_sX3w<9H6 zKjQU!+$G9X(N3to;oGQ62hxA3g_cdxRdW$m3%pdH1^oIj0=Fa`>o(Q}SqKCCD26${ zz$}BtS1cEe3Le6FZw9w;9zohSor+JP(LDSee!zDzuv&s@(&ukko5@fO+@1@dv})iJ zpc2CAuJM9tMTmHafV5MlNHZ{RJ$#r#AWO2m+)@_Tdvrh|Pq&3Aum?GTSnWvk$dH~C zGAsi6>QN)f6EN(4cIf2Q3=t}Mv;gK%okCEC(a=8lYDh$h0%t!i%t{G_lZzJ4Ksm-J z%t?+&e{yi3HNm(;)3?k}%*_aE#hB^w3;dXgxm_J|i5YvEdsIdhhiJHq-6h372_T`zP?g3dS7(ZwOg z0kJKFS_qW3M7xeixJ_|oRZ(J9u1^(e@r}fC*tz-bxd;?{Xk|+(TX*16m&(Sp+LFKq zT~-g=EsbkfvVE{Ss9Wf=L$f>bb4YWo6wID4W5A|~$;$ph&^v<#!aV8)_JA@dIJ`m9 zUy$Zt1O&sTYDWZS9Q#b@qojj$L{)phW*)~~!3dho===Aw`|(SG9p$R+AdUcJZE@dj z_aTH#)myv|iozUP43wKs^naD_c_vIhim?CyN@)L7zW-=k16cl0-i&@IZ~s^NW61yS zADTKE*qFH4Ia>W+UE-&&_}};b-T4&i)5W^%eb?saR45`L1>Yh3Zb%OK*lzPKLH3)oA5Rr z;b!W>)20xR&|}!_D1-Bw`FP^vb~zpxz^s-grpvF*4nBei0E30$Wvzz&W1|f!EH3#!Z2reyfE2tkA_zN$kMtp}nfr=~Q-p z!-cjzpO`KN|EO!js=0bab(l3XHigk|kHK`*A>vE2*knuNywxh*rG44LMJ#U^w66ao zX!U|KX&oOjg}}YGAuAwiAJRN!4w1CE{c@#QO&hRsC1wj{4wA&4C=?>kA>byWCzLqq zq06e##Taxih(xQ&?HveG1M~~4P!x&t06C>!qR6$mvWnmI@kEinCJOt^o8@A1vPuGH zcBjC`wQ0jfR{d-x>2&G6YE)Q(QfV)3iK#szGR=!OUq-B~#k0i-y6_xGBHO`i*?vM{ z!V`&p*CbS<@bB#H6NEHxCiw~DeI#?V73QT>m+ePqVmL6j)&UBlKURUf#f{jFZn3N25xM*S^4wHKH9eU$tf(~RBnOZO>ez80N- z&@uJ$dCM25H(aogFJ@TEw7G@8snzq$pmMuUXPg6^CvI{b^)k=zbjf1|7^U|(n3KHk z&Pm|!`SMSAMt}!PD%#&40#Ph_!=c5Qji1Gte_6;_AI>sO`<6Kk$Hu^3>u*wVkxbMAEY>N9zq@B&;Qw&o5JygcdM6ARy# z`t!j*EjnITqNx}GAQ|JYHm(Mxz<;Fxg+Gj?n*RPn3BnKvP=wHfBB~!%3idmK<5w@n zFBN%(fZ?L7JWt$XZ>o7a<0-2Gx6lKG_vl}TKm|BkIi#Wo_y})=gd2lARJ|D+7Be+1Nxoh8g^?x3qK zd8mr#D+6BJqhYox^ErC=QGX+w-ay~uzRc{&{pu82#{c&OoPTHw+TPCuljc9_CgT5x zz2ZlW=zmlWBb9XQ=HxMa;q*Xh@Xt`#y6vg4Idn{FHqE6Wj36BtkcxCKhUW0ZG%O^b z*FQvb%R?E5F2LPS>2J|7wuMq31^45gc#b``kA2>>q_COyBXC(W4rHGtS)|9C!R#u&lJ+akhz+00 zJoZ+N(&nGGMNtcwQv66ZGpo`^s2Eh}Vn~TI56H4ujqwH1B5FtrhZLlrnkl$2*ybSiQys4{UQ7V=%>t&7e7ie!8AIPDuGZF zWZ)PNBWt=h5g?{Apn9n}-h}lA(4creW{d77AQcjwXlrvT;IeM%^1jlf)voDQuJU6S zgO$6@`8+k5DWM2CG4cBCH1+Mf`Mwc2oJEp%Xib-&+D_C?JS$#ST+5D%DgR8Ow9MMZ z-t0^@fRT7JIpj_Vny@qoF;X#XjJ8YixD(|k*T-{i>zKH`7^!f!V zWNovJzOxdIF_|UKb@CV}nECetV_*#jCIC3=Pj~y~`ks?pbGuOb%hGy8#*nJ}xoLG1 zuwOW)4EDB08ZfOt>K#OryVhpr7el^>2X+>}*vcj3duMLUP|xHmUQ2-gOa3htfFJyDb3Om^@5A=jFh%gXxf zp3Ughd(H2hm{?TPC)VHwksJ+eA!F2Do5`;~X7L=;HXZ`pbGx<%1q27}M5Qdm7Ti^m zzVzQvcl7Z2dy@k6+Q+uD#PAC|nY}s9#2d8QFdCnJY}w#`$Ez!T_ws|wf#wT|2OB6k z{#&l>aiEAB9jq6Jaj}v4o0pq9SNh_`Q?oPqIqZ0+$Urv0e8f*$pI2<6bWU{6!5s#; zdVd-2trt?wOY*G4PVG6P2>ROV39ItQH}K$_yVkGat^HJ3EBwC$U>YmAgFU?#QP9g$ zV`Vne6_9x?;Va-VFKeCENbt^YUp6CX9-;l}bWx=Sn9eaqAJ@@bA+3}Bxh%pnjoa1) zvh(x_B^o9L0M{nemN`x&H3!v}xk?h(UM#`$)65-n81cf(ZijR_gbR&;Be{t!8fSS| zm=Agdb2Do&^a!CXKk?nXBmF(aX$vSG`}k{xMP*2dZgbL9nIq25)A_P`o=mGG_y#Xx z?9ovs9)@=+R=+6APOwA+eJqPKnzOaLW3=qKmHBf9_xx_zA4s`zNfsoML$$@`=J5qY z?fVMJI`m{7Ox|`+The--`HktB=nF*`S8N+S^h9N>oDne#iS+e-_LKa(WS5<6;Pz*x z`00T>Jtc8xR!)*>{V7%ANxYUbParKHSf6+BTzPq8r3VC_EkL3HqUL$Z7VPZcASdw)_BXtK4@;2)b&j+g%Q-eu%it;I3ze#yW{)P2li>?- zG1s;TenU_al`0!&lXJGf9|qNTtGstgs~ zb7(9E%b2glYb0CM+Q-9*C{LAxDT-5I&8*Th&%f?NeT)|_D~Z^ypBH*S$z!mTO}W!f z(nQ@g+}g_lA$>i=TuIBmYezH+4G0saTtf~u>F5wGHqf!<74|G&QW-O{kaN^0h&ve# zDxg^Bhi)#pL|~gs7HK!M(4!zwWJo&k>nio>aq-8ShHTBn;je z7iD)d(#*{!GW9ZY7_kgw7m@G@{F;=dpPvSigf3M(LC1L<&tPQHn)OYL3@Zr<3wjHM zyiNx>+z*Lb#uxO$M zY!~$lyi>FqeeU<%wFgd-r(vFBZk*9^_euBV3D55y6c!20!zT&$yNKDmFWLjl53Dn} zBBr!dZ=Rj)BDaeNF;DbLb}(n{1<0Bxu~&4}CV_mv6`~;XdBf0N!hGn&$o0X50DPi{ zVRoKdajdL2aq2-@OBOtdQrSv~GKD~fiJ=yLgD=qFHzUYKBXj-Yv^hqR5{ub$gc&Yt zcK2cnOeEDIlr{1C(mxgMrs%Q))C#I1~WQxd?{jG-YF+mL+uFw){r`AiJrt zr)HLd#^xJ3bMF{dGsdIh8xuz5R%GXku_d9hDR^WyVM&+B59U!UYIvl5E?{)rBs-c* z2A*LeAqFk@8Pq933@V_`IT--_a;3F$-WDOYDwA6YA~+MOiYAb3dvyKxPm zf=O`a9J~Q$Ol%h(Da~KteBKJ&^ZQKf&BbNFdRM6!80~Qj&L79A0}6x-^I1r)lcN<3 zD0Mhw>%0XKu)1C25i0%^?7@~OHmv8&6ev-Q7Xmm*ys~sz&zK*v+}P*On}fpo{&2Q7 zIRvve7j`~2D15%!AC_PA@+vycg`-rVw0(nf6LoI*pe}e<-v0_XIYgyTvc;0E90+(D zVGL0EDv^fwEcN9ej^FhcjO05f0~|2;w%IJveHm$Z^xd?Gwk`>KfT56bf%9gILhywn zJ>z)$=%xTXgs?Kw5~ddr)2*+U)0{*8_`$dv%oB@5m1gSi$A`VNG-76^JK zJkBOd26n2U8|JjWb3?-2srzKe@Vpn9EVW|ojf#LKGb^m9ctfL1e2y`kygI3)5>#!i zv*Ho4WH}QJbDkm8-QQVjd_b*eXlcb+{6io|d8G`%3_hnjbTmiA7Oh&N$wR#~>&cd_ zxe8=ymJC@q6CRefih;@)JQqWZ zL3zEi`gj0bfO7IaHm2Ct^4neK(IAanUrKEekqYSz%^8=xU42w%k-Q8}$*3O!*CMW5 z+j06vGtzVMU|8o464wm#`2q?eoqvCqY>)O$x8M4i=&p73Xb12O&z3FW;IfCVSH`x- zCPc_Ed}I`D9>$duW<^}Brf^~4$I`P2CrAshKlfKH+1gZ9L8dk9V@-KUc4Z-mmKbJJ zmaQ@N34qf)`p=Q2p)S|J+6l!vMFemBh3q(n3X}Jufhu%<#ig>}O@`^P^ZQd(K#1lbTQfhK-ifp9XPDS@;K-fs8q5i@;%Yd&f zQng1I_EEZ52pRM&+FGouCJT?gB1ONC5OI@ss%o8BN-_@`hOq+f58nh5))C6Fh9Sz00PQ(YDq4u-l`s`F`!jP=uJ8H=ZB&+yh)tdquh)1oZ_3Nm-u z0ufY?Q8tomy<%XCs1w;ssH)06KpnNozTuZCF&bD@uIR2c79Wz2Z>KN2u{IW@f$suRZuED4-Sy_V$^ZCW9dabA~CqIF%806uy z#U6T^g*?8Kq+F$i@X^&cul+Nx@9vG+(6)<1xp%0qcj|ul7lv5<84pisiD4?dV(CM@ z9#}w|qv4po>rs2Zf*N^CHei`z&se8N7m=Qo53w4&+9AuC{&5} z35aO|BedlF?T$@I$z-iy1UZlUJ%QIMsT^p{(6M=4%=NH5q2wAp&zt1Oj;*=^hB(D9 zn-_K`mK@a#+MLu@C)N&>`{4_sDCvnJt9P!Q)JhJT=IRzmq+*1YAn7t|YsKTU^yOs) zU83~$#niHs>djyHWqHpH)%=y5=*cblKZ%lesS5w@7!%VV9YlK|cgrB6bzEM+G~uWW0IfDQh^NS-2z*vRKu0XRdhmBLoI?N zy&HPrlf`jloB`Rh@}>HisFvp{l=hV`?>rS9wxRNakw-996pr{pebQ-MT|tHEhc}m4 zd%Wcw78EguXSUs9U??J3G#KabxMKtLL$@uSB;AqYCUs8OJz>M6Oip=cJjF1oRVl#hq$W=P0(&l%?@e%B9^ zllnjxQ2fa6bf=kI%dRpy3q;(==JFP~`5!+g^cliK2GAvaf-Qs0cshSOHpit&q6n3C zHsasLdZMF9q$z1ov1U=4P=!o{p#z#Lf=!yh0t_}lTq1WJoP|8x=EMn|ZU)NiIusxD z^1<2Vv^HT+c_&ZQfB`+{1p31u65VDt%AG`6@Q;G8eHH{?^a3qMA`O2JLtc z{3>Qf+qk!MBu9~Ml&b-Ke$^&yVcq0gz8^5|09%jA8eGWSCNfyG!@>(mnc|zF1CDy< zSHN6M18&nGZ@>cJQYu$-EYOSLIW5Edvem=WE^LlYTa%jAGHP;IRh+(DyJ44&>yI1S zeQ3_1)x1mY{@N?dIoKn9IF+qQMP6T6=8?L}#WczI#m-!Ej_`8MI0q$8T-nmOCp}#k zY7ax!o{j$2hak+2_dQhrah$y6FrPPFRxio5Utw=1H~YZI)d@@#F}AE@iiB?II$8!5 zeLLs0RpP}XW`Mxq=F-4ojS~6>x=HurR~8FALcwt%{wZKo6x}d5!i!gR%srpFkUw!+Pt>ZHF|uBYu|ob6@(C3~)9?skv^&@BMKq16#gJ{N$SGyUys zpzj+-{;FL4TlENl!@pkW{{cqZ2^oc6K~%5}7DW$KMIohE7_C<|LffCyP`M3Igh%Sh z9OqaSNvJD&h@Z(_wLc$-+Ui{90F}av#rm2aNZ;tJ~?g0 zJiX>@DYNEV-HZcyp~nsp!j3jP&s9&NED>VGeyDLuBrjp+V(iIdXI(wLuv_MT3-y%EB>NV|5ZW>%e}PT+Vc6DL+o9atjgB5d0oLPT zflaHmoK4nn^d$Z39UY9FW@;T}Cu5PkL=PpmvEtW?AYc4r%5uf(p7_{G^3AbuRZ>!z zamMDjcETgCCY9W8;|>SLZ$qIg0Ly@7Bm?rPCp#U;_h?_oa7j!I=@2puwF~RTv`Eqq zw2N~jg%z8}BqDPOozEKD#*S+Y(?nHtd0D>%W6h&sYenG^&2@vwPm?kP?dFj(OX z@cH%AqF*ug4h}Y^E`KPd0k8}gR}HWX_pH17q%q`UxggEJ$4*5J86T=BRP^_ib~2~H z&@tq7eWqC4JZ1v}L6; z*g6CiDTUI9y_K7HcA5OJRM%>n;<8OHVsE(aX}G%i%_`sOKs~hwZeA8W+KS9L9lVJd z2RPVTo!ND=enoa7t76Hnqc?k`mxRbnMD4!i1oa7PHbaH2`Is4&T$rwEoX#vs2DVfr z`F`thcNx4Y0#(fdHXEM7DN5R4$y9(>gf&6O&?1}Fb|y1%xtKF{I~W`c4>q#NPWdLl zZ^U0Qqw!b?&N8Jrfo2bsa8BF(ebW`HkQ89JAO4M1cz#@9iW#oNx=HxTaDt(wukARR zqNdUb^a{P#aXpD{In5?>eZ^JBu3);?fNM6lV(pu?ug!HOI4kyaeFGQFNt}zgZ%a*Ba?Q1So)@;kW0pTo-Qc05p;kEk5pxnXg*gc=TqF& zd&$IY)+l{aPl<`hH^JDgju|11WDPMBbcYTBgUt;6QoQ2V#6H-Tf*%y)3lwz^N;(|k zDMl&Bt@a1Kcn;RxFM}D#>p_^`M+(78HBrlNvc5iT^U1vO*az|yFTMQ~$A&1L%p-R} z46)H5Jz|R;7PK;5t98S+KLC&S=s(DUX^ER8@rMXcqF4ol2A}Y+ z`LVHai0fibuNMbp^uZh`l6`kOs}w^D^rcR>rky+;EO1!lHW==n1DWMUpIKUvpW=p7 z4*Zfk4bwA_i}qy5C2J{V@}}=tE;liRpJ*)o3JYH3o6ZqD-#jN%S%nWS;pfFAdQ%SR zbmv~9s`T40_mr1;H7|`7G>VwqMVVZ`iV`O^BW#Rv9$jw!iZ!jBDDnUy?(YY1P7shw z%U!eIS5>k9cAGcpFM`PrXZ2&Q<{uu5=ZpP3KR7tJF}RyJc*}?W+WwvX0@SDag8r4+ ztH%NxpP|6OtXbsw+SztwH*j%r@K^EJPg(u#EO##haY#T=Kwv;18EYAttC_0<(tiAI7D6^hGr+I10epV#WPcF^zYj3_M-U8&my-cj z!VH&fXl^OlWek8pLyIUJC2n}qRKvds;RHVXvItzvP*^J<~t%zN1t84-AK<1JUR{JM^3 zIFv;W*-#}3p_Wc8V4T7+uvLqiB~1Uv6gOn318`MLss8*!#rPcvKZ7_h>G78p1hAXV zUHxEs(rF0-hU8#@i=rqZr?U;6Cb#z5sg`P1oOKX?8I$W_x3+r@WGf0-L`4L34+5sxOna7uT4h9Vy{QP(+?Jw9^3uL=8aV@@sv4AIABU zq~*K5lwIvyENxByp|+U6)aGhKK3-c}E7vIXm)i2bt4*%dg?y0dLCH2ynDU*E05x}E zka&Z|wQrV}$HeB-owo;wqOiKbxz^f9>dn&U6p9C{9ZwGR5Nq3mJ2(C8m8RJW`!;!8 zVL}}5M$hR(&8~G4;MUTeZdXvz?9qhN1>e_%8C4kAzzN>@34*wx5tL(~MxWp;Brk&2 z8z6u~js)s(p)v7x=Y?4UEzM!~q*u;8&kn{APS9mDK1>yDHKqu*9yOX&5%FoWdmRx| z0++o%eRplxRo1S^WNrqs0~vm$7nq&TCB~IBma*w3t!vB?WlW3Sl$+qaQ(_pz#^Te1 ztlVt^4GEl?^%l`^m52@kq)qj04Kg#GTMs@BKhZs7A6bb}I1J%8QL5?^^MH?rgin)< z-)N(s>7uzjmP?(w8Ou#9QPd-dKp?i!mQ3BEzuXcSMqiL$GY&04+l%h}XqJ*b>cut& zXwT-i+9UkA_M}u4I5?Tu|4cTMM$~5oQA25%>t%tNgFrYZ<${1G&<~~ENp(l0s98Ta z0TVCD?h_uVgS~EZJy&VIc;!ubSydFIv8+;l{!)Gf?|QsnbuNHuJoCY*dP?h&UN6R7 ze@FjpP}}<4-HqeQZDV2r&CF?xQ8VuAb>`()&o$k$ii)#c&7>agKr7N!$-B;DoH59Z z*w{|SAUMGseRbk+Z>7z~dQ+;5EE^-*&_%eqqqcZlBEYa*54um$q@m)-wf`0U7ohqKl^$PrdE4r`)gd3)H_P{%@4r2)Cy2hu4XoJ+CH1D z*42r}k2Tgh!`ojpZZ`D6>;}4&BY%WXp7;Py1euX3PI9#Jl;h=DNV6dY>?E?p;hIDpoo5Yn$IOh!Bv47w@`C)^%2*E zc~;RykrAETlsLqA=f@j74`^M*>-;>$5fozq78cAfWrF{{HXa&IL)cz$v~?`|l*8-t z>zYyfy<5ec0fi<@W#=&9ORUADV&yY;yD6ZW0+ylN{du6=0~CV)kSzN5aw-aOvG3AP99MDB#^ z6yZe3A=Lp=K*|AMC-X+&6?ucsJ9I{H4RRsU8`m8NCGbjs>=AYhYBET!SFD=QCP3z; zp9ZC|XA+9x;Qj^fdkB@$^;DPy7zPpe?_3+%FOB0LF759aiZ2d+|C1OxY2Y^>xicG> zIQGcjeUqg^ea05KP1wMghJ`_h-#ay>SDNjWIyW5`;{` zFf{3#vbEtH%N_J}$PS*=NZq$P4>TcX6(V7ZLDMyzgL zalMXo3rBpT4m23H7Az@US}%kz5W*wk9l`~mrBO@Ewpj3r_jqp1W0J>w!q)7%>E&^^ zO7w>DDPgK#%~p=aa?h#V#!Ah%!me^~a`HV+>UcSkQM5QHp`As8G_OYcM;W*9Z&)!C zrF+izGBP1DFlEIds(NzeA*zkt;bad&a)e)rq3=c2CI0$p$_V}U(w%D{-Iqn>glAt*sMBwx)oC710;Y+N#}q%i=k zK#DE(((4N=yVjHr8<-B6`m3PnWvT|FG6uHa>)B#w=yEhUA21fa>M&c>s_4hUiy35oQDIyEu;`hRt4=9C zgA_T9BtG?`K_fbZtKaBWb2>`muDJ{`IPK`kC=B4ec~0g^Q47M*zG3?C3demagbeQJ z-DJX?p<6O0X3_#3@m$@|8kb8jKqcyON}mF;9iXkUXzUy$6P?T5&UqJPC;G|bHL7Qp zJd{j4lu*z-^;hUZJa0L1*LvqmxJ>sC(Rc7t{8fZ>pwQz=($)MU7WNPkt;!sy@aQHl z)&BKl(AlN+pE|oO^urpr(KURkRL}QVU(4Zt5a#*_-3um;6zrXliOx&xtgmLla0;VB zkk1%Y&^YZJJy=*{caMN2+$ouhMC2E#wD4|TBNMKS8LcBRSg2!;eg-Z7>uXvSo7B-2 zlUWLH%nxrz(Zkv#BHIh*cgz|R>EL)*LdHQZK%3shlUvm?K0-p0JAc)??97sm`_xE`M5a9V&7ZS1qPZM-ETR0FZ{%2 zSLT^3wLEC3t!G7(2rDxqwKvjmWi4}^8uiKW{&ddCBnU~hLYTuMu60dJvuhiB<=g!bn^N0$dl-lpnPCWNdN1(*P zep+_0$h7>cyt3JMfVDpC}(&f1Zzk2l`ggv%o3hR8c~N9CocjHzH0kh(9X?ZkA^Wb#R# zQY`3fDsK`Y`&_#0neN2L(3gJ?ZIGQ3hZ7 zo8u00Zebx9eYo2Z;lHmo_eK~b$+?t|cJ~-;V_MtRe$gX%v4D7Kw%ESoBRAcSU+J~L zJm>ciLL~{b2_$DC5f|Coqo_=4DwceN1L6;XXd-$`7|Vg;-gzi6)wAqWaa-)SLyA`b zaq$eKpg4is4b8cvyDJfZUKd0#Jw?aO)FGC;aH9k}E%nU=VgM!YO|*QAcuqis5lEy6 z6Mv1E!itq+G&ghJ*AYI--MZJ9@8xR!hkLx&3`Jy~~%^tNRA%;LTIeViXHEK@zVT zJ^eF%FOdA_J%jC5F}U5N8^hq-+Zb9?{G1;7%5Dg`UV<~pFL3)&l0@|vlB+PX=HGIF z5KL=4gpfVu2n$H*_c6=o$3^L%P-U3BJw)`%C|P8=^QYXh&J*>E-vcEN>d7l53pqT# ziEN7+S|x@Y%~~q3|3*V7yIx=~quqCtJppYXH@3-peiT3dxaNhwam=^%BI5UGPxxHr zp5|RB@wk3bbxq%GKOLvz@bNT*WJW%uLnOaj4%)lFkmSa=Wt@F7xA@jgas2{o1>=CC zg5DP|xtGPb&A0OyL;L0|B>RcgISHKpol%@J7k-+^gB7rs!mInktBxo~fqLF|^i6@((l7L7^Q`buV%_Y?Q;1ZY^ zfh^s?;o}j1Bs21gTNo~Y-x>b@lFTT$+nG8kO3D9mgcvnjXA}T)%id-=U0vLstZt#K z7s6^mA_^lcl$dHnWSdY_Q4(mAB-h5eIBwG@_=FP4NgQ3kIdNC4pH|}!yB)3nl()U? z{>7X#`fg>FtiN%aGkeYJY|(4NW5Ri&<^K6RY#mrKpFIB|(d{*jl^fOT#)kL41GW1} z+ZwW~{5;I)fux2(&G8>B_H3NI_Y(D7gyYFvDh>CvK*{RmOX^5O4j)H|pp?bUNF^cT z;dIYJ$Zq*~HzCc|$(KLuL4|v>~rYcf>YSJ%-3lHhj4zg@*Tr9vDm;YdF2G zf`;U#wBLD4g`)t;g{Z`cZ%G@e+YJo|5q(-7%{HfAJLE`evV7rWb(zAju43Mmf`Kt- zrX2e+y^h*btQrW}y3W^=u}RbY#tM=_azSfu?@N0{x~m9Bb~IqR|G4aOW8<**c8lz} zi;x&WB2s(!TUDEWa-@60(ShcjNlMFDJ#2Dg;@rUDeSl*wxK-H%4F6zGeTrKmC@x=A ztCYkZLD2gOO{#RJ)i)GutSW3E#BK?ES*=tS{n~7)=Dm0VTC9S((->jt7U(omJ9uhK zc@c(f$48wPxs2eLI+_R?Mkh-@fJ?D0<`e_d}hA^@&od&fSWxkZa zVNxSlZ*NcxuzRqoO;XHbUf>2ML}lWL{_kC37geoYbJq$ct=lDBnc-qaOb$_s+}^^ zspVS2r!%W*Gt1trGR*-Gv=Eeosw_udU>fL0CjY6Xzcrp&} z`buH7$m}v})s@O+ts3*kRd3ogG5M_1zAXs5iZ}VlX-`Z=UKeVO3rJwoey&NXM(qTm zgEYnw)*;i`B0&_SnM^3T=6-h0&}kW8=khx1>=CG&S@o$a*Oyp^x7qZ_DLp3?;blng z_pv!vKO@9d>lBpq@XrywQF?>LgFIz=f;^fdddvKk95p}Y`rC7GuQfz!g7omM!vTHA z@H>aqO^<%Vc4~ZP>Gx5ZlEB75Y9ArWz`mvL6A|;vMoUzqNlXR3IvHf@cf^%K&NdoF zARO<4mDQ>zxd;Y#f_&8(0c)y6HGH)75j>9+nWvkP*o5+uP1(t6#8fa(g|8t_p3u^f z&D>(b<91x(lcT@a0vlk)pY4LX=QnXT!vY?0noX)L-^{#QDQWLEZ~Gw~|9*LU$Jd*! zx39oU&nkiD)<8cxyXK_p<+08>qzHZLSe|k~d#fUSxTN*Wt$shV2x{uP9bMU@^7wLL z;>Z^=|Mcu3%t^NbP(jTzW zu0*R_yPcxdE3)>T|L`Ux6xdqfS0CRF@p1%C7=qeseqmUSgBN4B9=Wf(6qp00oMFp1 zPgp){mu(DpnA)WGOpQ{0LQ98k`Y<3l;;BF-I8SeP=z+kbhVN58fNRvW_J0vB94_@X zP8r0oPaN{1F(3pwpZAm4v$mtw_;vfY(~Lb@eZ<&#n&)Fh zesiS)8yjZ}5~Ug0cONLW(n&RAO!`M(x0Y}Q^nf+vz$b{{2kZL4+YI8+GIxCgP-M}MgtrfK3IDq5eietfI?Vq z88ohy4MU+qbs+FnLMB7*uFr^biy=N!XNC2V8D4PlcZweE0EU9ALVeL}3F(k`DZtA= zKoBuI2ndBcEHWB*nz-n53j4-LX_{M2Gk`8OJ6UQ5aMR9u>&ab6>XdbuFnS z`U*AGI1v->nY)m+T<>^DTZWxE&vPi!JHXCo8%bOq?Mlm&Zrtlo_t{4nLKpGdvwn6Z zL)fd0ef-dzoHyKp{vf!9ppQRNvy^9ltRsM&G=D3}Up$!oD=U+W>re+^E96{K67f+8 zTIN`>_yTH-3!OE%5FffCb(M%dIL6$)@XiXI*B@cmF-bVfYH!W{xzn!`9>|V~NXNdv zExz}?jqO0JfK}T#dYuO_akMr=c`#L-QG?+j$_=Cj*#kxSA|GIOVWFJVLGeu1r?*wK zO~Ir-BLvrnEJS?r&2{SD6VY2fQ+Gz$^D#$M}LX*OTGdiAAtnhtfArv`882Sq_qgntr81%r2#?DfGUd_qA3jEszpt@B}Ai7LHqS{-OY5CcI2 zQB^=HO)Mm$m#`vKj@O;ks`I@3lHZiVjP$}>-%W63Jv?1sLT$kE_4Wk4K|@hefN*a} z8wsf-fG9j+_Q@PJSFuF%hm?2;MjkA0VV;v^@1-aDc*WZhe!a{*QKbTmM$b?fsuaEL zXeAc5k*o2ZStQV1Co9=DcmaAdUk-B2rvf7#YEv^Bxk4{mu>@7YdE{PHfee1}#sV51q}+y-)L_u`SrXnSI2>Ja^!aM{nYl zOx1?~+41~VcE1Q6DyDYMmM)fVrb13mh91s;SgC7#mwX>1Vwj)AOmL{MHl>RJFnA(8 z7N(FSDia|Q6R4{JOGMdW$p0aa4r!B@jElMBw^ZoGqQ1pnv_8%ZgO=*w&{WNW`T(F?Q1K6U5!#~ z2+g`e>QrkI9(77nu&n5FF6p$Dxt}h_H*=88ix zb!?pbTt=5a!!oi>&xsHf(OI!QajWg|!e|jX)U6J8ZEb4Kdn#1WPD$*GS?TMoH!3(6 z03I6*`B+x^@fXvx7v`8yuHUE`qkv&U7)@EwCl%l4-O`_?4l~yl2ia5V_wdiEsVcjt z*aX=0+-H1i$JJ*W(&!`3mc2TisvTG@Zir4%-F+Pr)Ba7NJ|k%l|I8d{!lXN>#mYmH zk{xQ`!h*ir_=BnH1nM03su}z7h|UK%-t49HaolzEd$aiq8~QnRH)an_@sRcJz*~p0 z2ActZ4iAtd{yJM>`aSS|RHRL9?OjY2jI03c#UF?XQQ%V$Wu+7!f6Br{KwdCe_s`!2fDxBg=trhQ_u& z_g&dMR~Oey0s4u?=W1+7zO5B7eE#u;U{q0y0e{cAfjaJLsQeaVAG%MCP-Gl=9ceGJ`k<;CB zY4K0k=*|5RH=@+{KtcoSV+Rv3U3<<0QG^bUv;`@A zJAdPK#lP$*wt&!zNsrBQXk#$WMR=3gE=D)bD*MR%lk6n-kRE5y?xcO+*WiuuhJO zw}|F>XB7*jo!!Tcrf7X>Pb=S34R$5>ObB%J%%H(Y;SoClg%jjVXMZlYfii3=Z zPOm_5^Rrw!S(q*)%goD)`T~FT-eKu2Tou_v z8Ht;_XmE$Unp28VjEX|1_`Lmze;%99WTKFu<`b9p-0B_q8yoBdiApDDut_-K%}`fI z_sMZG=$vu#MRTwP;b;gTei_VOM!%U>Y<|{35+vS_oLD`^(JDw;dw^Zw@)tfqd@9jK zHeqghj1M2sfih2-XW_>UJ7r|c5!9?1CAIDlEE8}J;|H-^+4n8|0j3qMYNKcccL)02 zHmFCjr~?4D0ruNx-}JxNtnv@L_zze5cTE$}7Zmf~l-|?UY(eeVj_On1?8;-}tN~
zD5P(FnGz&s9foPiMi;BX>=#nuk)M&E?IuZ6XL%)U+WiH2PT-OkNt{>6b$koelhDPU z$IGY{O}2X0jKaclNx@F04Scpf{J8a4-V+VENYk$j$(Ad-ue%^fl4NLd`Fu=WGzl5v9w^4v@9y4_t2v*vA(1@ZsCcY0m!z{e zgI+dUKkiuB(OUXLlTDq2=9^nbOW_X`EZ|hDyRz(}YF-k3(qcmxT@P@Js!1LDSoDfZU6@E^DL9oG!m85Ea4_IxXO3-pjn5u{aPR(4vSTFbYZ^r3WH+~p}=w>?GHAB zw;YEfk95F}!J?lltjJf_n&fSnSJ`gYsIOoz)4^|WMejZk(2!VuY~vW6;BVh#6==Zh zpn#y9AwZ$0t-~*|grq}j?&;?FbhGzqX2%bjyR|F7tzLEw9C$kPs_E8?Wg(D(P?Mjz zk;9yNpXuF%$6~5&s`+lNyWj|~^kSf#QJl!B*_p|)KcVU^&CO1^eVK4Wx?q&Cv=E2` zAD;#u{g?c|9J&#Q2n}+J4i|qg%f&11i3P=k%Z?)<5yZLV#3VBb(Hh@|s~ct*EQzz} zlG&?uh+w&?qhV9uMjCGK$D5>tF*5LIE%2H zg*Q>B#nc37BfZJ(V`6zGEzFz|8aFRJGk)t6PdQ+rYGz|EE3H6Zb*{7Gfx#lRxqK0v zWv0hb;9fA-nqV4a1z=CjaWE#$Y&2b8p5({2{NQp0p#h^(Lw+_S`<(#m%~aN_qnIGhN0 zpJ~)i`dIv%>)O_O-t83`iV04q9;-M-Ufo`|^)$S*A5&F9)*rd_uyDhyq-g7pENLpjm9=;1_<4SP z(!I1#y?Z42v5h~z+2gkW5yg1;(e_>5Am@TjAxBQX(gjMC;}7Lc7V_g<6?2Fd@*88C6C$yns)8uwhz+4j1{7*d zGIvfehTT>n-oTE^To|(#&Xat&0%E^_T*Fvz>+QgCAJ}fsBY5oi#!Vng>E$a7URtqS zerK`v848=lX&w<9uo_1!IM8HAE6gS+AS?Ra2dADVleQkwDbLgv@_jKQLa=PLcyjGadO9Cz{%pJ^q5Ex8iXZ3>6vq0d>JA%2DWA0rQ!Xho45sgRN72 zPHF_{dqGL@usu$mvipTXKG=KazL5bXU05qW5)8OJF((QZ*ZnnT43E2AXN}Lr%FXXcFyCD>hKztpZHNid9pixo zYxAEapPK2;+==6>{ph*IibEIhNaMCxdw}KAk2CjeZ*H*iGVOKc?xRq5%$Mq(sPxll zK2`z=*=8@R^W5J4JW^rM?F9Ryc8df2?{M0`Gd=6CwB%n{`M(x#QT6n|`O(4xP2(W7 ztc^eFWKx9NflZle^1}@vH6#m0{d-jaO=( zFD7i1W}2Im!D+~hh*NHu?PXj0K_eM6#NsF*TS7Id5`;kg^tGkp3pU_75F8qPMIrOA z>wgBG|IPvGfBc|7vp69aeM1`uQ){b#QQ%Tx6VN@pUvR3Tu~;1!yL)mGH%!^iCZ75dL$Sn-tH_lK*qhdmidAK2%J=P~Na5w( zKmYMq+UV7$FX3GLt$=91Uj08cZu})6K?S~l2_+(;L;8mtqW|IW=!-&e15Nj=Mny<~ zi9UZW7#NUZ(CM`uOPlk^GQdb@YQP^uYkf!kdQFK_p6PGjZ=Zp-pp*P_tj$z}Xc8#6 zPTeugn=F_|oHKux^}C+`{@r|dtPhQ^k<@OeVheuZs219U$;FSXz}VZT!~J}?p`cME zxT)HLj9@7;5N?A&7*adJ7}(z^hqnfeysJmYw)WeCf+cdBCC~HOs~i(*2&km+Yl`(moyQ4HM<{1mzD^LJr$k8~>66)Bi2VBlvavENN(E>|pX= z)F~po?F*fw226FSKKk_o9BG8gwJ{wv;?G3UsS&g>)COLul85vHxRBC?@gLKC#Kqla z+`4RBd~+*?f9dU~l;;<=pm3?(C`+yw=L@Uba>o!Oj=h~kXWmZ)kq>fW-~el>8$IF- zrhTd7;V~)GV{>iG3W4mwA+I<~jy7#bLfYF(iWbV8{%Uvi+N0cIH-JbZ#e(J*q$3jd zKkF|iO1(;#ngS^Be59CMNROSWIga1-5p>QdyURqdTo}}pbu3kR@LI{J0a^7P3{8Gy3rE2=feRey& zJyb$gbreh=0X)nm_%BXlvpwZ?_Yqhp609dYE!1ovppeM8(L_-Q=0Ncl!Z>2i&(58V zU0_i>bdU%aFfKL&ZJ|8T!JZW8(R8RtzPTWAko-}>vrZgVa_;PO-zr0?K?63t{rSc``>5v zXq!kTyEkZByUiY*^NS{y?fTR5gZCP+7Q{#Evcq=%X;^CMUg2Lqy8Y|=pVdU<-&Yec zD<@qGQ-goS9z{bJhyR~_b%cIpdI3{dL)TrhOCZ(u4Z#T!_`^DQOXqqx3_TGBvAW@Z zcx=_DZ?Cd?!cEm{Ki8uAo-f`zw5`7dn!p+L7D`g!F|C4Ul5ix{HmqaV!h0On8{qR8 zPSysn*;K@;8uHM8CW^4|fTyq-N&yL?zTZl{^{-lnz)Ho-S&5V0bE` zHNADG92oU=YE+IJz0sQm$dUNhND;PzdQcL7LwfXL@icRfHE!|dyMIFrZGBL2ZpU^J ze(wQ_P>BNhLwtQsOCY0P!ufkE`v*+d7qj&jkMb4Z{%h#={Hs21@!VNu^~JS1cw^-r z_EMY%JD-%4>MpY|$7*>(oSEv(`zBilj`NSgv7J+SPBDaGN&3qUw3|O&JN%G;r??(m zfVhZWWqwAXE+z3uZ?WXaypTF+8dsa(+VPn(hGhW+!Yye6WQ`#j*e>O=4m5+@KaWq2j_xGX{GZKy;f`M-%=~`?@MgRWz+GYkr zQ&-WLQGwF_-o4hu(@|UeLu5HGbO0V7oPg#K*oyfAt;&n*Yv;%=Z|<&d*-*xi)P{+6 z=J~ZA_yIUb#QS{~Cwr2iKPq-+r|ia`enrF40!M_nAgqBGJ-e!=f5T_c*R; z!#V5U)Z9$G;Zs|=*mn*3+RW8mcvbDP>k&DE&fa0HIBRN$}w)fb+hynsn zG%sXzVP~^QJEP8zh)sYT{NikAPM`%XdKSg4;9H{*m`dUY5q*RRafi%(YDgk1csCn> z*#JlM+-HnL5d{%MH+&oflMoU&S~giP94fp1U^{5_rod>90embHK?yM=F* zc-~aE8fbN4&37G0Bv1a~Gd@~1DB-t%9??0f^l0**y$KIB!=mh8{|Wlv@{s?|#E!qv zj=ba7OfpMDf&U&A{zbBBmVf#Q=FL%s&b*om7X1;%m&4B{htYfWO9;VXwsO8=>e^0b zy2qv~r?vApfO#-|T|HznJc33f&gCzg+L^NEqm3w=Qu)YKuQqGF(P? z^^Fs;Hxl+lm1d~(G5u8L@%8W)qML~tt;S~>c+-s0a`DDjt8{!7p*Ut?tC4fU=7 zK8ZfwFG!wJKU3PUHK84iY0%+TpSzU7*H0?%Ha|z} z(U-RE>CxE%(A*tvQ?jOxTCo%?K0^HHMx|WYP^vNu(#Ox_iIwg$AFzKQ6m;X8aN2x~ z0IRD!A`MPpiFcubR2GekpZXzF7CaGUZ-~7@7Z*K5 z1o$(6U)VY~c|ok`M87(r^tRrlU*!hx&DMQMVLN7pvV`sFv&dJtxxPJRO^_ca|YL`qv-Pv-2-ci?-g8k91 z)6`tTYGy`){SiRIq*a9+uyPPe2J|PZZ(_!z&F1{vs~_OtbaSsti;?Znv=(IrXvREf z-xb;Rkgp?T%wujpEt9)Azpwk+16h;nl*YcV3$gfZ4&jgOXR<&O>Mo84G~qI1Y@!Sd zCM*WjJjjK9zwp~={bC^i0n1_pEiNkWUdp`yXTVHVonghKwe3agaoo>P4z|U_>HcY* z;4Pb2yaM9M^rUd3`hHju3W3Jfw^^?d;!xug5eocmyM_GGf&`m@oYQF!hD0Jrs{*b( zRCQB3O_YFc2P`lZG`G6BxJX@gez;Sho8l_PKw;a69Hk7d{?0-yR^d{OD-1dZ-WWVQ z^(b@)y6}t-8;TTi&doHs`aBU~EZB)m#{2^#hIwVnwbmuH*{^2?zEKCQ9j!Egjn z0hhg_kWvL2YPC<~_>*ZA0UkG0;Ylx8c;I8N5Evn==OJ)eEAoqg zgQBGM1WL#UhMdqqQ1gK5aRvVfGS!D^{ifUYRWst;rq689RlFe+s(sp80 zM?8q;{50|+Rbb}=bo}g0#BMS(#Uc24s!40T0ac(lfng?VX_@>sr}Bcz+3jW&EsPK8=Djo z`0tITLUHwv#Zz2y_4#1Hv%C_%c3o_yWB7P3xJd9)>T(TtH}co5%jIiOoq`XA@*m)Y zwD2&&#@yg^PCrA*VNH8txgO4z8H|mL-_BnTX})0#z^apj`&-992+52zrzP_`3%I4D1XyjIM62SUM9cTfDQOus1E+%@<>>GvU|Q{%WhWO={%~LJC;C=`-5vLiafbape?}?Ah0Y^-^c0oUhX|Y%OYTk3z}ng zHU{~@Sq6IBJW#y;r1uIj5b)Q&Tznef-=&V?|67$3`0pL@&p#SyhCb)QBo>tE`=CH7kz6&GVIJQU67;(LbZtj=@F+SBZge7Y?zNHt(O~2!<2p9)R4=Ji zQ5O8kRs~}Lj4IGb_5kP{u(@?Us)IZkVl#eZm2C7e0k<{`wy>_LS=pa0d>h`d=6^GbIf2YHAt zkCRGD;pDaVq68pA`Wb8ikwj~$2hN~K30^%>%?jAmBzfF#2C#45tI@N7Y9Fz^U@C;x zJcCjZ>Y;?A=S`C=fD@`6D!{Vwc#n(p{%vwDNZ%KPoZ$e!D`Hl%mp0y!{Bo}f&B)f5-Y~OI0Rq}+}G+hC;fWqKUZ`qPD#f8d- zSHG1Eb>sYzlMm~M_2GWGx~4BK{ePx3{+$V?e<3=9KbbH4e*`}G|9!RpkGKC<-f!`r z*`fjkDH#O0uOGoY(T^}DFpgNdyKk5<{7{Og7 zki#{{D2>-WW|r*88j@>G22rbo^As*-HzTv?xGi9X+_te`D zp8T$?CoKh&e9ybs$s{>1A8!O)1>`TeAK!^f7yyw-dHsQ3Ay;wxNKS>G9{q9{?Sc>RIx00ar>TM!N9iP1#}&@A(LEV+)CqX z3rS1?LlBD~6GkJ6G#_IWCTA`62nvdm=->%^kZIGe^?qGi>KPFNV}1tyG!^AXA~a!>9=K?x|(A)%O0LUXvQ3S69QV=oa_;pBMwEI2gVE@@&_=w&NC9I#%qB7sCvMuvXTTd zGbsicZIUPbPhz@UH1Iq7t1G63e8tn|QgS_2PLs@O49gQFu_>9~1}_qj{aQIHGSE`L zW0oF6JS*hPJ)+2#n?z@UOrcA54>Iy>oTNu6K7kI4nL0D@Z|V}<&RqNurn|j!<#q;F z%WmEF*x({hK#vtYbALY-44pRTEYfZ4Y_cC<^dHEDA7#WVJC;reE8$tg>S8R=zw*zc z^QiBENivVD8@PI^8+>G}BxT{0*52*K7oZHXc>ftB+TY};|G*tde;XwJL3;Hc)*@+b zW&EE_B_k0^RZ$6jXme~l1ubaI#+Cja2eg9>aF5u>NhM(P3_-ynJDOLUN?Mh>7aqtJO04TwrRhjuYna zal?M&(RS>`^BRVUzKX8pEBU9*vW8p~vlr+Z!IqUFqK(1j1wsBqG zF(@cJv>#RDO09e8s8PbAvQ4*?$`*f;ZT4AxJ=G4bNoN26Q(YO#cAk@N(vVtcZ>Hp3 zMSBYYLC*Cr6-Y=kmppW3i?(Z{kx`{V1&K-_|WwOPY74h_CBRIcfxz8R$Tb!)HfdS;Lmt z`pThI_v5DyaQkUA_bn=Kvl+z7$_?0=WXCwI4t*ZoRnavch&aa+1TMR$*^3C#K?mlt zCVTR=UHmLFUxee7>S^TqGBEwA%d05No#w+P8mOHLeKnPDY*^Ov0@`%Ghv3A1+LRY| zR*H=qJeL?yL)+9cQGthV(NQI~oy-&!R*=O75!s0lbaobmrFa+?Ag)4E|K98s2!CsA z9K|c%juBX~F=rS6#%4EIl%{8FhnMp0kaK$u+5bMb@;IA`Ba)a}R3V1x&?(ejrS1J1 zmhwz&*W-Rrvj3R1EOK*zne5%rnO5g3tAg}wehT>7B(glORw@`l(E^6x;E+DWovd+;2o{JshL@I(XlC%=-GZ7C`ctDzqMEp;}$Krf;@k<-tJA4^r%2Iak==UpJ*$5R5$XZ6h|%_d*`Zd z<1=z~NSB#g;gtZaBs66*uHz!;L$){yKNeoYmyAG#xV+7*8;2;IR%+gV z?FX9O$o4GA)?Z|wHwbL0a zO?3XaT|&2OwtYZWs<4Jlh5XRL$wNswdOw}Re?~9{St4d#z z$ZfhnjfcLmJ^VtU@x8g*xq5Me;)AMkXcl*AaJdDyZ9w?xI9w+*rbw4 z;kw0|(zUJX81$Z=Mwxlk>gKk%LDhe|6*}e&bki>o+k+*x)~$gdOU_zVQ{~V zJAo>)fwC9XnR5w$Zfj~#)^NQuM4{Ee>#^AA(RM1ULdaHMe_Li>!GyM_YBr{5=<3^XKKveDW>T37*np#agpK1daNs7JyR6Hd9o@ZKJ>ezg%7j@UkPOM z9*d^-46iZs4vHnci!RnZvdwAD?xl@JbhrL!Az|NHaQmLxk*SSKug*AfX=%_*u4HUm z5&h~1>Gw;R#4fsQU?{Jp!5w1~(53YrdYWa`JtDp3cvNz^5%I!)TAsf5@T<5NwBw?U zDbg-zFImFKm^+a=iZDnKn75-X@tv!Y;9X4mN!D-I!ac1tOAx?$*~>-O{JC=50S3F+ zqN`xIWJCO|JXRR6;ebn5an0dLxHBXH^b)!T5%Wzbk`}Zn$9N1K(Id&{0TzRpG<&qE z9XdwixBS@pohUbG5FN6^s%HUugYY!*w25vxh`KrqXiJiT-I9h{q;V<}HRPAt4Fg># zWEO_P7}O@2cHb+>3XwTt)ru~~KpDhOHvky+-t&GID)%FO7OU(pn)7oJ$s25+;+mZa z2h$q$8(sRUdGcvw=@ok))z!qFDGzslpAS#KMnN21kHi<#s#U3FdkK<`#HB|~ZgqRw z0=F^i^)lQ3z7}|$Qd(IOY!N1>8W?lq=NHi&q4qAIjj;>mt^=xUqJYuM()a$V^ih>$ zk2ufj?G<6(X$y{7K2sw-Lta+4xKW+D`cA%l==OB4BCZy$uK>|naU*F#UM|{SCJ`e?`RXSNOQ2}oqY`h}OWM${i|)fdf;bNyNBRh!Q{KiGj{|s?H1`1P zv=^_V&rDG>!BAE`!D3!b#b{nb#eBPznC!Tem8v7PC!knmT;dX){R}YQ$GH1Cfh{q2K$h9s}V{yu<8UYd&6vTvZGqqvYNp zp@Un37D=koxTX%e+jk`csEkY&daij{x`eE`En9UhMv9a+>DlR=(DI(s2I0aWbn(I) zd-N5+4rNN+$@cti1}HWDvc>9iCZI-^+Hb^sRWb7T1(lwxj+(RC;wxGTI_?DKI>>kA zWF+zzD?#>)L{Q`f|9Tks>zl>f;qQMv>?|pef_q+N>f%jcrh^WzDxBZn07C)|B>sZm z{Bg;nhk{GOXMluE#V|P(N}1}~?4fKtGd^TdEgxo-ley5!Z-l(dSK}9E1opKWqs1ig zYaoiDO68AP2~vx})R9C)U!`w{n5~%2rBC)V-ZQz^rKK@=*MXTX;9VyRahV&3Z&p}+ zR{C#N><5DykSwp;GUMCsWr?H08tu{ZNHqOUG*Ku!)2NFb?JQcs!W2jqylb&BJGIkd zLp#K|aMS}rISF10YdhP`gx+gME;-E z0A0}Y@!9w#@O-k!uc<4Dh^-aOL;=`k5wfaQ4JD*^>Xv5U6cx-+0h{WUKb+R1x;vFX z&)&H75CcHq)WOYRdl0dOuMn|?{AFDrbMmU8;ly>h__MEA@xyx&f^ERlVBruOaY+M; zU}F$p;M~BcaC1q|c*6^?F!57+A%f`;o$&QY&xHHsukZ)uQF;62o)~_>d>{$_2vC6o z2Cu>!lv|1t&A$T159#F-qz~u|Mg$juD?yATm?dow5G}f5?iJkz#Q)X13A;;{&M%pL zg{_Al&_y7LIEhOv_XO&z?OPX237&;tOO`GmS$HKQ2p!-}P$=8%L#xmnJX~M{79*ky zYYP!T5$pl30tbZH$%iQage)hxjh>s_>)5XdzDXcX3W-MZ^J5$?#+ynhP(3G_#P z912TENeuDrnq{@gTTv~&AMxu6GKRPO>%8B5 z{ZVg5_z4@t2;gU$EVOz9C#;qOo|j<3y`ol z-jgHiM^%m35wXhh57#`?G*K>aoETgmAKeevZrdKy>zpsED$~&beBfCrdSZF=$1uQw z@1mO+wxSxpHb!kg#ZYbYT6g1w1vyybuB>83xvctOxlv-@Zm8FNjbp_Sg^%|hS-y8u zjd~Fn0hROlq0>mk_ch)3aHGr?A>%^MwWab?&H_Bh9DHyB zQ=NNz-m}`Z`OcTpC-3KqNlnO_vi0M_d^`Hp$adJ%o^`Ji2vDM>Dn;NTZ9?fQ7=gQ9Q1|HY$%w~rNu1D$Xuc( zPknrA+wx+3u*24|LmG8sI4hL6#nUa?E5U_+q#2lqE9Rr+p#}nTt-);uM;xgs&Fi7D zaKp1U`nSFNN`=@kM@eU2!nw=1xb<+{-I6s-V zG{6#hZuC0!b_}k7%xFFEG$Xo(vxsr`z{(sxG$bJAh`4AR?en6>+=JRepQ|F#TTVdHoY~AtfwsnXI8FT3q+CBSV z7s0}#{hn~u^RR`k@i?Yk?d%+-JW7Bd0kMzoj*&>ohf8@tI z0L1IrPL7PKNdFzRyR2oic3`F8-q7+>kwn?j=C>hhq#?DzBica={r+3uD7JK&Uu*Tx;5Y4znNe@8j9NbJ zv=K7G+(Z#FLLUi?+)$tCrfUIf8G}_K+*}b;yxa^CQ~cbo5U**#_Onk=!`70!_A&0W zE^u~C5hw&%NrPRXZAnLG{fB5CyMxZ~8Fwe7<0?q|hC`t7rA4~eV%ab)8y3yX`a4pr zm5N~^y3797*JPwPzINyo!r6X zvzH9%g8BQ+qD!~{B3RuMaxuSQ7;RyYKqVkIugj7#DIVB$rT2mH#46eqqI9pgJ2TnE za%iU1SgPpb`-DIf5%7Wq=22%dOr5XIaZXwOP7m#fiUx}5jX|1G6dbu*13QgazE}Mg zOCz8pB~);uw@7M%t0;F?YYJRR=|uKGSi+BQ@5dx%B%O;RN??K&m|sfW2Mk*LY^gZv zkpZ5vDQ!4@*^OTcX+JWWQQuZ$%$qYaf*wS8Jp3dwV!5+y(x2{^w%7F}trDe>vTb&X z!D_|2?P|s|oC>`Dj=-J6h*P({d*R$7^@}X45-iJO*PxnR^VdaBJ{PAh z4XxgirgS(hZL&pXp#iuBN_Dvl{n7_N8C8)5brGYo>_1FGUXhv%U3gf&M?PAKj zd##)s!g}c71pDcB&GPiHgPyX4AmY$wfjZ+O=z>_+tU?3B6X=4*dIbeLddDDQH{+y2 zL=A;R`i`H35-IK4loGG5yrdFHACaPoi&uOx)cetJ@(fcc&SrLbXF5ELZftF#Mw3Q-jFQnd_g%RqFFU1LQ zEb$@nZ=GkQ0d+K0A_>4Kl>AVolst8lBOU*F7%!S)$A*tsXgzA0Lz`fuST50VD=&^> zZND!aaX}PJu7SQT1*_D`)S87`N}k`AX)C5?K~|5t7|)3gLFFP-v&FT~zmxgn^UoS* z3so||A78t~+Wr=8{DTU){~!S6#bkw~1nHP*|1;(&P?NI27(((IBTAC6BdS!QbCQ}> z#$1R|uH5UQwJa#Uj?!aDpc;}#8f%O%NE*ZWi4PRZT#oAqga;~rCtF|i5Z_1&i#U<< zy|fhchqfEVw17KBv;+-MXts%OCdT8$B&Bg_G6N(zZ#vq=(BpyoW_wdzo%hpO-q1H2 z_zP3oQzn+e-=~>f+>VPB4Ws8TgYy{&?}1JG2`d?n-lOK0mQJY(`)&)?&MOLwVT%Wq z8k|b3u5?fM(5b)-+S7wXUE59Kr#V2HzkI_6B<#Z^tjDJ`JL(k9Sfl+(A=PNV{Q?Vy{aKT^ z`M`n9DNrf2l?{wCc<{;dGPgU1p8nda{6X?<&Y?4C$T}Wa|Q3VujArz%9d#jEWiv^B`h_V7G?O)q9wmrRiMM~C+MKhKx{KVO2 z08awq_B9`cIK{tG3z&aOO<6Z-TQ`o9t}j*G3c-tpd3t(v9Iw}H36;(*PJ_46Ub2*C zpqp_&oIKf`fxXV*x^~s5-CW4oU)SK*q0q2sm#}bKqd8Z-(eTVvRbah=HZ@ z@Je|)5e|)N^|!^~W$T|dK$Wo@r^u8um&$kMJf9z%lr9m_)~77ajb3^^_*k7eo1HgB zauAhs+gKgfNiyDr))tc=KR@{%c4h8ZSg_wTKlgXMEA=#}88ObKOJ>xlD>jFYglQPZ zxH-eRLiJvfZBX@ee1IJ>g>WN3n_K<7{2Ii57pj`qAlDI_%=Ih@VTGa2i_*lC{iTW<|hW8$3;Q-?=CEKy?; zoF7q#$38q!V-6ALaqRuN!~TSpj;4rfqeXK|?Zp@7DySifn+=lwOx5HBFn-jo58?r( z7TyLTtqx;}#xG&M?T@STgSHaZyrYZZu>Y3HnK~@Ao~@q-(?nuN$6P(qt@BF&rU~V0 zF|P4lAy}WV^8@ep1}fP|Ym$~`3Z%J5TNcyS6b2hBFy(9W11#jM$a&0VdmAs5;P8$C zuyih4?#WSz$3u_=$&DO~d75>M7Non=G()vBsJpI($U6Vy#1y7P}l{D-EsS!MbLIu}z zR6-gBHt|QHC-N#IBexffYyGcwAG?Vym9<@d&TV+#L`Ab1LDhM{y2iB>)wTqwxf7~* znZE)6_Y&%7<24>dSXhyCA!vD5xWA(@@>P=5wTLVaOMl2M4&GB6CF_n`P}kN?R8WE| z=Z=ei$Wh}gZ!0GPQp`+)<2O3@B0cJ%miF=VHt6WSLeJ_MY;n*gHKL-7rUkOR)8^b2kEr7??GavWZxAAv>9aopFcat zh#pp0c*Gz&KzM-g-9f5Wnj2v(yDTloPM`^uc6*XF1r=y8U9xuspAitg3lOas-WdXn z1P9kRLlU!Q*#iX?#fPp5*17h3^pY?ozd*jUuV8mOhD(0uOufKCvY3MRwfDlIqWlq`t# zKd$>=MP2Fgj=fBP&}qxSwb+H!J*UM%8DyvF13*R92K{%1a){S zXg@WmEyUEZG%q^)*B(WAo65{W2J4MKS~%6jXWe$3kf`Xmxkf|A7z+C7g@lI?O(d29 z#pLA?-IKzWVKQ(9P-T0D5R)bLYXIZq`6&;CaXjEP#K^LWs~Phh^f(h=mmK0IPAhZh z0Ukt|qsA1BI^B)ahJeTwF1YF@PK8UxdzUGeIk5|B&7w|ix5sYqcWk#`_mK*g>Qj{^ zlgs>&!+e%Os5Fzy(i3`sWXqUfeG1xKq81Blb9da=+iA+Irm$tmPP}o-Xzu~#JYA`_ zCp`zG!zfN97@`hCrf%{@4#4bQW_wBZf~N>$Yipn)6{o@M`ioAbM@eL7lT_UB_&geq z^8L%dk*&1!PVKx%8Dy0++22uK@cqoi0BUdL+4S@HX`Yv=G?rkM6p zXXldQ_D0m@uKc`ybvJ1c`3`pxgtVV1*G!^}2$S(vs49mE1j-Q}YDO~d%>O=<`+@Z8 zu6rvhx7P0uCFWf(X{9(Y%KT(dP_E~p<{7EP^5~Ccu2f_C#rKr@zGAlwWmT5mh{%3) zD<*LJ-V`O2zJVz&m8c*k2)Zbj&NfRdANkpnVZ>p?*Mi07k$0J2AEuBe$PF0ztbW}g zmsZj`2skt?ZA_PrrNIqg|K*{3wo9;w&LdDl1`f&tUrP7bK_7vmv7qtXD9*}RI^x{Z zJEJ7kQUx!~V8-|jT$wI3p4$$*h`IqgD*e?J>IPQSR0t@ITp2j4)GuBNDSETdzpqjD zI}*jOAf+7T)LWHMrtXCGp)lht8$AlLus0VaWrToTgAoDa$8b$`o+pTJrq@T<17#%E z(xc|tHsCZRKD{}e7C(nKB_NB7a4`KPMp=0PRYbJ2;xjLASnz85P`BTG@6PyLXrfnm zJO!g!_z0+NeKYiv0a+by#Gyp;lDX89+SU4cuG7<;M_!rEaC!_Q=I}3<>1}V2sa;l; zMGfWq7j_@FzL_$Rd2XM_KYYZ=97C`?{nfA z(QqHdg-$-!KRXvlw|?_n;ZOTrbPLL3G8B5nG0Qkjt#Hg;F^Qjf0#}G~$b&ae5%2Z>ZqM)88+6kV;7g)KiZl)g zfH%)X)&uP_34?zYuS3De;tPQYd=VYcby z)>IHcd?r)v5;7dNZF=a7(7=y7jb-~yt>aiT9Gu5MUo!C%P zwknXY{WBr3$fa|(Q1VFqank*XTNgrpl2+n%nRFZg>q?Jy+1ao$_2vL$_dyw8CXB=*1m&<;n?V&91SBR(^N}xnZbzi#htbHO@pdzwL26)NkBTKMCO9yBM zZ1SYiLM?id`yIpbG*-n)v}%wHd@mOGGe8y>AKyp@6qoBB2K{Z~p%<*SftpzTYldoz zFs4l~j|6FoNr1A0Rhx}QGwlB72c=slMZ>$0ZPs7biXKDLjb=@Jzn`ACys;F|IhH&j zjzs3UpzkS(xA-|K1FZWXDAul;rqzO^YjfEBhs_+Phn*I4(k$|!;TTJ^XLyf3uvkSi zRk8HOI65G!SUDQ93$p#Y%Qjgjy@EeiM^>%WrQx6jdTlcSddQvG%kQqS8vN0N})+18Y$ZcT*YH@uAu=pZ2xRW;913Umws| zVwYSUKzF`&oRUE_In?*mJXRGY-f}_{MDl{~i|T+bX7E}WtG4{wAK(u}vK|anSKa0Y zaVAK_#N->N3ZGD?2Fin&g~JgrHCvQBJHt@lk~)#YmBIp-l=c2$E$93rZV5xGTQHzm za(m+wkyTAil#1?QA&%#)TGQbLYyVt2=DpTV%89CU5!s48y#z_Ro9z)>O-&Ic>3xpk z11mC65WP6Nyg1k)Y>D!kpu8I9+;MW39;fTOa+HA#wVv9=m=Ln%e7hfOZXdE@e`+sB zCG}Fs8!u3#g6&9IjJ&gCzWCr8|2RQ^J73i!FeiAcp|;e)%>s~=+^-!=)-=3^Y~ztW z{1jeuVg!2%4;3j}ZB158#9vn0R7Z_RwYil;$c6@E!;yKIu|i?ttE8vZ2*nK$KrxZ4 z#hs~Ub+$OJSnR;O4lzf$H@I}f?;6WsbsFR+r&KPH=_&JIPsfwjxmJFNZ}$|XPi z+gvBaw)G!ef3aq;x7=49T=5s*|3BBl@%?kI|I2&R(=+~O|6QPDZiBFh#9daFwBOLt zsj5>4UxoTJF~UF}mYDefixw4d$yQd9mtV^QO^tq*|13UeH`$-q6trGUY~)u^30Mx5 zfAM5J8c8&oXv(C+%P;7;!iph5<;SmFz|HVPDQp41ZKw+!pY%*(agW@pFu zH0|*3yi5jw#ZkoWZ`Z1dA+KK?w4w<6@7>MJwT$2g5du@D%BQ@N4=twS%V0-xQ>Jrk zwGM}iHCKvy5)9BEj2>g(%HsWFL;LIClE1l9q$*cfn6CeBw|g)Bz3>B63bM`~Oh;W) zfHo;RQ3t!n!|z+q4?lK93*p%fLZ23zW_=LuDx~feSc(35;qS>sxl;c4HtgMyaYE7A zv>=kQls-fS`AACsCG|!>)O?6C4?gp-?vX5iP`>}hyD$^&$UI{dcWMQ7s+O;15E`CY z2Eb=^VE*Z^k&zIFds5Et&zYeV8eLWQ#l{?s)A-C|EhAhH5rjy4OL(g*xmoy7O@`#l z$9$O7HfevWDthMO?m1rDcR3{_gpznq9C)ZF7?{uJ*jtPRu<#hUTj9KLar|z!Md0{p-w>p!vyW5rC;(Df zQ|3MSp1zLCRvW5TCBjmh8yYID%zeT->~S;B-dI_Bs9jz_Z4Ix0d92)6w0bS^u$Q3y zyfmY@z~^-GE+buAr{G*}sPdb8ajbHHCDW*j>qQLgb)Dk3{KM4SGf2w3XKqpgq;}?b zAyx3I+Vja!+HyO@rQs5Pl1oTMm#Y<&x%a(WwBvJZ7Q_A3mT~!|B;!aR_X&mGls3ci za+vE0SJzqr-;^a|2CuUt0)y`q zpf+Gxk~)3f?XT!lbme{3ErCc-X~s()eaNWDJPxV*EB15~SQY;6TSKtdSRQt}tv-#@ z9N-G=v$2nuXr$L4m>MX)AHxfl&85lNV3tWuc8ErjPs*JDb@a4h7N)@BBZ-FD;pHR% z*tHvwE?dfNf}2R8z~Rm>Y^Q>XRtyG##ff1@HAbLj)pw}oT; zc+A~nucAuTrK6-nZu%<3T9ZF6O$dEOUr+ejwx;wGboZ60#CogJ_;q~>AR->?W3lDe z1}wV$liav;th5glM#Ecf%`&*EsfBXbdm+x(1~akezE&Ken42OAh6gNgvvwUfI8KKx zS=yh6W+wDM9Q0Vhrz2a9?lP2)-B6hE$SNF`d)cYV9K@V{xkrZqKjJ4rY6Y|pZ*lJp zpbu>u{Un^0$*MV4UW*-U1C!woOKO^xeC}hE+Yr9pi<)M9HcBOenIU}6V-(qlRJfzJ z05gv+sjgw+#iyv-ipC8O|D;;YDOm21)ZTrb6mpk{MK>_LHdW0BYe!dS_sFZ3%8RY& zL;1Za4s_?{uIe3q)q(vka3TY6AE*~UQ_cCEfeBwH2N|$j(W5(16|1_A7aD>!9eTuT z)WB(_LwbyqG+4T9jv2h>YPEVUWp|Dl4+DBB;|Li#x{4DVtm@1zs+U?Fbrde0xoWN) zh*lx^6}Y-3qtS-Ibw%v5evF#SC*p@{ht+HwS-0oDa?%{SmcLg#&Zs3S@8VA}>+4q0 zOFISZ$C#f6MMP^pR`FP)6^LK2h*}qxB6gI%4%b)|shRuzF6kF6BK1K7Xl|%Q%qw>% z(Al;+@%>%YFPJ5}5p0&EoDf@aqQ!=Mk&7*x1iwt3;{q3ISV3%ugC4pz~<4qN_IXW!5Y5t;pT1W0f93p25L}Gz*Uu%v$p<3v`D|od1Wmw+yN) z*tUfO!Cit|a0u=W!GpWo#@*e?#@*fBHtrDI-Q6L$yM(~o=bZc1SNF#~_0Fw&{GryA z(R20MU2FF0o}>BgpDCz)B9KYqeP;SyLvh~S2=uXzMR8UbbRNg%8oMC0#za}m?E#7@ zROHTI$HxjVS!+l$sbth$GNjveDdgoefD>+^jQsg@94>>$0rHeZ`#->kL2UBnudwE) z+0tCUV;2}h&{C0(&bv98P`dpv75dVLsJ;0WX|6^t?8b%Jx$BRqfTx~vbl+5T8^^=l3E&Nq$$>33cuEdS4r zC_+Dv_o>nUzI`#`5Q^694@Ez^WeaP18xFgBhTHS;!)EE(7SrvSCSAH|LBqMd3q!rl z{kn9QOU8MfOUk&1gGTToJ}~%pu|v61o~!%J^^Z&_jHj3*6TA+=`)|2K|CgB%2j{=Z zgqp*mDfC&I=?O-Mz9M1&S0+@D77+AngtgwJD0qbyb$A6{&H}?CF(HASUzYT{3Y=25 zC96CsTO8|!%PV;{nEvdxa9*lp-i7AEWsW`n=)78&=FOrc=f=Hj)4R)gdVg#2p~jCD z<&$e1RvvA}=>z4S63^~gxWt@Zx<`$@wUs$5FIu!oQqXy13G8c9QVkt(BAfKka@-wd*}_iDGei+^9&3 zQ~|UM<|g7nqm5>tLO(@rR((kFWmND%Y2G%8Zp_9}F|5)iovWgQ03{}+k#VJUf5dAo zZA#!?@GCKd7c`sTpz$lw^A(L7#AxQy6h4(x*VFCEh$XNXtbdn?_htZRLXk!D@jopp z?7x4C?RWrZLRA7zs+Lx5!FZ&`0nDz4_+vLj5LO;@j_R6<%zho#Xtf7LcxIc{pBDir5Sd*K_H6Wz zaa1Rfw{H-10@wVx>h%@kN=RSypA{vQCt*(45BsUQsaSudnDQp~ap|I*u^v_N6{uL{ zkW6PfSF)fc4fK1<^;I1v5moP>o2>L_C9FEysu!GLv)-Tvv5rpy8BoR)>{3jezP3e@ zK}m;e)Bzl5a%Ib548CjbK^JK)Z)oH1_mKwm3Ju+SgNN?ACnos>gIp`S;-ZD;S}zcxUapl~Q+k zNv;Hm@V`5Ap3Sd)(WyepHO*xF^@zUy@bYuJo_vykv!3li!+RB4{Xx*1tMLlIholrH_n%jGj&Rdq~V1q=8CByR~Dp>F@%s9CIGxa4egDZC zy4&8SLQDf&VoQ~w#uESha5W`omPt47n-tHV2bn{J$Ckb}a@kX!rQtD2CIusvLrM_H zYSFmLW-8dd-lj|C*T9mmha1P4&kHyc@>bzWzulNI2Yslr4~A@CF`2^F;DOFxZgf6O z3ePb8jrMbM-(Wl13qNW+SW}A=@F){hdC9`FJ-VXDmGxL@*$Q>xq6GtE<;u353U=ar3qs0;~nuPi8WcBeIRCo8$v+OtHU>wm0lhos9xR zZEUfvzzknIlsc)wyzB=PqTg-a7_R4~jj{2a@g_o{yaRGB-`ya!kRLgSuDM*lf_UkOv*CYbYL2w{C1Y?>uYM>-#?>G-fbGjFE(Z zt5S0;wSdADy#+2E6uSFK{MzmN&+6i2uElF9Rk9yYnLXUSU^jUGDwpa$WAh@)uJz75nH*|S@rIs3do>X5h1(no zO{n_&x$*TxXV}`yn><*qgrdAGWO8COic7 zTC{kbm$1a4Uzl~6BJJ&R0XhVxEA2!$&s)}J8P2HXd$C5Ak8$by5&h&e#*u;Bz zoC8PHwoyZ_;LpbrtN9zUU`_bFM1}NHMSCdWcr(EwRav&Qyh{WmE=zz6gUr%+J0Ijf zGM_SEY59BjgUK?t3boO;ipvz^UHMZ8SK9P5j0l{9mHZ_Ng$0)u{4+O2#4<^#PDvV+ zJdYKstoK{Q_BA#_L*A2-Z&`-C7bD;F40&%xHZ%o^yo)rw)20OHw6oy#J{9R_F>XQ@ zxq2v4RRg_7iZGv}i*0N?upEYUaxFD_zY9&gHf0w17u%p5>4zGQG`S!Dx=hTtrk(c{ zyA?(~vekd)tM*naMAZYN_BXDR%AJt7{DA%;{R$gOI7eZ^X~LuBB62uuszR86mra$( zND{8Mm`vWVQG%#&{LMuVk2g<+=Y%^!WG>xZfre9##_SZ~SNGttrdR|91@x(WbJhUD z$wsJ%hk6x35b5gyJWCFINR%#oh^&t}I5Fw~k|O%k1{o!Vjgx;1Se2HM#c z&l-*Ws(zb_R{8vdw)sY5#Nm%O+ixHY+TE4}9n_Fb?G2-KzHt}C=6(l(^P;mCnmrpo zgu0&}pTMb7G?>9x`2KDg?dYZDNV3Z)Jy0uEPz1a)>`FpbQPYCgDW!)nOfx*R`qENHr1IS zX)0K47TANq3z{~}f?CRc%pv)rf^jS^rv4k_iX7?k@(lD_BeIiJI4Vf=7fn?x&mn4h z9Fn-d@~<&sKaJ5Th9HE@Djo{)Q}@Xrk%#*2^|ZS0@t$I*wUjd=mP14qr{?x)dd0c|slf-?jBHkg~Ut(MaRQu%OK zn(i&NM+ekqv&$NNyRrkpyG^yWE7aU|85j>)KA8mFIq9a$_cU*_Wmr#Lms336m!Nzc zIVrAG3fn+=eNMyQCSxb0n4d)1xS!$7r95|-9A6h_j|kPQ;PFVQ&+~4v6!GB$+}B;% z_ek&Iyw75Oxnw?AJa^zlbva~8&K`5t#54S1Vqvl=)LIeIDLUYo zLOY3Sg!;@y#E6F4{wvZWalCL~U5}WY_}h)`J&8@k2e@8Xpg9`xi{tmQ;k;l@;2kzE zdfAENaEek^!IhDY198*sbQF%;Z4@hy?4KU`Dhb>_%A(Fk$3m=~>DSMS3;L85 zt}K{sr-BLD4&rFNC`%RSGRl-+du~0(cyDzJIg)Pq@j=k7Gb20FZu2>2o>?N!ltfL; zV(%HPu*Xc-Alm-YJLgwOo1Hmmld!o;7O2~Bn)l%-fbkk+M)mqLs; ztPWy+{drG}^``D_^|${c6-6-X7U_-ZAJR5_ClsQgU9jCI!;xw)wB2?W>^*Qm60~nc zuQXINdJ_DgAbdrwGPPP+KQ!AW6{x!DM)7iUIrdo~b+NSHUKJTCx;YY`@ z0>5(vwZj}OzRCD2?a>sC)$$X-?^r_ z3F{9HLrr<1l0YFu`UuY{cuDD0iV(!FklYZX6YdkE?gcZI^%jLQ0xdDofkol^KrKuq zU}HF`H{~<(Ki(Fp$hzoN;IZNTZ^y=eK9B5FqZbG8QZ01+8_AH29Sum*Fz?k4~TCL500DVkj~rMDaJ$pPNgCq<*QvmeXMH{bD7 znF(LF8#5L%Gu|@40g%r;K}Lb3%d(AU(xp(M&DbrJqPyDGmR3p@RgEj97xj7mg)}8+ z7wxvR;JG;_oGO2 zEusnL2Zsm*sb7G4yUkK9uG{`4O!Qy73wL|3a4wg%DemkW5px8Ki@eU0V2#dGS%1+F z(e=AaMhGQ7m)0Lsm)?T8&Qo_(s2}g1cs+hTlMb3JW_vtx;BAMN;+$+LoS3=n2<^(M zCgW4(j)U}vw&c~P5%IJ4AS{y0E24`ZUNvO6qKl3Ebi>Z|Ink(c@|6(`eZvkGf$^B? zj%E@~a&jl5cw>Y53_`^jWN%24oEkdLp>Xl}j_d*nr*aBN6tJ-+v2ql!m;zwR-tgV{ z{N3L_yrS~G08Q^o6{6E_Y>i5nZq)97q%R+v+Sc!Iuqq2T_gvS7Rhdme_`nL_0G_l#_wwtAo!p{)&=>48=%gUh4B|8KXUB+LH0#m~g3Fe-c=R z$QMU-nD>`((yfDObxc;2YZsJCUm?b<6_nmZGpbiZ@i1m5v1XhidU0%dC=FrVLcZq7 zi*Q(tDTTm<+$tLlTj};OvIqZY(Gg+j+puC1y$Z4R7`yKP(|w1a4LCPK$2JS*(^Qx~ z;J4f2w-Ii)&;%y2c!V})WvHJh5ly9bD_FIv!uVN?u;}1x7CEsVej&q$I4*qXwH4eZ zH+?>W&dU~IK1b=N%2~X2uC0RM0I6ePrsIk%Zt|8e9!xVd(aJ2HN zsW;NlkjJGl7AcZC@b(S`goAlO7mP|Fls3+}61dG6_enWSD^o#|O_dd*wMjwj^0yZ3 zrB?NL-&U-nDY6_FU9hA*=XVAil8}0jS94S=4s1|2;RyzE=gbeXQXIY0)oWHp=^{>b zMai~I${bcIcyB0WcL=H9bzE|kma`Pvj}Sfz3Z6g-xD0ger1~a6l5NshWz( z{28mw3VnbBvWUR$ik-;_Ef*vIIHA!-t3_e74bnDgM#k9)E?HXvIZ?U2I-`?kwO$pm zqudU{rBhf8>Hu!`?&w}c69%47DcoH8O6OQ~!8PXuwlBVMI%eZ?R9iA7aT+CJ=o-3{ zW6l$A^mGN|)VK=KB5HO%2bz5whLGu1>c(b$*V*Q2L)0M(l+zvPi;6~K@fTUy+I5&r zKP!-CBVecFQe zw#fPW;fNfGBQ#JYf~nn7m8$QdCGkEbs{f|k@bF!p06E`fUFsoa9LV+Jn^DyRvP_(P z8|yyVM}nXa=xEfk;CK6XBDlD>I?`si2UyiDQ8$pbj>x57`Hle)We?MNg#g`0MEm$Q z^e?($8!5TTp(8(8&|lLNYd^RB-0l(jUV;Q_(GTAK&5hbSUaQvMA(6FRQi+NCujXRc z^u8xcURTAtC=tJqA|$TdZ<+&!du3C4-h=@_3KA!hzDsVx-}!JGeA|u=N5d7{I(>hh zXpN|A*;}lKo|esCvStU6uYwdx)QwkkH73~ZMLwo zqmJsQ*sDKR4|Cg{Pg$MI=>q0vm(DpyBe4v8>~eJZ3TE1Ec_VhjyN1G~yTss%zQRD` zzIIQSsHjM|Q=%`pm;}Uo=wCMZzH!cxQ;@OKlTi#6dR3VMCHMdAa!HN zHryjd9{*hENFK2E1)#m>vnk+)`5%{k*)ir}o~$Uhzmwpo%dj0EIj%ND&wmj0VnbdV zQQlJR>!1jx7N;#SJ^g~GMi)xVN5{n~I9bd0oMw3}0 z#JX;}Sx|^rkQnSxNYPbkv`i*`Rpi*z;fFw%;O;JI{?FaTLec&9V6lOvQ>-s!-quxZ zY?FBQE-1s(G|dgpVkRJGsc9!-%5iTmkCYpyOI&P%eY?V46&*E%NVv$VK6dX^m~KR_ z$mk*WYR$&r?8EZp`bGZ6Ik$|?l;HMb)2f5o`G|^ATKm#fE4=cyf^2ogCbc0$SEUy9 zrbYTjD>rR723Wm7l0xWCqWNzfjds^US?E@*>?lzv=hzqo7({`cM%uw2yOT;TI#IAF z;@S|_Rh)uu7C%6Qnuw_dwpJ^at{fyfRWa(*@^mFwrJ)vpQXVV$g%b(c@%N{Zg|M@Q z@NXQ=iy0P+Y3fiyhdtM|fTJ>lE1)C`3u*6EUHnulf7VHPb|l}r1vf+$WMP2_88BUa zVk7QjzGw?Ew54qcxK&L#1#{l%&fNtuA0+e2XF{%jTGLb#Z{OcY@84-r)zohp`oz`e z$I6g7-fbWDoF(>2skv=tPwGT#ga{4Xl&c4 zslyPm^;ObD7xY5s#mZo;E2auiTwb7VETAspn9(^CoiAsK5e{3E^D~&0(4RFR_^z>I zmP}d|kj<&Ni4*$-9s1TaEl*IvND|^L@A5C^c1FpAvh^qk|3}ulj@y15Ff=|M%4wST5k*6)@1{EA+jD%igc= zv09I*Cu3xUV5i0Z!^1+i0Gu@&^U@F9e8vyc_hqkEffXqus^$J=9_O{5&=NVE@BI;2-rskE5osNaHrwB4S}bNu6b~*p&t^9J3k76}c~yJ< zm`!2}AI+C?iPjxWyNd=iICG5rxmefZZZwm#_t+|#lvtT99_K0Zy|*CK-Kr!1a+=CS zg3NWgm-3}rU7Ud112A?bEGY6g8DYTB+G$WLIDt$SseI|Q4 ztkB`KJ#0sX8Ua*cVgkM4U=X~T;rc}SOP*bulM>+O{jYUvo2?Go`BrNk^?+VmJp%Cd zpb~00p+hv3h}r)3H>(54 zY%*R^P!h%6qRl=Rev4jzgK!TP=^4iLo5tnm@xVaT-hQ`><^Y{)-JCc=%)3vAP*CSU z+CbPN;CxqC17N4g`YvDP{f)ygpt6$Wjmu6~9GBI}M1otn;}MtUb#G9ZyTejNqb!Lb z6Y;*w(U@h!a@&u9+jJt0$V<1g9rD{&yDOHqhZl@!Ap({WX>64(XY1)c8-z_2==|$1 zKySN4jqSSJjNNq3Dw^Ztxtm9uPa7Bg>53x>J)Te(Km8ARMtIY!O+G~UPVa7r=}^?^ zz^8ms_#K008>k|eGdJiV3My7OL4QBwEXxH8m<{dr1=yv~Py-+ngEl?vnfuk2NItcK zd|yRe9658dLazI@$H5qH-26~T{|kc-nW0IIe$Cf<#e6Tci_0x+1YX{hz~xBnrl7#H z<>Bv%pJAy)e@e#2h;*MVAN578tVqT&*>8Pw==A$5D=cpk?L4$#i%lDbyzLet z%s%*@AgbK1auCF`vcB~kYBfZBZ(DC+3Vgmlp#_0wILOkblNlt5e=G*n14OO6aLfjCxoy_up&b4m)?N)z`J67~gNB;2*CW6d; zzmU}L6J|}~tRqB(Y~KFN2t|nvW-NRh5U$xW-WFc|R#npXaG4p|BeA{C_jNcTz9w(p z>8QW9t1tXLu3>BPYZz1dA3>-jD^@%!WSb>)y9Xrw&!QS`n+P$^FdqTocAUBSYDeu# zacACD6u9Vq#$-i4r|Vx3vZ7y5FOMGz^G%hvI(A+S?&JX%w=N7lImpD!Rafu3wKFB> zS{`hD#ZVx<)`m|uCy>02(bMmQ8-xlmA@FD3Od%TfpzXd5KEqa)t_}>yBX>=0;jNfr zh5lob$j9CZv&&*b`MZ|8p1Vg2nK18HLx?1QP6~2*Z#+e0keRzZs+`Aw+cQ6}0alrf zt1kwq5#&T;x1i$PAL@J>zKZqDl4FYHZb3K&c z3l8F{ka+k)P`+-aF6!=Sq-bY;jBR(@HMdN(p9A;wi~_UCa~_i7Q(GoAee75UEWUUP zN@$G`n|~o*tJ>&a>GL2JNf&E}f|u^gIRp1Rs-a_=w)z8Ec35ht916z8KcW z_On2Q7j;k5XXqG_Bl~GCk(o2^%$<>@1e~9!h!qfvw+h%hSr0vm#|E`q%+IQxXLuv0 zFP@YxnL77h7oO4%pzLKpoiNiGDAQ1-mzS6DyQ|A>y$h2{GP^RH;aa5r*ZaJ+_7g3X zaUG|XJPzfWAK2GUy5(;Uweiz%E57X;rq3)_Be>UN9(D*>gl~T6tsBP;Xb7=#ZIFm= z)ny1zX6iIB=~VYtNb|9-$B;zUsMmo4WH+Dr*IXH?UcSpQv3gNDU%7h+}6 zQXh||qe_XMo)_Z-Sv?ou9r2urff4$lMDtfjtVWJn=tOiZDpV}$zVr9J;1Gel-P6>q zon?nrmR3ua6XK0c2QO^ysPnl`oCgfe1TdWN<;d6yYtun)rbEnO;Y2sk8X|v$sr_-)r1*nz#8YwtSVKRn?7a96uPa*0 zfs29s?|=>Kd%)QhWk!S~lJokIt1SMx%uJ-QCr zLl+~a1fnb+Uj01olwa+wp2@b2+ff;XuAnx5h2LCFxOFhj&PJYSZF$FtTHhqYg$yOW zKvW_Sm=?8JziwA7JSb6l4qWDAC8OeGCTkW4co6zIw_L{{q0HXywumAkcUM~xcB}5y zsJ?AxW_EE(@7W7Ub*P$2o0>614&9sZFCF-5&1VyMFwSM0_xnH3D--WuiH&BJAGIl` z^ChE{59FHN`rZ~*CgN;Mm2NMsu)^z{bIcrTc)`F9`=P|tb;2+#vwM=hqbYP!pz7z5 zBg6LN0%pg1cRshe3SG|dye~IF&sSH)_5*@Jr>AiRSk>pJVOoQW@blw+y<22k<8!mL z#3!c~_IT5_%Iv8g8q~bMZ)dg=j*0>ef+I_?>>`58F`JgH>`=6taz9He&A_*uB)U!6 zdLbv+^6L>O*p8R4c}#7ih6@?1`5wk@P6gN;H}~`Yib#C0VTi8iZkTmn-&; zP#52HaxX(ZJkiCjJYZ&fRUj-UF=ixm37PnvQK05-+R^Alz<$M1p1QbTRjjX$DrB3H ztQK*xbSk^()Ygu@Uc9(kwm7V{h<4@Rx{~)&osVif(<~mRq ztqtcZQSQoT2~qCqNHo#{TXO>Z?iYV|P|oDG*r#G}9{IOUOk$75gQO@NZP#9` z*kaS2*NJ$i*%*Rj@R`7oRy#KP5qm|Qzp4tSY1g+)g#%WDOBds>Zn<;>=SWj)r+5UX zNnOfa?Bj0vMK}28YzxIU>ipJ1<%+Uzf3(1(izPV;sWny?QJFcf2yn8qosnpJtyz}% zYnR_>Y(2^7eMjV~`N=rM}VHB&R$}^ifl!G$KT}z~`vhT$)!6#(0>bNWjiQlCEqE|*NuE{WIKBZ|;!+bA~ zFy1#!*QW7ZR5GiiN~_9vc3;frEi`cuUE<8S}e?R@vK zzv1F6{c%8V>-D~txL-bdTT^3RKl^R-sX?fuG&3W|l9FLExsg?6?xZHdl5Ih5a;7mt z-Rv80`dQ(i0oFWKd1gjY_dhNRg4-fe{MA$w@0Snx*=?P3QrdZ9)iT*G8vM_v>q-A& zGZ4&O&D9GhYjn7nN=8DzZZu`k{xxDw&o-oLi0n0S3n?E2NO$APno*~Xo`dC?fNt!- ze_H6Z{L5mqgb_yNbr8VX;UH&*6F9oj_b?nUr-NM5n7w9VM#rAMS}tey*wyU|)7xSb37eBAPov1$Qz@pX9iIcYfCGz{1C{e0D-Iw=;DYfT{Hsftr zFxzH|a`ce%)TFfgTgi5*ZKG7TUpCL{_%>38aX(0Q-E1F~e`I}5VTa|}_ zkiYf&(DZhQ`@`LlIzPsI#?^4+E+sRYCSc`OaUyC1c|PW&XJUZK$n5aL&}>(LnMVki zo;+-f|HfRh^OvRJhAHiFgM^K*CNMp)yKiDt18}%^#O!?MnTFznRYIQo^JD-AaJW00 z=J~=XYn}s4kM$p(n3hX}_As0PZXhgAc5K5s}sKBbkrx9-<%W zFvdPgW#06Zl0~(P)#}49q!0=_8ASx7?0K`u+-0SiK2yjt5k%Gd;G6M)mne>4%%BC~ z8pyf>wZer4K@*Vx^<8V0%3JOUEB?=Bu7XevFiasQlg`FVzfsbfJfO^Mx9}TKas#ze zxd!idu~^P-5YrxBcqd?f(U^();WVH>_1qtbvJl*vrO7>8PLu@9MhOky?@y&ozHm)o z`yiXiY{4{OT>(#~V~v^*`Iy(QZ_{i&1t#2nL6~`OAvAmz3dieFFod~HO(S|?o%s5W z#g^u69C96!mhC}1p(u#dz*ZBCHzZ{2RyS}w25S^@Hwh_v2 z^S8GKtH5W+K7gHM*b$I9NQfNifC#St*`&`wKam-D^fl`DAGpG2qdp74fVdty%%N+5 z2${Vk?zl60f(MczA?nwtqd<7fR;J#88g#1Lw;+>C>9m1ibgH}fAlhG?hTr^!(}uXv zOYUrf@ZMkysq7Wf2H7yo?kaej_%-x{}kJB*9p^77c3pMQ=!SC80Tu2~Y6s*(b3T z7T1@G!Fl7*XSM~b1+x&^94Nr8d%zj;U5T#rYGAlI5%e*31=nUik)7`b!+E#y8IrhD zoF7HP!9IKS3Ht>&gb9%m9xlU6deHCEOv`W&ongk@T?AqB|8z)*rOMh<3Y!0gu#2?) zoqL=Qed?w?=+23o=^8aClAmoC1C>Je&=gL?L#9uyE8QU)m0I_x1D>lDbC)VtyminX z)9y|oh|dRMmvLIUb+{ky>BY3~vtY_~oB{>^-aLG)CvhL9An-a#h>Cxo8gAOtxexJD z#ADPRL;r>)XxRt6Oim*1G0uj*b(0~)|$<=gMoze|>O-3#+c3yD7$=7SfUa~4#93;UFd4T=?|S*p|W%CQ^pHV4&l z@e&A|Y?|#yRW8%wCpk590)LCVFQuQ7QZK_(FVh(}MgN$%=~b8qsVZ2O=hP_+Y$*$H z6ni~NJ#56CdeSdCt5ysvRFu}JPK%WjE0pJmD+_oRc_I9GP)#}YBwd{UUO}x@L0zb- zfLxx#1lARM;m3Pfq!fB@6nh^^Ke;4aI>ukN$zJ9MN8W1D9n6c4l}0B`^V5=$(B|4H z3&JZ4mKOUUNWF;3y!a&CzI;8vq(5NO9V=}}n*KtYd#)^aROEyGp+`JlYq*A+NfY`nR_)SI9=?^Df34+{?U@@!kFnoMQ5$FxN+LZGFQwp zH+@b}wAgn@>W^;1V}1>x@Ye%2i81rcq-iZ$5*^yySY^SdAA-t8dbUMAoKi2K#M^Sp z17peqXX&xhv?PTbms=jP0~NI~YQ)iD<#zKHm+5aOITyc)E9PRms2`{s^1LKu9$eH; z%kvi4^vkI$l@(lzi4BT#6pM4Lr3Dm{yr}3Nekq;ulrK1olpiH4PkR;T!1|Y&Cn!%l z73XLc=e$V^peB2%(>x?8o#K@&I7^lvH7F}+73WAw3&cnZI7$m}C3}%2d7aWc{8B$1 zty-AZD<76BFD+A^_AAa&k`{=U7NC_DAWHUPrF)=PIUOxuXb>$Q7A`-^R8~MN&iN)S z@R00yp76Z;qEkVy*!CVA!1KDa2J!YiIy7A&wSmYbI=$G#;v z>c1RA`f89rnJ8bP1_t0Cpt|V9^~MS2{0vlAJRN+C|{PBZOkjSnHM|7 zRys|4ALJ~K34|tj=X`szQM)WJ+F%oFD@}KrRz1l1evm^rCSW%wup}+;ImxS;=HXuT zv@LHzMYH^@XS%I@S=WB7!p|rqDlGk~X*K46yf@h9x^E+Vo%--k$z)5Dw!@V)^ zZ@Fiyhfjq6<*JPfW`WM_NsEXD?5yh$%-^6#;oZXx$$CKkToZVX3MREXX~!RYY3==Zpf>{YKRjqR9{(% z(HdC!d17=vKyP*4=fdG;+>YnX9Es=65=rofc@r6*3^fp@EyxkAp~w+#ex5r@Ym6JH zwZc!T>?0nFO4|aFAX_a zFO6UEQJDz{P+2l@V|`BC2_)F|SxRzmpc>k4zBB~iAT<=<5H=*=K+bRHmCvnt1g{Qx zM6WJ+1g=hbM6Pamgs%2_#Nq*bdXU%!jojD;4Po$dSptzWoJof?Cgg{>CKUJi%*^*; z&C+f#8zKSt1(g6KbjGxpV=CMSRuN`h6@F!AU3GqGW;!wVUWcDI7QGJPH@Lm5UyYy} z#0TJ0&}T)N`NR}@SxLR%Q}AYWYU#rSfx8vIeWAxAj;Ygr9y6tVM?#|~FvX4=&_WRpe-M(UVLBE8Ji`j1#$^Z@(%4vpYkdY- zfCto62b1ZDie3ctVR-d4Zv9%a0eD~=nj8>|QvSdIdXQ(@}DJ&4ZV-DaT><*evLHDaB z^qxrXHw+wj_3&2B+OYvjpc*M77U-K}I$$yE171D5Rks#@01N1esez!L*eYGCJ+KH| zq^d>-p*U6nT*J?x?ntX~K*WxLfQN7bXzTB?=pa(ZL_l;{CiESp9Xg1`u@WE`whm=2 zy}_u-wujRD7RCo{Ex$pjiMVIitBvslw-nK;!R)^$*sG2Cgt!#q@x8WrAQ0F@PK*H( zxTysYg-JpoekI1DkMoeNjTzVnLZd6dVaxKns%^qK`1m-qk%J;XgE4X`-y%^!SPy{k> z^qLqqk%0X$184$;H>wq=J@;PO0TQ4b#rqd}ye4izwMd|x2opkxTjLj`2MbEv*I8}m zFGbOSd8rs+Jb7I-MR>HyC=xK9$`+bj!R$+vm?brCI%^`JXlw!)PuBn^QU4nl&(MG% z(asJZHR@lY2DGJ^S*=Zbe^jYKk+-OW!_byvuD5pW{ZYdKMc(a& zC;_aZ#l>q*0TivQ0ppF&;3N{N=y0``B$?-I1bRmr9-zr*InknI*ATsbvHzQ@XUqDu8keP-+{2Dwr;fy&9n029!ENpehDyz!x1r zsVfAkL9nIpcg6QbqGW$pYOp94EYbjr)ZZ8H zXg^M0z}AppYvBWf&bZqeea#mQrh>Q14w{csaj=KRfx)I6SOmt#(Rg3n1dC9?mO)@k zH*FxWac!V9np1?&}YTSHv-R_P87JP_Ol z0Nf#BFB(^1>`*XvHrR?8j2j6C00)W+#_a$*qk|obz>dXWN3f_6Y=sMU1m9__%KM@> zxMcybNFQuv4|WE3@D{j(ufTylfvsV|>d#=c@L2cjKbq5j(I5eLFe*5(P%w5sSOvy^ z{c&L6n{-;VRg1%pw8#Z+KRve)IJcdo+6e;p%anr708 zKn~_C2XCzTpSO|zFLvFC{r6orRT_WXbr)T?G@hn9HTLUV52ZEiwU)hNz;v`Z#;XaY zq@wsZIJ25qM6v{*R8vGMmyoX@6johdw-yNUj>2eF^j#IHY&$BtF5B{!dx#&ig2}KHA@Wp&m zpfIOCEJ-AXy&9K2BxFTCZ68hRZ&)4e_cl93HN_@G!23eH#Z`awsBpRM{bUP+=Pg$~ zYkE@JfEa3iSYkg-$W^w}qaT?r7oooPEE-*jlLpWF^v;T8DbINBs^HS!^r)r zWAyH{a0`4#jueUG^z@G{QFx7aRM|&^wk)H1t=K*JUezwViK5mZ&GDbRa2(1iY4~NU zdF`%Fk5f}-CDdm2T4{n_6l|#-7b_-af?SE&&SisnFo*2iSvsJAsd|X70u#utl zlIEqr!1O$(xGl!^1+zGk^%i1hf4iSrC(9R>s48@nNVg^6o(m4wJ*-A9;;HLEMQR~j zA=sr`#yh-ZfiLEQ!58$p>U1i~VSZ4K7M^5teo~m2l7+t0h#jvS9Gv))iuYr1&aZlb zl4>$1Eq8iC4)4o{IF_GSk@JJ31?)wV%U_tbjUj=Cte(8R6$w`+;{0l1n!rlCFmK}vz^54vpKFQBH z1u$lc@|m~pZWyLMhMr)G98Ky^=}#I|GqfBh!USWpMyBfqMf@05C5}=I z;vBd7CZfd9!6lNTPZTkOEztRte%~!dmHr`WhW>Grc{qmEkoh6oE}}7E{>&tTwdTPh zV(R6}F4Cp%%PTVI<;pLT?DfEh{%yH(J6f?^|F3?K^!=&up)bG*+a4=Xo#Id2_pf%F{C2b-Wjx-*2oPh{Tq>H=3ciSvVaLXx;)5vvX%h8 zDZq`j=ywyvS_13dP>Wt9d#rL&6)ni3lXwR82(h17jgWD(al)BTCP&!Ln9gl=;j4xG z^-DSDsv*ses0@NJlTS?2x@vN;``6L4EnCKoRfYntZ64NgOpmJFcv*e<#G#?mRlq~-*Dh- z7slRLML$MJ3eMNeRlUfHzYQEbJ__V&yyI^=7Am(*A10H#nCtV5bt2!~?N>1=URNYN zgg0_|#rW+jH#rTjGZxHs%n{=_KT&QQY5n0?6(F<58g4#y+tx0;c|gKk=550Bey<@g z8I{aX$76DEva7mjL|_cMQuM_EWn(j&l-O*m`)D7xD3b(Q)@J!^iomCKF`zkE-C z$$)I|-`Wa6xlX@ldO7Eeo234Ht%7eNerYPan}y~}Toqmw-uL;;M_zhr{cTs|Q@&ig zAk5Uag3ed^?fb|%OKEG76YGHQ*3!wDOe!mj2LXKZe$SzR@&m|;@A zv@{mEgbLl^9N)CLL(CRE^w<*{6OiFy7bJc9O~1)Rn`+Ws06kpv8V!WiRP>YE`I_{9 zID6;d$OCO#cw*ajCU(cRZCexDPRE?swr$(ClZi9&Bolr)=e~FAy{dOledknlb#?#K zzv`;J_u5)(hbk86E%e{DOmc|pv@>r+TokPPX}Tx;Xy#bKeKA|ICQEvksaQ_X&JKf( zVHNlcav0ohPEr35up1h|#N*13^1ds_`yEkfuLM2u_ad3ZH|z+w{ui%hKZnX!0iWum zMq^?-DOG#y=qPe#EEP7fq#Vy))_>89O{@_4QjWbw7HU{i)ZN1S>qpe7 z3nv&u7E7MyBscB|38liiev(;jzD`MQ+!EqQb?y|B+5F}kIrYdjbLk$%fh!aligRF# zA1x_MlpsH!FmYZ=98IwdF0sbeNt#`&U}tR^ zA3v}TsMmXBqEyXdF2}{@Q3aTk(imMTqm0;vG#RU#rcYlSNdt7@Xw z)!!UQ>$ySCS0d{qqVp2Fd&qW7n+sCWEL+11j?eG9|Jee8d65jkQy-sv@Qu;#@4VLj1CZ3d}U~br+E${GoX)Wr;XoQL%=}_ zVx3r#qQhDUWYY5Q`)M{|=&KHSfn-+qAqjaAXI7W>*uJ2mLiLA+&W%?cS*&YzTs0zf zKRavzOkMLV}zVWF*< zR`VEYUX3kPu{_HPnI;&GO^6g)oz^OjNGSb{wHSi!80zY|8%%;Ag_P-;;F0{&Tudj#^9#X5dC^nhBRkcVU>ffP3W#wx$rr^-M6~Ku@^@&a0K-njJz~_~ z=7Vb7`I$uY4#lqq2fs5H-b#!98XO;Ip1$Ked`zCcFP^?@%)Qp;J;mie&E`ER9Nzh> zdBvq|y;&6heSWwh52RTk;-uJFo%^UQcvr}OxA^){_--)x=nwynB?S;(BA!(zD8Q@- z6Ws>762O+NmgDVhL%X6?*ryy0H95n{>Y&sjY;evj)-1!Iq4Pq(_8`I%f}A ziFKE8hkCV=2@}mUf$8(OQokc3^toVdL85qZbXG6azk&0P;)@1DrGw|i%o>k+>+6f` zenYVc4YxFeMxzYZgg~hzK7b%0l}3X7`ua=>6zoFR7k=>$_-;VIv;{ z`^K*iO0+wotBWq&C9@~O^r_qd&#phB+7(^SiNwHQNF$o*Pu)$bD(N^iB*t_LYkok1 zdx#zy|?t@|g+IPXm!pgVc|U>j{dT-Cz)u zWKy~GCnQ6`I^iywgyM-;5+KOD^iMc9na2bSM zHS~PRvSZoieyU(}(L(^W2L`(23a;yC7h9Fkp$P15>ZxS}EGKI#|0YQ%0*;Hz$B-@+9cZ1#WznchlRTWX~WZ zkO&U!xf&9L^#+aUruOTpLjAo)upb2YKE(K^27zJ@Doin6L_xv1#_)Mmfw^%W#XGZt zK|@rl)_hPeVh^lLHzXx{rFnZ`iZ@hL&)?8_VPVMyyXAKSm|`6477EPQMvx03&ecV2 zMPeM&S`O1-hGY(&3BLXn5&9cAx(_t$P&rn=GSe0V(3fc|aPSKJ&jlF5=_o@8wrI+> z?llel+3wAQ|3ApbpRLlR2}s|*l@k7|;{V?u=KpWX%~$bnW@`3-vTl;qe%NoSV*ANE zJL{!}HfdpP)a*b=E&!wL`Yc=PDX)l|nt}ye+53*UOUrdeV{I&uKVW{wKL@Ci+=7s& z5CgT5iQ=D?!k^a8x+N(Zd}lnbXPtMP@16vDe}8L(oMEcoeC)D1-I}sL&rorV@$#Ft z)Ao{C)tx=^+_nPn^2}Ce7&&qX@Ms*X@t@Qh8^UvZ`Umh`BM0khYSPRI(4?xLU~5u~ znn}U?8m!Hv7%d-rUbq5tq|d@F@5au#MLs*OrnLMB2V1CSXha@TjBs`cfQsCWReKOw zKT*VW14DN7ABgh>5zT{PUxL;>fps^=ZQ1&IoMbfx^J{xEzSHyPTZgec*;?jl+=b2} zZS9^x^+d$LRBQ%&YlWt+a;;{caW+pmR*Nj{#u+OeWYyoc@LyfAC3*=5!6P zm>DLpMY2eKXezKRmQ}=bKeIXO>8tVSApB9rh+od4*+-o(0pM;`u*eo+#g698WFbSG zm0;-ht0ml;0iOe>7d9wYyRr4n;;px6Gm_GchK*n3@$a&p7-}V*%oS9n{5w z`8H_yVv2K=I|{(54crjByA-V0>p+g(hZMPEpWxEeQB`e z+-@!QyOG$4NP^**omZ)jkF=t#XqM3d%k}zo2JkUBQYU@85q#&ab6EgAFP;K5~g`}dV>Bo?@+=a~ zZM)|Cr?(?^nYTu&hqvV42Ha1v{zUKyClL4nI~~tBtZ1^}iU%Gp--5i?FCA#MMqX8c zwNXb0$~36bVjUBu;h|p|+9NLGg!+&u_@C=5b%z!l&2(S#E4$*5Iw!6p#;9U;!`J*_EPo{reJ7y1jvXo=ov z2&0WyMx^N+XBu~UZI}(A`zE>L-YdRS>);bo*ODJ0wh-3cid$gCAT?#VnRWy5Y0Fb* z@2&V}g?QgBLm5r~WhdAOvCW#qhI^-2VE>2J0ZY6Z5``rPSR!2F--oX(JV?-cJ4 zzPJ4{FnSFs3s`!SM8EEMSgnlOB_XB{JpO=@Pl9i1{h7;(Ev?!wwT%J z7a1YkhN-;re=O6nA|rCp^{Qj!^lvv@-SuhG%bwtG(%&xVHWdaiyVz#vlMTVEW!)^Fs&2@w)zDL({d$L*I_4>|Dp zUYG3*-w`>;u<*j^3Fn%O5hxV-X7RMFg+nNQ5xBLEjX&d!c=;Z3ajdcXATZvsi%g&W zg;Z}kfQXjLJsdb25x=a-O2CG0FqD>WFn3bO7jU^9l|fChX8^tVhN8n|(Ow+giSCv8 z;di};{*#4MV?UUfC|&)-^22OWL>%WN2a~^);32Eey)lu3PUA_^^=E(Gi(GI4;a;25 z-SPF=vxAr*a=lG&E9&?(`olzjx?o5Dw4Qq$%A3O7bh!*jO&nv%l4raeL@!g_zVpax zN296P=SHdHb&qqRvZftr;x+X+yAk$m* zQTI1$a^qPE+wo08q?XTA-omh0EjqVR9tn~C?m`|hHCTIJJU6^>KdKc$h}eE6CZ8*p z@3V{?Ow}G5#-yeh_A3X0un`Xw!_VGamaGOJdF>&XWOpk%mET+T!iQ>|Vc%U<4q6>0 zhArA;x~mS7)w}Gm&Ep=eRgSzhQxkpU2h@cn*3?Q%_9rzK1iL1w7=}(x63rI4X?I;KwW(7bI{)#Mqij_=7$?S}liRW`O9W6Fiu@ zC1`KgLf=Uja#8Xl9 zlL`b7EO>svW*cRNbK4H(Q7o^5*jFcWvrUSo9et?T3Kw~AymdsqWgdNPONBWs9Eu{8 zYI#CUF_mh>ld!Q&avH|q!~#Px?{ik4cUDZ3>6?Elp7On|3($YXCz-G79sl#pMEF07 zPa^hC|5x7hCH}7R6`cGK*W)(}KtQw@Y^$1qy3oy!m{cj?Ns4x%(hyyBHi$-64R{=Q zHgCsBH&B8Cr<~bmseXMpc=($UR~r6Fhu#e``G`{ils}z!?sM+>ubp=$#|`{H=f5#U z+vA7>8k1!2gLUe7@)f3PnnOrX9cyyrKK_=^j z8jlKFv$xF4Qy0zwzDT^A`Ls{7X7P`QIY5RKWBDI-nnElm;56J8X)IV9vM2`wi%X8n zKv*j_C|(Dj$fK$KxCh?5knVsP5b=)5pxMBc;YUgRAbl9Rh`$T{&&llbE`@+*!*~+k zk#BNkE$52qUA4F7p?{Gr+REU2C(NdtZ?qg#^*4yxoF-gHWy+B z!c}6+iBYlriUBFs7?~<+T@p_k^fJ{}=IOZPZuo;%xd~e^6T$fHL`z?-DM#uyqv-zoms@0Xz1(|T|4?+3uflLGnTc1B&M0^8PlT>uIG(Z z)Mn9SWOWTJHJtgmMM=r@Du>C^tWoeHrGYtBUkRwYEu-d3to41B*=OZMxgEuPAd6i@ zL)J)iVH>^4%$M$)hZM7rgdIh!-5_dLJ|mEXQKmSfMb25?9A*l)?_K-=;RdJ)$x+xP}m`VFsk&7TSGNd+bm z!O=mDI|a=drH?I*B}pNt>_49-OZpK&X}Jhw7%P(i_xLE%g`%H`^bf@x1=RC!LXB~L z4@*J$vdTQu(dPD--|lLWiD;<1j_nNGjS3>Lpsx#fZt?fqH5+1QPEP%TawMRKQDd<$ zyn}W`z|W1ajM}6?+VEcy_*_NLJuH%jcJ!JaLwzrd{FNpI+=@qQ9+O!$!w_v_6?HG% zQCzG29cuLn!k1Bgt`HSmQKQllh(NWylvcjtWP>_fKdXNdf`Z+SD4gPZ94pA&`ib4a zzr`XEbVDC+B>MoG}Gdt^?~wp`9MMJ2$US@lPUs+?nN2Apk? zuuu_<@6SYBC~%cO()}4oDEP)9zcv(kbb9wH(uPvLr`wR@{tfA*zf@r1dHBRB(f#ba z5iI#D(f=2s#9awx!C7{e@;oiO(1?V7zAfp`LR*$yu_MJ*luA#pY8TtrU0X*n)Jk>c z>Qb;s1DK`!;$UgT+vR#{aPBe=j6}tdq4))$C!Z~wd}Ss-(RZ~hh4 zroXfc|L3UoA54P3vabI#-AY!`vtMLF=hNp|a6Pk}9FbUUh@EW;HoFOk=ccS)CM1=^ zEkIp3RXNs9mpNCB;8F5JLn0QUWriV4cvgb$lmZZ{Tai0m>gGCMw?A$4e)@cZ7(&g$ z=r82izh<%Q{#N3+6z{Un1s4&LSc)l{wZV;rWT{KPX){cCFX{GY(!(VN|C{4|ywO9; z`+8b5TE-Sny4GDV`);{(&5Gl+@c{PHGYnNq$5tm9Um`RH{Ri>WKu?C*Bora&N2jhs zyF`40wY?l2Nv0U?BuzjIT35r49ze9}cQamxGz(lI(9M##F$6-l*J~z~2B0`r5N?LX zRdu>dBh+uQfD)XawNf%I&|rlb8WmDTBsTBzli0*H zBUa^t4ThcJ<@lNZUbmNCZyb?dkv*Ol8Im1ZTG|A#qJt4wb)M+BdV+FcUME#&PN3gr zRml!pi=y$@4^xd-5!8}+Micu)NHG>-sH%rn;fnGJpCo;B02m?RQ5C8KzPa)%t$hjh zJflM_UPgGtOi60WdD$w%Bhpr`aoN)nLJugnJju3HuVf;`p|PDP)~tRa?wecQ8*{GUQo)wpMBwGQd zfDK70hlHjrlUSc>-U_gKIM(j08W;6M>G7`U7U;maidXLDrv{|~YjW_D&yMlSYF|DNE8?0@tGQArsyPl^BiL`gFn2Q#Ptk{_v7 z)l*p%MCX%PEU6X}q*A^C!zd0FzJY5do(P*0wyI>}?n*C_k@{|H-7$Qoux~&-g)VOH z^UzQ9%VQDUGoJ?WHNLa+>38=@4qqmbK(8MdQz+YDgI%)f;#_+KMoeNxqqSLg z%?~vrC$-iK45M-g{o@u&y3Ps)iWLvvUoP2u=AoM`*dp#qo6D*yv{*~BHDj(MgM)ht zB^>N0i&6I2sO6L8?1OvbMbt+A6st$c3}1m4=m^n)Lfu9Lz*kZlO8q_`dAI^0CL%H z>`l_)*3cm4r&CU=GVMtioyGDM)1x38{wkRx z8D-(|35)7kco{6?eB096n~nBH&yK%Z+cx|M#AhN(d!e&Ru-(3%8mvEf8?VOfn{7)l z$g^an7`NtyPO++aN14nLEC+)@zEe*_65z1g=2=lh<{3a@uUIXMq$E7X66D{@&~B=^ zG;ifn@d~EIaUe@Ce&?kRE#eE2XKKPoG?r+?NG$RJbALi&LVZ#mI&ES++7wv@DIm!` zj2!MpJF+pPVfgv!xJC5GU&3O|zXRtF@Yfo%{$=aLDDxr>Q3*eX1X zN72a2>AyYbfBBA@l>(X)I$v#6u}N}J!9mc$MzWA&SiGRpMtCy{#o6fUnM}HQia9sM zS+8=Ttufl6g@4lR3@C-58Tj|~cK02p-|5cRo%a_{Pek92Z-b2Fm|eA0F!IOcLUkTn zDkcGqCRBQ%t+sMwk;}I0C0oeAx;9&FThHoeaTi+M<`wtRug>8(jv=EKT*&I{%B($iNJ$*4Dy?e>5!t}5UH~ZYz7$npevDz+AH^cJ|iMSHq(i#6-}@=V_x&5Pm9?1p06T3i{^WkX#VO z@uiMHlo1oyijQ4FaYRyL4+YTNd)Gs;2@7}!N0;V96bhqP1x;a`(~x$w!zA_F@%LUN z2ZF#>VY1j1n%{AF&cv^Sb0o+1sa=PHw6M~OSI|HJ@*N`bj0FZ#X+Gy!4?gntXr?&p zmL+jR7MxhwDp^mZrItG3HoQOIBaS#^e>1cPM13TZ?u(Bz`1UWyOlipeVY+9}yzkoN z+hVkE{!7ThNCtLP0XC&pO4iO#h*+mM{qw#p&LUS=_3fX=?3kLHp!Q|VSO3zOW&Sf` zRuTHbg8#QQt1KEK`{~1i8^>1?haFV&1>}(u8rGwOOXov0MdrfqH-|{!QOY^K)ba)< z;Ec|GP>ss{6t*D8?wcukHE$ek9PNDlr!9-$0FA@}cMUb=x~Z+I!&_9=o}SxO7)uQm z==9l>6R2f`4X0V3vwmK8Bq!-d8-%D3p+pJ-rnWkP` zkQr0%J?+vnGUi%1+W)pjK>`K6tbqAEYPU%mRdSxvlhasqIfuubB7-f)G@d}yiPFVL z9{}lUvN<{nd#277UE=%*Om&_XvlAh#1%++^c>y6k{3ClV3Ci8Y^rQsmB-2wbGMr`V z9DF^F>#3=wE8OU|4~uN*fFFqWQb^)L;^9hy0#NExJdU(XDlkOm6lFe8A9(AGjXI|g zO5!jH&lhsGCZ6B`0Y=JjNF%~JUPBd%5WHcYSD|=hJ-$@c&}B{3cAvdea|n#Nr4*3> zRO6^@IyT7IVsY>6N{RE4?2Hg3NPDcpd?zEhG>rYC7{CN0nuO1lMb@Oa;K^HMvuFt2 z{}E;TXv;Y@jb1zb%{(--Dg#Q$B%9lFu*~^G<};q;0^`9mW3l~DoM`lZ{bz)h$$6cG z^*lcYv)v}`-y998|!&v6`$X?RYRu3D$0V4)B1&se=h zqpXRzC@3Sg_yE^MOXKJXr4&@gR>|2?);+Ca~l1PidsuV@@NEkk@DC-C_>~L z7ORQs-r3zC;q0inn3(UqC9Q4+(Uu~nNLT{>AM-(inXm0pOXuP25(NVDw+Q_el2{#j z3FPaw-*KaS#2m1E%TF0x|(%%zH@x$oeQKIo^@MzJ0s@mqo~bhALtr|C1kHD1T*SAL_7ynh?K8iAgC{x9$c>m?YF<>*YT>vC?hey`ci zJ&mvLtEsi$ylx_mrX1+#ZE?Sd;W!vkKTdNbou?fdF9zn7w~lKV@K+Z{ zOn&laF3GtUaFzrxFIAu6b)>9ZC9yYljUeRb1sN5{zM(Mw(9&%yL1A6hXn%deOos0c z3)Je+Ty7IWH;KK1*~ZKP4b8XKb9bFI!In!JA2kpZG>I+FbW{Ft>es8yozvaccccTh zi0)X#;o+>JYuU>C-K@V=HQ_PYs=za=h77<7W%X-efGn|qA90G%sWRY2ij$z0G^WaU zuR={Ip^7|KjfQqBe4Z8by z@kLwy0j?bj8@_2iv8l}_zNwcuEPqWoRQJ5rM z%AS;=pE5r9; z2It1XOZTV=pd^xYSsG=JJ;U{u`ApV0-*nfnC&w!nS9OJl$x9}B)!lp@r(=v!uDL}T zeDz2TKBI1(F{GwgOegrG->0rXxc>;}_IE{c>MI5gWnsk1(+q#>Rx2yPyekU!ISnsv z0hQe$Tk0w5bzWjUrzO)VdrjjoVe{x=@(uk)Q)Yku0tA*zx+6|!S|RN z>;>6wSYj08FC+_7ET9e33Em8+Ynhk4z_e445ZKp8jN7?-i(WX|d(9^5xsqfHi|FZN zKZx2))3t#a+ozYcCu_%k>^*6zyCLcQ?)T3wfcZ3|8_bsj2L4M2{Lhf^s}b=3_P}X1 zz5i-*lCPUK3YO3PLD# z>NIC?vK)F;9x6DzQLj9iVnI=-kE=3HiOq0bd+wfi3e0}IoWu!$q>UgB7NDuh&ANts zHMHC`YdX~$(b;@T&(>VeU>0FA0XS(G`%!Z#LYf?_D<`$#=JRfY#lHEFBMvsBJI!*l ze`t@btt2>=MFa+wGbo;RPJ@D&z*uldY*gu)_}Rya zl^7GJ;Qc%QU-dvEFq~7IhkX=aewzd7%=bZIy9SN0&M$aOtcGr95ZTu_a{JB-0ruTd zdeqSYXw*T^E|hK8cZZCDT@BV_+`1ibsL75zBUCeH1EYq?*+bxPIyrG2>Qlw+Bexgz1vU zp=)<4R$&5zi?jvx460z~JzL>*GGb=&RWTdtG1+r+VTh-GgahQX5i;G_c@`kH1!0)o zVg}1|(LZ-C#SQdXgR7F~DXLQMH9#X&i7mJS+x=H#ad&+oh6fNz!2k@~R90SuC zg_K@eYmCJb*xIPM0t}toE_Y4pooMZ~oR7jz>+n;-d5ON9W|yXyJT_%GzL@?gPfb>* zC`AH!?{vW}NuJNhvNpNFD5B4HahvM7`55oYUSJ=aLy%lefl8c z#h~t58=%dl9=GQmS0RW=$2>M(ey#32)$p)DJh0L|ERWssfwPaM>{0&H`|}2QoKcrY zbb%7}3M7#+B1CsdTeD$-S1!#l+#ntSSWsyebtw?}M?*kEnRXBmNiXs-6sz;X-;w-_ zdzPjTUddd$%^YWI&kJs~8f3$C*_qa2`~RPS+Zvht zdwm{}fAhCRghhmH>`i`%SUFglImsEB{O=NV_bZg4f7rP#hSW8qOEo7N=FyCov=ui6 zU@9iI;D#!PetdHQnl*+DPurQhFQPooTNn@!5M^!P==)e&hz@Z-&f|Q-82CIIAkTKM z3nCLFu!rzjT)+Qz@9~~#=ji?Tdr0=}M)~t7YU6oB)l_d)oGFC*AqSGvZ zM-?*+r^6i6tEpweFFcuo<*E{81VWEH7@fy=(F-#&4_SM)+i+n3C&MV9HJ+@r`c=q0U5BU6x+UFFgQd_h%Sh6^^v{|(m_4H{BjsG! z*Io_5ADa%d`|B`PAYJLXEHRW?V9=qhYE&a^&H&8s?y5Ynt1X^VVj$v9kBjaJ;(OM9Cb!cij>%&be?zaHGTkLs zUsgq?emLa*A1-=kScJh!{n(W4!X2ilO_gWcth%+yj{*2xI(vc187H_U*HIxXO=ehd z6fbv&kB~b@@GjqnpUW(NvWjh=A+c1x5U>_n;GakJk*+#fKN6c{%2Q}w#h6&{s&RGx zhB5~Le~8w4=k(aMHM@4O>vR@4W-mnWa;hG5w#T}oruBCg6<_K%<8PN#n}#X^2M&pH zu`Qip?grf_`tNlflT)Q_%tP>IjUx zvR9Nc7w-AIE=Y2q*X04ZyCaQBbUQ1Nb_TG7;YF7b;gRg51JVr-bh}Kc?{NsKWEQHj*jnj#_Wv+3D!bNP=|Jg@;0E~ReaDy z=s(2NHijfwVF{v`Ca4>tZG_(u!8Y@D6JANo;SWhD#iTtExtFeQxktx`bdu&wJLxnz z?@Y%qDVFwH_a88H5lW-NVGB?)jz6)8d}GkRAN7dFkyzo`i#f`K{|Y|mCBZtP@Vd(J zu9JColYB-%AtZbCe5qvOS|sH%W^B4Q;-bFS{Ize%jnf_W*GIZ;L6PMJ%={C;op9(g-K^Y0;64b}tUHfYr2bh*>KYmb_={Rv9Lw}=yITm}j(KrD2++aLK ztGqVu7$={GA*_Fl$=)4)@HdtDQL{Y~Bs%yB{-uDyGnUML-mXL4u`HY|Vl@6*TyLjT z)~V{-u)VNV8f|;|HXkjOscCBTeea+9FU@^nS%P0}@6mr54B7wPfc4)os#tAX1x*9} zQ?EhBSQDTfOa$XLuP#g~9tirYG7%b(f<#M=`DVOMXXN-ZW?X!@#cjlKq;=+b=}gwb zbO}eFTP2%XG3sZ}lfkJ7(aV;9{=?Qbf^jo}HICD4`_~Prnd_Xm&fd4bDiD2+KI0C$ z0B1)L4FDN`EzPj3)a2}oeR^Xl>=G}4RqnabP2!>Bdy4oDkb1=- zy#PK{XWX$iXSLc7I5U>%VV7fQ`F?%U#VM#YVVy$n9N;ZfuUR3v|_btBlS`Ppxg z9vf?Z+a0sKx>v0&GPLqO6 z$Ix)e4PbY8&Sn>HT1?$V=ilCz#pp`1-KV2J2QWR@wG$AGStOHkwKf@#6Qb6aC9}y4 zfZGq_W?7s@$-X1Sp)RBym6ei%XaCSIN}xfPOXePvCm3Y!5Q+TwYp6GZVaHFuk3Yf{ zf&=q7(;pqujVMtYlY7Ui>`P}o85(VjLMDp(hN=IXX}En*ielGv+jfkl?6cr*6Mp(|Mx`&Pz@?05Hp6J zVKm9)%^bFS3Yl>ov`D4naVh1=f`q&80dskXPw})yU1(3Wg&13F zBMA+2Cm{*jK3>}SJAglb)~k`HIMPVZN1MTm5lo)+m}Tt@<*pAQN$^c#R|l2ixc0B2 znZ5m!t_~oXdVaOZm<) z#m4VQqD%R$3;U#i_Blxe3sMzNu|5xG(4m!$7p{~Cb#yJaH=Bf>U z=eP)f!r9Wn z%b<{BM=c2zuQ(Y;)2w>64uOh(t;!{5nIM5 z2{Xzx0Kc-D+x!-YBF-g#*OE`M-IoLB-HjZ3ceK7a982>r z0^M%A-wDsj(NnL#KImL@El$Rv7fl(BqZY!<5CvI+l5#&aU*)i~Beh9|6O-N1LJ6U) z)UB+8gJfi9KQ@g;5v#Ida+9fphqZWYrd=Dh&&7k8C$$L`Lfpe2*1GtphBIQnG!JaqwOU+m?3ngKmO1iQHyj{Q1THcz8gA5> z1Go=p6J{M$M63Uu4!{6#Qkj*=SxF~T3yUeUi*TvTblN=HF^!8)RQP67f}O}}$&A5l zF2#6b>+X!yh1;$v#cE%o*JA)OmA=|zB?!OvN4g(UT+;Oc<#>@?+1!-HWtKYKF$ur0 zVl#jR6rEyQVcWkf`v`&bKbD4Lpr}}#M(S4a+8c#B@S;dikOnUL_1Rcd>175psK1*H zA_xrr#;B{9kdnFrB(5h_rGuRuIBlr9Ovg|HZQV=oCUUrkeZk9Dk+jY5(B^~G zkskf<2LDvKX)n%NBe)H+6&1^h%ew%eEx*%JXP0!af_Du!Q!&I5#ML|?bGN^OEm@Y> zO^Ujha6oyN6|dZxo4L*f`+5wWD>%z4H#UUpU)~T0%zd8KG4Bv>@-1P4!Q0{ikT$sp z_WuMECKbqqgv0KbNnCwgGs35blk7wwa8e#HY)!k0i>huc!Jw#>9WRxI)3XCc6vaD> zS{3?CmSm1D$pLNo$7R^>Gi$AiaCR;?GJknkAF5s(e5Jj#*~Q6&J9d&{;MHQ3S&yP^ zB0W&6-;@=YU8)!LGI%Dy<0jgJWH`vJDLP03lk!>}Ny$lLL!eahgf^4pzLWoiZgnR` zZ;8wqVneD#PMJfZ%_vI5O}$GHKuCsDsbqIxOJ)9*gvWiwGR{<_tE-^Gw2Lc(tq;~v zzz;SU%w~DwNu{Md_va7YBk(e7=BCcVlS7d&B&W?f20d3VgKU4y!KKO8UnVNxq%CHV zm+@w&ThK&eGdbTm#$~0QLVt*Y@QlI6}@lPt6HG zQym^qeNhoGYlZ&eLT@5HGq!N``Vbyzt+H&`Ijfni6x*6L4POof~* zu=1#CT;Q^DsB(^S^?J@IRUwb0%;fbE+rl2E&c9dMtu5=0gx#fIV#tf#-#}XXrPKEg z?@Y{ueESLHi(2F82|vE|ysZ75CZeIA{{s~jvhU^k*3fq@n{dh)c} zx9=HJtHVv$AO) zHDW0cRE9Uzz8skxrVUgEE{z((;?#Sg`P+0TcETvqinHMvUekT!4!~=Dxaal6t&;rxr41L(^sT z(Ea0-@=pwnV~-Crt1N%_o4>iH*h!SzBerKO_%t*Dv%kfxNP;|uTD;Ao zLUZPFm@v@N?$wH27N>aqk+>|FFZ1(53A~*Edg^8k{=$~fuaBR=82f?gWC?L6j&i4t zawm^+r;l>yhjM3xa>p!D;ou1IV8#5Pm9ULfiQGy2Uk7?vsdY2^zA)ke?q6Yq;J;Zn zNU11rad2@6*;ugtH(FGy+y0}=;m5EZZ@ae9M4?T-l++W7kOm4+gr$N}B`a1HLbgn% z&>C2nrlf>RY3X_WzHuv3x`@-m8JmrQ>{#LFB<>%;`m%hR>EG}5dm2)B(o%Y|kMCs1 z`?quMz0>U7q`>Yrlml!ovkOIIdbkz2D=SOx(p`B_Ld29QR@ITRGVNLkq117zlN)>D zd}64ivFWqyXnHI^>o$K81)m{&kEg9tR9Z%IEd1=$h14b(Ra#v11Gv z>Nd(@#td<$i;bdzwaIA>K2NO~EDE=4!jBGm$&~nw@m;$?mP>tL?3^9G9j=L`_nR{z z?_^$)t4;ClIfbG|2;3$sSilF)9E{&C;-~hn7?!3`*qW_ds8q zvS=uoL|6RW*j(GAA8JW?DWH)tSAXm@h0g&{e)2U%@^pyazfm;c)yyjbXN7~{;T$Zs z!sAjwGPelMW|3!l7CC916Tf^@UlZ2Hmq0_Qjc>6l{;EAhU!cSxL(YZL_BC$_>{ytp zf~vKo`VAMA#o-3mr8}kB#af37<;Qu&YQ9$r7IaG@T zLb0sQP_3yf&CuLnx_g&#DFIX(Cyo)k8Jq)ia7Ap(&gO}kmy(*P_;>!&^BKW_=TB zhFrPx&>#IM){3?F583!f~K1j$3A-fnwE1i4DH^$?qqTR;B6oexZ{iptR51*_6GlOc8I$=eG&7_SL%{if zYd>2}kirvET`X$$xNBDSaP2(iqs95B?nnj?1!ol^RYv|HujYMxvGS%{vqG`{ z26Y6gpzQ;is`r{U8iLBCEv7JBD#R#vCuvV<7CY5eVZYdSJ<%FjKb{gy$@QR&4R|sg zA9ynTm0Y&T{WUahX_O?lgy|#tQGb$zX&+Ep4+xMlH$_`WBGw!r@c+;s*1^*L{p!;? z-xN3`8a4U7cK?b&3WGJ5u7oyC^`ZzvS6f^Fho~dw&nG*>jPFcVEXH`(VLVP(MBWR6 zybK<8R@u);pC&-jN`jja&g+nQHhD>Lz*PRst!FP9GDo_r-GWqylMQn15FZ14+0Varh8t5iS<2(okoUuouelW`9 zj5O^9cD+NjGGdi@Z_DoapZs`h;beA|nAslN|A<~50J zv=%Tq5=*>Oh~DZ$cLeu>{03dLZoA?t5ubLcu)FyEwoNDbVn3qA9bXWE(vmewfn)`B zZ+i;$?*f5QDKj;PU|96mh8=;&5dfbxvGt?LpOw#L@~E%In!}@quBZlWO@pzDA+_0C zauqjs(Tl4)jt$v_471Nt8t&ba&jeoA`nj8%WnS$&D8dvKmLDr;Qy=rp8dZjiSmhZ!X0bEc=4#@Nfm#; z1s6kvwn!^iDHW+{GeOX1PLpVLtWRIsamz6hdDvDAhEV#3*6v!&tGVXW%RF>#^mN(#-Q%W1xrS|9}< zctFaRat}|^T%{}^JgUaXN5@EzC()h*s-L96$)!K9T*#52CG^bj$rBPaNIIA}@#u zhsHu09=U_Z!ri5>EIxISZNe#MWQT`gcSb*;cY~28S!^H|9B(+~K;e4Q_S#*|fgw}w z9H!GE^Sado6WK9S8Od*=mg#E8*@&bnkD4hCPL1<5d%PKA(&aPn07{yk{JE#MlCN&V z?uQN*)rRg3Q9k?C7404$WrS{GYTYlb;xer+dVb{FP;5nUA-5@&;<-?MTO_xi$jwn9 zPhY+!wW=+Z8A}-n2YL1lV)^QPO?)j@NAI>e3~xFOo_fPSIgrYxS{6Av{y zqGCou@C=0Bvq;0Lx0`E^^g>2ON9>(d+XYxLKLVAp9sBNMdIj<#-NJ;dyS-|dD|OW-5H`0`O|9% zAds7#hDKUPNs=1Y&;56Wo^49@WJP*0Z$YP_mCVn!ZvsrGV$H}d*&tSyC?ZnHb*W(`# zNYjRm(Q;45*^g`mR`zM+7sk6M5-Megi}bH8da3**oL0zXVu+KPhwiAsfny36&!&^* znTeJbG1ajHx@F;BtJk!|1V`p8UEQ)DwZX|rI5+^I-mZQM#Y#U z+WXBn{Hv`}XLDe4(5o;HPew3wWFsh9P(TNruuIqwIeV59RhWHk5?PrbUr!zDt-3u4 z9+D^Aodqj_o-U4SELb5)o!1&KEe@py>_y4!Tr@~*K`Iq&Ll4p|Z5=sHRJG4fI;0pgwiD7HeG0?9&>G-%J|W}U^WZ@O|G8y1R9I8LvbjW1@Yr{&)hc9{$#3)EYoztl{vPoyRrqZP%EO3Te~ zq8i!iOEVxqaG&xMLJoL?HZspz+dHx1;BV2p!Dk6B=pPEHIhLm6vPV%ro!Ey~q58&7 zA-Y|4iRmod@&q&Uy%Xp8&Jw3b$O2Za9&1IW;cn^1+Z$mMgzHy7VO!>?n*2UQwBR7E z6MrvWe=v#qpC&{>T3DIme~1>J-IM}4AA_7dqwHcH9dxCI005C7a@s$eTnUXyL?xd@ zmAw1>^xhcno_w+RV{oyrU&6~UL|T0P5@@BbH~9BZE`!cSb)vLC^6oOewH>E<9>sos zx@CU(1DOu|8s%mE@vGfM(hfArix-~QQNm0pydz!~5yq%yvG`7XCqf)`t{ImwF)pSY z7?B1J-B(SAXXAC5uf>&&f#~3)r&E^)iPj_c6PlE?8g=Y)Yq#tqXKeJEHV#+})z>CE zCRE$*U{$C6Prkq&&XejezW%oxP6XVFl`AVojjq`h$9I#PkEZLp8h^WQc-(mqlaSgTKvbEFY63qzH1nwfem~^`Eo}W5K<-~8B=BtLMnPnJ0k9gT9 z)RE2lCKDb^PK(uZrvUeYwXFE4^>AnQ9Lh4$_JAPqYu{96uYWy<>&D@U4j6GBoUOgZRR40|YAoX0pD%O`sy=E2M{OqzT#8UvtiS*J~L^ z5a~ktt#rx%1LO5muuP1FoJ~zl93kKTtB>YCnrL*L&>%z4a@D&OyJ}RG0v1A0R2v8Z z7!mcgQcA#BsaVX)o)~M_hLOZW+a+u4oX^mG4vqQ+9K)QW8kRlO9-EOYdIR={NDk9i zY1RvoSyRk<#$%9{z_Byl<36sN&9P&SXKB5K0Fz~1`mc$$3&G^NXOYcyI?1lM(JRw+ z&336Tm#t>K8Wg4gU5=Rh!8EK)QHDka9p~n?x({jtC91OWFh!j5yC=g#=D)tYr_#mN?BQy zU}QZdWI?RVLsRS}uDD1(z+lcU!eZ@33Uyv0#zEjhRNGhi{hQtw!aJsl9fIc$<-&QH zk;(|hW*eyjaj8fwY2MjnXVB@34upC@+055UwBIH0#8I|!qI)F=hXAM*JYD7fB zs%Nz(Qygv0Pwqj}Ihf-9(IOS_zubY#3{)dLI9UxZ?C zC@p~2k(a?89BMWz`>um}#@_+U<-aG?Yn8ViZvO$KsRs7^QVP5=22!q-cv;E)xAUOd=v+x3^hrywgY42 z`z0*8r~oJI&8kQTFj}kXH(MqdwtKBEySnOldb2@*=YUt4sd@W+)4cAP&hn?Z2-!?E z$7Z)0s@8_PpeU<$b_?zZpSoPMmF#%lDW)lYMORLgut|z-i+o@~n9dKH#vn<8QBQoi zy!WRV+j5%%n^kdJX+M-z59?DVl@KScF=gpO)}`l#W@D*V%oGCQUkOgN&w0dN%cew= z2I8#5++jrKcAIfvBQ}yq7Q3H_6nf3c&XksKi!h0 zQb!?N{{dv_Gcf%Sd+H=(Qodp2h1w@xq<{i&?Q~>KT}c8VZ{OIcUjvcsSi*rt>8W$v?nAvtnJqOccQVyf&r!D^Cx*n$__gPb3sK%(WLNJ17h zw~J{VEp#OZY=Ws%@cK|4O&Tv9_GpCjuoGNh7r#|~-CR33<&)g2;_`ZVehKJea#p%C zvNh}Aw-&MkyscSN1$aThq2m;<8WXO8%?}2)2-bEE-b9zJCDh~UzFgR_orB9jpfbBt zcVNClE_TAN!R*X3MR`#Vq$|NL4_fSCWm*W^kLRVs560 z2+l2rB0TGB*oln2LMW(&3Fy}kxOG(oOPo8T-?=~sClG)oRoqSA6QDx z^;uf!J6l6tU-`nTzqtQa^vvOnubfX^e9EUYou>2y9l{E0Y|th?@bF53+0P-3bsppR<`EiI(a2hA)DY)hbGV$ zZ0Vw^L35?mrM|F4Px=n;8T0(Z43(BfGj$WtW<{YkK#~Ocgu=bi^4z^+R2V7XAuwPQ z|Bj~+`GIp*ie}~{(XS<>LxfDTY(qkd;kc|!gCn<}{4w@qrT(L{N>^jH6n=ThG@{_T zJq_cFjOl_8*C3&CkOG5)r9YL%>{^gM+z1_r;PV$%Fsauhmiw?YLFe2xhCJ0Qr5mtU zO)UrH?xrTQYWEWjq@pjRut1VHw7<>&i~a+9t!3h9C*%$?`FB8|$Y+Npi0r*zW7OAu z(}~PaFXZ2wM8l41LPS+hMJwtj5&xoOWMxmI#?@@OEVpqiGb=mG;lm3c8T`{TAHZuq zQ%u5FAp6OsgZ8GYt&ycU!gmGFT5PK`RkqZNGV|(v!1_UIvL;A)a-tCqTY%FFFv@71^dqf$m z#mdz!8~xz!I6>VrXI1PW5uRBCTyevGzQvM?cC_icAIG1Tjuq3a#>Hb<`g}UaA=cA* zuzfS@({`CY^w-@b+!;q_R+bvRlJ4x zdAn=_+u(5aV&=p>^cAB{7b=QQlc=J@*H%zS=Ps@CC;hr<4QjU5i;I~2PUqU8btpHH z=j@%ugoih4=TKVN$N1^$UyU!l&vM9?zKm3x2tdc2nsRy{d=}?9FP-Re)kxMqX=P3w zZilRb{d}+*AxNdXC|Qkn5vGFZ}}B@I^#t~5%ZG00XBD!OiU2vQGw9&q+*X8xjHoY7n^xV zZZgf^3rL`QJtGX(fE5{$y30tJ@$qT%eb)Hp)tVTanu^%2RJ>Gk9f#Vdk9}IsQnv~g z**bGzvD!(={hn#p*}c`s=9%Tz%-t;A7bJLzj-;aG`<@OBz&iL>FhN7Udt)+pS<9I@ z@{DB0Wh}Tjtlvn+<0_p@EYZqeow#vnBEx(iAQ2C512CQ9y>d|&;UvoI9rNwiMtAzI zSu@MI?F>*e6pz`)c1S1r?l!zkeTB09$*s%B;WB)J#p64Y!+FH6(-~m^Uz1Kx{Wp=u? zs@QXC=qlreSUIb`GpzWQd6Hx)@DJ#pzeFLteAoB`>YnO^0<&3Bu_eVRb33Dn#qOA) z;@NDa%-0%k^=W+VnVu%PK+B!RoOKS~7KDX^U_c&j`0@kP%#v~je4dNf zF=IHeEMWW@3cIi5C7pP{_!(DNrQ&00ExU58J3HRkL~78K&W(wl@RnHu zskD-X*h|tWBE3`%^b_Bgb2j5KeCzb;<_mebwQ^DlkI?#_?8(V+Y@mbfqJFD?iH04s|EE;;m5N z#^%0Y*ZYKg{lW8E$}{=_Enm<8`%OG!{FM*S?3E1pdVG2TnhN%8)Sj=z7D}L{$_Od` z8$*Yp(EU(DDli-f++7UUUWx+*-;6c&%yYSh#j{`T-3MsX+hu6M_Bk8ClGl_Np&L2u z@r_pAUWvV-a3+flCyk;8uf4glN-aa{$im)26dpc7;@b{@g$h|1B_>@Q-B0fL6iGMP z)(_`sTzbyHq|}V9ReWxaO+hK$VsVNw8SAwbtJecdcH~#_%v)L`p2Q??;+_w+Va?%m zD6y}U*r@48ct2Z?RKt&e{&w0UQq2Q{93WfVa{3vmbqBA4j8h(yf|0cLp? zHM-&u^C?(F%o0gDX>*t;O#Y_@SY(iA`2djtir>nBz(246|5E_!RJEO^#Lyqv6W6;{ zm0*#H=`CJbM9}eIw2iX{Nei!&<+#AT59$Pg71Mgu#1f;(r?wJ&1vC8ke{>3`6n~K8 znHrKNyv^n2qZxQ*EK)e!n4#%ycICBQZ|3?i_wDTy{3`7cV_F649@t2|(a2i$(`sKgc=wdCC}o+)*v_E7AtyRlA^7iWyl)LpQcZB`6d5{8+u<*pDT9z zv1r_u)mOetiofKA^gm z`p{J}W26bP2P4HAaeCX=$o8$N4yD+rE;=9G_8bFSsn;oD&5|GMdv!-9cEanLw%FWz z+Re^J0!;6;+753PVCL|S+&{jn(TRG&E%?Qng~Lx0hHYV-Xk7NQNy|);yBPe-wEVt} zZ!a_!KQ3~j=MpHv{s;>|UwM$H^X^T*pV1Ey&!*yp}(z|VHF2vS;^m#=xWZ-#R(qyf>O z(?}3rq2ogJ6G^@USM25=1%Bn<6Ck2NK@{c0BfcQ|0t%|#53;Dvy#n(t7tBMKv2;!h zBgT=s-SY}(7D||AWWSRk_EBMp7KZ^EhrW#v=VUTKyqK~#kLd{K(*nK8H2 z5fJgEC-)I2Qv}LX6OtBF~sH&&>k+i@kbo#7n&q>#rNsVt=m7%+Y!F490zqiP& zc|<2%_1!^TNfhAjBQ`>cbeaNPBS@ySpr5_G(6aH zybRDojzmky+JfQY3KsQ1Ad;!%E>4~ZM{L~#Z`4k_-1{lqmPXM^sUM60wmet^+gFPr z*-VeWTuTl;e#9=sq=f&rI`QWyPDDb%(Za<5Wb)rZ+<&49Sq7+|`#o6LRF%VX+KuMq z$j1f?LiGia*+mXAPA2789vIISc4j{pz124o44}a5oQ*-fVyZ&MBw=vBf(%IUU6CGN z9G<-T^1>8{eaR!?E`!Ef&q37wjfbj_lHKf5J&n+&^byPbduv$pnp0`jc8hRC(QZS@R-wgZj zMQRz1NuxT*z_Amm%(ZClv*|U5|^@2I&YCV z=kFUtGk$1)K`M>^!7R>>SP(MhU(LAltlntUbz&R+D7N_}KeGh4;p;dP}=bbv^xs=ciAh;)+}dhWM1R-v$Vh|HP*_8(RN6fd5b4x5&K^MCa?GFJE0pL+=qk z&}YJ-!JWpg8ZU|!LpubUypYBmU+xK-{X9-sSv4*~Ud6a@tJuraSjDJ;%rdaVa|KB# zlb)U2oWkp4NCQM$W>(9Mq?6`s)>OR;JBG?!rjEXLBIyj+R5%gTUN`*^>DuOL$#+TF zxvN%ILcx(3{oNfU2JP};bq~*gaXaQ38T zx|j{PAE3n&xhdo+zkOj`jyRVR&V@=&te@-&P4E?3f4*b#9@PJlXsBPTOq}dU*sT>y z?FVfb4QKYMS>7l5f{G&{2=6CnLklc5Z(K!ek!Oxh?LzU&d5w;E93I~oskKK0TVdbQ zfey8y-u>kLa!{GhPu`FImiPZe@zo5hEsPC7|4TR#tN;lo6p;Bo@aM2;?cY7=aD<66Lh{j>9U*8ZViwoYVJ@em#k(mM zKk{KTcKpx8ymN{fMLf(!!M4J9H)RD=F2>mIQk;T!tfxK20Ao`0)J2TlCN`WVAE$Ro zDtQ6p&?p}Jr#kTR>@htnin?5}VbH`lKvh!g8PpC?a`N3P6^cCdM?^?kOl zlxQxAv#&FE)iyi~`QVIG+oF)UjkD@msY_4lXX3og4FKP9A`Ju9&~P%Wuh~Q;n5>iN zWDK+dSz6;^7>D*LZzf*zAMCRjspBaVU8b!);eG3E%2-XNQgpy@cpox1C^F4s)kwlHR4!ymPIt}0g81>o+K5+AQfNKhfp5PMn&^Dl5sd;5 zjUKdLnNqae-Co|mSbf$KB+c_f<6E6*=7lwZ3(1_(q5jSyX{vZNLoz;OEucOWfg^+A z_Q(esre@@JxF!(PXC^L8rJz_u5|yW-%UrRv_i36a(R)v$m*ghY*}`+KCJFY+pRTUy z%wj7;vT4LWaS^Y7yi5O5v*k!#2RDoNf?ElC1f^QAA49q(jUY+aWsjTf9lUr@Vwh+$ z3?T2-{4qC(7EQ@UeKz>GpPpEcc1Fgy(o+AWRZwRIhXPHV%#H>}mO+=uive`Qew4`% z`k9)q`haU*b~))U@%{P8D~bsv;1f~}nR=XQi=4#|;Y;4AC(|9P_iDT$Ep^VQ)GX&E z@kNrMY^Z#gNLQ4AN85zmI4&@0{l(1TMBWWW2s6L`mYE{|keUB8SjbnbvU~x_4(1kO zU5s`EMN2@gB-Xbgo8$DD{(iyBCc2$q9(fmzo(I(z;rg*i{o=uqVvJ>9hg17n-Ou#f zee2&nI~pej7{^A)NGF7Gqy}p!K#igc1}T^jF(mqHL;vr3O{i=EgCGuSCqrq z4}|+Z#fz%F)oN3FZ?~B%RrDkY_b@Qf6rFuEzaz*{i;Em*?vkj=OYSy7n*sAcW{jN(eHM`tbZkna(N>6GmVxOCUJ>d|xX(LJGRrfuGSw+zMS z#a%EvJyH%LDbs8-O%UN7(_ahGb|Rir972e94k~ZOfGZs`BrXakA0Z zvRX_E42esJrK7{r;{^Z(1yvPjv{VQE7iTreqtiH@m!#Spw~)RNu1-QpkV)Vn>)a@Y zYA*UqVTVao9eDHju-KWJ9Y9tIdc9QW5(YOPUeL}}1zS1W95sOD#<H2iiC0#Af4t14RLSayY#h<8KHUZq7Zy8by z^liXB=?V>ffzcP!796+!<_MqVHc(ab zs#TX}9B^G(KYh=L-t1o-uR=Wp0_G73UFusC;l$_1tNiaKmveFl=g`Z?jf*k0Fu3$? z>(IF-k?XLFKLlx>ruJZH5x#e(iG+6CG8<0CC8bSHKshya4(b%|m-fIiI(9xCMNUL* z9mzk3%a;V;b4RC88VBK=p`8*MdT_dtXz6e^Yn#=YZS<2AxBcmXc}&( zysaP~$Q1rp+ljeHO)5S_%{PC$Jo68>xY+-df)!B~{0(|n9Fl?(ME)elu8GEBNgr3* zFanIck|5$oG(>z(9NOT({0Z$6#kBAJ15Ge=M9DodM4DZm6;ot)t6&EZW$iZU4l2OmCcO_n6Nce{?~np1L% zov*202{wm^9unecSh3W->rt zc~mC#ixER3`1stih(ke8;D_O%EnIr#-JH#eCjSJdesf<1u~^1dQD;>Q-KA%mvw{g! zKtGR1uM4PAX#bUl{DJ;e#EdCfuU4(dzQb}a>`&y>@?Hz!0ixgMzqJ7W069UZ{zbng!>8#1j$7G!11o9MIrsG$WY%Fsc6E~z7qwv92B4Jb$NL=~VBeEr@^;RR}h zVhX}+jr65*0M0HSPvKY5@jE3jQY4}#i#4b$w(|$NKWS{1C{=@sF$dKkb~eA3nWksQ zgHv-P**Cv*z)X_IX6Ts+wsqOLa2KfpBm`&JXhTl{xvnpfB{fZj)q4wlAKvJF4L7yp zI_P$%-9C5asocrf{7@(s`fLQ#t5#@w!aN83ewA`z8M#^UxMJ}>!m!+-8o&zM#{Z1pO&aXV~y|!NWL6=aKDPOxDu}ZrnA}_8{4lfF#kbaV!ZNBdI4np#? z-;(?v3HtBQs;o4m&CUBmy_i+W?D6qfpe)U&RYjCq4=O5nA*74if{22=D2n3o(zjg^ zzFz_Za@>&HZgacm**%auXpK$Hw%Xk7-txcGd;ZBVtaAU_d95k>RAeMpkPWoI-fhR8 zmPp#wuiW`cYde-<)P!h1`zzN1PS%#q`80uBZwlDQQdrSO*f!C4wA@qRnTpYVwfj4$t%aiUB!Goau zk2lMs=CuUwz0)%sL#(FjRdpI8j%)b6Y)WB^ow$(?35ZmlxioLuCQUVVkXL^-v15~5 zbpJ%F2EPS3f7EREtMDW$EMjM4VDbMIK}J+`t)?MGkOtZ2#W#nuG0qJ>*6O7c^Rram zDk3g)s#G@F<4OGa^9HFVAL5O*s2<@@Vv4Y#3GbgjQk}?EBLthqUgx;?w{@jB9pN}q zy!G{ddcKO2fvV@JxEkptADNcD-TTmul$N{0dOpg>5lgz}c5)LInTE#U64*U|&=&S$ z4(V!INdkou138-=G^S&=0fsWWGN*6sW0hX-g93J zSC%;#V_wdbA@kqYoXNc1?0XuXGEi?SK@2+BWLjn{`}_)sV4XlNk6O~t69n_2uv_KO zO}fZ_e#|z=RBKPpysd~~d~2-CKM;`q1f7Ok6yo$=RZd=wi$_y;*fQa2uCn{sS+C3l z{!947YmP&?@aDF}9D|BNjrz~4df|z()C-v`FMGTgO0tE3iQ#Ot{QxFMA{N?e!}*k+{$opJVp3 zNRP@7qWzyrvH-W^NIT-9xiEq%=)GT-oQ{_~M{!K`^fEJ^;~B*$H1LJI&ZC3*Waso5 zO(LYOE!HZ=hM>q_zy2)&Fy?jBSh`=j>R3-Bz0R5wIp39|7KYTd|8tV~Ulq1weHY%4 zA$K++m5;t`8h6Q=Rf%v_XuDFX6!umQ&8C^(>@ndyH>BB2=ah-c8%w>DPU$*#bKqgt zgCx|85QJt2$1d>7JwB1NyjBk@{~=A0Xh8A)3q0|eYKT9ZP%E9Pa-;4HX;7J0mk4Sx z^lU5zp2pkdyjZ&w#>!X$=v0cF&>j?_#P_qk{5%xXwPU_+MG`anaCnyap^sU4xtOz5 zc~$=8ZO41oga&PXDr-fY9edCz;?@}9Nd3#tYnp5hTCX6r9Q@p1&kb9%KDS?y&`!0( zr3!?d&wg7n`SY^bzcx(%d#SWckx#yh5!qW@SXlZ6$WY%<8c0@iMl6Vc0Fc3N#+efm zbI_SL?f?AZRZ#aAq*Za^^5?~$FaYf>u0B^sqmS2Kp0M_z&(}n_Xn?sO@}q?F8vRd= z&Pa8Z@qnsHp&L_z^kiuU8)U3pn&l;0L;N}<>QF{K*>zgh#L_m!&-qFqxMe%|wR?}5 zs@_p4Wd=$f!#X47R5z(c+5+D>8p@!&Ifnswblm z;|mw|_&3k^QrhgrIU)9$8 zYoC|l3UK)ZLSXpcn&Ll)LZZTdk3Y*4|8mPyhR&K9fYefsB=VcIUxanvxhCFuGY5CtuHvg_`R1<{-GnCaMpy*UIyy0 z8`h<^q6Q|>(A%`xgBgM_M0?~ZSxS>SixE`E_@xJ_wOJxUgfJwC$Y2QkLWFck$@1t`QL2x;>W`n!_wR2m9-ps1 z^A;*d!)Q|E#zK-x{4l7&!4qv$>o=7g!8*UFtn)zu!w`V*HaHIwL{M?(T}J4GGu z2(z$JxOIbedNqVw0x=DR+zR>Rx2SOL4cHB~DBiTlz~2mo1$Lxq>xgS?w~iFzL$~^I zzP|ic8GF>0a|K`xm$iNXUAWu9?IL){kFd1=@(uh-{c1mnF7sPa7l8bQk(~_#B>8P( z&0uL{;Are*VZ&f(=WJ`_Ze-vDvNmBba&)%`*)jYp*81=Dk$;U>DE!QdA$u<(Nh1KW zLJ92|^`y9_Q^VdM*^?xj8+HayRa;j|SWKyXc%+eK#WuQz;EeC+6C&R`WL>@uw{x)A zT^&A{Ag&^_fsIhEkGjzu*P~y?fUCA!0#{vtN*&*gNpw;24Nx12V;TutbW`+9V`Yqu z{g}}E?xS1K`0<;t0;|x&o+qsBWa=*JxzXhwM^`;h7i^2A4xF@O`jqCO%)n(de&|y= zVZ;c>lP*^A49y(@9zL((?HL=wn^^?L_bg%54~(t}y$rcu~ zZ?k;jC(=$K`y7uaK#8K@Y)Zv_F}H*^IP&o4`dn!UHdKSuGlS7jzrrV z;lp>0G9<*bt_lSac5<_V<2ka59s2d5j{#jrCxoI_05ng%ZxL4m)i-7dy#`IA_CE-p z_fgN)B#Vp+z$*j7Z?wj+6_`?kqe0;08(L<@jglYat2JcdqVjz&gux-i@;YxNuxZb( z??|W92w?X0AkYF2P-p5NQ%v>)|+4O}jC%B>Wm#xkUSf`YcbUi;) zn#9ds$`nc5k}U}z&q98qmS3VmD3;s~#;c~}II1cVC)KGDORj<6^Y#dBRmI8Cpwr~& zr+ImSS!%Z}rGcB7N^TtV(YpD~)c)6NfBN=Gw_mMMJ7P@dt`H{wzA@sD=AV9r1OLuw zB?DVyJDb0lovx(&3$J~j+iFfU)%=Llc7q~gha!b^10;h{i`nPi3E!u0v0D8Mln4s& z5qJx1&b>TQKy6|4G~LSZ9NlEJJ07ceCg;#?Z}AnAFa?Z#lAYbcH&*L5mk}9NobCB2 zVc(U`-9Cc9JVO`LKnC}&aV2UOY2mifOdB3s*s|!`zE@t%-F*oUI=F&p*#1)f0=x?d zx}z&68bo%&It2u82`!=ZcC$TDe@?`$Vy$2*8dWFka%agRf7P?M_4S+q+g93Nbv8=t zh%rcdGa3vX2PFAAouyA2jjZ%$U18HUHJe~bPiy0eK(M1c{L{ItfbxJ%Ch-cEk7oj? zN<}ZzIj+Bq&|$8K*ljfyyo|rCoM{r zJenCC=9u@HWJjMuxhw%F6f`qf#>ZPQqmCz>u&zFgR9{Ob=QZgB!^N4ErScZDL+v{u}i+cF8s@Q+4Mi)nrHVwpodPfjHPOQNIseEa`k|r@ z#YUNv&bNo~TWwmO&b@)b1upjXT9>iP`30V?Sx@x9HN+!1n*E?i`|^wDsmBGoo~u}S z4HOplza(b4Z4tQzA~CVQm6$)TWc{_%`tL)yC?)NmV)Ixq5Bkv9md9SFhdO6z!htah z+YusBMJI~oP4yc6+@_k#x?wq8*OW5b`py0O$#dT{`WHJmh{ZZ$3yHT#Q zv$?tBX9VAgyM~BlTRGvWF6Ca(hq%YP1%k)|NLHJ|2M~;7i>HSgHzbenFJ1K%PXeGN z%X3ul;%$}4oX{c-?%qz6cNa0zn&$e0zrGz)5)@+k)W*MNwj|xied&@rjukEx#|QQh zP&$z)3h=)HoQ;v76x)CcM-OPw?BqHm#7chL<_m@B0H*S`?~YIc5ARv}_^K89>R$r0mc-;;$1j{EK7cf^k~VdE3(QZ%MtrYRY0OU1#>RFzFmkD?LuvC*>B76ci^ zx5vf8d7>pIz$DtI8#t>`Q)mGSa&!*Gnnl6iTkPnTzIZ@cH4coYuuc?MU>*7)!~#79 z*wbT+*6M?STl>kviveL;#mgq<;5@{~y{G2ydTh_73y&XggnAqf^P2RYZtoWIocD+cw$t#anQZOeizyq#TJqqySfb`z zE<*q{(|vz&Nf{quQ65FDr7T@wQU^H$7c=$4n>QJy{%vH}_3NLuNbn^?-wH&s5PvIK ze~u^qV_W*aN0SLZE9H=!(^P?MYVX3W(0Eh}8P!yqQc+BB5fQvDh(ivX9EUX^GW?EO z0~*W6kC0q$k&1r36DQf}IL!&kZ0q~kA^w+VsnEg%A*?@|;CA9`rbq7Iuk^TgBaAZR zzzt53#4^ch40cAYEJf3cIPlp8p<5ILBBwo$8O38{f0XlnT$B<|7eF%NKst@o-*+4& zzFdZC}O7Eq7##=PuZW&dYY?*mKs5Q-$?LPTG(b!OhQ??@mKtv)W?N;o2L_YM^kSRJ$z>RrDvl^wYyD`E@?%c-stoR-A>P*6z73wfz3 z>8|17|HMdZL{1w=&TOdT-8Jk~q)zH=TQo=F>{ApG+srt+A0YOdRt2|7*9Fw|{!h>0b)y%3ny+ zq)u|{Nu$$rZc)r&A)L)nkwzddT~le)EMXYtVRLHNOJ@=vWNBSnsw{D_IbyCjZQh*T zgTPMEtcPU^MudPel9~H}BC>vCCEBU4xiBDBsLI~v+{a*Vc0(41y(5bQZ)oi$iGy4E zv)7|GPt(>z&vAyWp62IOLH@*K?l>Qhwr~Oh5_Vt)XR2BH$CDO_-yPe41xl{!qp2>< z;S4LH;m#R9A{+G|h01h12PfhjHTLbEI?)gGId@NBb_n84PK4_Qv0eS*uF8?b+%@mbR=ce{7)6|Bmg!3Y1i|;$Tw3rBN>nN9-EO z8z`6#DvE6OGw^gm;f^MyVWbdl9L(gpc^Sfijc&=tPp`uj#vl8ZJa{1Z%tHK*sWb0~csGvbF`N=e82Dmu)P)^o-LfcL4OQ=LN za}iX2xQ;#CkvM6&(8w0241Pcs$*pA$7kO$>1hb`HUhtp<|Ik;UQP5t_SJ}^KAnuT7 zCVr7s0p4OBICoL!zy+N4k|7D~1?J|*<{eC|0dg)tm*Tk_t*|2jkp+511@11!`I}x! zvU)>`niGOOV^h*Q8%aYXV!>-@YRPMB%@{g)mRAFOVh)bWJ31Xf72lm6!mW@&n-#NGrOD1x2ng^`BzjRZSLvG`_-JOt+)4OcWwLe zI>1_q;3{hD{fS|eu75{#(JiKpO3ml9%~Dms1R;A#JGK_!eSc|t2)y~RKa&LVh1s3+3e@UWGgQ%H%q)kL2u@Kpm;kOM?oHC_->>F_D6QNTI*)Z z_oJ1}ZGsa#*Nohp&8cgUIj!abxi(Z5CPj%7KtXta#Ni`4m=(I1<(_)CB zF)@}U-|X#o8Lq3n-B z0tnA}^tZ5s>3vJ_ltzS4@v9r~JGaTR0?5DI3wi$D(lPwsiQ;5o2D!ueXR~5|0G|Hi z^^i`5zs#xfuh08ee6D7t4q02c%<&2atgn6BUCUk;Lt!xaytXc(p7nW2)q6F=4nMV! z0dfEZ3&=D;wyyo#Q`Q5N&u&O_qO8dDI^>l0kdqmOUqU%zHD=QXp6#QW)X$HP z7f8>buKm{nOlRXu%1=tF^NQ8xXRQWXH92a*1q*TsG#_U)Tx5D?X#Pth#7 zgdd5ZM;ctkHRk|TXNsuQw~`vSL{Loop+#(=oEdplU9xfF!~7!n=(_;ACfXP8u{XYy zMrdjQ>5>yQN^mh?*ri!Vcfm(G`i&V&uO<<>3JY*L2c|&)zOUrO0n1Dx6Z65y9!5I> zWEq!CBG5SCvw``nS7H~NqPDuKbalP>+_eU=dALl^-9m}6kWDq8eI2A2jXa{2D;Aso zBzgi6mJjAhWxxS{D1I7Y1b1+YE*c88a7C;zQ){zoM6q_XI zIT&RBB+7)|^&Ib@SK2K_M&})U3vLXVQ>Ufi(1ep2x|tzolzOuRW(Bjz2d5@4y@OrW z(Xgg7fG04mBuWX+U!~BtsY%I+3!M8jQNN?GifK>-Fe9`ef7Jy-?c8tHnz7N7Q_!S1 zV0Y;p6DyT0ReZ&jU0SJ+`#sUM{|1|WjjiLvd0m&CVHd1L&ee_BJ;Y(J*_x&wI;CPc z%G3ODj~2+)7RQ07w}yG+0R1w117kv~kTwV=)|BcUa;#c?aw!^l%n3GDq*1c4V4iP?!TY$wP`;TVHXSTr zD0TYp+36+V^Tgea&EK_+YWp1lEcYT!t<;%$jJP?8KzZZcn$=pm zU6E5%^97wve5UN2NT{ueB|coPy3WXXYO%V`Fe|v*TgnKl?YLv={084UV#+JIS9cfl zGH(<1YwD4&-@{wMd!~uB2LU+)lsD45*HGsJz9c@do*T~HshrKxM!|#=)Df`-S0*3b z*62NE?Q^D6Ed_nBKkv(~oKVV#4}j1DcQdQr(pRjjU?0X$cRs|!hG~cP+J-OSzU#3! zmmcSOTNI=5N{^4E=;=qSs!phNP}FJ;p-W0YH@`U5r?JgMnv3W<#z%!u+M*e24WqBH zNL#}P7)_z;9#wT-8!*#_glzOHAlNNm`BxY$z-9=Br248n`*z}QM)*7feasQJ@pG^% z!VA68pb+NRY}Ho6jy9od0>J{EQM(q&9l47Scv-O%RPM>ZGgoZXvV|C~?+C;df;4ps z^v1K53OPC+Xlz%Sml<>ViOh5wveUpV#^3oPXNX8SE}Y`Mu~Bd!Ie}nU%74%Q)`hz zA=hYDo-B`UHMPAYIJYVapDMEMyOW>A3&=zIJN zs6rf<9;N4?fg0;Jt@{pQeo`3^$x)D_S3Iqi;!d9*Rg>Tz)V<|E?XFI(TJWcRzh(R> z;OKhVGw&!)#XRcp`<$VynfG+b?a^nQMpU7DT$VY`8(w8G(M^fpQTk9K!~J5Ic2Yr! zOryvHN!DXpmBpn6ma)q(N+aBaJD@3`9Flfd=HnY{FdJATQ@7n;9x@j|FR*qElo|B9 zeGt4@Vp9dKU?$vRu4E4mwBUeA**52j5YcK#{C5SuXTj4WBk4z5W+E$(lHlW(lVE+- zBmpK&U@S}y8>?&tHg#2|TbDJRHe)(PY7O`D%wfY6IMK6%ZQEv- zZQHhO+f`k*?dq~^+t_7WQ|Fxj#N3F9IdOk?UhKCkcEnoW%v{fU@{>Q=`t9Qo@n?O} z5j+I6bl`oRcITLYNqr<{?x4~ya@mk7Zj70~lo$#$!MG}N=yLsY{SLM=05aS{d^#`hTdG#x>Ou?woPp9?{Q*KDz$ zYJ;u0!QNVogc<|GQL(PkrKltsQ3U355$g%Hq#?ZZM&$TM?TuliFSXvS_m%8HjWZGb z4>L9N14A(B%z42iG(yws%EC~s8p`)X6c+hUEtV0`6xHGai3k$Zy+rl8g3@7CX7CoR zi%o4SO*Zn-$L8H}@P?7o0Nc+!O?iUt^YyR_9$)U&YWeDqUaU?(-40sD>! zTlo0TSpSj*-F;F@cE9bn5C1is{vTAf|KV}78ZrK_A+=M@+zDwJ<#UKBVaNcyk6%3K zVka(TC84wy#K5%{2ARbrw;9Po5DPB7j+$G85%Z^vq6CF?8=I5(FZJA{C2g~eNf&HI zLAJT#lda;Du6F>($0FW`uE%ypJogHzv&O$MY`Tyb=V3Pco5W*8pS#xcm1UX_2ukDVIOB_GeXT73)!EKhbp z@qmB&2c8nJn3Vo?vU>6l^ccJ4N3ON^r&@=)m{b$o^q}+=V-xkdp2_drv>u(p*?b~t ze{>?{O6UX%DimAqBG)tjTf_C&RCM|AXaMun%*WkEbR6{5EDyG5W4589D$UBiesib3 zsZuh|`GWea?FhBLI>R{HR!wp#Xnk`_d-QUOr`^?6Vc6sJTC+Hv!Kp!#1{~bQ!AnAA zDC|NZQZU7%XNC>x+9It{rxAF76AgUPh1XwN+89!>O?+1qu+Y3G##*6iLb_;kpxBS& z#angY=pxai?_J1ahyvmUTT1{`{@4T+SAS8&|1+||qpr00L53%_IRuy*lNv)L)w*Eh zUa?1t%d1U=!4s-jW)}rtv1n6gp`9dgT&)V|($>q+(>E*kfo+rOx0O|!DnAmTk60LG zsh~GY`86xZxcs<itB3~%6eEHQ|D-A zQHlDHg506hRGTV`1ZOC5nI4zR^Q?askV=~gdPufPG%J(#*eQqQaD0+ZE#pfjTs!c> z(Jf4<5>WvQJG2G*L`ZfnVkazhXbYE5!8 zj_G~?FAVl!BTo_uFLXGDVZ6Kz8>z0N*4R3GJTjxoj?I#t#Fde#oZEf$Upq?*G1_1! z*xUE;;TTzc(F@`~B~9=T&|;#dDczv9#`?b8K`N|{ymr%{gr~)3=Nfo330=yI%VG*| zgAso2x+gJk#8Qkh?=Wy*4x4l5?ZB=NVt_=uTto(COVej0JOIiZf%bTlbSQ zc_n+-Lq^o17j*MGWGqqWF?W`DDX^A=Zx)0HmqXKONxiUI3y)t-94H0446_abznOFQ zckoHlE5I6oifZAySKp`BAi?@sc0&A&|7t<=0cm3J63-*0m?ge;c3-UoSv zT(|pBvJxv3@~k4rAxdFfn|auc`DEt7m&!W*n^i7P+}j#u54!7$a4RQEMF~4~_Brl=;lM{LobvC=Z?Sdpzn2R}w?C0I%)H zGgG*^D6eYc!WayV^8pLxdontzJr)76KfuozycaC()VHX`9;LkO!nFxaUemq_P4Nv> z)f1xWSM{TU#d7N!n}TOr1y13kboJxpLG+e*hm0+`&Rj)A>V3lAA!JG6TRG11F;}&Iv@akH8$;_LvA&mS9!YaT)ls>z;Xq@5rEK-vEPu{BtI*KfaXR z-!(;ahU6@YUFridxqo)N_4xAIF>J9qTPP>&`qaL|6B}$OH+ZxX#Ov43)mHLY{kU}d zwH@_^hU{MRS7up4qThFBRz26`DbtrXYdpL52j|jCb@z6x@^*1Eg(~U#bGB};+`YYH z-=ozGD*nU;AhKohTN0BG7Tk07d&r3O0TzAh-DgjjlJhEk<~QuW%DZ>m$ch|0YVfbV z*)W4u&Iswv>Y@Gyr(1BDV~qxR>K+@29lM@`WsxuJ6* zMF>LR)^l?ncW{K8V92}+<{#Fi-Vw8N$;i!R*+ZYP`LfXAn6Y`HmG#Y`V}o9PpdN}A za4W?|oHKoJXJZdu=-)Jj(tqX{zw-@yO*u*LQ6ctqaDvXq3~!$d6YtZ106rc1RwVc< z^Xr3YIGCb%jd%${dr_mFiurZChg@&2#H1HP1R4mhgqs5bATPP|7M=Tzgg9 z=bJP#`_+75^?fiMd+L@`I)RJ)#c;g$IKK^}cESOK~vB|r2{ z>Kou>cYp$SAW`kf)fDmJIZ6+cyTWZbuxaMDyp@WncGn4QP&BE`+ez_l4^Px9#5F1c zpYU;RIS@S6lU*e=b_}k_o56q%d$Z5r9_h;me%%I=d1^z^uaD{gm8BFQ#f6@NdO;IM z-<^mj@PH-^FQL-x!ax%jzUHRBVW9pk$W28u6V}6WuG_toSt`Et5cfn}2V`7>c9zKX zzXojeC|yBZEzVYa9SM?H`)YC8*vdjv*N=bPpd8FvbEk9^ixfWR2wk^(PIP!@Wh=1!|q*i0W?BBH6>PG7Z37ORA3H zBs8i0j@r~qrmM%9nkMD_vk+caeNBk_=n%K7uL?9Ih4Mz#RP@>Iz(ZKKjQ%%49m@#l z(;Yzl2ZKcQ;9QXVe^vCkwe-0Kg0s;MrMCdg;({YwRU}^gx-)_jioCf6jIpbf{owtt z)2VN!bHS7ckxwZ|%^U|P*5wiq>QYKz6{CX~l@W8Lr~V%|acpWhWGXA)C)#Z=$SXgc z_1Qv>SKGdK*~w{~NpcNZb8QP)_x!v>PSqE)B?u>&fa1A#Vu6vR%$dLKH?omzF(>yl zUB|ew!rXju1l3`}SP;1P08~ueJG^S9zhs$F!a(zl*xxtdxwOBVv1{u1`=TiPo|%&5 z*Vo9+h{ite)Jq7%7Cwx@FVU?fBfJ={cp-L??2ZYYEs2G ziFNBiQ6z}vAZxLDvG=Zj)9c8ucVHd&;d5^jqfu(KjgZCQPUg1>4$rH*EZdyUr}vi} z-<2PB=-ml+m1fFJ#qtZ26NmXGsn`YSX$`2BgC6pZT8h)i7q0=9#@Gc~^VVcc>g31+ z^uXc*_w_Ey<9{@&GC8(a~yzY00Lz{+)wZQCOmM>k&Pbm5Ej<8Un-tYXZ z%><#nE~O%n>!ILCNqp?aSMOjwNsr-p-73$tfdDa0dIk5vRY#Uajed2> zS=cfmxL4duapp6J8gkaQ`lA@%yUX(oA5*##3by*<7xA$LAfkkID~K&;4-0j>XF$o? zGE*Du2fqUVA3~7@1R;%&K|Mqz*w@i7eWVzXt58bU?%DFK}5n z%Jk}qL^L-XCMrFA{b|9CtY8!YX;Hd_5$Ok z+P(YOSc4~0^2W%X_mnwhBu*@aSV~f$van3n%K1i#*Cme&|#Ik&x=YEjL%q*uumuze1+Pg28074jB+?JM$e@P=sWEPEsHvO>`-yRr>VGsRZG5J486Ma^NlKu>{t^(Bx0yma zx!8f;xZ)drol-e3BF%In6_pvel3F+Lr(3|k;$(TlYI6|>MK^F9I%YyLNeHT0c>!lQR(i!S+qo+i&u-{bF1WvR{n`-1v*xs!LDyDa7dWx{^^>#~ z)y796>OkwvNOx*n;VmgK3p~No+pQm+VOJq4p-~Clepex@Kz-ojsQ?>~ zFTX7q0zUC?;>Fa<@GZ^$g6>~mbuxX+C&ZaQ6DUvahmn^&bQLRxmpw+7*90|Avj5ae zpTyPNBO59Fx-Dbz!e49&Frw@XP%8HYIZ^V!!Aq$PC@AysW&RUELB%dI?YWBrU6jB3 zhcTlqvY_GJhZ_Z|Qm?QM3dPVjRd+rfeQf-MEnZuM`vbHd>7#<3r?61W%K_wtE37Cq zsoI!3&I1PtZP_k`bkwn)s=BfOpQySc+;MybOLeQ~ud-HVYoH76v{Y@RsfxUU1l1q1 z#22$a1j<3|DrwQp(_13LXQf(R*SDDEzETibGgi!2j22W)kn8;$L#Z>v@8k?bi5qk| zfXnsP?>u4S?olS)*6ux-h{3P!r9tp=G4mAw(Ca$$M1A!eFF z(?V&m+2)6LVI=JD;QBFaABGozivzaUQFV^P;5?)7h9NlDl|Il&d z+4g|ZJY}!I;EnIU1Ng$-)?fGB_3F=&TZ0D&(QqFx804E)q6o)HPGH=$+o(USVR?TV z^~Q=8&erXJ8aj;6W|sGiJNBf7Df9%j*~rvM2;c9%OY$<;!($DWXV%&+O|Itib!@X; z7x}~$?PPMBH!um}Cke)5_#1;q@n>gV-BRuHs|x=i^&SebOm_f=@Y(o%04m^~jn2K0 z?}IHM(TjH1gL`uzd5gS=4SW^{c=&Kx!w!a?zD)`Sy|Hy(|C3E9UU@#=4~KkHpv8`{ zb^}tN^>y5ZxU1K%9_Mm>z-<_-XbI+blkASX~W&%qf0d8*(wy=TJ^0MGJ!upUl2LjIR>m_KjaE@_&ZZ z6?Ap%MS}hKk&f`+(*FN}F81x0`+vXq7OB4cJNajmxEmP@V6n;AWidOj8EHmXk+I5T zwkD?{B51P2i(8Pz#jqHXcVHDY`Lt3wnDL^LeA)A3qssS}xSns#7Q*aq?yOM)U zo#6FM_jofAsSmrzmM|X+T}^pDdAoK$y{vw5Hv#41d>H`74;<~KC&@LuNQp4&%Z~OE zU-GllCdG=2C~l${G;43|6(>(4^oL>#kpeAL7^)gO3H%teIEb=R_RE?_S}B;co{;zx zD_(`=oLFq5$(pTpe_mF~9)r=7- z_~+@bJZj7;G(8iHW;Pd!OYiocpHPak|2 zj8U<;xMHr*e{+DEYZ3Z(s|2C1VR&%6>)Qds99!0YW zv?vNoBh{u7{E;deMlACu2-(~!pX`*@aNTcm1_;0j?iMxd58husc+F2)wJ&5Et>N`K zD;x z``6q{50!a55P3ALp&L?hob@!1}ezWlsC3slz9# zaw_vJ)e|nC7un@*=##?QXoNl++8_sMOSl`_)?~peE@++J0aJweT3vp=>&CSER_L31 znQX zK;o%ew<0AT+%5t4Ip@~JWCXPVEGZv{qz`A@?D-RXj@5$aSq!mgs0b(*r)R)3v*27J zZc4s<7P2%IugC(ryrCsn7{v~@uWvaB2^kV63#%0DWi^Ss!AyH_)8PVX^!IHYj7 ze>O}=>u}vCh}O=Kul?flo!f8L+kqn|9#X_Mx_^GewVOk(A2sxlC^zCPOc}=x^v}-YK16;(R-2I7t*Wq zTX9DXLMepQ)=U&F+VR~ZAIs$6j5nOn!*<&7Y+QxIHx$%YL-$EojV5E z(Ajne_=&>2x~b#T=EU{n5{OhhXnT6TU416KwqmmIQPDGg1Ig94$(ZGCV+7mI1NL1UXj!mOYv^sn%e!4Q z%XPvnu0E8g*L*6;XFt3c+fVT?ONiz$F7W}d8v@lt-$ZcSqvO^v4%GqCrLY~p$=P~v zAlthpj-9e4a)^zq?jQQTJ+2JRa{yhAP!nC(TmpDaj@UOt7=NBlM*-Ae>sn*xFGB(+(g)UN-ewD(%w+Vw-B7k9=3u_?3+0y+i7&K4?4ngfHp(nDJv7@pH<2 znEd_Uh6P;+4#So2N@DE4Ruccf;Op#UZuO50zW-p{`oGtf(>JvIj}y&1ZrbL1PSa4g zbpj{we6^&x^hF_m`N9IfLy=gf87%)dax_420SXP9EP}O_)j~T->@Y`(xY`?z-Hvdt z=hwAd(y9>*tJ;8qiwM)*#=jbH;vu?ZPpzi>wQHH z8&d7d>5UB@5Ma*^ud@=_rZ1HhZJKqdlS)Y#AlE_U3JbLsm-dpUk{j&v@{CM&}NrhSx;^JarA+c6-~3n$i0i2r=VZU zs*DjCPdHHj2A4$GJno#)9r|^^n%zWD;~jDG9(wUHBU%U30^rLG#()l3RDokhp@?yQg)3AWVOmbnG!C(8kn;WCczw70 zw9(aX=Xu0`b)J*_Zzx;V`c7v5=tPqL?=EU=_>b1*{0Hj_3x3avwsrV!g0=pizKAL% zam8;?%BKb+L=bsE6y|a(T)&={yy=FXP_%&mp+ZrMR547nI{k_K&CV#F|L2by4-D!m zhrh1{3#s(ghrM+Z1U2p3x1EP)pZ715Tt7nXf_ML*g}UH#(BwLk*^%XvL|=n|T{=bKn?`)Mlpg9i9+W7l=eA5U_Q zbzw%T;+J=Yk2!r&PB^%&rD=n6_gBoN(Hji42pRPlRwgSSf>*#lpEmUfZ!`&F4;F}G=_C+DF`MbFavC;D z&9xi)R4A)JTlPjIHsdsPLbf8UyZyCO!^7U!PJ3JdD-l`H-h`c)Y(NBf$40qAF8VF7 zD4wP7cFDk!&@v~!(S1F<=hNv9em^!%67yDhIzK^NfDfTvk}mVW(E`uzY{(PtMF=}Q zL5Jvb4Pjsz(NAO{Lw5O+t9I#~s|gO6W4$E`%(Y!F*u$RgYn;5L{KDJFekZs^~TYtPMdzl_&l5{!tU4pAz-ldjwGmNSeoW`t?DA5#X zD;P)lSS#tIh*BBW=y#w0#(ssBCkUfvq6&OgeAeZDuqwrwCR0+R8x8Usf-rq&k%^@; zj*$Q6UAY(DDL0jpPuf?N@(iOWS{LXji$-c-rKZ%GRyLs1FH(PlPrUuJiZw2&L%UDj zq*>s~c^A7np6d)qo`nCjZZ5*BS zZJhq+)3TQRhF;L4`_wnNRLPetiKC$K!Dgg_2cQiG7UUD64k=xy7~8uz(NwPXCJ0Gy>A{jlGB?aDUi|s0kN4dV69VJ`bv4DT{`)EbeDsl!vp+b z)n_U7{85@}VXQ3%R}(lHDt^GclGa(rmK)*u&V*f!&~AtuV-%2#U%Jh5)Gb^WP#$Vr zsj#AEC*Q{ztXKF(Ae+_A=TeCjV=HPFpe=;IMk5Qvek6}~G zDC`=M&Ho`t9bmz|a4PjAd%E(`w?^hQ{d;n_m_U=a8D{mN&UB<#v~Ha5Ut1z)5f?-K z9h*D9fB)Zp_J6n~&JHfd#3GFU(*-`M`sS->it*JoIa+k$&oAoto2#Kp%p-x?n#dUH zmv(!-@l4+jI+~1qW)7Orqd5|?4d$Ao({kD%;k@tpOJrTHF;SO;+z>8Z;&n9<;n# zQzQu)|GG9W^a2TA4FzE-r^1@IW`57@c;DMb@_b(^x62uG(u-B6J-< zw0o#xUA{|MZ7GxAy?L2OrH@cfbg|n|>c8WB;t|cz&kkhKd=Z_J(A3)B!Z`CZCU{=I z)daHwjqlfOIH>3Q_pt2cXmNj<_EZEW#Q8X?#7bO^Bqx7ouvCTPzd0xu@Bru%g{E+e zoMvCC9f-ZM*a}`4Mh&}AJeX&{o_*&v)f&3+HgA1e)s^~N8$RO3QMFh-qSZHk46NFC zRecO9d#oB{jEYKSr6CJT=h!F{%SD2Hm&#q`)F{8E*SH?-;-kuRyy%j8b!(+bUO8+U zNB;*LY0Lc(oe|Gjnp%fSrX;G=sF_;SHH6daT^;}5Zci|mA0qP8v1<&{-|m;BcW1+J z_v)B9UPR0@NbBvX^K}rLf=QTo!z^B}KX6D;aP3}heo3*&P=B%f5mvBt2o0Q(@A}3Y zrA6p)4+H=O`6?in+FiM!*Yv|FHbv+ub>nLnsO&h^g2k(I%{0qlhqvmZSl9i5Jd8^Q zI2oU%e%$34q`N*Je@vE$-Irf+AFLo=OYx+0F>NH!SQcj{E(z?+!Z#LqamvYxia{yc zQ$N21d5nV1!VJCR1d?Xwf}@b~X?6p7#&10Pqt9AvGTH7kn|BcT_?ZZjbL1L4NSUXg z320uUqgF?jQfqOHp?MJZyI5Tai4h$N*03X-wtEQ%6v>TDv^EI5{qKsuF?Avj`6KAwSO;-+^=z`F)Cx}-+uB-EqblwO~K}7WR$#ky7)V%DCy>OwvaPuMpHmQlVLFlRBP@{g@Y8VmW79+_k)+ zrsX#p$;K_38_gb9jOTcX_qm>FO8}lmm)ZWj7<{#ACBPd>>mSDRFdj`p+cn}~x2Iuf ze8ur{u8Iu05*Iv-K4EAdZa?u~pYeN|uvhc(Arhj+j7Bol`$r`>OmdcP|IkJO#R@HoDu(6g8U82l3vYiBjvX zYBe}FBpdjLoUwQM`QkmQjV+cvPJU>w3dpE7s90Z|HtMIsAfev)f#8z%)B`X}Zr!U^ zGL$7rs)D#iy~96^_uXY{#5Gv1HRpmVtXHfAJ%rQg^#nag|HSDOlNP#C^g6>I=u&xq z$+W`|uS(k$)z=LkMu3nIm>_t7ybn9Mt~t>N9h0<<2cQ+`X8L5st9!k7Ox{93uTc}+ zW;3-9EmR7Pz>-MhEU9xJ$??U=YAobO*IyB|>fDQJg*T9X^3{H_ui1NkeS=NcJVORY zj8B-sc4qYMuBqo#lPE>rrgyA4r?qZjgbM#qxx5fM5U=tCqDV}zM3RN?WFjV3E{c;n zo6@}`%)O7{#0Ml$k*8$>7Yg#XPyvprP86!-Ci0lYv>N{8{-KuMX$BvO8WwvYZT5l{ z1v6z>eLtb(6?LiBa7NHAG)B?YkIk1E07NSi8NOlPtKP6+b*A190>B`$T0?Mvo3;8? zfMS(y&MVxyBCcfjA74J0FG^}-9zUQSbxxp(QUQ8*&Xf)!CtkrpA@*dJ~B4pYbajy4W>HAkqHxBdnbZ|QSSllBP6K67FD2r;}m zeY~adSW+IeE!l~0>-=du9%%;UVSynQPc*NVO*UkOmXM%M!%!X38Pl@xY;C(uX!`+N zvw-@@4RIDrZ8wL*LkF5qeGj=fzF6p4Mt+0Ab?=!FcP|7+C|<4p1TPkplM3d*vH@f%D<p~wkneIJ^&i6bmyWXw_>Uh#DF3avVgG0K=6{MCyZ`7GlggWl8%oGu+N^O_VpPJVR!tEp zrwN-bmfh4dDj<2)0UvXe3$Y>R#t%K%`sExjv}QjW+-GFk=1iGtWJb18 zRU0`qKVc}W6e-sBlh^`xXNGXBhZBJw6%Wi5`sa6-nV{L`7`#A}a8}5}qSu07uHafZfKW8Tl>FgRcJ`_m2%XO8*wZu?9nwE#cQ>7?trBn*Mt5=yHPDce|LGht zRZ8vuV7^V_t~8XYgxxzH6z`U#dm{BVcY|Po-bb}Z49C>CiDtcZ=Po|PK$x@JHq@bB zEeHJJBQ#8A+Ij+aund0)GQq8*ctfdEvXwfe_y}}h7|>xGHNo(KDhYA2oABMU(1kVm)Pt~wsnOx5G=T2C{#$w z*i+FyaT^2$Je9FMA9{vL_j3UHV$v(mzbE50hD9lGZgb`J3h^5yCX~7@if^+>X{>kJ z)aWW!=7pK>4ieJxjx_h4E+m=px^w2ox794Gi_~rwiGEMkC zdVi3AWjO1|_S!|2J%Mu);^%18@iE8=>bq=-j-hGbeIVZEmZSpJP4S^1A|W20})tPA2nz$&yf{chqJ|yGsgYoEwQ}pNngL_z7b-{XMuF+3spt>sJ zT>4Veo91Mg1}o6$mGB&wYtLTb8*6f6awN;_9e6Y_Ie}+}i6mD4GmTf1*h9ggfj@wb zE?<$D9gFzIfhZKFPg_0D2<|W1Y2*n<+0u@5*)tnYj zE3NQ?K~=nEDj6B(VfuY>Uhu4MGJH@B5~a-3;Dr!ep}gFYilLoiEfM`KNN#X$ESvUqiR;#HG@Xyxh2o+Ta0mBImob=VZBv5hHQto)^?Pm zGcud@_ot`G5mVm0}m3eHd@dSNpv@90?SGAa%AH7Kx-buv7+S;tahn{f{ zRp-SZ;&yHyp!3^frGE5*>amV)r}nr|xH`-mwdao5;%pZPB_s>?dj*RS$V8DLN4 zl}rjdVH5DmNy8X|53v6d8C1_&+WrNip8c-^@b7=L?IPyJRz|{B#@5C*PXCYAkfmbj zh-Hf6qvA@1HEdtdSWlFXiFA;xMF#6!s~kEs1d(5#NlLO4B)L?vJhxVn+|bS#4n+f# z+PFb?h$xFO0WH{d@M}WPJ%ql|>yYmH*E3oVho^i}u7JVhdA95H1IIDXvG>E1@5jqG zm(D=5FKWq33cZaqDx5{Ssl0jXkD7V2)J011S_}axX1QVx{Mta@ySp~}B8VV!&`DHw zj@1Bx_@A{LZ)|-CeFuRnsALWZ1q!LS5&h?;NXHK7+1vaU;zb`xE44mS$;H_W(vw7E zv+tRqq%Y3tYHTD@DLKfpqfS%mDIOJKAu&NKl5J&NrX)rVB(KTK3(|}8S@V{KR2F@d zG1>%jf9t3i72H_E!Lt+Xfp2(&=!tg^=0jrk{{-b}U8#}KO^7Cp?6gMlbNB0Kr`pdz zJ!TiNC9J);M!dXT^mLn$e1)}&R1Xf`EC z;kZ(UL(GK0Y);sei%1%=EHYn0-F-Al*!kQv>3ipz|$A5`&D81`sRjclq)7>(f3)0hT z8zvXe3x?=sl*r^#uJ=OO0rVpaWr~st;q?{O)s`CZcKV~p{%#LnZeIr~#z`9VRO8urx6jz(I2#wI?&f1*=%0a!yc5KZ17o*q~jlq%?1 zBEtbBkt zu=~1Z^L_GFCNJoUuxim+C(VeD@m6R|tmROWeL%wu(im({MF zA-t*D6j4nk%f{Ujr$?Z>__Z>y@~KruN3H2**eK$>10xylYqMyZq(p7Qs+qpH5MhPj$&wA_-j)?9JRW+fA7@kTTs z`0Y!3E%}M%2kiai?A`GGd$~mlZZrI{ZM!7Yi*skbpSMVJp-6P&s^Ea=u*+9i*A>2~ zwdZUMcW&&u=jJTDN*kIAE>2xWG?`D|4Q^FC%BYzkF2ZWx4{>u4z>_&rNZ38t3&vi@ z{byb9^JAjsqsIPI!JsfXrrG|LC+8!79CvFF<8XzxIC+9LLV~hBa+NQ@7y7gk?v$M0 zAu=Bt4=QwYcRX7rjBI0>g6JH`_l04{ypL^;X=SSya-scq0}S~N^T2r2193=7Kl znq_J~pvHb=863`s6h6gn3=Q`&SgV8SN!uQeH&WH>26gvnL+a2Ld{dZF)@Z$EHea&< z4qjtozCr;XZ2$gTFDYfdF>{MQJw;dp)pbU8TwP=8bErkvz|$ZG(UDoNYit5vk`vk+ z+q4V=eYi07@R;xSP^`od(JpH>&u_Cd$6V9&Y(k!fU>+|Dv6pci-M~gBf_w&&?V*R? z)h-9BA8IJDwIe?v4#3}R3N$c|h0p0m59viUG-B*(i;Szc&lRv9bl8X5?EqQq(}<9t zXI_4K%&5r%Sd+iaf1PzHba(R+ki=~QMs!GWGe-jEzD13@x1Q9izLq8XFIk5i;@8+v z7P`A!cf-fU!2mRe3iu%~DCNns6fugkTFOd#L{a{);q5;WXbLy1T`Y+sB}irH5B!{a z46j4;-n9E$-QSS!W2Zu@6I<5=UJ1><2N~X;tixW{$Lq}}@2snb%(U6JuIINe%R=J! z+!8lV_^;ZMR`f961x0SGuoJVV!H{jm<-4&fgy@Z@BNogqy!+d<0IvLFcDG)fSqfMs zJ5lB1m+F@#LDhB__p0fw7LIuZfyZfq7?Z!Nb;9hk_~Ib2EOq^it7`?s@sWEv6#uHRwh^`ZRt^x z@0stFO=5a;^M?T-H&~zTDf=$dbILK>v47sz=L4t5-fMJ5vs7iSSboREqds>zqFG)% zR`pCpzdCn4W^^89lcL0(fMR-fIkut^rztzCzt!y-~

+ * DeviceInfo = { ? "brand" : tstr, ? "manufacturer" : tstr, ? "product" : tstr, ? "model" : tstr, + * ? "board" : tstr, ? "vb_state" : "green" / "yellow" / "orange", // Taken from the AVB values + * ? "bootloader_state" : "locked" / "unlocked", // Taken from the AVB values ? + * "vbmeta_digest": bstr, // Taken from the AVB values ? "os_version" : + * tstr, // Same as android.os.Build.VERSION.release ? "system_patch_level" : + * uint, // YYYYMMDD ? "boot_patch_level" : uint, //YYYYMMDD + * ? "vendor_patch_level" : uint, // YYYYMMDD "version" : 1, // TheCDDL schema + * version "security_level" : "tee" / "strongbox" "att_id_state": "locked" / "open" } + */ + private short createDeviceInfo(byte[] scratchpad) { + // Device Info Key Value pairs. + for (short i = 0; i < 30; i++) { + deviceIds[i] = KMType.INVALID_VALUE; + } + short[] out = {0/* index */, 0 /* length */}; + updateItem(deviceIds, out, BRAND, getAttestationId(KMType.ATTESTATION_ID_BRAND, scratchpad)); + updateItem(deviceIds, out, MANUFACTURER, + getAttestationId(KMType.ATTESTATION_ID_MANUFACTURER, scratchpad)); + updateItem(deviceIds, out, PRODUCT, + getAttestationId(KMType.ATTESTATION_ID_PRODUCT, scratchpad)); + updateItem(deviceIds, out, MODEL, getAttestationId(KMType.ATTESTATION_ID_MODEL, scratchpad)); + updateItem(deviceIds, out, VB_STATE, getVbState()); + updateItem(deviceIds, out, BOOTLOADER_STATE, getBootloaderState()); + updateItem(deviceIds, out, VB_META_DIGEST, getVerifiedBootHash(scratchpad)); + updateItem(deviceIds, out, OS_VERSION, getBootParams(OS_VERSION_ID, scratchpad)); + updateItem(deviceIds, out, SYSTEM_PATCH_LEVEL, + getBootParams(SYSTEM_PATCH_LEVEL_ID, scratchpad)); + updateItem(deviceIds, out, BOOT_PATCH_LEVEL, getBootParams(BOOT_PATCH_LEVEL_ID, scratchpad)); + updateItem(deviceIds, out, VENDOR_PATCH_LEVEL, + getBootParams(VENDOR_PATCH_LEVEL_ID, scratchpad)); + updateItem(deviceIds, out, DEVICE_INFO_VERSION, KMInteger.uint_8(DI_SCHEMA_VERSION)); + updateItem(deviceIds, out, SECURITY_LEVEL, + KMTextString.instance(DI_SECURITY_LEVEL, (short) 0, (short) DI_SECURITY_LEVEL.length)); + //TODO Add attest_id_state + // Create device info map. + short map = KMMap.instance(out[1]); + short mapIndex = 0; + short index = 0; + while (index < (short) deviceIds.length) { + if (deviceIds[index] != KMType.INVALID_VALUE) { + KMMap.add(map, mapIndex++, deviceIds[index], deviceIds[(short) (index + 1)]); + } + index += 2; + } + KMMap.canonicalize(map); + return map; + } + + // Below 6 methods are helper methods to create device info structure. + //---------------------------------------------------------------------------- + + /** + * Update the item inside the device info structure. + * + * @param deviceIds Device Info structure to be updated. + * @param meta Out parameter meta information. Offset 0 is index and Offset 1 is length. + * @param item Key info to be updated. + * @param value value to be updated. + */ + private void updateItem(short[] deviceIds, short[] meta, byte[] item, short value) { + if (KMType.INVALID_VALUE != value) { + deviceIds[meta[0]++] = + KMTextString.instance(item, (short) 0, (short) item.length); + deviceIds[meta[0]++] = value; + meta[1]++; + } + } + + public short mapAttestIdToStoreId(short tag) { + switch (tag) { + // Attestation Id Brand + case KMType.ATTESTATION_ID_BRAND: + return KMDataStoreConstants.ATT_ID_BRAND; + // Attestation Id Device + case KMType.ATTESTATION_ID_DEVICE: + return KMDataStoreConstants.ATT_ID_DEVICE; + // Attestation Id Product + case KMType.ATTESTATION_ID_PRODUCT: + return KMDataStoreConstants.ATT_ID_PRODUCT; + // Attestation Id Serial + case KMType.ATTESTATION_ID_SERIAL: + return KMDataStoreConstants.ATT_ID_SERIAL; + // Attestation Id IMEI + case KMType.ATTESTATION_ID_IMEI: + return KMDataStoreConstants.ATT_ID_IMEI; + // Attestation Id MEID + case KMType.ATTESTATION_ID_MEID: + return KMDataStoreConstants.ATT_ID_MEID; + // Attestation Id Manufacturer + case KMType.ATTESTATION_ID_MANUFACTURER: + return KMDataStoreConstants.ATT_ID_MANUFACTURER; + // Attestation Id Model + case KMType.ATTESTATION_ID_MODEL: + return KMDataStoreConstants.ATT_ID_MODEL; + default: + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + return KMType.INVALID_VALUE; + } + + private short getAttestationId(short attestId, byte[] scratchpad) { + short attIdTagLen = storeDataInst.getData((byte) mapAttestIdToStoreId(attestId), + scratchpad, (short) 0); + if (attIdTagLen != 0) { + return KMTextString.instance(scratchpad, (short) 0, attIdTagLen); + } + return KMType.INVALID_VALUE; + } + + private short getVerifiedBootHash(byte[] scratchPad) { + short len = bootParamsProv.getVerifiedBootHash(scratchPad, (short) 0); + if (len != 0) { + return KMByteBlob.instance(scratchPad, (short) 0, len); + } + return KMType.INVALID_VALUE; + } + + private short getBootloaderState() { + short bootloaderState; + if (bootParamsProv.isDeviceBootLocked()) { + bootloaderState = KMTextString.instance(LOCKED, (short) 0, (short) LOCKED.length); + } else { + bootloaderState = KMTextString.instance(UNLOCKED, (short) 0, (short) UNLOCKED.length); + } + return bootloaderState; + } + + private short getVbState() { + short state = bootParamsProv.getBootState(); + short vbState = KMType.INVALID_VALUE; + if (state == KMType.VERIFIED_BOOT) { + vbState = KMTextString.instance(VB_STATE_GREEN, (short) 0, (short) VB_STATE_GREEN.length); + } else if (state == KMType.SELF_SIGNED_BOOT) { + vbState = KMTextString.instance(VB_STATE_YELLOW, (short) 0, (short) VB_STATE_YELLOW.length); + } else if (state == KMType.UNVERIFIED_BOOT) { + vbState = KMTextString.instance(VB_STATE_ORANGE, (short) 0, (short) VB_STATE_ORANGE.length); + } else if (state == KMType.FAILED_BOOT) { + vbState = KMTextString.instance(VB_STATE_RED, (short) 0, (short) VB_STATE_RED.length); + } + return vbState; + } + + private short readData(byte storeDataId, byte[] scratchPad, short offset) { + short len = storeDataInst.getData(storeDataId, scratchPad, offset); + if (len == 0) { + KMException.throwIt(KMError.INVALID_DATA); + } + return len; + } + + private short readInteger32(byte storeDataId, byte[] scratchPad, short offset) { + readData(storeDataId, scratchPad, offset); + return KMInteger.uint_32(scratchPad, offset); + } + + private short getBootParams(byte bootParam, byte[] scratchPad) { + short value = KMType.INVALID_VALUE; + switch (bootParam) { + case OS_VERSION_ID: + value = readInteger32(KMDataStoreConstants.OS_VERSION, scratchPad, (short) 0); + break; + case SYSTEM_PATCH_LEVEL_ID: + value = readInteger32(KMDataStoreConstants.OS_PATCH_LEVEL, scratchPad, (short) 0); + break; + case BOOT_PATCH_LEVEL_ID: + short len = bootParamsProv.getBootPatchLevel(scratchPad, (short) 0); + value = KMByteBlob.instance(scratchPad, (short) 0, len); + break; + case VENDOR_PATCH_LEVEL_ID: + value = readInteger32(KMDataStoreConstants.VENDOR_PATCH_LEVEL, scratchPad, (short) 0); + break; + default: + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + // Convert Integer to Text String for OS_VERSION. + if (bootParam == OS_VERSION_ID) { + value = + KMTextString + .instance(KMInteger.getBuffer(value), KMInteger.getStartOff(value), + KMInteger.length(value)); + } + return value; + } + //---------------------------------------------------------------------------- + + //---------------------------------------------------------------------------- + // ECDH HKDF + private short ecdhHkdfDeriveKey(byte[] privKeyA, short privKeyAOff, short privKeyALen, + byte[] pubKeyA, + short pubKeyAOff, short pubKeyALen, byte[] pubKeyB, short pubKeyBOff, + short pubKeyBLen, byte[] scratchPad) { + short key = + seProvider.ecdhKeyAgreement(privKeyA, privKeyAOff, privKeyALen, pubKeyB, pubKeyBOff, + pubKeyBLen, scratchPad, (short) 0); + key = KMByteBlob.instance(scratchPad, (short) 0, key); + + short kdfContext = + kmCoseInst.constructKdfContext(pubKeyA, pubKeyAOff, pubKeyALen, pubKeyB, pubKeyBOff, + pubKeyBLen, + true); + kdfContext = KMAppletInst + .encodeToApduBuffer(kdfContext, scratchPad, (short) 0, MAX_COSE_BUF_SIZE); + kdfContext = KMByteBlob.instance(scratchPad, (short) 0, kdfContext); + + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 32, (byte) 0); + seProvider.hkdf( + KMByteBlob.getBuffer(key), + KMByteBlob.getStartOff(key), + KMByteBlob.length(key), + scratchPad, + (short) 0, + (short) 32, + KMByteBlob.getBuffer(kdfContext), + KMByteBlob.getStartOff(kdfContext), + KMByteBlob.length(kdfContext), + scratchPad, + (short) 32, // offset + (short) 32 // Length of expected output. + ); + Util.arrayCopy(scratchPad, (short) 32, scratchPad, (short) 0, (short) 32); + return (short) 32; + } + + //---------------------------------------------------------------------------- + // This function returns the instance of private key and It stores the public key in the + // data table for later usage. + private short generateEphemeralEcKey(byte[] scratchPad) { + // Generate ephemeral ec key. + short[] lengths = {0/* Private key Length*/, 0 /* Public key length*/}; + seProvider.createAsymmetricKey( + KMType.EC, + scratchPad, + (short) 0, + (short) 128, + scratchPad, + (short) 128, + (short) 128, + lengths); + // Copy the ephemeral private key from scratch pad + short ptr = KMByteBlob.instance(lengths[0]); + Util.arrayCopyNonAtomic( + scratchPad, + (short) 0, + KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr), + lengths[0]); + //Store ephemeral public key in data table for later usage. + short dataEntryIndex = createEntry(EPHEMERAL_PUB_KEY, lengths[1]); + Util.arrayCopyNonAtomic(scratchPad, (short) 128, data, dataEntryIndex, lengths[1]); + return ptr; + } + + private void initHmacOperation() { + short dataEntryIndex = getEntry(EPHEMERAL_MAC_KEY); + operation[0] = + seProvider.initSymmetricOperation( + KMType.SIGN, + KMType.HMAC, + KMType.SHA2_256, + KMType.PADDING_NONE, + (byte) 0, + data, + dataEntryIndex, + getEntryLength(EPHEMERAL_MAC_KEY), + null, + (short) 0, + (short) 0, + (short) 0 + ); + if (operation[0] == null) { + KMException.throwIt(KMError.STATUS_FAILED); + } + } + + private void initAesGcmOperation(byte[] scratchPad, short nonce) { + // Generate Ephemeral mac key + short privKey = generateEphemeralEcKey(scratchPad); + short pubKeyIndex = getEntry(EPHEMERAL_PUB_KEY); + // Generate session key + short eekIndex = getEntry(EEK_KEY); + // Generate session key + short sessionKeyLen = + ecdhHkdfDeriveKey( + KMByteBlob.getBuffer(privKey), /* Ephemeral Private Key */ + KMByteBlob.getStartOff(privKey), + KMByteBlob.length(privKey), + data, /* Ephemeral Public key */ + pubKeyIndex, + getEntryLength(EPHEMERAL_PUB_KEY), + data, /* EEK Public key */ + eekIndex, + getEntryLength(EEK_KEY), + scratchPad /* scratchpad */ + ); + // Initialize the Cipher object. + operation[0] = + seProvider.initSymmetricOperation( + KMType.ENCRYPT, + KMType.AES, + (byte) 0, + KMType.PADDING_NONE, + KMType.GCM, + scratchPad, /* key */ + (short) 0, + sessionKeyLen, + KMByteBlob.getBuffer(nonce), /* nonce */ + KMByteBlob.getStartOff(nonce), + KMByteBlob.length(nonce), + (short) (KMKeymasterDevice.AES_GCM_AUTH_TAG_LENGTH * 8) + ); + if (operation[0] == null) { + KMException.throwIt(KMError.STATUS_FAILED); + } + } + + private short processRecipientStructure(byte[] scratchPad) { + short protectedHeaderRecipient = kmCoseInst.constructHeaders( + KMNInteger.uint_8(KMCose.COSE_ALG_ECDH_ES_HKDF_256), + KMType.INVALID_VALUE, + KMType.INVALID_VALUE, + KMType.INVALID_VALUE); + // Encode the protected header as byte blob. + protectedHeaderRecipient = KMAppletInst + .encodeToApduBuffer(protectedHeaderRecipient, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + protectedHeaderRecipient = KMByteBlob.instance(scratchPad, (short) 0, protectedHeaderRecipient); + + /* Construct unprotected headers */ + short pubKeyIndex = getEntry(EPHEMERAL_PUB_KEY); + // prepare cosekey + short coseKey = + kmCoseInst.constructCoseKey( + KMInteger.uint_8(KMCose.COSE_KEY_TYPE_EC2), + KMType.INVALID_VALUE, + KMNInteger.uint_8(KMCose.COSE_ALG_ES256), + KMType.INVALID_VALUE, + KMInteger.uint_8(KMCose.COSE_ECCURVE_256), + data, + pubKeyIndex, + getEntryLength(EPHEMERAL_PUB_KEY), + KMType.INVALID_VALUE, + false + ); + short keyIdentifierPtr = KMByteBlob + .instance(data, getEntry(EEK_KEY_ID), getEntryLength(EEK_KEY_ID)); + short unprotectedHeaderRecipient = + kmCoseInst.constructHeaders(KMType.INVALID_VALUE, keyIdentifierPtr, KMType.INVALID_VALUE, + coseKey); + + // Construct recipients structure. + return kmCoseInst.constructRecipientsStructure(protectedHeaderRecipient, + unprotectedHeaderRecipient, + KMSimpleValue.instance(KMSimpleValue.NULL)); + } + + private short getAdditionalCertChainProcessedLength() { + short dataEntryIndex = getEntry(ACC_PROCESSED_LENGTH); + if (dataEntryIndex == 0) { + dataEntryIndex = createEntry(ACC_PROCESSED_LENGTH, SHORT_SIZE); + Util.setShort(data, dataEntryIndex, (short) 0); + return (short) 0; + } + return Util.getShort(data, dataEntryIndex); + } + + private void updateAdditionalCertChainProcessedLength(short processedLen) { + short dataEntryIndex = getEntry(ACC_PROCESSED_LENGTH); + Util.setShort(data, dataEntryIndex, processedLen); + } + + private short processAdditionalCertificateChain(byte[] scratchPad) { + byte[] persistedData = rkpStoreDataInst.getData(KMDataStoreConstants.ADDITIONAL_CERT_CHAIN); + short totalAccLen = Util.getShort(persistedData, (short) 0); + if (totalAccLen == 0) { + // No Additional certificate chain present. + return 0; + } + short processedLen = getAdditionalCertChainProcessedLength(); + short lengthToSend = (short) (totalAccLen - processedLen); + if (lengthToSend > MAX_SEND_DATA) { + lengthToSend = MAX_SEND_DATA; + } + short cipherTextLen = + ((KMOperation) operation[0]).update(persistedData, (short) (2 + processedLen), lengthToSend, + scratchPad, (short) 0); + processedLen += lengthToSend; + updateAdditionalCertChainProcessedLength(processedLen); + // Update the output processing state. + updateOutputProcessingState( + (processedLen == totalAccLen) ? PROCESSING_ACC_COMPLETE : PROCESSING_ACC_IN_PROGRESS); + return cipherTextLen; + } + + // BCC for STRONGBOX has chain length of 2. So it can be returned in a single go. + private short processBcc(byte[] scratchPad) { + // Construct BCC + boolean testMode = (TRUE == data[getEntry(TEST_MODE)]) ? true : false; + short len; + if (testMode) { + short bcc = KMAppletInst.generateBcc(true, scratchPad); + len = KMAppletInst + .encodeToApduBuffer(bcc, scratchPad, (short) 0, MAX_COSE_BUF_SIZE); + } else { + byte[] bcc = rkpStoreDataInst.getData(KMDataStoreConstants.BOOT_CERT_CHAIN); + len = Util.getShort(bcc, (short) 0); + Util.arrayCopyNonAtomic(bcc, (short) 2, scratchPad, (short) 0, len); + } + short cipherTextLen = ((KMOperation) operation[0]) + .update(scratchPad, (short) 0, len, scratchPad, len); + // move cipher text on scratch pad from starting position. + Util.arrayCopyNonAtomic(scratchPad, len, scratchPad, (short) 0, cipherTextLen); + createEntry(RESPONSE_PROCESSING_STATE, BYTE_SIZE); + // If there is no additional certificate chain present then put the state to + // PROCESSING_ACC_COMPLETE. + updateOutputProcessingState( + isAdditionalCertificateChainPresent() ? PROCESSING_BCC_COMPLETE : PROCESSING_ACC_COMPLETE); + return cipherTextLen; + } + + // AAD is the CoseEncrypt structure + private void processAesGcmUpdateAad(byte[] scratchPad) { + short protectedHeader = kmCoseInst.constructHeaders( + KMInteger.uint_8(KMCose.COSE_ALG_AES_GCM_256), + KMType.INVALID_VALUE, + KMType.INVALID_VALUE, + KMType.INVALID_VALUE); + // Encode the protected header as byte blob. + protectedHeader = KMAppletInst.encodeToApduBuffer(protectedHeader, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + protectedHeader = KMByteBlob.instance(scratchPad, (short) 0, protectedHeader); + short coseEncryptStr = + kmCoseInst.constructCoseEncryptStructure(protectedHeader, KMByteBlob.instance((short) 0)); + coseEncryptStr = KMAppletInst.encodeToApduBuffer(coseEncryptStr, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + ((KMOperation) operation[0]).updateAAD(scratchPad, (short) 0, coseEncryptStr); + } + + private short processSignedMac(byte[] scratchPad, short pubKeysToSignMac, short deviceInfo) { + // Construct SignedMac + KMDeviceUniqueKey deviceUniqueKey = + createDeviceUniqueKey((TRUE == data[getEntry(TEST_MODE)]) ? true : false, scratchPad); + // Create signedMac + short signedMac = createSignedMac(deviceUniqueKey, scratchPad, deviceInfo, pubKeysToSignMac); + //Prepare partial data for encryption. + short arrLength = (short) (isAdditionalCertificateChainPresent() ? 3 : 2); + short arr = KMArray.instance(arrLength); + KMArray.add(arr, (short) 0, signedMac); + KMArray.add(arr, (short) 1, KMType.INVALID_VALUE); + if (arrLength == 3) { + KMArray.add(arr, (short) 2, KMType.INVALID_VALUE); + } + short len = KMAppletInst + .encodeToApduBuffer(arr, scratchPad, (short) 0, MAX_COSE_BUF_SIZE); + short cipherTextLen = ((KMOperation) operation[0]) + .update(scratchPad, (short) 0, len, scratchPad, len); + Util.arrayCopyNonAtomic( + scratchPad, + len, + scratchPad, + (short) 0, + cipherTextLen + ); + return cipherTextLen; + } + + private short getCoseEncryptProtectedHeader(byte[] scratchPad) { + // CoseEncrypt protected headers. + short protectedHeader = kmCoseInst.constructHeaders( + KMInteger.uint_8(KMCose.COSE_ALG_AES_GCM_256), + KMType.INVALID_VALUE, + KMType.INVALID_VALUE, + KMType.INVALID_VALUE); + // Encode the protected header as byte blob. + protectedHeader = KMAppletInst.encodeToApduBuffer(protectedHeader, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + return KMByteBlob.instance(scratchPad, (short) 0, protectedHeader); + } + + private short getCoseEncryptUnprotectedHeader(byte[] scratchPad, short nonce) { + /* CoseEncrypt unprotected headers */ + return kmCoseInst + .constructHeaders(KMType.INVALID_VALUE, KMType.INVALID_VALUE, nonce, KMType.INVALID_VALUE); + } + + private short constructCoseMacForRkpKey(boolean testMode, byte[] scratchPad, short pubKey) { + // prepare cosekey + short coseKey = + kmCoseInst.constructCoseKey( + KMInteger.uint_8(KMCose.COSE_KEY_TYPE_EC2), + KMType.INVALID_VALUE, + KMNInteger.uint_8(KMCose.COSE_ALG_ES256), + KMType.INVALID_VALUE, + KMInteger.uint_8(KMCose.COSE_ECCURVE_256), + KMByteBlob.getBuffer(pubKey), + KMByteBlob.getStartOff(pubKey), + KMByteBlob.length(pubKey), + KMType.INVALID_VALUE, + testMode); + // Encode the cose key and make it as payload. + short len = KMAppletInst + .encodeToApduBuffer(coseKey, scratchPad, (short) 0, MAX_COSE_BUF_SIZE); + short payload = KMByteBlob.instance(scratchPad, (short) 0, len); + // Get the mackey. + short macKey = getHmacKey(testMode, scratchPad); + // Prepare protected header, which is required to construct the COSE_MAC0 + short headerPtr = kmCoseInst.constructHeaders( + KMInteger.uint_8(KMCose.COSE_ALG_HMAC_256), + KMType.INVALID_VALUE, + KMType.INVALID_VALUE, + KMType.INVALID_VALUE); + // Encode the protected header as byte blob. + len = KMAppletInst + .encodeToApduBuffer(headerPtr, scratchPad, (short) 0, MAX_COSE_BUF_SIZE); + short protectedHeader = KMByteBlob.instance(scratchPad, (short) 0, len); + // create MAC_Structure + short macStructure = + kmCoseInst.constructCoseMacStructure(protectedHeader, KMByteBlob.instance((short) 0), + payload); + // Encode the Mac_structure and do HMAC_Sign to produce the tag for COSE_MAC0 + len = KMAppletInst.encodeToApduBuffer(macStructure, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + // HMAC Sign. + short hmacLen = seProvider + .hmacSign(KMByteBlob.getBuffer(macKey), KMByteBlob.getStartOff(macKey), + (short) 32, scratchPad, (short) 0, len, scratchPad, len); + // Create COSE_MAC0 object + short coseMac0 = + kmCoseInst + .constructCoseMac0(protectedHeader, KMCoseHeaders.instance(KMArray.instance((short) 0)), + payload, + KMByteBlob.instance(scratchPad, len, hmacLen)); + len = KMAppletInst + .encodeToApduBuffer(coseMac0, scratchPad, (short) 0, MAX_COSE_BUF_SIZE); + return KMByteBlob.instance(scratchPad, (short) 0, len); + } + + private short getEcAttestKeyParameters() { + short tagIndex = 0; + short arrPtr = KMArray.instance((short) 6); + // Key size - 256 + short keySize = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 256)); + // Digest - SHA256 + short byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.add(byteBlob, (short) 0, KMType.SHA2_256); + short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); + // Purpose - Attest + byteBlob = KMByteBlob.instance((short) 1); + KMByteBlob.add(byteBlob, (short) 0, KMType.ATTEST_KEY); + short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); + + KMArray.add(arrPtr, tagIndex++, purpose); + // Algorithm - EC + KMArray.add(arrPtr, tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); + KMArray.add(arrPtr, tagIndex++, keySize); + KMArray.add(arrPtr, tagIndex++, digest); + // Curve - P256 + KMArray.add(arrPtr, tagIndex++, KMEnumTag.instance(KMType.ECCURVE, KMType.P_256)); + // No Authentication is required to use this key. + KMArray.add(arrPtr, tagIndex, KMBoolTag.instance(KMType.NO_AUTH_REQUIRED)); + return KMKeyParameters.instance(arrPtr); + } +} diff --git a/HAL/.clang-format b/HAL/.clang-format new file mode 100644 index 00000000..b0dc94c1 --- /dev/null +++ b/HAL/.clang-format @@ -0,0 +1,10 @@ +BasedOnStyle: LLVM +IndentWidth: 4 +UseTab: Never +BreakBeforeBraces: Attach +AllowShortFunctionsOnASingleLine: Inline +AllowShortIfStatementsOnASingleLine: true +IndentCaseLabels: false +ColumnLimit: 100 +PointerBindsToType: true +SpacesBeforeTrailingComments: 2 diff --git a/HAL/Android.bp b/HAL/Android.bp new file mode 100644 index 00000000..83cb013c --- /dev/null +++ b/HAL/Android.bp @@ -0,0 +1,222 @@ +// Copyright (C) 2020 The Android Open Source Project +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// + +cc_library { + name: "libjc_keymint", + defaults: [ + "keymaster_defaults", + ], + srcs: [ + "JavacardKeyMintDevice.cpp", + "JavacardKeyMintOperation.cpp", + "JavacardKeyMintUtils.cpp", + "JavacardRemotelyProvisionedComponentDevice.cpp", + "JavacardSharedSecret.cpp", + ], + cflags:["-O0",], + shared_libs: [ + "android.hardware.security.keymint-V1-ndk", + "android.hardware.security.secureclock-V1-ndk", + "android.hardware.security.sharedsecret-V1-ndk", + "lib_android_keymaster_keymint_utils", + "libbase", + "libcppbor_external", + "libkeymaster_portable", + "libkeymaster_messages", + "libsoft_attestation_cert", + "liblog", + "libcrypto", + "libcutils", + "libjc_km_transport", + "libbinder_ndk", + "libjc_keymaster_portable", + ], + export_include_dirs: [ + ".", + ], + vendor_available: true, +} + +cc_library { + name: "libjc_keymaster_portable", + defaults: [ + "keymaster_defaults", + ], + srcs: [ + "JavacardKeymaster.cpp", + "CborConverter.cpp", + "KMUtils.cpp", + "JavacardSecureElement.cpp", + "JavacardKeymasterOperation.cpp", + ], + cflags:["-O0",], + shared_libs: [ + "libbase", + "libcppbor_external", + "libkeymaster_portable", + "libkeymaster_messages", + "libpuresoftkeymasterdevice", + "libsoft_attestation_cert", + "liblog", + "libcrypto", + "libcutils", + "libjc_km_transport", + "libbinder_ndk", + ], + export_include_dirs: [ + ".", + ], + vendor_available: true, +} + +cc_library { + name: "libjc_km_transport", + vendor_available: true, + srcs: [ + "SocketTransport.cpp", + ], + export_include_dirs: [ + "." + ], + shared_libs: [ + "libbase", + "liblog", + ], +} + +cc_library { + name: "libjc_keymaster", + defaults: [ + "keymaster_defaults", + ], + srcs: [ + "JavacardKeymaster4Device.cpp", + "JavacardSoftKeymasterContext.cpp", + ], + cflags:["-O0",], + shared_libs: [ + "liblog", + "libcutils", + "libdl", + "libbase", + "libutils", + "libhardware", + "libhidlbase", + "libsoftkeymasterdevice", + "libsoft_attestation_cert", + "libkeymaster_messages", + "libkeymaster_portable", + "libcppbor_external", + "android.hardware.keymaster@4.1", + "android.hardware.keymaster@4.0", + "libjc_km_transport", + "libjc_keymaster_portable", + "libcrypto", + "libkeymaster4support", + ], + export_include_dirs: [ + ".", + ], + vendor_available: true, +} + +cc_binary { + name: "android.hardware.keymaster@4.1-strongbox.service", + relative_install_path: "hw", + vendor: true, + init_rc: ["android.hardware.keymaster@4.1-strongbox.service.rc"], + vintf_fragments: ["android.hardware.keymaster@4.1-strongbox.service.xml"], + cflags: [ + "-Wall", + "-Wextra", + ], + srcs: [ + "keymasterService.cpp", + ], + shared_libs: [ + "liblog", + "libcutils", + "libdl", + "libbase", + "libutils", + "libhardware", + "libhidlbase", + "libsoftkeymasterdevice", + "libsoft_attestation_cert", + "libkeymaster_messages", + "libkeymaster_portable", + "libcppbor_external", + "android.hardware.keymaster@4.1", + "android.hardware.keymaster@4.0", + "libjc_km_transport", + "libcrypto", + "libjc_keymaster", + "libjc_keymaster_portable", + ], + required: [ + "android.hardware.keymaster_strongbox_keystore.xml", + ], +} + +cc_binary { + name: "android.hardware.security.keymint-service.strongbox", + relative_install_path: "hw", + init_rc: ["android.hardware.security.keymint-service.strongbox.rc"], + vintf_fragments: [ + "android.hardware.security.keymint-service.strongbox.xml", + "android.hardware.security.sharedsecret-service.strongbox.xml", + ], + vendor: true, + cflags: [ + "-Wall", + "-Wextra", + ], + shared_libs: [ + "android.hardware.security.keymint-V1-ndk", + "android.hardware.security.sharedsecret-V1-ndk", + "libbase", + "libbinder_ndk", + "libcppbor_external", + "libcrypto", + "libkeymaster_portable", + "libjc_keymint", + "libjc_km_transport", + "liblog", + "libutils", + "libjc_keymaster_portable", + ], + srcs: [ + "keymintService.cpp", + ], + required: [ + "RemoteProvisioner", + "android.hardware.strongbox_keystore.xml", + ], +} + +prebuilt_etc { + name: "android.hardware.strongbox_keystore.xml", + sub_dir: "permissions", + vendor: true, + src: "android.hardware.strongbox_keystore.xml", +} + +prebuilt_etc { + name: "android.hardware.keymaster_strongbox_keystore.xml", + sub_dir: "permissions", + vendor: true, + src: "android.hardware.keymaster_strongbox_keystore.xml", +} + diff --git a/HAL/CborConverter.cpp b/HAL/CborConverter.cpp new file mode 100644 index 00000000..66d538b2 --- /dev/null +++ b/HAL/CborConverter.cpp @@ -0,0 +1,454 @@ +/* + ** + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ + +#include "CborConverter.h" +#include +#include +#include +#include +#include +#include + +namespace javacard_keymaster { +using namespace cppbor; +using ::keymaster::KeymasterBlob; +using std::string; +using std::unique_ptr; +using std::vector; + +inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) { + return keymaster_tag_get_type(tag); +} + +inline vector kmBlob2vector(const keymaster_blob_t& blob) { + vector result(blob.data, blob.data + blob.data_length); + return result; +} + +bool CborConverter::addKeyparameters(Array& array, const keymaster_key_param_set_t& paramSet) { + Map map; + std::map> enum_repetition; + std::map uint_repetition; + for (size_t i = 0; i < paramSet.length; i++) { + const auto& param = paramSet.params[i]; + switch (typeFromTag(param.tag)) { + case KM_ENUM: + map.add(static_cast(param.tag), param.enumerated); + break; + case KM_UINT: + map.add(static_cast(param.tag), param.integer); + break; + case KM_UINT_REP: + uint_repetition[static_cast(param.tag)].add(param.integer); + break; + case KM_ENUM_REP: + enum_repetition[static_cast(param.tag)].push_back( + static_cast(param.enumerated)); + break; + case KM_ULONG: + map.add(static_cast(param.tag), param.long_integer); + break; + case KM_ULONG_REP: + uint_repetition[static_cast(param.tag & 0x00000000ffffffff)].add( + param.long_integer); + break; + case KM_DATE: + map.add(static_cast(param.tag), param.date_time); + break; + case KM_BOOL: + map.add(static_cast(param.tag), static_cast(param.boolean)); + break; + case KM_BIGNUM: + case KM_BYTES: + map.add(static_cast(param.tag & 0x00000000ffffffff), + kmBlob2vector(param.blob)); + break; + default: + /* Invalid skip */ + break; + } + } + if (0 < enum_repetition.size()) { + for (auto const& [key, val] : enum_repetition) { + Bstr bstr(val); + map.add(key, std::move(bstr)); + } + } + if (0 < uint_repetition.size()) { + for (auto& [key, val] : uint_repetition) { + map.add(key, std::move(val)); + } + } + array.add(std::move(map)); + return true; +} + +bool CborConverter::getKeyCharacteristics(const std::unique_ptr& item, const uint32_t pos, + AuthorizationSet& swEnforced, + AuthorizationSet& hwEnforced, + AuthorizationSet& teeEnforced) { + unique_ptr arrayItem(nullptr); + getItemAtPos(item, pos, arrayItem); + if ((arrayItem == nullptr) || (MajorType::ARRAY != getType(arrayItem))) return false; + + if (!getKeyParameters(arrayItem, 0, swEnforced) || + !getKeyParameters(arrayItem, 1, hwEnforced) || + !getKeyParameters(arrayItem, 2, teeEnforced)) { + return false; + } + return true; +} + +bool CborConverter::getKeyParameter( + const std::pair&, const unique_ptr&> pair, + AuthorizationSet& keyParams) { + uint64_t key; + uint64_t value; + if (!getUint64(pair.first, key)) { + return false; + } + switch (keymaster_tag_get_type(static_cast(key))) { + case KM_ENUM_REP: { + /* ENUM_REP contains values encoded in a Binary string */ + const Bstr* bstr = pair.second.get()->asBstr(); + if (bstr == nullptr) return false; + for (auto bchar : bstr->value()) { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + keyParam.enumerated = bchar; + keyParams.push_back(keyParam); + } + } break; + case KM_ENUM: { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + if (!getUint64(pair.second, value)) { + return false; + } + keyParam.enumerated = static_cast(value); + keyParams.push_back(keyParam); + } break; + case KM_UINT: { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + if (!getUint64(pair.second, value)) { + return false; + } + keyParam.integer = static_cast(value); + keyParams.push_back(keyParam); + } break; + case KM_ULONG: { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + if (!getUint64(pair.second, value)) { + return false; + } + keyParam.long_integer = value; + keyParams.push_back(keyParam); + } break; + case KM_UINT_REP: { + /* UINT_REP contains values encoded in a Array */ + Array* array = const_cast(pair.second.get()->asArray()); + if (array == nullptr) return false; + for (int i = 0; i < array->size(); i++) { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + std::unique_ptr item = std::move((*array)[i]); + if (!getUint64(item, value)) { + return false; + } + keyParam.integer = static_cast(value); + keyParams.push_back(keyParam); + } + } break; + case KM_ULONG_REP: { + /* ULONG_REP contains values encoded in a Array */ + Array* array = const_cast(pair.second.get()->asArray()); + if (array == nullptr) return false; + for (int i = 0; i < array->size(); i++) { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + std::unique_ptr item = std::move((*array)[i]); + if (!getUint64(item, keyParam.long_integer)) { + return false; + } + keyParams.push_back(keyParam); + } + } break; + case KM_DATE: { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + if (!getUint64(pair.second, value)) { + return false; + } + keyParam.date_time = value; + keyParams.push_back(keyParam); + } break; + case KM_BOOL: { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + if (!getUint64(pair.second, value)) { + return false; + } + // TODO re-check the logic below + keyParam.boolean = static_cast(value); + keyParams.push_back(keyParam); + } break; + case KM_BYTES: { + keymaster_key_param_t keyParam; + keyParam.tag = static_cast(key); + const Bstr* bstr = pair.second.get()->asBstr(); + if (bstr == nullptr) return false; + size_t blobSize = bstr->value().size(); + keyParam.blob.data = keymaster::dup_buffer(bstr->value().data(), blobSize); + keyParam.blob.data_length = blobSize; + keyParams.push_back(keyParam); + } break; + default: + /* Invalid - return error */ + return false; + break; + } + return true; +} + +bool CborConverter::getMultiBinaryArray(const unique_ptr& item, const uint32_t pos, + vector>& data) { + bool ret = false; + std::unique_ptr arrayItem(nullptr); + + getItemAtPos(item, pos, arrayItem); + if ((arrayItem == nullptr) || (MajorType::ARRAY != getType(arrayItem))) return ret; + const Array* arr = arrayItem.get()->asArray(); + size_t arrSize = arr->size(); + for (int i = 0; i < arrSize; i++) { + std::vector temp; + if (!getBinaryArray(arrayItem, i, temp)) return ret; + data.push_back(std::move(temp)); + } + ret = true; // success + return ret; +} + +bool CborConverter::getBinaryArray(const unique_ptr& item, const uint32_t pos, + string& value) { + vector vec; + string str; + if (!getBinaryArray(item, pos, vec)) { + return false; + } + for (auto ch : vec) { + str += ch; + } + value = str; + return true; +} + +bool CborConverter::getBinaryArray(const unique_ptr& item, const uint32_t pos, + vector& value) { + bool ret = false; + unique_ptr strItem(nullptr); + getItemAtPos(item, pos, strItem); + if ((strItem == nullptr) || (MajorType::BSTR != getType(strItem))) return ret; + + const Bstr* bstr = strItem.get()->asBstr(); + for (auto bchar : bstr->value()) { + value.push_back(bchar); + } + ret = true; + return ret; +} + +bool CborConverter::getSharedSecretParameters(const unique_ptr& item, const uint32_t pos, + vector& seed, vector& nonce) { + std::unique_ptr arrayItem(nullptr); + // Array [seed, nonce] + getItemAtPos(item, pos, arrayItem); + if ((arrayItem == nullptr) || (MajorType::ARRAY != getType(arrayItem)) || + !getBinaryArray(arrayItem, 0, seed) || !getBinaryArray(arrayItem, 1, nonce)) { + return false; + } + return true; +} + +bool CborConverter::addSharedSecretParameters(Array& array, vector params) { + Array cborParamsVec; + for (auto param : params) { + Array cborParam; + cborParam.add(param.seed); + cborParam.add(param.nonce); + cborParamsVec.add(std::move(cborParam)); + } + array.add(std::move(cborParamsVec)); + return true; +} + +bool CborConverter::addTimeStampToken(Array& array, const TimestampToken& token) { + vector mac(token.mac.begin(), token.mac.end()); + Array vToken; + vToken.add(static_cast(token.challenge)); + vToken.add(static_cast(token.timestamp)); + vToken.add(mac); + array.add(std::move(vToken)); + return true; +} + +bool CborConverter::addVerificationToken(Array& vToken, const VerificationToken& token, + const vector& encodedParamsVerified) { + vector mac(token.mac.begin(), token.mac.end()); + vToken.add(token.challenge); + vToken.add(token.timestamp); + vToken.add(std::move(encodedParamsVerified)); + vToken.add(static_cast(token.security_level)); + vToken.add(mac); + return true; +} + +bool CborConverter::addHardwareAuthToken(Array& array, const HardwareAuthToken& authToken) { + vector mac(authToken.mac.begin(), authToken.mac.end()); + Array hwAuthToken; + hwAuthToken.add(static_cast(authToken.challenge)); + hwAuthToken.add(static_cast(authToken.user_id)); + hwAuthToken.add(static_cast(authToken.authenticator_id)); + hwAuthToken.add(static_cast(authToken.authenticator_type)); + hwAuthToken.add(static_cast(authToken.timestamp)); + hwAuthToken.add(mac); + array.add(std::move(hwAuthToken)); + return true; +} + +bool CborConverter::getHardwareAuthToken(const unique_ptr& item, const uint32_t pos, + HardwareAuthToken& token) { + uint64_t authType; + std::vector mac; + // challenge, userId, AuthenticatorId, AuthType, Timestamp, MAC + if (!getUint64(item, pos, token.challenge) || + !getUint64(item, pos + 1, token.user_id) || + !getUint64(item, pos + 2, token.authenticator_id) || + !getUint64(item, pos + 3, authType) || + !getUint64(item, pos + 4, token.timestamp) || + !getBinaryArray(item, pos + 5, mac)) { + return false; + } + token.authenticator_type = static_cast(authType); + token.mac = KeymasterBlob(mac.data(), mac.size()); + return true; +} + +bool CborConverter::getTimeStampToken(const unique_ptr& item, const uint32_t pos, + TimestampToken& token) { + // {challenge, timestamp, Mac} + std::vector mac; + if (!getUint64(item, pos, token.challenge) || + !getUint64(item, pos + 1, token.timestamp) || + !getBinaryArray(item, pos + 2, mac)) { + return false; + } + token.mac = KeymasterBlob(mac.data(), mac.size()); + return true; +} + +bool CborConverter::getVerificationToken(const unique_ptr& item, const uint32_t pos, + VerificationToken& token) { + // {challenge, timestamp, parametersVerified, securityLevel, Mac} + std::vector mac; + uint64_t securityLevel; + if (!getUint64(item, pos, token.challenge) || + !getUint64(item, pos + 1, token.timestamp) || + !getKeyParameters(item, pos + 2, token.parameters_verified) || + !getUint64(item, pos + 3, securityLevel) || !getBinaryArray(item, pos + 4, mac)) { + return false; + } + token.security_level = static_cast(securityLevel); + token.mac = KeymasterBlob(mac.data(), mac.size()); + return true; +} + +bool CborConverter::getArrayItem(const std::unique_ptr& item, const uint32_t pos, + Array& array) { + unique_ptr arrayItem(nullptr); + getItemAtPos(item, pos, arrayItem); + if ((arrayItem == nullptr) || (MajorType::ARRAY != getType(arrayItem))) return false; + array = std::move(*arrayItem.get()->asArray()); + return true; +} + +bool CborConverter::getMapItem(const std::unique_ptr& item, const uint32_t pos, Map& map) { + unique_ptr mapItem(nullptr); + getItemAtPos(item, pos, mapItem); + if ((mapItem == nullptr) || (MajorType::MAP != getType(mapItem))) return false; + map = std::move(*mapItem.get()->asMap()); + return true; +} + +bool CborConverter::getKeyParameters(const unique_ptr& item, const uint32_t pos, + AuthorizationSet& keyParams) { + bool ret = false; + unique_ptr mapItem(nullptr); + getItemAtPos(item, pos, mapItem); + if ((mapItem == nullptr) || (MajorType::MAP != getType(mapItem))) return ret; + const Map* map = mapItem.get()->asMap(); + size_t mapSize = map->size(); + for (int i = 0; i < mapSize; i++) { + if (!getKeyParameter((*map)[i], keyParams)) { + return ret; + } + } + ret = true; + return ret; +} + +// array of a blobs +bool CborConverter::getCertificateChain(const std::unique_ptr& item, const uint32_t pos, + CertificateChain& certChain) { + std::unique_ptr arrayItem(nullptr); + std::vector cert; + getItemAtPos(item, pos, arrayItem); + if ((arrayItem == nullptr) || (MajorType::ARRAY != getType(arrayItem))) return false; + + const Array* arr = arrayItem.get()->asArray(); + size_t arrSize = arr->size(); + for (int i = (arrSize - 1); i >= 0; i--) { + if (!getBinaryArray(arrayItem, i, cert)) return false; + uint8_t* blob = new (std::nothrow) uint8_t[cert.size()]; + memcpy(blob, cert.data(), cert.size()); + certChain.push_front({blob, cert.size()}); + cert.clear(); + } + return true; +} + +std::tuple, keymaster_error_t> +CborConverter::decodeData(const std::vector& response) { + keymaster_error_t errorCode = KM_ERROR_OK; + auto [item, pos, message] = parse(response); + if (!item || MajorType::ARRAY != getType(item) || !getErrorCode(item, 0, errorCode)) { + return {nullptr, KM_ERROR_UNKNOWN_ERROR}; + } + return {std::move(item), errorCode}; +} + +std::tuple, keymaster_error_t> +CborConverter::decodeKeyblob(const vector& keyblob) { + auto [item, pos, message] = parse(keyblob); + if (!item || MajorType::ARRAY != getType(item)) { + return {nullptr, KM_ERROR_UNKNOWN_ERROR}; + } + return {std::move(item), KM_ERROR_OK}; +} + +} // namespace javacard_keymaster diff --git a/HAL/CborConverter.h b/HAL/CborConverter.h new file mode 100644 index 00000000..df946658 --- /dev/null +++ b/HAL/CborConverter.h @@ -0,0 +1,194 @@ +/* + ** + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#pragma once +//#include +//#include +//#include +//#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace javacard_keymaster { +using namespace cppbor; +// using namespace aidl::android::hardware::security::keymint; +// using namespace aidl::android::hardware::security::secureclock; +// using namespace aidl::android::hardware::security::sharedsecret; +using ::keymaster::AuthorizationSet; +using ::keymaster::CertificateChain; +using ::keymaster::HardwareAuthToken; +using ::keymaster::KeymasterKeyBlob; +using ::keymaster::TimestampToken; +using ::keymaster::VerificationToken; +using std::string; +using std::unique_ptr; +using std::vector; + +struct HmacSharingParameters { + vector seed; + vector nonce; +}; + +class CborConverter { + public: + CborConverter() = default; + ~CborConverter() = default; + std::tuple, keymaster_error_t> + decodeData(const std::vector& response); + std::tuple, keymaster_error_t> + decodeKeyblob(const vector& keyblob); + + template + bool getUint64(const std::unique_ptr& item, const uint32_t pos, T& value); + + template bool getUint64(const std::unique_ptr& item, T& value); + + bool getSharedSecretParameters(const std::unique_ptr& item, const uint32_t pos, + vector& seed, vector& nonce); + bool getBinaryArray(const std::unique_ptr& item, const uint32_t pos, string& value); + + bool getBinaryArray(const std::unique_ptr& item, const uint32_t pos, + vector& value); + + bool getHardwareAuthToken(const std::unique_ptr& item, const uint32_t pos, + HardwareAuthToken& authType); + + bool getKeyParameters(const std::unique_ptr& item, const uint32_t pos, + AuthorizationSet& keyParams); + + bool addKeyparameters(Array& array, const keymaster_key_param_set_t& keyParams); + + bool addHardwareAuthToken(Array& array, const HardwareAuthToken& authToken); + + bool addSharedSecretParameters(Array& array, vector params); + + bool getTimeStampToken(const std::unique_ptr& item, const uint32_t pos, + TimestampToken& token); + + bool getVerificationToken(const std::unique_ptr& item, const uint32_t pos, + VerificationToken& token); + + bool getKeyCharacteristics(const std::unique_ptr& item, const uint32_t pos, + AuthorizationSet& swEnforced, AuthorizationSet& hwEnforced, + AuthorizationSet& teeEnforced); + + bool getMultiBinaryArray(const std::unique_ptr& item, const uint32_t pos, + vector>& data); + + bool addTimeStampToken(Array& array, const TimestampToken& token); + + bool addVerificationToken(Array& array, const VerificationToken& token, + const vector& encodedParamsVerified); + + bool getMapItem(const std::unique_ptr& item, const uint32_t pos, Map& map); + + bool getArrayItem(const std::unique_ptr& item, const uint32_t pos, Array& array); + + bool getCertificateChain(const std::unique_ptr& item, const uint32_t pos, + CertificateChain& certChain); + + inline bool getErrorCode(const std::unique_ptr& item, const uint32_t pos, + keymaster_error_t& errorCode) { + uint64_t errorVal; + if (!getUint64(item, pos, errorVal)) { + return false; + } + errorCode = static_cast(0 - errorVal); + return true; + } + + inline keymaster_error_t getArraySize(const unique_ptr& item, size_t& size) { + Array* arr = nullptr; + + if (MajorType::ARRAY != getType(item)) { + return KM_ERROR_UNKNOWN_ERROR; + } + arr = const_cast(item.get()->asArray()); + size = arr->size(); + return KM_ERROR_OK; + } + + private: + /** + * Returns the negative value of the same number. + */ + inline int32_t get2sCompliment(uint32_t value) { return static_cast(~value + 1); } + + /** + * Get the type of the Item pointer. + */ + inline MajorType getType(const unique_ptr& item) { return item.get()->type(); } + + /** + * Construct Keyparameter structure from the pair of key and value. If TagType is ENUM_REP the + * value contains binary string. If TagType is UINT_REP or ULONG_REP the value contains Array of + * unsigned integers. + */ + // bool getKeyParameter(const std::pair&, const unique_ptr&> pair, + // vector& keyParam); + + bool getKeyParameter(const std::pair&, const unique_ptr&> pair, + AuthorizationSet& keyParam); + + /** + * Get the sub item pointer from the root item pointer at the given position. + */ + inline void getItemAtPos(const unique_ptr& item, const uint32_t pos, + unique_ptr& subItem) { + Array* arr = nullptr; + + if (MajorType::ARRAY != getType(item)) { + return; + } + arr = const_cast(item.get()->asArray()); + if (arr->size() < (pos + 1)) { + return; + } + subItem = std::move((*arr)[pos]); + } +}; + +template bool CborConverter::getUint64(const unique_ptr& item, T& value) { + bool ret = false; + if ((item == nullptr) || (std::is_unsigned::value && (MajorType::UINT != getType(item))) || + ((std::is_signed::value && (MajorType::NINT != getType(item))))) { + return ret; + } + + if (std::is_unsigned::value) { + const Uint* uintVal = item.get()->asUint(); + value = static_cast(uintVal->value()); + } else { + const Nint* nintVal = item.get()->asNint(); + value = static_cast(nintVal->value()); + } + ret = true; + return ret; // success +} + +template +bool CborConverter::getUint64(const unique_ptr& item, const uint32_t pos, T& value) { + unique_ptr intItem(nullptr); + getItemAtPos(item, pos, intItem); + return getUint64(intItem, value); +} +} // namespace javacard_keymaster diff --git a/HAL/ITransport.h b/HAL/ITransport.h new file mode 100644 index 00000000..0d816a73 --- /dev/null +++ b/HAL/ITransport.h @@ -0,0 +1,51 @@ +/* + ** + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#pragma once +#include +#include + +namespace javacard_keymaster { +using std::shared_ptr; +using std::vector; + +/** + * ITransport is an interface with a set of virtual methods that allow communication between the + * HAL and the applet on the secure element. + */ +class ITransport { + public: + virtual ~ITransport() {} + + /** + * Opens connection. + */ + virtual bool openConnection() = 0; + /** + * Send data over communication channel and receives data back from the remote end. + */ + virtual bool sendData(const vector& inData, vector& output) = 0; + /** + * Closes the connection. + */ + virtual bool closeConnection() = 0; + /** + * Returns the state of the connection status. Returns true if the connection is active, false + * if connection is broken. + */ + virtual bool isConnected() = 0; +}; +} // namespace javacard_keymaster diff --git a/HAL/JavacardKeyMintDevice.cpp b/HAL/JavacardKeyMintDevice.cpp new file mode 100644 index 00000000..a0850591 --- /dev/null +++ b/HAL/JavacardKeyMintDevice.cpp @@ -0,0 +1,323 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "javacard.keymint.device.strongbox-impl" +#include "JavacardKeyMintDevice.h" +#include "JavacardKeyMintOperation.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace aidl::android::hardware::security::keymint { +using km_utils::KmParamSet; +using km_utils::kmParamSet2Aidl; +using std::nullopt; + +namespace { + +Certificate convertCertificate(const keymaster_blob_t& cert) { + return {std::vector(cert.data, cert.data + cert.data_length)}; +} + +vector convertCertificateChain(const CertificateChain& chain) { + vector retval; + retval.reserve(chain.entry_count); + std::transform(chain.begin(), chain.end(), std::back_inserter(retval), convertCertificate); + return retval; +} + +vector convertKeyCharacteristics(AuthorizationSet& keystoreEnforced, + AuthorizationSet& sbEnforced, + AuthorizationSet& teeEnforced) { + vector retval; + // VTS will fail if the authorizations list is empty. + if (!sbEnforced.empty()) + retval.push_back({SecurityLevel::STRONGBOX, kmParamSet2Aidl(sbEnforced)}); + if (!teeEnforced.empty()) + retval.push_back({SecurityLevel::TRUSTED_ENVIRONMENT, kmParamSet2Aidl(teeEnforced)}); + if (!keystoreEnforced.empty()) + retval.push_back({SecurityLevel::KEYSTORE, kmParamSet2Aidl(keystoreEnforced)}); + return retval; +} + +std::optional +convertAttestationKey(const std::optional& attestationKey) { + JCKMAttestationKey key; + if (attestationKey.has_value()) { + key.params.Reinitialize(KmParamSet(attestationKey->attestKeyParams)); + key.keyBlob = attestationKey->keyBlob; + key.issuerSubject = attestationKey->issuerSubjectName; + } + return std::move(key); +} +#if 0 +inline void Vec2KmBlob(const vector& input, KeymasterBlob* blob) { + blob->Reset(input.size()); + memcpy(blob->writable_data(), input.data(), input.size()); +} + +void legacyHardwareAuthToken(const std::optional& aidlToken, ::keymaster::HardwareAuthToken* legacyToken) { + if (aidlToken.has_value()) { + legacyToken->challenge = aidlToken->challenge; + legacyToken->user_id = aidlToken->userId; + legacyToken->authenticator_id = aidlToken->authenticatorId; + legacyToken->authenticator_type = static_cast(aidlToken->authenticatorType); + legacyToken->timestamp = aidlToken->timestamp.milliSeconds; + Vec2KmBlob(aidlToken->mac, &legacyToken->mac); + } +} +#endif +} // anonymous namespace + +ScopedAStatus JavacardKeyMintDevice::defaultHwInfo(KeyMintHardwareInfo* info) { + info->versionNumber = 1; + info->keyMintAuthorName = "Google"; + info->keyMintName = "JavacardKeymintDevice"; + info->securityLevel = securitylevel_; + info->timestampTokenRequired = true; + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardKeyMintDevice::getHardwareInfo(KeyMintHardwareInfo* info) { + uint64_t tsRequired = 1; + auto [item, err] = jcImpl_->getHardwareInfo(); + uint32_t secLevel; + uint32_t version; + if (err != KM_ERROR_OK || !cbor_.getUint64(item, 1, version) || + !cbor_.getUint64(item, 2, secLevel) || + !cbor_.getBinaryArray(item, 3, info->keyMintName) || + !cbor_.getBinaryArray(item, 4, info->keyMintAuthorName) || + !cbor_.getUint64(item, 5, tsRequired)) { + LOG(ERROR) << "Error in response of getHardwareInfo."; + LOG(INFO) << "Returning defaultHwInfo in getHardwareInfo."; + return defaultHwInfo(info); + } + info->timestampTokenRequired = (tsRequired == 1); + info->securityLevel = static_cast(secLevel); + info->versionNumber = static_cast(version); + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardKeyMintDevice::generateKey(const vector& keyParams, + const optional& attestationKey, + KeyCreationResult* creationResult) { + AuthorizationSet paramSet; + std::optional jcAttestationKey = nullopt; + AuthorizationSet swEnforced; + AuthorizationSet sbEnforced; + AuthorizationSet teeEnforced; + paramSet.Reinitialize(KmParamSet(keyParams)); + + auto err = jcImpl_->generateKey(paramSet, &creationResult->keyBlob, &swEnforced, &sbEnforced, + &teeEnforced); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Failed in generateKey err: " << (int32_t)err; + return km_utils::kmError2ScopedAStatus(err); + } + // Call attestKey only Asymmetric algorithms. + keymaster_algorithm_t algorithm; + paramSet.GetTagValue(TAG_ALGORITHM, &algorithm); + if (algorithm == KM_ALGORITHM_RSA || algorithm == KM_ALGORITHM_EC) { + err = attestKey(creationResult->keyBlob, paramSet, convertAttestationKey(attestationKey), + &creationResult->certificateChain); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Failed in attestKey err: " << (int32_t)err; + return km_utils::kmError2ScopedAStatus(err); + } + } + creationResult->keyCharacteristics = + convertKeyCharacteristics(swEnforced, sbEnforced, teeEnforced); + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardKeyMintDevice::addRngEntropy(const vector& data) { + auto err = jcImpl_->addRngEntropy(data); + return km_utils::kmError2ScopedAStatus(err); +} + +keymaster_error_t +JavacardKeyMintDevice::attestKey(const vector& keyblob, const AuthorizationSet& keyParams, + const optional& attestationKey, + vector* certificateChain) { + ::keymaster::CertificateChain certChain; + auto err = jcImpl_->attestKey(keyblob, keyParams, attestationKey, &certChain); + if (err != KM_ERROR_OK) { + return err; + } + *certificateChain = convertCertificateChain(certChain); + return KM_ERROR_OK; +} + +ScopedAStatus JavacardKeyMintDevice::importKey(const vector& keyParams, + KeyFormat keyFormat, const vector& keyData, + const optional& attestationKey, + KeyCreationResult* creationResult) { + AuthorizationSet paramSet; + std::optional jcAttestationKey = nullopt; + AuthorizationSet swEnforced; + AuthorizationSet sbEnforced; + AuthorizationSet teeEnforced; + paramSet.Reinitialize(KmParamSet(keyParams)); + // Add CREATION_DATETIME if required, as secure element is not having clock. + addCreationTime(paramSet); + auto err = jcImpl_->importKey(paramSet, static_cast(keyFormat), keyData, + &creationResult->keyBlob, &swEnforced, &sbEnforced, &teeEnforced); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Failed in importKey" << (int32_t)err; + return km_utils::kmError2ScopedAStatus(err); + } + // Call attestKey only Asymmetric algorithms. + keymaster_algorithm_t algorithm; + paramSet.GetTagValue(TAG_ALGORITHM, &algorithm); + if (algorithm == KM_ALGORITHM_RSA || algorithm == KM_ALGORITHM_EC) { + err = attestKey(creationResult->keyBlob, paramSet, convertAttestationKey(attestationKey), + &creationResult->certificateChain); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Failed in attestKey" << (int32_t)err; + return km_utils::kmError2ScopedAStatus(err); + } + } + creationResult->keyCharacteristics = + convertKeyCharacteristics(swEnforced, sbEnforced, teeEnforced); + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardKeyMintDevice::importWrappedKey(const vector& wrappedKeyData, + const vector& wrappingKeyBlob, + const vector& maskingKey, + const vector& unwrappingParams, + int64_t passwordSid, int64_t biometricSid, + KeyCreationResult* creationResult) { + AuthorizationSet paramSet; + AuthorizationSet swEnforced; + AuthorizationSet sbEnforced; + AuthorizationSet teeEnforced; + vector retKeyblob; + paramSet.Reinitialize(KmParamSet(unwrappingParams)); + auto err = jcImpl_->importWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, paramSet, + passwordSid, biometricSid, &creationResult->keyBlob, + &swEnforced, &sbEnforced, &teeEnforced); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Failed in attestKey" << (int32_t)err; + return km_utils::kmError2ScopedAStatus(err); + } + creationResult->keyCharacteristics = + convertKeyCharacteristics(swEnforced, sbEnforced, teeEnforced); + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardKeyMintDevice::upgradeKey(const vector& keyBlobToUpgrade, + const vector& upgradeParams, + vector* keyBlob) { + AuthorizationSet paramSet; + paramSet.Reinitialize(KmParamSet(upgradeParams)); + auto err = jcImpl_->upgradeKey(keyBlobToUpgrade, paramSet, keyBlob); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintDevice::deleteKey(const vector& keyBlob) { + auto err = jcImpl_->deleteKey(keyBlob); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintDevice::deleteAllKeys() { + auto err = jcImpl_->deleteAllKeys(); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintDevice::destroyAttestationIds() { + auto err = jcImpl_->destroyAttestationIds(); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintDevice::begin(KeyPurpose purpose, const std::vector& keyBlob, + const std::vector& params, + const std::optional& authToken, + BeginResult* result) { + HardwareAuthToken aToken = authToken.value_or(HardwareAuthToken()); + AuthorizationSet paramSet; + AuthorizationSet outParams; + paramSet.Reinitialize(KmParamSet(params)); + ::keymaster::HardwareAuthToken legacyToken; + std::unique_ptr operation; + legacyHardwareAuthToken(aToken, &legacyToken); + auto err = jcImpl_->begin(static_cast(purpose), keyBlob, paramSet, + legacyToken, &outParams, operation); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Failed in begin" << (int32_t)err; + return km_utils::kmError2ScopedAStatus(err); + } + result->challenge = operation->getOpertionHandle(); + result->operation = ndk::SharedRefBase::make(std::move(operation)); + result->params = kmParamSet2Aidl(outParams); + return ScopedAStatus::ok(); +} + +ScopedAStatus +JavacardKeyMintDevice::deviceLocked(bool passwordOnly, + const std::optional& timestampToken) { + TimeStampToken tToken = timestampToken.value_or(TimeStampToken()); + vector encodedTimestampToken; + auto err = encodeTimestampToken(tToken, &encodedTimestampToken); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "In deviceLocked failed to encode TimeStampToken" << (int32_t)err; + return km_utils::kmError2ScopedAStatus(err); + } + err = jcImpl_->deviceLocked(passwordOnly, encodedTimestampToken); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintDevice::earlyBootEnded() { + auto err = jcImpl_->earlyBootEnded(); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintDevice::getKeyCharacteristics( + const std::vector& keyBlob, const std::vector& appId, + const std::vector& appData, std::vector* result) { + + AuthorizationSet swEnforced; + AuthorizationSet sbEnforced; + AuthorizationSet teeEnforced; + auto err = jcImpl_->getKeyCharacteristics(keyBlob, appId, appData, &swEnforced, &sbEnforced, + &teeEnforced); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending in getKeyCharacteristics."; + return km_utils::kmError2ScopedAStatus(err); + } + *result = convertKeyCharacteristics(swEnforced, sbEnforced, teeEnforced); + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardKeyMintDevice::convertStorageKeyToEphemeral( + const std::vector& /* storageKeyBlob */, + std::vector* /* ephemeralKeyBlob */) { + return km_utils::kmError2ScopedAStatus(KM_ERROR_UNIMPLEMENTED); +} +} // namespace aidl::android::hardware::security::keymint diff --git a/HAL/JavacardKeyMintDevice.h b/HAL/JavacardKeyMintDevice.h new file mode 100644 index 00000000..df30db24 --- /dev/null +++ b/HAL/JavacardKeyMintDevice.h @@ -0,0 +1,106 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include "CborConverter.h" +#include "JavacardSecureElement.h" +#include +#include +#include +#include +#include + +namespace aidl::android::hardware::security::keymint { +using namespace aidl::android::hardware::security::sharedsecret; +using namespace aidl::android::hardware::security::secureclock; +using namespace ::keymaster; +using namespace ::javacard_keymaster; +using ndk::ScopedAStatus; +using std::optional; +using std::shared_ptr; +using std::vector; +using JCKMAttestationKey = ::javacard_keymaster::AttestationKey; + +class JavacardKeyMintDevice : public BnKeyMintDevice { + public: + explicit JavacardKeyMintDevice(shared_ptr jcImpl) + : securitylevel_(SecurityLevel::STRONGBOX), jcImpl_(jcImpl), + isEarlyBootEventPending(false) {} + virtual ~JavacardKeyMintDevice() {} + + ScopedAStatus getHardwareInfo(KeyMintHardwareInfo* info) override; + + ScopedAStatus addRngEntropy(const vector& data) override; + + ScopedAStatus generateKey(const vector& keyParams, + const optional& attestationKey, + KeyCreationResult* creationResult) override; + + ScopedAStatus importKey(const vector& keyParams, KeyFormat keyFormat, + const vector& keyData, + const optional& attestationKey, + KeyCreationResult* creationResult) override; + + ScopedAStatus importWrappedKey(const vector& wrappedKeyData, + const vector& wrappingKeyBlob, + const vector& maskingKey, + const vector& unwrappingParams, + int64_t passwordSid, int64_t biometricSid, + KeyCreationResult* creationResult) override; + + ScopedAStatus upgradeKey(const vector& keyBlobToUpgrade, + const vector& upgradeParams, + vector* keyBlob) override; + + ScopedAStatus deleteKey(const vector& keyBlob) override; + ScopedAStatus deleteAllKeys() override; + ScopedAStatus destroyAttestationIds() override; + + virtual ScopedAStatus begin(KeyPurpose in_purpose, const std::vector& in_keyBlob, + const std::vector& in_params, + const std::optional& in_authToken, + BeginResult* _aidl_return) override; + + ScopedAStatus deviceLocked(bool passwordOnly, + const optional& timestampToken) override; + + ScopedAStatus earlyBootEnded() override; + + ScopedAStatus getKeyCharacteristics(const std::vector& in_keyBlob, + const std::vector& in_appId, + const std::vector& in_appData, + std::vector* _aidl_return) override; + + ScopedAStatus convertStorageKeyToEphemeral(const std::vector& storageKeyBlob, + std::vector* ephemeralKeyBlob) override; + + private: + keymaster_error_t attestKey(const vector& keyblob, const AuthorizationSet& keyParams, + const optional& attestationKey, + vector* certificateChain); + + ScopedAStatus defaultHwInfo(KeyMintHardwareInfo* info); + + void handleSendEarlyBootEndedEvent(); + + const SecurityLevel securitylevel_; + const shared_ptr jcImpl_; + CborConverter cbor_; + bool isEarlyBootEventPending; +}; + +} // namespace aidl::android::hardware::security::keymint diff --git a/HAL/JavacardKeyMintOperation.cpp b/HAL/JavacardKeyMintOperation.cpp new file mode 100644 index 00000000..82d741b0 --- /dev/null +++ b/HAL/JavacardKeyMintOperation.cpp @@ -0,0 +1,85 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "javacard.strongbox.keymint.operation-impl" + +#include "JavacardKeyMintOperation.h" +#include +#include +#include +#include +#include + +namespace aidl::android::hardware::security::keymint { +using namespace ::keymaster; +using secureclock::TimeStampToken; +using std::nullopt; + +ScopedAStatus JavacardKeyMintOperation::updateAad(const vector& input, + const optional& authToken, + const optional& timestampToken) { + ::keymaster::HardwareAuthToken legacyToken; + vector encodedTimestampToken; + HardwareAuthToken aToken = authToken.value_or(HardwareAuthToken()); + TimeStampToken tToken = timestampToken.value_or(TimeStampToken()); + legacyHardwareAuthToken(aToken, &legacyToken); + encodeTimestampToken(tToken, &encodedTimestampToken); + auto err = jcKmOprImpl_->updateAad(input, legacyToken, encodedTimestampToken); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintOperation::update(const vector& input, + const optional& authToken, + const optional& timestampToken, + vector* output) { + ::keymaster::HardwareAuthToken legacyToken; + vector encodedTimestampToken; + HardwareAuthToken aToken = authToken.value_or(HardwareAuthToken()); + TimeStampToken tToken = timestampToken.value_or(TimeStampToken()); + legacyHardwareAuthToken(aToken, &legacyToken); + encodeTimestampToken(tToken, &encodedTimestampToken); + auto err = jcKmOprImpl_->update(input, nullopt, legacyToken, encodedTimestampToken, nullptr, + nullptr, output); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintOperation::finish(const optional>& input, + const optional>& signature, + const optional& authToken, + const optional& timestampToken, + const optional>& confirmationToken, + vector* output) { + ::keymaster::HardwareAuthToken legacyToken; + vector encodedTimestampToken; + HardwareAuthToken aToken = authToken.value_or(HardwareAuthToken()); + TimeStampToken tToken = timestampToken.value_or(TimeStampToken()); + vector inputData = input.value_or(vector()); + vector signatureData = signature.value_or(vector()); + // If confirmation token is empty, then create empty vector. This is to + // differentiate between the keymaster and keymint. + std::optional> confToken = confirmationToken.value_or(vector()); + legacyHardwareAuthToken(aToken, &legacyToken); + encodeTimestampToken(tToken, &encodedTimestampToken); + auto err = jcKmOprImpl_->finish(inputData, nullopt, signatureData, legacyToken, + encodedTimestampToken, confToken, nullptr, output); + return km_utils::kmError2ScopedAStatus(err); +} + +ScopedAStatus JavacardKeyMintOperation::abort() { + return km_utils::kmError2ScopedAStatus(jcKmOprImpl_->abort()); +} + +} // namespace aidl::android::hardware::security::keymint diff --git a/HAL/JavacardKeyMintOperation.h b/HAL/JavacardKeyMintOperation.h new file mode 100644 index 00000000..3cbb0406 --- /dev/null +++ b/HAL/JavacardKeyMintOperation.h @@ -0,0 +1,69 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include "CborConverter.h" +#include "JavacardSecureElement.h" + +#include +#include +#include +#include +#include + +#define AES_BLOCK_SIZE 16 +#define DES_BLOCK_SIZE 8 +#define RSA_BUFFER_SIZE 256 +#define EC_BUFFER_SIZE 32 +#define MAX_CHUNK_SIZE 256 +namespace aidl::android::hardware::security::keymint { +using namespace ::javacard_keymaster; +using ::ndk::ScopedAStatus; +using secureclock::TimeStampToken; +using std::optional; +using std::shared_ptr; +using std::string; +using std::vector; + +class JavacardKeyMintOperation : public BnKeyMintOperation { + public: + explicit JavacardKeyMintOperation(std::shared_ptr jcKmOprImpl) + : jcKmOprImpl_(std::move(jcKmOprImpl)) {} + virtual ~JavacardKeyMintOperation() {} + + ScopedAStatus updateAad(const vector& input, + const optional& authToken, + const optional& timestampToken) override; + + ScopedAStatus update(const vector& input, const optional& authToken, + const optional& timestampToken, + vector* output) override; + + ScopedAStatus finish(const optional>& input, + const optional>& signature, + const optional& authToken, + const optional& timestampToken, + const optional>& confirmationToken, + vector* output) override; + + ScopedAStatus abort() override; + + private: + std::shared_ptr jcKmOprImpl_; +}; + +} // namespace aidl::android::hardware::security::keymint diff --git a/HAL/JavacardKeyMintUtils.cpp b/HAL/JavacardKeyMintUtils.cpp new file mode 100644 index 00000000..33392e76 --- /dev/null +++ b/HAL/JavacardKeyMintUtils.cpp @@ -0,0 +1,45 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "JavacardKeyMintUtils.h" +#include + +namespace aidl::android::hardware::security::keymint { + +keymaster_error_t legacyHardwareAuthToken(const HardwareAuthToken& aidlToken, + LegacyHardwareAuthToken* legacyToken) { + legacyToken->challenge = aidlToken.challenge; + legacyToken->user_id = aidlToken.userId; + legacyToken->authenticator_id = aidlToken.authenticatorId; + legacyToken->authenticator_type = + static_cast(aidlToken.authenticatorType); + legacyToken->timestamp = aidlToken.timestamp.milliSeconds; + Vec2KmBlob(aidlToken.mac, &legacyToken->mac); + return KM_ERROR_OK; +} + +keymaster_error_t encodeTimestampToken(const TimeStampToken& timestampToken, + vector* encodedToken) { + cppbor::Array array; + ::keymaster::TimestampToken token; + array.add(static_cast(timestampToken.challenge)); + array.add(static_cast(timestampToken.timestamp.milliSeconds)); + array.add(timestampToken.mac); + *encodedToken = array.encode(); + return KM_ERROR_OK; +} + +} // namespace aidl::android::hardware::security::keymint diff --git a/HAL/JavacardKeyMintUtils.h b/HAL/JavacardKeyMintUtils.h new file mode 100644 index 00000000..ca269a5e --- /dev/null +++ b/HAL/JavacardKeyMintUtils.h @@ -0,0 +1,41 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once +#include +#include +#include +#include +#include + +namespace aidl::android::hardware::security::keymint { +using namespace ::keymaster; +using secureclock::TimeStampToken; +using std::vector; +using LegacyHardwareAuthToken = ::keymaster::HardwareAuthToken; + +inline void Vec2KmBlob(const vector& input, KeymasterBlob* blob) { + blob->Reset(input.size()); + memcpy(blob->writable_data(), input.data(), input.size()); +} + +keymaster_error_t legacyHardwareAuthToken(const HardwareAuthToken& aidlToken, + LegacyHardwareAuthToken* legacyToken); + +keymaster_error_t encodeTimestampToken(const TimeStampToken& timestampToken, + vector* encodedToken); + +} // namespace aidl::android::hardware::security::keymint diff --git a/HAL/JavacardKeymaster.cpp b/HAL/JavacardKeymaster.cpp new file mode 100644 index 00000000..2f20b32e --- /dev/null +++ b/HAL/JavacardKeymaster.cpp @@ -0,0 +1,514 @@ +#include +#include +#include +#include + +namespace javacard_keymaster { +using cppbor::Array; +using cppbor::EncodedItem; +using keymaster::KeymasterBlob; +using keymaster::KeymasterKeyBlob; + +namespace { + +keymaster_error_t parseWrappedKey(const std::vector& wrappedKeyData, + std::vector& iv, std::vector& transitKey, + std::vector& secureKey, std::vector& tag, + AuthorizationSet& authList, keymaster_key_format_t& keyFormat, + std::vector& wrappedKeyDescription) { + KeymasterBlob kmIv; + KeymasterKeyBlob kmTransitKey; + KeymasterKeyBlob kmSecureKey; + KeymasterBlob kmTag; + KeymasterBlob kmWrappedKeyDescription; + + size_t keyDataLen = wrappedKeyData.size(); + uint8_t* keyData = keymaster::dup_buffer(wrappedKeyData.data(), keyDataLen); + keymaster_key_blob_t keyMaterial = {keyData, keyDataLen}; + + keymaster_error_t error = + parse_wrapped_key(KeymasterKeyBlob(keyMaterial), &kmIv, &kmTransitKey, &kmSecureKey, &kmTag, + &authList, &keyFormat, &kmWrappedKeyDescription); + if (error != KM_ERROR_OK) return error; + blob2Vec(kmIv.data, kmIv.data_length, iv); + blob2Vec(kmTransitKey.key_material, kmTransitKey.key_material_size, transitKey); + blob2Vec(kmSecureKey.key_material, kmSecureKey.key_material_size, secureKey); + blob2Vec(kmTag.data, kmTag.data_length, tag); + blob2Vec(kmWrappedKeyDescription.data, kmWrappedKeyDescription.data_length, + wrappedKeyDescription); + + return KM_ERROR_OK; +} + +} // anonymous namespace + +keymaster_error_t JavacardKeymaster::handleErrorCode(keymaster_error_t err) { + // Check if secure element is reset + uint32_t errorCode = static_cast(0 - err); + bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG)); + + if (isSeResetOccurred) { + // Clear the operation table for Strongbox operations entries. + if (seResetListener_) { + seResetListener_->seResetEvent(); + } + // Unmask the power reset status flag. + errorCode &= ~SE_POWER_RESET_STATUS_FLAG; + } + return translateExtendedErrorsToHalErrors(static_cast(0 - errorCode)); +} + +std::tuple, keymaster_error_t> +JavacardKeymaster::sendRequest(Instruction ins) { + auto [item, err] = card_->sendRequest(ins); + return {std::move(item), handleErrorCode(err)}; +} + +std::tuple, keymaster_error_t> +JavacardKeymaster::sendRequest(Instruction ins, Array& request) { + auto [item, err] = card_->sendRequest(ins, request); + return {std::move(item), handleErrorCode(err)}; +} + +std::tuple, keymaster_error_t> JavacardKeymaster::getHardwareInfo() { + card_->initializeJavacard(); + return card_->sendRequest(Instruction::INS_GET_HW_INFO_CMD); +} + +keymaster_error_t JavacardKeymaster::addRngEntropy(const vector& data) { + cppbor::Array request; + // add key data + request.add(data); + auto [item, err] = sendRequest(Instruction::INS_ADD_RNG_ENTROPY_CMD, request); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending addRngEntropy."; + } + return err; +} + +keymaster_error_t JavacardKeymaster::getHmacSharingParameters(vector* seed, + vector* nonce) { + card_->initializeJavacard(); + auto [item, err] = sendRequest(Instruction::INS_GET_SHARED_SECRET_PARAM_CMD); + if (err == KM_ERROR_OK && !cbor_.getSharedSecretParameters(item, 1, *seed, *nonce)) { + LOG(ERROR) << "Error in sending in getSharedSecretParameters."; + return KM_ERROR_UNKNOWN_ERROR; + } + // Send earlyBootEnded if there is any pending earlybootEnded event. + handleSendEarlyBootEndedEvent(); + return err; +} + +keymaster_error_t JavacardKeymaster::computeSharedHmac(const vector& params, + vector* secret) { + card_->initializeJavacard(); + cppbor::Array request; + cbor_.addSharedSecretParameters(request, params); + auto [item, err] = sendRequest(Instruction::INS_COMPUTE_SHARED_SECRET_CMD, request); + if (err == KM_ERROR_OK && !cbor_.getBinaryArray(item, 1, *secret)) { + LOG(ERROR) << "Error in sending in computeSharedHmac."; + return KM_ERROR_UNKNOWN_ERROR; + } + // Send earlyBootEnded if there is any pending earlybootEnded event. + handleSendEarlyBootEndedEvent(); + return err; +} + +keymaster_error_t JavacardKeymaster::generateKey(const AuthorizationSet& keyParams, + vector* retKeyblob, + AuthorizationSet* swEnforced, + AuthorizationSet* hwEnforced, + AuthorizationSet* teeEnforced) { + cppbor::Array array; + // add key params + cbor_.addKeyparameters(array, keyParams); + + // Send earlyBootEnded if there is any pending earlybootEnded event. + handleSendEarlyBootEndedEvent(); + + auto [item, err] = sendRequest(Instruction::INS_GENERATE_KEY_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending generateKey."; + return err; + } + if (!cbor_.getBinaryArray(item, 1, *retKeyblob) || + !cbor_.getKeyCharacteristics(item, 2, *swEnforced, *hwEnforced, *teeEnforced)) { + LOG(ERROR) << "Error in decoding cbor response in generateKey."; + return KM_ERROR_UNKNOWN_ERROR; + } + return err; +} + +keymaster_error_t JavacardKeymaster::attestKey(Array& request, vector>* certChain) { + auto [item, err] = sendRequest(Instruction::INS_ATTEST_KEY_CMD, request); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending attestKey."; + return err; + } + if (!cbor_.getMultiBinaryArray(item, 1, *certChain)) { + LOG(ERROR) << "Error in decoding og response in attestKey."; + return KM_ERROR_UNKNOWN_ERROR; + } + return err; +} + +keymaster_error_t JavacardKeymaster::attestKey(Array& request, CertificateChain* certChain) { + auto [item, err] = sendRequest(Instruction::INS_ATTEST_KEY_CMD, request); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending attestKey."; + return err; + } + if (!cbor_.getCertificateChain(item, 1, *certChain)) { + LOG(ERROR) << "Error in decoding response in attestKey."; + return KM_ERROR_UNKNOWN_ERROR; + } + return err; +} + +keymaster_error_t JavacardKeymaster::attestKey(const vector& keyblob, + const AuthorizationSet& keyParams, + vector>* certChain) { + cppbor::Array array; + array.add(keyblob); + cbor_.addKeyparameters(array, keyParams); + return attestKey(array, certChain); +} + +keymaster_error_t JavacardKeymaster::attestKey(const vector& keyblob, + const AuthorizationSet& keyParams, + const optional& attestationKey, + CertificateChain* certChain) { + cppbor::Array array; + array.add(keyblob); + cbor_.addKeyparameters(array, keyParams); + if (attestationKey.has_value()) { + array.add(attestationKey->keyBlob); + cbor_.addKeyparameters(array, attestationKey->params); + array.add(attestationKey->issuerSubject); + } + return attestKey(array, certChain); +} + +keymaster_error_t JavacardKeymaster::getCertChain(vector>* certChain) { + vector certChainData; + auto [item, err] = sendRequest(Instruction::INS_GET_CERT_CHAIN_CMD); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending getCertChain."; + return err; + } + if (!cbor_.getBinaryArray(item, 1, certChainData)) { + LOG(ERROR) << "Error in decoding og response in getCertChain."; + return KM_ERROR_UNKNOWN_ERROR; + } + err = getCertificateChain(certChainData, *certChain); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in getCertificateChain: " << (int32_t)err; + } + return err; +} + +keymaster_error_t +JavacardKeymaster::importKey(const AuthorizationSet& keyParams, + const keymaster_key_format_t keyFormat, const vector& keyData, + vector* retKeyblob, AuthorizationSet* swEnforced, + AuthorizationSet* hwEnforced, AuthorizationSet* teeEnforced) { + cppbor::Array array; + cbor_.addKeyparameters(array, keyParams); + array.add(static_cast(keyFormat)); + array.add(keyData); + + // Send earlyBootEnded if there is any pending earlybootEnded event. + handleSendEarlyBootEndedEvent(); + + auto [item, err] = sendRequest(Instruction::INS_IMPORT_KEY_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending importKey."; + return err; + } + if (!cbor_.getBinaryArray(item, 1, *retKeyblob) || + !cbor_.getKeyCharacteristics(item, 2, *swEnforced, *hwEnforced, *teeEnforced)) { + LOG(ERROR) << "Error in decoding the response in importKey."; + return KM_ERROR_UNKNOWN_ERROR; + } + return err; +} + +keymaster_error_t JavacardKeymaster::sendBeginImportWrappedKeyCmd( + const std::vector& transitKey, const std::vector& wrappingKeyBlob, + const std::vector& maskingKey, const AuthorizationSet& unwrappingParams) { + Array request; + request.add(std::vector(transitKey)); + request.add(std::vector(wrappingKeyBlob)); + request.add(std::vector(maskingKey)); + cbor_.addKeyparameters(request, unwrappingParams); + auto [item, err] = sendRequest(Instruction::INS_BEGIN_IMPORT_WRAPPED_KEY_CMD, request); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending sendBeginImportWrappedKeyCmd err: " << (int32_t)err; + } + return err; +} + +std::tuple, keymaster_error_t> +JavacardKeymaster::sendFinishImportWrappedKeyCmd(const AuthorizationSet& keyParams, + const keymaster_key_format_t keyFormat, + const std::vector& secureKey, + const std::vector& tag, + const std::vector& iv, + const std::vector& wrappedKeyDescription, + int64_t passwordSid, int64_t biometricSid) { + Array request; + cbor_.addKeyparameters(request, keyParams); + request.add(static_cast(keyFormat)); + request.add(std::vector(secureKey)); + request.add(std::vector(tag)); + request.add(std::vector(iv)); + request.add(std::vector(wrappedKeyDescription)); + request.add(Uint(passwordSid)); + request.add(Uint(biometricSid)); + auto [item, err] = sendRequest(Instruction::INS_FINISH_IMPORT_WRAPPED_KEY_CMD, request); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending sendFinishImportWrappedKeyCmd err: " << (int32_t)err; + return {nullptr, err}; + } + return {std::move(item), err}; +} + +keymaster_error_t JavacardKeymaster::keymasterImportWrappedKey( + const vector& wrappedKeyData, const vector& wrappingKeyBlob, + const vector& maskingKey, const AuthorizationSet& unwrappingParams, + int64_t passwordSid, int64_t biometricSid, vector* retKeyblob, + AuthorizationSet* swEnforced, AuthorizationSet* hwEnforced, AuthorizationSet* teeEnforced) { + cppbor::Array array; + std::vector iv; + std::vector transitKey; + std::vector secureKey; + std::vector tag; + AuthorizationSet authList; + keymaster_key_format_t keyFormat; + std::vector wrappedKeyDescription; + // Send earlyBootEnded if there is any pending earlybootEnded event. + handleSendEarlyBootEndedEvent(); + auto error = parseWrappedKey(wrappedKeyData, iv, transitKey, secureKey, tag, authList, + keyFormat, wrappedKeyDescription); + if (error != KM_ERROR_OK) { + LOG(ERROR) << "INS_IMPORT_WRAPPED_KEY_CMD error while parsing wrapped key status: " + << (int32_t)error; + return error; + } + cbor_.addKeyparameters(array, authList); + array.add(static_cast(keyFormat)); + array.add(secureKey); + array.add(tag); + array.add(iv); + array.add(transitKey); + array.add(std::vector(wrappingKeyBlob)); + array.add(std::vector(maskingKey)); + cbor_.addKeyparameters(array, unwrappingParams); + array.add(std::vector(wrappedKeyDescription)); + array.add(passwordSid); + array.add(biometricSid); + std::vector cborData = array.encode(); + + auto [item, err] = sendRequest(Instruction::INS_IMPORT_WRAPPED_KEY_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending importWrappedKey err: " << (int32_t)err; + return err; + } + if (!cbor_.getBinaryArray(item, 1, *retKeyblob) || + !cbor_.getKeyCharacteristics(item, 2, *swEnforced, *hwEnforced, *teeEnforced)) { + LOG(ERROR) << "Error in decoding the response in importWrappedKey."; + return KM_ERROR_UNKNOWN_ERROR; + } + return KM_ERROR_OK; +} + +keymaster_error_t JavacardKeymaster::importWrappedKey( + const vector& wrappedKeyData, const vector& wrappingKeyBlob, + const vector& maskingKey, const AuthorizationSet& unwrappingParams, + int64_t passwordSid, int64_t biometricSid, vector* retKeyblob, + AuthorizationSet* swEnforced, AuthorizationSet* hwEnforced, AuthorizationSet* teeEnforced) { + cppbor::Array array; + std::unique_ptr item; + std::vector iv; + std::vector transitKey; + std::vector secureKey; + std::vector tag; + AuthorizationSet authList; + keymaster_key_format_t keyFormat; + std::vector wrappedKeyDescription; + auto err = parseWrappedKey(wrappedKeyData, iv, transitKey, secureKey, tag, authList, keyFormat, + wrappedKeyDescription); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "INS_IMPORT_WRAPPED_KEY_CMD error while parsing wrapped key status: " + << (int32_t)err; + return err; + } + // begin import + err = sendBeginImportWrappedKeyCmd(transitKey, wrappingKeyBlob, maskingKey, unwrappingParams); + if (err != KM_ERROR_OK) { + return err; + } + // Finish the import + std::tie(item, err) = sendFinishImportWrappedKeyCmd( + authList, keyFormat, secureKey, tag, iv, wrappedKeyDescription, passwordSid, biometricSid); + if (err != KM_ERROR_OK) { + return err; + } + if (!cbor_.getBinaryArray(item, 1, *retKeyblob) || + !cbor_.getKeyCharacteristics(item, 2, *swEnforced, *hwEnforced, *teeEnforced)) { + LOG(ERROR) << "Error in decoding the response in importWrappedKey."; + return KM_ERROR_UNKNOWN_ERROR; + } + return KM_ERROR_OK; +} + +keymaster_error_t JavacardKeymaster::upgradeKey(const vector& keyBlobToUpgrade, + const AuthorizationSet& upgradeParams, + vector* retKeyBlob) { + cppbor::Array array; + array.add(keyBlobToUpgrade); + cbor_.addKeyparameters(array, upgradeParams); + auto [item, err] = sendRequest(Instruction::INS_UPGRADE_KEY_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending upgradeKey err: " << (int32_t)err; + return err; + } + if (!cbor_.getBinaryArray(item, 1, *retKeyBlob)) { + LOG(ERROR) << "Error in decoding the response in upgradeKey."; + return KM_ERROR_UNKNOWN_ERROR; + } + return KM_ERROR_OK; +} + +keymaster_error_t JavacardKeymaster::deleteKey(const vector& keyBlob) { + cppbor::Array array; + array.add(keyBlob); + auto [_, err] = sendRequest(Instruction::INS_DELETE_KEY_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending deleteKey err: " << (int32_t)err; + return err; + } + return KM_ERROR_OK; +} + +keymaster_error_t JavacardKeymaster::deleteAllKeys() { + auto [_, err] = sendRequest(Instruction::INS_DELETE_ALL_KEYS_CMD); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending deleteAllKeys err: " << (int32_t)err; + return err; + } + return KM_ERROR_OK; +} + +keymaster_error_t JavacardKeymaster::destroyAttestationIds() { + auto [_, err] = sendRequest(Instruction::INS_DESTROY_ATT_IDS_CMD); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending destroyAttestationIds err: " << (int32_t)err; + return err; + } + return KM_ERROR_OK; +} + +keymaster_error_t +JavacardKeymaster::deviceLocked(bool passwordOnly, + const vector& cborEncodedVerificationToken) { + Array array; + array.add(passwordOnly); + array.add(EncodedItem(cborEncodedVerificationToken)); + auto [_, err] = sendRequest(Instruction::INS_DEVICE_LOCKED_CMD); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending deviceLocked err: " << (int32_t)err; + return err; + } + return KM_ERROR_OK; +} + +keymaster_error_t JavacardKeymaster::earlyBootEnded() { + auto [_, err] = sendRequest(Instruction::INS_EARLY_BOOT_ENDED_CMD); + if (err != KM_ERROR_OK) { + // Incase of failure cache the event and send in the next immediate request to Applet. + isEarlyBootEventPending = true; + LOG(ERROR) << "Error in sending earlyBootEnded err: " << (int32_t)err; + return err; + } + return KM_ERROR_OK; +} + +keymaster_error_t JavacardKeymaster::getKeyCharacteristics(const std::vector& in_keyBlob, + const std::vector& in_appId, + const std::vector& in_appData, + AuthorizationSet* swEnforced, + AuthorizationSet* hwEnforced, + AuthorizationSet* teeEnforced) { + Array array; + array.add(in_keyBlob); + array.add(in_appId); + array.add(in_appData); + auto [item, err] = sendRequest(Instruction::INS_GET_KEY_CHARACTERISTICS_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending getKeyCharacteristics err: " << (int32_t)err; + return err; + } + if (!cbor_.getKeyCharacteristics(item, 1, *swEnforced, *hwEnforced, *teeEnforced)) { + LOG(ERROR) << "Error in decoding the response in getKeyCharacteristics."; + return KM_ERROR_UNKNOWN_ERROR; + } + return KM_ERROR_OK; +} + +keymaster_error_t +JavacardKeymaster::begin(keymaster_purpose_t purpose, const vector& keyBlob, + const AuthorizationSet& inParams, const HardwareAuthToken& hwAuthToken, + AuthorizationSet* outParams, + std::unique_ptr& outOperation) { + uint64_t operationHandle; + uint64_t bufMode = static_cast(BufferingMode::NONE); + uint64_t macLength = 0; + size_t size; + Array array; + + // Send earlyBootEnded if there is any pending earlybootEnded event. + handleSendEarlyBootEndedEvent(); + + // Encode input paramters into cbor array. + array.add(static_cast(purpose)); + array.add(std::vector(keyBlob)); + cbor_.addKeyparameters(array, inParams); + cbor_.addHardwareAuthToken(array, hwAuthToken); + auto [item, err] = sendRequest(Instruction::INS_BEGIN_OPERATION_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending begin err: " << (int32_t)err; + return err; + } + if (!cbor_.getKeyParameters(item, 1, *outParams) || + !cbor_.getUint64(item, 2, operationHandle)) { + LOG(ERROR) << "Error in decoding the response in begin."; + return KM_ERROR_UNKNOWN_ERROR; + } + // Keymint Applet sends buffering mode and macLength parameters. + err = cbor_.getArraySize(item, size); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in getting cbor array size "; + return err; + } + if ((size > 3) && (!cbor_.getUint64(item, 3, bufMode) || + !cbor_.getUint64(item, 4, macLength))) { + LOG(ERROR) << "Error in decoding the response in begin."; + return KM_ERROR_UNKNOWN_ERROR; + } + outOperation = std::make_unique( + operationHandle, static_cast(bufMode), macLength, card_, + static_cast(OperationType::PRIVATE_OPERATION), seResetListener_); + return KM_ERROR_OK; +} + +void JavacardKeymaster::handleSendEarlyBootEndedEvent() { + if (isEarlyBootEventPending) { + LOG(INFO) + << "JavacardKeymaster4Device::handleSendEarlyBootEndedEvent send earlyBootEnded Event."; + if (KM_ERROR_OK == earlyBootEnded()) { + isEarlyBootEventPending = false; + } + } +} +} // namespace javacard_keymaster diff --git a/HAL/JavacardKeymaster.h b/HAL/JavacardKeymaster.h new file mode 100644 index 00000000..adc9b936 --- /dev/null +++ b/HAL/JavacardKeymaster.h @@ -0,0 +1,127 @@ +#pragma once +#include "CborConverter.h" +#include "JavacardSecureElement.h" +#include +#include +#include + +namespace javacard_keymaster { +using ::javacard_keymaster::HmacSharingParameters; +using ::keymaster::AuthorizationSet; +using ::keymaster::HardwareAuthToken; +using std::optional; +using std::shared_ptr; +using std::vector; + +struct AttestationKey { + std::vector keyBlob; + AuthorizationSet params; + std::vector issuerSubject; +}; + +class JavacardKeymaster { + public: + explicit JavacardKeymaster(shared_ptr card) + : card_(card), seResetListener_(nullptr), isEarlyBootEventPending(false) { + card_->initializeJavacard(); + } + virtual ~JavacardKeymaster() {} + + std::tuple, keymaster_error_t> getHardwareInfo(); + + keymaster_error_t addRngEntropy(const vector& data); + + keymaster_error_t getHmacSharingParameters(vector* seed, vector* nonce); + + keymaster_error_t computeSharedHmac(const vector& params, + vector* secret); + + keymaster_error_t generateKey(const AuthorizationSet& keyParams, vector* retKeyblob, + AuthorizationSet* swEnforced, AuthorizationSet* hwEnforced, + AuthorizationSet* teeEnforced); + + keymaster_error_t attestKey(const vector& keyblob, const AuthorizationSet& keyParams, + const optional& attestationKey, + CertificateChain* certChain); + + keymaster_error_t attestKey(const vector& keyblob, const AuthorizationSet& keyParams, + vector>* certChain); + + keymaster_error_t getCertChain(vector>* certChain); + + keymaster_error_t importKey(const AuthorizationSet& keyParams, + const keymaster_key_format_t keyFormat, + const vector& keyData, vector* retKeyblob, + AuthorizationSet* swEnforced, AuthorizationSet* hwEnforced, + AuthorizationSet* teeEnforced); + + keymaster_error_t importWrappedKey(const vector& wrappedKeyData, + const vector& wrappingKeyBlob, + const vector& maskingKey, + const AuthorizationSet& unwrappingParams, + int64_t passwordSid, int64_t biometricSid, + vector* retKeyblob, AuthorizationSet* swEnforced, + AuthorizationSet* hwEnforced, AuthorizationSet* teeEnforced); + + keymaster_error_t keymasterImportWrappedKey( + const vector& wrappedKeyData, const vector& wrappingKeyBlob, + const vector& maskingKey, const AuthorizationSet& unwrappingParams, + int64_t passwordSid, int64_t biometricSid, vector* retKeyblob, + AuthorizationSet* swEnforced, AuthorizationSet* hwEnforced, AuthorizationSet* teeEnforced); + + keymaster_error_t upgradeKey(const vector& keyBlobToUpgrade, + const AuthorizationSet& upgradeParams, + vector* retKeyBlob); + + keymaster_error_t deleteKey(const vector& keyBlob); + + keymaster_error_t deleteAllKeys(); + + keymaster_error_t destroyAttestationIds(); + + keymaster_error_t deviceLocked(bool passwordOnly, + const vector& cborEncodedVerificationToken); + + keymaster_error_t earlyBootEnded(); + + keymaster_error_t + getKeyCharacteristics(const vector& in_keyBlob, const vector& in_appId, + const vector& in_appData, AuthorizationSet* swEnforced, + AuthorizationSet* hwEnforced, AuthorizationSet* teeEnforced); + + keymaster_error_t begin(keymaster_purpose_t purpose, const vector& keyBlob, + const AuthorizationSet& inParams, const HardwareAuthToken& hwAuthToken, + AuthorizationSet* outParams, + std::unique_ptr& operation); + + void registerSeResetEventListener(shared_ptr listener) { + seResetListener_ = listener; + } + + private: + keymaster_error_t attestKey(Array& request, vector>* certChain); + keymaster_error_t attestKey(Array& request, CertificateChain* certChain); + keymaster_error_t handleErrorCode(keymaster_error_t err); + std::tuple, keymaster_error_t> sendRequest(Instruction ins); + std::tuple, keymaster_error_t> sendRequest(Instruction ins, + Array& request); + void handleSendEarlyBootEndedEvent(); + + keymaster_error_t sendBeginImportWrappedKeyCmd(const std::vector& transitKey, + const std::vector& wrappingKeyBlob, + const std::vector& maskingKey, + const AuthorizationSet& unwrappingParams); + + std::tuple, keymaster_error_t> sendFinishImportWrappedKeyCmd( + const AuthorizationSet& keyParams, const keymaster_key_format_t keyFormat, + const std::vector& secureKey, const std::vector& tag, + const std::vector& iv, const std::vector& wrappedKeyDescription, + int64_t passwordSid, int64_t biometricSid); + + const shared_ptr card_; + CborConverter cbor_; + shared_ptr seResetListener_; + bool isEarlyBootEventPending; +}; + +} // namespace javacard_keymaster diff --git a/HAL/JavacardKeymaster4Device.cpp b/HAL/JavacardKeymaster4Device.cpp new file mode 100644 index 00000000..0bbe0763 --- /dev/null +++ b/HAL/JavacardKeymaster4Device.cpp @@ -0,0 +1,839 @@ +/* + ** + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#define JAVACARD_KEYMASTER_NAME "JavacardKeymaster4.1Device v1.0" +#define JAVACARD_KEYMASTER_AUTHOR "Android Open Source Project" +#define PROP_BUILD_QEMU "ro.kernel.qemu" +#define PROP_BUILD_FINGERPRINT "ro.build.fingerprint" + +namespace keymaster { +namespace V4_1 { +namespace javacard { +using namespace ::javacard_keymaster; +using android::hardware::keymaster::V4_0::support::authToken2HidlVec; +using std::string; +using std::vector; + +constexpr size_t kOperationTableSize = 4; +constexpr int kKeyblobKeyCharsOffset = 3; + +struct KM_AUTH_LIST_Delete { + void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); } +}; + +namespace { + +inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) { + return static_cast(value); +} + +inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) { + return static_cast(value); +} + +inline keymaster_tag_t legacy_enum_conversion(const Tag value) { + return keymaster_tag_t(value); +} + +inline Tag legacy_enum_conversion(const keymaster_tag_t value) { + return Tag(value); +} + +inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) { + return keymaster_tag_get_type(tag); +} + +inline keymaster_security_level_t legacy_enum_conversion(const SecurityLevel value) { + return static_cast(value); +} + +inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) { + return static_cast(value); +} + +inline void hidlVec2KmBlob(const hidl_vec& input, KeymasterBlob* blob) { + blob->Reset(input.size()); + memcpy(blob->writable_data(), input.data(), input.size()); +} + +void legacyHardwareAuthToken(const HardwareAuthToken& hidlToken, + ::keymaster::HardwareAuthToken* legacyToken) { + legacyToken->challenge = hidlToken.challenge; + legacyToken->user_id = hidlToken.userId; + legacyToken->authenticator_id = hidlToken.authenticatorId; + legacyToken->authenticator_type = + static_cast(hidlToken.authenticatorType); + legacyToken->timestamp = hidlToken.timestamp; + hidlVec2KmBlob(hidlToken.mac, &legacyToken->mac); +} + +keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec& keyParams) { + keymaster_key_param_set_t set; + + set.params = new keymaster_key_param_t[keyParams.size()]; + set.length = keyParams.size(); + + for (size_t i = 0; i < keyParams.size(); ++i) { + auto tag = legacy_enum_conversion(keyParams[i].tag); + switch (typeFromTag(tag)) { + case KM_ENUM: + case KM_ENUM_REP: + set.params[i] = keymaster_param_enum(tag, keyParams[i].f.integer); + break; + case KM_UINT: + case KM_UINT_REP: + set.params[i] = keymaster_param_int(tag, keyParams[i].f.integer); + break; + case KM_ULONG: + case KM_ULONG_REP: + set.params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger); + break; + case KM_DATE: + set.params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime); + break; + case KM_BOOL: + if (keyParams[i].f.boolValue) + set.params[i] = keymaster_param_bool(tag); + else + set.params[i].tag = KM_TAG_INVALID; + break; + case KM_BIGNUM: + case KM_BYTES: + set.params[i] = + keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size()); + break; + case KM_INVALID: + default: + set.params[i].tag = KM_TAG_INVALID; + /* just skip */ + break; + } + } + + return set; +} + +static inline hidl_vec kmParamSet2Hidl(const keymaster_key_param_set_t& set) { + hidl_vec result; + if (set.length == 0 || set.params == nullptr) return result; + + result.resize(set.length); + keymaster_key_param_t* params = set.params; + for (size_t i = 0; i < set.length; ++i) { + auto tag = params[i].tag; + result[i].tag = legacy_enum_conversion(tag); + switch (typeFromTag(tag)) { + case KM_ENUM: + case KM_ENUM_REP: + result[i].f.integer = params[i].enumerated; + break; + case KM_UINT: + case KM_UINT_REP: + result[i].f.integer = params[i].integer; + break; + case KM_ULONG: + case KM_ULONG_REP: + result[i].f.longInteger = params[i].long_integer; + break; + case KM_DATE: + result[i].f.dateTime = params[i].date_time; + break; + case KM_BOOL: + result[i].f.boolValue = params[i].boolean; + break; + case KM_BIGNUM: + case KM_BYTES: + result[i].blob = std::vector(params[i].blob.data, + params[i].blob.data + params[i].blob.data_length); + break; + case KM_INVALID: + default: + params[i].tag = KM_TAG_INVALID; + /* just skip */ + break; + } + } + return result; +} + +class KmParamSet : public keymaster_key_param_set_t { + public: + explicit KmParamSet(const hidl_vec& keyParams) + : keymaster_key_param_set_t(hidlKeyParams2Km(keyParams)) {} + KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} { + other.length = 0; + other.params = nullptr; + } + KmParamSet(const KmParamSet&) = delete; + ~KmParamSet() { delete[] params; } +}; + +static keymaster_error_t encodeParametersVerified(const VerificationToken& verificationToken, + std::vector& asn1ParamsVerified) { + if (verificationToken.parametersVerified.size() > 0) { + AuthorizationSet paramSet; + KeymasterBlob derBlob; + UniquePtr kmAuthList(KM_AUTH_LIST_new()); + + paramSet.Reinitialize(KmParamSet(verificationToken.parametersVerified)); + + auto err = build_auth_list(paramSet, kmAuthList.get()); + if (err != KM_ERROR_OK) { + return err; + } + int len = i2d_KM_AUTH_LIST(kmAuthList.get(), nullptr); + if (len < 0) { + return TranslateLastOpenSslError(); + } + + if (!derBlob.Reset(len)) { + return KM_ERROR_MEMORY_ALLOCATION_FAILED; + } + + uint8_t* p = derBlob.writable_data(); + len = i2d_KM_AUTH_LIST(kmAuthList.get(), &p); + if (len < 0) { + return TranslateLastOpenSslError(); + } + asn1ParamsVerified.insert(asn1ParamsVerified.begin(), p, p + len); + derBlob.release(); + } + return KM_ERROR_OK; +} + +keymaster_error_t getOperationInfo(keymaster_purpose_t purpose, const AuthorizationSet& inParams, + const AuthorizationSet& keyBlobParams, uint32_t& buferingMode, + uint32_t& macLength) { + BufferingMode bufMode = BufferingMode::NONE; + keymaster_algorithm_t keyAlgo; + keymaster_digest_t digest = KM_DIGEST_NONE; + keymaster_padding_t padding = KM_PAD_NONE; + keymaster_block_mode_t blockMode = KM_MODE_ECB; + macLength = 0; + if (!keyBlobParams.GetTagValue(TAG_ALGORITHM, &keyAlgo)) { + return KM_ERROR_UNKNOWN_ERROR; + } + inParams.GetTagValue(TAG_DIGEST, &digest); + inParams.GetTagValue(TAG_PADDING, &padding); + inParams.GetTagValue(TAG_BLOCK_MODE, &blockMode); + inParams.GetTagValue(TAG_MAC_LENGTH, &macLength); + macLength = (macLength / 8); + switch (keyAlgo) { + case KM_ALGORITHM_AES: + if (purpose == KM_PURPOSE_ENCRYPT && padding == KM_PAD_PKCS7) { + bufMode = BufferingMode::BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGNED; + } else if (purpose == KM_PURPOSE_DECRYPT && padding == KM_PAD_PKCS7) { + bufMode = BufferingMode::BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGNED; + } else if (purpose == KM_PURPOSE_DECRYPT && blockMode == KM_MODE_GCM) { + bufMode = BufferingMode::BUF_AES_GCM_DECRYPT_BLOCK_ALIGNED; + } + break; + case KM_ALGORITHM_TRIPLE_DES: + if (purpose == KM_PURPOSE_ENCRYPT && padding == KM_PAD_PKCS7) { + bufMode = BufferingMode::BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGNED; + } else if (purpose == KM_PURPOSE_DECRYPT && padding == KM_PAD_PKCS7) { + bufMode = BufferingMode::BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGNED; + } + break; + case KM_ALGORITHM_RSA: + if (purpose == KM_PURPOSE_DECRYPT || digest == KM_DIGEST_NONE) { + bufMode = BufferingMode::RSA_NO_DIGEST; + } + break; + case KM_ALGORITHM_EC: + if (digest == KM_DIGEST_NONE && purpose == KM_PURPOSE_SIGN) { + bufMode = BufferingMode::EC_NO_DIGEST; + } + break; + default: + break; + } + buferingMode = static_cast(bufMode); + return KM_ERROR_OK; +} + +} // anonymous namespace + +JavacardKeymaster4Device::JavacardKeymaster4Device(shared_ptr jcImpl) + : softKm_(new ::keymaster::AndroidKeymaster( + []() -> auto{ + auto context = new JavaCardSoftKeymasterContext(); + context->SetSystemVersion(getOsVersion(), getOsPatchlevel()); + return context; + }(), + kOperationTableSize, + keymaster::MessageVersion(keymaster::KmVersion::KEYMASTER_4_1, 0 /* km_date */))), + jcImpl_(jcImpl) { + std::shared_ptr listener( + dynamic_cast(this)); + jcImpl_->registerSeResetEventListener(listener); +} + +JavacardKeymaster4Device::~JavacardKeymaster4Device() {} + +// Methods from IKeymasterDevice follow. +Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_cb) { + uint64_t securityLevel = static_cast(SecurityLevel::STRONGBOX); + hidl_string jcKeymasterName; + hidl_string jcKeymasterAuthor; + string name; + string author; + auto [item, err] = jcImpl_->getHardwareInfo(); + if (err != KM_ERROR_OK || !cbor_.getUint64(item, 1, securityLevel) || + !cbor_.getBinaryArray(item, 2, name) || !cbor_.getBinaryArray(item, 3, author)) { + LOG(ERROR) << "Error in response of getHardwareInfo."; + LOG(INFO) << "Returning defaultHwInfo in getHardwareInfo."; + _hidl_cb(SecurityLevel::STRONGBOX, JAVACARD_KEYMASTER_NAME, JAVACARD_KEYMASTER_AUTHOR); + return Void(); + } + jcKeymasterName = name; + jcKeymasterAuthor = author; + _hidl_cb(static_cast(securityLevel), jcKeymasterName, jcKeymasterAuthor); + return Void(); +} + +Return +JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) { + HmacSharingParameters hmacSharingParameters; + vector nonce; + vector seed; + auto err = jcImpl_->getHmacSharingParameters(&seed, &nonce); + hmacSharingParameters.seed = seed; + memcpy(hmacSharingParameters.nonce.data(), nonce.data(), nonce.size()); + // TODO + // Send earlyBootEnded if there is any pending earlybootEnded event. + // handleSendEarlyBootEndedEvent(); + _hidl_cb(legacy_enum_conversion(err), hmacSharingParameters); + return Void(); +} + +Return +JavacardKeymaster4Device::computeSharedHmac(const hidl_vec& params, + computeSharedHmac_cb _hidl_cb) { + std::vector secret; + vector<::javacard_keymaster::HmacSharingParameters> reqParams(params.size()); + for (size_t i = 0; i < params.size(); i++) { + reqParams[i].seed = params[i].seed; + reqParams[i].nonce.insert(reqParams[i].nonce.end(), params[i].nonce.data(), + params[i].nonce.data() + params[i].nonce.elementCount()); + } + auto err = jcImpl_->computeSharedHmac(reqParams, &secret); + // TODO + // Send earlyBootEnded if there is any pending earlybootEnded event. + // handleSendEarlyBootEndedEvent(); + _hidl_cb(legacy_enum_conversion(err), secret); + return Void(); +} + +Return JavacardKeymaster4Device::addRngEntropy(const hidl_vec& data) { + auto err = jcImpl_->addRngEntropy(data); + return legacy_enum_conversion(err); +} + +Return JavacardKeymaster4Device::generateKey(const hidl_vec& keyParams, + generateKey_cb _hidl_cb) { + AuthorizationSet paramSet; + AuthorizationSet swEnforced; + AuthorizationSet hwEnforced; + AuthorizationSet teeEnforced; + vector retKeyblob; + paramSet.Reinitialize(KmParamSet(keyParams)); + if (!paramSet.Contains(KM_TAG_CREATION_DATETIME) && + !paramSet.Contains(KM_TAG_ACTIVE_DATETIME)) { + keymaster_key_param_t dateTime; + dateTime.tag = KM_TAG_CREATION_DATETIME; + dateTime.date_time = java_time(time(nullptr)); + paramSet.push_back(dateTime); + } + auto err = jcImpl_->generateKey(paramSet, &retKeyblob, &swEnforced, &hwEnforced, &teeEnforced); + KeyCharacteristics keyCharacteristics; + keyCharacteristics.softwareEnforced = kmParamSet2Hidl(swEnforced); + keyCharacteristics.hardwareEnforced = kmParamSet2Hidl(hwEnforced); + _hidl_cb(legacy_enum_conversion(err), retKeyblob, keyCharacteristics); + return Void(); +} + +Return JavacardKeymaster4Device::importKey(const hidl_vec& keyParams, + KeyFormat keyFormat, + const hidl_vec& keyData, + importKey_cb _hidl_cb) { + AuthorizationSet paramSet; + AuthorizationSet swEnforced; + AuthorizationSet hwEnforced; + AuthorizationSet teeEnforced; + vector retKeyblob; + paramSet.Reinitialize(KmParamSet(keyParams)); + if (!paramSet.Contains(KM_TAG_CREATION_DATETIME) && + !paramSet.Contains(KM_TAG_ACTIVE_DATETIME)) { + keymaster_key_param_t dateTime; + dateTime.tag = KM_TAG_CREATION_DATETIME; + dateTime.date_time = java_time(time(nullptr)); + paramSet.push_back(dateTime); + } + auto err = jcImpl_->importKey(paramSet, legacy_enum_conversion(keyFormat), keyData, &retKeyblob, + &swEnforced, &hwEnforced, &teeEnforced); + KeyCharacteristics keyCharacteristics; + keyCharacteristics.softwareEnforced = kmParamSet2Hidl(swEnforced); + keyCharacteristics.hardwareEnforced = kmParamSet2Hidl(hwEnforced); + _hidl_cb(legacy_enum_conversion(err), retKeyblob, keyCharacteristics); + return Void(); +} + +Return JavacardKeymaster4Device::importWrappedKey( + const hidl_vec& wrappedKeyData, const hidl_vec& wrappingKeyBlob, + const hidl_vec& maskingKey, const hidl_vec& unwrappingParams, + uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) { + AuthorizationSet paramSet; + AuthorizationSet swEnforced; + AuthorizationSet hwEnforced; + AuthorizationSet teeEnforced; + vector retKeyblob; + paramSet.Reinitialize(KmParamSet(unwrappingParams)); + auto err = jcImpl_->keymasterImportWrappedKey(wrappedKeyData, wrappingKeyBlob, maskingKey, + paramSet, passwordSid, biometricSid, &retKeyblob, + &swEnforced, &hwEnforced, &teeEnforced); + KeyCharacteristics keyCharacteristics; + keyCharacteristics.softwareEnforced = kmParamSet2Hidl(swEnforced); + keyCharacteristics.hardwareEnforced = kmParamSet2Hidl(hwEnforced); + _hidl_cb(legacy_enum_conversion(err), retKeyblob, keyCharacteristics); + return Void(); +} + +Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToAttest, + const hidl_vec& attestParams, + attestKey_cb _hidl_cb) { + AuthorizationSet paramSet; + vector> certChain; + hidl_vec> outCertChain; + paramSet.Reinitialize(KmParamSet(attestParams)); + auto err = jcImpl_->attestKey(keyToAttest, paramSet, &certChain); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "JavacardKeymaster4Device attestKey Failed in attestKey err: " + << (int32_t)err; + _hidl_cb(legacy_enum_conversion(err), outCertChain); + return Void(); + } + err = jcImpl_->getCertChain(&certChain); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "JavacardKeymaster4Device attestKey Failed in getCertChain err: " + << (int32_t)err; + _hidl_cb(legacy_enum_conversion(err), outCertChain); + return Void(); + } + outCertChain.resize(certChain.size()); + for (int i = 0; i < certChain.size(); i++) { + outCertChain[i] = certChain[i]; + } + _hidl_cb(legacy_enum_conversion(err), outCertChain); + return Void(); +} + +Return JavacardKeymaster4Device::upgradeKey(const hidl_vec& keyBlobToUpgrade, + const hidl_vec& upgradeParams, + upgradeKey_cb _hidl_cb) { + AuthorizationSet paramSet; + paramSet.Reinitialize(KmParamSet(upgradeParams)); + vector upgradedKeyBlob; + auto err = jcImpl_->upgradeKey(keyBlobToUpgrade, paramSet, &upgradedKeyBlob); + _hidl_cb(legacy_enum_conversion(err), upgradedKeyBlob); + return Void(); +} + +Return JavacardKeymaster4Device::deleteKey(const hidl_vec& keyBlob) { + auto err = jcImpl_->deleteKey(keyBlob); + return legacy_enum_conversion(err); +} + +Return JavacardKeymaster4Device::deleteAllKeys() { + auto err = jcImpl_->deleteAllKeys(); + return legacy_enum_conversion(err); +} + +Return JavacardKeymaster4Device::destroyAttestationIds() { + auto err = jcImpl_->destroyAttestationIds(); + return legacy_enum_conversion(err); +} + +Return JavacardKeymaster4Device::getKeyCharacteristics(const hidl_vec& keyBlob, + const hidl_vec& clientId, + const hidl_vec& appData, + getKeyCharacteristics_cb _hidl_cb) { + AuthorizationSet swEnforced; + AuthorizationSet hwEnforced; + AuthorizationSet teeEnforced; + auto err = jcImpl_->getKeyCharacteristics(keyBlob, clientId, appData, &swEnforced, &hwEnforced, + &teeEnforced); + KeyCharacteristics keyCharacteristics; + keyCharacteristics.softwareEnforced = kmParamSet2Hidl(swEnforced); + keyCharacteristics.hardwareEnforced = kmParamSet2Hidl(hwEnforced); + _hidl_cb(legacy_enum_conversion(err), keyCharacteristics); + return Void(); +} + +Return JavacardKeymaster4Device::verifyAuthorization(uint64_t, const hidl_vec&, + const HardwareAuthToken&, + verifyAuthorization_cb _hidl_cb) { + VerificationToken verificationToken; + LOG(DEBUG) << "Verify authorizations UNIMPLEMENTED"; + _hidl_cb(ErrorCode::UNIMPLEMENTED, verificationToken); + return Void(); +} + +Return JavacardKeymaster4Device::exportKey(KeyFormat exportFormat, + const hidl_vec& keyBlob, + const hidl_vec& clientId, + const hidl_vec& appData, + exportKey_cb _hidl_cb) { + ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; + hidl_vec resultKeyBlob; + + // Check if keyblob is corrupted + getKeyCharacteristics( + keyBlob, clientId, appData, + [&](ErrorCode error, KeyCharacteristics /*keyCharacteristics*/) { errorCode = error; }); + + if (errorCode != ErrorCode::OK) { + LOG(ERROR) << "Error in exportKey: " << (int32_t)errorCode; + _hidl_cb(errorCode, resultKeyBlob); + return Void(); + } + + ExportKeyRequest request(softKm_->message_version()); + request.key_format = legacy_enum_conversion(exportFormat); + request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); + + ExportKeyResponse response(softKm_->message_version()); + softKm_->ExportKey(request, &response); + + if (response.error == KM_ERROR_INCOMPATIBLE_ALGORITHM) { + // Symmetric Keys cannot be exported. + response.error = KM_ERROR_UNSUPPORTED_KEY_FORMAT; + LOG(ERROR) << "error in exportKey: unsupported algorithm or key format"; + } + if (response.error == KM_ERROR_OK) { + resultKeyBlob.setToExternal(response.key_data, response.key_data_length); + } + errorCode = legacy_enum_conversion(response.error); + LOG(DEBUG) << "exportKey status: " << (int32_t)errorCode; + _hidl_cb(errorCode, resultKeyBlob); + return Void(); +} + +keymaster_error_t JavacardKeymaster4Device::handleBeginPublicKeyOperation( + KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, + const HardwareAuthToken& authToken, hidl_vec& outParams, + uint64_t& operationHandle, std::unique_ptr& operation) { + BeginOperationRequest request(softKm_->message_version()); + request.purpose = legacy_enum_conversion(purpose); + request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); + request.additional_params.Reinitialize(KmParamSet(inParams)); + hidl_vec hidl_vec_token = authToken2HidlVec(authToken); + request.additional_params.push_back( + TAG_AUTH_TOKEN, reinterpret_cast(hidl_vec_token.data()), hidl_vec_token.size()); + + BeginOperationResponse response(softKm_->message_version()); + softKm_->BeginOperation(request, &response); + LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: " + << (int32_t)response.error; + if (response.error == KM_ERROR_OK) { + outParams = kmParamSet2Hidl(response.output_params); + operationHandle = response.op_handle; + operation = std::make_unique( + operationHandle, BufferingMode::NONE, 0, nullptr, OperationType::PUBLIC_OPERATION, + softKm_); + } else { + LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: " + << (int32_t)response.error; + } + return response.error; +} + +keymaster_error_t JavacardKeymaster4Device::handleBeginPrivateKeyOperation( + KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, + const HardwareAuthToken& authToken, hidl_vec& outParams, + uint64_t& operationHandle, std::unique_ptr& operation) { + AuthorizationSet paramSet; + AuthorizationSet authSetParams; + paramSet.Reinitialize(KmParamSet(inParams)); + ::keymaster::HardwareAuthToken legacyToken; + legacyHardwareAuthToken(authToken, &legacyToken); + auto err = jcImpl_->begin(legacy_enum_conversion(purpose), keyBlob, paramSet, legacyToken, + &authSetParams, operation); + if (err == KM_ERROR_OK) { + // Decode keyblob to get the BufferingMode and macLength properties. + AuthorizationSet swEnforced; + AuthorizationSet teeEnforced; + AuthorizationSet hwEnforced; + uint32_t bufMode; + uint32_t macLength; + auto [item, _] = cbor_.decodeKeyblob(keyBlob); + if (item == nullptr) { + return KM_ERROR_UNKNOWN_ERROR; + } + if (!cbor_.getKeyCharacteristics(item, kKeyblobKeyCharsOffset, swEnforced, hwEnforced, + teeEnforced)) { + return KM_ERROR_INVALID_KEY_BLOB; + } + err = getOperationInfo(static_cast(purpose), paramSet, hwEnforced, + bufMode, macLength); + if (err != KM_ERROR_OK) { + return err; + } + operation->setBufferingMode(static_cast(bufMode)); + operation->setMacLength(macLength); + // Get the operation handle from the Operation. + operationHandle = operation->getOpertionHandle(); + outParams = kmParamSet2Hidl(authSetParams); + } + return err; +} + +keymaster_error_t JavacardKeymaster4Device::handleBeginOperation( + KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, + const HardwareAuthToken& authToken, hidl_vec& outParams, + uint64_t& operationHandle, OperationType& operType, + std::unique_ptr& operation) { + keymaster_error_t err = KM_ERROR_UNKNOWN_ERROR; + if (operType == OperationType::PRIVATE_OPERATION) { + err = handleBeginPrivateKeyOperation(purpose, keyBlob, inParams, authToken, outParams, + operationHandle, operation); + if (err == ExtendedErrors::PUBLIC_KEY_OPERATION) { + // Handle public key operation. + operType = OperationType::PUBLIC_OPERATION; + } + } + + if (operType == OperationType::PUBLIC_OPERATION) { + err = handleBeginPublicKeyOperation(purpose, keyBlob, inParams, authToken, outParams, + operationHandle, operation); + } + return err; +} + +bool JavacardKeymaster4Device::isOperationHandleExists(uint64_t opHandle) { + if (operationTable_.end() == operationTable_.find(opHandle)) { + return false; + } + return true; +} + +Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, + const HardwareAuthToken& authToken, + begin_cb _hidl_cb) { + uint64_t operationHandle = 0; + OperationType operType = OperationType::PRIVATE_OPERATION; + std::unique_ptr operation; + hidl_vec outParams; + LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD purpose: " << (int32_t)purpose; + auto err = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams, + operationHandle, operType, operation); + if (err == KM_ERROR_OK && isOperationHandleExists(operationHandle)) { + LOG(DEBUG) << "Operation handle " << operationHandle + << "already exists" + "in the opertion table. so aborting this opertaion."; + // abort the operation. + err = abortOperation(operationHandle); + if (err == KM_ERROR_OK) { + // retry begin to get an another operation handle. + err = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams, + operationHandle, operType, operation); + if (err == KM_ERROR_OK && isOperationHandleExists(operationHandle)) { + err = KM_ERROR_UNKNOWN_ERROR; + LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: Failed in begin operation as the" + "operation handle already exists in the operation table." + << (int32_t)err; + // abort the operation. + auto abortErr = abortOperation(operationHandle); + if (abortErr != KM_ERROR_OK) { + LOG(ERROR) << "Fail to abort the operation."; + err = abortErr; + } + } + } + } + if (err == KM_ERROR_OK) { + operationTable_[operationHandle] = std::move(operation); + } + _hidl_cb(legacy_enum_conversion(err), outParams, operationHandle); + return Void(); +} + +keymaster_error_t JavacardKeymaster4Device::abortOperation(uint64_t operationHandle) { + auto it = operationTable_.find(operationHandle); + if (it == operationTable_.end()) { + LOG(ERROR) << " Operation handle is invalid. This could happen if invalid " + "operation handle is passed or if" + << " secure element reset occurred."; + return KM_ERROR_INVALID_OPERATION_HANDLE; + } + auto err = it->second->abort(); + if (err == KM_ERROR_OK) { + /* Delete the entry on this operationHandle */ + operationTable_.erase(operationHandle); + } + return err; +} + +Return JavacardKeymaster4Device::abort(uint64_t operationHandle) { + return legacy_enum_conversion(abortOperation(operationHandle)); +} + +Return +JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec& inParams, + const hidl_vec& input, const HardwareAuthToken& authToken, + const VerificationToken& verificationToken, update_cb _hidl_cb) { + hidl_vec outParams; + AuthorizationSet authSetOutParams; + uint32_t inputConsumed = 0; + vector output; + vector encodedVerificationToken; + auto it = operationTable_.find(operationHandle); + if (it == operationTable_.end()) { + LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle " + "is passed or if" + << " secure element reset occurred."; + _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, inputConsumed, outParams, output); + return Void(); + } + AuthorizationSet paramSet; + paramSet.Reinitialize(KmParamSet(inParams)); + ::keymaster::HardwareAuthToken legacyHwToken; + legacyHardwareAuthToken(authToken, &legacyHwToken); + auto err = encodeVerificationToken(verificationToken, &encodedVerificationToken); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "In update failed to encode VerificationToken" << (int32_t)err; + _hidl_cb(legacy_enum_conversion(err), inputConsumed, outParams, output); + return Void(); + } + err = it->second->update(input, std::optional(paramSet), legacyHwToken, + encodedVerificationToken, &authSetOutParams, &inputConsumed, &output); + if (err != KM_ERROR_OK) { + /* Delete the entry on this operationHandle */ + operationTable_.erase(operationHandle); + } + outParams = kmParamSet2Hidl(authSetOutParams); + _hidl_cb(legacy_enum_conversion(err), input.size(), outParams, output); + return Void(); +} + +Return +JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& inParams, + const hidl_vec& input, const hidl_vec& signature, + const HardwareAuthToken& authToken, + const VerificationToken& verificationToken, finish_cb _hidl_cb) { + hidl_vec outParams; + AuthorizationSet authSetOutParams; + vector output; + vector encodedVerificationToken; + auto it = operationTable_.find(operationHandle); + if (it == operationTable_.end()) { + LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle " + "is passed or if" + << " secure element reset occurred."; + _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, outParams, output); + return Void(); + } + AuthorizationSet paramSet; + paramSet.Reinitialize(KmParamSet(inParams)); + ::keymaster::HardwareAuthToken legacyHwToken; + legacyHardwareAuthToken(authToken, &legacyHwToken); + auto err = encodeVerificationToken(verificationToken, &encodedVerificationToken); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "In finish failed to encode VerificationToken" << (int32_t)err; + _hidl_cb(legacy_enum_conversion(err), outParams, output); + return Void(); + } + err = + it->second->finish(input, std::optional(paramSet), signature, + legacyHwToken, encodedVerificationToken, {}, &authSetOutParams, &output); + /* Delete the entry on this operationHandle */ + operationTable_.erase(operationHandle); + outParams = kmParamSet2Hidl(authSetOutParams); + _hidl_cb(legacy_enum_conversion(err), outParams, output); + return Void(); +} + +// Methods from ::android::hardware::keymaster::V4_1::IKeymasterDevice follow. +Return<::android::hardware::keymaster::V4_1::ErrorCode> +JavacardKeymaster4Device::deviceLocked(bool passwordOnly, + const VerificationToken& verificationToken) { + vector encodedVerificationToken; + auto err = encodeVerificationToken(verificationToken, &encodedVerificationToken); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "In deviceLocked failed to encode VerificationToken" << (int32_t)err; + return static_cast(err); + } + err = jcImpl_->deviceLocked(passwordOnly, encodedVerificationToken); + return static_cast(err); +} + +Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device::earlyBootEnded() { + auto err = jcImpl_->earlyBootEnded(); + return static_cast(err); +} + +keymaster_error_t +JavacardKeymaster4Device::encodeVerificationToken(const VerificationToken& verificationToken, + vector* encodedToken) { + vector asn1ParamsVerified; + auto err = encodeParametersVerified(verificationToken, asn1ParamsVerified); + if (err != KM_ERROR_OK) { + LOG(DEBUG) << "INS_DEVICE_LOCKED_CMD: Error in encodeParametersVerified, status: " + << (int32_t)err; + return err; + } + cppbor::Array array; + ::keymaster::VerificationToken token; + token.challenge = verificationToken.challenge; + token.timestamp = verificationToken.timestamp; + token.security_level = legacy_enum_conversion(verificationToken.securityLevel); + hidlVec2KmBlob(verificationToken.mac, &token.mac); + cbor_.addVerificationToken(array, token, asn1ParamsVerified); + *encodedToken = array.encode(); + return KM_ERROR_OK; +} + +void JavacardKeymaster4Device::seResetEvent() { + // clear strongbox entires. + LOG(INFO) + << "Secure Element reset or applet upgrade detected. Removing existing operation handles"; + auto it = operationTable_.begin(); + while (it != operationTable_.end()) { + if (it->second->getOperationType() == + ::javacard_keymaster::OperationType::PRIVATE_OPERATION) { // Strongbox operation + LOG(INFO) << "operation handle: " << it->first << " is removed"; + it = operationTable_.erase(it); + } else { + ++it; + } + } +} + +} // namespace javacard +} // namespace V4_1 +} // namespace keymaster diff --git a/HAL/JavacardKeymaster4Device.h b/HAL/JavacardKeymaster4Device.h new file mode 100644 index 00000000..54da83f3 --- /dev/null +++ b/HAL/JavacardKeymaster4Device.h @@ -0,0 +1,158 @@ +/* + ** + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ + +#pragma once + +#include "CborConverter.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace keymaster { +namespace V4_1 { +namespace javacard { +using ::android::hardware::hidl_string; +using ::android::hardware::hidl_vec; +using ::android::hardware::Return; +using ::android::hardware::Void; +using ::javacard_keymaster::CborConverter; +using ::javacard_keymaster::IJavacardSeResetListener; +using ::javacard_keymaster::JavacardKeymaster; +using ::javacard_keymaster::JavacardKeymasterOperation; +using ::javacard_keymaster::OperationType; +using std::shared_ptr; + +using ::android::hardware::keymaster::V4_0::ErrorCode; +using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; +using ::android::hardware::keymaster::V4_0::HardwareAuthToken; +using ::android::hardware::keymaster::V4_0::HmacSharingParameters; +using ::android::hardware::keymaster::V4_0::KeyCharacteristics; +using ::android::hardware::keymaster::V4_0::KeyFormat; +using ::android::hardware::keymaster::V4_0::KeyParameter; +using ::android::hardware::keymaster::V4_0::KeyPurpose; +using ::android::hardware::keymaster::V4_0::OperationHandle; +using ::android::hardware::keymaster::V4_0::SecurityLevel; +using ::android::hardware::keymaster::V4_0::Tag; +using ::android::hardware::keymaster::V4_0::VerificationToken; +using ::android::hardware::keymaster::V4_1::IKeymasterDevice; + +using V41ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode; + +class JavacardKeymaster4Device : public IKeymasterDevice, public IJavacardSeResetListener { + public: + JavacardKeymaster4Device(shared_ptr jcImpl); + virtual ~JavacardKeymaster4Device(); + + // Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow. + Return getHardwareInfo(getHardwareInfo_cb _hidl_cb) override; + Return getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override; + Return computeSharedHmac(const hidl_vec& params, + computeSharedHmac_cb _hidl_cb) override; + Return verifyAuthorization(uint64_t operationHandle, + const hidl_vec& parametersToVerify, + const HardwareAuthToken& authToken, + verifyAuthorization_cb _hidl_cb) override; + Return addRngEntropy(const hidl_vec& data) override; + Return generateKey(const hidl_vec& keyParams, + generateKey_cb _hidl_cb) override; + Return importKey(const hidl_vec& keyParams, KeyFormat keyFormat, + const hidl_vec& keyData, importKey_cb _hidl_cb) override; + Return importWrappedKey(const hidl_vec& wrappedKeyData, + const hidl_vec& wrappingKeyBlob, + const hidl_vec& maskingKey, + const hidl_vec& unwrappingParams, + uint64_t passwordSid, uint64_t biometricSid, + importWrappedKey_cb _hidl_cb) override; + Return getKeyCharacteristics(const hidl_vec& keyBlob, + const hidl_vec& clientId, + const hidl_vec& appData, + getKeyCharacteristics_cb _hidl_cb) override; + Return exportKey(KeyFormat keyFormat, const hidl_vec& keyBlob, + const hidl_vec& clientId, const hidl_vec& appData, + exportKey_cb _hidl_cb) override; + Return attestKey(const hidl_vec& keyToAttest, + const hidl_vec& attestParams, + attestKey_cb _hidl_cb) override; + Return upgradeKey(const hidl_vec& keyBlobToUpgrade, + const hidl_vec& upgradeParams, + upgradeKey_cb _hidl_cb) override; + Return deleteKey(const hidl_vec& keyBlob) override; + Return deleteAllKeys() override; + Return destroyAttestationIds() override; + Return begin(KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, const HardwareAuthToken& authToken, + begin_cb _hidl_cb) override; + Return update(uint64_t operationHandle, const hidl_vec& inParams, + const hidl_vec& input, const HardwareAuthToken& authToken, + const VerificationToken& verificationToken, update_cb _hidl_cb) override; + Return finish(uint64_t operationHandle, const hidl_vec& inParams, + const hidl_vec& input, const hidl_vec& signature, + const HardwareAuthToken& authToken, + const VerificationToken& verificationToken, finish_cb _hidl_cb) override; + Return abort(uint64_t operationHandle) override; + + // Methods from ::android::hardware::keymaster::V4_1::IKeymasterDevice follow. + Return deviceLocked(bool passwordOnly, + const VerificationToken& verificationToken) override; + Return earlyBootEnded() override; + void seResetEvent() override; + + private: + keymaster_error_t encodeVerificationToken(const VerificationToken& token, + std::vector* encodedToken); + keymaster_error_t handleBeginOperation(KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, + const HardwareAuthToken& authToken, + hidl_vec& outParams, + uint64_t& operationHandle, OperationType& operType, + std::unique_ptr& operation); + keymaster_error_t + handleBeginPrivateKeyOperation(KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, + const HardwareAuthToken& authToken, + hidl_vec& outParams, uint64_t& operationHandle, + std::unique_ptr& operation); + ; + + keymaster_error_t + handleBeginPublicKeyOperation(KeyPurpose purpose, const hidl_vec& keyBlob, + const hidl_vec& inParams, + const HardwareAuthToken& authToken, + hidl_vec& outParams, uint64_t& operationHandle, + std::unique_ptr& operation); + bool isOperationHandleExists(uint64_t opHandle); + keymaster_error_t abortOperation(uint64_t operationHandle); + + private: + CborConverter cbor_; + std::shared_ptr<::keymaster::AndroidKeymaster> softKm_; + const shared_ptr jcImpl_; + std::map> operationTable_; +}; + +} // namespace javacard +} // namespace V4_1 +} // namespace keymaster diff --git a/HAL/JavacardKeymasterOperation.cpp b/HAL/JavacardKeymasterOperation.cpp new file mode 100644 index 00000000..cf62de42 --- /dev/null +++ b/HAL/JavacardKeymasterOperation.cpp @@ -0,0 +1,368 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "JavacardKeymasterOperation.h" +#include +#include + +namespace javacard_keymaster { + +keymaster_error_t JavacardKeymasterOperation::handleErrorCode(keymaster_error_t err) { + // Check if secure element is reset + uint32_t errorCode = static_cast(0 - err); + bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG)); + + if (isSeResetOccurred) { + // Clear the operation table for Strongbox operations entries. + if (seResetListener_) { + seResetListener_->seResetEvent(); + } + // Unmask the power reset status flag. + errorCode &= ~SE_POWER_RESET_STATUS_FLAG; + } + return translateExtendedErrorsToHalErrors(static_cast(0 - errorCode)); +} + +std::tuple, keymaster_error_t> +JavacardKeymasterOperation::sendRequest(Instruction ins) { + auto [item, err] = card_->sendRequest(ins); + return {std::move(item), handleErrorCode(err)}; +} + +std::tuple, keymaster_error_t> +JavacardKeymasterOperation::sendRequest(Instruction ins, Array& request) { + auto [item, err] = card_->sendRequest(ins, request); + return {std::move(item), handleErrorCode(err)}; +} + +JavacardKeymasterOperation::~JavacardKeymasterOperation() { + if (opHandle_ != 0) { + abort(); + } +} + +keymaster_error_t +JavacardKeymasterOperation::updateAad(const vector& input, + const HardwareAuthToken& authToken, + const vector& encodedVerificationToken) { + cppbor::Array request; + request.add(Uint(opHandle_)); + request.add(Bstr(input)); + cbor_.addHardwareAuthToken(request, authToken); + request.add(EncodedItem(encodedVerificationToken)); + auto [_, err] = card_->sendRequest(Instruction::INS_UPDATE_AAD_OPERATION_CMD, request); + return err; +} + +keymaster_error_t JavacardKeymasterOperation::update( + const vector& input, const std::optional& inParams, + const HardwareAuthToken& authToken, const vector& encodedVerificationToken, + AuthorizationSet* outParams, uint32_t* inputConsumed, vector* output) { + if (operType_ == OperationType::PUBLIC_OPERATION) { + /* SW keymaster (Public key operation) */ + LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm operation "; + UpdateOperationResponse response(softKm_->message_version()); + UpdateOperationRequest request(softKm_->message_version()); + request.op_handle = opHandle_; + request.input.Reinitialize(input.data(), input.size()); + request.additional_params.Reinitialize(inParams.value()); + + softKm_->UpdateOperation(request, &response); + LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm update operation status: " + << (int32_t)response.error; + if (response.error == KM_ERROR_OK) { + *inputConsumed = response.input_consumed; + *outParams = response.output_params; + output->insert(output->end(), response.output.begin(), response.output.end()); + } else { + LOG(ERROR) << "INS_UPDATE_OPERATION_CMD - error swkm update operation status: " + << (int32_t)response.error; + } + return response.error; + } else { + DataView view = {.buffer = {}, .data = input, .start = 0, .length = input.size()}; + keymaster_error_t err = bufferData(view); + if (err != KM_ERROR_OK) { + return err; + } + if (!(bufferingMode_ == BufferingMode::EC_NO_DIGEST || + bufferingMode_ == BufferingMode::RSA_NO_DIGEST)) { + if (view.length > MAX_CHUNK_SIZE) { + err = updateInChunks(view, inParams, authToken, encodedVerificationToken, output); + if (err != KM_ERROR_OK) { + return err; + } + } + vector remaining = popNextChunk(view, view.length); + err = sendUpdate(remaining, inParams, authToken, encodedVerificationToken, *output); + } + return err; + } +} + +keymaster_error_t JavacardKeymasterOperation::finish( + const vector& inData, const std::optional& inParams, + const vector& signature, const HardwareAuthToken& authToken, + const vector& encodedVerificationToken, + const std::optional>& confToken, AuthorizationSet* outParams, + vector* output) { + if (operType_ == OperationType::PUBLIC_OPERATION) { + FinishOperationResponse response(softKm_->message_version()); + /* SW keymaster (Public key operation) */ + LOG(DEBUG) << "FINISH - swkm operation "; + FinishOperationRequest request(softKm_->message_version()); + request.op_handle = opHandle_; + request.input.Reinitialize(inData.data(), inData.size()); + request.signature.Reinitialize(signature.data(), signature.size()); + request.additional_params.Reinitialize(inParams.value()); + softKm_->FinishOperation(request, &response); + LOG(DEBUG) << "FINISH - swkm operation, status: " << (int32_t)response.error; + ; + + if (response.error == KM_ERROR_OK) { + *outParams = response.output_params; + output->insert(output->end(), response.output.begin(), response.output.end()); + } else { + LOG(ERROR) << "Error in finish operation, status: " << (int32_t)response.error; + } + return response.error; + } else { + DataView view = {.buffer = {}, .data = inData, .start = 0, .length = inData.size()}; + appendBufferedData(view); + if (!(bufferingMode_ == BufferingMode::EC_NO_DIGEST || + bufferingMode_ == BufferingMode::RSA_NO_DIGEST)) { + if (view.length > MAX_CHUNK_SIZE) { + auto err = + updateInChunks(view, inParams, authToken, encodedVerificationToken, output); + if (err != KM_ERROR_OK) { + return err; + } + } + } + vector remaining = popNextChunk(view, view.length); + return sendFinish(remaining, inParams, signature, authToken, encodedVerificationToken, + confToken, *output); + } +} + +keymaster_error_t JavacardKeymasterOperation::abort() { + if (operType_ == OperationType::PUBLIC_OPERATION) { + AbortOperationRequest request(softKm_->message_version()); + request.op_handle = opHandle_; + + AbortOperationResponse response(softKm_->message_version()); + softKm_->AbortOperation(request, &response); + return response.error; + ; + } else { + Array request; + request.add(Uint(opHandle_)); + auto [item, err] = sendRequest(Instruction::INS_ABORT_OPERATION_CMD, request); + opHandle_ = 0; + buffer_.clear(); + return err; + } +} + +void JavacardKeymasterOperation::blockAlign(DataView& view, uint16_t blockSize) { + appendBufferedData(view); + uint16_t offset = getDataViewOffset(view, blockSize); + if (view.buffer.empty() && view.data.empty()) { + offset = 0; + } else if (view.buffer.empty()) { + buffer_.insert(buffer_.end(), view.data.begin() + offset, view.data.end()); + } else if (view.data.empty()) { + buffer_.insert(buffer_.end(), view.buffer.begin() + offset, view.buffer.end()); + } else { + if (offset < view.buffer.size()) { + buffer_.insert(buffer_.end(), view.buffer.begin() + offset, view.buffer.end()); + buffer_.insert(buffer_.end(), view.data.begin(), view.data.end()); + } else { + offset = offset - view.buffer.size(); + buffer_.insert(buffer_.end(), view.data.begin() + offset, view.data.end()); + } + } + // adjust the view length by removing the buffered data size from it. + view.length = view.length - buffer_.size(); +} + +uint16_t JavacardKeymasterOperation::getDataViewOffset(DataView& view, uint16_t blockSize) { + uint16_t offset = 0; + uint16_t remaining = 0; + switch (bufferingMode_) { + case BufferingMode::BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGNED: + case BufferingMode::BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGNED: + offset = ((view.length / blockSize)) * blockSize; + remaining = (view.length % blockSize); + if (offset >= blockSize && remaining == 0) { + offset -= blockSize; + } + break; + case BufferingMode::BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGNED: + case BufferingMode::BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGNED: + offset = ((view.length / blockSize)) * blockSize; + break; + case BufferingMode::BUF_AES_GCM_DECRYPT_BLOCK_ALIGNED: + if (view.length > macLength_) { + offset = (view.length - macLength_); + } + break; + default: + break; + } + return offset; +} + +keymaster_error_t JavacardKeymasterOperation::bufferData(DataView& view) { + if (view.data.empty()) return KM_ERROR_OK; // nothing to buffer + switch (bufferingMode_) { + case BufferingMode::RSA_NO_DIGEST: + buffer_.insert(buffer_.end(), view.data.begin(), view.data.end()); + if (buffer_.size() > RSA_BUFFER_SIZE) { + abort(); + return KM_ERROR_INVALID_INPUT_LENGTH; + } + view.start = 0; + view.length = 0; + break; + case BufferingMode::EC_NO_DIGEST: + if (buffer_.size() < EC_BUFFER_SIZE) { + buffer_.insert(buffer_.end(), view.data.begin(), view.data.end()); + // Truncate the buffered data if greater then allowed EC buffer size. + if (buffer_.size() > EC_BUFFER_SIZE) { + buffer_.erase(buffer_.begin() + EC_BUFFER_SIZE, buffer_.end()); + } + } + view.start = 0; + view.length = 0; + break; + case BufferingMode::BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGNED: + case BufferingMode::BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGNED: + blockAlign(view, AES_BLOCK_SIZE); + break; + case BufferingMode::BUF_AES_GCM_DECRYPT_BLOCK_ALIGNED: + blockAlign(view, macLength_); + break; + case BufferingMode::BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGNED: + case BufferingMode::BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGNED: + blockAlign(view, DES_BLOCK_SIZE); + break; + case BufferingMode::NONE: + break; + } + return KM_ERROR_OK; +} + +// Incrementally send the request using multiple updates. +keymaster_error_t JavacardKeymasterOperation::updateInChunks( + DataView& view, const std::optional& inParams, + const HardwareAuthToken& authToken, const vector& encodedVerificationToken, + vector* output) { + keymaster_error_t sendError = KM_ERROR_UNKNOWN_ERROR; + while (view.length > MAX_CHUNK_SIZE) { + vector chunk = popNextChunk(view, MAX_CHUNK_SIZE); + sendError = sendUpdate(chunk, inParams, authToken, encodedVerificationToken, *output); + if (sendError != KM_ERROR_OK) { + return sendError; + } + // TODO Is it ok we clear tokens here.? + // Clear tokens + // if (!authToken.mac.empty()) authToken = HardwareAuthToken(); + // if (!timestampToken.mac.empty()) timestampToken = TimeStampToken(); + } + return KM_ERROR_OK; +} + +vector JavacardKeymasterOperation::popNextChunk(DataView& view, uint32_t chunkSize) { + uint32_t start = view.start; + uint32_t end = start + ((view.length < chunkSize) ? view.length : chunkSize); + vector chunk; + if (start < view.buffer.size()) { + if (end < view.buffer.size()) { + chunk = {view.buffer.begin() + start, view.buffer.begin() + end}; + } else { + end = end - view.buffer.size(); + chunk = {view.buffer.begin() + start, view.buffer.end()}; + chunk.insert(chunk.end(), view.data.begin(), view.data.begin() + end); + } + } else { + start = start - view.buffer.size(); + end = end - view.buffer.size(); + chunk = {view.data.begin() + start, view.data.begin() + end}; + } + view.start = view.start + chunk.size(); + view.length = view.length - chunk.size(); + return chunk; +} + +keymaster_error_t JavacardKeymasterOperation::sendUpdate( + const vector& input, const std::optional& inParams, + const HardwareAuthToken& authToken, const vector& encodedVerificationToken, + vector& output) { + if (input.empty() && (!inParams.has_value() || !inParams->Contains(KM_TAG_ASSOCIATED_DATA))) { + LOG(ERROR) << "JavacardKeymasterOperation::sendUpdate return no input to send"; + return KM_ERROR_OK; + } + cppbor::Array request; + request.add(Uint(opHandle_)); + if (inParams.has_value()) cbor_.addKeyparameters(request, inParams.value()); + request.add(Bstr(input)); + cbor_.addHardwareAuthToken(request, authToken); + request.add(EncodedItem(encodedVerificationToken)); + auto [item, error] = sendRequest(Instruction::INS_UPDATE_OPERATION_CMD, request); + if (error != KM_ERROR_OK) { + return error; + } + vector respData; + size_t size; + error = cbor_.getArraySize(item, size); + if ((error != KM_ERROR_OK) || !cbor_.getBinaryArray(item, size - 1, respData)) { + return KM_ERROR_UNKNOWN_ERROR; + } + output.insert(output.end(), respData.begin(), respData.end()); + return KM_ERROR_OK; +} + +keymaster_error_t JavacardKeymasterOperation::sendFinish( + const vector& data, const std::optional& inParams, + const vector& sign, const HardwareAuthToken& authToken, + const vector& encodedVerificationToken, + const std::optional>& confToken, vector& output) { + cppbor::Array request; + request.add(Uint(opHandle_)); + if (inParams.has_value()) cbor_.addKeyparameters(request, inParams.value()); + request.add(Bstr(data)); + request.add(Bstr(sign)); + cbor_.addHardwareAuthToken(request, authToken); + request.add(EncodedItem(encodedVerificationToken)); + if (confToken.has_value()) request.add(Bstr(confToken.value())); + LOG(ERROR) << "JavacardKeymasterOperation::sendFinish step2"; + auto [item, err] = sendRequest(Instruction::INS_FINISH_OPERATION_CMD, request); + if (err != KM_ERROR_OK) { + return err; + } + vector respData; + size_t size; + err = cbor_.getArraySize(item, size); + if ((err != KM_ERROR_OK) || !cbor_.getBinaryArray(item, size - 1, respData)) { + return KM_ERROR_UNKNOWN_ERROR; + } + opHandle_ = 0; + output.insert(output.end(), respData.begin(), respData.end()); + return KM_ERROR_OK; +} + +} // namespace javacard_keymaster diff --git a/HAL/JavacardKeymasterOperation.h b/HAL/JavacardKeymasterOperation.h new file mode 100644 index 00000000..514d9482 --- /dev/null +++ b/HAL/JavacardKeymasterOperation.h @@ -0,0 +1,164 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include "CborConverter.h" +#include "JavacardSecureElement.h" +#include +#include +#include + +#define AES_BLOCK_SIZE 16 +#define DES_BLOCK_SIZE 8 +#define RSA_BUFFER_SIZE 256 +#define EC_BUFFER_SIZE 32 +#define MAX_CHUNK_SIZE 256 +namespace javacard_keymaster { +using ::keymaster::HardwareAuthToken; +using ::keymaster::TimestampToken; +using std::shared_ptr; +using std::string; +using std::vector; + +enum class OperationType { + /* Public operations are processed inside softkeymaster */ + PUBLIC_OPERATION = 0, + /* Private operations are processed inside strongbox */ + PRIVATE_OPERATION = 1, + UNKNOWN = 2, +}; + +// Bufferig modes for update +enum class BufferingMode : int32_t { + NONE = 0, // Send everything to javacard - most of the assymteric operations + RSA_NO_DIGEST = 1, // Buffer everything in update upto 256 bytes and send in finish. If + // input data is greater then 256 bytes then it is an error. Javacard + // will further check according to exact key size and crypto provider. + EC_NO_DIGEST = 2, // Buffer upto 65 bytes and then truncate. Javacard will further truncate + // upto exact keysize. + BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGNED = 3, // Buffer 16 bytes. + BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGNED = 4, // Buffer 16 bytes. + BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGNED = 5, // Buffer 8 bytes. + BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGNED = 6, // Buffer 8 bytes. + BUF_AES_GCM_DECRYPT_BLOCK_ALIGNED = 7, // Buffer 16 bytes. + +}; + +// The is the view in the input data being processed by update/finish funcion. + +struct DataView { + vector buffer; // previously buffered data from cycle n-1 + const vector& data; // current data in cycle n. + uint32_t start; // start of the view + size_t length; // length of the view +}; + +class JavacardKeymasterOperation { + public: + explicit JavacardKeymasterOperation(uint64_t opHandle, BufferingMode bufferingMode, + uint16_t macLength, shared_ptr card, + OperationType operType, + shared_ptr seResetListener) + : buffer_(vector()), bufferingMode_(bufferingMode), macLength_(macLength), + card_(card), opHandle_(opHandle), operType_(operType), seResetListener_(seResetListener), + softKm_(nullptr) {} + explicit JavacardKeymasterOperation(uint64_t opHandle, BufferingMode bufferingMode, + uint16_t macLength, shared_ptr card, + OperationType operType, + std::shared_ptr<::keymaster::AndroidKeymaster> softKm) + : buffer_(vector()), bufferingMode_(bufferingMode), macLength_(macLength), + card_(card), opHandle_(opHandle), operType_(operType), seResetListener_(nullptr), + softKm_(softKm) {} + virtual ~JavacardKeymasterOperation(); + + uint64_t getOpertionHandle() { return opHandle_; } + + OperationType getOperationType() { return operType_; } + + keymaster_error_t + update(const vector& input, const std::optional& inParams, + const HardwareAuthToken& authToken, const vector& encodedVerificationToken, + AuthorizationSet* outParams, uint32_t* inputConsumed, vector* output); + + keymaster_error_t updateAad(const vector& input, const HardwareAuthToken& authToken, + const vector& encodedVerificationToken); + + keymaster_error_t finish(const vector& input, + const std::optional& inParams, + const vector& signature, const HardwareAuthToken& authToken, + const vector& encodedVerificationToken, + const std::optional>& confirmationToken, + AuthorizationSet* outParams, vector* output); + + void setBufferingMode(BufferingMode bufMode) { bufferingMode_ = bufMode; } + + void setMacLength(uint32_t macLength) { macLength_ = macLength; } + + keymaster_error_t abort(); + + private: + keymaster_error_t handleErrorCode(keymaster_error_t err); + std::tuple, keymaster_error_t> sendRequest(Instruction ins); + + std::tuple, keymaster_error_t> sendRequest(Instruction ins, + Array& request); + vector popNextChunk(DataView& view, uint32_t chunkSize); + + keymaster_error_t updateInChunks(DataView& view, + const std::optional& inParams, + const HardwareAuthToken& authToken, + const vector& encodedVerificationToken, + vector* output); + + keymaster_error_t + sendFinish(const vector& data, const std::optional& inParams, + const vector& signature, const HardwareAuthToken& authToken, + const vector& encodedVerificationToken, + const std::optional>& confToken, vector& output); + + keymaster_error_t sendUpdate(const vector& data, + const std::optional& inParams, + const HardwareAuthToken& authToken, + const vector& encodedVerificationToken, + vector& output); + + inline void appendBufferedData(DataView& view) { + if (!buffer_.empty()) { + view.buffer = buffer_; + view.length = view.length + buffer_.size(); + view.start = 0; + // view.buffer = insert(data.begin(), buffer_.begin(), buffer_.end()); + buffer_.clear(); + } + } + keymaster_error_t bufferData(DataView& data); + void blockAlign(DataView& data, uint16_t blockSize); + uint16_t getDataViewOffset(DataView& view, uint16_t blockSize); + + private: + vector buffer_; + BufferingMode bufferingMode_; + uint16_t macLength_; + const shared_ptr card_; + uint64_t opHandle_; + CborConverter cbor_; + OperationType operType_; + shared_ptr seResetListener_; + shared_ptr<::keymaster::AndroidKeymaster> softKm_; +}; + +} // namespace javacard_keymaster diff --git a/HAL/JavacardRemotelyProvisionedComponentDevice.cpp b/HAL/JavacardRemotelyProvisionedComponentDevice.cpp new file mode 100644 index 00000000..847fbebb --- /dev/null +++ b/HAL/JavacardRemotelyProvisionedComponentDevice.cpp @@ -0,0 +1,252 @@ +/* + * Copyright 2021, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "javacard.keymint.device.rkp.strongbox-impl" +#include +#include +#include +#include +#include +#include + +namespace aidl::android::hardware::security::keymint { +using namespace cppcose; +using namespace keymaster; +using namespace cppbor; +// RKP error codes defined in keymint applet. +constexpr keymaster_error_t kStatusFailed = static_cast(32000); +constexpr keymaster_error_t kStatusInvalidMac = static_cast(32001); +constexpr keymaster_error_t kStatusProductionKeyInTestRequest = + static_cast(32002); +constexpr keymaster_error_t kStatusTestKeyInProductionRequest = + static_cast(32003); +constexpr keymaster_error_t kStatusInvalidEek = static_cast(32004); +constexpr keymaster_error_t kStatusInvalidState = static_cast(32005); + +namespace { + +keymaster_error_t translateRkpErrorCode(keymaster_error_t error) { + switch (static_cast(-error)) { + case kStatusFailed: + case kStatusInvalidState: + return static_cast(BnRemotelyProvisionedComponent::STATUS_FAILED); + case kStatusInvalidMac: + return static_cast(BnRemotelyProvisionedComponent::STATUS_INVALID_MAC); + case kStatusProductionKeyInTestRequest: + return static_cast( + BnRemotelyProvisionedComponent::STATUS_PRODUCTION_KEY_IN_TEST_REQUEST); + case kStatusTestKeyInProductionRequest: + return static_cast( + BnRemotelyProvisionedComponent::STATUS_TEST_KEY_IN_PRODUCTION_REQUEST); + case kStatusInvalidEek: + return static_cast(BnRemotelyProvisionedComponent::STATUS_INVALID_EEK); + } + return error; +} + +ScopedAStatus defaultHwInfo(RpcHardwareInfo* info) { + info->versionNumber = 1; + info->rpcAuthorName = "Google"; + info->supportedEekCurve = RpcHardwareInfo::CURVE_P256; + return ScopedAStatus::ok(); +} + +uint32_t coseKeyEncodedSize(const std::vector& keysToSign) { + uint32_t size = 0; + for (auto& macKey : keysToSign) { + auto [macedKeyItem, _, coseMacErrMsg] = cppbor::parse(macKey.macedKey); + if (!macedKeyItem || !macedKeyItem->asArray() || + macedKeyItem->asArray()->size() != kCoseMac0EntryCount) { + LOG(ERROR) << "Invalid COSE_Mac0 structure"; + return 0; + } + auto payload = macedKeyItem->asArray()->get(kCoseMac0Payload)->asBstr(); + if (!payload) return 0; + size += payload->value().size(); + } + return size; +} + +} // namespace + +ScopedAStatus JavacardRemotelyProvisionedComponentDevice::getHardwareInfo(RpcHardwareInfo* info) { + auto [item, err] = card_->sendRequest(Instruction::INS_GET_RKP_HARDWARE_INFO); + uint32_t versionNumber; + uint32_t supportedEekCurve; + if (err != KM_ERROR_OK || !cbor_.getUint64(item, 1, versionNumber) || + !cbor_.getBinaryArray(item, 2, info->rpcAuthorName) || + !cbor_.getUint64(item, 3, supportedEekCurve)) { + LOG(ERROR) << "Error in response of getHardwareInfo."; + LOG(INFO) << "Returning defaultHwInfo in getHardwareInfo."; + return defaultHwInfo(info); + } + info->versionNumber = static_cast(versionNumber); + info->supportedEekCurve = static_cast(supportedEekCurve); + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardRemotelyProvisionedComponentDevice::generateEcdsaP256KeyPair( + bool testMode, MacedPublicKey* macedPublicKey, std::vector* privateKeyHandle) { + cppbor::Array array; + array.add(testMode); + auto [item, err] = card_->sendRequest(Instruction::INS_GENERATE_RKP_KEY_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in sending generateEcdsaP256KeyPair."; + return km_utils::kmError2ScopedAStatus(translateRkpErrorCode(err)); + } + if (!cbor_.getBinaryArray(item, 1, macedPublicKey->macedKey) || + !cbor_.getBinaryArray(item, 2, *privateKeyHandle)) { + LOG(ERROR) << "Error in decoding og response in generateEcdsaP256KeyPair."; + return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR); + } + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardRemotelyProvisionedComponentDevice::beginSendData( + bool testMode, const std::vector& keysToSign) { + uint32_t totalEncodedSize = coseKeyEncodedSize(keysToSign); + cppbor::Array array; + array.add(keysToSign.size()); + array.add(totalEncodedSize); + array.add(testMode); + auto [_, err] = card_->sendRequest(Instruction::INS_BEGIN_SEND_DATA_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in beginSendData."; + return km_utils::kmError2ScopedAStatus(translateRkpErrorCode(err)); + } + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardRemotelyProvisionedComponentDevice::updateMacedKey( + const std::vector& keysToSign) { + for (auto& macedPublicKey : keysToSign) { + cppbor::Array array; + array.add(EncodedItem(macedPublicKey.macedKey)); + auto [_, err] = card_->sendRequest(Instruction::INS_UPDATE_KEY_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in updateMacedKey."; + return km_utils::kmError2ScopedAStatus(translateRkpErrorCode(err)); + } + } + return ScopedAStatus::ok(); +} + +ScopedAStatus +JavacardRemotelyProvisionedComponentDevice::updateChallenge(const std::vector& challenge) { + Array array; + array.add(challenge); + auto [_, err] = card_->sendRequest(Instruction::INS_UPDATE_CHALLENGE_CMD, array); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in updateChallenge."; + return km_utils::kmError2ScopedAStatus(translateRkpErrorCode(err)); + } + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardRemotelyProvisionedComponentDevice::updateEEK( + const std::vector& endpointEncCertChain) { + std::vector eekChain = endpointEncCertChain; + auto [_, err] = card_->sendRequest(Instruction::INS_UPDATE_EEK_CHAIN_CMD, eekChain); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in updateEEK."; + return km_utils::kmError2ScopedAStatus(translateRkpErrorCode(err)); + } + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardRemotelyProvisionedComponentDevice::finishSendData( + std::vector* keysToSignMac, DeviceInfo* deviceInfo, + std::vector& coseEncryptProtectedHeader, cppbor::Map& coseEncryptUnProtectedHeader, + std::vector& partialCipheredData, uint32_t& respFlag) { + + std::vector decodedKeysToSignMac; + std::vector decodedDeviceInfo; + auto [item, err] = card_->sendRequest(Instruction::INS_FINISH_SEND_DATA_CMD); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in finishSendData."; + return km_utils::kmError2ScopedAStatus(translateRkpErrorCode(err)); + } + if (!cbor_.getBinaryArray(item, 1, decodedKeysToSignMac) || + !cbor_.getBinaryArray(item, 2, decodedDeviceInfo) || + !cbor_.getBinaryArray(item, 3, coseEncryptProtectedHeader) || + !cbor_.getMapItem(item, 4, coseEncryptUnProtectedHeader) || + !cbor_.getBinaryArray(item, 5, partialCipheredData) || + !cbor_.getUint64(item, 6, respFlag)) { + LOG(ERROR) << "Error in decoding og response in finishSendData."; + return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR); + } + *keysToSignMac = decodedKeysToSignMac; + deviceInfo->deviceInfo = decodedDeviceInfo; + return ScopedAStatus::ok(); +} + +ScopedAStatus +JavacardRemotelyProvisionedComponentDevice::getResponse(std::vector& partialCipheredData, + cppbor::Array& recepientStructure, + uint32_t& respFlag) { + auto [item, err] = card_->sendRequest(Instruction::INS_GET_RESPONSE_CMD); + if (err != KM_ERROR_OK) { + LOG(ERROR) << "Error in getResponse."; + return km_utils::kmError2ScopedAStatus(translateRkpErrorCode(err)); + } + if (!cbor_.getBinaryArray(item, 1, partialCipheredData) || + !cbor_.getArrayItem(item, 2, recepientStructure) || !cbor_.getUint64(item, 3, respFlag)) { + LOG(ERROR) << "Error in decoding og response in getResponse."; + return km_utils::kmError2ScopedAStatus(KM_ERROR_UNKNOWN_ERROR); + } + return ScopedAStatus::ok(); +} + +ScopedAStatus JavacardRemotelyProvisionedComponentDevice::generateCertificateRequest( + bool testMode, const std::vector& keysToSign, + const std::vector& endpointEncCertChain, const std::vector& challenge, + DeviceInfo* deviceInfo, ProtectedData* protectedData, std::vector* keysToSignMac) { + std::vector coseEncryptProtectedHeader; + cppbor::Map coseEncryptUnProtectedHeader; + cppbor::Array recipients; + std::vector cipheredData; + uint32_t respFlag; + auto ret = beginSendData(testMode, keysToSign); + if (!ret.isOk()) return ret; + + ret = updateMacedKey(keysToSign); + if (!ret.isOk()) return ret; + + ret = updateChallenge(challenge); + if (!ret.isOk()) return ret; + + ret = updateEEK(endpointEncCertChain); + if (!ret.isOk()) return ret; + + ret = finishSendData(keysToSignMac, deviceInfo, coseEncryptProtectedHeader, + coseEncryptUnProtectedHeader, cipheredData, respFlag); + if (!ret.isOk()) return ret; + + while (respFlag != 0) { // more data is pending to receive + ret = getResponse(cipheredData, recipients, respFlag); + if (!ret.isOk()) return ret; + } + // Create ConseEncrypt structure. + protectedData->protectedData = cppbor::Array() + .add(coseEncryptProtectedHeader) // Protected + .add(std::move(coseEncryptUnProtectedHeader)) // Unprotected + .add(cipheredData) // Payload + .add(std::move(recipients)) + .encode(); + return ScopedAStatus::ok(); +} + +} // namespace aidl::android::hardware::security::keymint diff --git a/HAL/JavacardRemotelyProvisionedComponentDevice.h b/HAL/JavacardRemotelyProvisionedComponentDevice.h new file mode 100644 index 00000000..8e8ed6f1 --- /dev/null +++ b/HAL/JavacardRemotelyProvisionedComponentDevice.h @@ -0,0 +1,72 @@ +/* + * Copyright 2021, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include +#include +#include +#include + +#include "CborConverter.h" +#include "JavacardSecureElement.h" + +namespace aidl::android::hardware::security::keymint { +using namespace ::javacard_keymaster; +using ndk::ScopedAStatus; + +class JavacardRemotelyProvisionedComponentDevice : public BnRemotelyProvisionedComponent { + public: + explicit JavacardRemotelyProvisionedComponentDevice(shared_ptr card) + : card_(card) {} + + virtual ~JavacardRemotelyProvisionedComponentDevice() = default; + + ScopedAStatus getHardwareInfo(RpcHardwareInfo* info) override; + + ScopedAStatus generateEcdsaP256KeyPair(bool testMode, MacedPublicKey* macedPublicKey, + std::vector* privateKeyHandle) override; + + ScopedAStatus generateCertificateRequest(bool testMode, + const std::vector& keysToSign, + const std::vector& endpointEncCertChain, + const std::vector& challenge, + DeviceInfo* deviceInfo, ProtectedData* protectedData, + std::vector* keysToSignMac) override; + + private: + ScopedAStatus beginSendData(bool testMode, const std::vector& keysToSign); + + ScopedAStatus updateMacedKey(const std::vector& keysToSign); + + ScopedAStatus updateChallenge(const std::vector& challenge); + + ScopedAStatus updateEEK(const std::vector& endpointEncCertChain); + + ScopedAStatus finishSendData(std::vector* keysToSignMac, DeviceInfo* deviceInfo, + std::vector& coseEncryptProtectedHeader, + cppbor::Map& coseEncryptUnProtectedHeader, + std::vector& partialCipheredData, uint32_t& respFlag); + + ScopedAStatus getResponse(std::vector& partialCipheredData, + cppbor::Array& recepientStructure, uint32_t& respFlag); + std::shared_ptr card_; + CborConverter cbor_; +}; + +} // namespace aidl::android::hardware::security::keymint diff --git a/HAL/JavacardSecureElement.cpp b/HAL/JavacardSecureElement.cpp new file mode 100644 index 00000000..6059acfb --- /dev/null +++ b/HAL/JavacardSecureElement.cpp @@ -0,0 +1,166 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "JavacardSecureElement" +#include "JavacardSecureElement.h" +#include "KMUtils.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +namespace javacard_keymaster { + +using namespace ::keymaster; + +keymaster_error_t JavacardSecureElement::getP1(uint8_t* p1) { + switch (version_) { + case KmVersion::KEYMASTER_4: + case KmVersion::KEYMASTER_4_1: + *p1 = APDU_KEYMASTER_P1; + break; + case KmVersion::KEYMINT_1: + *p1 = APDU_KEYMINT_P1; + break; + default: + return KM_ERROR_UNIMPLEMENTED; + } + return KM_ERROR_OK; +} +keymaster_error_t JavacardSecureElement::initializeJavacard() { + if (!cardInitialized_) { + Array request; + request.add(Uint(osVersion_)); + request.add(Uint(osPatchLevel_)); + request.add(Uint(vendorPatchLevel_)); + auto [item, err] = sendRequest(Instruction::INS_INIT_STRONGBOX_CMD, request); + if (err != KM_ERROR_OK) { + return err; + } + cardInitialized_ = true; + } + return KM_ERROR_OK; +} + +keymaster_error_t JavacardSecureElement::constructApduMessage(Instruction& ins, + std::vector& inputData, + std::vector& apduOut) { + uint8_t p1; + auto err = getP1(&p1); + if (KM_ERROR_OK != err) { + return err; + } + apduOut.push_back(static_cast(APDU_CLS)); // CLS + apduOut.push_back(static_cast(ins)); // INS + apduOut.push_back(p1); // P1 + apduOut.push_back(static_cast(APDU_P2)); // P2 + + if (USHRT_MAX >= inputData.size()) { + // Send extended length APDU always as response size is not known to HAL. + // Case 1: Lc > 0 CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le + // all set to 00. Case 2: Lc = 0 CLS | INS | P1 | P2 | 3 bytes of Le all set to 00. + // Extended length 3 bytes, starts with 0x00 + apduOut.push_back(static_cast(0x00)); + if (inputData.size() > 0) { + apduOut.push_back(static_cast(inputData.size() >> 8)); + apduOut.push_back(static_cast(inputData.size() & 0xFF)); + // Data + apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); + } + // Expected length of output. + // Accepting complete length of output every time. + apduOut.push_back(static_cast(0x00)); + apduOut.push_back(static_cast(0x00)); + } else { + LOG(ERROR) << "Error in constructApduMessage."; + return (KM_ERROR_INVALID_INPUT_LENGTH); + } + return (KM_ERROR_OK); // success +} + +keymaster_error_t JavacardSecureElement::sendData(Instruction ins, std::vector& inData, + std::vector& response) { + keymaster_error_t ret = KM_ERROR_UNKNOWN_ERROR; + std::vector apdu; + + ret = constructApduMessage(ins, inData, apdu); + + if (ret != KM_ERROR_OK) { + return ret; + } + + if (!transport_->sendData(apdu, response)) { + LOG(ERROR) << "Error in sending data in sendData."; + return (KM_ERROR_SECURE_HW_COMMUNICATION_FAILED); + } + + // Response size should be greater than 2. Cbor output data followed by two bytes of APDU + // status. + if ((response.size() <= 2) || (getApduStatus(response) != APDU_RESP_STATUS_OK)) { + LOG(ERROR) << "Response of the sendData is wrong: response size = " << response.size() + << " apdu status = " << getApduStatus(response); + return (KM_ERROR_UNKNOWN_ERROR); + } + // remove the status bytes + response.pop_back(); + response.pop_back(); + return (KM_ERROR_OK); // success +} + +std::tuple, keymaster_error_t> +JavacardSecureElement::sendRequest(Instruction ins, Array& request) { + vector response; + // encode request + std::vector command = request.encode(); + auto sendError = sendData(ins, command, response); + if (sendError != KM_ERROR_OK) { + return {unique_ptr(nullptr), sendError}; + } + // decode the response and send that back + return cbor_.decodeData(response); +} + +std::tuple, keymaster_error_t> +JavacardSecureElement::sendRequest(Instruction ins, std::vector& command) { + vector response; + auto sendError = sendData(ins, command, response); + if (sendError != KM_ERROR_OK) { + return {unique_ptr(nullptr), sendError}; + } + // decode the response and send that back + return cbor_.decodeData(response); +} + +std::tuple, keymaster_error_t> +JavacardSecureElement::sendRequest(Instruction ins) { + vector response; + vector emptyRequest; + auto sendError = sendData(ins, emptyRequest, response); + if (sendError != KM_ERROR_OK) { + return {unique_ptr(nullptr), sendError}; + } + // decode the response and send that back + return cbor_.decodeData(response); +} + +} // namespace javacard_keymaster diff --git a/HAL/JavacardSecureElement.h b/HAL/JavacardSecureElement.h new file mode 100644 index 00000000..eb0cf4d6 --- /dev/null +++ b/HAL/JavacardSecureElement.h @@ -0,0 +1,127 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once +#include "CborConverter.h" +#include +#include +#include +#include + +#define APDU_CLS 0x80 +#define APDU_KEYMINT_P1 0x50 +#define APDU_KEYMASTER_P1 0x40 +#define APDU_P2 0x00 +#define APDU_RESP_STATUS_OK 0x9000 + +#define SE_POWER_RESET_STATUS_FLAG (1 << 30) + +#define KEYMINT_CMD_APDU_START 0x20 + +namespace javacard_keymaster { +using keymaster::KmVersion; +using std::optional; +using std::shared_ptr; +using std::vector; + +enum class Instruction { + // Keymaster commands + INS_GENERATE_KEY_CMD = KEYMINT_CMD_APDU_START + 1, + INS_IMPORT_KEY_CMD = KEYMINT_CMD_APDU_START + 2, + INS_IMPORT_WRAPPED_KEY_CMD = KEYMINT_CMD_APDU_START + 3, + INS_EXPORT_KEY_CMD = KEYMINT_CMD_APDU_START + 4, + INS_ATTEST_KEY_CMD = KEYMINT_CMD_APDU_START + 5, + INS_UPGRADE_KEY_CMD = KEYMINT_CMD_APDU_START + 6, + INS_DELETE_KEY_CMD = KEYMINT_CMD_APDU_START + 7, + INS_DELETE_ALL_KEYS_CMD = KEYMINT_CMD_APDU_START + 8, + INS_ADD_RNG_ENTROPY_CMD = KEYMINT_CMD_APDU_START + 9, + INS_COMPUTE_SHARED_SECRET_CMD = KEYMINT_CMD_APDU_START + 10, + INS_DESTROY_ATT_IDS_CMD = KEYMINT_CMD_APDU_START + 11, + INS_VERIFY_AUTHORIZATION_CMD = KEYMINT_CMD_APDU_START + 12, + INS_GET_SHARED_SECRET_PARAM_CMD = KEYMINT_CMD_APDU_START + 13, + INS_GET_KEY_CHARACTERISTICS_CMD = KEYMINT_CMD_APDU_START + 14, + INS_GET_HW_INFO_CMD = KEYMINT_CMD_APDU_START + 15, + INS_BEGIN_OPERATION_CMD = KEYMINT_CMD_APDU_START + 16, + INS_UPDATE_OPERATION_CMD = KEYMINT_CMD_APDU_START + 17, + INS_FINISH_OPERATION_CMD = KEYMINT_CMD_APDU_START + 18, + INS_ABORT_OPERATION_CMD = KEYMINT_CMD_APDU_START + 19, + INS_DEVICE_LOCKED_CMD = KEYMINT_CMD_APDU_START + 20, + INS_EARLY_BOOT_ENDED_CMD = KEYMINT_CMD_APDU_START + 21, + INS_GET_CERT_CHAIN_CMD = KEYMINT_CMD_APDU_START + 22, + INS_UPDATE_AAD_OPERATION_CMD = KEYMINT_CMD_APDU_START + 23, + INS_BEGIN_IMPORT_WRAPPED_KEY_CMD = KEYMINT_CMD_APDU_START + 24, + INS_FINISH_IMPORT_WRAPPED_KEY_CMD = KEYMINT_CMD_APDU_START + 25, + INS_INIT_STRONGBOX_CMD = KEYMINT_CMD_APDU_START + 26, + // RKP Commands + INS_GET_RKP_HARDWARE_INFO = KEYMINT_CMD_APDU_START + 27, + INS_GENERATE_RKP_KEY_CMD = KEYMINT_CMD_APDU_START + 28, + INS_BEGIN_SEND_DATA_CMD = KEYMINT_CMD_APDU_START + 29, + INS_UPDATE_KEY_CMD = KEYMINT_CMD_APDU_START + 30, + INS_UPDATE_EEK_CHAIN_CMD = KEYMINT_CMD_APDU_START + 31, + INS_UPDATE_CHALLENGE_CMD = KEYMINT_CMD_APDU_START + 32, + INS_FINISH_SEND_DATA_CMD = KEYMINT_CMD_APDU_START + 33, + INS_GET_RESPONSE_CMD = KEYMINT_CMD_APDU_START + 34, +}; + +class IJavacardSeResetListener { + public: + virtual ~IJavacardSeResetListener(){}; + virtual void seResetEvent() = 0; +}; + +class JavacardSecureElement { + public: + explicit JavacardSecureElement(KmVersion version, shared_ptr transport, + uint32_t osVersion, uint32_t osPatchLevel, + uint32_t vendorPatchLevel) + : version_(version), transport_(transport), osVersion_(osVersion), + osPatchLevel_(osPatchLevel), vendorPatchLevel_(vendorPatchLevel), + cardInitialized_(false) { + transport_->openConnection(); + } + virtual ~JavacardSecureElement() { transport_->closeConnection(); } + + std::tuple, keymaster_error_t> sendRequest(Instruction ins, + Array& request); + std::tuple, keymaster_error_t> sendRequest(Instruction ins); + std::tuple, keymaster_error_t> sendRequest(Instruction ins, + std::vector& command); + + keymaster_error_t sendData(Instruction ins, std::vector& inData, + std::vector& response); + + keymaster_error_t constructApduMessage(Instruction& ins, std::vector& inputData, + std::vector& apduOut); + keymaster_error_t initializeJavacard(); + inline uint16_t getApduStatus(std::vector& inputData) { + // Last two bytes are the status SW0SW1 + uint8_t SW0 = inputData.at(inputData.size() - 2); + uint8_t SW1 = inputData.at(inputData.size() - 1); + return (SW0 << 8 | SW1); + } + + private: + keymaster_error_t getP1(uint8_t* p1); + + KmVersion version_; + shared_ptr transport_; + uint32_t osVersion_; + uint32_t osPatchLevel_; + uint32_t vendorPatchLevel_; + bool cardInitialized_; + CborConverter cbor_; +}; +} // namespace javacard_keymaster diff --git a/HAL/JavacardSharedSecret.cpp b/HAL/JavacardSharedSecret.cpp new file mode 100644 index 00000000..f2555a80 --- /dev/null +++ b/HAL/JavacardSharedSecret.cpp @@ -0,0 +1,31 @@ +#define LOG_TAG "javacard.strongbox.keymint.operation-impl" +#include "JavacardSharedSecret.h" +#include +#include + +namespace aidl::android::hardware::security::sharedsecret { +using aidl::android::hardware::security::keymint::km_utils::kmError2ScopedAStatus; +using ndk::ScopedAStatus; +using std::optional; +using std::shared_ptr; +using std::vector; + +ScopedAStatus JavacardSharedSecret::getSharedSecretParameters(SharedSecretParameters* params) { + auto err = jcImpl_->getHmacSharingParameters(¶ms->seed, ¶ms->nonce); + return kmError2ScopedAStatus(err); +} + +ScopedAStatus +JavacardSharedSecret::computeSharedSecret(const std::vector& params, + std::vector* secret) { + + vector<::javacard_keymaster::HmacSharingParameters> reqParams(params.size()); + for (size_t i = 0; i < params.size(); i++) { + reqParams[i].seed = params[i].seed; + reqParams[i].nonce = params[i].nonce; + } + auto err = jcImpl_->computeSharedHmac(reqParams, secret); + return kmError2ScopedAStatus(err); +} + +} // namespace aidl::android::hardware::security::sharedsecret diff --git a/HAL/JavacardSharedSecret.h b/HAL/JavacardSharedSecret.h new file mode 100644 index 00000000..de965732 --- /dev/null +++ b/HAL/JavacardSharedSecret.h @@ -0,0 +1,30 @@ +#pragma once + +#include +#include +#include +#include +#include + +namespace aidl::android::hardware::security::sharedsecret { +using namespace ::javacard_keymaster; +using ndk::ScopedAStatus; +using std::optional; +using std::shared_ptr; +using std::vector; + +class JavacardSharedSecret : public BnSharedSecret { + public: + explicit JavacardSharedSecret(shared_ptr jcImpl) : jcImpl_(jcImpl) {} + virtual ~JavacardSharedSecret() {} + + ScopedAStatus getSharedSecretParameters(SharedSecretParameters* params) override; + + ScopedAStatus computeSharedSecret(const std::vector& params, + std::vector* secret) override; + + private: + const shared_ptr jcImpl_; +}; + +} // namespace aidl::android::hardware::security::sharedsecret diff --git a/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp b/HAL/JavacardSoftKeymasterContext.cpp similarity index 58% rename from HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp rename to HAL/JavacardSoftKeymasterContext.cpp index bbdfba28..c1abf46f 100644 --- a/HAL/keymaster/4.1/JavacardSoftKeymasterContext.cpp +++ b/HAL/JavacardSoftKeymasterContext.cpp @@ -14,52 +14,59 @@ * limitations under the License. */ -#include -#include -#include -#include -#include -#include +#include +#include +#include +#include #include -#include -#include #include +#include +#include #include -#include -#include -#include +#include +#include +#include +#include +#include +#include using std::unique_ptr; -using ::keymaster::V4_1::javacard::KmParamSet; namespace keymaster { +namespace V4_1 { +namespace javacard { + +using namespace ::javacard_keymaster; +constexpr int kKeyblobPubKeyOffset = 4; +constexpr int kKeyblobKeyCharsOffset = 3; +using ::keymaster::PureSoftKeymasterContext; -JavaCardSoftKeymasterContext::JavaCardSoftKeymasterContext(keymaster_security_level_t security_level) +JavaCardSoftKeymasterContext::JavaCardSoftKeymasterContext( + keymaster_security_level_t security_level) : PureSoftKeymasterContext(KmVersion::KEYMASTER_4_1, security_level) {} JavaCardSoftKeymasterContext::~JavaCardSoftKeymasterContext() {} EVP_PKEY* RSA_fromMaterial(const uint8_t* modulus, size_t mod_size) { - BIGNUM *n = BN_bin2bn(modulus, mod_size, NULL); - BIGNUM *e = BN_new();//bignum_decode(exp, 5); + BIGNUM* n = BN_bin2bn(modulus, mod_size, NULL); + BIGNUM* e = BN_new(); // bignum_decode(exp, 5); char exp[] = "65537"; BN_dec2bn(&e, exp); - if (!n || !e) - return NULL; - - if (e && n) { - EVP_PKEY* pRsaKey = EVP_PKEY_new(); - RSA* rsa = RSA_new(); - rsa->e = e; - rsa->n = n; - EVP_PKEY_assign_RSA(pRsaKey, rsa); - return pRsaKey; - } else { - if (n) BN_free(n); - if (e) BN_free(e); - return NULL; - } + if (!n || !e) return NULL; + + if (e && n) { + EVP_PKEY* pRsaKey = EVP_PKEY_new(); + RSA* rsa = RSA_new(); + rsa->e = e; + rsa->n = n; + EVP_PKEY_assign_RSA(pRsaKey, rsa); + return pRsaKey; + } else { + if (n) BN_free(n); + if (e) BN_free(e); + return NULL; + } } EC_GROUP* ChooseGroup(keymaster_ec_curve_t ec_curve) { @@ -83,24 +90,26 @@ EC_GROUP* ChooseGroup(keymaster_ec_curve_t ec_curve) { } EVP_PKEY* EC_fromMaterial(const uint8_t* pub_key, size_t key_size, keymaster_ec_curve_t ec_curve) { - - EC_GROUP *ec_group = ChooseGroup(ec_curve); - EC_POINT *p = EC_POINT_new(ec_group); - EC_KEY *ec_key = EC_KEY_new(); - EVP_PKEY *pEcKey = EVP_PKEY_new(); - - if((EC_KEY_set_group(ec_key, ec_group) != 1) || (EC_POINT_oct2point(ec_group, p, pub_key, key_size, NULL) != 1) - || (EC_KEY_set_public_key(ec_key, p) != 1) || (EVP_PKEY_set1_EC_KEY(pEcKey, ec_key) != 1)) { + + EC_GROUP* ec_group = ChooseGroup(ec_curve); + EC_POINT* p = EC_POINT_new(ec_group); + EC_KEY* ec_key = EC_KEY_new(); + EVP_PKEY* pEcKey = EVP_PKEY_new(); + + if ((EC_KEY_set_group(ec_key, ec_group) != 1) || + (EC_POINT_oct2point(ec_group, p, pub_key, key_size, NULL) != 1) || + (EC_KEY_set_public_key(ec_key, p) != 1) || (EVP_PKEY_set1_EC_KEY(pEcKey, ec_key) != 1)) { return NULL; } return pEcKey; } -keymaster_error_t JavaCardSoftKeymasterContext::LoadKey(const keymaster_algorithm_t algorithm, KeymasterKeyBlob&& key_material, - AuthorizationSet&& hw_enforced, - AuthorizationSet&& sw_enforced, - UniquePtr* key) const { +keymaster_error_t JavaCardSoftKeymasterContext::LoadKey(const keymaster_algorithm_t algorithm, + KeymasterKeyBlob&& key_material, + AuthorizationSet&& hw_enforced, + AuthorizationSet&& sw_enforced, + UniquePtr* key) const { auto factory = (AsymmetricKeyFactory*)GetKeyFactory(algorithm); UniquePtr asym_key; keymaster_error_t error = KM_ERROR_OK; @@ -108,30 +117,27 @@ keymaster_error_t JavaCardSoftKeymasterContext::LoadKey(const keymaster_algorith const size_t temp_size = key_material.key_material_size; EVP_PKEY* pkey = NULL; - if(algorithm == KM_ALGORITHM_RSA) { + if (algorithm == KM_ALGORITHM_RSA) { pkey = RSA_fromMaterial(tmp, temp_size); - } else if(algorithm == KM_ALGORITHM_EC) { + } else if (algorithm == KM_ALGORITHM_EC) { keymaster_ec_curve_t ec_curve; uint32_t keySize; if (!hw_enforced.GetTagValue(TAG_EC_CURVE, &ec_curve) && !sw_enforced.GetTagValue(TAG_EC_CURVE, &ec_curve)) { - if(!hw_enforced.GetTagValue(TAG_KEY_SIZE, &keySize) && + if (!hw_enforced.GetTagValue(TAG_KEY_SIZE, &keySize) && !sw_enforced.GetTagValue(TAG_KEY_SIZE, &keySize)) { return KM_ERROR_INVALID_ARGUMENT; } error = EcKeySizeToCurve(keySize, &ec_curve); - if(error != KM_ERROR_OK) - return error; + if (error != KM_ERROR_OK) return error; } pkey = EC_fromMaterial(tmp, temp_size, ec_curve); } - if (!pkey) - return TranslateLastOpenSslError(); + if (!pkey) return TranslateLastOpenSslError(); UniquePtr pkey_deleter(pkey); error = factory->CreateEmptyKey(move(hw_enforced), move(sw_enforced), &asym_key); - if (error != KM_ERROR_OK) - return error; + if (error != KM_ERROR_OK) return error; asym_key->key_material() = move(key_material); if (!asym_key->EvpToInternal(pkey)) @@ -142,25 +148,27 @@ keymaster_error_t JavaCardSoftKeymasterContext::LoadKey(const keymaster_algorith return error; } -keymaster_error_t JavaCardSoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob, - const AuthorizationSet& /*additional_params*/, - UniquePtr* key) const { +keymaster_error_t +JavaCardSoftKeymasterContext::ParseKeyBlob(const KeymasterKeyBlob& blob, + const AuthorizationSet& /*additional_params*/, + UniquePtr* key) const { - // The JavaCardSoftKeymasterContext handle a key blob generated by JavaCard keymaster for public key operations. + // The JavaCardSoftKeymasterContext handle a key blob generated by JavaCard keymaster for public + // key operations. // - // 1. A JavaCard keymaster key blob is a CborEncoded data of Secret, Nonce, AuthTag, KeyCharectristics and Public key. + // 1. A JavaCard keymaster key blob is a CborEncoded data of Secret, Nonce, AuthTag, + // KeyCharectristics and Public key. // Here in public key operation we need only KeyCharectristics and Public key. // Once these values extracted Public key is created based on parameters and returned. // - AuthorizationSet hw_enforced; AuthorizationSet sw_enforced; KeymasterKeyBlob key_material; keymaster_error_t error = KM_ERROR_OK; - auto constructKey = [&, this] () mutable -> keymaster_error_t { + auto constructKey = [&, this]() mutable -> keymaster_error_t { keymaster_algorithm_t algorithm; - if(error != KM_ERROR_OK) { + if (error != KM_ERROR_OK) { return error; } if (!hw_enforced.GetTagValue(TAG_ALGORITHM, &algorithm) && @@ -171,34 +179,28 @@ keymaster_error_t JavaCardSoftKeymasterContext::ParseKeyBlob(const KeymasterKeyB if (algorithm != KM_ALGORITHM_RSA && algorithm != KM_ALGORITHM_EC) { return KM_ERROR_INCOMPATIBLE_ALGORITHM; } - error = LoadKey(algorithm, move(key_material), move(hw_enforced), - move(sw_enforced), key); + error = LoadKey(algorithm, move(key_material), move(hw_enforced), move(sw_enforced), key); return error; }; - - CborConverter cc; - std::unique_ptr item; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - std::vector cborKey(blob.key_material_size); - - for(size_t i = 0; i < blob.key_material_size; i++) { - cborKey[i] = blob.key_material[i]; - } - std::tie(item, errorCode) = cc.decodeData(cborKey, false); + CborConverter cbor_; + auto [item, _] = cbor_.decodeKeyblob(std::vector(blob.begin(), blob.end())); if (item != nullptr) { - std::vector temp(0); - if(cc.getBinaryArray(item, 4, temp)) { - key_material = {temp.data(), temp.size()}; - temp.clear(); + std::vector pubKey; + AuthorizationSet _; + // Read public key from keyblob. For symmetric keys the data + // will be empty so ignore the error. + if (cbor_.getBinaryArray(item, kKeyblobPubKeyOffset, pubKey)) { + key_material = {pubKey.data(), pubKey.size()}; } - KeyCharacteristics keyCharacteristics; - cc.getKeyCharacteristics(item, 3, keyCharacteristics); - - sw_enforced.Reinitialize(KmParamSet(keyCharacteristics.softwareEnforced)); - hw_enforced.Reinitialize(KmParamSet(keyCharacteristics.hardwareEnforced)); - } else { - error = KM_ERROR_INVALID_KEY_BLOB; + if (!cbor_.getKeyCharacteristics(item, kKeyblobKeyCharsOffset, sw_enforced, hw_enforced, + _)) { + return KM_ERROR_INVALID_KEY_BLOB; + } + return constructKey(); } - return constructKey(); + return KM_ERROR_INVALID_KEY_BLOB; } + +} // namespace javacard +} // namespace V4_1 } // namespace keymaster diff --git a/HAL/keymaster/include/JavacardSoftKeymasterContext.h b/HAL/JavacardSoftKeymasterContext.h similarity index 68% rename from HAL/keymaster/include/JavacardSoftKeymasterContext.h rename to HAL/JavacardSoftKeymasterContext.h index 8cdeab92..4655a121 100644 --- a/HAL/keymaster/include/JavacardSoftKeymasterContext.h +++ b/HAL/JavacardSoftKeymasterContext.h @@ -13,27 +13,24 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - -#ifndef SYSTEM_KEYMASTER_JAVA_CARD_SOFT_KEYMASTER_CONTEXT_H_ -#define SYSTEM_KEYMASTER_JAVA_CARD_SOFT_KEYMASTER_CONTEXT_H_ - +#pragma once #include #include + namespace keymaster { +namespace V4_1 { +namespace javacard { -class SoftKeymasterKeyRegistrations; -class Keymaster0Engine; -class Keymaster1Engine; -class Key; +using namespace ::keymaster; /** * SoftKeymasterContext provides the context for a non-secure implementation of AndroidKeymaster. */ -class JavaCardSoftKeymasterContext : public keymaster::PureSoftKeymasterContext { - keymaster_error_t LoadKey(const keymaster_algorithm_t algorithm, KeymasterKeyBlob&& key_material, - AuthorizationSet&& hw_enforced, - AuthorizationSet&& sw_enforced, - UniquePtr* key) const; +class JavaCardSoftKeymasterContext : public ::keymaster::PureSoftKeymasterContext { + keymaster_error_t LoadKey(const keymaster_algorithm_t algorithm, + KeymasterKeyBlob&& key_material, AuthorizationSet&& hw_enforced, + AuthorizationSet&& sw_enforced, UniquePtr* key) const; + public: // Security level must only be used for testing. explicit JavaCardSoftKeymasterContext( @@ -43,9 +40,8 @@ class JavaCardSoftKeymasterContext : public keymaster::PureSoftKeymasterContext keymaster_error_t ParseKeyBlob(const KeymasterKeyBlob& blob, const AuthorizationSet& additional_params, UniquePtr* key) const override; - }; +} // namespace javacard +} // namespace V4_1 } // namespace keymaster - -#endif // SYSTEM_KEYMASTER_PURE_SOFT_KEYMASTER_CONTEXT_H_ diff --git a/HAL/KMUtils.cpp b/HAL/KMUtils.cpp new file mode 100644 index 00000000..a219c412 --- /dev/null +++ b/HAL/KMUtils.cpp @@ -0,0 +1,227 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include +#include +#include +#include +#include + +#define TAG_SEQUENCE 0x30 +#define LENGTH_MASK 0x80 +#define LENGTH_VALUE_MASK 0x7F + +namespace javacard_keymaster { +namespace { + +constexpr char kPlatformVersionProp[] = "ro.build.version.release"; +constexpr char kPlatformVersionRegex[] = "^([0-9]{1,2})(\\.([0-9]{1,2}))?(\\.([0-9]{1,2}))?"; +constexpr size_t kMajorVersionMatch = 1; +constexpr size_t kMinorVersionMatch = 3; +constexpr size_t kSubminorVersionMatch = 5; +constexpr size_t kPlatformVersionMatchCount = kSubminorVersionMatch + 1; + +constexpr char kPlatformPatchlevelProp[] = "ro.build.version.security_patch"; +constexpr char kVendorPatchlevelProp[] = "ro.vendor.build.security_patch"; +constexpr char kPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-([0-9]{2})$"; +constexpr size_t kYearMatch = 1; +constexpr size_t kMonthMatch = 2; +constexpr size_t kDayMatch = 3; +constexpr size_t kPatchlevelMatchCount = kDayMatch + 1; + +uint32_t match_to_uint32(const char* expression, const regmatch_t& match) { + if (match.rm_so == -1) return 0; + + size_t len = match.rm_eo - match.rm_so; + std::string s(expression + match.rm_so, len); + return std::stoul(s); +} + +std::string wait_and_get_property(const char* prop) { + std::string prop_value; + while (!::android::base::WaitForPropertyCreation(prop)) + ; + prop_value = ::android::base::GetProperty(prop, "" /* default */); + return prop_value; +} + +uint32_t getOsVersion(const char* version_str) { + regex_t regex; + if (regcomp(®ex, kPlatformVersionRegex, REG_EXTENDED)) { + return 0; + } + + regmatch_t matches[kPlatformVersionMatchCount]; + int not_match = + regexec(®ex, version_str, kPlatformVersionMatchCount, matches, 0 /* flags */); + regfree(®ex); + if (not_match) { + return 0; + } + + uint32_t major = match_to_uint32(version_str, matches[kMajorVersionMatch]); + uint32_t minor = match_to_uint32(version_str, matches[kMinorVersionMatch]); + uint32_t subminor = match_to_uint32(version_str, matches[kSubminorVersionMatch]); + + return (major * 100 + minor) * 100 + subminor; +} + +enum class PatchlevelOutput { kYearMonthDay, kYearMonth }; + +uint32_t getPatchlevel(const char* patchlevel_str, PatchlevelOutput detail) { + regex_t regex; + if (regcomp(®ex, kPatchlevelRegex, REG_EXTENDED) != 0) { + return 0; + } + + regmatch_t matches[kPatchlevelMatchCount]; + int not_match = regexec(®ex, patchlevel_str, kPatchlevelMatchCount, matches, 0 /* flags */); + regfree(®ex); + if (not_match) { + return 0; + } + + uint32_t year = match_to_uint32(patchlevel_str, matches[kYearMatch]); + uint32_t month = match_to_uint32(patchlevel_str, matches[kMonthMatch]); + + if (month < 1 || month > 12) { + return 0; + } + + switch (detail) { + case PatchlevelOutput::kYearMonthDay: { + uint32_t day = match_to_uint32(patchlevel_str, matches[kDayMatch]); + if (day < 1 || day > 31) { + return 0; + } + return year * 10000 + month * 100 + day; + } + case PatchlevelOutput::kYearMonth: + return year * 100 + month; + } +} + +} // anonymous namespace + +// TODO Can we move it to JavacardSecureElement class +keymaster_error_t translateExtendedErrorsToHalErrors(keymaster_error_t errorCode) { + keymaster_error_t err = errorCode; + switch (static_cast(errorCode)) { + case SW_CONDITIONS_NOT_SATISFIED: + case UNSUPPORTED_CLA: + case INVALID_P1P2: + case INVALID_DATA: + case CRYPTO_ILLEGAL_USE: + case CRYPTO_ILLEGAL_VALUE: + case CRYPTO_INVALID_INIT: + case CRYPTO_UNINITIALIZED_KEY: + case GENERIC_UNKNOWN_ERROR: + LOG(ERROR) << "translateExtendedErrorsToHalErrors SE error: " << (int32_t)errorCode; + err = KM_ERROR_UNKNOWN_ERROR; + break; + case CRYPTO_NO_SUCH_ALGORITHM: + LOG(ERROR) << "translateExtendedErrorsToHalErrors SE error: " << (int32_t)errorCode; + err = KM_ERROR_UNSUPPORTED_ALGORITHM; + break; + case UNSUPPORTED_INSTRUCTION: + case CMD_NOT_ALLOWED: + case SW_WRONG_LENGTH: + LOG(ERROR) << "translateExtendedErrorsToHalErrors SE error: " << (int32_t)errorCode; + err = KM_ERROR_UNIMPLEMENTED; + break; + case PUBLIC_KEY_OPERATION: + // This error is handled inside keymaster + LOG(ERROR) << "translateExtendedErrorsToHalErrors SE error: " << (int32_t)errorCode; + break; + default: + break; + } + return err; +} + +uint32_t getOsVersion() { + std::string version = wait_and_get_property(kPlatformVersionProp); + return getOsVersion(version.c_str()); +} + +uint32_t getOsPatchlevel() { + std::string patchlevel = wait_and_get_property(kPlatformPatchlevelProp); + return getPatchlevel(patchlevel.c_str(), PatchlevelOutput::kYearMonth); +} + +uint32_t getVendorPatchlevel() { + std::string patchlevel = wait_and_get_property(kVendorPatchlevelProp); + return getPatchlevel(patchlevel.c_str(), PatchlevelOutput::kYearMonthDay); +} + +keymaster_error_t getCertificateChain(std::vector& chainBuffer, + std::vector>& certChain) { + uint8_t* data = chainBuffer.data(); + int index = 0; + uint32_t length = 0; + while (index < chainBuffer.size()) { + std::vector temp; + if (data[index] == TAG_SEQUENCE) { + // read next byte + if (0 == (data[index + 1] & LENGTH_MASK)) { + length = (uint32_t)data[index]; + // Add SEQ and Length fields + length += 2; + } else { + int additionalBytes = data[index + 1] & LENGTH_VALUE_MASK; + if (additionalBytes == 0x01) { + length = data[index + 2]; + // Add SEQ and Length fields + length += 3; + } else if (additionalBytes == 0x02) { + length = (data[index + 2] << 8 | data[index + 3]); + // Add SEQ and Length fields + length += 4; + } else if (additionalBytes == 0x04) { + length = data[index + 2] << 24; + length |= data[index + 3] << 16; + length |= data[index + 4] << 8; + length |= data[index + 5]; + // Add SEQ and Length fields + length += 6; + } else { + // Length is larger than uint32_t max limit. + return KM_ERROR_UNKNOWN_ERROR; + } + } + temp.insert(temp.end(), (data + index), (data + index + length)); + index += length; + + certChain.push_back(std::move(temp)); + } else { + // SEQUENCE TAG MISSING. + return KM_ERROR_UNKNOWN_ERROR; + } + } + return KM_ERROR_OK; +} + +void addCreationTime(AuthorizationSet& paramSet) { + if (!paramSet.Contains(KM_TAG_CREATION_DATETIME) && + !paramSet.Contains(KM_TAG_ACTIVE_DATETIME)) { + keymaster_key_param_t dateTime; + dateTime.tag = KM_TAG_CREATION_DATETIME; + dateTime.date_time = java_time(time(nullptr)); + paramSet.push_back(dateTime); + } +} + +} // namespace javacard_keymaster diff --git a/HAL/KMUtils.h b/HAL/KMUtils.h new file mode 100644 index 00000000..05b7502f --- /dev/null +++ b/HAL/KMUtils.h @@ -0,0 +1,74 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include +#include +#include + +namespace javacard_keymaster { +using namespace ::keymaster; +using std::vector; + +// Extended error codes +enum ExtendedErrors { + SW_CONDITIONS_NOT_SATISFIED = -10001, + UNSUPPORTED_CLA = -10002, + INVALID_P1P2 = -10003, + UNSUPPORTED_INSTRUCTION = -10004, + CMD_NOT_ALLOWED = -10005, + SW_WRONG_LENGTH = -10006, + INVALID_DATA = -10007, + CRYPTO_ILLEGAL_USE = -10008, + CRYPTO_ILLEGAL_VALUE = -10009, + CRYPTO_INVALID_INIT = -10010, + CRYPTO_NO_SUCH_ALGORITHM = -10011, + CRYPTO_UNINITIALIZED_KEY = -10012, + GENERIC_UNKNOWN_ERROR = -10013, + PUBLIC_KEY_OPERATION = -10014, +}; + +inline static std::vector blob2vector(const uint8_t* data, const size_t length) { + std::vector result(data, data + length); + return result; +} + +inline static std::vector blob2vector(const std::string& value) { + vector result(reinterpret_cast(value.data()), + reinterpret_cast(value.data()) + value.size()); + return result; +} + +inline void blob2Vec(const uint8_t* from, size_t size, std::vector& to) { + for (size_t i = 0; i < size; ++i) { + to.push_back(from[i]); + } +} + +// HardwareAuthToken vector2AuthToken(const vector& buffer); +// vector authToken2vector(const HardwareAuthToken& token); +keymaster_error_t translateExtendedErrorsToHalErrors(keymaster_error_t errorCode); +uint32_t getOsVersion(); +uint32_t getOsPatchlevel(); +uint32_t getVendorPatchlevel(); +void addCreationTime(AuthorizationSet& paramSet); + +keymaster_error_t getCertificateChain(std::vector& chainBuffer, + std::vector>& certChain); +} // namespace javacard_keymaster diff --git a/HAL/README.md b/HAL/README.md deleted file mode 100644 index 38e3309a..00000000 --- a/HAL/README.md +++ /dev/null @@ -1,7 +0,0 @@ -# JavaCardKeymaster HAL - -This directory contains the implementation of the Keymaster 4.1 -Hardware Abstraction Layer (HAL) interface, implemented as a Linux -binary which runs as a standalone process mediating between Keystore -(the Keymaster client) and the Applet running on a JavaCard secure -element. diff --git a/HAL/keymaster/4.1/SocketTransport.cpp b/HAL/SocketTransport.cpp similarity index 50% rename from HAL/keymaster/4.1/SocketTransport.cpp rename to HAL/SocketTransport.cpp index e060262f..599dad39 100644 --- a/HAL/keymaster/4.1/SocketTransport.cpp +++ b/HAL/SocketTransport.cpp @@ -14,102 +14,94 @@ ** See the License for the specific language governing permissions and ** limitations under the License. */ -#include -#include +#include "SocketTransport.h" +#include "ITransport.h" #include -#include -#include "Transport.h" +#include #include +#include +#include +#include -#define PORT 8080 -#define IPADDR "192.168.0.29" -//#define IPADDR "192.168.0.5" +#define PORT 8080 +#define IPADDR "192.168.7.239" #define MAX_RECV_BUFFER_SIZE 2500 -namespace se_transport { +namespace javacard_keymaster { +using std::shared_ptr; +using std::vector; bool SocketTransport::openConnection() { - struct sockaddr_in serv_addr; - - if(mSocketStatus){ - closeConnection(); - } - - if ((mSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0) - { - LOG(ERROR) << "Socket creation failed" << " Error: "<& output) { +bool SocketTransport::sendData(const vector& inData, vector& output) { uint8_t buffer[MAX_RECV_BUFFER_SIZE]; int count = 1; - bool sendStatus = false; - while(!mSocketStatus && count++ < 5 ) { + while (!socketStatus && count++ < 5) { sleep(1); LOG(ERROR) << "Trying to open socket connection... count: " << count; openConnection(); } - if(count >= 5) { + if (count >= 5) { LOG(ERROR) << "Failed to open socket connection"; - closeConnection(); return false; } - if (send(mSocket, inData, inLen , 0)< 0) { + if (0 > send(mSocket, inData.data(), inData.size(), 0)) { static int connectionResetCnt = 0; /* To avoid loop */ if (ECONNRESET == errno && connectionResetCnt == 0) { - //Connection reset. Try open socket and then sendData. - closeConnection(); + // Connection reset. Try open socket and then sendData. + socketStatus = false; connectionResetCnt++; - sendStatus = sendData(inData, inLen, output); - return sendStatus; + return sendData(inData, output); } LOG(ERROR) << "Failed to send data over socket err: " << errno; connectionResetCnt = 0; return false; } - ssize_t valRead = read( mSocket , buffer, MAX_RECV_BUFFER_SIZE); - if(0 > valRead) { + + ssize_t valRead = read(mSocket, buffer, MAX_RECV_BUFFER_SIZE); + if (0 > valRead) { LOG(ERROR) << "Failed to read data from socket."; } - for(size_t i = 0; i < valRead; i++) { + for (size_t i = 0; i < valRead; i++) { output.push_back(buffer[i]); } return true; } bool SocketTransport::closeConnection() { - if(mSocketStatus) - close(mSocket); - mSocketStatus = false; + close(mSocket); + socketStatus = false; return true; } bool SocketTransport::isConnected() { - return mSocketStatus; + return socketStatus; } -} +} // namespace javacard_keymaster diff --git a/HAL/SocketTransport.h b/HAL/SocketTransport.h new file mode 100644 index 00000000..9b9db63b --- /dev/null +++ b/HAL/SocketTransport.h @@ -0,0 +1,55 @@ +/* + ** + ** Copyright 2020, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#pragma once +#include "ITransport.h" +#include +#include + +namespace javacard_keymaster { +using std::shared_ptr; +using std::vector; + +class SocketTransport : public ITransport { + + public: + SocketTransport() : mSocket(-1), socketStatus(false) {} + /** + * Creates a socket instance and connects to the provided server IP and port. + */ + bool openConnection() override; + /** + * Sends data over socket and receives data back. + */ + bool sendData(const vector& inData, vector& output) override; + /** + * Closes the connection. + */ + bool closeConnection() override; + /** + * Returns the state of the connection status. Returns true if the connection is active, + * false if connection is broken. + */ + bool isConnected() override; + + private: + /** + * Socket instance. + */ + int mSocket; + bool socketStatus; +}; +} // namespace javacard_keymaster diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc b/HAL/android.hardware.keymaster@4.1-strongbox.service.rc similarity index 100% rename from HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.rc rename to HAL/android.hardware.keymaster@4.1-strongbox.service.rc diff --git a/HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.xml b/HAL/android.hardware.keymaster@4.1-strongbox.service.xml similarity index 100% rename from HAL/keymaster/4.1/android.hardware.keymaster@4.1-strongbox.service.xml rename to HAL/android.hardware.keymaster@4.1-strongbox.service.xml diff --git a/HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml b/HAL/android.hardware.keymaster_strongbox_keystore.xml similarity index 100% rename from HAL/keymaster/4.1/android.hardware.strongbox_keystore.xml rename to HAL/android.hardware.keymaster_strongbox_keystore.xml diff --git a/HAL/android.hardware.security.keymint-service.strongbox.rc b/HAL/android.hardware.security.keymint-service.strongbox.rc new file mode 100644 index 00000000..9419c350 --- /dev/null +++ b/HAL/android.hardware.security.keymint-service.strongbox.rc @@ -0,0 +1,3 @@ +service vendor.keymint-strongbox /vendor/bin/hw/android.hardware.security.keymint-service.strongbox + class early_hal + user nobody diff --git a/HAL/android.hardware.security.keymint-service.strongbox.xml b/HAL/android.hardware.security.keymint-service.strongbox.xml new file mode 100644 index 00000000..0631f129 --- /dev/null +++ b/HAL/android.hardware.security.keymint-service.strongbox.xml @@ -0,0 +1,10 @@ + + + android.hardware.security.keymint + IKeyMintDevice/strongbox + + + android.hardware.security.keymint + IRemotelyProvisionedComponent/strongbox + + diff --git a/HAL/android.hardware.security.sharedsecret-service.strongbox.xml b/HAL/android.hardware.security.sharedsecret-service.strongbox.xml new file mode 100644 index 00000000..5492100e --- /dev/null +++ b/HAL/android.hardware.security.sharedsecret-service.strongbox.xml @@ -0,0 +1,6 @@ + + + android.hardware.security.sharedsecret + ISharedSecret/strongbox + + diff --git a/HAL/android.hardware.strongbox_keystore.xml b/HAL/android.hardware.strongbox_keystore.xml new file mode 100644 index 00000000..d92d6059 --- /dev/null +++ b/HAL/android.hardware.strongbox_keystore.xml @@ -0,0 +1,17 @@ + + + + + + + diff --git a/HAL/keymaster/4.1/CborConverter.cpp b/HAL/keymaster/4.1/CborConverter.cpp deleted file mode 100644 index 4d7041fd..00000000 --- a/HAL/keymaster/4.1/CborConverter.cpp +++ /dev/null @@ -1,412 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#include -#include - -bool CborConverter::addKeyparameters(Array& array, const android::hardware::hidl_vec& keyParams) { - Map map; - std::map> enum_repetition; - std::map uint_repetition; - for(size_t i = 0; i < keyParams.size(); i++) { - KeyParameter param = keyParams[i]; - TagType tagType = static_cast(param.tag & (0xF << 28)); - switch(tagType) { - case TagType::ENUM: - case TagType::UINT: - map.add(static_cast(param.tag), param.f.integer); - break; - case TagType::UINT_REP: - uint_repetition[static_cast(param.tag)].add(param.f.integer); - break; - case TagType::ENUM_REP: - enum_repetition[static_cast(param.tag)].push_back(static_cast(param.f.integer)); - break; - case TagType::ULONG: - map.add(static_cast(param.tag), param.f.longInteger); - break; - case TagType::ULONG_REP: - uint_repetition[static_cast(param.tag)].add(param.f.longInteger); - break; - case TagType::DATE: - map.add(static_cast(param.tag), param.f.dateTime); - break; - case TagType::BOOL: - map.add(static_cast(param.tag), static_cast(param.f.boolValue)); - break; - case TagType::BIGNUM: - case TagType::BYTES: - map.add(static_cast(param.tag), (std::vector(param.blob))); - break; - default: - /* Invalid skip */ - break; - } - } - if(0 < enum_repetition.size()) { - for( auto const& [key, val] : enum_repetition ) { - Bstr bstr(val); - map.add(key, std::move(bstr)); - } - } - if(0 < uint_repetition.size()) { - for( auto & [key, val] : uint_repetition ) { - map.add(key, std::move(val)); - } - } - array.add(std::move(map)); - return true; -} - -bool CborConverter::getKeyCharacteristics(const std::unique_ptr &item, const uint32_t pos, - KeyCharacteristics& keyCharacteristics) { - bool ret = false; - std::unique_ptr arrayItem(nullptr); - getItemAtPos(item, pos, arrayItem); - if ((arrayItem == nullptr) || (MajorType::ARRAY != getType(arrayItem))) - return ret; - - if (!getKeyParameters(arrayItem, 0, keyCharacteristics.softwareEnforced)) { - return ret; - } - - if (!getKeyParameters(arrayItem, 1, keyCharacteristics.hardwareEnforced)) { - return ret; - } - //success - ret = true; - return ret; -} - -bool CborConverter::getKeyParameter(const std::pair&, - const std::unique_ptr&> pair, std::vector& keyParams) { - bool ret = false; - uint64_t key; - uint64_t value; - - if(!getUint64(pair.first, key)) { - return ret; - } - - /* Get the TagType from the Tag */ - TagType tagType = static_cast(key & (0xF << 28)); - switch(tagType) { - case TagType::ENUM_REP: - { - /* ENUM_REP contains values encoded in a Binary string */ - const Bstr* bstr = pair.second.get()->asBstr(); - if(bstr == nullptr) return ret; - for (auto bchar : bstr->value()) { - KeyParameter keyParam; - keyParam.tag = static_cast(key); - keyParam.f.integer = bchar; - keyParams.push_back(std::move(keyParam)); - } - return true; - } - break; - case TagType::ENUM: - case TagType::UINT: - { - KeyParameter keyParam; - keyParam.tag = static_cast(key); - if(!getUint64(pair.second, value)) { - return ret; - } - keyParam.f.integer = static_cast(value); - keyParams.push_back(std::move(keyParam)); - return true; - } - break; - case TagType::ULONG: - { - KeyParameter keyParam; - keyParam.tag = static_cast(key); - if(!getUint64(pair.second, value)) { - return ret; - } - keyParam.f.longInteger = value; - keyParams.push_back(std::move(keyParam)); - return true; - } - break; - case TagType::UINT_REP: - { - /* UINT_REP contains values encoded in a Array */ - Array* array = const_cast(pair.second.get()->asArray()); - if(array == nullptr) return ret; - for(int i = 0; i < array->size(); i++) { - KeyParameter keyParam; - keyParam.tag = static_cast(key); - std::unique_ptr item = std::move((*array)[i]); - if(!getUint64(item, value)) { - return ret; - } - keyParam.f.integer = static_cast(value); - keyParams.push_back(std::move(keyParam)); - - } - return true; - } - break; - case TagType::ULONG_REP: - { - /* ULONG_REP contains values encoded in a Array */ - Array* array = const_cast(pair.second.get()->asArray()); - if(array == nullptr) return ret; - for(int i = 0; i < array->size(); i++) { - KeyParameter keyParam; - keyParam.tag = static_cast(key); - std::unique_ptr item = std::move((*array)[i]); - if(!getUint64(item, keyParam.f.longInteger)) { - return ret; - } - keyParams.push_back(std::move(keyParam)); - - } - return true; - } - break; - case TagType::DATE: - { - KeyParameter keyParam; - keyParam.tag = static_cast(key); - if(!getUint64(pair.second, value)) { - return ret; - } - keyParam.f.dateTime = value; - keyParams.push_back(std::move(keyParam)); - return true; - } - break; - case TagType::BOOL: - { - KeyParameter keyParam; - keyParam.tag = static_cast(key); - if(!getUint64(pair.second, value)) { - return ret; - } - keyParam.f.boolValue = static_cast(value); - keyParams.push_back(std::move(keyParam)); - return true; - } - break; - case TagType::BYTES: - { - KeyParameter keyParam; - keyParam.tag = static_cast(key); - const Bstr* bstr = pair.second.get()->asBstr(); - if(bstr == nullptr) return ret; - keyParam.blob = bstr->value(); - keyParams.push_back(std::move(keyParam)); - return true; - } - break; - default: - /* Invalid skip */ - break; - } - return ret; -} - - -bool CborConverter::getMultiBinaryArray(const std::unique_ptr& item, const uint32_t pos, - std::vector>& data) { - bool ret = false; - std::unique_ptr arrayItem(nullptr); - - getItemAtPos(item, pos, arrayItem); - if ((arrayItem == nullptr) || (MajorType::ARRAY != getType(arrayItem))) - return ret; - const Array* arr = arrayItem.get()->asArray(); - size_t arrSize = arr->size(); - for (int i = 0; i < arrSize; i++) { - std::vector temp; - if (!getBinaryArray(arrayItem, i, temp)) - return ret; - data.push_back(std::move(temp)); - } - ret = true; // success - return ret; -} - -bool CborConverter::getBinaryArray(const std::unique_ptr& item, const uint32_t pos, - ::android::hardware::hidl_vec& value) { - bool ret = false; - std::unique_ptr strItem(nullptr); - getItemAtPos(item, pos, strItem); - if ((strItem == nullptr) || (MajorType::BSTR != getType(strItem))) - return ret; - - const Bstr* bstr = strItem.get()->asBstr(); - value = bstr->value(); - ret = true; - return ret; -} - -bool CborConverter::getBinaryArray(const std::unique_ptr& item, const uint32_t pos, - ::android::hardware::hidl_string& value) { - std::vector vec; - std::string str; - if(!getBinaryArray(item, pos, vec)) { - return false; - } - for(auto ch : vec) { - str += ch; - } - value = str; - return true; -} - -bool CborConverter::getBinaryArray(const std::unique_ptr& item, const uint32_t pos, std::vector& value) { - bool ret = false; - std::unique_ptr strItem(nullptr); - getItemAtPos(item, pos, strItem); - if ((strItem == nullptr) || (MajorType::BSTR != getType(strItem))) - return ret; - - const Bstr* bstr = strItem.get()->asBstr(); - for (auto bchar : bstr->value()) { - value.push_back(bchar); - } - ret = true; - return ret; -} - -bool CborConverter::getHmacSharingParameters(const std::unique_ptr& item, const uint32_t pos, HmacSharingParameters& params) { - std::vector paramValue; - bool ret = false; - std::unique_ptr arrayItem(nullptr); - - //1. Get ArrayItem - //2. First item in the array seed; second item in the array is nonce. - - getItemAtPos(item, pos, arrayItem); - if ((arrayItem == nullptr) || (MajorType::ARRAY != getType(arrayItem))) - return ret; - - //Seed - if (!getBinaryArray(arrayItem, 0, params.seed)) - return ret; - - //nonce - if (!getBinaryArray(arrayItem, 1, paramValue)) - return ret; - memcpy(params.nonce.data(), paramValue.data(), paramValue.size()); - ret = true; - return ret; -} - -bool CborConverter::addVerificationToken(Array& array, const VerificationToken& - verificationToken, std::vector& encodedParamsVerified) { - Array vToken; - vToken.add(verificationToken.challenge); - vToken.add(verificationToken.timestamp); - vToken.add(std::move(encodedParamsVerified)); - vToken.add(static_cast(verificationToken.securityLevel)); - vToken.add((std::vector(verificationToken.mac))); - array.add(std::move(vToken)); - return true; -} - -bool CborConverter::addHardwareAuthToken(Array& array, const HardwareAuthToken& - authToken) { - Array hwAuthToken; - hwAuthToken.add(authToken.challenge); - hwAuthToken.add(authToken.userId); - hwAuthToken.add(authToken.authenticatorId); - hwAuthToken.add(static_cast(authToken.authenticatorType)); - hwAuthToken.add(authToken.timestamp); - hwAuthToken.add((std::vector(authToken.mac))); - array.add(std::move(hwAuthToken)); - return true; -} - -bool CborConverter::getHardwareAuthToken(const std::unique_ptr& item, const uint32_t pos, HardwareAuthToken& token) { - bool ret = false; - //challenge - if (!getUint64(item, pos, token.challenge)) - return ret; - //userId - if (!getUint64(item, pos+1, token.userId)) - return ret; - //AuthenticatorId - if (!getUint64(item, pos+2, token.authenticatorId)) - return ret; - //AuthType - uint64_t authType; - if (!getUint64(item, pos+3, authType)) - return ret; - token.authenticatorType = static_cast(authType); - //Timestamp - if (!getUint64(item, pos+4, token.timestamp)) - return ret; - //MAC - if (!getBinaryArray(item, pos+5, token.mac)) - return ret; - ret = true; - return ret; -} - -bool CborConverter::getVerificationToken(const std::unique_ptr& item, const uint32_t pos, VerificationToken& - token) { - bool ret = false; - //challenge - if (!getUint64(item, pos, token.challenge)) - return ret; - - //timestamp - if (!getUint64(item, pos+1, token.timestamp)) - return ret; - - //List of KeyParameters - if (!getKeyParameters(item, pos+2, token.parametersVerified)) - return ret; - - //AuthenticatorId - uint64_t val; - if (!getUint64(item, pos+3, val)) - return ret; - token.securityLevel = static_cast(val); - - //MAC - if (!getBinaryArray(item, pos+4, token.mac)) - return ret; - ret = true; - return ret; - -} - -bool CborConverter::getKeyParameters(const std::unique_ptr& item, const uint32_t pos, android::hardware::hidl_vec& keyParams) { - bool ret = false; - std::unique_ptr mapItem(nullptr); - std::vector params; - getItemAtPos(item, pos, mapItem); - if ((mapItem == nullptr) || (MajorType::MAP != getType(mapItem))) - return ret; - const Map* map = mapItem.get()->asMap(); - size_t mapSize = map->size(); - for (int i = 0; i < mapSize; i++) { - if (!getKeyParameter((*map)[i], params)) { - return ret; - } - } - keyParams.resize(params.size()); - keyParams = params; - ret = true; - return ret; -} diff --git a/HAL/keymaster/4.1/CommonUtils.cpp b/HAL/keymaster/4.1/CommonUtils.cpp deleted file mode 100644 index 476fe68e..00000000 --- a/HAL/keymaster/4.1/CommonUtils.cpp +++ /dev/null @@ -1,353 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define TAG_SEQUENCE 0x30 -#define LENGTH_MASK 0x80 -#define LENGTH_VALUE_MASK 0x7F - -namespace keymaster { -namespace V4_1 { -namespace javacard { - -constexpr char kVendorPatchlevelProp[] = "ro.vendor.build.security_patch"; -constexpr char kVendorPatchlevelRegex[] = "^([0-9]{4})-([0-9]{2})-([0-9]{2})$"; -constexpr size_t kYearMatch = 1; -constexpr size_t kMonthMatch = 2; -constexpr size_t kDayMatch = 3; -constexpr size_t kVendorPatchlevelMatchCount = kDayMatch + 1; - -hidl_vec kmParamSet2Hidl(const keymaster_key_param_set_t& set) { - hidl_vec result; - if (set.length == 0 || set.params == nullptr) - return result; - - result.resize(set.length); - keymaster_key_param_t* params = set.params; - for (size_t i = 0; i < set.length; ++i) { - auto tag = params[i].tag; - result[i].tag = legacy_enum_conversion(tag); - switch (typeFromTag(tag)) { - case KM_ENUM: - case KM_ENUM_REP: - result[i].f.integer = params[i].enumerated; - break; - case KM_UINT: - case KM_UINT_REP: - result[i].f.integer = params[i].integer; - break; - case KM_ULONG: - case KM_ULONG_REP: - result[i].f.longInteger = params[i].long_integer; - break; - case KM_DATE: - result[i].f.dateTime = params[i].date_time; - break; - case KM_BOOL: - result[i].f.boolValue = params[i].boolean; - break; - case KM_BIGNUM: - case KM_BYTES: - result[i].blob.setToExternal(const_cast(params[i].blob.data), - params[i].blob.data_length); - break; - case KM_INVALID: - default: - params[i].tag = KM_TAG_INVALID; - /* just skip */ - break; - } - } - return result; -} - -keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec& keyParams) { - keymaster_key_param_set_t set; - - set.params = new keymaster_key_param_t[keyParams.size()]; - set.length = keyParams.size(); - - for (size_t i = 0; i < keyParams.size(); ++i) { - auto tag = legacy_enum_conversion(keyParams[i].tag); - switch (typeFromTag(tag)) { - case KM_ENUM: - case KM_ENUM_REP: - set.params[i] = keymaster_param_enum(tag, keyParams[i].f.integer); - break; - case KM_UINT: - case KM_UINT_REP: - set.params[i] = keymaster_param_int(tag, keyParams[i].f.integer); - break; - case KM_ULONG: - case KM_ULONG_REP: - set.params[i] = keymaster_param_long(tag, keyParams[i].f.longInteger); - break; - case KM_DATE: - set.params[i] = keymaster_param_date(tag, keyParams[i].f.dateTime); - break; - case KM_BOOL: - if (keyParams[i].f.boolValue) - set.params[i] = keymaster_param_bool(tag); - else - set.params[i].tag = KM_TAG_INVALID; - break; - case KM_BIGNUM: - case KM_BYTES: - set.params[i] = - keymaster_param_blob(tag, &keyParams[i].blob[0], keyParams[i].blob.size()); - break; - case KM_INVALID: - default: - set.params[i].tag = KM_TAG_INVALID; - /* just skip */ - break; - } - } - - return set; -} - -ErrorCode getEcCurve(const EC_GROUP *group, EcCurve& ecCurve) { - int curve = EC_GROUP_get_curve_name(group); - switch(curve) { - case NID_secp224r1: - ecCurve = EcCurve::P_224; - break; - case NID_X9_62_prime256v1: - ecCurve = EcCurve::P_256; - break; - case NID_secp384r1: - ecCurve = EcCurve::P_384; - break; - case NID_secp521r1: - ecCurve = EcCurve::P_521; - break; - default: - return ErrorCode::UNSUPPORTED_EC_CURVE; - } - return ErrorCode::OK; -} - -ErrorCode ecRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& secret, std::vector& -publicKey, EcCurve& ecCurve) { - ErrorCode errorCode = ErrorCode::INVALID_KEY_BLOB; - EVP_PKEY *pkey = nullptr; - const uint8_t *data = pkcs8Blob.data(); - - d2i_PrivateKey(EVP_PKEY_EC, &pkey, &data, pkcs8Blob.size()); - if(!pkey) { - return legacy_enum_conversion(TranslateLastOpenSslError()); - } - - UniquePtr ec_key(EVP_PKEY_get1_EC_KEY(pkey)); - if(!ec_key.get()) - return legacy_enum_conversion(TranslateLastOpenSslError()); - - //Get EC Group - const EC_GROUP *group = EC_KEY_get0_group(ec_key.get()); - if(group == NULL) - return errorCode; - - if(ErrorCode::OK != (errorCode = getEcCurve(group, ecCurve))) { - return errorCode; - } - - //Extract private key. - const BIGNUM *privBn = EC_KEY_get0_private_key(ec_key.get()); - int privKeyLen = BN_num_bytes(privBn); - std::unique_ptr privKey(new uint8_t[privKeyLen]); - BN_bn2bin(privBn, privKey.get()); - secret.insert(secret.begin(), privKey.get(), privKey.get()+privKeyLen); - - //Extract public key. - const EC_POINT *point = EC_KEY_get0_public_key(ec_key.get()); - int pubKeyLen=0; - pubKeyLen = EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, NULL, 0, NULL); - std::unique_ptr pubKey(new uint8_t[pubKeyLen]); - EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, pubKey.get(), pubKeyLen, NULL); - publicKey.insert(publicKey.begin(), pubKey.get(), pubKey.get()+pubKeyLen); - - EVP_PKEY_free(pkey); - return ErrorCode::OK; -} - -ErrorCode rsaRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& privateExp, std::vector& -pubModulus) { - ErrorCode errorCode = ErrorCode::INVALID_KEY_BLOB; - const BIGNUM *n=NULL, *e=NULL, *d=NULL; - EVP_PKEY *pkey = nullptr; - const uint8_t *data = pkcs8Blob.data(); - - d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &data, pkcs8Blob.size()); - if(!pkey) { - return legacy_enum_conversion(TranslateLastOpenSslError()); - } - - UniquePtr rsa_key(EVP_PKEY_get1_RSA(pkey)); - if(!rsa_key.get()) { - return legacy_enum_conversion(TranslateLastOpenSslError()); - } - - RSA_get0_key(rsa_key.get(), &n, &e, &d); - if(d != NULL && n != NULL) { - /*private exponent */ - int privExpLen = BN_num_bytes(d); - std::unique_ptr privExp(new uint8_t[privExpLen]); - BN_bn2bin(d, privExp.get()); - /* public modulus */ - int pubModLen = BN_num_bytes(n); - std::unique_ptr pubMod(new uint8_t[pubModLen]); - BN_bn2bin(n, pubMod.get()); - - privateExp.insert(privateExp.begin(), privExp.get(), privExp.get()+privExpLen); - pubModulus.insert(pubModulus.begin(), pubMod.get(), pubMod.get()+pubModLen); - } else { - return errorCode; - } - EVP_PKEY_free(pkey); - return ErrorCode::OK; -} - -ErrorCode getCertificateChain(std::vector& chainBuffer, std::vector>& certChain) { - uint8_t *data = chainBuffer.data(); - int index = 0; - uint32_t length = 0; - while (index < chainBuffer.size()) { - std::vector temp; - if(data[index] == TAG_SEQUENCE) { - //read next byte - if (0 == (data[index+1] & LENGTH_MASK)) { - length = (uint32_t)data[index]; - //Add SEQ and Length fields - length += 2; - } else { - int additionalBytes = data[index+1] & LENGTH_VALUE_MASK; - if (additionalBytes == 0x01) { - length = data[index+2]; - //Add SEQ and Length fields - length += 3; - } else if (additionalBytes == 0x02) { - length = (data[index+2] << 8 | data[index+3]); - //Add SEQ and Length fields - length += 4; - } else if (additionalBytes == 0x04) { - length = data[index+2] << 24; - length |= data[index+3] << 16; - length |= data[index+4] << 8; - length |= data[index+5]; - //Add SEQ and Length fields - length += 6; - } else { - //Length is larger than uint32_t max limit. - return ErrorCode::UNKNOWN_ERROR; - } - } - temp.insert(temp.end(), (data+index), (data+index+length)); - index += length; - - certChain.push_back(std::move(temp)); - } else { - //SEQUENCE TAG MISSING. - return ErrorCode::UNKNOWN_ERROR; - } - } - return ErrorCode::OK; -} - -uint32_t match_to_uint32(const char* expression, const regmatch_t& match) { - if (match.rm_so == -1) return 0; - - size_t len = match.rm_eo - match.rm_so; - std::string s(expression + match.rm_so, len); - return std::stoul(s); -} - -std::string wait_and_get_property(const char* prop) { - std::string prop_value; - while (!android::base::WaitForPropertyCreation(prop)) { - LOG(ERROR) << "waited 15s for %s, still waiting..." << prop; - } - prop_value = android::base::GetProperty(prop, "" /* default */); - return prop_value; -} - - -uint32_t GetVendorPatchlevel(const char* patchlevel_str) { - regex_t regex; - if (regcomp(®ex, kVendorPatchlevelRegex, REG_EXTENDED) != 0) { - LOG(ERROR) << "Failed to compile Vendor patchlevel regex! " << kVendorPatchlevelRegex; - return 0; - } - - regmatch_t matches[kVendorPatchlevelMatchCount]; - int not_match = - regexec(®ex, patchlevel_str, kVendorPatchlevelMatchCount, matches, 0 /* flags */); - regfree(®ex); - if (not_match) { - LOG(ERROR) << "Vendor patchlevel string does not match expected format. Using patchlevel 0"; - return 0; - } - - uint32_t year = match_to_uint32(patchlevel_str, matches[kYearMatch]); - uint32_t month = match_to_uint32(patchlevel_str, matches[kMonthMatch]); - uint32_t day = match_to_uint32(patchlevel_str, matches[kDayMatch]); - - if (month < 1 || month > 12) { - LOG(ERROR) << "Invalid patch month " << month; - return 0; - } - bool isLeapYear = (0 == year % 4) ? true : false; - int maxDaysForMonth = 31; - switch(month) { - case 4: case 6: case 9: case 11: - maxDaysForMonth = 30; - break; - case 2: - maxDaysForMonth = isLeapYear ? 29 : 28; - break; - } - if (day < 1 || day > maxDaysForMonth) { - LOG(ERROR) << "Invalid patch day " << day; - return 0; - } - return year * 10000 + month * 100 + day; -} - -uint32_t GetVendorPatchlevel() { - std::string patchlevel = wait_and_get_property(kVendorPatchlevelProp); - return GetVendorPatchlevel(patchlevel.c_str()); -} - - -} // namespace javacard -} // namespace V4_1 -} // namespace keymaster diff --git a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp b/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp deleted file mode 100644 index 17e5bb4c..00000000 --- a/HAL/keymaster/4.1/JavacardKeymaster4Device.cpp +++ /dev/null @@ -1,1522 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#include -#include -#include -#include -#include -#include -#include -#include - -#define JAVACARD_KEYMASTER_NAME "JavacardKeymaster4.1Device v1.0" -#define JAVACARD_KEYMASTER_AUTHOR "Android Open Source Project" -#define PROP_BUILD_QEMU "ro.kernel.qemu" -#define PROP_BUILD_FINGERPRINT "ro.build.fingerprint" -// Cuttlefish build fingerprint substring. -#define CUTTLEFISH_FINGERPRINT_SS "aosp_cf_" - -#define APDU_CLS 0x80 -#define APDU_P1 0x40 -#define APDU_P2 0x00 -#define APDU_RESP_STATUS_OK 0x9000 - -#define SW_KM_OPR 0UL -#define SB_KM_OPR 1UL -#define SE_POWER_RESET_STATUS_FLAG ( 1 << 30) - -namespace keymaster { -namespace V4_1 { -namespace javacard { - -static std::unique_ptr pTransportFactory = nullptr; -constexpr size_t kOperationTableSize = 4; -/* - * Key is the operation handle generated by either SoftKM or StrongboxKM and - * value is either PUBLIC_OPERATION or PRIVATE_OPERATION - */ -std::map operationTable; - -struct KM_AUTH_LIST_Delete { - void operator()(KM_AUTH_LIST* p) { KM_AUTH_LIST_free(p); } -}; - -//Extended error codes -enum ExtendedErrors { - SW_CONDITIONS_NOT_SATISFIED = -10001, - UNSUPPORTED_CLA = -10002, - INVALID_P1P2 = -10003, - UNSUPPORTED_INSTRUCTION = -10004, - CMD_NOT_ALLOWED = -10005, - SW_WRONG_LENGTH = -10006, - INVALID_DATA = -10007, - CRYPTO_ILLEGAL_USE = -10008, - CRYPTO_ILLEGAL_VALUE = -10009, - CRYPTO_INVALID_INIT = -10010, - CRYPTO_NO_SUCH_ALGORITHM = -10011, - CRYPTO_UNINITIALIZED_KEY = -10012, - GENERIC_UNKNOWN_ERROR = -10013 -}; - -static inline std::unique_ptr& getTransportFactoryInstance() { - bool isEmulator = false; - if(pTransportFactory == nullptr) { - // Check if the current build is for emulator or device. - isEmulator = android::base::GetBoolProperty(PROP_BUILD_QEMU, false); - if (!isEmulator) { - std::string fingerprint = android::base::GetProperty(PROP_BUILD_FINGERPRINT, ""); - if (!fingerprint.empty()) { - if (fingerprint.find(CUTTLEFISH_FINGERPRINT_SS, 0) != std::string::npos) { - isEmulator = true; - } - } - } - pTransportFactory = std::unique_ptr(new se_transport::TransportFactory( - isEmulator)); - pTransportFactory->openConnection(); - } - return pTransportFactory; -} - -static inline bool findTag(const hidl_vec& params, Tag tag) { - size_t size = params.size(); - for(size_t i = 0; i < size; ++i) { - if(tag == params[i].tag) - return true; - } - return false; -} - -static inline bool getTag(const hidl_vec& params, Tag tag, KeyParameter& param) { - size_t size = params.size(); - for(size_t i = 0; i < size; ++i) { - if(tag == params[i].tag) { - param = params[i]; - return true; - } - } - return false; -} - -template -static T translateExtendedErrorsToHalErrors(T& errorCode) { - T err; - switch(static_cast(errorCode)) { - case SW_CONDITIONS_NOT_SATISFIED: - case UNSUPPORTED_CLA: - case INVALID_P1P2: - case INVALID_DATA: - case CRYPTO_ILLEGAL_USE: - case CRYPTO_ILLEGAL_VALUE: - case CRYPTO_INVALID_INIT: - case CRYPTO_UNINITIALIZED_KEY: - case GENERIC_UNKNOWN_ERROR: - err = T::UNKNOWN_ERROR; - break; - case CRYPTO_NO_SUCH_ALGORITHM: - err = T::UNSUPPORTED_ALGORITHM; - break; - case UNSUPPORTED_INSTRUCTION: - case CMD_NOT_ALLOWED: - case SW_WRONG_LENGTH: - err = T::UNIMPLEMENTED; - break; - default: - err = static_cast(errorCode); - break; - } - return err; -} - -/* Returns true if operation handle exists, otherwise false */ -static inline bool isOperationHandleExists(uint64_t opHandle) { - if (operationTable.end() == operationTable.find(opHandle)) { - return false; - } - return true; -} - -static inline OperationType getOperationType(uint64_t operationHandle) { - auto it = operationTable.find(operationHandle); - if (it == operationTable.end()) { - return OperationType::UNKNOWN; - } - return it->second; -} - -/* Clears all the strongbox operation handle entries from operation table */ -static void clearStrongboxOprHandleEntries(const std::unique_ptr& oprCtx) { - LOG(INFO) - << "Secure Element reset or applet upgrade detected. Removing existing operation handles"; - auto it = operationTable.begin(); - while (it != operationTable.end()) { - if (it->second == OperationType::PRIVATE_OPERATION) { // Strongbox operation - LOG(INFO) << "operation handle: " << it->first << " is removed"; - oprCtx->clearOperationData(it->first); - it = operationTable.erase(it); - } else { - ++it; - } - } -} - -/** - * Returns the negative value of the same number. - */ -static inline int32_t get2sCompliment(uint32_t value) { - return static_cast(~value+1); -} - -/** - * Clears all the strongbox operation handle entries if secure element power reset happens. - * And also extracts the error code value after unmasking the power reset status flag. - */ -static uint32_t handleErrorCode(const std::unique_ptr& oprCtx, uint32_t errorCode) { - //Check if secure element is reset - bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG)); - - if (isSeResetOccurred) { - //Clear the operation table for Strongbox operations entries. - clearStrongboxOprHandleEntries(oprCtx); - // Unmask the power reset status flag. - errorCode &= ~SE_POWER_RESET_STATUS_FLAG; - } - return errorCode; -} - -template -static std::tuple, T> decodeData(CborConverter& cb, const std::vector& response, bool - hasErrorCode, const std::unique_ptr& oprCtx) { - std::unique_ptr item(nullptr); - T errorCode = T::OK; - std::tie(item, errorCode) = cb.decodeData(response, hasErrorCode); - - uint32_t tempErrCode = handleErrorCode(oprCtx, static_cast(errorCode)); - - // SE sends errocode as unsigned value so convert the unsigned value - // into a signed value of same magnitude and copy back to errorCode. - errorCode = static_cast(get2sCompliment(tempErrCode)); - - if (T::OK != errorCode) { - LOG(ERROR) << "error in decodeData: " << (int32_t) errorCode; - errorCode = translateExtendedErrorsToHalErrors(errorCode); - } - LOG(DEBUG) << "decodeData status: " << (int32_t) errorCode; - return {std::move(item), errorCode}; -} - -ErrorCode encodeParametersVerified(const VerificationToken& verificationToken, std::vector& asn1ParamsVerified) { - if (verificationToken.parametersVerified.size() > 0) { - AuthorizationSet paramSet; - KeymasterBlob derBlob; - UniquePtr kmAuthList(KM_AUTH_LIST_new()); - - paramSet.Reinitialize(KmParamSet(verificationToken.parametersVerified)); - - auto err = build_auth_list(paramSet, kmAuthList.get()); - if (err != KM_ERROR_OK) { - return legacy_enum_conversion(err); - } - int len = i2d_KM_AUTH_LIST(kmAuthList.get(), nullptr); - if (len < 0) { - return legacy_enum_conversion(TranslateLastOpenSslError()); - } - - if (!derBlob.Reset(len)) { - return legacy_enum_conversion(KM_ERROR_MEMORY_ALLOCATION_FAILED); - } - - uint8_t* p = derBlob.writable_data(); - len = i2d_KM_AUTH_LIST(kmAuthList.get(), &p); - if (len < 0) { - return legacy_enum_conversion(TranslateLastOpenSslError()); - } - asn1ParamsVerified.insert(asn1ParamsVerified.begin(), p, p+len); - derBlob.release(); - } - return ErrorCode::OK; -} - -ErrorCode prepareCborArrayFromKeyData(const hidl_vec& keyParams, KeyFormat keyFormat, const hidl_vec& blob, cppbor::Array& - array) { - ErrorCode errorCode = ErrorCode::OK; - AuthorizationSet paramSet; - keymaster_algorithm_t algorithm; - if(keyFormat == KeyFormat::PKCS8) { - - paramSet.Reinitialize(KmParamSet(keyParams)); - paramSet.GetTagValue(TAG_ALGORITHM, &algorithm); - - if(KM_ALGORITHM_RSA == algorithm) { - std::vector privExp; - std::vector modulus; - if(ErrorCode::OK != (errorCode = rsaRawKeyFromPKCS8(std::vector(blob), privExp, modulus))) { - return errorCode; - } - array.add(privExp); - array.add(modulus); - } else if(KM_ALGORITHM_EC == algorithm) { - std::vector privKey; - std::vector pubKey; - EcCurve curve; - if(ErrorCode::OK != (errorCode = ecRawKeyFromPKCS8(std::vector(blob), privKey, pubKey, curve))) { - return errorCode; - } - array.add(privKey); - array.add(pubKey); - } else { - return ErrorCode::UNSUPPORTED_ALGORITHM; - } - } else if(keyFormat == KeyFormat::RAW) { - array.add(std::vector(blob)); - } - return errorCode; -} - -ErrorCode parseWrappedKey(const hidl_vec& wrappedKeyData, std::vector& iv, std::vector& transitKey, -std::vector& secureKey, std::vector& tag, hidl_vec& authList, KeyFormat& -keyFormat, std::vector& wrappedKeyDescription) { - KeymasterBlob kmIv; - KeymasterKeyBlob kmTransitKey; - KeymasterKeyBlob kmSecureKey; - KeymasterBlob kmTag; - AuthorizationSet authSet; - keymaster_key_format_t kmKeyFormat; - KeymasterBlob kmWrappedKeyDescription; - - size_t keyDataLen = wrappedKeyData.size(); - uint8_t *keyData = dup_buffer(wrappedKeyData.data(), keyDataLen); - keymaster_key_blob_t keyMaterial = {keyData, keyDataLen}; - - keymaster_error_t error = parse_wrapped_key(KeymasterKeyBlob(keyMaterial), &kmIv, &kmTransitKey, - &kmSecureKey, &kmTag, &authSet, - &kmKeyFormat, &kmWrappedKeyDescription); - if (error != KM_ERROR_OK) return legacy_enum_conversion(error); - blob2Vec(kmIv.data, kmIv.data_length, iv); - blob2Vec(kmTransitKey.key_material, kmTransitKey.key_material_size, transitKey); - blob2Vec(kmSecureKey.key_material, kmSecureKey.key_material_size, secureKey); - blob2Vec(kmTag.data, kmTag.data_length, tag); - authList = kmParamSet2Hidl(authSet); - keyFormat = static_cast(kmKeyFormat); - blob2Vec(kmWrappedKeyDescription.data, kmWrappedKeyDescription.data_length, wrappedKeyDescription); - - return ErrorCode::OK; -} - -ErrorCode constructApduMessage(Instruction& ins, std::vector& inputData, std::vector& apduOut) { - apduOut.push_back(static_cast(APDU_CLS)); //CLS - apduOut.push_back(static_cast(ins)); //INS - apduOut.push_back(static_cast(APDU_P1)); //P1 - apduOut.push_back(static_cast(APDU_P2)); //P2 - - if(USHRT_MAX >= inputData.size()) { - // Send extended length APDU always as response size is not known to HAL. - // Case 1: Lc > 0 CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le all set to 00. - // Case 2: Lc = 0 CLS | INS | P1 | P2 | 3 bytes of Le all set to 00. - //Extended length 3 bytes, starts with 0x00 - apduOut.push_back(static_cast(0x00)); - if (inputData.size() > 0) { - apduOut.push_back(static_cast(inputData.size() >> 8)); - apduOut.push_back(static_cast(inputData.size() & 0xFF)); - //Data - apduOut.insert(apduOut.end(), inputData.begin(), inputData.end()); - } - //Expected length of output. - //Accepting complete length of output every time. - apduOut.push_back(static_cast(0x00)); - apduOut.push_back(static_cast(0x00)); - } else { - return (ErrorCode::INSUFFICIENT_BUFFER_SPACE); - } - - return (ErrorCode::OK);//success -} - -uint16_t getStatus(std::vector& inputData) { - //Last two bytes are the status SW0SW1 - return (inputData.at(inputData.size()-2) << 8) | (inputData.at(inputData.size()-1)); -} - -ErrorCode JavacardKeymaster4Device::sendData(Instruction ins, std::vector& inData, std::vector& response) { - ErrorCode ret = ErrorCode::UNKNOWN_ERROR; - std::vector apdu; - - ret = constructApduMessage(ins, inData, apdu); - if(ret != ErrorCode::OK) { - LOG(ERROR) << "error in constructApduMessage cmd: " << (int32_t)ins << " status: " << (int32_t)ret; - return ret; - } - - if(!getTransportFactoryInstance()->sendData(apdu.data(), apdu.size(), response)) { - LOG(ERROR) << "error in sendData cmd: " << (int32_t)ins << " status: " - << (int32_t)ErrorCode::SECURE_HW_COMMUNICATION_FAILED; - return (ErrorCode::SECURE_HW_COMMUNICATION_FAILED); - } - - // Response size should be greater than 2. Cbor output data followed by two bytes of APDU status. - if((response.size() <= 2) || (getStatus(response) != APDU_RESP_STATUS_OK)) { - LOG(ERROR) << "error in sendData cmd: " << (int32_t)ins << " status: " << getStatus(response); - return (ErrorCode::UNKNOWN_ERROR); - } - LOG(DEBUG) << "sendData cmd: " << (int32_t)ins << " status: " << (int32_t)ErrorCode::OK; - return (ErrorCode::OK);//success -} - -void JavacardKeymaster4Device::handleSendEarlyBootEndedEvent() { - if (isEarlyBootEventPending) { - LOG(INFO) << "JavacardKeymaster4Device::handleSendEarlyBootEndedEvent send earlyBootEnded Event."; - if (V41ErrorCode::OK == earlyBootEnded()) { - isEarlyBootEventPending = false; - } - } -} - -/** - * Sends android system properties like os_version, os_patchlevel and vendor_patchlevel to - * the Applet. - */ -ErrorCode JavacardKeymaster4Device::setAndroidSystemProperties() { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - cppbor::Array array; - std::unique_ptr item; - std::vector cborOutData; - - array.add(GetOsVersion()). - add(GetOsPatchlevel()). - add(GetVendorPatchlevel()); - - std::vector cborData = array.encode(); - errorCode = sendData(Instruction::INS_SET_VERSION_PATCHLEVEL_CMD, cborData, cborOutData); - if (ErrorCode::OK == errorCode) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - } - if (ErrorCode::OK != errorCode) - LOG(ERROR) << "Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t) errorCode; - - return errorCode; -} - -JavacardKeymaster4Device::JavacardKeymaster4Device(): softKm_(new ::keymaster::AndroidKeymaster( - []() -> auto { - auto context = new JavaCardSoftKeymasterContext(); - context->SetSystemVersion(GetOsVersion(), GetOsPatchlevel()); - return context; - }(), - kOperationTableSize, keymaster::MessageVersion(keymaster::KmVersion::KEYMASTER_4_1, - 0 /* km_date */) )), oprCtx_(new OperationContext()), - isEachSystemPropertySet(false), isEarlyBootEventPending(false) { - // Send Android system properties like os_version, os_patchlevel and vendor_patchlevel - // to the Applet. Incase if setting system properties fails here, again try setting - // it from computeSharedHmac. - - if (ErrorCode::OK == setAndroidSystemProperties()) { - LOG(ERROR) << "javacard strongbox : setAndroidSystemProperties from constructor - successful"; - isEachSystemPropertySet = true; - } - -} - -JavacardKeymaster4Device::~JavacardKeymaster4Device() {} - -// Methods from IKeymasterDevice follow. -Return JavacardKeymaster4Device::getHardwareInfo(getHardwareInfo_cb _hidl_cb) { - // When socket is not connected return hardware info parameters from HAL itself. - std::vector resp; - std::vector input; - std::unique_ptr item; - uint64_t securityLevel = static_cast(SecurityLevel::STRONGBOX); - hidl_string jcKeymasterName; - hidl_string jcKeymasterAuthor; - - ErrorCode ret = sendData(Instruction::INS_GET_HW_INFO_CMD, input, resp); - if (ret == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, ret) = decodeData(cborConverter_, std::vector(resp.begin(), resp.end()-2), - false, oprCtx_); - if (item != nullptr) { - std::vector temp; - if(!cborConverter_.getUint64(item, 0, securityLevel) || - !cborConverter_.getBinaryArray(item, 1, jcKeymasterName) || - !cborConverter_.getBinaryArray(item, 2, jcKeymasterAuthor)) { - LOG(ERROR) << "Failed to convert cbor data of INS_GET_HW_INFO_CMD"; - _hidl_cb(static_cast(securityLevel), jcKeymasterName, jcKeymasterAuthor); - return Void(); - } - } - _hidl_cb(static_cast(securityLevel), jcKeymasterName, jcKeymasterAuthor); - return Void(); - } else { - // It should not come here, but incase if for any reason SB keymaster fails to getHardwareInfo - // return proper values from HAL. - LOG(ERROR) << "Failed to fetch getHardwareInfo from javacard returning fixed values from HAL itself"; - _hidl_cb(SecurityLevel::STRONGBOX, JAVACARD_KEYMASTER_NAME, JAVACARD_KEYMASTER_AUTHOR); - return Void(); - } -} - -Return JavacardKeymaster4Device::getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) { - std::vector cborData; - std::vector input; - std::unique_ptr item; - HmacSharingParameters hmacSharingParameters; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - errorCode = sendData(Instruction::INS_GET_HMAC_SHARING_PARAM_CMD, input, cborData); - if (ErrorCode::OK == errorCode) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborData.begin(), cborData.end()-2), - true, oprCtx_); - if (item != nullptr) { - if(!cborConverter_.getHmacSharingParameters(item, 1, hmacSharingParameters)) { - LOG(ERROR) << "javacard strongbox : Failed to convert cbor data of INS_GET_HMAC_SHARING_PARAM_CMD"; - errorCode = ErrorCode::UNKNOWN_ERROR; - } - } - LOG(DEBUG) << "javacard strongbox : received getHmacSharingParameter from Javacard - successful"; - // Send earlyBootEnded if there is any pending earlybootEnded event. - handleSendEarlyBootEndedEvent(); - } - _hidl_cb(errorCode, hmacSharingParameters); - return Void(); -} - -Return JavacardKeymaster4Device::computeSharedHmac(const hidl_vec& params, computeSharedHmac_cb _hidl_cb) { - cppbor::Array array; - std::unique_ptr item; - std::vector cborOutData; - hidl_vec sharingCheck; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - std::vector tempVec; - cppbor::Array outerArray; - // The Android system properties like OS_VERSION, OS_PATCHLEVEL and VENDOR_PATCHLEVEL are to - // be delivered to the Applet when the HAL is first loaded. Incase if settting system properties - // failed at construction time then this is one of the ideal places to send this information - // to the Applet as computeSharedHmac is called everytime when Android device boots. - if (!isEachSystemPropertySet) { - errorCode = setAndroidSystemProperties(); - if (ErrorCode::OK != errorCode) { - LOG(ERROR) << " Failed to set os_version, os_patchlevel and vendor_patchlevel err: " << (int32_t)errorCode; - _hidl_cb(errorCode, sharingCheck); - return Void(); - } - - LOG(ERROR) << "javacard strongbox : setAndroidSystemProperties from ComputeSharedHmac - successful "; - - isEachSystemPropertySet = true; - } - - // Send earlyBootEnded if there is any pending earlybootEnded event. - handleSendEarlyBootEndedEvent(); - - for(size_t i = 0; i < params.size(); ++i) { - cppbor::Array innerArray; - innerArray.add(static_cast>(params[i].seed)); - for(size_t j = 0; j < params[i].nonce.size(); j++) { - tempVec.push_back(params[i].nonce[j]); - } - innerArray.add(tempVec); - tempVec.clear(); - outerArray.add(std::move(innerArray)); - } - array.add(std::move(outerArray)); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_COMPUTE_SHARED_HMAC_CMD, cborData, cborOutData); - if (ErrorCode::OK == errorCode) { - LOG(ERROR) << "javacard strongbox : received ComputeSharedHmac data from javacard"; - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - if (item != nullptr) { - std::vector bstr; - if(!cborConverter_.getBinaryArray(item, 1, bstr)) { - LOG(ERROR) << "INS_COMPUTE_SHARED_HMAC_CMD: failed to convert cbor sharing check value"; - errorCode = ErrorCode::UNKNOWN_ERROR; - } else { - sharingCheck = bstr; - } - } - } - - LOG(ERROR) << "javacard strongbox : computeSharedHmac - sending sharingCheckToKeystore"; - - _hidl_cb(errorCode, sharingCheck); - return Void(); -} - -Return JavacardKeymaster4Device::verifyAuthorization(uint64_t , const hidl_vec& , const HardwareAuthToken& , verifyAuthorization_cb _hidl_cb) { - VerificationToken verificationToken; - LOG(DEBUG) << "Verify authorizations UNIMPLEMENTED"; - _hidl_cb(ErrorCode::UNIMPLEMENTED, verificationToken); - return Void(); -} - -Return JavacardKeymaster4Device::addRngEntropy(const hidl_vec& data) { - cppbor::Array array; - std::vector cborOutData; - std::unique_ptr item; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - - /* Convert input data to cbor format */ - array.add(std::vector(data)); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_ADD_RNG_ENTROPY_CMD, cborData, cborOutData); - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - } - return errorCode; -} - -Return JavacardKeymaster4Device::generateKey(const hidl_vec& keyParams, generateKey_cb _hidl_cb) { - cppbor::Array array; - std::unique_ptr item; - hidl_vec keyBlob; - std::vector cborOutData; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - KeyCharacteristics keyCharacteristics; - hidl_vec updatedParams(keyParams); - // Send earlyBootEnded if there is any pending earlybootEnded event. - handleSendEarlyBootEndedEvent(); - if(!findTag(keyParams, Tag::CREATION_DATETIME) && - !findTag(keyParams, Tag::ACTIVE_DATETIME)) { - //Add CREATION_DATETIME in HAL, as secure element is not having clock. - size_t size = keyParams.size(); - updatedParams.resize(size+1); - updatedParams[size].tag = Tag::CREATION_DATETIME; - updatedParams[size].f.dateTime = java_time(time(nullptr)); - } - - /* Convert to cbor format */ - cborConverter_.addKeyparameters(array, updatedParams); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_GENERATE_KEY_CMD, cborData, cborOutData); - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - if (item != nullptr) { - if(!cborConverter_.getBinaryArray(item, 1, keyBlob) || - !cborConverter_.getKeyCharacteristics(item, 2, keyCharacteristics)) { - //Clear the buffer. - keyBlob.setToExternal(nullptr, 0); - keyCharacteristics.softwareEnforced.setToExternal(nullptr, 0); - keyCharacteristics.hardwareEnforced.setToExternal(nullptr, 0); - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "INS_GENERATE_KEY_CMD: error while converting cbor data: " << (int32_t) errorCode; - } - } - } - _hidl_cb(errorCode, keyBlob, keyCharacteristics); - return Void(); -} - -Return JavacardKeymaster4Device::importKey(const hidl_vec& keyParams, KeyFormat keyFormat, const hidl_vec& keyData, importKey_cb _hidl_cb) { - cppbor::Array array; - std::unique_ptr item; - hidl_vec keyBlob; - std::vector cborOutData; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - KeyCharacteristics keyCharacteristics; - cppbor::Array subArray; - // Send earlyBootEnded if there is any pending earlybootEnded event. - handleSendEarlyBootEndedEvent(); - - if(keyFormat != KeyFormat::PKCS8 && keyFormat != KeyFormat::RAW) { - LOG(ERROR) << "INS_IMPORT_KEY_CMD unsupported key format " << (int32_t)keyFormat; - _hidl_cb(ErrorCode::UNSUPPORTED_KEY_FORMAT, keyBlob, keyCharacteristics); - return Void(); - } - cborConverter_.addKeyparameters(array, keyParams); - array.add(static_cast(keyFormat)); //javacard accepts only RAW. - - array.add(std::vector(keyData)); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_IMPORT_KEY_CMD, cborData, cborOutData); - - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - if (item != nullptr) { - if(!cborConverter_.getBinaryArray(item, 1, keyBlob) || - !cborConverter_.getKeyCharacteristics(item, 2, keyCharacteristics)) { - //Clear the buffer. - keyBlob.setToExternal(nullptr, 0); - keyCharacteristics.softwareEnforced.setToExternal(nullptr, 0); - keyCharacteristics.hardwareEnforced.setToExternal(nullptr, 0); - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "INS_IMPORT_KEY_CMD: error while converting cbor data, status: " << (int32_t) errorCode; - } - } - } - _hidl_cb(errorCode, keyBlob, keyCharacteristics); - return Void(); -} - -Return JavacardKeymaster4Device::importWrappedKey(const hidl_vec& wrappedKeyData, const hidl_vec& wrappingKeyBlob, const hidl_vec& maskingKey, const hidl_vec& unwrappingParams, uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) { - cppbor::Array array; - std::unique_ptr item; - hidl_vec keyBlob; - std::vector cborOutData; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - KeyCharacteristics keyCharacteristics; - std::vector iv; - std::vector transitKey; - std::vector secureKey; - std::vector tag; - hidl_vec authList; - KeyFormat keyFormat; - std::vector wrappedKeyDescription; - // Send earlyBootEnded if there is any pending earlybootEnded event. - handleSendEarlyBootEndedEvent(); - if(ErrorCode::OK != (errorCode = parseWrappedKey(wrappedKeyData, iv, transitKey, secureKey, - tag, authList, keyFormat, wrappedKeyDescription))) { - LOG(ERROR) << "INS_IMPORT_WRAPPED_KEY_CMD error while parsing wrapped key status: " << (int32_t) errorCode; - _hidl_cb(errorCode, keyBlob, keyCharacteristics); - return Void(); - } - cborConverter_.addKeyparameters(array, authList); - array.add(static_cast(keyFormat)); - array.add(secureKey); - array.add(tag); - array.add(iv); - array.add(transitKey); - array.add(std::vector(wrappingKeyBlob)); - array.add(std::vector(maskingKey)); - cborConverter_.addKeyparameters(array, unwrappingParams); - array.add(std::vector(wrappedKeyDescription)); - array.add(passwordSid); - array.add(biometricSid); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_IMPORT_WRAPPED_KEY_CMD, cborData, cborOutData); - - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - if (item != nullptr) { - if(!cborConverter_.getBinaryArray(item, 1, keyBlob) || - !cborConverter_.getKeyCharacteristics(item, 2, keyCharacteristics)) { - //Clear the buffer. - keyBlob.setToExternal(nullptr, 0); - keyCharacteristics.softwareEnforced.setToExternal(nullptr, 0); - keyCharacteristics.hardwareEnforced.setToExternal(nullptr, 0); - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "INS_IMPORT_WRAPPED_KEY_CMD: error while converting cbor data, status: " << (int32_t) errorCode; - } - } - } - _hidl_cb(errorCode, keyBlob, keyCharacteristics); - return Void(); -} - -Return JavacardKeymaster4Device::getKeyCharacteristics(const hidl_vec& keyBlob, const hidl_vec& clientId, const hidl_vec& appData, getKeyCharacteristics_cb _hidl_cb) { - cppbor::Array array; - std::unique_ptr item; - std::vector cborOutData; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - KeyCharacteristics keyCharacteristics; - - array.add(std::vector(keyBlob)); - array.add(std::vector(clientId)); - array.add(std::vector(appData)); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_GET_KEY_CHARACTERISTICS_CMD, cborData, cborOutData); - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - if (item != nullptr) { - if(!cborConverter_.getKeyCharacteristics(item, 1, keyCharacteristics)) { - keyCharacteristics.softwareEnforced.setToExternal(nullptr, 0); - keyCharacteristics.hardwareEnforced.setToExternal(nullptr, 0); - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "INS_GET_KEY_CHARACTERISTICS_CMD: error while converting cbor data, status: " << (int32_t) errorCode; - } - } - } - _hidl_cb(errorCode, keyCharacteristics); - return Void(); -} - -Return JavacardKeymaster4Device::exportKey(KeyFormat exportFormat, const hidl_vec& keyBlob, const hidl_vec& clientId, const hidl_vec& appData, exportKey_cb _hidl_cb) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - hidl_vec resultKeyBlob; - - //Check if keyblob is corrupted - getKeyCharacteristics(keyBlob, clientId, appData, - [&](ErrorCode error, KeyCharacteristics /*keyCharacteristics*/) { - errorCode = error; - }); - - if(errorCode != ErrorCode::OK) { - LOG(ERROR) << "Error in exportKey: " << (int32_t) errorCode; - _hidl_cb(errorCode, resultKeyBlob); - return Void(); - } - - ExportKeyRequest request(softKm_->message_version()); - request.key_format = legacy_enum_conversion(exportFormat); - request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); - - ExportKeyResponse response(softKm_->message_version()); - softKm_->ExportKey(request, &response); - - if(response.error == KM_ERROR_INCOMPATIBLE_ALGORITHM) { - //Symmetric Keys cannot be exported. - response.error = KM_ERROR_UNSUPPORTED_KEY_FORMAT; - LOG(ERROR) << "error in exportKey: unsupported algorithm or key format"; - } - if (response.error == KM_ERROR_OK) { - resultKeyBlob.setToExternal(response.key_data, response.key_data_length); - } - errorCode = legacy_enum_conversion(response.error); - LOG(DEBUG) << "exportKey status: " << (int32_t) errorCode; - _hidl_cb(errorCode, resultKeyBlob); - return Void(); -} - - - -Return JavacardKeymaster4Device::attestKey(const hidl_vec& keyToAttest, const hidl_vec& attestParams, attestKey_cb _hidl_cb) { - cppbor::Array array; - std::unique_ptr item; - hidl_vec keyBlob; - std::vector cborOutData; - hidl_vec> certChain; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - - array.add(std::vector(keyToAttest)); - cborConverter_.addKeyparameters(array, attestParams); - std::vector cborData = array.encode(); - errorCode = sendData(Instruction::INS_ATTEST_KEY_CMD, cborData, cborOutData); - - if(errorCode == ErrorCode::OK) { - std::vector> temp; - std::vector rootCert; - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - if (item != nullptr) { - if(!cborConverter_.getMultiBinaryArray(item, 1, temp)) { - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "INS_ATTEST_KEY_CMD: error in converting cbor data, status: " << (int32_t) errorCode; - } else { - cborData.clear(); - cborOutData.clear(); - errorCode = sendData(Instruction::INS_GET_CERT_CHAIN_CMD, cborData, cborOutData); - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), - cborOutData.end()-2), - true, oprCtx_); - if (item != nullptr) { - std::vector chain; - if(!cborConverter_.getBinaryArray(item, 1, chain)) { - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "attestkey INS_GET_CERT_CHAIN_CMD: errorn in converting cbor data, status: " << (int32_t) errorCode; - } else { - if(ErrorCode::OK == (errorCode = getCertificateChain(chain, temp))) { - certChain.resize(temp.size()); - for(int i = 0; i < temp.size(); i++) { - certChain[i] = temp[i]; - } - } else { - LOG(ERROR) << "Error in attestkey getCertificateChain: " << (int32_t) errorCode; - } - } - } - } - } - } - } - _hidl_cb(errorCode, certChain); - return Void(); -} - -Return JavacardKeymaster4Device::upgradeKey(const hidl_vec& keyBlobToUpgrade, const hidl_vec& upgradeParams, upgradeKey_cb _hidl_cb) { - cppbor::Array array; - std::unique_ptr item; - hidl_vec upgradedKeyBlob; - std::vector cborOutData; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - - array.add(std::vector(keyBlobToUpgrade)); - cborConverter_.addKeyparameters(array, upgradeParams); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_UPGRADE_KEY_CMD, cborData, cborOutData); - - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - if (item != nullptr) { - if(!cborConverter_.getBinaryArray(item, 1, upgradedKeyBlob)) { - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "INS_UPGRADE_KEY_CMD: error in converting cbor data, status: " << (int32_t) errorCode; - } - } - } - _hidl_cb(errorCode, upgradedKeyBlob); - return Void(); -} - -Return JavacardKeymaster4Device::deleteKey(const hidl_vec& keyBlob) { - cppbor::Array array; - std::unique_ptr item; - std::vector cborOutData; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - - array.add(std::vector(keyBlob)); - std::vector cborData = array.encode(); - errorCode = sendData(Instruction::INS_DELETE_KEY_CMD, cborData, cborOutData); - - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - } - return errorCode; -} - -Return JavacardKeymaster4Device::deleteAllKeys() { - std::unique_ptr item; - std::vector cborOutData; - std::vector input; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - - errorCode = sendData(Instruction::INS_DELETE_ALL_KEYS_CMD, input, cborOutData); - - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - } - return errorCode; -} - -Return JavacardKeymaster4Device::destroyAttestationIds() { - std::unique_ptr item; - std::vector cborOutData; - std::vector input; - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - - errorCode = sendData(Instruction::INS_DESTROY_ATT_IDS_CMD, input, cborOutData); - - if(errorCode == ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData(cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), - true, oprCtx_); - } - return errorCode; -} - -Return JavacardKeymaster4Device::begin(KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, const HardwareAuthToken& authToken, begin_cb _hidl_cb) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - uint64_t operationHandle = 0; - OperationType operType = OperationType::PRIVATE_OPERATION; - hidl_vec outParams; - LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD purpose: " << (int32_t)purpose; - /* - * Asymmetric public key operations are processed inside softkeymaster and private - * key operations are processed inside strongbox keymaster. - * All symmetric key operations are processed inside strongbox keymaster. - * If the purpose is either ENCRYPT / VERIFY then the operation type is set - * to public operation and in case if the key turned out to be a symmetric key then - * handleBeginOperation() function fallbacks to private key operation. - */ - LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD purpose: " << (int32_t)purpose; - if (KeyPurpose::ENCRYPT == purpose || KeyPurpose::VERIFY == purpose) { - operType = OperationType::PUBLIC_OPERATION; - } - errorCode = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams, - operationHandle, operType); - if (errorCode == ErrorCode::OK && isOperationHandleExists(operationHandle)) { - LOG(DEBUG) << "Operation handle " << operationHandle << "already exists" - "in the opertion table. so aborting this opertaion."; - // abort the operation. - errorCode = abortOperation(operationHandle, operType); - if (errorCode == ErrorCode::OK) { - // retry begin to get an another operation handle. - errorCode = handleBeginOperation(purpose, keyBlob, inParams, authToken, outParams, - operationHandle, operType); - if (errorCode == ErrorCode::OK && isOperationHandleExists(operationHandle)) { - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: Failed in begin operation as the" - "operation handle already exists in the operation table." - << (int32_t)errorCode; - // abort the operation. - auto abortErr = abortOperation(operationHandle, operType); - if (abortErr != ErrorCode::OK) { - LOG(ERROR) << "Fail to abort the operation."; - errorCode = abortErr; - } - } - } - } - // Create an entry inside the operation table for the new operation - // handle. - if (ErrorCode::OK == errorCode) operationTable[operationHandle] = operType; - - _hidl_cb(errorCode, outParams, operationHandle); - return Void(); -} - -ErrorCode JavacardKeymaster4Device::handleBeginPublicKeyOperation( - KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, - hidl_vec& outParams, uint64_t& operationHandle) { - BeginOperationRequest request(softKm_->message_version()); - request.purpose = legacy_enum_conversion(purpose); - request.SetKeyMaterial(keyBlob.data(), keyBlob.size()); - request.additional_params.Reinitialize(KmParamSet(inParams)); - - BeginOperationResponse response(softKm_->message_version()); - /* For Symmetric key operation, the BeginOperation returns - * KM_ERROR_INCOMPATIBLE_ALGORITHM error. */ - softKm_->BeginOperation(request, &response); - ErrorCode errorCode = legacy_enum_conversion(response.error); - LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD softkm BeginOperation status: " << (int32_t)errorCode; - if (ErrorCode::OK == errorCode) { - outParams = kmParamSet2Hidl(response.output_params); - operationHandle = response.op_handle; - } else { - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in softkm BeginOperation status: " - << (int32_t)errorCode; - } - return errorCode; -} - -ErrorCode JavacardKeymaster4Device::handleBeginPrivateKeyOperation( - KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, - const HardwareAuthToken& authToken, hidl_vec& outParams, - uint64_t& operationHandle) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - cppbor::Array array; - std::vector cborOutData; - std::unique_ptr item; - std::unique_ptr blobItem = nullptr; - KeyCharacteristics keyCharacteristics; - KeyParameter param; - - // Send earlyBootEnded if there is any pending earlybootEnded event. - handleSendEarlyBootEndedEvent(); - /* Convert input data to cbor format */ - array.add(static_cast(purpose)); - array.add(std::vector(keyBlob)); - cborConverter_.addKeyparameters(array, inParams); - cborConverter_.addHardwareAuthToken(array, authToken); - std::vector cborData = array.encode(); - - // keyCharacteristics.hardwareEnforced is required to store algorithm, digest - // and padding values in operationInfo structure. To retrieve - // keyCharacteristics.hardwareEnforced, call getKeyCharacateristics. By - // calling getKeyCharacateristics also helps in finding a corrupted keyblob. - hidl_vec applicationId; - hidl_vec applicationData; - if (getTag(inParams, Tag::APPLICATION_ID, param)) { - applicationId = param.blob; - } - if (getTag(inParams, Tag::APPLICATION_DATA, param)) { - applicationData = param.blob; - } - // Call to getKeyCharacteristics. - getKeyCharacteristics(keyBlob, applicationId, applicationData, - [&](ErrorCode error, KeyCharacteristics keyChars) { - errorCode = error; - keyCharacteristics = keyChars; - }); - LOG(DEBUG) << "INS_BEGIN_OPERATION_CMD StrongboxKM getKeyCharacteristics status: " - << (int32_t)errorCode; - - if (errorCode == ErrorCode::OK) { - errorCode = ErrorCode::UNKNOWN_ERROR; - if (getTag(keyCharacteristics.hardwareEnforced, Tag::ALGORITHM, param)) { - errorCode = sendData(Instruction::INS_BEGIN_OPERATION_CMD, cborData, cborOutData); - if (errorCode == ErrorCode::OK) { - // Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = - decodeData(cborConverter_, - std::vector(cborOutData.begin(), cborOutData.end() - 2), - true, oprCtx_); - if (item != nullptr) { - if (!cborConverter_.getKeyParameters(item, 1, outParams) || - !cborConverter_.getUint64(item, 2, operationHandle)) { - errorCode = ErrorCode::UNKNOWN_ERROR; - outParams.setToExternal(nullptr, 0); - operationHandle = 0; - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD: error in converting cbor " - "data, status: " - << (int32_t)errorCode; - } else { - /* Store the operationInfo */ - oprCtx_->setOperationInfo(operationHandle, purpose, param.f.algorithm, - inParams); - } - } - } - } else { - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD couldn't find algorithm tag: " - << (int32_t)Tag::ALGORITHM; - } - } else { - LOG(ERROR) << "INS_BEGIN_OPERATION_CMD error in getKeyCharacteristics status: " - << (int32_t)errorCode; - } - return errorCode; -} - -ErrorCode JavacardKeymaster4Device::handleBeginOperation( - KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, - const HardwareAuthToken& authToken, hidl_vec& outParams, - uint64_t& operationHandle, OperationType& operType) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - if (operType == OperationType::PUBLIC_OPERATION) { - errorCode = - handleBeginPublicKeyOperation(purpose, keyBlob, inParams, outParams, operationHandle); - - // For Symmetric operations handleBeginPublicKeyOperation function - // returns INCOMPATIBLE_ALGORITHM error. Based on this error - // condition it fallbacks to private key operation. - if (errorCode == ErrorCode::INCOMPATIBLE_ALGORITHM) { - operType = OperationType::PRIVATE_OPERATION; - } - } - - if (operType == OperationType::PRIVATE_OPERATION) { - errorCode = handleBeginPrivateKeyOperation(purpose, keyBlob, inParams, authToken, outParams, - operationHandle); - } - return errorCode; -} - -Return -JavacardKeymaster4Device::update(uint64_t operationHandle, const hidl_vec& inParams, - const hidl_vec& input, const HardwareAuthToken& authToken, - const VerificationToken& verificationToken, update_cb _hidl_cb) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - uint32_t inputConsumed = 0; - hidl_vec outParams; - hidl_vec output; - UpdateOperationResponse response(softKm_->message_version()); - OperationType operType = getOperationType(operationHandle); - if (OperationType::UNKNOWN == operType) { // operation handle not found - LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle " - "is passed or if" - << " secure element reset occurred."; - _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, inputConsumed, outParams, output); - return Void(); - } - - if (OperationType::PUBLIC_OPERATION == operType) { - /* SW keymaster (Public key operation) */ - LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm operation "; - UpdateOperationRequest request(softKm_->message_version()); - request.op_handle = operationHandle; - request.input.Reinitialize(input.data(), input.size()); - request.additional_params.Reinitialize(KmParamSet(inParams)); - - softKm_->UpdateOperation(request, &response); - errorCode = legacy_enum_conversion(response.error); - LOG(DEBUG) << "INS_UPDATE_OPERATION_CMD - swkm update operation status: " - << (int32_t)errorCode; - if (response.error == KM_ERROR_OK) { - inputConsumed = response.input_consumed; - outParams = kmParamSet2Hidl(response.output_params); - output = kmBuffer2hidlVec(response.output); - } else { - LOG(ERROR) << "INS_UPDATE_OPERATION_CMD - error swkm update operation status: " - << (int32_t)errorCode; - } - } else { - /* Strongbox Keymaster operation */ - std::vector tempOut; - /* OperationContext calls this below sendDataCallback callback function. This callback - * may be called multiple times if the input data is larger than MAX_ALLOWED_INPUT_SIZE. - */ - auto sendDataCallback = [&](std::vector& data, bool) -> ErrorCode { - cppbor::Array array; - std::unique_ptr item; - std::vector cborOutData; - std::vector asn1ParamsVerified; - // For symmetic ciphers only block aligned data is send to javacard Applet to reduce the - // number of calls to - // javacard. If the input message is less than block size then it is buffered inside the - // HAL. so in case if - // after buffering there is no data to send to javacard don't call javacard applet. - // For AES GCM operations, even though the input length is 0(which is not block - // aligned), if there is ASSOCIATED_DATA present in KeyParameters. Then we need to make - // a call to javacard Applet. - if (data.size() == 0 && !findTag(inParams, Tag::ASSOCIATED_DATA)) { - // Return OK, since this is not error case. - LOG(DEBUG) << "sendDataCallback: data size is zero"; - return ErrorCode::OK; - } - - if (ErrorCode::OK != - (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) { - LOG(ERROR) << "sendDataCallback: error in encodeParametersVerified status: " - << (int32_t)errorCode; - return errorCode; - } - - // Convert input data to cbor format - array.add(operationHandle); - cborConverter_.addKeyparameters(array, inParams); - array.add(data); - cborConverter_.addHardwareAuthToken(array, authToken); - cborConverter_.addVerificationToken(array, verificationToken, asn1ParamsVerified); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_UPDATE_OPERATION_CMD, cborData, cborOutData); - - if (errorCode == ErrorCode::OK) { - // Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = - decodeData(cborConverter_, - std::vector(cborOutData.begin(), cborOutData.end() - 2), - true, oprCtx_); - if (item != nullptr) { - /*Ignore inputConsumed from javacard SE since HAL consumes all the input */ - // cborConverter_.getUint64(item, 1, inputConsumed); - // This callback function may gets called multiple times so parse and get the - // outParams only once. Otherwise there can be chance of duplicate entries in - // outParams. Use tempOut to collect all the cipher text and finally copy it to - // the output. getBinaryArray function appends the new cipher text at the end of - // the tempOut(std::vector). - if ((outParams.size() == 0 && - !cborConverter_.getKeyParameters(item, 2, outParams)) || - !cborConverter_.getBinaryArray(item, 3, tempOut)) { - outParams.setToExternal(nullptr, 0); - tempOut.clear(); - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) << "sendDataCallback: INS_UPDATE_OPERATION_CMD: error while " - "converting cbor data, status: " - << (int32_t)errorCode; - } - } - } - return errorCode; - }; - if (ErrorCode::OK == - (errorCode = - oprCtx_->update(operationHandle, std::vector(input), sendDataCallback))) { - /* Consumed all the input */ - inputConsumed = input.size(); - output = tempOut; - } - LOG(DEBUG) << "Update operation status: " << (int32_t)errorCode; - if (ErrorCode::OK != errorCode) { - LOG(ERROR) << "Error in update operation, status: " << (int32_t)errorCode; - abort(operationHandle); - } - } - if (ErrorCode::OK != errorCode) { - /* Delete the entry from operation table. */ - LOG(ERROR) << "Delete entry from operation table, status: " << (int32_t)errorCode; - operationTable.erase(operationHandle); - } - - _hidl_cb(errorCode, inputConsumed, outParams, output); - return Void(); -} - -Return -JavacardKeymaster4Device::finish(uint64_t operationHandle, const hidl_vec& inParams, - const hidl_vec& input, const hidl_vec& signature, - const HardwareAuthToken& authToken, - const VerificationToken& verificationToken, finish_cb _hidl_cb) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - hidl_vec outParams; - hidl_vec output; - FinishOperationResponse response(softKm_->message_version()); - OperationType operType = getOperationType(operationHandle); - - if (OperationType::UNKNOWN == operType) { // operation handle not found - LOG(ERROR) << " Operation handle is invalid. This could happen if invalid operation handle " - "is passed or if" - << " secure element reset occurred."; - _hidl_cb(ErrorCode::INVALID_OPERATION_HANDLE, outParams, output); - return Void(); - } - - if (OperationType::PUBLIC_OPERATION == operType) { - /* SW keymaster (Public key operation) */ - LOG(DEBUG) << "FINISH - swkm operation "; - FinishOperationRequest request(softKm_->message_version()); - request.op_handle = operationHandle; - request.input.Reinitialize(input.data(), input.size()); - request.signature.Reinitialize(signature.data(), signature.size()); - request.additional_params.Reinitialize(KmParamSet(inParams)); - - softKm_->FinishOperation(request, &response); - - errorCode = legacy_enum_conversion(response.error); - LOG(DEBUG) << "FINISH - swkm operation, status: " << (int32_t)errorCode; - - if (response.error == KM_ERROR_OK) { - outParams = kmParamSet2Hidl(response.output_params); - output = kmBuffer2hidlVec(response.output); - } else { - LOG(ERROR) << "Error in finish operation, status: " << (int32_t)errorCode; - } - } else { - /* Strongbox Keymaster operation */ - std::vector tempOut; - bool aadTag = false; - /* OperationContext calls this below sendDataCallback callback function. This callback - * may be called multiple times if the input data is larger than MAX_ALLOWED_INPUT_SIZE. - * This callback function decides whether to call update/finish instruction based on the - * input received from the OperationContext through finish variable. - * if finish variable is false update instruction is called, if it is true finish - * instruction is called. - */ - auto sendDataCallback = [&](std::vector& data, bool finish) -> ErrorCode { - cppbor::Array array; - Instruction ins; - std::unique_ptr item; - std::vector cborOutData; - int keyParamPos, outputPos; - std::vector asn1ParamsVerified; - - if (ErrorCode::OK != - (errorCode = encodeParametersVerified(verificationToken, asn1ParamsVerified))) { - LOG(ERROR) << "sendDataCallback: Error in encodeParametersVerified, status: " - << (int32_t)errorCode; - return errorCode; - } - - // In case if there is ASSOCIATED_DATA present in the keyparams, then make sure it is - // either passed with update call or finish call. Don't send ASSOCIATED_DATA in both - // update and finish calls. aadTag is used to check if ASSOCIATED_DATA is already sent - // in update call. If addTag is true then skip ASSOCIATED_DATA from keyparams in finish - // call. - // Convert input data to cbor format - array.add(operationHandle); - if (finish) { - std::vector finishParams; - LOG(DEBUG) << "sendDataCallback: finish operation"; - if (aadTag) { - for (int i = 0; i < inParams.size(); i++) { - if (inParams[i].tag != Tag::ASSOCIATED_DATA) - finishParams.push_back(inParams[i]); - } - } else { - finishParams = inParams; - } - cborConverter_.addKeyparameters(array, finishParams); - array.add(data); - array.add(std::vector(signature)); - ins = Instruction::INS_FINISH_OPERATION_CMD; - keyParamPos = 1; - outputPos = 2; - } else { - LOG(DEBUG) << "sendDataCallback: update operation"; - if (findTag(inParams, Tag::ASSOCIATED_DATA)) { - aadTag = true; - } - cborConverter_.addKeyparameters(array, inParams); - array.add(data); - ins = Instruction::INS_UPDATE_OPERATION_CMD; - keyParamPos = 2; - outputPos = 3; - } - cborConverter_.addHardwareAuthToken(array, authToken); - cborConverter_.addVerificationToken(array, verificationToken, asn1ParamsVerified); - std::vector cborData = array.encode(); - errorCode = sendData(ins, cborData, cborOutData); - - if (errorCode == ErrorCode::OK) { - // Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = - decodeData(cborConverter_, - std::vector(cborOutData.begin(), cborOutData.end() - 2), - true, oprCtx_); - if (item != nullptr) { - // There is a change that this finish callback may gets called multiple times if - // the input data size is larger the MAX_ALLOWED_INPUT_SIZE (Refer - // OperationContext) so parse and get the outParams only once. Otherwise there - // can be chance of duplicate entries in outParams. Use tempOut to collect all - // the cipher text and finally copy it to the output. getBinaryArray function - // appends the new cipher text at the end of the tempOut(std::vector). - if ((outParams.size() == 0 && - !cborConverter_.getKeyParameters(item, keyParamPos, outParams)) || - !cborConverter_.getBinaryArray(item, outputPos, tempOut)) { - outParams.setToExternal(nullptr, 0); - tempOut.clear(); - errorCode = ErrorCode::UNKNOWN_ERROR; - LOG(ERROR) - << "sendDataCallback: error while converting cbor data in operation: " - << (int32_t)ins << " decodeData, status: " << (int32_t)errorCode; - } - } - } - return errorCode; - }; - if (ErrorCode::OK == - (errorCode = - oprCtx_->finish(operationHandle, std::vector(input), sendDataCallback))) { - output = tempOut; - } - if (ErrorCode::OK != errorCode) { - LOG(ERROR) << "Error in finish operation, status: " << (int32_t)errorCode; - abort(operationHandle); - } - } - /* Delete the entry from operation table. */ - operationTable.erase(operationHandle); - oprCtx_->clearOperationData(operationHandle); - LOG(DEBUG) << "finish operation, status: " << (int32_t)errorCode; - _hidl_cb(errorCode, outParams, output); - return Void(); -} - -ErrorCode JavacardKeymaster4Device::abortPrivateKeyOperation(uint64_t operationHandle) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - cppbor::Array array; - std::unique_ptr item; - std::vector cborOutData; - - /* Convert input data to cbor format */ - array.add(operationHandle); - std::vector cborData = array.encode(); - - errorCode = sendData(Instruction::INS_ABORT_OPERATION_CMD, cborData, cborOutData); - - if (errorCode == ErrorCode::OK) { - // Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData( - cborConverter_, std::vector(cborOutData.begin(), cborOutData.end() - 2), true, - oprCtx_); - } - return errorCode; -} - -ErrorCode JavacardKeymaster4Device::abortPublicKeyOperation(uint64_t operationHandle) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - AbortOperationRequest request(softKm_->message_version()); - request.op_handle = operationHandle; - - AbortOperationResponse response(softKm_->message_version()); - softKm_->AbortOperation(request, &response); - - errorCode = legacy_enum_conversion(response.error); - return errorCode; -} - -ErrorCode JavacardKeymaster4Device::abortOperation(uint64_t operationHandle, - OperationType operType) { - if (operType == OperationType::UNKNOWN) return ErrorCode::UNKNOWN_ERROR; - - if (OperationType::PUBLIC_OPERATION == operType) { - return abortPublicKeyOperation(operationHandle); - } else { - return abortPrivateKeyOperation(operationHandle); - } -} - -Return JavacardKeymaster4Device::abort(uint64_t operationHandle) { - ErrorCode errorCode = ErrorCode::UNKNOWN_ERROR; - OperationType operType = getOperationType(operationHandle); - if (OperationType::UNKNOWN == operType) { // operation handle not found - LOG(ERROR) << " Operation handle is invalid. This could happen if invalid " - "operation handle is passed or if" - << " secure element reset occurred."; - return ErrorCode::INVALID_OPERATION_HANDLE; - } - - errorCode = abortOperation(operationHandle, operType); - if (errorCode == ErrorCode::OK) { - /* Delete the entry on this operationHandle */ - oprCtx_->clearOperationData(operationHandle); - operationTable.erase(operationHandle); - } - return errorCode; -} - -// Methods from ::android::hardware::keymaster::V4_1::IKeymasterDevice follow. -Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device::deviceLocked(bool passwordOnly, const VerificationToken& verificationToken) { - cppbor::Array array; - std::unique_ptr item; - std::vector cborOutData; - V41ErrorCode errorCode = V41ErrorCode::UNKNOWN_ERROR; - std::vector asn1ParamsVerified; - - if(V41ErrorCode::OK != (errorCode = static_cast(encodeParametersVerified(verificationToken, asn1ParamsVerified)))) { - LOG(DEBUG) << "INS_DEVICE_LOCKED_CMD: Error in encodeParametersVerified, status: " << (int32_t) errorCode; - return errorCode; - } - - /* Convert input data to cbor format */ - array.add(passwordOnly); - cborConverter_.addVerificationToken(array, verificationToken, asn1ParamsVerified); - std::vector cborData = array.encode(); - - errorCode = static_cast(sendData(Instruction::INS_DEVICE_LOCKED_CMD, cborData, cborOutData)); - - if(errorCode == V41ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData( - cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true, oprCtx_); - } - return errorCode; -} - -Return<::android::hardware::keymaster::V4_1::ErrorCode> JavacardKeymaster4Device::earlyBootEnded() { - std::unique_ptr item; - std::string message; - std::vector cborOutData; - std::vector cborInput; - V41ErrorCode errorCode = V41ErrorCode::UNKNOWN_ERROR; - - errorCode = static_cast(sendData(Instruction::INS_EARLY_BOOT_ENDED_CMD, cborInput, cborOutData)); - - if(errorCode == V41ErrorCode::OK) { - //Skip last 2 bytes in cborData, it contains status. - std::tie(item, errorCode) = decodeData( - cborConverter_, std::vector(cborOutData.begin(), cborOutData.end()-2), true, oprCtx_); - } else { - // Incase of failure cache the event and send in the next immediate request to Applet. - isEarlyBootEventPending = true; - } - return errorCode; -} - -} // javacard -} // namespace V4_1 -} // namespace keymaster diff --git a/HAL/keymaster/4.1/JavacardOperationContext.cpp b/HAL/keymaster/4.1/JavacardOperationContext.cpp deleted file mode 100644 index 64c13c71..00000000 --- a/HAL/keymaster/4.1/JavacardOperationContext.cpp +++ /dev/null @@ -1,383 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#include -#include - -#define MAX_ALLOWED_INPUT_SIZE 256 -#define AES_BLOCK_SIZE 16 -#define DES_BLOCK_SIZE 8 -#define RSA_INPUT_MSG_LEN 256 -#define EC_INPUT_MSG_LEN 32 -#define MAX_EC_BUFFER_SIZE 32 - -namespace keymaster { -namespace V4_1 { -namespace javacard { - -enum class Operation { - Update = 0, - Finish = 1 -}; - -inline ErrorCode hidlParamSet2OperatinInfo(const hidl_vec& params, OperationInfo& info) { - for(int i = 0; i < params.size(); i++) { - const KeyParameter ¶m = params[i]; - switch(param.tag) { - case Tag::ALGORITHM: - info.alg = static_cast(param.f.integer); - break; - case Tag::DIGEST: - info.digest = static_cast(param.f.integer); - break; - case Tag::PADDING: - info.pad = static_cast(param.f.integer); - break; - case Tag::BLOCK_MODE: - info.mode = static_cast(param.f.integer); - break; - case Tag::MAC_LENGTH: - // Convert to bytes. - info.macLength = (param.f.integer / 8); - break; - default: - continue; - } - } - return ErrorCode::OK; -} - -ErrorCode OperationContext::setOperationInfo(uint64_t operationHandle, KeyPurpose purpose, Algorithm alg, - const hidl_vec& params) { - ErrorCode errorCode = ErrorCode::OK; - OperationData data; - memset((void *)&data, 0, sizeof(OperationData)); - if(ErrorCode::OK != (errorCode = hidlParamSet2OperatinInfo(params, data.info))) { - return errorCode; - } - data.info.purpose = purpose; - data.info.alg = alg; - operationTable[operationHandle] = data; - return ErrorCode::OK; -} - -ErrorCode OperationContext::clearOperationData(uint64_t operHandle) { - size_t size = operationTable.erase(operHandle); - if(!size) - return ErrorCode::INVALID_OPERATION_HANDLE; - else - return ErrorCode::OK; -} - -ErrorCode OperationContext::validateInputData(uint64_t operHandle, Operation opr, - const std::vector& actualInput, std::vector& input) { - ErrorCode errorCode = ErrorCode::OK; - - OperationData& oprData = operationTable[operHandle]; - - if(KeyPurpose::SIGN == oprData.info.purpose) { - if(Algorithm::RSA == oprData.info.alg && Digest::NONE == oprData.info.digest) { - if((oprData.data.buf_len+actualInput.size()) > RSA_INPUT_MSG_LEN) - return ErrorCode::INVALID_INPUT_LENGTH; - } else if(Algorithm::EC == oprData.info.alg && Digest::NONE == oprData.info.digest) { - /* Silently truncate the input */ - if(oprData.data.buf_len >= EC_INPUT_MSG_LEN) { - return ErrorCode::OK; - } else if(actualInput.size()+oprData.data.buf_len > EC_INPUT_MSG_LEN) { - for(int i=oprData.data.buf_len,j=0; i < EC_INPUT_MSG_LEN; ++i,++j) { - input.push_back(actualInput[j]); - } - return ErrorCode::OK; - } - } - } - - if(KeyPurpose::DECRYPT == oprData.info.purpose && Algorithm::RSA == oprData.info.alg) { - if((oprData.data.buf_len+actualInput.size()) > RSA_INPUT_MSG_LEN) { - return ErrorCode::INVALID_INPUT_LENGTH; - } - } - if(opr == Operation::Finish) { - //If it is observed in finish operation that buffered data + input data exceeds the MAX_ALLOWED_INPUT_SIZE then - //combine both the data in a single buffer. This helps in making sure that no data is left out in the buffer after - //finish opertion. - if((oprData.data.buf_len+actualInput.size()) > MAX_ALLOWED_INPUT_SIZE) { - input.insert(input.end(), oprData.data.buf, oprData.data.buf + oprData.data.buf_len); - input.insert(input.end(), actualInput.begin(), actualInput.end()); - //As buffered data is already consumed earse the buffer. - if(oprData.data.buf_len != 0) { - memset(oprData.data.buf, 0x00, sizeof(oprData.data.buf)); - oprData.data.buf_len = 0; - } - return ErrorCode::OK; - } - } - input = actualInput; - return errorCode; -} - -ErrorCode OperationContext::update(uint64_t operHandle, const std::vector& actualInput, - sendDataToSE_cb cb) { - ErrorCode errorCode = ErrorCode::OK; - std::vector input; - - /* Validate the input data */ - if(ErrorCode::OK != (errorCode = validateInputData(operHandle, Operation::Update, actualInput, input))) { - return errorCode; - } - - if (input.size() > MAX_ALLOWED_INPUT_SIZE) { - int noOfChunks = input.size()/MAX_ALLOWED_INPUT_SIZE; - int extraData = input.size()%MAX_ALLOWED_INPUT_SIZE; - for(int i =0 ; i < noOfChunks; i++) { - auto first = input.cbegin() + (i*MAX_ALLOWED_INPUT_SIZE); - auto end = first + MAX_ALLOWED_INPUT_SIZE; - std::vector newInput(first, end); - if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput, - Operation::Update, cb))) { - return errorCode; - } - } - if(extraData > 0) { - std::vector finalInput(input.cend()-extraData, input.cend()); - if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput, - Operation::Update, cb))) { - return errorCode; - } - } - } else { - if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input, - Operation::Update, cb))) { - return errorCode; - } - } - return errorCode; -} - -ErrorCode OperationContext::finish(uint64_t operHandle, const std::vector& actualInput, sendDataToSE_cb cb) { - ErrorCode errorCode = ErrorCode::OK; - std::vector input; - /* Validate the input data */ - if(ErrorCode::OK != (errorCode = validateInputData(operHandle, Operation::Finish, actualInput, input))) { - return errorCode; - } - - if (input.size() > MAX_ALLOWED_INPUT_SIZE) { - int noOfChunks = input.size()/MAX_ALLOWED_INPUT_SIZE; - int extraData = input.size()%MAX_ALLOWED_INPUT_SIZE; - for(int i =0 ; i < noOfChunks; i++) { - auto first = input.cbegin() + (i*MAX_ALLOWED_INPUT_SIZE); - auto end = first + MAX_ALLOWED_INPUT_SIZE; - std::vector newInput(first, end); - if(extraData == 0 && (i == noOfChunks - 1)) { - //Last chunk - if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput, - Operation::Finish, cb, true))) { - return errorCode; - } - - } else { - if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, newInput, - Operation::Update, cb))) { - return errorCode; - } - } - } - if(extraData > 0) { - std::vector finalInput(input.cend()-extraData, input.cend()); - if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, finalInput, - Operation::Finish, cb, true))) { - return errorCode; - } - } - } else { - if(ErrorCode::OK != (errorCode = handleInternalUpdate(operHandle, input, - Operation::Finish, cb, true))) { - return errorCode; - } - } - return errorCode; -} - - /* - * This function is called for only Symmetric operations. It calculates the length of the data to be sent to the Applet - * by considering data from both of the sources i.e. buffered data and input data. It first Copies the data to the out - * buffer from buffered data and then the remaining from the input data. If the buffered data is empty then it copies - * data to out buffer from only input and similarly if the input is empty then it copies from only buffer. Incase if - * only a portion of the input data is consumed then the remaining portion of input data is buffered. - * For AES/TDES Encryption/Decryption operations with PKCS7 padding and for AES GCM Decryption operations a block size - * of data and tag length of data is always buffered respectively. This is done to make sure that there will be always - * a block size of data left for finish operation so that the Applet may remove the PKCS7 padding if any or get the tag - * data for AES GCM operation for authentication purpose. Once the data from the buffer is consumed then the buffer is - * cleared. No Buffering is done for other modes of operation. - */ -ErrorCode OperationContext::bufferData(uint64_t operHandle, std::vector& input, - Operation opr, std::vector& out) { - BufferedData& data = operationTable[operHandle].data; - int dataToSELen = 0;/*Length of the data to be send to the Applet.*/ - int inputConsumed = 0;/*Length of the data consumed from input */ - int bufferLengthConsumed = 0; /* Length of the data consumed from Buffer */ - int blockSize = 0; - int bufIndex = data.buf_len; - if(Algorithm::AES == operationTable[operHandle].info.alg) { - blockSize = AES_BLOCK_SIZE; - } else if(Algorithm::TRIPLE_DES == operationTable[operHandle].info.alg) { - blockSize = DES_BLOCK_SIZE; - } else { - return ErrorCode::INCOMPATIBLE_ALGORITHM; - } - - if(opr == Operation::Finish) { - //Copy the buffer to be send to SE. - out.insert(out.end(), data.buf, data.buf + data.buf_len); - dataToSELen = data.buf_len + input.size(); - bufferLengthConsumed = data.buf_len; - } else { - /*Update */ - //Calculate the block sized length on combined input of both buffered data and input data. - // AES/TDES, Encrypt/Decrypt PKCS7 Padding: - // Buffer till blockSize of data is received. - // AES GCM Decrypt: - // Buffer tag length bytes of data. - if (operationTable[operHandle].info.pad == PaddingMode::PKCS7) { - if (operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT) { - /* Buffer till we receive more than blockSize of data of atleast one byte*/ - dataToSELen = ((data.buf_len + input.size()) / blockSize) * blockSize; - int remaining = ((data.buf_len + input.size()) % blockSize); - if (dataToSELen >= blockSize && remaining == 0) { - dataToSELen -= blockSize; - } - } else { // Encrypt - dataToSELen = ((data.buf_len + input.size()) / blockSize) * blockSize; - } - } else if (operationTable[operHandle].info.mode == BlockMode::GCM && - operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT) { - /* Always Buffer mac length bytes */ - dataToSELen = 0; - if ((data.buf_len + input.size()) > operationTable[operHandle].info.macLength) { - dataToSELen = (data.buf_len + input.size()) - operationTable[operHandle].info.macLength; - } - } else { - /* No Buffering */ - dataToSELen = input.size(); - } - //Copy data to be send to SE from buffer, only if atleast a minimum block aligned size is available. - if(dataToSELen > 0) { - bufferLengthConsumed = (dataToSELen > data.buf_len) ? data.buf_len : dataToSELen; - out.insert(out.end(), data.buf, data.buf + bufferLengthConsumed); - } - } - - if(dataToSELen > 0) { - //If buffer length is greater than the data length to be send to SE, then input data consumed is 0. - //That means all the data to be send to SE is consumed from the buffer. - //The buffer length might become greater than dataToSELen in the cases where we are saving the last block of - //data i.e. AES/TDES Decryption with PKC7Padding or AES GCM Decryption operations. - inputConsumed = (data.buf_len > dataToSELen) ? 0 : (dataToSELen - data.buf_len); - - // Copy the buffer to be send to SE. - if (inputConsumed > 0) { - out.insert(out.end(), input.begin(), input.begin() + inputConsumed); - } - - if (bufferLengthConsumed < data.buf_len) { - // Only a portion of data is consumed from buffer so reorder the buffer data. - memmove(data.buf, (data.buf + bufferLengthConsumed), (data.buf_len - bufferLengthConsumed)); - memset((data.buf + data.buf_len - bufferLengthConsumed), 0x00, bufferLengthConsumed); - data.buf_len -= bufferLengthConsumed; - bufIndex = data.buf_len; - } else { - // All the data is consumed so clear buffer - if(data.buf_len != 0) { - memset(data.buf, 0x00, sizeof(data.buf)); - bufIndex = data.buf_len = 0; - } - } - } - - //Store the remaining buffer for later use. - data.buf_len += (input.size() - inputConsumed); - std::copy(input.begin() + inputConsumed, input.end(), data.buf + bufIndex); - return ErrorCode::OK; -} - -ErrorCode OperationContext::handleInternalUpdate(uint64_t operHandle, std::vector& data, Operation opr, - sendDataToSE_cb cb, bool finish) { - ErrorCode errorCode = ErrorCode::OK; - std::vector out; - if(Algorithm::AES == operationTable[operHandle].info.alg || - Algorithm::TRIPLE_DES == operationTable[operHandle].info.alg) { - /*Symmetric */ - if(ErrorCode::OK != (errorCode = bufferData(operHandle, data, - opr, out))) { - return errorCode; - } - //Call the callback under these condition - //1. if it is a finish operation. - //2. if there is some data to be send to Javacard.(either update or finish operation). - //3. if the operation is GCM Mode. Even though there is no data to be send there could be AAD data to be sent to - //javacard. - if(finish || out.size() > 0 || BlockMode::GCM == operationTable[operHandle].info.mode) { - if(ErrorCode::OK != (errorCode = cb(out, finish))) { - return errorCode; - } - } - } else { - /* Asymmetric */ - if(operationTable[operHandle].info.purpose == KeyPurpose::DECRYPT || - operationTable[operHandle].info.digest == Digest::NONE) { - //In case of Decrypt operation or Sign operation with no digest case, buffer the data in - //update call and send it to SE in finish call. - if(finish) { - //If finish flag is true all the data has to be sent to javacard. - out.insert(out.end(), operationTable[operHandle].data.buf, operationTable[operHandle].data.buf + - operationTable[operHandle].data.buf_len); - out.insert(out.end(), data.begin(), data.end()); - //As buffered data is already consumed earse the buffer. - if(operationTable[operHandle].data.buf_len != 0) { - memset(operationTable[operHandle].data.buf, 0x00, sizeof(operationTable[operHandle].data.buf)); - operationTable[operHandle].data.buf_len = 0; - } - if(ErrorCode::OK != (errorCode = cb(out, finish))) { - return errorCode; - } - } else { - //For strongbox keymaster, in NoDigest case the length of the input message for RSA should not be more than - //256 and for EC it should not be more than 32. This validation is already happening in - //validateInputData function. - size_t bufIndex = operationTable[operHandle].data.buf_len; - std::copy(data.begin(), data.end(), operationTable[operHandle].data.buf + bufIndex); - operationTable[operHandle].data.buf_len += data.size(); - } - } else { /* With Digest */ - out.insert(out.end(), data.begin(), data.end()); - //if len=0, then no need to call the callback, since there is no information to be send to javacard, - // but if finish flag is true irrespective of length the callback should be called. - if(!out.empty() || finish) { - if(ErrorCode::OK != (errorCode = cb(out, finish))) { - return errorCode; - } - } - } - } - return errorCode; -} - - -} // namespace javacard -} // namespace V4_1 -} // namespace keymaster diff --git a/HAL/keymaster/4.1/OmapiTransport.cpp b/HAL/keymaster/4.1/OmapiTransport.cpp deleted file mode 100644 index 5aaefc91..00000000 --- a/HAL/keymaster/4.1/OmapiTransport.cpp +++ /dev/null @@ -1,49 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ -#include -#include -#include -#include -#include -#include -#include "Transport.h" - -#define PORT 8080 -#define IPADDR "10.9.40.24" -#define UNUSED_V(a) a=a - -namespace se_transport { - -bool OmapiTransport::openConnection() { - return true; -} - -bool OmapiTransport::sendData(const uint8_t* inData, const size_t inLen, std::vector& output) { - std::vector test(inData, inData+inLen); - output = std::move(test); - return true; -} - -bool OmapiTransport::closeConnection() { - return true; -} - -bool OmapiTransport::isConnected() { - return true; -} - -} diff --git a/HAL/keymaster/Android.bp b/HAL/keymaster/Android.bp deleted file mode 100644 index 9bfe7faa..00000000 --- a/HAL/keymaster/Android.bp +++ /dev/null @@ -1,143 +0,0 @@ -// Copyright (C) 2020 The Android Open Source Project -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. -// - - -cc_binary { - name: "android.hardware.keymaster@4.1-strongbox.service", - relative_install_path: "hw", - vendor: true, - init_rc: ["4.1/android.hardware.keymaster@4.1-strongbox.service.rc"], - vintf_fragments: ["4.1/android.hardware.keymaster@4.1-strongbox.service.xml"], - srcs: [ - "4.1/service.cpp", - "4.1/JavacardKeymaster4Device.cpp", - "4.1/JavacardSoftKeymasterContext.cpp", - "4.1/JavacardOperationContext.cpp", - ], - local_include_dirs: [ - "include", - ], - shared_libs: [ - "liblog", - "libcutils", - "libdl", - "libbase", - "libutils", - "libhardware", - "libhidlbase", - "libsoftkeymasterdevice", - "libsoft_attestation_cert", - "libkeymaster_messages", - "libkeymaster_portable", - "libcppbor_external", - "android.hardware.keymaster@4.1", - "android.hardware.keymaster@4.0", - "libjc_transport", - "libjc_common", - "libcrypto", - ], - required: [ - "android.hardware.strongbox_keystore.xml", - ], -} - -cc_library { - name: "libJavacardKeymaster41", - srcs: [ - "4.1/JavacardKeymaster4Device.cpp", - "4.1/CborConverter.cpp", - "4.1/JavacardSoftKeymasterContext.cpp", - "4.1/JavacardOperationContext.cpp", - "4.1/CommonUtils.cpp", - ], - local_include_dirs: [ - "include", - ], - shared_libs: [ - "liblog", - "libcutils", - "libdl", - "libbase", - "libutils", - "libhardware", - "libhidlbase", - "libsoftkeymasterdevice", - "libsoft_attestation_cert", - "libkeymaster_messages", - "libkeymaster_portable", - "libcppbor_external", - "android.hardware.keymaster@4.1", - "android.hardware.keymaster@4.0", - "libjc_transport", - "libcrypto", - ], -} - -cc_library { - name: "libjc_transport", - vendor_available: true, - - srcs: [ - "4.1/SocketTransport.cpp", - "4.1/OmapiTransport.cpp" - ], - export_include_dirs: [ - "include" - ], - shared_libs: [ - "libbinder", - "libbase", - "liblog", - ], -} - -cc_library { - name: "libjc_common", - vendor_available: true, - srcs: [ - "4.1/CommonUtils.cpp", - "4.1/CborConverter.cpp", - ], - local_include_dirs: [ - "include", - ], - export_include_dirs: [ - "include" - ], - shared_libs: [ - "liblog", - "libcutils", - "libdl", - "libbase", - "libutils", - "libhardware", - "libhidlbase", - "libsoftkeymasterdevice", - "libsoft_attestation_cert", - "libkeymaster_messages", - "libkeymaster_portable", - "libcppbor_external", - "android.hardware.keymaster@4.1", - "android.hardware.keymaster@4.0", - "libcrypto", - ], -} - -prebuilt_etc { - name: "android.hardware.strongbox_keystore.xml", - sub_dir: "permissions", - vendor: true, - src: "4.1/android.hardware.strongbox_keystore.xml", -} diff --git a/HAL/keymaster/include/CborConverter.h b/HAL/keymaster/include/CborConverter.h deleted file mode 100644 index 45855244..00000000 --- a/HAL/keymaster/include/CborConverter.h +++ /dev/null @@ -1,231 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#ifndef __CBOR_CONVERTER_H_ -#define __CBOR_CONVERTER_H_ - -#include -#include -#include -#include -#include -#include - -using namespace cppbor; - -using ::android::hardware::hidl_vec; -using ::android::hardware::keymaster::V4_0::ErrorCode; -using ::android::hardware::keymaster::V4_0::HardwareAuthToken; -using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; -using ::android::hardware::keymaster::V4_0::HmacSharingParameters; -using ::android::hardware::keymaster::V4_0::KeyParameter; -using ::android::hardware::keymaster::V4_0::VerificationToken; -using ::android::hardware::keymaster::V4_0::KeyCharacteristics; -using ::android::hardware::keymaster::V4_0::SecurityLevel; -using ::android::hardware::keymaster::V4_0::TagType; -using ::android::hardware::keymaster::V4_0::Tag; - -class CborConverter -{ - public: - CborConverter() = default; - ~CborConverter() = default; - - /** - * Parses the input data which is in CBOR format and returns a Tuple of Item pointer and the first element in the item pointer. - */ - template - std::tuple, T> decodeData(const std::vector& response, bool - hasErrorCode) { - const uint8_t* pos; - std::unique_ptr item(nullptr); - std::string message; - T errorCode = T::OK; - - std::tie(item, pos, message) = parse(response); - - if(item != nullptr && hasErrorCode) { - if(MajorType::ARRAY == getType(item)) { - if(!getErrorCode(item, 0, errorCode)) - item = nullptr; - } else if (MajorType::UINT == getType(item)) { - uint64_t err; - if(getUint64(item, err)) { - errorCode = static_cast(err); - } - item = nullptr; /*Already read the errorCode. So no need of sending item to client */ - } - } - return {std::move(item), errorCode}; - } - - /** - * Get the signed/unsigned integer value at a given position from the item pointer. - */ - template - bool getUint64(const std::unique_ptr& item, const uint32_t pos, T& value); - - /** - * Get the signed/unsigned integer value from the item pointer. - */ - template - bool getUint64(const std::unique_ptr& item, T& value); - - /** - * Get the HmacSharingParameters structure value at the given position from the item pointer. - */ - bool getHmacSharingParameters(const std::unique_ptr& item, const uint32_t pos, HmacSharingParameters& params); - - /** - * Get the Binary string at the given position from the item pointer. - */ - bool getBinaryArray(const std::unique_ptr& item, const uint32_t pos, ::android::hardware::hidl_string& value); - - /** - * Get the Binary string at the given position from the item pointer. - */ - bool getBinaryArray(const std::unique_ptr& item, const uint32_t pos, std::vector& value); - - /** - * Get the Binary string at the given position from the item pointer. - */ - bool getBinaryArray(const std::unique_ptr& item, const uint32_t pos, - ::android::hardware::hidl_vec& value); - /** - * Get the HardwareAuthToken value at the given position from the item pointer. - */ - bool getHardwareAuthToken(const std::unique_ptr& item, const uint32_t pos, HardwareAuthToken& authType); - - /** - * Get the list of KeyParameters value at the given position from the item pointer. - */ - bool getKeyParameters(const std::unique_ptr& item, const uint32_t pos, android::hardware::hidl_vec& keyParams); - - /** - * Adds the the list of KeyParameters values to the Array item. - */ - bool addKeyparameters(Array& array, const android::hardware::hidl_vec& - keyParams); - - /** - * Add HardwareAuthToken value to the Array item. - */ - bool addHardwareAuthToken(Array& array, const HardwareAuthToken& - authToken); - - /** - * Get the VerificationToken value at the given position from the item pointer. - */ - bool getVerificationToken(const std::unique_ptr& item, const uint32_t pos, VerificationToken& - token); - - /** - * Get the KeyCharacteristics value at the given position from the item pointer. - */ - bool getKeyCharacteristics(const std::unique_ptr &item, const uint32_t pos, - KeyCharacteristics& keyCharacteristics); - - /** - * Get the list of binary arrays at the given position from the item pointer. - */ - bool getMultiBinaryArray(const std::unique_ptr& item, const uint32_t pos, - std::vector>& data); - - /** - * Add VerificationToken value to the Array item. - */ - bool addVerificationToken(Array& array, const VerificationToken& - verificationToken, std::vector& encodedParamsVerified); - - /** - * Get the ErrorCode value at the give position from the item pointer. - */ - template) || - (std::is_same_v)>> - inline bool getErrorCode(const std::unique_ptr& item, const uint32_t pos, T& errorCode) { - bool ret = false; - uint64_t errorVal; - if (!getUint64(item, pos, errorVal)) { - return ret; - } - errorCode = static_cast(errorVal); - - ret = true; - return ret; - } - - private: - /** - * Get the type of the Item pointer. - */ - inline MajorType getType(const std::unique_ptr &item) { return item.get()->type(); } - - /** - * Construct Keyparameter structure from the pair of key and value. If TagType is ENUM_REP the value contains - * binary string. If TagType is UINT_REP or ULONG_REP the value contains Array of unsigned integers. - */ - bool getKeyParameter(const std::pair&, - const std::unique_ptr&> pair, std::vector& keyParam); - - /** - * Get the sub item pointer from the root item pointer at the given position. - */ - inline void getItemAtPos(const std::unique_ptr& item, const uint32_t pos, std::unique_ptr& subItem) { - Array* arr = nullptr; - - if (MajorType::ARRAY != getType(item)) { - return; - } - arr = const_cast(item.get()->asArray()); - if (arr->size() < (pos + 1)) { - return; - } - subItem = std::move((*arr)[pos]); - } -}; - -template -bool CborConverter::getUint64(const std::unique_ptr& item, T& value) { - bool ret = false; - if ((item == nullptr) || - (std::is_unsigned::value && (MajorType::UINT != getType(item))) || - ((std::is_signed::value && (MajorType::NINT != getType(item))))) { - return ret; - } - - if (std::is_unsigned::value) { - const Uint* uintVal = item.get()->asUint(); - value = uintVal->value(); - } - else { - const Nint* nintVal = item.get()->asNint(); - value = nintVal->value(); - } - ret = true; - return ret; //success -} - -template -bool CborConverter::getUint64(const std::unique_ptr& item, const uint32_t pos, T& value) { - std::unique_ptr intItem(nullptr); - getItemAtPos(item, pos, intItem); - return getUint64(intItem, value); -} - - - -#endif diff --git a/HAL/keymaster/include/CommonUtils.h b/HAL/keymaster/include/CommonUtils.h deleted file mode 100644 index 8fd247f7..00000000 --- a/HAL/keymaster/include/CommonUtils.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - - -#ifndef KEYMASTER_V4_1_JAVACARD_COMMONUTILS_H_ -#define KEYMASTER_V4_1_JAVACARD_COMMONUTILS_H_ - -#include -#include -#include - -namespace keymaster { -namespace V4_1 { -namespace javacard { -using ::android::hardware::hidl_vec; -using ::android::hardware::keymaster::V4_0::ErrorCode; -using ::android::hardware::keymaster::V4_0::Tag; -using ::android::hardware::keymaster::V4_0::KeyFormat; -using ::android::hardware::keymaster::V4_0::KeyParameter; -using ::android::hardware::keymaster::V4_0::KeyPurpose; -using ::android::hardware::keymaster::V4_0::EcCurve; - -inline ErrorCode legacy_enum_conversion(const keymaster_error_t value) { - return static_cast(value); -} - -inline keymaster_purpose_t legacy_enum_conversion(const KeyPurpose value) { - return static_cast(value); -} - -inline keymaster_key_format_t legacy_enum_conversion(const KeyFormat value) { - return static_cast(value); -} - -inline keymaster_tag_t legacy_enum_conversion(const Tag value) { - return keymaster_tag_t(value); -} - -inline Tag legacy_enum_conversion(const keymaster_tag_t value) { - return Tag(value); -} - -inline keymaster_tag_type_t typeFromTag(const keymaster_tag_t tag) { - return keymaster_tag_get_type(tag); -} - -inline hidl_vec kmBuffer2hidlVec(const ::keymaster::Buffer& buf) { - return hidl_vec(buf.begin(), buf.end()); -} - -inline void blob2Vec(const uint8_t *from, size_t size, std::vector& to) { - for(int i = 0; i < size; ++i) { - to.push_back(from[i]); - } -} - -inline hidl_vec kmBlob2hidlVec(const keymaster_blob_t& blob) { - return hidl_vec(blob.data, blob.data+blob.data_length); -} - -keymaster_key_param_set_t hidlKeyParams2Km(const hidl_vec& keyParams); - -hidl_vec kmParamSet2Hidl(const keymaster_key_param_set_t& set); - -ErrorCode rsaRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& privateExp, std::vector& -pubModulus); - -ErrorCode ecRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& secret, std::vector& -publicKey, EcCurve& eccurve); - -ErrorCode getCertificateChain(std::vector& chainBuffer, std::vector>& certChain); - -uint32_t GetVendorPatchlevel(); - -class KmParamSet : public keymaster_key_param_set_t { - public: - explicit KmParamSet(const hidl_vec& keyParams) - : keymaster_key_param_set_t(hidlKeyParams2Km(keyParams)) {} - KmParamSet(KmParamSet&& other) : keymaster_key_param_set_t{other.params, other.length} { - other.length = 0; - other.params = nullptr; - } - KmParamSet(const KmParamSet&) = delete; - ~KmParamSet() { delete[] params; } -}; - -} // namespace javacard -} // namespace V4_1 -} // namespace keymaster -#endif //KEYMASTER_V4_1_JAVACARD_COMMONUTILS_H_ diff --git a/HAL/keymaster/include/JavacardKeymaster4Device.h b/HAL/keymaster/include/JavacardKeymaster4Device.h deleted file mode 100644 index 617457b1..00000000 --- a/HAL/keymaster/include/JavacardKeymaster4Device.h +++ /dev/null @@ -1,168 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#ifndef KEYMASTER_V4_1_JAVACARD_JAVACARDKEYMASTER4DEVICE_H_ -#define KEYMASTER_V4_1_JAVACARD_JAVACARDKEYMASTER4DEVICE_H_ - -#include -#include -#include -#include -#include "CborConverter.h" -#include "TransportFactory.h" -#include -#include -#include -#include -#include -#include - -namespace keymaster { -namespace V4_1 { -namespace javacard { -#define INS_BEGIN_KM_CMD 0x00 -#define INS_END_KM_PROVISION_CMD 0x20 -#define INS_END_KM_CMD 0x7F - -using ::android::hardware::hidl_vec; -using ::android::hardware::hidl_string; -using ::android::hardware::Return; -using ::android::hardware::Void; - -using ::android::hardware::keymaster::V4_0::ErrorCode; -using ::android::hardware::keymaster::V4_0::HardwareAuthenticatorType; -using ::android::hardware::keymaster::V4_0::HardwareAuthToken; -using ::android::hardware::keymaster::V4_0::HmacSharingParameters; -using ::android::hardware::keymaster::V4_0::KeyCharacteristics; -using ::android::hardware::keymaster::V4_0::KeyFormat; -using ::android::hardware::keymaster::V4_0::KeyParameter; -using ::android::hardware::keymaster::V4_0::KeyPurpose; -using ::android::hardware::keymaster::V4_0::OperationHandle; -using ::android::hardware::keymaster::V4_0::SecurityLevel; -using ::android::hardware::keymaster::V4_0::VerificationToken; -using ::android::hardware::keymaster::V4_1::IKeymasterDevice; -using ::android::hardware::keymaster::V4_0::Tag; - -using V41ErrorCode = ::android::hardware::keymaster::V4_1::ErrorCode; - -enum class OperationType { - /* Public operations are processed inside softkeymaster */ - PUBLIC_OPERATION = 0, - /* Private operations are processed inside strongbox */ - PRIVATE_OPERATION = 1, - UNKNOWN = 2, -}; - -enum class Instruction { - // Keymaster commands - INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD+1, - INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+2, - INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD+3, - INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD+4, - INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD+5, - INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD+6, - INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD+7, - INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD+8, - INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD+9, - INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD+10, - INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD+11, - INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD+12, - INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD+13, - INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD+14, - INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD+15, - INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD+16, - INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD+17, - INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD+18, - INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD+19, - INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD+20, - INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD+21, - INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD+22, - INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD+7, - INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD+8, -}; - -class JavacardKeymaster4Device : public IKeymasterDevice { - public: - - JavacardKeymaster4Device(); - virtual ~JavacardKeymaster4Device(); - - // Methods from ::android::hardware::keymaster::V4_0::IKeymasterDevice follow. - Return getHardwareInfo(getHardwareInfo_cb _hidl_cb) override; - Return getHmacSharingParameters(getHmacSharingParameters_cb _hidl_cb) override; - Return computeSharedHmac(const hidl_vec& params, computeSharedHmac_cb _hidl_cb) override; - Return verifyAuthorization(uint64_t operationHandle, const hidl_vec& parametersToVerify, const HardwareAuthToken& authToken, verifyAuthorization_cb _hidl_cb) override; - Return addRngEntropy(const hidl_vec& data) override; - Return generateKey(const hidl_vec& keyParams, generateKey_cb _hidl_cb) override; - Return importKey(const hidl_vec& keyParams, KeyFormat keyFormat, const hidl_vec& keyData, importKey_cb _hidl_cb) override; - Return importWrappedKey(const hidl_vec& wrappedKeyData, const hidl_vec& wrappingKeyBlob, const hidl_vec& maskingKey, const hidl_vec& unwrappingParams, uint64_t passwordSid, uint64_t biometricSid, importWrappedKey_cb _hidl_cb) override; - Return getKeyCharacteristics(const hidl_vec& keyBlob, const hidl_vec& clientId, const hidl_vec& appData, getKeyCharacteristics_cb _hidl_cb) override; - Return exportKey(KeyFormat keyFormat, const hidl_vec& keyBlob, const hidl_vec& clientId, const hidl_vec& appData, exportKey_cb _hidl_cb) override; - Return attestKey(const hidl_vec& keyToAttest, const hidl_vec& attestParams, attestKey_cb _hidl_cb) override; - Return upgradeKey(const hidl_vec& keyBlobToUpgrade, const hidl_vec& upgradeParams, upgradeKey_cb _hidl_cb) override; - Return deleteKey(const hidl_vec& keyBlob) override; - Return deleteAllKeys() override; - Return destroyAttestationIds() override; - Return begin(KeyPurpose purpose, const hidl_vec& keyBlob, const hidl_vec& inParams, const HardwareAuthToken& authToken, begin_cb _hidl_cb) override; - Return update(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, update_cb _hidl_cb) override; - Return finish(uint64_t operationHandle, const hidl_vec& inParams, const hidl_vec& input, const hidl_vec& signature, const HardwareAuthToken& authToken, const VerificationToken& verificationToken, finish_cb _hidl_cb) override; - Return abort(uint64_t operationHandle) override; - - // Methods from ::android::hardware::keymaster::V4_1::IKeymasterDevice follow. - Return deviceLocked(bool passwordOnly, const VerificationToken& verificationToken) override; - Return earlyBootEnded() override; - - private: - ErrorCode handleBeginPublicKeyOperation(KeyPurpose purpose, const hidl_vec& keyBlob, - const hidl_vec& inParams, - hidl_vec& outParams, - uint64_t& operationHandle); - - ErrorCode handleBeginPrivateKeyOperation(KeyPurpose purpose, const hidl_vec& keyBlob, - const hidl_vec& inParams, - const HardwareAuthToken& authToken, - hidl_vec& outParams, - uint64_t& operationHandle); - - ErrorCode handleBeginOperation(KeyPurpose purpose, const hidl_vec& keyBlob, - const hidl_vec& inParams, - const HardwareAuthToken& authToken, - hidl_vec& outParams, uint64_t& operationHandle, - OperationType& operType); - - ErrorCode abortOperation(uint64_t operationHandle, OperationType operType); - - ErrorCode abortPublicKeyOperation(uint64_t operationHandle); - - ErrorCode abortPrivateKeyOperation(uint64_t operationHandle); - - ErrorCode sendData(Instruction ins, std::vector& inData, std::vector& response); - ErrorCode setAndroidSystemProperties(); - void handleSendEarlyBootEndedEvent(); - - std::unique_ptr<::keymaster::AndroidKeymaster> softKm_; - std::unique_ptr oprCtx_; - bool isEachSystemPropertySet; - bool isEarlyBootEventPending; - CborConverter cborConverter_; -}; - -} // namespace javacard -} // namespace V4_1 -} // namespace keymaster - -#endif // KEYMASTER_V4_1_JAVACARD_JAVACARDKEYMASTER4DEVICE_H_ diff --git a/HAL/keymaster/include/JavacardOperationContext.h b/HAL/keymaster/include/JavacardOperationContext.h deleted file mode 100644 index 0d452c67..00000000 --- a/HAL/keymaster/include/JavacardOperationContext.h +++ /dev/null @@ -1,155 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ - -#ifndef KEYMASTER_V4_1_JAVACARD_OPERATIONCONTEXT_H_ -#define KEYMASTER_V4_1_JAVACARD_OPERATIONCONTEXT_H_ - -#include -#include - -#define MAX_BUF_SIZE 256 - -namespace keymaster { -namespace V4_1 { -namespace javacard { - -using ::android::hardware::hidl_vec; -using ::android::hardware::keymaster::V4_0::ErrorCode; -using ::android::hardware::keymaster::V4_0::Algorithm; -using ::android::hardware::keymaster::V4_0::KeyPurpose; -using ::android::hardware::keymaster::V4_0::Digest; -using ::android::hardware::keymaster::V4_0::PaddingMode; -using ::android::hardware::keymaster::V4_0::KeyParameter; -using ::android::hardware::keymaster::V4_0::BlockMode; -using ::android::hardware::keymaster::V4_0::Tag; - -/** - * Callback function to send data back to the caller. - */ -using sendDataToSE_cb = std::function& data, bool finish)>; - -enum class Operation; - -/** - * This struct is used to store the buffered data. - */ -struct BufferedData { - uint8_t buf[MAX_BUF_SIZE]; - uint32_t buf_len; -}; - -/** - * This struct is used to store the operation info. - */ -struct OperationInfo { - Algorithm alg; - KeyPurpose purpose; - Digest digest; - PaddingMode pad; - BlockMode mode; - uint32_t macLength; -}; - -/** - * OperationContext uses this struct to store the buffered data and the correspoding operation info. - */ -struct OperationData { - OperationInfo info; - BufferedData data; -}; - -/** - * This class manages the data that is send for any crypto operation. - * - * For Symmetric operations, update function sends only block aligned data and stores the remaining data in the buffer - * so at any point the buffer may contain data ranging from 0 to a maximum of block size, where as finish function sends - * all the data (input data + buffered data) to the caller and clears the buffer. To support PKCS#7 padding removal, - * the last block size from the input is always buffered in update operation and this last block is sent in finish - * operation. - * - * For Asymmetric operations, if the operation is with Digest then the input data is not buffered, where as if the - * operation is with no Digest then update function buffers the input data and finish function extracts the data from - * buffer and sends to the caller. Update and finish functions does validation on the input data based on the algorithm. - * - * In General, the maximum allowed input data that is sent is limited to MAX_ALLOWED_INPUT_SIZE. If the input data - * exceeds this limit each update or finish function divides the input data into chunks of MAX_ALLOWED_INPUT_SIZE and - * sends each chunk back to the caller through update callback. - */ -class OperationContext { - -public: - OperationContext(){} - ~OperationContext() {} - /** - * In Begin operation caller has to call this function to store the operation data corresponding to the operation - * handle. - */ - ErrorCode setOperationInfo(uint64_t operationHandle, KeyPurpose purpose, Algorithm alg, const hidl_vec& params); - /** - * This function clears the operation data from the map. Caller has to call this function once the operation is done - * or if there is any error while processing the operation. - */ - ErrorCode clearOperationData(uint64_t operationHandle); - /** - * This function validaes the input data based on the algorithm and does process on the data to either store it or - * send back to the caller. The data is sent using sendDataTOSE_cb callback. - */ - ErrorCode update(uint64_t operHandle, const std::vector& input, sendDataToSE_cb cb); - /** - * This function validaes the input data based on the algorithm and send all the input data along with buffered data - * to the caller. The data is sent using sendDataTOSE_cb callback. - */ - ErrorCode finish(uint64_t operHandle, const std::vector& input, sendDataToSE_cb cb); - -private: - /** - * This is used to store the operation related info and the buffered data. Key is the operation handle and the value - * is OperationData. - */ - std::map operationTable; - - /* Helper functions */ - - /** - * This fucntion validates the input data based on the algorithm and the operation info parameters. This function - * also does a processing on the input data if either the algorithm is EC or if it is a Finish operation. For EC - * operations it truncates the input data if it exceeds 32 bytes for No Digest case. In case of finish operations - * this function combines both the buffered data and input data if both exceeds MAX_ALLOWED_INPUT_SIZE. - */ - ErrorCode validateInputData(uint64_t operHandle, Operation opr, const std::vector& actualInput, - std::vector& input); - /** - * This function is used for Symmetric operations. It extracts the block sized data from the input and buffers the - * reamining data for update calls only. For finish calls it extracts all the buffered data combines it with - * input data. - */ - ErrorCode bufferData(uint64_t operHandle, std::vector& input, - Operation opr, std::vector& out); - /** - * This function sends the data back to the caller using callback functions. It does some processing on input data - * for Asymmetic operations. - */ - ErrorCode handleInternalUpdate(uint64_t operHandle, std::vector& data, Operation opr, - sendDataToSE_cb cb, bool finish = false); - -}; - -} // namespace javacard -} // namespace V4_1 -} // namespace keymaster - -#endif // KEYMASTER_V4_1_JAVACARD_OPERATIONCONTEXT_H_ diff --git a/HAL/keymaster/include/Transport.h b/HAL/keymaster/include/Transport.h deleted file mode 100644 index c6674dca..00000000 --- a/HAL/keymaster/include/Transport.h +++ /dev/null @@ -1,112 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ -#ifndef __SE_TRANSPORT__ -#define __SE_TRANSPORT__ - -namespace se_transport { - -/** - * ITransport is an abstract interface with a set of virtual methods that allow communication between the keymaster - * HAL and the secure element. - */ -class ITransport { - public: - virtual ~ITransport(){} - - /** - * Opens connection. - */ - virtual bool openConnection() = 0; - /** - * Send data over communication channel and receives data back from the remote end. - */ - virtual bool sendData(const uint8_t* inData, const size_t inLen, std::vector& output) = 0; - /** - * Closes the connection. - */ - virtual bool closeConnection() = 0; - /** - * Returns the state of the connection status. Returns true if the connection is active, false if connection is - * broken. - */ - virtual bool isConnected() = 0; - -}; - -/** - * OmapiTransport is derived from ITransport. This class gets the OMAPI service binder instance and uses IPC to - * communicate with OMAPI service. OMAPI inturn communicates with hardware via ISecureElement. - */ -class OmapiTransport : public ITransport { - -public: - - /** - * Gets the binder instance of ISEService, gets the reader corresponding to secure element, establishes a session - * and opens a basic channel. - */ - bool openConnection() override; - /** - * Transmists the data over the opened basic channel and receives the data back. - */ - bool sendData(const uint8_t* inData, const size_t inLen, std::vector& output) override; - - /** - * Closes the connection. - */ - bool closeConnection() override; - /** - * Returns the state of the connection status. Returns true if the connection is active, false if connection is - * broken. - */ - bool isConnected() override; - -}; - -class SocketTransport : public ITransport { - -public: - SocketTransport() : mSocket(-1), mSocketStatus(false){ - } - /** - * Creates a socket instance and connects to the provided server IP and port. - */ - bool openConnection() override; - /** - * Sends data over socket and receives data back. - */ - bool sendData(const uint8_t* inData, const size_t inLen, std::vector& output) override; - - /** - * Closes the connection. - */ - bool closeConnection() override; - /** - * Returns the state of the connection status. Returns true if the connection is active, false if connection is - * broken. - */ - bool isConnected() override; -private: - /** - * Socket instance. - */ - int mSocket; - bool mSocketStatus; -}; - -} -#endif /* __SE_TRANSPORT__ */ diff --git a/HAL/keymaster/include/TransportFactory.h b/HAL/keymaster/include/TransportFactory.h deleted file mode 100644 index b09e3ba9..00000000 --- a/HAL/keymaster/include/TransportFactory.h +++ /dev/null @@ -1,76 +0,0 @@ -/* - ** - ** Copyright 2020, The Android Open Source Project - ** - ** Licensed under the Apache License, Version 2.0 (the "License"); - ** you may not use this file except in compliance with the License. - ** You may obtain a copy of the License at - ** - ** http://www.apache.org/licenses/LICENSE-2.0 - ** - ** Unless required by applicable law or agreed to in writing, software - ** distributed under the License is distributed on an "AS IS" BASIS, - ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - ** See the License for the specific language governing permissions and - ** limitations under the License. - */ -#ifndef __SE_TRANSPORT_FACTORY__ -#define __SE_TRANSPORT_FACTORY__ - -#include "Transport.h" - -namespace se_transport { - -/** - * TransportFactory class decides which transport mechanism to be used to send data to secure element. In case of - * emulator the communication channel is socket and in case of device the communication channel is via OMAPI. - */ -class TransportFactory { - public: - TransportFactory(bool isEmulator) { - if (!isEmulator) - mTransport = std::unique_ptr(new OmapiTransport()); - else - mTransport = std::unique_ptr(new SocketTransport()); - } - - ~TransportFactory() {} - - /** - * Establishes a communication channel with the secure element. - */ - inline bool openConnection() { - return mTransport->openConnection(); - } - - /** - * Sends the data to the secure element and also receives back the data. - * This is a blocking call. - */ - inline bool sendData(const uint8_t* inData, const size_t inLen, std::vector& output) { - return mTransport->sendData(inData, inLen, output); - } - - /** - * Close the connection. - */ - inline bool closeConnection() { - return mTransport->closeConnection(); - } - - /** - * Returns the connection status of the communication channel. - */ - inline bool isConnected() { - return mTransport->isConnected(); - } - - private: - /** - * Holds the instance of either OmapiTransport class or SocketTransport class. - */ - std::unique_ptr mTransport; - -}; -} -#endif /* __SE_TRANSPORT_FACTORY__ */ diff --git a/HAL/keymaster/4.1/service.cpp b/HAL/keymasterService.cpp similarity index 61% rename from HAL/keymaster/4.1/service.cpp rename to HAL/keymasterService.cpp index cd7653d0..51d09a8d 100644 --- a/HAL/keymaster/4.1/service.cpp +++ b/HAL/keymasterService.cpp @@ -15,14 +15,27 @@ ** limitations under the License. */ +#include "KMUtils.h" +#include +#include +#include #include #include #include -#include +#include +using namespace javacard_keymaster; +using ::javacard_keymaster::JavacardKeymaster; +using ::javacard_keymaster::JavacardSecureElement; +using ::javacard_keymaster::SocketTransport; +using ::keymaster::V4_1::javacard::JavacardKeymaster4Device; int main() { ::android::hardware::configureRpcThreadpool(1, true); - auto keymaster = new ::keymaster::V4_1::javacard::JavacardKeymaster4Device(); + std::shared_ptr card = std::make_shared( + KmVersion::KEYMASTER_4_1, std::make_shared(), getOsVersion(), + getOsPatchlevel(), getVendorPatchlevel()); + std::shared_ptr jcImpl = std::make_shared(card); + auto keymaster = new JavacardKeymaster4Device(jcImpl); auto status = keymaster->registerAsService("strongbox"); if (status != android::OK) { LOG(FATAL) << "Could not register service for Javacard Keymaster 4.1 (" << status << ")"; diff --git a/HAL/keymintService.cpp b/HAL/keymintService.cpp new file mode 100644 index 00000000..54b990b7 --- /dev/null +++ b/HAL/keymintService.cpp @@ -0,0 +1,67 @@ +/* + * Copyright 2020, The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#define LOG_TAG "javacard.strongbox-service" + +#include "JavacardKeyMintDevice.h" +#include "JavacardRemotelyProvisionedComponentDevice.h" +#include "JavacardSecureElement.h" +#include "JavacardSharedSecret.h" +#include "KMUtils.h" +#include +#include +#include +#include +#include +#include +#include + +using namespace javacard_keymaster; +using aidl::android::hardware::security::keymint::JavacardKeyMintDevice; +using aidl::android::hardware::security::keymint::JavacardRemotelyProvisionedComponentDevice; +using aidl::android::hardware::security::keymint::JavacardSharedSecret; +using aidl::android::hardware::security::keymint::SecurityLevel; +using ::javacard_keymaster::JavacardKeymaster; +using ::javacard_keymaster::JavacardSecureElement; +using ::javacard_keymaster::SocketTransport; + +template std::shared_ptr addService(Args&&... args) { + std::shared_ptr ser = ndk::SharedRefBase::make(std::forward(args)...); + auto instanceName = std::string(T::descriptor) + "/strongbox"; + LOG(INFO) << "adding javacard strongbox service instance: " << instanceName; + binder_status_t status = + AServiceManager_addService(ser->asBinder().get(), instanceName.c_str()); + CHECK(status == STATUS_OK); + return ser; +} + +int main() { + ABinderProcess_setThreadPoolMaxThreadCount(0); + // Javacard Secure Element + std::shared_ptr card = std::make_shared( + KmVersion::KEYMINT_1, std::make_shared(), getOsVersion(), + getOsPatchlevel(), getVendorPatchlevel()); + std::shared_ptr jcImpl = std::make_shared(card); + // Add Keymint Service + addService(jcImpl); + // Add Shared Secret Service + addService(jcImpl); + // Add Remotely Provisioned Component Service + addService(card); + + ABinderProcess_joinThreadPool(); + return EXIT_FAILURE; // should not reach +} diff --git a/ProvisioningTool/Makefile b/ProvisioningTool/keymaster/Makefile similarity index 100% rename from ProvisioningTool/Makefile rename to ProvisioningTool/keymaster/Makefile diff --git a/ProvisioningTool/README.md b/ProvisioningTool/keymaster/README.md similarity index 100% rename from ProvisioningTool/README.md rename to ProvisioningTool/keymaster/README.md diff --git a/ProvisioningTool/include/UniquePtr.h b/ProvisioningTool/keymaster/include/UniquePtr.h similarity index 100% rename from ProvisioningTool/include/UniquePtr.h rename to ProvisioningTool/keymaster/include/UniquePtr.h diff --git a/ProvisioningTool/include/constants.h b/ProvisioningTool/keymaster/include/constants.h similarity index 97% rename from ProvisioningTool/include/constants.h rename to ProvisioningTool/keymaster/include/constants.h index ffc0011f..166fc88b 100644 --- a/ProvisioningTool/include/constants.h +++ b/ProvisioningTool/keymaster/include/constants.h @@ -70,7 +70,8 @@ constexpr uint64_t kTagAttestationIdModel = 2415919821u; constexpr uint64_t kCurveP256 = 1; constexpr uint64_t kAlgorithmEc = 3; constexpr uint64_t kDigestSha256 = 4; -constexpr uint64_t kPurposeAttest = 0x7F; +//constexpr uint64_t kPurposeAttest = 0x7F; +constexpr uint64_t kPurposeAttest = 0x07; constexpr uint64_t kKeyFormatRaw = 3; // json keys diff --git a/ProvisioningTool/include/cppbor/cppbor.h b/ProvisioningTool/keymaster/include/cppbor/cppbor.h similarity index 100% rename from ProvisioningTool/include/cppbor/cppbor.h rename to ProvisioningTool/keymaster/include/cppbor/cppbor.h diff --git a/ProvisioningTool/include/cppbor/cppbor_parse.h b/ProvisioningTool/keymaster/include/cppbor/cppbor_parse.h similarity index 100% rename from ProvisioningTool/include/cppbor/cppbor_parse.h rename to ProvisioningTool/keymaster/include/cppbor/cppbor_parse.h diff --git a/ProvisioningTool/include/json/assertions.h b/ProvisioningTool/keymaster/include/json/assertions.h similarity index 100% rename from ProvisioningTool/include/json/assertions.h rename to ProvisioningTool/keymaster/include/json/assertions.h diff --git a/ProvisioningTool/include/json/autolink.h b/ProvisioningTool/keymaster/include/json/autolink.h similarity index 100% rename from ProvisioningTool/include/json/autolink.h rename to ProvisioningTool/keymaster/include/json/autolink.h diff --git a/ProvisioningTool/include/json/config.h b/ProvisioningTool/keymaster/include/json/config.h similarity index 100% rename from ProvisioningTool/include/json/config.h rename to ProvisioningTool/keymaster/include/json/config.h diff --git a/ProvisioningTool/include/json/features.h b/ProvisioningTool/keymaster/include/json/features.h similarity index 100% rename from ProvisioningTool/include/json/features.h rename to ProvisioningTool/keymaster/include/json/features.h diff --git a/ProvisioningTool/include/json/forwards.h b/ProvisioningTool/keymaster/include/json/forwards.h similarity index 100% rename from ProvisioningTool/include/json/forwards.h rename to ProvisioningTool/keymaster/include/json/forwards.h diff --git a/ProvisioningTool/include/json/json.h b/ProvisioningTool/keymaster/include/json/json.h similarity index 100% rename from ProvisioningTool/include/json/json.h rename to ProvisioningTool/keymaster/include/json/json.h diff --git a/ProvisioningTool/include/json/reader.h b/ProvisioningTool/keymaster/include/json/reader.h similarity index 100% rename from ProvisioningTool/include/json/reader.h rename to ProvisioningTool/keymaster/include/json/reader.h diff --git a/ProvisioningTool/include/json/value.h b/ProvisioningTool/keymaster/include/json/value.h similarity index 100% rename from ProvisioningTool/include/json/value.h rename to ProvisioningTool/keymaster/include/json/value.h diff --git a/ProvisioningTool/include/json/version.h b/ProvisioningTool/keymaster/include/json/version.h similarity index 100% rename from ProvisioningTool/include/json/version.h rename to ProvisioningTool/keymaster/include/json/version.h diff --git a/ProvisioningTool/include/json/writer.h b/ProvisioningTool/keymaster/include/json/writer.h similarity index 100% rename from ProvisioningTool/include/json/writer.h rename to ProvisioningTool/keymaster/include/json/writer.h diff --git a/ProvisioningTool/include/socket.h b/ProvisioningTool/keymaster/include/socket.h similarity index 100% rename from ProvisioningTool/include/socket.h rename to ProvisioningTool/keymaster/include/socket.h diff --git a/ProvisioningTool/include/utils.h b/ProvisioningTool/keymaster/include/utils.h similarity index 100% rename from ProvisioningTool/include/utils.h rename to ProvisioningTool/keymaster/include/utils.h diff --git a/ProvisioningTool/lib/README.md b/ProvisioningTool/keymaster/lib/README.md similarity index 100% rename from ProvisioningTool/lib/README.md rename to ProvisioningTool/keymaster/lib/README.md diff --git a/ProvisioningTool/lib/libjsoncpp.a b/ProvisioningTool/keymaster/lib/libjsoncpp.a similarity index 100% rename from ProvisioningTool/lib/libjsoncpp.a rename to ProvisioningTool/keymaster/lib/libjsoncpp.a diff --git a/ProvisioningTool/lib/libjsoncpp.so b/ProvisioningTool/keymaster/lib/libjsoncpp.so similarity index 100% rename from ProvisioningTool/lib/libjsoncpp.so rename to ProvisioningTool/keymaster/lib/libjsoncpp.so diff --git a/ProvisioningTool/lib/libjsoncpp.so.0 b/ProvisioningTool/keymaster/lib/libjsoncpp.so.0 similarity index 100% rename from ProvisioningTool/lib/libjsoncpp.so.0 rename to ProvisioningTool/keymaster/lib/libjsoncpp.so.0 diff --git a/ProvisioningTool/lib/libjsoncpp.so.0.10.7 b/ProvisioningTool/keymaster/lib/libjsoncpp.so.0.10.7 similarity index 100% rename from ProvisioningTool/lib/libjsoncpp.so.0.10.7 rename to ProvisioningTool/keymaster/lib/libjsoncpp.so.0.10.7 diff --git a/ProvisioningTool/sample_json_cf.txt b/ProvisioningTool/keymaster/sample_json_cf.txt similarity index 100% rename from ProvisioningTool/sample_json_cf.txt rename to ProvisioningTool/keymaster/sample_json_cf.txt diff --git a/ProvisioningTool/sample_json_gf.txt b/ProvisioningTool/keymaster/sample_json_gf.txt similarity index 100% rename from ProvisioningTool/sample_json_gf.txt rename to ProvisioningTool/keymaster/sample_json_gf.txt diff --git a/ProvisioningTool/src/construct_apdus.cpp b/ProvisioningTool/keymaster/src/construct_apdus.cpp similarity index 100% rename from ProvisioningTool/src/construct_apdus.cpp rename to ProvisioningTool/keymaster/src/construct_apdus.cpp diff --git a/ProvisioningTool/src/cppbor.cpp b/ProvisioningTool/keymaster/src/cppbor.cpp similarity index 100% rename from ProvisioningTool/src/cppbor.cpp rename to ProvisioningTool/keymaster/src/cppbor.cpp diff --git a/ProvisioningTool/src/cppbor_parse.cpp b/ProvisioningTool/keymaster/src/cppbor_parse.cpp similarity index 100% rename from ProvisioningTool/src/cppbor_parse.cpp rename to ProvisioningTool/keymaster/src/cppbor_parse.cpp diff --git a/ProvisioningTool/src/provision.cpp b/ProvisioningTool/keymaster/src/provision.cpp similarity index 100% rename from ProvisioningTool/src/provision.cpp rename to ProvisioningTool/keymaster/src/provision.cpp diff --git a/ProvisioningTool/src/socket.cpp b/ProvisioningTool/keymaster/src/socket.cpp similarity index 100% rename from ProvisioningTool/src/socket.cpp rename to ProvisioningTool/keymaster/src/socket.cpp diff --git a/ProvisioningTool/src/utils.cpp b/ProvisioningTool/keymaster/src/utils.cpp similarity index 100% rename from ProvisioningTool/src/utils.cpp rename to ProvisioningTool/keymaster/src/utils.cpp diff --git a/ProvisioningTool/test_resources/batch_cert.der b/ProvisioningTool/keymaster/test_resources/batch_cert.der similarity index 100% rename from ProvisioningTool/test_resources/batch_cert.der rename to ProvisioningTool/keymaster/test_resources/batch_cert.der diff --git a/ProvisioningTool/test_resources/batch_key.der b/ProvisioningTool/keymaster/test_resources/batch_key.der similarity index 100% rename from ProvisioningTool/test_resources/batch_key.der rename to ProvisioningTool/keymaster/test_resources/batch_key.der diff --git a/ProvisioningTool/test_resources/ca_cert.der b/ProvisioningTool/keymaster/test_resources/ca_cert.der similarity index 100% rename from ProvisioningTool/test_resources/ca_cert.der rename to ProvisioningTool/keymaster/test_resources/ca_cert.der diff --git a/ProvisioningTool/test_resources/ca_key.der b/ProvisioningTool/keymaster/test_resources/ca_key.der similarity index 100% rename from ProvisioningTool/test_resources/ca_key.der rename to ProvisioningTool/keymaster/test_resources/ca_key.der diff --git a/ProvisioningTool/test_resources/intermediate_cert.der b/ProvisioningTool/keymaster/test_resources/intermediate_cert.der similarity index 100% rename from ProvisioningTool/test_resources/intermediate_cert.der rename to ProvisioningTool/keymaster/test_resources/intermediate_cert.der diff --git a/ProvisioningTool/test_resources/intermediate_key.der b/ProvisioningTool/keymaster/test_resources/intermediate_key.der similarity index 100% rename from ProvisioningTool/test_resources/intermediate_key.der rename to ProvisioningTool/keymaster/test_resources/intermediate_key.der diff --git a/ProvisioningTool/keymint/Makefile b/ProvisioningTool/keymint/Makefile new file mode 100644 index 00000000..7b992f47 --- /dev/null +++ b/ProvisioningTool/keymint/Makefile @@ -0,0 +1,58 @@ +CC = g++ +SRC_DIR = src + +CONSTRUCT_APDUS_SRC = $(SRC_DIR)/construct_apdus.cpp \ + $(SRC_DIR)/cppbor/cppbor.cpp \ + $(SRC_DIR)/cppbor/cppbor_parse.cpp \ + $(SRC_DIR)/utils.cpp \ + $(SRC_DIR)/cppcose/cppcose.cpp + +CONSTRUCT_APDUS_OBJFILES = $(CONSTRUCT_APDUS_SRC:.cpp=.o) +CONSTRUCT_APDUS_BIN = construct_keymint_apdus + +# source files for provision +PROVISION_SRC = $(SRC_DIR)/provision.cpp \ + $(SRC_DIR)/socket.cpp \ + $(SRC_DIR)/cppbor/cppbor.cpp \ + $(SRC_DIR)/cppbor/cppbor_parse.cpp \ + $(SRC_DIR)/utils.cpp \ + +#object files for keymint provision +PROVISION_OBJFILES = $(PROVISION_SRC:.cpp=.o) +PROVISION_BIN = provision_keymint + +ifeq ($(OS),Windows_NT) + uname_S := Windows +else + uname_S := $(shell uname -s) +endif + +ifeq ($(uname_S), Windows) + PLATFORM = -D__WIN32__ +endif +ifeq ($(uname_S), Linux) + PLATFORM = -D__LINUX__ +endif + +DEBUG = -g +CXXFLAGS = $(DEBUG) $(PLATFORM) -Wall -std=c++2a +CFLAGS = $(CXXFLAGS) -Iinclude +LDFLAGS = -Llib/ +LIB_JSON = -ljsoncpp +LIB_CRYPTO = -lcrypto +LDLIBS = $(LIB_JSON) $(LIB_CRYPTO) + +all: $(CONSTRUCT_APDUS_BIN) $(PROVISION_BIN) + +$(CONSTRUCT_APDUS_BIN): $(CONSTRUCT_APDUS_OBJFILES) + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) + +$(PROVISION_BIN): $(PROVISION_OBJFILES) + $(CC) $(LDFLAGS) -o $@ $^ $(LDLIBS) + +%.o: %.cpp + $(CC) $(CFLAGS) -c -o $@ $^ + +.PHONY: clean +clean: + rm -f $(CONSTRUCT_APDUS_OBJFILES) $(CONSTRUCT_APDUS_BIN) $(PROVISION_OBJFILES) $(PROVISION_BIN) diff --git a/ProvisioningTool/keymint/README.md b/ProvisioningTool/keymint/README.md new file mode 100644 index 00000000..21fd0034 --- /dev/null +++ b/ProvisioningTool/keymint/README.md @@ -0,0 +1,41 @@ +# Provisioning tool +This directory contains two tools. One which constructs the apdus and dumps them to a json file, Other which gets the apuds from the json file and provision them into a secure element simulator. Both the tools can be compiled and executed from a Linux machine. + +#### Build instruction +The default target generates both the executables. One construct_apdus and the other provision. +$ make +Individual targets can also be selected as shown below +$ make construct_apdus +$ make provision +Make clean will remove all the object files and binaries +$ make clean + +#### Environment setup +Before executing the binaries make sure LD_LIBRARY_PATH is set +export LD_LIBRARY_PATH=./lib:$LD_LIBRARY_PATH + +#### Sample resources for quick testing +one sample json files is located in this directory with name +[sample_json_keymint_cf.txt](sample_json_keymint_cf.txt) +for your reference. Use sample_json_keymint_cf.txt for keymint +cuttlefish target. Also the required certificates and keys can be found in +[test_resources](test_resources) directory for your reference. + +#### Usage for construct_apdus +

+Usage: construct_keymint_apdus options
+Valid options are:
+-h, --help                        show the help message and exit.
+-i, --input  jsonFile 	 Input json file 
+-o, --output jsonFile 	 Output json file
+
+ +#### Usage for provision +
+Usage: provision_keymint options
+Valid options are:
+-h, --help                      show the help message and exit.
+-i, --input  jsonFile 	  Input json file 
+-s, --provision_stautus   Prints the current provision status.
+-l, --lock_provision      Locks the provision state.
+
diff --git a/ProvisioningTool/keymint/include/UniquePtr.h b/ProvisioningTool/keymint/include/UniquePtr.h new file mode 100644 index 00000000..da74780b --- /dev/null +++ b/ProvisioningTool/keymint/include/UniquePtr.h @@ -0,0 +1,39 @@ +/* + * Copyright (C) 2010 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include // for size_t + +#include + +// Default deleter for pointer types. +template struct DefaultDelete { + enum { type_must_be_complete = sizeof(T) }; + DefaultDelete() {} + void operator()(T* p) const { delete p; } +}; + +// Default deleter for array types. +template struct DefaultDelete { + enum { type_must_be_complete = sizeof(T) }; + void operator()(T* p) const { delete[] p; } +}; + +template > +using UniquePtr = std::unique_ptr; + + diff --git a/ProvisioningTool/keymint/include/constants.h b/ProvisioningTool/keymint/include/constants.h new file mode 100644 index 00000000..31684ff3 --- /dev/null +++ b/ProvisioningTool/keymint/include/constants.h @@ -0,0 +1,103 @@ +/* + ** + ** Copyright 2021, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#pragma once + +#include +#include +#include +#include +#include +#include "UniquePtr.h" + +#define SUCCESS 0 +#define FAILURE 1 +#define P1_40 0x40 +#define P1_50 0x50 +#define APDU_CLS 0x80 +#define APDU_P1 0x50 +#define APDU_P2 0x00 +#define INS_BEGIN_KM_CMD 0x00 +#define APDU_RESP_STATUS_OK 0x9000 + + + +template +struct OpenSslObjectDeleter { + void operator()(T* p) { FreeFunc(p); } +}; + +#define DEFINE_OPENSSL_OBJECT_POINTER(name) \ + typedef OpenSslObjectDeleter name##_Delete; \ + typedef UniquePtr name##_Ptr; + +DEFINE_OPENSSL_OBJECT_POINTER(EC_KEY) +DEFINE_OPENSSL_OBJECT_POINTER(EVP_PKEY) +DEFINE_OPENSSL_OBJECT_POINTER(X509) +DEFINE_OPENSSL_OBJECT_POINTER(EC_POINT) +DEFINE_OPENSSL_OBJECT_POINTER(EC_GROUP) +DEFINE_OPENSSL_OBJECT_POINTER(BN_CTX) +DEFINE_OPENSSL_OBJECT_POINTER(EVP_MD_CTX) + +typedef OpenSslObjectDeleter BIGNUM_Delete; +typedef UniquePtr BIGNUM_Ptr; + +// EC Affine point length for Nist P256. +constexpr uint32_t kAffinePointLength = 32; + +// Tags +constexpr uint64_t kTagAlgorithm = 268435458u; +constexpr uint64_t kTagDigest = 536870917u; +constexpr uint64_t kTagCurve = 268435466u; +constexpr uint64_t kTagPurpose = 536870913u; +constexpr uint64_t kTagAttestationIdBrand = 2415919814u; +constexpr uint64_t kTagAttestationIdDevice = 2415919815u; +constexpr uint64_t kTagAttestationIdProduct = 2415919816u; +constexpr uint64_t kTagAttestationIdSerial = 2415919817u; +constexpr uint64_t kTagAttestationIdImei = 2415919818u; +constexpr uint64_t kTagAttestationIdMeid = 2415919819u; +constexpr uint64_t kTagAttestationIdManufacturer = 2415919820u; +constexpr uint64_t kTagAttestationIdModel = 2415919821u; + +// Values +constexpr uint64_t kCurveP256 = 1; +constexpr uint64_t kAlgorithmEc = 3; +constexpr uint64_t kDigestSha256 = 4; +constexpr uint64_t kPurposeAttest = 0x7F; +constexpr uint64_t kKeyFormatRaw = 3; + +// json keys +constexpr char kAttestKey[] = "attest_key"; +constexpr char kAttestCertChain[] = "attest_cert_chain"; +constexpr char kAttestCertParams[] = "attest_cert_params"; +constexpr char kSharedSecret[] = "shared_secret"; +constexpr char kBootParams[] = "boot_params"; +constexpr char kAttestationIds[] = "attestation_ids"; +constexpr char kDeviceUniqueKey[] = "device_unique_key"; +constexpr char kAdditionalCertChain[] = "additional_cert_chain"; +constexpr char kSignerInfo[] = "signer_info"; +constexpr char kProvisionStatus[] = "provision_status"; +constexpr char kLockProvision[] = "lock_provision"; + +// Instruction constatnts +// TODO Modify according to keymint +constexpr int kAttestationIdsCmd = INS_BEGIN_KM_CMD + 3; +constexpr int kPresharedSecretCmd = INS_BEGIN_KM_CMD + 4; +constexpr int kLockProvisionCmd = INS_BEGIN_KM_CMD + 6; +constexpr int kGetProvisionStatusCmd = INS_BEGIN_KM_CMD + 7; +constexpr int kBootParamsCmd = INS_BEGIN_KM_CMD + 5; +constexpr int kDeviceUniqueKeyCmd = INS_BEGIN_KM_CMD + 10; +constexpr int kAdditionalCertChainCmd = INS_BEGIN_KM_CMD + 11; diff --git a/ProvisioningTool/keymint/include/cppbor/cppbor.h b/ProvisioningTool/keymint/include/cppbor/cppbor.h new file mode 100644 index 00000000..45ae67cf --- /dev/null +++ b/ProvisioningTool/keymint/include/cppbor/cppbor.h @@ -0,0 +1,1113 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + + +namespace cppbor { + +enum MajorType : uint8_t { + UINT = 0 << 5, + NINT = 1 << 5, + BSTR = 2 << 5, + TSTR = 3 << 5, + ARRAY = 4 << 5, + MAP = 5 << 5, + SEMANTIC = 6 << 5, + SIMPLE = 7 << 5, +}; + +enum SimpleType { + BOOLEAN, + NULL_T, // Only two supported, as yet. +}; + +enum SpecialAddlInfoValues : uint8_t { + FALSE = 20, + TRUE = 21, + NULL_V = 22, + ONE_BYTE_LENGTH = 24, + TWO_BYTE_LENGTH = 25, + FOUR_BYTE_LENGTH = 26, + EIGHT_BYTE_LENGTH = 27, +}; + +class Item; +class Uint; +class Nint; +class Int; +class Tstr; +class Bstr; +class Simple; +class Bool; +class Array; +class Map; +class Null; +class SemanticTag; +class EncodedItem; +class ViewTstr; +class ViewBstr; + +/** + * Returns the size of a CBOR header that contains the additional info value addlInfo. + */ +size_t headerSize(uint64_t addlInfo); + +/** + * Encodes a CBOR header with the specified type and additional info into the range [pos, end). + * Returns a pointer to one past the last byte written, or nullptr if there isn't sufficient space + * to write the header. + */ +uint8_t* encodeHeader(MajorType type, uint64_t addlInfo, uint8_t* pos, const uint8_t* end); + +using EncodeCallback = std::function; + +/** + * Encodes a CBOR header with the specified type and additional info, passing each byte in turn to + * encodeCallback. + */ +void encodeHeader(MajorType type, uint64_t addlInfo, EncodeCallback encodeCallback); + +/** + * Encodes a CBOR header witht he specified type and additional info, writing each byte to the + * provided OutputIterator. + */ +template ::iterator_category>>> +void encodeHeader(MajorType type, uint64_t addlInfo, OutputIterator iter) { + return encodeHeader(type, addlInfo, [&](uint8_t v) { *iter++ = v; }); +} + +/** + * Item represents a CBOR-encodeable data item. Item is an abstract interface with a set of virtual + * methods that allow encoding of the item or conversion to the appropriate derived type. + */ +class Item { + public: + virtual ~Item() {} + + /** + * Returns the CBOR type of the item. + */ + virtual MajorType type() const = 0; + + // These methods safely downcast an Item to the appropriate subclass. + virtual Int* asInt() { return nullptr; } + const Int* asInt() const { return const_cast(this)->asInt(); } + virtual Uint* asUint() { return nullptr; } + const Uint* asUint() const { return const_cast(this)->asUint(); } + virtual Nint* asNint() { return nullptr; } + const Nint* asNint() const { return const_cast(this)->asNint(); } + virtual Tstr* asTstr() { return nullptr; } + const Tstr* asTstr() const { return const_cast(this)->asTstr(); } + virtual Bstr* asBstr() { return nullptr; } + const Bstr* asBstr() const { return const_cast(this)->asBstr(); } + virtual Simple* asSimple() { return nullptr; } + const Simple* asSimple() const { return const_cast(this)->asSimple(); } + virtual Map* asMap() { return nullptr; } + const Map* asMap() const { return const_cast(this)->asMap(); } + virtual Array* asArray() { return nullptr; } + const Array* asArray() const { return const_cast(this)->asArray(); } + + virtual ViewTstr* asViewTstr() { return nullptr; } + const ViewTstr* asViewTstr() const { return const_cast(this)->asViewTstr(); } + virtual ViewBstr* asViewBstr() { return nullptr; } + const ViewBstr* asViewBstr() const { return const_cast(this)->asViewBstr(); } + + // Like those above, these methods safely downcast an Item when it's actually a SemanticTag. + // However, if you think you want to use these methods, you probably don't. Typically, the way + // you should handle tagged Items is by calling the appropriate method above (e.g. asInt()) + // which will return a pointer to the tagged Item, rather than the tag itself. If you want to + // find out if the Item* you're holding is to something with one or more tags applied, see + // semanticTagCount() and semanticTag() below. + virtual SemanticTag* asSemanticTag() { return nullptr; } + const SemanticTag* asSemanticTag() const { return const_cast(this)->asSemanticTag(); } + + /** + * Returns the number of semantic tags prefixed to this Item. + */ + virtual size_t semanticTagCount() const { return 0; } + + /** + * Returns the semantic tag at the specified nesting level `nesting`, iff `nesting` is less than + * the value returned by semanticTagCount(). + * + * CBOR tags are "nested" by applying them in sequence. The "rightmost" tag is the "inner" tag. + * That is, given: + * + * 4(5(6("AES"))) which encodes as C1 C2 C3 63 414553 + * + * The tstr "AES" is tagged with 6. The combined entity ("AES" tagged with 6) is tagged with 5, + * etc. So in this example, semanticTagCount() would return 3, and semanticTag(0) would return + * 5 semanticTag(1) would return 5 and semanticTag(2) would return 4. For values of n > 2, + * semanticTag(n) will return 0, but this is a meaningless value. + * + * If this layering is confusing, you probably don't have to worry about it. Nested tagging does + * not appear to be common, so semanticTag(0) is the only one you'll use. + */ + virtual uint64_t semanticTag(size_t /* nesting */ = 0) const { return 0; } + + /** + * Returns true if this is a "compound" item, i.e. one that contains one or more other items. + */ + virtual bool isCompound() const { return false; } + + bool operator==(const Item& other) const&; + bool operator!=(const Item& other) const& { return !(*this == other); } + + /** + * Returns the number of bytes required to encode this Item into CBOR. Note that if this is a + * complex Item, calling this method will require walking the whole tree. + */ + virtual size_t encodedSize() const = 0; + + /** + * Encodes the Item into buffer referenced by range [*pos, end). Returns a pointer to one past + * the last position written. Returns nullptr if there isn't enough space to encode. + */ + virtual uint8_t* encode(uint8_t* pos, const uint8_t* end) const = 0; + + /** + * Encodes the Item by passing each encoded byte to encodeCallback. + */ + virtual void encode(EncodeCallback encodeCallback) const = 0; + + /** + * Clones the Item + */ + virtual std::unique_ptr clone() const = 0; + + /** + * Encodes the Item into the provided OutputIterator. + */ + template ::iterator_category> + void encode(OutputIterator i) const { + return encode([&](uint8_t v) { *i++ = v; }); + } + + /** + * Encodes the Item into a new std::vector. + */ + std::vector encode() const { + std::vector retval; + retval.reserve(encodedSize()); + encode(std::back_inserter(retval)); + return retval; + } + + /** + * Encodes the Item into a new std::string. + */ + std::string toString() const { + std::string retval; + retval.reserve(encodedSize()); + encode([&](uint8_t v) { retval.push_back(v); }); + return retval; + } + + /** + * Encodes only the header of the Item. + */ + inline uint8_t* encodeHeader(uint64_t addlInfo, uint8_t* pos, const uint8_t* end) const { + return ::cppbor::encodeHeader(type(), addlInfo, pos, end); + } + + /** + * Encodes only the header of the Item. + */ + inline void encodeHeader(uint64_t addlInfo, EncodeCallback encodeCallback) const { + ::cppbor::encodeHeader(type(), addlInfo, encodeCallback); + } +}; + +/** + * EncodedItem represents a bit of already-encoded CBOR. Caveat emptor: It does no checking to + * ensure that the provided data is a valid encoding, cannot be meaninfully-compared with other + * kinds of items and you cannot use the as*() methods to find out what's inside it. + */ +class EncodedItem : public Item { + public: + explicit EncodedItem(std::vector value) : mValue(std::move(value)) {} + + bool operator==(const EncodedItem& other) const& { return mValue == other.mValue; } + + // Type can't be meaningfully-obtained. We could extract the type from the first byte and return + // it, but you can't do any of the normal things with an EncodedItem so there's no point. + MajorType type() const override { + assert(false); + return static_cast(-1); + } + size_t encodedSize() const override { return mValue.size(); } + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override { + if (end - pos < static_cast(mValue.size())) return nullptr; + return std::copy(mValue.begin(), mValue.end(), pos); + } + void encode(EncodeCallback encodeCallback) const override { + std::for_each(mValue.begin(), mValue.end(), encodeCallback); + } + std::unique_ptr clone() const override { return std::make_unique(mValue); } + + private: + std::vector mValue; +}; + +/** + * Int is an abstraction that allows Uint and Nint objects to be manipulated without caring about + * the sign. + */ +class Int : public Item { + public: + bool operator==(const Int& other) const& { return value() == other.value(); } + + virtual int64_t value() const = 0; + using Item::asInt; + Int* asInt() override { return this; } +}; + +/** + * Uint is a concrete Item that implements CBOR major type 0. + */ +class Uint : public Int { + public: + static constexpr MajorType kMajorType = UINT; + + explicit Uint(uint64_t v) : mValue(v) {} + + bool operator==(const Uint& other) const& { return mValue == other.mValue; } + + MajorType type() const override { return kMajorType; } + using Item::asUint; + Uint* asUint() override { return this; } + + size_t encodedSize() const override { return headerSize(mValue); } + + int64_t value() const override { return mValue; } + uint64_t unsignedValue() const { return mValue; } + + using Item::encode; + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override { + return encodeHeader(mValue, pos, end); + } + void encode(EncodeCallback encodeCallback) const override { + encodeHeader(mValue, encodeCallback); + } + + std::unique_ptr clone() const override { return std::make_unique(mValue); } + + private: + uint64_t mValue; +}; + +/** + * Nint is a concrete Item that implements CBOR major type 1. + + * Note that it is incapable of expressing the full range of major type 1 values, becaue it can only + * express values that fall into the range [std::numeric_limits::min(), -1]. It cannot + * express values in the range [std::numeric_limits::min() - 1, + * -std::numeric_limits::max()]. + */ +class Nint : public Int { + public: + static constexpr MajorType kMajorType = NINT; + + explicit Nint(int64_t v); + + bool operator==(const Nint& other) const& { return mValue == other.mValue; } + + MajorType type() const override { return kMajorType; } + using Item::asNint; + Nint* asNint() override { return this; } + size_t encodedSize() const override { return headerSize(addlInfo()); } + + int64_t value() const override { return mValue; } + + using Item::encode; + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override { + return encodeHeader(addlInfo(), pos, end); + } + void encode(EncodeCallback encodeCallback) const override { + encodeHeader(addlInfo(), encodeCallback); + } + + std::unique_ptr clone() const override { return std::make_unique(mValue); } + + private: + uint64_t addlInfo() const { return -1ll - mValue; } + + int64_t mValue; +}; + +/** + * Bstr is a concrete Item that implements major type 2. + */ +class Bstr : public Item { + public: + static constexpr MajorType kMajorType = BSTR; + + // Construct an empty Bstr + explicit Bstr() {} + + // Construct from a vector + explicit Bstr(std::vector v) : mValue(std::move(v)) {} + + // Construct from a string + explicit Bstr(const std::string& v) + : mValue(reinterpret_cast(v.data()), + reinterpret_cast(v.data()) + v.size()) {} + + // Construct from a pointer/size pair + explicit Bstr(const std::pair& buf) + : mValue(buf.first, buf.first + buf.second) {} + + // Construct from a pair of iterators + template ::iterator_category, + typename = typename std::iterator_traits::iterator_category> + explicit Bstr(const std::pair& pair) : mValue(pair.first, pair.second) {} + + // Construct from an iterator range. + template ::iterator_category, + typename = typename std::iterator_traits::iterator_category> + Bstr(I1 begin, I2 end) : mValue(begin, end) {} + + bool operator==(const Bstr& other) const& { return mValue == other.mValue; } + + MajorType type() const override { return kMajorType; } + using Item::asBstr; + Bstr* asBstr() override { return this; } + size_t encodedSize() const override { return headerSize(mValue.size()) + mValue.size(); } + using Item::encode; + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override; + void encode(EncodeCallback encodeCallback) const override { + encodeHeader(mValue.size(), encodeCallback); + encodeValue(encodeCallback); + } + + const std::vector& value() const { return mValue; } + std::vector&& moveValue() { return std::move(mValue); } + + std::unique_ptr clone() const override { return std::make_unique(mValue); } + + private: + void encodeValue(EncodeCallback encodeCallback) const; + + std::vector mValue; +}; + +/** + * ViewBstr is a read-only version of Bstr backed by std::string_view + */ +class ViewBstr : public Item { + public: + static constexpr MajorType kMajorType = BSTR; + + // Construct an empty ViewBstr + explicit ViewBstr() {} + + // Construct from a string_view of uint8_t values + explicit ViewBstr(std::basic_string_view v) : mView(std::move(v)) {} + + // Construct from a string_view + explicit ViewBstr(std::string_view v) + : mView(reinterpret_cast(v.data()), v.size()) {} + + // Construct from an iterator range + template ::iterator_category, + typename = typename std::iterator_traits::iterator_category> + ViewBstr(I1 begin, I2 end) : mView(begin, end) {} + + // Construct from a uint8_t pointer pair + ViewBstr(const uint8_t* begin, const uint8_t* end) + : mView(begin, std::distance(begin, end)) {} + + bool operator==(const ViewBstr& other) const& { return mView == other.mView; } + + MajorType type() const override { return kMajorType; } + using Item::asViewBstr; + ViewBstr* asViewBstr() override { return this; } + size_t encodedSize() const override { return headerSize(mView.size()) + mView.size(); } + using Item::encode; + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override; + void encode(EncodeCallback encodeCallback) const override { + encodeHeader(mView.size(), encodeCallback); + encodeValue(encodeCallback); + } + + const std::basic_string_view& view() const { return mView; } + + std::unique_ptr clone() const override { return std::make_unique(mView); } + + private: + void encodeValue(EncodeCallback encodeCallback) const; + + std::basic_string_view mView; +}; + +/** + * Tstr is a concrete Item that implements major type 3. + */ +class Tstr : public Item { + public: + static constexpr MajorType kMajorType = TSTR; + + // Construct from a string + explicit Tstr(std::string v) : mValue(std::move(v)) {} + + // Construct from a string_view + explicit Tstr(const std::string_view& v) : mValue(v) {} + + // Construct from a C string + explicit Tstr(const char* v) : mValue(std::string(v)) {} + + // Construct from a pair of iterators + template ::iterator_category, + typename = typename std::iterator_traits::iterator_category> + explicit Tstr(const std::pair& pair) : mValue(pair.first, pair.second) {} + + // Construct from an iterator range + template ::iterator_category, + typename = typename std::iterator_traits::iterator_category> + Tstr(I1 begin, I2 end) : mValue(begin, end) {} + + bool operator==(const Tstr& other) const& { return mValue == other.mValue; } + + MajorType type() const override { return kMajorType; } + using Item::asTstr; + Tstr* asTstr() override { return this; } + size_t encodedSize() const override { return headerSize(mValue.size()) + mValue.size(); } + using Item::encode; + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override; + void encode(EncodeCallback encodeCallback) const override { + encodeHeader(mValue.size(), encodeCallback); + encodeValue(encodeCallback); + } + + const std::string& value() const { return mValue; } + std::string&& moveValue() { return std::move(mValue); } + + std::unique_ptr clone() const override { return std::make_unique(mValue); } + + private: + void encodeValue(EncodeCallback encodeCallback) const; + + std::string mValue; +}; + +/** + * ViewTstr is a read-only version of Tstr backed by std::string_view + */ +class ViewTstr : public Item { + public: + static constexpr MajorType kMajorType = TSTR; + + // Construct an empty ViewTstr + explicit ViewTstr() {} + + // Construct from a string_view + explicit ViewTstr(std::string_view v) : mView(std::move(v)) {} + + // Construct from an iterator range + template ::iterator_category, + typename = typename std::iterator_traits::iterator_category> + ViewTstr(I1 begin, I2 end) : mView(begin, end) {} + + // Construct from a uint8_t pointer pair + ViewTstr(const uint8_t* begin, const uint8_t* end) + : mView(reinterpret_cast(begin), + std::distance(begin, end)) {} + + bool operator==(const ViewTstr& other) const& { return mView == other.mView; } + + MajorType type() const override { return kMajorType; } + using Item::asViewTstr; + ViewTstr* asViewTstr() override { return this; } + size_t encodedSize() const override { return headerSize(mView.size()) + mView.size(); } + using Item::encode; + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override; + void encode(EncodeCallback encodeCallback) const override { + encodeHeader(mView.size(), encodeCallback); + encodeValue(encodeCallback); + } + + const std::string_view& view() const { return mView; } + + std::unique_ptr clone() const override { return std::make_unique(mView); } + + private: + void encodeValue(EncodeCallback encodeCallback) const; + + std::string_view mView; +}; + +/* + * Array is a concrete Item that implements CBOR major type 4. + * + * Note that Arrays are not copyable. This is because copying them is expensive and making them + * move-only ensures that they're never copied accidentally. If you actually want to copy an Array, + * use the clone() method. + */ +class Array : public Item { + public: + static constexpr MajorType kMajorType = ARRAY; + + Array() = default; + Array(const Array& other) = delete; + Array(Array&&) = default; + Array& operator=(const Array&) = delete; + Array& operator=(Array&&) = default; + + bool operator==(const Array& other) const&; + + /** + * Construct an Array from a variable number of arguments of different types. See + * details::makeItem below for details on what types may be provided. In general, this accepts + * all of the types you'd expect and doest the things you'd expect (integral values are addes as + * Uint or Nint, std::string and char* are added as Tstr, bools are added as Bool, etc.). + */ + template + Array(Args&&... args); + + /** + * Append a single element to the Array, of any compatible type. + */ + template + Array& add(T&& v) &; + template + Array&& add(T&& v) &&; + + bool isCompound() const override { return true; } + + virtual size_t size() const { return mEntries.size(); } + + size_t encodedSize() const override { + return std::accumulate(mEntries.begin(), mEntries.end(), headerSize(size()), + [](size_t sum, auto& entry) { return sum + entry->encodedSize(); }); + } + + using Item::encode; // Make base versions visible. + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override; + void encode(EncodeCallback encodeCallback) const override; + + const std::unique_ptr& operator[](size_t index) const { return get(index); } + std::unique_ptr& operator[](size_t index) { return get(index); } + + const std::unique_ptr& get(size_t index) const { return mEntries[index]; } + std::unique_ptr& get(size_t index) { return mEntries[index]; } + + MajorType type() const override { return kMajorType; } + using Item::asArray; + Array* asArray() override { return this; } + + std::unique_ptr clone() const override; + + auto begin() { return mEntries.begin(); } + auto begin() const { return mEntries.begin(); } + auto end() { return mEntries.end(); } + auto end() const { return mEntries.end(); } + + protected: + std::vector> mEntries; +}; + +/* + * Map is a concrete Item that implements CBOR major type 5. + * + * Note that Maps are not copyable. This is because copying them is expensive and making them + * move-only ensures that they're never copied accidentally. If you actually want to copy a + * Map, use the clone() method. + */ +class Map : public Item { + public: + static constexpr MajorType kMajorType = MAP; + + using entry_type = std::pair, std::unique_ptr>; + + Map() = default; + Map(const Map& other) = delete; + Map(Map&&) = default; + Map& operator=(const Map& other) = delete; + Map& operator=(Map&&) = default; + + bool operator==(const Map& other) const&; + + /** + * Construct a Map from a variable number of arguments of different types. An even number of + * arguments must be provided (this is verified statically). See details::makeItem below for + * details on what types may be provided. In general, this accepts all of the types you'd + * expect and doest the things you'd expect (integral values are addes as Uint or Nint, + * std::string and char* are added as Tstr, bools are added as Bool, etc.). + */ + template + Map(Args&&... args); + + /** + * Append a key/value pair to the Map, of any compatible types. + */ + template + Map& add(Key&& key, Value&& value) &; + template + Map&& add(Key&& key, Value&& value) &&; + + bool isCompound() const override { return true; } + + virtual size_t size() const { return mEntries.size(); } + + size_t encodedSize() const override { + return std::accumulate( + mEntries.begin(), mEntries.end(), headerSize(size()), [](size_t sum, auto& entry) { + return sum + entry.first->encodedSize() + entry.second->encodedSize(); + }); + } + + using Item::encode; // Make base versions visible. + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override; + void encode(EncodeCallback encodeCallback) const override; + + /** + * Find and return the value associated with `key`, if any. + * + * If the searched-for `key` is not present, returns `nullptr`. + * + * Note that if the map is canonicalized (sorted), Map::get() peforms a binary search. If your + * map is large and you're searching in it many times, it may be worthwhile to canonicalize it + * to make Map::get() faster. Any use of a method that might modify the map disables the + * speedup. + */ + template + const std::unique_ptr& get(Key key) const; + + // Note that use of non-const operator[] marks the map as not canonicalized. + auto& operator[](size_t index) { + mCanonicalized = false; + return mEntries[index]; + } + const auto& operator[](size_t index) const { return mEntries[index]; } + + MajorType type() const override { return kMajorType; } + using Item::asMap; + Map* asMap() override { return this; } + + /** + * Sorts the map in canonical order, as defined in RFC 7049. Use this before encoding if you + * want canonicalization; cppbor does not canonicalize by default, though the integer encodings + * are always canonical and cppbor does not support indefinite-length encodings, so map order + * canonicalization is the only thing that needs to be done. + * + * @param recurse If set to true, canonicalize() will also walk the contents of the map and + * canonicalize any contained maps as well. + */ + Map& canonicalize(bool recurse = false) &; + Map&& canonicalize(bool recurse = false) && { + canonicalize(recurse); + return std::move(*this); + } + + bool isCanonical() { return mCanonicalized; } + + std::unique_ptr clone() const override; + + auto begin() { + mCanonicalized = false; + return mEntries.begin(); + } + auto begin() const { return mEntries.begin(); } + auto end() { + mCanonicalized = false; + return mEntries.end(); + } + auto end() const { return mEntries.end(); } + + // Returns true if a < b, per CBOR map key canonicalization rules. + static bool keyLess(const Item* a, const Item* b); + + protected: + std::vector mEntries; + + private: + bool mCanonicalized = false; +}; + +class SemanticTag : public Item { + public: + static constexpr MajorType kMajorType = SEMANTIC; + + template + SemanticTag(uint64_t tagValue, T&& taggedItem); + SemanticTag(const SemanticTag& other) = delete; + SemanticTag(SemanticTag&&) = default; + SemanticTag& operator=(const SemanticTag& other) = delete; + SemanticTag& operator=(SemanticTag&&) = default; + + bool operator==(const SemanticTag& other) const& { + return mValue == other.mValue && *mTaggedItem == *other.mTaggedItem; + } + + bool isCompound() const override { return true; } + + virtual size_t size() const { return 1; } + + // Encoding returns the tag + enclosed Item. + size_t encodedSize() const override { return headerSize(mValue) + mTaggedItem->encodedSize(); } + + using Item::encode; // Make base versions visible. + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override; + void encode(EncodeCallback encodeCallback) const override; + + // type() is a bit special. In normal usage it should return the wrapped type, but during + // parsing when we haven't yet parsed the tagged item, it needs to return SEMANTIC. + MajorType type() const override { return mTaggedItem ? mTaggedItem->type() : SEMANTIC; } + using Item::asSemanticTag; + SemanticTag* asSemanticTag() override { return this; } + + // Type information reflects the enclosed Item. Note that if the immediately-enclosed Item is + // another tag, these methods will recurse down to the non-tag Item. + using Item::asInt; + Int* asInt() override { return mTaggedItem->asInt(); } + using Item::asUint; + Uint* asUint() override { return mTaggedItem->asUint(); } + using Item::asNint; + Nint* asNint() override { return mTaggedItem->asNint(); } + using Item::asTstr; + Tstr* asTstr() override { return mTaggedItem->asTstr(); } + using Item::asBstr; + Bstr* asBstr() override { return mTaggedItem->asBstr(); } + using Item::asSimple; + Simple* asSimple() override { return mTaggedItem->asSimple(); } + using Item::asMap; + Map* asMap() override { return mTaggedItem->asMap(); } + using Item::asArray; + Array* asArray() override { return mTaggedItem->asArray(); } + using Item::asViewTstr; + ViewTstr* asViewTstr() override { return mTaggedItem->asViewTstr(); } + using Item::asViewBstr; + ViewBstr* asViewBstr() override { return mTaggedItem->asViewBstr(); } + + std::unique_ptr clone() const override; + + size_t semanticTagCount() const override; + uint64_t semanticTag(size_t nesting = 0) const override; + + protected: + SemanticTag() = default; + SemanticTag(uint64_t value) : mValue(value) {} + uint64_t mValue; + std::unique_ptr mTaggedItem; +}; + +/** + * Simple is abstract Item that implements CBOR major type 7. It is intended to be subclassed to + * create concrete Simple types. At present only Bool is provided. + */ +class Simple : public Item { + public: + static constexpr MajorType kMajorType = SIMPLE; + + bool operator==(const Simple& other) const&; + + virtual SimpleType simpleType() const = 0; + MajorType type() const override { return kMajorType; } + + Simple* asSimple() override { return this; } + + virtual const Bool* asBool() const { return nullptr; }; + virtual const Null* asNull() const { return nullptr; }; +}; + +/** + * Bool is a concrete type that implements CBOR major type 7, with additional item values for TRUE + * and FALSE. + */ +class Bool : public Simple { + public: + static constexpr SimpleType kSimpleType = BOOLEAN; + + explicit Bool(bool v) : mValue(v) {} + + bool operator==(const Bool& other) const& { return mValue == other.mValue; } + + SimpleType simpleType() const override { return kSimpleType; } + const Bool* asBool() const override { return this; } + + size_t encodedSize() const override { return 1; } + + using Item::encode; + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override { + return encodeHeader(mValue ? TRUE : FALSE, pos, end); + } + void encode(EncodeCallback encodeCallback) const override { + encodeHeader(mValue ? TRUE : FALSE, encodeCallback); + } + + bool value() const { return mValue; } + + std::unique_ptr clone() const override { return std::make_unique(mValue); } + + private: + bool mValue; +}; + +/** + * Null is a concrete type that implements CBOR major type 7, with additional item value for NULL + */ +class Null : public Simple { + public: + static constexpr SimpleType kSimpleType = NULL_T; + + explicit Null() {} + + SimpleType simpleType() const override { return kSimpleType; } + const Null* asNull() const override { return this; } + + size_t encodedSize() const override { return 1; } + + using Item::encode; + uint8_t* encode(uint8_t* pos, const uint8_t* end) const override { + return encodeHeader(NULL_V, pos, end); + } + void encode(EncodeCallback encodeCallback) const override { + encodeHeader(NULL_V, encodeCallback); + } + + std::unique_ptr clone() const override { return std::make_unique(); } +}; + +/** + * Returns pretty-printed CBOR for |item| + * + * If a byte-string is larger than |maxBStrSize| its contents will not be printed, instead the value + * of the form "" will be + * printed. Pass zero for |maxBStrSize| to disable this. + * + * The |mapKeysToNotPrint| parameter specifies the name of map values to not print. This is useful + * for unit tests. + */ +std::string prettyPrint(const Item* item, size_t maxBStrSize = 32, + const std::vector& mapKeysNotToPrint = {}); + +/** + * Returns pretty-printed CBOR for |value|. + * + * Only valid CBOR should be passed to this function. + * + * If a byte-string is larger than |maxBStrSize| its contents will not be printed, instead the value + * of the form "" will be + * printed. Pass zero for |maxBStrSize| to disable this. + * + * The |mapKeysToNotPrint| parameter specifies the name of map values to not print. This is useful + * for unit tests. + */ +std::string prettyPrint(const std::vector& encodedCbor, size_t maxBStrSize = 32, + const std::vector& mapKeysNotToPrint = {}); + +/** + * Details. Mostly you shouldn't have to look below, except perhaps at the docstring for makeItem. + */ +namespace details { + +template +struct is_iterator_pair_over : public std::false_type {}; + +template +struct is_iterator_pair_over< + std::pair, V, + typename std::enable_if_t::value_type>>> + : public std::true_type {}; + +template +struct is_unique_ptr_of_subclass_of_v : public std::false_type {}; + +template +struct is_unique_ptr_of_subclass_of_v, + typename std::enable_if_t>> + : public std::true_type {}; + +/* check if type is one of std::string (1), std::string_view (2), null-terminated char* (3) or pair + * of iterators (4)*/ +template +struct is_text_type_v : public std::false_type {}; + +template +struct is_text_type_v< + T, typename std::enable_if_t< + /* case 1 */ // + std::is_same_v>, std::string> + /* case 2 */ // + || std::is_same_v>, std::string_view> + /* case 3 */ // + || std::is_same_v>, char*> // + || std::is_same_v>, const char*> + /* case 4 */ + || details::is_iterator_pair_over::value>> : public std::true_type {}; + +/** + * Construct a unique_ptr from many argument types. Accepts: + * + * (a) booleans; + * (b) integers, all sizes and signs; + * (c) text strings, as defined by is_text_type_v above; + * (d) byte strings, as std::vector(d1), pair of iterators (d2) or pair + * (d3); and + * (e) Item subclass instances, including Array and Map. Items may be provided by naked pointer + * (e1), unique_ptr (e2), reference (e3) or value (e3). If provided by reference or value, will + * be moved if possible. If provided by pointer, ownership is taken. + * (f) null pointer; + * (g) enums, using the underlying integer value. + */ +template +std::unique_ptr makeItem(T v) { + Item* p = nullptr; + if constexpr (/* case a */ std::is_same_v) { + p = new Bool(v); + } else if constexpr (/* case b */ std::is_integral_v) { // b + if (v < 0) { + p = new Nint(v); + } else { + p = new Uint(static_cast(v)); + } + } else if constexpr (/* case c */ // + details::is_text_type_v::value) { + p = new Tstr(v); + } else if constexpr (/* case d1 */ // + std::is_same_v>, + std::vector> + /* case d2 */ // + || details::is_iterator_pair_over::value + /* case d3 */ // + || std::is_same_v>, + std::pair>) { + p = new Bstr(v); + } else if constexpr (/* case e1 */ // + std::is_pointer_v && + std::is_base_of_v>) { + p = v; + } else if constexpr (/* case e2 */ // + details::is_unique_ptr_of_subclass_of_v::value) { + p = v.release(); + } else if constexpr (/* case e3 */ // + std::is_base_of_v) { + p = new T(std::move(v)); + } else if constexpr (/* case f */ std::is_null_pointer_v) { + p = new Null(); + } else if constexpr (/* case g */ std::is_enum_v) { + return makeItem(static_cast>(v)); + } else { + // It's odd that this can't be static_assert(false), since it shouldn't be evaluated if one + // of the above ifs matches. But static_assert(false) always triggers. + static_assert(std::is_same_v, "makeItem called with unsupported type"); + } + return std::unique_ptr(p); +} + +inline void map_helper(Map& /* map */) {} + +template +inline void map_helper(Map& map, Key&& key, Value&& value, Rest&&... rest) { + map.add(std::forward(key), std::forward(value)); + map_helper(map, std::forward(rest)...); +} + +} // namespace details + +template >> || ...)>> +Array::Array(Args&&... args) { + mEntries.reserve(sizeof...(args)); + (mEntries.push_back(details::makeItem(std::forward(args))), ...); +} + +template +Array& Array::add(T&& v) & { + mEntries.push_back(details::makeItem(std::forward(v))); + return *this; +} + +template +Array&& Array::add(T&& v) && { + mEntries.push_back(details::makeItem(std::forward(v))); + return std::move(*this); +} + +template > +Map::Map(Args&&... args) { + static_assert((sizeof...(Args)) % 2 == 0, "Map must have an even number of entries"); + mEntries.reserve(sizeof...(args) / 2); + details::map_helper(*this, std::forward(args)...); +} + +template +Map& Map::add(Key&& key, Value&& value) & { + mEntries.push_back({details::makeItem(std::forward(key)), + details::makeItem(std::forward(value))}); + mCanonicalized = false; + return *this; +} + +template +Map&& Map::add(Key&& key, Value&& value) && { + this->add(std::forward(key), std::forward(value)); + return std::move(*this); +} + +static const std::unique_ptr kEmptyItemPtr; + +template || std::is_enum_v || + details::is_text_type_v::value>> +const std::unique_ptr& Map::get(Key key) const { + auto keyItem = details::makeItem(key); + + if (mCanonicalized) { + // It's sorted, so binary-search it. + auto found = std::lower_bound(begin(), end(), keyItem.get(), + [](const entry_type& entry, const Item* key) { + return keyLess(entry.first.get(), key); + }); + return (found == end() || *found->first != *keyItem) ? kEmptyItemPtr : found->second; + } else { + // Unsorted, do a linear search. + auto found = std::find_if( + begin(), end(), [&](const entry_type& entry) { return *entry.first == *keyItem; }); + return found == end() ? kEmptyItemPtr : found->second; + } +} + +template +SemanticTag::SemanticTag(uint64_t value, T&& taggedItem) + : mValue(value), mTaggedItem(details::makeItem(std::forward(taggedItem))) {} + +} // namespace cppbor diff --git a/ProvisioningTool/keymint/include/cppbor/cppbor_parse.h b/ProvisioningTool/keymint/include/cppbor/cppbor_parse.h new file mode 100644 index 00000000..22cd18d0 --- /dev/null +++ b/ProvisioningTool/keymint/include/cppbor/cppbor_parse.h @@ -0,0 +1,195 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include "cppbor.h" + +namespace cppbor { + +using ParseResult = std::tuple /* result */, const uint8_t* /* newPos */, + std::string /* errMsg */>; + +/** + * Parse the first CBOR data item (possibly compound) from the range [begin, end). + * + * Returns a tuple of Item pointer, buffer pointer and error message. If parsing is successful, the + * Item pointer is non-null, the buffer pointer points to the first byte after the + * successfully-parsed item and the error message string is empty. If parsing fails, the Item + * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte + * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is + * too large for the remaining buffer, etc.) and the string contains an error message describing the + * problem encountered. + */ +ParseResult parse(const uint8_t* begin, const uint8_t* end); + +/** + * Parse the first CBOR data item (possibly compound) from the range [begin, end). + * + * Returns a tuple of Item pointer, buffer pointer and error message. If parsing is successful, the + * Item pointer is non-null, the buffer pointer points to the first byte after the + * successfully-parsed item and the error message string is empty. If parsing fails, the Item + * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte + * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is + * too large for the remaining buffer, etc.) and the string contains an error message describing the + * problem encountered. + * + * The returned CBOR data item will contain View* items backed by + * std::string_view types over the input range. + * WARNING! If the input range changes underneath, the corresponding views will + * carry the same change. + */ +ParseResult parseWithViews(const uint8_t* begin, const uint8_t* end); + +/** + * Parse the first CBOR data item (possibly compound) from the byte vector. + * + * Returns a tuple of Item pointer, buffer pointer and error message. If parsing is successful, the + * Item pointer is non-null, the buffer pointer points to the first byte after the + * successfully-parsed item and the error message string is empty. If parsing fails, the Item + * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte + * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is + * too large for the remaining buffer, etc.) and the string contains an error message describing the + * problem encountered. + */ +inline ParseResult parse(const std::vector& encoding) { + return parse(encoding.data(), encoding.data() + encoding.size()); +} + +/** + * Parse the first CBOR data item (possibly compound) from the range [begin, begin + size). + * + * Returns a tuple of Item pointer, buffer pointer and error message. If parsing is successful, the + * Item pointer is non-null, the buffer pointer points to the first byte after the + * successfully-parsed item and the error message string is empty. If parsing fails, the Item + * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte + * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is + * too large for the remaining buffer, etc.) and the string contains an error message describing the + * problem encountered. + */ +inline ParseResult parse(const uint8_t* begin, size_t size) { + return parse(begin, begin + size); +} + +/** + * Parse the first CBOR data item (possibly compound) from the range [begin, begin + size). + * + * Returns a tuple of Item pointer, buffer pointer and error message. If parsing is successful, the + * Item pointer is non-null, the buffer pointer points to the first byte after the + * successfully-parsed item and the error message string is empty. If parsing fails, the Item + * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte + * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is + * too large for the remaining buffer, etc.) and the string contains an error message describing the + * problem encountered. + * + * The returned CBOR data item will contain View* items backed by + * std::string_view types over the input range. + * WARNING! If the input range changes underneath, the corresponding views will + * carry the same change. + */ +inline ParseResult parseWithViews(const uint8_t* begin, size_t size) { + return parseWithViews(begin, begin + size); +} + +/** + * Parse the first CBOR data item (possibly compound) from the value contained in a Bstr. + * + * Returns a tuple of Item pointer, buffer pointer and error message. If parsing is successful, the + * Item pointer is non-null, the buffer pointer points to the first byte after the + * successfully-parsed item and the error message string is empty. If parsing fails, the Item + * pointer is null, the buffer pointer points to the first byte that was unparseable (the first byte + * of a data item header that is malformed in some way, e.g. an invalid value, or a length that is + * too large for the remaining buffer, etc.) and the string contains an error message describing the + * problem encountered. + */ +inline ParseResult parse(const Bstr* bstr) { + if (!bstr) + return ParseResult(nullptr, nullptr, "Null Bstr pointer"); + return parse(bstr->value()); +} + +class ParseClient; + +/** + * Parse the CBOR data in the range [begin, end) in streaming fashion, calling methods on the + * provided ParseClient when elements are found. + */ +void parse(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient); + +/** + * Parse the CBOR data in the range [begin, end) in streaming fashion, calling methods on the + * provided ParseClient when elements are found. Uses the View* item types + * instead of the copying ones. + */ +void parseWithViews(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient); + +/** + * Parse the CBOR data in the vector in streaming fashion, calling methods on the + * provided ParseClient when elements are found. + */ +inline void parse(const std::vector& encoding, ParseClient* parseClient) { + return parse(encoding.data(), encoding.data() + encoding.size(), parseClient); +} + +/** + * A pure interface that callers of the streaming parse functions must implement. + */ +class ParseClient { + public: + virtual ~ParseClient() {} + + /** + * Called when an item is found. The Item pointer points to the found item; use type() and + * the appropriate as*() method to examine the value. hdrBegin points to the first byte of the + * header, valueBegin points to the first byte of the value and end points one past the end of + * the item. In the case of header-only items, such as integers, and compound items (ARRAY, + * MAP or SEMANTIC) whose end has not yet been found, valueBegin and end are equal and point to + * the byte past the header. + * + * Note that for compound types (ARRAY, MAP, and SEMANTIC), the Item will have no content. For + * Map and Array items, the size() method will return a correct value, but the index operators + * are unsafe, and the object cannot be safely compared with another Array/Map. + * + * The method returns a ParseClient*. In most cases "return this;" will be the right answer, + * but a different ParseClient may be returned, which the parser will begin using. If the method + * returns nullptr, parsing will be aborted immediately. + */ + virtual ParseClient* item(std::unique_ptr& item, const uint8_t* hdrBegin, + const uint8_t* valueBegin, const uint8_t* end) = 0; + + /** + * Called when the end of a compound item (MAP or ARRAY) is found. The item argument will be + * the same one passed to the item() call -- and may be empty if item() moved its value out. + * hdrBegin, valueBegin and end point to the beginning of the item header, the beginning of the + * first contained value, and one past the end of the last contained value, respectively. + * + * Note that the Item will have no content. + * + * As with item(), itemEnd() can change the ParseClient by returning a different one, or end the + * parsing by returning nullptr; + */ + virtual ParseClient* itemEnd(std::unique_ptr& item, const uint8_t* hdrBegin, + const uint8_t* valueBegin, const uint8_t* end) = 0; + + /** + * Called when parsing encounters an error. position is set to the first unparsed byte (one + * past the last successfully-parsed byte) and errorMessage contains an message explaining what + * sort of error occurred. + */ + virtual void error(const uint8_t* position, const std::string& errorMessage) = 0; +}; + +} // namespace cppbor diff --git a/ProvisioningTool/keymint/include/cppcose/cppcose.h b/ProvisioningTool/keymint/include/cppcose/cppcose.h new file mode 100644 index 00000000..09a2d76f --- /dev/null +++ b/ProvisioningTool/keymint/include/cppcose/cppcose.h @@ -0,0 +1,218 @@ +/* + * Copyright (C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#pragma once + +#include +#include +#include +#include +#include + +#include +#include + +namespace cppcose { + +template class ErrMsgOr; +using bytevec = std::vector; + +constexpr int kCoseSign1EntryCount = 4; +constexpr int kCoseSign1ProtectedParams = 0; +constexpr int kCoseSign1UnprotectedParams = 1; +constexpr int kCoseSign1Payload = 2; +constexpr int kCoseSign1Signature = 3; + +constexpr int kCoseMac0EntryCount = 4; +constexpr int kCoseMac0ProtectedParams = 0; +constexpr int kCoseMac0UnprotectedParams = 1; +constexpr int kCoseMac0Payload = 2; +constexpr int kCoseMac0Tag = 3; + +constexpr int kCoseEncryptEntryCount = 4; +constexpr int kCoseEncryptProtectedParams = 0; +constexpr int kCoseEncryptUnprotectedParams = 1; +constexpr int kCoseEncryptPayload = 2; +constexpr int kCoseEncryptRecipients = 3; + +enum Label : int { + ALGORITHM = 1, + KEY_ID = 4, + IV = 5, + COSE_KEY = -1, +}; + +enum CoseKeyAlgorithm : int { + AES_GCM_256 = 3, + HMAC_256 = 5, + ES256 = -7, // ECDSA with SHA-256 + EDDSA = -8, + ECDH_ES_HKDF_256 = -25, +}; + +enum CoseKeyCurve : int { P256 = 1, X25519 = 4, ED25519 = 6 }; +enum CoseKeyType : int { OCTET_KEY_PAIR = 1, EC2 = 2, SYMMETRIC_KEY = 4 }; +enum CoseKeyOps : int { SIGN = 1, VERIFY = 2, ENCRYPT = 3, DECRYPT = 4 }; + +constexpr int kAesGcmNonceLength = 12; +constexpr int kAesGcmTagSize = 16; +constexpr int kAesGcmKeySize = 32; +constexpr int kAesGcmKeySizeBits = 256; + +template class ErrMsgOr { + public: + ErrMsgOr(std::string errMsg) // NOLINT(google-explicit-constructor) + : errMsg_(std::move(errMsg)) {} + ErrMsgOr(const char* errMsg) // NOLINT(google-explicit-constructor) + : errMsg_(errMsg) {} + ErrMsgOr(T val) // NOLINT(google-explicit-constructor) + : value_(std::move(val)) {} + + explicit operator bool() const { return value_.has_value(); } + + T* operator->() & { + assert(value_); + return &value_.value(); + } + T& operator*() & { + assert(value_); + return value_.value(); + }; + T&& operator*() && { + assert(value_); + return std::move(value_).value(); + }; + + const std::string& message() { return errMsg_; } + std::string moveMessage() { return std::move(errMsg_); } + + T moveValue() { + assert(value_); + return std::move(value_).value(); + } + + private: + std::string errMsg_; + std::optional value_; +}; + +class CoseKey { + public: + CoseKey() {} + CoseKey(const CoseKey&) = delete; + CoseKey(CoseKey&&) = default; + + enum Label : int { + KEY_TYPE = 1, + KEY_ID = 2, + ALGORITHM = 3, + KEY_OPS = 4, + CURVE = -1, + PUBKEY_X = -2, + PUBKEY_Y = -3, + PRIVATE_KEY = -4, + TEST_KEY = -70000 // Application-defined + }; + + static ErrMsgOr parse(const bytevec& coseKey) { + auto [parsedKey, _, errMsg] = cppbor::parse(coseKey); + if (!parsedKey) return errMsg + " when parsing key"; + if (!parsedKey->asMap()) return "CoseKey must be a map"; + return CoseKey(static_cast(parsedKey.release())); + } + + static ErrMsgOr parse(const bytevec& coseKey, CoseKeyType expectedKeyType, + CoseKeyAlgorithm expectedAlgorithm, CoseKeyCurve expectedCurve) { + auto key = parse(coseKey); + if (!key) return key; + + if (!key->checkIntValue(CoseKey::KEY_TYPE, expectedKeyType) || + !key->checkIntValue(CoseKey::ALGORITHM, expectedAlgorithm) || + !key->checkIntValue(CoseKey::CURVE, expectedCurve)) { + return "Unexpected key type:"; + } + + return key; + } + static ErrMsgOr parseP256(const bytevec& coseKey) { + auto key = parse(coseKey, EC2, ES256, P256); + if (!key) return key; + + auto& pubkey_x = key->getMap().get(PUBKEY_X); + auto& pubkey_y = key->getMap().get(PUBKEY_Y); + if (!pubkey_x || !pubkey_y || !pubkey_x->asBstr() || !pubkey_y->asBstr() || + pubkey_x->asBstr()->value().size() != 32 || pubkey_y->asBstr()->value().size() != 32) { + return "Invalid P256 public key"; + } + + return key; + } + + std::optional getIntValue(Label label) { + const auto& value = key_->get(label); + if (!value || !value->asInt()) return {}; + return value->asInt()->value(); + } + + std::optional getBstrValue(Label label) { + const auto& value = key_->get(label); + if (!value || !value->asBstr()) return {}; + return value->asBstr()->value(); + } + + const cppbor::Map& getMap() const { return *key_; } + cppbor::Map&& moveMap() { return std::move(*key_); } + + bool checkIntValue(Label label, int expectedValue) { + const auto& value = key_->get(label); + return value && value->asInt() && value->asInt()->value() == expectedValue; + } + + void add(Label label, int value) { key_->add(label, value); } + void add(Label label, bytevec value) { key_->add(label, std::move(value)); } + + bytevec encode() { return key_->canonicalize().encode(); } + + private: + explicit CoseKey(cppbor::Map* parsedKey) : key_(parsedKey) {} + + // This is the full parsed key structure. + std::unique_ptr key_; +}; + +ErrMsgOr createCoseSign1Signature(const bytevec& key, const bytevec& protectedParams, + const bytevec& payload, const bytevec& aad); +ErrMsgOr constructCoseSign1(const bytevec& key, const bytevec& payload, + const bytevec& aad); +ErrMsgOr constructCoseSign1(const bytevec& key, cppbor::Map extraProtectedFields, + const bytevec& payload, const bytevec& aad); +/** + * Verify and parse a COSE_Sign1 message, returning the payload. + * + * @param ignoreSignature indicates whether signature verification should be skipped. If true, no + * verification of the signature will be done. + * + * @param coseSign1 is the COSE_Sign1 to verify and parse. + * + * @param signingCoseKey is a CBOR-encoded COSE_Key to use to verify the signature. The bytevec may + * be empty, in which case the function assumes that coseSign1's payload is the COSE_Key to + * use, i.e. that coseSign1 is a self-signed "certificate". + */ +ErrMsgOr verifyAndParseCoseSign1(bool ignoreSignature, + const cppbor::Array* coseSign1, + const bytevec& signingCoseKey, + const bytevec& aad); +} // namespace cppcose diff --git a/ProvisioningTool/keymint/include/json/assertions.h b/ProvisioningTool/keymint/include/json/assertions.h new file mode 100644 index 00000000..fbec7ae0 --- /dev/null +++ b/ProvisioningTool/keymint/include/json/assertions.h @@ -0,0 +1,54 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef CPPTL_JSON_ASSERTIONS_H_INCLUDED +#define CPPTL_JSON_ASSERTIONS_H_INCLUDED + +#include +#include + +#if !defined(JSON_IS_AMALGAMATION) +#include "config.h" +#endif // if !defined(JSON_IS_AMALGAMATION) + +/** It should not be possible for a maliciously designed file to + * cause an abort() or seg-fault, so these macros are used only + * for pre-condition violations and internal logic errors. + */ +#if JSON_USE_EXCEPTION + +// @todo <= add detail about condition in exception +# define JSON_ASSERT(condition) \ + {if (!(condition)) {Json::throwLogicError( "assert json failed" );}} + +# define JSON_FAIL_MESSAGE(message) \ + { \ + std::ostringstream oss; oss << message; \ + Json::throwLogicError(oss.str()); \ + abort(); \ + } + +#else // JSON_USE_EXCEPTION + +# define JSON_ASSERT(condition) assert(condition) + +// The call to assert() will show the failure message in debug builds. In +// release builds we abort, for a core-dump or debugger. +# define JSON_FAIL_MESSAGE(message) \ + { \ + std::ostringstream oss; oss << message; \ + assert(false && oss.str().c_str()); \ + abort(); \ + } + + +#endif + +#define JSON_ASSERT_MESSAGE(condition, message) \ + if (!(condition)) { \ + JSON_FAIL_MESSAGE(message); \ + } + +#endif // CPPTL_JSON_ASSERTIONS_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/autolink.h b/ProvisioningTool/keymint/include/json/autolink.h new file mode 100644 index 00000000..6fcc8afa --- /dev/null +++ b/ProvisioningTool/keymint/include/json/autolink.h @@ -0,0 +1,25 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef JSON_AUTOLINK_H_INCLUDED +#define JSON_AUTOLINK_H_INCLUDED + +#include "config.h" + +#ifdef JSON_IN_CPPTL +#include +#endif + +#if !defined(JSON_NO_AUTOLINK) && !defined(JSON_DLL_BUILD) && \ + !defined(JSON_IN_CPPTL) +#define CPPTL_AUTOLINK_NAME "json" +#undef CPPTL_AUTOLINK_DLL +#ifdef JSON_DLL +#define CPPTL_AUTOLINK_DLL +#endif +#include "autolink.h" +#endif + +#endif // JSON_AUTOLINK_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/config.h b/ProvisioningTool/keymint/include/json/config.h new file mode 100644 index 00000000..5ca32281 --- /dev/null +++ b/ProvisioningTool/keymint/include/json/config.h @@ -0,0 +1,119 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef JSON_CONFIG_H_INCLUDED +#define JSON_CONFIG_H_INCLUDED + +/// If defined, indicates that json library is embedded in CppTL library. +//# define JSON_IN_CPPTL 1 + +/// If defined, indicates that json may leverage CppTL library +//# define JSON_USE_CPPTL 1 +/// If defined, indicates that cpptl vector based map should be used instead of +/// std::map +/// as Value container. +//# define JSON_USE_CPPTL_SMALLMAP 1 + +// If non-zero, the library uses exceptions to report bad input instead of C +// assertion macros. The default is to use exceptions. +#ifndef JSON_USE_EXCEPTION +#define JSON_USE_EXCEPTION 1 +#endif + +/// If defined, indicates that the source file is amalgated +/// to prevent private header inclusion. +/// Remarks: it is automatically defined in the generated amalgated header. +// #define JSON_IS_AMALGAMATION + +#ifdef JSON_IN_CPPTL +#include +#ifndef JSON_USE_CPPTL +#define JSON_USE_CPPTL 1 +#endif +#endif + +#ifdef JSON_IN_CPPTL +#define JSON_API CPPTL_API +#elif defined(JSON_DLL_BUILD) +#if defined(_MSC_VER) +#define JSON_API __declspec(dllexport) +#define JSONCPP_DISABLE_DLL_INTERFACE_WARNING +#endif // if defined(_MSC_VER) +#elif defined(JSON_DLL) +#if defined(_MSC_VER) +#define JSON_API __declspec(dllimport) +#define JSONCPP_DISABLE_DLL_INTERFACE_WARNING +#endif // if defined(_MSC_VER) +#endif // ifdef JSON_IN_CPPTL +#if !defined(JSON_API) +#define JSON_API +#endif + +#if !defined(JSON_HAS_UNIQUE_PTR) +#if __cplusplus >= 201103L +#define JSON_HAS_UNIQUE_PTR (1) +#elif _MSC_VER >= 1600 +#define JSON_HAS_UNIQUE_PTR (1) +#else +#define JSON_HAS_UNIQUE_PTR (0) +#endif +#endif + +// If JSON_NO_INT64 is defined, then Json only support C++ "int" type for +// integer +// Storages, and 64 bits integer support is disabled. +// #define JSON_NO_INT64 1 + +#if defined(_MSC_VER) && _MSC_VER <= 1200 // MSVC 6 +// Microsoft Visual Studio 6 only support conversion from __int64 to double +// (no conversion from unsigned __int64). +#define JSON_USE_INT64_DOUBLE_CONVERSION 1 +// Disable warning 4786 for VS6 caused by STL (identifier was truncated to '255' +// characters in the debug information) +// All projects I've ever seen with VS6 were using this globally (not bothering +// with pragma push/pop). +#pragma warning(disable : 4786) +#endif // if defined(_MSC_VER) && _MSC_VER < 1200 // MSVC 6 + +#if defined(_MSC_VER) && _MSC_VER >= 1500 // MSVC 2008 +/// Indicates that the following function is deprecated. +#define JSONCPP_DEPRECATED(message) __declspec(deprecated(message)) +#elif defined(__clang__) && defined(__has_feature) +#if __has_feature(attribute_deprecated_with_message) +#define JSONCPP_DEPRECATED(message) __attribute__ ((deprecated(message))) +#endif +#elif defined(__GNUC__) && (__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 5)) +#define JSONCPP_DEPRECATED(message) __attribute__ ((deprecated(message))) +#elif defined(__GNUC__) && (__GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)) +#define JSONCPP_DEPRECATED(message) __attribute__((__deprecated__)) +#endif + +#if !defined(JSONCPP_DEPRECATED) +#define JSONCPP_DEPRECATED(message) +#endif // if !defined(JSONCPP_DEPRECATED) + +namespace Json { +typedef int Int; +typedef unsigned int UInt; +#if defined(JSON_NO_INT64) +typedef int LargestInt; +typedef unsigned int LargestUInt; +#undef JSON_HAS_INT64 +#else // if defined(JSON_NO_INT64) +// For Microsoft Visual use specific types as long long is not supported +#if defined(_MSC_VER) // Microsoft Visual Studio +typedef __int64 Int64; +typedef unsigned __int64 UInt64; +#else // if defined(_MSC_VER) // Other platforms, use long long +typedef long long int Int64; +typedef unsigned long long int UInt64; +#endif // if defined(_MSC_VER) +typedef Int64 LargestInt; +typedef UInt64 LargestUInt; +#define JSON_HAS_INT64 +#endif // if defined(JSON_NO_INT64) +} // end namespace Json + +#endif // JSON_CONFIG_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/features.h b/ProvisioningTool/keymint/include/json/features.h new file mode 100644 index 00000000..78135478 --- /dev/null +++ b/ProvisioningTool/keymint/include/json/features.h @@ -0,0 +1,51 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef CPPTL_JSON_FEATURES_H_INCLUDED +#define CPPTL_JSON_FEATURES_H_INCLUDED + +#if !defined(JSON_IS_AMALGAMATION) +#include "forwards.h" +#endif // if !defined(JSON_IS_AMALGAMATION) + +namespace Json { + +/** \brief Configuration passed to reader and writer. + * This configuration object can be used to force the Reader or Writer + * to behave in a standard conforming way. + */ +class JSON_API Features { +public: + /** \brief A configuration that allows all features and assumes all strings + * are UTF-8. + * - C & C++ comments are allowed + * - Root object can be any JSON value + * - Assumes Value strings are encoded in UTF-8 + */ + static Features all(); + + /** \brief A configuration that is strictly compatible with the JSON + * specification. + * - Comments are forbidden. + * - Root object must be either an array or an object value. + * - Assumes Value strings are encoded in UTF-8 + */ + static Features strictMode(); + + /** \brief Initialize the configuration like JsonConfig::allFeatures; + */ + Features(); + + /// \c true if comments are allowed. Default: \c true. + bool allowComments_; + + /// \c true if root must be either an array or an object value. Default: \c + /// false. + bool strictRoot_; +}; + +} // namespace Json + +#endif // CPPTL_JSON_FEATURES_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/forwards.h b/ProvisioningTool/keymint/include/json/forwards.h new file mode 100644 index 00000000..ccfe09ab --- /dev/null +++ b/ProvisioningTool/keymint/include/json/forwards.h @@ -0,0 +1,37 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef JSON_FORWARDS_H_INCLUDED +#define JSON_FORWARDS_H_INCLUDED + +#if !defined(JSON_IS_AMALGAMATION) +#include "config.h" +#endif // if !defined(JSON_IS_AMALGAMATION) + +namespace Json { + +// writer.h +class FastWriter; +class StyledWriter; + +// reader.h +class Reader; + +// features.h +class Features; + +// value.h +typedef unsigned int ArrayIndex; +class StaticString; +class Path; +class PathArgument; +class Value; +class ValueIteratorBase; +class ValueIterator; +class ValueConstIterator; + +} // namespace Json + +#endif // JSON_FORWARDS_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/json.h b/ProvisioningTool/keymint/include/json/json.h new file mode 100644 index 00000000..8f10ac2b --- /dev/null +++ b/ProvisioningTool/keymint/include/json/json.h @@ -0,0 +1,15 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef JSON_JSON_H_INCLUDED +#define JSON_JSON_H_INCLUDED + +#include "autolink.h" +#include "value.h" +#include "reader.h" +#include "writer.h" +#include "features.h" + +#endif // JSON_JSON_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/reader.h b/ProvisioningTool/keymint/include/json/reader.h new file mode 100644 index 00000000..9c9923a5 --- /dev/null +++ b/ProvisioningTool/keymint/include/json/reader.h @@ -0,0 +1,360 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef CPPTL_JSON_READER_H_INCLUDED +#define CPPTL_JSON_READER_H_INCLUDED + +#if !defined(JSON_IS_AMALGAMATION) +#include "features.h" +#include "value.h" +#endif // if !defined(JSON_IS_AMALGAMATION) +#include +#include +#include +#include +#include + +// Disable warning C4251: : needs to have dll-interface to +// be used by... +#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) +#pragma warning(push) +#pragma warning(disable : 4251) +#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) + +namespace Json { + +/** \brief Unserialize a JSON document into a + *Value. + * + * \deprecated Use CharReader and CharReaderBuilder. + */ +class JSON_API Reader { +public: + typedef char Char; + typedef const Char* Location; + + /** \brief Constructs a Reader allowing all features + * for parsing. + */ + Reader(); + + /** \brief Constructs a Reader allowing the specified feature set + * for parsing. + */ + Reader(const Features& features); + + /** \brief Read a Value from a JSON + * document. + * \param document UTF-8 encoded string containing the document to read. + * \param root [out] Contains the root value of the document if it was + * successfully parsed. + * \param collectComments \c true to collect comment and allow writing them + * back during + * serialization, \c false to discard comments. + * This parameter is ignored if + * Features::allowComments_ + * is \c false. + * \return \c true if the document was successfully parsed, \c false if an + * error occurred. + */ + bool + parse(const std::string& document, Value& root, bool collectComments = true); + + /** \brief Read a Value from a JSON + document. + * \param beginDoc Pointer on the beginning of the UTF-8 encoded string of the + document to read. + * \param endDoc Pointer on the end of the UTF-8 encoded string of the + document to read. + * Must be >= beginDoc. + * \param root [out] Contains the root value of the document if it was + * successfully parsed. + * \param collectComments \c true to collect comment and allow writing them + back during + * serialization, \c false to discard comments. + * This parameter is ignored if + Features::allowComments_ + * is \c false. + * \return \c true if the document was successfully parsed, \c false if an + error occurred. + */ + bool parse(const char* beginDoc, + const char* endDoc, + Value& root, + bool collectComments = true); + + /// \brief Parse from input stream. + /// \see Json::operator>>(std::istream&, Json::Value&). + bool parse(std::istream& is, Value& root, bool collectComments = true); + + /** \brief Returns a user friendly string that list errors in the parsed + * document. + * \return Formatted error message with the list of errors with their location + * in + * the parsed document. An empty string is returned if no error + * occurred + * during parsing. + * \deprecated Use getFormattedErrorMessages() instead (typo fix). + */ + JSONCPP_DEPRECATED("Use getFormattedErrorMessages() instead.") + std::string getFormatedErrorMessages() const; + + /** \brief Returns a user friendly string that list errors in the parsed + * document. + * \return Formatted error message with the list of errors with their location + * in + * the parsed document. An empty string is returned if no error + * occurred + * during parsing. + */ + std::string getFormattedErrorMessages() const; + +private: + enum TokenType { + tokenEndOfStream = 0, + tokenObjectBegin, + tokenObjectEnd, + tokenArrayBegin, + tokenArrayEnd, + tokenString, + tokenNumber, + tokenTrue, + tokenFalse, + tokenNull, + tokenArraySeparator, + tokenMemberSeparator, + tokenComment, + tokenError + }; + + class Token { + public: + TokenType type_; + Location start_; + Location end_; + }; + + class ErrorInfo { + public: + Token token_; + std::string message_; + Location extra_; + }; + + typedef std::deque Errors; + + bool readToken(Token& token); + void skipSpaces(); + bool match(Location pattern, int patternLength); + bool readComment(); + bool readCStyleComment(); + bool readCppStyleComment(); + bool readString(); + void readNumber(); + bool readValue(); + bool readObject(Token& token); + bool readArray(Token& token); + bool decodeNumber(Token& token); + bool decodeNumber(Token& token, Value& decoded); + bool decodeString(Token& token); + bool decodeString(Token& token, std::string& decoded); + bool decodeDouble(Token& token); + bool decodeDouble(Token& token, Value& decoded); + bool decodeUnicodeCodePoint(Token& token, + Location& current, + Location end, + unsigned int& unicode); + bool decodeUnicodeEscapeSequence(Token& token, + Location& current, + Location end, + unsigned int& unicode); + bool addError(const std::string& message, Token& token, Location extra = 0); + bool recoverFromError(TokenType skipUntilToken); + bool addErrorAndRecover(const std::string& message, + Token& token, + TokenType skipUntilToken); + void skipUntilSpace(); + Value& currentValue(); + Char getNextChar(); + void + getLocationLineAndColumn(Location location, int& line, int& column) const; + std::string getLocationLineAndColumn(Location location) const; + void addComment(Location begin, Location end, CommentPlacement placement); + void skipCommentTokens(Token& token); + + typedef std::stack Nodes; + Nodes nodes_; + Errors errors_; + std::string document_; + Location begin_; + Location end_; + Location current_; + Location lastValueEnd_; + Value* lastValue_; + std::string commentsBefore_; + Features features_; + bool collectComments_; +}; // Reader + +/** Interface for reading JSON from a char array. + */ +class JSON_API CharReader { +public: + virtual ~CharReader() {} + /** \brief Read a Value from a JSON + document. + * The document must be a UTF-8 encoded string containing the document to read. + * + * \param beginDoc Pointer on the beginning of the UTF-8 encoded string of the + document to read. + * \param endDoc Pointer on the end of the UTF-8 encoded string of the + document to read. + * Must be >= beginDoc. + * \param root [out] Contains the root value of the document if it was + * successfully parsed. + * \param errs [out] Formatted error messages (if not NULL) + * a user friendly string that lists errors in the parsed + * document. + * \return \c true if the document was successfully parsed, \c false if an + error occurred. + */ + virtual bool parse( + char const* beginDoc, char const* endDoc, + Value* root, std::string* errs) = 0; + + class Factory { + public: + virtual ~Factory() {} + /** \brief Allocate a CharReader via operator new(). + * \throw std::exception if something goes wrong (e.g. invalid settings) + */ + virtual CharReader* newCharReader() const = 0; + }; // Factory +}; // CharReader + +/** \brief Build a CharReader implementation. + +Usage: +\code + using namespace Json; + CharReaderBuilder builder; + builder["collectComments"] = false; + Value value; + std::string errs; + bool ok = parseFromStream(builder, std::cin, &value, &errs); +\endcode +*/ +class JSON_API CharReaderBuilder : public CharReader::Factory { +public: + // Note: We use a Json::Value so that we can add data-members to this class + // without a major version bump. + /** Configuration of this builder. + These are case-sensitive. + Available settings (case-sensitive): + - `"collectComments": false or true` + - true to collect comment and allow writing them + back during serialization, false to discard comments. + This parameter is ignored if allowComments is false. + - `"allowComments": false or true` + - true if comments are allowed. + - `"strictRoot": false or true` + - true if root must be either an array or an object value + - `"allowDroppedNullPlaceholders": false or true` + - true if dropped null placeholders are allowed. (See StreamWriterBuilder.) + - `"allowNumericKeys": false or true` + - true if numeric object keys are allowed. + - `"allowSingleQuotes": false or true` + - true if '' are allowed for strings (both keys and values) + - `"stackLimit": integer` + - Exceeding stackLimit (recursive depth of `readValue()`) will + cause an exception. + - This is a security issue (seg-faults caused by deeply nested JSON), + so the default is low. + - `"failIfExtra": false or true` + - If true, `parse()` returns false when extra non-whitespace trails + the JSON value in the input string. + - `"rejectDupKeys": false or true` + - If true, `parse()` returns false when a key is duplicated within an object. + - `"allowSpecialFloats": false or true` + - If true, special float values (NaNs and infinities) are allowed + and their values are lossfree restorable. + + You can examine 'settings_` yourself + to see the defaults. You can also write and read them just like any + JSON Value. + \sa setDefaults() + */ + Json::Value settings_; + + CharReaderBuilder(); + virtual ~CharReaderBuilder(); + + virtual CharReader* newCharReader() const; + + /** \return true if 'settings' are legal and consistent; + * otherwise, indicate bad settings via 'invalid'. + */ + bool validate(Json::Value* invalid) const; + + /** A simple way to update a specific setting. + */ + Value& operator[](std::string key); + + /** Called by ctor, but you can use this to reset settings_. + * \pre 'settings' != NULL (but Json::null is fine) + * \remark Defaults: + * \snippet src/lib_json/json_reader.cpp CharReaderBuilderDefaults + */ + static void setDefaults(Json::Value* settings); + /** Same as old Features::strictMode(). + * \pre 'settings' != NULL (but Json::null is fine) + * \remark Defaults: + * \snippet src/lib_json/json_reader.cpp CharReaderBuilderStrictMode + */ + static void strictMode(Json::Value* settings); +}; + +/** Consume entire stream and use its begin/end. + * Someday we might have a real StreamReader, but for now this + * is convenient. + */ +bool JSON_API parseFromStream( + CharReader::Factory const&, + std::istream&, + Value* root, std::string* errs); + +/** \brief Read from 'sin' into 'root'. + + Always keep comments from the input JSON. + + This can be used to read a file into a particular sub-object. + For example: + \code + Json::Value root; + cin >> root["dir"]["file"]; + cout << root; + \endcode + Result: + \verbatim + { + "dir": { + "file": { + // The input stream JSON would be nested here. + } + } + } + \endverbatim + \throw std::exception on parse error. + \see Json::operator<<() +*/ +JSON_API std::istream& operator>>(std::istream&, Value&); + +} // namespace Json + +#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) +#pragma warning(pop) +#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) + +#endif // CPPTL_JSON_READER_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/value.h b/ProvisioningTool/keymint/include/json/value.h new file mode 100644 index 00000000..66433f88 --- /dev/null +++ b/ProvisioningTool/keymint/include/json/value.h @@ -0,0 +1,850 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef CPPTL_JSON_H_INCLUDED +#define CPPTL_JSON_H_INCLUDED + +#if !defined(JSON_IS_AMALGAMATION) +#include "forwards.h" +#endif // if !defined(JSON_IS_AMALGAMATION) +#include +#include +#include + +#ifndef JSON_USE_CPPTL_SMALLMAP +#include +#else +#include +#endif +#ifdef JSON_USE_CPPTL +#include +#endif + +// Disable warning C4251: : needs to have dll-interface to +// be used by... +#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) +#pragma warning(push) +#pragma warning(disable : 4251) +#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) + +//Conditional NORETURN attribute on the throw functions would: +// a) suppress false positives from static code analysis +// b) possibly improve optimization opportunities. +#if !defined(JSONCPP_NORETURN) +# if defined(_MSC_VER) +# define JSONCPP_NORETURN __declspec(noreturn) +# elif defined(__GNUC__) +# define JSONCPP_NORETURN __attribute__ ((__noreturn__)) +# else +# define JSONCPP_NORETURN +# endif +#endif + +/** \brief JSON (JavaScript Object Notation). + */ +namespace Json { + +/** Base class for all exceptions we throw. + * + * We use nothing but these internally. Of course, STL can throw others. + */ +class JSON_API Exception : public std::exception { +public: + Exception(std::string const& msg); + virtual ~Exception() throw(); + virtual char const* what() const throw(); +protected: + std::string const msg_; +}; + +/** Exceptions which the user cannot easily avoid. + * + * E.g. out-of-memory (when we use malloc), stack-overflow, malicious input + * + * \remark derived from Json::Exception + */ +class JSON_API RuntimeError : public Exception { +public: + RuntimeError(std::string const& msg); +}; + +/** Exceptions thrown by JSON_ASSERT/JSON_FAIL macros. + * + * These are precondition-violations (user bugs) and internal errors (our bugs). + * + * \remark derived from Json::Exception + */ +class JSON_API LogicError : public Exception { +public: + LogicError(std::string const& msg); +}; + +/// used internally +JSONCPP_NORETURN void throwRuntimeError(std::string const& msg); +/// used internally +JSONCPP_NORETURN void throwLogicError(std::string const& msg); + +/** \brief Type of the value held by a Value object. + */ +enum ValueType { + nullValue = 0, ///< 'null' value + intValue, ///< signed integer value + uintValue, ///< unsigned integer value + realValue, ///< double value + stringValue, ///< UTF-8 string value + booleanValue, ///< bool value + arrayValue, ///< array value (ordered list) + objectValue ///< object value (collection of name/value pairs). +}; + +enum CommentPlacement { + commentBefore = 0, ///< a comment placed on the line before a value + commentAfterOnSameLine, ///< a comment just after a value on the same line + commentAfter, ///< a comment on the line after a value (only make sense for + /// root value) + numberOfCommentPlacement +}; + +//# ifdef JSON_USE_CPPTL +// typedef CppTL::AnyEnumerator EnumMemberNames; +// typedef CppTL::AnyEnumerator EnumValues; +//# endif + +/** \brief Lightweight wrapper to tag static string. + * + * Value constructor and objectValue member assignement takes advantage of the + * StaticString and avoid the cost of string duplication when storing the + * string or the member name. + * + * Example of usage: + * \code + * Json::Value aValue( StaticString("some text") ); + * Json::Value object; + * static const StaticString code("code"); + * object[code] = 1234; + * \endcode + */ +class JSON_API StaticString { +public: + explicit StaticString(const char* czstring) : c_str_(czstring) {} + + operator const char*() const { return c_str_; } + + const char* c_str() const { return c_str_; } + +private: + const char* c_str_; +}; + +/** \brief Represents a JSON value. + * + * This class is a discriminated union wrapper that can represents a: + * - signed integer [range: Value::minInt - Value::maxInt] + * - unsigned integer (range: 0 - Value::maxUInt) + * - double + * - UTF-8 string + * - boolean + * - 'null' + * - an ordered list of Value + * - collection of name/value pairs (javascript object) + * + * The type of the held value is represented by a #ValueType and + * can be obtained using type(). + * + * Values of an #objectValue or #arrayValue can be accessed using operator[]() + * methods. + * Non-const methods will automatically create the a #nullValue element + * if it does not exist. + * The sequence of an #arrayValue will be automatically resized and initialized + * with #nullValue. resize() can be used to enlarge or truncate an #arrayValue. + * + * The get() methods can be used to obtain default value in the case the + * required element does not exist. + * + * It is possible to iterate over the list of a #objectValue values using + * the getMemberNames() method. + * + * \note #Value string-length fit in size_t, but keys must be < 2^30. + * (The reason is an implementation detail.) A #CharReader will raise an + * exception if a bound is exceeded to avoid security holes in your app, + * but the Value API does *not* check bounds. That is the responsibility + * of the caller. + */ +class JSON_API Value { + friend class ValueIteratorBase; +public: + typedef std::vector Members; + typedef ValueIterator iterator; + typedef ValueConstIterator const_iterator; + typedef Json::UInt UInt; + typedef Json::Int Int; +#if defined(JSON_HAS_INT64) + typedef Json::UInt64 UInt64; + typedef Json::Int64 Int64; +#endif // defined(JSON_HAS_INT64) + typedef Json::LargestInt LargestInt; + typedef Json::LargestUInt LargestUInt; + typedef Json::ArrayIndex ArrayIndex; + + static const Value& nullRef; +#if !defined(__ARMEL__) + /// \deprecated This exists for binary compatibility only. Use nullRef. + static const Value null; +#endif + /// Minimum signed integer value that can be stored in a Json::Value. + static const LargestInt minLargestInt; + /// Maximum signed integer value that can be stored in a Json::Value. + static const LargestInt maxLargestInt; + /// Maximum unsigned integer value that can be stored in a Json::Value. + static const LargestUInt maxLargestUInt; + + /// Minimum signed int value that can be stored in a Json::Value. + static const Int minInt; + /// Maximum signed int value that can be stored in a Json::Value. + static const Int maxInt; + /// Maximum unsigned int value that can be stored in a Json::Value. + static const UInt maxUInt; + +#if defined(JSON_HAS_INT64) + /// Minimum signed 64 bits int value that can be stored in a Json::Value. + static const Int64 minInt64; + /// Maximum signed 64 bits int value that can be stored in a Json::Value. + static const Int64 maxInt64; + /// Maximum unsigned 64 bits int value that can be stored in a Json::Value. + static const UInt64 maxUInt64; +#endif // defined(JSON_HAS_INT64) + +//MW: workaround for bug in NVIDIAs CUDA 7.5 nvcc compiler +#ifdef __NVCC__ +public: +#else +private: +#endif //__NVCC__ +#ifndef JSONCPP_DOC_EXCLUDE_IMPLEMENTATION + class CZString { + public: + enum DuplicationPolicy { + noDuplication = 0, + duplicate, + duplicateOnCopy + }; + CZString(ArrayIndex index); + CZString(char const* str, unsigned length, DuplicationPolicy allocate); + CZString(CZString const& other); + ~CZString(); + CZString& operator=(CZString other); + bool operator<(CZString const& other) const; + bool operator==(CZString const& other) const; + ArrayIndex index() const; + //const char* c_str() const; ///< \deprecated + char const* data() const; + unsigned length() const; + bool isStaticString() const; + + private: + void swap(CZString& other); + + struct StringStorage { + unsigned policy_: 2; + unsigned length_: 30; // 1GB max + }; + + char const* cstr_; // actually, a prefixed string, unless policy is noDup + union { + ArrayIndex index_; + StringStorage storage_; + }; + }; + +public: +#ifndef JSON_USE_CPPTL_SMALLMAP + typedef std::map ObjectValues; +#else + typedef CppTL::SmallMap ObjectValues; +#endif // ifndef JSON_USE_CPPTL_SMALLMAP +#endif // ifndef JSONCPP_DOC_EXCLUDE_IMPLEMENTATION + +public: + /** \brief Create a default Value of the given type. + + This is a very useful constructor. + To create an empty array, pass arrayValue. + To create an empty object, pass objectValue. + Another Value can then be set to this one by assignment. +This is useful since clear() and resize() will not alter types. + + Examples: +\code +Json::Value null_value; // null +Json::Value arr_value(Json::arrayValue); // [] +Json::Value obj_value(Json::objectValue); // {} +\endcode + */ + Value(ValueType type = nullValue); + Value(Int value); + Value(UInt value); +#if defined(JSON_HAS_INT64) + Value(Int64 value); + Value(UInt64 value); +#endif // if defined(JSON_HAS_INT64) + Value(double value); + Value(const char* value); ///< Copy til first 0. (NULL causes to seg-fault.) + Value(const char* begin, const char* end); ///< Copy all, incl zeroes. + /** \brief Constructs a value from a static string. + + * Like other value string constructor but do not duplicate the string for + * internal storage. The given string must remain alive after the call to this + * constructor. + * \note This works only for null-terminated strings. (We cannot change the + * size of this class, so we have nowhere to store the length, + * which might be computed later for various operations.) + * + * Example of usage: + * \code + * static StaticString foo("some text"); + * Json::Value aValue(foo); + * \endcode + */ + Value(const StaticString& value); + Value(const std::string& value); ///< Copy data() til size(). Embedded zeroes too. +#ifdef JSON_USE_CPPTL + Value(const CppTL::ConstString& value); +#endif + Value(bool value); + /// Deep copy. + Value(const Value& other); + ~Value(); + + /// Deep copy, then swap(other). + /// \note Over-write existing comments. To preserve comments, use #swapPayload(). + Value &operator=(const Value &other); + /// Swap everything. + void swap(Value& other); + /// Swap values but leave comments and source offsets in place. + void swapPayload(Value& other); + + ValueType type() const; + + /// Compare payload only, not comments etc. + bool operator<(const Value& other) const; + bool operator<=(const Value& other) const; + bool operator>=(const Value& other) const; + bool operator>(const Value& other) const; + bool operator==(const Value& other) const; + bool operator!=(const Value& other) const; + int compare(const Value& other) const; + + const char* asCString() const; ///< Embedded zeroes could cause you trouble! + std::string asString() const; ///< Embedded zeroes are possible. + /** Get raw char* of string-value. + * \return false if !string. (Seg-fault if str or end are NULL.) + */ + bool getString( + char const** begin, char const** end) const; +#ifdef JSON_USE_CPPTL + CppTL::ConstString asConstString() const; +#endif + Int asInt() const; + UInt asUInt() const; +#if defined(JSON_HAS_INT64) + Int64 asInt64() const; + UInt64 asUInt64() const; +#endif // if defined(JSON_HAS_INT64) + LargestInt asLargestInt() const; + LargestUInt asLargestUInt() const; + float asFloat() const; + double asDouble() const; + bool asBool() const; + + bool isNull() const; + bool isBool() const; + bool isInt() const; + bool isInt64() const; + bool isUInt() const; + bool isUInt64() const; + bool isIntegral() const; + bool isDouble() const; + bool isNumeric() const; + bool isString() const; + bool isArray() const; + bool isObject() const; + + bool isConvertibleTo(ValueType other) const; + + /// Number of values in array or object + ArrayIndex size() const; + + /// \brief Return true if empty array, empty object, or null; + /// otherwise, false. + bool empty() const; + + /// Return isNull() + bool operator!() const; + + /// Remove all object members and array elements. + /// \pre type() is arrayValue, objectValue, or nullValue + /// \post type() is unchanged + void clear(); + + /// Resize the array to size elements. + /// New elements are initialized to null. + /// May only be called on nullValue or arrayValue. + /// \pre type() is arrayValue or nullValue + /// \post type() is arrayValue + void resize(ArrayIndex size); + + /// Access an array element (zero based index ). + /// If the array contains less than index element, then null value are + /// inserted + /// in the array so that its size is index+1. + /// (You may need to say 'value[0u]' to get your compiler to distinguish + /// this from the operator[] which takes a string.) + Value& operator[](ArrayIndex index); + + /// Access an array element (zero based index ). + /// If the array contains less than index element, then null value are + /// inserted + /// in the array so that its size is index+1. + /// (You may need to say 'value[0u]' to get your compiler to distinguish + /// this from the operator[] which takes a string.) + Value& operator[](int index); + + /// Access an array element (zero based index ) + /// (You may need to say 'value[0u]' to get your compiler to distinguish + /// this from the operator[] which takes a string.) + const Value& operator[](ArrayIndex index) const; + + /// Access an array element (zero based index ) + /// (You may need to say 'value[0u]' to get your compiler to distinguish + /// this from the operator[] which takes a string.) + const Value& operator[](int index) const; + + /// If the array contains at least index+1 elements, returns the element + /// value, + /// otherwise returns defaultValue. + Value get(ArrayIndex index, const Value& defaultValue) const; + /// Return true if index < size(). + bool isValidIndex(ArrayIndex index) const; + /// \brief Append value to array at the end. + /// + /// Equivalent to jsonvalue[jsonvalue.size()] = value; + Value& append(const Value& value); + + /// Access an object value by name, create a null member if it does not exist. + /// \note Because of our implementation, keys are limited to 2^30 -1 chars. + /// Exceeding that will cause an exception. + Value& operator[](const char* key); + /// Access an object value by name, returns null if there is no member with + /// that name. + const Value& operator[](const char* key) const; + /// Access an object value by name, create a null member if it does not exist. + /// \param key may contain embedded nulls. + Value& operator[](const std::string& key); + /// Access an object value by name, returns null if there is no member with + /// that name. + /// \param key may contain embedded nulls. + const Value& operator[](const std::string& key) const; + /** \brief Access an object value by name, create a null member if it does not + exist. + + * If the object has no entry for that name, then the member name used to store + * the new entry is not duplicated. + * Example of use: + * \code + * Json::Value object; + * static const StaticString code("code"); + * object[code] = 1234; + * \endcode + */ + Value& operator[](const StaticString& key); +#ifdef JSON_USE_CPPTL + /// Access an object value by name, create a null member if it does not exist. + Value& operator[](const CppTL::ConstString& key); + /// Access an object value by name, returns null if there is no member with + /// that name. + const Value& operator[](const CppTL::ConstString& key) const; +#endif + /// Return the member named key if it exist, defaultValue otherwise. + /// \note deep copy + Value get(const char* key, const Value& defaultValue) const; + /// Return the member named key if it exist, defaultValue otherwise. + /// \note deep copy + /// \note key may contain embedded nulls. + Value get(const char* begin, const char* end, const Value& defaultValue) const; + /// Return the member named key if it exist, defaultValue otherwise. + /// \note deep copy + /// \param key may contain embedded nulls. + Value get(const std::string& key, const Value& defaultValue) const; +#ifdef JSON_USE_CPPTL + /// Return the member named key if it exist, defaultValue otherwise. + /// \note deep copy + Value get(const CppTL::ConstString& key, const Value& defaultValue) const; +#endif + /// Most general and efficient version of isMember()const, get()const, + /// and operator[]const + /// \note As stated elsewhere, behavior is undefined if (end-begin) >= 2^30 + Value const* find(char const* begin, char const* end) const; + /// Most general and efficient version of object-mutators. + /// \note As stated elsewhere, behavior is undefined if (end-begin) >= 2^30 + /// \return non-zero, but JSON_ASSERT if this is neither object nor nullValue. + Value const* demand(char const* begin, char const* end); + /// \brief Remove and return the named member. + /// + /// Do nothing if it did not exist. + /// \return the removed Value, or null. + /// \pre type() is objectValue or nullValue + /// \post type() is unchanged + /// \deprecated + Value removeMember(const char* key); + /// Same as removeMember(const char*) + /// \param key may contain embedded nulls. + /// \deprecated + Value removeMember(const std::string& key); + /// Same as removeMember(const char* begin, const char* end, Value* removed), + /// but 'key' is null-terminated. + bool removeMember(const char* key, Value* removed); + /** \brief Remove the named map member. + + Update 'removed' iff removed. + \param key may contain embedded nulls. + \return true iff removed (no exceptions) + */ + bool removeMember(std::string const& key, Value* removed); + /// Same as removeMember(std::string const& key, Value* removed) + bool removeMember(const char* begin, const char* end, Value* removed); + /** \brief Remove the indexed array element. + + O(n) expensive operations. + Update 'removed' iff removed. + \return true iff removed (no exceptions) + */ + bool removeIndex(ArrayIndex i, Value* removed); + + /// Return true if the object has a member named key. + /// \note 'key' must be null-terminated. + bool isMember(const char* key) const; + /// Return true if the object has a member named key. + /// \param key may contain embedded nulls. + bool isMember(const std::string& key) const; + /// Same as isMember(std::string const& key)const + bool isMember(const char* begin, const char* end) const; +#ifdef JSON_USE_CPPTL + /// Return true if the object has a member named key. + bool isMember(const CppTL::ConstString& key) const; +#endif + + /// \brief Return a list of the member names. + /// + /// If null, return an empty list. + /// \pre type() is objectValue or nullValue + /// \post if type() was nullValue, it remains nullValue + Members getMemberNames() const; + + //# ifdef JSON_USE_CPPTL + // EnumMemberNames enumMemberNames() const; + // EnumValues enumValues() const; + //# endif + + /// \deprecated Always pass len. + JSONCPP_DEPRECATED("Use setComment(std::string const&) instead.") + void setComment(const char* comment, CommentPlacement placement); + /// Comments must be //... or /* ... */ + void setComment(const char* comment, size_t len, CommentPlacement placement); + /// Comments must be //... or /* ... */ + void setComment(const std::string& comment, CommentPlacement placement); + bool hasComment(CommentPlacement placement) const; + /// Include delimiters and embedded newlines. + std::string getComment(CommentPlacement placement) const; + + std::string toStyledString() const; + + const_iterator begin() const; + const_iterator end() const; + + iterator begin(); + iterator end(); + +private: + void initBasic(ValueType type, bool allocated = false); + + Value& resolveReference(const char* key); + Value& resolveReference(const char* key, const char* end); + + struct CommentInfo { + CommentInfo(); + ~CommentInfo(); + + void setComment(const char* text, size_t len); + + char* comment_; + }; + + // struct MemberNamesTransform + //{ + // typedef const char *result_type; + // const char *operator()( const CZString &name ) const + // { + // return name.c_str(); + // } + //}; + + union ValueHolder { + LargestInt int_; + LargestUInt uint_; + double real_; + bool bool_; + char* string_; // actually ptr to unsigned, followed by str, unless !allocated_ + ObjectValues* map_; + } value_; + ValueType type_ : 8; + unsigned int allocated_ : 1; // Notes: if declared as bool, bitfield is useless. + // If not allocated_, string_ must be null-terminated. + CommentInfo* comments_; +}; + +/** \brief Experimental and untested: represents an element of the "path" to + * access a node. + */ +class JSON_API PathArgument { +public: + friend class Path; + + PathArgument(); + PathArgument(ArrayIndex index); + PathArgument(const char* key); + PathArgument(const std::string& key); + +private: + enum Kind { + kindNone = 0, + kindIndex, + kindKey + }; + std::string key_; + ArrayIndex index_; + Kind kind_; +}; + +/** \brief Experimental and untested: represents a "path" to access a node. + * + * Syntax: + * - "." => root node + * - ".[n]" => elements at index 'n' of root node (an array value) + * - ".name" => member named 'name' of root node (an object value) + * - ".name1.name2.name3" + * - ".[0][1][2].name1[3]" + * - ".%" => member name is provided as parameter + * - ".[%]" => index is provied as parameter + */ +class JSON_API Path { +public: + Path(const std::string& path, + const PathArgument& a1 = PathArgument(), + const PathArgument& a2 = PathArgument(), + const PathArgument& a3 = PathArgument(), + const PathArgument& a4 = PathArgument(), + const PathArgument& a5 = PathArgument()); + + const Value& resolve(const Value& root) const; + Value resolve(const Value& root, const Value& defaultValue) const; + /// Creates the "path" to access the specified node and returns a reference on + /// the node. + Value& make(Value& root) const; + +private: + typedef std::vector InArgs; + typedef std::vector Args; + + void makePath(const std::string& path, const InArgs& in); + void addPathInArg(const std::string& path, + const InArgs& in, + InArgs::const_iterator& itInArg, + PathArgument::Kind kind); + void invalidPath(const std::string& path, int location); + + Args args_; +}; + +/** \brief base class for Value iterators. + * + */ +class JSON_API ValueIteratorBase { +public: + typedef std::bidirectional_iterator_tag iterator_category; + typedef unsigned int size_t; + typedef int difference_type; + typedef ValueIteratorBase SelfType; + + bool operator==(const SelfType& other) const { return isEqual(other); } + + bool operator!=(const SelfType& other) const { return !isEqual(other); } + + difference_type operator-(const SelfType& other) const { + return other.computeDistance(*this); + } + + /// Return either the index or the member name of the referenced value as a + /// Value. + Value key() const; + + /// Return the index of the referenced Value, or -1 if it is not an arrayValue. + UInt index() const; + + /// Return the member name of the referenced Value, or "" if it is not an + /// objectValue. + /// \note Avoid `c_str()` on result, as embedded zeroes are possible. + std::string name() const; + + /// Return the member name of the referenced Value. "" if it is not an + /// objectValue. + /// \deprecated This cannot be used for UTF-8 strings, since there can be embedded nulls. + JSONCPP_DEPRECATED("Use `key = name();` instead.") + char const* memberName() const; + /// Return the member name of the referenced Value, or NULL if it is not an + /// objectValue. + /// \note Better version than memberName(). Allows embedded nulls. + char const* memberName(char const** end) const; + +protected: + Value& deref() const; + + void increment(); + + void decrement(); + + difference_type computeDistance(const SelfType& other) const; + + bool isEqual(const SelfType& other) const; + + void copy(const SelfType& other); + +private: + Value::ObjectValues::iterator current_; + // Indicates that iterator is for a null value. + bool isNull_; + +public: + // For some reason, BORLAND needs these at the end, rather + // than earlier. No idea why. + ValueIteratorBase(); + explicit ValueIteratorBase(const Value::ObjectValues::iterator& current); +}; + +/** \brief const iterator for object and array value. + * + */ +class JSON_API ValueConstIterator : public ValueIteratorBase { + friend class Value; + +public: + typedef const Value value_type; + //typedef unsigned int size_t; + //typedef int difference_type; + typedef const Value& reference; + typedef const Value* pointer; + typedef ValueConstIterator SelfType; + + ValueConstIterator(); + +private: +/*! \internal Use by Value to create an iterator. + */ + explicit ValueConstIterator(const Value::ObjectValues::iterator& current); +public: + SelfType& operator=(const ValueIteratorBase& other); + + SelfType operator++(int) { + SelfType temp(*this); + ++*this; + return temp; + } + + SelfType operator--(int) { + SelfType temp(*this); + --*this; + return temp; + } + + SelfType& operator--() { + decrement(); + return *this; + } + + SelfType& operator++() { + increment(); + return *this; + } + + reference operator*() const { return deref(); } + + pointer operator->() const { return &deref(); } +}; + +/** \brief Iterator for object and array value. + */ +class JSON_API ValueIterator : public ValueIteratorBase { + friend class Value; + +public: + typedef Value value_type; + typedef unsigned int size_t; + typedef int difference_type; + typedef Value& reference; + typedef Value* pointer; + typedef ValueIterator SelfType; + + ValueIterator(); + ValueIterator(const ValueConstIterator& other); + ValueIterator(const ValueIterator& other); + +private: +/*! \internal Use by Value to create an iterator. + */ + explicit ValueIterator(const Value::ObjectValues::iterator& current); +public: + SelfType& operator=(const SelfType& other); + + SelfType operator++(int) { + SelfType temp(*this); + ++*this; + return temp; + } + + SelfType operator--(int) { + SelfType temp(*this); + --*this; + return temp; + } + + SelfType& operator--() { + decrement(); + return *this; + } + + SelfType& operator++() { + increment(); + return *this; + } + + reference operator*() const { return deref(); } + + pointer operator->() const { return &deref(); } +}; + +} // namespace Json + + +namespace std { +/// Specialize std::swap() for Json::Value. +template<> +inline void swap(Json::Value& a, Json::Value& b) { a.swap(b); } +} + + +#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) +#pragma warning(pop) +#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) + +#endif // CPPTL_JSON_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/version.h b/ProvisioningTool/keymint/include/json/version.h new file mode 100644 index 00000000..d0f3dcb0 --- /dev/null +++ b/ProvisioningTool/keymint/include/json/version.h @@ -0,0 +1,13 @@ +// DO NOT EDIT. This file (and "version") is generated by CMake. +// Run CMake configure step to update it. +#ifndef JSON_VERSION_H_INCLUDED +# define JSON_VERSION_H_INCLUDED + +# define JSONCPP_VERSION_STRING "0.10.7" +# define JSONCPP_VERSION_MAJOR 0 +# define JSONCPP_VERSION_MINOR 10 +# define JSONCPP_VERSION_PATCH 7 +# define JSONCPP_VERSION_QUALIFIER +# define JSONCPP_VERSION_HEXA ((JSONCPP_VERSION_MAJOR << 24) | (JSONCPP_VERSION_MINOR << 16) | (JSONCPP_VERSION_PATCH << 8)) + +#endif // JSON_VERSION_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/json/writer.h b/ProvisioningTool/keymint/include/json/writer.h new file mode 100644 index 00000000..a7fd11d2 --- /dev/null +++ b/ProvisioningTool/keymint/include/json/writer.h @@ -0,0 +1,320 @@ +// Copyright 2007-2010 Baptiste Lepilleur +// Distributed under MIT license, or public domain if desired and +// recognized in your jurisdiction. +// See file LICENSE for detail or copy at http://jsoncpp.sourceforge.net/LICENSE + +#ifndef JSON_WRITER_H_INCLUDED +#define JSON_WRITER_H_INCLUDED + +#if !defined(JSON_IS_AMALGAMATION) +#include "value.h" +#endif // if !defined(JSON_IS_AMALGAMATION) +#include +#include +#include + +// Disable warning C4251: : needs to have dll-interface to +// be used by... +#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) +#pragma warning(push) +#pragma warning(disable : 4251) +#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) + +namespace Json { + +class Value; + +/** + +Usage: +\code + using namespace Json; + void writeToStdout(StreamWriter::Factory const& factory, Value const& value) { + std::unique_ptr const writer( + factory.newStreamWriter()); + writer->write(value, &std::cout); + std::cout << std::endl; // add lf and flush + } +\endcode +*/ +class JSON_API StreamWriter { +protected: + std::ostream* sout_; // not owned; will not delete +public: + StreamWriter(); + virtual ~StreamWriter(); + /** Write Value into document as configured in sub-class. + Do not take ownership of sout, but maintain a reference during function. + \pre sout != NULL + \return zero on success (For now, we always return zero, so check the stream instead.) + \throw std::exception possibly, depending on configuration + */ + virtual int write(Value const& root, std::ostream* sout) = 0; + + /** \brief A simple abstract factory. + */ + class JSON_API Factory { + public: + virtual ~Factory(); + /** \brief Allocate a CharReader via operator new(). + * \throw std::exception if something goes wrong (e.g. invalid settings) + */ + virtual StreamWriter* newStreamWriter() const = 0; + }; // Factory +}; // StreamWriter + +/** \brief Write into stringstream, then return string, for convenience. + * A StreamWriter will be created from the factory, used, and then deleted. + */ +std::string JSON_API writeString(StreamWriter::Factory const& factory, Value const& root); + + +/** \brief Build a StreamWriter implementation. + +Usage: +\code + using namespace Json; + Value value = ...; + StreamWriterBuilder builder; + builder["commentStyle"] = "None"; + builder["indentation"] = " "; // or whatever you like + std::unique_ptr writer( + builder.newStreamWriter()); + writer->write(value, &std::cout); + std::cout << std::endl; // add lf and flush +\endcode +*/ +class JSON_API StreamWriterBuilder : public StreamWriter::Factory { +public: + // Note: We use a Json::Value so that we can add data-members to this class + // without a major version bump. + /** Configuration of this builder. + Available settings (case-sensitive): + - "commentStyle": "None" or "All" + - "indentation": "" + - "enableYAMLCompatibility": false or true + - slightly change the whitespace around colons + - "dropNullPlaceholders": false or true + - Drop the "null" string from the writer's output for nullValues. + Strictly speaking, this is not valid JSON. But when the output is being + fed to a browser's Javascript, it makes for smaller output and the + browser can handle the output just fine. + - "useSpecialFloats": false or true + - If true, outputs non-finite floating point values in the following way: + NaN values as "NaN", positive infinity as "Infinity", and negative infinity + as "-Infinity". + + You can examine 'settings_` yourself + to see the defaults. You can also write and read them just like any + JSON Value. + \sa setDefaults() + */ + Json::Value settings_; + + StreamWriterBuilder(); + virtual ~StreamWriterBuilder(); + + /** + * \throw std::exception if something goes wrong (e.g. invalid settings) + */ + virtual StreamWriter* newStreamWriter() const; + + /** \return true if 'settings' are legal and consistent; + * otherwise, indicate bad settings via 'invalid'. + */ + bool validate(Json::Value* invalid) const; + /** A simple way to update a specific setting. + */ + Value& operator[](std::string key); + + /** Called by ctor, but you can use this to reset settings_. + * \pre 'settings' != NULL (but Json::null is fine) + * \remark Defaults: + * \snippet src/lib_json/json_writer.cpp StreamWriterBuilderDefaults + */ + static void setDefaults(Json::Value* settings); +}; + +/** \brief Abstract class for writers. + * \deprecated Use StreamWriter. (And really, this is an implementation detail.) + */ +class JSON_API Writer { +public: + virtual ~Writer(); + + virtual std::string write(const Value& root) = 0; +}; + +/** \brief Outputs a Value in JSON format + *without formatting (not human friendly). + * + * The JSON document is written in a single line. It is not intended for 'human' + *consumption, + * but may be usefull to support feature such as RPC where bandwith is limited. + * \sa Reader, Value + * \deprecated Use StreamWriterBuilder. + */ +class JSON_API FastWriter : public Writer { + +public: + FastWriter(); + virtual ~FastWriter() {} + + void enableYAMLCompatibility(); + +public: // overridden from Writer + virtual std::string write(const Value& root); + +private: + void writeValue(const Value& value); + + std::string document_; + bool yamlCompatiblityEnabled_; +}; + +/** \brief Writes a Value in JSON format in a + *human friendly way. + * + * The rules for line break and indent are as follow: + * - Object value: + * - if empty then print {} without indent and line break + * - if not empty the print '{', line break & indent, print one value per + *line + * and then unindent and line break and print '}'. + * - Array value: + * - if empty then print [] without indent and line break + * - if the array contains no object value, empty array or some other value + *types, + * and all the values fit on one lines, then print the array on a single + *line. + * - otherwise, it the values do not fit on one line, or the array contains + * object or non empty array, then print one value per line. + * + * If the Value have comments then they are outputed according to their + *#CommentPlacement. + * + * \sa Reader, Value, Value::setComment() + * \deprecated Use StreamWriterBuilder. + */ +class JSON_API StyledWriter : public Writer { +public: + StyledWriter(); + virtual ~StyledWriter() {} + +public: // overridden from Writer + /** \brief Serialize a Value in JSON format. + * \param root Value to serialize. + * \return String containing the JSON document that represents the root value. + */ + virtual std::string write(const Value& root); + +private: + void writeValue(const Value& value); + void writeArrayValue(const Value& value); + bool isMultineArray(const Value& value); + void pushValue(const std::string& value); + void writeIndent(); + void writeWithIndent(const std::string& value); + void indent(); + void unindent(); + void writeCommentBeforeValue(const Value& root); + void writeCommentAfterValueOnSameLine(const Value& root); + bool hasCommentForValue(const Value& value); + static std::string normalizeEOL(const std::string& text); + + typedef std::vector ChildValues; + + ChildValues childValues_; + std::string document_; + std::string indentString_; + int rightMargin_; + int indentSize_; + bool addChildValues_; +}; + +/** \brief Writes a Value in JSON format in a + human friendly way, + to a stream rather than to a string. + * + * The rules for line break and indent are as follow: + * - Object value: + * - if empty then print {} without indent and line break + * - if not empty the print '{', line break & indent, print one value per + line + * and then unindent and line break and print '}'. + * - Array value: + * - if empty then print [] without indent and line break + * - if the array contains no object value, empty array or some other value + types, + * and all the values fit on one lines, then print the array on a single + line. + * - otherwise, it the values do not fit on one line, or the array contains + * object or non empty array, then print one value per line. + * + * If the Value have comments then they are outputed according to their + #CommentPlacement. + * + * \param indentation Each level will be indented by this amount extra. + * \sa Reader, Value, Value::setComment() + * \deprecated Use StreamWriterBuilder. + */ +class JSON_API StyledStreamWriter { +public: + StyledStreamWriter(std::string indentation = "\t"); + ~StyledStreamWriter() {} + +public: + /** \brief Serialize a Value in JSON format. + * \param out Stream to write to. (Can be ostringstream, e.g.) + * \param root Value to serialize. + * \note There is no point in deriving from Writer, since write() should not + * return a value. + */ + void write(std::ostream& out, const Value& root); + +private: + void writeValue(const Value& value); + void writeArrayValue(const Value& value); + bool isMultineArray(const Value& value); + void pushValue(const std::string& value); + void writeIndent(); + void writeWithIndent(const std::string& value); + void indent(); + void unindent(); + void writeCommentBeforeValue(const Value& root); + void writeCommentAfterValueOnSameLine(const Value& root); + bool hasCommentForValue(const Value& value); + static std::string normalizeEOL(const std::string& text); + + typedef std::vector ChildValues; + + ChildValues childValues_; + std::ostream* document_; + std::string indentString_; + int rightMargin_; + std::string indentation_; + bool addChildValues_ : 1; + bool indented_ : 1; +}; + +#if defined(JSON_HAS_INT64) +std::string JSON_API valueToString(Int value); +std::string JSON_API valueToString(UInt value); +#endif // if defined(JSON_HAS_INT64) +std::string JSON_API valueToString(LargestInt value); +std::string JSON_API valueToString(LargestUInt value); +std::string JSON_API valueToString(double value); +std::string JSON_API valueToString(bool value); +std::string JSON_API valueToQuotedString(const char* value); + +/// \brief Output using the StyledStreamWriter. +/// \see Json::operator>>() +JSON_API std::ostream& operator<<(std::ostream&, const Value& root); + +} // namespace Json + +#if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) +#pragma warning(pop) +#endif // if defined(JSONCPP_DISABLE_DLL_INTERFACE_WARNING) + +#endif // JSON_WRITER_H_INCLUDED diff --git a/ProvisioningTool/keymint/include/socket.h b/ProvisioningTool/keymint/include/socket.h new file mode 100644 index 00000000..8f47325a --- /dev/null +++ b/ProvisioningTool/keymint/include/socket.h @@ -0,0 +1,53 @@ +/* + ** + ** Copyright 2021, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#pragma once + +class SocketTransport +{ +public: + static inline std::shared_ptr getInstance() { + static std::shared_ptr socket = std::shared_ptr(new SocketTransport()); + return socket; + } + + ~SocketTransport(); + /** + * Creates a socket instance and connects to the provided server IP and port. + */ + bool openConnection(); + /** + * Sends data over socket and receives data back. + */ + bool sendData(const std::vector &inData, std::vector &output); + /** + * Closes the connection. + */ + bool closeConnection(); + /** + * Returns the state of the connection status. Returns true if the connection is active, + * false if connection is broken. + */ + bool isConnected(); + +private: + SocketTransport() : mSocket(-1), socketStatus(false) {} + /** + * Socket instance. + */ + int mSocket; + bool socketStatus; +}; \ No newline at end of file diff --git a/ProvisioningTool/keymint/include/utils.h b/ProvisioningTool/keymint/include/utils.h new file mode 100644 index 00000000..9eb991bd --- /dev/null +++ b/ProvisioningTool/keymint/include/utils.h @@ -0,0 +1,30 @@ +/* + ** + ** Copyright 2021, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#pragma once +#include +#include +#include +#include +#include + +std::string getHexString(std::vector& input); + +std::string hex2str(std::string a); + +int readJsonFile(Json::Value& root, std::string& inputFileName); + +int writeJsonFile(Json::Value& writerRoot, std::string& outputFileName); \ No newline at end of file diff --git a/ProvisioningTool/keymint/lib/README.md b/ProvisioningTool/keymint/lib/README.md new file mode 100644 index 00000000..d9ac780e --- /dev/null +++ b/ProvisioningTool/keymint/lib/README.md @@ -0,0 +1,25 @@ +# Instructions to build jsoncpp +Download the code from below opensource link: +https://github.com/open-source-parsers/jsoncpp/tree/0.y.z + +#### Unzip it +
+unzip jsoncpp-0.y.z.zip
+cd jsoncpp-0.y.z
+
+ +#### Build +
+$ mkdir -p build/debug
+$ cd build/debug
+$ cmake -DCMAKE_BUILD_TYPE=debug -DBUILD_STATIC_LIBS=ON -DBUILD_SHARED_LIBS=ON -DARCHIVE_INSTALL_DIR=. -G "Unix Makefiles" ../..
+$ make
+
+ +#### Check the generated static and dynamic link library +
+$ find . -name *.a
+./src/lib_json/libjsoncpp.a
+$ find . -name *.so
+./src/lib_json/libjsoncpp.so
+
diff --git a/ProvisioningTool/keymint/lib/libjsoncpp.a b/ProvisioningTool/keymint/lib/libjsoncpp.a new file mode 100644 index 0000000000000000000000000000000000000000..601854f494e9d1a8c8be89a22bef826b5dcc4cb5 GIT binary patch literal 2640366 zcmeEv3!G#}RrhR2NC*iN5F|c;0mTG_WO{aHAK{hFZpWGIBg4*a5+Ts(nYp{$Nl*8r zr+XjhCL1?nb{q#*B^n=KRFnv)@d3n;geAme!3P0RqoAycy2GGEURe>z_divq9{1j= z+ugTsPk?Xuu{kw;t4>v&I(6#QIj5>#{OV$DV$W;OzPK;^zkcganYRDi*Oyz}zkc;P z%5>e?Jv~qVaL;Ky11tYlXt2TqD?G5m11mhR!UHQju)+i1B|LE6ho0WE@^6I(D?G5m z11mhR!UHQju)+f?Jg~w8D?E@L54`ZVztFStZ-oXcJg~w8D?IQW#RG*mRQ64c?(HeO zVX{2BcdUTKwy}CHH?gN!E7WVnQhjD*BEO~_RCd?*A|hMssO@g7k&L4{+zy_NxskD< z!rr{@oa}|{8{=J{uhpuxk;<-WUUiL`I+V@%+dzK%=51pIO=!bTs?oV-IfkZ-wV6QV zs;?~+Cid^o<#Ge##Tl>*jZS6v$V7ZrqoorVg6*iBhiF_+9a$W2f>CW%0aOvsl2(J0U8RXrp+X1ok3PlSEu!$w#-(8(~X%u`71$>D6!VpAe;6%#VIcIJlC^v3GcR8Xn!sNN7%W{B|pg(2}rY|PgcCnp6@r5{v{o27QBIRg`o zS`AI{HMgJoa^?8-!9+c=oubbhYPI5l#B8~N$zTEkVq0TsJgBvlbxiPWVpdVPq+b#( zA)!F~vFYMOFeAr1M2g(*puR2GU#I28@mWxU8xtSa9MOq~)mNB19V|t+^)s&}>|(v+Qk$xc@iJty zHQCdZq6*rlI#w@?IaaS7g|T&o?VHC|liV7sPnZ2mg1?#_g&qBc9XYJrqnoiPUI~<$ zU?W5VW0Z;mOvRm*63LH^_%~WDfmuWJB(5GTY`;EMdaV>YTsl89QJfCONWrX3M25tN z!Youucd&(r_0^$mn6FCBahJ8Uo7QxT^|S^R#-U?@`*|gzC9}2CgQQsNg|D?Tn5v?b z(8t?ZoLAS?BD>k{{J@HO#(OVy>)j?%alo_j6 zf)SqrC0Jk-6w8kzNgJ?DVh>fS2el&hFe7@_j%^f5i!)Pm?5y8sBs#;w^68 zm}yqs1XJa5S2k+SO-=ZVJx4=dBAc7_K(}4&G%@Lgb{@(t)}_eMn<8e`yY~VnC$<9~ z?EKN08led{NYjP^p zC`q4<=XNMkj!rexYAw8O#n#H;(QU09ZuQn=7!Vq+Z21^AlI7s_jcT2jj|dCpJle3q zmJ`)6)y!_wWN_)k=4-NAY~^dB8CyBqR*tQ*teZH771~J$`mt3->ngHUs6BnvDyV1d zvZ&Wq#qH_JEfsXktdz>6scxVHebQht3q(kzbY`$uELVn*V(HAl7}{AST2U`ub?Noa zuVE$@3n`gWAv5{g(imGQrqn-PT4MF3)B#P^W}G!)lGMP&f-X(aSs+Vgut^2R-s@A~ znji@4aF%^PG%sw!f5?Dpu&Y_n4wI`*S7Z$f{hV73MbNk%&@5=!WIVC;P0|LnCn8+H z7%-xkaz0E_^NnN=>3^ffUW;T0%ZyD}<&5xBUT3f+Qf{pw&Si~K**JnULEZ%s!t~#5vNwJ3*YDf9-n8zEXoJ3MYI1uDkSAu6$-O7^|-@j7-9+ z2=|oihNDZl)vB68X$l6ZvGs*5<2lPI1n*DX%2a{%Csl(iluvcn^m4pBBv$kJsUA`# zxRJcw|MNwT<$Wpb<@+(`D;0keutR4X&}g0{P+S^D$ZDw+j})ztB6J{W>D zjZ9L;Lh&F@1x{+SyRN zr1zIxmwJwcGq*5%)NU`aU6wIW1wFMdWH9SsW{XB4q?1-#3u2kAH74qW6mfYXv_VS0 z+!{TlRQM{G!#AS&{Ca~6ynThRo*^b~?{+Zw=#Ijs=_?WNAW^r-Qix&QTG0OaLb0)b z#Goa7gl?=pRr0n<&or7|v8kw?xw)aq(k_;X1tAa7`t=3&@#<;s>${pWxwS$72#ZUh zI6Y1Ltkkl2?LKU}&C}(4IYh58SE^bEMeu^~yt_K-t%jlYBk_+cz_H zgB$(S)hJr@mZxhU1lQIA>^}uETI5Gba)!tvduU9U4r6h$6l}3*h-(we7%A-%x`{@eBo` zvm)K<6f)6?P`BKOMW0M{m)F9oMS0f*OUELw34X8CTOMm?*haoQbqWrb2K0j5V@d-P z)UxSfsYVv;wZ_b?LbAvPHJ+Es0JvIZ&DfSOPW#vGo))Yryfx2H~>9z3I`{!(`VmA3Vjs1qC&qOhj%IsarlDVL1u54y%Qrl z+9->{vYCkW4sChZj1He!p_j|mO{!Mx5Meipd9Y~iOIx z7R}z;;0;V^t<^>{bN;_rkZM_(seZX=eIU(FX$>Dss)nU8Rxg*2pE9V_ZUje;US0ob^d4{wt zB*y8ZJ0V^9!ik#DWg1*Mk6(fx{w;wRT<5qpYmL=_nDy6J)-%>2LzBPhp(RKWw6#uq z6-6xCaZYRA{1DHz*nHH}kq@iYYN)SD1dywYL}*jrkM`%c$xS4zRb?@GL$L>u>lHKy zG_~z6|*q|IEEvyb=RFtPmkc!RyOzv<+dOi=p4@O6lg@bG4 z3W!+p#~8=S+FjM!zG7{11d+I&8AYOC0<|H{;eCWcpQnG$&2k&4cvz;lD92p99pR~{CCSv3liCH_Ax%MUV96QM(G=NmpFD>x3y$a3!_t|aTaZ&)i}$zt4maDTE}Cl7OFSaGM|j6 zJ@qCLS0~L#To;K)QgzIdG|5W2Tyqk8m!zR56xY)Z)UoyM*vxAQhhL9MY`gH}Dz&3c z9S6q1=-TY8E3@U z$yl~sTOO9j3_CCg{f=!}b2HFc4uz1oFXpoA?Njk!Mi&yRHMLdOX-;ZE^ z!{GjXKX}RnCeZ9lb!5f_1<*2-6-vDa=uQ{|qwhX#jDD=AZz?K7VuV&2vhAo)4w2@g zUhA;$ua$Q1sV7gV zJf=aK&-I%PAy(ftu*PV&`ttAzZFAM_Uyz{7Qz`Vht%Y)RA1q|!)dm8=JuKl_nwDKp z(tZnd7B92)S6l6uhwy746%dg|w<k`f4p)^rkgfF7wse=z6Q8`I@rXr+(8;J&RDx%$rA{R84RDVTL3+wQ&_O$TCIbaog?i>5}B0bM;}nQTI>_F)U5?N!Qu1ruNIND zaW8*5AHTIXj;^<|n@%IV=1#>j&Lz!RRG(Nub)HqtSx!&uRu?uWmiXG{$)?R+u7%85 zM$@F7wX8WN?{el@fD$owum(Btwzdqpi+WZfXJ$=Xmq*UA7`c%+*CQbsUHN13)0wHc z2z3=pAw`qXv?NHAQKXcmPNXTssRvKX64hB=@l7{`srtLuJI9QsQaZbgh!5}7%*f!~w-5RZJEt^R-? zwI_NHVOR@oKeB44urYcqzW$9GNEHz;>Byusxn-LTcBFn2rxSX#Jd#rEQl}g0s+Kry zjp&B;aTDK_MHl;Q8Slrv8T4kQ43STDAQoFv7;dDs)<5E@#y7NdkHU>bHl4A0x$b}a zNnCL4i`db359P-;u%yV^qz|JzsnvSqO<;$VOz8~qh<=I~;z3W0`wp_|%hQqVo8;Lz z2t+tIN0CE&f-;`&6vllvC4~G0S0Ja`Q9#iu6g?4Y5Lx%H0PDf7Pd5>Ykz?mUZh4#s z>75n0Bpni}4Q~bATtx$HO#pZXN;8E@qg+N17M}b9W$CuBacPEvaF{IN(MGxukWMjD zg+uD*O?CAbC>Xyb3$_Jq>yJ@y}!C$hs1=T6*IhqK1^(PHGAx1+UPZMZI_ zeq*DbV3)P19=W`@b`WsQmLox??SyA#fr#r*bmeX(()Eu=ghHjSC7fJ6%++Og!8%ILCyiD+26B+l@O(~U|3wNg4^ zw7uOi#`dYv&EmvX3fUClb#1iwpM%Ruof)G-ms7xmu1?6cX*(Yh5n05lt?15P3u7oy zQ_{+5RDyX#1uUdAnKzY2Nwv2qXWdN?`Bh?~)?Fr9+PcfMEHt}PJi>}zvFolpBzY6$ zg1fX+G=znKvtT=NphW~tMS&BK#Uiar12>+?D0E36IP0eKA{3<=k_n_`W??8HEp%_O ztmBq|H;W@K=3Gg0Lnh+#yJ?@bEMb||lVpY4U|H0nbvriyNvI;R0WFd8skI4Hn62ei z#4QJcZyn=HA9R#Kmza6E>}&%R4MKL3Z8%qy^}5LPjo#U%g|+&0&RMJfkemWqHkF!iZ{>iPYR~psb~-b%=@Fv3t;b_-vGt9yRpk z=zLl$RJj613BQqVFl6NG+?=?Xs-m?oL;;sU5ivw2SQal)1iPy>Y+aHJYHPKXP30$h zi-;RSjs38OcVd@A6z`f^u`*emDikLsFfB~;IF{GHPYLe;4IgT|!q8R4aw7nTCTR0v zBzl`|F{o2NRQokmg{4w$ho0BO`V+1+YCKYERNRt9$9kg%uLSx;s!@Gvy@c9`_)B;< zoQmfDqTIUpj@P24Qcsg@MeR|=-{hv7Hh+^9r7$I$`HbA5fvm@}V8?S2;lb04DGc8* zF45ygYG%UrN%jSBM%?_3xf*{YB8*!Zb|5~+l7a(0rP>Z-3F8Ud2ATIa``N}je8yly z_6;!*g()JDT#wX@b?_T(3QFP+7I0-E3^U>lqT+xsU-(Ok9UX*jzirxqi_F47w=|K3 zr;rX=1t(HH45L}1#T&qAfrwcdnW{Fg*%wTt>e?v*jXgQnVgJ2aWXrLHk;4RLTyZGXL(HzHLGo&f+-mnZtkuG zlZB~Z3KzVk+eSssrD+>PDr{IjLKY(0#;fC-BF#tBAw%VsSj58c#c9h_H7(QnAe{)a zPXWX0kh+ULt%dx|pFu3DWn>7>~fI_)}*P@!E5fVKRvIx~Vs{S()YpP)&=C7`gM>ETa{f{MAC= z-8$`Po;8T(Ay|;btYMHm0yT6PvWk zhF2FW9zdw{NhQO}URaVz*%C5YMJlqyiQ7;W&hMPJ&CF9xQ4n3>#?odov5JspnrzF@ zuTy1|Y15&l&~_66;kY$xgLQQcoD8})6Ea0AX$#e2dfTPjtvs8qI%Ooz-V*n7bog)@rq`S$;BrZZcXTur-Q0w zv_{A8c8y?%^}+s$V7gwaR*c!g`c1CpAv~o_CNB53JOf$H9syaPG0icY#+yYlOPbW0zr)~ zRHA1h^fO(t9BSJxhjd`9UaXfU#_F|FWjFA`_fEQs>myxvCO&Rxu7z_DU8%fM){ zzGp*icY~g)P|=xOGW3bnEsgX*Ihee@w zB;Qi3?Z!z$M^*S-+@J7y(0rCH-E{RuwP4ppIG476e*uTmW~vn!$?FFSd;1M{t*!5= zRrhUgRO+RvAYZE?77LH+AQ}$}(*FIqTy6lzqDq3Vz?=RvgQowvA%SvBb$4kZ8-#1G zqL7Ud@L~~i>$2iZV9hx57H%Qq)Uf+~-n`W6N1x37?^`#1;8cEt{ zVVt(6XpdTw0R)((cOe-5vz5k zfLz9MxsBB+(g8;*yQ(31h)a`CQ+dl+X2JBhKxi&9m^r2u_yBjLI>P_pZmF zzyF)quwTCo+DdNiCfp`cLQp)68>3aEgq6jo;h;6`7ZXCsx==LI3kSJ$4+m%V;Zk3^ znoFpz;!hRmzdooG$LS)JT_e}b)Ueq{NL6LBfOsHER;qP89VKr4#)Ta6Qjc=!hJbEZ zARB)Uzl!i!9ZggMvJrAVq0~C{wKy|_C@rc-e9GsC_KIlyz52#-oQD1}yLH#otsdQJ z8%|*R+J;Y#whb1>@vr{uH*O4np%METc8A4~YTunfC z3)+D1c!^DBE?FSFXj=|bvc<^ zZnDiipY}CQ%hGff3SFa_l4@P6z&9w6L_$yQTE(UU7@Vfr${i6h#Oh!GGQ5g6p#_J8 zdCxur)+wU6ga`Sd&8-*e*p36!L39Oz8KP8&r3fada6WM_vBiPtZ8$?@M}~?@(Vueh zpW;gg3hs{=jQuo_KM>Cq`)MFQ8P65_DQq~FLx%qGX3p-k$jMvQ@b9U0Fk1|u(roZ3 zRX@H(54YMes(b-;r>rMdTlI{Fb{6<%MLPK_$i;U;imUuPnss7RB3m3L5>^^(ucFyQ z|J-radcEkDv{zP<&RZInD5~)m%~W;PPq8hXB%@NSV)V`BNaY$W9w=AEAySb6l9PT7 zF;OljWZ7_4I1sz1^uWvQQ+k90Jf@H#>|)qf$U=_MkfNXOUaN6mr?1ucaf=mLQ}TRRD{6oXFjfQxf9W=i zeL=ga7FQwcuY8|!1H~E3X&A$rTdlvl`+#aURU6o`IoevBxg2uMK`Bt=vTC&)FM|6S zXJFOc8`SEwLEKSwXkYeVtuM`NgYUWqJ&u}AZ@l?^kYFso=Tc1vM31PDe!C(w0qI)i z4z-4%U~0O~{*jK6=?Cu6H~&qmt!&4np5gXYVIN2uW~WtXS6ZitlyAr$Bb%)D@0e!f z{Eu@RCewymt*AUzmdwYDxpMq^?2F@t)XcYX4^5PVqK+BvlsPP9Rvl{)Fj9I;5HmBC z_RF6-=A$9F&u1V}Q5z-QX^GKNZ)hH#$3$V`3lOw{-E9}H}QAq((M&dqVw41l*b_x8N zw3H!GESH-=)Sn$__D5ZCj{XU{a~0igk>)_A}BKc=HO;R7oS6t03IQspa2@JrjVciNDz zQIQ>AFPykFIt5b8c;CGyYGZbWRlxEpwmDrSEi~!ut1w8j2(&d+$OKzgIy?YvWUVmM zba$+-WQ`%yS}~bYuqQI|v4iL@Ns0)*PCStDWx_!`5j{coE*i}x zs&u(ZC1_Qy>?C6xm3UXlm>xt1&Qs1mbe;k z^f=vuK&4=pun)N9;a}JPmm9AZ+Z9^g<#k1Zc|{X(%Pg*Fql18;@m7O{HiB2% zYOyhcsxBtZPL69JKl`062EQ!vh?5DKrhWhH0 zydOt{I5CnH?>B6 zclXSYTa_x>HyhA4P=@zF{xJ!;_(e9HguMad25Bmt13V+!HLGEPl&|LQDdFs-wx+dh zo{Qko%fFI>X^e9;+7!BLS`}H&J3)#I;pL5#JEkK~G*Hl~dBZG)QIQ%=5ADE*g)ZQZ zWFDIgTW^uXc z(fmhW$lrk{WpLB~mEafhg^3t`oD-G~Gm7q)Ud1aR+3hmdw@^ZQySf&q> zx~O$C{sVYJfp2!efme8DMW7h)%Ft&i&7v_-hJh?;*!1F@W~?PvR?XX~`=*q=t__QB zVz+`o>2eLrXwtQgP(3na!gCd_)bqL(6D$IcFB1!O*ShGPLL!EkwS=zKPS>l|s#Olb z`EIC&E+m7#C_}lme6^)SB+R$D*yYq5<9&4bOhb~^s^}(a zVu3F0QT6zDM`?@~#uSpW`(|fk$SPf1?Qgt=kBP(=mcy-h-nv*WSLvlZTs%0WuYuOV zS{>KYou=#dF>`SgjnQi%nsuIz`aoAy8&p(XE9&eM=8-B#RIjNB4Be z$XEo~;!y}Pp3A#DO1r=Y@~&3n@k%3`L7mmYvPk!d(jAT?@|AAbe@Az)i6e{t!CYqu zC$2A{9l0daiEpt9fH>-$vfn8hoYPDa2t!&Jmvh% z<|#n*6cwdmHxEvm;k;RVEaxep+UaGwCgtL6$1kzQR=XyM;*8glxvasd{{83 z#D2KW+pwP&*`7iz+g*)R_Fz)O6%)L~Yx%ue@LHnG5n<70(1Zx}QOiGDncX6}xvg56 zL0Xb7v0jpdvU+L1Q_y)g2T84$${(0_4J%hTb5pMsOLbggG>cC{YlW<8nR}drZ+I8ICO#FB zCX#pLs5c$1Ht>c9t6en-uL4*;??SP$-}ZY8$yL}@EMxCf$GuU)r`=&p0|zt^4_H$( z{-_cpNunv7rg`WEQVUx)?qh2$B$ZtIwp+H;s|V7cVy1PC^BR_U-^?1*C0inPN`+c! z_ntb8IJnXlzyo4nMrjhTCMysKavMCzJA&kFyY>)F0 z!DEFPagSo5T7mULx_Q;LU}>j}!TOLeoRGRK`?}V9(n#n62R1NwX>R5QQH_1)ibqm-*s1%2 zLhZwIBk10s$dyYFSL||pct%bIw;0j++S@HT07RpLQ5fZo*;!JY|s#N zBfF>Q36UKZiT>sq`qI>g0;6LpJkw7LP)n(gY=Y6Xc8vojG@A@Qsml9ouxYT7CB^45 zZn{rSQ=#Po@EF0;&?KMhw?Z7qnW)1YvL8Ln3BEEU{RjfbGCBU~1`g?zqh&hc%1S|N z%`s{LjvdhfTWGUlCl!#Z7%vJI#HEBFm<%39C)~!<6jkLz&!ewV9<5ATKZw>(R(-y1 z^dd2qfi$X!!#LG!!+u+t))9$Dk&U>OzJw#4ZwV&FCb<9skWpQj6{stZ{UG**cqn_l zbYj55gasU3s+S(GK54uqKF6mmk%5G<|Lja3*i)qC&}qk7z{h8Q1~%sxs2EWH4Xzb;^aY z`9kC@6Ff;=)>mA5O~Zo5mp4I{Kr?JEOMG}kp1Rc#7erhV7wC&yTzD|4fpJNMCPgro zabF!b#O6BZq+d;*XZNIcEtn9PcgSlx+7vu%C-I_s zt%^WU!lxoPB8q^Ee4hKG^aji311VsYZvfcZdOls)^%gwcXy8da+aqYI5tUxfM@c zl2qf^W4WUZMMt!B2$WQ8V3D?+?D<3>XNP_ICW>?M>c-l%ZhwJ935ss9ZOHA9&a>OU zi-vq~=yF`kkS4wWKC;V&pGQ;Mcz`(Uplg0QxF+D)MC8s?b*9@_9Z)1uVG2g3sm4^2 z=e>KKC4Ec;NiAD%i~F1RHo=45ViW^eZyn4dcDz`-3$W`!E{d~bi4OZF)d`_1;yMIo zxLLtE&JYr@+;>_P8JS{XBw*Nr40xc}$xN$YoyB#7Koi1m7z|wkn*3s?xnV zLZJi=yov#SsWuQ<;qicZ`f6O~GMW?=anZAoc;fA+*a8PdDXwXrWf+Fu2_fTN)s?rZM5D3we!$hz5zWZ1Z+wujk;(_Igbg8-1@M zW=SZ@wgqt`FE-GA!v4Z=P@I$^o&pS%p(q+PDz;$IWzhu|cWuQcz+h&h$9gUNr ziBsFX4xuUg`_=eV`%<;p%NT9Qdp!z)C{EmFTnXB)cQ;_hES;z^FD*TmQ>u(ip+@Ku zu%yVF_%iO%IzB{$M;=BulMF_;pb4oH>2PhPvOdt7gbf;5!lmU021LvRWBJL(Gm8nz z#_-&_u#L)hWH=Sel7?luWJw}qJPfvzbPcTPbeBTDJ@auIuc@(t$?+1^+Ds0CqOFK& zDqtRvhOs0IZwJT|48Uoy>JBpx3!0>`59j&G<&aM6vQMUANi!^VD~3N@SC z8HzSj0v9^4fTzXxMM&`D#`}(!S%&htb&=BRnCH zTV)f9uT#1bOaO5Hi_JLim0Fd;zIIAV6F*ArLj;FeN|aO3dXVMwMwSvr6;hEbikv>> zsJk1QX-r#jNI&TskjJcDpM`EMKU+fDxneqs3#)$!(M!v;_+l!Kl znTv!-buaFZsqWx-=ZLw99Ez*d%Z}=!vy67vgK;8(leSwI?MMooMC)6)K*&jncod`{ zD7bf27%s3qZ6|`#RY#sC85mB^2+TIV=K%wkhLz2vASR|&D1rt2hu54dc$pkl5V|@G zx1i#Y-f`8Tb(5u;dJ*pu3wJL>M{Y>nkEE_8*nzXBu?Pa{hG0vSfUTCitHI1nbyvE8 zcCk zbuh|ZB9A%BpICcmhGQ(5;$)!igYkHhn1VPR^7@uWgbfqHJLQRv{6DnuLL53o-VO>$ zhuqbN&mkM-X=PDW1}B%}b;)ja>LeNPI7zVkRT1@IA(scHiHTVVnS`i9TszP_7PfsU zAZ44e-I2KA8wRr#YW7|Yb}3q8WH_!6qvRn`*XA@g>ko`5^ddENVo*z<#)ExWa&m6iah{0XW^dzQ7M_2FRaNq7d>_xv^~Xm+(Av|Dy~ zFoaJAYMZ0l!Fo#39+s9j%&F)e*0!#oEgkP+eJzO39nm681H~up>|#B&5T?N^0L?$39@}lADF_G%RLS}kkg5nDDwd$30A|kGn4H0Gzi4oFQ+ZX6E z`rXyqfn?Le+E{*aVk_GN7L|@H7+CMu;7*;%>QtdPF#!{XX&%S7TkAz+EeCO92L(f{#sK=F3*{Ya9Rx3t zAckPFyxrJuR;OnWPd`GTlJumA7;m{dyiDv4Hx{IupI&zI#;;+L;e}ImnW8*qBd@@+ zD$8ZVFJ_;_@*w*v?0wQ&+9wfb3f44At?I02lS7tLycwC%<|MkSYIB~64Q9f=c7wgI z&3xuXsR=%5VN*ex93FAzS6)agXxc;2ppjZduZ~|IOw6^0MY7qQVvrF3NJ5{3aHb$_A9kuU1DoHzarS8Oc>aKdS z(gYEoCOZlN*5U5m)lAw$C|y;JiY@r{`s%rb3yn*>Co5vT?3UgWzm<>THL!lV>~#1* zVx7Zs*O7S}cRH5H#Jy&`G+C-avg0fpuIbcjFZ59CcW^lZPIv_S%80;5(0m74kyvQ3 z0uoWtrN@{(c1(-dZ<0?gGzCnE-u_Pa?MN)vKFcm;2 zw_5F5tgyc!rG~64q&3F%W>+DV*$&Mf-HO(4~!9Zc8G8ybI@Z+r4%t#q7FXE)XL?oVAl94;Q zOF+Bev2W`}i+tXMMWR=}Qx#sBfsvCU!>FfXt#M8rVGxS8nl{1etiF3Op`I4Dk0aVD z;82xj^cU8RP!uEiw&`|63_{!+i3-~Cwnn+XC4SJ1*A;$1Odn45HM>(+JR-eXFjoQZ zBuoW(8}b?&0GlmIY2fL&U0Un}W8%cRK0H0@ll5KG1<7TC$0J;e z>g7sJunZO3|NoiaiuoZ`ch$7zWatkx+{a24lANJ8w)>*$96#q3k?)%q{U7E<(YSr4NetBn3`~yFZ#*%P*qf#$T1&%TUp--~Z zjxlbhRTI^(e-9P1zl7Uc**7&x8?4Fl=-x54xj{fJ3sYLcgBo;8-h{#IAO5rs>pa3% z1AQe%EC-ffd8)8j!RV|mj8ta|mrvDqm5aM)M2%y3NYwXbq8j@mWI=U1vAYvlahvB8 zgz&l&DyQ2W2GQbOw4R1h&>U%=OS(>>^NZ8}IL{rRMvYpuZ}pyFf8<9sUYEoAaCMDD zCBNsl4!%AyHdE+_Ndr8b*7WNR|4UE+fl!M6-GF@@#qo~>h9)KQgs|?CI9&THx zmZVRz;aI{kNc-pp0;2BBF1mC#n4}?+eO)c~P&>dOwNhpGWkW)($?xykboE8GVAn;E zpZoV0AUtQt7KAs03w!&U6+X}`gSZbNsru`iVVE3mo~0R%ag$*^6XErZDu@#%g}g;? ztd6VnC&22ti9JRAP~HT&+!4j@A70^+6DtQ@eGS>C^mv*&r8010{y?eYzeq_Cx4J2= zV#bYgGT*N%sHnKx=2iYp2^~8h%aZsk2xZRon_1v3F@S49X*>So8@6uQNYDAyOXDSC zlaRDFh=%sjoK;+gwRo%`uM999wCm0Fi~LuKZGJR21|#g$@Q;Fb;LOwX8WlNv^&6q- zTwCV((k?bpU$CnJfja5FeU2>~sb%hqH6EX|Zavc?QbS?<5E~4#X@GwaZj5N|+LUFf zhH(h09JJsciGr4F|IL<>SXyV?azy2AFdYU1Sj+Oh<0Yg9HEHdOt@{L92E8Wzbr7WrA=vVFD|w5 z&7^gEiZd)yF0aZt-lZ`T!T{UOi5pM>8!8M_lWMVfA`K6~0ozoM$hV|Nq^w^l4Yq^M zr8T5PKV8n3Y4i-OTpCka;;{nK`SwU`jnwl%avrXeyKQX8g5uQGVzZC6GR+tp?sehJ zWsg%XFmOav-OHS#8SSpm4ive#tnyN_g%#aVL+W+ifh)t+-GRON8t*5K9K8&eWk>r$ zi?g>W&K1&ut?4@Hts&Qn1Q(?TR$taAmFvz)NnGB(-a@;#0bV@>+QEDUclBx~zHQ`z z;uI1Cv=S>LiMM5zRUuSf?eClPi(*^4+%Ip_l?1W0Wd(s;AF#Emy|Ycj`QyamCdCOB=F&FuHhYPJ8D zvMy94W+*qzL}}`}@>tz*ea_`zz}^(>Dq?dslZOe--aX3!a20FbwvcGfxp0KX(wT$lxY^&3 z+z>)oZPKuN4Vz=Hu~_UAe5;%>^eZDjR*uymQmRt{aNE$CAaOiG`GJN)+q+CrLquSo zSGOX3tQh4K3p=@z>+1_6w6}*dKz75?B`e@Wp0Qdl?=?_NKwT&AqVkrC3v1G>$aqLh zdtaa8u4%jd^0Y$<4DvED8PjoOheN7n{&Ka$)R*Z@G33k^t>%hM(JnXBE76>>(S9B*_jg0U`Bk{Z8O#)t>unn$3g_7Dd*BAsxcA(a@EK{xFAbuFE+gr-5P z_a(e-z{+Yx6G;1-TWgBiMs48Jv{52VSEp2lYV4L(?M;s}UED zh;aEd8VHyk+q8+sN!=pFxk3>s&o~T1Sn274kr9d+gw?OjsM0G@Dz~N5f%E4dEMhBgX->vtPVXlZNt2 zDN`h|tgDg3)@iUCZ6$30f?iLu94WfV&U)KkziSU3%#fnobc>=cYj_&6npt3bu%IbG z((*ZoWvkT+j?I*OW+X_X*6K=1KGNm09AWq$Vh?AtcAk-I%`DOxA++OT42zH_HI;$T z&4?{HqJ}xRGz;gRc+4@V6=!gHXuS}Kx0h7>Z$|jX3JqXa_XVi%*G!OidNFt^`N8)U zgwMs0SuxtNVsdpae97;{obv*{lW0piKla=A)(1Ql>Uj|g!WRtZ=2c?7mk zA%1@&H^F_-OpHJ$GV~eq zE_t`DWz@*!EFIiZJ5aX|ERPK(Z0TE`I&*6<+@aUXd_b>t0u|;5Z#Qlrv5q z*UNm@I*toCaOtVL1&9URKJIuQZJEesjFTY?rdFJ?vtVkJbO(mAh~5w!fJ8#zbq#x9 zwy>rXFABXijUqc441nov7N*$jXruPo%Vk|u+rH(hj}8d=-V;t?Hz4WUihZ7{6&j-N z3K2Q&muISl4P;<)|DE8eW`LCRZXp9PM_t8kVtM*%HZYiUsjW}A1}$t412SA@Lgux? zbiGy(5{r$2A?sX%g-zSmI%$}hJ{`7)7A^Ed?JUxhDwm^kqSBZs(P_h+z6>ekF3dMK zy~)iK*&w6VN+-?pcw;jY!zCS2W_MxUA885 z@3LjJLc{i$isr^8W{gA~8$eygoYpLO8Cp)H=oSZx?Tee-`+zjGGn+}C%|c<#qneL8@NaCJp=QkdQee zBNHyBC*I+Sy`5@$G*wFJWzsX!mJM*DCLB$SzhecBZHVp`(diCyV0{D?`9{pp{w5W3(v#;C8UA-`diu<49Q5ke+pDtv}z%JR@to;J1Jeq?$Fx{Cg zM0aeE@ts4LXk+%Dditi?R6z)YRvHot$_^{i%4GlCQnDXmjUT@F!PF2dtNkpi43iSI+Adomn9RfkBAB;`$aEaUZ3s=dwu zFjFV%I-wfSpnHW!hjv}`Ntr^;rHO7sELssYuZqiY$!Cboz?gb6kft+sR{HwJHnF9= z(-9ogAt{7{Y8$4>3(+CYsM&m=z;Tv^Vq?F2@Dy9L$zY~ltKwCpRBSJ7$MS7mYr7X& z&QoCyS$XO5=ct7@i%OKHW3}C7IL^|DDYmcDh=~!-a3gNwl^}@NVzqjzREfQ;Zgn;b z8X5zj{{b;5&+SG%vzY~}A=|?c3kE?XACI94myLA~k4`YHT7B~)6*p6ujAho7Qp)x0 zea3@hUjM?LO27W~lq|bXvBGBucVeZVE|zK|9zBaz7K%l2yr_|C@ICM0X10Z&no??P zOWi{EbR-Q#g*-&DTr3ebI6)XngVXXk-9rta*F8wWI7XU&kA*yCHe|y5;WF)5W(LSO zhe0Y82PPRgY}3D0d!mg4_wE@RM~3Yb8lhL=^vgzC4zjg;Xq~sK1_Nk#bl5^@VBa=d zW6Ti5TQus;8YG@a==2;l++1=;oAurWdyB-qi+Vet%^dRKLS!f$C2Xnww z61~mbjp_)sQ!c*VKiC*|^2xU2BjKz&Yg_kH@E8R_6{Rk>N;x1TE%ij$ML7#;Zf>hi;&hHYrc*WHpiUb~Mt#m( z@eN`Jy&Xmfmf)zOyH$rwV4`A3V~((jY8+U@(VnP2;0{3*5A?C)BlcL2TNBtaj(3-| zt1%0G$DCd6Sa*s(Ap}B1l_+}Fq($l^zY#NNy%FQ6ryn;{IBuqL4i1?a@E*-(*oA~| zB}9k#i!`VW8z6NGudwngGd(o*9q=r(wQI!_rntalcO{rCOa)Wpjg;DG#IUcIy;Qm_ zmXMHALQ9JBgo!l!w#BZHq%Z{*D0|Z~RZSCIpNkX?7?Ce(!=j045z*AB)q3sgGW9L= z5hXs}u2edgwf@jaOSOCGe!Zc^XB4ZRT6n^*yR{)$h0)Q!hP1hYne`*wAfE)5D_E*h z*7_n|#>PN)w)|QM)f>D~g#B&r$qiByMCevf(lMeP#*355G|No9r#_cVkpd}wiQX3t zMMz?3!<>;IC6bY4K#4Oqxw4wc)*JVv%&Ga*T^-UMH3VP7*(FC!Xt8?K>^QY<(Kb9y z+m;)?ncFTRGffaQAUDzN=)k7}zcOxCVr5wYy~A*0URIKL}?3Zas~r-fQ$$Cd#SD9tZ4K{6b%> zC(rEP9W^;`rnSq2hsgiM4Bo{T_qFxEp*1S|b!T6X=lQS!q-Q2CnwXxxsCu#d2^Pji z5c);DW}-7)+^=v*X#XkG^1o{a2StYUYla5a4p8#Cvv1CCx%{+Mt9sP`R`tBL$NZ&! z?diGW@VWYrOGWC^p3k2CnbRrn1NaZY4>Np_;YR@<;`E;}e3;=QfXDIgWBB)R{_W2J z{{sL1694{+e|r@0lbrq(;9qn4(|~`&>Awa1J5E0a`1hRt2f)v8`m=!l$mxFq{2ZrG z0RA(l{{`@0IsJLSf8+GO1O5l6PXaD-`U`+docwe4!2jd)w*a5ybkAv^J^cgyPXl}!r%wkwgVRq3Jd@LB z0X~D%X9GTy)8_!5%jstU_Hz0>z-M#%Ie_28>E{AIkJH}^_fpioE`)m;`AE8wVYlDxSrFO0KSUTuLgV#r(X;BI!<58a0A2305@`a6JVaxmoxk^ zz+q000A9iA&461ty%lg9r>|r<3ix_XZwDOX^bWwCoW2V1YEEAR_~V>@1H(5mycY0H zoPIN4fz#Ik7CAi*IKk;jz<|@c8181c2e8EH>j7`zbQy4p(-pufr>7a-2w3Cv3}Btp z4Zyve-Uqm!(+2?G!s(v?{7Ft91iXpUH#0oM@D{+I;`Cv_TRA-o_|u%e4e$u3=Kz0( z)AN8o%jpG%Z)Ny4z@wc0Il!Oi^e+Iuozu4i{vxM;3Gfb1|1#jOaQasPe~r`cVE9gk zzYcgOr+)+RH#z-VfbZh;Zv*}gr{4{D7pH%h;d>aq7w~Eu z@HnSG2KaGK|2g1aaQZI+|BBO}0DP3wp9K6Ar~ex8)13Yrz`y16-vK_x>Az?A4}hQH z^k)J8k<we4!2jd)w*a5ybkEbUX3#%cHvpf; z>C*wv;Plf0&*b!344(mbHm9Encn+t}1$-8#djZem^s@ny& zoc=z*@8|Rn0RAASUjX<*PQM7SkJB#(dbNU8`Wxy#;R~S|S zr#XEiV2#r=fOSqc814n!$Lalm2RQu}z@OmsPXZp~^i6;_bNUeAEu8)-hKCv63OLK@ zp9Z{*(?0br>HBP?+@SU9gb-+70{TqP4$?4w$d>5yG8}N5H{cga!IQ_eT@8R@&8NQF+iv!#@LjnA48{9_RGO06)&@KWF$CfPcy9zhd|az(+a#Nrs;S{A*5s8t`v8{kIJN z4)8Hf|2^P8aQZWVpXKyF0{#=HKL>b%)BgDK_h zmea2Typ+=$059Y8MuwXh<^eC~^p61!b9#i~6@Z&Ly@lachT8zIp8t0aE#MC z0C#fwDu!1xyaw>cIsFE}H*)$~z&COF&42|?Uk6y^^f=%IrzZgePVZv4o8cb75~r^R zyn)kYz$s2w7*+wNIejBwjngxLbxt<`_i}n4;C@aYVE7impWyUQGCT-)6Q^%xc!=RG zfIr3Q!whc)oaOXSGrSG(2&d;5{tUx;z@O#x0^nOY{WgY28U7r@pJ(_B4ByW1cEDfc z^e+M4!RcQH{1s0BD&Vhi`W=ApYKEU7O^zQ@y0jKW<{6kLv5#S$l`cDAgkAEM)zYp?n_W=GWr|$*)5U1}0yr0t# zF#Is!F;0Jk;e&u5<@7@g{|xY9PCvr%Q-FVse>;cg{%vgd@E0!}o;T;tP|!}F)V z^g;;6;ko?D+_B;L{A0s&kDSC0J%BA>pclh|BxsS#W&i%uY^XBuP{>aIvA3pJ-!^e+t7P|_{ zvbcq7coH@Iq`(6C?ybSD-L9coBhEQ|qWAFe6TU_~f-0$-PoCG)d)vKKKhXz-^)|$A zq^BXywxS`;+WMTsC(b;4{BciPmtOdl-WPsjSbkN5H9V)s_b8fva&maJ9RKO9p>vJLsg=X8%0E8y!<6d%K+mhsu0K;H z&uyG}5ApNTIm3tZr&cX}>K^>jWBNn0<9u}aBnq5Vy%6cc$3{bcpK&J&hJJbE&@uc( z{}TlsIdok9rT%<0{O4ogKTp_yis3NG-*i$8&#t+{XQAY?^CE8H0H~ z22+v9^lq+k;@hf+Aol#u6TKgN&aSzmo%Im|*e?cb;Jpae@D1j4P45n~U}3x+$nVGg_}MWn^s zMDJ_Rn0vsNccU?PQDfd^&li%q3;AQJ?C`?YW2pP?d!NMrhUflD{oeb5t?xp0cMUHz z=sWPqy5>H5)Gm&JpMMk0>K~Mo?WINv*p(RmkR&+#&^7jq9~-{qi+2#E<_;b~!w(J5 z-M(KmXJHy()7-Hmvt=Zr-I&iG>HWYV8oa}gue$YE{mh3&HX`^Dv>j-U9wV&cPsVuk zIRDc7f!hh^k)y=cGK zMNTyIS)wfewDdVy`|Z?M4B4H-3-~wpx2nh^XNc-lja=$T{?|o5s>|dhOdtt$3H0c* zni#5|CDIu}6d~hFM8<_9G&sZav(ykWTw**lKQQKJ2+X~={-MdK+9}821zbM-YqY|~ zBl$bYaR#gyrTkqeBnLcyH@NGasxW%^PW%mq4HK9MB>D2lp8^Zo$-08ga~2-a&!y9Q zKLDc5ZzXm;N3!cBORGsz(V}G)T{_eJXxb9x;aeUemJP`|#l`pUiF50`7{=Go#`UI) zQ5%L>HJW@Ln5AMj9i*D zBWzZARomu1qJ9yjNdp13A8B0f zF}(0R@zbhDU;E?`Q<;Zq?!jR(az>b2 z1G)G)A`X6dK=ewHPz_W|D1NPD6ie62CN^O%aFCcmqJN=D6p`>Ywx!~5l)KjRFT?XJ zGMQjUNouNZniRK7p8cs4_{dCsl9{^q1MeXIr3J;Bp}n_$99b8S;Xh_h9#d1to~UL% znTcwObnk1+jgb>3CN;2NpNDl1i@8)Jc}0`r8yW!VmLUQE_U|*pp70EG!JCir$@dnzEgj~j#Ho|^DL%&Xk|K* z|JKqziQz1jO>EZU*+ylyXQ*r*Y%i19&PKK+tgS?oXHxpvGL2-<(is@9o}*aZz9psl z+437Nu+VdrHbY~5o)GyT(;B+q5E_1+3rVq&7+(KiJr7j$H>pF|*nl?<9elE{{v7=G z8TE7U-*f9v$A8am{GgR_cwv-wZr~_U@zR~xzS+Awd}y4Q+xb~pL}_HIn&Fo{IG_J4 zR)_Tu9z0X7+-3YQm;dH`{+kPL|6-TPh};m9uz;xmI~6?ZB;YK5MlW6$yKD1%TiLv9?5^@;ry3- z4juf;%NsN<)>QiP((~~1#f{#`&ls#P^I(aVE#8MNP#(Q*_ul$0{PalvtN5>E<9VTp z4$mH|UnsEg-?S%?0%G#NpM282uD@2a?ZvW~;s#ahmEK}!qI%3Ou3nUz-}+VTKtkP* zFcfV;hQU?GG0G5*JMW3B?fAsY6YVU1loTBr2K=nGUi^t)F@iLTugc$37t=~`)*QBN z#EPFgbntWMHeRW7oJT3K`)-_pz4i&>!Q&6m%u&@XJ*W49ouqCbHx(_tL#+~`0cw?g zOqDr`>@Ks#aqM)5L)zcrFYZCN??SilM7Qsl+xqr+&+pRX+j!CNf`}cv_XZMREFczM zL&GhX3epMZciw^Z5cq^5{>$Hj#wQfj{5^*czI|0=8ya^PrsoOj2U z;!F6y0qyBtK2v?FxgXkAc08));rv;Ue|8-J9Rp(kG1*eHkW+pEiA z>t!GD!Nd6{ZK*0-twy&_R`3Y#U)vy~f&OvnL2&3x!2S0gr9_D5$(nMCC_8umSa6c(@3$&H>&V6)|Lf+7k>ztI3 z9ew8fEPXzF>Y1@tj-zdd6gIKNb(sPrcDZ4rVWH46s|_KOoQ-giVr#kGx{|rrCU$Q2 ze5>{Iw~N2#Xp2ZjG(D^lL`P%9V=6C>Up@Z@u;4O}^fLHy|=q2BN|r(X!?;vaz256^xts#ztQ(Rc+qNq@`6zK{(Q zk)9k8S(g4ncBOar6W@IDNx_jzMOqu|QSuMF;K%ldT~Ae>yw*gC?XN#VljMW=k5Yq# zejy9m`)kdlOK(oj8KT}&E;+N|eXA~(Gx0XusR!EZ@ujYG%R?mb+%{!lje``VDHxZ6 zhaM1nJ;gyTYYnE9 zcSGWw&)-S%oMwVX)}Wc-=(sFFGXZ79WClDvJeiNo&Y%?`Y|l7!KmFEI55UehBBhD3 zaJ%@^ImSmhC5vnYBVVm!2(JcY5z^2|BhIs$okoM`lfZ`_krQz78X|?8$l> zS)NhF!goj(Cd|rjzD{kV;*9%f*vz=F6Uwph3SF9t4A6jQ=`m`O~k6zq?ebG_ui;hHlGM|S6f9Y9Jhwn!F z?xqdgE1}OE$-n2&!T0pkX)Aa4Dv>;QSlSHXTv@errut)!wn_MR?_d6f{NL~s|1v!H z=1{P)X`uZwV$&6NO5VJ*-^^AQ-*)e-oZ5#U+8>z_>%I%-^(|lAL#prG{dfHz3Fr6U zDZuS_07T~auHG*l`*QEIXYZjL3$w>WMixW!v!dMm=y{OZGC6$~RB@4MVfKWbH&S$A zL3~}9y$&+_-m_>*n~6HSa64B=Uu`a*KX3T(7tSA^e~y?mvKh2v`3xb5RH2&WXzZWq6Xw;RBFsra}c^T-)#wRZk?(f5V-i){0=MANuiMj}xXoGUbcii*vj zf`t6%((v%SA_)DyYq+=apc3?Gv&cI?OM_?ADohSuAq2fm+0Yn8R?6O6KMSfZehUB5 zlPo;`Mw2rc1PxTf&EhHP>-gR7x2;Ep2=F3o!e;$o$@; zR=mhez><5+P;MtyuGk6_TCy*Lm_CL=ciMv@RwQP+x#(t2t>P%5_|jAv8J&8_|E)_{ zT{lG?%RCwMv|Ycob)M!CulFwl`#lPC`f1Ym8(N4|9xU{%7swS=8sF~$j=O11>Akf< z5-7Tklj87_-dnH1H>9rZon5PPp-kh=SR5$I;C+TbJKrb9B{F5_cVd@D$|NZOf3I@K z^hkqfkxskDTJv6^Eu3ofzHKKyA3k;M!Ctu0>gx}my10JD;s*NdQ^Z*8N&tYSK$_8&RKl6`qeg~Fa9r~ zqc#W!lgj&V>Q~{>QonwJeqA_7D$qS(<-6fKz)0rr7%|aHlHbo3D(d2UkbhndhuqbC z=x<1*(nN`>DtaC*O?7QVmtFve!F#A~v&UMz3DV%Gm}Zgb)O+h&(fq|*@gFT~%mlJ$ zmEk=jO&mq6Ip_G=453f=*bmusm-12!&uu-rWiB7r$`OerWD_|c8h3&OclpNb=a@_8 zdtUP-{Hwh`{S(#?SX6s&yI%ePOkf<$DxUhM&bYZq%rHEEKIY$jYKCFB?{m*b-rT|E zku)DQqQxhO`$Pp`!eRJ>(3!cjX@_wwcInO!4Hd4bV`8?0fA3461x$|@0@soGo{yY3 z`=veK?Cl|q{Jxjcagb*`x^R>Zg3$N5^Ogd^>h5%U=?oWZ)~A+sHDMu5w${1M zRirbnBW4Km$kS{dx!2;6dpqF~jcD;j%&d=qSIFN=j#$K^-}kiMw+SPNi%X8=Kcq(d z^f~feVsH-~{LsZW_2IwkZzez5k@@o=_dm4i(S^}RWroFf12Mi|CvxqI=K5XEb&Je( z=}j*{-pg-(ei+xsWUeJFVrt&#u3+9|LzAUv9nRmkYViqZLn(R5v?)=(*%HiEB#DYFeksC+$%O_aUy9}e&o%Q z^b^8N2rI>I2H@l87%rihx9vPtLrBBkb6p%C` zzg%RuBCO$v6yca!y8vm=+$+=e&_)y}nI%M}D$Q+K7$sE&s6(-C_~{rJq4OG5k1t(^ z5SHFsf0npU{WiKzH0UX%LU^1OpN?g*i7KV3X)kbx6p5FnTP}Wi%Q=k|!{t&_!>?Ek zQcxz3V%k`9RZ4nLU(A799-`@DSvHicwoYczw0ro{(=cKLpT_WXhG#H5Gjf8f-=1~y z1Q+JAnsSKvn#+F?4V%j&*bFJeoWV4XurssB#?~Z~f#;)vCn4ZZP_Ha}C++1^d^_V# z;xbd?NgV7rhM(wvB148}snC>#qvuF96D@-payI-ObC;b(6+L|De0=FK$7bx78yU&R zsCF&8<`77h2U1jAGo9EWlA`WDK~{O1f|-*CO1L#R$_p7=Ke2PJz?{j6o%7`6IE2}G z7i7d!a$=|XKGqDDnLbU#sH=!nd~~?JW9GR|`G73sPM_x^h4PO>&&3$5fAA;UJ@%uJ z304+*puorH6`jXnVuyg3vEcd@Wrthft;`Pro!fgG-HFwTY17#$KI21oSP9KX#WQGS zhBMHGU5Odq+APDA$k5RtpqDEYLiXqtMp9q>ITy9s4~spfTmTp8Qbqb9?BG|uR%>`7 zigy8pQr+)V(ogX~Ypp1Dj^c$1#aDW760y#^dawS7-PQJ5^a&w<1SKIdp9SQQghhoz z?f*tiz>AEWZJUxX`{y;$x_X|f%8fTGK>G7kjB1{xg`$F#7QWL}mw||j>+qi@5>k`H zX&n6S`+7{x8C!#Qbu+R|5E;cC2Jur}q;<(9ekWNPPT6}!*a+xUSMM^N>N?naTNPre z6@d(U5ud`kj0Btb6N#S1)%s65xwQDh`cDeFT6~`V({&1qZgmAJI_z?uq{<5=W>@Bq z%gks-ubBTvv&U(x#rNs2>d00|YA*gPR~0(eiD94vIY3E;7WZfz>QEROMyJe>4-04h z#?I=ubGw@}0}HHK};z$*$+Ng_^U<4iffCcA>1XK|3_ac zYOGYkoTJV;oLD)fhLK=;eA}K*(_*Tzr$)1|C zRiDL7RkJAhyw>7za$b`QxY>EF&v|gJoYxZ4$JqSq%X?mH?(rje@?T&&>O)(H4t~C; zPEnEc<8g>KI0R1BNd$_!e?|}oO*j3>4EiLJu%<84z33~4zIaSEZ6v9b{5NEMFyWjV zj(dGuANslnBaLgGw7gN?jBcL%%CwFP)akMdLZ{0%>>%4Cscne-JShU^-hTqXw&=<` zh7KtmdKiINA}$ zqo2h3BF>k&5gZY@#Q8Fvy?2%_w^O*}`7+&wsJ4f{`Fz>eh2)0OJ**xoJZIoYqVU!% zgj%BG$wf>Vu zUf26e$IynMHrhbTKQp-=w&#dpqjR2u?mEL98FfHW9cyJ zY?u3scs1nAQ*_9Y&I=8!uADwJT8L{uY)-(&)ctTozdEOI7j*qQad6^}mD7jeV~H!L z5A7Xe6Rul1eRyK!^r6}^S(dfD>nLFpUUC(&w@*}D-O02c)(S|jmD7io=SN!VS56Xdrv=G$xpG?2UMtTRC-Nv%N^{KfXsb0W zexftYbT;p-aLfY#sERDDRf~7@gFf^qu*Gbrk+;a;XgCkeIi-%siWqEa!YOKks!jaO zjg7pfAxn#5To=+0^ig-XfOWQ=;$-B*V8^3g4SAj)=X=8rWyWzN{~4)y;GF+_{_}@V z;1-cN5rjs!0QgJMa|+2h{;_F}e`=cJb4_!cXp*CqzWj3&97pp1(lp1vez+fA3?}7A z@!-N|u#^8Rg;soyf5h2;%UD?dktK0O*vQ;N4^T;!Z_C^XHM~kA?2q_h<(q4F#m5;N zT`ed-Y|=YFECgy~{H2`%MV#?8C}Cl+(<|6u$fP@gR_OK}!6D%@=e@U{g&3p7Z(+tM zF>fgw_O{M+&N!7 ziiQ@~k)_MbT-6Bd>3z2*YZz0^rhLmo#1Z!0lUlP=kMYvDiF-_DPQfaDWc33oFR`h{datvl6{9pbs_sEl<5|1CuuA^+0+O)vGsIK5*`3KM2GJp2) z{QcB(T;3+=Fn_zmFYb1ix9Dzo@{@D)l6n{ccSyBR^;n{hYE;)Oymij>UfqK89yjBI^dc4T z{Z92=umfES0L!W}mx-g4vZ)KRHxWWjvD?L;uA>g-Ou_K{JGd357OO?1Z-!LYH!oeS z32m_0)U?}R{ciOlf}h)~$ju?q=%kuh!cHl**~d+^zxow-KN3YE|D)6WB<$&b8~XMZ z%caS_E5@$e);C$5XiNo_df!xIrrtLm^aZ8*o}kuOtn?LYwc>%ksz_JIuMZ~bRIm|T zB+>Nb_fG`DWH8w`Q!h^3u%$Frs`r&DeYK!Cc@^cm@MSXR*nvvDxW6x`)vC2iB#Kw` zF+##FstNW_qk>>kA?G@hK&=t<6w5O~PorE;%D3{ZyA;@4C1#qbRxY_@JH|e!U2;ir za&lvJiumfn@P{qciDJD}t-K;qAo@F(9xWFq0z&gLbm8JX)v4g(Vr8<13NJ2~#;-@6 z6VuZdGkj(LMF%c=%f&Ob3Hn%|U&W^aab!@t2w8h3s^v2HjM2{&ddkI_y5QDA--}<< z*H4t%TAGc&U}_wHRfK5%%`huB>;&jkA z6WrJcDiZ-UZKhsBzj`h!P9}U6O{jY?^vI*INyAVqc;>j8c*$?o>Z+%#fE(1L^)Zg8(xZwM+>emvNXuH$ErVxn4^ z?Auc;@9L}W0?ph=1%1>fFBLE8+f{AU`X)=eOLfy=L4Tre3+49&`@xnIr784ZpwZpF zsAo&567;=v@)dm>tL4U21<9V5_w}6J)7RHC76g4gs2p_%^q6u)0jKVz(UlAgtscx2CVEVRZ8^(J;iNp6k5spT}J^+-e1|Mc}2eUEh^m; zKE(z94Z(qOP}yDI)A!of^bNdub$`#M#&o%abtLG+w@dmiSVjs*)(_|( zov3fGR_pS^rdoA+I+)xB1x2i6d#YtDL^JZ^w*SZ8m%!^(t^e<}-*=yBAF~_@A=N=R z8A2k`sbeZ7rBOl|3Pq(sC57Xplm;4vT&WZdSDHkbnxx^DW@#dBsqQU`{J+ohthM&q z@B1Frz1`pR=VPC}_xgUHXFcm#<6h5x-xupH(7O-1Oegfl5O)5c6D}Tsz6(`mP34`7 zUf%Uw?%m!+gJ>NF2RLF_I1TB4{xRo|=s$XtS4^v{dgop=;sRcXVKT0F;3$aE3@A%5 zZ$SUyG-nJzB3w9X^uWUpA4s!AJxo~Vfi-$C7JnD?AJcEtkjt@%^Umo%YRG_oGI<<+ zc)y=?-l-mO+#hPD7X`+R-M$-7LYG!v;$d<9G*L=^x_CRj zh83y!a*tRk^vCYmoXWI9x2R*Yv6OOMN_LrqRLlQuZ5}?_t-=luCjOrACM59$h1-fX zaV`v=Qr??Nr_{#zkl=act=B1eJ?fMxZ?3*8cthQSqCb`lW(3|V$>6%cdn^#qjwb{= zv%E8dud=*r)q5a)ktnz`+nYgo%}*9A$@V^^%Pq-*ce1@lf}k|VdpQXHk?qaR8V@$i z$?H1YF{RQluve=3*ZJN(zGTt4Bv_y8o${Q&EZ2KG5xkw_{g4Qr&++CY=O`rIkrn)! z<2{}gY|imYvje2Ok{vvh>wTRa+@9-wmn%y4Ylm~m%l>VF_fsO+mGq`1gH1`YNPJR+ z^Rb8Ct-QbLGPihBtwsGlk_c`LypI!rze@xQ0&f--=ka9la^Ss9mtR3o;N2heD@RZJ zOM<78-hC?gI`E!VwcZT8Tm4{8;63UGlLPM!KlncB{on`hC%xAb0nkl};OW5oTXHcn zhj%I+bltzX18WWbjg!H!q<2crKs{*%~|| zN)GAlym%3Gx^2`8vvzVepq+hbo+!7qWgL6LudR^;EQe(+Y(d()@%t$uKS z;9Z*tZV9NYNcl1md>MGxB!f2s@AhQyY(SMMev}ruMtPrV<%Msk>rk4T6Tyru@4-ZH z9m<;QfJPYvuV#6#1i_P8-eXx(ilOHO|H$=*2cP76v$;`Tmn^s?&s#$EwK`d_D9`(a zE++>CYxBIN)C67&3by8X<0$v3Sp}0rZyjBJl2tH2^j2o$^6l(`RiQUMC)g2sPviuj zhu)33rFhJyDoSs%!@32ZRP;{$$X{L2dn3_lO}_V8GQc&O+xC297JQZuV}tn>yro&e zvh8gBL4!pJoT^D|pxCJfx6RmKR)G(R(m2_`tQFc9xn*>lu4n^uN-gb502Q zdKXH4RcId!^STEode`a3UAff;42E+P!E*`kU8)XL>XqGsFKJ|bBg>nPuAA*Wgsz+I zeW`+1v%MWEcrx32!Vh+5d#nB6>ul;*kL7r`C4zf$ymg7-iyZH>M6fQ$o0$xz=X#GO zgYmiE)@1NXuD3fGEY9_w4uW5EsVQ#G^(JKnkLG!IWd(QVdAqaLNwePP2-tD?{+kot z4SuP5JK^0-jRS_AehAJ-7QB>15A(cns^F`nw}=YzqAIvP@V=+Z>-~cJ0%c{RW%c@_Q zWz~O{Wz~<%w(9TA_MRo^VuRBJJo zVViSKqoBy^3J(75zN?Pfr!yWcr>Wp2rG8MscI8c`Y~UJ$_r~pf6}+QVnIBB`y*UoP zTUm8~f-W*K(nkfotG=pHN(K5v1>gE=Q6l(j!dp#V5(CLbaY)WFK~HZG0KWg1tKdn_t6`{j4rm0KJP_a>4emfJ_=w+M>W;NSx9>Zla#yOJY4 zZ;1+4D|NFU-0pkxqbyOTKTD7C*YDD2){@^>s>}t5)}HAp_H77Wic0Vxwla3tqvMz1 z72W@4PTD)U<*uG%-(Jrv_h1%k)0BWyoL|b~`wXR{H$V#M&E(Q;_!Q!L^A(Raijew> za;3$6KA*&|l;Ed4_$N#e?YFO%{Epx5C`2&DeI6Kz%$MLJM2nC;UR>-s3qQd)-3^q< z&wec_nKA|sEBK+)#hr30E#8K>#4J3!%tsP_u?e=X;t0Z|;@3;YkDcy~K8(0*VaA`? zo*s)`(OWE1@pw1(b*Rqpi(iq=zrT($`1=pF$p1Qd)2U!yJri0%h2Z-q`5U@7#a{q0 zt)rBF@Nc{8O58@jGWAdbGwTRCq^H;f% zu>Fl%7-)4(#ZCGz{ES~gKi=y&pfWq4{1KxQ@Ysv&@~b`TV9*-Z7xJs}ZW0+lO)K`x zTzmG{o>6x!BX8D(X`9fQHqfuWBeM;W8|};9Q&T<*U`GI!!x(^0h_bLebeU>c4t3}z z_@!ceVWWO+ybR>Bp2&l7*9GQ+T9aXorB6EX_`lcDr&D(Efy^5d< zyB(c6VfUm{NxK(DA1VnY8bJGwOxN5Z3>=;Ky0ll(mTI~aY79&F)U^f4?p2xU8NETn~}@c)7((k%Ux0R2Gp)b1Ms^{Z0Vl9+R&+ha!hJhg{jR+4F& z-~r{#CFsnHOz-67xA`0wy_ADh$P}FUh5ep5$Loz|ahbPiIEekMErx=Ul-0S6*^ZUS z*^Uc*?R;L)9VdQk?UxCc=?&_g;V;VVx3nASvJx58>HRrpz>F#Sy`x>s$})c3!3^N( zUu|E$J+PVTiKM&?qnfvKh@NCzZSIp1@$8u6@e*YD#sKf=#m4F)GxMacCDua*Gf(8p zQmoRZU`anEzP6&J)^9xVm{pZi_bIcYwUoLv^x=m9Uch&y$843hWSO+^vc@^UN9r`VLaT=J3CO=ek~=HZNs z->JxOPs=J@{ccTX@a}K5^>T4>PiHa$Yu*yO!YL~$=RX^}H-U_e`kw`v!mvY^a1-*PI?wlS)m!7u#V<7?+5gDLwyc5MTfYAWsV zP&=rJGyI7s53k}3JVNSe_% zS}A3fs5NeljN3YiUHY8-bnahA;*}S71fY&M{y9qZDqXjgsPx`=*=>}94-<%#<5B$+ zyrw4b*-ZLXhztcMf&6r=ScY1HnWs>xMtePa7GRnBmq^MWoQ=dE_NUt=XJuuZH zmJoqEyw=eb{Xf>{_f%8RpP{3VTR|?1Kdbjbr$C*^Eav);cg<->lve*yLFwD1Q<6%l znL>v{N}u?M65nsZi1hn*LCFB^8_wDIDbpsqU1$7RGkykzXtb53mD)vWY+k@{YxYpN zpQA%_hu9!;n{Z2QA04}Ij`W-58_@KtQ|BkJve{s@T5V5@kC7IS#wXTb9Q0?c6}X@B zvU%^i5Y;1f&sDmesy1a^I1<%AfA6|PTK1p1E~y94!sCBn0?*Jx_RiqWbCG#++&hEg z8DQ@W{)c98(-(QAM}s1|rWqS$Z71{GHmnCVoN?^@A3MXEt-1KZ29dcOvmSAu*D*(* zZASj|b<`{@ny?Ot9L$R*OcPEDt#fEg2pdz_p*j~!#QBg~=5SUOKd*q#GWnO3V!=%! z2pmlrOV5t;?swd8ry|dh?{z1BO<$hzo zkJclFb``{hDmR+U<<;xEN{gwXY{KgyW~zq!ZGJSkfwzw z-N)C=<%wp)@ng4nqYETsda}ghY*gK@eN;DX;jT5b=yw~c>|7w(xP%^Uo!eD#0W~os zy-`w%=N!XBdyNs{)+un-6xv|5&bn^d#RuV?fHj~Z*@)7U0~)y9Y{jE1-M0)H-k1wqyrDEk-4I0k53q;MM|#7T^Gt}q3{@# zR(9*rNI9(NsW#I(-$66Ap~}?qZOJii;K$f2%Y!2x>+xxOx9)#K|DU;EonhtmAA2^@ zo=+)hQG5WR&Q9GJNBiRSqw4S#Kgexz>m9!~oU`S--REd)iK z5FG-y(nzLK?tg4=nC*2wrn9$uFSr zBk&R|4QQ!=932LB7)ogy2&j;0kEjXMzp<%g`Gy34%LI=(n6#>|L_Xw%^^%M+n%{Sz zAqi^S2~S?;k^?6W+H z6;Vw)Tdo7QoJmufQ(KgY_<(oB(u}rMz677F;wtBA5G`q2bW%kUhIQu7SPOM- zqIQpRAg!;QZEe`E#-l<}V9IHu7{csKhGLme0o0D)ltb}^BcO9zRI}t<@Jc9)?T%+9 zxf8Z%xnBXo4mf_5IbAjyblma&H)h$M$dlF?I?#f_?*vpD;w+_|D|6QL7C6oO<6o#5 zcOis$Po6Al>*UzEkF@bZIAFcg#@Cp#b}e0rr4yR|$I;+}Z`SQm`c040uef1vsY8w= zUg^gstw$*;LU#j-TX#OA^O?U9H8%VVbB0-4O&Li~AXGopRLTD(a>h=*-o{VpP5*YQ zE`cW`t|HS#)coCf$E-@C!lgfXMHbO41;_rUc34r)bUV^k)27)*)VODhtbus=NnJ6} z@LSfa6WoR~+G!&lBFW+qNht+RFoLx&-gZeXzG^}(ms&eUZFibn&q-6b1E8wy(1PT& zwFS~PMLvWJN5aDSXl%16dYWb-he^@k-0bFKDqrL#apW|XG&NJ!&aOYzU7>B|R7#%V zal+Ubxq%D2&P?d^v^J)yjNk2wH;m2Z4-DgT!!+~bfq}XYOmT$!3Lo0VY zL%Exs{7MUH*uxS;m&Psz$R0LJULi3J$h3Vx+r=3;!5JxUnIaLmTOHg5Nh6Zw1P|Ca zE2lX1t;aNYDH?LiYrBMLs?Ol0hUU{PO;C_uCY9+}yzcqUJ1k9|&+cK~S+c5lAw9h;qWDU0zCa=# zt)|PhUheSnbE>l|J*jx%HDecgyfwYZJR|WNYxWM>7j2n~B>=r0v&>nku^{aqz+R&t zn+LLXc8OTY)<-hr@iJoOSMIlr73F4G#&$!8(MyY4*zJD8?)PXt82fc=ctywibv>7r zlRbT;4||ri4=eln`#g z3%2-R?|gT-;8(oHF7qz#hJu5s{m`y>$>_E^)&Mz4#q%<1hdjI9shu9B8=ZQFvtkby zlZxL>Zy56(aar~u>nSDpNHMWtXxYUZj3u%!Rfu&tH9J_?tB_ZTaU%e&FUPmN_{VV~ z@216!oJ|e>9wtw=PB)oiOGIruMbw<57nw zP?%ea%8>=gomPYHvrSr(vsq#vn7EPs2D6^crj%l0Ixfc9*{9_+zYvU##i$rG;6o3;QXOFw){#$Z8?KurqG}rhhLGt&xmGW{7H%HOY5PXTc=G7aOcXg+lbe%Far`)1P$fV1=uX^|% zg@8u!wk=62ZG7%4G;?3-*fyp3D-18_-0orxGN-`r3W=Qv^0uPKn!^Dyi zO-o2ejqjVLjk_=#11-k_H_>+rvFtfiR?^$-Zp7y=Be#b>OQKWw6=zFxIK(~U6Ym&Xg4(L&`Js`kzO@% zjr+=+l;NFrGjc#KdZ*pmr8k+Qrj~9gax(QtuKYjz37rh#&?4$}ZjYly+Y)?uh5lWw zn|jp1DQq+a%i$^HG^am$@Eb*gVxQA?MzgePpxW+h=FQS|lZqFhewScNrbN!23QcT- zKGS1f{=kzJbwJ(;NB<@PL@{V^P;ZvBTUTkqgBX=0o!X1QP0&H{PREpdeu?9nu?xJ> z__+@}p5rYK9pAx+enjaSEmeph|C&*S`mThYyez_BpJTi5=3IQ{3K#|?`<4il(Y!#} z$3>$h)aEy>rF}&;e-57FT+VAFUWrv;nWJND;+?a*9YMZHgB& zZe6@!QUH3=JP`)=#5p$}{UdA83bdoSubPrj+L~BN;0%fEQ}7I3w%c|{!%r_e#i8ce zH@>fL=Ume-QzN`i8%rO8HW?|$aAy)VqdP3c)4%&{&&xF=>tVgoi}dldcE!so-I4aO zJDE19zK;!Tw%PL(#XhFwE1K$P`d zU$XpDxT|)aHKr8(0fJlB$h@IVTwT0D>)OB}k3%>!ac75j1KFZYDHe_+)zhd=bpB1QO6w=6uQm%7H zM|#%UyB^_X09@qs&i{s$t!WyWwr|sC`QO;XDcU;^(%`dq9>l_9?>uNGzPpl+TWc?1j>1de(R7<}ac*ZjJy>ScNv|gV-Y?=Y19JM{>&y=PAh%tX zjhpPE#-wrp!O&aL^H@&nQJZJRyfQp})`SpN z+geBT=@G0_WABuvJ=?GyY5N;BsoG%PhPYbV7>xW7{i?HhRfykWLgtYx&Lw(V*8 z>Ib{I>a259W@>sTX4~lfAOx3~(&;lkmr!rZ2XWbQ{Tin^#-+`*%Qx-s>}FegTnn7* zOnMzSw&a&w{}q&~ZT#5nUh3CBQE|DR+;ty474tK%X;G-NlxMNu>|<%BqMT9f>Q+?V zZuFja-}bIo?c0^>O`FazV5hWX8YT9$+mqgpZOcvRgQ+#??rZI7G|V8EHu!N?nO|>q z+fRHoZhLly9HKUt_QV{G(~!$-Nm}1_n9;_#6B#sZQ^r2?(Ni<(+*7`=sAcV$$rp_U1Y?7qySm?J?Y%L*n+E`dAGp1=@&UeOad44L@ary`EqOzkd z-DpXy^ZxJX>vky2*jWFp)?x;LKTBU!1L@h|BDx*$pWsAIG>uHRGJt+xPyO~biCdCS*IQjjy<%Yr2=AI_2^m+N;SPwXzAU5L~ zYs$m5NA;>N(~#guI-bd(_jjYn)A6WN(+DG^AejvM-RqG(jmuF#ME<|ATKcVinaJFJ z%e5U1agPr`ol+lw?30b2!D+HY%jL-AHhLG$4ORW-*Uw=$zx=PC!zX{7ub)E`EyAqz zpO4Sc@Y)wSEy4V_sB~{M4zI`JgNGcm*c*-0VShW}?{NSy6E;6PnK-ihYoL0>i$)-M z3zr59cd5GGbZUO1*4>ARtz7xdTKjQdTEM2f^g4b;J$|{>*!5qVTij=9vl0I|gt5$W zd2sR20z2_I!vR(dH+se2=|Aw>5L{WvHma1EF{P`b5R2KLFrUsd`x5$%AiNn=505$? z&V~BSKi-ae{MsYZ^-{xmXhc@2GsS<;h##Ai>^l&9+ivES)ZVs>j~>OlN!ltp!zwNI z4ZY6(P3CcF1Ky!<`W`={OD=z8Sft&Q_$c^0?dF<~Jx@n{B)!*eb2@j#ll7e)M)Qjz{vMPg+jM@LWBLymJ>sIvioH{-_+FAt%i*sP(l;55eM*fQJ(re@GZl-7J`jnJ^H+~Y`^Tyzq zgv0k*Do+tdl{AMo;oQrdyOFve&I!Txsv*tGzb}uZypi;W{;k5n+Wf*=AbH%D^3N#R zeM1A#jNJ_pcXg4qoseVD*h;BkO%HZYe& zt&A+~B*b|jJQF98tT07o*GT2tV1Ay?)~21HRicJ=fs}(@&!&ko-t)>oO*oB!sc-f} z)sRWzW+4m^Lbq}W=L=z&C9u6*2cqF>A>3dId_{kBi#_Y;Nz`J6Jzm&PTQ*_olgAj6qSozrR)wz0a76OeVjflk7(;wY}W(wXBSXUg4DLQ;=|@sweCy%}4gvDcCQzQJTf72#!? zunpiZmcSMZ;WbUDg4=^|L`9Oq^XM$p4>k1&+@6qu%6<~+R!uz*x8us8x@P{W`FDW3 z!18VDbEy@4?&<0U(B6zw9b0Q_)+R7^Sr*p>HAYuqp{7=Y-nux%1Kp@nA&8-(izc)J zc(f%{Yl8OSFZt+5T#UbsJgLxc>XyQ&Qqz@g^;UE-S61z!A`z4^?^Vp_- zAPlu6a+S8}a3OK0zYc`ShNSVM1m|u(7ubV@^9WirX!t-cznde!0@%w|Uhoqg`OkrU zZRKTjKc^@>1ob8spDtwLs4BUhSAc`dt_PR?tt&_5fkGyZ>WDu_6PYa&WfwTg&H^@& zaGr?;zr>Nh3fOfi@>dJaC7%gwZVEop!IuJCk%CWk^nVQO^AvoBgZ~OFnHRTzj>ggK zRb5~WQ}Fo?-VxZ*Dfq(;DR-T>Y=1nUc)e+dygtKyK zS*N!-p5`s7>>5HQjv9tPml(24rXq1#i!PDG!6HFKbr1f`Ckg8!uc-fMFaHQf>vG_) z5{FC>t;{*W(enlHZE-zfUVn#_mycyC4!5nI?_|^%SP|h)Tffwi?*^<_iu|>X{7_&c zQ{<-#&O^myV7D20#WRx_Im00>1mS5*a)z%t4(V+WKCvWc_*&?Yc7Tw?x=wuSj7%#X zQe6-lS(0PZI}WJ}2z_HDXSpCn*yzwN0`*!;w^N&LUEey)yTQ6Y#?&M)h(_4uAiQBo zc4E`aJcqdjtRF3tODx@?SV$_rB8EO3;u6PiCplUU1>p!wa$GXdA)O3De@k-ahASM> z6(CHtB%UDc3Q3z^=FlGm^=V5__1j$z^KGy`i7~ah1rBKk2)UI^VN?CK#$g@+Rx`_V zTFS3N;yJ7YgflIP2k%s!J+ipgn0_g!6XSG8@p;1JZZR9IM=g_eI!?dJVZH*^7wOEj z#(0|}vm5;C_?C=lgmKoU(st)N^k$%TOs8x2E_0ZD!MY&MO!dc`LT7(W1oaL}rz`hS z?EJdqP+#n+lpQtxr68`gVw?f}(e^YDCTFk-tRF0sGSH;f4yi&Ftlx2nH`oehN;fGH zrfLaBJHygi`a4GT1~%B>k@wvp?NWz+EvU20p-0j>pQ(=EGZ6Y)2Eo*>@qi=qE%?c* zri9jE^6V%6UGC89g4#9%J+&&|a%4^f|2!*Wo#+<-D~CP~)Vng!Q%kYSk@+k5FP9^u z9aS|aY9*h8`fCPyYAL!qGBvS@(*j3IQ;?@&ev%Y#o$Sc;0RP+!GF%k;V;YMia}D@+ zW{}}VOMkS?`HsvJ;IGXf!=n!U(K6TP@cM#>kxk(5vND#bc+`;{gx8}iYTzlj2!}H) zL~Vs91`&BH66p&1fD9s0J&MS?k;s*x-(W=|qIh!%Wn`mL(2x zZffo`9A;CnjDt(S4s!!o+blEH*b5wHUQO(6;>g?#raH`4V0E?3jK_&(ADOf*RW=3PTIrPf=V(SA(=4RlBQ8PFktZtT> zYHU?u9*x0R4FqenWkv&+jB^JHleQYwjbP2NOe&W4(zOohaS+y6l2zwUuy;H3ji4%w zy;7n$o!gh&$R2S7_k++uR**cWjalW8I)Tu~k|OO6{ZofN0@TuS=we5Gc+9J?mi;^r z%x7?5ztZz))R*~)$AA7)av%U#Vm;V@HxgunNN~0DpGYGA2W)PcRah@?Z(s*v(d)$q3M|HX<1cqIZoo`yMbKHtY-;=o#-qpLMHOLH%?OblFhk z@=+`8LZzMp$MFRR=91J*Z%6%lUSVzRigKvWFl$fByfG9HJPf*W_rE%9jU03Lzb3qd z&lAFtwduYzyot{@gb(t0O1O;AH-_)<`KE9ypKlHe>Jb0duoa(g54-buMtB~d?+nND z`L1v=pYI9Z<@2m?2cPc?E7T?Vzl8hod0yCz&-aJN^Lc(ag3k|xH}UzQa2}r*gs<^= zTaCxq?tj+kwS&s@V~x$6zP(1UKk403<8(g%Tw^~z|5BqppLf={1n1NHpEJskcD=t3hM z7Z9=Wr-VMAZwmK0 zfbOS;hw%C4uq&T$35W7|S~!8vw}x~0d|SAb&$ovk@cE8#C!eQ>)euw7tv@5I&*wYC z5NY|7`kVOKuS3rF(#f$%myF9@IE z^CRH~J}(M)^7*l__CX~7c-Vo@PlSE>{MT?4pBINW^7+Z|0X{DYSMd3%@Rox~?&)wo zpPvcW@cG$r6Q7?8a|#Jx8n)u|^WpJ)ULIb^=NH2%d|nYg%;%NiT0XA|zvc7luu>zE zUlSh0=a<4``TTM?n9r|-rF?!he2~wtg)i`VZTPW1@8a|8VeQ7G=k>5XpVx(_>GNfL zej}W&&rkCC&F~$4{u$>c^+Q#oE;c=z)X!Hn4(E#ss>bPjv7f3)Woc5suBu4RZc@L# zsz_dLf~u@Y?rl=PP*oK1MyjHSH&zu%oZl2s>h!$X^*nDpS|D2DS=gPy>CSqXx2^>T zPpwzr`dLBG!3d9sW+Yt42@P6RnAt$Te~{DQ_;4z2@T`MC{|ObgP}J`Zq4lQ6e(#5R zcpSvxPl95_czsH5&<9(Bo>vt&HE}R3lS_k>894;0Ei8h85;C;$=Xs>08<1Xv-bnUh z(gk`pPh)Bjl7|sQIcn$}fv!PvnSs=;5k5%pS->8$_;VT}@VS`OzSoXaCl4!I16IED2{5ynYAg}_=GTq00{Unh78u-*n&l&$w14j3|( zozC0k7l1H|NbI7eg3n+DkCCCJ7W0xT>S4fb(6#bBq~W4nElPM^L@4Y8{Xi6@dRXP- zEfinXxe{8Aq?_c+0Ht9yY?t5d0MEOgMH{wn`Y*__HtdLv5v(yFRTbo# zIQ%65HQI$qgcbog%%VB{P8#WvlCJ&wUBVa0`fWGsmEiuatcQR&1;;c}zBDy!LLb8M zs72GWR$lUWz*4s3n#RoNfklipV;!aj+t)}smKtqwqn{|ULnOOmD; zYUV-YiS^K=a>nM%L*au>z2eznC zNO#I_pz^OgSiiF1H<8HrlVB?U5OkIt{E?RLH&pd$xt1jGE;Z;v&u=blYMPr#g2*Cq zmpXs6=eLaT+=F5`c12Ls_JY$xNi)JLl05&Rs`P}UUpb+au7;$c-Xc#D!wsZ}C`O2U ze<4)|X&RB}A}y045ot-eqzfa`N0!9dkxR5qmkEhdwiBrqveOPcP}QfRCMjKP)32vc z!hxs**KGYR3i-B}AkrhsCaOUr&h`9>l2N3rEK0b@NXP>RRhyT4Q1fsHW{}*2io$@_ zy$2l{R^fAtunwPFg^Q3$?m?}?XZd_sxQ5Sd!ngU{F6_nU!^1Q9+&&!4=Oe<=eC`+) zHYNEZ!^(W_9McfzQW=TlriPZs&8?Fv;@W!)y4yM|cCD zdxq2bd|Wt}&%MG{%sU~hP3MDKhn@I*SU8~>-M0y6SquF=w^8#^9#y$NRCz|4aD~R6cQ_8U2|}s|t~9w!RUrQ)2^8^r zRR!vSBK}e&epO6d(XE!4p(+eUb8kzwRQa1oEU;|KT5=SXJA^jD#^b{FAY%qv%QzM@zR6z1)Z!9mPu#btm9i zMnV>KjgIB^O@itv{CS?>GoVnz-5F-(>j8ai;mhcqnMTJ)@K1ntSvaR(vBx7(l4}1* zGMoQ!e{6hw{iBhP+y`Ee_kHv4s#U!NcXuOWyn}R4t?FawPb(yOV+cG5SIbntlUsOA zj;(%=!k-h6l6%OB;b<6}dr0qaFrQD7C&)w22q*CUpl~*y2Zzt{c}Vys&eAp;J{sgN zgBGr=hK~jN(D-W?L3;P%BM`U(sWe^4I@;*)2GNzg0h}0+vlAp)Q}AE?08%e8DDRo3 z`ne%7v^uGh0V#1_{b6S-d7wxPt6T%59IofY`FvAZZZ6;(S~+5$Y$RJj)B!jYU1(*4 z555G-gmo#ih*3%`y3oi~R{lOhSbiqEJ8``g5&&_!VPbyXDQLE0(1SGz&^Hfp zXROCfGVw60_=Pls?OzFlJVBmdWFMr~Gl-fP!OIzL1?Wf%Pa${`4itMWnEwP9u4NUKHq7B;RWw8GQv`A@~!(o;SFfLGqWg>Xkga-;0EI z0dI^`a{Bc-)T4^TMGL<0lH@Giyz+DMYcw~_t3pn}Uq~%`wQ{v}`R5j45+b&jVCPnQ zCnQzk+-mRgO-@fXqPdd(dm6M2!r?y(qGEMIDAI&008X%khe#bi*H*h+Mz&{>axd@) zEhh(8nsa@`c@e2=E$1>=D%*+G<_qUDVBc7rv}(MKVt?gBqBah8(6z&{XUZ1SmAV9f zG`o+=r}A|Hv$tVi37Fj(iBXcGTk4#~;U^h~lZzvVPlO)n&u}<9fE})yw#a)JkSxKQ zwm6XTRr8SIzd+V|NfMMLc+*zRiE5YNO^?+}@TOh!Y8-0T-c7sb`?!%-+O#{5vp7WA3Gh_SbF=c2r0oU1uQ@WSd41erZA@@cvw`8}-pZDN+O>eJ`YoLAc(M$Q+lnT}XF=@Sr8JO`IK! z!?<#Yv~8u9gYv4O$zX9MGdc*PGig^}f$_azDfW=CI=ie2E%E4&L)^e_O0cfu9aakv zI#?3fC1H_feT78TqfP}l%PuS=O&WiW+4*ywVX>5 zLLMe$;;6;=^DL2BJ-_kVY_y~79bg|4&dLNI>&X8IY^Rl%%;vRz;zXO-1R)bg9ncEv z8yv1>_aDA7BHtur;;3Hub25?HGO>KRqiiIwO9*Gn1lKRiv;0(Gx2MQIK!$%^J<>KVg!nq zewCiZzC`MGR_s&~qnAXR705!FIeCYnq2h2fVU$K)vjbOnbnsUX5Xff zqc;d=Sw({)8;3M`i3czOMXb;fn~c=ktk^IT%VLilpI%Y1mPB%z)I>*wMU{1!zG|<962CgB3KvA9TcyKc-SxCS6X>rI z)R>@`4*=AUrJjnQ0#3MFHF_6Xl}NrIaC=CNAxXM${Q{kY3+l>S!WJ zDeqUcE_xV6NfL@d9}0ibGTo4Jnw6m|SMV>Y7H<&nkQQdkn5wP>QW>Aa7evV!M5@>UJBc{BO(^ykk6_`u4yh#w9W9A$ z(nf!+%{d9+Kuh43K((q_1$sKW9E|HNi`7UQo25ETtqEf!XFWv{Q$377j~fx)BIl^= z+amU%qMS(T1N`}v*ym8@ya){S$F5l0FGT8SI)LC^9Qpl#)hC?g#kRSsXe-7RZCejv z6G?T&pW}(m-AUN@sn*{`>^{OKlDZUs#uA%#OG(diwA}&h9>Q6h;O9B=PXc=`MgBs; zx$N%(`zQs!+`)eWwkri6@8~bU6j%p`Yu^nH-Ue8Q6nvWCT;HbvJ2M5J?%&MVzo z!0K6iUy!}#M{$2rt&!Y`pvXe0@R_PbpBlF5R+h<{m})TojLIZ(uWHjj5@{eJ#8h|T z&pZ;LHsbn0uc-WI0j`b{XvG?KcJkc-d<$_RQ<>A-$tc+wgCGtkBi$k$MU6mcP9&#A z4sn!p1$MkqqTM~(ksktVM2h^?j(jPwn^NSb2+p7WdH~qM6#1J4=a-^i0`|I0#s2qS0QjaQ@FF7`4Vv%LtW99-vMhFR$%~ZxeSr-&xU>kTp5KzfG4oomZYh`fo-oN)e*sv}64MR{ z^0}2(WL@~V!~6&=@hGpPgz$HVu!9JrqWan;m|v+F8>~2_?6lO>jr}3^4IA7Nct^{j zB+Xe8aZUk#UW}udScgrmE}vz&5`-HpiPu%UCKl5ELYfW2qj3_iruabtrI6@>zBs0B!FU?6oS;U|$g9YGyH zTa)St5RQ$L`Y=gHQ2QFpL{RA|hMq1Y(m3E)z57d%#&*!iOL-G%ycEK7ai}4b*J51h zI2|I5q$f!rKRr~*6lo;!O)+srw^|}oq_GCfk<3U|aukbnq>*emlt?4U9Rle{BiYi! zLShx-iB!UX%FB;$wm$xW9^qU@1+cQ#;vF$+V>;*F$1Z;5boB;L*yg% zDhTh!NwNCaWH3`7WS_K`9k|+`EL8=UEq`qPh-n8~m6bQ~_SZx5d#o{kU;(}gtvXckBcEt1AEo+L>aoT`lLZeOAfdEekiNoZ9=POd)6{*LQs=t#df*&sU4}=c^HiGaS zg!6JS(bCr;4FW`@qli#~x*LDyq=+n42aSUQU)cH^Ihgb^nCpnm24u0X^mlRiUn2cG zgDIlRB$^m2+4BrAW`J11T`5?OP|(yUF6A zkRE9?Xa_u}8dEe_v)>jrlcs|?li2JoDeZbk+Y(?)tv12+w{x)kdSD-?$Zv4uw*&h% zMgDUq|C&88tKo3--y}GDyDhMegtND$?9Z#l)1tcBDr_d53+DML+I|rHC^BLKup6v4 zDa}ugHS>Tiu=0{yk$*sdT~8%-_>AdH-?u{w_2sVQ=Lf1KqmPLVrM92 zIuJpq$Q3(sBanJ|Tuw-34(V19DDWl9IRxh9&@s`n?A$sC?Y^dT8F>)t+L`DH&9~H3=1+#OU&Ets>PmGACfi%bx9nKW-F{NAu zywq~4kQ-%|7?sWD%>?#<#T^~j2~Os}0Q}t;N6hEhR;;>J*yPD=Ul!IX|PC}xSND~+iKfYQv;>O_{T z){LV8o)ja99;wP#g*60(tKuY@YMo8g#2dn#2G;xx%xDue@t)3kDQIicsoGN;HS2RQ zzBMda`$^~dD2rR!0aWr_#B;0Tkg8^P3h8UnLMtNG41`uha%QD(1n1cHallS8N_6-C zUU2Tl!-0*q^1S7k_|cKS5!kI(UhtnC`A2{~VdZ7S>6B>w3~Ee|2fqrNNa{oUp)fTU zNsmvR6Rnp;Y+trFIF_Aqtict z?Y1~ojK<#)ygD8&8sZRnt~e%%6_1ORT;CnR>KbF}N`KxV4FF-dC6SyaeJ0s)c_x7{ z&60TRlI%WqG(8N$bCwhtCdL0&)Ty_?_{_4lV~SVwM|X;CqEGDrW4B>xgMJnbT(o`h z=+qF0IKeR}JC8dJ=iU*7u0-O|)FD+95*KX%2*Wdxlxz}lc9TGuMkKB?p6;alfsi=6 zhe23kH94eQN7I`ie3VI31xM3QL^#4zqf{040&jhh_q`;UNO27L z!_MYEoW@tp2&G-Hp{HWkWpNe^itmE?NYBCH*BAgSw(C*{$%O_|^$Ev_VRyj}MuJjD zfzUHfLgxZW?}D9WFth9O9?Dio41VAK)6;bA@cZ`gPIZFJF4$NIKZrv$rM#ZSl~iRF z?1GV=B!OJH8F#@*{F|7#qFXJIX&0D{*jkz8aTRZ6(q4sN2l zQQbi36DNrh-42EVyV&5;7Nnir!9`a$0pr1gO3Ow_i}RA?CTTDYtK{TA3m$v0Vbz?P z>>1fZE4n7X${BczhssnmzB(2E0KS$jw3i_EEe>@XnJ=u#m561oPX@pSu;(PTd-w=s zID>l0;rT85;dy|RCa>LxP84lmV)ClG#~^b~OpeK+jO0b>lQ;5BPBoHE z-o!VRMgHo8COGoHMDkOsUk;#VeHM|TJb{E2IQ+ZF@uXf6#}m%&ys@_)2_GAdM($_i zd!+6%h?+;<7{$sTs!68>q_f7E(1t^DV2+r1W$mU&mSSF>QwM4iwOM!}>n52Kar7nG z$4Iq^O)5y@MwpK?lNeXxxHg43v4FfUOnGCN81rx}NMV-Mr|gCK4C{Ojd8`BL9b%Gi zG`gBmlK%$B4ui_jDhgh=3aXriM|m8sf)A{M=0FZNsH@;JtKdYyXIctfX(vpsO`q|S z{C>0=$ANGI(aBwk=|b6MHO>XRkSJW=OsU0AS2FKV$<_dWE3QU3Il>`-Zw3BSoKuJO z=m|F;t-An+3Zrbp!8%5zd89Y~v+AQ~Qj^(CjD2K~(5JsC~&( zDtRlCcuk!AQR5k01a>sx z?0l&&%*gYo3Z<$B37bjhgLzR3`)gHnV#FRIY$n|a<}6}6l{Zpwe=*XR8%z;h8+WM? zs5AK=Ao)v6q8_Eab(Pk#6JS0%Ea#v|#;xIJbU3^L7)>q9QL|AKx&Z8L39N?x=*<41 zSwq0MECZ_(m|n8XuSO$<=gXiqRV<{W*^s&4$muTev+CFukcy8^Jf0*w0MO&n35oD) z^u;DgTu?drf{MZyWHMh|12^ymd7CfDwR}PD;|pp8e33L4RF)2undeVdT!zaM`_P#@ z!E;P5M=QORqQ$vb7EMvX)I4F*&D5<%M0C5c+n?+L|j1-x{>mia4E zR$3Xlas@{xWK$(cfEe<)7W@V&i9y;B#e(}IM^}1SqJYMGl_Z`>o3ENa1SxH-^nqlm z5I)lCdjjlh2~8q`{z7Us9N<-!KpG@#QL{;_xfP7LmPKk@micb#r@?sHvc5${yR7DV zn_~kQTMSFOd0p~l)iVP+9ZJfR=i>b*99%t$%atH7St3f9)Ch!Dmc(Tf(&-NAI1o;? zB(h0+Xt*{9ACLF0wgg)NnsujU-3G=i%VIT>mwus%T7-HUgk?l(Lw=SvGcwV5)Y-s< ztzSDQlG=nn-w>Odps+7YG^d`W*^f%*L{c@*!$Jjz=;nRM4NtT<3lo{H-Z8=^k{W519TOdxpTa+-f6s#F>CYvJ62OQ?(V7(Y;Iz!}Ahxrj$-^ZEJkSmJyw`sEp z`R8LC#UYL$V|8U7EU%(5=}-_l$4Fc(?Ur`JRHuM(j%CpVq6ytKVGO{l3_$|u$$o_+{v@Sy6RJ8_C4r$)f{PY)E`}-rkxxu0ZgU+FepGS82#b9(dERD6-SbwCSmx3Lt zEgOsUTMVYyy;1#0A?EAl<9yJb+cWj#1dI4@f%aLPN~(1Qbe69{_IH3$ak%jc=goh3 zms6b3O;a0!);vblx=zxBVt~Ek1nCKzZBOur03RLaa0{&Ji8Cm3|3(mI#z^cH?b0)} z+nxa9dCMY?Njt4NS_m{o`|pA9i6QBBJY4MMtaboPjxgnqlwkKNn<|w_bwOwpC$Vd) zo}ZAmb0olSnF!Zw!r1_aWgsMP(Y_l8@PuiYg!`?*D2}rnT_0&(r-Lyp&SG8CUk4|e z4m#U()lcMs-MnlBX4p)(S6^wTcoo>?TnVyhd8{ozaj-;%b z(Vt$q1HvyZ!q}%=A7wBAWAc{L&2_n1o*^-uiyg}7`3yEJz*!>TeIupbU7;=oAPgy!@>q>==R#5W>w z6cTz`iJ>G>rbd!=d3qaWAkd+PAZHCdYQr0NRk%qcl+ddwGh}}ade?Os*)SP zFr_?|F6p0I4a%EFjXdVqs<)zE@>jGGu4@ViU4d=i4lP6Iiw6R#A$?yQ{z7Ywc@4K2 zlG_qzJTeq(I!HI*P`!_q*3RT+#>RRsa^$~?2j zfrOV0Cl>4Z7^#~LqK+hQP;2*+66+}@o&Ke801nB4Iqaq6m9_Up@;=PJJSP`wVzC~Q z>4@WKlI?CCot#u~4}2;y42ks+V=#{4Da?rl|zU4Ro~;tD>n3ibnXkU?DqpIHk!0`6)lbR}&m zDY2d;rHIuM@FBY{LfTl8A)hIh5sCzS$gbM}&msy}I#Xm{R0n)W%~QZv#MKB#2Ykrs z9|7MK=SXlw2Yhw`%Rw`je7IfltU*1Edk58I)J>993ATTncV+qg<3uQxhBGGTFE=~= z;}`(8f6$HXA9Q2;$1RThqmlg7>JtFO`o}UPti$0~84Pcd5=ER?|M(mUUmH%WfBcHn z+{=x0ZK#O#j|QZ(0q~}Aj_DumkX&y6Aepmp3?$h?QY~VW3TU*JDwqC2j7d0dOkqwe zxX&`Be-Ps_97|G|W%V1OB%)LLM@wY*Ay^xUNxq5o50d{GM{tEHJHM$S3Z#FKf;xZ? zFchso`Ufd!59AnwruPq0a2DVpmO@vt{vr8E*C35kK$uQ+a+hMdP^4>+#zlaiAqv+w zQ))r0m(*Q@)VvM+leik;=&nKj-VQu*Wh|>$*Qg2X0Kz#Rr%BzHL)mo#)Ex(R4(b-d z?C z*WuEUz^<_PWrSl*D*q;#biFVv;G7XIrI9HLmy)}qaOt}hu!2Y~f~e3DE+tQ?jCR|zwT1!Kf`Vr^qaOrGV>h}bpw;^fg>u@PGCI13oqX=i`OMM|+`ZHCbXw%_R zCfx<*>=ZV_rSl@T4wo|NB`{wnwo`c~T>1slw;4wKMI%9NRbjQrKEM& z;QbdI;s$Xs!lg9qNVwF_?L3|&&xed2j}Rr@K1GK)shk||q@wTznamdp;Xb|~Z}SDY zmM_SCd_j$XFIt)lDoY2-43?qep$z4ROK%;A?*hl+-;YL<5-weY^k)pF9wUMj65&$m z_k{N5989?MbEN#k%FvZ7Xv3uhNF|tXX`O5Fg-%Y;i;fbqIzv6=)Mq{F4uBGhIOz9rH+^0TxVgiC35)G;d^ zE+vvGxDFE|4rzkIM!1xEmS*d4DUnn${&Xic>yCv>S=%6B!wBaF9SfJT{Pn=fti0rg zaH)Tz%}s|(iKHIKpQnh;+Jud8X?Dcc;Zh>0Px0p~VzX`H7acBTZR&c@%f=zv1lQqG zmah-&V8R`F9WG_tI|Dm51=rzH#`^<1F9p}(Qr15X*u)fEhf5is4eb6DT!%}!JuC;d zItAC^QpP_8_Laq@=a_KmE~Mv7&}HZTty`7}m(~T?EJjc?0BDv8mmUp9H^b61iyJN- z2y7_fPSZoU^f63i@o*`T)GhdP53#9w#VDy`giDu3B05}3Otlh!){zKh;FiOLOTPs8 zU7X;COF7@XiJ1RzIQhEaQqHIu@OH$BGLjaf!=C43N7rU{o;nS@6r9O4G2 zwoSOS1;7rL;Ak-6(%t}1H3Z#MOt^Fe(l54{46PC_<$>ZxKr;=jxc{&P;$$5zW#$sF z*2I}?iZFG!l$jgB`aaHdhDaSQWoCXUo||z<(K+{M$Q8vpT*~zJpdJ&W>&n#OQYM`Z z!pInji>2LS!le_yxY@F3ZqNi1F1;V%!-kL{T)Gw*uf}9jYsHO1hfApp{?|nKloZ!s z4B=9GW=K*xHz6A?tvVS)KMtn>>`NjhT-pLyTZ3yeO}O+pq@QK5Xu+U!FyYeCU|eok z8Z+V2sYt&)1vBB&1xR0RFvaeT>PHG;!lmzmwsp@`6E5}3P&OP=Ue-!~bjeJ(v=EFA z=`4u>NFOxe(%zt*6{BihCR{oi;MH-0^aKf)QttkA;P=Hj+yYIwlu6Hl@LG(-UePW! z;nL5*_{OrxW71Az;nJKNu*Hpoy`bB%4wrIPg}_=GT!vWb5jtGTq@E!3jgzEWOt^G7 zz{@fbOt|zWfOlpf*l_70fX`$im~iPE06)w?u;J403B*!M>YE!-hHz<3FbXY;7nRNv zrU{pJ1mn0k>*WJ%+cDwNfnbb|vm9L}Tsj$yJL4?YCH)oQQhG{~negI79eR~siE~Zx z^nD0_frG;&bR%IBDJMrr?9NOV*yzav(9UbpqM;QCJ#=z?`niSN7Cpm*&&7{6;M|?h zCxs*Ud`dW(&u50S`FvLR9H0AzAL;W>KA#=#cOJ=~9k%Cl|L}BuzMRkJgfsN{DLS`2 zx%$LPbUvl}dwkzl-=C__r}23Z*%%~g+b;Y5oQ+uf-HWje{i*@|l|3ZI*FOJEc*#W| zxnhfRD%_M&%u9X+DjWBkcKo34l=D&EOzR0N}2%iX(jM_)Sy_3vfXCaj9weW){&yN~2fYxy{K_laon zCCiPeHhd8!%wi{He@ zR{Od9lTr8FA8J3}c;tcRdU+H3b49gZXtEM@CY%?Ww84)81yq@o=tS}^f*$V46v^B7 zIAHq|OCgfC+GK%99&M7+0OA!%B=2fq6hKfR_I@RkqH-d6yuZq36m<^=LZ%sKK;Qp$ z3+Arp(W$(6pnE4sJ}`egDd$PvL_rIX+`vHUM#9}F=&eXl>Ie{yjg$INo+i-U*I;@- zGx-)Wlx{_V?#0tg)ibdx8zmR+=k!F!Q1Tx?M1*nIG#3}^3|I)_^bd%A7Aka-^ zZ_CBif$jxJ;6OLY@Cbf4QW}k=ti&qvkm7r8U!*Ro;*qzaisw}&vecvgk*rUk}B z7E%vBjG2JMfxk=c2ag~e-IkSNuoptx{n0b&EQha(gbv%dmu12mx?7h zabxn5lbm&22i3- z?H-PY4EH|@bXS;OejsnZ+f0OOOb%sa1KpJX*gziL*gziL*g)Rtj{LeveromO0mK4% zrAU~8!_Prc6e&@}i3Rc=M#AHU6AR?6M(UdeQPs#Bqo^`- zxD;kteac>#63Ay6gwFY(La1zKP1z!T*YA9NP1oB8h@(z6d z0f)HWi3CcZn-m-jxP_(Am9!-j=%y60TB3QR_H?A3OETm$#WF(K#V#PVR{<_13RgN) zV$nQOGY9y?aW%1M9yxs#@HgU|I$VP~(ETN_?+E97xLxsDka`;T4ywthnHUKgWZj8R!r^cgNdF)O4S_T_sH;Hw2Prrf@QIc}SF!%#b`8>a2?*ne zPVQ1nce@5@oB?<)QMkUDQi~g!4s?^6=YX#vPNYUSI?zr2{uKDuI49OM6k2ya4#~%9 zQWEHH1gI4b?i|!DgvTRnybDofGmGldOHw_Rkii`2-f(Y9p!*8wjpnL4y*k9zC zy)~B=fo@7FFVI~EEDChfT|ChJ5ie-P@6zfB-|PJ>fk$OB3kc7hpq6 z=o~4~f$ny|j<)!*5v~K>rve*j@t%a+K=*|vT`vp^IA;X9X=I85-Q?~l&^-XF8$US% zqC!WYn>?kG3y_px4LZgGo3fT28WZULC(?f*?5qg$rS0^m`WFa#Q0mI-wC1!F*rrEM^Q?#lp{TEYlY<7^$6K=-|1ER3_9tpgM2UJ1s! z7)xhn0^MH%{3S+EsfL?Cca@naKMpRx)Q>n<2f8nYrT$?c9AQY>`8v=|P02qQ*cpVg z^QFEJ=$=4TDB5(On@QJ!IXQ)mKzECXtpnXmdJN1Z#C9sr1iIHE{XK&zqHE)Hpqo0A z{{xbLwInA(Z35lZ(ODbfkS0JfZVj72_u*g^Tb857d@lHOfWs_-)o^E)wrB#~|XE17-F*0^MV0;Y)CF_*bCOqy)NWAbqaE z)C3|(J3^pa`aPk&J^Ztu3w{kLAK_qqimqHi8|WrLD!~N0vu5M1cN~u34am`zMxdKK ziWlI)6KNCZJ{l>PN$#L~^{dibXU-7`sfZQutRj^c7j=hcC3CUpj(hb3{@ zgro!AOga~Y3oVIk(jGE_?uh{Jumr9-ssPP0f$oRFSYlbMM)J~u?zyN~^(F}Gi8PlK zNSi^Rn`TEHZPbBoA}Q}aWP(GQps*3>rkx{0Lj#-BOFW^KYopnF@y)`4y!sh9C*9kJQA1Z&fQ zZr1iSux*61HoU`g6fVQdi*51Y$=j2-66Wl;I=lcWjUx^dt>jt_xqk?%@p5kyak`|)_-K^*c5RM{} z)1q{so0Xga>>Q&+yGsYUS^i33*QUtpKsU?Z4Q!5;&*Bzs0^LiH{vu&q2&b-0p!+?5 zpIgGhXfQE>?wq zOm7Hk^B7%MrVey7sVfMl#zW`g z-NT^Y^F9A}pQr0qo%5bkr%uJLzPAhXnZwKt9KZZsRx<3W%=QNb6 zZONhs-BoWwtH-4sOY)XLwrwSEKYGyJ3$Vc{sMQrc=spU}nQ4Ib1bxs=y_pr@pO?l+ z3ydCg3uqGnccwt%73opdn6D?rBMl8(Sze$c%G!n<(EV-hCxF^QHyo{+emnS;>=JiP(>086@qn2duKOd39asEWNu z$)Ats+8>6|qoMHdcy0z*vJZ&IbKKh5j|}^Gt^s)5_B0=Jz){pbo}gK?RG%5FQSvsFHwlnE9jG1vtsRKoQ_v&GO+S6W9U39D zaV8uz5Sd7q;?Y5WL$~qA11qy>bac@7RC)%e=TghBv{U)^=%8Q@_}7AW6ZwTm>CC{R zgV;BXPlk%vqk~8=uON7{oCuB%Vzbu`$gDj&NI-epJg)$k8Xz-yHaa?}G3c!$o*`UU z9q#C${$P%*2ynLUC}*aDIWG<9OZR1QbP!!+cf7L|9vxI0Mb2CY>3>8TtOF`MI!Hh- z0Qnlx;x6@#JvvCVeFNT)PMh-W(Lo|#ay!N_TuJ$Nv@9au3B2y)C#vh;$`|=@;7uqe zzeoAv?M2`%aq=?JXK{282OV2C_UIr1Z2D?}GP{ zlh@pEbWlS!EKT9)AdWc3{|>MNrDp8WK_b`m4)AD-<=LZyIA&$~mgCu@gQS>8l1CG* zoIN^73bmL#nrC_T=pd21q?}yiYz{c}*lp$H?9oAD=Tqf)_UIt7b5A**JvvAn=--*P z(;gip&TB+o!cKd1kjV8aCuffi61nkCPAepNbkIWZmf@1-gVVBHm&VaSS`Xx^T=M9k zn?SuIEvKO5(Lv7u@U{anmdpW12feW!B$Z1Z9hAEZ0}C!Ss=OSI4qEdtK?Gik>uLu~VC>OBq}&7kBMx%_-KbND zJv!($@c!-i2_5$6Am;Ncu4;Ejr6xwrXPePEJ8O>)qDKw@vMh?Vh2N9$X(lbB~fe>>vIgl{^~HHwOk z4*CuV@1CgK;yVRIM+emev#|ptG(<-Sbp>;<15ktJGhR$}M+Y4Z$Seoz8e0+_9kd+G z3sV5qqg82-4!RbAd(t3I))gEbvO5gi@W5QtV0 zN+)>jJof0I-jo{vz~~5M#GMMVM+b4aWM%;{pPC@>4#|A z1HcasBrQS=)8a=*2Ngcxc@1!B@#S1?26p&}jt)8yh#nEj8f1?SlDx{mn-uYNcvOSz z(Ls{?5&+I1NJi6y)%NHhDcauwxUnLTJvvCT+X28Xg4nury3_3J(Ls{k9ss^^nq<~h zP`Avql3l(FgXnpO>$QpWJ@!JJHb`Gbut-RdO8RfP^88@ z)SvXZzEXnbnNU*MN6`e)@|)sgp-X>Wb4N7iW@BJ`#~mLja8ib z{!rbE_?@}@6J_1Np>8s?dD#idssr-=5z8=UZ)Oj{(Kl@(Jx3~dFxZDU@MbEjDauBe zW?VY@WU99&s{{$laGj1Tvo#hNYU;2jDE1h|5_2Q2TgzdGnK~Sv6gyL~#Jq%ScRB1> z)8>usFobj!n5zPJBkxKuF~p^AQ1&8a6Td%L?IX7S08lYYV--WeA01(A4l837Gr?LE zu~kK9anM>*ReUR3w$d|GvOB)PqfbLky+cI<{qkg_Ba#Onf;yXE|6b~ScWlM z4dsu_8spq%kIecI*bq5Y!QfGjBeSHgNml`TZq~cd zHw(o16cDSGZO_dj{%l+qN9?4F?YUW0u^IfW5ys|V&&{HWf8lyLVkcdUbF;)12^Z7O zgXn(=MlmKqTgKW~KDwa(zwCZ?z?UYj8!XZLczHL=r2FeB}S4I&9d}IN4f%&ilOeA2A zWc-Z+UIFhj$8UndByv|1f3~U~MaAP1>y22antoS)WAHjSK21^3Y9sk&wMm#EfQ)xA z8kBIK?m>*(ZCS-q>oV3i=ybVqOyC1%k1TA@pm;Nc1;#>_x4 z*MU{pXyvo=%~{}`=lH7Z;!d*MQ1EyK6Jxd^xW|EIrC)hUg8u?|uQ|RdyR?Tav{l(` z1ruYu$1z>v(qbszj(oyz1YWap{AG#E`hqv89RI8Ye=>M8%JDBuFnq z-llT=zbju}C%YZI#~fb^dwDxqJZfP!Dwr7aIf8E-Sot?3_*HhIqvKL%RFYP5kMd1R z&<`Y!z1*+?>cn07R|V903K@(7V1ff3AGeGpc58=B&9{>72#VO5pssOZC&jv(C`hXP zCIIerAjV80gG-XFrFlZ^T>!sIi%AAry8enZxhK&6aV6Tnnt4G&RcipcIuI?eW!bDC z@$pyyj&z`9u?rSk7m%sCA5Q2#8`LYDn3PU3P&41OX5IqC?Gegqv74om`7ZEYBcGkp zNamVV9lg^QM}7mqZ;_HDsDXkc^U^0hZ$DgnY3iNO)Ej^y1WB7nWY;gDX(|B6Rix>N zgr-#hTvU;!NeNAx0l2FoO)C{7HxC(|!c9G?mk-4#Dk817Qu-US6DSr@bIXz2;f)g~R;+B1?^6MlJ zR?&ddSy7A`Vyxb-s<$?gE&Gdrxe@GJBMGm8umUQgr3uO9;YFSwGI3%F9#r9sIn z1ssopksx>_?Ti|IG<43Q-X~ei2WgrD+FQVKFwb>>M+lImQOU_Vs=NfsM(}TOn6GJo zV$O^)kAwfb!xZiUM%Iiac6j>;yssUfS}p%j6Vl?^(Ap9g{({-T^Kl=BNJnq_WbE;a z=_KKVD2QPZ)xl%A5$Wi$%%0CdOqz!&d9dxesW~;0n$~qO~ zb0U_`^U8lj`F{uR#)xk&rTodF`q66qS_i^E!G0J=sDXQN(;spJ`bF<{DO&C*jKMW@(f&O*pGTy)5FGcVqT!Vc!JS9gh7G*=OT|;)TM0%<(=a&+}V? zP(=WTYAdk?E30ubAFHxJ(j^M) zeNZvKp@|!Dv1$gHoP#sY9; z1k%dtEWR3Rs=v?Hrj9LBG&|1eKwl6^=s!)=wj&g?5xi}VPl?3eQ3~u9LFNe{UUVq& zqr2ae!9-^=_HMc7lR&zJDe4&xe%_8uMLIv3QV<&8$}FKT8?yvOI-hg|wKqA->40;| zmW&!4iJ1Rin9!E!plETy>KCG)a1<@gKNB+29gCJ#rj-2KokEyy7I>8N9)kwtqpv&35fj6V*u`N;sGjpkXa~etg@KLt7JVwmh`03ak||29OQ3sWu7E!vM4-USphOC!6htpn~X4} zlay~-f_b0=i0;Rs1SU;0l0PjO1;B(fNDY{ww#@@?iQ~USD`bIR`VZx2E(G(h4j_e# zy>u$GYbkE>{PR%`X(U1E;_&vDqegJD)Z)uf@dnlGW)_Xb%w@v)52!y!9P=UBgN1#X zR(~-x)x{-}=Chc;Liz2%>*@Gk$Ld!}1&;=6l4F-|9#;$I2M8?z#{5QUZ5|tiLvt=B zNAfKZyRNGuLyYr+Zte=rzXJuaKDZ}riSE>$Uh#U9?qyZ;4wvWW)aJI9CX_rSoSNW_a7r4B;k(3PlR=$l^Cts{#0j1Bs0%i;j1s(b19}VDCyp)PncLw)epL+_9U}3~h6E|0k1$ z;|g(!iCVU<%z{1B(>6zUM-A^DxG`QWauBOYG*^;ssC)=hLFuw=!N}K87leCeJc*?* zWwlV|L`bb*mfay?L`)H{M2IWE-RKaVs5mP+?$DzM2Tkc&JAi_k^LjQ*#Q;1aAg+KC(E4uMGbUN zG5-eh%Lt%L67gk`T|J#nx%}5Lj^avaQIH*R1=JRR?hf=olgQykc7N^^|;KFJXN)!=P%d{uT=6^?<%CtWojrzO3F z1$iFSS1CbvSpGug|CRi&!TW)HF>fa@uLytxtIJVN=CMYZ0-KMBGaU|*Pq$Sph{(#Sr9-on%Jcu?Vk zQa7l4M72_V+^G5BEsVQF#~U?Nr3=rBH)?VasfH`_4Kx{1C(ECbXrrbDn4KKpbLLk^ zieWcuegkC$_=h{p9W+2OcB6)v1>i4rm>&?+C0evmvj&uPj!y~8w;MGNgZDhHy&a^c zH{wQ3GX$*H4xYNuZPd_du?s7`op7NPDQ+eQI3AiV$9!ofT)Nn9QfpS|o;kDC$~_h% zHiKGo{BR4Dbf+fuL#_Ebm5dZA0bvqEf zP~9_h(xh3sVi368+bEp>CF%FB&6xisISjp47BA6%Nv1;Cg}BTi^u-3mv?x{aUy^qx zVj)JR6t2Sml2H5wT(P)e(n?hHUlIdz6ir#pQ7!sWhiTeSkD&2vNy@VSC7~@{9ZPDR zHd+U=ux;Oq@aLo_7ut=&B9)QSX@{h{^gUo@4`}idrI6e`3Hsl!l5av zIi?Cr8}ebZIcBfI(w3%EfUr0@HYf$#|5$d>ZR6sWj> znarj~u0|~O2;UOtleuq?Q2hCnxMA`SJmSF|&5W{|W6C46p)NrS_VNgA>Ec-85!#sW z$n>bN^oZ+ZG5|LO&@(lrhi?Egh>04r^7(Zc(xQv+Ni!};VeXAEJT%O>!21_m?G%X; z{$RnlAR4gh&j^2kifc{Ie+eu5`ZL2O6oj;zRew@g@81dj6y*b={g~Z;H~>-;?Dkw$ zla#JExVdU-0Du-_X z+SqsTgvRM)|2Ydbk zS{Z}b$&ddqYGG*7)Rbz{2SUXZT;^&v=|zaeO`3lS^2ywHlcxA}DRIN(A2jI~9GbG4 zW2#BhhA+t4v{#d+E%_*pvZTJM+P6~n2U+&%1|au#xV(;_=+D5kY|_l+hgm9!xBL)x zY*H{rYUR@d*59=knXvgsc8INgk_vNzxLFjGE%3gW3J)#>MFaBG*AbfI$?ga(UFU6f zA_>S#qd6YuBSWcE=|lz7ftG;0L@RUcO}D4`_SeYj-kI87=WR$#TIRWw!X-#|H)pSAX(~5WYd9FVC###eo&CM%T85OggO~)=LDI~ z_IA{|2*cxpL@IUIq8!$#Cw8VB#g6bs%6yR}*+mRfagcVDAV0O{3vlJh7M*q!d4m9S z!vKnehE1|KN@UYP+EL`qPUS?3#jJ=M_J#<;Hm%*PJu7r#G=^^6UZE} z(F!_v>%m9}st|Cz2SE{NrwA#|^gC%AY6eP-IDV zk+?@m%+`+`H;5dbQXnoT`Hy=`G;R<%9}3dhrTla;*y1Nvi~5NZlh%#(6A5=J&Q>3L z%iezaDv6Oi|F~CKKe1tU{9-RZkt|9Wi93|U(taXfQA)x8u(L#dqJqnzAf25p;6iN( zM;(ooJ}@%0@D@YB+ys({%(d}CZhXp*w!Kf`a|r`o3nVa_G6;9^+g!^MGB*>JmDn8FtA-;Ex#Z#$lcB* zhh=SRY`b?xxVYIerjM%*Tv*WQ9o$n8r0u7zwx6%B0Oadr<7>w@_Y-g}<0m@$_@xRt z(9{a|Q>vteD(QbEPOeBQF{0!kkdjK|v55-W*2}%Jl}SNu1Fq?xLJe%o*vV)A65;TW zQgI-cQV#$iiDyw%iJZT`rEo7f@z#iB1Loe}JCKxaKs9E`I%rQqxJQ`%#zJ^wZnhDk zcd7^J#M}aW$ZpWl`U15Y&3jA&<#=oX2J}+tGw1Z zkyh4eTrF{3$JJts!-o?WL|U0JwH|=h>gQiKE1o8vR zUU()Fb@vQ(ndG{WzT*Mr5?F(6t~@}#^7n}v5s7^*jI`3#fe$@vyf%>}7aB$$IVB<6 zUNYX82*T-9H}jK_^IpN?D1z|mmyt(c;+gEZaqqbp81wS0;4`pgNGyVPMLOKQ|6|6Nd5zCS4FDc>Iz93kI( z3QolL5y#9r(QEjUh`9D&GR#fHxN735cM zT}Zq0tG6lSX+v#ksj1$hpz_c5$8gohByprDBhIu((31iOupKj|Px!0%tHYHc+iaFYIPulkHQyQ=`Xl>#i9Va&{|heB#Lz3b3H`qs4SCuxbF z1Lj>PAvRM?f74g}3;~IrpGbu(r6k(I**QG_8u&!F#JhA24+EkLfL@m#b=!lj@t%qJ zLA7}#n9}=}5+m(jjuBBcT{~7j`xjIsz9+QO?>hE-wf)|V@9w|1L_X4NyG|)#o?PZ^ zgaKv`o4!AOxP@SS1WjnTv(Onfykm-h?k3*}rp346# zQ+|Ktvn`m#;GG`v_0O6L8k|t_Hvl$9ApI#zw^0ct4}iBb;wP1iQ;?MF zJpeu@h~+Yj*}^r*cH@1lb;aR{d~3k|b`o4U+(v zU6H0~iDH}qz=aiQI#xlfK64`gw?-iCVr&#{uJL?YHH4KMu=yBc;^rfBOu6Rs6O?(s z!~RXY`xr+-*L-S%-ZOpKU{^(&Z1Z9DnLPk}5rMSTuu&wM4|O$UD==M-2}h#!=#YM_4Cxx5ofzupB<!Rv!l-_}0my>49Evm-G0=lS@?7juWM|q`ahOs|eR5b&pi<1x~ z6!RL0TXaz+dPakKD1j`APVi3*1juJKY1LyDG&BzjXngO$ohZN0u;1U=@0x?L8k&Vf zYBlr%6m5ZSa};%x>)F-NQ>0E~SsB>X&;P&GkhS}y!h>M9u6`Ex8vz?-0rMjwI*!o5 zxJ7NLRIWwMf%NgXGJm0wsTOq>$ZI2(SsL?gi`oRh%P&BnglEY((y!=!~G8vtNbCTNHb9D#TLG{s!dVB9_?`^R2T>a>i?b zOGMMomPZUpXA@@zAQ(-7AEC=I=A12i29dKXPXk+})!9cPhy8xs<*L!QY%T zW3E3ernCxZe~|2U0P+F_STw`fpY@0DfXRc0R6>+cEY%-GPXmCO63CKhrHIFUHcmJA zyc(8s_Ms3tf?_8g1F@8|7l6DpVwn{&-#U8@c5G52#Ia~Cs z26ZigEJ=Fsc@X4XxMc9*=C2Gsq}ns?#Ts!C&DNSC&htB=glbIg>x*QLGS5BHS*UYO@I@!!6yILq~b6iq1!`PoS^P#{@a1x?~VyR{>dKQAZm_U|9D@8o+ zvvE%6z^p&e?cO2S3|JFVG&B;=c>XHTcR?79wR3%fGHxt7rfRuLdKc`E2pKjL5~)i1 z1>{_@Wtl@`zOAHs;5Co<=}MAkoXJWe&WuDbo&qzV%P{6DiO+akCCMYAWF<|f^lAi` zIcdgRCCT%)WF<*<_XF}21z0r0*q>F>7r^}HBt!|tQk5inYQc^5aY;$iW6>~>C*qQ^ zh)-fiv9NR352%j8bv zW#l}bQd% zqUmPNpP;0sT;j}u2o9paF0vVO&HOb|qOnMRf}CvTBPhKP!7?Y!m}}-A#M$ZkMzY%o z$TkYFXoj&rYvwNj^MR8PB@|0FbJ6n~s6JdNCDBR|kNa$#ZcJHPqnxulL!>9gYRxY1 z>@gr85wT2@m~WlE0KBCUKkaP!VL)^INB=^h|R4GVm^$J5ZQX8|RLg*~Lofk5&kzY}x(KX_8a z<8}OQuss?UcuG$+ER02gqhaB2#9g0X;{+D>`vC$nEQnJaWLpA~cdLc)KpGtuL0mjjD6@xMaU<#rq3M8H-gh1GVVwd$o_ zeRhF^SfvtN1E%LS3L3NvPr#=2MoBj4)}{44SfT&LZO}s=>zb#b`vqK?Uf_9+Dc7L4 zus#Cy>xg6IkL&e>-B;M3VoMos-}H)csjzYf2$xTsTY%G++`&|>+#$lH^@G3}QBHP* za5*d;1I}zG8@F+vhcxX+GwNI+_wamlyB$=8>-FYy75JiFAgvP<08;&{~BM$ zY$Y|T^#({9Z(fIw7Y69B#C*n;-lE=v4%4za3-32`%vLq|k2(dmuI&oet4&?jg3=GH z_P$flx#Yht-lZht^mMIW$Hlvq#QM8e@9OA1N)C4Mp4CUY_>gLGzC#oFUXifp%DTin zYl1MKUwl4573+GJ#@6+&9b449PHaW*x{|YPUlXaIFFMANEMivwn%1*LwrC`1VK5Hi zb@E7&oks>H9i75p9th8w{aGVD$7MpgauqQQAbCE%p4T_(^cN1aoZ#s17uHSYtnh3xjV>L=|p{27o2ES$H=@OL~t%d&-?q2fSd zX^lQCRXrzX3hBq;XWVVBbh93`4YY$gGdiyU@2SZ5}BN;;t(i;l6O&mWz1<)Lne|sG^o(n7BYr%@OV4EU+N|$o~L~^80iR+4u7MbPL(r^80iT*}wAp^a$Cb^854($NWfqudp(f-~48m z%J0)BWOvE$(>G+-$nSG-$i9%@XF$kypWkO-c&B_14%u+?`wR)$0Q36{3+u}F@R02- zzt4zpw0w^Y*^u)4j0)Lc^81Vl*)Hf_^P&Fjcg%OGS>F5RD)Xm=@H@JyxJ=fmlf};13Cox``P(#K&OPl0bTOh*7e1j z1G-A0Sh5<>O%kP==q`yyn&=^k7MkcOiT0Z4C5djD=q-u9n&>NuA)4qXi7}e!FNyJ* z7*O-FcE+2mi9yxZBQaAGL&WL@niwjH6Ercb-~|+6u_i`VN#QME?3Xx~us%NZdbOfmzEJtqRD%x^MPIe5<| zQ$}%_H3X)Bf2;Ia1aMqZ70UZbXT@vClc6mkhkqVZ)q~_o*3#ruZh-Q3J069P)!z{h zIxQ2j^%DL|Ie<#Pq861jjf~M*V9=XNS5PM-vr~V9+{9#?|Y_ntjs^|kX@daYbJM&ZJeG>7k$SCzyxPN4!Xihq8 zRqU`fL`h93Ky%Gxr2z~jlMN(Ug@>v7+2lzzi8PZa2cYD8gm*6X1AV^!}E>C9D-sybR#{o()#1^2`X>NSfL2w!E}Xod79Pi9^5wA6*n zn}eoElOIpMm`MwCh8r|n8to#dHo-bwSQk{pI$RXqSdqf}q!~VvmQp+W>+0YWClO@xvNHBm(p#hNITM0HK*WKgP! zV&T-&L{&*N(nR%;i^CS0s8Pf=-QM&614GrRZ%ILKfW=aymO5QLvy)WkYF#6$)N$g} zJ&}|)2KvFuA1U%di@oL5hlgujwk!l&pcU zn+qi;;Q*5%)aOP~7(4@R7z{%J!r)N}M>OS)fNuI^iU}Ry%U2lqD8mZV4&fP+-TvJQ zGOh7T3$uTZ(lc1TTyPh@kPkvwA)!+8n%m8jA*J!g#gN+ZX2p;?@dm|^y78vO&;v@3 zz}icey+d2qUgY9!YOi+jwzW69c!%1@x_HMr%U!%voy%SPz&f|Oc#oP~Hmd$!B^*gL z-a8TRlZX#4bvr#n6PqMMhs7HvLx(5ghbLqwCg{^^+~;hVQS))cW%WLJSf}8uws!SC zOxNh14DG{ojjmJ3us*Vo)>&iN07>XXF>IhDbZ!_nND?|X3>z$o_Nr}&B)Vy0s3iJo zVwfa`Xkxf*^Ni8N2uY09#3)G|qKPq*7^jItBvGb`GD#e&i6bO&m?n;t#NnElB#H5w zm?DV@nwTbuiJF)$i6b;IR}x2R;y6hhr8CN~lVw9?0~{$GNEVvj_0npGEvtD8=wZ;e z4W7bsYI+1o*@MCs3>*CLs|s%iN#j?`JgD&vGFxbTQv!2K0&}ZiUXiSZSJPoW4ETp2 zpMOBg1^n+-C}B=a&dH8r81TO(DPTxJM}%?*WD`}2cq15S zn;lV@Ed%UT$$P*7g`-#)CPMdPdE_^3MKq>2AR59`q0c&}Lvqw3b#A4$QFY7jeeR70U3 z$1;rkE>mSDK!$l~4Uc?Dpr<-2#~*Lx_d2ItT8{jqk~cfDOx`137ab2fs_OVaEA6#% z`o7SAPP+t)cwbaq6Mq?}`}5(jSpRqrcjBBrddUFDYZe#bf? zW*u0KiRa0Zrm4EtRi*SEN7c#ykSPTdC)+3dnQM<0muLd=x8bG>nOWuW?w0=uP^ zjN31!$kV)W%~4i7Z|w=8ez-DJt)vXb9O|1+g#Nav?1)O6Ac^%0 zJ`&pBHc31yp)X;cgq0-BrBuwQ^xPk)&|fbEWh;t@b;j>4m`~a1vIAnif!J@f`*ql@ zzLMV!l$|N%lFnTVLiKTF-eK94y{d>>gxv+KUXCsPDLYqg-q1v7mOPOzExWaN&mfy9 zE_*M3byvK+3i_NI{$1Iuff^}Y$`87p@XLM-w}XF!$dvt5%#BAs(;y=JtOS~eP0F(0 z3qAmND)r+pSk=}bH%%B*gW2el+_I1Jh%i5alGg=A{E%)S*z!M7ejV`IIldH|*_&Ch zrcV_)0I1Op`58SX4W;ZeA7W~~6Vg4iQU>4JS3;s_L#%A+%Rc0flECHrAF3HBSzbPbJ%HI*J zZspkD#s-W9>u|?zOtG@>g*^w<6Uh;Wv(&l{DEqA{^Ytz@tn0w@S$g@gK-mNJK1cg8 z{9~*alpU0*T&Ek_rReOdk0`f8;bT<#8}%uxpR#s?{9(jWw=4hPjM(!tcm>cWqB^I^ z$lF=;56l$EAnUyez07@VCVw%|+M*806vv5inX2bHPFW`8lR1SQnyJj1)5Kw_Q4@z} zO8hC%tmV9~-j6J&Pn}A+zkb!hq)@Tknw90u{#`JpnZv}qhic)>$0+e|O?ETOd9?1C zkgOaPkyELKJ+)=ZOU`xA4*k^0(kGTG( zqwJnqdBX1M*e})`K(^|ASre-2?$Y{#o#wEw)>=TUJg+XRZ**|I0;G+&GW-*OnT8=n zUnF1Fzyj_8^AQJNAuOPw1-uUC2M$2XEugUl{0vg19#Iyw-2$3eKs_*ayJ^psNKu2Ig}P zFcp)H1@yFlkHGxe0c4I+4ZSTO=!qpdF7-FtmetV50$PH3U;$kDu9vE0n zN9jvj*y~JxpoT<9%RgE*vD2BU;LR+@pRBJ#W}h=F!8^Mge~Pv#b~$qmcsG>ePct$f zakw-OgSWFB{}?SP2T$`Jczeq6r)&OvB5g8#FzMh*Hl`VxKYO%k0$z)9{9_ZI>JQ$K za{O5d{#5X0mgCP(@K=I&b~*l>1pgZFZYal}o8UhT-p+FT;}ZP$z}r)fKQF=09E9@Y zN|t|qg5LzZ7UlR068!$)4JpSzKEa;~-pq3Rg$e#j@XjvBUzFfq1Kthg_$MUz4}-U} z9RI`w|2^AHc&y9Gx2vy@QNsOx30&r_Zp!EsR69ByEKyuftnl|XsF0x$s0)QV0 z;=q~AZc_qO(hvXt#HAq7BkoZuBd(HFaglnb(bzBN*2Z=2S z>sJAA5kWHDCp6ue0Br`~E(em?RI|G$Vf}Leyg`r@F#)nEp|AGGD5u?FmhF z0cb{$Xi9*dPH5^2z;LHYre<~4D+y;!2jDMG6K&G@Mv=P{$P0nGHjOL~e>(wx5YSx? zP7{+8*&Z#7n7;?89~@G2CVcZ*0$J@~+>qhYswj{AHj#TTpa!Rqwr1_y?xmqj0bs5J zCA|1^qK%vdz-103c}i!|O37s8_lq*M-v-onhm;a0kbVOBI#6Faq$`I>zzY)a`~kS@ z!KKBP2Ax0_C6Jwf>O*At7FI0*8V|rU2TByXdIGczfb$*5nP_hTwl=-7J7#M2LBmV| z*ZoAB+Y#IwiP`m23sq~L1^pfJXuRIkaHqkdT3OV8fhZW5Lh;teB%rM=v@u{E98?@G zC^f51qBO&SI*ds1O9Ip`BkK}bcPs#4X+@w83DBhgtcyU_8@D&;&-(_=wv+xak{I(a zf}IZBo<}>E9hl(12i_jX*PD=SwQn8bly%WZhQyd6+(*^GCGPW7S=R)=9eAA`UvDRS zs1JsLJTYR)JY!^?T}STMdg(nUSGv}v+S??HgIr!J7FnV9mS(J^> zyAc;|uP0=xa9QjJrGceP%;?UDsTHWik(pxNAQyW+JEg3o53LjbYWI-ii+Beo^h4&= z;xGL)zOa~gYZ{;5h`;cATkakYnOcPtgEFRxq9L>eyF8iVo8a5t(}uw~dsFv$Mykym z2VIMBW!6mvb20_WzEOhHU@s|WB4+aHp(eQK1*$uLin|U1~ z?@(+TbI@f+L(BUwbq=*Wb59ItWC69nY~lb95inVd+CM9sh+V*pQGK1uA8kUBkfI~pw9Yfoe^aYcTmsgaAWIi zL#BB9h{!iLB*xFxz+Xn0)9I;m;ygBG>a#Z)pIkNTri9!MPvdf9g{mSw0O^o74fH$Qaf4lN! zs#^-)igNr%68v@GZHoAE3u=vcJRT=A+W~ki0@+sngc_N71N8UEyO6%r9`G;A`vLUd z98aD4bnKx_DXM5cT#3q1&@-{;Gra*Ak_Krm&)Hm#26Gkxv_Pv=$Kw|>jgRUCM{DZk zj65g^RCu=?E!RPCLnQ3IqYdm09k$Hv5ktpH&u0sHS1`pUuW|8f<5CYC@)iX>M^?1a z-h|b?&j${|4J6E$u(E^&66*O#RqS4W-WmCeki!(}%R8&+Mc8K_gXFC$BquP+J6lr4 zcB3<|X{}f2n;IgwUornyVf@p8mq!SF^H%5cBtsQFzkr2^)Lu}PD~eL9_CitH%}k&o ze#~xQKg5;c-^-1>7a?Z;07e#yg{j+F7ecjuOtpxE#~FN$f^6sKwUicMI)T}pfRCm_ zLRoE0z0fn_1(_L*=lZxZzs1%rh}n(6YUbGTzpuPYTwZ;^8A>i)Ve)67yp8F? zyh{ag6j;+Dw*F}>?=mO66r9x&*RYA`)T^0X?rDj2Ut=Sc zJgnijIB>xs#;b`-eINsv7XMZUX$$tj4if7Vu(qGA0zMp|qavWqX`9<8{|h)v%W-cP zISzamgL9?hs@6MY{J0s^hsj}IRYx^uaTwT4?s8rCbpSs|fo-V|n)|W}@Tuv3sQsmA-*BGJDnbhEOgHnq+f#mtmnGkN<+ z3ZVA5GTmn)$G$`b&9e4+zb2b&(ily)&}7CYTWT_EldUxA+vEY7%(KbXnyh4#Z8Vv) z$+lVf4RwIx(bD(D1&vH_a5h)_NGy3Jtz{0zXM-V!{@+af;>bb?izF;or+4`()-DMyf{4^u-(XQTp9dGK z^1oyYSiDI2iCMcUQ0_^pJh?3R8t7kfW#U(q#LI#r=&gfGn0qY?T1Ff!3;6O5S+4~n zZ37t&?qNjSHw)%JhCtV=!KkcsB$@pe0C27YRWzSxJ$!;gvaTbWYk|LsGEY&bY&ryo zYNii?{G?O&O3Xh@^L!h;PtttZj|fhQZOR^wkpP$4{bsCVnPT<>uVuv7t%~5(SiC=2 zheT|{n$>As^I0AP=Kyqk1hjfii`nObwWb_mSH|p}VC^c$K0RiC1lH%} z*k{D-O5=@J6_>go-nI$Oj4`diZy#Z-`DexKpM zj0S&F3X`<#f*80Mpo`ML_tEmS{mAUE`Ck-^`~&bu{|6$M#UgJ3{*4on`Ib zkI~^oj6t~66Eb9}5m&^R_TUe6m{_BrwQH_Z^hBU0M@XC5`m9?6ECFkIIriUFl0)4U zVEx^(Rq<8Y=eL2plPnGg>achfpax$Zj~?#=`B@5WN01GgnK=Th9$Z>z>An)kIzaQi zMv(^q)x{yDh09zST$`1ZfZWRl*Jbkw(m%upCubXfaFxBy4K`&fj|FRt0`iG`o)zs#!E(tVsv+CTl1_oddy(O9^ZThxs4Nmo;vFR;3 ztCpGz1y31M1@ou)LPvkke*hAjRbSq}iW`7^!ckaRS<3tQraef{;EHFFLy?+{D-+B| z4V55BFc*TcIAVG?i=MCM;mh12@w^XYc_nJiRRG=;fz_g074@;)c=9wUlPS*72D6jE z+RV-KNr(;l5UH=oReai@EQ*tlOPCcI^t9|l8W!EO2e4-ZP8syJ{J=~mIT$412@y~q zM96F>yJc^)yg1+o8r8Lp@_sC)$s3QxZYCpM;zs^jsJWG@HbczZMcKX(_wpK>BJNZL zcBOW2C2IA|i@?4f;k^%q7(8g1OTaMyWq_A1S-jDn$=%zrnBKiSlt@HDn zm1Odl;tl|Bbi_|QUkbjcBon{ftIq=91cIaxTnBp}X_h7@s?7P|s`MUZe4}|7C3-%M z`B+%(O>kYM9NqW#NpKh=p4lQS@xaSa^)55pNsqlivlHBJ!TH^BUn5t$&!$R+Jj+9$ z83fl?s=~HktgDQYW$6@fbp-kA9Ok#J7# z7Q)~caDASv9R~Nc;XTN9g#IZYG?!>j!Z0`-dtkZXI|(&Dqdk9MU9%m982Vd8trAv& zxx#Ek7zVFOycvEl7zX@7F8(Klo)QN9ZDlUt4{>u64<#N3e*+~9)^{VFKPC(V_AH-1 z%ZX@C2%%;2b>_K%FO3fazTiBRc+SRmfszXth5=s+o(ql{#8BhcN_-2#FyKq9a{*r! z9tM1oINo1@c+SRu10@$Q41;MB|5ifA!(b6^2f|=6!kol&LG_{Z4k=;K9PwOGI*b&? zn+Np~&q){twT0UX6uhhDaMJq^XSj0&!!e^6Dt(z~P&~sh;IA-q!A%lg+nt(~!Vv%M z1SJ=ojt-Rz9!JP`p#~=&?Qt)SA++-scc-80ovU34n6&?nx zSfB6m4Ta$UC_GZpu%yx%h5=uz?AM$|!P%Hkaza3!62D8re);5%L>LBqFR;(|5a$BE zf*CJEfnJ}lNe+eJPZ6GG{H^54Fbv+EhX9seeT4oxVRo8CG6`Y8 zxW84%n~x%48VNguaN%S+nuO-T3dC~~4}+c40QnG*Fz8M6SAxDq&?Mvp9R^PmSBQ<{ zT=3Up#FFU@KUqM9WacEqpHD#Xy8_re$O>fVT$;kI5q}iOVer91L??)<7KkLNt5 z1_EV(mwdjxHy7|V%3;9mW}iFO=))lRd>L>~sA#pL7-xulsr6Q2E?p$1iPrlhzEeWJ zF*g@%Ko|ymxvJ0i)aC-d$2JU@h0k}*;@?#u_CZ|J8HY`9}W)NFK#3d5n@D zAX)yUMLGR%%wZSHpRnFcvGiZrYSFV|H3fcgIf`m!?-GNlwC=Hyc43RyVfFQ$R21(? zer&Mv>*}xRD1U^L7wc60r!M!Cop>Vmk6rFpI_X62-QwKuapIy~bMF%8{+g2){tB}N z%^QO_?gtL2)*j~PXPMwfsjaIqqnL_udo7zpOSa;wGgk;#g}(zqCSa1n* zAR!lghO(!`f*ChcrW(rTe<_eLVhRaiz_?#&HgOxSB!Mp{ z^=k=%?}0_RCFFZI{kB5R-a-RO$OQ*We2j#A8z}w;hY%Jb^!aK?ti4J}*m^7E`5sLy zz(DZ%&di)p!=T=6;PEY)If;Tm@H!#fj3~$m@!weDwu+9+7=1txq~?N-Tj)EI!(brd z{_DaVx0PfPng`<%&q){tT?zSBAk#s{iv+iWP>98FE?BmWxa=JaSKrByOt@NfQ8Fj; zVUT+SLR>+k0U(Nb`d`e5zm-$+i3!k3W2Ey&v-SDr`7$qyk~15x-KyykKPH<2$<;44<;udxjQQ6fbn?8$;Jy|nB(^?oT;&4pYT-2-2WLJzY@hykguQRM{&P_dnE6oAenCw6w$<8D5pfY4)7X113Evo7U(zQ?HJ%= z);9vRn#ix68DkGlV0$YR*bzx=Y3GkD179aP%obqe<+r^1DImFazf4^o0+U%gK1#RK z^q45!i}y~MwL=O8KP*%Iv=%sP2nLld|Ilj2*EAb7>uVmrS0*Q!nyE}qGObdXoMgJD zGQn$JqD*@7b;+HfGWwLdjQWFGnW^PyyJFD8iBflVxO;)?$`rRtygbI3n~P{c$7LF; z4b~CkGVL^N9WgGGb_Cvx%AKmr+WBavM?zog>>jGtPfh!6*8hs!T~@7V3ry84o13

T9a<&-|ISV@{~PrhY4)C5?85pYU!#owtOh=!1NDy*35m?w z$*p)JgtqLJPD?a}xC3m3xO4!nQ?*>^06Zli*#R^icL1(uE9?L_SJ(k+ov>FX=m4oq z&;e4JpaY~bNpyhHwH21+lqeJ4MZ1#l?3H9mG#!_OciR<~WOs!nd3WzjP?A(8C`l?4 zlq8i&sw9cFCgUtB)vO=-mt-4vtPvT;(o{Zon*B9x^SRS>i1KM&^094~_=@|^hsY;weErRF-|5Ly;POt4+jcyjRRdMp z_U{;-IiB_830WN~#P*4>$I9S5(`&s13#8~18#4Bh#NVVOm>t@~n07JXvq zB@TLg-McMxtKlo#xpQ!L!i-qv(a4PcnAT(n&QCO?cyelfQu$%w2T1C$P<7IzDPGn0 zOuegB2ht0eZl+_ydXu zv}C%K;N}iqL3)YjH#8kIjnRH#LTxZv~8i7s5EUy z`_x4B1k|+NmdHJxs5T*YmsKm;0@F21OjN28roWL8j!kc{Bx$;IE=tHm#fa*`M5TJH z>6oZAZB55SrRfSLs`{Tq^_A>w6Z{{=&ElOgk%TTf2tkDEv3ldXR4q>6Ps2Tmd!tzGjtNJi_pd1x9w zUYAfC`*>Ou zm0%t7SB%AL0f|0?Y{aa;15~N%_jN3e)){i@XL6k}JCW}gCth-j&6jh97{G`cup*P5 zVOC_CrDm8FnNHCRQ@Wu-?Z-p=zUHszOrc6!A3kU5rnEn2nmg@0zcczYaJK&q+I1xT z(KPF1r_)RWl8r6=()w*LSTed3<;CuY*vE!%)Z)+czSk2R@`8+Mkk^qRy>8bjX(6dnY0l&SY%H0w@EsEu1_HieIUPKRqXK%?ZZG ztX~VNI8@i-Ttj0meo`GCN5eI=uBFF&#XM!^o`eeCX!B#%zXYmV=I^cR@*+ETd&NAl z<=cdg*h^-)H6vO(6hDovj&`6%pLmTp5mdRGAUkn4k;TqgwBF55$uxX(D<}Ff(-3c) zxS#kGu%)%by#Sn>D5YCfu+BN4+&ZUqVx99uLTy}| zJy#@W1JTPF+eHd!Ky9q}bso1P8CLw7wzC0N{F)x(l~(@T+KjI_pN*+}_O&R%ia(VP zR{W`au;P#MX+1oVPh4fMBA>MJT=ATaus1K=T$nS?+_hr1!=b)*u0R@!gIKk^}uzlm= zgmmoazACNLP1HBIwvxUv<|NOX1Vr?S`^H>Q#ptoobaO4Rs}tC`Z(I>!dsuAgoe5jw zzVRh+(l`ESk%zvKTI8W`xJBMq3AJ&XJ^YNl`UaOPQu~a!zM+elxNm4W?i-p$-{|;7 zxKIH&XeaZ$$aDUX;iuuCi~DPuh6)4HZJ);IYIdXU26F_l-uN zN}XMSQp;p}?u57?ZEe)7KN2`yuHeS6%{0Lxtv7!6LxeYe#W&CQyrqeJnr2jiSzmaT z&8Ir@$*#R&xp=tRRoTXm9)q9St-ab2x^Vw6yLSEZLdsU#kgfFs5Sg`oHN7!P>*}=H zb=m537Er_8%khv!KhN85mAEro$UHD%Y5Lx5RZ4LG$}7D}dWYg?SuwMIBCM6t`ZIGa zhlpo1JAZbr=%}V5EXw>jQ5uW#%fGM+@O6sQwFSDQ1@kvIQb#`AClT%sBOBbsE;L;? zIj7<-c9ChXX{f!d!oliWs1+sb(QTMpjaf}?@3zT4n#5q$ybu+(3Rj3gMx%d2%Iioa z{Iml(`ox1(H&CmI7zeB0pyTiaE*`9wf+}r@N)v-sb1Y1ggH_!Z@{M;6z?q8?NIqO_ zdL5~NpF8b08pN8Kad^}w2WoP1E3T|FYdx>^?+I0fstKxoN~&tL*)F4x zY4Rn0U2;y;_T0+--1_m#{oKxsd&exn@@zl^OTAuss@ZqZ3IO$?p;~-6UAi_!$Cw9zk>O$hM71MNDbaO4n$BwpnRxX7 zDk&39*kd|L)A35Ten2bq)6srouV8i5++Q+H;+;I~3BF|79S9LLcWwSJnLfI+hpyBA z!$=c;F6(rygf4fV0--5h)h|t*l+rIvQ+KoS@~wE221KF{pEmMi*53lEj3g(_R^xll z-iq^H6WF-WuSZySPm$Sm4Clska-b?U*8a?;D%1P4)!5k^?+@H#5eQ&Xhed zQ>6DgGx7AP2u^AJONAA%5Ta6PD=}`M0#5LXhjnA7oKf*(!hb`u;eV_-_=-!hIg&gj zAxU+V?0Ndzp7$>#qEAg5G3)n$DxNBKBh_NB)*`=>>g>j1G zWB15u=jrItCmz^#L%Vh~>>gdM9`s6YOIQ;3&IT9S;>EW$%NwR{YnFG9ZflCS;|8NQ z1fow|VN*brRukWn$n?rnw>iD)t;u+=E{`Ce4{&BBf+8xSghb?Nd`D{H=Q{h%xUlh! zF#yzRBF}+#7+TV!pk!V|AeF@3WI=xgt$I3qBg)8UO>B9*jZzg4Nuah)}lfQ$_d{B#@cu2*fHjXRjlr`8nHuGaeUl zEvVH*jPt;$6?VQ)fDxnlOWUZc9U#BMO?5t{Bs(7|()mV)__gEO*duXWwgFY@@)WmX zle%12AUE{IFTP$z5V3N4jzbI&-_d=K;u9%5a@_>py&75rK zNVa!m)8hZf-gkg!Rb+qP^3KgmdftQ(NPy6L0-;Oj7OG+;fJzTUksu@>Dxkq$iDlRF z3RqTALEUw2U|oB6UDw_zx@%pKU0t_)zjJ2h-g$?t$bSC!+yC=1&y#!So;l~tnKNh3 z%$zRDV#aCu<@d^b7M#_hsCImj)D<2OqN#epIBrvc^F0&R#`pM=+qo@DFf`aL|n zK)WP;c!6r;!wd7fAFJhdA08yy}t4cR2sjP7#70~a_8fW<)e&c=nuJyCE*x8G=2B56+=(Pl^ybKhia`}1!D$fRBJCMC^ap8K1f-_R(#EDYz&*Yu*kvts% zO)x#FynY(~XEPw)I9yn7WSxwC7Pz|YXxmy!G?bRAJLMylpKFpPm>X1nAfTkSAssQw zZ#D=MM2+Mo?*^2c{J9$CMc*4CnF@&pyng~ub`MtYQAkFv;8)0y49YQMVFfQkG+0jc zf{SSL^GF33h5U{MlFy~KfF;WbWnil4v$zZX>Aqqwl@uP3cn5GP7o)t&Og=z`=X zKL<3yWYmveAjI=mK)l#hibo0e9AQ!F0S&rbh!elGJnvnhUEMVkW^zoLVh~Oh$d)U`W(cq5$VK z;BcQ)K!h_FL)o06e~ZQABlC!&O1TA-Gj8UQMg7AqS+C}{Acs4X=H=_1EJ#A_or!B{i&1nsc~?P$fsO)gKRt&+4Wy!Ps4A!F~&%hULM~JKm$~L!>RN@pr(3Wu4;q|Mc1}|20h&!1Z@U zxOn5l$xZfJtGYD`UkvxkWU%5q9ljXhwUm%Ebok;RdE(e_T(`=}oprn8OaLF9`m3y) z+yp2~d}a;3uDD;lzc|P5^4@xy9`91`FD~?3d`0-}#3g}U(Zt^?S4K2*1nZ5lr*l@zudAw2VZW&0Rbv(ohOyb0c1IpDSrG?w^Dnjsm7m(Tkl=05$Yryx5U?_@Ng&QZdns9r+x+*jc@C zZ!dO~rm{({1YYbA1(}31q;f631iC(wIH5#$llg$M#8c37>A+(x z(@UUx823lK1nO$oVx;A}!HZoC1zOnAMTg>^PYuRAuY)n&ui&1oa^@ekK9a8>Y)8=t zA4lMd5L|e@?ob#<6u6Mf!kHj3jY9@9uzc>0I7>%RdIND`e@5XI&hYZNl-N?5s_vAJ zmQ1q&O)x$5nR^0s-(cVkB4i{tc`2ZV?qOL6t#h0^4BU$(DsVs7xO1fLd47#yJ-Q-E zjToVy2h(%PdQ>97;k*SwGH!^B;Hr@MAV66V#hiyrQ|r-V!GhPLX}S0c1gN|zxUga< z)Dvl_f>=^IUEL|q#kjl4vjI&oJv3B&^_7luIUwG3xG)l(5pgOAi_)X&PWfSUL2{GN z0-9hl;_*qNNHyMNDDeO~C&w0rb;vRX<7x@{U^IBwdipF$p$P1n`;w3$&q=kLI3q4!{Or0Xn z+3pu9dN4ev)WZ*XPN|s4bIRw)b6#`t-aMz$ROmU0LVC_4S7BiS*>s9L=R_^>+2}d; zoG+cPu}sf-HSj{u`4Qvp-E-!ivdD3s2Bl6ftBjlc7|?QhqGBUZBtu(OvlAb>ZM)0R z5Ow|XshWl3M2F)KyqOn2iyYd@Gq>h|NNy}F4#1bBY@=~FUdEo(;dogCCKvn)6@Ikm zDr4|ON?OVFATCJt=mjZNP72HY%khqL9UgQ#T4mhiWCV^TY4%s!iax4 zLk^GQ>y-v=en|TdK*Nw4Gm$Ygb?ETtIjS8vN@>U(neq|0r~ywwFrJ<$#3VNo&!+~; zp4Wl0?vL{D!SrG)Kdfo;&J*KBVI1>im4iKH9>8T7*R-ZI*4BunVz`u_* zaHHwzLXEoylE5kH>8Sk`E2t6C^hD1o)00HN^z=0Zxy@i6O;2xF%>U)|v;-_@dg}R_ z(XnjZXq}sEb*t*nC`kQ&YLNQ_4jyhzCv#EsJN>P~qs#@$WM z12n<(G&|jew-EJ!c&l(>Bs%HkR1g-W8`Pch(F}Jxpa~`;9{*VEI1d2gJ&p_WxCa6` zrG!Okhq_Zf>g=xoO)wdF6n*$1mC6)Z;gH)5D~t|%NGqK6VX75g&(E;JqY)My3rg=; zTv#58269GPA+e>jO5G_R33eW!38p72JYtsP++yHGR`_c`*$QO<5LUPzxW6-S2NGi> zH~F>3Rj&kKD2trfBCqXYkYFf5i2*)<4=gY5b|owMhDhiNVnL}N%5~ymJRl|jXoBfU z=*-#J{~LI3DiSw&JD@By2@)RgiajVJe00Ezr<&NqUV%J7B`2@gb2@yeW{4N`Gj`i| zO-KKOulG1EEYh=Jj{a8?>`-@-`WPj;oBRsU1d~DHIZt=TK42rh+eYPio;Ui-3b4rC z(h4v80M==A*pQO}<;4$$;LU_sduDYi2{xc1mJ5`3|5g-%PdR&&~QB z!kq?gn-Di`lfs>(aPcV+!~=`|W_XPVdor-2gFNNLyW8%C{V|}H~b`MxswyP9}SX6nj}v!YxHNacnk+Zfa7h$g}L5xq6)nD zQ`~NyQ0!C?6G~}!$UEhu<`n^&U>*okyiU9@PI8aG%W(!8_}sssbCYubWkuhA0^!nD z8)q%fboE&aJTIr`UNX>!1>*}w@FJ>r4frsv-_37x``u(M6ipqEm`>0B-;j(lbyjyb z`D#cp#BEFDvi9YUKg8`LpCS33n;qv*DAWmSAWm-bAAqvtGN6YkXWM=Fu<)G`?n5E& zv49%5W2B^Kr>WEaBe<3R*=c3;nGiB~08VuLbJ7yjYzlZdLvHys;{OKsDA;{oDt9>M zEACKL;}$vQ*MJAcGdZ+zP^fR|m-1X^r-HC4?NE2hb20Ale}E>KjLj?iLzvfcLqQ2b zM{<+heyLUmb7w?LRU(&$`G*fcnQW4Bwx*0Nj3|j6Q5HY&8^<}B9?rvs1*4!O2S@!p zx5HZ~b}EPkrQ6k=^3hm%5YPnkz!*Ih4?LG$`#!>-^nl-((t@{-Ls4H2X;R>rtNKn? zm5-2SDZ~pynw|0BloDr3{lP+~LsSO8?rD;7f-8k2+odFloqVst=%o*b>i}`kbn&YSnBxkv~puW0}@hiSx9p3&4mzn zI550paA6e}ORd&9ek-qNDBQ18K`baOS9i)sy?Ftk3FZMEj==-<=8)--=vD(i8aht_ z$~sCp-BufGArCcTxK`ckINJ?c9aVOdV}5N6SHJN*<)=Ew%Q`_)zwwM!P!1H{EuJ9d zkU9Z?OYI)d(+cOMir*uiDbJ#>Ba9OqzapO70{)YI-TbzCwT_k+P;-&oWNyyS9cLv( z&?%v^Zt^)TnEW}=7$|z76WiLp0uH5VAiR zQ0^Lvdt-eA+e9l)iT8SMJvBqE;!cexKI7*Z&isEu4xJ1|-M<#=U!#hF3dc=8p{tOw zIq7g|O?v@Ic&`2}bhOo=JvyXy?p5MRB}cpH!>%OSNjUZbCT)SGQ&~vcQ`4$?o!r$> z!*~N1t6xrTa=yluYKV^4NHxGh@4Crx&NXPGS^Wx4dmF0|%j(v7uJgQsTOZc58&KZa zQ@psGz=YRr#e6h?yFnhGBxAz4h&6fgAm0f7(gz`tgK?bWJ_I%WJB76S&}oIZ@HnQA z#JS9>lfGa4|ICL{ZWN=3e`;>4k%YBJ6*oFjIH!K%OJ9{@0DJKJgA`T`wTB31H1kQ;%(d7D0peYT3-cI&0pOGp7NvXCo$|-f1<6f53}}MMz+?V^>2!NE{FpMv*)25#iduhO{k2W+7?9}5b@ zn;*@O|Js|&@+x@qLB=?Wy!kFv!^;MWwTF>8HXQQiG6HXUa|t1DPVqVE&HEy1mDm!s zIP&Jh0cGo_SiI@Yzd1A2o67(*ym=wy&?)MG+?U~H>WwNQZ+@AsLdMA=Z+<;U*qeU} z9sSavJv!`=mo%+Za^%gcAq9K$JHg}&gEsQ!f7P_AUVMiDYH0ajq=v|w4*=9qL*&h+ z8sN>JKHG7QHfSSnK1VUN`=ibzHwZj~jY( zc_vYMb3&5deDbrP#{bKE4Yb}?TzD+eSA69^zbmC`C|8c;0&O)xE-`Fq5J zo%u85%uh6oFcDH54hptCl0iFjV#DKU!y*K{jG8V8>8=KpTS>)x#O>$TC2lNMVS7lI zTYeHwiW__yLOxFd%IZ-8fBdFpsw%{-dx)3*uu?CD-mx&jE)u^(Nr~y>cPKg*-t!Wp zu~C1{WF{(p&qJ??-|OM4Gbz8;DDxHyxDJEco; zzXpFJ33KEr1kL>%ntOn9Dn+wm#v>{A8O@4ct+r-G0_pe?2S8cr<3k2Jk+|;5|-Ng0C7_yu(>h@eXH2`TPU3qC}usaR_Sr#;7ft z6-Pg+R7Wk@w^>ouAI^$OKBxHjC604A_AG-u?jNR?7LSKTS!mM%zcat)vf zrl(o)gVP;nEg;?oT$sl!3Y3=;7NzIao$}GF_!^)ICZqM#j#)VLXW&I0+50iod>J2( zI&$s|_Mme4-o)}op2I{(9tk&j7`W&Zb>v!$ci54Nci55g`3E{uBA_FSC*s`dM)36> z!G*O!CpHb$Ql*qWR(Hxrs{IVm1k;mhpPqpiLV$SwZxj#Gf>TOZlsW^fQ#9$61Daqm z93+`@{`dG02p~t0I~h2$?-&}!xowLb=cFd7*8|F4!wMhEQ=y3S%JA_d4nQH)D<8*n zr)V$zr1Nt3aPYnlT;9=~Qo_ZDk-(X0ZhM022l=bb+;iSW{MV4GjcS~mOnY3J!KH|f zu-9($D%uaIPURu)D2;nI0=U3sNpr@xpm;7#6h+Z;=ZPFbuhd52H<`SsP`={Y%ElSE?eZ}T;7(x zP3x2r6{X@QqDBv32#v{}fF_s)CdJQ)RpSgN_vOvl{~7pEWVH&=bfPXmP=Vf?7gs#y zIMsl9D{x^MC@{@EyRK$%;K>@K*5MNY;v zxAhw@@j{JV1)jUfoe-KltpNXf2vptzT)4?}e3dio2P=prrAyVF@?4C&o4g9p1k+=% z7JY8mQ?!cv95_6jC{W9WMKLNFy?s74nESjA=5`;>apNjy$YU?#{LfQSV-q9*lAA07 z)NHIXWXi7*|2J?8B`RJcRJ2UK)msq$MwXcl&~l*RCmfpzIYj+2__>RJ6~{| zp9A7;!G%M&6guY6Ek&QX>Q`XK93`gEEft5MTS9S4i6f=2)t&N3&;<#VvoZ=mw`F@jcZikb#}Zx z{bwHR`@;UMR&06o;LnfeQrwp#hfZ!AjOZJTnnx;JH+d(ZVTJ56Kfea={|ww{p88DV z?&dI3v^lE1il=s`XPZCkw!znjb&PsejU);waWg4K!4`vZClaOr%!KH3*gbxgAAQX_+^UDu{g>r~hGqesOZ|y$#=g zeopl<$_`dp{L~Xr=0&kQzwy(R?CBE6x$WLtPs~1CIgFTbPbOx%Suzy$^-65orx+T> zI*yZ@ya^21SA`lrS!nsX1%Psc!}xK(8}a)$1GkT=1aqIpl^usZ-+`#i zeNEy%VdEBme;o{faJS>a1COfYjNE__38napQNtF5mFEGPAbRpJ#UCW$wE^+E;Sw@) zN(qb71a+r;c(Ad|46G_qj}; zNij>)XVU+2VqPy^i1jb1bc%fDnVOe8#B2CW3YqQcGi9KHedfzX_dunb+~k{J$UZad z9{S=KtC^x;q0dbD&=)?Fq(AhPd(XuPc)b$I8u`q2fRWXx0fOfm-PGcVA) zXHY~wb2VsFLw84o+(MrjodT9VQ~jn``b=2^`OGiSzc+wdr~WGACLaMb>|cyd+3emy zn^7ztZN6@N7n`s2zi3+XrOS6LBSKdcvC^9_%JWL1`-zwkejC*~Gpw}}pk}T3^gLFy z2O7A%;08Y4muTGZx8cXbNER8m(G0Lg<4PkjW&jzcq8Xt0(XNPp0MYw3Em-A?v z>11Erp10eRh!LeHaeoDWBZ*+-Edka&92Dt-J z?uamEJ^m~lcQSCJ8RTt^E6sR@llynX{=RDxH~5{Q36i1s&nvKX1=MSU3%8A`bV>=6 z(nxiueB^t_0h(Yka{8x%2RZ#?0rhHeVLlYS;*6Y$h=kH*>Q4E{>0b+Ig6YZWZ#~Iz zHXC@O2pI{l1py5$l>A->!DCnqkl%}8{TD3;BxD1+vK>sH-tRlb?;i`N^cuu$i3>|d zuXuD4}gOkzcgffxdB3k>|IE0+Vx603umc&9$kajr6O zqptjg#+C7HbmdEE)e}wP{?^7V-a6B9J|NtkxNzI3N}~&igi`b0M-7V>18o3J5Is4G z<0j0IecBsPZ!|8eE_46HHI5i^JwP&I&-hb8%rF)JUh4uqfT8 z?v#&s+zn`g$-tvad?oq3UQPPEFM!GO1|1F2K2Lx9s`zb8Am0PSOT4aXr^B3wQDvEr zx?L$u;!GkIlsW*X41XhuVq^?CCwCQsamP?jrD!ay29&2KJJ83bNf9~~>C?~Z_uylk zVyMJv1i5!NF07LPg0QV+CR@CUQds6pCo|box<9Il(i6D9hQEDD;{KxMQ z|3c2&jSDlRR}P%vQ8}J9=(pZgmlg%LZQ?j_aXQjNk~rd zc>s+?&N~qoOYU`s-0Qkzuwsdn(&@NggujtQJn{&-9FGe+b_zOn&Lni~FY(OXc&K## z_=48#T*^DS)tFFTA#|0Zpy7Lf@)*-m&El8d!oOk!)XTve0G5#AiJ>CCad$JHoc3;< zf|9U9;z6lGzcN5R3g;{UG{FoT$Nbs-J8;JX@)!4?MD;BLm>L%y8~lz7`KL6+kH6zM zt3lvhjmv1l49~)nT4M}YUpF}>!i>-J4(U69=5%YY`Bo|rY;>^ScM;(d(^^PniD!Hm!;<-Zd(Gg{V`0GeQWVz%Z^m>eM9 zP+XV?1^NtTgidLOx>G)CW(}YTrYC0Azr=}fK)f??VICiXnNvzwlx|XY%Az*73{Y7 z-AE6S=v@H~+0jfmWXjc!bBKZ4JgoXCjhl(~5N_@!;4U$6F?(~uc+j{qNQXH0<;EE8 z8RESGyws3U6G1tA=Qt%OhwmKgpj_@z2sQlK5TQ@V+J8?qO&&MHP%i*(dq8!HaLf0= zedQ*{In==25b|BAab?&{{eCglNff=eo)oTs@zF)_SwKF!kh=!#t~1z08;jdCyYN)p zwwoR2Sp!$^%iQD+jVq%kYMaz9=x`At4&*6vPlcS~{iump|8c_4zX9c*mSW?0T=B=( z<1GxpUO!yeQmM=^d!nHLN~$~M zBLn;epa~{}K^47Z7|F|oh=kwbe4v&bue4H`JwHH_bxuruherMaE$iGEe}IJ4Ur21S zE&u>``EX&ZZwrVOYX;UFOUSw?*0K-}*bB?&i(}3I2HE_^F@ZB=(W&_T4@z~421N~^ ztkyCaKfy~9;GSpTMuXx?jVnVqXm7J`HAnbkmBlZ>ftMN+Xd+~TL6H)&!JyC~o7@x6 z!uy{OBXJ``F9MXsm8W)KF+G4guu0ql_rSgDWXyjCZZuae(zr+Qh8@1)6Zou44cuq| zJ)&{t{?r&i-<)X;AUb{}2hc5G_rAd{8bF_EcHu#!@6W~Si;tq_M+2w}pxk`9d5i|o z{n)+H04h4r=#lYZkE{e8FM5B#0yF>6VxatB$_%;m{bP$lxfI4L!%bLEUkN7OQ<@VM z@hFK_<|lid2znS*n|ZP~gdXrJ2rJ^nULh}uOGyw)JJp@?XV3)+WBg-dZJyxz@CIlt z)r&VkxAT2W;(or5aEdnu82=#g4#Fjr1vM^lGP68h$II%oy#8`UP8Co(2KQ?GjU@7s z-RUwA7kp-GF@6z1Ih6*fJ3jgcD63vt2z}=66sOsjEl*&B!2#uoAbr#zjeNw5siZKj zDj4GD25w}C-)Y?G+7KJhNBn1NBvRxOI|CY81Djd#$}{nUK!CkrxUfpdQk+skr8HCB zDIW=V0-y;dgA*%$Zm#2;0*H4ZF3f|rew^W5NhzUIx@vmVR-z<6OiXm?!DeDJ3dOdE4Zj@{xe80JUfn%#`H44wl^&2wnv)%#uvfnM6dC zM&mvfeft@Sk#{0aqhx7PP{||?pGLX z(pr20QL!*S-6^U&K2nj0k)p^_OCi4$$xW+}B4II9bg_Yakgt&^hRC~uJ|S}MVL)D> z^#I&xHo5>%_9?$Y+h{X);@ss<{L7$1>UIX+{dEWNtp;%?PuDj6Q$_qZD`tc0x%Yx{ zS@n9=RUZU7hxMmcez>w@&BCQl{G%XO_U$tYG)4_BTKi zOi#>uK^5tL0J8#ILS{}WVNn_guuc(=5r8I`jCdsP$A*A-RB0Zx;dDv~i_&T8PWgz( zS%4;(3_OnO`73nE^=L!)6tLg@u{r+mcl_kbpt9t?}VGlu0fcE4od z-XFDvzZ?u4&D+AOunTlyckNK5lg{GBII?WC((csjwfJuW_5fbvcsW2H4{~-L3CSBL zIK^+ncN|9?7U9CulffI!AfA*iS9i*n(*?;*CIL+lJ?$e)HSQw@ZnRf_#>6dt7!|)x zcpu^tR_v4#7A5~Pd8hmux*)m9Oh6MvMggkHGmgb%wY6Dm0KG1_Fq>@hq7{TlX`H%K zzBOHt+~kpfCYTIj=Z=K-7aMr^tt%%t`5K_CQ2K}5v`d!`=dK`M`Y-j3oA_NpHwjQL zY2v>OvgJ@;qey-kw3A-)Jn5Bx6{O1_=RJZATrmXr7*%<}=c*A@-(e&~{5FXwA8rqd zo~l8^N=YzE-9Vtz3YBq_qX11XLo6FVBgTzKCBEhR80WZuOvAQhw4Zhqu)KM?#>c>y z^(WUh#DdZV>Q4D1>4M}YF9$Ti^w8hrKT$V4pL-L4-W|9wn>7o-pn?!7{Z`#6A9cgq zfF_s>Y$`7}#&xa;vi@eEjtU+4F<+>jcolMDZd3m8%77=kSmRYIqaRW|r5v%e_MZi9 zgB!_(-esJFiC-NQQiKA1N^Y<6nW+fz23e<|7M)&K8T|4wweB-imtGVcaMsbp;#(!m z#X(wEp4QY4TH_Z7SrVZB8&LexAWqEqrOs5^gS?HWW9j226;AzH$WR{ye=}rwBb4E^ zFOBx=&$YzsgT5pJUUo~vTpILjS55rY8>aX&4N%|ni=Pr?N{Sg$JInR+{BZs_URBx= zQ}^jX`ej_fbo@SM6$Gpe@~(p@Iz&ujN67_*B`$@SIY6(}HGWSUr=R$|q65q`=)`R1kGv*4Kvo zv>}iJPYSxq$yeLdq+k%WfNV-*jFCpBmv@H;S#&ImmUqr^e@Bjf7ugor|y)G_}mO=g2|}w zFM~4r2Ej81>V$B4bnu^2l%aiQ-=LptyY`v=f___B8Tb)2FBAJqbEntaQab~JLB(wE z-XYgbf7t57qwfb!H# z9s&E6)1*bbpsQFD0{Y4&^?9esI$sp&e`4)#P=J@T5U-rpv1W-Ae_0eh#rv06PIoF3 zkl_gtG#WBI6*lwHR2j6>eL~BiTlJ)D6`e_{OhRu-5qxYgyfw7EtG`KUl3XsrZ!A#>I&U3E!35Urj7!`S`lRKju`$X)YQFz z8r}cq%I!=qQ(;I@{oo)i!gfVBK?`}8l6rF3tQFj>DVpLFMRB~Q(0ZM#F?Ourb;8Y% zT}pYN$dW_%m6h^~XdO>lGS7)0De`qV0*$SFX)=yEh~OiT=`=@W+~nU(MPP+bR@X(u z$Ig z-{Y}hJMud94}}}`U26NJaXk@J%U0I?lQCrzvt{X1F}1;+6)N{8#aSY}94jQjy++tt zeK%Bpe=L}TigdbNWf0!Bs+X#{U#bStcm3RpRv6(ra7&Dxi`Tfosm})cJ7U4(277cW zCw%YDVjs#oTA`3J+-3IUACGaJaj_ur*GSqwhh{qgP}3NsbmL;}$r(ag;xxfWT5X%Tx0$h*{hE$Mg7j#ht3ASI|cas4Gl918~>Q4DD=z@eV;{%!?9`K`y!F-?O{MB`j!hcuuvm};zu<~BF z07dG$eR`Ge_##k8M$?^9Z1jzN*VKU*N3<_xW*z|FIX}ZQ!?4O+yg$pGu7(ej(w%;{}~iqEi$p zm}TM1arKVZFC|j&uGh60YzXEp%ir^Qyf%TJk8(!sIvo68@`AGs{A9a6HAHq<4@sExjy!%FCjkBk*E&@($$i)s1oB?j45xrQvX9XMe%Ao#-GocX&nYEDN>8ghW!LPhMLj`wBV^*PpQL{+E3%%e9 zh@w*zEBJfU0$%9#Ocn4VuRK-2i@mZ`0Wa~IiWOY#8L@&8%hKaKQ)N^sLD3Ky(RtwV(c(4{id*1_OyC_~T>LyZM zju+&|qGlz+g~oG$HqqrdnxpRW9NjEE>*VVm)&YY8&k7h6c~-!nSOavxphN@yMZlnq zwiq2SXy+LLgHdNv%hJ5y3!`O`u1Z8o%e1c2bj!4^;)bq{CypPx!En&(6om}_kjfDu z134`8)^@9_tVz4i&)pvg8LR_0X_lY58RXgRkinO3YRKSg*9sZzj_4$#?==R63`Py1 z#@yuwnL*ST5xyII3{a!vzg?jkqeBG0ba}dgP->C%D_0GkHEP{>w{C9Ady#v!3}-94 zC$*GXP0#6eohL&fFKCK$6~%8gh1TPn8si*l*LGUs-Q)(_jCNsL#tGkqFx#be@xO56 za&=MbEcHn%m$*Uuv`8!3e%$1EKtrt%HMZ@Sy5_chjT>&;M?FoFtaO8g2Crz}eyznT z+^U)T_A^|y@To=1ZY6&8Zt$?dFWR_&VDXdt3T)7pnLM`B;^qX`_2N0r5hWw2uY4uaw0z$!xI@IuF#hSLS)7*3!XE_WS zzK}FL+zm>bMcRo%2P*&#wS(T5{71NIDa)aQk=mA2=wOt)m(am@HwqmrolW)kbA$Cp z{n66!J*$4HlYX*u!q`DSw|h$LV4(Ce6gyZtmiTvf11CLdA1sR#{v#NmX8S^YjW+bv z)3B!6&cttPaG1fav*PR~&#~C`A};Z*ZOJP_+8QW-haPw}bdu;3rK*KaZT691{8q5R zU>rpbo=9aZzrYiJtBYhj!>MgegZSEDhe16cCfnd9t1^sMQs7`5%XOpjXJ4!5U!;Z& zdVs11oAfPK)L^uNKNi7x;1TZA5zMJQmo|SV2d4sGr>8;Ou6z*%@ck^HsPo8#=Ga8M$>L3QAklo$_tzf`o4Z1DarZ z?0I^2H{9q!5(PN_0FG4M7~UFSbKIGAHRfRHAZIw=y9Eei#)om=6XDp9x>vR*|93-t zc;@cDG=i(0zquZvSBB^#L-fg=sbsJ_1!T@_T(~JSNU(}A1VcJU-6`LOE=c$vXn-b& zj5hE0xhwVI926!Pg^=!ZPihigbgO;Y%*5^as&PV>4Fi1LWMQr{lh|>^ z@>5p$wa@S}{Mr!(It^DDoCN}u`@aF2r!Fi01iU5z>P^Lkn?XfRDPdAtq3)E&VO~y{ zEdWh08FeaX{3VNy#BOc1K@qiQO3#nuX$>{Vf1A$JxRmM$j1q=M} zX^G>Fb=wjZ2`Hm!?%i1$pYHh~O^ZCw>Hb+UxVs2RIAc+fN4I`05iTrqhqv^z56BoI24^hH9-Cj0QQ2}%z6+dK zXGRs}jt@9~nVO0kA*SUz85x8T2Wp%$&EgI?W(>|K!b7@X2K`!kML2j#53;tg`2@(! zQN&q=vIJDbBDlkak^%LM z^!#(#*}aq%g`CSgtGVUpHn;#0@7^q%5;xVv`-EaMCn$mRx^MmW4B5fAJQC6CP~H4jSVBjp%e0%Z{G0U0h?8GeIl+P#vi zl3+A=t)3k!smV@q<7~5F2=*3zl7&5ToSAnfV!CO|53 zf;sf@&)~v}xKk=yh7}!}uQYI&vLEgqOclDvsq({3+rsbs6>}B<2Sihu(}0_;2I)~@ zk+Kjf4C_8RwN#E&{5~VqE(nYx>Z%*SXHLF!4OJmIH!6ko6j`<~yI)JmmYOlub;q)H zr*SEnzY$GHH4X;3i-b_*AUfD5;@^{hWo_hp-janjMnj@fS%t(mgp(d}b!*+D%z(dbW%n$6*@hW%2r*Q7+MWSQ9u_<7d>G!>)!$dfKl)q^?PpSq_+ z7r4r@PfH~u)oPc=9MrUOBK2LNbp)#OU0wlQ2}ZK&pSk3dQ1WxE9t+3i|O1gVR4E-zEi z#`P&0;E5=UD!+bDxFGlqt{jr*xyB0VMvaV0$L6Dm=H8pke�p!fmcR>&+>R(M`D} z>NRFWHnbsybw);3MkaH=Rl~XGBKU1ldr=atS@6HOGzIgfzTU`PrH4>!?%Pd_MO{f# z0)DL+@dMq$>KsrDX`uS@E-}VI_i|2j|E9_ z_R%f!++3`69w6i9!9+|qrzmYW&yporPi;|F?l=z`woB@k3yX)MhO^qFztqL@2wH#~^dJH{I@*A#!y7UQEhn{(e{gY9> zs-xtb^i%}rcBJ^|r=!A-@iSIQkD&Eris+A%uLTQ2R)-m!wTL*K-Ke~WNbDZ58 z$~J?KzW~~Y_4F5%(0=P%hRDs`cMPMI>|fc#k_H0;y zFNy=-+_1_b<$wQS6^>P53{~uu;2RJ!Qikzlq+Vwm56J4!lZHZ^l%&I88mMD!`dP>D z^fSVCDM^P7HBg5f_4D4!b+lIF+s`_Bt;_WZo`3h*mgh*#NZnUh&v#qTHoYz1PyIa6 zs^8|XKlPx|>~j5q3SF*4==#~lAEXP^{S51Qy!EUTcJszb2#6>}UNU z8(m(lGwM!LhnZeBACR}(XY0$>&%UGMg(;n!HtHvQ37`QH42-JS&&z1<)7v(4Yu$0&=RU7szl z&EJ0BTYamn`rfvl?eR6!D!2Lfx5{n%D2(1xFy`qN{=ruHa;toX^=#|Uwg+2Zd(-Dn z-Jg5Y?@z6tebvWEOP{n#G1C#|1M;^1_*I&LV?W#D&t4zc_Jdb?DaqzHIHeS;aqGFA z^*qUX9$-D&{=j~=EE>aYj6DWEqr^t*#5J@s{aD( z+1AettGwQNw(Fa1mD~Mq>u;ciUtm4oU_CFho)cF4tF7|p*0at3f4V>Zx9ii^*L9Y@ z3oZTbZM?Ox=nvUPdRw2iKe6SppKbqakB&q@5X4P-kXZzo)Ec}bC=Y5sOwqM&H+51`BKiT$X z+t16EeD?fk(|44c?vTos$JVDl7^(?u|F^ID{!i=oKdldYKW>jtdp~3EuSRG^t9y7n zRXyANX+P^zteTBYU#Sb!-QF+R^7OFq?eV|2XWM^OS^V~9KYOzm+g@#b*zp#7{M+rf z%kA;8ul#KPZu^4+Eq&Pj+4kpqTi@9IVf#1R9_{CYEqQGHTw;~~PwUHWk1enLysz@N zx7uUdt8GvA^8}0DF1PvH_E51GdV74>&#f$aTVH#7&bH`netYX*+dgc3yFcu5+aKBc zciVsOZT>2<+GF>}LaW?SFtZT=@(`1{)a|2Fw;`?2Q(TYomb?JxIcFSb5y ze)hAiUt53nc(Lhi|6xDd{B8OATm5bO54*gxg}*m>f9m>der1+C_WIJs-`lg@9{bs* zx9!J%w&%O0mb`l_xBG8z{@U)Zz4fQvzP-s~>$lu$&;G~#8rZLa{TkS>f&CiTuYvs< z*sp>88rZLa{TkS>f&CiTuYvs<*sp>88rZLa{TkS>f&CiTuYvs<*sp>88rZLa{TkS> zf&CiTuYvs<*sp>Aj0S#RhcDYXX9oD*o%?-u7OpOxe8-<#UcY2I!nw;x>$B(2Ts*yQ@l2GI&8J_M zFR5FA=ecvEr#W*^u2+wX=gyoncQJ~5eANj`onBX4y8w?d$5~Kw67>vNa)H7`pHLw& zT~ar5_K6YKC3EYdhoy68*VPhV2rz5rlA77TUR<+qUK5bI*|Q02=7I&avuB1x^$Tkt z#ipfc}OO?osn9@So9>s?wTQsvqkwGcbP0sj;3n9#|T?l#VXB!fu!i6<;H8U5~ zoH}<-)R5}>g|q8wY8OgKUHzg3b4ew{Waff-wP>3Xi+UlFO4U8b2kKQ;3f&Yd%TR(*9f_ZX^}y`*jqY)%R^XZp-piu>$kWCaACd&=y& zi%9-RlNg9-esvA?1xBq=5fQL8qa;mouUS|}(Am^CvgK4~O)UWHN!{F&rq5lxxR%9%U{oJb*Dsm7B&BPVsh%`*k<@}RA=Rxggh;zUt*KptT39w& zCuNtQ)ld=PMjcaMSF@m|ZaI}NLh0P<8d78JBBiT^^(W0;4Eqd+4D@Q5nAMr8li;7~ z7cZW>a5fnLqs#$wpN5-$(ku+NI@p&4SdY`EA3S!#L9$4iwE>8V*eHMnnG{ytNt$R5$yJ{s7#<|D z?0cE7t2v393l`I-S1+nvq9tOZkOfPYFQE=6ivR$P#KXc`Sth%`mzD&D5+X}OvxGCM zo;$Oye(_vV9G;fWT)-ZS3ThWGo4I(7Dv*6I$sK`z9|zNr$=~F{kFBwA1rZ5c5QuS@ewOik6QG{AY-KCXD&`HwgyYjUa9HjmTLi#1_fGLU<7f#Sd-~ zEyszH)uPon(R_7?8WXpgrUHrV2LF*jH%D*67p2ypkx#Bkh1l@vjU43q2y)X;LX zX!W|RzlqXTJH58lHX*W1!fhZd+ALazgnN{>RD=P4qBUhKlKC*V3%aKLxcsyH5fRAWo2gcf1%MKThP5G`mDIm|dMHriXE&h;DTv zd%W-$i}Yo}ozhnn#hU}_1@Vny1ZTY3JVx|(F`2hf6s-}(@oM2N6^F(rXk>f<8C2dy zZoWA5QsKtuiNltmm$!({@kY@rK1GzpOGVBml)NFv4U0b`ay}Owwg97EbdRqQIc-Gu z2L-g26F(U^HKO~AUU@`DZh*~gpP=|5u#p0mOpC}6IMPfDD zOE`hoA%S}=-XOB+9>kZiwvk8Y&~CvWgkLS#l&I7vCc+Q4 zh=NZ<9O_J4DvDlDZIJ5FCL5F(FWRETZJr@T<;Cw5C0=;}{%PnYQ9PAzZBlM|(?kMF zCX&3ZLOdiA)6`>vA2Xuz3Kngd|ntr$aAgJ0Sj0>XzIIC@vSRs)aa4 zWLLmydW+5z;9Z7_#1@geQM6c129p8n24C-VGZLq6@MRop3zha-XN*rYYQfm^$n}{v1hlSZ@plObD&Eh~^DE zrZHLyNx$tx+C0%3H11j{K%GdRAev8wW_^Dd>@nTXBp=ug&gU&SDStcR2HV5|0X&P3 zKQWIXJL$O?-YPy!91y=yxQ~egFw`1gCnt&a4~q0%sxw+nq24bfqH00T&)q2d1==1X z()x(z?M3lslDZ?hFokNq$e2$GgO4gD!Yb}b(3j9tCFv*aLI2dUQ6jyAvVoi}WR&?d zNZg=0m?zS=iB`;^gXBQ^ayR4R1y#7ls@N&Tf+2lG{<jd9GG|JHc_%sG}|aT z5vWQuqgx7Z>PhexeubPNs()N1k_-cl7(#3F#NMm=_XKnMh~i-)4(~o*^;ZG+7uFFl zaDSFa>nn2F3%6eM?oG4G4$%^WA3mTpY$YG&ln&a$deO6*M1{?^3*O)yEP-0#26II- zjM}v#|18m?S_~psmFPh?(o{G#5Hi_34Y76LTrNblC~Ab8+APv4Md^4^9*65c9>cOh z6jzFlL@ehTpX!crcVhA-MrmMFIvyG6GRJTZf|3<^ZF!pT{Q7vEXy<2Fi7s)rE*Lq_ z;z7O010H5>euRk=)plMVdGYbw%Xp-EytSgucuc<#Y#IcsBEg6VZh$61e~9Qag;rV2 zXo@%#Fn5TY=O-f{Q(#?cc3WoOSsiM!5zePKoK;6poo_K(NIFpR^j?(m^}P>JX6qo5ct_~nzVUt zC<**#(Inb30M$6GB$f~v=8W=hU>QZUPRM7o$l6Y0Fzt0(SY%HWnKYfQ7v0y3cH2bv zZOnA-zp3h;r0Qcae{G6%(0orF^X*bH1%UbE_@!#r+%{)Oa(35)cydHU? zWUA-^QrK>*c%{gIL-tRu^YdV0K!o2ZT*uXuO_HL#V6#A9wwNcnNG*9?6QU$|L!cR* zX;y#+J7XUaycy=xv7&-!FZ54A3%g))>Wse}nxx|MMYjj{Nm*Ve>}j^sqP(p)jGm6J%iNYjN|z zGM(9wMvv>bi`YUk=}?brlY&ISV7x* zjF56=32l!NIrjtWpd|+5=$HA14aD2?a2{d{HoUA8#F}K}D~NW|acV z+z#ttGYK{&KVHVp(8pe=H#CCohX~5qh9V?reM+V98d$APgA?mf%8OIK9%E{9=yF7d zz;8>QB>p_m)uI%OiONUfJ4FZDWUxn}_0&3Ayz?Ret2RQe7CCo_EI9wQqEKn0JGM70 zRQzmSeR!=gmpmd8bu?kOspJ-5v(lZ&F%i%WaJorfL8`=-MbAr}Q7r^$JDxVqW7dj+ z4I-~WersmPU)N~%O>y1|W&5qW*Vsh<4DkoXB``Z~BNto6~< zw!=jKonpXdF&GPhVImE+W2uT|`4o{+Pk9$Mf4~S#J@uH2R*Tj!T4JjlBKDl~cnD=+ zkq&zpFPcvg%~p%FYLU5#R$DTU1@Rh8ky&M;JA48}!gdw=@+RvtK=GX~tq!~1otPCq+jCRB;3;d<(q~7u^9G<+*iZLc14MYdpVXtR1f8c z#3wRg40)m?SUT-~-FAMF*U1&7FavL3fhZleS#;Yb`fnD4$RPah9JF}P5XY5Kh@<>=I{Q(=v8BfMWlET<{Q&0&Q3BG3_p=2|I0u571TFaHzcJL&KZpNO|eJJ^b<2+A=3j#ViklvWti zI)u_6VU&LOqk9%Pc2xZ$8J7`M>GOj@m2OQ2Rr0*vdyA;#BiMo{8bVLl*(1O*Eex<^ z$N&pGCE;MYMsz^jDDsb{wPW{4`g_t1nu>nCC#)6t*9GU-tU{0HVE0|OHe;drfwDMmV%sG7cza59^^l!ysy8Pe9 zVR|5#2ix>Kq5lDz*8M{AR^CRO(>3wK9)COAn5fPhieSQ>L z-`?0E{ig#vSg5JM&T0$ZNMMj@=tS^i{MX^4LK2^);(~)%uK9%#B=g5j3e9HEZ zgbB3tm*K?~MW6Y0L8v>paF4*$IIJvXU}`Wl zUJ);#{p9}06m-#ZUm{bLO-H79%TdkmB(P=X-D8y~{EtSa{*B;M7v6xHfv29&VUO}- zqjZ%Is=!n4|8U@`_dW!kdaJ+__wv36o<{8tJdvZ=A9!LWsZ^HV2<}iOv_xWddGF2l1ME(PgLb zyzU6rjTJa-DYg}7>dcU$0kJNhKgax7B`6ALlL3E%f|+B)KGCOatQxb4iyI? zhp_yxq2gfV+A`iiiB~Zc@4%}?%LXwZogXm9jHb211h5`zHFciT83KiDB z326(qi!NK_u)_(IPBPacpO=)LcWA!oMS@nfIKuOdm?-cs<_#y&+n@ zL9f0lwulypSLYx)M=x3tgzpHf-UybKpo7|AiAe945O>eUK7dYgxOn79^{t}lCDC%5 zsGvh+E$^onDu~wN@IpC2%diq`86U%MS@14%%{QoJD8*-oL+R}i6Qo<5UkKtA5b=#+ zXzUxR1tEOWdkpv#q9r)>48i3y-tHe;aGT)($;e8v2dbGa(B3kXsvX2pz~;4P{Od zowq@+1=v4eBE*KRY@2AY7MgbhS_<-eil9vH0o$@7-4Epfmyc!PXEJgKGmI~Wp)C@H zxYK*V19o5>;6xo>mz3bupw|&WlC|`PxX|lPCu9(U#vU_0co4_dmeq;o4^E7iIIuw+(jX70TBUzM>8J*AkScAKdVKX` z$K5HJ3cTJkPMKcdq99+MTm2UW@l=YPfu{JE1p-SAqmJiXcXOPoh^IE_H^gbQEJ!({ zy8&%!9=}51#df}EeyNDX=Xq%oFNN_PSuX6N3jfl(9=%)*S5qc39~Az0 zuds=>eXIrYQ=7J4Xf64vlHQi43(`{yZYK3{XITYTdAcA2Z(0mx{4MN>%+!J_LsprH z)EX4;mb>tCOYtHa7QD?1s6owyXQEt-L&gE3N1Ns8p$V@m zv9ORXOG7O?acZkc7SCnlG%|Kq9dH=HYat~_Il}!Y9dpKU*Ui#6o25!{J`Q+$yYWs> zGPg><0BtjR`-BY~-iU4V*jO@C`{wJI3y=38Y@$;>hJ3Z?cqwkmE-a0Gsx;OEBeP6t z%xdoXOc$egm}s|JbZZdaSkY#h=!94FICHQ=1PvnXVG-+vx5MR4s-rR86@zxs%Asq6 z7`0Kh*{b2DbQkXo6FX>O62m+F_!T|)?v)iZsX;o!p36F-v-5WM+|`Wa9g4Hw)zSj2 z+J2+Taco4Frx?*~=z#*Xw-p9P>&hkt-V6a^-v~r;gH0m0PIx$&FqL#c(>QMFOGVoF zCMoG?e;!WX*U8eXRQo-<8O`p!|0tTnKHwoY$EV5(&1DQ^JhlHC-R#OZ2@@dLaq z;%6~@@^*_}4Wa`E#&uwER+E*G<#ydd6LCeIn7CGs2aDIGar~5Iw`h;UQ}8oGC61-C zs{?W#t?{ncD@({Z%) zSfGe;Tf{{9%OTtQ?coqorqp|5dalKfZ%kwQ1-cxX#&M9g(?sk{ypD!JG~M9ZyP?S$=Fwa?zVQ!I zRk75Cg4x^@A-+ea=iwb)GXym;;pbh7o0=g1S2S0|K80f#ny*`((zxG2A>%|}OsCsK z0!X6uc#$}h&PU?(q=%DaUYC5Yq=}jH6U^0v^;|u=>ACtHS`F-`#ejFFD4j;L9oF(V zqE|9br2Udt0&3~9PiA{3*tW$W!@8@>HrdU2sl)IibXg2*yFp(2ghWWBj>GqXkQF~d zcsNXk!-C#Jc-xduVs&f~-Nw-z-DU)~H;7`46Tz>@@j&+BatU+3@MemlvqWDU=)uuF zAiN>G`$XDbiK1%A2HqfQK}6BP}j<61gYMMZU@^;#TB zm3}3WI^^ELKz~N0eIl~n#CqisY+>6VGE#LD z9B%kggEGaRkW);2BTDN;SLIc$akT~rUVOq9`ZZbq2GP8VIw)9JPIFztkIv;O9ey~k?LHsPz^a`(G1dl+(sCb+hu~`hkFFH4i1J}v{Y%Leh zhXd)jQ*>5~UQ6Icls0=<%36@>)8E8er*}w|GNN~8!^6M{$Ce^e`mBiUf(uJqAw+-O z=#)9}6RdB>ZV?ky%*R@1k~1pAQb4Uq$VQB)0)jH|qsy=&Qd`^~5Yl4&HhZ~c^n=ZO z%#WIZ)g#~K(}bP-3663M!i?p0C=l_nbg~UsKIV<~Q7F~jjJTT!#_R1sN((Wah{9c> zH4byvHK~H{5SgKaxCg}7N-u9MOD{t+d%!XV;g`Of#c;(W2QRt}UC^eY_fGmL@Ia+X zi_7N_qZG?&wb=gQMSw;79D2K1d=%zV4)$Tz3bxCpScspXk`nA+R3+95dM8hQ8J}W) zQ7dR`?)ib$pJlk_9?Dt-;2jDg?5A*S+{e0#W@^MP=!Q`xmP)~`n*Wad9gYs{z*>jq z<+=C)pI*YHM5!LeA{js9k9ni_zPGdFLcA2lH2M?K2WK%ii;{Ch{|D&TA!+emqT~+T z@GIBTLiWJ`~uf7qchQN zjEr&>e6ZT_7tE7&V(<>pc{Tm=sBEoB;MM5_icAi`8@sglI=Q4SOr0%u^APWVNV_*! z1%NHah^gbN1QSHxI3W1Il2 zcTp)T(wyZSW`%^ms9OkJsF?wx6O4+TjE_fK@!7(W5Gd?1h4}E0i1_u0fB=gK!PBNk;M5EzyT!3HV`8r6-fpHBj2~y z-uvu*&OWE=oIcgE9RcK>neM9d*n92u_|~`9+WOvKN1qO4#8?fBibO?(A>6L=-BeV%4L63zV>YKj=j z{S_0+Ndv0P6VM0)F8}OWPhYMvGGWwz5AWrxF4haI`Co>=xBsoJTgKtYJkr08-|l_O z1tgi@{;TlQUwi!?qeB~hW#YSkf*XG?NY^NFw4eBaa6|tmxP0G@#rY|u3}cJ(ZQSE0 zzXhU{-SEH_{`F6P3^X1{BU&rG#-j00JZ2952Veif)+hhb*5`I{+p}m$_x~_rYyTb! ztW3m~d9~lxz3@^OnGgI2SQ*5GcTJp>5z{}1xB63fs~>|SEB;pI+y860)t?Q+|9=Dd zn@@jd>xayaeKz!h{(X3ffBHLHUp9BnM3Mg%e1*MlE842J&V1l6;R6TX-r9e(b?4W% z-Z4qo?+Z5tSzvhgU-$=GZ?cod$G(d}H0qR}#e3iV~kA{Nwzu~K&{zJCg`0iic`V{J# z<9YW#ki;qi?>`Miu#YYO!Jni?`6QamfSmNn*Pq*+4^A$cBmw#P3&L}Q`ux7%6gT)| zh?FUDi>*)o7DHiFQU51fTYqSw>kTey#x?#U9B(gv$*8pmY!!(0zloLmf!~itW2KQ+ zxl+#r%bU&GM3?;kAOQyjUAup0>(eN?evIAyWt-Lr_U7+G;O~EHt7FV`COz|SL%;nv zm{srm+7=Q>oxig6nJ)Wfedf{DkNy^8Tck?g_}8{>!_-O}#V`FVTKtF}V&L|g=pg_l zR7c-+M|g3cc%lFNwXHXvZ+-e#fk^zr|8(o8&;;UF(L(1x+PWq5nxFjLtxpZNe&AmL z0DHz1)#vYS{m`!$T=r*`r}%rgL+Wn=i_m=dbKJ%+v zpZt3;H9K1S2%7NU0Z6g+Rs03*6Zm%8qXo@@aH2l<8^ZSlrbf~v;@La=b)=Uxh9CK45zHmRs*4NDzRm+)$SPHuIGK zFE0Pt*PnvA@x>ojWtaKDe}xZx0Sdf>@K8^IegdHrX% zUNf1BjLY>0{5<=fIVx&~Ir=|te+=g0=fJ4=3Yw9r7yntbj`P-yJk8HDVm7&?OpNfC zl^XhUCPv8oHWNW)e)}JW@x|vtr|>W0#-I5X(gXTfKNkKLz9hMG6P?$VYzEs?F%g0QjxgEB{%;{#;a{&EXcjhekAG&Qw$hIN z^RZPK`^UnFFMMa~r@yVjl0mw@9RjlDrnmgJ88G)du)Ci|vhx$)+4^4ev9ggG$yUsb)Ne;;1cy0Q~DHRJ^GQ?zMGkv%m;|mh9Ai6 z{B;&ERnax1r+^xUJlf;ep2dOQYdR`_vRyKT=HsQNA+}vV5$gE=7CVYW=bq8=8MF4c zAgKT1ceXkRnN4~rz@Hh6ypFbcH^9<=?c?9`+O3Z%A1iZ@|61?y6?2b_3(lD36R^KO z5RX~%YC996@(q5-6f9&6*l*&}z$YJ?W19Kxe+SbTn7060rq}%Q-`;xS9y<7K1u4&H zl1u=TvECWSpxm+Fyc?L&TYnKN_Nl*Fr1t&-)ZP!i{%Y$d4kaBb0+YGGzsC!tY4yx+ z|2D*l7x-yjV5Ab4QH*(NU%4VEU+v8O|7m=^%u)I;AnZ((8;Q<{OD+)4_@Vh!PUiAI z2NvPCP@SS{pE)o87w)|S{4D-kR+!xV?X5@Vx8>VX{@YC(+aC=eh>fd_n}VnZ90FkUvPL@@+(jF9$_Tr z!I8|!Z0`(){n=pnaCUJr9(InN9B(K4&t@MEr=1o)dOJxlDm3Z8eA(U&hE8@5^)mav z$QgE>&cnUVCBGoo)*n9D>zueB+1uUf4F(;~O?-DcIKrJThx5+S<0r?C`ULNSE#%`U5fdV(~mVozJFAEERs%n$Iq#1I#q##K2^Pp_dr(`ARQ(D>*vB(8uAh z>u<%a2fuPGgGxKc%RP<}?eaRu?F9dBZzspYF$SBq7fX3)d}KUaEadL?J+PNgkMAc> z`R`?W*WM(VLUi;^@#CAAtvEcJ_sk&D-gMbLdH>;+773ZjGkOzm2crjA0(%vImVlY zhqm43Svc&y8qazI*$?-D+fOg%MrmwwZ0?hb$q7#H3CC_OX9NA?w3T$9a++%b!Pg&s zsDF%O7i#lD4`!3e5W+1A1j}Yri%}Wgk?1_w=~8I9R=w`C1cH^|jd)>hYx0b9Y?IOC zeB6D1vfX)PF4W$BfC;Ml=oI)p3^eUsjF-s(a=(Q9@{*mKSdnFKG{#GFAIfxJ9gWa= zxWgCJ*|0|b?_$2_ojdMS+@+qo_tp*hLtn}$E8W&~1H3h%m{E!Kj&VZwH zpI{g?mjDkiJJ->@_ukx>ka3FSCkGDn-!vE__aUDF49U1-(I zPUl$yorA~SmB&rbc)=#_@r0Yt@?h)wbNI2@{Jd_k=b*iVmFEJ89^EWK zjQ(Hq(>Tt@IL|M791Z-9i{7|3y%x$h^TBq|~ zKN*b9IIdl!Z+&Gb?ushIP{n!f>6Lw=c6&T~;S}1DC|{iU^H(Z(6m!4^y=5=5GsS0fhi4N8dpO7O?AHqUfd5X>SjPo@2iY8QgKseN{uU-%sFWsy4@oUSAX3n)F_Z z!sB<1NuFQymm)kW2yfcM6|pl>`(zD|^MHO?*Q@Jorei`=A^9A**y zyq5tTQ}i3N1ZG|1_ECJe)6sa0b7~@*ygtGnA6eByKMK)mg4h#5CR8~B@@aqAJ?wYr zukYJ{&PIc9=-c~)(dp?BQFDKoEE&t=3jE)4=V0EO4rY_2*Y86wI2{I`{Y(YaTl5Wj zvitC#7sLDeghbjagF1b(s?vTNk~$tv&z8^CBS|GbzB7BGL>WFIb{&i^;e_;0hG(Ox zuKf-`oZ&KgJ{-gUmdGd;7(K$4#3Q4lXWQ7+On~)E*sVu!{~w+|WB8;m8l1~wJFu@{ z1|L`iAxVZW`@{3)Xf{pGm-F^+@K5U!z>(FErRs9-0U%+-(Wgrf-S%PRVM`A>ZRoO% zKwi8$_;d4Q3}KeQ%Q>nHXbK{Q=*8u5NU$(^*%`OgYln3-(jQpln9J}*b7rfq#z7BZ z7}g{DM*WV95N~L7Os#26Ho|2F>I-YPTm9MO{9-wLXim1S>kgzvF{tFj;VXDVlk?sj zQMQ4V;t)lLj>=OLd8hKeM&Nt1KNnedu6`Vb+U|7rRd*Vx+ev;Apw|omse~1ERE7ch z5OSDH8AE`r1(c}5eRZRvXhikrvl}hA){Dt-f)ErtHXT5UXVc#J?s9$sr<r#B7A1 zTl0R{TQ^Q-v+=zz!f#Tm1eaqvTwL^@<1fhxod4nCiz?)v4Q;ng6itk@y`4tYa=vxV zug4J3IeL72n^En%*zCjQ{I2@TT)TswPEb`cL0Vb*Qf{}7Y5cqd&0LGN(E zs6sowDah&`Z$;FT2FF|1>Zhu+F66aC$cuJYy`|)0IwFX4J_7)&P_N0Bv~Q*obN^yA z9t`I;oATJ(_u)7AJvD;CJ9wYDvTOjN4jx)y4Si-tkQP0ZqszriL2A5i0g})iclHxX zHR0Occyu-$4icy%pb^b$72RRynXd&I=}F$z-~=Aj)g;lTe277{Y__YFaF3t0E~X24 zf8r|os8!AP`TNv#`rStJ6e4p7!Y8xA#dsEOZW~WY-GtPRb=nE+;Ve~s{7&cmTrIVT zZR#17BqEWNOiZ4!^`gI6&c=h{ZBDP~0kbw@vpa3R?(Fu}U4Wau3y=^Q5g?Mu6#17X zU6xF&w$wPZ2n;4mqz0d!d>x($9j(C-QSR)O1mE>vk$C_p!?+*h(s5OHPS*~&IJA(B za|3_Bbmie18`P+`;1Os`wxaYYJ#?+L_;6Gcf=At>IP2J>*aw&>oOloj%MFGho*h;fTPo4#AH_r4R>t_u)ky?uv;zvhg=1{i9M5E5xD3%@*jNLlGrZ)<_`ZD4BZ1M z=U|O!<`#~LAPjV8a^WN%&|TfRGiz={`v8{~Dgn`gq<8VM`v^x_2oRSK&yh}2fb3kD z1Ps9{@F$?k?7O!2Y(il?ngF}+4g?CcuC4pncJd2YU5&oppAbsP!4JA#LHf2Mt}1i2 z+#7mCa7#{Sb0Y0`C7|G2z>FczM?yyYy(a3g2*dM}7>tVzzy=g91K}E^Z`b2KEA(Rm~-LnK&kP zx>zQ}>VSwq5QcNe0nOe5T+9TazUTta(Qohc7Vr1wXNc;$mfuDV8Nr0}8p6h`?OlRM z?#-tHW>HdM0+WCr!{uDI zvSt(Szbh;WOOWUu9%k$f=!&%H3BW;S1SIAMUj+wpF&keFk8F-aEk&a!h~|o5l!>|{ zUkrN;T`!x=yLp>SkBvagaWWsBJrC_?k-z8ml-Qu8QcZN~Ql(-+Bk~aq(A?#iFr<_` z1Eqr5d)QKwEO#b-ZAX0JC?> zz}yy#LAnW{g*4he!ZI8_L+bn~)Z7M?7?wKzCQ37xyo)A7O8oUy3Opdy1!5N4zy+>H zT5s80vOC3nqhLf)_vZ7SDS=o`quqSf49;!yi;}E0^qQoubx&WPE{$7Ry&-15?z~FnA16$MM68L?Ypd?qlDSJ2OGH5lR7e zZ~AXHg-V&i7ZRt%ooJ-cY29r4(mMp6kKkR{-WPXZ#uDdqow^%1K!gI|Y0zzQyb4!# zW7fEA$J7dwhecRS(@$oFwrx&wIX9c`16naePLi!R=h%CYCaf#ECIE?Jp>B?G3P=kB zHAx-K7jvY4vyLEWk zBQJ|6Wr-qvjZuK|`9FyJQ)2YM^ydBN^A=*HG#2D5@kr+o{*sgIY_Gs&s^hK#qT>OD zf!EMk*!Ngio(gR5D6{PYB>ZdFdR|RmK?6P{6|#npp30S^Zc_`&&5I;hC#*Z`^e-n^ zT1%FA1GlD^^iY$#waO-U>_qTW4-y|-?{SI6}>vODfIs z(LG^z_Ff4*?>Z*EZjQPhWrd(MM6}a6F^({m&8x+7I3Z$!l1xG-s@ls`XM1OeED_jt z0Dt-)b|0w=WHW+ZQb1Kxe$B1hi(|(9N}*?uCEK)cBIf?a#Y{mLx|k}m3G)!Fz^Zf9 z;nmpsztlbLvGRXy=AW)h-AA7sA+mU)Ks*0z;0u8R0&(>vl@_q z3zxEEpuAOju4m(!P@B(YQu>^LB%LgJlcD9L^uZX@0Mt`pljLxhE1t{tb{cFuKkkaxOkFsygq9jf z!bVUCre_J=fi>CURe1n52UQkVRK2Ef3t&~f^X#b;XRl$o3@%VDK5w^`A&c6iGe#M3 zIBbI4lusZHlAs89c%GcRLJttwS;`#`Xf5AAUs%qte%8NzJ2`!^==Y{*z+idBw~$P~ z7(QUus%v^@sGW>@ac%`1+tOPdpgvHH0aBzXHs_rcWkHemD@YjMqqhRG)10+5<}e0I zt0We3CWfAvc?M0>;4GY?CglY(Gxnuhl5^CjkR?fLTj6D9#ye4(2Pkk_T!erTF&Vu(s-I7fy}Q7 z-=tBOcyiaY2d;5|s_NtW#pcPl2_0r*22<#F${4%)WLBocf~W= z-JNnb*pbB72L&bKHM9tuLh)2CnF3Z%4vTC} zv9XqTs!*09HqkYxlyGtBod*4OcPYo0m0f5e0PrxR+WjFU5pqD+BF3`sH=6n-Fvfs7+zbh3oMm zPUxGa2!o-36Tqt%A{8+u0`5{!MXOjPVv^#w@B6+=KPVzLt!)h74z0b0pn(ksC0;+z zmP34^Qs*&;=z(6PafCT&g;0H36OL_YBf`-hd9%|(E_w$@JP90n<*I(Qc7Zb|2DqzU z<*IReANg2E_^MxjFOXq%S0~kR^k5qlW{p;(dQN`@_6*@kZ4%Yq*2Qc>Z9^1}(V@t+ zj)7&xL(GRP(|dSv4qS2}+rNH9vkxMnGy<(?-t{%5dKnU@iPo$Z2HFo(Oj7csH~$a{ zT9?825TWa2<7Urocq(2)qC`Y8srdEv-%Kq7n6|mbSGMbw*Jhx&g^Nk|1ddN$+1kg4 z*B4Y1uItX?dnxoBX*B|Oo!u@1c0=5sft+XP7`5z9u1(S{DFH$pmz?(o`@v2I$pDX& z6)cL>jx7LOE=ZRsn^F=T9c zelkaknKi&N^#dG2X8zgofV>Q361A3B+kYQG+G9zwg2}o=`OXA3!;r2l8xD0|0%p1< zH_!-ePOwYRLWzu|)ealTCM09JGl1rlM~{(P#|Cbqs@^s)LfDTctn;2x;?jalJ>3|u z-nOVK{)9G0Nq2!2`k;6DBx|--J|S(uw>fchU}D*iBu~uGr~1G23v%V_f#+Ze*?}5c z$!;qsMt+4(5~SUGt#`CU84sn>yNjhw*@o(Q(L-s%LBQjX%%;8xR;!6?dL(sRv8rb& zHnIPFh}vG;I}8EICS=;`06b)j1B3J(IWS{YBn>T1>OQR!O;3phx=p&t)%0*JKO8%* zje%JcKL-Iu3T7ydrURB&*uc~+FfOoK&4Fr^8<;6dwhd((l0>5qSWi9dO~o#uUBwxi zM%fe~bwsFrnqnlT?6x(XLG_X06-ZY(EcWqoYWoC74W`rmz`|lKl0(6uZ(35Nt}3+Z ziL}nUG?d2kQClML4K*sME0+M&(BhxKp*;R>?_|MZGGLVWn>ge(^Z|WY$R!#MsZH0b zowZJS12-zc-DKQaT%5pnaX*+M-f^wj-A~2LvsqnlaO~LR06@{+F&_X3`pJ6z^6rgn zmhFE#w?d4#L4XE${w|3Fco@l_=9xzQjvtD8;+bJhtdpEkRD=#Dd&F~HU^yyDq#~79 zdx~^4f`Cg2s6lL|7kQefq&wG;ZJkUXDl~pr85o#yG|0npc2Sd0WpyTP5Zw|II3&%x zN`a@{AwkSW>D$FMc{x(h<>loVAZEgORwk^fSCaL1j}m> zOGMV|QG&f+yB!8jwC!XF^^%!hauZLJ3}>hCI!B75>t;6LK*)_vSG6+REO)eZ9+CJ* zTqPlYCfGXicAuUaQraPzf?PBLFJ1mIn&OXxz0CGNS2kr3RE;vVfjK2YZ^#_PQqkXO zQw^G?1!=On`%;2Tgj*WTxSNaykuu9QV&3@*M29!oq}HEN@6g3|wPqKvvDO`U7mu9iey3klZN$L`micm-GGDNPRn7E)T0YEuFcQ$Hqvj)j zzCU_wB;e6DmD5^zkid&t|x(N(c={d1U_LxJ&cv<_QAf>H%A+4bo_<3-R#~P~1 zsj5oEVA$76-kqOuc8)cVZyMgQMw9s z>*{+2bqMHfjgv%QMg7n!re2>2Wr&w-q{Wg<=$V3kr+0A=#QtdE&i-dyjX+gaKaJ~G z^pkA_hio*tm}tqUQ_;fNGH8WMaio)oNPJMQrGzW_)(xg|BvT{WCg*Ob0#x7|?xDVV z6OOIp+SJfxhJpY?4a@No`B&@2_+dI;qWsGieXwSkzSao=ysWwkP$aS|@ zWIIJ?rRfY$N~wbz)z#quLEv*z`x4{_Tap%QP99DFG+)g{%_EB)(103>r%WXlITqni z&GxR~aF*0OnRIN&HBUM>s9YqFV&3ZsIv!chwX~UW9B|9~6EcYVsUg9{@*G0y(d;$( zjW7BHX;nKL2tWJI2Ec7XsYsOD3w?wL|2(JV94X5Am_jTSWsz^2BrhObA04y`ryucj z%aj6tjUn{%`Dh^oE#{qAv&=ACh)gh4LKqPYQ7thhB@I&^yIvq*b63^`VA@d%APQz3Lv9SMKU#wlz>wu}} zYwAU+Dnxu4z81cnmDD4ko5Q)+4Nt4E5L$XC&GWafYzJhrj>isEdyw@XLHREl`(uZX zz3h4P2Bi#3WVxZ|PE-5DK)fcyxfQ$zxab@;n+wd8)7|nOX@g2j2ptCa>p-8tiqny=!nPSDp^WVF)P%EFD&8{H=)Dz3^P*5 z!i|1}YzxZ@-^F}DEz!J(uEp|o+p{oL5d4IB@r+yFq&_h21&8*rcddoD(#I&~1*G12 z>MOyICFwib#mm_+4<|{#8DkmI3K)j61QiRgasV_)Djd-V#sR_c*Y?b?bH2~12R|@k z#m3doa_-Gj>I^NM@&d|8{u%t}pEiP7em_Hnh+HQ-T8dloeylav(FbqZ+widr z*lwqcaqkYY0K7Pr?#vbWkk)vs!mvcbQg?I}P{9a2818q71)8)Zrznabb`*4aiB7BC ztR3~n1{BpO73g)bq92L3W#Oc-wM{EnhLc3dia&`(&HDlPQ@+eyIAn>$sQ& zX7P&Pp4Y_5iFw>J_1LU(bXC!WsxAIa_Ze~F=`Rmi2 zMnH%}Y6)cQqu!$l5220z@32#v0d{Q&=<@-l3k&bM%3RX6H}7#|FCPPf+|JHLGz2rx zArr!rHX9(u=ymO9`TS@KJBaz{RVpW9@p8<%r#9L$+&1TtM#|m$Xt)Aeyg3di4b#rZ z778e>`O&zlx|R`##>IVJBoVVb@b7Dt_NU++1i;ji#m_z6l*9OIB|oxc7kR7ooi;e3bVN<|KwAdF2sPP}PgOJ1 zGs)TXg5d-=(384Mw=-xs0Jj~P4Sznu7dROc86AZRuPC?yjcjXvQ zUg93Qg?U8B_=QelYngEZm&@CU?FP@#ndgYf0sXrfed)Y(+sf<95;#?LZ&H(M^+pCl zH05PYb-S0))tUK%dzx5}!3--W$$1e^;DO&zqxF&ejGI+_9!v{VdrMQ z?@;%k8#r~%m`rf0`V*jK;Uo!D6s=bedkj~ZB$WFE~Wefs?UEawO^< z3^QSu$sskUVS5`D<0klFP8|+t8Cr+ULSg5~3>}9OYszWog3}BsY;a}l#j*i$MFrO} z4-O29o@Q@6ZIbc)vsAB`OYa%0>Y?BIT$nU{Mr@~Rr(D}^2gUDzT}i(yoz`oKjhUWl z!UOL_5=9cH5m{F|xllD|RcsG>26ccr_OT02I05NTH1-&gY-(TbbSpcv@Sm;i-|dNe@-O1ahfP+d-oP zAPJkd1>Vx_so@a6ezinzADEug{X9Ad8~Gg$Zy>VG|8DyMj{COK}= zfoze&KGd3H(g&?_ulp=9xJ;7|5*<2#7DR$p^wDnA>-7ZBBkgqA<-pxXSe12vZSZjo z5i%5z4Q`$%FR4t!SISzm?qR*^6BQ1djVuq(Kx$@J1XB`+$c`O^=@w7}dQX?}gz{d5 z!=Zh^(9<`T0FI-a$N+0QftQ511l=X<*opu_TBR9Xct9^moFBj(0}i!A=T(xwFWDqk zwRwZGX;qRR(+B-Y!E0YYIf0c6o#c}>MDhEz#kqxDO(0J@Yf9K^d@$#-(*si;9`vR> z0})+LbJbB|Zi*O?KgJj>()6^%EoNZC@HtWr;+dKa9vYkvzkX3X*GELB2&zTI5x>!~ z-*%{}?#N8H1pmb-;(BNOH zCgNHz=Pk>W+IwX>DdX$f^l)*Pfh*?r_xrO8Ohjc5c*HM~jRp-BRMctT3=y|Qx}s{O zaDfzY(TfI9c>pe!x{VevvSprHvz_}GVVUHiPGMPv`p9Pmug^(B3B+RjOfY1ic2i5C z3@O#IRrBUIVSk2m6fPUD-|2H9Y=u&3{YJ^PJAjpn04EP>|9wsd#o#hlIlMasY%#u= zpa95%-Yi9sY=_rGqy;A;ZPE>;APtbXFjZd!#>G=lu-saP0eB&xj>gj7$P?#VsC%Y2 z0%=O+Xr%ZXN45H++vvhK_c3S0l*2)N;2Wdm2(?1r#NasgHwQr7(mu^xVY8>izS*lQ zQsR{}dd*-G>i95$8E=w<-#;Z}OySD-H}My)v6>xJ+G_2Bs5oPlcWx>_{%g}wp8|_s z_UFT6q+qBLf?lRagxSDk`#K-6imsN|Azg?pyO_KRZg8r$aQGCLQn z7_Srr`>8=sc{^!A3CBXqC<*mDq4NnAx7GqoESaW3Cti%0wIj{|9k|qqffl;7I}L%R zUOU|*fZ1BhmGR#X=EFW(dCcFN&nAL`be=$G-F8iF5NX>%*eRK8MaNl*S3Y{L*9Y@m zrw&y&6YYbP?aVG8sIt?J{G#U~RE^tEdGLOKz^F#Z3QI9Ev`3R+)ktaliWg((YT6Gi z8}6HYeojrEP(aCWTSz?*UZV+L*tOT7nh#9HUXd?j3De}=h=y(cb)mY===Rja^Io2c ziMS&rKBJ~v>8fP9P09;;=Gv}CFiJW5^dsxG1Rt0)8)$H`NP+o0Uu5gn1w#in-c6)PPLL0N9c zF(9U4nf6H{CCYSmk2&y?rHV#*4VUCV^;8u?F>cG$ZIRxpBLoTcg64f)T-RL3;m01F8xOKhuGf6@!aN<{VxNMbNk0_u`n89k(p zrj0WGme7@4V;jBSn!<$@j>b)7bb9uy3Bv+8j^7H1m{}tPW<{m`=nQU&ka#q4eL{Y5 zr^CFBKpQ#0y6H1)k&l0-sWLEha^f;w6>RHVh3WN7>NsaQe#e4OLNrLX@QC;~jSq(n z7-3>nVn#~V8eY|M2QfW9A^uWg*DV;M%AQmk97CO_k{zdl1@HmySfpJq&oLQkmo2Ep zD+X4+GseT?EVUN{)WQP7fxQ~9$zJF5nq_WyvXbG*DgQ<}Z$@7l5Kuf84%{HtjXIMB zUIA$p{!9K6ilA&+owvd8KY|wq!+3zd9f&rz_&`VoYz&VrlNH;3M~dJDg)!s&|dA z%K=+AJOieB3D277=J_kvgL-YZ%6h>#RynLW;4Z|C7K{)Y4bO)F&(R|0!Zb*%>IGTK zar7SSoaAA*k`z+7!Haq_SW%VT#S->l$mJa`B03)v^g3TU`omR87VJvu+>w*@$aehAKQ{yWz8czN{9 zccN$2e(l!z4C6`_VL;j7*}OMFj^NT{56}YyT^y1r+9ernQdQU_KLKkPbdiCc49oHE z=6vC|Zfqk3G&yHmZO(vLoFnkGF(UKZ>Rw3;tH#f|>wcAp4M}^oK#Z>|dkHurC{su) z6d)y9flwm?y4lyR!ocNm8EtTGR#ioPO=%7$cdU-Jaui%l2Keh#d!~ zO$W%C&Cq22u8s_nXVxK^k9{YS}9>g>->&?%SC4PkN`WFlMhVmPkkw)#AJFz99tZcA2 zFiLkp*Fu72=thfq<}7Q+fxtmnoT69!DYPp_4wx6JcNgm>;W<5@&sQH00E&?~hF1>3 z7rYrNmjHqHmu+O->91ws8Zx4!k}>EM!Zpdz{`uw7j$5|FR_*1)i&}jz%$DvW6H57r z2DddU1wt$ZFO#E;U~EJHc&W6w#K^nVC)cDcjlwW*k#|g8dk}9kA-DsyztdK!;m@VR zVfdr3x6sSM&SPjo-MFbcc91sTA-rd{${SCtIl^My@Xo;ZCmIh4E08>d#q24fFr7Z?c`@Gso@q@PZM9o4*m?4*+;`d-NNn`RP%&{@Y+ zWt`B*ScI%5alWg%naZnY0AU86+%$DK-6Nc}rb@C{^@bo808`eAuo$Vc#}xu8Xdyiy zeTO0P}zs|%W!zzXy)Pwc7`srdY7%`OgruJ-(`z`5>=)~0Q)yZb;~a8y zkydU@RU2cSZ^zv)Ud2-Q&L_4os`2wsJ7NDb1F{y5Ic`E*rzJ7f6MY#1V%i9r1B{FY zaM{*m**nX?hncOZ!z4U^pVmCe4%9St&3>!gPj_1d}td z;RJL#yR1?*=0F6mHA1STWN z{OSw>1wI=O|LnzV$#&U%%U1IK4D;~LXX8;{EOyq)-R8G5Exo8eHIO%0u8DKaR8=)O z(LKaMAq9~JS>Z&?!imzZVnDU8!*ODkXq8`qaJ!@9KQa|wI><~yi@V!4?hh!`(tQg- z5S!5m$g(-_J9V^!+FTK|hnv0kelROL6n`}*dHZM&0wmR&86=G>j5O5k0tE+tH^JNw z?HqP}KqB6ohDQsTq}@}xC1lG;;H2-?gx1FGj#ICV=NFg|{-;TDwmnMQTo>CZ(~&td~m(v>DxV5qM(zhQhU#fwvM9;DGcrp$$4p;lRV4Y36&^fn3( zc&5(0Ze^Yq`d9Vp9gGck*5a>KuVHg>lZg-rH}#4&;}!rET2x{OytdF~=HX1aj^yB$ zSH{uLl_dHpV6myTIqXaaPfuY!QR`(?StV=ia#Mcb5ZH|k#<5aSGMEE8r^+hSVuR7C zsVqv_z#GGrq+^opx=l>UMM(0HVt;j^8|7i?^0Thv7vRvCyCi5$f~4?bcDfGuDIVOF zSt4^3j#x~e4x-72O)Pw0dK_e*>n6`E zC(G(r81@u$q%R-Y@LIf%la7kC?PpU}kt5LZ%z!(D8)Xi7_;Kjgx;a9Po_TAlWY*|D z%9>7immb6;^D4cSFTzTY6`;b z1}yV>i9pSlUeGnk)T5_r?;8mR;)*0YQ98n!e#G*xRfZBc>n1E%l-Km)PvH4BGTT)Rn%bJGurY2yW!ss>jJ9?&FN~a-^ zA3#$wm=#5fT;6gJs;Z^Hu3fgqEDII=8A!I$jZI%SVEL9!d;&)2yD~%OIar2sa*{xY zGJ9JW3y?h(4do56&x^l9i`JT6Uk9YL;i_jqujm(AJfDe$?o+Z9)kQ^Nv_>Aud)@at zrX>h}2qaH`Rj&bs>y6ZUcySKwPpaMz9SRuJ?7_aL`7CgGY+GqgQNcMTIJoSMWGXsO zJJk8`Wq){1>I!vwdpGzelWnk=kTKd#rvOz}uE#G?PYSJ&WTdyY;G`vIMM? zs9{poawao4gtLLb*(qa7tsMTx<_ZZ`A z#>B{phKalN-mtg40B!(>1&X-8Jer}Fxy3OS-?$h-hdt>%QK8(~cG0~zc9}4g z^og%`zErW;*}n}Iv*W@~r5lvG^tQuA09G{_bm#y!B*SDFFC;J`n_S1(J@Ks4-9pSu zCIkr&zpqP-c_Os3CUBxBz>Np^$Wa9 z124(fc%yFGYvwW6jH-mjo*js3PY(~Wos{9?!;n~ehuuW>_VV<_IlQ5zly#JB zL`1{cSUD)DXS6dR7xg?wYYOsA4JiVKn{@6v{5Lhy@u@7zS|v4VM)DiR}i z#I#TV%BW=k!40(x!UVOD8I!OxULuZRpK?&ox~NSYE$*WT9p0v^4{V@VlxYB=EhRZR?eCUloNbf@C28$Q@GALhuPbdqljZ!%OaNT=ez!X zLZ4la%=%g4OLho#sGv_Ka>(qyutrpM+B9U@_Sae^$q77_Y7)s%duZh!Uwud``T67& zgm(pxoPG_@t2OSTuT9K?@(SYDxxkSSv&9_L6L4Ol4-wlscgOF$F3Gq$bzTl6d>YmT zFI)cN73+&y0%QBk$uip*S1W6%ljTHPnJslB;ZLXdx!1JM0?^Grw}nC0i2KD2^;3V| zL|$9}^2R$*@FDZ=T2i56f&!N#_42*o)t(Qy0obcNJrd_ZIWo2uDG!U9O7IMYDi&Pf z7PV?db_nH}!>fgtT0r8!hYY?X5CaO(Q#76jc|(pR^hm6M6zoM4{HUebW z^~G%3KR^Gf`Sb1Vue|!oH@|vvF&YoPD*okH7xO+pnD7(ONxk_nS)h{K?*NX$Na$9i z>m;hX6krEd@=&fM`Ix0nZ_i{K<)45=UcPL%@7&Qo*P3Ohm0!4F2g5gcNh*ix1QGEl zv>J~^o9=uDcBABMTFq-`$2OxcQ1RlL=4+0ishC0;qg4Z0YaL~YRykedr3&_PvYfr> zn*tqne@Dv}gepMg*{uudjEQDYvKT|&HrYkqwq2uXPFHVU~HK=Y_k+#C;u?X63Ty<60!VZ?&{eJZsRn{Sq2(F@6cd0_3wl8d2{_*ZBr%}_^hF8 z0Pq}3b%Jc6o;5snG_Y*%jTXm1vqqTsCdxC3yOa z>Kd3%27$89VPA?rv|bOYqc_Ji-{BctMl<|d4_?$LL&`GVV+~sXJhyXO&_Efo3UK`q z+f$-ahOKlD!?~)ZZce@*MLel$j%i-wklq>C8#0Kg5Tick+ zO0l`}j%f|_H9fwru~u-f!oJ|1MpZ?sx-287`6su!S|-9WLPYQVXiHVy%{>P!iQ`f3 zUA4E}r)NSeK!yz?^&}NnUGRkdoNjm8P@gD%w44o(TpoUeYL|4t&Kihy%nYd-$S*HW zyXj^m!FiB9aauW(@mlLzq8Gfk%P`jR2h2r*dihNAL6aZJbgfGB{TWns&({DLsIZvz zZ{JQ{po#qynVak=E?^(Sv*BDD9N{1LT2EketJ&P56>1XJq(QX>BgFX@fVCm{%$3@w|*-QK@ptPChTS_h2+-Bag z?}4Rf@F`6p(LWoE2h@)aU!pn1&p-LvjR#-;a(nN_?XT>9W&6h4ljX&9_|DmIN=gO( z*~4s7@Q#@lB%-bR6|^d>h@>mNMn| zZG@xj|7(BI$A&+*zXr1mzv!QO{}w*RU`WrAQM4=c(Bwrdr6e_5zTbl$Os2bo@u@1y z5~$)@4$dV5>e$EGwZ~VT(3>K&T^xS;UiXm|YHv@5lat~634(si#bKj%uf)9(UaWAm z!KsoH8Gw&@dt`MV;u(^sB&@UT%-8&CG$=VA(nOwUNLuR@nK{GmgF4mYg68)22zP+8c0vmq~5XF+gRr zK8jQ%x|^ho#H#CHHXJVfq_{byejg^qIrAwsJ$uBPn^0tOac0{u=FCyr-#dh1Tvi=BYy%yC@45AckxG zDP2fR*%DLMNVZ{G;Q%?I6*ER)k5guEP+w-Qmby>sB#TXwg5A|}u?89hV@fVxd3*~O zvqJ|j0WfDg`rsU|{MZ%h^UKA+gHrFM-y)LEdC+Orwi zlEI%)kvdc*&;mu!lGO)x4G|d#XqnS;8$39I@5!l_v{mVuW^D&}YEx7?F`h#8NZ9$F z0U8d7*Ssqwg@;YNa>ed%x_(}fUl}KO%}8l|^h($HidAP4)1fDVpFe1QWLt-#*RIq! zzbhrqHbmu(Gp=LGQ-MM^q4M>p&b^e6Oo6nvQy(w~STbl-=i8=SapHsO{Dx^tUX6Z) zeYI=GgupZwmD6Om>HOS2xE*G~08 zsV-NWJ;n<8NG#{I?-W$>wmXlY=&~6@eb*qb2uG1GNH!WXsZcQ1mwNkccj?ri8GkAb zXi}+kRrT0>!7${(u17-GEpow{>?FS^NSC6(briqdmGn|9pO?2jz`O>8oKoPZjo%*3 zrl`^cHkYpJJLzAm>8)U4H&r2_FMuM+p-$>5i(bn6{IIty9@(g>8mBHLHp!`*pxW8& z9Tyy{EY7iM695Yc92qd@3ky(5WNMT0IRJ2qZnDZOQ1I-m!Ac5&4|`Uo>(DpU#%CHeo9h#{3Rn^U z5)-f8%XJ0d@3{tZm{76ZF;@&++xJhl;eez~ui&{C!GUWG)5N?emXTx%gB9P8NKYqx%6*0Yk1(0D36w1W;24J z=xLve6%5>|HL6|%Yb~)9 zzwf7}t?*hV!*X7Q>ZuC}lda*!@T^NxkN9|vfMh9?HG5u5gu-cO?u!>DGwep<3FV!m z#RrmU*O#}MzQ!>Cq-F}HCXjr1bfU9KU?-je_-t_51oTFmx-+Qh=fnPoQj3KJL@q;v z0M~{G1`gJuw1@!Fyk)dVh!dh`#iR=7zBUAHLVzXb5BYs&dJJ8c!z+3!u~jT3uWXxN z#z`jUOi|9K?+>SEON1GjdaMmP?E5;5OqLHlUjTLzlrr%R>P*hqV+XbjQJRs$s@f&S zof69LHNIt9(o~d8k%y`LYCC>EGs_dlEvjC~gDf=!uFtTCuR+ZwX-*4fc;2z+x?P#e zM zonqA-sAw``ISk*P=G-sJn%tTf2%W)ptX4u_D{v1xc3hbSE4`R05|Q;g{SGj<;{;r} z^B#un4ihw5lR1k9;i@X5w!fV{yCO-kc4TS&@aC-NUKQ(k0c*Du+D46|+1~Z2pAZfm zR8jWwW_^Q`5OuMgGa^+nc9tbWMSE~7TtjhxEqLmkqf_|+rhWMwBueCKki{FGqgDWu zB70+u>6<4k9%vdKF?3T;#Sq(qcBlheJ10D*7Q%?kX$W;W{q}mH>#oK+QtD$>w{B~m zetFv!bjr@)k-*L-*Z28wj3A}T)WJt!;J~G$^B2%Ie+jLHA0eUf@LYI|fJV=CTG|Sn z;lRyS5H8D{0|uG%?@gC?Ptc;o4d5+BSEKUj*3|;6*X2~{cDy&6vl__HF$NFd$=Q`n znTA03S;7c@PAzA^cv3#V2^Cw!1>!wC4W29A zcS+;V2Hewt6tdH_6jM$xEs(92y63nyp(xc8r|6&f!r-Pc2J5PfxeQA>@5q!%Y;%MIyXF;)p{(0g-?DB* z)SAkY;?$6OhL*c%kbe4%J-s8d-0c+iE7xaxWZir$tlggK)VCiP4*+kXgURb$B*h}v zcSF)WxjO1A50C%YVFtldSdj`WBUFl)&QGHNj5TSv9XIqWCGPgJoyLn#yeSN8e8N zrQ)6Fd1dH87&USWdnB-UDmd^}yKJYKOPa#DOsS)}sqxAXRGakx(XsBb&3&#W4X!); z-E)6pj#536fh4P3rXV1+-UAttesMo&n-X$b!ob3+6k`;mLJFj0p$ys{(`#xaPtoTH z4g@(g+Xm=YsxlyR-s(i1!&IO=PE**K)KM+aaiN8Fd~< zAnA=?^w1nx`a5at>OcPhO6|trnhysFtJp41Ycb6_e(wkvUW8wgORF{mLPiVkiiq3# z^e#g$L|O8~?jr?WpHq9;)JgGZ_fXB~!Bv(6NTlX?Gjd_1#CCl1VqYbGc7z0c`VPM-ETM@QY z0Mf$N;hf^Ur86WAThJWH!!hP=Yq}*+C)zuY)#P4v^|fx+1yDs~hB#QAYJ@PG?Md>H zd3dCFWpcf@>JigY$ID4=O@^&_x$s(j`+iXKewKRU%hB}J6t#rNTA;R2Sb*^3qe`qK zI}!Gr*-0LW2S9d^C^x_B3^YsNWJE2$byd7c-`*i^QlS`}%Z{1fRP%GPPYh^P0H4@k zqXN5zM|YJ2ON;0;RBn#g@cDpWB_6k8LJO7-vPdK zjO@i2EO_;8G~Wnb3DIqX)w(AyVocd05I7ALCg5RRa4c^dR9M`8fbynEPz@{DOVp-4Tqf6w5M8yf}rEzbwVKrM9 zr?j0FMk2Ewew0JG$g@iQQcgIjmpC9_c@GG|Z2pSmdrkBb(9^knTt`nYj$YPGROO;; zBN$;OyCiV1x#So##HEvCzmzIW*)f|VVXF{WWdbJxnbDMcp=2H<=mBA)9MJk$v<4=szclHEOw~1Rh|f*Lk8C4Yn<`;wGd8r6MJ^Kk~&K zEpa(JUcMR+2MP!U*i2zrubM>JduIkSR0i!uPu%W^?J!d$$FUpUp;R0%hu9x)JiaRwvxM$L4{iOuq)iDK=gygb*^> zSJx)l!V)$eP~&|0Eg5&kJtpFmX%msU#-Zns^@g#s@pfvF^XamYt1iAjoSZLT!7YT) z!$V|mIysPBisBazAGBkc2UUFhXzL`YoeJX6@J@C~^7Tfv^edk?vQTMPBPqnR<}`I- zQj?7{2t5KVbn2KmqMh42ewA_m5`u*FMAm%xLeM!miu%c$>4`RdYSok&c5Lwrlm%h_ zD*zVb)8$XU=Oi@2Gr;?WvA?QB&xNh-aIc*O#+p3^%JP)b5Y;whqs4Pls7`jAi8u{ZJZE$mms^9_D5}EA=|ehsTL2M4+(`J-HnHcYcOWj zv3lMKh&uZ*1D5*x*e~zIH)$KPVo^C*>$`DjRG3#p2=;@ERRADGaYs5p^I);s1jrD* z#-M%WYFQ>6D1}7N<`-<^)gRND{nGSeJVu<4-m6}-+>%&ZCd4K4ljIWZM^8bpL^E16 ztD;!=K2R(l{kUF28g)h5!yD}DA(YdrWN{9JUyrdRNXJN2wa%;8TqK|4myjXSb3}3( zfJvIC0={*FAl+S=lMe~({G$IHe@RZz)qJ@4qBc6&(DGaAs*mWlcY6ynm&I>k zU#{WIut_^xET|qssiy8{a7^+pv(?O%)upJJR4@5xh8zk56G}$~M1Waw&Zs$KUGmS@ zN&R8ARuM~6SqmBJ8Dl~ONX%x5O${J$n=!3=@uFHHs1-!fXdB)iX+`+vw6q!VXV%BF zB@u5*J($Qk3xHWzok7_G-C*`gaCiww@IF=7O8TmSzou28H7?LTkje+@M;ckQ(`69H zp4X@IAy5PnGZ@K54oqd!~8{cfB8*)doH=jy2IxNR9G)rxcbmnV#Q zlpr!OXEUE(zvq%2)Z?P4k;rE_&^Z}Ni%jP1#r+<`&lB~sr=>=qzq=~MzWB#oEe}- zMQO>!0#l?u3K^lb%+*cH1M=~c7UbuNa{?Ai>dZXya8PG zUdyJQna+)<9qv!-Y1P+m@@Y z*M|@4T5$?kzvXN!v2NhF?Ti+HSVw~{8l1lDd|e;7(Hv#F?akRTPg7H`gxO9Q;5EI& zXo)`cYHn&y>4D9R%^?o(L4ujgbJqmBi4a@>MOawD!dud>E{VBOql+ zjdw}LJ9k{t&}8az&XME*oW7Q#`>fKa?*6R}34=Z(bHzrJi-{(ooU#)C)8J_zFil0y z348{G-W#^>Gl`wo4%Y) zdUntuNy0aF-cJdAu!`iqPz$3D;p-Pusa?UcBXA_KOxiCdy`3%_K^`+E4p0NDyd;#JU5b zKfOVBl~QNkw?M$63Mf_7=LmXE`{NlB1n9CjS_~BWbEY}I4v09=?rDy+Le*v!jk+dc zCLma&=^4uR4gc6?^Y7lMHIuiBSl{xr5!z`vZ4_95JlJ8S2}%nYJp&8_G2>e5&@=&s zF?fJIW)8-Vlv4w;@Mf8j_`Bo;LtB(b2fYW)2kdW{FfBMT`5imLlN~Z_fbxPX#x8O=D|S}K z-BZq|5s+pb^eeis9btAxd(RdsL{+lU%jL8qR?Lw6a_U9)K5uIyOqB?rw{}rfoU{r* zSsc429B+vdEWpZ^Au9t|${RH!8XBj+i)Jq1Uq31yVl++TfypR}Trw(e>Dcgj+%rk+GQ!3o!% zog(z5>M25wgSXyW_Rhx_i048+V^c8lV@*`RWHzCx#BDkq zjmL0j@pQ|TZj)8MO#CZ@4tg|nZcJBl7+;uN7*xy$U?QNZUY4pU^JvyA6Mt-q|FT3b5sD_11Hvg8acDlRqEWu#~Yy>{<#h|6zMmf z<}Fmf3oeTVuH%gPT|3Bhz$^HdZ|}J(z+jo{}vP1udQTsvce9AioWi}aTtu#2+< z=Nq}dAe6GARX4>Fe*BOiwk~E+q?Ss;3|75QwppcuAW|yIT`}7xTD5DO7M6_dq85hh zmh@71%{u4|n1=IQ7Xh5w)d>%DTp2Q3@U`iPe}ui_BkHj@39a7xyO{L78lOEd3*piLWKn9Em+Qu@@@7 z`(^7R%RK8LaloXsnvxIYF|v(ygNH5+KD z)le`bws5S_8*0*|)}Jf9SH(-2`qJFvb|Nli9!@y0tP zD$~XRF?G74G}{{ss$zwUh1wEX1EA z-vl?BkL`O;84V5tkr{QfD##{F$>a5EJ4Nj*;~ehRoK0O4Y!3SECTI_BqChV^@bu}G zi{QX^BR+pBQ|Bp+=u~JK)Nv#s3+1Jj6E9b-^_8^^#@Dc2Vx9;KDrmF-A3rfUUF?cv z-MvI@Itg~ojIEs9eQ5`hi65Q9hu~SOhDktF5t!G0$u1vgn%07;k>=e3Lp}Y_9X5SN zAnOc7)ZrR{=)*iAx+HdyRGXae+{sJavTmDwhP=-uNgoNGqDiLfZEt{gZ#t1|63?5V zjpW#urtSd)>e}r)cM!ph`et)#C2S=R4l{W%K>{BE*x{wAX` za+-@RfJx+$?q}qGuseKve=s^V+-m7zpoWC`0X(Rw5Tz$Y9pSV~i4wJ1hpA>EI< zbje^gNqRD1+^qlrsIwONp)_YKF@n3oUOv{Gs}bDqL!RcUg|cx}s=Pd1VFiC*nJ8hr zStP{vOJ;T*#rQnwFHkd$35ei+;h~O~Q`-nIZ(s$}UB9IYI(nYLK|7~Cm-Fmxe|67& zeO_qlXl7Acaa&7z2v7^9hoqG}fhy8ShG{alXX%b;vnw?xX7@aY^JZ`H9yurc4V3tY z)7gt@A`pfLbpR>@M}_sE$m`R{&AVtO(K$IpECnaxp)zE!HzDcR^*7P$3u+anJ!e;99s>tBY>U9o4&jjpA4^kXTNI4y@ zj0HXGPL^9g?-XA-Y_#$})7VDOq24hbHDWPR9Y%MkR_M;~*%5lt z@S4EDt%PbtP#N`LcG;l5*e!RIIUHPDZdKzDmsVln(QFk~{{mcu+4y2IMXG;3k*Klr z^nJ5dIlrzzKm@Q6gR{0w>8M~q(KFr14wR24F{)g1eYh|+>e3g;Kn2uFYX{T2%NeP^ zzMtmB@1e(*uYz3JWY~9v<7u5*n{8PukmD$fRpQX+3vPvbF6G$TT=>~JDoVZRAQS?t ztwX=4QFA8Vrp9>K%c}Ow^||%eJ_DAOt&dmf4laDASjlH5L|ybWmE-v^JBqy+FUHRh zn}Zjj+0>JZl&G@yS(XM|hQEORD2}ObBaC{g5tJEmnX!Ql*Q5*_mf#$Q5~o6B$&9+1 zNM}FoIp}*9JK*zXU=!o=p$zGkZDoz54gy=xZ0!q#hS#)!^}qBln{%_a_8|$wKzVZF z8eS@=rybyv3Z)n7Aotg0?^|L8JyvA%H9QA8b9nN`b1kGi77fhlP1o$kQYiREsiI`_ z=YV#=Ff%AEfd~TRFwYxi`ASM5Q)0XH)}RI}KG>n54<^Q#ba(PvtLrZbN5z84R z0*6XTqJlH6Tpw;bb8|fyh(UM+37~p#XCgTXAaV~QkFcT; zAlI?;=(gy=mPRHTgfiWw7>U~mQkLClHx7mG4IW5$V#}YP6O9rBGx+pw+vGcJ0g{5` zW^GcEw1Z-+x_NByX7bGFWMioY-sXFj`pN;OUufkw8o<(%C1ChYW%#|cr{zw;A==PG zI&L=(3W-ogE^=qC#Q9AjfC;8JQl?7)_cg%kW3LA@y1PMWFl~ArZCRrPRAxCNmkCI2 zzP#ag+|Y&aR=s*qu{Jik!nGAX~!jd(>td*JUEV+bcU7}Gsnk&tL7rkH~ z2>gGD6YdUGjWxFiASG<8HTL7;ZBwUr*PpCZY;mIdyr5&yAY9ib6;X=>F zo{xNSF5JrnyjntE%*iZRSA2Sk3LfzE{6bcjEPr-!J{~4CgOv?hIl#;@Pu}XbrKLdO z@=AZwWC2_zS?uI0<}f;}DGC843WzhR6~zC>0~MH${P{J09D1>PVP_rh#!ykSB^B|| zRietl=xoIH+@ktPh*3M+*olrc=xhW)W?*qC%~Pn=78sN`MWY;?q(0C3d-K^uN)fDq zXachiZz+K6funnQ^%ZI?^4naQRaIyXbpX=C;ra48G#sDAGtr*jzq0oh_OXFXyZiWU zY;0iR&w|*+%3xVjF)8$f-S0c zuUrex!`0VpNC1y-boP8Hu8zB>zs$LlRbVUDcGX9?$dVhN|8>=_F+L_1 z2lD|lp!3`9MB@=iS{SHTq~i(;6zGt{oT%1{!}mIp69oCXQgkM5I~wE2s@+`!;lMG* zOJkr0@GVRPe1Tb>4)Tep5;P8Ej#E7x(tlKuV?2x+VATp$BSUEBV~xkz;$eYCr!0WC z9TtiVTGYG*HjSmAhweJ1=6%n&Zo-vBL0K|}mcQUc8q3XkJ{)6aVlEth>js;UqPeD> zUoCpDeN!Cku2-0Y94#KsjJU|4G5M9Y9+6GRd)l?lJ_@t(;pOE8@ zVVbSs);cSb=SoheNNXVKo6Q%f?c%t(bfs6iTm~n#N&B@wUkDl4CVOs1_sUDM7r8L6 z*D0F-+;2YZV$L;ga07Gdyn*0?{opuMH7a}kA-W-%X(4PQsUmqr+mfcYN^-2|t_AV6 zK4{ek2LW0V9BZp*aTLsHWe2dB67@Ozc6LQE900;>T0C(C$I}#0NM_lzl*5!*w6SzO z=PGuV+lAubAU`&i(}ltoZ%CW%SabV?30NnJkPSfJPf)SQ1eHohVQ=NUZR_M4DB_EfxwTH2E)CZxV|0 z12@^xCTHwaD8}-J5MuJI?C_w>%zN64nH`i@nh|R%3r(N-06_!WREdAj8!Y*$mfLZK zt7>zsX$GHI;m{Bw5nu@+a4^`wzy|^j$owkx5^GNW*oAiDX#m&af^%J}7m0aM0qS;N z0>_pVheJKg9{KE-Rohm5Q)G^MDNttoxx74vXxOn-B11t#?-@^_;UaHVH9-?%TVZvnhKAPvMqK$TGP9G zr*Em%OU!f=xa;~%nizpY7x)~5U`e;l9 zB+}ik9chu1o{kM|Rkg^(jD`18lcfBeBxTs&-@gsrEOYkI zdSVGI?tQxVMs02Al~pV~oTEZ4ig~LJbLzFWBH@qff zCW<{!*BA-VD%>j^Q_@JpLRAf$%y?(hJ^2{?;n{hQF$k;7#N*a-6g@FjuP)Jr0Xoq> z-#p`nM1t%JW*VIg=M;nOLb(<|9$4;Y^*=~0xaTa|qiyW;RegV5< z`b8r0)R|=$ zG9m<<*XY4*w>`j-rV%p2Di|H9hP&m>NdX>X`yBWh_-x2alKDov$oU^R5>zBS@rk0j zUuTGhCK`g5d+##5QzedvIdThR^*|SRod%qR#imi zo@_Aqy@j)2_`?(vx6CODW8O9|L8~2-k_jLM;+M8{Z|4EI+uyht!FoRFJ)s)CT=ozQ zxE4}kVFJh}pKVAL&g2|G+$GW_2r4j2&;o>+bV=sN4d$`5E7jFYppx8@3 z<<{0A1fr3PGpJ?Znc7&yzC);Eh4l}r5K#|QXk{M zR4xa+n@q)EyYmQ-u@}})8?4dqqKz(8B3tSFy2}^mXz{y54lzNi$lhESWio3D6HkVH z=?`4pY`J-RpduY7gPB*_n?-!8UwrMejz)Kupz|suuwC|FHYhdkymLJ-=!+gfM zY6M&LH}}4Xmk~q_i-!*Gi;Mnq{3SV=WAM-7iyVm^W-(i)16-<>*xOWf%i2AKcG17Z z+L$X+8%ZC#K>ruf9ni#Vgi|Ya7J9p#ZEZWf`A$7*yT8_*nt-%MFq!oLpv5(auC9u1 zvHy*bk4Ut_@gaw$djt;wNW)W_257>N*TSAj+F|dhF$SrKmNb`IbkKJOwz=c6m$F>anc?zrDRVuS z`qrXi4h2U8^)J%^&*~IONx9y8`Y)$9^q;ix=_mn#xqTN-emUzywplJrwx_PC%qll{ zXrx~Y9@-mN%8O(@8$B=vI2HSZ3bdo+Q8+RH`{22Mo*7HoGEQ$-OdksNyKdhnLCb5M zXpicJ?|W}x53&5n1U-iEZd+)bnig8BOB#h997tzisq`GStC$L}2O!u=UYb+{33GW0 z@+G3|t2R3Djf@Xdh#;3wJ}iDcoUIf+ph>C~W%vzFnK->Xd?qG9HaFXXiD$#`9`K<{ zjMDl_daz{BDCUgfR13X89C|uwjc&i3PqCLx6X43nRO_G+$82h|H~1s$c{EXSwD? zxIz=>b04h^q@V}BPQla@Pj%;$(wjUEuFve0M(Yz3LFQ5-8%pQKLMzR=rbMVXBn|Y|WfD+dIH6 zT`AwVdlabxt@XM`;LZsVqVx1wB2u1RNrlPXPm92b+MNb1BLb%;dy^QrA;}^KE~KJX zwq84%TrUV<%*euQAR_$w6RdCh=0o(k8UfP;^l>=D-(Gbnx8B#p$Z*)@&M}zBBZP~b zA|{`z0(|c5!0WNC*raXUQXMSGc&l5PFDi3xUC-d3c`w5aMusu3C1;LK#q(NnAGNk= z!Cg`zyMSp%Dd0n=9L-5syeGg4`n}4UvM=!2(hd$?-+KuovS!b`CkW0-(}mE1u?-n? z@julclIF;e&%masK$iM&Y28N*Vh`K#l=RKT%fU44yYntB_m&b=B^Qe!x(ALC1xkkA z>cd7&3GOeZBykxK$) z2)V?uEXxzh_#u!pE$hXzp}1Zq%6ZsP+-EIeXb0ss%nFygSz&NCezUNFeb~{fN=Gn3w$F=v?O3FC^FxCXqq6*{YIQ zlWhC0t4h8M9Ks??i?T?;rTMu#k~)rwWteZ>VB3s)t@pa`%S$srDL4U9-H{#w%QwlG zw7j{oA)}mAGhP60Xml)Q(z`}MER$gq0cAOKHW_);KZ3p$=k;)g>7Y`BD4IWAwf0R) zzyqyrk#VCyH=jVF_vIgU`Af?H(W^vOoU|YsTdD-Fopmkq&HZ5Ygl$%x9-9K(&+@U; zrUqVkyS~v)t2Jt&sN~H{g_oiHsROht$Y0k0?GQ06S2RvZ53-#{>z!f-hs2mL?ngW9 zG>^4Wz2yLW?gJiJd6pZ)xicIym;lgc!mP|))d~3mIjE#%l(9hy|oh(RDU{c19>fooBNQ(~$AAy^P-d2cd^RdXH^Dn~cJ z*4}Hf0NeBeF1EF*i{yEXp=rirl?EB7Bh30s1yiPMK-mBpWEWq3s1%w;B1u+1WLlVQ zPCw@2$3Qz2n+9pdX|Kt-lz^%v$_dUyb;(>C&6W1xhINx^LhkTa@%BV)BJny;a&`bx z@s2X?HFbi84ys-JTmsXXCR_q#W=4>G|3p}k^h_M~NHUN_3~aWj-QuKKb^(np>ITZW z%w!U8i1V7sC+ZL1G(sSH+HU6F4@*A&B=qRBKsy z?7GAvI~gVhfXU9ocGyTg*EC(NvVBc0F#p$wnI5U~ejg z2@)zp1qm(K)&ZF+{^bk}Y)~@|j{ATbOrFhkKFYt4^Hkj)uCl?_O*fpu7k#Yp80qHd*94}UrCmtyDOytq8sRmQ$Uc^m>aRROH(THdTtLL76n`yIif zUpz!15~f~1!GPn#F_>i>NemvjJe>p%Soq=D99$PMY`y8Si_$_ijl4Y3gW&Tw#BTGMzHEi)I;UtvFH zye^}Eg*PxokSli4f2sAAg3pQqB9}VbDs*u5(ykEQ_a{{-(elPj*#OB{!tkNNifx&a zdA`(uM_n=bbdEM_@`r>^D>Qdteaj^))>)32W9W$2<%4)!1-ZS^kC|cU(l3giNo{xu z+pzE0hW?ohuAi=iGq_kr8XRg(gKi<$dfK}f+lFgVw|W!kYH)^7hD$f*z{HNLJR!&I z=uV#x=LnT0EsJke)!ms^G*}r^Xi_Ls*1x^3lb#VVrxDXgPxR4sJx&Iv5h8@hAI^5b zuZe{rwVZ#;tP$A9y?(O>!LLFHRhJjHX#;EVq!@|c$v$?Oz|KlycXMc=k0lIANQfvqwmf<}>> zCs}`HPuUSn{7<=*Hi}p*W;M&}4v}v&1q#72X!Jyqy-@gtuXzVB%ljt?GIDrR8PT;(9XI>LPdL{^JtNjc%U8wHjo!^Zc3NH>jN;M5ja7Su}{hOJNh+HeFW#iWNl& z)t+KYR4~?m1i{i>R~zj^9aCSpw9{0Pd*t<+jbKwRt*S?8;tZ$wJ+a7C9Mlqtfa!2Z z7OuY6h8&xowC2_>mssHD60_;02-{=Pj0vi`+$oE^c%jV^$?vuYy2aehG@TkZ8q7YV zPu_%m-{~!FPNQ*WSPntkPzE#!#rSzQP~N3chjWGI}+6$xV3#>yvS2@v&C}bd~7EV zX5he(=wt$ns3v_Bu(a`c{Ez#!QiP*d^Q72&Wp7PA5UGE-|;|%|%QB+5i6IIE=*Rt)Nt-AZ-UsN8S>n( z$cf1CQ?5(=NE7)$vdu0z)J%9v`jU8M9bc6}8giw_fHtM`s-9)ox~t&2uxO{_-Wet# zvmeWFuA_Y9N4&mugHtrw^hLde_-8ag$F`1_`cjINQR37b$qp|f>eP4;3cG4c;V`Eq zn#ohb8?-x~0j?BxJHMicF5&c_*U4W&nG*hzb_~*$HmkI=4@>?YCTsVWz*i-8`+?4P z@r=4GSQDPpzT`dOMVeE8e+cTWWL;Nb!NL&tx}m58hHo`miRywT=^af_A31l^lvj|+ zsyefMkTyZr5fMz|nrNW7PP10fA>0U9{zz$*g<#K!%5CI z(H%#!%%j8|k8m)C$JCcI5Mhtjl2?~}B&}vRxX}l9To$_MMk>iY?TU9SOMToKrw4H#O$@v-N!Lmb$c8oJG6)_^wEwmmV!mX!3 z&9GJ_iSF*SYukf}+*Uw%GL4bjYut?|1F*6-UlrfV%{<^)VAUW#Z~$FDm`##iA5C}A zhSxk`g4Q}6^hof(ZSw@th3G^lTwO7&mQ}Swfbs#0s8pTsTA#JLx(g8(@_M`&d0!hn z2aDg6!4iiVd=nDac?NG0oU;QvXfvX(RQm>6%|mLuS8Fm#7VfFvi(XYVctvUVaS)!` zyTLyNKgiT-uMu#`h%_qXIc9U1!b#g$qGwuC^JEvthZ*2F11y@!sttQVHh)#tK7k&E zZLi@2So^}KZ&b1?WYDJbB$EUhJup|l)O~>_!2?Jl>)Q0U=)Cnaptir1x7+Q#C3@Uo3=*gzldXn3xLvpUzpy=-+wabRjvREDNtk9rpiv|Pz~$6zxlJ6%BZ zExR_~0g3vPhk~Smn!$)vW|~qgJzu3~BQ-qvbOn=ynq@}1wb=KUAa`<3e8|)j!T2h9 zxvV_^r@S*ZM5hDKZdu1Pv2IRLyclV-&4m@16MUu*>z<%q^8;Y!1U``N4LeF zSfetT;a9YTW^+-huyUN=1Cxnv0+Es&#Ns&$NIpzZ4RAVIs-j8psGhN^Dawqh+B9rh9}C3sEOnP9V1T?q_V)9p8+Bd*wmbN8siaEm+!5A5U=&oj-iVYW3 zJ1&Y@fst0T>lzf?519!Y?5p!eB*e0gF#LK4f~h|O*o0RX)*uA5D(J8$`rc%gH>56_ zDPJTysMRQ<+sZ0(9_)1m_xk^+dlN7_i(-HHWhO!t5QKmr0fu1<5Ma(^CJP44c0wkZ zkTDZ5O625Z=1k_0*_b(#1%re|L_ikB3rY}_RY3(s)C)>PmVhXT28I)$B9xARtHq3|y$1N`Z-So(d?3%W&+8BpNL_b}qJiT?!5808==gFdCy*8jEk9 zW)wRrLZedSeRiq|Tw8E#7Mvk?_j57XRlOZa`Fu)jO2FOZX@mngcqSZ@31&lWaSRdZ`R6 z@O1r+w*UGYp0M#3OTz`5kE_EtnYEC%^MvD?qVx+j<9ca;u1q3Wb(*dyb*)gN#Dt7sVBB0c5 zftrT`=Oc)R^c5AxJ&494l|pVKrGE!j`BoHh>sf{dBlc|zoweTVNQ&C0;=EghFvf8x z>me+nz7avaccfOaDKN}-AyYFS6fDvQSrZ+0 zo?I_i5kwnj@?I0#>3X-GsTH1#IhEXOq1J?*B#i9kgkI#J7bztg_lw0{MJBew3~F)) z2l(5(X`^})Hw$o!j_Qd@RSQrF;WB3k*`pm6D6?H9bQ)id?T0rc3%!G*BjBqX zfpZFAc0%^7xDL&k*?6=j)03H^SU{inJVHJg#xWOzKN2a62G8PM~dSC}_h~`<$BF+>rC#uls zDp*&Wqx<>F&z;0UDvXYTvcOX!)vw|ALw+%4n;*`kA&p#6bBuPTNRHdjS%y`1jum10_N z<#Mj@ zXrNJ2+l|1r!jVI0y0b5AH4Nm|mDJ>wGT^PTbdeP$))Rq=wht-!-M@0 zm5|GFShap5LRNXI5^bx{9;B}KE=x6~+^CxB#mB~0S8AhCQ@{MafyoemrKrrX%pIQu z9M@8{O;9hTutwmmbf9AGRIx`L1sD1kh6gw3u&40RIlTFxF9(x}<;4!_w*})`M68QGlH-M%AF&6FU>UqC1Xg; zVR^kRRF^O-jYUl)bDI{0&yf!Y_l_{oc$Ee%U}?5!!Zb)amQ|b|Y%$S`gDoQo!V@fZ zK3dIg^5#1GJ9>)8XnWQ%QEamY^W8eO%AULG{xo>v4|f(A>!WzLvh6iA0uLI{01d#i zg*0b_(-Bl9e!QaOAVHuHUZ4VJmXzjSsbNjY5wPx)W&m4<9h6I9sh#NPV57C1bY3MQ zeW%hEP19#^`}@)4G8WgkF*gMFh<5dHWVEqh@S7Bgje^+{s&%RI4JTU0fxswZ5P zL7|Wk4FFNS{i6w$x@IOPP^KX+Wm*QVGzDuY%Cs_{!lQGbb^>x>PfxeD73_Y>^J=oYUYzLXn| z_ku%3N6!}XqZ(IN(8~&LReX+2{EY_ig6_)iqFGF(Nd}`Dg7bgP|gC; zjrYEjI<CquPO+QSweP?Zg zzEX!2xVQZ)=0QJUx4+B6eE&CI!(Q=VBg5ujbaCrj&+z1ODALt4JA>_U6$D!i zZ^-nF4s_vbgSFmIXrq-n>w3~juvX{0_+>qsUYr4CtUg{sW_53)L#TaR3V2)@z`F4E zyS~2eJT9ZSR>nk>(cXPdM`te_WQ5x$-J^`LU4s%zflt8(fP?kY%AU1*i@`W818~EYJ?~`9dF2LpSIW9zQ1xExQhdP8 z3Y)^ow*Wghbw?+iXiLLG16A!Z%w}#;4&ovpIu)KsP?TyRl}-2t+>$iXm4z3}aFaJO zMB=i>A-1lXli<=+v-?IA@D2uuQE=F@!PA$`2Zy|;ZNwg8hzr)_BYzNMmRp@0o=Hzx zj}Gt^2Y`|v$59lL@##qo$BBQ5yIeXzGWC0c*$E>$=_LI$ijK{pMb?Ggx3(%+{LKy? ztRa1ojtx5O54%;ZLP~z&8?wq0QBzWvC5S6W? zv6K8i4edR1=~Sl<_gstTSs*40PSwDTKzK5?JK{&d$SDaSx9iuZQZ-nhby#}X*;tO+ z7`rD|zjJS+*j2}uIfzCik#S0WS_@G}yHyqaO-?S_DT4MP#s#UOchF1);v3qb@29{g z6lia(uBwUcQWCpFLq@h|nrCCQl zmC4oQ-O|zHe7zzF2;jdekMml0yY{h$_Iy=w(WTYcc;|Cg5cb5CBA>Ics}Z z;ZVI0P~wX!i!nW(`U3VAg)F!%PRp%p&#R+b(7RKO-$ftd!!<@L>1u)Ze08`{aN@*N zg{hvg(Jop+H9o*A7*@t^XI_(ux80?mn65HMwBDt4!r95LLJBTLs)7ja&FHft_tbg2 zx~j_2OH3^oNm~L-uE=QU1&biq!yrBwl$CW7F$})%Ooo=lKsXYsTd(cc4?iL+}c^Fvm zi%u4`N`iw9cOQ6wjC2RGdDD?Zys(r+F8+)Dk{uq-ZlH;TWjQ*0;3oO_CM^wH;B@me zC}IdKZdo{3m&-uxxT_hcrw>h`PyqHD+!-XDFM=a`T8jnQ;Yt`VI?$2WG+tCqhS{|+ zU-3EN#TgT9gK`RjEY!Q5qdgSK%GUn!1&-=NWlMzJ6n0Be%LLVmoVysML;hZ{aWrLS zPz0lj{~>z}+`9lqkTM>_)tmcx2kZTOXvrf#GHbZ#Le7kiTaTV^p_^CoxH3&erD)ivk0`L3B~NqwUasJl z+bGN7)Py;sNOX3ejis@+L*})mz?r$>lTIQ5f!D-yv@2*_v8c>ScN8F>^d)7$HS$x_GymbQwY^Odn5>(Es z+OjykiHj^Qo=$L5Q1>wXR5J8M#V5gf5?hRAGt|^B^}fnlun2bNVa-K14LlyIH^q2y zrZ(k}kHi~~D&%5CO6e#(cM4~&=~*=4fdb*67wzCwedBXDyeg6_k>B;+0t&snC{A(B-nLVMTUjd0do}mU^tcS5g04%hj4* z#zSf&EjI4Hz+48wG4{aAW3_5}7c!C2BOw0e`D7T4qJY%(U?3%ux6d`xBTe`&GdXQ+ zAc7Oih{8S^0S#yXEvv4moeolIt_d5dtu>oZ)kBqG@2c-PR40M~4o`Zf%IiXJ}T|S!DlD!jCe`&tB z0m#$%Wm@HHOo->8%-35J2q6mJv8S%Gca=3Q%DdqO5j;Q7vd@nfn2K*rj_{RbiOLk= zZM@ShcGgt4rqWOnh>V@>oLq+Z26J*5w?ega&!kf7Zcusy0PWlSDp5?TIGwoT?s4#O z53kCAZ8_hwL3hv?Nia0xxW<8{5SIcoxrEywYh0IGhuKRo&J{03`&pFYFb&s1m51MbNj0J0s;jUV-131t z#+ou^zO6ueK(Ghw%>9S**Xke~mccgegGEDMP9G=9)o@P5-Br7iR*m3&JH*7Dg zPL)cv#3SN#s$dx6ZAi7IJ~TJ+`Ae@lAVe%^G)uHSiYHmL)?jj@9%@+GQT+8aMS=MR zl9CpY;T*hSlN;#D#V)k;K7cSkc+UjZSA32F_p&V*BL|^z37!ZA#Km^0Mb#i{y{Azq z|3kB?pfX?S;7!x#CS092#Ike~6opiP104e^cBa^%gGD9=SMt#?zZRXKt>E&3H*WZF zVma5QfClB=858hhh#TQ@JQ~`jziv1?6jQ5@Rqq2j`;S1;r97s1x)JOy^4q&))56|! z%1P{VKvY{B>kgcni0_ubOiX)Xpq@fwi*^HdrS(m|u%YsAOsSl$%f3;=iF2&YBXaIj zf=>4ahOwCb8D=61&E?}AB~HB*BTfrjP816_|7o>r#e5$CkfcojRqQVrkH@FiFU1FeQ<^BTSh`*Z$7r{nLMx0mZ7a(J-Rc#R9nyMg^t~c?H=^$rE~y8y zur#7(*S0h+iqcEaLR>NJxZ5?=O0-VAo1yoq@H({f}U;-fpcq_ljj+P_P zdy@MGPZ=h|pTnWmENt-nRXpAUUj^2@35tEpwV6sUgjOWa6)ARc&FT;(#&>jM*hN)4 z8FK?vKX?JVz%w$eLaOO}hP$1$rPFyZOq=Z zWme1(F!xt8k0BfrABO?;%XvnVFF?hZlcBzBR}N!Jm5{52gM0=Zho#UJB}DNFKu`g& zB3hKjwdqs}UPeI2HHJ3B%a_ec(%` z2y>pLF$ozGq$(h8=^_XphiYK?j`YPCbBvRO=yDu46045vPwW}HoJS*g6IbEzqW?ul zVyJ6}c;gASlw?{V9Rh+*yEaT9?|)DVa^j%(=!MyIS9OAca94|ZMFo_?IzJd5SWQn{t&FH}1aaR&oVbJV%(u_`?tnHx`J>G&&R z042)xeX}r!`T3L5cLeK$1)jMpF|S#a6gA$C&5k1JPLN$o*iZaipPDAVABB&9fpVvU zxlJ%YH$;K!&Re7<~w%s$$vgX#;M z%;Oi}sy9cVo~%n#oTwHi&4l`VQfN7XzD=t2YBf?Mz#7m!I@FiP4NauBZi`_Ltlk`z z$Hiw;6I=!YC;8UL>1`@N-Vw-Q?hmduMw2O_x{`H6DaXW(4zXddQh{PSR<;s+CJV_~J3Mm z@9zhNe*|wiq#Mg{yBcNS^#dN63KkLXtXrW!v%0@9*n|2rh@#@pEGD*I=x_pk&AuiL zf(z_{gB!%P|C9)0#i^(%*;OMw(Ffx(vLJ;LUM+JyKFqjSpje_VASzLvHJpy;zDb4S z0M|-2uXqFv-*euNQjQ)933*L+8Y5GqfRX9u4IFbb-Id7pMGmgi*d66s{uI$l`^fb* zpfKfocl44XuiJ3Ll6t-wtY)yDfC9ib`T$SBBR1?rZ=T+u59nk4T$6oLM#h=JIj%?g zyWLdA^XXn{=~6zr5jsDI2Y~qeAPhEXy~afi?g-UYwb)n3yRXvDw|D43`~fb`>pH=k z(wBSp=wJbk(Wq(y7uQPZv!sm2o2~(cfe*esUqqY0!|`#!q4wf}rsK0WXqkLfVSgSx zE*Nh+s@73w{eU=?*n3I+aN&;lU{a;MPkRT)+LBiH{(06l?QbeidXbK=6)k*}gBBHK z{tI5sUbTM6${}+}Ot2OkI2J2L5+f@BV}LFPOA_6o3DX(fD0sGA5wEysrvzSob(Yn{ z)R!b+Jc3SLfu3961@}PU9JZ^Dx3MnMexu@D&w*D0wdN}=dR2vBLEqtWVz1GyZXcZ7 z13;iNtcMWp3b9)_JRlioWZFRZ7T~4us`iBD2v+I0Rx3NyY|bNl5nI*8DZ+q}7}vMM zDekO=9FJX40uz0w%3M6?mf<6vH7$#j4EF5Y-Rg#w|nR|(q8Ar3VvkE}7K<>NO+GE?C45_AG zh(#Fer`PjpxkR831hrj=y;i&iPw?u%Tkz4tnnm|F;ROVA=S@{R1Kt6~AAOFXd+8w? zRc@ujXf9pBL5p{K1ltAJhoF21^L1i)@_cw0PluD7-ocmzC(y`Yey}gAN2}x5*`SZB zjhu=#7H=1#5YAduPv6!AZB1-$99xAsg=%g9SC$&IY|Lf1Gxt`dJa5n8Vg)MwdRpaC zjG)3QgUpys9dvH+F;}Jjs41nLM8Kj#a5TNyt3*jHmP=BdlQ#vc&>Lqi2iy`>3=9V% zmbl;nn9eCVp6%Sj?v5DecYd6Z_tKN3UfDj7p0b$z37tRzjW2p5<*|F1( zH`ByGl!#=9@x;hT`-(Cj#nWns*{YNf>%0eYocbz`ka6xE=wHkMYk+gFD>5yNy0V*4 zEL8idrgSyWMhE%CdpX+jiaJ9{+zi@6jb<&a?Cc$f%~GWcLklT@YvJ0yLMAuJ@7`7A zlhDpGB`B$nRn%6wGmG3W_%LcWJlp|y2&#P$c9*O4SYMKAd5Xk?(wA8;qTt;5cn@JA zr(OzK3|BV7x#tmm&StH-da?l-q=EKb$0|7!mk41QNJ79)LJ|TU>Hr*6mji7A&)d`U zFV;n_f|-iVw|Mc+gfnY1?@!_xwXC+roub+F0g3(%u>P)vcuI@9E`^Hfx(KYDY1XTP;;C^Y&#a5fV%C(PPE@Mx}qC4Nb=uVRBPG7c4(n{UtFxx z@*WbdK=IG{s!RUCk)n+tEHOomw{p?QV-R$?b|tQsQ*KKTG=XTbt~BfL=(1B@NXY2; z&MFsA<%ddy5BVZ9)K1XqSeq&@L7dxyJG-^8LQpIjyqg0r`>ZkU%dzRGR}neN?gm#l+gVoRk{|V87CymB+8(aZXpSRaR-16W2Rg$^YaIr^NEYtn zLg8CElclDiRR~^NA08=ym@8xkd(vPa0+onQf6!v)M156$L8%Ql4R?D{Nv4lBKs7uE z1h^SsDACsd=b8FZ51`Y|=EyTDb#SGNy~GU6UK9)tA~sgkpT3g=rwq!om*EzgKkPQ=M<{iQ{N* z@8}}Wlv04ar9QsJvoU-A#d&zB0jxa@natWOSiN9?Am%atuSi|&TI}zejnRe~Crmk^>G;&NQTk`yDo+d@J~#ei8%cB#XofVLYuw1%EJgNVcLc>F`BciZ%Bh{Nw-{6nWNv*~Xj4!;xe51rm)({an{!(y!q3qp<$E59$x5g7EvhIejqp zy<%8Qe~Q!Zilu+n(0`fJTd}@|{^VUS1GeKn?zexy-(&5-ariBfp?upo-w8k`nXkTq z$dP>&o)Mq27UlB{c$fR%PbmC7_-~Xlpu)Pm*dUx#mGwJ&y0K1sm`z8>6 zlvUHf@q1N`3+B`P`fzBR@3rIn9MgLYzKPMp{`tD?pEo$)KJfo!zWQ=(?}Yy0J8&etBwcZ$kK z{J$$y41R~>A9^g_r|O02R}@J<0@9b^A_l(~;6Ex-)4=|J!qRz;=}7b7RZc$@iD?=i zwBJwI4HKg1F#JQOFSqF}oW9siubW31upP@d9qVbnulqiwV>>2t`Om}Oy>@K1Q z4z^48>xNK$dM#f~8&2#uk>jwcNym!4COn^>fO(A{iShumD3ly?Q`^( z31~2YU+8;kKiA`0$OBEYeT4G;63c%piqL6*&yL`Ftbo7A=+t!@p1PT7NPE{UMasaj z+|KFK;qPWFp`K?mZ{Nvv*aXS3I$&FdZCfV24GBciBK$-1MBN-y&jp-bh^4PF>AjpD z;wh}>rJR0e?E9O{_jhu-)DK%ZJ>`DiYwQ0~iS+SgT!6i}`+b-FeiEnmxaoE8H}zY< z>HE3qN`<677l-Efb@wI;1BqH2>;ML zkMm-k9j{rO=bdgIXWp#jbg7IjaZ=lR;-}3_M{4JTCDONXy421$I9+Pz!~?K_QFK23p~tyS8Q>cL zn#t)ub!*uv?p?)QDR{Oz0`(vfj2?&Ln$ zKdDneJL<<q*(6 z#_3XDy}{`ce@{F}^}|o`e|pRl{5^~FNc=UP%P7TPmogoRzdD#sDgJtf>1=T8Txa>~ z6;7A>WN&0b_(}ZJ#OV_MG{CpIUuVPLWAe@MDXnKZyTg1jeOq5g69s8p&*@9y?2TiNhNiS&sFW8qO0TTAPdgAzZT$>}7{HGRiFx`NXs z{@lpvCtxA^`<$)cW=@yt{~)K&aKBeW9W?;9jnkiZ)3Fa78*@a;h-~X_;Peic1}{?B z2eUYRs+-<#+pv<;>3_P7j_+|(iS(N}UFyRvoPMHPzH*5Xk8CeNUu|;3x(>?qt=xyD zWZeQ{!m!N5e(L4)g>F6TW>ZHs0M^9yEWqDmbEeMjA@61yXT)eIhQl(RDpCh*%e7p_ zkCST@@I?KSc8!|QfCWU6RM%}K>e>L`F2_IMx34?Dm0hVGOTzkYY``30S%c}D8!$DB zP~SE4Bdd6;0iXx*5BOb(e`wx9{&s9&+Z!-3iY~)Hbe_5khzORUoIFt^@mIrPm??@@ z;veRFwH{9b=q2v+QTTgo+}b``f5o_q-o$Dv@nRp-3dvTi%N3m71%J0?DF+#*-_7YE zdC>srPjPxN*?c`_gx@syFIL|H)vs92ghtH4u_3z6i)?xer+*eR>GZl!nm%2|>FZ+Y zs(=Q-3Y@;rF3$JJgX1g@Ue9@YVl=G1;p?2fpPSD125iHRIi0plx{gj8UgLCWE*(I| z_wanixwM`8y3|}+$#kT-G>PjW&HDx@>sF>wY%Xo(JQ5$j#OW)6o*gsG$M;U*le7ua)yD*dP`#Q_V1x}av_*zac#>cu}i}CR`rX%sd8=U^xSUoKtPdpM6qDbQ7 znVepXk5_V@P#qe8_9jlhF*z5mvUA~9&a*#OM)#+qXFS5`B$jo$v&O#2=^@_0I*g-% zjH0)@bx^W;H>?HDr%9Yg@&zs6bg2%#oF1wJ(!aDs`kkCE=|WpMUFxHkN~Dh`qfZo_ z40SPm?5rb`I6br$Vf`0ydb9g|-pb5gP7l?u0lvAE)4%C{k89bNERDN4kEDw|#p%>k z%?E5h!aBap>CzbOfeRY^q`mrNPM5xK=X6>Ub@?3Uh2{5^`2LC#>34HFiC#^g<1%n6 z7r1?Mfse;wLv$WoTbw=kt4t>(`;pFrOsAA=pLq-x5=9}NYyf;5ms3neZDJbJk&v#h z<4e4m)1^M$!s!y5h+r;UiwF}cbIGxPRdOVd2 zIck9PAx@XpHl%Sa=aFRPeViVWRanMzoc=WY-S8C3l5g8_eU07lVeo|wmV#Q2*e@6;b{*T+YgPH3IR{(Ozn06Bc>F$2m)i3jr-%9#`{Pwkmw0>v z4OkROC&3KlG7Ks-#dP*O`J}wq1);BU2o>}S?>3a|7{DWpX8>) zTt^c))^9tfhsFZaRd9ZIo>TjqFjExG#XofYfIcn}4FJ8wC4oq9Z+Sl{)Wz8BCk{o&YVujlj-Phk09FY*14IbD(;uW`CmzXPUV#bmu_ zI;TtZTh8gEZs_)BEkCa3bV&wZ&*}5968d|Xcj$ei_H#OkIi1ciN|^p*PM7uquW`Dx zM?ati3zpY_>6|Xjm*t#JQ&-oI?XnF(cRi% zpSN?mG)_?~ei%hp;vc#mbssYGvVqejKApws5}&Q)bcxS4m7sq!r%UzU!s!y9ZRhmR zI5l9Kr{W)=x8fhV{fTinqC_4XhXtHR8i!s^m)dbDr%U5-C#RE{O4swfcAU3z`u=V^ z92?0?oW75n?!+vN$4wgir1VLg-j11c`E_#*pDZZxeJ`g=^}m$UrE$EI(@AXU@*Vra z))M8v#Oc!dGM<#pu)PzwTU83L1>C*hTw8Zy!a{5fS{f-W`mD4x6>2)dt_Ww(q z9@5zxAbmV3kPwquWIs2V^GLF;ozo9+>!4H|<^SOH&>X`$T*2uB?)PMeR6$gj=bjRI zu&vK=9!aNumD79Na-3Mk3Gc*&DB2JI(7f*W7Fswx)DA3v8K<8)~p-r#geW=$jm3!KjdT80mJPtgF-Oiq{j3G1+u^GIcE;&e$rxS7)> zxwD1SC0^Oi=~5pl!=JqG(Pz)4`p-HA8VNs%msfJS#EY9aU0RoJ=JZ3b5Iq;!x6uI5 z7EUjwzr0u?502CLcflX3TYGXuX^+=_i+#`2J2#KME_U={vUl zt(-3P^Glq5sQbNRn;$<56N>0RvnV-|+P8qyrS|of`2JE(m)dtHr%V06mD8oQ=_O95 z>7e`1@$ZbE9nnvsKdD6ef)eSyoGy*er6tnuEJD8lYQB}zC0T@dUM`Ub=fU1{;1Bpo z`@$wpUyGS^Kh~*$AN;rbzQ3B&rFnP{r^obg*sq}Z6w7~x)1`5Ih0`TI-g_=K zOuqA?iPNR;J2+h$=OIq-!a_{{S>O28oG$h6J)9om;|3u445y#y(&v3QLeg&+NEjFW z`F}&{_0hj$viGZx9u)9z3i!7K{2>9~;^A+DTI>>8+|5uQJ?#F|)VDtRj(|Vv;i#)1 zeVw5HKb!G7rmAuLXMOaT`%lh+_~Qcpgn)lnz`y6=r$H%o&bZ(mBKlV!J?-U39SGY+ z_EY$~{y%Z6yu{FqiB{Z7F3O(dFv`hR`&MAX2et>`0^Tg(EdoAOz^4oNNdi7oz)unI zSpq&=z~>0~JOQ6C;HL_Bn}9D8aJuQj4j})nK3XE=?-1~%0=`VZ&k*qC0{%V$KU2V0 z2>4k7zEZ$f33#`F_XzlE0q+&?vjx0Qzy}0;NWjk#@DTwY74UTezCpl0AmHZ-`1u09 zNx&}<@QVceLjwL`0sn}AUoPMu74Rzs{3-#zM!-KV;GYoi>jeCh0)B&l-zeap7Vw({ z{4)Z6i-6xI;CBf4=LG!o0)Cf(e?h>%DBxcb@OuUP%L1-%ii?Zr`sjWk|JMZk8v_1- zfPYiK9}@5_0{(3Q|Biq^D&UU`_!9#DT><}|fIltZKM?RA3b@{VCCBRpA^%SV{HFr0 zZv;%z|GAKVyMX_vfd5Lse=Xp@5%Av%`0oY$4+8!t0spgr|5d>MCgA@N@P7*U>jM6U zfd5OtVQU%q!G21>#|ikZ0zO{A-z?y}3;3P_zL$W%O~CgR@cjh*?E-$FfFC5_2MhS2 z0)Ci)A1>fW2>6i#ew2Vu67XXM{5S!hEa1lr_z41jqJTFEc(Z`F2>4V1pC;fl1pJ)> zK2yL?5%5_8K3l-&3OL?W<^SrVQw6+Dz!wSlVgX+w;2i?KRKS-B_!$DeT)^Ka;AaZ> z3ITt=fM*0eE8txMo)hrZ0-hJ}H3Hrz-~$3aDB$M^_=tdy3iw(9UoYV23iw6=|Db?x z67UNJ{2~F@Hx0+jeCh0)B&l-zeZW z3HWCO{1ySfO~CIE@XrbOT>`Fej!usI7liy@67YKk{3`|Y@b3!vQv&{d0e@P+e<0w`3b?*GJjo}|3;ACV@Sh0ye+c-` z1pF5Q{+|N=D*^wtfd59oe=Fd>6Y!S>{Eq_uih%z`z+V;czX|w11pJ=@{2cXzNdh{RlxTW@V5#0J_0^L!1ovM0|fj) z0Y6B<4;Ju41iV4O8wFgy5D*()*rXpR6Kto)YjW0^Ta% z(*%5mfS)Ab?-cNp1^itCK3l-&3ivz$PYd{|0^TOz3k6)iD3Ro=#X|nm1iVAQmkRhY z0Y5{)-y`751^j&izCysy67ZD*zDmHm1-wVVR||NrfS)bkeF8op;DZ8wj)0E{_^5!d z6YvcJey)IT6!7x|{Col5B;Xea_(cMKv4CG9;2#$7j|li>0)DxGe^kJ)67Z`9{2BrO zn1Fv=z^@hXPYC#R0{%$>zd^un6!4n_{4)Z6i-6xI;I|9-odW(j0l!PY?-uYc3iv$& z{$&BbPr&aN@UIK_zYDm2nJKxxd`rmxkbr+%z#kUyM+E#)0e@V;w+i@^0{&eA|DJ$9 zE#N;8@Mi`5M*{x5fWP43Jrr5z!O;bT?-n0G_}8Zh*U_Ig`2oUrw*dd`PlWH`;d_z? zYEKV8j_|j7IKG*}r?F#c{eEKEKTi*-yXy8A2X?oDJndcrX=ctF%19lcgp_`4?l(CLow1l{##G@!Eq4&bra!q zdM1|k4B>~zF#N}XyW*b|J&u1dzr}<%nSblQTtN6t{ZI4%Hxujd;Uj~>nJ~inK#qey zMK~W)aqxE#tIcu{_1E_iKHI~;MEI#5{yO0cJbdPx5u(!sv9vD27soLC$EOL$=-B$|AO$3c=$1NFz#v(e-Gi; zc=$PlU+dxb6aEPg|0&@&dH5TIf5F4&k*NBjhp!?0J`cZ|@P|EIy{GZ0ho46x?=cVm zFT$Vj@D37%Kl1P`gg@`$yYGw8e|Y$O!hh!B>j>ZO;U6RXmmYpU;lJ|mzY_kUho3+q z`?nt6N%%iK{9M9c_wauw{J%Z?HNyR4F%7gN>_MxW`_Zk0ztzLH6HYfQy4j;+X$d*l z%Ri6sLp*#P;fH(prwKp8!=EAiC=cJAmZ(V{K9lfcJbXRjGd%o$!r$rPzaxC6haW>r zV26hf68>%vzlHGkc=&UKzt6*WrKNO*htDCr&%-Yu{5%ieO86H&90w21t2^2hF{J2FU|Xi*|qxEy4ku7S#Ywi(vqNvxgy2AJO9DrPW8YXasOt1Ohk- z`v6YDJAjiA4d5gc1Gum6VWxU@t4AO|36%g&lRkjcBo5#-$pSb{f&fm;8^DR_0=TaS zVy61&ATO`Nef?13zJ921Uq4j%q4+=VS06Qa7y|XtVFKPL;J*H;=o}&BKT^Pt67Zu1 ze3F14BjCph_;CV0S-_7M@Dl|5L;-IS@RWcz3-}ZPZxQfT0iP=1(*%6FfX@(czOW;a zS|9O679Q^JM=(o$IHQ#tv;ILVJiPz0iP$}X#t-v z;Ql@cGuB7`K1kth0-c2dzDU5^1$?o9pC;f-1iVAQ-!0(&z6>+gt6LqtZ|Vd4HI@H# zFR#MS5b*a1_;LY%uYkW#z|R!$6$1W#0Y6K?GXlO+z_S9rO2E4Wyj#F?0^TFws|CDQ z!1Ds`@1rqeeY8f%-zVVx0zM$%g91Jz;O7YVuz-&UctOBN1$?c5uM_a~0=_}O&lT_w z2)J*Tz>M|Lc|v~QE}`w^g#vz&fL|=&9}@6O1pLDSeyM%vm!0#6DF9`S-1^i0_evg3P zE8t%i@UIB?eFFYf0l#0szb4>c7w~Tg_`eJI0|Ne_fPYiKza`)g3HTNP|F(cXEa2Y} z@J9svQ2~EUz#kXztpfgpfIlhV-xctu1pIpf{(S*|TEL$X@E-{HvjYA@0e?=wesdkOjX7Vx(TIK9w@BxApN^*Ut?!++FA69hW@2{^v) z>;LN2i)vm%eRP13|3CqMhkzd>;1dPh_cLPU>LcIJsPIDtIt>DTn1DA5xbMeQ<@$b1 zg&!%<@%@`B|ItEz-|wmN`+iS_A1lx~PQWJ%`0)aMf`FeW;7tOa67XgLpCaHb0*{mv@C?{`-C$pW2I1pHkBK1;x73-}xXpDW<=1UxO^ z^9B4=0bd~CZ34bfz!wR4yMQki@Y4i*iGcg@18RKz_yL7473g#d_%Z=MUBJ%}a6fKA z)n~bo|Gfh4$2llEXA1fK_y?8${X+h;1Uw_)D+N3&;Hw0@OTfDYJSX5i0=`dO#*&_fL|!!7YX>q0{$TZzeK=4EZ~<4_(uf%G6BC_z^@SSj|%ve z0)CZ%UoGI*2>8bY{Nn!LBKZ)_>BVoX#u}Uz;71t z&j|Qu1^gBPzg56*6Y$#w{0;%XQ@}qb;GY-py9E4h0sn%4e^J1{B;fZ5_`L%DWdZ++ zfZr$JUls8C1^jCQ{&fNWhKIj+U=%e*-!l0AD6rx8GT{#yd|w4ee1gEuk0|2vS* zcMN_E<0--)HTb(2?-cS65dN6Se>~^Egz(1=elX)V0e)Cy&reNa{A)t~X9$17&^eLw z{}%AQ`S0%k{#U?vI|$qRT|-CLXAPO}^wSx?7jUfqi#&m*azA~K@ptU0GQOAd{}14y`p;|(qr0{&kD ze)Qq0{tKH_1+~ZP62L?C{J4Ps7t`6lSEJyO-bz~gun*YhOCKed;t&!GBW zw4Cwj+z*QxU&r`(?uTy1Kf(C@+=$j)RKk6XkK0fETfcnpEaPwC{5pc+4~*|ULFMmd z`ujkCA%CuCTu1iIVEmUXAWz_OhXD`u=a&T>$0L;gbpfA#w5rc9;s5x%yfgFuPcr^}#!pqr(JWZ_Lgij6;5Pt{{qQ>T)jnMA4}|=$2>9Nhcp#l;f#30`;8x+Qj(r$A;^9gMi;I;LiZw7`@6| z6GfWO4>=C;U3r#7(IPIl5Aaa`oG;*81bqBt)!s`X9e-=Nr1^~h>v)B$^Ttv15x^Ur zcW1bpqB{iqQNn+0+NJaVO2Bu4@){%i&PYKOADu$DeP@KL6^#(Shv}a?IsfMfx9^PT z_2?IX{}@HbeaD2wS#&Sq2bz9(n)Bm(_Kng02Jd0~6u_|` z9-F3s`HU|Y@L|UH;D!2h&VME2s~GMm7_VbMuY*@H-jl!|V0;A&e!V{ajPd&xssa~teg4JxJzSr=xIPns zzp?&X+7!Uu8qH&T64SYY^A9lou>}gy>*MDcU%67@di~n7RnfmWuW()N9LBeEKkJtR zJ^=XMDr@Y|8wLEQOsAduQ?G-aQ^Ry_0i5`g8BniN+Zey>OjWEN_qV{j!u-4PfM~h8 zi1Cd*D!-Pi*8tw=yw7zwx8lnJ{zJmId2;nt0pAbiXCv%Tb>|fLFQ*fJxWSKS{G)^) zX>cu99|IiQHExZ{_yXtuAI7&auI1-cn9rF1%Y7=NmWKm?H#+Yb!Stlx9fTia%GLPK z30JpaU`8zuPdEwboM`gzr^rM@gdcBk?(XPb!hdf14Yr5$ds4uEMfi4;zmxO7PWZuw z{3j(A!y>w@TEGVM`z_&q{`bzt{4aa;xktcv zn}hlP=;c3)aQi+NbPN5yFXTTG*0aXw6_3uPgwOQ)VXKh;xOs|Crmt7!X-V{cz(eDH z3E+*@;@l|BS`s2@Hg;MX&q7cNlW|At3sZ>T_s z&btNtd;z~#!2c%TQ$TMBm3t20jnS#5pO58!evt4*2G`^Dzl66LJkR-OgZ>ese<9%5 zpWnJjWz-(!%|iZL1pF?*8>7E?eEwG9L{Tt!--8a219|HPiV|0e8r^ed|Ut#b$T>sk%x9`pM zG5#FkzTNdrry>27hR*4n|75~f8C;h;Ot^iQ?Wdgo2ZZ;T{Kqr?KZM(N*|Lluw*{D->9?71-#+kbz(eCZxg(693wUFsweKj>?R`?nzx%r}zkLr*%jX`# z?R#+hGpBx)@O7sC8@c}bFGV^V3_hRpFDKl-2e*Oq{~O`wnfxmm-$MBL28ZJ4w=XD8 zjnO89AI11e!Y?qmZtoWW5B1xh1iX0}()ah9J%oSAqyHJgef{l6gn!iJ--qjYI8>}L zy4>I?#@|c$M?Cx*!ml#;`JDg13IDLcHUCdN1LZ6K>y+)8qSh!tMKUdVCkW z2kBgA=;-mioA6H>T#xUc3BSSMdVHIgBb^%!uE+6G!tMKUdK`aD_)R81G?RXl-ivfT zWANFGZzlW}gYVA#cIx{u|7`{bcB0=83HSA%Gtb2QcbNQIzI~B!y*sow120CkglUpOfB?biQE9-Jj{)OZZ&|*Xz+KXJLMS-M@lx`#zoKw^s@OlA&_~ z(_ffDI;R+1kIPMj-)nH)uD=uR>s?bZ z{)EX7>IePa(u3uG*Wd-lPb1u4f6*S%7@cYIYrgu5fd7v0vrK+n{}Wduou@s#lW;%( z^@M-VBQ1A}V|@=?7=-`5AuB7C*Uuj_vk;oSyLG5u!=?=iUMhl63lHby?3 zvk15Ez@E=^9wqz*LuX%>W5=D1bnN?sdR)#W{3j;=QB3DS!hdS;V;TP!;oA&;A>%D; zkp9mNei`EjmZzwihlPK{#%1< zdG#;Ce{XO-U)uV^^v?vmk#8AA!qXJ_=uRR3{Q~|N(fN}pcLLLS+W^x4v%x>h`1=XB z?-H(K{87T~yM+7j_|^>~oqrfQFdgXEO87qwz8~Xx!hOByLBd}*`E@_Xzl_gzsv~)${B9BS_!ApSTax`2yj)oBW#3$3w*$qdg6-`FtMX zdl|fo>0C+p+YGMx`6q%}9}NXHM*Erkns3(;{&s^;VET^|exSiW%lL$~NarAf zYd$=m@PiGm`S2maeLZbI_z?UiCciGXoAAR8zCV}yWx@|LxQ>iG1?(@4k$pc=uY=zr z{792u_y3WgKsH848T{=$UtS^HzMpt1m;3&6G5@h9zo!2f;l3WY^aGgxIFnzO`vbx! zd-$%P05?X*8+JWX>dJW4-jtOZ9JaojK2u;`}*NV!e@DOUMAev1E*e$bY`3Udb}6~ivAI9~(itsjr&t<;-2jPnheg@}nz69wkHn^6b=Me7e zdp8lj#N^j}_zdBXdwlpi!tJ||)41H@KaAxrHFTykK18^E|55Y9R|sEb^6P&4KHKb27j9KzlZSuH2tuW@eP3Q z&3||Q_cbB^PY74HxMO}@pCdnt<=XcvLEWWaj&S=<Vq;8{mzRum9`=jMNz2W$5g~bgm}+ZV!Ki za9>|K{*y?@*K@8T{0oN8T&6$yQ<(ot2G{lfCgJxQd?x2V^ajjt-`_l%@rw!ns>!eW z^J&8U_5EF&k&eHPUq<-X44vbc{&R$X!{B-yKjlWG^MHqck??PNc*CbL|3e1fpXo0I zd~g1{`@hwce~Zb#oD)AUwdV5@ZT8x5YGQJ;lDNb ziH!f6@ZT9+%lQNEz;a*q@b?h@M}yC2I-3c%@1p8{`!(TzG5N3L{44H6`mY*X_y4B| z_w|i$6YlF9yL=Am`1;1X2>+X*ulwgx!vA6L!?`{W67K5>FB1MwlV8{K@XuqpuNz#q zcZl#e46ga)vxM7sSM|93j&OSszwZCT?n3%?*K+3VU&Q=x_3%}Iht`FUQGQ=f z_&(u#89MD;&w(!?{e29s>;EX>Z!@^A&%%2!{{(~Uae0*R{SB_==d61%{{aTqbgm-Y zzTc|l{0o4G+Vyh*Km5x`-@f;%>EsEw@4dc*+j}G7{yP2}!tFb-ny*g!3es;d_1E~# zgg1Kl9`|AXBMkmlE_VgtM;ct$XA9v+8C=hcKNIe+gS&qf>HF*8DTE(w=$ydio=f;K z2G{)j4Z{8PYdhh`nf$sw``nM^`s>#`!u@sXe8MLiI(mLRO1Qti{GIRw)(Xo-+7G?uXsKj&$sMwRy&86W(g_>;1yHgikZL?$56hZr`gtfa$zO z_(>-JK8#QP29|5zs~uo`h;aK}t;W9zc!>X>r~L0S^d~c&#(zip_PyHu7+*>FJdxbFX_314h*-QHcnkk}ZVW^moliwU>y;cEOw!k3!-x}RSr{0xKZem?$N zNdG+s*X4E*zTDutpKm05nZb2G|BUeW8T=6L|C1j=`YQ~69OGXn+`fma>%U?P=3i;@ zYdQ}QzRKWwy`J)I%-?NrEg$Y8yvN{ry#7MCFK?$mjC6c?+ei3nLr3?|=Lom&=jwXC zM)=t#zsB3YgY-j9<_8s019LIf8~iBF{}sYF8C>_z>xBFBcgEvL{{oX=_fIe3_I+Mcf5I;|`E`AMP531S z*Y!VaE7Je4!FB#2!arhgUH^v&zs%se+=eHR&gBL_f!lj6;U6{l$&62Y67yeWa7||; z;r_h%4&nCQUY&p6?;@RRJUZ_t{9^{!{d_s$_T65MKSKDmCcmctN5Vg0a4iQWJ%#07 z=izGzx9|3LaeIG4xP7;GE#qf=59!=!=;-{96MmDyb^cSokNH1i@cB&V0mALOz3q(8 zdK&ZJX7cNHolW@d2G`?$3*q+NUd<=Z68*++m!LDWU>wdnH@VgDJ+xr*7 zzi4pX-rNuHJi{6P=D3Gl|~K7(t1dw}r!4Spi`&kI8SzY_h2P5!+(|L)I* z+j|J$heeNi`A-q@ucrL={ol7U{R;{IwxM$n z$#my>vZH;44A5JX85-=%cWp>Rw)Rx>NFm#`raj-EFJ!O?jm*mp6?zGA${8qR^8+KN z<<_<52Xg6-MO~e#j8l_ls9AruFMn<>y`C26b zv~^C+AcX(JHUX(rYi8*x$e+t)da10rt?9L4Sg4@5|{wYwT?H>4K)zU?$b!Jj2z~|?(h0)>M2=y{G&LyvVOc&Ex zn65{my5VijbQWf0+PZTCg?wQ{TW2c_vmSE%J9IbvFP)mAi^=5shx*z&XJpz}rR*q- zRXuFGcbuc0=Itc1demXEG-uApA+Kj(-sP$rDm@g26pn-~qSC1iRho^WFVmX`VQJ}< zKLzKuB6F-wt7&g$X=3v7gmnr~lUYr1Z*CIH;S9H9QfbSeULZE1Udu9_Fg+G^P9Xtm zDyT}flhe-oK;bNU%J{~%@c(vBnvR2>FE|r-0G6<-IB)Eyx$VlSYiZh4Rc|f447F@k zWXw`i(`jrfRY*0B4&-5Z%M2BU+Z3O&szs|7-MPM80T#j(O^`O=Y+&;a)({|L zm85KCnBBv3*l-qT3z>PiBr9S`6Z5hhuhe6IZTLp=B7#YK_ z)o9)6RXCnYVM0%{dY7I6sDm$EMe0|2$+FCnWld^~YbWmQm^C+<^4H`xz~-rcC_4=D zhgHO?+GbXEyM0Pc8OW{6n4MV7*DblEs#;(fv&O@&I5s@$pst#YR|Z!MTrZS1t|mj7 zi-x;g#Aakz6dPX1CM2)BEXL?a!cK49Vv@xnFMVeU61RFVTh$&JCQP6z!5Lm&ZGxZ1 zD-_D2#!=U4jMTvt>+`7RVFfzpuyj4O=9)47MqS(V@Ov+d`g@WzB0^|G_-cqW0x_OBSCF z;Tdl7p!TC%E%$Gnh?xs8pE~3uac=AKpg)B5+20|$3p`nz9nqQ9FHbp2j z*WI0})P~@96*nVD#jPawe~EkrB@cwjgfnAFm+{MRhN#7_ zy}v14=~UtAVaA>fjYcyGabujhy}=9cKdR)oQG=>y+m@;2TV_>h_Q+p|%xxx>X<&f4 zE3BPZn4U?c>KW!rzp7Hciu$tHbk!AxK~802jFd_*1TeYTR86C!%qsE`sb+<{Ot3Zu;^3Um&}>no>?+~ zeka&Dm(8Bjp2nWQE(upayAFy}L}v+CNT-SwGa0ag^WJm9aIWVB@Q|%vpBc&xgBuOp zQiTnfwM}X~Dz@r!e^lPEC%MWyCmgYuA`*TqSd~VEx!dh!F%V}=L)JTuN2&F2c4)3T?jOvH85 zwF_x3Gk5}Z`O4%)H)x1PstH|$U4_MHuC(BWeZ}>u>6B>&vdk%Te{MzQaM_|<}#9_T$MX;mqOvJ-mI!_ z;$=HggJ~f-3;UKz=WQ!_nHBF;@wt}c*0s$2#=U|Laxi)(T1hM)&$zTRpU4Gm0dIL9 zxY=a~INIQ*C|`LVW!>cG&cF`Ln4t*FR(>P5IwV85$g_Tr9KScp#aswl27=oruEB%8eRuv59Hl3=XW(x?uT!9O#a_XT=e=3vc=*xEH zu;QwkPC?W1BeRExvn=KpIVscgBTH7D4gN3gVT{PoGNy8Nf-ixcU?wYXsN3t)v)$bk zI#Fdq-BHjiiW-MS_T z5%;OVD3&eN+?~UCpwmYCSLKF19&~$FXYHgon{ZaeZ!kP0pPlhfrAF3ehdQzw`UbPz zV9!%_ekVh$e+?O6yBX9I%Qg(l^~E9Z~ETYgP&b=V`h11&m?| zBvXfToBes5!r{rM}SJfQ6no|n}Lp5+GFF(93Eg>U>a%B6IU{i z2~(hwcMY!14bLAQ>{p@y1^Eo(%OKmPjEtH+0I_ZKaSf!ERH~Xxp!uWnwgc@obbM}= zg$Q)9R@n@XD?+I${n_>H5T}?MDYWrg;>d$ki%mW~md+}J7Dw|2M_2WMM(M1cMGMUj z$c2L7TA!$<(ilB)H5F z#q1>mDZvI0USqU)Ov$tjj%1b$2L2ffp4F|Jj*BV>}lrj!{S>|4&g={Lc zK$rbZ!V*)#KBJ)b8A?Ic_NOhu`dvo41&q?%NfzqIaeD6{7j{(vq7mw0uHK55)LF{HI*6S zZ7dCSED$?3VdE+8WR0aHtZCMz0mRg@;e~o9hTeW+r@xuFAZx8+Y;&45$s_t~+nq2Iw}?#jygFdzu3RDx}BJE8|$ zDt0}Kt*pTe;dRbZh$+M&3W81?%4$~Ea@69Y1Z2&)=w~tISh1YVPikkmnr=Ct>1oL; zp;um&DyuEpj*{uwVp?m_4?~J;@Pk_Ft|bbv{!mHZEI}ZyaysWFWAnm|A`$dHJqs$) z-1Njq$kZ5|iU(gnwS;quCa59)fi?RjDS@q9P=l#HiR>|TwZj_6;IBJinsYl=M=ppx zZ!)+NDK*U=;+!*@?}KA>Ou%%ApTp@CKM^ecxxzekj2O=C+NK(D9xAg$oiux>uJsFz zk9i=S;!VJ0B@v+LecKhhE2Z4V{uvW93Z0rAnKL-ZQ3vi4+nOCgGa+tqAkqh$UW)_F z&T&t7+frlFQ{n73*yKTH(MOR?0CQD`&w$L19nj?%5R6->O+aT_^V3+J`E|ljF+$m% zJ!ZZit9oeRFjnPB?bfTnSk=RpSKBk!nllTvC2P2%rew#O>9tUGJ6I2kQ_-)3G_++5Ko$8v41WjQ4E zx(Dp0J(+^5wsp9B)o72>dpigF=*FE?tMVs9S$8%t1?B+M<_A3bxb#u-sG~QKLW^t}K&|-uv{c%^n;Q?}r$lHt@StT%~k+ z34DcNLP!G6V)W!7z^^NZ$EaEg7}v%D4OP&Fd95wVU@<8>;Cya#Fi<>x{w5h7ZcH-a zY*wo@hcJuWijkTD$5KG&$SfPOXXRPyXs>;^9Cvjt8j0^(=t|TbtX_-ZElytYMw{_6lc&srf*n<=6zVd##ssdR z%N8=|j4#z?X#4=7SbWUlvD@l)r7#~%hj48b@PWn^GeP5-%b0rFwo$ZRjvZZxdRHz8 zVAg>&DHgX?rf`DY^kTf3FWaY>l^p1m*C#H3L6mgZkm{r1&?u7~UEgNOB0UwB)}I$^W#k902y!q=s$3r?v|i0ir%sD zOvRmTV^bz^xbno&Ratmhi|cKyH?($rqwPpz<>0ex;MmMgyj{bIUmvSxVzIPp z)4gJe!N<9;rhP5EEVf5$>1GqnKiGrwlqCi(>8pGjn#R`Sz7x*0!*Ywq+f`rGu=cu3 z1-4|t3k3D- zgygXiQSPp%T8{)8jAPyn+BxsQ)tz8$g8RgHW>$OCvoUmn&Rcz5$f%>8PtdL^Ym>qQ z1z<$RORa~=lAW|kx>0)NI0ckt64|JnYrMMpOqb#(RkmUZG(wxrfQ6CWFB*@ zfKaFA44m)o1B)@5wA9!awIo@^DsC}|+j#Y+s# zn@=U}v?0Cx&+q^lh{I6(Bx9r=?08S>K`LSnmIku2f`lQhhzRtSHjc)Iqa+a=T)agq z4*@;r=4fz(<64T4Q-R8j!11w;8JhSYYam!YwggqyXi-swMcd~zsp*zgV?0-8^`RU) zH>+?DmRk(ARf_;D21RH|x0*dFT3N>yl{aK&7iN1&8;`!LIcy`0Q%$GgKsxzd)muo~ zJ5$E$K%=6afYenyt%|NGsb+97;sr+JJ8WABA{L!O)_XIpXK;93cDTC@qWUTN!Dnl< zt6(HRz^9MeopS193yN$IB+{b|1vPA9DQ=`QaROE8Jv*g@NNTR#X-3fLqrx5NZWpKs$aF zj1VpsdW1kH#p}98V#5S`9;G##6{Q>6$G$=gu&J@?=P+gkd-O4#m_c!4$NWm!}{FKNXeT zii<0%;RMSLR@+fj0&81wI+ZC)MQQCwHHxmX$RkxX%#lOIRs1qWu9&`GgA*r;)sz^Mjy?r@G2vV@Y_&w5nhO_1HDRM^`lt@ z(cDLt(m9YW7N}!SuG&*fGY&sN38E`W+e^W1eAnsTV@EtxaWY z>H?E;Hod-ysyi+R>a`w6z*g0(MK)RRYM9+*jg=i8UIIY-3tdx*F8I@+nX#tBHVqc^ z&?{%KDU_ZlSpbioWtQr9&x-o=tLjB^(eL#4jnJGgzHekB6>98dfwnbQ7JlIHr0^nL zRh?W+N0{O8s#`ooXGm5AxNO@pxNJp$K2P|5tE;{-o!8FsZ-qmgUBG<=7MNj(`X>`n;87t#10Jn(T%UR^O>$jWJI8vEdWk=IRR>p$%hGDCl!|3}PKv$W{%G;!y!# z9wJK!OVgO^NyZDJPyU8X2_DZt&K&0%JO)w=M;ftMF;L*3t0iTDOyxulRS?uDQu3Egd=j;ftA`K@r@ichiY0S+(A$@dJ?i50hn{2$8s1x<_>Y@QBD z)=!y2eD|WRsc8)ja2YWUMvV_RK%~NqX|432N+jIjmGh{928n_<=i^-o5Tgm=MxUKB zjddIxMY;w(^2TL|Ht^~^k4UBqE;T6RNU1Cyb0f9Qj2F%-tBEC|Z#?!aMXoAFm58QG zu&nr<)mURz%pyY*@?gbPa>4fvyg-^a+*=P_sv~#H7BV)F06pgDFgGho!j>DKpJoOC z3wo|&*i0BVLHx5~dw!^Z-M+)L4<43EkV~Fd#omBs$fs4~-y0^R6-!@+ug<74DIMb= zjJ48E0;+?2A`?lhLg$|z(Lw4fptG<{OZN*F9X zMoC-@g&A9v;ts4}LAvEFV&PAPbu5_K^hlXYS(r$0H6zg&%I`{FITH!lq9Qaz+gw^) zz7#D^rYu2PoJ5tfG)S}xaVpR$TcQTP*L<@xgle!r)em2>$3v?DTVYkEx1~Uk-ugy;(B3FgGt-`qYST`%63udJ0~(Ij=EjC4K!J7~ z!C+!jj$kyx{2x@H3$E7%>#t-LhT($!0hnQCWb|9=?A*;l@aAxCRkkk+w{)$NI=l&X zDZInbr>ko==;YW8Ic=TY2yL7LbfS z;!xf3Uf2?Y;YeAFX0=v`O{tOtGtYy^!QJ1pBDrE)(`Y>7e;K$(Ve3yIf1H@T3 zJP41g9eF6QHm!M}fQE5>)f#lKe=8Z7E{qYSQiBm5c2c{|^wNH|-d0M346bgc&@6neEEMlkrpwP*$q022YhrzlYVS6Ryr1+K}mjH>kk~-3147VEM-(uDmut zO_?#(2_J14ueeg^Cjq{IkV1PNM;l;@-R!CJB#bn1b7fJxOgyV+iUIc2WfZGNd4`dA zS$YQtK10o&0mp#6?!>9No}Zv;FOfZIqjwB?p7|yIsi}97bhb#djPmv!ofma1gjWm~k>OCk-6W zgw+q7G_c6p>qKFyvhh9st)8RKCHkeZN=G@ugeyC}5vEb(z(!Dli9C_Eb=RI2^!?@s zlD=OsY~a#oyyialgC?2=l@HW@2t1M6*KoODly0BCD3Oc@pit=({-$h!yHh?-u%c>bK$8oUyV8n@XGb;b6$lH1Rv8(3+J~%nUo*F{viYHnw%zs=!4Iuwg55c*+eMV$4mBEIS;CiH7hzMMX6x0ohaKa7z#4k?ryjUV`Q+W zx=?gz1sf;3C^M~Vuzx5!oU^f3(2FrUXnQ}HI{{3Z zcGZF$GXRsR*XU_YnFYCQH%SlCCQBB4qXK#*H&tk8b+p7p8!DxQhQMB^KDZq91|ex> zPT}Fqa(ZPU7(`?Xb4$#^yyLd)MOYNByRjY!S+miCYpk*mw47T#I1Jk+u=0uq+i6~Y zWE={6gA(B?pdGUNg70+dFgQyG`!m_DE|_ArdK}0u?~&rWPj_39OewOHh-Wohe1}1U zf=BNa^&NkXI=2*bOtJ!(UGtdm!CP>YDciTAp;skoY%5Yqyltj~%Kt)dg5)p6eX5?9 z@~2!of4A-QrB;oL+o>w+6}ieKH;i(Xbx*;RDCMvWN4ByK&5Hy){}LZO!+vJ*+z(4EI(AK3)b;KY(gI#W`U}2?z zU)8#Socx3hcwXs&u`+Mj!<9pbYxO(JFk*L(mVNj(t{+M4O*)WWHs%fvz?FTYT?Mfj zu!hEsqE%IMXh>-%r5Gx>!8JB0`D$1*In?gE(^qJv-`V|N-SQ{SFo`D}F&n2p{)vYj!~fmW4or*xi{3~2s>#on_~%^) zU6p)u@!xpHh#wqVJ^92TF{YDG8~*q0$`yYNzv55cPw@`=i0?PkS6ShnCDV=I-@KjA zxLL|vOy$Hce@{QTXLH`Z{}`DKVSdbSG@o3d;Z12pZQz=|GU)0CM6yiC0?-py<3h zlRJ)#X0N%b``~}^7Q9j7Ib`~e#PHjl#M}PE-m3g3Mf|JZsrh$rNdE00JnYrM-yX_` z&ysR9A3od%bjqE7`0v7n>A%?jhyC8eUYDjA0*6iTAB}>;W;$#se+`7ge#>8%a7TJc zi?Q%uy2ePJDv}TM|9WhF*oo-Bb%}v_BKcmy9_^)={Qhfg@+ZQclUQPue4p~y3zdvz zM*jzWoB0~zZ(h)(x~%wnX%2U3kh!dXacPtB&GA|9e|47CQ^a2^4zxvM1r@eoB z(<=>OIyw9ktjzI;J#PQqbE|)wBKc@C@hs@C=V$3>k>r)>zkbNys78EGJo7xvRZ8-9 zGx0Hn#Ltqek00oic>C~IYw5o{AblNI@{;rjnoZn6@VozRw;VCJWeiI()DF7ttqIGZMJ;q8fYrV$mFa+$*q zd+22};TLe3zvpkBurq)2|JPvR;Yjl7cJfB|Urb2Q_h|F8}e{!h&+a}xl zL+rDvpP%^fMZ3gHJsU znYZcE_R%gpV*}DoO|!3Ti9fO>{^!6U`>G2+8r~Xy4E$<1<8OyE{;3rHHk^5WfHO~l zqwF7&_0y}T@UC#?9|dQg2U7T&6#iKXKLF2;e#@REqy8N5BJgA31K`KQZ-6uY2{_}o zz!_gPYeqdMBLDgDli(M@Iewl>;j7?zkmpnQ3Gi>>?4M+9$*<%etg|efbykP7&S@$9 zWjO131I~K#9GzZHdOd{`F>xG~gcpHVhZlu+hZloC0B8MA!%HB36TA?72b|+D%P|@C z({sbQz4_rBKfB$N!z+8@zZ{k}Z7J{evfz8-!W{7ZNR_(AyT@LJwc2}-L7Z{{BTnJe+{ z$*;DEKLhc7;g#US;oQID;b$WLNjT$QhBN*RILFC5aE_B)$J%zpeu@26+&xiBrhce| z_+%Hhw{K572l4EO2Jp(*uBOP7Y$Mujo5HU^9*&2*;T#XE;Af%T58xap-@C{D_3ldh z74bY?3gom6kN8F24<%A~ZTIB1RzW>o;8o$*!K=X^gr5yx1wRM=8l3&G1D>3dqyKlq zYry}6Gk@;mY{L_wY0O_7&itptnZG`~CfaQSXZ{{=<{t=W{?TwA*SEUIejM%laVp|D zo}Ym8xPBhaaNFQxfFgW^03`OaJD-N&iP>qoc(q$obivr8NVFP z_*dbK-v(#=mvC;^0XVlSd+v;J$UM2=ocCJ5Yhk?gPvLjK&qe$b@Y?Xt-D6zs@^SS; z3eR`E1w{N{zfLWh!f$dW19{Fz+ zKgILknj-%KIM1`|;7w4^Ryh0Z=MS6x&DSQr`Gk>j5>L~uIV22RP=FJAMre2cY`-ayMy2yZ`Z8Q}?6=YG(Qoa&-zFlS{WcrUetQDWetRCye)|Q^ zI!hML*e=#t**)r<=yldWJnOs!&N?rLv(BsFtn+#}uTQ4HndjLQz6H+wyWq@o0M7V) zMKbz_@#Wx*uM21W7s8pRE1dIZPdMk#MR3kbtKd8?Ho-YB?SS(-Dtpn4?d3SB31|NE z;Vp37^@H=c8wKZacRQTN-IH)0cbnm?Gp*R+>u&?+IPc*e<9v~i^S+4ZIKL6jaeg

XY1)`P(9XI^x^GABA5C ze;Uqycn{7zd*ICT8=QI4N~M>dmaMZq+AZv!pfu*M1ZVzQaOQ6fzXY3Sj_`T#OW~{FtmjKO>p9?_ zC9xUF=c3!P`u3E~*se~>g>Pzqm}!ndUG&r|sR6kfbS`sSryw{*jPX%BA#?*?aoUIpiVyxu+f zGne=0&4}lIoDJuGd;-pPSHZa-x4^kyvY(!@z06Yt&OE2WInHarnWqt)@g3ld9{^{& zBjC(42F~N_EqHhAugVoOwwL?mJonfy@&3LE;<;bC!nt1tz`0!`;oPo|;jFXl8Hca4 zntRl_!^cl;#Iw!|;jFU_~)YISV8H;$l!dc@E{6|9oulB4Uk&GV>3i@& z$ny()Fg(xM8TAi=mxEsgZw2oM@8TZ)zt;P|H{yB!HB{o)$9#f#-hbTL7RaQ1&s_o)9hufHGS z+5e*?ev8N7fOyt_Kb-YH0%!e8Q}_!hd^3C~`x(ys`%`${>KXma__8UyRtj&O!h5Cg zktzJn6h0Hq`Qb@8kM}ccWNg=P^iL-^~Ny4SpZI0{jU$*J18~b9?u@$M)v( z{g}0OM*ZC0B5-bRc{sPX8l2nP6VCV%aK=x7a~w{GGtXmi=2;GBo>g!jcPG`!=m+*& zS@-C-_TF!2AfEkJ6V7#;{ox#+GvFK#YvALs-*>_}PWHJ+opGEVKs=ArQ|j7=M0~De z?C)h$czyRoDQVZEo*wY=@Con<@Okiw@HKF*liUJlKYRk`^S5u|e4du|JlnoRlWEMK zAI|(`;LKkc&iswxe2;JuocXVSGym0a<{tykg?_sk&gabc!rAUZINMzgXS-|Q$D!Sg zaJKsaob7%KXS=_{*>2W)8T*Uv9_Jq8c4khCD~x#7QvuF;YQtGiQ#k9n1J3>XAe{N1 zgfsv1aOU3#=lt`5du;FMH2eAt@tl7S!8vaqU*EnjIsQ3+7J_sB>0$_1uI!=fZD>cZA;p9}T}1epd?L>>hPC^g7=`{AA?G(a7qI_-*#rw7l+#&@{$Z zk@)Q%Un@m?XNmvN<9nruzgyy4c>NEgh<`)kV|(9A5kIMk6_DI6?%&z)Dd?YP;J3kV zY?_hhcK87J~!G4hvgX6!0A$!CB|e?osC|-@ykF&pMB7o6$eKPpkmv_^b_| zj(RS0k9IeCyH_Bd&p(Gte5|**9`SsBI0eprTLfo6uYxmv3!K~a3H$hNEg95&WFJ{4p+mue>b~FKgT-ocM#A0`!k&VlkLKc?PC9&0OvSt3um2U z;jHsc_oy@0f!~LC*0}=CI$wda&UfIfb2psF`#w1Hl<@~CiCvh+_}XyBw}-Rc{&2=m zgfo67obgYl@Rw8gM{wr<3C{e-U6irk8DARCey9Owp7Y^6zc+>R{C*dl=Y=_N9*;}m zJP)pg^LqYUILBx4i!-*D`A>tl!13D_&f~osoX7hxIFI*x;5^=!!CB`QDg2yEGV15? z)zm$XuULQH2Jt+;`onpAT?^;_y#>y3@+h3+WDA^mzJxQ+0XXwy?~t**99OyE99I{> zIj(xZdA%_j&hc;?oa605IO|-W!neX%|J!iZU%jJkZ*o7j#W*}4-WvXtdvd%h5R+Q6Bo6P)n_;fx;%XZ&?=?)O!2j@vik+>d+U9JhbMId1cGK79Y2ox%Sk)dFd7SCD@Pez&Q`>gLgoD?k*YicZ8RMbG>&>IP2*RXFa3bWB!cm&+&-o`|f)r zKGu8BMLe%p*TMPx^Bp+n$m*G2b(v;O}{eGi<+`$0Ij_tkX z%lMKhym|_6nZkRf@R2F}0r-8W|4n!k_(yQ|=UzDX<01DfiOtTQ_%By-M<>3r_q0Eg zf8~BG2Iqb}1I~79!nq$?!r9L^z?o+ToO$NMInGzWndc=qHmSnROq zJ!isMPj5KmN5L6?1DySTFPwQ6!PX?|O*ukN6gFj`N;yj^{yej+3b=d={MhTp@X_#x;J3O*f5!Ulsfg$O)Le;=_0NkD&-pvUL`s>44f6Ej;9?t&1(>>~m_1pI$p8dZ-;$!{x zQpB_VSK+MxZ8+=yB!z#Q!Vkb7Wj_zf=zr!vErr)j;TNXxJ}G=m3co9bKa#>Z&r@ALnq&UjTjEB{p=QPB#p0nVr=X}Yt!Sh^zc;>kf z&OE&(&pV!H0OFZv7@T>=!`EPY?}0xFe*wHdyKQEluMaA8t z|NlB35zp(TTJW{V-x$vMza5;{S6$((XMlUu6UXl`#Iv58;H+mFob}9xvz|q8*0ahz z>WO*aCB(Cyci^n&Q#kAS4$gZ1fU}-shuZ#)dSX7w=bqRlnV#E}fwP{D?bU5po?;iEU{I(eJtY;0J^=yQ*p6zhfvkT68 zesYg`VxHWOc-C|Lu#DrE^%R1$o^o*3Qw7d?>bplhG2b>rJnQKUXFYx3tY;{k^^AkF zp4;7{o|w1qK|JeO2xmRZ;jCvZob_ymvz`y#qn?=mKSw<4`3=r`vJKDJkE|yzob}X( zGrldH@txs3FARb+&qO%$+zw}+xp3xr2F^Td;mq?koO!;6GtbX(=E-r*;rp{FoO#N_ znde+M>uCdLo=$M)83<>d32^4Q4bD7s;LNie&O9%|nP(fEdA@=(&ptTwWFK+(el7xM zo>Sq>QxVSVlVNb)?>qv34c8T$;BUg;gTDnoab!mQ+u-HlZ^IkG-+}jrzYD(+z8yXn z&UJ~4;e4O_D*Qdi}{D;`ykKpXjui>nJKb-9zbFKAHv>VrT$Gaz*Ok=wx;B2=dobA?u zv)!id(QaJ7wLv`F?Ez=I1L16UES&A$;vVhBb=qBsXS?&@YVqsCn28gmWQ+5YH+sO2+nrfxJSEjJ<|d4Y_~6* z?GA^t-AQn^dzX8(8`mu}5YKiO!P)K#INRNo!oP=ee#kN=W4|y@ZaCvhz!`r!obh$x zjBf^Kd}lc0uYfat6rAxlz!`rpobeCA8NVFP_!r@fe;LmC_7I%oA?J0O=eM}8&+o4D zTNyaVLuEMYtPf|qE!<-q#(dr$@f?Sj!`bdtaJD-E&USBek9K1|pN@F8y8zC1m%-WY zdN|wN>K^UJe7+s=Z1-z8+x-R3cC(MoIF8tEe)niM=JP^`XS)^QY_|rS?KXq6-S+O$ zZp`PM5zlr9!rAU9INQAy{t?dm)7_)pxR0KNc(%I)&URPB+3qGdw|BdHv>WGAWpK!LDXWZfUZz1<+H_jua5YKk2!P#y-INNOt=k|7Xk9Olc(hKoycQ~Bwj)$|| z$5Z%9IOn~MaOQaz&iJq4jQ<(V_#D@#rGF*oL&l!~XM8z0KLC0cZRG zIOE5`8GkFB@w4EJe-zI6)o{kY0%!b2IL}i>$7l5OP8`?g!#{y{fPV@f0{;v?4!#RM z9sW7|J@^;!-S98rr%lMHe>c1aocG;L;9ntrFr0aAf-}!-IP*LPXa6sOv;TjBuRuMA z;9Q?jbYjN#evJ4!@FMUg?pYGw_6@uhJbU8bzVi1eo!k?lX?qag7tZH$qurDFlX(t# zo{5O(bGbX<{Ji8taQ5>PaK6WU2hRBK;CvpE^@c=oiLY#l{}`VK&isYo+>gcK+>cAr zv!|v1{QqQM3_Z?ZnRum~1}ntl_w%h5zr^F$h)?wV>%`}H{08xf?ivnlJIekc+4sr+u5-^OKHfct_>Jzl z#BXuWD}I}M{NCqiw}g8^iJ$IXM0|#O3GrF(WyI&YmluE7y`uO+_sZgryH^vx!o7z0 za`)Qe&$`zWf8M>J_*(a-;xD_m5Rc!V*G7D^$F~=M)4hZEJMNvu-*@jO{*ikx@lW0R zh(GJ&xxe_=9v{EYFviIn9zRs#FZK8l;&B{}79Z&G>vE@i>mQiN|rYUHmoAze7BZqn+Y$9PJX1<7l_|`<{P~ zcpOK2#p5{IC;o-!`Az(5_XFa8`f-##>HFNDJjQF%Ay&x!s?UKl36lK-6iZ`^6g zzon&B6YpEWJbBNR{EGO2?zP3^_d3)QAMWwV&vr4-DEFq~k9$2W#K(Jl8}S?6+l$}g z-a&ku=TEL#Wj%L!d^hpw?!Clkxc3pC<=$U>uKQr|huw#YFLWOvp3{A__*3rV#Fx8I z6o1zJCh^Mdlf~D%CqI+Oerx4EO}vkL-eWSyud8Q&FCbpEu6aT6jvik`ytBub5by5s zWyBx$`10a6yH^yCpW|6s{G{`&&T8Ua+-r!>bFVG_je9-uDqes5+_E_CZg6ie@o9~% zo(|%9-8+jHaPKBw(7l&<5%)ggCEWXqmvJ8~UfzAEct!US;+5S;i&t|WCtkySqIhlh zo5bt6PZn?JeusEd_i5rS-0u}{<33Zoz58tO4({{BJG(Cs@8-TpyqEhD@jmX$#QVFi z5FhNmT70Pc8u1bC>%>R9ZxA2nzEOOl`&RLr+_#BOcHb_3hx-oki4E;|*(rXn$L|uK z>AqWhw)-COdG33~mwUVW#20z|Z{kbb4~Q>wPk#uN*p!$bR=8(NKAeKbcI6PS*~sE@ ziLdiKdBwAOd;#&Y?ghn9b1x!(hI-shIljg z+TuIBf9i?<=H5{JfO}K%v?kX7EyT0Aw-L|b-d;SHdk68n?w!R8xOWpT=-x}bhU&waA^0&n*Y@unU>O}vHs zz2a@$XNtFXpDo_OeV%w{_XXnJ+!u-Wa$h3e$9gEv zeuH>-kKZUh(c`y@-{ihce6ss?@jKjih);9hDSof}F7cV}yTxa_?-7srd9U~akKZT0 z$o)6*CGH2rm$|3qu=(S!`QJU8_-gkY;%nSJfR`(*}+uTct zZ+9;vzSiq0FTT^`D~j)OuPnaXy_)zQ_Zs4R-D`{QbFU}9$j5U-@dF;;RQx56-zENM zciXSK#dr5G-y^=qeXn@@+>L$W`#kj@5@jU+OY3R%WE0Qkomb5z3P=NP2Q6W^DtKYQZ8$vLe-^=a;`Ge7bdL7jZROy_%2`jNzQ zd)aTr&@S^=PT}?7i&1|I_z7_C$A$3d&t$(XNqF>EJLDOK_$%PQWB>Zc`_jh=-wR)a z_-m2JKQ@sbKM#I0;*-yaV!z)FXa6jQ^Sv|sIn}sYhx{B5ucYt|DSTrJ-;%<=gGc`- zC~YtNENs^g@blq6!dd@5czMMC0{6#Q>HYsJye;B?gZF{|4)>3RrRVtr&i%;!!a5Hi zz7p~ugx81v3BMSgD*qwGv)#0#Gsaa(6$7A7aHz)jb&>)_MF9cxmL%gZP&4yl~FL`!Mg-Lpm8$9ZWu=gBf~ zj(^TG=VDxyMSNFyIXL?v)i^AV_%g_I8oV0(XB>~LzXIavXTbfnQ~GgN34RXpugCsn zp2~riiQ+P+@ZwBuTZvyA>c)<~PZRAN+ ze=Fo+|F?m2Jhz4W>%;VM-Wtwv#q$O0zYy`Moco3GoM-60u)Q6SpXWjL1Fy#}LVN?{ zX%FXh7u)TR_)8E!72XlP1!rwFNJr8^Zt?7pFH1nL3|11=?dq3bs4-U z;(49M{_KYMIv$@T@n`nLf4OoRu%Ejlp69zB@P3{rF;%7YgmeC9{nHT7>(Zt0UdZzX zyf^%N_~r0@@GIbHN7+9l>+AzR4$kA^MC7>=@$KP#;XUCTw;bmjpB#tuN0Fx=@_z(p zKV(P!9M8Gn?1zGI_Cskn`=JJ$#|6hB>*x6>`7=A?zP=OcXZ#>I^YggieJkgm0m$!< zgVX1|fp8v=%wH4j4n{oB7gxbK4-bWN9v%kgJbX1g)jZ7e(KU$gh&o5Wd&8NZ^VKNC zr*ifu<2j$xIiHV4evWhYGv^=PUvQq`{RQW9w#)gP_ZK{l*l(%k^AhN{F{q#8`8qh~ zRbKydyT&5^pUkV{kcac?^>EIste^8L?{_$_jz^v&nO7$u{(mvAPDFmrt2e+ouX6lw zym6dxJkU9>-iZ81GOu!6{a?0`XJe)8V(lpM>8Ie-nNO{3|%)k4|yED~tHMkcaony#L~L{#3-X zpQpij|8*~%_gTDet&e){LwpDL3^?ci`{CSQ55PIU&4Tkh#c{&p_d&$-d@&n-E$W;D zza2goJ_r5~oco>mUq?L8N8H}|$iwq8<9Xfw2;%wNtPY&}cR>n&G=(pO^Z0rU-a5s0 zodREkcwV0@hV%NQ37q}F>p*VT6Nu+He-h5~=~HlCS1g5hME%R)1L52+tY7~_S%G-=+izJju46f0J&X8TQ0FT6PWWp0uW;V)^WeGm2Uyz@Ss=baDWM{?fb{VC5oJCKLx zoe$wW?=TO~JB;Ufhw(h`FrMcf#`CB=hqw#HX51I6r@mc+Ptz;72k)^Em+bBc1*81@a%s{LFq} zopjF6bk5J5XFkV%WPGZASsS+0%tv( z_xN1sTEw$X_VX0fvk39u!g;^{9sEbcbHC(Fv0Wt)zZZFU9{B-Y8u9z!jQ<(V_+Q|s zBhRmJURQA3@_7sUZ4mNs++GjoxMe@He|X;Eey@T&jOTL$#`8Ld_49euZ`fYO?@!?e zQux6X{wJK*&xha_`F6$o(Aqf-F2(ky9h31KfaCcnIG;affzL;ttnd}^Z18pPqv7wv zkAZ&+&kpDNO+Ftu8RI_(;)}qqK>w77^Z7tkIPa%Yy*K3k&53q7&X0rh`kDSuu9I^i z|4#H9`r*I#OH-qg6D&C|DFKn{8j+Y z_!Hq(k^g!0Phu_)Tz*+bM9)W2~nq>S>919$&rS9TCs#Jsw}f5YOXl z9GrD>zwmhl_e&x45Bs?YocpCHJk@m<=j~#M=XG*%cnQ?c=R!O`mOwn;x0ZzSdao4x zpS*7^jXeEOXBqe?IP0GV=W{S#2XcPk^R%+a-vW8c!F$3v4mZJ1MSM2Q!{yrP$$P>1vtk;H{|Dd;CiQq-am03 z@9*bv-UoF@o>u5jJ|FIy!Y9CcAkRuT=Z7tD&JV|+-}s!I=NHZo#SqW=;WRks2OeL1 zF2{bLcSfD3qyJOg4{|=KhlX?4k?5`u4x359`|6<e=$w~oqE7a6EjZ_;u^1fyY^@qZ-q(gfuBU(8E< z9>sZy&Uxuv^na>(iPtB!5zp(BI&jVdJkS2!``i+k-_ApR&cpTKg%MvL&OD4SgLpm< zITL<9@^E}MgmZj0f>%eL#&BL|GM@8%6U3K8o~CflZ_VH(5Z@fm=Oh=vIUlxwvwvE` z8Q(gEw@Kk`;hYEB!Rw;_3*qhH99OKTJ>uD)TrbfWc`iXb&zoE?!Sg2lpPV;&JT`@aMFf#dU1cnQ?Qam9JQ3*wpQGI**y9G~40pX&Tu67}#tg6Chp zH{m?i1Nk|Act6fMdm^6mXD|3ksE5x1*gw4y&vq||bGxp9^LYZj5!&s8_)3UO#iY`XT>C$lo8{1wH`Y8$J-u^W7jgk892|+>b*L z&vAY=Jk|DcoDV}h$HQ*Sc8x+k91qvR zIUYvCIUdHqIUcTqry393?_&{99|z}k0f=ktkhjw^oNnSMix z_?uGr%_;mAIFFafaE>3&1N7Sv|98h#xitGqOg(9w2Y9`72lAhYcs^(2dE`#S|C9T; zyO4+XaZ}+(avzrq@w|^?e%{CNc{uOm_&kmGadhs-X=s<@@NPKgb9#OBGo9}vrXx>x z#NPw|U$lEK@*hdN_aUCwZ+tGt`vqQy@Vc&Niu20B<;>YJoh7?V;sqToQeI&d37%G(|O-l7UTRO#Phi0_^F0? zo=47y^Zu0gO>DOt;^(1V);S-}^AXP@C6I^nIrBV%JoE){=6MwUcgH{T_fD~279xL1 z)c+Wq?b3N2vIz12B+p{xVLz}=*3%d9^-w>rxA`37am3S~fV1Cbq2Cz41o8AI;T*S5 z!MR-=w|t(n6!DxNmccnM(d(lh=&j*TBM;|?5u8;nA;im+*k}JaFcJE=B(5;mrR6ocW(Z{u8|2Gp68|dVEmOc)k?zEq}AX zSbviAEr~qIdz<7}Ir}3m>G8XMl2ikpYZy`IhHd@g^S|#QN>1r~M+!^OnS~{L=D# zCw~4~gG1uad}Hyk?kn==e$xWu=Rbs(dC~lI`?kOO;e&S!>WTk8(jeB6MxLgBn0J@> zsS6DHh)-W`+dEGDiK`7Ji4V$Wbv`H_`QyGa>M60(0^@US;e)$cyK%o6KI3=G|AFN1 zvdrRli$|XC#Y^01aEyK1U;UZ$ka=$LG5!m$%8DOsVD-fBGm1JV`2dOED-`}|DT}{A z@_g{Pc@Obt{CK%iyjMA^^A_?Qik9vsydRKP@k@z~bV+_Ax(QeDf`qr>gixe!_1q9`WtOTloZVrFg{$ ztiB=QAGWb}?-DOD*Wzc0KjaS%SBv)D74afIfn6Z}$N$ zev0@@)2+@K;*n>r_%=VV;#w=(-T$ZM-yrdkC;2nnSpP{mEdDF;h)@2^J;rx=+TwE_ zo!PtjcI6k(|Gvdn5dUSAZEqFv4{oyf=HgfTywpy7Of8EaDZa0P)t6jjko=1N`T22c zH~AR>`VIT-?+=Ub_{coDRxSAzc_MzTc*DvTms}&1{L=W(#2@wt63I2>hl|hV*CUZ9 zTQQ3}RXplBQ+$Ds!{j^S!{txDqokkH-Tt0@W=@a%w}_vU&-y=k4}Q4#M{ z-x81fABex|7Y=`lNBl9_Gw1)RzvVA39`UD&XZ7ooM&c3QQv8jREq_1ph`(C=^`aJk zr+ASjR`-44Uwv-<`IPwd+7|z;_}jzH-xZJekHx$1vH19X4Kc1FK7KDl_?c_0o|1lp z5gzfUiNA8WZEs`oh;Jpn*yrtj;%ohQzgoPQf6(Ms@ra))KB}43vsAoRar3vtC;NE& zM*R8O)(`Rf2%;aVHMczRdk4aQuVwulKmR{`wZCvHd#wF?c;q=l{KY-iZX@y2PqXiD zDgKUM@AVds_yOXlRkZv!h=1wVw^PIiUTX34#e08dzF2(N3+C&^t0Zr35?`CdpIU4F zxp=2Xte?LX|KnVXKRVfwiLdC-wKL6gi@#9U@{|?dbb-a6AwDOo#WxZ^=6ds%;s>v= zJiWyiK4|d+#Fy=|_*=yzeyVuuXDrVm@!PUko@L^jp0xN4;_du~X{-4Bo|b2~_#Xqz z_ljRT$NK%)?0pCX>sZxGKCf6}j4Yl@e@)$+F$kNA$_i>q4v5b+=K+V+kVe`>qcJzYHFXNlkH z3lCR`NBm3TKQ^)aJH;b@w|KMHE&gbKU=;m%?L+3d#V6LV?X4gl@m0h}`3K87ibs5R z@u&TT`2_KZzg7I_uGY^B#3O!*_zA78{x`)V{(bR{{-E?%@#)>Ie-4Sip4;jvc)b04 z^yg&1pDiK&oj+fyBOdXM#8>(CZ4dE??<<~mnbmQpc*Nf)zPXasze+sfUlOm@%ku9O zkNDl02!DRHMLgo)75~mZsJc%);tz=T9c=rhm|vGgzb$HP zUQT@GS5|*5@x}g&yBmmK({rhi%0xh>Ps#EA$8wh z*?pdle%P7E;;V{B{&U3-`7f@&LOkLJiO=h8`R^Bx_=m(-`GeRk;t~I@_(6a0{HJ(r zzfL};K<52^^%C2^XNjNiu*KCBzqh{C-%I?I^%mb>d`2_#DdJaEu{?K+kLhNGPIMZEe7tMg9ryN|N?S>jdqnXeY#@8_eJ#Mi%O`L~Kk zp6|qq^tSk)#djRAcC+~NfauR$XIej$5FhFvKtEOd{PC8*nt0@CCm#KCsd&S=mgfrb z$TLnn`sXI`)q^e1-Qtnwaq*jHTKsbH_`SdD#J~R9`t4KkYy9uui1+j7mixq8kFs{N z6|p~~|7Y&BzvmW@{3nS={^H`1zk+z-S(g7y@yK68Jo48UkNll|!Ex08TX)MpT)adN z^E<>Bdi+B1FZ{Y|o%n2z|495C&;Ofv9{2qIoFnSo;rBnIOITgun@8FHy(NX;DPF-B zm@E)~xmK3+#7~H~E@Jstil5`pnb(UqpJ(xJicfvpe5ZKCe<^;KAHRphi@s}ljwzXz z{uTZ3!b9e#h-dNRtAzM(7u)w&6|d&k3AMzVe`4`%)qQ(Ah_~_U%>LrBy;qB8IbiuG zi%0xa@kPH`{37v)Un*X!j_u!#;_=??E%Ehbk4kS~uXx1&Dt=rQ%U__B)fM}t*H+6@ zSiFsIZ#D6_KRQ=@ir-&cBwokQ6P?AMonY+_6Mz32t8cV;@dg&ZK>WIT7XO6!j`9}& zy!bGG9{9R=AAipOw)kteS)R|t$G&C$y?E8VR?mL%2^W}WDQ$m7|KERnmUK8pywEY0 zzl3z%Tdv3$|b4bQc|7Z#8DONn3Z{m@SQ7C#^K5-<3G^KT|y3 z3(ON=oc)Qx$NTQ; z;uY_=?P@L_&tck$&uV4ygT$}&>&t7z>u0t2Y2xvmZKn7^D?e?ec=Yp&;ytI?H+&?% z#^3LMA%2gq2l!q5v@%xbai?bP=kxt~=>+j7{kdg1@$SBExsv!zYb}3k@wd(}?;!rJ zKi}&n-mkaSceQw2KMyOPx&EBTS^wN9{=45t+$G+`pR+wI{^K`R=VI}iM_c|E#Up-$ z_~yD+-zVa69kN?|T@{Nz=CsV)^_ia+a*Ow?W^rj1GRNn<+5UdKc&u+PEZ*7oduj1u zK0ePCkM+GR#ml^C?OrM#`Fn_OTx0z_R{UIl&p289hUcxIY2qE~n=clRbu3SdZ(C>a z8^p&vZoXB#NFnpj#N#}>S3K6S9~8gJ*MH{p?aP_yuH^g{_jd)vJNa{!lH#$RwvzZZ zA3xE5kw5lJQ;C24Roh<|iJ#@iV`uROn=F2$c&y94Q9SZY5x;1i?e{t2v94)>_?F=o zzeYUP#l0f_QV*;13-K)LZ9nGn=g`qVRVSI}6MuDs`AOnm`}4{2;&~fdo#%+(JlK4u z_$^s2|3dK=FIoL-#k2W)y4S^HKHMfA&l5fp&;6_A-z#3UlhyN!_(Ogjc~E>pcFU9V z4F5CnM{+#R@^$Ygin4lurQXuw z2a89ZYs63T`R5k#6GmB{JH@w*w0@Z{9`TFB_xtmK7sY42V0ku+_a1Hjfq1R`=DWos z&-dboJb#u-_I+_&MEtShU$(XFEh&C}F8luS;$M%q{;w~d?>UQaD*nTd<{iWvG_`hn zi+@$Y^7j`X{+jtX@i{k`PZICp$MtOS$p47=uZ^spHR5r8e?|P-ITpWP{DtmT&#`A_ z?*EtvP8R>z*PWa$er zcUk;n;t{`8e6Am-Tg2me%e&$)&$s;Fi(l*?$op0NLqBg8_50Bn|3CP1xw7Kl{o>aQ;Tou3~YiVyU4jBUjG&bK_h#H;)L z^*He}YFhj(@wmQyM*QfO7QbD5fZtF3EO zJl1tI7C+ISt9KQT>*2xTaeX*K{Bd9Be}{Nn$37q)dFG41d%kVwdhw%Mntv`{V5Rl{ zLGk$fMNYq;i*XX4o5(M|?lJ4P3gYqki|XQ$=REPdpRhcah{xwCE)y>r&ppH=eysRX z-`;z~fQtS7FS(7?!Ov}$Nf$V@p1QBoxQ~4ezw2(H$D$f6rbYH{ich@`u|ztIeS~X ztHj@GZR2E*;wSoAjciQ(~CLZ_WL&PJ` zNby&8+ICGBkN8>Q1$;gHGvX2dg7|a(`Jhk4BmOJ#PyPPoxayhvC)UlLAYS4-i>oXi z@ioLxdB@@}5|8*U;zR$i_)+2!KVE!ZE8Fk$#N#?`k$89ixdH3NiI;x zm0zcQC%*VW+rPhv_xJht_!^ckj_WRd{GT9R-N%1n@d-ZvR~3)v$>)lnwbR<`ARh7E z#5?-^_!#kNPgtHC#Ou#CpDVu5-^VW$|E`q9zak#-Tg1Ei^U6Kq^L$;|KJnU@+IYxU z)7puCj`&l=fADpZ=ZK%<&jIR+-|O!|I*CVoPx1R6wmQa%FRW*Nm-ur%&F>eF=XDFk zH*B@-{aL*KGd2zninr`&p0}2@6a5qM1;rm3Z*ixKPxJ9vRs5=#ExxvRJO^$rzHgV+ z(@wl>1Isf~{PP9ow~9xesp6M>Wbx067kSj$T`OL3tHtjU|K86Rd&E2XI>w{?eP;A$ z#2+jEzW=?HcwGOVEgpI5i2vEy>g*&Q=lv_iBhL`=S^mI%ns}Vo9ubc`Pl#XR?;SRX zNBmatt$nQjzZQ@9AH}ozbLqUbZM(If3yL3A%ktL}kNge9r}}%JUg8noU%XC1tK$~& zh`&qxT7Un(M7+)_t8<0;um0Tf4e_|I*)D#=D68jZ@rXYtKG2{46snWCKO?@B__Iqa z?mY2$Z`ee<)2$ZYTRh?ii1)5-^Vp5zai29!JnoNXikE9`?Jg6K`>eI%k>@q>Jbs*i zE#7~y_m_|N7>6HRW?o7>?z1Y3$Nf@rW?fv zbhY|tiAVgy;{Ny{?RoLI&w5#W_S2UCBk{P;`a-<@gBJg%c-&_lnH10hd`r`5V z@z&yT-*<`lY=15~R6IVUqk#?U#HPVJU)lsLHwN&N2NDBSUloKh?g#4@pp*F z=cn!!->}ZMYl(QouMltB#p1V$$LFTEi(laDLw*pC_}|6v`u?c&2J$zscB22|^PYvo zJFc;~O5$-JeYW_Q*JMfmhD*dF{xb0b1ug!1@rb`!yg?I-e@r~$mx|X)z7$P-y)Pd3 z(VvPRxGFt7?T~oHXFuQmJ^C$|kDt@T3%#h)kM!`Hbr5wGCyajq19te4d>M7)`QUVf^0^G;UJ{o+~n zn?EOB_eb;f;$!Zxc0Uq-cZhA*7vdkbxA;HAt86mQ(#Zad{=D~e%Tri9evVlw@ulUw zKgA=yvG@a5SbQJxFa0_`Ah#Uu6BZN<5weye3{?ylwwB@m0rKp55ZH ze(Zbkb7$LjWo?|fKO;V;__C8Ne`)c!kEkGC+us8=6_531t;OGd%j)PW{&ZujbA)(2 zXShK;)`LwEFLbTdKVLlV$Da|8`|EY$k$$s8;xT^4ir@dI_5W1yh@TmRm@$9Vf#yos-`_(Qy32WvN5)6D(<>Ok{+;_LkWw~+X2?xn>C z`StJ_;`@9Y)EAF+^3BBa9A)*46o0Y2`HkYSu6nBYJN_POhWLm6JbbZu#4i)y>(6O7 zibwog;u|*Fc-SKz@jr=oDPa5KxMrF6OF6%vDkT1?9~b4tbNhXLGx36_Sv_sV>rS-( z>?I!Y{l!o6&vQ)_kNC;r_zvP7UbOs!#be%{ARh1cZxtW^k>zJmghn78NMF=5%C{xvG^Cn zBmNcfJ=rY&WAW{|%)b<$b(W38L*fyi-R}=_CU!&e7AxOdmZ!M*4?g}+6@S#n&w1kO z_u77KDIR$)62IvYYj=Qn-g4%{#5eo8ohjlGf46w{DOS&7@p!JXN<7{dY!*L$rsa7@ z{Ed9p&tHqz^Up{8DBjNB>mSq7@oEfd1LWo za$CEXibs48@gIDi87?0EbDem%Jl5`A;?X}d#5?+Ww#UU|UGZ}9++SM$*Tf_KP4TU_ zTKpH{v99<#@g`4N|72-p-xvEU;&X~;dE4TOiI?@y*_9K|c8|rMFCObgE*2l!(CXbXTc?xXJ#A5qHcTqr*7 zfaQNm{W|mQ>K?yS{L!@*e@q+uGx}$Q#~m+z?&Vg0HSvhAEnfW^%iBY|+-mc_;(IQ% z{A0xUw(Wmc{KD3j zf3JAlpZ+F(RWXY{v0di=jCDjs#aH@#c(!=F$E+j1Z;RD`k$A*+5kF&r#g7qR=FcY| z5N|co>V8^0-g~|z9`7q(7k{m}^}}c4@!s*6{CyUG zmUzV16wm9|w{6Aay;w)_dr!3O8X_Lgk;aP0`^QP*1@Ewx zJ%hv}{u=Qo8e2Wn#3O#Dc-1`?|Gap_zbxMLTC0DTc)ah}BR+4l#iw0le@1`CI=vj? z%{EwES@DQJLws@k{50`c*Vj(`p7$;PAn{nIca8X;KF+6!NBm6jZ<8CC_*y9*>-1g} zFYKSo_((kBzYwqO&xf;KZ0$sU#yY*@#DDbn3gyKkzOwkv36{5|_(p#}a*_DUH{19e zARgz1Vd8rqwfMWl=JM1pA$UllFa=X@yCjf z$Y=GG6JJ=*zW+?|S>?=Yh+pFOgZ0H@on&+IcrM*hy!WlvpIycGA7}0M7jIS3;)jYq zKRhBH&s&y>$NGmC#aH`!xL3tn`SYKh;_)8jTk(U1te&66=Wnup z$mQ=#<9Jzhx%nyLt^9tor1*)|Eq@L1h_5I9);Sj6S$xJR=Dozf^7l2@ibwne@$I85 z&x7K=XLRhKA&tA&+VTFd0YJ4CoKQ_;*Zy{`o9y8 z_ai@x-%-!<9NW?UjQtq#dBu;t&hnoo9`jOV@nZh@saE3gKIJ0uQf)2&VDT*9TYcAw z$GE*!Jl?NO6`%X5<#|jzo&!H89@ky3iAVl7#orrj^?xrO@9z$X$NRf%muBw&i|bpS zqT+G=R#yBZU!Pe+Jl@~c6Cdu+D=rj|=W^Y||?`0H0&zYQ0U<9&?y?|!{EN&JnOmS>K5KmR#GPl(6of}a!b;?G-O z6OZHZ9r0hkvwr+geA^1^hrQz0`sY9or0^V_Gw+v@gKWFXn7`x$8mAHcwApi7q9f8ZSP|7 zxV~B`9@k52#NYRM{$25i|496NkN-nFu9uGLYTFn4rPoBOv!Hmy7Z?9xg2kUJ9=|`R zf%xw}uDXi0s?n5&zMzZ>Nbr{;|a`5s%NMtPr1fuf=Z@kM+Yl z#5c~fI)4*C?|$?6y*km)J^gcAB`>po55L2I-b)4Xm=9};kN4+hb;Uo(Z}oQ(@8R=d zFY$@~d}pM1ms>5*B=Hx&G{0N?t4Hj3d`SGH8!i4x@o0CY_^ZvWUp9(I{5J8gOI!Xu z;t{`3{Mwr>f9`IX`#<7O6#smj#hoEu*6*9n7H^u}`k|%xu%|6gTk%z;%`X>^^TJT^ zm?y`J$LHhj7LV)U1>&(TVu|?dcGjO8#E{7(zmD#1f5!Na z_}t=kpR;;S7mxU=;#J?y$ z+&@RWOMG;jqtXlABmT2LzdgD~=Keh2?@w}zul>{F%8Ez)8RFmjbyp+t*9%%b7m6<} zlqJ1^PU4@|w|1`1Yjv&_Z`t1bHSxEXWJyo- zrFh=17XQ8Yju$OHcTa0S#&ec)%uf_wI>Ee>_~~cZ_n#wP!1J^h@88Yp=`8-}PnKtt zc&z`qS-h-2ueeh@o8Q+g5RdoWFNnwe+Gg=yJFK3%y)yStT%R`<-*m6_PaE<4xy(C= z=f2&%zj(wC74PQbd5U<qfS@soH5KaTSHbIs`Ih%YF9@+_<8Z1IS%BVNrvmvO0heD1Y}_{UwW zKgWqj{7vHboniIN5s&luqvGpETK*TsF%KLRk32{F{2l$= z<^wxk%8LKg$-I$xY2WW%#N+*PKk;}ke6{$p8kYZ7@p!*{pLpb%BYsU4>(7{(GH%7mv@?9@WRTBl>gT6#M%r;_g<<8!t3#Yg0{ z{oYYLK3Cgae6g=P9Vs5~wXYX{-tU+06OZSjbHpzmW!t+_JU%D;qWH(Ft^W7LBmPtI z=jpAv3KKe;K)^+R`KlKvppMw1}_h-bH z5P!?xYcvp#bvVt%e|p;T_Y{wHBmKk=__ z&lxt0$LDk7^Exr!K0V&@d@u3w`P^T`i~Q>SJ0NpE$LDkNi{I1J@>drBqOf@l@#X&9 zzJ>VIRujB_i{B~!zW*Ga-Qoq}dCQ>8{TaVcH@EmafA3#G ze3Cy8tRnu+_qM$ki0AY9?LzTGrLB(s;^QAOA1Z!=KOdMP{>%_-_ipi#ejoI>_-)VF zxLPj0q`&z#@d|q_{|@m2kDLD?9`W&e$zt5Tw%fL=#Nf>RU(55C7tiJ6v$1%@w-O(a z$Ljg(=lvv_NuD?3dF)7uzx`FK<9hMDr7X|w;_-g`QSozpo!%1h@9S9p=fxw>C*tuO zX0P~hH`#vqS$yNw=6{Ia<44dQV>GFiM#DchcT;&FYxLcD+oITx8HB$;edF@lGblo zugct?t$ki9A|B6$Dv3v)v&EZDx4f5#_we&YKk>Lexmx^lOOrNPJl6&G4^zdDpKaSa zM|`}`dyk3VS<>Q{i?8*cv-hm{X)UbX9pXp%`=D>c(`H&f9}DfJ;_=+z9PyL<=T|oq zkM&e-#h+VZb@mdE<8Fv}tf#szh2JXP=xfVARXlzk{e1D5=hunHJil4|glnvSJ{6B~ z`;~axJ8T>t6p#39!!qx$!Y^2SQSlh(WyCM2WZ&OFJjQu5@ypg(d=K$Bey)D9_yoC6<@yC>f9k7>!Wt3@O|R(zU)u& zSRa+s&l@q1Eqcn@Jy|^7zZ4Unzrf;86_52%RmEeSQa$llAJtMk)<<0`9_yp75RdDw ztHq<;apJK)YKnNQUz#Sq;y4=*Pl`wU3h{it?)r7{h<{Uj;fNXq z<2d$XJhv|-9_yn{6_52%mBg#Au<_hTJg#%vipTn>4&qfxTAhQ$-Q8$P`Q_zn0IpVQC>QV7tMXev!i^p^3 zP2!#We*7!(SReI+cnSY`Ao)jT?&nw^RaiXc!wTXZeI0Oh@tF7Oif8xFyEPGydGA8; zn18y7$GkT{Jm$So;xX?{5|4Rrs(7?JTRi5y#o{q9EfbI5PyB{>#BUdW-|y4E5s&yE z#eW{{`_JFo#PJgIUOw^9U$OW~;xX^l5|4SWiFnL=t;8#4xBR`uW8NDg9`oJ^@rEzi z_`h8|=DqvHW8Rx9{%aYlXQg<|d+Wtx9@{8Bex>F4Og!Sh7H{bB$6RaQ7yBjVvE1S_ zv)J~Q5s&!O#oKs%6Y-e$T8Y0@%JTOWk9lvnc+7ia#B&d_dF(#%nD=IjR~TUJt`?7Z zZ=LurPgwq);xX^-7VogZ@@I?VAkp2)=SVT{I#oQ@Pc9ITb)?J1V;$)_@mNRtrg*F)-6qu`A-{;q>bH!sGTOuCoNLPqApKJZORXo;_ZWn*wKOgjic&sD+UHsTB);}kW z%iRC5jYbTRhg0HWc4e*!EW!@mNRNTl{kW9Mc5xSVwxR`0xI_@lo+uN4i2h z){(9eUz{T?{p(%vSU>iics$oSDE`$}+ui}!r>9Gc@f_Fl!^F!SYw=^nWBuVI@l7Qx z{(kX@e@Oh{ZdS)?@t7yKh)14x#h2!{arm=%JYUT*KJ)fQp1k6%&at?v;_=+Fv3TTZ zC0@hV?_MDu@q@&3_&B^tJmT*Vf8FQ($HgOlx%iuhj!NIKZQ>EXL%jbI>xVzYV;yOh z37PwIM$s(kP*^!P0! zkN9WAo4#TBw~EJke7ktD+SWgN#pC+nPw`m)dCWv>Cyvw6ejQd!Jm!Il;*qDC_^a1g zf3_F@YO48A@dN%|c(Qn`Bb^~0>p$m;zvk;XpB0aFq#MK|&sOnknp(f?7LRqId&L`; zu=pG|WbV(1&nsTk*Qb>ik9DM##pjK;{o7PL){(XmU*YpiAMsd6I#~RmuQRzxJl2uk zA>QmF+s*~z@!occ_!_^T-5?(CgSLwI@pa?7#baIQUh$U0Y+N1d&v9csM|?i<&-~|p zpD7;eNUMu)dfEE_0`Yj?eWCb?JFT96;_)0~qqy@dKd+C)|1Li69^3ClCuJVzr7yO>*AoArn|TBA4*AV56_5BH;;r{v{3!8Q z7dl>iY)z|whIqu!6~FIM%m1u+tP5Q$?#pS@J`j)i&%`_Qvi*2KJl2I~yUE&*al0~` z#TONi__E?v{c{<0#bX_5WAQ7W^Zpl)b)-GS&s=Ts!^LCW<{0r4>stRmC?4^Th?nxu zZM`ZU@o$J<{*2Z0lX%4M7hgEt;!E9Ze?~vYy3h*ZrTsl%6Y+>|Eq>a4w!emm$2yIX z;#p4oe{|h-oL1Er?{T`3mTu`3q@=sMq@*RKK_mnOrMp`~kxnTE1Zkv{A0UD>2na}s zG}mX=`rdoy^Sa|7jPsr~YscBA_Sw%F>z^rbts|WSf2Wz{Ujx@V(#`PKi!A?fxYm)L zfuAgD`R~9r&+rPab)?b9gzwMd)htgsxYm(ofiL!PSPZUpq-Ehv@>qE-;aW%90luw| z)n_1F>qv*gPx|_+nQ*NmT?kL;-|vBI9qD0sryp&*+=Zw5(c1M7yuombPck-qKWiOn zYWUvg7FP6+5x_%vE?5M*SgS=@H%f>{-tomuY#xDY59-AwT|>O z{BCsHzW3o;NBS>3{VmI%V4Qu8^WT@ye6QA#CWpU_Wc7a!u63j(;D>&m zZ?DyV09@-xKZmE-XZ4v2*E-TA@H+9VK0m;4ynwI2stwn=(8loDejU;muK2<57k8}QbK#ng{T8n09h>3Lx>~>O zgdfdl`G1CMz0iHQ=2c$9Gv>8%5_LlOe!h3wzK;dhdywP9$6vDe_3#yEt^RxAo6B3d zhv66fJ^v@*k^MgRG<>h6k8~d1`i<4+Px#dL%wNE>eq{BDJkfrx{r9P#uVcbD_~*Zp zz&HAPj5EUfc|D85yB)T2tHFnKG_McOcEJ)ggRk}TOFQ_8wHDtCUf-X04~3s-VC|m( zf11?t%!B{W*GsQ}PbqHkTj3o_TD$hcOZaugF?bz+uhAL!+n-vVi}0BTtp2y)4Vzp1 zGx(&f=CLP*-|lsMUM?j(du?l1c6d*p2Pq6Mdc*QofETD>UJrgSrsZ!1e}2@w8@yT( ztA9UumFt#&2>hVGpJ62YvacJN1TWUg^2~y#iDTt1g3nEE@yp@OGnsFIXZ7R5k8rKG zJ_b*h#`2tp*C}iLa~mGFlKE43aUWL+CtE)4?{!;Sd|G(P*XB9kI&K$&Ydt_&xbD+y z!f#iydNhVV@aHD&;aacQ8{W$2kA}ikpK)-lSDXs}eYdsu8@SdhZiv8l!u4F{AYAJe zPr<+U=jeaJwI208e1p#$M4b|TJ1Ra7JnxSdml>}4*qrd=g)F`bToxh)|CS1=un!>eCyF&!t2R^Ks)q4;;wI5F=z;)fV z8m{ZEE%3X(ZvO~ev$$Mvjq?KV=6+pK z9j^Vi9(>VPwtbt!wNASq{4+nFj)3d9HwAtvhK;v{aP40!;X3YZfLD!d_1p*7aqnaV zegUrI-c7iUdynAzTUq@hO%K1l^n5cWd~*ehPYBm~#WZlO8_WUMdd0$Utye4$*LuY| zaNXB5hpXI9aIIJD2iJPS!SK3QtzYKA6~74nb3^N&O>o7358rjpw)?Me?Jwuxe`T=z z|HAcLEUM27>bgSf6%)d>UNJd*ctvY(UbwCw-iK?wVp(|H0+#0kxb};7aIIJD0w4aV z_0Q*Utyi1?*ZRZh@Uh)3&nmd$H^R$4vHBl}YyIJA__P(4|1MndkKuE_wfKa79ii=| z^@_>i>wH~bLAb61E5Nm0u{!)~zdr8(*LuZn@U8y5W(-{G6{o=W`1@+s!1WwwGkjz* z>*rtKTCaEx-qk-}{{pUchS6qOKJ}-Lhe_c1Hd_B@fa|!I4W8D^%@5acuLNAjpQ>;j z_Zq=<+-nQhajyql$Gt&tl{*@)%(>2YYEqJ?<08UftKfUxQ=_H;n(|E{MT?D_g2G4`8th5a2@wf z!W$*A{<;g-aqk~^u0<9fe{T4G9{0-XnH2uGtHou6Yn^r}xQ?Hd;W~acg14P)<@SYZ zo%SHO)+bMfYn}E&xYlW}hHIVn_i(M#J_J{}C*kw_^IzBCivJ6q!`G!pn-{+S6(0}Y zIhn;}fh#@_JXr#ZuL##V?V9i&>+L$QJzVRwJHfBFw)oHBI**Kl>$o}xuIHz#;hG2d z5w7)J2jR8OS$i+RBi}Ut6JE*}D7=I#KH7ZyJ)QSY`g_IG!WEwdUVNkdetEd!tHTeZ zvG{gy#dn2o@aG+4;EJCDUy;`GuY)UoEBxz}wm+VPEB-h5&psdh60UXH(H4a7&-+7c z{G^3z-E|iD7ycZ!BwXJ7XUId@z^P=0} zTBp4mJ|~;?|2eqUXT8m{ByR=D!~2)|R%+Vuxq^Q#Zw%JU4~)7J^4 zSrjSkKOHAEZ$LB{pB0T9RzS4HR*w2j_bGAVk+$3R$_`h2e)#g}mbWHc@eSeK9$S1b zxYk_{fXBFI^`8Y-{8#WB`7Qr8xX$Cd;rUiZ3HycL;JSXe3D^4S`|#?MEl@EX zC*fLm{TqDV1B-tESNt=0+L0EYXleL<);jH!@T6TV{$04%X%~ZUNMrq37p`^MP2h`? zT0MHgwNCp}_?_DpKN+rd+Oy$h{XKH);d&ml4ZiCw%YPECb=SYa=l8e%c?ehhbNGbn z);}q}4&VP;r=0zK#*#=h$K@Tor+%MAa$mBrhN{``Hr@5 zt-J05Uy{|z9S&FgSom;1?k$09-StX%i87XdFI@3I!~cqE#py@zp82ZWB7JZ zKP&z%cptyc%m&vw?R@Y-KA&73u65eg;s0#2`m}^=UGzurLGi4;qu`341i#hE@^64E zemnfpQpQAk^P6E$-%<|`lE50av@$VMj6s~pJZQxb?dEY>| z)@cui*PLtlXTr5kdm((;5$n&baIMq+5#Hdn#h-#}p5X>u>$LB|3;BBqVlKCQ>SwLf zehaR@Pml?&b=o=MtzK9^RDo-qb{%+pUl-I4u65d7;d%30{-JQK(;fxy=+h|0 zf@|G%5BSzeR{!yE#ZQO#$Y|}^0@ph2UGQGMz0Sh5PWuwPsXrHf3fDUANGrqlXP=c; z|Fm$e)6N2a(bVF#f5iDO-O2w*>$IyOeuaPE7Or*LUEmdbo#zO+)@hG}zjFWAJ*uZu>8|)?Gh_S4n66n|M|DepY-cc#3>hpQ3QByDkGiP~Gx= z2v__^@UEU{gmJ6!3D-KSd+;nnZ9B#G z@ulO*j8W#v;o2_mz_s2lH~g``Z%yM@`87Y*2=SWlY71BXF7UArt-Yh*T2D9~uJwfT z;j!x5c-{=x{o_t}nN8L|C*fL8_!~Uq6RYQ6aLvm-gKIrujI~yd`c0k$uKhYKysUqo z{av`mTT%GRebx^(;EJygFZZLxcZF+w_J+UCYwei~*Z7KFG?g z4xi`kY6(vj!{R%@?+v#4%!F6+_@(frS*)Jx;rcrqTj6ImTmB<(#s31Ybi?xBhAaL7 zJk@QBkF(yt{`Vzx{iFCq@Di!5A9BF6er)wD3h$P~@>YVM*lykdo+5|k?+(w?#`1p- zSNs@wEr0*dVz}a0z<=@kpr7E1KLXEL+3J54uJ}9f;-6XlV{NeC)A2{~3E`urSwG~3 z$82a`06ut%<*f$Sc4-1HIoag%W**OID`~%?o z{x%;4SDs1mguSdEzNKe1Uk9I?(flAhp~s(q&)jGA`4g^r<|lAn7sdY0eoy`X);#+@ z5&WKyt1R#`Gp#@Kz^5&+JZ0g(9k6y)g%5jT@h#wrZx3&f%kq2*uan2}41+J;VDZ!8 zik}aUk=Wwb!_`0A;8~JdKOBXtfBpy8^MG6M^#1p-9>A~qx|HbtTteGR@$un3yIVhG zgeMtb^~?c(?~1jzBwX{m!auxbzuy3!*RSiE z!}Iy)Vg|!AthaW30bjb@d=WfNCM$P2ykK1$5BuPn-#ZHb;E=^%hYx*e`R~Fb`+R1S zt>ODk@u}hedth;8;r(lySA|C%ZuRL7SNtdNI58~Ge0bI$%)f@O@$1j+aK-O||M9lv zxdd1IpYXx6EIzV7pV7Edd~CQr7nBLE_?+-M$E<&nmdT zaaaA>xUl6(2iH1{+;HW25B|#u>z^8Mt-ELdFPq%T?Fv_XANVD|z8weGbN^}ZsMjt3 zD!As&w!^hvVh_C79BbD(xaPaAz_XXO_~&pve~jYCC-wh(q5t{sztr%J{$7a8@Ya7@ zyNbgVUmiZZu#KNqa6Lcm2>)L~tIrp3#gB(q^81$+aK&$c|2fm@e;ls(Gw_1nSpA>D z6(4zr)mQ!5EvMyA57+bDZ15TFEPru$mk-U$!)Khd@>;1QrT%%km++Z>{g!fP_bzWEp|01LH|514Pc-H>^!AmEzav#DK z{~W%iisebZD|~<6>}B7lhZpqE@0Wlpz5;ytVXIGTc$bovzk3A!34Bw0i=PPZ?B|_@ z@OwX6{4)4yUthNge)TP@=P~&3lh*&I;oaw3{%deOzl-YS>o}0zub<<>yY;vHY2nIK z1YUoq)w48wc>hRY|J8x3T}|MVd|lBX__K&RhrAbHg2QeJ*kze2ER` zNax}DT;x5tKIixZertvGPy9XMw~OMF!Jqp&n0Mj&oMSO~oky0p4qWjcz-K+Q_&#ub zZg(>L{jO2MeqkZJR&MiU@ZICgx5E{`2Y%`ctIs*O#^Fu4#=~Q{#=}c^#n@583P|#k zm81Pa;~@iF;~_hIdMEq+(r}Fjeg0MXwSAi){?LNRVTpRc72h9T+T*9ewSDKobKkK1 z8{vxo9zMgb=g+`39v;K1U$Xqq;Nw?Y|Gb7*_v2O6z2W=6LnGTRvEZMMxBSWA-TXbP z8R0r_7J?VQZ+Ys%%l&TN9j@mrqu_VGw0bXxNA`6ihv8G+wfM*II>XG9?hD@!QN~z( zio9-r_yWTN7Ty=TRHN3zW0|{1~q1YklDv`dIvUxXyQT z;F_0M4DaNh+u8$&Wqgzsm~10;aIJHz@j8(g2)$On)4 zo5fd#>+>45;d^sfeLBGPd5!My4~kg5N5b`ajfwEIetcdA*F45r_yE6tJ^$ju_!*3VOW2AwnZDw(W;93V>65hI+#W#iPc~)1r^7MiC z|IPADhAVzHJbhG){~oUA2nXTHa{_+E*JnP2EB-lr;+NL{Ne)^0I{#`OBQ?C@V(b5+ zaK)E_Z_HwOTfp^PraN4DK7sF>Zh2V$lT6x{znh)s*pLg80`&78%=fZ#V zdB3f2&4>I5*Sf0C$v*Zw*5&Tz%|f}d$@ z`NzU_eKi&SiO)x^g)4pwyrsAISGdkczr!o}{oNyY?NV0H7w~uUSwELM8or+|_0C>2hO(m{&2+) zfyXFj@iXB~{JHo7c--<9zXh)M)$D}FNNe$D;kw_y2A}Ek^RFWCXvZyIod3Rr)_I;u zXZ@cXt~}}BQGNRshAX}#eCH<1-w>|&=J0B3Exr$2@dM$#Q`vqo3tlLV`8@bfwXFT? z;riU%9=P7Sav1)W&%ulw}GaNVz^fdYhtDoz+hqe>@!R23Z(DtSg)9Dd`0^VT{|K)5 z7x0|^cPmo(^E&Mpiq8Q5xTLkWB)so8)~<^1hF@EJ3%J&Kc7f0H>$=`>eQtIlJfE*) zoC)7L+3K?iK6sV+5AYJcUhWULuHWv$N2j+u58-+b^1tvSl`THnFSdQu&#f!k_i^Ff z-?e^A57#>Utnj?UEl*AOF`v(G3U8d;;yb`~o*D`NGM?3E0z8w?dn|z~eg%9*IV<-k zxQ^#1;FGFYzny`{cx8F+!xjGo{##$m^VYBSd+Pr@ZSDJH@E;~xd>**s--CC^ZSghW zy6&nEAN0GG+ZC?)&&lx3Us?Yzgi=iOqQoFe3rkLV+cHdYm1)% zzp&ccwFItmSHde?v-q8G#qWn#^L4Pl!4p=t`do(R^YvYi;fj9=kLUCDNqrn?zfgP{ zc%mjY4hzF|U0n)3c%H>Kg)4s>c;iGCKLDP|@5?@ir`lotFc+@v_%*zy&)02+KlAJR zpWqswhv75*czyw{_-pWXU2MC*geyMkX={i2e{MI6PXkwcX7~@|t=~$(6<;2{?1klT z1=l$20B_~b2M53vKMdY|spX#r|0b)|a}iwIYb9L!-FA4DtG^Sa zepdWHi2r=P#m71me!HwrVxAIS?y|*YfS-zHUJ$PM_u*TITDxk(wZAlg7dUG5=?GVR zclfMWmVX>v@l)YL{rX`QT>JY*_1f;KbGYKiz^@;&_@!|5^D21tZ!P{1 zT=6I2(|20@J-DtYwsesuCLa>j}Eo?&G2epSi6qH|Mv6I8F*vAzxx}m?eY{psh{OfcFw-) zxTN^B@XhaA-1~5?mna8M+0Ejc!gamf0j~8D-QhWkS^rFgkK1qCWf}Zn0`qNf)o(X^ z_)&}h4X*gh@Sl90>vMR?RMy@oetoU}oYKbfr-D!S^Fk(gjKbc}@M8DP%faXS`LP*X z`&V0dWZ&Ng!!-`SfH%Kr&=a0_x7B|LT=6sDPoi1= zrEtZ655Fo%hHE}NC46v08xMKlns0v(UND*E zuL)QF2JlZOTm3(VYkc;BSM~A#EqqR9D|a(o{jeAQ_8V*0S-76>T!-uV&O^AK*F1;E z_Rrxa`NP_${#Sfz_-nteeh;pGC;_k6-0J@UT=A{o8~?HRL2w;sM!<{rwf>w3FXqR? zrSOE4tetn@8@-;-;My)R{rIH*>DSBhB!eqHH$2JDR?lK^t>Y~R*ZV7K!29pDJgwlG zH|q%h%iB8wuK02At{W}?7I^e-s z9n^bp#W#e1GRVeNTeyzTJ>YtOPJeihRMxIZaLw~ChU@wDTDbCWfmiEl^*jaF`*|+I z^?sgP@Z|npwJ4V(h5e^~);ga!@ZKk^+_Z4LpC=2v#Sn`x3fFwH?*CNokb2f{br7%q zZvj{Tw1?04`{KcH_5Vb;`hOl=`Io{AM2Z~NU%TPz|6_3V|7m#XSC;2KT>bwqd_@W0 zPFKQjFZF+7`1TGKmj$l=&jT}cT~`0$@ZJS2&rJ9ZzaLxxA6eV-EQ2f05AZ^V zEdNjN3&+e4!jbRu%wD7b3955GL{a*t<*q_ff zh2QdZIBnpKeceeHxY|1e{_K&}dnA06zlUTJTzQtlFZulNTKLR(mj7q?+0Nz{;Asw6 zKi`3?f1+Fu-_KLNvhNeZ6`u|MR`MuezfcIS<4-xbjt|w~7koc&1K07V4_wEeVQ}Ri z4KMMnwd)(Wjz1gWI{thQ&)wMaoPz84a~>Z51B<^8*YW3H_&J|nisR4EHU5YAaU(H& z;2X>T4qTs)D-R#F&9+x{_?+1`PCCMM-0KBjztr*!h2Pv{^%(`fz1Z@vfnOeH@tfg4 z`hDej_~|y5=Nf!;MXOJoo0d=gHmZunCxx%+X>sY`MYmg??C?g7EWR*2`Zt!p6ueFw zi*E-{Ud8fvg%8MQJ{7*x@89Rb=kB#~cfwoveB)2>%lY3@&3O9 zAK@PD&+z^K(Nt?!Jospz*GdW3yhXEg&7W4 zeWt+2$FcsO1CKP$d>LHzSr1o#ZilNse}$JmZ1w*g-q@eh{RvmONpFSUF7sB|c1Z&t z;`2*6;Od8>@Xxkdd&|HZes1|2!S#3gTEg{y+TQRYgRR~J;g@~RpGCfnYV`LuWs$_1mD`idP<_Uu$ux;i`XS_@6hd+}iMbh0L47Ri7^K zR&}l1-tZwleumQhxIG%Kep?KW;pfv8@QjnKAAW-uDs1(?1mEs|kN7G4vkX@MH}GBw z&Ex%LU*r7uCA4lfPIAki1)h3gPmo zZQoRIZQp|M&gHG#;_%iLY`a&1tK2^DN;#~4gWx;rTK>^+ZQoh&c6TiPEBKlkmVYx` z{k#jVe*P8Sprz$G2miyLuiu30cooT?->UyNcCkD$;hV2o{gc9Vyvhu3HOu02!q?QZ z{6*lmZ(DqI_z!2z>%%uJvhCOzuJuv9;os`>T=2Mly)g+MuYi@i46gj^;L5M}HmN_~ zd}Zz3gZMth&CkJa`+B&`@Ukhby|3U=b6cKhf7@4;JN-k8&j63-^Euhzr9E$Xc+2*d zr#gIs&%b>D*M8a>uKjcX{P%CIpFf8;PGY_uo~g6>R``h$R?ppV&1?M+-pj}H1^CNO zmghEH?Ro@PyW%|v-~apl1uIG6|N8o<^6(?s?Dwm|TX(Ydc7ew%Zr%&N&+q#N!qpEG z;rmNko*D3me!aH@uKjcieCb@P|3Uc8wwC_{ylHRi=bLb?kBa;-e19r`eE7=fmM0nf z7heaM8?OA7;5yFKg5OJI^=J>*aiAMq$ARJS**&Zu#=qYz|-Zl z`s9c2X=Ztf!Ih^O{EF{KZQ-wewESJ+$}(BY{2~#cqQh1^R=0C!}@b{S+OHS_kX%l7M~V=rk#~r3_dN3#g~PDdD`+;gR9)G@K}ES>J5LI%koczUtD4J znF(Ke#C$be*QJ}`x-LBoPwMBvlkix6UbqYYVWjsnJoZNOS8(-1`X}N0|4Al`&jvs1 zsV%MMq&-i51O72#@EO?dm*mcJ=n?P?2GySl>F zuAy+1I|`odQ!95mT;(o+tK4O9mHRz>oIkHT0H2Y?`uSJ*>p?bt&cP!MG`|ZkJ=p61 z5PsO-@9_*?X{41K^O=3sc3j!SZYy0(o!WZHD zxmtJoJ}tb{QrliR;BOx=F9d&H$nunhzg^MdYr>;dGH(q3EV|_x17E$w;wQt$b+q`U z@Fu>#aV7kLUl;9yKk?)Cet0{-{y7eha>B;jY50LgR?my@5`JHE13oFQ#ove5jBV|D z0w42}#lL|!_s>DZcxk_<Dea zrf2Z-6Kz~2dS&^v9kpH3!}a;5Z1B(h`_gc|$F(v%=dV^?OSs}Yz$^b^@gv}RkLx)2 z;RuqKjHa%!}WLICc(2VwffA0=l1;T;CimH4Sv(>c@TbPfaO08 z*M4*zuKnUJyyp&UZ)9Izrtz%!*zhJFS-F|u+K=+XwI3CQU-IXAb>P~MK7?yO`UswS zp4I;|xb}-L;n~wz{TIL${|&tUM>cMMf@{Ax0^hO1;;+ILe+Qn+$4M+-=dS+Oev}Yi zxs}yF4_y0Eak%!Q^6a!oN`uqY{ea^${ zbhB}I3$E+of8e?vjvOWYc2_;)!*xBJ60Z7WhW|3%^5%!DJ|*C)PZhZ8(*Umew1TTX zo#6>X1N*=KK7p$~!{MsWM7ZiR7q0p&gR4I4;k~0;|LlaTK8N9|&uO^oa|N#Y+=Ht= zPvK?#y#&#{UOEowemNfeo77hS3~%6=GuKR_RaOK|suUggeABXFH;XGXT*H_^mx3xUcef^I5|DE0DiQ&4xP6?0x znZ*}@>;AeFyy`xSZx6qJ*S7C0xb9~c!f*7p_ziH~&u)X4@_E#waNWNimcdWgQ;o2WRgjb(y@x9=R{}f*BV~d{x*Zw;j{=cuRy&K@#e|N#Pf9;2V z9o5Rc3fKPoH(dMgE4cDUixGZ1b{=EjXM}72%?sE5TL@nHOYeWU_TP4J?Y~{%=lr-l z8m|3!5`5b&D|ZV#&k^&zaBbfs@TfjNc@eJo8}Q~Ct>50jH6CKb4ByYWtU8g>!!;gq z!?nE%!V|@@ymjCj4=vyt51rx4-xGe(&w~@-8V_^f8V`%%QzP5;*j~8C!%4Wt!&&&a z0+#0qT;t&teDzZ6pJcJZ_y4~;Yy+f$mw9Y)1>sufSr5L+?~j_m^KG?yj)8YpZd-Ua6|p=L}rukw4&%##{b}aGgh3EvUN z;xoZ@9?1bO=+7$)z;zxe2H)P!+FK5;dC~fC?O!e7+F!cBHO@bQ-}3vf5pbQS=D;7N zw|XvvD}D!D=d}ay?)z;#oPz7P^gFy!S1b2ET=7rfDK1<71b$r6c+hd|ZFsq%7M~BU zel7vmai%=Hw$B^1f@`~c4A*gN09^Tp!GAAp<8T37+jk{g$FU9YvQw--Pr-E@yA0QH z>`!?0t(GT-KW|q*>o^u4o??yF|2_Ed8J4FkT-&z_{CrK@Ud`c(Zws&Yp2ZJ>Ydj2x z_v>x-nFrT+SPs|rS_gl#(()XIYdoBTYdqY9EB`%sU4M=fH=eam{jc$m0Og{L(U)%AmJY4bB;A?)g{B7YnE_H@yKX38F;p*o} za2+>h!qX zgL4$FadirQsEO6*Pq^am!z-t^_*niNQvI)Sm;nCmAdAlq*ElQ$*ElHwpE=+1G=Xaz zegxMz>-@MB9_2kNcMDwS$DQy&{<(=?;5tA4 z2Cp{V>VE~U^W!ae-Rjm~58*mLK7(hTXZfQf4&To@KgNbP^y|08aGf7h!jt%XX(qVN zj|Jh{UrNI@{;R_^ZX3hj_Rp=fgX?@Z06ulGZO4&t#m|T9{J0FBHHY=%Cb*6>-^2g; z*82ZAT=A#j@vm4t@56OmdIC@Jhs7sI5`O!tpVPo~+{g@{bJu>q3|!l#CS1p*rf}tN z4gcqm)$=pBw(nTDj!RSEJ#Kpc!*yKR4cBq$AbgNNXS@N|ap^8RmapGSnlyYr-`i~M z$_Ur?%?{t@>!3=&6<;1+pr4i39Io-u7T$cO#SemOJdB2GdrgAp|I^yF8m{rM9j@_k z0IvMU;ODYh{yT7uho^9jhd1zNy=?!==<8~A9?^Kn3)grk1dpH2^3;cGJT!%O-DLed z41UJf6K{g+{PI2g*(&RYV{n~c{s&K5-QsV-b$~kXe+Jk2CDPmB$McKttsi2; zb$&?*f0EkbQ^IwA$p9bhpFha~*ZCzsJagR%R?eFiy`^C0$8^g6-+QD@^=?Pc<{_qFiSpMm7ZQsRk9Z#0SfA)2Z zN8mc1oQ3OnauI$<&tc&@o*4p(6JeSWW zjD!!JV)-Y*m46L<(Lu|<5&rf?Yu9f0nvc4L)R))u$+YRSokB@K?T$s}6i{JBx1) z&*t~l9pMAMwEFac=UHMt6n^!%kGEs+T?4G%x8YCx^Zqe>K3MJg!_Nz8;N3e|o)Yl% zew=R(Z|d#(1irhP)qgKM)>O;C$Df<2K1==cZpY!P`&yp!@X6gQ&niLAMmQaAKrlv z^>#glxAyTCJyZDY7}LjnV)&xQ7MC8L_r7^<`0su^DMs&S{Zz|L|tNr{q03PF#)pI0#>{|0_@HdGq|04KdT@S?02>>DfhZFsI1mOl^t^9)x1YVgl8nsyd z!hbGoGPty;Ek(U{CW5iUtf0(ezKyK`wG6IpXEvRj(t@>H1<51;PL!@iB;iA z<63*W!()XK{`cQF__f+r-d6bd_7;B%Ua^+>9r$gZ4~d^8eEq-t*y@uE-l&mzUifIg zp05U9>(@~|;ZOQno=@R9{Jv=hd`?BH-w*J%KL5EFeq)ivUxrV;X8sDkaiH~2^sM3g z;fQ~(GcCM-Jga{x_^_JhP2eYcnD>EqOl3Y19?#cFu7FSQ?XnM^^Rdj2z)>UJ}d&C4Ucoc`v0p4d}{>0D*`_Qf9&_~e?;IfBJe1=!uP-O zq=)ZHWA!f%|ERx>ljiVzlPvFN@QKaLm%~eEu>42iF?`+ZDR`!smgjf)I)6{yUHIeg zEPuw_;oF;Jfq5Qye2*^%&+X@hitzn@9a0y5vX7P50^V@4c_;X+zE+>U@Vu3*pNGNw zerkEf!^f7j_}TEj#V!78_^QlS?s|APf1lnC_-wzvJp`ZT{qsNgn@_CV%kWXlt)6$` zZ#G$dp25?3{^)rupN{`qz5f%zfAo3LwD279t=t^&Q4g)$Lh!mipHLP)=9JZ=7X18T z^JefZ`OQ1RZ~toE7yfT;tIy}~tFz4~!dvdPcFluVs$sqyK5&|qyBVJCGxML|nf<(T z0zS~k!v**Xzka?A&+FHR|H8K{wsu9!YvpVE_VoTw1i$9@cj@49j@j?$f|v5^&Z6)% z-VYVwJ^a3-9=vcCt7l7i>E>2$SNNgttp7iS&-V3oBjGcvSe_;Dcbi(CeejzXEdC^X zUvsPH1^DDLmgg4yw`!K>ANV(;EIx8R`?{XNBP;J@~@yxrm7 zCbDt|!$;>e9|Nzt-+T)E#3;+Z4gSF$^S$tQGg$pE!YBLj;cs}=QdVvh-@nyA!+)~; zZ^2Xgx`I^jp8g!60DPR^cb9@!TW9&J!SgS+`Zt1SzG3m5;77Wf4}q^vW9^y&&*j$} ztKqv>Tb`fbRqC6cgSXma^?V7x;qhtTwck^JMmuHkMd1Tpntup?tF`_9XYeg?tX&J? z>-;>j8(z!r-_OERG_!L5hClY_6tCd@{P>fwK=^hQ@Ogo(@ZA1+y0Y-5e_6Q=;Dg6m z-mdVAb*;Tq;k*6*Xd%3zKR5gizQf1;N%+emR_+COe$U^jVEFdV>tprr3r{}T>Nyf# z(f>~9VtAF&mUjodZ#(l};eY#jfZOmdef&RxxAOUuxbKCp|5HDoz71bL)9RlVK7N?} zem1!B=cW5NDF^?{-)~t5p8JONXFGU>Rp$NR2Z~xf2f<4pw|agK?-kE{6uj~z%QFF< z)%T-m@Z7DeK6BuO{JQQdcz>_wGI-kxR-bL~p*gHRyWsJ9TDkk+jeTDI2t5Bs7XJ(U z(c4z;#R&WceEAZq&l~swzfOx$$nxpr!ueBcH1mhhqBeT4{)8Y z_rkCFJlkdXmKs*iTkzd)S%1dx{a*d~Cc2gT7QBtmBjtjB<<}1d;T6BPa_hi#{qO;N zMM^8TFZ|vk^TF^1^{xJM;0^qKd@;QLb*s-V_$~i@&-n-dB;rhFqJ>kt(TKz}ExB9%zWcZzh z-v974yRF>y@V_cs{2};oe~xn!UgVa=--3VR*AEZi9gydSgFO{~ZHv`s9bEBS;U_)*e{jWLfcM#E z{qr2I_$Xz=_j4w0=7Y*E-i*@SkQ_{1dqHzlKlr>)~{jtbFzJ5I>I>h9?e1E?F zE?o5~1|R12sSDTV^jpI9_g^}|hxv8&5V+nOFafT=|1tv}f0Fh8I(W$;)^GbF@T2gx zem!s*t~|Hk3w>TUiqB80pA{bm{_$$7PiDB{bHS@cvEx8_xW-!}xW?Ou@cb{W+<|ay z-{J6&-?nnUf@{2e3t#W=1>FZ%{89MV{(S#BT=lsNpX<;2qWk(I^|QuX61c`&YWS7~ z)~M_FvVwS&*8VcrX_`K|%*QNDg=CS2Qh1zhuB8{qBJSh>gH`g=eZ z;QISJ*Wu0lJQByR-__51KDYdt;Cil?6aIM>>*sRtVqaLEYVZVIExrwWuz&umGyKsW z%kw#0@nhiaVp;q$c%iSX+_msWKEHPWp3k2j9fx1@Yqu_grrK;~RL*q~2A<@J#YeAc zU$wo8`us^;c=l>G-V(vTXlB2k9G=-fzn>O4Qp>x_?`q-|JLvY9j(2i;EJCJPv`3czlSS+5ByS5tIsX?K!2~u-|(s4|FLRY zebt}2{JBp8__OR*|7`H@>zU_;Ka6Q!4Sw&S)w3@Ag5S5cgOBNF@m=8SeSD0A=WJu~ zQ{gN9K79pz?KrFFdiafRtX~eoOANF8$KfS?9oh|eMX%3Yc#FhVZnQe#`+s3+^SJOw zK5vr_-rJw=W`WQ1=VvA0Q;u7C<>9CNI-w%Q}A`$EdFn};{Sy&^?8aEb;I}n%&S(<^l;Nik&43=Uk?7epBLJ~ zKlJDOo#Ed^vU*I17aeXs4?cRS)#w1cTWa%T@ZCc!&trIlb>=VN8^5(Y$?MtAb$l4! z!nS)lcz5rh3h?@V-l-1HFx2vX2)`WF^0$W{I$`mH;Kz5H4~Jj!=kIgi&lXul7r`fH zvOGV*6@M7MafRi%0YC1~Iqt&COt$z0^{pKB=K{ZOe;Z!!mBr_U&xmTj|33U1-|s5J z6IHbStPiiW)AF=}XY=`-kKwPsw)g>XU5AW>>$-Ouyp%r|SOnh^-SV%2$7^r>@B@6h z&$AtYuRUn(y$i4Qx8;8f&!5Bc$8BIg*LFF$-o8%;SA1G{M*lp*yKt>1F9X+l^4jph zzMkYm_*1`s`50bgt+jU${JPH%kA=VA(Aql(zSQ^Ytsi#5fA;h5ak%ayuE2F4 z@h4pO5%=J_k9Z8%eZ+IP?js^K48I+99}xqt`-pgO-A5#b>pmg{T=x;_;JJN0&pYrF zk!*YAgqO%>_0A8!kkGs^T=yd-;JP0v2iN^bRk-d)8pCxz@)2D3BYojI4txRE{m4|f z?nl0XU%zDIa}!+mBR|1)Kk^G)_am3#%6}bRe!rFb8m{}1D2>98t7u7WJEnmve+GDl zSNJyz zE&dK%_Y05UA1=50CukhLpLM^G9DY5X#pQ(SexU$-kk3ohhwFZ!8GN9xGwcP|{lWnF zgC17@$#C5-%!a@C+4^T4T=xrG;WejQdym6UdY&`z*Ap!M9$fbqPv8Z-y@@{v-~YP5 zNCodc)$0E)T=y5n;H`X~v>{yg7cJmNYg_(L;ksWK27lq}XXe8d|1~_Juix7b*ZsmV zc%lW?FSp@}e+Vz;_g_hxgzrz?FQkSi^W#quxZ+F0zf5EO(+aNpi;nQqm2G@Zh3o!e zF8t{`R`31r|9gJ{Ka}0-^BAuCi;9q>{DHrBXeeCw7o*^<=39Lh!gar}4F1U1#~y+!{v>?zpVpsu;kv*02OiI_50m>m zsIFsme~})3-mgQ7z;%C70j~RtdT`xew1n&a;$yh(F9yPOe=!=a>x!9h-CukS*Zsvt zxb81@!*zdg0$$v&|1ZIH-|;tG_Z^X%hab=1p11F#!8d$jo&m0Ty#nxpA6a~b2)qhB z?g1O0t>Mbk9-eKqQ75@aD@~G7(uCIgEev$mXwKq9D!2t7g@J~9KmxSwjtO9(*zgEwI@L}(nPmRE5 z!aw!<)phV!zgvBF!Il32{Fgfxe;z*U7xQcIG5$G%sD9m~e$#f03qRq{$8*7-_Os$VDUi@*=TWBR<@ zRk-rpgvavdS&>@Wc2Ga-c=8tf=jv9^G;rmA2d?Ya@^FpY>hKwU9W@j_y1&(L1pMJW z^QG`3b<9`6Q~qVX7k;3zwd-g2cmDa%d+@zJo?pQ8_;c+9t*jjN=e9ZaeQtQ=epYT3 zcv8Qg%I?Qq9`Nm%G-)365gW;POTAq>c zVg4L#3Vd~4Yu7?}lG~PNCA@knD|Z)th~>EgpX&4Nci>xwSpH}5?mmAWxrhBc^shg< z2rD>?yN)wgnp=JH1mb_RUk&>~-GJ{1cu(XhSKEF#4F15^wN8eQ^3NA9g6CXm{jk|R zl=X)|xu+4Ya&N#@?i0AmjnUJRsvlHtdiT&zzYmmK81dRJl>_nH1Mwdsew43A>tGz4Wm4CK!_qm6@+ZL$*dBoqY6gC_p-Gv|XgG7{G_RFDv zw+8a0bXPyC9}20tK6<|l{?HmROI?Vxr-35 za@WIE?ryls)q6wP-W!2(*9FRb#XNr8h}qYIlt;&ngm4`dL9B|dY7+m$Q z%ANf%I}q=e6#r%X?;L^nNq!%(2cFTdOa2bzSsExerr+nOT%8vZ!8OiP!8Oh^!!_Ot z!ZqH?!!_RO!*w3%<{qm0l0f~xK)lA`47kpZD+75J2lDJey!zn}xY~6Ou6DhKt6gt> zYK5tv)vnC$p`R`a)aQM~t6k;c+P^*s!yVAndt~_wHtDJi%+nhjs znjl{7Y6I6e92m$mJCJ7z;x(?e2jXW1;!h%8+x;9|+x;qB{qqQ}{)sxs3RAzSe^R)I zemXNypR$No{UTr-sX_y8SftYZc3m&TLV5h;MW2^Dc~tTvu{{`y>DAS zdX&ZG^Z3wr69ah~2izZ}{}&M{Qnv{5&k4kj59HY%LHr+q_;G>wev;YQuH##jVO9yXOUJjkaP4=g;o9$V!FBv8;~pyI^FVtWGv4nbdc#%jaJb5y z3Rk(`x`&GN{|)P(U5MBDgV1Ctuu1K z)!w3TwYL#m<+g)w^Ys;7-9x4Mt{+yPX#w{`U6`*#9_9Zv5buZlu=q!a*Z!5r2W6;S zKP866R}HvdVuX1sclD3T?Hh>qOT4i7aS_DN55)VWaajBg#B2ZB57++nIFQG0Wy12r z^_^Dr)c%zWuKg<=T>DoxxVC!{xVC#`xW;*N_fS9ktzlR_do$kmuZeJ#yAZB&*TPlq zUiVPBeybf;?(c}#{&fwm{p(dAk57Sws!=_~$ymhmT1Us#&B+N8s;GvHa)VLs6l6#<%cDcM*SNll|Zo z{ENBfN&Ms#`p&0j!wPucUH!JGiOs85gSYNs^=TQ%<5T8gKNx~|?JuL?+Fv#Y^7s@$ zSe~PZ*KzMOT;uRMT;njRpQP0;jfX^V{e8-m?xFtiM_6I?DI4&Qtt-R)1LRTuF%kGI zc#NHv?5jZju7Ugq1KuUz7m-Kh#`KGrP-y2sd`)-uLo@jLvSH1N)HaaEmzae8U}V5M z2J$aJ9$kkogKK+jhHHEM;vP!fA&~zT;&pu<%`fuQuG{_`Ek0c3ri829eDH-)tsjcQ zfAI5GRrgR8KMK^dGvf2NwmiMz-{!DiniEOlQv0uvS9{R3rAWs9tE06x}pYlJNZSCzG$kQf}XF|YR2Ye0k>;7?1Aih-~{z<@F z2E3f#goNnBfR7D$i-0e7SN+wlErIyvf%sz)#9s}>Hw(l+N4&0cV*AY%%gqjNzsi!8 zcMpBnG>~6^_aj720{&ef{)2%3jQncvgFt-aKzuB}X=FW9x`#p=1>*A~UdQcXaP5!P z;o2Wtz~A}K&PV;+Lq#?Wlsg{rYS*?ve1kyzi3sAK2IA`n;uHAIw)#QWX(`~kPRj^a zd*6kty=CFLUTWkXs!F{;eTE=j`6t4ae<57?HwE(74dlNR@Hzqi7kRXOHA$iVQGF8l zttPT|1D!6ymiVdqm)$!gW7C5?;*L&rEa=6!f$8%7Y{BM@IY5I+g=I?pbItK6Rh zc}fNHTn%{1fImkb?JrS%Qd{lP_Du}e_RZ-YN?jt5zbxWa&)yOEAh?cuW8nSL+j(<} zd#K3bfpULDypBtU;HuAg_SQXK2&=>D)IRAk{mxdq+TF7-nRxaw0I-oUS` z8@q>67YgL>hIr+l6o`K>5WfuZDtBujzF;6e)=c{*^lyQHr*~JolqVN_-ZlHB;_ySq ztlw(DbslN&9{TNf1LY1vyvm&g@9XOZx4;#@4_;#ae+B*b-%W6iHos`HulpgxQ;XJ;5yFq59H4i$UhPBy3d^j*M070c)`b( zY!_Vpa1eg^fW@DJH|u161HNjRjfYq6p{U#z`rrRWij>YD)~cUt`bAAm_fTlAKzz3d z;%5fpa|YtKB0hiXuwoojK3x6q3a;W(1uJ(T7?@_4= z?=sB#tscDg0IPp9_?2W{lwIP)z?^_Lfbr+aE~ z@4JV-OBcvLBH(EQJ{NhEe^nqpO(6bkz*7hOKJsW>J%wvr#aUp#tafQ!rGdZQDAb$( zox9ybzm+ObZcW6i{!QU}PfZv2qK%epEb{*vR_cFiSp%LjQ10u1rwDkdh4xM8-{b*r z=&tsvo^9Z|Zto4(^NSI1J-?U+*Yk^|a6P~H&RzA4?{(decs;*34cGIFzXN&R4zxGs zSN09to5DTxQ$OT|^>k^(>v>0QxSn^k3*<=}D0d*@H4ewaH4f*&H4e81@+S%8KOXSJ z0nf6?zF~Xy_toXPUM+$6*crmQAyNhRP_{&Y{9OZ{FyOOSPxarLi&#|o5Nbg6w4`Zs34`v*Km zz$dz^e^k$Ta2;1y!*yKU3DF z^jp#GSO5FJ|K@NIulCjp#77Ine~Ne=S4YEjTwNT<6E%=$8{##ea}cij+zjN2637$t z8~aB6pggtRLqClih#wj7NC97fJSukue4PJ%x1R!e-h}m}{c{!Z$`f^&6&CvUbs#>K zyXvp~F*jWMV{y3l$HsyD{tCaaQo04)KPn&Qdyz-=JPOzG@OO9$|Gf6qK>injcE$bn z|F!pdz%#k4y(+gzApTh(zE%YBP2oDfbcXBvG7zrw%QW{;ZT%JDVWqD`yy|%XuJgS-U4v-a~b%Kg4P*T+(X%(7=``Y5Amw!2zX}y`$yvfdHmHFVR^PA zUU?3}|1M_tp(g@)9tZ04IN*;0UTwwyzaQ$u)eo)VFa2|%o!mp&9tQGH4)}wBe~Ub7 z*N#B^-+_4jog8kjHxcBCwK9CWRR6c(dFokQI``0b_XFit3b-F)!hYHUc~t+-@SI;* z{(GA3)lX#9jKpp^uRwfOclE#K zqw>L3pW<-MM^%GsKB^5|^HD?L@$y-}jfSh-DR7m$0IqVkx`*0(C(z#Gh*$n=f%w~j z_!kkxCtm&k`tw#GzM#AMQ}b#4;VSn__>`Y4*@QrTe??T-4~`*Td2an5?(PJ>&N2W0 z|3MM7#2)*pT7n|oQ){|}bR*g#6gg>|HYIIO)0C7VD1svPpa_bf2#VNa8Nw8?jWEoF z!F1@%gt3HS{O{|&KA)UdJ~^jN%h&Jm_~-Fx((}CE=W}28b+6~T&q<75RO;LJ73%yQ z?d*MjqWz!4v&FUjT7L%e@++vqXWa<@6m|X#mm#ol>engiZ}>o>J)fY?&f>N`#mIk* z{DKtuOObCy{(ZRoD)w+{o2jGM2|pOu>x8s=-+pbUUMEDw-PFHezC%o2`?&!5kC0yo z{}BE}iaJfkADJxY5!CrJ>ih`*06y@+#CmxjUM8-~tL?wk_@2f7`PZOM3+jAi@>*y8 zhdTG?-tzbBdx^WL@1f3#@IS%JO&uLSJkxmfo&HG|7}xf^WPJLCzJ2c*-{Ll3XI&YW za;bOGo*Z%8Zz%YAwfnW>OYS9TRz!&`_X>e-?$$C zM~b^=$)89Gs};f@L;X`t9j$*O@{c0_P>TFB#`XCB9_l=TI{z|xo$q>2CANoU$Zs!h zw}(B9>+%0k)Oi?njxl+i?Xt&x2b%o9Kso z(4Kw7wI8%S#~Ro3U>tSiSK@}%E;M)Or1>aBZyZlLv@L79` z>;9&oy4Tw{OqI;;vQl*4}XLPrz%?o;OV$?YFc)B$i8lMQQk~ zUBqqsk5A!KjO%_n$M~M>`$o+dcXPiM?Ys$o4SboY({X)kT+gTP8rSpbx2S(L>i2xf z_k&&D-r{cRRmf+j$d5x_K6)KKYif#orOE60{lOIZCyZ-9HyK}F8rzKe@~7Iu_WaM} zb$jUfa_4^7_Hh4rD{=Rz8vQWbKjyg3auXP%Y|7TC%o+i|}40X0> z^3&b-OW}Ko>-yDk(f-DDzWK)W_gTeE{o`aFb4>oTbA3A&A-@Rix!vS-z75D;`$4aVw==HS!$%p{&rKh1T-#r6{Q2Yk%om8exnG3#TxIfF z{}JS?kY8@{I^Ta7*U!DK^QvE7_x(cD$q?6m&^m+RZv;<@ZQ!4DApFh1C*0$GJnCP7 z`ei1s{d|UT?dSVY=X}(8(d6~@)Z50j{a>TbLe$yfkG>ytd9_Y~xSM(&^0Q4|>n||= z_B>zrI@CEAb?!HLt@EUDJ#N2dT#wt|8`nCUFYmluAMNYUkK2j6spp_Qqu`bBn5m=n z=OKSK@{3aBZ${&o=(cJilHpMEx_+&IjP9!(TFWbiQvH*W=#bQD;8tZ1{TT ze$f3f-MH?LdB*j)bd+&z&nd>w+|+i>@~0vHg30TAn~m#n?;ogh zD(XbsK`r>wwQ< z*VhBab$xw|I&)E{-Q@MSw_$Vge%M3YO)W#6!%SZ5EJA(`^0%A3_Rp)x$B|#xbxQE% zzRwQ-=f7}Nhn+*LaT?YRVgGW<4EN9#X^{0!t@Pm%u{ z@+HXsm?FRR+ntwJ=iA5lh^X)9eZ<|frlbCeCa-m-8Q0@>x$%F=-@RIZ`qNN<3A`Bo zq^YCxZ8EOw_XFd)etXC`tFCvgv$OFlZ}$DQhq!w*7410&J_SD0)Y1CqB0m}V>r>?K zN4^O8KcvXFrtp6l*Y)zf@tcqK>-`sTx4bdTx8J+IKWx7pU|j3x8Q=R_Uq4^mRVzgO zvrJz5ZISVE8F#oEbxuN^XW%Eoe=>En{`!CFyj(9o=-aui@yq4ncZj%q)(NP8gvsl8 z+OfuUzEh0rc-ma!I-Yi=ajkQs@wen)(_lPrci-5*8P_^1jq7^+(fB)KegEw6Ugv(( zI(r$vS>DVt+PLN?7}xg4jTgv#pAdI*pM?H@)8w`O$`t;sab4bZS~@S6jw^0u{D*Si z4?BvxXUR*`uvJGH-(1>yhN+V?*-uz#T-$%M@qBrc&Yh^QV+O9$(M`jd>GSLEwYLH+Tle}&0w{TqyH{W{~%$wh8G>K}#re=&Kj z|99hB|6Akh4eg@YhTot-t<WzZug6R$d5rjFGc=D@Ca?X_^P@yR9FBY+aoZ2s$RCFMkty;g7$0-1pWjU5SEhNt5cP9W z|7Mfd_CJjLNaSBlk^eXHBaq+VFMj@Zd3R0W`xw{lf2i@hH1SmU~#A8lN>^OKD0c0S9vZs(U8*WaIWt#Mu6 zTa4@Lf~Cgwb-^Ev$7B%VZE@ERgU}COn7p=U*H4o7=V;^m_VBsc;_lHv)W5*wb-C_A zegN{%rO5vY`TofNGev&gzxj5#@BNV9PTU^12c_^4##>MF$Dc8%pN0DKOhF*GFPr?ikNAmi8o#2qU;aNC*Y{V?D4KK1pq-*mpc zjO%>&GOqI-V*J@`U-t-c_h?_tx7g%$Kb>V<_tVpi>wa2kT=&yz7ReBajg?GuI-;?e6+mixzf1S zxzV`Rx!d^1`}p=eDDEEh#rl00?za4AuC@Ae1Z&USHa=UZ|!ZL`1odb(T{ zauD5JT=R?M=G8$d^2eC`Ns^yw^12?cGWl$|iF8kj{A0!+JKeXt$@qtI9Q(rfp>p%# zzsB#o&)3;uh5xC``>C|&K;!Gl&9^z?+HbmCryJMpv+cl!BNqy9dA(+R&nWAa-6 zW#d}^UE}@ZzWzt3zc=b{@((}VwtqY0U&-KQZ*ljmy-?>!lh<~hX#BBn{QQbhClht9 zGkL93Yh0K2e&cQOdg)Qr-xKvefV(~7L%9j|m8qlK$tGX;_PXyb|FzuI+Ev{4+y2J$ zWt{d<

H{qZE@y1dhk>+;Ss-h8L8bEdeq^Lc6KttQ{|9KSqwoBTq_zi0B=p3jW$ zCWDLrGS#MFjZb;cKj{kN zufOg6Hsg96e%QDkhyP|==eyFluJ<2|>w4d0W#|4`a-@H}rMP?4$2T$jezeK!d`~j2 z+exYMXX^cSQjYq&qW&Ewuk{}`o-2)d5_Ni`&gXD9$A{#m=+CB(*5CM_o%`X5UjFfp z;_i{F^Dn8hugUj(+%MN5@bH$n+?O8#ceh@v#`yeXQ~yJGoig9#wVf9jKVqq0=+;=wH5`?qAxT?Tl-C_BO8VIna2i{C<)# z#)r%Ap`9eI?JSUXUTFN$lYRf(Z0czHA2s=_CI4EA{AVUVR`Nfk$fy0gbN?Llf`6Q0 z{LGzvJ2Q>%ljrjz#dUdWZ2c|S0&%loDA-WU1y{AB#|1>U1={-+xrZ@n_|_`cQFKE$SCF{65Fz zwf@=0>o@oN?}ezd3+g-scgY2EGyfG+N9+H|xc1NAjq84~(N~@O;eS8*nQsq&BZ$`TK{0aJN6!%6?r2cl)FE=T*jad6yVp zcd~Ei^Wxf`SLLSb`zEi;`)}j=dCtgpu0rDdr9;p6k2g22{j)3FEmuUAYfrdau0A>L zs1k`}8^8M`Uw@Qw?T3?%S46`yku!`hl;g}IczE2C_FMyZ?fLUGKi|9HE+3ctAH`kD zwS1cN=O@U!I@+IU-}`!+Usv+Gh}-Qg*W{Ot_RDobihPOj&Cc}wS!?QKN}b0{UfcPC z$xo2{zl}G_P45lb{c_p%Zvl7x*1Vo?e}8f9hb!f#_bBAqZ^szd@x2P;FE94(xY+mu zPx<*?E$&hq2LJNYyx(N<(K)`~-ay{T33A=?xyft4eQkW3*L{1^fABxGe~y0M&o?UW zrn>r{OZ|Q(ugi6W$=A!x{9=>W_RKL}SmKxK9OJRQefzF3uE(+a#I>C{GT#?XUgz6v z^3x^%lkw3bd_QdYW9R&Z}~>_kNStI!_wc zI?Ijg`uzy*w*N}s{gLmC%dkXbv;QXg!R1>epJ_Z@_M>6ObHtA~9v7c$yjJ{baqZ81 zxygJl^4uRAjO+N)E5>zv=>y|BzVxMW9WVOHxb|nSpA!A!+N1s7&$zCy1B~mq(^%sl z%ZF4Zifcbi&i32YLgPKf?>2RGzK2Va`XI4;|t}!!@56rUS6%gnQMgGAZ`To@Yxj=4W?p{=b_1Hj@7?MSiniI`_}(a?^efaoa!rjq7;JaO1k4jyJC3 zLbJtnd3TlhUSRUNTvr*_I!lb}_|h`tI==L#xXyR9yoq3i$?JT-HLlCML3s8~To3E= zZfjh}mokm(_|h2TI^T)Lb$n^E@x$bP_sQaJxnw9UJdoXJ@>>6H<0Irg$b+aOLxf?S zkKpc*@jrR9z&ECj)?Y{7&#T*y_Rki^b-x&BT*n`B;qG`P!&8ybaCf}Y>y}AymygQv z?JRNEKaQ&8X5%%;^L%%kac%#@#iE*e>-q+3J3rae z=X;B5e`-JPXI$HPsBwM$n{Qm(Uj`5RP1<>Z@tF7}aMykvUs?=zb*d$QE8OL^f1Ve2 zF}LI^_wdX6zRBzIer{Zs_j}_yzLd6}?@#SF?T0C^%d6U=nykT71(`sDX^Rub{qYNHzC7#qi5C1ZG?T7yw*M8`^ ze)8>VFL7;8*^a(FIVP|5k1?*}C)17V@om1T|E<)&%;a@^sTS_`$2Q-b$Q^LEKWcxz zWL%f`J>%<6_JzI^*X1qU)_boFI`@w*Zy)12zBJIdjxXgJ*Zw&M9v)X^xhBEga_RU| zsc{`&I@7rJ!_CHZeCYw>I==L}xb{Pu^uuQ+ul>+-L*GA|@3FOCfIi}Oe=IQhimiNp zc8dHNCV#u+>x`$1KbxY?AK~HgT>5#Xsq@Jee!_Zb$=7?jaUIX;Z(PScMjF@goFl|t zzq#?8n4ewbSd-WBoO6+P(Jwdm?Y!RPwLMQ7*E+8m*W=qqrv4b|hmAMtynY`|_w(&7 zZrAU=#&sNNjB$NkJjvA0k>x5idF{`OO@3o(&#fk}+vk18bsXtw<2sJ?nsGf|eIc&f z`3;--eppBTF0So|UgDa6PVz&Im-q5@@>A3~!MGmBt~7PFmpXTwy!OK*#ETXR5f?|4_#H z&oFuIp9_t@zo}n;*BaOP-eFwlyUe&Ae?B#?^ZloB9oPDw@w;Vz+dzK5oi10qjQbrb zZu@PV@vY_kH%FT~+e@7bOkUf0xp95ndXw>ZjcZvXatG?~;5W_i`zvtQ!|(cTjA1ib$PYl2Alk7$scd>x?Cm3ADrf&5I1%DN}X%qaw!ll*M0D9u)HtA zr9?ROAL82n6XchIq;2L?>e|lDjcfn!Vtn`r|NK40UBAhxE1d5blW+amH+BN@a>@xO zoMZCZo{NoZduoig#C>~eQD06`Vf`0P{*V3q_Ol#$IaP%DHu$E#>EZVc(>wRu$XUM5 zF5>RdCddyqd0nofQh1^9edPLJI_kT1reD=2uYaHBCgZd2_w9TNbvDu>!Ozc3zPDW0 ztu%i6?tb~(P)AM)VYTh#eMY)nm5ulLsPSGe`I%>myVl8}Ih>$1U7h8=>7na7b>u6D z9EtiL5nD&kZ_c%*i{`j*!IyLPLw=~<+0QXJ*KZuo?W7XU?W!7{F8_BwYUTf~J=`zq z;oQF(;XDpB!+G3jh4VPs2IqKP*fGI0*B*`sraK6}+z-BgEDDdhfP7`adn*P%bKtwe z^Widt5l)T4cSAl7-yL2Fmm#olYBf9)`C9m1@Ot>(@J6@{1%^|b;rzTzD_n*?!+aZ@ zpWD)n+fCjd^OfB$;yeo;m7T$PKX?|rKRgG{&++BM2O=MX4}!Gwr{9xqU;QYLBM6Od@e;$gw-bZzw1CJs<44wra z4$py)fak+U!ej7UxZbCA?KuoyiM+f;Ae>qam$y)aUJIAEXoOx5AC3Br@Gp(Degs_K@8g#1NO-zjUpvo-N8v}ov*6?5IdJ*NTsSo!J`wpCT;7ruPSyAIxb_@_ zd?oV7!mHu(*0gYHE&Mp->*4azk#K4wd=m1_@Dt#z@Dt%}@RQ(rGIq;V2-o+AI*-Al za`JXw1kZv`hUdVi!1Li#;W2nIJPw}*uY^yBSHnx-weT76dicrkM))c4X1ILxBAnU^ zpNV`Md=^|UR$PD1hNsI#jPp1=3ZDbl-?QlQW$+y2=fd;hf0z4o7B0L8F13V6Y30?_*8D0%ycPZtybb;rc%+wq;QIfs@N{@9JPQ99 zo(2B|o&*0IJRklkJO=*^9*2JpuY~^{UJYLXuZ8~uUJw5Q-U$B^-V9#}Z-xI8-Uj~{ zJhG{O;QIgH@N{?^JPQ8`o(2CJo&*06JRklIJO=+39*2JiuY`XOuZFk7YvDh@>)}7b z8{z+jH^YB|x59shx557hk8I{2xc>hIo(>OB&N3|uU&lR3zOvx!!gJv3!Smrg;4%36 z@Hl(}cqM#8cr`o?UJKs{UJu_G-U#0W-VE;vZ-w`Qx4}1sN78)-^5WLcs}yG!DH~<;c@sL@Jjfe@M?G_ycWI}ydEwe zc?vtA5xx)d&G5ePR`|Z~Hu!#Uy_xE0e|Y*9iT=-mN8xg7GYn?I`y-zN9{|sX4}{0y zgWz%aV0a~b2)r7e4X=d{h1bImfH%Sqgg3(vg15pChPS~Ffk(DX^z)(cba)Ot3Lgf~ zf)9u1z(>II;UnQOcrH8+KMY<8KO9~SmtWNpE@&-$6!P`((eOt27!n_5Fs9^5IeBkAi2x6wY?J8!+3<9D93F+wfoH+X z;5qQQ@O*eVJO-Z!kHb%eSHe$&SHmmdweb1ydid$^M)(=kgGVwF{eL+;9bOHO!mog5!LNkpz^{Vm!>@+N;Mc(8@N40f@ay2!@EUk6 z{Capj{04X<{6=^)d@;NgeiOV6elt9>U84VQfv3Z3;ZgXl@GSUk@ErK<@O=0Zcnp3A zJPyATUJ1VoUJb8<*TV0H*Te6DH^T3QH^Z00TjBS?+u--ZBikqX{{eV9ydEBfKM2o) zKLpQ#KMc=@FN4S6kHF*bN8y$5$KciQ26!#}adE-$Y;{CpX2mEEqxZx_!p^}muj*~a&maq}GGS|`u= zb5cKMe4x}RF^YR~tW2t}knhPZqB=K2^NVc(Hh+@&C#BqsjPovi_Ql zKP28_e4`ybv>D%JClBq$_4DB23Jj*{_VDq}KA0xkjQXa#c#j&Nn&~~$_}hDX&obU3 zo^AYn@f_p7i02t!u#c}FGk&qOr^NVkQb(^j-DJ1@Ykj?zQ`h=>j#lp>b@be)K2^Nd zLGY#CU)ot`JYT%g_{M$x^P7y9@9VwU_*LR9#=jPCGhV-+uhVY4aewb&rv(3XlU@I8 zk>y?9#@*qEh(}#0_|p7yQa{u9V^TlMxYo}$uJ!Yc?=Z;EufX^VgT2R$|3$pS_yt3J zzS8)^hj_0t{*`#O@xKl8`5NQv4EJ7d{5z@BV0_@AKHq3u>oghPWw_6`8XqckRv14` zyv?}QX*YiGa9=-tJ^xeJ?*gflVf+d4sBx{6X?&8@&oTb2)X6jcvv|I7ty5rpzSNH! zUpL1uPlfTZ;+4j=PL=WNq<*dODN?7-_>1E8#r@zjR=m>q)l#R*_%q_Q#@9c_*RM0a_*n1t#$Oh1F#e5rv++-2 zzD|qrqo#OoHGYiv3ggF$w;4ZEyxsVZ;_2)A`RMkOR^%UN7(Z0t((L#$OkY8?Tz`>sJ{6y4ZWA@y(}suQDDNuQk5kbf2#?en^S;dgImN z4aT1mZ#I6Y)Ne69Nb;@5wf+j@T0gRZZsJ`p`ql7t!#VnIHOBWn-+L`w zx;&gvXIzH$BK2_jZJE-BzOT zp;E*B$TVIj)3V?PAfIhq`#%S+*Bb6=dB%0!=fe*|{Q~2fkHHT{zQnlhOL4diJ%rDy zFg{IcRl*NN{VL;f+c#1T&q2P%_!}~<7CsF5I^(*1*29M*-(Xz#$42-F$S&$wz%SONUn=pJ80LwS{2b)#jO+TUho6glgK=$ZBm6w%n~dx6p&7mq`4;24 zf3?E(8q+;(g>l`#+Ta(Ue!KCGbuWXYZu`Fw`84CYf2G5#kk2r#+j)3QNTwg=Gr?nW@{kIi< z4eGBjzMo8MgI|k$yK!A!9rSmr?>gkuB%nT2rlrGckk2swCz%$7UyppI@!m2m3w{Ig z*~ay?Uk?06pC;2{@TZY4F}}4-i^HEmzQVZnPbK_Wo(^w9KEt@~?@{z75N(D{bgD${A1+njBESr;h!MiU|i3IjqtxA-();rrZvMq zMZU$j9zR>*pCP}(xNdK4@XwKNH@>e8U79OEylHe zEBssJR~SD;rnSMpL%!X(_Ge^kA9CyEd*suM?=RER;qAz07_X6OQTPwYXByYB$SnAe z$Y&eZ^_2tvFYhp$LA zJbcrxJg3I^(c-o6b=*ppuR7yfh}Xl{MZUqfp1&I5>mlD{{0*t!4DW$_i*X%aZH2Fo z{0igR{x-tKEry-wVT(_Snd?VyDjSrG(S@4aK&o-{t z!#QvrgLg}oXS`$khxbJN0^@o-iNSjzUt(O3Cvo_u$X6KG<3lBUGvup`>+zu)o{oHt zaXmiN!Z%00&banZJzQTyxc+P~uIslEuCG~LzR9>AADZD?p*=0eb$e@tZ;kv4;96CdQ#^rg81hEco`w zXB*f3B?rC(@_EKja|;=K<->PGzQFhdACJV~J0V|UT(58A@STybFrFv%E8)8!UuC?n z5G~;{vSR@^uiTWAFb$vzQdm*1`d>^Tw1>YO_Y~vl* z|L}c~&oi$1e0X2v3yf<%2HzL?6611siNxXiAzxvzCZF+#`XAI4bMWp#<-rp zYT^BmuQOgF?Wu?NN4~+ho{t*g1CVbruE)1#_(0@ajO+f=3fE(vYw8N)eWd+u@WH6x zZd}jTk?s5wU33WYX~sLYe|R?X8OF7K6h0LBOyhdK$buh$e7132-W>RW$mbc?_T;6~^KMMIeR9B{c1Y|O&UcmVEgfEf ze1>to9*Dw^Lq5~Ep6{~Y$0MI@T=O~bNyz6JA1m$8ho69afpM)LgP(|eiE-_pIQ%5! zD~#**SqU#hzRGxiX@505hJ1~2ZGSDi2>CkWdVN(7pNxEiam_cvry$>CTsFT*GkhxY zEyi_!Y=svizrwiY+u+lXZ#S;_$c~Bad^+-J#y8dNA6|ldhH+iqD0~L;na1^am<2x> z`E28Qe9nQNf_$EFJwD{aOOY=yuI-7zXChx>T#r|A_$=frjBEW$_-y2>j31=iKRk|n zjqwGNuZ7P+zRtLgpVY(4kZ&-q;~|akxyUye*Y(v5FGs$`xLmGBTH*7MUtwJL_cr*c z$hRAxCH)iG$^XYiPeVSXOylw}k_EpQ`E27lUX%mB1o=GU+W-0RMaUNzmxqxU z{8HpgjCWlB!!JX=!nmG~D&dzSUu9hPmuh%5@-@bFebvIRK)%knJdD)CuSCAVxaJ$- zS0UeIT#paU@T-w;F|PY>EBqSdR~Xmpu{QX%$hRAphaG>E-9@iMK1~X$>+6?vcn$Iy z#x);>UyppIaqXWh_zlQs8`t%l1HTdZJmZ7p_?Zu1jC_G{ef<)H--LXLajhSR-;8{P z@jawHmGE1TuQIONLp8h>`5NQ$Fj5P@75O^j+Mo6C+mLTCuFKm9za9A|!SVO;yO4Spx`?Z$O^BT>I1T=XvF(~R%uW07=t9r78*50-osemC-&#;`_`S&I8P|M1d@1q;#&vs(!S6%9#JJ|;@cWUkFs|*Xgg=0Mm2o|PRm1C% zuQ9IqTKI#=*BRIG%zF4k$Tt{2HR8V-;SVFgN8w!t4o zzTLQvheUcu!Y>zn4EZ$Uy1vrk4ajF0*ZnsNe;oNt<9d9^f?9 z!prcDd?ft-clgHev<>|OS7#IW0Qjcxli_-e<|bFc(~-X&zB&9kxNd81@`rGJ%Z~GZ z_H*C;`xbQDagR6Y@4n0X8T^04?|Z>zC@A#daCwOk`XqSAwNfyp94@DnFn=jL8jAmR zCtOx(IN=$%jvcxQ@4@w&+W9Z=-5ki*kOBTbZhh^p82mgEz9+l{o(Vq(z8CxkxQe>(s^1YQBphA)N>g)fI60RIAhAbewKglmtE z8Mw)N!}ZwXd>s4`2l90x{7}W<=N<4I_ zhu;F91Ah))2LA*;7d}=Fg04N~@GIf-;QxZ33g1Q!ny$`i@PptL@Y(SB@M`$!@TcHs zz~6;0fd2wN6TVlDf8g4A7JL-^Z1@a#CHzA8Iq)ao=fXdPp9kN1n1A5fvk*QQem=Yw zegXV*_=WJ{auRa&tKcWYFM{6$zZm`u{1W&V@I~;A1)PQ{mUa7sG4dAH%PQuPY~e*Pa{TyTWgT z9}Zs(FM;0#zW{zSd4}LQIe)t{m2jHK=>*4FlMVp)N zgYX^U55Y&lABLX{Uk1Mg{s{a9_@nTD!ykj|--mJSY=HNdi%aK^!)L&sfL{WC5?(aM zKX7%Pg5L;#8vZ!^8TfnfXW`$&8{u2X#jcz0bMWio&%k?^nKh4BBt&xU^kzX|>={Au`i@D}*@@L%BV@IlA;2d@1;z)yq!2)`cwU-&Zk zPw;o(Kf}L<{|~;!vHpQ;&oA(O;So1czK(;h13wMEF1!Z59{dY<5BQb^enyVghxdbT z0N?qzM1Di~A@DT#N$`!}U&A+sZ+(2C{wDAN@SgAq@Lup)@J-=M;G4leho{5SCMDXl zIlK>i3-}25mhd9@R`7G+Tf^^xZv$_FZwr6qghV?t;P1k>gMSO(9)8h@i8?#Lm%?|1 zH^X;=x50OYXPlI%zYF{zcobd;?+rf}zAL;I-Ut2+d^h-C;k(0iaLUmh@T|f_`}c$& z1YO~AbcPA8}PpHf5P{LZxTzib3ge0@crTA;92mQ@P6>y;r-#C!3V(C zFN%a;jt0W}zz4yH!w17pgb#tA1Kk$R#TTM@K@pa@RjhR;2Rew+BqJ+FMI+#A3hO&2K;FFV)!xe zzrv4&{|qmH?=UUV&g0-i;m5;|g-?Q?1wR447=9xB3HV9y58#FHAK@|hw$l^sFMKj;M>khwEuE=e|R-K zAASXV7W_*1BKTGC$KY4P--TZT{}23H_~x?{?Y|B_5MBd67JfbaT=)&}TKJ9d7vPKG zAH#2g_lPIjc{6->_$}}e@LG5g{8sqc@Y~?G!Ec8*!k57R2EPN|V@{&|cfxmt-vu8I zuY*s4-wm&X-vhrHelPqf_)_=>@cZEH@cZH0lqHty0r(JjJ-h(^ApCOpL-04?55qT@ zo0#u1_+juz;B(-Q!moor27d(J0B?am4*w4R1bn;lL_42^4}m`gp9Oy!em}es{xbYI zxSy+kzt+Y*^id=dmH)0A{9Hf5ksSC2@ECj}cqM#ecrAPrcq4pMcq@D}ctn=PwKE+a zg>Meefo}oVYaUl;J@i8*@@|@b={d#OR*Jz--3Og-18+i|ZQ(26?m2yBCTa51{c!(A z%i~Pri{x>h@pt8M34904w+in5yZw58;uUbWT-w+5aQEMK$v+Nv`QE-vqy_H&`=Rt{ zyYUj)xYm(+ZnCR0K^1s7M^{^4s_F`D)|k z;`PRFkPd1#zOihKZN?uJPnZ61^K}2dl#O&dxNGOlzB!R>xXXVc8}Bf<%P*CD4DRyj zZes9NX}m(b)_9MteZJ9nnrytS#!JQj0e7XJ^<^SyvYvH$%Xah=Hix@>57{5G;O;pC zck%h5aF_2R`2x7h|0ww)xXTZcd?noFd-e&w1z#7zU0#n1b#Rw|OY#rGU0$!no8d0M za*yC!@by02<@K1}4tM!a_H^msxGdYdGnaou+8>3xX;u3K--55b;4Z(8n;3lM!5#f? z-;g6m!CihI$;aV4`DplE->>dsJHzXdchg2^`H7FiUHvgqzXk4S*M2^)f7jlb`}ewd z#)f{n`ZoRj<80&E;swSp5U((Pk{oExfxC7d=Vlaq>EBz|`3@ZDUH?wH`afbll{7XZ8oisTZW9H`feM~$CwxX0& z#G!DP|5)+`aF^d+?voY4T|OemU;R70+MZU)Uu5!INWKp4o^!F>?|BgJ>K`n5{kykX zKVMF$@0GGZ!p!RBax%v zF8{XV<8YT>FwLcd_oc&K{%6VS-(z)IIkmWWME{Pe^QZ&)(!YP|-2H1R@e@8a^>>ov zex#?LuKC&-{&Cd!*pt2I7{6LPX8cj{O5;6F@pWpAe<*%8-1Wmg(oX$5nA*;VN`0L- zP5uDM>))?*`QAPneoyb^A2{C?o(1m%9}0KvIbZ4*z;{Ew0=_%E2JYtljf^AQ3U~Fd zkox-f5M9>&TNn?%1z-Ai4Aq|(kI0J_^{>S@g1h>+N&QT?d(MYtu6iWW5AO1hN6Aldv4)FZn+LdzAyX`_*nR%@KSgVd>-8O&uP*>SHp)PzYIPc{xsax zIbZ602p@s`XK_eaJ2ENaUmNTzC%rFnA1pIJ^=rmu}(ITKFjB8{wnjt?)5$ z9ei=^9}ADVg$%x&j|>0jzm0?+0iOy#621_g55E-d{(GtPr~VxZH{YX>f6(NwkoGzb<*Yax|{Dr*4a&s?Z;Y zyLMhL?R*C=Z+!~$`uqG{`{mLz^b8q9b1s*dp=ZP8EkB_bz~wDAp;y4=(lhiLcq|nE ztpQ#HZ-GySx5KBvGh|%EwSOu+8(s`AfKP*0z^B8{fxCXbN%~oTPq>?}TzZDj(%1P-+@;l{|)>i_*Ogm z2X1*Uh7W{a0xy6sf)~MEd$OfH3*eU`zZiZQTz~(eYtQ9y{k?_GtKpHI`~&A#z@zXh z;W_ZD;4%2s@JjeK@LKq_@J9G`@K$&YyoU^8y7pfW-wl2Pd?frv_*D2}_(J$i@Fnn@ z;V;5(fqx3Gh4O(GnH}cu=d*H+1uAOnIa{~O{!1b##>i_5J zFI5bF)<*pU=lA*lhTj{b{(&{8{*pef)!UgCC9XgW%7>bK$NZ7D_)%g+Gt{Lih{tOX03goz$s= zzli*D_#faa;V;2^?&cr3<$4*uHQdd2smwPU-h_Ms{1tcw{8e}j{EzUb;LG8EfV=iI zNPAl0uOY9$Ovf$P>+tCA{(&xE_>>ba4hxCs6O^4Gv!en-hKga3&9JMjO) zzk&Y*-)bNKz%B33@PY9E!6(9hftSN0>m(-Bz}JB{z}JPhz}JKS1lRX^xVh}u*U!tf ze|_W+f^Pti!8e3g!qecj@QvVi!`*rrDC?yOzA^GE;G4kH_D!_ECp;703!Vqx6n+%k zwP&KVCl22X`T1~{pDOtpcslY8@Xg^Z@Gao&@GapP`z4llD|j}1Yj^>C8+ZkLTlivl z2K*`bcJL43+rvMDyZ%`q{nKOrMEiF@emD4z@R9JH;8Wo{!xzGLfiHna;V;5_!#{=Z z3h$AXXurM(%E@l<-H;y%-yJ>9LyZkcA z@7UihtzX^&$R7kB2tNU??{Ra_UjQGB{9^bJ_*3v~_=oVJ@SorZz;_(r=I+~nAp9Ws zLGTmc2g4V@4}mX+9}0g8o&*07J`Da7d^mi^fr<8yfFA@O2|odz3ts>~3|xnIwX0kMKMVN=_}TClcqP0Yehxh2 zphWx6g&zbz4<3Urgjd4Phu6X{fH%S~gtx-0;QD41w>@73j~<+8|Hbee_$BbE@I~;2 z@Jr!K;FrN)gkKK-6kZMQaY&+_SHO3JUkM)xzY0DTel>g{{2KTY__gpC;n%@ez-!<= z4^6cHdU#*>4e+t>8{wt!#qdS&o8U{~H^Z01Z-K9b*TQ?|B-(!~yf6GV_*nSu@KX2^ z_#*fn@TKrO;mhH7!B@iT;5~;$!Y{Y|-wp2zzXv`RelNTfz7)O)ejj`({C@ay_yh1Z zcs+cp;feM?2pNm{8uY-;|P~vcmGRq8a6L zM@`8cTv|M9dU;81{+KE99ApO-j-MPvi;D|Oii@TemyPJ3o0yR+W&_!U;|j})=N6YE z7sLh^7EUdmGq1RC^1NwLIH7!K;i##_v&w^wa#Zj**n$R@7SEmQ{~v5Y0p<1^ptC8QF*9B| zYQoUMv6K5H-LQVICME5S0l|S~?K&dKLjT{-A<1?cY$g2*k12MCq{3kPDPFs!(bd*b z%B{7eb6eA`HE7+i($d*e3QJ}Lhx@K2CzJ=9N6KwI^)@=OaAH>B#D2lHmOm!g zt!Jpj*{1skyb=A~c6(}WvZJOyJes4X94WglPtamHp!&mXmm^`W9%YkmF5P_Yped!r zMP*%DJ0_TUw-54zif6`?o>#hGVnBR$yh|h2qzwb(^X8W19vK`I%|UI=4~xMn3=Xfs zDx6ptYzyPZOc-El{`xJ=ZDirr)}^uCTx~<$;s(3vlv8qp26kC!xBC3nwz_R+pu6Nr z*7Mza`rzQSDE`w*x znp<2}9-K}Gbv=IlzrF5HcC8a!LY3on!mQa-*Y4u=|LLoWq(`yAr-s+#zv@yvS>d9! zs+jE6{BQcI!8aABx!+>>I}WH?cS8AZQFcZ}l8c_-bT1qjjMq$cmv>!u!r(~$o6boO z)Y3x}%8Tc?3!DCl*WOcR&zf6a*l~fA`qfm*7ht)$$u1K5WzCy4!;QYh%gf|?ivupf zkU+nIQ;Vk+%_}VrhUrR+%Zo=%a4*%|%d7$JWmbOhu**gC+Ez`ntGH{ewQOTN9BJ${ zq_yTRMuJzp;|jyxFPk@|+`TXfURs7POgctYgJF}IvrjD^HGZwu%8~ApG`M7NC4%wM zX~kv5v!)aWm$115%jd_7gL6RYYrEtxWs@DEgApjXNDhYRN!Ky;X*qkFo! zdRJF3>2}u5m%Xc7<*S?b>Q?^hp5Je6HiJ|}J66={Hi%ROI@Zu{w`p{9J%k%$@Tz%k zabZz;p?e{|x{c8s>=Q3)I`1U9NU6uB{L9ni&&m#lqx|SfV$bY2%yxcC?&=SqUC!UD z*+cPiGU(Sv$tYGy2)bYVSojz0{npZI@F$Y)LRGv^ib4JRxc5KP+;L_!o)G@5mZ_v~k)8tH5 z7@nnqWg1$TY_z4j+u@M#py)3&isEs%CE779cPY@NO{u!4V@cwrxuvQ4w)2*xJvuNP z)=O-7N&6z@eBEeZI5y=jkqX^yxQ?a-mrLWvxb=bSywt0rqtNd)$Q7I)#uWy)Q3~A) zxZHeqitEyG9p?~#haw!HOZuW*JG0{nYjo0CWyz%HosRi*w_&TgOz|ssm5u1$32c=m zx_1s+Wr<&L8cSNYV^i(knJj6Ijy3;(bTV80On=S!EI7uj;^>}q-oMEKK56BSu3Ylg_haS$^G-K56ZaCcqT$7SrA^vv5uKtXg*lqe}b@a|D#q)#VkD0-{UV@Py zd8o7EYfvFMPkufLX<-C0>jF|6wfIz11x|2?fJrT}H;;X4Y{D z7by~<-ymy+6Z3n{XYAK zUWju;4Yruz#b$W+aAV{C&2RqVp_>EbDTc;>P0{c&u)OQLg@U%OopE_2Ub%Y_>dESr5}$yyu$5SdhF=QkCdV@1%Ne$L!s5x%X(# zC@Kx!R244QuU;g#&#qP9cdNCD)5ogTLU#w@+!h4UqZGE)^!r}cX+1K5jOS9Q_ zyf$0yFxK!STVvAK;+?n3+}t73X8)dd9ainKBT6rHes;&YccT?L>Krb&{ro`3h-``i z{eyR5mKIG3KFHwSn?E`jJ#%BcG6LJtKSQR?E<3HLZ0e}s?dK`p-sZ0N-Mz#lcLm+m zkH0NwmM(cIf4=QpCAcIu467XY%f|yV~ip zTq&Lz4ATFqt+8W>sv9df*?BzaXjI4XRJY&NoywC|>HgU~>C-zJvDPQ_RhRvh=k!$< z@BYPAr^Dl_i~a^@_AY0xq;p*BlUK58YkB@kR_fQE!je|iEv?&Uu~k<2l_#=Q)(&3; ztnIlhY2}VX*jk>>k`~nt?f0wCXi3W_+PsD*wWQUwvHgFK^IFmtgl{4Em8Z58h1cxt z<}YTGms*n(&F?ef(|=%aA>u|pI^84)uK(xiJGwA<~lySNtfysa`5hC-T1V-Qor5}Ix_JdYqyuI z-TU&*y{+GCJI@YYmzB+!UQ)i=RT!+Gj!k;47BSe1y7h7KAwiQ$i>IxkMdtO^@6)XC zUEEX4f;Sb)E8{Nf-Hoht9#e5$HuBfps*;zQovQ|GBE=g_*5YPZ@bUbt#H;?`_&zvz zog3an(oO&OTJP=^QId~w{%+e{@Dg@hVd?DCf+32@v*!hG9!zoLHN~+mcNwE(4}bh-CzE8KANYNiY;bTe2;M*7KG&c0lxp^jAmxAm#9EzB+*OuaiyV#) z3jOwXFuS=l!2oFaym)ExsL?Wf)9Dsk&>{AgSopab_l}TY*e)0m^l$wz13ba!j)JS! zQDbLj<*r%T@N79CY*3*Lyp1XdK4X$-<;b|ZnVu^r&+)KmhL`bL%1pZ5v2r7Rh|@Ax2A@auo3ckLz}`U;0`I}hIJE5?rTv{b`m z-MVcU-iYgZ!%7eSsjquFH>x|MZJnRdu^8QamG0JWH+m&_-;sY=77pU`(>a~CmSFDr zo!gUQ36kGEGEcSV(1GDtahF>Mt9XNda19;or`qe`eqw$hL8@Cl9m5fwOQc?LsR~I4 zbeuy51b0GL1>M4nv|a; zFrC=l#`zJ^&PR;k*B6>Mc0qtnqV$ibLt|G=AD?$ixgycO9Y(wyED|Bq!yk9sRA36r*ZxM8kc;CCOM^ z(DF5XWgdKZHYm8tPsAj>r?XbG^6$zqhnQ|HEZZ1dly!OYU2tXg`>eCzFqgRdHzoMZ zt-%O)s$tRKdb;Dw6LY?7N~Yt^Bvy4#bTxMc5o<-f|CJ;8`oii`c)>HfcXKQz@p4bqEtRb1C7NL?XwcIF%qKA6gs@2A7Sz8uTtk`Xh zq3H4Fk^GxK4?{A4VkH{Fcs%U!cLA?zXiuIrrZbKmE4?(6JxpXB-e`F-!#YrD?< z`F!5zeO=eN&UMb`eE!^>taR*1hVTqU*>E{TTctR&q_D*Nj#}|bXj5JaKNXvG<|yWL zckt8+xY{e96R}^PmFquhzJa!a=L+y1h5Wq2xp~E6(U;CJJxj?a!;$=2GG464E4Cip zaMkx@$OW+8i!XBWo|1*vmk0mH*O$Z8)=S&)9&d3+{_EmPRG2pYb$eJq&w+?vp>rfzE0|i<%9`b*4Zfvy;nWzq$GTfZd~dx z=oQ-}J$h*wugG9efx#ReIE?Li!x)yQm9WzufYrfTQX7Iv%{AU!i*Z#lI@MtGcGeWp zYf#?v2%(WT{t2qvX;{>*ot@H-q;mz?T{is7bMo^FTlgXOD>?bcVe z2N=UHD`K2?=@rJY*#&btx%L8Axu+M+T@b#66&*$pLRm0$LoC7RpnhKhj&+C^Pq>ID ziQIf)Sy3mkWVAZ6{yIDR6z$sdj?}01I&MkV{1C|Clf=vvS{E-I!&0jIc!=d1>QUmR z8SEZ3Lya}LvI_|`bbC6APk!a=@ho{o(Tdv*^{2owjz?+4{?<$SR6KgYarfL;AvbDAIw4|?(jaN3&HW9(eenq@{K3>r^1cL?#&hQWwf3E{zKwd zXJAw2PGVM{(1vFN@M=2z{0eu|z#prHCtnF2;2!(P$rM;Sc6ikethTR*WE1dha&^SjN;K{J5TY(!sdW zB&J*Z>7%BK?HUeV?!uoDge87vzN@c;4aTQ8VzKjNIBPerfekUOf&Ko4w^NW62Of`K zqL$vm*%t1;h}=^MucXeK1;0z!`O4BU;pHaxcwC`S?g0^vI`wxgQ^75dM;GVLnNc)* zYVP#u&?_QJiW?vOC(7OvGOM|<23007XTV%bTiESnQl!=6Ndov(cq9RIR*6;%(+hTF z)j>a>irJyj=XwU;`Yq)fZ?(a>b#xwscL#et5ng!2MWm=@j_{&+^g<{EYo~7v_R@q` zDY7zX@nQ*T-K=V{+#Z_)SV&Ef7C1kb8tUWj0qLPGTTuWf+zo;L5yG9lm1&S0JYT z?s_}>u`jqIOT2A=hu$9(6_Fc`@`mz6$%U$JVoRdfyIJ9qxcEIvm(Lvk!L86mvK1yqXw#B3pr+$H&weS$t>x zQH@hryM%X*&6<-pW9sa@+3=E`9XsnVKmYQdIh7Un8Q`g`xCcUC82(S4P>ZoW@}fS} z#Xa+%-}$M(X9l6<%Rjhz6ejIz4x~oyPK_NpZ&Y55b_||)!w};=Gwo!`yR%f#Cfq~S z3AY&C)DzE`Pwm8gU~)`x^M6!j8Cf*IdCq>tS*&uxsdsXm$a+rO?9Qx}nz<{1TFpCt zqRc$8Y7QrN#^+ugG@W;-sY#1Sa%J?aM_D`9I=;G&Z<@GpF$oR8E(AqQzr!@O|G?o(e<^|-J&cW&qB9pHU< z?l$`511{sTXA3*76}(;26i9Y+6gOx12Ru8x+r&IyflS4WyFI6QJeHqscGB`}HPN$8 zMjKD#v(>2vdqp3c+@QrSIrZ#+2~Zal#S|L}^xd-I9g{ge^w5AeIo0=9XVx9w&b+K6tfHKyr?XNmUI&eD%Q zVuS~~$Z2Y)c$p}}BR&HMzv!z=8Y!P?_%$UjG`a_S2WP*PB%9jgj4d+Mi17s{h@G!r zXAO0SCwEPgncU!sAiVJb-fJ^TzFI;x1Bl@ft_X4Do*bNH#-IUoc@_OT^uSA3;f1~( zb^x1G;i-ZD0w3&%DoQ%hX0JOdz3CHYPc;1T^lEZF29hhD)Oi;Em?4}d6y6SHSS|L1 zqdR-_BBMJt!%5QyFLK9c3f_8*8g!NpcUl0bdDPST!0Nyk6l0(hlV@Bua7M}r^ar25#C@m-i;XYo_DeTD8N{b^%7vc`HVg-1x z_Za3@H1@EJ@a#)fK+!lOn%DoxW5(uAhaU}I;A*NN=nO?u84oTJM*{tsJj`(vv~^-*Uvs>g|%^QM)~f_FF0EOG|U5arxy(~9%lg$3FK z*Q96V&7+kpxsBOWSTHBgtpzThxQDwDEW>xq*$~b%2f~v!Wo1+0F`Icsb6`QXWWm(= z8O}iX;VXPaxifH1QAysw6HlFZI6U(){e1ckzh5ge+I+}qW{|#`d2XcCJX#6gjfCdC-9-$?yfYoe+`50X@OtE z;QwWze?5bL#{$2Z!M|&PZ({K8S>U%Y`1dXF?F{|{3;cEl|Dgpw5st-=8b8ez_+AYD z5sUaqWAGnY@DE_{A6wvuGWbs{@M9SK77Khfga6b5KbgUQW`WOV@Sj`YOBnpQ7VW>7 z!M9lOFJthn7WkD6{tFBIoecg!3;Sys{6QA@rx|=-3w#5EKiC5QCWCK-ZBT{yxY9KK zV6MTBntvu+@NZ@CGcE8P41SgcJ|R9@|9lI4GJ`L$!1reGMHcvU20zyVKZL z{4EUrb_;wBgTKoHzlOozZGo?6@b_5YH#7KqE$~f*SL46N0^iK=ueZQ&W$+s;@Er{P zD~tF~fO9qcsN=`i7WiZa-)@2L&EUVWz^60#Z!Pdc82on@_)Nm9@$(Oh_6sujH!bkl zjQ(#~;3qTqe_G)48U5e3z|Up)w^{iA5(fXh1-^p8e{P}wat7Zu5c~MGituXud}G01 z!|?xLVgDKi|Dy%Ip26ds5KIssSDMD}%^cps{w4S;O;K#Kpo&RSGdk|!Ed*)KaGZ?&Mp+BDM;79d;oCUs&;g7e#FJbVB7Wirg-`xU# z3xn@rfycQfe$@W^Cky-<2H(>HU(euovA}O8yxRW1So9y9>)=PlCt2{n$LODIfp1~( zzgp$vcf$vLrwf*+8zz<;XaTfLu zA-w9peJuDh8T@`0_;C!rw*`I@gWul*KZC)iTHxn0_&yf+OBj5b1-^ptYW&1ow0|{& zKhT1ICE?ZhImiNkCxgd65o`agW$*`E;GbsjT`c_9z~FIBHdg)LB)r;w0So+l48E%c zehZ`jK-dKy1^!M3AGFZFmcgH7fq$C8_q5Qzfx+)$fq#?1pKhUlGlT!L1%4}o zUuS{uVDLC6i#7fey2<>l_P=v1@I48y&Ogqzz^5?y$rkv&41S6QK7+CUFBbTr4F9ec z@i&ISPqpCBX7D){_{j`@ngu?e!B4lqmoRudCx|tE7c=;o7WichzQ6*%lEI&6fxnZ% zpKpP$W$=X-_@^2CYzuq?;nn;x#{%ET@XxitzsKN{Ec#yygU5R^VvWCT48GJte|O}!r;p-@QWGz5)1q?2EWt-zmmaUVS&Gs!Cz^CuVwHd3;fdzzS08U zKzI@k-amhp1-_BN?{3lmnizbQ1%ET))%$7^!)ic3;h!r z{Ph<2WCp*dh5jiF9@i9O&Hrf({;wAJbi%9cf0G4%2!p@b0-wp?Z?(XWW9nZa+iz&A1WzifeTX82#Rz;9*nuUgN8b{bLw>lLbDT!T-wwKbgTFXkmXogMY_@zl6c# zJqfXnKZ_as`xf|R4E`ev{7S;B@z-pDU&Zi$Y=M7(!GB_buVe6dPe-i&-^k!UwZJzr z_|Gix?=kq#E$}T2zQqE+jlmye(SO_<57qU9FD&?b5>UnWwct--@LyW+_a(d<|9DSN ztno8|!GB|cAHwLr%>tjv;J>%Pk7MvZSl}ly_#Z9sGZ=h_1%57rKiDFEE@AN7E%+-K z{4W;xmLIx_YvZ>=UVWWF!*T}_{9uV?&`sZ8V>lu831%5MwKi>l1#Ndl8@LLG4`X8TZi?#i? zGWgjR_-%~-b1d*qa&-Q`zyjZs@T&bsS@i#241cKwe;UI--vXb`;4iemXE6GgS>Q)7 z_yrdDAcMci0zZMlUuuERA-vlD7hB--8T=&{__>V!3oY=MF!)6l_zDJ(&y>d6|CclP z%PjD#82sfH_y-t#xdpzC!7s7EZzQ}LKSx{SkIf9e!h-)zM*olnzL~*aWr5$y;PIK_ zSmURIvHxldy!)dB>iT=N1->W!sDX;V)&ifx;IFg5_hsBzyP78b^qyJqN_$CH_j|IM&!Pi*eTNwPk z7Wj4sf1d@ugTdc#fp>O~KL2>Y0^gIt|J?$g!r&jY!1rbF4_V+d7<{b-eguPm*a9D9 z@Q+yFCouR&E$}&nSI5sa7WjOI|1k@E3B$kE0)Gj^|F{Ldg5iI{0$-=>MgRix~*Arg-{ib6q&L7@n_N0fGlNHPtoW@Aew~H?I|#4# zpXV*`&K}YE7vJd3ll$S z&`j`JPY0^@e1e2Oe5q$MzQWV<*$=*9n`U~pI!;4Kwp@Lg+=0)ZKM6!`d#2Fw{Xil= zy)K%zI!@`zaM4r1W7W?9_=0un_%gz~@#bRm?}K57uwOIG#qZ?;N$UK^8}L^XKe;hn zi;h2&@EW~SOZZxP4#lm2PRre|&Z$u1{9h3-A3&_f27(XzzaGeS|DOx{IQw(%5HKf0 zitvA3|0@mnYQi5HM#_S2=jE_j=&$Vvrb_)&2#@+d$LL=J`#JreBz|lk^`p@^jj)r$ z|C{iKt6(}--SnLS-|tR&)c)$hP}cdsf^D4rIgI_A82k5zZJhpNh<}g||Ly?h_{)gj zZGZItiwys<2L2M__p|?K1Ah%;|H};jECc^_G1@=Pz+cbU{|du@HSz21x{>%d({sRX zGk_aCpSukDS3f8ZqhUCVfx|tYRj>i;%+wTUXZ+U)$Ljqbf2RxU#CMabpVcw)zh>Z1 z>=WI8-(dLhova-H8shJxDg|XtO~-vFwQheJ!;iM=_K!C3ze)TD`S6bfJm>$R3_t#U zsm@<$;O~f$f0ltio8fO__*WSCdp{%%_p={==ZUjFpW(;f@6_#IZ{W|2k^gA}|6+z8 zf4@`b|I)xegZTaOSBrsvCBu)u->LKO)`gG%%ZVT72kHmtJfEI`=loww{5f^P z|40M>Tg1Q6!xr8D1{(O2(`5fIQ~2@sH+B1G8~7*GO5meD{P;UPoc$FHKmPuv&i}rF zKk;En?AQMIJ1rc)b3k>(e#GyW{}KSt@ux8S`1_eUKmN`G$3Hek z{u>Sa84N%Eex}a9H#`%>@z0Ere|LJONYDR4h97@_Pv>7?;J+e9{t^R!4#SVXU#9cF zYv8{-M*g=9{ACP3{(hOxe-fPdasGcHMt=96PTl|23_t#Una+>bR5<=miGRG-|M6J$ z<6e`}`D=(jNC#v7!{6W1`M)>tAMuC;`t`qdz;petov|N(ze?vH4)2NN>_3C}m#fA? zSG4OY##6Q``{yPl( zwZtD(?8o0f()sZ{pPc`v5r3)=|0f3i4#s}`{S}=b-*d_FFD8D!_&WsfT>B><6g~c6 z@aX)r4g9N!f2fcB_?}6QKb`p1^GE#s3!VQF1Ai0oFZSX8yMcca@vHL>JlD|qyMmiI z|4*VHus=oP$79t`9N;Is)7Gb;xAFjpbS-bKIa(tQ~JUV_^AHJ z-yhKV?=kSFJSJ)M^$(qYwShlK{A&Nl_t)$EpBwnc5`T?UBm7_I|JcBvL;Py{2btfj^Dm$M<*Y{G;GK6I}b>Li{sT zawzNm9|3r-{f9FA`2Inif2n~#{&7jXrw{*Y2K?THe@(;d{(H%we>UmgM0m_!`2IXy z|3l#hEzWk3Ew}b^WS6O zzlr$$<}a%a{EfsPRQ!+cZ_@d{F!29C{C?xdrw0C%L!|%J@dMxAr1KvI&xvyFf8G;P zali2+1Mpn?2Z=vLu^-?6qVwZ()*Syz;;$jRE1(L`XP$vShxp6rXpDb+e}~SG&lz+4 znNLcfU;cjFz~98!kMEz*`SCehj=wlY{+|u}?F>J@e?jLz!N7k9@elBLTk5KAIu7t$ z`zO*1fYtWL_aEr|w;K2xiQg}O<8zW6e;UJ&&rj?8_?#Z+|D&IhR{G`d!AU%R9O3=) z=K#QS`VVFF$L9xi{ckkz7ZU$cwXvWKRd_zv8Thk_KZlOS{)5lI>HKlYy#3!2|FIsn zX#VX6{#xP>D*X8Tn9h&)$#d;D@M#J3^Zzw~=ltKn_#f{-*ZIFS@SjTj$NAX*rGY>B zP?^6~`-d|8vv=d|Uq<{c-crLVEA`~ z3v68bZzKNGJ=R9YAKoX(*h{y2u=|IEOj@{BaRpJqSCiuyUV z7w^B3gzv8&3}sNk^EnCdod1H1{wFf}-)Z2_C;kEtTQvV|2L2r4&mlaS84F$Vs!82OJd@TW2SXE6K=4g4#KztH2o==d!&@DC+^ zcl^Tmoxt#~HSj0YOX9&k{0|%W7c=&s#qe)6@E;u`|K|q&l??wRhJU}k`S{Bxem#Dn z3eRVn0e=zU{l?Eb4fxH3Kf%Km-Tt=$o{Rrl#{S8S{XJoVz~zr!*Gpo*{?`rg9Df7D z{}+aTvVngf@%!bkvkm;s#Gga{!}!l(_-`}tFCl)v_`k`(pE)2p|4d`}KQ!>KjgkKy z1OFt3e+I*!vJc<>EyV8^{{;s8PlWf2|HlmYaT{dAEu!{w1(@LZ)B>K1zqw?84jql{ zpU>ET$iBS&n~DD&4_kEqI}q?3e0|{epx)N;@7@@O(xAo@>7v zM*j;K{mTvf3yJ?Y51Z6g-E^sezlq_W$MClr_@5;Hy)=jE_HQxpCk~YHlTCQ+Kcx)+ z=-#~l8=sd}UZNTcWlbGtB;Yy!PZ|^*zZWw64;lE!y&#FlYJ|G|_Zj%-5`Us%{{n`8 zyMh0@O_G0sX1~t=qk+FHL)xE1c=Z3p41d=Cy#ISPNT7?SYNF1+G6B!|zlq^r$ncjM z_zQ{OFaN)4z^@~`-}z@hIKjdu((m8hLU_OV!vTQj>>oNfI{q$W?7!5&Km0}MaliS~ z0t0_G!(Yzuzi!|^hxq;M-)!K|Cw@16F#eV@{Ck6eod0Wy-|zfocffQ0Zy^341upVm z$?#7x@b`X60{!N1lMMXHM?|-Oh~Zyl;6F7+{+kW_=?s4*!~dRve=+gv<0n+%`DCQ= z?ROpF{rc}B1AYtP7kSvC=T8>_o@@V1vOkCL*#6fr_HP3`7k@KemcVxi?+V@iuK~~T zuOfbR{&p?HpL+n$KXS8VJkBL1iMpzv$$;nhGmez;r_P_QXZT+-@Lxjwe&hf12L2r4 zSI2+6S3Z%Hhtm%6Ipjdz{_9?m`!Av6T%p^4AmBOsYv~6pT^?-z8yWr^4E(#kDjEI8 z|7#8W4aBdG|9@rpKQr)8cun&AjsG7R_#2Os?Vm%AL;G)L_zypb_y4QJ@7I4r27I4J zN$fZNZZY7;65en8`4I42`)3>-oqum*>_5IQZ~raCKZ^Y43aG;K84h@kKS=!Q_;WkM z|BQkE1LFUa7VtX%69)cj;%_2tvHkC0_)8Av?f>F+2|UANZFK%E0z7Ab{xQ=3s{MB{ z{C|P~K@;`)*N8VHF$_#12L8#!50^(hAD#b21HLdu{7AS! z#o2!e;R`(M(f%I>c+UO?vOkCL*#7r3_P=i6|BU!ydDQdK?LRf0*MB?VclV&9^4_NsB-@I{1&>51o~<68{+HmQA-nHK~ z161&Q_5eKRzdF)iZNHBg{j&`GDep^~QV&~n`(+yV8;QS+@YsHzF#I(J{;P>!kAL0% zI}H56<7N9nc#9A6f6DN0HSn(?{^^8wh0g!EfxnFSRsVm^@Q*x_Z~v4JBqIzjo{!Ey z4Dek0S2OmvGW^#X_{S2z-~4Zxfxn)yzm4Jl+`xYe@gL){K05wBHt;tw_T#%k^!e}c zLwNuHgZO)C{CfTz4tUQ0iJ8&k-`5QP3Il%&@vqkSp$gBZ+Q6Si{ObJY8-{l5Op}hUI#P2tM?+SR%{>8-Kr0{oT_%AZ>KliBw?oN1D=>6}X z2K-xu&vAhyb^kRQ^q({)y8XH{`UhZvn2VpIKa+%|KKu^gIseTi{xZU2`~8XGKi|Or z0P*|H|7IHaTZmts|Lwx?KVsm2gZQWW*#CC}e@a%g|C1R0Zo>`!|6CIL&Hv&7&-p)t z_*MJyU1fUym}20cLHrYa?4M-d&tdG}gW+Fm;D3_%Aw76Ldi+0Z;4fqB-;?3r?O5Lb z-w?mw_}LTiod0VW`}bz}&ol6MZINcL_E;Z1|Hw1&*Au@we(uBYZ#3}N5dVc5zn;II zHSi~nmGPfLckX2K_d z&(x3Zzq<_hcL}e@uNDr@&=Yw6Z(_v1X22(YCAEg`;rZzLzXW)${TDOspTV?$;b>m} zEaLC)VVB3Mn`Qx?+^5D{j$dL`fnw?o_}R#1O6<+`>kKx1$fSXjg0=I82ufXAaeSb8uZuO?`H#l3&TH} z;lJ3xzudsD`)@wrIs2VcWc;h~lg04AZQy@|_z&=jpEnHrDGdLK4F8~$c>lji{G&C8 z>-P5tJZFCf@vHN{lNkQh2L6<9rQv7!*ng{mzjj=Afdu!659Ys982%Om{~Y4?TR;26 zz~4dq>iXGuhW~I_AmieH>^7;l-~6M%fIo}ye&??<0MEAHsnUNLivO}1{U0~*Urqc& z3GWI$ejYLK=P>+dF#Lg2c>ldX{C@e%0X%1aHSw$ccLKwIn1TOO;`f_>^fU0+F#KmR z{0j{HDc?(v``KS&;IC)+Co%kY82E=0Kb+opK6?9qX28!UykGnuGLCQmrGy{kVVB3M zn}P=X8p5ws4~DX?|7gH-@zX^9t0p|=pDB$0ZZhzX`#}Pi`S7nW@aLZ<`>)DBmEr%+ zz~4mte*O0=1AhnctNA0B;Xh?O-+swIO2hr)cP!vJ|EFh5`_=wCo#DUOz(0ui{rc~G z1AivNpU3e3!@!?Q{JpgH*M?)~RRjMdhJO~rzyGPc|4WH~pbviv;5q-#W%vsi{wW6j zJBfb}jbHD7_ZaYXgrDexUv1F8g3-T_(f=z0|1KSpcz2CoZ@=NE@&4~ac>Vlc#~%fF z&i|`Of3^P=G5Rkz@J}ZG*EIcg|6gO^ZzTRE!ejosfZ_kxz<=1kC9pu_*X@7bz+ZE^ z?EmWgZyv*+p3VDzIq~c5r`x~CfWMpYeKmmg)wu}pT>G_?{`HFg<}>=gV&H%2X9*nW zBy?1D^AL8S$qm{EHd> za}4}H5WnC2Z--(s-8n(VJ89QuC=WB3KmRwW_)s7FR~Yzfi9bWJzk=ca-oU?#`2FIq-N4^W z{A&DN#qg(3;QjwB@gJetucZU$Ai#6}?_l_sG5qBQ{%?riZ~k_vfj{}I==^&%!{2D& z4~SI-$MMVmFB|yN8UAX9KLsXO=u>_D@krt?@bUj1fam<5N&M>geI3J}Yv8|y_;=U% z_5S~q0skQ3{l@RL2K_5Y|9axb{IP=3zb7nkasGQFUPh{4`*j06=fB|D(eZO5!#~x) z?{ty;e*Nbh1Ah*~|5t|p2?PHT#P2tLuQBkK5x+Wq-^}nQoz44yR)VzOZ~X27c+UT| zlcfK1l=i=s;V(1re?a_@9z7qaRb@?O$i$Z(;m@FT+3M9NzzP ziC@p(di=K-@R!GkKjd7Ve>vetd#sOM|2q)yT>Gb-6W#y*&e*@nz~2<3|2G);bBJH< ze-API( z{CoNMzruh&j_@!%dOmvll>?shUq0#Yj=wm5)ie6PW#GSo`1^R+qxY( z@^51JUpDZk^pO01^ZyqN{4K<<=HC|?{ylPe|DR0!`uMNUKXMHC$%H@1@qTptxq#=| z&zTaPzcw@aR~h&h6Tjd3)k_9^HR1inzvm75r!e}z#^|3sjrV_DjQXEtz;7bF-}&q5 zfam<5!RY@6qyIey{vU|nul-jW_=61pn+*R42L65N#bti&fADnP|NRN?*ZygM=lqw$ z=>ImO|3wD=(}};oxBJklNMvKFfxnF5{};o*#=w6u@%M^QiBg>Q{UHN?HN*cd!|%-C z{a;P|V>G^a?fcIL{u<&}=il!${AU~Z-z5ISH9npH48SMAF`3$qCdU2`8U88*e|%5r z>3%-^6$bux#{Q2O{!Iq{bm9m1dOn(&&ISX2+Fzpc_a_X0QXb#_%ZOjkUpjvez$bu) zy8nj~zuNwvGW?Sa{7(|U-~97T1Ajha|K|+<9R~g;;veMkzVwy4X`=z(Z5J6o+3LYi z*8A_X2K^V4{_6bm3r7DgGx_#AJ4XIr4g3uZ|5k>7oPocF_~G_m&qt4+69Lb~Px4e5 zzpDLTG5og}_`f24zwzTn1OFuASLbi-41c?Uf6rZIOJD7=KDzze4E%G6zlQKQfBu%? zpFN9j|2v7_Z~R?rz&}cOz5na+`!L|S_Dji$&OhHX`uE7^_5Yao57PXn$4>z89DfGG z|0Bac#=ze-Nm}aXzpD-Sy$J6Ye<6eZK}P?d82vvp@E=F~e)E@)4E#9^|8|D|paQ=A zW)Z(%{!Rrv*M4OT|E~=Hd;|Yd;`htH7Z~`fi9e|HKU6f4zPov$&cOfA82KMH@Ha91 z@eF^$dA$GoCCm67>(hUJGw`S7b{9z1{se~qYy*EG@%zR98Gz^7KcDzrKV$yu%J4sE z;J=>u{qpa<2L8pwU!$~tBEx^=`Mm!R+)eubKp+1P1UzSd`ZVc()&3p~|Fs7GF~qO0 zpXvGYGXwq{!t3h~dj8KZ$=Lo5c8U#%x~ymkj#r z{@Z52zejk#_Wv62ocB*Ge!uvA+<-46yuN;``|lCJbN*{&^xuckzsFo&|78Y#J^liK z=lEL~{{0yKvkd$X5dXef{OJ5E4EPra?>GKe8}xUkN9Vs(M*r^&{99t=|H{Ch!tkdt z{4*}#+b^D8eB)>TRKRoXm%;EK$nd{q;7=p|UA6Yp<99$Yum3>8>+P@OZ!qA4g!h|2 zzhS_iP56O6`o98r&VND1e}^#s+h-nc{}sgVH-G5`c#c1Z;Xjn&|BHeD!5IB_vjP7M z;r-@+HyHFUBmLF!a{#0N=LY_SUNTbr+J9gP@Bcjr?|1$EP{4EkuP6O8D1LDMIEc}I zk%9j-;=jZv{w^}`w=?ZOnBo7(!2dGw!}Q$q(fi+f2L8ku(ew8s8U6!HdH)aDQ!@G8 z|F=Kjq1veRzii^KC+*SyM=|^}4g8bn#UXzEKi9yYoEJTQ9K-P6W8lAn_}%%p+X(vj z*KWZ7jqtm>K$3d<4VusUzn1VYJ@R~Xe1E`m{!b_S%LtABKbEooQUiZ#ie&QRUtr*0 z#qb};@V{l?Uq<``Jl0EJsheIm@Tbg-ZvW#M{=+Zi{a;7?usrAa=8$vLD;D0AZ{vQqe z`LksHQ2DbN{W{msPhwjbJm2E+fbfxm?K{qolX2L29)e*(k* zqk;b&;`hs6BQNIt_ch`D;%|`wAJ<#@-!Fe%1bEK>$@#MV)%-Pyv45k1zmWL#^FMw3 zc-Fw5N&IU2pTqDEf(a^@Kd&PG!+iRGf53D0Ph#w!%;@twt)du`X!u#c)TLI6t zUk79VWsLoA8~CRXzhC_AvxK+5i12>#*9-8R{>kS@&wrLM`sW$=?<9WT_%q<2j8Xr4 z01s+Kt-qu*`deBf7BJc{bv#XaX$Pb0MGGHB7XJ!sfyu$&A`7rM*kgkC9nV82E6XSN&~(w zM*M3A{7Zy)?9(`I)U%qssK z41fAE-u?jxOaJTRmmYsp4ET|R_nUuA0zBuxe9~X-KX)_w-(ujONBn;CkGBl?P>lM& zZqR=*qyN2({;5^G|DPd#*M2t)_3`6o1O6?-`}N-&0MGeRs$JoevOhW}Xue^ZS7Pa62s=g9u6 z@;}1xe@p!O^)u%X>3@Cxrn$-a(!gIq{A&JK!|?BO4d4DFiGPshZ=Jsv;Gx>6`FkVr ztMkXT41Xr^>+L_6`2E`dSOdRPB>k`Q*D?I(8TePm$e(B6&tUkUWcY6}@YfT+oX zztO;-L;Py{Kh5xOB>s4{~4weMRE`gg>r|K|q%YZ(2XW%N&}mhr3WpPVlH z&wiS|y8dGbug6~o;q~Kn{~r%{P%A3_+nM&?!02B<{JQ>`#NW$D|Emr9Pl{3hkU{^n zxzYXSc}D-I4EoO{{@yIP-)7)% z9o9wE*iV~4>HOWUmGP(1J4xdtK1~Zi9Ul*PP|L~GDyZq+Q*2pD2@v&vnbChg1OFg= zSu%W99Uw&bpU%IRfj{#I$)Eif2}S-_82*6<{@3tji}3ju+~1~tbpAsP{MFTxf3af! zYYhKz;?Gb?pj`8d)TzNyZsu#cY`mQ`c4Dk)7%3|>h|A5{5rmc@a?0$ z73lcYfCslYncl;kbn;)_P`LyB_cr4{v`6PgMAIHR7^QtJNO4K{Q5=5J*C*MWWNN5>BuJSfu{qOuBB3q;k9`9EJqdqUev0JNB%dW&PjWrU z4IrPR@I@^>J&QTcn2KT!EckR4S1H_4ws{!HcVAb+9quONS;G6psjoj8&>N5DLV z+Y&$qsEp?hxUCz=L@IYD*#qRCsN56eE>zwXWD=E=LEY7XDxVJW3@V=qasrhnf;@}LXM>zX zhq#d#QXM$@@t@0P^otevsrt zAZw}oFv&+iK1$^^Bp)NW7Ubhpt^@f5m7fIp6qTO_xsJ-ufP9w9^&r<%c>~DjsJxNn z^CVvYxrxdRBwqyi5|v*DxtYqZkbIToYakn`{5r`uK>mZuZ<72c$hWBcHpwQE{{s0A zmER@#9?18p`~k=hsoV_mBPxGP@)M9-sQf9(&q#g_vW3d6Aitn;8_2Cx{*vTZB)=xv z4)Pl+e+%+EDsKb%J(YhT`6I~=kpHIgPauD$@^+BFQ2AGozfl<{E^+t=c^`k99%UDh z_&f1f4uI@RhiTAo2HL zvED;L_NVe;BnN;zoXP`94g#4$<-s72pz@I*hfw(_l1GC)hRQ=h;^`!E4JUalNc=rU z+;$vD{B1-mA5St9r55f(%mmB$6kC#NUg8*az4llsa!^K0m+L% zUQFdnKrW>6r6d=DTukN5KweJea*#`?ycFaWRK5~q1(ib}ucC4#$YoTn0(mu+uK`(2 zREVkatk|PLg+l zyqn7RfUKeNy&&(S^8F+q0Qq++KM3+6D%XO1n97fUe3Z&-Kt4w0wIm-0Sx4n3NInVj zDJnk=avhbQ0r@PI>p`xk@&=I4QF$ZD=Rv+e~z#evM=! z$=5-?LFIpde3Q!m1o;+~-v-%4<$r;Ehsy7gd=KRNRQ`bEhaj7&{1M5IL4HEzEg(Oo z@@F7Fr*aF)R+3+UY@_m4kY7^yE0SM>Y^U-!Ait&ZcOm$ls`pC-vBu<3QqjPq5qtB))?L%K?)3PLOU?#`kk{r!u}P<4;uX333-I z?@AKi1(8hU-ALm5751PqzUyF5D&u8@C?>vM-en2HB6w_>6KomGODu{!~7UBtCauk(M06Chvf7jEt;;LZf_!_9OE*N@M*<2?`;u>Fo>Tze~_?8*L zBYO(HN`|)``CU@#Pr=Z0qJFBZty^ScM2S$7TdUNyeB-2Zr#vT(zHBQlgat$EhJt~i z$A-Xv&G^gK;l`iP{PDr6rE}qnTb=t=w{B@R9#pkL9{ZMZxY$9;RxZVg%j*N7rDLE_ zDgK9#4J{2~CFSc-IHkt|*J#|}x~*!3_(}>zY2Z<_Qq)zs0{KG8QU>M5U{x>yifDZ> z^g=N7nsAZSrMx9Bw81@&+CggNX^I7H#bK{Y%cEPv>$XUPM1ZQoN;7(mjsRs#UbYci zj~WvKI4#rx;oBYzO>7B<#y3}FZBJU8wY|JOZb^N~0T4v6N5(7KmDLhThX2jM%89T& zxotl@pb|I99qqxYZ14>n5K69oQN#;SBtswRfUQ6ztAbr<1%?y18xMUUGcgVhs}3KB zRiK_&4YF764jgo(Q$0mFk|BhCm)tq0hl{B}+n)g@K^G})R3pCwx_xCs?cZ6h~jZ53S~jtW*n7Xt5APHcqk2;L0GJYaV(&)OO%H%pJTyUw5_)XgHc}>AyD_h9!#$??Ux+fmWr;C={3w5)cYUm zTfQ*}9WWf*=*gkr$%bezg1O`;UoS2PFP0>$`h}ir3q183d^{T=^3+j5h7qVV6jV~% zR%irmTd!+XH4&=7(J1V72;^oM%9@?hU13jH=eBGhemiVICE%*Yza6YBh5QjYN6anA)%?c zhSJ@khUVZVggdf}r*o9hc9^!}P+)4rZ)$Gy&o{|nO@}A{MZB-}VYenVQ$~*b<9Nf` zjfd=vS-NY|TA2ETz6~bbxnXEz}SXq5E>8${kKK-jl`=b(3-+ASH3Yt?dd=!TQXcZ zG^z*(7@@#j)YmassH}}U60PjVCVeIy6(xWvu9W&ck=|Kk1wCq7#F+^r73hU^jLTl7g z6>@qVUyY#=8Du>Z=ede~>ipMZcVzGgkIuF;ZW)u8ZNxV7^k&FUEoUxh|v0^wI@JY+}^#R;)Fz)?i~yx_wgYy zbX4_Rfyt;cJF)!ZF5O?!>vyw?%=%)s2Ngo&4FEDo#v&jgc3`fanYg|sUQ{Z!%duh5 zH^2P`;~*Ui>I6ga?l%bKy|Ii_NKq+F*HGIHZM!I&rJAAF%RlOZv&Hg{w|9RDri*xl zLfOICVaiuh=~SqpgQ!Qum8zZUw(mrzig?-M1w2ClKYPYLJUc;^VED&m8=k(fIac_R zt3?~RGaxH88O{Wx=S%kl&L(I(5RKrCVH=XJt8bexHp=FJu|@8}wt;zm)kOHiaVM-| zr32>*;9|he-1b zhN2aO0WH#iW@*6k`nJc8u9!@Ocg5=;)5&Q!7;9JX3x6iXYY!w|<+HoYjtv!&w;S zM87-(i+w7z-F1{qqOyyAvK7ZHkvF|Iq=`7hT!QN>s18?WOYpF)cD26i+4{m!3kr&e zV=HS8D~Qvo$hQx0`*2w?1QCp^d}M^J2fNMIv)1Cot|Qc5A<_YP9y^Sy5jr4g?Zj;r z7+7wEjG8E?Z9@TE2jrf$geJL`Kr0Y+a!9FzuieW({|Lh50tUHC#|i= zu6xb*z+B$ZHK}T&C%g*Fxw_Pf z_e#Ph_$o%wTr2}a_wr_39Xmtr%J6K3(GmFJJhuU|cs+Q01$ex2Vm%zxAY zsW`?;TV9F-TdLdgWR1zVU7i;xrna5v$sF=faBXDPEKn(JecYU|n$HOmnVAf;)TAZ< z0u!H2gMV&D3U2BmI!o2)#8G%NjB`@x`SDA)lIXogQ|L? z`Qixh9@dEqKkk;WvE^AC+MzEm|O3K*ABx z(=0N_#Aac0#31}i?FYR!l(k*LMS}`l3r=Zay+Y(0oYHo$gvIgZI7kxBAjF&$7Mcl>eM-c7$H%DpAw6}g!==BrgFw}GK@*`6dvPFY z3y4)KWt7Jj4RV=SuIf^P#a6^jh`ILA4WY(RRzvy12B&0KXx#N3eZVuVcr!2@rDo(S z@ybIClPRH7D-Ld0K~P*@sKuCu8SE|ft+%r~uB&gYpdB!{Ll?-Z1?kL88niy?#`@Mm z+LyEzeGa-iLvb43Iw4${$VfeLr_4^JX_0bC4>7H7#fK=RcKA9u*bmxepr9avb!<2P z!&;}z|DR#H$4c?Q$nX(9uo({A2+?1N2SO2gL%k9XIP-7Biv*S9o1uax&)oUV@`Z0Y z3rIPfcj9+<+J6ajz{;$R@^qsJwWQpHJzT80fKre)WtKhkxlmImYjgR+%}z;TW!C2P zEq&TBKf^J}VQe@^BZEv5j1kPl6Z$otw)d8o9>bZ}v+k|MF!tSc#d5d?6`3Vy$F{?< z9WfrO*Bg7ZyCE(|EjN^hWi>)Ppc7m14t;bEbp>(8a6fE|CCK40r}frw7@?EF*CNQ5 z*S9V)?Kq!yU~nS@gMDVw!1YNt*NdsHC}(YG9Zko10v;+pEL?F^!0&^mc)J?_egZw^ zjtmrhq&Gkm-Tz4pk-ixYyc`a!oY(+CHf)3I$>qR;QzRJbO>qwAh;4JFCgG@+Ylp&b z6vx3~&z1ItqhMQd_~3BdMlxSN(SngU9<|frxE*MXv59Mc%H?x@wGYE-M8ZyAY?GI) zA;gx}m(scUh@iWmm_ene_N@{Z)vH$E1$XfA^B-X=GuO1owjGbtF>(DX))lt41PPHT zNY3`c7pTLt4CwnA;n6-c5oUCeTP@@@S21S;kC9bpLkqyHM>TYe+yqvJNBnTI#)zwe zRl7|sEzKf?A<;UxjQ57TWCJ-jS>*p<uro^0Z2TUysuwH1RXEvM3nN+9V< ze8wh*j1jDoUUvh%YK3SSYCw0b++FVV9NUVw>O-sHLN56w^Y>IYPOT0jN3IalMA#kL zw8*La5Xil^WXPK)LYsn>k5QC~J2c3o(Cfhv#8cQJ^=6J%dK4ja(|W4k0f%!3%nT;Y+2C5!ia&=8#Oe~Z`!%X1v$56u zZjFibJ>f~$Yuxg;?*Xc#l?&Jw6hdXvL0y{n*c;I;2)#1uJdL6tIv-#T#r_D_PtcU; z4u)I9Lo#%*zr(??bTCS5q_?~WW@lgVpv>vC&Xhr-HpU;!xJ``Yt^&`%*}kyn{$*?OYfcWSlU7u+y5UABs;Yj{p5 zla_o1Hn(npf01~$4A=ibKzB^V{-R#HvhG6<{&(y{v;O0K2p1J8a$z9FKJ***AxHM1 zM^60X`%v)zI+5ip(;akoxZ7%-2Uvi^Sw^~b>I*8Ab#4#&@b9=Nk2_9DB8{m;ytj#N4Y^pU=vufa_(=t=p6KRi-l zl~G(6p4S6zcpFgPiZ98436Hom`)$(X^UOg#eb&y*HUN zYlmW8MxIVa_FB(`Rzee6oJ~|Z(E9!BTOR^gWaa>CFl87lu;T{Y5!w)Z{R_OX(0v1L z-SBPFr24i+bUe!x4U|X>vOPH)LId7wOpKnjd*{Q2y}El#P*9~UHhhbamz#ad)9`wogVV)#mAi( z@?n3=yB#v|8e6Dzjkb7EnYBh-M8MY@#E@e~Jq@mdtOCpSH1xvCS6}tJ>#B=(bxTQ0 z?k0>_W)6s(*kM`UfopkqM}TY%c}-(PLTN@2uSZo*1cvY``Y3#(5-eZA4)0>slKRqd z$S!K`S_)5`crH3Ydy88V<^FE$e!K!F_CsCW@C{CIk@6|{?_@36lC&fN7aqk0GMUC( z@f}5~y@0~2@{*xTX&=%+U+icc29F}vm!^ad4V0+FJp^&<4N$q@Ze12Tje0(~IwqPy zVH$i%u4avoir;}}q>8Ojvcol<(1jU zY$$x4RhcV6M@a(~xTYnwfbXy@u6~CLFA%xz?F5j6@Zq=c@sL&E(w%#&0k)Ir$-jsm zF^@_>27yO&BDieUwPdpTwcF0Wil(kEw{$J3^V0EVvM{*9E?NjI)1^(+XnxmBM`H>BO=eOn<6g_T2_xd+y;$;M|vYq>>y`Vu0T_um6PFUrP&Dw8NF%+?ow+AEp?Qt zBS}9PS}LlpS|NozEK(_SNO<_4wz?@E9+wr|%5!FLoStD*bX?V>t0TOzcWFJFfnodr8L zu~v$^FQDac?1_YrcMh}@2N?9NyTbk7c6@cD zy>_U;$Y;%}MA}yOyCXql@CwN>ipH=idIv=Kya+gCje1qkf8l-vp>5k9pd=1E?r;&5 zy+dI^qwQv$}PwgJU=7HjyBd zBa~E1?F3q0uUv|@xG;2)Fb-lGlj#%KAKjf~A)W(qBc>RIiLa9pQyZ*l#FSgz-V*zW z>A~TMi9?Y4Bv&URrf5eoVu~8vAzSVFY1pSLX)ISqOhS05#Vy}*bgjHqjJ}$m-6?=; z;{U|)6Z?QZex^tDi(qI))BmFGfwlw>6TKv=cYy8x*E=A2{9o?~UbYc?g4#ROyIeyP z--DMi!EOKV!4T7|O!)8#7x@foa9CDHDZas^u`NN2L-3HVa>f9gS|Y0{?y8Rav^tIa z!?L!)GZ5MxtR0c{1h|7$PLWq&ii#eitsi1%qBE4k?tV51Q|D`j*ZgPq9zwJB_13)>`huBGjnGpn+c-E>pGQ7j%RQO68albz7 z4nNZki<kNX4BO$=H-&YA&^O`}p>O1?c)t|5#-p$4 zoiMsya{j5z#UlE+{TbXxO3QhIgsAxf=dkTcUhveB88!*-s>g&g4j$wR%7=|$!hsJD zhn*2=R7^Szog|&`l`haSLuXKv2)!>&X$W{|s%J7(4>#{Ggt)*LO_esEgm0*$c@Q*E z^nJo=rgNW21aly=LhypH(D>*l6P345i3WtDh(I)8@sbmC%2tG~k#=iQPKqS819Mb|7K_H8lmVu;-eERJR zGWhVy3)BwXmta~>QP$t(Dg9&OEFiQ3hZ;51<%1u%Q#s*tzy1*?d~V%v!k6lv-^hh- zr3G8x5@$bhl^%*t*iP^IdazO$Bs}k~-#;ctQ(E;?n;_^OqOXEf2fYjBJ7rNL0|#}t zc_NE{m_(v8h14j#n61WKhMK9=rqi=j2vaIV9}Ig+b~GlYFbBqC8IY_Dl`e;HtWY`R z!?i0hHehL-QouQQonqp0?3C(CMlAuSMJA zPEWtDP!1MV((X{!1C?3JLs>PISr5QlPKRaH%saOdk{R^>NbQwbHC5U0aCFwn$Ts&RsD7(fNW{#0Wj+ zu!#@1Dv8hi`bQ)_w{A#$nL#=|kT2#5f6Gi1G3V}d-yT92J7jNY-47Qky!i?$z}l6I z`r@6WbloyMu5yRT#8c&7Q53mT=^{+U8X`@kxd=!2ijr0pzDf07(X%Q0x}Do|!PJc( z7zL}?9XMkQYdcqPd&WU}8qM{OqL=r%kX_#;Rm|u z=C>>uc(_|P!Xu2BHNik6dm7wxq2A-7yh&n2K-=fOIgPMzBN)8sq$C&qC0%m|s08;o zl=LX?h%Xu5iqC0-${pAVp2X(@@Mi1au*OSMXe-|2ycjktqzjgX@-~$`Z8yFG?R4BG z@9&ehPZu9STN2&-TJiM_#k~nDeRK~*BTilGV0d)ec9GS0trjve`wM4GuTAF&oA9Mx zVVjO@#XES20&mO3ms$(^LL0;@G~l%p7aEKq4`Zrs5jm_RqpYW_-yv!RWh_E^=U#X9;8%l>;_3%|q?iFe1*J&cp!Pz0aPZR2jOol?6DshWE zE%ZD*uD(;pb6$uGt;$Q%X{SnG8xfflN5~`RUY+j+O_-50ylfKAc{sORiJ3XH zE+5C3&|^6uG@k_F!C(P7WQ>pa`?4t?tzf`qgNEvwMWWL|J`&-7Wq;cx4_hnO_^yBxnkP0 zDYGvY)g0;0p4_aaxInz#I89c8Pu_WOZf+GLjM^+>fny3R?<(0!CK{RW-S>VgyJ3`w zC<(>Bc=c54u$~o0E)}_Ve0#10SZRqp$~7OB^MwKM8V^V*|8bqmFtI?u*Fxv7!Bu2f zu3tGWG#;G-jhs~x<#EU`uI}C}0dP}_S!Ld}(!8tMysN^r3)gWf$Jc`Ppk_EngNwr+ z*P459TmNu=jvOTM?ugywTI@Exx(b71N)3dOcT9mh5GFB0OXX5Ah`0^}{|2>9l@lxE zOD#dqrC5c_4Hhp3wJL(gW>qIG!QZCEZ#W4$H)*MOe6>8Q0w+RZ+rgy+;Dw<85Ng0R zOu;LMm{DSu?A9wzRW>cX1gO9YQ7KZC;3F@hszH|yb&JCm9bUNtj|?@gZ;p>^jH?gf z$|W9_^h|wRV|hzPNYoTWUD_TER^EzZr^G-bsEdwb-7Ip|URg%N8ifjY$A1OP_~7@g zCJI%ic;`8|FwrVjPrPnLA07%Fsu8uTQY=?OqP124U2hHU#9NpoTyF`(T1yn{z|tOa z<5b!R4Ye|CLf?pcaQWjnbg_&gd|{S!(;MWbVAax#)dsJs5?|4p%F>nKKIldil2!0) zUBYAG!9{-M{pmq^I9l(66S7GB*M|wXnOAtPvX&9iN!jS3Q06&W*9+eVj@?ID*Th^J zguDdZE^@tXOepK==v>qgQ5a?=RpMowpk~-BaAJlp91Lp?lcUPazQeMfhP6;}8KV*g z5bu6*vLN#?udnt?J7Of1XAa8!dSF5(>;e6}FEN$#HqZx``ypMr4I0Ap7teQTP8Dod z%}H8vCq|>#?4~F2Qfhc7eqT6iFAYL9EpD~q0in`;VN-i$b{g)9)Ft+@dr-NyL1Guy z8D9$T`;62HbH8@^J?v#+jiOTPU<_l#_{|ZsT^~UYhlD-e^P*;&Me76DJX{^ZtFy%}=~Y}&@wQY6ywyLd z#x&{ii8qF;3WE~d6tuy6r6AL7C$$Uy{#Y*WJeChp zJtRD*2l4L@)iXK`RlH#xS6Mqk3%5ZZ|2C=r_-(L`nAIUxS?y5F>L}Juz&i&X zflCaqEZ9vvt>3mM`>1~B^+JQRLvm@s8peZSu1>vh1O8Bek5U5bHRnj-?j2GKhY&Ow zC;6d;+e4)t@Cyuar9&=T*n!iE(!-vCmWHmVjDOzW<5Bj&NrPM6GYEbb&j?y>f_9qn zoLH?FM7U<<{YfD2;tAM?X{tSXD`aU@#`?1uG*|?GVwyx~+=ib;;y?V8+uKK*_7}`a zJ9%EwoZ-XI$}KF-8$NtS>DA59&XOVQ*o=F#Nm=7^hFs(2T17F5_CpL}CEuNJ(ujHgTC22*a@HaCJi^aKf zX5~4wZz8*MMo}qpM1g=y=w?s|>KfRIIxeR|Dd>#~DSN#dDLXpT2M_C1AyAh0!_h;? zO?xR3-8==-=7B9bNmsFrLetCH33Ur2-Pqu$S_7v|*_ zd;0kFqSa#0a^WY?Xg;K8uMUJz%p5*EqVJ&&>3H06X>;-} zJQFGxcIkS$+4I~f=?d7SMf5nR;0qwh6rislvk93tJ$DY~uW5Op!mQkqg89*QD|m%p zWNot&U`Z!-MD&mi)QL9H^?+B43g_pYkq5JgygAdMl@&FLrk$5Jy~J%2)}K-M^Ya!A zNXwfu!?K>4;K6hkI{>C5rN%1KV5%~ww6M@euh~WO^Ty}Ro|fkgOU)+Tue0(>B|~`3C)VPaG&}~U>#j9$(gVlJi?QOYIFzie zxzKfNSmaSLigxb0h({-Pzvpa1Xi#1c=e@Mbf*O_Ar)l34J>ThAwsv7 z59y!Zev3;wKk#y#b75d@oU1iK7BRCs*!G>>tQ-GW!UyT0UrbT;PLv z=Z?6*3-QjY2;35vdSe%7S$yEPc;~M8>*2HvRNC#wxGcxn93R-2;9S$?O}Vkx@qv}` z&cxJT;+%znPve~1NRvTVgRTMR{kXv00jD`Wuqog?*(J~taK7j=#c`SvQg83-EDi)h zU7gzl_>(M9|H+Gy`i8jFmIUXSxIklq^DSt(S*Ry0cS~|R;#U5)b@I$w$-Axt0J|%D{6Z#;QWBKElWsU-ql%? z5ZE4Ymb$eKy#`geD=xJ0q0)g9xxg97pGnyaBhkV{G8yd!{ec=tqC{}!0}%OoD~Uye+Ha~ z==go*@y|i)#|1#OpW*^rx;P(_Qay@`mWoyqD)y1bHpkXarC z&7){gnW9ouk}1lNR63(!bRo~GG|KW442$%$Z&~V;u(f5_eb@K?UCo^YBsM)9NM0i%elzk`$JTwDCz$?B zuI$;e=t~;&U1`~c>qTdmm8~g@E-zyT{-A6(QA#^2+BU{0RkmL=Np(wF3w++MY)o{r zrpcHzw#}tERL9|7lFZZ*{W80Wsn;7ayZ3#?m@iG)w+4M5-_f7>Pw?^hep25x#>~l; zU6YIM&fs-B0N3=>_-vRG-#w=x@Uvu_mr-F#)vEHmGi;Pq-Blr@{SUUUh2 zgd>vIn7m(d+rM3ER+h9yKQC+cGD{xNM4#|ZE!qCvQu7&kcb7GLtt|SeIPct&?bnhm zosnlh8iP#4hJ8jy5vpTq&V0s#T#_rFn~UxWN(>&I2*1^5Cp_XW=C+)9I#>R3F8Uy$ z{W5z4Q+q_&!R8E8cD9M;giaw=2SeK>#-N|#?TF7OsK{+zcAUAul+QNNZ3!azR{&fC+UoJ6 z`Hb1Bm8G27gN2Tp{e$`W*XHlvg{M|6{&oRWd8>cL61T$uw+!5~N5gp!X}McP1UIgb zyaM-4v8LkfBis~R=bx76riP*x$=d~z^^42&clqK!_4T^@a^0E#sZIZj#;DI*9n&c>U$+TwDB?QAKHT*ZKd7J`ilDY>L3&fx2cW!G)08Q~dq+01}C@{>jX8705gX56o-{yB|? zH;*I!#&D|9&`zfQS&c@t{~_%+i6azgJ3;eysLUR++X40LtKp9)q79^etKQ`ww67wW z7DtmYah3jBAxvkGqBL$tMmCf-XEjILaggj+h1gV ztL*9kE^-ykF73qgZ@liDOI~n^44X?e)!1M6I)){%57&I|*4FUSwpBe9pC zxOIgjJZJ9=_|g?2d3Q!ZKJ+-`WSOh-zO`FBkvb44REqvj5{nx+t z9au)IZNJt5U7IgDIyfD_<$5Rd>kQjXf_kd9RF+#UUR|lB{?>Jr`NK>3TU$gYOjye@ zBa(J0G(q%?bFoyEMWSy~K+%4SJu>9SPG71&&Kiy)ztJ4mlCmQ?hHlpk8lf-e+ z1Qu}U-HpQNiM>by9*n`6GNRAQh=DU6^21M8cb2Z@ugtk<2*)h)@`&uT6&gmHmCf~& zHH|~7Td;b$Ok4c3>aKdd|8=!+@mgvjaT`bPFa}s%O|e9%_G3`jMSdZglSaWs{Vb|p zmn-L_)!W<)uIn)%AA{=WMVG5m-_GXRF!b)Ap`eJn7V?{Dc@ zZpD&nk?fgC^Gjd#?uI-Tq5@MFf3ml}*u@{*$`K*Bvg6|rycp9WqRx}9px1>Fm(|aZ@+LH2#k}hFBS84jdo?p=(#Dy?Fy|f=d|p_!`hu%@ zNxR}O1V<*tmp2cF57mHC_-r7rO7&H4%ed7APs?y*=jFvN)=k=QSGEUYQ<6OB&vW^J zQILeMsmt0vE4N{r@|G5=k?SYrJfT;1$pcvWUEgTuXAOF0OLzu#n|{DZy@KShw*_BW z6)=xpNma$VK7e#gYm|*%Se9f#$HN2u@)f<98-{$Ya?_2opQ!!5c1pRXs?utn6jo@pQv^#h0pizfaxRzi#U^%aH zMY3F#Nw|4QPw${B;zQS>g7u`E6J36YJLr6Yh*?<1gvY$#q-uCBSC&$IipSZ+r(uUF z_G4e2;Mo;$&T<*RaX&8XFEVKCvJ_Q=p$C+pYvWb0T%>PXJZ@&|8G}{&&04JE-@1ly z-SX~%hgVwjU3B?Y& z*>+u6UW~LecWd;!%G}7;4Bf5`6=%K3-4+f&mAM&8FCX-pH!OqHm|pKT)!M`LZl|;? z7qXCXs^Bz!4d0DiESBmzq!ava9w(BTustRigR*1Jx?c-gr~H3YwgTT2u0Q|dc9#DG z+ZpXG7`HRi3$hDmg+HN0ZU5jBiNSt`ENGo!XXI*o6-yY5OR3hV(nZIe-+R558MAfm z{G0ER9Et&A9x4y3tGzA@Rk~{q-7EeGcL%yL1S2?y>Uk1{mvt6CO5_Vu5R&~E)epDR zaAhYiW$+6}NMlN%G*;)SX<<2%F<9cthOg=MTDXp1#%naZh=VT-d2G1^&&fTvBBwc~ z?p-|HPhMvz9>D_rD5bc86EE%Thtj%P2BWNmY?g%YCZ`Qk`z>UP3W}4Fj35b9IoXAG zW)`kIVy$9-e1=j`{e{%#>8#lc+RV&t|D5TiCTU;(<<35FVqm z))rF@myboK$HXE>l|f0plwQ{s8K2RM8wC@xorW|xSg2V>{DSp7>TnfH5p?bF`oIo^ zT*(%=gv+OFfV03GY);i)d#*KWTZ^gdoTO$~i{Ytjgu)eVYT3#K8T!6!fgGlmAPGZN zCftBxG1U<>3%QbCMVDe#*;ZL{=8tn^VhK&T2rcT+-?6H#_No9C^m}G27r$)_BjJbC z)d9v2^^3-FG3dCjPol(ud+9ar#A0#W?7J>C)*y~yYm@7yK!pYskX*D{(y?0jyJ`9g ze68&U{;SHayOX}hR&^-g%V5>4u*xz~4@`vfQD)Gbg`AY8%#UhMt1bHyhF=DFeggA~ zU={-%9P0G7KA8RLrb+$guY3Sut&Au~YlwznttKiblW~wqzxkgWhsW?N$YsDn7|M1J zQXv`XzJ`HwD8?Aaej-dzyP@*XPEi27$tSEpjotYsjPfE}jipO={}9HwbQ~4c z)Ek}(CDGFgufg@F&f#!hMo6Y!$Aa(acqD#CS{wsoL!nl*K;Km2n-?1aOz^aoPok>U zIvu$Q0uldY+9(_~i~NSn)G14&NyFgpWyk_G>Y6y)FiZ{Gur6%)W+(8Zr3HNaeivT7 z7HUAsHPXT|Ugy#v6{_~t%b_%!-I}6)SICf&y5MG*hRX|QDpwp#0yS)p!Jb0b)8|3i z++yqNa3Lz4hkMY173WsG+0IwL$(yi3L|=P49DOFBBk1I*+!BDWs=OFjo;IvH>uVA^m z7SCMBa!Gf?QnVWHO^~t|dT(zX(pjN__lnkH?P9?px%_7 zzHl%{=XUMwaai|VFg&vRXK(T(v%Ic8dWBO(_N8x}@25^#6v;j0B|f9A`Yq(%7`gN0 zn}V)Z<~x!sPl7&`o&=`%dlwY~pY+eyzL%fnGIhQy2_f8H$5PG+Z3Y*Wa+$t7RlI5k z%wFlW&{|hJZY}A@Q!XH79Q7jyh5?MD@_0Plog{N;RXg`SnjD$b`mEi^Acv?;RdYo5NDAhp~%i? z+ym5ANV=*pWUQ?>NX?*D0-w89BlV?*KOj?2GUX(_$+jY`UEYtH!AoZzEViw2Yhxf~ zOPsWa)H@WiE)<foK=ltaTdq+mEAT<;f3nBgIqwu=t<(V8){^yP~jB#Y94UL`t z|9A&N$E$NIo{|abPad%H|J4K5@5}H%9mG5WN zWIj(#{RLNz=%e-x>8oeR`?&FqBMH8>3|8^Q?{5V0T)DR~9M%2Kqir!fNj>B0aL|m; z2hI3czO8J+d7r!)@3^!h@65HKHhdgdnMYC{wHoUvVaiKr1O_tz_bx}50 zt#=y$B`f2=;{NTPU}%k3vs*omUmHXitODN_dV0u}3)?`GguNNeSr)7axmmyaM16QTKaxvo(V6R`|e$vv_7BF~@(! zPCxhxmouwnTSEGoKHXNE)LGcx{wM7J^IgLEkZq=|FSq?+`&5CYw&51nZl1mci;_zjgM=@^(a z*whoga&s1ve!{nHae4o#t7{+I6A?tV%w^di1dAkvOXPIJ2Z zC((R^WD#aEEa+<6mQwaL^syrcoSrm#XZ;s8+)=X6qYCDDcTaV zqn_L`0*W71uP zr6R`*IJOEWB=Ho~p-tT_tV6cpL!sa@DEO_rS{C=agLk6l^O>|g<%8Y~zf3>d3ZKE2 zJ}YSH)BD|V>XbVo+3+ymwTqQpruuJaIP+Kj6-}J?V;2R!7QrE)!d|Bzy-J_53W-=p zG_&_~xsi2gI4Q6na`VX)Rqh(5Y_5S0r# z5DO+E*KvbRi=lEYZvt)VeXe~SHENsdR{d7#3v%rK7^;-}1&Sw`78@(&J%Q^wJR(c2 zyvKC6os552H53eVtal7Qx`z*wEC!2eCfVw*VuC^2|4jAbN1OUVJ$WRYOV`wuOA+V( z-*q;tq+qiCFS^dg51|)*|47oSI2*MMTMb4FcGcy+ng7{Wv1=PCi}h=_U|s8#THDN( z+B%LMwgCq>{tNvR_74}~So~-{=^u^$uU~MQ%|6rpKP&!}=@;(WijC|4qD{$4du<&s zy>AF(#=1m+*WRCGtijN;IEnrSuOKPtSFYBAsoo7+$?PlhHyQ59Xw3KRu*Af}I7Q-+ z$;c>jZm^Lx+A3aEt!1g8>kbk5leXzpcPaBbrjvqUcbzu%IFGAeRyl8n&4gp<)G4c@ zqOW1$+9W#}hA(fBOIJjMk``F}n$;~|T;&GU=1dG4Mbh9t}UyH=&b!2`NF=f@0!7i)Rz%giGy(wh+?~oKJGID!+rIEQQgg6Lmp6E zxk-u?$giBOKU`j9CAyYc{>|MpysDppdRuFyTh|xvmB+P15HoN^*6LoT*g>+l(y#Ja zg}Ay~f+n!Uc~OHcOWjxZvP_pD3xG=mlqtQRlH;pxrt~eIMe%zagLdSL=$NegEzuiM zv8g?uu!(UNRQNXimQLbB{;8@@`IVRdi}c2bi*DoD(q&EYXGK#!i~~*S=eY`V6)%9N z@d@M=w!E#fEiaY5Z+R(}^*@$2;UEs>mR?fN&RqXCX1d0rO zj<$~TVNk_R+5gw`8QU=m7%ceFjyYs6%M6SC7k1Tuf9_7-rhe5iLn4d5n(>R?nP>x} zKj{aG|BK@eNzBZ85#0f^5bX-1Qr4kSUC(x(zb#L_>+;mqg9Q0MW^$WdExMt zs+ody6|8NI27^uVa*GaY#zj?YDR(e_6|BO7l2qGEO8ol}vc058t!EaXoOWOwD`)EC zp^?A#%L|!S;-a%{IllOLGBt1G4UK=$?iV*P%YY(FA>Yo?%uxy*`I0{CTVha$&f;O9 zFNDSO(YWVf#W5Evj?2Okav7e`k-dhtr_Ag(*Udbf(B*c3&tTBGhcm=ogRzo~rGm40Aq!buXd&2)KUn%!DZeUP?MdV5JHw!g6Uc>mC?@@o49n=d*$ zDM}@ygfBm@g^S)!ENpl_rLYQC`%)D2T;wY6FUj`TKRKG7^pb)e@}JLYuH&%*Soa3^ zRHaY)bw*P4k}h4?d9rZbt4~-h@s;fM!{%>1c)cCOOND4bY>`e&`Sg)%jY8!UngU0%e=<^#7D zNiJ84T>CD3`lyZg-z2RlGk^@|)k{!Jr`9iVcr{pL;1J`ogU7jh;n~T8tsJvBx@Cvv zWGKuSgjv>)I2_Ru+vF+dLTjpAwK};(wIF^(OMKuYf|Mc=5y`v*?2!N=+5^K`CvU>i zBpc(gxRPtxaJmR!T;`gkfk6dBU(wLf+5|F_(VshACH*9si!fic6(9Uz^Hp0cMK#`( zzNyG&=Pf8U-b?F9-^pI)TETzoP7`gDa>-n<4#3avY^4ixR;8avHO}?B*TTQn3kv3q z^az735z^d!*DDwY0L%I}^$v`6Sos#*8D{t4?;f~Oxp24(JAL-HBZEVzWA2(wf z&;RLo(o{wVH;&6%&^corBYvsk`Bfpy?I(Lzc#nqHVFj$>ZU1*QbzO!-)HghgsF@7} zNna29-(G43+YQ8Rbnnl;YH^ch%6WcFaN~H|;nw`5g~7?4K$R&AS1!xeIrM;Hu0neY zciv=FNvFxq5tDw`9Kj3nKlEQ=8>>(KFc}T8N>AFdaS@aFw1~^eeT1WQ(tv-1rT<-a z4Blek(ML?^+-cAehm0NFZ{oxwCiYva)t297k7FiG8hiMdUzJe)R{bWA9&_ZRu}4hE zYQOC#6O~Gi`TMzB+kPox!vp5%Ne4w+M+=_g&)JjEqMqs9a-#@o_}8>@m-wd*qo^6b zgAzLIadp34pMJTbKU?ul9o|< zT{)$qqxpyb7UK|YxxaqJ?=AVKa{o?SzXaWrYLxDT)XJMGzDDXcglb18RaM?vqX85i z!|#>1t^YQ(>*w3oXS&rftjiwMk!R9_OpYqYY}^7L4B}4mPc6Ek-tGkT%Z+tO&tGbo zVU-r^t{TLTM*7J(a{qEgx23*UV7_PON)L+}eJNJ?fWR#DJ%DLQZZ+MZ=p!C|6=`o0 zrG8t4;oWv*5tO<_sHFUiqZGbYMQY?Lf;K{G3nF5qSfTLi0`~yaCk?Caw*?+mYNCAs zA4p1IWdCxT4=DLl56YaPe>=rcj?Me1V?QNbqSqnr`^bzmQ*a5L!N zASh`=CH)9OToM*hNi9Xw&=yUAnLHVFBxScoQ{lt*@_A!bQCeZ5J|OgWYAoDb;c~zu z0UbhE+@R9k6=s1?1vJaSQWDcUv9y;GuLt3QG>NjxRFwk~m9K*NK_T0kw!0EpLqCC3 zqtu$F%6drY_Ek<>VCD$4U%}MPN*Jw#0o4-5D`A``h`mw=s^JtR%=85L#6Pyh9?^P5mC4oD&L0+%)b3mO_NRO(-raP2m?gC?>V?{d& zw$NfPBK=K=>42)ji!9*_fIoPGSgeE>ETL+>C~AcxDUudm24|(dWvSbMwp$UZ_(`ds zS?a-{omvewH1lW6zXaS{Jf9U)U`1t4db)WGw3pM=z}Af{>tir}@+_$dHpVdTww78K zdYj;|BOfbO3$ueIbOpGBC*0T}t!5|7+6RoWo<&cGneA*@r+{(3XEn&MF0icY!I$Y&rmhv7SU%S<==@l1@Jrgc*)x@ji-6H@^i6}&v<#o_Xy-a0QQNOZ%N}SM|GNu>CC9b`ze_mQ-uMb0S+m<9b86syFMWwq-1hT zPyE?|WU)+@9Udqf4s0}WnTZuYHjtkJY-&dS6vd_FR|2~(gP#@P4+DE5gU<@|zYXkz z41RfluK`w4p0@v5i=#eG6JRYe_`Cq`32cW9ep`SK2R7Q{+KV1k+#HYe8N~boLuX%Q zEwQYt!MHiavYqioOIQSOu_M^V^Il-Wa$p}3mnu@_-&@(AkX|DWO|Z&;v4kc7TR4JM zUZYf+H|I~&6W9*KMY*=D{d$b!yrq@hK*{8oarkqLBkN?U68m;JAdzUJ5+s^A_;VvA zyo;jlBPT_b+Xh+}0e_AhnxI;RvwNWDL*QSe^{9Cx15(WjEQxW1ZFPK*Q9EFp6A#+@ zae@2*V7q4IPY>kB0y`ojKTB~LDrNw?$jOJp*X04}b`b9Oq+s~EHXywU!aJT63}1Hy zq}3plR65@VBhym>sR;;eJt-JcUk^xqKp2`L>0Bk#p!)g!fPNIHr+K=c+HC9kB4Ex2 z>xLB5lA^L?gk1!}Qcv;|n`M><%um7k#xteF+8z2S$;7oV^x@Fv7Wi#QprsQC+jvso zl7j-$ULYLkNx|H3Vn8|pg!4T~CP*rk268N#MAjHyc8S1F&&yydurE68vnx}zTm|q1OBo0G*_l%@G)3lc_uTkq;3JJ z0@ryP;ZSdg6~ZJts_d^!(*=wz9m{GN85p$(utOZ4ct0G{jtl6gfjYMudLnJ}nH2~= z0HN242xhy+O@Ykk;Fr{OCG-x{Yd`hxV*$Mhs6C3%vsL+OAhSF82YVUs#IX1u2lP`x zy`l&`TZ%P-%mVPAsYb>+s%}1MB_DvgrU*S-ik$hO=1IU_HTC>cgR2LC57(voytl_L*}hV`Sqj=eyi%6kdgCW0NH*Vq@T1db@qA5bF@o2J<2J+*u5~t4 zoZ%qT4cImryo2Im*IvNJIXoFrr90c~whHLeK)uM*{Y+??`vlC}!Ft3qvo0GKFqeU~ z!ZTTCVeZET%v^&gs*6LNo6Y_5fVnAHy*<upzjCjVTE*Ctc3yd46rWt%&f7C z1LhrIJ?fcRV?PO)Z-Vu?XBIW~yMUf=7)6b6s24ol8XK2OI?lCHCPR(pT(BGXhf z7YI*#l2;c_uyX?Xd!R;*U5V0kXayK7a%9N?bdBjWWoEu#Erm=bcsnLWwuP{>(|x29=O%mp_R_ z<-Za9h@zUfRkbmWYV%mu(&b?#wgG!LCs8a9k?q}9D;>a6w`grY$bGpyo9RPbIIA0~p+(2?MqhWZN;f$r zz7q|$bdyu#ujG7Y{3YtAbdwoz)i*q!6L*mFxp8kfpBE36^ZD`Na=swGOwJd@_sIE@ z_<1>B9;ge)H6HoA?GXOVRD`upCIS!;`8KueLP3bH^g_y`Nnvuoae=>vixPu5kSfr;QZBUYDi133&wiM(eP(L8T57C|njXgHnj7AhI+1yyUO{hcvm^kjSrUdwefU0Ul-pb=fB2J z$@zx(GdbTB*ZG<9x5ho>e0#jVoae`r<$PCsnVj#A@0as}_%%7-6MrG+d*kw7D1Tqv zO3n-8UUI%45fR)KZ}vdkQqB*?edYX6e2|+y$J~=OqU$^IPUjV>~|{mPGT z8bwq1C3gVAE=Zf$6rZ<42o*t?A^3cm3_iJ07`mf~?Bn>M`4*MOG`HId^38XR55brE z0_Y!au!uF^Q!db-ZHoIJIC6a%niX88hUR-!Q05arUpQDNjplm`QUW_`;t)Z- zo8EjF0%cgdA(Li6+7KN`b2;He%@366$!v?{K7^Q~g+?hf6v?9;WOhsNF^V4t>~xR+ z1qHM6V->#?*tH(toAMnb>thAq9|`6`;EO#+@=(qR3FlqlpL&ky(IT9t`TPQ`9Jxyo z^v;sv(-hwXSbK*XW*a?%13s7~PM0uvUl0b8BrbYX@ykWQ1R8pv$D;h~rcqSdd_dI{ zq~XI>jhS#VK1a>_;r>e$(HDk^5f?7lgJ7C$2_*yhB|jG+EC!?HRu!AHh@w;YrR6pq z$AW^`20m}wkv4Hgi&}0cNl!rNV;uj&k(&h2qC0Fv645efig75q-iRSbMpQCt#E4_% z19H9@G@tY3>zH#-@J8Y|gt|}2=1lYy9A|j6FlQ6xTLRXi4epq-ViT-PT>1N8Ja^^a z2A@;qhk}oB{EPXVnziByq?SPw#yE?L6;vYS=LeP_G|8aF&yAUsZwdb8Qq?V=tXXM4 z)h(}tpIALFmY2T@#;MA9sa)0{ha=@^<};gCSZt|cGmw6f!?Yz@!plmy8Q?vRV6LHt zMXLRk@^WVSbQ+BE1CVfrXeABBMTMfsptxRisD_nk?Drg`2O;j z@U=4w7Cokn2V_Kjg5q~UTpbhTuSS9`dy{=^*_(_g|BB+T;g4(0O-7fmhs9uLSs2?E z-sF(-#!MqQiXNAIT6M8C+q$`_sA_9>Qnc=%H|%!--Mq-`UtuNmvinspK+NI4dnG zZL@iN0+;k{I>l$oxpRD>oV&zV$$5+Tq%y23+H{Mj%ei}ek(_(PbLG5Mypf!@j@!z4 zn|KR3ZyWcL^LFvqa^60EOU}LH&tQFNn?CVsIqwjcN_yY8O3pjRx5{~^c%hv8$4|<6 zK)h7WJI90MJSZL}=Uw81%T)6Exh9>`;6ZJ|*C4X|A`Y_vLS{KWS@KL% zN&n;ts`%BWl08txpGm~)B7;QS@T--$+*E#o40}k1e^ZHGp3ST^M^*W~5@^GIBs~C& zY;HN-J40KJ^^jV1uBl|7(=UH9mAvNHFSi@1Vd<7~sV*(Bs{Q8iY^-fL>P79lHdEx%W?8f!p#<$t}?aIdWj;+L>XOI*fOYlK_deV&8 zyGyj`PW9#({P_qer5*Q(d%@b$j(f&i$a#of{dU|x-b22Ri4T|aq49J%kBzUwxf$~` zb&skT(NVYSB8YyBGy;|KSP0qDQ6RFMbwI4*1-;Dg> z*JvoEIKZ1|s+3W;G?$LfzW{k%!pL81T+`Aq<>zc>ub4{5)nm>&ypo`9pq+!_>s*PBW(!5_;KNw0Z7=D#J4D} z&=U$BgybU}q$9WDPbxkQ*!d1O?^Avn4(NVL=7tqWnFsvtG-tgLdv%Ujk@(O>K16vs z%dWsH@)aNBn+zl^EAtIMr`~2%TNN*@n9~_E7}-&Y)OP%OOjYXK_zn4z-<9lmbEBQV zL#HU}jwAO2h(^>Yp_3&H0yxwYzNR{icF=Hw4vS@#COQ)MiJtQ&4N%S*3Fji&ro57vERI+F~)TCpBR+*}VCwZtJ} z37enHrwQ9;vNM?bg>0#Xj98FKKh5NLh|Ey2E>Xg!el-afA+A=3xLRdBCbjx7#C@%b zmz%NFX0tBk?*o#{ip{#TlC*yyAs5p_QJ!*oS+Us`o0DnW6~bmam0J}9$_I9Fqt#|R zS9Hf0=?Rez@nn$xafLYQcG+?iQGFL8|M0D`vYo3}J=ZUb_)iJoG4kjKI6mFJnXSiaXk za=pzL;+xTRTBq`Z;$tu%)*-k2qIRW6TT9C?t@C%#qBG3lBae*A?~@70nDVZ$7Dw)f z&7p3tf{PSvjr8sgGpB%H$~u81^KAKHjrTbM+2+ZxN?))_M<8jO7mO)m8QiK1A#)ng zb3CIC8I#4X_myxBuzNlJ=yb>=`CBVLRqFGgz2T{1psM;@@y~$$K})=!O)(Nv|35sLDI2jx&l(}C|Aln>R>Qz;Fp-b@4Kd`C0l zBuncZ(ry9eUQZKGm58!k1J+Uy{^3cqOz&Ei4^tBB$b19Bk0dpryR{Op-Rz%}S&2+n zwWCym38qaqYy!ifjYB1_>v|g{lzfpA;yY1ndOj($W;463AZ! z>_DHf&o9O*YSTb9o1$i7^6Ik!<;49 zE!Ac+z>^)p4ngBKYB&)!pm`pnd6HwU$DdnBmTo6kK}wpUBx2@S{8{QrirWp=;-^o6 zeM3BHoJzV$l}J%);{vlWj)Erih?2xlTY#{AG14bWlI->Y;UJQ-+2wTGtYmjG2s4Ul zYM><1bR7t{7t_=}(6j`ESBq)dNlAY>3oiN>2&;=}vYVG5;Otr#YlbE`3S2O@B**Ed z>oXwr0%12CvVi|^Gp;Pz<)u*kssKB^1eG~x44^P8SUzyYfD0Y0Lu9?wsN!@J_vjDp z{7`nj{m{;R`0hNLa^ku6!~X8Wt@yCR!kJK~8v-hBO$Nl}Fwtz#4p>bbQN=w8^dq6G zS|IgIm<#Ow1Zyk_b4TvcGh zEtH#?mK9Z^KR72ObW5tKcH0F8mUcr%@3S*+3#E#D`xB}__c9=Pj1TE!_ zrt!lwP?S7TmHE-iY}6B1kvK%3;ipjWded0KD|rGk7FN{I!PxADlyPani|C&q+u5dJ zUl?fetUI+M*Cs2jv-9+^4sH`7B zs6y-0;!%r`v=)^)P?@d3+PVl+s!Ma;-{!msT<(^sKYc%GEyAb)99+ z0pmu;(&eMXl&Tg>x4VHBF9QCY;}~(4jA|8+s}dpo6NFWsB>qy;8v&_&dt4vjP$ zB$=kYqNp_v)u!z0Ot&)<_Fl>+$qdGyA!LhfTG9goZ4-b^A}+Qmen=pH9rOE4b1YrNRD2Ma@G`JBhzC{hnc}iU z{u0=C9+xOVRUhe3rlJofC>()>TH#ljE`5@wTcxu+nPz+Z8CXo@YSUwIBGOz%$TSo2 zX9`7VVCV>^>LR4PIVb)Lg~Q zLr8zx$%buZz9qa3aD^w_mkd^mE#YT?rI?4b^g6hnE{#Ekk|uyUI@m}LlonYM;a`P) zxJ;Nkfi*PEl$Ma4M8{VWm%KK zn3`g#nkr+;=-u4q0B`aHS!pC{s@7Q6qhP$|S>oWtN77oVM(4^z;isT|L}(9}x6; zB-n~p_F=$W09LRLQ^LOj!cr0*PU>roV!4ly{w1@J;ezW;y*pKPOBpi}gUhk_tB*rD zOtKulY{7Ci1HN5~V}z)yrF!~|(w-oU_9R(X$--Dkn%HE1_)!{XGGVg)*nUmp{P)6w5cit<@kxysjYU9eIB@QX+vo|>> zNK@ih!#{c{gU+K@FkCf9`4ey%u{A!(ZSfbNVu!k~^P8CDZi|mW`e8V7FKz0qt!;0M zpNiy}4l;iyehAgs+v3ZSV9fO(%uka>3(4LVf6QU-w)nP4XikRV?c*M}VwS5C-ah8N zw3>w6?c?R(Rt^C5Bj&XUK3OtuA5%}Bpo$l}eN6G)Q{skStwgcg$ESEUWi`i|Vv)Ul zOdGBs=`*@RA$$9nw%p?(wFcLoj5WgO^Zn{Skn7S z>If%!lC-xbNNGrsK*ns0dnejVn2p{~YE-d%g&FL>46F4SBz0)D4W=9W?6Zk1WOFdkh@OY7)DDZL* z)h86?`yxSZ3sme~^Y&%l@F}&P-5K{Zq+p%Nu{NA4TG|8agd?|MlKmNi^hN5f4l%70 z_#A;p1DfFBO%r&Qz^4N`*TY>B_#%O?0d!{yHlpHa7LflQaiDGdTCgGY-$lXlEKqy0 zD(dKvvL*C?jl>@)wH-54xW2+Pe*Hmcy*P3M2uri7sAU>RUtqclY@h;6=!;{Z7uZ#@ zYof3@5a|aKle}~Yv~Nc`5y@vd$P8g-inmeO*}!h_IA=hM+xrU-0(&lns}eP!vo+v7 zFh29FeUn_eS;8)G4h}KUi2K!wEfsGDth2`{ADY@vNjrkDwi$%SMlyB35$I(AQwunW^%#bHfrCls)6SUCwIHVY63Qf(#qIv@zuXN6R2pNmE1 zcE{Eo99qO#X!mMgm6XE8qS}Jd)v*d=Q8Q@qAmBqCN1dfhEgOpx(orCsPEwQ5-|7WFn5D?CfoXhTCR>K9B8=~xt*rfLtY8*pg5 zRW@Q#+x^3{Z7hl;vmO5QCHs74o{B|@wgZ42L|l47Di$U3Cj*=21K#6yCL1S92bjf2(V3xV1oALVo^Q8*uk;Vu_!TNIIz*g0~dy|s42jv zdR(t!`pA@IE<^Hlgjm;Vp;kCzQ4b_d*T$mAG|%DB>%~M6i&~tB*jN;q=4bq=xtBFC z^n;5L2=PsUbs;X*sV&OI zqWU9!PbV9;6&H&d3viMrT#*b`E*5n*z*&x9FTGEf#vnt|31NQ{<|g&!Vo?*3K80DxaKSZYDi$RMUjqCZ&tXz37A2eqfIpk!7$NGq%EqGJ z1>p-%l66&KEUFX}XgwTik&u$rl#fMi1;zjzE$9k<(b#|rF=vepv?A3R}axc>33fU0T z2T1aypl#U&)PP`)Y4%t#B?<@HYYZt)x2?vLPng(g?*-NUcJMsaK02#6+Weh`lz%G!z07Jt9quNiU>BOtV6gG^10I z(vTv7jQN&(ZB@ICO+8Z}cs~V~(Do!VBj3wt7VS%7Q&%47zYME2eYgup?OT2>KKs}d zzxdb`zocSQZIQ4Uj@%k%x+&zM3XM(mLFz6JF?nwOP*`JABLR)~a4o{)MOtH1CwZtI zp(wu`C95NZy=(5h+#5cn*1-oL5FrKYOin5`wHR8Sr>4e9_8Oa7j?|S7F|86sWx zUP7s!%uHb$o1*b|0J?{8f5Or@8Jm($#B>#~u_-1j$MKOD;6gX5aIvYMm_EYg)kH8G zn`(&U<_h`M@&B2eu*k zaGd+_G(PM=MMYv$`H?VBCPon`YN{XkVHa67_ViPIK55b=i^nW@w#eR?{ zR~6XU6y@$t%Ze&dP#Bvc_I5S&Y;5Xl@P5FN8^ac-aV8g=sv3nSc5n!0jwGQmTozRz zHpO0M@XogNsc~LCS?`!DH#4AX~(yWJ<}Cr_wGq^&nCf zd+C#CD%N-~)$fyf8|VtpIGqet;bK!i1FVI4UQ0_Anz!~c8=GnY!j_&yEkY_1o7x4e zQAL=^YRbo^CWAJ;kZSF7v8k)TxZSfxqTQ=~S_&7NdJ>G69IG%kHJui(0RC^sG2*Ne zah8ou390fR^e`Oi4)K?gY-~zMT|nsRNwmot?P61V0vzoL(i~W;mgQno$AdA=vqX(H zG{mNET#kZj&UT*^ndVmfxyy+p`=ma4-?MFOiX`)Q{8>)+dCWW&n-Xn50E@=h!dl$! zlM?yHz?u>ld9@9(se@SwYMYHsk!1Sg&tS5pPbnL*slyVsjZKkcj>Vso$QIqI&Bmrg z+a>SgztgN zjZKkh4#A&^#Y7OBnvjUt*c6%O3jDdAA~Z1cgNsc)2yk(l5XPn?-*F2WW*)HHGx9bzCHF3t0DIBPYm0KRsSlCIp`F&*JQ02`)Bu0KkJB z!D22pbpq1Qc9^v9uxeavYAzVJq*$uP$EF?w__8NRY$_QId~E7tFn;nZDPrOyX)S)A zRNcd{*2fWa8F6ANHq`@!o{pscbFnEZ&kY53h{Lr-1odoVQ^GtAtP84T+Sn9r&D{dl zgJk*vp~yZdVZH^HdQ?_Y{ZMgHg^f)KVKoU?C-voGQ?+nux&aO?JJ*z{*pwLD1$a-- zVNxnKC7iv1ADrSCA?muy#->gLVWua^x~ecXH5Y{WX;QM9^0BGEf$>iqEm%^1(V&7B zgE?zZK`YvAt}4ge+!%)l@rwo&0wD<~=+JLBS8WH{04KvQVMY?TkboAKtOIC^T(9S^ zJur-A4J6Qvf7;?f>>)?svSiUU_~swP9$jT@SOO1X^U;wixoq?gVlP0xkK)L^iW)Sl zSdB_>4`Tlf;Brq`-V22G%+EcD%_mg82VOeCDVcaJVCC2cvB_xyyshV)M~>8>dl0)P zu>KyG=Uyaq5x=@V%OLKqf2QuiE4d29g*e3B$Kyl84vY|;g#(t|WxAe^wCRQ~m%^=c z{+XfB-KMLS^yl6vZu3g~8F)Xcl#dsyJ@rq}Jl=zbZ(SB|`7A`4s^F`Y%v(3&51(_6 zu9X~^S02@{J`SPj8d{5L9}e#ftTzq>xjILkVYuq!C$lHZfqL&8vDEm`C1R~1tOp-& zP3??aehTRwTK$vXq)EBR<>^SDjwAOiD^ejFxx5m|^BiP;B96J-Z;s3Hkt6ds2rr~b zqlIK6m+v^t#$fXMAfY)K61n{3NEb*%uZOD;lDxKI#1_&^Lj+OSCspDL~3 zxH$vhEKj(W1T0rUct{D?1Do&hc}WI~6n_fX-#kuv6Oa}w=~EDX@FaPMfRK_gumYuQ zh(n5?ty7wWdZ;dBrB9XKXIc;a80BvbZi(30Jtr={ojLD;)M3=JfOaarwc?Kwp9pL+ z@u!H(g;QzQoPC7?0TtO!MVMf&$Ddm=B9EBXZ1*{3+uvpr(yL&;NwyeJB?j7GWy^hm z^dB5%NY`1abc$w|t2zepFB~Eq5~f>1XMo$L3HwME&*wIwix5heuMe44e4&c9Z>dTz zrNu`>`go_oI^bc`o^R2y?AMenq-(&uk!*37mUda7?J;0adu@up70AB_?Bk65@<84k ziyy(l5mwiSfqXMyZHNc?uTWgP-5c0WUS7-osAVod_MQ5iY=D89&@oRMp#a$@Hd8LXXRV&}aX ztfOM$z*jQ)*@&1lrOz{R-2%Dt$?5WKrI^UICMM<63Tee3&P1!)9Lc?a?TkbF%Uh@i z+oC(<>^l#Ls$9Q7ZZcA*rsb40Gay|F0^hNr%H?evK@QuMbRC9qT7z+=?*(#ygACv1 zQCzNPN!Ja|gq$pQOS{yR!jN8ZJSHg|Dn@rojq50&>^=#5YcL0<*)pCeagT&J8l(xH z7;w&2A2a1F;1_z%`*fpDAxGB`^KJxom&XGg(-f!q&jDYa;;8wu%vP%|QZ_yLJ(#sl zKw;UhrAJ5=>&&g}zb3ldfVnN%98<+11-cg`y7vNeTy?sKvF()JqGiYXZ@@dtX|{v$ z?H0Te>9;vdUwgBHuF*05F3WlXj2Asie5V8#F#HhU7oHGkc*JTbI}r;K99lYRFv3z( zpK_*d3Q7-8`#iDaY0KCJ;P4bd^=MT-udIn6oRubV9u96Nl)kLYIbhvcgqd6bm%eFp zej2nl3aQpp?_1Wtz*y~AI>BqFdwV@;Wna^dx+kIS;YgfeyYHu}g{uM61B9L=1+&8E zinA%2p}>YaC070`#ibh`2W*O$m*9Nqw}Jenz^?T2ivJME-v{hrFW*?2RIie5GtNTZ zTBM(qO_KR1{_u@BQY1S*^)BglUc%04s8e2>v;Gt;bZ~@avo9PGZC!zFMLbyGln3&A z0^27eUrTX$0{3WO$9r6D@0_zQ6Cj`ksH-AOFgM`OtzJZN``eO&F9!C!$F=pB=zwV6 zNBX~rN!Mi++o5HN4pF(2u?Y@`;;bEuzpi+5U|mwU5t3SQw^}KcJ_xL#DW)yTqXFqC z5Ki(W%30C}nw^yA5)iKOBpJXoyLSRj4}$QVCrPss!?gHcs5r=tkWM8P{RXFi*-zwm#4G` zp&LnJQ&75(l=Q%KG}K)|*w62(?bDPSb29wE&@Onk1SehLSIBl&dux zsOoK;%SHINHxfotWH8_BM+>8Um|of@S0Ud@mLLh=o9ne1C-n2dmr(kioeEwgGc39b{T_p`RzH zt>i$JV8Zt}exXzenx7RIU>dUzDAztdM^39VaE}8=$Q@`JGt8#kLsc(1yW<#|;qGoa z@=7JobQKt{0=1C$=}4ST0da%EM=MPJH8^f{u;Clwt%?&96;A*4e7mRVz^itN+G(heM%xOEOvN-Tm(=lg~oBEJqwxe*S5Lx0?qZ;ELF^Y?bymjULFFkw4A&iSO#Y2Q%vq%Wuawe~XArjiKTek(5;;ivAYS8_52B zns6K^pu_MdbBky-z!K^ZlSBW=Xp zB03P*VIHT1#qDc!F9dci4!N(wg5X1!h#%Cl4hrzm zch9gd^u&A7**{Hv!gw$G^Tlvpt-8FS_7=1$MK?`CfGGo_xt- zQhMHF8hkcd$`zj?10(jidrTie`ZLkM4yBO2$7CQHDQr8*6xm{E!{n&R$+I1 zU!NgvIML`HNboOUI0gc;JDxPnnO;b5a=$$!$wYh=QuO5=iHyGRqm0_+1su)zi7#L{ z{d{|erBTJOT8E!wM+dxsf$#9sp`v0x`I46|ffq0kNo{hkM8f(wavQSTn^LviN-e%Ku(K4bGdZbE z?zce8oz%2tlD%$ne+sEf9b$G!VBO^YA)qfjJRpH}lY0sBtc64Lnq3oEH@Pkz;N@W~Q*6{%HI~fUY2XFkxw9 z+~h8Of$1t>=RhVrh2uFdATxpAo7}ep zHrV5oD7MM{ATW;bEb*f(vN#$fJvq-&a%&_-oX1X_<>s62jpapPZXUY`ii*!;w*yJd zV{akhGv-^5S6KXH$no=-=#|O9{k}&n9P~kflWU!OBeVGM{E-#(A023(_*Dd6|ug$nSw^K2yBRmKm9gyv$H16AI4q zg2y^R`vae&abLL8Ltc88laBTjWT6+l*$GC2j~+WA>U5j&LQi=ig>F)aZdjg3O&STQ zj}oaL6Dfh-Pox@LnD)p^KC4bd0*^fB?HlN2WG3yjD9LGz7gFeleYzW zDG@!#iQ2wwT>*%E)}6#Y0!_{+JS>6!l2JH1fo{(z zJTrlw$tXNMfj-PAJUM}W$tb)sff`?$F7o9G)QwP33=4{R~6I$RDxGsW=#+Ef1Kc*h$lT?8^Q+(z8i6RCA9zD z1V6Hvep4ddl8ts&G5u>2`T524f1lt>i|OAm(Z8yg{)P!&b$Jo{*H7?H#AOx;>bF~h z??yc9pUw$>WHJ366MR-N{g0RW0qqv2-}d)M6rwSUov4LgOQhb*NG(mIe#%IFlt?wa z!j{DO^XnjMUeO)S(%v@-knp=}s!_7waj`eC9b(&2{jYi3dlWHcsT9 zaPoNkicsT3^c^Q^i_s~O`rb=vL*6uzsy91b!aj-A=7fTAaJximU`A?4A~hx>wOb-} zYDVhdL~5>+3Nsv)h%R!X)-MMiJ~HZbLL&dql)Ne#ETm%-CFOH$SqobBd5Na>BxPIn z*@=>YDJ9m|*Cz7gipgJ<$e&$I{@z6X=3?@9CGyV}lYdrm&aeM;^47G)2^3wKuIsmx zTsI^X)b*Q5hTSt#Untb(-w1+aq*f--_>7cUPx=6*&dNxwNu;jLNUg6@H0Le#+*h*}vK2JpFIMEONd4hrE1n#T6+|JKys10p1{y|IW$V ztm`JCb+1X6wQVBRkx)>LEfcB!UaGY7F7YQl@q3~;S8m7ikhrs)hsJ~CJUkvP=L6zX zUBjYC9Q_skFTRD%4_p|2{dG4}x+z!j9tt0$1_+iQs*G9T6 z-u*D;`><^Vj@;wC`7ngM_z4L+nKekxgD;Q<#1ywbOxXljTZfw^l%IwJ3iO95Uqni8 z;Dgc}xtF7l!r)$xJ_^GpoSIYAw5*e_I28gL@LS8e`9`l%Z-UJUvA+{*CUQ+4uJ`~@ z9e!!@XnX!@xqg1Ega4i8CXaXE>zXwEi4G#aHFZkse5JsCW0?r3i$h`pj$?9JDoTyfkD_HIZ06Queths@Q~ ze;YE>`ylnF2y!=4A90B8MU!4z|5Sm^tH9pz_(F;+ewyO{2KKYZA4$}oRf7en3qzXY zkc{y%eYi8~g7ggu*4JlgxUp+naLkjGR^&R7CbBmX$+y19Twf_0!G`jSJl*VOAoby{f{#$#Gy>Sd6GZnjPy*$nO+B7zNly^^r%7tS!D`!ZV267A zJz7yEI_z&I=1vAU!xN-%iI>Kbst-v<`IBIf1*Q^LD<)m z?t&?nw2f}Z71AUSPVuA{Nm92AQ8T5@L_U^ubV_L&*RM%MW#-)vh!VHau*4a$iB$*TN=hO_leoA*2Ws_v);m_@! zt$BA>yfL?kECKc+aVd)8Jr$>~%nD%tcDU}zQBuD^N#!l*1UNz^g90TTfooNun1FKUr6-U)p2C#1+GWe9r)B7DZ^hil}iT0=+kba1Tj|UL}nVG`$4E--~G) zrzG+G*C70o)+8gcG?6^r)r@s#n%q?}00zql(ImaRAXU>BcHmkdk+*FWzdk+&vf4)R z>*LZjEQT5JY>#0^JN*ov3BnYZTZSWJ)|7=4T~L6O4*^p z)kzB?8zMzF2W#1qcMYTjCl?4FK*7wG-#|rXFKSBJodwFSp)y%01uEpb3fk9Cz8(rD zOs!CPZr5KQopOh}2zp$q+vJdt$C2BI4wIFVyFO}y6Wd@oL4tjq+b*a&iI(D&Hyr81Zp7%@N8 z?*{;Wa3sveZ-Nxe#ze=m0XLM_aX2Do;z9WChY};NFOorps|ZgLf=s0Tk1y3FhBcr*kaz3`KKPMD>ef<9RarIg!3K8$rLF>$KIlP|3bb(Y zu3jsP%jNxnYLms~GV4(qj8v$uKe-~Ay&zbTh)*&rlJlYEVjQ`j*qPERl3S2|ufq&K zB`XqfvQCF~MMB)XgFhcqq{a?V=T{`R!;JKbgd|gOH);n*$i|8!&}~;FB$=)8r1Yl=4JX}oJ6^SUh8ieZ|Nte=f?21H`JPPbthlfh+ zibO~sg75`N^n&51WJU5Grcdh%yCRW%8^S})aftCMq9w2^64ARY2s@FK=v9(kk%*>| zAdD}j$*xGm^Jju^L0XgVKvABV*@lK?#Y5ovu~GWCVl`)#RMff0PI)yi*GmcBSzHf^ zqK(_x{RhKunLp7`xF({E%dlq0l8TXDX=i<6gM_`;MQNeFmKZh9gs2t(<8L~!WJ`&) z&n=#Wk(@6QknXgKy`mY7G#m7<*!*65?Y+Su8F$!FKX-P~Y2JrM>P!AeuahfwE5+fb zB{T_{i$D1wgOaSAe8$WvkS0c4i9^y?b4!TA_$WmDcz+-$%VkKba<%5c4;Bq2g2hd(F=y3k}f?Q z(^R@kOTM3i^bJL5yo#i{wCJr3H#Wu*=uLHL(X<5!+mn>lWV^I@ejgAHN^6paB~2vH z%#tpBK6t)M%aoOLgasZ$NAS-}G-Bl^q&Gtn->9X%1^fRkspim<3cfT-`bo_LlYU%< z#PvoD7!ak0gXnsQg1(^%UUU_1Z8HRFDmwf-M(?*V2-k-d#~-FpX` zp}7pqFbsnXAaTHfA!nE&$bbq%P*72VfPjLms9?l^Ie`&%%&TI~IiYLL>ng@obPa1< zWlgKD{@?eUs_weiargIq&+q&9^W5sHbKZ06RMn}_)!|Bx?HUqAPda6KiQ)dplGT(r zpy6MI+R83VD*H2MZH!io-*P1n`jg(9Q=pcC?rYm7;0FH?;NpSB+&InU*KU*A%7#C} z>0%Y(gHer51Z1dr+bs~;2d>19w^PKsa3%?4B$wXa;duey0`L_%;Fr1V6NuG! z=N0(kw}bG0n|ujWgWu@87T|3;;Dy{#7k$>F=yW|d+k*bbm1B-aQEa&rV?ykYBY8cY zbnWh{q+ilYZ*xj=yjl7h`+S~TdtJTNn>sL2?p-K}MJ5F}q&Lu|?dAD=vF{g$K|4KtLg-&gb7g+M}F5o{60za z15U?(ye`wM?I=$%^Vt8nYf9G5o`@@}5;~+U8mp{klac{)p35v}fXo{g?ZkXXBG&Lf z5fd#|*7h3ave}pQFzsyh%Lw$itpiEW%j3xJj!RMpcEaZ!gr3kLb-;vqW3BTk3*q`` zCkGLi9ePY2gcma_97Kk)UylVud)?XsnspY~5}}VJ>zN$PT@J%CB#WnM?ZlR zgU3U$sph}ws&m+GN9U+`!seIbQ;AgWMZfvYRLd`Q)Ix_ya6{Pqkss>y>y9^v7di+x zmd!i)5bjBz=pb@Wpo}+j#oA_FlGWxz&f5QhcfFB_{rEo-Q_u0+qT)%f<0R`1Tey9s znHHRf@&hO3=hR?ie$etOWYqa6zk_gd+sK_Q&FNXua-PeHtuCs>I}#u8mR>6Hl#`$j zh=jOY;t|PO(hZPo%5R+=bcsoHIB8&dLQb)6!tQk0Q?^*V;ceuux8JP1?=r$cm@rRW z?%FID6#m+x20jbKUr&^{@oc(M#?5_s;Ybv@}C%zw@( zPDm!1m9h$XZ<7iB=^%W($;dNK;%k{R^id7kUHmlco_Q1a46NO!B>Vxn{C2F&uDEC^ z#r*2m6CWho2UxLRz7YN0txjKyj%Dga$nO$hB(XDAa1!a#-A4E{mMLOso`>=`}uPCpy|5Xm#)-ET%c%-)Er3Dcqds=>Cia{?BztQ)Taxd?rI&N;nq9 zHGKF=f*hxM4%Foimq2_q8yuStdl^3HB|(mwy+OUh;Sz|i=5@#BgJp&fl}V7JrU#x! z`^n)Fh_9yOv$jyOc;N$VMxJ8xd-uJdj&-;MB5jlzk+{nOU`*Hhp@M;Rr!fit*j#=q zw()=qx|{8S;1b{=p|kN9pWCh=MPte^Kt~o-mr~QbFA9B;rpiq1AzctW3hkMWPc`oY z-^z4+z4@~5dH!4T6Xg6s^9DJ8*!%%Gf86|SIsd)+_c+g3xb%>qJLHQkcp~DB& zB?vN|e` zIhl7M{vm#;kMIm+(2cm_8Or*R7CdiR=IeyNyYkDy>*n}+^A}k{eoVQnp?gbWj(~|X zJ0aMO0^dWIVNBn&F0L)-6PQM&Ys$s7RC=CB??dU65u6iCGiIg7mh&-IqXLVQ?Ct~P z849pyhB5OAt}Lz8DE*$GmUy+6=yPCxjwQrqis_5o#p?tldfK2G+v6uC(N4}GDhMA$ zooTxc91{Hj2u%M$FmQPL8{mK%AK}Hvv|Ea%R(eetG1BDnP`0Wm>tA@~i)cukzv!js zo9wwGN=$kU&i&2?QTuY){9@+G0rDXjU`kLqx>hP%C|&3cQj<|$oTqGG>A-Y6O)tw! zFV9P_%uBC|(~?Ko@Ii;btgsTcD`CW-%VDC%M-Dm;OpT8kv^A#J4BCuYP3g6Rome)ytJJyF7)$FO>?%$-|LdRKJ(tpSE4hrb_guD5m$P!r7N~n0ztnSB zqS|{d-R;A5+d%)f;~Cjn5TRBb)BRt;OlEH#3{W_crrS$!68uuHQ=OtarTagXpob`$ zATtBO?lD?=Z7ciu-#d^utH3*yd@)Y>V^yBMV9o~b636#%fJ{`7D7goKhaAY>MVaC$ zc^$mJIlixChJvJA{{|pLT}rtOW43S=>7l%6wpB69%eNY!5fq{EDxxLW)60BU0Ok?I z`tm_@JxzxJaC~E$_VF}b3cz)ZX|n$Y#^y7R0q~3iX&0kYi06!_KZLB;(GqI~_u1|h z&wXTlk>@^bUPfobFSU2=Z``LJ=p!A^$WBu1KF?nf*O_%6BF#bs%P6vp>SFhKBtcvE zA;_GCU}KEVai5itH@AUz5BXwTj{CfiN-!^j_gBaFTi&{lDES_Me>+gF`-qaZf5D9$ z{3H`!iFF?-*GK>+62x*D#uE48PDrl%NWKREbQncwyo%(wk7Rxh0GAS!=v9z)AJKF# z0FO1M$-0kddIx|{8q;Lmhs|fwaEE62Y4eEJ&?!9kp{~w!A2V=av;@%pObpythIEZD z^M?BUJo^60urF^A#cFQ;zf~h|UdL*_`@dCl&^8posu>cEdes$bc>A&7XrV@U@!y%t zxI2=lS?8&lfjV?*lKAhak)b}e=2=h8d7hdi{yS>U1URv#^%iHr@b+JLg-YVTqvj(P zYB+wfsM`9PTRGW9)j;SSj$i5oto(BqRZ~IU!?DbUgl`vB2Y`2&hTwV%+z4HUv3OA>7uIf3CAUmfS{GIKQ2HGNpTyFP#fvJwmXounlI&WdtR3-_ zq8Y~i+oGx#m}#+uD4|%+qDu5E19c^VEQzhP^HV?u<_wT8z)$XZa34UkXN_3kdIdfK z&=w!qh4Q4@KUQap=pIt;zpDo!ok1N8YpP#g*R|CSlkD27PS1PW^je(zy$oW`nu~j% z{UK@Iq+xQ|WY=7~kjfnk-I~`m*8l#R>rR*zUW~k2vDjrJ25p5!8m}3&4cTkFcF+%q z+rqBSej5v{seKe0WNpP-)*+6i@+QY&Z+VlWv_RhE*#8YY1dd(f#CsO481dX-T(gbZMM}o}F2=0v0s?Dygp5Rj8MetrF zUyM_}U0bou%|F2V(eeFx%}$P@q~uMQji0Z?uB}ALK=8&mzOTeij#94O0a!>7%Vii# zCP(iH6}z^Qd`|=De2UO`710vdwUuOkD*z7=l;~BEog78e769IBOp~1)Mbl3JG(l_s zMw6W!<>81<0CaaCbr?E@OpZ;apim)oC2OlSfA!o)-uTONpFcp^YAWnh`y2N;9rTTk zhp(~v?lb+$eD@*JY)0?|MfxRZxX+FW+PV)x=1TpmkPZ?bRW`(OB}amu&u zGn(>!z#HcHe#=|;5hXJK*xiA0*H)rr6?jKEzOTf(kCba809O*kav8=F_ZglP&bp7} z`z%0PD8iam5iNmrAIbbH0DdAU(W@ZqKBB1&8nF|8ztLpfM>GuwU;;t;nymY<`OI7Z z7CDf54V}VsAL<&8(#ceN(z|ZJw^Qwl6p(8F@=?r|nv~~cv~BD>y#lbKej`k({g25+Sl(2TDT&+pL3kvZqBFBH zn5VDVs`K)hd+NE~o*%L2_i^qw2tm*uzrgN|@c!1D$jiLJ;*Sx|LYW%BC6)IH^ls|^ zt9iO?4hk}1tDBog3>pU$-8}s@vUl_J_lVoVuFhT@3#_T_1`SE2NOxhWyn*(;_q~Bu znlEpleG}@o;+N{giFG1`gH~=2^x1RsYKA1BK;CH z2HGzYv>j*(GP4lu6{A&~8)!MXtp@K%^2Ipi+ky5P+IBv8S2(^uM!JEPN*(~fS@$8*EJ3gWztk>N zr_KiVIp)e3ZQX|;a~^_*7@Zbv)_rC}-rNP=1LTWw%D3+G5h}rK0q;G>_gmh&k0|*G z0P{hv66-#qq&;}u9p6`C-ABq*1HeuMv0R3+#C;CF5*eh$c=R$iv+@2e7?)Q%a zfc7Ur-u-+Ry7g~!{YmggQd77yErGou@V|GlYVBT~T@Jf-qFYnTzonJ=jQ_r>qY@2F zJnAo>IJdDLbpfO=#V=LDd+6POjXmlPkRNs|(=p*&k9q~XcO5_1qxb;5ZDQSIAGdT_W6x4 zsrj$EYN13;-m9)T3fDvQvfn5q)&BKLVvW4+s={`^=pn$K_Jxy7JueH{apGRYe+A&} zw52!dxtBd(WY2uDxF27X&gn&bceWcO_0Nv|UQ|P>{Npi$|Mgx}07C-r&0P$-OFnlk zYP-k-FyT@BQZH4mpAB z^F}NoN+_1oMMTdwP=6qhC9z$^`c)}vxHEq7v)7tEYb3WXO#x_cAJ~NjAXOg)PvrFf z3S{UTPfSQZ?93R4_7lHQXT0$gJ+H9mckMYi6;3$=i5#cofC#(6b{*bF44MxUHC{8QCB9g$@!COc5VwV0ojo!ZSW`O=8j?y8XJ@Ir z1?nUJ@D`}j0(lG6`=D+!eyNkN{>@vUZUOy0$1`UW5MSR6xB+#fYbm=xCDJte694&u zU+RJcjRk6t1Z@|n1eqZSM#X5=W*4Y`pcKICy3=Tj3ofhzfypz1r~C&sIYmcTAh zCG%kbj3+43t022T6-|2su(UBvc7ZCIjsxI~#x&UlDx1%20^lYG(gg&aLOkcN5hzqh zU6T>9|0UluY}+@w>Z>65BN`w5a_HbgYE2O82M*c}Z%U&11sXHJq)q@&KQh&Jl(5P` z?czA*?CpV;{@b=j*!zEj+u&f=I*8?t7cQSe*&Up@6G9GNG(vvB#R zJ?DaRQ7kL{MAwDS!rsneIc`LL4TRoc`#-!9DY|5>*nXo_AfF2<`P#0_cq>j`&(JZ) zgA8#H-p=zL%xm@6w5Z`G_fm(+*(Ela{m_OC^f53eL3g~!N#wMrId%mk801Ru0{wX> zk#mJ>K06W;46MYdY84CjtCQfBuGo6TJQQK?YazkFzV6uS$V5a?IeV4n!0P~KUBb&)H zLZ_Mo7cCD4kCId-c+O-BmaaG`2+3?Ez|jSVBYtSn;BlgXH!fAf_^jN-v>GNzDuk(0 ztdKlauw%i4s$dsUz=zya!IWag1FK-Fq+$gsTVL=CWNT7V{A@_C2zlqc#x$XEAw8+a zgc6^PxJV7@)@EgbQBwD|3A;x*Z{pUZ)KJD1({sDwalEpGH4t7C6MB`h!WFnfySQ{i zs@k(rls>Ta!WciOcy$~fTzp&{A5wBr93NVo=pR;cPfQxQ;VEE-y#STVG{u z>Fljw+(|60(b-P*9G1$m9-qrozgxQHHX#2_GPBojsjA3@X|Xf&9mup^G7OY=Rk|g! z??#>k2_PHx2DL^XvzNGv;L{;AYIY+c%K{vON2gmHMkdRvg-c5KXO1Vq-~&=E&LD(} zg431uxDmao<4M!vW&-Hxf!6lH(gx3vDn>Gf7G!NG;1;R)uW|sIgYxevr}Gqj?7J$3O-rOr*RDj8VRh` zE4z}y2XuYcda9IEKCYV-)-TKR9j}8ae2lko{^40ZfWyao6TZ#xs1iO6)B1-TR%Td_ z=xb=q4C|dOf)izi^~tgkGs6Z%^u^4ufe{@nGi-2F)d6l%BtsUH6OrV3zC9mq&*$3n z&G!5>&Zn9A3swb#>$I*m&<1e<${&hUX4sI3eJ?X?XvE%@88$3p|H=#-9-S zUOZ#t>;|D1FVaD9L`hpp92$4?n8R_Xf?IhZO(wk{?@YBU?6= zT5BVyl7fwp$f(wlZPKSACBy8fCT*xRe9sX^7qt5Y@y--`eN4ab_@Au8F#|k>V+J>) zo9iFPjTs_|BFSpZP)U?&Vwfa4X=1n}dTL^XB&szrQW8ToF-j6Ony8UPohE7}QLl-y zl9;WD@uds!)bBh^>{zk{i6xq-6RTHhVv-~d(!}KEGf{*!n%Jc^C)1-fF{LFZ?P)G(!}1)*wnXZVs0Tv zhQ1FDSbvGab`T0JVQrx`GB6nV23TD4vrHlPEqtT46mE_9{_CvB^02!rqbd7kCRCU@tbfrRsRur(o7=FBnnvzu&ixr?@aP&^~-Oen$JF} zYX|{S6S1jA6soER5><1EjLlV$s@hvst%(7if_oDM8*}+8Tcr(hFL^TIN=-{!$V6T{ zUtInb^2JPApp#qeGFe0XBUbCNjuTelufEAvYL+PMMpnMU`^61wa;4PHvAQr=9E&B@ zMH=eASzv;{n1hxFL&r9igp2@Vn|Y({*g{EUl+#=ip(Y|pM4D(Ji6Tv8B~hXYoeat} zQ6!x0G|@^DoitGrab4I`6Kz`3r>lc-e;BHj`i>N|D=d~4wbVsYGvi5(Yev_PDz#iH zb)l0|XJ9>8`8guLt`T{y!&%za*AXCXEitJ`+xggnn%Bc(;j=k;*-mz-k;UQ1F^@4c z0BzQcjxw?$YG!Qtj389;8)9T7SxF&{+go2Q|r0=mZl>1-ZgC+*3j z31Ieam|vIl;yn^xd)OY-UfzKxq7QW}87_5`rS{UcWV5O_=45NxkH^w?$I{eg*?)?q zx5UyO`}$b=+gO@qveMVa(j|C>P21aJzZ6RkAe(x%J7~dPh^42;(q7*Gilq;UrIY$p z72n4y_*PwFfOl0^d$f@?I^VWa6Fg_U*T|&-U%*RvzB6t%a&7QKBY;;-r=mfZnj%&| z|3~5)bQ0Xnxy-cS)kf&jmz$QnL?|i>URA(#CQWrkTO^qcXLe%ex=6x(v0E6046B3^ zNmyf2R2_0ZDjQw}ZZ_=Lh2aGfcI?V)2-!=i(XH;9jF^=TCxI1(e?gcH7k9&h6zdUW z!%Gparp|6do4)|94W`@hvT}B>DBK07DBJ^K)`m*Cpod)wk1I>|K*qI8_C3axCwm>^ z+9&%P<9nCAjT(_<^!OdxeG|v4+C^C7DZNj-u5r9yyT8Yn{^dbTA5dNv#|M^I$MNB% zT!yNik;NRDH9pFVkM`md%i>L=@!o#R_{quM%lMtV_$*I$50Ad6&B)k>#iezKcV?Z= zn=l}pjyDTsc9@`Rew)xWzfMULM$5unXQ2t>C7~0~gb9++xn{zSlF+$k!bC|_tLi#Q z4AsOWNz`a!vLxy>v6Ji=)oWsBNleqk6iH0iM7<JvFhvB<5&hxg_?|8EV2|vNyAwuV~6LoRe&@NjlAh zBTEkhJsU<%Oi;(EZatE+on?ZZ*#Uyu*+=77dzhO%%*}$~<}MVq z)@dUvZ*YcuV>Al+vMlC9gprsW$qptcmFT6-a6uA~LU^BEO^U@ZsdsU#5V`?WBw(fhKBj@Ll|791!Fk9v+!Biu>zDnfPKm1@zEbSbrxs!fX_jwBW9 z>Ra>PD~G53U6xIoP&D|&jZ$f9&iyhj98C$fkX5u+Yo&qYq|L;ICs&Dt#`{P-3Sa2O z{`r=Kd>1(i2O-Rc)1WbY4qB?D^GX-u?Ir1MEddx$04dqo$8}{f+ zo1c(S;|={-x{pE0N*MkKp~w>Wr#CA;Mvx6#^k>M=+(Z(tco0!pbnG&}dEpM&Dw4Ks zn&G}&!JbWyY=Lj2pmK40l!1{jC1F~^jD!UeHj%Jtu8ze`uKf=>^og;s;FzK=*d%;I zGA}qTlDwXS+-vxyXqQ$IS`20#j|RmW9F1bW0{=T=+5n>uhZLOHGG@1g(l+=hTgLf< zQ{>7J^-8;j6IxbqbJ61+ZK9~){bu}{-kW|!d{AhXLXDI!rzUhF$rSu6x&Zv^)czlf zSbLdNg(Li=gbL(!M5f@^<_`ippE(xN|J@>l#)omdM5 zTmGlY-v(aOmX0r#!raZ+MAK)A+zzN7F_PaawVFOx{z&j9I=((cr1kxURH%IUWghtZ zIgH_#R&1qzS;+EmF>Ka>eVq^nNtP_re|r>J)OM!dYrv6BPW?N;>cP zhD{v?Axn=nJOm%y?isj`!8HKfs$fj2a2w?1N~yr!`P>M?B~&_=`jl0xH$`s;`60*B zYFGZal-TnZ@c!obI;_hmTrXKqNHv!MHwX^~<}E0v3DZ)|c5UU{YI>?DNz6#K+BfFR zOhvrwH(xaEnkr=TX<|23tBF~u;$3LA7WV$_wy>}vbt>h74qpm|ipxb;Q`7DF{&2!Q zCG~LI8T15AJX*@GW)qLMUjP}Kc+yWiz1>0Nylp1o4tc>{ZJKmKDtrnwRr6fQmPGOe zO{g_@mKF>4+Zg*&n^bE^EBoHI?~Ab|AgQWXN;{LSi7lE?>^)^a3brQ3zTS2hV#P@d zI_Psp=3tPH#xJ!yi#ZI#ivGV-L4^gJ2j=B5fQ7Jtjuvn?n2*K)T5bWIE#P%9{}uyi zy9I1-0sjIiQ|xS@!4}Zf0?NVc76at1b1g+T3m5_Bjxj)7T>;%KU=Eo3=Kyq2R@7jN zIu?l2W7I!26AXcJV+z1JJaM&B@m^#RGK)V28#) zQ$5g*08DEPRPTZI1K^OxK=z;PWWl!{fQuRf%`nLg81N?K@#pEo6YO(lE_jRb z`194L*yYSx@Q%;p?_*?A;&5p$1@Edn{z5G&2T$`bc#r4t7is>y+il(j@54O)V$GjD z+WZP$LEBts+t;h9j^K66<1h92W5An`$6x00=YqE=kH4SCUkl#xdHnr7{-xkumB(N1 z@gD~7@jU(tkN+-sALj87@c6%iS5TH){*@lTBY55N_i8v^{L%47 zuWH5sH8}@q>-SdA`h@@-K#)xLGI6N&cX^-_ zzXWMp_6H9%8h}YL$g9PlJRjKyfK@R_@|4b^jgm^q1ClbepAOW;F;YtGAu}HGZlIov zk#RYU2XF4dKLYf-7%qc?hivH~i#p&V`S|_D!&-ZwK>*amAg|aZ9%v5$mc^jhM0*Kv zTUS1{t;?^1j;ZEc{t#_8AUNNN*#V`esx>!){vdfYUaxGp-(XR_Eb1>n{5==N>mTDm zcd*c30LxZ5g;L>y(x$2MO4Adl0Yr+!d7!>2S(nJVV;2BsHwNnGfer*+D`^w}O#+;mH+mJwSWLK(>0Im{AGlAn@1a zVD!46UX;yF74TE2!S(n-_wK0{Toz}-vd~iYNa^l~X&b7UiN;L@*Dn}lw1Xz3%=P1 z_?5B9MHEr*_)b+)op}(!Q!&V!7Jv3Y?*s5fW1v(z$*w6%)dD{?UUR}GG7BN*^Z>6a z=Bx3aq{?L8Rdl3ig3PW6_9Xi9q^O^!%B1VufRdnDvuWw_M46*wXb`d=*vc+W7metW zSJ@S5t?auY@*u^oVGg<^>1cU>0sS4vGq)vxP8RSDn7_t=dkE0x>Xw#`#FFhz&=EgT z?l;$VY3*7exmxTVTI`3Q#Ow^}tXS?b>Qzvs>ZO$V1A-%Bkk@8?J}UPEvt5oQ8YoO8LGM^eyL|@x1!spTgymm+pJdGj3_fO zh6W*r8)>ti1q)I|{14i9pdtwDrtto$@L-@Z+~bhY?h4y>TWmYfsQ_)DTKSrVw&}i> zcMa&bIiBI>nH64Q0Z)PXmlz=9j%rwH0iS^RO$?AZOGl4Cq*`+D4m5RODogF1G_@)f zPJv9iOPum-B7-pUG&Nfo_? zF-1*2&YIi+fz1@Ust;;hW+&=2jRdy&PtgYlq+7lT$qy-g3#GkP=cy@qYE4$UzXH$_ z87Ckgc}6m3n@XSt#z@)R&>7+!ogpTHw>$ZXvG*fmeJ`P4Luv>1EjlzPxXo*rjR0KYKsMhyHDB4Sya&98^7!|8tBlvddnb>-S^2UQ`vJUP^7xN= z{IVYSQ!MslZRo-%39U3f|Uf)%0@=ogDD*#qf|D1=F;9k4MJfp9F|+?AWNN9;IYH3#1hr z*yaFui(Co>!B^wX5LnNGK}Gz}ym6JNXGQ{(3^w<{h{tJ2%{UZqCj@$Trs*XjYu*I! z!PngY#aU8CDFIgjIDp`3%%| z5EA1IpDKpG1@JhMeZyCQcoenFq2c>dRZ^<;U|bY4my_8I}n2TDSoL{wCku`yLy5#AZD&h?7BvBH+A66i23<; zZKYlNI<~Wm)B~h&BTG04T@65!nev!;lU)O@M~!UK$vDDf4*C^Eb2$q%Pl}cpgB*0K zx361ncqO`-%t2S@pe6qVEd%b=QtZ8e`#@q%o{{yOp`@9HAhq;g2m~8^D3GStXIikB z2NObd!BO}HO>dRQ|4t=U>P@LP3ia}sdb8>{t>g}px_3bJ=rORD1-0kLl-mnl?6xonBnM2+x&dS}pkhl1vkhgpBr~!Cc ziHE##nUx!AA+JQT;i1@^jY8hI%F0Da$aPdC>LMXzg&A^5oRx(@$W>2PK2sXT$j^F)FACv#L?aJ$4M;XL zoaiSBy8F(=kq1eTv!Sd477O$AsU&AG3P<6odk{!wBw$%Ev4s=9*AMZ&CH zK=Nf0&RI@{WTHJ0W^q-DFD zd`~kbE$%QmTX;NrnP6fPuKRP3$QMmjxhKy&!qYw{=f*FOgPG=R6P!;ZkcqCyq zyod680+J1nJrmKzg1$!3Dscd42~xeS@>Sr-`$?r-`$? zr-?J)(K-QO>pgU3bgrO#MMDMME1DIfM+o{Ihj!-livA=by`w`! zq<6F)=SBM*uqv1~T0qf&#Q5IPcY@v_x=zqLM2{1_YUzq#T8*HGd*~gau1IC-tD>!f zu8Mvl`k?thj}`P14_y^a7j&Pf^eh&&PgISw7ImVa&-2iIqN4@fH<~QyzR{u>JxS1y zdFZ~;O@gkDjuv!vbWx1nNzmIobanK$p!-F43A$hO63&YjtyvjNn=9x}1Cu)G7ZoCv zm5(oE>ib8ZicJ5g@N8%O0+HF>$(Wvqp@99P(THT~2SmL9<#}=}vPeWui$!F;M93dR zWMH&RL@mpJfMEpm1okM$p5e(*!*%x;jQ*D(DA1G`NBu9&Hx% z@aWALeTASu_0YqkR|GvG`bN+rqL$}6ORf@h+2EwzM?@*4GW8>)UO@3YIYw_1^iB>f zDS=dr$e3uEh>VGjx97{`Toc`I&s*&IYdP0O(Rs|GHtJ!|W92+H+RL8T*z?(P9v9tY z&rjR)2XY=C{c6wU=TqPKXpo#IMD_N((w^7LdB^A$dw$8DzmoIBsAwbQCq~uwTrcOk zXr(=`x93~rJSlp~p1-o^q6;WLIjXkjdV5|e=PA*8d%hlLb%kA}5-%8%G{BVTIHWT5 zQ==yYJvDkSM$Z!TlOB3%bgQ82qn`y`AGN*E>E2z?-+Ji!=v_fii~0kVsh<|@5~DW? zy35eSl4(&3q%!r>qa}i#9-S1U9~1O$4lOBxju4R<(Iyd@5&a40MT-tx98CK_Kv^o*c)izW+t zw`fs}UM=YCu%xKFML!67R&=zWXGNFc+=(;kv>lDW$2z#AkpHZxJ4l)O+0kZ^nH_zI z^J!-B^7+BEsVa0tj*yd_9ql2KyGMl$EXnRsFPt^ENh)|tj-X)95t%)r$s)5yv@Dj{ zS!F)Rm)RqFN@VtoP7#?sqw8?i8arEzX*=B3firE-=w}g`6Fnm$bD|I9Y|4y0rM{z+ zfmL&&zDQ;2_lkmxS(3e?_Bd+}ABoO`JoH}C-h$pc8Z79&qiHy6xknoLCdQQ>eDCNq zfzOTh7x>)h#27wS;V*mexzYUspBG&r@OjaLIIAs(Y57JZEj};$RM7LI*9AR4`e%$j zUeJ9!^!%s{sZ9NXD0>OZxge^}dY@=6&RWjlMqZ9M)r0R7 z9VGCD(P08#7@Zr#YZQK;2VWRnDey(nEdpN@JsZQjt0#Qo!52j@3w&|(k-!&6O)hoD zq!r#_WS$o+jtoed`hBDB!1BCfEK{H|(_$Ix)t>C>lS+8vSBF}RMlt2{L$pC(IaSQWEHQiss2?%%GEjmMqo%Ky*E@D5 zU$&MQs0GtcH}aCoKIBR9I#J#9dL^$VncGq#r$wB8w!C_DX%5S`=q0h5c{~*7D5}-q z7sOyH{cEg3*v%y84ki}=cPuUjE5E%yGDi6h*qHXLQ}v(4;v>nH@_M;{66d~WEbZk! zG|Bz&Slr8faFY8)vApo-oYM-=sdj0>LNt^60F2emMKy4%UEb+w8-%wazG5scuA`8w zkIfRq6a1VLsimhF=~3SzwO8|8-E;mr;0mV;a8DZh!-A^Ft%NgZ08i_M0c;r%H56$~~0BKFR!hdbk0;?oT&-ur!*Su74M)EPCjVL_3LldlM*h`H z$UpyxgqIEZiSTeN2-%RImk;^r@<^!Jkbj{Tg%i;**^vLg7YU_~ukiBQi_(Zaz~dJV zLsIaH^jC=T>xofVw}Nt0t^(l-;jLlxM&Yf#nq?#b`vnpn0SY$!uAvO$;T8a^B$^H1 z208p#B>%FBk|abDW<&lpbeI{-+?(BiXiG$~!wD+h{@MxxzxW@8$4L444-6r{?jH#c zn;17z(=3G9aKJHOP7zI8Zz6f^%?veuCmNwDJR3VhSqa0{qD2Y(j%CQthDPB(o70j< zSS9?*CU$(l%gR6Qg#3@7D7;uK;eR%T{68RUpuJ86|L+jnSm?>wkbjmL38hN*rK0e@ zh)BLRRwa9;*loNG3VwzHyxw*PqD^ssBN8g!e#OQZ_9i8xzITDy70hh7;vPi%3XasQ z-2Dl8FDeRozbY$X$U8;Zkau80-tMWADEv(jya5vOZcA0jDE4k~Pvh@~e$CN#F(Y?x zk3eGmx?r?a8e+kjf*bMzzGH-A%_ou^hvcun{<>CR)8S{`*9-juLZr(1H?&qWUDlzn2ZlsENm? z_RM%+1~^Q^KS3=N`3*}FZ0Ur=tSW^9+Y!_lTg!WH1yhTvK}?N9AXzTR&6^TD7TYu9 zN!|y5S}5|&+hNc0uu0w*`Ph=B_fnG{``EK-2zIo83r*M5p?b9`oZhS@INOVjl( zJ%o2sQXA@YM8!uXN-Ft@)+IsZYhEU$aVDdXNdZ%otKdIk0j$b;m_Dj(UQiO;XC-hN zWTU3xP6*FpN^VUxnLBBcsA)2Hszy}L$)>I9u|}V4x@y`QeX^<6v^Dw+)0+P(oZ4_e zP+9BcD@8(Prr}fHXvw7F2D6hvGG#d}b(iUu(^7Ytezv88k~h43y2tsfLq4%PNz1hQGSi#m zr_}bpJ)xwwpN3FU+Z_6Wdq8R{FG^~4_bjOR#a4Ia_E+2Na7t?88%UrU7X)oCYyX&q zmTbE*fsV3K)3Dp5{8s4!ina=}n;(?EZ?+q&T>{iSWt2|4d@Iw|RQ ze`EPv4y{rdyz>b~Yl2pXW~!MxWRX5JXmwboQq%Q8$sV4P`q^l0 zXnva+us3KY8R;R~Gfr04?Ph=so^QZ`2eKS(PHZBr=MuxWZ-M3YWQ<3qp+ER#w1CGp zduDtM101HI{Z7`1=NmENZ@+Iup%h`m?7~BUNo}YvJWkGah3n-U6rQVRG~!2CC{=Fo z>OUE4c17;;foggq9PFSVJ9#Kg5{KU4`C{VG$AFFY#V|3&Z0ClFk~=*82WsI^x))V{ zzkv7Lkx~DE&#j5KG=IW$<0ycf#9NTA(e%8a__Aa0bqmP41I;UkY3RALtuL~@vF1J* zYt&UT^HUwKKZw1uelNuPSdXrQFMs5jiL_O^21;RFzktv5iA(GWivClYj9#rLx1pQE zv-fB{xpM^{9E5TVUfVEuoe!)#k}ms4P;&;aJ~g)o!Jj;AS1V*1UUJx!8|d0S;56C~ zn4^gPEO!#`ro+cNT+i^N5 zIn^t{zOm|Erq~j2?I0zH7ZL3m((SCY8rqPyqlAtc?JiC?x1&bIR!Cz$lHSnn(sZlP zEhe7ya!vZmvB)(phbV7W=FQ9e7v0MNaYtEf?oFUJW$Jdx5c4wspw=Bp$9fYubOnsi z|1#Y_x7bK7WlBEtOiIT3Zd0vE{1%4vDvrU_p(T-?R%4;l_sOHBcf->gJ;~INrd>R8Brr~L)|B77wg_1i4t$NT?8-l`J zaZYcjZ&J8G2vdX7I^^{l6JH__d)~%;r@1dSo!>(uD5HKJt?HBdt`Q1z-yYOL(Se+{ zisJg95C4Ft*25?5GX+#>pTT`;)e>Csoc|myk4P_`i`Xfi*p6{FcY-SZzzgv>B8p~$ zg%;>RY`Rwm0x(?IWM56z1tlNfW0m0q-;={M{0L!LZ4#$`HZR>mh3w*WUb#J z?4Vm8NDs;!l4_|#@)FEQkD}m}B@a5~_;_=y{$q&B=)}3e%}C5sW~6)WOk`ZSO~dr* zwy?YqmX_dHCDq+-=k6q86>5{CHCdy{UCN2%LUb$@x0~vQ`JiNoXWk*Pd2hL_C>LiX zk!0}PlsR&A!CiYpyH#T}slB1yLGA5mto46Fd~sB|1k=V==uLf(Kn8+dm>m1^x}{a; zOqY|v4yu_kkMfyGQIjI{2DMOhY**A#1ofynaPcytthI zyAF#hxV_DZw$G0{VV`{0q@;;Av;tLBOmz)av%4)CPD|rb?ggAQYV<{u%F6_+*QL?6 zCM~P6AVEH&HTuS-QDf~NN^~WQrW>J47ER;9l@Vb*DEbddZqdYf2`XjLR2nhPMbkVi z=bi)B9m%5U4N#>VZnfU$CSZT?u&_}M(@?OR#TMF?eaRHh&K+XhWZ9ug)bj?^ zTChi=q(`izE2w$(jP0h?<@}#T*0a|4Y+O{rxpwwcNPmJF)35~8xSRb}*ZD2&{zx!y zI%;<#&{BoG*EW)NY`37h7oWhmY0@2xd24~c#mAeMF`z!};WC69Rhpw37 z`CF6m{H;rly5G#-=iU|smqBmpZUoZPcySxg-*R5N29Z`w2C6%25ghR;AP6df2{ zu0?{QOG(eo!j@oP8#N6J=GgMm9%-F8k}S+Hf2+CbVC^t}YdV>~HEkDen7{QZw5gI>F%9!UjW3|349OYB>{XO!RATO1j zv+$GgJ-HG+G(+WyfJGp$+2B{o0na3?UCJE#>ABYl~1BURD=Z$ z)`V|ndaJS6k+^0`V(efWH4O(sS}cejH5C^Cf{J$OzM58xz#pS&^^@pNrfiK_dXu&q4@&+jQr$MbIlw)9|K>ow-W=dc5=|fr$<&4# zyN=|IoYIG@@h2%zoO(+0>lbj1hm89NUt!XdIUr~ubHJLQ`L3od*?oDZ0Ez7h3Cd_H zkAK@Ujn;a-=$g4wY;y}yW+21w z8m}Tp(Fh!-;Wo|RTaF(GiY`L)s*hI|e)ZXVD_n|l{U4O@AB^3Rj2~Y@pK8MRk=&)x z@na4|IDSOo0W8;zjh3tDKDM{>Ef!ZUs+Dqe^m^SXHha@>0%XMTb5@7yiv98yef{zl zef`qCbP76d2`h^;|Z&LaT$WxbLfH{lk>!DE)`&>ejb?h8`3I`$EJW z$tZOYs4}2yVV4B+UV{H!3aZpavi?1#gBKsfcrcHDcKVQm^6TlcY;M1?Lf9ogK$AO? zd21U4;%ja&KR0dbIZ($+$I1uhgrpx!lTuhgonx%G=HKa_J zI!$B!wZJodkX2+F>i4y#=Pcag$zB`~>#g3pX1CiCSbu3cS$}CZvnzD9i}lwvUUtd) z>kMQUE5~9c2&f2NrRy)NB`6s;-xU>C+p)3RAT1Vg{WS;>w24di)pWA{(sZ)^nkxgR zxBjYkn={a#jGuj$xUPfo^Fv*)Xjj4d>sW~B_&IhP#?M#0GA0kYtcC_DBk%pfgXRa# z-YKD4Sc~KWB)e)73%QYtu@C~!9Yf>7UJ0r+=s9*pUpxocM?Gw^kbChr*vz}wWm=l( zO`4!DsM4R~Tb0D=txC^TZJRpxM~9+>WNq?auaT@>USc zMJDcOZ6l^(e^8}j9~o;$k+$y1FJRm*t7&)&IQ8ZiO#7UxhZoEanpQia7tBaas~ypc zrj1@*;3{+7E_n9UvtvkX2mgLq>=^HPbu`nIckSxDnhz3|@Nb^o!9_R^(=Z#-x%I}k zwZ&fioAVedciS$l-boMDbUk*haZ_(KnC?g%ah4*RJgzO*IUpc zeP!_Jp6hcf&s#fUc2dt<+)d~9>$L~U1YL=B9j|%C2tTVfG#;Bl^J%*Or zKP5_%QDL_gwkX6&nc_%t1&2{V)g+^Wrjt=Y)5)lyoAfn7AO5fX!N|lN$*91;HkaOb zsT~y}dC<3nf1vJ;#E-W8#!$X19rr#e^LwAB(fgK-34(9E{FC07I>6?CvQ!y*-%}|m2^u8T%Y4e|Z-*6zL_ig?H-xz_S)CmY=wm8G@eP>JWV@^D-wP(gV zGr(aQ?gO<@bfEXGK|*?8=g-ltJ$zEe@|B*CNbe&~Z!k&S>()Zt`)sqyR96~NJ$hfs z37+dD3#WC^EgsXzKEtXWy0H-Ncxp1<@wDzTmZfT!+_5Zqz{_c0GI3x}*X2a9-*ZxI zOsZDvq}Z6Wr4c7-hZ~DFSC{VXoV56;&v5_q4@tu()AVRiy^4zOKwJX})O~zovC=%I z)-vpCqo&~)i07?@p2%GZJrS>jN`g}p6&10H8=*pbHy&we){kw1_3$0Y|2c5n(Idux z1!|tfSjDU^Pg#rAa(Mg5V}qdQfr$!?Q*xMw#h{9_ke$EBA-eSfM!S3Rs923YDyDbJ z?s0d@ZgF?YHgSjJ(yM~tAgE29fFDnFlzxX@msYF59E1QvYQM%d zTZWhp++V?DiOrTFrs`96*D@;SF&~odsId{#aG0;JP_lr{<;)6uEIs5rJ1FhiF9#{%OyQC%Zn;L0-XP#f6e7EV`1J!=hW{4BzO!2J=5;+;Opu znuaq#ja?wU;Uq3Q_6suI!#;2K<z!FLh>;;1=HPB4_3E1P&la_ec z>tgKLph{07+q=_hcRQLBnDig}sHJXjq4A3EMGfBODefIBei+oa8DvB_>G&Xc$HVRw zW7CIN><=|8Nm~!6uvqQFfxz{Z7Iya-dTa5lBbi4w(20Bhp=u)C$+_ z#}DG#ha)l(lrc9RN7ysti6frdsNzD&6wR;$*ldPjaz@o=4-0}jJWY2~9S*$70jgI6 zb?`&%99`AaKDJteG`#MrrhU}wWWfway}D^@4l?3ox8Rs+2D!oxYnF-GVu7Fl?UoDPE<2IX=F4f&OotBX9rfFR}Aw59T_T`3M((&^<();ODMNu+y$e zmIS58pay0Dl3Ip9{Dn@34vMzf-BexN|82OMG!5_HXyFIN+# zM}mC@Y;E{K>FwCi>AePeYr%0xqIU|Y zIeLrl!GoDMfegk*V!%6$Ts3NqCx|BVaS| zlZHCr8$0&#bwt^AEq}2Si8elfaq~_$ykRa?QvO<0%E&FI3&t0|$hR7*+>!L9bW}5Y5?@rJ zNV?lvW0M1P9|7w)mJH8HjHMo1Ho2hr@HtGZP@0;GK-}Z=rf`q15d_nj8;^N7?}y(| zB8N^QwWR+XVM&l|bKL?S<{I6}MVsO&ZtSxsJCM4~zVX1+9CCq0de4V;c{dxFc!K8K6qF4iOi|;BxzXhw`_%ZU#== z9oty#2La+PT#?>E)5$iMrjuV`1u2Znbj%}{qT&Gks zCmyZWCN_5#3Rf3hKrIv<7{1=4E)Gex*i+ua!(%>>1KYWv#=a{nKH}QS7qF%5y2n$O zyQi!#@)5+MVpEwP*5;=2c@R!rg+Q#AO=VG4#(a1@WzUSeQQtJY0cxSh!s<(rpw;-c z-3{16D|nn(JrbWSKALvp7B1DpIC*=CYGh4$%l??~fN)2Tw8l)s7Eq;_WP4lZY+^no zDgIJ)z1e;p+=5R_&P8I-fdI>!KfG|zC)SH@H*MK)@pM*nr)f#2XN`!RMRzG7W#2O? zx?3gO-N2%I9KT-i_c{f*;4GQt4K>(^k;60$Jtn`ont`I_(2)l>@pDEVyy2%qg1rl^ zHv%y3MBxRupn7{YTD=EKKB!*aYH-!d%%yru_6UN@kZ{NMDQDlHV{P@4?QNEFqd2E} z|31yD-ai9e!A;ZL>gD!tPW5u@Jg0hfFJ0GwtX|zP))gtM*Y3T?)vF3ny_M6T${j6j z#5C*<^W(>S&N3%@pusVyc>Hwy;Wd!%sE=6}gDSnoZH$+E?U;F z5(HZync9j##t-gt2i4TZBfT!E@}$WkPzyzjMLMg|B25KGio~Aailn{5u0z(^hXGNf zM{uXm9Z8Wcf{M6EIUNi|8V3=-NP4poMLOlL*bs$e>UIQDBo3!RHMQ~BV$X~xMS2(1 zLJ>oeicgw|Mcna8(Z7j1+ZCXS^N{WBjdEW&r?bt$UUEE^jRv@ad!)IYjk~=$ovj5H zi8-B(1b-~k{o$muDL)y@Q~^3$@jb}@5w8eIhj{_irYybN%Pu+iR3`OEI!yHmw!@4E zN6KtK(K5#!Cg&CcI*eUf>cdMcG3I}cd$(VU4s)01DKb7lv1wQ)`C!~*KCZ(sbLlW| zcrt_3M991Wws=?0ezHtX)FLwqZ^Y|X@)DOGr|Ef`#)FV*?(7QP-Njw6H1=aYX5POb z5bxpZ4t?EgFkQJ_Q_b9YbUrb0k>onFKd6PG0~704)U^RF-X1OKj$~Xr4_GmV_vp1T z)mWtaYFdp&dW@!Z8OmoQkCY8w?;ib%Q(O+XcC%5uErdL@z3w-ilJ?SPoGyb1?dx;+ z=|S+dSDvJOegRedWq-*JJ^l{2ia;Jq<9sHcWb@(6E)NP;9rZuG>{9yZr`QUCWNKdo zQsKPKVBSIyR8u97Q|y`X~Bx6Z$PzyzjW69UY2Ejfa4of#VOv4{R zm3~F`f7&{im;BBKs6rnHtg-Kv;BrgfE5RnHv{&-lAD_l6;Urb@gv}49q)p#}GU+XR zA;$GN+QU8gIXv$;15fY5XbItL=ZgV;j;<{{xwj=vE3d< z@fSx1!FL`udEB7OsTP~F8~b##&Nr@M2ddZ2lV_XBMz#!G7dEL>n>ZQJfhpwfj%0Q{&DrGk*-OWsfB^y2)U60)44w zb_2glrlY3q27Z@Jm8R>0l7~F)t~;8B+y8_1H!|B>Y0d48Og~N6X!^~JytW>w8vv?1Hra@2_yed?L5*)- zAD1qFzb~s=&CeW{uGGD1do7*UbQs*I%MxLqbvV($5d8+IiC<>~X zA&-0Qnen8Np8>T{bfA$>LV}H4dj5gf|6$@w1fuvb=o(4U%*N`qqL-39T5ZrX^p^br27!~>5rOEP4PCf*JwIr9`u2NKZy6agaSTo~)>j z1hr7aklzOLIkv6O0qK7H#KE|yF3RFf_ZI(5UJ-2Z&tbCZ{(4s^owsLi^aBVEWEQ-M za9?v|T|5^f&etHjBk`MGK$Xghciw;Wx^B{5wP#yvcu~=VdTBf5!Q3{Dx9s=E{0WG$G;&%P*YV1 zB(FNKF!t*1>C-zvO*O@M)Y~)Tof+W3J8_^EiVnDWM?U?S*G}bR zdz+^Jc{g!0z!kcAdeZ+tyNQ)w%##vIkhpRk%=fmty39{NgKg9_6mMOK;SNZ5Bt88! zP{k|U26@SPH#Y&Cbn!2N%iUyt7!<89ba(wOS?Lub7Jw>iFtYQufsxN1MJw7TUwWzvH*zDo;z?Hn{?$tZ6v)*J z-;mQQiG7OP+j6C=--7=Gk$MDy_+)qACwn6iR8s|y5A2!o&J1vvhHpVF6dmx%+mR5T zoP;gdF6SrJkQ8kcs8Tet^R{4J(RB9^4OtbgV$o_FE!t`*kfPm#uH%ZvxLi{#^kk9? z{AVE}!ytDIMVMQUJy?|1&*p9;KI^s-?W>>o%Eend;ro}+;EtqmzX!D`$@UTGpm@_R z=@X{YRS~E@R%VoFPt)P+$sCsEA&vV=dzwmpd>S+Q9$WAUBS@tdB9La{)}ut^ zT(OW<2Rf>p?9Pd5%MCkjo{Yq&6WC9T~VrP)!t%XYHBs{tR%KhF3r>6fx?k z$0q6fprk%WAUa-!K|vW&JX&6$XU01+z+oE7KrIw8=qNd_(FWQd7-=Bxe@X)-uZBL` zF=tcsS+^-_-wiBbPWAFm8fYV^Qt9^QT~IuJ9=-wVVUq^>AP*Zi(CK^qP6IuT zUcU`ese%h#yP!_J2BJzHJ;8TJ(m?${EfjfHZV7T314?R=Q~GJECk=Ek zsD&a%9k-+Z9S2J4bOd6@D{SO4qIle5&x|JxbT6odA_g7B4^G7Xo`*~Nu(`S3?6Lf8QURUCu+k|Lygvb=;u zcX_X%GangtE9B_?f^q`m1wIG^m0+);q7MopyGt09JoThA4&PyjvwR;}iVKbhX%flQ zfc*5GBD*1qPr=C&SjCcUkkJipzY@2jbM_-~J6hAp?PyIWx1)8xvL+}lI5P#m%3E2w%RrVR$FZacdde2 zwOY4Yt?du(qOHoJT{WP!F75yOote8$o}ktKKL6kU&p_^-J9EyNGiT1soH;Z1zO=*s z>wkiM04(PuTx1>T@0AfX?2{zJ`TEXyFsfXF)TG4ci15$L@r&z7akk*%H-uG1D2B)M zo$+8)c^0WjiAEZ~gwTJ36z2_Ge4$$+%X+M8LU7YHirw}w zQl(|U>`(OZ@}R3+!^gjwIaGOOwq7tF592Nan)Le8zn126Lhw7n*>`QGJk`a4VY*}* z7jID}8#(^n%&dKtawx$Jz7=cq7eUy03m4_?lojW9h~%=UXr`l%SC^1~hJvku6asbY zjZ}r7l=Pr1C25 z=;hG3uZL&_o%6dMt=`Zg3H#;qEo(;z){_JF06bVVGOK|p{*!nyy^I)Sm82evXQ^k5 z+&OU8CvFI84wFR&yKN*=WgSS1az`cL>ijUX*gG+*&MAMKDbFeM-H6m*pe2h!)JlCV zc?zjgOPFoACqG#?t^u%gSW-8v|3nkA-G$$WDO&QBt`}}n2)NsA&iC|~K%b}@6Y6Tn zsT>p5LNq-A;e}uVoPbncG-whf8C&$G6IePX)}o0{3E}S4M6mb`vesW5d}i$~$5*%yNC<-;EEV2@Nv z3ZEpV{M3!NC&r zV-us*Gu|6MDTKSy$9>$#{c@tGf~7@)BhFt=jM6?gtKtgq_(q7wz|Hfv$zy8eIT(a* z3hKVdFRK=*;kqlHuZ)#z9##8X70VsIj_re;#(D4?ofM)KlzV!V7H05E0DDPV*lRpk zPmaaMG+Ea7km@{uiyY6cMblMEKk)5N|28~WB}8NRy}mQPnimAS?XO5pN*eg)*sXY= zx>odGgW2=@LFEI6OOYC?JZ6HcA*h-VY=a^V+Gj;!*_hY`YR)L79~|ZQ1NRJ#qPCRI z&G0|uiBEp)v#g6i$GHv{Sw(u!WJFD#EQDdFzB3+7o{u9nDe*b+eYFv@08*Ua<05IC zOA%EOis9e-&Uiq>{Q+o5G}8DOvMWZ4(*qYtgI-Rngis7q^_}rx@|=m(q(lRaP4=uOVnrSC={>9899y8z5MaS}@|8I43kqJ4T>uYu z+YF@2^0j#j)2!P~7=X8jxCo%v16mf&4=Q*@nfGyp)cKIwt)Wr^58}&6m2#wOP!^{> zh|Q?CDN=3t|$3^*!TNOvYVOf2V?S!SQLNO38bk(uy{~9v6b` z5AAG^^DB` zYYA!_Du1qD{;OX3JVq;L&_|#KABSMS?87F1r0eCw{^E4#FH*e#vp@#BZMp}mJeA7K z%ibFAy+)RUncxTT)GZ0&2J&n4a6P{wey!*g97FzhTABO|&{7oq{Sp}o-nRd0Y!Zq2 zGC4msMm<9&i)UNbo>2LLOxnHj)px;QRs0?G>~w2T&yjvTE08MNI#SO&;@!Wk>zV3< za%P2a19_h4;rivwIRU>?6M_xO`IZN(4mxUiqMYx*3&NSTxZpT^5eiVwk8zQ`fS^HV zD$qqex9kG}5>Y7R>WVabCwo(qQX_7$P`>*dEj_5LGTxlMK3FXB|eGW zb&6%(hZN@#TqKPi;LIu^6vG?(&UhfIzaTX!(Lf{h=W9=QK01;J~u%=;FgmBI9NyPT*PC-Dr6 z_Um@FdPZqEVC~*eY27s`yX`TrG)pcMQLBGUwyf7eup4y+?Y5z}M{31m_$#gashzbe z&bQM>YK$o?C4WYtI-5CHJ=SSI9F|1`pBSh4z%4MOjzck_ji3)hK%+D~zQFbZ{3vGu z(zy~B*?<##SJM^UXVBGD(ts?6JM^7#j3P2X?~$66Bw*8ChzHuV#V>sw`p<{gaglUs zl7zI3Xbj>GT}{M;-kpooq{OF|RbK}EM~YL4i=;unRfrhD8D{G{D28w8JL7@MZb52NqETgskH+_}LU5J34zTc%Dpi(>pcj~5v66qX zdsWB;`37=>mHfM%^&yN+cm=G~b2YI4@6;qv>OdBaV7CoKs!t6nnZ@K}cDz{OF0cls zo@SB?fjTb%o>J$_40XONq|PtE>#-qixi=W)N?OT{@iJC|Q$ea5)amIEuGC7fVYj`9 zR5?d-Ss!9v*$l~sSjkXyBPfX?+7KJ!y&%^%ghkvkkE2NcBQ6t_|^Ey>YGhwhfjw7OBp0xJZR&mR!li zPqr&R#)DNwG=^qAFs8ha7WNen zR(a5{CR!9~;9yNO;vTIx{GOatpx#hu8R?7Wl&YUoUNSyETei7+?orZNtu@dU&K?xV z3p+V7*lk|}*~FJDzGj{{-ue;Ncx8*NjN0D(4PK~D*@}jhcpRW!Ltk9BV&U0%tRx)0 zeFJ|GB0AnD`l=$@ADn_HZ)u4#1CsQJsz(t0b%O(7a^)HPOCGMvos>;Br^39>93i{NWASxSXWUlU%{23^j(z#K$*}PSljOc<$-Y#mg zuKp9b>C;9|A-hJq5r6;^5~~tgIX>FH7^7z+>BJI!k$`YyHhZ- z6!v?@gN2=}qd52oXt`7-3?}S_R_=XyBmpJC<7s#-RgcHYkudksEJCtjhPrp&gi)<7 zM7O}FoA|M&OJr{et_aa$`A0rDS`oqwI6BqCB#g%q$%Qylk3L6)R2*GFjy8qp1{_`I z(Iv9Sks^f2bNjiL^#d025H518p?|tkx|;5a^`KAADj^AmKk7Tls z2T>X9w*C)j6_7n%s}|8i4XGaehE#oiF;r_A8}j84-Jl^CdUT2GHKZa$jyP-~3bcyV7qzFOIzrpxn??53XxJWtE zt0bqfoJZ^d9QLi*B*8EcFeC6+LyVdvE>`iju9j7gn6nlaIT(>EgVLE!U#2RuXFB8f z0QFsHfmF#Uk4a1G z>^ETauW4aF=m2{QU`rni=mrw#ht!A!iu(h01X7&|xJco$NUMsF3=8$0@h-d|;C(Qp zCM6oX_pJ&1d?QkvHeCD$f=V=5IXRB>WGem0aYibiB=H%x1S!r8TnzsHWqbUsv~vDs zR~LhvV)ozoEnT`0XOkGiiMX%AUkz#1^yH<2mvOjQ#oxx<{#C@Bjkw4{c%(Dncs5ZP zZovI!{M8WJDjoy8dl7Sff{Tx5%_a!L3%KvXUk!n*;*U_5-H16K;^Nmu^~C{BZ=Qa! zW)q$v`(bQV;;)7nHGgGl@l|O5zDRRwaPbL*_#^_u4BU^wUk#zH$qyhY=Ucf8@ZdDz zA~EQ}4Nyx6&hRaLXFQk_wjebr@zE&dd3~XZzZ33bA=sEghk}jxiB{D6umbWA(*VB9 z8L$cb7cw(`FOu`5kuY~U3uAa#-K+r(%~r-MqT5}IY26*==Qn!!3mcbN8Lx^`b%=5S zlFRq>L9tJXj4z{jFVIKMfL|hrGNs?t0DP}Gk|}*a00|>if_|?j<7tt<+Tij?O;vLF zOh+z1RE1gtB$v-dxO{|M-YIfF4snSj8L)N#NLta|DF!O0^f{!AyE-!U2d_|y?(U9E zeZ$L_Ox+V^>iF-lJ-3U*)hONz#X4fQ-R?1UE7}tSTK9@<-WTX^SDkE?e}(v4MdHN} z{&pX~^if?Yg@2UBpOnX?#|@(Y&WM_PPgFlD6TBw6Q4Be{H}z)Q1y=b8mb6YJYC+Qr zvtufTA07>t6x;Oj`B}^X`~b2X+w{Wuvdnd&R+ahG`Eqv7Xcc*!2xFVxKYzfIl~^CG z_Yy8tuT*7h5M7FA6XNajrR(Q@l%#Mk7lqH1llWiGx5ltIm3*B@DUvu2ZH>Q}t==f? z*U9#@$8^V|JY?@jRyjGWTv%;oG>IP6>dJ+~tc+$aKHSP^@!}(_j5S_-q?K`&ihskt z#->2eMz4a9Fltg745yOg) zf@GPDTzElpfQ-C<{$2J6#D0vw)uV8+{wAMU)R}yCHci5qHTf8v|KZacxXAH_PIH|9 zAqGO?rR1&-cZ%$!oHHQH{l}b@UthCUs-Yvvnr{oRteD-3#*cr<0O+pb1xk~A>XC6AT&#n$*1 z5??Irn}~B8F1}c-5@Im?Qr{U5y!gLGYLaNQ1u^r&QPx!H-^C=5u1I<-<0WUBGDSc z$LKBt<~t8xHG*>70(`KV_tdsNo~J2#Gp+J#Nv|05Ux?mhpWeTt^fW)kq7PLa^Qfv| zv6!IfVLp9`^s+^w*HeLjynP$I(Sy{GlBjcb0N3;;ap0x0fc7UHo_=HI8P7D8z318lq@NtnS zd^)HxmJynto=6R;1iFzRydx4vgy7)=*YL-6fZx*@@E^nz%^~=J{<;qEPY`}@JaJP9 z{<}W?J3GK%MEDouiC?FMf2{-j_X+>gcq0BxP~Yc#`kjy(t?v@T-xE)a2*Ll_ho5Z1 zA3u%ocf}KnL-0ZSp4kDuFX8WqC$32ge}f5McuL6Iy42_6cYw=-`E+Z%T=|#Pudilo zizn6d0;~Ki>h`*L{=Y&c1#h1n|15GzPYqCSpQo&;OX68)01pQg*Gi-NYw;f3MZr7M zYZbs{Uc$z;(g+){s;SA!XpP5OpC#BIakj8{GyG+XK;LP^MGoIwm)cu#u}WAl!#DMv z@j<*G;Osk6lM)wm!g4&&k61htn|$~1;itGrg52b@&yoa*!mwB084n2l1F1=g3xW^f zK@z+dCxOJz@sNj$&!JU9Xog`(_CjEnj6-TtqS2;!_DU@ONMnvigG^Z^gko5u?~DgD zE0 z#1oAn{J?p7dlX-nzrw@ULDA6Yq06JkqgE8~lV}To21th!nw`cs6$!xMG%C|D|{rZhZRRoXD6L&s8Ma z^fG0E!oaMlm|W;#+;V~H77bR$N%53Ix=y7j$dlu_EDM;BX?Y)3s4kvyBUtwWPISm% zw>=WB5O*>qw{`If)nG?i<^S#q{E6|5H$wQ{+-SEAdOjkMjcXNwiShoN5ra-WJ)X&p z754g2r=A?{)a6a&bX+_!3pBkDaC&aIBww}0#fL_w@^SGo$`Jw1XOQ0Lc;fmHy}&p1 zOq8Bhwb60?(y*S&N5^GDqCBhodeR#dPy97RuhLhIqhE+f0_U-%Cvb(PdwvHl;(x2b;NGl>hYlMEyY5gcwfpW zaNqQakM?{JR`~!@>=DoSX^3L8Px0+2MXet_;`%3~w87FNUPXe`xboSg*EODz`enf3 zLZ9A3r23PBuWwxqdR^o4*H%DJ$*gO9iegxQ?;xXFsK?fI0m;(1yCGEI5q^O;cm*m8 zP+M%J@!pDIj3_ZOoEdi?58~5GvgJDWrczN0LvF~H~wN!;b27UiBwr( zZGkF$;j67xzKZyE+&v0#qxf1)ZC_2T@>hxfK`eJe2*1ha|4t8Isl-vL{10No zRkzWD%SSQKGiH@vLwW~dxxWt4`;t%3{*|teqNhjL1F<1gYBZ=Cg5LA!VMM)^@_j3o z+Xt9lD0EcJZo48(kK=`6@U58ahxqXQTBQPS#dNoMU)vFXk9i}ivLoJ(X*=S&@Cftg zSjcQB@5`#~izRLkvC`kK+RwwRV1=g&-WTi3F;*@%J}d?P>#>Z#hwxAK@rV36A{sr} zydLYO@MkJ|ug9u&Us0lZBP6Pmu%^v;KIR?+N?z#ZyTpFu(N~kt%jYRkJ+EXBm)Lo# zgy&=9)d=&H7S%3KR2M2yy&Th%&zlM;rf>mVU8xV z560Y&LdOW@i_PEL0QzmcEq~-0QFmJ~fkhi;IiR-|H7lNVx zi7;<|L*E_iIVMLov=Zapv7!7S1zL0EyV&sCV!3aI=(TIYc3bydx~|I7y_k?(dYTzHF z?F(BYC11gkuZy`mLnQ}QddDkSHJ?|d>tfPVY*gvn5yHzz_|lkL_)<`%{eFL6i&TF+ zjBR>T>+Gefm&G>iK2KHY>t2<#&R*r|g}09QMxYlV75!S6mC5g|#A%xsvadv$&Q@Hc z&HI~*i1AB?7=Ehnj92o4fYTC4O-g(k^g<#>?F4#xI)i2$xS48&>%J2K=H4 zQ}LjF(S*I-Dj^|;;lT7lqmI~ZGsE*m-yiDD3^>N6bBT22h&I$=s%30A^7b{XkuUm@^ zKmN8PsnqkA39BuaoRkkDv!}-rWxok(+*e2Kw#i5hF?)Zwi!_AFw91pDvow}i9HP_R zm)w~i9W@_ezWGxL;OEB@*M#8D@ZoRh0RIf(kBVhK9)i#I`Aqy)^Qq@gDY0TC1`_kP zwCZ&!N7$^6#_cezC*^Ja}P~KZ34Cs+5o#RlHrTezE=> zred3Jx&4ymD%B5lz-(iTq?1M*`h zvC%!;Skra>>3o?#ulo7pbc6JnjhJXCbqC`&mzi zvO>exuOhXZ#?rSrxu*in3wQaYKajTci~S<*3>6_uzroMCCzKT`{ozRIeOdZ7PR{Q` zr61vI=j>O~)jf_>RrhN{Maa_2{jBepS!4aI>qA)~#%_)yfD>g?9WK; z*eKWgMXU=IAsM^h&)Q&S{mRd}B$O3mY*U1>okb}6Bqt~L)qt^OK4bHd8e(kgT3Py$ zNLAy-X-@8u?aEwG35%Rg%8t8#t=f)Ml3g8Q#VY?D%be{bT0>>ttfhi)Vus7)qPeNL zk>GuXek`qZW$DazMyY4*4>{h+CMVM5{VwSr<>b5`qCed4sRREIsnadme4MEW&`eNO zndRtR*~r*3BO<-ySkiPSF%vYs5FEv62$$sBY}1{-{yJ_5@w+&QD?<3w{N6I`k5Nwb zYP^dg5cpxroeXtkbW$Ukm;$t5boEF2oti;ayJ23-dCSw`Uc!TVNk2k0rSEYX={@W9 z(ikUGm5PO{oGVza9KlCfE?FElc1^+G@tJBc5K z@B`^SnHIk|B;ALIU+5(MlomhZwRGhdhVZW={$4vV2#{X*ir+e!uZQrtnWYqSuPrMO zw9YX_fYs+kiW2V)I#fYC8ifuqdJ?GTjiZd|4G|D4wSrb zwom`UF#W)v^`za80tt>IJ!MO8Bbv$@|8@!#Z@2BMN%3}Eq`6K8WrQB^Z_2WMLIBzM z7?Z73WVysBVYv+Z^quk1DhX?Z_-?EbNFD?1-S#~?9pBURV#U+pPbvVE(-#+6EZ?c| z%eP8Mg5fBAXFTx0ABWVW#K$6J{PV2PdfQ$^*r##vDGr=W}eo#+Ea|H*9&d#rlSQpJX882X-z8BLDejyUVLAM@xp}q-6S8E{o1~+u<82 zA%hGVd(@rr^?v96IZ~74Rvu4TE+bnnxYwSA^taQWP`dVD9A4`T;--7s$ z?faN~Ka+!>WU(JvRO1038DC?;dmhw#GSWr@!Qen8GWqqkj9X`SKS#8c8R(nH7RkiOY{b5Y+7KA zzm08qzHL_$XF4uMTb^&H=!39Ih|bWU?~LPR9~tn2m`F{M28RA*jlAQW!*UXDwCyX1 zb0aPW@kYBBotRb$(HVZG?~G641p(jwMrx8YNc@}f4$iM6@#VJtmc-fDf%tN}Cq0Z- z3DFsP1I7!d>Ie=PA~i`G=sU@Fc|X<~Kb^#v+V*tfoY9f^Qo9Q+Bc<<4?O}YdN=S?0 zN_}VC8<4T@htwnqvKq(8`-0@j@;=uZ-wbc%&vJJ_sJ4kJ%-o+)gYA!3OL56-brl(Rd7FXdvtOck+WEa@~a4+XD536C8+DgKK&I)4e_tdr968W zKaAz?rKD_cHC8~(j6&~On@`0d^XV%r&#@C5L*>2Tm-p9bd3y8Cv8z>i+OAD_^!164 z4Db15Rle&zFHp~!Uiph*4jkQ%7dgKEtS%C_V2v^Aujbo9nLjHeOK3T~LUWpx`LjOi zae+1KNLJ+Ig1Nx)!cZNt+ggw+<?7~ax%#)B7r+mV_izHILGr1!8LdmAV@xcKy}DgrW8F;9o!b)GRu zO%jb{3R?yTFhQFvMt0eXCcH9n=UBCcI~QLdO$&OJ54ye911E5i5855JC z0w7)p=uSjxk|ap?Uz%%vpWQAIh zC=9pjJLAD#&;3YE5}(9MJlNlbV1o|6I}BU=1PX2^oZB8MSP6BrJo{vo5QAYbK)kR* zN1*>mO_BuX`VZy(SZmg>Ubf|4pMPoyWvGvGE>dOvw^vD)rTV+qk9k}^Vr+P|C$PU` zUry{BaFK!_u(tnqCkp4GGUt>=u%9n95NMAE`14)+IX8*bABBH#lEKu zcH6&^Dz$EP(L1J&DumAiYrK7k`w8e}R;% z)|(j>P4W>I(N|v``(b!X}eeCmy-QT_?g#9fadw&%BD5bOgM=0z` zswQJn^{BtI>13}1tK~O{oQK!c+_C+<54l*g=CiO~iK2f56%BN)7gA-L>xx>lrV_k+ z;)t~1$8`YjP4F&mQwY45UzH0za4iUHa(9f)Zn3?I;5XwUI|a*D{jIa=Z&gHOct+nD z5B%%DLu!&F*x$Y*@91w1Nf+3EAh+*=8-h!8U5(( z1zCl=LUfDthTf0zOs%gJ(4xdn^jfJR8I5wG!d)Nr+>}Yi;d=|4UaLZ; zSK&LM65sV}(%_eP{3vD2U3Y%xzTNE8}Ec0^WYfb@^6`OWfkIh_xc(d=nSh zDyzJRT7x#@k>P%QXFM@5`qgBr)MBFgXmpBoyt*sA7IZ$s`GVR zWO@0>l4>s2%Wnl(Rm5VrQ{Nd67SxX+H7Q9z&DY_9%b|*VNanQ={6r!l*lmA9s^sC> zY|X>{Fp57SV&X&11GB6WLNW|QvKNBxH4LdqiH3R%Jkc|(0XS3x+ij-+2FpZz2=@Fg z`;g2k5A2c_^im&mwGX6!bS3G%h^6zky!wZzxM%5wgf5u31ZENIOpRcd02>uRkf5?gd6mo z@ou~z*lj;TYEq&>nAtABcw^bZngPBY-bP?6DOO=mERE%k%^D}hWUb7dks6j&Te>)9 z119cTNX{CQRe}dmX~mF>w?Gkb8OabbWkjh17mV9alFc-!)s~V{Qdrd~f@Kj$l{G^q zWanF1S)`WZQM0VvJe`(@G&c;LA0;2K+NoI41+yepFv2J%Rbd~QTAb=+7i3H-`PLN4 zR3XzMDMdLUDmB=nELLbevRH}Em9mN@6?S!MWv)T2R5Jh}l7TMa$6=t<)#n^6Qp`#) zWx9rvZwjcJ4=0<$Yl`k{F6Nh$BP9}p1H4EYG^9trXUdM{W@V{nWF>m}382q}-j}r6 zfMK*xScqi0uTN4k9f-SMIKwNeziwN(p1Nc>vW27`P;TKl{T5B4*(yn@1q zM6*1Mp;NThRH#N%Evw6^3~LhlO|%U)P<0uE%w``J)`N+qwdf|pWnTc3>@Nq$&?K;sfPx7bAo74y5nvfOCwXDgS267jt6pbmm10hN2-BcwTYQ+&za%_Gz zUQF{dWWCf-LI$R1*=!Ab05b}~HeIBV;me;PN1YjJpy>`7);Xv&g<0PdEmMiIXNLJw zEi)_3eWW`dElUeEfvWj2Q6_3jFSk)|@_DRociFB~gyXc@NHO4xAD-F}c#cn9O4aKH zU-GHT@&J)<^r1|A4RCq>;?L60~BZWy(`Fzfc^2tUy@lteS)y?q*>8Sn^ z*RoC?Vabt0vc;j~6paGvuOSmy`mT)X5Rq)S&W>T^A!YQQ>A zkF-*#wpx@ zH27Yb0`=<>wky`#aa7xs(}sY!Y$IxiPyQl<97W@+#l^Ni086%ri62X_l~O2avrd=V zRTxI7vR`8!_*HrMhPur`heOWgHY)DxC&z#*f}%m))7dK{WvUXtZu=uIYS2w~o2zWC z+%VcUdU0XlTmS4>YS_6Nv_h5$k7s1Tth)x_!TiZ%EP?Xj<3G069WeDZTejJ?;9cp% zbrMwRAm<)6QhwVW6RPufLNMgNEXgMRZU_cs@$<^IR9IAq3VXfLNEGyDBTWfoixe^T zW&`obW@XEHWBv^Rrf#@MyM9k+d)p#TY`oKzp5@j^h6~Al`wzgAxo&NtemWDS?sM|x`YkVw{>7gb#Hu~%cHK# zE5oYeHoxjKp-A2c3ePsuy_%{@+<}xMQ!{+yR@*XnLWMZTP-b@_UM;opZX1HJ?!i^f z$M+(K5chd3NTzv0hZtBt%e#Vo0QCCireHC2%{{(zCp#Zz$_^@_>@B3S)2q6y$V55p zmtod_P|Mu19twm2n3b5@Jym$v$Wh~km-~~nxg2mG339+YDatVeUwjKP{GxQ$W1fy9 z0|x_CgR>Trf@<=|38TjW*$uRE zvE=qwe0IIrhDHAxDOp*n!^sLT@qg^_3J00kPO`^ALfBIEvZQ!lwz>TMO;EUGKRgQj zw!?Iw|1fq? zr{^jJpZ>-$;0+^h1KG16y|t$vZQcpZU`WF8DZqx;M2ZIuz2C^3p;zHL+xiGwrVf+_ zUIlseF1?$)n7Vt84lmVnt9Z|-OC)&S94`@GrbsZKJqMNtNLe!LeUykgD#xn738 zPcoj(@%92E-=u#idfXNW2b2Es;Y`F${W71;{?N<7H}%1F8qrN(oa@$8+G_L9x|PWCeN-FwT*OE&RMd6pXeVV8%f?`Ij$X8$nfcXPg) zZqPT|XP80XY@abkzRAB?-f{!p4-|P?n zZThDC&HD8;>U$`7GvAzlO?i$o=$rcDeM`*)I}|_W_+#pmIX{@?nf=>*K2&|o@=W{M zEdLg-V)|~%$9!I6z@Kb9oAk}+hmHQro#}8e>-$hR6LGV@{7}E!>w(SjBKrO(qbXLG!G+sHTd*&II(HGi1=nD&z?e;me*1bH+i zlw#7G8p>mItnqBl*QWlO{dtv9zL{_8>!I>Zc$0sV-$UvDkB$17_VFo3zG-j&$jCp& zc%EcDUvJ36EYE~LlssNF=$rP4DX&Tc-qh!1M!qROQ-43JzI$JZ^NKOs?@;<|*3Z;u zGvCxtv;5D?{}>Vv8OX8lGP zk4$~bHTX0Ag{FMW`kLc^p)uZ?`fBofhEaZt@oct-slU$} z@FyA1LyYG``8P~`JCyv*@#C|~-)x`HtIwvqOno!U8)(SKtdGghBm>^`cbWa!EYGB8 z@@vYk+9>afZr>jn^c#(5lYf)nvkmwnX>d-p1x|u zlFEfE7dNhISX{Zh;j}ZFR;^sLdUd6~53Q;=r{Y|n7*jtjPE+F|5}dDaI_G&aXO{Ha>-eIuYGmnlEq7wHmqE-c>b!@O)9IYdHMY2 z#wAPC)0&0LTNsVu3qg$y%}W|poZ_0V^3V=e9G^S#QwX)Nc~xUY!^-8%A;E>qm#sQ& zVUs4xlobnC2j#6^*g(Qyj9F`zEF!vm22#VK`S`+o!^&kUWyPvBn#{uG%U3OuB}q_? z*1TwuN66>IC%tIZO3-Rq)U0Sh3}7vwg0JC_fu$`g7X`9vZdtv238f_=A)AGetHNKn zykQxIcUsHRrBXB?U_fb-Eh`&VHZ(T?;oK#Q(^O4!&DIJ^(70YT=2L=_xlmI@Gi7Tl z@@SX&QF0LPqNe7>&_mV+vH1&6)07sSwdnMPjZF3xW&Y}B-3I8KklWG*HUN5Zh$s=H zh9f5f)IlTQUKiJ}vYB9uC}kx_GSRS#iGfTS=Pz$)l7OnMm!74i)O1c$^O6FGC=H>rX@|0=0k}s%?-;Nn$M9Xu2|T7x{N52I=UDd&uGJ{CKSTh%9a&N8lh!= z%SyQu4%Kp{q#!fIGgaj&v!qN$-G<_iok}GrIMA#;t)*c(GbeE5KMO$fsdHKQs@eP% zr!_S%Y(_h)1mki3{OL1hPE%P*S3?OwmTWLUfhP^syuw3TOukwojNw56t7cH~=7tsQ zN+2%Jhp1>)H4q{{ocmhbZg=u1$%M!XXFSdF+eMjESD?tI$uDbn z%88mG#)MJ-$Fki55!)xSw}^@jBIb@4#Vr(1!s%TgG7}Grl)Fq6Z4=4y!mby^v2$FE z3voN))(KozJnFUrTc+&5HSY8+z%7B)?8H7%u?G}^wFPOQIHW)fPP{2H_lUx!B6FMQ z;`S8Xw}~E`CG{2&i#1B>BH=cR;)MIYq>DI8y6#Pp;jS04W-+*4xF%%$Qvwj zmWs~HM0TsN*N71l#n>HU>W;W8?AXN@)Qa-`!gj~c6#Wl~LGD~JaHc5OFA8_CDt)Vj zK<-Y_cczX^p5@kxj9BJw5o;ACEV~ZPgBvPSFH&nozZNl>&)Y83 z?{!c-v{(hYvlACBVrrErMYRAJ+bNPQB73_iTq6bnZ?gb1NU`f<$yza>T?~eBXNn%~ z1ku~A5Q8U5d1Sej8lro<=&2#bO9)7<`+m{W8D2mEdeKP}LU{3vu_6c3aGdIt$hk^5 zsENH^l(!>gP)gV{gu`auD++PjUnvT}s^cO)K8Q|01u9vmguBfJ0|~cUbdILPvcPcV z4lxX3M)CWpYn|r_dykkp0ctHWpv;?@k_%bKUY3H|jB5;fo!BEEcd-Osgz5(w=m))^ z@!7cBTcF?Px~&9(eka`hh$X1$VCI{#oOW^KZc)c>HB;of^F;aW>?Pe%@50Tf-MpEi z59-xvyO=OTjBFN1%oF`Li;4=-zgcwJ22ysSLUd2Gh;C~{L5rBll)0jqxAlU3(q4y) zgC;IaJSqCRN6T(NvZ|(1HRg&OLT(d->P2TTwq6XKiC#Kh36g3a9_{TA0ZL%Y+S?~0Ua#U$ z6J@+O9_iIPL_xd8Y7xg`Ea`)B9Gnp-A7 z-%@)-!3NamfQW4q*-lM~5HE>hRH|9@S54Giwe`4JqNqi5T_;AmSBqkdC{Ul0T|)E~ zeFux;W?tt{$_6ZF8)jwPTB^`7U*>Q(W|PQ!N{r#$5KBD8ytyJT;r0-@ zJ4J6iV$`YJBF40eNlQ6Fmb8eBW|28hq*_InrJ`S*sHqqInnaiFyh_?X6r*D2JjJ$g zn^B1@H^qvioIYKI*d|Krh1erf=)}#^9)QLX%XaIlVr$%8lO~CbzT_)+p6HA#v*wbk zguBZ{cS<F23nAMoH|NmJ;+g`zq=Kh3axJyotBBrR*?t!?9`ngZ@b9Y zCW@Dd+^0ktdnei*w;nSwE{sQitql4|`Ajijhp5~pDkeZq&|(ZQIrW(5aL0_oVH2&6 zd4OE>+(x?S30;r>%v~KSS%6B4rApQ7V1b}P zw}{j=qMKxVY_k~ODuz-@^F)!79PLR6a6E6f;u1^LiE4SDClljCO?NUntdW`#7xXot<-5KQXt=&sC*IkoVI1%06AB)`(JF9o1D5b44jg!pLFI!El9E zjrBq_TnQV6i`Xhx&gpX2eismInuP1cL@W_Yy6s5!YPL!AK5&Rym4I--w^?WAcKhU7 zl|YHQp;l}DmuuDcO;xLIR3ot$HSXA4rC_~#zYSx7K2q63KhkUVh2U>@iP=vrn^UqMP={hB-ayFx=r-jEDA4Tal(Bt zeQz|m9&rGJ45TyBsVou2r-_LVi$2pu=?=-?W@*nliI?yrC17x!7+NoSt3=qga-^4O zl6{QdoJyUg!h57K9IF?jd0WSIC#IU7t;$B8Cng}-UMGgs(<7SKa(TOxcrCS9S8kuMnBXEnWc`#011bCs`1cpyej=1p= zx6h3|A7Kz@SBW02a(0AD_5g@O&N-bAk@vYW zFs~KvHzyf)r7;pf~XVbn3Eq608UZVav^`aXT zn?1+@`7#IvMsji!?0NWC+}PQ3MG2N@?zN(5j%)`9zPp#yPzF!YK&-Whnt0@^ z>g1SVBZVBel(gTYDena2om(#oc8if$i#%9O7?iV}F)5Lcl%qt^AHdlFh_Fcx{2tHm zVU_j1C~{XJ_d3xxBur^wDFcRvVsA8v4d!C*Y82)fgV%_fy`QS4SY8zEgj|-1v8Wwa zJF0pyXBZl}eiOMYny$^*zF>2W)Md$LQNsNP%KoOP4wdz(*@KRc=c+FUB87LYdNNGU zgX)XdGTpVluw@49r8lIXyHia5oQ*TiZ=6ClPRVYO+%CqQDUL+@#4@o!jm6G1T4Bb|Lz8@V{`>8v=rm1>akd&DkqlW>hOZGg#9TF zBWT#^sB(pLiC{fD@zYhh7s=I$kz2%^UC_0iVp2z4lPl3Wk<%hN?G|&6)Ed_ZVm~|3 zxH$=|5YUnLiV7%C83q{lY2`?27FifG>Z{=Cs27uV%RFa5Dv~J%Z$RmAhQJYmB@h;# zl>nZwTTDWN(+7Ue4QLAZuR(MWT|JYbY181qnYmlo)mX&ufhUqKYB)e~HAJ%pZr5@M zh_rgA+^f<3dhHR_yTxRt3`x1aMT%OTq0^1rD(1AxQ3XrPLO27u!#&FS$Q6G+{6{;m z*sByJNZupn#LmUs!IED=T>EvO5d*L|$2e{~y;4+KVB5Y znow;b#5(N~g;Wty4p$}8;WI#@yEF!AmO(xR&}n=91nCq7BWU<4=s9e$-O?e(X0N#H zQw=>`>qV9`DJ8nVVYXSSam{8?NhKSjO-07b;85jaSn|1`{G3{h~E#Lj_b*evH!h+1|_YH}>GSsHLOVVDRL zW(03@1@wwurDuFEh;~V|3OWVhm}TAIVxVmoyB-(XeRNs~SXCZ|5&EBlsLF?oePy8iplR;8Srg1tBXg|`V zrZ8zo!g0VymQ&#mF6El7bxB0rCh9Nt!!E zRjU|}cALQ6%F0$TZZ7NYryoB7PJ38<&|CP$wOcqY-NIP3J2-pR$dV z%$Xu~BK@buScI_;EE6-ZTEfkC`lrOPGZBYhi{{MO4IDGz*JS5|e)Z$6RoQGy<^PfH#KyL&N` zs%DY919Mgd7P7s^iew+GNCDh} zQSZbK!0=%LxUwT~5BEfF)EmWW*kuaA%DbsXnx@x?@i205t#uZx{;J9JigF zUf5=viA_Ol54zZEn2C{QAf1(JzgOyYf#>j6k_rI_>}r@!8NAjV2D zc()jeZ5qTfU!vGE){89Z{4Ro1-WgIThJjXmi_)>po_}0wcAd;~l!9P|&-sg*AO}CC zj!@K0rd}mV){v)!GpImxNj#`l=bPo2g*8hT<|z&13IPKK4Z+NCv;KU3s^{aVoj zzT%~#aF*zdp#)0$G7LfNf?#KRBscY-^%d*Yws*U1eY+iNq%B;ZLguA#-eW$ll|B-T zFcdk&Do3VWk`Jf0no|?EQ&8Sj+{B$nOU$2~s^Ky_H2?ss`2njrm}^3s^LE_Ey5>QFeUlUh+ohtX#esQLp1zTis4E zOP{eba_^<~V||ddo8vSV;plleTX+>)oX*r{1K~4~!z2ZA>m|AMidFGn)Ig3|nOG$MWx~wAyedvN>cI;dm7$uG?_p2Zs&nAv1K> z3^)<4fFhmY$U*4y)bR@zSsHT2u=J}KP8-tstCTAlZSJ3B*>J2*5CwIduX}Gx3v?TR zy8A$VG*C{I(qweMQXC;!mA8L%#V`VzmXujVew;0vH zj!ARc4*LNB4%Hvu=+ILPVg1>aO450UD#FP95pui3@aXAQq^;kZne1mg@1gSzMR^*1 ztItl+U-zw~aKgI%W`Y8|2#3&mrBv56ioXivyMcTUkGvtGuR*-gk;EWyIr#4j0s}k( zM*dqd_@zY_Om8>}QarH9=@@1ht;zTfwO_GACdM%eFj3l%*g8QR3m^x#By3f8CRRPO zOGG}5p?YT^$A#=@W&aIPqz;I<+j7W$Yz*vAqYXQ~D~7gm$aJnpuiT(Iv{Az47z)^- zaprL%RPu-&BEDU9UxVQNF`V-)!}*bUYFan4Z-rC`T*6#==r}*B^^c++dG0K5Q6Y+9 z^zD?fLO2lL74SXe^5`OD`3AgKkBF{LZLuhN1BXwp;d#!&^#TT1r#498EYW8>Zau^Z zY$G;{I6N^M6thMXy@uL{x{#p(S9Z_<1K`i;I*C!?+o5LV&=Tyc^xv&o#}Mro)p%~C z^&*2on(6z$#KdRhA;M)^QAHr`NML<46n;LO@rA)B?Z!_d?+B5{G?7s|aOz4E=@iw& zk1%+2g&q#Xa&3qN%X}P2c7l`?8;~S zM8t<;xru>Ep366IKSd=!MHMc?419_8Rb4+^XZvFYO3TnDeFVG3Og%NPA?AKcf= zK8?X*)N~{IPw`Gsu19e0Du(Q=XSfvaxP9BzP-56FUqf!6c6h+j z;%-82=EEv06>Zp;F$PunSP_oeb8UDuCW-hOjD=5&_pY2nV2GK@O_J7NR!!j9UH*R0ix6!+k0dU4H(cxmRSc47jYjkWn;|>@Y?F zn=p-)U>Z$dz^-ggavPwnb%jnAryc|Sc>ok*P>#dvARUEsVPj%-?9`}LX~gd`&&f!l5zPF@!#Z45s3Vw^LgAg#@B*d+!x-#}?Nq_R&;aC#MsEN=9}15_d1 za&}^aNHC#J)XsxO;0zucjwyJdz;UOE#0DfdKNcDPaI%#oBUSk)h{H*;59USi&8&hlKxF5Mul#BxCB@EhLHYxl-H&A={$t_% zL#eHyc7NqyQ?mz~t$MJ@kE-=wAp1ht2Eo*h0i1LDZE|jZOvDFaw5%#t2B*=m#;jy; z{KadXA=A$|;r^dy{@@+%b2X}ABYhusRA=-k{hHq+FCX&-hW|e$--&% z+Q8=R936a~1VsLRQK7v$#;o)_aw~n)HPRMsP!-6bCcTw+4RS~96rE$#6Go*58vC_aZHGnxR!_`!xt7x?Ov#QNU_@2Co$@fGa zO}>JCvU!glM)HB|a@V6ic#G~$ftMv6XF!37!w-ZP?eL0K#@|Gj;piI6Jcc8hupfFN=lK01 zi-)Dq=z1*?p?_H?4odlN@*F?j2+x3*C=Vuqdc$_EswmEqxEx`4Yy(o1+jcm|%XN*L z__D~EDSGb~1Dydl9gp#KjC}ht$LUoha@UJu3}t8#oUpBc^MEIchv4-&?5NdZJi=kW z9RlV;FKlXa4}750r%2Kmp=tCrXrLSnekoCn6@jMl4Bs*Yjq-XNgBl1LIBDA*r?3PY z1zXsO-QLn5BK3b^(+*=X4#XDk#(_9B+Q*|S?mG)?oV#=16hoVMbc8Z+mf?b-wpzA1 zPRpSFohOSv>o8tc;UzKAWv6VBZfO=0w_sF(lesp%;y#(89W_PtUnd0GVXqv3K`?lW zKf?c8(&AK2T7;Em$WgEh-KPlFa;ax68#A!6Ap1PIcy%~jveLPi;R%4wO_e$)7q|x* zmy4qV`mZrbXJV1m8%C^L1R1C=qVrGHpJ6bJxxeI~Mf2Vg!(ZlEfq^){;HLMvaz`uV zW-&O}0S z#DCphec*pbQz|-WidXPKHRW^4`#*V*COu0EQ0JaT| zu-7T`*r4-Y@ZUscbYrn(OdOA4;&8CbC-7>gV$YZx{)Txe4xdi3H|uwa&aC+C55$a< zkArB&srRH~JSvP`Lhh{c6ku7s81oPeFueFb69&9UoQ_YHxWl<=T#5+~u2!6HoC~k( zPU&?0r?RYY05Gf?Z(@q(?k$!`ENF}Jf4k#^vqnwnhCM$KnuIrR^rGEZaC`(Sw!}RK z9;ALn%7bJ8{0sne4NilyDDuV}unqwE0O$<4B$Osc#2&UN4BCH&W!~>09M$wJ=Lq62 zu=|nYK8#k`BJv)lvkPA{aH+Ei9MWFTW6!y_;q>B`og#au!13Y~j-N9-wqE3~7m3)} z?IJUV_urjw2Y&4L)2__$?ipQ>)&3G8!pJt*l@&~z zn6Z+(7P+|(ibCCTM(*9{Qw8pwqV_l##A_652FOz=yudwM3_e!c%+ek*l;fvRCa%PN z?T9R1ZuAyMP78d~Sly*x85w8beht36!p6i4H+Y#2*CYJ3bVRQ0*v+dD_@YDi?L3H; zDGy?$+X8tED%O8LUefVp92qPBh-}yW9;`|XqOqh?gN_ZJp`}a6%G8{Fj*d@>Y`PGOB>85*Q{ge77dk#&#+rMKxANS#`**fUc6({6MtN2@xZ$` z{C-+#8+GA1#-6AP4>3ZJ()c%aP+GZ*4AWXGgR$(v2}Yjq>E=tJV5)$B1-TcM>F}}N{0TNnlZk-k8!u#er%AXRdMeK=`J3U4jmyiO4)-_l2|)CP&mkW zU@Q|Jy#0!zF%dk3epTlF9z)4Q?L9F7+Ci%zmV&n;FVwHn&fgdL^LMivT>o!R+@ynI9Xh8`{X=eC zMmHtlv6U07F$cc_L!M{c%>l|7<^BV&NMsV~usLZAS{?i%hGKsUY|^^zq}};lqiz-Y z%RBGHzOSldSu_{BjBv;Id{cCL0ER}D^7R=Dp$hnAc8URdYBBr-@aOX+M3?k?3HM@t zkNA@!6Hf=b+>mSsABEvly9)MOFH8+R@udaY3rm;n6j`vpeRpnTy4nhpYTQn^@RcA8 zgZ4V)j@^mZC_Pn(;9iI0G26s|x5SVWF!7(I#FQCb_u(*>e1*@(9z!X1hqC3nzR7JO zQHy;n(W8;`H%6bVYT?XNwyYs&!~1ARql2CqtDKITcn2r{X^oL|#qhXDjWe~tNv5$2 z)A=aUV@i9@dgy_F8y6I9JY~`R8=RD`w-tXk?(JmMi*Dy z{3yaP-p&AxT_n%U@&l9d_<(ws)^V38PxTIwx5nS$hvEb~{DplpdiD zr4mLVX&kbVw)i53o=$o%&M5jnbvYX|ep>6#-J~?j(4CIvpJDDC-2a^3IP4Z3FYy+V zIAW(N-WW<>gZ_1XAKo~Xdk9T3>eEuRg#4)Ze`a z%lYjX7Axedd^jH_57o%y;@(CaItV-(xrterH#^It`;#wXW$s!C@?rS%gm0C=Lgq)znRE#F!OKf~FTTh+H&B5a8%WGtayVK4-A zP({d!?(*D*)oGn`{Ac#f8NJ&Wj*T_dI-bf@6M@mxZ~*e{){1=`?JM{i3%+X*bp^`T z%nbFt6hq%g_dL;MH{3dvn2n!SD?P&@w}C4?O!r;T!rf|>*bP0u7yB%SI<31MFvE7@ zLs*J}F{`ucEgzqYOGofJ^a5sxgA`;4dd#Q zHpvaE=eHPivf!HtTwM_p?+?gMVFc(7H;uHhV^JT%KsY9F+5jIh!m!hGn;O>+F7l!% zg*|YNRAXSo!DxIpW+cjys%k*}Gn;nq#J7Uu=SH`BAN`>eWctEiKR}PK|7(izU3C3k z*f{Nk6aP4wDUXAe!gq={!|-7Q(V|3W*gLPIk9OsuEpNZ{|K50FsNARZ1{$->6PRWA zb{J+Ee7=Wo-ormnD-bvN83GJqe5#dSdylD?+x0hC`8^+I%1`zsaB^cZ9`FS=C2>QE zo`b4QZpXKkRPMpMlYx6tj*TNv7mLv|#B`pO#z~FoS4nM@Q@JsW{Sey7<9d2@HYWNP zP+@%D9(xwTsnV~keJXX1bj^#1xrsX??FW47P%Q9EFnSAPz2ojx+2*w%80t+jt6pznJJV8d=#HlI|X@B;P^9 zC(weyEh2(Tkz3%NBf5v2iAGcX04kHaA1}9hVu&=sd&uo2J*b89O!k--cKKrT{6gID zLXhtHhI`}}d?8&Pqe+(`Z3`mT%ymoK&=k4vJDOXcI3 zhNfkWOYnm$_)#PL&{DV8MQpFj1|{ z=uw9sI2t?l1pXe<*s)W=1b?AqNH}>y5Bx)sN7v739;JSbXvWcVnn%x{zv%3BOyh0N$obQzjc8o5a`Ch^q!Hueo|OehOyEvc`qW zRfQL>Y@Tu2%+so-O_Rc^u5M^rzND#X$(b$qwI0e7W!HEznxV=bDWy>331Qlt<`ERs zjQTml=Fh2~|NpS}u03vCNfsb~iUtcbX54nSNL7_2Ll&S1-A!Az3M$P^?=BVz7MZM~ z#g|D|mC7Id+xMJ^8#ixe-efY9yg$FvqF8*~-h{ zBfRVYpYZS3>m|P=>3lUCj?&~7kCk9b((iZa;HOVm!CrSYO-Jd&6f=)x2RODV*{UaItghj(wcsF}czm4wZy=VS6`E8cpzh8a)oSgJk-<|b8UcF5|a%;EU z>|qwmajKhLxiekandrj5>-8^x9{u(!*1Y@tJ;qc`F%AnezAl&e>aou$UsuyV+$MH= z$$!aUEs^~}jU34XpC{OeGq*C`3qL8#O-dT5yuNThPy3&)o+fi$$D(MTjh3s&{^bbI z%THWwvr{?2G5ySuPCPj;lLSN6%%y?h*8#w7tObdQIHlEV4^{4~L} zM82cvze0_`5Ir5IfnqpIXo%)IJgx&BJjOJ<9Z=c}1*PRL8IvG!II6{+x>tFJf zIxeBN@C}wG87}w&Ftq-Z9M`&cyR+p3J+0*(ycim5-Y+;}vYx+QCEeZ?#^Fuj57DE7 zw3$P8m@C$Sb0G^c9&U%7;reDHs`hr%QP(WD{<+n0QWa=CPK|V)Uhb2bzt>c?oy$r07O}gF=exhXc`}d*Mh{-uVhU3@otEbcL&WB&29x%Kzff)ai`B$Rc zpNNY@AvvM*_W}y)p3XEZMO;4h9juWjn^B=c6g&(&{VcxVufbu;%0kGUjpXs z*?4*n>odAeZ>Eb5#(A!KdgbnUlH>-CcAw?GJ)&1wtva4*A7<3b(lx?a7fULAi)AE7AbtKk}sh70FH zeV)aG;^2Nn3=1^UT$sB6`J>z%RI< zdBak_$W8jif~_7UbSa8mi`)0<-oYV*bM_{=dYN>}w^A|9-D?lYHO*Kj-OZobWYC3u z&`zdgYxFr5RegSLUf?uzyUzU|EGEnD(<~g2L#{i0Du*Tu+qvxn?0|$2c+`(q?{~%a z`dIenZNfMz1wuk{FQ6Pw-f*dB7^Ge0xWVWbU>A#+sb|D`~_-M zLLt7&&%u7Azw=`j9Gz(8f!_R*AV79rk47{J1{RxJiPxOW5e255*_!TVXS&IJn(6f{ zji?`k?m~x-L4yUYPp+3sMofY6?wwV6;)7Wqrffc4^fA-g!D~>IE=KS>FAJ9sl?4ss zR=oELtv&=qPzZ1q8q1Tlc{b^e(SF>RgC^I`rJk{7Cm%>D?RNpJZUAE$i65w?FkUx0$)6K{0-+=qk&3Cp~(2#c9p;tdksG9*~1QDKllPE}_k6e(Q zem?{bd&&IrXJ^ox%E*QH#2I52gM4w%yz^ga;+zc(0C@wtB%TO@LBd~#^q(wxJ_mBP zN#CAJ<^U>sH-KG;_%#AL+N&yDFhfG23K6V~j{y@_{;uN`EHJMj0F_%F2KyQ?s}E~* z10_a7qPppvhQF&v$}a=ava1YrrrC{(lSgpqjHk^U(!JEZ#F3NfY?e6b z<&h!``AY)h#pI0`pMzhx2*Ze<8u($+vq^V@HtFT+ZgUHLJNg0_2MD)ncBETGOwijp6aDxT1U>ojV0QSLBD^Rjs4*`iW zRS|tthI#$ob6k71Uap2WNE0T@g}CjuF{+iS{(g8xeT%ipWh>m0giwS2s2Rd3YKCu% zC)(f%kq?6oS5@0oOTrMnku!Wd9m4`5bu>~X4v7mwyBs#VUEcwktvtd6V5@)WP?dUb zMwf7lP!qblh~sv!BVPfw4!6q*|C#b19F70d^AQHz1!$#>pB;#gWkMlITo8XTXD@lff%c^J!8DAV_0%RIDLeP;2 z{!BeXH*J(oXR3DP%Si_w?5o*waq}ef+*I`jPXEPp^A^sr>bt{ra+QjTXB;bDwcmg4 z+#7x0dm_%4pOX%g=<>EW06s0wHESau%%rTGS zyH7t^R*r^iJ-xXV!3duI1r8h5|KhCQ8Eo){kTT%+!2B~=XL2C!kE+?yLG&Td8AA>8 zKN?$x3%n@9YwzT?y^@9p%y8z6aa7Y)oa5}|;QUg|Nb+z|4Sg4hrB*}4^vT0?dyAN6 zJDkqMCc5bQ)7@e_ou~cvdb!pI5_ke4{&cb$&FF4T9-T@EexiCX{ESco@MlHHxZ=tA zka$`-{v`6KSrf-VQ(Kg$;d(t3U(>wGU3u!Wiad3;M)C9M4(AKpPr`^=vtw2V0c59; zJn-H(&<#(Vsx*t`r?lU>d13V9$f%R(DpUSFxrCYH>W(%R~ zu3$d5x9jDDS9-!9!pX1TMkN5r=bPj@g_cS?u;q88B?%htcU&Nx`Q`?Wa+qJsYhN%d z$c+#q(e$KR_^p2(w~r=R71#*<-G2Ys^NrB6)Yo0$2rZDRC0HHcX3GU#TMHOYgzdqg z(*4Am@TB=<1Cw(Cd8$HG7>TbP`1mok(!v5^_p;^hft|^R0@a z?7WxItMs{n?6X}s>0eY*0L@i3x}X^)?)cF(KH&~cL_wxv|Q@yV6H z`mes@JpUX*~% z;|6pG#s;8}GC1I2Pk%okVRsFatRU#;gdr&O5iB}b&_Mb8TMDtm?QoM%7(D|dvq?7^FFid^uBMAG@b+B-!}ceXY9FZe>1x*{ zWna*JbcpggRX5f1VmisssiM`vsdDN^XMeE}lIzE0vjXW^Vx{Hi<;!I90CTlq7Hv3DEHOCoHDU&R9rwEMlz1k- zdo3dEFuckXu`tpA8#;@XQ!x&$T{>SR3wjjb~Qp^a4)h7@#YAsrV)AcU-vi%x)+ zhCQr@t4g5n8|Tc{grSXieltdGSya*aGh`Q14dR5CK&Uo$x<6))5>RLQRkdqVI}A1k zkqe%)_r8drg-VtJ1NaI0ZhM9Wp;hD`23t_b{M11pJZ@QCkU|_35m+8afR&d79HEei zfXc%G?beP=OP{_N>fT`Y$b6)YZMwc>&N|j+#+W-%Xx;7NW;h?f2Ot)NA*1L^E#lG+ zssLsOJvmw7Y?gA(6xD{RjGK&$1$;N2#_Xi-ElsSssc

xlXW-=+g2 zMgqCRTi59|RxrZplLSfNXoXnoF+E97C1yCD5%)}ywb>zyp)z0Wm*frvZdX9VoK!Np zTd$MNhmXu? zl(K^P3X#LSS@k>vnaeShO*VEIt5Il*TwdUqt6ZieVqK_v*VFsya3+eD<+qAWyf~zo zM2%iG`el6l5<9ns57d;KXAwrF``Pq@#; z=uR@&89N0eT@SXx>+-hbV1Pq`Hp|y}4I06MJg|(sgWya?K8z<=p)iO#?xrPQCB;%@ z0n>Cl{lm2I#mq9oVZBN`GA7ZnTpU!Mc(}!iU1Qd))BAJ{=){ygAX)eoo52f zE`_imT~8#8R!$~a2KxLv=(jbS&vdJ9Onm)N)sZK@NOy~zMKAfnhIaT>-L=K2v2*xZ zGTbsr0bgJEU(hyn^>^@qNr55PQrNA7K^Kn4YB)aUvS=Mh_k}#)JMw%j&XzdSe?sNr zrO)Fth#EmS==YA($?$H*$_~_nqaqdEDyEw^LXw!Lb0*;;PJ%W|pkIg}V0FFz((!nQ zJ(b?m({c-dg+P8o#S@fH=coj^bq_TO;{M&P)NX~AsT0;h_P;XzzS=HOvZ*e9ksB{4 zf6_rjl5AZ5lVuiSyO_>)J;0WC z38tJ*c?qnBgA;bF|BmIS+Yezr%NqT#<-r&npMXIu^%s2m;PDR7MmW<{n$WhH{~WO< zvfRhHW5Dr(GHwbjh#DB(rlT*uHWw8aisod}gqj@?$re(cD;mEP;JRi(Bgg(c(yL{i zj>6(Hr7tpSE$=Sm9$B@;XfAx*K%gTC0RFm&ZPaLOG1-7!`|x-o6kzd(0F{Fuy%=c* zKS0DP%n{8Y8*8Ae4on)5qP|LF)15TNq+qeEYeoY4VGYA3EJ?lQ?urFa`_&|Q9J@$y zi)$qXZ3K_>rl+|i`f4c$BpA%WJ`j(ybo}3Zm$kUe1XI%CLJSOFEZb(}P%oQhqWjRP z>^2c`yd{$g%;(2bYDWPyMEx|~a41Tmf!J@@%s*W!lF3^%{Qyy-^8ibUyje%8 z53FxV(L7d|(lh$i?!fXn1^T9LEAvW5eIG{Tgsoc&0d}7+;>%fan-;cV+gLfT+v88q zF8he*V~>wo@+PZK#MPcN=c+jAUCTtf=@wcBl8{$h@sYDOZNs~-oj;AGr!ND)JnL%1 zfWt60p%Tl@h*2#PO)`1f(@xx#&#OOxjgOpn7VlqGhhSWbjPzF5>oE&`6<^ zd|2L0N5YT?I+~A+U6%Fu*?HA=;}NOIIIFAY{0Dpx8dRGCw(g zHA2}=CRdW*%}IPjR7U+#A1C1o34Qj>v?4?TFBYxWSJGL(9O=9=-3S%n-lzbgUz(cd z3pKuALpx=khpQ^2k&q3IpmL6=c*xVQz~J&|JQb9RVDnN*#YJj1F?uwzFecZ5he=9A z*Y(Lsn5#%5(>CuRMNSAUhNI=imqhbxM^r7~g*6+HeOfYA0{qj0p32Oy*@37r%D9$5{sD&hnWtu6d)NfLmOF3vYV@22RB_;FX2=p^tuY4on4`8>g@sH06&%T&`Rx zPJSOmNwNO}80KH-62kwm4v?Sf$O{A%VW2X^2YAUb%Lh-!_$4+~)cie!aAlv{}t zjzIrA9~q)ycGL=*7z0c59Qup@ysBdGK@sYkDbzQa|f z#!F@+5csBe(%!}ObUZ~hy|y6rNddOJLoXu|KN6Jlqf~I)<;SyaklXps*KP=Nap=`0 z&0nDk-wHqI9Xp7E%K~B=MJ`WA6S@8;8r7t0u>?DgX`M9C0IM)4)2jJVMKngq$*_4a zq(G|!l#DC@)R(khfX1IqQ5)#bY4^Ffm|+%v-yzJvN>QQ`8(?%)2+hW|x{WI&%TTlC8wxWN#MNv} z3{8%6hJYK~8b+gUNEiLMxEjvW52y*mKI^H`6|X)vE)cB#fKYSb7or|Oy%3zMCb}es zl=R_bQjM#!5Z+y;EKca=&`qDEldTpldS6PEv;$!Wn=5);Sin|pcef`M>C`|dNEi4o z?tmX6NhpJj6L4}3PCJg9&-FZp{Ay>TJy0#!W~RzJ!_gMmoDb4a6lx&d-mMq3{Iawv z7G;p<`E=7~5{U7WcBj)%<|~J###0l)yx_x#Og-)3Q1Nkz%a5}Vt{}r)0fVTJVYM%N z9anz%p9A=c+uP|zXkgO%=2;KVd9#9aOa%KCXE^AfV$7pvmhS?L*TuMZu+c-V5o+Zv zxL4ASPb_fL&{MHMb<*qLn^wobi!&S!My$%5anX9+9V~Q3DuL!=NKCkAqq+ujHyq*UUAAK4z!{zhR#dAV53Mr==8^+f;=hQpR6J!sO4^8%OHBMLiwEwyDaZyA4t1d?Ftz1YKN=ck9LiMVd)B zr6(F6=tOekEcPWe8iJP$P#n)L@45TfqjRARASuspP!<>#PV|~qPGHL?E~Dta1o)-x z`p_3C^o&$K2&Fi9tf_=(`cZ3Hq+5BeyKVO=&_9>3v0jYKAzu`eIDI@w7^=l$i}ooE zQ7Zw)QNU~J&J+W|+&GR)m^yJML$ZZ0QPq~d20EWerXV7S8-oE673!Nm_K%P`*lMi| zTggY|9Z{v`Lj}^QvwmO)4&=n5R~lG!#Z8HBc_S|YMnckv1zCz9TKnuc-I=-^lR&jo z$9>a!&k#_Nh0IFitYfnLSmU|I8X0}HLW7UYZWx7Pvk?9(Bn-~raRupP||I> z|AfI$)tAnVv?i&ABpkf8pr^Xx7rX2i!OfO8A+pX2*0HKq9yKy7xb|Sq>UqT zLN2NhsNO+f;ASBFQxq;|eo6+S6_Q+}ulcAmludjK57gPpwr<0WVg z`n_77Tg2%VdGkLNM^cIuphr;;#z|=MVDCZ#cIQv|85gVCZy5QW^TB?+gkMj%fo%zQ z{&g#NTwVK|06-IP(`8%RBkft-AV5fyE=_m7But#C>UNe9RLLo6Mg12LIZu0g>a+ zLFB)lZe^baE#$C`UpBpL?2XcM5rvg6p`+ILTv<( z*u!883(CLUcIs@#a=-}%n5JMZCrsq1LC9q6AaSKq%`Qc8h0;GFlrO|BEv}&d&I${w4w(k6 zeXURZ5nTpjmAhK3aw6oMH9`}8*~q$M9on5b-Jb&^Y2$*x&RLH7z$;2pr9^4;LxnL^ z;Qv`>uL&4v#0PXf+0tY|gOK>^VM~8AM5^1A;d0)tyZRDq1`}K`$ zBj^^{nT!x$34=PbEP^tGNE`ZI@e(9wvho z=J!r8TzrdRw}Z3~Kun67(Q^%LRM2?-sY$GdJ&&7m^EI*J1ZP(9a0B}cV0pfihm1s! zOtqZ$W8N&%)`HY;4T(o+h-Ph4bS855X?|0pMF;Kp-Rd_fULKr*<6tlrFlT^4RBusK zp)CowFlZ#hGeL#>^&T(X=3r(|gUEyTmejelpN0&KIYb97*m(2ollvU9pbL_`hg6~k zie<+DzNrl08-C^K!A-SWYl?2lZp^Sg%n>Efb|wr-UraZysWKrAoT#acdB#Z(^M9g! zLLaasD!a`hbyC*83~S$!yKv9hs!E3=*jxnbSM^<8u;Tme?HAivD1p@96w|vVC~yGXm=5Kb20;(Afp}>9Cf5_Ex|+xB=>f*PavUj=0{GytamJ2SL>!LglTmfdK1gATK| zQ}mOEPL--~0l9UpOr%9JGWt-9O?ZNiHOIduP9$iuOL&$XxU624SMm{n$+w#7KHJ>F z>VHYLOLV)Gi5_J4uUH4&Nq)t}{*hW~|A9Kbn52fP=U}_iOuNiEjc%qn)q9_N*n9~X z-S9r_NG=CT0dE^|$n%hS{pXU6E51{>3fgMuB8Af?K1rydX>-gpR z9J{iHrebMllF=^4QM;>X+{CAixCY6fsxOxosW98}m(SOQy@T7sn8~U1X6D%J0Gc5nZ`Ivw^-j$$;?2p5bS#4Q6e>est@x}G{- zJcfz&=z<}S!Y>_1l5><^`V)&iZ{p6s(LxO+! z{qgkymLn(bP(YwJbZ9_1GpLewv}0f?p8Wter?j;?O@^57&e^%o7j*A2iwtt)fkJ_c zbshl>?%iw=SqOrvqNiEU8F4MNDlddV;R6(^CV)J&k)8g0s_l=Vat;h7GEY(1Vev?? z&56mkqCkXV3*}O+`5AqHlL;iUl#x&>DAF4!4FIbAPQJ+hIaauRS|6)ss;xOIYVapi+7(F2Z!^*ehE1Q?{~KCDA*sUi+pn2p|%G(y8a$-ctUV$uS86k)7i8HTj= zkLLp_RxWG-$Z{1IqQtKe4V&^4p^#I+k%(m#R%;?kb6~>vY_x=Nc**7#rG?1?Rs1|~ zZ9K2oOmOI${B-13h+S@SypM06z+2kRSIFc^gVxPTF&&Xur`n!o1NGR;C0$Xe`RspJ+f^xQ#h=w#(XMiR{75Vn=QlW~q%8a;zoPsR$pzBM$MmA{cUnOZ99bW{D6b_7Msq2n3va8Km+; z|2{@|i7Dwmtaw$MHzvCcTDZkPS(G}8T|$$h{Ex+q0cD%Az;w05sqB0~FK{;&GE?bo zY@`|Q7po=a%E5rZVhV-v;w;!tBriEOz~hQ1qand~!U%YTWbo_N+XN|tH@=r8Hl?a^ z@MrY%{q(sq%Xc)l9ss}wg8`8MM^_LiV4(U#OyiqwWlHDCmPVM46GVn6DwnOf&;hV) zd%ia!$KXc{Q+wgUI3%IHYn{i}+JoFAoZwm{f~i7r>ZGDaGI*1t`)fTufs{lnYeY-bM3izukoS)i zL`yiNZRK$96^b_VyIFMzaqfg0`T_<@Xlq#tDWI;MO#7cPE0;~8t)7A7`T%*6_eJo9 z%w*krmYm(3%-8(&OW!zNi=0hg2a1*{UC3+r!JWFS$_5(uitTmF$t;5M2{1z)MMcn~{7DTo%4Fuk|3EvZV81ik( zYM4#Gu*{Tc(q0!o6|P_Q;4DI=?}@(x?^%DF%}sM|sjE=E_aq3otbM^l+(KjiZ5S?9 zZ(G%d@9a_#bF15>6fpZ{3XO-|bBw(y-oM%-tM)*@;V{VnZj=k|;73*hGmc1l2o@$t zm}<+Wmd3K2^Er}{mAp10-g#PsE}%DgZPT`SCso$);A`fp1VOw43t@oXIC#0uMlN2+ z1Mk$k%2!ku1zY6(kjN4D6gl6Zt%cObP`NbN;kS`{)flWv)eN&PpI&UiYRAkVTGg>YL#=Uuui zqSyj;Ij%t;<>Q|K8C|Ojme!HBfe}{ElFQ?O7Gj?+ZbEmicLRB82=2zbk;Se1ANY%YaD(cc0tfkGXo0_z@X48>B_$H&3(a zkUOWJRH_^&nR~N9M46}wfR}|9-r!raiR+P)MFk2=o$umTCns6CvS*(=0@NI=HVVfS zf~EtjLRNx?Ym5fNLw2~vp~4t51(xg#o0jj$JNx zR5tD59_&}ngfXn3!Z?RYz_tso|IA7s048JuK~OFOO;t&9Urk{<^j`mP3k zn;=|8c7nnj2|BQcuI*Y7auXAnO>Y(m$}v+EZ&T};OD!^#Ec5=VVuQ=YqVE==4GgV0 z7^LSTT;K{g5ZEW~2wnIwa0xVi_gU^+M`*!AB4?VlDS%}Zp9D>E)XUEE?#0~+=donZ z5?fUt%2{|EB3QBI@WVTy3L+$6u{XAVk>-RBl^`ISRP~$79*qTR&QDy-rJjje=qcA=kYMwAJY4W{d$Y) z3@Dy}I((p8;Ck8bbc~5QBnc^48s?76HbPMc^r_4RHexKY%AkD63>7Ou^Q1!|Qgw!A z*O;6Ih*6sFRLUzHa3yw7$n#SNYqqX(#7{oj>ORfd)XBL8S8p;OPBd98viq|Cb(F41 zE`^qYn@0M6ri%%l?Fa@dfAzY9=nQ?OjKvd%fZp9ahrp&^RiEr>etijSGTtncTR<_O zqelF|eF37s7?{LN$s*m{jc)OU)w0uizGF}r1l%|;0qk3|O`cH$w-JY~vBr@aH94jX zmy3nY|41g_h~ex*+j0Kow&T86#Z#mglF=Y!RjjxL9RK!1USk~B_mO5Cl6X=DE_2V> zXY_%NT`KrGv_!>;z^ zwO<8&$e2QX-PsdDzrLH!#(x+0AP1*ASED8*ge7~AY?68>|5Ny^E$0y-UwzxA&Y5Hk zm9RWU*W@n`UuRoRnBywg{#2?gjrgIg@q@Lmu@?aUwFV}$Au={zT+jr=)0qN{=q zRd!KTND)rheU7(^x>n+Q6Ui%~AbR~wqwKg}$=hs88-=SAGSiefBd+lx`pDb%pbK4UWlo&qk=@e-8<&xtbRL z0j+kCSVOPg%Z#+Lrc7{y={M$#{@}9BT5AtnT(ES0c6xnC;Qp6%MNjxp!XCq01>8W# zR?Urlg7PK64c{+Ew9qX%kxLhZ^SOddAfi~uVw*R366sC4W`|>;e}qUuOu$;Qi-g7) zS@N2|L1VGABp6`fWkX`hHUeP&nl4C%=IEYriaDwcM_0n+D4LI&2X8opiP_*1@R;N4 z6e`Cfp+X^dsXkbki*%N`CfpE^a;#kXPgrX+Qsq5zb9xRgjJ)tIb z@7Z*@y3eK8++?~2l;)bv;o_{FHwpOn|De0i44wmJvc~kdDNZ|8D;SNAx|6R9*=I%# z(=W=yI_+k?_>w+KLJfvvTD{_*R7K6&@ozjn`_y!_jdPYRFDkgolDgW-K?GGxGH z?p8ZJdh6)}^~a*5r95U}Ln6Rt)w#nN?xQc&RRTF&4R4r=VwVbl)#7twiXl+xOdeW< zo!WkYis4s4vq65JS&Gfw4ESJ(%Fd^i>A`Fx@YM8$C7&mqDj;Zu!+`n-Iu>Q>CG-{| z%^wl)Lm|}?#Weq37h6=UZv25|k_p}!E>P3+aR?6`wqiaqn+enh=&(4U1e?S85O6D}H@D&|G*dq;*AVgk}><$X@{H0CKO zK{`Bq&6m)J{%5ZJjvnWTGH$ zOS;Rh2(F-~+B}Qlj7YcSl^7-OK%Nia_>V+;LWq(gpeFl#i)iT~Ye?BLD}gLFm?g{k zn-L}&Z0K^Zg`7$nb4X-ADz&Ggl7#KttYA50{FyvykIcZf6=0hxts&k*q**Rm3-Um2 z7>uljWNC14cf~f95s~~=X+AlQqWveUQQgTw(8Oc8zeT@VLU$Av<;(SqviPk+e1 zWD~mNF-6Z@Yz#t%IEAX%akb0XaYL44!eWf85x z);JL@qzbCsSvtXy?2fz-hB?q`IQ|y29bg-tExm*Jsugld1;CXtww5_E_+yXcMBSJE zM`(yHvdm%uJawDJ>RQ+-MW*?kkGX~Ik~QGA%J8N@9AX#$x$3QbCNqpLg~^?uhTvh1 zTo@-v>neqN^w;a<`u$T2{E8NL=W%7>MAx*U-c+SVt6N@V_4#O&x4-p zrra_THhU?ruYjP@O@8Y{3V~G<9Vlm_>yp8s2e*hW5kS>7U1S(-jQ>)P+`gW4goK&r zc&XH|O2Y%u~>t{_aI8bgbX+hPwndcTwO!x>PCGMmfTBaFL079`3=HOXNnOL(x?&- zTm}x?2m?J{Nriw__jx#FA%}t?l6#4fl zP;@FQnbXAVS@qxX1FuxG6=bAlW_A0soE^4)ivvukS#6|i|4tp ziIn6)BE*JopOD)vaEq$ENMWXgB8&9vb}0Vn9Te7<;BuR+Pxo1neJ_l8i{F}bImhL= z-x!;N%VbI`>NQYhF{E^cc6*DgHDHuYvPoB+KYf`Id>o9UL^<*wY{3LBR9zCysfK`g zqOMJe)+H#Gt2GTCw&tK>$_B`c#Sw;eB1P-x^(^5RfWNzY9Z9wk_^j4?xNuq-WAwIh zsIBu6EsMW436w;iYOl|Lo1@LDnj_)P)*Q*;vI677@l91IBLe_^jRwPmeW&6=ZPRz9 zXIq#tzzI$MEd01!KMdF7Jl1w11*59@Es=6sOF2{p<-SwEcNE_>SIzqxc+G{d_7jbF z4UDw&SSR9zZjA61WE>vHSMdE$hvt(g?D~dc*x63TJ-iofvkCD>{Unscp7oQMLon~k z33_o*JEe~DlO+6_tnRiCY`>1RX>%B*g(*7=;tGLnDgX#kDN{W0&^t>2k7q}k-U=Hv zsBs(KzJCl~O&!3h>=@Uq06{iC7v5#Zy_k2>@_D!{d&;~G7mo~4u~048n26I*ai-Wh zw`$VEkxF8$#{`zK?68yhsdCxWrMz&HImIotK(n|}u^`M0yW0tp49tS`LP$&WDmK6A zgMk9Rj7=-tl_emMOdlVm5c0@w1Wh++o5EU_63sP8`yifvPX)pn z+lg$m^^`5ft+?h#h_)PbENwj9>w3opcibhe0WSlWRc=so;UqdUzhjdHOc=5VtVQH> zzLw7JyaJ2STCA1lO}OVEdz>;w>+QTTI}Js8EGJt-oNAjv4FTy~jn+h)NsdKS_Nz}PgO&95eqd(4dfCY;TgdE z4+!TmE(Cudx-(GxMT^{AK=RYPE|QzzX>3r2L8ut)Yuj+8oh!3*Q) z7paadhcODOXC7A`Yr&4!+_GvJyfP{0(3IKBIQx|rN9(_WEpblIa-Iw&VedtOefLpX zzU^yclp{ZqxLCn83!;RR)+RzMkF#Q_M{YuuPbQ)nRtNn$*U$ov^+(|k9x3A1)P<=G zBda8wWL&5Omh$wQcVzMyEt4$7n1$~b$=etP6^yV%24_r&LOQbzPVXiv(M89BYl%M6#q z<6gwb1o(MF*FwPI9NPdjotHn0p{PA)QN@=zYS4H%NL(r3VIY8Mq8OK{&5SqFca3H{ zVfVg+X+*lBI)ep^)?`SMqGgKc(BCMT{Wg(;^fLyvPIDRT->ogZ{fSn^gFc2W&$1|K z1JU1t$%8Ay<6{aq_;TX;l&_@!SB+|m*IWjwG?V}bdNyAjL%lS}cGDfzA~)?esz?4P zKntkGd6zn-`x`FMea9MR@!H{8X})S6CJjd@qF4$wK)kpd-Jr!EO-mcQiEH5u6kz!_ z7h;Wqm^QZlOE=(M>ilm^b>zHe&Er-hFDfEI!&b}=U11Ld*gF*_tGv=**cgzh(c)q8=K_}=6^Dt zI>cyC*UnB-7zswj)<`3BHl5~}+i*f_ z`gdfm%tkJu{^=V0!_@V}^O#6GjcW9qV_p-Ly&Q9_v zgNYg-k@SYW%qaH-zwzB@GRLrugTT;$_i52cN?nN)ElF@=}MtBTA;llL`lL9A~ty|GvPe0iX>30SmIePJsGNCy(A}V}w+m_72Ag)VrHp zhd^f|cJxUtF}7OugMi(DT1r6mPI0^*lg$da7#^E6BSrs)hZ<4%q=B-C`c5s2ai(BG zQ%*%Ysw>fbHr%)bl{hr_9k9wJkVBQ`aDDxVw-s0P46VDrri|lS94yQJ)63C=($rO| zqNIv*iW707gJ%O@G?Ufha0Z14hB5IavUH5Y9e*gR^qcqF`OD^-OB2f&UHfSr{E~&uE7V_u86vs+R$I%|PW%9_g6KbPQ-__w)AggEy zNJ3SgOm7I&t5O)~+|Ls!7XcLRRx45s(PemC)%v|+(5j>={>&(LutMRCKq_juGc_Oq zIny}FaEgsTX1bv+S~x?rFqvXRkoHWgZK#pO`v>&C%K=Rwf`FSmym3a!9=wHp@=6V{ zlPEQG!rDG!L9JqzJdVK}%LD`ofTOa|>a29t3TEi_S=I_l>woKNS;{Ano%Ult#lvUw zSs)9+!$#tdc)&wky|Tg97Z{sgF}6aqFW6`>Q!qSQVC=sw{I*zVyjR#&D4S=cVwRU+ zsSE@WNDZ@8aKqqJ-mAv~FZXL<&jt$ob!oI0>E^e)#Yk#i zN*1n4*r9?5L}IOi-UNz4Ij1U+%)R6xt8nHyoU9TwdP90r_s}Z=hv|eZ0_Bub;Yke= z4^3w>nvvUu`tIpw4A>I~CGv-X7eNGfy14_337%Fu9*=#P^6&rgzX$pfY}s{<(0zXH zzLOIg1ksVz@XHAMRh&Z!u0MWwmaw20OBH8Qy2d$?ON-RPTLY~K0Uio;SbqW%LLLi` zXFPV5pTNkw@)K)uNPwiW2+!Q)Q`&tky3L~-yTJ`4;=zG&;aE-z5td!JQJd|etDvPU zTtLKBEGmOPD^1G5z!?&VV;fjbf$szv3@wJz&kF>m&OmI;P9<>c$S#2zh#06kKgKi1 z2%>E;ITTY^&ni+wt@U4VF|PAxddrpw1%iWQtN=+oHQeJA&E&&jh$mkM{17t_J?Kj{c~ZJjw7Y} zmUhAKM--13=p8vfimnf$s!P;A(aUQ|6Ol2^ylMH_P>-C{frP<9^G7lowP{8>~Co)n@Lj-&f4N`&Mxu}Z#KtqFzrKa066JW>A@Gf)i$z_ZXXQp z0gn35a;}a%L@C=^=~_zaRZ^qUzh7fJU7l{fTCcwMn~hLztD_LxIE_$3ODne8^Y~k& z4P3<+WY4u3#Htrrggb64Pg*CT?Xpk--`Sk{3N>5LjJ1}Q%8kv05_?oGG-}vnj%|a) zb~c4x_GUmS_^c%17F%3wt)Y=y4(W?6L&dIVsynAwq${B?z(M2eJ{85KfqOZZ@QjU% zMRIC(qUj^Jb8{}m5#Rz;G{i(9XK!#XR+5F%x_hSktM2LWsc={>J9L@L$brr2T97`8 zZ-ry>3B?K2;E>yzUS6a7YgrLafWTSY9#;7-L^&XI&!C1Cw&7O-+321GlzeIN_vd`* z$YG_!AH%rU&aEP#Pr2tic(IZOXpLrBp0Lcw2^KMS zDw`=M_`B{*G*wR4LkVP0cAVVkDcLViq^K=?8H=NoZb{t#?QkK0tBWRit43H8AjNq%@TJhK6xBAo3!@k)TXCRTz=;h4C1YLawU6 zZ9{Vs?X1JNLi~uRzD`HWoAq#YJEa(rj0?2y)dcXTv}=Oy00X+*_dVg>l}>kswqxga zI*gbu@|o@05&3_D56Ss5BKb8!8r2zr;RvYs>X0VO+1RzU1jPP_Ws9Irk$d5JK~q|^ zagJYCuSUFHA6Fjzlg-%(9<`v9xEx-8@82CMODjlo18fnwkUpB^`ed)#Mh_V-VvR)| zuliIVb8K!`Bgb24cyb6V&&q%-*tp0k0zo*Ej4V;F%AZjX7+VL?mFTTk1@zLB==(n^K*F8htbC;r8;I-G!6dIIh0Ec+Y9*(zQg zZTX&uIhlp_*q7{#;#>3!Fei?1l{xOk{XPJR7WXXIxcc1VdrivnD2{l%%>5C7u{w>& zJfgmz2Yow8w2r6uwu~oI{sJbx#Q=2yiLWlb@&^2@JyepQf7 z!yHed33*RZ!|MrwaEIaE&|&rOTKC880I>N0+eL1cl%`=ff_*EvvTfWq zP<%nqQle7Jm|Az`MB2+@)TO46@ozd5XE|7?*j`pxpG?-Fyr~fdF_#8HTcq(-6KeYX zSx*$Rp*1IZKkGE`9y-?Z+^YIlLz7oHO%8-m}Q4_}9SlLo)w;DNVJ9Li9o|J%&Opqgd;vTP&4?%{h za%}_Um&-<2G|~bS?!h9>JKI|*e;gY=Ufo(mmohjqK}Z9yBJj^nbU3U5H$?Mo0(V0F zRmM3e|EeHJp&$H@Nfk?4E#BeX9HcRd`q=6;mjQ72hXi?dXNay`5w8zE`w|v(Y;<#e z({`lS=KU85IGH!dal@UnmdKINTBY6(%%Y!MeZzC_UGxX#Iz0SMwZRx=YuGXtglX0~`Xvo6?cY-FSbEo2La%%cLwT913U zWNv77pfV#&#ORjy3HsFaMbo^saM1HYUn2+5Ck#y{LkyfwTpwKr9{QD5mDG#Uo%Ps& zLt7_(!VJHFHkuI(82?rgw_-aj_ZCo+P5 z8X=KfeM}SAI)OjOv$@XgTh`#f@T>SXS12zbuP)buD$G&m9?W129W9&5MzQ&cj49cp zx#H@>^2NLS5vbApo*Whm7$2Iv`oT}?0Nnekd^klXTCt!O9eUv@rp0WDV!EdLI;0xD@)x7~H#m2pZW-1UfXJ2P1{lE=6v zd*bLM6sI1Axc~k4mL-Edm`uQ724fPgnkIQ4!K}Uqi!JIDdFOt-9nxr~h2=d`d_3|QFWBK-G?YoIL1NBDu(Qgo`7|%=>L>9?1;C1#L zu#q_`mHFG(;0!5vQ2h~jCYr9=cn?K$2FeGVB7gia#TX9xA-M#}R(EP&MQTu+>fXlL zMi*%u$rCqLJHX~#KRjtq^8ZDTk|Mmj?R6tFv6F2OHAs@}>L1DACm_LbuzzHq=f);?(5QU@;X&lR?xu^IBMeA_vUS>#BaD z!F0i57g4@hB!-xOm?MVBAXIM=k36J+QH>TDi>Z~2ioaK8eUYN9$hC;l-@Y`jW~=dM z2qo*uESt)2Bn=JzfR4@rA3-#ik!g=PA`3toy$a)#Xaq;nuIss98j*#5{QrRW0|i3b zZ8BK^8Y?>mHEOD9G((T#*q5x#m^Qb==&0_%PRMLim1s?Q#XKE~Ot=n1JIg0f!;JH- zUPAN71%u8opD3{n+?lXE^r`i)hcr)6;bwjD8V@pnnsn;UAHw4v_#SD%Br^XBL_T9P z(^4f8c^JbS^&34l!3vrI>QUdF%?wk@jz3U#BX`zgCi&9oC!%qbg zpdWO*>F?ya=?s`pKTm;FyEShr)Xzuj0G)MA%W@hx*Hg`bb9*!Nl{dVFhbTG7{J$RZ^hJ{6y!H;A3CBze4p{F*nOEU$lK zhmv8f16^w&%)!nAl^T-*rajzg?$e zXUy9{cRn}q_?WS$FM_=S@oa*V&a@AgW%qfnLUQ<;q6f?^W0WR3e&0YY;;zLT%f&zt zU?8lV(hhwbR*0lDa|&A>`75! zJB>M_#;+SBzCjp~UOLBzb>iz#L2v?XK<+by>IRbU`5Rv8~?5wruJlqb& zL3AoLoLvFm$H{TvoeRCqISHueSf@A1W{7qq(4I0@5x!n8aU?=|E`tx(03@I*ok~NM zW^)+;^26!BWKD($L3#h74=1Y;lBFAVeuuX%sYm=(*4`wg6a7W$a7=g(Bft|14SAwqNeECBVJ}CYhtmQhtXSzmSuGI zZnr^qke$vjaOjOhfX#2(uB=2g*fHL<`z*)((nwDZc~H^l2qCrBqk*2%YHkG*EJt}V z=`4_-ptetR48-_jR@v=#zTA-9f6qBsh27favcg}IJSNogAJS?|k%h>gi1y7Y%@7}_ zzqiz=*Eor>+GZS2_>?fR7@x770_*&|?6603XOvE79aogsnTfxa4>StNLPW+AJloKE zFSwES^1Wbz7H|fwE?&X&sd7^?A1rYBB@CdWo{Sdbo{LV+IH3IINmk(|24r`{7f6Wx6@BY+Z*5+|eV zS{oyyF`CE#-a)pghjDx3<@LCs1s!gVq~y8KB#h1G5sg&DZq3}a#iNPv8gP7!Yq`Z~ zy2K$nt%VG`7KRMEq1xHD0_}nXYRWu-(C&wnW63r98iG4?HD)79ya#-KHsHLTZgoXZ5R;h+}I5{nt>PQhdJOmmG2a&r-FBdx6a}fnwwe~ zWI~MrqRVSHwFwdkOV4kihvz)M2-NPOyb3=>Xp><3)MjRKH#*KDyp)|MpgjPtgbAe* zERjY{S{qj0bzZ3=5=k7Q8IaIOi<9g*k>%gK4roIQbky72jc$P%C)aCCqTKvN{2?eS zEM^|9)Kts_AJy=)P2)XR9+I7*?GRZ@)PrIvXip*52XcML*0@9eLpd%u#aidvM#(Y# zU=xc35BF^wYX@|`#^L59DeHc8B~9Xr=j>uC19*?7hM|Vk4{fd+UaXcJ_B;9_4}(L) z%|=ZoySVo2TU)Eko@t34O$Rp8(|h<;0^sZ~KoTmaBcrAx3nhTP6T_uZ^9}rudPPxD zwLyBjCO$r!Hdvq!ACtI4l$CZk0Mj?gYQB#MprDb^NxcXiw07knM|RG9oN1^y+Az4p{@-o8DY#xb;j6N^`Ice$g%04!OTfZ;UYv6vFa6}3!Cfp1s=*0>yook%L26h z^BuD5;?51om)_9{oDsLn%@e}FxshzA&U1vB@=;Lp?e_`8mn+mls@k=dKEZ`WE~+NJ zGRNVDNm$BEx=y3QhJ|`niI^^w9cG$u1{z(6Jj?K8R)qXo?K>W)cvjCh0fj z)*x5q>`+Yit50`}?G&SDNwSi(LkrKi-(ed%CnOghOffGWMyAb0^Ne2%gt`2g=#6wV zW)moy*hm`zoKGvF72nPkHK7X0!?KBC!`htX!jJ?$hvK8(F(gsKdTdqgSh>*_~&ZhJ$N7Y^Evnpu{6kOR$0 z=oe>i9GDHk@*dT1dw5gY+VYvUlEXH~M-sK!|3-aOtwYW+G#wx*K}hR%uvIV#dS(@g zdH4OIT2VUjL^;v5@lZ8g0f(b9%(sJ+9gND4l6c!H_P1P@>GVwH3$L=mo>E;1$?dtd zC8dGTZpb8CiiDtMYf2)w0-*Y}z@LF%;}ZigE{IZo`xOVJ`}{qOF?!XrGtK1^Up@A< z6Hxg2=D^?tvClSx)3?jzEK=c!OLM$K((Q#*CWaY^DWTu>`S?}#blo!dUOXtSaZ9C- zJT_nx&3XjVhrwsywcISw0#`lkTAYLnkB4~=JIFcJI?q(+XNm|k+(HhR$hy-?KOCIM ze|-4(_RR+b;CI)_Ai;HmO*^wZB{a~}jC|M17HUJ60NRi}7A{|ll&T#j{nKdirZYBb zJa-CI?vw6-!KXi_)(aLjJPD8!b=Qt`J4i&Ci^}qZ)nlFp;Vf_AY_)RR-5+J_xOSWh zcNtQ!;}2))s7y(=kQ=78zW+Yx2uWA#&VZ+;Q5^V$TwKRV70Tl!&=T?$rO^x8UPyO$ zH{`@c_#QP@MQ&nNr-6~@PsU4M{~_lW`WOEZsKyD6l!Ur@f1)i8MAaNe4u}vjO1K^` zJs75Cm%to0*E zxsJUE6NV%0Oys_Vui_7VGEBOWpb7qCnblBsD$AeAjNQ)K7t%OnM~uo*5RW#22#*GP zydKc0m;#Zx6bPa_OnkX8>Yx5VGTcC^~I*(5I8DZcyl?xl29C$LVfL z#5Q@ezMXWqALga@Zq$1FrlD#|O ziCLCq_pDIw9vuK_gRmI~rb`j=UgsrDk@u3HG}jk|k*b0GgR9)cn-~i@H6T$aAXRd9 z4zXt0DfB@41%PyPWfEn)|6?{96YZKmaVAtLoUC!(^8E<1ptt7FgsaaDeLF78>!H$oolZm#J55Nteyio|wm`)KFwDW)+VI~CkQtCI)N^nhx1A9ai zek5Fx8vm>rY0_}N{H=e(09LeHoXaBwFip*Z8r+?~7)YeW_jv3Gm8rujMXYLdlYY5U zAsI-E35{5|YKSoX*4g~NW|imFcDAizBtw6=;&-Z730m{zj~M#|u~1^p=Y+E~kx1o7 z+3^UMhT02?Gb^TX_5q6+v%9Is*rsYO&Vt}tRkmF@N3m1-)oGt|Ffq_2PyT>T4mK!1 zz;6I}g&nutfM%R+uTEl{W$;26<7Q8z6)7`M5-!RKKy%q?A%XMHaJdQ@JS3(vxjk8& zB5%KQuH3G*F0NNraO>79e?V|Nek*lGP@k`|Q(#j!N()gV8!l$d%;I-DGeh!7E^Vqf zPFYcY<5NF-^wpM1F?F~?4Rof>8gbf5%^)@vbKR?_3lN$D;0U$DE@=4A_v;t7B9B&} zk_-M_m9%D4b3Ht>*Ezzo7l$%)u)9Eb{rkGu9Uqg-mNl4%0|2Vc?0U9HQR>KXs2695 z1~*$)4Dh&}s)UqO@_SZ|DwRBghm=dpCi@a>;~}tb^W}Ilxs?1>u+mVch4g$o$0^fb z++H9w94F!1aD_Z2)M=?>AQS>?(;>3UoDSh%A=y-m{kKoZbQ2#CrlqMtD700;wmbfL zuqqLTK$Q&QuPYMBnOsa{kYI5AJ>}aYT-l!jOJ1%vaD2&a0Mli&5tMfXIB*v!y(XsS zW}z+}##(H&=*p9c?K#FZY#+r`p6+aPyV}(HnmHN;wPfh#bi*~%W7$-4V1Ptg@DIF^ zkUXT<^SY2JoDzd&m?*>{tKo*F)YGrx9wmgHQ7o4$Yilw5MwhA zt`D;MCElg%tI|}&0QMt4thL3G=`2@cnw+Ry2mWbL$+bJr{a%8Nj*Axnz38b?E;jRxE@$5{`l3_6PR78*S-a_>kW^gW7_vk7!7USJM-vJ^_UC z3UhdutKkhyrf+QIL^cCP>f3ll@JHD|>6A4dZijk+`JS*Gd$&bYbRUm6U1C_uV`q|D zk1>DbV_RWvJ48Jj@`CIuzD3&gOa~Fmv9!xn7#UuOu&3pkbcDB_=mV3p@Y=QU8C-;Y zP>ASzmRC}Q(7_B`Z27Y@YTz^C9Q{uq+o*m(u8)eTspLp7fF%@Fj4K49S$ELf08b@{P=*r>ji6euc%ih>NIr07T|WdzFf38PdH2FFW9EgpsG8`A!|L zIzg66M?{5A_4DcG&3ZlbUe$qG!4!TNli`GxB83VW2!a79Iy}DA?ODIE@VUEZc%5Ga zSN(N3Pd8RSA-X@n%%T}F)30GDFD_1jY)S2}9mPPXaK95~lTa+QG|e$=ssJd1O#wt9 z>e5Efp*iio%c>+GPWK(zCis~$a8c*bpvgR_c=+$6s)RWdnO+A&QznqmMOmk4(gW<> zpygM{TrTd2YJlHV++#=nIv(cXKoWOyj*O_dix-Gq)vYj_A~qy}@&7twM?XzJF5W@9 zFob@%x*R^vmP1#Gs4&USE|wrf*|bHNu`cEbMBgFgZ%?aFL-k8{S~tnt=GvG^}>h%f>hZo?TT(h4}V~5FMSDaU%aJAkyWi zQ#d&|dgzO#sXdw?_hNaP99mK)Jt$7G6@?)^#(1EwR;Mj1n5fkXO0*5sa=@w}>CUpA zK^J1Z^$rrO(f^Mjd*_mQQcxi{gfZc(5;LFiU@T-Vf|yRxWbJ_px(+=0Ig#}2#0zg5 zf(osQXUrF20VR|oEElavRjGOv=lV63px+sBAiar&5_D;?FbMbYbzj^I=r#f10K`Gl z0YPSBkCU&q2snKo@aE>Bdy(~#)&AJ5qnJzfbad;ykz+^&P)U!K*yLPf5~iDn5lOnL zeo8@i)V1@-@!rbTcc{o~x#-o+aRjZS$czqSb4XDX z5dh#N0RW@OoXU0(0Sp^;uG4EId#gi43z%!>gbNV{=X@A&7a$w?*uO%aD8TfMB6wG( zLhVS`TtkMm*nsz}iEgRpt_Z8dkRT=H`65P<_rQ5Lm+TnK#&EPnpN*f>M|UEcqCeiV zGH6M$BsOxQZi7&W0@ccYPQu8u_43MDf7!I++=UJm3cuYoVWKT4vzq!kAmX%sQ;$w2 zX|2(I3bkms^g*J|3uHj{=r^}RkzXlW!T&z^%Pye9a6*u)_{(oC@f>Ypta4v?c6>H0}`&b*6 z5bAwKcWcy~Z`EVLL~aOWz;Zm6If)u(22OY!*cdn6MDKPYTf?d_S6ojw(=>P+?|>$P zsG(Gv6&rVZ_~OlCtbK-5-rTmLuQXY8bi`4~D)O0U$7GrP<25GTBD@}YU`0ZWGr30t4q+Ri=^G+24KNb7?=mg|EAk?7 zX_D%h<1E%BQ7Wsk@`JU?94xC!36lvWw6gqX#2O_YF6!!TZ@Wa#6O4x10oa-pmwfE8r7>ZBLU2z85#{r+oKaG7(HnhF^CA{ja*Ln z6O{KQKonv$pkd+hPCg>062uf*(o5)enEYtU2R2DlP+bg80movB(L2NpI-A?&diw;g zKv5DqBsuzSce=Po%ZV|ym6*E5Y6W!BKl2PJH^4nho#b2&=&l+ejQSy&`vHnG-=A{B zGVBc-+Os}jgzOAnF1Yw{Qw8Pbp8^tRW7#0Wm~sSO3$=km4J2lXPO-MArA_mRBFqP9 z!3|V}Pk}{Xw-wHPV~WbYrV_EQg&P_dqCHf3R*;9I5IaH<*{r!NAr64B#6WGxiGe-& zO2VCaHu~>c>3}C_R`)GrwNgs7GA4Hh-Q_mR)_gyMPZYqE%Eg(MbwHPTvr<)yVT;L= zu>atxZn^r``gvv@77dLMx%GS78sso#qo_^y=_cK}{5jDZ_Tjm3-(OPQ&k_4Mx7uvw zA--^9iY3IRjMy@`Dkzp%`lEr?a&~hs9#*A6E+Ntq_ZSl^8?flCXBitQ;#%H^391!z z-<~r-|CCP1C@3Vx%AzlBYzy}^;C8^DWC~U_mV7zs=tyMl12!pEkzj{H_dy>#$h**7 zz*nr$A9~$m$lS^O(Og^5I?r1jd3xxTo;=pmzjq7(pqXID6KQsK2R4aK7bf7bLS$r_=Oju5Tl0#TehXNFOp_FhT~jz%z*T5Q4Zs@l?i0hXYz$Bs;;3%23zA zMJU%4A~EUaW#JG?JI-$Jg=(<_({0+`csJq?sFXYzQN~RVkU_t5cK}Z$V4m2hYhP~R z*F7h1>2908#|X(Gia2>PeKy`=JRH)!w4+is1GG(h6=I3tbEENL_o?&0l= z?dv{WL_7)cIQIyK2oI*)d+j(57iuyerk?asY7;>4HR)_IL{z2KZ)ThKcQ3CHD}0cj zu_BRaq`>N4dy4TBXkWc`JXVUjjfGH1W11E|RhZ}5`4BBuqXd&&BC^E4Cg!B+x7Ax4=Lo+hYNpJX#o7KTD*kGvm_EMHSTg#r!55V)OWaMI64)aO6eDP z2)Y*KRpPXU%BNk|Q5tYgLWHAmjb5vS$6ZJIjcZ8n!$&`=AXH@g~m#$XqIKRdub6KnmQ`dT(UCK>f*tIF-UqgK# zxYlmkB8?8OCpXtP7g<&IJ2szv&lm3YLX>^*lS`cXglJ~bi}jyq!=-?kIvNs&>0uLi zz|KuIbLt!LV=KWm8{6IMMuAhkbzm?Y!f~_&WC^?z*QA=d>ps7CQ!S}0DD0q+WteJi zj=wv%HRpltXhb@WHX`=e|+$m)Bp6@wu>e7lp_B^fDb)|(HsEPxC>l_qaE$upv zMv80y<}2i@Q|5CE3*)O_hj&R*sF1!3{nD20+O0hUJbxje^?5c!Yc)bOYiYD73m6#CI3C$X-S^SsK`0>2 zkC`A>JJMuHz`sSFiBnm_z*D;Toi04fDu?m~YDB7{F(&c0PUxvuLHNOz z7x2WW4D}0bQz1GcMPWw~3p2W9{Pb*r8oC^9IlKRST2Wq|iAX57+yJPEV)`9}ae*@; z@x-t>MNR{JAjg424#y4FYpw+$*gCchRS8zRs*0s#eJbSGqMryeZgh=KiUxqto7}8W zN?M!>Ado&RMX7k^bq5tE!}Vh_L0dtNyxF7k_4nUfJI`;Q5Q%ZNdr!C0X8w?GM&)`K zk;`mTBruj`7w`TUcX8RNrpX7F+^DyBnkhsLa?avZ$OF$U5rp03W_$uyLptE_B0}Db ze05(fEggi&mv<_z&=yJ^!<_Am?2z;lkyI~$eH=!?VY75E&3IKVDsLH&7KwXKYz57z zo^~4aQl|^2g`Mz_9nq+hV5+5?lx+v5jZ@}v0>yW3{);?y(GucNxT3&lm!H)voCNscOv>RcG{*l~cNEBO7A)O{U zuK0}E8f|D9Scv}t$Jb6OC7i$~_D@R#fP?I9uO*JK)IgO<)o>U+Pjj%PL?5AvRaT4q z*oyrB_sq3Ao`hIzUu#MsL^M^1puxL=N3><5JN)n0$(k89>>?7@#wp_Pnkv^(10C8Y z%|7G0Xba}D&zWOcBb6C_iryJ1!(t5tFA<72d!2}a;CJ%Hko}fq!+kRp(;)kTi`iXq zMDa%lDtxjH1d&hzsx0F(%#~7JZx@Pd@7~17kMb%ZD z=c^tFprv4zofxCt9vTj_LaW5k#BCB}GT$Be$UuPg6qZEnpWf>7b@x5Z;cn34HUov3 zIA@n2oL~*Q!c3lTnY&0v8}y+}M=4SVE%rh$oyo=yQqHW8bP?<z~VR&kNAh4;21J%|8HSVW)`Vto-O^^?I*JotU2U2xhzCrofE z(QA>N@v$Z`eZOf{osqIn1=(sK&Asx`2L~FiR)2jzob~s%!`Te^?zxx#WVpUbwm8KS zS7%aF^ov1EbAOZe#fdlfjQSJyQVXP9ErW8UbU~Ci_ySrMvhPXFDoXHTpV!0b zw%J+o3?&Gh&80XIVNrOX?7;9VYYF|%a7WOT!LJCD8#5xNW! zXsM;bjI2D%{#z+YWuBj4*LVsQN1zLR~EWJNNtDbo3=b zGdsr(Bt<^YoOJypLAHg~s_Q3NVIl>naV{%ROM#T&slZ$7DJ4|CoX{m+U9X8na109- z+=&FufK#aOmV_o(OM0>=3`|53Bfsxx#`J2tTn}$_0X>M2seWkt9RXD}OVPE~W21gA{T(5!&S&xU#MIpUxELEL$Q0|+<|w<7N@3MGIokfe&gKzm zN^}>?Y3dhRbhb<3=d$T6gcThWFDFqqkp2+hL#-OeL2lB7l#6DFNHu8Ej&bAa{A=-* z`un?L{b1SJ<=EH-1OuHcUh)X!uDA_ciA}mjkcFM7t~hN3W1!KXA!s2ppy@SCkd>2` ztLJ(_O)AaH3US3w6BF-fg66B!n_JP@*#=0)sm;O7!k}Q9NsEM3Ke_s+^L(2oCE#$s zkrvfjQgmh|MKW88$1QtJVkP1lm|~&gX{^Pw?x(~6Ht7r|n9caPNs1)%uBWp=Ea_ce zC(sMi2^(31r?OpwL7}Rp>GJs&VU~~=8TQ^p%dlNibMU+HOt5n%zSdx`NsOdQQNfJR zi#b$fNY#(D<12LQ&f%A#LHMRwPxBHFvf7g~O5<)xZDZGDmQ=a)o*UvoD$|}Pa+fq^ zXo+qdwiuTMfu;xwe@k@UPDaMthtiN(Hp3?I*J#bL4i9X4qFk1A9#|L+LaZw4WS*a7Sb)AwN0_Qb z@>QrXsqa{%2^M zeL4VQK1#;Kacl^xIknzY9twlBgh&bq()DZ;f3OzkGoAt9AvB4_gk9+*3f=k)wYVy? z{AvQKvyWRB|wUsWzE1GCECxP5W z9fRGwA}j(71cNUhpUP8Fl;j-fW13rMYAi(uPlTnl1_-n>;YjuhB-NRK53BoY4tC99 z3S3uuL9w0?dldfo3NNUZVpA_;iXfhnGT0E$YN3cM{0v*U<7XAGsr04c=ADMpoe#?! zklWKEpV3an}P@-UG%{Ew)-id~ho9 z%yoqmZ!&*M;%3Vs|G8=@W^wVJwo7Q@g_8B<`f+eca^)7Kes1cDg)I;okcsSv_Hn1! z+>A|qm|A`Kt|#L)uuAzsqtgw_bv;X+Ch<9jiV=AIx(0eJ z{0#&Wcnk=rAkhH3ZXZ|6Eoz^m$+Ie!XrO8;1kikn7o*{7IKmh-^RVMQjuvkMcrFz3 za|k(8HO$aRVT@&Ha-r{@rw6MfNes=Z6^L-=u*J1{t2eO&1QYMd@L9B5I7tWS^!(U$ zr1juCjj`o-i2BfhL`xGhC9_DY)P6>hfcL;X7Pc>y`cC?7pLj7ar|BQ+rA6o(ZQgEY zFM+bb>~_%wlL;nA0H)Qn69A|2E>D_mMdb;jTd^b=>jz_i(z&)%Q>9pFF9e?q=}>$K z6GLR@iOTGDz8Kr7s1|&$AhJc!#Tj~<8J|vosit2?=_+uHA}w}A*Jbh$<5gd_5%fTO z0;J3i6y>Qg4kZGp{;V$m0yM-1?b6wMP*MBG)N|+thrwMzON{#2=xEn)q~4;O#Vv|B z7JIsoI3-0QDELZM3|dTxSB25kZIPnD@$_C`ARdoggUUb(BH;n4J9_{t4vW6Rkn8D4 zJw`P|`oxHB9Ih_C3S`^2$*5=*0F zG{pd9u@*HjwMJMk+_2_Ju|Qg4Kq5q~yjf^$d?ypJ=+g0^Io%DHEVgoCNF$ zP2GOKTOv$ajyvdJ3G4D^eSko1GS_a4+$^>r5UrT2U$s6N<`IyNlu=}=z1SLel9Rm?k^>l#r=;7G=Y*_qKw=r}cMeNCi$vU)B z1^_DRe8vu^wqpfxs4{wXCEsROq7?{(OSF1wrOP-%6?*E>!ABSZB<;>cY)*vXU_(D5 znX01cPv`-9XJ_B9n&ZXRnJwVT`JBm?6pjvR{c+YX%CM9Cib7$N-R{#23xEz&{kNSb zH}maMQy(=C7FSu>sSg}ay}puaNYueN{Wx9L?@Zy95Sjw@4hE@3mxtyPXAY};YpAa4b!uWEs7t~wJw>&D?*iB z7U0b`%7J@BcgVktDAT4(k(E_5c@$%lHa{ZOBd#^S0XuauyBW^W2M)LN-%L8Q89d{i zQ?S7-!&=^{^aj?u*r<5U2)U|L@nIE{(8;XkC+BNWfhE!3LzHfwq*lc$k*vi|OJout z6@BZu5vcY^v=BYeePRe;`&^MdKyw04v-lUf_Xn?x06FbLOLZ)@^H#c1mu8W2B@cTt zM?&3K+riZ8oaQ>`3>z)UyiRh75LnmnL~5_cl#~^f-!gIp^YQmPHenStfc~FViSC`N z2NmM`M>Rj{-Dk!5MaE0206OrL7v7{BxZFx$gkPLPB}p>}9I3EmNE}xX2AoyhA#(<+ zVjd_~UL3+mac1h=1-*%j< zX*DmQ*HV|4m~W@qb;s1fKExTU z5h=_q*0!m|K3}u-m(Gc$8d%A^5cIOyK)l&Va5B7`Z4>Q@$)C8QgKQKI-zu=3aH#VA zG(cAwwakk&NIJ4Jl+kJEAZG zvhsQom;y_j^H-{Q4cG--#V2u^9_llB)B6sHC(AWwt|sYn0$*VPRXv){Q4c0gU+2#Z zlI)-!b~62H-FWSdYn~I!9W8W+eps#$n4ywL2C6$Ut^eV_|A)h*S_lTRDn=Ox2IQJo z>FQ#RO5T&{qH>>EU0Nm-gWwcu*n8yACM(<|^gr*2-^WMFyr^idxFy!S`hW^M*9g4+ zCarv|3|0;j(&#{C%a>0u)JO@I-EqI?{$;wI0@eG&9i_pj zpV@YELGi&Dd%WHU6V(hKY`U4Ho6U`knPWI{wSBq3Y=hwhh&PBp=*LcYe6Tgn*x!B79%tcYwN0Qm<##_xnH(vhm1Txkw0XV5*Sa)vLwLAvsc^>AT$3n6*<}11*l`39_bd1a+DamKc; zj33+wf(lmU*}9)+k1pled>D8_aI*%Ar0*joU2trA8D$eot|>G}+v|mVlXFSVs9slx zIns`j_SWqjYj7~~6iv{O7NCMSj!SPm4aUOItv?Pv5GjBPo|;A;|G(V533yfI@%Vqp z#kEvXQBhH2L_tN&4PjHPY(WADkwisBub1Qkfox`hV5!xL`$pZZ)U8_gweC_&t!vdv z>)O_>)>f_5($-qFeC>Z`-g)15&OK-DO>UC@p67oaO~Pm9%=^Cc?#np`-=PkrIceHy z+Q|ck12>F@iM!Zi74yjM4xf@^s5xnXw-wpe1m*{@>p~9)W$$(3Q}k4&Wp5v|%AYUi zu>RnhK-QW+jIi*z_NtyQ&{Hgq8uk7)iw%WSGG9uS08tKw8@ zS(*m5DLAqc{#RgLo0M-B-Q8LcsU2o1ws&h;5WWtdGUedn;YTfiJ*@tx|7P(2;j@nlih^JrvIP8(*C6vN=y%H8pkL>}e!C6W zV$0S2f?x=6{2#B~@khlr1J5d&^3Ba_Kmq=VvI)rH+6jMH`4L_|A30n*;14UG;pHol z!?iX3u<}V>z6Lp52jUMauk-S?$l=oDZy9m0AO5!YpXBe~#PY+We3_RI0YBii2mY}4 zALZo}SiYl_&+_v5EZtcB&TVlG{&P2* ze?#FP_&;9%g8wnkgGro+6=x)hJ~4JsXBNufdI`b{=}kW)kyzJ{6fr&{pzz>Ti$AQb zq7$8b7Rz^&a*^H!mJdU@^{2U=%F_ib*YfL5mY2x;kM;g|k>#4dH{_8I;7W0Yv|n_g zOWz2VPn7cIKKxlMFO~8|Mvi`dfb+A``q}yb@*{DG@pCcgUB-4Uk#;c8R(V@kk@5N& z{7-o%Y!%(-amy3Vbp9uMz$xQ`U!=A1NQsbZlVZIuw6copvu@ z%yO+RpTlykY~RZAangRXxBpxYc`@8m%6>?}-=TCIenH|40H{-wM+eJ8>E`eQu3hnm zP3Mt59#t$KDdia>9}4Ud4&&MEI)H7>L%yxKitT7^#Um`o^tgBwnZ^d=`6kPs4auLN zh@kunmTUPncniD{Ow$i;H&^;}j$?UTxk3B$SUy7DU+eGhWchk2FM8I+?<$s`6_T5R zjrJd5xz_i*nMeKw%LhyQbA0>;Vu+DAp zaa_wf><(pWp)u|y{;f+C{$tSS<5LB{pZ1wi%v%E^miw-9R%)^yA zeMK?YYGC<6tKNKaxv-}kL%ola1ZIz>x-njc`D8>CLrRW2T{ zvRtdXpRs%wdB5=Kpl_fc2#&!YHl9VZ$$l}Qa+WW}KG@1J9Vd8S%wrw3{^yZj#q#|i z2p0yAU5f!d!t#pjIE?jicq>O3*cMM^Ka7fNi%Wc4Jahmk!*vV(u<0$jmi&QsE?_&0 zpsx&-5p2_sPB=ZAZ&Tv*%DmoNY;S6u-YBovpVN1LcG<*mZ!mtq_>Ew_H{$f3@%|d{ zO-!KP=8ec9$8av=aBy57@xxN%Pt;q>dS}GxwR*h|Sg$!w??kURfb-}3+5V!wJ#jjE z4BMLx9RC4e&*ftxL55I1U>o=W*Ao2U@;OcUhw>3DkLwdC{Tz>d;^I5V$9FC3of4NH z^*-M|V7*odJLFGn1I0Y>DUMg%*b3ui^X;E;;l1y}t6~5ABRf1OPep$qH_)7FCF^a9 zOXnv(oi}yC9{P3Fw(tY4>G;F?{kuLqn{PX3=P#D?&3%0s#D3U4PH%wG!|*=i@aD_# zimF{c55fflxQ5{m8y}vhp+8r0ID_K+neg>#KHI60c8X?FIK^m(50>^%_UXGf z&;9FJuK8zU9{E6;P{Bf)44?gr`B=*G=cJs+!bK1Hc+O+JNm8%V$cuq>vV5+TV?CYf zZLDFP!==utMvigm&uRH)O#LhRuh$#FdJp0~(iZk>H~H`e&_XV(Q%RkoJ4gZRz=%BZ zSuDRSbpQG8{)RmA3s^o{-rwNkcPGooN_mr!qdx|*zix)VL+M1nUg`BFu-;GN^ltXy z4cQq3(%XaydF1o+$XDi(ugN1{n?sKN7|Q;d7E?YF!t$XICubwE8$|}o*lL#F5|Ur*~D1Q3UY* z^(>F;2Z}*Hj(vvxXQ+(ucnfU|qKTot##PSpy+GHc!3+mz9lM6*Bc#06`=~vS{4$pB zEAKa50NH;akNj1Z$HfoJ#RT@zY4CT*2bh;){bC3$@&y5Poi;BkeL5zve1(i>ky(I2 zKhDo{|4Np(h3+>KeY}4S%MX!q5x=!8*YbKO`vJ!tp>*=PEc#+P>ztphgT4^!$it~a z(0wtT<(e-R=ehr!Jon$q^0>Jd`sz8B$E_Ej{G&W_njnJSc=+G#?TGd3;b;V|dHBQa z{rEY(G1&4Da{2i*(MbpU$>b%M}j)uQo zUSfSVD%6I4!8&84j#wKWOc4kInwHt}FwMlX815Oza@;GIVI;n1`c;hPeAc0$tPQb$ zyprXb&)2YAE0b$ku8o)8V!7t)O)RHhHh#Qci)pN5A1#2t!@f3~uBdYk>*VTB>rfFc zEgq|iNgTV!h@uS~My@;`$Z5$Hj}07-=C1)%x#QP;F+WGJT)Tf3%c+gD{wy+^DtLbb z%O}F$vdmzYhVlzoPQz1szc^2DC(FMp?=M$sPWz)x2$o}gck<&+ok07uSgystf#pZZ`-@BhDg7+h+PFLO$X{f+)`x6hIsLNf z6Xyp8?2QrA$NM8#9@i#N`t!&eSYD5T*zk+YqCTac<=WW!PL{WX?l%Vv@ctL`+`l1@ zd;n!^{CW@CAHnjt_@QVP%bR5U?A&<1Z#&yr?;NQ|Yt=!#xw(7n9)c{?djRvkch>1wrsQ{&4wqKP99X&;*u;;(-0kWM3yv zVx71$jZu7#tayN(#5YV|f??gtc3y|SU0g7%=X_W%vd(g;Q)DK{=*JB#5A`=- z1E(%1A3%cmvk)jB!Sc8@Figv3?DNQc)9gcx!PKCgcD57O@1XoLmY2cbF0J)Goe!{F ztB0?$oW`;?-^9M~XDpA)6AXV4EqurCiK4umo(V9dh#?4KXO-~FWymbc4&K1>*n z!XOBhf3AbYz~{64T2!*>L>sHUjni01D+|}NTq_IfSgw_Y_gJo#1#>u1pVt-BfHw%V zK4l`ywfLXJaxMO+v0RJ)^(@!ozmDZvS$>b@TKvt%e|-8e4~wa?2SKhpoXR>hys-I< zjSAe4<*kn8adE^jR&^naTXWdJFrH)iq42jWYhwQT5zFJsD&D^(4NikVn-2_Ud0akW zomtI(j;!xPc~9(;AZK7WEo?{g)oPZ<`3mp9m*v_RYCX#-xi&A-J})-1oQBj^F6JZy zX|fSN@4@g(SsphAKzUUjc?-+6d|J(NEuZdXxt6~5ET?S_n?7;ocq7Z>(q9bmA9x`A zfa_NLVeiK_>j&P4<*cK{u_lKc%St=Tm&q{fIEnYQi$S)A_2x@GGftvGGx~cS>%^r8 zU&c`-z3Bg;c`NaF)KO^QAkR0==f+7^GN|w4z{zrUfwU}L6@;y^T7iwr|h)x6KjR9vRrG+KV!L8X9guPVnHw(e^~os zAF7Ft2O`%4|$_tg4! zYH&F!1VP+5r5N})mTyEQ8y5DH?|U2bSx0NrSF$`bmO&flh%B|o*Rzf`*ICDMtv!B^ z<=e}6av3W|MwOiRHDo%(m|-aE#Fb;rzYEy!Q=ktG`4z{0qkTWxz;-5JxHc?4%Y^0R z0+z?c73Fube2Tmu!sq~(7Xur_X+0SJ4#h*9pV-JYXjow5z+(;!V<1%){h6&&mhS|* zE)BfDi@vyu;}AKsh`vaBUv%cMgYmeEHI-MG!yueGc*UFwK^?6+8cf|QHr%Qmr`rUW*Q3ygit z%R2Va?eKS~JelzVjfgR?rjEk^f?y8*uy%^ffC1%oET1Uld`7((*eaI)FnbJou`e&T zvW}M4=W>LBarlVkJIOeRa|v701Ur7*hizvI`|2I|JLHR*7bPz2f5B#FY+m$B^c;p& z!?tLd#ri|6@3iL#3-7;-N?k89_P;r>@yz6kzy`C;l-Crcy_TUf{>T7+)EZ6dKBFiVB5$h+>rk|AO{?k~#gS=nF?|PPNK3K$U2rEE7K^}BUiCp%g38oo+}@pW1YA@dI*I3 z5zFK149d5p!C96MM0p?1a#|X-X%uU^(^*cid@8!psQ*+K#aHkHgl&#D6%;wf1v5%R_l2_C6Q0JT8whe&?`U zTSvV$&;8G_T+M%$mti7p`ox@d%fnCreHH$&@*=ajiSZlGay9*V0YQeNLemM6+1lf@;>j z>33+86aCo2I)kN-*&?UDZ8gi|(pU`l+{^N1@V5&C{j}JW)uDiga5^7_zx!wFnd7V! z)~1Ol)XV&kNk$$Q7fj0pmhXvbHobg)0_F2ruC*B}S+4ahYgn%3=USF)ZNghD*V=?l zEZ5qEA(Js-`dnZF%e8f!`7GD`x02;m7>MrtOS>)6)u7@+k}(OgnM|GdZY5mGMJIm`pz{H_dpzc|xUT!A+R!H)RD%4zl8 z^otW&K3&Qo|4!ljJBj659XXBVny;>BdEB_A7{Xk~@?3S~1J=>%NPjY}uXhe*xpx0l zmTPT#9n0g=h-p~G@?35DM$X54ZTk8gVPSdL$a1Ys9C$b=!KJ0Ol;!)Ok}VJ7oibG{ zr(moc$^#xN!SGvHuK8*;%O^_vaKAl+buY`0lyW}Ui1ydBJk-a-{Wuh*^s`(`-#{wJ zL7>I2l;v@GiT0~lz9_{ z#RK9hpOt@)?ZlfAid{7|>HJZ<2D8A5`!#jE{1}VK~UE*iRkscgUZ%&k=n_`AiH*ZzF10uBEq~ z<#Bn7alMS?qcIShUa@xg0L!(x$g3=`mG|>=n`r+tmTPOkgQ#%~0&T8Z&T{SknmqTn zvs_y*yo}|$$oTX784$%?I6Uef{QbXivPAG8iX&Gdcv#_&DEv`{Kd$h#3jb+@4}{qD z3p|$!iQs4QpDrDVV4cE$uJ9)n{#1k?!11vH`+FkuB94XS_|HV}wEQP)Ab&>T_yltF zN(9d<{DlZV0&YjYq5trre#`s`;l32nKM`c8Pvc?udrQ_`3BQX(Ir$fJ{FMk^j@Y?@ z^{t)_>1F0mvV*7&0{e>jJ_+~(uHDQp`k4sUN9>~@5&T-=uPFRAg}ZF75*=U|6Ac-D*P*jUD|~Z>Z=vw56uz~>2Pk|Sg%4Et_6o;0XGE_=u%p6vR`_6r z@2c=23g1KF#R@M`_)vxKtMFk8-%sHODEvT$AEfZ4!pjt1uJADmAFJ^33O_{QhbsIq zg-=rW6ou2l^)R`^j0KStrlD*SkbpP=xR!qW<` zRd`0>ixgh3@FfawPaoD*RN1e^=qBDg1j1 z$G7H1uS9UB!p~Cp*$O{b;pZv*0)=0s@QW4xeT84D@XHl`rNXaP_zx7mM&Z{g{Cb7o zsPLN<{$qvTs_@$teuu*ERQTNrzenNsDIDLN7rhd}0}6jo;SVYN5rsdd@U;qmLgDKa z{-na6Quxyfe@5ZYDg1ebzo77!6#grPzpU_IEBrSKe^ueHDf|tEzp3!wD*X2fe@o%- zDEvKzzpwB=D*R6h|FgnBRQSgV|3u+`Rrse0|C_=$D*PV`|4iYZEBxOI|3cwkDSVT{ zzg9R*rDLu{P^9pL!Z%a+77E`=;ae-*zA-)=*+j67qCZgK+bevK!go^mV1@6Z@ZA(X zMB(^m$>@~`_E31S!uL}6-U=V8@O>4IC+VYCBG^yi2PoXW@jq-U5sXyy4^nti;iD8j zTH#|9K2G5WEBp|JAFA-f6h2YmlNF9{^o?FH-&FYF3a?c7429b-GlauV1hW*$pTE>*bw zf=c+FL~yyHf2G2&R`@jvU!(AA6@I{hF3g1TI+bVoJg>SF$ zK?>hV;X5mQ7lrSt@ZA)?yTbQW_+AR%TjBdCe3-)bQ}_W2AEEG(3b$X~3YWx0P^RdY zD}1!V$0&T9!VgyXAqqcK;fE=FqQWODe5%4L6h2Mi(-l5L;WHI}gu-Vlyh`D76<)3I zqZEFO!jDz>@d}@>@DmiCQg~Y7wF=KDe4)Y@DZF0cOBLRz@MeX#D7;nSZ3^#D_;Q7> zQ1~edU#aj@6@Hq+PgnRE3O`ffXDR$_g`cbN^Avu8!Y@+zYK32-@XHi_g~G2=_zx7m zM&UnH_;m`uUg0-J_#JQ}3(u`R&gbsvj4gCOc;XKE)@`OQqO-N!EhT~VBNqj30_%Czf9df`?4)cPV)&2aX(VhzN~>7;o`W<~;oLJa?5T5LMG z9+Evr9-|ZIA-?-&_|Kg~4F9o|xIB$(RDMBRmOjG=ZH~X`DLVuB=RD%_w5$y1E zhp(R!-#rZBUkS=Wdcq(iJA^nr!5QKW#EU}=|M39vy&}Ab4ic9{_*CNiMfiop>B-KJ zY;!772Zb2^V>B0b3%yWKTak-J;Kd56DuR!d<&5uo)FS{D&qVg zf#5F_uNK7oxdRpbng}l^epG}nA%1j(Urqd&2!EHjJ(cXmMc>4~kM)56I+(aTm23n{ zi8n;_?;_q9;hz$xCr?7M!>LO1VQC>T->O?Bi23tN(myN0$5RtE5dIe zet(32Mf~9ipGYs-cqGElB>rfGe@^^o5k8xm&KD#6Y~sI;@OOy665->iseLoT&nNy) zg#Uv0A0qt!h<_U4L#WB#7~!qNqmRqHOnmc5M>vw2czOe5$kw^Uw~OdMO?-z4PYlM} z>1pPWox_Ol6wzNne9s8~l=uM=K8?DT@(8aZK0CsHLwrGmZ$@2FLxh(T$G2OBuUg`# zMEF(2&yMil5I-lv523E^stA9AIF9bZ*Biv|ig46Q1ouV8IfloogFX#L!U2$-*yT6S zk2MdRI{6qo)H%m+>QrMmb&@fhI=vW9om&j2PAP^{rxC-cQIFx&NXKw$bYnO*qA{Er zxfo83Rt%>`D27v`62qx6h~ZSZV>ngT7*3TehEt`9;Z&$&cy#=RN(p+pG@=eXI({?y z(eaz%(eaz%#rP|7CCpn5V|aA@hDwQG?})D9LlwS{!uM79Foh3S_fVj`d?tt0m&f^S8b z(LYS#6BRy5;gc0UMd4EwUZL=53O`)o(Rm6gCW7cZ#qj7n#qgQ`*SrLXH5geiL z*$SVd@G6BLsqnc9uU2@C!jDq;(F#9C;qw%Jtiq2|`0)y#ukaHTexkxt3O`BVX@xIP zc&)!dn&Irto%!cPMRrq%mewxBhSNQi7eulzVDf~=@pQZ4#6@HGw&sF$&3O`@r z7byHfg1=a)n=^@GBL5mBO!9_zx6*jl!erMW~nveyHeQ ztMKa-e!aqPQ231s|B=FPQuxgZ|FObvQTVM2zfIw{EBp?H->LAs6n?kD?@{=@3cpX` z_bdD-3V%T14=Vg2g+HwDM-=|3!XH!k;|gD^@SiID35EYm;p-IsbA>;t@LwqWDTP0+ z@MjeMtiqpD`11ukb%A`~!vmN#TE1_=gJrNZ}tV{4WasMBy70 z{#S*6s_?%le51nuuJC^-{GST{OyU1h_~#1$x5B?r_?HU*O5y)e_$Gz_pTfUZ_O(enf7l|(Q{(XUeYkqV!y@M?wEDEuge zAFXhFi(~Xk1oISrtiq2|`0)y#ukaHTexkxt3O`BVX@y76fuL6sL9L=+r|^uz7b<*_ z!WS#NUg1j=zEt7S^DQR5jf#Gg!lUP5jGY!m|73-?D!fhM?F#Qu_%ekrS9qtwS13Gs z{>S*?+lu~5g?~rkrz-rr3O`NZrz`w>3O_^Ps}z2w!p~Cp*$O{L;pZy+JcXaH@Cy`v zp~5dx_{9oet?=(F{1Sy2CklTc z!vC>b5R?RuI=(wLz;JCo1io!*{tW%x8F-xj0mL77c6Q>sMiF1@_zuh`5dWFuTQjdC zzRvLjnO{Ww=Mnx0@h2VMkM&<6{*>c~G5?pMKM)dLBHqWo2kRfG@EOFParSp){UyYo zb$n0eX9AD&=QRp{O|i3)`18*G32grx5aBrc`v5Nq{_XUqvwoYRe>Uky?cYfJ1!w0V zw)0cP&R;-tyWkP0KbZBO2L0{Cd*-)f{w8z#Z~J>A@t^h^&U*d%_ZHyT?clxiBeM7& z%uBQQ80O=cTl;gEPt4+rnNQE+-(x;6i{HTfq%6LU`Qj}89`L=2{PS5hKAV8Y*(*L>M=Jbs;Fzupv(oiv zMSoaHy#0|19|aukPfP@K4Ku%jYTzZom;Lyk?#Zjm75xX9+c!DccIlgY8~fQj!~7Bs z7jCEPJm4k4S1w#gCS5PFzI_u6xSg(lk^Uy9Z|ld{p(fl{*}m0J0WT5nrMLPwu)ck> z#T9J-HPZJ7-}hy{+djs=eKK_-^J&0Kf__E(&%o+m!1}-JZzQ(9{)G8g%qux1uali3 zXUF-?X5f7#wBj$!@5%x7(Dz@f~`nNQu^fJ>Mk%lvibKV!a%`KwzP z(9HaP;BoEA2H+)u|6agptUr3ViRTq;=UdEAVs4(#3j$kyPFMJi%7e=958T_6HzKbto)H_s6U!8DHNjS7E*`K+ysqSgPm z!goHvgnJ3=+jNa(zK(e#hkFL_y#oInH@J(gtAWSm;~NV9M6o{>DmeOKJT9KEv;GsTZ~NhW!6ADE{<(6S-ig35p4s}VnSY*T=N+=+ zpL4f%K3DXoj*O4z3BXGN|2#X~PFE-Jy#oInx@`w8QS4l+@Sl)<|J=Q`|03D<&&6B& z9{@)`Z1{$W$F3Zo{*V!Id?@qH2N*@Tovx`0uVZeWD-8lWa{WH@P2V*4LvumbT?&7m z`Os~QUW)aDQWMW?K9+fQyL}Av?DnvY`FYzK!xe1*a^NMw7Or1d!F*H_`PPoNF@G62 z`fWYivHt%n>93FUn~5@`|26BcXFEfI59Gh)uLD^BS1de>g|mQ{i0>2GcI;{5+qigI zzQw3`{nLoQ;^Jxb|3KV-hvg6s_qcMj6V-p5_-he6{YRsIlpg^c{q_*|Yj)?pk@<_9 zA=5eBD}cxOXN|&dSM2|i`Muj4!{gch+X~;vJiDJwK!=O*FW$izu~^A}maiqmzT!mneVJ>Gbjc>|9_PGmd(1s>=B!^Xz*?*K>tWZQX~ zdG@&I6Xsj*820Da3f~SKUJ|_F%G>@N&l8Dn@5=xA%zvTi4}=1M@tn-z+Al^710I*& z0~P(Lz)OPPy7<_7bRlv7eInaGeyZq?J=nzOnVn6<$Fjv4z~kaGSJBTf|9Y^o)5(5V z$$apx2Do;Q`LbOMzk&510$w7%i?o9IQYerm!C>cS%lDdK;(sFBXLG?g=AF!sVLL}N zU(b9gTWn%}+3rRWhGBG_1-vBK)rD)v+piEG;<(ix2@c2noxpZr*g)4b=8LoViOip1 zUcnZZ0WS&mh}i!%>-R4zruW~&1VEzaXh^DgsSmsxqU=&|s{VL|0 zVEl;J{p`Ud%om<$_%-HNu!{NJJkYRTKDdr~Q7Wwe81u8Bzr|}0^DFor^P95xf0#eX z-0lGFG|{B@TceBtyW>*I{7LBF@UlB?l@pDA8MKRd**D~_m}vM;Cm{{o6N8se#PU<@ z%8wmKy$>Ay|I~O;hHC(qlP@Qteu>k!={kH8a{rw#%P%3muhZw^75t0%Fvo5AJajVJ z+0SvSe-?0z&w8l$cr7u%f@_&yz~x~#<_|M(ImrOae{J=%_y*<&A7b=v{DUbb+1X6S11|{BJFzwz2RVSfLP`G`vMZ~Fy; zqQi}y8M6%MViD}l{Kw4gIR8-QzhXX!V|*<0_h%bBHRe~)%zVro1KOBB!u)pToc+N| z%>T^%c-G$$29TKE$yEk$H4YA8zKl7$BRGcnW6aZRXF2mBM;g%1{4(aNnP0;E1Lh@j z4LFEP%mDCXNia5&Un_uPJm*#$eYl;jYnlImc`ftLnSagP&a-x&VeC9}lu@+$OPTL~ zwBcWKd@clD68P`p*?9hz^@qL{pPc^wY`>BC zB$tou*5DOI{{SeLCBcUgJ1Z6b5^yXJU$Z}laee%p^ryLSSF^<#P+m&{|9wE)u3kxe zhST4dsy3`2;A(C4qU18ln-*R{^mX$_>D7EWDBVwJ8I*IS$q_ ze~USHGr{kf*PLYZt)0)Uedf;@aWDev6^7fAHeeF-H1qqJbM*_JXWoB-QH17#u1(Bm zG5;p}a}3lgw0|5|pa)q$1w76VrzrdmwllEK7k;O^LpksABz=!2=muje=OTSTHz-%-)50fyqWbcQurOrA7K5Tu>OA(J`>uh67fA> z+YVez{76?mEx%XM|BU!2oO`~V!S=2snB(l&_MwS*RR1R8e~s9AMd3v-ktqrO7SW$h z+<({7#($}ze;@I`N9=q|{Fq4m4}x}~B#7!SBL2^aovRf7Ja8=Mix-=Wn#OmQ9*g$< z_cTXyJ~jYH{k!W8n9J?b`=sx`%W33Wy-gGTf3 zyO>`D9ZgB#zvF4+`5bVHC+qLT`ny3p6<2>tfR_Xr7cRJkuA_-Ba(p85$BEZFz9aMP zVE$7QEOGq1%x3||_&mk&8OnZcA$|WnP@CSHh&MSqHa@Qt_um7x@fm+2hTG=!ZG0{y z-s<>Jj?a6*F+LwP8E^~7XN#2Kt6L0DFdqiIB={Hq%h#`F;Bo$3spvmNJbHd$`;*ZA zau?6-Ii9Bw?{s`5^Yz3Ja~!$}y7oz?>YOn-t~k2rX)Dcac(|>?-Gx$*L^_TuEqrc z7sntC{Yr`Weyg?rJn^%fealOsT`LLBb{yPA*EPiLECkEEx&BOiXQyv@8AP}wIM;D& z|4QQLInLE7*hKsS$IoH==_T>yjpsY-c+0OC6uY{4U~`JN`KH9ijay39fY9#%C3A|J_*Yx8D>0fz#impD}b5II1LA zz2o~be~tK!jvvUpKNOgf;3miIxP3hFA3JXQyP+qeesmsj zHgW$wSzC{uC4RfJQ^w&Q)QWcQaNO3TvxrCMJI@fm)9H_AJ0sfAPPBbHo%kfDe>CfV zNc?Wcw`bnbj&|;G-1^~B;`ccY*-h8b4%DCG_!#D=6Su3OL15GMf5h#oUf|ASR4-dkD zzeW5B$8C9@v?4zKt-woyWlrDv`3>Uh9KV+BA9@PvN5`M16Mxd_+j4ay@uwUwV>_P^ zf7)^D|GmGB_M_wEsl=fivGWeN5^mbuEcQtcX+KInu$N}?A!kO z$Hb%K*bT&AaQfB{+kOY_zvQ^}!*Rra<+%03WyGW7?T3l`@5tM6!rzF$?Ce-Sj5`&> zjq0}$kB)C|ApUD-$NFId@!vRZ{jkq>(f+HBTm44juQ`4#=gULH-*9{{=G&fzcHVT{ z+Bu5&ZymRG))4=_<5vG)#NTrK(7;?roR0S2aopC6Q;Gl4al0<@8Sy_kZsR%gduZp+ zj@xi=B>th}cKoyX8L0oUszlK3Z%@4@lBj`&|4x8>mr;wv4uG#o&UB&m~-e%%MoW8B6&k)}&!UtV~cJ^=_nkl+o zC0^|Kw#*N>6!oLysHMcC&s$;;7B zbo{f1xc{!P^}}XYp#D&2ABOjIEg)`N!62~h{4a>_=k&+0{`4!+&H;|weE$LQ5sr^$ z{avp@{gIB__?%AsAjfSx^EvUPv}yBh6`a{M#)$Zv^{cHHLIc0WM<==h|JcyxU7 zZQ{}K$xn!narSL~Z6ZF-ahos0ufcE+cHG8i0rBWK;Y{Mual(4y(Q(4oYta57&c2P$ zQN;cCmu-B`Anw1vZ2kWdaeJyeaBqy==Z9#2va@gfKacp~j@uUeSHz?J`><=#PNmbg z;WiWZ-&wZ#{xtDfPT!Wu@zeXwBxpYK7{x@$B$zDdx;<{aX+PJc>2V`wAsjN=p7{@k0;&LYQcJZ~T#9k+Z% z+@9tSf+=k0w42e6|6cRK%!_`EyusPG^WQUw+gct3HeJsXZ*uy!o!s{pv=h~DARZlu z+(+D&Vt?+U1O^@@L9?^J6UXy>;{JQk_8i3_x1oM(ME@4zZI0V^a`^42-{H8me>w4G zj$8em?m+#{2=5@i!f~4~FB3n-aqH))ccPt@j@$P6CgRcY&nDuhI(=(@)?H}Fe<%83 z_Rj|5r#t=W%n!dC_0Mqp1m+hLKhyC8nE!|P*^Yx-==%OWXy;tV=P>_}`1y`cWWM*k zsPDfMZJ!9ej`+n+-^TN8;`S6w5Li3A+=q59b^12Hjs-rD!;-(QQTUr==Q3x<=I{3R zqy6YOXD0E>o&Gx<$hJR0{pk2)A#wj5>S3(^0`cg$V&4bQ&ehJojnCP{uW|e!w(~>c zYaE}({A=RZI=+Z``a!fG9Vh&R`1MZTmcyYBq5h4I+jjK|;^ymAXnHTU{|zX3CBe;3 ze@kz!vh~j`~ExEHoe~?{;1Qp{`?(r zdm1hX#;|{OU5j?6IsI*!uOR-I&L{Ob=>CH--*BAxQ*x3pP~IZj@xoxtMKm;kB&FqB<{bX zy)UP0+jVIFWoLgJ^U1{hceHK2n@9ZDPT!8te?a^d$8CNEKS%qoId0Q+JaPXWZCmfw z6928!-<#u8^d#E(z2iGE9|1hB-K!-1x17H9{{@QvdWCQIi+KA-EBs1@|4HE^o{G2M z0vy(h5}Zu8pYk)}{yX4%vceWmqy8Tv`rje`zT>vMeMtNR$IIBxkLC;{N;K zb*w-8S=9I62eZatUqJn6Ki)$8pHAP}f1LPdj@y2GzZcO?w0~bjJleni zht7-%h=9C#5Xw( z-3nb3UyhH@cYwqGk<+*B{6C0)?fBko=a}`V??1?7<8wA~|2=eD{_iCo?MJr!HQGt^ zXR~fUWfJkt9Jl?~GUEO_>9(9aM%;fVeGD5c`3>6N+S!@K{JX>lIBwgw_la-gxa}YJ ze+BJ4@BCof`RNK@NZfxv-TLQV;{JQ<^&Fp1iEr=1tzusKDuz4A@kPwriSOk29?Wkc z?!T*U)Ac3sU7Y?ltY7&W+TYdjU76oS+<#Zy=KG-6QGa)*Z}a8b#P@XkV79aM8>sKU zt3Ifo5&W3=-cH}P|8EoD$8qb2iEpAE|NZn1w*MgUXuaP1x2W&Gt8V>&5%H1EJ~Rt- zC4YzdrH&uZ{7T|wj*nozk+}a(`i{&e{T}U%ar(BMxsrIf<3m~hL*nM^sEBMlN4>%y;_(>Q^~#{dqC*xsKcPZX`a;@g;0$&-c+zl+PwU!s+kN`rje$zt29A z`NN9-pNaeLwjas*bN-0o`tP>e{_$4g$GUK>A2ty8-)*<)8uf>=PX2;;hvT+9{2y`uU3klv{RP8a;q+~|4-=2Z z^WaZV{}iWh{c|O8|GoHqIkI07_uq?eVm@I5+BwbHvEiOf{B*}VSpP%fXE<)d{nlU6 z&Y6x|I~~OR_u_4S-9r3qr$3tQe?;7WFMcQHdwz=c&vW{<%+CkDS8%=KwjSL;`js+Yj5qS zZD-M_bVEaPZMwa=HI;5%WZ;h{+9rbS0%d@8DD);4+*W#gUFq^7#6*382C&MfUE zLc6psQ`=mZF?yLgqgk;4Y*sC)s!pc7YI0m_rXiDV3x{3n6~?D8skZiXdwp%HzNx;wKHX4% z3j7N)Fx^y_s>_&+!he_6*9WP?XU&;BX%^hlu^?5MvY9iQoLk;xGpM?Ke5SKD(}H%U zjILOQ>8@^1j!w;8kZNzuWKxSW>AFm-6;TE!%c?0F#;YI#w>p0%%c|1tizl@%>S)X~ zwNGV}?!FZbnYv?I>)SJ}R#e?S&IVR#3XqB8xG7K=u{cyzx0ko1>su>lR+pt9@8I9b z(o{9%T5Wr>t-Z2(G@|l`Oj}zeXjD|E2~{LVS-YwF#+HW4>hY;r3z8KTeIBrNR(1QR z#&nC8sAMWT(pkx@sOU{Yb7w;OP44zER^ES{ElRFIPI=X2S?XxWFK9OwKwYbZGB!4q zs_pDdCX;1ApiD#Yh0Lz3h1^ZnE>5>X@k`gYw^i0+hSpY8_}r*c&_(-g*V zD@0Kp)%B?6u@a4Jmv889p@-y6!X7uZxE@+zU)G(MdQgwNwd7deQbNm&-Fu~Lbd}l- z4XtROx|^;kqbs4)SXNO{ld6X1e`fV4F3JDnzQAQA^cn43lwzIJi2fVcrW(_A~y@^U_@SKH7kW!v%?Ud zf4ykbo5D61(me;NQM`9^wWAR;X8f1tF-uk}n!`W20`U%Ttyb66eeAm5wu_>mG|qZz zlp8QZu@i}=r>i#<+{n1pw3n5-rg~{+1vcyI}{G*h|Ik8X!4WTtY)T<-s~rx56Y%4IbCuc$6J zH$f>cp!XD=URL=m#F}j+puyzfF(xuqmu^qnJlC_VkN|y#6`p+X`)H-HDZrt*UEta^ ztxd9Sf=(x^TglbP6z1JLVcs=uj)W2iLbGaNrM_hw;o4`y*(i4KE8X6mUh+dEB`D=|H3jv;z>@>O_~ z?9$kGYamIUKj45Cz3Rq!u|qVw0ukShP~L!%DyVC&wTBW^m!U~L4?mKr8f=Trn#-)l z(u$movTcp^TrQ}Uvw7V6W<|y)M>RGtgM``va#f*Gt&UWntdbsEbzHNeCsL`)?#`G7 z4GYQ4YO};C497JUv9S{EM5IESNuIEpmCWu>!9*iuSGRgRfvLg?j9R|Unipuq&6!h` z%J_q-4rDWUz7l@He`YK)rzSOr*OTppTd7^R@Ci51h2Q2@$fYFQ%pI|bR{ndTQSEWa z5GV!C6}~hz9oC4=x*pbdZ45SRK`FKD(RMwya1}C?@SO?x7@Bu*xa~|#Yc0xNT%byQ z5oJ2k_nDDUd_|hW^{9(ki@E1#-)0FyFHx8_Um8LMDcUf_#LwhKS*ZMIrI*T{?~<$A zyE5K}IjI{aX1A1zqp@M);sL(sW>4aS%eyWO6=}v?oXpL@b>;T5WXz6Ns@*4ZYD*1x z8>ZNmGvLos_}i5IZUlri1A@Z<=Vlw83u6hgjLWHz@Um28Q(dMr#gm$OZ6?f$>cc?| z|3!l&jDpG6(pk-m>T4@nTbtbyA!qp9j;8kd#!N^Q+VUx*EuWgBB{XRh`$9=lYFge{ zh3f-#4OPpkvqpTQQ>o^bw&a);^@b^&i_%|iLn)>`#Z8=4BWz_gb~M76f(v3?%WE{# zomrZZO)8TZ=!GNuSL0Ggq*^m=nRXYU$jv5^woeP~aFu24aD{|PE1bzbm(tO+uVDg> zse@A~#=KKEXWF!CSP!k4G_tEd)OCUdScg4*m-n z;$TY*i+>fND2(AKJVIu(Q?287pJTqXM!M6^wVg;n}x9!(HDr3wG9FGdCs*AWnDY5SM!~ z?zUG1Q;!)5JLMx`(WkRB)skt2-FetGZeNjFRvN&x4>lI4uH*jN6fQd5?{?u%Sj&eI zff?SJoE+P}xV3q?Y<_TD(0$_-L1U(|wq=EjrzsUjH7&1)P4BsxHrQqkXkWZ`X{vVd z($vCqeS>MhT;&;WHW-`D4kP@`q#N~pMs`GXdjo7INA@DI@lKBN2FVn34p6{(7aT^9 z1%^Bdq9&V)(d0wlwioI_+R`sDPULQgS3{;LSP16<(6yYybdsQwCqI*6S9c26W$;kk z;J7Q3%TW6@HX1@cc^M8;@&sR<%3d9$W!;=9OZLnzcMZ`5jfP!4Xs~G6J#WOx?~%CU zSfGXbH7#ex*EiL+X7E6U2`Zn9a)i_(OK3Df89EY<`GR?tJ|A0`OATxNZw0Pb8T#WTgAy8a4g3Mm^rx@0@PAkUfbNV!UZ;4jn^pH z66kSRs>_HR&MIxtHbOGZ@hKCFEQNAhxt95sB~O;ux5@EQBq$1Dc6BOz#)$gK*Z{{s z!?dVCJ3UQ|fd%1d?Xr(i`SQhS9-+ulbQgUY zGuM{$52!~4&Om$?CCj8mQ947s=Z;N^6`fv*x3DK-Eocwo3`-PgdypWLa;J&?csk@9 zE)q5Fh)I@5$r??3U|NTkan=!MRYX49rV#nmn!Y@loYLHg1L4Z1h0UR+HBK&@*BE)I z)W^y5+@CCk6)BDn&Y}HUhB4-jKtn{;K?&rXE~AyJC9`43mK-~kPuass@2X}vZ@(hj zH$FI;(RcqgYG1|S`m9vMxXT4u-nKm5LhIR3ZeYC}|A|A73K+DE&orgsk%3hG!peDV zt*{uMq7(0xGw9Ez=Jpg$)L{v-zRfI|rW)#(W-4jP7S?uw(mtJgmZ2Vu(cS>uHO@-Y zZEf%z1BS!f2BVkJV+hMC%G+18z}y12Z4Srbq>bH@zKa`dYiV%8`?n&Z^QMMMtn3Rei)rOne}Lu!7cM@r{3)% z0EP~$-H^&29p$$x4h3)J+cMdAJMex-Cv<+vc8z@&ux;G>EC8`r6-pU2Nah$}Up?62 z1L)zC4BkaOH56^=!8VLf$J0>01{)C9ADY?;OEUHCuxbYTHetO5pa@$n(ECA?lxb~u zE1IHeg9pMlWf_OS;Rzrf@tN@8mI#XWDsW?G^u`D(tDpthaEv0Tj2>GuLq!(}e3B`I z!ka5jk0-k_2-4&>E6fWX*v&3roEchjDBymvMj}&TW;8t*jkD{_FgI=iMTS;Zf#oce z5lMr3{?rl;1MG2(KI##mI79bj53TpS`hqbNk4sfoMix)aP}uBN zh&&yO3-NFa9jm0tK)K>-Mv_s!h(?&qdt8Oe+v-m-E7!1d*RBmeyYSHE0!W0Z&-AEo z4V*%OEfzEM4-J9gA?DchE>gG|DRcSFoczCtVv`b;@#(fH)#l;aNM?>-l!22k^x!S7 zIPs2`E1t-d#<54v4s%Z`f;fEl}cm+TDP!wq3A(JsW-G-aw z5eJN}kLP33ZM3T%xnWGbA{a{{zyW~BEwFWm}d zJer>~7V-=p4UOVA!QC@>JqyC^&Gs~|cC%6Dk#wu%P|fJQ643%$-!`eWHEp*(MaKj+ zX3l~o@C0|Xh}xPjv`5#%iy-&}MvwDT8WUlRfm3MMQDraL)pr`y^Kjv5%{FNEVYv!N ztoG<>u9KZfI8|Kcj|D?}Olx@1pf7B0U7l{OtDGx`EN;!Nq5@9>Ll8+w6)myBSq3=I z09*0&c!(J-bTJlw2%Ps&r5#oF*jLG9L-XL-VwNMvre@%RC9mv(PvefzpgrT&oD~n$=0w*6p@`86fUHx!R_w|b!gjiK zA-3N*it1S-6FP-qCIdDJqC#QWYin*;mVpC)rtI1Cn0b|AmOn?q;HP3q?659bR^J9Q zjQTn{n`>&TbfxhCj+mmWst|8p&yaTj&DE8u9booSlD96B+>6FBl6lq>#-v+Xumg+r z968lECZ}8%7Um{rPq-ynW}2!a=v)Qn3S?Im&suuipp2%**A9#IN}RQp5RH_LkskBH zT$0}|m($)3I6K8jlMP&#Y_xiu0a)s}=aV%J#sQ%W$JnTHU09gU(H<0qtfy1EKV8yZ zfaCW-AQ*Sdvx}SNa4Os0--l6jI|9Av1z4)4kzgOX)^9ZQX1tv5&b8+j< z1eb|774@QBZwj}cAg|oB;=Ngt$*z6Ww^w{D-O(!sG36$PvQ0~t!&t_&dU$-W&Gt%M zX?i2%vG_<$>#|G*EspoN@gBV(v#7p_R{+cj-d-6&!ZCqfc#GHgmX5Z?@RVciQgF9@ zu&rnDYr(_Rjm>onv%4IaA1DherL=HlUJ4kQ2tzlgE#iPkF8ImrJ^K&}4)(_Is&rLD zy4IW<$0+8wtNS+<)|u+zgvx&DVp!oc2YqnqNl8!m7N{)eMytBL=7Ax`Lr0|j@ zWe>S5{P2?PRboV=m*cAuZSd$JepZ2o{4%(sAKS5TEajtQ zSqTV<qFn(=Tz6cp*)<7k1@u)M9>DBhU02+ zMJmS#Te(3AsKDr|+1IVmeOCC4g{R;$TB2zzx>XmBFZ2vcR~!%Pi8fk!icqAxBbUP#SzR4Esj>;)PTa?SpF2Cxn5RX!6JPs4eY)AgaUB@W!0geL2oU=OvP5?f$8>w~uT*4o9b7^ki~-VZ2z z>R~6Zo9~pWpbb7aupE6m747c9D-x!elL%1F6AN^h+V%!ej65udG2oDPP^|hY7V}$*sG~by-H;kifQ#g{%N#*3;`5 zY!rKQ`6M|W-n;=bt5i*keMY3Ym8baQQd9Az_020P3wm=FMtT{XV~340NCLi<#k8PV z1C(BJN!)gvJZY8{L|tNfcO3aZ0L_>Edj zX$2KIde<&&t>dP5 zS7f1Gh`x}@hLxktS2zm=zpj>>BGDi8&a2|wEV|&d*->wwJyzkO*jJBF;Jc9gN-LDx zJ}O@rjya4H_hK`55~+_ur%9kYAl^rTh&Da@5f~U0@;Ir_96S~r+}hmChnxQY5R84# z1)b}6ZKZ5#vQByDZ+2;=-kHjE_By{UbEFDJ<9$?|{OLqI!we;;uL3ef(;n05qty8F z-`!5!ohRqR2z}=WdDgJcyzQrDJv|a-8nyVdVWvS#JaySesVFPM zt{pbrVRI0^Ow-h!>S(GzxdY$7Pcun;tT%4H1VuDw4FLJn7D%0$$MsR->wRKXq|IUQ#|24Ut+V9yRQ^opcrXsHLczDL`T(#WhVGe;3z>DSG`#s{0lfh}Yip+`6$W-QJ5%EM zOZXy2%EZLHoe!1);MLTAFy9;A99NreN!P-=Y+aAn8&>@ctoJGkbn+GOF7qSo`nNkS z*BcQA!__{&v895?Cg49l1q}m>vQ!E;G|W42>K8&GF|TOy->oPp>tWK6_4NxH`oS`M zl^wwKM*5&AdB@Rfe{hX}7AE6@uYlduM%WYJW~Q%(C}MLCs+b$7iZywhRe3HaT(T+d z?!>q&Ev)?xTyJ$7b+PbiRv=Tc_`&BPeDQNlwsKP!#=Z7wTwCiDOE$YA z4KJ28(eR3mG3Y~j`VlvJV4Py;Qfd|svQCwCA)R(r#ildX4yKaY>g?_Xp-5%kBPN;` z{UMWb|E;=m>^$tga&nCO^rijKIK(P8wiOlQ-KzsJ-tav$ihad0d~6y6Qz^U2_y|^_Uqc3^M5HVjqosXU!nC)K;6c!?P%S5C!K{!nydO z$_99=WTq|!Z&6&(u@J_sxtDjbnq%bci4SS5cXq&G3T;keLkYcRtKE@5bd-uo$Os!I_^@|p_=l%v_AB7Gtl7cTQE&P8IIMf+f6l-m6p$|S%`m=Y9 zcs0AvHfh8*6^`mE;f-yyl3`Yb%x=3VQ{`CuV5LR0@7*u)xR#6`{=#`hb*e4X0520s zH8;Uxiuodgea&5=Re|1>XFJV4DmSo3U``_9G!z@`zCIR#y%kNuZ}AwWeDZ*W>9nepec_zJ)(Lh}{IfTx0=^ zRL7-Y@L^tF2;Y^<;CD%S*S6V>i`~%6)0^Q40gvFRYaz4ckf9fP%RVbN$s{>8)tYX? z*Sqn6r|*KJ4OV=S4-Q`PZkoE!p!ZR&!4ZjgJyjotk}QW{ zEBDj~y4`Lio^H6^XT=2GNS?w^{?Hd||JS{7nLXKU<|FbPK&qv=EpMUy-{coZ4tqYW z9fI1Uk0*p(#@uBiE{w}RJtK-9kQB96BInWEb zGdZ!h>(S0-Rvz^cX7SXZaz-MTH5gI2NcLSBrY1hzgzC}t{>?tpp;TAb;EG8=*2J=q ztuDVdT!JNdsr$?)irCI>5vsUk5YgF58>R}o2 z6j(*XNp;FB+-2>47ZeuM3J9wL=8rIsoP?7|+Vp@`cv=&6r&0?to})*EFlA@co5e#e z)sIfu4Qpy&l!f{p6nMXy&`T94ZkeC=+~rDe+?Efh;fjDiK%1i(joX_D^>XnFYBv_A zj*SBC@f6fg#aYbX5yjq>-P7Rf9?jM{4%Ph=sIfPjo#?D({j4#CvI!*}s;X!%Rc=71 z;@VH#A&0!3zhX15TebVL9a|2LHJigB$7;8mUDj|zqv_^oOJIREe_Nv24ejiWg60C9 zi~D+zmiXpEv1BtQu0_am3*;p{#+9|V#}Ua}=||yCb$q3dYb0iBadG`Wq#V;i%id;P zo%e-(XAoOaa^#Sl|3FWowDz%9L-_+cuRYv%jd!)#bk6JQtWDI=lq+^)GuL!0RBF51 zQp-NBjJBg`D|T6^$O@xzB_TG(z88yb@tQZ-c#U`iw$aaf)HN=@Yer8(h&TL2S4-BckU{<&t|$9J-T^&?dbbgXf7)=(s9WDrj)ZVcba%yTfr+*tH9f zdCfpqoLhw#ZN>ZAco?g*8PP%^1k3ON7wo^g+3<|5<5yEqlVeYMWDNx3+!y~2FkiYt zH7m6H2iEAD;K?q&x|i1E{K*u23jx2J0HzM5{6v{M<(q0xFJeEGrFhgsCnIJpD1{R) zDR|(a2k+uAA)C!m(ef0wrGp(JysN3z98?hIvIbs|rP+(#c{Zd>x8??2eY8Fa2mSH+ z5pw7M!`*VM`Yj#pU5G(^m)w2#(&(vT)L6Mq-qfD1Z-Q?u(A3qHR`>=jwrYG<85*l@ zXC-xcW`ttac6z^@Q0?Rm{=%b32c+x^gbO_;AWm8J*#<*sqaHoW#{~Lrr~H5QCW=DN zBfy^8G};$(jfCH7;bRJYnG>)R3MYLUo7?*O?GE_;-4uKkxW2KYQQILi{f2WyA8akr zp{oB`YSW$hQ(O4q3~ZV3)B~>GI-mK%1I`2iEbYO%9)5cUHu-yeUZVom@A#cWuq_Kk zC-%q*b@zR8>;#&QlsO=QXDxd*2p+SbKg>=~M7XoIg{Q%Kj-G^~IIqDM|b|I{ZiH?r?(ZPd@jo!ochL=;K6v z=RzC~;fv_#C;-2V*j3M7ZqiJL(*z^H4md7|A-cmN%ap8ho0qsD>W8%jeE*Fe*)aFj zrhWfmvR)}6ILm>|oeRHB*23T{37OlsuVN^}VvTvir!>r4BKuc07%!bkL zP!3%A^tYv8VrO2frQC0B#`$h(YI-JJXL^`fjivZ1Qkt7*ACI6JAPo4xgWTG7>u3aQ zSlJt0eE%2q2`fsnr9M-eSzZqZ<=osN1)nc<@3VlY$(KRot$q3|0zBH?89I#vsHy2? zv!TuNDrk>sAGDVP!IQ#n<6K*|EyO7m{&{f-fY+Bt!5Fl%5kiEa3@qfBcOUk0iu~R& ztomWTKqY~Jn0+1}c2)~}5h-+uFh9hFc(d>X>z7ay{K8Z3Yz#vMWnU%7g_p?atTm*i zSHi(vM6n}`EkZA6gIvEJ1B?3jCW(sftzH*U?8FkB$uA047IJ7%+#+Tn0dN^G>vFjk zn0sJ6$NF<2R$YQ26R-@EPYPI`uHbK+hlbQ~%cF&~qCQ(>EdAnhmsgDo@ld|H-HS(} z{F*a1C9viUhoZ~~EJp>5TW!bbXTEMH_P(rsrOckMfg+uI$vD;;KS-Oq1yOb+yO0F! z&a6a~tBFX4*S$4+@z3^Utwn1$%eJl@+B#Z+?p9l;SQeE+ZrM_wZ4av1)=V=26`oEL z+;#pw_}&*e!b1qZuHHf@NEIjB7Eb)e5!y38vI@gTJh0Bwpr5seLKx! zY+8Kd2@P^riwPd@vtuP#R)Mnz&^V5P*$NH+yV?qC@id;s@@PgMbT&;4qGB6b#aKm! zZ%fglJ<*Z7DT>`y3>`s$-F8|F$r`Q1w0>r1!aNloC#HI8#G-MJ?J;9+hleX{rr}^2 z3XRwfF+25gFcWJ5Zo;inKNhDRqpP?17bQWy!&>c#AY>ve{xxx?4aVt3cSZA&T zz?t&wbDMHk8RC)a+$O{xW&rtKkQ5t!bi7Rth0<$!ZJ3^R=KyD17!_E_AZtyHfZE2d zrGShpq$vAJfyD)Tp)4y<{@}~xO&tvlun2=M4r{H%UF8KfLGW%3`(m%=MfJ7vy7Vustq7jK&r2bUQ3qw6~_~+uJH@;5pjJ=>|-rJzdh>88#kiHqR4O%x&aS z(_I_5SXY;BPs67I&>h_$B*N-9#KOLgjA8-RsNiT&J?#Gdu~k{w20USOLOK8ZuSeG-Axp%L4kAY+u(t)3=K)4RKQ*V?(S#W+L{+u7T|7pgcz3T zpyPqu!sTKfnHFZsR)RiTcP_K*&a+_^*uDaeKY@aEB({+R?w5dR`M4`Dj*z_`PUN81 z8)s(_y&Y0$kWJx0QOmOm)%{f2^BS;BWFNHet0hK!=Vxt0a}z(?*^MXHX{Wfaw}i!; zC!lRn_7$N#^^tr0t0!`X-m{Gh7&GPAG=;>KjaK(ID`^oM4v#g|_GteRXWmfOpwFwp zM#UAe*P_DX3m}(mooN>3@2Wi%kB(}lhAyc~86W-bORJM@v70&)fx zXZdSja$^NX){)ov6<}Ph42UItvmBA{pkyK8iIo-_bGoTwc$gnMyQOhFAN&^M_*h*# zP#2XX&SlDikXSD<>r7^3NhdtbYAIA@yQHGo;I+AMz3Rs2QT>_;I6A&zQi6tM8u8ex zThZ=fgkx4nuTFt4>wa90sIBIsU<~L7r$C&fqhVRm&+Bq%YVy%1@ zJMV^ioHbGG^d0lK8)4B3S0!g!h#o8&)BuAu@QYdB0-B+a0~QEJz4^T!NeGN!BkyyV=7%+3+p33 zdi?N)X#BE92w2nHaicD+7*Gr7OFBL~Y)g8t2NPN?sDf1qyGYhY)78*X_S%L@$Rr$u z#f^l4!&s9F#3;x>?dYs|;b0F==3%o34U_2dVKUp?(gqKURN^_{2Akhz>N%OFo>Nlh z5D9*%O+B0ml?=X^Z5N2lGi1D6((4)NyCH55M0%3FQzYdiY%ET~uw-U!xY)!hGbn6# z;Eg}MH1o-xvURhbVaDg0(oK?6x?az)Y;SgL#)2a`_&Pm*K?$1$H(P;*1|sRk_st8I z;2SXud#?)i+t5p3)xN0jgyEHYWna}zbvNB+4i9R=J8Rvr7sjD5-+?!Oz-mQic>_FN08fPUU{pjM4fKFmt|sGuP%p&Cd%7MY zc+$AGsSZ}Ydl(rz`oc;ns+2NTgP~;ChKEhYF z^b=e%vOX??u7}b&KGT$5&;XCjEUcW@)(ZImx5Jr~1@-Oplm`zyQ3XzuEUOs3EZxw7 zuXcr&#O#bfj+p<%2VAg!?Q%yi9)wYQ8aO)Ig+*q~IW(m)BLI5q8uc~GusW`@g87YI zU5Otz$K7NmiP>(zfw5T@jvW}s8d65Sak}P>J^6>Warai(v1_00YSa6G{BuM6oF4a> z`5qO*PqY^@Cx@cgoi-0oCoP7@xL{L`E0h?Nn2}xf^IW-Rn=s0e8;ISC3T<3;y*(}K zh4!>d-IZ&&@gX;8zOezH>z@HL4K=PKP)m(#lGKh>Hq~W1Q|%os(3H%W*Jj#q^Wk9p z7oDi2E;*+0fOvKHC{#s-J#-7-g2CM=s`cgCvpZ_r5t%&D;*c_2S0}^vg%t7A4oq?P zRugHJBXm|4H_-9vF360?mM6By-P+R4t_58x7p?&INx6W15qNa95^Y05m6}*F7n3@Q z3Rwz19@3bB@2}3oM%O)}$b$#2mUGR@9o&S+QgPgEp5Ls}%EQ!}+J>-hZ9`rA!j_aN zZB*8?x;_Zr^f=J9(ra00Z!}#7XK3KH1xi3L9;|@1862O}IaIY~#5U!&=;wTxtox-7 z;uQWm7cLm$GmBX0s=}*Q;7@$icyXoy9;2sh({c^kkGYUeXhOoxBjy{f)j*D6Bcgdg zaiFXIcFVmhxhsZIu%|6DtGjt+3Y2-}#B%r+Nu`$0FcSk0!or+w=)ng*U{V32WYRrf!`6H zT529{iVFDCR$Kz-b~LruH)dk)DGQ0rT{TC~##t>a0;U(#FH7RcudN7`A^JGW?YR*plk3Zx7)5 z7XE;%Km5Nv{Mhtga~(z0@EruNV_pQmw}k&2_}}(7+8HGDJ6Vo=N5L-^d?&%57JO5} z$LDu~?=1BHB=}&#|04Jn{YcNe@>@I3^-Sa9j* zdjyw$eu}w`&j9}Si$Y)e`S*fLKYtSqzy(nWq@Sw=mwsL<_?{yE%LJExzCdtk=O)2r ze%&LuwDW-AGQU0*yja9%Jd_Q*FkO2IK2Pwy1;1VJ;ex*?`2K=#5PXE-$H3os;jfW` zFBM$cStYnk*DnMw6?XRBjLeh$QG$;Xyj<|9f{zybM8U@h-XyrxKTYs2AnmptxK!}5 z!p;qXOFQ=pK2GTWTyUxXy5Qr5{s)2|Ecj=FA0l|Lx%b-y!G|jRAi-rhEEinnSA*a( zUrrTV=F544%k*9^xJ=iBg3I{7Ah?XrR$KV=9wyRTEcishM+z?6nQ4Mg68dumm-Tm% z!dnHG{ya-?8UMQlm;QW6aOt;SF~{Zr`<*&&?=}j3Y3B>UrJcR-X1E}!fz;nma9M8W z3tl4pbGG372!5a7Nx@$gT-y1s;L^^6TTwJAp3=_Sf@2$H>*)u~(LZw`+yUnHplEAv zr&`2kXTfU(FA-ek<0R(U_U8$G+5XoFF72-p9NSVG|H}pMFZd&ZA1C-91V2*nkCkR{T-y1o;Ih5FYg=*;`KMj@^Etsg1plYtZGtZy=zVlGCotc^LC{ETY}@*$+iz)GPn6yihsbh+4kmlHlN5GOax~NJFS9$Pw?}z?5yQ- za%C3(fcdpqd>F^)N5cMD!v1T5%XDqKgNZ-JQ}SsFKULumEBqe{|61^35zlFZ;^T9v z!mktja$)B#!LJZ}qu?^Vn*{$-^lQl-O?-_7FI zpC1VO(w|=lF8w*I*r)3O5uX;p7hFeL0T0PH;Jnx?6BLjvBUCKo^z= zIsQ3Ja5?^|5?r=>M+q*|yIG01FZl_~ZMv@Kbk!^TRAEPsV=v9puj^;RyGH2CaqR7a z%kkk$f=m1FEB5~)^rihT1()_G@9q5{?KcYkm?#e`1($YK3oh;4%)AJK!SVdEgbDBN zEN;u~v%-#y|LcOwaQ`j%<077ehx&A_75osve=7JK!DTr=fw_(U%7n3-5&E*6pDMU4 z=NAet%lVH4m+87&a9N(85?t!PEV$JFli*T+qu^41^L@PEr2ck-OZ{Pjhw7=|vYyTm zT-rHNa9JOpU~c`7YomDmQsM6kJ3j+mJAU|=;4*&``x<-J{v({f-(Zfx$^0EExXj;C zg3J6pQg9icMS{!tbTGH^d6nby9icDdbA{kCJ~s<44Hl;CkZa?EEQbZIbCpR=W4;Fotp%gc5V|~*1MwpOnPm;tmAyy zM&WxiN41~B4_oiX3oi5h@GLvi+5Q}%FY|q|;4&+i16@%dPA8J`jR`|=~hJ(#%-_Y4kqve1{|9xu2IcZuLK+nW%;ZTT-s?6T-sSKxU_Sj;L^^`f=fI1 z3NGzDBe=Blj^NVH$AU{cp9=o}v3HkIb!^+VfFbVgN}MrJu zF4qqnms=AYmpc<2m%CiumYYiZb3Np7xyQkAx!1sPxlwY3tuKy;G~hTMvV!AyC=QNw zYJ+2)Cg5172RPQ50FHHLfn%Nd;5a_Ns#|~V)BcQO>ABORn8yvS+QL0l< z>z9T+Zm$O5xV_qg|o(Ztd@_%e@MDT<%+NT<#xmTy6r7@clC-hWwn_iFa0a z^c%LbKjmj@JBLFa+c_T`+qn)L+j$!t$ImBl96v63WIY`1#PO2^9P8u)$2#8NSf>g& z)@ccjb-I9Koxi|wJkJF`0ORu?@I&CS^2++!II-spk~#6wuH_UkjH*F437P92^{<32RQaa!UAFA2m2unIQByZaO{Up>NZZUY5V&)@hMQ}6zq?S z!H{xBGGl)E)hN8uEF-@xHFV6CVtY{Wb-BFVz15j@Kzoyu$h!*LSWH zzv0B2dWT=%+1k$?$?bk}cXGQg*IV7uKX^ZRDLAh025=k?TfuQW(343)}LFUKKADcaO|IF;FqEO zU%{_{M=KoGpI5=%!OwtK1IPMX!SOugkh=9lj;OM{Q;^5w&tq^r{(J<-<4>w0VeP*G z?JNV1?u!JSlh)@Z8|oo)YTTpJTK?E0f!P zRFiy<=IcOx+>bhe<2V@sj^ku9IF6GQ;MmWb!7+aV9Q)xiIOd;&<2bBTJZ${nIIOE~ z{dP(Fp(*5X9QFanaX1W5F>$N8S1}mWzCCh5Q|;a~&LCciw|PgnTq#sTV@wo-a)aejoDLz;XQ4 z1;_Cm1dijmA2^P;Dd4!h=7D2=3plp(G&r{N8aURu4UXeHM~Sfh!Es(l-L^}jXp$=d zc^v0;!Ev0o0mpGZ5d0SO|8j8b=Y8PV&nLlgeb0g8`g)f9uh-XCJwnJoJ65%Zu5UTW zf1P91bN&~_kurx{<#Z|<3He7|0p=-Pl4lhPfAdED;h zz;U|=fa7)#c_UfqSEP{te;o3Ec7J#(IQGw4aO|HQ;JChfz;S)s_=PPO*SCkdt?wgU z-vN-v^_>BZ>$@Br*Y_kizJ5Id$Jeh9;CMWYP$sPX_&i=(@J`U5g~9Q4tp+&m7hS>e zb!|8}zD~^s$Je#J;Fv$FZvAZg(KE>3f%eBN8@9f9QUJH z;5ZI9f#W#b1CHbH5;$(hyWp7r1di>DT`sI2u${@ku}*4m9RDN1ar{qHx9yTKx-4%V zQ+5;%_YCEz%Ic7o$L zzYUK0SL)WEHqN6|2wPtq=UKsVoR0-_!@zO5)75#oM<9>wzX$#t+8?oM*m~h|6M$no(}82Y065lf0FLjE z=mZ`N?U@9Q``1G7Tae!jj;|N5z_H)r`-iPB?$=eovERCYe}v@@1IO`m2ps$8A~^Qv z18~g$0mtPgtQOXOTyB4GJP!N~j>m!J;JCl<1^0mUy#nqI9t@8C{|Edlh&Qaj_x-bJAUl-O(${%ml}uLsBR^9j5T^h3;AVe9(?JS{lZ=?dNf@}t0Uf1Cr3`{QPC z+#kHg z$p&z&zuSpFbmCu~cd7^z&YDJpP;k$K%y) zaLm64$NDt_!`2s%S54IIc=b__S8X7l3fegs9FJF%!0~u>3p{${u=_u6op^*gVeMQG z%S{R%59(wEj}KlB9M5m-g5&ezm?I)?n*lzg+gM}zSBf7Ex9A5uR> zZqM(vY8bxGDa~(H57{K)p36M~j?Y87G?F@wd{S87Tu!_gcrwV}1fK`v;SV^z@3>K8 zm(VZAa@#?EJUAXdSAwU2JdT~A1&m6_FT|Q$YcGl;8;I))3ElVCj-avpB)_Y1;8<19vsL2ByczAw~gTG zzz={&fbIU=iGKpe_IwA&_5?Ny>j!*Y=mhQu%bf&X3VaVZ){oshtUkVuWCX|he&ATY z3pmz4436!;1zrK#`5L?&c!U;V?ZoL`#^i%Iq_mG!`g}a zg+Dls|N7uKZl^o(Mc_DomV;yaAAw_g-h$)tByy{;_G3HagJU}@I`P`z*v@+3*v{49 z`6Gv&Uu_333Vsp1IQVNP9=&zgdSO1J6EE(>Yk@o7Q)2UgO~8G@hdc4f;3XhG7aaR- z5jghSD{$P7E^Wfr7hgwGfIB|p&f4Dvyfk<)cvkSQ;C|qd+J-InSH!UTrNFVBt-;Gc zo%!I{o=58T`r;8omKO~9vQQ^xyRi1)_|FXP3;VSj;kf z(Qt6AGYK5W!xC`J?*zx?UI54C-Ui3|@4<1rd9@Gg&vMW|Rlv)Ghy2~R(65j#cBuf~ z--(X}uL${t;Mkro;FTdCwL{o)tAM8guL_(K~ zf=*%Ug>|xkW54B9x8p-B`E{2HkjFZK;MmWd!7)D+9Q*$uIQIWVaP0r*;Mo7a!Lk2S zbPnqW?El>0x1gUZfn$F*0)GejPT<%NW5IEKA9a!TIQls<)CpD(As4()`xf#sqlUdM zd;!NgzrmM6{fI$f{SXW4#1(dNwC7dG>yB;rd=3cta(r|AZ&?DzPcANAp1?|@jv_gBlnPP;rKH5O(Q?&Ag`kCLEcV1ANfdiFY?psMaXxk`;bpaEA6q* z-LZB~QD02?p!AYoPW~{1_-gWK8O7I==TzTJeo*V%=Vw@ZW@!CX}_oAHOS{`{Q&Y| z>W9cncu3u2qvB-<5$0P5e zo``&zdNT5{>ZQm(drEuCk}p)RNWN3OD)~G08sypXN&NuwcNO2=e0UW5@&4 zCy;kgpF%!UeL8so^;_h_3P^kIkxwWn{)pV(7x#?3g_q=Cl0Q&?OTJS5BY6&Qsq>Y* zmU?>mXBWrr`YGgCXV;s_!0|dIp}J#y{t3z3>$vXTp>;4{$Vr{@;ErFi=X|v3?(@gWlhX4*=JffzbBM2FE%J!81v7 zLi2aQ^>7gCj@K0HpE8i253bV%p?Sw^isf5E9-H(=Wp(i$2!>lh#|)=tB)SV ziAM&<{)y?tV}N7*+)g~N6VKzs3p(*aPTbpx*K*>4;Ch${?dLk+zR=Hg!SysQG+*C| zJO0Lj^*`ntI&rLn`%7cU7lZaR0j~+(6ub?1ZSZd3INq{@H-kJb7hNA43GD~;AgF`a zJ6OLt)Gq>g^r}u=Z&!pa7wh9VYzg%)by6Q4>!UlX zkK3gi)W_pkcPIXr6Yl|z^?N$;Uf{UD_i^HV!LfcnaBP2nCq4i?6Kvms;CfmUIt~Yc zWBtKSdJ4kv^Ufx?B$!|9D&)3iZ1~9Z$%Q0UrkWZQ#SfPk`g|8xPeT z=S7Zl3_Cu*hWrSq^BWx7lh$!!67m(&#BiT8lM&q6acLCP$K$|ga2yX~z;S;Z2VOq3 zHPW6);HkkUg6m~ZX!|FD7k84!`ja7#=O=%I<8ci80oyYb^41>PE}k)@A$WYA26-Q7 z=XCJ8;4{FRflmSN4L%cmG&r6otN@<{`CZ_S&p@(qb=ryBICPAkIgtMVd0cKh7*}|H zQW_k`1CF1$P#=#=^T2UC&Iiv0?O6bh^%sHTcwP*S`6b|0p#E}j+>RdLSZ5VDp1-XI z_l5e)z_HF+aBTlNaLlg<$Ng~=IPNcA;8EPF z+#mV}_fxFD3-Vb1A8@>W#QN2o)W_q%Zm6TTheF$l?gMr9K)wn1Uhp2^`@pdu_Jcd? z2V5`A|C{wX0QGUb(6RnO$m4#2+eL2|hW5`P$m8}p436XN2spm(p8&^ki08354o^Zp z0Q%W+&&`f|dRr>AooB#HL;fsyO>jI9Zv&3~fb|{s^lZ81Ab%dbJ~-A%2Yvza`1*Ab z9A6(XUm5CPz9IM}sFM~P&sTB(LdWG|eOxZK2iF(#I=vsdT`og=us^SW<8ci84aeJ6 z$m4kXH`hlv{_(yRw&xnu$Lk>MpT^Lic)o|%LFoAUejVyhgF0A$3pn-z9>;D#9o*ls zA4)@=n~=xxhUe`iAb$(;)xd9qw*tQdJ`wyb_)>7(e|Lc6c(?(659+)E$2#x9??WEX zs~>jooEPEsX&i9uf9z-M|H80b?0>wj#Qtvv`CibT-r#usG9LUP^P48O9rq^JL&yCp9>Z^Q_=F&hhX3 z;yCw)JZ>*MuD*o+!Q)Kby<9NnA z?$EO5>al7ESa`t+P`R~yFictRt zcn5II(QYs5#b&4vzU4;Mfl_ z!Lc7OkNx17d$r|aKg0&d<;DfaL|thdOSsT@rxfedC1S*iOeB zv9-t9xWeqrl0u!P(0<3(mCvI<3L6P7iRbGY&j8v}X}G*4YS- zb&i2!o%7(>Z}z!{j`J?8{~hwH;rNitaicEe%aOqk!;CS3l1&;d#p69qh`<-2H=h-j>k0L}oOl^0UdxHM1kVTcal7DhvHj@2PzN2yVScEOwL3{9eX8<_fUz!Szb(Vu;oqgaZp`CcWiT(@nxZLD$9P@&H z$PbR!gH^%3A>SSx&+7&_@oC^#XA?N?r}p~mIPT4b_4R}Ga(3PKG~}0T|7s2SUQlNM zIM%`IDXg;z^8KLBG4KT7x4{cRzr6v+>(eMs`T?&maGc=vJC2i%P#?#`KyVxnGr@5? zZUo2eg6C0%VZCra8VLPR0_qfjJRVnzf|r6k?spBq@qSbgI37Ryf#ZD%+`iavxP7q> zUN0AecD{r9#ldkq;&SnN8JFt?+Z|so{GE6sC*BR*@wXjp{7(YU0sF-qaBL@@M`1e; zKpw}>3vle8xNv@g?a2*}{btX-JN9>MPax#6Jw3s3drflU>%p;|r@`_5l0Em%?RgG) zY|nRa?4Jw~WuQ3f;BxKxaED|6G=@C(&meGL*uHbYaX-cD%D%8adP{Rc&&NtYol4+X zrzkk?kJZ6(do=;ajcDu3|g!^&OXs{ZI<(7lZnzpno!emxesn z!Q&o2PlEUT{Gblr_rv*}=dfJ7jxGbs%?@?Sf#dvC1#rAhuL#~0>R`XQgI9t)9-k|N zGL$LA}agX8_WZ{W3{J#pckzXY!X{e!PNct5i_9G~%ed@OhXtk*1XTacs|(#@_78g_5C-;fu>Lgj|0uX@i@>N9FGGn!0|YM{cr~Q2k*z?{kq0b z=LO`q!npko-V*Zoyi+UiOfdej4$h}wo$`>!I`zP@PFrxSGZ4Hrv}Y#6Mb#{Sc zokQT*Z&$&w{wr{NUML>yFPosBTY}?pU;=m>Sg*O@xZKU)xZIQAxLkYRrQ>`Lj|28T zN{8cd;3?F>!gwUYJ1 z`?O!d@qX$5-rxQc`t`r}x1}HcyZ5*8b+CHK&SclonP9x(ybNAXy@?o>F9Z4ZFrM-L z;akYJfIRN+_&V4T>fn8$PT&op&NMjgwFSpKz7C?}>tJW7zsyOU9pKo`lTQ3GI3CAx zf#bZMA2{YygX6pp-j71h2Kg?qUf7>O;CP*j%f<1~74rC;HacEkcY{2Rx9;G$-Twl& z>qp1SgX21=SqxdBIjl09^1Z>ggZBYH1l||?26#X4SK$4@W5Vk= zzAh&P9{~AO;P`s#4vw#Gz}-{CkM40*h7Fa#XW zhcWL7?HLMr96wpXar_Ji4}>}+z&nBCeAXE7k&wsx!&v_*vRn$8qikJ`UQ6=Z)xIke>(jYlCBb>^B_GnIJzNmW%hJ@bwh? zc_1veB-FwEt{ONlw-NXRST5dw!|^r{@;L823>?SXByb#WbHH)DS4`%53lZsW-nYm7Wdr1Kf7uF-`^y1v++R+ED|x&2X7B}&$MszZ?yL@uE4-iSY+T{^Sq$}Y{44?gH{%EM zIDXLo&G^AQjvs6%jvw@YGk)+swjcCAjyD`Xc%Ku;4?13lE`@%>{#*wBZ>~d^LmtN= zI*!8?kjHVj(uw2o1ji5F$8$D*e4yV}Lw!7MuK~w#yA~YJ57&X?_*@T;`^5%uKWGnb zM?4O1ggjoC;pd}fhdP@ekMql$!STElmy7*?pGSn-Wee27ZIH+D z`7UDE{i{-t-wyczaBM$r7km!N3-TA?^%U=qp=1B-faSJ>I*DMtdN^@x&rYc026?=W zz}N9zPV&3KF^}hUxLxo(tq?31&(rWcAJ5a8KzuQ5j*m=b#SOKM#)mZ~+{TV|d)d z>#vKD9|_C71is3N}ui%{amS z$Ipwy^Pl;!+#0Z4{G2yD&&2&b6XfwY?+uREO}HJe!g}HH^WV(ZV1HhRIz?c)c$_Z_ zj;{+i{%=5?Hju~H7rY;c>xJX(Ce*?EQMg{qp+5HKKj3&=as!_augkc<7KWINX?k^7^kNxln9Q)xhcoir0alM{Ez6Io;g8!TI zjfjx{pE%zr4E6DR8((*Dzjy|D9RGOS#_KOUf5v`BFAV(?4E3?jbMUN?e*uoym8HRP ze7**+0Cn)Vf&1?p$YcMYq~c(ee2I74kUVzJcTZh3*FJ!SRFp^>?U){rSU*{{+YSzrb<(;_Fvl zXb-xt6UWz!-%!6Xvu=# zS|R^u&tF-6hdY*Qj;~YrdD__irjB3IFKmAkaI5d=he-d;_SXxk^WSN|W4Zsg_FH=$ z?THf79&0zQS5#=H{ktQN z7A`LKdTJhAQS!~Hj(I!smipkTU9WMS36#H|NtU~Y{7nN{?oRRsdj~-bBJpgL-!oF6IC%qoP)ob@KlSS^m7u*Z z(&}GsEZ&mp{Lnv`)1N$pJ|H%XyuA*}GAS3xrJt5U${hvAyHcLB8QvR;)SmnvL z{w?{&Z!;@Nei7xj>xtn?^5ktKe}MdN-RVz|$4Vs2 zwde3{xm|Ne@D1f%a%n$Dl;v3d^>^_!#A=ctoB)xA;r)+4_M2(eyRi`ZJrJ z;Kw8X-az^@EBS^5oz321YgVB@LxcTk^7Bq)rfd$DWcOL++hN+Bt*V z>MS5n`cCTXB(JXf^-*%GbCx{LJ!$7Na?8IZudQzYiXK^h&-&lDhqNa?`R=jeS;?0r zk@d|(?(HY}a^xfWiTjf`i6-8I{DK~@29U4TH$7e4)zHGfx>FeVTa?9^0 zZ<#@U{|33`9oM#wFROo4Pc$6&LeVYnxCez^HmUrancVWZ$fM~v^e4A`Ai0|!KOOgA zak-XvJd2CoDp-DY+>1cBykm|VJ-Ys(JjYxKy5$}Bw9(r{-13vipXdqEM)I2{WW6qs=hX4`oZL%KV84(Tej|1Mko)Tmm88+7z1E)|rR3*~ zl3lZfXa|FmAb z6#0czGR`ZKcgZe!d;g8&pB>kUI|@j?9pyVrk^Crf%TFTDURmm_BA<36boE^}k-sP_ z`J?17lgV<=lHboF{*>HB&&S@79~vRcjTTeBJO0_RzTP{fPCW9adcB;HJYEjT=O8~= zRoY*Q{B2Ij`;&LpH+BS)PtXgm?&P0pO8vp)R%bMMszQ=qM?Oi%+ePxEE2LlElE>25 z*{|da^g=40-Z--Uw0tu1wBw~8Jjf&I`LGwcTNY`5RdUM*kpI*R&`#u)gJr#XkT=)+ zEq{|+eh&GL#8PJ`x#bU#mnkUuyX2OCO8#uM&Uekz0NgdA3Yae;K*u*O8z7DEaf`mcLH^F^;t7GkKp%;=jpEu0rN`5D~jc7G za?3v@pP5eTM~^Gtxqsr5|E&{TxyZ-llm09~p43OYKDp(alb6?7xyL) z_$=;AUQ6#&wIa8CC-SX&y}E$h@+-(+>UH{Ma?9T)-4f!C&$%$t~ZJe3pLj-Yjy>lK*(LddPpo zKEbh}L%x2Juh4m!NP6C67P{OB@RfPjO5klix(lE8TuE>U0h0$f6?=Rw&a!% zVjm;x`!~DRpF{4e`|np;K`7`AA_5RXZa-ZJP z&adQ4ZcBSoB$MyfKbB8V-d4}s%aL2&pZwZ)sT)LY`QGG5^aD`mke7Wf?O#IPOpjMb z$t{1DJh9H3d?vU2Z}O~HWVvq1!}pKn-O0VjORhZmd%f$YXDk z{0wr-FCg!JOY+CaEq{*Ob-v_Xb)M74gXN=>7y2swlbPJ|xyXBZ%5khFx#jDVAI~fG zN0L9+>x&8G3$IK2=aAQ2Aa!<;+kKV; z^?p%W@+|KqmzjKIdvQ;4tK&~@{S!!@d!*E9L2h;WlUx4`Cy&}t>P#WGI%~*R4w3v8 z@?JXsagf|w=P&M)&(PPu=j44;%eeYL{|6^se}D@|ka3Lcb=E7pWxMaW?tv22y7QdD{`<+sG}yhrG1zUsuQv>T@`^ z$yd~u`ftf!)^`d0`a)i&w0Mkk`aR^Ed4dCyb0@d<=O+K7_jOB>TfRJb zwM$aJDY@m_kY_$8`N8CtA4PulzH8_&EF!mgv6bX4KTG|iBIgS?SmpLmkzEg{RTNM5hG)TvIsT(8&qk-zbf{7~|> zU&W`8x7OE}1>~caOMVr(TSaN-cJe60#1E05JuY?5k@qhoewF;XUgy3h|9o5WpU7L3 z6VH@EzT0-WtJk4<$*rBm$gQ2_$#Zv-_3|g*wL+HHirm`SkvwBvsWXrKL9z&;g;tUG zo+tIUlUw@_kz4!Ek>5=z%e_iICx_I3O>XV~MBY;SAyY>AJ?m$8J?}3_o>E^2eaU}o z-SXrU3QOHUC*GKR`g>WgZsa?%iT5Q>(p2hCCAa0yCGQho>TDyo1DsTLcUq&weON=(dXPgkjG0ab)set-=9D9eswDH_eUj{ zkvymNXI}On(hr5mm#-18Ozz)A>bE3+l1|z=jC_~2XD+#2*DNIu()qZ9DiHznszZubd2$QMMEd?j+5KdMRoQU4H17xG|z zKA{(RT78~jEP3QlvfO#()cEBVUnQ z+SiTTj;nph7wGYECi%qV(*Fy{C+m2fk}Z5c-0LDgFC@3;^VgBz)a|~FJV?jqS#oVGDW+*SHBVfOItx9bWw@?15fAKb}D>I3h-H=*U1rY}ry#dF>Bw*VCF_-++@8xSLjFC!o~6XsP5YkpI&2|3>6vQ%XDAlb`)9?deKBL(d-ulG}ZxQRKGVMdW3QOFP$*A2}_) zpM3K#Y0pveZ+ai<40-e@Qs*Z5v2{}C8TqHJ;vdNu>3vbxTvE@*b78%26NkKLY^jry zyjdja=k(-#21q_X`RNbhzT{S?EO|h6sb80TN@DRQ+7&>-!1b) z<1Wd_E1VQ}CvW{)wJu+MfLvYG4iZiq#wSp zzY_mLen?;6Gv$$gw|@4%E&Z00e1LBEdgNKPelzm3XQj?U^7>Q7*OS{g*+X7-y|nM7 z6Sw!@So=rn^U}eTU#HLUekGrkRQlO9Z}@&VtoK9Wko(M*TuOF5UZf}QtNmV-{JGvg zuRz|nqx4T8xs8*?&VO2kUD$Ge?JpH zL!N(w)VWE%NUyt}l7H0x`AMEf?~^3=l;zlVe;7sT7bLgq3xD#8$s`{{{!OoEr;x`; zsOw7}Pp_Bnk|&HO<0?|V@a=r3^Nd-^eRN)?4Ea@k-Kj!e`INN34Y?hEx{&wM`_B`} zEkA?&!3$~kHge1FB|qC;+H;HCo(p9R?PeLA?UY47S+^!=E zlUtpVgz>%@^n>X`{pCJ_m31I57PVRf#ipDUZX9!)d?c^()SfkBaby*)@K)aM18;Q zHFA3{`X2d+-csimx!n(m>lMD=tWHw$wEEmyK61+!AwLpH`m-jv^ikHg1i77u zlqWCOLGn$>?fqG8$+P)NJNlES)$`jiJ0KGaL<+#)Zn^HAT&E$^zY!`5$i#!CCskO%5K zS7!2AD`mM}uMSpVFJW{_Y`PRzf?a1xEYj5%q4dwWMg#3)2pPwN=l1|!rpWO1n ztJ0pP!0+?G$NGM)H!{KNZNcjhE%sC$~Dy$(!j1 z0*xX6)mWB0g?z|5slS!nUtf3jkZ059A1;zx{wDdOoKpWIxm`y@EgHT*txjC>Vr3RZu#Tnef56YQ*z6{ zA>R^J>c=nkU-xHna=)sQD@<ew*Z%liT&t zI`ZnRq&=s|Eq{spd1k5qj@?7wYzw+^*MVkXxMvmo^2Pq&Pq*Q_lxB6liPJx zQSwiE|EDIoeI7!6@(g8NLl@AU-17a%>z+AAYa{Ii6KjftfyM`_xSqWK=^}l_NL1uEhe#}LFWuermKyII_5J+xy z8k3(~CUyFeH`Mc!VdN>lO1qbm-#ICDPLR8=mi$w4`#gj<peqCByfR<>Qhk z@sNBLa{D}l+~hF}N;}JtTfPeUyyw!6mgM$6zK-PH%OpRX-16he*XjApGID$W{yOp( z`DJ~Nkz4*8`O7)7zQN@7zTo`9-}x97DcP-)Fs&JdfU2-$;I4 zk8hXB*XjE!ZEC^Q9zy;rl;|J|B{X+*RkTe8_{U$nTdWf2hw@ zwjpnwLE71cywGy-DdZ*QiO(jl&`XxPg?w0C*)F@u*X#ayo_y{asdJsY{}oy8dvcr4 z`$qoiyyTOV3E!WVPfhL{RoYpcyh&sE{W9d!b-kLATfQCn@ut$Ak>rOSh)*P6azmCo zk9?>0^B(eS`W)I}^3RQ={zY=D^NKvqCt2<%^5y!zo~U|Ux7T-j4ks76-QOrm{@|6= z_b0dK7z4;#>+4`Ua?1yiKUpR9$B^4~&}8!U+MW&M_T1xk^7vZ+B6&M~pVxhIyHE0( z{6Ehnl6Rjg?T@49@7B+DKf#UM?hoW7xBB_XTU?g$P>uYGn=H2>xjpyTk~}D?B)8`q&yjoT`QA11$7!WKpU6*-68}Y>Lg!iH zmY09G?PB{;E^-_HUgRzP<@ZaI=g@IbjXbS>&P+q{4<)64+L2FbDfN4jTm1p#QEy0{ z$>f%wNxo7)FJdEk(K)i*9po4F`LXll6ZJTMjl5}eY0rCd+mC*ekM1q`q(|CoeZ#^5e)Y|2KIS{XBt<dC4R4^J%2c4|2;#tSHO3{{MDNeojGd$FUsbB@ReFANwlt z3gpT4{Hi+ni3^f%NpAU$p^emJ@1$CGE#`pd{IzmB|>KKFZy-13*mKj{Acirn&_ z$hYWoU$HC6dRYHkJ~6pxM9JkPw|pV;8&@P>o4iIt84nG~TdflRi~Qzf@uB2%$BU08 zzwtztyMjDYRmpE4Z@*Oh4EZ)a@47nI%7x+~#E_lH2oAGs*2Zxt!eQQ`VDv>O9v~ayvc*lUtp4CdC&mOo2gGQQM*MQ-^|wH;0a=TtA zOuj(hpAtZB`9|dXw@Ul_l3RW#xl0%6pM~T$&$5#I*HNi|jNJ0)$T!87@e@pL^Dd2f9`VA5*RUh8L@m&rtKb#juQn;^emiTp+kS+DlwFZK98l-%ZJCX?HI$}IBQ z`u>GYY?Sxy{S0AV1ntw)=i^yRJM=eyX6X z?|pKcX9*@xepTv6s1d&ZEgyq?sD3VuJGsrvc#xOZ>!4EPHZN0=d|*D=ADfZeyi7at z@gJn!L&$AjW;FQ$y`Qs~+~#FAlG}XBPV#vAe9l#Jo0oY^ZgpOf-`^qqAERdY{X@EJs-$zp5+JmWnalBtQEdLEuWHn*$K&clG{8>Ve*OFrG5=^%hw|xq1S8O$ZcMx zFL`Hu&TS&O&4WxQ&s9wJm!0I6KR`ZDKiBaQx#eGycbh8x6GxAuc6_#c67n=DrGJW& z+dNBY@_PE*brW*Sw;_M7^O9r8ZC+*ydCOSRKWoTsUSW+i#o4w64bZu2si$S>cM{AY5Tm-$V8vaht?El_^X`qSoR+{w%7=NtHv z+q_IU@*0n&Zhdl_muXJkMDGLiBe!{$q2#G`o^c_$qlJ_TX@>{$ixz!m&Zucc7lKTyo zI#bCD?2`7+B5&GHd_MU^z5l$K+~!$!kx$q8%CqE_ze2uU=SSX<+jY=q@}N}G&O~+P zyNz?3mq|&UR?qVakmoERzh8>n?vwbF+q_92`N5A;r!%?TPZ&&Y_Xj4BTm9+e)00a5 zE#z0+#1D|$yvzymJo@uPayx&1LH_lNjGy1+HZK#Uo-E(`zwRgbIXSuA$H+`>^D>^~ zsr5XtFnRkiQa^w^e^hB_Bk~r*B;SSH_M?g9(Uwbo2Ki2%cU#5YOY$ekZGXH(URJM9 z?~~hn%4>3)-}ymq^E=V%%kr)NZGI;)xz$faURtj=bCX-%{?3)vj~!F`xiaN#ey1jR za=ri1p4{elx{|lNEbB9l-1f(rvQJW$St3TeXjOD`H|PMylUjFi%PyFx!u3*L2mOk1IRPpkvh}J zEkBREhl}L5lH2j{7`e^woFiX8PS)!wxy?tsAs^X9mK(8Q`2M$iO!7necZD*LTRuB^ ze63%S-0~I3J4crGv?8~BC-N%&BtMee@)OCc>HOvja?5WZ-=)`6XUHvog?w@(>BkS` zHoxcHFRheDWeX50#1B=67XR63wOxvzWo#O`m#SbYejB#I*~6-6Ct$FWO6$%T1swp){<}1>(is; zmOo3LN}o3fCb#@M@^t!sx42Ei_owBPlBZlF{p?L{d0+C$@g(1r-12S7|Ll_dNOH?h zB>$oJ+t-oX{LVJ=wTWas&ym}8$5ryanXr>?gN6$H^0)mO8=Y^L|M` zL~kCx-_~pYrz5xdo!sO$FH?|wp_|mLLT>Xr^~tSHbMiAfPt=#(=4*zM|2QtookMQ< zCFEc9{AV}0&F>s0e>_3@^ESE7?>r`-sP`v-k=y)E`bIC2glsrR8Y5yT|o8LJ_K5ne! z?~&X5&NK2`C8R%H^tn7cPq6u&XynKBb9LOvZGI;Ud5Vlu--q1hcPf+Hyi6_fe350n zg2-)tXCS%N8OiP{?O950^E+$F|Jowk>kN5@CDNYv+?<>$u0jE`Q`Rfe>}O(*GwaynO5@a$SuE(JpEJYm$T$H zUvrf_OEjtfmfZ4R$xEb^`te(b?|+-$Nlv~%KhGp5xy`5KBkyri>eeE+d;{{bdi)$f zZut@9eGW+dmE@M+NWQnSvt!&`5g~(pZoIr z<;ZP*$Dh3Ra>+L*xA)z&Coiq{A4Zeg{LWCArPlbR-|YL-J$DEkA|4W-Q5XAiq;u`e6sT{oV1S=o0sfH{9T_-Lff3MH+ZYQ^S%zfmMvq*nkB)9p>d*pUpeNNtGlGOQ4ZsR9%=kVJl z{%Yy}oP5-CsXvgsi7t04`DT6IW-Gjoc-C|GVh%Cl2{WeU3dDdC>y$ z`#H$%?>FTm-@aDb-;6wu<3&E?t24QOYN_9ke62nYF_io-U&&7=xBNWv#l2;@+sG}y zhkSN_$zLV6{2lVvaiu+<$;ay7A&ML%|8B?gz6oV~CL;f$^Q`&F%YT#KFG_yWP3lx7 zw|oHkYrRj~iQMu%$TO~$Z@Y zimxZ{uJf?R$Sr@4eD^JB=QHv$kHz1Tm$)v=jn-ZM-P&*Yc;wS{Jh+p$^_Myx2 zcgb(IZp{o?pfNEBtop(M#$iCAag}?BtgBB+t@F>Xsqjm|naJ`4k;L zP020amVBZfXZn*{{|qN@8&j4$i`@EW5qZvMlHW#de}`o+`IkeIzesNRo8(b+KY2rL ze~0A@d4krmU1Ii-<=B2?`Gn;AV@o~@x$7PI{oLd+`ioa2x6hYuNS-~u)Ne^XEuqvI zLcU1bGlo3BzVCP~xy@t#Ltb%~EcXz3v0LI#$ZcNrBYE6PlK)9QrjvO3p5gm>e?>X| zXCn`IEcpuLopqj~I(dRqQnw>{)fD1?k+1n7KAGI^*Uch-cUs!BiG1&6sk4i`joxRx zPj2~O@^(w4PF#KN(#GMlBH~HOlk4?$QF6a-;uBsTYf9K>ln$OCAa)l@_hPt58sko{wsMLeNHb)Z&^Rp%=O3eaK7b z{ptqfmTy5GDCJ%3bKJQ-6DWW3AL*ZsMb`fwd0d@O{6=oq*RFlS z_uJCrQa=s3ecpIx@-})rEJkk6OZbs5A1L)3kXyb5dA-JxA4b0JoA^@l+d4nJhuog8 zI7M#HMO-3(_D1TzB)8`)zLQ&>2z|r%XNmMuCk45Oo8;1y=cz9FLgbb&K_271?sF zS&sFmeV%`E@?`lWSAg8|#mLijlzd(C5&C>cQ}UIWWqkG~x7UTiME z*U(>RLT-Pbs|)!OeScyv@@rLPxx>j*KNVj<-a+rHuOMIh-Zk_WwvpTX=@s%S`aIPg z@;d=i=PkL_i7`mpW&M15lKh;2eBvVUjO3TciWepSvQ4}+dFSTh)yb_r!^pq=CG8(a z?vYM>Ho4W=MLvDGU1Et_3BPOX^_+zPHyWppFH^)Y0q+UT`iZLE9oTI^@6Z zpUmX;cS-ENh4rV+r+865Q19pXlH1=gDNk{>V54&r z-a4XemxbhZUvwS0)!9bgsg(5NS#rCszfT@d@AC(fUwR_#aTywZyV!G>vB@{(lw4x+ zz@_3j$Zek2n>_Vv$@`M`UnlJeAh*xoX+xe~??-hZkEEX$G?Lu%6Upc5eB2uHtFNS; zTgadLMF{wf>xs8*diwmM7vB(2- zoV$}--h;ezW!dj4lG}A_4f3GkvfbN}TfcQBPpaopyU5#k%KGdhUz1eYbDG?a=QqfA zWt2Kk$?baoBl+D`l6M^$zCS1E`*fm_zsN4ROyqX|IWM`@@g}$D=_`@j{f8Rl0V!m; z?a1vuQV{vrj%_@0M@}hIZ z3z6I3O|M37pZ^d@UNMQ(2_m=ss6V-VPQr92K94-+3F-fhkLY=RL2}O`(*BC%_Wthr2TwieJg?Ii)D$!}qg&{zDw{K`$g{&Wf(`X6#TZ#+(J=X>YK8+?=Yydt;rM*I70 z)^AqFbwc?5e?3cnPE2m+jj70o<(KiFkKE213zI+B&zGo6{_eRfcOZGkGcw+Wk!R5P z!a3wSK1-d&pOKIMlyiqw>o)7t?*5U!=mTySz(N6OH$dkvAewa?4L46bX$`X=4L%vx( zn0%(5pGVT`JR8r8)$RJvJf|)<4dtJ|mGr>E{*X@AWy5f5Q5mrlUCZfjNI~T$*XC8KY5WhQvVpaz3=)ax#b^_ztrR5C-Ovk z-}M*y=#SF=czU11#=qs0kx$cncJev;c{`ru2@*;D3gnirPCh@e=I7dL=hXIhCbxV~@(X$%IFa1)Gsq7{lm%=ckMAe#+(G_9 z&jZhsTmCwE;<8fz9l7PdkvFd-`S{c2yKS#_2c!x#eq-=hA#@@|Sx4)0zB}J_j|D-0~C2H|z5r8_477 z``S*Cr%=C3KJuNc*HiLq_l+d~N1uONKyLXJ7$;<0}&?<7vZz8X#pCfUSJm8!3*G2NL`gc^HkX!yWc_h6b;;Qp7*8d**oO5*Y z8v2|}DsszbByX(wg5;YsOFtJU_tX2g)yOShhrGJx+mr8kE&bDt{Efc8j3BrC1oB^+ zUqoI)&+}K2@5m<0-9v8qBjkrQf1Nx+H|d}I>wP=ME;nvQ?HlmE7`k$scNd z19>7n&g>x1lSAsCBDee{a$n6qB~S26>bxPZqUUu{^?r=)kCu;1zDD~e3%TcD*^ar% z4>T4pLvHyhct zulv_K@?!zg&Tr%glZeNfFW;^IEuV-yP8-Q(Az#~6JU4lrZ1TERg52`u$y;c?K6z$O zsneW%_g?9rzT}o4N`862=3wm(Z`r&RR3g)gN}^o8=>*4OICBd-)7xoqV2{8AqBmd{WA zt%1}pNpAT%zeyF?T_IXyp zBudgm3+;3>4(zf?)tu!8suG%NxliW^+Qkci+Uey z7UfeL8zprMlNbIV zUY*>|#~PE{`^#FBzt!XCKyo|Z8&7WUFPlc5JdLz}9l5?ir=x>7&Us_@&z@~Oxd>%^fq`R<(Z`@ZB!E{iuHxAW(AVwhkVj{sehB){;tPE@>zwYoi3~8dyJ58j`xGu`FvdR8M~!^ zDst-wcXAt7`N(bD`jFdl%abS4ehVPC{k;YGnxfLquH=>TBTH4VAd&rWXdKk_8cT1$>&70B&< z0rko4dFeLfR=*2*JUu@dPkzNs+CQ7z-ruyCJdeIla5uTVzv(dfDSdwC8o9l{=^lB& zdTGxG@}_z`|3N-HpX6h&mG8E_>~%8-xyLdYhxy2#rjY*kBeyy|$-VTx^g!~;<)qGJ za;vkEJWeuc&rb3s`(%BtlH2R`ee&h{oWN^xyPx)n{Kqw^AAMc;ezW^^@yH)||l6I~mxBPDMzaq)@I!SK%2jnro zNd33umXE6A*T!K`Jjo{}w|owA*C>)NL~eP1@|=|=-+*mZvGD|v05Urw?i{J6b#Qhv@xZu?6<@`^pA{l4UD z;!2&eFDo*}xlzb(04NAx1M>w-b# z&#uUFr;=NKF1dFcS?)G+yN)wnvS z(~;YCL{{?PFY^1oHA+! zlG}B}Me;oTr2TKn?RfZ`+^!>{Y!2VgGj#lCAh+v??Bq{(%kP&Zx9fxgdTo&4qaGl|@e&kM-^==)jLk=uT^o4miDwC5zbUuyA-Xz{R+-8Z?PeA@b?ZtW>XZtbZ}ZtZD8p0}8^yA!$f=Wy~0 zBP9Pfx#d@rFSsV{-$6b+hxk77a;L>llY7q;zd~-WFK@_q>2p?}$y4cbH4(Rl-(FTf z7P-~WL|#VkYk82b953xGMsCOXO5}Fju1P*qpYv=@Zu!pS?J~;xj3T$={B&|V&d(=* zR!!<`C%5DL5pp}upCK=oQ17|*7iB|Zar(Y6wogB<7i0^~T)*CFpRTk^Ce_ew17_8?EG-|yXz9N()o zmpnyE$+MJvg}=1Bo_x1{AInbiP+dl1sbW$s6f@xt~0pe*fWP z@=haVJYSLL4i)## zk>vSxem)XO!Bn@#ZQt~>MQkxk;l{Dzqmz?e!U>?rPs^v$pgkq{up|FfN@5i z)a3K^_hmAXpL`&BN|U$N@1yV~Po7%#pL*n&uQn&ge6>9}#(y|@2mO8FapeE(kvgZ7 zqrXeYlb@CCvYLGD6Y=fjsQ&;t>c2uBuY%;cL*Af`jL!>lnmk^N|58YYd}7-kksFTyunV%)0rIOJea(TuI~kr|8rFGFCa(1wvo45Bk_C5 zXXt&}SIEEbkUH;>C%7(o5*(DjF>W(-Jt8^z+WQihg&gyo+~k<&_>klKhntW;PA~ae zlP63f{v-M17ve$WJxWV|Cy-y!f4_bv`4C+fT}IwixBFW1mpWhENsfBL$X5)IdajV) z*Y%bM(e7k&wEG8n!XOXVpS|RX_49)BEzz}{f!&Ref9jao%~y*4%;PlL3x~xys2JqXC;4gOzJ5|z9W&iA9*F6&om%Mot?<943#`R$wS*qorB4d zXB0X1ht=dhrDM7hZ6+UkQrZnA$8m9qJZ3(LzeyfeQ2ZPD{bk~D^nDNG|2&KID+M|F zm606%%1Ms>+>d-r3CUlZ-2bE0(}EoB`jeyG?&N590(qk3((Y99`JUnn$kFa{amiDO5Xl&$y13O z^NO0}m{)Wl-#c0IbSF>oue3Xm9Qj9*BmYA3ijv-A1^J6iFXPI4qMMLo zy}l254qX=-NFJ=$rz6SH-x=in_4l3Ulb1>${aQwjJUhu->Tz^{yl+#GMcJPx zlH+r(VDcDAC4M0}j<1#EIKB>&Zz?2tPLLl8lX196j{LXCk^c+%#_uu?F;7Gv=TW8P zaU$~n-!A0EuwBR>yp}wE>VWjBl)n5;@`-928pNFbyn>E8T5U~i~R4F5?`KtVg}hy zs*)$xcfT@~2+Xug>KC zwn=<1^0wg;KZJZgY@>e0p@l}U>#65}cM2_RPC;9hDGR|YjXEl*L!Q>^U zO8gx1Sl=Xm2l>vv5`T<5^s2qSY(3;rbac$4FPjAG<>$4maQr0OOgUPq*1=1|? z2wewQN{-(PSVO*CucuCvOR?vT&QF8%#Rj^7K2eNM&|AFor@`&7$r!D!zC$hb|kuOdz-jBRf9LckSJpT_8zn*-DUS}O7PcmBK zL&+155Wh~IO4p0-lK0a4ke`v?)_Kbt^7dYm|6lUny8aX6ujt#Q>{oqEo;#j+a`M>& zC4UC;s-4BNk#9*O`$;}>yswud$8lGK9LGx&a_qP5$#LBEB**bGh&+E*sdFrOu~jk- z^T{zESWccboy2b?$9-;x$*b${x%^4KTt7FtMUMD~JdQ`)pO%Vz zP<|PQ0_4~(Wyx`WnjiTvJ+51m<9@S_xD`_sCU zr_y!)@#MJwZ7TWcdD5SCY6}{P)RMbQ6C=j^oHf*EO*} zHhX*Yx%$I)u?BY7nLI601^v*f?#lyP`Qj^pSp z`IUJRpYWozgZ|<;N=c66C_DL}iSqiwrl@qiT>B()X7ppylB1rN`9LKa3*rpnTH(n;o{_|ry_ZcMzX!?kfWX!*19ptFz2s!FGLw^2-)N_p-^*kg;J#WZS&o^?^lR)QF*dI_& zO7dNmr5-PGTrcM)FI+z>)+qVW9j!m zt|!O)@@{fmFNBgK|5@^xZ>7#>b#ZbZofkDG z$Mtn9@`QR`?Mq&4rX0V6$q#iCpHF`F7pZ#*`I{oLpX?&XeSMF}2c(xg>90l~2V6&c zk@tx$^%Nt=b#z(sdJ84KJ~^(Vn~^{LS>oG~<2t$v`LB(o?f`OJM-Lz$c30v@kmEXf z9Qj!Np3;77LnsRdJ{R0uf60rUQUo>Kfge}>6(mNI61D1Ka%6R*yCFC z?H+hX9w#Nod_FTd=I6P{_d1KmQGd#iBfc^@zVECxImV$IIp*_$>!@$@bb$j`{p?@@c`+uY2T} z&p#s%EHCl#^!*>>fcbnf@?v^E$<1C;>hvMUe7+KSvph1M^~iA?wI#=K(V4vOZmEAT zIpTxJSLBd7=aJ($T1AfIXcKwSU!>g=fbJMgBuUspkVZj*D;PKfICn)HmgC zY%j!TCZC||KV`{rT=PE}Ur$r1mQ{GhH6$Gq#| z`h)F`aquL^JRu$Vlz#GhA99RyMRLp&s*~ppis4GsjvVj%UCFaFmv%>xBYr%2n$|H~ zFIYy7_x*L`GA&IgX>@ zM;*y;=zSw2$#EP_ARn#QgUiWr9IYq6HDBudlN`skX5=s0N__$3 zm~RgtUw2H#VJbO}iv{GE4=*J@Hdfj_NRH$53_0f8*T|7SoIFlx$^VTU^M{0wwBHyF;&&(j-t@pu(l4HJlmOQAKY_D)~ z%vT?i2kHG$U&t|Ejj5maV%!GJlKhFtF<(tVe!rKDLq>AUSF@AX)8D_yPmcL&QS$0Z zq@Hr*n6LVgcU&Uzb;u9JljE)>Ip&iA^k2* zM2_S41o@^`x<8QP_7^;lA8@+a~)_6HolS;%qx<|jw~qU0NO-qL^^$8TG5 z9KW5&)AW`4#*yRrolcJ9cOH3ZT^HL)j^po@%_v_$;0)y9!-usOUUv4%&W;e`AI$3$a_qc{w97Fy{FTXZ9;-=yca7B1h#cp!mgF6Dp4@>P=do_&DQZjpzT`NM z4JOa2*WIJYaUPpUJ|$A}Pb0^9X#shb1Tvnh$#I_9MBei!$$yj_@u$c;m5}kjPmc4_ zGxDK&e_brS&plyObIwOrI4^mUHVNf$Z;N6O+I_1)VG%$=Yb>So@FKeGC9rzx5#hn=R}X# zbzbz6{DS^|&_{Bd2fmT743+VT`!f1C<2;areAyX^OGA$HKxXo~=Hy1@!^tOINy4>%;_aF`tNf08de zEbZPS$2dfgW8L5%@-F)O2%dT!hT{n1oP`|g2HxZ;bpBnD9P0qp$v^3Ro9)OE-<7;v zJL&Hja;yXVO74|c;+K&lejWMO+!BA19P0*QJ?j`&*S6aJO_{^S`_ivLJ{Mt^U51Ucfzkw@m1{;nfGJ4y2IBFBBO$H;NNVi-B@ zgS|isr9kyqB=*B(qh*Guw@CEuG*_W$YRL-qGkeiv7^$s-oa>vNIE?jv4={D%Jias~2|S!A4Rk*B#V^)w^@`>y2gK%Tg-_|N2J zGD)5Z!rk$+WhNghMj4Fbrw>Un$zdC788-&yhx4thdB=^vDhW+Ge^*n!ze2DhXad|_*e4<;{iLh4&e zeo?PyHnZ&ED%g(Gb^K3KJnoabOnyP{Yr021@3z$Wjy&UGsq;JepFhZWCjK}2 zI8VJGdD4?t)%&!)$%6~X>x+@s$RK%q$&>4RtR8t@{XDBRIj$3aB%gao+U-vsr2E?_ za?DewlArOCIv0@N(cd3gP2QlYw7Z?$PygMPBjhPJNdCXbxBo4ElRUnj$DWd3Z7T5} z$vvlw$ND05VZXYe?{}W$)04?|&rI&6zsHx4{6s;?Uy6LqH}R_E_&tzDC^@(ffY0 zlArxu;>wZ7OC$MPlBcdN@&4qQN{A03zoPs3H1gP*XA${C~*zRUz8L7k-VbrZ+iQtBfq8V9&5=H=zKnuyk@Ah`;vTD z3K@qFdQD!AotSaaVGh_ zvQozq^6>TI`2I-jhXd}4@1^)Wx_)|+JgZ)RULv2U`{zCK?>c{YO}<_4U;RqnQ9s8| z<{{ewbw=!zI&+cx>*rF{$P?C<_%7sm+lY@N-=_1xE#&JKOZ*w~-Y3Ohk?&Pc7$bW9 zjjGDyeB>?F>yY=+`+<9rC(!+BGWlpd&o3j-dq>(mM&3$4kA6sAMvsfQdOpVZr>H0W z%}rii*H!Sn;E0dV&lhS?{NWptrw#cM{eJb1ZhWX4ALYj9k!SLf<0!<9?{eb@-S`#q zGrI0^+l_y8R8eDpT>H>K_)j|+>MuW<4wp1>GgYSH$KRXk8tA)$V;V>?Y@&d zhVIW-$;a=Oc#qi8$Dv9h@r2~Ls>=4wKptB?Kluu8$y1hmU=C@o3;C(^5K7|e@VVw*Q-C1C)M~kaiWjU1|84jIJCKdj@k zgnU>@$+Lm{--@zd?I!oo@jp(!So5DJzpvwei+qEwyFMkav`6asKwj>&^b7x6-UVQ(a`FUvU6Y0UjUF%g$qVF^yrsz(*OmIKkq_P_@lD9H z>F1<<$cqn`_-W)tb)A19d2ug^UqfE#k@$AG^8LEb+?>3({=RBEa&UBW z{rkxC+?PD($bTCsew}=S&Nm*B57W;nBFVkX2_aA@Lo_v+I0j2zj0^68{_d`^@4i$&;**aXv}jBa6g8CI7Zv;$!Q5Z5W4B z7sd0D@AZ~EwaFjrao3alhVF+`$Ul^m{L9Hx=;!$R$luSF_&>=r43&CrlJET>@o&jj z>Uw69MDjZHx00^wdXcxNEpesEYkU%KPrgjAzj~5SJ}C8!BG07nUkk}w==^C7c?!*6 zLhq+W{cSo*{>tQW3(9$>3Hcq}-vY?z>gS1*$jjuB{w^k8wnW-3lti9KJ@0h?FGn7# z=eK&~Y4y6V3Hj7flD8H4mIu;qd-Br-q`zIrTj+k+ll(;;$oI zLtd+=#BU?7TuOW|`Sm}=FOaXPEOlNd|CU|i-;#e!BjfOyyyQpmvZIO zu1J0#^4Gdwl_DQGPvRSpm(t^~J9({s5ykIyC0-%|0!ms0!{U5DR9-ZP)X z?<0>lK-#@YeygqY_bK^#eLwn0zDm!x@l!}X)OknG=c&ny>ijG>`QAoSXL0iFxg~F9 z@}>Iz(u6$hy2SgF<9(+a`DMMX97T@!N#wH*NdBedh+j+YwMzPRlpOJ=$!BW(19HT_ zAYY~NarAl@KMqFGM~=*WYT8BfbIo7QK(UH#y=5koVX3uc_pSpG}@t z*R?j0BYr3OQtfXTIpVL9C)0KQH{{+w$+&$czo_dZDN;q>|MC8qf&8ZaUO*{woc}A4 zub3oxTaq9BOZRi~M*4a25b|U?4x`9#){=hBBggyo67pHP9(aJfw|;L!D0#_!Qs;g0 zb^5;WoIH83#K%u9e`9~Ht@8&@@(X<=t{^$)4<*P)rj-6RCda=A)SA5XXURW^{EJ@C zjwIhdQ{sOopX?*&)#c=Ii%32D$j|Bf#WC_DOCPW8$6>-$t!@&tcNo&fUYy8bqvywx)q=c(kyvPqtm z{+qe7~-H1dw0RdFgoae!4zCm3)l8KdmG$d|vvskv!L2 z@lf*1I)6Ave&>+HKO)~WRQmObyqeDcVf_8{b7cIUH@uWyuX$7aS6z=PMBcxV zR0>Tw!CUi^&YA5UI5t>m9dUT3`cO7auqCC^6kZ#wTiO`f;8 z#9tuKTwU@%C-*EM@$bk}>gNuL(#!K0=R^f1PfGGqdVfxS@-lnm^~J~wHW05tzFY6t zZ9pDJ@1O2Qj^E=8B>&P&@=qa0{4DY(8o!ks@q5S%>hCFEAxHcj^7I-XJ45vGynRz1 zdz1Il`@ss4uO2SrUx)ngFXBze=arN5RUkR)988`?KX;o&j`)S-TfC*+J>-Z#LjFz9 zvvS-d0lQ zW%50`u5z3FKnbbGBa{4%e$B^q8TsM9l0O$Y;tP@&&oA+{$r0a}y!9Zdqdz&~hmju` zB>5MSBYq|M)%g;Cmb^<_Y4;L&%eWH%i9Gz1_;>OtW5qM+Iw-~y@j1!wHkNiPlOw(s z`K=BT-;;c4Z}Gw8H42Fbk-yOQg}LNdZwVoP^Fs0*AV+*C`Fy=!{V6%(-;n=WMe--h zB7bAt`uWIsrX}C1pKBB+@6=IVU!MGj9+IaOc{4rEJCJ|5C3%LBH(4(}o_zL5@u}op z_ls{NZ=|1thmx1ke;?rjIr85iznxRg4`0Yn>HB!ftkOQlvwSsqoRNHle*Z~n@+H}2 z+REgpRVs~1(b5jpa-BHz(O#-}g&Bpv^efpPtWe&PEQ)>HhOBhv1l^W<;7O8hHw#D663rJs8y%@%!sMm=fBTOO7C zg~;*!73InC{S{ToC+NJoEjhlwq9-}Nzv3tI6LqETDdgFENu5jG_*(KF-zEM4Ir4;( z&%Z0}-XTZ)WAdD{B)>;?8fUFDKDplziT5JM{#J|}`&&8kAiaN}B{{aQKlztj((Z6_ z>_6kkOLUa@rR0cTOWs-IkC3CDQ{=Vv^S*oJ*xw?^vA_L8-n~RjSD~JIpC*nw>~C4g zvA^XepQZ0FmC5Jcl5uEAepJt^oydz7l>MMP`2bx9>qDMeuj_H2De6bNBPc$}dZ}kR zIpXJ&A6qB!e~=@7FZt9s5`U2#@i)n@ZI<{CB#S#l(-V)uk^aU0{QGf9XImidOu+=a(}&_tv~s) z3zBC6c^&<|p=IP_pGcjD$XAz_?S7WLq_cxX{kcnCP1mPhlViR56ZsjPucY#hKAt!~ z=O)KGc46{8W##pC$?<(et;zBIKOM;{>F?)GAkSM_@-HUG=klw_SMQbhgXBZ1h@T+e ztlv*^hkVQhiGNI9WT5zWa>U2e&lPbVxTW_yw$S@F8$K99+>AC^2H z$W!S2EtZZe#u@v6BJzzZq<$}Q#OEPT|4rhnlF!oh*dF9-^t!Asd1}26nrEa-^mfbj6A=7{<@#MxZclpnEa#8+wYO@ z(D%)M-FPJV!>=-KY4b%NXXMF9o;If(7sbgDUygiz9Ld{^{K^yYR^&-4hz}v38z8=l zd`-C2bBTP4t^>!)FR#P?Gg04nijt@5BYDb`x6|XO3VGATlD9qi#q5%2Ai1wz{|+ZF z_d?<)lY4)b{4>bs{UGtn$lvIFj629Z=SrR{(&^zk9r@@5c0Wuq`g(-H^+-#A}`-VJXXo*b*9qu zLlN?YI)58mDtdf|)^c9jN?t+F|Ka2dLS!70mX4n1p8h^{dGZ%p&qDG^Z{+o-$y;<4 z|4d#crg-i$(c4Y0^Z8lilhaGT{v;o$_se}Fuczw?K01HI_Gd2wB*T27uNm9%?-JeAJBW0sHJZVG+> zElFN%jKuXIKdSv*L_S;hw=3i)_4+8T9)B3;jh&><66D_cxn6hj!Fr#}Lh|D6B+qH` zLi#=A&&Z$Zy4f2yp0r~0@j-lQH(r#yK~vce>ydlMki4DAC+mGpLFDmuz7#^9Pw#(N z<;D-X@lZE@n>mm9C(#;dyVw&c(B{@%`Re3%;_ z>&BOnXZ}U{xklZ26i2tA)3a;F;~IZTdDgs=Jg-fBJQM$&;urlb@o{|RZ|7%x6Q5cg z$Jf`p5|`1$Cou8(DLz{!i7#T}6PozS6u(#JIW|s)@{B@N4^%#i{BmaAyhe10=YIKL*9$VKV|?)ax&_J4>oM|iVfLs-zFp_rolKrxCeIj($G=Z8ogDQXGkJEJJU86L zzcBGTOnj`G@&NtCcFanS?O2!`+p!WkwqsLurc@UkmVB^&o>H6qk$%qDo_wUncOie7UK$S|N4tZ_J3W#3vE(g(6b~VP zH$#r2)#^^vMhSI2aggHCufNFAuLtDl*E4eT%e#&==KS1X+HGxoz47tJbqeCD^Q!T+ zCjPZLwioudNOFv4LR|+%{EV5d^d1G(oz!bg{(2OT{G&|#Y7;+~;?eE~6TiyDA9E9b z$;7WT@h>PI$4iEK66E|`VdAT(qra6G$dh%+2iK7KOk46gx_|Z}|3j}UN2xnmmz#Fy zQhb^D^5hcoZ~8gQT5=rMyUB4}pCrd|eN)|OZJDVjPJMZRaX|jmmXQtI4y()W4MCv0wdR;zLaQL*t8$f2BOAr?`I3jPb#F zpb9yT_nPFWr#U&sxf6N$Ia1UB@{_s_KV033T4d^?hCFM3 z*JkwiqVANk(A1M(e-Fl?-;MjJV?5DrM-#7yqN{-+6n{nM|D(z8ssBoj{By{+_mHAi zlJ8aDqwYlMA?m8lo(*FWV=j$-8EhLUl^Zl+Kts%9-v=1za=Ke`7Jd$#xo~5 z#>{lJhF%JF6F%F~2F%Hwov0trIcS@gX>OVs97@t=reu{~Y(@Y+qzlcwx?mRo$ z#8;sB$S?9_J@WPXc|=E(=U0;wPE-&u-!qHkTmh=R^~q zO&#Naa>s-qhIiL z|s&S^>xyHvD4>LZ-cm(DD|2oN0PbpnbcsngVRF3hmnPp)KPq9=pUUJfHcKOo$T3goK;A;{ zW5n;bp`PN?B>yOiAENhbtx$Jb(`#vOqcP-oUtU6v?Yob> z)*k7^F?HwBVAHP%g;Ob`NOeCik<)Kium z_0%RuJ*~;HKMYcLn(SlR-Dy0)_&Lgh@xO24dz<)w-NYwqFG0@FUM4=jI{G`Uv^-hK z#P>AugN*B?byP+Vk2#bFb?!9r-A$fz6p#Jn3OV+ZaB^&y*W}nPk>uDeN&Te=^cUA( z+0~tAyO}!6P(14NBS)Qe$Z?)&N{;$FlcWCr7=_a&3Rv&o;W;CgnNcx}oR|Jk^9-Q@+fF{gFi^;}+69r-aotVfRdVRLfK1G|!A z9ypL3^T1!#oqBZ0T=guac+|6w9QAA?M?J^LQO`wk)boHG^U}}iPMvzHcGa0nH>%_M zR_5|H#&v4o@_y_NzJME%kHpRpeMV+o$f-qfr$L6{u{-kUvc#$i~iz$AsspTn};0zElrN|e=~JwoOQ|8RnGv5$2@0-iPxoT zSNvLvM?HJUQO_xI)N`F2??<21ojUa+1y{Re^v%_A{fNfpLB{o?Etk(x$9Q79tT*xc zQK2jTsGIn!CSE@>b;bWf@pwOqr;`0#74P2G7^Tgc^;jMp-L&Uj7Z z57ki*_P1B$*xx>pV;Za@4t+9Chv@N1f-@ohGZ9cAro@>P)7SU?;SyiT75=cw!!ff5#h+e}B9*#dmw| z+8sP%}D3pM)Iehcx8qmp3{3 zRgxUXU3GFCckR`k(#x3o2U0x7VTy^@OH)?^7NecW=qj zZdP3!aZ(gBc}l9IU)bL&k>hx&Nsj%h1v&PsuH@LS29RUDagw@IVo_6P2*sn$HRPys zD>;sfz2vC>G&$I0$>dvDArk)eV^BccSd5}Ma zE^eZJcv0aA;_tYLe@Bk%{hYd3&;6}SzWRVP(p24fl-;zu$aps6+bIv~kD(uOIH6u9 zKAk$(lh?#&HSxX_k9D3}`8Agse!^u%+1Uc5D@Zl528TF^u52c*aGn@Jgs3RWpkP_rrM{P=u?cRs{p?+`n zAa$q7Os3ss#xokfU_68IXOti9elhXsO?-a+aM7W3#{JaMU*u_F;?tV=0E)-D+#qt~ zSx%01x$WdL^!oO=y3?f7?&7Gwoj(!A)0leV4V4F6e|9%sf;^KRWEIq%Y^hED?#5FY z528GnXU;S6DNX!lipTg|GVv)){0lenX@8a=^tag(dF(}w{CUYycM0+|`X*e1e1l#O zc2IX(OK$2MOz~)Ul8N^;@gWqCdDGI0$s4HdJW6Wn-)=mK@iUYM^WID37|+|}nD;&=$2fl?$2i9u zE=6D*Fz-!Ej(M+-y7Q{Urv4ffkMU_~;uD$pJ`|5SN0Ot?-^fwtVsg~EOWkQQp=tLo zibtIvO?(0qpJaqQ!1&<(A`LmNTeFhmy0tJl&L=h1omS$TcH2`t>g;dgmT zJNZbxFa0?AOZ{H58|qG1W0?Map?GYUDx)OG_0z=vY+QdO##PXCbso1R*RL{h`83Lp zaad~NznJ_-C?4A-;TY+c^HXopbG@pfasAa(mp4<#IN<%F9XZaoy~%OD9cA+WW9qy@ z@#xn>^4EG_-%FE6ztY{6E&160^-I4>$>n*}x&9*LsNa_y^*1&7^`D+~*<@o)~}U68Z6+@?bkA9Vh)oztC<*avT?x$Z=dWB*$^lfgHz0UveB5 zqsVbwOe4o}u}~Ha`H!*_&&y88y~NZ@x*-T zH*)O%OUSYRY$3<~bC?|SjVI*jZ>$N?w{P7#@;H&Y^GLr+$<>Qe#`P;-U0$E^pw4#W zs55{Zb&ep%yl8>CQ;!~^u6A!2*N?bd{+9Cme}5-R|D2!CT#@o4pE|Y+?qe)Vj{6u} zkt2UE@{xM|-(THn_o-<&#P}2AA1M#=$DSnhqt3Oz%Hzc9&Lh2r+Lf)i@kb_q9m<3K zxidN1ok@=Mt4${VLzDlh@dw6p{37)_KkpmwppJf_-5%s!Ps)pik-x7edB>Xk_e}n6 z#_t+GO?l96xQP!p@t@qp$I|V9`f)zYqwZ99$K+{g{I>Bvln3=}B9A>uUUbalxn=Ua zH-6K2qRBE&s1y0qk)!^y+7mJkDUBDg*`e@yhjOX{3nXlRxE@{~n*#>dv#*OnhHA@#9VWRTIC^P5fGNoIm%H zXZBH`dxRE=dx)xh~m-i0yn;c z-0!v2cfjPoWb!{Ve$jZ0-{f_uAM3ga$+51Rk{s*0ImofDTZ|m*x;53E)-RZP+EYC0 z=|+xv`jVrbQRJv+8ae7&N{)5redl#D8}apDI|!-}xD4;`6Ix zyI?)GI62yFNdBXKe^CeWuKT3DAadkcKz>mtFU!=OSN~<|yhicJbB`RKf4w8`dQ9s1 zV)CCe`HM`G=P?e*Ux&P?eqTfrb>~$$MxAscjh`|3HyS@}{5a)DyN^u#DHES!y430X z)UTFyJzGu*keW2U^moyntb)vi2~DgNPAiJwJ|Iv0^+{c|lj)<2JvW1Z@Ty3?9| z#fGb%w-k?dW6hAdoS&htNcoXL9pixcc@A=%w~LbFyj|PmKW_4Opm>Z=4|3EwkR0PP zjvV8&jvRT8lb8EL`u|Yfd34Ow`IX|4C#`OOj1RmhdH(p4tgO0|Uw=i=^+XTjM@+k; zC=cHEgUQkELUPP!4wL^CE{*(6j_cF=^$ShHmOFb=prO-YXH)4b}=s}7s~ z);E60cz5FmjR#SFjKee&f560Vp?HkvClkNl#3!8{y=1 zJbO)^b#CHA$$#l3FFI%P>@j&Fjqf&|dQS9yq0XG-sI#WJ^Qv7Y&oJXVjnAMwIB%>V z$9ZELInEmwP5vDw|8t5*o%m7@r_SvrKJDD-{Y89ZH{OOE-%r?`{J~+#+gIIrw9T}; znBvjy2J$4o%8Ry}Jb#!x_bDEE-jFBJ?``;O@@zGEGS8EGou6Bb7gxvei|tjN9NViI zIkwjTlYg_xKbhiD{}L0w$;9t+6aUVQezR9!R%^WDU6GV#kze5jlF8zz34iGS-R zKFPx9!59CD=CeQCC zPrAi24$e>g3J=$_h1Id2Wlz)J>y@BHKy|w4ay&KC5E|8<$o8&We z()Wryq_Xt$qq_5GzSiRWl{7@2M}N_70d?ouc_zLJ#iO3VCVsAo|IJPOauYwt#P4+z ze}WwI_ABH#|3sMlvrYbZOQQD|^;cAPo}FdlaX${m2m3>3H+lM!V}Dpl`D<$%J1HLf z!vzzsZ-K5?;NOXI>eR0sb$Rxs|J|<|>dv#%U6JymotyZ{dvclDc|)(TZ+dx_cieoO}i7_#4mH>2gu`Ikh()n z{s|`kN8{s-Ct2~|{mriKJUhpw%uvHr7C z-D!7}X?H)xBmX%QA7tVmQat9ppU5$vjJqoO_+UQit?oQK(&Vo|@u;V%i63F&CmSDb zd>Q4zc&;Z${$1o4&y(aB&&TA*6G48ag%p)!b@XwFm07$rIr3B{$9~>`e7Jtj7f6mg zBgk{=#pq&k#IGht{m03tzLEYUTO)rvKZlv|_g2UIDe{*y@jsjR#%|)foA{w7K8WIR zf8!)_+}}8z9QQXaCC9q)UUjEmLrlAWQ#|_h*u)Pu@sV!gQ?C8rxD7J#`P6yb8kqQj zCcdki_~9lVb5iGJGbtY9wvZg-wvrsE<=xbcnTI3D+rSJw|2j;T9!2AX!?QvCmq13B_1SRZ{H zhBT98$<>`_`=#lfXP3Z;*ozod6`F&XQ|24+vEwOc;vZ8 zjyfNcA1f^RUz_~BO#aLpJc= zlfQ?_zmwvT|2X;cK9c9G$JeJH?%d0!t+ME16C?5F- zlRwcn&mfbhoyoJ>_z%VpQXb_0XyV(N_#|8YyT9qlv7S&!-Fa0TlPADA^ODI^!{qVU6@5IBCjmL$N79n7UoOeAsyo@L zoBZ`C9{HP-BY$V|o2MjMFO$ET$v>ask$*M$!%Om_%_dJ(ljpkeD#p|8jy^uvE=ARy zXZ=ikFXNSsuXU5>n2Gl_@iF&AZx{VaM1D^Dm6?2+UNlr8$L}N5B}e{dUl(-C``sB#$Nq9Dz|>rLE@p8tGxXFLT#FsVkuiV7P((5p%7iCO*26e8#gd49y?p;yFrH;v8+Ta z}Bcsz`e~ z$dTt5`EH#QKO{%|D{>r<9tWcL>-R$P*qa=A3X`M$3gjbwW$-$XBTo-<=NBVo0{K!dZi%-u8fz*-s-4-qb_Dt zpm@|%oBW5hvj6lX&vr-hPa#J=i;Vvr6&ev&@~kp`G0H3J$!WK7C*CWb#2+y3#8-P4 z^&{%feR9Ehdk%#kcA8<8z8fp18-O_qWJlX*{XA^Q@C6sphFk@yOGN9LG^7 za=d@{r2LolJiLP9k^c|!FZ#Z_m-2*Yp2y^g)gvhn@}~`zaX^0u>!M~MbsVRNuR-z0 zbWszZe{%d_iucs`-`wP1L-DP3@$!(H__O2%brJ44<*D0Iwr|W6(qFDKDS4sh5?4SS z;}cu+RH1l`PXlt~=|y?Ac943;P(1SdMt;%H*&Cz2pNSm#_fh^p&3}R7k^c@k^1miW z{=_F`JTMNc{axjF; zK8?nw{!_+*`&&pI<8xEz&(++-x1;z)8b82I{8WmMsqrh^#2=veu6kTtauffG;^*q3 zb(~ZG-QO(g=q-U5TP2pbipHIJOR&ycIvcn1mOEHTi?4Qs-uqKcC5e)3`G-OLe=yqdaIg(^<*q{B+{GYJ4$uJ`c2|_&gf_lbiV8 z$S=>3_7;=J9WTC*^5@fe;{}RG{o&-8pS&R-KT-xM$2n;S{dzH5yf}HqF%nmm{6L7r zH#6?+|313^cPIB(4>0Z=7ne&*{weCtBWL_Wn@RrV6p#L%rT9qw5axlK_?Ul5JLoUQ zA*FGreh;m)lsf8}ulehnczay;AV>ZQl&7)gSw!*Z*B)}@xk7oe>xVzDC?0td>pCL( zi~TJ#Ir0}Ge|ufVs}0s8b-M&NlI_xu;?eGJFJldT`j^lbG1IRIMBgrvtA>^oM3pwgJV%!<$5FO`7 z>ZmhSbs7I}Cf@m9)S2;;6ZyY!Kt1KjQBOT`)YHzmQ%|7QGg=+>oT(=D%ro(}o)zS; zl1lt`^2b3^_urKNx_&74l;Y9fkL1`N;$8mVI5_qDYW?}uQU7f}smIU6+xi=jBmXGl zPJU0#zk>3=s4V&SnRuK3PjckHZrsTq9$WH6QvQGR!>-gfsVIiic!Wz=~bsvCFm1Z$oilxMl-8D-*aJ@YAkyvA>F6Mu^0 zH|oXxT{rQsj5~FDXq^deN`IYxIqsvLliXjurn>VgXM26si|_U(-uA1PaVLME^P;Ff z6Ual^?yKHj-Fdk~ z{c}0lqyCL)6L0GoW8A4HLc%>3k$Y)9yU81>UnCDw|3}?<=+u)qyEKsOwgm8go5{FS zPq5aL%eYg2>yGmJlH})_i`O*nZBLA31+C4-0 zeY_<9eTv6VtmlA6vmx?`Ad3_lIrMJY;CumiMRb~MUM02K+1CpnUtrS=2=Ja$g`6ic`j0(@|x#4#Usxr za^y*MSGEuO6_!Ezn_nH{hCHRok*5}U8(n8>O^)r}SsmMbu5R}L;|`t4DD{k?JlO6t z$+6v6kmESoPLAzF67`H8%B>oe{kGm?K|6cTQ9<1Z+r_SSCpB&@d zlk&9FJfkTd+iL;Er_=bYZsHG+qum>nXJC5i*ISB5yOHF`lk~of1Nw{eLl*MGNhE(c zb&PXlI`PI7k9OOWquoGqv^#?wd44Cy_0dXl?9YFapVtp1&a0#T(6mzjJMt^)DIY{1 zAJmhH9QEWQzy7o2FRJcj%OT|Y*_q;zzc)F??PqfIcP%+S58XpvDUCG#l>Ag~>E|1D zjE|q*r&0f*JP+@o-kChM=ATCHspGksJe&Frb?k>2hgamcTSy%rO`hy#JbfO?^PC62 zR|m)XOdX1^vs+%@L>>K2sQsNn@u+h)Ir6V2-+-AwsU>F0*eC?5IWkt2Vc$I<(H zyu3V4qK^7|Y5p1%kNgeE^G=gGe;`kkOY-+2ufI=xkUHAUr0wpec(i+j9R0dTe&i>q z=O*PplTtj*6KNmY7x}Z2BYzR{cDmimsH6U1&Hod{BmXdR>YqW5{42Zi1BhPX2<2pWPO&%|k=R3tCPyFZ6`-}IfG~}l@NL&_m=TTOZzqWCwM{{)? zI#3?8JCx#sG=7?!__Y+@L*oy-iN8+qO*Q_FoA`t;q<_v&r~Y%E(z$HveBLNXj`!aR zXS~E+j`i8^}@5esa`vmK^iyTjZ$oA9bfrz2tKh z>i07Gc!p{Ht<-ruyO5*)QIzKw%`=zcF%HYgk>@x$;?I#||G!E8q?YvOfjYKJU9Bhe zD|w##m4zJj6ejO=P_}O=b>ttbpW_5lJnA1uK2`6dm_~l%wd7w){$5T$9&6RnZcc6Y z9mS*FujJ=yNd6?RqmRR)uHvcHk^ie+FVrM2o>=1BQy#S2i+u1WX>YP|XT8No(s*n$ zZr4@zlViJ|Chw=~R2S4ye_X9Ic7(Lg+dTz&@8MEV26g0lkx0BE`4si;K+ucv`v2=$xPVt2_{vE}m&LnT89Vg7$e;TKk$EnrP?jfDG*Cd~=-k$Ox ze@}9pA10F{eik|6SCS9D<=VU+8`V)~U9IOa#Up{m@G&o7#%C&ix0$?P3OPP6`<)!^ZdS)Qe2{K=oNyC=g&g@GlfUU8i9V5U$tfQ1v-HCm zhri{2T~B0JM?Df9^}F6C{$kXVsJ|9D>S;xecE^xo`%Wguyk$OlKu0Ndsk-w>mkwQ} zhEn|bI?{u4CSI4!ko0GPy7Ndc-CgaTHm;W_F26^4P|r6vp6E;TaVx%49;Z}y9_b~DD}O2D zI`wyXN8>s*clmV6U$u+mUrb(0{j$m9Y)kxk#_@W+`G$N_cX`DJlSki@T~B2B8oj^I z^?a0zyuoV8Q&8P`mA;j_o)|#!80RtMdwNNGznVOH>z*qQayoteOF~_)%Pt-c=_$pZU0*Tma#(9^Cfza3|P6K}U;pmDq1gN)n#B-ps!KSPY${du!-dwd-- zZjZ+>mz`~4^W#><-cK;wD~qwCoq<9h3- z%Y%(qFnL0ZS2VuacqQY9jQbi7GhW$vxN$$@5yq<+$Ng*0cvdy;sq-wys~Pt)UfnqE zcXQ%v7{@%$@tVdPnmo0P`x~!qJkYpK1zgVt8Lw;NgN@fS9%8({@y*5?7(ZmZq46-| zjf{sIZ)`lmcoX9udVS!GPgCQb#+w<(eYH+}bK^cHzJ+mL*N=8w?r*%c z$rEV2jqxDk`m3IIZVB$lJw==%kczffAjQbl8Gv2{?xbcq0BaC-4?xAm@&Ukh< zj{EB!?_%7`#CJ9BWBfdl5dl?^S9KYA-#1As=YvKnR zZ)kjoaew1OjRzXnTUA`o1{oh_;)9LrlDF&G5aT0E{AT0&(S_^TL&k$le30(| zHXdPojB(uO?u^@5FbX9%%em<3YwJ z8xJ-<#dwJEsm3=O|IPRzd~jC&cM zZQRHB9OJ&m=NfNle4cTCM$oTKZgN-jV9%6iv@y*5;8$V<`#CVwTCC0;z zFEt)ve3@~N1oFTc=jFydjju57WqhS^ALFZx`x;+uyrJx~B+ z-(Wn%_(tQKjc+o3$oOXCVaB%@4>!Kmc!cpkjJtk;GU~B2{@aXuCX@$`Z#V8`e1~x# z<2#M}8sBBSq4C|u{f+N29%y{8@gU>-j0YRvZ#=~K0ppvEA2fc*_#xwA#t$10H-5x; zgz=-sJrc!z<37eu822@P(s)DTe;W5Ue#&^D@zchGjGr+cZ2YY8 z5aZ{JZ#Mpy@k7SLjE5ONZ#>-i-^L@1Uoh^GSROdzf6=(7@k_?Nj9)hHWBiJ7U*lJe zH#C0DxWDo1#siJtFdk(5rtx6ow~U7vzioW8@jJ#384oueX8f-4aO3xkM;O0v9E+RI z_&+f2nM58q{?NFW@khpej6XK+Yy64vhQ^;7_c#8`c%bp;#)FK%Fdl6DrSTBsuZ(Xt z{@VB<;}OQgjK47+Zv3tB2;=XJdnA2V# zL$Qr}8joY#%XnPlKE~r2_cb2hcthg}jQbl;Xgtt(BI7~E6B`dUp2T>F@ubE#8&78Z zka17rVaAgi4>z8|c!cqk#yvd$H~y)Ndm2w|+{<_x<37gI8uvAx&Ui!P>5cmv&tN>z zct+zv#xofYHlEpdi194OHyi&y>fQ&w&hh^LKcfhWn6jWqDT1n#Hf@8Nv>FmEj;07& zCux#4Ax(}Xty7AiEa)twCaehS2s#Uju(Hf*g3e;=w%E+Ft+v>@&tmJyw$6Unbzkr6 zoY#5hednAjO?)4}^Pnf^dB0!R`+Z&abzk@O=l*jP@J`^Fz`KD@0NxAyXyE<8j{$BM z)ijz2JpI7yczf+;H|)~0NxHf47?L~3Gi;1Req24g6~0y};{$_XDp79ylak&JDoRfiDN1348_cAn_&jkJr;6dQ`0nY>80z3r#e&8j*9{?T! z{!QSGz}Eq92L2%MR^Sf-ZwLM`@J`^Zz`KDz0=yUaqrm%te+ziv(0KW;2c8c6+rTq{ zKL$Jq{BhuUz}tX_fIk7e1o)G{Bfy^m-UxgH@MhrO0p1GyY2fX^zYDw*csuZJ;LiZ> z1^z7Xe&Ejm4;&UR|Bb-Yfjz+VO44*UneJAuCjyc_st;Jv_K2X0E)th4NesWe=UaeBRE zfDWS=ze$VKCuqK6e1PU#a~aR4dB8lzUnX9__;%tYj8|kDP|5hS#3PK4pI|_g@dd=2 z8Gr6*16mlr^%w(M8GmV_0d0)`hj=IBbBK2_-a@>a@$ttR(8Kuo#QPclGw}h&XB-DW z{i&;g-i2=;Z+IHj3(Lo38J@}bLP{r#@h6A}8Mo==GJXc7A7cDBluj|@CsLdxjN5c7 z8DBx^H!>ckbeb67K-`||^=9w5pmgjx)bcjswr#Y0@(HHgY@1{Gb;LV0P#??FPcpx| z7%wE=%XllL)5rKEtqQ??26B+@@2&_#8^Vgz+U5kG=Ic4)5oT}Gi88)|(r;$GWs1pH z3*#RWZ)NA@WvWT1lkvlI4DVvRl6W`cjl_Exf0lSZ<9ALo=?^g8Lp(6XY`5js zPdttBqo*6YOvax&-S8~N2Z#q5pE=Xm=Q3VHJj8ex@nXggKEtF_!g$4(4XxgU zf1lE6VtgXmH#7cy;w_B7N4%Z!*=L$~IvD>N@lM7=vy6Qgg_z{#)1UMCmw22eHY^=(6(;i`-6QC z<8=B8^a7`)T~F1=_>q)WKX6)#^tKEzez5hOX8zFSY0FrXG{%oIW`T6z7;TQpG4{B0k<*gO$ChGZ6V;9l!pE)X58AB0G|N%m5f{a z2=Jr9KFausw5<{NF<{@sxJ|zqcox{VFkVO7T7la-s5iASZp*(NxQ$WUcQ9__=>&d~ zHl$A%h+IOY=`LauPXqfl#%*0}2TnsQ zPu0P=weJK@Ln+U`i}B;gcQYfDhfYT7jvoB!W z?#mGHe2P(j6*F$@a|!UX!M>7lyDuZa&jI@=<9E`wM&S0C(3_eVx8>6eyb#iFVceE~ zEAVr{zKwC4emn5FVBf*GO}`WPJh1O#+@8z3fu9HVJ&d0~+j@c9A(r0M$GElc2Yvyh zKfrkG+(4Z|UH?O1pT@Y2KOOjmV4uObwa)}TAMCRjx5sY~coEp=GH%^i&0m z+w?=gX-MhW7c(BK|G;Ue>DgB@Zp%LcoQ8;=eUx!)-w3?evo!xSF>dQ;Gw@5nzJ+ny z*0ch@4D8z&xAC+Cry-@M>R{Zq&z-;*Li$~d+w{AE+di_E^)P;lu8``}3;YU$ynp)` zKZ&;W0}q4!0ONN52F4mA?XCpu(-^mPJso%{*k>?q>q;i@#bBSsxb0g6ftP`OF5?H# zwmjhFU|+zvU1tgbuK@dE#_jQ20(=SBS2AwvLj?Fzu#Yl6iMBNYuLS!h#%*7%8F&@g zw=iz&Lo4tr!M=@gTOZniUj_CZjN5(L3A`HYyBN3Uwr=3dz`loZ8-FkG8nEwU+{WJz zycX;S7`OE~K!bK&|07_Z#<-0?9r)E?pTW4@Uzxz`z&?v{+g1jF+dht#^m5rNZUGruLAon#%=j@1HT^Zdl?)G;PZSelyr-F>a6FAn;qjK9})W z`wx6I*cUKv?L)wC1^Z&gZQEJ`{5G(!Wc(1?76JYhu#Yls+nPq;O<>=|xJ|zq`0Zfd z!nn0>1%3zEw=r(dwe7&~1p5xgZTg+S*MNN&<2AIc8~9hjzK3yJ7QMjl0{cG3$J4fc z;9mp#0mfr}eX1C`{x^et8soM;rvv{w*k>?4i?(F~zZ>kc82=t^3j)6f>~k5n@#g_w z3-$$!+v7b1{9dpxX8cfHAnH>B{2K;&|5h^o3)&U|ejnIJ8Mo(#M&K=A-^94>Uo`{2 zAM9HgKbf|*0)GJP+ZaEQwzUKQCfIi{ZtuzI1ilXJyBN3aTQ~3r!M=y_DYUH@_(Ndd z$2k2A^aFnw><1V>)ox2Sf9T!aYMJ^@W8BuCbl{JGeFo#UJTrkm3ierySJSp2@Na>A zF5|X7;E#cQCF3(_TLk#yU>{}Nj$Ippw}E{V(CzJ+mHcCEml1p79|L$s|O_)}ot!MLr9oxnGMeHY`g`Vag&VBf=dto{Rk8tnTR zkJW$R-v#>t#$)yWKx3rqe>>QxF&?Y`z@Gv848|wZwoKs9f_)a_wtRxXp9A|`#%=lJ z0pAGr1&rJB2?2i|?28$<Lu1+cGV+?G!S_={j4W!#oeBk&HeZ(`i0-wgaEuy0}9 z*3VYpFN1v>;}d9GJ8*kW)|)yQxAAlW-vsG*F>d4O2L1}z_b_hL?*;xU*!MAh25svH z{(Z0?U_4~Ekt1FIJ1tY+X^c;&ZRx;&0QMP-+xnIX{57!8V*L2s&Bh?`AA)@@<92`L z0pASv1&q_rKnVEjU|-C*9ez~2S?490DKGlBmU?6VlR_Cer31N&UYSJ1XR z;9J4IfboU2Ed>1MU~k|1r}L}1EuRvw{{`4rGH&f7z<&w$QO4~(IgP-3z`lv`u{tpI zX$JnDLEgVDjNAI$3j9}K-^RFYi`#+!8tgk5xBanB;O~Qd7voP*`_>KoH(=kxcoA*u z1^xlp_c8uw+SU*Jw_rcOxZPiYamGj&Z!g%VF@7m+O9%ctu+Lz8f7+G_{P$p=#kf7* zgTVg)_PLDH;T*^Vz76aP7`OHz;2(m0G2_<01o$7pzLN19X8%t1^XVx zr_;7x;Qt5qeT>`s+zltmvQ?Zy*%JMz`lTSTi-&!{|WZRjNAHF0{j!OuVmaFzY*Y{f_;>68&4zf z0kCgk+{V)k{9j<-!nlp675KlwzKwCaf7^lo2kbi-xBIsf_)f6zV%+ZEZs7j~`yR$) z^&j|WVBg2MEzf@7{{#C0#y{PSHqwdGJH2}U7@o$sEuVDYUjX|I#%=jz0^benvlx%{ z|AFrg_PLDPc=CXc0s8{R&!+5#fbRkJ#f&c}`x4-Lf_)|96UaUSd@rz%GH%Z!`nn8|+&czlh>#1-=j1w=r(#uiAm{3-%q1+x|c&aN9@IuDckw`>PxHevp0- zItv|iMj|BTZ#%+D*2YwXT4=_HB>W_WUfHutp`?L&WV7ZMa9ry&W&tUvTN~k5n$8R3+9I!87-1Z+rz^8$IG2;^`o)X~G!M>7l+n#5dqZjy>!M=}in|?p=Gr@jA+`!eFozb zs5~=)&j$M}#%=ux0+034R9d-=+xn9Sd=8{vz_^V+1Uw(?iy5Cm@s|L%YyNsuCF7Tp zeFXS9kbabLTR$6t7l3^ecGh8~7ry?_u29_X58H?E4tMg5v219tQgX#_u5ez@Fieh$#@3YM}RK{ z`zYf!{zl-HVBf^}3QE5jcoo>UF#ZzRw*tQs?AsW(?MXZEtH8d4aT|Xp@M^H{V%#3@ z-N2WDeGlXIe9;TM2JHJ7kM)0m+c^eZ6a$Rg`WZOF6qHUn0_mqQKHZoF(t%$M_8E-F z+JE46V4uZ!to;XG5B9l?+x}Y~@CL9iVBD_ngn%yx`(noJ{w)D+pINAjqLT3tl}`lt zHIROkaXa2=1Re$ZCdTb}tr_@Auy0}9mS-#QYr(#a@%<_OcHq~6eFx*zod|RSUj_DE zjN9X@8~F8L-@~}A&%MBJ0Q)}1Powzzf!_%B1B}P!3aMbVX(QODF>d<<>A-IS`wYfy zeaHlUGuUS_ekH{p1bz$H=Q6&W?DK%H2KxfWZG8>_zZL9@8Mpn165zLieI?`eTA2v& zuYi4&@yjXxM&M0g-^BPNvTp`{JJ`1{K9THOf!_i4ZHymG_U*v$1p5xg?fJA5_!_Y9 zV%)Yr-N3&J_C1W-{nZQnF0k)o+>T%RfqxC`2N<{Qk9`@rHf;v`G&*5fPVzuH@UMe? z2IIE<$pn5k*k>_r(+>i_2kdhhxBZPg;A_FYfN@)%A>j9deKF&su%AbztAc zxZPjf!0nu_cHP5x9>voO{2@rckMRr1z90C*U_Ze48Dt;GG=FH*RrXfE?|^*|mtcfo#uaa*2&2}Y+)+rd7Kaoe9s2mTD$ zXE1J$uT0?2f_)a_);jqTR^Ts#eH-I8o_65h1N#ofZT;*7z6tER z7@tP*cLRR~?0XoG&Hn&@73}*MFQfGPf&T#P2N<{40|bsXLT&mQ*rzdW=U3B#ZwC7e z#%=nUz+VUZEXHm6=k6JgXAjDg{#pv0{`9uq3VbiH$LB`w1N>#M-xv4};A4SLrbKn< z`vJcIxE(v{&DR1y5bW{!gtqSJ%`bqx9n)+66X0~|qQ-&00k?Hl^L^6vzwzgsn_q#z zN*c)M`0X*Fx3vPNu7M|c33#SQ%s)Q`J^}b&fYUDZw(da-?%J;%`|1rx0?+a+%|G*i zp8&i9IJxq+-T<8b^!R--nPho!=?I zPXRs^cmePn;HAKAo1r&f3*62{X?_oIyJn^N^T2a8pwG{MpK77{-T~asCFso=R9HG+ zr)xl;nZRdSsJ<5gx92py`3B%$2K$GBp9%bJ;CaA50zM1)VYKsfoU?)F0zV6Q6>z&Y zs5jpZJRj`W13w%14}qTp{4?OTFQzw-r-n|)SqS#$0Y4Y`Rlw&0Uk7|1@Rxy~2mH6d z&j&t+Dz}d30^r93w|yVIIUo3iU|$A&KJeARi-5NQUjY0~;1>b^6Yz_H??nfpj{g$i z#{(}0o)7#|;7fpC2K+YQc1)l*KMs5$*uMdM5%4M0DCjt^0Dd9xFz{;NCBWALF9rSz z@WsI22X6Zadh@@5+qEpsucSsw$628PeVTwTu~2H3gGL2 z-vazW;NJrN5b#%lKMZ^u@K)fvQD;lX^9b;xfjByao8Pz+V9V9PnQN-w6C;;Lij95_OJs{4W5X2K+_f7Xj}8UJv{w;O)R)2L2B4 z?*ZQqd=u~!^2`q%=PSU^0sboRO5ooIekbrw;7XMzXrYt`1`;wIy-Lv8{jK}e*nA-_-}##5qK}~gU>NPbUeQU z9t8e-;343D0A2%p8}K#2KLq|H@IL~77xF13_Jwt9`Jty{}lLtfM?7#KXm*%fu9cizrZg8{u%Hn@c#iX zoM(RM^aI{M=J!(IUjW_&d^g|=&x@zCJMe3Pj{&|G_#VK20DMp2zXiS*@H5Yk`%MGB z82H}6zXE(8;6DPsFYrGB9}9es3*vtF1AZLv{ehni`~cwJ1)dK4x4;hsz7zNtfgcfy z$8!+yF9VNVi=<4i0DdsouLOPw@cV#&3HWXo#{Fgh&jfxb@Gk>D4ERFehXcPB_;}zg zz>fg_0`Mb&zX$v%;5&h50zYhiJYN%lhkzdqJPQ06;Ew>G2)q;cvA{nCejM<_isJDc z5ByBvS-@Wfegg160zVP>-V5UCp9K7P;FEyo13ww~^}r_se+c*~z&8O80{;W>Y~cG} z6pwQX@KbkzYIM6l6ahF0zV0O9`GXIvw&X>d^YfRfu99@2k<$-Gm7K!n0B;3e4E$B#mjeF)_+`L91AaO1Nteg- zwGjBZz!w3p1bzkZHNeBb-vM3%d^_+`;A0oY<5>*+WZ-4M=K?PWUJtwi_`SfF0Dlhn zQsD0buLM4JQ9RBn;3dGX1b!p%tAMWqUJd+Z;LCvj8h8!x{{gQBe$*B5I3vK%1b#K} zFz`CyHv+E*{s8a>;6DVu9Qf~muK>PZI3DLUz$XKb0-pzbCGe|(UkiK<@aup-349gs zH-TRd{LjE|0KQ*IJpLPjKMcGP_@9B_1pJWFcse%&4+6gh_#)t|fnNvwR^aynzYX{n z;9mj$58zF}4_O?K^LF5;0lx!yG4MNq-vE3K@W+9F75MAG?*iTr{A<7uEQ`n44Ez+} zUkAPb_}#$kfZqeW8TeY@PXoUf_(#CM0sM^ec%1hEzZ`fA@SB0(5Bw3}4*>rG@NWYD z5coRayH~{Hc@X#sz#jsBF7SteF9Y5R{7&GH0Dl7bqrl$){w?4;fv*QXen~w3Zv#II z_+!AA0Dm0#9l+aww*h|w_&dO#1ir`8csx%5uK~UR_!{8f0sbWLr-AnX|1R)PfVTrb zv@#ygGr(s8e-`*6;LicS4){jk_XB?(cn9zofWHU)Mc|(T?*KlrDjxq!z-I%08F&fs z?*YF7_$J_w0DlGe_kq6({1f0m0Di!g@i<=to&|g}@L9lL2X0a^Q%Hx6vA+U=O!{*- z^}R-db9q22mKB*eg~CZi1D|GM;QM%@s+@J z`Aj$24YUB)e&4H;pLM`>`a7wS+r;=pYUJK$d^Pc%jL$p3OFl53>Z8r? z9mHocZr{JM5crWM3Gd%kz;#-mQ9A1we<$6DHZi_{8sqmFzmoV)#v6%`r+RJUZy`Pt z_)!q&Lg1OeR{@^@d>wG@;{{6JzQ5c0wa7>-kcs23OjK4*E8{_-XNo))qPdfgip?oF+*V|^3{mH;}eSVBIA>hYA zIuYPHogaP4Y+TFuXBmcfFuvkY!+RLd(9YFofblDcXVCGged_Vd#2#w&@hV|*>~O^m-v+`hNe#xo|$6QdA;w=LekpLB-@|l*>JtU7(U+%sIB*ki zZJ$H-_PvTWp4W1W{S(aoe6qLiL$vl&sN?c3v#%t3`yNAUzxh;?emb28Ebl(e@F3%- zoo;xD@nYha0@wLkL4KpaHM(J@N#`cu+Ws!GZv{?O#1lLLT-$FVd;4BI{qqFR()?rJ zXQ#RTf8fi8f6UU^Lg}Q_dCA&upJnV11+M+>B>P<88htR^*v|s4?GK{~9xK8W$=bQBHd%JA<(=RZ5J+pt3_-4lcNZh{1%BC|r zWYS5a^RwkEh-WeWGVub&$6sjDsbsvF_!`EKruE%>f$MVk5tYM6;5w%HMJD~Nj6Xo! zzHi9J{~7TwP(MO*oxUA6WdhgResqyZKacSfX&tc;xK8I&in9{9PA7}j&zcxtLcERf zM~QC%exeD*`*%BVYT`XU_8?=VeNHledjC!WelqZRz$XK*2CmckjN(}iT<6!0z1ITQ z_Q%q?%SOi65Z}sp8}S{CZzevD`cpb>{eR0M^^f}GFusJ=Cl)Zi8_oMSF#ZtnwT!<{ zd?VwBlz46fTNz(Kd?()pO#UqJThhnVfwKE2%h4l=%(c!=?6g|Uw?K6Z)W z&5XAaZ)f}$#Jd^af2m35J>WXOB^1AX9=nZyBiVm}`pcSY`(m6c}WN5FOb*HQdw8D_i9@6%Q0_kqB*y`2{d0@s?r zGGo7h@u!J5Fus}iTE_coOgbAGZ;lwg75H?6ynlB9p8@>8z;*o3Q+_jO9HV2;1^Zm! z)TQ&b76U&G?4!V`>*j530X`G#JAj`7yazaSt-P%Rz|RExFX+sukB(pe`I4=N!1ENh zpFH5y74tTg0H1A*)psNCvw*h(p98!TICZVOt-ZjhYvu8efa^csr1-}iZW7h`I>-F! z{ktD>hP*Z`cmVjkZD{6dqo_wRP#^MQ}0akGxS z2>2x63xLl9ei86$;1>g51N;);8-N!B-vazn;M;*;27D|{qUrcA2R;e-Lg4d&F9LoM za9t07L-nu$_!VHk7C3bsysaC7mw^2%z;*h6qx9|b$8`L3YWGw-!G1BMGyW*^L)+7- z+52sq@ZizrhvwG-4*_2VJOccB;LX5q0NxJ#M&RAR8-e!& zzX^EyG3Li^>g#6ULEyIl4*_2dJOcby;LX5q1Ktk&E5N&fHv#Vlemn5=iROon{|?|m z;CBKK0bc_=3jC|U*8#r^_$J_A1O7hnX5c%4e;xQ9$C@8Heto>`zK8jp3H)w@ynpk6 z-vhiH_*&qrf!_=KtH8D2v^~tm4Zyzv_T9km1Ktn31$g>#=7-ML{lJ639{?T#{!QSQ z0@rb7QJhiW>%hJR_=CVZfIkGh2l&Il2Y|N%&p6)v(D`}Lfp{|NXF;BNpQH_80aadrXE0sbcN1;F0| z-T?e<;A??z0lpFVkAZIm{toaRz<&aK+{xyLj=vjtF7S7O7X$w(@F?(~0dEDq75HZ0 zKL@@I_%DEunQVUOIDZK|3wRIk0^sifuLS-p;A?>Y8u$j_?*s1!{u|)^z&`*!?iBMw z$NyX4Ily~?F97~K;0?fk4}2}~KLFndd>insz&`}O1Na|-X9Ud;9si$z=K}8oUJU#r z;8Eaz2HpbvFTgv1ZwKB3{I9?Vfd3!xjBN8m$Nx9rxxo8@7X$wocog{Gfwutv2k=LL z>-MUd+N)0BJHWmd_&j4g5^t>w)J1-wb>f@NK|n15cY7kN+&- zS-|H2F94noyb}1?z?*=d1H27*0q`xr3xRJ3elGB_XT;;53w#prdBEoZKM!~{@biJM z0e%7S4ZuUdw*bEo_;%p)fsg%iJpLl!lYrZ63AN=s;1_{?HSmjpuK|7u@D0F=fo}nR zDe&#UF9SaI%y|5l1D^zZA@F&?7XhyZeg*I~z{9}pbIEjjUIM%u>`Q_7178e0Jue=A z8So(Ra^NB06~G&SF9E(5_)_2-fmZ_W0bT|Ccfbz|sOxR0-44uBKh#H;!P}>#$G1wZNR?^_G8YC=c^rf7Vu|)7XW`2cqQ=XfHwi(2)qsW^T4}+zW{tY@E3uP zog0t81Ngzfbva~FIphL=3G9o3zYN?yXKy!^#`l1?fc+-m9l&1!-UIwq-~+&a06b$} zJYTN?&jr32crozTfk%ORd8jk#wlKa=z2Sk$^(&V(lrC1^4Rz+b(*9LfQC&K@p(5H4 zm|R}kP#T!LxV}CxIYuXkFFU`e;na#~Sw*Cwss%om1Enk)&(ynakL)n)`mLUYUF0nQa{rj>=&PS6P@ghiI2 z(uT@ebxW5otEg$1;}yDORn)Mux}yA&I$e}0S_NYs^&Zl`C)d?ZuC6UBtqx3HT2>Y| z`#P-ZNp(dm2Sp82Rmm4#nLmH-f^g9k{U3|Fs3Eq?3eWd4G40~g>g5%=XI*B>B)_O3 zCsJBfS2$Pev%~7Q-lG-O6=e^{Wj;TDl+v6(R~68peY1~EqiciNs|$sXHN-VtSU}zo!2xJs)Kb#ST`@(+1XQ6V^QTDTKjuvk*MevP&_ako!j;pJtQvLPlsg2klLzo2Nw z;Qcp3v5RT*@P)?F+l{KS<;QJP-i<>gCl+Tcug=PNbox|Q7@BJio9rpr(0h5AI;^}T zNpQ&A3`gsFw5j~hs#a&2aAlP`(TWFItZ;YXST+emzhFlEY7wu$z)l~-PAn2TgYSAimo0;yOi@Ekg=(XRoz0?L)jCj2MGX~K?{ZoR zCAJHJl~)Kw=30Z#nxc-{vK9IHssp6DI&+JrVs3Mm)vl;0oUbhMFVH>5>2(#FsNUj| zin@xLvWmh5;ryJ2m5~b7isrCZRMp7(YgA`KtCjfFiW=Sd3Rf*DEUvFBYEXUU(wg#c z;kn+QHMI?4RfkpIG+b35Zde{smeo~Pc@9(uYD%`Ep6jyO8r8vEUe-{h5-Tj4?)A8G z?bg!z`l_X#A8%8B{7OV zY(J>7|C~FqQoF4By$#Um)#IO(+N{sDM=ZABqf~gRkksKeTd0fJf@f!YCWV%m@43+Ar z6-lmtk*G~Vk>rMp3RwouS0{~K9Qx$cS6w^k^ikAM-LMNozs35@=*6`lydW4}kR4v2 z2fVtq#Z#U>hkj08d`C$tRJDhF&XqR$d^OvlhVO~dk3iW^t5_CkSSg&lcX6Lit*9x7 zeviuFl=virciQx(q+EK7zI`1vtHH`;SG}1&8&(uu)Vr1gv4^yar97>yx}tRO1lKMf zk<(N^zP=(~cTfhE>@J3!on2jfjhdBQT)SM=5aS`%p`Ed$w(gqJy7I#L*vQ7`x4bD1 zRhO~{_x)6lkGfSO9r5(4n)-^m1~t*5&l5spoIPFj_*hqPM)+LS8?`+?6|pp~(dn5E z>yVX8nOz`tq;_#nrpW+py#pjQ-LUayCedX~Py z>x{%l{v+bzROLdAD=X`2uZg?S6}hUWp<-!WX|-uVN>x{Ku{WJNs49;{7&G+JO5KWz z{AGiZ-^JEs+Tx0(RW)$Rw^JP>-FC$I8c9$#R`!A~bGI$2?!VQ&IXPAqO5$ zFqKK+A@lCzSC^ZfP~H`7Lesr>Z}vOV*oM%J+syVRh11O=#UR)mG}&Sa0m$jgQnq)7h%fY>PcN z?n{z5Iv4xxc7LQ=o@(qeRDlkejL%Mm{V}9G$=;~(Unz<23$>c8_Jy9c&re}r%z=H8 zY*)yki=Iuxo$^k0NLk#)J_B;!4xMUg&Wn!%you)g72ZU4tY)g|FEfWdto~f`NpDyj zP###*HyodOudC5@e)g#hH(Z3YkPhcjubV^+g{&{!G1CSip-jCw8k^5iTLaKB#QLEL zr=L-C2{lr8Sz_1Ds0yMQeQXLQlI(ucck(F$TLQlz! zQi1x;Nb5PsQS#~46)aG@zB`)!>=8M7+47xW9;IxF-5r%ZI8IYu?i=dNFDqtKO2im{C4?dficd$(!!#2=l>e*3`_cveDG2 zWowG=0IKDb>e8|bbq!8ULwI>j)z!-@3eTPIb)x*HE!C-U$mw6TeNIGW^z+JxofrQ6 zDuk(nNoIGw9t5_JBe43FYx`=vFRRlw*U8G2FTbo>pN-VGNSNrE=3OzOb~{~xCUyG? zSD0%y2VJN#dWYQ*^;6|`N_M2GqO9VYDm4unTgwPH6g9+hxWcDbF3c18ihKzV$(&t zP#trZl}5w%N(q~zkxIL)G*VhtWiA95;k3oRv_5B#;E|fGYIdw%4_?|BiQ>;z_Z!3) zZuGIER-^P)ii6h3)nezAaClkiRTbtU!Kx){){<`dh|OCLr-jg+SnsmKSSmUUb+u$L z91^+*Bav%0tr0I-?-EHp5c8%Zq)76MW`&oj8Jxk#@M!fVeI`do=8(&tV!LyCRYzSM zs!Kb6h1eTYjg+)DlJo>6iS)FTw+gfiXCNuv)J`#yG8WOGb4WIvLxiJx$i&=d6~*LK zQR!(zb$yY~w4wi+QQ`@GP^09xN}=|TcMrkv_m5A?DeWO2t=>moRD<@>)FJm#vgDli zl3#)4B^fe}5xiDpNI%}Z zu^AAA=_0pyLBb8i;wq{tZ?o=g<|a}-PQ=|AFI+vOR=dGlYBWcQuGu#6r1j7tb-!BZ zyzVz$b&+C~F#+GVz7fMBW zcv;1=#mko@z0X0nemYCEUS^9P+P{%mo8qV5QJQR2o%C>B)zZoaHQp8Pd5_nwQJWc5 zcM_<(@Rtk`Lc+Y(sKud%TxtfOt~TP`@$VH#{Gx0#D?WIZ4R(Bvu1xw4L%PpbAF0k0 z>)yho8aU;vR;4Ih@7J|8`>#A~@9iBgE0IH@YM(L3D8S{;vL#acc zr|hdMqE%(J>f+5vWtDokgQ~)I)qnVxDC*`{UueEq^^|kkk#wyn;hKX{D-PX5pj&)Cr}EEH9`V)@pVr8y0)DPLOov)lSD`K> z_fE921wfyW#rdSsYCNad;k@ba<3eRPQd^(2dVQV+scw%Bs}(wZ>)YUN#^9dHs8#lC zy+f(IymO&XB~yo<&n{*i^ihj6p~PbCkyi`7r?`AxaX7YF@srQ!oy7gudR668w}*On z`Fode&07}CA9C?FA3K70$%2aBXB~B@JJ-~?*j}kX{ZvR37GQmslZQ$iE`t~6CQ zK((eCgjHO<{*<_qi^KmB%8%;ekJ4j_yk)i6%BJ!IlcM?}jFDU=v}eAdE@IY87$dl= za$~EKdOwZQ%4Ci@O_taCEl#Qo4RMc|JqDB&Ut1h*!l_)k9HJ&cA%&+h02Pige4N-(y(unS46fu?@iqnT8)Gtjikip`j`;-bv-IN4qs zXDjj$jkz=z?$la~3Gn7vEkCHKadxQd4qtqtS4_t&VaBQ}W}mgU7S@BDPXC_Bw z##=qa(|$r`{8BP2eX;Do(dVZa;s8@;b*BT&&qczj(NuK|>1hzXW~B0&^ceC96em_)@yMO37lHYa3pGSs#Tj1z)TaR!kHCc5q1F^f zZbeaU=gd-T($W&w*`T!SWv1*_;-SjR?|2f5#Vo=NT1s_oX7S`T#apiRX6RSIVJEcU zQtc5dNBnd&cmZ*!`)TFG)Ddmg#`Qc-WkuOlYW1cjf0_5ZVQdKTEGQIR?75jf6V~xE zTvny-m=jZoon|p#>LDaU+zgvNt-NXpJrd7bbJSNVt3Hvw7l}pBd)HzJwlq?`$Sz4D z30Kjnx~+PzIjXm&pJ!)l08S6@VigcqdDRtqYAGwRLuz`VaH*cUXh_~AW`$Z;5YydM z{ScJ_^@ORx#Vd~_qyoy%pHWWtPI`6EUdJ#fO;sLF&*1fDVq(kFiA&Q{f^@S*?0#zX zOzNeBT&g6f@8Yd)&s!W+mtTa{rNp~%uctces-C)D>$5vOel+MOmk(pnTAz_h%gYDd zm#U7^*i4w;v%c)DCi*B-dsdBxQhILoH06?t!DUHx^a9eyXk>YVTQKrDQjZ8@%Rpvv z*p`wxF8FN?rZbg4bq22K)-;q>)u_ikdE>oUHB^te*Nqb1uME4Nb$8tZ@s^m)i3@Ak zD9$aaV*i})I~~qSt(r$a+nb?|9S`xDVQ&G~9*d(}LG`5&%WCVTC-%ky8{q>r@x2EB zudV~}+G6iwl>ZmmkG-ZLY4(S|daXNkdKFmD+{N}~ypqLQd$n0j390!Y{Uo?j^|bC? zUCTC)3{E_CsWerq;fzJsOZ^vnnSyu)>8>3c>KP_g ziIsE|dndXxpdZ@dEm;nFkkY7iip-gb9*pfdk1c?&@Y&7M3b( z_Xex(3tgBQE-Mw!HYN?9I;Q)9s!q&T-=;>W4oi0UbG#3Ciatj4{-c#=b2qWKNIyjV zPo5h!S{b^EyA_L`wlhyRvb_i0_$PFqQ`lMNep+_3UNBssUK(Uh5PDJ8&UEmer#B)| zryZ5E&+Xt6Yq_qouJ_Tp925SXWYvtgjttpCVn{W8Y}Q&ODvu3@$dJrgxg;ynmbEl~~cQAX-aLdz#+ zl0Z$&s{YWRNdo09H*p@q@BX@BWmNZ1U`>o293xztaEfobnmyIG|K<;8f^QgA8Rq{? z$$QSt5OC1SwK_^iWbw*-;8%*%gTu)aRiM;n4~OF*Rt#!i>FVkg+At;;^AnzwpU@!{ zr|(8A)?J(38%`K09@it>a>nNd^}30g8&ubP47%WYh{IW&aZI?3B%~T$q4iHT^Cu=u zclo8<+W0IrC9Xw=)X7~1X!{smGo3gqsa{y8iXb*C>6dEKTV~i9#xEUg?s8Of=S?~d zqq*}*Ki)>El=Z<0lUjqGIRY)3Uver1y*g*6gHvm?k|dQG4YkUtT8rswZ9{iUZN z-la8zyDq*>oKL#A!l4tltM06s5Ly&<8o!`uq*oxlaeqShB%uz$5hbqzsk)<=fZ}~x z)sKwre$&U`z5mwEf%bHTWqpKI#2Dk6AZjeywvDHg;^)tV|443Ux zNJCs-hJ~8igE7QV249`#mAUz$N zpUCyJlRjI-YYn8O8V2=BiJIlr)oQq}9}urz>8jqRxmd_-Zh2LGL#clI8NJ#pdz!sx z$KIy5K;3IMXiZpWG2!)UdahD0pQ)F_)-D;|!GJPN&u zGIi-gb=fX0M(9C^TDw;b(gJ<8t!gHvTU1peX6{q;ypF&VQpQGT5us`SziTw)tm8 zpD?Au#;59#S4W!DH9>N>RaK(IHQ8a!eCmZ*KI5iRR*jBor)W+!oISd;s=5^n@(aAY ziB+#DQs-&9_{+O2MYRnhbMJ%KB$_^>8kXvpX(lwy(7zjrUC8vGw?#l6Il~{6iSmcv{ z&5STG!ZE)JYa|Coe!&c`yxv65t`CiT9OmmAFVtj|spzVcM6YY`21j-T>|fXYQjJ$< zJ<%mpvJ}VEgKj8GxUf|16ZY6isgCO%tOxfgz4l_L#VILqsC_A|K1pe)!KsbW>;||7 z)$Rh7)j@Z3NoncpbyRwZjg=Cox-KQAsjHxg%o{yJKTVZsY#Cpz%d2;v)z+!^g_zfJ z%VXCWwig$(*B1{a4qjDrze@vQb;g*k9_>(GyDVHoX*AJob_e`eykKSz-@G_bDy!DoEiifFr(3c~PY{=+MI>^+s8GlDlqi?0^Gz ztZK|uyo#7^d+p*YE6N(w6%oT3ap+EiI;-jfUAqgZlf!)Bn9*+|8&2}(aN;LCHSy_n z!-qO04rlbl-bAJw{gJqdxx9iu6jP-f44+j?*U}BE;LUx)e!Ezeb*i0RHRrD$YE6$I zS8aB}qLvCYv0vrW&5L!NQ@R)5|7h_^-m!1xlZwikjnnjDUO;vy=XJqZldRGgheYCX6ix@I9h=Z$_TL3^Qqlm=s~mW-w|rxjo;l$6>M7~q znFFcEIaH4r+cZ_-cXet&a<2zPcDZ%QXl9lPK`SsT5 zLf-gMlB*}1)kD*&^n~;D#Z~21b?PLd?*D<8cz@Rm*%Iv z)0;YZ>l!s%|ECTV`I+>o2dA#AFRLk6*NE>z-_o01^(M^+O%B0j0Y3dr)l=S8-)gSj z>$R%lh>ggGnp#vxpJR{88_guN0qo#Yoqwk%EeU<7WCxMzT&wH0Rj*NX@ARu`RH-Gq zCU;Imbrtf}D5&sU^{1+eY@JuXifuGHCcJROHrwwE0M{Py)3JZ6?Uz`>K8rP7d_vey zt&TH(O_J1dQ)ijosIK>uYL-u}s3~1sT@kKYQdnGHr*@iZ_|+o#;;IJkokY|P)h2}t z!YlHptthQtu3uuK4l1**pmv}6FaCIWR=&P1zq)ix)%0YO!hX3|!$sTndyk$;JQu5i zkbBY6c|=V+*@>N`-DFAc-w#fF3hv+ztC(5}9bHkEyeBKk%mWvO=&Fv^S(eY=KgeRcagKmL3+)6VMgyw}j`IaZb9DdEDJ@``AfUYk~2Z<=8995?+-cZ=c= za`GMvHX;KqpUdZR{I0?GZ2(k}`S!)>+#yx?p^sLqTB?1NJM=>3Owz~nCOr}!b)r{( z^$i)iw$tS&b~+&5kyD*BhnsO&#l)?sE600!pW-i!HMA{d}q+X1<#K(EZZH339n|i3=lwO}8 z5m2>yI*3h0Jx<1&+e&9@+?-2P4O}u=H7n6*ShXqjdip@UtuVYI7?`Xcy06a;fyp(s z4Hc8mIsc-Q)%CDtSJCgKHOnVQ)Eh4<>KbhL6_w#7b*0Oc+og52%Oio2_&oouK;S?j zp*&(^>HCE-fxvrT2n5uZ_p#r8`gvrRM&DZhx7}0MFA((o4*G?H{$mGyxuE~MgT7kO z|HDDwKzc0yUpbV2qu~Fa4*r`2{jVMTHw*fIIrwiOJ?8&?2mk9yKaRe2{rioBzC(!r z8kL6n&->VKzxv-vb{PK$4*s_Y`rkU}djx&2gMOQ!|DA)rU(o;FLBCVbf8bF5Y08)W zVEO;S!T&fxzs*6PDd<0R&`%Qde{|623i>}e=;sLfJ_mhB(0}BhUnuDR?4Yj{^nY>C zHwgOe4*Etx|5pe78bSYm4*C{B|2GHydO_dspl>HVp8r2~(02&_vmB29&4T_!2Yt7o zpX8v|=PLcd{7-h!>$ZmLgARIKSM>+mzo`!T0YU$F#Z(gB$A0^r|HkZQ>@ff3d!()( zOL~mI!6E((!GDE=|4hOEatHsD1pPl8$}d;Y?{Lu15%m9b(1!&5Cl30Bq{sbV?@<2b zg8wHS%0D9bZ*cG*75qQt;D5ECZ+Fl)3;Jgq^y>uu^A7qpLH}b1{YF9m69;{#pzn6j zZy`O_zfT?N?^eP8PaXXC3i_Wp=(h{{UpeRp1pRLu^kdXmO@FZc{k?-eo%C4#zje@O z2>$=zpr0t{|LC9(3i1ERL7yx5A8^pm5%ixq=tF{DpVL(m-p79Xoxc|f`hPj-D+T?( z9rO)?{yz@-MnS*Uq5WS&daS?qI_TF5{?i@wt%CkQ2mJ;i{x3S{Hwym8Ip{kD{Xq`; zErNch!~X9P^#66xZxi&NIq3TZ{r?>FI|Y3}wdwY_wcmcnZyFh3`~3w6{Ww9tn}a@6 z(C_Y`*JCaH!T8T~s6V-aevX5Fj-Wr=K_3$Ig%0|Kg8p0weI@C!{hI5bj|l$fIp|jj z`tu$1O@jUc2mM+>A9B#Qk{-)%zJtC^&|m1F*JA}<|H~Zon*{%@4*Jc4{!$1179sx2 z9P~YcevyNIo1oWo5`<&le(h&J8RGum!$Gh6disOPFY{Z~8a z^|_w=-^(HXOu>J|!GD&ZzuG|`Bt4d2or8X+;D5P;UY~1t`K@r!>$ZyPuW`^XBt7o` zl@5A6SI7Nd>!8>Bn(ME3(618oH#q2<1pSQ;dOcR)@i#i?bz7@HSpGLT=-UMUH#_Jz z3i?|d^qqo!wS#_(pug2Y-y`U6bI@-S^l1+5SHGawbt={K$4)`Nw}bz*JqOpHeH`@Z zf_`5IeFo{V{k+Q|{}ToOUw69P|qW{rwL5 zg+lxfIOr<{{Wl%-4T651gT7JFKj@%eBj_J;(6XxRLEjve}jX*SI{5mkpJyM{9km??-29{Ip}u^@jvH~|FpdZ zpFdu3(5I6g+y56G^y3Bp9S-`5g8!Es^g+S@IEV7j74+Y8@Si8dzsW&APw@YWgMNYF z|5XQliJZ~(Er>)UqE{L z3h3*X4|6F0kl_E94*nMkdOapjwf9PISb84yX|M7zVBOLrs6#W0w!GBQj zzr#VFEBOD!K|e>(f9jwQ3GpB4P=3XN|9?67FBkm(+d*F~`2UZCJ}T(-oNTJ~Z?&NR zuY$p29e<=-Os-_2qCvtH2e?x1fM;@8(ir&@j;f`2`yovMDbpx@g;-z~(ykAuEP z@V~Evew&~l>!9x!^ra5^okIQ>JLt#kW7>agzxQ*{r<0yeL*DuO00(`B;9sw4q*{L_ z3i<;b^g$v1FFNRR1^*Kqj-NS#{vZecAtC;w9sCyy{=eklzg*DkHKkPdUqsL!>Y!gG z=nr$yHwpUj4*IpE$NGP`gMOXh{|EDCGubdX{5*Y|6~XKIKls92mN@#|0xdo zEWv-!K_3+SXFKR;3jQZL?7umJeyW52c|!a-4*Ft2Kg~g3F2p~>L0>KS*K7Kz9=}mR zf2>3KuNL&DIrwiD^rt)M*9rQW4*E7he};p8qo6;|q5L`p{h1E_w+Q;<9sKtQ`YZ?i zHqztyXSPH9+Xejz4*qut@t@=1-(EP1?RTMrek=)5Ki5H@K|(CQc@Fwa!T)&<`bmQR zd9rPj6WBHxvP=AUA|3wb|%LV-c2Yp1)U*w=)CFK8N2mNZn|0NFk zW9PJ@;h^sl{D&R%TLu3oIn@961^;CZ{`&-d zxr2U(ps#Sy2lg90|FXnEKUUD|Yx+{{KV^^}_y1A{eWu{Q%0WL#&|m4G&lU9gnGC7s ze~zHP%E5m~(APTX7m^;!KjNS-7xY&<=&ObJ>m2k^L0|8nUoGex9Q4hCez}8wouFUg zpl>5R?!Rjs^zDNGl@9t%g8!Qw^qU3$H#_LN1^>4==z9eJs~z;)1pTcJ`hG$G6$kxJ zA^%Md`Z4K|hxCbQ<#J-|uwLX9)T=4*H2g{C7F%Ckg()=Ah3N^vw?XIYRt* zJLu;L{!ex|{}c=Q`yBk23-RCYpsyD6-*nJ72=T9T&^HSD2Oacl1bwT6zD3CYBM$mj z!T+NU`VE3!-&2rk|D{8S|Jx4wPQm|U4*D&E{&5F=kDzaJ&~Fp;PdMoNNss66Cmr+y zg8!!-^kWVf-2Q*ZK|hxC*#3XlL7yS$+a2^1h4?2sw11NX|Ia%3&lUVX=b+CM^cx-Y z1w#DKJLne(`WGDZC4&A%2Yt1m*Y^~q+WtfZ{Ywt|)q?(I2Ys`kKgFT`trPU$bMW6r zdTc*lanQF5{(}zjZxZycI{5Dr^xt>TZx!_Vp0ZTyPcP}Q{C?=5?-TStaM1S)@xSJv z-zn%{chIM$4{rZAJLuC%kL~}D9Q5M_{TmMYEFu1Ehx!{7{J-hof2N>+%Ryft#Q(N~ zJ|yV3IOvOo_xKA# z?x5cw_@Cl%{B#KVsSf(hg8qGn_`3!DZyfaRlOEgu4;=K{1pRLv^xK8_^*zO@p1%eJ z{qG(0W9X$E*na=PL7y(@w>jv?lOD_ePY(Ktg8oAX{Ujm&KRW1h1%01`evY93$Uz?x z^nZ5HFC;yd|6d&R<%0hlhvPpY`2U-O|ES>qV+Z|eLH~CLeY2qdhl75dkpCSH`t^eU zPaO2^g8own{U$*_;Gpjk^8YUfeYfEM-wyis1^s^<^nF77J00}>g8sh_`T-&S&m8n) zzBsu5|33%)SkmM9BcSdHPWAkiA?W8TajN=>f4&n2mcY$WBb3C!~Tm3{>vQvuNM64XNsg+erp8(UvSX32>$nW(6+-0zbJm_GiK$+7>^P)DN8|*LRcN`mq}7mfD|z>FO^p|14uxe?-jE{K3ou z*$R94XB+yKn4DVwI{z;T`49Q{|0~6R2=mYLe}#{J_uGu{pd|V_(zEabnWXQb>+o$d zy!@7_4buJ(EH(MJ&mqzIe?`duwd7wv8x%hS&E^+#@9itJYg0d@{kPlKjn&C$Oty&h zd%`6BDJkmrQ({TKkn|^@GxayiWIN_t)Y-xU1ocS@=M2IW6W{!dBb-@el;k5#O!T9eZt_D}8>z zkM@Nh{hl7pxIW_nW0kD_U83|-{cEE9+v8O4|96G__xkwHP0|0aef+ly{(mO;pQm=b zl>g!s{hy=sQvN#x|34S}xBB>xlK&HNXQ{tcb`w6|^zq*<`2VHgf56B8qbcU!zSEQ+ ze|>^~{r*^c{MdRiPZge2{;!e$x`f;g&i^?|FO`2FVmx8{qu*c3{omu`Kj)jqakBR3 zE+79<@{jG0e*Y-<|E7=sa`K<-_|wm6SN{cg`L~gOTh99U)9(-E{%5FX8c5~8Iz|6e zlwR`RDfrj#59R*v^YOnvMgMpE`0o+?>-T?h|N5CEQvNrS|76FXeWnU8|9-*0e*Y); zU!(>elK=lp(Z9W?h5Jvt+IYhKuiyX4{p)K&B>x%fO#M$*|Lip}+<&IvU%&s8``2?K zlKUI0C-+!mfy^n1d`W2AMKkq?fcNp2*FW&z+ zLp^6i(qBgU306qoT%W7-(*8@YGm+Xjb^QAMVLbjjef+N?|GfXp{om%}KTGhh-#^9u z>*vHs`EN_n|Id8<=L!Dx`=_}7Of^9u`QJ+Zk7MPpZShm>qyKk``d57PnGYE+6VRFZ zo0orw(o6flSjfMA{}j*vzUn?%DgU#{e`6B=dn&!;KSKVaq}TONzdwfizs$$~Yvlin z%s(&x`+f9VNxw3QeyvaZeH4EQ#IN7q!s9 z(o5xEP;Vl|`1Sh_c>EL8eHK#uKPCUCqciolN+RJiUg;(OZREdzto8oa?;qg)zwP6H z|5hVR)_-dC@!wDWvHjD}kLUjX?&E(l`9Fi=w_iN}fA#U7Mi1b`{Ojk(bN^SU>zt+X zuO|O@TF3Ow{a>o|Qu&9-KTU&r_pj*ZuXF!z`uP8p{3olwN2%-dr1-19jUzDQ%r+oZ(3;y-<8@c~OR0Waz-$4E+V`kOg+7>?tD!r8dKEZ#c;J?Pl{|54( zZ2wpJ_z$cwImP|2pI^rF|AvqMw^H=~nvees!M}cf5BHy;7MP^+?<4;cu&~wNDv5;8 zZ9e*azGcjk^Yo*-hS}?*XZLvD)`s;|8f7lKK>s~(f_Y~{5K2!_5Bar z{~2n5N-F=i$-g>058kjG4pFSHq_Z=V1Aef&2G`9D+e|Cx{f zO7eek69515@!vuIOGvNx|180O?V)n{ze@h6GykkQ2Ch_ksr)lm4&MJ~3I2cT<9`SF zSKaf35BGnmnjn+v&zQ%JteFY;{#&5*Qv3xJewUEU0>S^jhs*hYmi!+_di%wSBe2*<-$VLj{hvijFO^@H5dT~u{^x!Ck9opG zJk179-+ceI`}prA|JeSVC-^^fyj*^#k^f}v-#De0@}GX4*?;K&0>OW!kN+j)KUw=% z=How){A2yOQ1HLj$Nz2Qe{quX|C*2gVj=%Ug8!fU`0peC1xfsO`}l7n|5mS$pNjAK+MhI~m-c_NkpHmYe}RwxdF20+gxn79zhB_vzfKtss;a7`uHy)|HcHO{|!R^k33q=|5wO=viXzS zee@6b=v4>_pPfGX4Wyr(U~OVW^r_NI`ER29{U$M$Z4Q$iGTH;iHmB z_!KL>2>_K2=O1T2B>2Bw;N%y_;2^o&rVVQA0K@&>C2Mj{}ZK` z^50DP$Mfe`g#1?@FXw+#it)eiqyH)CYgqictnu?prI+IGq4=X@toPp?Lj3cxQ(7x`Di!-S7YBH@#Df*k)g(uWeP2iN~& zlwOLzm*Nlpf9$;td=y3UK0Xt&5Hdg_AVgFMD)OR2KzRoZ%IYehQH-LZyaquL5E9>! zV2Eao(fER*f^xnfDk>^sM8E(F_;$v3e7i&MJQL$-e9tM$|EcbpnV#Mr7Ciml-T(93 zPd3#vUDZ!jb#--5&+IPClm0gt^uIL(|A;4~-~mbSZw$fDoG<;S&L1}#@M}ZxPhCJx{-4G8%N6{E2K<*p@K1eG3MT9S%^~<% zS4sb?_TOf}&ppI!|9y;~Z2fXii2Q1n-$xs8P$BSI0(q1F#!CCq~OI#@ZSx=pS3{Zk5};TGT=`? z%xr(h)lv}CL*S+R|6ItM?5|;bb^I z<70RPUON6SA^29Q^uKEVeFpraL+}?f{;^5oe<Cj8>76YXDaz`rsCKc!0I_X&7Ear}J|B7X$SXC#q75fhxL|A({uz$Eg=L*8Wn zB7^-a4EC=H!Jo_c$@1su-e&zPSw30(o(Or9{wodoKW5N>NeKQL#-E!jJq z;-}RBv;PLLe6si%9U>oN`DF2PBIHf}A7HTmHG}>4gy3Jr_{rj@F+~0rmQNNx--hU) zXVCu*gZ};DAXEHq4AEbY-)lqU-(vY>`Lh)ACjU=m{V(CsL-WVm2L0a)!JoZe3U&^R zzQp`7V367Vn^|7(Ki&R#i2O2^PiFrD$eZlnZm|D7gZ=M>;17RJ8m{Y)CIYWPgU$Az z#_~f0+>%#4)fe(6{l{FJxc>Rjp#PE({9715+5EpK1i#FH{}%)Pdm;FLXM9W#ftTL@ zZ-wAj8Su9o@b@2L_J45d5akOTmsw>@N<%j~Vdm4fyYc;2*^JdiOV|G>$ftrMSF0Frh@S?7|K5PSY5Xi< zd_Di^@$+g3ex(8b8w396VP^a<8DEcI%}nb=$eZl1HpI_&2K>82@UvckQ}JpeiT7W} z|2#zgP?k>?|5J`O+kXPfFZYmTLC2o}d6WIy*nU@@#&08pWmfU;|EC{g#{Y)#_5RoK zBak=Y7vGSWzkV{{Umk*g^k!*qGW?4|@K+k}cNp+L55d2Q@h{T+Z)?Y&hTv~!e0BZ! zs{w!VaI^o@wn(6{8lH|n4)P}dkExXYAJ6jC|MVqkdjD?R6ms9FE3c2mAH zKL!SJvA%x1mhm5ijQY~?kAb`iKgRguS)S}~ zWx)R~1pn~YBtgk}wm(v%^;Du`OBK%AP{uRfY?Z2AwKWBND==NU>d6WGO zjK7=(3BR=g|KJnM__J!Hpq_tp`#VG4guiH!v|r61Z4LO3hTvb%_-D9=Gu7>XFa&=k z}9jxgI_%lNI5;I9gi|AFOuB$0m%@+SXnH~4QKgZ|%!;Ag)sf%WSrz5kBG z05^@lKD#M@Ux@th-IV__ME*3EpO?gcb&xmtuaW(y&i@?^{#!N5Z2voqpX~aj-HB%T zPg%Z?roZn0y&!MWf7b1ZEZ zb^Mm6nDw8@^7{3=E}sT@lm1z(e-2wu^Jg!E{uLqkD;OW$6L{(VFAKqs8Sr}>@M}Zx zcQ8I(bE_}y(E3{l{v~ez0h3;2|KSGw`J>JLZ+J(_CCi`Bhsf__`9884@4w!E&q3bQ zf0auTA&qE_}dKlLk;-*V1t+XM8AI6!uYMd$dLuT|7L{9zsK^)^2apD zoBF?j^;h#pu0j9TL-5;ellmshAFqVqXWu2`U&TM#fS+-i*?&_QKiT}14tbOPc?SI9 z2K@XG{Kbr~$G_fx&xOdZVEG@lgr^-^YeMudX8qOsAIBN=AAGvmfA@YM`!8AiT^}O< z6w4=zzc}Pg{$KQ`#Qs0Qp#N7P_}?%-t$Ea!?!V7N@V7F)>OcCfc&U}YewsGM?7w~f zx_kaxA0mG!%VT>a@Y3~v2J$BVZND#Z{y52?e{Bfop3N|E>zZ>!<|INBz`p=ao{ZBRM|78gNPmGVtyTD8D zzq%0o@yin9|1<;sp=X-?ckIU!7U?zc((_MO$eZl1G~kah;I9b5U(ERZ1L%qI^FRoG zHREToJo*1j1Ab!&{+o;s_Xb|N{ojV*Z!_3G)_@;9%k2L{KasF{{?z+_S&00RERW$8 zcf8z}LJGenWZR+cfTNyvu`mrhGP560?ulC;r1OB)W{A$KO zMl)FV-q+MI>D^}qb%Q1Hsk%*%&`VQ-lYHb zhh+S!{Wr&;|MMaEuk5D&LnfN_|717y?+pWgr7CYkl` z$ntvr(fwZ$BA>(Z`uNx7%OG#EKl9_JcIt17KHe(RtmK ze>eoc-{%rGH-Mh#|79Wg#f-1!|8fKVHzD{JG5!)QVd(b%GX#GT3IqP7Q_cQw z`-L<-mc;%-$eaA1^;n|+Z!q9*48b4E_{sdgE(AZu_^SVJG~lP=1|7Lrzy4Uv_{r7} zCxpm9!Sc!GzZ*j2Ygqm-N&J5;BM zuay0-`u{cq{+~ne-)4N>f7)=cUJSusWWc}OfZz9gv;E&PelN{_9sjft`2)U`g2!s| z`uIH=@+SYSWc_0-PyM&pp#R1Y{HctO^bmOI`mYPYZ)E)OEKT@#8SrzaoBj71<0o7H z90GZh{bL?ajGv_j{1qYisb5LOM+U4<%-;`$;Ll=w)&KVx@DIAcY=0i(cTR$TUx@r{ zmUrh*w;4Tt?uNX{e^so%D^LA*zd`?&GtBx=WWi+qOM|=#fB6%#|8iJy!hgVke_jaw zql`b?HJqs)zXc)q+YI>hES%KJ-#<^CX}13x#@DYubpJ01kx%_vDm*5M{_`Mj@?YAM zQd2elRv7e8n`PF2EaUe`g5L!4Cj30cSM&Fy2K>uI@ULe4Wb?;GA^1}b_$v+guY}+~ z!uZMd&$fi%7c+hi`;X%H2?KtI3(fxjd^hdi8}cUquQb@d%78yL1b?q@q~iMik3N2? zLgWu(`Qcjp=<)w#i2hp*{(IV>f1BB6|4n85Wcl-=5cz9az9EVJ7ee0T|3=o|m8bq+ zW6*zN2>xZ?O5kMqb6p62?W)B5xz>Q6GRN${&5W=2pWgq!gy3gAm59IIfWIIFKm9vt zf3o{8^B`~Xe~j_f{8MefeHGnClm9ANe|7$N!JvPA2!87KQt@Q-$3H^ww;B3xivfRFk=cJe89&+jc?jf9_BR;t zUo_yK7lL2N_{qj^K?r`@YB_#X|G#X&-x`8n&G-i=iJwg&_<4-4&R?$@@FN$Q{r?Zf zACLt9$PoFCKS;q|n!KKW#)Zg_V)>p)ssD@Fel>r*Zm@qv2>#`a-!BRN10nc} z4ES#v@b|yi?El9ZUyncCe_4<>*}u}z|8E=cOG5B}Vf?;H?7uPuf4jl{cMbSoh2Z!3 zQ34;R;p^*<&qMGV4fyXF@CRRF_J2O(x6|--|IZ4MKcD5tB#}QK@}~aFd^$0Id}z@B znGpOy8dl0HQWC-%Xdnme=EqF^dH0eXR$o3pZ;ple?kcUcOm-g{r^dbeA7k= zoNWI3C`A8R2K_%V=zscUX8+|dexD@%I|cG4|CJf=|8Bs4B?NyW<4@M`b^mP%!C%Vw z>iqE!1ODvG&Gv6*{AALj3N!vUEPqZC`!9#Q$^SKMzdC<^Zm_@kTr+;& zza;Rr8ooaMQXy}`&#IE+zmnx?{Cr`+za#|zea25V{u@H%zhL=f^KX5K{>xeaEJgpX z4EmpQrP+TSev*Pillbop$ea9E&G>5ker>@2Fa-Z}#!u$IKJ(1_pU3iU{J3W5MHT|A#~HpJ4o1E-+I){+5N{XFnt3Z#>IU{QY3SKfTy&{{cTsLAU?8nS|$m z)`rLrV)96W@M{@g%|A^H_(znO`|k(FPqu$r7$U#_ zFVbDYS4dE2>uAh@0X~!TuHo{AQ(Q`%`|Ej&Gy+KSet}GemxGmdEYo zz)K&0`H+WN3I3~O{nh-LVbK4s5d13{U(X-9{@;ekSF(IwK>Nh|e_w{^zs;b3YlHr| zSDXF6o$-_1e;o{YlmD{U%JDaz^{4#X)_{L)2!3p*6zrJ9{;eVMQ&>J({B8=-znJw` z=a2RV{j;wz`|nQ1Z>8z4$KORE@(;3nha~c!hR8q9@&{`2di-sNys7^d8SLNJVE^f5 zX8UUyziSfwQy_1`UunSK-+=#O2!5t`D#o$~CBc6_1b-{ztNF8&0e@25Z2t+2-&X5z z?a(?0@+SKm8Gjq=PvfVv0Y4oVXw;_u{LeYIL>i;nuj5A`Z^ExxmnI}t`wukWj|{x=$zeK_BZor>eZtnk28DF1&^#1=eM81*bdnD0+JLI8O!u*;2oa{d}e;#VkzteSQ z{SRm&HGMe=eh0{#@CPuyI(~W@@LvtV|0m<0rQz%T+ZuwOSuO1!&+;^Wa}4-LR+#ON zrAnkjli&}8yvhDqjIa8?j{$#42!0{sAEe>yy|4}!X{Wpu{ zk98f#RF{uI-sHcm4KjXJ{|z?izc>VcHRGSF;p_c(TL}Jm#vjk})PF+___ZPU9h*v| zWb4Onm1h49Vfke1#{(g6@?SOUua3W5gZ|fq;9nS`zwW=QLh!d4@Q*g&zZQaD$@s4R zZa3=jv-gc=|1D>EJ$`ll^Frj;uza%puMvisth@+SXv+mtx|M;P>Pb+cLj7=Ll1 zKK}Ine>g;b3d?ub^w;H=LEfbQEY{zRU&_v_=9gX`+qItCyW1nkVmr#>*q@t-|c_0 z{|p0uX$b!NjPJ_3ZqWPx)e!k_SUy?)Nx#i(e`>n)bh7zB0(q1Dl?MCIHrRh>2>$tu z-`h2usowv$hTtzZ;Eyxlw^?Mie=*}HyMAZ|d6WIsj6a_Brv9H`z%K~F|B>;NT|bNu z!Owm{j=wAgf06zUSl%Ui{CyZAA7lBwT|uV0{64pv{eL#g$257p|Jy$@1SI$fMZ=|5q`-8h;lU@JmDRw=;gS{PjVI{5LFriRM4O z|K17FzlQb4@>;woer6f;pM0m;f9JK7J(Vo}H-*U0WBEKyf4%?LL*C^7@mmu6e~v-_ zHjB;rzsC5<=HFJ3H{ma5e0BaWGT@I1!Eez@TAB=hbO`=71OCMZ{C7j}k7szPg^xxtT`PW!JS^j=6ME+xz@2mM=AAfH_-sJx= z2K%ou*q^=B?EiL|5~*Dh{D~p*hqC;nB=ToN-lYF5gZ|eV^nZ`>n`nVq$@twgd>Iw~ z$+trA%NTz=v(osx&Vb+SPtt!ne${T`r$F9hf2{%kdINrc#@FwkZD;($d{ae9bCcC4 z1V8qY^pu+aDh>E&h2Xc^%NBUOlHi{ff`5qt|0V4p7p2x zzr}$6IOFU7pUU{j{J$auKkem2|KDoBe>VjG*4^~~8zJ}u4ET!-_`fi|?*FZf@6O+D z80h1#F$8}q

L-(kQ%;2t^tQnbL{&iHLzV5XVc@o_A#>)*JW`X3E>sFg7Ptu*Mr z#GwC-5dAY-+d@-4|LXcL4AH+E%O~@HWr+Tb2K|>B^sfrhKbP_K`A^sX1IV|6rA@Sc z8N>2=ytv0MeaF>blh1uca=7->_`TPl{}-&kCT@*q{Kt35esJr9N0#+j2>uwxAAe4Y z5GDNk4fu^A_-nd$Yf~ZT#<|;wetf*Ee-Or6`M%U& zjsM3C`d=2J|02de#06&R>h01Jme<&GPr^k4>@t7H#Xu1pNp*ZHMpmT%k;^b$7~L;t8D}a7-=y$g~mkUtIo) z>Ca4eF#Uz;ub?}*OpTB#)D|^NkH1iv9)qA;`BbJ`vUFRK%5-~)ZV^zKwwh_XleWxg z+XsIZUB1&L7%ih|DS$tVrUasG@Q(RKOnZUmaJe^VA1)sbdIXpIg7)Kb ze^C0aPyAT}nGRw)7<34ihk_o-<)c7zxjc;N(M*p49nR$_=&@Wrj%f_^crKp+I)ck1 zK}T`7uXM&!^<*}e=bNL+5aamnpx1D@3^dN=YeCDod>zvYrq_es zz~xHN8@YTF=*?Wd1#}^oZ)JKL(?y`SbNLRYcY-eF@)D+Zf!@vKrJ#S}@;#vUa``^c z`?trcgFeXRhd>|Z@(R#Lxcn&7$C$2U`Z(wlTz-=2D$u96yc+arE>|&q26PRV zpJlohbRC!1gFeUQYS0Z_-Uzyh%g=+pz~#-LTe!TH>5EKXV)`=ZD_njR^v_&=jcElFWzv6NO)2~6l;qtej-*NeS&>y(`BhyCEe{uOI(4V=y z1N0Xz{|dU3%QT_e^hPeE>q=UiQ8^Vf!ezSNr*qAirhzu+ayqEPKv=?U=R)&EoPtOgk{$7j!=^?+@CM%bh^8x!jrQ0Zb2MdJt$AE+5Ra zD`+<^cL(jk;mJ-OVAX%1*_F82XFoXbam_T_Rv(EeN=06LJ%gP0CxIs|km zmyZNJip#m6!?=7j=rLR#4jSe1v7pCsIR<(>mrr0ig6T-mQCvO|^dv6lfu79eQ$R;^ z`BbL)pr>*9bkH$eK7;9*OwVFE7W8Z`)1@HA%s9~TT%G_rk;{{qP6jRD@)Xc>xjYqg z8kf%lJ)g_dK`+322HrFI+$_)wxjY+m4wnl-i@1Cd=*3*Vgz2TAmvQ-WrdNQ@~j^epHtSejMf2VoP zD8X9wkt+PR&fY{UvH0A^SiGnqRvyLMidE$86vcQZpV^F`E-fF`7+dq|EAkbKZ;k!< zNo>RCO=9ty*oN&XF}o&aSI4?5SFZkVA`_QE{`?GgcC9wCg{D#J3q8e-b8@e32&1lDrG53l9>Y z6?t|no=@T#>#O5iYTy5L=T1~^Q=Rgn+DbNBsf`!?y*&T#XrPwtBqhm!!O_~nBk82q z+I6C}B8N{ds4fb48$f*A0vgxa^;M!1e7w=Ik}t*pa5;Ko>Eu{>YL{;4Bmma-u8vhi zt79eA`{1Z5Rvw|=iw%q}E$ZbSkZBdDi*Js_->p3esz8mZSV=7`CXr~>X6vx}82r1` zy0j;bm&ShF7K?9GgueR4EYwDDSLCDdcVh6`7Qu%@(rMtvIh|q^ElHs@<4LOuahoMp zAujf6={)$JCOJ_q9|gJmr_m(L{IhpDz!I&U96MZEU)ZI-BlT)5zA4a59Jy{2176Z<1l;4r$!yJIDzJ(f|A-yHKYA0Uh`HRrAYuvbr zZxN%yRdMN*SjLQMafI=62=dTUgb%o*)l{=#eKvIqgea{Ews>?^-8vk6laU!+IwhlL zbm?U+{Bq$D#d8;1h0S9XVhq(c<3g-rR5eBeH}{&a1DdP9a7xBk)l)KhMVDUmTg3b9 zIb_M)Ro126xVn*SOdMC`(N!_{F26cv(=dkqVtBsr6C$`G`lLHR!11IoFJZ{}EC?4r zJ_19|=P?htsmhRZgNS;4yV~1`OA(RfqqeW1U6%EDTcZCwC6Q8n4NMVAG1Uz*wJqLI z7JW-?U8cv++@^}>zGdv-{Lc_QNE=9yugUPLh`CAaC8B*aeG~mr_e^ zY`C1I)kXWeRXF#L#+^G$8f<_5k+c7T>Wl?J ziQ!d;hgW4$mFf`q{EqKw{gkobBVoJVvoZwaa=`7NpxJuh#y34joBuM8W1Rj~j#HdQ zuqU407}Q6se85L8$rHh`P^h5HTonst1xJk-&=a;NPB#nYz9za5US$P9YwlIA`EVamM;`3+&!Bxx`KHp;35$)ayIeigDi4pd8r_SMP0@M+P2_x{}(gDw(wL;o1igc zmZ_ut+>k2TnhvR&9$s~FcvU~Dl1}1rwWYS~E1D6CTKVS_FN6Q1^96M&Yx~E}7aov# zzMyKmZqe^OU#Npe$;SS?5SGUCDB=zCNYVzw1jB%G6d*-IO1J(3T%Ru}%c}DQZCUa9 ziuPjSnb`cPBqMqEClj+tBbr2&yYCQf6kns@o_H|{f1q{IQb~21D@@0mbGuoUYAcM0 z^R}iYlTvvpopr4$X>68p&Ci%(c4I+{@h#d-G^DOxF51ko==`HQ^JrgUfN0^oM!vu zQQDDOsvMg|3qyT?{$AvYW8+deip4je?dtgZd{O*3uApMOH5QmFV|8vfT*)VHV3jYF zy}1!t${$R$yXHoz??6*`KrPP&bsH#2EAcTm#Le|~W!;OY^X3?*nazo=HZ6jFN_ zmkP4;F{Tak(ER5qmtq3i^&FFQ&OqMJc98&tyB*cJ>hYG`@h6a{QMDy^GBS-QZqA(= zoN46dFXpzujFO!&qeL4>6s^&OlbcX&m~eLQlxWWchiNHW*yWFMI#g!K-#jlpj%UDj zXI@eVu1M2}$l&51X`tGTZADLYDo`4!yIStEsVUJgoh5Cv?#SP%9s1^4Z%A{-3h189 zx;pyp9iGC;-!TW(jKLH*}5H zNL~HzOo+*qyH7MDXPJaqs*disLRB~+VIES#1S$D6aCsRNK9O$v4F-CR)X@_azk91O z*G4aRmU`V1M;BEn-4w^Vr5v-SVG6+vCnpy%?I;6@);iu)s@|ADI)gRI!qZicQl;iR zGoI25JnMTAA_pq`=}m~}C(PPnQq=UWKU_gxudZm!{B>_CbEIqU?;Qc?46k!4>*zr% z!(5tdPBV!7rzU4rRi&4_>35G+RU7oiP5mrGJ7&&fO`N?=C;h!uf0V0jdi|vMc6V13 z?)_3M8jC6uF4Fw*gqx9cXRv5A;^IMXkX7VAh~sK~w1|;L>rj8)7nmpf7U~WVa|(^~ z0DoEZq2jp@;W~z%7W{o7B@$;KLZu5y9!0oURTh1COLPS#jPm>y;H^}Q5RWs6d-ker z#d9CF3VW1C!Hv;f5?lqxarqIjtiDrFfrREtqAP4PHaNN}$y6CoTXeIZYdpZZ3DiNF8_V-o#Rk?Cdi&<|_@Nsk>eCrg zOi#93qAP{_qbuQqIVY9OU1=4zclCFhVO7ebD|g{_vF7z+uq3+Du75D3p*nm6MY0U% z8Lf=7B;)mW5`of*TT~^_(;aa2x**59lOgUg$nc0qzbnuGE?#3-<6eDvbX$4u_<&c-JzPmFlZE2IgoF3hYmJdGlR#X)4cjp z?-?X{4;b(z^eECz8LLsEd&C(F#Qhc03EL6n(eH34)1N*`S6owIXna>vZQIrH=oed} z4Kh#~NZpIe^BcevP*fPKq#+Ea)XmY)?A>6cOBY&az(LxGmTtA9Ux*tt^I0)VxTFOg zk%yySToHH#3+9rc%Jm5DJjuO6`2ZXq4a=Ph{lrsdyvc@LJ8$_=PeTA(kK!^%tqAM{ z^20e`twqOXyPYHN!Jnv~Mr*j%c3HiFf=%kO=+5G~JF^Q1;D37I-Y(PnbU55?RGh5H z%XKRiKjY$j7nUjwgcwAliuO}!b{d1AUarqf718IER+g9NPL54#K-zjv=Bd}$WCs;p z4pVbwo##<4rFjijl0p84@Sys`lMHfCQppSQ_Hp8KVOg+7-WgObz{Mm{3nK<@oa-gc zeZ}hEaI+EpRWZi(damz={MzzU;D$G1-D^bL$XnRBL;QS}nkSOY_~Ho}w^cbXOAGxZ zuV-sG3&Yf#iK=OnaSaVi<=G4AY56Rm#~Y6>g>02_yb>LVH_rRXhSI{5)S9v!l{Zm1 z?`Qi%MB^EfUUZs2 zi<+l5G+XWR)ps(4mJ&r;DDu4tnfTQ)G8It;MT{%BfL%y1=Lq|$m!!eo<+o5wY+M9y zyOJ4{c7)zxqsKEHR#&b^=z6ZC9$ZVuyKo0-BV~MTb_3SjV*SYmrzTr38$|Z7AGCbl z5Ew_89ecn54O(XuQD$w>+~q#2E9XfikJ8A^68R%uv>k%AZWxL3mfS3OncN&m{dBw~ zH7sHPkt@Sn_Az~b%miJ572*ngVT!}jZiTgDmE%RgpC-f zn6UD)0EAi21)?J{N9mW^%=A(Uw1FsPOEl-rPO_EUsWr7F+if|q(KrMPCm|Olya8jI zvGUw3ZFMP{WxrxVb8Y<1JBd&Jr*;y{ey1J4+~294#(#S!arN)GllZ`g?j?_Yqe#uw zb;tZ6JBk0KY2MxBk`bJEYc1*4RoybtOxR8$eO3duERFpKb`t6HSittSNH7JL3BPLN zKBy{$a6~&*HR`3HNzZFD7y1Qd2wiePisH-9@f@{r~MH zx)YwVFjMA!L#?`)Q2J?`+hqok-EYtvDF1ISk(M)iu$L%q^@w{0fvqcVFOfcFi=pK2 z$^6^fmslVyaywluV_EVW_Yn`4yN+npU+^FS2psQB{Yi9!HVm{yP(T^6)N&U=Raz6W z0a}awf@Rhpvge2oh`~F?M5Jp|w~eyU9(46-)Rl_!^&Q8j#Dr(Mcs6Mi+;POSzuu0c zNqaJCOjbEARfD~vTy%@AMp>WO!vE}6qr3ja8b1eXe55-(Grh~5#@xV8BTsPu>0QR{ z@+xT?c13BoL>Xw)#+V4*Xe``~-NQZHXcQltgFn3y?j{v?mvI67EOiqXY3g2M z?r+>{#MKkDqzlkSd4cAE^Hw88uDEjZDwJy=?`l_w=Vk?W21Uk_S9kuh#U!oleQK$! z(RG1TFhLhOEiWc1ftlJS&E(ZCYhtov*r{|?ohh!W^$XrOJwHVk(=kt%ft&o#oPHmg zV{nx{CYxn(H7r;4$H$-7n>)Vy^CRQimApZlb(v=k8yoyA=~QTk%x>P@K`>h`1n<^e z%*k<=69g@Ge*dkyjdE;>45=<^{pX(fgEhhJygz=cZeREwT8S`Pge`q^ix&>6qIGR} z=gyBUR9Cwm{&zO)ygM}%aR{loRp`@|`p!1)Xla{7g(IMQ73uDN5&7ZCCkj)AlZpsUNb(%VK5G?Cz(> z)Mv4ScToPI9k&4@H(aa@QlPR* z4oCF9ckxIy8LKO|p@ug6L?LkQ7xi5JwvtcmiWUpOZFy2ZH-E|JDbLS}SAK}pD5GF*!iJ?}0&=jjn9eb|%qP@_}~G zJl`ppV5Fn4igq1Eb4j;^eL`{T5l#C!MNCh{5DdmJFw8&dyE4^xPPmzftsZ z5IVLcHx1AhRaySdCCzs8zo^8yJ$^dBayR!bdH=zUN_|JI?#16}3z5EtJQmzH`%Mo= z4wUWCBU!`Cmr@|3RXWO8EqbrIHU%rCjMW(FfsZUuejFbEB>opSUghPBZZEO99Cfe$ zj+>U>Y;mucb_sdrAF^qgO05R{@mn@6*U<`!wIu&c! zKj87lb`rbHMM3BOPiKAq=cF@7%K}C^h+(-P8x0M`c+JjU(=ihoN zQrXK)OH8el?9?`2+wrM5fgDI;B3xcr~i`jctkQQB>8AndU+YJ=Wj_^;oX zqzP`1uA*H3{83LiZWH-3x~M#NR!L(DJs6en#3S;U_P`K70ZHG#hcWd>?pi8~so%bH zsXPIRrJ29pj3?|~o`dz~BA#Bg#nB?SCnSr$`bu~ZQf0$VrsV%49-wqLGYy%jij+{& zV%-aSxS1)wfrHvm`a$2&d`-;bVH=u>T8Y-YwY0oVE+3+#bRN9*wk7bu<;cMHr_L*E zEgzHSKX@7JZ12KQY=PpD*ga81HlCp0|LlgTcg2ruj~rZkAP*cje{d ze|p!HF2K=0+pwjUX?ix(yOOcxC=A^`y}+=2DoxzOO;fA@#M7C<0F+I+`=;fjva6bV zxvTD;;;Za_!;_lg%0OMQk~~^wj8hc z&M|qN7qYpED`GFr8e5GQHBb}gRNLr+xhR^RQc`AAH??`_$J-I31*&kE)S@)(ZG|pJTr^jot&)SV;z2^LVR6aUbiSLE!dcYX9VS(?(NZ<_Ay1U9G?WQP{*Jmm{vP<0EYK^w%+~$?m z{AWBVCA#pQSvW;z(GF@_z=iHfSERnb+sDl9Rd}B!Qvm|oru4YDo45Jqn8~xs=ca_G zS=rDz!Zn6`nQgXS?oZZ;%5~ka372qpq?FE*_3n(|wi?G%Ql+_6sic?kU9%^CyF+N} za;hpT?Mn!|Xx8QHx0`(ZcZ)AxIsklIN{8UT80QsoFEY4}M`mi_^VFXOhX@P9xZq|B zPmEQR9zjaDj;vTH4k>*E1%v4-M5s7HD8N{}jvQ#=wli%|1lzAa*y};*McC8Ez!$3U zQmsLav3MPIiY40ASxeTDgZH{9eT(okeN(6=9ovOp0wzAU9m4WZhoON8&qP zN7AHRF{-$HA@w4gS}t%;KTWLU_--9;0S8?TIj?izHLtAgM|1SMiz;kbkD__7h4?P# zj0Np5iPg2hKQ}R`)2f#gg27Pt5Nz@I17_CU5L#6~(JWHmm(F8-ww_$%-kls7|C>7Z zRJ-=6Cp`zKCp}LnCj%}~&&$l<`-Yt;`>CR!Az`~{4A$idA3GA?W6O=GA3<_IcoYn1 zc}F0+T+K*|)6vQPCx-%M{utB$YfW7!dV%rB`7OAL$yhLihD@KNLq_RFe;)OQfU+ehi>w!mKb3<_s88|unqHg@E^bQJ5vPSO_mj2wDn>dHE0-i* zI);vv&uh8m9^yOIMNY@Y1+CXBgQF3LZc>oBV@qisL6Mr}q8J-2Dl$r*73UUGwcbu# z-YHQPh?mBMhVsUVsPUsYE^~FoLcx=;Zo$Mi9OyJ939a3GW8T%ixMY?smrL7~MUQez zvP4*5*Yy^vFsHN^SF^X!7u)*|P_=j6EO`;t>ReKIeErdWczX>f>DK??oY!Hlm$$hN zmk~1md5Q?_K7FQlpPts>)NjGP6>Ysd0PI^6!U#`FXbF@akDl@kWgkTzva(dA z3H+8eg0cKR+k#jWxua!It|j}juL`1@FmX}>Vg-)fI@cw%JC;p#JB9k^Qm-UGgUO{ClL1xI}9Qv z8#70ir(l&TzWuVif?(xGaEI-zL4!gmuJw~erPsC_@&V0)y;hi8KhWzCR!NE}Lq8y| z>>o&}fO3%|2ny%o&3QT{K~OQNgJ*M~ida z_FQqk<$1v3h>j~tpkv1rPag4uhjPrgv7OP8KqCZB7a zIN?NVM$z=?)?vrbm@;j~w8BfR!+IASG7vAzJL8^6YWL)sMH8nN9GX3G=FI7bW*5zv zGws|N1(UO_ltq6l?4Z zYwT=mY@s!_Nca99dpv38j5&qblcr9X-GloTojhaK#M$R}Q>qTl4jjyxc3HtV7}#x2 z_7zuTcb?Hb`{0AKCrp}DFsty7)i$y9bZbzyH7N1Ce&+JI*5y_1i|&*jsWKh%*Oww? zIjvjw?4d)msbrm%Z5^6zWiw1TPSK2MGbSVYyU7uS!0IMX$bsj!+npkfE2wuYG%qdK z_5TF>&}_kk3--iH0g$8}%?kXcm@q16gKxrw!f7*SxTfve0IpT=k1m=vy-;@6o*T0} z?I^}bGlaU6!3$O~r-8#VHnnHS6g!^CORDb*kk&N>mhGzUJgh9Oa%ICBOPhkU6Z*%uUH>`pAm z?h3B1*)wNncO}-YR&(p3f=PulXAc@QyI@Yi?28J#<8hB*M7_V4* z(`%lKCl9}x=Pn$SwQhsIoN&)#FIg;+^lz8mBAUaxxY3=GuzZ_qr^(bV){fHx$BY(;&agWyvjW<gTHseb1^KVl!PTh(V;&-+1yIUJFZmPyT*^JfIxX4{tjS++|ymx-J zBTG}PXHvjLhZT0@G27Z|^Wg(cA}=)-TN>CF$0)Y29(^k>)I#-~U4T&DqG0Y1T(} zdwc_JN@QVk>%kOUg}s&%d9u0nQ_5h=dZ|g|_2$;+P1@midQ&4`HMiEM((mW~7+GiE zlWx7(EK-qfU7L0W%9YLOM{%LkLc2eVyxNZZB^|%j8+kDuPC)w&c4P;*Qc$c)iQM5> z+X(8Xlt`6h-QT1?e#f;*QQQ)(pM!g@M2@||P-EfuiWMj{WiuvSH~E$gbLk@s6z zi<(AWXkl$@8d=cN`m$-{s}|P6W^=Z+v~Ev}+}_f94z9t$g7nCymew8Vkw;rvKc>?? z4QMvx5GZzf|eB=h394DI0%o$-p`eFOlCe~xzxgB#lTh^q=$`tFe$ek(p4dNk| z^|c-ObBc9K$`~Ql{LIKqYY{i$`D?rI*UP@Ye)ave*!R~O-(TB=zsiNbe(?SEpzp5_ zg}=54e_bv7^|kQV`@&y$lD{6bad35dcq@gd@K;vzDaLZ^DGzKwj%zBvkk z^96kKcoQ0A!u(E0Va0e^WJwBsUps=Y)Of;%ufDe<&!$+b*+VS{N6xoKL{705aP*8A z+5tZ!-eDWkg{ z2}O&ji1q{>)*d-=HVUP7`_GzKtH`D;cKgy){5Ug;@s#%Wrc$=Btd~>TZ%CzVVObST z+W$2bneN6?pxfEV0Z{8cSTKuuOT3wt=yX#e&6u z%0*ewKxw5NtV-0+dL@3n{BEiwe#RJI-KZ=;)b(A`{w}8#w^X}3{R~HJLt}*Y^u#%7 zQK&g;ACo<}o$LQJulQw4m{mcK9jg9pz-AZyqNTj?TPPoZO7Kl$TVnN`w#V)HPpsfG zk}%7EYNed6FSffLqK+H53F|Ta8^hdd71VoQ;xByWFZo1YN-u_75BVtm3RjEb9JI16 z!Gn0B)r$mplAdt&kKtWJa|PL?cz9Rd-9vBOV)O<-w@DtOXGb@D62UKpnYHOKIFZ9WB3Tk!-zLLku=E`G?{9dl%PH*zsQWWA61b zJ$)+pyfYY`;yG>T_nyzE_0U(k*i{0 zsDe?6-v@AZ6;xR1hoS%YXq;|6;3q39=us_nF8z?SxSOfQVGX(o5u-c`!~+@OLLa90 z{cTtW1bUppMcHdmE%5vyQjFZ}NLKGof@)^nb?y%Bb3GyKS;z0v14=Kt>j^PzC?FbW zAmZ~Hw_uCG&4QjMyirF3%Zm(cfXI9)hBogIQPk4lN6Yxe?CvQ0Ns^zFcSj&tXrGIp z8Y3aODd;AGJ+TWmDK_v3P|lbac^LX8%P7{h^>Ma{e|L#kGPgl~r90&v*g6U>@?tg+ zH@?r|Z1OoE=@<8W+f2Ida%OaY zX@=UvhTRz4!_=F&29dp8i}6NND>?|u9D?ajEL|xJ%x$y^`-mzx7~?b#fm6(e+m-H= zr)gHpOH-oX8z)M}aC4kC=EQh2tfJK@aB~+$n20Xp_Zqq1sOvh4J60MRN1DXfdn8OM zqiSRZWnZ`km(Qi8(Gc^}2n|!jC$6!7!+b=&Ie@~C(x1rp`0^2W6-hlY?*-BY&CuwQ zBI4faI+yyR{wVT*az?g=NkZv3vFMU~o8)THf4B{Ehx+UTn~Sjt_s0nnq2M}-A_D_l z^s_q1-A*9;roz7EkX{PuMQRV!_9o?*^K<=y&j(<5$T~3uw+c22)Hoj6ArTKBlV{@h zih~VCgRLCD3gl-ooZgPph*tW>9r{?Oo0sJ}ORULgfr&L45x{sh#kNGND08^0)eB|4 z+WWeY8Z%SRbl;QdU|9@#0souxWqH4L;ota%Y>7>23*j5B>t zjq*J-?CX-bRaVh~VBKbF#hbyz0#`GFf&l91MpQ#__4KaBiX1z^?`%i7%fTWR5o9b5 zf5W^MvW5y@rHyw7nmWkjP68fICsRFl$hP4ReK5R?LOpqRWqu!&rAz&?9;DxHIBFz^k6#4$0d3ew(A!6!MU#c=C`S zhvjal9D0Znw6+Q2&ApU$y1^N>Vv-X^olSWQ9&lAt*H+uy(;2I&w`$8UnT1_%DKnbB zmeE%(fn#;nEt$LB65so!=tCI@>iP}{Xp0Dv2}NUpucO=RAJsKMTM)?2^w)UqJhK%Z zsaC^7=3tz59YYt)%Hd`JQ^(>IE^+bmqAs7vunHrbTY;Qcf%Co<`0UrgvGTJie|t`r zp@*>Yx&Rmd_+f7!wLVqwn=fkuQ&aMh7B*MI+47NL%xS9A8_c2Q&Swa$Ol5q-|LhMX zF5odVnwexhq^yJ7HkCG%+VC~7yb5Wc(V9UE=#q_Tv=>1S76u|>*X_HtqBUqPwD4RK zv?ANHT`UB6c`qcqv8_r#_rNGf-d`qbbAXz#KChCGTI_6sAwXkWi7#BcnRfP&XLgx2 zgl(|JA2q?=mg}4~vPiT;f$O&i=^tou$ z=y$D2VThLzhvm!9Xm=x5Lctob)>Ova@$nZhP;vS%&t=0vF|XmnJR{>@j*NdMj_UWP zK|p-*zqsc{#%sM1KpRxU#tu7MS-Dfzi2)I50_)Uxe$^gip6;6{-IQbg!A1B@a)Xh+ zDbXKrXw^+dTGB!=i1{Osi|DG`hV4jHirx5%fbFwe>t`-X%tzFfv>FM_IlRr{W(Tr2 z3--b(`UOQ6Ahvr7Llv?QOBUQOkU!z0w$aUNgRffx!rD$jd<(*+1{|;rDH^vS{^G7m z!gmaJHO|S3snB2%tf)-vF`RbYj>UIi86BK;1k|u(Rb0X(#I4S%auO!hHFJE4fpB5 zEv}B-2fBn-<+FLx_08@ho-Uxt8fTZnJ-#AgG&Jc-cHhEp05`VB}}G_ioX;Xu#U zS+RHu&epnT<(jdP){N>iR&EU+!f?DxTZ$T9@wc!jFlRza12}xcT9XImQvV-J9 zYz6qEHT6#>ocR;<<_igLOoIuD**I!wp{RO<`W2%~yT|%l*MWil&4e0oa`=9+aJF=Y zGEFDMnj3GPdAlD`?kY|}QWs)|YPD@+wHJDZS{NHJL;yVPMP~tP_5OsX0UD)7i9PEM6A>*ei*%elQJ0PkV9MOZIsPB0eNf*j z3pKtHW=G?-e^9~{u)beeU-y2p60@#WN~kN|{`YFbb7Yv08@xaw4(b6fj!fp7U5Qnu zy3TQJM^4|Zr_tPrC3za%>~EXk0^C(SJeTgaj{~>G6kANI4-vYXpUZVOaNssCne2Kg zA{QX4+6jx0gs3va29HLs9YtTmn#=29^k*PG4c9%tTbSyBsN^>q>{wyYq~Z;BCDimF zP$Vf)`co?&guKOl^eqC5%dw|K8J^V zNH&^GYboEmkNRQgT?sLN&ao5b6v_`3o4F-lzg@8i)wsQZ>L+{27JQD@*s!m!|FLEx zBO7kw?|Ht3~xKsJh#$7HSL? z(rZLDnf)}X*AdGd?GM$YL6 zc0!$^lc@@;T_n#j$noh%uthkgZ9bBuJMnr!Sy zVcnUMrw8inRqGf?x>+(zk_;n48Kz5y=^lg7SM-5wVV-2D@EAmi{&B>fGyJ=yK$hGk zlKWYYTa@S@bB|9u{9cc{Omf$G+`XUXQSlMLyRfPKR6ZNX$YH%bP|Bt3{pXixvR zU+$9iN1^TnyyYNyng*lnw?E1Haj3i0tM?iau2!S=e#w44Sno>n@0^6HGRz=tSn5zyPzj|Dv zCny+I>~7537VUPzTY6v}b*ePx7-r~;%BaV13OW@NQ zRI7hPsUL^B0u@AZ-T<)V3D&I-fFB)SAY&dU2m#aV*O%8egx`H*5t2J@q2Bn`rQP}5zwZvohrZ$eQuN2ND;94HwWF{-( zXV{Hkc*A4zCN}0wS2(`_*N+~juviXcW$=+C@F#QCE^bFTn z-EUhJ&V#_!%i~lcH*}c^Y=NaId5#-eU z@rGm<{wM?MB9EO)>ZRE9j^xl3sZT~TKlq;m<7=Ln0HA-Y&jFHC0Mvo&JCBn9n5nPA z)Cym<(-Cj!4WWhLl*1$@Iqf6BG05fORwgJ)or=0?ZoTh)HKkpwu$O@Ko)C6lnsF)> z!L<;2#~`Q=jRzH(2JlB(yB2y5lh=OIzZ(?xPGB8qVAs3yO+{uj_@{a@o)cB`KU3JR z0_$P}yKcoVip*;8zZ@dNj%uCeN6DvP-DzOgtr(%m?1SsL!|~QaL0%1uD@p0C(-fIe z;6K+OBTS)xZm=ja^TB_oK}G~E{bQNwip*2sf6X8xvJU-YnbI_|z7T1o4*b7*G9ITb zvX0zAc+H1skE`I`cq?haj}-FiQxis8&~0~PkG!FsF5?#+bEd4|Hd5?s|Dr|z=z z6wdd-^|{AMeWs#ctZ>qIKDEVLI#)-(UE%Bru46n-4_$5e0fqf+uwIbJ&Sq69oY#Qs zHjh(RcC*6yIJh==oVv1g3g-vlYVbIX%KoUZr?)Rlcs;j9AJR*zHn>?aE6C*b`f(<(5$=rMWCsT1sCh5c{D+QGFb$S&eb4YEfS!TliA)e|Jou`-(#reR<> z&13RgSJ*#R*k^(D+7NcBM`yrT9sVr*`~W!D;*EVf%c86==OdB-#lKJYM};c!9=N}B zB}fM;K_!`neF^7VY<^%f0Mk-7-k}&j)4U}xSYjwnoZ?EDFoXo=S~T9w79g|0UhIk( z4B=g4=DrJ@kGk9j0I4fQT$Dhr$mT*-7aXNh$gQA7@GjY`^Xax-KX6@6toHsVq?0c# zd*6XAF5M4}(!sui54#Rwi7RE4ha5&*9z#X>NGu~ULxOJ@-pApcaw96a_81(?+Hoiq zc(u*PojS{+Muv?WcabPS-BeV2$lv1N3KC9&d>ioeJPCP82#ih{a3f7`G8h7pQfpWlp@D0QJIJ{Gq=vwTLv*YkC@M?t?)QGU33S>X3 z1;Bp4cA!(KSK>sa=)ZlRZ{Ctito!&8363BM%YhHsD0c%d)w9QNB?~ zw>_yZaoXI$9natn?l>;}UpU|ML;Q1H-*HlU%Z@lFMhACC$8*y=(>Y?sEh^Dwr#>ws z*}2XO2)#&lg>#&sH#o%@UXkod=QcrabXEy^lkygjy~BA<&^w(^1zqfYOgRD6)#nQ~t$RbE+eq1CyUWTwpWF3t&FDRAZVLaX!Pe)SK*YFq)J zy}`1cCg6QLLp&W&@*fRFOEU58RXWqpW#X#QQl7-la;t1&lsZWH36d!jOvS`Rg#?gk zKGXf7Oc(l0FL_J?jvT@|T`HOA%%{ZE4sh(gE_P=!HI>dw-S}24ooJ07P}S!9uH@Q2 zR7LH`#vZW?W=^p>Un7D1#>)K@<6H@UCbA+2^m4jCk1#tR$LT9*Z)cdGeVkE(9^upp z+SmDB(0-2n0`d2ES_(SQiHq}toP~l8cK#&j5a$s=k8~yozN4Ju1s&#`A+B==j&r&Q8gqIJdb~4K&=Jlvf^Verf}o?E*9AS%`AE<_=K{fZvXc)w z4}P`|JfdZJjmOk9z6l( zd@(QFi>e3RYPk?O@HA1g4re!cHA98W7=c5Le1MvdskRi&TAf7g_+~`xA8>kyCn&2X z%BsB%vaJ2^mdcd-q6MOf-Vv4c3uOI!sQbHHZxgKbsC0Uza5_b_{VNz! z0WDpG?;$5eZx;2aeu062>ogr?yLfEiSAX9;0l5Vnxx^?{2RVpn)BM0?$>LDIEsGrk&3(@}0 zNTOZlIs0xUTI}QrdbRV6pmArLpw~Iy3R>Ybf06jEcRC4rgVR^g8=dij-r~#^^j7B< zL2q|f3VMh0ilBEo{}gnI)9NK^XQ`7T=)KNxLGO1?5p@d6_5D#d)T?hkE^3imtW@g$5!9IY*MdsjPU<`yBsCxG@_A9`&JJzM zaI{b)IcG_Sw&&BoLY%VBr^+cPO(9wN%x21@w3Rr6?!Zg@w`D5LPAN#Ac?eIfDd)Al zky;R-Dd%?n7={UdrktPo5-QT!i?`<7c{|Ke9~5Y@G)`qry%QUeKk0u?R&S=6UO1=%Q1 zDQ(yHd=Tf3BA&Jz1&@6gP8?2*%}HKXZIV?noF45~$*DlrKQHU2qHc~`Z)cGFbkXz+ zVy@X6C(2QMYmlY+xcuH0btDRXM8QfWXUTlCZ;P}RFX2cGzr@h%M(iUvgM#@br@R1JEbdHvPE-}A%_`yp>mMN(3$Y| z6)jvQ(@7tk8IAgLJf5|rfaEFlc`io%RUXe_&{XaKwOuZGZbRKYUOlzS_5E$(uWHoQ z;4K{VEw1sU##FLD!$0QEw_A{QKZ3IvFa-BMQ7zo*i_s~Y4pDKc>+n-uhm(tahYv05E0 zn;X$$6%L9;jCQAORy+!U6Dh}_Ih*o4b|wmOLUw2O5&f>E1M5j4V7H&rG(DACTP2R$ z&uZH1O&r-WxN~|;c24Whqr1l~-H$wuo9S`eUf)wQ<1Uym%j)s8$al7VP%k_Lf_F;a zM$}y(>Z)bkQ8;~)TV=oaBOnG76Yje}=KKzg$KXsVamXfLIF1;`3*b*ALlx>?_3FPr4KO~sRPl4k`3boG>2V6}WJ_Pl`ji}8_2Dh7vq=?c zf@JzeGIa$*e~*dOQJESg(?~Fk^_YZC0`3&yj6-E)+x8r=TE=7E_x$S+6Tqn^A3Th{meJP+(@$xJ-<+xYhZF)NxqFevS0kNF14Ogwf< zAIyz-OU(O4WO$E4MAL#NTk@PwfZI`DPdpTN5?+FJmQOhTM42OU1U{gGx76`MU&m>O ze0dD&Q>jvlbyLKK;Oudp*u^B4jF))laG1W;X0e1lyE+Hm=EJ&SF)r5pWccsDOZAMnDu535r?F85J{TF=N7< z69&*{dKjKLJTvl?zxO%S)pf7qdw>1)?^@lr>g;_^oeEu5-PK{FlD^s(MPxV+!1foP z?Cp%-lhhi7E+i#IASZe}f@M*MJ-~3*0c%SF9QlLv=a@}kK;Rwat4-k-ko9Gt-TpSP zR~%>*2d#<3htFTQ2wR_ zqcq50XLh@II!LPegu>rKtzBPDASnRz`Gk;*bvU>gD?5tTJU+u-;6QSh6K&!ji&PQDeyf_bdng{ zX?6a9q_~f@XBhGouQ!!?5ubo`Z21}OSxrw!_RLo7!1D2uz1)=ZwAZA`Q|;DPdkG{f zoOU<5su}HL3Fac8S35=@GStK#mT^D8XB~kiH0?T)zY)rM4}^a^60HbHYf+hFlv$&1 z5H!Fh1#1$fRF|ea!=~H?w84L+TK^8WtjS=^cdXmcxYa+kb**JB2jkS3r87Y`<)G#> zdHfsrJJhZQerwDzQdrVw2(pMn-;z;z#I{l?}r>Gy=3^pwV zX%4Ja%PO~nT30aoJC>NyhPK}HZ+kmD)|Bl)Nv4^H-664xZI;)V%=|kYyNenp$()bf zrDP9h;xZM?w@=H6wY!0BA}&XP;zK?CH-Nq4^wqcPOy?VBy41!hnwn&;QtS;Vxhg5cjI!YsF>0`#P|<9o_^@D5yC^ zjwkaC#J>?rJZwlj|4P&KvD;kpDAggGOw)7#h68MWQMtXhxar)Y#)+=tVfP6!& z>$jCVE#Xms&pSd@(pf!Y2_FLdG$!a}-kPhWF-TYPC!m^x;!>6)P+FuGqkVQnm~Fx8 zoz0Zwl-WQhRKnZ`tOK%{(n%__yT?2ptaG!ONvEsy^F8`4px&27x7B&OM|ur}e`b*k zvt^IOrdk}t! zNfw`|Y0-FCIwT01V$A4A~p~I=jX)qR|p+26`G|%mE z(F0_xAD;%=khM23)`YTn{g{h4ZLo!NeuY#ayMDX}#3N(K97KGssOtLh5fB(N8-zo% zN%Mqc*N>OSSiFAB6Q`DB$a>f7qmXY~42>;0@%@dNX zk7A@Nw&VJsf7)Ie18PLBskgLS;PgVbB4ZJ(?Y zAYF?se1yLJ@r&JQyQSeE&2%);aBWeak@iA;cupAsy8?Ee9851lu!Y8+gfWX;BFLwZ zejg)pom>~M!Yc(fc`#dwO*GA`iTZlMTLS9j;I|0Zz$WMVLHY_9mQ(!B;XS5s8O|^- zGDJIvSBLrGfKkXii!kU&BGxS0;c~0=6yb(2P2!0#eHzWbOUnw~q0p5O-xNb;JMk*2 zgqsvMn*qMy2%nLF>lGk8tb`ANed+LTk^~-8d>611xF~5G>Kl*rjFMV{(A|+_nL$Wi zA&i9`Y0=^RruAbRP;Wz_kP=sV>gm;wG=2o6N72*{x}tbr#di@u8`y=!^L_&^lhd$U zXqQn4sLB9Up#UG=#P#1Cl}AnMvtUji7!2)e8-(;dn7@!M4#)r++7~v2MWeBli%l>? zx(?ala!oGm0I+v;gi|eHJiw{h1RV6R_)^$}MTBuhq7R!^T#B^*y{6iQ$Z~iNv@eP+ z*aCRO?9TOP%YIYYLV6U;r^uG#(z1Emv-Sb7Pnb6^z<78Yf0Rz zu1~!52LKzEqyM?$Qri0io9py7@0-o;S0#1xwX%hDCYa~tSo=}&1eW|FGBt-73)^CiJiQe;diI*U=v|(p*Gl!o&--(*-4qi)-^jr_C?*B?T~2!T zs)ICzLiAz2pFKRiHpIOA^-)aphB`g1kXBJ1n>ZJZ&3?cZVABJtJUOJ>g?90SsOk;( z^e%*SeYT#G&hSVNg22T#H7?6;UJ3(J-A+JPtQTX#?VjEb)WNb|^?LnN-A<%l17;%Z znlG6leK%|aoEi&5N<_N}We-W%lfj&y&6fT|iTfnPl^~trh#u!GEn`Zq1Ad3&G-5I8 zD6u#r?mY$URfl^vPEwrie~#^sERMR*HlyQmc!9E6lJzj)x5Fm=iX0KrG-QOf?CTQS z!@!(MHhT#vkiXczC$YT<%v1i(wp<4dZ_&IPb0v7!#g=Vne7gl7g#3jV)5Y%=ESdsr zL3o#C{S%C@981bh3Gqc4vlk{v*wlH?!lTwgbAVkPffkIg)YYeBS4V>~(b0BGJbBhK z4hDE^7D4T3RlcOGvq88no5Z2kyJQ<~QRXJFUa5weoMeRW*pxp3?Wey|ZApD(Sp}F` zlwp&C(8-@3bnn-YR@R9*?*u~Mm}I0lmGq@r;iSw=1YsIU-l+7g;B|Mq@E1@29$*hTeZ_zG^xp*b52vp^|DaTl?U)(a{@_n#lVrlZF(Jby z`L-kO;8c%)CG1cyrpWqvXE1w`?d8p`Jc_j{VEa02S~dlq{z70&bM$K}&Iz$O2N>6; z)xP@PCDerowN_i%B$-FCd&;pDw{M&g`~zU0I9wZkO8Y|dJLGw2#M-9J3ml1hmh`bEC;7P@giVel zeU~QpfoJIr5I%M!X;I>sX8$`iXLf**KOxS3J`XbP>_PFp+A~eSXce=pL%*v9$=X0* zV`5ypM|CJupu-@F&CCVi2$I-ld{P}HN!CsS;ezT&MlVT8a<_x9i6rT1Ww_Ji@{}Z* zeFKCKoF$Kx?^*f{gw(`pEERi}8iCN3Byrrc^o(}rvVb}SgmKQ2S112ck}ROk2Vs%3 z93OOGT}0{^luOh zM);)J>msRITC1dbAhgaVd6q6$Qa=#(%qB_aE2l*hx7d?J&NoFe`3mo}Q6#!V%$v_J zK-n|qD8$v6_t5vKKgD{kd;^lXl}RnHXkHk>Xgw~=yBgQ>~j?MJRS ztZ++(X<{k1RWWS%G?F!8ZxW-4%Yd(sITp50a?!*lY){3on&2cm2#1(jQVOyz&(aUl zbP-cuyOY9}oya6~pP9LD*Pz|Vx)&SlcERp}{mhsKcj!4{-yOV(!WyuYpQ>$cBd$h5mDM)B9{_iCD0IFH@kxGe#M=U_#G3Z zYk_#F2%1f?C(Nm#rUAt|)}^l0tG~}s@-23MVhdl|A9s9;h`V5wSV*1aQOjU1p`j?+ z?^F0QswJ=egu*Z6f1*DA*?vZ0W(Vc-3Y*LSg2Mjte^B8B{I{gDroqO%q7z`TK4T5; z$}8gmFEzw~%>l1Z%7Jm)1A$(#JiaNwuGr)fW&5ePB=+vjjAdP-d$` zC4JaI=$aicq>#NtNnh$BI||houkgqNuVH8e*DL9?i?lc(e&FIGBNwNaKpS@#FAS*D zo(ASZ(ws4y2U!)9H-ceR4(0TnDqiX+Uu!g_ae{vyFocG!!=g7g>2S`kC}`{v(soAZ2mP2P9Y zQF7Li9P7kNvGN+MY^9|wN&0I9`4ZBfW5m3dz-J1a52JOliK6)^fzJ`REud}={yc#% z5O^e@$yu0Q2wnG=ae-O}P zgm)3HFWNOtJvpW*R|PwMQScSEe>(+C{ZX=Z$TFGzQ2*F8Eg5_B?JJy{L);;TOu_F^ zQ@o9iXG4IEb2!)WEN;iL1Ar~c!qtd6&_#`yQ^7dju}YIvdMIH7u)7^D<*#1!R{S|& zZ#$g&zN^EP^bH7qI1;mByp+Z$sWuN1Y*G|jSu(KZ?``T{i}qs+cA~O*gt*HR&6|5 zC9COj4CB$N2VuxQ9F_BE)tf-F9<2&tqc*m1)E_7hh737YyO-K+0znWzTGbt#zOja` zA=*c)sAwhtno4*)3|d$ptrFvl03GAttVgQ^KM&X?4(Fp)(s`!2h@MPhi`xnlX{{e-I9%Xz`;bK&BUdO?OE9HMk;pOr_wD5lUA6EE={0}euLjFe- z=ItbZWMKpRH)5tub-zpB@-;U4vsr-R<&pmCcjKbK= zBSqIZGn+j#k9%gGXm`|uv6&~^y%L+D(3)vomp2r`rE%`rmn6;X>m0zd-&c7Cs>VlMCOF z|NRQTl>hw;Yy5}2nT4(G|8V)ARXErFpCtdY3$L^PPs;xRg&*1f@DH@1%x>wzjuO~C zUDzA}$%LtKS<%h2<4j!En6sf|UKAJST}7XQQ(aAP*oXOXr&(gRNO9(HY0v3u)B!2A>L5*u{g>Zk4Y0y6}vb}f%y=- zPjghTILdaPy*MhQ;sa4U*wg{NUKTHo?gn}H7&D~XOJ(um=oo;Lsw2dUqlW-onoSrc zdEnwGis-*Cj&?3*ewO&w#w;ibz*Upy^gILyErPOo4~vy$C_On zUBgU15A0QEO><)xN5z{jfPLrmH8m`b_GZJ<7#2raA13_=Xq}~I?Bb~CwO;^?u4FHc z^4u#Nm4n&EQOV|9VstTkaa1z3k{I2~UK|y@bvb%=aa8mk$kDTlqvGeAIhb7>6+gev z!R+Fw6kyRo*?!u^Q7OE(#5_Ok;;85i%h9uoqoOy<>1l=di=)Q^TZ2swHZveOq_H@v z^*~hh{Ke6`AbliTPf7mb=r#~Ob0miR6tFn@3Hs@37Dr1C#=wnDoyyh2;^-wuL9c-{ z4!bx?`Uq^(of?ZpYFxVsW!uG3vX@{xDVr_*i4yJND2Z2K+u(>E$1aXi@;LC99A_Ad zQG0m1IJzC!*ADk=*u_z%lXplERASRylcVm-bp`dxE{?K9x`8>0Z1xLsL`c)nkz3hz zag?@agSqs-+qR3Nw0$<1*ZrOCeWcjk;^;%*Jsw-OopHQ4x()KrVoXMSGloS|ASU9) z(Lcb54vq6IWv7IAakMeO-5kNQ5HF4n1h|(Y(1NC;uDZq113@{`(W(+p;>FQZ0A8F$ zP&-ptadazKUsc1bW^vRUhOZuA)4Hc?I=E{=#EYYCz~~yYbb!}` z&MuDbOTDomOpZxLic?AP;^-WZjs)RolDtvHE{?Lfm~(+$92>ERzg--a!*L_9`<;H) z;;86v0k+NQXDyD3{=b3!>h!he$KvSDrAS-7wTq)9nI?zh3>KS|PO>-}9PQY4ag-!8 z4!a3tdwH{qqhjqaV2g=+6CArZD*9&uJ3mL?UmU#+*xe3S->Y35CCR*t-FC;;yxGN3 z!FQ5$MC`5Bcf2@S4taB8^wh9+ZLeY%M|%Mq;&2wM#qHwgWMK2Na3du3!Y+V7$S#gbS~Gynk8$lD)gik$Dygpm;Y^aGH}$->i=&dY8$j4t z9my_^N^&oPu$3gKGZ|1dIlDM2$$byPPG`v@*~L+@RCXk8g2(n3OLlQoEcFFpI7#BT zXUQ&(=J6Pr3Btk7l9xNXI9fo`Ng$lMO3*N%UycRaUO&M4vXk-ka|E)xWeXo?#6NYDe!BML}qw+Z79mp zLXc+S+Nfu%`S5p27TZ+`Ms!s|^D2YBsA`*8qDmBp-JmoeR%FCi6dfJ)^YqStHlc&S zIuV=mO#(@QBvT~nn{5q|GfjB9-kx#mT8M9eg^j)y^;MG0w#@8{WWqV#$+<{mp&&hA zu3fTBhGosht^0 z-V5+FN8UtZdgeRUwC20JqyCz($i%p9`;l&D*-vLnX81|Q~k4sGK4SaIU zu_>%hOe_R+Tnzim*5{g9QnucuANtu6C5Yn%>z}`1gx0dQHw8QdGmq2MJRC3CHwA2k zczX;PhHN$D-W0&=gPKjdvhppsb&*mfws0X0YyIJ-0A4v$u3c0iXArg#Ib7TnAazZ- zD%fR~rLcD-ghx|ByjIxW89@Fy*e;J@zliN>3QgPt{K1%GQ?Pdi(8L?qK8Rtzh;e6t z6opsB^m9)ZvFye(B)hH*buQSyu+<6nVrs!jZFvk86DU|yt06k>VCLd^OM-$MGn5&# zCq#Q=3umwuA12tHiX8~?(iqa|_?enF3BgNUUEHb6{9{n@*u;Ay-l?Tsith%jkHhJTlGYhXFQrY~ zRDm+f(dbYXE#K0P2IUk-6Tc+MeWXBa`@;R7pxhMGblQzc8;WdqwX=-&%~N2!8ncX) zlCnDbtS`a%*|DUkq{l7T!(){!L(|8mr6A8OY8@S0!K=lP=W-sm}lSj?WwdyQ6=4b47I9fyt!n-+%5A__LCzUcz_9>jQ*8#X{4xC{PJ!tN(Pye|l|9qII>Wh}Fob_i;^ zH9|SQMC~j{FL7$;B(|F?NlNlA5T0-(hK!fM1%7L3>S+XA=6`#%q;j-#1&GanY1H$I&EUi|OoK(C6!Y9>PI@u%r2}1q} zS-Erb%HgQifSsNMbQW2HPO1^*e81w@6*&Fd8@uHFikz|N5Q+CI^0>@-zvAIYYZ=qq z#(H@XJ6+GI8^2%iY=DNn_bYw`$=$#ob)0ae5&9GN@C z?^pbl7+hCJs9|yY#>Cx#^}!}@OuQ6x4tZnZyO;r~21SNZ-o(}=V7?LPs^7Fo^I(=4 zguz=hzk`{9AiB3`E{0$kws0MjRmi?Yb1lS|#*mJ8ircqn-VSV2jGJqykE>iTt#8rX z0Kpc(?`2aY6Y3(~qA9DBY1W&}Ee+qIS-R5B^Y|7`sg?w5?_*LU(gI9LzoO-U1|s>O zMBh?t#zQa>TlhI$YlbZ-(OVxDK)M)P_$?5#gRo4)#(jlQnrTRZMJ2}+KE5hm@hmwm z{~;hnpadn$3#cXcmQe{eMl1}d7i_{L6}T>f8uL12Z(|EL?Si-owxHyEox^+s@o(4! zG7RZ}U22!fJJYxD0ZXq(1xr6o4CrSN3}Q`z(fG?efQOiJO)1#U*|8GsJR z(dL)#kOtx70IhP`O+En1g}XUUBXR-TNAE4uud!)z&}SFenVt$cLR zqpLAoOX)PD-SV-u`1cJ={z$WFT2y2&K{DXi#wLiNds?yO`v`2>0PE`TvIL)?_()*; zIJ`k(eyU{XKtM|!%vXV$<=6$~*n;vSg~K8{2OQIe+KMa@gznr-MADs4o!!y580o4c zlj&!WD{ZpnIKBPXiRhUq3Q~2+E+4OBGn4p{hB`0_h4xm6Y1D+8=|)KUit-8i($^Lc z?}jbxLug-YLHT5b20%PIhP2qK1fQw6nF;VkX z><)(yqZcw9mfP1XhED^0%@HJXNhvL0a?Pcfg7lNfy&S$#`7uRbo)kBNW2F|05U-6b z9K$5Ec`O&CHKbi)#7rVQkY>wQYW0r*wztElC-^GG4+M6k!)GVvPmu~<1L#5r=Qa<$ z31L2z?f}OeMr~~#*NQgXd7g-*E5}Ls^~KV~xKhxIBO*(Gg_5#mu&HP!4yTSRm0$?v zK}sz@DVCXLi#4#kI7#yvmu7z=%ZNw^Rld0s?W8GIBhL$U1sDr*jJzbs8X&8k5iRdm zq`)qMbRD+v44T)EMU=lT&_;+Kk0GfF|8RXz%X=#b+Z{=KlyRc`pVH`=ogIMF$h;(> z*-#HY7T+oWwQ%r7bVJ*mJzEO<037BBQb6-Tk|Q(FHpk+Q8{T)Qpq9jCykRF+pD~U% z>u7u|V^R6?RN;xIpe{%c%sv#Bzm?KVnOmWCKa<=54I^sG*cLNh0s4+(TtmYtv2m|H z&vQ2we+1!AM_PoCCD|+PLaKllEwE`?7a?TxZ@Wx(>Roj3g@-dpxh`d51lbSMOb?Qw-P z7lb1mX?!dAq9l7Zdly_Wr-5)bNx#t*Ie{y=w^)W*CEM$TBCEwno{^G zGb%G0;9icP3D^^4ap@pnM-XRuYf~vX!xr@#$j^x}L%JngYza32+~^1_)Zk%t!JY$~ z=YYQ97$tByctjaj85vBZCcXt@M>gvUWxWx?CcY4gM$-b@aK>0(+C0Q1*T$wLlMXgS z+br+RE1CsOZL;^}mGL78qQdWpc%(HxX&4|O@j|5b%BJxnMUR0aM^WSKyF&9Quf;>vWz zgK)#LJ1UzbQ*kC%g0T7QvMk$Ol}(Zvf!$cgmd0P)Q}J;;dJY73C~?V(;{6qumld51 z?A#dFOSVcH?islSgpDyt57FYWo{<-UZH;l?$V89yJqSBVVksDgY*Exn_quay=YeoVwk2ui(nQiMF5A#> z-u4`LZj6xjZ802--#82h;|n;8mg7uT7rV0Zd2V{f+V}+Yi9C^&Kv0G)oWMphkg~e= z+;n${d&E#R=cZ$TO^R_dmHLN@zMh-Tgy1m1$7ECF+>}@0a&9@ci!g;Qb4h&h?DyDJd2V6!1MC9Gz8Syv#=holGa zL5_1J%vp}T0zuAH;By^kJ3{sfgT2tW43d)^P7RCOD-gE;dkEWK3rIb?7aHavs-a%H z1X_gd3Iq!+DZ=ky#}%PuDQPBk&xtWK6HZg4nQ-Q7yJOrB-VL0;-Vd&q0qPx8`H@jTio4!o<*>b82mB7lkrpgY zN-Allo@D1^#5AkOjxCgh0Wa5hr086a#5O19J^j9YihyZqn!uo^j7F{ zBCcgnYhKZTU_XjPa5K?C`TTRotdag$j^5Y>3=wC<*7-1`^HW-H;=+S5i7s$7&T(PJ z6-Y>3C>vE2oo7!x%EpQZO!5y{5Kq`|BrZv(D?9OPJ{^{0FZS@Ff})-<7muSO4iBE6 zZR|M83eZRHVm5l4>0rBZKjjZwr2MdmM_TEV^s_D#7Y08jBtB00;`!DRAE%@xIc13- zr(6pY4`DMq*j`>nNR#E`lr0WG=Rr^$sZ-tKlvLl9rEVCt8r3~c*#YioV${_X)uSCc zIinAwNZQ4GC=}{-YWgzAK?7LIb?lRj>mZhES!~4ZiJS?E-dLc?NwbkYT@~$fl8^g} z2~#VVC7?^0;z#kav~=sN+8xkK8o)_;C_V0i=}f!U7~!?QKWnI){`BUu6j!)$Vatht$08#BQ3kO%62A?T1$*#C@ zOm6(Lkeh+LJ&W9HXH2p7mVi?8LhCahF49j!OXx557J%F(i#(C`>S7DZo99WIyaaJL zILYxT`C@k}#kc^No(b!jwkkJLaXq_drnHkw>7gu&j2GHcG$q#T$8k#8HLE8MT^AMBL!X!?No%2_ z*20bw6Lh%PuR^K0HV`#WE@bFcha%QJEL{pqYNV|i8C`0EMZOUuMh?v}B3BEt+JIc$ z@)h-Xat-JvTHpv^uSJP+;XV~oEM>Ttk!N zF}y6dl>RS^%X-Tpz7=eUw~Uypo4RzmBwvRDs%34gFSX`& zw&dmrXU|q9*cki54;_S<&Id7vIXX}EDPMOn!M-u&)2BhDZTys$}f7;lW7 z`)`M_JPs?V*SKD?bnMd1h3KsPKz&;jmOn*4eE8jdeCJeKoVHzMrU$`5&s% z*UD@~I>!!|wtlsN&0nUcKF-7=Kmt)^-N(I@~_{%Y*=9iAHv;2sGTQ-ZY>J)n(i#r zFQunVp?)bn&lK`Y>3Ox=*W{D&d9^##T;D2QWUk$}u<=!Psk3%fhRK+>VekWN;YPN@ zCY05lpwN#H{~1H(;RM&UI#cILT>8N#s(PYdCi(*_W$Z?}Fg8Psk!OZsw-*(jfGxw2 zUcaq9xROtT8`U19A1PJsS)x6I+N-fU%V{%YwTD#l0dQTEt$kpU+})r&Nd;!jFr?oD z)MWbWyV5krM{ABh1?Oj{AwE+rP+v|GlGv$af+@h5GH_j|=tN!JicBH-kSd z)NclVR(R%%(X!VvfH5zyVZkU5$TXxpH9$gE5S`Q`sU(#0pr`rD) z?EhEz?>GQEJt%t2uEV@=mQVss{SNeWih9hg#lPLxLz?tyBPi=JA4j*IGivTv*iER_%Lu>fJM zqaH`s{L&dZW^g|!OW!SZDK){|#@Ax&qzXG;8()j9m#QVxQhP17d8!gbtVv&unKHJp z%T7cmQC8eqZ=^9pAs-)OMou;w3ZY4=>+o4nmKrPWrgSpRQtXbWN`IPDcGFbXJ_);* zvPm-6VRy4*tF?ZL4~4#Y3fK$8#W}@?D9*NEJ^}V!jQbZxM|wu`uR;A|^No!6jO+%i zdyM-=CMZerH6DbiBr#uxA)C3zsop$^vqdr4OLrAWXHtdEtBU5p-WDY}xB-NXBqes0 zWN(X-Vt5gRt<_nY<7MM}5O!8)$$q7V)o04C#g!^-T0PQW*eE2xaWqKNtFa74#b`c< zUGFs?8J%;Q&w(&@C=HH=`JCpn8uGJZ%*eT=Yd&Yra%E>i@ZG@5hGXJx{+ z&4(oOF?L@#b_yCnv28x{nA_BKI6SbabBf#M(+z5-1+b1W?$^9+K4N4P2;*aty*O{1 zj~H11Y;lbHMr`wue4PctB_uIlhM}bSEJ-qFn~$XX7)UQtg(a&hngiQ>B=Ju{_@1Q1 zu99r?5laQA#4>Duv1FT%Sn32qUy^by+2+IQGZR6W7L&Bquu*u;hqml+GPh_Gs5*qq zm!U$#2YW-vA)fruWH>nieScymxZ(fNj7-OzHzWUF%`Ei1=~cupNoYp;Hkb=U!~MMQ z-;9y_(M(rtfx*1ymmA~Bi=Efp3A^`U3;X;EN)z(pdCiLuZ;c@{Fv0D-<||;o#CZ0+ zhVMJH6Ahi$kY^eq@iy4PJqa`9<~4koqMO%DPPBDi(;ZYZ4ZC?xn;|!^*)LJhd5t7@ z1}K+Pfmt&Q{jYh=BjCL3G{gwivgS2n=UYem8HWB>iz;F1U{eh-Lba?GC3bp)G=N0r#4GVM8I+ahmDp56j8HAB>cvhskou6woY+#+mjs#v zAzq5jUEXgGMnI`9BB*UCAh}kcMSgKembn15t9<2zot?@{Aid`k+f$!X`}HKrv!uep z(bmasD@d~?x&Dq{Yh-_S##H?uYyTgy|9q2X$1d1q^>@79*!wp4d(I9Zet$QCQhBAQ zT%sSYYIsnO4RA`sgL~YLu`AW}*$>!)8263XNw4HFO1k%g^cYp>ysBsp?4(x`{|5-4l9bq0lAZL5rClHtpd$Zb$xeF3QcDmzk(6u6 zPI_5=W;6(U#UyPoY!o$+oq(Sl3(~ZeG@q;Q@|us_!j;o}E`zc4G+2g9;W^FcKFA-B zG1HU;*L-e19o}e8ZSx`1e1Y9}RB4^C(R{8<*tYqQWXd<<(7~o`wPu@77wDT_!1@yx z=M=ZiXFl~O13Mtb{hGJUM~oZ~!s?im-F(EzI$$@(xNpQZAIaC_AiP8p^JN%Hn$LMj z=4|tkbbkVA7ggxIs%Q>u^O3~sqkdXq^Xw|gHXpGx0EE#buJ9GvYc-8x+IT(YtZz62T_hG z&Wz(`q8KsfI5~vKxBbNMv2!8H8NTvOEfa3aL1Fl!&W2XYPUdPt<=c)lKzOS*2rE_ zDXg8Sk-bZrB66xmrWWTtg+~!IGQGSVkV`Z&qkd0B)@x)xac6@@_RnWaxKkrD3w}pB z4`^hT`1Y7a4v6-Efv2>-24=tO}^AN9SrT9d_KJ3_ezACeY1 zB3nyc9+DF5P^XrZ9A&7AlFdQzj9GG6(0g!3BGN|;&iDG`!37dYD^e(tNFzlODbh%> zL`pSMQzCUWqC-iAMoI-~sF7L{X{wRBMI4sfYNV`$&AW4uUIa(AP(P5&><*8ma; z%N}pbObM5FzHt~sr~vw`37ueSaviDUF`GXl3^n|YIN6C%l1af;_f}JjWmlD@>v!B6 zO(jR{BdZ~33a5zc=VqrM#iS`T)xK&22|U=X)1iu=cXs8l^Ym&MasA7`HC(8K!pF1n z=2<9FLVHJ$*UUAw} zoVJ(t4yS#*(@x4$P5kOi@ZKkFa0y47!%9s`28aT;{{~sN?cAyuTM7;Dtw4xC$TcmD}(!Nf{2`(+f}bbf2FN*y4zDAINkm7~ z5yK^-gXoA66460)#7K#BR%@dq(pw{=B{E1OV#9k-arCULyNwq)H+a zG_sFGCTe7&L?&ruxeV9EnWR$UKQm*T|s~nW2%xB(k3l zy(5mT$-#Ln3Q~F+y(%nsoe;tSLvA$i(piyPAv%bpp7#j zl+#-ijAV-#eO1llA=2=AnN4W;Y8i7ie1pfi-Q(OLoU6o-(Y1B3l#}QmU{X?Pg46Rc z{ZdS+!E?45jM*b!PHWbfMe_~|#`Kq1T3sD8Adk9>O2-Tpr7EX1tR@eiz$y)wSY(w( zj ze&19H3;RxrS<)vfDw7XA$}nY}T4J^>H8(}kKZ{FN|Uie^Bn zxHCcKPO~DJlKi|VZEMUCVev3hq}}M5>zJpty{V07P4PSud(TKY|OlO*Kb14$#jHw@+R5zbMdmwMtFyB_4sizFXx@V32s~G z2{H?MA{&x!y>!ol(k~&GqioM2xgKOA#U;EfW)HGGYo@6FlGNgWb~VSd!lP&xWKqPc zWzt*l%8>LHl>P$D(pp1qgIy35?%0@HN00rn6Km6vH09D+jXkaAK?p~3{Y@pOi$ud` zB;j$D(lGZp4h{AysJv{u#BmKO&yTH*Yb+em9oIzU(%{Da92Rc{$uKP~uCZ?k^=l`U zRxhuG-sq)Pr&oBGHc@w;kcPAoPIA?GX$RqU?E`srjy zTa?bg^Z6Gkj_ZlbLBgHYJvo$LFvJ7aUs0X*Ik43N8>}%g5$FUOr zsf4zUzz{Mq#bsh+Cs6+PH+oaIcork11ZjKce-_Qyz zl>rndbtcVld5OTPcfG~^% zN}`A_Z%A|9BopE3H0+C0+*it;U>jj)WFJNQ>_(*#yOT3p_G{2RMG?P@mgZB}QFKH* z?w4Sn{sDqE63oaxiVE9P^CsDAxUwTTFF*okuur#njT9B|bzKYRVHZWGGx#=kE8u*v z*X+Wte#u&Ft(sor3TUD*@RPk=Y?W|I_WDufJPFs3ea2s}tvayAbN|JJef?3@s?s4_ z@EQ%27DoLOi}+{0g5EFKLVBg`2(w|}YfzAQHz$Y35@?lS3;zv{E?8EbQsUr_fVw-l znDVOA<&qH!g?`BjaYfY~rSE@aBc)Xz<*$ANFQ*k>bkVu$lLB)p%t-dK3PLC6>8c$? z4*8f3Y?}0l-oWV`Arywzn7*obnbYZpXi##&SzajY# zw(wV$0?8KtQt?`^SlIg=__US18an1$~WDcFo~+K6`v05z!=ws?N)++ zBL$lJ6;@XOKRxD{iA+N|-xiR{hHI_`emgn&)R1(P^IgJu7WnJcalS959cI&f1^nMJ z$0qYbEy9w^0&q&PNir7xu_j^3|89Uf<-k8B4vYdc-oeeNR`sjE2S9ol5h-xyS_kB+ zKWjp3#0!l|n-mtX<}|XeTGYtouud60)_gwH@LT3HO`9rtxKWLdDWTzp;!wu4`W!uq z*;`_p%Ns!5MxLn0qs&I0Zg4zwY~)!#@_fU!L|!wau^wA>Us+>G;Umb@=1X`Mac`N3=R@M+ptu0|Gz>~8G+8-;cr)8}J z<3`77!*-*DUY76(z~>y{EsSKA(9aS+0QiL?uuWP*e@oZ}uwYx9SGFxn7+?ua0k(?? zdNfH*RSnUa>i`uq9E7TvWIQXwOazN~{}sR^9f3MFnGu$73c&NS37X6(Bclvkg1Hrh zyGZKxD-0;Ury5|^%uB$w#kjhmq_H09-yr;_I?_0gRPSxv;DSw3@-2<`Nc}(vojWQ%B`;*)kq5q$^j=Nx>B z=Sj&s7!I*%#%1l3J8Nk_eUO_+o#_MCz?f4J9)2mXt8(x|J$w_e%{lmC9{vun z4|DLtJ$whST{-v>9$x=lpAr#=u(U;43|R0I*>W*Uov3 z;$|A;vxsphv)$d97F!DWsu7qYIeXg02g7^@u?;KNXdS&yq$ISl_*PO9wj&hkld8u~;Yd{v$*6eQ{X$lB) z9LX!ion9MR4#HWEBx%aQqLmVcGI@}p{YJ3vcTCB#$4q<7Enxl2FOp313#;vs_5xv=BYD}b>yeg#aFQcA7wsv)T`l>zfKI=vnuLV` zeq@_lu-k}D9IzcqTQzH*g?t+^I9S?wRgClPWII@ z7!2{=F(l)RVT;u_Jyz|Z=bW7J9t_e^j>uZKoc;-CE$}O|IC@^7=cZG_Je~*#i?Ib& zQ^R7;iqla=q=IRoUKTOsk@9DRr93?@4btqp0`Ex;Du z_#41|sZjNUmhEzgPmLjSHSvame---G{!=LD0Ji}*cY^+qQ@NWeDN*@FP12ls3%h?h zk~b*+$0Pj?LLQtJzjR?DC6>Zel3WuITE!%r5-#16C+-XcHr(Or{1;(`jJj&ANZBNr z!?0US_NFAOUxpQO;H)x|c+Hd?@MM`w95qPuD6oZHCsjHD<(yU6jZ>1Ec@-*eQEf9* z&JZJiC)IwQ-Bb<`lu&c@c+)nVzqpU2tW z;Psv>!9RmKXS1X(Owza^Y{a90KX|u<&e7ZVjcgBGY_@-7ncH zT@IPIEU3CGl+!Yq;FW$B1og0qKQ`TaHC?$D)EQXM9Q;AA53d5YZw~&L;xf=J1hzB> zf6Bwp0d{$e8}Hon*`${Y?*-wZm}Fb|^Xg={1@djgE@xTl5%8kLzJdHlhiRd{oRm;l zj4GjB&lgTcvSX8BU z$7F5IrwE)LAVtsDiJGu9qz~p768EC1AWcEyP+fT31Y0QlNu>A*U!x{>m$HtuTZ#r- zKdPX&Z>$@rkHam-(lAE?JU%95`Pf~i%hGwnM($6M@9*fH$@_KXSY z`KeMAQB_)8kBe8>Q^A}`c0Hyn-Dq@dx&~ci%Qwq_ofPBV*;#Z(IwDDi<10b9i6qH` z^j}*w$#c|{QOzLDG`9)#&uBMos;_;ION}h6V6_0W`W=k@PJ`1~Ctjs&S2f(; z5*`BhOg5pj6kl&8NajBRL6v3d77b2G@0l7V%%Q0g5=w1!SW0@#wl+FEC0*ty8y%r& zRq7oxXYtG+8kwrc>R)K#Q3@YpqoXx?iH(lY=mV+Kv`y@pio4vmW6{`HRKtnJ#iG2o zt)1~HImvr3^$)SbTo^W}r_k7?{`9~M(iBQ3u`vB?>9`;9q8@BR81OrZT~I6dH&hq# zcv#LRuZ4UhgP=AA*g7Tz*NQOxLZM)9LD>ujI5s9^^$JUL>4rxwJ6&NP0p_tW+Z!~a z75WJ2*}yKV4u4SbJAgfyjZ4oSeX2O?{0-nAWOMW|HlZ9=KLY#H;mLF$iWIN&1FnQ& zlQOYAKpllTLfj{Yw6Uw{3dP3*n;7F(wNjyjAU+}oYNF6d5T6}GexY^N-U1#ECvv6Us@Spd$D!K^V?2hz5- zQL+`A2eErPCT9(#=St4wb|>VIW1#!v{v&Ccm7#Le%2s^;)$4B>9r!V~H3S|+cD zM+fW4K!C$zLVS2!t%t`?NW#nlct}i8FV#Y4ZLnq)z*AyEUdU**HAD;3#ghogH{g#F`=8Y%eIccC3MfOPLhsb2{?xTor zqRT|5VeHM=@bePhihUIE&1sp4@2A6~93!}A7!P+yxCQo^i2EoybvVQIMZ$0tT_W-; zM8a?;>NAq}>`{XIP7%&T14dE8aGPi-!Wr2|(EvfKAi+BaCQ-g%H22?*;eP2@?p1!R zSWrIqQN&wwGSQ4q-0$0qmQ})iB$7dw=bDp zu#X~MF3Log{)=Ir=4YaYT^Qztz)Zx;oEhOn5wE=B0RikY63#@tJeY}iSuGO{$3C)> zhbP;HxlillnVbooEAbf>rt+k{VR)abz2xEJ{to&%fx6db zWC9^JV^!Ga@>d;~!zn%al^FNV?}!Hn$T5G3j0AhwD26iRQ=e-M?K z<~5j1bmvSO)#r1RCs&G1WLuq+Ogeihf$p{5<#w zwL4zRFeOpMm%FCBwJK>0P6VH(b`v!68L8YZNrryM}jAZpoVpP)`q9<0VxW<1VmToj@ zvJ=mj`^#HrL3*2XxtM%Syr#l%awJ7Dt?(=2FpbW2CIl9>iH-D`9BQ59)FpMr8|eKB z)W6Q@3$EtBa;ZP*)Vj#Lj!E_e@f6PCO|a8PO(PSi-w!G<;Dh z2UmT{YEqs)JQ78>;XsO_tEHLqm1k+bq%9L&_$tMGXTfxfq<`d!a#r^1SH=hf_o5z7<-Hc|1u3&JhFet^i zFqa1>#TXY5PX8$2^m!Ch&?cINa7OkR97w5$>qeRAFo>h*!^IG^5y6@RDK1>V{rQ+o zW(3SckBKd6V$i`J&-)(@B~FPl(TNCVqE;s`A&T+*KlUgHNYX2Wa`Ue^C zuVDB)*)tqPpU{olg+6}?1?OWfk%>M=I1`NprA@RuEJm_VZxf;l+OMQ|IriyqA&%s- zUYgf#qUf1bkfwLh1__zy(bcp>aVDZ-#)kQ&XLR2uQc1r0%x{CYksu!UgE-A^XlJ5b zk}yBC-A2TjhzVtE_&dlm5kEnliTbbMel+$`M0uK@er_W{6xt~auLLoYeR_jfSHWs# zWs?YgLokXSXD;|jddzFYXI=z~B7Uniy{%`P#lTUp1EzEQQN&L(W+HxMG9zKMOw>|( zp0IyeO7RHU^FxkpB7U?ml6{(AXUs@2BRV)P&VeRB5{M)hA$T)_Z3Js0Q~EvlfG*$6 zWglS5vB~ipzd*MDO+WZXJ$V5EAG7%q!$VB`~TPAuAdyGq8gUE|*nTQt^BiZ9J zJ&o`JW181!GZ8P~u9xnV*J5V?9ESh*^}=>nVUv=Hc=0!icr7B$D{gHhn2C644liNA zKFtdcnDzZg0nbU&Jk`oXJRL*Rq=09NX#5D`;KsMw8e%7*GY~Q=YXsTpGM;w63NQV^ z@0brHx(A}WcI{drv}>=&#f&pV{w0FljfT72fbpe{s!v3i>hfFhp>StG1{?gTof9yF z86*~OLuiF+-i?;Aa^(qXax)^kR-9=zGNZU2xgaz_cpP>$nT6TNkp%ca);_0EAHJF{Ja-f-Eg$wz z@a&Ip_OF4|v$Ftp4i9P{SlJaC;kmQ=a8eMSJ0!!jI^bQEhuWdFRJqlfEw{&$( z#0!xf^(03gpMNZV*-5Lu`_L; zaUi}dC_Xm5o5rhxihk4L1nv6-5jE?&)W|KF5R#mdStkwPf0j&(HAxDMZP2Wn0effy zOM>!enlH2UTJg5m1QP10pu%xb$D4*7;^uN;wJqyzHH((DzQJLZTKUc@91sA)7qOH6 zqySLRlVtwBwf_v4aEG5+_ba5OqQ>KXAda$nnWTE!C=I;6kmekhIKGdrAdu*s+M7_T}S;f`J(^&`a1VIuyubA~%XD*me_lpEhiIo{(Y z4o{D{akH-Ar$^%-`a=1cb+>?rw^e!{8(j;DdM%w#tubX`BSrr7`{yYQE z(|c)`Ih)(!wBwGj+t@R4(}%}x>A0zUo2UM9Z^F-?#=rKCHwwI*18+@y;PD{Afp>Cz z;LQpu_$}1n!$%s8*7Fa#PN2vfyD8Fe6ctOgK_+t>W8ss zJW1)tw7MM7+6xb7*vJP>$MN&2zxsUrP|-MkDYZ?3%^}Z&Vmn@VIK$QsKbtzx=j#`1 zD)@!e_?NVWv%vhjZ=xO#taSy{NE@xm;_rC-&u|m&@H6YyKw2tluu)Ou9VuOv0?rn2kUflBZy8*aVvlco z=eJBJew7&A5paw?Z;@Aq z2`e4~<~jsPCtMnqXt%ZiljVa@DDC)7-T0UI!mr@Uk;u>HN<%0e)0>HMvVupbsrhuZ znuB6ZeoZ&lq&aGK<44SAA`<`V*??JhJfu=m*So4aCcyX28}Z`=oG8@ViBi7Y(@jcw zL#%s~E#-=5#aHvFB{vMLQF$#bbv+&X>?pAD?4@W11rV| zd#||D#hqYYG2k>!erDaeI4SD6q;k5l4XGB|hDK@EwIS6{r{pHWqYX-_#|;dRYHaETNdAg691Cf{~wS_g{;(>PB4z& zFK%06i!kXyPjBRfdoUb~+jcMBXAx8Rt|jR(dtK64;0k``IQ}I^`EgKi-M^H3t=V;A zPuuac$MG-8-W|RUn%knFv{St&Uu8`$2*&X{$p47lNc!s28+qX#3z7-yC+Rq>POL(=2&d&WusEr(@qh`cZ1YPZ`lujM*)c6tc$E6Nppu#10*y-R(2 zM(mwhoxQesjroOL+N18Tug#6aCG+eHq#eE)4YE>^mXVi`#kdA+e=Ham>FZslp zG)K)SdTkM|Y>-pydW5bMephu*3M) zC1Ce1_1ob!TLfl45(#T{0Hn@dsU&gkg3=Gf zk6EQ($v@5kE?*i1`*{YEW^pj2;`<>;jd`zp4ZfZZX?S~Vn*$0G=~|uBlT0~bb$XI% z&Kv}-X_dc^?LWiG)cQZw8ZMPY;r;o5G47PEmw$MF^kG=<;McnC50h;9nRRU;^;=I+ z(SCsi@i)N+&AN%;p=BL|<0@>jYCaEL*yX2yj`!>)XGZ)sxSNJZ0(#kjS3hu;m7E!2 zIS?(c9lt;x|2nx;w~LjD3j@AD5t_4uiVy12G|Cy#0}ySgQB2IIcqV!{6ML4~Hdf8R zxwwsvlvAX~E?YcMqg5JR(m*@#Q95p(T$`VK4bMFysNgrw;~$DberDYhaY|H^X6*vW zDZrztW@=U2I6i^iN8?q}f0S)b+2PratD95p^ps#wP;2uoL9iW(#J>?XVAkc;v$dEM zvRq=44@7yFnA-6(>+vrs=21|WP9Q1fXR?d=nWUKc(WLm7bk|E@0__7+*d3|*UbK#bw5HXN7`$4WUVz6+}e_PB_-9>1XAH{cBA^ooF(k^+DF1Z0_>bw!u}Bb zWtQNL>XpMz!IdnK!b`E6#txgqHv(M)j@**v+ht^?b^czl{|q8!Tt-R1?_OK2b1Bn8)ZxH%2dv!wX)v3GD~Qdkjx82+-x~-%FLr~ zlb&x?eh%F6p8};%@=8A%E*%c1D^bi>0%=!yX@72{MMcnX-lE-HH(HA~2H@-0;ZD`? zofw%ytt9v^zCC5yDlhHyNTE(!Sn(j%%;Al*2|tWnG#6l1Q)&u5>Pq)H^n+jz?nP{j zv!T9B_kUnGF5Vs(PhW@nB2qHr{TV=}btuX%G2y$Eb5F{gFY25hfV!Y_QgM{C@M}=X z{zMPC(^R`jIgvz>YtMNWudQk-frz6#iLV>Hc#1K>)p{EI7uMq9xsUO{&cs z___n&rOCqF)o?dtPxt$w8KgaUJ7S|$H0hXpLm50GP>2h?CYm`-V)Ew+lYwB-%*8U| zlN7Pra@@=;(nlkQj~?K`cE)99Q*$GS-!E-iCp$Bfz~CIdd|^C(tL5Znj`y|j*S#I1 z`N5Q`vCw40AJ|l5pW2ch}dU2i`-ld@I3CyVs{*YGjjM|N^z6rRJgI3U|7st z3X<1yhxuoby0r%<&1A&vUU1@P8FN78s8mULo{}BgPey{NWp4m0NEw zmx_T>5v8QB zL=Jya;`5kaMDwO11*Q_LT>5h7o$71*>Ex$6xmu}}ZUkZnCQ#S% z1gex34li>1;p?R7k_m(MrK_Z7DGQq{=8gDv`D5b_Qb?)2b?>5*m_z+F46@v}1Kd>yZ? zYO0;W-ResBK0SUEu`wW4>V*Ou~p`_-gKlhr)pZT(IdHT|;obb3N*i#B$s&@`**xckV|PYG37t zug63fQtIH3PY+^ws0G)DF?kPRqYAtZ9ryO&ab3@t|B5cWiqmf7QpTK)=Dck>)w4rB zzoeg0Z}%7B3rkt=3%cGV7y)LM^hL>+5$lYbqXuWHH#o(SMMZeP{$5pBDbnaLOWlB6 z5F6t%FgSmsvJOM^{rc0G5W^d1hc1}V+N!416yBh&bkDHq>;df``-sXrmf-rr*FTae!Q3Ne>oU1jDA}PLjXC)&mGn<$~xoE7G<5OVZ-Rp zQ&H#U=t7+PgN*D(%6FXg*MA?;1vh<=S|o$dQrmS6#LlEmbYP}rZOTMCpp00UNJS|B zACTcbooT3vgl2gr5}L&(5;v>x1z_nHkqb&L+Npf&3*JO;9m3OdrIRITnw>{pnp>aPww{Hu?QuQwv;j;*n^Ea?MskXKq~HX zPUB=UUKl40EoxOCQ05 zRZZC_d`eyEeir>8*n`Iq8{;z2h`o5=My%__Xa~}tkjatWov#`pRSj)}{CUhIZG%X? z;jd#@Z=jVrmCdk8<|CgDlf2TZf~E0reHY3`Qy{I+$nFlOC9f+~nq=k_rSEy1yj~SA zRh(Nhy-6&qunX43QIz96h#v+RSr>f6>!zxy5(+2OmF{!s2f-fvC1PWopH%*bV6Ofb zVw^wVhs*dmn<|uwLg50x%YGSi5F6ucRK{{lQuFkhuphCWZNSJZ@#y_Z;lIJ1 zE*1VmO22P$XVaO;&f&G*__oPrNnOR+<;KXoUOqg3{1?Afa>p@>5VK5pY_ z*_}vTBWdw12PBNLAG9ZvQt8bEW`D`fA+?1RQ|@*4mt_RNET12eIY7Sh`C23ZRh`6TmDk^f#f*f~EZ~kzMU3o-l)YFo7LvW@k}>K9IlZmiBY;vLa_fN6 z;9w7a4Y7<+q(k!f5`55Z7T;r@6|+d;M!y(bV}2zHDIs-SM^woOHAy<=q!_0(I;-Fd z0eQ2@tMc#MF=)nQK-5t*m4N!7jQ%u3tuKKKs&j?Pf{WHd?7{1nXx;LA_SBH>_&s}x ze3sVCnD5!O@>yClW4>=sl)B|wD|hkhvFQ~h>7a?j9(*5S84iDXg>hHHVY^+pe>y!w zw|hUv=*xk;^Hm}C;5T$$vRarOPej^Z1=1FKY5#jj+Al!=%wFoZsnttMU!x6-jnb9> z8l9>7t6OhvR$0KhVJ-bV8k2(u|52t(%cKkFE4ezXRW~q)P(C9;=u5af!1!S9TB_c& z-}XmpQ?SV96kZ6DIU7)X1ySNkhw+QRAAp}{4nG#5XTt79;% zYD!6=3eh@Ls2h856=GwYjkx;f(3nOl<4Rq|+o_CVN=0F>y3)Nb8QzH47-u66M_-sf z8c4^qi}d#31Bm4jx%sbhqzjurivw^F>--Qu+~#ZX%HweKL3*p2vQc#DWzjqb zI1U&}rahZt^@Ccl@bbMl_5rzAO7>4Urm)oMzZ2H! zzoT_}W%y!&@-EV`A9Q%+?8?@#>h16U*d6Tq`tXDp?+zv>5 z1u34xKSLs9LFmrUrda(T7eW*gjsFjFIr-&kK$5875^6%$;N&0S!Z6AjTp~>gs)52> zB(K7MDP=DG6a7T-XchkL9{7K8=Uj;&9t@hL@ke+g<)YArYbX9oDYaGj4dlBOcg~&o z@$y+4DG7!5;QAr_mr^3D5JrLZDcm{V!4D_*+kJ1K-S^JlhyGX_DJzAa}R>0oY}V9ju*rkRLOU%D@FS1^LG&&;{p$F{FQwJo<4*B=j=G8 zKFJZ3fr2(UPVq~Yz=f~86*J>V>b!y<7J5r=SIwbzNxSDq6W>LEEvC9C%&YYK>KnJ! zi1kW{aiQQBFH+&)7ucr(t7h?40W|i7&R%2%SAgFCHhg&y4-is#h9~oFcDZ~8$NAbm zeD63=wGZa|5X)e`>u*ZHJ$oAtJqx6Tslve?d`73;$!XFC#Kt&3@%#6|61W60&K0^avIGK!QF02ms4Lyi zq#p!(@K(geI6oEE4Z3^_Vw}72!)3gJ!mMISMd3^8O7~2xxY~pNjMx}wLm9dKZ@~JO zK)SmqF@ilfewl(IL55tHJS1bI&eTI3!QSOwYpm;((f%V=&2x_e&`Xd}2fyhx!Qx2k zDA*ks{1TPH9z29}%$?4*8fa$0DycR~hh0`t!DM1vtoZ!qqd4>;(1f{O(U0mTkXFx% z&v)*#te*waVstpzgMZX%rEwq?&GFYoX1yO-plDi^A3{BotNpG{^zzO{EaRUxEU*Re zV^C|}m{P6Ti_{)F=9>*DDThiM|MtjQD$G-B-Vv#h&+wN12x;F$FCW4Wk3I=Bi1KbL zYnn5IW@howLJx}wmUw8UhgFhCQ?(Qx$MtFamr_}!@1mbU`uP-otlT%R!J+qbr@{es zwFjpxSDloaI1%VxYs}G%IZIiq1c5#UB3OY`Ivi5BaNdRUk^{Tj%3eQNDe<17s7I!O zipZ{?AbsXL|7QY;7$G;^W%>cwy~ zp=!Nc3yHVF?~<=n7a*3$Tr1U;(bYKgGLY8C!|gh)4?5_G;KE0*gZM+N^E`eStDa)vv79=()pCJ8nFx|t&mp!0%>mur1hb6lTJ$-Dl?2zDWUQ( z(hUa{&`$^|pdSw^AGibue+6pR^3WbUscV+wgY{UANE=z{_uMxVV~FJ*>9mD^y#fAF z#5(2pVF;3q#y70J7E=}q+trosUq?R(_TUYOjd6Zr@j2Jv6d1%f`|-nNkbMv+jFMCM zu)5N{&vZYH*cj)h!hR+!>tVz=-^UM^;j6%3wHFXawKh@~3eVvBpZG7O9Hn2Q*u`J? z5WnJ|e06IN&b%bRu|di$R`g>Nh~qeiJF!F~kf+hhvpblFNAI>Gh0_nuQ#73Qo5{=N zI>j5A8)p5V$&)0PhmG(6GTn(noKND%>kD{Xzm+xKVI@{Fyz$O5$?&L33XkCW1pZ4Y zd+9sr=Y#mM3XcFhPvXvb7C&B*)<#N9;WVy)#D6IzvI^T*qQSLDJ_SFVoKS#oemDo|_<^jHoWd7yeF*=hl-eqI`6Z6!pOfkqJ0MppzYPvI zT0rL+c|JHqTtdg~kq?gTGxxrX$+YX)^S8Ml%a}svAd#+Q70kk&4k(m^J-Ej!e=wt( z&OnMB{_1T!Zth^lCRzT&x5@JF$(Ymtw1^yjMnxRahM<2op_&D{-KO2 zI%=4FU{>y(Nc;`m3glX0nH==( zd9{5Rv7C7t_vDlNWlwI+D3?_q-7kA`TLvE-iJt6V*wMY)a`$J%=$OXH;m1{q0~u53 zGy__*AhWzNBk#^TR&Ad3p*_Ljto9}1JLx}e^$Te zF5Q_?@E<^o$l<5dvWv~n(sV`AI26^bA7ZaroK`5le*Hq&sZaCLA{)x80#`L zJr^;~RQz~_S;dr!!fJJ;d%uj!5gX%dRK|TbTh^6`apL&lGRVxZiYXO^gX&86ei?5^ zY>cy^jCa^o32@yHJ7bO@+W7*0xFE6$0zIQV6n?C(bnln=G-6|%pZF4;)uqGL5qW11 zj=fY(NZ25-XR^_*{rrI=neUXLts&0YrJf8ue`%e8LzgNJTX1h#%}4;D4U)YPCRPNOoe9$4NaR0)Ve#_mF z!KW=o4&SdTxlvd0I~CEUBQ#~-tRt}2u8@v4{Vny%UZ>zmq!NH9b&kSZyw{;r-N61s zY>e`g3RA4p;wxA>X~3C&O)zcYOJFYTle^~461e7?SZs@#Ww`g7Sf5hH&eR(_~H8KV30t?l$^qc)s^o3ia(9m z80F`Rb=rRmr1dL45lmaS5*44Mbic)qSFu%1sVL-bkXO3*ErvqG#wZ)rSMaU>rnfTO zpsx1dWk{1lPwtA0HN^2LZ7v;Hnh2CRpo)jFgjl8>I{bl_eaXyAGB!(baXayMO8jnw%)KI-*m4r0C50p*(L zO(i17C~kqrTG~5BaeTr^iIqW_a_Q{Xt8t@4iMp`|TM-*56VRbEWbX*11)Jkw4<0qr z=1{ylE@K__hWr7!Imr8!K;A25R^a$|jl5V!@LNpx2hu|O=71UT%ffAv^}G_P_3EMH zbmt?L4v%?b@VjtcInm=j9btV!PsX{wkcY-Phg;={{8Ap_>Kwj$pDuDh-FyZG%0$n~ z!;=7bPb^-m63GO=isWe=v%Dm~4kh`|2!F5MIefjB0A3spvWyoa*>n&TK@*5i=L+Xs z?)US6$K}6|SZ~~XO#N)6HjHbZi;SbA93zMCJHY7jOXTy>Wf|2hD}FG-pTmqC{@{Vv zQ|zaaP`-I6qE;||Na+g?%j0b$hX)S?3OE*-B&&u-=6C-(Dhojt^~1xSL?p-?K(1C?LH(TzTbf^D&zZK}p-H{1WAvz>GxUeH>x$ln@$$8=5?GGgV zU}T!4<=Yi-KBU2bxnhJ|I*a;;f$n5@sQUL{cfgn=nzu&EB@#&!1LsoLbwM{K2~$Yt zUXQOw0k_~Mn~EnswVrO=*F_4cAyp)Xw?zu+&|~?cNxqN|+k+2R1|P1Hqb!qM9htxf zfEH65DZHC%RpC2c51vG9j2eX2#U}A}Yitf*H^oZ%x;9peD{02DdcOJmf!J02W@D^{ zudcO)PT+SZMWTN~gbvN>26jS&8upzG2L-1|k(CNg))qS9-_43dS0bej8ss?eC77QK z1_|h_$VQ1az{M@|sDxLX=xu=#e&qG@v2Y1mEWF~dOd-8lqW9k%gRx_una9|-jHNnW za-z=!>Nx84(rOI#QZn}#B7JI=1VeF5Fbk~=%Cv>Pn&6&xqAT#ALy1>z9b%bi6!feu z^Z^F%1qyspHUy4;eX3X!SJ6^U6W;e-xFPf?WdhpVTt|8Pn*LkRwFlgqQ>dqeD%_{8ST2Lu7?nXxy8ze7;jQpI(Anj;1~N2z8QzCj#=5-_HlCbX z?NrI8LG61N@_spx_bsYkd+$b5+?3*Z$+PP#*GdWJ$5^Fd#KNv-5#))NU~Gx_M6Bo z+3g|QV7G^LgkraM>rRK+?GZZ#yS>j&#cn@t8|?NI8VpL$rq5ffM8kDBu5RqXtApL~ zSZmTQk*Es2nm(?Ppu9c!VXjK7&MKyy6z*16x_<-xAlQQ+LTrq(fpD$D_pZSD7kYRQ zKU@Y)QCP*4ioywXrF-84_)EmbI2)DmKTyN|3o*_g@WW-$be2_2sVEd)DX(I3KYw%0{@jm%iPB4|}XYq_Yk`T+9clm}*K$A)&5x@B8Jt5i7G1 zI^K(7ZliSX!jD%*0DhF5!WY$*?n~(h0sEv78>9TxrfQw`7lE{X#V-WY7SP8jblB(N z@BSUOoJ?_F;I(qVmN)R^iu*#H^eVjgh6c*!{!d{68U}aTZSwhya(y4YZ9C)f?{jEw z6TJVhiZ&7&^eG!U2ng5PH``kV;LCWL8yFOdwcdNn z{Y4I8v~zg7ms^j+_GZidrJBpVk#ZE!mppV>?m_oBx*?(Y!KD&9zf;h>PeJqj3Ys7H zpy@&HQwn;A6hIkz-wpwfz73+o$JC8I_`Fx^`-|kR;|*2;eJn%=-jX-=Uv3OU!wTJXp+qgZrz0CCvEzf$g0M z4BTyOHj?*DV$yz>%8nfVv>eE<;=z~lRxN2=pGO=ES|N2uO2f~W-~(v5FQD(5=x~L) zu?K&LSF(+LMf5=vjHOjTpEuFrbzah`*Xg9)GwBN_oRq$IqQlc(Qu?xqEVXrh6iEpZ zvL}g2^c@uHseEo5L(6i>J;Dm&2a(b2+1n7uJt>eqqcr?nVP(*}g6jiq&{mH<_&2y?$ShWJT-)Y~bTdKsQA^ zpbeMOfCFNZ>Kd675Q8e9PrK-FnOD%8y@J+NNP@=k3s(*5gwQ#>qz@t~uguDAiR>((M;YoLk z>2otW+~ein;pJbmlu!WqWpQgRp`yvtyqG>nqr)68=Rv$KYT0Fp(j|I{Ng;h^>=0%9 zD1KNJkg61r36zP#x73yHH7~LUzmM1$=Lg7(b=uQ`v^P)&1bgt$!L)_+0jDvqN5#|d z!}XC|3{*_XDXhVJ9sG(nA~wePsbZb>=0Mt2Dicl(38pQ0dtd;UcxjFzO%6RpGBa|Y z`y+$ZD)@LH?R+oocfGXVj7-*PU6(%el0olse~i1|<3@)zFKcC7=@vi4Yap?#@`#iF zEo1=}>*sm$S?(o@9Cc#yxzo!18xn3qDLO3o%07^??00%)vkDe@mtR(<`w$AtbaU}r z@U=i!%e^wci86uL%~qs+`dzpuWTi8%BJE|A3x=Ro@Jz~_fA?~>gmbodIT!yukds@7 zdhNkQH|jd$Q)MNfr74;KkYtkAyjCyi)jFwc-qj^CCkS>$%A7~MoK4}JOWOZlP=T~IaPHD}zkp`c0prpdJ@HVR^s{jwtQY(T) zC@zMBap}g*Q8#1o%B7gG;UfJ4vjk_Zn&K4TQz?`1APc5Ubz)4%(XDJ@ zeLm%l39FoMur=xO{MP(jJ1=u>!F$(Dp=Re*8L9Kb?a|$v5RR_TujT9$gYBw7Lnfhi zH(2{*FC&0LAd?vjs4bzEOi@Jvved;w+1R2iYUNa~5CwPLtZBhaRR8pRJCdE1B|$}5 zX9TnA+Gl!^+$bODMXLFTmcW}8PO0miUCN_9C-_zuKG$mk8cR)>7fcn#n&J|>Jij~J z7?k2w69%(cs4wS(Ktq(*6t#%w;8(*(Myu zqzI1(L=NCa4HE);eYi-=Y6xZ^cr-dd4jTAP-Y}qk%Db6{fo`tIS4p-|j3i3~*S2~f zP;l`;@VYRH5s^Srhm%vJm!XMTNQ|e-D$ z-$^uS_NoE&Bu?$DvbwV`&nJXwk>o(7w|WV=bSXJJ$R)yWWsk7oEd%tmI*UYy&(PX| zkbp9kzf00L_I!C5fYQMNQQ=L&(W77$DG!EFvA8BjMM}-Ko#tl(o4)LmQjQ{P(I|!S~dk zw{nRRz3TJz5K`H1vlTHw1$?`{2Qj|`W%~R`j>$W11trw-R-3hpe>6G{M<1$^-8f{| zpc}GMeD)ND2QgyWSQ@CibsBUGXC(R^@y1P3@w??459xz?-FtKyvRT+?YzO6g1vA|D z*-Tz2mdNYxUAVeUe4p9wX1 z4aikqK)0+1BtcLq3`j{5pEWuqM_YsOb1B~v8Ghb)^JW{=NDcWypgW`>NooE? zBe|^nL1a)222HZ8|3~NLv8tUS5%)_zB?lV*WkN-Tq@WPXdPpJ~i0fg$GA{$Q`4K;! zah?#ylRC%zmtH1M4jdoyGKg%C8gJ>Hm-R8@r3A3|`k(#R+$LgOUkMODf%K~~O@JaL zsK2Jc#h3$d0fb-o%k#Q{9S*iqAziHP_eqw?^_w=CVQ>LaysNoA)%&mZB}_t(+r>~7 zp0Fq4_uGD3P(BSKrTk8)Ru31xYx@=v&Q!L^j{P2xH!Q~`*Z4k;TlR5*3jG1)R-GoO zS=PUYVz5##RBd;*9u$1HJzNW#idFrDAT9yvKbRU)s+Gj^7Zqq;Rh@X%nR5@O3)0eTK^$gnxdG19C!#c`xOKMx8E7@!uM6=9()ZBxa- zer>$0SEj3aZM_H*lpA4yZGkYpJ@9~A?ZnWrXkI92M~aTr4jTPz<~N_U&q=4(ey`!4 zm+Kems{ML8dcM9P@6GYiN2lpz=j#8ZI-$Cf1PO+1!3W%%@G{|VKAYoh^5+vq`DS}fdN=9I z#2@q79Pd)2J~O?EuO>d2{WIHZ)@SzLd~f3Ox%#)vXunzBfbsr!#`6Z_*~DkF|MwX9 zV2+;&KeIiPjr^Az^`9%hS)K`hvpwdsNgw9>$Bg!v_-4|t+1{l_e)GLaFXnsm*~F(> zqkNNpnE6fozRbvP@^2HL%=~kV{7uHQ2`^LroBGjOBfqKNnB#3euRlkAvp!SaoA5f< zvsu46p5#9b1~dKc;7i;;Vm!|_o=yBT%QK%%`Cz^`%Qxw}!l>WuU!n2-T<|jA>&;}k z7;}6~{l(OGOnfrSH^;YISER0HdJ~^bdNTQo2~V>;^V#G#=CfIz$^Xxl-pp@4oA_YD z)8q$cdJ~@y8}KywgYo*c$JZe68U$X0z-thA4Fa!0;57)m27%Wg@EQbOgTQMLcnt!t zLEtqAyas{SAn+Ol{x5{Uk#*S1VYNiD!^8e__IUi-G;@Q0yL6zxue77PrE{P)QQES2 zacPY;G^%uGN3!24-PO~TC~fX;?d$1iE$!^sc~gH+cS~qsX0@Fs#q%>ZFM+0)aB#|%o?)!f~I4M13G-PN4jMK_#8<-u4`GAey{q9xfwrJ#Iz z?oTA;11johiDM^bM|Zo7Y3}UoX=x6nrWW`ys;p#73zas|-Eqr6BHo)+rFZr0RxPJ` zT6(%s_CSlO4gHM=%g0(+enjt^0Y<-lz0Dng)}oH?j$}u3XUDCHRzFeOKzB>Bqo-TO zBnNss6B?S$o$Wn743V+DJJA~7IndU|utdF~j;p@VD5|C~P!}&o``bDQFrXEHGag9c zw?l)6M~#!Ho-mprT_!T`Y1!4>$ED&L>TgSbvbCc-N$(PSTN1t0B_EzGG#avFlo063 zg;1Uzy7M8^7w_!o=VIh=w(U`{8t6~-hrq6opsTr8bz)zCGSL-J^!4?~ChlpWj&kum z{V0d4Om=ih_@V;4}*jTN`Yh`+0ogN+(+qfLTziJt%C-pr&qo1 z9_UK+0UXf?!Kh%*eP5!xg-{I<;bB1pz=N{!(#7VOodX@6$)z3LtBDow0jT4I zj$^RrA>OsKKiQnbpvws3F&@9Hep8)%CDAw#;lJXcMXIq>FClw8*(EbkyQpVb+#=MB zRwM~u{fGfGMiwMTUEUMmbqfg{Zq^U~8KHpmK5B*3-AAxv!P_fG3F-OLc!yf{c+xNDPqo#E#^hC9p{x2q#12 z0oxX1Pm7!e$AQ=p>x1vUh={t=P6RJ993g_Q?#HXbmqgCJLL5(-;NOs7>Z8ZSlm;>F z4pG=3Cf?yCjfhCFtRG=tOH=Z_Dl%l{-@AeGYFYxg{dz7Kws3 zF>QiXc_4q>C5GLd<&$Ui8upAce|t}~SG9!__ym~gMiJSHX_6mxOo=83t; z1Za7gLLm5NCJH|z#<}?-(x{6KrFgTeQe5Mu$PigUFdhZOr<@jr&Z0ayA}QV%o_1!^ zXd17cpusvVra29%v(o!%DytA>!CFgfvG$PVWZ2O*{6^>}BPq7v5{>Q<8zQk15j`#t zmE9ns_)UuP)nd7`I8V4cC?eJ%+@#3EO^L`V6?yIhB65qcE5xexB6eJi0mzW6QHb3l zvR&9!8Ln6!>8TZC&xov~nAIqz9TQV)g*ZZq#_ksOHR7@|G1V; z9}x@CB&R{lrb`k(k!S;c(J+AvwUsIv5Rogz*h(s8X_?y~3ZEBa4vNW*B7!!yi`=A$ zqU6{?5pAHBkG)3B7?82E{Mg)UMZ_&bsdn^nF*fQxDQu@SUyOD81-_IeN?!5`&OyO$ z>98q_e-GSUcnY~1#eDZ}JS?JzSz?F#ZufDK`D-zDkH~R9Dk3LDK3eZAo+u`|16&>r zghK;^9*&E;Pl$;RnDJ5f+h&xAMBUHJNHLFEp1%X_z9!s(h17wqCqZaOO<}dJ#G} zQO0=s0X0pGx=)D-r^GBO;GoFASL7tcq;?6ZgJKRvCq-5xbvbqo(}&Y4o7E@A-bTc+ zxzw4Pr^Yjf#+l>5^u<_;~_714>|KDiCoB>6T)r~6HbFw z{6@?>BNjLnd1A>XarrT^<)En81eP%X@U=snl>)!onJbm=0)b9ECGwn0CJ5mk7BjCE zRj7if$N@GHmvoL(?6Q=xWx!1%?Tpu>pi^Qqa@voJ61toa+vo!RL5~@#+>GO5$#r7p zNl^khX%v!ottdour=Aqqt0YM$MdlrZu0#b6UUAEug*hVcX4E$zDz1eTxkgmuwvj43 zEtn=xi`ni`G4qVbJ`FM}5tACl)kw17n7EcwIkP2miJ(mr5D_^ps_Ak+y<}0LxoK_` zrH_l;>MXW}ctqqy#_SLkkpT>Xh>SZHX)OW$%_tHxBTdKL@3`MVr+y%2y5AKGA`<}O zipW0n9y?ClHjGZq8By!($`e&`Q1ab&=t>xo@fevoBxwR8RJmJ@P&P&gjdG&SoIG4J zz>Ww68Bz3R+O;B^@Pgi}cnsQEV!_nHY1N>SY_t!F#dJ9#Cea1Wrbn;7M@9bCcuv`l zh1ZE`7%>c|QT&8!F-CXL7)=5c#W4}1F$$J3De69IM2)9vse6^D#N3y}(leq62)YCX z6yS{wuq?qff(}zdF>?8MJqxdMPK&&g0v}Xf+$gf}JgH19L@~tqbMSNuse@Hl@N?uQ z8cMp26dV)wY>^#lIEF{?TIjM-8dHqwVvK6O`$QoAyBMt>=x6j|lfGXPbzdhYMY3E5 zDwR?ZMJ0pj&>~>`Gn*>zCb4D~$j3zCPT#u2aUfgRW^58?N1c-@5 zX~t<0qYLzn-2hjk7z0#V+79eG2+&Uu6OTie9rL(^43wpLV$yMEUN+zZzK^5?Nrxx{ zfcKg)9?i&%?B0QBmOK+kMVJVDEvA^H7;}dxXqTE6B8i7WXy=FtH-p7=0FKvsa0Gn5 zD@$pJMkczCt9xNbBjW*+_em@!hjfeMi8sENsu|wgJMy%9o28* z;dk1^M2bEp>TtJbTQr6id&4lZ<0mZQlcM&RSe6uogbrBqGO87TCB-}gZC&Ob#2usb zmMG$9J_=PKUq&4hlWANR9TcUf#pENxep0Nt8z?&Y6l#RjuNASoP-DATbsQoB3eg!N zw0!qok#|hwLp3LCLm{QbJ_ zy92BMRDgt}@K8b?C_sxJcY!qb9pX&H;%0$U6S7_c3@ijxE1_`|Qo;sS`kcQ@{cRJE zdgSkTBc%g|)Q(Z%XWjY4~YEZPqO$ed{Vfev`i?* zwXESnYLCY|V*DBS&pjx{L*G9xYF59-`On4q$6_SF`3c7&_ltaJw<-Al*fKHsezK_k z?~(wk&qD$%0RAqHTssm80O1N~q>uoxT_FK-9v4})l5@j5bNorS^eIyyh_NIRCLfd_ zJ1?P7D_j-|2Tuir!nk%Z<)EM;a!!ebbU7%cgZq$hZx#~|3i}0!haIWK!{j02VHGsF zRN~?It0W#8MZuFJ6b}t4#KV*4D;~h%Sv=e?#Y4G>E+r?FeM&4?Ei(Q^?~j7_ z!_$=y+XL+Xi3{NV?qlVx9}XXg((FuT3|<=Vf;blxkikI0J}!4E`=uqW?K%KZP@@6yhCSE_fwe$r6=GzfUk_S8$(ZVRk;$+vcP zTVN3odP-!+4pEsD8_+KYcXV;dr1l&bq~nr)NorMe)rH#(EHO@pB!;`nErq|zFe0SP z0C!?BJB-Z8K_4Pz|iu!$k!I_bm(v6R-#+Oy*I~wJ`Z_ zG2`Zx`JtquaF#JwosW#kfs(lHf8PWF(GRgfz&J)^f}jjC2hYO>S+9i532lQw$mFn) zS-MFS{!v*WQCK7_Z6=8NO;XwfITfVMc!+)*)h^g1E;%jgA#4_%Q`j_+u*rm0pA?f} zXhCgBUNo2ZAYAWdU3<#pxkz0}7ULY=WKPL*$ zjM(VNCDZTjMll`!il;Wd1azNuOgNZ#s29!|ygDTo0i@YZ=>%b)5sTi5cEa={5#)9Z zh{dOc<1EVeQa_J3Rj0%n_ZZytvtS7w6Xm$puw=7gcC#xFrgt^>o8%qEF5+vus0hWf z2MK8oSry+aRy!-m(1(Own_w*FvFcf<-n=`q?iJ~&2doyg9)y(9H?6b^y+>wm-vMXmmw6v85np0 zT$l+99$E(ZFlhdQ=O;cT3ce?%oP;}b?+)lUBIhBz7t>MrESDW2m_DItpbU@*=^hz)!_Png^66zju_QQUAftTV!FnFW6YHmV z()-9MDWC6Ua8kT{hNoYZLsmS+%jX>o?F<+av!D;66__Ghg8zm1pNIb$__y6%V%ww6 zygYI^tT+V<$b;&2hFqJmBOu~-#QdX}^qk0lLD)nfx4<6(TyWowd9Q1M8Bm{VFo%hv zFiVLnW1&~qY!s6p5n~?{KrzZO*{w&8o1AepFB=7P1C#U5V%|0Helf9DP6=m*-+np6 z7Be1)CX2qp`A_rrnAnX43wVcZA9E>w3`i|d@Lw$Zw38!WWCmXhI>WqpE}~y#z>*0R zwOrNUh%v$Fqe7>5VCn_Ze>zjY7#n`^aeJ5-@Aul21$8D+)Xz(8fNwW^J10f?Nhg}3 zKOezt{Ir)v&U0Y!|0H{C6!L3T$YPL5i7F%-uID}s!-OZqWVL)?T)5ru$J_a-q4|Vk zi`*ciJ*oz(_1F2>@cjq1~B9R z)@mkc+Ht;vIk)6xk%6@Yo4`%=_#!V&tsfaJ~mipW?B_w?+1 z*--=J=Ybc-m>U@J)2L1Q5b!f8mI6h|ecYx;H`L6O_+=2>kun>$>}rToEN)Qib_`bV zb5JctZt^kNALH#^5JL^3?0GS#QItJ``4cS4f%n6iN(k?Wj3Byx0wqoQy@)ys6l~5y zyauCs7AS^B%yb`@G;6ft0}K?HYDG?oLUkj>Gobz{kQT=z1{uY_75Fvb3^9f!kIMu( zVM_ZU_{uoQ%`CT6f*~hNYWJXc*PTR@BB1BoYiN!Xv%gULG9QpQWMudyGK_y2-gQ}B zER4~=0!B9+7n>E6GwAIQ@=n6^uX>vs&iidNH3!HnbW`)fO??Vwm#M)t3jQeyc93-f zydVuABGp#|13w0?fr*f*Cp3bGu2dC3kO?=5InM!$ z;LtoOCf*6uZWkF33Fi+|kmZMo<5^Ho21Ne~IC~^;vco9%DKrc#w<4JQ&2c~bfT)D3 zOCGMAMwC14ZKS79`wUUvv<8v!pjdJjvF-Vr#q8&V>l9BE3$CNvxsfr>0$W5>@!J%P=V6E0cG2x9O^Z5tFGLj2LLcpetbV8lZxKm8n z?N_|+J0c%M%kw>$FOBSl!X24#TIzxqLIMV_`EN)M=Ow72nP()hjMbb!jS+)iM8KNu zUX2EIh)hfpTnn#cxyagxHC81P;7ENLR8OW#b$;}u9F+-TT#(!T7|661)B95!#9A0w z_tWo&Ba#^zjMtz_qrrzkvt#~Qw)HH$#OTK9Y{KQWA_E{sXEV+Ku$liL#4_FK5Z8dt zF6xhqO^SAmvR=t2ArpH+Jo%HDWGMiNqJnZ`eKyw zBAQVIQKJOW*%`l)_uJr)W88IMNR0PD_UI|u6(ivbsAL+%rK-e`5Pw54S&^~miYFuT z!vyEq+L?55Akm(wBfn z>yM%JMG)3=Tu*HdVZzt&z7WnGVw0>-8eKRFotFgM{j%>9!}9g>sCyp#k?Q~(&TS0g z6M)U!<6^!NfO%nF`7Yo`30N$a!eCiMEgW(ghj7{9WTmh(o*GYlGxvG47H**buDP|G(%){LO07SW*QE6j`0#;m*hfyy5#cVf8i)geFEP_p1LmB-!WD@EB3upo1 z;s(h^jP8CN-F2Wh3#V#AO78z#=KiZ;ZI@`W3JIP2z|Sz@_G^)gHPvTG=gzoWWZi+~ zpY!BwzTGBg^G`rqgje7gH#*}o5v#%om5On@NFl%kJ|>aemqaE20Nn)YHjMvS_$M}K zJM)PRavvv!QTexWt@cDU98P#RJ^-^Fjf$zEKKoD_eDTg~%=6`mu@QK{7W9*sZ)`i9 zb0zRBkW&t`Pvkv;w9mw{mg#H76leBCG4qX(uw`U7z~z(awmZ{l+*7dbsUSb%+eZ}N zRtx__h)jwg)YgLYYW>;!b`}CRx;+R552AF1$Erh3dN8(Y=f=~20!T}rctCSVWjylLPt0; zFVX0DP6nVz+$iTWz^fTA3Fo93i?n{M5%uo3BH8{vmvnSz)xiZ4L8NVvzuZK`LC^ri-pIN0rMT4NC6=%d6g^|WvgT{=v4}>Yu=sPyu%sVa?q&CK% z0p4Yv5rqm>3=F>mZC?7A$oz;zY6BhLhk?s}R7_AM8yNiwpnO4O9M~bv-#A#REJ>Fn zzU`FditNXTu-Nf9F--2?L8B&OLXX#H-Nn=M4h%6iFky61ac%-1tHbq}$l2}LfLICV z+knOp{ujD3`;3@(T6V?YkEg>z*nps+F`fObA;8Z7b=XeD79{xGgrkVSXx^8QETAwN zZ+{bRykXuBQE&`qH$+)BF!P5P#}IoD;q5CJ4799J5%}b=_VRVK?9$U>V`{WLJ5ql* zjPeHlyao8P%zc9>JPFz?1y6iJ(v6`a-l=?@g`m9Yit-F~`AZnwbNR6!KpISNEmI1) zVUQ34tin`c5g2BJXaotf+jUA97KFCgmsh1=VT|F|F~alDh&r%1C4oas`x(4;-H*U7 z!01NCIxB2vEXfI@j(?SPl&Crk<=y1`200HEiv}i85Av17GzR)!3^aUJ8x*k{Z~qM_ z6hecL&PDR{^3&o9)o25Khk9p>A^s!AW(v6fJQyPj6!$m4@(nbcv^v!~g8+uuTjy+n zQT!U%M8`#W>c0ODbyq-krGEPn^c}0K8`N84z@)WxmuGD$#4-^0Q^cL%vQ)@vjOy9c zkn^j~DA3^gE;wyKjzQ5p?Yz+@+)VX`c8tcay`riCryVT2iuNL}ud3T=A*!({SuIZ= zsK25qxjY_k*}J#Ayu2c~m%qNHDOp}lo9)#m^7@v#re^%q(WPlwysoYaJI7n=cGKw# zO*nR;x$9~^V}WXDO0I}++licsM18OYE7o6&q}bqI*OaWH!wKpen=0Z><#9Zhm&KbB zoj72jyg$hmAW3JUzrP+SygJc^ElumbACQZEQi^P4S+Vq)b?eV+4o4U&C8n(*DmRAI;CcLb|5eUr#oymAB&@%}%1G=L5@y&5+11cvt#nBb3J(1kg zLKO@TtaJ#jZbJnDK%PCJP_`Ba60BV5A#yEI>gpx>^Wc4Z@x)3#{L-5Pu zP05;geQTmSi9;vC#2G-X@+!b&pcj?LclHc`H*5u`Nkya_?{NqwUOodu;T-Xgk#eQw zeTm-A=9WZVR~JgDig$Hc>wCJo&|=0X3nZkTtq{}TdL>RshO`w;PSG?P^z{|>+i+!8 zQnzJ$92J%Om@9c~d3j%g&TgsiZcXg1yJ;&JiGdL4S$9ug7r2u?-J^bMV;VgMYHBXt zR2?Vst|q+f?XBy0)oWB7O}8hl-YBV3PJ{(%LdWOCC9kS)V8lS@b_Xdd6(B*2P0Im> z4ZRp2kW5c!YaC~zboB2cj@sP0rX&xHT~CZL1)UV<)ETn zIQWLnOR3);udAYCNg$3u{tyhwW;Av^u6;e7>p_LhEjaCm24X~u&o;@Br+XlWOdpuI^w7vqoumxCLi2{^j zS_+!l29=c%hf%YlavdF{G*r!5LFaRkjFs9BuzI9uwv3M;Q`rMLNGeV_iXx{q zK~-+{Pbp*UkqEMADBwqvKv#gP^EpdW*YG%zuTxk|Sd7OW<+pni9-rUjxQuL@k zo@{QH%*1Q-MP;AMpc3{c)-7XO@0{9ydTg!+NYI(+Zcpy2>#|yQCfYl?sURN{y8*<; zmh^<&&TT;1IMjn7>eKf4_A~FQRX4}&53=W z)vjKgKL_JY8ri8WwK~!WSi>PLqB$)Dl}ZKWAI>r_tE*ckiI|!i)R$5W_Gs$L9eeAv zJy;RHiqCdrwvbjowSisk6-BlsasNhW=I9yv&n(_Mf)Rtz3u_7{5({$8R_eE=MIfa2 zf)2LFn=Xwv)x_yUN&mD*u1X?ksIK$CS$e~ z3Xr8V%1O;4lMJd!E1=xd-P~D=lLQm03n?T4D={8VJ{L4bt|u)i+KF>UR~JLCks=7p zt2@y@(6S3R@tx3P6aB@-EF%MAvAkT_s`cG%J>_M-?aDky((|h$H6;4hkg0pA;;w;; z15LhgRoi#7@xTLx+0bSNwBc+XKM9Y~usyl1<0#=;-6x*p>9(uu#J3@ZIVcRzQDOnq7VNHv$6KUA+)qOem5)3frlQSeoo6x)s}GD^O3KDwB*8L5 z!)HY5(MY>W762wD_H@AhWWNn*2LQA-F(rgq9e`PKfwW#NEih@D?@BZS^~px>-Iqc? z3OIB40PtGrg9=WC=z$Na&Z{WHK7lh+PCax2KF zkvj9>&g)C;PW1I-LP{MHZ5tv0L()$YCC(n+lzuyT5^tn0#@D8zYZ*hcmVs! zN1v!@5daDYtSe{|ln5BDY);RJRTEjXx2HsHkMcSveloCGg3D#Bf?PW(Xm# z`g=NeC${MsQAtOmx>QBFS(RD3n?8*a)JI61_jR=If=<=$bGv#d1CtR$ z*rR8kR*^O)xg?lD`GqbHVO4<`OR8l`X^Dio<|Yzs%as#mq=p!fLE6zCA?eNrwC<53 z{CT?_*dpT5>gwrN6I>&&PMSM3hsrXrmu5MkOec52l!9}jQ)w)tiiD^W7?Hw-BiBf= zw@A8hAf8?wV6M<=lo~@?mM75zkl7q>?(1vbC&}^LOIoT@Eosp@s9tMC6T@=y;=-+x zVB_J30!7pJZa^!NGgUIrsaHy{T+9;3x~ndH%!zrD{H%(ezu<0C|Ct9unM|TIxhNo@ z1;NknxgkbMITGje#DD6wgYW~A#$Vr`FIA8+I_T8@D8cNASrSC^ESAw(e5lb}*m)4|3 z>LpBFU2+K%nl~C=-Q_KPJQXRag)n$DjgD~X=YUa~bDv%HG*6|Kh>L9szS?807LP$h zjM^03P?sFYcni7OudMG*Ztsy?XB~gXjJg~2c$Zf+_it+MYlm|VX+5MF4NP1Xz{3DR zmsiN;Wt-tSPV}+Ya>PqN;DIJPW~AJ$I!GFl0|&go($ZnWG1a2#E;5wrT6T8?=xd_sEF`VI^&V5K+Q6Cu)%?k`r7(3Dc;Y%9dmK()HMok~jy zz+%>Uu9^U5t8b{)lT&}hcwWcrb&)Z}QcjGGTFYtm^B4SRssL-r$;#1S3r{G?_1Hvj zqlb6U>~9(9k?sgmXe2hq+0oSL;mK{@-F`V#BPIC2I%%a60nGz?MjD_!->JtHWbD#3 z2-wB0W~`Ov<=L_uP($MW_Z7=9nc2~OGj!Umjicnb3Rd2iNbc(E+2gMfvf_;i)|i8G zpaxBpaze_0R|`zM{<)`zB@cA@M7+PbE1{=elqSxmx`fj7q-&0pm&;jw ztdne~tyi$M!gEYKGtmp|>W%N*7w_-Iq8T<(dRl5~;%$5STbjGE;fIzo1QtBWdAv5v zVam0C@#b@RK3D4*uHlz6dr3Su$~g;V2P5Q){$!}thP8RLOGw+e7CTN;uK5Ps{as4d z{@}W88WB=ZMrG-kT)=A#@kNvb0i$#1TAx%dGq5A<-XlNXUh241R6~<=%a|py?yP70 zw>I@iyd9~G#Hs~avk+8c)3R>sc4ILf)!kN|~Fd;||*|ctWUJgy3 zns%0{EYI68jF+PlV`R=;rDK!ODq^+b)n6GH0NCjA9#jT`^?8L!6|t1s(HwskhQ_tUC9mNoF+T5ZV$Z+APF z7cVX2%D02m1TODHWH%nEP*7rN&;u9@j(joqK%(Z0;8gOIS&~_L0h-@+u!xZg8gEm! zuN;Op(6Zt~pJIWi41( zM@yzao$w&0z3WI7FjAK4b5g2)6q#ATJB)%y#p{9%1aZ$NCa3+R3&30p2t^PwobXEl=GI**zJ2s$84poBF5-D}iEnDS2eyD-G z2zo2@OB`(y?`>{frdoY*Ti|>BeD9Dn9#=3QT~8CQ+7Q=PaL5VhO;Oivg)zeWw@Js9 z2ZH$i25_iLdDEpZ(%-{5*0_@?W2(gY0>2E}Vioi4q-o_ZugE~kqqkU`sYst|C5 zbZe~4-iN&$SXiVdB)x_G5@|<+_)#S-+Ltr^uro%Z%)lZhlsHn(iKUfT9=Iw$1sm{4EcXxWgmkbleeTcsVUCoQs*m3B**ALD?X(rplBK^*w4r9=bxMgma&_hGadb{{TLpYWNiMkXKO%d zm?H(bCNvsHl0;YuO1cmxo?wV$G9cbOu-DqJXX@z%gNhbZ(JMK3rsgorL)Vsf_ax(q zo;G-nJEXTnj^k+XV-_oFJ1IsZ^|5s1cf~n7SopD}O&PFTsZ(@xmDVaYGYRyFF7NZ%wG`M9WMLu$o6okvy26ZKd;gvlyWyDr6K zS>KlKCak++rHgQZm*nxrKLasFlW~(&?M$>K&w>SMNz?KQ-W}G74bRvdhSKTaD%3@1 zAGCEOF2z`sui|XJ(qeDvR46<#B82bZz1j?PzGE>!^G=J36%6cpZpn8FsoS+VrHy zsKA62f1-qu>ROO^?2zL221IWv)K8=M;cP@@I*^{6_HjJr<%Ds{DItN0@&X7yn!FZk zUPE*3lINz_4K?gx)zDSRNZ8x#FC^xpAFX}OU7hUsNOtV(#DUp$-84-@3t^ahU!)HC za~+Ce(q3XiC+?$j@|1$C<8{>3tH*;NPZ@UtmIIg_5OrNd`o51^!fp)d&*&d0QsSiAnkh#Fq z383oo&|N&F59&>+PC4h*V9?a0D%u2$g_8~Y%6r=4I6SGZxjiw=#&&qU`*0)%&W5IA z>4%?~$8LLaPhLu=;{s;zqmThqzbze3bRI`@%LU=1qfSW1N`?rXKgP!k;?`KkG$K#! zNLMLbOVy24 z?$Izc%5icLgoE5@rjJEpg#})x@N#PUI1$YPnctXDUjsOYL>(z%&|$OW`3jtW*55Ob zw1Shm%z!T*(;2$oCoM|{%LqJ6=b|;%cgX-(QfQPCD^sbVX{j_I$zgacMh!M8`zryh z0J#nkLuq-ejTu}XkWrm;k<5l%;`%#M1iAn_F?PYzWN$}*9e=8&w*v>#?dibjcs?a3 zEnaX{AKnv`Vp$jKZG3WkNEngXuBPd{VZEp>6>s8Q@2*(P%Hl}r*TOd0rrtygmI7Z! zlA#}4gh`tw?OUJM!Ysp!oS}LR z1+7{^xwMP|M|bh0UpfC)$hy*W8c5?vH#h*`0D*g|EyQ42=hjH;^qdnV1hNZs!O;>yKXZtP(Pc-R?;S@)=mY4I|4l;%G zfn@=@OySN+ixSDd!_0f=x<7EJj(%RG+MSTwV8FlqCRAW+lJO}?c4}dXc737_N0ag{ zsKnl0d>RMm)|RnZcJUM?y}za-<>xwIEzT-2TVfUZ>dSW)OzDge9X3nnWRzEu)!`{P zQd3}DrBkf@rTgU-lIhWjOj|ZxfKEHQtxtJ&AJ!eP<=TStU-VXJ(hy!9E~GIggw>!0 zQ)*xjZaM>}Gza$eGb{sBll*P!)Q6F$T1$*2xR@8+)`%HS=px2R#yjw#!UmwohF(5M zfcTkDq~)XIM*>16suAJ)LBk48$4K8mC#dmlCzSAaFjgB{7G#h)Z*^)}G`A)r6^vPl1+74*^K z?|zbNjXn(^k44reB5QBc(sLP7-q}XyXLosKP72O43Vs^36^+m9l)DbNo?%@>3I#w zpbF|M`a47c=^!UtgG&Tn9qxMWkj}{XS zoja0V4Q(kA;<3fMh^K#sQO0UnE5rPdI=uCq97EdzBc1NYA(Z`zzTF9$>eud3TKB5> zaoP*W)>qVHOWy7}%%PAlRXjv(XSL*pMGFdqe;6AOVdT~e1V(_W>EI20(wBKiT{@*} z%ReZaQ^`l{MyI_75b~+E`C0M=t&z(3G@v1ODnZ-8+z#okMwO|Xo>o1)3bqp);i(EK zc4~qPw&=UsSdYTruEVist=yDXkb^3mnv|656SvdLo6s1n-rU zTVI(M)Rrq>=(!iT={*F*H_xWGjE>7Ew36`(bmH;^e@7Zad4Vj`JZe&HzaJi#R_s>a z2Ezw|^j1GCLE53Z+X6v=2jn7ZFIpPzmdH;dN~z1)KUnHMTxMm!w7p_*zQQosQ%_yID@7 zKsAr@>NbPd^R&0Ozt*Jn( zc{F$mX5&+;g=BduNMG32+KOgncVO6qRm8&WFWw|p6dR8S`d&+tAFsR=Ep!lk0|^qiPo9rE;m3)j-ZA~Cf(lMWlItMfHW z2qLNc1;A~rlz_Vq8)10m1G!_cOtc@m6`Yy$#5WrI!7AZ-lbRV^270Ka1rZ>Ks1!r!v6>sZH zVCNma4K{$aOleu$YHe~#__Tmq1}uH{yx|0=(p^1WiPGlo);@eOvb3{f=S}@R-7USn zrRuu0tYlxwt)=~aE%Y)@vHU77w_ukbscfugs$JBDhZrzA-E0f_!~b9E-UU9ktF9N{ zJ*fq;LNAtD-Z`O`0&U6UBsmXGOV49Yn>IZsP0|NYm`)~>WKJhD>C7bOoKg<&hfuU2 zNadlufQX8US`{zgMMOnJtxy56C~^ye^5<49+N)f>-```cz4l{evUhgk=RcqJB>Ap2 zYp=Z?zx7+cXF@5@!bo0#+jsDfl9)g^UL|FbQ0^w*avCjzZTVuSits|MH8OcbzO+hr z37%<{7M!(pA7#I9V3Ol1Gi>pwm3A`O?!|+{mm}2C3YhCUrHtvW;FfA6ZZX&V!ud&i zBj-G}V$99HtJnoO?p(X!`c8qG5OBq?=;l>uRORLs(H?F*MsJSptgpfhUG&US5iUby zek5BYh0}8N*1810Z#Y>XqTI6IXpL>S5Qlz#zN2B-d38Cb#UA5GY+RC{qinb4*)goz z+)qIlE|!>GVj!2oy0d1$I?EKz5K(4c&aHl7q#wkHwGf=6wuE0Qa~;H*>XKC0tXy^K zVrmM9#waYrKPm-EVJE zgDQ%mbBdf}t8a~%l`fK^%-fD$hDdN5u}jLQ%0ui4(9~w7Rz-#txGe_@Ac}BxRI=(E zR_-o11Sd{XPUSZ0B|q$l3mWJ}T#iVm)VhAyJq}0^TK4ILn#H?K8_kkR%MfyqL1(zI ze;UbJ#{)PDnWWQ2uz@xbsL7;}d}f$P#dcOwVD;exa&0~v&jU<%sFtS-Lul5Rvd*## znl|iS?pjN?PApHc{H@Qc=XD)rKPAM@qD2bMWkJ)@6fw~t&@+@cElk~|g2b#$5Z&l0 z;Yb%sW-Jzryv?_V?O2qN?0Q-FAPtdlthiS2eL^@HPuN7H9;>a*2@`3#laMhm=Tt<= z>+Hi#+v{m=ay8Av5XJ0@3l`+M*2N%~q7UKs85gytp1L!Z%%OmKCb>s(Ne9`WytS#AKvuL}?tHB`{9Hz$Qf*mS2L(B!&B1X*U}+ zP(oz0gDs6-Gd0Iu1&+9Iu^?jVc?i}WMOUI4bd06!8|(Yx`e-=Ik#a>#gus|pq&#)2 zPT|m2J7VXJ_c=Cmcxz2xqZtF77u-VfkL|kAyiY}J96W9&B+=3Aib18_qzD@vZwTwg zIfP<%VMq!}ejir4g6xos;u!8y0uFK{>u-C;GLl0$LU6Zm0+s%XlN`7lF;<6Vq2*qq zLz#9-$tUL&W#Hy+*?h;A4V{(1SykFHhsktSOQElrlZ^o5?xq2iSRO2RTHmCR%vM>0 zy?{#@#3**NRH~Iy-`klH{jYPKH&yKB>Dy@N#5Ie>%r_PmAo6S> z?6q8a=qz%2=$vrQsj?Y|OA`)=4mA59?j)O$$TBX}HAB2f$yc1>wCht?7E|wb+Y1|* zI_=cvv|Moyk<{ZHkpt;rJnUXASV`Ek8ymeP_0q`ahAFRQCt*v)#+(mAWAd!OBynp{ zjua~-#s{a3S)MDTn>-xDo&971V`!-^t>oNBhVvx49)lGcAHCF4nCXFIix6)(X5@^< z0tcq|C44EecgrwVr2l#&<0R&3FITEH2;;g@Hkc&SCQv^{y4MENnj&dr2{W7Br$i_- z)UUs#7hL5aE>v-KilC4rg?#ooi?B$NV~tuR{vl>+lw#ZFTIuZnNgM(>Wm>}T36fB_ zgdQS8?25(S637_B$Rd!q4Vqc-2;}nLdA*2$a3?hEvH~R^X*l{WEAc>J27GLLX%8U(ZXp7XIEK* z`m;j{A?TunP-o`tR2gXr)us&|jhKRU-FQ!^M#vTnIh=@TKtMPC3&e>HrYDY(B2~^? zjjcw>6v2)inV2lA3s$cZ99~_)C7IQ4Q+i#F+*{H((HtZjeKeOZS8gcFodWS)3pqi9 zlZw#t?~?$HBz~Z!Al?yO-*z6U!qwnG7^=MKWz^r`~<>Z3Yp5v@!&*cuUOthv8!XjTr#Urm}U2JL-(H5qhV!7zTdaA+$R#iwRN`y@2p!al$ zxuJ&0*uY#n`FEwvuE=@$R&t@B%rUE>9M07)S=rkd_D20AxK8&h34<^|oNF8__=4tK z760oDhJwnKl?7bY>qCo zne(l9bZEM?^D?ZfnO?2U=h6hG?8tI&p;a}fi(3Uoq zs0C5f*q>VSrSKWJ+Je!^{K!U4q36gm_qlu=M$DpdM#AW{(uMIZ3zo!Q64FXKgQcIm z!<-BoNd8&cRX0f$`Nu>DxLwk{Es>Gsk!!QYO$_(QB;KsiA{PEQ$QT6& z(wL#<0P|`&jOKaMQY+tz1#WUk!<7kvPp=MFop-jo{p`S&1{xKUzoSsTvzpL1s(w3a*AP&Axqj=4P_=Y^{I1oAhnGay6tHxc{$_uRJ7V zCgod%6-pCt6lg%tcU!)xMAM@mWij0X8~~7jd=a%=vbMGSU57&jz1xh(gb7YEzMyCspGYL(>y1HfSqH)o)h(#d{lU|RI z`S&)+2w3r1;awQI+Bo@$MZv*oTnlDlj2%<-8einp?J@5GVh;=1+g2OkQ|c$NJFh%? z{otYJJf}1|xcAasmktkJvfNv3)h}DDw5R-iqi(>xtON2kgi_I~HXh=#4xSX^R?O)tM?X9Fx1^XbhSs~VOm+EqnT|i zB5-p(><(nW;5Ia)*B%ktXQxBFbZR8)G1SC9yIA2di}_hbV9cFn4nhOtar7c%tvGGT z{&E}k3v@^g$ujH^IKvINSx9l+GGkw^g z0*jhj^cLL7ID zVr#nM7F;3NVE6#r3r}eB-R;~bqi{i(SK$r`viiGsfWCmXSmtu8mHi^c1mBXPMkPZm zwsPcfxN^1M%Cs zF-Y9#ioh1nun)ymGaQf0!e4dwZ{^lXOH@w#x42^H#dvAr_ zG=Kn%4t=#M$C0SnMnUctNC#|gMG_WAIIU#t%ofR%NErYZ+~sOdq`9!buksh0pt1I>Y7jhdL$0TP15LOyqZV?1j;YZ z_s1g4dC92N2}(sNZC%}|In?@CLld{BWNDiYZ}PZx{gUJ>qUTla89_)p zBx+(Fq|cTWjz)AYqG>Bd6}KXn;4F~RV%D4SULq_|t@UsyEGze#wGGTN4ipaZ8@ zMqDpKV@V}kd&E+`NLO;aLDqh{_x`O4J0MAuR!-4DV$v?gm0G*%NDIIWtaDLGu_>*U zVZu-MQfLiVs*B{YKrut%5v#(B%p+hjX`6*7bClx97upDK-O)6fO}b#nVrnMmS~0h4e|6m(i1v)ci(Fh z9$+m~P-HUMiAAlY0H8KjY)nO$efMuzj4lN1NV{{Q+L`ytC!LFq^_Kweq2iEi_9GZ9 zCKvd}q>If;+w=hIC;HIDOLT@=`W)J$nUJ)6nd{W&V8Ecu+VD&yeJp;Zo3(DeTt~^* zn>e{BBa`3=ikt+N(APWgfh4g69`0wxNlvMe#kdE4BPg#bkcTm z6Q*Gcvt*N%65HEE_1?6A&P2_^c1Ye+NHZ-fAuGigmn>^UdHBZLX}8%Vant=3YBowq zT#Y+t*1lmc9-ydb5|;uEPPvvMMO;wPCV7SOG-6V(r9h*I*Dq9wj(<)}P9fTUm|Q5F_&svDg%fymX43}TBd1X^51QsdQye3EVw!Q)Nn z3KlVzT_TN^V=+sQJq;gDnr)3UwBsU*wd* zeoKy4)0KGa)?^s6`M0e%xQSrxP+T6w#_rxqdx*|MTy)t1mMtBK5w$~aG>3f+lql*p zvB>zgC1i1vzpShgT8ioEDgzBDI4MwU90ed=qDXGA7FV_gh1!{g-JJIkrGCzQkfi zo#HR1D)j8!iMe9iyIMgD1E!BA0D~RFlAHM0_^E~zEEoOLC@*e=F^SDGLkWK{$Za?~ z1gA0I*7p?s!GapW)q)5OTNLJWcb=^D|K_0KhxqEnp{d~fqjA)mHazG?a!b8NG<{-DYeBhlm4l@c)!1ipWM=@;7;%DJd z+&j`-@In@qfE$K;1 zUU52LDsm~~rimQvida}q5P6&F8S4xXxnXd0dcT_{^ZEFTZRzg5wlY^=Y_xO%_u-EV zboCEC)0`>X!Z#fuAuXL&>g*ho-}F@gfhKQ648uzN{t^}UhJx&j6n={442!VU3LgM>QsQf9SaYTik!Iei$%Q|&>0z~g# z+CdIB@@CFbE0S7-FDsA9di`=zArt?wNi*3oyPf_mAn!LW6s@2JGIeWU zma+-{Mt5%wC8rjUMG#2H$~g#ba*F}!_JmPS*=V7+nX%Y(EkVQ&?eY!f=uK(dyn4S~ zjBCAa%K#z~J{he*hy+r(!xzM&Bg&$U+$kwm)U}AC0G$^{vSGo8ReU)L9{#T8GsIzv z4a$NI6A+q?qL5itpT~UqCkPVP74;P(B(j;pWKfa@T%}=BqSZS`p%N@l5g9q1Q27$8 z8}Wk3DPcfo^jebjAhqgmSCgA2c2>hEaN9>AJ%)Z2GI?kgVZwMh-X9- z!Q)j_Tp`LY>}nrU0uh~12>HqKac;6$&3>um1iT|@u=XPRDd!5rD$3C!#~X~~tBcCe6hU2?dxmJg zzPy6e(-qCLNqk$QHL;90fQSqh^hl#ClP6S77Z#|#MRym6Uqci3D# zzAUqk-G&81;yT+m)7rHpH6oRVk*4jutS{j=AuQL}ceHPH2^Up^jbd$$Y?+vIJ{g;V z8FD?XcUsjZq}$zYzeckvCt=ITM=HdQn(Iz>NLI?l=7`)#>}P(F-|jdE0rMJ zJX~L>;;=$wB`4AvuDI7)O0D9ftevrBbeRm_jGi!SD_FrCRf!@@ch+eCL2TBdLn7g> z0!yMs_xNh7Mv<^>f>D?E*n)YZ0F5+RGRlsaegqzG6vyiY2d_b?UM8)g}DS9xN^lRIY6vOrfflpyBP7DAP>t-kHAIz1Sigk$4%t9kS zuKAqM`y9OLZjxuCA!DrOn*SWEL-$q(#b0HDiPjyKeG91y331K6b!D}?q&?sS(nw4O zse85K^2}hCXCx&Qk0tZY&IK*SK&Ia*XibYqdeh|~faHI{7X$19NwHFl;)dPjaC(r1 z1zR8YWmj+}q6cMcC>)L;XkyJrGIJ4U1st{-3s3o1vf8q1Ti6qvT73Is(+ydgcAA}$ zE5hy#kFq1?Fi7L`^<_9zP&f2&l&uFAJXBN}qjWz17C_}F93d$UD+stJ8CU2p!)arI zrkKgr%Es}M55__b5smVYry>^4&GP(PW;h=i2!6RDIGT;R6PRT2 z3AA#%MhmP{gHo6D+RJl9_9+-aU<96Oww-pv>__9sb|m!m@}*Hzrxwp`f!c_qNE^37 zXH)LH8|)Fx&s2juErAR%@C6g4-I^d)%!Mepn&iynLyvqt1DZNttAr^E6S5!Of`X{Oct_8kHfMO=l6FU_zugeam@d^l0A zMb(t_jXh_Gg2vtly@snCVwO-q0nPy(3jeo1(4reLx91f0gw$i9@i71V;;?sl{`2@_4UEG$mzdRvE z=GmD;bCS9{J?*_!SR;3$9Q7q+BC=5+fe6|b5 z9DJXz@|6Qmj_2ax3!rN~%;bsKn?APAM&*Z^;ChWVjFQpk6ThiVCFD$HinLq7?tx>^ zH04Uf8{#ROA2VhT!N{IQ(sOQmndEQAySYAOJQ;M4qog)WvUE zC^tRELNwYM-1asd5GD0Dqc^NIInX;xRa2~+j)6}Q-&hf<^64QKjH%lpv$0oBQ8$@0 zn4qMgjAq-$Pi!e@{4jS$uyNTIiTIf8$GZg0yq+&$T2L=6NrzUumj>p4s3?&|zJ-m6RWknE9VKJ0Z==!LTyoNKrv`8Q7@ zaW%96=u58r2WDp&Sz3xB7(p4vmGeo)5Zrb4&vWVn)sJtU|Dfp=&pOsML8OuziDCgV+qyn=_JPnLns&EZtr5Wu<$tAd6G0o?qXyjEw7WYqCG+CfMP^k~xZi~5MH`xa_M`Nnn-F;Yp1nV^%zqRMex8rdThuTXN%Ruq^th=S(Z%atleFt#Ir zCA1ij#t-s%@UbiKGZky?2&o#YLHtDCqa?Unsnoh~wXE0bkVSxeaoQ*uSkn45pmQjG zuOcTztFqW>udZM#CC-KHx3-Nd3d3_PehtT=wRinlCEs!-U=U;<#j=+}rV3>)y@YE( zxm)u+5Elux%&o2ViI!vlckUA4oiX6VQ9}SuTOMhDDAx$dfk5DmE=>j~PGhn$b+X$@ zZHAm5Xgf*SnB*XRn}+sQ)d#I*7VhEJSLi}E_W*N>meN#;!n{a`pX{r`sth-HnU`DT zazOfR>FR*Xr?!#b2rjMD8=VHw9tK2#!3@|wof;b8WdfRH&aq=|j(wrymD;OBD1 zCo;IMP;;_iB4#IB!C4LsQL)zv#P?aj!p9s zw3ay-tG#FGu<^C7t#&}2o2$z$2;UKNx=ATUk4@@O6nNy?rif4)K?qK~n4i+P_~(fp z4>Zu(FzIr$T+^`amiZ(FaV+z#gE`%8ASEK7NEz}%i6ZkB%93TLcOz98Y3M>oQG4VY zcnXvxmz4sWG@=!Me5+iY<%_?Y6FD?2EiNjaF$gNK#mm{Rjw~Q(sF`f8=O(dUDl&gE zCXyG9sJxKX3!`P+ZOXW*%YSpn1L7uE__Pmq@dyOCu{)4*3NUKgQ_zB!D3?X;Tt<7Q?w&k+69f}YJC>ImULnm1qbVg!`CatPW2R)-W*u& zZQqesu;_!&^(ZTi+j<;+-##|%VlE6OQgAHCNNKdZPz9JNLm<~J) zN|b11N|t7Va?*{O1!sla(J>xtVAd!<9=BR3DHhJjteSqI_#lp@Gn)-kDNb(#2ea_> zc5B19iA=PjRy@>kXECOpn0ZKHXcMHW6AniKp@xd)coO<3aafv55s zkU}5$?e<|dZ=-N?EDD^uu>`e}p&S;I?XD!|s4jNJx)ri!l0vXmV(7b=E<(eiOn3G+ z8KcO)7rD{t9}r>4VrXWtaU5}F_5*pt*HR5<-&<;Q!!#wv`z`x($rVlI@Ngg5+yJq_ z0i(mZtT2^sa(Ig5_Fc=n#5@%FAZy=(DJOLozn1#|dnYmmVo0T^&V9W2a1B9Bari_HIh)&^-r#DBtQYF@gE&|M@TPi}Q=qn2_wt{-J z(k;#J2$AdwHGh`!)DB}{~bV}h!N6HyyZNmV!Ha=3QV9695{(>w=VnNBG%dN6h% zKBjvL@-!p`QS!6}Pl%k?DJH$SUIK@-gby_KbhLEoeXNjOE}-I+!UA_*SkCF>60OY& zTcYk1*lzYYqJOt5u+ZdxqymxjDaJj<+-B|La|u?+7Ob}yrlByMgTZ_>g*xQ*BrGDa zy_36gy;sg^@Q_0ai6eW>gnY+5yE2v7btTtoi?}4&6()qT9|>f$KDhm!)QewfI1o)( zK(|TScG=k#?9y0LZaQpX+kS7V?k}LlycW@_hQkK#C_~2;OKJNEyMqZhot3Zc<3xM zA@2mGHcNjT;sOW`cba|$_NNepNye#4RVIZ`Yh&HhcR4*9eziO?esRj>{Ut86D#gQy zEn#tRW!|OA020wHfN3(<3dr(!T)}&s77sE$nVj)l?1ifdt0aR(fQUXK=h0T*ADMH| zh}voD&m5Z{hTCkfXzX=-0h^pm43RKRL?1D3De{eFvYm9~8_p@>jK3qviLoy{8`cCm zdTc1eL&pZQsE#V!=L(Bx{T|<0S#f*K+21o0%e{=6kO=SQ(4Ho&ZD!ge5wtGhuE~k< z{UTL4`BzmITDaOmZJrk8!oLNxGQJnuJ3m6+o-CF2?E}jIBMMR8FtyIyB&;6nS=E=U z7^0%?dK<3q?XD$LhK=akBt;Bh%C-@M8jdf(wZk*5A6X=mmwo#jt3hLoQiyQP#OcmK zOGj&Aa^p?kAY^Ajs^}LSlNTCJWaAB&mGncxp(2v>Ga4HCJx1-1%{E*?h(qr|1iRi3cwo4%W3+KDSmimEl8 zg>y!fMnt?TEC#W4Q_BCPw!k*wSRusJvQukNIgAPGv`=xiS!2Ux1xc0m+;Mo98wScx zh7CpOUn3h85qEJi_vuU33}N*W%B*zVB;LuoYm=9TK7w?*268|RF-=7h8NSS73t>-r zE*M+vJIPUjXT*~Zu_5Ye3RS2c0~`Y-Qx&;C#{=S!p?LQmOo0MWYADCZHTOsz0ZC6S z&$SW7&`p%>1pg35rC)4rXXAv-m5Cur7DzCo;@!}9v6%#nanq;lE-~2bBJ-+DsE)9Y z)+L``li}Pz7D|pI$b=_43fVV@UvbWo?Dv-qs~Qp#)oDbSL4Q*iXr!MZi7GpT)WI`? zq>;UvT<}`(66{e#0-41P6P)byK`4YXU%rEa@)VlvgcLNF0@iw>CJ-+v*>Px1^NRIq z+)I0sf>Nv|hvViOV`c(IXS@l`3`rLsqXq0R5*WLe!uoBu%RAVPLsM&_hq+Da5}1v4dY4&%IDeb61|s(c8x_?5p38Alg@MsL9slYJ8NMM@hm&H z(4r{fT}!(n3U9FZI2$#sdFaq2bYY7Y!nSE!*`E|);Fo&K?JmVJhT?`|x*%{3Y}Grp zDl}YXNsp+aT!}8zkFs z?xnU{B8oN=Rmi?t6n+IS!V?$zVU<$cSHiPmi+Y}ooib5>T{7P29%fe}BYE~8YGHh{ z*b$#xrfjdP+W0<|bL}q{*>2@RmK7oCtFe^}y%I%28|PqCG_orvtt8?VNmNF$nbi13 zc6w&Mkl0ui93U_XHG)2F(ejPNl+P7kVxiOKh$Ori3Y{id0>e}S&rjDZfEOKiA1TAvWKliwsJ?6C@+IqU~PTemhE51 zW`P(UJ6Eoq#u{JKt>0Gx+D*fsb3A9EPg%EPJpKumAW{JH7I1F*1?3VXDo4zM9I<@( zrUeEsNhq8f8@(kBw3N@%ep{&uofZ&a>UGz%1Zd9f+VI(PhUAp1(SwOE(@1v1B3S3Q}CkiQn$ z{|#B(p{}Bp|~>FK{(Lvg|Mtr*T!&HlB;=`eUxmiBq-bryJm_r4lH+!wyS_+ zht!s<5IFKS1pg%7Bsmy(uwr3!U+cN(?1b?Kr@xUY%kzL;j-~~YOlS=AW>4R<(xyZ> zwOhF}ScxQlpO}WxBJ|S7K-Wu2e^CfJ#9j25${WJvy^cFqw+x3693||_)$foDJpmG; zaMxTBdp#~C##rRKayl{Nyq(LMHoP*?f*z1mLgK>@_nccBD<`@^ud|AX7nFXI?=@LT z7OpNdF$vvrO^+l>of5_fr%5a#fEh=B#mc70oFrg_x(4=nPPTD6VkNW}S$JEOjRy9R zA&9uWazZNW`zm9xMSMgye=8VM>5-XrYC@BAVqBd)FSl4IxZ1V7dn;=TC%Uz2i=|5- z0EJ%4to#6~nr6GTIH(r1QTvBfy;{}~oJ#StevQU9q#1GX5|(RtTcg`-zO&cytS1>h zM?Zz!gVK9b*4&Ux>dyOWd4wk5Xb>?Jgkeu^NjdX?(T-E_8?Oo~W*X?_nDXju}T$2wZ+kX<`wpc?_-? zh>K1-|CswXoWGEL03om(+NGw4&e^bq_m>zS$N?D;q;f%a+mRFV_CSX!t+g`OL8|lE z4R{NCXGG%;{oKTrg00_-Ww3e$K}@%6#JHAkO*TA^RL+A|^`|#>YvjGhP zw5U^U{B{aw=}d)u6yS=uRE-ejDT%}Ew8_H;`ysNS2$MGJaU8!2#<;w0Q!YqB?U%A zzcAM7a<^4FoS2q4WDH^kRQYVNI2l7crrmxzE9uq%*KBM2H4P1j8{r_wA~50T$Wvxz zfB!Tky2sc@E48-qxvN*;Lk zlh~L^7W0xt9E4ChQ_2C(&0?ZH!61`wW&DusxfH@H!MX>AVG?}Km?=CyZMC3s5Clvj z5izeF&xoOyyP00Az6F+v+c;ctace3?q!E!6y9Fi~GC~(@?zD&Ix@xI_2}Bv}#d7u5 zx;iN=K=>r)j`ncQcRD3(Nhty~CnK4fmE?B_Z~{>~C9-p*O=*he5jSinHg=vD4s2iq zBB1SQ5Kf3>ClDOw$Z~I?i4a*J7ox)&A0?kbb{1Ud*6X(hh?FwlSXdzWK`g2k`9Wa` zIvg!-&SLEklI31hPGD7#FapmI<3;)&O=#|$Bw5Ws*u=)c*TTUO*^nRu?r^d(*8Sp= zND(S%Z;F`!?;8zXMoxD^ z7lmz<-{pS;GVe9ay-5t($BR4bA+BMYH?!3^mTt8>K?y6dtGd|Pb>bjq-k!#$rkAGm;2m(@!EYsNYI@A}dJjHScOfUP}v3`4n1>f8aURtH7sAXkE zl)fQFPudYEi{Y}ImVFbUi{2Kn?XV5iQ>(p@ixQN)0SQ&7d%YdI>sE$fug(RTs{SZh2Wdq=l+9k$jj|kMrVWMV5?SCQB?oSI^uatA}uZ zIGTD(iJbXqF+g(BRtl&Hi9pOZhxO-d@97OxQooIM7)EKKj_3%y!!{WM6D;>J%RuDV z@WeLQ{qEmPxrV7U9A>nEsKjPXc8*+Ujcj^zh|Wlyy0D{*lNyIjkp($c9hohdtW`uM zvyQt4Wajx#JMiu8$lXKE_>gKqx=|F3*5nS+OK=J+w_%nK63GQzx)EL&Z|O48yBl4$ z?iBJ3nabv3z#4gvf9YZ=6k<LnD4Lo-$mUFgi_NBhz$RT`%!RCcN z7XJxtbe`-Cm9r7@ouVXC=0lX_x3R^+g4#|U9^4Ssn(NyBN@cONN>Par5-rZT6wSh! zfRqx^vFO%y2giBR0wXRF1B&ertz|3>AnP$DY8@*$M0jDiVLR3Z%QPrb9;<^8HPGn+ zO=H3n;qqW!O)u)lT8H3k8_=OXRXqixG`>=2-vCCOmi?P~#)M8Q-0tRTa;DXM1|x;5}}VJ$@Q@tpnJepSkS;H zEE37evz5lf=s^08!CW%o&1$m{*axvjDQy&u+Zf=bh|2In~q*eKo}Y&IQ9<^iGbg!Mt93&SQ^ zZoYP#n16hSarm??ById$x!y51n3~fQ_u)Kqx~2RkOKsf1L~`-#lOTy1Viu^7o5NDQ zi5N!vOIa>pRY!eVutkxP>8OliAnIzS+kq1v;spnCMWRZD|ZS zbm8383z$ozq?^`&je?rWMvXBsC9=TP%Q-v_1096RZ?zpi77EG^;pZmgK9DIvf@4@-I$`3Jr!>-Q!!;9mDCqux zeaYEn@*LwFMuk;5cuH=oGjMQ18{%hkksG5J%Tyd>q-VWOwbAQRrgi8kBYGrCk$|+50bT32DU|K{{LbF>%+Yud3g*2_ z!)p}Slm$CDgj@AR7*E2Boo=H6LN7qfp*bBfMDP_$C6s9%DS0kV<+8BRny^a_J;+UI z@(X@%)tbe{FhRAeIV&b4bEP*}46_;it(8;|mNr5gQOv26xDY7UxMy9*P}&Hv1G9^I zd=!k545Gu-7fCo`CP{R0GQnWN;2rDPv24OgL35f7Biw@Op-7lUXWF>_J=H{LAPUx? zCt4vVu4a4bClMy=EH*@0=V%U%wo>G7Y|LfUI5w6PN#vyD@_@KSNr%8UH!qzWBYylO zc6mbflO)re?}4|SvtqKdwHp>Sr-?Ok9JW@PCaGR%(HCQP6lz|a@hEZ!g~47{I!Mah zg}biwKC9RO2TUwQVc#WM!+tH7DX8%>LM``}+N<4aYaTbPIxZYEf|>g;q5(vg8uRrI z#%`)+M5l)8ZG?brDajhupb=z>RMnf5@lY*T1V2}1`I~W#iwFD8=c@+xSeZ)c^*RH} zPbb6RL*(olaU8-Pa~5>=ncnaQH^Y656A1C;R!sstHukVkA7kDGL>t;P1o9}2?2+ZT z$xEm>6s<4aL71NzWBrqL^_#oANoVd1aFG-vYD1F37njDMF+`r!toC9Rru)nGMN zn6x4Pr36}Kwm*@T=tfhEC4a4zBbi(cGcQNCz0Zdpk)8Sqo!OXfEJ@>ZjT5vegXZ4H*!Gho%lHeNNJIiJZ_a%viDfA=p zjI!WE>!-dE_!_Np0JdvQvv6aA5?+YpqM`!jBG@hw3Sb#rLopS@Y3ab9y4#cFy4L%2 z5IRj5CP0hjvPanm)0ILB1xh!A&2ds9vr6nnI*#0%V-#OlGh2}yg&yikl3R8wZzGFF zE2YzJlRURDwh9{>;VsqYLq(t(0LNMWMN&<@_(AB8GpM2JqigD?a2T0@dM2NBihPM} zenLwwku?`+?xfNY%jR$O^Kd4cA#P{6^dv zB@Bze17`fB?0sOQw9=^8>L(g7I%NVvL5V7wtJyhKini$44r@>vabu}QxvrR_`ct0j068&jgkebx9MvEd1?=7- zvmvFQ#KM);8}Wvby}@E{hgIgtaP|b{{mjy$_4r-{j?u716w4H*i1QrFllf~rGoR1$DQ6Dt4xLqJKqpW;0?>V?(Ec#<&5M*i91~fxd4derg?StY_a`hiU4Y#wktP6Q8^e7 zFT|@5q!_ABKIMv#Q)G7;An8k|K8N!@MF}KO){6@%ADva{%X^VYmFXN$*xq861;H{I zO7Klm?4j@))y}EP!fFe?Ywgw+ahk<(S|%DHR<2yRk>IlzG@J7cUSiHm?+KV0c@yC*d7I|Gtd`zm{j=7Z<`{89&Lfb zJH~?MK5ovIqSuCTJ;^Gy$7+_aClCg)IRr8)7e^0lIwd%PNwx;!tGg>L%ISJ&snMKg zG6eT2UPXl_aR`q)Pm~%7kM7#}UmnDFaB9RslSqgAzHgri^<{Sxl9Vj9PZ$ZNtdJ6O z0>WCFWnm+Cg^{CnAE_d*LWkti*k__BDC>GIbaX<+E028EWuwZZ{%4%%Socco16Xo` z>Qa)Z2+1!{k|^tF6PJxWDj0;Q8SIVZ2H^Z{unj^if4Y%!uzHzQnEoc`&KSiPqk>Q5 zuO)Vs&VJarBm(ZI@Xg>hZp6y_C}Q%=RlM(cVa&#+$t(xFLXX1b#5v6DSF{b=YcRD%VioeT zpnKee1gQ6E1t@4e_w(dJXE`v*go>s)*1T&$V~27eA+iv)nMK8xmmJoazK~@v|5ELA zs;8JwG5G=aZ%AfKLRd1Sv@Hrty-A4-g-Btkfy8B?8*`{gb559)bS$-Utqf(&3}&Ub z)M=k!dj#Ua9cK-e^(M9BxmLg7xi)uF|6Nx)4BG#G5x|-y^dK))75}+L*9rr#{5b6&y?`RkmKgz$cUC; z5r}@UK+aWN3_ELZRM;@}H!iO@*y9dbU<1~I(A9#rX*k4j**NU4EIZG9CIvANKAw%i z#Q8z&#An%EB5~F@)4FMChCk>bq@5@#uwHkRu zg|fx!t&H_>iILdKtv8C3fRhX$Ll1?cB&*JFJMuwH`ZABPCm1)l_TIMIfX2IivXSl| zI9#4e^#+`r8|Fx0DQk^8;hZnS0bkH*4iHayp|?rH7o&SA-l6KixE_6r=tjw>D{)w_8+MC^#M~W=V=ClsdAJU( zUi(zvn`r;%)72T2+i_7MszuY`>=DZ(BRURp>Mrqgg+sU8$fwNo+*y)#{#K1?axY-g?l*0iy3%4~AySzCQvv8LE0W`Y(A zTXUTxo*EgiEIlz-HpTB)z;Y9+XRu9N|S7*E45| zCPSK2Y_MENeJd-_FIVBKTCc!kiR{<){+zP@i`;7)&PBr`nsueBE`f4_LBYnd7qUu5 z>bG$mx=^DuYMOd*-5_xZsTZ@cbcf_%Cn8N+<=y1EY@|@}seBd$tX8L2Fa~tA13&LZdi&M24}|dFG7Aiw$N#FNS$i;kX%&Q7TXlG%)tBLUmCGEnOpZ5{ zq#)(M+`|13%eBGc3ij=!fiK)pg&dDD4M_Xvk{S_?^YbXQ4T;cfs;-Gt$q1T=$5SGb z3ePPJqOg-Xj>6lf2qR0QjqbIpO(dhQOT_ZHS%deRdskMwOT56@6e9B>iabwUe7!MG zw-L^omg6M09&pQ?&UbmPgM6(rXR+v0{iI9w5X!#Fz*m9=Km#VBNRh(9y_Q)a(_~e4 z8LRX#B{P;nfw=&78z(=KMX_&+7$1WO$$E$eYZAVSDO8G-B-aUQX^fkZj~GSuz@-Sq z+2@&vi^Lk#x#G7m**!)K%_-tQCd8?b@w5N4Q6;JJSDRYabe>xD={L zi#L2i-juKD>#95__IWAnq=@;-GgqoW&z`iom=bK?jroX>mc&ikl}Ag$&ixROLtBwO zMl1~o6f-?G`G-7-O!X&jLRP++-WY=uS07#>320e;sz94y`X@|BaR*352P$OC1fReI zO)NB#Jgsv#G!i7a9YzF|*|*My??!Q1ieE5>by22>q!5V^nXb%}Uw@;8&=yui$67nA z3Iw_^VKH;x1i)m_Ou3XSW$EXN+LFG(_;wXNeT1Z925k}3vJ*rCX}#Mc2N<$1FNBpSU8L&0n(2V3aM$DegkVH&%s?@ zUMA)TcF|BY!nmYc$Fau_o|GGe)cHJNl-yu(xz}D;2u{0la(VS_BC?^{IjSio_Kh7; zPe-i}vXhFaI){lFBGwQsO}uCtW0u#K0w*S~BNnF0ld{qZD~37kG6)DzG-#~oF|}me zDB@{|>TvPvh@jeDG;D~kBG$6)5teTDnF!sLNcc=G6nV|D2OcdX9)0qb$7rm|OgocX ziiPo8CjFu>j$hVUW1B|jVuRfXabO$jB?SJZ*LL=NjCaj3rscAGryQ?bjU$-Xg$g%JurSjG3<{6lhR3Supnr15tD`Gj3%;UE!9>~}R0>hmRSgpf zadwf*L|Qfjb9dcpGC*eW6@)mK7c7wEFp)7)qGa)8UF>5WioHM*r)4$( zUg4Oyn3668U-6(tgsA0=+)K==bx0ff6!jS7Rqa$L4KG2eF9#soRTM?{ILHzLpTJxK z<8AjWNj-~OS{yst7#UU|PvO&!1Lnkh$%&okaFff}?1z+}%Q`)wLmhY}uu(ji+jVt; zWCRz``a*9RhlfbB+@MLjHDx_Y5JbSS){&LCNwt8ZQ*ss$?hvB?iDJhgx7wKXk=Pj1 zyRcHGP9t$DTWxdXXYqM zL~$FIxuJyy0t=||j(8Qx1DrdCv!FI@tHgBqAVu$kR|~E|)n0qKp&HpVH4T&tHV_Bt za*zlhnWik8^AXm0m`PY(c9Uu#BR;`8!dBzF){fv*&HjuAD#{rYX=-S^Zo`YL1V!X` zOp9EWi-#h)Hl|Nx#5pucqjYryVWhNol((894$mXt@iI)XSK4GP)kbbAtc%VdNqGmE z5qdVg1FyrNu#ESK#eVZi3`YmrHgVDmKu951t=Srdb89+b(N8YypCIx1O}vNyZ8prZkRG) zVjaOgi_{ujY<%oL`fd(_UD{1_11?cWrAM!g?fhe(pG3 zrEu-Qpl7$w*R#OfwY^T@**BrthTF3QLSdUnZ^bhu0}1_NsOlSIiKW~(q&OKXbJPTL z2C<;Xtcxt!!kQU@|AWo_n9W7!>T-D+;+W|;T_J_n)nK2Y>LQJ|EY2;na~8$}B7@cc zf5jFui>nCvjbSyxew}vI(@u`OfdA=puKWnjxP3Y}3{m1NB@)`d(P{29Qwht zu0;j>NoD&9$LELWA5(sHSbj6%_&kgLG3B>}<#!N{&-3XYQ@$3KzngG;e9!-w6no1b z(DKLAPt*QH*#7slyyTWIh2>AdIMByezF*6CQzg@WEByY=TE5_x?|3m+cnYvPwEUTF z`Afp@zgx>McFSvF`Ny>UGPk@JmOr57&vnZe!t(EF`HS819kX14`u7wp7W(+UzhBFr zL6r{Z`f&PxvzEWdE#GmsZT}7}A92ftSst zZQiNB-=jwG`C0s*=*ooNO6ljBkFxa+YrQ|h&&d1G{`lyCeco&IdA~yI zz&vl@1H53VKkwJ_8T@X`cgR6Q<)6~>w@1qFwCz8rV4FMVE1|CoN_U3Q$1I@H!4ZXgKm!@I=W8u(;L6K>IZZ%C_md$?Ec(PviOXYRO( zA4t#pptkdV{La6+{rXAi7md+3wVeke?fjK(=OJz9htuZttZ+`x*R}J_v^o89IHxxe zlYq~!;{EJc4Sdkf=}9f0rb?#IJLGVt{@$(S%>0=0)$n~jqUAS7zCXhi==)#N@=M+F zx_o~S*dtngk6V7_odd5vbH`m&>jL0s>bm)S+8q6UIF}b|y{ppd?F;9!`Tg{;An?s) zPuuz9w01rowsWtxb0+GAWB2d;a@6mSX*-YLCr_&xzpLr}2EKk4YEnJ3FJ6vHk$SX0 zZ#$FQqp`f;G580ckGszsxYy3*VJ&|FRWi@oF=f9$ujSWA$|r64YqY!`DZkm4zhBFJ zbNMMPzsLQ4Y%cH9_5Yo;vHfZ|myc+@)wFtx;T-Jw0eV;vq@AHOW;bcMkM}*P<-W7* zZY}qnWgqGD{V(m?v6{(8F;x2JMYQ6wf>E1^k*WZKVQ=4rk%AkKacb&KmP~mg@VBM z{XOfH)A(JXYw|~Mrbot)&hm42*tPu%ZRZktm>Iu$8DDDW4cg9+#@nGi`ci3!>U~)2 zT^?Vz^t?;L_5CHS_aMF#=@*@2UkK;*{KujKKG)Jere8Y_bA>@bgSvjM!tarGULLk_ zv$k;!>V$0^Kfx^*(#QMf6U;aD%6y}&mhW}nVI>@= zo|f-)%Y~)qxqO?J`}%*cmZz;Jdj9=dKH|3D2%rD3mfz@>?~scueg9k)3f>ecKgJDE z`KXp(;g;)u8w9pr*Wx^WkIb`9BDHZ++elk0RDQRX`{>d~wA?3q`;wOXc+y9-JndY# z0M8F}jl2)PM&5ze;@iWqyn=~JI{!oMT&3+ioOXVHBjf|#pzZk9#0RxJZA}c~IUm;N z9EkV#WZ2hlYa2gs1}d3-F|dOPEwynr3tEF<8o%3edS5yAd2J4B9pBoU(sJM4Sm{%K zmzGEN{|*rv)4KSumh%tu4l0u#MEQMM{ssIVd52Gj(0uaIcm>*L}Vt*S)__`wwe5(P2AAN`tBWbI+%OAQ+*4%oscL zV^qt1b3Ci%zVYp8x$phnrscjhaBrXQ->>C9`u(t$`{wW5C(?@tfp7jswS0^!nel0c z>uXla)86kQeC1|cf2;UCLR%)@JaFfkul~LrHEC-Q<@ab?58-$FEZUP_3!nEXt#de5 zhd87`U=M2fO|fznq4Bx1KtBe4Jmk|RwGO|Y85iA~w62<3 z?i<%TwLERys1F~~@*j5l!1w%tM^P{68TVuhZdJJ=CWU=RBFdsN~gUZ{N4h_XqJ_4{7vs&((=bo0Q-Fd0#ZGFCfua^7Hp!@rL|KUF6=RTEQJP3UBYgEhkQzbJ# z-EjP7wcN+M^t9YJK5x@_+M(z5XLw$4A4?=g#?c ze|xn28Ezk57>>bBT0Y~JJ2Lx|TJBq8cWXJx7wi~2vW1Um`NeLz(oK55FKPJ|Zn?_o z`TezgpIeT7KxCZC&*#PErvrQXl;5P~hhpuM2zwCNE%Xq4==qT|K=qe{z+azcLd+}Q$p5I(;0!9gzemS3UeX*8RI2-nFgw49G* zQ!ZBxUZ?l0(>@h_Ld)0iyIm(l&s2|p0pQQ-TK{eQ9vMff_lsd)&fZCl1i=vfWBMXu z0Pf4hTJEFWlUnW@i)NqlJGDIRPC{e(p+4XLtd{%w|7|T#JL9SSv-yjDzVBi!_s!*` zmh%y7#_zgte4ASCTWfdrDgRKP^3Q7di`@C!G0h#I_xrY%`)J15Ow3fTZ~E`Z9WK^# zzDAjHN0v9Kr?1D3u)*X_w{+kLt4&1 z%sV)A`yARZ`1sDQVJ-LZH&a^f+XE|F?i+)<`jmfI%P*r&n*KX7tozc+F$Zm(gNL-- z*S~Xqgc|nCeulN&_xvd>_qD&$r~IxycGB+5D?2yyC%`3waAVt$SM90>k3^0)b8Ab7<58u>X8{9EL2`h#c` zJ=Z+X{5+ue4yuHY!Rhyb;NR&-;xk|^dZI-G!T*f{`qx14A09mNI9q2R*x`1=!C6CX z|2Dr21ZR2bKiY#o#)F^j!5{0v&q?4%(WxEI`cd*25RE0={QVy7{F@a2g#JCEKk3In z@c2agzXY7-@l35}eoFlxO4Pp}1@v6Aa*ycuzNh#e{l<#o^kX1+LZY1uflxc|JzFaN zmexO@_zQke0J6C_R^&1WDOOw^~c zfndmk8;dm4g8Uo^Xf%?af#4z!{%j9^u?N4@gFn}Umpu3`4?gC>cYE-?9(%njE z;5T{j7kcoUJ@`vJ_$?lM&V$!Hc-@09dhmt^KkmVA_2A1Myyd}HJos%MyyL-p9-OR( zlAnR#ga<$6!C&gZU*^GI?!jN-!C&RUU*o}F=fU6L!Qbe?@ATkr_TWF}!P#0MG0+3S zTRrvP=D~l`gTKRr-|fNQ>A~OS!C8u)(*K|K)W64rzt@Am--Ca^ga4cd|DXr|1rPoq z5B|#@oGpG+#^J-B`fN>_QvcUI_3!oIzv;n0;=zC0gMZY6f6RmbjtBpQ2mho8|C9&+ z0}uXb5B^6U{4*Y$EK`%8f#6R(_@8<3`#kucd+^VBaI(xzeg=a3J@{XE@GpAsFM04U zd+-N5_*Xpm-+1u9_26Ig;17E6Z+P%;dhoyZ;NSM(-|^rNdGLSq;Q#Ewzw5#O)q_9c z!T-&Jf6s&ehX==1CFO(ruLnQVgP-NWALYRx?ZF@8!O!;KkM-c^c<{%2@N+%*c^>?S zJ@^wn_>(;NlRfxTJ^0f-_)ZT#$`@A2UKJoxiG_u=d?!lWLyyd}HJb1^0_dNKT z2S4e-PkHc{dhk0u_-PORau5DW5B@3-{u&SdS`Yqu5B>%Z{zeb}CJ+8*5B_5w{4Njv zRuBF*5B_!!ezynzDG&b61TGw}BUDxXML4v_Cb*gJ=N4GI7b%mIjli8fI^&l|F#6+JkEVYQ(La&TD;O_FF#6-Wj9;0+$G)E+)@Vn{-oyCy5sd!$PsU%6 zz~A&3f?k-w|C({u*hk7P`vLk>l>$!5&oO?BgUGK>Wvv>=gPT*a}U!K4pVEk1H{0MKkI}`YCGXCZSK5z~}?@r*aXZ)uV`0p|P zvkClhY^(o~1b!pqWHA%{yqWP&M?w7c1;)RUzzG-#-od**UN{h>Ub9d?wK{O#^zmkZ zx>~iccz~mxgnyggpno*KMt%+iyqO{x{V@>m=19SLv8Uj?s8euWyeT*@#uQwYbg`0w zAW65W%0Q5$+k*4t$6BHKJZUL-lFmyzNjfihlFkdBr1OF&>Ac`cIxl#V&I_KT^MWVo zyx>o!ABoQZTX!X3jL%b(AdmsEhD($Uh_`48KA6A=7!V87L>cs(2~6rg!-HSo!GFYq zC(kKq|Cyfp7kTh!dGKd@@aK5&i#_-y9{f@d{#*|}?7>SO+|}xbRR)4x;UCU#1Hq{C zSNQ8dFc$vd{5BAbJAZ}04y5o2R5}nO`2@j}e1hQn=ttr+5Iiq|5inpQIYo;H#H%|B za{VN~L6rt1l2c0kD-sw11Hl0ge$ay_`59^Fu%~{K&yo5^JoS_OkJL}{KY~wq+PT_; zU*o|iJ@~aA{HO;%=E0{t_;nt9+Jnz{@L3O@ zlFt-8$!7}wV)~Kz3V6%T%k2d{eYIS*d*;PW25?!gy4_@W12^56{*p5(Ww z;y{q(w*_x{+FADCEf3!I;42>dHV@wM;9U>i^WdumCO!qd(xJ@~6U_^UnmYdrXCJ^1T9`0G9R8$9@rdhj=T@Hctz zJ3aWDJ@}7#@E`Z!cX{x)c<{G+@SpJDZ}Z@9_uxP2!QbJ*@Alw7<-y`t(Sv`; zga48T|78#UD<1sA9{g85_^)~JU-#hmdhp-y;J@j?f6Ie^#Do8~2mc=){G%THV;=nD z9{hJa`2Y0apYY(n>%l+i!GF(#f69aZz6bvU5B`T9{L>!%k39HiJoq1b@XvbiKk?vy z>cRiagWu=D|J;Lr&Vzs6gWvDL|H6ZR!GnL%gMZ0`|D^~2vIqYw5B`7$|B46yYY+Z6 z9{j5w{BJ$@*F5ga3aX{5u}}e<$$o z{WtRG{1=O#r@x)~c*6hH;y z;IH=JZ}H$i?ZN-XgHx=bwEq0N2Osv}6qAV7!@um1xB7~{+$D;Cen5ch6hEr?1!oFy zRPnar9mS0W;ah>H_4Az`{C(O^<1A^|te;OQ{s)R1&im_%-})%2PqDJ;^VlCwf9`p} zhk}dkdbmca2lJl#w|elO_26Ik;5*Mx@6VhEf2Rlk4d6q;rMCarw*2{`r~cEQnEu>~ z2XA=rU-IDp;K46`Qu=cjJox*7@3axR5f4Y->okjgXXx8M zdGNEIEbR~KK$i8nPxs(^6el`OA51rYmJ~m&_?qJH0G_t~Kd<#otT>8EPMmgy(02Ys z+j*?M?`su5|3YcMiE{cF51dKhY3<(vd?+|z=gX{zU)FY3bR6C;%?0;!{e!l?76%vN zm!Tl^_cVO`+x}hp+Zh-y8vk!AqgvJe>;*pL_<_D$@t**m_T0~T z@Uzk3wEB}C{EZ&`k39JIJoxyt)1SNQ!G8_-P%vr7=L&t_L9F8;&Qv0Rp&Kt}{Ftpj zr}h7u@#`#Z=6yfLcgXRZzE>)=E){_C7trT1_?y~4@A>k#Sur;#{swJlT8e{v75~nd0F>W=KL15a)s14>-jYB zwEFjI{ZD9pu%Z+W&jB{x2&2=wkwWT>JC) zia%Dz?ZsOE60E14L1<@g#`#L%Y4b9tczpa{ruel$+$imu_MZWKD0rH_Wne9$j(G5fwlkvb+@<||6Y!luXrFKT^C94A>-n?V z&YTh?ihoa^f!*o#&jU{Vk3V;h;-A$1C|LrBLvCl*wqy9TA<&(nAdE9$_<>h4KA5Qg{a{Fj zf)^(6n;B2me~|H^MEzON*`eSji!0d;9$-9Ke-dz|JUh1SnwZ=qQY0?OM!pGn|D!7a8Ou;u*u0OK#Q_@d%x;=CCO z<}40&h(A@}Y3t6sr_dy2w=|rcLPrwpTFjI!gvvn*LDsa zr1q0?xwkNW{0yyzXUXUPFdoK{F#GEm&YPj2Wb5lO5WF9FT7SOI^~1OmkJI+|AEtJa z_uM-eZ`tDtbx81Gqp zMDdHSq;^hN{3gX;#<)3kgWyKR?_)fSUvY)v(^pYDFSYH=EBg@DESEhU&k@ z;*(nc?To+9;_p-Zd{h_;%wkgqBz=C#6xDy5t#8)PuQDFS z%`o$I4mQqE@D5ww;I}iLJV*Y7@g#k|3>_N^-f7!8Py2Z<<9A!Uq4)t@z=wi&S^Nu% ze}wV(SbV4A7td1tpSCz&hd)2Vc#^(-oAG;WeY0-&Tu<#J>DwKQzt`3`^zbu`zdwOL z@dj$=0~R;y;TFcjxE#;be!iXY58C>s{RbHT1&bT{{7h`vp&&`GPBZ=?TYp5`{|4hp z`tu?XgrVS# ziwXj>9?pId)xX!)H*|iP@i6YkxIXuv82^Z^Z^rZR&D2g9_XBJ*e?A2~Z9jg&gFooO zALjNyYM*P~_r))!=YGuMtNPqOXZ&|8{*dC&eF@e7gvD{J@aOj!|D?qYJ>OrU`k%76 zStsvjJV}4fx`pb0+SWf$+n;6p4=iqW+E*D5XYkJb{0Z@y}V@tn zJFj6pNmuV<{A;$pId`7gq;?*(xarT2GyaVP{x!zGY4M#p4y9#k=kG1PU-6${{M!~c z{KF%RC+Xg?7PVufr{VklKI7l9?U;UE*rxgqS=`X`{fz&k#gAxz-oyAmTO89ZpA~8+ zNw20E|E{fX=+*Br{;w7{&;3irAF=o|wE4?#qxS#J;y6b6^BKm!XYnahzeDx^!{T7` z`147|Lr1=g6@NmP>WA@Cu2B3s#*=j8&lx{cxhIL2PG4E>rPJYG0iH%To&rKT6r5$- zF?8UajE8Yo4F0E#C+W=YHEJhGAO1VzkGAa}()SuaLG>SFaa@!6^M{OwaazpyJpLrr zPwtmjF`nEPf5!M@ZTrvB_Md!;+BwJKW*xqs@y93d|HJsX34Hl>YA1~AV#eoVjE8Yu z%sxHyrRnqX1HgxZC))PU*M1)N)PFVC597d?=YEdyC);)~?EKk%2elu@f%$F4f0ywv z4$P3^Pkb5G-)Y-1^mB>v#K|>=j*&5rFO!2 zHD>)>&v+QG#`N<8j32enHTd@!pR)L6+MnCrNbOH2@Xs(lYjN}3=e&vPhw*9*-~Ka< zhw*Am`_H_S>c1e-&g&UZj?aCJzc5jM=*`s5ixT)8<2PG;Qs3)-#=|%^W?fzMW7JL< z$HtuF?`FK3XlLh-Q~fZGjiHA>0eolhDqG*+_c9*FIWc?o3&73q+C~2HEv_HNQ89G} z?xOa?crvE_i+~RWVSJmnXk$kiZ`uAlSMi>w{yVw-Q?|Zo|6a!LNZ_AkJd7uEj<)|d zz|HRp@sCHNV>^Q|?#)guyoB+W+V%}SzmoAVj?KARzXCk1{nv8+SK4+Sr}gh<{52MT zs^Y)Rco>()JoodAztPq=`z1KuZMP~XI*nevb7^g5C8)e`rZ-vIyV9uF>L(iAdZpHG zb$gxFT2G61Rh!Lrt=emMD%H-Sfa8tDR=ZQjA4f;8MuU^3J&o?6cB|KEHxDgUJJlMR zFV~#%k<~`4H`|`+bsDY3@~P=5w{U!+aq{Tua=p{2P2y3_dU>igGhCss@2yl8TdS4Y z$&-^KrAlSKzEE9l_A2Pnt(BE_vr#)$4xchIiq7|{jaITRQ`a~T92xV~8!n^b@vy}` z7>d@)T<2E8XG)djuxMm>t=e3z&$h2yZTIT)@@7Y4-!JW1toLrHHXHLd@{nIsKh-Ty z&GdG4>%EDiGripvdbLuiG%{E1Hfj|-4&yUXo9UHGH4J2>*Qqvo-HBRxriy>c<(b}S zv)=7a%#2qEq8~f}_`+CadJgsL^~zGcI$!S`8Y{2a?v{p+RJ%Rt#NkN6$V~54v#$M% z6pc%D(+(anQn{gCqm_W(*7NlreI7%f!=@U`D^2s*LLU+Kdwh+1y{QhH)_A>_Fle26 zby)^z_Yti3cIT9-GSk~*rXt@X$0{?uy_JdidaKvyo#Fwr^NzuzdFL_QWgb(ZL7bS` zTbZ0ImCNC1ZcjhL_ul-nc3y9bnhi&%h-G10tLB<&XRg8>vFXiaJGFH?Hk_R8Sz{&7 zTDSecp6EH1TJ8CK1Zw-Yk271ttF6XutM$rCuQMShYn0M}{Fg?}88}~W)_e5{oJ!^L zp|OdXU6r*m&Xy9No2Zz(G1H;&>@DqT)lXC`Be1!p?lgT(&9R6tHh^F&++M0J~mr9HY?m6O;tg=)(jwCYuG;j z*7_;%v&$>h4)%$1PPyKVMv$2)XMSRPqNo=!yRY#1!7E@pq)!iyU1AkcI##I=5h4;K zTt!AYWGRq;q;kzb$^@iQk8AQYKGXA)k3EK*?pkiI)x#~4i%!up!d8%>-ll`IR5?Hw zI1t+TIxT^jgE2CYwqNs%Vwnj5=xxeAPhEAn9)efE{i$RJkKc>$BQ&c1MOW1JH0y9H zw&xUWPtTjp^u~ItE6w`E)l->vBoXDAk;=@d+zo_^ffn)^;2B9`DTtO+ad<}LXQ`&q zV3PK4tPk#2LB1?^Q>x6;a0rc>TpliG9~UzgrC3{~^3{0pIG>d|>bQ}I3!*e!xe7OL zxg1lM(r0RNZg`zZcr-tV6MB6m? zZ`V@&WDL|9bEPgatg|;Hi*WW{IeF~hfyv6TBS&V+vz6Hc2PexqKUqaYhh+xjDJsG_ ztWzq&3%65l<%o=EnCFoeN+|Q9%ZMW@ioH;zP}vD{uI3^2M$8d;p;#9p-H&wOu)F{$ z9VY)ogXalC%7sP?SB-g^dKrveD#a7|-N7*y$CXb8hi|;JQ(w3g;>VLGE0}mlIU&aD zovN%2+b@qnvbS0S#fH(g#*iD4FvsN$je$D>ml}TDgv0m>Lv2+`+ z1i3W+h0xPKOqTdJA)ro3u)%tQ0*4K9Q?n3fj$z#7!R;ob<3~`>(pOMl+E92MqT!7u zCJBUmPi02`qVF?LFw?_BQzkI&sXS@Kh`TLe`^b}WwF8kY$PAAjy##L!aC4S;XB)^} z7-@6F+9o!rBEUR?7L3MEk8B+LnLMBHRc+0M#$79o-lTTbU=pw zOyjCrkt2d%F#AwfXUvXGJgPLz&*Jk5%VD!m!VoxXsz6C~*c7XQbiQyP<{+Jr+?wwf zDy*|gFYcl)y=!>LW%@>Yr&j7R=Pq0tsdk-npT$R!@?Ez4dg2=r74}rShuf=IV9BDr zP%F-eE_DjTQ;&YP_3>)=V7uK+es#3lxILxC#z`ew&Wn{s@tAAt%X9V4(du%&YnCqe zG!&ZTnJdHGjm^~;8!hQ&F)dB zoJ)ih4w5VCo;Nd^or;WuS6S>W=|ai={ZSHMCzl!46OB@M0&egWU|P6sM5mR?AS zHm!a$CkfacOFK5*XxJ2yA#)}b`iQX6BCc)WC=}9~d*nwif#yMS2u3b}=8aN{)<29> zzA&Frp6tY;b2$!B ze7^7(GxccACwMBAcys8Ko7pL1y*a#5F>f(eYu2lJm2<~xccUuMK-D7jdVXtHk zrXt=eDjP_f=sinS7|k(hJJJ?flbGychJ=X{#Im(p@c`fNK|#dq1u{=kqO#9v%g$mx7$luQbanOx~i_g-_nR zl$0f;Br2tCFNA1MQe6d>F7MUB-)5=!HiZv@h_M})v3R?Ym5odpos{#>`?w7-o+(er z&3>k|RUi|Z(t3YZ)IT&bdj)cjDgBG^klwDOa$+g1_2b8ULU7hFts@DC#nw7^bqHl~ zPP39@-CbMS029GI%%mF#?e@LeZIFxg`k$f|kOAR?azu|nrb46T*6MN@@*J_uJq#w*0-k4>z>U5gt#?wC#9!zn77~dE4<( zIsX^dlXdw=cyJJ?|qnNcsAGzc}*eeNvJJdaI@pLT}}M)KK^f|JOG_uFM9H z?q1)nPKcYF4Ih_ZIYqAKD*7PfS)$}3y*H+kuUDqr==9_iijX5)rGHnH@+t3@+Ddd7 z_PTVB%#+A9Nfb5qebVZLuOnI(w2IrwUY0k_lETH3qEgz|OC>0b4~x4Pl*&;J7!QFo z8y%IjmioU=gqo-JrvFpaUgfCV&{7*Ijll}v9Zi)?Id6k|t?JU*Y?T-N|{fVbWp5MpIve z6P@F2>`{jy^g`u~`_3pg#R?|Gk5OXnS1BX zeP-oBP3W^8V)FUQPT@9cg~sba0LGz9f|hc4(<}%At<<_v&d4`IN8K) z_&f>nUO&By8~*(|iK5PD6r2Ye0d+cgKd|ZOmTK^wfpN0Q5PYq^}Os&lQEk1hYNXHj7}nBJ2YSCAEO z&pdnP9FEoJP32j)WCOe~wj=L&+ne{_Uou|vacnK8(`SUo^LOvCCY%!Dqg8LibeER= z#XP>xdwOR@z3nA7iNEp0w1O@(w_guad$iY?6m(8!=PdxvJBR|i1$eGyAvet7l)rXB zcPD$7V9yJULRx#cBrh6J+gT0jndb0r!08(bJ0ETdZq>zk#ewHD_JJL`Rg}-ix+A=B zY7Ir&2lfgGS=Q?eYx4vINJ(UEr&FuWjEhYSc@Or#Ia)=60y_l;g)DXt*Iv;1KxS3z zyhA?E5-vw6uXB__4!_%9$a9`rPP2E8hjY)7FCd_O;D^Bh@?r0m&LIu%6%^d5oA-m? zVX8FegD>>)acA59{>~VpMxAgxg`5NLt+;?d=d)iy9XmNM5c08k|JtPk+B*Z9vRZ_^ zg+gBOVK1I?20CHcVSoRkp62epN6dX$Q605x_PJcAkas|YTzkT@A*Xzv znsk;@xF1dRls`b`+bViDik}OAUFYpKgu>48a7*Q>i~rT{hH;Swbh6&7c6hD=k+Flk z=)<|V{L?{X;UIZghK(ZM)O1ql$=5eDJ6gzTG15{zZ@lR4yduOsC+)NG?zP*dX}xE^ z8`9i;g^5f-|97ua$@@=VrSg9~sT?vg3%^O_kd*(?D_wMq2WKMPD!JFqkR}lJ*B^L4 zmlS?=V|OKQ>I@CJ0enNv%ze{9sE-D{nTvwES{XVOdmC>_Qpx3}zltP|a6!(SS{yjp?poG&bqH{V|bzTk>?7Sk#nKty- z2a3=Swr>;0=Vl>iuyaJ+2^-Hocotv3<}xWCq0d{eMVprT{4v1ueg)^8^$)1+nQ(UI z=?ZZ3`_qJ7U>FN4Mbz0jr|mftyUq~US^X|U|M0wC6mFr9BRvxjHZ?}g=rvX3%;bjY zoRY3OWOfK%F&?IL&hV|4Q*x=7H*=eiuYl7=-GOVUi5urH0XR?7?Zbp`>Xz7R()GobyJW!@tQYciw6kGEe5tkX3VbGt{m-*CV$B3YjPgd6l!< zs(rm-vV!vtVCSsT*8uCQAYY#*Ott8|i_}^F@n64-)V(?Ui#K-uce8`}{@Lsxw8>iG zSjm6YD;9;eiktULp8D!ao!;Hsz+p5^Hxte-(9}$r+6dlXgj>pxTaN$cHPnB;)A*0- z=1os9Iv=?T=+dTD>u!I2O1+tG#ujy<(Qjo-b_zR4cJ zor4N_$91XUE$7Zks{UVAg=c_@6WQ*vntz#-r`hub=*rQ6!0x>&dfwpe z3{UL#Eli95oV$3>-KARxzK1$tI-x?%3fFLMw|PdG#tdQFh)u3S*RL+ISmI66%b*|XnxiUFN$vI2pt{HYVJnGOpVd%`ZxKq_m!*wRs zY=x3Doff91rIqG;4kLVK1M`K<2IlpAZa4H?;OkZ$g{3X{yDM{G8qiZq`JJiU|N7u~ zXJ_2`DtF3FE>|IaV3<}$x&7SV`QvV(y50Zd0Uxe5wdFBBZhW0S$-VRbum5yJxDBS- zx3@<`|NAduxJz>24_P>u3hRL1Op^#T>*8Jv^-sAt-QE8|0fL-QAG%ioCx9-}x#pbJ#ks>wzaZ>%}H3(j>6 z_y5h!wP)>fr|#YUSAm=t>2&+opVD_8tVy31-giGvOZv;ZpRnGsIHxV$u{cf5sj`3j zw}50Rpp(iOeYuYpS_ijt{^p10KIrwUVP5wag518(-`}0ob|+aw70SI4s^nZQom(I` zNX9U7r{(;$q1SK1$-#evNVnkb^FP1S`ZxD>?$U*Sw8_eHcju{xfWQ_loc9)X?btF* zBPM@m zLp1uAl*2U2cm7V0(}#JQQeNkAsQ0EJAn$*3+u(kzFi4_Cm5 zBHXs~SEHHIFf!q7hYV4@Q-^<*%K2+7A%h&}D&qa^7QsQz2b7)JrN0=f{GFQ=_YvCv z>1f`a&~|pkd8>k_Mk>1fgVTS!raibn2>ED=dm#=PQipv}Iye3|HR#Icezwc)VyiiS zkJ3Km<-88ab3JzU?X|Ny;k3{G{&Y`Y%b9Wxxv&3^HyvtH&a+|X>g}1BbFMp1KjHbq zV|oAP+mAy&sN>v(7O-j5P$P~i?f>DQF_a;Y+t2@#KV#_qE!uh*{vcz>qtno1r?5;$ zyPpPY?ffl9TcG0X6_4!x!5>j`VZ$CW1ppS2T3*DBFLhr+TFtX=TqDd5IcK8vyJXE0r?xWulZrv zMnWxub@{i`cFT6`;Jo9({oG+#szENoq1V^_c^AS~O8a9YIO;4E;9LXSwCdn2plt8_ zp`Gqw93s>6ijdwiOm*Nk1sn;v-H$!s^Zd87gwO4&oaQN)a<><<3-}w_w0nYwe8MzT z|Jmbzb)YbZ|6kNTq^Da7w;hE;&kdcJ`$DZ;dGt4!kIdZe{f-yzhLXL z5BY~Zn79AZl6{(|Pv# z1Lh3Uyay}XMpEzzAK!ZsUd`Xz`t|YmUo3Mp91@Vvd6%B^cXR8ze@L{8y|vjs5!0!Am*9XNZMt;p9_aolkk|hbrt|q~ zY&YnCygl32hk9OS=QEML)%brz$p`=o?EN$2SYZ6KtmyEEVx4zNJL3`eZaT1en;v=H zIm@nX0)pB(e{DmYeW3c;B~+&z9j{Af9&q>MER#* zU2@ysCgcM&K2V+aw>>!S?+|d@-*Mo$zhC+A?clh-yTNgPqv!#3zg32MNDhwib-?RE zd~0xwU!`vK`JL9!R)}u|dG>=>0)GJB7(9)8ken~e|AYL~FDv;`_0sBYI?U6Q;!kRP zEAmU~1AOF}K=HRUeg^qN^{;&7*-h~;H2yHTwZoI-Mf7|=3;FT9dn<}0bn5}zVRCS6 zhnc~#9ai$;b-}S6HUh_X@&$N9IKErJG5#SqmftU`?3cBN(pnGE$;+#!RCntE_ctpz z?r#+zULPFyw+T3we>pgof0w$IzlxS~AH-uhPlIDQ?@*qqn&%P32S7dNi}w2V@V>g0 zr>^Fy4)Iu?j^NE8{}3N}#`=h#16~sHtnlGm!Lc5WfCoaJU%{J$M~&{Sham7o>JEAO z1*?Zt5Z?mgyHk88t+#bOqkNA5O-%R75_=t}g zL+Z`yCrINHsJrJE)=y@NZ>jOQeZ-fh_%<3}(MSA8;K6WQhEbk&nrAG;w}kk~5dSXt zY>00Kz7XPzfiL$FzX`lG#P0@g1AYX&BKR5bw&0J!KLn2*)7#G7F`kXbvVgY-F9eR~ zqd#~Dhz|zu2tH8Vp-|`12#CjaG7r2Hne+gm^AslYLR zR&dN;0vz+y1IK#n0FLn=fn)wL;Ml($RkwORtL^+exs4yLktcJ1(fPUs`EmR(Ha*<90iPV?Q<2N1pLM;^%_n z@ml4>w}a#U{tS-&kzX9|{$hU=Tb=heF~s9}G>qc&=<)r`hp#5L{^)BT`43RM^+(5j z#Q#k3)*s#V5g#$G)PwD>^+z$(xqnGT@zx(@@)2Kz;;la_;MgB!0>}QS z1UU9b^}(?}Y6*_#U3YN2u1*5S{%EzjwJW=Bd=2q<9vub8{^$}omgfaHp6^lPd+QCa z=c&LkPeC7E6&&+70LT0tz%l<&aICl4;26II9P@7l$NuP&x?9hko&VEr#V=X{Z#{Hz z+{Pivz{`Rc0q+K0Qr#iH_niN;{PiFnud8z*-n~V(ergHC_lEpiz&{4xPkCm#1#rHO zK|HpfTi|^lPtJt$d+v2?0C;(IH?3RF1)9H>4{u9;RMPr&f&5sWq2L2yyHmk&UT6(C zo{!tWv7HoYO_&A8K4UY8?0A3#A zdxPVCeFBdC#Z+*NpAU}l>%lR8Cpg9*2gmpe;28e^9OM50$N0F(y!DLnnZU7r@_=I= ze{k$K+ks<$*HztZ2L8_fS${VY;wQmznGTNq;8Gv{5b|UH_#EP~e~h18>cK4!#wS;I z+abp10-pxuECoItyf*j@@aF2aUF(0_LOh-q1HrNX-3^ZY?|I69*xiuxb<2mpfIKyz zoH0|#?^!vmUrwOz)(_sFW&?Nk$;L$m!LhxS2FGz=U2yE*TY+Q$-WMFVI|3ZHI}059 z_m$w-zwZIZ{71ks|21&z-|vGrf%=J>QtH{QPt2bH9P{S`$Ns%HIOZ7&j(Mhl<8fc4 zZpYomnJXY3kNa+L-0op;-0oR$Jnr|val8>BmA8IyypaSPx0?YRw_6%~7Sw+eaP0S6 zgS&m2wdY>oSZ~ABt=@LK|KWU%g?OyDh2U8J)!9R1KY(L-&Z%2@zSHttgLo{@ zbMQG%tnF{q)UqFL`^54j0LSvA2mc)Mw#zyl!6x$9~~ga2y}L1Rn?GjGIQbr~V(i|KWU%hIp+1 z`QUh+Uk{Gu`2igF_a|^XUf03#cs&RI0_rD5Mk%kA|Am%6F?n$b^Giiu^ey>8di6-o zKdVFjycBQi+loRw_P-xcd;`rN>?8hTaBL^z!Eruh5#?{J`By+Zmgie=tmiY}SkKqN z@w)UB9P`A^B=r}``G$Ftfn%PW;Fza0IOeGWj(M7a<8^X4I9?~$f-iyNdm0?)@$P~z zh4@$C%fRDg_SOS#w>tQj5I+bUw>uGhIm9mq$N25wczrktj_v9K_!!7vJ&U*eE5KWW zV>=uTz7pc+gJb?p;Hx115;$H@UV!6v(`WUT6R(p+!7;uyI9~Tgg0F`1%mv3h%fYeT zehrT8_B=SoKLp44m*CjW-^%9QUu@?&z}GqBL7yB^jeAFc8AAwOOZ zJA&hOhk>t!^6UZs3jBh)mD3$_xL-d*JYL5hg5z<95FQ$L($f-vrw|2#)#hfn)u=0N)IG;^vTgbI8+9tp1a# zyY-3npAj6}b5S2&4jkKaLvU=*lfbc^tOm#9yF=Z|zfRljUWnfU`+ET#&+FUZxL?2f z@Mt-u-rV}Za;8zY@>qRlfq1OXlHj;s^}w;5&B3vpoz;1}A3;2B_fv4pGv9}=0LSCF z6CCp#0LS=C;CS3)<$8U6ruX56efWpqli;`y1IPLNCE$G^{xCT1*IDrL5dSkc?(aLf zWxwpW*nDPTb+`TWhCB_xcYyZ--w8eqd>8na;NO66R(B}W`Th;Ww}klE?|6?3&huwg zw>(?)yer_t%R?UQf9q1b&GUZ%@p#|S6?`|8vp+Z$L)>+-vjlw z2ps46*MQ?Z!!B^Fw!B=%l{l4%O5qLGStvugp zdES9|ERR3^p&;ovyWKM#B?fp-JP zeq^}1m2-n$|HnZ*mU9s}=Gg?k7qbBj3?teI6=O7;2+e2`y|5xBx|1k?l zK5qX>z{^89^MGR>e{gKKHNbJ45Co2SI)G#RKyZv74UX}1z%hO)IL2=U$N0VA7=H#F zmTzZ1IPHB;22*T9JgB!9OFL($M^x@7(dB}F9pXu+rhE@>;uRB zx&V&js`8C92IS+v2d3_2T%Xt+X%XtqR`;iym*e@q9?5%&C|IZ7K{Y6FaMNkio z!Lj^(!Eu~F8yv6mhr#i>dJY_~t2e>1{-3B@{Xf?F_bcMvU#$Ol>K1R;|6~x~681MI zIF_>hlHoKJa)&<#^ft+H-+q>O6kP3y$?%9vthrCOBTNT7YAokH9g{ z5OB;h1swBy366O-fMcHh;CTIf06rAzEm<*dJICh&CBcV5d|hySE)Wck&jq@J<9648 z<8y)A;JDpC!1qIW62I#$KgMST$Lq#>;MlJG!N)-UP2l)k;21cz!{^`!AWu9!(cE^3 z@fE=Fx)%VB@iV}2erzZB8rbe}AAV8Y3H6M(Gr9$HzV49gKm8t(+xs1!sJp+8*N3?8 zdD3~-dtiAo`0xVYYoYvI!EwHEHaOPXdT^Xq+y{>H;Xi@ny!3r=oR^MO!nRe{(px`x{dpf8 zk7F}%thbNB@i>kI$NicNj^$qrj@#V;j_v0pIBxekIBxd=IBqvnDQ`WX=K;rhD+`YC z)xa^nHaOOEe{kI2i9URZ4}Spu1Duaf)!pmHA?N?zcD}n`aZAg0_c|~M;?sgR2QLGT z^Upy(ysr{tMuPA^$z_hTu{BUtbUL z!7+bc@F9@rBXBI|C*YW8GC1A`EmU_>hiZq*As+98z5&PW9sk>|Jo2m-Z{~ ztsk71P7IFQO%IOSEd_oG>a8(2&P%rf$NS%&;8<@%)vexaUiwpr$9h`;j^$qkj^*D1 zj`emB9LsZ7-OA(M+q+*^As)-~4E!|IPn7rN_aZspusrd>u{`O(e}X)@z(;_;2R<6S zJ~+-xcLvAnUSDt=w~qqH&)Ka5$Nk+2j{AEV9IuB@!11~ose-rOM#6q21Rn>U8GIgi zDR8_#*HL#uJ?E*-KQw{(mXN0lIOZ7&eg@(vfMdIwt8Ux1`R64NkL_wZIM(xiaIEK( z;MlINfMY-V0vz*1t>~?P>}QjMV|*rXj4uL?@nyj=z8*Nn2ZCdKH*ky}0gm-B5ghX@ z2FE;Wz%hOgIL7}3j@!Kpj`5KydFvVDlYwJ=ZXaG29P=~)$KxIZj{DUM9LK|7fe(dt z{yjLh^Hb{9&hNSZ;e1_$cx>kn!SQ-KesZwdSR6dcPLud26xupUx@ z<8jOej>oYCIL;eaRk!_G;5Jm}t0B3~3pFFRdE;QnkMly^DBjv_ABe|#7!AG>>SrG1 zvGs3DAs+MmK=C&J{G*TfN8s2FUxDLzAW=1`C%3w=oH^93KCPVjAs)+FhT^SVRq_$v z92}2(PjEc$gTV3nISCx|ECt6r>%cM3UU1BF4jl8`0LMHp!0~#XvAVaOheCU(4vzEK z-NA8wcog_j$TI^R=dqW8<92U@e+hZA*YK7Tx0?_A9K=@!$M_Gx@jBKW9NTAKa2yZ6 z0>^pmq&28xDT(O?u2^A z$#?WRR)^fKV~xpee!Cgu$Lm-xa4gR#A3hU&EtLNj_*dXbYkTVf>n#uXI*2a^z8<^| z_y+I~!Ev5>82Hx^KLs3*`+RVWUk{GkJqV85y$p`?+Yi7of5tlA`oZ>-2OQ_O>w@ET zsjUz14vyEQG2nPzIt7l$@dY>@ub6eE{7w~n+Nbpk3Dn)@x&`V#Jvi=fZgAYMVm`bw zIF>U29NSxea4i3);8>pN;8>oOK76+iKLn2Te;FL}{{oKj5$k!|2_CN;;8+i(e0W_S z{;|4y9M3!d_qJ@#Z=nxA0C_IL@jVA#7W^UPxdQo<*Z1z%Rfx|4j(IABUx)Zw>JItc zg!~;K{uadd1HTPE1^f>9m*AJdH-O{uI-%}_hAPh;h{ya-z%hT)2HyI)3){^Gj`h=0 z-Q8|v=YJ{O|8u@NK>P#9GZ_3K_$11cMf1#pc+9f~9P{j^JOwn*0f@&u$H8$P^$z8! zqIn)cJmz@;j(HL`l=`sx3Di6()!pkA=E(?-d5Tk>E}Ewt#ABW+;E$l5+ftrBnx_lI zKZf{m6hA=Yr}~KB0FL*4-&3B^n&$|_<9**b@ZX?3cfc|KOUnPfTj9=Elt%L1t!K=i z2)q{L&!+DFx?4o|p4|P)3-S0|sSG%d_i9p}xtgaT#ABY;;J9DCDbGd^b4m*99N`%!kKs;;jeFlNB7Vx23?b9_sq=wmy8251;PC7lLEIvlJZ1 z2^YYhz;V0{j_vB1x_g?q=biN<5kK(O54NjB;7=icI&iF?T;N#GMZvK=71XUf)*sb? zcq~s4IF_d)IF{#Qa4gR-a4gScbt{kcYqKF9%d;9B%d-_6%kw=rmgfXGmglOvmB;$W zI}nfMc?FK;iP_Y9e6c)9z_C0Tz_C2})U7<$&lZDtEKgN%EKfslEKe{vmZvi~mS=#v zmB;$);Si7InE{UFSqzTlSqqNkxd4vwkH9hh6*!*P@dI9eT(W>;o_ye##~&Qa(+C{% z1cPIqUf`H#3^?YQ3XXY}fn%N>;FxDWIOaJIj(Hw}W1g4bnCGo#-g?ICXJv4_kLU{? z;VthvmigfLTz(}u&R5?C$9b@q;87rdiauq|0M~C>q z;4#4GfaCn(D)91|D?}P4xW1c9@z59!K5`kl$wBUGrGlAprZ48d}FhV_| zvw624wDI|Ph<_XQYbM28KeYhjV?q3SaIEKD;J9B0DgSC6x1WG`EYC%Xw|@Kv#AA7$ zfn#~11bOQp%aa5=Htbh=^@v(;)<0&4c-(GraNKSMaNKS~aNKSSb=$7>gY6(5x7!aK zw>uIXw>twIx4TH)wrl;}3W&$;?f}Q_9stMfo&%5bmiPR

Er?e(fH_<8~vq@E%9p zZftPeZZRM3502+o18~d}1dj1Nz%hOxIL1!|$M`wm7{3M_KLn2tz7V_}_Yl{^8_#G=4OBTlI0|9n>e1cTt~8-a~yRd2jX4 z$@{4Kn=J@0o2OpRVyc$nEc(?Ixe6@q5V^sUIL; zs(zS!h5B*wHR`9x*Q=i;|3lkD0k`ovU)B!K#gTs(A+H)&yf}FZ^-|=W)XR}aQ?Ec? zM!gDoA9eR$%>8n|x&IrW?w(Wbm-!I&2IRxln~;xIZ$>^&y#@J1_15H5)!l0>mS?7V zC-TqLyOA$Y??wKFdLQyH)d!HTQXfM8mAZRRf#uw&KAL=s`Z)3(>J!O#t4}50t3H!F zj=Fm{sUw|3$j63=|#T0MUYz;<&&d@1l;;QIK{vt4)W zWbM2K#Ak!}kHK?;j{?W@VhQ*=5Wg8b5BNbJeg!-)#6JYb?Z(yn6h0sQ!STE(1$pv8 zeryjTp?-Qne13?><5d70+c|nU$WsvF^|9xl+Cv72F9h*;z7z(>c7@lscOg#^h}XwH zp6$A8&#gW5hIl+LaJ%n9Jf5e;!Lfbjf%?Qe??F6zDRAs(OM_$o{sQvj^{NcSgaBNo%z)M1WLvUSA z`=|31`_o1c@2fw>{l)8Qao8^IFK*X;H;ebN4eE?w9K=V83R7<91hr<97Fg<8}{% zPFGHFz)Z zHsF)N+k&qK{}B8rcsuZ$;20kn+5^^4CW!9_i0EGM>G^lK20#|y`$*x%v#i;l+y?`K2Z??CzW zW3Qh2!SP!LD9>1k$L-?v0k3a(Jqd<9;~-B@a6I2fgX48B;~V|yqK<-~ff502$&503pWUZ1g? zSkKtcehGOdLpiZMPXT`b@pxQf_}H(s5I+s_;JAG{cm{}{1&;Bv!SVWl?GXDltcQ+} zAKT$TaBPQIZ@9l}ARdn+_EQ+|tDnOD1A>HQ*^Ael0lW!T5|2kJk;XpLLK2`?dAp*uQK5$N83x z;8@QXpC8KeHNjGZ-b8GsGX1>&zD`` zrJx?Z0j~~@`LX@)hIkyO?E&u(d76Mv0LS^jDd2cNJ0BeHXIFsZ_z>H}x3FFG@4&IW zVY@8@`S(IR=J_5x1H|tG$MO7raBM#ZeE1PSal6gH ze}wH~IZuLP`@!=)E#&dlKc0p>nExkm%!B)d$Ndb% zf3ci+pNq$<6vSgY!R=mv{CM5_JL81#Do->mr#sBO=#@ zd4cN((DAuBIzBf<@1Wap=P}Uxf#bTDk>H1&a@stG?XR21tq1dL5RdC~u>NmA{a}5% z>u2oC^1H{q0(e>taNX7-x`g>}`pECDBeE~dUj{s_2Dte@0>}KfAV0=qd($+2Zl2pt zyzM9ExdVCZ=WaZ<&%cxB7aw`BoPQ_Jum3R5T_5{(5Ayt-?cRrYtOq==F^{k9K7c%b zC;lPCN6}x1;e5BbZkJ+#M|Td+fFA_nlh>OhkeEDhmq2pxs7{`Xkp=Aj(cNw|_u%VS z5&iDEyWNVqK;G`l%&**+U$TDLJWgKmV9I0Oj{Lia0wc&RejNE~eL%FF{9$R??q>2} zoxt8sJ|K#mWXH)Tc9J~z$aBtAkRSWm{vOc}Uc60yeUZc`Bd;?LhXVzgliw~Y(1!d*EZJZEwUGRYQcB=(iZ2#h%K16D?uI+Tc zteneqAX$Zc)EJ2iB0r?(OIz}1S0sKE`LOa*PIoP(`(@j0uM-jr$vf#l-qyEUeAgE8 z`?k*9eCd42e}M8-cqQ@nT+-qvJdk)B3z_drDjr*}Y39Yg6;DgvPd{jqle|POi7!BY zTyHEYlUsak^1G9z{B6m<9w6R@JW>?d?q}qG43YR5caF{!{W6zlqNvw>E#%qsy#Ait@*E+bbx6v2i`?QL zkmsu`+l{IHq}4--dg2MlOSKfwLB9Qxcz*Kd*~Kf9pV5UIwaJG)lJfT^x4-W=h&)C# zX%BPAC-0Fwi^(%+|G1gl;%z;S)x&fhIGptnf0aD84$S``xBQWH0A%@>C6jVyCAauI zN~n@pDc?Z_>@8+p~~5}+y-a*^j9rDh<$#$QT$JOg_gy`~ftG7G3>xgx+~OyaZ_xq!a`NN*WdGNZ=ZPWp_C5J` z5oNna$aBRPze)a+j>qnkHyyMmmS+rk@>h~)HTg%{-cFD|o+I`0fc#h$@n_`4 z^hPbdPCUBR?bfHoCnx_!$5;8tW9oRd82R;IrTn$XExr-?tYs44h5VfM`@PA3{8IL7 z3c1D4A+M|xep|>bem8jpeGq+#+~RMNZ=EOQi4se`TYWzNME)I{eAG(W-yGx?pPxL3 z&d)R=xA^AdZFGWa2)V_NCeNk|qL+|c{A%+0+ok-+$SwX1`S>_e4^PO0s*3w*KVbFN z_?UPy@{hii?WQB|t>fns(%Pb;uDbnGEw65kQdPfTt&#YWs-UhAh-BdzxA;@!-{|=86?wH6vfZc& zL$~vLI&YJYJlb%HD@H!;sdzBC-)!;rL zex!l;GxB5yWxrDD{feD;7N3#4t&ZF6{)XdgQ~b0WlD|8-mNck6& zkI?JY_v99TgnVRb$^V4h;{9}-Zu`}1p=>ujxy5HE?>|!Zw+i`cz3-?)KDd^|_aGmn z3vl|8H`H<9404N~PagGvyr1 z$pZt$QhUbwh;Uh=X!k5_@btzMt2lh3FmdHR#z({bHsax3Rlax3Qo@^;l_ zzihpO)x*}$WxKm5-pcts`R)>u$KEGrdG=ivkE{z}&5P;vCqB8AKQ+0PKRfy6$dW%V zdAZzD{tDz){_5llv>y7CkJ9Vrc=EgbCI1ZaQ<=pVkbl=se6zg)oe43OJKZ@Mui#{ViqR;mi zlhzJ42TjGlBrox;bVbTpfc$b+i7%<&E&uiQ;#J9QopU4dKeRrZ zlk4rZUvF|-=Q*0();UijxBPR-Z|gdWZRA<>`m&!qSAvM19Xm!IbDh-B9dcXG@Q8d< z63G)ao79ul+XS7rj6)uz9c_AY8-Kn-ZtIzglh4d9<*Z0<_an8*f7>PT&B$$CWqa}m z+J1VI+i@92etfR%|3vbb+MmuKuRmYnH%su3m=Ky({da_>^$!&eh&*TMCOZ+Qx zTOSoAd+6i%MCV&Fli$$eUWGjVZOLDge2vaW)g$k$-kN;ib16p;@?*&*{{-@LJ0*Sr zd9Lpzekplu9j~t@PZU}5Y$J~|RPyX6e=tJ)BzXp%Z@EgIT(9T%$%$51v(aU{XUT8reE4JX`%@+U z1$oo$;&11a?{*xwd@c2pjJ)p+iAzgfsFB1MAkVL#<9L_+Mlw0Rb;vD$WAbx4KirMn z`q_`ktG|@;tR$}+Pkbx+&6%=a`^h8462Cy+cD&@dL%t!h?AKHBqa!3wgk197>Uq%? z$&;Mi;?tAg{#N4OCAWGgOaAlUw{T z@@aJ?|2=Yh&i;fvgU(~b)%zPe?lvw>Pj2J1?Br2m$#%<-+jz1%x#g)(UcR90Z%^`@ z#l@$PFVYu_t|Yhh@LR}j9s6$bo#mwbXUT0n{7rJpbD#W0dC3!9&tt34ptMr{c;p9l zejppU#pfmW*L6V^$!$G+O>%oq(}vvE!*?d{*-FYeg51`_k0)=e*TW^`wjO>p`Nleu z|9f&dEyn2?^X|X zUz~y5^5h^t-d46-f!yM2knedQ+iOE^@tw&_>O8||E1{s>0>~{-EAl2f&Kp2( z@x#fR>*vMhkz4#y@;N&HvzOfB50fW)B=z!u+~S{+7pyMvDT{@!Pm9k;ZtH!^kXw8u z@|z{3o?DYwttQ@y{OwWVBgpN(W*qrjK~nDJ+uIKhf)aA#%HKDnY)Zl9az5 zxy3gnPaxrbJ;?1os~`E|&*T>-liPjPZ1QghN&I?pyU*H2zB#+Z|4454S?9^u^p^Ja z8+pk65&7t=l0Wf#^4*S0$o&!dO`W$XL~fr8EO{5|s7y51?8UjMA#>~q0!$=9cma%LsB_&nrWPD=SJklW{3YLKs-CGoAvExr@^ z0v*o`C%4bBjw4_7Ldw5{+~QZ0U+XFH`^fF{cSp&;pDyLUPHy+nzmNx9ko<8<$?sYH zTYM7oIg=&6D7nR#CeNzRp@PUQ{zLM2^z&;I$n8FQI{8!%dm&onD z`zHD9R1y8$uZX2R-$LH=VE5fI$R{k2`bkY5d9?g~X7aPcCB7Vao%bca3i+K#Ql4P) zp?ckKPkt+&#E&Asq0a?ABQKR9f@j0)$vf!hjJC1wmiUw8UG(|F1@am?UizK9ysj60 zMP5grL>Dq^CkXwa*KaS{{AtEPg_>DZ|D1XJ&&@IPuKnO zC%5>jpAafNo2^4jNZ$GnsfVoO7H{)&mZ$kolD`7Q+kH)S^16v6e|vIUht`dJ z@E4MQEcuL$l4lmV&3h~*w{>D`$UCHyJp0IPe&8&*-S6KdxBU0X<7+#Nt>=@~o2^4j zL2m2NGLSFSd9&i=HXbfV{?>WfulnS+4lRJZN;awIF66eZtUtN6!x7}uw7-}|ZtZ6Q z`Okx;oEyn4emi;d?dxwW?o_+auc zw@P`sl3SjS$y1hiQLzqc!^|OHdlecBN8_BJHc91tbA@Rq_ZJqO3^35A0{vNr- zKOyg;M=@)>#` zH-tPmvE-RcKJSV667s$6WWV;4+w+douARCA;}hsmRT zCwWeh?+zA!NpA5`bbiI^v;0hn&q;3cl?BKbCzSFuBDeVFWJ7NuK@W7JrO9O|ay@LvHbp$YTXbynUY4>doR4>2q51vA;@r@{?QqyX1%U z{Y!PpE&c=Y%KG_>kI5~5Fu6{*_$?&2_~qm$Kb8GGL~ijX$-ma~?lJjot;aver)-z} ziEBtbS-si)X=?IE(ldk%Y(+@7D_ClB5%<&0i4biLVg*d*kZCk=VP+mfd+c~Dx(Tax^p!V+Jf z+~NbsPi&F+p5*qNu0MJ3M2Vk5Zu3YB$?bXQa`KJ6rTn(O-rAMT{~Vlf)joh9W z{6bz=pEpIRCBJ9+o41zo$0k2HMLaXP#pfnZcu(?HCb#DuwaLFoF7chnExs3d%==QF zN#qtki#*mJl7ADq#qT1I+gPa?N*S@MW5GvOg{S;DgS5W z)-TK;AFj{KY<;@zuYLY*2gSF1CgnLtZt>U1r)&L2)OkM3Z_h_!kbkG+ge>G1{|6UdUNe{6;+K%;)c8H*C-pu5 zm&xaSCENX(e6!ZW9rE0|e(XN^jDnKqH}Zs+rTsi7KQcz*1}L+X%!-bnVhG5MrZlBhX( zCjH!Q8}gB>Bu^*udtD_@Px2MX#ru)B3Kai@+<(9LDDsqA{_*7J_e*)Ek&h@XdFGQ} z7%je>{K_oxZR8Wmi+@Lc_oDa-@?w$1&yk;cPs-`1>np9jS$s6|U++qMBl60_B!6pi z`#kIb@~!hFegwI_H)#U7y=QMG`Oo^ieigYrH{3v8DXx@%Ke@#pC7+@7e4E_*>j&hQ z^n8q~^N3cT_M9;ZdDlx)o_ypnSBjS+x9fRTa(nJvm;Bguspt0O_I#v2x!sS9Cb#?( z$*<`;lhx$*Tzeb2J=gx0yzMtq&I{yrU-L8h_6bry&&ch$c0@fdt^Qy2k^G6sZN54^ zxjpZG$A=duzgbW6mm|OTOuQa>)b3LL?&Qh!bCi9_0}n`^>Ew0vx-^eGcVo$K>&vVj zY`e!O-o{Jk$g}Q~?cO3Usn1t_Cy%UucOa5(-?sZzR>>2OymWIZXKHfGpNTxEkHi-t zxA>Cei*rhReez=y#ha4%E+F2MyqJ!Q`jID0Ch=3r?L1vT{zRWsZ1v&0$s5j)dOJyO zdCrq(j3?#!jojk@Ag}#)M9(iIY9ha9$IIeVl2_69$rm8E_;<-aJ1cn`lK-IN&kx97 z==$0&z5^XyUN*|c5GBe(daoId_uVb@CXwJx4x6zTjiY^ML%QUf-UP zr|mECu|JUSR{s{CnEbh}yU0y$@rB51-<0-Kjojkvkym;k<>*Ro@gI{v`C8&9l3V;t z@}Lb8{}s8#Zz12V?ejFb#a|*Htncf4N#4DT)I$`Vr?+}u6hYd5YI1u%o|F8?R+6Ux zdD_#mUp2^M7m)Y{S-r{oW|HzxCAa&mIpovyIr3)m_&N`8n7n>s+28Zzhmwe2BX9J+ z_zQB2x6g@Md)ut>$?f@ovpeo{0h|BKMn3kq5Al!tLrtao-IBpd8_;qUx++IH1T5OKk9vSEpj_9f#fN5 zJl2)m)|Y-vUTuro$(+j`U&rqpZuUH^)1<7qa>U-ozmPvd)a$Aqul)SW#TY8e)czYyRZxY&BjWaPObOZjt=+j`4_bK;N_58g-Zui%}k=uIIm*nv}N_o<@ zmG4$>HgAxd+}5KOB2ThTe!mI1tw(J^UV4P=?ATOOFqGtoYklXsw$K-?jBtFH5q3g}!Gmw|rCUF(XZGCA?@+Ln^`FoOEe1GzY zktF{@a$DcHocx>X62FVw;`fpNm_XuhkX!sc@;o{(8oizTUJU1(+hi?19(lc95|^Fa z;`5Qm)92ka$SuAB`JOMNKD&@xd~fnC6{I{<$u0hK@{waD|1NTi-$(vYREfVsZt;)E zr%#gd#BVR(tv+o%YI5>h^Cf?Na=X8NmptQI$=iV3)}uCK&m!@?$Zei&0C_t7_f&F= z|D1esS}Fey@|=&wFOvVE^EOY&Z9Qs~4x#JK){(|0Pp9irGLzeS)B@y|r#Si3g|fXm zkt`Q&co7T<@w;5Mm;iR88(btd_T`hJzK$ZfuN7rD)^?jt|bN6LSh+@9Os zB2Sl3;v;H5W9`<~qsAZ)j3)6J$ZdUT4)XH7q#nwWTYP2mb;~8bHMy_q-~EGf?z za*Llt-f5)dUqf#3o5<@IlK7M47Jq@fg1-MeLMJJg)u+WrCy#hT;%t7%;%z!mglKNht+2odg4Y{p1-b`-u?Yqfsz41YETW|a$xjl!yMt&fN?AJr`HadUw zoV@ybvcIvr$?w_mviQX0vyMqzZgQJ9dzakulqH|AQt~t=xBI^Ko8KG|`x z_*CQ%M@oEAa$BEVntZ@^iElt|@y*C1YkVJaThBa=e2E^H#pJeLeIu#B~XsfQQj2XuZprOr=Sy>-bcn|({rp+UZQdXc`N7BX`xVIT{rq*w z?fv{8kY8ITVn@4W*5=+TH)AjcI$j_~p{FljX{^2gU%^Unq z{_`ox6Q_6RdbW9hB;?TxO8h(I_I}{P<=6j(^6I z+xvm1kngS~`?-?b<}o&qFUTh4IYe&r7-z|C9^)!`F8!R{3v!#sh@|tE*3MV>$#zqc z+dM`_@{{k&e!WL-?-BJUfB#*HZ%%H{v$~O6o<8LDb=}T1a*Ll!uG8dx-;mpLgu~>P z=M;I{rBXl7$Sppi&Kp^McDN<+Dacnel6uHMzO28Xx#Tu~vV?r!Nh#-6a+}}SLw?L3Nsg&m$ zxyAoN{_>9GkI^r5ecJtF0&=?_Oi6C{gE`2zZk4ayiGn!KcD+n|IqdSNY{18 zBp-BJ;%brqI#WD=ysyrGwj}>zlf?HXx4$1cki4pX?rA!?<)2F)JXi8>BDZ?mNj~W( ziGNJqahmvB1LV7%@Af&nc;vswm$)?K7N3hegVujB@{NTgPigWrJknLO{)2%aAVkz0IQ@(*>qJ&4@S#}VX3^zWh1 zBe(mt@5mGAJl;>_JC;iMFOh$IBZB7#kH{_lIk|maD8V4fXZ3IK$;mr^AaVK0E#B7e zSe_z>CBC+g_(tTvuaxrlB#)X>^7JErq|X(`lUw{$@|iCr&oc7WX=JywzaSsiPvYa~^AoGjorR@5NyyjgymxkTi_b^?t$u#F61m0K zBCioe%F~YAuD9LDhwHk~apacY{@$AHSMQp#U#lp7oBsXfjpP-3OL>lv+i^TYUQO>W z?vSVJEP0-iTYL5!BIUAjwy!4f3CJxzIeGVI5}%LU;){}}Y%cM&$SuAhdA`LG--X=b zKO#?}*N4gE)(&TpfAB)`uOhej4djh=o@yU?R9!D|lH88hC2~9O?y>8-{TQEwJ}y?C zc;pd(k+_WH7N3Ls%re>E66CeD->go4evRa>N51cgcpGwy??j$4k8F1^xt%W~$@6BC z{Ikg|ej#}z-LGBb7XLl@f-F*=%j9;x-y|R0P~syGm2%nnV)@@D5AG)M8OiN@&q-fvsb2okOVl48-8DzgQ zliP90P5!oCPb!mJd~Nc}PbGgRa(lkhi#(y$^Eh%FZ_gsP=Q|6@Cy$eQ*h8K}?+eb6 zA3HAPyi2}Y%kw+=@HUb^j^2M;JzIPd@(xWUe;)GeNyLkgM~NxC+X^D&UT=?ux=k=){klCOCw`9CAK&wI`xxAwe@+@6PS zAh*wZ?j+w^M#_1f+}3H_B0q6i${B4`==yw+PdqbuyvE|i$ZcM$9C_9;lD8JQ)mt0# z{3#^9C%LV^97;Z}wZwl)zF6m%=8;?cQu0cNWxu{5Z=%l;j*xfKe(N-OnoCli`{Z^U zUy<8&FY0Ldy%^57=uT12=>1U|a%(5K$nCmUkbI}!?^GqX=h1b^cO;N{XiskO-O2N7 z`~-4)9zC7Bj?T}oA-DKV!e|JMX?H zU*1OYpCq^VU&+Vn{Lgc8o9B$E^Xpd68P7=m#N;-Qnu^?SqLjZ7x#fS4JXUwfUyt1S zmk-F>e<|_f$uE2^+nqyh^{|}0+z^T1NpAD@KaktJ{TXtbhrdF8`-qhD1-ZpX8Y@4y zdY&^#%9D!R>LC;P_*fEOn%v?mlF#WQ@xkOaPH0bF@|?tfLVhTo_!#nYy6){b`2#KI zWpX<%_sDZ?lKd~pEk4n>(Dk-X*X`saxAz_tAitx}Q%aNDI>Soj_WAlcdXx?-vsPfZXDvj}Kj+y)VeWlaO0{ z5%P-lB!7AGdU`)zl{`vQiLXU&e;2P6`KWmk-<{mbGn#yjjt{4kTl{A7x3zxul289x z>fsQ1Ms1g8$uD)4a$Y01{d!5hzqI6!J|T4d-;FN+&P<-Oj(B16+x2C;{^Yj5P1tpw zu`T;d$v=?%*d)n6mfXfOGs*3}f(yvAd?op}klXsMAINRJ#~E_Ve}(*>-f#GQCfl*= zs=c=`7P-B*FcEq3^78w+$!*<8A@Z3TUy zMQ-mKTu45*upGx-Y-^YLTym3rJKklXn(gWS%SRpeKaOFe8PAEWohd&uoQY(M-z z-tGlH=lcI2|CPiNnus}%(8_7flW5L!o>L~L4P(wTqlq%2R;VR3IkX%yDdvzvcV!&w6-#+W+^zegEJ8f47@muKW9OJ>ReQ>wSJ-?_C$UeO~kl za@&7hBVSxj`sW7uz!#-GMN{tXfBRgshsjUq_1HS(NhPFC2zm1W@!sUOi^=#R$!DsM zBDdvj0=cc%uaj>%E#rNQJSI@ayPVwWe@JfiH<8A9>GRlK+a_=GSR*n_u6N+x)usZ5faCbB%LSzYzI;J&vkIUb>Uy zYmrawDRrBWTRU5kTRTUPU*9El;>epc7N10JbzUdG{+Ztiq|JUSwXHpG$BupllJr? zxAkQJdFE46|5@_alcdfR@@q#WKa1S9+w;h6yS;?mw%hB;3w4tETgeNr7vD#2N@qATs8*eRg8*d|W8*c~lH}(9k z7kSw-vYZScuT)CrZyb4d-L6g~|Kq0Q=aT39NcwXnc^SPf9o?>r{8hr|NNRm3Qv$ z|ML6gc^&c>n@jzs>iDP1qb+Zj_4;!u@>lfz@#^GNhDiOo(O#@Tb|R&ZGGHM zZtKwj@-CNUy1ph~rQ4TlmFa>XUOfof*5kUuOOEE z_AP1OY;wDwVIKL{T_wMs-0mybMjlmF+IfQ9?pruZUVM(!zfErUx8z?Y!>vC(TE85* zUB|0Re&@8jzCL;6An_LDwjOmQxAmeo`Okx;&M0!rk0UZtbZ?ZtbZ{ZtZDCZtV#ppQP89dXn35aum58Cyyexc1|R>04ReHj`U^2l=$8C4Yk4&g0IIw|GnD*Kg#uUCpn@5jKDAJnI4S zlqoXaAadKzHz2p;&lcoXza4q)C#3!may$MUM{ehF&yhdcS?Vkzx8vSbKq}r^SH0cU*9D8+vH;=NdMQ?_YbX~?fj@Ad1yJwwc^AY`OzfuM`L8Vrjy(G(Mq=*(`aUBe(VUWpZ18=aO6fh2*F7?;W;~+xq({xvjs4$&ZiF{wKHf_YZPg zfAhV6cmJP1B+moMZT)?ey#7|ncP6izCH>!r-1aX+$!-5Kj@pep&tj^5@FS z^j0Ca^`$zwr=jFqk=y#xmE4x+2=eeP(!TNJw!TawxAo<9a;ra|e6U_$+CXmWO9r{E zFZ;=dek0TSJ-Mwfx5#aMxkLW?+ft{j-p5_YJNfSKCTxAFOg_E6{)WVU+x9+2le`VD!F|>?@IEPdf&wkavSe;@@uChcENZr3wEBDeK)7rCu>pOf4AVt+qs^K0u#8Sf>^+ws6{^2DEHy6#^i zk570K=R;W6@=$@2O}X`>Gk>|nWb{!^!{Ma4Ihm+fNnBL@e9VUjnbDY$fKyK^N z402m9W|OBJlsfN{TYeS!vd*&n?;GwP zC+z*HKyK?rHS*m1e|oi`JjE9{G_!t@i^}CAamcCVB8{QolX9tw-I+A3rMjG32%$ zJxd-mU-GY$+j^8jZtKxX@}_=LXCt|tFJzG0`NCmxJ735mxATRIx^Y+X zW(%ZF1o`RTWV~a@EkA)gZiM7#liTO-%_U!5TgJPZ-16(mTjWYUi~N+nA9t3#ewgI1 zlQ-AvV1JPRQbqFl^g6Efe>c6}@*ug@sX%^jqSUEIUjDlDPd#$moW?P3`qRii=_KucmHfq`;%|{#{Zw+Rzma@Ph=|B1YfuGhE7zuh72`Gb6BX{qC< z=jFDXJQFC>Rf4>co|grZ`|01^)F6LY?*|JZ&+RAe2_tW+e-{=(-fNq*b2xdCW8xFY zU(xfy7s=QA$#f-?+u!e}lP}WGd)Y?*u&$5$$bVWR({+NptsXC4AkRE1`5f|P`uTx( z$T#Wx?}fI?bld#uq<;@sioCVnUtNWKR0nx|9r6Rei8mvkcSgJec`co;2=d>hn?2Fw z51*AfapdD4kbam#KJ{7gS>&0z9xWj6en#@|k?+v^w>OX{Yd>d@uUH}N{G9yF5UGEP z{L|s$m&tFm5&xBZ>?!ekbh)X|7ow?*wW=lIW z$e;K`{2TJsdfomO`Pvl87u#|7^yX%Z*C1c7^QA5MYQ29ck^GOMvLT*Lo~`TS+vKO7 zly#%l6TeR{#Wt{b^i=`olRE( z?f+o%BI;eqYv}#kapW)Qay5s1lI~|$k!S1YlOH1gT941Kk(bu>qVO({@5kDIvZFk& zN&fP0vOKgVzohS*bRr+|nbe6Qe@2ggV)F3BJpAQ6{2lVWSMKqR_`N)QM;`uZ9{w%) z0X^Tpn1|oa!|&Dou=TUmDN7!lD*aYD4}T&LZ=Q$uCVxV&Lq_J|&*$OO^YC}c3zwGm ze?ord>^;5#XUH@4ebDlI$B=PkuoCNAlE#)@Hq`eEUMF|2X*_J&tNf z{+~yrP7Ct4^gg}Lc2?HTf|Q>D%j@~8FuJ&rs;|4!-!^6C|&{jai@7oX2wM|>&y zWBsH(YsgD%k^DCDo`K@~$eVp6{v~Xg(n|H`-R**V{_Uohf;ePKZU(n^G6nXz5 zGGD5Y2hEap)+N96r_}9CUZ9WUBgy@AJ2RHN%t6V|CjU+MzYECgx0CU%Apd%!)LBQ~ zu7LO_pNErMotMb_>3sup$Pek~{ca;~S5c<(BzfEs@pF0jujJucr;y&CV*S=r zJ&^nv^@ij{&dPXSAV06?r}N0adP(x@$d^AQ{r@@nZwEqcO+7D@7r9sRE6HEc^Wy#F!Mc2&A@8Q!vA@WRSCV#? z)$^)C-qE@3Nzbpv8z39A9hT{^eyH%E|F~Z2#FF>! zDL$EeyDDNMN-#3&)DYILj|SIOvRcy3 zs{73%x?QyKKCH)wwaE)Llkv78|FW%kfAXcTiH{(ESC1cFAg`f5mwb=DPqdaiTCbb$ zCNHJiy;J1R?UsJHNAL5p=^d!&gGI>4>3-)C@}k#ex}GBc@P>E?@-OC#chU1d8*iL0 zZ+*xs&64~m@*{fvY8-h?f0?d{L&8qy(Pb$eAyZC-Q+8~h#w?Bd{X>G9)5=WqF!hCjr=n` zFZh#usjk;0zmV}*|J2v_)60_|DJ$FO2IN`I|k&Z;@}(>mK*&^=#|^FLZz8PoAUO+sfqob$ec$e8eqj ze{=Ho;o|mp12*1=ACh+Vq5SSd$&VuMy;}0mk=uS}8u>iE4zrNl^2^9yTrA_=PHy?V zY&$W%=(YUucQc|C8ME1&+&bt5aU{70E6CD0!^5CzRasVdUNQI4X+V^25l7 z9FzWkncVWPlebTld>Xms)5!c z{V{p_Lz2%TzpeYnZ1Q2RN&D}R|EAYZ?$h`AZFxSf*C8vDzpKX&kCXT8EcM%x+wnse z@_Hqu{Ugaw?i7zFKf6cjzd=4t&mR|%XOEWrCi0(eitiw=Sx?4$oV{vBA>3;=R?V>Et5K7i${`|?I|8Z-csj#BKdG#Pm{wTE1uZvq887+PO_7}k5{9}AG{-VhLLYLC*z$)Zhs&8DtUoUQfDQ(<=2w`(oyn<$t{13ynw&#uzx1E z{C~)A==QV1w|Dpdb05lhL&?kiE*?gn^ssm|`5!Z+?kINszLHnTt(|koE9mxQExF}4 zljrLG>lnG^Pm|Bmo|DxNU4&-${kbWCaK2Q69IeD)i zWW4*xv-CLg2zkRElFuP;s>^dO`Pb#8J!Q_`J-rv~yo`K_ULSah-12S7Q*?hinB4Ls z$$!`PM_wbh{Cx6TI$ySsTRww4P>=sFlULXKD}Ev$tk)lkW#8RDXD-U~(&Xc(h&Lp+ zd^7U14W3-OkJ*4=XMCx5+my7GF&RhNg@{U2$p2x@+)RouQA^%9vyE~IFY$bJ`Cf__*>Wm|g$S?UxBeZCg&#$HA0K12R(isUDd_tE?dnv~AwL&OgTCW3i%ENn-zo+N#!^o}9 zSn^6;rGH)_Uw%XUEpofg@DBME-Og_(x9e+r$x}8+{d45@IUC=TM_rSAfs68J{bu>1 z$@m)}NKu%XojwBmWoqU$dk=0pH1^)v@}4Eli`?e#JLGm9 zY$bUCJ?`8~Zl9C$CAobr%_;KVJ4pZhMZUY5c&W>G_p`mPSCQOro8%jj*V5yVr^sJ8 zF8N;MDa*tMkk``V*k{QtKZX3o;!7o;)v3p0;1=)FF?(BHoyM@iD2>mAtT?cl0LDjgvZK$%j8DbtaNe|BvM7kv~vQ zd@=bB&3{B5s_W?|iub1)s|A3}b%jreHtqoc%MC4VPGd=7btUdLEL zZr?|>o_v*_Pi2s2ej)XbkPjOw(|ejcZnosFl3&vP$tB-*Lh|?Pab+QI+55ee{DRak zOMWN6_~Ya?b^p?syq~T|Pmv$d`_?*>uXs+{6G{F~3Gui*d;7CB`5~RZHOU9+ zeM(Kpt$s`L3#rnMUgX{GmGKTBFEK#;1#;W2&LBS)BK6miZ_?>Hn1_E(KDdF5_cHmc zq2f2mt^OVII)!D&P)zrq*8f{|`7BM|<6~)m2)WJQQ1Y+dkbES0HC^6f$RBw{@-xWo zdg*NPkX16htH~$V7vDf$Os{M0BOhNy@@Mn#3*;Riko;|OtK<1mro;L(Dp{TfkXt^G zeB6^#zZbbJR|Cj@)$0*So?n92au2YLHef#x$Up(lMh`j^*fQ<{<ow%Pf0O)va@$`YCI3$UKI;Ox?SFqJxBah2mkaBE+s{5oZu{8^ z0* zX7VpCiXSJhK3wYmn1|mWFRRBn5Bw~zv-Vh>;^f73dmBW4QjZ&JlOLKW?d(i$+l{Bm zJ10qg61il0~DPjcIC^dq0F?-#_9+jb*?ytN+JC6n8B zBZa)`RGHp%a@%ffA%9$tmyVI!asD^t1t-h&{zz`yncvB6J5%r%d7aG{JI*gbZrh(q z&g@Kn zLXY=GlJC*|S3LQ%dR+Pnx%I;v&M$fM?*4y5uOn3^@2_z)ep4lX zlDzyR@vFJ=Xv@#eCi46i`7bx5zTbcD&X-y#{s?)7zP=gxGTl!0AaAok>W=^Y?)vBa zrT$d%6OV{5BJZvH3rM$F>lUBOjs1CyC^j2TDFk-96JoY2So>K>1F4WqLP4UQda915ShMB|xA5LUpX2 zetI13#;ccXefc1D>u3AEfJWq2CkEs!Y@p9B6K1>u-bnMaZ90x4gBp+q~!lYHksc~KVBISq9@1^?-{Z@^2bbN!Z(KLz!5S zM0xAaljJrZza!6`CB+K+{WHD#r%t{BkErwXhCu!}w5LlR`AEor4f#aMTl+Uc{utyx zqr6R5Hsrs8{BL>W{qFx~dcTBxMRl8ATb?^X{tL)Yp!}71sXK*yvwpAQ>*O7D`|=L? z$NIkfR`Qd&ubFvNW6Oko zi>7=)CmA@J{1e?+&Vf2dq0R=%Tb)nHt$zRa-rH+%^dh{K+tw+C-H`R?z{-V+k*3PZ^ertfb8@dbH zS)20K&Jc2IXLEAfjDoeh+dl6i&#&)m zpMp9&q0Y~gx8<{--d|(=Z2jg>Zv9Y>-1?y|xqbgp6Y}lVWWIJ(ch7b}J4aGJMz57Aoe>b_c{|LFY|021y{|9nwe}27=;@ZC*+EZ2C`m?h~rnd*=KZgAHJn~B* zua^vbui8m@+x{OQx9$Hea+~k@i%Gkzov}J!3ah)JTcMr7;9J1kQk@C`GBBLH{UsS+ zZ*u#d+=1i;biW@*{{8(@f2O*tx*6KDl=3#c`ysyx@@MkM->28rT>XzA{}lK}@M+*1 zz!#`nKilV|EG4>|5O#PtJ~$TmDb-p!;Ox1@!(_*Z%d;p0?n6$-_6azq+;4>d(x> zH;~8adipWcPlxf|r}tsG_N)ajr_ST83HddU?+5-N`15(xSqAwJAb$y5Z*lMqy+d_u zds5(G*K&`?+G+cd2gz+aQ-R#JGd0O=fAJ*w$=1HndBWA**xwiO{T@nrYiBIEwR0l5 z?eC_MTl?pbTl<%iTl?3O+y3q|b=Uq?(Ejt3x8jY zR{vA-jru;$5pv6)ARiea?Yls}RiED^zm`vqdkd8MXS!BEJIkwEJ8gbdBe(g|fZXOw zH*%YEypg$@FKcyJyRxA1+hg>fDC>GRPMXkb2f{ zmVaE`4P6TP4wSe3ax%HqSwh}PFK)dD_1}g1mnd&_?$P_^tev}ZrQP?dyJx9Tr!n|D z;Neuq>Q9CI63A}=Ukv^W_#*H^`u?!B)9P1LckNsV`G$GqpNIV0ke{1Jeih^wKt3an z{5i;{K)y&>=~wsrE%27=JY8MMFCCHB_l7$2q0Woo^T0m=p9}s6)wljEsrTJmdk*RT zyMnrF#hXxP2<5HLYvg^7O8e(SojFkF68Ib7cc_jXpA;xB^{kz{ljKDYl3RPakiYSm zygrhA>2#?xQ{APKp*;sFZ}l&dpC2mquS1>Jp-#C9GTi-s4ZNPZO_$Y=fc$L8kI5sy zmVBWe3?7F%da2P@t!%}A+A|aC*HyRn*nYeTx$PHPk=uT}6S?g#`jOlIVidXU$Db#+ z{dkJHn~GPV{c9<2=cil9?fX)9k=t?p7vy%Fe^uR$_Z1lLJ%Q4n)^9c+gUP4sMYwkA z?p3-d`>GA2yj{;pAh-G-K%JMNJ=x$df&WHzZ2o#G-Q9khzYmeye5_1v^RX_u&Bxy4 z*8X_%^xD#n$?ERe3}}BExURasp*yLLweu*sweu{wweu%(Tiyy+mUg+{FG71df=>e< zq|VEO-M8rKOojYH%73$8#U=|a>*rf}c(F%hJl4)Zq4K=6x_dSS z>UW{M)$d1sV6fDQhC2GEIKFDHfIkoQ&rqG1G^ul$+{T+jZpV$c$?dqYR28Xb(`)PX zW9n|`WN1$)Mn@C5J`RL9!04f4-I{);^F z*YofKdY#GU%j$=uSW$I1y%V5*Gw|`?J*keh)2?G#ee;Qwx9g=d$@i_0`SB)J2k$<1u?xWa3-d|@z2Goy* z_WVeBo8H^xo}q)|D7&RlOaC>+VdvmZMt8q$uH zfFckNSm?TLo=T%!DnJ~A-B_N&VehJ0Cdn_g>Ab#iM@6LM=$2XZ?O z9IWoftBZnf?2{;O{gVp$fzZy)dE^g6J__;|^2p~xJ`(Z|)^siW=lZaVix8t$*)m?k~!+3X5-lpp~TbNfd}EYf zA5z|qlQ)rDdv=oBaq?kuJ5K&p-HrEY81DnYPX1Y6Y`a&U+_on*$ZdPlQQcMR>8mKe z22tMH{~Y9dKz=jjtsgSTtxbjy)(I>~^G4&Z`-ty|!4_3c9 zjU*W!gRetd8_{x`DOjP;CG--2dJ|jygm3Cs$=y_Huz`$wu5|4b?YC? zH-mf_QK0uxOr#9qULB0*;?YO85xg8fpkXt{*kXt{zOm5S=oxDt7K3}UYsk^Cb3GKW? zd8<>o(Lepr0`iU3xgUB^-nOC9lz;m)KMDC*%G>fVk=&MtY2>y%%ptesVYRwzXA>CjZpvFf ze4B?~BY#dWCjA2SpMd&h8%w{r-;KfRs&jv~g?tF)`{$7#1Nlafe~I$epRbc!f2NRI zf2NUJf9_Iu)722hn?-r+&mSP)0P^{tkpAI*sF;Tbk=y>IA^9USq;4~H_pCmQcO>Pl zo#V-^{)^b^(U-dEawBb@L2kO^_`URWZ-EX#ksiN+N)`5JJ zJo2r`ZGY5>-1bLLliPAKgxr>s8RXUvACh;!UmBZ5Zuv{(>)w^=FZkr${a|^2a+{A8 z$oJ_~wGmUHXR$&|PLoJDT^xtiRjcO$t??{4z{ z=yl!;@8`1QwmjD)UtC&V-<{mX+n3zhKb(BJ?wnsEw>oc;Tb&i; zxAFEQw{{L8xA9I^xA6|ti*0XG{wKY@`XS}(Ykn`~t^co5zG$TM&pl7w-4B*8 zO8$VpuUwIQuzt=!bMk6>QKTFB7p-M{aq2d`+q6A%$WN+&N_DKAN62ltI!%7y8yW9K zs9#IE!1wzhec#x&16Dtfyj6R7QINW;S`+F#O?j&`nEcQrY0pTgQv>R}LwT!{MsCx) ziQF?x>hFO1)uH}*aJPPK*6rYxBe;A^6vf# z-7Li(Qn&uer|oP=`Dahb>zh&jqF%flNqK9}cyepci{y>v-V$3*roJZA^#|1%sdXy0lHt}rMb#UsTb-yV$#tQ8ie9%ILV0V?ICkCN z&89l<>qWTboY(oij$P~QCO@Fx7yK1@?lo!u59&6(g>=06b$f5qYwh) zo%_81a`KBe2Y2h^X}!o7L3OPDD9TUJ{PaBX$>cU)R#BZmt&>4{8}HYY-=`NBuji4^ zCAaYwYa{(?{pqI{BZJhrKkJiQomS-by=Fbg+v;{>u)2-6yN-7vJdKmKiH{M>Kl$*tdNkz2n#MQ+P& zJ9Re}x7?=ba@!5^1-%19-9Yb8FYx=lZv7tv?(&J69}DjC2lVEhY2?-qZ-Toz=~^cR z+|{x9vRd6szWv=Ay{NpM@>c%`$|vjbfBrC6;h*=RY`rK(Zv9*tyrB1`iP~@d$k=t=pFu5HsH6^#>rS{}@ywr>Q?aI=Q!Q`KPEIxs};u7%})ZH`J zKN+FkU*4aKQ0Sico)FZHY+Y&of-ZuLv*Mbjpfw>n|$+W$kSP7A#_`aI`# z|M)7q)>%ky`^OK+ZU1;k-P*rYFS4GaytV%aa@)@Q26fz`9Hh&6-P3zqFXEO~=jp9V zZgm=v+jhP+xow|&s#`yo*Ne)-DR0}!=O|xS^D`-L+nL3be^>KsC~y169h5(+`Jg+22v){CSE(`9PUhSV=E>l7!q{ZSQi+aEPk zxBe-r7XR>RA1qlrNz9<9X!IliPgxgX+XS z>Xs&t=b^6DZ`z*~z}zk^(XD(V!>-V6%O;;qjwR0lX8Clhh z)%&-5l(#yI$gR!?tBmAFQr`M`BDwYRtKh!rmF9W&k!PrX2JZU7_Ft#LU7Z}w|4bgJ{csE1 z)v^6o!5;EL?w=~^Zm27fSz4yI3FU2i+p_C+cnG_0XX44fe_z@$S>49lL&y6*A4P$%iA4rmk-wbLr=?p z-1It+R4)aN%Ue@&>z_8{c73}C`3HLcN?&z1I^9J2I%qn$n=dcud|60!Y`iPkb-B%; zIzzP13C`>Cd?OF{^!lfNTt8IT<6b{?H`KK=Q0q6QytT6}`J&rWw+qzKU6HRJo~OLk zd5PTmc`o^9bEWqT+$8TUwg z9wCqZLA)OMBz=FOJGgK8l+k*IkSD9ZsP3w|>0Me_2CRg)YtJ|2 z)}CwR)}EW{)*e4!YdoHSzS02q+qEY|+Y?28L-Vu1E2_DNE#T$BFMzxH89MBDb(>$K z^!X$G?rzT`ntwvw^434?$gLmxQ5`Mgd4uw{{ePR>w*P75@9F!O=}=z}#eAbUM){5% zWz44`A7G8~J{IaP(`(aZ?I})f?WsgwRf|2Q?y8l7`kg4BnNP;o6Y_dU8}-+o2r?@v(wek<;M^w;|lto|jPh*IRO2Fr`es=KPT?Qug|QNG9? z8E*&jD(^_0?odZ}?Y;psDgUj$U!FpKUR`&qzVqMwGD=?^n@5gxSK;$O-)}h`!13CC zo~J7m^4M?T;5fe`!Eye^g5&a#2#(87GPu9~-#w)2|6MzA`Ai4L^&$ft*V9aJT;H?7 zal4TNj@ucJ_PKk&?Ug?`ZYKl5aeHg$TW&D!cS0eL`>Am7s@gX9po_V$S=GQ}A&=*| ziQsr1oeZv*N`2K*!SVjOba1`I?8|3>*M#(ctfZY3El`i7CZzz5xg;YGPu6Qj%A6%Qw^?yc^{0{X>`U4jv47y%oLh~q z22Tcm20RtK4|qCwU+@g@e&Ctl{lT-r2Y}~*M}o^qpzKeh!0o;p*FOWn1KmlK_s97l z-~Z%SF!*5bQ1EE*aPT4Ek>EqYW5Hv<6TydpCxZ_MPX!+Vo(?_|JOg|bcqaI0@NDog z;5p#2;2u2ya{W0L+#fs+JP>>wcrbW8cqsUI@Nn=6;E~|Zg2#d$1dzBbnsc=8Q`_&o4%@cH18;BSG)f~SBdf-eA127eno6?`FhI`|^+4DiL^ncz#n zv%%j1&jC*b_uMZ}TtB}H?hn2cJP>>tcrf^K@KEp-;Njr!fk%R`1djzz15X5B1)dE4 zK6onlYVdUM55P0PKLpPNUjv>Ez7{+OJRRJ3;_H3x`hOj`e<69|d_8y|_y+J`@QvW1 z;2(j9gKq+l1m6rE3%&(B5qv9nGWa&|RPc|%)4{icXMleKo(aAKJR5u`cn)|5xaR?R z;`(_PxIg%A@IdfA;KAT~!9&461rG<`2ObH&A3PTP0C*z!LGWboL*S|4pMj@?9|q3= z{~SCM{0Mk9_)+j2@Jw(|VR_>E{|j(`@Grpw!M_3z20sQK3jQ^CIQVh!NbnQjvEW(Y ziQp%}lfh4cr-FY2o(_H*JOlh&@J#SC;Mw43!E?Z~!97LfiR=G!;Qrv}!2`iBfCqzL z1P=xO4m=$E5_lx|W$;+=E8vOX--9QEUj*B4m6p3bKL@xYtC{V;N?A4y*4L4g?ZmBj>N z$p<|okU;*XdNTPE?SK^WiCRCE-0G*1Tm203-VX~LAU~#_Ngk~opG7`IJ)8Wn`W5o4 z>b@E79cJ@)cS#BQIq?3N57N9pxnF6?1(4TQ4<^si`u6^z)qhIshf?0^>z}#&-JbGV zKa%p*OG$fT$ZKi+SaPeMKyLMu$;*|K`YGh!si%?;3zWRQf9nRj^=q4Y2IbqAm;3?p zqZP$7$+NUh7WuSFlFuREr}cBm_h@}zFf9m8E_J`PE0nBgubKk0D=QMe?!aKdUE@hgX$+GI{69;wj|To>X$H zpGI!=Gsr)!EcFkNN9lBBlFw1kBHyN-L;lvIQa_jcJ9W>!GTi2Sz94z-M}Dt*Ao-AB z$p?|wt|J~y{!xAL5b^>I#KXzwYMlu3vRWsSyo%Pb`^s&)j;JS6-oLJlH;Mc~t)EQZ zS?i>bZ&ptyPt^Kb$ltFgqw+{A2Y%^0&1;_IGAh$J!H2d8;2nZuP^-i!_ql`2-+FtV6 zAvxd$E$n^FCD+3`kEeiy+yKjZ_*AJbuh;DsO`ME;Zx3kKIyBHxe@ za%+Dmcu}YyMsE3Va6J|Ay()rSPcJ-?;CgD|%g2!GZp{-5uBRNnd;+=U6Txkq?gdHY zx;gYDgWEiD`4sXY4!u9A;3b57zthO=@F5-iVaRVGuc5;-z^#wnpabMhHJ=HthyK1H zS>&}fpA8BVml5ylwvg*?%98=Eht9sS93a=-sV5WM zwgK)1S>(DK@nnPRp{K9@6>{4aPZqsWUeYgDUA+j&;r#l1lu0HkN9|*38 zu)ZMyG?gppU#d^orrBD+Bm2>zsny^l%cp*k!XyeZ^U$ZdL4!J9!ojr>s^mJa?D z?!COH73b|eP$pLQ(`CRfTHcSs<+;ZN^%=_p^ z9;(Cq!CONYKCXK1ZhaNCBtK?&rxZX|-+HpAtU$gMre;I<8R`4niwJ~ z@GffZVGFrlHuGeF+cwPQ50KlwJQLiusV<*I{Z#S)5xvw(!mEn zehYc14$AW!8$AxJPPtzDOklVH_5PS&agUFZZuwZc8Cb>Z&@`2%hSd4H0@M+y0Ur;vBkVX5GwA)iKW z>tj0j7|3rSx9v{`cr4@(kXt?zd@SU%$Zg(agU3Ps3b~zo=YWrcd@lKM8&+8U#;&1jvVxTRt3oBIF~;ZF!Ca ze-837*}yn@E0JTMsCYzI`|aGZy~qk zAp<-S@(0MRKQqCnLOzT9@8utS8sx8#Tm2mH7a^ZZZpRy*A`)`T|8&Uvk=yd=4{pc2 z?qvbwHh%-bUxNBUFZ{tKs0UKt6&zM~6j%zY6&n@>V)5 z7JMe;6Ugm&BN2QS1M*qqrL_Io;Bz2-yeJ)rVESKE!_D9-o`Ckt8{d9peucX8L!B;>&fZVR-1%kf^`5d<^+e9Tp3|8uAI`w!cdR{{Zqy z;*Dhw88#@C}g9CI9Faa z4+lR8`3Q3BpGfdSkdGm^5(uK83uD4od|;0{Jv@ zTffr5k3xP6x#cs!Ga-L~-13>=UqC*K+^!vGgMSJ6E9AC)%K`ri^10+yY?v+>ZuviE z=6&=de^`h4gMSVA0CL;k1%e-kd=RI_Bj+h3-V#)qjgv~_({k|kXw5q z!B0UxhTM)fV!^+Gd;+;0?aa}kbCAy>w|qAEdB|TO*QbAfUZY!{FF-yQ^3H47u;TI`m%nJ{ee@%@ z_V|N;2l)VUYma@-rK^7l@5DR_{@(JYDo<#8LkWV7FH((FA zc8M>K_Y0NqiTo;~6Ytt-%ZMBDB)A%sGZKUhtk zxb~C>uL*9)4sLKbcvZ;9fa`yKL#Kj23i-FegTOa{KL&mX-1c2=@C9(&hdaLwZr56z zKdg;#)BE=}%>5tSmSvak3Lfl0f5w5=G4wvp2d@jh5xgGwQSkcUzkxRZFQc91+TReo zDR?9BNbnHw>EMmQmx9|lq8q#myb0vbgWEM5H~2oCd9Izd?RWkdcryq3(+T`3L+|5A z@KErX;LX8TfwurJtq0hyJuSg|g0})s0B;RGAG{5C26$WWi{N441$7~I?P&*I6}&xo zSMUztW5I2o;0DhE?*#eP;GMxg2k!!Y4LlsYu&!*b{awLpfOiA$2i_fg5_k{r1>ilw zH-kS7egeD~_zmy~@BrN?xc2u3ZwUSjcn@$pw{U~w!23de4tPKCkHGtbXMqm@{{uV{ zyryovT>GQIJA)4dj{_eBz7Bja_?O_(;5WdBfIp@iP1l~G;O)U0>27A8r)Ae;;uboz#jpR1#bpE7JMXl9Qdo?Z&x@E5^Pf=>tk5BLo5Qo56N?SBcp5%|mCJ;9T}r-8o$ejfZ)aQk~u zH{O}xkLtmJ^I70+!DoZ-1Ah(tBKYgz`Sc*e)lUWw1b+kE{{GVC=YTJT{F~qz;B&#x zfX@TJ4L%>dlpgfB@xBG#06Yb}JNN?d@!)TRzX`q&{4n?;@ay1H=27e#? zF!*ZlpTR!>572{G*Uk^Y8-cF@?*qOTd=hv%_%iTy;QPVXgI@*T0A557rd>NXf>#Is z2)rHmCh+0lo55#-ZvkHez7_m)@NMANz&{4RUl00S`?rHX3jPUrEASoQ1HpHKCxT~y zF9F{LeiD2)c+IBr#IHNS4+8%Ryd(HA@ZsQJgC~O@ z2VVnz0{nCEEbw2!Pl7)bDoH<1KL&mQydC&O@ZsR!fxirX348_kW$-=VSHQmq{~o+x3wd&n_u(pdUGQt* z5#ZOsCxHJ9o(z5i-2Usv+cTd%^Zxy*{?}2#f7lZW?gt(Tem{63cp>mq@FL(D;6=f+ z!5;+oeNc_}xof9Cc%Yjg?~n6hzW>RuQ1FMqBf*P}E z33c2s`@W=;;FY~z!TZns*yp8K9s53}fc!Gt+`iYT61b~VQ(~S_aQ7PfUaEHBF0Y4A z9{b!9t8d@8WuH%CZr>O72Gtp_~lh#Rn;2q!T&yaVs!#_ zr3ogt?}G~`x9^*a1+ND6lfm6M?0W+jfLHc` z$G-1)2Dr-?as$0T%fTJl_bl%vx9?^C9Ng8Zp>?i<-gLry>I27x_|cl@{=L&+`hkl5&0=S-`GwbpvU*8$>Y^;lP^^d z)Sa=lr-dGWKL%de+n(aOy$b_(uPLd=i(SE8{!z`xg1dbGQ137APcnH%sE<7hz+IhI zTF3rQ*41$TX0?#K{e7!>a!c`ZR3}>Nc=RB{@=5I_e?NF-Fa4zXAaM5@zb=vwBi|P; z9z!13RXmA&f_fVHY4ro-g}O*VjN-voEZi%`^^)=427gS*_q$wSd1BL5SMycD-E1qY; zUb9>CgULM+Qg=Feu=;FpSN~b9zY*Nk-`rQ~d;;$B`!s(Vyt+hvzi)%r0Jra}bhYgm z!3};=500JJa-ctb!QHT;kuo3}+_k5q?*FEPyL|nDl3z|fQ2j%2SEshtISlUVTpKKP zz6N*s1kL{n?(&Zfk^CKSm$&_WIX&oi+1e8I{eBWW7`!#OtFuza8wp+q@`>Pe!BfHO zfoFi%2R{hz#=Ba_dl9?=JGBh|jBl>#oA*t-wQlBEJTMHwT{%-U8h2H+JLIO}}rb z-6!n473A&yUgxdB{ffyG=WW1)z}td{fro*|fVTrr0&frg0eA=S!{8mkuY-32zX@L1 z>uYs+^Vj2aH(i|}9}M0FJRCe6JQlnw_(X6w-VHk5x!~O(Z}FiKH*$1Z-2=GYoDDcW&->m&V89WN|i@*nhZwDU)ei~di<-Vb}!J{ExPA_)2 z>C#QPZ)jC;*Us(Q&Q{<mL^2AN=DDe8=qrrQCj{%Pdj|HC#J{EibfKLS90{$F$7WgFaT=2=@0Ri&Fwf}kW5bzhkBfzJCCx9n{r+`ld-vT}j zJPZ6q@Lcfe-~oE^&b5CAcnJ7Q;1S?2gC~F|flmdm>~%j~o|l8a0{H{ruYz9zp9x;L zj68Aep9Nk6d^UJE_-o*?;ID%xgC~QhgTDcO415mwui$TjmnbVwT>IyO*9V^m-UEC- zcs%%9;B&!Kz&C;~06zx)Hu$gL3&8`*$rIQ9Mc^Uei@_tnmw+dLzXP5Eo(jGN{9W)Y z@TK6n;LE@R%F7ei{^j5y;48o*z~2K;0AC570-grG1$-5F7Wn(%x4~C~m#ZL8T>C!& ze-ivd@V?+{z$b&R1z!Z74!#|H9r$VR_29R`H-ML`C{JAbH-bM2{tXYsRp2gf*IW03Z-x9t@NMAv1LcXEu8+a1fNuwH1^x;6VDKH_)4_Lw zF9**6-wVDA{0jJP@Snk5Ka|sc^RFZ!H(h(=zrNqW;CsQt!9N9$1>Xmr489*c9sB@z zCip?{9PmTn{%&HtKd$|s`Ti%rg24}ihl76(9t(a1JQ@5bcsh6{cqaH4;5p!5g8M%r zPx5&mz5)*hKL#ES{xx_k_;K)L@Dt$a;920uz)ynz3VsT_L=}1B+W!rBeel!ZJ;1*O zj|V>kJ{SBf_(t$-@MGZTz<&il4_>0GJaO&60A3&bB6tt*@4(~1FM-bmzYM++{0jIn z@bAHY1-}YjqMAH$?Y{a zw}AuVx88@KKsQ4ix zqlS)iW783Jj~^5Fe?NTCnEx7ncU!$Bx^?@n3{R1_A)WuvDeq*34D+^hVAQzi`rauS z()zy&-#zmG2QTOzOr6_3zVZ0j*yy-H-jR5l^!EtwuG~GoUQBdC-orcBZ$EC#=sLk| zqQ=GdiW?Rm9oNb?gZ^F&ytDRSGQn=<{7a^8_xOn;qX+*VD&3v()%trzy8e20*xkk5 z)QuZ5Y_zv|gFUr|4jMEdI$=5){q7Ryo>XIc7vlw#}A92=@%2YWj~gfdxBjkYqZ!~jyj}Ok13C_@ z)4KJ)_Wb`pP5Rf~sOMdX|7RWXFBAR${TTkc`?|+_dpFPJKkrqh$ABKe1A5f)t{UMT zylY68?jf|*^1k$cV~PF$qQ$PUzE;C-rIFiu4;$(23-2a8WI%U))?+~H?sfia%A)>9 zv;5x|-hZ|%ZYT0TDr_66|L&{*rJ2xRVD!*oqyKA9@V_&M>qUVIYn5$TORaU;YCp~HT6fQR_q>_=?)+}v z++hfxeIL!6Oy2K(&pG$pzwZz6>Kc0*S~HhQ(NDj+vKU9GjB+&^T~WJWQC+NS8@N#c2xB*4fz5?KzQ}j^x7r;+cf#=Rgq=Q2i)x?dXoL?4s7A zv9seQnzD3PukeN^#t1bxo|f|@sjD~6rEiRIbK&L8M9)nvG(v8?AzI5_xdBO4A#RBm zG-i_!nKZjmt=SE0|FX0KGOM(i_!f=m}BRO|6`@NA!9=+YHDU z&KWsCbIV+gb7$Dvg`85#T05xPbVnDb=k%eT#eja0M<~4R;jf`|bT(x-7(AqNBsc=i zX{nad>Od20sHj8CDajv~CKoK?H&Xl9U6LvzuklX}AhT*2(Y&d+sHda##-4aA(cM)o zYchceI#fmus;_U8rVN}5w_h2ZqIW=S{1O3jjSW8 z?AI8o%u#kKSF*ChUp1XU^^2A>XjatF9piNsu3^StE=Mt~Xm99?`IARK0dsZk#)d>g zBdrgo*OQzs>K9YEl8w>9nOzkZ(;PB6Mdjk4{)qmor8Xg0Ff@EAiN)F*ZivUczO1#G z=ALr-Be_VGRd&$0Qk~IX>S8mZQR+%+mKa9R`ExO+EGg0=8*AujqKR^XR{JfMMC)e9 z+Nq11n{G{US+ZyKFV0Xem`xa>(V59WhqsTXD2Io zMp0`qh8EOo)v_0xgz8T2=CtNGhZ-0^Iyb~uQ|r>6Xy~FzkX%*Eu6+nXwCZJyt+^RX z;{Sh6)cM{EZ=gUUgfwqB%~H+GSS^;YNw(`uV^b*uYYToWoAVjJYGAGP+vtC2L^U?f z!!a`D#*CQPK=E3Hx)krYAYoaGIIz=l>q!Qo;bGQmC&k4)l~=1N-kBu>s7+DJ6E)ED zX!rsI55fI(qVh~zy20mdY(t@Aebz2cClAe-9q{^uEKV4COJ?S9MjBu8d>x-#TpfLl@3QMyf!t%tGCX2IUbW@nOBuXpa$!wxkoaWB1RSjKD z)qJOi`zr#+G>F z4Y9U(N3@+T_FDaHZ_RQsJK3C2L8k7?8TFQ&;u%e?&9bf^^VamK0g1-y%tbU>Kq)m7 zFl{BJAxpcJwX$qN*+;hq(723lfHOkGiIck(i}EJ9a==6KeltS}somq5RUM$wPc1o}tk-msvGJ0+s@Z%khZf(O;@lzE%}H6IwJuqC zHA>q;Ra{-LIz**g%u9Asvb+|ti2M%3f>z2Xxh<;_Jc~@0j~6=co@=V3>@r$b8*QB< ztJr#L71TqROA>xkV&k(yQCe6WPUfqYDVFtPb0vd$S{kJQV*SE z3NdQ;auqq`^37O$R<*Qh8Y@OB~ZexZ_BU8#DwCVgp$7mTVG zwiiWRPwaIx(>Mzlpm%@S~@R5qXHUJsD7uG2Gm9okl#G&?lPyP!#+VOb!K;HjFw`q(0l9 zDISt~L7g_=LhALTA@h<$V;|pBmgwnru&u7Ut^0r<+o0v}v<8&&aS0C#)pgr!hH+|& zt_M=}hP(>c5^tlI5_qFSJnEcJ$KqipF9`9fNWeZG9?qw#K?6g+l|ASU^-pRjT6_qG zqDgob<6yo9QS34hUf_*{leLm!6l-W|qDR1P>TJ$xVI)d@E4te-bz6E?&5P=?{mGAh zoiZ0!U{fQ*)Dn?OJ$^TYywD-5fmoDAlziv6k<@hMfWDC-Uaa`w4)Q4AbORH(R;K0( z)OE|>thY^ORb-S|-d&#*fw?hnSz8YRKT(>KK?7fa?QLk2`!kXm5?Gzf%6@;^jXKVp z4S7cEHfN_gzhnhXcAK6B$$>^{4Sci{PEVaMP!wY}V&SE%M!GSzJMI}=%?&V3$}NKy z;|A2Rva*ExRPJ&X(IpxGhVAqxZ78P>LjD@%f~UVZB1fafw5XO=n9$VdAX^bw2Jmd4 zCNurEhG74_u$}s53WV9^uN$i@99##=hl!P$*Sn&Rfvm(E-io6GMO@Sax4Ch)2yx8F0Ot)P|B5VNgyWe44` z(;jbM(Uavk)4m{@>=m<4A^m;=P9}f(-uo>1MH#NT3BGb~MwCK0Mpkeml6=r4(5v>2 z-mU7*js8f;K`tIG5sZ;L=XWmdb5C_@{1gjV>pS=+1bVa@>Q%LyN4?6XcRdabySF%Y zAU&DZelgzt}fQRC9&bv%Q?Mo%=+uQ%no=7=$8uPriTA zlOOZvwXwpk&O%-eYoph~F1cFfa5L+)w}j5=X>Fs|{Q3*Ex=@pp=o0_MqAnVAtZ7)u zbT+12y^>Z3`eMKOc`rM)9u3}d5+X>w9aneXG_RO~ka}6JZ_}s>?KQpV_*8)9{kN8b zzPZrPL=Yg2lG3lb;C)fy`d)PqaWA(b0W@_N9`jMWk@fAHQ=~m$8PI@!A_qk!k zimrIFg-~C0HFT_u`!5Vvhk>u!T07$YS#Ij?k}fQnL8_+AyM|hv=0aLt>FbNpH6?ma zHO)u6SI2sbB8Bv5FW)^BDWn(i#S1TAbk+Iv!o9{DHl%^yT7;TtAPFj2Yrp`$7}p! z|0;7nx#exT{lyOaCZM10pl<{EQU|^NZ&&H|&v4M+EPOqFWe)oFKws{l_y3I{onPUg z-vapjZxQ=>=kIO#_ZZM$=%Dxitrp$>iyZVX2>(RcbN%_4L;m{z_JyvW;Glm;xO)Cn zJJ|m|h~In%eS~b~O^@Gk4)%`+`r{q+`9ObygMJdwpXi`30{W92^s|8eWCwi}(4XR< zUjpak{SNxqf&NYh{a#@IC+IuB-uQc4{n-!n_c`!C z0Qv_U^m%kFZ+iS5cF<1%`fU#Se9`Ou$0H8?p`2DuOxAot% zfPSI_f1c>|_?FL2O51@uJ@`dvU@?4W-c=t~^*yMcbXgMP2*_3}H%q5ixB z^xUTSdFStK`S-r)_4;4#p!Y$#zQRF2UJTUrQyl!y2l}ZF`bnbK{YIc);Go|O>|f}h-v;zoIOv}O`o#|VUBLfBhw>i+`U@QN!$5zPgZ;aK|JOL^ z_X7Ua4*GWhpT}hKb#ia3e5 zTY&x!2Yo-#|BZuwGw^?dgMKUEf7wAl2=x69`kg@k6$kwg(3d;Z-&cVCYYzN9Kwsg& ze+TIAa^R1MUeEu#9rTeS)5rgt9Q1jj*W2%V9rPyx{e2Gl0-(R&K|c-XXF8N$1<*g} zz@G>7TOIT@K>v_~e!1xN{CU_x-vs!7@1Rcr{v!_hKA?ZpLBAH*|CodRPN4sWgMI+$ zA9v7i1^z$bpnnYLzv-ZV3h1A7(C-BPKkc9&0{m|~=!XISTMqiyfqsXBejm_3Z z=r43=zx)fwdi}r1L7yi=z5V|u2m4P1`hRxN7XUq9lgf1bI1T8(7`In>`lp#N6~{tjUOu!H^up#QOhei-O~;-G&W=zr><-zR$6dGUY6LBAjH zf99b70O((J(B~bMKK_5rK|cZLf9{~q2l`()=nF)z_dmaM&`$&W*B$hwfd4B8eI?Mp z;hKB@{~-Hf+9Uth zmZ^wN5Qo`+ekRiN{}TGni@#w&-zo(-S?!WPP5&2K^czHfLQ<(dnEHB){sGZXHS~s= zkx$XzJ^zhA^k1U<_sg06AE9GS|G!}2zbyPqL->za^vComVOacrXwgs1Q2#rNzFhRj zD>ITm&G_?ks{Gv%M*ONp&-tZqrv6C!0>ytDi2sLlA~XJcPXXeu$&l~glUHfjzYFjg zWb&6<_>T#{Tz8&68<5>1t0sk<-zsF~g|!@{q*G`;>E0ru~yP zmj8zq{#xNziJs$sG~l0O;lD2Y3qts3ksg)*knoE%KG$_K{})*J7QWfvvaR~Y:%9})e9 z`oZ+s)IVske+#gmpZ_=G_nh!)7ufa+zd}{Rtp|GXxT_-iuc@3ipq0snNsKb3-q_?v_uR{kfE9>u>1@Xr8zeog@KcL+bM{O4Nu zRe)ar_`kI9cW20d)xxg_e13k?EdQ%%nnGWv<=;q#{3}UMCPd8q>jQj#{?Fv|eTs;m zzfM)Wu=xLjh2IbO{QREDKb5Kp;+G5m3S~y}Cm*YCCy^fczfJg6axk|){QQr}zsbVC zMfkqnXVPf`TZe_eAMpA4ACv#Gh5xef7X)Z3R{B>zu<$G9&>v{??Pve_`5BYX_nB}^ z&GFAEU-aaWu=(2+7X7)R56hn_(xdWQEB5RC2R}by+RyhHAp7SF|4QXX@~2sTU$gKB zgs+bu`2KB^KVso;7Cz69_08nJXWU!v&rxM zD2`vH==%+US$;Q?9>uR->~9f0=Wi9T|7RBd@Lwy#KX2G?@`o+_p{OdqD$z54KHy(? zEcSo#dL^th_(nJ)Gf0p8pKzJt>*co)@E^DE`-LCY{^e5vvrXps;bGCQFzh$ucLM2= z{guG}#lZg0TKIXlDe$Ba{#zFPG|?9tdNcn2X0bmZ_UrYx7TABu1RTF*!Veoi%_KdF z-+I93cjD!VKfYaCE&MgYmu4gx1+)C_xA3Z?kRHW<8{l6D_`k9654%Hw&j{haVd3uw@vjH`xirB+{uc;;vcczL z_3crM{xZ>@s~=3C&HR0s^eBFLRVsh={AmRCA5J%TAo~--Zw=vpXyF$Kzh3m5zj45? zweWwDVfkG_dgT9F;Qva%zt_Sa5k93yVB=WnTOM_AD1JxZsg5%BX8C=_qCZ{qVf{xh z>5=~f!2cV7|F2p2^My~{Q(!agpGg-ek^jp?KQo|C&)-tgBl`z|{T;ymhb;V!!k-wz zFE|C;|1HsnmERVNen|9T?f*TbNB$21|GR+yZ&~>JgkKWk|FzUWpz=HQZ?O4(y|0@B1 zHQ;Zt@Q>c0C`~$yKAZLL9t%GK_@4p%V@}2XcL?9?zfArSq(}a50sPMb{z?mfqwvG# z&qEgdPSKZ##P7Qn`-jDTN-uBY{9Oy|pH4Rr(bs9?pZA1+t?2z7AFFSLq(|}F2jaI5 z@V8p{3%{%=3w0QMHu?8k`1$kG>kr>6V2*#Mo{s$=5dMP(-^`y$q(}Z&34fR9IsUf- z{buz3tW6obN<>V{Pzuqjb9_Bq(}Z&2tWUDA^?#38^jkzfJ4sd_O#W8VBmZj_srXlkp8ekd z{GUP{EVBRC!as)psBI?yY|bF_+YegS6 ze|eDfsQib;|9bL`H!lAHa?~vUi_XIKzb$+ko(48E{?A$Tk-L=a)qpxZe|C@_*st&-x^e|Fgn3 z`wu!rV7twte_8Yw1ddM6pC4NEA7tqN3#1=Mj7lT12Y~5=_YYLD=g`I`Mt0sC*Z@SB8hw!bESm4#mk_}>EjBdLP%InDgpB>b@Ux5=X4 zA^I61@r#ij#cwIF{~2Ka+ZO&Ggm0F=8Nch!!~RD$DZ_gV`_25nmh{N}gxKFFdd}aS z!2VxZ_`Sm4AHv^l;qMc^uV?;00sdvvu>Z~XDDXUkZ^myn>5>1t>s0<1Y5wm5{C~Ib zw+nx12!D@-pSMKu_4ea=z;8Vt`+wMG1*Y^0Y^MKBq(}bO2w$)NF981Q7XCEh-)jKP z{Cmy9ZxQ}l(R2BKAMiVq?;@3|Jj_jXuzY<=q!|Aihzk~FMzw7Gs z`tu{eKfD<86T%ORf0sqSLG)qq|FcEEB}08l3AX=9(T9zH9&DjAFFSx zE&5*3oAuAscat93zenuX`;T9dI8WgI_Y=yo{Tqc(-9unA%l{bCBmM~BzX|w_7XI_X zH~lyHZ&>tuM1N+$`tP%>2KY^eBG)!2S_n|C1K}T;bRGVA->;`t}VAf1B|2{P}OduciSSir-zr4;z2X zBR%qezwq_;=L5hWvhd#$zHh(pvl;*ITKEOaRQ~Gx4*~z0OR)ci4=Ex|uLGOOuO&V5 zzef0a{_^C<9KSqm;V%<@Wq_XEehgapEr5R*;D2D@ZxTK=Pl3(!|IZfwS`hznfPdem zIR38)KWzSWRwdTIm7%`Dq8}0c+<^D#@n24QRQ`kFzn{O{e&zxH|7te2f7Zha92Wl% zEc_7=|Dyr_UJJih_-6i76$)$vq(}Zw`IM@Edj5|G{P!&U2ZT?{dx4Ek5!l|f@GFI{ z*Z*SyfBqaC{~rnei~vm?tA7^Y>KJBmalRf4%)W4fy|M3x7oT&xG)AxA60q ztM+5R=(+v;1mI7)4Ez7&HYGgE;L|Ar+nJHWuR z7X90z56k~+FUS6WkfHtwi~iV0l;I0Q?B7m$6u$zAUzO-Nev?4_uA&1_`?E~=rvG$` z!1nJJeVgdd3LKpt|2?Ef_P2oY=Xd4g$@%=exV#$Mzd`t6*H7k<9`V-#{#3yKk%hlQ z_$7w_X8Si};ST`*d4OLxAN&8d@Xhv@P7&A^kskR!2>9m%{?{%1qqi%}sR3Gg`TyFY zpCtOQ{_j_$NA?c^`-_16a~9zE&B>5|G3gP158#&o{?itIeTMu&3x5RgO98)-8W>dn zKPUW88Rci@?^Mzw|0i6h+V6VNbNf>U`1f1*KNtSA5dJ0$KOua-onU?i;D2c0AMvOH zPcry)iomwy3LL+4MSoJ@==A&_wCFDtJvEPk&5Zw}q(|{zFaG;__J0=e|F}ii{`JB) z>!0cWc+w;OFo^#pfPb@v|FH1S3wWO%zf~6gKH=;0557mt>^}}$jQ#(K@H;~If3fiM zV=DjqM9=Y`1Nh&x@GBov!m#*1MtT(ge&Or+KM(LvtHJ(XC;YQR{6CrWh`$Z+F9ZDh zEc|uCKPQBLw}rn8@T&m-^eeId+lBwJ5dIAo{WGFB$4_ScecGabN%UsI^8aArR{(x3;9p4#%fD7a}e`oTiTlg)F>GAIX{8r(c`9CQ9u>5bb@CSrnFNU-K3BbR{!rz@C|1JxE z1n|26|0N4Q@=axUnE&6m@Rv5F$G;o!_gnZ=gzx8xU;cjn_`m<&!e1}^DlPuKfPdC9 zmH&KgRNpFvKT-dZJ{K6jFA=?&KP?&BznJu>{tN^AR|ES$W3hj&@Xht-35NX-SnMCj z(EfWZ_UFgb`>&gU{XekSKPdbY4SP-d-?7*~Bzp6BGk<<-vAFwWoVE;#!QaK;e)EfTqa^j`iLC#Vqn3!YU9&i^}r{goE}BEHy5+Z4lKlV4}i_wvOe z+V+3c+a-UP`b8G|mlmi@8dTg@r$5hT7>?wzRi^0n92@n_$T zyF_ocUoG1?t5V}V?-%g z>Tiq0Z$K`o)04k`rtqv+3vt3v`mi;6zt{r;z~1int@ YjsNX&^a1H3_bX4wecC@#?alcA9~9Ljj{pDw literal 0 HcmV?d00001 diff --git a/ProvisioningTool/keymint/lib/libjsoncpp.so b/ProvisioningTool/keymint/lib/libjsoncpp.so new file mode 100755 index 0000000000000000000000000000000000000000..a23ae279b4f61ca7a475bab45b8df3a5efca33d8 GIT binary patch literal 1388960 zcmbTf2{cyU7dQSGLXs&B<{?RjqEKlAx2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z! zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8 zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~ z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^ z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S| zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx; zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3% zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M! z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3 zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3 zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4 zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94) z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF! z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!) z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72 zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva z3wQu{1mN-*j-S%!=TN?&DHHN*O>~ z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}} z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO} zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt> zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4& zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7 z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@ zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5 zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^ zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+= zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7 zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2 zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G- zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw zMrC=PGb4MtEmPaOqUYq`A0f?4< z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^ z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W& zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1` zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3 z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120 zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4 z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1 zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt z_eNd(vOmKIzLDxa zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW= zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee) zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2 zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$ z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;- z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`) zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7 z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r) zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}& zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2 zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8 z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY` zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;! z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5 z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g| zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9 zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D! zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L> zQd$W+K|j zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~ zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B} z^ zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE& zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d) zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R% zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt z&ik1(KN`{eXh8M0>xlOIUB>u3(D( zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb> zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+ z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY> zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$ zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K} z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9 z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5 zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY> zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO% z3_$x0w4TPVyI)PHuONs1?x zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we; zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6? z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL! zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b z)6hfvz^OLR6PZ*y|`&D>I?IM z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm zjT<{|J6$l`Vkr@WW< zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0 zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk> zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7% zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL zSiGq}AE&&Sy-DdU-$G_z(F& zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e# z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(> znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+ z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7 zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5 zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv> z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS> z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O zjDaIp|3Ke}INy=j-8)=f&Io*(LP9 zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH< z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|) z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W z|AzeM=k+2G_S)lv z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E% z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+ zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw> zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO` zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e( zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$ zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1` z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6 z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI# zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64 zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65 zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^ z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c; zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8 zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D( zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y` ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9 zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp= z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_ zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4 z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1 zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu| zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{ z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?# zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~& zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#? zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2 zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9 z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c z!|gL_zqU)^ryR%amoMPVXrO z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^); z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o= zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$% z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1 zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8 zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~ zUF%Yu1RWoM|XXUW|96s8jUI? zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}} zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2 zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ= z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9 z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9 zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8 z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^ zea$`YYNs0Ang$SBZ}LW3X^V5j)<5% z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)( zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$& z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D| zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A) z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@ zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ zb+kY%%+`8FGXAoRrB{SCrhAbvm zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_ zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S; zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^ zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW< zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7 z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5 zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{ zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3 zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8 zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{) z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I% z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2 z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1 zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07 zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_ zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^ zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS( zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA zWi2VvmtqM^`DzIY(!ICV? zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp; z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT} zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4 zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4 z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3 z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4 z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#% z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^ zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089 zV=pKvy3%r#0eQR=bFXdRXGTTD zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_ z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX( zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg& z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK- zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ zylKQzW-Z zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c zAh1Ye)1>XXjvEa&vr#iw0&q9?}W zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8 zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy- z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4 zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3 zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7 zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7 z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4 zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7 z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW` zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M} ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I= z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0 z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX( zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb zG#?+8d45Tm(r%D=; zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P& z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm z2v(T)7L{D2+pjyX5W=Cig!~bG zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7| zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%} zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M` zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU( zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4 zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~ zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@ zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv? z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN` zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|? zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792 z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$ zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5 zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL` z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7 zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+ zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6? z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2 z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1& zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3 z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5 zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL& zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ) z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1 zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2 z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$ z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5 z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3? z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~ z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7 z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%) z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*; z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo z67c^4d2AoRZoIf>yf80SS zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?> z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2 zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F& zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q z6lgyQ_*i5BMcOX94hkb9xPh76CsS z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9 zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2 z=LFzag1$`xz7zPL0=x{j1bjQl zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2 ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ> z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1& zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4 zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5) z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3 z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo z&jLOT_#EKdfzCYOGr;Ep;NJv% z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t| z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1< z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID zI6>44)E^)9tQj%@Y4eLr67kkz^?#0 z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7= z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA> zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@ zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17 zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9 zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl* z0q|*PzXi_S7P8HyH z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3 z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W# zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{? zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_` zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF# zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42 z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ z5NsFT~D{wVZ%943(PzVg z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209 zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8 zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$ zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+ z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^` zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7 zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$ zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2 zbcK2*U8SO34 z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D& zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~ zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4? zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_ z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0 zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c* zf%K?j6 zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7? z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_ zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup` z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB( z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726 zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&

  • GXiQ zlP@hldsxP3k)#Y@C z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@ zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+ zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@ zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|= zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw* zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^ zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I; zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H? zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7| z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@ zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5< zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f= zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0 zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1 z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7 za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y) zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc> zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7? zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1 zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9 zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I? zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1- z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s! zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~ zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$ z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$< zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$ zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6 zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+ zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS` zuyfQKZtDb>TzU}7b%`$>g~^fJovA21- zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z; z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4 z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2 zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8| zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS| z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}`` zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00 zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3 z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;- zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H& z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~ zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_ zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD z>&hdPuVJjXGWc zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$) zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92 zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i zu`>Jt_JrQ+bhdP-_mV|!+Pys_ zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^( zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N= zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk| zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B zj1!OV&Bhs-$wjyf`@Lx zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H- zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7 z@Ma+vZSB(1in9<`Rv}4F z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+ zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5 zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c| zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs} zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^ zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}` z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)> z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w> z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5 zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0 z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8 z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@! z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+ zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$ z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@ zAvW5Iq~yb@6K0s z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG! zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL! zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj ze^1(?^EZC6x-zJ^DilmFxQoFvU# zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{ z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50 zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK- zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6 z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua) z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08 z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$ zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY= z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1 z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4 zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4 zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^! zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ% zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA# z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN& z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4 z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+ zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a> z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH= zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0? zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($ z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9 zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og zF?buI5J_K*Endt4lt^{seD1Sj z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$ zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq) zxRSlcZefdKxgDLL!icY*9Le;Q z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1 z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0 zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w% z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_ z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)& zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU; zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc zo*iuGE8h2&Ebw00&WO6`-$ zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+# z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_! zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk! zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5 z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$ z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9& z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki% zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN( zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X zS;$GWZvDLhfi?!u+AP@~~Q2>*s! zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0 zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn# z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0 z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+ z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg= zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{ zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$ z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx} zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5 zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL z09+V;O_K_(FB1iEwr*S3`o0nCAg znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf% z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0 zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H` zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`% z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)! zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj! z66W9a;O`8pY}E(mLN* z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;> zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2 z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b> z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^ z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+ zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9 zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN& z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32 zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{ z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c) zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$* zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6 zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI- zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw) zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX* zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2 z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8! zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@ zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2 zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9 zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7 zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c< zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*= zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs( zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4 zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8 z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c) zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O zvlE^XY*<%7H zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$ zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@ zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9 z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3 z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+? zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz- zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~ z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy ziuNyzx;9F^o=;a%zcc3F4F%aEN* zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ zPxPpcu9+u7hx#OLOSIT zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58 zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1 zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{ zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1 z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=* z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9? z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_ z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j? zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f` zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2 z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s) zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4 zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4 z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2 z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS? zkG+HoO>7zXM%vi6cy3WoY{~H0 z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq- zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H; zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8 zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4> zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(< zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB z$dnU_wtxfd=b+<&3!6+C`ew)D32 zyVwKFqa90LEwLH8j%%wUOJRO93!f8@} zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0< z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K( zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3 zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{ zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51& z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^! z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4 z*gq(bMF+lqj8K>x^ie| zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua% zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf* z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0 z^&?q24n0tn7*ZtZP4wezK-ijA zInvF`ARW=6tt@l$V;_hdl8Ohs6& zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2 z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8 z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^ zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$ z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9} z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3 z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*) zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+ zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G# zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev< z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~! zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj- zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq? zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@ zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c- zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42 z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`* znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh! zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9 zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^ z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g zskUSSJ z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~ zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn) z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{ zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~= zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0 zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907 zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi| z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5 zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1< zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9 zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q? zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55 zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@< z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_ z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74 zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y z3v1j`i%hA#2gzna#+ zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9( zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@ z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$ z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71 z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$ zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7 zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP( zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql zSf)?V@n9;NH}8@=&j#^es3 z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq> zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?< zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7 z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^ zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ? z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~ zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51 zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^; z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~ z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq% zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+= z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue? zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-) zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0 z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1 z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6# zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4 zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%- zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q z)a!MmXxxbMpp8%xuxm{XM6hn?| z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5 zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{ zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc zmsGx7eNwbs@ zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2 zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2 zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX) zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9 z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y> zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ> zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3 zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A znh)nlr@EoM2I zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL) zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v# zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z} zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3 zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS= zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7 z@BwzRDw`(D!O~a1#YpSQ=r5(Sf z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_ ze1C>^P|6DC}EtAYP&;J+I9 zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ zoH;Ag>&eXa`egUT$A#?y;t>7^8CG> z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)% zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ} z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5 z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$ z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672 z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1 zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`| zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS= zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75 zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03 zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL? zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7 zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$` zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf= zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI` z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{ z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8 znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{ z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5 zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o- zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$ z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@ z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw ztb~NfltC* zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH! zFsd*10#Acm;ni?2^uoii7emq<8 zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h- z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4 z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0 zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;> z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7 z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q# z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~ zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<| z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee! z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7 zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92 z8C*I(WR~9})ac_63>0=x>dGLwges#o< z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`& zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2 z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4 z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+ zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F z0bdO6H#g>i&jk4O z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$ z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9 zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$` z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$ zcC>*z^Z2iKxcw zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq) z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg zZt$((<{whQ!Ot&W3GlA}^zUy9 z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2% zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j< zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{>< zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR< zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c) z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(| z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6 ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N< z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1 zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^ znh^X_lNGT zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o& zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I= z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_ zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc` z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU zWtagBp z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1 zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3 zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+ z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^ z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>> zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix% zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6 zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1 z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13 z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}< z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6 z01SP8e)(F2) zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ* z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6 z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE( z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q| z6x?qv8Vr zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ< z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5 z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV zG4=}I^Z!0?7v zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE| zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8# z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a! z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T> zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8 zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G} zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^ zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21 z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0 z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT> z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1 zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{ zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{ zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl; zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97 zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8 zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV% z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2 z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q! zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH? zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9 z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O# zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1 zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^ z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(* z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4 zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL zYKoesW~f!*gP5o(kg zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw- zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56 z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4 ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R} zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks> zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr( zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#& z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l* z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u? zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$ zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f` zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~ zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z! zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI= zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h& zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5` z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7 z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>% zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}% zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d` zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl zTOW@rX?LOjv$Sf<#eA4HP()bbD z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7 z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4 z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-% z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD& zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R! z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-) zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9; zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{* z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz= z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv; z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i( z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;< zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4 z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj} zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N# z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E( zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ= z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB| zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN zMdLjA2EdwyC z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7 z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+ zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5 zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$ ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~ z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^ zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp( zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+` z36T>A!y@f|f9w}%68d*|zMC z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8 zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8} z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx& z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb zL`)GO9>*cCKu9*inMk1BawFA{5F&=- zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z z5u!-bv|7lhlLJ# z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j# z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+ zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b| zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}! z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i` z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa z%9pUoL7dTAsLOyb0`{ zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9 zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2; zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^ zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^ z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l- zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_; zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7 zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T= z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f> zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0 zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&# z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l> zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr| z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;# zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9 zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK zEezy2H#I1c5 z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS) zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM* zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+ zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX} z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f% z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI- z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@ zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky- zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88 zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56 z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96 zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}} zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha! zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5 zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a< zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+ z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4 zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS zQN#KL745Mqlj(~)>MPtYwR! z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks| zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9 z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18 zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL! zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9 z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{ z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$ zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C% zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb( z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty( z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{ z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0 zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_! zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$ zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}( zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I& zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0 ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx> z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF! z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0 z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r# zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_ zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg? zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr zLAnv9ucGO5`azsp=>zVe#S76ngB ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1 zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~ zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS} zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko( zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7 zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_ z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$ z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu} zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F& zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5& z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_ z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$ z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna zE9eP@$U>0Fiqx zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1 zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B znVBa2 zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP| zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=- zxizS*X(}o-Y#sDj1G~Bk zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d? zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y z^^dxpt%JN}lT z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+ zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T= z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+ zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj- za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW} z%}`rrT|#}Lx6GGv7*4Ta-q65vql zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ z6Y;T4let(SXmU zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0 zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3 zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV! zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{ zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV& zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@ zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8 z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1 zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie& zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz zvxQQ`CM;-Fea9NJb;v)BiE9m`( zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD= zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK< z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1 z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m zimj9K5%k2hiKJ(>y2iHz z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr# z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3 zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~ z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?> zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+ zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^ zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?- ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0* z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW% zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN% zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&; z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj# zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@ z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW> z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_; zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4 z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2 zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a& zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4 z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8 zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X z1kDkemuJq1VqVxQ9@ zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_ z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6 z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2> z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521 z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H zFWc7@jC#L6C`G*n{Z4K>-d zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(& z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-% zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj zo8ci4w%w%3$v(@vGf z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY% zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj zoN z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+ z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme; zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3& zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(& zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@ zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F& z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5 zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{ zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe| zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$ zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9 zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6) zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J! zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3 z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@ z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f# z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^ z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8 zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@< zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI zTsjo}34UkxG8^M= zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4 zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_% z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE- zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+ zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy} z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow; z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@ ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8 z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+ zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^ zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR) zSvG!NC11zb;m;94Y2 zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82; z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U- zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9 z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9 z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l( zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc* z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|& z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V zSWP5u?v*CC!!GIFixRb9{4 zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@ zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8` z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+ z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4 zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+ zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^ zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{ zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{ z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C( zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_ z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{ z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@ zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3 zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$ zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~} zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_ zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$ z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5 zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9 zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm! z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4 z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g> z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV} z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-= z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3 zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~ zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8 z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr) z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}- zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$ zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7 z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`< zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$ z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9 zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG& zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{= zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^ z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4 zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP) zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9 z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8 z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*= z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1 zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ= zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8 zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h z&uJ7fjq5oj0(nmV6e0c^FJbG|xG ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt| z{2nWySqfJVPfH!#d}sov25u^Zy*4 zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP| zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y zgE1c?+zIF^g(F?^N_ zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~ z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc( zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&& zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@` zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k> zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9 zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85## zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_ zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95 zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}? zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X= z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW| zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ; zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6 zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6> ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7 zgsg|#6`0vcj6;!*!a zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@ z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#= zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN& zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2 zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9 z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i zc_xuE4gk<5C5JASX zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@ z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80 zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6 zFv5T8 zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0 zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{ zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A` z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl} zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~ z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7 z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww= ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P| zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@ zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2 zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D z%Le8tzm zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL# z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8 z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE& zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6 zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof zHqh_%*`tt=rOHGOoiQZH2 za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$ zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6 z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$ z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4 zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^ zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7% z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1 zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0 z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9= zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o; z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu zCrEvTL{OyB3= zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf) zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL< zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$ ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(# zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~ zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7 z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3 zi{7Uu04wcthJxT#0+ z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<# z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~ zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2 zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9 zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%> zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7 z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(| zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU# z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM? zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6 z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag! z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a? zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8 z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8 z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(< z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_` z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@ z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%? zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_ zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{ zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~ z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9| z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9 zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2 zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3% zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L| zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4 z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0 zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM> zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W) z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{ z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8 z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh> z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc= z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+ z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1 z+*r-jM$b;b^@4(e(sPeEBV56(sEAl zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~ zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{ zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB( zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi= zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L> zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv| zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{ zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l z1XM>bmB@!9%EA6jM% zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7 z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb z+W-Ugyxf zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg= z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6 z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ= zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2& z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@ zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`| zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^# zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ# zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^ zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<# zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$ zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx> zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU zROSw8Rf5LI3$k)bnJ zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~| zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+ z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU< z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^ z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5 zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0 zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g* zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^ z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41 zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0 zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w= zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^ z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^ zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0! z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs) zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-* zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6 zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{ zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l% zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX- zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w zKxU3@S50l;iKu-_-iMBh+ z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5 zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4 z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h zbTEO5o9o_#L2xUQHNE1oMdK z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y? z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89 zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?< z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*( z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr- zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43 zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU} zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{ ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io| z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA} zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0 z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-| z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF; z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2 zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6 z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r` z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^ z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7` zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1 zv?7t5q>i`5NJaT|+lf*hO zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV! zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9 z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S# zNs*O)3OA^%>C8R zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7( z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5 zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3} z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d z7l2hI0R3{aOh_$%3N zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?; zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$ zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@ zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm} zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9 z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u= znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{? zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v zd$40Sn*Bn`SO>&L z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3; zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0= z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}- zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8 zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8> z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9 z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{ z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0 zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{ z@H>Ad9Yu`U%P@H!zOhJ`gj)L zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^ z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#; zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@ z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+ zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1 zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^ z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@ zEPR63QATjyGgLmYuR*Wz@WZtGle z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9 zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW| zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0 zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@ z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6 z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH& z5O-&sZh1gZYfC(q#X#lpA zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+ zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{ zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5 z@eP8SH1j__b4Q@`FBG3BQ%# zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP* zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2 zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)? zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8 zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5 z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0 z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{# zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC| z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p} z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3 z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq zXjtt@Gcczwc*n6vh{)ft zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB- zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i} z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g; zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-| zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3 zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40> zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{= zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8 z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^ z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_ zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs zMM9R{TbmfVa06g;~50RmB;r&-g63 zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^ zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7 zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX zOoMW@!}3b74=bGudt&wD z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6 zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n` z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>| zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@ zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1 zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ zrxtE`8Jn~^=yBsi7V zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl zKk6$8X{Cj7hbzpP(pq zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc| z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R zEiRz8&{Z__3c09V z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_? zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO? zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9 zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3- zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+ zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97 zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(= ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r? zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+ z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^ z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C< zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1 zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg; z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v) z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw; z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_ z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B`` zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3 zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6 zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp> z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{ z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9 zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^ zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0 z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6 z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7 zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>` z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6 zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9 zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9 zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8 z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4 zEmU)gF5R3MSN~h{?3!Tx6OKG z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6 zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35 z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8 zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H& z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~ zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2) zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6# z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8 zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2 z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD) zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^ z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-* zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~- z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;| zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$ zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0 z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho` z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@ zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b| za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG< z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu} zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c% zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6 z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8 z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy} z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2? zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE* zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6 zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1 z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@ z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7 zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP; z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba> zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf z6L$0$DADj6tq zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg! zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+ zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$ z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x` zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$ z2X>rno(N1#2-F1DmdJ;>Iut&Y+ z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?| zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%} zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6 z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$ zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{? zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44 zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W* ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^ z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0 z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9 z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc zzKKeu_y0p$Z0SV^6X z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733 zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y* zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@ z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3 z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~ z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d& zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_< zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES> zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl# zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#; zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$ zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS> z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN! zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ? zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg- zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0 z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51 zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9 zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5 zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4 z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah- z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7 z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3 zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8| z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7- zgFi;mzTg7Ul}xs_y)Q#nSguIV zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;! zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_ zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6 zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1 zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8 z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8 zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3< zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W* zxi$9e!yw#mmX_1`qQl|CeWKlXu z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o- zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9 z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9} z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx} zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_% zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G( z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y* z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl- zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$ zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0 z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV` z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5 zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3 z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d zWLJ1_I3AhUa*H zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO? zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+> zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+ zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^< zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9 z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2 zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8 zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu< z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^ z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+ zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_ z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{ zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8 ze~j#V#-Utqmu_r?m6yHIoF-5QiX z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F zQkd}`ih)!3#kf=v)k zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z zjThKgQQCs)W>fRK~RA~_W;magXG-6 zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T& z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$ z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D= zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1 zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p! zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$ zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf? zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2 zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U? z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw! zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K= zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P zS(&Q-96nd`H{x@)zYU*j_`lXd z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+% z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@ za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7 zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP zx*!|gse z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601 zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@! zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f) zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p& zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+ zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7 zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`! z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7 z*=PgEB6nW3nAKm}pLWJ4GT+c$ zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4 zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^ zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0 zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg z;e z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0 z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0 z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1} zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu& zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F< z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@ z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3 z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn} z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t( z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6 zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$ zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^ zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$! z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs- zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32 z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$ zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4 zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN! zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{ z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<

    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+ zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^ z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l> zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)= zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{ zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+ z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<` zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57 z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9 z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq% z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq z@jEXM{hvV3;7J@u8Zc zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9 z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6 zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2 z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc= zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7 z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d z;*gP@?GHtQYxxNg z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10 znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4 z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O? zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5 z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5 zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_ zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN< zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3; z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9 zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6? zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l< z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#? z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{ zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i& zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql zX7m@s4nv-0g6nvh;+>Cf20brlC| zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ) z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5 zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4 z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho! zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M z;0vHX{08`2zNEuwaZJu2Lrzo zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_ zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT= z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>; zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6 zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7 zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5 zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck< z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7 zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i% z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF| z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@` z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk& zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6} zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE& zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh-> zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u( zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^? zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV& z%Ru{XF;!{pTh^h z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(; zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt| z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4 zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1 zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6 z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8# z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4 z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!) zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p> zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7 z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9 z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui- z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6 zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5 zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$ zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS! znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx= zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33 zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa( zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5 zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3 z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1! zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX} z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e> zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3 z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2 z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*` zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5 zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~ zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0 z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+ zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin zZVSl9pDHQJSmA^3fXqy$ z#6D1%ucTNDzqx|CN-TTU~J z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv) ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+ ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$> z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+ z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3 z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~ z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ z=KRaB1uy1m4ICu^#gQ8px}*VQzC~ zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?} zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4 zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9; z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt zjX>h3S}r`u24jk9Gua?a zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ! zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7 zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5 z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3 zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@ zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5 zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8 zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9 zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN> z`Eto#aG_A{WG!Y*X>+F z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC zi-MnL$E!4771L*0eCo5T#sG;@e`> zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8 zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_ z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9 z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{ zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%< zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF? zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=< zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a} zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^ z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f} zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0 zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|; zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9 z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~ zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2 zE^8 zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm% zo81J!so>f2kPW%wSxUF z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9 zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q zgoHb&^yUyv6vm=bW4ekN6i!a(nM; z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46% z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z zRCU_2j8ExizVu#k-Mc4tIw- zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5 zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<} z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99 zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5 zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-= zZoh!)XoW0LsOg5RLOWTt1mO`!Ob z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$ zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~( zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2 z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G( zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{ zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@ zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq; zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4 zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK z{GOnp1-D9ERM!qlAHZU?zO( z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@ zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV} zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82 zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+ z2SCA`T$}4X`*{kL19oQyA zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{ zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~ zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K* zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^ zx?K9B8s!UYp9YZaFzh3MJkT zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@ zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?` zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)& zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K= zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@ zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+ zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0 zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO zzM`1zE19resFtDyj5KM4o{82T zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4 zI@8_sLp7%?V~w@kz;d#6i$djLRuK z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$ z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6 zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF# zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2 z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN> zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4 zfB;YChQH2ID!7Z{{JK{g-PdZ zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^ zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J= zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI! zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7) zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_` zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~ zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6 zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0! zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y| z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3 zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1 zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78? zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure| z*Y+0$i|u!;sr{yLj^{{9nq`6KwT z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0 z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q z(soWpHQ}8jb$z zx6%`5Ax2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z! zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8 zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~ z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^ z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S| zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx; zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3% zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M! z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3 zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3 zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4 zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94) z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF! z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!) z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72 zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva z3wQu{1mN-*j-S%!=TN?&DHHN*O>~ z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}} z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO} zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt> zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4& zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7 z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@ zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5 zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^ zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+= zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7 zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2 zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G- zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw zMrC=PGb4MtEmPaOqUYq`A0f?4< z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^ z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W& zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1` zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3 z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120 zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4 z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1 zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt z_eNd(vOmKIzLDxa zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW= zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee) zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2 zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$ z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;- z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`) zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7 z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r) zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}& zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2 zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8 z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY` zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;! z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5 z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g| zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9 zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D! zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L> zQd$W+K|j zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~ zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B} z^ zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE& zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d) zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R% zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt z&ik1(KN`{eXh8M0>xlOIUB>u3(D( zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb> zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+ z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY> zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$ zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K} z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9 z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5 zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY> zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO% z3_$x0w4TPVyI)PHuONs1?x zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we; zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6? z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL! zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b z)6hfvz^OLR6PZ*y|`&D>I?IM z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm zjT<{|J6$l`Vkr@WW< zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0 zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk> zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7% zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL zSiGq}AE&&Sy-DdU-$G_z(F& zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e# z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(> znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+ z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7 zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5 zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv> z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS> z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O zjDaIp|3Ke}INy=j-8)=f&Io*(LP9 zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH< z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|) z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W z|AzeM=k+2G_S)lv z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E% z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+ zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw> zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO` zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e( zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$ zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1` z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6 z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI# zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64 zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65 zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^ z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c; zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8 zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D( zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y` ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9 zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp= z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_ zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4 z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1 zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu| zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{ z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?# zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~& zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#? zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2 zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9 z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c z!|gL_zqU)^ryR%amoMPVXrO z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^); z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o= zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$% z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1 zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8 zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~ zUF%Yu1RWoM|XXUW|96s8jUI? zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}} zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2 zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ= z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9 z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9 zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8 z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^ zea$`YYNs0Ang$SBZ}LW3X^V5j)<5% z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)( zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$& z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D| zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A) z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@ zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ zb+kY%%+`8FGXAoRrB{SCrhAbvm zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_ zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S; zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^ zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW< zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7 z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5 zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{ zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3 zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8 zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{) z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I% z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2 z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1 zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07 zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_ zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^ zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS( zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA zWi2VvmtqM^`DzIY(!ICV? zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp; z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT} zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4 zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4 z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3 z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4 z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#% z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^ zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089 zV=pKvy3%r#0eQR=bFXdRXGTTD zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_ z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX( zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg& z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK- zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ zylKQzW-Z zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c zAh1Ye)1>XXjvEa&vr#iw0&q9?}W zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8 zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy- z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4 zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3 zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7 zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7 z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4 zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7 z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW` zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M} ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I= z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0 z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX( zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb zG#?+8d45Tm(r%D=; zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P& z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm z2v(T)7L{D2+pjyX5W=Cig!~bG zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7| zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%} zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M` zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU( zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4 zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~ zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@ zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv? z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN` zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|? zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792 z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$ zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5 zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL` z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7 zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+ zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6? z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2 z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1& zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3 z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5 zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL& zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ) z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1 zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2 z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$ z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5 z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3? z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~ z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7 z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%) z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*; z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo z67c^4d2AoRZoIf>yf80SS zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?> z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2 zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F& zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q z6lgyQ_*i5BMcOX94hkb9xPh76CsS z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9 zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2 z=LFzag1$`xz7zPL0=x{j1bjQl zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2 ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ> z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1& zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4 zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5) z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3 z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo z&jLOT_#EKdfzCYOGr;Ep;NJv% z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t| z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1< z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID zI6>44)E^)9tQj%@Y4eLr67kkz^?#0 z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7= z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA> zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@ zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17 zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9 zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl* z0q|*PzXi_S7P8HyH z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3 z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W# zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{? zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_` zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF# zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42 z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ z5NsFT~D{wVZ%943(PzVg z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209 zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8 zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$ zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+ z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^` zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7 zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$ zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2 zbcK2*U8SO34 z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D& zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~ zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4? zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_ z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0 zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c* zf%K?j6 zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7? z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_ zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup` z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB( z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726 zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&

    f9O=Y|r&X zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76 zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$ zV&lWc!XgYl zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj? z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!; zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@ zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A( zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_ zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1} z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7 z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ& z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4) z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W= z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0 zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+ z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{ zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4 z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1| z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7 zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P zk)xf&%Op&N(>0FvfgO_NnuO$B!v zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x zj=qm!iqIY6GHa`e543L>Cwi~ zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@ zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q< z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ| zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^ z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;- zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq= z1{F@AY zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^ zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2* z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^ z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2 zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3} z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S! z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc& zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$ zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X; zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO zbXhh9)Tp{?M^Q6#O3 z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6 zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C; zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S& zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI( zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)> z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&< zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM* z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$ zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2 zs(+b*m>iA>{tRt5CI;abM z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0 z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@ zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@ zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g! zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3 zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN! z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2 ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?- zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_ z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8 zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+* z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU z8CBPxf=0B|p1yd6yuF=@-7e(EP zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!| zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@ zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_ zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3 zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$% zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~ z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV zC>N5m7 zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$ zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z! z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1 zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>( zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{ zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76 z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y% znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff> zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS! zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9 zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3 z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF) zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9 zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH| zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA zUDk(8X#rD`%?`=s--AAoMOEoe*G= zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj zoadaGIWu#n+FdP|8Hm; zE%Av0; zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0 z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^ zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q! zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo! z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6 zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM( z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^ zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm zhrLy8+3h+ru>puq zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+; zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+ zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0 zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%> z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64 z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@ z5CgQG zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX( zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6 z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9 z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7 zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth= zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx- z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(< zZHmSLFf{;~WDBT)k!y^){Z^Pj( zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4 zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b- z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+ zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~= zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57 z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=> z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00 z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U| z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e& zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0 z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h< z-`OJt@15d0>w=@_ak?n% zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp- zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71 zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz% zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&; zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$ z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9= zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc< z0FaeC%M&m!!1QqUC= zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i= z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0` zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<% z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6 z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_% zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS( zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4 z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@ zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{ zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW* z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH# znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5 zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb) zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~ zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2 z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U) zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^ z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V* z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<| zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{ zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~ z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9 zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9 zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+ za%`A!W$^#Vo>9ahd%P6_2?r< zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO zRb)-I_5?N15D}&D z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n# z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225 zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6 zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK< zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h> zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u# z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6 zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5 z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z* z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^= zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6 zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+> z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@! z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^ z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw) zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*? znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b! z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR= z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3 zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi< zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+ z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~ zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^( zRUUP_HMg3Kd;&LU zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)! zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^ zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY< zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2 zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v( zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz? zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#} zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0 zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j- zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$ zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+ z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R zN88hR;yr#8kp9`3k z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly* zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p& zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^ zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S} zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf` z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&` zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0 zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM znEH<|52ldwH~f;ZWplsP&! zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!! z?Stu)`2kmoPpt4P z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3 zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2 z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_ zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW< z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~ zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d- z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U% zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~ z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?= zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q< zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?- z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5 z$Ef=^@1N6m%~G}vR?N`fsvOY z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86 ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3 zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7 z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4 z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1 z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j! z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2 zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0 z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5 z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc? z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>! z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2= zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{ zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7 zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2 zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_ z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I} z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$ zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^? zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;= zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT? z@lyL)BtM~` zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T& zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf} z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo} z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^ z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1 z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f= zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~ zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2 zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_ zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD( zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9 zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+} zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M< z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0 zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4 zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$< z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%- zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn* z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M; z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6! zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^ zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6* zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6 zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6 z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V} zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE? zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{ zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF) zJea8flNt3`8$Sh?i zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3 z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0 zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2 zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{ z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4 z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$ zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T- z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*( zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv- zcA_nm-A(y}bk${+k03Kz8(;}(rA5e% z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu z7$T}%#wdubl7PvXEC$9A`fXTTz z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx( z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~ zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9} zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5 z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@ z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1 zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9# zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~ zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1 zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8 z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+) z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*; zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j( zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66< z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W? z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E< z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1 z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1; z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc zCaLhwI>k*?|72-@S`m`kpMR;)frMy z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$ zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N zn68z%^18x@mnT= zRfcbeVUKA@?9YH3 z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+ z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3-> zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+ zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f; z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55) zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2 zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<< z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV* ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$ zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W% zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8# zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1 zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8 zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+ zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^` zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~ zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99} zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn( zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1 zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{% z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO; zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2 z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^ z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_ z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@ zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA; z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i? zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1 zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5 zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90 z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{ zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;= zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1 zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&; z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5 zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{ zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O; zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN| zcdtix`R{3C#oi;=@Pw`26t|GA zykve3@xwk2%f$4he` zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$; zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_ zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0 z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7 zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87 z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%) z@F?aibz0Mw%0t5Z}LO zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD< zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2 zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~ zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1 z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{ z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS) z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k? zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;= zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$ zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm? zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R( zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8 zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_ zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N% zsP#>Dw@y*D;bu5hlInyV z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#& zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-# zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic! zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$ z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*) zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{ zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6 z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL zpla1CsXk!K%uR6HOo zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{ zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_ z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`; zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR z^YL#fI5?r<07@VCw6 zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@ z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2## zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z- zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8 z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0 z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+ zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3 z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9 zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8 z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@ zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2 z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li* zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX? z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_ zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5 ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl% z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@ zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3 zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>` ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@ z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3 zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1 zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2 z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf( zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{ z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~ zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN zcVtZpKU81Yj9}4jS6Ui@=kH44nV zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+ z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$ zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm` zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0 zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn| zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29 z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl( zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($ zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8 zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2# zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3` zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff< zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+ z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0 z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~? z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6 zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6- z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3 zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2 zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$# z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^ zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi? z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R! zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v) zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I` zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0 zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK; z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq! z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)` zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$ z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2 ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b zHM33B?dEDs{ziu{MlgYz6PRP706!u)~ zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+ z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu# ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{ zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42 z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9 zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P> zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh= zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^> zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM z(3FX8UY?_PJ>)npV;r^q6c z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{ zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8 z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-% z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH! z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C( zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{ zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{% z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+ z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8( zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB? z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-? z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv` zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**` zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe> zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@ zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7 z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_ zWRr4|Y&= zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~ z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@ zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX* zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1 zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^ zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c* z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_ zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX zYF7HtY%%r(o_qKRxJq+vSgClH*O zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@ z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV< zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$ z{-G zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c% z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{ zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3 zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+# z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${ zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^< zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7 z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@ z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19 z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8; zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1 zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8 zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C< zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r? zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L( zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7 zK-L$^6@lXh*wC&1gRJtXcz}qG7^p zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5 zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR z(qO>8_hR!rh>K)gUuR7sc0LP(HIy z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@ z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6 zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN; zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44 zfIdkV;fI};GIMZ$^@ z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_ zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{ zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}- zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f# z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@- zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM! zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@ zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}! zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^ zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1 zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+ zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X> z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_> zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5 zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$ znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^ zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5 zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|) za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_ z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{ zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe} zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+- zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_ zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~ z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3? zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8 zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be? z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+ zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~ z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^ z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_ zI$*W4zS z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU; z^U#|)77d07cru!MQ;m$+BXj}4 z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h` zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm| z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY z+gw?kdB3&W7kIbP8kZr zp>TOf$J#OVI|LcyGOPCW09#Iz| z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3 zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81= z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0 zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7 zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6 zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9( zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{ zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0 zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5 zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7 zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~ z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1 zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$ ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0 zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q> z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X zE=tAW+RSnx8tk$9GwZerClqM6+L(sW zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~ z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{) z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`) ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10 zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X! zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP; zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0; z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f? z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk zZ?wc#s-jxpf2S ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1 z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3 z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D! zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c` zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd# zfr2G|S zLNl#Bd3uquWxtP zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;; ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX zgt`3uv1I=IP9&X{-Twe zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_ z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~| z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5 z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H z192%m$6mNljCvo{UB8y;tSyg2l z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$ zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7 zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr); zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_ zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp* zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}& z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2 z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-! zXrnglHa1we*AFywd@^8Nr1g{f zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3 zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F< z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr( z&E_I_Zvu@aTYFa!Szoa zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF` zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1 z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62 z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8 znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@; zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$ zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_ zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR; zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~& zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^ zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`> zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5 zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x zouyUEP72U)&EcaXr1IMjXH%FIk{-- zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP? zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi zh5nG*o2%KiyLK}FG!>y;xi^C zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T| zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07 z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53 zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9 zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF& zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96 zS@TrMwCDBoK3Js z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS* zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y zMqcE^G=FoN%+&Sjb4 zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$< zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{ zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_# zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp! z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5 zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz= zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9 z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c; z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@ z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5 zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y> zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX| z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~ z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5 ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi zLh0gT0sS93{&S_DbCcZf zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d` zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee( zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ? z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_ zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum# z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~ zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@? z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F) z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2 zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH zD1Ajhe^wYqzzp3Nj zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5 z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~ z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4 zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7 z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_ zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@ zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$ zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#< zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA? zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE- z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~ zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x) zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX) zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r

  • GXiQ zlP@hldsxP3k)#Y@C z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@ zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+ zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@ zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|= zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw* zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^ zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I; zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H? zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7| z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@ zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5< zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f= zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0 zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1 z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7 za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y) zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc> zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7? zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1 zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9 zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I? zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1- z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s! zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~ zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$ z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$< zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$ zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6 zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+ zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS` zuyfQKZtDb>TzU}7b%`$>g~^fJovA21- zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z; z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4 z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2 zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8| zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS| z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}`` zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00 zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3 z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;- zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H& z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~ zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_ zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD z>&hdPuVJjXGWc zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$) zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92 zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i zu`>Jt_JrQ+bhdP-_mV|!+Pys_ zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^( zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N= zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk| zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B zj1!OV&Bhs-$wjyf`@Lx zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H- zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7 z@Ma+vZSB(1in9<`Rv}4F z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+ zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5 zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c| zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs} zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^ zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}` z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)> z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w> z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5 zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0 z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8 z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@! z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+ zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$ z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@ zAvW5Iq~yb@6K0s z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG! zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL! zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj ze^1(?^EZC6x-zJ^DilmFxQoFvU# zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{ z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50 zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK- zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6 z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua) z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08 z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$ zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY= z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1 z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4 zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4 zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^! zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ% zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA# z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN& z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4 z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+ zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a> z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH= zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0? zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($ z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9 zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og zF?buI5J_K*Endt4lt^{seD1Sj z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$ zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq) zxRSlcZefdKxgDLL!icY*9Le;Q z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1 z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0 zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w% z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_ z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)& zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU; zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc zo*iuGE8h2&Ebw00&WO6`-$ zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+# z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_! zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk! zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5 z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$ z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9& z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki% zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN( zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X zS;$GWZvDLhfi?!u+AP@~~Q2>*s! zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0 zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn# z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0 z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+ z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg= zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{ zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$ z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx} zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5 zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL z09+V;O_K_(FB1iEwr*S3`o0nCAg znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf% z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0 zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H` zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`% z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)! zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj! z66W9a;O`8pY}E(mLN* z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;> zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2 z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b> z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^ z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+ zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9 zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN& z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32 zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{ z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c) zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$* zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6 zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI- zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw) zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX* zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2 z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8! zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@ zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2 zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9 zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7 zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c< zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*= zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs( zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4 zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8 z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c) zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O zvlE^XY*<%7H zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$ zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@ zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9 z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3 z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+? zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz- zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~ z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy ziuNyzx;9F^o=;a%zcc3F4F%aEN* zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ zPxPpcu9+u7hx#OLOSIT zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58 zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1 zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{ zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1 z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=* z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9? z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_ z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j? zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f` zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2 z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s) zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4 zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4 z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2 z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS? zkG+HoO>7zXM%vi6cy3WoY{~H0 z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq- zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H; zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8 zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4> zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(< zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB z$dnU_wtxfd=b+<&3!6+C`ew)D32 zyVwKFqa90LEwLH8j%%wUOJRO93!f8@} zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0< z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K( zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3 zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{ zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51& z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^! z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4 z*gq(bMF+lqj8K>x^ie| zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua% zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf* z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0 z^&?q24n0tn7*ZtZP4wezK-ijA zInvF`ARW=6tt@l$V;_hdl8Ohs6& zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2 z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8 z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^ zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$ z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9} z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3 z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*) zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+ zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G# zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev< z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~! zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj- zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq? zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@ zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c- zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42 z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`* znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh! zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9 zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^ z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g zskUSSJ z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~ zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn) z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{ zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~= zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0 zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907 zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi| z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5 zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1< zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9 zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q? zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55 zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@< z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_ z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74 zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y z3v1j`i%hA#2gzna#+ zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9( zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@ z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$ z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71 z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$ zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7 zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP( zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql zSf)?V@n9;NH}8@=&j#^es3 z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq> zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?< zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7 z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^ zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ? z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~ zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51 zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^; z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~ z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq% zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+= z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue? zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-) zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0 z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1 z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6# zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4 zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%- zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q z)a!MmXxxbMpp8%xuxm{XM6hn?| z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5 zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{ zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc zmsGx7eNwbs@ zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2 zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2 zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX) zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9 z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y> zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ> zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3 zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A znh)nlr@EoM2I zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL) zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v# zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z} zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3 zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS= zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7 z@BwzRDw`(D!O~a1#YpSQ=r5(Sf z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_ ze1C>^P|6DC}EtAYP&;J+I9 zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ zoH;Ag>&eXa`egUT$A#?y;t>7^8CG> z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)% zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ} z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5 z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$ z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672 z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1 zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`| zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS= zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75 zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03 zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL? zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7 zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$` zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf= zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI` z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{ z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8 znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{ z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5 zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o- zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$ z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@ z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw ztb~NfltC* zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH! zFsd*10#Acm;ni?2^uoii7emq<8 zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h- z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4 z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0 zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;> z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7 z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q# z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~ zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<| z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee! z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7 zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92 z8C*I(WR~9})ac_63>0=x>dGLwges#o< z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`& zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2 z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4 z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+ zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F z0bdO6H#g>i&jk4O z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$ z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9 zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$` z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$ zcC>*z^Z2iKxcw zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq) z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg zZt$((<{whQ!Ot&W3GlA}^zUy9 z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2% zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j< zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{>< zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR< zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c) z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(| z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6 ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N< z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1 zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^ znh^X_lNGT zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o& zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I= z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_ zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc` z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU zWtagBp z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1 zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3 zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+ z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^ z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>> zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix% zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6 zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1 z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13 z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}< z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6 z01SP8e)(F2) zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ* z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6 z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE( z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q| z6x?qv8Vr zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ< z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5 z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV zG4=}I^Z!0?7v zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE| zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8# z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a! z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T> zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8 zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G} zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^ zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21 z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0 z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT> z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1 zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{ zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{ zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl; zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97 zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8 zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV% z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2 z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q! zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH? zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9 z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O# zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1 zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^ z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(* z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4 zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL zYKoesW~f!*gP5o(kg zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw- zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56 z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4 ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R} zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks> zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr( zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#& z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l* z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u? zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$ zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f` zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~ zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z! zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI= zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h& zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5` z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7 z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>% zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}% zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d` zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl zTOW@rX?LOjv$Sf<#eA4HP()bbD z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7 z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4 z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-% z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD& zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R! z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-) zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9; zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{* z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz= z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv; z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i( z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;< zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4 z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj} zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N# z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E( zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ= z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB| zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN zMdLjA2EdwyC z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7 z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+ zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5 zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$ ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~ z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^ zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp( zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+` z36T>A!y@f|f9w}%68d*|zMC z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8 zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8} z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx& z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb zL`)GO9>*cCKu9*inMk1BawFA{5F&=- zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z z5u!-bv|7lhlLJ# z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j# z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+ zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b| zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}! z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i` z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa z%9pUoL7dTAsLOyb0`{ zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9 zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2; zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^ zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^ z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l- zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_; zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7 zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T= z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f> zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0 zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&# z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l> zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr| z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;# zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9 zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK zEezy2H#I1c5 z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS) zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM* zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+ zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX} z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f% z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI- z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@ zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky- zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88 zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56 z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96 zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}} zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha! zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5 zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a< zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+ z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4 zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS zQN#KL745Mqlj(~)>MPtYwR! z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks| zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9 z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18 zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL! zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9 z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{ z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$ zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C% zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb( z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty( z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{ z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0 zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_! zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$ zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}( zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I& zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0 ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx> z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF! z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0 z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r# zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_ zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg? zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr zLAnv9ucGO5`azsp=>zVe#S76ngB ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1 zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~ zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS} zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko( zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7 zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_ z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$ z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu} zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F& zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5& z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_ z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$ z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna zE9eP@$U>0Fiqx zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1 zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B znVBa2 zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP| zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=- zxizS*X(}o-Y#sDj1G~Bk zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d? zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y z^^dxpt%JN}lT z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+ zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T= z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+ zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj- za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW} z%}`rrT|#}Lx6GGv7*4Ta-q65vql zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ z6Y;T4let(SXmU zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0 zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3 zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV! zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{ zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV& zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@ zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8 z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1 zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie& zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz zvxQQ`CM;-Fea9NJb;v)BiE9m`( zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD= zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK< z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1 z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m zimj9K5%k2hiKJ(>y2iHz z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr# z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3 zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~ z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?> zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+ zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^ zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?- ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0* z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW% zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN% zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&; z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj# zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@ z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW> z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_; zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4 z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2 zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a& zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4 z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8 zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X z1kDkemuJq1VqVxQ9@ zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_ z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6 z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2> z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521 z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H zFWc7@jC#L6C`G*n{Z4K>-d zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(& z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-% zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj zo8ci4w%w%3$v(@vGf z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY% zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj zoN z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+ z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme; zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3& zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(& zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@ zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F& z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5 zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{ zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe| zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$ zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9 zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6) zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J! zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3 z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@ z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f# z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^ z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8 zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@< zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI zTsjo}34UkxG8^M= zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4 zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_% z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE- zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+ zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy} z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow; z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@ ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8 z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+ zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^ zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR) zSvG!NC11zb;m;94Y2 zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82; z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U- zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9 z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9 z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l( zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc* z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|& z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V zSWP5u?v*CC!!GIFixRb9{4 zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@ zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8` z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+ z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4 zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+ zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^ zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{ zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{ z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C( zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_ z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{ z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@ zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3 zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$ zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~} zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_ zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$ z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5 zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9 zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm! z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4 z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g> z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV} z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-= z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3 zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~ zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8 z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr) z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}- zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$ zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7 z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`< zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$ z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9 zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG& zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{= zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^ z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4 zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP) zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9 z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8 z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*= z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1 zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ= zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8 zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h z&uJ7fjq5oj0(nmV6e0c^FJbG|xG ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt| z{2nWySqfJVPfH!#d}sov25u^Zy*4 zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP| zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y zgE1c?+zIF^g(F?^N_ zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~ z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc( zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&& zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@` zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k> zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9 zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85## zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_ zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95 zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}? zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X= z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW| zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ; zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6 zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6> ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7 zgsg|#6`0vcj6;!*!a zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@ z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#= zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN& zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2 zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9 z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i zc_xuE4gk<5C5JASX zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@ z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80 zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6 zFv5T8 zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0 zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{ zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A` z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl} zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~ z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7 z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww= ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P| zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@ zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2 zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D z%Le8tzm zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL# z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8 z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE& zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6 zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof zHqh_%*`tt=rOHGOoiQZH2 za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$ zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6 z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$ z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4 zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^ zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7% z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1 zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0 z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9= zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o; z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu zCrEvTL{OyB3= zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf) zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL< zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$ ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(# zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~ zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7 z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3 zi{7Uu04wcthJxT#0+ z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<# z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~ zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2 zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9 zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%> zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7 z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(| zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU# z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM? zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6 z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag! z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a? zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8 z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8 z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(< z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_` z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@ z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%? zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_ zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{ zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~ z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9| z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9 zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2 zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3% zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L| zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4 z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0 zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM> zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W) z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{ z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8 z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh> z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc= z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+ z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1 z+*r-jM$b;b^@4(e(sPeEBV56(sEAl zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~ zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{ zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB( zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi= zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L> zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv| zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{ zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l z1XM>bmB@!9%EA6jM% zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7 z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb z+W-Ugyxf zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg= z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6 z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ= zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2& z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@ zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`| zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^# zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ# zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^ zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<# zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$ zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx> zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU zROSw8Rf5LI3$k)bnJ zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~| zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+ z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU< z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^ z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5 zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0 zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g* zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^ z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41 zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0 zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w= zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^ z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^ zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0! z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs) zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-* zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6 zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{ zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l% zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX- zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w zKxU3@S50l;iKu-_-iMBh+ z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5 zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4 z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h zbTEO5o9o_#L2xUQHNE1oMdK z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y? z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89 zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?< z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*( z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr- zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43 zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU} zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{ ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io| z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA} zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0 z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-| z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF; z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2 zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6 z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r` z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^ z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7` zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1 zv?7t5q>i`5NJaT|+lf*hO zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV! zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9 z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S# zNs*O)3OA^%>C8R zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7( z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5 zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3} z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d z7l2hI0R3{aOh_$%3N zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?; zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$ zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@ zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm} zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9 z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u= znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{? zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v zd$40Sn*Bn`SO>&L z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3; zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0= z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}- zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8 zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8> z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9 z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{ z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0 zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{ z@H>Ad9Yu`U%P@H!zOhJ`gj)L zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^ z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#; zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@ z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+ zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1 zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^ z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@ zEPR63QATjyGgLmYuR*Wz@WZtGle z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9 zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW| zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0 zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@ z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6 z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH& z5O-&sZh1gZYfC(q#X#lpA zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+ zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{ zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5 z@eP8SH1j__b4Q@`FBG3BQ%# zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP* zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2 zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)? zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8 zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5 z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0 z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{# zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC| z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p} z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3 z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq zXjtt@Gcczwc*n6vh{)ft zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB- zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i} z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g; zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-| zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3 zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40> zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{= zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8 z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^ z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_ zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs zMM9R{TbmfVa06g;~50RmB;r&-g63 zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^ zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7 zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX zOoMW@!}3b74=bGudt&wD z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6 zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n` z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>| zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@ zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1 zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ zrxtE`8Jn~^=yBsi7V zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl zKk6$8X{Cj7hbzpP(pq zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc| z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R zEiRz8&{Z__3c09V z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_? zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO? zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9 zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3- zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+ zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97 zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(= ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r? zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+ z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^ z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C< zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1 zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg; z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v) z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw; z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_ z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B`` zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3 zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6 zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp> z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{ z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9 zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^ zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0 z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6 z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7 zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>` z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6 zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9 zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9 zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8 z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4 zEmU)gF5R3MSN~h{?3!Tx6OKG z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6 zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35 z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8 zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H& z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~ zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2) zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6# z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8 zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2 z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD) zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^ z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-* zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~- z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;| zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$ zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0 z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho` z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@ zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b| za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG< z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu} zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c% zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6 z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8 z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy} z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2? zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE* zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6 zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1 z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@ z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7 zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP; z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba> zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf z6L$0$DADj6tq zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg! zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+ zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$ z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x` zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$ z2X>rno(N1#2-F1DmdJ;>Iut&Y+ z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?| zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%} zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6 z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$ zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{? zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44 zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W* ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^ z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0 z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9 z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc zzKKeu_y0p$Z0SV^6X z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733 zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y* zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@ z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3 z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~ z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d& zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_< zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES> zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl# zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#; zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$ zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS> z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN! zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ? zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg- zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0 z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51 zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9 zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5 zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4 z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah- z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7 z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3 zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8| z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7- zgFi;mzTg7Ul}xs_y)Q#nSguIV zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;! zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_ zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6 zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1 zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8 z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8 zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3< zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W* zxi$9e!yw#mmX_1`qQl|CeWKlXu z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o- zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9 z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9} z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx} zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_% zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G( z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y* z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl- zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$ zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0 z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV` z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5 zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3 z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d zWLJ1_I3AhUa*H zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO? zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+> zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+ zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^< zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9 z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2 zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8 zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu< z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^ z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+ zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_ z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{ zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8 ze~j#V#-Utqmu_r?m6yHIoF-5QiX z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F zQkd}`ih)!3#kf=v)k zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z zjThKgQQCs)W>fRK~RA~_W;magXG-6 zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T& z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$ z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D= zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1 zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p! zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$ zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf? zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2 zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U? z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw! zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K= zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P zS(&Q-96nd`H{x@)zYU*j_`lXd z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+% z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@ za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7 zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP zx*!|gse z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601 zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@! zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f) zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p& zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+ zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7 zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`! z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7 z*=PgEB6nW3nAKm}pLWJ4GT+c$ zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4 zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^ zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0 zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg z;e z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0 z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0 z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1} zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu& zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F< z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@ z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3 z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn} z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t( z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6 zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$ zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^ zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$! z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs- zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32 z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$ zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4 zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN! zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{ z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<

    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+ zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^ z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l> zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)= zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{ zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+ z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<` zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57 z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9 z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq% z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq z@jEXM{hvV3;7J@u8Zc zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9 z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6 zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2 z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc= zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7 z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d z;*gP@?GHtQYxxNg z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10 znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4 z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O? zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5 z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5 zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_ zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN< zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3; z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9 zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6? zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l< z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#? z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{ zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i& zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql zX7m@s4nv-0g6nvh;+>Cf20brlC| zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ) z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5 zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4 z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho! zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M z;0vHX{08`2zNEuwaZJu2Lrzo zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_ zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT= z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>; zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6 zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7 zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5 zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck< z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7 zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i% z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF| z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@` z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk& zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6} zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE& zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh-> zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u( zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^? zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV& z%Ru{XF;!{pTh^h z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(; zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt| z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4 zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1 zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6 z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8# z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4 z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!) zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p> zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7 z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9 z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui- z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6 zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5 zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$ zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS! znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx= zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33 zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa( zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5 zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3 z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1! zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX} z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e> zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3 z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2 z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*` zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5 zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~ zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0 z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+ zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin zZVSl9pDHQJSmA^3fXqy$ z#6D1%ucTNDzqx|CN-TTU~J z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv) ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+ ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$> z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+ z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3 z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~ z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ z=KRaB1uy1m4ICu^#gQ8px}*VQzC~ zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?} zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4 zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9; z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt zjX>h3S}r`u24jk9Gua?a zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ! zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7 zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5 z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3 zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@ zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5 zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8 zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9 zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN> z`Eto#aG_A{WG!Y*X>+F z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC zi-MnL$E!4771L*0eCo5T#sG;@e`> zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8 zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_ z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9 z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{ zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%< zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF? zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=< zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a} zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^ z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f} zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0 zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|; zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9 z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~ zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2 zE^8 zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm% zo81J!so>f2kPW%wSxUF z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9 zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q zgoHb&^yUyv6vm=bW4ekN6i!a(nM; z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46% z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z zRCU_2j8ExizVu#k-Mc4tIw- zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5 zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<} z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99 zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5 zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-= zZoh!)XoW0LsOg5RLOWTt1mO`!Ob z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$ zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~( zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2 z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G( zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{ zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@ zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq; zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4 zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK z{GOnp1-D9ERM!qlAHZU?zO( z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@ zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV} zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82 zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+ z2SCA`T$}4X`*{kL19oQyA zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{ zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~ zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K* zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^ zx?K9B8s!UYp9YZaFzh3MJkT zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@ zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?` zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)& zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K= zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@ zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+ zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0 zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO zzM`1zE19resFtDyj5KM4o{82T zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4 zI@8_sLp7%?V~w@kz;d#6i$djLRuK z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$ z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6 zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF# zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2 z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN> zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4 zfB;YChQH2ID!7Z{{JK{g-PdZ zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^ zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J= zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI! zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7) zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_` zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~ zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6 zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0! zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y| z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3 zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1 zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78? zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure| z*Y+0$i|u!;sr{yLj^{{9nq`6KwT z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0 z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q z(soWpHQ}8jb$z zx6%`5 +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "cppbor/cppbor.h" +#include "cppcose/cppcose.h" + +// static globals. +static std::string inputFileName; +static std::string outputFileName; +Json::Value root; +Json::Value writerRoot; + +using namespace std; +using cppbor::Array; +using cppbor::Map; +using cppbor::Bstr; +using cppcose::CoseKey; +using cppcose::EC2; +using cppcose::ES256; +using cppcose::P256; +using cppcose::SIGN; +using cppcose::bytevec; + + +// static function declarations +static int processInputFile(); +static int ecRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& secret, + std::vector& pub_x, std::vector& pub_y); +static int processAttestationIds(); +static int processSharedSecret(); +static int processSetBootParameters(); +static int readDataFromFile(const char *fileName, std::vector& data); +static int addApduHeader(const int ins, std::vector& inputData); +static int getIntValue(Json::Value& Obj, const char* key, uint32_t *value); +static int getBlobValue(Json::Value& Obj, const char* key, std::vector& blob); +static int getStringValue(Json::Value& Obj, const char* key, std::string& str); +static int processDeviceUniqueKey(); +static int processAdditionalCertificateChain(); +static int getDeviceUniqueKey(bytevec& privKey, bytevec& x, bytevec& y); + + +// Print usage. +void usage() { + printf("Usage: Please give json files with values as input to generate the apdus command. Please refer to sample_json files available in the folder for reference. Sample json files are written using hardcode parameters to be used for testing setup on cuttlefilsh emulator and goldfish emulators\n"); + printf("construct_keymint_apdus [options]\n"); + printf("Valid options are:\n"); + printf("-h, --help show this help message and exit.\n"); + printf("-i, --input jsonFile \t Input json file \n"); + printf("-o, --output jsonFile \t Output json file \n"); +} + + +int ecRawKeyFromPKCS8(const std::vector& pkcs8Blob, std::vector& secret, + std::vector& pub_x, std::vector& pub_y) { + const uint8_t *data = pkcs8Blob.data(); + EVP_PKEY *evpkey = d2i_PrivateKey(EVP_PKEY_EC, nullptr, &data, pkcs8Blob.size()); + if(!evpkey) { + printf("\n Failed to decode private key from PKCS8, Error: %ld", ERR_peek_last_error()); + return FAILURE; + } + EVP_PKEY_Ptr pkey(evpkey); + + EC_KEY_Ptr ec_key(EVP_PKEY_get1_EC_KEY(pkey.get())); + if(!ec_key.get()) { + printf("\n Failed to create EC_KEY, Error: %ld", ERR_peek_last_error()); + return FAILURE; + } + + //Get EC Group + const EC_GROUP *group = EC_KEY_get0_group(ec_key.get()); + if(group == NULL) { + printf("\n Failed to get the EC_GROUP from ec_key."); + return FAILURE; + } + + //Extract private key. + const BIGNUM *privBn = EC_KEY_get0_private_key(ec_key.get()); + int privKeyLen = BN_num_bytes(privBn); + std::unique_ptr privKey(new uint8_t[privKeyLen]); + BN_bn2bin(privBn, privKey.get()); + secret.insert(secret.begin(), privKey.get(), privKey.get()+privKeyLen); + + //Extract public key. + BIGNUM_Ptr x(BN_new()); + BIGNUM_Ptr y(BN_new()); + std::vector dataX(kAffinePointLength); + std::vector dataY(kAffinePointLength); + BN_CTX_Ptr ctx(BN_CTX_new()); + if (ctx == nullptr) { + printf("\nFailed to get BN_CTX \n"); + return FAILURE; + } + const EC_POINT *point = EC_KEY_get0_public_key(ec_key.get()); + + if (!EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key.get()), point, x.get(), + y.get(), ctx.get())) { + printf("\nFailed to get affine coordinates\n"); + return FAILURE; + } + if (BN_bn2binpad(x.get(), dataX.data(), kAffinePointLength) != kAffinePointLength) { + printf("\nFailed to get x coordinate\n"); + return FAILURE; + } + if (BN_bn2binpad(y.get(), dataY.data(), kAffinePointLength) != kAffinePointLength) { + printf("\nFailed to get y coordinate\n"); + return FAILURE; + } + pub_x = dataX; + pub_y = dataY; + return SUCCESS; +} + +int getIntValue(Json::Value& bootParamsObj, const char* key, uint32_t *value) { + Json::Value val = bootParamsObj[key]; + if(val.empty()) + return FAILURE; + + if(!val.isInt()) + return FAILURE; + + *value = (uint32_t)val.asInt(); + + return SUCCESS; +} + +int getStringValue(Json::Value& Obj, const char* key, std::string& str) { + Json::Value val = Obj[key]; + if(val.empty()) + return FAILURE; + + if(!val.isString()) + return FAILURE; + + str = val.asString(); + + return SUCCESS; + +} + +int getBlobValue(Json::Value& bootParamsObj, const char* key, std::vector& blob) { + Json::Value val = bootParamsObj[key]; + if(val.empty()) + return FAILURE; + + if(!val.isString()) + return FAILURE; + + std::string blobStr = hex2str(val.asString()); + + for(char ch : blobStr) { + blob.push_back((uint8_t)ch); + } + + return SUCCESS; +} + + +// Parses the input json file. Prepares the apdu for each entry in the json +// file and dump all the apdus into the output json file. +int processInputFile() { + + // Parse Json file + if (0 != readJsonFile(root, inputFileName)) { + return FAILURE; + } + if (0 != processDeviceUniqueKey() || + 0 != processAdditionalCertificateChain() || + 0 != processAttestationIds() || + 0 != processSharedSecret() || + 0 != processSetBootParameters()) { + return FAILURE; + } + if (SUCCESS != writeJsonFile(writerRoot, outputFileName)) { + return FAILURE; + } + printf("\n Successfully written json to outfile: %s\n ", outputFileName.c_str()); + return SUCCESS; +} + +int processAdditionalCertificateChain() { + Json::Value signerInfo = root.get(kSignerInfo, Json::Value::nullRef); + if (!signerInfo.isNull()) { + std::string signerName; + std::string signingKeyFile; + std::vector previousKey; + Array array; + + if (SUCCESS != getStringValue(signerInfo, "signer_name", signerName)) { + printf("\n Improper value for signer_name in json file \n"); + return FAILURE; + } + + Json::Value keys = signerInfo.get("signing_keys", Json::Value::nullRef); + if (!keys.isNull()) { + if (!keys.isArray()) { + printf("\n Improper value for signing_keys in json file \n"); + return FAILURE; + } + for(uint32_t i = 0; i < keys.size(); i++) { + std::vector data; + std::vector privateKey; + std::vector x_coord; + std::vector y_coord; + + if (!keys[i].isString()) { + printf("\n Improper value for signing_keys in json file \n"); + return FAILURE; + } + + if(SUCCESS != readDataFromFile(keys[i].asString().data(), data)) { + printf("\n Failed to read the attestation key from the file.\n"); + return FAILURE; + } + if (SUCCESS != ecRawKeyFromPKCS8(data, privateKey, x_coord, y_coord)) { + return FAILURE; + } + + if (i == 0) { + // self-signed. + previousKey = privateKey; + } + + auto rootCoseSign = + cppcose::constructCoseSign1(previousKey, /* Signing key */ + cppbor::Map() /* Payload CoseKey */ + .add(CoseKey::KEY_TYPE, EC2) + .add(CoseKey::ALGORITHM, ES256) + .add(CoseKey::CURVE, P256) + .add(CoseKey::KEY_OPS, SIGN) + .add(CoseKey::PUBKEY_X, x_coord) + .add(CoseKey::PUBKEY_Y, y_coord) + .canonicalize() + .encode(), + {} /* AAD */); + if (!rootCoseSign) { + printf("\n Failed to construct CoseSign1 %s\n", rootCoseSign.moveMessage().c_str()); + return FAILURE; + } + + // Add to cbor array + array.add(rootCoseSign.moveValue()); + previousKey = privateKey; + } + } + + std::vector dk_priv; + std::vector dk_pub_x; + std::vector dk_pub_y; + if (SUCCESS == getDeviceUniqueKey(dk_priv, dk_pub_x, dk_pub_y)) { + auto dkCoseSign = + cppcose::constructCoseSign1(previousKey, /* Signing key */ + cppbor::Map() /* Payload CoseKey */ + .add(CoseKey::KEY_TYPE, EC2) + .add(CoseKey::ALGORITHM, ES256) + .add(CoseKey::CURVE, P256) + .add(CoseKey::KEY_OPS, SIGN) + .add(CoseKey::PUBKEY_X, dk_pub_x) + .add(CoseKey::PUBKEY_Y, dk_pub_y) + .canonicalize() + .encode(), + {} /* AAD */); + if (!dkCoseSign) { + printf("\n Failed to construct CoseSign1 %s\n", dkCoseSign.moveMessage().c_str()); + return FAILURE; + } + array.add(dkCoseSign.moveValue()); + std::vector cborData = Map().add(signerName, std::move(array)).encode(); + if(SUCCESS != addApduHeader(kAdditionalCertChainCmd, cborData)) { + return FAILURE; + } + // Write to json. + writerRoot[kAdditionalCertChain] = getHexString(cborData); + } else { + return FAILURE; + } + + } else { + printf("\n Improper value for signer_info in json file \n"); + return FAILURE; + } + printf("\n Constructed additional cert chain APDU successfully. \n"); + return SUCCESS; +} + +int getDeviceUniqueKey(bytevec& privKey, bytevec& x, bytevec& y) { + Json::Value keyFile = root.get(kDeviceUniqueKey, Json::Value::nullRef); + if (!keyFile.isNull()) { + std::vector data; + + std::string keyFileName = keyFile.asString(); + if(SUCCESS != readDataFromFile(keyFileName.data(), data)) { + printf("\n Failed to read the attestation key from the file.\n"); + return FAILURE; + } + if (SUCCESS != ecRawKeyFromPKCS8(data, privKey, x, y)) { + return FAILURE; + } + } else { + printf("\n Improper value for device_unique_key in json file \n"); + return FAILURE; + } + return SUCCESS; +} + +int processDeviceUniqueKey() { + std::vector privateKey; + std::vector x_coord; + std::vector y_coord; + if (SUCCESS == getDeviceUniqueKey(privateKey, x_coord, y_coord)) { + // Construct COSE_Key + cppbor::Map cose_public_key_map = cppbor::Map() + .add(CoseKey::KEY_TYPE, EC2) + .add(CoseKey::ALGORITHM, ES256) + .add(CoseKey::CURVE, P256) + .add(CoseKey::KEY_OPS, SIGN) + .add(CoseKey::PUBKEY_X, x_coord) + .add(CoseKey::PUBKEY_Y, y_coord) + .add(CoseKey::PRIVATE_KEY, privateKey); + + Array array; + array.add(std::move(cose_public_key_map.canonicalize())); + std::vector cborData = array.encode(); + + if(SUCCESS != addApduHeader(kDeviceUniqueKeyCmd, cborData)) { + return FAILURE; + } + // Write to json. + writerRoot[kDeviceUniqueKey] = getHexString(cborData); + + } else { + return FAILURE; + } + printf("\n Constructed device unique key APDU successfully. \n"); + return SUCCESS; +} + + +int processAttestationIds() { + //AttestIDParams params; + Json::Value attestIds = root.get("attest_ids", Json::Value::nullRef); + if (!attestIds.isNull()) { + Json::Value value; + Map map; + Json::Value::Members keys = attestIds.getMemberNames(); + for(std::string key : keys) { + value = attestIds[key]; + if(value.empty()) { + continue; + } + if (!value.isString()) { + printf("\n Fail: Value for each attest ids key should be a string in the json file \n"); + return FAILURE; + } + std::string idVal = value.asString(); + if (0 == key.compare("brand")) { + map.add(kTagAttestationIdBrand, std::vector(idVal.begin(), idVal.end())); + } else if(0 == key.compare("device")) { + map.add(kTagAttestationIdDevice, std::vector(idVal.begin(), idVal.end())); + } else if(0 == key.compare("product")) { + map.add(kTagAttestationIdProduct, std::vector(idVal.begin(), idVal.end())); + } else if(0 == key.compare("serial")) { + map.add(kTagAttestationIdSerial, std::vector(idVal.begin(), idVal.end())); + } else if(0 == key.compare("imei")) { + map.add(kTagAttestationIdImei, std::vector(idVal.begin(), idVal.end())); + } else if(0 == key.compare("meid")) { + map.add(kTagAttestationIdMeid, std::vector(idVal.begin(), idVal.end())); + } else if(0 == key.compare("manufacturer")) { + map.add(kTagAttestationIdManufacturer, std::vector(idVal.begin(), idVal.end())); + } else if(0 == key.compare("model")) { + map.add(kTagAttestationIdModel, std::vector(idVal.begin(), idVal.end())); + } else { + printf("\n unknown attestation id key:%s \n", key.c_str()); + return FAILURE; + } + } + + //------------------------- + // construct cbor input. + Array array; + array.add(std::move(map)); + std::vector cborData = array.encode(); + if (SUCCESS != addApduHeader(kAttestationIdsCmd, cborData)) { + return FAILURE; + } + // Write to json. + writerRoot[kAttestationIds] = getHexString(cborData); + //------------------------- + } else { + printf("\n Fail: Improper value found for attest_ids key inside the json file \n"); + return FAILURE; + } + printf("\n Constructed attestation ids APDU successfully \n"); + return SUCCESS; +} + +int processSharedSecret() { + Json::Value sharedSecret = root.get("shared_secret", Json::Value::nullRef); + if (!sharedSecret.isNull()) { + + if (!sharedSecret.isString()) { + printf("\n Fail: Value for shared secret key should be string inside the json file\n"); + return FAILURE; + } + std::string secret = hex2str(sharedSecret.asString()); + std::vector data(secret.begin(), secret.end()); + // -------------------------- + // Construct apdu. + Array array; + array.add(data); + std::vector cborData = array.encode(); + if (SUCCESS != addApduHeader(kPresharedSecretCmd, cborData)) { + return FAILURE; + } + // Write to json. + writerRoot[kSharedSecret] = getHexString(cborData); + // -------------------------- + } else { + printf("\n Fail: Improper value for shared_secret key inside the json file\n"); + return FAILURE; + } + printf("\n Constructed shared secret APDU successfully \n"); + return SUCCESS; +} + +int processSetBootParameters() { + uint32_t bootPatchLevel; + std::vector verifiedBootKey; + std::vector verifiedBootKeyHash; + uint32_t verifiedBootState; + uint32_t deviceLocked; + Json::Value bootParamsObj = root.get("set_boot_params", Json::Value::nullRef); + if (!bootParamsObj.isNull()) { + + if(SUCCESS != getIntValue(bootParamsObj, "boot_patch_level", &bootPatchLevel)) { + printf("\n Invalid value for boot_patch_level or boot_patch_level tag missing\n"); + return FAILURE; + } + if(SUCCESS != getBlobValue(bootParamsObj, "verified_boot_key", verifiedBootKey)) { + printf("\n Invalid value for verified_boot_key or verified_boot_key tag missing\n"); + return FAILURE; + } + if(SUCCESS != getBlobValue(bootParamsObj, "verified_boot_key_hash", verifiedBootKeyHash)) { + printf("\n Invalid value for verified_boot_key_hash or verified_boot_key_hash tag missing\n"); + return FAILURE; + } + if(SUCCESS != getIntValue(bootParamsObj, "boot_state", &verifiedBootState)) { + printf("\n Invalid value for boot_state or boot_state tag missing\n"); + return FAILURE; + } + if(SUCCESS != getIntValue(bootParamsObj, "device_locked", &deviceLocked)) { + printf("\n Invalid value for device_locked or device_locked tag missing\n"); + return FAILURE; + } + + } else { + printf("\n Fail: Improper value found for set_boot_params key inside the json file\n"); + return FAILURE; + } + //--------------------------------- + // prepare cbor data. + Array array; + array.add(bootPatchLevel). + add(verifiedBootKey). /* Verified Boot Key */ + add(verifiedBootKeyHash). /* Verified Boot Hash */ + add(verifiedBootState). /* boot state */ + add(deviceLocked); /* device locked */ + + std::vector cborData = array.encode(); + if (SUCCESS != addApduHeader(kBootParamsCmd, cborData)) { + return FAILURE; + } + // Write to json. + writerRoot[kBootParams] = getHexString(cborData); + + //--------------------------------- + printf("\n Constructed boot paramters APDU successfully \n"); + return SUCCESS; +} + + + +int addApduHeader(const int ins, std::vector& inputData) { + if(USHRT_MAX >= inputData.size()) { + // Send extended length APDU always as response size is not known to HAL. + // Case 1: Lc > 0 CLS | INS | P1 | P2 | 00 | 2 bytes of Lc | CommandData | 2 bytes of Le all set to 00. + // Case 2: Lc = 0 CLS | INS | P1 | P2 | 3 bytes of Le all set to 00. + //Extended length 3 bytes, starts with 0x00 + if (inputData.size() > 0) { + inputData.insert(inputData.begin(), static_cast(inputData.size() & 0xFF)); // LSB + inputData.insert(inputData.begin(), static_cast(inputData.size() >> 8)); // MSB + } + inputData.insert(inputData.begin(), static_cast(0x00)); + //Expected length of output. + //Accepting complete length of output every time. + inputData.push_back(static_cast(0x00)); + inputData.push_back(static_cast(0x00)); + } else { + printf("\n Failed to construct apdu. input data larger than USHORT_MAX.\n"); + return FAILURE; + } + + inputData.insert(inputData.begin(), static_cast(APDU_P2));//P2 + inputData.insert(inputData.begin(), static_cast(APDU_P1));//P1 + inputData.insert(inputData.begin(), static_cast(ins));//INS + inputData.insert(inputData.begin(), static_cast(APDU_CLS));//CLS + return SUCCESS; +} + +int readDataFromFile(const char *filename, std::vector& data) { + FILE *fp; + int ret = SUCCESS; + fp = fopen(filename, "rb"); + if(fp == NULL) { + printf("\nFailed to open file: \n"); + return FAILURE; + } + fseek(fp, 0L, SEEK_END); + long int filesize = ftell(fp); + rewind(fp); + std::unique_ptr buf(new uint8_t[filesize]); + if( 0 == fread(buf.get(), filesize, 1, fp)) { + printf("\n No content in the file \n"); + ret = FAILURE; + goto exit; + } + data.insert(data.end(), buf.get(), buf.get() + filesize); +exit: + fclose(fp); + return ret; +} + +int main(int argc, char* argv[]) { + int c; + struct option longOpts[] = { + {"input", required_argument, NULL, 'i'}, + {"output", required_argument, NULL, 'o'}, + {"help", no_argument, NULL, 'h'}, + {0,0,0,0} + }; + + if (argc <= 1) { + printf("\n Invalid command \n"); + usage(); + return FAILURE; + } + + /* getopt_long stores the option index here. */ + while ((c = getopt_long(argc, argv, ":hi:o:", longOpts, NULL)) != -1) { + switch(c) { + case 'i': + // input file + inputFileName = std::string(optarg); + std::cout << "input file: " << inputFileName << std::endl; + break; + case 'o': + // output file + outputFileName = std::string(optarg); + std::cout << "output file: " << outputFileName << std::endl; + break; + case 'h': + // help + usage(); + return SUCCESS; + case ':': + printf("\n missing argument\n"); + usage(); + return FAILURE; + case '?': + default: + printf("\n Invalid option\n"); + usage(); + return FAILURE; + } + } + if (inputFileName.empty() || outputFileName.empty() || optind < argc) { + printf("\n Missing mandatory arguments \n"); + usage(); + return FAILURE; + } + // Process input file; construct apuds and store in output json file. + processInputFile(); + return SUCCESS; +} diff --git a/ProvisioningTool/keymint/src/cppbor.o b/ProvisioningTool/keymint/src/cppbor.o new file mode 100644 index 0000000000000000000000000000000000000000..05ed2f9960cb6a150e2886213518076febfb1d05 GIT binary patch literal 1488864 zcmeEP2Ygh;*1tC)5?COigII#1Qd9y8(xfPhi-MwvVnJ#Ulum+J5Hv^>xP89b1=pOOTpyv)~(oZwkI8__p9Xg6|5J3cd$? zU+52j9}4{u@MEDr0hS53H~bho8a$)e+d3l@K3>NL8q3Irz@Bum?~IHFimg|!P~HEO-d;P@y{tW&=A3-5GcoK8MS57hqSRj}Ytz z>@IW#lST}uLZ6X zdcEKazzsrg6x<~EBJd@lUk1J+^s9oe151S7Eck}to4~h(ep~Pz!FL5qf$s_ZzTgLf z9}0dX_%ZMkq04}u3jLYj-+})S`g6fA1iu893tb`j6)-0B7U0)Hec&N}Ff!RWL0(KVqFu}utU4-r`cm%MU z(A|MOgzgFKCG?TN-a_{Q_7%Dx@F<~=2KE;^3>+ZzF~Eq>1A)g1eH?I*(1U@;3w;7` zh|nhjPZD~l;K_o+1Wy5;D)eyRX+ob4JVWR+fg^-I3pi5fQNYncj}aUT94B-RaJPp~?ZBl%-ywLX;9bDK34OQVJ-~Z~UIx5R==*^W2>l@N zA)y}zJ|gsT;G;r627FxTCj_4qTmgJa=#{{yg z9{7UL8-N>y-UNJ6=$C*m3;hc4RiR%4zAkhLaI?^F0N)h)E#TWizXN<%=u+T&Lcb6E zKGseW4owGlb3*Y$(_W*jVT$z@|bs6KpQnLa-%pPoY}@_Y!(<;66g{E0_gr zE%bhZ`vcnueE{%4p$`&l3v4HJdte8l4+b70^r3&fQ0QZU#|b?MI9TZ81y2wh zB6yG1-Ec7kFTZO(&@OI!*eD1*KP6@k9@NdAog}z7dUf?pJ?-RUV@B!e1 zLO%q2Sm;N9%Y}Xv_?Xa-3qApS5}y_LJSAZ(1)m1468agzXMxWNy;|^j!D7KRf@=lW z39bjeAoK>{Mxi$WUljT!;LAe40(@2I*MP4JT>{)J^c#Y20^bt)ZQwgXzbjY@d{5~2 z1wRn{5crYM9|J!Tx(xWK(4PtZ9rzESKL>sx^q0VLp(}u22^|A&5&CQ3H$s0aSPA?N zpYQScLBf6%{0aE8(7ynyg#H!yo6x@l{}B40z(0kq20FE6ZULqUohn!hm?rcdg0+F^ zLe~M-6*>g0Cv<(m2EYuVGl30-ZUk&BbQ54xp_>7l3*7?PQs_MeTLJgNXK#G=k+6LQ zvw*FI-VeCH&~1PR2z?;%Afej|wga{ox&!cFp$`EbDs)F+w$Pn`orOLOc(~AA1iJ!{ zz^5BN-6gDtU{7E#p^p^o4eTRyU%`HYM+qJc>@Rc}I6&xQfDxew0*@8?IN%_m2Lq26 z`UKz*p-&V%2{=^flYzs8K1J|U;BcW&6FePwhR|mMM+kkE;7H&op+^J92t5`!PUsxL z@q%XqCkQ5^2;M8WOz=M7{X#zg zd{F3zfDa4(2ynU3j{+YP`f=bBLO%&yA@ozgl|nxaTqX1~z-NVi4!BzA=YhpSuK}(V zdY#~U!54rVgx(0;B=n1dF9BZ``W3-ffv*YuIN=epB!*;M+pKBls?`ROt7B z?+g6_@I#?L0)8y?C%`hHKNb8;@bAEX2>m(m3!%RRmJ3}W_!TfF^cLXPLVpANR_IFL zcS3&;{6Xj+fj5`DfFMfYN4HU%pdfjeJo(A(6t29fO`mC z8<;M19bjFdL%@1M*9SHbIs=#~bVFbxp&J962;CIeOz7so7DBfK?kRLD;9f%S4ctfQ zeSuj*w+8Mf^!|cvfCmVDpx{BkwnDc9wimjC;K9H{ggzA5QRr-7C!sq74-@)uU>Bjg z3LXLMCUkdT521SkdkK9cu(!~CfPIDTCwLU_XrcQ9!$J=L9wT%FI8f+gfyW6w2sl{i z( zBlLLS*+NeMP89ka;JHFi0!|is3UI2>(*&mjX9zu0Fc+97^eo_cLeB=CFZ2b#3x&Q2 zI7jG1wJSAYQg7$#X_$U zTnk($^m^b6LT>QzP(60)<27F!U65wW`-w=Eg_?FOb3%(=xF0fSS z_kiyU{Q>Ypp+6G*82E|MWx!8`{tWncq5mQHIq(aizXX;GT><<`=ooN|&|d?;5&BzT zrO@92zZd!k;EzK81pHa(Uw~CY{|fv~=-+{V2>nmspF&pyojS6{0Hz3?3alk`8gLJx zYXj4Tt^=$qbO=~a==#70LT3Oog>DFJBy?k76QP>|n+e?<*h1)*f_nm63B4C^Z=v@A z?kjW_u(i>+edU@xJM1ojrX53sM${eVXaeKfGY&|%;Jp^pJZgdPYyR_Nn^gM=Oo zJYMJ%fJ1~n5qOf&LxCp?Jq&n?(5C{23w;{!bfM1>JX3Il;90$>jiHBE)n`h;7vl`47^3?TYbEIq*@T9}|2W_=M0;0#^wAl;BFir-7@4eg^og(9Z!^3;jH>Sm-st zwL-50t{3_R;0B>L0yhc$qTow{F9Tl@`c>d-LccCpBDh)b4Z$}B-x7RV@EyT-1xp3r z6MSFr1HlgkKN9>{@Dsr@!A}K06Z|{yA3}dF_yzDwq00p;fL{q618x!eYr$^>zZI+$ z{0{iN&_4+N2>eOtp9OyrtP=cH@HfHVfqw}7Pr*Nd)j~UUG564i)+fMJp=$}I0rwEP zwqQE2j?i_1A))I5>kHigm?3l~u%Xb6fQ^N20&FUDGhlO}TL`uU?kRLD;9f%S4ctfQ zeSuj*w+8Mf^!~s$LLUG;Q0RkzZG~N;K4#40z6dcj)K|1PC|DUJPdfa&|L(( z0*?^7n_zcf521Ss_5vO$bZ@~vz`jEF6Fdrdw9x$p!@vPTA0rq64ix%W!Q+5~gdQw- z2JlRLhDD;ENAkCfibUruixh_OaU%J}nUO;L$5V7;^&7qBWn5Q$S#ic?H$gWfv>c=p ziH0{tHioN+j-47Q99D(cO_At3NG1##!^Mcg$I85zGtXF2eB?Z&&#isrQb1namH6va z90omH7|9P;xtt}^r7c6asuqeswIbcaRT+y=vAlwcYL4Uj>Y7y|VI^u<4lMU76kZv4 zUS9DxN?e2pQ|oXUn98i@(!g^Go=Z(UWR<@b@@j;T>NkQds?9Bmja!H`CEJ%Kd!esh zMZ=b>XCvVJN*5hd(7U?2dL@nA7uQjL_B(lKcfYoAA%->PYm-Q4EWRGZYO0 z42l*+=qaCBoV@)bg$2x2)D$@(sVU_ddaj7oBQX^`|0m@q{aUn`9}A!4e2WVDa^&V! zS)74p@~0^*;3}~yOydq!0oyTvyT($^zYKd4dn?w3$T=p(_^Q-!1 zEEtcFg5un|`BhoDqbi2u$*Wjkc>POasQ4#Z7R(w_xMZywa!RfLMOjxYNl-|%U;;Fk zG!WqA_M=KrfL5<)!EkykRA54Bcm{(?D;7a+!B#{IMyUb_oV>OXy5a)1=$ci9g!*xV zp+sk)D|ST+hd}+1tRS0pZE-h(B6*S|QB*4~hzv(*q-OyQxQxpyxXgm3JP373!@x6` zlB(d>OzVplb4XD^CKqakBTQ}ywIX&*q-Zh6kzsL5GFCXyRt%GpNKw5;h?_>`6!oeb zU1OTJb~W_PvBpMzxWvUcC}}+Fu}D!7rzk{?)TkO5g{j@V{R69lb~ex#iOmV>zlrNV z9R+W4a$6?nEF6Ze#*`wBL&JEq??|06nQT&%NzZWUjDn|#CcWFRXHedG24#CJXIFer)EZ?_MqqZ__<0F>K@)0=0RNXqLNVJ zB2jZobSrg3c2IP8pzD01qdU-OP}x=*#PNw5#1Xnd`Qeq@AnBDN={hw^`e3S9V5COF zOJPdzu~iw*+p5R(5)c~eP{BpXdynH2HI^fEW2qw1@DfyLiKo2<=_E*hkb|I#-sH&@ zsc4-;G)(^FLN9fAe&Bf?B(M!?fpjL%Z5Thd{1i}v7pQW{OR}=}yUD#qWfa_~l$VFB zsYF2*_iZp?w)U@ebq7Y*qg;R5b%BsU(a$2$k97*n-)&X*aS=u8$r}wyxofj09ZTc! z1>4ptY3pJqBFY$P{(Ao*Y=}R&a z2}VmRuB6cDIz;#uJyCDv$C1TWs#qVDpv(^Ipu%hm5Noc&>^_U7sxZ425v#CE*3**i zjDBa1;8h-0?U`7$S3xLM&Ce69J&7enZXm6Wucx`W_DZC3V%=2CQ@$8-24nkhOw<=a zZZd{I9e`R>qO|O2RV12M7Ky??j1DfDAKrpK#G@8)xC+lDkq)#nhW~-b?rZ1BdOm}6 z8x^gSafPhat0F~B3XnbI&OUizt(3?Tt$c1tbs1$|H@tr$n%Z9g9aV9H=2KzDq+t= z+)}IP2I%G(V(z4vTg5Yze@|lKF_%lc%CsbsYa*E{sr^BcBAITR)G}6-kXSt1RzbQh zB8!Wp3dRLiL`{m8agm(Dme@yop<$o-yQtQX-df=rBVrSWDzQ4sCA81rLJcWq%)x2VVBy#36liC-aj3Dm>{We|E*i zc;c2oBaxFs=E1j_WoEXD;oHu7h+_5j#86-hUoi*>PJ$hL49V+JLgU=7^jeN>bMG8k$$>=k4PBgC)c~lwW zFN;bJA`^|NU|3}&IwZZuahtY`Wk3l?9qo~8MX9mdUB<3#r_SIserI0gLE4*N<>vN} z4FpdaJN(K~p>kAadL&VLFHWVm9L88Z+ZVLtKvt-&u|hN<7LI@=LM!r%(~VHzgwTw_ zh4Nly^b;A!s7C&rGAB0+k)@b1Q7bjH?d09p%?S=eX?*wiqT-YDOoWWra)Vyyk{4QS zpcx%az>Jqy!qwoispqVIjgo=&J(tC@BSqX@oFg`!=7)dDSTXDu@RfM;jm;A&!Zr@4 z@%x>5E6A*CtNuSK&q~MzBSDXGmaqL>9&1e!W;uQdIer+()O@i2;>_2lJ!(4fXyId6e~PGejI2{}(||YLOOXYMKwJJ2 zEMtpkiDW`BMe($xICx>b5cA@oLfY>{4F;nIv_aUfx&)g>Qn<_n?R|L_(bhlZ9k8=k zb2E4v*XM)zTc$x4^C63Qki&eGG!IFaT1k-x!9LM|okfH51Y(6uP%jY+he(?!WnyV8 z2}omMY%KCxl2jU`HK~!bB`gojmRw87!!!`7@rV`uC;h75QV&uIJKLgR3so^D9dCT( z<;M;u#kA{gEx0)bx$Bcm@x{`(2jW7kV z3M^&Us4mZ)ya$5g&LYwiYO7Keew51Phv~?aw8I-h*aIk+{n86~Q;D4s=(mxAU9p(j zrtnlz_9N`7d#&JcWBkIMWd)8#6VOD}CT#(X{MG1}M{nd`p7|dd`7!RIZ6Em+q{g<$ zF`WOE!9RtiWq0`Y8IMDKbxC48G764W`?1BA@2GAVkd>kv1{9AQ2F!LVKVk2V6^^z< zJ!Ql0AoJKZMIZRm3_)fE2?AyXA)@1wKA~liBO2S(@>yENDwerEv(i@BFZQ67(Y0S{ z*Pe}pXJ`#1ki!110-zhP>84~Laof*E5W^bUp`-8i3w3#C(s7J8OPyf1Dcil_TJ z>)06K;0+6Gr{XP6yMr0sKs%dqf~QXMVfqS(p>{?>P^P5_LgD@(5%j?53(R32*W=L= z2h9rRaZt3vvp1->6J19WiYHf#H(IJKsfpH>)Z}Mx>*lW?4pH|Tp>}n>{Vm&VfQSP( zjLJ}njLSMhlCn9~mdIib{Ski^xu6k+F6GcCD3r+sw3*18Q@MTQKFU`J;f<*>Ar_P} zf%_=039(=U2psrc_8bRfRjdG_=RN0!YdOT*>lcmY32*CM)+GgN#TpwLUqnO~v6>V~ z>vpW2+45hrsu^u^dHemEQZ<5pnwg8_-Hm4NXyyFy`gwEKL#p#s!?xX{>jqsY)%A!s z>H+&;^CmI6c@Lx2n*!b!CTGzs4k*qil?i6F+jrym%n^NV_j{C1ek?tRhL=?olMIWzBc3>^L?JP2vPV4m zt}DGd(rgchSE|f2+fwcr@`*5#$ZvvAL>nkcn9yKhq69@~q0f2p>r3B`?faF+9tz^?Z8dRl^d$*)i>k^-{*#6dq?Abbv`>8w)nP)J^uT2?W4fI3<{d zGLs3T+z5ljS`0LNeW1)VI2p7+_gY zr7Bdi63Z@9ovKJ--*hZ&K+`VahUZCJ^weC5)m0_lNnVLCC)SbKNsYu8gJWo3fCdrvb19ozP5Q7){psYbR&}iczP; z9o+EGdx+%j?fOy=qO0vAmuYI^Ck3F1pEtJ3uuD}nL%QyGWKkAr#}VK{J@?P*I^ zUmSWld{&e93a5d-_;p@YMvfxELe)?jR5-W<{S5`ogKC7!)a@Vg0(qwR@GUq@th;s^ zOX3u4beCp_*~Sh=ht09SL;j&RH7r;lHgvn4%0{D+%A=MQ(* zd#F^Ia*m>NwvZ0$4E8AuZ&_2WPJm&`_yicqt<m=fa2j_EgFqLz&S5>k^G`aQHHaodUi0x}U9@rCqeVgW}*C9#1%Qr;evn*dEr0 zBM|Sg+c_mWKUm1eGXcNFS0xC=S0SIrVUABR`shfdG;SFe@Z3BpAcgO2#?$jSv2LGK zy6#-5kefj2hJLQ13Anr&M9s477vOy;=C5-S7m10js3~EM(fqj)lHzJ?XQ5>6C8(P; zs!p`tNx}jV^F;6o7Cy1YfgZjb={(_hbzyIeJThN5e8+1iI*9TGUxM2bmYQ@!f0RPR z@FgK2c3(URMAt^veANfnwj-M%G|XN!3ax0KAxnJAH|0*22Eu3)o~Cgme~)A`oUUvj zw*cE3u+gLncMDQ@y?hv70M#C7+>lfmY6;Uqqs$Yyu?m)5QT`+e&S({4X_`mHR6ev@ zX>G{zb^+@0NjY!5=C9B4Z5T(8)h0-<7}CRsmL^6#^hQrZ)zg~-?F^S!(1<{5H=%c^ z{O3g{Pk~O-z3NLS+P0%oJ=F`4k12+@0@*{?$S0@Tu%aU`$_%MIS#e$UqbDniE7q|5 zZhf-`313uQR&Fv;EylB{ima**KpSGMlpIy{sz4a*J*2#&Y_S zapWCmim{cT4Ap8YZxR87hSX#pqSSmb5j-z&E6e}jR$hoGM6)7d%HXJ1Ra6U=$~P(S z9W+ToGSf+J@{*9OP`GJ+#e7mhmZL8`HZws!C#igzCgML@_-V}Oa`*H2gXOXbrJ-O~ z#xtQLBgh6_OY=)TL+vBjqR7u7HFG5 zY0)s#g{aOZOr+GdQmy&1qwFUg8rT`JF5(~$q(wef9%vx)gnAZ*H)`F(%mqQ;g& z$&+7+to;nBORO%xh$)w&y{)|b-`%`JD~6I26xg`%6>mCwVa&BGH)&6VwMQSrM+YxQ zJ64)1=&B@W0BMqLyhhqPu@c+e>otq>Lg#wjRD>y%_x-#e_ztwvV131r|M$i=KSoB# z)+u|oJ5Wi%(;O=@p%$U>RVW0GET67G9+@1Z?$lLM3+v%63s@U-V7^Dwb(n<#KZWN#j$>yWQQ8j-L8q;i%D zd%DWSQN{VSo_U^@(-4Omd(tnO^9Zb73G%0bOif-gkoF`tmLEzbTgsEvma!reVyc>-DVbY#k#0yrdZ-eJZfkLr zY&HV2eb$lJ`f|hnMwG;LhX%|xUsW*zDngd8D&p!D4@g@-Sz#cP>e%V5WQJFg#qp99 zV~6T(c)F}vI^#yQtwo+N)~3E?1i1BD8eN~o^;b5mN>{f5Du{ugdMsAoe)9ZKN{O*A zzBGVtf=@Oz7)gJbg$!w4I0$j$sK)m)&Z09vK;)uXB_j5nL2e+*4Sy&#!Q{j zqsN7#r%au4{^Y57Gw1Z^F>OXpZtnR*W=x!tJ8(*F&WtIeC$$|rb;`_K!#*%KXL9?4 zvu5Uw>(OIoE*Q@~5Kj{?$QhaIp-RF$vvS7fPMy(<>5(JH&Ys<=Q;!~FM$eo$cBD$) zYwU#4GkRzBKCqoLbH>q-XFI*dP$(68 zV!@;Mnla)nZu5;lW=R(ju zvYcL1rsif%qo(JKgWzW5kz9CQi@G841bt()~>xNW#Xy{-bk8XXQ>sqp8reh*`*GT-MP?sYa__ z?9pRJ&di({vvM4}1AFusJ#AXflyQN;k%LE$osly-HwWJ(ZFP5#9uz?;H6w3qF88Zf zo}EL#wqWqi-t zOXhL!z)j6k=Z`RdIDbr*OI)h9JCrJWhf;Ohp;Uc$C{<*KQVrRmRKs^D)u-h3M`H@^eIn}swl)A+ns+C!=>e@^5ODR#i zjSBeXs7ocCXlup;ZN}?2>~!bR%7=n!aprqL!?(2UhCHAuIB4OwJ$NMwT`;2p=}D7B zHRy;Mv3ik)25skxS}Rlkv{U)#;q(}yaZ=73I8;JePInpUk= z_C*#6HNdMKmG8SOt?PhofBHGQz#swA~4yLHAo2#7m{`VU(bOygC2b5HvUwtr|j2Wk&e-Mzu|0SAg)1X>F% zgGo@!3$jRb{aBeL{mP(~3GeIsJq!Pc(kM~ei{>eRKtI}rom6{D-U3*=sl@j|`mLk<{>9({QFQ1?%6Shywc&o8Hnn(QX zrWQqTws=vLN0&m&cqyx=Jv!K9WkScuOz52m1&^7O`>NMBK8+9bomUgqaFlLxk1r6* z>Pyzn=Mm6IX}`}?hNEn2jj1SV*IFcP!e|UxFP7n(sfy8Qo_-O(@kJBns&Z(dUntO8 zpQH|oJ8QeR+in+k_I7c1+b-_D+r=H(F76@Q#XWqxxJL!K$)L_OjDV=hU)Q^fk_@%k++jq6|>YG!tisg}gE5vtAyKs=Ic%?hU8)p7a7 zZFP;eqh(ZWZ-DEyoYY-SPu^PGrSa}PM(NlXbDX|XL6YDQZ)L1!2-Qo$f@pqJtNcO? zQY&Xnqj(|rx?*dMt#hI&wulyR)IkiQ0lG&DvC2=@840E?se!f)lFJBEonueHI=IM9 zE7{X|*3ED5Tr20zjI^)!bmnKyck%GIhH00ya^7!v7d>3lIBjt&=k_MWsd)IIdD?xg zoYz`>LNVog&cH8ORJ$z?KyLk-Uz6gz?1FmVO?@E6xhDk+Y(zG0fuKn#pSaHKwAWnc zN8&(mo5O*pG`}|0`JO^9NlASu)hSK^`Fcv~##ConYIo*qcJS3u^i6Ks#uR5!O4^DP z=R;yb4y`ET2i=rQQ=QFj3T{t->ZX;YI5(uK=mym7`U9%<(|bK^6p6FGD?bqZG~8Do>Z5I-Poz3W`- zcKq0N-jfE@IXUe-XNgr(XsMg_t?N7?wbr%FI27q`a?|c`ofX1eXF%Gy&OCW&LM<4Y zw%m2@aMNCLofjm3o!-Xuu4zX)C#m|{;oD1R3`ZUhxoLN$IA6G@a`SZ-piFiSIIARIs^Yg=J7^JgcfsO&SMTV%x<=5=C9mVK{CLwBknClp7tpfO1lD$E z_udZLZ9PwH)%i2lJZ=WCrpIl~Wv7&ywY|A)FMmyQ8cV@UY39keSJWMHWy#z&(fhjk zw{z6{yBos4U~ZSqSlmqFH=E3Qk}r4Xy+gx8RfqK2r<{ng90#>-(33y=5v9Bnj!TE? zj*qR2W^Y)o5~({oI4Y=@f+~?8Rw?)C!~>B^pbn6}xRbPzY#mytM0%A(jtuevi+2%7 zdjwV{QNCqVl<+4J$03xS_xDLc{@|Ju`C?HgUs`k7n(DC7Y|5Ac#oDtC zy={C{!>iSkbKv1f4sP7tt~hh1tDB%-Naf8s#a?wNxj@g;BT%Pyn@DH4T$$I5lsQyN z(7l~dD|80zFjq(Q!obpW&6ROk+_$@^H~cX$ zaCg$`I{F3yyBt}u6i%c1f}2blY=>1Ao48}q5oGE*N7{YI2T`zW^jsJB?)@!9AZ0-O zRFb;1Nmb^BD`F7?jijrb9BQ3ODM?VifzwuG5kqL)J?b5+_K%>&`r<}I+?~1G?@8Y?jl&G710+D#b5lUYYzGrHTxW}NJ^|* zzv-RO`$RuVx1cl@o>kSLrAc^3tnDZHHRKlYyTUYpksW3mojV=FBFZ+OL1v%K7pkd= zr0SKRzoypYO4UA5hIz_|D!S$Y5VY((Jqmjb?rJ-bV1`U=ZN*KHCrUTj1K?FrmpD;iPqd{$C9Z?ffV9o^Mz z*)bdBug~_qSiY+@=|A2dK3nG5k>I`r299S-sE?p6zI!j2Jo)w*EC+14ZQ3!M$fp@h z0}=y}Zn2O9VkVSm_z%3LqrOj~L=RFg14I{w|M0ERD)ENapy-A{(bu6M$_7z=s9cm{ z->?Z>2Y~_J4>dt4s4MfCS`-xHE3&X7seewy8|>b&)L#pxjgbBsLo$BD%Aaqc)lt3s z#1jxp0;bPc6Iep~H8lvucPH!rm%fo`yRoe%(MIW87~uE#tRKxDn*zQLeqYha#cS!- zH4gffMz;h9Zq$WPI4Byqzj5A+p5oCBdS>uQ?h2Zf;_M#sGyDnXbQ2%2g*DFUaXM$u z2C5F(+hGpdYW<6wcK&5^_-~t8|6=ygeD%$4TSuNHjjY|a4u%IpQ0AjXUq|NFIIldi zrYhB&O|y75{ntHnwU=-0{n4a^x*F3&OZ&i02bzi965r%XGpX|GV|_74dZ~FXwTvaL z5Af|8zGa^JUJ5Twvd#N@P%oMK$lgK%RVWo+05RSYsUZ=bSv2^Q*&mL zX7GDQmld;eh`hYrCg$)*u|_3WXV4cFEG`c0E*Xu30-F7Z1U#l-qpwIAI5ESGvw*(x zCbMTPc=Jo`|D)~vW3|4G8aOS`|F}(X-CCoydM{S%6hRc4pKX&!0xir)vP^#Piizyd`VFDy)r&{7Ge(6d zHkraIHkZ+WfsbNWB<{6w&$`>q@oaRB7g=m=w@!zQChGkr$JlDEleV3+w9dcRqLnay zb4XhNvHSKsL>tKQU%rJoL&k}&L0~08C41ctqsdwf3GzbF=nlBBa?>YEIEIsE!9O~zzp#W|H( zLysLZqOIMrIPLiNk2D&2bc;J~#F;IEZ5VMIkIwq98+ieX!xl)oO!oqftl==cD>1T` zV~Mm3OeI*`!;IAExnkX0bCi zDEgKEOs3R6D~C9)IFlj2Md`vm`iQyD!ciN@fPluT`6 z=+yE?ZA~iA%sT-@XDB_}o-I&yFz*{x_ILY|gXCLMRT;n6`sSqeYTblQ19iU&-2%_U z8esa$mEP*`{H}y{+xpQ5GqY1`y~24)pfWuBz+FZYK3$k#&nh6MD6V4h*XQFWXEJ6T z$=|h!-5L2Q1XeH^>AGE%(#`)91qp$k^RpgN#`^fRB26qlUNX8K`h9 zU1>|-%%FFq&d)h^V_)Uolc>F~BI6zk?p)FU&lL?M4-Dqe8`4QMFqntFBL`f(yfeVN3JY=eiX$EMP1h(I)- zOjcji&HGW650hpz9u+d9(W@<2Q?EGjHE-S5@-N$YMHRYk9F7H^6J9c-+ zSU#4nZh*0}mUMaAp>1hwzj7-H@FY@Hm*?nNq8Tf-iVLqw zq6!ET-Rl5T*MZK6Y4BO$^rc7m#RL^aE`gVXY%PB?KZ1<9A_E%8I9ev%wwOt`OAzE6 z6ZDhCxd(!OrIWj_C_fx~zTZvtD`xvIH^b@YmvWEv<*IHWY>K!qMT!nbcW?=)FloK` zF*LrgF{W>qTUAnH4OKL%s^my4CP-_qwjkDc_58YcgQ+a7zdJ08sO^v$2lfPuRLa~0 zTpv+pBh#JiAwp!@%+XZNPs#(6U)pR7C4z$JZ!MzE(T0m=U3`JPks4B4u{7%<7QFy9 zF+UTG5N(A??-WfxfJs}}Jg7_-s-@-;KYWQ3Gv9)Pw$P7C*E`l;*4E;SogPz={q+Oh zQYGp9Y^I*f;CyHGswY6LExMoKWM+`j%U=s?rQVO$ie+T&pKkm$QTd=#eAA-N!e83f zxKK+i?Hz2D|GRjs{7@l(y{$M>DBrKh1bJ(gRnmMD$v?pyz<2J<&`}GfGV6-sLT|U4 zdf4(@RgeGGd%*gh29mVy;jQ*a7CZsX{Fm+#@g4Au%QWp;-?ywaBOCozZYF*G7Sr~8 zt#V(n|5ZGJ@Bt!7m<(gry!*pV5`C?*(M44casWDzqY&oP*LiR&sxGQc-&i^qzbL~9 zx|)LL^3RRU)8Fa)|G^f}iNs%D^K9Gde~m0?XT8zm*F^FWWp;!5G=%cf4^o!;f2s{J z@vp#$@9L?acxN~dlD!X_rnhbHgE=itri8j$e2T3L!+Kl$O8kl)xQzPi3CGM?dhGpg z+eq5)*Rt|@*=}G)Gy+8{mZk~ZmUCQHA!Vol3xAaVRdMLX@4mB z8bP%*8ShSw4eWndnvCVL$UI(uql0P1XW5y+y#-pP;m3G!>9~}Z+-gluKOCJ+aE%tXIyz1mStv85iBO}qJ zH`&L?BHx^IiE2jE{WVC*%vY4nzh_ll^XT*YcmKXx{rgH%?bqIu&t4>0ouGr_R$P=u z?*!^yW4iN8D#vl@N^`xfC##ei=K-C8-lxUno-7mYDBX(PYrx7RPDrnNg1*N$lXq#Y+#28qYbu8~Y{tZOgV^w~WtQb)#DhlFRoI9`tPrz}&nv6yz2 zecDmZJI)k5SN0JtNz!R4@(UUbedQu30a75{O+apa8PL?(-)j8cpK5XNnwHmUze?74 zrGu@MuSNlH&~xB2RzTq7ZESd+UTJ2D&PR~tSojNOX6;4NG=Q!%MpSA`rA>eUmO%xU z;!t)8*p|tiiokEzlX*rQZWO5RdjW|XAoPBp@760_o#h`FLUyJ!uwlGVYAkhq!J81g z3DM-QEipDQit5t71X8*5RuZb`t!g%gi`CWy1?%?FO?8y0ZD=-1qV#2v=zAuVO34r7 z=XZS-4y2?l4^$=(gTkLuRUb__DKpXm^Ax?6Wz|YWqbZr3J!Qf(8COHzT|#|v$;|39 z^t^m)b-W^&VZSZzI3-W2Im*E;_vB#SmayvL^Gl+`J}eA>h<)JN__6KWJ!9R_CNI6d za+4YBszmH{g3T6f5o=bM@H^c229y$mZ*L*tx>@(BM*79v%~-R@1fR9@hVNEZfID-u zCE;yLwpdz&Ycf~xhVn3&X`_ukaTeGzo}xU)deWq%lG7xZXp4=d;L`@VtU;w=RCt4$ zyfyA{6Qpkqdb(m=T1alG*hJRU5Zfqpl!Wsr<)cG>pie?~@ zQbSw)*-%2n*1++uJ*pl`s8RmY{lLYT__xaw+}h%FU$J3@Q)v@e*XKz z|1&cBf2b8S-s!rT?-%GSUtCWw9gK%=Im61xK!rPy_dv69rP3oa9Yd9j#n`P&?3H0= z6T_${#{V@7W0?{&5nD4$LffNv8RO<3ecP30CZ(4(jM5fRKlokROrcQOVoS69iTL!` zn)6*HHXe|bif2Y@87z0vkSwL=nFMC`%r?f7F5}Xxm7J@Y|FG4U0%x|W;z@mW=6`1l zYp6QNu)JajTzI6lCMC|xo?Z=ao9*DOqH?z}-&caX`ID<$Whxf*#nLKK`|_(&b6eob zMry`_C?zNN@O1o5$?XukkiC((2Jb-)j*Z!RtrTPTZDpkWA4`7WGRy0+`%LL&LfKNig3*%ekwN!zjye5USS-6(HL>_AOEeX|uE1!FZ#-(JEF zAKr(^_NNV87ob%wvanydQ6bv01(x+F*4B21tc)+nQ@vg4TP7Jte#3~n5_k^^>+HcL zyk;oG=C4(KJrgAG>UWPQJ+}pPe;Y>BF3@J0{h+1)YuX$ysa~47V3oFL`lP`N90Uh(Eo=IyM^(~OD%&Q|5jaL<%)bm!7`VC%E zmIkz13unXg72U6UPUGgQ_66=;^Xl1_drLR5QqE#=r! zy%)S&mYRUZ08`lj^6>6H;UnY1a5%%R0Q4TRU=BXMWtmr zAwSjws`&);{xZz&OJQ-BfbTDIwh!$qs`rBIkKtVh+6_T9y$zLr^^BjkVUVGA!*=wH zf6Z@riDKK%`OzaqO{^wSub>A0^ZrCSNFE<{Rf4xI=mHCRRnOL@N84(DZD-7(32lVB zJWJn`fH?)tqKmX0_>uTCH*S&2sfca%0Xv_bz z8GuG9fA!R^m;h*DwM=&pjYQw|FdWNl+a<3xzv1fsHctTDA{sbo(SL>g_ge|eZQem2 zY!}W_`jV#p7Nia|3x%seI}*A5olfh_eF|sNRQ^DU7~= zh^8=__v|T51tTc;_S62`-@4a2=b!I+ z8`|f_CbFq!lC-3(Rh5KK-$OzF=9*3kl;U*`Uec|^OS%~=iq)?GK(gl7<;+B>^A5hn zpf+6nnsf1XX^uB}CQ}>VWTI6|wJZ6Wgty*|2Z9}Ww9k8=M0QTd>kDRK(!_Z!_9`X8 z7G_-awaj*HfB5=UpE;Zu>qq0y{#un>zQMM^E8`I3hbOKpmLI1wiVg<&v40%{x2@MB^oUlf5cDCMm;Az>1 zx8A-DJ7MzJ?tkfQk>38d&KI@eB3;@Q-yQ4ghk(L*#*=1MH4D*nWp-0iBfpT}%lkaZ zHdJaVAb!8WSW@y5s5())h5-MM%LGZkAD`PgE=W(__3U5fOzadT_h@kGYD3&_w3~ex z@w?P5P*jLqMp|8Xw?LCfsn)hi$>-T6I?uP1zUH(1z>Dh2N?6-eiNDo5(Eahf!(xx> zK`6+A@aVv_iae9s8y4SgdxKqvopqPNEQF{p|8w@j%r$awU_ zgZk`|(X6kc;(L2?qR(>Bt-3r5C3!Asn>GGTUO;nkvY5G-WW#_$_UV|;! zPHRBI_9yYZk3;+Oa6GlkQR6i>-yW)dO?F%NDtw);93fa}T`o;rmHI1tV5hk#OSjCL zrL9@BSiTxf?|fi7q6GPrdfB$%O(oh4vO}pbwAp-tiP%l9p)twH_1_#e?4bJVoYfq@ z)9rI2EjQX7SEiPg;n-&V#~G69y}!2p?_z2Dht^i_&Lz?@s9c;wplVIZh@pa5^ZZ}S z>2JAt(gz3o`VJ1fuNleUwJ(oXZ7X0Xl6=jGkrD>DtQr%o@^<2_ZLdVtPuwnTyxGd( z1_KXqW6Zn>kcOJ^QuS8)j=UIPY7wU$M$SecT&9+KMiQyl{_m1{^7fmU;5afTR(=tf z?ogd3Di?oZwWmqHFP&%2QYTn)-Q4dU=>9e{3-t+^jc#Tti{iUV)a4%_-r4Md(o3~@ zjXM{j+bqSjn6YlN;NUf#-u0jj#!@W!OY)uth3y=(yHc}Kf*GSqZbSR;p6L1qkK*); zB=jYFbRK*NPI1aIkx`jf^R);or7*O{3;^qZ_!WxMd;26Ht(diain;y0l98lW%%r7T zwX1t2lX^u-AaSqwi~x6o?Gz2B^)GxCbAA=aL9s@(x>YrIw#T*W3&)z*f7C982j)#% zX#y{78kZDJw^S<`*FvApQv)F&xuvEh%kCmc*2_<}Ke6HH^KwO>ts}G~Ia*m2g{$=l z(2_Pf!z|=ErHz<*kuwp{rKa$j-57b%+wi&56sP(+%;#)*s0@k z1`f^boIPgr*mFltoH8?KM()Uoxj8dN=T4o0h_178#u7DQ=;(nH!r}1H+)mx6=H*Vy z^SDOljy^jao^|rb@UTe}!Xs;{{P9wHr%pq2CXb$yJ8|sENSi!`=09xk=xH^unG7_4 zmwq#5j6Q$sDKvk#Qzqt|ck;~K8CyxB`48U)UaFMl=lqY_j{LX6tMfhl_=!_;YpAp4 zJ8WQLHXYB}VC8dDom3~yanq>{8|e!^o!0ax(Z8WtsT4dkvlc@w1?dV@U^9woySe%4 z#Ft*1p3;fl#5uP($XSYqtN4K^i>#$W??qs`M`k)hYjG|wy6K#EyC%&kVUe5Oz5!>G zg1`56HFKij;iF zVOGh9bggs87}rVXIvsKZKV+(hZv4*O{#z z1~>W=4V|YRj?d_@&~+|V4=1FzMsE4);lzwic$lvqPOHBX87x!}XEg7Hm?i4r%$CRC zVX1l;!PQx&9?q&m>akosjI4V+9#*P{QCzoT^)M!V5HeV=`smQw+$BR(SdHqnr2hH_ zwSC#0nLEzu)XWV{80k7qJN6AxFE;I16uKYTHto1T!WV|-a{M)+n;92{US+&CRKa*% zsO~6Azc_Rt9yfC85oNm5iH18D~>In?r{(z7ZNMI33ugW5{hbc>xji+-6ZG>buPz zWuleafZEcg<34T!5_X%8t=$GBr;%+y*Lnd$$24e+Am)IJMdO zxu-RlMNip1>koh$b|E@F`;<^OJg~}U53f&}?Oe)XItOy>*{F!)G=|-4i4PYj zF%voF5QKKqG44-Z!bu!G2vMh+=o|_=kn^3!(dQy+mWlq2Qn%vhIUHS0&0B!@n+y+^ zpm;9vcpgXmYQw|%9LV|1XP!3@^^uNFVMDK?3px5bME#+oT`JUhRf+os7I!UJEw>q1 z_rgaB=LQx3Ag9knd?yp-q|by5n`RHmJf32kX7}Bb0+y&0gLpb6LAVs^G^c8I+RNSh za}+y(9@1wZlIICGrC+_z@xU`mO8-Ns9^7Xs0~!)%6mbvX^Ef^!O%W-v$L*zKUq;Mk z6I*NK$7a`h|HWal>R@yIMY=!vN_@wL^ERABjBc_jujV}!o+gD&y z1)NfcN>$)Fr|NJOeLqKkhN!P~v^$jA@|r5{flysaU+s@{(r-e*)y&fJ zSRSyQ@2WonW#@BP=esjrSH!2yRLEgNGE}t>+b2~TaM&HGO;zOKed{}%NouG1rN{(R z68^bGAXB^0-y`VRAw3k@RYFTWEJQP?&40wBnm@%UQTe2HuXjGBOzp{9@-i4wh9j9v zfAEiujGNl0PDiwrjZErMO{rKhGO1xwOs6(t8{v~OhSE-?_|2R?^;nMI-^ATWaXQlB!5Z}nxnl#`u>*ol<%Y?G}TOsNlKP&Ooxiz$8**EXFhDK)OBQ;i2zx?!KSFPm)}>BL-TPEL zy`f}rK`J~3$06PU2xX;j@Rkc=*ffWTl!NP~IBuu6Aw&8DEzbnsn=19ysTc#WkO*;| z)SEc4*WS~iY_(J;*CJ!p<)l}@pp?S;>oQ%3|JF?wu9V18SubjGAhN5c9Z9ruacXK4rT2S|5FDkf#hzp9cEFs{J)I^N2|BxOZwhK*1)W>> zL<%BS%{8~)96Y5`_L(5wcF8PFr$_IP46Lr5>no|(I?t_lDkdtPt7={3ve4VSo%L9~~Qo?QMDpNt&y?mC$%jY6%`=+S9Q zZ6P~rQQTaTj;K+s7gFl2G7Wkug&Rcrati{PnH~%QHv{FEKVHVJS6EyT*VL-#Hqec~ zz7`ij)%uxR0io|pK< zifvD88t6)e(t5e|F2uxqEQvWS;_?uB78$y?QhV;iA2qL}^>$m+QZ1b#A9Qo3JA?3~ zx@HUU6RYBX(4Ca)3^B2FVGyiX$O|P6S0&Mi>`3wVQfmG~^OkC3+GNE=~j>FW5dM7kvODI_bDa{AtUKNisD3g zecaa6)N~40b$diHQ^0|czg_LeRTOF00E(h~RAv|COdao}J;kE+vU5PLza~O{gMHz>LT5@?OhFrpKT|x&ib`70-9X%frx*W*HxKm4aukKjsq|-oA z&eG62O#Bq+Hq^%dT zRelMn6HFOCo^LeIRIEc?^G8Zm`6Mj$9k+I^r6?<-Pwn&rQ80TPnKDuL$PTe~W;PrX znurzWp;W7edG*=er1t_lD^o-A`5k8ro+sdw@+jKwjG~~1^PmQfa}h$X&@t``idG5p zIpNKSy2nJ*BrMUi6mpzZhc=MaK~JT_E~ZFS;(Q zPbNO9kt*{yIhw@kwnJ3MK=iv_bOcey2ckdlqR&Ruc}&b-9pK88QfXrZFXoOFqI8uLAUB%E;7%oL*Q6h$x z!f+QNA2tl6(o)|xih;Xl6Bs@sCQ?zCO)iJ?kWe+wR_qXx*H734U<(|uEq2c7~VEaR&lc}rf z!y=2bH@J>BoNPfU2WjVGi*o|F<`_;YIIg3YSnM}|_1<`P$@mtFa}BsQ8_r;5ms*@L zaQ$vLgO$C@;%o|Y(H_F;>23AmOS&R}I9 zvpCm+>s`Z{u(B&G_V2*zV$U$pHmU3?i?bEDIvCDiWuLb=!{8cbID?g4XK_vi*JXw? zVP!X3?6-mS;dpkb?8_GCCUBJ+&R}IrEY9zVYi})pU}fL5IQIfqC&QVrvhP~#$AR^X zcy_7m#};QExC#tsu(E%*IBy5nBZf0r*)J^47s2(h;Y?WBuPpW|u%^Sw2&w@u{u=(M zIB5cCOP+|aiq0t*-A==5w-Gz^>IwVNR9?E8C1=&ArHq^29|_sFq+0i;WVEs1q*HS- z`yiJ)Q|iz|`V?>uppd3L$Asvtv}w<=p);{3*0g6%Xa?i>PyyrFp_>^egdSs@7y$M;;_*P5Z z`ZP9?qa+e+@ z#eHu5d$H=`jg(d~m7*@HqY9(6szjCLzUrWq>Tm!tRiZ{x*+W$n)upeAQnk9(Wj9(q z+~w9MwNMYMU0(Y+?;;zFszcp=mmDdJ+^j~!LKos;e~L+ObX$X3t+9zn?S)=oTl#Ov z1c&=snELTasV3PFi(0oTo_m?+Rm6Yf=c#iG3M3&ojUK2=sT|t$Q2(m3Bs;alRqL2W z)E7qbD0TKmm$g(U`&|mrZQNuQVTPcBv*0y&G&Ph z{qRxcv)oj)+92qPsD37zn>~yw(P%BFCjQe9J(5`3QV*!u4JP(H#LUqdh{$rf97iHk ztR>7!EO+9wj957%Rg3pI_F05(q!<I;9g%A1ba)W+bSh^_^h+Lffu z7lfh-dm-jvisk$}lU%JrzGl9@h##PNL}7pAn9~uOqhnOUgDB@lb=BCr0C89P;$5B zl})bpQZPMW7|EU}3)X0i;&}yeYPrKx9`_HMxJKeYf1Q*;oaY7y=p4Ad+y^R$D^w93 z4Fgm3M>KYP|7E1Hin~y8k1*U!(I4TSkpAg3!@W>(7aDF}ve6%D-*t-NLBqi9V*#** zZgit!pgH;#V&d9!`&GY)hx#evw&0_bxE~Eh6)(HNw5iw%A8!zOJ#1_3L#nuJu=b5- z$Ko0P8a<_$+*81Drsi_Ga$K>Bn~va%bd)k`D(xmoy9klD8V0VgVt88^9!KORAA_nf z?{q5Ge+cWxVEZ8fD~n07imT(+fmHU#$CHyMQM;OZsM*i$4&LJpzfnG$wTrNh1KU)? zI)J)Bl|4il3J|&2Fwn$kXLGV}Jphhp3>OK;<{BfR8o(FBy zb{G@*sPuhlyRT6nFa6<&>Os*oFE}dt7%%xyM4e_*D@%P&_IbTgF;$fzikEoYdH8cV zF>_vud19A~Jm%9BGx4|&;m_m5Y_)5QmD#I^dz0chGga8RR{F0I_d_6ku8QY&*Kd#Q zdwlHtFS6nfLEK@1_yQ~c!H63gh?i4uuK#4j%?!lfpwhGTDni_~f%sdk_=gbpcp&~x zEB;l)y=mgr7+bF5-3o;NN^v}yb8)PPit9Py%IJVITYNk&8LBS`LpCD2Y6elA*R3iH zLEI@6&t0T4|5DOULil+)t+K6(p;8!%5P7X;kb-}fxcd25u`=^TIEvXj~_d3OM z!Ag+^CsE#ACf;+{Y33G{sw^V2YLgO~kzy zNPoVS{s+YU8c2VIif0qk_z0U5AW|*uxy=pPN0)|h0Ox_eGa(vHX{~fF$bh~P&nZbnf3ybpraAo^A zh3OZI=~ytFZkW6QraIV7t4;F@3pf{Ca}6iASdD{TipgD!$fbtClG|}sE~~)sf?={m zGTUPM1PospCTmVvU@_I|h;Q57t?6Vg8Q()Z~&o1J9%i{bLTtE9cgYx)7 zv9tIxJK^XXA0-c>)T#_R1phX7ACgdtQtAC_dn$bl7*93HxB&Vi_35HGxq#{5y2x-+ z0m2lqn65|gJw7IvIU8~<&QP50v*1{(xg?idt5P2#?mHdtN#FM5uC&-gow4hUk7~MU z1G9UnrJTF0g#D4|tON<;I?zfp8~jB{(nt|+S?u?Mbxi{HxURI)d;tDRlZLyJ|5#f4 zo5f!DFsyX(v3j1_gRRI+_qx3|_=hG*Bds{VVxJ7wD-y5=TXB|^<__>blOT<^UR2sR z(Mt0+_`gk%hMPivw6a)f>Ku;s4?e->v(nNZNi)|p>XOVXQ?;<6c; z4*ttc8pG+b)d>?@qtCn|ZU^VnhTGFgPhu*`7haM#z`i9x60aXslCQiZX|`CTz`ksZO+pE%ja;XW{x5{E6V4(o?|I@oedrqp(kMuuYGV&;OOK<6j%t*rRl z5qEbW{y-Jag+GtD7bxEH_zzX_v?=6%g1FBE>3gequ6H%!nqYmd+GASI!(FN~$YMVf zti2684J4a$lEpb3ToVkZ$yoB7V{u*zu0@8ECVM;2D=p3k!S$@+43_?&#rY1nVusU{ zZfCs8Vo$^FZc}^$Qjp5NY;kr3S0BR}tn7Oh=V{=YXgGtF{lntS2iFqAnXs~T>#|O9 zmpum7wejpy*?la|55cv?a0V-Th{d@_H*6r{qXZDF>=27H8(d+-nXs~FS?nXhIyIhM zDm%mCjQ$^GR|0S4)Vw|hIcd#~Ggn`od34K&{*l{6?7DkK_6%15J;M8g-7$dn98 zB|@e$WGoRvXd)#u8KV@D_&?8Dd+&F@=UkuP|Nega+;jHxthLwPd%gQzd!6^ZFIabY zX1cLc0_F;^Uh&LyV;2X^9boP8%o2@#BB19NBj<}!vKzb-Fk6Dv*)!9P-54+jfi=oA z(~aF1Fs}n^foGOzY*t?62G4@JE|YFYwo<_S0<2#=Gu_y_${b${$6Z02MB*?M9e`+I z({-@5GUcj}R$z7XOm@pQd|N;o0K#Zb^6J9)8MhzdR{2CZO*P=v9tOB$}e64TWC)O=;W2?rev?s2 zFXe0ms3S@iY)$aAqvuHE?(QfJ~T4tZZQTiT+i$wKb%5EQwpouj8Z5F_<*S1ah8=%}GEvm@1mWmu#VJQ%PnV(3sZ6~I`kBYBpOJAO%`Oc7IrCX_9A>sZ!(yNPLcY#IsNr1Y0Sg((4+lws1=K&e+(NY6X zl3!UTQjGXIlO!)PS;zOP&A~`b1$~f_#bEpB$peZY%_ti_7iQWkXe26cIIJDgTjZZa0a)9Z4iE zLzOWN;*><{eke^;I^ndunZPTZaC+Wk`QJx>JAA@`ygTLd(7dPQ|Al$)$^YSbU*o^_ z>PG0ybPoMCul?-WV*u|EQ|cXGo|cgRu~wX1mF*+S!vqyPntu>TRemUVL3%wOm;CN= z+W)@PHp4gO@6FJF{5KLdd~rHn%kR+M>DcUbv_zd)_`h_xtC~ABEi(-KPsG9wP3uB= z!VE%9vfO;u-Jn1hwYo#MGAn`E58d;Z;KM|)5*@nB5pV}SCyO9xc;x~v3ZU+qcmqQB zEASqd#fif1x%=?x0#@XlQtko#)Av2gQBdFa%6|$MZR`8qHIAVYyasklvT{oPLTzZ(AT8iFP8YnukPV-kx%SsJ5BE1|Y?j!!1mf%2}S)rWdD^;09ZYO7}tOeTJG9R7Y) zIf>LCF!c%&^{joS~EVX zN!24I=Vw`ahePv7lw?m1mLhuunU2~U91{H6Acw!t!#KfU^8oNi$T^eJPe|JbX}&IL zIe%0f0>CKn*Rx=j{Y*$EXJUa-%dX%FIg!Wy8_Wy-u1@k*MyD}J}&C&%$KF%A}ABKS~`2cpXan&KgmQiE2ALDJ(T9+#$n@8DIxOL?=} z<7aJ$#a&pL^Nq-V8iUko#eWbyf$7s;QPc$Oe^H8Rr2RS|c^5VGNL>Z!u~?z$C`XWN z4!;ul)JK1k`1bFl>VTX`B40fuD@L@MHJ`H2t}3$L$4`P8?XV+E^^8 zCl0DO2g6?J#K9FC%I6^!o67(5Dz?Ud@!V|r(PZfdQeUDy{r#hOt6s1Z_uteCa6+l4 zQ-_>Xl2jt~Etu7$d!>6O^9Nz{@YNBHlio@BPbV^$Up)MhMCsFINcm&9%P$^$S)z15 z|CuwEDBWMrF(jypbCO3AsE6LCv}Rybqv}f!NgnDrR_gqyVOujasxhkPf{dDBfo3&l zL}ZRuTpU%XmXVQ+ZD~|S&FGApF&Q=EB5SOkOEYT5XVgqcV!wvK4D({8CI%ce`HIM7 zt(cNt@!#}{YoiM7<*Y!f)?6Re*zug5QFCKP&77#l+Iy2Om-I(HfH?KenYL%;Khn+h zY)6)~95~aba>Vd1D(XyM_|Mu=`%NMVYV>zm-kHj3%@0vcDXsY_E8UrPM-5v&d!icK z`Cl?>_C}hMYR+%^{UgoMia(+XZTrti#`^ zmF`SA0Y^>F)vvIkKG^R`ql$9rj7m|3_OeQ#Rcoq7HFi9!Wz-y+QFB;SV|!Vnl&ofv zGtn&POv6g$|Iyuz$M8tju1xZdBx75enNf3HM$N2@n%R*xR?iI? zH8*C|%*k-3n*)xTd|PC)R?JJUxI4Y#-l#%*xj4|OHTOj|c08A4)I5+;voxx)y?ij; znK<>)4^7|gfnRu?h7)Td_CwRdQQZI~*_tP83Eb=tP1~Zji$hFD!jq`c{?N1wDh2`` z5vQmIy^i!sKrEzfvJt-@v3Jjv(>Txm_C8OrLP|FymxxxYZR@U*vpYIkMO zS%}ytg0Dl@BRJ2FeG$f;e|Dm#D;9pbkVy zj$jvRuqyWgLB^u?N{5(n5qz=0Hv^jQ;faK0PndhDz>j$7N5xnD3vu>`VNoKtqF&y3HyT)t%GW5h zkgX|PMPXY1381eCKTKF0B)6O?60c^x3LL5etSH+Xqluyda{A1zrSQ?HK9-O)RbMQr zt59cDpXwm<6x&kVUSxa$u+biuLsao5Dt|SwxiMUoX#35T^e_ldd(v}JBdryG3)uS} zm(kZoj#K=5Up zT_Dt(knATru>IT@BB-HMEHFp1b1Jx2(ZLX!PeHy3URH62q#gC!J53WF0x5D;!P}97 zkK?kUN)(7SO5YICQ>Vw8^7KR-F>|LfO%2fMpd??Vx3v^(w_?Sp?&Kiz4sq?`L#CP> zUIbO*FO|3m6_dOK--TjJO*KwviuL8Bp)$H>F^f^NGA_4?Lld-lkEzTPK#DXKc3J69 zQS-eQ-bypIi*2oT(+4*RLXj?-9VDoR6D;9yfK5Gt8nk8g-)_q40>S`Kq81_P^eOWc zWsU~x>JpeTPulW8+w$F@Ez6`@`$k*V8Zb6`)`@U;wNG`~>zU0rVEp1(L8MXfwQLUd z=d?H<$+gNTIutTi0_LvOri64X2yHz{#!E@t0#ZK^273~1vPS=Cjh+DT8cz^k;G9}k zHG9qHd@z=JmZ(u5TWpSRj8lR(e6+GjH1FbNi<7Vpxx|!a!bQo=l}wKLlSC|B$(?Lk zu4B$UK2la4P;J8E{0euD#M=OB@1@nQ2h1_W1ML@DxxJK2jv0oRi%Aw;O1|H;Xy?gi zDw!N}D_-s-S?p4~2M5ZY1oj+pQKtBaKz=i@ZE5oMGH2=cUSNNu;geNf@QP<32tWzj zzdF$099Ww){Kf$91FU}>2bg=Ps8sD@LPf1>2dYr2NgGuqyBkf?7N{l>oe{O z<_!QpixEuVSv#zn-@rKNSk^VZ4os+gCcX(q35Vb(#U(q~3fS=;myo_LeunHgl9Tk6?E4_qM44D8%mN`WLoX>5_MIAMDrA0R#Sow5)MLRB_-bn_*tC5 zOObOsMa}*WxYSuOJB89OYUfbE^+}1EvCbH&F&#kY;`G?w{U_341_K-BlvsR1AU_q@ zHEHtG0{Ml&9!Qh77b4eT?_UP?dYb&LDla$t`V81kFR#wDSaEX@^}I8w&Q;(hD=eV~ zz#~0jHGGL1XQ7JrR(O0ik`2B;B&Z@`f@^ zKQIP+7S9`&u+0)C0G#Xy7Aw}vP?NWyezC*EyTc>+M9X>>j8|hURa4RE_5R6i0KfAD z#ukB^iU%z#F#z9SqG+dODxxuxxvqF#QpPHIG-xe7RhAwBDn6zJE)2=uAoO!29lwfw zv@I%6jsiBt;p!2=Jio7<6Xu;@J@k*vkCaI(lCOfbnM{A2>aPxmV+IqsI|JrEuyjNv zcv8a80ioPEAp9E5S3)lkP1Z+!QxqL0hKttOAC@5ygS!Lo=Q*shoRtx0B=Dz}1;$?}hjJ+RLAU+}i+(OnuQ7oaE{Uco@PE|8-=$}1Qor=Q}w)0wK|MYde2G82;h2VwKXJ7Fda7T83h z%%o%mo(=T?Ei*kS$Ca4`jZ>-h0I`_JGaqo^g?(#im@3+(7L{3XRtgl=;Zu-*{2;+qk%Z=q~r4M09MR#lX`x2k|>lh){ShfoUUfp5R58yBup{CeUw4W zInVCY-T?3pO0o>+SFsTm`x5m(Im`?#op6LpEg^d_5+5icY$`??>@R>#J%Go0LRAuE zlyX+9h8moY?jZE@B+;UzjR9#C2$MW1(DZ3Qx($STJt;7_Qj%VkFi!(~*%R1$Vg!Ml zdU6DFCH@fbC!`z^b*H(`nc0W>1cp;EBjc==c2UA@{Ia_m2(=tZQ%5=fO%^nQI>gRs zYeupX@hUpl_v>w1O@CAkMUk17%NsZ&M!q)YvMGP#L70jn1FpL<;opX*P$W`xhHB)Q zWS5-$r@*VsPsy%1mFQ8D@{nWV2q9H_Eq^CCMf_0hExG%MzJI%btAxH^Umy#eN)(-t zKjHjDq7fyEI*R?N^YEo3O7e0JR}DdW(NhwKqqY%||FR!9L~!?9!Y2djiy|v!-4}5R zqz2P;n^&W}G2l#gyuVjEUd<2Fcz1%c#PN!sa=cxHqx8FsqPql14aN5sD1sQi(^E~+tp(3Rz@%7J zPgE@wfnt2_5%ofePc)6c& zkEn%51%85VwhGW%!qOo%;4y(05&js^mtI=Ue?pd!{iw~lAl6@%ezuUNN!y14KiqL_ z=Ud3E_i;_otEffS4R+&B%Tx?75kKAdOrT#3qh>+QTvOhCkED zJwP1b$U7Fq$Tj~;BToczrXw$!86#i(cN+PA5TADB*;mBK&nJ?>fmCW>C+qGh9z#cP ztda7~FOAcJtQvW}Wtsa4+V-I&=fOQJa=IY77h-l$1Tpj;T_5xGdbb9EntAwv2tGrk zy8t@P!^{9Z!5oc;ZGOZ#6h?Ii9$Y@Wg{c-Z$X<;&|dg!V~9d zz=7y?_QHX_CGidSe3|<6nfrLjZ!#QZQ)wxdCrwW4=cpUI)l(^ zLiO23p1rZ%e^5OJCApSRTY>DI?5;ue%??uUYc2Q-M*QmmV9Px&s*%h^76^)v5QDyT zKsU!3+W2c~*SEm-di-5lAe!@PY0Q%>a}jpJC}N#i^rV#EO; z4Rb{CF(HbN#fURNn&XJ#WI_}tixD3M=~+hX6 zIwO82MDep2@ko%GJEAz65XI4A#M3}J#}UQTgqY@Ooj6^E;%bRhKBnUcR;2Qt&!2y> zJEC8ddAS3+7N8_IbE?#*R|~QNwJ$lud`!3zwdB1b@J2v8Jp4rjzbf!eTYc2H6fSC+f@+7jCrqD zVBM9V%tVpVr#5Yk?}E#+1r^!UWiVKd%2Zy`K4s&?yTj61#O~?>tZ6Q~J zP&il*tnhuHJ((fQ+Cr`lp>VK9SmDn=+npiI+Cr`vp>VKnSm7F@5bmPH`^?%xt|Fmu zu$EZivq8HkLzuONTv!Hy z&>->Pa*NR-8~}DBvOJZ~C{{NjD^iuK(TTcKB9-@H*0*DE;E|m$9axuFSn4qT=cc=j zRCFpO9%lwX$uN{;9VjrOMG2iPVKTsLJ)tI>$rcUvz8Z}ww+MtsJgEZSSyEDS$wGP^ z)f+wOPnc-E-sZ#2HvoU}1j<-KaVf-+=u36PRY#*>2X$*W~98>%(Vv3)6 z=2u|tb4>B9h$)`snT6^AZTJk~EW+G?s=A6o}I(**+JC9P>S1 zc6)OBVME6yig0ZNg@~7#fanh;)OE0cp{hx-UKQFeR&Jq*ZBg5i5*!SR+v}v}5g!0- z2yw9vQ5J?_1(KTjCHzM0GOOJ1r-BK5IRt!5G)>ik*Nbyn3a6?DN}Yi9LTSfJj*~h?U`-#J z6P^IpG!)6sF-I!dIXTM3k4o_uOxi;y@(}1xIT5ByMMMsF5&4yQ)40eE(7$ma%$$md z9QPu!c58-6S$KPO6fulRR1uK{Ktxt;%n&&d^qx+H`BV{+l|V%1GXWbnY&_^wod{E_ zA|gwIh)iNGHZJlY=ubKkW?4l<)&>!&z_e^!Wynb$?j1kub zT_uX1$jYyKxm_iSmS@%E2U#VkFj^(9MRX;*o1*=-AO0_?%QySp~wIo|L&t6wkon`y~k9k+g$D;8ux= zlL4tlyGoE_%1uJ|QIs58C5RsbsHKNh*TDjgvPrRC71~webDB5=wHH!?gArdPb`qZk z>{{YtUHU3oRVYI0!HW({-LWpz&4W zFklTl{sZyYDnW@3zDc2%YI3kGR> zGVtk+6Z?YUcGNC%h+$v-7Yx&;V-)<{2A;!dRnI}jL}5*Qw+GbS!+C^jaF+5k@jVdGNDp^tk2xNR7n?NF z#5c!zCOD=NrKmci$;D9L7QLML&xv{VPRO&ns5C#)`@3C9xw_4IJZ2!2(hhXA_R z!(AffnsA&7=q3-Rdx$0+dqC)6aLlQcRu9pHBaK;0M4GM1&LZI`%byf0&S zOC*svcsh1?9F!)kcdlX+iEOmiG^p;!M%7hpB9W~gN9b%qvXnBBNKGl$E7>Lz2Z3{8 znjV`-913W<*Q2v;6N&RseGf`<1e;Kovx&qNsD8ykG997c*+k-25Wesvu~Yo+XlTP_ z8c_NN&}qYCzjKMi;{bN{1R14h%+>EW=+61RpXv_KBoa(q z#q=D61k*$+_X(!!{)-7A`(G1GFG9&1v|u_E7}3&(-OFj_t~83`fsY=UVv z<+9M;At;$v0%a`0B`C%MoQTqu7D|GGR@($c zI8YoKd$PtrF}(BxB|SKT3YefcdIsE=t9~Qa*aXD}@IOLHKF+>9$0mG&Vii8^2KHwh z_uK0ND6E2_vT}MZ;Y4F?!-l#yxM~|V)UQIhXWL&@R(Y}Uci@P9RbI}fnWOP}0!lKQ zS4=3fMvz&ko$C+{iWPoE;D-P`s%jzk|f66||45|yCFdz#p$7&k?29L7x%KgdjTV-{_S<|AJ%YHFv8t^=eR?WTwvQ}0>?K`2U&ZHkDW1gN`*-KL1URg+@9 zDzuxT!)f9K)J~=Z2P3{Is!#lOVDpKKb?KX;r+_@~QPplYMPlw2VB3j{c3HKH+@@$Z z>i=|@Azjz0BDX0j53>(L(Rt#4#y3SxfgSJhhQ!a2DX^&%O7sIhIL?V}imn279ZEY2 z%C26VLagzgC7~_BM2a3Khb1>fdr+k-o^Fa>!RK`-$p-Xu30&-^Xa{P)A<_tlIl#5h zYfq%8+Il}WMTcVM)%&q2A|y;{-fxONnB~owp4%4!Zc{|nvMGwCDiVX(J$vcZaL`Ah zBsbE^dV<_ln*XMwmVPIQ;XA)6YKafAP0?ehc+PV_qN;FH^cnlP3HZk)adcDkH95Zl zKj=8IO_3Y{Md;|ED9P`m7Iah8o6;=+9Y@4(&0=Bk>a3 z6mgvI0mt;Ebhs&^F)N8kv$83omo|Wc;A$3e+|)Cd(bsK{-K*jQac0}0g^$Zm?-pt?Ou@_a(EO;KM|4|0%>UTjlzDX=LX7uCV0h*sPV zbWxn4joVGpGr-n({1RHA!Ku5NWh=lhJV81ZjZi1{L%&~5q_$x!#Y4C$I&g#Y1KkwW z#OJyw$+2uA+!Pg~wv$85WWtSPcyv>ACZO{?JS~ECQ#1k4G!I`BDc4QWTtN4GINd{Z zQ*=FqR)b@1qI9?^qA}ZuNV9TE#->P?KR*V#DU!O>Ul=Fx64?}u$DvfrL21Hz=PGtn z#70}(2-S1hXn}OtZi?7yZ$ftwlBJZJB5F#pUdeV-bT2rQ)AZO)(Go!OydIr(yD54E z)hkev53z~Zrsxe+Z*`DNN9cEUQ}iPU`#nkQ3^qmVQXx8D4Mkeep2RjqO@OuW_>(jv zzA5Sr@N7?zQHsV~{f>j~oG$@u>^TUrK36dxfjvv*-8sVi)_nm2swQOr>!xTUlxin;1HqDs3d z`WpP*D9NAMw?Ei~-xU3gPdN}OhZ5jDD9*pbQQyd8a(XV|L}P8krf4X*Y8y61r4S5x zw(UT6OOrnhq~cd5+B?I^FAyZk;3MUi-)#c`|48{8!IsmgeWd(T`20Ld@?=I|gJ`9F zr2M<6-R2O}i?9k#mov{UK)-ufHZuy(6u96PgnlTZ*AO;rTJLIOA1U7lI$MC#-t(lD z#$v?ig0leoN6NEbCUpv!a+bG`l&7S*3@=ww#ksUGe55?#xhQvgRE71C@*?~cpy$(I zeWbj=n*nX}uv#{@;28|7QB^NXZ%HwUTN8;K6tzR)wGmtsP~9|mT?DrS)F}u3`)z|}!Gh9tVE;ZOghEp1ROwvUwO(QHlzwZEr}2EJIu_8u+#ZI~Gc)>WQKVM_`h zDSrnDk9v|HCA-K0qV|wpl6tUN+4)%$Neu*w3o6ZXy5G9Dn)xe5RUVt$e4iM zH_+J^)RF%{4~H*&r2I_qZ}l=kFKv22ocd7^p7o^Yhg;=_Y3oAT1j5Ij6qtBXK-v#N z);!nkpt*4Y=`au)cv8^ZWdW%p2&Z^b(A*75lF=Fl!URuZb2<)k5OwY?BQC@_Al>VU zvVgK)7tqd4BI2_kz2k{&He;IS1qOTr>i$f+bv*k(d9k4U9XRKqs6(WiIxe!{IFPz~ zV!Ek=BI5ZVP4vVPO}#%b^%hVUXVR^yHj5&rz6jQO&x}l!rpwuViZFMA^_yp=+d3n% zwd|c(@KK_}A!AtW)8s|(3841Mq+45UPDYr+!J6oq>9*RZ$qVxquoin}x~+2~TVDWa zgC~|auCE8<`aP%zGU?XVw*qFRyD$hSCA+}0kp=BQ>gkE;rY?(!!$7*i6H7GJK1yDO zU@oZlXVR^y_EGY}Tn*NHo*4~mb)GRgZ;LGW7Np-jG2PTxBVu{P3H4F_hX;HYj8z9v zPtBz3b|-w0{AiE@U+PB#Gan?+p-Fp?{A>tjkxio|W5y6Okz!{%v%VT%1a=arg~^tNb(!fsJY%Dsr^t(n#I$pl9)Qa z)RCAv<_FQl%YdTP@zw<{m9xM0fd^oJ8+O8{j+a2{ag^lf_pr03?`5(c@%u$kcJ8d)>ZJ zQ^$XSQVMm+IrP~Y;3sVAxC&~IAaWanzX^oB_C$)RqXX&;@bsv|0Yyld(tHbOllX9J?@1H+433d>`l!p(NXI#AL%}f3^D(YUy`^7{2qVb109rq-sDe%^g6H6V-5pXJ?GYFp^wV-97b621}8ZC+Zts;T1#QTwD5)UK-edOeM_y&m``$FT$TvTSp9qIQo% z4EyR+#~bg*sQI}KJcrY&o`ckJ*~QjB><>v>V?NuVBp1*%#B=QRG^e5V9ETY8$|eT& zhoqwcUE$$JBUn?%a{%4t;T4f`O&vc5XqAUMw8tEe#7iu7%yIq@9P=Wjs{(b`)6ke- zh)A0C!r+YCe&6Sdp*q@RNv(w9lh3q+v{l_2ll+jMRgzIdOZ!T*a&n-oS}`| z)bSo*2R;5iEs$l-Ur$p3eXW5a)@jG05z-W%9NURhC8#-qtuuApa*6W;O&#}#ia}Jf zolU5Rtd^F>q4p|=n6C&+vdaE|?-oG!c=)>r*3|KGKredur%1V`jyC}M%)=epV*&yX z(bVx?2ps^&{7z~05WSv;##BN_j5J%5eM9P4mOnoR8jMI?su)_tOC)vt1P-NQ4oVZ& zJ6Ex(V>UX9s{dl6>MAyM%vNU+%Hn}3ODR*w)Rbbql5OfZ1Ix_V$#jH%XH&-wKxpPkVyF0>UQfd=oeZ>ZoS~j;ucsLS z>{5>(N;A~&-1RiG0M7LU8Kr2!sIq3SMGF)hc-q>>xQpa4y^c;lC7;00wPaSW2 z024y?zow20z^sCjJQ@m&XlcWC{q;1B0Tz2gJvNgq1baPA3(B1i!nvOGDh#tEdp(Vi zE(2k@C;ficAt~7uff3e!8j>CcC&_n~p@X`;I^gxeb zq>d*oMen%k%h704$F)(}5G8pg`!B2**(+;xI1gCdd32 zgd066GwA*c#+e5}c#Nb6AmW4WcFO>%MjLdKW8TNhN1hxDx{2>YIpARzbn`b1CdGPH zXoK!$G_n3e@Cp>!H}^sJ zLewvFm?7N~-1Qo30Iv504rn~+{v6nk9)Fs6Ea;|04!T|rMdw;Lv7oyNur??Xbjxo& z#3{rY?^zN$5lp1$adKEO=w5^>J)$(|9*fTtQIgAfFoi+)Y}C#p@(d8On6THLNKv&t zRKY98Rlx4ub9(kGjA~uh)14%2rU}%P>0@bia<; zjSew#bEig}GJCzo*MN3=_&rK1tU-4++9``7dd-$dxdz>J05$h;hxVA`k$8y(-5lqh z;FwP+9R}Sr=0YOUtOVWk(gsivT(2RHo4Ou0s*5w|e(*7zxLM^QDI0XNt>>umOSV-& zMeceHHnxS(w}k2oWb>fkq55Z(OqM=ut1*9CTr$3=AzbkmA1Ku?P^ zv~e4B4+A#Fy9h#~ zz%kV+9R}Sr<~kzMtP8qj`SW9-LATVU9z{3AOC;#7heN5DgVKcc&Q)yC%|^eX>RN16 zUBw37G6YWms!K?gQU=}BluDpp$u{Ud3Ys3m-Sa_M>Pcc}5OmX&RY2d2Gh#vaC&0e*csrU=PG;Q&-3g3d9*UT# zy^F?N{f>jKw}D8c9>-YPa}a`Vu3~x)LePC8m3OCdUa!#$F-sG&|262I1|_p;!6{H+ zL`xen(Os{x7~rFx(3QL;fUwDvit#QUbPMT6RPXnsA&mKSG+fYq2&$^0 zs4bMS1Q&F-2G|azD=n0un^xPPI~*tuO*BvpFa1DC5A+B|(ET%@Vy^mfG}@qhE-DwI zBrj**{>vuDvPJ&Q#HXi$y&T7TD2men>UVfdPR}KrXsm4rx+^{DY(vm}1C)EV>i~l8 zHlBo_n-9ws()06RnDoTpCXAPXBLPOWbp`G6-TU|r8Tmk4<*Y9l$Y&m^9Sqs$yCxX2 z^Mf?OALT|Nd*T^)3f*7(h*jvZc#03%*F$P6O7bcEZr21q-gP1SE`Yx~LJ1-JtB@=I z6fOcm36yBWYA>-S$Fu^WqbFsC>`%ZrGXR7kB&~yp57~F45Al$l95WLyH+pg`WGB89 z(7v6+Wr7_zrVZFeFc z0x@d|d+mu7Rof#CA^TPMRGBvNcc+AeDb2TFHGg;7=2>sX^xT!;6cIt5oT?>ce|@

    w?W^ClDv{57KZF!qn3Urh~YaQvfqIZv5>v|O87sDa<8STFl3*N3eysJ zhmtrNvfoTjf8c{0Cl<2H5ik+ZRfKPkTF{XFPmbg~K=-6cYsk(!oSJ6fHA^SE!UwOD$q+CPx z-vQ;q6lwM!ZgkfgLPvmOj;FMGh~~*@%<)8|Sr@X)^5@4uLw2c44MuC#IQ|l{e~3e= zn1j-U_0Cmn$j(ORQFTW)s;*)~cDA~LP!~d#sgEH$HKkauWE-;g0O!**JvL-N70>~% zCl<1og=s}7$$o62tu$ftYn zY8yiK$D!P_HB>eguFspl8ngNAB$%OR_X^8O)0Cef`YW6Il@`j0(>~3!3gm#P$hcF9akMBu(w)D5O8~ljx!3e+_;iKLupH?UtUE_{h(f*4k4PANjd#jSYM7 z$j>M6USpu#bLE47_9*xW3UkwbJ!30o9s|MU~Iq6sB|g% zm12KRBF#PWvo{)8fy!qo)t9X)T*b%{Nb5HO+DdpJVR0!w@>5)&^(tT=`N@i`SD_z8 z1>{`h9{E`V)pZC-Q*xrrt*cEHqq>uW%y71)_)&_V1?+r}%WuiQ6u(p@|S?E^SF$@HgcRc@-eVo9;bY0X;&p>!SySkNGAn1K}+^p@dh9? zb0nRreljt5b=W$Au^vKV9!FbrSWEf?!=i!`1 z130gV6qiIfk@JzCtu|uT_{h%=5R^BxL*B3p@`es1Z|-z&zQda))KkJEKO4LT>q>s) z=ZS>m$wM7zPKl5FWanhr%U!EO-UmW+D9AU#%UI4({E?qL1XARxg0~|D8{)E}N)(7S zO1F>vBzE8*=$b>y-KmOAxz};fpd>G&x3!c$*++ghM0G0%nQ6ou3XVs9%Hc&&CF~mK5OJJ@S*v4tWy~fk08` zk3I5};*9_`BP`Nt7asZ90i9L5>?1$PG5zr}h-5jCl#EAycJ^fZ$WL<2HF%j#vS?Oi z_K}~W>;Yhp5Eo^N+edzi{OiEhr^(w#eoDW00{bxyw~zc3y!2aGU{J#L?IS-$e|=z$ z(s298Pr%rSyGMR5M*XA2*mpy^^%?ib&sPC% zjuA}YS?-aa-+}S7W7+w#kNgx9%Djzm4ka9d@R6TK0XxRy^>_f-M}BrfZ7(8`fei`g z;*p=dz0cZ5ev)X$<7H||5_sh2054%5`AMQ#ikB6Xpo4^i;2!z84&dfEA$;T~oBaXh zH&P-y!$*Fyox=6lXrKhmSZCA+UW)b2L1;r#;EeW>pJHntVEvsEJJR-%pCUgF*yU;R z_K}|=e=D#%)8y?VKV?(&B(UewHi`S~;I4>;M-P23|t%e{kL z1BwpPl4yl;kNj*3u(cy-Ue`YIQ7_Tz?v0jN^{DzkNgzo z60n|%Gi7B|rp*Kh^IfpMj5GE4Vn38_ANeWtzd+4>*L9Z0T9SR_r;v^Sp;?S1-LeOv zd*o*~F#32FPYIUb9{D)};3!A1n0w^s)u^BAF!AniYTP3~mx1w2jHPP)BR|&z+~Elf z76Uc@k)OYSk$TT{TDlmGk$8)L+c)pS&lyPQ#eC_kBM=N5H*;xkNms_gxfty zf~m|$el7#yg*Yh+q5LC1KLcYoifsM)LAUV&ae&f-OLb~yIWv%@YR%h19%MpCXFN7yUiEPu;p328XO6%7b$gQWn#AE*;!DY`$ z$jz)pg7+xw+C$;L`fd9nE@bP60+y4 zV((E_9vTlrQT({~fuAJeSL+Vp@GU0M5_kvCIs13u%CYw-Bd0&`p`J5=9GP-=kFv{w z&G0xSEItTNc){N?U@xE`({pTs-N2is@ zLGy&;0A1zaATYOiLYbF&z!y7C33{Yh5QtdjT`_`p784rgFNA8 z2*`nkJmH6U@AHKG;PZt15X%#eL&fDN$^Nt^%oE;#+B+O#&W~Wt6FvfHrH6+T4)cU> zc<2&BiBv;W6mdjy&&s`ddXOi4;sc}zIbOx2gn7cUK#EY3W2443Pk0n+TR6l_j$q9b zb_3MM!_y*I^Mn@y8tdU}B3Sc;*8sXb1{+Zk-i*RKbCgcgl^;xe1Hc!Zkqfw6a0i;;%EMZ%U+dSb^VAp#*Gf%h>*b^~am9&=jZJzKo5H@(yLs26(Pxv*k z-5!_GS0ikmFb7^;gd+AE%7>QPJmJwG9Op^wi7;(PDCT@G;`gf>%gqvWXNDs^#G_#FpcR9q?08jLU^(3eUmqR=Y;BZf% z25ni7JDWqi5`m2z1IeOUmDwDkDEl7RZsMX$ahpRF`MggskSL+N%^^y^j|O&Z z8g6rlf_DdYY8q~Hh@$@@V58G;n?n?Q7OGarU?T^Yw4%dkbBMxR1=hQ9rZlHa zn?n@lw_yDqXUfW`Oq)X#W`!?ssUwPZPg)n}4ot8)M4@*C^^_RhPM6Ig3TYS!6JjLk zmK_$CL!1r9JkR1O!4g~!@lk+JI)cSq4)IOYZ*!Ps?V)L_cy5Z?k}yC+F7m6=2Q z8H5B*pK6hiq7cgG5bJ``0_9MU6a1iQ0Tp7)nii-|*ya#rRXPXM3!NN4gmRKekQ^d| z&UTd5O$oOlo%u0(If5UVLwp%ZiufTdhsZ@r>(>`Z4$n*c?IqqUh~CG4hQcM#NlWHU zw!g_^a`Jx1=B9--j@;O1JF%S^axD(SSZ=I2s@tF>r!r|*k8GP8>xtU49Ad5}JW1du z%k$qXRE!3EMVz7l5XRmDr9qGv}K)#)GAy=KT3F_NbALJ zvpuweP$IP(T@znL66?pAK@#h%?+}NxW5uMX1$wdD7UDYY)FpSWVX?R@WG$;@0#tD%H3Sc`BNGl61DBCXU{Qj_IhJ zNzn~dsIbjb(ZEH3mJ)uSuuLznXA?JMy$aYo6)QHOeCP#QOLI0)wF}jI2}x7+1+san z-0!iJp$KHQvn|DKp6Wo0PGHr%K)np zHc#~^u$Mee`Os3Er`iO<7oNnPn4l$_r`iuf77hdHZd#t|Avj1pPet!P3hWk6qJ%uv z$-w%1oDwDFsYZb@$+Mz76_3^|&W9YSDK1al`H{J(JNMf>Q#lAq!ijds8+Jk7(1GO5 z2>0eWylFx`CFG*^L+l@NQ5Aj!^e?$6c21Tcmy47e(x?f1s!3qCNv{Cra`=dRt3r)aIi8M0M$17BW8(Zzwo&QF3?@ zR0*4lYK)3@UV`sJF`J9h&4Noq4F+j^Tx2gtC1?(5C{BNhG!=GfsC!WJpcnp~7RJ+1 zs{p>~34f8G8eAIcQ-D8v0ySvMdRW;sRQ69eHKNEE8EO$y32CS%V09{i8O2aO4b>mC z5t&qLpG!kc0b`D5Er6%1ecB6`hPoe&Cmbt?3TzrG3tv*2H-T?)93x|uEwgFUP(u0% zgg-n<#!E>y4JD+CKjS2bqQgO(tkEtF)dJv2o*-_(Ikha8hB_OJ3p`8IsCyv|)edI^ zZP=!vNHnwYa*LCQE@eB>lWiJ`9P=DrR+F6KSG2J-6qS95@(E$_`&b%^;`>qlA}rEs z7t&Dop|fh2O+%4m>h8w3A1JCz$w)&z=*cz>MUFWQFK3c0npK%iLy596z%C;$hAD2- zP$GXbuz6|nHVq~HUJh(!8gA22f^P)2H4V3EDAB(M*#0!!rlABczXz)>N@%}LL&;1x z1=czZw`nNBPXl(Q$IFQex-`@!sGmrTeK(|ApK)oZ8v!ne5lrA&E)De*7|%PFoiCe) z5)-xn+fF=~f-nuW57+^ZOZaWmP=&u>B|r%b)agbV>URWRI$bsmMWX3|mmVcaAPtr6 z9oMFzNHk;dawR2bT{s9X4RtHP1#v={hGMhNpsXP!8ptpW#dfx#d__vsjCDp$Ly7f& zgOI(~>ao4EX(+L^Ca}81gORjpD3Lz_*hy*fHVq~61Az@qlecLo*_&JiY(|>AO+z){ zR%ZdQC0<^g$)%y5NBwI~Hgpr0hWZHLPERP$WkNN$G}J+WS^He?bvHXr21%BqLjg5( zu#tmHoKc6-rlEw{8LWPBrZlHan}!nRD6po)nX)n})25+>c_&zp#hK#VfeAJZCG>Tm zZjRCIblNnOkamIaSBxaxvcuxiP!)g0`j4W{#Z!VMxHMD?fX6w4#atTdRMZc4n0R+M zH7*S`0gP!ema6e-sCfXFdV-{(qJ_YxpK9$I?)T z{Dw^ciu7E^&!wTLJlPmnJBO=B1oLduP{KSDtPB5c^d)yhRIexZ?*XMYSg~v5Yqu`X6!fOp8)#K!=L*>$mwx5-;|b;Cfpp-gvPKIOYdRR|T5L)8B~Gn88G(*_wjvlC(^s2S4!d zD&W_-7Ian`u)aS^Quc#%hD3^ERSj*QQe2Q-erJR z3<7#loS}`|y9`VLHp}DLAHV{cSARF&g#ed%f^^J}-ixSz!(r*8*NKJ{%J3ypi_vxQ zF5ZFQ(?6XLsdtsa=Q1eCGHgEdt{SL4(jn%8w*bpQWAD^^JfN-~E~K==>Rkf>4fAlt zNV$5~BtWw~T(WmvjT^o$0moFObm(0)W)%@>)_IrQ#ov375f75O)E5{h@t_8INs~X} zFQm;lC{0*j%es-h0|6VYb`Yv-uu*j*dj|rx+Jev#gyhKP9SEo?#d;;%I}kJgXGoeJ zdk2C>fF^rA>Jj#)VK<|C9!jz)n`p~f%(HhOcm&liI!LA?^htXMf{h^T@FcNQd{XZ~ zz%K0t`gfe6UTyC{P!WSu6GbdAZE1%3q`Lz_3xMrCK}N~@rgx-XU9$*KJr9@cn!FCVJvgQ>r9;=GIsJ)9vo*!6UGkgmXyLmI_;eI8AZ?g5 z5vJGbUI9bJZI7Ybwl*eF%pq&S`UY{gr9m6mY=0UQb6Z;U1EGP0yxUS!iuEzKJs+H^ z2?XDP9_zNl0W~KidSY(d4b{C+l9#ZFnA@I@>WL1L$qIZ|ug%V@46QqmYcMCAQRZyf4>641MCU0nRMA9UhP!sNHDFc!BYf{WMW+9}O(WYsTFxOM8 zjd;|4%UA<&y(frX33&4CrvE0&?F3ialM$L=3SjN>4OyeU|ezYrotlrLCZkz<>>0u{9f4jirzEB9X) zx-l-Flm8kRI>r@p4m&WB*EshXrI)r_wG;Dy@oFcX^jM}w{%XM4@IZduEN8<~wIP8D zZ-a?!@aj+V5^3s{Eb6UO+?~pw0Ja)DKUIM-ifEKOR;xyQ&-s+o_&;u*#~rbZRkig6 z66t9Zym{U>*932##}Cp(@l%)~iIr1Dd-9IYG5XyWo=-mL5Fp}5{^ogQO5xV`D9Puy z!eQ3pMQ6Xr-8}DTfGr(CXLtZ-u4t^O!2fSTq!;l1j-yJ%8QuM^$uZ+VxXP0_T<>j^N4?i^1X*u*TI607!Q+Ty(+Z# zyZ(?SR?aqw!%$=}EdH2&W%V)fR=|!YF4m0@>vSdK9cKChIoqSE-QMq7%)J!YB;p)u zJIe0))})KCZxO>({uNM zBS#Bvo=4U4O9&nja=&X493-~r>~MS%oOct2knk6SNPRIRdrxJ3$QJ`J3mxk2dtu zfTD%cqh3J!d+toCsxFNzsltCZpu&s=eq~7b~e(62OK4j(@)UI)e zVXtg>rw^HVAJAtW{w0F-=6U-7CD4}WHTxsw=Sn{+0;=QT4()MP9*Gwl<6R*fj&nP3 zOp@Ky=Jq}ef$lOrf?QzHJCx&nr%i*s9hM;Sx`tV-L~vaN@xu{7J#Sj}#0 z+1Oe_`Go4TF}JPVhU!mIlH~|#KxVhK`%s-gV*=^u#kRGTfYtK2s1CNZw4xQzj&X)I zZnw2(02|`*>a;*Z33v0n%K%RI1nF2bLK-;85G7KV!&vbUZe8!na~`5QgjG;_>!pe!g8LDM9Hb?aIg(BU3#9x2!TK}$fLJ)G_#niwgD z&>(P3J4%Q90~&KV5oxxjOxmsjS^oSO=pI1oQun}C@e;XtUJ(wZVh&0Z);m|RTUR!^ zg{n_vqv|Sl>&jMtCe)RXET!DKQd5fcO14|qQ@}YaKd#5_0Zs$dnvm$xS+`r)Q&4?6 zO7aXg5!(Y?i0aE6B-0W4o!z?524S8jiT)t`XO|uW`dpk53;*8*w$0;%X@>fp+q(V? z@PH@CC`Dtge#b#Cw9a=g2F9L)kg?+`rsp6;@E1_IMDV=d^$Cbsnvjiegk(YsOC84l z3K9NC@HXcYQhKR)X+~Cmo4*mSk_9 zC!`&y{>GC|W6Yf(@^f&_C$neycIYaX~(Y{T)qO;*6@J9fybc7Nj@BIZiAB ze+RW6I>fNAJ_3KX3O@L`4Lpa_s-A-g{I`lOzS0Q1CO+3iNmimRjj#0f)y1goQWs|gUcCrsaaOso%6_rLwi;G~#@1|0BPAPwv#~COjwck0zz3ju z2uiXep;!by0oBtSq@x#$z;6e($m60qh`?#Zvp`>sGhz|=hrqt{cn?~j=YAJ~{{b)? z{T1u9W6=m{BqT$WNd1Yi6c1qpepqGaAsT^qfQl|ub1It%Bk;3Pdx1mD*@R_LvJv>@ zfM$4jPy}lPeg~lYJUlc~t`Yc3KyP?B-9t129|57y!7(E#9Y)|Z=1(Hhtc$>9`SW9- z5xCT)YJn?WA`$pJ97@F;lqRfqu3{r_HhKoe$c$s7>MAw@XRBifO(f(aaB51iUdc8B zzY?4UX?kn~J{{0=UQa9ne;3tTP?FcOiC6^w9jgCukW5GDcQyhqMAxdJh`ibvMBwbw zu|V6#8LfBnwE^KIPkI>o;t{xz z27)lclQ!d>9Ss+OPeIizPoRt?xCs0qfRCeerG;|)YFce0@Nl3wG|@mYyz~PlJHY{gYu$>T|8Y8<6%;)kHym!wxjx6)c!;X4n{nlu0lNbP#kk8 zYF&CfT^~pzkH+F@F}Dk_Q;3W9cszX`>MwDaA>B@ci>Ln!@J3JIfX3tL`+z;>@xzG6 z;%Q2}0en-O6N{&J1N#$2;%SbPI)zx{Jxih@f{7G8PL3GH)90f~4;GE5Tj29?)KQgV z8OGDSP}`qK4Irl17QkM6B1P5qFhD$g13u|tfQ&XFVM_Bpp6*uDn=w82b#PofP1O=l z^N5gmS_B7im9X*jcF;dVNxniW!+3fhYUy`^;B<~p>O!{`ECm#cr)vXk=(+2uDvYN$ zvY#gb?_Cl{t?_hI!mj~(+e?S> z^rxu(-U(_~!+2WSE`>oZgAxvuX0&Ud_DF{q_SMJJxpnZt&u!p2oL2Q5#M51BxoAn_ z>5))&DHS%Lt}vdSiP~EoV%V!#JiQdq3JP;vXPcK9Da+G9WLa})IbyRP3kd9s~p56&;kHj~1aXoNJbks(T?dcY7p8zY{+_;BYT8c*K@6}MB(`D`ML zryoY`(+)A05SB&B#?x;C+T!7{5v=j_w}AF~__9d3#?vX7Q3XYs{fEcFOomWXaLhDH zhw(Ix=|M!Ab@8+;e|`)!o|d}QC>SDMBJuP$M<5{Kpfq8u43b9 zwz`JU^@L<8Wk#EtQmj|9ji+w{=chD1HlCgfs0?gSJ+XMYCaUYAB=2Gqv3R--s!w*1 zOh@QBK2?a*9wBdQk$J0Xrj`D=Z*o=e_ zE~EVt<*ozaHcvW$9>wEnAw34dbDmU(F`tfxi>KcMxZM*dV+k&v{sUkFa$RYm#M89e z#?#?IacH7}VtDBXN_wD2FyiUufQq^5%h71#=`&Gz9!l~v_U(H%;p6F_@#!*P)8n|0 zr*B350*}e*xr7sqwGHv~2jHr0h^O~Kxo5kjxKDO|PCZM?>z7@LSK9asT$IkMa$J8A zoE+`wd{!OlqLXg|o&6n&I(bo4n$BYedYySNVP;4lUn|3e77;xO6CQPRnn1dkz&G~% zibVYn;7CaHKQ5bDIK*+*7reW{Ta?6OEz8w+BZtRY-ULsQCSJcaBH{9#mY#&mclZr} zkod-p7c`yiNzgQ6T~bM77^~We0%=M}db6i(Zs%=DPeQkscoMo@bB=9}ZvstkdJ>vz zcdpg6HEz>SA!+9jOM2q1n5K#if+4s8nDp+)IH@=!4aNirY1aIhrgKBm$8TFrJ=Vua z(?ik$V4~^zcVeWaA!+&Dwz*#K#z^Z!(ga|lX>XjgCnQZe-f9Xio}w32J~9{rKEzct z@zKG-h_?+%!*N~~($n)|q`@JH&z2GrpJ*0nx;iBFcY`_p%E${~)59T&U$luPe!UxL zdM_j~7a$~NpaRmqki-Q}NIb1N60Tb;ca$3f{7!+{aeIi>nv&lWkQ`#QrdQ;lBg+rOE z`SN=Q(7vJ_iJaO-+A_;Y5%ffQr?hrkZkE2`A!qx;rDiXZC}W}STR5$Vio zWP42OcpnWeJD6902q)jhf_uySPcvE0^dt_6o3V~3*IBvVl8YWD$a!HF~M zTEP27S_vMv9i0RZpW`mH7BAlm63>K*M3;`z&{^Q=&lvBK>Q=<`EmvOqwmIKgx$Yu& zlb4etrR;^WPk3#INjwQehKKQsksziE#ml}bl&uctp&@W4=TFDs3BfSLkr%yb_Tk&I zL{aNwZ96*GeMcquMvUX#s*Kz{PhMJKu~FHg&yym1fs0%!bJdTEHQ~(ayrzMy zbS^QOM%KMLyRU=j1ERlpXfQTXbLMb#jkqDEFB~s(>F4PtvnO{tmHZ$I{F}5cr}ev( zHJQ~fg-T?U?AVkoC9@#I(JbiJ|7&b^=~PllCn)iUl8I}PA&tMNFI1_d3dTSf{+f34 zeZw=2yx3v>B>M$t>i-yK9%&^GGl6*TW#F2pkM6$@vm8vdd&>ycg1j7SGL`IQLg8x! zJ|Pp|Kb@xPc%v5gi|C>@#Q0Cjnu{uFP+!IP~gS)dy9ivk7qzj`R zkBGNX=TOLclpV~zFM}9Owsb^ZWQee`;lMoIZ2UJ7VTTjC8xk_1Tw(N(2`98{%M3W2 zP&!Yu7)2H{p&T|uy8Alz;e$Ytp7I=Iq8B;og!&leOn3SiFPVXNyXnmvnk@>MA$}Sh ze-Aqk5w(Uf;h_}y5tx3ftY2))+`9I7g-5+s8SODX(DvlY z51E0&(xrQW=_gg*tnf!D-&t2ZR2`2qI0q8ZT2g9Yw{8hmmm1hh-$b6Fz9hy~Jx13O zGM@~aRL)Ikh`&ZFP5g%t7n4fzBUvxR^$L4s*J+*Ji;_gB+=!g|-y(C`zsW`3S~wzS z#=o(n26RU3bn<%THIVflpd-!=h)m}T!1OX*y%IS#oxEgzUns2Z!{|__Gq{xAdK@27 z-=H{XPemAis)#({J=V&$_wYNPOc6%7D)J==>I=@#R=$hxxiUoOuPnm*02OHfKw5+=s@8i}sy;_w6-oNCJmoAE@YR+Mhkby-vs<4L1S-r{| z-ejz4v6o0)1&O)z+x$rbXFJ>=lh!;34y&83s`@B~4y(!B zI4J*RA;pBqhN#@3);ytLU))rvgCDO$>TYG8v+rI>r;x_l3#7t$uiTYw_EgW{_R`{{ zpq8F8qTxhpkS7xQTt^DoY@*bIGxr1FM=KDKxQ!BAkC-L6yf8!Sri%s=HYLT}!=ut7Q38Gux_7=^vCy`A3(Ip0nRRmHcCGkP0~ynF&aK#bGr)k?S9) zLCLbD67`SMa+Ju=FH-)&?cNPZL2bxr3VebZ#Ch31;QaB0 zFxN)AI(yFTNkwX-8!69C%|gz@I63)dR01FPNh`X#EOC1?XuA$MU5Ij!SlHxwHim=f?o!O=-UEdgbu1kxOVByD1Z}%} z&Rt1GT7p|C&u!yEt`Z!#Tct$>A9{S36x0$>MoO@S8dUgi(4rFL<(A;_9-h;A-%2*v z9i&3;a~E>a;kd87nrj0-z&SQ4s3o9`lwbxmsPJVJwl;XXz3p&j#u?SibM8wjQXAY! zd2Y-Xat(twMOIqB@Hx|uNkJ_EWuye(P=g8|OkrDswYeo2xToiI->;Gl_5i7ner?=Y zHndZ{l^aU)l7d=-s4vW-2JH*Kvo9nkFUnp9z6@BhGxZsYp^)-ZWm;tCdl?Yv)JH8a z5$T~!xe~-ZG}*;#_OH~%xxW~9@hW#4@7KFt?jH7s0?C)aD3aKuBwd$1Ep*Fn5hP@p zC+KLIHy32H%&U5ZcMuG*8Xz$Q6Yki3U6up$;78Ij36)#}PL%n3#t82$)BK$#H@QKuRt=WX+IjsPBOg({aj| zLPUE$x}zL#Cg)ezwq^D982q2TSL_peFOzBekarjqNWM%+>-YrnF^geB6h40xOvRK2l8iT(8f+8M@7lS}$4OE5nvp1x9q!-S4a+?8 zwOg3mfa?$PoZW_0vUUrQl4E`Ym^9M#I5JB0t#3wo&asu1%%GCoC5$c31-VLAjKTa@ zS;?JLlDi5KpE4V8qwd4so&Xdzfv(u3)hgL&5WxBSC&71cO<@Z)Ik!;F$9c{W;B%aD zKaeUdOstYlxk{cs#B7}b$>SiF(>Uy7(l{a}Jx&59jV+BE zkg_zHuUihQ$X2-lnpPxmZ3>uBW-!d-1&fJtO|2@&evf@&K%{!yZE?LBkV?))O=fyd z;eiIiT^m;SO|ADTsed^Rh9#*GN*$j4f0=? z1KJVJil^%*tQaR*k!M7v+?*g)Ywr*I?9Ud4cgJp%c{%0%0ROd8ZMdm5@3LJvS*0Z? zjAzAx!2GAy7UzoWp6tsB1!q@Qz!@>_%S_26nNVQ2{mHux3Z&{0(0EEBlW!|$^3MZ? z&4kFJ5hfERWL0l6=^IbSgDmF1O~)zMnu`-{Ga)73$K!3ToN-IK*6Dw`&UqHXn{@ZA z#W_uN-4fgsTL^FVT{%vd)WSn}Z&?Tv?vG0&E$YK>?8FZsEQI&s?k}fB5FN6L&hVW2 zBTaF6Pw&bJz+^@|H@KIDFyT%*(`qrBwVa2K07Tj>_728UPTKTu*E!p&;;p&+^jTJw zIrZ?-*`9N&h42>NmBWq60`W-XD;C0p+hKX6MQc857hd~fA-n^3-#I6OXw83Ift!MZ zOwD;G@5*`1WJc@oo`vof!n_ANb+xR$ciOs7kEYCC8-=@Dnd9 z!Qbu4if1_}g>-wfHO;6iThl4w0fl(?ixuWeG;sHcYbt}nUBzF5C1sDMSh)|D?Qsd1 zGzNYqcD(X~jo3d=u`6L6n7*ygiXU#}_!q&FZxmT`BbW!eTqQ%Z_h~fcaP~sFM?7ir}140#RRqL#a-1qq$(4*9ZS%|8Kg$n z&Feg;B?KgobyvX67^KVb*3I~z8;j|Fmnp|VpcINF6GKMvxKgp?m0JD)qGE^%OIWo#8r;-p2gg7hspj8W-mXKa3!o{hU(*u88{V4%T2oo7C6lY zDKp%=-g9<`fS6%4=W7P(ax_2NaVA;JAGexv90E$A{2axVFg28APr^T5Sdpi0HX`Rz zgo^^ll~6>Ied`4gL6_uY_}}N>>PKY6;2f&{v^hmJmJMQA6-e2VmcQyb&uMa~sWERX zUAeoIvebB8y=lKmc%vgQV!ikdRMh1EE%|Z`pJ~;IAIqrDK&_X*FrG|r6(G(5{ZEsr zkvC%wMLrSvjXj$tnacXKL3$>(k6L-Ay0v0)3p%!*^4 zy3uoLO*FoH=_w{cs>_rHOzJpLbE`=0+TuBbASFvNacA*;W*0?V`4?WPnUNa$mFJw2 zl#0PsN#%bTb)B`45_?qDb*j0#r^dehf~^YYwZ!r+|Lba!1)mpu4vZX3Ha+L3JYiAw zF0vR=R$dTmZaN99b80~A-POVGN02wZrie1w^zS?AvCD81i zkA(MDKq~^IJc(lVSKfXRj~W)L4TqfO@izwYqtzpF0Gjn?E!N4F>8wUUV3UuPuAnY% zA$}g|+)9uvPMC6;biy786xBvi?+_(6$$=`Wg)4RamM8{Jh^MGV!${RoZ;I6*u|#In zsA|5_^7SM%*PPpwH{9}!$bo98xsi5JoV3>R*jg766*b60qoP`#xWt`g(q)p3c(AH} zjXY^1k!I2fj|5f*WV&9^+c?yKao*s6{M;rs;bEm zAfe#VSizDsUuD~CbIAN9ff!nwon1U2ac@-388St>!?V;P1!h?cYo@gKCs76o*6G69 zSru!nD6DsQ6$;mhGj=8`seZj z9EL)vP5&)*sdI#>r=d<0!*nAxvb4);8vZP?=@=`eCQ9%pi2U(Y$ZMmI)keRX0BLlI zi5<1&X>%>$6H>r+sjN&xoah$zMUmc%c#JtAORU+P>SlWZ@JAY;dN)ZCOJSTu6-9x{ z-tN|-<>c|Rcz|RhEjTKWX)7R4!FRh2IHw#*Z8>1g?QE&VS?S!wV5*=@2dq^Du+JO4 z`2QE?_;{pOlqckTSE}*Re^gwc0O!b5Jrf!V70@gKNdHR!hHB^TMF6w6qyAZO#~u^& zWHm74+QzH{(eo`!22fpM3|TF=oNT9yQ`s8!hDiFJNSe9~`{_vfjYvAdzAcjeA(CdD zjPxy$bRnNDi+d;7uSe1y$fjNijP$FK^sq=ek@xmUdTt~g+f!}xd!*vhNJWgf4+V9c zPJ6hsF2H|tbo{e`-z_@ky9LW7Qq3*68<7);YTB~ku$lI)Doyc1cpj5DSU8@mccgns z%GaM$Z%2OlfOwtWN3GQ556$Y}+BCwyep!#xHCGp02DqTXpvF}LZ;@J>Kw zY-xINk!&}eO3r16gFG7_Z-3?_j5SiRRn?ivC1Blvk7N?L_T2UOulc2 z{1KYw`)(rN&F=&AB|hGQC|@bi$G?EMD`G4K*Ad2+nov}Vk4l_HhL-euk0tE`)`9p) zNuyr{N=YRPIdj8gqNJvfH-~>gPz!l$qL6nk0eJ;J-imY~@4FJj8zM$r$aVLC_*le9 z6!K{)aOh<~r483YLwuk$6HCzrsCczEf>>#Qr_amR?xxDk(V!*M>(! z@JUKbAirKv%uRwJp_|3%Fi`Ct;Shg_<+$>PrBYy(eq1mcfH{R2Mk?j-c7(b1KVm+L zFdHI_hhxM8XSU|ECYnecqt^u>F#gubyWU;p7P>E`~-<@{s zkzk)DGrI?=Y>2zDFwC}=SYV+s?E%>Tatd^$ef6_=ol$~j0>T@LDXmg8PW zw!F5j(NV&dWx_h}Uy3k{xi=BmL2~HbRP3Tk)g<2nvNIA89h7p$h`s4IzW>>YTP^<%JBUlMhku~G~Zjzca1Xqb>U%1NJBN5 zBC`x1RJ=lkPqD~@SfM6INZr38HGY&cjI5&=u(L>NW-2u+m70@E$s3F)Cw;g{&u)Fo zuqN+-0xO|cx1&)mjqllQ7?>LG-R;(h-lyBIS6lo(-F6_}oO!rS7G$r96fNvG9>THZ z#b~Ufc|BE)_wzoOgZ@Uz8vo9##kSPR7x45g+gH82nXU=eHuTuV7-_Q3wu+z|vuB z6exc>#NBz|ok+fvO!?*?#o6}m#o%3I`MN!zp!x|V4*~GF1?h{jYBW>6DA@?!XO^E- z(po`Mt-k;WU`MHz%a}35mw7$;i%!jU_e8cGf!UK1EW1i5s8b^E(Ev;$h}KGix+gT9 z2*4RtY3iNObPWKvRHdn}g5>zj(*V3+K|1WvAH-))C_}>svH*GcVydyamc} zoZ`7y1mNR6%5BM%~^%UJ9^vP$@@G2t{^B@t03bz zqUjz09;-@|aU9X~9sr+KrO7xB+s@rd0K7pPNBo8UkZ>I8TErI4){_U9cZ0t^ z!Z7v^v)-qG{1gd@4oanFJrZi5m__(_9hk3-y?kQg1P6iHoHcVX8}T_YXQd99I{5wl z0s1}Jq?h8m*V`Z_XD2>zIU1_neW^M*JDo);k0I!xNeKTR&Q1?PUGOq;&{?Qgw@*+g5fx?MquMO#JI%^G5_JC;FRMW z4{^6Mcs7y3iOai~j&C)`3m4X6xH$y;a{s10O%xccPuE%Y}KaXY<+pgRI1 zJ)swc0`hWip&OoLpo-7Eh2AsG*89cy7J4Gty_uT?ybCjToAE95LW?mRy@e*e!gBN$ zS_-T==q+?#V4fs~kxDt}Ei_r5|3{48LK73fPO3+46=@1no-^cLkc4t#1^{f#c37`F zKn+ONV(Be3)58c&6ga+xKE^6hO^I9RSdZR9GkvK=s}CgFwt1)UVKAlnn|H3wJ2Cw; z1m0XPU6fvCYzFdUe7q0e1T4AC_yyEmmg8?tjf$XV+X|D$>1GHzLZS) zW|<)e4wito!t#>?y_qdU$yxwzv!L{BAxbuY_qydLm6+K=s`WJhzY@f1xs1iL#W_*k z%xodqHiFe#<0EBP39W#+XOX=70dN38v04S0dlu1jBmi@((qv`}(X;}9%c|03W(&5R zdlvu?Sdb17^at^or#GP81L}&F8Qy6L$5~$4adtsfwIwM1(`@UM<1_%drDeIVkRLhD zoXB3raR_t|KyVNx-i*O;oFgKzaU5dY6A>(qz-lt%I3KX0SAw^id?}gojpN9<&xgT# z#`2SGZX8FH{2PGJEhz0cqU3MzsxLK}B$XJ)k!m#upaVgymdjY|IOC$a8OM=q#{e^# z5-ht)Xa$VpNZuy_a3(>qS_K)$5lyQBxV0)x#&JZ`GXT6+l_ujjY&&-=0N-1X`V0Lb z;W*S4-L$?2$I&@Mw`$uU-2oqO7nG%DlYK!QW;t&4x4}-%Ch}&IBf&o*!Z7v^v&rRv z+!P6j4oanF6B3@lX9ICfn6HeX@{X7w1ELvg_o%^V9-K{DyrZ+n7jNtL!6v-`-@RT0 zF*%#?9g1ZTbURaZayIErD&PJn!T<4WatF#1EJY4FYxL^25#`c&pKc?NsmAx|HU@E1 z!v)z*k-)-!k3d6g329)~B_0%7oRt_9Xxp6Gq~r|jf8*n|eh0kNpwJQIJuS=aM1C|V z{PbncY(k(r1;J62=pKVHD0~@#&7eSxdp?3oB5-O@=nHZ8PVnv{UrLr56y&+qtKe<2 z{A7PNgMuje8G!8;lpYjBN$oSS{>Mi$Nh&def>f&~0DMWRRLf;79uzi5bu)v4WIGd> z<0-+it3+y0ki0Jd;3|S>tt7|{3Zm&g0G_BylNl65(-TBBV?M26fyu`BHEcuZa-4_|p zOf3YuHzBx#618J6yy)f#Y`lmV_iY55BXG)#8nf2FfVYEuDOt*klR3P*9;J*=J82g8*o|pd5B;xeA%usbw|driKf$T~R}2EbR9# zG{lyW24-FKAZ#=;oN;bqWN3p%%9&s0L*q&Kc-OoKUU!<(-mP2!@>Q1Q-b{WpGTfY( zvnfiTyB@)Fl(-`XV`Qj^z-DA1#@&YCmk69186JeVn_YpYzxZg$QX_->#HIsyy(~Z3 zsm;hBN=5;2hy|rb22nB(yi+Ydsl<#7Qmrch;0yVsS}tSp$Z%m)H#0Iwwl4zn4kc(+ zl}L>YlK1xj>>!BNN`lPDAeu_heogVIq{)m7qNx`E{Rzs|WJU(IojVbLBP_^N;Pbp* zXP^S&Jai6;T>LGZAfRGdf;HEd=yHSOc8Ck47$!*kRKCVIJ@EWxf#Ynkm}tI=BJy_L z*9&mIoq-;St?{Oc@*c4Mc}9KeF3K&>iBxsv zy(Ic_lH5A4u>$p3XL&|hQ+kOhIF}o5TFig1>PW3BEm`yYT&w@5@@QrW(ZNJR1rFz7TnKxD z>oX{2(q}MAPyPjTmT&=B;TH@>1!N&W59Ma$DA#9vl>QoOlpZG>< z%ZZRbp9scL<3=Vs)0R2N%cr4oT#DMWQ@cHjFV(#qnXKaoL8|kIOTxL0pDm4dZ+dES2&H z&PAqB2iA`Zeqe*Rum?7b3pl)8X;)j=;k(yAAd0uIe?%1TP=8Sr?^M5U6z|+%Tomup zU``b8+F)4}-?MJiio^G+9aVJr-idghM0`+b)Y8Kf1{=PAY`oz^6Y;SL+3^Ybv^tkW zWjM0#8pNBU(VfX7x&%jGVh(eT=uutH9^rVCwEl?xlF$SCBL+x9 z&*YC7C<#52KVpz1_E2quCDBt8LnP5x6Z=bIuqK8EoEb-G;s8mE)Wm_3I7kyCBr!@8 z2T5YICPqtQj3y41#KD@FAc?V>m?VjDnwTPqLo{)?B*trEnj{X@#4(bXpov+MI82Z7 zk2ony!<_{~%5bH#+ygQ|jX0(5#h`~RFGj#KcLC1_`aC@t-j3MUZpe7R<9Q)Zg#{0h ze`GNR1SZdOgOR;uDE<|6$$aEq)!DV3iN{Tw<&4~068YMJNA{`qGGOPqMI-kUq1`UE zLjAM!HX}4Z5`hsKSj`2DLc>I8QY3U>ZI0STXt*S-(1>c?0h3|lpkr!31COdlzZuyk zukZ{o!sQ6A6LVaHnB2$c&5R88BS-1s`}@gb;DnDL{Kl2(dgM3{^~bS4(BF#?JfH21 zoL1NuU*C}`iwUJpm!A{lU6!UEEx&ZAA5k^yu6fy;prSv?JY=Z>e;6RY1aTLzIN!<< z$C0D+vb6gYVp$rUj#SS{o;3Ty9Q6n171HXLkW7>7@AXvVsyr#@T~kZN`-%_0)SgmTqFDBm0S*K)=sM;m6G~=r-);{nr#RX2U@MP4fSo{c5rAUl9Aw6FCcZrpkr}&zI^6!(Mkla!QUn^du^?K3*^d}-CZ&7=E zLNYVcH34g60N1J<53VXee(j(-$LBSn7xOS{;#{hhXHE+`HP5#uJ?ME^r0}$BT+3uF zUXjHKPr+8rKUsc}!_%=b-x%mrSsSfQvqlwRJ%UbtGX8!qyfZ;@XCct4kA6q| z{pyG+tuuP3cK&;E$bT#Og@`QeHF~q?_$Z>Pj;-pozvYlWRvpDxnR2*{VdMo&<$7wb z?MZ;Rm2~Swk$=lFF^YU~cNt|=c7-Rub~=%~oKBWduu~LVnNpxOQ7w0C5g#FdVmeAl zk5s@H3V1gHFy@5QqdGj`NtgS{0!-B~mrzUftBqpwYt+#{Bs=)%FmE>kq*`j=i$tt% z4)qeD9%`v7U>bUzH#^G2koIuTvLwB;)w*=myl+qOq+jXK_5cd(IHT_nn`v>@$*}qw zCD=fwa%ZSfz9BhoGXDzn1%E9A9^Ll$L=c`{#)U6{rJO;G*) zfH#i*{>`A_U+851qYTI>CC+CM-UM#A6twWTKA_b{q5Sg@3vWaa%%Fm<`+&xz%!p%J z#cQvF_h@h_Gb=!6l?skoEtb6>MEx1;DTpcS;2!b|+1Df1@|e}Nn29gRira3?)wL)s zuk{hCe;f+(pnE$){GFt^!hU^G*hL7wcU!Jl z%BGy)S>TOu`%G`B7IpUz5n$wzvvZ=XE zn2RvxKZ4l&=NY`q;By3G-=Jv$59jL9UmVKDxZTV@1arUGK*KVL_myz6giC&QhxHrb ztdYc%5`OFibs&~FLmcexpORJt7(uK`1oU%$HH!uR#78ACIpicL#j{t~3Gx`D^g*2z;vIm4V*M@|@p9>9_CW z%l%#A!CYB=y3E!c2H-dg_L>kdmKmH-k0A}=6?sIS0MH@=Z$jA=bE2$X??&1y$|L3~ z@Yh&ny6+#HR76GBu|f}n^+a05$+gMdAS&{y;zRI1%Tck2F6*qLik)O(6DLuMQ$z*d zBOy;NPC3;xtk5BS7v3uwF{5I34RB$2t5Rst8z-t>Ay3qv8z7=MaG0 z;5ygI;*+SznbIQsGZL?;I#uirerIA5wm3^#c0)1M8g}_UF=3mSUaZZUgI=9QHP8cqw2_jGN{7r~%jviGs^)8T=~B zx&t&Y4U{sUp_O|}Y&sbLSx)eUQL2(LOk1qTBkqvd^PQlvjGQOkh{N`XXE@+Vgrj3e z;vDw|K~nGzXncs-a+q}Y<{%z3Uj*Zwh`Dc?xdn{xEK}VhXzE5y?<4^9$BtUQwO7(9j969v12-s<~=1gEvuQfjEpP(ww8Iix*k5EmSrVZecBBT!J%~DZy^S0`VlJEt+%BoP?g!BSjCeiC z+l?|oJGYGAoaFV9WYFHtl2U$?>$Jy5wb3bz{W`|>8wmbLVq{(st!kN0ZXtD;sc$hd zo(tFl3pMuZ;$mSJ&0IuX4#X;=SOtUX=5jCG(GjE;QI7%fbdIhbx*cR%jHu6m*czc^ zn?2~MbrToQgT1TcBZW74^;W*=&(zWuh+YEDP256$As^EDIJyZbRT&f@E%&b%hgOyAaLeyp; zJ|>DZgE}OYfy)!T!^SvK=p}k2GF3v%-DaQ0_*vReXy{Pack1bu?JDl7J|e;#)C){uPHlDyk_+s z^pWG-43}CG;kryB>NQ}g*B~NZqXTp_@C>^R>tB34F5TRBxlE3DGeDmo@!ls-2cG$E z8Ouzs=__6nEYQkb4fM5E!i-5LDeD1{*ISk=KQB_zQc;;W^%i?4RNi=KJAo8dZEB3$%JM12)3^;JZw^40CgA^%R~!gaCx za>`fhfL<2y-iUqmPPdG8O8DyC>QIA#9%dzsuidAtsUXj?EP2tW;XkPS)4)3~;?HgZ z{j$ai*6RyJ-0Q)-Hv(`GsVhnK*k@voeHozl2$WU46k9#^*_6lfWvRad_LqekUwmFs z=01U_#{a@IKYYYS2K7S9V~N@ih#^EVTSa9rNO>$#Gk`eJqAGdp%aO+tdns^hB5cBA z-*DwL6kqM?J_5j#7Gw(dR>~u(>SG|jj8N*4m#Rnp39=72QgbCda--Xl?}Lp!l8Raq zDYh{lNuqdUn}3T(K6MZM@857c88i{$jj>SFBgv9w8zNPC&jl8ayX(k1M#&*RdTppk;4(|qwQ+pqZLUwT)rpww46cQb^vs;ATvZ(^JEL* zIW&kn6ugn-CkmhOk_$d&H5Z5lkrs8xYt9{?Q`h_He#Ksfy9E;A)`CRTA;D6IM5HQ*Y;-Sv|AUXm-3RyHltcCeeZPqJQ0$N; zUamvd^W;8aCeU-Ngz>co$~qI|3oXk{41vw{jE#FEm=8pN+##^F7v0Fc2GC{#WiLdE zr5@SVOWug^wb?rWbM7-x<7@2{Wp-PLDg&YwQKT8v?)tJfb0b33Kp+lC>&o7g@<^hN z0b-FwRr1J=S_|Al5PJo1*GJfdM|SlZv%|B)x{m?yv;~>Mbx(O5Rec7;)(E8@cZYi1 z-ym0qo2a=GLtt;OE}J3tI4WvGq}axI9Esv_Wdp?Hc05G?8sKHrzYtOXLWKS$Ebe|u zgj;3i4qq37gJREFvM1{p3^C2W78&2h%(;{1OcCDx%6k&zmn_S@g?^~ALyhbwV163` z?j%4q*MkGJ6(87$Q?+=aRD_S{S0xi9lVLHYE%;p{jOdZ^Fnh0>k~>Jlz#m79Z01Q} z)cdB!9*X^{UMS8&z)rPL({x98iH)W@L|p^K4LPVIQ{G3^GeEqUMrGHfypO1_f!JYD zx!#xEptXSa5nJ~`ybl^5tw_TAj`hlE82N*T-T(}YKP@Lm6VnY7>Z!!Q!6U3&| z4ZOZbO~b~|aj~W|z`r1^NHOzbMK^DzL7Pqz|D{gQZ>@9{vot<)atN`5aJhT1C3Cv`zqx^ZB62 zp_gw1KYz4tCQ56_pKLe*@jxH6}B5AqTLt~?Z$|3A6zipG*5No z^Wtv2=220L|Es|@6Az>2;Nx*e-Ps|W;3CsY&j#Zn%XC+>m#XZ=B6}lPcSr0S;!b>t z8f(iY^Z@YRi7=u!WSP;HuXi1dfIKOhaDZAco(d> zH(>i&sPVKrQk|Hn!-1HQgZfvh6BD%@hzruF?1!mNOw_-Cc*3G8b>gj2CnolN;J%Eo ziB9~yC);iEx<&_XQh<-NiuOo)|lSiZ=%zXwlhn?m8fzO{28vpTrI2 zehk2u7G%142QS&pSswpUJfFr#Drma-7pg^mOx6m#-N~2oYA#!qFFz9+2;Kpay!PX- zWBF-d9UX})ds{4i23Y4r(lgjuvOmTS>D~sO%Li-{=v&`{U%bXVRvqX~^zU8``ej)> zDzI7~Lhvgp7Sqe54O8Iilpoo;5S=}L=(H1MT*xC+hCfQkzwqc^@!)I(^vPUbxR(hlN%A;vqVJqED_N=Dn#^- z3K89*LPU3{5aF{uQOE~@644~^4e&o8MxMio9__2uV+@8b{{7NU!k#ct(^m`fl4}s6 z%7JK;gUaS5x8jK!48(zHRJOOexY@QMYBmt3T2!UsYd;+Uum&OaD&W>eSQ);wB6ahU zOL;;!0QQoFnu?UF*~}wLqP_v*N1{kGsK#m(^W=u8T2JC3AU;V{)4b&K38H!cv3Cxt znWD@VG*O2Ead-}@xuVQXFHxrhu{;OWQc-62kf>XL_*V|9b)FnPFi*LOdJTwoa!_rx zjxq)mRVV6KApXojwbLdwDfqt7?gwRs3^0OMAT70%u1uO zJyOFkQRe}1F;VngGg$BM$pS`iwz5Rs3&g`YsF7wgy$HfZg+y%v;&Y4AiA_6Y5ABrR z4lo@IVp=`ja_eb$bwO`td9FP3($!b5Jbg5ysXg-=a{Z z;%x){7t3?>wrjtZ(M|0pf%l)cz?qCh9UEDu`nJjIIOnVvH@l=kkVT$qv zRgb7of%qyyMbFg8+D@|co+jErB#P~eMvLw9pXEF;I?vqDBBGNVBC=sZeB#0DFf`RT ze7xywmV%V&XMjFG;uVpn_CGkU8ST$QQD#?UTwa!xtAV~TlHl}i9#V{tNAf4Ye~}oP z#TBjEJ`?ifV2Wv<8i0I_&kq)AY%yT zJ5Sa}@qPw@e-Ol`vQOek)UG#Qn*a9a*!=Tt^CL3j21BW;`451%jK#;B#pd71X+G+e z(?OpX@!YuiPl%h})eYQ*YRIdAUSlOpWlu`AYISg*#OGO}=lPBr$?_p&ZMA*a}es-$W2we`?1s3W=-IS~~ zB-5t0ok;u()y0t7C%?s?C(1q^Q@7-O3+%PZ`YdmhQ8X*P^GN$4waRxxx9Wb{8+lh8lnd}F8-Afa`#{HbL*s;c)H zV^J@cQ?3TvVS8tnST(!1K=n>Ue>|FaS9 zy1D|qoB(bgIZEDLC!~i+=1~%vk#&Pyl^4f1%Ack|9FFvHnIdcG4>_6fUqs5>j=xyO z750~eqlLVST>DHstT>0-7ykGT@71L%t6+=t;KeQ(3{E6k{yBax#)N z-~s-MsgPyTXAm+OGzTN>jNmbseaI zfP@T!7GU_2yq3l7LL6hh1huCD_X5j&02pD7`G_4%2xGnktXs&DC^#03$6bb{O#2K% z4rc*>=hMDZ!FNnPcPe7PBj%IlKe-rnCCw+!m)Hi-{Lhy_jIp4_D=02w;a1Rs zE=c;HQNfo>AxoOijC_fG1DZeObOgOmLogUYNLnzHT7-Mf84x=SkdQ%eI`v61gMl@; zh&aZ42~I>Td%L7R;lp!{E>JAxoOiviK5nE@Wl&X~C`3BHYz0 zA$B<+A%oy)s*+@*bC7(KIL3Sl&PObK59JG=gjnzcxs3S|&=BFCXM<7wH82?S8HB4? znW4)NjAI~4z8%#69YH98Bs-jpB%hu8_f#NYEF6C^0w#lrQ0hyPr#Au~7YO+jJ>ZR^ z&%xD~p|bBZF!-PFVf!@@yOg+k*CDo=IMV#0>rrXaeBykG)d9`#dIQ853tk4el(DcE zXu-OTH584Vr)VjR;mSb_Ifvw4nHPXc6w_n;`ZkAR&XG9T>hO$Fh)n z633V?!3&6m#VB9+C&YqrIB z!C#cUnZa#$L6$UMa+BCyp!u!tLEzktpeBNlw4f^gw-OwXEFkhQYato^p9Ae720h*cgbbfS$YgLe zAf>mFyNY6b)Ew|JYskk}0k^F}K5+~9%1QrxPHlYmXTXHImfbVwnUqdY9OB4gX4<(e<-|S7;Pz3--I9>^*dcG=LcT}L=gZJS3HTx{{}TohYxWgl9T@P9UH(_Z{fJ~K1OLjc z2p9`*Wo+8lU@%sC2x2~i@N;s{{}##n$z{@?{2gd~*OFhd4Z-OQuKEL9p)m-V41#xI zuoK9g1&IgUyKzsD_-W*w!1#l=BVeqQhH38Lnmn$&=uwDHoW6%Mu6cG1X%nY+LcEyq z{E5>$BVL#BVB+*Hh&Nz7oH)HJ;!PMYnt0$b&bSsLTQc#$>4=N0zB*%E%PjRbnmGIT zSqG z84EuH&Hs2Oz!H<-3ncvoeM47kl~bD*!#?TqOD8EuV~# ze^V0hk5$4t^AO{|r}(6W`}znjLJ({wcTs@Y=j4*+A735$ljalWOY9`j{3~k!%vexs zBOr{0*MJt3A?ZKPQR3Mcgu71`u^xbg41zh- zC&@=y$i>7l=1b5a1Ka|Z`3f+?$&d}MBZM(u0uFxR<~%Ugk-?bHAl#e!UIWelCLh5c z3`h$*91jNnH^OiGB9iKz8MKh*6X#3p0MPuSn*q#NFb3dK z#=<$E1xHYJG{!@JRyi1?`5Y*Hi5&-;|5bAYPcilyf{?V}YHAT~t(J&YZvh5_;6Cb; z-%DP53N+9mU~w6m-nRr+|ss7{Z*z4;a>I zAfKCJ4I;=r+vnF!;OKiJ+&;n(}nu;Q277=Byfx3_%fbgAGW18NQ@iD!c~ScA;;MFV><-_cX`MGkX` zlJ{mDXaNhIGeieryz1ze<5rxRq8}g8pM{d@Ol6Pr zxw7Wlt=I(x^6t*NU%~;ONt5O~MbnEI_f}4KviBuqdPFiK|7~Qr*#wy>PSG=kDl-nr zsYuq>1Ks^S!z*?{A)Ab1OR*op6Xw#=#^1PI{atYSm9NA<77%+)F%h?7HK=0ld@15|^n%$=qoW#}00}r;C%#_`1~~L05gu2Kf-U(n z{KpgON+NYHS#`}-os*qb(=hQhIl}e&G}m4%s}}r4ua2p$O&j}-u<1RNKlnfvHvbjR z=S$9|S5AYskArS|^^0;m9#p9)Zxc5UKmW-O4_Smm&k(d%?1!VQx*t`Y zQ{4V=oO%V-I}w452wcj@5@0dLbhk6sTuv9t@mg!X882jj%dL1IDVh;&E2n4Xfy%MD z{I{lYQDT#P0=7&~1&bOEL?-mp;zI%bo^sm}NFmxw{si-C^hK;n*ph!sP%|P%9b-_V zy+HAXBG54otFgF7O|hnSx=@DK0`tvyT%%=4(Tr$AjRt@!v(4j)Mn-OOVe$rBoQ&Nt z9f?Q1qWosbUR++3-%Hcli_2@}n_g~4#aj98boS}%6feeRPR%c&yEy{24szBfAHIWDcEuC$gTdX zUpP0A5k=F#+cX-Pf6rmB*x#PBx*9h1TJw=5e^JM=cMTw7At5&7FZGagU2{Jl-fJK6q;eByOPy{}~O>?EgKF^YDU zh^!+@>v#=xMAmf#(jDyxojoq0t=wZlS?YJ8P0IRT24~*Nlo8(YqqaIYFEfMhM|YI-st(Sd*5e}*EKM}|nH{S&`K!lyA#dgC z#ZK`lhvU7MD6F>=fpl2jIY|@A5VY+*G)fm%hgX}eaTCQIwil?8XhyW5!~RCC7=p5o zCM<;9(Sf{<89#&;5efVj|`5A0`#T~-=+H}|>-eNW2o?pFgQOOQ_0B})qJ(9xJLaUWNY*oGLag!0Q4X*ya@=T5I0Ev1oK*Kz8Q~e zv<%dYh_ObEaaX$<6z@(1QY`M_#5L;oDr-a;UYpG~<8d2(lN8N}Hq_{5P^Cs^oJ+V~ zagFM3i)%CnnMjScuE04gFuV>3q!4?7<#ZvK*GTitcwD3Lpk_pjH5z~#%>~6moqQ}XHoFI2((FpPD_VRn@bkd+mLtfc zEXksM6@VDDr#l7X%c#I9nZOX&{pOqTE(~zF70)I$WJKx8ahXM+VmfrPQ?SiyFWC+g zp`XCUC_djQxY=zq)GUb0OUq+yY_!Hd*jj9Dc$!^1pVAELA27Ub2&CLIWbI5auW{y^ zae4ZJZ>)bn&4?J?;Bpl0SWvtZ5r~fQ)KNkduL|?cctZxb+={iJW<(4+O1bS`{64I? z9%S!51Y%8+D_N70PRXqdapnD}-;BrBECDsrkP)S@=8IHLYr0)yp}0tcAr#$*mQi7| z5oTeHd35b&QuOLrxK|zi zX?iQ+a{T`~dmS9*QT&scs~f)LmhB}ncDh>k(jQ9=~2zUG_p*dd01nh`PR$d*;HD`lqj??H2+44dYL(_aDTj_q& zIH#y|27cZ5OWY{3DK47Ef-3zZ+S}wxUUV-??iGGtM~gM03}Q~x?^_YZy~5&M)A0jf zXz>;y5Q|dqV#%!Omd(( z*WpoF=YcA=(Ou}l$as!Z_wEKf6X~t&yDx!t?=32mBzAmnNaWrp(y|^}#OAaiDuJ!^ zx9xr4V7F8)YwiOFyDij*a3At+LRwK@3CN8Qx>^H^9zoMB6>*Im^D|%`Y!}HvP zF3%Lotr+@yLWSsx??nF+$IOei3I7@(8AjWLe>c^%-6s6I3!Nqp+l2L4)0VF5ZSQFQ zwV`DmPHV#t+X<(dTU>^W(adPqM7jD$ony>-BmyJ#?{RJnUKLqBa^FnoaPjD!!~z&Aneu2MBIvT zpi1+^yXG>vYIf1&s+;K8wBK`<)sf8obZ9}QQ=Niun|)^Q6?hD@xE(s+YH+>#5y{k6ZZ=Ko5bRdr~0E7 znXJVSV6_%o8}4nO#k1Gp-MwIVQxHhGTY%+sA(+=0=9}@@Rn7x7BVu%wWhmO!pm=K$ zh>kkcQ9=~2=gl|cv8%iRYDUDMqm;*fi$}ql-+}Dq{bj64vS>_Nlafx!yGCnAVC@xK zvu{#EMwG&uzfn2w6;|JAMI0x#<}nb8?z}#Komg1&;JadM?2(rPYpvPv4TTo3`xl;! zfZ_cMft1?=%jrTeuQ$y%iJZ4^eGOXDfWN#z_@lBE|S(B1ZNehO!PBGt%$JRVQsUaguVa@)aiZyq;o^ZWl zYd!*YWX-2uBNo>D(i7LLlY-7%Zm?!Mw_L={MuCHQR!k z5iweGGK$s%6t5ow(eVa#ln}-12=mQ&Y|UAqW<-qE0oGb` zrGXX~0NM`>ZzuvO_d>9oE(G(MZN3?gt+@cyjEK>iEzfhDGePk#Kp;A1P)7+-yzVjI zjK|ho2Wm#dXiff9r}!mU^F5Hg?+}PJNv>o~N;)M^GQ?G1|M5`bu{C!CHPVm~rLgA5 zRL-8h8H*)*#nwC+LXkBanBAuGl}jx$>6=S|wbmSIH>Q4D;y4$8;a!P9%H2~o#t7#1 zsQG3*w&n&&R4Bu^dfkAD zs<+O}Smk9^PHvNdwblE{K#RurbDU*~>|@oJf-18&55&pTy3ZVs9W)g zmSv7pe4*Qz=c?ei)yYMAH%;q$59ywo#zfpDu?&dqw|kyxYvRhNr18{NMyE**Fe*Fs z3AxO}ZR7HDVN`P!n{T&bvQq7=MlU2y13ax(8 z#$)h%Zy@Z|)~)kwuPn&b6f;COE!5T9QImQzABuV2hJ zpdye#j>TkFW zQ=5!|XV% za?{Dsf$HGK3~oAqlX25WfSnDFw-AB2>3Lu|B}DVO+I%w}yXg&}W<-ob^NqF1)vK5J zb}P03BR)&_C?mPqrH$29rki9B>p8{OW9#@=3e*csG1@~4Pax(vwO^GTLVbk%YI8aB zk!{r@uHp{r#^qL=4PnVrwo6FkIcD*_!c3-{Zlaj8b%jBuHo18#AJj%IEXc?%3MNx& z!<}op?u|!2(i?{-sy8zdn^@gT9LmU_G-Qaw0_IN|t`VtdextlHEw*kZAl+Wm z=FnWDyk53iXM=5^}5lW->~HgzY1!Ko3zb0z>sIU@nnH0@kkUnwc++-V{=O`{EnSU6^1Et! zgcFX%_!Uq~%O;2&g^0a|Mwwg!s;q3NTc$Qf#Acnq(&=NqlXp^HX(zGaWQ>`|Gu=kh zShXB=wBy`H@KXq+pwVVzYFgIaNao0EoB3uuo|bndRb)gfrsexUm6>bqV%KR>Gp@+K zl*Z*&^afRm{cB>^k52gOsm2LcuU9O?cuHRaIjJ{yGEq03(sk=Fp3=>>k&}I+%B{^0 zphUcZQ+jG^6H|I>YZFs?YHJfyy4l)viu!H9xsOEU;wil}YbrNhHycsT^px)NccR%X z2|wD$RMxFH8p6^ltb|1Pb5$vBjW_f6q3+0i-pcQ(X&lC1g~99`Fzpqu5}vok(Y?=j zl`#9ce^@1)EC8$$&P?>fcb8M z@gk@h5#uW1#VS_`HH#9BRYp0i63iZ{N%pYLSbXx6xId)8-Uy@^=5U#;5(rDJ63Q>Z zosqqUmjK8c!W;CIbeJ^oS8r%Cf@YUXU7QNHll@?!!5vFD>NVY&AE*$N)rbZau zZlw-hBLKEnJi<&#s>p~|j4*YnoeTe8t8}HcU`NYWbtRS{?MikVHhapWHrwRA`5Vv? zxzfINANEgRKVs%v5l9;zDto9z^9qaOO2n>I2h@y+(H$R#d3FcI+Yf=5C)z$unMe0e zDa-3v^UZi{o+U{Y8PN*!bOTk))23Hdz2q6NbIijMq|IaZRkJT9_EqDS{{cE8^OV_* z)xmc=&fm;DsBO&CiyNyYMDuC~vb|#SbOkjdVl>aEFwam>yr~GpJkfq=$~?LuN?Bg# zn{UQr^Q=y)$cR>$XEdl{o}uo5yaHX2+~$mU_kJDJ)5t=Wn}H`WCQ_ z!SPxn5bvocd&Wfb+TVOL9-C(rs2LHXc?yof`F~Knr3l14(FSMAJi5b4SzdRTZ^mQu zJf2jM5v?%KJW$0v=T~VSuTCZNumoxI*qzU8gA16YUa@&PKu6>~m)Wh)D}db#9B&{3 zG0(qb+mdKrGt4*Rv3ZUIH6vm)Pgj^{IVj#51Y(|O$1-Ie-Lj-Cub0g?QHTv~eAj9@1ij#d- zh%W_`{5b)ZkzamHD-toinPeYLPS)hC20B$@^)t64N@uR2=G(1kS8CSce8-T^zc;vb z`L3a8{=LE7P19!ny}|8a=HGTylYfU>!vC!03|szEVzwU?W%7_@f?H+ksXW`Ka>Hz& z%B_mo{wcKTenxrZ=+SJy44LU{|9njga-0LA!gQ=(sm7P(*G`q;vivrwGF+Cwm!=0- z%2rKqMSdOg6BR5nTJISfdRdh1Imv8g@lT7Fk)J=lzN*(Y%pc!DliG&)evQ*hJilO`yuHNWAMSzZ}$U-v98+!JSa|M?zgmq^?>6qwd~IborUxKdO52 z`9M$L$|&WpEnTWx^YL+s8VQksk?NBokxS~T$T-z-Nk_gg5BKh|hQku3w94FyjnFWc z`tm0Yob4RU26Gpg(fg{79$8UTq11J1=ot?A5IkU&zM|0=!kHwToZQ zC9;UOUurcpPC`+rk#k^cAl!|1q!DJk#-uu9%1adq5uciam24sN$IoL^k?O>v~9F z%&Yo0tv`WzQ9@npnX9e3E~?JS4og(HVN~I_fRjyz*hpvpKgPZTOsZmOyZf;0S%R~} zFu;p^-^|*Dw<7#k`o%f_)K%RC0g@aB> zT4R8%QAF8tG0Ab!OSW80iP4PHyD4>2AnDUY(!;>kVT`*qBC@^g_?RZre_nbCF{ui^cPZ&0C| zk!U{zI%wI#!_goR%foVS%;N+@A1XX8M^l2%-2$wrn2$@j7wK7fH(snid#kSa@O|#mU4k#b z>An?m#UcnAOx+mdaWFXmI@hw&wqsgAIdSc7ZELJyx{cbq^H{k% zFfh2oNDI)pt0BS|)>d6%42$d4*s0&DyTA1s$L4{E7dsDmF4QN5S}!t2&&SRTX22@zmpVWSo{ z2U-|MLV(U4wu99Iw~eG*^IM6%;=X1x$?i_|j_o;oyOr2G?rC@MoL1GIMy@iuQGH{( z8#Ns*>X#sWe?kc%*pT;O{6}K^nyG%C(glqxVslIdJRHkf_EqBQV2i;36 z<2pPn&(rznEBAaA-C74<4+oPQfKOroD}7~S=@`s5P1#c2_Qc;$uX#1FwX-Zr-tS#z$IN=$u8^x27}?61X4@5ZBYT)i^N-RV z3}iR4n$bDc*;W_7u*c>lnn<;bT655^Q+@Bkvm>4A6r~^R6saY`_B{msfnU@giR*!I z?1OqBX^x+HuooVb@UVe>+5t~?bWbg=KjK3j&ipmQ&5{NaKMxNa>}dl!CyGe!QWXw} zYA&bT>Io$*VdF^(Whk>ZtQt>dteuIWmrPpU={A)v^i!>)tYwgyz$;?U6C}*B8&(j6 z2VysXpRP;K!@m0VNYa6yMeONRowpU=BiM?c7+CC`Rsg<(0KWX{_g&1f@y^yFrQS+s z#C8LGpo`n@KCHI~M`pQ$B3S9VI7n`JkxU)&l92P7+$sLBMGRd9n;- zB`!5R+<28Lbptk1>YJo?0a8m|Kl9(Wi}t9SvFkk|9q|r!!NmO~lZhKu7VT}GCv5}>AxJ(nR5ZM9BeS|?zVA@9kBg5^ zEKJ5^WJfHlXhdDN9F`EcrCdWWvTmvk+Cx-*1b8whVhVjWN)WAvBNmao*AQ(sV5KYC z#uQpM`Egzf#Dq_+&#)iSq8)1rC!G-j zJndEKu~d59%h;I>XfKt9&mrU+U}bX1$EDo+_pEtS=;fQ;6#6_+%4m^4g|=JTqD)Sq z&Gx>ZLYugsLK}KNh350TDYQXw3jM@JS4gG$*r3ks*Ue6$nQJLSIWVRS$rL*800XAb zcF)*Mq0NxTDfDAO^YnwkN=X4z=p=tQ=SSMT|Kh z=gA2L3ML$DeTMzyd|t>Eiy%%*pA7QodJ&yl3u4I`O`)8EFgZ77G2KS(cXBW}?-rP{ zpPcX9Bbb~Ull7DHyEf!c&c8!kCg(gO;UI5vz7rmBa=yLzRWZ*-n92F3Q}74KNG#e9 zj+iCyg{fZ50O5G+Gc1qc>)a{8#==G|d=+Q`rY@j!pMs_%!&G#Ql_;(`nqg#%F8dZK zAu}#sY2s#3E83!am<384XS?}4^jOa>473LJjLVcX=G#l7hK7vp(!BOGB%I)9=|dE~*UXB(ZroWD?6 zrce0D`V9Nd|L!X>&pnC*ws;;r0w=%m&84+vDVXq; z^%?e!@5hiU7D1@u%nzuPvfhxoE1djFA-a?YE&j1ml>@Sz1dt>5TAL zl1HVq11hPMUJ_xYe8o!nxu7aP1yN#&rcz#^T>fE)5uQ}ac(<6`ZO=kB-J?$+$>@PX z%=m|Ap)^!Va)6}y8hi%;&!hd}65 z{7NCZl*c>%u~Ou$iONzup?=>&mC^~=eBq=s!edDum2y9`;g)}&mIy257-%tdVnJ2T zhmabTGL3TiKQl&nQYn3)VreON6_m6olw`6>AyO&#C0R{cN^)%FhMSdoAJ3yN;N(}z zPDoK@DVWfBXRjAuDXoA_xMC5+N;w9VG6;{NBjDugjp$MyD*4AskrOT|OYwwjtBY;XOf*I5uQ}ah4xTQ>fVBqz7HjttWtjlfa>k0+*yAv!mW$W)uxDG$(|eo$wkK!iBUNz+EGMQ{ zBX%Bm9r$VW6~M|m66vIplN+!@0tNc-<$ME%<0wazmmH3H5omKbrkoGApWezJikaTY zABstRCx%BF`!CG!b#9m4UBS+-FeRCgC_wrXP~j!`NPIl0%pG}AsSODYR>mn1fH#~( z)|ajA0U$IhuzuO=AQTe4WpV(hvOCVUT@88%zFFQ3tmxxU_ma&2Ye_Y~(02>{Etk&y z4r0*<8yypBLwc!x7_Tt_f*tN`3H5!<1A_~f5XB#sAGlK&bKv1Dr694;-M za)5h-+{UHFbA(_5{uN~f+WVntkb=~8hJ`XYB)TBlljBm03R(`$o#R3J>h4i?##>V9v%ahaQE;Q#AShk z2XY*^(#Y=NI6UA2#c=VfVxG&P8L7y()V>?&lvN01FazV#hkYkcEk zNsYrj|A!?Nn{$=<4|?GPAvHP~4t4-~C{7>{=;=T4*$J~5>7^R%Qk3Fj7inQ`+cQ^$ zJFU;~C^`V0d%B?DSQ15rACAZ9Oygt4$8OnHths*?Nb>8Mb%xm9>}ffAGr_HA@-LET zE9r|6r~r`zU+3NPSuxQ&9tut^2(;{p7l1gK=$VP=450q$5K!jh*7y@35Jjuth?O#v zZgrPAR9VU;JZXJ~{p#);z{Vm1T3Ln&w1TfG!3O`!NQ=E{)=zT7f7|tAuKQCmVLym) z;Ol34LBX*kik$pyauPQL8Mj{3%NuL8B#`9m=XzkJFS<|8S0werfAy03>4S4SF9)nQ z*xcyc*TBjM&Bry)?VwvYU1w*u^v6-kzV3>Oejup4R3fQzsBPWcJv0;H>1nf*2n%V8 z%nt#DgVqV(7+@vyFG%J=yE|xS2ejTmPII)Tps=R5dCcXVAVZ$`IS|*driX$0r*kQp zYG~{o5Jlg^5o=;f&YGxCm8D!lj8sPEi5Cq+LQv@+e` z`4QUs9`8teK?|}!%+a$i;@UC0_~ui4d`57 zU}It9OL!5^xeTFBkMPDP8`8fX{t0XPF}?ZqitKwmE?U zQ;^CmT@t6rg=X#IJD3e)e?j{Yo1zR+rPXl@n{N!v<8WkRA+ix&4oB3_^AMMbg|)rB zTn-+O5M-s@ljF!VrJ7-NNWoG;Gr`G_wmEb4)gKO0*YuCIP%i@#bmpb z#F+|cMla5SpvD;>{9d>MYy z40skwn+;uZ6V_UvVJ~|#urXPoxA5ENxk3DVH$M`V9LK_H1Bd5rOuz7a}skt_yP5nG67( zdk>GL^Wi42=#J+H+=%M7hF#q44fk;WBv*O$<9HDaa^V|7$$nO;_WK7aJ@rXkNd(q` zA7RJVpiM^DyC2)e2-^=2CW9+F7LI7C{j0PnN+MireTKWy0qES7z{bMHzU{sBO5FrZ zbQc_v!K?TxODe*v)@Rrc4(|aQ3mZq+?*gsvNJ4=dw;^`arkAf5<8i}E*^ z>qW^1b84qy$e9IixMv_8sl9KJV+ov4?$%|{i+?=ZbbJ+u2Hd`e9&p@T^)p$*-|U$s zKoo6Jz;u&MUFUWjW0U0HBTJI}w^qZwT}dUeZd5PYu4IUb+hHqJ(wM{;)!hf*y0Az^ zjY^{5yO^w2{saLdk%ohE8_>CffR$Eyz1>Mq7fr{Xtp>E-psopXDNKE3(ZGzSZMW0S zY{pbE|L{3AB3Sm?BT4ZGC#7S~mX-hGEoJ4h7ZY)1t&e3d6CbTA9tkuji9@2!wb?(= zTn|GGEBp)^>550uU^rrh%xZsTqHVD*-xEpWW59SuIMVtI`)=k$U}KSij?l)} z<)kvu$@)5XJswL5xM*#bW2^A@*~oF~halTt_>W+y@s{v0P_;G}aNec``Vg5lEXS-N za{%(u7f$}WJNMzGl-r&)m@h&wUBWRC;b4>v=-inF1;>&odcBrR9J7Xw;$znE-dd%u z48wNM735(Uh@!*bh}M`%Hx@95DoeS9Mb>9{XF33#yA;@1L_jNJ5aC#mc@_0@4%5 z*dVE&-EXt?^Be*T0#>i`^Yd9zKeJdrrxdK8cR*aj&Nl<~PsbiIZISesAd3D6N9u=} zboIj=sx0La+8yZiLs30$x2F#( zP7Au!3=;t0cHDTIE>|4OiNlvXZMyiZ#T=#f0Yx+uPQLl@bjJUu-!R_-VG4xnt7k+}tVI2}aM<#0r6%%rnR<`ADf#v{Um)@Rt; zA_7`D7ZK?<2BUud%}DB?n)Q=>e`MSJhWQu?B@+figacnc6AKECB~j$$KPD%! z0-3D&opioZrv#FG{agX8DEUn}dXd!6Md#W2X$98%16Hr{$MacHKf_r+;|kVK=HOcO zqk;OTLm-)1$U`}ZqP}pXewayDKg^-ZQZC^j>oe@@=V)MK5dp1qLPYB44=8dzBNxFD zx#v71awn;J=Tu&Zu*#B?aJTgt?nwuLy>MV-5rL`1B1AZq$ee65=O>+J z>pceR9RaJa_lNUYQSTSA-mflL@AW6vs`uZ(|4-*kG6y3MW#Egt!IAo5CSAQVhbl|C zgfZ4<*w_1HU}F&ht+Ydg^`5>7XS5du^u9WR$8Hp}Ux~8|JhF;)6}xjA9idb(vY! znqa@1fSJp2*m61;!lMOnM1wrEfprs{*yyfXas?IcS+|X3~H`NP|tJVoab1KipLuX7#{= z^!U*%FG%T&_S4-==`dA4Ibim0k>`QABUAOql=*U2|s z9uCq;CFNNkX3_}3d!Wf2-UB}jm|7=He>o;5CNqh=1w>o1D%EhLSK)+&`;fzH+6Ng- z+8c|S8g9Gzxv{9y#O+(;#-d&(K1>y-VNB^4_rzz9Akcxg{$;?5(UDG?L2~+IJ~n~913e=jg#iiN%7XLY&RJNExY!@Xjd$2^{~aj=sO$REAEiw7`Y&nVI^#X9 z%9D3WQtAM#VDk`~8z5xau7oVel_Z8rF66C7iC(H>*LTAzGjW^iCZ-e~85U8Y4FC;B-k8m$;5GK-^BfmBSY_R9PxSHjU$8L zjiZ-?!)g9yVI#7R8T4$${#KT@F9pVw!B{vh?TlS9I+61A66=L zWKaYCfJtVGt$`$kpOO^HSx($IG6L<5BO?$Uc*Tl9ps&)QP9S>{RH=Lb=o6DgShH)T zkld5v0r;!}c*NrP?~g`_W;8*(yNR2AkpKQ@;-*`vhkt)uFS7k{snmBPja<4eIh{)% z5p)VhWxi8r2ko;{;PD{`d7VNVJYc85qd(FqRBqZ&sqT>Jz-wSPV5L*I%a!`)iH-{A zq-{{=&T%>7pS}NAX#WrY9lafA4&mA;dje3TQ_qw1+v`ykk^9wc4kh*qus! zv%M=}_?~+U*wCzxP?@>9xyd4%`Ao(;8eZ;OPhq@w2K`!8JyB)W!z|Wr%B>o2hB+(;|F8P-df7$aIx$KG8kt0;oYr2>tRFq5j%K8lZ2|#p|EhnYLk^tt> zH!va0qwf+Q)3g)uv|@9?eD{Y0sb)$rqjBN*nsye(fmT z9|Fz}Xk}~#qt2~zwCxRTImI>IuNgmk#F^5B0gvIE1iwe|8W3*6PfUL-o=RW`T2hum z2wz#BVV}g0zzRFFozONp+GpJloNa(jXv;q61l@dHP&ea2D7rZf`F3+0hDA3ow$$o` zAOWwN#lYt4W;Bj@ttv=+r=vAT*RUb+Ds;XH*yw#YQq_s6P}j*G^>IjFWyw#dcZ@Hp z-$!l%Y$75SshFX@Na@h~=*5+qd(@plwF`ct?JY2HElG*+%dC)FvtDkTRNweNJP-C{wc8~629mf{F6S)btrbO1W{m6sM% zJSIl*`Qnd`uM~e6mPyda)UkM20Y^HqdQ1q7 ztcmz&WF62^R+NsSu^R9_%1Y3PAu&I$kx{G|()($x)+6G;8`5*YiXr{rj-KuDiBekw zT0fsJnPF+o$FMls%vbf+6t(#n$Cg;znX_KS-`{{L8VN^Mce&S$Ku=#w{8$PsY`!Y1 z(#=>gh@8Yog{dW`LRe&dh7Y6zz=wkh3XUaFsH_JbQ)Ro0k5!~mDEWhdBwzAPz)H#M zy5_bOs{1^k^=)6zw6tlXrE+El-3vd>B;CtX>(ITNAH^9ER^li2$PcSXz;rJZLKtR! zhJ6xafE9M>UL5V*fYx^}r-ig-53+mdS0WxZknZJN#IM9pwEY&+(B_;Xxd{(jpJ6ZiIbdV5vU|ByeAsZk_wk1~jC=z} z1k&7tdL$bmJ=?3py^QKyb6{iP$1suUk0Xa2fQfd6BQkgzF%U*_!lBk@*v+bS?nq!` z;is@FoEMx6Otb`!$l!TFFRT~I3Ab3EVR;N+=hgrl3qOVZ`3C+F0hs7nI6^cZ!c>-2 zgm10Su=_L#CdhtPeOpsjXTbEjRg)Lu5cfiGV{CA74e?tP@kDymtGU6 z%qc(|K3sXB@96xF{q;^d4~$9=?EiKJJN9{hyMi5i_qQvlR!4hjolRDe*EgLs|KCVA zv}Kt8jg(qkuzY(TZ_CFcbdm!G%!KUhx*g5Ix?wK9vxyHh@g;Q|3YYubQqhvSEe!(i z`I)JZGY-ba-9ZS2V+0(9GD*2#J1KyitJ~NeAoZoIP zGTk1I)SJ~R{x9pgPW-?tnY6Chq9@tn!K!HsuiktY;j>E}7M&`m1x!i)$ zZABni2v=C2Vc)l{1~wL6*uhLh#17WY#D*9nPr?y_{A7e~A_B=m_|p0e_of5Tx!-_| zg%<+XBSL}c=Zdr{o99d9Yp4=fsiD_g4IPCl9um-YF`^;6%F%vk&i$1035HjGT!qO@ zxO**z*S(_nI1rwRpJe?}Je7bMUMYldv-KJFN!$gju(QIlj`r1n)(@}mg|uZ$IlO*S z(0ZGkV6Ar-l+g{Z42$*t1>N)pg#)jfJ%P=)-UYE%RRw8hI9hiaF{7c!Gl7kk!;!|A zG-kGjWO%(6>0{Dsr9NeS=Ej@JTcLYBmO~r46jc@# z=Q6;?!cSqZJ%;^XV4}`&glIS9412zocVFvMo*!Nh1U42n$Vk=Q4;&Vbw!Y3i3Yu*# zaB!i{3^b)tvu}}0cX+L+G}_+8?G{UEw3AuY8-_as1=HE#q+03lv|)|CDWqf0Alj`Q zq+{Z>)2Ubzq~nKxLy(RPBIJ|I^MCw|5GbeHir)%%X=PRCT>Wahw<=H|eoT{##`5bwNd6b{V^6B8=mURH#{NV1y~Vl zSCH|7JV#~TF0%j5#pPHm&%RyM#VpTGP^ScbTbq_V zP{bkLmEw}Eqb7^-PsBj5($c-Lbi6hYet07MXD8gKz!-97m~LnCW(*ne9wu%QM|`kN zT&0&_){{NW>%rG^J77f*V=%GcSXlYLLvi~(pv@%tI1<=o7fYDTeQ{&P^?JwlF9~2M zEzZ9vJ@m3BAy~s+avOdE;$HxI1 ziwp?vjtFyHHVc!I;)6k0v3Jl@`0nLS5X!vz1O(j7gkjc3rtaxlJ;KOqa3ot#huL~w zvPBVuU#!ot&sNDoWJ_cqTbn40P5JdBaikefqCMeA_m&(6-qw4DISNd1gc;Un*uQ6- z9ZHKO0krduz;dmpxA=I^nEn9tadbg_tOt$ggZXjq85AoswKn(T{4XL7{7h{tuws-C zVJaZBT_K?U>7KTWWzxAFfEC&gUKZMNKEW)OUn!$@CN#Sbv)D`&?+n6y@Dt5HgQpTO zvselt%&u9eEXno(cDx@vjhqKrV3+m=w5Q=X4p^VN}7?$#GxKF9y zg9N;8;zc!ev*%jOErE65X?r;P@SF6uzPLgWXJy@UHb4_O0!wP+BYrptW5N zEL+E7@3mV9hpYVtE8TKur;aP!*Sfrw9Y@~Fy zwvB6~wY36O7yLxq3z3F4hvmsl7-fBiz3jt*jmZja#FgTswY}RB>TEs+gQW#O&|L`{ zQ77lA&eSMH)VT_~{u>Z+@Tm>xTy(Z=GMvtcUc=pY{Ed)(TPi09{zk||xBWLly9K%P zOHX@+sfZ~2jgS#F-A4PECNF`nER3(O&&xUUTM$3#B<{??Q9FO~-RVxCB43t5fk*0;V}r2;mm%GwhRC1FWz! z+gV5ZMnLNa&ksY|vioU&OA6|y>>R6`pO6*ToEa9~TnXLm35l$uhI zcDAE6_YlyWbEt?Vz(&`=k*ZEig}P3f^R7r=Wyw!?#`+BVCiiYAA{MD=dzSz!&3WW% zY0g^_{~bTk_Mu2an>z;NCbT}+m(t7b25d}LXe0hfd^G23s`HkD>YN4!F}3{?b?)1b zQmD>~F*!*~96xxj!Q*7`y!g`m!PCV3;CVGfP*!T!lYMt`ffcKBt>!Gw*5@QH)H0Bh|-)(W)1z38z?}VN=bt z<1>Mcg$>o0ITwv(IWW;9aHO#$7gx5`Sj@E*iXnVueTIEwi7pDH#gYIT%MDBjjpZ)! z(OAAe6^*6w{=QG~!)Jd;kUow1agBvy#UO6Nx$T1yao`PN8n9vzFNnqCtkk^_aCSiJ zEqRrr{n4zrlv5nuJ^3|LX)JHtg2pmh$7?{i2|v-|r+6v>(^x2k@Rju$_DTE*tguUC zakNb?_F3;l1^_NX1Dnv6?ajv0x1esugHUuc5@mFag<;XnFzDulAOWwN#lYt4X7g#- z|0_s)r=vC3g6{J!d8Ra$&Y;=_KhgGmNJE>eK;$M&v_8XL_6%TSva+%C5+B3oE-PSa2NhK3O`s8V zo{u)~OpQ{g&f*Hz!>I)sKTH@`ct%Q-dPq&d-@PN^z#B!2YFiKIJ}Y%rP7>Ii*&4+{ zm3%h#+Jb2w0A9(g|7`5^G{cf+#fkXtF(@4Px?kwhbYCJ#Psd8+H3eyJb+qgPC^z%W z0k{weZ1fTwsSY0XN0s9!Q>UoaTkLnTWF!2?`V4? zo6`(OBBFXx2H{ZaGwfFxX963G3^ahQh_FqiW(2vxTD*YHJ%`8A?K1;OK(bX-zc_8P z<>GBk+-{E4FW%9_v1Gn+63)LB%+0UBN~hD&8Y!0Vv3=52w^-`!bcn4H9908W$jzIj zIT6xiN8Nm%cASF_l&m1$nQ@wuS>NAL5BwJ5_~$}~qMObbiq+n8;9uO1S5129(jrNMyIj}+aIlXJ=-d`$4XNSm_+;J89y^xQ5x0N+YBwt;>s_pD zwLurPSL)1onJ?_qiNv1328A`V<|b#g=!w^I43y<0Y;x94M%FNl_@k5>2%hLbIAR>L z&@yl^8O`v>j&s=xdr>CgBCY=lzKW4>MxCb4y;rlyF+9e=76fWzNr1H60cH~Td{dmbcM+n#reWF z0#~Z^QB|Z>s{%U(kqeQ7g$kB-Z#g`>lWtC5DNWkJpRET;BA}mPIkO@FHEIR z2JNDNwj!aus3vXdslY-zCv=~IPE3#c{xTMEND&S2ON-_-fZ26J++Fgq_j36MIJnbP z=PF-PU;Sxd!;-4>@z6^5fEF9E0y;Ob1})6Yd};Afv@O&Y;<)D8DUs;mI(!hp49lGO5i*6HPZl6kbHVTF;c2J1rwS>Gtg`cCVFwGLQ+4p{vZ ztkLqk4D(v&Y?XPanHzS}Tfn*#h#dH>_W_R8?mMf@gXP%&2R51sM-*NJgfwRPQUsye`V0@G1HgSjU}KSoK42^&u&Q{H_!Csw?|9Xz_&sPK-i$v5 zjkJrWu+#6laE7Hvdmdw7l=CI>e5Jq!wFh(S3fgV~tzSjxUz2u&J`cp-Obn=3o06a? zOY*5Fh+Q=K*4+$4bc$;7ZO06h!YjO)W#zaK2cBpxoSK@vA<*OvUFD`%mI)BvwLZhX zt^NdTEb^eqYY?F(ZxtW&q{A!l{nr&R7G10UPy$BN^j&wADgV z5{APcjo%_oDpk2BWY4nC_`DGvfX##iHt+W+AMm&yDvRk0~Z#~bE-E>n~)CF1;?5nA*{{cmvn>}aSJ(bJ_6Ac1OV z-E@14n(y>y(g&W=ysz|usmgI)@$Hhr^}p7(qV?Bum>Du#eKA@7)oi|M`fJp6g?SI_ zF*O!FtIU4$l{y4G(ec8F>&%spka4fs{v+V_!QTc2S!%;Qh+ z3d)Kl9ZZ#uz++66)aVoE%G>$Nh<}cs6g#;Jm3&H5n|pE;N@%pw_zZWW1HfmGfKB*g zN`#W*cf_xXKNKIQsJ_63g?=E74u&Hwfj6!sz(trtj-|Aw({u?hfuWofOE}H?3?D%U zfFu3D#v-nI*o=J;S&HAx5u}~Pr~}-{7MRUPJQ$=>7X9F;<41@b*3J#Li~38q#lw~eLddzJ(HwR!rRto*w^EaA%9GX ztjAU2SH(ArkKXUgb$Gd5 z6W(~LQ@zr>=m8;Dp!nGVHG18vN|n9Za0;ZIfS*_huTCYVqOwehaFz8L?m`EEE0Ms) zWM^YfcS~!vF`)Bf`3t~G?%X}7%oU|ty+_9X!IAWMZ6`_C+bC}mL7|jDXm`EWhqux3 zz{VmDHu^0{`vEcYJMzq8)InmSd}M5NX<(z1EuGFS2ETOVG%!pwmBNL<%z+PTRgEXn zayXJ#YFlMVO?cG$4DU$?pmR?F8w(qhl-c85{2@Fr(T8wE2Cx38EU5_54L-Ym3f2JF zSlB3|$6I(I048b=M`ZBE55Dwkd52n`^1O`wfQ^L>GDctVCi?5sQ-=e2JbogDw{s+5 z)@sQ>SY~~Oy|`CpnRuFw7kTW(a+2JF(-H%2s1z1 zV4`JkBp-y}Pw5irl`&{p3h2vX>pu>Q|-mIL+RNrO{!}eNF z!C2gPw>DU1$1pgU4+%Ytr-mP;Qad+ZiC9#P*V0t~K)kp5A$N*+l9l5}@hjosV?)~z z@5aiS;tvYM?@dVne9YX4{{q@7CkEmf-nRH{K>Q#|0_a@ByAtI{J7s$)=cCk) zEuEHT&zgg17t>U{nsy=?faU1s)l{)6NJtI_fJW!$nS@p%QY#@MS)gqsLQZqrNN5`++NfusIW)Z6c4b^2>d&->9Ts)tvJiG?<}kA7w@6c^ zUb#^7sesTSq;pdod-9?EB;dceKc;BUyf5zWU$m?H;(qG#ph@<#;&pDL6U)19GDM$H zZr8d>w=d1R5r=q>@J3u|WogP?ZcBgoJSel)x(Na z`lH<-V2v-opC=6hRw|);Ht$fi8LBgF>$c>b2+UtaYNlP?CKHh^r{I+fmMJwU5bFE6 znZV}tiRlLDLM{ww$1%?UeCyTGTBVvj?Je#C-e~NPV`Js3qRek{Vl517Fp08$4nYyjIqz)FcP zGK;0yIywl8t3o$?v94JDTr!~$2(F=1)PQ=Po|NNCq-bA)A7*3kv4#3ScdqrT|&Mj zCaKM(OiUb^eB(LuW+|?^X6%0kv_21G9Ig362aIAhXlDnsJ`bnW zq^-Q@Ii+#|ZF!Q12OaH7nf3Eb12&f{i(1Wmit4ITse=j{RM)ju>3q}3H>mM=BniNv z?0brh?rdLEY_z69kx>llhWoV|frtZdP~QM6Dzh&sFsSKKyTqVo;_(7XnFFVx$SYt_ z58|N%Km3Xb$twx@l9;6SBxP1lFJbb=pr%KijX_n_qbTH}k9jwlfLOy@L6^=xgN={} zeNw(M+W;$ajnYw>ucI;t1hl>~_o+!+x$m<|9Tm`egE}Ff7B9YEV$JAsV58gN$ePhp z_prXOb(GvC%v&>B{|ee(mVyYMSfAnj=>T-@KLusQk`C64uEk?nGy2)A88v(e_JE(L zG)dL38JX*?6iOHgN(UIk1h8@#^2e0OHKQitSH&&F$JWtX_u_;2j4XrGfV{jYDS`Y& z65icJIVqN~*7^+lMUroUjYS+5NzOv#Mf_%-P1;$EIv8yOv-yY}wo0uC8qIY3Sm$;dGhmSb=bC7=^Hrl}Q7=v^pnAkl zQjN-790x1nGNo34*TJbapmXm4E4FCfUCp~$qkg)bk!9u~jdstZ%6 zzV(!~hteyegQ!pg$dQ1~HC|^6{4k2>&I>Tim*h-Ky#MzCMYNBQVLzLhCc^jq{R%vSLXG#0fsI8R zjI#ofWAU5Wp0u+Vb&wb*9~tAU4C<=d(&0a}@mxA`R)QGkqrjBPMz%3dGe5>LUX_{< zh&VG5(fHB8I;CICOepJWX6weVG6$7anmE4Qlp25yF|b5q;fNkMCzW@lOp~aB?@EZ^ zR7;bn4-aFQUA0VEl$O^hSOWM6Ct9E3E9n666&PS+k&h!roe{yTI^G#R=lC;*AaE^y zGxvg{W-;mjlXrpHd?YF>yJIzMd{IznZ{xp!Nc1)WnRhnMu-N!0*m$$`5Yr8gbig;< zZf!idkCtcSr@TZPr%=Kaa5?ZcKDVH(Ski%wmoq)?-48c5ej(!5;U_kpr0Q+lT#=+u z!t>T=*xUG)kUyqG+W6(-SH;W4hmGHbgZDo%(sYBZQeL(zVB@_1hjLOZVHc1)@HRdR z*jU8D#)}adjo-|ew6hp>kk~jM85_SLs4L$A-;L)|SF8lF@m0W-@+O__fEncOfl9p@ zNbnu--=G&g@?@X{rd}F!z-J&5cEBc%4*1~9m1?umXW4hahX5-buvyUZ9kAu?!cwvW z&WY^W9dPB8rAnO~$Zllyg40p?vav9kZi7NlL{Xx$=a*)us9eZ7NOQ3kxxe+^<$ zd^owBh4Ie{Qw1*=`|LZN*=#wi~c}Cxu6_BM+!US+R@J4@BL0Pe+1EX)k z^l0>RjM1Ng_~rOX9VMxHqc^tzDU|S-^%?d?|8B@1QzDK2eDSN|OT>rK&s&0#fsqD} zTchWFvI0iWD{d$!#Y#dTci@fw2w-Co2c!Q3qZ{+}Yok!YM(Z=|tN)#lKc+-h|9Rq9#TSc@>aRK(9|UBi{*zW^ydhPf z`gv&!<)m1`jv#m7tA7fxv4}(U{|?e2K+ODuJhK>ekW@b(nd(10sQv>jozC3|eyM&| zf>i(Iz?Aa(lkM{ur0!H^S1e$x!PDq(ftp9`B!5ACRxub!V?$X>aG2LZx@2Dj^;lKaI}>Nk5_7sfVOQScVs>-POEGVN_b{McQxpwqLZQNcNAaV4eA{ccVQ!k za^>9s@ew9IT9sWh8QuIJfk@xYzv@KtW`XPG-Jg+UzN^B97$~A&;fRsgn;P>~@jP9g zrHy1Mg3$75uZN2S!;YgXu(8NM8~!(C!46mJ1G`|&M2`ws?oU|G2Ub*P7BJ1iX_Mx< z85d~X!fBJ1?gEfqo^9_g{9xWW5c~31K}vKz9LYCDsVpTEHd&ux=te;2UIaE4w(4Q{ z&=!vRzYk3GA2=ez{>dC}gk0R_Qt30vL1?Xm;Y~MI|M#HA|L67J=;o{Gtxr#+B8O!+5`} z6oW5) z9W(e$B3E@ygmnN`WZ7FV(%kB=jQY77G^sX+AWs&2bD0P}DLelZM=ZMjOHo^6h-ha6 z@XCEkkYIf)1BcgKg7y>>YZkHHe7p@T~dgq3I^NPeXgx1wG^| zV{!fsLZdI?NWD|C1h~S0gK)qT8a(S2Fhnr4_bjln@N=LnM`bRA?P=;wWAixVr%02_-8H1(G#3r#)qF$9<6Nz@BY zB3J^(l*mRn(E1E}WgiY~Ec~pn-guXu0ZeoaoJ1I2pRt+KDQd&M5fS{;O{b_c*N)7K zb*E^6x#d7%gpJl`cs?C~&V2%GEYgwx6A(fEVI_XV2? zUQ-E5L_vg(c<#W@B6|QElU-gSG%95eV50qVP*jsc92XtgLPkT zV)JXGT{lSft4#J^-`!*%M?-E2@;id80G%8D67w4#!(q-$HvSLCaNI?XRLdZnLyd4q zUkvHU2$r>1w>J6Wf8AnSx}~wn7doT|p->0y63$1!SpIx_0~+v^-6zhAIS&(jQDV(u!Z zrbP`X2}A2BeA0hf)M&WG%m;Z8&yJG#Fje+>B|as-3p$6g>2NA`{GHi0;OA@$Kn+by zRt>&t`L%4w^L%qa+QPEn9vDb5n$A@XR_j(jINFbc>hrYUf;RbE)JW{@gmU~rD}@;u zQ|tC|GK#NY{<0Ij)_ndtykZ9cvLmB&ReIlkl+IRPwljEAg9FA2CIHa6Q^4qRAa629 z10|O(N_mo~loD-b7S(Ng+M8@YsQ2^#qyPgxA2)&5>8ZITP5m8^wy`Wa_XZc1}%s{~Ti z_A%A=O~B~Yc28c0Bp=r?AKb40N44$nw^JHc!xCM*4_>FXaZVNY2c%wY^i7d|2+GYfDeRh|DSJXynPHjv~)OHDYQn`T9 ztL>}23`suTVm|(VYD*mw^c6D`wGDmU^%Yf7`OR`@!Mt3is-hi7feah#rl+WiMzg2D zo6M+L^X975q^RMd-Px63a-Du~qgGQP%E1Lm0;_agE_9h2L4NYRx zM@^Y`yh)pP0!0wubC3e3BYbL)OSZ)`ImoB>#rb=j(~A9f3{q znf!fdYH-x)el8NBS41&Kfqi7aJ~v@MDP%_-HkN~0{i6=gh)$~-Pn~%L&f!JmJpgSW3j|g;Oba znKs7?MvvnCrPNMQBQm0Hjmmb4nhucoz&%K9?jB5#Fwa`>o>LIP9Vb=%YJ{&U^sIxw z3)&mscAf-o2bksv=-f<~x&Bg@Sms>{+6x2P@`UzkN6QaGvk|1WyT~_4za9Pq=%n{b z{zN7T_mz={dD?50i++RUs(=ZAvMv5g(#T$oYs~09TVwH9Q`{3!`_?(us61(FX9f4`4;! zveQrvM3YVuFWr)AO)SP|7w==@+-E&f;rZSqMkTA%u!6cA@V1pc3z-q=N#OA(?NqHk zbXk_77?VtW=+eY-^lRt>ttLW2{_IcxgegG$tc-t4`ZCB~9aLv_I%b!VPf@r%v^k z3xdc;3oxU<7)hTWB<(&zr*rz%RjcND^&~!XerhbR*M! zW5FZ+J5I?Q7YH1c2z)+Ypqqm}soNU`f1jt|r*zsLtCt*KV2=Mw`0345@HwVaGLh34 zBI#$4^w&Ys^^>G0zh@O}%HkCKux^*H;D>deS_)oiRbv$V=s#!6DVVtu1y}YwU8_Y% z-huBQFLIfB(>0QXpuIhyEw@ZKAL(fMy>~XK;^+)a5*8P1*iGNJ4f|Xg3uPpMyoODo zVZ%0YH0&1_;qT5N#DQR$B!0qtzdq;rou+6_240L4f@mAYMbVRhH3 z9$1{%ukbSYmHqw4We*XHO+m4v^^5KvyX?1sy53ke@Tt18)vcRcOWuj5tL>`0^3QZp92eiq^j5=)N6k4IS7Wq$?ZQ$_ zAlses)492c?2K-gCp)8eva(IDn$d$zLmg&%)r=l*8tOnvs&SCiCqYs(sWSk+`;;VA zU$-)%@fPsw)3%(T*|MFGg7)Msc5y6KwS$@by>)VHc`dE#Jsw6{r~0Ln%SoK78pxSR zo$9Aud_NQ4VB?c^GV5P!PaZyb-jP`6s!!SAKXs7sA7$Ti@3Qe@ti~po8UNKF_A`E& z5E;JzHgAGjS8Ixw?j8)lId7Zu_e0%2GwMp&$)_i;BBC3t=z_(|vp~@i7 z*XLw*YTloJJw=|F$oHo(XVW;zIS(a}m&5&(ye!h3Bz}b|;j?KRkEmQhHa1M_UA&{J z9CCqHA0X}^Wdm3s2UdEMd+Zb-RS`5h%wYuZUzuOHrZiwD)0D1U=#_Z2mA3#?rm%Z7 zHL70g-$2f@MAYcOCZ@8dCsn<_eQMbEY;F?asUB|*e>(}H{t;QKADaP*jPLC8WF5l@ z8`;DzW7ufhe_q8{9j;=mWCn^G;!P&i=&+<|1-mRGzO>(Z;>){PG36p#9cG1rat5~h zs-1ZY#Dx4DEQzG{E-34YP?i_5O<9!}V%g<>Fgfsp@#DZsy_UH}m3KhT8eOm?bZ!k-GPk#1P$-;rvHpNN^0FOM9AUGUsN7aP#ILBPgjr@YbAV7v_; zZn!_)@QgW9e~a~0c^0}~wqM`Z9ndR3NGgeBHz*l(C$0&Fa7l(A+GKIj5WbT^z~q~wQPL>T`;SY=60 zc;EUA`wVRfxndCnsg;*uz^wa?VI)I_4gmjs3am8E7Ba~M?M;~3^ayC%8&c4YszEE0 z%94ZYv`Y&wCbxTIQF}(fyJNz8vf~|VyP|YE&|X!L_NH32e{9g|$%3@6)S`VIv_BN2 z{a-EGJ3%Y=ZEZe%e)%nB(Myuwb3r?tZ^pG~53EHy1+?=D(wi^@6mY)TB+X1+D(xmkkYF0RMFW ztkiM1H&s%%PRC`K!SNk1eat$o1_Zoq65f3ruem~svW^7pQ2{MZ^VxJxaJ2lc8GF5S zSI{mCXuaH3jy93o5VRWuS}*qnN9*KP9*B*iZvt9hkH6QV-3heKfAD(o`rZLp(Mytt z!C1N8E1>oH-M=PnWoytL7tngS3u@A)r>@m%ML_H2-r{J@SCpW$O3-dDNc%=j+RC>d z!1pl&TCa!bM_V>0w{i_=+X3sq=eL`qHMcsEhhspyZ$R70GU5Dh4O-JT9`80$(KogO z@3{eQWx{(?LEc$W?@=JZG+3nH*Vf>W z*4NhGI;^dwV4obY``VfnvP*5v1norut*@=+j+TG)D77^Vv=0TezP6rnw5GTy!uFuu z643gAyv~2~i)(7@7v1hLS6ffqrBx$PMLWQe+F}-1Tc7H-JmY|Go#F{$xb+#vVy1x3 z9Rh4D5^xT&1tN8-N8_}>2CNRB95DFmS^}(8msy@hb*%*LO#!X1t~L3zDC#OUzyy|KX_C~+>+V<7e2G}55Xk35Yf$=Y(_0_eHqvap@Np-ym+M@zmUtK3S zT2ovUVGU@P1+>0#-BW|sRM!)_@?}?D`+|1^sG`^5NOds_tgd_Y&Row@SqdTiYJG-% zq~Gtx5T`DC$$7Jw2fH zwY4&&^|f_XUTqx*_Vod~udU}oc4=HAK)W@d^|ke@qvfBhNo`evw%KpKxW2Zw2R0}! zil9L|IH2{7tEvXAsjX_=?p;?~*WIesOi)FO;Ye*U3#_e^bw_Rps4RsLZn8eZzHzMu zHWmqJTqhzTjjQrsw`lcdz|e$T0G;~`Sjqp}&zZ8O7lXFW@4l?QYSX|5v@nB-pzR*e z`qM`Hg|u9)G=-hws_QPE5b6r{nE|^$7rQ)UM|H`nc}bOS6K-!I-qUSwRTe|mLxC)B zWl!bHLKS`VFZ6!_ZH3VW)bXF1w3QEmHuHy9hc}b9z=}G!(;;TE6tueswBAfcI9jLX z%GsbjI-uP?$-|Nwv_^9W>UQ1UV>&od{}n!BdQ-sb%euz#Zg6?p5wx!av_75hYS5Z= zy6blRY&sJTy$OG&)>_BvPn;#ePb~6&NS1(EzMvFBUp#lv#Rhb44`79z`pG)l$pLMr zg!Y(_cEam7nzT;^_H6u;v{jabgnwC|VK3$$U}JJgmF$cnyd2Q^>iYm#sXi7+Xv^kf z|0|#^r(l52)&I-V@}HfAb~^U-Isxmz%kArE-TvR`(v>L6tavCMjK)t&a+$2Tkd`pV z`V2Rx1HgX(04rQfFz`qk1LZ?r(Qx)P$*%u~0lr zH|Py9d*dgi<&`oC7@J`dgrlv`uwRv#18huoDfa!y=%oRj-|4***reDPl?G8v$-8aL zaV8wJ%xuL4p+_j_IXIF&@A>HW;o$G?tkCbQPj3IVsQyMKgcrl!Cdxp=%Uq7F-xQui zt>K73-u2NBi9oUt23ntCFK`U7vG77*GeksS337NiBS*nWa;UPTCR|{BhP{TC0UHY& z3?tJNnYtdB=yo_src{Ru(7Z~#^_V`!)Ej8sjqD@v5YC!AXBtNQ2TiF7%e+RT)ZbR&8NWR%{#W4R^rBxTR(;+$ba{D=2 zvo(z}z6sj#0j-yNgriO5t_AJlfY!^s#L*^lmxA`rfY!@h=V%kT^FaG1Y$V zV?Z05`vFomFE1Y$V z&w}=WfY!@>!qFyjZv*Y80j-z&y`xR!o&(y_I_Hj(=&My0I*t(W_&qfO+l2W_*W zLVDO9*gQQ{o(kH*1!+guq|NjM?P0)1$H9@lhS>``9kLLXTA$%AbO1WH0@zsi(TDYN zv>O6iKbUR~X)o9B4>v;SN_ryja(#y5U6??p-jp1$I=U<1?VYi!**=Dq?q>u_HI z*CV&&Uyt14uSZ@q2;)B(9F*Ar{yzs;(e0rtOrMjP1=@>%jjn?u**E}?Bw#vevJjrI zKEu1x0qETGz{bMQabp~Wy$ekAIh;h8>P0F-NwLpVGr>?sBVc1;gN#jjd%R-ZycFjj z17bfH8U(DAV7M*8CS6PhNISA1!yL!3hh<1T=xi7~hbFmL4>}y&#s$0;y7_I`^Ff!4 zIBwvr(3SQI9^#W2@4XHgk~?@y16flNSqi2@ce`0+R~gyWx_@#% zu6rQMYxp3@GWnW;bJxNe@iv*}8c=0}nWssEeW-VMujOL0m|A+5wk4Q9P|X z$gV`HevsYv&~amQ|w&bUiR-}%nBpL2c|$m^m5zNhkz zM&gNR)qOzJ*aHK}k77iz2jKO)h=-pbM{G7?mgM?)DY_j!fj^P0RFwW*=i-?nW`?5g z*^93wvMhwXBD|2)^3Le06pHG9vO+vZ-}CEIu8KY?$4g7Y{BvsEJ5WVZ&kpFxU?lqJ z4V06ry+0PExEItUA}tV}V)WAh!WXZN#OKkMB0MDMLDWR|Esf9HRk~a3EbT{HeQDFu z&Wb3KiWfvmt7WDV5lL3WK!p*s!>H+(wy=P{cX}yhehsdlyjJI5SH2wASZ!J4dI%KXnbC2scMtDu#D$(U0weA zu_$s=t`)kYvQ+}xO23$yg;jF{z1sm4sUq;I-Yei&*U7nDjWj*?rZ`2bd>m~^9FOAX~#uhDw-;qeO?SP(XgDyA0{y2{+x!LB>Q%TtQ zB85yVmoBH-Zb3WLE!$43EhB4H!)mj0A$C?v96zYC_0MYndMWHUq{mUc617z?Q>!-; zIjmcd@T8I4@&+tWwUi@~BeXnJ`<)e4)iLVfi!nls04GzrMgsVKY;B~pbZ;qTIIcTe zO{BHDQZ;#BRCnlBI}|y5A||S*x9RmRyF}~#C8nMP0fMTTxU5d-o}!TL>Fs_+_0`}h zci2`X0730(s!!{t?<@t-e-6iG2)J}<^i~M6T|pv?(9&qM zMV9Zb292o2D0=*g6q_V`xGRuQy}%C6EX0?qhGbuXRn@;5-C4Z>G_D$vn8Ugs)r)pl{|&w`QTXP- znQ4gJjEYBA=!#F2-Y#B(k&W(Dki-;F`=>Qv@oE^{J!m^}#*S0Y6=5q5CzNxmC`WaP zY7r;)_*pfQxt_eL2rcd{Eky%raZ$U!;@Va7`D*#0dKDo}iKA?R!i zNu&aAG_7K;5wUEFR~OUJVqg{^@s#gP!Da&j#+##R#y9LHY@{{yYtf3RlsM#EP}#TO z52TQ4qFtyJa_g^0CEFp~xL-GE2qLZzmfh9s$ISCvqY@{pm+!9rNn~gBVv>H|2ACR% z(fiw}W!Z`x%sWuTu#tC0Yk*-&mU{&V{BM|nN&;?I2I0-SSkmjGAk;LB-;5G&^ex?6 zEi8IeFQAln>&`V|coH*7Y=HM)eehhOx%wED%q6 z5JQmcuKM$mSjGG2$*y5Xw@Hz5GC?d7c^I_-HWEc;mlOeipQ+r6)Rg)C(S@3(JR+xx zzI{ODOwhap5bT4x0!}mt3?EV$UtPJo`orjVBYpdA*$ID`6J-n&5|nrF<~IeNcN^M zb2ee-CpBjB@8blF1Xi!ds4kk$%C8Dp4Qq}>9#g4kMKU)`h6I`$%j3Wnf~+{e1kXxguvh!LVQ-HQ4N1W2o~8zY~-^gU?aFVN;N)@z~Q6VpUEN8*Iudk zeGWwL*2PrIpUe7MY!8$W{dq`<>*iII##b#{b?f4?=mK!wCqPiN`Xnde$tYAttllp~ zwIr2@;7mEpl;Scn&ljUbKvz(S01v_W#=4)1yi;#!xf@3OC6_A2360H>$d?Uu#@xO! zii!J+K#z!E|D`J_X^g590n_fgtWk+@k;q@GiMOj?>Nr4&D%1tetjH-!$j1IQN{V4j*_G9 zU!oKj@vo|W4O$uz)%88ERm;QvE$TGUNaWwKG8JF=f6-Nu6`)>`$oI{}0uYhNWrN*# zle2b(ICp}2_KXKJCDQ&tx2l#SK|)pkACgECB7m8o>M*T#GqPZjyq7!eO;;TnsPG(#v%T3{q{)+=FW>s+h`*&3D_8&o86FER$d&{V%J zrUfp&G+!SBgd=ajUlKUqD1Vi-exJ!H=k`syQR4891;d9+or7sj8O(kSxo!q#m_AU8 zZ;{`WP3zZnEsnAoDT{L6A6p1!82P2$u=C*;MmqV|{Fwuje(;~MAewJ9kl;UKu{7U| zY1F)9p?LqQy*GWbQ{bC16`N0=F%SCJ7|PA(4)dUYje*~M=I!%$$KlD}jgQS#@$}+`=-)B+&hdrgZxzeW(>Jkn{?75w1b3NYeEsuu4nN-hYEzN^<@Ft4>8IJdi5)bb zP28b*H-U@h-NZ_o_k8`k!DQ6GpJ(s9zq~&t%+(Y#k+tUiYPbK3K7I~gvs1&szt24A zUrrzRdf@eOeCGA@cV3>S^ZxMsygg1&czyZO?_%TU?eX_Emj6ZUo%fHgx98eBmnZmo z=Ja?28!u1i{N3!4HN|-TLf<((=HNeqLX`{Q3Gb z)8%=496p?WPq%%}?|6M2zI;9N{LglMyuZAET%Ny);S;APJ6SsC|Me`LuUFn5zCP|@ z<@tIpj`|t$)z8!U`sDR<`q1Jxhf^v2f3sPCIDcyOv)fA)%;ypFpnthMaFV5)8xG9p zx0nb0%jfqTOJBv_d4D-S<@3+`*U9R;jlJ{q8kT;Py>oncfTb5&ABP90cl`ZTtUW$I z-7I~&{dpIw?;Lxd>G5Cf@o|2g55G7)e1LLmZ+tsgem-Bk{pBn_rypFuI+!Paq4h6g_2ql#{EWko zuWvqITz=>8kFfsaqksA4qn_2r=~uq-^7I>6eVpIq8$ai#`xw6E8}A@%pSPEf`zyhc6!= z@9$<-AD3^re6f|~=lILl3r?){{_*x->7~N7&fa-`UO(sGPq6Y_UOT|>c?HYQ;mOl^ ze>gt!bpHPDtUZno{GFHQ>yxMRcMdQ9&fDYfygn{Z^8WDmeD&>R@F->PyubXN*U#U1 z|M`06{pIiZ>f`J|6zg>$}?X z`9E#G^3gM%p6{K@b3A{F;lq>cy@kDVeC7P}Fw4)|ae)IbB<>%$|*&n!k za)6D8uLu6l*8_j&{pI85^o_ss`Z)Y~e{N#^zk$7T`oQbw{pIwO&&Lp}e;<4Qp9X(! zf0-^kU(Mjf=aawl`Qq<<{-%p>ygrT(Je|LDdc@_q8a94Dp2IAizprHJyuNuX{blTZ zKYQo;$&DO^;^TXwNULU9Ld^~(UPO$NDdcga~ z=bPgLZ~vvNem*|lAO60bmFMaFo!egyv+{gCXS)8Gu8+faHX9H3$8r3d>Hf@geSH2n z{_u1@e$Jox_^TMaKE&1|$8V1R9N)S9poZ1Y+voLfX88++C+{DxpVI>lKhA&nJFo8p ztiSoz7w_LTR{psTze2}b==|k_A5Nz6{tbC=?v`Hjne#tB-yAcx`0)AV z^I6K^$MK)be}%%A_lK`nzTUaM$>~4N6Z8IYe#PJ6J z`F!&J@%H#TUr(H#7uvr!u>NuXOFnpWd5pu4kB`4|`vp(u?|lA#(aUrAw6OW)@oZ&*=KPE2&!>OYvHm>Y;l<%u=zMbcb9iw1ho^J>_kVhRK7KAwa{kEkbNuA+_9Ff4+1cKgR7NT;JvMW18QChK1f+ zE6m5D$X6E?-M{!B7b8jkD~fzKUi7{A2So7GiK3T&GgkDS*cV07AI|&xdBLP}v7&dE zK3W?5bW73kFBBKOdDh2g1;4&S6rD@FD-rzk;b_t4qu;>IWUlf1qeUN${)zYLU9qB% z$8hIhAlI8>MSmK@wVr`bKZq9nF#3S^=`}^4ihk9r>UW|=7oxZ*w8S*{=5sg-UjL&5 zz|_A|`!wG^mD#6x_Nm%FEw@i=?9*pl)w}G+4*T>{`{XKgPm67;E4##gyVgFru7*7= zwfS5LHzfD8&gOf5f2#-?$1?jZ>}kDCbx&`06X%NDY%`9zWCve2b5%B@`?kq`b5CwY z*4k8ug6^A}5m(>pkP-*%x6}6NkbPQcpI&UAuCq^JZQNi}Kko+YI_RqYC7ZF)K258_ z=Y9{}@K)L(_t_`6n%r!=5^ferR$x*|T_S+{MMShEWbnpsD zHLGkP*PtUy4v4OqPFvzO`{cgW*l$PelLO}it~a@hxW2lz;htV)t9Eecw%;aO^SfMU z0sxsp7pK!5N7lmN@0RK-?eN?}4l9wnzAjsft1qmUYMak33fJ!1kW@Ee4*zep`P{cV z?6)z8>rQwI>&y;Y#DT+AxZI{XWOahZ!I0G4WtZ6!VNZ^hxPdr)bHH*O);&Gq@GWeW zgblskcE%xpShw7_8*B+j4#GO9momIJ!0+C5!wD{Qb&ZXz6H+>=9!&$>pOdgGegY#Ui^pBxe0YQMRua~M!* zQ(b+pwBG`Hg-dpY9f5no_1f`@)?J-HIo0Y}ny>sxL%UDd7&?#Xq*J-HIofzh)Mj<7}GzJ)zGUg1(x7N}1;pgL*J z&6lG`hiws8jidJts1DF>ZMqU+sV-lbjOmE&0owyN)$YknwR>`{x&FE3;GSFwH(pos zO}5<|?32SvSJt)W7L^QbeJ{0TU0+|&v=a#)2i9_3?wrZEp^~+W5p4=q5 zZ|><E)oh1?o`t0M)DW;jsZ>*m!hCYRAk zG;OxmZid~{9X54lM(6M(Y)tp(9#d`*y0JTH-3`t)>_F|%H=ts;vAZI!VW$Q=XTmKZ zFmjE!THKSv3b#yixA6uyoz4UhHcrO^+(2As+>;YQ-8c8-AoE<$=la}Yr@@iX+`V^Y z1H{y=kuZbED%*&Y1s$*)y1A)w%-fZ4m~fY^@3?)MR`+vv+I2NIWL!RnMXu9Mt_qW; z98_Hi_syZXD;t*2jpKhx2{%dyUH8q6(mmydkb~)Ji#oU2r+WM3>T@u4l7N%B9OZDS z9kv$N)4Gsvt_}Be^?Ee`rP6J%=GAD7vs%5P!yvCML}w(OrAhYY@S ze`KorGl%*jGs|x>pM0822{Q0dzQ#l}GD|i@-{X%)qhj{BnBN+U0Z)ozxQjcG`t@s~ zVoR&2J)u(LqAZxYD=O;7afdz1#f1o_ygn8cFVqHd* z+#XubSCB21*egm$L~$fm6n(#l(a&w7{IDn<6RT^*;`3tOd676TO54PS5wZNds5md? zo)@#*WQo|ISVbjHh`Eo5rKiQFM3*S34sGjS(N<0TH(!%z60!I{M^1=_HnC$|EUgnO z#0_c~OvG*%OUK0ARxzhlh_9%bD;BeZQ~N_? zUPse!P{(WNX{65ov?zH>%(`97J0(P$%2wjz$KMtKhg!t}jk+xLo4~*8TgCqH)PGAv z#lBW?qfSkTxxw!JKfqz(m{|0b>U>D*qVd=&S``UV9xV8uD7a=!Y_Zi=1XF*ERE)aD zrh04bCrEwKxHy>TQlm`>uke56Ed0~lh5tKe;h*I${8}|xS-SnJNcFqDFgRx1hbuOX ziF!L`Z%}8EdU#wMbz}Cxc@D`QI2Qz~z89&@4#^wFM4fHftNQgwZ5tQ2 zxWbErh2Mze>p;D1VQ*0PA@%sUIFY6Bn{pO@^Mu0J1Y3SPlDCeDCfo9oVCp-N`qFXH z?ppT7{B9&~8xuQi;YGp17m$iEAGWC;ME(G&HDjVtr_K`df@Ogtmxp3E|D!_fX5Vi4n0Lv{fWDuSodx@fqYbtw5j zteBcj_;C2QNOUYg-)H;ZKMhK=;H+4#DK1OB52;1xL@Xm_Ul1jl&LwF2}5j*rp0Id0yAQ zi3|%96`18%acoDqobOoiMX}JE?`6RbeH%rNUKTGN6DKZ-7Xw{RjEg&~OzmFt|Aefy zV`BSx12!-9M@YRsQ7*1a+%NWwiR;G2{`0XCHKAT7NltjtWwB#S?86M%$~+Li6?w9Q z`0Yr|4&rwpwdo0Qd*VTH$7S)-CNmbV6YoMM3#q1ZQ7K_|Q9&$LUm+H55tWGtg3F{j z2)6g4JVtQ6MIjHU4Zl99!^{mZ2%h(12bTlwb$Q2MYbC+i=(kMNH0N9Dk;?8h@{V!xH5MWz^0Q(D+zi~{ogahoakb2u?aqF14 z^OCp~Sa|2Scv(0WeiK=@1JBk1U=3qp?YP(#j%WXYjQQ~FKas}+o41sIjMVIS_7kM$ z#k2oLrUJp{G0L+L4r$GWgY9)log|+9CbI4Wo;3k%SerLy!Ltt`TP{5N9i)2z^YHBV zRB9GH`!G`T;@P9fR3N}s1o7-+C=a<~S2)1_5UJVm%v*8aKvqEB$Po#Uh=9KNEu?NA z7rQT;)#y?Ar;+;Nr^TwvAl1#4u~~`=t`1i4Z^&}!vbYWNAobaV@RGkzHCz_Qoq*&4 z`WYm9)8IA#A4uH@0o^WlZ(u)0>ZWmVo$b1p`d>(0H!e1Xr~aPE1(fqh%?^}Dk$U5| z#j5WUP!<`Wc*FYN$l?vl>)Mx*>Io2D>LsKuxhPhi72=8ksh8oq$WS{jwuX=FpH%VX zS&M%U8Lk}{wc*9j6+=9NXje5x!uk#1CQ!4lr5_Np?eu$DY@na>_!BQ~#owZgx z@W6Z?8Fr3~=F6fbJj0_Q8N5Dx4H>jl`-Fj{m*Km}P(21MRi&1~JQN^U?}3Cq|1nXa ztsbSmzVJ>6Z!0c}>O@9KAEmzVe*s)<{>5yCzYM+mnzN>$XAF1@ddRG^;+pd&)q~o2 z)TlV6!b^C_>Rc@0S4m5d>KjYQT9qszwS-b%zq(Xps+uFN4?^lsF`POqPwWkrZHkIzpqivho)BBliiKCitTAzIEkIBssxFGTkQbJJO)Pv^%!;3> zQY7t!SV`0&0s0d!y)0@_B(||!)Zkjs;$g;7-ub86CJ}63&y7*2k-h0K`OQNhxG`5k_4{hwL0Eihy zO>t~v1-@5_#fdc%B(--!o4j4wgcDE6xrug(Wo_ujVsxW1e%A?6c}Xk--l@)9ce~he zUhIKc_PX<8X>5JDSlA@04vJL|+g@!Ypqx;hL!Hb11(nT3Wvk;OC&V&J#MG>&;p3yk zji(hf#>A@Ip*x-pZ(;qzx|^3|)l^u*F#d{5f|`W2nLrt%CjV6eWYe9P6qu`JlQ84b zuO8e|*`JSjVqZaD&xxJq#dVh$B&slm_2VLWNxbBo z*bG?JLri>7to}arpg2}rE>6g&5s4zSh?4Y9j8@47Frv^BDlR@D)*KSa#KU6Wd8%#& z0eoqbSbI>cf8PXf$iBw=FQH_t7?V~UuZ*pQDI2}4yA#Zp+9<~4*U5)A#n|mv37+CM zv1tUfO6DL5C3ZjlKun?3qT={06t9fmQzMp*0Ds;nR&5qbVl|awZu|$Y&WJhj`=eD@ zt;ick2UZuy_frSfC-!6V=fIJ$K3;*pQQ#JyW1AKUaZzkR?r27A8xiGWLS&TS)GD@{ z_Zul)y+c~c2>m{1gvi1#)nUP%6?3nMh3AE6727ED2_YT=sA?<4vQ|+B1Rk#y%ib!= z?w3zk9KjFdG`Sgev1N5CgL((O4!jc`tW1jN9pYAM57rk@GpfHD<(dG93Q>KBSeC)> zT%>x>D4@RY5!Lp&Rz%l|Z4;|6iAEG%b_dD&O{&1AtOa(riS?JTvH_l#iNz0J z^+xU#NvvqBU9@-|R_P^Ci>Ix1qDpmpPn}qI3HmDfL!ciO)tALmfF=5vXgnw?0P9V# zRxASaz_lbeTE*f~KyFObK8jg7FIHX#=$b@j-D#S-eWRdyZDJk~Sz26JV?>~1aG250 zW&E)~BqJ#Sk?4C#t5`T9wv#O_S}pdBii#^>MO(mas6>rqBk@GFdQC|0S}|mX;>6p; z{(}>mB=(WBNm_KO$wuAe4X(-gfhK_@^p;p9TLvyf-zWCnF`>a38RHV!Qneaus~YOh z@Qrx18tKG_XJn+Z;fGASa=QwNGSWZ9VVix_xR#(7|uQKB&Hbl=D{G8&% z+eNfZ?CgfHPz!AA5@m!*FttA+t1E)(mAYLNsGsl+^;6^VORCY>4&r4o1J1I|sOqgE zivPE~Rcr*Vm!TRkyjrmwTmY>=38oUnJJzatByc_{Xn}(jQfFhA#hmY;l3Fq6lVa@_ zJS_xKSy!1IW;+FrwL>o8R8h6oF~Y2^cve;VR^Nj&Dib*_)hE)jCbuKQML&J&szb)2PAZp zUjRxR29G`uQ2~?$f)iB(40$NzfFU8u~V{mi%wPH(xP%l;t>7e-QqCU2^60E2~ z9Jq{WAca=kM9HXB;x~Q|(EGUhJT4B@psokRO%IEj#6D7i1*8JKx)+bg86Z8PTI?eR zp2Q?Vgdym}iXoXR6uBrdjoOG(LTpEcShfWk9AU}>qUK>S2RUFHIxB8NIB*}1Kwe6*-t-U zc$A8!$`X|#dRBDQfzF*J8`qrJ8em|p*h7%2!?#k(by-wi7W2TLFsSB(RJNFe*agLj z)uJlau#gnmXkw38@K^X*Bxc7SeN@0yxGI0FD69-HtblfklVJ1JR79#ywNTz&*MJ;;-=cSk;$~6tG|#WQW%Ap8 z>HHYtr0c&X{!^M^NQ>8B68qu8J6}{JMEv`p$0doQVqLAc2CBd%yi|!;6NTWc86vBa z)HKJ%JctD1_M&+p509MAV9m8r{xvWto>z)MtEk5aX}+82_p+#^pYt?ovxsS0U@nyH zez~xA=f}UWv`du7=YaVoMv7L&-*sn`*!X~$H!k*!i|eb3=3^}XId@D{`~V|3A?6)| zy!BqFi#^C+SF|Ah*}I!W>sfKAwP=+niCY!!xJHy@#L|P1q=CvJwq~(dOg_rm_{Js_y#a(7 z@iK{1@xCTFdlo|3su8Ox>&Dn_DE_ex6@cXY_$NlX5c(izq+whfKaal6ia+zJ4D1=F z#D-RqFjqnqdrEfmr*rNHN-acJYed~S{IrUBcc715qV!%7$4}yE7!fv9knx~wTohjr zYrm=}O?(tfY9~zxC_L2JCq(fku@YbJ$Lsv6Ua=ZL8>8s0>whMB2<1z>E&kD0gO>m> ztI->zWHR+p$~gS`n0JTas+7UYf9E-YFX|Hx=7dbN+>SOK4H;%)`Ej~303fACkJ z%p^`Dxl7DDC_7yVO$2%s79*+FvydRa%*GceX;6a_+r%PTtaFgG0GSh8#iGsbEh!c# zi2nf7SCqI>6xWKfPvYs}i~6w~swc=%xtQA~%4s%hynEgdL&=pUMlCubWtCRhmGcJlQoE4Ryz(77AN-l}{sOtiT{i#f>20?gO zLmDkM-wQJgFb9kR(>0%ZkbGJ!x;%|QqOihXVP(1*T{@@35D}G-r{ie9)X*BQ>Sr?QE8dt3Nak2ETh4>B- z{vTcqNyK6Ne@9@wfu`9?_RQE3DNL@y^j;DhFBPprV*_3I_WNX|D>*AR+(8QMJoGQt zTrP@XB0&Tg4TR7QA#@8ah;{KZ2!;Uvd;-gI)`PSjq@Mt8U>c2PtWSsy-Bi`85tOfY zqEZ%~Nerxml$Wnhm zuca8^$Hiu>jNqkNDBJx&3DYcgVf8bdr68msz2Ky&%y zV*a;~<83MjgyJCDeHMtk>IWoZL9AHRCYC-emdodL=S1}nVKeI%72gtNkYyhf+KdqAR9|QNEl@DVyo;h9;%1|D{d=*;z-tI(n={b2 z5fyj|qLQh|gZV?KDE5q4gwRpQXW^lve+8H=GI5RD%9YCp28BgXD@+_Kn}xTa$Z|3w zkQo^k1Cl;fI3mNBPk>&``hr+Qj>2V$a+PPHKiJ>E#B6~qTJ}Q$^K8}oppQHRM}k<> zN)ECz=&1ljIqXBR_$z3sZ%{m|*q`}lP|Ff@srWHM?%4+^h#mxFHl(PpkfgR)di+Yx z#n#XYVoc;am{BQ>s?|Bm@8GxQVeO)Q7|jz<9Y_p2ArkZhJ2HN(3b_X_umh>+8-{-G z0QPS@OHq3D8F5I5@3TA~Ly*CB7sY~B(RfMh&=b${d`{;<-1#N3Q|Do8DU2>Ma8V@J zJlHM(s}*gug`yHN=qzk@fJ|Gh0KCWtFonM^`=Xe0g#wZ1-!7I(MGj=OL{B|@PQg|3 z84P$Qpw>JtRyM)OiY+{sVzeKvsPKxtO+$YP)NhJiqiXWPF#Z}{gdzp7h@x>(c^-ei zqR1E{6CVctBDQh8j@Jn3c{8e68Cwlw4|P1Yz5H40dTvx@Oh~R}Fd-evP*5rbZf{O} zo7P=9T#O@PQ!5BPw7qJv=oD?@0u`Bs>E5FjNtr+0?*u|EiouN!FZqUXrKq1!nvV>T zw~K_rw`h?_!7~K%JF$ofXD*3m#N!gu$N-UN0cmnWo>98DOE%jkmXjq~>YC7viAInQ zF;;xPwEhX`eB`4LhrnD;8D{P+o3GSGp*YuxO_JD<UNxWEkiDTF! zNw|JVYM5XwdV@tiWB~0&RV@=!3~2FW99FNyka9{HHg zgN`)k-@79)hR=akzCps5_?R{ zg;DULLOqs&cAL(D{$^9Xop^tMRA?y(kKYriuj z&EO(X5u1&d>gi^wqz5APnsCMCX*7N94@B7&$eGw;1=1|T#u@vZpyAC5PV$2=H7tZP zX(c3wSymlovhMw8s7`9E3$GAqFQ%{~>8L7>U0W$#i!g6jAWrTS#Isrm;1|^XHO6f& zqMoH-lpCa1WLHA(=3r}O%Cvx4l^$71;{Jhvdd&2dTqZ;Y#E)Pi0%|f#{kTen?0%gl zZ<7#h8Eig*)xRDT0={ABCf90wV441$GCfIhHX?Wyz&ebqh_aSK$t0R&-M$Kgn!&A= z37=*^0huIrof4lt(Ss!Rl}|$KYM74L<#D44B*9CCw5m6GGD`C2cK2rjidKLtQK0o= zqpQ9M&J$uW#n`X8IE`T9^_51doVLQiR??JdD8r>colEO~K6DC^7*#}u*eWiEI4gv>EzeR+rp>*5EY7Q^JZLc=hhQt0)b zEZWP_`}s*%92eK zWsR|erT#rqOP_({f^d5H^bvZ5Gg6)ot%x?d&Vtaf7Y3tmi3VDR&4>>&nf6IIn|2CG;eAGcGB4?kq@otQumhAS}hGjbH4e@DY zfL(7P!k2KwOt@tG6uN-G3<}{xOeCp82)o`zKbLSc2nZPhHt-|#aRaOiw7GY2;vNie zMD>7ijMrlbYp_`ZCVjoZh-G*j8Okn*#d-;{)Q?gsD5-`IYyABXG%KH>y>hWJvGPu` zs;-13=-YHCPRXZf?|TVi4;AQ&eS!RgB=7@WHh+q&al2rV#VSCE>xHL9?Awzu!!n~C zol&&<3W9s|CT@l?PXl8R%L!9Etm4bZuxUyZ;gk!w2I2XXjt*FXZ_*HAB!rF_Sp>If z73}%2j(&ARJ@f?wc1~?H~#Y#{r3NTzg zBIZ-%K&^}oi)N_GuTZcXP<8pY#QgKHoc9>Zxy9~cn4tpV)Ca)g`xEq8dt5T!y1v8^P|kw0hEfbm+FcIK)f$^Zj zYqWyOy33pltn8P7zO()lte6lEX2OzUO@vu31%YIdf7})<=T_eK_|&_AZbetXHZ>7k zAA`S4cJjodK_w_doc=YmeRn5u1nJwtk3yA9O z6N?c*m*`f6d764a?jBCFa@PHcW-x|dGZl08UhtMl$DBPMWXeCYo&+XS%7p1qG3M%H zk-6u|Js^*DWGAhBF5wg$&q_mnYFY=hLlv70puA%#WvFT zG6W08=U&E^u3ELcn2z}eSi-BYZvi1MI{uES5i_fTXp7Z2nfa+uzs{GDYv<#z(gnOqUaZDj&|oDb zmRZL9$~yGBNDugYmidGE=XkUTo4VuQ{*~AkbR6d$9TYf>U|q6k8Q8@;unjR*MD!LL zY=d0o_t2|#@!6LJHY;zymV5|Qr8s*DtVIT!utpvP#5cTNlxQz8TigE*KQf}_w|kRyZxH*wC4e;v>=xd5 zr>K`NmGRZcu@GnakBQ0_u@Yw}UJ#8J;cTQGMen~QwbGTF*@=Y5~!q0ddEWLl4e57cadT7V|32LvT%<@ZYr0Ljxj2jM;l{Hf{wT>vUE5*_F`|vxftOd z2s+z+J$8ibkP0vU?rTywJnd$@0~h}o%`AG1ZVW-_O(`NhopqF*jQGb81NLD;_s6a) zSG1ammUPDcqAL()^d%5XfPNkf==s;LGukMFZe9xiHuim-R~=!xZsif%XjMe<_I%g0qkd_5{>_T<}BZSr?Y+5$G-h6+QNBRqZEX*@atl3tPVvUQ|o3C;z0t!>U21Dp=kOypfu%)GomSud!1~2 z>kGK*iEGov)#nOw{M;7zjG;5*7Efc9uLHNBqr-6ME3K)d*nuCRZ*61wAAw?2261NH z!&C&$9y%}zd!FQZIqx+`Cl);{HsBaKSRPs_M5~+@LU`Q3{gAo>CK1M$Cu?KKXJ_%u z9zP~QPcldybyn?jV!BqU=ovW_GqA*NGqTvj#;W1fNtX4UT9stF&aXrEUykF5L~Nf{ z<`~^$u}n;z`aiI7%ppV1ZODQQjmL!RH1|nI@x42AE>! z8O2t{yX5gZaS8<}DpnDe#l`l(6VEg=QCevd*M=V`&dx?*`u%qRjRwdv*u9FF$0kTs z+JfLoJaj49u1|?ZY^DB`k{8zc5;++WmM7rmimhK_YVhPTrbV+}`~m8p1LHtZ6D04i zQxIX|{bF04SaS(czyfBv1xXk|YDGDIE{am@0@r2&hJ?%p#TLZJp^BHIm1_?H$8~TZ z%aV7Eu?D#`$}obiQ`+*3j0N93BCg4Z`mH(~~DJM^9D~V&hge@Fbma0t0vp z9C-(ul*x1Ejo_6yq2`lx?#-kv;lCQNgoDo-Q#d2Y{{apUeHf>s(jiP{<1d@CiA$%* z7dt)&{9O%K0^;*mx6$8q2)sn2h}v6^>v&8JF%T%dMSmIk+=;FQ&KN0}rCY<+#2!+{n43icee^D1t@PcA1?&rz;*%JH-1QTp^g77O(MyiwNB*mX3dHi;%D#ee>t88FjD}4nb ztc|(M6J8#{TByV>c^sXJ(C-m!%{e7vdV3*53E$1g5}As{tk*y1aALNGY0FUsjtFal ziE*of0_(j$G=}VSaq%Jq_k2p3saWNIhSd6dMalbB#VqyPkcw-togX`eaHLNR{?Q|1 z6AqoFD>BWMYFZ#}fBcjX(g$DR_E5Sif*xReYA-7QsA!|A1!eFX9fnNsN|( zf+>n?eQjws`3x(>4n#rXUewFtCVd(L(~8~(pd5f}6$e)VJ!9~@hv{Y?K&~q63DsK; z8R(`DSjJ08kz0p-w92GVi6c9o5=+~}I(67@jaB(XeviZFxtOiMsy(p(5lGm2a%(XB&EaH1=6jMf-!tkux^n&57 z-Ym`V{%oedQG9s?c6L6dC;?MQ#yy4PDNi9`VjZU`abJ!45!8}}@mZHiKPr|NWZ+&k zycE#|8Q9GbD+Z5OM3#AWzJfk%goo)S?2rxhzP<|?iq5ec=nEJ~K>_=}g>m@DQY^y# zApxF2EV|?w#2P+H(Oh&S{za=Py|6gK4c=@W{#-FW4;o)p+T_t&zJQo;SExvyJB)^D z8@Xd;ejVaMH5ujuu`*12W+s0o2C<{JS!(WMyK`SaJK>gDk8~E;u6GeFji?BM`#O1C zYmL5Wo^}0&&XE;~UC8?axJXozktEudhb>pyqtqfJTeJgmTAaLbAR^G z-GdqvR2jRNcnS`){fC7EBme}dagjT$wH*<>mRts8; z?k;+dez1azd@IivP!M;p$Q?aQ+v%8R(|Ii{rt9hvzk=frb-dS<5%YNu$SIFJ z$K)_BRiNR#_^{Z7dxCG*ehKWE3lGX;fz=F~egv<@5?telXgq9hAS*~MoUZtZ)s-1j zy1dF1=K;OX9@D@avvh??`41_c4+j`x+c*vyqOJ;Pk>`)g)bG zimi3>O&|CN6Fz;!Ic@kMU)ZSig*|@($Dsc;K)(@gCfvligigUQrf_zM={Eqf;If@` zEgrr6B4(-d2k@oY6U@Bi&p_;20}B^6-W88y4sk_wsHpX)$XD@W63TGQIsJV|N{kOF zio)bFoq6s>T)wL1QZNRxqBp?8q5qesaALGYRRPgwy1oa z>8|#X-b|_!)nw9Mj=fcTb*AZ5QH5&sn3AdEvd2ArgS{;W`;yJAG*G_>Er&I1cHGvJ zK7AaJZN|U-^#(B8M$;XcfuRQw)ToJ`DV|G-dRdvB^IlOAfPHjcC*_p$9L(0BCM4JkDW*MSCtap4`=N*&pjlAWQt zlMTSHG(ghckxsRb+%t(@ZBHHBiITUVZxWrRfRSi0b4CIcg}VlZPPY$r(pa)h$JRsb zgP4e0j;D?idTtv^_YI7uu`asOL%`p3%dv)3b3^9LV7i&QWDuMt@PM4W7p2=fQ&=u( zLR5*E{={3e2?(}6v*3YXfKH+00W~M zj#O%-e|Rw60hk{-R;L%=gpSP68dMXzBXtYb6(LUHbGT!0U=YyhcsUIvb+V_wedtVT za46lWs!KM~czW(8GMwsc&j3&K5^20)XsG>6D9OT%9z2Aer4HBshRK`elU32RZQ(c23&V*q8LT*7DyG{RY*S|aT@6O1{fq~u#)d09l zJ_yX}In|%;tRiM@h)kiYHo(+1+3?$-CI}1%iQf)iB9*HIp>Z z)poSn~7MGjq^^|L=ch{~UH*TUeq%#C$U-{W!ljW1@E6J5z z?Y+Z_zaPsqNS%ZR^B4F8I2DAvRIw#pf-)@nsl5iI55zLIl zNt%OzFank=K@t!fI+{D0>+4d-z%vF0+fTJ;(y4)d$+gWSB^fQwEj}x(kupmQ@B;%* zraX}vk{njwXnJTEvVvY2&+cQv*Yt&}I8ib&TTEHe}26 zK+iH?f#62{A;?W1BS_(N)GL>+A!RSApdL$g4%pFa*5dQ?WY}Dp$yDkQaTTJTiUfE| zK1{tVc*>;eXel`;Jt?%H_l9H>!p#Ui6s#cM;$%EVraX}`7faTIXzFe6JK5PTr837F z3I-KnHxO|Ol02Y!Kr+DW99fEU=u)WUYgvF~yOUL28&9TB_4H#Y^rt$8Npa{%cczCm z?+#}~IeRgfF?_=y#8g0G3?}vMnP$1BG3e|BEoX?N0X&rib#GFNoesibCi! zL9)p$%z<{a90l2jW*{lQ)(w>gNVb<-Akb;z#2{4P+&YyB2Ci$ZK?9a(t*KY zNT*n40r}cu2CS63c6GG(5A^qRwD-cGzLAvwO;zi6?b3{8qqH8>*R9`DrJj=OH=z-0 zqz;q$o#32}=o^k$Q9pc)er4wA# zn+Xj=IcjcO0T`-9JR=ZIV9LIN6*i&LqG^aSteL*&4SYh9QTf&OnxrADv|Q>3WeL!p z2_4J1pqiVvCTW>wx`zf%!#b+`cybL7jlh}%TfZE!Tx6;C&d#Cq@bEwv{E?F3nm*$C9sx|CoFxp z?xAl{!Dujf&TZC^x@D+SaSS7h&~o0ULJZ)!tFI#)OG-Jwt>F&|MorZAVKR2?92m(A zj$~{u_;XG*H;*d(b38K1e5;`6L2u@f?!HJDsyR(!IAL17!DjMyOY+=|%AoB^3_k(` zG@2k$e4=m@AhYsuI##|dRaX8XyR{XKWW_UQ>V}E~(Mnfpg(|Q!pIewIF90(XG#QDV zvK~kbo1Dbb`>ZBRnI8fZ9U`(EfghfuPG3(m{B7jACN|!3w6FOVn)it@1IJCsz%7vB zLRVnWi53un$v>2eBZfIAHI6mSdENV4+}&#b$3xEprYm!~oVsjeQ!kr>WQV9Plvz6!=c zjmq0YIy*2ifF&W`4NQNblc9oS>JjSVyF{dqvwfHxxP~_v{F@f6KuP<+6Se^lZq08@feXaH9ul6zRB$vJ2=V~bb}Hp+m^ zIG!*%DOofkOoXc7*W0WW6&RN|PZeU6R#JLqglGLkVRrHgZiM6j-4`<%SVvQ5Yz<^izywhLG{elUz<8uH%!vnNKujojKZ3L5 ztV#+Mu=)G8I1RY4;8j@@h&N~*;iK=yI012|6@>7>ptSOsx#3PEgHp<+*wJg$KoX$} zKvtuNNd1I_JEciWLm6R3fMJKwYY0D6;@O>QWl~?cndh$NZJj-*5X)?sKvv?|kkgSQ zmoKb+v})?>CBp-If|HB2s+K7I%hM(LRLvOcJ_4X=;o9RY{rtlDRr#Ha1J=h4c-kQOn*27(;ASI zqWr1bSOP%|_l#B9#dqLaz*?0n=F`T9C_)hk3pu1>0F{s|yMi!*sZN){QyQA&ct#>s zC@C#neO5%?xJfzgX2A8c#drI#;QSeD#wgrZ!Er@Cr9ez(d$LLT58-GD+8aE*A-^Zc zc|}+}X&{``^CC^&h$Ss!CMebL=_xHYz0U%%-p8zk+J+WkVQdE#O`jS<5RkN2BPhA$ zq#TZ3I0f)IpSxS(%!J_h*qTdmLYH(ieqMS zeWBtaBw(qc<=-aK0iPI1E#^S}S2$?3yvZa8^0X=PR=_NI#!_v8C9MM-hg3`2lR=d_ zQXl3X3$ry14mS6w?i32hMl?H|E&z+*VL)p(Prb=*9knj$>BSkZ`30k$k_|R1@%qoExE^Euw6cY(B z0}M;qp}fH5;+a|nlj(x)tfjO4ARH@fQix>8I<=zB04Oahg%LGS4di*&O?fc zj_@`TV2*HQh9^@t1uOd#S;B%Va(KAq$dsXJggzogRv(7|NC9RL11aY2ct`I+Id$0j zqfDVd{M7K7{!I5)$cN3%9lhH-(;dCoy3}%18k4*avXZQx^@_hp8NLUg2(1qt%(F`C zG6^FDFqZbuD)T`hT%xf9+b25>QRJjPPmI6Rld*QNXDiHxC;4kwXu=dMdD)|bh9sK< ztpIUQ{vNyUNogkeoj=yQ?^D*?lB*iL6i(#$Jz^CqKFpx%*w+WKV`yLm(W03FxzVbp zA6j%z<_rQ7^fz;Gsl6+`Y|8|)S|D-z9vQWgxgoN;DuO#OPdCvDO< zI0PDCnw!!rY1PMAC_8&bp;S!R7$ujB3+tFVW3^%mwvvw1RwW5)=sAR>OLju9vT_)C#PKr(QCX%3Ph0{PT} zFprcpF`WcJc97#KG9gfzmZ{;gWV?64nm0DevmF#gg?=(PK+39APYRI!8)WpI*$U%u zYRVFnooFB!9UCxN^#z%M6xQ?h^D#*|c>`3$Y*z}-K@&_P0k47-D@-gIJBotn0f}F^ zqKc*x^Q$8Y0nTuypVLOy?CnA{@|re@A=Yj}rN>g)>!Ybf)F)&-+SP@S_0yg0;3GsG z2~Fj4aKK_3U~Xf%vfANzkfAeJ10cn{>HbrhZs>y8;egP1>{&mP8Xm;a6Zu$4b#1zU7>J_W9AE;AeQ^05tVyB)85trw4 zNYk_luOz`nwT7XEp8J6BVWMO9Str9Pj;xSE8U<|9(In&^!pBj00>p86irj{eNe6C8 z?X4TJzF0Q{XHxAMKWah8(H16Y^7%0)pn8y#-t;{^9Ro1t4R%w^z1;K)F0TT+wxv>} zytTly(%gHb4fMDng&#yVtD{Ro5oOBzwiNR0$RhkqSsxCHL8KMC7z;A$E4?oZ@dB%p zp&$ssmV8yOvN{)Euas@-GGGz1MI|ruo0_8z&Mvd>aXi@Zan&vu0EiYO~pT6t1;T*J|T ze;V_DmiaRqM04$qkQ91ir*_)d(q=n^Ci}F92BXPY{Z?%E8yOnz8BO<|*&o=v0-nIA zN-j1+#v-aUul6xDjKTg0m`jaKGK|*cRFl=(B*Kx(ATS|4INXE%1&{*dQCV50w!3+| z&PWXheJSXtxcSM*qIO{V(HKrD$q|qNhC@rq(}qLBF~F?`hcmr9 z)AwLKk`JeTG@0Cn*y|BG;;Iv>KyOdS8F;ni@eQX{T((Lx<1#pAVvWr1$^hWQ!Y!r^ z`GAHIu&Val1M2{xb%f%=X^{o`;f1jwXgis{8*$+ogrG#;2+<82@?U>NL>*kaCntIT1TnrK+zF ze>2L5?XWc%Q*WgzO$J*Vz1gQd`9W%Gh^e>Hl6%}eueH?JK#}Pf#E=7FAoQ^KdP9Vn z_awKCFA#7S6vB-7ImHMR6ViYgxy1$v`ouw=PB>*bG^?*D=VZ1SNcI^>Ktjit!ng5x9YL4TSEv&dq5S|1uNz=+F-?A8dQqmw?6qFZ_# z(Tj=EIo%{3`H_}kQcQN1Dm6B!=-Ey{gfmi~fC!qotpU`M(@wv2K0`(xR4V;s<2>ae zFKi$Ix1th4!kvnUBO1xzFc>AAsl`SXEwX*c9UIa;WHEvGOdfGsJGxYbe8mOh-Lg*t z^?l+Y4~3zfs@=qj*sWU<8|CQ|Xae(0-88ZxeTHpRrjBAq>&w$p3mkE~R4IvhNwQH# z?fRNv71rOKOObMbl#;0`5Q9H+u}@TQS5I$m3b9GDtw`TVoF<3Er(lOgU|wdRug7fL z3blHG6>Z%<3<v_w>uH`8bNs+BP6cX(uMcIC)a7-Vs=c4u-zMd7yBI z?RzjnIik9000WR71CytZv{1w)z)8utoT`sZFf4jp@ah~lV74pp0!I^2p7Y5vl&^#vs30a`uQA7uWB8{YB;6gS% z9|!?)J?ywJ=^zcB9pl+-rYJ#iXT%P(#owqwo}A)oy}9?aOF-Dk_a%uyppB0@CfJ5- z6UQ>x6Jn`$R*jwjC%24v>rL$&IRL8!tSE-^Qyq$}({VC`AeWjUhTDOsWN$8nh^n|8 zLhgx2gu|;wDqQ*$A`xg1PE`wah=&BhOUJh3dmf;ZbuT~Ee%HVdZQp@S3ugy*_2TG( z_MubwKiwXnxH57Ob1AJwQ|bhndrZV=YT)Eu#9*|k)e%Tf^e~4_=1F$URg%GMxlL$^ z#sVv-Vo(5m$i}cRl0gtb?kQStu#Xg>_;O84DJ`gnriQwQBXUzUB!mcNU9wul(WcTQ zuY-eY*O8H<(T%Bd77SYP5(_+OB#89kAmLN#PFf)_*iekTvJg;X&bbeJO-{W>4Ne7e z81Ih)9LMmC+*wX~X$oiI8(K4iL$po_zx(yH$-dC|Qizv0?^oeVqXQhRmJ9#{Q$G$| z999Q`%EN5)*=<8st2*T^)ishy-;+9xI|ou-z3r#Wj;PQHml7=64`q$c;?E{9Kzr>{ zumeQw5d|@6Z1+J|*vu2PtHo)eE+%v^IG4aa~9U0&Fs=Wa!s=`Z@^< z4^6zikAc)D+E)tg_tXdu7>89{oh3p$9$q+ZuCU|gvJ$JTq=n?xj?t5b^*KD4ahx)a zi^7*~$aZ+Wf54N3JnLmnt-$Ubn9L;zuXYE>9)gwTR$RJZ#YEzL+AU{<2JNRw(j_d) z5~AYY5V$6<5WzC#QV6c%sq1bZhGUH+5y;trvkd%LiwX7|-$AINy+c~)=38a2F6p3v z3EUAf(6Mu8>hv&9Pn6p((XRj~ z%aJil9vnhOuHi_tyl`nhgfbZuMa)IZ`O0+QHu&O@>Yh`Q`xteQa47pWGHdaoxErZp z!h!P`N2VZ)*%(G%?iP-#O5iYVYX4p>uYN z7abtA*E2}zlCn$0QxJv$^I@mjBDpsbqMcFfy5dN(P?oq2lM4e@`zC%qHoaHdO;oh| zPvQ-5GDKVKz-Q0@>TU@$+ph~JygLU+hP%}zG}34ru=Hp$w@n4>6Z_EiEQQH2eq)^Sr0Pm|y zM7QDcAW2B=NsHQ|PDfQJby+F3UJ$~;z9~ngffi#LoxOEZacE?ZFsyG1;;p?w&GE}g zUZsY>Mj5tD0pVu5N1-|aMl7`fssjzu+6GSyNoGI^-F=gddps+^5z?R+o zEcHo?Pr;)V^tKcnrY7$uk}w2e>Ct&{bHtZ*@D>x$rh}zwi8v=7QJH{mK18rf zsy#h2_E^y%XT5|O56&P&!JwKUwLM`t1#4T&lr&FlXM|}l^!$k0Tiz@saj2$vz+ssc%w; z=F$x1@k3D-uyrFm&j>ZcEo#=n0s;V9g&Ej^m@#c^rwu}C>FTq8CrNA_@`T#or+CPY zqJxSLW|@RA`9f_;0b`aSU0sOik}(Rt;sdmR;9(A&izMx&l`|h6K;mZ^!Ya z5VO<0!B{yHM~84bvWuQhnM`WM6*45Zc`|6ICmCI?bLk5S9y8HI$H7};M)uH&oL171 z9iO^&&t^s(g;CU8;k#-VNS}^7$VaSs%|Ssb)XbTWR^JL`7H9rRzX2*w20|RHKTR^w zR&~u}%4pX_4oI;d#sxpPcT)Lkn)TKNbDKkm=!a=GYq#LR1l`^Z8V7Q5)G$7yRh{fH zY&rw6Cd02}jD-GfP5MgCBZ_2bQivAXt)lL-Y?jD7zN0{a6!;mfTu*|?h41p-qUHnbefI3vLgm4&!JX4yyLndw+0o!% z%Xf92v=Cm;Lo5HK+haAzYX_$BuTQ8YNm_T z)YwcA3=xjP_;Qk+zedV)pR!sgO7k3zMH9OVE)qfm;1o`V>fS#vMT5poDxF zPNAzaxjk^KoW4zoPDVS_e&!?v&(Q_B0|-l2SLK=;D4WQW$3lmp5x}{Lh`Yg|o>3K# z2i+hg?48OhKOI+>fUrV^}E1mo(11%{K%g!+K)nOU=DK`(1z(Nu#|~FFIhpgj3MbX|4~+h%t!%2nv#>PT8jHl=Ui1 zUT2{Nc-)<(>I+4=O|SlVCfe3=!NMH(LGsDzp`J|o#-3Bn2nuZPca}eCI>F^<>3j6- zF&jq#!MXbU^Hvj(CgCduYV2E(fwgX5YvGKBusYzb2aWG?I+M>Rkrdzy_p z(zcYOV_QvJVMr)|J=r9uze+}Z=o=9Ur9!F3#EZw|qTx1)?&ij!_D<-})awAh583HV zSIELKf6QJSdlbm4J@DuTGdIh#T5vm$JFe0|WP0+;Je<%T=tXj@+n%L8&dy_L>I^Um89Wyz$QXUVlcmW(2zi^_ zJLEbeCzQN}E2p`NNHehp=o*>KnIpI`!iapKdaOCwMoBk@Xn??k@z(6NUF&vKYIHZid}sED@Q|=6VT6eslloTB z2FC6fn)a?!Y)Z}-%f^{`!6^I?spS^iZR+e!c$_+n{U0Wqt{zzI z$&%FHGu%ywhrR;0wktd`6wg_$bNY%%GgADXLgjrPW|7|yAdtK)4>_7Lr?40kiZ15j zk7up*Q5>;Jv={rIa9u%q2s={AH`$-Yj%YHA(48hKGz2S8elbxbQUr8)d5of)8Z zBosRWLH0E3;3APPx7JEIp!TW_0O~9t9NCK7v2gAi9Ve~nT9_!C-9o7Rmnud>nhW3# zZ2@zVP9zzI2-AV00(p_3K;vZgXa;?^F;QDa4su5UYrBqg4G}$|OWpN`qn0Bb9r8dg z@;+fm8d%mHKLcC4vY7MamKd69TK6hKgM^f@Y058x1-GST6?1Yb98MH8Qs#7QnD(mB zJ{-fuuQ3M!J(U`6r(+5A$psT9H0bj5t?bCl1r(`tO+1&#+8)UA)7U=T(w~vyF4f?< z1?h$y3ML413mVl+*8$#)I@m!vX5)l08%<(gOi(L@PbHUP8uTE8W9C_IA#q22Eh_E^ zKN;v)@V1O^s&S0V!Nd+J)t>VHG-yNf*&!QUAxqrDRq(d%jymP%yp6_9=U4oM!Ad&F1Sgl9J_Yu z{oES~;ebM$=rp_uTMK0y)03e!a%E*t+35rcs%CehIlHP*tNq}?W?(y9+%n>jY^FNw zkk~`kKIIdq47=14gcah{)d}E!umj-k2RaDPtgWmlBNv$R&r*beqO0~;P*6kASaUdN z9!w3hb5BrK^D~`Ex!M6!3fx2gyf`tS5FKia?+4UH2@1cnppaTpmp;pld#6a!s1S@R{NYxsPO>tT<~&2ix#+^CtzOol}@I2(0f{w z+c*uPeK2Y_lsn4L=rM+$({0x{^~vou1A%X8!SO6v*>R|&PPz~!7cPvfYPege(6{jb z=1c&~vy4sP5PF}BNadEsA&e^z4e-UBC<8GH7lmm)GZXQDd0g@sx6zw48Oj%k^i3&}i&}<@6*QHrjMT&_mhUK--L{n-pNVr}0@R6zY!1mTV5_j4 zBU_}o3#)RwG02uMNu8x}Na8f)+kA>Et(AbJ6%q&A-Q3*_iSih>3k(dlpQ6)j>1-m% z+EVp4_Fm$hb_Wr9T8G0bM*2p2k-sI_!pyi>q%ILkd7Jxa@o!BjIi2sXGP|qjpf0+7 zUS2>?2X(=)KRlT3=z-4h3Uk;W*pudF^4>JbtN|;16%ZX9R-hb8y;g_K>zneX>$8Lk zB#)}%#4{)NofNyE*m{igQ)H%m38z@U*NTe38AV1Bp&mot*UiJ+5?RI|J_i^XMfjAc?7 zpL@iUszL`zbq%$5q&j;}^<;*nO~Qlhq$*PDA(u_g*P1aC;TBZug9<9Xn0q5W7It7b zu|&5>r?6(sfqUj!Om}>VmVvcphnSwS+@{dx3&)l^k*f~7zRWKeURMI;u*7aCTyYGBV@5E!ueBfm#w3l061;%c6SqGQBu@xfj$|T!pNO~r7vT)T!$#U zyV$d(yLt48IS!~$@b1KbbU+Cm-aXtgATL`BFwE)n95e`h4LOVvaf={M@>m^mfopZ8 zaNmp+X!Ym=2i6et@+Zftu-bH#>pUB%JLWtaYu!#EkRyF+VCamD<et0+^w#=mRwy=$^KMZm|sT0z-U#09XPR z$O)@N?i($g{zLt-bPY78{&Y=#y%%ubXqHzJ)7g% zIa=^KQOa~vvvWB@`qfs<_N1&4$Jot*6BWGt%hu?gqYL&Gf*(N@8c z`%pt@y459w;RA^UPzc1oHbK=MHA0e{PIqj=oS-MM^G2svt~YXnFD?Ru5l+Txv#uWI zn=53xqV7`OKA8+48KQ-x$9!60n=!L~kKV5-XYCd*D#A_wo`%khb%v7Koxfz(;P-I= z;IEj~vkuAkYu_U|_F%gwW<&#KJX>>zeLc9Eh!Zcn#c+uRZwC7am7@Cn=oDtzYuCC8 zdm~RHno3s8fVsFn3HGQ`BXrQw<)*>O7GYSj%~r}rJ#yEUjBS8>_&^RK0EIE>3_KJ} z7NY`+JB{Jt<}**z7llEjCK=dqm#26=#U>n&&)|hhxN2Gt6q}n=I|?GW+pY;MvNX-_ zO4z@YpuwU0aK^mfjKhKss`VA-Ae`T!v3T4;$HtD9U48OXTj1iWJ8l(!Xgn-OIB=+) zz`@S|_9MGhA%~U#8<6fE!718L2dAsi03UQYU#;6zD^8o!wBh2^%pOgBp}HGur0t94 z*!8lMJ|^|1GP2e#?&@O`K_!uc{uwy{>=`eO3&pq7hC4xS=!I?*I$x$`Z_jx)7P z`BXQeUr~m4<{3*kB;o|72crGtgQNu8Xg#|Iil0w0-O86N=ErYf6-+JRQ&(oo!n`sS zczSZ8K|A671_$RmL8QO6ZH_~QZo(eoO1?0~iWsmlosYM8s=<>spAbgvMyVe&9DzHn zZ9nrQCOUSl;&G<4I_c?R+(7Jr0ULC0gUkE^dU3^m4PPHTX_L)wZZ0d!3J@*^Qr-m3 zT%(<8)rMvDk^$SvmtYIJH(d+)Iy{ympP{~Ko&a%>cLf)NJMcisjsmF!=Mw|Gg6yDV z4x(N**;1yla+@XcvGO-3$Js^1ZvZ;7SBvLx-3rDeuC>zjp%A!ci(2yRz!g-@+N6BF z`G^pjgZHr3Yn!~cm$Ui&c6qCVB(M)o-e{$SQ^=QifVTA^$qbp*Ay+|)d29j1+=R)b zXlz2_ohrBXTt&e>8S~XBLX~ofD2>P)wqG)8;sT1mO)7px_*l13rSF%w<-#KYL^wi- z8+|cPYLIg?F3{S{IQLMX6&uC{GUiYhTsxt`G2lwYIK~CFIHVX4)&@_v%h@7^5hx6gkTikLfYBt%n zJw3P4`1swsAx{3r*c00;A=U>PXhS@0y!-ROyT{*onjte6(IQ!J__!o|#9x^8b6G5M zlP|Ex^YSmzG>v~=T#YNZjThA^$%eY36My3q0?J1O4lm>tT8$rUADc{PC#k8BvEgiV zzeFu?06)l(`=I)on$oXN4iDBd5U#aRusgm=A~?>D6rT&i>Jq%jgS7!`+=;D(vtA3~ zfLzNBFwI`3d>vAf7&?r4EmwRiPS6D-jbGgXS~4RrS*;KirFFcL?C4B5Z$;(qiwzdk zWJ|P*t!mRJL>2&~Z`&F6Di3`b`?xXi6nR0!n5j@5%F*R$8qU%#ekLLzGH%?Yfmi72 zQ`rvTccpz6~;RGQZLH_h}6Pz zw9eYJyxn%pQLhrlR?Yc^o){?(tYzaoW4)ptlxWw2p3am%J4_R9&q1P~X>ss$f$XtG zCK;O_fnaB!dm&($zv#iT<5+9M%6|Gc)q4a^n2IY3;r`rQ1e7o%b9pnLiuRhBA@Is7 z#I8a;r^`^6mDp(Jat}E!Xcn??%NtKJ|D}VNb_XCXQwW&EpA|w9#4bDuxVif!dgmi^ zJwwQlRpp3ZYe1NmkCV$_DtBtw2dAzL5E_brm1paw%gNnhQ%!Df*#=1T)h?VmI=R^d zn}_0}2S_q*C)4?65HG5^f;h7m>Vz=cOTwW}^EUY5JI;($gog}?QD)?ZcJCr@A4hS~*#0 zOVM5RcMjzR4ngIxOmGZeJO01#N~SP+l0YujTmM#uqD)Vv})S=&jNaHlk}LYs^Z zpL6+r!jlf!6>5la$5UkAvCDj7myy9mW7RVM7%=M=JQ|%uq;%d>%Bxx~P(1?*9FuT( z04Iwtw11gM6jki8;jo?rRhv6Ez*Q z3;~Twhbnqs@UKssVdxl*&7`r|HCmB!HWo`)rS#CnqquCI)MB67H5xQbrW+A51)DK= zMeRyHBU!T1@RqWFNAG82wK*m#XjAcAs=|Pt8 zL`dxyX=`%JCgaG4vmNZR9WQS0)>oRgRfR706Si0n$U6A6u^lx!2x14@JyEHMJOMH& z{6C!k@8E(PB1h&wJ2o>vqI^a;G4cxc(Ma26PoQ|I7E-l{K=2Z?aBt8W=W4dV;q)(x z_hIvcQ8lyLEU(WIfnpjU|8`Y>C0s(E{5X$J7+TSIK;gx54GVU$rU4j5IXP*(LmMJsq;$zCK18E+DVw8n2z9 zS;T?LM>flc$?Br|KeN@6AP8IPh6JH(mo(6^l0YI}DjM+G`MC}Z|GE%w>mK!!%lke| zXgJ_}PP`YkFe0WX6GOs^kEHvRf9Kd#dZVt}g;dpU^TdOYM6j5VvO&LJTe1e5I_UZ^ zkhIP~&1ttw1hypeV6UiqH3@isWX`LfzNU#g61ZGJ4RVc{#V7xGM}MHXWk=Ddx?IH~-`RJk*$nw~*vw)ix(*7j-I>fdbaRO`);VudA z-?140w^43FEXyCnK4a|khrS?p-F-Q2izOHtZwtR)fKCVzF&iOW1f)d&u;aF=p z?Dp?bwny)b{epbW#`@+@&TX`Puqy#-Q0PIh@i&w$s33+k=02tEWWb$=Q7cWPsfp9Xbz zlli|itBK*oi-W$%ID=b-Hg7w7GYMElV^kk^WM!B>nk{33W|tW!Q$156;DXJLl^;X@ zNr~2p!<}92B-a>vMZdj+d;^0NSWY-buE{96Z!4L{oIv}+%FCc>b}F;tZo)JH0KiUl zmqIAeh?&CSyGCPZScuD;17BZDD3%@TcFNnyc-TAHYj~V7@@<+!w1vSrS-U-hf5GY) zE^e~ciI`ncyRX7Y=2c1%0SP0_8si^`8t`SbDsk2sy_R;bBX-z~3Qc8RzpencPuVoE zsvagEW(O$-<@@;$LzNBoB}&}a-$`O>JKnaI0{8@Y?v&-2G0<8r7<&pP=tn!Co%R-qZ<0ST(0Pl+Ve*iK;-5*KBXP1>#%5o zDzBlO%fxBM?nL0Go$QM~NQwt+8fOmh&|r7PuDSGf)_@^*Of?Qv3lv-{fbJQ&+GT&6B*{CQJM8_s=?DNEhU``uPXeE(qfNmD4!TI}H*1)} z^wz|!K+3LP|Df;b?$~csdz(XRj`m1xTbZlJwgER}!ZrA%BTmi{ki!Bko~Nvr&=8jn zBA%jhh?4L=fV4zP5oHLUeVBdxVYXi5o&R)Jxu-GH)#os$DMGUbjS{<7xQ+x>;JEr4 zO_3=}{*5igD7CK+$JZ!DgRWwuY?XD-Fw;EfkdW(U5~aCRs?PSyZIxt1$k`jb{ztle;gKXv_!_Zr7pzQuRQPNO?Z9dvx7eGK2K*e-Iu4HQ7#M+h+y`-o`s z>Bt$>l4I8+qT#F?gf&12*4T^2(V)-q&sYGn`%R7ye(36Eqy~+e+&{Vq7seuiF=8WTu2Y~v zgfI%26nZl&r$m*bPbjhJ>5s%ATKb{kw>#p)=(p=cn*8MnGJv`@`}z$$o*O!YwuI>P z6DqjyCup%D#n!1AY*dLqL*k-&;RNtT0YOOGSP`4!`Th>#1FhniBHj1qb+PcLJshbs zK}6c&N7%VU9Y~iAEyzPcCOLQlvKXU7m9H=tG+T|Y3&D5AsZP~$jW!D2P3lXlZ~gX! z&e2v~OV2Rh5S@Nw5e$AW>yQs0ib#er1qm^1QW2Mp&&N+O?@)yh&2Uz9VCf8S{7Aw? z4bvR-20s}QCl~S5o>su>6S?huYa(=3lkINC&t|vlIr_32`=6o6t`p+HXX7IzuBypi zg-2m9j=*vW$sSuYe)*+`RNP1H>=8fV_AV?|d`Hs9$MUo7DRM+K0%w2w3E72V#z}`8 zFfyCMi0BfLLMf4a9X52Unam+h!I$K$xDclni7{jsGWMZDkp~RV43BuZnn5bLt`>7` zb=VFZ2Lm@FZ6s^gGTsT#fP?6pmz}(hP$l2+zC|h8MC2_pX{Y#qedAlVCt>{C*e{@i z+7JiMuu}v~?^vl&30P^%6UPO4bM+GiBDI^JW2ukI$I8^ms0T$$=LBZguo zy44QW19uH?YsF^nd7o-u(*&M`)knTC{^o!Sn$DJ_tF$+xV`ZZQl$Es~%1qrWu?g0_ zpV<-#HC>hkiw*fO0*ok2jG?Wf^_)nSIrdrbN&9OEzzDfT1P-ofj3gw8iL<{tIry5P z#+spqL)%*Z_HPKa8+Um7-m_g4z4Jn}-3$_@GfeJhMUA%(|UX3S9S@Q@Y=~l@C2;X&EXaL(Ucvt%9m27_SeZC5;fz|W?JHRuIi5uEBvIVXBHvL$@5B*WS#-y~C z(O@|d_pnoJj(QF2hfU#umKge{KIk^PONMypa7^PQ$Kw~C%VvkQ@A3cm-g|D}x9>0& zTI3UTrda@A8mK#gWE&LZM-c8b>&g2rmT7s2NR?eNEBi&vg~JrU+g~nKP#rnG5*C5k z9w?@foGwZ<>$kV#xwAyQHbjb7byN5tt$)%N(E3NIiSzpjMl*erlpb_&F8qiD zt`)Q!;2@;m-@k5Q&Cg{E8^hvuP=pPXwt)yJI?JTdu{&?1k#H?%P~60WbDlv#@jAGa zTVv4g})*duB9A7U*=#LJB zpz*C+`Tm_**%_W~)l9k$&oCqhoVCc845!iWDo9{(t{NbBm+1qy)`dFrF0~(_M3Zb= z2?VuXDtirbNxebhBdLvn-@m?<|MI>b)bg<5=)6HQ6O8SjOu<+>!7?^;-{e8Pu*VOC z-T_^dmb3^n1_gu3M7pOokq*!9)P5Kxh#rScZEzta@N@CdGFqg|xQ&eL9r()q2CARr z!FE~@h+_WW2SM0_QU%>MYz5C*Y)Ri zanvI|3G&=Chpyub5B8QFU(oFZk;+?oMY?&M?aTSiMSE#r6dW{X_P;U=92fqzd|V6q z1V*%e3ckS?K*y_>x~Rq#6pLA`d$zRWx3^Sc0qJPM&j`2>mN?X4!;UiXPBUjXgP7p%}?l`e9Wr$~PQ-Y`vNIJ#NB*zcZ~tGQ)KPX9%g;=OFmTuDP_D$C!f#v zP@3atPl%EYK!glF_+tKk=BJ?n9?yQA&Td6sfjY&}QSwL2I0CRftgt`7p1&WXPuJw; zi`vw7*Y-5s<=Gw5j5Z~YliALstu-RIvJ<9}72)pVHOMQr?6m9kyNB}Sl5yO_Wlalc z;Q5$^siVg_W#AnJ434dcHHeWp@4SVr67udtyRm|D0`%nzTD3}C8a-o)YAj^y?X6iJA8NF z>vJ#Leuh1Z!}CPm(V?h#0;vP0fU0CUQI1NK8Tq|JpzwB>Zd6LYt}!p!iTU;PI*4b{Ona89ALJfH#_l5tb)W>W>u= z9Cj1vT9ox-Yau4qT7-tp)mk55(&dKV-EJ!-rxt+U(;m{es4oE|l|xNjNj%Gl97&F} zHsjGTM1kwu*;GdcT*PG>f~ADL0P@j9fY`x?j9OOkNS+H{*@3NG&VkXlsun`rDe4uk z5q5_@N=OGWTCZwK1h;5?quWm5`SqWCY}{N=oLe}40DvazwJ=4q@- zTT}Rn>b2zN(E5#G)G1>q&fU1cUcW{?_w7=`LqUt{>U;+BaR!Zmj(*5G=?cq_HwHk( zh>_GCddVW9MTOI`OwM4Dk17k?zAx;_DPCHpj~PFa@weO%-J7yKwn@zjPkWlycgq%j zN~94Cnyv1zjRl;@q-@rNHLzbsc05;;3p zXS4B|bF-G3Bd|oI9_|mK-U}Y^sB-h*@^XPDukJg_yR9yVk&BA?4O?ztT0IX_WO~bL zCcy%@(DiJ!IWgTr%mS6n1mYUdVUUwR*kD%hlC`;~iy z!R3^A*zj^hfJ2xb5-sM^vsG+QiaPK{C2?q)L-Wi1=-v!rMZvt5`rbvPHgYXAv1)u^ z|JTda|5%>o;`2v;dinB;#pL?@V)EJKZnJ!O_!yZT{jbrVKG!()w+P&^l|{uydzi|L zId7PLBx&ZxOuW3kg1r&9TnN^T;PE*FYj$yQ#_+H(q+49X{vxC9L8h%iLOOyL58j9} zQ^?e`M0S)qr4Yjc`dexv0~i%r4PSXq_IiV{1kSvd0`aZyA8{AZmtJszIiP-|y#aYH1$rcOs>D7H+ggl4bC(m*65R> z#?s&_(3ZaFp*doZYU1 z?+=iH5#Wo-dz;z&<*H%wUVMT(7{h1?rZvv$AF0CZO9$^U^XJm_!L-i0ngQ(=NzLYS zm~_aZovyuFuD?+BKmv@Ne`U2insu7 zLff%-eZ%0yM!OLA`Wix9;RO)7xtf1wBwQ07N$&mYZtecyyH`J)2|)*cm4;h`7bFj% z;Q8MKHE9QV2g(Ys4CJ618D}-pI~x)`M2U1aVwoi6{Qb>L(1-ymXyN!Sl+xZ@hR+3+GmA%@Ioj@VVrIBoNyepWi^;fzX*-ac(tBtaQaGy_anp#Wo8KP@&UWo72q^@=bKz{;(+P!byDb z@DQ~T8cQ3F!4_Z~ZRX6xZA-A=wLh-#9!HfgmJxzwd3nj+Gm|v{rEgyF#TSnT<>_fK z=9ia9?z&x`9_Ln>t|tIO16)x;^-_dc2E|1|jwwwdS1Lepkc_bEYt{mx+4nb5opGiD zN1_b0LZc9k0t-Ea!`^EaN%|}tV?RI0K7@a*{YRLcgB}Vi0|zV<@$f#w2(Q!;dX(e= zxucRm6HQ-gX_nKXPw@`g)c7Vj-j>N z*afO>JL?x|B2g6S7B^k0&+@7z!sF%12_Xwfv%m>M7gsg`Rovhxfnl8>4GA0f%S?;W zn?~cB)vNrm`3z;(?iL4A2*6jfmFNUr0=|6oTS?4t@)2@>qh%I7%A!o|lIJRPCH+rR z140vxB;jm>=o!LOByuha1%z3M8fJluYYhd!o%OW3*T6YoSIJ4hYS~e6CsJDg6mYfs zdzk(=*qP2={}F2MI7wbBijtZ;oEpqi0M>?|o4rT394%#@U^3RZVB>@3=E_f8>*1r_ zB3ji{W>E&&DGP4!S{VI3v9ZQy9P{UcC^3m{SXdvbr$zr@)+kfSzjiWtOR{orYXeDc z4BIjLjI{XJGR;}5hIoq8ux=MijYzaEDmLsBo@Ri9u@@(DJ_~li=)vS;Lf3Q1|Eb*q zez?GFah{pz!0q%zrM8)}W)Y2^s)-W(Cu!ZX!`Z58A+3?#LM3NJT=i}4%tz?;FFs~jYpV>B(TwTvG=KgU&We~A2T1N71A$s5>L)&@8{Z8Em9zT@4uj# zx@5pR9#)oea-uMAVE#FTM|;`Qek6pL9k19cEND$dftadEo(DG4mojn~6&er$=VkNB zchp8iv&wBHb~$UgQMPdyzfXhIPlm*k9Bq>7=sZ2X-=8r%8ocEP&GtnU)H>V&&q2)} zx(s+{;^4)&yHz-_@a+0_gB*yBJMn=PQ;R}bo8zL{0b&{Q`qi{#HMX1&HNZ_o5>8gQ zXn8tR_uFABBz~;-cWkds81=O^^!GcHVB$9(r$B z%Ia3IPwTTQ7>Bxj-HU0FZ3({?)L9fa7%dxB9K}U0=!7tP$if}tZ2PXA&op*t;&5jW zIlQRQhW_W1pWg9t6Kf#xbOQxn7pt-yO?%@-7gEM02uZUe(aP|pFwBj)qUeyjODma= zIGjLC>fUz;kZ>3q=kY4`N^_J%Yh??_(@<*hQZi*7v{XR_Rm*3=aw9BYusOwWx+z8q z;AZ|s*~r@;Fhx;b%0P5tYIL|jJQR%{D@|EkX%Rn#VBL0rBG%@{5L2nm1a9mG`?WBT^%Y zmV2^>L+}bI9>9oH z>e^!`*?P@s7UhR)_Q+}u+tlMQCN@7Ce79h#n4ME|EgJMYAWQ z8o|~hId&sORSr+^sKdv*z@jfE)X_1jK;!5ksL(iihzw=lO93gfa-!RjO$A-bw?s^y z9T_(M(Wfc)_I_IH?Cp9DKUCUPMSr&?BpdK(s8A|JaeY@vw*QnYt+h}!Z0a69V?cRQ z@DJlmyb|m?Dt(8i{_)^1vf&QwiVjg9s$F0hWY7b@;&y^MZPvSje3cnoy?l0(K@#^scw!&%21pRH$fOn;ds@^h(_&$1;;P%JL^GfW{W)OD>?VP@ z;gtrDTHOC+GYK*yUwRq%de zMSHoULhGH!U}esc@I|2}@Pp42+OKP0CgBxh+YA$$DJV|f7KZ8|p~}D!PRV-xVS(Ga z{UK0v6#4b}YO{P$Z_^R>4wGnEAxsflJzXpxAbf-s^g*cxP|a|~;gPLdnt1c{Ec9@_ zf>mFjZ|isWSL29!UyEx53qRyz;E%s^@rn3<}&oG%vDM2sq49PyjNUA%%qtxBowz-WX~o~z9o%`-Pw zq{(Yw4z{TeGE|D(9VG@w39^dP7xeecgN^-CySS z2fTKf_ekQpJ+F#SU?<2bVtT2qV<~WzrHwjE{TrdmOp#~A53O5z{_^%kcxC-5LsWXmJc}X+Ac|$4zY$n6y{@XquJ6>nkt)u z;&yE}MuDe=qAi|fi@OqP$e;4UF`e?LM6np>lEJIv2-QkXvya(ke>*iswa-XJ&Yemc zPAS|Ph~Pn8#cc>{p+cy%=uD1m8L9~jgORX~r zFAh>8mo{Y8EW*g&$>j{?>98yp(kcv%CpN3QncKCgY=?r0Uz_22i-dg0Vrc@2E zPeKcb!Eh58S!O;$+LIx0LWFN&jQ;#c-#`ET754>zCh&JP*|aMe+@*IjVcgdQTU$Do zAUD}!WxL~7^-@?x#QiR;3lt&8{G?f}G@sh(2)fH+m6_H9l9}=ua#1Fb zs>zwmQlu{VaIwL|vi#dup8mJcE422^`8QBpa0lcBf2w9oSzMRT>Q{q@FA=*QH*lA= zNv%D%RYyS0k04v7`!>$6Q|BW|*t(?QkdU`q;C53^T}GrP{WUy%IGg~ zC#Yslzh@tJ|4#d>8W68VoIN|ZB4k4QR#YZ!4j;R0RN82Wcp%i_1ihdOXc*6csb9}J zl@i*4mYbm?afO#Tkc=0dF9gluF8O2-xyXdc>l3EknAr(K`C@aOP*WXU? zTL-nC|1{k0(7S!!m&SW)4UDD-A7&qazyxHur>0{f;2M9KGu1*Xx^e)zX}38Ae8gL` zN`#MlbBkfcgI0n?p#pknQm~22C6~^X*QTF5LE`6@;w_=@&@Wd+@{5mJ9IGkN0uSEI zW;)^+w$A}Hw?xTnj|b5WxVlcs1Q{ruL1NhiIcXUdi_W;0mxC(?yqq9N*opf!&(4z? z>BS+f!g!Z04&1;@F$cC503{S$?LgKE_zJZGC5QQy76^3MjKPm!&@|TofD$dI2nL!a z(|T)&fVhQ7;%2tKn~Dnx(E`1;m#e~BnY0dbmnY~lI%ky=d4%9k2i{Shxx}5}ptel0I-VPxX+ zcJiKE1_?8n{y14vSdC)~V53EjIKK_lc|uAclgUpa0W8;9%`Rt1F;7L!sDhw3EE_RP zngkjil@$MWAXtgq&+gt)Nl48|n|DNWRScYjI*Wo5VA2tESaR6Vq@kLToy5Xk;GNV8 zJ>y=lY9Wgo&&TbJ+&*L&oF3^J{Bi|O?@gx3)VSW#4}DFndGW5Bk4r4i5&5%AE^H-U zwqytsm_BWghC;2CYhf{6)tajyNj+6g9}h^EM~RKD(_hfrL3Mx!)C|XV2hXvA_%QN3 z=%|L=`g(Z@v2tb#Ia>2n^v}Ruzs{#ibQQV1nop&*$TcQB%qT-|7sw{3)f_1 zZ(vCoo;a5ljIrZ_Nszp$C&h~X2FJJWbH@>CG<#h)D*B!D>oHvb;j%v2W|B2(`mE}z zTX$CkdYZ1%{~Jxd?qu7>oYXou%ilNmZhq=}H$U@gZWrG@!7*IVzJ4M@_oQNn*@O&m zCMPFl@tS!X7v@Cdt)%&lN)8%XenMHB>&flw*~j&}|^QD z^oI5Z_lrG3EPz2W%f)<(r~tzV@QN%(0kZeNjbrM0 zJ%KD?!SB$acxFidrol)(`sy>;YQ2B4rqgEuG;Z?qdJO2wWTsI~?A7>cd`MAL0>ET) zvH~#RS;)Y@KHID~LV-+>#a6ETZMw$q&akA2n)!R}b~~be+(u~LDR}vr-j{v+8r1f% z$vL}YM6KcgByQQl&-zx zx?j#Ounm&RX}2r>2wl`fW`Q9Ukk73U-9$2Ypebpj2J%<`8q=OA*M3)C|CtR!oUMZH|#fHhS9of@?jnT6iU8 zk$JqU8@<``^z~78G~B_KeZRk}ySvHG)&8ze6a!Q^Sz8i{$Eji4O^JOY-%Tx4w(atH z=z-f7Uc2bKTLY$;5r!4URjhXMMfK|Dqp0Fpe1hUSL>wn?Ga~=fRJ-78zp5O~Ve!r2 z6im)4S_N2-mvBsBgjZvvCnn0wX{YimH75)D?(}Dnc>TR=k_n(kbzvX?{`O)w#F{?T z>>Cygr~mr0w-)Uz{HdoA67w(q6wqEqd;Pr z$KRj6zRnLUg1}~IDvEe^I>fn}e3<==E=KHwz~ZenCTT2?p*a5ql|3@_6+T6Ld#5foUo-2$<( zu6fKYii+v|xw%3R&(rH$&f9uU5hurmgRgrlS)XdMdcXc(kIVZTPnEwmi#p`Ul)js^ z{@|*6%`uPNakE#oH%JFmM6;>Dqd)iQK~8ASlDe)Ru7CFxqisQ9+XC1P%OL z5kqP?q7;5hc~V{Z-fXgLPA{BxO{~_%Ea&@q|Myuxw%p9^{^UE(=ZK79&7rcj9#1d88^jV1< z*%%S}8qD0o3_U(;WQ$-RYpsihi7I7&s2b{&ZfGTsJR=mwoWT}8@z#I{yV~GKC{V)$ zl(oJyLEN9}DacBJ`2*V5I^T0l;+d>glaCdT3#cz(OYe0kqP zklvvwQ5*^ta0_xSyQB z4t`!6uYCB}QuK!-pQ4Y5jJ<*Dqqs|HF6;ee{A_l+o}&yOYZM*Cgh43eOp?E+>-r7P z?VM6`6|-0aytLdHNoW}>H`!Eb6nfYZ`q}C3LWk1cOjX~^=SytBlx}y|-hxtU{Pv0s zbx{%WszO0#m_S9bj9;&mC2KM{3H8zTu3= z%N4qs$ilU;u)#pJ^rP6GiOsi!`6m-t0f62g5c=??K3vbPd8dhL1tnJkn3|S0%fWv_ zQ45THYyy!&5YA7HP{+F+=3|bzA8F+R6b4WaZArDdE6h(b#yQQ^Lh|Gn) zk6D9LQ|dYsQQEyJxz}VRq)RGj2|x+xnBWd)3orQTbl`hDH*hN8d`Lb->mU%_Z7c~? zqnDkfRu847ffJf)(Sk{jMB>#R3Cc&nlE+2R3N>OQ%>1F}P}_M2X4W;kesYY}imxK| z@37RkWpHu$5BDw$(Py#F@W=@o*LRnf7W~OhaV)Fo5BKKvfYfvL)^Gs6v?as{b`77) zt&%t@VcwM;6PYl8?8l3Vl%cp|uWKwOOWsD`Xd8C-6){G2HHV^yar-n%jc1sr6-H{n zq^~qf7$m2q7PR?Lj_K$ubGuJ;y+1$;JH%jx#(l|#49_y{4I|Lc-T z?X{9ks3N(m#wr2plUi!)efZ3qYT(99r-^wh61zMwhhTrlr-~J+Q8_hmW(O3+CzL0| zCd0)of$fqz)eb%0y_f?&4wpe?tqf9oOPIr+9N-RY`cY*0OQ9qdd&koi(eP1CukJ=> z@Y&iI-Nv}D`@a)s4$`jc&bWC4siXjc_~rD)i|YPiji?9h*g!X-UCGsKa@(#K6|lC4 zYBAdlu|jJPmnB1xl@}~;*O&+lkiF8dZ;t=kJ?;bKua!}^>&`=swL=H{6^uDkShqJ% zR+9^OZvK6=y|bBU(`*1jt{KCjESaiiW-qSjX{^a)ce%5_y{f)>_YdA4ZCMSwn15;h zDw2r8vT1ci+!;0i>#PONcIGk13<3+Dn-EqyIg=y%mQ`_J)ra0ZWzdIOZ0&46xHn=o ziVdLU-fTXK%Kik^=c}6um>IFM8zhP$X}?@<(X-Z+glb~B(tXj*)Aijs0(uOiuvfJu zgnY812$p%^YaE%h1h6&SQJBow8Uv+BAKj5fLIf|(9G)I~dUxQSLHku(c9pt@MX$fk z1dWR^ZOgd#1>{|+u}|c8d;pr5hAie8jW$cEw%~qaN1x1+Bp<&TACtBL10(NS*D+=L zwnn~uKUN)3li%!vmwY0eiN|6nlH6#sX-g#DSyIarUnVA4}=aV=JsO^OV-!>^hSIavvb$u8%zz* zRthxd2?g8!Qfm6`D9*uY1c}UXx1n9fPj`z&=s}TF@~!!T_Q;u38BACSJTwqUTV2n6 z2tkF8aNhk6i9?hX#8PK*Yr9e`cmQ}7Yy!>R4lvl63LN`WEO+sKb`whqW`KjTz4^VHFQ=*^ofL?mMphA>kaX5gwL1Cz+Rftd#N*@8_h>D* zF(o-#t*U#@AO$4-_7+5!bf#=&KY%>69)UGozfiVH>X3*$V6ZH$*A$J;%o_dY8K7eoq}c3 z}}MwzT!#a33{B!8wg5!^yv%zaOI?`Q+w{_0@8xhuJLO=%HDontFCr>tK~~Z|FKp1AF1hWjVyk(*)}q&1 zh*YO)+pI%G)gEHs)wpDAJnXrkohYT{M)e8EoZ<^Q>7lYDs(A-neHRMbL=t>;y=mo@ zWNpIoHk_Ge&lG22Bq$a7-BpdU3I|v0XliTsyVG}XTUlqXmVOC#SULVva+U+}h07}A zTGi!by*WBW(f}E!QT5$i5-GBIa^|RLn6_JF;2~q#_Ip*cnQZ{2J!+5O)&YA3#NwrU0Oh9`ZwB5g#vCfmvZ_ z8`fy`P&w2{Il>|&D9~frMfaSQrnz};UiNa--AhQaSaafdl6XPtfz|Uz`YxBiC$q`* z$rLdf-ZrJs&=cznvjfWo0^Pt~7sjYPM^cfb#YeMQ`EszN?e*0VW1kd2TkU1t=o&ok z&TxPvmqFh8EGZI-SyMS1S4k!`u(s~ zJ8jnFKDX%Jz0VS=N@BJ~oE)dJGdt6svq&!wdQrkcMV8!Qq5OudG>RX-#{XD>(@B&# zVgT@I+QYEJzf3gcF$ujL@VcZ2RM`n)qIfc#6>bR{cc^3*XcX1e;n|LvaYqGgVcWdf zw=lFM*X`s1E?mqL)!EC63s&1@aAK~4Q@|ne=AQji3R7WdcOqvj+qxtrPajRTgwN(C zj6H48UNDBH%jEFUtflVPp{?-Ks6(cnn{W>UC0=>rXlu*^6!rqIS-3bA!EC9l7(J!3 zqFTT;NOy+irKl`&oWC~)HR+q&E9#WM-dGO54_qIqsOMjeH|yBGF>QvW>xg2pD@w+( z`Sdk2jv$j42bSTXHbs$CXMEYthH;r-F5HJgbevFXTU|ovy|UUSC6)M<7ScAbN$#$6 zf`KCe*`Y~{Jh+hg`Wq{p!cjuqI|QyL*YJcWz&YeUJYb1k3EBWfAn6x-E+BI&f{Mh? z@BOUC!>MUO*pyM|Fnz7*{rR_1xA5B<9pA-ype+sAPb-!UeKViWmutEA;}c-GZ$=8@ zVi_p&Fwk4$I1~)clomcBk=alV9Y=2~%ymg#B%AB!FEX2dvH_F4ncsZGgb3Wy3@O=} zi)i~;kD#_v3(}^D&$94?O`li8hgRp;Z(qA0Z2#MDYwE-Kiqo@iaD-;W>t<$7~>GyC%W3^T>&Q~YtVnqGbR>+`37 zd3yZlFYh1y1u2j(r}7(r0S)o-W{Q!!H_N;AU+!)m;KKj1VZKg=-0TSqNu}5N3cZ;> zRFLmo&ZQR~%PXpd$O|B_x4fN$v!(-a1xz}dQNyY{Lxdz~JwsIUHg-X>Z_=|lSXESs zwq=F9VbvNbNzQl&LU%NJ45xz{-sK&XrE)66Nf^~^zyPm5&d)tdPtXrv4=OsuR%;{; z{zodmO^LLn_sp;iiGXcrHZTCYHkr86F1f$Mj`^*`(lQd;vWMa+5f0Tye=$HLxQS2g zp3Dxkxzi7xfT_{aX?z8rU6jg1%JRsIc7%_+vO6xG1iQl)e5j_sc`vOR2r7htMX?D= z%Bt%b({E~?R_p&cOk4FE(8FXX9Q5`G!(}}F_WLEnl`$jGB}EAEO2?_Vj@2>(Bp!wN zsr)UDI8HdZLF*u_V8YJ&j^=||53wMGzs-lbx}D!IQHK@f9Xgy=#6y$v$(kV$b9cm9 z{D>oqPU9DR826$Z8ojF*;OE8Fz=1 zd{T%HV4M*oq}?~BzR$w{^(APt>pAPM2+aQNeP-^?c6tN78~x(j>Ul!EH29$(D~x>D ztdw7l(GC5Fmx>)bc&$@vD8 z@fr!Y!ag4#PBu*MS*nZ$F$ciy0^Elv^pAwUyPU)OVV)-Yy!l{e%gB86EV=|cw8ocl zMnw26rl`?TY%`y}o4o%9xH&Y(j+dg@zGeO6$ zA0}ZA8{Aw_@6!_--7qe4Z`3z3EN9il(icsO8HWqSKd00THF-LW;=yhXeW9$f5$$2w zhK~0)5Y1Xj%m`Wo?0ubz$s;7kw>Gglrdf)pTJEq$GHk{Wuf9iDoY7-J=XMMjhYGkD zf*^D?nlqKnB(kP(;w&W&-0aus?3R;8s@u(Kbd>y2MkjDu+a=&!1NF#sW<4y%YKZ}4 zM0~c1B)q*8ypFR)(dBvqm`R&Yw&>z_6x(0N-k%dB-E`( zNeemIBO!pZOwlp?X|LwC+7-=6H4E?Q`%`5 z0i=GwkE~`1Yqkm^G%JTxFhjns@{0O|tP*zFr*b^l_8ko!leDPec~XhAGR(>5svV*@ z0LdJ%@pI`dhat#pZ6=?TPJr@v`oqpjp@Lk5{mxwB={FU6vh%bCPpHgr87`4aE6M=` z?ol3QXFismZpQ|Ht!(hOjtw4wk3xMe*5(?G>heDBzMfFX#Af9Yqbltpd-2UVnpi%d zLHzYOvKk*|Tmjvd4e2(C$j)4=d9JK?C&+(@syV#aRkc9X#2+ygI9BR~`jBmXR)L%D?bi{dCA(Ko9bRIqvkQ~A`BgqI-9t6{Pt5QEtDQoza zu*pv*YY-`Lw$@7Vv(M8bRG!d0z$oLal@1iz`E8@`ljVUwDN=oqiSQ!u+TWf0Fm^>? zM!|EJca>srg~a0L0j_z(e$=R7%aHf=^rJ}#@n#d+w5NfJ5w%SK(an-2FAYJSq8XR8 zF2Dk2m?LJ#TAi6&W9GO)@2K|0_jdPBSTv|oBQmVNyExuLR0L0uW@_OD)ZHSzO!_J6 zzr+{2J^dtTLyEZ7Nj=g3#`VwNGOLep!;8DJ<$fk(LJ)z&G zvavy#oTmCKc!A1ErYmL_5)UMMZy+?x1z|Qxz`V>~{*sf#@IoDj6rUg<@t62A{O4B( z3<~AU1@O0@WGD=#I$RE@QCF3m+tFj4RVWV1d9u2cOLk9-`#RysIcRdFA4;&My5Ay1 z4eR8J`>BG?ouTczOgzNj7xN3LPuhd%1h&jo#p;ph8)<1rweMVkP4Mtm;eoO1T()a8 zn!A|c4KYNWx#_*K8&lQLAXwqbati%3k*1-_9er)Y47$`xFwDt1Mb0@synL@VRum_r zbc9RJXjJ1juY}*k6;i7c3AG()G!S@y0L{fE|25~o94YlX0a$NpY1|CMUM`l%m8_^d z01y1p^`K;7ILw=&xb%$hfw zx?G#2@O1~@>(zZ>b@74x6ic}uz)Ym=Zvk!Hm*UI8)*m`HNDSa~f^IXcim*)_6X()r z*KAK~7=>H$A(B_X+U|najEr}Q{b*Rt=C5qd+(-$jajLRu%Do`OtfLpi5X;oFeZ=qj z@OE0`_edk@w`i;SIE2HN|EM0OS1vufoq-Ffc9x=O`0__6mcZTnWMWz`f!$Y5np?QX z55)Q6>K{CtCc0cZn8QN`*6T|*EpzNWHvpO~M9r}0R zUq@T-;Yz^LXX77V{q*kS8+|J^*xJ2@k#G4CGC{0?27SoLyLpvfG49hgcpr@$z1y2% zuSf-aiB|qXg`1ZscCx(94t$4r%|q@=AMnTbomxxr6Ae2pSj%l%)K?d1%hd2fRPo;M zHRG`*n9S8Tuk&^WA#S1A?VSht$PhBbEPK7F4OSk_j7dh$siqN9Mw%F%4EkESW;C9B zs=bk;tD$HVR$sxJkMkJhTX>*>%$W#+@RopYX^9ZO4NVst(A{G4BX28e6E7wupi6(! z7;Fl4p8%@8NQ2V`P8TvnB5dg^(6q;eQfb`d%JTUgo(5B` z6i&M5i}e)Xp|tZ;Z7xRGr$dmSWq@%Y&)9V)s1*c<#qlPe-lD0lqOL((KRii%;-YrA zSo$p9Xs>`3+8CjacyVtkKUEm$uParInVmp5QRsLd!G+ek#&o|}$7=#DvVDt1jhu%maUDP>7_ z#=k-XOAzWtxoP17G0uAsj$l@9cv?1Ja9)@zS9tkSODsemrtqvUYCNW_ixKOwSQnNo zE3}x507v5(5nYS@z{8V&tXJ|;fU)zBn;H8Dt#yr4vTsD=^_@9YCN?(=>G)1v-V94WkvZjZEW*&% zPPEv*;haNpA1Z8JeqgIhgw|_z+q;-ku{ciB%y-3DAd4Yc`)(^@+ZbaTea9=N7-|PP$f7l?65M9t>TlJs&r$<%=c)Z&-Q7*r1ABkh=dRbCkMIa8 zW!6tsi{swP)LB_%j9lh80|54 zj#G$b*{(SvcRY5G_*9>ejWOj_^;)LDIK)c@JX%5bx*_+^ET0d$3Ic>J!YB(KY)Rak z7gw>uYe+Cg$)u~?Q5kiwhlrIFt>h^JOm5+$q`}k4KY&+4J7_emm2`qeou@L%^G8Gt z(pDQYz+gAuxp}T3c>Of3s6Z3_`&wOSi0P0~gClcloEuFL{pe`2ju7>*<6YRdjginU zN1VxM=cbtcy7tv?$g+w(BLpgt(8UyGv3|m*DO1Z-U~0idga)dQIZ6zj7AI4uznCB^Z(`NpW?@vS_jiwbk6X* zvv;RuTNNMa@P?aiw$@O{n+6KIEkD*?STfW$$O32fOcHlwDe3Z%qh$kEp)$eK;#3@n z;b<>OOW>}D$!&l*g8>;DPJ!xH7ZgQa(uo%AI-cYd8^ktNW9-}g(pbY=p*xn+H*MN_4F?Ks&I ztkNksz9BseD(^}dXAAbhQCM-3j$N~Dzonh`$wpE+iplE8c65{!tn(=3X|0G8jYWBk zA0-26h;J{i6sv`oS0_gB4v3#oQ$>Fxts!k_x>rV>dSk2Gr-%NjhWSZd%U}U;Ua$}j z3e`DBv5B?hZ~Bf4XCX1Lh!M5XR0P+Z-?i#XKcuUgjJ}YH^voN2o0?piyQ{jylp=%A zQiK6rCbF9Vnks8WO!Ch=)_oIQD#{SfO!v%Q-YS%dA%ol9VnPz@EJeCseweMc(z=J- z2ewbH0~%mrzUPJ;Z>{}#CfXmETwqGFuuM_cqZQkh3N{ee<=naI;aiX#hB(7Gx#FQ{r~E@~Dyf*>=2l$u_qKWYK`;IdA}5 z9T_Vn=Xw{$Qw=*_bgwwr?U1--tfrx(o(z2o93=S;pDQuv!EaU(0;>>NltZ&92`S1y z;2{Dz#vh0Sh|+$gC>hUOd=)&RMF7>T)2(sXymV{#|d^kwkrS z2egl_Mfuz5_4MHEqQNV@_WYT0UI+88BKl0MKq|VhFs1%nJ2>7H33P#P> zEUVV>?XY9!pPa)a&&GG)W3V`u>o8!V_UpyZycU8+0BDbdwBrP6;v{yo`dwuXV6yw} zp3M6Ds*B9@BumlCmvR+h%Tp0dN(}6cPsCTTy%ob1nRgGm55vG$v+3Q6VjfNhUnTa6 zO`;wqs|!LQ3V$5D>dbYSgsQ=+1BF?(VIP+gO9``;Lv9_WW#p8Go(*2Q)w~5zpTC!$ z);FP&{j~^U0wu0z99iM(P;KSNoq|~|p^IZefaa4a0ef3GI+P#@{r95EFf04R`?l^* zakrkx4e~AGB_1XIQU>J`L|=_DVhlJM?22dhvzQGL5;nI|7PwF&W6`egQll1zSn}e$s_?3wUYF^LGv=;F(x5&l(mXe5-}db=AVoOA7-}*+6(H zY&{+}!zPF0fm0%)dID{@GXy`eC!A8KU{Bv~uAt9n@DK?{MDwINs3!aXZ?fH|G%~j{XZ~fl+WkB`k3Pz@Re_H z3J=z^&H3G>dwP#*B-!pFh0x29-V~h#-YBF(ik(__9}Rk_ ziy=7i_=;SHNK6ASBadubkz*v&XuW#1;&4S3CbryCt3M5hJhz{*OYR7B@mQ=n{vOXJ zWye;KhZ%!#SD26sM2j2caxsHg3D`8!$rvODn^KSEm&ZN@6r_(@=Mr02p18rWpgxd~ zld0{r-aws&pP>HMnvVBJ z{Cam(J{5y8ZiFZhQ+HK5tBw4jbelWYy{y{`qk{-*xTDX|l8MMBA=Bi9SOve>K*!td zed&DM%Yt;srnNZv?$@ZdLu4kKswh}KFj+iIKCZO_#s$)B_@JE(7t8k;XE$4|mMhtV z-`(9zrPUri9=0SwV;sX;kOdA!+MNuaqhMt$AaE=ie#PNF&cx-I)||DNIV0=f2WkeQ zBdZ!B3-m>(W|QgF7V%=(Ro+r@Q+eKJTTG_?;U0bVAD@3FSgz^17)LtH9O#kpd|(+l zwVsC@j4KRGfzaOU1NPyMG9~QYt*Mk`Xaqq3!Dm<>?|Hiw8b$$s5`z|%e-!p!I~l`W zE6(ZtEn3fB0%?M+6zamym)NrEv)zfx*7Sv+VGWbLyVWH$j$lI4<$te8T}Am{X`j_O zB05Vs`wUmQtBUYifC~&g@kB!e7$caj!yg5G7Pa^FxPbq!Fsyc3U7;_K)Vxfs`&wj> zOAfeUM>nIc=KPk_J6@wcZgYjnC=-sWT+h(-@5gF+{>yBt$~ME43~vlm7PTR`vGS{U zR{b3pgPkOllb$F_C>BFQT&2lq>myn-Bsw9NMoje%MtwJi9o>gtj+olN=xt=BjDy05 zY{&^}ZiC4>SWPbGztUt6AQ7~D3Emgc_cu^1zhACCLb|}-Q&NodEeLS+1_m+nYH@gykdv;nGDT-n`}Gq=KL7fw|E075&5)kFiD0KHhAu zj(};fD0s?Z8;+0`Kr0R|MNMgQQc5=TY`}pF4|7rFU0MKf4d2kbel!`v%%P9!S#`Tw z-cH_A1#hLa4z3pOJEa=%)%kH2iEVW64J$jvuO>Vbx*NoCO5~V_oJ3Op)Y#Z=<6Sgb zjP0H&=Sstd8)3u2pT-5`$(##;aSg#Nxm*ckPhas82Oh_(mv3;)9ofb${kEJ9*Lbmy zgB(_AK!0FI-i%XyTn4&5qvORbM#4`1I}|egp5;p!>D^vmttb?BAUdjTXQTr(;VS3{ z2@D}q;YB>@2B84HGTA=ApDjMdg$49h4t(gfm5xBVS2J>KdtjI6nE&9G&#pEk)1Hw4@v zV(bNMQE1_d`c~Cw{T7%O-U{t_G}NcZ{Nm8?GI-*U)pC2oqq(#@=N~>MqQJ@FVzMNE zxR}kk2%nqz!`+~Sm2UnH8t!d*e;tkyp4LcXJEYjZ{Y*rRKDVyQ2N;q1M(YCOb~lNt zbYshj+RMH9E)d%(xNU1; zBt3*WXQ4(lk$x1Zkb7=sYNVrb)O{Ox=12U2ZpQb)yc*j_GDAH=r$wjMYYQhwWls<_C z`qQ7>v0|bW+0?t~)t^*>%O_2}cN_?GJ;Gs@>vO`CG}i~d!)+MJp^uKNh~)3=rp=9B zG%wqIw@)+bSLN#+blRC4~SkD!sBTJx)VJ$`*Mn(f77Kz#h6wAz6t3|);*o}9mzZtAg`RpS=&Dps z$e|4R0!*%a991}SV4AOTG)q9st$_vtzWawYCUT0NCJJo!%5+H`>w2~TQ%#zSnF>ZZ zO+&L{Be)$q6jFw|lk?L}Wj3c|Y3l$xYAsu=LxrG=XB(^O?F}rSu(azqn%aE|D*@sb zodQ-Xp;ciD3@;9_3S(pF&|9hJTrk7ZzLL#06?0lJ>y~nF5Sj3=+X*s$!ov!C#=(KL zEhZnBEl%{!K?-RC!2kFE1E;U8d+7@saNZPWF>zs>5L;-r0Q-m66qG|>bWGWG0}yoA zZiz4P2*j14fh|e9#bkqQ`E~Vx=@Q6#VD!T^oAVFo@YDeQ+h3YXXc{isBHO;z_1uTN zacre!x4I%jPzgg}0*fv0tZE=8O!vI|yn-T^Zeo))IY|X%E?%8)&f<%H z((Uq+?}{9G{Z``k9lBxD`;YXC5}lfS5l^+%z4GXlZt9pfU#u=91SzW_;%oz*w+9<- zakCGZziFKa=9(2phdhd#Xua$dqL{Tp|`AMA2i2bgNMVEvl|R~Se-;siMS2rSOItrACqK7thb(_pW56h zo$(ju2po9jc6hNArLzB2wVAvhv)$wP=f%~y8Y3j7Z-YG)MKNS6r|c&A>PBaWyuoNe zT%|Py>yD2<7An&Gk@*qVYOEG``p-7*Soolnok@?WbiT+eUT4|LR<_T5Xcq%7rnBZ$ zET(*vl~-X;7Xq!(AzC;2&Z%S6)iZpg^L5MpRO{>u)LhvWT0#ZdcMlghzfm=U9n-ye%UPU9^p%Z4v4x-%EGuO!wtx-B zvOCj(ha>gRN8gi|_f&TbO`SiC5kO~gMnPtNyBIIPl{vRFO9)ZdlSZ@=S|+8u=z4SU z@@2#NZ0V0mj>G-xKKBC%*y!#f8rD)4Wo=#7nGaFcN;~oujtdxua+0I(F0`Z;%NEfs z8_^`0@1sMntxWHA7uZgfKprgco5W= z+^tZilW2zh!au=ioEsZsiEUADur^I*B6K|Oz|uV#zNQac!cN@+CUw2YV@k$nqf=7F z#r%5k1Q}68=BN})k*EyijvHzu61%JpH0myB zC%oCKD=VkB(nicTT3eDqj^0h0+w46gK}`4tkp?y_93{KdxYFQ?Gpg=Z0{L(bvxjK6 zQ?Vcr7uH_l-aC*0(_z!jVt~);@1C>F&|AWbZ7g7^i%2?KrgY-lh&H|^9fdhw%*a!( zCC0vrNdW%7MBmsFwh(GXj&>+m1QCUfsvI9ns$vZ%*Oi@xbV$T`28zm|Ve760-$O~G zu1GmS3c2R5)7h=m^@aM79e0s9xMGoQ>K5@eMe1a5v2FjoiRfASpm+9Zf9)o$yr|wz zWu}+w?r?B_8Ag8+9c9Na&M9^z_d*4dHV$E3_d#_J@xcG)YgTL=tV+)f5ewLmeap&2 zm|a7!wC5-gK?j{Cc2edh3NCAV%GNze5;83n7nU9TX;La)C{Q@~ji1z2sIi}0ZY*VF zJj>OHF59VpGY?p&_zL91JU(p|vTRBC`}wx%)4|(b_07S0 z1qGU}bqz>DS9ciCph8-^V$n?y<apIOhAj5T~mk1q~x&p?7@wQ9Cq7J;9SFouqDoHl{V3ntOE@8k#JUh znTuL`PAm}Gt=RlMj$Nf;elmBAu_;}Uuo*qMm|wd6s6)LF(DR?o;ZvS~<#jcgPG{?N zlI(HkB8`I&`6YdCU3u1E__1I(Ol_e^y7Oy?ET`wK#|A)6J2gf@fD*GQJzF3zikbx0 zl!Zye4VD9BRVinI9o=`~Or#tSkiW*5SjkS@1=|v7C;$9N<_q}+#6j1?Z!*bUC`E9; zGHSTA&3Tyz$pnLW<4apiB5v6 z*&<+wBexKG)Iy-vh=UAOD*k{bb))i`0k{PzOV^hwGL(Cj?jCXkO;V&T?1}5G>G*34 zhJ!utGZG?1v$@*g%Bvly$A6Bu1=f5Hbt5KY35(O&6|=-$jeUm{*Ug9{VJ;_k3kZ(< z^$#X@o8`;H(E*DG@Yk@m_mgTdM->%hM(Ljb6&bFC99?Zsw7Yu^WHcIfAN-Uc5-}alja;=o+d%XsP0RH5`+T)~8Qdu_oJxK(?#?%*F$3$_a9hL`pLZ%w)`jUJ@svJ3Xz z+1mGJVTsNeWV^qrSyLmM0krnaR)`W2R0jJYLaTb&WhB#4k&zK6)^^lhl6mY4*v(Dg z8SG;SCptwxCG;2WwqRwfxei=#h-eEawuO84@{T5^2e3li9mELApM}jR@$VrDab#i~8P`7Mf{y;Y<#!5{_y2AVO9{#$X zoPQ;UizmPb*+w)=N#)K}5J%6p!fM=LNE9rV55PzgMf8za%c(OVYk{gTE z9ggpNCfL;zoqth3KR$)VP|Pk;LiaNa=J6c6pUxLqs#q%)vI=T3Lm6K}7?~Z_!0Mjp7PxRd_|nRmq5m z%lQghXL&hB7tY`Oj0n2BY~}D4N{6JGmm{%r-nJIz_= zO}<;MI5iECPE?AMD`47T`mvLLk@_FUv8)G^K>+59Z)sM*X{fs#R9!e5=i&EE4 zwFdo6xKOnGuPFi4F&8+~pgxl7KOR+ZH)#p*$+<8Mcz~OS>w`-e0@Gd;H&m;|6^6`( z3C>sPYeh2~=_q$0E=w5Hj-xnGlB*Lo;nmlmHu+LM+1G?Vb^j@Fz#-E(6DtYW8e)~7 z8q6`%J>(qHzOdtHk8&~B6AV?LTpRa_#7K;eFzR=PTGh>b`VKXv`8&!48dFD2RkNGP z`2z6i()AEJUoID=q;nsoh-F7~Cq-|t!151SIPFARBl%-S=Kg?xGDXlD!w7JmFcGG@ z$B9qVt!~(L*$(+{XVD>Oqa~zhwy1B=xL{j)hHVMh{xKhkUe-l z7fMeXrn*l2>l zM8jPm4qn{et*>x%(+}e}Yy^uN1PRTXO<%H6Fr^$Jc$du5B!KH`e7M*kGU6mFehw?z z=XH?EV@)L4;K0}iIv4nYti9+JUQRp zj8f7wwE;tx&d%s*K01rZ!0WoeueKCUZ^KuGigxap0XEtpxCZuU5{tG9AEH7*} zGg0^}RO~C+vEI`(k>QTOLJfNr8 zM~vu__4@}@hTj7se0%G{H3w<8Wc9X}`gHEq?n~u>2+vaVjbaW<%aAD*-uO;iTesI> zN;YfEH~8@9EtsAHkw$FIK44$$y6}?Ku-k?AcjGD{>#k9-Rs`3lXWw`~7g9-HYtrH1 zqrA8`7mTnhg7~|%a4gIVxx2xD$BRQQ1I$2JhaI+2)EQOWcH-8j=)x0CNrZ!!S!sr; zX__P)f_=BPTPhr@MPOeLGu!CqmoHIy;mfPws*VXnQMOQb%?W-d3?Q_?MiU(CrS4#L zTt@;+gW^+-p1YYaAmIZ$t7WaB5eNOga9r27kf2^-^h>%ChnPnTY_JzVDEp3iC410~ zH1r}GO5n*81Idy<+SJmOn^$5d>VzCGaR(yvF^&lq^25#Y;ijq%&TeN@=zLyXTr5s* zE|;>=*9Q=YV+fkAY56{RIvP1pD6arJQQxBPO}BB>_C&nQ_it@0bsWyDjz%A}InF!Cl7^UL{`a#FJyYBa;kRhV2-7B-EDK_+prl6b*D(|AkH^{;md$Z{d$39JGVbujxZ$`;X<+53S`K(t*G5-O+b5zUTH1xi z4OtIj8dN{Rg6$kFI6%*gQsJ|qhkLV*y$5TN1MZ_ z4ff(mePzPy(u2!PTzP_cdtQ99VmqzUjJB^g4?qn8M`(<4fC8d>Y|3l0(6S?()lAZj zqo?aY>wN(nb)Bx8`ZzVyrs(n;HZM~qD&Z9(#K|mp8Es? zA8zxTknzn=1zJaf#G1nJ+F{By~cRRM}yKXnq3amE@5#R&5}T4lJ9J2;Z_9^6^sUF zaXT?mOGw>TVL6WHfJ`>kKkw$S(z9RZE{x7!SuB#+?uosIyf9G5Jxt-@9qpfu)M=DZ zmjs-yqt+D}R)J6j$xFH0B6*BnTUEdvtr|8fpI03ZcwJN_oc-<9sQUR9m~D0-^4bdO zS@vJ~0u8yu{iUK?!Pl1VX#fM(4AkSE;?dpuy>oex7wBsNTuki|am*DJWG1C|v^8f$ zzg>LDR`%h-4_j$I9s!s)ZNns2RM^F8B$|Gk2bYLnP(K0G$;}mj&W2qLfr0_$Zx?rK zw?%i|buf>&9C=)wf2`KGlPR!utUTVb65e#jc-GlJ?kETSJG^%fJR4$lpgw)Zys-c@#R;4#N>k=_g0 zRzb#|MeL91r;BDqd~WGTla3OuOZo-Y0(dd#K1A?3U3EZ3LJX6JUWh_-bvNCdxG800 zGoBtBozI&zwWV_o+sHmSi8$K2b5y%Ptv@wu z@7Szuq`Ecn+kGj|sCole^1yG~_y~JhnQk2<#J)=hztLNGV}SXd^1AkrJ+uS7$4h+@ zTfjGkup(*?OXmbO_w|&o4DJWLOdzmzN)gV%(!*16usa)Qu3d&QJ4vmQ9z*it0)xn$ z?{v-l&5Xplf}?~H>EeGPy_oRUv8yv~sGU`@Px)e-2YTkO=kLduO*gsuqNd`=n$D;) z!6ysAGywe}9~HFjvcno+9EI)y!i8T-Q}1E|?Zg2;L@iydVRpmyX|cl>WZ6TD+1^gC zC2?3VcAgk<5s0?b3xKH>g!De*{X5VBPDtrQ_vpYrK>AO{G)8@@ZCs#5$WB-GoU^(` zu!VQwRrS{VCg~57iRI&(Nu0r7e;tipz68tT#eIWxoMw7rd$GT(yWMiO!yJr-& zqBfaZ-798q72!Nw&#sxNaZyY^#HhjrA#Vat05npb*%(Dy1^y2Qpx>8M2PAT1`0F#y z0d%>4ncKmk3si$AKIPD@@IKGD=nUrntVqK%;#J(WmDh@SzMdLSoG#bm0?RgvI;45d z&HTu>}iW?qmJ9l5( ze~QH{)FB$k0-au~Yt)f$<(jSSu#{@BkpHX&K9;wOFquzY*1x4Oyi!g{r|g7UB1r${1RquTq6^%Xi7`d&ki7*g?O`BDlb_mr+C zs=?y1x6vLx5s{w0NK2J(37YF?5qq9XJ#TZdQQcWvT!K6%XWyGuaz zIeZ@}FY)2FwNi`1O?r{0Hi&9Ek%>mL;gpn8LGd)LJ*B1Hs?S+cMcn(}t^a7wFYKGm zj46fA*lxRY1n92G+E_RG$y-T%#RGwAm7ds(XjkRhA(?f`H)y+-z}pN&Ls7N0ps-XI zK_eB}sKl0Eji14rRx{MYpT3r?a`efPH5+V*3|~YCA+6^JUhor*n?Z0Z%%(IOQ7A

    +#&75(9INu9P&$^lAoG$6|IfzILT>J*NI%ND{qL z6nQ?ms3xn`jsJu^n)m9l#13!XwVqOR*Y^%zU_#EidYEsn#=@sJxV{oV zd^(jrK5E+Vd;UrLvORGP+Vd%fuugU0nWt~FJu=un<>h6*A*c@e`BYz1>(khXq}8HD zES|6^WpcPxLbAg=9(#?0w!7=CfY8M%31c7mJ31SgQksN`W?7IYtS*-5b+K4tRPzii ze&J8>4^!8Sju0v}wfd0o3FkJ^`i_p0Kl(-kB~`g_dzu(GX3S5p4mm}fs9JxmKHR$F5KzvGVX(qWIJR~Bi>#~(3xi;-z6-Z>`KkZcRkNAb?xuh?*L0yOUqtO#o`oW^j7EVphj5aOYL#2R~EB&MP8(<@x+a)*R>Hz<) zZmQ{;6J@7pFKwEuM%|^*D`O)MXwOUBdw`Zr5s|F@TTDKio%*&guTL#${56U%XaA&# zPPcQkpcxXr;=SN=92~9$MCpE7=@Q!pc4qu5KfZ@RT(_vdF<_Z*ALD1KK9QKRD={xH z$Y-|eqPD?}pC}$+=XO*t`q^;V!RY~K|D@AD9pBn~&mN@F%;OD3}hY?t~1m8Ys#@uLA z1`yoSp(XwX`1b)*5n+qO90fH9@zDF_>f_eOzB$|am1PxUHm2p{y6X<&A$8gp9jlfG zK7*k~j{b$9ap#Z?K}E8_eGyX5YCmgqh3O z@A=v1|GMKS@S!iIU=lsN`C?i{QJ{sH_*4lGZue>(Rc@U^AdT&VNxHdT7_q%yP~3lP z6+7w4?)#+m6m)GUSQ;%@l04^?JLY=3UVpZKu-@9+&vGm z)Z6!0Wr(kW3&-~NZmOUsZO5VdfYRatBsu(kL-|ZKx%;&f0Tk<^o@!mxGZEV}jAb(f zPSjYTcq`#2P#}JBflf-g_07=l1a9i1UqGjCLDm(t4y7RBc&b#F1kGC7x*dmuPbr6E zHnzE%ZS*wG)>n`>r7I0UHv%xC2I+nZ~rSMqC@fN)KNX zsOQG2Jr$~U0;v<`{~j~{H>%Q;kH3S;j?2@`MWO$$Z)sX~P_3-Go=}Nf#T4Mnz|BK^ za&nEMi;RsB$p3z=kMKVK9;7V%2HthNRqN_nsc6Qhihcl^I&Zh+ ztQM0ifv{-0&cFmqNYV1XTSc5EH*nC-Av=X((sltv=Mt@zeFu`;yUhc0c(`R0M242U zoOa-5FK|NZ`u65PkWAWs%Tm5AhNa5`$SgWl_y+>iwk(?Wcm|vk@rqTS@j4F5n8^*>l)}1hU+q+pVE`Z6R$^rLN2hq$9^$;M2IjIJkUCPE6{AjSVQ$rI*C}KL^6AW|QevXPnpjjY_sYY=~IW^!7Vc<5S%P!IEm1{wgt| z7jc>7>JaEHsIqK2PX%^#!F*+W=A@_pceOrh>u5ZiU z?;xhOdsHmA877|!kSJl53-+*JQg(Feji93ux9Fhb1JkF7tvSluBV7c~-dlql}!lH)CB{W2$@eP-q)r5dP;M$s6apubgYK%~ z5R+zWlAPaG+d^sM27L#wJVaauRNy6Eywlmoim3OIbgW8Xup1I{A>%we zK-b4;Iu>yi8UT8|;3|?!qyk*JNTUu7b!0=M_z^rhgfP)n$a363fIPj@#F1%$kC_aE z)P(=zlWvV~JUGRsC&My@VIMW_CbI)|?<+=wDO}@l8l1zFtDjd|d)lM5)oNS(Z{kR= zUM^WYS%g-oqI(6v4RuI&Gi?|`5XCWTnyf&F0OT2hs%$fPuWgX(|AvVV1&|J9q-Zay zA=k5{l`qUAOxBdJ98{N!$@}%8GHZ8>Ow>&;-La?m5qF&MM*5wW_vqRk_3_tih zzKse0b<2NY{=qpLB;~hXhC_|6GA1L6lePM;IAUFdxoA4_dJ15J@+Yw(4b6w!PK0~$ zdLSIGR`Q`1g$&pjQbj|D>UG>=gYZV`XbwLtoyKP63m5hK!I`KQmyMpHHq#C++t+fC zzznqci~~&Jyjwrbm)WhKb_xW%7HY|@{567! z9kwF+Kll4ocHy+F#JUBB43NS>V? zJx#gc&a(IDctD)6Ept8x1^=b1TXXrcfVgsw{?yasTh-H7^YwE2;zf0T`LIUB?nF;8 z15URf#kzZQ3$_TjuN`)SGBb24g=H&Y_P|8(rF%*T(5u$eOY10lkU9cLTwMq~|8LAu z>pRJxG2vWV8BK0`sea-^maOk~fKH1!>nK+oPl|81$0AKV0KU`CUhuVow-C!^KRG-A z4@g`69-2ES`%xk22OgB3u|3R*WUQ&@*Us#V?F@f5T^mT$*utIhow}_vI@JD< zY&bhxfz7X81Y+>IFs9P~rhKm)c{4mN(dKqcV+7D1*VJOZ;(9j1ASPX-O9XaBhq}0X z`$RUO&@)Z4F{ELwi}b7N!0En9q8t}l1!L~kG>orvm4xX`a=Zp$G}M2tvr$>yr?=C% z-uwCoiu%#w$3@Li=%j7R1>oV3`$WBV@}{%G&ACqAfG+=M7S*toZ?M;n_cpXI!YxsO zOnD0nk^t2sAQ|BQycWC%Q)ht3l^Z0W!Y!x=u<6DC0J5Tjf);r@>j@*A&X90Kl&H^$ zFGr?W;J}4LNwkK*%5x?(^zEDpKj9Et*uxEmza4g)Tmc3O`aDdckefJyOg`qZGdMNGg9hnoWKt=nw=WweO5I;2?HqUpZZQv8djp& zEVe=G*rutED4NAqN< zFpuNS)uyI?Y;!bG&U+_Gc?)VZ;h=F#2xx*2=xtzP?lhr$VI>?`mm&>2M9w?5)ndS( zgrt7gwl9c3t$|JStC{Aljajuu-k=YSfk$X>fsS_T z&Buj~ec#g-#i@dV!1`Ij54nPRhw8kMGDb)a5U9E5Ch%It>28`uT*AL|wTC4xIx63{*X5#ZdB0Jul)pQ8tW z$ndIB=OCY=nK?OoRh_&&`-Vd@Bp~=se}v`-07*de<0q=7U{Q{PXVMtKlM$_Dpd?p3 zx7BvSf`j8-r`!I-C9T}{axVLriC^q2XCeEpu8_>4)R7sGZ}F`6vNr6}>i}#b6mdH! zvl8vBYj`S&i+mG@{)W)n(g<>`?(pbw+q`|Lsv{8u4lCkdt}({hu4Wf#0EA)6f*9J~ zV`psWB}VodxkZ3y0?u8B^{5w@*(0U;hGJADM+dOR!+r01iWDTOV{0s!2FnEws*L zua#hMaDqh{>3m}Q0QTZ;A5$qwS4z}p(iZ}0&4pLHB3V@B9_ZJuEV2jtMU^DT_sD_4 zvGapzq~{}o^Y7%s9fPg*(8CUQ17hWl{=+C1-Gv)di$dPMQ46FPaC>^N@Bu79_EBS7cxs8u1lsy zXBH`^+NrBO&I8nn_WCq;^de1VZklMqiaNc6H-uU5#VGtk^59f2a~{#O^QKHGn-$Q1 z&c~6q4V>m{ai|UOALMDwcIYPEffMvt|f8$ib@MJUZAU{|yT? zM=i-?ze3oM_og=zLr&(D5fnk%8=Y9%xVFqCsgB91-59PH*aaP$U_$ZAohYsKFu4^E z%jleO->u5nc(L200eFNQrFAuGr}%lgO_}xxm&~X{F9@jQ*fWs#a^?{^)(W6ZyCJ*t z>ypv>)M3Y4`tEs6u&HGpY%${!ZD%7eN(-DK2WRf%qmXjQuUd8m!%fa~FfXhK=X;_m z9C!>0$7OBhb>hwII3}ic)#*ML)S2TQ$kaWzueWYjjN*18>n_-~or}nD7k-|lYSz@u z+!r1O&DESgVAU{QOSS*T+80yHxP^+BXx?eqtC|H0BupmBH$XPS@JOBFR7S&YId@0l)n9Y~LP0I6O`U+Qu z*TSxQSYt5tG`_)qsOf-|tD0wt1w^*V@EjHkSyqPVL#=THF1}3lDks$mKh{QE-KUYp;i$k_m}j8qfpPbp?h37)JY;A@`j-P^)>{P?7_hwQA*Sc#I$+>)}JK1-!dvD#x@r#e5?JTnH5D>30-Y+bxsCg;SM%Rp= zbPyhFfYr~@b&{445>^mE0e~*vPBZgu5_k{{owQ@FN`vj~ybLFu2hUfXfmE@HCwN^Y zD(Gk^p-YLwX;xZ00Ov^@WrswzbCu#w_0T;AHYdSk7jB-#ZEN6c30DQel%N_^qDmZi z7M8<_XK?(|0yd+H`4csfVdX8Q;7mw8rZY?58|B`Zx8o<;pba2-F~QHc5tY!ML8B|F z$NTHp%08-WT*Kw$mW`_}<&~AyEiK>%3+LJ3SA&giUL$V1E`v{@%j)R%3VRAB?k2$s z28qbatZUbmM1iq$<8b_hIOFzSUN(@uF7#fj>(kDby~<&9sjO_ShVle=g~sOc`DhNb zD+>E;M#|k#rlq4@>L~|O%opv7!fLpojG1nm*Q*FuCoxl!Vsc`6f4SJ%cM> zQiQ2%n+c2Q|Cdfp;ES0dTcDe!+Exy0L7>3E-5+I5aP(}&3|QlXuBR2&?E+dTng@p! z3>j=s#7pV`l1v+s{S&n0WbE&;DXy$q%jlF|i6j)MPrO+(>bnnvdc@PeL&KaXqqKw2 z(?s{8MmcJJyt}c>OW38Oj}Ey%(y-#5tI$5zTgfNK|2D1HG!_FuE`7{i))35=< z6ke_=;~)%b=(LKC^#4B`R~uOzbZ&~k58g-jz*uu?R%1yzuqM)KB5G;Ot#fc4?!>6X zSwCB2D;L<6!o<-7ZEv8vC94eLy_MGBLdC;0x~OkLaS>Dz*c*7RyG9sQJy@kp*!~8K z;nTq&YAUj{pnW#Pk|U%ncYvMMojaRXCM#K~ITjur67^`J8B;je+E$A_WcoN^4Rn#Q zz_^dfv~S-{^{|?rTRXp@ytS=aG}OGNRc2Whw10P>4R}Yw09^%VRW&xS0TZ0O@LCiz z5jKuuGJawP%akh4~>ti?zfoyr#*FYzj>ygYUm`>wjf%{AI$ zu*iGP=UkN>nO31E9DP7Ed!VDw$Q>LCL^*|~8!JE8KiXNaRJs6Il)xFSxb&f>54-tk z;sb*~<)U(D6`YPK!Q6zGCbw~%ZN_}lnqgNG4^_#}jF2t(xQ;+CW{)LKhDjc65QF)0 znLF}Xg96QP?Oe$$cT;!e)>2s~&$j@<5KVgwGY`asj+s2m$V(L31Q=!)&9fIV#w*q( zC8Kbkcy;BlVWUa{Tr9M`1{82dZX<*J!Q#X{29L<@8|hN|LDM&dYkYwA*}P3^Yv#mF zRw0yr675`=M!WAcea}qfRhbLio!ypMW;q(FqI!DdN+nz_xBUqm zf&d2^;=x8{qeFFbbE7dv*y5`_RKt?bNz#=3YPT~jg)KB%b$#(uczTkiBu%(hgu(K*E9 z+)3k#%S!1)5IlCR0jz1*Ea2twBdJo$TMD-Q&J^di*0sW0;^&jWXQO?^9MKJX^Pm@O zs)p4W7`*Tb8f*dio5`za_f{Ua1{;+ou(nltFQhgxt5e$$z1qE>*0jca+EO^>k@kc- z2&fNf>RXyB$~wLoE}Y!ttK}=5R-=70Mv*v=qeBGH6%7`?&IMC|Su@8W9(vS;&9$x7 z<7?-afO1~m5SpK0F*Ig;GB>ekZ%;KDI+Yu03q+BkkhZU1wnwN-EsyQgvlb7>&h9te zk)U2xFDkEWCCwc_Ej(BtsxU^T1-$W$j;m^iajCRnLF1)xezl_<=c^9HH%{Uj1RO|j z)j=%#c1$A8(T->&!a_)DIoZ`)*w6Vw>d%*LRus+O&vXpu-t zN_L0Gt4xt44O5RnUqu~=ydoibdvF!4r-FkY?4dG#03>w0^-5(9XYC#AZfTTY?w+*@ zXnI3g;FykT2UO$wYMj)84vKC}G>wuz4$t2;HXPYg_JS)&IwS&DQX(MD2aPz8I(jIx+MzSfk~;9wm;0v9KVc0`CzM=mKDUe~y=x+UBT6%PS%4yh?`DT7-v zz=%Grd>Tw!tbseVKZzfREN9(DkGfS`Eln+Z#O8DYK`SHRFLx;%UuZ6*6}P$O>Iyg`Bb=|38>md|!dj89({;ESLj5uvxd&cd&~Rj^ zO|XB-IW=UywKFMw15B!IMsgzj0{=9KdF6F2)iMSo&e-5|njs_H)2G?f*(`2^HLS4# zTO?>j(KDZ82i;JbY_nBAEL)R=)$H(QihR2tP`07}sciuxqiGh}6h3_`r=5XaU3O+$ zLnW@q!pWG%7ZG%1QKdRO1jdISIYr&*vLcuUKbXeDr1dM)(TSlz5?0~=1dX+xAH z*dSHY*aoU^SyNj}&Hpc+DRL_i=fOT$LW?bO#l2m?SI%aB2bUS0rRV50I@LsEv;%8U zg#*NK^e}x|-mPT_c`LyJF?NhCuqO@e`)1jM6)-!Gr}iD68u45Lwn9{wH``tAkL!268{mu7-VKgS`--B_k=&^^h) z^qI%g?W5@wWGEDgzgr3IbMU2jz>%z6V;(zYldzOiSpwA_7iG%p;DAe5i@@ET(Ang5 z(TEIx@HWmDYJRW~O=be}TEeVP@bjz$9P=M6agG_I19m!M=8g55(UzE2QNWZXr`tQu zVX*k9?2!9~vAIJ>wF zqtqFzS+#~)5iOg_vZnuxtgm!pUz?d0sJ}eyyFLNV7%P|fK zUISvQlBj9X<>($W&U>6?`lbC^!z3 zFh{@u?TUgMJKaJ=BcmuYN!F_N4a9h4!;msCh42BKHH~n#99-~>*RwiXv&Yb^HKuyU zcZS-9JycrT>97`g#;(!3H6&8a((GlnmWgr!ozcA3TB9wvS~GT?#YN>UvNHpQESNRG z#LcXqDZNr&#(wBC{u9+wjJ)mdz?+&%YM}=+y<^zjW-0A;6*+ejGyja!y(3!`(4z$A;uYruSpRi1Dk6jnAneU$o< z-Zmu^@8xye2OaGRCV;WlLVGPcsMX0brc=dWyF6I_VO5ik6o&6I>!?Y+t<|$|L`ihH z!TcG97eBUIi;w7Lc+IKl9c9WHTP}R^=(WA%ImDg8PmG{MMg(J&a`(ZX>fA5^_4P}trJKJU7z2A9jqv920+b387 zyp&B16brDSM;!`mZZmNme4I>W{5To-K&NL`=Cy+x9UL#j{w3Rk0;^Kk;E~}jvZKN z5@JRonK*PXg3!_1(MaG(LNViYv;^uYZ=qYkPc3!pL*htXscRIKQ1K#j+)7+lqw|*G zb`D+&o>&IwGDo+-;NWnwz3?vI?=VdlPjlc=RwnNIuBSu?8M*-~yhX4C9oNux!W`3W zdn@o0fUX3GJ=1yQSJ-6df!czGO7_Jv?hT=O(~<1Q%8rYh&@IHT>VdYM>Q4g}5xDiz z8l)mKDV#9Hy2tD*(CSTvg~GuPEDc>@OiO{!1G|-W^f#OWZqE0nnKP_68Iw_6E!@Zk zRv6IW1{VXR{wZ7>#52Otst1WhKVhf$!uJ@5JUJ13fj#O3a%NIlfUm1=lq+Q0Y5#&3 zWqT91!V*^toN3+yx9c_q5p%Cmc=mpJESf4B7R?@iQ>}Q*A5~pbPxEbbpvjJ_t81(* ztEmOk11^X1-QZN~^NlUs4Ns4I#_UL~Q`Pj6b~zz9ibz?p$>>a@Mux!x6h=|f_hD4F zOW9|Mq{Y0}@@Aa-^8EhH(kW(r1FLN8oX60hMcopFNK|xUM+&DzLoHm3#yK!EGQL@x zS1CN+k=--V%G3Ti{KU5Udg;a8tce(5!lWwSWi2riQtf?aav620#Oyj5wnfwQCaPc9 z2^8<8F=I`%cS>EMmCY8IJm=ya89Mi7kRg+kI2C$LIa_hY4SP1%I;viRgLzAJGwh2Y zoxss?lXRMnsWdRqe@d9+_mVQPPaD$ zl{ed?+P*h2QZMJNyR~Z(iW7r2Ti&K+E;RNMNj_RRT(jbq7bZCDHF4Bc2dmIeG`755 zgpVXmIrXJ@bXJY+V1SJ?m^7z`#1@qEehE&TxTly3UTo)qe~;~j%<&7H7wLUv+E8L! zy;!Z`3uNJ)E=Dn@(B(U~w+HZ>vdT{*H(Dtjd<5=g;5J!Y7ItBfBX;_gSY}~RWq82O z&RKLYduC_hPHOOdDz9xOkFKZ%#I7dzJBYXhVqchtKL;psvTGI+?3N@gPDN+6X`jS* znaVKZEM3tGV!jGuar6d0WeFVG0nEqZl~W9ur^8}ATp82?2m0|D&go|kP)C%h&!rE~ zSbO%>dY7n}ZqNI_D0yBV`M)jya9p6VfxGO8Q<3A!z;!m(p_)Cx^<|fX6B#r!GMBW; ziQz)6YItPQX4PuCAUImbP|Cdmf}0a0Za1#O1&CPWCtJTY>vK!8Sox zIFmjV7E0Cu74Eu+U1%z+sGiTA;Lxa7Ya&*KQ)>F1WRr$WBc$E)+CGpw$7UQE+~F z6&xgH-6gDQ9d-%Pjr_*hP<#`WO4WYryy=erA6cO^-XT^u#+7Kk(NOXsx@fpJ^LZMo zA~*W(lm5V-iVIy}zD>cN;%xmI~I!CfZiT&Hk3qQf?Z_(B{U!yDT>3S*oz$OmO-LJuy3du%E7 z67o4mw-UTrM;jd7N}f03a5P3?FE_&wl z^JeN;DuL9UB-&sfdL2?gzIYIhHAJ+0PgZk zyzpA=4((`F+#kR;DZ0TYGQ1@4$K5W;M=*1w+%ZhQv) zr+AnZ@ws)dU<_9U#l!m!ON|wmR9C`Lr~7Ojj$2-)@g`fT?x4{nJ7ULBvX`B_W6O1G z%gFK;W9-DiI^6p1Y<+OXerQ6nRk*CKGCEs{xsTD%1T9+X5fps>vqABfu$E)ot6x=( z`UQ`C+GgdE+_mA^P(@{M#|XEEd^KEiPNCDWq^T3q)8N2td?~d)DVnEgaXKNx@jj*7 zVFd}b(Wv?$_nhNu87Q^l+F^|gUU<<(`Sj_^I_r2#s%~VjGt7y{mxD!@&sO}O+2sS8 zD&36&$54O=1Qht?V0NZqF#hTGQ?P%u!323h7I$nm8z8g4~pZ=Z~kn6%y92WkBoA;hNf0;x(Nm+@jFd zjJG0nNTVnojvlCGb#SW*xi~e>D>2s-MaS6k7QDRPOmI4&wqwS{M4+6{OW@XZJ12Xim3PVnJ>^%rR39XsOJDby; z!M_l;1yWs-2>01sd!(GjWM|6mARk%kYoGB16??89GRR{lJ7x;hz@i#qF&bUPd`EXf zSdTrNPDT2&*dTA3u~~hG&bXv?Cu6HC@vlePsh#*LMsUl&I`*-tADX8PDB%o=v6*+xe#G(~e7JsJjhIMyD+)UhLmIpuS@F>6>Oi}fXvGc8G>hZ+_u0aMNMop2TpiJaSLhM26=;6WGs zk9Zi?*Mf(k@50A(7E=qw_s$Ha@9m*A?P^pTU3yIs~MbSLc7NP zWBa)%(R^9~_J7a``&WU3&vW89wf7|r&MbH;r<;nzkqVNQpB6%{6j{e=CYa%q?mCpy zmCa#3((Pcg0mXvHhnQ{&BOUBAgw2XAc=?-{V^OK!$MsDd$MddOW^DqzbgW$<2YYHX z2W@vs7(2-r^C8RaJ{*cs3mM|Wd=;pGuabppJruPDx^T8#!U@59AZhe zVUs=KM`g_%6&n2%oN06nj<{Mmx^c{+K(nZhSQPB3_GCMcXgt;smf#jkYI4Nn z#dAl)OkR|?;G6;Ke{3s0>TzPyQVa~CwL$`b?d?)Iq&D0%*bIwCE$J(T>83BNn_&7v zYaq>@qBClDjfK8NX4ghr=Ig=T#YbBGfg+6?KVU8o?rI&n9z1DU2XE*=Z^xS!p)ZB1 z0@c@32uQn3n)rCjB9WQ`*(b_Fte10ljhu%Xa4@y}lE!A^k8P*?m}zp45O8=2eHgm0C9Z^8i>|v4n zaus`F(zwK@nxM^s)>)KCD9LX`zg5ksk z=-BZl@da?28r;|rt3F^ZC>}x9_j$F=q50ib!*CGX`y6!k9+LwJ#F(n0a)CxB#L&w? z^C$z80lGWa(!E_uIIIETn2#NoOdk0{gc2CC>t})*Qbwb;3}5DaN?WJJTLOojjOZpy ze3f;jP-T+~H*J?Vs?RVfhoYQVUXRNLSGz?RETqm7ZV08#pzc96j!Kt4h&lmbAsjEy zgzv)ma0yNv@L~-&!;h3kTSzh#4K+HuXoFU8>zP^0?{KXv8S5ZM(X{^UlFBLEy(IW( z40X>gEiQtIjyyCIje$wG6d89R(T|{#WT-n30>@Ce!8>(B{Dr@@4xSDW?9_W1N z{Zk_==x(P8y4sOeOK3KZ~&o;w&S=)z?pfMijXZa~!#;Xc*L2R6!eI;FIl({7z z2Mq5IO^H$e?Qr}PH5F2ueQbi!FQc)BOG&Pk7N@sU@zi@dsKDGF8MT6k>qy~hBB}_f ztBJ0+MSi2qP@E^q1l!A3Yv0q2#;!iFk47a{WE&RN&tP@Ivkc=oMd$z{C!4_G?$`-q zGbD{DEa0p?JG63dJ2RTWsNFz@Ly4$mraE*q7U%4OX^nK$51OK3b=mQ}k$w@n(R}Oz z*!Cb<8D89w=QE+}tTXG;aytecnnOEFhQ}v8c+81eY&O?L!JRaqvfv^)cU0b`pOp(B zB|{Sk-7(sbHBL+=symJPzCz;h@4)^{=dP-n`*M(NoG7+2l+Y3V2v+jIg&N)GoU52%?Y6Rn zRuJ>ssvR-!SVJJ?c!$hG?9gRaPR%LZW#&%vFSz%xR3!$;8+sqtfl-tgmmFyyV$${`!4<@x>_jWD#;F$Hu;q zXdX+nZ`c#_VoG}Iek0ilMdlXh1E3JHm3DCm=-Y3MWx8L(kpzZSjq)NdveArG!R&if1g9(%41t@99RLFV==2XmW(Kfm89S|yU z;_IlYGvsE_spd-gGLyaN>Wg;W>dTUjgD$Cnm=hKV=@{q|To8{ouDxo#PSb+7MwbXX zJaEOQz0MIjd0A^{0*l5PZ?O~7nqPnDb|^#T!sW904Q=T9j2Wu;9UaaFJAO<0op(gc z;x#2Sp8#JMV|HzJjW|?XfDpta6o}wwe{uAaE-ilUkQyeDPM-Sv{gWFf;-Mw zuZ9f+q~j?4Xgf8A0H+Re9w2HmHeH~I`o0sm+Cb+|#Al|dMic7S(K=}6tFC6?C_lT-C0nMGAwtbNJT9v)=q+@?h~3cE+b^0q1&M(*bl%NBwPN#R1WrXxSOQ} z|2K0oZb}9{uNLMr=Hw`6j>v1qk_{d1f8yP+She7aiPlEA`Ua~H6l-2xvQw~f-0VJwAuggS{I5JaKHBXk>D{QgY; z()eYF*d}bCKE1tNC8`bMeEWqGu$>syCD`eGIm(sKVKyRIsh77@cO!YBjD7n$O;+ zZ;;tR9QI1H4Dvhu1ba5QOYoM(pLebSb&2cO9^7*v*rz)L(eFl`N2h6vgO3sWXp zk%xLKu3vn3Myk@_n8kQdiLZC!C2IDjZP=C3VoXYqFR&E>iVY3}E2Eiw^5G?WQ!}FK zepPiv+x&nGfuuf3_OWA7^<}uEX3XlLCbG|lVCND8c#XJFwqyBWA~_F0)f26N-Ta)J z+h{cR7OOH=XK<}oj*!E#uKg;WS@o2wW9@M!kwprayV1FubfYWRjKtxTChhS4cvnmA zZ8Cifd%ybH4%~OIkIZoDKpAeph@0KajJtSPRqeca)i7zSG`DSG4FNR{&YTCm2h3k! zH^+;^TN|s)f8-4McpH#wM5=1%!^Psb;!jUqYW`E#uB|23fss_VXmP2_2ebfHU*1%< zfOZx`MS+SG+l&w{6Ja$7Co0zP5iMA)tgsh`z87Z=cD%(Y1#fd1SyonGT@OvZw5Fz{ zcE;pcW$=I4evdhc=k1y8T71zus>GxVV~@LU3^MfPiJzBk*Gae)Rg6bieZgU#YBBWn zR5ruy+>cKvE~QS@F+|eA13^U#98_6pc97cmK*y0&I=qs?_&H#tOdo-3aoXD%(On`ao8H#i)Yb~cPL4W|UMN4<02ZEU6!kAK+w7ArXJPMFs3FQtZo}Y! zC%PF8GbM9@6DI4i?z03|)nR)e+_eGgIG|t7hi;bA$wz3J>n6w7Hk3DCKBKw13Y1WL zw3S;U(HFtC6x|;L3@+APv7Kis4W)%Z=trGHmE3AV{kK0}CDw60VXk?MV&r4wpx{!y z-oh>!+zyTQ6{+ntCGEPCDAKwkc^S?(l^(~*&%sIE1XLlsrqk|vhA?Wc8EH=Dpl-?x zycUZZlw0IcSE$qhOk5zEtHCJ_{EWvn&qq&Xo`8Epwq8tRu!Cbx@x(LuDl_je6(s6Z zX;w1xafpaH%XlqCj0a^nh=73-w6=XSQRA#l8geppm*|PyStUf-q*S63$7W9j9kYo< z&ZA2$YP_!-)C12*kJT<=P}PgtZIRG_2Z z=uqo~wVICPE$=yma}~fYQhk|oGCQLqFXRGuDLFe?a@g*+&(^cCxMWJonvQ)4hGS=X9#I?e7>~vE6)o3}R_dO# zN!?Pqkr0EBnbE4_)c=hrZz1b~wLqneC7IfdxnK?t(y^loHAg4aSxYf|I#*sdBF9vu zR5t^sC*pNZ_w>yF*_PFzGrq5Od`Qim+BBI6HK2~Pa_oArceBPPRx84#UFt^B!4LLy z4%ZJHD1j-nxgZoSU&d=e`NRxZT8iHs1MUPfCU+>Y=-+62UB{SPQZW-E)NCWDjiP)) zSt*{+Py+wV(vxjNPIOwr2%T*M$u3+*wWak4MO|=IS+wChN{4f3p_nXXog*bKQ9qP% zJ5{m7Yh&yb#dHZtb9XQv;9G2;5w(kVs1ZpG1jCkCspv2~IA0jNJey#D`1}Ug_}U_d z#YFuyyS&Ij2i?q#|0`AVc&V5<%pjAd z0aCRiQvo*x6n2R`RrmHg|+A!jo-qu3old3~6% zvzm`GmuQqWMD4U#pJUhY{NFja73b?{E^aaol&Ji+jw&11aCvx^Ij&HeiCtOXZhA7q zfz@U@IyLnMA50P*4k-uYK$>6y4^}d3t1E{M8x{CHY-Hg(p~sKNjmJW0BhT8RCA~aP zL7?QK!)}KZL0L?1;H*=JMVwgbq$a1hfWC`b>L(G(2SbP;KH`WIN!{H`Ght3tAD|}9uZi`KpuBYG9Uay;%rIon(DajI z?ILEK2m9aXOoUJ64!6sqGUXXUX*%S0K&W0O^gCo;(p9|l;gRhLp;xx7Mq##l=chvR z%Gdgsu=5WO38{xo@lBVzC%}S!%X{g}$`h8kvmh0l5XgaMGvRi)O0FL5RDMh;!c2lv z5OH3MxeP?@<=GpYp!1GRAYh@~D_v(NMn^6BkTp_HIJGG*DsPbi1UfPpbzI{YO0b)h zX-u?6+BuR0vm;QxB|Qpy`}($4P=>)*+8hKU?#-dMl=*mfx!`}RFDW!$S1FDfBx!oD zHE-7-8J_2vW#hmoZQkeEbE2umeJc!vaa-%q1yBv3a?l>~d9a0?j)j3DYinq0sg`MX zejPTxR%RbzQ&q>74q3BMXU8qO+{Udc1KneFhqlLBONxz(wIa{}jSbGrJDC~y&Kt&j zCDmD)P<|~f%h4gh&w;K2Cj*vVM>A%PkgalbIMm~`p$vN%)xbx^V^&DPDSdW8PHfKaaoeV@`=0)aU z5b5@@LzkxKRZFl^hCKl3Tl@ONK{{}70jvgtxtLp~-dU!aRGn_iA1Qey95do%SqzSs zglodeP`jWsWGO16&eOC)>))M2q^&J%pU+U`GQcDUhKza>t$e25bU!nZV64l>>5K={vp+J?4817I5jykro^6^+0Ph_4-F zjy;K_)C*{mZju=Z$pYg8?MmA5=8PaMm$yVi@VoHJho}Jdz&5nBcm;}Qz~aZT{}|}n zbnR^b&!c~MBM#pKYj_VFS8&N;YJ%cAzC?n;*4d-H;h!`Rb5Pt| zL$SlX6m_+&mrD#-(d7N`2=1q#i0m145u*=?>=HiwZB+Gvt(BG0PzXYc0L52V#@A%> zzi@K^{0XloeVDU^g|+NgN&Ch~-U1SOa~LqP10(T4^l(ggunD{z%^klu--jogT4B#& znBVC8)d0O~TV*Rp3*Q3!*kD-#cIQ+9a|#juRok$j@lum(b?D;Tgsc%Fs4lM$##FS` z*0m0(Z8#lE65b0!b8Z~`0j|OoaP0?}(D6;~-(_&a=#&zGCLQuGhLsC(S{OtuIuI7> zBcyy@?R@;Z5q!Cuun|jM3IQRkDb25L!F>tv57mc^R$sP$i^5CRaczML?Nl zLPL?3wbsMmm>F%&PtpTqE%$ftzz)yU!J5d00p1tg^@@H=N{v{dDugQ3RQ^xZ!h&nVcwWy)N0$RI0YPvU{*pKf##03No+8f2YvFJ2J&VHk%;0#m{-%lLTA#jx z_@3Du z&r~;_f=Ltr$NohuKf;yIFwf_Jtz!8(t{m(1S>Zc2a+m>bn3_<&gXLOY?qRu>mpu=} zh#?#37wdnJhK2A7%!`Sfmp_NUy}bBgn2surN6Yi2EZ6etUY5^s(@|g)In2waSU${^ zH-+zih2>g4bSC9P*E4&wT+4?koR3-gP{;9T`LLYjN%@e2Z+nR4X?0>NhtcZ9E|zO~ z(XA_HqMjE;EZ6d4Hs^I#UM%8xw7giw@}#`LGT*>*txjxbxmG9MW4V?OJr1U9Q0E>a zS+3>7T+ZjLd|1NqX!)>)^(jPhf$R?I+-?5YBpLUmqF|T`bm=oPFjt)DK<^5c_Gv-vWTub9pmeYUa8=ZOHy(~}q25SEq@>f`{y}vUF zf*>jW9DYB`)ADE%htb|q!*cB#m$6*agVwS_})#xC997yMj;zoZOs zym898KZl{HB#bkkpOPZaL9}%&pB#V3xUjEY!C@x3VG1Tt0Q}B%EZ6dJE6WGC&pTt{ zt_*oMGDZY}_Iy!>d`5=6DMP*@L%uFUzBNO>D?{FmIwIXBQpED4{wfD~KAZCw=L->? zz?n0&avUeQWmFN?ft4)R<{ax;PF<|jL&xs4jpawW@t+gMzdIxT?lf5fV~G2_lm4L@ z@>v=3R+gXQ#_!lfR;E0kgJ;&W{6hD6Y^$t4VmsN+VYGJg9?MUS#c>&A6F%RA4TCvX z?#x3*vYe`ul!0Tro6Yj0-RI8>%V1H4d=<;Lc7g~b{=#2%!Wb}p8(5z7eW;u6$wSju5WK@c0JmBc{~(7h~w+LdE@|0E2vnZx`f9_D){41UWS97ZeiuGC<3 zdu)G}FL&Qj@CAB74%ifyr=_8Z!_-IOFda0;v7#MutmiOEWsl#vjpf>R?q)f@&*ryN zx4VIp!w!~f z`LKuOIrkk-KJ+A`ZgM{0Gh46*(?7h3A^XDPeK}lR zJY4CQ3zv7kZok5dO`KRBQ^@F}&zM)(VIgD0sx>Khe1WD<@?;OflpF7XFUJW9rr~Fd)WLbPW80 zpN05K`tyQjiU;L0Sf12J;(HeHdvLsoya&_k%$ZhkJenPA1Ix8C+|F|PY)Pjx{=Ua@ zZ9dThKL&oZ_(!r_OW*8_=NGYDOW!J%Yw6pN5&w3UYw3G0j?NnACYGP+$_vI(ear#d$?~*0S7*xPAQNJ0EnJq1;BT)@ zHJEhfK(?F1;k+Xfj^`d2mz4Yd@p3W!zy}x`MlYY8Oe)+iMHP6auTy^g=&=N$Yc z@n9IXr{@57JsyQYP=UYPFlI@f;wj=VkHy106sBno=lzWk#!J&u6Ar&^F~^nEN8~`h zn&nI3Z<`)d4{5~-EVIn4QP81ubkWx_D)GUCBJ*~Vc8y78DP9qFWdFe3Pw3IC6jk9ika z5-^^gCt#>#J3w#X6FF~hhQAZy`8<|F4rEmvkM`~Ou4NoXOY=H@S5}(0ay&_O3g5Gf zsXu>VaC_-YPQ z6%XUo?@b&=%eU7#y;=Fzg&Ih*zJsqQ;(S{Le|L_j=SI`sa=>SBJWJg$PMgKJ7IR!# z^=384RprLzv>7a~O&mu3etuWx_mkl{`TOxbeOZp>Zp+ju^GPgEEAu)IlUC*{I853% zujeq@H}AkqhM%l&-ox=w7D?af`hU^js*hb`Sf12(VxG-m`Kg!~iGM*@R~EDUN>`5M zi$*wL7{?k8lXJs3bH+_9r)nVYaBTKFS+1oq=!+5S_TC)JwfM)fJSqMh#5LW=pDdTqy z8V_p^MQ`~2eY`IRg$ zapeVLDF8mdp5dlf6KD4O!{(| zW85&#n$V;Sc}<3V8OxLA;F!j>EZ5p6hS|bls^D*1?pP*{zO;+OX#HF_8dQUThDK?7 zZBc17ARzM}_KWU%YFVT@UZ@^>W5r@C^-FKIT* z4|CJzTASaPA>YCBDen8(;DvR&Gk^b& z@NYK^w(G~k@90e*p!>v3WO-7(#_z0Rc~V)Td@0Mda=4e}q_#;uSBL3)isdxb7rEo} z`wGi78(C*cSP)Ql$@6SC#`N`OIc1l~oxXh{%e65Ru6?JU?)Y1tpB|=vDa+OGXZe-x z^95!iiRHM3%XvBc?Um!T;d|c5cu&{i_yT?G@6YlY3?$!CP)RSy0h+?{&8{5l(i34C znmEkaZWzbjyMpBtp?|mUC_Ka3lh?7FmNg^|JO*J|ZDl#BIU;xczcQZhHUblt+~#w@ zi&&o4cg{+Q1Jl@=BJT_G)m%<*!QYYclyT?JVSaAnxU@cGXNEkWNmTOpVp?-7Pa2O= zJ~rd|xf${$EZ5r3nhg0SmaE^NAvcR&Dc?_nN3wmKzMth<{>;sgFJZZs{xvMu`i4y` zkIYq}&EfJLrf(<94}!mKdvbi`XmcNkwEWMF#s_uzSe9$)pPM0H!gB5V*07vDL)x>m zHo1xATK@0MkQ*ll-R_e+)qKB}zOgLV@_#PNHC=59%dzja<-StZpKhI_P%WnP^yhs6h0$Y;t{xvMu%4buCd?(A*@23w-ssAk3@@Fi| zwe~re9Bnex&>yeQy)XwfJ{t zJZ}shL7>H-8;38}4n&(%5YReqgdbm;+wKa_t=$W>!WRERRJT<|O#r<~Q4u zP`--g2f1?A+j77*ae1QsB{D}~8w`edg~LpYhjG?A%tlvTzsupn@T2u_V_B}Y{|xyO zmM4`d=EEA6Yjt81%eDS%XNEkWMV6HDkL5}20@F8^Gzfb0=&YE2fhdbE~ z2k*h9YW&V+ET`d0@&V*+EMJ@So&sZp!RI%#Tx(CSvs`OW-8i4p+S5=DgH@`t`yEbu znn8+$-d>tAKWY*vQ6mE}o! zgz>M;kgsRC_I=w}u9fj_mTP@x_p|ZC^g1w<|y!EZu|x21^E7+v~Umvq>4yBTpjA1V_2@O@yua4sa*2B<0rA0 zD#s=f66I2gbWnPVmWjt|5bmS5co z0*M@+FKi9hA?I?KLop%=Iz-S|ygpiu$KVl9VB(nC<++08NqL3eu`WZt zmE~mim$HI1V6(vIcV#@^Z3YB_AMO1`EGM(N#LvE0m=Ci#pYcDDe2DdJi#Q&w?XF_E z_8l8C(z!iD{vOM<@5pgJWqrrkb1=7pKuhObmTURBBtyQ2a{AlSM%5p88vohqZEZ5Sxn#(FHof|XWvxDVHeHNC-o{Z;v&Z2BkeL%*r zT${7aVR>ZyguV#30pR-=vpk2dkvi%4)UIYZ?g6#(!n^ER@J5y&;y&;6`8!yyjTw7b zu8j#j&%=n5_kUpe$FO`L29oqUdg2_GN50=_4~to@rGGWcPj=&X{2n&4T&t%$SgzI6 zJsI+zG)dEKpJQ0ArGE~~4|UV;=st^CuBC4^%e8sd#tiummM5hz2Wi^F@_XI%;duSE zP{+-E28H17ioc|co$+oG=ixLENBX_kcvr*mXmxQJ%ZIz~arObMWqH!KU|rnI@?+fR z9sktVS$?xCFIY|=iqChMjRM$%g}>xGops2*EZ5?n#PWge^G;i+Vfipu?zDwvEZ4qo zEz7mGu$ko}-1r^6=XI8Ab*;+<_@J)$^kunLev??9l>QvVTf_3Sy0)CdjKqXU88~%q zJ(uA$5U16(Z5)r57rR-mQ>VwUe3UD9d=uudJgNW7!840lUg z`VI2d$8TK2VYGU+iRGK!IIs_Me6C*MFsH`C$bN{^0Zi|fEK@OPx| zaK?zP)KK(x-##f#ysB5@+AELzoB~t{DL1cX-OWKacLa(m>9=M z4wIzM20<+pT#e@GnA7ZffFZKI1h%oz~GhPlG@$vHr)S)Nv3HgTBGyKxjOp-3>D zJ6W#j)d3B@K|o7;l1|=hhiS;M{9!kK?9=WG$Bu~{Ch0pc4OJ{37mGvopDks1T7Iuh zii6jQa}e)lmXk?ez5~-qC1&;|zQJL%F|2D9CQ$cv?a%THF_6529aVY*n#FmIzT1&8 z2FrbPSnjPHPo!L(y{ao&uC>wiEZ5rTHkMCt)5+@=IbeG@ooQ{fM>RgI_jMyPnWrFhl zEZ4qa3d=Peua4y}<4bJ%LSNA3EZ5rSLoC{zv&<+LnmpEm~-Vfr6p`B{_4`?_et$;%4`s-=WW4{4 zjOV-7o9{2h|499Gd}#Z#T(kE~VY&8wbu8D~&+-iULn-ncBzX(VH@oS_vD&c(?cy+z z@gBm6pIx^Gd|2NLS;X?e7)bKSnB-`Tox$?sT)A`pKoiTyyK=`TWChE$I<$`ElilZ? zF?=h_&vNDPefSFOLwB+K0aspdx9x+wHKG9Y9{eTW=d4K;v3!mzckUvY!E){Unpoc3 z)yWEvBZUmpw}RzcBk}*rrf(g~4{_zZ=9L4smF3jcN&3y)?P81s-?5v+(DIjrDKLrv z%DXqgFZe0KUm}M*oCgu~1~i8A@B{d}b1Y23E=nrBXAZ}swU@;#*V@Z!mTT>0V}^W3 ziaZDD-ox^=_L92{KTvNEV_B}Xhq)}*+QSl-7voDLuN}MO8kTE$w29?f9_`GK2V`6i z0`2`dmiKeh=lK4NWqDG4#JV(><%he^JAMaCSbn4{cl-+0av9+qCsNm(wWFsv4lNH} zVY!yZ&Mo+IecbQOa!s$E$nvCbz&xm8x%U308SlTBFeBPzF$jUZ%72xzm~qy(aRV>%~n57xd z-^+6K`!nRPu>45;Old#d$6)*EywH5Vmj2!>*Yam#hP;a9z1;UZ=Tj_Y`T4HAz$6gU zcQ4BayK+b8dWz**{=CBSr1Hb@yesEVn%xe=4drkJ3HH4L_x!g-m{5IBNh`~b#XwRX z&Yr%NEFa*?9be7$N%0%^eA3&tv7F4E5+gW~)8^5#8^mTU3PX1V(P8S$^mh<`&y{M$3)e=j5c z9#@&~*U~?d<%eQ0DL==zZ8pob{8^L{|Ei4mH)O=WJtO}2GUPq3Hs9af{XWN5Jd)+w zJa;zBlkzVIaV}zcq>qmIzO3djNqLOp(NkQ8y$WJ;gGsQ)aYO-irad9tD;!TB_}i9M zdDz!>z6J%l??-QzYh^i+`FJ-xw*Y~nq%j>67;?KeRUtxJ#UUyjn0pTYp zukjoDEH+gEZ4ph)3BSvd?xY^bBPejyI+d}*xQT0+r!KpsADOL4h$k zUH6D*PFR|4!l0D*X2fe@@}s z75)c>Kdl_lq41*>-c#YnD*QNw=M;Xt!h0#ax5E1mRk6uwg7w<`QLh5whrZ&&!&6@I6}?^5_Z3cpX`4=DUWg@04w4=Max3V&GP z>lFTo!q+SOQIDTa^PS%m%DhYdYxLX4yzqu^Q26&1zER;%D14K`f2{DQ6#i3%|6Jjl z75)o_|H|VRLVgxF_K>a41hO!A+6#XNhnH}#9*j9`ehPzMd*S;OnE0y)nlKYNY!mYb znV-)5`^;Zsj`MB&=?pU?+!1# zdG8Afe^KE(755Q25^!{+7bu zR`@>@zFXn%DEwW8zpwBQ6uw8{A1VA}g$GbN{twtC6y90k`zySQ!VgsVK?*-u;fE^x zFol0o;YTR^NQL)M_@@+pw8DET{8)t_r|{zyeuBbJRQO2>@2Bun6h1)VgA`t@@F5Bx zs_@|oAEEG33O`lhrz!jlg^yGC1cjF<{49l+DtxlSrz(89!p~9oxeA}9@beUYzQSiK z{6dA#QTW9QpR4c+h2tpZ{}cw*3ZJj=T7_S#@Op(eD!fVI%?fW-_yUD5Quq}LU##$} z6n>4uKd12P6#jXIU$5|G3co?&UsCv&6@HV#Z&vtM6#i9(-=^^YQuyr(|GL8ORQO#A zzgyw=DEvN!->>ks3jc<}A5!?Y6~0d4k0^Y-!XH)mV+!A(@b4>pqr#t1_>&6Xfu%5f<3=16+}?8Rf!^RmMKqVU%g z{#S+nP2q1U{4IsQt?+*;{9g)xSK;p~{ND=yP~jgdyc3j~{{!~&sBJZ!YdVCt?+pYuTl6V z3a?XmgTfmXewo5s6yB=v1qxrN@XHl`g~Asr{3?ZCt?(rZzgFQ(6@IQ6@HV#Z&vtM6#i9(->UFc3jdnIS1bGuh2N?0yA*zp!tYi1{R)3T;SVbO8w&rX z!oQ{PhZX)Eg@0G!>lOZ(!Z#@VdkX)7!Z#}X357qY@J$N;k-~qh@SiCBDTV(`;hPoy zONDPy_^%bdRpHMl{C5g}R^iVne7nN`sPN|%zC+7$9Kx@^jrn@!;&+eY!r&8LJb&l#zv1vVb3DKOgo%GHZ9L`k;8|7}9OT7g;y+m7 zhbX+8!Vgz?cZDCR@E!_3TH(hi{8)t_r|_J@dnvrP!uu$^ufqE&{1k-`Q1~E)7b|>- z!iOn*xWY#&e6+$(RrqNNKV9Kt6+TYk;}t$Z;Ux+`OW~yopRDky3ZJgS_;Q8csPGjEzeV9I6@IJ2S1J5!3SX`8 zI~2Y~;dd+iUWMPU@COvWR^bmS{F@5@mck!a_;(ckU4=iY@W&PYJ%#^3;XhRPlM4Tl z!hfRhrxgBEh5uaPzfkxu6~0B`Pb>U43jeLbf2Z(m3je*rpHuiB6#l%zUr_j;6#i$0 zzohV&75*26zoziND*V3{{)WQ;uJBz7|A)sPJJ8HK;`5h-;lK%;@4UhDkrEzm-(+4q z)PRSX{{c3BWBA5l2GCg!@aG2b2S@(h;f9~b;qgC(!EP@-hQFimcNPA=!aq>>9)*9T z@W9OM=AVM3O`2S$140d zg&(i*6BOQC;e8Z-lEV8b{1k=vSNK4M7b$$O!iOq+xWY#$e3Zh``r-c+2B#_f426$V z_;`g+RQQ<+pQP}!6+T7b(-b~K;WHIJOX24$e73?bRQMc)U##%C3a?OjmBQyKyhh=d zD7;SL4GM2k_+<)jQFyDu7btv@!mm*HVufF=@FfbrR^dw(e!aq%Df|Y7FIV`D3SZ&z zyTCw-<9-)92q*|1;O=9|p@u)qd=B#q;h+=@f6zz+=$vl&v*a+t2aPg(D~HGb6b83= z?;Uu!3BQx|6WRauAoE_VpG=L!v(k&l#DA;8S1J5!3SaH3Yx;l+cp!r)GY-=*+-6n>w=A5i#%3je0UA5!?Y6~0d4k0^Y-!XH!k28DlL z;TskHguUC+V}(DZ@SiDsv%-I=@LwtXX@&n<;ae5{jKY7X@MjhNdxbxz@INU0 zd4<2A@D~-nQ{gWu{1t`&Md7b0{I3fCo5J5z_*)8pTjBpy_`ekXuEO6}_`enYp~62_ zcqdp*^M7D{P~rP2`~Zc2Lg5D~{9uJ2s_?@U{z-)&q41*={wakYt?-@-|Fpt$3h$-x z-U{!d@V*K^S>gQ^K2YIB3LmWSAs*ie2fU#^)9+MM55*qxeK@!fdHoo}@l0>|DGY{r z@t~|Q7_RV<3LmBLQ$2nw9HfltX*|uOLe{m9I?C{?nIFfAyq@_T%=tegh54WtKMD$i zGZa2f;S&^IqVTg6UaIiP3ZJU*=?Xtb;pZy+JcWNo;TI_UB8AUU_-7S6@`CQ;kPRMHiiF}!f#jj*A;%J!tYY}Jsv*? z4jje)|9S4n@l0>|DGcuO!lSG(ctGI~D*T%Y|CYiZ_V@@m02R|2ACF9W)_LI#e?;Nm zRrsR{e_Y`k6#hMh|3KkCRQQt$|B=FfqVS(8{O1b)g~ETS@LwtXX@&nr;ae5{TZKQP z@ZTwXo5G(}`0o||oWi#&{0|EMqr#t8_zs1?pzs$J{wIa+RQR72{*uC9R`_2O{;I-X z_xSzX4}5qAws1Z(-uwyu(qFysC@Kv8rtmiv{&$7HrSM$}e_P@IRQPU%zoYPX75<*W z-&gnt3jeplKUDZf9=`z&sK$PKJR4%ia#@*j31Icv|ABQ?g?Co?ehNQ8;awDdpu)Q< z{1AnAQ~2Qu@2>D872d<+=Yiuf=JU0j&uyHopJ)CqbC`bGpTb~<7Y_;xgP96HPvM_Y z_yr2T(Bt1C$7wjEE%x&?aabIP{k%pT76)QKo$wNY04AxipCgEil|2+rAkK$_g*d1r z&Q976Urd~xA{>4vab9$A_z#G)^Mk{;5ohDS!(S)v&Z>>@-^ArqyzqfTj>W&v4gvo) znD|VOw-CS3Dv!_3 zA^N4q*AV}e$Nxfni^q>U9?{btpF{i^kKaK2cOJiu_%@F}PW)MqZzcY`$2;{xw8P`4 z5`WR-vx&dz@vjnp-Q&*?|EtHRpMdDUJ^l^ifAjd`#NYJzZsLFU_+`Bjz2)&O#NYAw z!6zbm*W))5f6wD@5_eb0Opqac@V_5=;hTtmS2HF*4c#G5?+3*wh~ z{A1z^J$^b3jf*{g5%KFh{uJ@09yjO0Ec5uMX^36!@rA^{?D5-)-{|qqG$h~T@w174 z#p4$fzs=*16JPD|-ZZp--Qx|!@ACNd#P9R?%fuh__>^H-KfdAdTZn(#D=S-TZn(?@t28z{%)8o~|zwPl~6Mw|xeWqbN zk9z!4;&`fj^k*IMCp~`TbPV?sk5>@i?D3xw|CPr-F$3e-=J9&s&wBiO#J79A&p8;+ zKRy0g;_rC;ZsPBI{2k&Sc>L6v82^VJzlr!q9^X#9Qz1U({uG^y|0?i!8}a=-{tM#! zd;IWO7|$m>ehKk|J-&|kQ6As#Jd7vj@lxV_J-(WFKac;Fcz=(VoR9Gj^Z50|hkN`{ z;-fr%;Ab$N(H@^n{8W!$LHu-&|AzP(9`8OI;~(qsvxrad_!{C9J^p9nB_8i~0meVc zrpFf%KiA`HiC^ULkBC=${Pc@3{&^m+Bi`WgO~e~L z{)sslPm{;T5^wSN*NL}z{7=Ledi>bWV*HCdUPk;1kAI!`l^%bY_*EW1@nVesYLCw+ zzQp7A5&xXW|3>^ej}Iur_?LRTiTIa1{xI?!_QCWA`kC%J&0%!yhJ>_*Y!~51?3pt=e>xB_q`s*;m-wrSFp{drxWug3jeI- zhcN#l@!wm1JoA;r!+T(RGJl--b{qZ#=Fbri?}6RK{6pZ~_;2?=oh$IWp11LgX5op% z!+RV^4FlOU;7ReEN8!W!WGgwIg~Y@A9Y!&~ONnPKg%9tarD_b%{E~Qh@55k@XSWj1 zzbSlpFRkSBQIN1+&b_q4hY}C(r9Fz{pQi8{;^BR@l5f`nKfd6i1Nm{g!SIW~lk)8j zC7un$!~1P}aD;y(9^P+z3iDmW!+T(*J|9|z-y7ZoD|{gF@E%yHl{7@Ud569n3{1p3MQtv@_ zj}rc8#1Hf0c}d|P5fAUfUC!_AQH$w6-oE$1PDU_-_z9Mu$lsUO(?5`6EGHvLkL$0>Xy@g6q(Sseexzz>IY^WOZD*_{666#i%%{#p+I1o7~` zm>Zct&+#ngfn8R5j<^)ld8~~``pJF@KaKctHoS~Gi;3qf&+&U7Cm!DCE8%}lyq68% zkHh~N`0+u%1Noo9CjR4}O8EWjF#Wx~cs`}@{>1y(@TYM6XAtjed2i+y5btNX=v`M5 zKiP5#|5f6rST61QTg3ZYF8S~?;sY%2#qWKU_z267V7?M664r;uIN}E81@)K@gKT(7 z=P|^KET72XM-d-v`9kKE#KZf7r!rqme4MTSG(7~_7UJRkJ2N@_NszE!!2}z=ig^|B zk@mgP4=e+Id~l*IcNv#&r|?5;Jcn>RFDUVJYQ*=Bw($?(@W&7zYU5eTd@S)XHaur* zFq`;kmdkrDBYwK&<2at1i4V8&AIJRL#K+q3KWDxjIF{o(te`Dt-ld81&4!n9Jf8SO z%cWdK6Q69~do#!LHR9p@L{cvQB0klIuj257FT?kqY2&A99mraMA0M3HmCFqj{#+Z6 zu1 z^k~8KOtayoT+RfJ<#Hx>giyWd=L!mcjtze}^IM6}v|P&NyTmWF-vz@H{S>w0d*@m{ zlle`==U86Fd@J$re&=(T9|ak8d~m#1E++%;6@>RRN&ehK{F63*@c`ID+>ig03oxGZ z?RQB#8bG|-#5=k!lz4bwRTYQ- z2k{CUzqF$vmt%Py=atvlz6eBYv6XpXTttAimhfa{}|8 zS7H3&ecbiTPa}Sf4KMo4O~k|dyiVlsFB8AchKJ9gpWCj+_``d>CH%LDFSO~D_A#V9c)ytB z{}fQ9dj(5v{F2T};-9x%^6d)Z*IO?0otue&#e45A;>&D!`Q9$q;d^heT;e&F_*ZQ_ z@?BRDUv9%oJS&LbX!#|9`FVtRcn{j~%y$9D{_`Pjh+=6ya4Du|g^fq@p_us19zTcp zEtXH__%A0O-m`Wz^T&y=wBaW)e~x%~|5}duk)Ox(+-k#1{+~hoHp>Ta_%h<*edxlM z5D)J|7k(Grr3QlD=pey5E`;(wm_(>5N7|D0Peo_lQg^Emyt08h%FJ1P93Haw_v z^z(`m{%wVSpztnV!Svi`<3F6^KOJ~ddL}7+mcq*@{)24%l0SD4zu$7HKTRt!J>h+k z1)WTSo+KXL7kL(^v*4>3KD-xF#-nqIhxbUH$l>oN9^Mx@lKH?}F`n?gNU3j60#C|^ zUnsoOZ5YpK_PfsE_>TdO>27H70aOUH42He4XI`b;-*q&y7Df5$=k79le@Z*D% z4&;9ZoA{4gl<@a6AAFPv_!AEQ6!2a_c+axr=T73`z08uI9}z#*e(z+CXUZy!=QpAwIfFsyr8F6n<7IOhMWoItUAzrlRhvF5v`aeF`NP80t0;|wokUJSff z5Z*T`{l+!K!+S-KHjf2Q5Z`9M_a5eltfB9+d?xcth==!C1BK}9qPc)AOQ;3K6iVkM}u!+a!vy|6~cVql7 zSf1nXw-JBQaw*5YkRiQ-otDqx@Q)jA(<9}0^1UV>mU99dJDCTTFyGV1{QC&zYk4$MkIAf`w$zPc4NH?=5X&{tx2e zJ){!w7{cK|X4D)B1|AYD3Qw&(h{5TkZFrHk013=BA zpR<@h#Jqv|df>f+0rq<(KmShrHCrydIQ*U8#PI)Zx#aWN4+Zg^Imdks8Mf`2cC7wc%X{Y%f5&nOznu8Hmdkrj zTZi#{V7a_^9r5=qmw1l)4u;=jxrA>a{*mPpek*V+ucHT;jFBBUXFP)Od~D0*c+R&k z08i3e{zl;|ZFm@V>8JR+6pwwc#B%}h0vmoZhi@a^X@CA_AnCltgtz<>4)8`AfcRk^e}VYnmXGE5Pu_s>cei{f^Csd)S}yhWJH(H&T=MxH;yrABN_h?c z9>(9p3%`i?r!1es?|qW^kv1NA?}sM5<=o8$pZq??f3)Q%aXjOQms&3AoJRaO``&>Z z{&U28+VBT4zmfQ{mX|XBHu0Q|N6P&LCH#lPkF)VeyEyU(nEqZi9x2CC;wM;sGQal{ z;^Do+(l31pcv3&`Aca54#=~k>@Jr%-Eg!=1|BLv^mJep$dn2Z^zvX?HUr78!`(0-< z|2gr2Hhg#H9}pj8xqR<{A7cC`*?4$Z3Mz;f+3;6#Jf9~%*z)DfyF7vMoMPiShxsVt zLv46@?=8f`dyV^W_`8XZu;FW%Zzt}LkB2{r?;T{{3(c8+{ttIw0w-5d{J$WF2*`ck z5dsLroz3O~1aeGZlaMUC;gD;X%ucckd$BvaNk9=$4u2wEhzBSrDhenncp!>^Tq<~R zC;}b`Dqf%ha)|t^>UDL0-#PESnN9ec4;uJRz3S@f>gww5>h3PVcd>koTW`5U@R=6B zNBIkWpv6_6yWGnB3zq-IhWK}HY3Dl&Pqb#oU-GoQU|2CmtYUw8%d9DyVoLBIu;Kx{cmH$n5aJk2Y@Y4i8-r_3H zwSt!{uJS)Dc+u)@ijn7-JDGpQ(jQ{*>je+f?|&E5A8z?{8TtzZUuOBJJdX-~ip8~F zyWP!v+`Gx@C+7+t_P3paA8z?5|4Riw!s1UGd2SHA*W!~6{-WSVTKRhnKAk$wq?S`H zy~_Cx!TUq_oq`WqT;*B+2h7L4r>y#)D)_~pKoz3_X)w>JIni-a<~04^FP^^JH_B1 z75x2{kLv%~82YiFFrRS#!vlg}Z27#=@IT1 zpZQ;9=~e$7f}du~onqvV-ttj-7Cp#(K5KEU z*ZTz@wtUq7e<-+n_gU?H!-ts9HI|R^UoNvf{w?mcLY6YdxM9LxV8qql<}VLtAiXyrdB_^noc<@1E#w}tQ(k20V4 zTmH)p|6d7ydx-wT$C&>67T?m)zen&pEUxALOz^ubUNZE%{hImQV{vlt@~21eA6mS_ z;GY-##};ol_}>M;*W&vc{D9vu|DRfXvB6Ih{O1-|Ie#a(dp~+FLtpwW^KtJ-&ocN% zzhnFtmXGRxvf#h8xW;cs3H~dKYq>WF?%t19K6^dR{2#US%I9-}yZ56N|Eb`&+jiW^ z$k|Sgk=6+SUG z^s48}3E!h-mp7Q=T5dJ}@|76+I|X;|Sx+|foBV;x4X-~h5Zt|Ut^M&sg1dLF6@NtV zr#Db}w7quzBlCaO;_7D>3jUnMmCr?j|J2rZvSIkJ;O>3u`3B$hPs~3|f12Pw5AnG+ z2LFrT?w#w|hX0{YF@N{Yb-~~t7yKd1e~Q7k`!mz8x1ssZmP5?HoGy5n{%OH~Y5Az1 zT=*B}^E%5%_4#SR*RimkCvT6 z{oM*N zn105yOdsCA_@LnKoo>~`lY&pS{I$M&KgWDJt$$GZlLX(-(w}AI{IcM0vADM5e*_Qj zYs`M0`MdYKwcHN~?%wZK{I`O;_q$b|eg4gS4z%TJyPPce%OQRKUhqRKz3Ow`3(O}> z{{z9p`!)N&$n@@AZG=geTn(cwe$xVJWe$ z`0;`lEk4EIs{}vX;yW7r(}KUjw(m59KTY`N=HKzJSB1XA@>y(tocA)zxiExZD0q0C z`9Z;twDh|gKD+#f`Gn^|CkXD|2Uq=kUhpNBkJk4&!Ncpi`@F*Z-FxCEn{rPOe5vI# z*Wjaqzs=%W?$v@HYw~Hn2{pB3NPquut+%E}U zwz#&}-vqB%{H%4n0y`HOp9y( zy-@J*I@sp~ckh*JeV-8gEX(I4Bj-kRuwqh+d#_yEYgF)aExr1IUkm>35dP*3nNOG1 z!(_w%!-Ai0>1P=HmofCSU(bBP>!=q9?%q9DdHyN5d-q)NLpEYQCs=t@4_z_%a=}ls z^g1q_A^1gB{+UMp+XZ*;r!O}6PL#M3wZ2*tJiPw-F~OJHa#e5ZY|MPzd+VyV`GSY( zuNOSL{`s8Xmst5#Kc{TM{4WjR*9ksk<(Xybb!!a%fZ(TFdez&X1b6SetKM2S<#In^ z%T>L-NAU2v=;MN~w*2=n^1R`V%;zkNPd4~U!QFfDs<&HX=nvS8`GnUkR|@_qE2rx1 z4}!b*g_DSKV!>Pz5P(|&stpdw)YlXZg@TO-GYD6 z^4ETSx8PS>J{ov$wpSSete?CWe)VP1U(0|d=>$tP|R?PoWE6-%Z zf3@J(T6%4-TVm+<-kSM@*Et6S|B~gS?ea^(uMgpSQUcPXmMg40YUeX!@I``u+R|%# zog(;GEq`sVF9?2v#kIZG*_O)gR63zi#=cem38Z`Go1;A$WLw@@~Pu zY5Ayrrf<)DZVKV&3x1=ONA3AjG59wG|AwVk{rp()n=OCU&yG8Ax!<+8>Sv|k;dRRg z1P`w(F5Hp%gx3jg6Fj_5IBzGW53dK_CHVKOJgT3mJ2U-l7FRvIlkh0}f4|U&*X!;R zJiJ~vcNgaWeam0Vy;|@)EUx|ZlwFzrhZfg-wtaSE{9cQ{(e$sP;NkVUs|CN$(rX;D z^X|;&Cl=Q@t@#p{xeIzlPULag5PiPDF#1g59S|U$NQ+@zqj^tr1BB`0n11I z$%@JW-I&ofpY^2x6xne|TN-O2L0` z=~ZvP7yOSF*K+sWSM+aj<^O)c|7`Kks{IK5SBtA3oAYMo^LL9cHuRSZzMjQ(zVp1` z8(3WR+`b?4c_xIPC-^@tKHc#DuHYM4{7{3Ryg&2V*y4K|{KtYnYjN$TI~~CE&s%(o zq5pv3n_7HhgFhzt8!fK=^w25H=ie6Be)=`R!}MFfh3Pl9^x98{1b@-u+AdEB{*uMD zpB~;C&F3?MZ)xeZ-QQ4P`u|v5`{`oA!}Q+}d}~Xud|np(zZO?}tF|$Jd;L_4;$IPb zCrhvW^!qXRLxS&O>9wCeCHT6pH_g$a_R~6*%bjHDk1+)A6?{EQuljsN@bxXOc0St9 zd^WVW+WEHy-^k)>=UYx=`h9J=YUig4zMsXiO{L z%ztBBuC~`Df`{qXpTYFub;WMMH?@4UUG5Tmvk<=HOy)D)%A@TyJqGU*e5R$>_8Js? z3(H^id5hp%SzPtG+bk~k5X(pPdA8u&So%(*x9bGo&f+5m-{?T*vxCL8zLNys$>Jv) z`lAKk#o|hTj^Mjle2Sreg7B#L=PyF<-pkf_X{Uo&o;@rd)#n1i-(+zeM^+1djMc*y zrrfIqckg8%Vekh9-_!D`82ohybGaqUN6TFz_+(43{o*{q_qO;whR>G;-`C;?8GPfn zGXMQ7u6#NK-{0c%4gFS!F#QyZs~`KW;H?(dc7Hn^G@yGDto+(8*Al)*%K^3@X1V6&kEB{@K%x6Iee~;kdb)?4ypKa;YuJ)SGd=^>!XrqV! z6FjW9?+Cuw(yRO}hcllKSv{*?EehUg=~ez~1n&yr+Z@4s!s|JMf-kl7D(C%zA7gQq zXQvM46JEFJ5&Sqyukzd{`0*k9;04SlyiW3Q!B4dGD$lwLnf_#pt32}s53ftSSMXCT zy~^{9;LAez35%G2cpczI!Fw#d%Cp0fOuyXXDoS$q{&T^@^RI1>VfwQzy~Z0S3;v|lr^Z)z z3x2MpS3j`HvCJn-KPGs1K6SI;=UYD7zJ=qM&xIEMklAm#Q}F+@xZ25fZ)5uKeCl+; zFS7J%pT7|N0~Xi$(e}qPpAT7F`F~XKPgz{;Azy}5197)o#0=yxa#xJQsWw^)ddq#TOYlj}ZI`i>v;x z5d2AttNx!8{Ersb^~uvtW&VG$xYqY3!T%P*cRY>h!*SiofeqQjWEUtF)nBd{KZq5Mn3CC~e3;u7*N9FvH;4fNS<=kPA`Mey$ z&k+0-i>sVJ7CaokO&wxB;rQ)L!C$p}RGvEoU&rE%=6(kIHkW;2T+7<=JY4`D`4*Yl3fTah2yD!Nc*}0i(<(9KVeTzM18t z^4uc$78X}|Hm@6QO^g70AQ4rAw!3LcK5+Q*sC z#g<;n{e<8Qm>Vm^~X_@@OA$1{Hr z{N2_*b=`9LYUZ=2<#UhG!<~Xpwz!UW$DhIU`&fLcp}$%1H(Olit&`4V`Y9II{GX2q z-fD5x=br@+$2pyEXFeBO`Oh=uepv9|TKqzTe?{==mcN$!mUl3pODz3tLw{xrez)M4 zT6*=vm9v=7Ov_)#k>>=TW${xD|0~|f^dGZ)_BHrl1wY8rFEx1KY^MK2i2iiJFSq#d zhW@*PhvT|E&S5@ZvHV*N{f7mAtHsrB*FBf%!*N&lUVwi>o}p7CaoMExa&#y|J5c%JZ>&)DDLQ zzr*TN`F~CDlPtaFIc)PD=5wOOw={Y_MDUX>u5t23g8$s|*LlQe1;5YYTN^$P5Uy)< z29m%2CiJIR{;Idp|6_R`3-P&1@NoR_E5VmpKB|W;-^+X|7FYf!3SPCi#%Z4ve1*kT zKlchAj*GUqi23(gdM&p@@IH%cxgQq%G>fa<{z>p~ymavUnE!yKS2^Dy_>jd_&g%pZ z$3_1TeAv>focmtP{7<*I$~h|dsKr&zdjt>1OFO@x`HWe5m9s4PN{g$Umk1t?mmU** zm8DlXcc6(F=JO6quX4Uk@ON5V<-Abva2$1?;AdNU zm2-WX;7@8f$KopI62aePah3D4f`{X)7X&}g(yN?r{V?;tz~UL$T2wDc;B8q%bEUai|c;tQ-Xid;yMpK`IAh4t;Lnk^MZfL;uTZwp`T*< z>n*PBb&23#3*pZQeuKqTZ^bK^&(}lvd4hk_;%YxP2p*1S{w?^oEWOGzzi)BX!*hb)X>qlm zj;okYIR3d@@VhO&@_AD5A6Q)Vw)1D1PdNVR6a0skUiJ1x!GC0N)!WO0-)C`^^SIA3 z|8QJ%qu@WW^veHL!GCITjYDRCp7~TQuJt-s@D&!K4x*1=NiGo{KWuSruXhXn5sRz++$i{OEw1vkT+e)d7s3w|{K*jh zS;2pAah*r6`xWN%vc=2BpZ5s<2aBtpzen&tSzPt7;a8bYc)UAF@TV-j?$^93_+Kop z`(L%MF`vI#T=n*K!NcRibApG*g*V;6eEx3vsNMzye>#MJPVj$)@SSdCKL4<|>g_zi z*SC2Ks<(d${;Z`}y;Z)>e4e+s>g`Iw!+!o*!T)XPRS$=JgZYI0`~`xC{roM0zhL>O z9=7-<^Lf$YD$lWkhyD4Df`|R{^MZ%{YWugCf7pMH3m*1+Hwqs1Z!ZZR_Dcuf#Qekl z=Pbd)e&aiWhyBC4-)27Hemzg{aR0qP@W-v*bYA?F;ICL*^*rll=Ko)dpKkis6@rKR z(XRz>v38~FS_gcG`K)X4Qw*Q`1rPU^t-s6k&)9NR&T|Fd(DG3^e=YdyEv|BQ-okvs zcKbfT!}j?L!NYd7%lDYiOCfpAAv|h5;d4U&1}o38roNlp%6vAlxcZa#3BI1iwZ5+i z{zi){pW)k>&*m0aJ~s%yrNw(pxi1U8wZ*#({<+(k&$brVedlH0XMB5$tDe73_#Q2- z7T@0R`KjPjL-^x@PY>bG3qC7^Z+ZvwKRAT%F8HA#e1_n2Lihr~iy{0Z!H)>xLxk^c z>VkirEA$I3y|(p72-kl{`kRIREtbA&e%$lUX!;`w-=n3?(r;(zdj+3nan=7Bg3q+L z%5bsZ2U&b8!{>8?A7XL!liw12w#AkHCxXwjxY9o^_~9Y^Il&iLT;<&GF0R*+7FRwy z60S0%-r5*n7ZLB@4~?NeItCwz!CNZB!^?(7rqEw4rQ^G6i)NNeeM5bNeKq>e#j{GK z6@z1?%Boe1+6tvoPjz{DtiM+3AF7;I8XoHJtE?_ES$B=T>Z#Vsef^8trj<&={pH&7 zp^<^o%5q<=RPOIvF*r~itc7WbXSp^s&{rvq4)+a~Dnny~wNfD^U7OHNr{YFy{j;j8 zs+F-?-_T&&cwy1h(dy|5zYdp2;(wh*zm~=Z6FE$S-#rB`Doj1CI51pW-BGI!bk+=i z@3%r*>F`BM=FDDHDlIM*+GbTq;j>4ov-|st{Z&@X=;EQlxkCfPRQ;Y}=fcI^rFLfH z$r#0>Fl%_ETC1(@9O)aZbqv<3BZK9B{IZMMWJZY_u23knEh~?*ifcr@qNCDXD-84)*kw z2Rmw=z1_80)xq+z{%WajdB>tZC;se5{$ zB&X5na-!9fRNfp@9@VQ@oL9Dmf~C`dH8eb0pn-%9od%(SVfnWXQk&60UDXvAcej=b z(@NyFk%MRc?VjOM0c+I?SVU9Tkf13oq*xp$>)?MDdUa|a7#gp3bY;-g5*nEb(?_cO zVQHkgygE`HtdOH)+8R1dsf6eroY#wdSJlZLsER)Vid;dG#)%Dmm8rR1L zSB#ZMda6BMO~pQj`^JaX-U!u{j$mAqtE<=5|3`a3cdd;^6xWphvt6CWi>akjZ?!yJ z8l|YR^8dM&>Ie#EO4DE&jJS?#Z7^y|7u3ov^2S;oh-9E2sPgo%R2!mkX=L<&rv+Uj z^7@GDj531AY!C*j$SKuC#r#caPUlgzqIDv@;M^dtc1a;SuQ+tirTN!9FJx~kQ5fCy zh>#{Ow9b;LNhmOlpXlbNl(1$YuX@lFduh!2L?iam#&(%xAEZ?BV#8yjy{{>iw!?}S4PU%uM#E11 z zDx66}$*(v+a5I?~OHwF4Xj(Yiiu>(B~irOcadv=230 zt<0TP>?G^)elN6_=9{gE5^elc>BsTtU*?%#j7lZ8QH<=Zt#pj+1PPapUh3?$ui?f-BopairVH|LO=4LnF6dm?+b~yu zGj4Cus&%nW?OTfra*@Qdz;=noyr{gTSmotEr9-U=Mt z_NE_5AXu_>M7UCDYmMK1E(wS|B7=v zrcoitM0^?5j17x-t7!G0wbU-+Q2g6Tzbsj*BXFeT6v+(4N=_E*_%U}1r8#k8Nq4DZ zX^FSOWeDdX*y%o6y*wbrmILa=%1xk#M4TpS$g5tghN2y~9jRYCig6+}PdScfya{C< z-PM_PE<|q{ZF?MqymnM9;T2C#o7FqL>gBP$*Op?$PDG^UDaY|lust^fNwA+QF5*Q8 zPSJ6^5@#X}mEnA?joCU9Gld!|al(4@<{Zoh-lb-Nk5n#ZH1Oo?2dY-?Rsri^}X+s~!@ zhSt7#?$Jd$^_CL@OK%h>QqCy)q3M*_H`GJ9eYMmD(C|8IXsk9oRLMMG`bWuEVOzE{OYxaodU-Xgh^A` zloL^jY`xZq^sC6i$u{79O)Z;l(Uzodz7v-Fo#2AKgbGezi+ziO`jL=M0Hs8wTi0~5jMwr`St>Xs9$ zBl~4j^<=q{ssgjVSY3Iu#F#$PBt0dT5vwEls;T;knGwh8M)a99cWsh>>Xs9$Bl~4j z^<=pQ>SK{V%a11sg`bHzCq!c=^=3`lkKJ)siJGBHKg(9UZ(Z`YxY{B+VU^Ku+& zEuXn8tmG-yw2KCRZo1m+l^oKaw_i;Lk=3wyx`@*}e>j+#olG1_3|?+>{zc=xCb5ej z#dR@aLWl6=LSp@{_nA`)WvBS|d}-ISGhLX-hP8xL?1izqWtr<^pDHs&s&PwKnV8sZ zA)`~WMOb;R;|pS^8FnTSH0GS%H+kX7*ZXpopzAHrXF~2GC+nc_&H!DnY&vV7S^1Vk zlGd%76dENJ5!*ZYBd4023ejfdX%6M~O)GJYXiIV_?R45?BMcq$brz|hzpI#esBbNY zr3efMNlD~vD3k!;_GD2|UmN;LiCZ9RQe&nnE4EdAU%Te@nP@Ns6vMf{2I_8eIS=e=0HBuTpZ)LA@e zVtu^jfvEbR+52omrZ{U%LRXrXUy<62Buze>YZKmnXm%a0F$rN(8j{il7u4Y1X?Dq+ zm1`YF`D95)uE_?gxXU{^y_jcc0S~MThKcKd%tJF!{oN}wI}FHaDs1vo*{%aC+VMWI zZoCWKG8oiS)**=;Tub$bx#T>lzOa*uJ;niPal*12e zA#v=d&a~L%@A^7mh4h$vZP`tmDGHDaj&LPC)FwFxE?q-s#TbVeYM;bW zDY|u<=TptJK1F}>4;O2zPx+;Y@>qeRGOfkH>{HHx&`8BIO>uW-V?Ifz^@crd+n~j# zjzl|X;!Shjf=g9*OCm{v)f?uTD3}@3cuH7bV{TAMFqGyA=Zd4aK9zvUTfNX-o6w|Y z2uLSbs$r|in#&|${o$l}(pk5kPIvV@Y4Zd#ZZn-&exJ2QI)uN-q)t)CMTzJ0Cd(So z2T$WU|0=}Bzgk`U$?1Z(x>IwRKk%eCwNI>533Xj=5Kb5*gm?lfp+dyEr{qfbTwI!p zxDT3N8OOT;(^9XKrZS$pZhl2{J`vxMQ?yE!ia7V){K`1q`CG+#+%(N%sGDCECq~Zh zq7FJuErhoDbx;v<)*$4<(^SR(QSnK zT}GdfPabDHU!1di`M9C-!F}eF!7*q^4&(ju$>4q5Q2F4n^2y*BG$e<5n|wl;uN#uU z^A-8Zmv0*?J0H|bLrUBqX`YuE=7Xqs0VT|HRq zow~9tuO$#CN+}$r8(sK1M9Q?UuBeXi-7d7^R4Vna=+{ZG|Bn9Y<Zrc*P-P;Rn`=jfwk8HZO#vs9gQRtD+`X|yMl#B#JM?^|#S&K_JXn}@SX zN0!Q!N_BM98#gGwHU3AQYXq*@X>-F(;1_xV!N?!@W*&bt@7O7H4fYgzX=Bx@(r|TT zbcil)?yIdXjkm^pW%%*E>j8!{sSZ_sg+fZ~u1y{28|)Y$qoBtZDE+}EZ?+GP4Ui32 zO8tEU`~*aAaq2*Ml@l}Yb1nJjQ{iXa5tizej$e9=e}|N78NiTfq+iG<~mpSWKFpLjz%*E}eg`vpIl zSsv}?)$wXXZ34gHXQUcFNg0+6f4~oBlt<<5g@{l5KjBA(*77J{edKEEt5o>ssE=K} zBR_UO`#zpZdV%AN;ffaOQ%oOq9Om+iGZB?96oAOPc`G1h->7}DMWmq4=ud9YgLf9? z_B36Bb18a@_CL~n>fDHB>ANz^IiSejop>w=U5KA3w)a?V78CrT9!I+4&YUw# zrz;Xc&*;T{AS9X~8;Y$VcDI5k=2heiVQ zv?3LA@R24Ld{183A2j#Gq&I#9q?#w~boAiLKDvpnt2#;}fkziO&*`i)_=9O^pXLf} zp6Gm;SaqaGZ|>0jRm|6P-@xy5!{n?Z%cl;FEafL39Caek$VYZUAlZb?NlaCEhy#c% zo04;l$)hLI{;?3kn8+hR5qaJ1+-*G@%klNF@$W{OsWcWwjED>yx!w57pv0%}tyTme zZFz)Dn7b_i((h+BPQtP?$=06;c3O?Ky@*a~;?8ffYHZ8u=}c!rsNK z;;)PVLQey}8>4Mu3>6BVHTKBGiT+W7f1g?I>FMtnTs{StPB;>{e3hQOM zB3W;!9&6H?MTpGS?0uEan(bnlSaj6An=$u)I#ahS0_L8US&Dw(rJ$I8V9O)7PklDx zs?ZpbT_>?D!W|`i+3B+ALQMbh4t;6=v5dog$o`~r3uz{wUw0%CzCT)usH#TvG|M?v zZ?n|eu~YOo`%OFF8td=p_O}$nhNbm7U)ttfgT2y8n6+oZm+5+^EF)9T%yZb)KOD(C z7l)%fEK~GU@343FBf->{HQ!u^I~JMXJc9a1L}nE1=#`>xIj~f6?|mLOIwGs0ycSDO zjB>a_QLz_MEi2M{Me@X3SHf8Y%E_hP>RV$ZNUq6}d_;OYP$a~fh8>19J`K7NOB4)g z-^BPZyWS&wg;%Z#6q83;lp}?Y5YFDHJZGA`>+1It-tQ>}XHf|a&UtKO4SEWxPcf^P zFkhwf5aLo;9kJtgC1{HDOs>y2SQaV9?V7Lnt|@2FCIUD}Eq>edmJ%{+dy zY~k)`%hd5(j4(WYGaTJFqsFqRsz&rlTX_2M8|6sRH*E=V<2Un5JAR95BzR6+=QY?X zZA~-xO!%@+@6>qE+x{%H23K1Bzhi^D`39MCwp@2SS%xglFk@ti3@vp=*-)8NtMv4@ z*CCozi)qWMEBXe7Crd_KTVn%b^e}t1?h8n~v6M}F?Ue8gV&f~%12n&;0X$NHbfeoq z7ljBVejl9PRpx&>%$vz}qs05NZ@_Gx&I1m?lX=MAR9IMy) zy{qP|A>V1k7cN0{@Rf7vw&o=tzl!~x)_a{@-bKQ&Tns{Deer3~U=cf!ObjaUb(fsA z3tA7dN0UYzgmldf>dAZERZtek93=r%7sY*vFA%MfL(S^qc$v3HR}huIY;O4Y8Ws2o zj_>t8vWWia`#mPC%Qnt%HHHKGwZ2loQRh=qWqg@83`eRWYI8Y?Fk(Z-C#Ek|A&P-- zYa@n00!8dz!6N2R)EQry=rjT!kBGkN`#o~_^HGH3{iw<)l@l12c}no51rT~+F{h{Fi%n%CpfFV~ zR4Y~cs{_@+TE}s;D5Ij2x<&h5XiY}$UCk?_bZNNUH&Rj=ik#~%Dfj|qb`5GGlCR9Y z$(Y(qeE`kYS0bEjBZVyTG_$^R7h)6Z+gfrJretlJm>b`baV3uXiL8owYl-#zN1ja} z=g;uIYH%6ZL%-?e;bC3?HHQr-JGN5P#I)?(<`%-wKQc!N6h;S!M<~l{c}uB8X9B7t zwbJr(pPaei31iBHh<4+_yN{S%D0R>Szb*1_M-LNT_5OW+AEoh|HYC?1J9dRO%KW3O zdzzO~{#HlC{)N=MI88{r5h8o_jWYSNwutKR$qzbSM-4wKux(4bv-~)*JQv#T9i|y4 z{q!xPCq(50fj3<6z2`N`5u07==%j}@Xh@KLJKux4=Mh4?WW}PHn{l42$;qPMNFm)d zdK5Oc>hT6CIV0kUsK{yDUGnaitF;jelY{F_I==i^k!5e1m(ySgr#TE^b&8zfa!S~( zzjmLi0&bAQrF(vtihNO#{~-hLk~*D7k$50iaWs;;65$f_bRoc8F9e`n1GDK`p%-Js zu=+>Y=zX~ZWQtvcQK~j~ydmm&)$%|`g~zvPY^kP)22z|W{Y6P$w#yLSn!axxLRZmv z^)m8@>D~zr{LRFTlD$fs&g>stE|{R=_I+dpA+y^dlB1|QnJyL8Dbxg+k;Z6#^V=1l z%c^fz5qZp%3CkNdWFi#PdDrC!tfQBlO-M3&Cp}H1H{EMyeiJ|%$+3=n1R?639up>6 z-N_y#FET~xFUna)Wr+C{oA#p!jZ>6w_1Df<(@HJ1>3MN4O3JK5iBH_84i#sr zQGFv~5cLn6X+MfEP4eau9jcz5X>iCkk&x}2$l)vAwDJ|w%we)_zs)CNq#jZmVH3*? zTBbK(hdrpS+{md%{W&pF&ur({&#dzZiwiQQ6Udw24}levG=8;3(diyKEnKlxly+tmK*s=mt5ijnegZ(pU{PYWV)=)P`*6%}Cd zQ&7t&zM8=+AZET(Z(M9*r;2oFk;7FJ3svvo95;{7`3j)fOr(cO7lF?4M(lYy(U`e> zXrxpvS9mfH%vo3 z*|N9OwuDllY51d$+URbeYOT~;?WgO3^6&QL&m`$0xp-*zr62Gf;R0G2CaKwGMbsG- zA+0Qrgr^{NdzfrW&=jPLwKRRC%ICgIbT3kMgbq{D6XN6rJ+*K|5EO+sK>1}BU+9sl z$lRF-Gw7zJUb^doT(fr|jf?kXE#=&kl_V!XC7Dwr2~yB@x4owr1_QdF`ApcaT<1 z5*m4WbR*|7rUa{~<79HD41!5`r};w8BA?QNHsm`h=pTr2@HM+Y-m84HaFgQ=Vj7BP ztJA0Hx!&>~w5ST$*lkruc4PM&k(*Y`; zE@EBU+ltp*0$N-q6^34Q4(v6y$!1^0qobLZY_0LSbj56x=|&G30FCN&_g;0RB$s#* z5%0AcFHo4ui8RBjOEL_WDNUJDfIT)e2GdfI<1>AEUw?mTu!C?bgceR#XhF z5^yQy8m(PaC_7=r(8y{c<^+JkH2X_!q|EmK(vV)5VL>J5`;=6$)>6qUuvCsHk}kZO zK0-+ZLj&e2MOSvMyn=`Bm?Vn`{TDUK!uu-g-WB&bmuHvV#;JW~_xBG~O1*t_p_R>Q zmOK)hkeOAe08^VynU&Anws3|^=3Y!jc4UcaNNbeMQxt{Sovx?kQu~o!4%x^U-E8FD z>zSR6ZLjQFX=TId8yz0fJG!!$PFwqWAw%|$3)4vej`z!Ke%x;*5s18rxeJL+FvYoX zUC7RATYejr_FSU7(>ZEWpxRI}k=R+@j3(QcJI&3vnd`(-RLaBU3SF#f4~%BzqBq@2 zYF&0!@CCExQeC;zG&=|Bv2=B$z>_%-T^*fe)YsvqRbEXn4LUdVvV z!<;g*nP`L7s6)?n>L+p;rgetV-@6_i{k!O-9BxML zo=b;AJ(T7mRm$5Kq5-zIw>U1NaTmoAJgql_pB@A@rOhPm%U#f>kGIkITI(GdT4|cN zR2>-^8lj;-=5uS)$+~Crx0*3}2}nYd`)-+UxHfwlnw3h&K)cY8G>MZs=D%K1+u&<>~3VJEc)+dqv*vOXSsNCzLGbg(+o=TFLb@9Hv}vz_mq~8 z4OVJ>LxU8(^!KxqC)3hJ*2EPq8ghIqT-nwPWfww+=Y+?FlPCNf$qwroWKvsp843j+ zYJ2Eh3e92taj<(GtfN*PNaI}0b%P{GaLdlWeo>?$#XN=#+UCnx6V{G!MUh^m@P?P@ z8YkYE>Mb~sS9Z@a=imZSO#FkZiE^ZByF?DD+Dp3JugMdncv}x%ZX0YP_367QRHDSu(*f^t1@YSj~BjoYWC1tE0Z-OEg>>%=@cl zo&Lkv6L`EACOs0ccrzHN2n|4X$I}G-Ns`k}HcB1{(7gdoFT0QS37p$b2lqn$&9f^x z7L~%YByvgRSrR#<@+^rQQh65P&>YX=v05vh#VdLOJWGAX6X;o@3(xOagkOW6#mJN} z#HaEso+vS0(C=Ad*21F>o!F6qVn^j7$y0+;5J)SyW68W4ZE}YoYJ_o`dreuwfbDrxHiY7Deeu}tqm6k#W&y0 zrDQ&Ft}a1zVPnkf<@odcHIX)DN#pg<-aeIzcT=e00edJX#o{82iFIo$wu&RO0 z4cK0y`z&ZHh1Y5Ms7+g|nOOVQ8vRr5q`l?}Ro&-|D||9o&O#?>m(Dk0(3e>)vdrNf zW2W*WZAvZ*i))wE^UXvqXQ9eJ*L7mE+PBhXw4`hSP%LoA0<%GM_l-l^{TF2j+M- zAtrIj3S%Cp^*W~Hqrz$xlSxPWQq0f@u#o7^)cC@aT}-J(bB-(v$AvS zT|8dt?_huHYoeqxYvj`C&%E-0=W%UP&OnMD8k)IBX(T92-7NNc3YigHFNi9YbTA>u zw7fQv3&UKS@L{5QEfOtFQp?bmVNr5YUF+1_lAF*SzCno!%{q;sa%o=FTdkaCbBhK{)=73|ycO*(^vbyxt(P>B z6v81-rT8K=&3iFvbZ8Uw+`1&iluY)k%+@ND0ZVIOqqGH3sg-!+m7guQTi)5V;q`$~ z=5S;;q%EtgEl2BPYGJgkLRF9hgOY`#H)J^{OgmCT!=rp$n0;_bw&+Lsd8Uqp9O{U$ zPv^CiMci7VghjGVA2-U*p(G&b_wpPRUtLw|TV6jKpg{%TxoNqOz^iXqK$`HAAE%xt z_t(=FluYv}%fz3PP22Nza?)q2W6$X7SYLS;KeG>4s$&dA_JtfmZiIh?s8 zh4+5^gtl(}Al66J@E%IN8(LCi3e{oZ3t(beyAF#qQ)Z!Nufx`HvYIXaq#aHu~H@M3Z>a|Q(>C15EF6vloxNBV}xxqhlsh@s#G3ZRX4DY;9um4 zO7LyG(W8OkE%!=dz#lr+=a7Q=VNRP;c+z9hmm86Kir0!c`-14kSRtri<9cICbA!FPEJ zh0J&-3Fl-IM1mTJnsv*Ku5abHgZfqs65qTxlu!m1?E`z)1$Z}7WZ(NE{m*uH)JQcO zxvHZ%_rZ9owL98bl^b*YNsf&{(vC0J*QEN|XwW}*PPnGRM!<#X<`Mgs3I}^OyC+K)|$=wKH?4Jj5UMG$&KK6DAQh-LuDk|UDVDFD0bJnXGV#S?GKuKD;3W0c4s0fxM8of>(Z%&6 zbQk;3a*B-tB5{gDmrePOt=%jUh_4Om=%rg^sacA2b2hcbQo21ZJl9Yy^5rsgZeIFP z-ypvT)}de5+g9ag8fp25m>W+Lyu+bwE!^SIUYf6G#(Bwx_D$!|Ut}nQ&sLR8V zanalp+q6qLl2*yji8$gRA8v^Aggf*X1ak!?t)YUB1>&tvr9c zx41^M%KoZvaD3=A@+suiKt6Nx$y$|823ceIe)W;Clv_|M%q$)0bqq?3;al?Pss+}n zOPMJ|9r~rO%|Tpq@RtB>jcC6faZ?FzOL;kgIdYr)7YFfHQRLV}V_u}w&pIk|GY^c_ z_;!&2P7LF*gUTeoEjdJ~_5h-8>1fVX9}>(#W()?tlEP!cQ5UbuVm6Vi;g#_ z2=5wDY0oy2kgiK0_4Ubn4n1Do=zakxK0+mtili(as-b%xPAz|#-9ayn_z+7CRm!@mMBNFdz%zCQN7J$?pywa-sU@?+*@qxuTk92 z7e#Q?OWp=Mg0IKP$)6-GfgLy8>*^Mkw&&Gl1X4HB`|6gHt_RjvNII?$_StZ661SUFSlS*{mk~(aNUy3}PP(2|pUs5yuKLBs_AvWtpqDw^-_snP zqPJP%H5yNNC-2!XBo)BzMEQbk|Ex1{_6~DvS0iE$w~zV<)`>lLFRQQKQ&)A0<(Pu6 zV;!r?;b%R`6u**?aJXGcUAu?dMFiQ&s<%EmQ76qs0y$|Oy?mBvMl|tb51nOAb)j2S zjoWURIs=bR57IfCLCWutj1s#)OPegbTV(dDB_Bhsu`=OT*3AiTo!pzk*0I1`$DG|J zf$xNMq}|i}nNL`UPaNke*?UYuZyl$)h2#5rrkAT+s4*U?j-QuAPbB7hp*zX_+CKnZ zcd|lV#ctr}_K`gvUbhwUorLx*J7#BVVLqPqH@M{5{p1a*UCrP9r*5 zGVk4DMKXVEOSX5HW!gRFF@>hFJaGu;($Td)p;WrqhL4~1@h~VF@{))%drba5xOA3r z;^~RNk8EOwg1*3*H3AW()z_Ifhi;NrFSJqaWq-L+m1o8}7Le&v!*$VLkguA%TL#se z-3)#C2gV6Z(9)!G&$2=iks0O%<1wjZ5%l!~?RLl{n@YPa2`B6e^rRq7nB~B{cQuli zI_T!R1AQHx6SU4i^S%;a8Wvnf@}6KWgf^vUZhv^Gdx7qz1Ov{T2TAK3A;%d)&JrYG z=6;eeTgb^eBz&EjL(XDs4P3|^3dD1=4%R^90CLY0)xdlp1rAnpQv4e?yJ%LWY%J_T z>t?Z51D!a1rJaE^S|hqogJ&bNVrL_b7GUn|03*gQ!k3qlbb=S+{D$WxN#&%Sl_c>1 zSsR&?Bo&cvMv};3LgpihCC1K1_$&26W-cO-eqRDZmlr=$7r^nkDa~d=C9q46a z2+Su^Uk2c=2lTO&x2B0{tk3jQ6J>DX%jep_AvNqgQx%xji>6`*(l_ExQ*iY7gZv}qzS^iHHu_KZ>ke?{ORwdSxZO^c z(`R&bfLS7^qG_XUdAXlXy>dM%r?02KQ?`%XY&m?a&sP)g{5G$0wUx{XZYhN?Lnsm# zb8w#~zA`Ngqk%k-O-`(;e@#`{YToyEA@tIL~_}nsq?$m=0Cw%wCD^U*OdP z8lj1|cP5LPzOB?nuTOi~m2IF+dwzP}(iNkFD=XujxOUzPw#Rw?KRGx|c3tNj|7+t2bUQ5o@E!iflLU?!dzMS{@eZ0EQ%{>WOkIp_6Ngjg^Q5yB&FYvt zG0n60a-~9-Ajrcgv)FeL&*eiDJTEPAuU@)FPVZAeTswQx9OYUQ>gBn@Y^g8%-`7Ns z;=5X!evDjFp1jk&RL{tffRAs7Z}d+HevJ$uTfp_si`Z?&K97?5MnflbQ=Z0J4J<>j&d8pRfTrFJt1oJsm5#fnH1q}b%@=0B<)R&1Sp<x5m52rJeu*#ASDe}g0CRv~ z%`kb9t#E+GVH362 zV-^}+^F*#vHnGIvVVSRS+z_)zL3ezSC#JP!x;Hd*1S_ySL2R<0|Kn}J2G4%jq#ies zkP|$a<&hnHeHbtzgUb~ZxkQqyywD!Y^in6y{kz2j+IMV_R9M23yM``oh-BW2)bo>fUVu&Bi(eUx{ z1q(`DyP8YU{c+gmsD$zwvl{;M2&><47kqCbTn{-GI}@k-Tp>HInleDfXf$jJof1Sy>{jN3boVXG<)}QFU^D zC*NEn$7wyLF^QhAuoPIj;fI;Geb~NiA-1q_;RuvUwj+(ChLdO9c*pX&!~iT%0`HMr52l+gDrJM|q^? z3r_B$WZLoKv~kI$?W7bMGZc|_y?^kA23pUJ%%fUEX;l2qipd5gLvn4taE+ATNu!Xt zg&zWgHIku6r|YR~nI4Z+2ZqME0nN3koR{aK2Qr|kHh)mEP}W=uAqhgovz^KNDW#!W zZ*_!khvR|U=7qf$^55u@lv1UCXs}8f1Ypp#T_JC%{C|;3iqEb2YC&yKrvl{3B!AAE zG*9#X9VX4x@4eYel)KI}3UIz%(?L$Hq{=7P!S@L1I!}J0#VSl0xBOa&j6k z0oj#6yDAV^i}l?TlAK9qw>|>ff&slHGig|F!oHYEZ^0a&wCm4w7_OCb#0n*o%O)9O zrgycLj-ckJ`z%JQQAw0?Hp8sJ;b%$ePg>HITrpnIOOdx0wv#%kMp^Bo9=lY=mdvDK zI}!G4+)lhwC#b;<^KhbKsKF%#Az8s$okJ>?X&OESqedIw6|trb07{-1BftVu7($&? zs;ov(mt7hIsKcbu#`oB->4rC@PE4aK^Ars(_E9G%ETg+m#WGF9r(o1*rC9F=T&UmDP@@97UQmcJOoHJVv@ArBs5vh+w%Z(={r4kM}=PH_ahB!CE zTPCe@EIM-uvg>9~VDn-z6*pb_N=#~G!rgDhQuh(MBH}-+msu`fz6d`mZC@}q4#Mqh zWprl&&fU7iTcuneN-m+i&zZD(=`F<9&xFWWc)Yp?`n>E1(o|sHntckbU3y{$N6S4t zGS*Ezp&KZst}L&X)RX>j>Io+plm@B;m4RU<>0=7XOp!*f-x@hLIeBd0JzmK8B{QIo zK>N+bqHCF)?8V}!3)7;`5@T4ocgZa;PS_J8C4-qNE8U#Iw6Z+XQ+LrWcj4@YSSO$- zTFNFp@vbxdR4kb=gf4+JPXO>pG0;bklXEwiR}#UaAX%+_V%a7P`zT(r7|vn zrDmJPbEIU}s0;BIv!)lr0;NxkT?7m983+aJ9DsURHvW7QObznAb(`s_TY9fvpF;9I zO`Dxba$*)cJBTZ2`#<tEQ-+~;#K-*9A8FYMmk6%9b44iDdosE;X*Y3N4KE4V1x{9NehJbfc1Y$5MWzWE1lig`=0h~0rCi^p@zmXF$n5af6qZoig*Z$5 z*4ckf)4r}uXqBAptCa;#&1_#~Pj?8J43Wm$w?Uq=W28LNw6XgjLp!^V;sdS}ZSB}d z+0aV)+S~D?P6OPU*yg?>n%M45;cM=NaHq?XMlB)E(B^fv@ZmgIygzYeLhIyfYuz88 zpmw(Go7l#U@)R4%(#GzC4DIYbYP@eZvAvyG6Wg~{zfEj+pXiQnd^eGCKj0GW9oZC} zLMA;2rj#g~{zYqE!t@R)m{ogsNFg6DbFhI!TV-M&fXt_*bsJ2qc5WW-o%!ye03 z7+Be%DWE&d<)~K^$4-+ud@E%+41`z5c%9bW{c7fJO+D@JE)C~>&Zh3C(pi{N&rsZ! zD%nJxjQgh6bB12lE;`lg47_CuoNYJU|NI^$&y>a4sPj_+%S^is?B*;XrevP9zuHr! zx7qt?UfsQVu-41lv2+ho{uktQUx8LR>F8;>i?(d(f8H&fZZU=Lw$8nVts66PaK>)@ z!xn9E-qK3{BDu@PRgnDksMfGpgxl-+YTW?9&YA8Sj!Ai-Jvq6|n+X<_I%u=5dm()h zUM>p0lh=eQyW9+@@4$e}`sqxLY^{#2EDx{MU0+J8@>-m_5^b*zid3?GpI-xZ$G~X- zuHmZx#^PKS$vkG>M#oyB_I$l7VVfW$ZHk-QuxPno63kE&D@WF5`%u4>-EY$;NwAzd z!P7>nqt%*TnFB}rh-Gl~U$eoyn^RMmk!mq z6@-duqB$h+&MA1KI`H;v%w9{}rc?6RXODKK8Hzk&&nV;8w3DY=AaPXX>x3+{`LmdI ze>^d0znc!dm-sz3v*VDn6_U4&jXL?;$8nm7Hgep3qpx2%$yVqs zG&k07bg?>>A9IWGvE->G&fhNHCdfpzNyPR_hW3yaZ9pA7w`(YAq7#iH`JkK;5E zZREJ;?KirZ*igq&Ch1zpP&eS#w7l51@f#|5RV>>zs@V+UjMz|~Y6Hvt1y0D~hr*T) z>p7>P5e>2IdS{*;C*4q>Rh4d+DMq18{UrK~_2GpPn9lkhp>x-6@gi_W#*+K*olE1T zW?IFf)hs%8LZ`IgvZTNpYJue^6U&)Korn&mmZoz;T40h@*?iTdiqgJb@MRN(3YP5RZwhS*{d9G=WO2rbM0Z>3v2jhN%*>fY!JSkf=`@tC~L-Cx{Y+Mrh@yY zbg9Ej*DGU;F{d`|hA|{{kztx0>858(@K(R(A4C{wgOwn$HF(Sy?05#-c(4-~9)tcQ z-2mrj5^!t@CzUeK>11w9Q}EDXtv1S5g2P%PBjwel!RktSyk&4jt=HV(Oi5IB0zI_s z)M}+hmlb4|!Srff5a8|5PHMw0FHqI#s(;?hjxI2xv5-dJX(SYDJ9>8=b=8g zOQuSFnXVG%EtN!l=QLZ*8;dwuMpcW^YtFK?pYtv5=8SVd$1?XF%aSw9*C(hKwz(5I zlXrZ4w7Ko2O(snzqG4gtf&O)Hs7Cp3l0igABWq*B{nb)`-)Vd|IyvQ9TY*ryjKp5K z)WEk%H1MVe^Lo{++g_G-=!bsqMP11KB>vThm=M8-xtPue zd&~Jg$VI_E*gK}?hh)#y2Tko5tkI@vsj{kE8Xg;|md5)=YGY-7>d8s$*&jp4ET*k4 zB3@Nq);C_@)2x+#GM7?q^>CFgOkY048?Z~e*TlKiusD2m_Gn+UMDgv?tv}gzu?Vz_ z#r*AJVb?Ae^0$kHUAs8Qwu^;KyO1tbJlhCliZlC$=n;hSXtlkAvN^rQvr^CKP^p)e zAp5H=rNb93nKOG)Y03Qg-4t^yojqq!(L`YWPv=QsC9PksRaf=ZTD(6q&EMsF zY5C8q-k-MtejVUtz+V9T=Ya1H_@4p474Vk;|32WGt>gW`^85?%-2i_U@V5Z|Jm7}{ z{zJe=WALj1|0mFY8}NSszRkLxoc!1J=6{UrZg7_WC7_=L_{)Hw4ETQl9{~In!0$6S z|Hb9*M*rhKzXAIH0{shsqdebwo%bEfxh>G&3V0Xb4;Wm_-N*a99_RD!_LJ{vQLpAMh^&{&&D{1H2FLhXJ1q_&*G; z^0yoLTZo4LD1NW^pDk|);Ex!5OM^4JSAqW?fWHIqBH%3>xc++_;Aa5++W}t(=r09) zUBIsg{B?joWpJ(6(?))_ZT`dZV|z`eZ~2eXKkNNx%S?j@>5l>&+qWmcXA{#uhhpe2 z4$!~R(0@FJ{@VfiEe!p=K#%o$5^$7r-3`48YJImid^R;W*B9w`576&u==Y1EKM?R8 zN$2XfyJPSZ0DnKwR{&p+>Y{vB0giIM2kE=KLvV} z{|Uf%2R-btvA-P;Gji@}@L)S05}==J=sSQO>$MDUtk>y)W4+D;{8o_jV}N6vb_3uT zr+puAjMMH19OJYn4X*8__V5hQqdqs>B)Z*~7+m?xH~Kjq=#kHIz%f3&2=Lc~JzoJh z(tiVR^sDy(j(mOv_(s70Pk_Gx@YiqZ>bo)E2N+!IyTH_UCeUMjj{+R~%as8>+Fz~( zdbF!M07tvJA8@p*#{tK<`enc|uHO2M{(hn3=57WL_KT^2?+SK%Tnv5=;12`+MFv-W z9%uCVkpO;@!LJ5BsOMV(^c6$@gBbds2k3hZ{iA?y0`2|;@YxjbzXLtb3u=bXi!t=u zZ076=+iMEoIPaJR_#vRTg@7ZUQVc#CgI^GXUlxOZ9&nWBXMk@4a{dMIO#xqjbEk(l z0$v21V`+_x&NH~$$(2UWAB@32zJ=qDd~P2PjlrkJ z;LBq055(YK*vgfQ^T%(-;I{*Q6zKDQz_$nd@fiGXfOiA^e*wpN-)37oIT3G-!4HkW z7XaP^<(>dI&IkKr@b|^wm&f2&13m`j-VXSVfZrd3KO2L;ZX2f`1$-ZnXVYz6yCA+j;CBH19KaU>-eGX|Gh0!)Cd_ErVLQkFmq33k;JEHF4ESuI zzZ7t!za8*xp}r3Sz8&Cy27G(KcjUp0{_wbu^lt_n`5z4Uj=*Or;OHk$0lWk1H469+ zz~^ef&j9*c0Z0A(0dS<>atEoF)N5zpzZc-U0Dd6gy8?bH;7ET4;K=`Sz)=qm1AYz{yQy|&-c$&d8&0N)+tJQnah0PhEU65y8uj`Y_7j{I){d@}HP7;voblYs99^e+Iu zC*TL{|F;7^1?qbd;5h%f2k--c{t>|U2YlOIot*Qa zUh@E-3wS5shXLLTIM!gSt)w*#N=1O7+g^Gm?52K*(! zrvaZ0c6W9%9q{b{NB;W&j`ULjNBw*h@LNHi&jXI@Enf#5>G$5FMgDL*V!vAo__u+7 z58yWez8Y{`&v_5vsQ(|t;OkFv^5A@bd%$tNzXEWy^UDCo{&+RuXot50j`e*IaIEh$ zfMb1I-sI%R`tAid%6SOjD9>WRk&`*fTJD$8E~Y3 z4sfJjZ%?Nmq~8p1q<;wTSzvEZ#o*5YejxO__4ab*9t8MSfFu1Rz>$6`;0FVrIe@=) zeK+4<9D|o*@R1n&9e|^LJ`Fh9$>Eb-eGxwy@Eg{5at;8F^zR1zt3ZFT!Pli?=4{~j zTn_Yy0e%hO$p0?D=K}pt49@&H1b%iMuRgyH;P-lP%bxpJUav4 z3HUyM^B%gcTebs^@)u+9PQX#l_X0i#?C?u~qx{bTj^o{?`?-2?4ui_M1K>Em>h%}EQT{XbcX~klKERKKc3kHGNB>*k zzX{+d&m6%22K0*oKMwex4ERZa4+6dn@OJ^;3;4wbSO2g38Xp6E6QI8m_-qRJH9*hf z$id8z{(L=#{%*kgfY1GaWB%3S0sd9P|8GElD)4y`aNHl+aEd1vk4GKz^63X0$K^9)@M{3a@$MTj z_zwWbaj?71)eGa30l>F-z4OCkfImw{t^Rq*RL2MD-x-5n2KXm||1B~2QSH(EhXF@E z=K=l-@c%gANPlY#{tDpOe>a)tkAj^#cEIP(81;K={q zfFu9c9pvRz>$9A zgQNBEmKgkq7<_3AUIHBTb}`^s-%9~U`M&@-%6}u^$mctNBcC4uj`R-!j&|}m;K=7$ zz)_wJ-|F;<_D}#E?d`2G_~ID+_!ztjIO_R(fMb299OC3eJDeATuZqDh1RVK)0C3dX z=K;rZzX3S%xeah^msy8K%ijSw@;M4{lxGFtD9=j3k)z;VCtEWmLbK|O2$d}aeZu7~dlIIc^hoVf0d{T}q&L$S@q3v65U2mv z7(PY7G2h@Qz)}BbSBPVKVY{H;J_+h&mLEj^lL4Ot<(2@)eu3?{yP@ZHEEB!9qnXwS z|7E~uKJcFjxY?Ez`YPa9ZXe*-F4$h}z#r-3+9i&@1NdOO;5d%@?*)47cV_~A8pwYE z;K=7=G5A%0WBYy$aOCq{z>yy9VG!g&dl&*7?O_=3eSkmOgIUfO|35C!*c20Qp}F?fw~%2iyHBz_GnP3;6b? zzq8-I8u0xA$8p&#lgRjv`N>^Ce+}?C1@LPD$9VorfaAD^dAum+*MJ`J8)NWq0-mN` znCFT0`Zn;vdfg28?oeOMD?>Sv57OTbe2^aHX#@Vak6etwalUXD@W=j$?Th-sd=ixB zUf`34K90}-5{~niM?gP_KMFXu`(uD3{jX#2-^Sp-iNPO_!EwC{+xHJZkN)-vz){Yp z07tv}JK#9JU_5WOE5)B6{UWgEr-2Xhe+F>mk2uQt9MB{FZ@`iN5r89q#F73@u#b=Q zh$H=eG4zNd{aa(`5l8hoaFl--aBRna(crJ^_P7pwdJH|^m8A5jhtU{(4DiVy|0=+7ez6*G9DmOMyaIg2 z0Urb$=gTPP+kt*}phrF!pPU8sIInpp;23vdz2*V`vwKfd2sS^8kMkaIDuK0mpJ*0Q`L5gZfAL5&u7+-yQh87jV?`#eidc zI|ckU^8X;v7l8kV0LT55_W_Q6D`vl;qx61&Z3w$mId=lWF1RVFdJ_Yy^pvQHv zQ)2Mb0LT80Wg~&B9yxd_-p|5 zC=a$f+B5be?Wg2YTM)-~$NK>mK)Kt3JZ}RW=~n=L4bY=J*8+~?3*s0LTnF?R4Fk&$|Fe`$s+Fx>*J6=Qz;w-N2^@@V5f}SPXtP;Mjk$y?y}vvAuo>_+h~3 zM}T8{-3vJC|Hpu1dm(?M{~6F@d;J`6Y_FdHj`8`%pr4~a{s({_$NdKZZv}eX?>ICD zKLPOjfe-rOhXBX81?^!W@Tr0P#{>Qg;Dhb>FyPpZzXJR);PVLJ*p80^j_vYmz_A^X zKhpmW=&>Ci2OQh+H-KYYgyTE%!TAgJqZik6^QIA~?-Rfu$F*_5F9v$-FWBF4zXQiR z#Ie64j^o`0P%e&lh_3*7{tfj)d7cD5=zsnIILd?ehI%_6><#_TAAwH~$b;)+=zkDD z8|YD=Xtz%Rf3({_1AZ9r`3vA^w|@m3?eOn_qunBZr2hxdqrLqTaJ1W}0Z-$9upQC= zJPUl#|KL6g`X9tk0R8+6_@MuJ4)8So=c8Z`=zpFEKG=>g0FLeWBH-ALF9DA2_%h(w zF0TNN?TGx5zGXw_2e2L20UX=$zrY{+7vB-B>o8a@;<)~U>+MKC1^7>a_F514&jtK- zfOi9a0PtB3`2K*S{ObcBlm~I7-ynt_ag3j_zK4T6h-10`0=r71hYdj<)B~QgLp|Vm zI;_|0fe*@qIMTlWa$+2q2HzF*uo0AteBJ;!uW9ffa`7!Ve(5}#mphndod1RX%=G>e z`i+4P&g(Y;9OpIYHx2?mBVa$Bfb(7GYX8{oC}%s+zY*vU2YfTY(VuJ%IJV;}pnn|4 z5kCv~<2ZW>;GczhT?;tY>lVN_1p1!r>xK3jp_FrGyF+!N>*0sUTpV|(olIK~hA0Dc(o*%xq(AKnZ&>W$xM zP(OzK;(!=@3g9>&IUf82uCKNN{d|zK0Qk{>w*g)T9QTVcPZjZVW9ToA!9NZ-`k%c4 zZwGl$Kd67Cp8@n3U(Ey@532fFqwX0Y^R`0(=S7>(hXD0{$hy@%-9NfMb2{jKO~vgFhC7 zzXUjzyTLl%58N-X+%049U1RV!$Kd)72J?^e16`mW?2l+~dxQK(13mhIV*sBA^!)aX z_TN1KKNfJD|Ds*t_=4jO+WB$7=Op0&Ho&oe@tZp;5B9GU0Y41*oCG+QdotjA1N|w0 zqdt*8((_wCDi7+j2XNG98F1{s_rmy&xJ>b6E5x^h!#ZCYm_r+ENj`86IfDb^qp8))P828bCVqO8pOM}1%<891m zK>cHV(LPbmJwcvf;E(N#c?Gy0g?w;4dXAid+S@L`e+2j=ADqV>1oXI0i}Od^hdmMK zaXy899_7S+QruTPANU~sWr&0P*8x5b?f6Z=(I3XOFSgeh@JG8H2ORmV1RU*w-|$lX zPX>8b1CH^}8GvIydOP6Q@7@9U$-w_W&_fOIvw$AweR2E9X9N8-;ByY(|Bt%6jd{BOS>>HE~?$MZiQ zk9@yAIkj^%)t|@D&*VH0j3wuB!p@(Y<0zg#H^-AFqW18-!PlF=P<(!h=jSe}kWZxe z2IOO?zuJ)V^GAHV0xf2Qr;BIkJS-(P9F?32m4 zf2aEJY2=(|h7X@f9?`YaGmS+3-hR7&Oib-BN9Spre>UYwM)AJBpF5Z0dHnG64?KS6 zQ9RdSp$}g~&h1>{!k%KjFIZ{e7<6Hj3x- zlbz(ee)|VGpBL>SFX-y*IgUIzfAjpG?|=CI^=^u@1gBpBj@V~9uNB{o_#+#kCTHw{17>h6aJnlA9sA8;zy3VBb5I~#?LW| z=kde$*?IgNr+BWzDIb2Coa=Meho2+o`tbKIf8;p2KzV+o4wopN>)=Pub+}B<`*o9? z^YHm6ub=S!jw&<``8<}d`#3%e#q;^0ows|=uXy}7q;sDD^H}zO^*r`Rw)@D(cG-Emk15{Q`SXu#m)Es;f7$=l?ecN@ zl-lV}{rHSL7x_!_V&w72IsY4SUblQp&inO(oa^(q4}VY2+x_UnKaumi%J&obbLTIL z=i|cHdCM1y|B?Cj8^!bf1_}Mo^BHzO^7vH$5acPygOl?-xhCX4^ZQeLD2nI%BcaK8 zo(V(F^GsNB?w4@n{JD^w>cI0uc#7wGMkMF`V(0maoj(`Y8&e%3QGQ-uDnfNjLGkRo zzn0LAloaATLbuoWBS;UpEyc&q;asdl}rnyj`Ae`93et55*`y&ojlz`SYbDIoItO^&=ne z9M9{$B`A-@+jYkY&;R-UCnf$0Tz@D<@qAw_H+|kUr})wo-;aDU#ZM;ZcCI7m`#uNB zd0qDcc^TU7Q}QXa-5^2mA3Won^F$)&JOSjKrzH7U%FpAU?;r6zUzXa*{mb8{OF``~ zNAWywlqcu>707KIdb+hDc_AP9E0R~D_%`H~$$9?a>q;9}o;p{h_(YWFUp-!`Q6AoI z&=CKe$M|!E?_covXXkl5N;_Yir1TTwiFYah;exDM=Ghtt%~AE`rI+Ai-`J96Hy%aotn z-+|)UJNj_W!~4a~`^D??KeAt)X}f&9^LiccZx@Q^{pIg-@qTrqc=ql-ob&Mhvh)7F zqB{S`{`REp@_zLq=l$aEH*x#>P&|8IAI^Drzu0-dczyUs_N%{-?G7O4A3@IXGsro9Jvql8B&E@a&i%scfj=^z%YKF{a-O*4JO&nD-3&Lih`&L`*bvw)n( zPYEC6XCcLN-4^-q#pK-1CFCWjzm}47zjHkIJHLOD`~7#y!~MRDoZHX)%l*#I_2l)g zAL;iMv|X&g)UzDSv#5pGcomyw1bVxs{=KzOP+_oa3AOa9(d2LED|=BYqJ%w{x=(=i`Xy z&lD8T&hfk+!ts3lZqKiJ&L4PPi^szbsxx0l?uYZ3EsFnl+Ig4q za6A9>;rGb7oqWB_?YvL%|4us}Ql1}~A0AOW&kyYX&gcFU%Kszxah_6qUOFDxx&F^7 zp8bUnf9b;_<+rk6Z`7Kg;XzoQJOq-q3zo zyyx@Fb1&n6x*znG;`x3Mzi*$kOPH7CGlhN6vYwlE0+SM;>o{z0Cdop4yX>+F6js70(ZR{mbLw1LgTw=Le4G z`&o_9x>;)-*P>Sd62KV8?$oc*q zk3+t{7J}lr{T$E71;_t8^JHk+?vKoqVJM#G2X-Ex;V7Oxybq7y!+#>@d5qT+c-;D$ z$G*|HvU$mKUBG#G9*aoZwfO(Pc`OpebAR#gQRvMqY-g1IG z4&}d2&d-m%A&)}a4Ndb8=i%?2ah|jk&v~kl$E5b~c;NM)l+>Ot6wmWmaUb&-ujlZ1 zh)Vm#^U}Y19v*}8aQkEW@L1$L|M2<@w=*`y|Eulfc_S|6;daI&=Xr_W&(GIc2`Jvi zzvp;KNN)3_9T)$~_fX_|LyOg_|tZ;(RTScb6(H!^}Jsq%ER?ZOwONQNyx2k zo_g~0JiHFzs~>~W`5vDK^7=yx+Am(O$U#1hjw8;)>mi(n*DH9xc)sQFmX!9F>ywO} z^ZZDCqEq{MJ#Zj7|Gr~BF8F+do$H*O^2DP0@bSX)2Jdfj+AsDLK0GD4KW#S^Ip;~^ z!_$&;J9%A#&o|OhJm=3q&h5!a&heRjcouSQ&uOYBw3{6wmpKl5=~Ck#l?rA6}B2+r#SyT%S@D z&-u%c$MM4-&-_-FJTZAWa?Vqp+@InrkaK(`A70sqS0U%m<*MX-U9gzu+aFn1=XgHf zW9RcdU+d}|zliFX* zg#4%T^D6AcC=Y*b)*xR`d3e6^HLiFb=KWnv`^Emd4`1fPmy`3jT0#ErjH{KDhsV__ za&CV)I?O}h{mb_w_;Y6;#q)DJ?7VKn z&d+1)r#yVW;2^oLbqpT2hbX=zwV$2$_Xx%R$o?Lsc-~)j-d}d!-(!@A$LA^XqSXG= z$+2be3tvwz;NuI;~ zpvO;<7a%`PUV{7#xs4M~p0ngNDE=II1M>6aEyypBcObt=-h=!&`2g}N-}~MEj3BQ{ zKA!v_<(W!;n0zjICCameyfXP}@^a*x$q!Nf(B#*AjFY4m^gT8f#U~^8C*Mx_Q;+W{JM{E;(3pa{fR~KU&;N+S5f{H-k@I-C?PEN6-iK^|cswj8_jduF@z9L&|DPNW&1t(8 zs6D>UKmSwX;lF+U>1#Z+p#7ao`y1WIcxXlOJRaJT^LV)9V?21?A8vnmJj@~YcLAR9 zP=)gIcqm1lf#Q8#k5r}j0u=xM+Whc;Ydln=`pl*J)FNL(UYnf9Lml$X6kn5^$H`q9 zC;k-wC;7kA@Bi)V(Esi80M~i0kNR`Jb3FGuJNG*~_xnBS-yiAs|1H;*|69%vxnKTM z{qBZO;Ckcz@BJIe0r&d@>UWNR=p+6S#alkl=K_zPAIbChKa}Ume<;t>|4^Q1|Din3 z|3i6R{D<eBXT}$b-KE+v92H-JIA!VewJ};HAXN&Ij0iF3Uf#GUDq>{KXA`7UCC{ zpq*XCk2Qi15Wms@J3U%FhTEWhf5+N$ZWaO;NPL4c$iGZ{@l)jAE}k|Q;!ldN%!>G{ z;wO_K{-Jod)Tqy2;@@f^K05yMKl)|jDFmhwZ|PpJltcWfyHRZKx3oIEU4wSo_Z-bD z$HI0SNuC*x0PV$ZOhBGK;`i$SMvAvM2$(GXOC-;eH-3H##NWZmM>&A_ zBjRIvz%Po=iiG|BQ#^$Wd?o(%1nU1)JkbkyIHdbWe}&10?Ygr5!+YmPpc@wd@RXSl zpGoqpm1zJ{qSbux!n!b&f*QLVMhmu2X*!TS$y7YEk2R>i2aDqDQ@uv#E*wVeQJnX ze0}kEHITo%c$reDgXi7Xo6EBv1@Rl%khi*ck4DJj`CTNQKepX_ zCov8?i+3D=c+WeZIew*^NIbtohds=E#Cx9QU{7`g`DclT3ySuy7oQLl@!P~_JwpB` z;#=K`hUa&S@OG^|!QF|S?eB_=$RAETqMNT0i(7kAif8JH{;erqZ!6sM9XD=|ok#T$ z-+m2oo_A?-eC?$8x944m?32%-4xV=mvQHTV_q?@+eH;K>gh&-pn zEzbpUe|NI%d3Oirx8v?_^%97S;?BvfUq-p{99uluG_*57e50GM(u)_Wh4>ue+3I4y zJl`qfb~bb4u(WtO_aaQscZE1UtNQ?~Cm!+&;#!OEa}P9mo~7qJm*=3Jo@d?J_q!92 z;o@)HeCv6(oa5tdz<8b^UdYXF%f$cehM!+2zH}Puv)zY#o(1LYHg%sjo@cSxizh~V zJlA6E)kb4~--=uOC-LM-(Vl3Y0rLHijT4KHEB>Yh;xdSrbLY2t#jQQ1#Vx*)_;7#Z zZ!P|9KfIH8mWc4t;zeU)zov>?dlrdX{0enKejtSd`<(j zd%XC3E!EWYC-;%AB<`3j#ep8pWqxkUVCMEFYa%&pM=_2Ps2BL7zL+U|uAyTlv2 z@qAGHVjSc@A-->Rus9nhOPCRa3xcy=p8xP0BqMl*HV>{-%-F12t@m@KQ zC${(p_eHTZ;t$H8p83VI9>?}7i7(HH{Po4}xeKOt;-2q9c>Z)2|NRT{^bnupE=>E2 zFIj~=!^PX(fd4AK>?-ol65kLX^*km%?=<4iiU0Kw`GZBk-&X&#c0DUT@-pg~OT5r6 z97jdOpT|eua^hCc8sd4bqn*vfPxXYi6EFE0`Fo46IR_sizR~$Caclo#acln?acloJ z@pcW-&cosZ+`N5Sd~zJr?Qik=?(;6FTR^maN$lzzNqo@>Y&Vv8#9vW|GU9{WxKD=fxu@g1-?zJRajPoco-#`gB`` z{87a#4?=tf@nc2M{v6_+rou~$-*D$emBn+6MSKVGLaE_B#CHvX|0>@15PX*S`f=E= zt>RYaJ>tpkBmSm%v}DNtKs?4U_($lO9I|8U1qC-JnD}3l5dVw#nv(EE;sIab zE5t80#CY2!Zt(}jXiCg}o;;)t={~7V$R-&C(#VyZEaogW_;_2M=`zLYB;~&ktf6F{Tol}T! z=nc;xUgQ&gKCgJbcJT7zdkey=iHF*SIQ@v<(tu-%;LYVK;24-cXQY2 z6~(7~adj4-))DzTh*!;r_z~jUTswaiPmmY;GgExXNgOZh#Rud-{%zuIx+2e6@zyaA ze?>f*yN~l)JaI$h`5@l?Pwa2x7~b_?pAqehCBFPP;xdTa=X-YXzF{yv%ZnFqH(INS zcOQrCwiA!i4Bl1zS!T57XYuHZ;nT%e_Cwv~iRX!r{QJZQyYX{NysW#fd>}rdCGvk0 zKj_YXLb)5yHqNUjK>ZVnzb}aPrx73W2JOruzG@Y`jQB)%epN+$Kuc`5t@ylQXn$An zND<&;#cf@EvUu1>9;rGQy?}vwug*sV1?YuOSc$D&pPb+Tm zS;dpN_1ik)7T-ktQ~>h-DsJ(!#Ah8wySIv4{2uYlrI7!TxW&H`-|W^g;=3<`T74ST zM878!e^v@!NZjH}iAUd!_BR)|`1az7_hWpH5pVk%K1saNP2^uAZt+{h`?}-pg1E)s z5dUok_V<&xU3UbF<2|lUEpc@dxA?T;)4Jg2%Zpolb@3~!5Z_PS;)jXf%7FGP5kKv& zYgUWrY=it~#4Y}cc>e{+|5@DPgS+|L#?`$1=*QIJ7N1$Xcv5^WR28qE7Tc{Wz9t>o z-(TF~hl{7$isNOexW%s#&)5g~FNs_HE%EUW(axap@N-s&!sSqhu;ORuBQA}&#b*&u zwGw%%iCcU<@s!1}zeB|>{%7&m$%JrM;5O>2k|MzGgXIY7tc@*UQ~S7K;*A3p4VN!HxRE=8u9JLGaQ5u z6z}04II8DfOkn-KbuQxDh);3%6MKr=_3}XR)b4tDnt0gy$iGb7uD>>mTmD_*(Y7Pc zb@5-;!yk*=b^2@Z(i0FL&L4kU9qha}s(9jl7(W5xdEIq!I&r`1$Xig{uBXb0+xcW| z@#c@Q-B#iaZ~F!Q=`J4HJ(oB{e9INgSCf7CEb-~b5x-U3^6VC`(gfrAhIlV`zwD`a z2e&TzQhez{Y&S$Azra7%FE$Pni4S(axFC~whakw4PyFF@cxiDPhjqoLxX;a&;#J*) zryazHRSFW=?jhm}|ALPeZ@d?(7;5^#b@+_ z_Y;3#5ZfIsZh3wY&*`4WSSns`4BE3=ylax6fg3m^{^$(0dr~}`I}dyyzT4dgd@eqr z1?m|h3G!LLjE;cwwD98H-MU9w@jgZI^I62RP7D_KABu~Y3mY`h%ZWF3^IkLYV{YDS zC*Cw1+CN%+SYP-=@u!i31#Wk>xP6Z75uZ^M?K~l#eFgGd5KopA+kGZ(@qdYr&VoGQ zlcIiB|E^Q9-Du)*-SvA`@rQ|!C$D(@YRFSxynG$RHy8i=2z-Qi-!8~AUVLp5w0pVu zIJa)UUi_rHPjp;-$719;FFs@`+VfmIz^%i-6TjoGmm|9SFjmjKEs;N_c>BrNuMFai zpJBUs#Vt=!@iw~=Ur*fDKU<4ip3dTpCnL`oaf_cMKBYRw+X`_zpWGl`X#?^f7cW%8 z)n9zrdDQ2b_}^6!|Cji$>4FFThj;<_?^gdYZILIb_}rU_D=2QCYbC`S^hBPz;uhaj zJl{6dr?0rh4;4?d6Y;afEq;-B<@RX*VR4H;E#A}J$9yYp@t?&jxce+glY7_G;?szi z?~3-97q|H8;_n(GZwGOU?;#$>t%pn&xA@uOQ{DOTc5#c}Cw|*K?{r6e+Ea|%$KnS{ z!h@you8-ZP2q*q=DB@FyTYLubpYx)gWyLMNs(8VHi0>qB@x8=nMMnG-af_cLUd^qG zZWk|e4g0lEJlt*6<(jzNXZch7tIP9Q+~R|$^saLfx2~8}ym3#&6&COK7mnXr;)#Nw z{msSgeoA}s;;RuqT-@%vLOa)s+kKhs;)Um+zs`wU{5A2tQxX4G-0n|( z7GLG=BS%Z+U1z&L6;FJjyU(6Q-0lLcFX-DjL6 zZug01ig$9~$5}6K*UQ_*e{o-6Iwzjgowr;QA9V-gWGgk z-nKD3iTDxsJXLn_IrGr(`Nbo;?+a8HpXKfc)fb<(9^369Zt(-etGV$sNqk*+d@j!v zzwOq;SBu+yx6R_SaQOP261V$q*TwC=+dc8MOHrSoX}rgI%2wFlh~kzfrg+Vhh|et^ zp)9^~kAf!@xA^4Z`P}pKMZ_(>jClG**j`I5YC| zCvNfE#4p4|{2g(Ne=OcVCXS2n?mmOf0~Q}me2#nWJ)^kA=MG8MK)8Z40 zuRD(XMZ_(>jClSks836Ai|;6&@fPAIid*~)@g)%uzgfI^Lezhkc&^_O|3KX0Ux+Vq zUp$SR!Mi>dA6xuz8RX9`Zt;c1Bmazgwimbf?&2%sB7U~G#V-3Zp9>&=>P-0CjysFbEIzIi>Reyk;+u;% zao_tGD{k?V#fNV}{ypLre?!eK?!N6Jaf@FmUhsEp_kehtQ5YvD z#8Z4k`|pd}b0g2i2QNpS=-KddR!@tMFMiK`4>!NK#TOUGxFJ;@^tj3WXntk=?sK7N0=8vpa7oAa2i%ln{UGo%*P7}BIdE!Uh^NM@LE&ix@#=#g5&&2Jyk-x-uzDHeR=J2kM#U~X1&dEEC&tBdyygLZTkxAycEFI@rgqr@%G0`cBQv0uN72m2MiN!<49ym-<%sKagX zJ};5yk$9#`h>w`pyUxW6i==Y`K_T0`!aeMA=ulUV8sM`^7yUu?gZuf=Xid&vf;t}0^^;16Y zezA4<=;B>NqF>UA+kKoY;sf0G)GCVyb>pXpc$s%-M_=(j&SJZR#E*PHeP)ZFbL*B% z#HYIZVw-*VPVp)3zV;dMPHz3}lK8z6X#Y!b+wObub$QYLDEYnXZ};iqh$lFJxGv%s z3SzwV6}Ry}Ox(u*c=5*WI%Ssll~dU6Z{lfop#3Yw3+IM!75~&6?K~(x-MzrvzF8;29bH&jIZmx*`H?D}2&+iUoK z@nlWWp3~y9-Sc?Y#bX9To=4)tN5bEUkGts?_~)~DRCj+WR6+cA>-U7A(4L>fr>?{N zlT6&=(}-8t`y@_ZCu_XQrlkawMPy7TrZ;`Jk=KC#3vy5|fNh|k>cL6cw-J+EZFQiF;pJHF4W+UGYfn`)D1+w@yTRx{Dv#2_Gk3 zD+GM9c%>{s1M9F#JmCSvZxydU82xcbyk39ApA(O@3;ljm{K*vfJ@L7xkmr^7=M?b2 z#cKwj-@_O79w*`4^>t+NJ8!YwG~yPYQT*4sh%X~<&x=+R53@aJU_+XVTYMYwhyjQn zByRN_A%69Dv}dt+E_YtBTs(FF;&+Q%{2}r6@qz`m|F*crKNJr+1nm!6#Jm0zgQH(U ziznQO_9PSci;bVpDqb)Z@)r^>?C#f>6u%o4@zumjxp7io+`f0;L;RzA56KYmXYP5p z_2L^6VY_yp+&&l9yZ2hy^Csq}USfaGNS=c3JmZphEO-8QL%gZGU;J2n+0sjsy-lZ2jns|P9zL!}1*OiD*C0=Ga`aQRJ=ExXtrN#3sK|QO8N8bRi zBR-Gq~sNBZ$v&_jh872U&qSBor?h7kN{PZ*lJ_%_yF8s2iW+vBRRB zg~cC?!FJ1vM@=3)aKlx_ueldU*B8&W7u#(vUVR+4+fh8xeC$_G@qnvn&tUQR?s=rq z;zRo&{#Wr;mymy!_yRw~FBUJc0_|KSKEQpSdb4=L$;iJ;e3^TW_ptcw;MneI@k#D} z))ny;uG<)uD{-hFL3SrBAy|+8@I)=A2x1NPJ%}iznTznF~uKWMSLRh zm7n1$#h>(pXBOY&zIT~hJhOW~p{V$0SGTg_-A|yM4aFi7x^L#DwH}1VsO~h@UZzI0y8Tz-IxXttZ#Oo|Y{0MQI=f{g* z$bkA!7q@wSzIbrAUa?%<=K1yFsoe3kQ{3kH1LEf@qyDGFZJxg*K4c@>e@EQr`N!hH z+;cc@#ciJdEFRgd(}r;4&c?0H^AW`B%*FVOA#U@00`VS&(f;J(HqWOQ?_3}GbBNnK zUqHNODAco*xXtsG#KRrK_^Bgq^L!KW1f|fPcH%bAcN32_7V!hbZJr+?e)Kci|BJZI z^V7u(mqzL=z#ciH{C!W=v|9lg-c|Me@ ztBtn|?m61X;x^C67OBa(>QJfB*8{wK6QtGLbcdBtmPL_Zc6w|Tz2_=Gx$uPJWx zd_(avj}YHl+~)bt;vLVS{e8u4o*ycnn_{QQk&$kx8<;Fu7ahvD+h%a{QlS9RAp8r|Acu&lGQ^akapCewP7wWTA+~)Z; z;){ErzqX0nJik}`s9XO$E^hPudGR^3kpHH*&GQe$k7q*rKZ!Svf$P(VWzau1KJ7iF zF~kqLb*+@*7N0?U?OfEkgt*-gDlZ<)U4OL}xA&TM60h|q>M%;&-lH->{AD)m=PGe~ zU&==Dm3L9M^Xhfrcg5{}9WTYLJ@3WmMMV80x#Pp?Z{PP%EN=Jx(~DdF?BXfh^?ns` zdv8obajQd1@z(D8caXS!4{ntB!0o8dEOC2p%tG=(E9!<-erco}&v ziZ8y6adJ=mgIli)QO-hhd-qooci%RyxWy+HKlTavbBSAgLGkK;Bfh4%#WxVo`Wxc=i8nigb`KIi z(HQ+TMZ9ki?RSJB+~i7B43 zHTpfFc>RU&OyU-wOT1f6)UA@Z#n%$g@A7vNxA)rc^rifeo9P#RJ(4I}=7XOF% z)0c?9C~omL#b>(bD?W=`eDI3MXZ0_41O1*zJW&dGO7Sc1xzB>)sonfpUcAT>VORB?az9*Mc)gNI|gd&KSey3^vv7Gk?`D|y$a!dm1>BL3H6 z#Ag$?_3K^-ECH|mBuBonvzwBoJY^C3mWZT_h)Zh7j9*K_wP z`-t25(pYiJGg*9)ThG}dZs#FK#VyZS@qjg`!&7mKe=EK%CF&cY%Ku#F=;EgaA}+JI z<lPx7$kmLq?2;5#kmaa^SyV)EzcA2Om2P-SIxVgOx+j~)piod*%de#-U_l>j?xA%>75)Zi>+Z`uv??0I-Zh3waui>6^ z+btd|2gb=^@w4MluSeov-2I{O?)=@(SK|~#J5z|;drLBiw-}B165C^`sur&D5_yb&*Y z9`%gj?rYijj1?dG6Nuk+=ZD$Fi@E3b@{9Lyzn`eO_%Zi35MPx6?HM7S&^@QRP~75Ihz}Tr@pDA{{7d*5 z@tp4d%PnzR@BJpeKNQ*-s-AZ}%jL&@Wfiyeha%#!-1>e+aXW9XCvM;GYb|cqtv$r; z`+Y;j?R$A+#7jI!eU^&b`Ts_7%d&MzAuwVJjr0hrxQWKV%#di&a zpA@(C?W^K;J^N7n$o`;#iT)CA*$)0$e3g4XBw}N1-;N9G_ZZ?$mLpF(@r&*}Dyw+9 z&cOl`R};^+0bW-;j{E)T{lueeMf-+|H>iSsUnCylX|TW_SRr2gKH7gm{BRuPKQF!{ z9rC;rZ@U8VU&If(=j#$Q!GE`U*2|A}CKJzh8u^QfCyj)5mKE>go-^qyer^Hsj~2Ia zIA1*LQnYWCcrSN6ZWp&aSH<5QK|Ak=KZ%U}`b*s6KZ}>nh&<7nde_aye}K5@@hq&drApYJxr*U08 zS#ackEN*#%HTUk9xD8OBu;O1oAWuwj%acL;=r!ccE?#&o@)r@eJaxqzCr7_D5#Q>5 ze@#bm%QH&6mwWDOf_RkrXwPhM%VX;$Hm}}u>j~E+zI!3$xho#mt^d3exA-sOzh^?- zqPypqY`Yd8PdrLi#Agw=_}t?AvZ9@p#Vx*;c$$Ie_wM2khrs)(A4h*pP6e@zs( z_!;5}vmt(+xSh{z5pTK&^*JwY`LBzYaO*;UiDzzt{rVz)uR8L_XzkrE1;^vx3B6YQQ(Sz_J8ZX#xaDafzQC;)br2u!zL(Tj-11Bi4}ApNohCjoJleTP z-12M{AKeP$YLEDS_dM81am#a8e4={}`H6TF_x|no;+7|T8}I(ARv7<|CceA~_BWBZ z<;g1EW*+k774QB9UP|2Z)DyRPpoMtm$*5aT@n`P7{{`aH-F3|laoex`;(tv+ z-7bk+{4Mb|yAc0IeC>6N!w_zMvVJ+90(FQWUdf#&_={V73h^(&vEAI_Hg6Xe|M>y7 zTTR^J>xmbcg!cCqxA?*012W-r$L3?(U;EsdC-K$CqCGprE&qP;PgStL*TwB~=brdn z_nh`u@iGH2ZbP=m-`37lck%D2;x-QBiN7C=`s5Z*?bf{ui!VNk_E!+M{58cbe-H5p zZ;)qz_=yAXpT#ZzWO2*CL43b^et3uY3s<)z;+FrcxaEH>zSXTqeH1_F-cJ>(gLl7J z{z&4MKfQR0dHDJ4;u(`+ycH3*{AI;0e;e_m?)!RO#0%HPco-;d`A3Oc{-xsCOCrx2 z@pjYTJH;*kL2=7}U)<);m*V!h8Pcsc+i`LI0qPk|+}8IJi^q2JST=G0*Jyt}@i5~t zZi|a|cXcQ)zNk3zv=F!W4&o`?dBsR^o0letue*WvtQ5ESjpCo(^Oe^U3{S2Xd*#jsyR#7}?4&zBKzG!^^XM|_xjPt*|c0do+) zUVO5v^LFu9?z!kA;*nhaFN@o8^g{f_7;N{8xE)8~-19!xzgyksV|?)guD(gd$GYpL zJmNNP3y4QOfjZX_xBLynr$Wm%;v?Mq zVFrj>{0Q+y%h8^N;`Thr3h|Az(a!zicK_>)c+mvtuPfp;24cG(#aA7KNA8ZlZC=Wi z5Oqi*e#q@_YVmgETs_4tzO;DyhG=JFaeEG-mAKsp8Yph}r$&m;%!BsK6Swih(e(t_%4e?fK(9Xf)Bc~z%Xz|-_9cH6=`?%=eo#I_0BL5@tZ=I0;mH27*J&1Tc zy~k&q0?3n8d}=tvl^5^j*1xKY_c?+*gTz<4&%06LbKJi-h?jToquU|w?|!dDkY3*H zzvZ6ejVQj}-S-I)xBQvKZ9Xg@ZsV|o_)inCzYWE0K5QvIY603kNZiKlDDiiZ5x+>> z;#Z2_aO2^qxXp)W#fPRs`=5y0eE446=0m^U-u3St1^@OJf9AdyoL$`J!;<1Qzf~09 z))wt-DQ@u{#q$or@iJ1}=EL#gw_hQCvAE5LtHcku_uw5AxB2j-c#vzz|4`iK!Hu zc-~;x-wopSeAIUFC?BxDcg3sCK%Q6Pc3u?PJ$GrJ7s~>WC%SmshVaDVmZzY&JttE_ zJj-XcL;+AKuc*V5Hvq;>=!wPZ#Wr#l_ZqM7C7LOSn*C~(0 zE&io=`WpB=3f&LevHIKdHW9@`M@3w6af?qU{>I(sEhcWqV_EUwSI{p_#qD@+Bi_0o z#?=sUJAOxt@6CexED*QPmqX(2*V*}<7q|Nq*Tn0&@9)15xA=GBXWTmWPyM~?Z}HK^ z3q3}Er4_gMEaG|Gd2bnUi?1v`&wc-;gSg!<=q`TVUH6R=xA+O-XUm{}e-pR+EGxuq zeQ%Sv-5)t1{@Oi9aaG*fb5}h4Xw>taxW#`JAGHnbk37J;zigd9ws=hU{l_%o7N13Y zM-Jq-b$vS?ExwAxcX#K>ZNzOp=_Ee=x?kX*vEr70viRG?sLx7qyHBxE{J#5s%}H_V z$IIfjzVul9b6wQoZ*d#9U&YhZbp0~WFYu4m&EjK;XMTeC4B{4_U3}d$#FrPh_-f)I z-19>1#4Wz7_<_GLkNqNU<8YdInKwZK_j9?p#jg`j92#{wAa2LqS#j&H>*99YJr(y$ zjr<`8;cu(IwdW`C4XH5?Cla^#l;Y{HqCR=V?Y?9=al6l0O?*V~Ab|~RDQ@u{#eYue zK3~M`co`$!rwI0cj=04y7C&7c`S*!i{4w$AMG^m}xE=40#mCQa{W93QUo8Jm;%Ty? zUjoGKcuyyu&i#J9;^H=bDvI0j-dsFsc=StGaXYUYES}S?YfTZi`!aLHw?sw$CE|9U zWwrRBT8KX^Zt6?e!qC6Y{-9I-0F5) z{Om)-e-XF*L56zQfBsz5A&vOol@OOp-1e)Y`1mc@Zawic?)?%?#Wz<#{vP6W$Duv_ z#d}A_c$*?_`DcsAbH6WRlepDwyLhIrXwOUW8L{AB#jOtE-TeWZ|5yHrI{1s{I)FTB z#kZY<=MwL_6?G^iK4&B1Yl&NYBk`l|JvP0>tqz04*ObS0XNz0>BJm(q(VjixcAOp& zx95aDisu`Ox`iH&d{$4Za}4oV%`hI4irYF{ZgE@pDnA?&J@#jcxYcux_&Rrew@uvQ_lo}#8g;uRZtH9h#d{Axyx$1#I@@)91aVtui!Q#j zA$~rq_>IZvmonnE&Q?#{*3FuUFQ|$-_Y=4HVd9gEVY{=%ZJlkQcusfSw_V(>yZ4D# zbCPI^{%?&AKZCP2XTwnnemS=%@RQLVmZQ?c_ z_K0_N-{Zb1ZtG_E#h2DZe|;6V_ztAFN{vBW3*3FWN&pwU#JmMB#SiGIP{;e%; z$73V$8^59by~OQ!A1L0y-KU-=ZpZIj@epx?2kyXTar=C^EtgwFU74r@5Mj6@5_Yy8SS$E zviPXtE#10YfVf?^rV|hI4CA?=xW$(gALl+_8j4$dOYwpEkbj`K%_qafpB%t`E)ci; z%fv&v-y^wK+^)Niiq9yC@%E><_2YAKyI%VyUL!x+8GfvHzu35qD!%F->JT7q@oB~1 zO+$Q9af>e_o^U4On}}O{YwPU6?x_jd+}+dA7gaqGv0;yY_#Ki7#{KkgRqb_4A^D{kvx zSHuS;L)~7BTixD?zg>#>D8G2u-}1*0pArUf1;sBnftMGz{c0vY+^yI36wjL*?HMdS z)%{+W@#6NLwE5zD3!*(s#s75gCD<-*@q5+Xec!9|z-2Ku1kK&d;$VBftPw0ey zClI&(N+uo<2l)$%+xy(giQ9Y28;IL`*qV!Hi-PtH6L0U{n6o z#0}wP#M9-0Hxak@=Cu}&;ob{9So~NK5hoZ_8>U>%^gcsKVx(#GO>3nR|}af=@z{$e%aSBYEv zCUL)_sLw-ji+?FTatrDZVTyNsEIzt;>U7ATN8I9zh`;*@c{_+Va_dVy#PhoK?O(+$ zewKKINodbjaf{z0-hC+IZ;H2l4SyhB+YkL4+>Kv59xXn+cyA0hzm(z@pHciu7xZsA z@f+?vE!D&u{f>I}5V!dL;(r9ge%bHWvi4j25{ZwH7x5>>E&if-$U-0Ztb*1`Us5x4j&;$JtT{h!7Cdt$r6XLygFG;ZBKK-}WfitkN@_LLX5_-f)OA0xi6 zxWx|@uj-yNUo4)z2KH-}cn)`-d|KS%FNsfe^U+6fiw`o>yFO9edwx=gTYLubZBg;_ zmBfd+`-ru~cXUL3I*Hr+mIsJuD2Fy$?PX7NWuk$;EyA4T9t z#qB!lj`-J;$p2E@;zP~Cf4AfDrkmfQi(7me@!IZsFqgQ+R}??E6?LvJZuh&piQD&L z28-MMi1FffpK+>qI`{pZHR5)^dy9DUbEwN1al0J;#nz-G+o+sYG{a%$V;ugPK zJh%J(r;&FOmoQIg} zT~E8;9bUZrd&FfH59Z#-RZ!gKjT+)h+;enI#ltPa{&o_#JQKw2zVlS^;_m!#nYhKT z6@Tx(A9qCDj>n7Qmgk0ewDuTp@5F69d=U@ko*#}g&oA(g&D(bWI+1w&FQ`vWaf>e? z{=z-~TtnRMU)L9JvxBDic7I^oI z-FJ&2-sd;Or53mLWEOw>K4{<%6ce}ja^i#B`BFo1yMNSDJZ&Da z@nI7&4vUN1xGg9Cq5-zsP~75MhzE~?`~$=-ezz8xGf(1ehaXapkh+BW96}RIqk9aQkp0R4;)}DIe zapIt!9mOrar+5i>9x_JU?sv}?xBJ(N#E*u>@v=qS;&+Rua_=QRCvL~fHStRBd5;(3 z7XP<+wb|O%_2XypelHOJ(-Qn`^|$-c(Z&Bm>Wd*MCMG?uj?70sky+>m)z@?p3dUby&{76hYHB!FK+S4#b3Dd z_t0Tire*CCviL9?jvs3Yoo=Vx%qUi zxV2}A_-6O}GPa3Z{9f@}T~VJ4;&$C}L%dNejOSP47XLv!%&(|tae|ZQSk^ z|7DNs7jcWfF23B|-}y`2;y;Uj_=-A2TkYL179UsqRSd*u7Pt6Z;_de!Z*_4ShxNo` zxaVm*id%dS@q4Q<4o8dIaW_@m`fI+p9d~QQ6OPCJ9u>FtoE7ioo&&!xZt>5>Q&mL! zgRJqczpax*6}NSdxZ-Wy{q%I=7N1T0uaMYYNpU+~DvBp|?;mI)Zt-ozo0mo1Mv7bf z1o5w#P=}@BcD%0=uk4;PJSuMa&x*eui2Z#cZpZr@@kjB{p73kE`^Cmj3~@W&(}<_; zhT}JvxSiLP5TDo(+pQyR>m*IY8^=TY+KSt{M_2Ls?)ze6#Vvla__#*s$5rCiFPp@7 zMne0~iCg?N@tX-ypAX`8o)cu9cm4fSqdjrNZJi{sc&m%ZpF!N#N%D(ZKUNhV>)zMY zSls%tqj=R%Xy;&YTgMnB9>%RJ&KI}3EfU|j6Lr}mZut+0uTF*byb{0v40*nZ+kVAx z_qXl*Dp(p^za$m6_}t=m`eHnk5D!`wUPauV&uJiT*CTDj?f2F86o0l2`#W6R)@Npm z+xugeiQD<}W^ubN-X%Vv1-5%x+}3Aqi$92o`hOI+eh<3Ad;C{UhVh(0+~NboH@f?e zg~e@srnLAod#|#%)xU$dt)O~7Jq*N@d?H4dM&y5={p$D`Ni#eu(C&3i4xFU&)G28!D_ z94Y?0Tc4jNZsTOBc(bF(zhB(eXO4?MeSEf1Wi@2?m>=M5-7wtJKZt+*d zD`mhqc`a_o<2P~36LK@QWApa?rf7cxaT^cG#IHU@d?9gLZz(CB#NF3!C~omB#NX{f z{sH2)-ZET#-8w{Pf~> zotRJjqI<5fvbeRUws^8sXn#9#i|;0W*L|;Nq_|!0Ob|bq2>E{#xA^7af9Aya*(YxC z$HZsmLHwWMHlI8eFBKg98*-a>e_8&Y#Q(00@fIL%*K6s-rzb~zadGR%isE*j-$=Z@ zTR(3vZsWF_c~ji zyZih5U!MC5HVz|;A8^0dBdNH>rxyP+Iogv?+>X1_;?`eP#qGFjBAz}W##KLYYtJz8 zEb+0Q)5I-)o_Nryh+i*m>oW($ZN24$_^xkR&-bnn@bj%O^#4Z0Y@l2P{{@LPoye|?TpAY%} z5V!GjSlo{Ho8pV|V7t%6?Y!=jc(ufckLa$y?Q_l6XJU#saL-Tpi`#lj3h{C7x#fc5 z7GF~Q#6#4fk+}6sEAiH^(C@>=Eq1E^g;J>%~_lM}3Zq+xpCT@s~r;{=4F~ zKJ!}K`Z4q$*pAizjyoTVA#VMcR6L}6Pggc^TR+Jwo;E1zP*vROR#Uw2X2f?DxBNZD zr(blR*W&p)AkSKH+pojo%iZ^auZst`b^bra!&X2Y{}#9Sui{0op}%76@~*$tA-?$K z!idW$9@jnpP(b{%TR*HJUVZ|$TVFh?`<`rH@!g{lKSX?~yZ^pGJe2#KT_bMSSv$q8 zJqN`9NQKX%8{%Q>`vv}aDQ@q__#$rkL+r-S**I_RzAuwl{1>-=lwREGkX<}mZ`7xP zxV@L4hWKQ+9@1Jo?=s}+EFQUB%0~ z_g9P(@9WOHW{5w}jQT7PZ?YD?RovqDh=0O#<#$=!=Bp>-ZAJwP+<`aZqk>|)VfSJG zto|9@bGA{$FS*};olM-~(~6h4kL?x}xA?N+gIxZm;uhalJYIO@A0=+_zlis9*Wzn;#a4 zTb^a&-y$H-8S$hEvE3`;H5*{RK8tU5-*XRs5I<*ip1%nBV~Jb5zxbwl`1u^-Hvg0o zw>*`^XCy$^Lr@QmLo8lJ#K)lRB)XndZcRejW zwD{-J80P`v7N1T$MwH-zi7SX(d=2qJLy*6hxW(J|>a5?7-b1_R`iNg5e!;zu=zw@o zH-1ituWgU^JP^0*j_2aR|Hiltci6k079Umol>7cj262neAwK&Y@>dm4bO!CT-y3Z8 z+2Zc6_x2G#SUk@qjE9-xjh`X^QgM4<+#2z{osj3SxV?|=g1F_mA%6G-w)<85ta}b8 z{t@pwe~EzjEaHiRzzd4o`{GK9uXNulY$$H;oogpLvijJ21(S%s`-HgM;uc?6{EqwnX>DEyz4wVGvecm zFNuw~Wa{qUImL^+b$|lm$=&BpBXNswCB7sQwmU}L;wOo334{7<6u0=D;=@rkzkA}B z+~?Ud@ww0O17S~k*UjRih_7((4a*{K>*RUF_m)Q9s^aUy<2yWd>|L%+UMdFLy zd&>`rw{-bWiB~Rw_B;~5=++rtiMMj+{~=Ce`!;`Go`Zi!5YHYO{T?7brY$_J_}9d! zb189)uPDA|B;q@ZugZY-^cIi#1o2bFEq<IKlwaBkhs>TG$^iQBqFUh!J)_d664pXA<0U0nQfc(kXC_<|Z3CpE?Gx!I=T zw$9K|+|DcdiBBzodX5&i{8Pj&{{nH#zgj$CF6y~Y+t3#bvMQB_t4!JAJqo+ z`6_PlAyd48?Xsob#@a-3JUWzSAAo3B@fwKz!sI)GeR5)vc)b zNjJ|o{Qu~>>#!}V?*IE2odVLG64KpWB8}4BASlw^T_PRQARS6~H_|2DEsY=`$aBM5 zpXYm?@8ie)$L-xaJKT!Ii%yeDh;#PY<}_`@?mA z=NGu<4QInYA7XXe0N1?XcK8#2ulYRu{~s@K&9A-tgophzc)PT3VC{(qSDvKs`j0I> zH(c?B;BmcwR)Z_PF1*_`tA9th;(Nf$T(WUG1+IC+>F{a(z0j3#%?s>;YaZ|qcvpY# z<2qdN_u=CfSlvSTb6Yx|YJU|Au6e^m@G|dhef9j8@@SqbKjQnQv+Z30uJ~&34dJc+ zKfo2=30^*}<^Kt;_zCbe6)gWsxZ*d$6MkdsdjhWb^YGA>E&dr?@o(Tyu6qAJ7d$Q$ zpA0@IoW&J{Yu>OVJmqbRuM5|_VJo=i4co)hMYeX1f@|JzB7AlmtHUa|<_$N&Po=Q! zatW^U^9OMKj@KKwp0kSR^Reom=Y0P38@T2TYr_kL@qP$bd?)yeR<^!F;hJY04cGhI zQ{dXK&WCG$a5+5Wg>9G9aP3d-z?J7QJY6%(6Zb-JKh!*9Qg{o0&afz4^G#*o5yp8x zge$%&yi#wge^0pfSEJy{GZCJ4gZD$Y&d2t^mFF;gL<7t71g`U(&=-U2raY11hx^)k zrGhIy13YSN%Ucqz`10_bGi^Jzf-Al~yq)iV#={jq4ZgOb<=+Zd{9gFj@wUD<;fj9% zpX%RbihL=!o|@{66@fEiL{kT=R?%;hGie1Bchr7T^Nb1M%99eF#osqC4&Uj& zx7Y~2XOFeND_rx8gW#GU{0V+6jrGHMaLqHWge%WR_?fWQo)d7*8=i+(?P~GQ;EI0( zul35}V_pgF&zfgU2ygAr4Q7XHo-sfC;5e(pH*n1})`m~==Zf3IHP6@`Uca7=-?4Db zGyVdfoW$Z+!gam55&nno-%h|aZ+ISl!k@c%4p;oY@SOiz{S#abuD|9PQ@~S(SbQ$H z<{1mYC!DtWSA%Pwu^#+>LW}PN*F0lS_@V3;KOV08b+h4`A6x{Ff5X;mFI@ACC*jI- z0bar9-Cn^p&lqwoD{##l-huy8-^R;(xZ)#R53XlcAHT`qnm0@fZyv?k zUlgwRGVs}pt-m#bYo75t_>cFjeZAnC*Bc05^)A%MKbQ|!{Bro>{nnmiaK)d6r~J;^ z^9HW?&^LnXIbwh4kMJd2^M={rMT**F0l-_@van2u6f2>@KPTpY5(`Xui=_!tO6gDF6_tnR&dQ5wu2XaX6+dTSNsI{ z`ym#;4z78_ZSWhVto;|^ioXfJvdr>_^7|aB=Z$S2S1TkEd~b2vzVYC?Kb#xB{k6px zf|viv+F1#%JniASkI@glFOIc;F#N_w%Rd4>Ih^@u_-Dhdozvl(2V4Z#eTFq~omcFH zm)dRZJPOzK?*+J)dk3!NK8I_$A$M%MX**8qVC(xCyk8Gn-xP4oXQhLGU((_Wz!hH{ zo-C5Z*M{r5uMvFqQL9fcxaPkG!XGrY{L|o?51I>)@6Y?~fNS1oKfHy1zwr*db#z1$j9&mq*I%GUt z*CW&5w|qYOH@N1%*1==ewf=e#u5s}vT=QSI;00pZc6kQZyw7{M=Aokc`Iokr=Ajb6 zH4l{ruKbzcWzO5UD+*WqSMWwZS$}8%*F02ncbP-(pflYADEA4{siD>5`=i!Ny; zY64%|+VT&A>wIiHd|3h8FI|Rf-sd)a^A=nG*Koy$^5Vt}*F4b_dQPk7O1RGFH^5{2_Z82;6@M8Xvf9SQzi`Eec@kW=js6~M za=7Mw(!sNCw7)M6SA0cy!NIn^E#R6b>Im2TPEUA?4e0e`#N;?Kb~Pjn5wCy&+bHC*#Vp`HcTzvLT> zPXO0EQ408dzt5QuuIsX5@bCTnrxslEK8@hJid%cS!xi5j{%c>W&n&p+i59}2)Uy1W z;hHDf4e!^+_HP&AnkTvmPto1#`xdTwqA<^c>;J=a`}ag}-B(Em*ZfXac&n{ehYE1b z6V-+*PhmYk$}m!S&a?OceO>6&9ZfuJ~N=n!T<4HQeCjfb9|PBYfLZWxeqBEgzA~4!b1{6NKgabOyx~cU-wZzy%Id!h z-hYJE>kPc!&z9#Bd~-F+^8&8?Z{bDzSbUtpQL!;GIj_di@G7?cb~409X5Wz{6Cx_MCz%{vv$kSGL^8aDC7AA9xu* zzC`}l{!aIi6dx0w!oT019ME8q$Je$)ZDw);uAzWaI;-qQE0PvIIDui!ba+qjGJHh8-zJ|_H(-=|Iw zS9~`3q#Ks^Yq;Vo!|R=~anus7_#ffzYFNJ=30J=z2M^cN+A|-n_+{{gPpm!L;TqS6 z;o4q*!Zl8B!v_qq_Jq6(uD{w75&r8l+g^#_icbZ9@8_|(;rd>88MwZ`T^T+jtkt0j zT=A{p8&X?4d&4!p2E$iuv;0%wik}UiKEmR+!WF+4Ueotim*Lt!+=REkXzdUAFL=8s ze?)kr3>KdpuKhzgc>l20Z;QdTe<%g7;osA!2UmY<0oVSa7kuWIb{}jwT;ppDJozwN z|6k#XUqWwgb=Xb!`$d1ihxv8WO}O&^1-}&AwtJZO!P`agk>QbsS)J3uHC{5qJFc_* z#o&rB1JCZ?{ip-i{-GsY$Nlf&e|=+h8wl6-9R=6^WI8-iCu{#YxZ1xBKK&1?;|aLp z&%>Mhd(#i$+Mm3KYyS`-#MV#8{e%AAP(rxk^_;lk?=-S@=0d#2VTjvw+Mg7LAM*Qb<>9*Ss15I$!nR{exZ*p*Pxw5`2)MrgKMp?C@8d0l zD}D{UbONix5xBPF8TjhPwq2gX75^`M$2eQx_@RUQzwSFFhsPXh`SZaa`g3K4;GI9W z{MF#vUTxuNUR(ZNaMgbfyju!u_wR7U?}I1t>%LQP#s3X|li%7ODok*F6rTn@*}_9| zz!m>3yj(fk|2KjwzAJp=6KlsHxPG5;419Y(YtVGKo*!5Q*L=ZRczXYRgxzrcKH~-W zkN!QhyKwz})(g0P7w;W>gMWWGZrI@Z>-QOx!V7(Fae3hC|3%>O4_N){z!l#FUUaY3 zvoBn~&o~rbtgQ9tS#Z^V8C<{5xCXu{y)E}N{8bY32XOs9<9~4d-eUN0!S$Th+WtK$ zT=8k(cm4ihVYq&uu@t;-T+3eh*YCj%gdd+~@zdejkIjSU*FFf>Ei@yw4Ke-Lhlg8F7w9jwrxTfD{j0_J~%i13guHR=Y0gt)S@>hoI_Ze%z zH}ALnt>F57#&+;3eJy@6{Mi}v`Ec#8w!qt*vvwYYSNG?o{)8*fOSpa~@g2ONe-AB2 z1Z$V-toV5F{Mqezngy=$SP-r}CE&f<+4AbZ)gKze+dZ@WKp(h%Z*eeuoyX6BD}Ell zOH|9h1+L#)+zp>|+P2F@xZ-cXA563U|1VtQF|?o8sQyRtSbY-0HQrOemmjhCd~l85 zqVRaztUWd1I==LRfB(?xGaRn#vN7;m{+!#daK$fy|K-=`yWomH2w&*u!Pnu6zX$(m zj%}|{{$7IWtoVrVfBZe5)NoxlWrTOUY4t1uSA1#sz>L5s6MMk7 z`g=p8;cCxh_)LGkaS2@UtKg;QT7TOM*Y(a3cw7IT`8BxW@4>T_^6eGbmZR;Z_(=59 z7M}vH{YhH*^$V7_1YG&c!HZtA_$F{&ueF9R^zWGugljvFg6n*KCOq0j8+S|L>bI-l zFZ{iLy>P`JhF89B{q`1I@eknV3R)e)`u9_{T@)V$-sFhoPX$+edU){*wjIBMs~=W` zpGj@`8^IOd5`KTP)w2g&<8CNi+iNUb<8C&*(<*EKCb-(O3m&eiwf_uU@t5J%{QFK% z;krK)CTj3_(fyVv@ZN*14oTsPPXmwb->1z7*LW!gPkPMqSA{FSE_}t$*6wa_#rK29 z_3NA|aEa_ux9uc?v&$%f~~s;BhfAmF0;Ef9vP%$>I8a#w>7c$5QZ@w{5+?g=;%D zf^Yf5+SdWD-%sog?-$kbkAHUg7;dmil?g z_*Umw@a_G~lfiWzkpZszDtX}zk6514aNSp_2Ol=Y)~gj<=e=Fvx}NO=|J&aWoebA~ zm09ozb*ye1;M!h0;A1PP5KWPbH7SsCSK)CL! zjD)|rZ`*MST=!M>z;my$`ka94zREfH{RY;a2XNh2c@D4P*G&myTDw%|%W-YF>EPNg z6@l++XMbNFp5n5#rxsj!y25pTqYpgeblWat;fkLE?=j!vSHLwMx5AZY54=ea%X0~? z{%{kXx4gxNiWOW>-6x3%&(_D{lfxCC7M{MYH#xUyr4M zD?SrEa|2u7QgFqWho@^~@lD~1Zw-GI-Qowp6+axl<&niNfa`i^IeftqtIrO&;`hUU zyK3hC2DfGd6kyl_6-ug-;Qf3gU^V~4e84_x^V!zX94dftNTI_n{PSW9b9 zc%Ki^{$JZM23+UoDd087TAs{s_1j$V-M6frW#Edh1fTZQ;#W9bR<;GjTy#ZJJefabWR?l~Ejl0P4g2#)tS8TY(T`Kt3 zl`VfExY|<+-aWU~rzTwS4dGE{TYWmfbzfx=T=z+Sf`8}FUCe?jej$9qQ>)7+xW>ya z_|-yIhcj@+UxqhHZ|n6hT=8Mz2XB`Rqpfa<;2Q5K;J<%s`3u37zZCrOD9c|DuJPUs z-qxQt>J3-_84A~Up8?O4(bjV*T<3Kg;cxvs=?Gl+RnEZQ46*gP0@r<#JMeIetZpF* zg6psNi11N)ZM&y{YrA|2uM@@EQyQ-Litsq2-kg&W$=(}R)>vnotN%|>w5Dj{A+(N^)6iZJ)XcP z6}9C?O7#D(=jZT2Pb@wYT=mZdul%>={RXc49<|}4vs(W4a9wBhf$P4<5O}d;w%i5q zy3y=T*@Jm(aP zuL9S7jGFLS8La=eg)6=bylG;~|1(_oF($&Z=d<-+4p;mdc)V8DpAW+|9#6p=X0Z4N zaE1DI=)nb58i6|>%w*Y(gfbh-{0&ES9~vc@-MC3 z6X1%U29K4&;#b2JzX|?*4qM-oaK)d8=a^*c`wv{#BmcpR`**88Paa%<#m9%I_wVLp zfb04zCtT;xh2gsXssNws-!EzmS9@B)8;!R9)(fuqLGU$&t)7$Nx{jCyPxZUiWfffU zo8V_tS^P=3;xE7_rM39yaP3cC!@J+J^^N1tQ|rEj@+W~$^z)Wna9sx#f`8%jp4H*n zjt${De{Kiwam4yzZ@BvHAb5v5zFpvop9ybK&GN5HJAd~p%W{|v7C9-&eP z*I(N)9(+@0Td&k`ZO0t&uo-Q+rQo_RQ665;@3S|Bt8Ojfv;BJ!1L4X)6n^t7YyT>E z&raq$;99S<@N6k;|9=~<_y}o&>p6Cw_5V0<#b<=i?_%-!;fk*VuiDn)zk@4&IQ*WU z=TC+!{x^8^-IjkdT<E*;EJyc4`0W&Yb&_o`@wgFvwre3T=Dba*D_iBYPjP6fM@gXJDr0o{s}zK z54K(YgDXBxy5N30beGj96sqjEtFs9sUIpnK0MkJYkwNJ;tRp+`+L*n;EHbye-qdG zPg}U+hrq{Nw)LF=SNu|V)@0WHjc~;uhj)Es{pSi?@h{<(T3i0G>4W>B;$y;-`tOt_ zgKIyN0sf=Un`eiQOXvFmc$iDpo=Whal3LyB!0X<$_#ff*`&fJzc#|Ero)h7{TA9y) zU+Q7L3Vzz($KMPONnq{S3;(Kv`6;;S`~n^`vBih+`xETvU%;Equ=ULjSN?C|dVX5p zw_yJMh`&76>M$Cv{43z!=C}B5aK&GR_r7EO;SpTNyMN(2-bM8JJ+;4ue>Wy3eE9{- zpB%3C6oWT>W9_d5SA28$x4+r;>Ihf-2>9R<7C!~9_}}4Gy4d#J3RnCU_;&Z?o?X>n3gDbugyip}vUR}8M8!h45Z~O@VVTR@D57&NUBwYKA z$?zEcto`%hYX3fXhMX3E8m{=4@SOWBK5XXTIx9Xk{9aN!j^uzVzAAjcG|S%@uJ{4) zlK)uz7`WnB!V_e(`0a4TUxPotX6yMFuJ{;Pg6nX`fB!ToT=BW!J^R>rDFIh}Q+OOd zuC<3BX=eL@?(jR_?pg4v{vOjpc=N}W=Lo#GKZkY}{>bNlufuOOw>%HvKMb(-eFN9` z@FQdmuBY~gvEkYuCWT+AVfiz{RnL;}8L2G39QskDd z@KseT|8TgLI~RV(?-wnB*Yxi|t%sLQV-4B?@8<8b9E5ARci{u8Tl=5D4@~zu!!=%_ zW)H6O`0*AWAO5zO#if8x_viU@z&G@^{!<+uYq9024-e((^TTK5+G)p>Xw|U*PILTj0m*SpVDuuYJw@ z1YGsM09XBQ!d3s!IfLteyq)#uNbt)|EG`8+|0MHt@L4`jS`@y%$IS)h~-&1`*3!N2&&)~h^xmEXUr29I69^3;c?ac>Xb z)7tX)hHJbGfoojMgO502by)#do{ezjISJ2wz}kNvUfADTc?Q4a-{*M^ueQnR|9S4< z?Ugr^t#5pIru4SlobbHuEKdP=^cj|?3|#Bm2>$#>%hM8G%|FPc?{n)qF}1JPNW?E# zY3-Z~*Zk&Ec$*p)zYc!#nAK$)JYoimKLc0(D{$ri8(z4t<#`KFTHicYp5X1G{E6Yp zpBCP1iPbX)T=g#qSAVMvKjic2HQ~$sIm>2n?Kj52@A(fcPl2y{VC|d_*M49v{4c++ zz89|bIttf%J%qpV@1wqkYq_EG2G?JCQp4Z)?-ON%t3CPQ%JVHefq#F$0bF@n!j)$* zJoX&xKcnD}GgzJH!PT#p!_}{L!6Qbr{C~i|^ZT6F;mZFPT=`$ZFZl0|{|Dc<8gYXn1tp3;F%6}iO{4e04d>-c={D(}oU1IzFT5jJY zaOF=2|8lIgGYfpZU+30`{~g`x)(l?lC-XM&G>^@D!u7l1Q{iP7So|D#>yy^bt?(O} ztsm}zFNtS)Zo}93cZVLrhx+&B!WFQ;Q$3p=vpUCwH@stU3E>Y`TRSVlr!KMhYVcl3 zE&d1i=SMBRBYf^5YtLwS<-?X|61+|fJFoZ^uIq^P@J!__|2B9=e=pzyy^SsRI()Ow zgZu}-aM1EcE*Md}Dbs!{_<@Pyx8EH%r2Gy;&c=zNqz& zHgL7G3ta6S4KGs4@=Sv(&pf#D?1D%5+43BOH}v}eSK%68Z{X_BQHlij|A;=H5(^%w zfyJeVt3Q{7D}QBpdA~nj6Mo&FxA_sS{KMcnFC7CP)64qjLb%4u3b@A0Uii2zmgg}1 zWi6}28MwyFefU*>9`zYKvwvUlJzUp28NAwQaJBz5Tp9|drFYEKFr{HS;CAixE46gS72Oo6b z`cL>0!S%ne$^JbFTCaK8g4bJY%gqSC z)7bKqf;UcNULL;hhIuu(t~YDL^ZE5u6S&SFdciyTcN+%6U!Sq|&w|%qXmwi%|NXrA z8o0LCR=Bp;KDg#_Zoyw3wDvrJ&$(yyiRkBL+Am%7dDR&3blI(6Wrq*>+B`qJito3- zf~%i&fNT8rf%lnb^%(-cl*QUV1FrGA9^U=A)nOZaZ$@kX1-P!8Zos#FXYF|d*K%W* zwsxtW%l!D57+$rgwI?-P+xIK@l2F#pZ{a$Bt_#=sb0_%A+?J;wTzQ7Wr}^`B#uR04W2cQ)h!?VkFMsW;o2^h;My+r;obc@x;eZ~0&8anxbpXh zCyrt9!{Pt<@2^dQYrM>YKdEYYw!%k7GT#Gl62<%ke7V2Be+{nvy|iCa|H%MX{ygvk$t`~o_^|la{_1e$Zwpucp76Q}t(^nm8Q+^vg)9FW_=LhE{neLnZLe@;gU5x|_jCBSeqTBPJfyOpt`&*t&aP`Al@JoJw zz7f1)VawkJuKv>>-g2F_Z#X={Fv~Lut~~SM2g2C>kmc}L{@u|{aOF7&uXn}Ta~z(_ zp9gygAClkd_BZ^dpWnu)7+n7X{+xL{_(kg`Avxe3{5|FT@YIEDxz*w8v-21 zuJieU@G;(>N5bpGvh6YjuJJnuuJOAa-ur^(*$402#Oieep4^{ny$`>g%JPJ-6kO+P z@6DsZSNL%@5nTQJEBNWkR?kZCW@XIl!j)$z{O&m0z@y<|uUnq!aP`ln@bX@V)$kro zY<+jY)t-m&zBR30FW~jlS)S09gX^jGd=A(7a{~Ave_tRCTzRs(*; z0DjNsPj|t0PqF+5;fcSt^|}quIMd=E!v9Qf9_d^Ar_MtX&$c|D!)ISKPYTz5tSr2l zU;lmsA6D7&G=OXW(*{1Eh}EYvyv}9w0dO7fM#6Qxn+NaI)3)PM_?j737kv*>^(o`O zvvv&egZzH%Ik?Un|Aim*_mx6>|5E5m35Z?B3%9FFZhqut!~fZ zzpS@BA=QHWf1v{Ak>GWG{v{?n!7!^^8u-dMmNzqeaUF}V36D6-mfH}1*sm))!*v}r z0p8W0*PRZ3+}W193a&gG;9q@Z+kFpwlYbZS2wdl@ci`o^+HxPmi&nGseGAw44d>fU z<3i*23wTezACVJ2$-nPf2%goi>r2DieQw8*ru5>r9lwWv;m>jPhpV2$;8*>8V+vgD zoC8-om%!D|1Mp}IY8^1f%o)z z>dx?7&uqB^;2K|(;DxeS{7iT;zph*gpXKjI9D%>xV(mNwUpLp*_Xb@1fd_E4^95Y{ zfk=M-u6|o%hqXU0yvSeXN#ON%)i4wAAUZG)pIjk`??N;r43x`)gS)Qe@|){yniIiGY|gl4%@!V z;IUg;`**?B{$hR*1lRLeGyC^s@XO6CJ}o@=4fC9E-8U`)pXBeam4%;tW6Ny~f78v@s{?#~ z9$W4(xXw$Lz+Y#yj!{%4*QUd`Wc$_KCQUIyMz_YdK33R(N=!nNGya4q*oxR%=+ zKD>?P9|YeY*XlVR-p2d+a(MqX7QYFu0hvw*5&h_|(qU&ie3Zejl$1ylX*Q?sxDsxoo`jg(p94^_&L( z-hDSb^C`=71YSIa<+%@kp3*!@Lu;4zlid=fjgU3SQr8K0lrhKH2+oWq4N4-yR;l zh2`xI&zit|9Q^Gh^WWgTCtLeZ!}pD~I$VMu%xnGz{%oM-Pu|%6sqLH8ub0!o!|k-~ zQVKrcs{MT<__`j}&hOyePgs0Ec&~Iej+VmD4YoY{;AiHVUx#1!_cY(Zqx$@Be4kg; z`gZm0n*)B??@PCaZ}R(!UE!@8Se*yKM~*ii3;%P!)pI7i-bM4J@GrJlo(=FeB`tn0 zyw_o?^GW#Xo#t2J*ZeyG58+GvK1@hc`#aUG?ig!NTzCb4k103&FTej*9sZTiM|6hA z_vf`{!{7SxWixz&&&ynbPji0_|HD0jU&m;@PPi9@m-q9E((nX+e%S(Eq?^@e2)vCy zr!)iJFpSlA8+?5f-(K+Me_8(z)jW8+JofX|l<+}*KOsN7?K|r~#o;$vnpcMxnrO?d z_X+Rx3Gev{9}l1J$K|P?@KvAiji2xn@TJ+TUgtjHPe0+WKH)KZzpnlh;?JwZ`-Ert zgy;T*SA<7?ZQG^VC%pY9yxS*y68vj_USbP;>nq#t2jC@r{^Cz~^$}L*Tk!6FKmQ?o zPgdLihie(!pTGFb#?fc+H|?wrN#UB8$qrw=%JLS3|Cq%5Yj_lY&$l`}M^syGTll@v zmS+I`KYxyQB)tAKi=PMAyvAzy$*5L`9dNbt2t51&Yv-L$c!HeHUZun(?Z>tdeO)_gwZFunvmcJ4Fsh>CYhWGOG!$I(@e*BsPSDhEZ zs|~aD+zXHG^Eij$mHoN8t8n#)r|`4>eB&$lu(P(@DBlOyd9Z))C?>q4->1zAf9~g3 z`QY(>vpN@r|NfiR`CGX9Z9RCVUo5^Ad~|c`KkeWbwwe!wD}DsL-xO=-TzI81mS-_M z-oF-q2wvE~qjCi!OXC!6ID`$O<{+3m;oR`4gAtv>zX`?lHNuZAb| z>&;E@{r(-HBk&oKtv#pVgZtZZ@4+MZeDNdrv#8ddf8bMQn7@U;SY*o$=lAEde?IBI zHxwCO!jJp0;Kg5C{o})vOtt(e;JN+x5z@dPzqR$v0@rt;i^BDN_44pn#Vk)vxcX01 zxPC9DEj*5Y53ncvx_|d+7`&$6H=GIAywW0g+}pNY*1~K0xY!LJeAD6&!OyL>I$wn= z{w}<;Uq^@dytlTy>hKv{zdIZUUf-W1$pqJS$q(1>4i|@q>S60u8(zha%Z=fWr&xS< zxZ?Z6GkW|?_&@%89}D1-cU%5#aK-O~m)vFXH{r{B+qifDUp3l1lAnL6{@eRmzl{rT z?sZ5CAL;j<3cx#kZFx$-AAe@;YzWVv)Y{V$Ug8HIDYeGlaJ7cmu9+^cQ?-S!++24#E9d<0vXz<0uh)vCofWf-j0=^~nM6==bsR z!C(6GJf-0!{e8)A;d3L}^-e>$&L>;IukW<=?G9IbKlsrwR{tq*oqx`P_uFUrcfxi4 za1^fd&ol6tDJ;)(xXwS{z-#&apyVBcx8uHf9c=V{~oUM%ntB_{(a^l zaGht4gg;+k?VAACdFC(hVKHs{&V}ndb0K_`KQFfeuJg>b@E8rOKHK0r&)f}v6~Wqb z7_Rfo%W&<7@58m9e+k!lW9Ux7+p(L^7et5ayfHOg=Z#t5FAm%K7KH0~R~D}0*EjHt z{$6}@xZ>NuFSWFBG#IWrjDzcVHx(Ynzf-*mt~%>?26SA|@oqojn>MuZbrr7T*Ijtg z+!i0wIe5D$J|etDE{jhM*YPV8ykI?xF9lb81^BwU7T*f4<6V3BP@m8J8Ls2qG`Nm; zzrrVWx8?4D>v(qn{yv+Hm)me1?;gRU&9wYc{CQYyM;-5C!QZ5`_^fap@AATP#Io&I z8Ls19Ex3+%E#ck9TAogDjUzqJtM+SLj6nR2r^K_Va{%aK#scKR;>t>%%oJn#0>xvH0F_ z#Sexb|JUN@!ZnVTz~lOR2m9d~N2lQ$N0;Eu{66O!xW-ZFZozdP#Yvo!8MNB!PiW%_+fC3qp@&}quKD5cWphF!*#!OBV6|(cf*JH`#8tp zy03c{et)}-qX%%^KM(8sOZD^b6Iwe{!6WXpIuwBG{&{hDz8V(a0IvJz&EeJjxteZp z-9PUO5AW~MOo!|K`LFPGK3};5uKVZv;p@*@9d5x@=LhiUU2T0M`F$GIQ}@qfz$aX= z?UD+v{*V){`{xDVwfyzcvHWQs14WkP9u0Vzwa~zUd-nsHo$egvmL(8pR+m%*Y(bM_z{0@eT-Q4z;kw?L2)}*a^2~+nJZ%MB=Up4%xntNkIt*9* zX?W#Z7XJ{gI=q4FJS}u@-~Rvm^AA&5$6s6h6T(&Jv~ZoLWr2_T)7tYDT<2Yt;4xBL zzik0m{EzTh{(RI(xX!!A!`qg%{7d1AUk%^k-^n}<*Lm7Gc!k$i$Cq%Or-kVgTxXr9 zMS;(5YVAx1*Lhl2csqY@w*p+}Y1QDhB3u6UaGj@hhtHU5+i?$HGppKqu7m45 zZ981&X-DBLmRmb7!ZnWW!!<6R!DDT;{v5tf4@F}TLjS@?rA*8V4Ojic9ajiZSDgX{dl-!F&**ZEjtc!j&x&Ma`n=Z4>IV|Azq z*ZEsDc&T^RzAkW`zYT=z{A~n$od52_Lb%S~euH-!X6tntUUICpKf-|Ey6OBa8oblL zmL~;V=WprY6NgxTE(q88TQPXWTh@-UaGk$Zg6}VH?WqaZ`CC1BhIp30Ib7#&t>J%X zw)`F8I)Cd1&vC@^_lN8JZ5&+t!2wUH$ za2FU+^Gy-R?e2&60SOTg6p``3m(Sb zUz-5eab!CDmnl}aHE_jmfhYF(^KczUuEXnYv;1%1iVr;~xc+&!T6{9Njyq}LMg4lb zBz${6%Tooe<4!I3=JOWc8Ls0_Z}{E!w!Nmpb=;W??-b6~b30teo&E5`8EyY_3$EkN zLwE$g-x6+ca6L7CW5RVjN(9&OC_Vg=zXy~DuJKh0uJKX<-nz7{S0lLMzk~mL+}5Wb zT;ppLT;ppZd|4=4?sB-s*Cx2e*Dm;@OV&>=z%^cOz*l}@?f)09_%K6)w^yxH_V3Bz z8ZYVKy((FJQMlsEz^_-d_-1g8uOHyM-`M&NhiiOIf@^%ugzNd#&2Wvc-SFSm*!H>x z*Z8^z-!#G2EBsLVr|utWd_{wQe%bP8fNOl^fdBfp)u9|*%8tZJpXjtABOSgpjCgJ*F}au z@cHbl@KH@|eH+7dUiTgR@ljiDPq@zO2EZF8w)~UeI%6WA{Pj{>UP*Y$7S_+Jz;!%o0N3%Q1w5NS7t{l;_yO?n{{4ih zaMfoaT*sr|;U}`&cHa+I{ZGSnJh}wG=kwq%;5xp%gAcuL^^7wjcsnXS3H;bSi^~t! z@ufI?T09$%wc(0y44?1cRqg}V@n{JA!DegEuW%iYR={;U+5lgX!P=3 zj{b$~cob%2a6Om!{Bm-*jz{U>1DaU=Qg9uQD!@}_vGzBEhpu4lXb;zMss~)hsp0TS z{=V=Sc$GP}+!^r7Ut0T@!P8!`_%-m?c`be?{MUyzuK$3ab3X-F`|rY=`up8a;4h=v zxO)dzeZv0~yd9N4Aw0yt+n*9%Du?CI0$2XLaOE!#pE=&zQ5D`Zi`A_WT=`qUmA^N9 zP6^vCgW#L}y@|1KZQt4SoYu}o@TirnoonH0=Qg<7c@n5|%^AxWB z^9HWvMjI8p-E-cs`ox77`Oo4~!L{6sa4k0%T+96$zGbK7uL7?X+uBnfuI09XYq@RV zTJAvjvg($9B>YhV+m2J7F~UjM%3DGPrb*80f+_yIqE8w$@G#r8|b;5T#FdR>J7o!#1V z7v8akwdZg6bHBeAGA6igHGZ;oehz=L&^!q|@1OSfU&0eTHqQkwu)w?+Jn}yC3h?Lt z9gyI@W*Mb&d1^F!&sh6@FB;|@4+iaHh%%nUe)?fD1V+**I&u++4{zW4{d3AlEUN6 zwLIzJ(8-Eq5=x&kt6g6Y#eFosG-zB|d)d!;f{e_P>O` zZDRRDkF(`#yQeyB9t}R+=hqU#Z#J^OPXn*`qvgo~U+LHXMd9uIxv~oIUjDv$ZFusZ zZ2Pu=&-CXHJHiVUv3B-@$7*Kn90lLw&jC(_=kn(t7Q(BovHWY`Ckk2qo$zZbZMz(W zANAkmxd@MW+49_j{}9u+FFc>$-wWgC``W&xd_2a058ZBglE5o3wDn34A5hvn4?Kgv zuT&C#vZUp&0(y1b;9a)0Y1^c2m2CUu&A{&g74Q= zxBT88V!)Lr1AOLC>z@VT*Zq4DrQpib5I#A!<@p|-)b~GK;o<+V^_>Yn=+BvNfmb+h z@q0euXW^++So|Y+diSssZTqNhS=~a=VJKM zYu3&k@M2-DJ=fvg{QbxO;7$Cvnb6Niw7o9wwES7&e* z2!FoV>UJ8QK8dyGIy_1rTkd1{kDV>gJ9s-E?~(m{Q0rUvGuz&=;4S?-HhJN#i`#Nb zz<cW?5+AN%}HRrs;Z)}HS0cK#iJU*OlTSbH|XyZHI}MR?5Z*1qTP#QvN{ zl&Qh(FZ{sTlK|ey=PxqAqmQuoV(^vz9hiFXjj?RpwS~8=X?cdgd!@Jjvm74T->2IM zf8g_a$KY4I|Md3z3ff+&8(2Mu!)F{Zp9(M3)7rBZ-t4}$|2TYK2dnQL_~F5pC(?BL z?;rl(#Fo3*UG0qF=O^pnFZNjcKKQSrEZZsg-~_h3bMV`KKjAujeih4e2mX6U%ku;t zHJRb`7c76*Va?IANE?n(w1W$Cr;#=bXU!P`% z7xVd!obcm+S$p!sM-;aHRuo=qnt28I;4jU;g{SrB${N52ZLoT_gX_7mF7R~qEPepI zoFCUFz~5G~I!=Wr{oQ;vJd5XF0I%cMxy#_|{Q0L<@Xq_Jog3h3dYSKlZ}a<6C*kGG z+IIO9e%G%T{)Q{hEBKmpw!SfD1@|k($A(`&WXnwlzckslZ%%l;Jv)gY2k{`3=ie~r!+jTe>b~4e1w0OtQB1G?cl{?*mfBPFQ4Dm=V$m+ z|Gmp)aK*2NKksGv55cdNHa`Jxc*N@Y1g`jh;7R?uCHkD;`hQp5{yh%7m-mMpaK-0` zclGBAzJaeCXWO?Xd~_l^-|Gxld@p#YL{^6h@KvwOr^0jjdzTyFir)_3;O`-xg(q8X z^|=hM`Gc+3Te#xG%nhz{kNVcmMDPQC9hU;WajV4_fh)c=yw_T5Pks2&Le@{3!s|x0 z{Qcp(%2>OH!Y?1N{7c}G{QH3`;OYH+(xdR}ejo2o_|e3++`r+MBU(HEh0pT&!uY=i z*Ln97YiCk;`aPDXAbj6Zt50$G@DR(}8m{>E@cFxKx#Qq7`dXeT@Y@M3ejQx-x5Bd> zvUZ+EZ2SSzH--+HK~Q;470`duqb> z`Fr%U;Va%)o~`hXdcGIF)8|v?x50 zKVMfLKJX8#e`EN7?$(~Z@V|V%Z1*R8KfH=xFJFZ#&rNtKKW~2vKjGi`3G3GlI^T|2 z-0BbwuKaP~J-@Z}%?#Ie$qnz9%i_O*>%6EoeEfQg?+Vv>NMCr0WY+!}aP2qd!^ga| z_}y^zlSA;b{v6bO_-~JF`#yt@?_&F<$UZ-yI%_`=6W+q_v*m{?zBoLK&&xD|Yrpgz z{GN}yA@CXg`!W;Y_fJ{mtL?}Cpy zVDZ=B>gV_1ewh^#VX^(4>aTtt9bR#Qt#2l{`e8133qLN@gDbunyq+J&2g22FN5Vrg zTfbTik5jc)6E9j^HM@SFa< ztk6q?>#6Y-8U90lYkwNJ##d(e?2Oi)@^D?RRfP}rdAIg(jj!(TQE#n2li}+Bv*7v; z{(iXPkHKU4^P-R88o&R*kKVTWL|+zM&$>Rp5D%U%zQt#OYdq$G?`dZ1TMd5UxOqMJ z%P`iCPH>IK0r0Q!ccevvF!$?jrd8UDa)%Ki3fl-pjw!k^p|s zzY~}To+5+w{~n+4KJZ2bt^SkX$}<&yD4*@0SHU&DHo<@L-!I++SN_BB1nI5++=46q zA-r%aYkxTJr>dvoKZ8f>WBF6VHC{5okNCXo*Km!OD)6j7TYY|n>wabz`0Hxco(XV` zm+A1m!>#{pf~)`Uf)DfS+`r(8e-01T%GwiiW$?Jx@hc(xT0&dj>~I~w^21LTv;5z{ zHNI-YH~aioSGdMkUwEwp)}G059lz$oGyD4si{a(oS)KR88~gJTQT=|r`kOokJlreG zlMb%jMRJcbCRD1&XfkGCS3$F1}2%aR0)wvd2_x~HgPcF9jKJeAqY`H_=iTt^s zd2o%FW$?ILEdL*H_5YLbUsBt0|Ai|)%(~#ZZSeO&Qo{A#YkGLkP4@R+!4+Q#o;88> zw~p{A*=#>K86LNY#jl2If3+Fjq?6U>JY4f@*WuTST71a*;5ul$M}%MX`*>;K?|uF{ zGklDHFS;~b@fG2lyIMQi!2k8<*?xl8@ZV$o72f8&K z-%of0*Zv{&#^CiWJlN`x6t4Y48hFWK7GDys{X=>9_hD^$t>D@}w1?k*XzM!~uJJw@ zp4p$n*$!9yet7#|Y&_n9YrH>(C->)(qWXS9=QE0r4ga&Z<}({?hXAgYSD|+wmwoPk7s2ci`IpJcjT1((-(^ z+5V||YJU<3o*;#_Clg%px!_G3Ti$B$L(8n+c7&&BZ23pP&rGyDCnp%7A!xL4r_^0rwk*)tk*kb=(^_*MA@}z-J*lV72YjC{wduiZL z{khz%aOKGhKjZVlmEnr73152K+R+ZK{aZKqwe4k@GZ$~d<}-sl6{Ng0bUk0xGx0T`hqFMenaP9v)!;4L}`0;Q(?=%fQ-0yR4gzI^y zo$#{0-@XOc{^ucl(_c2eLhTH$o8lwE$9a58xb7Eag(vX$5sJV&`+b8F@UMDU{TsqB z!26H4c29@rieuYr z9=yE2U$G0G(%*yo1AaZW^@n@#%6|U&5FR$6wI|B%;CgoP``d*+;l<$Z{r7ij!Ih^T zJncMN-%jw{{+>%O_>;%BUPIu@|1-RL8C#zPaP^bl;A{N-+&|#zCnw?m<+S`y;o6R` z;d!&#`o`N6TxT8MlfgIUv-m=A9j{Bl7x{VJ4{*hIg8%9B-Q(f9KR*rr`z~wGYPk02 zo8c?p+IpUcYkznb-qyc+`2fBuj*YL#eqOBes2TqKmV%$~qVPU`f3hZAdFsNa472s^ z2v`5?39ok8+Bq1m{G;HXCA0d>hO56Vf>(=f?b!#{e&8s)SSHK=5U&3A0{+K48(*>Z z1@}+&pG5Er{=KpiaK)E{hg7k=t>EfE?cs;dTl{Ev&ba2|;S=tfuYzCw!s@mIKHBfY z9D(=s{&of)&!0Pb2w&v;jo0v}mukE-w<+h_zbA$F&S72?zN4SDb0b{wN8nTa`xv+2ihm7Hea71P#R2=L>d<3{jh8&|JAU7( z2>iL%zb;(yP2t5CS^j?T34ULF7`%E}tIuS(o|m2lf9dlz8{mrH0dFzc>U;zKPcm!g zU-0-HE&e@R{VM#y;Cg;>%i8~i*ZaeN{g5G|aY!+D)&GcpPhbvw;B(7+7#{Al`QI0U zms`)@kFIzz*bjHK^{N9;=G(m`yi;NO`_AwxZ_Nk575@|b2fr>D4KFw)nH~E|0DKui$eoSbY3T!F8+J$MR=^uk`c1%JBGi?e9Cl>#nu@ zUEDuJeUN{OS%(;b`17Azo}Url-{a>aKAGQFTnn!>-`amHAkW`M9~T_i?K$NwMBw_fR8?s{-%yjd>&Z8=seH2alP_?hg!h|M1t30+xF=z&~vF;>B#e z9wU#w5BUnd+ULtdUA1r+!EKhRx5C7F~J$(ERc@VGdTNJMCRVyIR{eb$kMZC8A1bB3Rj(1@|9)ES` zV|%tCUU`lM#NQ2A?j6LhIA!bm1ise&HC*+NbUnCks(%8w>R;Ub!(aI=kB>_hThiSHo~=D2jMYhTk+1r3;6r>_u=pTy!~JJ zmww(Gvdbj*7rFj>^C_j;g@5zK!78j_u&uj{V^pN8{ic zM+@CQte3yy`*A~VL%hb(ez?ZbwSYV~0_yV$@#;TGZU)y`<0z~9hyUuQ8Xw#972=hr z^(VYH{OUPdp1!mG;oq(Wv~yFya(ycC<8q%MkCyu%e40N$8UB_n=fnSB3CLf_UHd)d zsSFR**8ZqwKptI6eQ3~60q&RdAKUpW@~9s!gR38|g{vQKgR37Ng{vQ4fvX=rhN~Y& zyKVJh9WuIq_^&<{^l`mPd?LPTK>US(I`=^Q@6~O2Bj6Qwn$HTzb3P!?p#VP@;Qs{p z*#OUY=l{K4`Qh~w+i|wI`-i{sshyAO+dRPiRmP9r3werPwf*D}xQ-X2;W}PSfouCN zf@}M3fNT36asSZ%(*boz?C0Yj{6h;b6#CfwkR0yX?m8|MgzLCa5w7Dx4Y=Ch0|-Lt<_efFHQ?HkGc!+$*) zQ0Kw{ej>oDA&>S0_2JqNw18_r&=#&b_l2vUjE1Y9%z|q_unn#{Typ=gzW!>>$HM*n ziTH5$t!^Lw|5!jBGPn3|Cgo}{lj1Rqv{|3L-zppM@~QbZ^)zkTi~nw zJ*zzdc@6}u?_0zxPxJ@D?Qb2y_IvT%Km6DI0eQ*?_`U$|hdj#vGrWu6FP#*S#~@u`K6`DY5-2KB}tq;i47V%oI-tbm_ z|9Nmgo^=6vHXvT>wG*!V7vV#EaNi8bzcwKMzlc}<1W&CFAO3$$Kzu%T^@n4A(5Mg) zzd9hkDdKfp>j>9zZ6I97wefHr*H*ZHXs7SuKX#M{@Z=vgBqY(Z|68w>0qxB0uJuwq zO9aHP2#EhNz<&?$sR8b|JDD)8P^QopCoeEdg*@P z7jRt{XM!t#KDh1&mVxU!x;b2V+QM~SI@tZgT6}1KZ*Tu*_>b;y0(@aWeX_s!zd9@k z@UPuf2eqdu{PdmwE&PA~>l%>9Z-syKpAmn^=Y3|wTlsN!1$?MKC$l#ozdu6pG5;mR z>-y*pT-QfW;JQ9~4cGo5(o3t4>Y)8Y0=V`MncYA9)vp2dEQNUWpNeq(u1XEK`pNeJ z`R4}YAAtDSK2J9ip2mHBK%Ni%=ZAtH%NcSM@w#3+3)gkoHMr{b6t233`X{)as@vyq z_45?)(BtjzGs7FivGx~$>-w&;`-i{&u)bdwu=o~;*ZQ`FYkj-HwZ6mQTHmQ~t=Cex z)@uV?>-7g**RvPkx^MYcfd7AV-FckVBpTIM(Kd(_X^Jd`hGZ*D5lS%?CBkp+b6?kQUh{r9^GBTLyyv>F`~G~+ z=X}n-w{$Zgskz#m8b)l$cA-@iqEGV--uJ_Nai8xJ@k+%97k_vjY?Xdvq3q0Usv`@CKdx6PRF*RO@H zCZNt{$@{#15%>BB{T=7!{g1NuQKp%P-#(1`jV15(J0brN@`K^y;m=7O?`NU-VtXIl z8>sUj>TH#~*ZD)dn|(e*;-9kZ_yFp(F!y!vd7UZl^?QnE*!P`XiTd^uz2x<4sN}u= zB;@ZyKg;0b;J-;7?`OY%%Wuccx5Pg>#60}=UeswVd9Tx1JngS=E1XDlN1d^#bC=|O zUJrw}qW(Ro|CZ#v{zl}-AYV0k){sbq`Q8n0Z|>XI`^gf|vfIaAsB;(U z+$(vn^QicF_W7SvQ70F5)=1vx^@X_C-zmQ7i@3f2M16Z{PI7xyx6ecM`Fj0k=HahL zp`YIHJK=d!$NPCk{Dp>7?>7Gdb%vqN-;($9*aP;D^YVWDyy$RoKQC%- z9=aHc`sYgCzo+#=@sW1$yB>AyC4I>a`83=PB}rc>b$s2ni~IhzTio;iiub6QET5=u z->>NFFzTo{xjN=yzC$qI49WYr-H{)R{2<8>>lnwqO?=>`@sA!s9ee6G`3LVw-skn1 z_=-hwKluiA2BDuSmCA2-@BeUduYa_-uUm%rzu&}hTbqYV12OIelJ{|MM*e2xUxMER ze_!hOe*2}k@3&jT{d|6}xS!A0u=nYP{_P>uEo%-Tl=XCS14*gJPkmP+G?i9bJP8@G6>hwjO z=i%4G3#E=fFZsT>Z}%_6eY@`#_de^{`@F-vLWj-la}-;c`}XzYJFL_^|zmU&HzQ)1j_aA>e z?PPJ^E^WnqeY%VL_3>KsFyE^%?nue|<6~pQ{c*4-P$#*4ZQT|~-nZ{-;=Z2C#eH5M zi~GDbia%xh-wtu#E(aVE*VDIeW&3`Xqs)Cj^!Xkq?tL~B_w~F{+{Ybb9>%>A>pVsB zzCXNn%6J)!?T=)a}pz5h<; zzRm|(|5r%f`@de?`yVLo{f|=54kMM`hZXmEJtOY(ns4rXwy-|Gf?tmL?vOhEJ>7qb z`}cJ3Z{LUD>*}TyftY-Vpce z?+4<3ezMs-%(n-|-6whPzd^OK`Cg3t>E=FPKhCrl_x+@+xbG*u#eF}y)jafh5ypK` z^4{lb;(lKAA?jR+I=@KX&u8|C`}s`WL(A473w6#k_jT|(oy5J)Rj6|T>O3ZSpVtiW z_RqyW=Ace@)L8>RAO3^X@$;fz#eIMKN8I zF7EXo6!-o4DRF;Y-)wUqH!V48BC!VE73)x`dR#y6->=uz#C=}1#r=44g7|m#;)v$v zp`Y_G?zxipar+|Q1^IE3_x&nQ-1n;&Q0H9KDVDs?>lg7BcIDoUI_IEH!y5m+ZcW9# z{%PXAZs&^sZI54PnTK`jjB)!(-q&p`@|}=>PV&BP3&efh-bbB|sPnJneO^^-mS2Zz z_PLjbn}_~8piT$Ld;i_Uz5XTQzHa@*2M>yU3^EVnw#T^lO5VqviF`ZcS4!U3?IUqt zx1Ufa6LpS0to-`;yqbuwZdlrI=}$}Z(Er(}bB*M^{~N`<{;lG^Zug3}ydjKKdVXad zF15wD|C79r`xf$NA^*MPeciT;`??)y?+Xdzo{2hV`TO!qJv@Kv^Xe-8Se^Js7o$!a z)VWLY-v0yQUVoCfuiO8`tM-iRHqSg(p;+CxyM73xfep9Wtfb-d3)aqsgh)HxM(((L=+^meC?xcA>e{5t!7 zfi~u09a^IPMUwaR&q2Ng^5Z1$uj|ee_w$4&#r<}Cwz%JpFB13L@zv&`|5MP<&yx50 ze~Ekj%68oK_4N96#rNM62gxuG<2J{*mr35o?Jw@*ju7{8?-%#;lgZ{juAiSQg=e6j zucglDmGPI`#Xq|?R4jd;ocKCB>8omwpM_MYZy#fmINIFT&CiotBHs-C^pU*xbCbA_ zd%O5`_WG+ysDCo*zaV+v|JR87`?)ruPE*v`D|xSThb4r`udDU{y5~PN#0*4^D^>{kl!GAzaDK9_v_I_ zxYQ8ic9gu&tG~GKKX;(cv8Xdi@?K{q@(qxGTk`%olP{1z2Klt3%C=WJys^2@*T=ma z`TEEYmi*3fvF=E5uXC^X+i%8VkBJ|CNnGc-;&o1n^$X2I>S*-yx#azJq*&bdhhN2g zf7su?-z?O(r_f6OFOg_xuItke`FiN*DR^D@>r%)2SuO7UtQYtF^Jj6teM#8sPecDl zV%!tVy?-C~ba5ZIi@1+_nYiD+^fmW!{r2T?$@}?0zW5(w;`Uu2?)%Sc;(mU(PCVD{ z?0#(?`ms~huo)A-N#6VUTip9;nO=5%IRfi>iMg+5i^(xJ3i;Z|Pm{c#zs(l+^S95$ z(_W6nz7_ZN*)Cqu9(VoSJgh@4^i$=S*su5R^_z(M`kX56>(f!(`#E3Sx7Psie0!XB zhCf2!4{DQNi-zVP4p6q>6yx;e+{sQyx*EKNTHIn!FRzEiWUC38Q zzPY*YKc3GN_uK1!sFQ{|`S3&G%cYKAzkWr&8uDok%Wp5wpKc!duZsNTlK1Q5wc>t# zoG9+smnq`DKg<@t^p@CPfqCes3i^3h@?QUIJpKlX!f8Od$^RNzKq_?b}YsCkh8v7h6b-d3p;@;yWRA{Ou|7k0QT6 z@^d8b?{irw?(cJ1D(>t2p}4Q}*W!MjvrpXD;n3sDug`%C;zHLpPwqeH{~UU0w1MqE zS4y3Kw#7f{Cw}GBP%)9n5%+%X5U({q)_G9;PJ2FehIz8j(z^TX^T3x#-s`_Be!SgI zeJ_4<^<lf>sEB=Gk?P2cy7q^W0ev+SXaP%DUk7ma{Mu>a< zZgI~)DE{xGvCa~6@8^idaop9CUv96LTQ5HU+PJ-b6kqUj^j+e!8^-;i+KF-eaOvOp zzsZ3cnfvXsZ^zEahj?>aw?2~h<5*vDKaLF&_v_baald{|5clI)zWDeD;<~+J?(4bD zzTf8q$$Ovc#J$gN#J$g7)a`W+|A>44)$D$!uc!Bata<43Ppp48$@}9}SBU%LW;coZ z<5zcx|J^HY_lf4=(q4?aMDjlFDsdn8D{&w9XK^2QpZGgp#eS+ZiB0(W%(Ew*>Y00= z8FBL_no8c!htHDyg_iFwc|Sf668HNBw~71xf^p)0y~q>y`ziCpo7;=xUoj8!`UC6# zf#kiPb>iMn<)-nEL!CXS)4<%<)B9|N{BGpCOWx1J`-pp;0pfl?DU3{ggT4 zem~`PalfCkTHNoaY!LVRDLc)>`uvXh);Kv{@b&Te_An3m-;lpGMShI9-%nW}?(6ox z_=~IJARn8Dad%ce^1mX#NAi9@ zD3K9E-lyLWI$7NBr?e9Hd36$>{Z*`czIj-mU(nBWlK1)}k>8H|M9KU8pef>h{C{5D zkMm1We;eu_+&o?geFpdYL7mNgeSE$>#6MXSZ^y4dou5%Z7rqt#xYY62slF`k^Lk6% z=e1VckDuGj!@Ra&-2G397j#~SnTPyO$e${C-+$VQ`~Gv2xF08niu-Z$9&umihs6E3 z{et+92ZxRmiI>d7r61A%`;zy5J`wkR4sH?uIMn$8bxt(*b@S`##mH|){#MERy4@-6 z>o!N+uNMo&eSKDlU$`*thpWs(|KFpZjgt5J6199J8XNxx* z9>+V!JoNb;`n*!|-cLVq@8=oR*@QaFB=6hnC*(IGfAFdCg0F*buNvaMy)wmpJ-dke z`dli$Zg=U#OMk9159?5jeuhcj>rWQ<^_eE_>oZ^6`&lIJ+v`*D!n;CerJrqR9xi>0 zK6gpp``IV%{j@kO{&A@D4eInT_x1Pfbtm#)Bma!#eS6Ik_wBV#+}HCPabKTp;`OeH z>+qX-xU>QNRBjb7c>iAiBynG#mg2rX9mKt#ZsNYZ`iuW!Pg)K(4}GpjpZ7`L`2 z{k(@dcGF&3vGg`Y^1i)lw2p&?algd4EzEs=e0!ZK?%QjCxUc6e;=Vq2i4U}$<$m+f z&ll(?U-DkRP~6w&eQ{r(FT}l{jpDw&{t>VIZ&=OJ$LLNkTer{A=TYXqZr;yv;@(dm z)cFi`MoHec*DU1MA^)D_eS3W@?%V5MabM4a&WJ_5e_x+k;v?*P*^V|3+v`*GbE@RM zeirg;ksmC1pYIgpKSBO=$@_fY7WesXN1cyR=a@F}Lg>E;-rC&P!JofwC+_FB=ZX7y z;AP@|9(aSep9c;X|F9%BHNiaexdwecCwbpq?;`&Z^500_Ust~i`45pla&GsXS!mWAT8 z?eovqiu*cmHxK=*rDbeT@5{ z<9yBPQ2w()|mgU|N}bI(_a zWfE=S@1V{lQpdkn?;hk=BL9@+eSKa;{%z#nlf1v5dbj`C zaj-Dow=nLJ=Dt4O=Q-m3xX{(8vjTM@bemD3M_)X@%eSMwp5chSSD(>H3Ggs={(>sZ!lK1P&TI3g_pRJPj+q(lg z#E|w`OWgZBPTcqNOT~RXv&9?O_om$}-q?J!_<+kx7rgXmoOxLP*D$Y-;fvruNgeN} zO2-%qbzVjOSaV+o&!3L`E686ic|WgvNZjkp5}$oQm{sZfgHeAW>hF=f*GY7WA@9@I zv#PkSXMOSIwJRpaZEPOa;bn|F82%FcKB?pV%tii1c^+ugps52TKINP4joh)_y`P^yZ{(SCiabM@x#C@IL6ZhwBzcvr^ z4gIV+rSzZDpWh_!{roLHb$y)N0bSyMeVx6}L&d$%`r_VaGw})bzKOHNz5ff$z5mVD zf41arXcy;|EAHFz0dcRNFZCB%{g1_;Gp}@BT!+xlv+;kE1J^V6_3`^tjl})_)XCz0 zf2ysx-=FF(?)Rsz6!+(^2a5astTE=H|9td6Me=?gK11Bk!{>_o=XiWA?(6@9xZhsv z68GDSN?ptEZ%aW`8GBW^L+y2_JThS&x22f&yxDy&l|`;hWy$T`7Ovliu@tn z;|1Toe!F~@xQ~0O_#+R*{rM{MFyBe2{~-Jk_;jh`x62E~{W$!#xF3f%qy9wH-zRzR zzxo9+6#C3V{&;g=2hU%d!Uv1*cW9`XNQ^-J38+6y@?QTH@mANw{bwoaJd8RU;Sa(8 zkUD;U9;ZGUk;-VPD>Lh`;ocZ++ShsAx}W~2T%)L$lfum7I7Z{Lr_{c)|0;{LeSZu77X_hQ_t z7sU&{-_Ez!*)|pTd7UQipC5j%_}2SN2P*x^G7sa9#khCC?}1N}I^O?0vfj zTJz%a^YZ@diTioQ3F3ZU(MJ4>qhs9;=3!oUqo0T1cfn^$9q;EoiC^DwVbsQomjzJw;%H+6HB=5)J8RCAteM#Jpw;!SYF!Z@u@_yX-3;ChQ z*SIuZ@b&S}kF6{2pC8**+}F8>xbJUQi~Ig|i}+0Y@Zj6c!*;n9eXfMx0^cBYyq`p` z7z%ZUAYa?u=j-{V$PY%oyX1X;yGz{bJSG0wgjj3_>gS;T&yx2#zlr;LR=6zwvG?!m zSyMd!mzb+-9@b$H#=Ras5PpZ$@qY4=zZv;ODe@m8e-rY*NZ!};n9F0x=jG$J5g#=w zc{NIOFc0&(5%ot%-s?;fA8hx_ozMmG`{RTS#Qkx?lf*~c=hCzh_s0pliu>b){mnx^b|^~rbHC($f1855 z9eR`bb>itsO(ZJXP8RChO;GYTb5obs ze;vq7aerOJLUDf`$or^or;5q?#gg~eMU;q7crC0*>3c}+${8-%sd3Wlnfv;9osP)c zU4&%*Hn`nYO8WC~yK9*ALaFb!H*3UwyKE5m_sje(?$7g9wS%Vj@9&p6O5EQs(^TBw zFLRc-zh9=ixW8ZKI`goe_RvCdzV}Gp=lc%w_K;69|3ixW@8bS`nc8-v62`TM%93@u z!tEi$q+et1>*L40A>w}AyIb6kdyk0w>o*pdhkop#+2pue#nY2o`q?0MBO3Dd&~@@R z8Rp)n?+@*ew}rYmT`#OIv?yo=jQQTjD zlCYDo(0@maTiaawY=V3T5QKvoXES9{_Ypr-)`%sx3sM8L0>e~dYLML(GA1)F1{o#6Xf4pm?c^LO>j5|^Cem*l#+{axi?&E$a?$_&0 z=3(5n7>sQOKWxd`I}{@ZRRWp59Lm@~x2{mm)t& z+#mN?DDL%_ir1bVW?T9iSMk^FYm{%+Gvq$n755?=nzsR44{PA{YHPks3o(*pa zA8xMeGamUC$j?ZTe^cDI*Sq4rKAXgQG>(I8H4putf^jR@oq6xm>z^d<_1lWydr@h@ z(x1-ep?-7JA0v6MGhV#UQSpBIlj0ZMmn@%{Bc47i`pf2F+zgEShva=;73{$gpRf1R zSiJq`p+>`64Uyl^9vsy99wqMk)p6opzn%E} zLCN+LUChHe9E)+YCGYhg5cm2|i{E>9EcQRtZ-DyiCGT~<7x(SBQ{2CA7vC zkA409ai_z@{c)#8;{LePY2yC+w4UO={|pvSw+Hz~n1}VLjd?AQydMW%6ZiVxh*w<_ zuSY+iel67hTk>B2czZG_^m91!+3>^Q!_9p?y`S;O*F=6siu~Ki*Fe6SJ?W+Oj~AbJ zX#ArL^U!~F)afgE?{kEB#V5jFCK7j{P8#YglDyYhCBAZTT>no{$68F*-*0Fv8b+&z z`gP28z9%DJ75Ppn@)wHx?f4LJ@Beo3+S8M5Chiv>*D3l$^U!}4^z(}52gLPUihO0{ ze}EqXKYCca5dQjL_^IZ)KIb8S5b{^2$loFE`~O&RU!Q#OqQm0(@NDzY=Ybe^ndH6x z7ICk?PrR+Yf1%>=vUNBB_0KTZb?6}O+wns2{p~@H%TT`(>W`DW_n9Z|^`8-c^?|tE zpF{nMsQ;is|G6 zwU@k~Cv+9}$4Lf=`}Q3xp4&a{Cl8s2OZFAt$#ECM?JLcbUL}R#)7rq>S`Kh>n?&vOY-@esuFTb7xX2v?T%)_O<7`L0`y-q*zH|>0B z5bFGaI@92L;IB#@um3LcyOG}w{~ccSj`H*JI-Sfz^f%#ft*?~Itl^CTJ6N$#7{(HXd#Vf6jgP&&}F8zXja^c(IZ%Q5S^Gorf zk;!%v8&Su;+9dgl+M~<&>E{pW;$FYAc*iyI@4K6a7Jo*c*Gt~(=OMop`S;*k;NMCe z@8>tlEv}VIEqvua+WoN{ zA1m(HqvyoE{sM8o9xW9=XKoyPrFpnyA03oW@Z&rs*F6!`*i-(HKweSJO^Ke9(0WP^FQv<~C$lDyYHYHXaZ_Mai%(LOi3 zwRtH0DeCu!uZ2Gg{{;S;)c5cASuXDL{ZQPWuiqf<&)4q~_wV;P@ZPfR`!V`C+T7Q{ zUw_zG+|O@M6ZiAm9^$^veZ+lUW5nlOkld{j51NM-i_qtE$$R||k++YwNfxR!u57*^ zp-w$>pRf1R9QhBCKQ~3bhqzy_hl+dsQR05R9xuM^xwsCGnuk{GE#=8yye9c;Z09OO z-cFU0`7Q8OnAb7)m95YF@Yd$KKIbF<9`e_v$d4BH?RB5Hug?te&u)u@%rOs_-o>~p zB=7aNiF^Hj#XH$a;(_;X51M+Voe|d_0Uva;_j}!O$dE$P3e?~mZ zzQp4>^U%st^s`FxO+_0u7yEpMrRHJC*D&s`z}PjBitTBDxG=hYsJldeY~F> z z4>oXqtdC1R5k$+R%x7WMkzCN48+q{_ET#2pbVMsgmPyV7pUitmp>z^d<_1lV1 z92e_%HV^gZU|z%FFTe}n&%=L$&xZeNuIpKOV)_1k|7mC*O3Xr?E8x$;Z;?7a-}{jN zAM(>uxIb>h$3dDYjbZx5{|7c}jWvi)ra#_a;14!;xrEc{V(UpIeTy+GX0&kM!< z{JcoqA6MUO9)`@vxcemUkB3*9RDOH;3iu+BWR@-+I{CV8K4#YfAwyM4t}a(}36?%UDxjm0aE zj<+wZ#Ql3=E))0fg&81zkv(`bQvAWMlkFs?nTIJog?a6OPk|rwSo!Vl{U0X&)$OtW zW5rv16}_Ff*Xb?Z{MMMi);zTGB>H($@?Pg<@v9Gs=S#1n&J(D!1O7O?+2r!`P1K3& z)>_=hy+l0I&eQsshtiW#|5nL+{U;=UR2(+(68tgLd0*;yKffUVDDssaFF!BOA88(< zlaOzoBHts04-&u0ZiI)U{v)VA13nSHMC$nQZI!qm-@X#}K67mlr|AOTG{V8vV`}%w!?(4H1^~a-r#V7xJf2d;~ zq7NdUks^O%3LhapseLSV7wX$f6Ow!S^YHsIZlToi{dRo{|6aURrC4mY_>Sy2|9{Lw z>OPEn@|3duWE{Mcx$YZW-AE#fs7#qn-84@2IKaTmhxf^UQ8!uOvV>uH}y zn1|?S)@X&a+G<9+Cz$^|5y6@U&;GtN$nN=hcPc zXSIp*d|&*EuE}X7J`t~DpQp55e0I&))KB7mocz-~q=upYE2foSXWt)&i&wPI+aGNn zN(@Dv_a*Q5TR#!^`dh_^+3{;9>feg`2j`dX)9aru?)BS?*Pb5NvzxfzKfOx4U7a|1 zKl5hjKbqfDM-1{jJ_x)}E8RgffbDKDLW%F?9CiHWbxbJUQz;8tU z4yo_^+auyWuYB<}wzJPh{Q;=|ndH6B_u`jLkK274>hwpQBWIRh2d{Iy_=eW8PKJ3X zaRcgPOWy1B7x(QlT)e{Xv5(QH-w*X?z(exe=B59X{w$F?uMdcI-V*osUwk0$w?`Yq z{q|^^xW8Yc(*NQ(p~dUaXFYR0Uuuf{wa9mrygv?ezPLXQ(^K3Zhv_TskHZWT_s3!G z75DddOfwHHUV}bgmAr4?)yQ9s{H7H7UC4(OJm0qCAI2QgR71z@(@Xy;{TVBHU!RHMy{?RlG+W%i zPy8M6EPL|d6LTMTmEB%!mVCj1v7cYWUo+n)?)gfy%CEoYtBL#fiC-)3^BpDLxpnO4 zUh~kuJr$AsMUmwFcI``XufIe5mRhmzy{KpFVMuB=fx_@8jN; z!XFi1+&mVWiuzZe{wI?6`kTdz4vNRy?Wofmb&h&I&MVO6@RsI&J@Wb&r0`zietf=0 z+;2CBiXYrCUhnQS53O8=ein%P?dC`DUdaC<_5F6U;tS=sqtB~`cX)l#r=5OR@{%b=ZO39_EK>_-u4ss*M+Q z<{^3k^5;t4`|l<0{of$&{ojT9-BJGu$$LNZkUt;!w^QWTA>R%8e~)bB2N@Bdol&qID>iu{Afht6KK{rP#x`~ALmB){D9Tg7wC4_Z)uzFw!1 zd1x^tMq9p%_zC9yQq;Le@@*_XTl~k9O9v_ac}MDewJiD?aqn}x)Y)Zqsu#q0dH>Iw zH#7I+fY)y=?)7_0orP9sr1iF|E##zUnX^Ku{v8M?~iNk6ra2!&a?W9W%KQV z{pxsgpYP1=@%*H@_?PBqh%d440qh{|@2|gD+}~e+gL!D>T=X+q^7${tekO|h_3>G8 zzdpVw?(hFvWgdn+2jgy(yk8%8Bi|YMsxQU$^mX%m1M?8=g#76#@}0!}amC9~rz7eN zmb^dCIa1vBhcV**IOlkA-(FM2eS6IlUsO5He~I{^_F}XT#QptZ8^nFSyUoK?J7B)G zUQV&j;xAQ>e{_m?tD~ZKH4m5UskPGoE4?o)dEbu1k#C279!`;8hI}USpGp3brg4A% zR{V1FpTsNf7th1@q5j#ZUvpvk_3`@k#Jzqaaj$=tc_`f$^?OL(*QY=7XCa@PBL5ij zXCgm0MSeN*_7Gljdwr22za9BAP`~0U<=4miuVWsfrz4+{BHs!5*2rIxB7ZaTt&qP* z^8P-8$>P5@N=`R1P27)r^TqwRw^V%d#yI!~;_o~k>wj+^QV&K-{`;5Yech_QT7EtK ze7m~%=Re2&yqWk=d$CUo@#E}!G0rv*{hWq%yGZg+*m-z%3hyuO=i3j6FYg#9{epQI z@>GnwT=KpSpCR88`Ryt4``PoiA=(1@I_7#iax(I#Am1rP{&M8)p^D_h2B*m1i+l#^ zKb<1~Ci2aYUnhCrpMMnh{kcTk_ve4beSfa@TKWCW_vfR;eSbdHJhXUsas}c)-6ZeZ z@k(*upRW=BvpDvVE8b^c+|Tb3|MRvuZk~DQ=VYwg49Vx&{`_JJUn1`N^LlaLpZ_us zLpH^@H5Qj&PhW?|<{{by`L-$Y7bAZX@&i)jA5Y;giN8J~_P4}5ls*ylD=sPDzd!C* zRov&*Nc^4lr3FiWnwp2wC!l^u$$R}<#l8NW;vy%7i{(`vIUm>1%bS$P!E-|0BhHziKG%`&BFP*|)^?Jlj09at!(zEbjYN9y}fS0;%u&)mr51 zBfnMhzF+MU_xm0Dzgd1A{C-CRabN$=;{LwQ%fvUgi0g2*d1%o#Rq6jF5;MimNNOVS z9^CFiB!6?nvhsa;KP|)u{Ty>`%)_|#us&lY@B72U;$Htb@s`KL`two0F6yt8yx0F- z-0S}%?)%$8h2`h#`&(V{+w$VV9cvz1ITHO`BJTU!t#Es3NV3qQQs4KtSCKyg^*@xn z?{A-p`*G}`<#Ar2L~YcmZ?5NKCyD!Utc|!I$GVF9aqK$tFk~%^d%NU)yW}B%IP$Yn zdkIw1M@ruJt1;qU|0(hBK8}6NK>Zr%bBW}= z{#J3Xzf0Wr+rPzqzfF6q{5mYI67OFhVIEqkj(*M)_x-j%JPrB#rT+i#x8mOa+u}{^ z^%x(Z{-LN}Vu0%8QP@)>@jF7yq^WEZJe~S2J&&EEcqkdJ?Uo3gA zzeU{Z?-cj#xKG@-(!k*lYnJMxYB3}{p2TR@` zFP(|}{>X2Vy!Z3B_~skqA60sD*lrJ{|A1Kxv#^!m&U)(68CWj zi~Ifhq2k|t7mpiHiBGH@>rWGJ{CjL_mU&o$edu$UUt8Q? z*WJWCjQbbrbdbD1FLOQee`;=W&fChqmW75C%hcJcXE z|9A5+-@WMn*wz2NZcW6!{u$ysm&Kj8y?MCw2kPfY-uoXR?)Ars_gWF_PeA=WsJ~S5 zUVpXt>O0~etwo*PsIv!dyJqsYZ9ju{~o>o{vEtX>JRG}fBB{Oz)Rz}f1u7L)M@@noOkGFBm5$B zpO=5nX)f}`$j^a)3;!Jc4g3$O@BLR;8~gEbz5izBp-+2@d$QUM@C~Scztr*m7a_kM z`AzVz;MG1YTc0oC&CI<|@4vOU_um(F?4{(%YSZAKqkf^(@&127K6EzMzHqM6y7KGh z`{Ci@zCSk-_xgyrc%8c9pAU?=)69LoS6ZF(CGU0ami%ic#BrZYk)JR58pp@{$`twU z;CoB2x+`KlQQ`CQ^YYhORTrOsZM?o8CBDF(*FI5vwmm7))jX`jIvX?m=NifTIt)kN z-U^uftA|tMry;)<^)mO6iYKu=M94_{Wiw|IU;;{<^Yx;&tc7zF!sh z+vRt}{dW0h^Uy{S#@+AB^6TK+rLwqhm&3$;yBsC%+oh?vZ*IQQpKa^MagQc1#I{S``>(g5{JM3v`8GB8b@T0YmbmxXMcn(m zMBMwl(LD6|fvtV`&)t&uJ|9PZHS+UQr< zuh)LOs&5|V`#$XqAJmP1bWMuM@yXzR_7VX`*wUm+_&Sa;=Ua} zkopH%{qH32^E%?2^84FuN5*+IGxzuSYG z{F5So$fol9kH7!!1aYt5Ui`tgLuZM^dFI~di8k&?@wqi(KNF>n*MC~v`*}&~+)+K& zd0+DNUWxPhQoLHb(vy+WpDp6PA6EOWY(EMA*Dx&^Pc$<3{lx2^D(>}1NS#*?jdk); zL7-)Q^2{6Zgk4_KExB81=r7f9LaB+$3IZB0kvO41K1!-(Tx& z9@-99-PUosi3^Yq=Ydtsd%(ka;Hihl?Q)%XgHxgpg@-zJdYc#p4|RU;8~cAq{D|VX zpi{*++llEsbKh?tsu&wxA$fm1;ZwAJgon(_MpgG zssGqP@elSOAL^WMb*lVOwjT!1Ha|w(zP>w=0T1K8urF@kOz~FL;)cl*_uG*^;(j|a zK-_Of-ZKxQEw&!Rf4-HxAID0Nk28#abl{I=^9}ts93A}#bKf5_A}5+k-q-mo$!A)= zxA=MHH%T48Uo%?rt1LfF+#mB@EOmx#kMns?{MqKElPmrCT-?|HJ8@tC5^-PugMW(S zg!NgJtQ`MIH}~ty#rEQY6UF`gQ!T{({ZnU(cdHl2yTm+<`zpr0N%B7KFmWGuw78FZ zpSX{kZyv^d1>-J~yzg%xAiog#?^5LVBL6b-X~`iqHQ&{{6A$p}s%X6^6N3@?QT6aj!o>+|PH1p#FUHKST0ff3CRKUm{+7 zVJx-+_2;4fF3EfSed1pKke|!1=Y+#zu^Q%KedeNmd&ztKuHs(*GV$gmalEThe-7$T zki6G_T6~us_x^`E&!f&-$$OoR;^VK6{cJ&<*{D-{Tlw|zI*r7SofG%lrsiSYW}!}R z$$Opt;!nL6|7bAkJcl~dB%k(j9Cx<3*MC)f_^>#iH&K5k>aUZ$*Z&py8OR@Cw@ZGz z;N#Xc59=@;`BPHl+lu@BkxNnMS=1RQc^`KS^7+V5Ns(WG{50g>Ns(WV{4>b!Op!nE zm$=?x9iB%1Xmee+7RdW!#^KM-OOd|{`KM5SSc?3E$WK9jdW!raOYer|1$F9kYAM||1I+O zBELIDzVgnp^%;wN19M%UR>HseOe$t3jLgyB7YU~cOXA3MShI9KR)&h>fDYx zuSnk4VHNTtk>8jizZ>}x$XER>u8*!m1M_g4xefW#Q{+2|`|;{Jaqs_5@&5KW!&vh$ z?r@Cz3fv#72*3V7>UjN)$PY!GKT_nY+Wmtt?k&hSG}rZMF7Dg08|n-}ooglUecp!r zVB{yH$j?MR2l>}iw^1H-+JJ#6!-}}i);u(Fz3YLCWgL$|#Fe&k$>)ljv?@Ez>SlqYc^Qe=JI)#$=by$b|Rmg8kk*~0~Y#pvd{s?njho;E)LB3;(e3rOx z$3f!W|9#>eE{XRO^UT9`yaMAchxdkmA$7d|cH}QdzT%(%eZ8n-9>(p3d`61=S>nDO zd!f#ys540N-seo@dm{gOihL3BmmvRRiu^w0dmvx)um4_$`+ky#I`$A!vf3=k`?|e>d=|!Cny^C$3cz|?|oVP`*icL zZWo}Rj*@?4eB95wA>SSOJ0KCkD+{rTC&;(q;Ii~5~Wf2-uZ z{%&!vf9gMReRLh#iu-=mO}xd1xDGwc!#a0DKX<@8z$Zx^?{k{?%z?4~o8q4TSiIOC z_xsX3^wS>W9{TTp&$og2kUrrrOF#3+JX~s*l=x4!&)z0OPG znImG~OHk)*)Y&R|ud_?sw_}AwTvy-jjWXkW4>k{%+M<4Q_*w9CrH+r=2l+FRzcodE zBJypJpPeGV6!|ld|1?E@3-YHUpQuoN9lZa;&BHphM!rdkd^_Y@A>S)S{$}J)L;ju= z`6rP-75Rb``IX4GM1Dhx{0`(>Ab-$)|Ghp(nTPc`1^JdK@?DT`j(m2C{7~dGkRP8S z|19#&kbf;j{zK$XM*jO0`MtTQ<%xoH%Q*M<5uxKABDe6BzB@s&7{PC>K{-x-x~1K z%ynK_$X7?cUyA%~$RCRQ+wf}e^-{;*Kl`(|zkfFEz_R|UqD~ueU%TtgeO~@~P`Sug zL7m4X@BPdY_kP}$I({ts1zs8TE7|vcct8Gr+r!2E{kA8Xhpig^#(&yL-s@Z_?sfX2 z&cR-!^uLe54}!l5KM=l8>id3p=)rNj_`C+$=Remr5B(p2IvwGa;Ju{Is!g%(RpR@0 zMDK?>6;a2>3jOSf(d2K_EED>P*SHAjaMtnLzL001naKNCf&4yZ$aCGY!!JvJf^(g7 zk{X@cB^S=^o(JcCl@I6sTma|wr4Y{RV-cL!-(onA10`@CPm&WY{au(Zk3aqyS;74} z8cL)GDE$fl;qlf#lQuYy&zZ;{6aLVCvfw=aXTy*6aOr<@;Jkgwh4XeQ56;`od^m4^ z3*fvRFNE`apa^~<`YeX?{G`MoFWF8X+>cdZm~=SL-!kACA!t9DaGp&xdz`7r@Vh z7s9*3i{Rbh#qjgtCGhU>gdN1gI$r>{uh&g(mn?WX@)yGGF7r`gOi{X#JOW>2>ev%#5`B8Y9 zoqPv>44w|349|c+4$p)?0ndUz3D1U4f#<-Vg6G1g!t>xy!}H})coF;~crknpyaZkZPgITr9XuWWJv;-x8J-FM0iFf_5uOeI37!Mr0?&nSh3CP4hUde# z!3*Hq;f3&D;6?CX;l=P0cnN$5JW(}X2!Onn}`#fzpKbJcT&d>MGhVyg9bKv~k@?1DS|2z-Q&uPzx^Yh*d;QU_sa!a}_bLz0@7v0U^Lx7r;Qaot zLiow(zX;CncPoZxAYTIK_su1$m#sg)w=NBCA61YHro;I?dKqwjA73V%-w&7t=l3mU z!&{^O95}!KF&ED7k<5eh`zZ6_XQF-qoZpXG2sGLyYzsk!!Lnnz1%16>DCJFIN|`@z%UH^4LC{o$GL z0q`uiebq;Dz-;(U$mhUshUdZu!t>yR;Q8V0WXHngqOho2Ty*uSm{y+ zdJdj;MA`b!f~Ui0!!zK|!!zM8z_Z|U;MwrG@ErI&crJWCJP*DAo)0g87r6bJ{u{gm{yRKzRN4CPhNr>zz|-M>z%$@`;hFG1;aTv%;Mwqf@ErKx@Lc#m z@I3gx@O*e;zc}~sZvnglyb!)0ya>KOyck{)UIMQKPaIvg{s+L*;0MCf;RnGp;0MDq z;fKJp;FaOo@G9^ecvW~Vyc#?YekeR2o(3;~SBDqEYru=(HQ~kZ!{81FGDB0LR#5H0q`{Vjd1_ostTolb`v}U`J3UH@PY6w_#k*T zJO`cw9}Lfh4}s^wZ-M8-Z-p1Yhr$ct!{9~m;qYSkZSWGfeMCZB_(o;xKN9&g`0em? z_#N;J_?_@f_$YW5d^9{8o(s=`-v!Tw-wn@$kAdgI?|~P<$HEKY_ri%GUn@cpCgccshJMJOlm^JQMyfJPSSno(<1~=fEezbK#G`^Wc-<`S3^K1@On< zh49JnBKYI*V)zsA68MvFe-nN%0J-1}}i8!(W7Fz+ZxA z!e54G!56}_;jh4R;IG1S;fvsT@Ymq^@Wt=~_!4*_{B?K{{0(?9d?~yH{w6$eLfQH+ zgQvj@;py<@@C^70cqaTUcozI^cs6_`JO};`JQw~hJP-aJJRkl(ya2umUI8{&xQX8&x8L2&xdb;7r?i|3*kS*i{RVf#qjO$68JB0|InXs`}-?Atx4H-DS`X< za)%cSM_LVlt0-5l-$Y;Up!L#8_7#1}g(-x$K)wjx5?%~H6F`nT4EShxCOj9O1-}cP4Zjyd!Smsh z;RW!=;f3%g;6?B!;l=PN@Dlh_@Wg3l>pvBq27el!4u1xo0iOoXgy+Mv;LpOd;WOYl z@R{&j`2XN}@aN$9@LBKz_-uF~`~`Rsd=9)AJ{MjBp9fF0DqH{g@HF@WcsjfQo&kRm zo(X>mo&|pyo(*3J&w;-J&xOAV&x0?5=fhuv7r+<83*k%PMex_*#qc-aCGe$i|IqMo z{_`e0t##RUSq4vs7s4~(%i)>u74R(hTkvf7+wdItN_Z~(9e5u6U3fnHJ$M29eRv^! z6}$+(8eR!_AO0o00R9!c5WXH>1m6HJhJOt&fqw%}oKd#^-@?=2#qf0aMtBB%6Fd|C9Xt#E zJv1;fXe7>t6y-gYST+ z!*{|n;Je_N@ZaE7Xm_psN?J}utcUdLG=KBqy1x5S&-^Nyd1KV|1bTf{##|4Tg2*0EZ+p(y64xfx1~?|0C<(8#D9ju zeV+-x84a(7yubG|{Q6M1zeh57b-2HmFnA5PzvnJ^P56reN`JzC4om)D{KwzJ6}%SQ z-|G~-Hr(G66#N*tzjr3M?NZ6#`g=@*AB()d7bCd6#3}h(f6qd2d+ANmE7(pG++Grr z^vZC1sY22Zhuf~4^!jjnYB%X8!0jo=q_=?EQ(;Lz3vN%*B>fz?J#~=u3*q*VcG7#p z?V;AB`)m2aeC;8?qz^*g9-2z}2)I3Dl5~F!RjA{~qVNlUtx<5hiy1iKugM8+SLvib zi~4p-o^*e0Nyyu&V$%IJ7{TonCh7iKh2VD6nsk3oKe!$8lkU%b2e(5>()~H&;AbW! z{^QT320sh#&p8Hf3;zrAIvZZej`<;<2|pCx4qgY|9)2vm1N>xoCwOakXShGM9Qrv2 zem?SD;FrSBgI^8r3cnHF4epOYg>lb^`(ri1{kAOp+8@&hen9~H@%#S4vm8tR>-Uj^ zUkLa6n87cC`+cAe()Ul z4e*ih{_uO?1K<-U$8@yczsu`04P4 z@DA`-;OE0%gn4 z_-gn{_y_Pc@Q>hM!q>pRgBQWK!#{@afqw$8a8SGu_N%q<%J5I&hr`#w>%%{Xp8)>? z-U9w5{4Dra@N?kn;TOU;zEqnyL7(NER5&jT-6Z~=bckpN7-^1s? zH^X0n{{UYG{}KK^{3rNY_!jur@U8G4;XlK7z_-Ewf^UacIyhbk``a(@L*c)|>%dFk z$HI5OPloS=w}$V6w}<}*?*{)J-V?qXo(7KN#Kseh9n?yfXYWcoldiyej-WxIZQwI`08L6!|ORY4HB=>hN3OHQ;x` zYr@CD4}(vH9}a&CUJL#|cy0Is_!02M@H+6f;QrWnSf3B!b&>xZUJt$zeiZy?_|fp) z@cQrymBZ-qapQD&75FjmTJQ$&bojCG6XE`te;BVNyb2_^0qw z;orbdgZ~6?1>Xtx=V-!w_rXs`{(vgsw{d?v1D*zN13waeCcGj1EcnUrw(!>Qv*GRG znecA#cJQ8Xf9@&FCmY@Y`2p~b@S*Td@X_$j@cZHCz$d}ag+C4N0-psx5B?&&EBtl1 zKc^PvyApmr@@wGT;a|cpfd3zL_XFS6^gnQX6ha6^zCsv6X=|$%MSu25>+fnylj_sj zKDBB8+CE!FNJb%qkc1FI2qAvKQ%^LLx?_t%5fo}cqM z_uPB_+;h)8=iV>i+3;=fq43|}!{EE^C#f>aRW5vA_;7eDxV|SS-#-dI0^v`D=fTt9 zXTy8IN5ap9p93EX9|b=LJ{mqAJ_cR^_rlME=fi8^Il8UkrZ~J_Ei2ehK^)crBdoF}W1J0pTx$Z-&o=e-EDp{~dlgyvYHw*Jio8 z0=^&oO8BAh+3=&`SHVw)Uk&dJzXpB=d=5Mdel0u)ejR)?T+exs{hR=wi|~`+H^9$_ z-w3}9eiNMUTbT!+kMK9c7s2PlABNuoe+s?;UI)Jw{wDl3_Ua_`UEn_+oeu_)>a>Uxtr` zzXCrO{wmxLUj@Gq{u+E1{B`(s@HgNK;H%;Hz}LX}KAkt=Pb2(W@H+Tf_?z&z;p^e= zz`uaM3*QD`2mcNJ9(=ch>~i%!d|&tn@K*5k@T1@#!cT;6fTzJfg7<)Lgr5oj7(NvK z3H%)Rr*I#96TBS$8GI`IbND6jFW^_fH^Xm&e+j<>{uTTI_}B2q;alL(!@q&Q2LBfR zF8n+A$MCK2ui@L^Kf=F<{|WyAzQ@6KdD{*@0RAKVF!)dKW8pu;JHU6qGvL3#d&7T) z4}|{)KMTGSJ{JBv{9O1Sa6kM{_=WIY@LBM`;Mc+bhA)8s1HT8(iN$;`lAb#%IrTKc z@4ma4ck;6i-UR+8yeWJ=d=L2N@IB#M;d{YX{K3xA9zc+o)aq} zkAycz_;&F9;GN+6!@I)|fcJ&BfM>%GgpY(D1TTai3@?MXginF%xxTW$GvJ3H{A~E4 z@EhT+;S1r1!|#V5310@+bBrZD&%xUw{3`g-@OR+Hz&FB=g?|N4hV#8q$HD(V_~YSC zTS;oo{{IQ^{o(E4t>Jp^w0!><_(=%g9)2>s3%otNC%gl^Kl~JUF1#ar3_Jy11W$!m z!aKpI!S$SQ+270H=?KsFSapWaNBA!AMewfhhu|6TuZxQ})_1O7L>C%oAq5}R4xdchBZ_lCED_kkY|&xEJIJ@8ZEec_pKJ%?Y? zHyGXz;q%~G@Nw||@Dlg{cny3Yd^&s({0jJB_+0o9_-*iP_+q$Tn;`r97;`;b*|d!n5G{@ErI!_-J?md;+`>J_)YZlF0s^44m%=B&uYniAZ-y7c?}DET ze-J(q{v^Bv{sO!d{sz1Z{vKSfk&*rV6kdVw-@qrqe}-4W|AJS+_i8O$G0U4DejvOW zemJ}aejI! zxw;D89DX(Y5coClw(vRdli=6F)8W^_PlsO*?+2d?9|pexJ_>##d_4Rncm;eO{5<&0 z@LKqM_|@=R;Pc=M;CI4rg+B+ zJ^Us3@9;W!lf&(D^)h@v_$%;3;jhAvhOdI341W#Y8U8xFC;Sa~fB0&6E_@Aq4E#-a z5&SK9C44P>8vJeeW$<_4d_Um3@c9V84!#Kf9{eHr`|#!P58yAt*TYxCKZL&z-vH-( z20wy-i|`xaJK!I~|Av18Z`Q^xZ=b>sf^UMifqw=+9{xEz1^xy6RQP6iCj3kIVE9+? zJowk}aqunh68Jap8u+(xzW4Au_!S7h6+Rcf4SpN^d-!7b5Aa9f+u9e-7Rrz6#y}{tjF}3qp>=MtDbr{~DeG{}G-F{}bK` zzQ<9r6|-EW!4H6^!w-XZh93*>0`CCt3hxTn&$y6u^n!Oo_yO=!;ltsl!M*VA@M3rm zcoqC~_yzDY;4|Sp;n%`@!Eb@u1FzsXwdWK7@YJ>UJU;OelC2Eqmzt3Qcm={1W&-@LKrZ z$H>;r_Ucmj!SKuAN5E&oPk_&Yr@}9Xp9a4I?txzk9|E5ZKO24(ya0YRycB*7d@_6v z{9^dE@GIfh!Eb;&%wLFpNIE>uY?bRzW^Tre-WM! ze+fPjUI(v+zYMcEBGw{{$m*H#RZ^7S$e+YjI z{snw3d>j02_;2uc;JY1Xm#cT-`@-LYw}QV9KMMW<{6zSAcpCgecn|mn_?hsJ;6vdX z;pf0VhWp^3z{}yE!l%MF!7qV-2EPjaIs7L07w|jao8b?@zl1*y{~G>0d<*hJ@0GvRcHXIS3b z;rW*Lb+}$z*x%uL4cK6Z>orcp9In@FoaJymH+`hTTkLK^p~H`}yx8ICmX|p^!}2PJ zXIehR;R7wdz~SduKEvU~md|wf6w7Bj{36S*b@(jHZ*;hxOL2?C7g^yKI$YoTzuV#Z zUiJMB*Y|)QcDTMLy3FDF9^q3C*Z1U}bGW`2^^(K&y^~cA-@~e7YaHIf@^>75wB;W- z{1nSKI=s8(pE>+Y%fE8?*_MCj@G8rf%lkXL#_}N!zrgZbhwJCkp6&3tR`@XvUub!O!|$`a$l=dg zUh44IEw6O=ddnv}Tt8=an!~qP;V*XhcFQkw_)g39c|e!Lq&>{?Fvk&oFUxOmcx%h& zJ3QHPy~bI`-_i0#j__SA*K34z_|q+a$Pr#YXI8JV)!|24;g>tYmsqaXsOs?NTmGUW z{H2!bHJ&=Wes1h)NBFy}@Oq7;4*!7V?>oZl=f>(ahC2N7R`^Yh@M|pBYxH#Z_bk_I z=(K-fxnAR@{U^)y8Z_;HTCUfKX>YoxSswHnF75jHuuZJI z4)1FDp$_k9c^iihwfty@kFflBhmW;9#d0~^R+TVzcre^LG=`VJttbq?48E5k<_|sh zPvW;8C1`x0=TM1TkAgE?&;1aWW2*n`W3}tz)+3jUk5b{*BXbPbV^b2|dbEk*`WjH& zdNhUMds#a#ZarGS@E&k$sjlJYzz;IS{4o`7Er~NexCw48T{655ZY>2c{B!uBX4J;d zy{*iUbRG>q0e%deDZ&gV`i!}%QPE4}-Ud^Et*H;CwEzzBZAMA3{7G5q>p11^yj86~4Ds=p~){8b>~E2Tw!zzVLLo z58fGm30z+*$;WrXyCVEbcn17acsKZ8aDB}sAGfh8t?bun2!ATPJ3J5G16~8y*KYFh zHSjYKelff!`~`R~_y%}y_|Nb@@U~W?Bm3oncZ2tZkA|NKzX_fNe;D2$z6L%3{v&)K z`~a&FlynY)w}b0zRr$CVd+?`56LBt1U(De&>|!SD(25_l2(3V1R6VfeZ5AK)eM{j8I#q_Y&B0WX8| zd0gf2OA)>TeiwWa`~`R={42N~Gm(#vw@&tw&T53ugxA2!;gjJv!u8mTeEbA_D#EXW zp9lX5em?xr7UnOK&S~%w@C)J9@QdIJ;nU&I!7qkygwKHg1HS}*q}551bk@Rqz%PZL z1HTMD6+RPw6MPo@arou%ci~sSe}rENZ)tVrB>l7Do#0o&v*B06C&90QUjv^5Ukbk# z{wDl7cw4J;De1f(emZoGw2 z_+0n`gufDgD|`w3HuxI&?eOp63*iT}GJlcu-vLj7-w7WIzYAUtUj)Ajeh+*J{9gF$ z@Wt>i;rGFt9Af?=>3;yu_2x_9oe};)IM<0k1fPKL55u{>dnx>8gntCS68~ik^Nc*?*M-sJ^=m%ycqr@d?tK%`2Ow9Uu3&_Ojx8n{6#Z}@pAfZ-&>vzl6_)e+7RW{x$q7_!juyspc<| z&TruD;oriu;orfl;9KF>!neU6hJO!V1^)rQ4Za<|ZzuB?N&k=VJor!W8u-ufx$qtE zN8!J~KZO4Z-wFQ>esG%ki==ZW{51IQ@X_!;;LpSVgntI#1#gya{vzA`3*H|7H{1*V z2R;j)B#~KvmcVy|{{-J1-m$a!MWH6}L2!MqNkCP zfFBR45OP;itfh z;2q&lz*FEG;QC&$Z0~P)CxkzyhkRUbe(@J-j=@FN61hzXv}Z{xkdx_eH^DvdJ$uU5&GhtzpVZS};}mr!d@#Hpyd0hdpAXmf`X%P&@Bs+_ zA$%Zw7km)>=w2!^^+#whd>~xUC6I9C@N9&?3O*G65PTT?ZMdG3An|_-ACB-%ddsI~ zI?sZ)fscT9hUdZa;Cjx3#5)T<65;QGp96m$J_^1bJ{rDXAK8kTem$o`em?>3MfhxZ zKHLu<2cHKofIkf{gs+EBfd2?Dg71?lsWsDI3_lirF1$N@BHRlvfnNhJg+B-{gTDeV zhd1@u>8yYs37-T%6Rzi?NDNi*Dulla?uS1MuZDjGuYvE?*G{LN>mqU-dKU2PCmWPYr1K`u)#qf*aGvPDfOW>El*TQSz z-@`A3H}7YsQ_lqwISD=!;fKR#!DqrRhra;70{$iZO8CB6c6w&RPlR6u&w^hKKNo%t z{A&0d_-gpI@U8Ic;QRHr(|JAoWcXZo7W@WyE&N9K6Y!hh>)`X?Kf`Z^cN}1+b3Xh= z_$~02@CEP_2HNr53hxKM4Sp{CcK9s#Lij!KJK(Rv?}UE|zYE@Eke$v&@Zs>g;WhAk z;B(>k!XJe%hHrr12j2<5AAZPSJDm@}JHnU12g4tPm%|@|Uj=^{{s4R_ybk^d{A2i| z@I8ju>30d@cMv_}lQ`;P1e5a_s$j7d{ET4t@pv zJ@|d__u;R@KY(w6uZQoMYp3T!_)+i;@C^7z@UifX@C)G|!xz9mfj4D7x;JZ5%8_> zYWOzz_3-cEkHCL`zXjh8-v<8?zV8S-{XfAw!heR3h3|kbg8u?v1^*TPHT*YtvphRJ zJK-JRzrzQ>|A3dm|Afzh?}9%B{|o*W{BQU+_&@M{&$iQ_w7dCl`Pm-68+;IacX$b0 z&$X6#X2P2y{KN1);BUkCgntX)3%>VA*@}5xqvvwV?$&2x-IehD5&jeS0r218dd-={)8ZWYY3|p72!A?U&qbGT6W|9U{497&_&xAe@H+S* z@Gs$duDfiv$td}0rn5D|C&Lei4}l*EFM}TizZ~8c{s>&prI&QP3qJkz) zWu`wF-X5;k{7Ja}a6MOFya;{*;<*^!4n7}#BK$@8N$^eZli^Lr$kxsDw}&4G?*Q)u zKLwr-?+Bj(*J}`Dd-uar5&k83C-~>^Gnuc4IRkA`Vs70r$esf{%q)!}H-c!^gp&f)~I) zfEU7d!hP_z%hT*L+C|513%5vlQV|;AQZU z@N)S1@Cx`{@Ja9&;Fa*t;Z^YFMRq#<@DA{5_yBkfd^~(IycVw4#LE`%g-=EJx8Uc& zx53Yc?_X@Ee;PakegXV!_=WI`;d+g}#C$t^I>N7nUkv{iJ_Ek*xpq1)fu9Jkh4+JB z3Lg)@41O_uCVUBe7W{4a5_=E7-@HgRC!M}%J4R2mz$A1kx1wIFU z7W`VcAATKtF8q4<3iw?32KWu|KjAmRk1Dm(e-pe1d>%XxelxrVJ|BJ!{1*5_@CESI z@LS<~m)YsO4W0(S9i9tc2(O0U0iO@Q7rq?67`_pHAAI+6JDvB#+rl4!_k=Hj7r`Hd zUj}~&elPrC_#5!0@NeLcz>lx6)Bh+u8~zx45_}o_X87aqC*e=P*TbKL?>@;+&vN*& z@TcH8@TcK-!JmP@0AB&$34a!TNTr>g=ipu7&%@7!uY_L;e*u0E{6%;j{3UqDDmy)O z@R9JB;ZxwRz;A=U3V$BH3cd;c8vJkg>+rsQJDqR93*oEbGvRCCPr~1XzYl*4zE`!q z-L>%c@VDXp;qSnU;P1jOgRg@xg1-lU5&k}W6Z`}CZZ&rL*Tav3e+cgZ-vB=c{t-;z^k%Kh1HWeGz^Pyg7Utd_VYn`2O(a@B`rQ z!}YVQBpo~82O|6t7s#h(IuC;PfFBHB4sQwn7~Ts0H~bKIn+xsj9tuAd-Wr|=HXYUEs&VyTU#240r*& z8~kGUsqlsH)8Nm;^)u=ug&)IvApD>3)8YTAwfE}`csF=Y_y~9}cs0B?d@j5X{4sbY z{B5`g{sX)(eE&=B^y_ExiFAPXL-+ykEO;@zKYSK^0Q?^KK=^m?LGYt4v(q^kemZ;z zd=xwzeja=%d>(ulyva;^yE*Vv;JNS;_;C1a_*wA#;UnPh!Smod;Ag{6nPsPQBzy>b zG`tEv27Vjd3ts^r3;!6N4{vt4ogN>&JA6F+9QXwIRCp2mCU`OYarn9LwpZBcnFt>P zFM(eOFNH6Fm%*Qbm%}%}E8sifli-J3X{WOi-Wgs69|8Bn{qSn|b?_SaQut)}yYMOS zAK_Es2h6t9e;&L8{CxNT_%wJi`~vt)_=WJh;TOSQhfjxZfnN;Y^C~<2GvLYaOW?iX zweSh>OW~KoFN5C&p9y~fJ`4US{Bn5HtL^k(0Y3(QCA=qmHhc{HD)=<`)$lvu*TA2L z&w+mozZU){{5tqy*Vy}YJ^Xa|T=*#X4e$%$H^Og$-voaOJ`er@{ATzs@cHnA=h*4L z1)d6D03QOs6L8;rm@@r}F{$N$@4`e((q3u6f52D6 zTis~y*BW>l{7v{!_*?LD_*(dU_}lR1@OR)J!rz7OfWHSn_$E93@5B4RKY)*cuZK^A ze+Zus-vD0@{|NpCd?S3fd3HKKh93j}1l|MwDLfCp30?#L41O*AbNIvXFW_6?o8f!j zY^VQA_yG9V@G0;u@Ymtrz_-A^g&#fN-tKqsGvHg{weW552jJhsUx)ty{}H|&-r^QJ zJwL)T;6K5A@Sou`;XB}F?B;l5vpw{0Nl9(3f9|gSZfbK)+ygTmP27Hd+4`-^cp5@z-wVFXH>c+rpc}d&2jFkA?3K zpAJ6&z7T#Od?oxK_$K(l@O>rW>W}=TpP??lw}rP9u>PC~Z>3TFoe4h#UI;%FUJE}O zz6gE{ybgXWd^0>5-qb2%^6_!-Wccy$O!x`#LU=oPE&N3IBKS%0I{3-(&G7c{rdFYs z^ml+K!%u-{!aKqX;VJN1cq)7myc4_*o(A6xPlq?PDyO8sGh9D+U%U%E6XCnU3*i~? zT6j13BKWEBI{0bu&G7DU{akrTXAgL?)wqbC4$p+20WXC2gxA7*!56`M!|ULE;A`NS z@U3tUyt&l~O8Wc4+r!U!-@Nw`WcmaGCyb!(^?t`y_kB4u8Pk=YG zPU@2WB6vG^F}xrAT=-D_u{u=}{ycbh`1$ZraO;-1@u?4P-Lf{k z7H-`-HhdA>x>aj<9elbW=8w(ri{VYJ&Yz@z2D}~o5_ms&ExZVRDSQ_EGWcTnO!zAJ zEch1qnO87wdYr&PDbO+qJlr+5Mf##Pb{njO&0qJn-Qq1sN z_yY5*#!o-|R`^`_ZSZCA+u`fr3*kH9cfj@Yy(Rs3!qX2je-Xb6o(o?D9}T}7J_UXc zd>;H>_;UDS_8VlJT>J^*u@Z zOYju9eD6w$deOd=;Jnm(QmB z$NVtQ;mr;=eVW5pTfV^I-P@SqSHfR2$@sYm{yIF#I!=<7H{fmItKmK2@|~}&?G`$G z`w`}sO5svI2U~H?hD$uBA7y@U16;ySw8AfgOZeVx%@5W)e3Rw79Ny^|GyEP_K1&=D z{|u9plHu}M+hp^D4sZ#7zZE_k{-$N}R|Whn_#F6J_)_@W@O5xW&+OyO4|l@fLHO2I zIg+sN!ZYCO;Cb-(;JQ3YJo5jp7SNfiHl63SR-=1m6h% z489BgIlPTk?O4AMewf>PaXVg_-6PP zc(WtTUu2u#z}vyUh4+Jh2QPweh0lU-gD-}E4_^iU0sb~zjzf3rIBbV+NBH02626}m zzNOXf%KrX{@JGNU{6H&wclb{TKMMXcd>VWQd;wh7UHNzg{8xnE2>%Vf3%(P+M_cn3 z*)K_dww3<2@ZZfK#?KSs5Ik z8F(_h8N45SZ+HoOANU;jzVK!6=J56K{op&{`@?rT)=s}1w`%LNw(tWGz9+l|JPR)I zOtn5Mg6ngUY;iXHAjGo-elYxTxWs?C_1QXjON8G6Zv}5@^^bN}aU23qhaU>>0hjGw zWqpqXGGhE`i z!TKy0eiXt_fwzTU43~KHGdCB)k4E@9_%ZO!@MGcI;1d6%)@RMF{+;Y^GQziq9|s=@ zKOSBIKLI`$-VVMTejhIfKDwffPL{xocZDy3XTVp(yTP}@PlY$P`t_3j z)8Oslx^JR_Bn^c3K==~)>G0X`GvG_$J>je2z2IBnz2VKR>j_DJA9xBp6W$Fj2g^z}hhD*J8$NFpQ8eke|91mD9tPO@Ez z=O^p4WOyaQ4}@32E8u?k9C$VSX1HwkSL?Io@EU|)51$O*37-OQ(@90D{>XmmKD+$h z9ey6dkAj~Mp9Y@>UjV-Vz5;$Bd=va4cv70A%1q~Ucw6|z@SgA)@Uieq;M3u?@P+V8 z;Va>n!8gHY!jsbN^v{Ct4VV1=!}_cpTwm)*4E^9&Af6)lm2mxjH_6}G@WlwPuW2Oy zRq(43ehd5>c(cy(Ei+%{z}vy~HHw7m2fq&Ci{RJ8XTj&f7sK_ni^RVQej~!a4VUA* zpBxbNXFL2Rgm2Ns{9J;~gQvi6hG)a)!~O7E;B(;%;LG5*!q>rXgYSUf4sY4jPX9u9 zI{XfJ9{f)D6!=~6dGJN>JK%Dh|6?8JI{4iPzZrfHylIA={(Irc@Wt><_b~7@iDY3eSW;0xyI=3a^Df244hU2CsuZ4&Mxa0^amg zJN-|>li|zZneeCJh4820weV-)i{LBZb?|55o8iyFo1SK;|9N;ad?h>+{sO!Z{vx~< z{t|o3<8J3||Y+gue|hguer?g})151YZZQgTDvg41XWq^mIG@AHb90>*1O358;LI4e(m{ zNAN}Pjqp17$MDVYPvA|@u+y)vMMRR}n-D$|{u#Uw{yDrBuKUyy|04Kigs+2t3EvF= z3f{D*#Afy@zJ@3FG}!2`Zh>dQzkwIRzlGPrzk@G=Z-v*vx4}2VzlS&Nm1O*p)87y9 zWcYS?Cj3WuA^azJE&ONrV)zdDYWOekt?*yr&3oJF{|(+Az7w7e{~cZd*L_=wc@F$f zgkK8Z1z!vQ3%&#XH@syZJN^H_)8R%TGJ_@M!FSu;LiN`)`0nrp@FwsT@TTyW;m@de zJ6WG?g71Ow-@qk&7wfa8nP%GL*F6zF8NL@h6W$D72;UoC3*QI62(H&6NlNPA%@KYx zT=%slyndgc1l=FulRfgOS>F$UXTn>+3*iUCYvBjM7r_sP*TGxDH^W=OoA$NSc?dii zekeQ>-Wpy47v9IZ?wt)k9O0M1h10F@tKml?{8so;@aAXQ>2C{f1())6s`Xh4{Ah&l z2AA-sTc72^k3o1p{8;#0crtt${5beJ`0?-^@Dt!I``P>34xSFzYvm+lF8m~f_rp(y z&x5yzFNb%4uZN!k-wE#sZ=GeQKLwrvPle~fbsHlwOo68%{5*I%d^x-`d_7#ZNfQ4~ zcvpmP-CsU6>vaY^1Ktgu2iIj#zCQ(i8p6+mcZV;B_kgd5>oP0x?}VR$@T~{Pr)K(l z!ZYB#;Cb-g@G0;<@QdM6kMwsI!ZQ(Gzi&~<1K))3ec?$1CG}?d&xE&y_k;I@XTit9 z`@^Th2f!D?2f|mv2f;VN2g8#F+36nwZwt?c_k<6H7s7|ZYvDQYMetmB9eg-^GyE)g zv%z-yN5I>`^Wgp9XTyu&BjK~)=fIc1N5NOaN5i+m$H1EpvD5E`w}+2~4}|B#hr^|u z>oV$xk3;ym@B;WUcp-cp+y~zQ9}jPtZSU6vcsjfYo(nIAkA};B>9REqelEfKKLUkJYfz7l>Vd=q>&JZZR{{;S|^;a9_Z!mojkh0lRchhGa{2)_=#5`H~= z6MQZ_=`1__H^AG%Z-n=R-vl2Ep9h}~zZt#|J|DgkehYjPd;wf9t`@o#o;qJkL(Q#4|R{{JlN=UTk+D zd@;NPejj``{C@Zn_yh3O@FnoA@CV_|&$iS55L~~HQs`m$K!jfkFM&S-p96msz7+l# z{3*EPuRa&9hc83;o$$xutw-AX^#nWv{v)_2s+39~7-VXi> zydV5kcoBRRd=~sQ_+t3$@YV1);QBq4LaX7;N89ON1K01V6nYar5aHi~m%!J;XT#ry zFM+=UUk!g3z7@U>{tNsWl~&!yYB9#%ulEo>1^zxf8~y>@4_^8q!XH(!mApAV|cKCAmkMQ;IpWr*;Kf_y(v-fKUygU3C_$c_V z@agd1;0xh9;dSue;hW)qz?&A>=@i~-^;?o1o|j(b_@f5*@H(B9lIsBN;W;{#i zO-z%YtKm)H+u=>&Eeg%=$~O0ar@;4wXT#+?yWNs@RZJ-W}@2EHG{cZcr}9|b=EJ`LUiz5sq8d?oxK z_$K(l@TTMK^tXg3!&|}o!4H8Ch0Afc+sc;`_@M|t8{Qhe1b!HNE&M<5?eN3lEhgCe z)dsHL?9|PYGKNjAi$WDJUJOzFnJR5#IyaIj# zd=9)Fd@1}y_*(c$@a^!E;Vp{o^tXqnz&pUR;iteW;2q&};3@E>@KpF(cqjOFcpALL zxpw-~;VJOW@N9S&cm=#Gd=5MVz7*aKz7~Eed^`L!c#Da4`n$tZ;632k@YCTH@H60Z z;633>;l1E%;l1J8;eFsOO6>G!!u9(`rT%*0*$CekUI9N7J_p_pz7(DXUkmRK-wq!D zZ&7Nee;_;sJ_w!-9}KU64}s5tXTz7mhr-vwhrxHibKot@?DXft)8WJ6`aPtQFK5C1 z2tNWo7oG=S20t6V4n7jT11{Tc*40dR%W^yYqY*wGF5w@x!so)rAiN(g;rGojk2bI*{1yej}?E0!#kd8hU*2F^RFJ08VmO!{^{`X@P+UR z@Rjf)_$GKUTt6&N(ta*Hd6Jo4@rm$EcnQ1^UJ9>;m%$go%i(qK3ixLDBzV(GJDrvA zWOx-k6Yhr>!mHu6@EZ6c_+v{Ar^1_6+52@KydC^}ct7|wcoF;p z_$>H^@Wt?p;H%)%;alJr!<+f-^v{5|gI@yg2d{+}!7qi+f?oz-44(;K1)l}q0>2#I ztlCch74UZOE8+d%v*G$Ztx}J!g3m(utKo~`*T7f7=fJnXuZ1_OvD1GYydC^{ct7}D zcoF;t_$>I1@Wt?(;H%*C;9KA~!<$XE(?1{H4t@)~AAAA42!1Pk7W_8&V)*UwRq%!I zE$}i&F|HJU^@TKrk@JHa&;E%!=z#oIJfG>k@gg*}71%CqG=6pN-Pr|#ym%~TFpMp<= zKMh|1e+Iq+z5>1x{w#bK{5g1=X?FUbhj)jsgpY#10N3xCl`{Aud;!A01YZHKgKvbt z4BrKR1>WWYJN>W1yTez(N5Nl%PlLY>UjTmtz5>1)z7f6#z6<^)T)(eYj@w)C?ibqo zwH7`K{x*CX{2lm0_`C3xaM|`pJUe;RE5D;3e?S;IrYM!6TS`JdWM-^o&Mgv z%-=KM-y?h;{0I0H_;&a__>b@v@Sort;XlK7!FRyhToRoA8CLqcJN!4xlTN9cTI$aq zr~dX=ntvDRe^vTQ@=x*mrudUiDa`lhC!I2`sw&BVQ@kU~CYNT{1b)l$cS`6MMvRsm;(xXDCNDF=b{Nj?-RIj&cYMH+%ZF2rp6-f3$ z1yS*KRUZ_e=kxl@y~SmI-vnP}DLzj3dP^ph1VBZZnp#klU+MK%<`?^`vI;z1@~f(f zCzN@H6$~3t5Gi1%62C_U$?2qaEpQyoWIE&QT2NkEkzeWaWEdpMuz= zus8$xV+nL_AW%@YcPXf-7*}4Ip5^zIn!6YN;}oWYU+kP;l~v{s_o*t(!&NQd#{>9n zm(Lv^503J6=jV>E=c-yBY3t6<9bfMqx4QGbnx8*FoM*S{Hn8xeUqKXC@7L}f!rc;9xd01oPmNON>j(w zSE`!-;)2}#31RmvHP&!ls_fYMlvhV6si~<5>am;j!H%6MuIi)OS`}5Hq%NpJsp{Lw zdzP=jUtVc6PgzAd`Kp$CY?b2TQWL{{(QMxw+vrkbY(Yov8phtDG?NHABqufWY!Vuy zOR%8B(8X6)P+n*he7Dv$Tv*4RWQ?~O^Q^u#>M*$+n4pMKJDFSU=gU`TbWdq^QTBi$ zM;1ie4f(lsVxp*7NFRV|l-7O}8K`EK}>buK6=FAKkO z8To~UC0S+T%R`zweKe&(S0yE+^g63%pa{qpB4nL>95(CZLzQ*%S4e^anIfNtWS#pF zFyc$_kVpA$pfAY-6|JmDoOX@`rP+!mLr&Qe%sA$$T~!mI`jqN-b&cb#QJ<;i-f_{P z8rN`{5r{2(h6I9y%alL>-B*y*h0Ps1w6k&r?XAwtKyY1y;;b04eBYTRHYTyiFIRg&1k z=ZjIWBuKct2?WqpNdkx6MLTrtRY@XDFtY-ii|~DCh6TP8LsgQb*;UCIQ)lC1Cp9HP z2VA!qX3%sQrU`rOtmtAoaAw%zDRNm5RE~l-m^Q)Zce`@1k`tykVt&eNwV+K{Mb!+| zd7N)TaaqVd1%*lTnU^Nc^w3-fg>O3prEle$3b5SmjOY6T&|{r zj+S*agT52_;vpy~#(<(m8?IOGmV|JpurOg=J0)&mgGOzlrZ{pj4muFg>UdD#h$jHI zWa}^J{S1^kU6j*%mzS4>FT%#hVY;U|{?7htHPV&UKYOsXZDUkXb^24&3w`7Bt4sW9 z;Jn1=_hqRO2Gw!tlbSVfT&hR@_egu?cI{ICSc7s$I#J$SNv2oES+WL}rg&mcZ>Nw} zH8j3dPk)yk4n88X??znu_^WTEcxBAO91|K?n(B7c9FZ8uElNBo9!F*j9G9Xu?mRHT zDM+j@YDDjH(I0x8I(hmh(%E$#0t$^?<$@Y4X~+!(ADtA*pOosd;z`v$Z-u`yD>!e| zhapA2lPdDDA0AaK6WT(gLAxY zqldZPTxoXYbB{MGH^rNCrux-BVs;wczTFUs4&)Y796a{;-^#YakgEW7-%j<_jWa~t zMMUa)PG_%itkqDZabEPQQ(vjC%%7E)D`m$ld@2`=OfmalszCR047~?ZVVn`-Z*dY& zg+4b$&5=Y}SrpzbM&0QWRCk;`0mmhkT~dwOR3vv*17*v)q2h_HCUh}tf>d3*CPdw3 zmtlCb0L6UJ3KBVLu{AC-8z7@Eq%p=x2=!n@l;@);7w!3jQ4T)_e&Www@El88L zAW%AU+=_eTQ$?Kp3}buhgyg!(*s{2fnZ=&CvbX^cOq}`NfLo5QFf`zX1KkGQf<&oN z4Y+CZXh$f6iEXQEy^3IOvj}DyMUZKep?!7l+?QWalr^}a50cTfvn!6;1=X!nT|ML?k%A zcBPRLVKy`laLF}RaH?e=gF+jlP734i&L@0%-&M^_EK&nZo?$AL zcDp5s2pV{*&%g$@(Ixz4%>UCOu8w@90;>vij0HATO{gtOaO^8W*~^Hz?A2#%3|X8J zsTdhMX^eK^8_r3}fooee7WnVhhK6eQ61vQ4kY+Ej;o1Ib_$Pex)g|U4l+!6y}F_sUtCh+Ez6RL^B&a+RVNj7E*hXtIgS%f_?=ZZ#Eg{%!E^6rDtnAG8`5Qd ze#m_g6+yi7RyrFKl0ssNKO)s7=v7iuUf?Y%R&zdGZ$8AEwmzM*RGxV}rE2{}Xy(PA z#0E-~XGl&uYE1$MJlrntwjD5x3v;_GpeA*Fn`){S4?JD zyJmrVT&_VK({5u4)3wr9<*TgmIj4lEeMlRZUocUv4N{-0$-S!o?1)~C7Szu#N&&ARM%t5OWg&+(_eMn?qYOC3SVEuGRwE zl~qxW4Tf!V9O1%DTndfQZ8nZR@$#gt@+_tq^q%Y@>r}1os&#YhyX=tTV7u0XI4|bp zDlxPTQDro>G=HK`ty+{j%l2JmV;Xw@VFOA$GDTD^k5hq$t1wwA*HSynYQwS#YEDD> zxO3IQ4^L*r5S1^X<=^#s(}-GaIOK-4dlKbhR&7ucC^x>1<$88HrS(y5muqB!xgLG8 zIyoXS=3=PgD<|D7RsFICtC|1lM#^O9O?{#|%`xszq$H?m7l>LmBqI$qYA7N{jZztf z*|`-tcbKOWHn=MN?ippwtWg;iQVSYBtD<`BV~<~apq3DXIyC0=hmrp zoB8gE-X=QQIJcM!q*MeiyMUYbn3rV=9+%5VjO}X1w z8n7wXrB)Sdms5}1#v8n>8m*a;4wZ=ixxT8Mx<)CpcJz^(a$bF@!{plE58FRBCatL! zP0d@gyDiT0s;}AV6?^n6y?RCOc714%keI7v9P1>EA&$~v>dc@~BYP_q;4=?bN4ht;{seP@T4 zn7b-hy*Yi2|FUErqU%+>^H@Yp70Z#!dMG5=ag^hVIZPR9pxAX0La*H}`3cS&mY#xK zZt6@5+r4k_ErmH&xJXTSu7h)@^nqi$Vb?ubY!$8MxgXs~HBct#sEM zy634Xn4=dR_NvXLUus@Sb;+-&kQK1Tlg;#QNY1--Zr#RJ+%q!abjb86mo3XYZq;t6 ztnKEwmQ|Om`DKOPESWWtZaxpMM%_p%R@b{(##6@3)hROk?N>vby}Vi3Ieolp1&5KP zeND>AR3gt0@K_7_2UZUY-SW~+Z@URH)~S#8dB*wYN}QPa;<+8Xlir4_N- zZmdH>(s;P#ZIqZ?x{4~I`rZibWXW&sHgl{kLQir0Z<)MUAqHI9c5TyoH~}P0C3GV+yhgNYoAqsWBgW&}=q7l4jWe|B+J{cM8LV4LNlQX)q*4B@X3~A;&A-!B z8V9pc8cH*pqBoP_N@37rYdq@yXQ>JqbQ+ckKVff8$R$~W_Z@=M6h~QBLI0in3{GLA zWNh#z!rWcr3C_6L9{p)2(kC&d3I^q}IgKQmLlWvl7P?d< zHBAPyDyDjkrDFN&$wBJbHs&mQV;Z~~3Q+eu7_mC@NxbspTzMCOZ$f#cnwYQV2}u40 zKCzy;pR4B4bq$~nE|V% znMjN&av+PVD$0W&ot!}0x~Q0BL1MlvL6EX01Ho4BOO5GRlW>hEbw-~m6S4#)fdqx- z!Vsfk1Rb&j%AOk19pqJmjYgTlP9|{p1I0Ky==~3ImkUWzL4HMkL9u${0v^X6|51|{ zPFSzIa6Z2={>Y4~Ri(;AgT<&SQ<%Zdc#l~|;CR`^R2szKZn|}0p{^LLN7YLw+h`|3 zJD%acEiFu;&#D+cH9{1WMPW86IU)5aw<5SovG}SP+1^Z_dJ<^4YS4>{WQ~HFB0Nl8 ziKxpT=j{Pi)E(DL8ETD*@qQMTVwYe%RNQ>{J(dC)*x%5CIThqAJSH zWgsC_?A3%n`>wIkFKpn&As%BzOO2ZP&C$w0gB?DL0~JN8L_)K^R53NCl&czT_gBJi z(6tUW$Ql)?Y6X=()iv@AD-A8J@ir~$&VtcH3-=nJc;l1gl~(&Dd8MVQtLIFis7`Hs_su5*O#Vsnc1(&{Lpl{&l`9>X>cN_ST zzOwUuZj=-rYir=mO0W2dvy({<8m~{ zj+Vwe)FEqPrPq&jD^h)9TeqTS2oI8_E+KdLRg6KGurW zcD6)Xn-t@6B5Plr+jPyiNSl+TL#iLGP8jCFb4D1xY(^bSCr~njwivFOMLZO0>12s7Kj`WXMRIT2N7r zqlJ;Or3TmBSH0<~jk8W#nQyZ0XsY)Dxvfx>4h73(aK-8^uMBWG3aVW&p2uuHTR7qk znlSaiwPHouT;dfgVyy92tca1tQL&78>Qk{Kf(RAM_&D~8WhN)Sie-E!OyTe(Ua`!i z{P!xBwSA-98p}ytDpt@EpCXU>dd;HH@e|ZV$5#RiHPlmn)c1lfd0l3Cxy>(AQ~9JT zZN9Ekdgg9tTa`gEMi=Rjt2=l4lLwFzMWV+XXG;=2!q{6A zJFa@PD1k`Aw<>m!m|K>>SJdoR-Jx`rAh&aY{k;ZnVeF{Yb$R$_%Qfohn`y9H8Xg#R z)v89G)$5DZbMEABhjF3~+T~15mzua!WBZq1!xIhAw-Nd&gLiL5mEE9W4`({5>=08 z$4E%{Cdd3Z=H|xSt@xUn$cG~Fj*NL^{%cK)bto_&N_S-3y95P_gE}c{s%1TT7;e!; zIu;4{Fe258hOgR2!yRdp_3L3oj5*FK9zChCS93eAdQ|m5B;l*O9VF%|ANWclJ&cIQ zJK?I2Bt|`8S9|a?+P2krYJwBaR3V7)ni%uo$=g0+%(+HQhdlI3rz3P!-njEG z<44Auj?_b9vejJ&x0N?R15R-ae}!xRR8r!-X{3^%ZfX_z)YJ9!-FLZn6f#m5Z@h9d z%3d|*ycHFHI`tYRm-||%!s%+Em+@#z>$1RDzE+@SDyi{-DmB1a;P;l7nK#|k-IS19 z9*G=3Sy*TfExO$Ei1)~uB^^_opU{%xO;srCy05@g?D3wk<$3^ZH2 z9-3BlLs6YsR24T?A{(p1thPZl#Ln4z>IPx#v-ON6Q*N{MqV9WQi;~Rj$C)N%2O4R^ z#^LL&8dVlMwedvm%OGCx~rBW@t33yQ7gTJn?4n#exZnCdPBH`sq&;2w7J9+R3YN%V;b>=bXu*v z=vwIW=NFe$shNQjed^p@8q!8YUnZv(fw(-QRL@NblRe?DyV&Mn?wtEEal538lJf~) z1M715U%LPfB)}eD*ViuSI;$>S$kngQ3@TMDTzbxGAY4TiW`&+Nzj{j4-kQs%jEDaO zuhI*uc6Q=Ri`4@g8t1xG-EIi?a!@r{D>dYvgE}~8dUN`R*5{C(K!TUakr(!<>~Z!A z65NhapJW}8ON*>3XJA^V)k8>dE6%-f-I(1bH0D-<8p@!aL!>o#4L`6NX=@4h8X`s- zXP+TrT(S2UjA-i7Uy$#+6c_6ZWqcZQU%^aEd_4u@JK;{pVfqOPmS0^L<%U^julmoJ zZX_oZ*VU5^USERFr!p8A)DDL^RYyEN37<{PocgbwORde@XVRb}VU@k0HG-07j;?0( zzEP<$-zF$-6-n3$CP5qg_ok`EwAqB4tk`0Yv+as4(%2iZ;P~p%ngvA^zF7+n7IXU+ z^tCu|4+VcWT!WWzg$|DXzc&%ZnGU;(2My+x8RMQtr$;8ESc7?CgIKSf3fwJFhfj?N znvqOakFt>UwZ_BZ)Y2yBaI_ripf$XyVHfeTrI5v5=5kwEY+Ilgd$~NWN;XhYuI44H zkz8xQTqP$pC1B;AVGVI7Ajcc@5-lb+fuU=4D_)k#8LQcxZwg9ejc}tZ?8W+9$zmfD zco!{^I}Os*MZ4LM+9j~AR%fZPd`jgiRu;;VIb(GpvqH*^y-3h1Hi3dGgB;=Fw$}%$ zs~?xec)CBLS4qk;zQB?~>nr+-RK{h3uPyYqVp-@IF_nRZhO+yicch%DR0F!+!gBZZ zhANR=rQWEg(a3{n%4B+)KWm)PEejkn6-Yf$QawXRz1FI#e7x!gI5r{o1&4*qP?G~- zL@A56z4`vEBK7zObrUf&cS2R!c^^u@#-9C z9#8cI0QJ(XZr)yHQ;ikVL)5_yy~5~fmxdzstcVg-0{YezdH$7SEiF%RSxxywweC~3 zPe^L$x?EKg0>$=UPpENfv?@sOK~?Eix3&DK8R|_~M*UH@aph4Ts&?6x&K^)pbz3l_ z;&66R5;@=6XA3n_+j(M4JSZqoO|F`$t1?U8Ribile7U-zoa=RL zQXLU_^NB2YjcJt9ZKbMn(JOaJ#UJSIS$#&AfzDiSlr~ab@f)psAge;-HSQ}rvquGU z??HyWvCN3g{;5Q4j;bwJM)hpFh zBT}4SQhc7T(3sSr9xoH+NXjA;=gCXW&r#1rPzP9b=8a{$#)A>mNh!E^2Hw7$;^`mj zO&Q~L?P-4F){vThQtDH^1bOwjeS0VPeeuIw8*N_q$8iV8>L{1^RR7*(UP{n#LU6PZ zR|={;30=|YesChj<7w=J6LIT}bZ~eX%!WX9nc}~pr(Q;>o^X*Cw9YZ|$X}SQbD%>l z*{t%UtOZtV`mv%w>Sz!#CRILKt$Yn;sqjNw2fFGjO`k$ zPmNI%*M55VJT<1~MofC_`5Ha0#?IU5DM&bfqetC%d2Danna}z{3Fly$lvm{~t5&Z( zw?=TXF8&Bm7jJT;QaNQpZZPQi3mFd=@bB+_5+$?j%hVg0FYUf?g z22n4f)M1Oa1y;GB2MvR!R)=5D>wenl>uj^_GoVZZO6b5KX_yS3z|1*KJ zR4?8OGdU?+Wis}OuP{;l0dxl%JEL(l)x+{a247Ux{qN7_kJdA>YOShEAwxa-_F!;3 z6%sD78SBwUjm#HMg$!ea854>&mp#!L=Bm-*lr-n<9qBu&k(^1@K4Z0%o(&w^L{Bx^ zn#cn;>$gqkV>;F7oc+iVIiUnDw~Zmc`fV(hyIw(e?h@Oan&>AF1??K{p`a?(u$`zV z6K7-Z8ApkzvAa)EHXpI?B)2USJwTYk5@<{GbCBa1HIi9ku{>atix*Y09aGm+J;qzo z90NVU)lzLn<*NHV#`r3;-1>{qa|}ABL31+0w+|{xxg0Pq3HmhH6S*RGBpna32+hR= znz$I|5;-4asoI`E7pq>aYA1EOvn0R3XFPsZy*1Bxoxm{lmvxtx=QC;W5-s@=a=xCU zrFzbLgbPEJZpR7R<<>y-lWe-aHN%6VE=JUVNQC+Dsp>h*>b8dQ5*l;Wne(yvgVnr^ zgy*#D38PX?BcFT|oRR9Bx1I2bxS_Tma#HRZ<)qwD8&2Q^UEfWsw-Cz7x?3VA>xi>* zV?R|#jHaMovuTY%3UyBmH<*RoH%hL$*sw!n>klcY8H`VXUQaAb42$`Cf zSFN7)ubzl)K9Me49!aMzvIe-!`s-%T6f7`j20EubNbwCf)EGLyGvxX2as&cXdn@yc z{W3$wIo~&Au7%oYyhD9zyb|+Yjfpk(99WeK)$JOeU!vyn$=sZfc1?Y3O+z)lDeo=v zr~_-w_*MNTb2cq*Kgn@%eo4JkJIt5ZjGBp2BCn$H$=ivfS7y$bH7A6q{8F!&P!Dy- zEi^p-JL1#aRWHo-0e$LXQTNmJXz?BFsa;gFD9I==n#)RWO_u7tstTrNKgkGy`Xw-H zHB)*U>iycmdm<4AW{7f%-@ma((h2J2oI3bFQy^qHMB;NkRS^kyO0g$uy37|+-&4(a zVCJN{o>epJR9?z@?M{-l!TG0xyPthSXCgXloon(`8H@AgnlswqL0a7o%RF}T6))Z@ z^=>jX)7-hlMD0mN=*+`J=N)p|VW1^eXWYOGCLA*j6Il3Y=9DxUMZOX>={IX&sd^J& z@PMA%ke@NPOU;>0QJ0yHQ9_x*D5FAF^>t>oEPhp6Q6q_t%}6P53@ln(k=hi`eOR~K zu%San5oZ9(!o$=(sY;n1T^`M-#72cI1toS@xzHw<&VoRH;X; zvXdNdrbV8URiBz=%$REQ%!-o!|GAoFJ!3Y3niX*dT0Jt#C_Dd7X4#wi|5dZ1W?Gb< zfN@_iLRFAu*Q)y*tpgS7HFyI~Zz>GAaF?75GeoA=$C$UN(u3X_&EYV|k}(xoe7Az- zmXa##&Yqa`3|%h);@*IHf7~%p*2SA`&fnnmLH#FG1QvWVTD2=7-Jd9v4(d_)t(YT} z&4%gPN85w?x6`guJELy4f#!CGy|*24213k}8iE&IMVV#by70=eT0Eg@Vcz18d4;)g zM=0bynhjl3u_|3vQEL{0T9>Y>Y}m^SJ+7M2QIH#9GSxwieul1QH$I8Jnq37mZl<}< zlxUFTsXnP{s@jqwC%^?Kuy;Gqze zDGA=2)e|_>`EZCT@WIiltWGN}uQ8|ROwO+?j5_+1a5|(q$lhU(yBT||Mr_p|HBM`d zV5x^5hRn=X>16Af!2GTJoCcd^7A~rKW{?rBWRUK`;U-E*k0`-y>0%dO?6tz9 z&YPe|#$>3Tk};`FL(lrD#-3PND?1i4cIKuj^dTv%SviJf6L-XXX9*{mzZfTIYVy(&-FUjb)D-3hix`uVBfCNQMZfn ze}2zdfB7#Ua;{G~_(z0>sQdA`jB~w>b0v&g0jssJ8UW_X&P^)B(9^p?ZCydrUn z!WH%Dt3I_W6E}G4MMmmGd+lq~V_7fS31kDFfzW9 zQ)TUbd_}bc^NpNA6AZsdQ}?XVmp%Tw+FZD9# z>b03!m(EnzW~q8P7ezT2Y^aOb77jUeq5oR86xDpR4_2Ma{m*~D9Ca~!O`giBis-*X zqyGkWRE3}>aPG~7uITt5UC`m&x~=xgcynxw_@6|PqIQ7p9e-+iSj{r(e{!jgdUK^B za3&qF)~dNC#~k|3xAM?6MgF5#|GUeIRJ3k)CjH#3^y%}Q`<^&QTg*AiN$dX$m!YX! zu1%hnF?Y^%d`Gtbzg>T(-+fhG7*aciRk;t6OJEmzkQq>2ih77M;56<2aA*cpJK)*V zXHT1*=}dhyor6dIqfnvu096ZB|0PZC;j2^KpVh&uzyT*U-_=ZV%)VN*8gQO`nqHzsD!K zG|7McFI{Tlzh)tLI&xd#P``Y~dH<5G>}qJ5U!9}6v%0`7=&~ti85XiW55ACU$Z&PB zAb(z^558o|mc+rY1H$Lb4t6m3;M+TrMe&=CSW!HGHg%Y~id)?rq37g2ZUBeSacoz+ zNDsgte0xW-=I#|fN2((pLe1R(oxoKJEOm^inBFxO)TSvc6Pxe(6|whh*n{jk?( zfm7Otv|m&uHW!21HT1OUgB)A+cokSsQ)r(O6SuJc^l{*72H|JR#4`Vho7yAx+C85R z;WKGNoUc(1?Uccv))0pnR1fD(X3g!yL*E0|o_Y`tD?>6Sa0qR>x@<>X6{4;bh*yVu z&>`O=d3~GuJ_!GTH}_JOz~wSVMfG>#@Z^kiO5yv!?3v)I2sLR2y=9XxG6TbzX8OQ< ztOkvGv+sU8sd{HQ=CV0i>CPo6>RxGw{tb~e7eNei&R0ztt&Sh4|IOpR+6gb`-t&ii z3NmoE-+!>HrZZ~SnW%39nU;|}d4hV^SevWb3(XHC>wLkJ>IUxDf;jI+jbHeuf9KwZ z@S82w_gDHql;^x)_~c>g5|1$>6j6KJLpu_U`_3Vrva3nFb}rGfo;^Ec1!V8V|4k(R z9$j|2~UD?qMNr&#RXsm8|n^ zU20+Kze9pr$*8l|>Ps>Psg(@4{n&qYxl8S;#<{vAaGi^>s!>%phMRm{;dXBM`^Vr5 z2vj88bsQmkvCydXNy6iHkKphQHvS*JpEm+QZK5qjjMM4PeND8>7gLf4bIV11U2^~(wf&oT6qq?=7I3Fjs8b9518Qh zO^bG>{-dvf&3UhTEhenJ0cxc>?E2SkS{)|UHvHeTL6Gh6+o9$xg!eXZ5n=r`NGs7{ z*S;ovZKMB9-D^yTUvqyG(kF@OLmFPD>{?7%djr%;b=dW<-Sq#g?*|I!ZwD`RbI;ZI zYgU_j=q>g1!yCrx&{PRlXrW6aDgU9amq~-x){UbJqwpsTY)WcfE z)E;j2KCKWV?Atn3+qxn5O9Yq99DGesn}N1fG_x3cJ^jrXZ9}yJes@>9W%n#$P|1(f z`JCF@av4|pIwd)hXA)|!Dt69V{8uMR)J4R>U$Y%_u0*ADkc$fS`Z_~HyXM&Wt7wG# z2Ou6PhrhP1?R+6S8}**cfADzzrBgDkSJ)l$VI<4JW9Nvhx`009oQA5RI)JRcWi@bg z`_NBo)EvmFJ$$WwFOB^^>t{L9Ij13l8@-phMiCw0?&&|meFVZ)A3392U--Wp*7Vob z$NzP?`ab7~o*c0?pgJ|>KLHTZgwCv>e+pM{IQ>-h#r4y(=%xd-W7h6Xr#5U(gT}>> zhj6z#y?`M*?L$1I891?I?!e;@x&uE%S)iZ0J9G0GY4Fbca20sEGIn4G-z^4?cY5Eg z`w8Jry_TunMIQbxJrKLLP2mpRzXi~b-HQ!tw`<#-A7(=aPAnYCuKh68!C$TJ9})Tl zt7eayQ_zQcFN45{2xO@~m0|Ak^^*#!ISzG~f4H^4;>r(A28p%th?m*@JJ;J?KhDNDq1h*zKLtiCB3@2ow}RZWaswwhn$>yknr%6)3$Ti$@#Z+1d{U~KG6cR49|nMp1G~V zO|o`-M<7u;dUp7&=pOy?Z|86mbYnUK$!Q0{4m&|}TZfxu?e>m9qJj6Nhn;26hWHeN zccr11(86PS+8laB4{y|b)LPAG=0Ufhbxt)sAe}>;tWYWjooqJvl^B->reC~ZA zedt|%+sq*hd_R4N z!~SrW`$KBqZ>f=KzEuyJ0uEDE^VY|l4jgHq_0V*1q`ZeZH5{(ry@1!bX3L!>2Kz4^ zJG5!S-&KMpi9qF?i6Q7y#0Ty7#?t?=2LRe0KN7r6iNV{1N$XcXha4#rPU-IHtwa3u zy?9#o+iK4)xS!akwp1GnIpQo##(yMV?UKxUOu93D?XFMV2}MoDhp_R3?fmrpmYP8h zas2o{N}_gL{{5c1G72nDoDc4Y9{Bbj^>(JygI`cK#QA8yMjyt<6;4xQTkZXaI6Ffc zs*^OJhGGasf%?E?dQs*veg z@7PMN+O%dQ&7C@H`m`+dp@KsjP3lTSS}i-r-%^x$w0{Q?Y;>1^!6z7;BB1Y+0qecc zMV>mFME5k()^$B+#BIT} zteMWusnk60+?OLh@UK(m&!2gb|9ctTuQd&AWmRVLGlqen)rQO-62L8ou$2* zIE*~}x7o#csDBy~nui*#&byDAJ!j3A##?hZ$LU3(_k2=E_1xQQYWEy=?%L~|bL~EF zZg=NRV@CJM6UL4Y6eW0_LMKNLj`){xo?c1s3q8HI_OOVjm%E3GJiXMvW&a^PPcQEy zc&Yy|FW9PH;oigMWChN8>xI={<6aPjH#F>jarL%R&-DkVq8jr*5>C&U(%mS?Ft%IP zM#sM7VA~7y+0e}d{^ekFZ9fj>Yya(FTL|jip&JSM=YwshrrU>ZqvoFu#s`gs&}{_$ z^TD=LGe|zLLkaY| z2zs7!Ojy{D;bCFwKmQ}}%<)O|I-UPXz^4HIpL*W?seu1Q;P(OkR{@_6_}>J4pmp{7 z?G^CZ!2i2|&jI`&0zQ}cM)d6TpFaisO2Gdm;0pl1U%;;i{J#Ren0USY>K^62|CRv0 zo`5d}`~kuEDI;EQzkdb%PT)UA5dSW~Hx%%D0N+T!?*)8g0ly#cO$2;+9d`pQXgkjM zaVB5&pZ^hf=H}lh;`RR5Lg0@9{BZ(47Vs?vd>r797x3|bj}q`|x9ET9^*cepCjq{d zfKLH@YXP4M_-Fy|1AH3+pAPu80zMP)Ckps%z{d#q9Kg2|@VS6*FW~b4f0BUD2Yd$s zUjX=y0=^LNodkRl;7=Ct#ek0$@FjrnEZ|E4-$lTe0sa&LUrxNf|E?q0f9wK$T>)PO z_<90s%*KZ93d>)AZTtWQ#fFCX33jjYxz!w63 ztbi{9{5Sz$OuRn+#|!u^z<<7g-v;~>1bjL1`uuZ&fUgApi2{Bv$p1V6zaRLI5%m8E z^;5z_*m4NRG;$JP`~L;D1KImjS+5!0!a{ zZxZmk0RN(Z-vi=*Nx)YFzC^%>tJj+I|0@DM67a7Ic;{HR>E9yYonwX0Lmz){2>3X_ zmkRiJ;`R4GZwmNCz`rHnQ;65|e_Oz(0{=S#-g&R*JoNnE74VsWFB9;K0so$W&jtMZ z0)8dnKM?TFzTT|gb^-6~>rDPb0q@L}CjXIucgCv8e=OjgwsszR|1B5r&TCEn69HdA zyuNgZs*Zcpc0)9W>cMAB3`l0!MF5n{p|CxY~B3{qGiP|U8ZmH&(JOAAQ@J$7L z9N;4be1E_<6YxoZZ!X}+0{&P5?*sggg7(WGULSu>pH?CGAAx7C{jz}n7XhCG{J#qL zT)_V(;PXKIdjc_-(}N^M^Ah z1mX@nbMco0e@6jd0r*Y=z7p`K2>2@E_58aE`2E1&O~8jA9lHPMF5nvh{!9Vi0`LO_ zd^GWT{RRs7SimO;_&y;1L;>F)_=gDiB;Y?=z^4FysDMue@uv#-G~k~g;4^^#d;y;g z_zML5auEMS0lxzHFBI_kz&}~Q7Xbex0lyyb&YC1JZwH>a`MVgzKSjWo0RL10zYX}) z1pId3pC;fd06$&8?*Z}85b%2ef3bky58~ga8a>eNfoHD$BWU5N&)?3PG{6O(Ilcwp z|4~qY3p{gt4B+Pq{9OSbCRo446Hib6>zC#U{0YDxF5r^^-$GEoRKOo6;L`x#Qov^d z{&)eun0R{f*MEhe{gwm&wSxNR0snFVpAUHFJ&`Jbr}u9KApR&p{ni8j2?Bm2@V651 zC4g@&;I{$(3_<&s1HPYt-v#))1npM^c;`K-DuJi=-w*iyg7_mExE_7}juzCv1>oBV z_!z*i73AL)@NEVDc;cyy{`q67pneI!KV85l1OH3`KNk3p7u3%O_?7}b1MtogYBZzte40=~U~F9G~X0)89d=LqUo4)_iN|1Q9H z6!2Am?+Qc>kbfHRcMksRh#fX0?*w0uf>4BMZo6*{uDv{ zD*^9Z6BdX&@XW2wxZxrxjLHy4O_=&*(yns&!{Br_63-Ct^+CK;IF9`fA0ROUp&jXM*T1uXF93Y3fG-5`cMA0lY~ zY``xP_?H8Iv4GDbUhh9k1bjZ=uN3eFApWxj^;-}4r2>C3h<}-YF9G~j0=^XRR}1(u zkpDFTekb6E3hG}8_y-04y&!+*GwJF-PwU71z<-m#AJNqH=>7i|0Ut>`y$$eRe{rjT zj|Tj00zMYRf4hK>1O7V%e1E{-Dd3X;KTOd6V?q9R3;YuSze>QTf%xwc@R@)gF35i| zh`&JKUk>~u1pYkWPZsd`z`srq|60I5B;bnxf4$)R!zRE#Ebx~C{t*Gcop^oz8Y!s% zPQb4h_;-Q$9~1CZ!2g7RuLk^U0zQmBc&pFfqXhM91o$Tf{wTn25bzy{*W3Ro0pAty z8wGqHz@H}=Km7s!w7{Q8yxxB22-+_N@F@a*BH*7B#GelM=LLKg@p}8eAmA4huit<2 zTtWVMz`sf0&j_{R$PZGayq;L8F3rl5Yi0KZkh zR}ruG-?s#OHSv1?9WThg5q+tN?sq;DtTy54{YMMp_4((00UrbW?+N%=;6G20e;?p4 zlFZ-0zg-Z267YX0;8Otqk$_JH@uv#vmj?Lr1$-vpKM};g81Op;d@k{N|Nm6L=Mk@u zzX^i;*8=}efqy;7|0@As4E$dT_!8j1K#>17z`rOMf8~JRC5V3)$p0GwzX$jy3i7W8 z{DlHOytzA1>+|pTg7_l=zgxgZ6R(e-9|U{{;`Q+}Nsxa$@b3}$6F~mI3ixE;|3$!$ z1^&r`{C&W`SKv-(Q$1bhtO8w&WYfNvz=;{o4Tz$XH}sen%bd=mjb5%B4P z_D?5X?>{pId?xTW7sS69@W%@HToAu=Pa~Crr}3Ky{KpCS)xbYXP`|Z+KVINp58{s! z@Wp^XLBMYT{KbO&%Rv4a0=^vhXAAgUfS)7as{lV&!0!iqrht#2g@Zo-o-Am;7Jzr| z$)!T@G=5@;*XNJU0zQ^_dh(w?zC@6Jf8g&T@Fx_?Iri!6L@HBq6 z0sc}!{N*73Yyn>Z{Fe#%J%C>%;Hv?DxquHp&aJaPe=HX8k$`vZDX2E#sr{k>KTN>K z60eV+;Q~I6cq*fR{=PzxecJ974S<0@uvaaxu>Jo_R9qPcmcndc)k6` z3Har}f2AP*JizA&_|<@4D&PwNzf8by1pEbp`jr5FqJZB*Mb#LH?D% zKS|)P0{J`l6jdR3n!ok~|1<#~-qQ8x^Y3y&{*lD%^`9Z|M*)7ifR6!ux`2-b`Cla9 z`v88XfKLGYECHVk_}KzJ74UNed>Y_01$-vp=L`77#OwWUo`7Et{0jtp9^e-W_|+i( zAu1WK<9{viXAAsAz<;TLF9!b01pF4jFB0%&ApXSyz8v_I1ohtq_$vhdD!?xh@cTjj zIRZZXcz6ES$Ins$--vj9|FKNKM*;pS0p9`e&ONQYj-NP?|J8#1Up(;V3jB$HzfQoX z06s;~e_*~%66YzP!f2)9B4ftyW{jU)4D+T_I zfWKY9mjM0_0ly9K*9!742mC65e;43a3-~I)7YO+MfOo#rQT^wC1fIG3w?#y`uhZw> z>jZoYz+W%mV*p<$$iFM#9~SWOfPYNDCj$NkLH;R#Um@Tp0{&@1{ON#yM!;tQ{&@kP z1Na*S`L7^epZ`k){*{1#Nx-iL{L2DIHpC{m}0sny@{_qn*=U?YLHN55@3HWjW9}W0h1o_7T{tJP>58x{V zd;;$67Va4|9Cwz!w02 zYXQF=@T&#+7X!YXz`q6X?FD=p;5!NUoy04oru}0D{4U_{Ea0mE-$lUh2mC#P_KRrk z=B>}a_X_wHfbT7cKL+r91bkP(JKxEsQt&?l&)o5&c);H$$UhPA{RI9L!1ovM69Ipw zfKLbf00Ex`_<;gG2k_2!;sx3*@XWQ}3c#Nw;PZ)Bi2vct|A_*=0QiRr`1Qa)Ou%mh z{^0_?1n?sS{5BB3^PPl&b_+an?YABHM+*1~z>gB}djNlqfUgGpXaOG{?e;r;{v9LW zBZ*f?P5&Jy;G=;5JOSSU@XmKi2HHLF%(Z_U;LjKE{Q-Z0fKLMag#vyo@d~M_|8xOA z5%?zw_;kQe7VuesFHnsZXt%&K*M2#GpDOUL0Q@uopAY!^1@W&1{2BpY1o&Bk_%{Lm zVgX+Y_y+{>ZwLHZ0bc?5OhNp60Dp;quLk^sg80MRxZ_rzf7c24NWd=?#2*d#O9gx^ z;2#pi-v{u80zLuo&Uf;vP52*yXKwyT2K*HQJ{9l}3*t`$e2&1MNxVY*4`==8e5Y_A z@4z#ce>U)6BjA?<|09C@R{;O@0)IZ>ZxHZn0sp8V{vyENB=Bzn{LKQs6!3WhemmfA z74Q{+UoWWN9>D)5@K*!=P5~d@)*Uzc{Of!tc3|8Dp1JW83HZANd^F%66Vxvj@P7;Z zeE`2&z$XCy9s!>W_{RnLrvg4qeJ5(5-2%^C`=tTCo`BB;{80jaG2rV9_*~*u$!q5S zCj|A&1OEF3?YA26YXp2D;EM$DZv^~<0)GkM*9rJ-fPYB9mlLm$n)WLc@D;${RM3C+ z0RCZtzZ&q52>9?5-Msbr_fY{K3HT=k{U;jm8w7kT;EM$D_W}Hq0zLuoPYL2rCSECP z`rk%@e=P7nE#Q5?|BQf72mWFKp9T0fg7K3B_~!)v6@VWs;PZ)BNKN}aFW?J+{{;cR z9{Ae}>bDX2&ldPg0KZAVZv*kS6U4tA_+J$GD}etc0bdFDmj!$kh`&U@?+5%V0zM+f z?YH{;zgfVyAYLK9A;GY)6p9lE21pd{4-zMM-0so93{*8ctR=}44{(V9G z+W`N8fG-Dpu^|3kfPYTFR{_3U5dVI_e<0RD49{9OV6 zg@BI-{3b#CiGY7mz^4FymmvO$fd59orvv^aLHt>OuN3%mh*yaJ;q1S^7x1~jzem8Y z1pLc_{0jj8v%tR|@Kpl781TOc_$`3nE8xoj|GR+S3HUz*d?n!j6!3cipDI{ChP8M5 ztv-KN3;c}$Un1y#QN$}{&G?xph(8ASFBI@yfq#;K?*sh*2*@T&nIDc}nM-%P-71blM=Ujq0{0ly9K zn+5G(4)|9E{4T&BFNnVi@KFMOKj60r;*U5fbpC!;F#oh5UY~!X1@T7%{zL)a0q|`F zd{>ZvjDU{^dG>A&9?^fZquCt%CSV0RNVN-v;vECg8UN{tQ9>J3;*Y1bijn z-xkEb7x3>0_^=M{{IAd7?+W+`zz-7SA4$Ca{$a3yj|P01ApTguzbD}P5U));KvI1V!)3R@LK>sUci?D{yYJ{6Y%E?_)5Tk6z;wM>;?Q} zfj_Kc==$F$;2Qycihz#-{8Rzo0r1lVd>rxm{GBG?g8j|D}NM5BM7d@h1ZQD}g^5@Lvn~v4Fot5dTEL?-Kaa z0RN4E&j9?Lg7~ul|E<8k81UZ-_~n4VM-cxCz~3w2R|5W30l%7f{ryXUfG-68`viOu z@UIc@n}EMk(0*Hh|3QJj4Djm&{7w-6_k#F$0sawze-Gdv74Uljzg58RCtmM=j|upQ zlSB8v>jiuy@w)#B0Ur(gy9Mpn0q{Qv_^yC|S`dF9!0!?G`vbmA;7=r8umAl5J_Y!< z2>4Xse@(!r0sajEp9%O<0lygJzg@sD2mZ$ed>-(>CE)Xcf17|`3;6d1d=cP35b&D- z|Dk{{1^h<>emmel7Vs5-FBkB80RM@AuO?o9|G7iJhsA~-f9tL`rlv6eBk;_9ezOta z6OZ=JM*;pM0p9`ew;$!*9|!oW1blzM&lB)TfS)4Z#{&M?`rh;R0X|va&j5U+fX@c} zxe?yuUrxM2{14~))$auTe+BS=D&X^h|9b&n0Q@@z{CeQuE#Nl-|7QZe1o(dt@TI{2 zxq#me{CfoaPT>DSz*hqQj{?35_$vhbe&GK}z=wBs$Bn*z{8GS25+9+Bzn=ws6!3o~ z;5z_+m4NRG{9gMjEjT*TJsm@ zwfdv0`irwolg}hRQhzbMR{vE`^%sBsMq&ZJx&C5$t^TWl48M&04fPiTek#M?M0`_& zH^L0dW%zrDZ)Wgj{az-%uCd|Ai8o(w{(TqYe}ecX7JogpL1&xw4gZV8x3lmq82)qO z={90DTX9_a<4lI%M?75yRfCv(I>WcgaFLQ4(*42Yr>S4~$B&VJ{$K9+Nh01EKc9f{ za~I?PjQnR<{3{uM1^MGN|EIwJ8sk5HwhK8UG^kUug0F$oNx% z{|n%6rP@txBBcM8li%$BMl*-?XZUYD@{<{UFY)v>Ts2iN{Z}%4qd6{O_8*hKk9c$b zIGgyu`^-Q9PObFETa14=@qztBfHD2QG5l2GPYHnZZ2DWMHg$eyZa0tkJ;px-_FsX` zHdQ>@{}oXGsUV>Vk)Ofvw|eCB82(=3>1!-% zvM|aSc7x*4{Fk%e9shy$ck1_}dTpTof!{yD_>0MJw!i6rgz@K-U!VVe2L3l0|1R>| z_TS$z{9ccIeN{ZCPni8De4bnKjy08ce=zg!#PD5+x5Yn%;m`2spU&_;kACMny;1&| z9{tWeQ4xQKN5Au#9>lNn=y%R(BYvAlf4ExHBYvkxe{$|Z>HY3q5L;`^qXzLVR` zKk}c@^+!|ScfOMp`Cszrf0D^R7WkV1|7VPU7x`CM@(+9`qnUpK`SXZ()?dd0|3Bn6 z*Z-LdT+ppzZ4gea^oMg!3e|5h@wV~PS@9~YknvLn>emv)?|i2N^5>I(s2;5P+3Y_f z8Gj}4M*+X{or=g`LH=bH{}RR@cEGKCHt|mTwE}+Uo^+1iY`>`sUC=y!=Db#aIG@Q! z@y{dPw*LQ@i9eg-53KW@_}hT^ozLVV{|fRq(Sub#o9*XZ(~tPOiI1`HYZ?A|kN(#g zzLfaR7XK@XS7iz5|9MnD{ryXOP`_P_|5uOxz&Vu!qp&5w-vRjRs&+;7kG|AR-1h$M zA141Q;CJ5ZsP5)}1o~BL#-Bv~4)prKlaXdvKZegBzIgzoXOo}C@Jl@UuVVN$#M{>I z_cQzk;%(#SHHI%CzP%;?62+@#3F*Hv|GM*+-haD+_WObHe?@*<{hO)-EU5qOB|gy- z|1pY3@uz_J<3RlJj6a?xZVIC&3bX(8X8bwi*Z1GOfIpr5=KTKz`EB$6!%X}o#E-0r z-2K6fe=QS#WLRTAkVL#Q|DOutFJ=5qE_1=-hz~rO{+}7X1M%kuKzcU$-Aw$c6u*x+ zC;oU4e_PefQU6;={%#ik35r*n4H-Yh~@CG5)AJZvTyN8dp7>`X>PYr{p)s-&^E2*T1wm zccbdhZ*TG4}JV5g8U~l{wSWn*v;Td~C z`EC2ZUl@Ne`StOa2K=p>;rXX~j@$mKdj&nr@zbB-2jsYzZT!t-_+;X3<1bC|sQt@8 z{nJ7I`HcT2^4rGWZHzza=+N;u3;4H@-yDDAmb&$`jlV`}fH~vW9DkX_+s0pShF?a! zZTxjtJgR?8MCkaN1M(lw_{+#|>wilbzJhrA8Xvcq>QA%(E@t9Sr}*{pa|ww5LB@Z8 z{IhG!?hmHFfbr*$-$%T&|DF&0?=k+2WiHr}_`s9t-^TbWK>iDW|5wI;EBS55Pk&_m z)xdu#@JFf>jCE9UX8+$rep~vs~vZzkT>e}^!98S%FBw+V_@X@&IPVo?8UK>imo{y)fX zYyYW?zYO?uf&Y5O-(tDjaJKxfX8e`Fe?9O&!uZc1zb*d<8GqO@q4UQI;D3wpr;>jb z_20l#-M|m@{5s>0BESCr_a@-~jqz_Lzis}AQ3sgO{Qtg3egwmRMf?aOUo-!+6|d3? z>Hj{;KaO~3|9z`^VFdj>Ft0CR{N1m1Ul^z#VIk|6%NTzi@UH~^wTyou`EBz@Im0g} zzFQ!0dN%9#0TX`-=)ZS@`0KUA?Z3gJ{{Z7J2mZT&zX#*5@aXTNc(vJ({!<0~tAPIk z#^2-`x8Sz=k7xW54MXRTdw~C1#^2wge;MPC0si}d|0%{l%cK8s#vc#-_XGczj6dI_ ze<$Nl0saSoztQoy|G)0hf3)J&W<&a4I`BUT{Cye!UXT7hj6VnX9|HbajKBT0-unM^ z#-9)T4+H-lj6a3^C%IwN{AtdA&oF!z@#^hS(8J_+F#I*do5v4K{zE4JB9Q-MApZ_( zN9OE*&EpsMlV2f059hV|<4WSq_iyWnKUsgV`q_+sk>VXkg7FWf6u-Xzb-sVu-2cAI z_}}qZzpaeF8q{wC@V7hxkKf(oSEsjw9!8pBlNkOF;??vL^f38+hHsSXVz&Nso8nRZ zBO8V8Kb`^k|H=4cJ^FuT{IS6AeE*%<{^MHV`X_qyrzjrfp8)*N1OGFO-{;Z)B;!v7 ze&_q&%=}xb21e`W#pFLFsP}}9zh;U@`Dc<}AAipGubKY!jK9!h{tq$!0+4?R@Sh%y z^M9566O8=L`Ky=WQU1l`_Yv=`|2G5wOvc~#Iv2F9zyDY8(hD1^2Zo{bN-1@Z*Won%OzeN9uIn${G$wi7x8L%1U=05Tc>!`eo2(Sn%?~n zr~Tdp`S&~#$N!W^e^QG?Kb8C{y`YEDoMHXil`|ouOKY(~!|Gi)F zsQwX68vD)q{=>QdvswSaopAh@k$<8QztdOr$C-*p{&?~y(Tkn=y8`$>X8a$KzlknW zKbzynxz8f%zq>rvZ?fW1{5hb0&SzE4`W+pM{V_MYfyY?lzk%Tsh_}t3$92a3bBR~e zL(s!)Kj%J2DE}gmzjOa%GyiRje?Ixm_A~thyWsej5^q~SoS}FWe+9*_uOFQIubT1y z&iGf6-#q?r#$UzwtAXFSf2!%fSuOBU|9#G5{i+%M4dQL>|C{1b{UV!&&L2O6_@C&C zb%Forp1A%~$=}!ToB7vOJjy>V(w#r``Nz3e zg*pHCXZ)+kpJ@2a{7+~6N#xh_uMhk)7=H!%dl`N+|0#?=59A*K{C6<^=C`_H+wu30 z8NLJY=KNvC|2`9cA&9>rh`*gG5ZZqaAb)F1{h}3*`cDb)HwOMJ#y^4l*%tp?#$QhU z0Pl>Srog|2@xM=gwY&~`nDu{|@uxI%$B!D`{)gjl2K)_re$f!-v-40EaR^vf1<^|f$=AiU*CV62>hQi{;s#X;$w^kH~arbj6aY3o%Zhx{EHZW(w#1NuEoEA z@h2STw!iK_1^Ay~{CAUos>S~#<1Zk;zW?n8{C_k4{p5ef;{Sv3N40eGFCpHke-Ge4 z`*hs?8}eQ7CX0WN;!*pTli#QLdjkJV#-DJP3pO$Q=JP}#2@c`Fj+nF zhhx03!yLa2;&J_dCB9=29XkHP6_4s)O7TY#@5FyPh`$%(kGk6h z)#1UQhZ%o2#$N&aeS!ac#y^Psw)c-?8GkkT_4&6S@NZ!JE68t~e;#A}2~lqU(fwxv z|Hq8~bMmJJRX?=--)H=}x8GmZ)(E6VP{Pp_d{GTVkt^XZh z{F&s}^FJ5((-?oFd)>m>_W!Rjd@JIcQT+o?=J>61CeFXBM}9EF4Qv)At|aLH%+W|MTQG*YD=|xr*^eMThRcQi1+5&tUd<7-xxjvDTmtsD zzu$e~@?gFHSh4=A6vd)V7_6Gkz`t z{)L0EKYoqNrMXWvf135bMDZy9>=WJmeMCC`nZW-N<6ljF+xU5o@t2c7(9VwkV&Fe} zFwTD~`EBE8km6DPRUrS_!2b~AkAA={oNfFxJ`2a+g?QWkCqnTk{*;)|`9BlHKZfzI zBfo9`Gm7!&1HbeAh35FZoAI|^>(^h$e&FwcIJQQyB5s(oVSWSg9WDGn%8%Nw9Mta`5WkP{ zmy_Ste=blw@>cwLl;!*q&Cxwo`8$kRk7=JSP zZS}jB@y7uFjllmq<6lVr8J7N2#rWgNub)4?8TjW9$MxSye%tt)qj*&Rbn@%t?-t62t^Mz3{MEqkeE)L<)IK{+YmkAMmF#{=ww8z5n=t;ZuljZq&~i>-uBN zD4hRP;>YPPRzI8j-%*N3`R7vpKH{DI{{tZZyBU8m6Tj*Il;O7$Kfx0JM@;;c6n~Ny z|2hzV@j1AD9UgJPx<@{xRpj9gIJ|b7Ozp`uw*Q_~X?DDyaQ;kUuRb`_T1cZ^fhf=aAn=ytDt? z2K-AI|9~f4(6)YG%=jzFulN6Vfd4JVpGy8tmi%95{MEo;2K*3^*;`%Qn zzuLVAJ^E=?5!1#Y5|5U?o_TO=gKLz-|2mU7+|JV(#IL+{z{dYa%&nLf+cxV3l0r;yK ze=+%6S^U2-{%Z0^Y5pI9KVc$n|M$s%ipAeg@u>YHySeQjr}=*d{*{dX0Qm1Et^WT2|7OPD{23Q)M||MPZ2uP-e;LUC zU*M1Q;rx4(zezw$&!#_~;Rg{v%fk0oJgQ$M#jp3@y7fcPpUq_akCI3`h`!&`Dc^=6-)mAGXBWk?)cHaKeILPk7WF3 zJnxFTS^P&;-AO(!(VX4?G3-t&BJChejoYu`MV?V-^KVlk^e-C z|22j`oA}-qzJ!TC57aLf#Q!(rzl{9748Pfae=z<+;O_$br(T5n-+J3 zpAz8j3jCKa{`bk>!s35~;lCx`HhwA@elPKtTl`-$`Il4v`urUS@^6`r>z}#F6|b=P zn<*aEKju_-{wyKhS%38c{`(mJe)603Gy7k?nK=GqUUbE_{&Rqdzk=eA(&9fA#D40gyVaQ8AB=K@WibAT_)vcW@W00RK!|Coz${l*b*8^37`KaF@5 zUeLqLf3o6H{bMNqY@(g^PXzhD!T8@UaY0-Bbuw`NpL*m+GyHDie|E#D`P1xwBNdPG z&!_z3wf>(3@?XUGcf8^%Th*A|A58xO#$VPqwEqnU{%wqZuSfqIjK322lYzh0Y}|fL zHoN)S+TX|U(Zru(sozS5AL`Lx#_;1j^3CSp{L_f>#;2#V8A2I$S^4t3VdyGF0_{Rf(>|9*`tsea+DIV273HVcie<9=FMgAs6 z`uGX5FlxAp&4^Kt#Mh_{_TI8O1Xe(4l{67@f4{W=%K z-Jkv~rJUjqDN82=8B{uK;g|20=^>wniW@mGNM&jRs($oON(Z)^Wk zvvB)&C*C&y#VH=Oe>JH8r6B&5j6Z|??Wp|%Pv-vn4Tiso_!R+=p3V7tGZTMoe|P@V z`_Cc}|KE(i)$6WssNpx`AFu$|e+u!o_A6xgOyWBkel!0E6pz|3mGaluzf0f6~h-2Z=3(`P&{h?IEr6y|C>Sl^)AEl ze@p(J#{6Z@p9dJf5BP5Z{&N|B6dkz!+VGq6XR_i^{(0oDBHmg5+y?wFGycEHZ)?Ba zi*WspdD9hlvc%tA@hJYB0ipfx4iNuCj6cq!e+}c$2mXBEuV(z?$=}M7|8I=H2>9;? z{^9Bb7aD(=9{ocUkLq6v{HuXKpYdN$ep~9{GnF{m-2L3mE=mkNF?71pB`wzLViM=l`P= zkJ_&QwBMs3|7DE7(Oa(A=D&jR7X$xe!2dDh??rxF|9zkFmjVA1z~AjkT>oT`{#eDM z`d0$~lfZu^{86oV z6n{3T|0WQ>Zz-<-MDn+(F}pvQ{?8cxGLQKmw+#DpJ^F89_;nunR###F7LWWIhX0EA z=9c>HVEDZr{U0hGwSOV#zgs~2cUzA0Z~nF$_+(4`v5H6j67uWox7UIH8pc15{Ira! ziNfrEOBsK}Ab0*NA<|j@lmh=pjKBXoE;y{l?EYZ--(&ox&s~LVI@g0r$&GyStJZirJ(0(6)_?ujdJI&$94eGVxbZ{Oa(I|KW`PauEOVxww8E%3RLY{#P>m zAmVNL?`QaPh_~hcr{Yoj`Ob33zn=e2kpH#U;ryTT=wGII9%#^2#RxBe%) zPc?s<^KUWZPf2w1k0a7){|ewg`FfmxGWi?UnB5;t|9pl|C4QuZpQCtGzZ?+%*C77w zjDH>Z6D|IC8GjM^lZbcf_YLrOzX8{8H~BkR{GAn#@~&ieK-)RUrO)H{$wjApa?r{(FG&7m#0{e|`o2wv7LCkN#AKKjs5B za9jTyqj=Q*WuX0k2l20E{2j<|TR+~%_$z_`PvHNP@u!l%lcoKBW&B}hH};eI{PP#^ z54;KYpC#l!+u}b%@u>b$~c=Fr&|0u$AuXA+h^$Yhf{?X)bV&reu{{X}Lh_@a8 z`HP9a9Mmry#6Kwy*Y95P+t$AiG5ia}&$HyeM)9cr5kuYar>|d+2JyGP1;^j*LsvY| z;%}*V&su^^q&?Wbsc^Jjy?n{QCZ*Iq-kV z_)|UlKVtluz~2J+Pg#lUzl8j@`LmPaQU1BW-xBy2GyZ&!{!1Bu0q{ow|C@||1Nm+9 z_p!I*`jrrGTfa6@JgQ$Y#jp3@)*$|#jDH{bZR^*rj6ZCcJAU-}uMO}IXZ)Q$b_b5l zzl`BW6L0H(S1|F%QT+P&ivjU(WBeK9A8#4|Z!rEO^81K)-aoeo{$6+B{FuD0x&JR@{4vAb@u!wY{)f|lP67S~`8fY_^4s=b;fhE37m+_o^LGRO zs~P_RkNzCSUkdy^fd6yG-{BKCaNGRx3FEH-{+_@ee;2O*0FVCOibwUY2L9f_e-qsLU2+y0}T;*md<{QCYY9{9U3 z{%s!p7c+b{@vQ=dqi3^zGnn{uDgG$poblfe#J`F0H{aocw)XF^3fDh|c-#DWqT*5g z3qbt`fcS4<{F6M!|2V^Ec;w3%ei8A_jrKF&zwc-G6~uS5@P8^E)vpY+|5>1Zy;tM* zdyf3wE&lF`NB&CS9|HUn8UJ_WZ)NeH$N0mN-T6cB|3iU4kMY;})D@4i_-|nRQRLU> zk72-H!T3`czd8OtW&BCx*Vq3efWOB*xc%=Xe_JDe)89q$sQvRm{YL`-GRD7&{AT|% z{Z}ylLf}6K_&;X+yUB0Pf2P0Ny|{kW#7{EnXO90^#iRO_fc6^=;=h>jkKgHv&$9Su zF#d><8we~Le|Q0Izt_lrs>MG<@u>YGN4eui?|)N(|8~Z|kNiuFf|>JA9^+3SzyAGo z(}4d^#-IH~nE%n#eX9A>2q)~(`*HoQCEnKl$!jowJMrf63)4ST@u>cJ=Y-b(B9Q-4 z4`Bc6kw4X_zuA8$F#gDM-Tvbv-swMC!2dGiUqb#i z7XR~%Ka>1={tJQs_;tActH^Jge+Dr8!^C&9#NSu(sQq$5{Fj0FGa3I!32vZyA5{uUyfEhR^K(Uo!q;(EpYIf6Iq(`_Co6ZU50s@u>Zx zM!WrA?|(VKe*@z$Aip{O&H7)%_~U?o8SvLB#Q8tZ_|5w7XZ%UPza03T?>qx=hj z|9aqG!1xo$A8)CDCgU#w^a6{|?~4hViG7-`4+^GX7Ff|9s&8gz>K?zpejoXZ+RV*Zcq7z<=g? zT>stVxAnhx#iRNsj1BGotAYO(#^3H6Z~bot8 z_zQr42IC)3ep~;W!uSh7{nr5hi;Vv!^4t1fG2<^Izuy1W0)Ncoxc)oIZ(F~nF#J!% zA7ku4%=ObchOZ{RrG-E42^@cuZ(Y!K{3lZJsQ*NbYwX{E-hUqk^_#=^6UlEIzcU$s z9QpPA*Q3Dy663#|{I>PebBx~y@_!8Y`xN2&-@*9J@!Lc3sQ%f&{{-;g!1#;EZyUeY zF#bGH|0jX}bH-mue%tu{gz=Y*McP;E&vZ^Ur1cX8&ubc$9w%@IMFq7c>4fPBkp8))C0RQA?aQ^kbcN2~=@;CiE8NL(o>x_aKe+~Os@u+^8 z6n_o@&iuI*#Q(^%IR0(B-N2g|@tgkl8GZ-xw&S;ND;~vPl^VMKc^kw(x){g*C;7Ws z;vcDamoxqt;C~PJ%NTzG`MX>EiO=Es%^}`4eg-NY z)h`~zza7N?B;#L8ezX6X_3QXNj(-F3U5xzA{u`rs6n_ec|6>sUwTyo!`EBc;WsE8wu zO#d3jUkdzR0RJD1e>(Zi{%iKX$(wNfvWRbLw4WLO;|#ytWBngiJgR>M$p34QzweGU?cePs9Dg!lxetrJh1N?t5{_W%+W%2*Q_$$eu zq~-q;@L%vUu7CTVT+p09%<(&3@u>cB7lihoD&T*X@ed^bX-590e*@!B0{<e;?yt zNdDG_-<*GbXZ$|k-wXUBOK|;fC4YB||80gZA>OurDOEgbzibfypCJCTU%~PJLH;I| z_+MxE@Sk1Kwtjg<@hJX05dS_9f1k}b{_fj9^G{viU&Z*J zCBNB!&G{#43y%MF;@2AWGUGp1@hJWnieKM<9R=dQi}BB@a>cg&*Gk4;M1H;h9u53I zF#a{{uJT^Pv-nFMDeKpVUyhcr~8is{-un+*RQT| zUO-IGrhhTxPa?nG|Bna$?-~DE^4t3VF2xrLc;U_2_^`Cf(-$%T&|LOqZzm4%X-Rpw3^~ZLG zZ%e!?Z_vYR|96@A^C|vvqMi6p2JuI1#r6M|{QZLL?rZg5)l)pGU#2g#{W}By#f-oG z@2+it>em&-f8ATSehbOp#o}MCcvQbiP`~cL zKVTd77m$B|#ot%)$R9N&bpI6x{1IM0)iedO2oAH9J8ZpL3t{#BOz zZ)g13REzYp;H-og3b_J<2Lv-s~~__f6MwD2nxkLnjOwXvVn>vuYczm)NRNPgS; z=T*iZL;fU+-x)uBf&X8|-|}<(@ALCC4`S%0<@$cgH8%6%nhTrVJ=PDl6KL_~F z1pZqYe*yVz?SCWV&jx<&R@fUf71K7{%PbNXY^ll{GP9PRR37=`-peuuVmnVhw(q}vHjm<{J9|i zQNZ8k1DyYd9_t^ac$9wu@TUO(jg0?ikN#Z7Ukv=Cfxq5%oc}R@xeaG){{xJ_47C4P z;GfUI}|8>THIr(kl{}slc1pKMMf5wNn{MZU_#Ykzn%Q848NIwl;TnT zalpR__-|tTPk8iS$M}6pO^^OC#iRUvz`q3eo%;+qH8rna+eQ9(qyA?5 zU&i>e$sb3&Gk$Y`|2@VZ{f`TtZt-tp{Dr{34EWo9j`JTw{*i{??0?aUNA)i!f0CB} za^PRj_zTE?s>S~hZvJ}xuLu6l6*&Jw^4r#b9Tbo9uOz>Z;&=N03gEw+@&7~qtBDUh z8O;%PyW){QX;x_a-vs=XjDH!O={PMQrf1XtHRI1Fe-v>}{&~RP=Sy7wV)EPCzlY*c z{&~QEEAYR>_^Zi3$jIO9f6p=gLQwyez<=CVIRCzN>iEqg48Qx^+FwR09_3$7{v>*- zQ~x`Fe-qu_Mg^@NA)YB_>;8w?*s7{ zF#c8KKg;4@#rUg%|9;@F_YKbfbMo8PuLl@^LPlu+eE|5+W&D4U-?n~DRy?YID)2uD z{3VS4*m`bD+x#yu{!HM12>4I^7T3R{7KsQSr6iWk@2q~zis_j%=jzGudn|e2maxeIRA3;=NS`*IsXk&Jjy?6 zwmW|G^z~5mv&i{n^-sX=J6_4_d1^!~-U(NV?d-UJQ_!EHtdEjsL z1I~XG`EBigoZ?abspQw&e-rTE$oL;1|4`~bfhS`)hW*U&yNMqW0O{G}cQf%9gZjM; z;vbu8yOr@*l3$;H zw*dbx#(xv})$%atVa~r_F#f1acl=io?X3S_2mbLt;`W;t;kIArAbVJt=|5NTsQwX` zgw8*uz`ug=uOh##|2)O;4-;?BpJxAmoQXdM#QzqE{~gA^h5Rin^=t4Gu75f4Nftg_ z@u>ds6n}ts+W#F8|6s-+)4;9NIfmb?-pl{Z^8{i6#D@7=DdM{#G@>oi;J&-y-5|@4s$TJnBD1p#OXf^6&Qx z_WwqH+x4@jDIWQ&f&UZWZ}2Pj_dUk#skZSSu6X26nAh0fa{BR$Pl3OT@sB0HZTvU< z4ac8Oe3H?B%>G+n@hJXOia)?Rq{{`buB)@I_u!HeO0sr^F-|lyu|7`M`^S{}DqZNT_YY?M|6u$jp#HxD|Aaqr{o@+DJ>Ay+;}nnTUj_Vs0{B#@~aCKPD@5{`m{|>s90YFY)L+)^!@=?GX8%(`WG?&QsA!#{691P zR!!XTXKVl6jK2cZ|0v)ey${zvnf$i#KT`3i{*epZ@u&B{qk(@7cpp#F`4|8>T{!(;ou!uSh- zzbWvyQr8JNJ>7i&S*NMn|84DmoZ?abWuX4efd5j)-`b;p9^ zE5;wTFm(JK2mHg;bvmg27kSKoh~iQG)$f6h`os$VwnM+1Ke<3EM`w(;`<<1Ym5*B1C& zsq2hT{~6-Zf1Kh`{w2U41N_%A{>dKw%NTz-@V5v4eT;t*`Ad!dXRhCWXZ%&Z{~o5#=0{2yib z*N7i#)X(fc>lBabmrL>chEhy8j*q{N2@gDwO{>L-u~wSe_M5&73Kd2`8!+ozb7aj<)01mKOgwVGX4{fcgLS?{cQ@5dp9bQ;h4F7Ae`}-t%=)ch z{N=zu9r()`e>X#e@Ze;MPiB)_fwvlxFq$bSLw zZ(;o5C%7Zc*8cx6d@JH@?VqULXQTSZ5^rn&fr>}XfIo@x-%5U4`(MHEg~Z$1zl7nRA>P*hFDM?hf8>(T z_4iVc|8eSl9;$yC`EBhVsd(g%CBMG@y$bjjF#hmX?)bB{e>Yqrwt^NBc9@Re+Pt`ggSAk-rl7Zv+1O7=O#wZl<>J_aVb~CEhmvPEhk4s{a|p+s0oD#iRVg zt_+=j?*#eJW&C43`e!lzDB!;f__s3tIpl9&+tvI(neG1?rSKZ$tf{L?+ae;4Ebmi)HkpDP)EA*la-z~4oAQ2tTTZl<>J-%;@> z{}SN8ANZFt{yyZl&HsxTe>rIX2Y~-8#(xp{2UyzwGsYj0VG%m&mq4){vQSY z!EJH=-PLxT$222c>ApWO7{Bbcj{(X$!tlue$NB#uhe;W7~ zGX9pTU7Uw){qYFHcO~A|fA%o^8N}PxAKx+gr-J;S1NkSk!}TBQ(ce$;sQ#J2{{rye z#rWrtzkOif(6ib8D;a+-`2*w68UHT=|IzJn{(0oLtv~829_3$5etrM*GVtdx{%^@| zTYp^6_`{Zk&L6J;f18tV{!waNI}h9Vk5W9!KMMF?1^yhy--rCR^~dFmKaTu*`@aVK zUoif3CV#X4?O^;qkpCON-@OB_|8nx%=AVlh{%+!J^UpI3Ur4-d{&`aIsQt4+{%?W& zkL`%_-%Ng6`!`WM^5=o}e;fE0GXCE^*6$654_EWD^DsYuZ}y+2opAn5iMO?%kKx-A z-_##P?H{IpEyH*B82=uI@9Q!CGf&3(CwYv2DZ{6FjQ?$hpXM?C_OUqrc^>1R#qi5K z#=n8#Z}b>{z0NrP)gI#?%JAzw#(x{bKkG66N``;kWBhSlaQ+{8jQ=u*|I%apZ!!GO z9{Gl+;Q0R`zD4cO_y6S1O0~btX82}mUFAFm*S^&MlgZClJeq$?!2J6)n16RN{;}jY z=Rb4)I=3s%e=70j`$seWWW}TSt0;aSK~?f z6o1N9q3gfzLHrvS|KH?KvG^Zj{ORP^*S|jif4A;9|75kUbso0;XBNYsN4(j8%=X{H z@Y6l=b$j6W=M!%mf0r}-wZz-T-$KQs_AjFP>+9cNK>dGU{9Bp)&GDBJhx0Ed-ZuU& zQap;kg5vl2dqG&3Gye91_`hQO{nfhMdDzBZ$DTO;Wa4f8Zvn%fN4%~7y~FS`JjUOu z7mj}+@n-)s+wVGtzn=IhRR6$}$uCztYQKc#?)>8;&}qNFLHqr}_HfOF|0?5eq}~@f4_p5ma4L>JhWIHIci_paUth(e z_>(ApAAwH)I|{_Vf$=XTzis@Ua2k&PX5wxAuZ7}K{Dl<1-v1&%{C6<^F!jF7d7MZ2 z2cFFK|9_30OK1~O6oyBGrHYkUUsWl#h&81M1z)MHeTYg$sX>tz3pKvG5R4183O>-H zu}F|AoNsQtN8nc7Pr` zT7ORke&n*b{?7WJ%kaDF`1~h zbxYgZ+=lYU1b*nMn_tfGOY6<`qxlc2b-8Y-9NONa{1T<-^54^M_Lf7A~ z^j!UayleOw2fv2luM_wowJz1oZ*OxOn*Y@TKXu>mozJf;7=9A?Q_1`r2L8bu+TN=m z$5re3{EdJfpVLuB{Z}eIm%nlF-wHxKf7dep+kj8~XMn!|!O+uuo)G+JJ^DW;_^*9n z^6&J&lJS3A@b6dadfn*#ljiTG;J*U&h4TMQ@ZZDuU&HwSAoy6Z>reY{ zWBh*r|3q#@fj=-k-x)j(O`bj~@KeCg4jH}XhZz2tz^|&;qr$Sjk_nvhe+&BA+l@Y4 zKWWw8q528Ie{%0^`}}N&(QE%Z8UMx2X8h+<)c-2(GyE3v0*Uf{N^g&U@&$?4hF`Wj z$KS>9%LV@Pq~Qki83vHWb?>=5*eBkHE$9|Qd z|8+sVtXA!45h_iOI_$TAp5DK^^^b*A!*OEN?&FOZKY4zRoiy<~$4@5{|8c>81o#yQ zh8}%me-`xQG%E&r`Z?-R*(=WO{$ Gmh~UmWKZ}2 literal 0 HcmV?d00001 diff --git a/ProvisioningTool/keymint/src/cppbor/cppbor.cpp b/ProvisioningTool/keymint/src/cppbor/cppbor.cpp new file mode 100644 index 00000000..3414b8e5 --- /dev/null +++ b/ProvisioningTool/keymint/src/cppbor/cppbor.cpp @@ -0,0 +1,626 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include + +#include +#include + +#include + +using std::string; +using std::vector; + + +#if !defined(__TRUSTY__) && !defined(__LINUX__) +#include +#define LOG_TAG "CppBor" +#else +#define CHECK(x) (void)(x) +#endif + +#ifdef __LINUX__ +#define ERROR "ERROR: " +#define LOG(x) std::cout << x +#endif + +namespace cppbor { + +namespace { + +template ::value>> +Iterator writeBigEndian(T value, Iterator pos) { + for (unsigned i = 0; i < sizeof(value); ++i) { + *pos++ = static_cast(value >> (8 * (sizeof(value) - 1))); + value = static_cast(value << 8); + } + return pos; +} + +template ::value>> +void writeBigEndian(T value, std::function& cb) { + for (unsigned i = 0; i < sizeof(value); ++i) { + cb(static_cast(value >> (8 * (sizeof(value) - 1)))); + value = static_cast(value << 8); + } +} + +bool cborAreAllElementsNonCompound(const Item* compoundItem) { + if (compoundItem->type() == ARRAY) { + const Array* array = compoundItem->asArray(); + for (size_t n = 0; n < array->size(); n++) { + const Item* entry = (*array)[n].get(); + switch (entry->type()) { + case ARRAY: + case MAP: + return false; + default: + break; + } + } + } else { + const Map* map = compoundItem->asMap(); + for (auto& [keyEntry, valueEntry] : *map) { + switch (keyEntry->type()) { + case ARRAY: + case MAP: + return false; + default: + break; + } + switch (valueEntry->type()) { + case ARRAY: + case MAP: + return false; + default: + break; + } + } + } + return true; +} + +bool prettyPrintInternal(const Item* item, string& out, size_t indent, size_t maxBStrSize, + const vector& mapKeysToNotPrint) { + if (!item) { + out.append(""); + return false; + } + + char buf[80]; + + string indentString(indent, ' '); + + size_t tagCount = item->semanticTagCount(); + while (tagCount > 0) { + --tagCount; + snprintf(buf, sizeof(buf), "tag %" PRIu64 " ", item->semanticTag(tagCount)); + out.append(buf); + } + + switch (item->type()) { + case SEMANTIC: + // Handled above. + break; + + case UINT: + snprintf(buf, sizeof(buf), "%" PRIu64, item->asUint()->unsignedValue()); + out.append(buf); + break; + + case NINT: + snprintf(buf, sizeof(buf), "%" PRId64, item->asNint()->value()); + out.append(buf); + break; + + case BSTR: { + const uint8_t* valueData; + size_t valueSize; + const Bstr* bstr = item->asBstr(); + if (bstr != nullptr) { + const vector& value = bstr->value(); + valueData = value.data(); + valueSize = value.size(); + } else { + const ViewBstr* viewBstr = item->asViewBstr(); + assert(viewBstr != nullptr); + + std::basic_string_view view = viewBstr->view(); + valueData = view.data(); + valueSize = view.size(); + } + + if (valueSize > maxBStrSize) { + unsigned char digest[SHA_DIGEST_LENGTH]; + SHA_CTX ctx; + SHA1_Init(&ctx); + SHA1_Update(&ctx, valueData, valueSize); + SHA1_Final(digest, &ctx); + char buf2[SHA_DIGEST_LENGTH * 2 + 1]; + for (size_t n = 0; n < SHA_DIGEST_LENGTH; n++) { + snprintf(buf2 + n * 2, 3, "%02x", digest[n]); + } + snprintf(buf, sizeof(buf), "", valueSize, buf2); + out.append(buf); + } else { + out.append("{"); + for (size_t n = 0; n < valueSize; n++) { + if (n > 0) { + out.append(", "); + } + snprintf(buf, sizeof(buf), "0x%02x", valueData[n]); + out.append(buf); + } + out.append("}"); + } + } break; + + case TSTR: + out.append("'"); + { + // TODO: escape "'" characters + if (item->asTstr() != nullptr) { + out.append(item->asTstr()->value().c_str()); + } else { + const ViewTstr* viewTstr = item->asViewTstr(); + assert(viewTstr != nullptr); + out.append(viewTstr->view()); + } + } + out.append("'"); + break; + + case ARRAY: { + const Array* array = item->asArray(); + if (array->size() == 0) { + out.append("[]"); + } else if (cborAreAllElementsNonCompound(array)) { + out.append("["); + for (size_t n = 0; n < array->size(); n++) { + if (!prettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize, + mapKeysToNotPrint)) { + return false; + } + out.append(", "); + } + out.append("]"); + } else { + out.append("[\n" + indentString); + for (size_t n = 0; n < array->size(); n++) { + out.append(" "); + if (!prettyPrintInternal((*array)[n].get(), out, indent + 2, maxBStrSize, + mapKeysToNotPrint)) { + return false; + } + out.append(",\n" + indentString); + } + out.append("]"); + } + } break; + + case MAP: { + const Map* map = item->asMap(); + + if (map->size() == 0) { + out.append("{}"); + } else { + out.append("{\n" + indentString); + for (auto& [map_key, map_value] : *map) { + out.append(" "); + + if (!prettyPrintInternal(map_key.get(), out, indent + 2, maxBStrSize, + mapKeysToNotPrint)) { + return false; + } + out.append(" : "); + if (map_key->type() == TSTR && + std::find(mapKeysToNotPrint.begin(), mapKeysToNotPrint.end(), + map_key->asTstr()->value()) != mapKeysToNotPrint.end()) { + out.append(""); + } else { + if (!prettyPrintInternal(map_value.get(), out, indent + 2, maxBStrSize, + mapKeysToNotPrint)) { + return false; + } + } + out.append(",\n" + indentString); + } + out.append("}"); + } + } break; + + case SIMPLE: + const Bool* asBool = item->asSimple()->asBool(); + const Null* asNull = item->asSimple()->asNull(); + if (asBool != nullptr) { + out.append(asBool->value() ? "true" : "false"); + } else if (asNull != nullptr) { + out.append("null"); + } else { +#ifndef __TRUSTY__ + LOG(ERROR) << "Only boolean/null is implemented for SIMPLE"; +#endif // __TRUSTY__ + return false; + } + break; + } + + return true; +} + +} // namespace + +size_t headerSize(uint64_t addlInfo) { + if (addlInfo < ONE_BYTE_LENGTH) return 1; + if (addlInfo <= std::numeric_limits::max()) return 2; + if (addlInfo <= std::numeric_limits::max()) return 3; + if (addlInfo <= std::numeric_limits::max()) return 5; + return 9; +} + +uint8_t* encodeHeader(MajorType type, uint64_t addlInfo, uint8_t* pos, const uint8_t* end) { + size_t sz = headerSize(addlInfo); + if (end - pos < static_cast(sz)) return nullptr; + switch (sz) { + case 1: + *pos++ = type | static_cast(addlInfo); + return pos; + case 2: + *pos++ = type | ONE_BYTE_LENGTH; + *pos++ = static_cast(addlInfo); + return pos; + case 3: + *pos++ = type | TWO_BYTE_LENGTH; + return writeBigEndian(static_cast(addlInfo), pos); + case 5: + *pos++ = type | FOUR_BYTE_LENGTH; + return writeBigEndian(static_cast(addlInfo), pos); + case 9: + *pos++ = type | EIGHT_BYTE_LENGTH; + return writeBigEndian(addlInfo, pos); + default: + CHECK(false); // Impossible to get here. + return nullptr; + } +} + +void encodeHeader(MajorType type, uint64_t addlInfo, EncodeCallback encodeCallback) { + size_t sz = headerSize(addlInfo); + switch (sz) { + case 1: + encodeCallback(type | static_cast(addlInfo)); + break; + case 2: + encodeCallback(type | ONE_BYTE_LENGTH); + encodeCallback(static_cast(addlInfo)); + break; + case 3: + encodeCallback(type | TWO_BYTE_LENGTH); + writeBigEndian(static_cast(addlInfo), encodeCallback); + break; + case 5: + encodeCallback(type | FOUR_BYTE_LENGTH); + writeBigEndian(static_cast(addlInfo), encodeCallback); + break; + case 9: + encodeCallback(type | EIGHT_BYTE_LENGTH); + writeBigEndian(addlInfo, encodeCallback); + break; + default: + CHECK(false); // Impossible to get here. + } +} + +bool Item::operator==(const Item& other) const& { + if (type() != other.type()) return false; + switch (type()) { + case UINT: + return *asUint() == *(other.asUint()); + case NINT: + return *asNint() == *(other.asNint()); + case BSTR: + if (asBstr() != nullptr && other.asBstr() != nullptr) { + return *asBstr() == *(other.asBstr()); + } + if (asViewBstr() != nullptr && other.asViewBstr() != nullptr) { + return *asViewBstr() == *(other.asViewBstr()); + } + // Interesting corner case: comparing a Bstr and ViewBstr with + // identical contents. The function currently returns false for + // this case. + // TODO: if it should return true, this needs a deep comparison + return false; + case TSTR: + if (asTstr() != nullptr && other.asTstr() != nullptr) { + return *asTstr() == *(other.asTstr()); + } + if (asViewTstr() != nullptr && other.asViewTstr() != nullptr) { + return *asViewTstr() == *(other.asViewTstr()); + } + // Same corner case as Bstr + return false; + case ARRAY: + return *asArray() == *(other.asArray()); + case MAP: + return *asMap() == *(other.asMap()); + case SIMPLE: + return *asSimple() == *(other.asSimple()); + case SEMANTIC: + return *asSemanticTag() == *(other.asSemanticTag()); + default: + CHECK(false); // Impossible to get here. + return false; + } +} + +Nint::Nint(int64_t v) : mValue(v) { + CHECK(v < 0); +} + +bool Simple::operator==(const Simple& other) const& { + if (simpleType() != other.simpleType()) return false; + + switch (simpleType()) { + case BOOLEAN: + return *asBool() == *(other.asBool()); + case NULL_T: + return true; + default: + CHECK(false); // Impossible to get here. + return false; + } +} + +uint8_t* Bstr::encode(uint8_t* pos, const uint8_t* end) const { + pos = encodeHeader(mValue.size(), pos, end); + if (!pos || end - pos < static_cast(mValue.size())) return nullptr; + return std::copy(mValue.begin(), mValue.end(), pos); +} + +void Bstr::encodeValue(EncodeCallback encodeCallback) const { + for (auto c : mValue) { + encodeCallback(c); + } +} + +uint8_t* ViewBstr::encode(uint8_t* pos, const uint8_t* end) const { + pos = encodeHeader(mView.size(), pos, end); + if (!pos || end - pos < static_cast(mView.size())) return nullptr; + return std::copy(mView.begin(), mView.end(), pos); +} + +void ViewBstr::encodeValue(EncodeCallback encodeCallback) const { + for (auto c : mView) { + encodeCallback(static_cast(c)); + } +} + +uint8_t* Tstr::encode(uint8_t* pos, const uint8_t* end) const { + pos = encodeHeader(mValue.size(), pos, end); + if (!pos || end - pos < static_cast(mValue.size())) return nullptr; + return std::copy(mValue.begin(), mValue.end(), pos); +} + +void Tstr::encodeValue(EncodeCallback encodeCallback) const { + for (auto c : mValue) { + encodeCallback(static_cast(c)); + } +} + +uint8_t* ViewTstr::encode(uint8_t* pos, const uint8_t* end) const { + pos = encodeHeader(mView.size(), pos, end); + if (!pos || end - pos < static_cast(mView.size())) return nullptr; + return std::copy(mView.begin(), mView.end(), pos); +} + +void ViewTstr::encodeValue(EncodeCallback encodeCallback) const { + for (auto c : mView) { + encodeCallback(static_cast(c)); + } +} + +bool Array::operator==(const Array& other) const& { + return size() == other.size() + // Can't use vector::operator== because the contents are pointers. std::equal lets us + // provide a predicate that does the dereferencing. + && std::equal(mEntries.begin(), mEntries.end(), other.mEntries.begin(), + [](auto& a, auto& b) -> bool { return *a == *b; }); +} + +uint8_t* Array::encode(uint8_t* pos, const uint8_t* end) const { + pos = encodeHeader(size(), pos, end); + if (!pos) return nullptr; + for (auto& entry : mEntries) { + pos = entry->encode(pos, end); + if (!pos) return nullptr; + } + return pos; +} + +void Array::encode(EncodeCallback encodeCallback) const { + encodeHeader(size(), encodeCallback); + for (auto& entry : mEntries) { + entry->encode(encodeCallback); + } +} + +std::unique_ptr Array::clone() const { + auto res = std::make_unique(); + for (size_t i = 0; i < mEntries.size(); i++) { + res->add(mEntries[i]->clone()); + } + return res; +} + +bool Map::operator==(const Map& other) const& { + return size() == other.size() + // Can't use vector::operator== because the contents are pairs of pointers. std::equal + // lets us provide a predicate that does the dereferencing. + && std::equal(begin(), end(), other.begin(), [](auto& a, auto& b) { + return *a.first == *b.first && *a.second == *b.second; + }); +} + +uint8_t* Map::encode(uint8_t* pos, const uint8_t* end) const { + pos = encodeHeader(size(), pos, end); + if (!pos) return nullptr; + for (auto& entry : mEntries) { + pos = entry.first->encode(pos, end); + if (!pos) return nullptr; + pos = entry.second->encode(pos, end); + if (!pos) return nullptr; + } + return pos; +} + +void Map::encode(EncodeCallback encodeCallback) const { + encodeHeader(size(), encodeCallback); + for (auto& entry : mEntries) { + entry.first->encode(encodeCallback); + entry.second->encode(encodeCallback); + } +} + +bool Map::keyLess(const Item* a, const Item* b) { + // CBOR map canonicalization rules are: + + // 1. If two keys have different lengths, the shorter one sorts earlier. + if (a->encodedSize() < b->encodedSize()) return true; + if (a->encodedSize() > b->encodedSize()) return false; + + // 2. If two keys have the same length, the one with the lower value in (byte-wise) lexical + // order sorts earlier. This requires encoding both items. + auto encodedA = a->encode(); + auto encodedB = b->encode(); + + return std::lexicographical_compare(encodedA.begin(), encodedA.end(), // + encodedB.begin(), encodedB.end()); +} + +void recursivelyCanonicalize(std::unique_ptr& item) { + switch (item->type()) { + case UINT: + case NINT: + case BSTR: + case TSTR: + case SIMPLE: + return; + + case ARRAY: + std::for_each(item->asArray()->begin(), item->asArray()->end(), + recursivelyCanonicalize); + return; + + case MAP: + item->asMap()->canonicalize(true /* recurse */); + return; + + case SEMANTIC: + // This can't happen. SemanticTags delegate their type() method to the contained Item's + // type. + assert(false); + return; + } +} + +Map& Map::canonicalize(bool recurse) & { + if (recurse) { + for (auto& entry : mEntries) { + recursivelyCanonicalize(entry.first); + recursivelyCanonicalize(entry.second); + } + } + + if (size() < 2 || mCanonicalized) { + // Trivially or already canonical; do nothing. + return *this; + } + + std::sort(begin(), end(), + [](auto& a, auto& b) { return keyLess(a.first.get(), b.first.get()); }); + mCanonicalized = true; + return *this; +} + +std::unique_ptr Map::clone() const { + auto res = std::make_unique(); + for (auto& [key, value] : *this) { + res->add(key->clone(), value->clone()); + } + res->mCanonicalized = mCanonicalized; + return res; +} + +std::unique_ptr SemanticTag::clone() const { + return std::make_unique(mValue, mTaggedItem->clone()); +} + +uint8_t* SemanticTag::encode(uint8_t* pos, const uint8_t* end) const { + // Can't use the encodeHeader() method that calls type() to get the major type, since that will + // return the tagged Item's type. + pos = ::cppbor::encodeHeader(kMajorType, mValue, pos, end); + if (!pos) return nullptr; + return mTaggedItem->encode(pos, end); +} + +void SemanticTag::encode(EncodeCallback encodeCallback) const { + // Can't use the encodeHeader() method that calls type() to get the major type, since that will + // return the tagged Item's type. + ::cppbor::encodeHeader(kMajorType, mValue, encodeCallback); + mTaggedItem->encode(encodeCallback); +} + +size_t SemanticTag::semanticTagCount() const { + size_t levelCount = 1; // Count this level. + const SemanticTag* cur = this; + while (cur->mTaggedItem && (cur = cur->mTaggedItem->asSemanticTag()) != nullptr) ++levelCount; + return levelCount; +} + +uint64_t SemanticTag::semanticTag(size_t nesting) const { + // Getting the value of a specific nested tag is a bit tricky, because we start with the outer + // tag and don't know how many are inside. We count the number of nesting levels to find out + // how many there are in total, then to get the one we want we have to walk down levelCount - + // nesting steps. + size_t levelCount = semanticTagCount(); + if (nesting >= levelCount) return 0; + + levelCount -= nesting; + const SemanticTag* cur = this; + while (--levelCount > 0) cur = cur->mTaggedItem->asSemanticTag(); + + return cur->mValue; +} + +string prettyPrint(const Item* item, size_t maxBStrSize, const vector& mapKeysToNotPrint) { + string out; + prettyPrintInternal(item, out, 0, maxBStrSize, mapKeysToNotPrint); + return out; +} +string prettyPrint(const vector& encodedCbor, size_t maxBStrSize, + const vector& mapKeysToNotPrint) { + auto [item, _, message] = parse(encodedCbor); + if (item == nullptr) { +#ifndef __TRUSTY__ + LOG(ERROR) << "Data to pretty print is not valid CBOR: " << message; +#endif // __TRUSTY__ + return ""; + } + + return prettyPrint(item.get(), maxBStrSize, mapKeysToNotPrint); +} + +} // namespace cppbor diff --git a/ProvisioningTool/keymint/src/cppbor/cppbor_parse.cpp b/ProvisioningTool/keymint/src/cppbor/cppbor_parse.cpp new file mode 100644 index 00000000..b1803310 --- /dev/null +++ b/ProvisioningTool/keymint/src/cppbor/cppbor_parse.cpp @@ -0,0 +1,389 @@ +/* + * Copyright 2019 Google LLC + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * https://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "cppbor/cppbor_parse.h" + +#include + +#if !defined( __TRUSTY__) && !defined(__LINUX__) +#include +#define LOG_TAG "CppBor" +#else +#define CHECK(x) (void)(x) +#endif + +namespace cppbor { + +namespace { + +std::string insufficientLengthString(size_t bytesNeeded, size_t bytesAvail, + const std::string& type) { + char buf[1024]; + snprintf(buf, sizeof(buf), "Need %zu byte(s) for %s, have %zu.", bytesNeeded, type.c_str(), + bytesAvail); + return std::string(buf); +} + +template >> +std::tuple parseLength(const uint8_t* pos, const uint8_t* end, + ParseClient* parseClient) { + if (pos + sizeof(T) > end) { + parseClient->error(pos - 1, insufficientLengthString(sizeof(T), end - pos, "length field")); + return {false, 0, pos}; + } + + const uint8_t* intEnd = pos + sizeof(T); + T result = 0; + do { + result = static_cast((result << 8) | *pos++); + } while (pos < intEnd); + return {true, result, pos}; +} + +std::tuple parseRecursively(const uint8_t* begin, const uint8_t* end, + bool emitViews, ParseClient* parseClient); + +std::tuple handleUint(uint64_t value, const uint8_t* hdrBegin, + const uint8_t* hdrEnd, + ParseClient* parseClient) { + std::unique_ptr item = std::make_unique(value); + return {hdrEnd, + parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)}; +} + +std::tuple handleNint(uint64_t value, const uint8_t* hdrBegin, + const uint8_t* hdrEnd, + ParseClient* parseClient) { + if (value > std::numeric_limits::max()) { + parseClient->error(hdrBegin, "NINT values that don't fit in int64_t are not supported."); + return {hdrBegin, nullptr /* end parsing */}; + } + std::unique_ptr item = std::make_unique(-1 - static_cast(value)); + return {hdrEnd, + parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)}; +} + +std::tuple handleBool(uint64_t value, const uint8_t* hdrBegin, + const uint8_t* hdrEnd, + ParseClient* parseClient) { + std::unique_ptr item = std::make_unique(value == TRUE); + return {hdrEnd, + parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)}; +} + +std::tuple handleNull(const uint8_t* hdrBegin, const uint8_t* hdrEnd, + ParseClient* parseClient) { + std::unique_ptr item = std::make_unique(); + return {hdrEnd, + parseClient->item(item, hdrBegin, hdrEnd /* valueBegin */, hdrEnd /* itemEnd */)}; +} + +template +std::tuple handleString(uint64_t length, const uint8_t* hdrBegin, + const uint8_t* valueBegin, const uint8_t* end, + const std::string& errLabel, + ParseClient* parseClient) { + if (end - valueBegin < static_cast(length)) { + parseClient->error(hdrBegin, insufficientLengthString(length, end - valueBegin, errLabel)); + return {hdrBegin, nullptr /* end parsing */}; + } + + std::unique_ptr item = std::make_unique(valueBegin, valueBegin + length); + return {valueBegin + length, + parseClient->item(item, hdrBegin, valueBegin, valueBegin + length)}; +} + +class IncompleteItem { + public: + virtual ~IncompleteItem() {} + virtual void add(std::unique_ptr item) = 0; +}; + +class IncompleteArray : public Array, public IncompleteItem { + public: + explicit IncompleteArray(size_t size) : mSize(size) {} + + // We return the "complete" size, rather than the actual size. + size_t size() const override { return mSize; } + + void add(std::unique_ptr item) override { + mEntries.reserve(mSize); + mEntries.push_back(std::move(item)); + } + + private: + size_t mSize; +}; + +class IncompleteMap : public Map, public IncompleteItem { + public: + explicit IncompleteMap(size_t size) : mSize(size) {} + + // We return the "complete" size, rather than the actual size. + size_t size() const override { return mSize; } + + void add(std::unique_ptr item) override { + if (mKeyHeldForAdding) { + mEntries.reserve(mSize); + mEntries.push_back({std::move(mKeyHeldForAdding), std::move(item)}); + } else { + mKeyHeldForAdding = std::move(item); + } + } + + private: + std::unique_ptr mKeyHeldForAdding; + size_t mSize; +}; + +class IncompleteSemanticTag : public SemanticTag, public IncompleteItem { + public: + explicit IncompleteSemanticTag(uint64_t value) : SemanticTag(value) {} + + // We return the "complete" size, rather than the actual size. + size_t size() const override { return 1; } + + void add(std::unique_ptr item) override { mTaggedItem = std::move(item); } +}; + +std::tuple handleEntries(size_t entryCount, const uint8_t* hdrBegin, + const uint8_t* pos, const uint8_t* end, + const std::string& typeName, + bool emitViews, + ParseClient* parseClient) { + while (entryCount > 0) { + --entryCount; + if (pos == end) { + parseClient->error(hdrBegin, "Not enough entries for " + typeName + "."); + return {hdrBegin, nullptr /* end parsing */}; + } + std::tie(pos, parseClient) = parseRecursively(pos, end, emitViews, parseClient); + if (!parseClient) return {hdrBegin, nullptr}; + } + return {pos, parseClient}; +} + +std::tuple handleCompound( + std::unique_ptr item, uint64_t entryCount, const uint8_t* hdrBegin, + const uint8_t* valueBegin, const uint8_t* end, const std::string& typeName, + bool emitViews, ParseClient* parseClient) { + parseClient = + parseClient->item(item, hdrBegin, valueBegin, valueBegin /* don't know the end yet */); + if (!parseClient) return {hdrBegin, nullptr}; + + const uint8_t* pos; + std::tie(pos, parseClient) = + handleEntries(entryCount, hdrBegin, valueBegin, end, typeName, emitViews, parseClient); + if (!parseClient) return {hdrBegin, nullptr}; + + return {pos, parseClient->itemEnd(item, hdrBegin, valueBegin, pos)}; +} + +std::tuple parseRecursively(const uint8_t* begin, const uint8_t* end, + bool emitViews, ParseClient* parseClient) { + const uint8_t* pos = begin; + + MajorType type = static_cast(*pos & 0xE0); + uint8_t tagInt = *pos & 0x1F; + ++pos; + + bool success = true; + uint64_t addlData; + if (tagInt < ONE_BYTE_LENGTH) { + addlData = tagInt; + } else if (tagInt > EIGHT_BYTE_LENGTH) { + parseClient->error( + begin, + "Reserved additional information value or unsupported indefinite length item."); + return {begin, nullptr}; + } else { + switch (tagInt) { + case ONE_BYTE_LENGTH: + std::tie(success, addlData, pos) = parseLength(pos, end, parseClient); + break; + + case TWO_BYTE_LENGTH: + std::tie(success, addlData, pos) = parseLength(pos, end, parseClient); + break; + + case FOUR_BYTE_LENGTH: + std::tie(success, addlData, pos) = parseLength(pos, end, parseClient); + break; + + case EIGHT_BYTE_LENGTH: + std::tie(success, addlData, pos) = parseLength(pos, end, parseClient); + break; + + default: + CHECK(false); // It's impossible to get here + break; + } + } + + if (!success) return {begin, nullptr}; + + switch (type) { + case UINT: + return handleUint(addlData, begin, pos, parseClient); + + case NINT: + return handleNint(addlData, begin, pos, parseClient); + + case BSTR: + if (emitViews) { + return handleString(addlData, begin, pos, end, "byte string", parseClient); + } else { + return handleString(addlData, begin, pos, end, "byte string", parseClient); + } + + case TSTR: + if (emitViews) { + return handleString(addlData, begin, pos, end, "text string", parseClient); + } else { + return handleString(addlData, begin, pos, end, "text string", parseClient); + } + + case ARRAY: + return handleCompound(std::make_unique(addlData), addlData, begin, pos, + end, "array", emitViews, parseClient); + + case MAP: + return handleCompound(std::make_unique(addlData), addlData * 2, begin, + pos, end, "map", emitViews, parseClient); + + case SEMANTIC: + return handleCompound(std::make_unique(addlData), 1, begin, pos, + end, "semantic", emitViews, parseClient); + + case SIMPLE: + switch (addlData) { + case TRUE: + case FALSE: + return handleBool(addlData, begin, pos, parseClient); + case NULL_V: + return handleNull(begin, pos, parseClient); + default: + parseClient->error(begin, "Unsupported floating-point or simple value."); + return {begin, nullptr}; + } + } + CHECK(false); // Impossible to get here. + return {}; +} + +class FullParseClient : public ParseClient { + public: + virtual ParseClient* item(std::unique_ptr& item, const uint8_t*, const uint8_t*, + const uint8_t* end) override { + if (mParentStack.empty() && !item->isCompound()) { + // This is the first and only item. + mTheItem = std::move(item); + mPosition = end; + return nullptr; // We're done. + } + + if (item->isCompound()) { + // Starting a new compound data item, i.e. a new parent. Save it on the parent stack. + // It's safe to save a raw pointer because the unique_ptr is guaranteed to stay in + // existence until the corresponding itemEnd() call. + mParentStack.push(item.get()); + return this; + } else { + appendToLastParent(std::move(item)); + return this; + } + } + + virtual ParseClient* itemEnd(std::unique_ptr& item, const uint8_t*, const uint8_t*, + const uint8_t* end) override { + CHECK(item->isCompound() && item.get() == mParentStack.top()); + mParentStack.pop(); + + if (mParentStack.empty()) { + mTheItem = std::move(item); + mPosition = end; + return nullptr; // We're done + } else { + appendToLastParent(std::move(item)); + return this; + } + } + + virtual void error(const uint8_t* position, const std::string& errorMessage) override { + mPosition = position; + mErrorMessage = errorMessage; + } + + std::tuple /* result */, const uint8_t* /* newPos */, + std::string /* errMsg */> + parseResult() { + std::unique_ptr p = std::move(mTheItem); + return {std::move(p), mPosition, std::move(mErrorMessage)}; + } + + private: + void appendToLastParent(std::unique_ptr item) { + auto parent = mParentStack.top(); +//#if __has_feature(cxx_rtti) + assert(dynamic_cast(parent)); +//#endif + + IncompleteItem* parentItem{}; + if (parent->type() == ARRAY) { + parentItem = static_cast(parent); + } else if (parent->type() == MAP) { + parentItem = static_cast(parent); + } else if (parent->asSemanticTag()) { + parentItem = static_cast(parent); + } else { + CHECK(false); // Impossible to get here. + } + parentItem->add(std::move(item)); + } + + std::unique_ptr mTheItem; + std::stack mParentStack; + const uint8_t* mPosition = nullptr; + std::string mErrorMessage; +}; + +} // anonymous namespace + +void parse(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient) { + parseRecursively(begin, end, false, parseClient); +} + +std::tuple /* result */, const uint8_t* /* newPos */, + std::string /* errMsg */> +parse(const uint8_t* begin, const uint8_t* end) { + FullParseClient parseClient; + parse(begin, end, &parseClient); + return parseClient.parseResult(); +} + +void parseWithViews(const uint8_t* begin, const uint8_t* end, ParseClient* parseClient) { + parseRecursively(begin, end, true, parseClient); +} + +std::tuple /* result */, const uint8_t* /* newPos */, + std::string /* errMsg */> +parseWithViews(const uint8_t* begin, const uint8_t* end) { + FullParseClient parseClient; + parseWithViews(begin, end, &parseClient); + return parseClient.parseResult(); +} + +} // namespace cppbor diff --git a/ProvisioningTool/keymint/src/cppbor_parse.o b/ProvisioningTool/keymint/src/cppbor_parse.o new file mode 100644 index 0000000000000000000000000000000000000000..584b3faae5ce1b0ac9998164696b3e141d587785 GIT binary patch literal 1478184 zcmeEP2YeO9*56GC30xqN8n6Ww2_jWGhyjgW1T>;iEJ%&QlO`lsQ8b`j;{_}zcGRb0 z$A+MSK@?(-*kZ%jFc{x6`Yf^X{m+>*v$K2ejew}{eaer`|Ln|}nKNh3oGClI_x#*p zhbFnMqyM?iK*zh&p^h_gujb|^hp8Or{s#9oAl^u_!)Y!NED^jE7!`T}aG}tP1TO<# zF7y?GR|;Mwcr|bdu4`~zD`D3OUN3lq;EjSe2`&}9S@0IYTLu3qc$?tuf_Dfm6TB06 zm(X_u?-BZ5;C({h4_uDx0l9w=_>j;K3qAr|A@rlbmAF>ndQ8F|2RsOm7Wxz5W}!a?RtdcY_?ghvz|V#L7x3Rg ze*vr!`b*$fLjMQ&wb0)Pek=H$V6EWyz#oME5%?3XpK<*nVOxPtJ!Si@V3J_6U_D@p z(Di|-xYFdl0kEOaAz&k+8w)lOOc%@m?jm$kU^86J<-P^5rO>T_nYdcZeH-AeLhlCL zUFbc4dkUQeY%BC$z`cduN3fmXzJl$6*|<93+E2nd3U&f^7PX%A2=H*BhXRM; z8jkA-2|E&)C-hOk5kemgJVxkz;ITp<2OKH%@xT*=K2h)_;3%O_296eb3~;Q_;{?Y8 zCkR~tJVoeJffI$E1pJ54rwL9LoFX_?aGKzB;ORoo0L~P;5LhJiEZ`YJp9wrm=(B<6 z2z@Saw$SGR&lh?Q@B*PP1QrWD7dTJoi+~pkJs%hm`VwG?(3b+ELN5R=6nYWxGNCUQ zyh89w!NtI8guW4Ylh8|nHw%3W@K&M!3A|0{+ktloy$pD# z(02*m4ZKI_dx7@}eZSyx!3Tg33jGl9VWA%Zt`PcB;7Xxa0Us0kalt2mtA$A}5crYM9|J!TdNc4-p{syfg#HXzE%fJt{{sG7 z=r4dZLVpSTO6dOxehvIa=x>4F30*7rJ@5yie+2#{^v}Rwgx(5tQe=DpCJCJktS58| zu)ff#z%-#702>M&5^Mx)EOZlKy3iTGU4(8b*bLZQ=oY}1Lbn2D3f&smM(ACEy9vEJ za1WvP1ZD}{7Pyztdjt0ox*c#|q1ywqh3){{Pw0-o{e|uX>@0K_U{|5L33dk_AaoDG zp1@v0_XhS6x-YPw(ESAm2p$L=DD*+V9H9pZ4i-FE@DO0G(1!vK6FLkWBJ|f-;E}*Qp^p+A0X$mhV}SWW9}7HA=#jwVg+2jzqR=M+M+tp0aJ0~4fMbOoCpcbk zf?xsg6roQAP850)@E<~-2AnMP6v3&$X}G52I$gqM2+jl+3SA^P3wVamX9CX>`fT7i zLZ1tqE%bT7^M#%xc!A)Bz+$223eE#wB=p6C^MMheF9DVaeJL<1^a9{Qp%(!!6Z&%C z6+&MrxLEKi;MGDe5xfR?t82E_LD+C`ETnSty^kagL1D_CjHE@m4PXbGY zUJHCm=ykxSg?>hGz2F95nb6M)J_meW=obWE6nshWWx;a6R|Gc-zAE?{@O7cz0KO@7 z1@JAQ-v+)T^t*!Z0XN}#A6KP>eIWQD@FSr=7W@RbS?EuJRYGq8ekOD^@N=R61^lwzZLpB!CK(=LjNH6qu@`1KMVc>+$ywFAL9#M7;2IPlY#Yw zP7$mROcgp!umP~4&>>(Wp&JV}0j3L`0o+CCrod)GHwU&5x}{(%V5ZQm1=|336?!+| z?n3V&xF;}6=(fPUgx*_lAHjCOeT8lh%oe%>a6h3t0{0iXlVE3H7oocXy9wPLc!1D7 zfIWro1?(+!A7Edh`vLn4JwWh4!GVGY3FZI?2|ZZwVBjG_=K>EE`Y>Qv=pn$vg&qnV zCiHON5kem+m?wCY;0WN+LLURn7y4M>aYBy-9xwC>z!QZ&2{=mVlYyg!9s?XJ^f=&n zp(g+fggym$s?ZaGlZ5^U@HC+(3r-Q73Y;eNbl~Yi&k&p`SO_cCbQfS(p}PUQ3w;2v zhtNHNy@c)!>?3qvU_YVz3l0!G5I9iigMc|g4+0Jr`e5K8LgxYx75Xs2FmQ;_hYJoB z90nXN^bx=#h0YT^N^peW(ZFMb&KEouc%0B91&;@wAoPjAlY|}xJXz?`z%fFP1&$MX zJaB^01%jsto(h~O^d#Uvggy;8S?DQ(Q-RZjo(?=+=ox}DfrUaB0cQz)2JlRw&jOw; z^f`j(0%r?-9`Jmj=KwDd`a;2C;9Q~S0WT8zV&HtCBfv|9E)l#G7!`Vf;6mUcp)Uho zF7y?^D}`PRyh`Y+flGwG26(N|*8#5=`Uc>QLf-^jD)i03TZFz9_)np41Kuw59l&Km z-wC`+=(~aU2z@W`KB4aiE*JU%;DbUx1bkTNM}RAYeiXP;=vBbSgnk_OgwU&jYlMCh zSSs{d;8Q}c13oSEGr;viZvd7F{Veb~p`Qo7AoPpCmxO*9ST6J{z>Pw`3VcoI*MV;c z{U)$N=(m7x3;ho8U7_CtZW8)^!Ajrh5kzLKfter{s#E1(BBEx3Vtv61Mo+oe**q2^e=*2flitlJ6vFr(8<7h zLZ=AU7fc1F3EcqLQ0Ne_k;>#CbRWUKzVc-y<4+jnv zdKhrH&_@7|6gm%hl+Yu9M+m7J3YDtkC0t z;Hg4S1WpqAAHdUuo(!BK^i<$9p{D~+7kUP8rqG4JBB5si&k*`d;8{YS z4LnEabAhvkJ`Z@l&~tzn2z?>2Sm?RHc|umBB3u6 zyc~Fi&{qmB23{rf)xae}Ujw{W=<5Wp2i_p`je<7;mkNEe;4Q#gh5je-Hlc3^-XZid z!8?I>34OQVJ-~Z~z7Kf6(93}j2>qboLxK+j9}#*5@KK>x0#^zB81QkSp8&2FdJXVN zp-X{lg?2!1H|5%6Q7KLKtQ`cq()&|83?30*Dtx!}Km z{}%cSV2#jU0>2XaKZ0Kiegphg=0h6fldP%M}SE}CkxgS zOaayxIu)2EbOT^Rp+ka=1RDdJ2%Qeh5PBD2Q=yv)HWzFGY$a6h3t0{0iX6R@+;U4UJM?k3nBc!1D7 z1bYhh66`J5N3gG8Kf(UM0YV=rI8g8)!5qOsf`bJQ7Cb~SSMX55!vw>ELj(^O94a_W zaJb+Rf=2@Lgg#1e1n_8~j{)WjeJt=ep+^cH4?IEW69rEa90fdC=+S~>fMbOoCpaEB zLFfX(Q-G%mJrOub=zjoD6MC}X6yQ{$rwL96o-Xt(;2A=n2|P>avw`ObeJ*ge(B}cq z7kUox0--Mi77INWI8W${1TO~87dj$%39v-yO9i9A1wt@Od9RD-B0hSNynjYdG>qIm6;IhG;24$vlS0hAKD-u&xc4 zJi_rMiBHwmu3trNeh?EULGzPjthB4iz>p19TKSp^PsJ-gd@3C z$Q&0jqMsmhDGL01SpmE z&7G5eb?MyF^tp>DK?z4GxwFD0nW*5)x_pTEGVYg#qm8LaY$;2koPRWbsm_6`u=Q2u z*BY_&+K^k$nMCu;(TtqBBp1S(nr|Wbpp7}<@5-SdrD{^St?v8^6tKh>L=7T_W>-cv z!fL92xP;XZE>TK}7A+B><1~nH`Xp0DN}J>=>sqP{txi?}p4O~JVnc+ux+7Skq6Dk? z5?NvK?9vwLSC-Dt{S-o=?)jhk>dxwbwrqp6%SddH<=bJ9D8O%!CZG<3EdD$k>{qA) zT2plKtDOlw!|F^c(V1|eL#ocSJWksY!*A?Ni^wTJ?ppCl$gnmX$yhXM-LJ(If1bhV zB1JVSk<^niC@#&SdOt?CsC=E|>$}TC{{wSLeoZ)%m%T_iD9)3EbFxPnmz9a&Ds=Qp zq<|O6gS!Ei%);ZRZr)rkrd@=ouc38=tau>!o^=?RWIXO*Iff-y`if1m%3|^ z%{3@4?P{9Yt5KiW8ud{%8g$Ij;o{GsqS>(BBC^a1sLbRsx3utd4pa54Kt22T>xquR z_4Fkh5_uY_%8ewEr^x<>MK+rdHb!B#;!!hP@OdeD;mB$lFfh1}VOTtpA({ukU=n7C<^W1^Gv?150AkA!2oWy6mlC+) zl6k}$?#ry{^Oh;ko+-o3uo77Ms7xpvM!1-=i8I1P=dtUK4qv1@i8oXrf0ih^n0eT! z2W@>VENOI=DSu6G$mMATJm^XcKb%@d3oqL(l`QA%%=8sesuN}{T#aaMDdePDE2mSn zXA6OiQ43a!HIN|`UWzQwZraT7ywalf;SIT}bMok)K#uAY!^Nvfkxu%&JGsYs z#l#3*-I>Q9r7fwg9+SN4TVs;saKY21s4W|*vdyRGpaZT%2V9PM&@#+}mSP^XWLRYQ zqLSRq`MHbTIjVfcx|lQ-jy^&vv^2pP2&-pRTRQnl856gZvSwV$oNXwDGlArF0ug;S7Y;E2VmZr>@GlMO@R8i*VQ(Me9@-XAqsotX2{3 zqVyGPoW(UR2K26B*a33WcAzp&UmU8G29I{g6 z!u=?8DTj8!l2VZin^Wi<4sDI@sK|x%T)nt*!6zY>< z3q8n!)t&E`i*KXz@^(ZnPLx=#)vb(N%<0Kx%dq7b$Q4xH{eB_&7JY3;gyckth5RDZ z2+5qDkhTn4=(G-$_r6~)zKzaXz9VvRqQr7_Ze!$PPERgdhApii*CFXE?&Yy4Ixn3j zL56iP-(v43u6)Ck#~oI3o9Y%fC~rECCcojR@~z4roV6=eezA&}m%(N5XdT`S5xOHq z**>F>aJ(_oLHS5Y0*n|Ed3JcDW?1BdaO7>0vG;dm&QE7Sttv~I_ePZj;5d%URpOgU z`Rcf(6`Y7w|0DhN=Uen2u2HblN&UkmH;5Ob`VWilL+vb+Rn~~o!Tm}HDnd<`Rm6Gm zbilJvzYa(U(Lp%!*09Kjq=N&#H9FuVUM;yG+(wlSxC&mZUC%Ae;4-0u+msFDF7yl_ ze$ZfMpx9D;`7GPhN_QM6Dt3pizTPmK_J$y9t}Un+O(p zk>RCSI<5?>J(CQbJEnad5XQ?m^ka0IjBxR1bHXJ}$&xp!iD4>lW>lxFBo3tL<4X~t zO$^%QN%Jr8D#EnQ9?2WS$+q0dxhE_M*>>W5q9Zf>+0&Ym7LVSh5Q?iFe}E!1E7pq0x| zky2z?hAgc{f$xO{(w;4r9eaj1tc6d-fXh$F!qJ}8Ep++POK6uRJ4`Q8QPkSU@@ZwN zZ`T`2Dyui3s00`Wm5qL=_K3G`954q@8(;~$g^OobI)x260^8TRs7P*A^%)!(C+*U> zX|wIL{k^nkEU#SDA$>6w+{RyUrj-~;(dZ&_ChkhLBB&vP59aV_gpGl^DG!tApGpO~ zGnxR~A)3yJR_cmYLPKJgJ;D!KYOp0mo(765s=}koRk|_KF}#bdQR`-MIxbz5ZZ`dq z9aXx@XMgJ6vH`?z$Qi@AtGJ0q_WfvRj+cQ{E^b|DUza>1wxHBRQ0;3*cuzAdb2?up=L+VH`_o4x_H`PRP_4X_ni&7m5>;|M?FO4CwxV;YpH6j z7`NQ6YQ^R8&Sh@Z`rL)I!Lu-ZMd{kgvzyI@EB=hTH|%qI)!VLHeV0G$q=(LD?yh+y!=XKI?DJ1^;c$S?>>OPAtE5bDFU66+)ER8OK!^uJswhhmU`w({-(V2zpW|L{-CDBJ}x)qy0`z> zro7MBlxftIc=$D++7fez`C+ssAIgg3Wzn4B24zSw-)_)A-<MT;J=MJ>m7goAv);vlhSlceC!qW>x!P8D@7wZT?iL=|Sd` zT|w{-ZGA;H4U2qQ)rQ?=Zk23u(MLluP+%A1=?rs%h;}}*ktglD@YV`*(bR)DG5TUZ zi}rsxEXYAPpTb04yG@1^0PGF0KNpPbUcu<>i8>~%Yn23&E4__nXb_s zecqC*X6G8CIp#{BIg;4Y9DVcB(;R)BZ-+HUpVIqv%}wL-ae@ZimgWZF_BUuQD^_#Q z`89W{u3DX%W3B|6BZ)1|P3H^|!fj38m)l{@rDE^(*EL6i5qy6PdF%|l}tluXkYM(uSYx}hD zB-Ztoy0r9S$TkqV?d_9I>{twS)f$$2c<&8WKbFU9uk7ku;6X1Gl-o#u8_sKj`!P-dXKB`qOcq#DVr2>BVe!du2-dWK#Q__;S4V$*ius zKV=2mCvzvX&yCo5+zIWo5ZPG$iCPymwcc+)tyh5u(|}570=;xYRTtWok7QcOjAN1x zatjL=*ALw6$*txSG%et4D}Es5!t>ChMHTc61*wS$HG`_J_e3$S&$tHCSsos`w>KRue4v_H@BTgN5~2Msm?qB>o=1M@J7(@n<|soMk>?}5M1Iu z-)WWBO2eP6O7W)F5s>FW@yBq{?I_cPfw9c% zgJ;kIMz!)7NUfxnxN%#mv)zh2AkFvabH>#w0`&T@|a}=-V*E=B1;$N5M zZZ>3ImCXuDgA!w!KxvI+L2t0%)ZFQudQRtG`%tUfr-IZy)&#OkuI|%(_Y!9`sdE+! zTA=6E^vp&l^u~n9?4Ke&e# z5VeMicoK%_RMC@=QR_gd?*UjV(;C$`_z0fWO~gf|ugIYJ(|mfDR+bW3Jj>&ODz}!C z;Q&w*J@KLvsvFyPA`FI7O3BU52f>PGSK*tZlzVj!Z@(a$*1RQDLR&-Ra?O#~>OBxa zle-#z#sihmIQdjK@-nB?MHtJ@$sjo(Gk^WSH;R|!WYFpp8Rpgwqnnc9ybzTkdQ<`=z?6pnVd=;J8sV>|Dd32L zf(cpe&MwLtcUECR_RJ1hr%aoX)o$kgSrf<3DxiqYoXk05$Pve6%^Ewos9# z6wa80^i+f+`Hm=)2EM{Hlts^bH+}cHubD2(~4%! z?$__oqREr<#?F{oaPZ_wsA0c;W2a9qm^$H@X~V|OEJOstvS$`f=-01k>ZH?)3Pw*a zoH0OWGz4M~?BL9tF}{lm8aWmwuc4xv_Q^!u3G=B7WWHw;P)bZ0uu)+dLxZl8R za3lK;&a8s*g(TPvrA}HF$rGG$V`m}*r3x)wAaL~X(c@9b&CTsH88K)M^AY+-DHD&CXqi0S!yCB;W6-A=N z$&;szA3bR*Y@kqO7$?681yEa}?DjjNm(pCf?xPPIcI4ne!$yxjVsy7|Jp;{>EAj>* zLHh39JY63xHgn9_Q)6>UkiOdiUi#r$O~nFFIOwIAGctcUkT zX&vVucp}4TLxP>PIY*1Z28Y?{7)1%i(mCa#8o!Qd9u~$3Rt7;!F@miG+e$tQU>z!_ zgTWXCOuk^2eCcRF$#5imNw+1xY_6J7A8swz?dp3JPtQ>>8a3KG1usCh8ppo^Vdk^( zZAZo|GiYO8qxKt30seGBJ^Er z(y4{jbev36S;qD@Z@-k`&Nwu)ZMjvv!A+0A=u;X|ni%m8fhvWkMPRXlh(i^;2+FGR zW}s&N#hFMWC?%lcCI@fbk&P6pcsfhXlP*bR3G#;`)MG_jqaMV405SC9IAs3tM#Y0iu~uk<@qPS&7zdS&w;$7 zsQOWtYC|f04jjJi@1b&U4*4g`wsc!%^VXrPHLttrr*pm+A~M1kJT;%Ss@@X{yRaYA z?!Fnhl@3dQw$#7bfodr^v4dy&iu|wV=WXlQ8Sskek#Wby z^c5r0=58!ZT|=)jRi~_>->Cg_lAYR87p;VEOB zA`G9ttqS$QtsNgdb#9(-(QW2yX=4XL&ElRKF22W)uXi;US%YsnINIo}5wp*)%}A6s zCHZgBXYZ85`M1zw^l48Z=z}^uH82whHAzu}BZm8!DTvjVpf%cPNvLC^Ro%P%X=BrQ z4}`SlkVVXFQMcf)cx6rKR&iqm-*!ISU%6T-eI_ym88Bt(3p4$a&e~f*)A!UwssaYO{vXv-fNojPNws5GwdBb+dSpb z*3RbUNw>FlK5Icga}1d>4!;@#UXhe?SCaE&5(Gk6dM_yVQ#a)omm(C~P43wcHYw@i zWas*171m&IN`Z5URKGFld1%Vn&gF>$v=#^(gp;R0$toWmk#=~>QTz*nV9;R=!ky1_ zq5(!7sj*QzWYi;ND6bf-#5%tDZiqiL%f$VovAU|cI6Os1y-FP`%x4YY77P5W8O?e^7jU=Zm5F4aE&n0`jp5+9?((+P{ zVik~P zIdQ)YIVwxji`D_!g)&aN{_w>~E;c9(1C)jj)H>Tb0_ojTRC zbnmG6h80H{W0;6(VQ)3d(?jnW zFU#%iRvR(^hePfs_Cehc)K~+`H=?m&W$S- z<9%T|`+`Y7wocS@JpT?sU_HV%gKefpcri*p3p5W1l@Q9(NJCWFhzL#<;5{l#Q)z<_ zOQbma1tMnRxniCD*s?gyXYVt`wK1g^y~QNuduNJSOV%NOteN&gHL;EfX8>taD&sMF z&S^gWES?fRu;zyM=tuP31EjZKAs6v>jK#9`Tl+_mO%? z28-49yjDd8R;^zc1~3N{t3F$sV?laWG5RTNUHq{JBqjYH3D#H4M4*hSgC<9gB;4nf% zB(p2cg{!rrRYpu7wmMfy=9AR>_(=wJV)f1q7X;bu56e(h^ro=wCt+W9gY8tw6YMM0 zusL}aA!AQWJ%i(+?W>Hd@cSzNJ2zGz`hQzTGp@(+{#5@yriaV-wYa_M36j<4tfzq3 zS1U*Rlqs_?y;k=J(+Of84)VD7m(cjOkL}>}cHDSAK*LH$y$|=7(H0Mu+Uxi&l14Y5 z2cjui8BfVze6nv?JiFW}Y=MY!&)Z{|aLZ-$38(JiZE30%Ge-To;cB^lZ$JLGH#FYl zck}q(OpkxqqSl*xt*uSg^EJKB;7Ls#E5Iz|29ttm#d+oplh!LfnM+zdoqRC{fAy;q zwKDNH^L@$}fo64p35d)wN@AW^(qh3a_a264vP|k}f|V{4Vwxe5=dJ6ouJX^C$i9(8 zy{A^4gNdV;0oFzQ6*MhJ8gAd@&*PdlLm#7gsFz0l3=8hf+)XXUZig)B)An;#(IibG zcb>j6T}wkzzBaD+C$w<}3!xTws*SZ@H`->6)YZsXQ0+$fRQR`EV$4B5z}7zNf6E+5 zYVm@~UGEHQh_mC6c>Ro1xA<6~ijSFZdOZjm6X`1|d{gVcXV$^h1KS?`*rr;3&2Z>#!|+h|gzO+p%U-xhiKWejIwGA*w>_I^la|v?lbw zNw;%z)2*s}o^Ld=>I*U1FlJZqk`tQ&)DE)>j?cI1|Kc)v**IUyA`W7R#?sSqDh)ihX z({>3oVLu$h9%1)zhcCmC=fZ1$fUdBgOJNQ1u}Oa|5lES+AvfCm8M10*k2#X;GV+uF zT*Og{uazZxF?2|VHRGSJXgqWn8{eCX73!PbV}B5ww6_Gz}? z&VDro)Nk3X>0!ntkV$zGPec?ezb#pwH10KWny-{V^`ti zX-I!wRZJd17vL!}el{`hj9CeMUWZ1@OtT)dM@wBceoxicsRFmOiwyUxE345Mre%3M zcbt!@IKRo@y{|wuHgXxeqp^}=y!BC?wNGE+tL}W?ojU5f4V6zgn%CvY6R#b-9%RX$ z&@)H__+{Xpi~)>wHyNzrmPZ$l2PTpWBYou-?F^nji)OE6oot6(3&9KkRnH>Hx%YLk&r=Q31hnUL-C8?;-3#KJX10{9e(R$ZcOm_N)l;Zx zai3naw8l~bve=WCcrKqir|FqqpYu6r|8u>*{{1&ocdL>j4N0m-cvOmIXJy2~rzh0w`o3Se5T7o2+2aa3Cdfq-1OC}6-@{~- zi#UFh4Qb7kRqu=179ri3&RnldN5`p7Q!SX2A>5u;)qm?pr?dAOvBr zw>eo5+95-6#Lv1JBGLHD1F|7Tk`zDozxgMgmf03f{cyxa+e=V z?d4~Nb@BlQ+cwbhr4D{862cqjfDEKQCP=I*-b?@96tTW0f-CabY&^i)hmWgt?sw*zG2gqYaP>^N_M^O%nl{k7?{4#b!aZ-!%m^}!Q+$Hqikv-sa9SH0ddyCrJ&Ygw}y@w6BEBllgh zSU$1{wckkn5&g_epM&FwCAVi@b_<2|cB6Tp!*`}o)t<`x^?e@BHn{Oo$Ac7^9Z@@G zn&}ZWzd8a3#5V-{K2!ynAFLS?27mnYlV>cNN}6UYO={B0|x?0MR6vi4lkZ(5BaQ{R3RiZ$nh z{queJBV8+!zt(a|DiJktpcQ$?#_Md{8_~~wZ+)SjzRmeX)>EROtICv5T92TA)Kk89ai+uI;H5&rKK7P07+<#OH{ki4%HYTaRmT4OpR+9B3 zJ*lsveH)w^P>-#LMZVww>YT$O|JKZOi?<%_a{_Unk^6gf;5m8hxdZRlDB|X3*%?2N zGwy<9&(g9(M*YZrcDWWF-i0hjS*JP;O9}A9p~7Mvc%p&LekLEk#r|MT)>-%L?X5c{ z*rvMs{E2q>G`L#hiuR>G-YD;n6JJ+rAofN(&kvbg@kx9=!%(q$)u}lm!Es$LHO%0m z(#tq%JwJd9a2~Xu${YG-t)jMA#b@z$t9FQiIUi5#^SZJZE6M3YYXW*3A7+))6|;Se z)ifK@3?mhzk=vZuuWqCmRVmikwGs`2y&p3RMb+i&Pcq)q>_82dToO;VFdpXCu!Uoz zmOj#6V=NrsT31tz;5MwNj7H!-$P(SZs8q5@pBu&AFW;!cAcrAK;~!K|4+NF!Qq&0o z!(qLdpqK-D$?0=bk-skk>=>tCRSM~ca#3m_hzz|3vLsOJu3)ThZnot%Hf&o&Y9sre zw$TZ44N+)kBpVoiE~ee4zaR5t zTueS@#m(kybmE_C>vv46v~)2qM@#Qe{({QELI;~vgCHU3oUnOSup~@U*ZLRhVBv*2 zFfCrJXji+L;Ce&*IG?#DT%APOJ3s=m_2CYCr~B7 z*FZIDBqZ+QB+ddPMu$>uH7ithLkdPK(2*!Kec=3wvKgz9-nKrF;Qw-fZ;XhYpZc^A zyGmetB}c2RKCqcW<3nY*172XRpd&cyj1IY6W8UI&jd$;ZdR3TNrM&{7r^o!0;M9x3 zB1O`tJJ@6O$I7|PDIDjE4V;yZHcG~TQ>FyKl0`kjs_yJhgCD#Y4jw*xQZXb_hF`%D zudTa9%&8L2z&?7N6I%}+B2aOR3hY60tKtt8nP#2o?;ne_*;AuzD8)Bc@sU-rl`J*~ z^SS$&#Xl7q#kxKC9-{XnS}F%+P-svV7CvQ1$1})Ni)N(Xnn~z;OdA$gx#3szm$Q8) z2lFJsI4kcsWuiW#8SO4d9R==$JdJ8S)r$iA4wemDzo18RfVzJ{k2r#}q?od#5@fet zSK$pH63hz=Ap-02?U=#;^=fQ<8_!!|{oFD>Z?BEQnuTSq!9sWwMiHbkZF(asY z?-HZwPMiB`JH?Q$XU}nu(Brgz%z$t0s_U8Zo(X2q>DxVnmRV*XKjUa)=hICw9jW0L zw`F2l{cC$fFq%Hw zlt@KX+OM!tX~nsvX(~fu<@e&Olnzots3PUPY>}=780_fc%OEOhc zR4apv;E&wN2?y_60jLty5>>*BRxxwXDnwP8dQb<&+A!E6v|vP|>V=aU5B^vCdU~L5 zY9Eja>+mncer>h9!+jmE=__6S4tImhxv@e&i5R3 zZ)y4`Co$tTbSz(Wh%*F{Wy6noBLP{qI_?F7_fE`MgFkW5F<}-e*q2qWAr|BI>K1+n zXJc91U#WM}sXcQtf}UjH9Xy|}r}~gV1nR?mB;Fp;4n9SoA~4G6;mSJEp`Rl7753+r zzb!3jJrgzSeXo6EWBs;J$6cV!ZMBK|0`I5#7hArZ|57dZ$J>kM^?}Wxgr-j%fRzMFGq9m8$r~yDmYVXw-7Jpd;#ZG zhB%})1z^f$HWaJ(rAN9}0Ow<5_6qy2mdUtx%d6@=DfWUCt~S5*B9eNDnYk$6hjl?; z-)|^*JvqLoHtFR#UrA0*xVS1!A0Mvq+McG#7!tx=83Vpo9Vj4kfJk{=>BrH%Ik9>K zjtKwwV+3OB^VMJ8L@CK3L5lWMCFf+q#X|xr!k?2qip?fO!197k`!(j3#w%`$3CE)&fKtSK3AlHWIcw ztr@aGMcaK;KgXli3d3?%qP3R$b`Bupa`l+>yZ^v;T&$`{4P-}2pv%G=a?8`GQKN8q z{2g|q9<>RDEO`yPQVs#&-r~TLKazy}5SyU@J*XqHf2B%&{SH17*CMt z`+U*nSjVG4aw3>X8GTcRX(}TH0Rhcp!Ik)C4{6Y>xMby3;blfICupD3l{>f@@W_I4 zYpZufNwrFcRknih3p7-EExmL);~jd|96z6E?pF2+zP71gsqrSewPxIq+LQ7q7p7TQsYSr+YtL&SH)~SFDD1a)AvW;)3ds!4e zyF?xkT~v372#v-*(^SvA>u`YDQvbW96n*)+CB9zdTFwd8HqI%|isf(JllN0|uK$k~ z^1orne@khvBX_3f(qp4`g|b$N^PRXDPIzWnK?VE)|7wzAZz1U!e_%w_$>|KCHym`p$JXEG46*vVoQ@{b z`N1+%n$63Tb1x~)2cvw32V;jdm2~JhqMDt0%s59lgC5EGLT1q+ZWB_C%~YDx>Nh~C z9+_s6#eqr0SoPjXK6SFN#DojB4)`WsA!EAo&xksHwqGn?KbN@IaVeR~ttptYV&E$8ImDCIWRx7cbh_^a` zY1?}>*u3{lPfx95ID#MX@GR0))<4Pw`h>T72=tCxJvT;Ag`H!3TbB_s~p`19ekB8CpAEe;@aEDqR#ENAo*#UcZxeS$DqnehPRgiMzdV_^;a`IE2qBU-*44&`?@$A zg6WWSM^f7(o;Ac}LQ=@%J57QxJys$ijb3*Dw5mxHlNU!RMs$>XDLIFS@XP_@ziyNlX506j8yuKJ)}8@S6K3AqJUB|J#Q2{tl!BOR#0 zvSNM)X~o5#3jCQ;i$6F{eg1o-3S-w@AtaLO2Y_By%uL@q=8rt1>ygfl{!}o6^smz) z8>(CIpp9jU-s~vQm#Be!j!tv_jy*9^t^Y&?>KLb9C>qGXBG)5v|2ByO<5}#A^6kkLKA&%qa7>ZvNIyqS4Xv z27wNUA1!S|bkc|Gc+KN`#{!ThJhiO7Uo@BIWcXlfI8MHH}2 zUJTTzDx1ly*149z@)dFB1NwUkygV}P7Sx`Vht_r=FRhd4bUf@N9m>=Gl5kkv_n|Wq z9cp=h99|+)9_~;U?z?_grhbs0;HxQGKd~#`po{f5Okd7{X;tv@&K%t%*>=XFWrtS3 zFetN{*VdL`{klPZ%ZZdJzvtvF#>fuTI*0tIT8LEw%?ndI@aB;*cAqm)?TRj?`k2+P z;@Dzf-D7tuX%bV2zjs>pWlHetN7vnC;FHoyuk3P%S|?7A`BS8!s!;{9O)Kl4#Hnl4 zg`NA4sBP2e`q$O+-xjDlwRJLik+qkpJ+B&H0{#E5Yd7L}0`4!cr8b;K8F*$hD&y80 z+IbFuSTo*wWA^Wot#O*l=IK`Z^}1$rp1|==DRlLFCv*DJuC=b05y0oQA%pB#;&VJa zXTW3tYAOk5%KU(TY?>aBK%F_6YD+qOMLAC;%ERgRL&7grY=(mAX`B)--QqEPvwJ_5=Z^7*{9%4KyGp$aOYHunR#E3LZjDZcTYD;Vx7C1seFrH}ZGtN*_yfe-?Lh>Q{ z!{N28NBr`dSDi(^WjMJXIFD<2@tv+OWnFOs_%UJ7Ok(CSUSnChu+G zWC!GPNAXTWSvwqcpM=t1J=I=;zI0e&Rl+-*qXYuDh)=hq%6OMdF1GJXRU z(^E5s;mvLyJ?xpk6^+rsddRGX+W4XtPpQNd0OkgHi>E+F&X#EX?0dUK?dlg5V$-7l zoEhY8dq_r8Z8e3^zx-zL&{RfAPlqi2{#Qkx=fuCiiY6*lb^kK;t^5<~n`9Z4O;d0Z z{bWFbe>Sg86MIs2fpMUy9Q3*X>r)3$}L*U^)vOrKm(M~+G+Q-1!WZIbhVA@SKv zK0^u%rdXwZbxg98;<#y4+8cBb+i6RG;{D6dN~YlajCu_96r?Fofo&+J-7Bq5AilIz zx=SVcP0l%UA7?3UmhcTx7Fkb)-hse0kIZoL>v1j>ZW`ykZ}V1^@ESL*eG|?m34d3) z_1f=}{3*hx<8scgXqizo5n;dnM!#81d zGl*~U)XiYN8L4g#X&HIRb;hWhLz^$a%|vw*W~ryEn<0EtsBR7q?Y+Tu&Qv$Un{Gix z=ct<_(w}|CbuLslN2XnY+=|uBQR%ngX1=;PzHt|1ut?pU*lIaqmZ+PPT0f4PrRruB zi?dAKoZNs6WVyN--S7z9tW-B+ShiAiGcK(Z89c3;q+=>KNq!O=QfOCduNp}EwmY+M zg44OB8@m2l*U8*JCq%87xqmc7TjH7fFO={_p@%sBve3(nmxtWzi2sVv?u=K41~M)V zoxpfi=uF0|L)S7c2|d7gP3TF+YeSzfUKa{oPx)LQYR`B>XawVpp{a~ZL-QDK2`yv1 zHS`?gKSP@tZx1zs4Q1|sXQ&(FJ)z?m?+cyFxIDCk@xjna#)m>5F+Lpnh4GP4>l-Qk zick;6M?*(4t_=NyaaE}IO%(rFXgK5Jp(%_{grbbAL-#VS2~{vY8Tt?7+EDYQlx|(9 zE929lJjQ22XELr2UBkE`w2HATRL=Np=u5`uLQQX`^v{P5V0eA}si<2=}5e~L=$bZlraZrEl!jciP&?VvdP>vRHrxY4;S1;&mmDT4f5j^B-= zPijQ)G@_o<(T<84#W9-@`mu=#bDGhO2`H1FC+^Z0Ov*F<~ z6wd`7&tr&x#_(`H`*J?>RXJ}X?h_rKltubf@g*w$2gId-R7#~{op*`J>2x(K{T32r zPcXD2CRWjVD*hhM;694)Z{nQPSx{$Yr@V}j6rI^Arws+b6e-JLJg|~7TncrXQfTMh z+}(?j%b|3WdM+Y)yl|5SHTnWKJdh+E(uoA&rb{|>7vj7EagX9!jVtLPL`v*XZh4A* z9oIW1HhJ_h(;doW@6n@YF@e%9LbNGu6r@X38chk>;p&JhX=Si9iai+D5EC0)n(L%~ zjnY&B$2OpnRrNF7HqYMH>7?ES zZukZK+x2kOXS>|mcnrACrLZoyrB`xfmk(NUK-au8xemH6=nZ*IivyqZD_^%!vDz`N#>U~ z&&F*dRnirFQ%{uLy-8Bz51F_7amme9U0aP(M$u|~!`+~lel96Tf=+GNg@PJbL8mnw zOhLq|YS^QDW7SkCXSj`ah3dI0rJU;~QB6+XCCOO`-sI6khVV`D=pz;3Qk3_{pDg_+ z*IBQV4Z;m4qfnRb)E~O_C!?v=&pH{6^qh=BUAj|$=+sDjJ6y&`}&`8M1equZPgB@kjNX zCQ0RsVY9&MSH+W3X873}{ z)FCq6shB9_6Jp9naiY9~+_qHJR0>zJ-LIG_pegiki~W#_BID>zQIwC$>^8Sx+9^)* zqpVvmugAT-PSy#OSx}2PnLWFN4#RvmvuD@P(Tv?fqZzx0PGjs5YE(w?Jwus{y+Zpi z_6~Jr>>Ij=`TB)cGWHKW%{U-b&NwhMm-!9~O=cVvI)lRphvqXL9J-S6kkC@bLqh|Y z@32sqF&sLEaY$$khvV}?ix`gzok`fMXXtvyUZD@4rTgBY zpMlEbw{~|seJRF+F-`P%aC8G28+ab%wzxEOY&yLA_vFD`9;{oavDUo<3GT&})a5zE zsi^z8f4EN}_(dJ%_NDmQP_)zHVJ>qZ0zN@>jh{tju|{Q)f>JYZaqepH*pstZ$MNhk zIv~D>=3(o0im5@J7B4YVu8CuI?m15Cc_=lr_xYj8kRr49oY2jT7lm3pPxq0~0gRW1 zj$n+2CNM4toz1u~w21Mt(Bq6(hAJ4Z3Vp$NO(^sN<#TPQJ>zwuFyjrONsLQFC5*R* zZeqMGbT8xWp;E>>LY0i@B`;DwcZRYU?+*25yeBl0v8Lr4EcZ7p-P?)p+m?kKUfXgJ zcE%rDu4nwIrHl2~UZf?r?G240=xtB1&ThuwCSH@>xcQ?8o3@uV+6wMt ziLLEo_O*}Uo;~J+^)XbKKR%vKny33O=%(h6l&bRKJWPQuj~i<6>eDsEhM3WGT&Ux& zn6**qO^X_{Z()OJN|Q8HrWYn+18^nnjruuLm~ReG&hqg0L>=RHqG*+}Sf!kfxN}TA zjYAS2QSplqx6~K!Hpi_p>87eTbVsf$5xCCqaXCud(;N3jw5x6=Hzud!rj~<~ExPFg zTnwdjf22R?BS`~D%JT}QPH>t&LRF#IOhoKqB30T|UfSM>IxrAT^HG)9Jr+?XnP?@; z%*I`zQ&(lRmU)TAy%2xq8(tOtj2C?~qV5PpKkG%8B5Hjg`b97LeMEf{h<=r$NvrNJ zh^p62t3Z|grWd_CqV^6%)4UqnM3i~}q6P<|Kjdf{F5D9lHP%EcB}{KTh+0RLRK>i+ z;$DnDmup_t;^&Pmbeeuag%QUxTo3sfR3_hhnY@7bjhe@yp&M>j4M$wa=ZO2t#4CZO zDsxfHsfw9++}6!uGPsm=z>U$^sN&t82+yH7GJhqlVrU@@$0BlUJcic7a0VhTGz?_W zBJVzmf%SVm7#<)dGEkS@Du>e_VehKgQ>i(g2kSeAJ;>Qdani`|egiJ2h0d4~OLl`T zrZ!;cVwg;JuEl<+#XbbA6BDqrijZ~>>kY#h)arM~1Y-Aal(-Nt)h)se>qR;v_`8E#6eN>o|ysUGW)46jqvDUe8n?X03m zmKqbKq`JZ739`Dm)on~ou5Q-2X;cH}BV>b}+RpBvef!BeHLF>EC<`}xQA}F18=E`~ zCG{h2W<4LLY`1GyN06rF+g75-*KeQBb(+F>s2DNarN4KSTf$Cb2{T0q6FH?i#z(}`j! ze^FUM&u>WainW|siDd+?k;KXwDJkCO*vSYzgJM`nmO@2u;^-1YUFDBfd4IyuG)cP; z(GL@gCFExuOI3IQG4GlT?jpTfh5U>8Y7qae<`ILX9T>-Hn1%TtE=#)h6yB_%>U;Yk zuAeWSADBCeX>Y}JBp61=VdBL`v(bB>jyN}!IFyl%%5RVftaE{!aXr9dZ*!Dq`3PVZeEVj zA1VAw#c+~g;QFxwGLWUy>>9;D4@DN!r1P z9Bvp`V8!sdFpNj!nLY+pciyU0tZ?2`rn>-ax5i=RdMQ?!#<;7%_G$uFTg>`u^mDg> z_ZP#@jl;^br06NE&G*65AD3!^HPi&E>^x!UiO5{TKm(&);xWQ?A~;SnT%;JAYou^p z0FKKH7Zql6-6&jlfa5{UrG~#WZl&85!#Ya$0vO)ZOfI*CVp?u7eF=u23=`X@VtU+S zYS|9kj<}QtxQi*K7c8d!U^vt;v6>W9Ml!c1%QOZIrx_+vm6|&@Yp0lKtaImqp@f*& zpQ%i`sCe$ew;}Fsor$FHt>U@UK7+XDP5Q%VC$HH-$)q1j{t;rfnA9rvFplNK*q%(q zrOH-*`X60)>kqM%AbF}F;&D6UPY+_YhQUca+j`8$D`w(xPsE?G#B9}SoR!%*h`WH| zIWtw*X;%8{5O;GReW8kH!5>H5+CcodR{T4N`ydcM&&vNt#JTV-wtNe$_+1g#HV}Wc ziszowA8~^M@i$oUCn9caApRCB{v5 z-Zd6egZ;3pjZ0P6a(TB~Or62d*DzV$>}K>5jc>L%Ujf&Xi27$zQ6S$z5<6}`z~e;=%0 z81|sv?zcD_?2q=xrP|*zl2VJQGZ+RMrl8*5wKzwDYrNsKETw6ERxXcgv%zq=VPdBq z%yW#zeh*lm@UvSPpQAXr)!qQtX2Z#OT1vm%;v`Sf2A9{%xfjJ4ElN0(J*iw&A1#gehz>4F#o09)nR{Mj+z5=Y}aoB@qn4!+zbD#JO{96;Gky^B~*jsnSF*IDN zV|Wq;YjLubW;pmyjg!V(D=OtqveH}t{_EnT;i_0}sL)FD2>4%)lZK6!{z!e!x6*6@ ze{#3j`moobKayri8lIbp^WPo(-Ax+9>9W^RdjubPMGOUJf#GI7d4G6dP)Rm>NzMcN zk~m4cc2r3|^O8IO_O&L7$EY;>qhjQ8-vL(*anjsFE%A*!GF?k)z;3~<-`#O`!KE6T z%tf@3t{AwOj$r6UOx9dxS1W!f;*JW$@2le308T^P=@d^BD#^dIil+@Bw*+yQ1=0^x z@htb-So%E{=Y`<9+HjiE?TjC@*dGAv+E{j}*7FwUJK(A|oIzpVvN%(EVCxT; zQb17HpDfNU;5x)`#uc_lDlP&g8Pi%MNif;xpEY6qf&FSJ($E z_LX2Qi)9zhuCq8l1lL!FGbrpvi?dNLJi@>g-weL7ID3I>sNsw&Y;wpmg95M?#j=aA zEiBH3;JV3h28C^>IQOM}+Ew6s)^K``P5Hq-ijz-!d<3q48%}BiDR{BPl-3)MwQ#Ar zo9yiQ$Nd(2Z?GPlfIVjZvDQjB9f{5{2}yGz%v%=IVldogm^@)D_OC7Wr@^`@0lV!+ zzE^2@0bUFKymY??e?9C(TCBVa%xWXG4>3O=VV){25j+itSz287GH|HD# zl#m!N()@%dmv|&~Zf?CGg_J`% znlrCP)R!ij&pY-zl9(tq4HasFOQlU7oy%{6qS}Z%l$iKW8>0Fj*_M=%x-Zx_yQ7co z?uP)R-7+NQ>?ZeikQnC<2_!14o41jd;+1;L)LPz?XU8 zG3xEc15XMyv72;o{YL#^3Qg%Q>5%#@sNb9Sd@QChHWMB6 zW+oz>EiCKahqoqq_Tp>@c5iqE5`4xn1G{5~8f9IIkfgaN8Y^KHahPxqY4{1^4e9?P+m?dd8C6Nq;~UbGc_+0!c;L*38P_i5al>eX;ZcYj2-E)pd@N)oB4uT)e^1h>^u)`9qXwGAmR z_WS)1pF=!rDS0WE{4+_fI&i%onm>;SS4I3X44fHGDpf@_;hqy4twPwYl;56{+5OQ` z?E4VLGLRo;f{$u@UYXBpx1&@ng|@!K>Nnbiq{>9Y^;_JjP4s(`?p)$O=$*!yIis7G z-3|NC8PmM!tAt~lzr*+Ant#AJzWJv>)d1>UtonDPRI*guh;0wK^Rp?zWNW;!?q+2JVJE$Hh0RTsZRZec{`eV5CX=Y>C}JJ1RTw2 z9#^}X#Gx`-Q?CO>WTVyxsgNhVkfthRZN1$zkEB{>6|H!ljtO}tCS<*rbCMG0Sx+1l z@PZeh@_ormBW1rF6H*=%@=8p|tDZEH&ucLuug8SEQ4iAtJdvYzRPt0v z4OEf_Df}vw(wzE#ziaKi&pG$K{`q|NbMN|o*V=2Zv(Db@?sLw)S~Ybk-Z&_KAcZddq!0u zdpjC^8RH@K3b&)ZjFVsA;0`o8tA?YI-=W8!(1J7Qkjw(<3k4|yBZs32Vg^R=Fo7EYYUSbc3G3>czDn@U z9=n8CDx8O2q+Ck(FZ1xz_9>vs>9J*-cEQ@rkrk4nE{qo&lVIas+POUHeS#o!A$`Un zW^@Ek5qK@2cRhS#1m7p{SAf3r@VE$mP~Z}9=rAMHap#Q$@Una;ixxA#&V0+#M-RrQoqyqW4(2i7!!s}b$L zwUSN*p_eDkj5@JTTnqs=%;OS$?WCRRj{|nE$EhFp)ZVQ%4}|AEi6b$wp6ufk8$sCW zNP4LHOE~(P!w2K|+pzZ2etFjX1$LQk#RTA7<4(VJWD1n znVESmm!bo59*3N~=tZh>`d0G^mX7=Kx>gI7UL1mO-x7u7va!2p@Qo#7jvZ$4K9S@Vh6` zC+qY+>vZ{(Q>j{Lv1H&ewXCZ4_LgJ8_>X6a8O^fUro%T_6!a#RbYrEHX)eK^E1ZhW z$vGyhyTr3wE1M+qApSf;_9k{N_iUv*l;D_YY#G{%L?!lY?pG54llueRphCj!UEw{xn8Jy(cbdfJI3Rh$xkV6PKNwUVjR27BQ|T??OK-sydgm_vE2I9nzuQ3 zant6RNTsf-kZDfGpL3}~2jg)#T1mkufMb#b-g}kqT$0YR+XsNoA|rBC7-tHDy{tfc zos6gxn~gE&KLz1Sl499-Sp-=`x)G92l#~}=yqt; zagqo!A^i?0)5i|Z$k`>?sA0_0dwGOe2dvgfrgW#w8Zl;Xu+B{~WpY$zn;3I6Sd)`X zIRRrXJP@PL1NGSi-JTiG#7G-K_#{D+VcE0rO=X%Nz&PYtTskb_V@o*fRD9$_)1$6O zrLEp}6EuUoqrFrM)&ITTTh z#ILI71#0jO&^CK2SsI_JiiUn&Pn1b7f-!){O1AqPhrz3Tz|K!o09qA{J zix3ytA>yT*%~;u+62qk%nT2Gt0GDp|!*=nPZqiUmT)H_Hg05%*ay4c6%8=tP-H2UT zdfcU(iveHmG&KJ9(hU{O?f5g9a7`GruwJ?m<8uKm^lQ{}5H;Vys=d&2I>f_=2dEC#sJ z6TT%u=GKy{)WY{np!Y%e+>^wLk~YUkzkyH^BN0DM%+ih+sRjrQJt^jJ#UPh)GaUi; z@C5dr8bP3BJ;`%UJ3|0pOv+Eua9Z1H`zFZmaF~%etEb(RP#JslW;O^_8#HWl(1>jAH{F1KkvyG>PTeICE< zOSY^kZO9vh1Ea4u<}sV~^`^W!%um(M>6qIP4m4(uIeLY%H>~wV3p$V{ds{iDgd|)H z>6Jvf@r*f@Fv?IUo?K=U#1EpC7O|aK<=ZdpuaHOFo9gg=6zXw0g+Y8Pw zj@Rfj$J_L`KSUar!*MWcqRDaChp+9_ewY0Pp3JJfKftSy8B>LElix&LMl#wYl zXSyKfMTplq$ncfUzd85k4Z|A~QluKQRAV0mzoLmTlj6W?N?&s-^S@FMm`oxcZstK-<=zox_A3-K=wG90b$n&+%Pa_vRXA3`IKhSko&{EjA5 zMwPC}1IAvuGsibVa#>zyaQZr4rS=Kl*v1j>GH`BiyoxOoywy#>(=k4(PEG@JzGF}Q z$sGt8Th->->^H&u$gxlTCc(bAMK=3qFiRsDWn_DwPq3G_%x2dCv$bOnU6^2(Y@N+M z4a^~qZDu9dryY~c9t-B(j@|Ok1bgPO+3ZDNzT(*XQ5(jNNYCT4*`I*9*Rki1O0cK3 z1>2v@B?fl3r(DSMxPZssWP0a5HPFr=nLZULt2+SGJX&xLPr_;xWlk5QBcweXVwk_W z9%S^w|G9uJ@$k?H?kCze0-E6ADc7I(WWyyh)B0XiEwt26(w_aZh+M?4=u`a4o(x?aq0nY;W(1v!ja^5oF2f>a2&~Q z;Yea@q|VM|-y^}f(eWg&g(oQ;=S>4=j^jy23r~_c&RY%6CdZRp7M`SWoc9elKRKRc zvG62;~xQdv zgSnxDu=R%~w&Q)TQ@17po9gj<>3|f+nOa&41`7Z#_XHW&r78SdVS;xc{unJvW)47; z*>QdZ{+HuOG7CqN*>Nfj#w>s)b|jgFBgrh$Kwl~R>j+K{$CG3ho+NXecM&)v9Z!;3 zc#_O<-V|`AIi4i5@FbbzyywAL?Rb*R!joi<^F9aX8^@Dm7M>(?oEIW{^3i0xlFY)B zWRCNifm7&slFY)BWRCOtfiuMMB$6@QzLS(hMiVxNbBhTHR~Gx}%6Lr5R3;aoyxJnbK*J=f0aO=i&U+ zr9XH!oy*TGa{dNO)0IADl6QtZ%%j^%)JHZqAsbg?D9e;9S)KoLKc<5SI+v8Z{+oVW z3@`RDp~Z;eT@|khtdYlevXivv+o!1yP^~ivr+CuyFlkAF?x+jt5)ejtQXx+_Jtyr| z0W%TcR8OEz3Ri;QUfYs^c>%zBG<;faA=!!-EmQL0OgxXy$4F-%_=k$<$jTq-$hjEl z)V>507Fx0&sRSY&IStjDuqZ-&cCGIdgyE` zq9>I@q$lTIQqSOXKn1kq_@t7E^yIut>a~SV_ab^ySwwnr&L#CmK z6*{IQbi|Z|_RPLuo$r{E!Vyza*fVbe>n_KXq>Y%8w4V7SSSuV;(lla9ntJADuy#78 zBxb~v#PrNR!OF$ak+DlEModXX&#VX5v5qOp7cnLIJhKm2gB(-REn-T#dFBYPu0fL& zz-5sOi$T-u>RbAVrbrIYc6*CIS?3GT$WcbKKR6zX4`0w*=iO=b|M4x`AF3SR;oUF_0#hW4}F&9Mc(uQ#?to z5-7=jS?)vV#NclB)Dp+fq0Doq9a<_{v7?sMIBc}o3=g?Mq zR81YqiW&{+j+ zgTvK;o}hMuBFF3k;d@UiIzgRvBhoW-C6+|A;2wsksSN9nya#bI>Rod=c7h_uw85Va zo*bW`2%mv=jz`thp*$W06H=a-pdOHsLpqrnj6-sQnofKku&0TOb2z?;c{D+-1+u}T zi3v))-39Dh;$mHozMG&7yvjw>BS5-M4>v&-0Bq_BjAt}K9S?bTkIf|JCnz${1$Idi z?=HSq(K+FEVE3X)>PeDH9*7q{mt>coU@Bye70`ge#n;~&Eyp1E5fq z2rlT+w9F!jGf#gY#9q)F0s1v)L03kro+#Q2dXpe#z6oUb%3shs9&e12XNA-;FF>-! zll#zEO);j|^3H(3d<>sh+lV*;b`qFv;N3g z*CP)8_{Oq_hgJ_8uJL?vjoVPvYdmG}z8qSxfaxLGW3TZX1?kZaF>*Or(#~GvIT27V z53i)Q!g`HoFrdpk{Ay%euknlpbhn4Iw;J^t4KC5f^aXo^mQ%`bT7IQBGw!&*uyR~L3A&= zGo+_D#2g^38K8U7=K;Fh!#_u`?nRFSG}*&{M8l*|HqBs1-D6$>@hfOS4R#?JXZM&l zL%P!;ax~&;XZM(YApxTkb#+tHPWPBOqAEb^BpI5xc8|F&u+AQDKrb}y+#d7U059+a z2~retO*_V1cL7sj4m^^`8}99K4%1Z#dwWf3-0$tpy8*|8?0?(a+YTGM=|CIk8!?jD z+xr7pX&6(yB|DMQA!GOU{zJ7|AT;)*`=DY;c5hEeT|nsLNh|Tn#=`CGT?o+#PoRz^ zxc!&A0X~4%3aYyQLZ|KiOFT>rOcW*-ls-%{0zG}P|I!0BT_I-V!PJkyJ=#HzQUx(7$Xu(u`95AuZ1g?hu3gCB+kX1uJ z0iBXJVd+DQ8PFQi*3jgbh9I=|q@p$S4ESYwgV2|xr})Xl)zI6=0#b{%h9<{ck3Tni za=eBn{4m;M9(6S|Kl_-Fai*wmEbQxGKho-1n zw;%Gw+lIiJ5f|&p8oCSQeH>;;*YwVDHS~o5M|c9`8P(9^AfN296~wqK%Re$72ljLl zPt?#GfPIM8o*MGmQ1U>$@VO*a5W!T)94jD~HT3ag-3g*KbUD1Qh!#A@bE6tqDO*D~ zgtRr07l4@gguV4tNYgg)QA1x0o+dtOXhOo2?%Tnl)X??Ec{j$FnFWQaL{LN1wA9dv z54?#QdKu_1q6OzNT8SF^U5K|k$nce~p~vA(vW7kcN&04M$6QQfHKBmLrpo+p7zCy^ z@FvA^w1yr@P8Z-OJ5J($I67d?2Q-xMHBk>*Lw~|pjt6u{mbTW=yhYJG4(Lg*ov5K- zhWJgVse@JjwT70?zW~0+agsIkpAd&Q3=&4e(fS&C*KHWTKfbZ-;h`-6hGoBZZr$;& z5YigD7mS@wgRe6^BztTPeG#N19b)9xOD&P~KB?OP-Q(fS)K*w)=sAFvczA1MTx;kx zfZq3Tc8R1lG$Xwq9PJx|JH5nd;YSz4u0vH*5k6n&zybPr3!E zL6NJBYz@u6&ZfoP>?=`2v$LxReM=}&Lr;YGZnWTgLQ>J#8u|%H7du3Qr=^Ikq1OO= z$KzsIiW#k;>BMfJ2a=3L4P6=|semSZo8Rd`vWBh?u%#!+xS{}QF(VO5g^kcn0mI80 zy2q_94YY>7941E5%-`%n6GUt136S3B5PWx5;4(mK=y`yi^>En;)*5;pp!Ym{7-2Q8 zHS{h(KY2JiL9~Xh45e~#*HovrCWzk8L1!8gk#1{nY?=LeG6VV;Xbmm0uorrgB#|0= z4bG%O2Bit*E>mm`%}#Hj=>m3|sG-^GV}$AxlG&6sG%bacCu-;>;B3sYV{7OZfcAJh zi5mJ(hy%D69Lp{w<7^Fm1f=yGB1a>hcD9CY2SQg*5;warI9fwP@DvQlu0p7xIfv;ggc`aFjd!LRuaAFw zJB|n0|5iiS1hElXa0>K|80kPG8GC)aBd{JG@4-%_bZ|9vf2y4i!WEvh6>cSKXd&GJ z!u_7~7hc&|xEgvsM9VyZI+oyS==TABj26|SWx;f$p{KKLSDnX3s50v z{CExB62cB>!3`YSZR}zs6|{!F6Yu*19hhYJ8hSY7*L#dBRB_9U^$s=kQgGEf)X;as zxL=g)5LiQhLS0WQ5T^ zbT1&MdsMC48d|&^2JA}WjIw5Lj@yU61M>SFW=OXLS3}PSxXcq6&!~o82l;y*`+%6Q zp~>70>_8IlF237+=yC{2RkZdL$|V`e1M$M=l2kziQz3J#fLzwl;~;9xH})Z*)A7DP zTJRpv4Oxe54LuCf(L_E3V%{L^t*1howuz4#dLiCv;-iKpBuwev*U*(246zi5mJh(EmmYu4lCBiT`#V`f%hL^GzVbSH6Z`2aRM6{U5+RJ^5A|(;8H3 z=!p=R3xE$Vj-xg76msqWKE-hoHMFGulYkZxzCY?gYv|u3mVh>8X=@G5$AQdlKzqHm z4%Y5N8^kadEjC#7Uu$UTye{y@j$>o>TF8)@6Cgg>L58FCHFU#!LGZ^nmOVVQ1)_}_ z`jWd`t)eybJuvnl4enriXceQ+8Z3ZxxkHRR=G2&0>^}5cfIjf>chpu`Yv`{59rWwyirt)VmM zry`ozHO(XAT0=Jk)Yik<38FRhF;F@k98*Z`cnwWwh7pl&T@5WWppSvp&>{=(fuE8j zQbVV4CKWO$O(=JnVryu2`X)_xWT)jNgx&eqUlK$z%BVqVftYiN#W z7SM%BMxus(4cJDH51<#Cc5WYfC%}E4AVG>ku4%`Z>s_#^@IJ)Fu0p7xIfqHyc#r82 z8uvAHGZZUL$o{t)`aIaU94)vE`bLZ-YUuI6?(+CW>_kcjS3_S-wI@MX>Pbi9RkDT_ z(k6&M@}v`4%GW$4sEYXw!^ho;lEhK`4cfr-Mzf-;{f43mtY zfbUpCZw6Gz8DCCCdmrG{5Z;UyJj}7pW)~x=pf&W9c>fU4*-3`4p`U~NRgcN~T+A|K zy+aNC3%KeXYUrn7+_UWvN*rr)55FINj(^sEW0^dPEp%?S ztRg?1oHi6JI1lspj(H6K7pypZd_6Y6{ z=#(sYr@*|0&Rh)Wat~_|hUZn_(b1m%CtOm@{rK~k0wl0Xhniz_XC8~ z9)xb56n%R|{zWlMgF(2=lVUDj8YA5X!abf83+kvCX#oh!Jt@}R=osl;5Vm_#th>9E zB+>c_gi_PuqtiIZNz|!NDV`)ktO3%|p2#la#AXq(8%Y24M0P90cz7R*IdCdUYlGFoGqZhtAo8^bNCQ2wSYO|W*}WFjJBre+uNz{_*G))yiV zHiGntCuY04Fe3g0Qsxmi`eI$(8grlysI80At*f8Kn7zR|*E6$S{W$XA8jx=H#B5jB zM8ugOE%U@;UHvBJz&oIRUX-q%bn@+QM{^SW8>HAN+MlO<{@*5FzP(o8rGkp=FD=f{ z#r7nzm`sHnT35cU!apX!*Y6KNL8DbBzJ8yIQe`&dYGz5;)f(qX*wykRzOW>2=gxB^ zZs+oiSmIsQ(RS{iGu=kZueEDF1s^)l5x1TDA(XyA3o7D1Y!kZ~+imCmLhvz5$lA`W z1D#613LLHmBif-pFhF@kd2p5sm5GsB_p;XU5XyRoqHDK=Q+%fuAj90EfLoOyu}k3&uBY$D&#Xgb{w&* zQ}!R3%Ydy);)(6t&wzc6CJ8GyTDOEXisS_SRD&O-G4;J>Kcrfy5^yOzFNIP4c$l!r9)9@nxO^ zrz#QL5<%0lott>lAhDhMCg^XY1)tFk-Ql#`xnDxed=tptiZ}XUE@zgM#-{w^ z*uX$j^8aY8rg)*-x%(h6t$}wej-%VTKag`4@N*r}{nzbW>HHw@-yJ8pom&ovpemXUpQH8L zxxdas9Q^T(We*Q+0b|5lB942)?aAqO?jRVukOn)^mSm5;CE_|rZ*_=~Z@1FjI=v<0 zVL(rK_%v!OtlPOO0KM+vevxtA&fN-VkB75&>-2-WL>lgz!PGvIBe1tb(3vBNNVl?` z%S^3H%GqeToh!*3c0@0l=G@LbXAV9nQRFu1>~=2u8b*s3vaj+qhjg_=GXoBc=?sQ1!I>g*TSTjJkb5{ad>*2d1ShsVx0s6|r_eI8aJNH*WX}BWY7TNFD z?c9f;Q~-{7gxZ=QdP@YIX-`DDts#TmpC>b5UA|!qQlg-XQe%ByqC~qtIB=jw2cl^!g-26St{W zad!io?(tRhLetJ|=RO1QB~Oqb)nykFa!otN+~wX7jMJ_{*v{n~rmGP4Dc90?XX^5n zh`*l1@gV!(wsTv8*a0ng2l_^gNbTiri8u||0FS@LPSWheZRc*I+BG1I^Q3R!mL=KS ziiI=-gn6D+fmNQy!fofi4Dd})ppGTD?c6;8_o20-1N_V`PTTF=c$gTNC`>FUeVAkf z1vJ3z+*yDMIpb@Ipxb9%Anbz{{K>JEX1y|!3c8(}gZCE!9hqeGBZL3OLw=XXWPL7X znX%qsJ9izp>K(Ro%fq;5yCI+&|JIXGjn}JgS1$QwU$w+SyZn4>iG?=bh$TJ&85P0~~xsnzixdHtRSq!w+VO^*2me-3$aywE0GaRH_~w7985 zd3+$$gp{j2TWI&8hut9UMGeLwS!ka@{32k(h>LUCh4!sL?)0cyw}rNNI|tYT;$l5n zXuk&eMu!>F^&Iep_D+ENJc03y3hlojFN0y};X9j{FSN<50jyyX?=DBj-Z#+=*lB1| zXv+h$k_Y02&m}392&TgFaIb&{SZJ?=sIgenLi#2~Y?b(4(m|x+Yo*gK(2?;)jwB21YXRTl$r&1p7uw|@FpmI#vN(hA!wn{bt=2Q9R3Vl4j#R0`41(WnDjX!C1XO$|VG2#dB3))v}rA@1xnb+GY5 zTRI;A{5;1=7TTjB9`7K-(fUGr@KOZMAKzH^@X!`8;4HLfEq2wC7TW7!>>V1sfawu0 zw7-OOze9|C-K?aYy>B9bp*%EEG^41kuol|20X6aPwUKcxv`+xk$HT=J+Klv2aLjmW z#|v#ba|;pab|}ZjO!W)8Ddj||@JS3o)0~C&nk8_HB3C}yLYsYkNQ)ELSEA5nX9oyP zCRCr6-F*|KVJ#OexR+48(5?k(V~1$)5{32&z)tqKSeA-M3vD_v1n96NL;JRc_BddZ zJwAgDloj7xp*1%x#Nw9q~Z(9s@V62V$%p9rXzhnGdhwa^|6XoQEe6GRK`l~B499P=u*FCn*uHhVpi z(0W2Lo3hZRrI2zZ+d}(oa8AmyV+-vqfX?%F^r+iHdo;v1p#>kYix%wN7TWhh`nW^n zXvEXb7TV8)u-cQvO-VZ~v^k<}K)*^d5{33}z)B)M;(*ynFEs63p98@E4jh2K5hIC0`$b^u zJieEmNa^4T?LVlt1B7oq>2$nG7TQ881((XBX;0U&%F|f5Lc1PBEj)obmf#BQJ^;@| zYXwy;wCS`hwBuo7V4^Uwp!8vq5fsn>3+)VQx! zw437nyFj-m8NSfo3;8b|ll8fnWyX4kLc1AUQ14J^w}f%ew#yK{KYkcEQa$`X-yi=y z+*Hn{ysht{xYjOMf#2)8UZ^RJwZ5)q+$Gym8S4C zmGej5wiSTXqOHKmG1ubH7*CE@;DjGUd&Hw^>QElP#l?h_t36wRkEDm|A$^A$j6<>l zzlQkNz`i3c&W#Y~qOI-_mh;dQRqM6_7jNqWYf4@em=k} zJc03yD)6z8-|4X%h+R$J_>at)z!oI&L1{U)+O6*TkhUapBM@^5VQ)PZ(zHEoP=Q|vo}MHpI*~fec^y3VbZyBrEVg zASwNVBR8S3cm>`90#g%sqvAMPfgejwC*a*3CsBb*>JI^QG2wPm4_blGWGrt6bbFSz zR^a>r1v3-ST(6y|z+Z%Tozv98#w&2?{Bz*D94A?U{|<2}90rXQN9!x_FJD36{PB%t z4-ajDWDhFvqh54nlvdy;!`P`bcstWW3oN~J`2t9XJH*HjLui4eTiv$+n&ROHsI9P8 z;IjcO^6>P?xK`k+0d4khc7df^-Hh~JaLgQP$189;QyK#?(ydhB%v8V9YXvUJ8#aQ4 zDmr>p;9XzBI!=+Rt84|%zRse>`Rq$er3JdV$Ih-Kw3tw$0-pf!U1-5`grpv_TiuUC z`m{qdcx~u}`{wP{z&3eYEK4b*6*!&v3g~x9Mxp{QiIJ2;lfKO>bRb!Q*9F+z6J%Ub zfQ}PqBtogM0lF!mfED;jFS|6*3j8vd7)dj)vx{n?r(4~(L3)ov%qGH`0a}620kp)! znAA zm!WZAfq(rfjtANQR)JRsu>o3e81#)8=>RSN^j`;HCwaUqJCV}CRp8aBHUxxWp7a6S zN><=Px*ddjJ?T%pvaxU#_>&MV^#tlzf~&wc1N;ars=(>At-#}9Vql^$v7q!}k`WZ3 zZ>hj10V?E-uO)(3;LRayhZdZ`vGrgVBUAXN75FK5e;UvMXfZ}V5ai$GtML7&Xo|`D zT+A|Ky+Z~547lnYD)7EA?%7%%^B3>$cnwE$;B%;$b$NHcc>ghUcd)N%bW&E%ii_ox zHa|g}f|@|)3F0?G;(qb|DF`Y9J}OC36R)U=1>@R@(?vpK0<)lQZA_;{6O*SdV5F!DX`@uQXiM@r(Dg6B3jF z7W<3$RL?^Pk-Fhqt5Mu9-na8?>S~Ybk^RMc`fw&mOBq##>@VKamk}OPukefa{##C~ z;}`GgbRT$-s$Py)b1>~gLFz%$)K5ksH60DCKa8+EqXMNLLMKChOhLc9RM)1;>Aty( z*V%=ta{8RIkGyVcpY(vt<9MxwQ2JbXldeIV>4Ea5d^LG9SbA*_>WOH*4nZPm}SauM+$ok9|li6&_q|E97+lGQTV{ZWv?BUbhD4D1%l= zin=gfY;1##&uM3S)cXWMeuVTdhnQUvJVoGqn5>Q_isqXLzE9v5fZBWby9j^JGK`CTj_C$zIM`1_1^*ZxyPv= z_w*zs9R#5y@?QoixQX>-Z^y0zLLEoaL)Bj*)z=)p2-#!9+D}dLtT`F%Go6M`ck0`@ z%DEKS^&Y2&l4Q|O+k2*id%&3CSrSH>^m#s)q60jxsc_F~yP#K2-)b6efv@;KrzI5S z1^tj09D=-H0?CUz-HYvb(S&wVfy`5BduJT46IXcy-pP-9Dzw556HseH@{^vYLp7Ct zDT11d;4#xs2B(^9748D9an$6C*q=%~MADHa?ljYk=RioV8rT>acs;2rro@1_qxAP8 z`o4dl>jqMKk1~TdF$lDv8naC{7t#k5st$1j2bp@rb%^s#RUQTt5>=JIRHY9DgS-k~ z#r2*vRe3~BNI;K!MsKGvcR=zenz&&^u`y#4>-AAnNmhZ7Jk@S!wcmhbv)67;Po+{z zw^za*U_W^L7~*Q6qcxCTkLO>}w0j!Rp6kmY?XIk*Ae`t)v?3%ue#-2n%zj{9Rt!@P zl=eK(_B;->dy7)7enj?{wvy5P%75~Qje(Us$cU=^Hw|n8j(}9Cz4EW{OL=!oJ-1{YmPZCVxOgK zlFSYGGmdPrt=0y|tjz%SIB~J2_|TaCOTboV>5o!e#{CJfomu#eG5k+r8Lc48L(fZ}qj{|jtL7Ct?O-vDf!$2F6mQrtWQ`D|hwyG#c*YhJd57XYqL z5De!F%lg!^J_lo$W9jFv^zN7oe*-JEDH($A6qiSQY67e4@p{aeswc|1WC|hfLMZZ3 z5BMz8vP6`&hw0C?lWB(G&*o z(w$4vS$6v++I})3M}={wFxX3}x3Sou#X7Os7<0Z62+c`~W#eTrPkR9CEErmd_0;DY)O{>{fhG^1~RU@>U%ui69eFH$eRyY~<{dUNnq(`a3wn90AtNNv3qC z%o;J~bg&jAnKC&l({2oi&9z{CoMc9mt^3 z^XpAznvP)f@GLGJmhiD93<7weBUr4h{yuzg1LTt&7A^Uf)yc9R2jl4kO9@qt?#%|T z1Ki>XQeQ+z7(Y-hM=AIkjK4ff!WP9yvZd;Ifl?2D4_5-vbm(Mhe5x*1g4{^h7KDzD zWbwY*7mWw~fnDNo&4}1>{!j-e%<*8|_m9j^lu0jwr@?xeOg|YIURz9!K})6gl;(dV zegclhQ>rJ0zxVLZgnLKFDy2VfALMRMr7EH6xVxZww28jJCwkBvcstLb|CX~N;`9Z6 zeu86!s1;Hr?d@6+?(ih3rKAj2Qh|~l1z}N=6je}F?d88<3m9LbRp9vfMnC-PFxazx z_?P{es>7t{km)!F%kmLuqQ^IJJ^8H@|H-30P3tF*=kST5E8j+c3i#IGYVZ{>Qk8GA zenFfQl*%{d$a%8VV-+U}@ z(yQg;cKJg2?<@529a``#*O1vEQbs;>mTzZd=p|vX9Gc>1@@F_s;~>i4rZxRKXfy!c z%5%#64Olt%M4X<$`*}`Xa^z^1e_lD40lUWIv}*A|CYSv^3TzP?c5_;!I3~PkDKFGB z9uhs2{YdA(S3!Tvnbd+8$INN>Rqa&BD7Pb@8-^=CKmcD^iO?iB409l_fEH}zsZoz~ zw_#Wh;ua1v9}v4Ucofv<#VOV*q+rPtxA!+4FavO%5VBvQ(vjd39{SZ*T;Mg#vosghP7907l2UXvu zN092rLn%@>eEa`w7+&Vt)YTrq5dZ-?|=hnO@^4TW{Xa4w){JdAHC$l5Sm?Xi4fsjw~t zGJRmf@XVKD8-@!$!d@YRR!B;G!!QG+JX%mG>RmSs>pxN+`K)pR&FM@T$ za0sAb9&Q}Lx?y-TpnDRq5fjmd;bRWfv&N3AU&Y%ou8`w7jmO_@7&b=-A3(UBTF0V0qk3kOZ2r9 zyJ46@T9-!?{|)uyp4tt=x*#0mNgRnV?QradVGj__a3noc{UuV^F#H_3X2WVX40&$c z0QT)pqnHiD8Ne2LoEpV#7_J6mlV?d7W!dKWEHw#_YbxZt*qQ!t!|?1qb~EriD9WxN z{g4+Ng1le?$%~iVi(JI93GEcKVc26kyeodg@B%{rvSBELlgTe_Hw>?a)>3NnMeNV% zjDB*%kmo>1t{Si#hSWQl)D=@=py-Anu^OKwy7KhohG8qP+M)$#G26N`rf$QqH^luN zWQGuLE;u#}c^FJcR8{PT;mr`-<5l=7uID!l3Fv1!w_&&vl6R7d7cn-mUa?^)t3XJe zYP$`?Um+>+sU3v5jGiVo3@ZaW%Ht!5s{yxR*cM=SPoM$qS@8-`Rq6-Ym?tA1g_@O&NsjfmYaB*~1ypIgZmTgt|U;Uy8cJ~58nkZ!ZaZ5Vz7@b?74 z#B$4R7?%G6p9#_8A+#HY;zDy^#}bbng7}7EA7E#CTs{G~4Z}+zzM4?vp&oE-7!HZj z)@~S*X&%L&r;1a-hT-Lrirp|I)4Yd2pHPJk#^c~N41WN4C`pKI7_!^Lcj7}mTFlYd zh9P@77U+M-h&r*^sM}@Y{5c>Dc4q7jlie^BPp=1dvom6GyJ0B$(}B&((zhFiqW>bW z*Ru5OhM{~s+79fCEPcCS_)TfV<_}=zOFIagEN;WF666KM#BCTJ2e6YT+!{?% zZo{xYz=4jC*f5j{X*8e-4mNUjNiP~kyJ0BI$H96w$&~JtX*Udoxe=^Sl1!N#m1#E& zh50jBIbXTqN$--~F&FHHq0sAs+B`wGhs$ml3aJMOXD3K9EE`z2VK^L&>phFBf+e^O z!+QWe=m-{b8-`Cq{<6a)x8tX<+c4Y$#%BqZn(-Tk2LYDc?+rMC>@*4MSl*2iBT@WZDfw zdJ%jE)_yYmd0KSCki@**I2B}cQaz2qQaWJlU}G8k_$?gHxW-R69`JeVJ3w}8^}#y(_1j`<9KzVhVw zLneg(B=U9A)S*27y08f;Pm4Xf%UqEj9t~-0YA_BKw|9+HCEgoYU*h822+@xoGPw-M zNRO&@`;duvI|0gEc*tY}-bqdec*um1Fs1u;w8igJ znz+}yF}_SmWQd#}{5~a^mOaA6PfDk-BXVjuHv1u^qYAj4Pw zA(LHj#3*@|m@$I@U+T&4(3ngs_9v#^hrrwdd`fW~eaK`RIZpy#dMD5*x_GW48Lnf^WmqMU&&{SLfw~u+(g19ju#z6&(fWr>PC9_V`QsbQ9v<2P2Aq$1PuOR3B%=?REP=7*G}wr?Bzx@lDZK^h z2M#eDmwkpnA2RtG&_NHkjbMGqB#nL!Lle8^_{g|EWKthc8xLncL!b|tFw&=jV@{&> zksN{jJ|#MHDG}**C=q6AUA{OQO)nct@`h93qoz3@^IotYTTT?YM+fXfChY5FTI|KX z%F~ehJ|%Yc5uwuv)fdQqpVB^ve?$xV5o$rmK4cQ2pL{eyGq90D0k!t< zb&+v>$mAqIXL&d~LG&S$F;E%_j=6=}njrdpN_1ut5$U#uc!lp%BF)D@H#0>RF2OJ) zN#r4u`Z$vc8I&fJyG*eUnXuD6G<^rHX{MAjGC8r=;Cn!K5t7-I51G(XNV$^jW8U|H z(~RVp9s7{ULx6gCJ9^aZW8MQHz5p$Fgk4C+*@sN7h4c=G$kB+WoqfpUQ4pT;Bym&H zP9HL%C#!&NNHR2W?L#IzfPL%ndGw;Jgx5XhZ4kU%H1SXe7lmBYjxo>J+`8@qWl8q?l!UYw;$J*zFdVe8a1WW}K~xz{U7?O8xQ9&I0PKL)3aa{; zH=TChr-YX-ObkpECKiR`GJ*oW<73_j02Ok^ms8PxJ^oY(XQBmPa%}t9#YigX zLnc4q{qsOqCmH?7;J+=9f95e+pNm;$tao_GLz80)4yIBK(3Bjn zp$VS=q^n2O)SqNj%g1Zz zcOl(Qq#+Q~imf%C^VmOVVQ1w0h2p*Q~O3L&kb z55m~*G}wW*v_#SewabE81x*mcaV2W#rhty~aL)+V8oDQ-ejYwGGOjiBrGT#YaCV8L zH8dkV6&!O8wc|B3omosox|JH53Fp^pt)V3c!z~z`ra5cq?|#EdOp&XMYz-|(6_^>s zzRELNu7+l3)d*ccC{aVVfVd4>FqBXWYS|k4WJu3+hz75X7_~L@rNFNCxLB5AMr&v~ zF&XGXNk*cEej3;ckB_1QTFkf_`fY&QJVC}41?V_&Mk167-$N)1C}0hJ;CGh>T0>XF z`yOB8hSRwPoV`%*o9=A zt)X9rbdy8mXvEXb*3dga*yl;&rlg(L&>T@ojJ+J1bf5###I-ea9bnBozLH)fYv?Wj z`*?x`DGIr!9b=xcx%V@Ul0@F{L2b@qx(cB!EMN zNTP<`4eWr&*RT^Q9b65)g=#tI?FckAauevu8d^xrL1^bmbMVT>!qw2HLiArxppGTD z8v1&GH>0(Js@BkS+SbtVFflMum{?HyFv$oCXn-~JF{tSZIpfD`=xyMCg%tgsvr&Sc_kV_;s}4 zCPMMGcq^nk9io9wti`_&gD;|~mb=jVRgy<^q6*MDNk(EVZVRll$0yK%2tn#79M)K|WWl1>Xi(G8!(a3$&RiPPkcFKJSR3|WOCjZnwS5UVr)1f&Yx^=lL%p5E+CB#2ThW4*>>|Fl zKMd(p4w0i4Ph-2bzXHN~PZBpJjdgA3h;{(|Hpxh=?J2}22TdF>Yv@ICZLbZmi6=;q z#LWUtAq9;PQKMsbqdX1(S=>g7x$< zp5L!S`nE%iJYKO+PGdW(ny&zU=LuV=AJ6a-=&3B4ST-L;<~73$0JZdR@fpr1GWjdOKk*GQ&524g$NI0!VXeyk5@koX@XNF%JBEuQJ zCX_cwW;mVunl9|5bBPS6cO^>$+C#`^I4y;gCo+65I4wwy*|8aZ08meFCz0WUA-)JL z_?cbAGyHl;?{zE8d{*fX=zI@1jg0H8G8)hX4;MeHaA1#vV_H%>KC5tLdWnd1>t>ZA z>*j7y4xmZa(wYoXk~3O2wOG@2a|c2$xtM0L)+Yx^MNw923VyO9O;+&34Jha7HGeCuCQ6M>p>_A2<8b17I&|QH`x~h4}q`Mln zZeVwP=t?~4?uK-_L(IX=2!8w%!eT%xJ$yE`<4N~6plu!=7#Y{3+Xv{7hl@|T^PyBJ z7f0|CYR8j~&a@yR-MXZcg(<$2ode2+Xc8-0lR+B3vLn@^Zag@5Io{Rzj>lIC-U4uz zJKhM-&ko>h9MY|#W*&&iu@zcx}lR0Hg>IgJZS2w#b9*q&0REi^N3iP-n zBeBZ%0(O?iC((=KDtkG=Ydt}NByQSbat@$nXg+l+uxCnT39z0q$a?C?dQtK*n9MU#G+SfWd5T$eym-Tq)*;&hp8qDyI9mq1b7sbI}^dP zqRGLNNAo#I^B0HW0~VpFa4iBM=W}JA&l?ZJ`OM%op}c(Ze5P}CD!_&LbS`l|)4Ps@ z78CO4GcARbC(h^Rz_~2Tjy<1W0Cc;zlQ^GeK>Rpb@Cv(V!Gmkh=jD)YaEKhWe>$mm zfc33simzR0NKa}GE67LvhbFz~Xc8xN0kEbXf0M2xPwGwpdwYUJN_@2^^%y|+qxs__ zNls~oXR^(74pEMoEEGjgm9^l1T*L~c8J^QctQ3Eu=ip%1LQDEWX@+Na5i7-?@~47- zVG%2oW_X?#u~PiW{~-7ai&&vF!>OQ%m13p=`;mf4pNY=}-{EwyA1SbNxeq4wBLzM- zY~t~gj}4Xav7yru$a}I=Mn4nSPYp*LZc??;f~`C(qLcW{a4fL@cziQ$CO$KKLA7&0 zxX_b6hZo7u3_=(fqBq=3hZ zpTV|ON-j^gf_f)fu$zZBzC1k!>3oNn?+M4t;a32y_we5ltb3QA0{WkaOXhmxx;*^} zC>O3sxBu`Ph-IKu4;)jL+VSOy&YVC*x^>IbPtgdp%pD5KRcJEh(3N3Dl`6|AIJPvYH0XcBv(+S}^${7CiWnFr3Zjwc%!42D(*KG`EHsqk71Op;wbt2M8V+KxeP zLV4C_HJU>`g)igeAQH75M{y*f9)x^tM@u2)iQ4WIa8AmyV{5yknX1fGxB+Py zEq15EhF|P1W-z73Dvuk1+tftM>97F}ISN_-XoTki2;>?Cm$ z!wpn>7liGe)CsRF$=(Poq@O6R;d<%;2ko(UH!&Omu(l^q#}eA|w*oMd?g0Cv$u)I` z1ut5rWY!b!qvNhgeO@KG9^1uH%c|zsP!{$MB1++@qFT zB%<&3;u>%rDlnbt^-h9Eq4NYK%_qr>DH|Qa$@^ATld#Q7BVmrCMi(X)yC;U zQ85L|Vp^TX{t^WW&AdhEF+zy~<#UL4p#@J6k~zp0D8E5k5`77x0ZbGqRe;s;xLB4M zb`?CsgSs%+4rtdTBT=B71MEVNFQNmQcdkIW0pRVPAmg%Y1eYdkd;wd6CexLqBS&GR z)QKXgIVqt`g<~+P0_rlG-YiIF(_Yy6f&DF|FY#58`){10-*isgx(|MD*##wDNj@YAA-{(%Z{x8wgbAr+euUa*FiiM zE!e>>BsFaXa6hC^I7F8+IlP*mwgPwogf*TdZc2V?1;7z)2f91SNK^oS04t67hy&&u zdZGF0Du8ML>wAI(Nk?#}0T;Ks0~?4Y`N>5|iuY2nk=uB42wuJx&K6OL{) zg-(aMpF+Q*Q+_4gSr^BV?0;KHKY)!LXu)rEK#U|-(w~5(U`+9Y>?E<0mdJxzRS@cW z(qyVA$*!bA>Igy)Px=Y3Yz*B>ItZdmJ%Kuw(Ach|69G;`i&jK&ngP;TNjt5~pFY4N zzz-uQ*Ma^XS}}{S=*q&Q(?UGXjBFI=67^znmJnEMMmo2F#~w)^MxSM=66Y-m>sc>P z!g|JKP)JfM6wp=9Kt1XwXQ0cWGYTz8GZ66^Xac17Ii%+xggKyp3n39z3h$hZ>g*;T;CqWSqkdy>nseu4<1#6>JmfyV_d zn;vSI%%+!MYc=~Tq%ZMo`Vi7D9HN&VFhMIo)Owd=qy5hJ)@lsJ10O;~0Be9-s0QRBBN6?GpdbStfFP*X6Cs`I z5W_1^HYxSq;HLmR=i#x`j_2%~fVOz}*2uW#>>fbBc)0kSWtSD;u9-;fc+L`OOhmeM zIV&#uKxouN7M_BhBxmIcTi(&gSq7yE<;7fKyN#x&u+v1&($*|O_Y?9tOG_c;iJW~H zoVT;=*qnV7(AVBhB4_`CxMWitjoIuXp0kx9ZR!v?8vm5ICxX?>GsV|f;&NE$1HB^2 zNF?qpz@~WoX}Xe3+&KW3c!ESKk+?g7?L(8q<+i*eE~T-{LNZ1p*YBc(rjsor9lIEZ z@7h3I>`IRdNJrxU`jYHfy5}z-UDXVSmF%nwNd2HP1TA<8bR#;63rN=h8|U%oX;bSQ zd(+uEs?7jlo+s79D@(FBoeAkRh&OuD1o&fv=Pn@a1h~%=sACD+xmv^VTEj>b%*aM@egHOnoFyg}LrM0c z$54`S5K?W)Xe^~{2kLVhbD^9{tp#r=fU6v+ znx~2;9$zLt5!h6Z%ahBBPc`8N_%I*X65?;M)25>ON8WyTYLthEmWgjh`^fX=nTswM zC3@dL_Pv*@{-L~z)DJ0FBY0Bz9oVnb!lbIB$uKR1FZy{OP)mr9BP4!2DdXcg*8{RX zUar>gWHMd40OCstF=#ekcqrN22-yTDH)L864#sY-~s`EfbbAndj^i9)*~pL`V5dKNC~DwW<~+IeExUj2 zw`OP>AAE+Vn6dKQu_!K-LB0**`)I)!Mr8<9riWibz%&t|;Vb{F@hrSCLYoz4T48e- zO=)+~z<+6APUXAsx&e?@#h?rG?*rNuNKc2V+SB>$X&{6b5O~PjTaSLwtKCcP<3aIJOQ!e0!lBJ6QwdEr;r;UkkTE@Rbu94#7V){Ga0x0)KR3 z$D9YIfMe!U!@F?=&W1Sa3sXzJd}NqzYg1i{19++Jhe`wrbswf+%VxF4~Q11;Z>Qwtei$bmPZ+#PK^0mRNqwSn1A>`ad~p6q3B)hIrRVqbdF zLP)t1^G(>{K%bJAA?K07@Y);*5?zilk-?Lz%H@^FD%a zr*M>noI-r5av=>%Nysn0sfV??3EB9*V##bSj#58lI+v_49E#Vo*WpkyqNx}za!rE# zL62QZtFnypDc$SvZXvMeJ>CkhERG#H;u|5^>hZR$TXeYCj5A*YIOsvrEr?4~rX08x z(V`NN?%BP{coaD9C<-i%d=$jr0y(kpOzz8o3OS$ZvbiO^1cFg$!6UG2=F$8j3C}{j zybZuTNpPZok3l%!1G07%GjUsw@Eq<=aMdF`hx-gHd$x6(6<}CsNvr_*Mo9AxqDQ;_ z{*aU3KB@q_cLL%oz?M+xfEKJThkdkqbNhw>^>Kcw7O zfIDHoN;_-VfaGij@M#j%3h*F=f1^nS$WiMNlumsHNHstZ-|-4> z3YgEV00%;(seEFE)_7e={m+=it^(`<$r+S>38~pf$XiW?G-=Zm72q9sr)i1`kdQE? zTbqGnb4nlYyB}X>H8`#Uq-m)DnXys1wk^B1d$*h27-!+q6nghf+C6; z6%1EI#hf!J=A1E$V!9&ciz2@7tLmQc?|Scj@0_>iOmB77SJl5M$^Uv&JAh;OJ zD`E|)!ktyufN{4&YZdGYkcDi7e+T8Sx5`g|sHSG1>77usc`> zyTj}V78b7nSz05q$B->!6@U9p3nBUO3UEB+2j}Ty1vnY(BVzq{1vmq&lW_RQ(5zbl zo(;|=jw=yPbs4MxZ-nfQSS}v96(GHS3ZhrCVz&bP80>Fi(JU6KJ%%g59T0?wi#Vh8 zPa>&3hM_F9-R5ls-wxqe0dfe5*FLAvaJ&L+hPk>0(G{)$Pk`d-EOjB2jA+Iyzze{? zB9_gg)p!MXK62|IdoY%_1C^`*DSsK9_hNZxu3NOaTmgOy!LPB9a4X~rumsrJIFc10 z-LosebQDeuc)8-rDv0%)`;okwv<{_Hb72x9_7ejDy zR;Vk$)nMKl3uNx9VBoeMVFma(u<8+3fKS14jJ9rb1z6=E3*rip838T*1@W@;?~hSw z?_>qoZvZ6m3a~8{y5jIZsE&$kL85__72psE4tK)z3h-OtrbBRw6RKvs0;K!`$gYUx z*%ja`@L?Tf_fWo#h3X3Kk7_@{(_{rm`P(=?h;h0CB!4T8pJTr2|5>dr^+WRG72q$h zU%wajg>gtVlNI3a5bY240ThWJ$qH~Fc*A0TyaHs=M}s|sA_mRIiz~nd;4O80L!=dQ z1$YevH^)Lo$gTkI2XlQa_=^Hv0TS~j1RrOGx&r(aOoPhG3Xrwd7L-Ec9w4g$3h}dO zc+-UanJd5vU};zGQL;acQ2z(^Vz&b956(z(e+3u!XCR8LdLd2PZi*G)66Ca-Vg*Q% zAf;H_1LsGT`^3dBtnw5vZUsowvI1m}l@*{U>I(360N=&o-$(~0(*3K#FTr3p5vCy( zuK;gE#;pL04u+376m~le*cISCpj$xFz5?m3yF3W#A&?AqQnvzRNk@WtGzE{v_SWsP z8|c%(JTt3t`!1yrTmt4*v4&LP&Z=v{xYwbz3U&p^LY{@>WhZqjzz@Or$}tVA5U&7x z^+yQe)=9NF8>Wf0IaYw*pat9ta4*oUarlL_qufJFx`ETraSff1SAb){o)U}dCZdrg zv%y{viy9>cj|i88y*d`~Lv|ao;}u{}u=?Wg+mr29fQNxI$#FF> zZUs0C>@#AK7;`H?7I-m4*JQ=<3h;LDABtt&S)fjETmila!8@@~d`|+P^SMO83%^Hw zn=o`-0lsmFYve~uib2=J;rFI#w*uS)oYszO22&&>0ak$B!0s1|h9{z@O2&XaB^HfN z489P~276H~%5UVa!*KwwgxpM`Ru5_9e}*jhE^?(9w*r)LCa$Nh0EHL+h*(HN%L;IJ z^!QG!cnk7fYhwk-!m9Lx*`rxlyaHrtWn@n$TgED`0BIp4KVAWz2zlQ;eXIcIfIU9e zk5_=lgLN_v|8$ylE5LKWxy*4T!l^EU72r*f-4)Blqa~;Wo&gZAH$wDUR_s=QpMw3* zSac2x)gHqY;7$mtATHvJ)<21)_85k;&~}@55qvv@V+F_|BwqV0rQvu5xEJQ?7DQLL z0-OcKGg#`SP%@$!uK+Iu|EgHFoL1u%;40+qfb8K|-X2u40;K#^aNdvQ2Xft_)#VEC zI|%+23kkPEt^jKQTNg*N0;GF(1(=Qk>zzb_OQSdn;%^hS3*XE4Bt)G!p6ayuMmPBeHS0T zf&AD&G*H7Q*+BBD+M2h9^x71IUlWJFX9=8B(d{bQ3+#4IWcH=}bn4W+M+(~?i~$gj z%0kqH{RZ+h$mTe?t_>TDi49Uj4VW;?Az$e*6?_Bvwpb=``we8)StHQ!GE=qrU>kvk zt4uY*N7a`O~?GZy?7F-Vhnq zT}%JNz!+Zf2!?81e}=38-iwDuRHPd%l-k#PP%7UDfJ%%81Eomm^IpgZ+p`VtjO+)TG>eZH zHc3#MP|Gx$Uv(8kvSe+vu#~~8PeG%L#EDUm&BI|9F$#)0ub3!D(=TyA;;!6&(SgvB z0?LYxuX^M#Y&z0t(ZZVi$65%m=!_OqA(JVx=z`Mcpky=4B%`0GF1k=M)m3GF+gY*7 z^3okpsnbAgUn~wcA8NdgIQ%8>%g~}BMjv4-x=b(wAV1V$tYnQyjso`tCoz|>&L@cR zTbW*o{JD^>$RgCQ(|273wp^VZ%FOi<)jPy8b)LrY0(GyYVO2Y~_8n+AMcyMw zBEHA*OCEA@ZAMs;4+xTox`$%_A4l5e(p_16NVdWs5%|qi2X7$Z43CvQD^jAT;5gn% zO&R-{8hAA}a4y8l9K=dLhz;BX$z4vGHt>0D;CYDOiXo(IB$hN7kH^Whyx(H@b^r>{ z;M$%7SI8d%VXzuNyeAqWD&?^}eT|f*jy4)-{3~gn?f>mG^4e+b_x1gM^gjDu8L{Dgvu)W)H>IT^ zc(gn!?b4z8BLx2qz&>(Njjo2RiGFEmC#?Jb0$`^D*|0WMIeUX&XB4In92!<_i8aQr zf_~?#wY?NApx!|C&qH5tTHnj2RJ2{r2xu0NrxKlNmUe2*zYzSZoXikzojX7QJk9-k z!G0nJrCOz@wemKETVeop(t(<41GNK)5Ce_)kp?WYfQAsZi~(Xsh8gVwt1YT05QkQP zI)%+!G{~=U2g=t7-etPX$64xUhe>vCFI)tHTtE#j+Ub8a1;0MT|A@5^f{qG7hlCjI zM2w|y7&svq93j}mLa;*!K~Gz-EYCkw9Bi74*ADWCZc%rATVuV^#w)|&=kR76{bqYn zKNYnDyPFf4YLsjJcFWacWlTt^eEy`!e!qGu7;|D3Qfa+ibM@GYxM+qzqdUpIGjcUJ z_hl7#L4j%QI=R}Ma!g2^YM)`XKL+QUSi3eo)k@mWQvU^6;TT&<(|~d{aFI1o24U+M zKm%H`qOP#0-aw3qQ8c3{9doZy)Ug1}FAqw648G_(MP35b+6s^pc`j+m580BR0PNKm z`W?DW+Q08CY6}oQI8_g&%4s$!ozXtheO)iNT~GG4fLDN0%`?7rx+yhQc&F# zXcz$FVi0|@PPb5yISInEV}Nu9wy8ypvZ$+o_(zNqGg{UW3Sb{IPXMrypr$mSy|7_! zFV6V-Eu*5N6itxXisWaarB5rmQLfc^oD&v3L(v4824gV^;!xZ2q4%OW1w3hJtP>>N zC>2{OT_92_kAmcgSXWCb%eDTI4WzX=PfH@mEJCuB=#*cLbM1ah&=)J3Aaf6rhlrLs ztF@IWYi~lfiE^=~@*7k7KSTC=p8h(OOT9~vz}gH)+W!41d0WUj<;kB&*&hbk=sdao zEVlSR3$j!5l;S=^4#p-^a0qh@@0O953fQOZgK= zuTANn3EARUUt9Aom78n8 zzuD=g+v!OQcpSp#V?gU<5P8P}K7sJt7?5h|Ef!!V;3ZHvG)gH8e^@{h2%9;8?M%A_ z+D*EEe^4xwy{sm$OL%3t84J-gCpL0!i3b|wp=v~s=KytC7AdYMa(oJTCs0pjk*T5a z#1!&YwlVDo#l_E70CdfOq*^vCTh*Ky4#fBv#fifL z?1#h6YzR+t0PhT0hm=W3xeT}p5?PMvRHowQB4!2drMMl9%Dzicja(~UErjGt_i1vj z-tO@~1m`OpS|tg+Yy>swC2i#Y30dw)*R{3lEe)k0zb^RAolH)^RR3$z(l4abepeuR zIg~B^Kr0&q{)9Z)e%7;-!C&fRMnapkjaFiYxfUXc8k_G5l@NIk+_(wuMJ&Tdv*TmOg zuyB7d0GDS#5)~WLBW&2#0r6mrlF?mF%~k-%X8#QU-g6+^hnuUvQq)h7?R0V-TJ>z$ zF9oVI*?7C*(5@pTX|qhvY2WDx;XxGv&ar^e5KgWDP&B~CZZ3q2Dgq3*fRzy5Q~{vL zDqF;(5WbWF7)HRh(IjhTGY~(;C|R7Iz`AHt&#-FC0?hNDLV{oWF=>93@!I0>J8?pm z<*`cFQhG2XLu09|i^boPXT)DwGaL)~@x&a&u}d~IOP1{;r@dld6f7a;G9*{$Vb9-3 zsy%PkjG11^n=F-xCviMOB>l2hFW67k5Q_YmNFu()@dJ@kep9kbzLz3RfQpyk(8>)= zEG=!tYbp~`s2V@3Mh7r@#u|rG<0mtdo>kWtHKQRN?-1JBC3UQ9Huwvi%#5P8TE7ky zt^;p`>=qpIpbDGfc4-K$;}L}L?-3xLaaQ!ICT{Uq(+hW?Yt$v)_;~Q7;AppBj|Wfq zi4swfZPe+VJ0D{cU&q2u}|{Wp#;=54dRQg#ge?mJpoNhgZR@K z0r7WMDWA?wgZOl%fcPkG3bZZ_;thBK@o9||=#4b!>7#6%en_1NxJUPW48lFSQl3do zaL7Hn7Sr5)h=rv*z0>#Tc0jEOBeJZJOZUo6VN zn@&$T!?QOJ-u$8re0Unp^EeOwubVRPv(j*$(RuI*cW2;tr{O%e^Wd8w%fLTN!+8Sd z!TB}vR3J-cq^inOIS(#h)lJUV{T-a2NsdoN5-FRL9f)n&a-^4UbKI4g0rflw_i<7_ z>IRBb|L`#e+@1#ULlM#|m4m^PlHy$aRKqY)u}2po0$p= z&)mGQ$j^qgVD{dTX*kc}Jh=SEB!MqV!+AF6!R3KOTP>Wj*Eu+EtJlw*vL8bvGcs#HZ{E$P%CG9iOW4+F9iqZBo)`ta0BoeCrwI;74cSbJFlO zOUl8gXW=)c;bwI?_=#Eg+iCbQxQ(6{&pBCmr4v$B{pbDV;HPKdZPV}}-;{%&nS~#j zhVv`0dCr`Zg&!$@_GutIQN*W3LJDQ1Z&=Y2MO0sr zQ8&z5jf$QqS|6jSt0k&O_K70;@F7LF@jSrzLT~LoIPp~Ywt|)3_Nxw_WnZXM$-Wka zm23m1j1+u8!raBmNkW;o2W`sbW=!ctcq?v==t)-TT2nPR$yvUEOF_@0_R@c6S!zv$?lX zLMZphm26AsYT+K#FUQOP=txP9-9y-uVz$<6tM2PC3O7QOI8=#7$c_npHi;~uY*n|Y z!(?yC7|4z5+gA+a#tl-UVgsITAJD*_v;Qw13`#s03GM~ai0jQPJ9sNXsYa1ij+t!$T)P z&Ai?mJ%ouqq}X_qdb3VU;u2QZS9rY(332H&Y;~Bs0**aQ-ba$v{l@9)6%ceui0++F zK(`H+%9`BFmuTu)Xsg3e?s|%?&c6+?tTIaX6|)>u4iYVR%*Ba$=QX7IMEK-NmH7LC z6CsZ$9__`Piw5x|Pyem}aQ@)*y7F+&bP7-X5EXE~q2#slaL%I&m$!e6U_rYMR)3wZ z461}tqtN(wjXne0?o`_sm=Ud*$ZLV588npk{3H9Yv=J>x{WwP~&Vg9wlf;j7SZU#^ z3`DMX(=~a>iP^-`sM(sZt^aaPFeBy0L|%W8o{{PlwkBlnHaDfK1*L1!17fL3;zznB zv@kgXk@tK{yb95TY?~3d@VFe9yiUT^lQ!dc0JL^ar6(?JUMR1^^_i*+;GRXMlvTKR z+F4$OD?n9Q%MFu^$~;`2?R#1|$GFB+mBrkM$*3HT3&2U`Rk(^(l_|XP&8Te0CFW)2 zRk%)8l^jYdVE2mv-mivA{v>N!TV z6fz95LS6xT=5g?J8P#ic^a_^cIzpaQsnYJ_aH^+`7}33iy2)=X%qk3|$*{_;pEuJ= zS~BsX{W7)Xrz-kW7FocdY8q9vb8-Q*oJMqW)5m&}c`XVXerGVxOKdTPrndh``O znchDO@&6;Otn&~XM|=M~Hjt<^u3jKLfMamC`TxhMz!~B2ceXRajF^szza52L*m@vr zS`l;=j+HBq#~c1(Fz$02x~IS@CqN>N>*j)c!ZW|db`*?CYS z--CTm#22p9hSY=J)aQ;{<~H)VX+`ybI^w}XT2SS4sq8%X9M|`m7;Kz{ z-?yg?sRz$epIc;w9Me71Fka)hS%X{R(V699KppX*5@c3+3nv5T!M*t&jG66wgVTo8 zgF~p#J-tFs5uW*@-1NYm`}5O^8UyNx2j|d&DnCVK=fR?U54N3*_uHfmsRu7opPP_{ zoN+w!Ub)$ZHyDZ+mWu&(#Dgl3S>@}f>^vBm@4?xp;0v#5L+Zgm>T}n$kQ10^W|y11 zcpqeWT2W&_9r0iZEvRx=D$B6kc%F2B&MMD9E*Y*;V{ZOsfb+XqzTaof^}VWRr2?RS z2VfO)bGVSRsAmp?JJ}hOH+lM|6}52ch~GVFL6w_O*?F)XJ8hZ%TlaMQzCUe9Jy=YA z?q(NqQpR-+3}-#yy{H$`is}J%#Dk}4L6r;3Df5dWoDXgP2##m%)XE zTn|#7zt1t4{xs~S7j3^lS-K2wOd8&lG#!z|Z8ZnC3POUk!RG3qyKE7@@Ukc!Ith12 zuw)To!}cKpql!iNF|7;3IG|D&d#+bZMz4q$0hcZIy;bE4xRM3rF9Mu_{nG|oo#%U> zmN)P|4dl<|&On$p@XQk5YjRGxDmDPC+?1T|8QeMV1(5U%`TXO`WoV5wggfw49Yj9r zc)^7+WU91A)#bjo#6h^NuOA*yTjA<)or5rA3ND5fSDAybub(-|T3qUTKLMXNQGN$j zy3KxIn@Kr#y~t^Quf?`PygHMnZVXN#bN1SML}6S5T`!U`AgyMOxf~E(sNN!#JRV{p zSVVFipDCRygEh_!uc)N-t64g8_UgR{P#M!NI@8ooF7xB)Y{PA#Omrr$#$bDHDmq$F z1Xj6agbVSL`9}QfeQ!j0BZFxqe@!b$Aj@{au5NiI`m8u-YSBvay8R+*Hovh|o8|9tDQ0Lx=oY*UAcPm#<3|JZBz zi3=dovH1LudGmfZJl51-Zu0KPR6u05)hSm8cOCz~!!M1OI16k;BMsSub7<*+N?rEy zy|qrv%UUz%VHBX^sg;&Ig4Z59F)xjcJR0G&=kM)%UpX-^O-=vDQrhDl$A!@a)_Y#w z8hQG{X|HdA&)zyQFE35mlPT@})?@y2VqT&edB8*3BYILd6}R8)d1pGz0h{e&?PPG| zLmB!>4f#-wd?ixb$SKdosPni}zV~yhe9wQU{N!TK+u@YQeqxn>`0tc2yvFl7F0+Ao z`%|mD4>%ROoo>*#p22H>oi3k?G4gPXLUhLDBQ<9@2s38J3kYo5%6DK~=OBDeN59FN zwzB?6-+S6YILw)OFUD51pd~M({T+l?{N_S%G6ijT1s8@F+NyG^)yRHpx**QE`#6Z~ zb?$(YeZjz&y1JYIxt#r+;pJ?Iw|Dcm>>FB@6;6dSx2VMXsHvU$v?GOY;k7@`k>gjP z#>L=dPDp;Cag&4a878yz?K}v-tn{aYFk_z1hw$03vgOt*X3WlfNCOnq(?R%fmude_ zUP1L*``#1>;pT+dnn3jIFMJP^f`f3M!pOs9=}J%C7cV__5bhC}cQ(ZZsg+5S47YIP81Opg!qtbFtlHpMPVS6UvCOIx|Gjqi1E5N#DyX50vk zz$ui+<&C82k*qRCvV)yQ83VeynX5>pof0wX%y1B?s|>YbO4_rMeF%YL6~8DYJBR;v zgpy~-{Oc=6H(-2-GbK&!bIV2J;ex&fXcO$|D-FbJJ8?2_{*|_klbDgx09V=)yS^82 z(gqc|o-=yA%>jC#Gsu%y&(cHbhCdo78UBdrP2&HUc4qGk1%x>5w4Fqq zSudIbtel*^A4tmBw*sUVbEKLYNr1#M_SJ|zHT8I6>NFx_cNL_jj!;vV$AFZ9M-l@M zWaX;cQX3@R%+OG4!}F{RDd~o)dA%pdDY27Q#9{hkMaM{s*S#j~p%pC@QQL|{BgNn# zit-IUEZy;#td@G*D<`rGW3?o3Yw@ZEGi#dH;oz_`Gx9RCgR6u*No=N2G6gD$ zB%^OOJGiQ3s;Z=#WU6bXNHV3GDV9tf%~Y361I?63rc5)XRXKY%(@f1`_U_hRcnSQ} zn0_R682~4xX)SlM1ZEn!abOIqY30)-rsq2??G-8c;i7+A1^ODok=p2Q5Fjltl*G}V z@@QIh@NseQr%X}yL^;J26H|-|st2UJh#qS(^Gs1k09t1OYWF>HaWF+m6~%z+-fBu1 zIk{e!PA|oju?2@$mYGIzcba;fWvYE2qt&Yf@N~Dn`^x?y zwkuAg^a3L_*kyI51}Q+Kfc^d!P^^GqF+fJSl!bnJUQZ){#m{$x{-WfhJ})Jd`MURN zENykJx!K9&q}FM=_qDYtX3U?>6l}#$$J$@U+H#_+@eQ$da9z6MR{NG%dk=~wW~`MJ z-yCZn6li%!BiRWVz3Fa5}E^nXKCaR5v zN1Yab$p7726qsl~Fm`WI$wXs7oJLrmJ)$Q3Z*twMHoV?G^PTJ2n7vW@Cr3}uLPl5J zegod~Lws(E-0AEE71MGfk~T>6E<*0`jxyv@c8QsMyq7yBzAJhX@q{Y=5_8-vFE>3F zugHp}wz(_Ck208lfa3PlmPForrI?!pL&ob4qm7ljOC-eq>LmJV1#wul9}~<0z|=$i z42g0jycuJ<{4M6=7&9@($ZMS#3hU2VaokQLraQ{AVH?{q1S}+5-C8VA=5Hc2b8|_b=8w?T!Qy+|7arnj0!^x(^ zH5jU*{lV_;M5Zp~jYWQx$YnGh4f!!KhLmYUU`qjZZY+^es~Qxu6quEQp>{5tL5jb^>X|C^%=<^Si=Kji-x(MI|IWwb^9 ze-)XR*;OYUJ=<&lmMqz6VAp@Z<6%$R#GV6HTNe(!2}be%D7+n%|C`zWSJ?j#;eV%U zNTe03PLLCt4<1aTL3!>#PNAxkr1Fc&O*V04;H-L-=*qt6Mky!^Dh{LH-kiE+N3 z=yzzh4Gx9xqAX=}Y*!x)r8~9zGp0MY8y(YK+8v7vPsMa?Hxsmu165Bh>Vp`lU{3c! zR4{1+IR#i-`!ei0@8=fZjE`Q>jXEFYO4zEDdUdwu#DX~!wie^?SKxM)zBH}QkNV!O ztHEC5M25Gs^bJ>azRb00el+4H@2#j~^wma0npcs$O_eJW^jEny4HL9|ofko7Cz66S z4z1QAwRR2kO(V#5r(Aqfc@34b8<;MT^>uQcuN7op2PQ_21mI`~()V%H*)?TkA!HXg zdD_UHsd}ve;BJCgFGI?PVoR<=Nm4ochA}DkeSo%5h0d#rI=64CaDGoC!jZD8p#2pj zmi7RkH9`57I;Sih0>JQ!EOk?m+>M+8z)23IqY!(9^cr~wLCCo3d(_c&Hr$fxI$U;U zyUwGqw1L(pva#iTd#>xe3-)FwGIGnlwRAglo$>c##M4^Zu0y1W)?)Jshkq2UDH>g8 zSc0})hal4tN!J*y)@;`~j`2PWvT>A)Zz{K4=X{oS3S?(FdAikY*AXMv0C0l?WxI|T zc?`1WoIGvBb{(nLW&pMl#CjQ0N!Q_>1RDz5b)?){i2JTM#CcWG8rZHQg?9#^H$jPA z1=+46mc|2cY(~(+~GjlW7s27U5B>LM(r@t6|6$qci+le zq0p5aO^wjF^ZP9LzY4T(yM_e$oeAPR_~Na3^Wbh^G{@n4JD`!72fKjX*NIFa<>`4) z?gUJP{Dc@o>OakcD}cEn)(|69%glphJc46Aadla+jKO@s!wU_VO{6}UpT4 z@yN_eGr^wgL`HVv<9VrUWIPz#u0y1`9?8vA*^k!Zd8sr(+pa^9c@4=sF*?(AIzZq2 z0NHPpi*K2(vj^Cw2VG3*hku0vZoMByrXA)qpLrLVGO*tU?-Rma_vy~@4?DrS?x$?`E0 zt9^J!DutBgUuC~fJfVuuzsmkSE0$qDb(P)dZfJi_ZAmJ;%I@GW_EJ@^vWY+3N%SgP z9M%%_D*J0-<`YArTnT!WP0TG z+3J>FWiww5Vb_SMB)Q6NK?#khrPNh+Vn?sCnIG=Z+6Sa1p6i@GD|2=uP)@N-zOk{HO7$oPpgX`iG~+apgwIxwan^*jC#P75qBXA zmYGx@Mh@9Mo9K+&y0FiEy1Mx4NnK6cZ2#9=uldgS-{}G{C8l=bb^*w;9bSw?w0MXbQX=-Jf; zk!B;37pbx$LF3Y8ae}r}1VQF!B)`Y#%oK4A^iApgs3#8fEi*;1xlLQhx;lA!baz+1 zG;$aK;~XeEMTn78AUn&+(?;wRA@#ZjfSUjia0H)oV)5J=rw>opb7)4Dw!!l z3jY-Vg9b|3%}fyzhWY?BB`DvLog&0iHvsxoWXVnuY(6s?fMXp={5IkM6U^H zD_&hZ_)x0r^e@+S?uMlYY3(T3&UT%b!G6z)%<+`RU1wqvFT1)R(wGM^9OCe2Cunq? z5eeFM9fC|NB<*5!rt8dSO$R|XoO1Ck({<#zhZ&Ha>g4HGw_Qh!tN`Fj2g-IGF>()N zk2`tVi0wL3ulE4>oFLZAkV?AFAxY(I*O79oBJQJ-zUK4Vz%vyiL>T>E#!4`34PrjmH1i z#p`wOD(nT<-SqMjJap5`&nVtaFWW)ex}IEgb*wO_`|Yrh#6((~wMxc_4Lw1dmr%!J?Mu?FI0C>!SvSWl8c^9(HPM$Vm z#|Wv{p8!-wAf;Z0R5C`~mQ>D;5mIhzfI3r!&Z|mhjF7^I12CQ-#w!i77q4RJQ~=Jd z$dVl+#L~3@tgXnB9V6I$<|zQ4cOV@a*dwIZe6fks3vI>IOPwcEUFVx}U1yiaamwNF z*T8nR>$C*BgAOT}O=6cmfYw;E+PnMr_xSdUXJxCqb;2 zA(eEUxk=@0*O79M1!y)^=)9_Ax{efnAplnql-N~}?K)!VUI3n`$dc_kVrdfqUsPnt zb{#gK`3rzb=nvXF(qq^oQeB6(;_2lpKy?nW_XxX!(Tn;8CFl&9>18z7lby&EQJ$V& z4l$fO6z`^&LqOZQo?NseR+!WMZdgcS5$n=FNU?1;9<}k|BeSxn4Gv`5mWsD*9pZdZhz`Pi1h!Lt~`T`lBzmrIZ54c7)w+11rk$jIvj^m({Cuj|8-oFxW2OlFuh&m4cT9Lf6=wj3945Cs=CDCOewk1o>A#Wd?4Ah?Np~nA@IQ(JcJ+IizJdn zvOnTU)u7k)SUL|u5=kQ2#W&cK=a4;WJ_kqSL^`BtZ91j&p7mah>1GY^lNrlzURnkR z!r3TXfqT_jh2oWNQI}7TDc!RE=$PMjm)1(V!D0lF)`htMq3!?oAJc8>y%N*=)%!B0 z+t&LlraRS&TXDbvHR6g6I50(bNzn(_iCcO=DqsT+NrE?^Uy2@?(jA@RPp%ocI1HFl zt2XE+XmoGC{g!=3{Vl8ipzIk1;x^pVbi zy(OcMbPhaNGOgwL&VhX-(?K(RCDTnahe)Q6X8Khwg#&{%(_b<}G&4{#Lp3v4GKXqr zsAPs|W|(A#Yi5jOMrh`6$&A#@ILVCC%mm3CrkNupGg>o~B{N1d$4TaJ%}kTbSg#wS zIPlaW2JTM;QpO$~S)Y~jf8go03ZKU*y%O1oj}nD^@G0PPQPFOowi|gyD&$i~5g&00 zTTwou7y|;cSD4C!I&;wUjssr`A9O$!p4#4>=7h=9yaOdupeOU7E|q!$b_G6%-BXlS z$4UnkvA0>JUXrP7m3mj2W0eMo5+793k_Oh`5NwqONyaG+u5=qqdQe zyN}4OtN?JeDj!_|U@2TfY`Wx@P{`V8Risia$G@1?X{3sCtz@)&Yi1#+!;b*)!>2e7faS>rK^ zY!;>yJZoeDt5uKB<0(L%msOjibB)-G`HWubaXa;A=I-p&d~7e>gPxTY2Or`~YMHLZ zOS017!+jOY=gI@!eCRKc+W^gzg-(O4Xn1ujG!VxSKSB(5gDlt^tHyxY=tCxwCDnwu z>O%^vPX|iQ%OO>x-EhL$Ots>cpzV1%q$t-Lus_+p-d=kbtrQ|!2wpS-^tpy3?2X7? zWH|4mpi_~tu(b(!FGvNy9)oM>`95^mE_5ZNAmXo{wd)N1-Twm|vl)rjeCS)!-Ai6^ zTxp!4JM`RdmdD{Hu>U#vQfbR-ZFV@8#MS!LR?BYknyYLQb2*cBk{o)Q#7y0JSVq-e)F9Xz zI!l8xf$XHofCIv!mfj0G4tB)joVFvfAN`y@<~QhU7$Loj|Pu z75olfFs=;AaZD&EB`#nRaoG?x1uv?NZHs`HPeB_{Q9mT%r!?>`1*WmD(cu|uBJ?}5W^aA9gJwZf^nLLOjyq~-&T|hla z>Qy9n$(PW+0c9llp49mOdjXXLDhCsoy%{5HDKDx@M3B)!pXm?i zKG<6&nI|Ou#0ytL%~~p01?8|s5WSVL1nb`>AT4g+V4wq)ilv&8){?Z2q;(~&Cux1} zd~vpNID>kdHW_cBbP>ASawlp%8|(!*eD2Aa#Wf&3fTrG;rK2bdXV>OGM!~P{6Y0H;K90jb27X!4DYBxS1%_WeN6;Ps z>`jntAvP9Er^@noGHY`XM2FMUO*d1127}c#%WkGc-}nPSPanxc{WZL z8+_BGU%e7-+y=nic{b*WjT-?nFGBQso{cla2H%F}SC>}&0f67~Y|IxM2l6S~>hItc z2{_X6SRgj|-Z8&=NI%*E(3zlAJkAswj{;xXnz2@JCI%(>G^fHM2^#kU%fh!6xBJOjDYav~mMQA~fr2H;nLC*p8ibL8HdA<03k(`9P5VRG5 zoepFuFqa|m&XVCNd`7%Ce)Spzn+6!T_QWBfFpWNn2Z$GUqknuF%CBBZXm6nUJEU%H zhnu8z`0%Ki4AHT9;?L!LX^Pp-oCVQ&dE%|o^y1<55Ix|;hOLnDe4#`%{6(ximqm%k zo}95~`+cX+@+yZ7jby)iAHQp1hNGGg90OahD)_v*A(np)0c(cC=U8awahOhoognBH z3m0aEBOw^;gx;m%WMfI$?k7PqpHdky3wR-!%LGzAY;IWNx@g$lL5Cckh2UT=1lv>yb{Zkr z#ahq?_U%~){|@>9uOPwUbGSFNGPBuu@Q;mUr%-kXb;7+(8UJ%0*PEbrdE;f6Z`o!83l*liE`pzM}!zc}VnIbw> zIq5J&Rzq))K)4P=rku**$gs(9FYY{prSpvXgdJnB2{|td!C71g?K}`^=K)bs=UIUA zma!>=5P1q3lj%PM9Sy(?f>@@4#%B5t zK^Fk9A`2R?^|Jkgpt}Ls;6VBP<4CC_`UjC80`*mlO!~)Bnf^g!h-R#YL%kcy;D*O& z$?PLdA!-qewfh`rsxi2!?n6WUiIUiqi6ILc0n?+EqZX zt4Nz%o~b|I=6E-b4J<|$TgfC=BwjDm7t@%pf!K~C*LPo!&!gx1wvqon*Kx^f)4fIF z8&zq$7(Uj+At*fq#EaFLh!NQlsIElP3vW6NT;XC*`C*Vva&nzK#nPpjox3AtdrNpw4vmG=zE~gYHZD zO2}?<@>B?)%Y=}~jX=HVkXqcc8XUXAB_RV^G+M-Tg0_C@)yQ7sjz#~_EsF*arkmUl(bFgrzZ>|>!3D`aEKS$Hh)PN&^DBJ zfUKvJr`l#mrfrCv2-H-E)Uf}d-P>N35p)g!=MzMp?cUonjYHJUu^BI9{w(pR))t0& z7eC}Bh!DJB5kdnGkp><_9Qb{F38)=c`HI=-3p@>h!}d#Fp>kYN)S!GWWQ&|U6~Y$!UXX!;EFtnnpl)$U4dLFtEOqQf7(vei z@G3#%DX6)E?BzZ|-vjVVY)QNKZsHU^HlV7R?oFMuB+8F{$(Z)?Lyaj2jVTDmR7AXv z6oOZsa?+oYiAsHxaXgNbSr#uZH7e6wR48ALW2KX)qH`WQu1$XYnL*6d_0z+OqyNIw9EWI-oo8i1gg z0L&&xsxPii@>ADxH3_-|fU9DV4)zm$S@v`Jf=f%H?vD{($ox6}fC)3bqrYYwEOG4w zLfZ+1wi5{M83=|u4C2G)Ogn9W<+@*C^@GFbR)V(E1FoGY?+DpJPM&I~`!nrCGn)J5q=S%mpgc>ohVxe{)3dsCWy4tVyShwTpP-m*C2k!L9}wOYUu373GMs} zz>X~F@sd?Idff(&UblhJ#W)CEjDyfg34~5cAaoT5LRVoRxE&=1 zxp^gob`*%%QG}zXI5<4Tg`=Y`I6CTr&}9Y)E;A%<`{vT~%XCCz&Nuk|4-TI@Gupj& zksARR94WsXvg@5Z)xAn`MLaR>uubH8pk9xWdEE;)&WZ(3$ok)+{c)&^i)0ieoU-=d_n=I6pQIy7L171d`MEy|!Xq6(HZ8Q6Ryi5B?XrZX z&ID?)Ln^4Hg6!Z<&`ki`mIdvt4%-2UpcesnJqv1{lTpKVeS&@f;I}Mj&zxMx+RaIV zYW))r0^*SBsZV?4=ouKgmOv!?FRgk@aBIs-YmSjPV6=XM% z30e!l9a&IAt)1NpA?OtV-pYdN6zIIJEVpixj21 zNC`n*05~WMigM}EoS-8CI64MhCjF?2dTvK^qRx&HUdX)e(Nqq*%MN^{?=b=C_Efy> z@-Q?uQi}~|#%Hda-vR%#ST;E$`w9H*PG)ywdgjX5wRu7P$))09FF70O;BH%S7US?` zV_IxUI1bLq)++Co_|<}T)IV33 zE{;H5{OYv`dIW&=SxW;H)I&hE3HlU(FJsUJ@mWmScJig$%Ngv2WV+3%5F=%mLU+!NPEHcD27q-A zq>de%nN(=$B>>)tLAp&bJtuE#PHj^V`4drWBe%;%<}$<=Pp5>lq~)*wku5*VwLA!I zc@Pz~eBU3i^@qdfw*^gyOv_IOe`YK@FlqVONz0qQEIgc}fxHaptDS~c_tZ>_^0m*8 z;8;%(ySswsYKz+bPtd10zRZG7&$K8(0qR;6N6OOtOp6kKrXYhY_vT}D(t6ffg8f*ZAd*Toq>V({UskT=3LunazQHksg)Od%K zSBWQAQMyy0iVvg|b5uM7N>}__#q*@X)t-<^47X+qsAletb$I{AeDE5(Zb;D*zu_Oa zmX@yEy7)xS8Q1-cfr?iMcz*G{-;7sg&Jpnr7zrWs`884V6JN}7wFqj0Sr!ZaMZvuy zIH?u5onpyAiIhm@kj6B?chwIAU^GF0QuBT@VbUb;RE*h_%>;jLY(Rcc--uR<=U1hL zX4i-{A}@6)*ZgE^y}A`IWWCP$1@+=`+SaR?t=F5-{FvJO2Auggsn>U4{wo%Ip497X z?5lXY;82xRy%yVg-2}B30JI_K>!e=ipNBIy78hS4mF%FEq}p7k z;wnj|R`_L`C%-0HL2v4{{;89Si&{2 zcb|m&YFkP9i~-84jl+K{spPe&BxNnZ??9Q9DV5Z!P}tiETvf=_A$4(aW5d4rCOTgW z5}vKZJm{QDz57v^c`~WQWnf+x3pP@qefAD8?{fn06>)!8V^77A5WI%tTL-A{R8*z? ztx}Fk0nZ8?>W6#}K+dZ;@s`2^^wM5t7oLOEF`c2%FIGyhmYWI6!S)4{a7 z3w)mF#WNWpUqFXBfYuPNp@wP?iNUzNhBP$ZDgbiBJnrS`jomolI(~9olXl8zy{%f@ zoBCg9RoyOSaa;U&n{Ri0n3i}$` z|IXS+3gfRZDu!*4nCE`a$hoRahxl#*9Y7Gf<=5)>hpUv$6sV_wHvM~0X94~7cc5k3yUVJ{0}0~4Bs#Im=0!MAR;6UO z#|$eD>Ce`};c}79t%vcH@G4UMO?D&XXOiJq`EAzxEJ)TzvRcPS$mQhZz_E&;_;k<@ z?-ZY+Kkj-mBh!GYffEx0pJqVbRbsh#np#LKtF{;Mop~W2v-weUcwM9ncchX<45v8Vu#QHEnc1(XIikAr3M0;&Z< ztphKZGZ6)m3Ks)hN-8=XyznyWj$m@#kS`q1< z$3pFCKq4mLm(-Q)p>+3G;z$LOYy=hkbvOjY=+RLh=!SJcm68f1VcjAQ4`CY!UX`~f zl`H+#uw(PsArZ zqlHZPp{wY3B;jfbzM2i{7El3s!KWvqa^wZX1ww5BFDN(#YNWz<0WKvKRRJ&jlDg+J z2~LGBc>#+Igo?lm=FdekhSXFf5qV)F+yN^U=}o6WZ8abfldwGmfn;|-3EAGnkqRWa z3{DWwhF~faW+Ogr5%G?C$lbGupAn0? z%!lrS%(gfa)CN!idBGkF;Uswhae+{Kffw{S3u>goZ7h;hGyuHtFY4aT(AA|#thZ9@`~7amG0B5ids)S3elF$s^OJ;~lmC+8AJDv+e{Qs9n-f6-v5g;!8Y zDv*S=jNWC`?xKKHz$9u(1Dnr9vW zvO@9EfsnWRBd&l#Zd(T&6axFF+zD z;VU#H*|~J`BjQK}l57PPb%K9UBpgHOnsuNiQ%YX2`gXWWUO-$R)IY!rp1K2S zq{52;E+rK`2VS_Ey8W4Kyc4?Q1yY(&FMtK>>~03>1( z{y8^NWXp@YMTLxn1nU( z2E0JBQ|M$9WJ^f}lDr2h+5`SYg-<}*jZ#v9B&=$5(Y+8HMgggSN%SQvbM<{l)-qu> z;%fy%z63GgI}+tZi6LJ-7~M(BS5k29lK?XtJV)wnCVY!u@FO*TUJu-Q7DOtzdIJ(t z(K=A!`!ulVDb$VG(o;bNOrkHTww(ptz7bRox8;MkiK8Gm^BF++R)nwt1^Yh>-mOfU zzX1pZ0h5T?uqz;?*HF5QYJ6lMI3jTWHS0oKqv^9M9hYB0V#cj(kH0K z+xQ`Gy+_>O3V8!BpyLtWM-%c5I>Gm>Dqm(4@?ALr1p#9c@oh&T-_I1>PsoSV;G38N z3L@Th4tdu#;;vH2`(hDqFNM6l6Y+jV$Xg;2zc(ALMiSOymK)?Dcg&+@{{(L@PywaE z;_pxy@&alELY)s@aLZO0AQg@TxRg|M2YBHW>h8hhw(p@!UO>x%Pg64gNm#AuH#Wcy z3P=S^qW(1Ce~qM=39}JD4^K$AvdU_H+}=}Ku`gt!HfTbf8+(!2!whK zyx{xoFhD9i2H;Xs(a+$8r%<;8lOKMEE_neh2SWV{UU2LVB)$JYaww9ByzmZM5$Q#L zLTxD^5tHya>PoiwS7hHMj#MDYnV_PV;a_w&)WTmWB^5}*YDJxYf}pq%0#X5!=t5Se z_s>WUWy0)pW(~IUQa|Avy%UmOnUE@#{9pUo6H81j72uM-k>;A;XD>c zDp~_xcs?~=@}a?OAj#{<1`7+2G|3@pg(M;`e2BWFqQ#Jg&r$dGO3-CCkmMd@gHu8z z1p$&0BoTSxuhb<~$_wv^Nmz)zn&AD)zzOdYP+=qTDis39Y#>P?vccd8YNW#MfRvJo zhJzOlrbfML&|o$g?V;vEH3lzuq8JG_)V$y{BoTSxnKVEudK%JjISqVM9R`>UB>5iM z;6>~*1zk&!^hXkr7d}Q^k@l3tOqq_14&*$HfY@tN&WgrnjwkE3lF2NNZU7t z2KW9VCgBORBH7a+2p2GWY8fER29lhCY_M@xXpjnTpea((3*d!!Q{&kt&|o%@=zv>7x= zg?j^1N-DYvys#5BE^khw$Oe*Jjcjnp-blV9^*fS?yznUMl8OdF8qTI}{}#|?Hjrcp zvO%?dkgO)P4oO5_cs+GRdQvNB@RPm~lkgE*k!;O2;EhERz6xH%`z9f8@kCYHg8G~| zN`o!PmXa4xBM|CaX1{I+1Ej(d+(9WN6>SACEJHTXWaCU`+v2P6&J zBWaE#A}<_CDyg4LcI-M(4+^FM%|I@jU*y3Jcd?8+N>wk zdIAzL2^Z3yWY49$7ZFD)kYpREC}81zp%&gjDXBmbRx1iSLGT;}qyi?5=lf}csi|!bguzW>jg-}B)pWml3hY~ZzPUX zAjyxQqRK41AJoDPl#&W0VYQ+v2SM-w1*8HdQ7H}l%&h5!gxQGi#tZo-zko0Li@3!W z@=a+GvmxK47j0n~dlK^4K&UYr>?9QpLc*8Q1$Q8c_-eI~FMOg^bTx4NJWaIW7Gy~UU;CI0S9wTUOoM>m zmk3ICfZ}&a0%jwA3n}8~vjS4V$1{-(J`u@SBvBn!hPSvv-aRZO74QyYDcd~Yebb0Z z$QzlZJT(H|Fpijnyn|cH5hUQv@rX&tyVVizP=&lF7Vuu#T?X@v$6r{_2dWwVFZV0M zWv>$8+Q zp#gVC1MZGqgwS~2O*qD#)S0B`t$~fZa8zMt%WLpz+!!m`0QO56(Z!;_LQ+E2)_1@d z8ucy_$%tOnic7)ThMXp=Ak!B%BwB3_g}An5AK)_=Ff!Qp@+^mph81mEQO3-vw9v<)d7_mF5S#`~e)4{N;W2rL`p|y;ENtKST z&A9dLD^<#k8>EC*=`>TEsnThtL8eNlnP#@MU1++}Jkyy~n(N9DACS=spJ8_Cj>1@B zuf`aq6Ue`AgxxGDQt~56Hh%?tj&3QGpq^j65#_e7=UBx(pF`=RIa@kONxojxC zTpY^aNEBGM=j^22q|s5JSvduT#g^N!Xtc7HFv#pp>KaGhr68P4!F|0sz5Va{P=j2VJz+I~4RS3tZ-?jxxsICe- zlw!5-&7hG#ak#(YI9x>yQ)&fbY5CNGS7>qhc&}`ApQP@IPaUCzCY$ILo>spZ3gAFq zwH}}cL*NfVA`TQw*#ytT;r`roYF3^CZh@#!|1#9%LU8#ZG}YgF4G`xWA+(*QM18#1d+9B)C$OtJ_vo zlb0ZNZQ{dSsYxwB->2ReNW_7!rEG!=8Yg8ZHK_(}fvBJ+HMd|SY?s1qw$7TBCxa{9 zlH-m{YFA;cjFE6xLTbHIrsL6Io83>decDvP(!*b_!)mQ}s`4Ff;_1hT*#)raUyVd! z#tVuhW(Q+$)@#dB`S+atPdbU)rnG8-SVP<{16SfU7rV^vFX;i5%96N^K_TMJC%<7~ z0)gKUi8>+W6U@JE_CM()c74Gu5H-y;zxT1oi?^KX}3^*`yP zM)koh5H;4Q6>8K59KSmfsS$7NB{f=(dxu_I>hN!x{ZIOTc>C@!D~hH4p4n!B<*)}i zyX3Ho5*8(`3%G)Um=+bqgn$YQqAms`7%+iZ%q;3Pa7-95XAm)A0&~E4#q7l#&?_bk zzxS=~p6;`I;QRjgo?kuB=}=QuU0qevGt<*O$MCx)tBsbuDbQ=!4 z9^H&aq(_56`Vje^L?TLDDD9J&@E@DA?0fVbuv*yIqXW<*-3>A_NTf%6nd^IW3|i!}78C8cr%9es~uvHx0(YLq=0hh2}(L?hCpC3oZ7hvd5yi70V| zv`=EfQk%2vd-MdbTG-g5x#-c`z{G2jNRRje-}h)#%pQ@4u-WGMdejZrgjI_)^yni> zWsknNQFtZsJ{kok*P}^jM0&IbNDst;_)sLGM2)mhV!}L|v+R3R53Ck8_GmGBbSp6N zLr6p|uKMsj`dYC^P1TR z!GU-%5>aBUv`=Efc$>5Advpk}TG-H|%-rBY?{6qx1Wk9c$rF#geE`UBkBVz7qkY>qu3ldS{IccB7 zgy(I}vN!i?V70I@fPO`fz5*ux4Te z@|2i=0?7^d9@T=$_2_vtB0XAvyi(I}AfAmxl(<*gCoy56%~|$6x(QeCC?#_vtF4lTVOc>jn~3X&oBE>#n~|ZQe%V~yll&(*rFXY{ zQT9)0n>-^Vg*H6iWORXjTDAkm=z<2#d!t?s3duVC!wpBFkLE;ig& z`XO=09O;L|Jrn5*F-h)Vge^qbTOeJ0T3pezVxXC%lb#oE*))AJCYj+XQ{T$fal-Kr zc^vpB($!8@=dN*&;SwKpc-gdXq%!*iUAs7GJkwhmpRI}~MP0~^#-PlJtoJu{G&bxI z*Hm~3-yXc??Ebd=7CdS(q)PZ|DD~CBxDMcGJROO+gJ?O|Ye9%euTw?i%P2rq?}+qD zmMm;-^C){;$gM?S{aAenu!t^|(RiKYKqi7wiL!6uFnVyTD!Mi5)W<%Xm7Rn4N)G(^ zq_%WD_^RU+_ZasN#1`W~+zyH8yt_Qck$5nE4kWrziL%3i)xyHjpc4Fh0uzr#BK$+i zUrnkL@N>}77NYEFz-nQk1^K=))p7!ceW2s}k%$F}Ze&4ns_L_mzQ>XUZ^3UuZY=^~ z!JB~<3&z8|RlEh;ZWUOtgMB6}J8QV7^%fifS`!0bb==!MKK=!8HU|;aB1}1(ViSV}}e>JH#;OD?w zQ1=DDuz8ey5uS*~CLh_cUz60``#J;_{Pc~6o$ zwg)}{!^(F^q=A+#T>~pBq=71mAhhb|JL~;e4y+atko&QfTXrW#HwWI2dw|yX@sy4y z+R-pGGZ=L7d@m4X9{{PmpW&h?xv647tjZON;?%D16;wQ0$ex(VW7Kyrbu;7MbxlDl z{(mQ~qbhTE-ex-Vx6N=XhBU*1G;`mIpqZiO&dfEtgQ@#w_%GCKri5$QQv2h)8U)Gl z9!NwO(PG|kY-i(m9mW(e+vY6$bL+fNf)=4Tw}t^L=ho-Hk=%gy$r2n+&aK+!q{T#W z_76uHUZFk)tvk1_u%xL7q~EiR-;jvjb8tvik(khNfXP|*=hqg%YGLE~)d|b;DuIcI zA`uzKP)3?mgo!q1*`H%|z-nQGj1n%AOq~jAo&|J#H4?EV(T%K0PL)2IDPX0|S@za^ zCzPN?D6DxAuwul^Tiz@h(V2 z?;~+YRgsu5)#faFYt95#3mdKZE>t@WnD~4oBI6*+NRx_im(5xB)?5m#7B*UwtHM(^ z!(bT-p}EXsv0(T%K0PL)1@Dd1k4v+S+;WGF$4P+0Q>V8xpI+(dE%-kRUxaAM8F z?EF+&vs)ZxXw7zmyfv?}q^YBC#(!DjK-?dR=zSKi(N!cS>}zwDy)_R4Rtp=gIS;BG z0Ze=>5|MG7T<1wexWeWvduv_~tQIy}liRdXov}3FQJ~}1NW_{%H?k%a3Dd8P+0R>(26zByqM$$yfue_DY0fjL|VjV^?XMeTJtc_y4c*-lBTY`1YhpP zfp`uQ(YqXnR27K{H`ttIZ_V3*)xt(=J`B~C0TVxkL}XycJ^D*3!djcN?5+7duv*w4 zBlC4|>)@Yw_t?fh@$&Yq!2}$hc+E|nf8w?Ge4=L)Jn^~-xDxI+OzjL`)j?o92Z{KK z=tjO`n<~9GQ^4&uXW9Gekx+sbq43oVV8vI%&Lp`3@2f9xIPulzm^~9;tv}0AhQ4ZD z?S0kRO?i$7X&Da0y^)CCTBbZnOc-Tzmc6gW0IP+KzB&%7O#vpJhD2nnhbAgbDnh-@ zS@yoV8dxoCkWs>2t*N77&80xcFCh_Y65Ys} z=7tkUZope}Aea(szG5f!%I-VSQHIv61+9zxCf4w&HXxmb1MzGmqW8CE{ts2cLYuSf zt$7o$TG(jK0kf65ADH-2BqHMj%1D!n@R7|~_SXCoSS@UjQPw^0q()|lS9yuOjV~)d z5yCC_JN{ikD!1`i+|F*!R3!u2ydy6G@d$Oo&G_C2C>&JSLX@oswk2yNvfPEMU}TEY ztfZ(#Ri-G9fB@chr#`~;;&p86NhH!)JH04Vhn!u?nL14Az41k0kj7sikqF`X)r8Uf zTXUMi2$`W?$F73mqtzC`CahYd;SuN)O2wm9zrPQ_M?V5aZFP>Sun>Y&ONWF~VY4sa%uv#xAJrK{~mI)xr{sF8OHbzx%tlnt09b~jdA~LvGLsgNAFc4@5Eo>pmZV#*$ zHp=Lv@YO5II1-6ium|4oim=)u_w>1{=i>+yl_o3U3Y)X+PtRLJ30j2W^qc^!oSu6H zGl00a5Qwrpw|92^ChBHph-+Zy>8kTLQ9u4YHs)1P$Bgke(e|7%=Dg|@PFy?aYYUyf zjoRuH#lU0r(bnLc!WM&H89$6LbI{5bqHO8-vH18FlyJ~HIdmkj5*k0)&?r3=)6eGz zw38Fs#g3NK&uCBvg5puldYP%=T2*@W1bp-`;O&<1zTtScG`yc!dQMV`TxR6>}tJDY_iN_%kXD9QV7lEc1n<-irwKWr+lyN$K4*W}t z1tGf@i8$MK2bO1BW~X5I@hZKI!<$c>I8}{@z$j^bFN!w<^r1}#x(U$CPr(GJmk|$l z-AYBBrnWM^P1Ry0ek&Y_J0OwJJp+eSHL0udbI{WkqU;D@wXpCUc&}EealpjWk%(f+ z3HXYZf=FnOPUiYI?J@-ytx| zn6x#^gdOk|I2?%wAQ7`1gF~vC)T8lp;LS1)SS>6x%ip#5>oZ{DbCHNyk{QVyvzRGK z^4^1=18mg&H1VS!mncdJ(F%7D&|KT-BsV8u?nzm$=~%r%

    U0I>dZC)+0yYY~c;9;R^gscatRXdU=VdtWfQySYl( zg4cnv^_XOJu$e7H*>M4BCrrAMG_@4^Psf4y9M^j9IFF@>RB1{e+;4N1z5Y*!60`{A zDFCck>O-{j9xLk{T^Y1&|Eqedbzf-2&hJ z1xb9Mqf2J9cY%qLD}b5KrZB>}HfPyi@2?C+XpxHR{U~60y-z*W3x5F2%A-i6FT;ZA zY>DJ5iXePsbC&)2yAD__BG83Kds7SUDPrD11)J-2ttrXpS;gf8h{ezRg+o3f};%77>tJiwfmt zp2ic915f)h4x7OV@BQZ3D|F`dU@-I#0@1Ga&Ykn_<&;%Ex|AOfV4P;w1w1osLs9m8 z@JJw#F1O$(?f)p)+=!`>A*t&h1w%}IxT$X_Xv;e9xg4SoXYmW_?=`Q_yB6wphGVQM z8+a08&VoM;p9mEZDNV3;+c04`Eqo+WAA-ceBwL8G#WnW+>sHfKoXfKMz8^SX*!-*S zC*fcpFghqn#BJ-utuo?NW?Z1JH}*8pC2u>7vCqvob<1W4Jid>MLLTTTk5((28V8jQ zg-%ZfI`vO<`qt^>yC{!Vrn%(N%Jdj7P8J5OdyUIRT8;U>#DxdHZzbWeJmB%+aT|Cf zDoB@G@Gn~s9!8804^#Ky!Fo=3@a;=Zco+_Z$3KB0-gF;^iX`D-m=GR|AH*MRgT#Rk zk3PHE@Hhu8qNgrAUIWKQ!y{gTe|iF=10NpaoVd%4IF;G_;YzMk0gr5*$)#QWMJe@J{u2ZoPrk!o~~wZZOXdz{F#b zhY066fvm<0AC)YCt z);x#YuhiZ+5+8^}%<};bsWhnxb8ODCH_y4iYGI>!o`QL<1twmCM9h=CFUm2Gd0|9e z!Y4Lo*_-F5P=pq#FwbIO#XJK}iAXQtyEbTaBlA#$T=TdWNtsiE7fD{mWXMR&vj{i# z9H3KwfOa~L#3vyU^E@K={G=vaV{?|hd2Rt#3mav84f8w(O#CJiF;DUWD91eJ4G?(+ z_O>}H-aMNDn~2aN73Nt<>Ac^ZlGi-@gQ>yEMGbPzgh4<%@RlD2tQI!P*mg2Dy;H`~NW{j;`gx51Pas%iZ+qVW7PMN8*Q&h$-*IA!#^^f>}noswa^uO%a68 zY|e586F`*xIh3G9C@gt9uwuyzkA(;e{w?UZ{q3zOKXhqsrLpPU&M~=qZ&SD1Cb8+< zzWf|SaZSQa=a&?@CY0LM7NhLv(g+q8Q%-|dt=M#)(;7CN=d^}R=eD)h(i%3MH#l1=AJ(HJ9L&5Qm*@Dz>-Iw+38b1)^U(vf%K|88;EK~19Y{=mv)ToVvNn0ro` z2@V)D|6}A$ICyLz&Oaxd?! z5{cC+yyk<3^0toe_;TLXm7N~6;h%7BbZwMC1NVe8%iexvmgf!EW@D{hn+n%M z(U^p5=7!)UqJP;{GERmKyhOyyF7p!6zwFvvULp?1uwq_z@ui}??Be@Z2YqcpUUoew zuQ$i)Tg_`u&6lpyd}<+H!FEGq@jxWvRK9|h0%qkfk3~%gV{Oi|e?>S6SS|cG_e!_I z8?w^^x+)R_qU=S$%Bf{up5iT6({YiyGoU?9C`tRZqcv~S%#1?u{J7g?`|~_BGYY6z zv(A3YfK(n^WA*jN-NJ$D7fN1k%(a)fQ3|=k_aar3rX-3J3QIXuZz6 zIa>QV7cnwjVOd<)JtQXZ8sVm3X!9q-9Pr8T$yEvEv;!_W8917!T4_(j(KSJPqe%dW zvddk2e6jCFv|=5V{fQURG*bx$md-p3e{dfNc-innK(m8mwHa$XTts5iSM!Q_Z0~NL zMqMk}3Wcf6%fb8gfr*eKAVk(ulV79_0mev!1uztCh&q|~?%YU&_wE~_5vF&wy*uMi zk!=gul9ze{Dp4Bgy2rnoC=9f18}T}e_LSh+m2{5BzY}9qYd_d z;CMV9iJZsZv_P~~Q6Aw`o3kue4&+hx9ALGu@jQ+WRq9S);#ZI)_kLn{J(FjkRaZ%bjqjYY*b79X=lCc4Wh%>gsu}~VEkt`bcWd#0g3CH7OkR+xRXUs#3 zs+xkYz|Vnq#`PhG79n)T3^-#Y4#i(0$#n+NMSQKlNoUCV0#!}%T_^j7y)(84Hdip| zj9@KI!x^tq1$SnAA{9DgPgpNAKCcNcf{+Gh#wnD`?}i%Ti8D@uY30ngB(J13p(LX! zg@`j=NK{SEjAW_8&)Z-f5RS)xBFS~eacEIhQ}7mtc$;`<^Z_>E&?1D+n2p5?JK<1# z91^h^AJELXh9zDyE@kG#-HCOTA*^iAYei;m+@=~=T9u}F!VNZO`2;3_DEm|>TuXcK zz$jqh0X<&w8hyCr!|_>F$WKk~fcJpJ{EQ@5vjHi8BSg_Ey^1NIY>MxDg<#nH0ALdd zT7=?8=nD$xjnIk3c+U%x_(Vs?m(k)3qKo7WvY6yt;Kd3Uq1%$k4AnxQ(rkwCpv_qx z!vqjz-)JP9bVj(A=3$arppu}RDHQ}|Y6&#_owbgK+MaMZhGgTM8Nz-L9~J5O=-!d~H!FW35xGY}t{ASUV^qcw$W^M$Iv2_zluh-0 z+(9rjbTzPA1frEsO)L5b$uTiLsx5ANK@lH@M9yKZagkK1T8|*;y7U0ud)b0ua-nehWywew4iX363wr~rMFg~MMNzyytc3~_Svekw$h{46jp6T)%8Wh8O1R4A zEc*pUw*#w11_alkLcy8m^4=VLkHh{pL;S$!l-&7mw?L?0i^s6E@JQboZ=(*t%CqoC zP1zovP0xNjQq=+N2r3DPvSV^-%}VxmLv(pFupr>^NyWDfEmObDej)gh4Zs*j@%WgI zJA7Oy4Wf?6$8nYZuf@X#?&zl@yuG>B7xVzbGCqwp#dwlI!$cFNw{gM+53fE>fe|7 zBGhNG-ftbalgX%NpA@#fP6#m9x*>3;dq)suzi*^!qO)Ih)k>Ee6Pa1guB~*nshe5O zuA6DQxXUiP*-UR~woVVnCh@nF`V);5v_9Gf=j$+vnWA;yS^QTk*JJcQ>GS?z5aY3} za-z#G?`+yN@6gIGA8e{P2d+djhk&8r>;}!qtT4$;llJp3{q9^EshdFRz=!31z>2A_ z0+WPgk7fAhy@1w-<#)NXJ}hs0$cE(wPq`Mtu&kVB!;))qlCZqHNp4u$RWqvJ?oeQF zusHBxIRV%lWefRFKAAo9hUI-A7K2i-6!?ciNmx==7?!4vu)OqjrCtk~_hDIljBS1= zv6T@6e#P?zp#&{LF~IKtEC=`!{sT$s z8Z@_Tdf)=4@?p|Q!LUr4r3j2#u8G%GP#_1$E z^@uLw(ks*OM&_J4^k?g7HbXcSOb-0hb+(ak(i!1en#YY&1yIS2(h#ZC;OY8oL}R8t z2uXkK{RTw-vL{NvN4Z-!cfxTZn|Y@Y0HgV+RTmk-c!tsA{BPsv}ua zcFC~?Xjc_qCPN;0Zah&bi3MAgJ8$wIbvKVcs*j>kVB$#u#j;8$r1CUiX3 z+r>L&3t$s2ErRHj^23zc4Ts{RkmTBp=prsN+oV%u%^TK>ftaw^<}CX&Wo0Abq%*>` zG!Lij3smBiL#0BeoJXfzp4XJ6$2D?_2C9gE4rqiYPU&nec`EZtUP*_9l8hZFM4Yk@ zMT#8~rzFeg9(V!+B96yrAxX?DXG%M?sL~WnxYy<^d#5}ca%mAnryLBYe1t=BbbLdn z5M9K@ZJTt8th7^UiYE+(7zf@d2R0H;IwM?5^KikUe(iVvWf2Q0H zAq~!yt08ERTHNqi}nUQ2*aNM(e07sI^`Ge zt26}@cE)iB-YI*ATv`OtDObTM$5QIQkmQ~zL>F;M-6owP>-$ui;t8+YoMrEnb&Z6R z&Is4iJe+bWP>EA6kqVu15uI{XUQ-U6-N-3@fhyu(u^QotQ~nK1g1iwmCFyTF$v+SMnS;(bD5S{WCoYMS6NZk@i zu2YCE;zGVnIz?6$sx-wD4g-?|@07C}2`8NquBCZ6r8Q8AQ?`%_osvEiPU(omfj?8; z1W|)ChWbpVde>>5OnK&BOhh0hPFabE(k%tLXkW0)u$>zX75K?thAM`S;vLc;fzXaHgD- zsk8D0Qu!%?Bx45(5%;&ku}~V^-_1%(Ejbtaz;HYsfh5=c`+)}c{J;~Y*_>tX{u4qj zErNJXj)GIJ!J+sGB)Lu@x`=BSH|Z2vP>B&7#DqU=&a!t(`%@bVC!G zwV5+cQR-zJkKaL(>y)8rQKc!EP%y{jEPJPUVqP7`gE;A}(J@&UFcQbY zbpZ&R<#>oFRH^M`cxcG2Cj&0NrH8bAL8ic;Zd{B@$$|jvSnFLif3-L zb|YJRwn1z1picUn2ldP&)4i4b*s%`GFz!s%Wx;?OTU+B^6?ED!tvlv4*J&)RnJcEd+F!s$=N|`_**}LDEnsETJq)T;;ClwA-_C5h?K=g#wF(K$YV|Y1h=x$ ze0aL}L|3m-sj>L*$)}JTuSX*O;L1XC*0SL$HcDuBrZ<3JvQ`eP7Ji=jtFWN5A24w> z5|Qx|9hxQ;;UJr{+>;3)${q@=7B<@Dpgb7iIJ9 zJc-QPKUu%1(rkvX55zbaV+&DsMkC>*Gs3kr51sxtI*C}_3diM5=<4W{ZumCaf#x_PphhU}#eil{D?blhp)A8|~_&69#uvU>KT3 zt<7Jtn6HkvX&$wD5S9@QRoQF7xRFkj8wcgYcXMzdYeRJB;c@5fF><*<0`*ER@Q~@n zR^U7wECr_`5m(!l;r=h3N-GYDR2GLFoN5dB7&fqS658d8DpQC>$qxK0rSI7S{|1Sd zWSsTpl~T@%#B@B|u1Hk<-oZ%K@*LlwzwC7YRvNqs(ao{CbjH4T{}s?qPL$il(VDfH zpk0Jzn8yaR^$G1Iz)CAT+-MnQU47K;=8kqvV=eBwqH}Q9RfxoaAL~Da0Dm7MGGBHw z!+VgEn{4rcy$2~97Dz(a3E+*`xpK9`=$wkWuC9>&!glx!dMX-V>X0mxaM2T(ZnKs$ho=gBywm-0q zg=%RKC-IAH7^{xnmApokF4+~IkqIPiV+29ck-$m>-QJ2kV<+*N)Z&pM{!y<4)KsvZ zAFz7YUXja+o5zWagChg)dE(DO+#n9#0%}uBE>rJ9ho3<+wNYV!)!(jc_hV6@Q9K*p;{>3v&AYHlFO`(+`p za=x5ZOxnaR{QGn9%b{Rh9WMDeyr z#4l9R`Gp#)YRVmlp9AlgBY@Sy4vX|bMf|epGwkl z*GDb+*tY$l)21j?e?|H;(X|TRV*W)0bVf3{m!i|MWJ^e8* zm=^&%1W8_XUQ$k-OG0%naq6%^!ZZkQ;MJLzN350xp-veahB|#nB+ z+;sl)QmMhC+n%lQtwT`9r#K;e5*H1LE}8-jgVkkEqiU`~xWDAOHlrq~BD(~X+7KSK zImvK6=prs8{hxbGD%WGSM>rhp4t$R!{N-X#^`^{|T10dVgLM((Wq?VnVJukc;OV0sIk0LW>XcIk}mK0=b@ceMsx%mK}}N zs1CdiWecQhler4_W~c72Sgh$l&UI9x?Ct^S`BvLhSqA_0fdlb1NOGf&=prt+{hyZMYn|0VfwMBOa<{erxH-wthv->H_1 zIyNll*N%3>rEEnFHZy6_pvw1^FrX2B?B65g;m%YIVi zKcNUMQelIufaQ6e`ERg**55?6y4;u#yAv1_`>Ea z@4y5QW!1mn4iN}<+(yB0$5P3$;_afnTz^7+4vq4{l0zv3dEU&y{*B zpq+2ciGN_f!cH*oa1lT8=UEHtuQXrY>u?9Y@2uBPsw(<(MLz+4b}0szGeO z!vj%UyExUgr}LwZlV>-pn9%SZ0p%X3hwB*dgwnt1_Rw?K+9q z2(}nypMxHFaGb8Fwb<+`U`!v(Tn=`Z<}44!?ozwR)a)*0CukqUc;J>%Nek_-w8K}@ z!iJ=Ua#EE~kWUmshS^%+p8eKUPI`Dt0GVi_RS_pU09E~=NBVLTkj3fMK%Tw?v z!ea^-Ejy^P1^H}wlcS~QnhTEE5!G+ayGmUMnGU=Kt^!sfekaik15ryvyn_+85M|do zjhd}1tT^AC9TIQN))(gdePFX+UAJ=h76eyLQmm z7UUh%Y_aZGeU!B_*ISE~Q!g%$)F)^x{sxIeF24_{s;B^=c%c{RXZ_m(tA!1&Djod_ zzW)=@`LSt7V8v7AVlj+Ocdy1ZI-p%(Lp;jHSvxlIa1rPHJ!{U`bny#rY`PAVm3$G9 zJ2u%B%Hrw{7@Kxpl{+?>x*wYiy&s!+JZEe&2#!tnJ|$L>#E(r=pt_7r)LO=-fxwtP zBx6&~8gYzGcBQcyo7f36Hq8h^YLsm($}W)>u=71>;fkaM6JZnD8i96fG6FF+W%fmH z9QYBT{WZaeU<~3%1XK4Tf~orvp{;l`7!huJ(zOtd2y@X!G9sAn`w?LcSU4hZy|{y% z5h05My!vvjw;2&`e+J)ugG>j0M7RT3iL+*+8AgQnUw2ga4!tc#*Bf?>zl@WnHGXA=wtMOMdBG`CPnGQj7eneQC zG=~wv7}JjkSuy5t7~6c%g~pW;flJ;UIpg2rW|4sVBTgAj)pYD_BdT&}0D)Llb?SEY&7ScKPjFlwHUsPa0js|eo}9~yso9rs`efb>&LK~HABdB?W;4oO57ees z@uwz3hbKT3zlB6%f=arnS!$@#luP){<}CZ^+2)H7*CGN|d5)s!pQ-Rq1&+j{kmUL& z`OfRc{bN4*O38#XY|gUx&%(TdwKNJ%Dsh<1{L>kU15dm+h#UB4I8d8f(4XpprYC|ZJ`Rcahe|sC zP(%Ff6%G-uv^mS(Keqv^MFgx;hl=>;2KeWBR=z`$>!0L9vm5u1`RXhs6T01Ga+bY+ zh5*}Gu$D%l$!epC{z!88XXV3q0TxK|{y834@lQ{=h9v&^_cH6BIeS2$|Y@Xu6ME<%!P#^g)48~2a->@6h|p0YX1-al*d3f9snG?|IRJb&g&4*%?QH`YZ4 zlDvP~++zLHM3X1+&jEK?|9p_eR@JM9@y+&Urt#1VJIQE8~`$}YBDEPp-%y4?x^ z-I3(RWpsmmrL^(5G~XL$3xx3y;lRh`th|D?Gzt$Cv2ny@TgefZYZhT6d?3lk<=w!x zWCNeYZy&E6*ay^-uDRq;-AwZ@+AK0dZG2t-6$L# zuzHi9l*%4g${bem`PiEcvo8ua&y1wC`J^;Sp}zft!aH207VLzb zF`$gsArTYI!XcOdbo08;Mp>mPiIBO|o4`LpZvm_p5qL`YjH39Ia5_SCCmf0EkmQDF z@-gU*hp727G$j+Ru{p~=M3?3jtff&nV-yZEM8`{x5Pj}+Oa}*&e2D%Ctc2(xiabe( zt~t$y=n-ITb(inF57ExR2CN9te;A@IE`Z%Ec;cf#+#o~`1Zq!MTU@v;h+Do((LYr{z<+@y>b7TPg7GeVLOO$ z;QccuuV5{WLX+=|Ci)M_;h(dP$IJ0RlJ`$NuwvxhWoJa2k^!Hk%)h&r1K9oRB6g3>}zwDy?>?vt3?E? zvNgm_=W1Ih@)H;$qB#P zoMpd~x9C22Nq8~Jy+#=rO4l z>WoRep(3je+fPQrAtm<*=0Ak;%kSt)>)UcQ%PP|=kn3mbE(No(1ZL}uCH!pN?P3W( zTSv>tY#n#JIOuB&GJn5JOfpvAX-&laE@Gl((UrK)o)#@Zdk&trg(&-9U?mXDp94~Z zS*p$HQRj7_c5e_+--_$IlNs+eXGU%93UO8XpE7(G-~lguVj_GmV1p<#v%{I1sN5_T zH(&BVeSoQ(#!=tVHm>?*A$wXN+lT(ixv~-M+jhnK&w#c|qQ~M!w7-CMWkBnP=1(21 zG050*O3D1($*QbUcR`1BAc_kgv?q#Ph(1Y`-qTG!NH~!~2yH>q4Zm74)c#IvrrFW{ zO!kBEC{W=|oop^TxwUa!=Gfq*_k+t4kankZzjKTBYOvu3gNw1E9kejGn7X-H;^5*o z+>|W|+VLacPiRL57t&Q8Y?LyC3`Ri1jF({_2F%_)J(mQ`$;f1%2vu2pkvD>8I><3m z(}c-(L-qRr%ll6TiG#Mb5M`GFD}l!4{eIWWpH0hF9)y({*!5B<;)?%lT4^v>&MmAQ zuo;Qx&sF_CJOJOl4kUY(K6R4qcbZjcw}UY(F7;Y?#}osbXu&bC^i8zhCok=`4QW%4 zL5CXB9*9H+U^Xd*UNlykEQC2WXBk7FK$JZfSWSMO^r=;2B6T?{*C9!SsWhnwPuZO1 zJ(vKZ?2Eu^VZ%G{gAa#{;%0I2`@sHypNQdRoj@mY5L!QEa+dwV`;NeBvWrfcrueT< zVB({ZNMI#zs)&|_J;8>W4MlF11{OT>U6onz$XWWx?y8}D!d*6Jc?J^zwn8;(hIBzQ zTC~BP#a_VUx?{H1Op;2CK1}lASkLrbU8Kr-`3(2UG6~Sb(dRm9OPVgr{e&xyWD^y7nQP+fjKgk zC(4#QjJK_3%T8Ugb?3Th-Yx!YZ;=p}_L>x_-NE4ix7`A`e*!i*lkifwrZ!S11hoE3 zVwdI8+P!&~H)+8Wo%f5W<7zQhf+~I(i3G3zFPW85`GUWoT@}R;-nTi+{ubvuV717= zEzTXN@boTu^e6;IU0?}6ZuD4g1B1(ROkmWtN|x$;gWl{63J3l{crvg-&+Fhb?5p{_ zNtgaI{$flSGG3|E16~B4K$N}M@s`M|Vgz94iIKW1psh$~mpfYbH{Yp4Fx~YWu<>dn zVkNGOR%uca*4vzA#I*okhykmGjl+&UP^r>KAY(8RImMGLH5*_DbL)R?*OlY&Ze-%b zDXPV_Tbd0u6f+S#4z{<2C_6ipq(wN+*e+}YPq4iuuTh1^?gCd_kk=LWfkw_z>f+8( zij{M8zn$^@H&h(>OY#T6iYq>8Wod^(z@GuFH$%HeE$xQ1(3VqNi@n|zE@Mmc>ElA>4yNT$x4ld?u>x0#xg|N3qrb*D;S-(=QYVQ zAQY2KgbFS?Sr(HN!X%#s4S18R12)$rgLg&09`j0j+D^af&OWV#R^`48ivggO1&|-3_mgSM>rV7 zG-bq3c^i1?Er8Wzm6#@7?|{ya(_4phC8HSAJ@T65C=iNCs?jwU(=3ZgVwmKDpaE}^ zD}l{5$<|vV{`1m4<7mykImGlD$Xx?${1Xz1=_ER6;v}Z;?a!Dde}|{NIehGG32efy zMIwUmKa|XvuCJDu9s;V}@DmF!g8azrha>k?{2X|>CjqO;#+cqo@>-SIIj|t#P7tuU z1BbCUx!y#ykXYN>24|@nk`}NL*Ph`8Y*j*}+1Eq@}A=hdro@(%vk%G-P6@&ffz*NMF(*ro zPQd+JFREUIUCiv6t8_5ykJvcj6PvTVCldfZ_nB9)mPT=A*W)nnz^;|NMrHmCI_M3y z+q2eSZ+~JtSP9Jk!eFU8@ePubKpS6$L`*${oSgIsHm%8eDdHr2-fzL}dtb*T5qHQ% z;pR9hLio_;EY~psVDwO|_v#AE*4zAf@uVAs6NMl7c9| zODT4D^LS>JwaPcB8Rh*}w@q3;-0Md52xB45fmi-?*T!BbY_tt6`Z(odkW%@k$VK^- z6sUaZue~F+3{?k5*#h?X0V`Li@jyvHk*-Ka0U0d$d3!u#w;@N-1yR+7h$cQjmh|EX zU42Qui&pV-Hom!W%#F})6It2bo8{x#7Cd;aGaK1%mqxG{;eoC4(H<7kUScj!&#vB(&Jb=HzCM4CH#+$3t2tH+3mI|2>YxEuXiZUyGXYir;RwNzaG-&DaQGA4qfH zJ%6%mV(^3%Szw3+dKtNP{8j@TCKMAk*q9#Ra z;&y&387h7&87gM^D)l1VX>*oE9P%jpawuF&d$@#-1r}FieW>JE`6M|eP9}B2I$u^w zU$mzV8L`@B0h@nFr-PGj9cvT=}VlyPafPa_@9*IUajZao}%czXMi=30_BKT(}Jal5qhW zTzg6#6XTkr9bZJj&e+_>O&#g+BJT#EyL1H2D-l5t^YX$0d!KkQ#~;A!WC zv@coO!XvL$s%%kSg&qQfn1kb;GY6&69GSIPBJIEr5}zfFU_fySWxfdZ-g(;e%T9UF zI)ze4c8^pK9Eo>Bk{i~4LunJ%Tj~r$##OeEs7X^G;dq;~+?NR;%3c!6)6xVYxgW5M zN_`FY9xV)6ksKop4fZpwKh_bc7ijw9v zE$(vn4W?2nYy+710Udlg38(CK?u$t!{NIkkp_pnbdp2)GJP#&`2ok!8m=C0!AmeeB z{1O!h{^4Rhu%Z+n6@_*gXiHx8w0?O)e_#XJWO)K-0EP8Ru#;XgJB)MI~8m3K&v-I5?o#Kg;KW$l5Vn^N7<)=l|hS#8*FLBd0iiMnATDDFVY*T zTiMi~)hx3wg%6Xlh1*Jr=Kbk9@HNZGS02vRlt#wP&ugr%$Pfzx zQMMjDaxc>C^{8Xcj=a~St#Wqcy&etC*^#$8Dz!WEROun_Vf_arIS4KWz>06SH64(M zZ*~Bz(M-+&)vwJbN_`vf;sg-D$3Yyg`O6YaHDCHMzW?^RZ>L*A+Z|YG$I)i`1~$S8 zDiCE)2AvGN+y^IC=JrLgK<6)Fw>!?&-S)Uj^JgSuRli5y#rxkt18@DsP6OLhReCP0 zvNE9cD_H;AfEHGnu9{7VI=}Ib9~V%sFjm62Fb)Tz)o^7CByu$@fI(FiB@y}p?Z6LU zgMrn;h6qUg@+Q8FO&NPR8T=y^l_nKorp;OI$OHh30jq@#GD<&Nt<-G+oj(Dd0ai`` z9&WI2E;#}GcCe@OZU-xSBM8Tw?O+JUob6x;$DHk82uHgeOqEuyRB9L`Iq>0l5U>&^ ze>aiSqH#E`eF=Ye9q{^aoacDWUzNZZlR>*UpzUTGjIs|lq|Hpq8;(V9+HmBqD+x!Q zyDt3P)+|@AwtKTG&7Y7U9529Dv@;KOkcuwhSC=@?jL|A5wq;~5QTlW<)0^hUz5 z7Y@t^S9~=R3CC41sH&nQ!ecgP*@xpwV70I@9G_jG)SJM>A0iPM`~wx0CKVxi%j7Kk za4Z5=3masV%(yWef=!V2JkQ@?I*WlK38Y}aW$f%IqdJA91c1K*ZzP;_M!1&dah*N^C|nuLt><}Cslg-uzoB8P zw{fTvNv?)OZ|n<0{^nRFVN{wr5RL|u1FzwQjf9iVeql(OhlcHeN;KS3D$ua-7+#Ma z%4_^*K_tfKO|COO+mZ{}F1(F=FE8WYj*Z$f>XOm~cQxnra>iIY<>lYK5Lw;>TPB)i`>Hj{1kzELdUEt|8vJre-_IV+T= zr2*J^KCrN}&PtBi?BCYIP&?*TyXU*MztqR6O|ewFbm`CdBX>|Z=wJ&`c3)s+a40FV zw2wl-%z)OFW+K-GdYM!a z=%1`Zpzl}EbRGy7;wKjGj-ygAfleWW$8FBCZ(Tv2ZaM~o3X&=+UAmP@R!DUY0q-BX7eVlovmQUg}}!5 zBauK)LWQr&eR8wM(R9Pu16w% ze+~EH=zK_Y_B z#}h)*yG!`EP(@b44K`=l3%(y%Eixc@Ix5n;FP25>^?=^@?n7WD3QvY`nz%%+??2`B zP1}#GZ~XPWt`*DTn}^XzcTmJbk%;z3h1$;$?J0sV(dI0B?WY5)MFzC*i;9@#U0(lL zxebX7i^=ZYjSY)t?=Hm=-m*E%epviIl%}NtUjKoW>%Zg}7WZ0)SS?+U@3y7q$JQRy z$Hgke(jKKPf!qZY4*aRVFR)_t3Fa|Km1fY$%z)O9SrdQGf$)C(#PZW{R0=XIPNWdR)5xF4ua?9rLBEIE#|gS*Dev&M$=l=hpV%J1j|SXe z$FlVJo~79T3knCm$2$X?+vDC3D>WrA?F>h2c0%K2W)&D5*h500H6hv!EPV4 zuhQfvyl8Wl{ebj-C_;-=#9BSDwB`;6uaLp+Thuq;CpO#}ZA505Gr0*}KJ~ryvikw6 z$qH-e^^)VPE<6ZvfFp4o5((dAbMwZ+*KBR3IKpK%XW57EU7<8B4Iq5?0+!)>pyUYO zm+wUQ9+=mepMyq*TI%D%mtw`47u=y#lh1rNy)#<_E6yD19A6Is0|HtfzM~v%ZGp&j z;mbc9lkj~P@9dj?7&V;$!WsC9#rMF`Abcr=a0c>u_|=kFO?2q1P`fTcm((+S=j842 zyP%RDFE8-n%d+&i4|@D7C>;16>;E+D@vV1Z{ufvWp0>ZEH5}uE53_co}C_;-=#M)?JC4ARBDB*ht>dWyH8*Z)u^*8BHT~W=G8Ld5sc#VHm`1N zsx_6(i-=acQ%ak6QfBfUQ=~TpJ{!P;fGE2#Y(+#hKi}?Lv0KE?A7~`wT&u#lc0U;6 zHyu}WgPlXz*tur5YqJ%B&wWq*xz-+7=_#dYX#nTiBWwug+A7I$u1&$wvgd zBW=#ImpvX>O;(<3Ws)O&CnJ1kuyQF93AkiG`^Li8>}IDp!V@-U*@y4Dp)@TGAbd{( zmf?Gj^TQf83Ms{rzKv@64#_c_7T2LKZDu} z3A$ughHquw9v6IVdpr=DyYOXMdc6KTd=Ul|4t$UM0h`<7=@(+jRbJWy9j*B`0K)f2 zSaK$?@p(uje3Jm61(Wc-678!r`3XyG&aw}&m7xeNQW0w>11sTse>f_KokQm)#y%O;(2QN0Q@GF==0=b_nS25D6T_&jnWEnQx}WJoli0_xo+6 zjfz71M}@;(eFs_Uh80)tY9arS)NHH5lJb$fdf=VRb35aMIFK9PiA2<|hfJ6VTlc$1 zy%(Z_%}`dIS8dMbd^bJ@R*MXD<62Z`nN;zeSRup8Z%9Nix5=t1QWH9U>rK)^Fzn(M zz-nRRgX(;o$wPpN4@M$APqzJU>`bn`;BYhdH(dwbp`?xMWpyxR}$t2FrueL(EM2i5kW2rW_(UH_$YUN$Dqlk;v* zP#uh)#MkL)BU*DBWTnYXIL+oPd)f8CYO?aYJ3w*-?BfWwTUmJli3D5n4TFsZoB4tP z#Swn7Im!v^0QVyN?Ya*dCJ{!PfFP1lz*A&a8n1aVGU~!A7y-%ok_jH%#J7*Z2VJ58vNi5AKv|v`9r%zE9~4^p2-WpbrMsF8GPHr=pF>d=-M+gsC=X*~>l&SWQ+2 z`f$lHZ}=|F`AJ@LJ^&gq=g+I1IY(_nDPqq34p3?}Dh|AFzXw*#xrbTl;=+f24klxj z{3oZrEOM;DijST@**5)ua@MtCS=xMQ8lL+>;lR6aUtp!p!6sx?X{YhH?&qbQ>u7l< zi`?DD;QOZmt)D)-!_oeM>lJC2McHoHo*KOzknd!B5@kpI*Q#M2+sw7NO`oW}c_K5{ zV$^%H&c%#)F^vxg^ofQuEDGxHH6IFZ)7Shn9QR}oVrSd*cV7;uGxf@7GrPhHSMiyu z&DK%c{B;}_I~^znH#XYMnkvd(1=Y~n6nw=lYHN3tOY5ljX6tYb>R7!sIjXj@)#~WM zu1cM?9J~&mOC+w%?X21J-{$NNx4%wP*=N+V`x{v`D)s#iO8pl+ar2*T?Am`Xl}`Zl zk(&$3By0r|2R?+i16GR&gz%pfg|nh`?Jl_g4d}PFjQ9@#U?nPe8w2l2|H8F8^P-*z z!zCb-F`gfukcj8klX_7Mm(URFD)McLh~G(4{kF&5(wjlM{@(tR2JNcS=DR}Jdf%sk ziH?1MZJ?uBIkP{$qvU*&vvOw5j<^v5SG+S483V>spDIcs)Y+WnzDxl4w?tsIupx>I zr}DHPpZ65J9fV>8oIuGHhTIJQ!Ywd7m7SWG@iWKBjRo$~L}_x4Rrf}Be(@HdK?qT{ zE3je#JJ%sMteHo(Z0bfJ;aeF!aS;u8`xsX6?(TTq7g8`nz%RJuEu;RtZShTtoh#YvA%qG zqJXt3QTQImYHW<>gsB+49s@T12#G}CNjT>ZAxCDhh{QhSNhtT63p}pxR&M;8@73@` zen()nh{IXEl47wIb+zPURmo0_)a&yG+w`7Hcu zNu>Jy2w4m4As+TGu&x7EM7wh;^K@YTBS;Lu?w>#YH(yjq$8F8k#q1Dil8(19b@Lq? z)cc#OQH?6omqTF--d#h{jttM_lfj{5|G1M8g8Q%64vf@pAc+q~BK_v)Or&7$M9EJ$ z&E_m0#RL##&j(hMpP$0VSLW&>wHUSdJ|uE0cFwp+-6ML5%wZ6&(&Qq1W^H5nhNKR^)c4S~KYO(sH5pdI*Azdx{A*eGLmvq;qf6VF8=o;v^qS)*t+ ziOE0g%7rl5<&|#Xc6o8lV#Jk5?u#H4PI$)VEY~psMA`3L8;@+N4K4b(O&ild%1s-y zkjtix*;0_bM)z-_RO(OP$?m2hv{V6X7}VxUa7)~spZAb!{f=-?O~C67w7=t}gXD^H z`{DRI*nrj#hNm~AO}&ft(3b!k-;6~3Y#;NEQ!Q?&P%xNElZ)`2%~{5+hd`A5H?Uen z;EC=^RCwh|6~T;Ou<{EMk;_luMV}&3X|fR7|K*M0Z+3bEtA!UM!#WX&2h$Z(@Inwr z;$4x5z&9xHT@gqY!VxxS*^lEV1FMA>0(U?~EV?-?dUZhW@1B+dE8Z{`9g7imw%Y9H z_WO!~aaqnH;@=8by@5Yz z(qthVXmgf*Buojpv<4+}XlVm6a1jnO26k9@q&&6#f_l+Eb|_0e;m`#wMqHd9nNNC9 zXeFo|^i7)EJ>=DthA7wnNM5Toj>;U~Fg%TnW94Kd5+M9agcN!q=*AyPfh`V?n(@OG z=pV&ijh_R=mq3(#4OlIr>T3==5|#V#JNzip*0JgUtN#V2@(^{v*K~q`e2hIDWm~HP zbG@eFWz<65Y)iEpip|Og2u%G7Z&l)GJW`n8t;IiEZzZ1!$nn-2X=qf+erO`<2Usnl;H~zkOvLZ-4y3JP)j{Gd9x~oK zAg{Mp;JDmf(eUD}`+$*6#ErbwW4clwQ{Jz_1aH0iU+b-86MT-hRut1)Y@%1}b@Se; z23F3|964IrfVaM4TRgYEGTzz;7F*IU!TFW#cT#9I@A$?L7m5x>dpjI{BNEn-!chJ^hTcl?+0PsP^v_3P%? z`Tnc^^ zHE8k0q{XXEi`Rqf|ENWZDyaVxEzS>Gd^Kq?)l~Y(7oq=0EmBlL{oiv`>Aih$iwpS< zFv1B$*+YSq5svrta*mU(h~^3QVLZ8a=6?L=uCpKu+Ol-iZvi~C+P*g$vKd}0{ftG_3Ee}D9((Rp4FuTWn z-+LFmU6`rlMsM8KR+<}$vF-~cxS^QSB~oXCFJ4T&C*so|d;&tDQgP?34B|PT{@`Jm z_QQ8TI+)G1RDkfl%~{@)2_VX@&ns98m8KQKdb%h}2fiy`%jz=}2J3 z(R^hqJtm#mz9P5EYoT%I<3pql9}nsQAGi6JbrRI_K0X5?#K)(A*!h@c@o{y)GeA1T zE46#@MtFjZNd2Ytzwzlwg9d$abd$dP%?Lv~UIJXP)wgwj0dvQ$n7p zZ`ZDkdBn%xgWej5jgtU;=zk%$O}%#C zTGKNjTH>zF)w=zBRM0(BU#LruN4=oFrcjmshWqxnQFE}LEkxO$fE7>KcMPyM9x86G z;*+F2c6Iv zsgD9l?Gq<$nab%6A0nrz4m-B3f1k74qfa(1D)p=_$e7<@WQqA3)H+k$EoC?E;ynK9 z1Ke0aXuJm!=_>7%+=Hn!TO=G~bC!2v0>Fn6fz`s#XTpK+DRmAo@l{Af2KTxK!bnbd z)aERYVgiV=&jPE3pThQg3oinJi9bgoGPoPn3#%eIp?OP_vy2l#08dB2YT>7_U*5qy zJ1}u?BqE~|G*f9(5k}dZWz3EXMAdFKa`7r`t8$*zbbH;}N*fuywi%Xse}H0nN)5M>7y=QNsxLhW<8p|H|+ z$AyCV7s(_P?50_S!m{V#SqO~}Kq59`cf7&VY>{x1%~|%La3-)?_-SyBX6u28Z$ct6 zxT7`@MsmU`o3rdg;Wc2j@Kf04Phw{XF!7H_LWt*(xf7cwK>Z^6eaknw<&>}Q>_GUZxsotrCsnRC9Tkp3M9E#;N(vX zH+}_{ovCTIN0G~|yasP1q0tqrJkp4fx1?h0jca5+ z2gWuD>uk=l*Qohs4ZBLgS{j8$*RyeGbeH5cDsxm|Wj`G6E>duN_T3t5<)OgjeYi{E z*;^fnqwyK0>FG-Uh}$Yob0r)12IFK+rn%Y|F__o{;USx|>>tOU%PUJuJLtx-I7}b! z&g(~7YkktHe;n`7pG{IIq5S``_a*RE71#go-uEVXBq1Ri5Y~i!O-Kk^ z2&+U$0*HVWZS5n3ghWZeEFiX44c5A}{=jN$ZA7hhM{9Qt*xJ^%ptkmB6>GO&Rj|8l zL4RHB^8cQhxij~k+$03B+W*g+Pu`v7%$YN1&YU@OX70UNwl5213dv>}Qcd|7VWcJb zZ{&Sr><{veC3*V^JP-s>_hS6W4x^_M%}BHEE_zTBl@eOIKA`Uuw#)KwAvGq^VOf45 zBKP8d%i9UIfui1JmgSVCOrJY_JvU#&;h8t&%MnJMa1JHk?$WFCB5Bv5pR%)2dJ29p z8n#Dh5Xycs&z%MODTx}8K?vzepp-E*hw4K5iJtRAI|(ga zvjFa0wx2FRYD}U-Ke>pk#Q&Bk!8TCTyG%b(mg=W(`TEIf!uyaP)P(zxl0r|+X+1_k z;vK$B1=r*gzDn|SZP)`qs+?Ah+xy+k`2M92c9?+`xg2)*|3o6=km_BN4Q#OoYraJP zy`ST~P(Il42KFKjoBhAO7JK#JKo^Eo5L2h{vr~2#0NXpzr5(Hq%oPE62A1PIk!d2e}-N&a-k%xjs2o z(Vpa(3Q9SCs0(uZ^H4c{#jAHECR0g(3495rq>*Ey&o9R+4mp1OCE!Ly-qmDS`X!{w zrf-neIOMp&EiiIC3%M0UU>SZ=C8;5Dd=)ai%MLzC=Y$r>F_kkhS=svu=iY{7s$I!( zgF8jZv09QRH@LGlqOoWVFsHTvu4vXnPUJ@jcvrp-z%oRt#7mE?N;$q3%#01QuvU&U zkt$)mM`m;5kK_3VAFP$31s<$=X$@rPG04z6e6ZsU4UHVOXz3Gp?$HN3*1+BxgoWLG z05kNLk?KByA2~ylCtA+X=3&Xe3|%YDazaFxGu$@S&d^y%?T#xZ>%k2DHL8zh=*?<| zo(k|q_?KN}YPB=8dMcNY(shZxQ@D_Ra5iQkuCXtlj8e5 zh<_FTlJBNg%XjrSDIulnMSZ8R<@?|LH^x3M@8EmYXW+gaiOgyEk?f{N z7(@6@PgSCwgqE&z0PbCu@9#xwOritdM<7y<|1Bd4wt=GFW%y26itj(isizN8>^u08 z_0vH)tP}8tzg$cRPtPvcJKL+ZbRKqerze3c3}P}IBRDI7!^DNB-?^Yo`9cp%j`A6Q+|2qe;+ z`4))xyb}~A9h6pprR(*8aPN{}u)1mIM9P+Pw|1QcWNS1rJ%f~_s$dyugpDq!7np zWPe|G3l2mg%e@{yvfY2d16j3HEbDstgp>}?EdV551pzR+_Uk)^r_c{B`1_C=ljy+g z?T8Sw-!1Q8_Ik+HF^c>hKT>beKB1H?^T=61whn@nNCqLLtGGbjDQsnHDN?)RiphE) zTQAGXF<-o(Wb5q!--dsww@j^8w$!tYgp{t2>N|z4Y<TA##p1gqq$kv z{Mw$sYi0;I+yI>^@303C&dEzeMy28w!@kuAzn zdh6D8k;r;LyYI!1Y&gk`B!nJ`lY2Pv52&w3dXX6fBDGokCU-P_yEc+RB+&JFeW$SX zbUp1y9+UM!k6naR(qk9nF3-8`lmVP`OZ(xHNaO{|{vCc4TVyqah^~yWwpGJr3W?ZI zq{d`1QdjRo{d1Axo`WAL2IOaxB4wVY3W(I5cXK}hJjM&BuHMe5d2TrpV>L~04L zrMgOMlFpp_5&tIsC1*{oR;1KJc7&9!m-U^(R-}^0`O3!#BZ<^k<$Yu9pu9t*zJCRl z*8p|r;778I9u*4_DSCPh?Ig5xU8wIAwj#9$sWFKTA~g|_OYy&D62Uf5)VqvGQI-;^ zF7W*UihUP9lJDeslYBQ1_XPOLb%{w&ME) zfS2K4^4-*G`L3QfBcycI>pO)l->>wSj}b=Vdy%|vjFrke_B*%K zzSF~0XeXhi>nVMwu;qJv0{AY`f$w($liP}I8&-ziJ-J^N2S-TpQW=X6#9 zp`6l<`*S{0Qs}WH?VO4{>AFMTDQuhaL!`ze zIyB{CM81UoEte2%14X^dG=;L12wjE;51yykU+^RAe_pAa%ObIMC;ug>3kW}5!zWr? zH)*7p9+4W8I3OOsk(k%u0i+m|*idJ+ugF(SksFaJS5kookn)@%>Jfp(vk7wWaPMg% zy{S3YdwK{bR{uCA68Q+QxcA^k(oLu$8HAax@8~;)H_;C+r}Igq#$>U*@T*@^g%@HV z#r-3GBo0!Arw6C6x@sFrG2|p5?9^A3zG6%X zI@cpLCd-rVEM5u%k>a-FN8tz{DrIS|S%HUizmr9cXlE2(nW~wPOa?!iHLvZC?Re@bQ7ZER20vHEWxHu zISP1JmO)dARN33!N&TV%z&3=!wsY9De~!fikw|rK$B$$X^|YKJvuC+u<<}xJs2E)j z>pO*$G#i}G?;|xPaX>=fj|dIIw7uhSM1mrJz>h(!x`2viP%*l)rr1{5ovYzUjmh$0 z;F8<1AD_K1eJTcY_%Y=o2?C+(aoqnK{~HM?lABoqcel=>>|ykS%jx_F zQUiUK_O49G-Bh5SjvqzI_w~~>uu*AkRZB&)uAiF&$Ve$+plc1lz02CDjYy42bkOuU zgcdexzP#fk#jty=2xGY?FQ@Yh$S$C8^qJi9?^yFY`pmRBGP)5$*^JzU-s_vQxB29{ zTH!(C22CTmuB?m@)$G%{wQf44LOaR@fT(qctGIp;q}HA2JqVKh;60X1=mdFT9sqU_ zvON<0)JR1ay&1hR68%iJq6_2gZN8GSNhk{!2ui93UOc?S-@uDYRCHq``>NM$o%fnL ze~6Nj-i#}q(I3WC65adAdxpsKj#oOfRKkPrk!m&LDkt~+|0ReY;0V)QK6G;oy3x}; zbi15!R2uA1*mgN(Dz4a(vCCPhj!R-!@Ebl{mb7MrtJN7CB(2q%79_3BN7_Xn1Cbe{ zo#ZQl;ClQ^nL9|&wag=&pTfU)-D)WRJW^v+f~L16pKZWKWNqp<5Pur~5(7OZpv0FL znL!2U`m?@M*pA9bA<$8A8kI|4JdSr*d?inb@4(tUK=>bd} zBb#3#U+c`I!#6QJ!<(eUVV#q%9(i8#QM4oy8G?cX3~Lq41}85$oBX32BG)^^Q3nCt z?9jCEjz}_9m0Jx;<|E););@R}Ql%;(O0WvKe0wBgl{1>iAcVR3DB12SS*B4qogWL9 zR3E#}sBk7Kekgx0;>+j+uf+9R$jmo^-3R(HPNAw8=+h2^CCxzOUV$GeU2`z@9CZ|m zYM|>beW&mQ`oZONejceYSr+=m&p)}0L0xKjRX>|Qb-zjVn zy2U^!%L3sc!U2TYKmV(4F<_6SQ3-XHCf+B)OA8FxQTU3-p-9vZk4XT9CMt5x)Ic?Kl9 z_gM}7M7lZ(erQ)Dw*bdTkAg1ml7ftg)9IAx(}I-E&u2$A&!q{=mfZ2O#<9;qK&v>GY)*!#yWR5c%Z zk2)rMk3J6lh(0!dk3J6lpsxB}Ng3V+pyMB3ph(-V=4>oDv@#fbn4c~JSsH<+1>>g zkG!1DB}k3Q;utV2RPb9oNAou~c`Xv^@GpntU$BEJ1GIk;$)J*SU8nC9o=QKs z@ZAuk#;7<=B?k6OK3HonJ?w|gEkS#J>Vv};ti15O52Q-I(f3`wee#SOG~X8E1Zhe$ z)^f9KJ13j6(~&C6&Vfz=O(mqPsI9rXF2UF5L(9~7Wk?xO8PZ2oX3727yB_qzv`YbS z4gMup=!mF~Jye*kPwG2`Eqfk7YK)2#dy2BqHH~DCD|`~-TfClKJ*(Z z7@4grCT`Rcc*c9j(pZViqf(=h?OhEzfL#Nm#$<7H_X$En-F@4y(A_t>$xD#C-b1@D z*xgi;uATZ$VcVXokQ$@nvb#Oldwj6AyZ8HH(;hudT>VTl3DMQ&YfbuRYQbk@_S6WJF zdOlzmAk|%mA4w~rt)-$F?c0w%r!TK%~ZG zG2mFT5jY@}Bat`*{}KzGc$ERA%BcWd>-3$%7Tr6L8l&RG#0+kF%NK@E(@=H`17|M|<*ME}5*O1jU#NX0*;;~SPLlkBc5 ztEqIx1@Zwn`XXQU9v|wb4C+e^>T?z>!8%6sZ>nXc*=+8n9SRsBdmy;bFVtnbIZx*%Ngayplm zdmNk3nl+y_tDH4!0c+Mm%fWy7s(R8?wa-+QKV4a6kL*;PlfOj8AJp-JdFo-s2X@wM zYOjxEj7g!gu;O-NVU`0veIC(HmlkIKibnDu@wq=Ho9ce*RhPbTxaW~bi{XLH-yp;N z2Y#g3(aP4!Uj~(;D}RBNL8}ucBQ++=Lk3Gd*p)t5E3fDIVefPv{DkgbAWxN5P*bPSagw&WUMuRHzBCLOq;vUA2#IaH0ASk+i zr|%TDRlkbVm@Gy({+fW9ybw4B;z#260O80WD7t1K*}LrEo`=+!EJipMZN`hB3CFn} z4tgCzB!i&nYSVWLTMy$ENR7#2gyZ+v?70Og?mqm;!v^$eKS>bTUXcs}r|U6&r?6em z{m@@3CJ_Pal8sGh`BRf#MDFkLFVT@%hIbumG=mm}wJ#5;F)AgM*ZVI3-AHkZ@gs52 z14WSxf}(4^zEjxp=pv-XWHD;rpDqR;km9}vKf%{2(90+y83az(XY`%I7TFj5rD75h zu;y-r%jPLxfu&Rmm(%$_NR=kwayegPWicPH|MbCvAbB~RqZa#MjWZ>AcQk+0&v9Ce zoGCbPi{c9a=v_rR;B;Q>FAjzcp|x)ERnbv5gVUJSrKbUL>3SePM$s?-gwI|0aM^{* zhZwF%(KiA6Wgl$1srQ@RVDA9z^FCOM_hk;7)&bbRBh^h>qC1s7E)>ZiNV+B?*}Ep| zfYVum)R-(r?7ttMZaLQnx5~i16RDE@Z}-^W2-qupuvZz_JN&Sg{dEEMm!bGUUvb;h zzxEe5?BB%Lzsbk`T;Pf?wav3^%0;S=Y%DVVi1YBJK3L2CCEZ{j2kb^4ti{{JVbiVy z?7NWa?!k{7Q}oH3g*zh28=^yLtqnU+qxz!06T__8^e9qe5(5m#YY=hwZjM~^%a>vP zEr}*SgM?q~fl zVE^fZwLO`-Oyea+NxbU-I|ZrUWoek>!Fn{LEyb$80;%ph@FUwyOMbb7l{_~(Ou7;> zs2E*W>N|xi=?9n7xd*8+i35GP8WCCy;uv@#qj`*DuxiJ*>wr;RX0Q=QY*hjm; z)&us%P}o0qgS`>38E1#_VFXfxe0Tt`^Fv`*aM+?}0K3HpYXz;1!{+`Cupjint}uOk zmk0Z@*Tb4Yy=|57FiOQfg~$?kI7WGmMhNR>_Ysw;XH zE`~xMtZl}850-oma=iQvi_ODAwu(^z*Tt=JaQ#$obUS309{^bde^ z4Xd;*tkq3*I%gs^CJ|zD{ilQ&PYV88-d9A{{}pGV7XzXS|B_)#ak4YAeiV+VpO2(w zf3l+CUyg3=S%7&L^55%+iL7rx^36!<^pfeDF_HBjK=P-N^hGaORdf-)eDMg99`lli z(-G439Y}r_NiX}8RsBzR^?wpDuOVMlY0_2ECy< zjP@@)3OdpD*uNp#Rvn-Ycep zxSY4&uz<3dHMHrU%x{AFM95>tHm%0N}xV4v><4fgqt zHQ0-Qs|=;Q%lZYEGhFbd1Ge4=JId7C%3+I+{S?yfgSCq6P7jveXf74mBY^#y57ug- z$30lZI;^&?0PJ%}bzjDh>`+2O*5!0(gtADe5M7z8Y_qI&IR>dQi2)YL3xo+4$wiO- z1eU`{CwV4v&&I#RybG9RKv|bmlCDO5r?9myTaX%~;?$%J5B63c>|`o{%jw+bhrOsm z*Zn!9K7@Z$cO-)V>H4X@Q`n+8hSV69l3e^a(8N~TCR>hYB2@|?HHcuB-0=*WyDhl@ z8B_5uYkb>3V49Z_EM2Shox*wagUjhWAE_}aMObnl{IL_+;e+c?V1WBLQe}}zIWL*`f8-csJLWac7=4H zz7z3F@h`Eo2GLOgx^B^T3R`q{AT>tC30={W=dk|s!CC1)j8wx#2|EO^zw*Im6JlIA z_rzdJRwJ22yXg3joXChZwpkYcWTXc1-w)Uop|Iz9up}mumWu(~77BZHH`ob)y(<*< zzHYEDJnKZB2!(yF8|*&7{v{MvoU7Yr=)DlI<>q(TZkVs@_l20 ziqLhgzEjxhxeJjRljR}2r5@}RK3JD;}DP^oK>zB`@y?(HC6U$&m-QPw;+ ztmDlZg98{m!)~`dOUMV51K`roYAW6hRu}d zUDC=zB)Z+ni>*Wkjqu1F?i6%Q^g_fX0Qu?V^J-DYkq0Lu`R`BlP(&glbkOPi5K1Uo zS2%e&e%eWOQ{X5;nl=K` zGdHya1WflcloAScv4Uhz09O_`tA>uuE-7$4DvJCatGF@4FBOER*u#^e@RaA(YB4UM zVL|MlsrWD|Z$tq`O=(aZ71~**5nzMYy|YW15Y6#J1)Dlo2`-$xggz+iWs(gv*yp>R zoawGBSL1UOhT4K4a>)kE%7wZIBzcj@qDdf)I(D%sCFMiOQL~A`M zti%aC2aUc%GjJY0NRDFWxfTz`scqESATXg)jap~wkd0DxtXHB;J#pT+NNVcBRI2c8 z28Sd^Rd~KiY)&sllNHJhLAc87?qlTwtz%?ol8(7B6^wejpD$LL-XW6LM*U zz+xolot7S7^Ap}Mq9$#m`38?qpj$`;Ot)sM)bT52SQ3~BETsTYXzL3*9- zdeXl2smP~lwv@_h8YoWiSg2A83Bbj&`4G~AtDSiT6QOnruEgsMRQ*ylSjDhacTmAI z5s+FSjI`nt7ePi#nl0O!b*|J|1u4zx-Me9%fA}livfZ!!@j$4l0^@0rsoN9#7LyIq zhN{70DQMOGiT?3qqs=2Kb$-DKcU}ReTHU3#Si2AA>F7Kfpt5OZ9PjV}JOcoW#DMIy zRWr6+7T~h2byq+n3nC>2uzN1oG9u-adhT7Rj_S*I&r|9a(i4eX;bVg`PiW*>-0zY3 zO4z#Tn=4IWuvjZ2R}HSK98?*(+9{1Jhd^~W^Ndy`0o(1El5#+5nZ3;=N7` z;f1NGm?)I6Q_*X6Q7IH7VUFptl=nX5MKPRxN!KB1xfJT_9mlDZp&K-q*Rwauc$wC` zq(@9=ydPP{d@C5J2>XB}QkpT4o#c@c=}j7v(}k~9Sa4#K0^bA9V4f%#F~8uo$h?9f zH2(HFdcK!EbF))`d9?_A^g&1W82S>908^3DTUZ&W6s-}IC=)wAAR0O*^X{IN>DwwduXIaqWO9=Qa@@_K{uu1Q7wS0dF&44 znyxbJ-X~K*gRf)py&tC#Ql!kz%Yo%Ci&;vK)i`&vocB3U?L^|oWW}ikWKE&ZQX-Li zbO+2-T2xJXk;uJ{obgGieH_)I@BMQvwc!(z#xf{%r3Shwflm@ZTmpQYbU;Ayf6A8r zA~FZ*OiwF)+Gb1rAtl+c=QB1}Di2-Q3e&{`5m zX!ie#&np0T{<0<^gE~&BQ?E&1@n@xl&DLKf2+$x4rv!zYNof{Q;GUs-l!Bm7x;7gQi#k@j(rQhfQL+ z2G=dlFNjcGUqjtkDHRMVD~M4kO8dH&SV}0!qhY>C@rmryNAx(Anc2i_AdE!5A$tg~ zfAH#~WoSXBCf)Yrw=k&X%B&!r0KjHx%s%QBE6Aiuz3I&3|F^wtv$&;x|BfdM1&_*k zKiZrw$01(G>WwHcNug6xcE~HCO&Y>-SWX=@aXm)u24kfaAr}oJQnmu(am^2&{)D9p zl?>Dh*(Xuo^8lb10Rj6$4@v_$>6oEb8#5Nz+1Qsihme|4s=Y(OU`~t2E-f!HOf8 z+Q+A7r$$E)AAR1COlJ@rM9+F%3Z@daA31O?KvJG_v|SvJM1D;3vQlso<|j@J1G*{C zKj~u2K-a4#VaY96MV=7+EHsyR^>b8fm-~3{w1w0&f*d{(e2~PNB-cA=&+~HX57I$x zc)!I;Fakch=SV}P)}>gx}R|1V<}sj5Fa z_=FD@Wq)zXe6FFtI&@I;Z%!_LUklVoWD~Bx2PigE`#&7(^1!nim|#=`|K*I1jD#k{ z=j2>#eZnTC7&QicB_*K4#grc>%67Z{0cP8IjZXIlz{*tVKrwuHuM4YH@d3pBG);IHY~>s|jEjTGYz7O|8zKQWQWjc6TOMf`d{0HrGe_4|P+ z?*m>QP^<*Swyif&j%JU)6zo`E8Kt-PxVa8t+v}2QQ4Y|XCBZZ|k=ldt>Z(vitK+JBmd&!*N^Slgw=k#*?-f;=97?-yaFGJs( zSbP0L%@(g@^l^Ui_V9cjf4$|A z*SD0>e-(?bVsTC%$JbYTix@udu>~)g)5FJmUvcjl5)a=*FQD(dd@9SAJD9#Sp3n6O z*AJXOyuQBTT)*%*udgqBJb#I=Z4~SaKd+CskH`DMH=EVZ4^x&gzV(b=mz7`6@_BjQo~;a?^LsYS=jAV9`NLV9%O8)= zWbmad&gVZqpK*M=em;J2!Ygob_~t-vB*OW_+t2N{Oje$+f4mpqcwl_~<@kAgu~$&v zIlubi2XF66hVMKU=j#nFUz|Q3FJ$<5`#C(92j2gO7``eNU&h7*-t-u_IDdGY)6d#mjSfMxI=Kglhf8M`bUU++X`*{0#d$CO$ zxOhH~bN$Bob*Ax^1gOKgZWia`<4o6ort$IqNMY?6%;J20KGXF4U&F`eBR-yZKG&Cg zJfFq-D~HAT_~zr4&zD@@S228C9&Tp(+4r=kEcr&$&)d6%wWqK4?dhX^TtD&t^9G-xoc6{^4Gn^>IlcQnhtg2nlK`v;cK+sEahFMs?enLKlUCbyUP_*lc};r!tGiRW{EaD2SK zd3oMnJfFwUWAvVG`QkH-?{w+;zh0i}TkbF5>k+*M-r65}_|@2h@}pT{}AzT&(+I~je0S)A9$`BTQ=xxMr~me2Jc zx0kqn=l0zShL6MZ_Hli2HY>lC#jj%VQWod*a{bTemugm?^N;hF)8AM7`>K!Q$K}6};p63R zV)Q^tCp@3i%l!fUh3EJ#4w7p=B;h4<_|vVwzx2M@;9v9@ zqwkzQoS!_-`hiW-cn%GZ0K})#$s7&>h+D9RVL9^VvB^4 zRb)zBY(f^bmAkOe1XE(730b&QlQ!6dY?>8WE0mUIizO^%h1Z5Gmaq~wZHb{JtgOXi zX|bWO60;3H8?t<{p*#a;X(=#iXPZ#93EA4Fn6zOgWU*M@U+bD|J8o^rHqHt{swq)v zLYqwJD^|taWP_Vc{@YB*rWKmBwIs+pX+dmfKnBWYK)YqOr7EH0w=$9Tsr8Nwk2LhOH*oHgvX0vv8M~wBaUX zyTpcOn%q(ovTDXE5?jLJv!c~t%G%s!lV)kQ^x5el)4*9fVU|g=YRi_jp~VKyQXfXC zrD~-qah?g;+1&Ep)?q`1ri7)>=2}i#{vEP9p~@6~)b{mAlW3{7A&Waq*V`_cnsE`PZLG~Q z#=zNW-RdH{&brr%;_Fw5ZHNu|DzA&bR&Uu>EU*+qygYsF}_p&+bF5+?VsW#&6g zqSaqZO`2`7<(B2ICCd_H3AAL*G5Bnn4cYNv$?t!O5>v-U6SBSDe|-HfVOySJC>U%) zR+IG~^P97T)ecr7Y?>WER>ICQ+{iH@D{EGotOl~Zy2_NWoV?kN!bK+gOjm5lT4L%5 zBW6z+F;>bgk1QHH;%p_hgbi7)RvHqlvaw}tS{P=l5^Ttp4GS$awb@)-M_8K8wS9Pt zRW`n$Rgrd#*!kSHeXlLO$&h24H`=6KVM10_{lONt^jL0&tz|!HyU{L*tQNODzsA&O ziM66`(=4sFgk_zDvkb9mHguk;?PTGK`(5H>F~8a2>`=3&qMhPv4PSgqRI5I0*I3cA zI?8tD8AoXQI&6VpE4BpMc3PEUu~>nhWLj*~!tmL$He^eLg)9X-O&xhSOGoTz**bV=jFF1wyn;NVLSe-4I0}L+d5lu7=d9} zYzd3SDkGa_Lv}QuESxpTPPWAVFL0JuwzsTE*gmQW>D5b3nk_NIq@5XjwpVQ^Y|LBH zo@ywVWl(qHRTs!&NdDdbXWXjs{Vd=A@r_8`vePOv~RjRGm=Gu_u zz11c**HUjO=zj@2ru$#^|89x%P5;_ZSkKu0Ei@%8oNo`z4o5r7+ODyoJ7Wfql`JcF zcFfx}Tc5QEd(X8cE;hCGUgFJ}>+`*aHOV&4vd#8Gm|C=J+iJrYi`h;!7S5)HVYc(U z4Ot^QVd}7HEs@**OC5g6#9=ag`{uRufpnuMweXL?XnyL*JNMG(-E~I085bBZLPQk5;CBEh zjDF5M;qKBfk@vXM707-3bN)a10>_h_Nm-tG0$s*gI`#0o*^1|@kzxSH^&t7w{QarJkbN%(=Q#M>=5OqY@puTkvqFX z%rm)z{blb%ZgrPfZE^!G`T}wbJH#xV8yD&Rvj2)WUHB>jIxi+t{TUc8IwM&G`1gC@ zn;LHy6Cmayet{=4nf}7B0A_T&T8xVq;$9zdW3i+-WLO3ch|$wga<7}DWF|05Uye8( zag`pB^N(S0j_VLp^vF*R3UDV8J2C`a?-^QX0}R=ZiY6Zy1@S#%njW9YBE#Rf2S`tJ zh%&?O0N=iV+zAkRLui`6?3a+cpi7i@h_gF9&IJbBR{#JRnq_hW#C0KeM0|l5StUkv z2ywzg5n$EB0LqPLi^1ri+zznZO*$%B?_tW+blv{gToZBHb92MuH=QebS zx96)~8W7YgB4$*L`#45TS7i;NuRFsjt6pDA?CX9dw^vQ>T zpcLXC&ZJJFvrEiAF3OI2f)N-W`v6efCFUI$3&H{J>I>jweF5AX0uUHvp8&wDF0tsi zILpuw;P$5gz*`ZJl+OTQCdTn`vDjb;uz5cK=5>jRXv0rzgPyO#wd_%p3~1RvQIt=@7^Dd=sdugW8{p|l>oQ{hOjUM4ukQ)v(qEC? zGnf8`+@87gca_@%m;QxZ;*yB(_QrHzxO5~-UJ&P!+^Jb7Gud2=BIiQubjg_pxAXK& zlOkMy*LTKY!5$RZdMZv0&ify6JR>DlO!61|Z(l}09Nv#fE_NWkMR71i1SIK0$Q*e9 zbAOwc9T58aFsEf4Fto73Pr@c0w%aQhzS`lwJW!p&3f8Ho87QTdJ-=uXNJ z!`;dp;kf5!i*uqw4vD$(17aa2@lo*~iHqE#EaAkrh>IQ)PLVjr9XD8%xRbL*28K+V z7*3T!5awjz9>b_ErF#-gMu!6Km?2`}d7`{Z%xx1F7?cYMN;i+pB zIqvLiQSu{^u}=)&A_ndgVv9(Lj}c;r$k`&Yu_SJZh;G{;^4xJ*;+^!93E`-GyGls(oKPHuC=mn339(O1re;I7=6bEo-vLx21Yk-2q`pL z6{_u4Xe4DUk2dIxIa#u|A!e0gIU2akZOjzQj|nF_6oOY3-D=^M%KGD1iz>h^CAcbr z%aL%~HC!=q*iCu{Yq~@xWG6Z(z7I6EZV)Tt4~vEF%p5V%ot&eZVg~nA#C?N%{17ql ze2n5R!Ht3(4B>jQIVn0ZzQ>DgOp4#^g*PX~Z}r0d^yNs00FFkxvc3GOB#fG+NUJhw zNO|#DFMncEG(|2ot?n2WUyX5jP>eY)rVv<_m`%4XF`jNm#TdE~nNd0I$J)dIM3Ry= zh=P@3!cj2x))4ZEyf%XL$%&JVoZRca=j_mL{qRBMRT0^F_9d7 z;L7qtRB4i1mIWCsPKrJqac7VbaYCdVgWCYo2}vFIBF!%sxKnaW*|NnFD4PRKi+-ix93g5K1tg(injflwtXkZw<*!d)U`7PV{nzz z+%SBvs6GN?f&?R)j(lL z7E_{akfs0gcw?zTM2}#cVo?n}SOGh)TvWu{#EPTPCU?KJ z-ymWq;3z8+S<$^$mWvr(qNqyD=>RYO>A>T9K#c8*<)Cd3Ur{Kkc8gV2u?*y;V8fw2 ztG+9KB$gU|2PV6}2$z<-4ko zFD~2npNSrg*|bkB;lYjXxaDH*0kH^ct7rz~ix>ll{X5Iix|JeEn$V5@MSwZ9=zrZx zWJX)Crj|>62zOh#Skfg{P<78?$)yN%qfcE1s!l-c4`W&Jv-ecJt_46vmGUm2vYSwu zbQplRspYiwv#biiuVZj4LervO!0?R0+8ZymS>b+U|Ih{7$UpIhVaSZOcfbkaqZ-0H zAbL(YdK_|{dCsY2lJa`msp@i9XLVs+@=_#zMA}tJ^|7%qX`|o1Vh{En$3T$;_9&{$%Nt;M=D~x5l6!kKaVb}V6C5NzJqw*BF(PTy{3}j!+f9N>J-8`xzHMpyL-1Rcp7TsTa zs$6EsI+*M4!zm6{K)JNp1(8m>Pq@`;M}xtA018DQqosq5D&v2qIuqay$EHG#E27gwtA=i-u@`M<=Uko^)Je1i% zfSa-$F$B(*F6H0N4tmM&Fy2&F><;W%Wgiej^tfTUUjpsq2Ra*PGBCOA$9no^;dY5> zE9vyZ5S(m?kB4jKFf5s^A_Mna{3pk=-4yC1hU`P=5WmA+ZoJdO#BC$A9f4^ zCX!#MpFrSPXdxhld*6F>es7`cx7_g8fVH79-s8Ibseif!f3fx^>~lP1+-u{sPOQbi~Cf4CpOySTDT+ykzR_ zR*dgS@Ec>3q)n{Shr}4n7qLY+{eT!$C1zpwL2tz}m~U$s9FaPTRk-Szp+Ob#b?o;+ z&5sDry#cwgYiOCDavzpT3PZBU_bZuSqHn9Q;=ia%yc5oqnl`VVfX?~>Fb##8g@bTX zIsHy97t`vMF3k&y{aq0I6qv+70Uxo zj0tpdV4`Fc_Jc~o8Ff&@VC()U){3eD49}asQoJXyDcA`vIu94j$`vL zUt}&&TpAkW`F~#buwmMXsXh&c-T~Elsn94s^Z5(Nh21nAo`8A}ARwOpDYYJ+u6lU7 z-oPof8*OlNS3v4Pl(f}Ys0UWgL~R7J0|S2pJxKjVSmthA;M|UWA8XAa)0{szuIjfqk>gP8hU1#kl+6 z{l-bZ-C_Z}Uf7$uMzy2&$(fP(1)N46eM00O6%&to=61mN`~QMV`Q5q17T^CPZQN>X z$L+&j=n-Xl_sJ`^P`{TZuUBvs^RO6$MKlgM9553nTY2mO-)G3BX6^|HwS!&DEHP1q zrsl{kPE2jt@e8m)k&Xq3h~MXqBhxiIC_o3Wkv9Zq;-_NwtnjE(@9>2B_1`lCX_2!) z6vg$F+q;0U5qbl(=Pb)uyOE zeX3^kNfkTblo>RKzJu=bt;?C7y%&raj!kF1YG-9npllA-fTOT-#ByZ6$CQ92jN{J7 zRWGvROy7=sP7ziqnL`7Bb_CXv@KSb&?EA#vE>X~?@G~OFIgw%KL6-Yp5OFn2$_Fyo za+!2h?kiAKMQV;@{rPKT&&KY4nY$>C`lMU)P`%-|aAZV-jjF)3~$ODPyu z@OLnH%MW8WTP$%GWVzXddw5WSKL;x_eYeQb#u;-s+=SfGP?XqT(MN$<)4l-;M!=h) zjZ>EUZRE~;m=0$qU#pr9ueg8w+yj8I7(aPXwiETKGKS-K0LjAY|ENf>1`G9pHwN@^ z@E_LpNZpFw<(<($t}HqfSa?*7gC!eI#ZdqaIV`3eB|m?m9_);WhX6ASuJ~{a&mk8Z zTGRDvnw6y)5oNu#Hp~4Pa#LS{Td9bgh@-niF81+{sV--r$DsVCzA7?Lz_)^>1^6YO zFk(>OhhXF!guhE_#VU~}?-!^w!E{I;)aEszB@X~U9WI-AROB5MWpRDlk#U@PpnA_` zwga8_i|rPJ_S0dNn0E8A>EdVTZ#TY3SPWDky?Bl2N-!04zK z!>h&MUy~&=i)yGB^XS&5rlmHKeWA#J0@@))B8*l`cuWH0cZu2i#dvJ!+@~}->&NFM z9~O!s?O;MNJrrR^2qWmTfSeM4fJ}90yGhrO9GAl0!ATJeD>@H1qFrQQ7aB5_A!#F& z&x%1iXi+)hMUk-|PP<0WX(v3E$ASxjk3(VLq|dM}F|u6o4ZDT@5l>DfZ=2Tx2q^MT zV=j;zzbcoB4s(YvmHvH*4%-Y?y~D6D@$7!)*7(;0+Uhp&Q0-SMtgma+*tWx`Xj3Qb z$sn1bw>AQd?2#FaX%B(na<@E`;oVpjsN)Xwrnj4}rp-4cFIkJ<7|x6cPU=KNQMeoa zUdS2ka(KFhDacQy!SfPd1)Hc)W4|!H@a8RVbM{{C)iI}3z3QQwWc^tD1R-ZbLI-*+4 z`=v;OZnGgO?uyO}rGgv=z z!i)fBO0cq5!M%ou6h<1adtlyUm|5B0bNhvv(cEn|eiM!nX1M&Yrzh-W##@FI| zlJW9HPrQ^FZysLuF14>;E_1Bh4LeGm#w*MAoJIkIzB@qgw6Qf{?;GT=+d6h+P-I?$ z`zQlzVY4J-tKi$A1&ioN3?8*mCO!i=1^{e};&BQ*^p+pKE!xk;GOOVSSYix`UxvxO zT~RPBXgK^1wr~y{p?D-7NB>5>9naC$le=&5{UQnHJ$_8*#&bmSLA3^cs~42-fVOIT zby@V)3%v_F%VnDBw0bZ#cslO^*p2z|95D#)?{p$WL62;PdSLFufwTM*qJW%-p#Wcp?30^$ zushy&Sc>^^egv;tCdP2UXUDYJXJC=!VLM_Z_8O$OD|YELY@5U%MiHl-^y2mk=z(ai|%z0U8@A#zuF$`HG=T z?LG#k&w%%|W*=ypsSoI<4=@XKdlSr*{yDr1M4Q z`)FS>3TOIC>?d!5C36^0e!fFYJ0a4rU-S|*`<*g_PP^vdAC{V^I4GtbB|mxQ=kTaF z(xR8w!#?`3nnPHhos90g3lE*F)JKlfgU6oVN2mDZm}0&4Me6OtwDB|=r+DS@&Gevg z`4su{vF(Xx_1`XXuErMBT_FFlP;4(@f*N%~O!D@^S!I7#*^_(7z8f|9Hfvbn*D{>= z5+#;wi}FECPU+Y5w1L@s?)RxI-X#^j`FR~Enu3kN<)Bz@0gVcZ-ChXgr~}xY36(9{ zwH||xoe5JGCl<~*qE6H>349Vz^B$IuyqO)+z<~TTNc8P&vf}hEz#JUH#l|Hzi!gbC0%eF!ez-H2`+t)u7ry^`H`YK_gs68LUXd4fs6K~Rd zt5bc)MqgJkq_Z11!;VF?}+V^qFj{-2w`$0^d1z3#@!mD!P8@w%x|Fi+{mXeWs zU$3h?{^#+SY5K21)F;4$5sTmHO*w%V;L_Q?@lcyM7`4yyOa#`7-4L*O*}oOe=K7Ph zH41`*{xd{UH08KR-XJDci#gEPsm0PmDh)YSiD#MI)o;s$%@Fj=o6m-2)r8qC$3vGX z4DF-nfMGb5Y}}`;wLgPhvk=FB@LXMbm8irq+m+?&#hoLA$L;MqBJVcKN;@D*77sbTu#G)6;zK!E; zL6hDtN@OG_ItIrPa;xbrLs&G7!s|ru6SEHB)IuRWT9r)JA#3CRVs()Iu*k$ae^9-* zx_nDey!Gs<2}$K7J;n>Sd#K6~o&g~`7^^3}Tu&c^S3SilTALE}Lg zd(2CBI|e_U1s{O(44xVc*aN?UQld8?=q+Vd+{@K#QI`8jj7<5)1f`<-%I#hKveJt1 zb`V}@2oE4o+hl$RL+^6M=8x{h83A6?PlYjWPOs}3_G_O}*7wo1p`Ax>H1YOO*}Efd zf@Bs!Wsj0?#>1P?@ZMB%pt*ReVN{_gIqIES3|Qr_oLng;D80Y9l)asld5}m@@D98& zZDPtHZx97Y`de`QJtpYvp_A&PUM0sS-nowlB<&_;{^!Wcne!Z;hJK9pD5ZtLDknD& z9$_DZB_rOjb|F2pP7aoV9U``aJq5~2ei0>c4kb^I4K|_E`TT6W{pg@lIAcWMb+-GF zoA)@@CtJi>@{OK&vIMUUoq!j>?50EcIA1OFBPMK5`Rg$!nxZ`=%!Bj~5R?p`>69Od z$uRm}5m|Q;SF+&aq<6NURWX<%({M1Gp7MVMM%N6_Y7CJ)zhI>V-@rj;CA}D?FuqSA zNDmq_H&EM8?in-Y)TAeCm!SzIhsbd|;#zw6V_GG>w6p*Q%JloOQB*Gq-$f^);f$Yy z{m62WQz`J4Lx5+0PE5wbMfH-cbJ1$NkzmPgG4vXdbOrXlcVTlX4{yG}r!wdTjL{;<9&YjT#dO^9W>RsNa;Y)l_$C^X zg+=ISaGef*r_p;#D3gZDML0Z7*c(7SRqO8eim?q0gT(Kh-e|&hbRf29bvM zN77z=G2Tmy&m`!NhcNZO2UYkSp={bbSrfi@?NQn z+6c%od+v!@6y3@OFf(UekE(ZG`0Yv_i^7f24P7w$fCRF66cb4*O9kHQp+ta33JyFPe}5!G2Q zw>ja@rU#&+_419_Q98yQ!wdXqGD=F)E^hXMga5|K75)B+iSqpullF+IRce96j>WQ9 zV)Smxu(DlfG9I@oY7^6|#GoUh1TC1Qmr4wjov(e1-a}&?+tt%g9B#`M(Ux%Rs;Q9Huf|wjn6VbS=eg6ciIA0LHCoTA=a&Sn(D7$uo)~2 zLx945Ha}4IbleGHg!S3>J^}jZ9egyvzp3*N7``#=dk>;Rb@|v`lV=y$i5s>aWPd5CC0@T#S*M} z;9SKgl$KP{Vsq4D?>Ow_FVMS-khJI}GT@W1_tr&$zTJ(5ZVI+3QxAx=WAq`FTzrWE z(AqD?n(}1Ci4M@q0Jd_V*WTs6Dh3~-H?Db)8#9mWqZpwjSnqsH*~ToF4)qkqm(khd z!C3n45hK=M@szSbl;hxmUP~~s@3vRa^SIFimmL*ihqBqC@%P|3R%7Y%;bMFqEp|dF z9@g{&a$%K&V?0H8L&F9TD`q_;k}q)c)e0+M#ovV0TSk11h+$cUH9aOvyk3H4a;H_j zP6_L`Pl)8nBIgC>dFbq|Bz-pl*glIUdDSuh*? zL+Le$3m${U?u~rG_Y4sS<{BAKxPf9G4tt6Q^(L>eQcwb977P~V;1@834ku~gf=T4vE%_cq1 z->DBBF_mWy8Ja_`0oBm0a6pc`tyKeZA_pcNjyN1TRsS1n9vz$uehVct98M58D3nb6 zU*ySKZI1pMCGd^ob}t(7o|90wZ1TSr3U%ePFDJx1E$=ob6j{4q)QGHa z3ZY*f!rJAZMs9tJY4TxOIFA_9*u2wi#nAg=C@}5xca_(D-Z{C`Cwjx8=PC7&H+2Qb z>*qqMruCfF}lFCGZNZJh0O<4@(dnem^AKI+1%JOfmhAKURiz%ZEKIh945c zuzJw8V0!Qq%=7}h{Ay98pE*25gEpkU1N%m7`1?;AF`7RFdhoe|Y<&2x3vV&N!xls*Z}EA)Il59twqI*$!Dlt>DE2kzSuMTZJxMUu53fPN$*tJy-_6MLs^I zUZr(Dn~Z(|yI~@}&w#oKcMfQP{L z_4H7Vw;`|3(6YKdl@1r#K{4~$kf(c2LZLE{C-GYGhE$4q*bu|JvT%L_iwnH*?`APiehv}#$)x#s#V1QyaYPg@jU&lj4Vrbsd!_)+M<;G22-9=r_V-{aru{c$X|)}_Z&WANqDGuP%g#6#XL ziu^>aJr%(?!u(1sx1Y~uveN&;7SBwa?Ox;gnEySj?DHTVBlGtlQy<*Jv*=TCVsCs2 z4hZ7?&BhfMSaH(s240a*lf3%yZ&Yvp(8s9zx&1RnZvS8s#JhXvwbM*Hm_GP~8_vt> z*Z#20l?Op?_N#Py7G>lscfAuZt?C`LFimhgHhjy8Ug+VkbFr+G%on`R8{e-Sd`wop z&#OGKD$!EcTGz6pE>X9&uBooMtu;~8mZ)#p*4!46nOo~>TI(W-3s+aKYnziu)LwR3 zadC0Urkd8q+C*zxOJnnv%Gz~p#l^J^H7$v@mYT-4*2>z7bv5{@nAK9>*u1%7O?7Qk zlSDDQcKh~C+geIjH#Vb4U32ZW&2^jCHC|pyZ5DQc^zIA=8~o83}J5Fow24uxv#D%U3}O51jAud6s`-K+#vMIh60 znqRxExwUP|glYMzL1krYYFb+B&f40DCQO;IP*X4~k!Wvjyfm@BtwmAc)mFN6+qSJ0 zA>^zpPN4eIiZuu*B(rza)wXSGsRZy0Le^eK=nUPZm2GuRp_od53EcpGR8-7vY(^)y zRji(uNNj0tm%WJ2Y~I$=RI@eF*jCq4Lv^gF2K2f)DA2Ta-4c(FGZHK6YBnd(<#m#c zO)EFeARbk&Z9spl??z|o_L|01pm!$GJ3Aq1CK8HEA%At~yPDd%L{0l;Cqew2#JYJX zc@COD%sUl{MTKp-@jcpAT4Mc^n$7VLy?M&2c-MXz-_Ex_of;ddV zwYHiV#K({!o@CR?a7p5AQUF!|V{D$8-c@AGO`L-sQ-a=K?!^Mb*9E5Avl_b{SpIE%E6v0w&1TjrC zqoT^Fwo<8c(3M;?_Q z_NrNHcWk1uUD=EdlPXWs5Yj=_4Tg~7VxM-WAwBR(*`|H zU_PLEp_mxj*xcCGShE$gZ=$JYdxe^z*R^>QP6H+n2vjLGh?qum>fHMF=GwN#ZOxTu z?@+>q3`<#w){5FpC@b@;ymFd2HGt1pkjc=MavU1vrc(2f&e|53(gOpj*N&%gq1zBH zHgW{_&`~H{xq97YD@@v8wG|~Z66+G%TefYl*;3P1m)O>vXx)kK_PD`B zzjrH1Ns*jID!~wNr8pstGucL@lR3~*x1$cmkkOOn#^xw1>t=J5OG`@izGa@7i>O*ud0YT4sx`I#Do7m(GmEb8t zJ1bz#P=Y03gIYDfG{Sso^n9YGWlN$BNi(rjYOTZKlg!&09u_;^?3604f}R@esZ-2A z+qUmY$W>xZNx7Uv?6gTbW6Bh$3~wIQ3EtQ|S^1x}scuVSGuYFdsBMLgt*fouT-WLi zqR^4qEA`vkfXlYoXu(M}&D)xHHEnBe&2O%0s%zbjCDG)vvP!I&VQin_bgNcD@pFpL$`dty(hsV19b* z@^HmV23e1z5ldz@p6u!#hPE-EFi`x~ue4{_0F%~l{kE2!H7%QaUG9*>ggQjeH|V-x zMa5x6n&ph-hq6tr<*k=9=r>OvY723e^cI1CZB2>Rx>~SUjc4BotfY3p4Ya1VVm)LC z7D*}Dwtm~uXVuEl*tg}^tA$><7ClvkYNVaEKCx{3IjC0Y6=uasouRt52cZmcaQWBi z)MQ!)gbjFW9RVP8jkk;}(?-1>(Y9N8z}qxM>ZNXd=oc1ZnOZ85Uq;&aWQxI0AQx&V zJKO49?WMy^w}!0`Dk|n`u)2!1V4k-o2yI$vufi^Mna`OA5}5WV!7`YZtS8~qo2_~d z1REKZEv`V{VN8}JA`Laoo43}T1%0@!y?Jw_spgV8>3eIhGg_2XuQsj`@_5?w+O0Q* zX4h_|%6?Z8z*^|nkJg9TlOWJ!EgOR$tOz{!1}S55{P_K|WMC#x_uXGU6GS9dA7 z{=x;gX9uG+o#rO2KJZ&l6`R&puU?nHLbIEf5i2J0a#H?TSU*7-R3J*t0S*0bkMuCt zNn{Jkj`(MDdRPV0&FYIV3OQL}wJ=DkP{UOlN$729XEwxJ8SIIe4(wV7N*w8$nq zl9t*PGtrT9azW#?>LzC{*9C@9IjZDJYAq?1?!InPYRcIydFJ`lX+X@X#oAHZ@%`r| z>H5vI+Fw(P0d!fS6|R8@H9Dw{wDY^CMX6lLdeTasbGdR->s!y>qM_)m*m__#ftd9Y z7%LG}p0wj^W-$p~TSLpXop59+m%m(UwzR{6v1zMf68HEk^TN-nI?coT&np%eKpL53|i$ z2BgTym`T(W_sd8}9igr5wSQ*OR#%(1w*qfgVp$!ed)qGfxptuAb;tCmL;9Y}{WWy+ zuak2pY}N_tsop$>G(#xcah-orOw7Q#gIa>kJFb*`O=E_Sv^=CR_E+nwnW{8_nF>~1 zV=ER~o7=Z;i@+YI5$_Fi&kF5hsC!`6ITGHvy^3;iF)aqH&sq(#9<{78A3VpN#EgY5 z+Cv^a&z;xH5bb>jk5A>;8ihqycWIA9-{-(Dset~$a3UK3jj*$HF&po=1Gv|HIUpN6n|bovKQZTOlH4R!m>Bvy z7BTP8#I2_uSjtielo!G$JRyeI8tgx^wOmD0V}-Y32(B2h`1Lz+U~>D6`=*ny;bjTA zOzLsTD+i_LC-QdnpfVF`9^blc3l1IBwX|$&p^@PkKD1EA+I-W=?ATk~#I{R zJ~4-5ns02qn07^IeXGWIce6pR<9jRFpTF9&?$WoMjxxEHP3Pu*~{>jd?ebw*D z&wmu4cxGz@PHkM0Xxo;kZzPA4(v(csVIP2ey0qC<*;qx3>EJ>-Y=K3soR&}1oH7y3 zIS7Wkzsn-pZUePy(+Gz=G{vRO?M-zpkch2~O?2vHYsKu%jav}X>f00T(_$B9x+csD zv;bY&*j&@H>l`?nYDlpW71de>i;LIQHPtk?HP)`L*)m(5Yk`M_&9~@Ta_*VqAZ%qS z^^9jUs);NBLDQo=4biY|>t^h*Xf}kLD+u#fV1&>)oY0jqDKN4-!qqBNV89)r?f-?5 zhRrP%SS?`;w3um#wh}dAJ=#&d&z*i7id1<`LV8&fIP_2}Pef3E22@Dz&MZ0hxHC(x zutNpk^Gf)1s?l7p-&u&Jzy@Gz!?u<-%XF-Sdgudhgmu$6eVeL*#fn^dhk3ojB&oQ> zx?`m)w(r$<-{j1}CKR1CGy3TDK-srvl+6UmQ zJm9A|OKzT?2WGDxJ$5KWHp|no+7%3Kc@CxutpGxs+^Z3<+8xjOnRF0n=WG>LP3lB}c2d1NJ1R_~MyTG1oV?V51D08U9D<7xghb zD@sqn`YImt0HjnadsKaG)QvqI@cE~%oh?yn@f1gEn9auRmp+dC>HR3uf%2r{sWKXy z+)VeYL!ObAI_2Im!mibJgKslh@9%l$<|%7*sb72#8JH71lFMfty?SgQM16DBFE@KU z&lmg+SaPneT)ke&Chsu6|D=!UhX!6>=f_Xk?WnAEa*g=Za&KM?5+!3Fg|(`eBOSi= zI8L|o!wl*$j7dEchY!uU|DdAktLN15bm+I>0#+}OJgY8bL(`f7C>%QVVh9Euh5gbf zvug3E)Mm0{&gAZZ&+pY^&-S5Uq)`qpHat{eOLM8`!#0uo?{=r>wdldEZZ3U17b4ZI z9&f=O@7=wms8^;IH9#s7eGGt|R`HGm;KUhOr(|Mvw}lx^Damg^IzZyEXXLyYlG8JTiwlCHD2r`TQb zemi^b!$Z+C`EVcf)6;Qi@|^urwQAL>D!}^1<`XvV&FT2<+y9#U?YCcEy*>H$mx+(G z6JOdqqIg0mEZ_T|fVKn*-t~sLJEo4j94(GI86zY1iM9B9x0MDgT|E#B2<1dvEFJ)? zIu!%)lP2_}aAI+C_s!$I1?th5*LsQM_LPd1Z4!h{qNA&a9G>{GV+3~rrIz!MLvak) zAq9j>(%kkv29u8rtW8%X)?;?RI*1E9q?XOWvAbKC__?HK27sMo5%H*|lg@JQ zXKP!uhHw^}tYReG&KPuEBy~O200uOV&*i*2In2H!uIr&ZNJyYSj=~5sz3*!(3oi29 zXJyV`pKiK&88tr}az`hxnXwC1w0RlR^y~yb24Ti{j5SByp=6vEmnZ)@yQT<4trY*z z6}cck&UoJnZ6_zMQ6zfyJ=ZHf58ohTw6#1~qF4D3Lk+482`{7~=lU~4vS*CTHR}!o3zAU5UQn1K( z$1B(11@1Qrm{*^$pC&NO;-LyZLeq|gGE89 zPs8C}pMa(e2TQ2|;YGUo)uLHFGwwFh+3rw^9<(CrSzLg#)spt0Lu^5l_l{}kS_MktSi6K=@}OpbV?UK@Ra+<+;zT+iWc3jb(Ay;Z z>}ShE9Rk6p)y`T2s1f(W!G{?t+K}JC^I+i{Qs;mr9xHba5p_@3klrI3ql&1z$g|1h zZoRpFIsZ7H-7|S`_%IqhgWU9Tw!<*ygBPb1Ld#Ks>~imLxkH-<+r1pb-iTjE#) z*f=*zaP?WjonvmxDn?NtYD{3Wkz^c?7ax%YG7J^*{aF_k^cMP^DVd4%1Umh3DNjAQ z=O0mK0^&uJHQ_6ki<8}ng7!lrys8z#fJzuWy;xkjK1TMuXa6=id+q#Vk1eP3_qJSf z2H4IXYc5eoe6K%WbgKaxwl0lq;~yVjR9He8hs{pBk$m~CL0w4l=E#gORD+rpRR^jK znTAfK91^iu%Gg5p0NBokGcRtKgKXnv$H#2LQ8y0&c_ws zL8}vfa z?aQB{@3J3jY4H!J`;S#yZ~hJP>^^%v|AO$(nS$As`{}Fz&Fct)M}#f4a6B|h<9$63n$Yrmqep&;nDLoVCxJT zD)ez6i+KhT^d-{eX;xXCs37-`Uybngpz=cEy`W z;%_aYcRZW<`Q?8i)-2X z0NP9C<;AL|C3HTJ!>%qF|FGu_a-LHjqn*Bs*36nFO>WQsL0d6>lqqvQz~?U7U#4xO zl$J!jMc^g*TvzJ@sRBf|HM}4W3j^S&nW|P_Y*Db~+(ftOf^c;3c4BK#^)i_gw!y}t z79<8lkFqn~viLQT;K*J5j1(T=2XWj;YXu3mFl%6?6KC#hM@R=qP#jgCH^HGMu0PBe zeQKQ97cM_W^K7;D>;K!C`(P*@Vdr)IE4WPV8@pu(C`n;{qasg_q~Ot; zl`wtFT#^7v3EbrJel!0#`GEGtlgsPrJJYup{bbV?1_Hazsf6grmIT5Vs&ft|Z_sVQ z+@(f4l2@pJLw*7%>EU*9A#5EzSn-kRR;!6W*Qy0uTEN1!ZxlR;f0+YD+%3fVyJlzt zO8pUCLBxKMr1QoW#^~|xPx&PF7>1MsvX1X3$YYGmKza6e|p>DEY3efU3o;_>}jr0Wm@y+#gd44g4pZFQgv3^4#vUfE65tr>T z?BJp)X~GWNeeH6&EQUrr614 zKHtG&)JJK8X;YjsB}3FZR+Z&3=GG*oDdO)JGnp)Bgm@hUhShPgVq zi|kzZtTd`OB(I2P%i;lwM1m)e)ECG@1e!e5R%L&^mjWbNGonQ{Z<;>d)4I}p*q zSVmpEg6}hBl}RjBkP{krO>S3&qm$n9(Xl(jeEaoE9%mHC@@am z?(mv#^%WBEF2~ep{ftgs(vVaS4uf0k92NDMS)m=^?Q$}m&G2zwBm@HV9qe3)>U6=# z+Hyn()P{wJ49yW*NZdZ2=JHBkqF@2%wxv zbvY-?*8MVj8jdk=#xIs#QR?84(yqS@5JDLfDU*1u%{POO8 zeWimRgvf;_&YadW74yS5G+9Z;mWU=xS&GDKIT^=4RY}RmfqM4NMhAr|Y~m$xu*fU| z|7i4Ny0$~-&EV(tPR}r{L&bC0*CDwBrC20Mi7^)Tz6?@Z{lmC zT>shp+A7lPfgNvIHJApC2on~Kh3F_83Pt;+LQkAc1bMK9p*Il47|xF8N5^*44PwBG z$Y2U(C({0P+_x>C0je52KukUH#sVK2nlt8ZK9B1rjZ`ICVE3zJ!yGhna9JK0 z!NNAZ+vzs!gmo?zkX+$syjc*JVX)D~oKpfh++wZc8JQ+X!5>t{!^e9#r+jpB<2C<1ma~++`3ZO; zB9vviBnD&9kgGPN=R0{0hb>zj+<@zaiB^E@-Y)42=rTk2#ZlBfF~~23F?oHi)p(wy zV>?>hF*M`8d54COnr#-jppG->d%@i@i*jZqwzjK7%OYV&TBVi5@^GH^aoGX|VXV52 zHztN=owGFZXDLLP;`RmwnRzE9Mp(wR7Pq@;zh&c8Ped<>Gc)v>j-E%IncN5ycFp^F z`sti=3eZ;)ywBuZI!q!LsYBMjVO}q*9xw%2F+vRs9Z_B`cC4QCW|ZOv=BarJZbT*G z?$U>iQh+sFn3q5$>Q&ZS$~L)AgOE0ziJVlS@@F=lv0CWN&nBcc-jnnGETkZ}cFy@0 zFd=}MiTm1$Q+1V@UBy$pfU(2BZihyH^=Zoa)7zF(o z0s^iNHf%jV#ng#wY0u>97TTFbR5oUP9U}GtG~7ZxM_Se>pU2RU~CSp?JxI%aMGsri0~U0*HuE=ES^8LYgcSa}xyFFVPIO|9Ry?r{*z;~H`)xZ3y*$2_@BOOP8J1$=MSp?h=JmUVG!`3FPMuuaU>w-r!1TWA$lfqJ8xP{$?p`ZbOJIY9w4boF&IQDznV2=FLtc zhgb`l*y?nzq+FzFpQBdML~ zTDmk7q(GypisAWwc(J-YPpjqg(O`o~RLNIWxi_~Mab!~?@jk{wB` zh0AI0Jde|xQaCH7DB!ZjI@GDDg)w;8YdND96g{cZAzuY!T&wsKHqXwo^AE=}C!Z2N ztZEVx3>NsD7>9Y7jj)Fju+q7->}IZ5d!`NUke8Sl3PCdLa)Ewn44!Wm zD9}VZzyHQ~I9&}hQGNy5Rv`rRWVb8fTf&<7d1Ymv)+F>VT#v7CEQ>XiJ39@3Op9mK z`mO)3{rUsiMM*vrx15cMmdLoE5dh~aM`=V#)nO3iPfT4Tcr$!P{xJ~op30`p*@{R1 zqNloj%P;BBHD<|)MBCrNPq=Eyd>=@~X_CHVZ$yPu0S6E2JQZkkQNdde-pYebPb9fO96e^j4*v z5&_0S4oyPl@vm>uN)~y6#SIFAJ+z<*8iwrMWIe@3TOG6yUHQsSr|T2xolwZTQG>_4 z+w9G(lXt`N3|n8xBLJXiq^UI=7D~AXf#3vy2@M#(iTWv;@U;hm*vBN+i&Wn|BA6^4 z)pJe@vILz~BH$!jkJxz~3oBGQ$-G2PSVp-_)GSA8L`z@XbCA=8)~ba8(Rxmz7Ph(W z@FT@JiIPNa4iw^TYQ@r~g+o>7-46vcehK#g0|n>rZdYZO3;Q1(7&EFolV3v5&>|md zhpzQ^#1vCh$ZL=PW>w$S>fHgEV4C9THPjzugTdJ1k2_?DJzp>8mVhc%lWPGAXw8QM z$>Uz!-lOGn8QAp|#vtnh1N6Gn8;2*>8!#WTi*>D@e^;oFJfPDkv9?tMd~ex`=o1g= zT5ZLNNYJSi#JTrMt+>%nM}ptoft-&yQJIbkk66ISB|T+U;)mnD6lvwrA=&_-1tI0_ z?g>(EBW~0vch%T&?dyVvICXZBf~ooM4D`jat7=n651nle(PY)l%9XCnIxLsSb@H&0 z_TIObmzaTW&kz8NR}!?Xl2x}yHnBt3@8GuS008%+8@GjtW~}X5yo{TS*Hey}tY@rL zQD+lEDR%~<>JnBuc5d1pa9;BKx{0X$n|{irby>v}o^D$#D#xOr{vG-|`sH~`{j^+M6gNmk`2 zxgXzj$A`fPm;5V?N|@0e>||0xL@akQ6mn9=smq?4#nJdQ z$}zyT;8XEv4_M|MXx)c5Z}p2ht#On@{*@}LXZh8q5Yt87C3wr*9TD6E{3}ry#2LM>=|-{mP~QCHQ(WqMbdR>S9JJk4KUq@U zY2AUiNB0-wl}jnrCY=#cs@ppcQ!Omd;E>(9Yy3XKLd{JY(E2Lp4aAR zq8J=qi=|Bbg69&V!{4r#r!YDbwy8P$oBZcw!ZtPNy|uoZ&lU&^{#%=FCE@#Mv<}ng zeFE@s;;c8ls|4|5EU%-h*;Z$uDdk%sn3J(cdSG^Bwk-oD$_lg+%nh$9kSgA$9gES; zz#mc9hc`XHe|I2rK70*%a>BCo`g7{E=NO}l_R)O5${{a>0XEMlh|afZLx`Z-Y3qGs z#T=yWOv~oEJfwrWCVYDf$`B>^`2xq$AgN;W0YAFPsyG?$3&D*8nTehTA5rmhIH10Z zS@xtoq>1S8aK=45C5qCH*qNs*TDswd{Ex!_EXZ=@h?N`Mq?w>lg8e~C%n8-?XvVXr|-qO|~BUN7Mz%kigbJ>l0kc`xah z&{!I;{M7TKD8WVXe%U1Qxm-1?H+x@9seIy}kVj#h4K5HEOObiqhY)fC3NH zKLQKptS_{}xPUa7Nw+}&(Lwd_q8`b6y4o_f_zS}ky4BX%ggXjHNrb`($L#Qn&F$G{ z1!nB~r?ZbAMzN8jfc~hB1R{@>oT1Ut zbRAJBJVHU*LKNN9Kijv4vYOZv9G2DY0!KRGVjA>Fe2kNvn_Yy!@JC??f~J4V69pD>Gg~Q7fY@$T*^*dH}vK2w-;Qez~=os~; z&a^^!(Ap#lM4vX!K`dUrJf1ehwb=>}g?0a*6vRZr_?Ur8=o?X!_Z~{zo*>_sc(N%hfc3FxuZt2nXbx&ous>UU8O(fgAK^X z0k?9nn91At-fU*y?;_KY8`~kEZV6U0AwzeWMX)*L0;QXWH=PveZME?gd zPzVJnJl)xwlN^h^xn(ohvHm3U4}@$y8KW0?gbRgh$i2yMCr}waP|L2wz%c!4KD}TZ z?vKW?8_njFhA6UO;|c$Vw_^rk<(u87d~>Zc%DJl>Ts&5npusTHjUn*a@RHU-98f(j z#F3n7`MCxxNuUxCUJty+LOX>UV!n!duG*bJ`LT$QnIR*G0|M8w&HP9Ho@v#~OFf8x z%Wd19sLPt2`_9f*>Zc>18=#PZUD5vy>tqsZJh9Q)9ZI-Bu4gT>l)RVpgUOrq(rh@u z8ff2v2P*ap#|(Fg??RixD2YZ&20CwJ804U3WzMtfafR5!+YUbKe6*b_1p|(9^@5e3 z5BLioD1zQX3rf3o^tK4##Cuuf04133jwRWBiaMYOeO7OUK7L_;r(1wIhDPemkJKul z-Yn^9Cw>jK?gN-YhJ9K?cWlitC4+;HIDT?3SNO%R0cB03?sP&C@rq`&7K*OR54 z+!zl@@o);=B|NF^1w!?>3jU8cFmgbzx-9)W9jBRNh@Ya*omp5*)waMZ2-$?6?^-mt zSZ@UqOD>8VHd3T$q|MN1dHKf$1^?@ta7)^irb>skjBxTBA<6)|C-_$sJp zFJa0)xVAlwb1t@~c2wlM5W)z{n({t9l}Lk9cQ7pSv~CKIEs2x-%0qz5!2DE@q^^c` zz4?Sfp|o~Z_})L2ct^Z=MCO*H7L`L)#|{0qA^OFPdN+0875etnBHh@M_CrM~)C8%| z?pII@%|1=mpO)un7|QxFw^`S>YuVbqvfCZ|(}&3p1@OYYR`vS80GWw5o%Kr)oBn2{(0wT3HCVn2#(B1+>$aXqoRsvb!-T7^&^ zjqC^dL*Qxr^w6(*2y92vK47l&?W+A*os7kX%Sy|72fzOgx!#7*nzHX6^SUVx?RP>oFpOTvsbEMenp}RAC0EjD=Y10ehIVPeJE;{;% zfmJ6h>}$X!E`e?5ng}Dl^Y=?hT;N!JfI?C7S`MwZ)DOMrTzFh}_VI38tIPXTZbTq1u*xXbqqI&hjO2e3`6Ne@R1bNkX{Lb zfvOL$M`e0lLv)ed1HWm>(qK29MAbi&lM5%t3|MC112zCTa1qlyI20ZF7m%UyfH+6} zRlNSK^Jrp6grAcgdV(fG4U7(7lwr>!WI70KC1l}ohy>7sPX`y@iKZvF*Qo7ap~nUA z%Psn=e51o-rSwDFyA=4Aws?Za66TuYZfAG7l@90<_mWQ#ujmr z1qj)ox71cogp&Me2|A%2gUest11!+ZZ;RqYcc9wLt!j$AbUTVeu3M1@2H3`t2Rvs0 z%`P?eWI$>RJS8GIRJKVap$ngf-BMQG@c6kfHs)ZmQ{XSUx{q@2@?d}VbcK`j%}!bp zlxnUYCLdM|#8x;>Sf3gg!xYtSxJvg|n8mAC30H?Xp{M~E@0#IcivhK%tPgxWz zoZS18d1>bsM&w*#@lNGbSxnz!Kxp=I@09=&Q=FM2&Q28me(uysw$RU|fJEiQO2FXU zN+&r5B;A<>Pgm0m3=sv$E(d!2uAc4UM+kP$KW*mgU*_`*7Pd!cs_a&J4O`rNj2Q*$ z(5wR){&G6-8mgp6w{dpfa2quXU)j_wlV5H(LiK z9W|m*Uf;~1r-E{cDxRl{w0v5p#bu*|#sHc8Pg4wl(dX2p&oBNyy}pMYXE|NHM<&xP zdwyg*4&*HpFspM8nDdMK>qg8Ic^H2=jb&~O@#M~?+Nt#jNy)!B=PSR*VR69*k7h+e)3>Fh*1R)8&TXc`K z92U%n_w{{&QwTMxd%$_pQDa8yG^2GAQcZuuL4nz)9@l0cV{l+8+bAy3z#zti#rv|eYqIzt+&9XdtY`|o zz1H)D(iY?id6_U05>Ql_*HW!*ck<>{d-7)MaHu4zBdGz(xVa~t_x0CY#-wq+I04%a z$N7EzHQsSCo50;76(pZJQu$MoolJ+wInRthD>&CeZ4diHrEtJx zG)vW#CP^ZHL6pN}Yhd1F5nG8}o?0HjiZ}%ue~C57{s1p<#tB`(58_M;#>)IpP*aSd zt<=^a$ep5t<-40=hjJTBn*5}l^$I}e`3lQgWO|w!nuxjT?#bzr0k5z(q?~*O(onaU zb@UXX3#rAoS931&!H4C1iB7G3>*>-uek~`+LTs!R`Sd(YR<IFz1Gp0Wk>}TZoCGwNb=7khwG5SIg1eRg5%Uz!R1>iH zvMwBdN9RvZFyyMAr56vyqZ;RwCnGlIdo0PPXpapCmBjp>qW)7h5{w{wuP~%HUum7l zWd8RKa>XpwzqMvu3|JAHC2pyC%q<=F8b~3o{w&H*gD>tCi3x!5NmOj_mJZf%z~eU` zIG;N|I$B=={k}&ukG?6cn%eUTTpQyP-dq7Vxm!}8a7&;caV-9h8wO;L?jQ{M=&}Ta z@(_G0`p!Upcg^AuG|juS5i2Y+MrX#Krss3>q&bYSM!=YiDM}j#u>ip=9V@}|cXk)(fUZ1K+XcPoH2`Qqu#CX5|E+Z>9%m&vRjdpVYvLYpU5EF7{gDP|1i&jDr-h9d!(Od$Vk=UGapbQfhqE9WPp%LC3v z5E`QkVQI<&=H8yq(oyDqeI?linG^6@bW7t0E5X54gVZOeJhqI0x9ts%MGnx^ITx#o zFWrsYH%)GcF>Z)4DDl(g1HX;ER6s(-eMV4)mPV4)6%quaS~g+YR$P=agn<+7n357A zSpaJD-F|JLQn19^rj|Un*tK#6v$75O(_{a(`3l-c%Nlhuq%_z=qg^3FB~f&O@-6ZY zjU-mcm_tee=-pdIV0{WxLFrW<4*ef=2z2@o3%#ZkQkLkGvre||zk$M>sU?2wa- zWXUE{H&5uUj5Kdo^W}e*q9Iq2hT#tw73X4o->N_cgSLE3%Q{IgZ&}hlzh97kL}}<0 zd>*PGg{;DSHC_UHUEbfwlAZkR0q=A0M>r_F`sn9Kbk3nQ#ZeDGt|L* z#W+tE+wFAS9yF7}h#4gz`v<87{i>m7Q*{#Tax;qwjOqggc#N0MnGwmWSpXn$9;2oY z6ZDA1|EThLem9Dedyyh~RxMaJS0!pc$K!vwn$N*8POcZ)NiV{j#VC14Hr?WWNlR6y z4)we7h~>s&c8SKq3j5TihSieP7LMZ?hSsk)*Drln!o!Er=mn6KOY?Jn!S!PH36+Dw zw1!P#m^WFhZ)Y!GA}_g~O>fxUQ8zC7`}ni#t8F!a$5ECj)&O=LOch4ciuAY6Lp{|D-grPi7RyLE_<30-jjEmpY1 z#G~@VOEGZjINlo75$@-lDa@`xykffg)zvb|pa?T?T-U^ZYv4b1rr}}3dQ=H9f(6?~ zKW|l-1V3<9zqa+bP1_w$58&nwsLS^7Kg@{YOIGO78Bar`Zek7+ar5%v!Qb{a+E4-| zMHW`ql07j-pxpn7uz2DG2JcP64_zX1%ly#=Yd{4NMTY zsR+f*mS@K^cTJj@Q`V#wP-b{F9@xp9_5>;h&A*#$@JB~D^lP|l`8Ni7yBDgrT`vMZLWv=Fmnu3-d1G#wYmn`*SjAKJ&N8k4r1B0xKY zm3F*4cuRsAi#0~Y4&XZ{RIHqEJbo#jfdLV7)~_XRJ$^XFIeo)A4IyN^U_#bdahItN zd18B(jUQ=8n?u2w1Qoi7Hi#ke+@%~8Z1*FNpCQlLjwZ<#h>Lk`g?1%qc`}( zuRUw)A#QMQG}+CzBfacETn+!fx2|IS>06^dv%B|)V2*I@agFM7DsOze}gPF+Jp+_jeg7+w>EB)A0m!sTRuQ`%UT?nG3 zT3)IY+S1(ZYOrvYehmmb+ZYDG4P7urxyAOFKcj5(&SgD(v1nWuSt(-a`@JmekywZg zsKG$09Tk_jg$|hIxU|3~{hOk}8NWeP@Ge~fDazsjLKLa_j`{#^2N8O($#!2NU>c0Q z>%8^sSi99(JV#UVY6RJQJpeDs)qLCgC5r-LV#Uk{t?ic@JNG$vIX|>sXHHVtZaWrJ zDgpCj+j3tYNT|FSVWEw}fDYrJ>Ve|XQXGZIaEjjU7JXJzHPfMF3RB{ae1I% zAkvVDZmH+$i06V@K*j-mf%oC@kIa9@Hyu+RFn%+m|B<40S0}~2NCNh@+vcyjS(up* zf)2+t_8mYD%dCYrTPW|*TqcpdR`Tz?mIJO^gK)edNcfO=L)SSh1=DY6B%%`hV=GB3 z+(3`Eh1o(-9_4;xUOjZy9|-)&bK<;Olp4^gNw%G)LnYhLaD=vIz&+S_r_{x>7yOog zeBq4>@23_RADI+7Ovk92(psC8A5l3UYUbNms0j17A&gOTL zr$r~K(NXe`mW-0Rk*G%vWZ~$WQJe14ZBi4cqhS#xuZ62E<8pQ#Y~FWt5B1+>Dq_9m z9==u*$b&4L86^!|TgOohN$oI21^QM`Z^5?&yw~{7>E#y)>OKRRh-^F%exPz zYsT7JYwWh57|F~!2do;q{T~@^k#_ivY?D0>P5UWl@r64MF&tGO{WzbHvNtz*FrI?S>tqz-I zw=mqh!c~>q1vKQS<)L&B0s|mycQsRw^kjT)30&#Slbl=28`aOG=WdeQrcE&e6qf?1 z&DFxGM20^8;S_DJ^y$s-847ii-Qy6Wj#U&K2ht* z`5YL3UK?^RG^;+vfGV=1&8^6?mv=W)yhFfm%}fVlTjdwfFi&i)jtoMyah#`+i(26Vdy_8VPx&n>}n2? zIRh^0VFl;VGoC_YdAs~>Hk+^4ur)G|iJNRR4h`$*$@`zD|F~Uo((U-*^70z$XLp(W zV<#_D6a1!cv}0Z`M{d&NJ{@O%VtLWNdjaT&iNjE|*zg3NrRb1qkg?O^0~uidhF*1~ zKw`6@g-H1Q&y`LNevK()8`p{-jE_6n`ydT!#Ryw!NnE#_3SF$E1VGi|wZN)8|FTGSmiR)+@Z=*i%iH?+0TF*aRE(|cD}e+tf17Cw$-V4e__o)IpOHt z?TSTs5g|nhXoHc0TaDW$4>j)?4k-N+F&)DL(tWx3(x8`+vfG9Mmz*fOZXqRlfV}qV z)2l)TGs9Yip+bNUQDjxbqdW69CNYnoQPik!xr7+f&#GRbYt*`v+56vnv~7ej&8$u? zjqP!uFeHEb?x!+fhUU3hBqucy*1LPGY-I$P`BGs6u_RLm8N>xwewu2WBFX zAvl#DNOID;J*{72|InoB{`&TR;*hbUnbd>nat<}V(kCq~oNcyXj|$w}{uOakGlhf8 zp{jc(qBKEX!(T0@sDqt(;-Ub$sKN-$QS|uaFQ_PRs_Na}2AYb{J2oUJ`((U=7`&2a zJEugzr4+y_O5$ZV2$0C%pp=0jK;ONpnUZK2TpN@r3a@z9oHuK1OMn>)kZGpwr!CSEmtFSfZpe83ot3P4M|0sJNK| zfb+D09A=nGs&I-8=x#4D9Za(02uOzWNmA}lYp}SyTuwh8lw*wwfHhi=TVq-6;$?Dz zgQ127d1L45+qC`TCrUskB6)MLI}n7akN}*9xP|BL)p&mLn9lDL_gDkhS`HR~D@MEn zgAzLjX;9+Gyf{D*Wut#A(IFO|TXFhy~rA1V>-hzn!v~7ij#$^^xnm9;tMnT zf!NGdOUA4VMf^n5i0W@Yxhh$HJ%w1l6LJ_|6Y8gY!h^5fzFhnS&L0fWo%IsHTa+3# zyS@+Z>-HBuTfWWW4`U)LWTDI4znJ`>>%yjsWg>yER&3WyyX0EB;9Y0;s72+JQ@SG; zW&Ew)6fn|;dKC|jToVtWGPgzAFtib*C!3A93`$0Q+#eCr%zts0;dJe%>pZPZdvx9~Vi1c5e8-#&6E^)Sa#_&ikHsI2P3-XBL>U+4l-6IGx^mzkk zuIDn@$yeTcEJa@1l)tIb<$$^!cFgkqVmA+xTJJVq*Hfdsk6i4KJ#*>#a-I%#<>8a3 zh==%TwO;|Yp1gVELs?e{g64M~wRC}NyZSfaS&au0`FAFExhhZ4%Us;!SKD)Q-Iock z-t@oj;$l_qnU|Jf-=dEi8lu69p*t@cqOjAlnYLgD9(niZonuiU_PRTEm!F7HSTwmW za;RTMFp>9j=!^P{L(Hz?OR`9V!_r^|(4Fw*#P>#YCd@@ha0ai>PyZn)S%1}C=KQyl zU*6L08H|@gRIM6%8;ZSKxVBeK6xX)KCVNj?1rqfPi?X>|p)HRMEEjqZ2d&oXF$^1{ zkuvtzH3tt7B+aOBOA6YHu#;}P7&J)$LW=4{nu;>O%`K!?H{suHrHRAm zy4N!vRLt8lL+7a3gU~k-s3{(+ol$2y(}Q8wuCddO2f#=&HR?1?6!EVRvuOCTH(&tw z%SPbq`D!y+J;2)Z-b6xOnvY+D`LAs2;Rzbni0afu<*KTxFcRNdVz>715y~wWH{W!I zaJtDw2EnqnntQp{_-U-o{rr3CSQSELN~xU>Ql7Aq*}4~V7thWST09qz%+csC+`-d^*tM z39D)|1;_Ze>*XoX_JjpFXa6q$`Ela%LD9Y6Hd%*bjg}@Krk_CD{eCZg7gle=V$63p zVByzpyRp?d z3Kk}_lh%8bhZjx3(lgp}E$eilzGqF1>0dF{&rw$pOPQOi{b$8 zdZNvCj~OyW_xPFJ1X7U2gu@Uq>T=|M_3kSbqKWH`mkU`Ni~~HQE1vzL?%`ZoeKK|I@#y z&5LDb|7fYqfcfK`n;o>B?PZRDyhn|KGc*x6my~ef-4h?+JVT9=30dvRfhhOkcDLtj zb9a3*BM?g!{X(~}HDl%4N--;t2|+VjVTD3LPkXjoMKG!b2oj2(I}=TE?|SzT4UuKh z769QF;cNm>X%LV+?2$Do8jUT$Oe)DBtyJ!CDdHut-&n&f+gnC0QVmK6{0HmF$u z&_Q2K=ymO1XlDUA%R4k=c2gFjdyUiIy4ZL-cd?h}7-0WFom>Q^alAXs%;N;ieLXS+ z8*#m8v|?5~kA;wWt5?hSp3GB2`)8uE-d;1x18A?+oa0IALNkqKk z7xs6$tf@rKh*v_@tm$u1#-VF9%~8{7mxmsMFF@ zS;3;!y%J?r)bIxyZk0gdB`O7eJD{iW_~`i>1-+Pc1!X)u0s!g_ggBA{_6`D-F@>ub zbrRzi^+b&Ph(tDUJohSh=*kSFv31QbGWDBE4DeNu5P^h8mDOtcu6FC9b_c`nj9Q^% zl-nu({{Gire;R-H3*e#C{3(mRhh8m^I-!|3dbQnb1U(1cLP&VF?}FsgEeqWB=gqW{ zlFjy)3l}m3GC~{ZCk5fhMpH&ip-?#s%Fy^?Gy<4jZPsXhw7DWDYSubo03MS#jtmRD z#@qk+b@Kgxy&X?}8vpWdZ~t9?t$nv$41tI5bW|q=_#^)74IC2lp7!u1q}W_%G9WQh z#E<3Dq&Vo64S$Ufl{w+l9|7m^U_{2jON#8}HHa3VJ-RnkIo)Bb2W~f`8b~P}PIfQR zE!7x}R&2UHfjCjx2@2cSOc%B3TzC1)+Q!c&R?TukL9?3Mjl5w3ma~*CsAGsY5G|LO zGp{m!=!;G*nHQCqcdl`Nm_K0PPI78E_RJ*Cj$&cVRfh^q`32A<^sNZVvnb!T;RQh3 z<>LC<8tH|Z)-KYE&a*t3w}M-&KxCru23t0QP!y<{nkdZ9+`Bb@dNcEMd3}YNrXXn3 zMale=@D8PfYBB8VQMVe}l4uHFKpRni&St~}&_sR0^&Bx7c5{)3W`R`g^@3ZP2}wr< z)9Rrz?Z{SNA!2!5w!D(@5m(y==V2+ci_^0iDkt3v`u2R2a^UedF&|4q-bp;l40*V$ zgUdPSIDol}h1NKKqh;N)$ZFXws^a=?hvOPk<#Lc6yECyE2Dy16y->V8&ti|87`#HH zH&t$_YH{k8pYGL#k3>XqT-Te@iweKmhkD32At9l0V$o>8zy};hycG30ESX*McuSo& z6n$C`TsqO`M)*J$euM%A#^giquIi9YjqF2^$#m1iA9(FO7>&X$ktZk(hV9)HWM_Ns z(l%d#n5o@7p#s4Rf#vvxr*7esC!6J+0l>-M+z3D^ih^-t-)qP6CiF|KJOva?C=scA zD3q`u@!%TGdY|sv+Vu~s#x1ilJlXJGm(z1Hu)dndwBl@!E;4}&*DCo8eWuCyx<%ag zRI3mG>AY)q8`DJ9;q?Y_^^7)J>~KXhW!9NL*mI)z5&uSg)Vkv;!^TAsy_G%U_pI<} zkEFJb$b+q*G4{5C`KPu?tb_9-M~WO#xNh|Hb3O>MWDHqn}VgGkH*H9Ddd-Et4;lXPr{IbF>k<{0eYlU<$WCBwo zEX~uAjXkdwS zeh@++`G3iTda&(+1I1hKs(u5O3f6w8P4)_w62eUou`&QkZ8~EjhgN4T(oRP%UB*F6 zm(Cu$w_{E|%xdfgn=vTALKUrc>r9$cHCt09&C);D<3AiAgKHy|M+KJgm>qrY&|Y+U z4ff|E7{`813^1yG$OUn~;!M(3c^42R2$jpiq;f5`oMU{z6#elQ8@BU8^SCtWFIB-ZWkWB(s$}TpkoccO z8iAr_nPVp71%XRum~~2$jbFi&*>f+slts6^+at(A<14$yrtmg)&q6nHD^)ndw4vL( z={ue#q!gn`R6cHNDFp3WON&_Vcpd+O1tZgrQoeBaCGl@0r#${H#zRd$7c|7NQmOAB zq2&9IdCj+^u=ee={DbvyQ@|EUe%y^5?2JZyJQz@tGX(?DsTM7)8r*gk&TF2w`S9Tp z!XxI!S14CrVpi7_Q-PT2lAI1=t`U5U7%~d^<}4e+$-JPQbglmmSPcHlbm=q|*$F_w zTvw!OIhjDEP0t{JcXBIul$Z0HDO4bn#pTI=&aRo@(}@xM!xJRsaERftkrPsZA6ve^ zmI@nv<>IyWyhJrWo@ZS4suPHdl2JPG=11BKcubwdlb0idlXio7VCU>|nYraP3*>%K z*j4RTl3rtloXZ<+RU%+HHEn%i3!GhZJW?LSn28JPu0U6U2{NEEdVvbj)#e}t6pb@< z$eu9nA-a~cU$(*M+QgJkS@PyAWQR{v8! zBRSOC#mwZO_FOzOgfIywScx(mIi{;`cNn+3zUn%w1BW@aYJwU=9zlFnZ3Cz)`Zer% z?q9tANZhYOuiDw@`=_&yA4k&qjU~JGhMiriitCdT%$L_u19E_Yma(;LdvP-ZAilf3 zUd%qFgE*`PO9mQ**vHMPioi*sr0;5cRTxVtsvBYt5T53|^j4tPp z`OW6WpBa6tq$YE3e#Zt`L6UnA-Ts0{aFv3M8C^ANrmaIM_K^bz3_0|w`ld*6fIK?X z8W(cOND?nyS-UTepG+sCcK*hQ?XV=tx$t#4K4IAYI$`yb`5fFZoy~!Fwsv=?O$9zy z+$r$yZ>FnHlS`K+Nvj`y!Y!%XF57rN_QftCkSw0-HY=!<12P~~8Xd;%n8#NLAMAVg zl_b$dT(;+2%paZ@NuK$;W`8Sjr+RtBs48^-dHR0-+s)#4zvo-Au9z`pc?vFfWx-0B zux!CFP%&WwoH55H31{f`GPm6g(4ay_4;b(*c_HB5$Oh%62EF|;3AxJV#o2n`(4}Z2B>^5qG{&7njCD9Vx!F7w<8EtaNH#eq+E&98 zP*HXte1*ty#N-nFZjU~@2T7qPG~ny|*;VSXNs74fL-y<*y{aLzC+I>?V-(dhblaP_ zJJ9`$ty@rXoF+{Am3gKDlI8jYConWRsLexmEtEo9OL~iWE`Z7&#Gk*T&#BJECOI05It|Yye}u;-Fy<3L~4ViK+4W>1;bVsu>hSC$sh(I zoc_o_OYcHp*dDj3KIDt$E;6We0Fs@`Sn2&?y1Mwr4M~e6PW95TZx1xt>j0cl2M0HE z&{qq5D|=12Lz-@D)5YmwGUFd0qp85c$xn_G8$*^(puut5rBc88d*(Ae0dpP$ODBD5YhMkT&Vi(-4q5cx#hi0re`YCdP z7I8#55V{3657yIc`?NO@06Bt-oxvY-1O-vz#wo9>RS z5EJAl(Zxn^NBKjZU)rHdl$%}lD=J=b1hDUnjZQ+m>~O|b`YZ8s1DZY@^WY&ZZN%5m z9ak8x=f!Z%Qvqt0A}Uixf!r!^TV-nNTbUE(yN|*kXAq%g6UMuCAEha)>$02n3^+2@ zWh?wB>V8mu6BsrPX>@VSQfw1$S%h9;*S7fzGIasl`CyNE$hO?eGL_80V}eWE0tyQ_ z^g!9MDFL=n5_od@kC<=WvWNhO6{0USvqPUt4?2B%lKd<1YlEE(O~{z(MjW@k)=ib1Tdy}RE7sNiP9Al$&&$c4`UWJ_bi^h(mkBu0s>C?KVr9dSM)DP zz2e=c6Yci#fZk&f?koda(eGbw=3bM~^&8n5RIhs{t)`SlC#_~n#}(D>mEQP*U}_v) zM3JCLhA&p1o?MN0u0XIzOz{Ga*k*~ArWfd{e>GiC{IH|!bbH-QI!QQPf?-zTC4Kkgr~$SCh0BR<9vDXsMGnorU1j-JY ztiUUK1gPNl;nBdUwOfBM3yG&k?0)bE0t>Dok56Q(7}IP)F_3zXyKb>zR@8!*-l@ks zngdJZIg#F4sGA-i2zEy;X3&Moq(4-WxP z5*kg|7zc)*ay3RrlGd?+ywG%|lNi`RG1$&{3*j(QwzK!0W=lq` z;8m&2Va|E1$Q4Ilp=*y#sYaz@d`oXq*957(oP5Ak!pS*C(xLXB%jzK$zY-&xbcFU!xgMDUCZBAd)%{oyQwtMVo*z5qwu>$Kqt^g%u(^Bn`i&nPcU>At-IQV z^$IJ4(g|MSnA2Cx8Bs;etT?kG;NMWS3Qs)eWO&IQWA%I17>`wa-5o9n@^+a$ZfUnhF^$6O4`ZMkqe2}_m`KN zvCSlN?&x^Eh=>^W#s{GYK4%TFVU_GdZ1sa(DjZ=oOMz^WQ`m|9{ca;#K{yYf`{`mT zQeS5qlsf=EvFC{q!A`#O7!MnN$(Fv8_kU=Nh{)zU0>a7F0-1Ka#G4uJfgPxC-H{O^u#@I(pd2-%wRZgEwfx2&r-hAr1h=%* z+wvKc2_}3)k#@5%cC~Edhybh7JuE(U(X4PuEB};n+QppV7zR=ZD4-tO=O+_vVK{7DNMzMZVI($S$7iq;9L03eY-(M}@4y7H zEhQC(gf`Hut~b{&=O5>@dzSJaK8)H+T4`r|_(Vb=s5{aoCGd>#dFUw;i>^tdi;R?~}-%$B>ZM46Dh9R$xt^}5!D3@8{7po~ zJQ4St70kGp^2uk%tcvSU5DDOr3)MXVuTkx1vR^(dN)SNilSU&9*v7(0 zs*DJks}tSBBo+YtHDxNeTRqWQ(38$%1LTL~S%Le4f)Xet-7%)NW)*#(2KS+w>|}iJ34x z&t2;gGK<+G!VZBK^hhVQ32j-0QtWOAi3}njoXunqHUyDe%T|avO?y8GL{3X&J7=u2 z_U2T6xQWh^F{N~(b`U%3!3ts&Cu2?I)qEkXSi4F~h}L`c0@p~H20qcPz%G$UB05FZ z%dTbjIA8&Gh;?u+HD5tp0a%8$G%)f?_|_tjKyj~zE1jRR%4TFzM~SKga`~U^i0{9U zVhV(r$V$#(?LVQQb*fAhe)n@l*ZzAMXv&3pfg%IKMWvJyePN%XGX#(RYlRH(X#j>M zEMlOjE6eg({+K?uecQwKlqlQTU8nG;9K`3{AA=#Gg#Y6_ZmSH z{gqP4vl~xpBiO1Oc{8x|imT9bihf&oH5^Sn_I_>6(jJR%FJJ=Yk>uV8;lYo@V!|m$ z+2Y#dO9T^bQ&3$b1o*;kB7!vAr^(7DO4i6i5@DnqPv@HK9jxZ(fR!olZ}lUYowWgE zfrOF7#T8oPU(e5ExPkv3`cnIvQlQ@pM8|oxp=A$uMwC7(cOiLLvG&T^tRSpxyKU=I z#ZS~aV2Wun4T_jOPj$;he{tb*3)0F*(ua$*|KZ77GEf(bODp@4;lePgVpkEqqm#}J zMj-N(^jxj#<*3Gu^#qb#xacQ88v%F7X4OgAcV6k0sR)ETw~XmN!+x~{dx&P~t^hwY zEZEW4h|5!WwPj{Sq2LcUDG(ITk-t++n)jA~3ysFZn*$+QzEscU;{dgureY=r0Li?* ziThJmh)$-63tuc&7kEz5|0~cx68NoC(K3t@$I`Ez%16WJD6NO&mFbdpfvj=Npx+bP zpZUZAbD9e5OxT<)Tnwq?ZkCXvK(Wk3C%YzRthP{+p3BDtnTu-&q(_*)V05@`uE5mQ z{cN*92|AC%<@NL(iz!j8j^agB(64VVF@F9Hpp1A_Ev6Ug39iEC_ToVPkLygHt;cA5 z8WplG-xyMtzv4!(cK%A?%~Q`EpFIm0+pYjE-Q{#_rILBXo8mm;P6EmB0mpSu3iwuO=3>*Rlhw{f9k%aX22>qO^47INXSUIpxFB&=dcm@%w(^f!#chjTtS`mEGA7_bzdpThDb8o2S+-L+< zgip&Ne2SB`F8r!q8I_>O>Zr{c(5%i*if8Y-iW?6ftMM}PtV~*(oK2(O%lazIGGBEeR`mJB?Uc69h2`@eat^A^t0X*a8NIb z;~09_ML7m{C{kPRz)fJtJ(F#8UOh0C-Q_w-D-^yO%Pw#sCgfuD=YlKWQJ;~sQCqup zS7~>~n#`&~r<6b*Jq!61ouMkpWbu_?hW7qOXMJA@*fA;vJkM|JLF?|RXoP}i`sQ3x6P*-VwaXaqkAo9z z!68^gt%CgtcJJ53w#Z_mo}f~(VK{3!7pIAe2+4ST=C;<< zYHo9%24q$EJzH*dQR5+wT8hEueE;ZMGO$?Oe*K%&b{Yb?Q38uFk zM420E8XrJAQx=8`Q2rho{o?UUI3^A~TVG+w<@*WLUzZDDH$`j)76!Xqe*Ml-BJc}a z_?#k`I{RTFrbd%5I)bm`4~?QEkdanP;mq{Rk?&YooEDJJd=vlw>#w?_dwF8hS@f$I&|-o$6}Wiaj0Ikj zRG`T!(&TTFbS=>Jj5bM<0C`L`)@K70Y~QUL<C+;X)Wx z4*U$hr;guUcOZ}7i&+{$*tM@wPpl&f+%eg<_QwtSLL~|O?z^ZnQ63c}#-j-*X*~R( znc)a>bR=BI>&$Orj&srs-wLO3B3?P8&cKq4)y}Ko$tPvkYjy;4D zf(c)vm*1GY3;F@N{;Vo?Vq>KGj9 z7`059_DCG0fXe9G_NQdDX=5>d8Hlf9KpY0Q(Dm-cP(#dkHo3U<6?5WQkOaYhPFccL z!$X{ab%AL-OJsUwID$Hl9SKxRRv4*gCCo#8o8`YnHncV|EC$w?^b+qgguE0?~0hwx{7L1etp2Uja@x`p;hfox>o=UGuX_a9f zMEW|yvmu7Tf!?~KNfD|&7F=G*EGgH>4-0$fbwfZYd6e=R_ZBS}-o9Jke3(7FdH8AZ zWQ;1oyT$r$c8$q`Gj>EjL5&%r37o-WR-8GE6HdA%0@&kI36aSPf32St(Wa5VULAB| zH1dpImoLk->zNaV187AX)eCU22BQ`T3L9E%#E}dG<{4u85eBJW4eKJB%A~(=cseJ-y-8DU#aU3tTy#X%8~!;MVh><~Q#)S0O4ipUQP} z1Djl{z;3_7(G&lPTZ~r^a)M?N4Mi;q9-f%+{{l& zM5uAhu1TN@=)II2M)Zg0z$=lvi28onP!QNp>l1HvucXpR+`njq;&=+$zkF8zdEV6}K}p7%;e84$?&uNrK{{ z3x|>;B*7aL+PJ^(?n@Y@NHfnPZR}civgS(+JzLCYPoKWbO$h_Lp7X+wFdbp$^Dlp) zbPK~dh>N8QxIaL>1h7au+qh@D??@i#uV`{M$K$z{2WHm?Bb~=(4i1}{gUb)-&*N^) zknlu7j%q8SGWA$nVQJR`Z|+uT6Svl)8aWh22{NZj0Ur5&UG;`52t;#`fWRWOk@!cs zjYM*ZcSMMJ`p;VR+Vm@8dw1^JTpwwLBL9d@SBq}v`>U_~QUB_%;eUR6Kyes%Fcyhq zP+;(plhg_pR}oKl!l~HC(GwkPBZ%Q4o$(>@hGkHOnyJt})~v0G%uxV>5xj0_V#jtl z#I%K(LX^)Ka=tpl*KLs_jq;P`9+Iv^5#Fe+bzlBc>y09A5!+hs{;kW(h-pi&+@&$E zmK=I~$^Q!eGW>RbYZVD=5HClf59n{Nq=u9K?%?wJ772qD6MrCdF;iZQ3`-iDIMi)n z^tI;eK3nFVzcpLU8I7%xx}UzY^OeyGkIo0ZmUP3`M8r!WB0{x%K}*rk>I0C)Z7d4k z(eAevir8{f8wU;j&%s@XJ@cufamso96>Pu7VJnaFHZBRs(W=r4mQbbTf@Fk7$_mZl>00j&l&zWi!8>^Iq!P9f>Br^u-PIt zQr$?No#;M#iUzR}n5KceDm>x+HC8=gla{V~^b{qM(ajwK?9{M3V5iq@2W~3NDBmpR zHAQ9FyJ3GOi2weZQ{LrFWf(v<8;xk#?1Q@qH`%TF3Yv+nCUx6~s8iB)3jz%WNCK}a z7uRzRMNtv=d^DmqOe+Ja3@hFgCZI_3;26YSRZQl5wYpuozt*7_*!RsNY!C{0dn(u< zgjqKzpV4f|e0B2UY&siYR?CCguM=8*YlM9jtM`YqYD^2dXDr$xb$yy3hLzyoh&U#s++17aTZL~ z$rk<4CKqVZUs-D%uZ6Q%^pRsrV_62jvsbE_t^WP2tiz3A7jxiCI&gjs1dIO*;5XtE z9vN6|f#Hda*lR|M!j;bs_{N_TnqwzhjQrz%0;Hrl2XdCemPNl(NDg!4FnGMP2@-ft zBPGr2Yunv&fYx`)HamxC!TX}A;#Dacj@B+@?k1 z*mk8lSL3JFGq%&(Q^@&A+N&lx86cVLhj>uFWLxdKyYt)C*I&y&f61fMub~xVWR!N@ z9JMc>H$^^u;|(kS74oi#g^Ui+o^c)L=X|XguCKpFhVmYM6m^X}UOV{lV~S7++>hmK zmnR^!<$JqLoPy7~oxOZHdHArNO>bCu3?V-@5?JZ>)5)8wtMLOGy|N!26jn&xy7$8k z=x2SQ#rRn&`T&;_$+n#Np`pdrdb1f8v7$Dc>GL~8=$%$N#0aqjMz>hPkZ2@HX&v%} zSQ-mErn4<0vdeKOPf^^n`9v5J;{A}whMq)XfHZEMFS- zTUkZf2q|%Jh2V0n|6C(TKG7H z1W2Y7IsSF9HdyZin)=0_eeX2Z1guFx@>;`>p3?Smc%Pmu z36^vMvDk(zB;#I>q`j?({$76?&JbZc`H+;>W@kyP%W8_LF@3a>8;dJHSq2Dg47(dZ zU~6+JQq_FpTUj&SI>d1E)#Sr!de@!lgehA%fgiTy`2zp5SS1AMFa}||fVn*;Ua}z8^(~-j;X6qa1s`y})_bX9+Chd3| zT25zs96O$H5o-@4S&^u}g7`S7M?jQrq%$jBTiq))GexqlI6-bRZ&ztJ^X-8F=F0`9 z{Gq3P$cd9#^`G7@pS_oyc;4eB>E#A43QQE$O}1&(h3Q{-V3bsNj&&|7$HP~N>>EOt zK??F8<^(ACa%8Xt?@Z3`FJ%n4+zDq)bbwE)Ac+MekEBS<8^QUVO=ef~*?Vd8%HfXb zl|| zCtBE<-7*pDa|sd^fJdaPS^ zAjhKCU0Cd-1SNn{{4sXMeKT{z3Q&3gvE1+Xw{R6ASCW(AnUeUHK4Rqu7J7=9k@E6~ z+xPR;RsvIQijtey;#38{)0ttB@c^y-b4gL7vJpUukripCE^<}YYYRqKQR@K5Jvt1% zXk2-g7~slRloX4uNdQxOG0#^alH2~!?M6AT1v*99$UTk^;uVXedp;Pg+6AVgTpVU0 zLKfGfN2(7wQhLI;r9M4D%c*qQaeG$8KYN=^RGI?MzDQf_H0l4XcFnio%%EQz-n+A% zrtA#h@95wqvc)~rcO}mU*6#-SUSh{6N>7MtJ6^4-AEUDM*yNTo#<)G?ir)nx06)j@ z4^U6AYk1&4OhfM;x#Fve= zjpfbR@vd1foyg-y^X)F&jK-d|hF{504s9>jveB&GYGx3=fZzt9A09Zzn);W-WiX z({eS%TL5vCT?=8FUXONvH09-lY7Tlk8}Ep-Idr!(Z(N(Rlh~Oi1M581AxRsvskzna zG0zf9!{-&~Z65=IDt5^=UBm6_BwqTOLw48DBE#_mYbFrSCZ)!C9JAw5%{9k3VoNNH z@34_?y|p?=>emejkP)Cdr%_IqCj)pOnferfQt=?$5e5QAISf+tD!UjspD+nYV%Mta zF-Y9+L6G=N*d$s-C($(UQnW z`kh7bq=B0(eAQc_)C+7*OcV@AlsH>Q#;u2M=CDCeZ^pmIMGdq>ivSx+OZ1rT(&Q$% zXYqHA#t|&U%XYy0YXlr(oq!A2hnh?&*uF!F2q!YaU@nnvncr;AHf~NQHl+(kEBIW1 zeN?}g+XH-8PMvztEgs3L&BL%vvCgobi29{@jn-v#S|gSN9$6CJtazi-W7VW|J7gZ+ zV){}c=N%kaupdRrq=yF1apq}-ISo)X*GdLqzww2Mvg#n)xO0X73~ zJ@i!J7ozn5!ShG8<1O}Q=(l4(A^a7-5mY0}Afb#UCWSw|kjZz`YZ1-?YqJl(Iu-Rd z36;~M6iEJhh=7oTGzrXK|N2ez3zdldTPl3Qb2L6B&MzKMQTwb8Bm9{}D^EsbVG`}| zRgex7UW8i8^bGf4G`2mri|JI(xU4HS8LU9QNCv{o=MC0mx!J6D_{R z8f&vb?Rx;ltvx)#?l>Y#rtuWj^4>>3h+1TF$_Ogq22w`4!q zAD(!Rw~aVSZ0eZEH6IP7qk7i+lW4CP%MV|&UMqm$>|q;!NxK*B>FKCQAG<295{RbjdS6p zsrJXL`=5Wj0}F!&M?dk^AQ3T|cB?Sj+SWpVs>E6#G7h$<2P_hNlJ z(TXv512gA0!~#IzDp8oX0N7}_!NdYYsZhcYAN?4^)Q*4bQxf5XcaE#vdqbp1O#rv_ zsAwztDtV$Z5!^J`T8xtFHsa%^#Z6VKyPIyKa>fh4;$4NICW|xh+0Fz-e@B#%7{Dv|g^mu_LG!_(&M5U^(Lp#N!&pvdU-$7#1SLCLVx&l93B~_|f?k&QmObOkOax zaKU~nV-g(!8}eZ6-riO*um~}Htd$Euu!Okt!}Qa7f;PP9I;GSiE8|5sIk~=lx0s<# zC(49)+@fB2iIHPCSB}-d{gklzw@#5czClYyww_Kp;<%es5AXVR2^TaPjsbHW%{L*^ zDY~ZSm*xQ+E&;yBlRtaz`OWB^rCo13GVcT)l9V^JlrcRwp6LVq|hKoxNnN z^hJAjhgO)Eu&D=~nho)2e>Poq$p2rxxk~c?(!;29M4VP39Gt)!mi$)&RNDDV4HB5Y zyxFi%iAdFOM7vVJ(etb68k(Z0@3F(3LtO%1<2&{nn_QvS#|lsIW@a=|6uaVEKWnY> zPnavRMA6gc3N7u?Cjjp@2eb0C>&{tr%YY-Up9kuPEB!o*tM>vmkMoby*+$mPa!W$x z87M7^c{7ZF-{D|i7V1y8eq{5sa_@7v z+%O&9jwFuTFkBNCIviIsC@Hbt1W9abX~@fBs}y++C?5&sWL302z-lCHY5@)pUOZ`J zMEqZGz|4Yl^!Ij_sHBN62{NKM3lCKk87pu28vHFl=(f$N2aFoz-sNmWi&G%H^ISpQ z$hWmW;`M}3=a}xM>IvP!)Za2 z#ih%|$WCY$<{bT*5b$-e-HUD=$#k->LZdhWO}iW;I6WBOFL0D}Ka z<_KUVX5i6ZVGn6Mc}gPGo7JE09N?Rd2wfWC$tUU5}5QDwSvhSeBNV+zjbvvtJ*lt!2V++B<6in4Kma6zqHd8^z}R7;#j zdU29a;xS7S>MvY^973srG-+C_|8ajabK$z?mk6(7xaCTR1+*}rZ9-SnyI0A zwk;+~4WW154mkajDc&M=K`3#ieF)u{F_rjt5p1xT1`g0dP7ri%2tE~fnE4KLS`&ni zUyV-uRf{sj!L&)ycu4-WJuGc{ngMgjCe46_Z4#6>Ix^Px@9Y#}k1_aF^tXNbU4L4H zrE$}s$n9oA3F~$J=4yGx*&f$i<$u1xPJ%`F7p|{6T>8h!nBJV0EObq>Eq=S2S497Kc}>1iy; zESjda%O~7(?d;9*59Lb)wX0FcY|jhd716*-5z98uGR__oE>WCU1ZepE!Y#M04W@t? z${wa`#{K;Yf1&WLVml%gl(n85PBlR;1E~+DHCzkpr%#qp1&@g5qbL$<)4g|1lCRV3 zYgAM&V|9jYDe(t-D#XpLIFQHHOrFhuk1nLdxQcm^EDPOwxYOC*AriB$ZqbQWU3X*} z_8Rp|ZR~n}4eFK+w;M@qfp@s_7hdZV}vW&Eqv zRFy9nJ!iMa)gkFlcyN>Z@KZll-076eY0F=S6_$6#-OGx`TOgYX7J}^P?dLRb?&PwXL{l|-}Fm2Cwl_gKR~-SX?wbhG3B9pv-yy$MRULG66Cn(V^*OZE zb`L7Cl^Juv>8JDA{c62;`gi{YF5mi&XrcX;Ur=Y1i`=#_B;u%Tc;Ayo)E8a|rb0cHp1?j_SVg>cvrH zW=;M?c|e$@j=?U)T`uw6PFRng+}*FQbPW?Wr$Dqm&GhYKG%H|$$~AX;^-P-=jGnyz zdHRpr)mw)6&X^RDvy#x2tN45cxXHd*I1Qm_iwB$-3H@p(oHvNJoS4!$hn8+O#}T-` zn}C?>FD!szA7SBf^Oex-~?YY1ao{3$3{1_VRuccpwc?8F7cC5l&iZ0zK3A1<(` zaWP2O`FSLm5+wB6@zvQoqTarN91JQ}0IgAf5F)YS1ltZQzI6g`QYZd|+g-fNawke> ziczr9x%l^6`1Nqx(Lb>jGKr708_Xi{&~FE$jFE+@wb;QkxfVOYc(KL=vjp+q24IFF zxVxWt5Ht|yG6k~*3Njip7o{CR`KsknGiis%@!2t};Y_T+d+Y7gTNzR)sK2|0eoPsp z^a0!WOyQkSkvQ*L?c;^7cu6pefaj!^OtYzvhV5mL<4#b0uB!V$6i@cikDxRqAkecJ zk>1Yd2Dzi?WG&U+Z5@bZ?AjUpVHISnqY5|6I4ysItcl^uF)Ej7j>c(kWR$V`I% z=+HEkL%$CP-#3-il16@I)TgS|PXs5EZmSUWmtyC9Ad^M>5eJg~JpLbm?j& zK3cdgJysS$3RAe-3X1BlQ%PwIk`R*2VhmMe?ZiH@NgN8!^4y3p+aA8 zLw7a!H}5e@7?%$Mgdm`6#{C*k+alx$c|dA0#95lP)=~-

    7if7N`7>RTIW5L;NQl z^E(w0Jd|jC_5w8#fQhx5h|$=XvCIG^?^k^UXGJrqiWF*&vtsSD$=&MqZu*WL@!hPX zgFpDmekg-(h*dTw@AI3zJ*WH6{gF-e{gMwg*A zuQgvXM&^)MQ0f9p)4ca$R^CoQtG#N;B}bP1>LPEWu4FSl*QdnHkN!O#e?7lBu|B95=s3uiUDS@gO$e;mG-45>Vf zT1%jh!Imz}l4PB33H9`NzA)7!HEoBiF&O$d%5Md8BT-2cB`5m~rBnLP?u80L@C=)q z1&cZbEi4HCa_Y%D@$YV-g}d=*oB8j+J{*lHQRQxRXXIvq6Y{yn9YO@=&<_DRIj8W2 zXE{xd#tu5WamL6L@)<{IN$A5t%m8Kkk@x&gf5mF<744_*t=R|v1gYT%<>0v6i`;sU>l9sd^RaYxW zcSBJKxYIIICw7#Rz-X$<;HipacI_w`Y$wD=9-{~K(Sv|%woJ?EtGHL!pD3oajfrI) zf1<~8B*33JuPe${w|t5H={$S#Z+V#i(7!g!Z`hS|{aI2>U<{^k^OeTbhGlv$9il=z z9+gboHeZ1kCEGy@xEJW|{29Kk9i|^1MnKc44kT!IaYQFK+NUs2r3RdQLRGT9*-+?# zoRcA-f{M|hoCpr=RTX;3i782RAuPY^RQ+(^&eo~Zv`(tFmBI9ek8_D?{=<}BBb{H95E2Yl&0%w`$Izl*iOCt4GLBb>$CF<=i%<1ZRl#v#0l z5$7jh5e!1b2>UVL*MXJdCm-{TDxB82gs7vJcFc~LP(#%=Rf#c;(d;mj8UlZq)j)uW3aTqqj#M+M`LPJXdV<;!uUrKC7%oGv z2B&0&!qeg?#0D988)ty#XE`$STTdsPyO-+YY*`i`M^Ko zDH1%tNx0iObM$^d*dm|ltCqkQ=K#y+;hjt&$BRs~znJ`>jf76nV)g+<3U#YH=$b%7 z;b|MayAlfB9Xeu4H;V}4gVys`*9*v;zSO>5KTqG!e}k08$8CWiK~XK&BxHnO*yQ}) zd{`b_!mPTwv~pxj!(9#Zaga=K$}jm_L)Eeh7UWbN#4&_I?Vwf4w_ z*~7W{^4!I-Lte+r6%7b}xyM2ot%px;QMJS$8PM;O9OP3D|8Sd_y-4VH`ncUS8QqHo zMt#$R9G@UZ^23Nf3(RL!GH-jZUsOVvBL<&EN{ISBnN8yDAF)|GxHR+z10IKEUV4+g zax8~+{SbUArP0LkXhe{r{rfFY_3yPn??zo=_XJ4~BUDD@AR%$fSL4I$4eki_Vih;k zIz_^HY9c3MoC7ulWx`H@0*N}fC{W=Oao9GdYQPb*m^c(yc#8R0XF7DRfUqFA&`C9P zUKJ5%ml%F|flNO!lXSiu0;`_oQ?!^b#jbPe7-p_@QETV5 z^d|U*W<_(=6tu=Qm9f`~ig36cJ+Tl!!dPnI<;j{=71s7oL^4=zW@rrR%g|gt+rWin z)6q6gx{n5I0sUqw&33}>$&~%z0Aur5kdn@~Ku~B@4qdKqIMl^dtt&15UouE)RR)~I zXY2cOLOmAPogoTCe>P28XDM4@`<=C^UKnN53QsEc*Qa30 zdr|toiX=<)_AwCc>Fckx{Ree9`NPV>ojSxmxx>~21T2n>nf>yw+y+rP6(%sSua-V+-Iz&+<-$X5}-MXj=pZlXQL@kbvUOdiwi z8fwo>&FO(n(eR6JE*XA$T`Va80M=5=#U*OqO2+dH?wU1T-Yf$j=w559&(i?6Qfj5x z6eFbBx@%B%Tya4ZULxzGnycyDs|6vtvT3e2Avrf>asT)mTy;bQa$k%lp`#y--fO=j z-{%NuaHzw6x?+6d+1{al-8cNzm?k6Z(}>=VaY;td(Sjs_98N7kkE~j{flaO{M0G9* z_I#5H*_PU9qxi)D@W!IyRC0G2Dl-EWWssO&vbU;uCd)wS!&fqVJAfo~6!mE(Sl=L8 zDqXv<5VfnPj8>RBTUhFtnWqcFnqsgLC=6o(>%l_v){vTTQ*6R>!oXV9M<=agMoYkM z2#b?6LSOY&s5`#FO(M7C$`J=&`Ltzr^ajG-1p#f`dl=3KEm5JTBq8PrEiuAh!VLc* zqF5eFT<8FNcQ_?cm1sxUQ`q9>Z90y$hCyjVzprOIbDuj;yjNB@xRGpM3n$pDV!rr7 z@>Y+JiFuG;;Tw2@bqHw zpy$@OiiBMpJzLM0Xd1ehy`8>$1;w#sT&boBeMy1`N{=C^v=-j>xhHRy_q+QvXQ4?= zQ;XYvP;L%1f+Yre?fpgGa6F_YOk$1DI2_2}98YE-bT+cv_c-!qn1O3t zlJlh5S1qc57UNmZu;@iIA@r}mj3?j!*W2;rr|~cU_V(YMMaz>emNXiUvZ!xyRVf-O z{ShHn_iJgMJ;>kw-W^w|@KC1RoS23$)h#6nfRZ-%Sj}f0Cma!uku^>CSo!00dkGnM68DXy2 zKp5N-c+%q+dP7lP?j!BLQOR@-qbM(&SY!j$p*RxaRHDRezvEMX3MpRZe)ebFR6`Ohqfz_`IW#!SR!|dGUwc` zQV|qoI7Go%CHq*82m&??fpq!4G;@IQ7MQ?gUE64Ix^K(j%BcS za&v{b4x2etMF5k)!gtsAn2lB8Gzwp9Si5l25KY{1p7iAW(`0=&oy`xz>v{{pqus`A za` z66_FkJ5$W~r_$20R0hLkTtdcp+@S+wkimHCj!CLk8wNkyrVhXpppfpNspQ0((4 z?(=r>iMode8aAvQctmx~;+3wYpyCCGNHQ@?h55q59m|8Mn?p=U_b z8KpNW<=Vm^VXRNy6$ZOKCS0up3)XE04bR-h)5n4F4Mm8(>Jx=C>C~sgv;I_T#(}f2 zW7TlL(p9<_&1>1{2zDU^b*Ozavu&1d>(zKwfT7Y^V~$ktO)3^bn>%FdmU}MyOGl(6 zZ>2)&=W!BgD1E7dK|}XqUz|6fb3398+bhfu6!K zcxH<1q#GfWWO;9MwrzjX0orobg__#-DT%@c+V}&TcvkX`zm%Del(%x{P~Q-3$!-PZ z%cIm!cEEOUg`X4atSkJA1qHlst}tvqoS0CRe97Rwn>5iMZn5P%0myMe3@5=y7s_;i zKYR*rX7o`5Bsw|Mp|MlPoSHe}S%~jG-YIc{py|UMob8*kdsFB;-H()Gt1p_es;^~O zRtdv#o_saEXTNO@zEh@>t`IRQq}(9IU0ob@4Q?tb4EVgb@UT`Sl`1(e3R9^r)9=uI zZ4lr#kjRV~>s=U0A?d7#PeYAxd0~zb&%cV7EwDepZ-PCY)ekar)&Ob9FWsKgq_)SN?g?WU=Drmigi;5XQqs&q=gdJ zo+TVV)@gLPC!(<3`|Bn@WnM1vG>qK(w#q)gh{QpxLip{0D?r4>(E zk}Vo3!xYwowx$Bds(M)g#kG=qg2fl))uF(*v-cd45g}N7&RfFvhuAe2oK{fvvr*9( zj2CZ~wFmc9BNw&HeG=^0ct9%FBL86IDEs_k?`Etyuqvl|S>jFf6`%+T(~@(4QxuZu z>m|J}zDcHWMOV_Um``KY5jxjWTq&|=Of*H)#`op-c3~8n0y%eKxF8;##MVK`_rh{5KD|>#sRA^ zaed}|82TW43On5~#b&{H<&YWB8w^->*aVenXV>oW8XPxW?0X7UYJy$$SC`_bP^}N= zYd7A+k;g&FyfxkQK82vfD#bYmBbGcLjNKlRWvI~69R;!|ex5WrbvY5o8}1vQ?CHNG z=25A+-M|n!9WA9SsF{YAWifl85->TrE~B5AHsB>a zK|(HkPha4ySVVZ8eQe_u$-qBgiuR;LvOn98QykF`p~=Oqx;rGEsEyJ|V6B}a5 zQe3TS3=2yex-^t|w80kBI|8X#5}9u3hmME;HsT-xs?N_MCwD{8vtblT#Pzf;O8lvs z7fA^(Yvm~~rt|nJR&U;i@}5cQ;+R#lOU}DZT|KF{Z^MOKz0PD%HvD+kCV5HmM%(M% z!@1%T4}H!UvtA3161s3g0~Oh}V)t*UAv$*7qDD>UP_iDHO^wjuf^U`}d~bYWaCzS@ z+#F4bLKp66ZCyOtg@lEJeS;E*2DOuo%{yx@B%Fo{nN%l-Ikjk*zco3jI4pBw5?-U& zCCstF#ap)btB}TIUXmnGli8oGJG6rG zhTRL3*3iqmfkg{$Sg1I0Ug2J6_d>2^oK5M6zmRYK!7^WjHQm)grx)|}4z(*erNVjj zZqg%4e2Jq!pp+0{Qqpuky&a~db5I7eC{-@wYzR9ga~dhOiaYO8Y)TK-PdNRPp*)3J z3`Ux~>4UH_QG!=P;7!gZs!&6a)R>eyB`XmI_6_FhLL?)65J#Lh9g5|O;PiH~m1Kjv zT%}{9nJlLk1VUgIVKp==EQ$)`bVJG+#(Pg%p-O1F#inCgb!kmAr#i`T=}WW0()lxM zb;M)P7k%_IM`UaukIfJ-bh_<(Vo94u>6$Ep0z=5)O$S0yVc*c`#O{cP=4|uSvrVC7 z;*|O3D_yfe|-m@3DoJSkS0e(oCRk}Sq7DLE|*51@E4Cp^yO0yb!; z%}M=}XC7;9Md0+Kx_6W`(vUsM>yIjek*g=M+w+boQ`JTBz6O6idPxOti+!0^$kdU_%qND_{Wt9%% zcwUTL7>kjOZyrtD5=iO4+%6Ny8#&Q!DJh~#kuiAJOtc%Foa@^)3Ud;&?{gw@jLK7G z@6Nq;I}~P;15l(9_yMTrs;1ZrFFQc?4yq+C*QXO!bGjgZ3YuGaXyV0Grd+ggJ#x++ zL(7CkQ3i%=TyO5C)mj~rxQvdCLvC?FqtHBg?kkOoG8*`Vx6gIIBo#|qyx!puD`57j z3A;qB-kM|Jm9K1QhbuY5g#80MQxNk~x@Fc?A;(xYwAGbY8yx0M*>4jPW1&sY{~3;ab*&AO%~ zd#Bzlra084^kbEZ_l@j}&NRjQqSvT>YRJR}lvL(S?m{BB>X7J>EH`Ui(A!5&QJk%% zJ5t=rZFnG;25C^qR|8j#OV}l9hCi0r_?ZLd29TXG(L8UQ$i~^Yz^(jEm^)!Tp9YNe zTExsJY!rw(@9iDy+ZJ^oX%$7+PV~V$FY6+;=8AnLY#4wbLp`sSBkKI5y6G9A8+RS1 z2BfmK9%rj#mBp!G_1Tb6iguEn7#C+;ig&Z*d|g0(&c>Oy1_G|9t*mRDc4y@;>3|ov zIr-@>CK5b0)#V|ZD>nr(tCPGX8k&_@KS}waX#IHk!H;GjQKc+6$gAlO_viLpp&!9b zawndn59&7gDE~n>!+U|Xj3b{LZ$cm(8?KGcFPf9w%2;Kfro`G2yl2~M6M&G)4H=Kd zUF@q!gpIO}C2~ChmNsH(hoT{5>}3bzq_R01meb{I7HKkU*}Gz?-GyOd#wIRi^A&hz=6Fq>jKYq041Dgf1ZT!XO6UepBN)3xo~yYn49L$K=#ri>W!(@3 z(2rP)w4Ku-5xgsc!-8{8?g)-M%0)+Th;zeiJ25iY3!Wc%CK8JsH%G$a^d#C+I;bIa4jp{=qc zo|rZbz7UVE=jzU0qbotih=5D%g@6WS>W zxg_*6vv9_%!V4*SY>*apGEfW-BRX9aMmxE}K{yH}u*J&|Gila;sxooa4~zD~SU!iK>l<;YtoS6HK|OHQ-Jqc<@BY( z36zLpOLjdq#Jje#PrbQpVaJ;8jr|<-9t*0~Rim+=A(zFJ%Qa+|O=Xp9biY^0j$*HF zuaduq7~2L-bCO;;p?q(fhDe{qZr?%tYz-V^_37$NIXF7cf4$%il;U{c-F?>7rMUWb%A(eP26E ze&ZgkXM+cD1p(c>OQ{RQoa1|iPp#ygY1h5lOBPtTw1djr&^45jM+<#f3CEF7G>~`% zGd}o^&{ph(hy(FC2yheQK&DJk>JvgbhVIIb;wS zm01#k;i(UiS3P|lkWs7dBKJC)S!kLK?7bR`4))L}AJ4n#&}r+gk8!Gu4QJ!yBiov@ z?vcnx`2lcy^2CnrNfz~pkL60og>T#|kz)oI%=K*M*e?5ra9Q-kNH<^PIf)SEC`@Ma zzZMtC7j}7redlOv6xdxywndsCi0pLiIPx)TY`dWiC>2|vJHlOa@Sx@TqASbW- z!v3vE#FHjRT-26{DsyM-GSXkdR#R*t2;zYp6SLN+@EFKHbWq==ZwwFVd#NF24bABQf!O8NkFJ^4FR0JntfvBKb?WMJ|Uu{N9(J^ zcSX^>D3&PQq>ioldAkC4CylYWWxE|)Hfxd#8eoe~6|9#nHf6yM%w>ih+n>b}u^`Dd zLz4xu8`xqr(Qwx|*)XEow!yCL;|txli|t?9S>PqG`J!7VMkWWvIjf6~_TiE#LPb1B zX;ki5;*RE!!bT^uaWJ*Eje>FR@GRK9%aqIi*eux8NtvfIHwf|qH-^AnChz%}++46@ zq8riMlrEX`^}x|cA&_t_B7QR(>ZVK~={L!jeRyE=7)EFr3~%IOk7u6H4p~<%2;|k0 z$mX)`WpQw3sc}J)LO{vP1A~B@Sj@$Z@XsP1EAz^Q!!;w((h&$+|M4#9tO7o=n+DlO zcCT``Tk>^l?$}zbhTOE6m*WV4gMK*DeH-$P=1z)w1TOaYW6e2VF-}Ia`a%Ks;r@}d zbrp%hu^}j~lO?rA7od8VF>`wdwr#^)P3tO!4ky`iadLlrVEb@iZ^h*@NrcI#?A5q1 z%E$ddk{KfQL+X)xP+)4Mgz}l34yla15;?-@%{C!F-XO+^a;%W~IZR2Z94(A1(ZiC( zd{VQVid{O9oW{9$KwLY4sSbCkK!duI*{dTWKB#OGHZQQee)NeqzqI)z~10K)0UA4Sxp(bV;L% z1dw9E6w64YTeZGIMTx^E6QfSnNq5J|s$p&hMYFDlHkBjKGK)(}vh{DO#u*A2YlwAi zr`%q(fe|_aqio4JSnJ>4B$?8+O3kBJUW^yM(yy^thav!=iRZIm{C= zi*3?D75>=KSZ#0sm%_U>@f0ojoHRM?Iw3Qg-s7^8`kulVD;wv(C zP}Y^yA*$rRXVcm_8x2W3im+R9)bwYbZ?NWU&SBRp*q$> zy6o-i*#WK}=NS;ixk#faHKxFc%+rz5S-=oP|F9-+7`l7#vMJfRn&a+MBWxW9y&IhQ z?9PvO7RncgxlPIWs*ssA@UBsXq;*lk-0hgHa>wM@G@y3*14wL!LKD67JTo9U4wa1n7$y0CBo=r1Du+USSdd7pCe(% zyQ^vRaIpX+Z6nAvygiOrw2NJh#qV5Jf$_Asg85Y9=~(tn9CsjD7$%U#wKbgJb5-gF z#2|Jw48?3Ko@dSF9U;X^C!C0VXc}J2g=g|P2D)@Jp{%DOo%7DBLt^uGTF(JFLt`^N zCPvJ}*;&;goRvPUKlt}*YGjE`(Z(E_0BgOwhr5ObdTKp5>g*P4u~}eo4^BnXxp{B8 zDBLLX_en|1UbZ6h@*+t-iQucL%|LCd6q~~@Lv2F5?Jigp zalJB@k(>ccngEkJEk`EescBax>$EDkgsM}Jt1KxX(#EI4zvV!4@}XgN@JqeWB*?aN zGTV0gu$l$_U>A`~ni1C!a3Z)G0?ZOqX&Xr zH8_sPacQp03ZqAhB__AvHFnD}!Xn))VG3wa4Wj9TMZuvY&h%|1mPZdXsSoEIL2A&y z?ev~{{o5h)R@X@*76!NLo`q%=pRd!MS0z|lbgeY&`M!8ERcVqenKa1*YlvVU7``1F zCEwsc;ex49wkCO(hO)b`HcG(|n*s`VM^am2n^VyQ_q!0gOiwApy-~M zaH{X9Ysla3qy7^ukr}F3#dQj+>+w#Xa3r-x(C^;htBIe;b5Aax)+O$IQ86E(+=tej z!Q=h5-Ee0kWP&8up*oCR#BTgNPs&yb=-Xkm)6CIkF( z`?heQNHC@64A|G%8VE^oJzstV2dT(HjZQpvc5zJK*ksRy$gzCFl)5N*7i(6SEf0l#u4*~Y|Syp&2rG3B@we>o(jRPB{$f)O?wJb!?=JYv>->;&F#-c5^#e=n%g+m zgr!v@VoGJPQeQ$4YpCh4lg)u>&7u-GDU~%sf48IKlZ?r2eNWav-jk%t|bLEY(CJchL4h zkGD;TZL~nE8+u5$#-b(G#W9XlS)rJl)TdG_^#6a0Jc+s6Mv<{*8&01{kJq_Aoxp|@ zjWP2tT`*H~7*vmDB?l-cw;L8?W7{?9F786IoD6VK``ryOWCn;cY490?qV22L(@tvy zoI?uLw;|S5qwpixpt3=0hFGV*+}J2b%&g{*Qgp=MlV~7#3rI|e3&~0%tzf;noyn=+ z;3zol!s)sAGMo|a>VjCtq?am@IYpjQS+?Oe(0euQ=Ymp=KBSHZ8+P|kAYUCUJGa*+ zMsUK_2{E}lJ7s9rt-OtW_ec^l+C6qVtxeQfY^_?{R926MCrKR>qmy6Jr7&gpC+9A&S+;^Sz;TBcA(e(u{mG~I7!sIEU~S^JBTGg zx@H5LW|7Y9^ROpeRy?qcs#AJspXRL({d0kg$f6|sV`^EU$0!oUPycjCY;f+EPN@gp zpSm4=evbNc3+P`mf5fYVg2H(tGQ`<91yXzoU(k}k4^_WAO!^~tk1d=!jzPlnb9)@t zN_7R|7Dg@;ev#wrb<@m6UV}R}I^LARR*cY}gnXk!Y_ zZN(c0CO|H4DfDoq{gtDW<%kw81Ki&Q0DR$Z6%YKO$KLXI;noEgNlBr2qh zd@Ob5%Zyb=Qlr!DC25#ggxlofFy?F)-=%${;{y;YS*k>=Qf+WY*C5XS$NQ^ffQYw% zQbPs%+Wosj^^*N~F;h~9!>a3Ux@B-^BNUrj&tM15?gZP~RI^Xda8Ph{Ro4*DVb{r? z<@>;s!ksED5Cthj_HM}Xgom*eeOjHkawVf3DMzbNp4v0qDE^d{ALL0 zci}VR5avMiOUX?O2PdFP^r$@{)we1p6KFDV@%4z9D>yiw}xwot}y+>qpM2ea7m$W4mL}RB5Tu|A@bKIQY?UK5|6d1S? z+*5+Tg(*+zffs}|Y#;8Lm>gp<8l#j_*NXl3?x-BBfc{t!hp1uO?H!;?$+`yHT_7QE z#7^O2^Fhp9XeyR?7Q_f#oR1^TMs%t(tIe5xJb>bCbhn9sr{p^tm7BG;2HubqQ=>VA zN#3wZ)zdZF)iW@$o7YdStFDe|*nC`fdbmS-Mja1!dyR%ik$Q;Z(tMJTTywj+0!Oz? zXW%$N>`dT&OjO5K@~S6K*#~(y+5?rFxO>Tzp(4)3L{_!@=PeD>J9DGOKP<06CK(cy zZtWUGM%x;W>mc1!E!-qxV?vTSx-)*v7{hg;TXLgw1QuOB3sx=D_`&vBH0EGFmhuh{h*f~g8zy(diy|uovu@QFVft4+< ztsHi1c{zHstEZ=LeBABww3*kbka&AgnK6DL-QuIRIB!kF6WxB%jXO?5I6MxXS@i15vf(#?_s*>t54Yt*x!DyRmb1ksMGMA`=|o3Tdd#Y8h@L@H;zi`JU@+x63m(2Cv-}ZB4W)V3iex*7s zO2s+> zIg-VYkwz~^lXq|6nO^mZV{b92VByRsjd-6TPlv3WIN&I^^9qfK;UtfJxWsyL-)=#5 zV|X&0_S25x9V55*NzN;E$z@XZxI8;eNZIMLz!ZcMMq*G8)WKbXND5<)m5a<^>vVx& zj(wv% zVgst*tJF1<%iGRc!5q$>XC00wq5o4HwEGjmx)A%+#@M zT3Z;B<6;TPFv({Elcb+urry#(me0V1l+?Y>dT?W(e?8h8<+6cH$;nNjx>3-%TY4oE z729Lq7}yt^W@|2_X8^ZbcTJ3pk&!jNJez6@Y;n0kRZSiYQ71P5NSz3;rK$lVx0HK8Ney; z55x*#r^%V7s$h&txRsNW^B8cj8XU*;0W`Y1wv!fu<(}P|QmTnq>}bb=sMSY0CB#T# zsjOZp|0Mm+*-%`-{}eej8o!x?=2OD_f`x-rey(SAd(kc>?K(KphiwDK)sh`UZD?#U z%(0!}`;EzeE@&z@BUAC}j!#H<+je0HDm^GRCFyeWzM?|uKcyJvykgT!&`ldY!4_+Y zjrE`l?h0+Uq8cQF?|KKeBXbhX(Ntt6b{)W z|76jIvNJeFfUNh5$}4g{2?L0YHG zIwk z4G!a(x%V=Z&@kun=UaFhDlY_)JebtkWVP4CtjWBrxoe`(Vw;ol!1jvr>cR%Xhd#V` z4igGmRqKHJ+`U+KOET9bhl(%4!DZaj*FS~>&uVY=CZg^^G3f-eGo8yPA*ZFZtqtff z@i=J1io-osl+;a3zf}|$;#j&7(&qEdb#%LkHWBvxuH^#-3e6g<5o2?L1d0@D)Y~ND z+Sd9)mj^`n_%>m%B9fnCA1FJtNLEB#BW_WYnzld-Uy#3 z0XJlV2$&&l;Bb$PVaa%@(GDJPR;VT%&@Q*W9wI`mWeW zGnP;F$L_q)*;vZA0-rEgAZHv^p(wX0$UxhGu@-tkDjjrMg%@L5FdVwYrt;o$H!01Y z#^vf7Tt+@Lwozfjt%HGa7}dS;IG2?c+G}GY$sM&DCWm_{)_^ZCkyWZHOVi?GT6EL= z=K0IUa7`NiDg;H+(=~~OY+h^8X@~Smord6&kXMVh`hX|MW=T%NgmrX-yTwlxp~6hsao%lA=lm5* z89_iyM|weGB`%%0B{DUo&LW?Kf72ivT9Q*XwHjEvhmHpMnTI$N?^|3eOM}(AljS6g zi7BZIx03TAp_qYZXXJ8BNOyfgHNwfZt|7H{vS%nfuvN%feNbk`2ntJ!w`v-}y+B&+i#}=fd2cYKx*HbedD%$P%yYWy*^#mw>gC z8-a|-Y)x>B(NsaayqR7kq)*b@s-EKy0YaqVb2`oXacLkR`>P+f*b2&LCK1nuizHnd zNvI^<;|NcNvXh#4iLvXi`gEZEbSS9aI8S1QB_;wYg60>-d15Z5oB(ING|7qJ@)$NS zftU7->HS9T&i6w1yG8-fWGLwbDiV((H7J*t7V<$C%K(LJ=h(nRpK4^Nt9VK*>Crbr zkQ72+a0z`Fp+RlQ@~s|C%;E&D?54B~5gruIMG>wIOqWu%i%%Am^ksdOlubE`Ak7Mr znl?U^JfH{j;*I5Z8m6*j`lXH3bneU}vmM;JaA;sSjwdmVLWRbOYCT3F_i72xcO00m z6FfXVty*wBNfE$KMLj@Qm-Ay3-w}nEzBr!xRP5H+lqET4^m7zKmwzsrPFj@>NpnUH zU2TDRqpPD|L{dXhS?ErBhbNN!!^x>ehP7=I11hGb7g+;}jtGAKl6NO~C*#e)p+wDz zO&qNYy2kbF7G{*=VU06f&D!bKSne@`9el*f$LLP|RE;x$q>m&Pswm#D+=!aez(%=v zjIS1DHFML%=pYicX2d}k%L+bgh;p5jtBcP=ZlEj)A}6QJqRN7FJd5onS_-*j+yNE2 zt1lsPqdA#l^?3Cry@49h5jgpgoB}RR1bASPEF}4#Z(pJfr%6-jV!DlT!kOpPxbKn? z$9ob@QfAGv82I>=6K6FD0U}lqKinaXCtW#$i;0JBY4qz)7iU!87$Eij-co6k> z4fhWAZQ^{+@jK}Fsvwcam}6FM+MNHJz+W3z5>N3`Kq+ zJ!f=mWVCBLl3Gx-R~Ta>E347AW7Oy}-0}l3?v-0)DZ5ati@O!?MYHG!v* zvx%skpxF^0!dNDpjKl*e`W!q-V`Fg$02d246;IXMDi>| zs4*gsxQ(o@C2i2A^^__vbr6Yo>bFN6J1i9LLIbGV;W4Ww;L;ffyM?W|Z#1H0Gx39+ zYdOacMQ>NU%TkHhY@w0`nHJsodDpRWGL#3;jZ~wv8mX4BesjiBiq6{;E=gH3c<$lVQpq)8O19>qplZ$vaNXsol`w zjySrdoxy3WZpJOu}ts*#@CVbz|$)aZH)FVgDtxBldroZMNU#)Uad@pLi`xPAsk#yNVR ztpi&yI3-I2W#{3ZDot>75SJcGmSNTp4E|CVLzY4*u5mUsGP}Sk4})ZADk-ls)J`e_ zjwrJ!xh=+7$QA}}CQR+rf=n2M3TLkvrsBi|ycK8S1pWF=?%p}R5lrX66_;|&qNRDN ziGA#fR%dwYM#$B&yr76d#=L-?M{cpIdy{v6m*H9^++?>y8u3{|A>cUIas#@Y52a7? zvRH$wM};k(#`V;Ywc%vvPMx726rmXk^C}uT|34XK@vbKBVELhtd%|9?+%vKJ=e<2`nt3}zu?!G+0)k7go%~sYGd>y_b%#!0 z$p;T}&K>3-J5(vFEg2gdq_Rt~bvg{ubgpv|m#GI5tS&z1AG*lhPzQ4<#~SLnKkqP< zpT;^0BN9*0k&TW+cmzIsLOs<_2??}#`wL$>4igIJcS6u}mKtLf<_URC>}i=e+EAp; zoz#*~3Qj3!pC@}xB8Y>%GQtHZLpfxB_-y!xy>s(CF4L`^%V`&)S4$8pPH-^g{ z`TnBuc0OwBRm!wZP`6wc^RZYwCedOs`(@Sj>us0~F6M9&#i@RqkUQdJ&>R$pt28Ma zZ+BPE?R1GoEMd^ZLq=w&m*@Fq90zI2t{b;N(g&z{x50iF?kaj1td85@mW=c06vrX8 zE=n9g)xl}aJx$@Kk>eG~=w>?GK?YfkEy4PWuf?FasO;5iP=i=%q@{>3C`xDN+%OB> zT~gT_Cwd2vtb4epFPQ*W!Z0vO!EJ(zIMuNC{>6q3k@7sH9vNM8iD_m!mv99(b2<;< z(s+e@u}QCW#;Hjrx%>f2G0T#rnVceEEXxJa>slu{PEFkA% zW7|7%1mS7Hh4fxcCg~=zpz9KkM$m7R=W<#D-UQ>PyX^d5Tz}JefHM zj9o1+TWzpqbtm}C<(FfE=)_|Qf^K!F)e`d*iCpf`i9$_nLWCi&EsJiPsyZ+`1qoc$ zL{i6;6=s41WbQ_SSb8I=Q4ep(!KC0}CHrUTW{_kNQEell{|7K9qS`HV=PsqgNLyrh zrE;gK`;&TEn`l~KlK~03WsoO1n9aIYgGj86xI@RwDv8Ue``u;ID#t+C8W8IbQg|S# z*T~pz+GJVO_&77fNcU}hJ;>KPWxi6`086bWC6*;H ziYCo6`aQok6AOsBaO}XyvKN1l!>fMrF~vkYUsCg{`|}?rg~_B15u#+{&?9XU z9(G3@#yer!Drb&~e>_$23u&Wu+BzF`i(8s(L>b6}z$Oo37xjYoG- z4+(Eb8WZ;+ImQve)}LXbQzU^e(+pkM z4&tcbBuDb=h~8h>)d1UGmx1SdJTt)YWj zud!T$%yi=ugUkDN_4P~=gIKtuwRIUxDRe*+b{M1}85tbt*-iEvlD>D=oc9Qgk4-h+ zJjpUJ1;I%uB$}RXL(bd8%$rxPOQPU+ea%ZBSh-UX12{PoAJ<5lnOf_=vRs&WB6(SO z_nmSXI_8|4aZfq7-(z?$%6VTNJ=#$`OBaDw1p&>!5Fa6wkPC0|NJ>3y{V|>tKO_ih z@V?>VbVAr4vC&b8Xaj6slx$%zS<#Lrg_jDw>&%?&B)p%ELuLIYWY%`xUb7BpPc}cO`1#=S} znWOcAnbG)%Is-CeCTiNRBD?qTn~j^nOI(^4%fuF#QQQ}wEaUYz|UqoJU-1Nr-O>;5zmb_I;07Q zvy~MXT*394$`4Jm=d^!{A1^1i%OCGIM9wJvl(YgbiiY4+ZfrY)S`Q?TDckWPBvMdj zezDQy=TyxxPUl?{s!kp#dKs=3`y`12X_R&Gh^yfr@09UOL7Bu%pkpxzMvO&x#~Jx$ zMG%G&N2h}7S9D`ve4i;QVS8p1#-1h4mS4qzsF?FY;&<~eBkdQba&wm@@p?D>(dmsP zc}0)gVC-#)6$8Ah3zH$cQO=O|08S)j!9_svEd_})Uu-LJgQ)DAm=YGWvkImCtX#g> z6RFxhCDz~8H8}{U$q3>ToX(XlX-F%_%sQ87bd2HLI34tCj zp6iQot(e@_N9J=|I_D1dQ7x|S0>znh5L4z!AA?B>_tcJt)e~hTPViYG>PBh}h6ge- z3SA?LKfAlB*U4ehm*}XGF?jd1jGg9%$;^XDuBi5YJ1(wB70B2L zCehK$V2~G|av@U?vu<|6gfV{QI+CQ9cVZm#YqTNv-W*u?%bkGf!Pis3x-MzvG`-Ye z5o_>TM2M%brI4o{FGvExB934RO)G(0w^Uz+3|eBjucrz>a@jL!i{Zr_9j|g*TbE!e zjP-Ss4W3m(x8pZyYi0Qh4lo$Os8<%(ShY>06~y4=tfjmq+PaiI1KS41#wXM@;MOaP z7E?FcE_Q94vO;pW1vN2uf{H+%XH&!uq3bkn?v<|*m+;(8fbG?t%DXNp-3F%kyVc(LLt0rjY9e=5M*n{Ekrhk9P8g zft=cMT}+lqmBiMu@IhzH^eCfBf5cznnAZXE^1BDo0#injT#Gb6HTVYr~CobKBL_- zS29bho?e-xZg7HCeEmS)(y_HYNo$VnAHqmBjE+61jhmieh2?M3@r~g=`0M&FA?3hv zN4Z$kEzCGOS(!K_wc@-vYDxrxJJ+^p>-P;-KY4`(y9NaQ

    X75taq8u#pW3?LcyF< zt@ip9{wcL9l%fj{w>Z^H(ylX~n#x zHGPW{%|6ck;=)`~BHUDME^RP}^^U|wL^#e7M!S;!qZ=+UsD*-EnO$Qc=?1x*a4h_# zMmSFInDRa%%w^k>HV%vOx_nn_yPOpYT<_RSpi*cILUE_ZMm(nx^DI$;fldkpJEAgn z@{g9N8&o8={m{Db90I0;gtHZMF%E-3$-4G1EVU^SPc7SsRL-#RhT$zVwRMv` z{y1+|1 zP8?%1R}*4n>mu|UMWngx-@0YmL*dL^m?&w>6T82#ZR)XF*x`Dr;$Up#sCL3mFJ5+8 z269?DQ9?*wu1ipP4Nz>Wcu|prY&*iQ`o_j^j>vf=nbQV?n76gi3TntYQL?iPb&t`- zOGCF(@>F5WcM4X0}B zNPAM8Qo`aysCU+OAn-IVKPw`_^XwIr`z`!_t{dFDyXRfj&OvF8SNnOAP%%V`R&BnG zG})9oPZNQ9K6y~IW3bw~kOGM{6`VL2Gg57dG_t6U>(SWAl#X+3#As2nEj3b=c9^yH z3gvgXc(=ZYNw3TC$pkCuNFr)dHx_Dz9zPc>ap|5j5%IXD#Edda2f0n~@j^%tW0Ky^ ztv)g}e3I;(;tB@_g~n4DGmd+vZRx^YIVWghI_p4tzN^v+J@fKV_As?Z-|rT`3EV?B zcMW%K$DIz&(@EjeZnZo`CJ#Suo@+I@2ZXv?>{6+1AD*PR7;1g6=}fugpx)=;87T)& z8<|k6e8R{{6;Lx9-R3yn!=GK?dJOKHXDtqFSkRXFs=cAEvD@8M(hbzJWPGw4>yQs- z(Na^^=ufU7O;PMrq4YEmR@@a>c;(h0;?IXbvZZkiY5A0;fsPa*>9HJ*;e9kF@F)gNWEu|MewNDLDaKi9~xi4G5UV=Ef ziaQb#YrgY_L*d*~N>&~oK)g+lY;BsL04G)<)_5maq0CTae!3{3*mP{}L@v>IoK}sZ zL=t811wk$a}cTZ~M>$RP)AXi4&O8LGH{KypfW9I=Z*HIN%~ZkxGc< zLT{T;yIZTpF*rWoOj@_ndF|}#h_QDkpjZS-oq(e7heo@Z*?7JWJJ>&R658-x&U8sOvDD^JQpW+iHm^o8ZqMVPz->*>l)6nZ1-R!6T3Fz zq4bt2;`Uv=y$AstAKB)t=u>dQw60^I#7+GcdUI{8Yj`_O41yK9WY&hdEMi+rE;tuMGKDtQ>O6!V zb&q2?^|(WwaZ_NH(9{o^k)iryBS;X+k~z(vA7b3Jy_}aE`|W(9J1ic0;rOyZ3WJyT zPjN-;CvFQu1k}c%H5-W;q%PycWKUl{6;5}jD_VS|x)IvVMo<&aB@Ji|OfS%VNc`dn z={Zjxo4{y$8>%qBDxAWD&TvCqf}9e#PhvY*WoJp6anU=I8xEGAB-zr-718W)jU>-H znsPhdC|0+xFHGj{!)G}l5(-6dZZ@2B5IXc^j_(Dut}%row8?OdODT#Urw>ZJjKRnl zVsKrz+{A_njHRUuPy+4HSP_H~*hAq}GQ3IN?iLKk!qk{@XcHMkXc+|(aX9W=M%Omm zu5$y2XeO%*Xsi#>UI>3)Ikue=LTh|MQYFGFQUgYqbjpcf%Eo!uQ37p)7t4B*p5^&tqa7&p6Ksn7Zio>Rs*wTp5-?YLcqMk7&O(c;~-ppDU@%1 z-a9?3zYm8S_)Z?gI|sI^gmelilwTk{XtCMJOYO4BQ_B)cFEl9~VqaLV*UEYCc#<)5 zp{Ue#P&V4QztgI2Y(Vn*K(Q$*v9h2+sayq-458Jr1Vup_&hto7WC15_WJanbAaf8Y zs~<`?>*(q^A&Oi`#<^mV7BMP%Wd0t9DM!Olz;pC?`50YWR>O74bU=?-8k$LjOER|*e1!X)pJwIRsAd|)(V;NyETRGTv%JxhkhH`O{qxv zKt>hZULx&D{%_KDM_v_(AlT8!h;f|?UkM?At~n|^#lbIvDro8W8=Sanbhb3zK$V)v zVnlJf&XT7mzO_?nLFcJb=H5?RET$R^=8X(Uy-HK&vYg7YZ}(wOIFwoB;_j$w&XFskqj)Fb)G69qk?&yXG3+ zwDOI{p^GAJVY!0fcGh^_W+zhF>UKt2;<;H5b6a@Vvfltx4*?sIY)HX`6l+aVP)zQY zg_~R$RA3yy;LfbeQ(|pc@zlZVm-_)6@5#P=acFK zfa|aS_SzfQuD@>OT6m=eOVUSswdTvaPk0~CZ|3cuy+G>HG_J~X2FxRaAJCpNoCk9WiNjL;t6e&yA>27LL*huf? zzWa$0bASr0^qTG@HRGu+qv|mY21PK!~N1 zG$y7~`^C=3V0oolun6~2lF&#O81JAPrD3N_IQ(}K211QblW<6YL;KlMz zvG&*mL^I7XZSD={U9HnI6CY1a=E9>i74c7=zx(3g^y1U(e#j%cCGnBxckk*cg%g`S7)gz(Nj8 zOuEZN$|2v79$ZT7!EE3N#iWvqz`9G&_f(`!sIk|=e=tVT1W#4RE=I>cOfFEdvczJc_gk`pvx(?(p5tT(#XxjVZ()ak0~SD;nYx}a-Zc_iK*9?0;1 z4i&`fkg;j{i}hLRmmB-M*wJXGBI2+%G&upe2ceCcmV#!zUpbrzB%XOm%}%T(9jk_8 z&WJCE5_3{Z=V^cvx%zCVrTcYTB*kd2#wPg&xePfIf~S(;T-%1AHBNtko|zn;9Pd++ zwlM}qRqL>*FceElDhOrWn@%Ox-Ltv5QFe+k$H&L_=K3M0`I*O1OZjCyO^T0ai?~U= zi4wfDE?g#?b=GXOEa5P*eBZ@KhI0Jgn1hWmFee(YI0+uDxkb{IB>XNUW1BuK5j+cQ zZ8^(C?Je%&K}aKEXr!_n;u1RZ6r-jn>qWix0xi_jgQb#jIp~z76%IR%jAyEklih=n zx4S24LC@CXQ>J&X+1Q`wQ6~{8`#nEHS)$A7WN%vww@}nJIN}q?v9@_Te19kN7cWAHml}nm1O1c+hCVJMlSA?lOOJd~80S{+qvjWCXG7^ZQ4J z`sTxeIM&ra)HS@j3qSmywKX^0JpcNUA*Ax(fD7DKBUowvhOvkyOu4fEor-IaA0_H*Hs9}!$amvUCBx^1?jQ#-O2hyOEU#s(_J$Y zC57NZ07FV0PcA7kzI!}bLY_ql$n!^#5)0DXh*By?4ESo5tNRgw((58eFcJ9AK?;K$ zp`aW5>25rX+^i6?JIg7545;u+U*L+yLE-H-^4bp|j=_~C;LpT7qgLP)D`iVhlV}PO zks@S4qhI;36aP+WX;~3ZsOBJ%cL@K)aliOIJQaBLL{AS_m25o^IafRw3-$7+xLxp< zygk)`wz0D5-zpJojKZmx=J-(G@q-kr9>?DHqI@t+^58hC8h^VEq9+fGU_0pR8j9Mx zCkF;6t{ND=7VpywJ2Hy7R6Y2mR>MI9l0j<|_$&OqR=c5NZ51G@LBzKHC1B4^67-{l z{Rm|-(a@T01Ka8M5yU!<((2UlR|G_kDjuhZS}r*RX3`hIIy8h_!aH%J4^UniL`AEy zUqy(y#X;si{(Eqsn{M3f#wF2?J^~(~5y~#NBDEW1zilUV8ajhb)l}Wi9_qpf;w4h{ zAk#kX>lmSV!?97A;aylGcsI((k62xqzzp1h2Pv$c!u$m;XSj0{2E0 zDgZVxhAS_ITsKGhx$*kzuc^#ig)C-W!RZ!MwkEukMOp&u=wpD3Y6EhX}}&joguJbwtk^RN008iyYLoV%o+o5Omht>yy6^X?aVYe*k- z->(3BMCd&sot`1@LS>#TDMQbheJ)jy&lf7dmkFKTC+@Es545~_`m`=;4b`!wpbnz% z5xO-d2MfMm!S|2U(S{QRbx<3kr_+xpvf5A)dfvRM;Cm~CeiKy^j_FE2roB>Tby#NF z_3@bQD`~@FpE45-2c;`L4^FdPIF|g(5*SLs^t5qlzl<88?F)G4;S%~Wp*yi+e!t@8FY(6vqpG)Y6z6*19C(kbv`lTVg+rPtRpnh{l|oE$up;gennV+Ah*wcCJ~}2Z!XcC-74SzB7RSd!D{TapYdb9U&?(h zU5@tTKlkPCmvWzmyq>PF<)i0tL3*yf*O&9^d&t)pN&AoFmHVhG$NL{IYFqBB2;CaT z6(#hoCG@>Qw|LW`68cf0TjO{_=+-=Nicb`6MnA>#e4116sDCQF*z0#4B3ndyU$2xAQG{iqU4mKtdQS=c!4mpoLSGrSYmXoI(?YlUeKsqsQDpV&GNJc} z^@|`&{kB=?mb|>Hr2cz^p11y}{s#-_v`)C=@y|E$e_}m38TBjF6I{i!sc;m@7Q|yS zOE9Z%+JtWPO{dT|QN_yJra7gM+CCw49s;EYI{V#1UmSja)Qugr`2nHpe5wF@Li%F~ zeowqF<|3&F)F-p#dp}9@m^CD~w|t+t47G0-4_Xv;lI=j-*Rr0OPzBHysmFR&FUstd zGT#PYOSEU*oh|=o`hlmt`P`NdPrv$tX}4Y-O}h^N_Q=2b_v`TYzN;(K_TbQbwuh~8rC)D`{uaNE#7xV=y^Pd z+ObOL@51kiF(m%>4)+`?Hz?%}r_0e^_-@~xK`}PwwU_F7pw4<8ka}K%@5Ft$#Xsj! zq2CbFr>*1y6<|*a{icvk@8pUw519R2B1VzL1C|N>aw?>2q|diuv(R4{(r@wfT|&?6 z`wG5uRN6@LRif`j#-jc@DP_)0&l5MF{+pggbMmA-i>H;gHL&AOXCW(pkE8F;6}rXm zRtcTATCG2@4fP8BJk%BUmB@M(K=(=eI`DhqT}4NuGWSXy-S|DOgT`#L>r*Q8u$1}J zbea2H8S1myQij%F;#pMJK3~^tHY#K9PS^EXU#4Bk+!~f~eb3yy0(@&pJ=DMZq|DV} zJp;bY`d%ABPqf)Ri+i#H+QW4`>xq(QEfadtv#8C>*dPvrI)0DGL-Y^o=e<(T>+yS{ z&D77^eIM?XdaQn?XC0O@R{xx;v(2ZZ9&63cWJVc9tX}CnuDZ5TJFXNuPa&m?PErAV zt!lb&5ubvFT?L~|2WqX^Tg9ae|bm`bnw|cvGesms(+c# z^ZK9Yn}uEp>;EM`mv#yL6(K#ab=;Fj$J%*4s-QX_6#5&(@6+0%0>G#Z$EA$*j%S2! z$=GwK5`3&aY!|v!{}!QJ_3sh7)rSX#UZF>qJKo&S5WnPggqx~4Y zhzL3amSz&@c@s3A%Z-t(}~H-~h```6NF)At^dGDW=S zl$5d7ahuSK)-iQw8#_s&$m-Khp%=Afmz1&Ea!=T@oW56Cxh+y(+1|G0#i$e?YuuO9dPLr#=slmT<2|2{=e!{Co=$-y(giQU4}22yiFgXHG{;xlq>S~hokH)V zinK4Lt>@0Bd3LZugeaPZHYCQ3o^#rd$w8^-Mk*ZF!_$@d`;n4%92a`tm{m~a8KDn` z^-~)H9b>hWDOwXWzN=qKl|<1J`k`%=y@=lVE~)49=cL{lI%3NauhZTo^;m7bU+A}o z&!IMVxqhQ(>3e-K?^&O5&!Td3rLMopEB7g1ZmpF2QeL@ZzTAYA`&wSPzxL%0)>-aY zo#jr|QLcjbJ;fV&YHp|Wl?$k2@ad%=I*!!8qW92Pw@I0+!!m)svPYg%w2xHq-91uI zVy&gxbEuB?94l$hOre*xXC`m(#r?BD%Jhcsp6Z`YDP#4|!8+Tc??qzT^zeCspXaDN z%aScll+c}nCyEw@_2YeLIBBdaY*@pXhx8H8qgDu=|Izu<<>_06ena?u)K8{ps(-K0 zt@a-hI`u(3AH(+-I=`kqU*!0C_{t2Slbt%zhaLZ?<-qheKP{ZsGkJ5$*J-J(R|4ZFs_-W!7tK{?l&c2GaAF3H_D?eM3y&EcB~FdJwa* zOXxR-bi5zA#i{;#gl_fkgC+FGgno5czwl_P|FqD}@n<86E$=N8dV+5Z^Xs#0vRUZ7 zB((p8FI4dST|$2-Y#*(YPx(3yN|`lbnQ6`-L+@}z=&P{b#$(j-D&A;`eq89RN@yFz zUP$yaLbvA795#4DCPvw~{y=YQ7rHe@TZGR4=<@>~^PZCL9~63CAM*Q`(2onb zkEHs4+6Vj^-&;@zjnSbJ`ca`k)ibZZP&2;F-A){^@73f&rmLqgB% zW9pxyCG-TQ!!mb9e(^)2;J(RttIvEEvf&I(5?PCDs)R1KOyvg z4%QxBB;x(5?PGT2lXslKP{C)Co~!^>0P! z*8E#hLfYt-RxBBNqN&QaoDOmq3;Mo1MLgUWA=+qc*Zgm!slxGq3sCt#d$*K>7?|)Ua(r|);RPFomDRVeh@FS zU+8SgRQfM_IpbcTTfWGLgwE_vzaQwMj|-i*1EtIPoC;of1{*ri*WvrqIQ(DVhAX9v z)rV_^ZuQ}y(5*f^Aatt_?-RP!hYt(g>cdk)xB77AHT3c+TVT+KR|-9^4{46A6}r{_ z!2)^(-#;L9YYeE&{Zgg}zsK{G#woCEJt}2*$aSp8{Wv};^cRM81bY3fR}jJG32j2R zcwVQ_dF#>Vi_NrxdMAXwjvk_PdWTiMjrT~Ij<8G+4|PJ`f#zDm))=hW<5I`PVI4s~ zohhNuX{RsR{m@=Q-%>)~Q$jx|bc=T%DfoT`?LIE_BHlVr$`Id3^rOssG83+qGX3c? zDH}4C-BoAVIVij5mH2^=H9iMR=tqQZt+(SP^fLwY3feV?J05X6)W~q2iY=Sow_ob0 zr*H0VpzP5)%g#j`j!8R5!*=S}1is8!QjXSLVyshf0PRxlKz_Nsv`Xo@?XRK-BBqyq zX#eCq_dp%>(R?@{^;xpseI@jVg>Lb+Qzi77E9gb+^?v0FCP%C3AAMgr$9MstwJV4a zMd!MI*bcmPh5I8<{-f{g6?*ucy9>TU{q%s)t@nIX=;xzs+|Iye@ubjsSoA%>f7LEH zYbAZr*7@5?=$%5h+BZ=`zgy^5`yUYcW@@CiU(T#hpFS$|uumTs%o>Lo*HLB3v6~}U z-gjsm+J$bt=N6$`@3BYd);Js#y0spTl+ce0-D=;N68fC$xl7ELmv*6B>tTz~!*LiD zEU!;#?C#3>&f$XZ&^R0uy7itXg>H?*^i}RXt#Ozu^t?9H^H&Mol81VQ{vvve&ey=k zuutf0s#5x(mxT@s-D>|ap+76EKR8cwQs^xHYW?ENtl&G-tMtVvx{ZD)o#e3~9(10R zIWH_DG3?X_tA&1HNMGmQp$g?9yU>dcV|@*B2Gk z^N7%2A3n$JZ>()mTc4CN7lmbl*zIypO&usnYq zeoypsAdk>{9+rA84&O77iZ7zZ*#@cWm1|GpCX!$Qx~duhJS5_;Kuo3(~s zFp8{pwh7&O&(0G1gwU;a9;vgPN2H!Sdqf58KQ8pG_&pvkn)gBcP;?U!?YPy7(5=2$ zA#|%RwwBQM3f=09hvXf~#_XYzc0OLxjv2)4@v+`xp3tp!j!OMy?HrYQtTl9((0_p% z6R#1^gYFml^FsQo9lZkVw6ue4Yzdwk*eaitI;=6Bbu(3N_eEO?y;JB`UmcX^m-W>_ zsmE&Pk&<>CFQK0)Y3C}Tm$h>h6~M=8XRpw$xwWr^epu*Mf1awdou^9LIdi>x538M5 zmeAJ<-D>CE@_hOyF*j5D{oPVe!j=ubMW#L4Cms;`Wz<|M^T=wz5;xi(BBDpJ$^@wQOkZWt8bAqYH?*7NO^j1NHHqlKKw{ zolO_of0DzZg6|&@deJzZkTTXdMw?I(K9ut^F^+HX<2YB!SmU@#=oa7T6}q)v_X$1k zJ*l4#3;o&DQ0<2xM&Ovxt#LXjbgO;SJE>xOznd%cMN~+iAMm49LT9l}>4C4JSLm+~ zzn{`c_e+_)cc|cd_tsIz!&1iTr&9&bpnjft3pLQT$6r}OUn}&yccA(QOXvqm==TZz zT56>BGsZ#fmJb(vzk;uv5_-`%T)>Mtf6Y@J3xsafL1jAYD6>n-@IS%3sNb9Pm1EN0 zyYYKszr;IFd%NSKR8HTks2uhGDS4(Pr_B6C6vD?^Cs&rx*9zU-|K<7X@QlR!r1yWR zXDKx%=o{4&A1GJR8UFc=)Y~M@`wB^1nLbv*JPYL~?(3jCev>(KeOXGgB z&UT)Zdh+aDG%u#Vh8_?_&!Zpu9MLI=K3C{34e3E_!YZL#@7XK#-weM$?Ep_;s(+u* zyAyQx0HPljy2aOy3H`<4_k%nYCx!kiA)VGx;1i$mS|aA>0IUF?C-fgsA?+io zQkk_<##+<#E~8S$+Dq;d`lTovKPNalbHC8@WG0#ur{!JCa_5|ude}6k?<2;|3hG%Q zbW+t4Yc)6n(*8>z;**d+f?TazgwEn-{0x`;nfhXn&|gTEC_RWnI4E>e{ww+ZaiLrD z=8Vv-_RZNs4a?sPsQv9i&uf1L^nFtQMfg3@hk^ZNZ$TaOj6(%aS%yDeeB+TtKI1>=L@wUsUE;9ql+;@Eq!o69sg7M#M((C@N~l zTB)O`KUPaU*8J%&pi?{c*U^qg>uAR#1<#@Wc%pz#?YLkoe&AEoA6ul3qW;*tm8&t= z)2;$~1z){K=vF)EU5-c@ORqXE^vh8;UT;Cn;TfSX59xtla84HyqNs;{C~tAH8sB12 z0lY%WJQS88{u7*I>yOOHP(bZZ}&&Von& zS%x8t{7a{VZuP@VenFe3T`BZS z!uq?M{6piow&eSRLbslOKIc~nr>gygTU0NPMT9TQT<>W909ZuP?hLeF~-de27-=+wq1g>K2IRAzP`e&AD7 zroE&LwPmZ6$s4n|px-NP*@@q$Hbs0_=p)zYx-CZvCa7ThsfAh_y>U zf@e$%d;;^NOrG9V!PiFRIi%Mm=5Y`|J}7m}LYeqEfnVT&&{v0ai7%vgy-(a?#9m#bdi|@M2Mmr=!f=$Bn6!ds8hZ_h~E?MNc|baneLHtd-KZe@cYFc zd0rdJ#m@_JYaA4MUZ2zZ91%K;g>idbUen#jwCFpL@i9Y8xA{6L< zLbvAj7NK88m1z3{Kh++gTl3+d&{v1w59Y%WpF}i*NKleeQTl>`! zpLo1p_2NK3f=016GFH8z`b1l9#=t|EBx}seXvT(Sbfkdbc@gJE1@42`Xyl>272eQ zlJB1sx+OPFAES!xGthH|ekB#sc@WHjRYHGuNDp+zUZGoKysxDG!$QA2tUs{h922^= zkDnC!)#3Lkmq)(EM2?bW0BJ75bv^`{1J*&$UnJ=Y{k@_c|=}YeG615AioW|CrDdwu&Gg z>ZH)E^*4P7RUAc@U2U$=t^QvnbgTZ}68b)&Tm18|(4R+*)cz0rv&Ty6KPhx;{!S<3 z3qIEP%oV!TzEwiE+Se;|tAF+h-D=-qq35-)f_5Jh`c3o_+CQ{Uuk>@|aVcZH!;D?@ zW!ncnPw3V=tQNZU4*f#Udk31s`-N_`?_Qx>ef*Hnt@b@GbgO+ccJu3-b6}p(t@f=J zy4AjZp}3*Bnpj5oUXx7s&P=vMny3*Bm8ztFAr?H9V$zI%oKi{blC zbBCR1{XA4ce_ZHR`)2HM?{Bqlp3tp5V71V%4%-*VSp7o3D5M9rxBWu5`uAR;TkU^H z=vMn57rNEIGk(Rrztz5ZLbuwtTIg2$`h{+_Z@r=QYY(I{r|Kwk!LOnq zJ};hzAIe9tm$p22THMw)DRV0o)G~p*)hTpKo|_Q5B@f?S^8E*dZuRw}LVs4+zTiCU zlO^@f+Dl)|*NJJY+V&DPKUR$BoqLIz|NRQ^iM{xN51U`L|D0d_b=1jJ$31(ggq?fx z!M#j2W78iKy444#g>H?}>|ZOcf0@v&`Zo*Rs()8W{r8mA|6ob|kCoJax}^TuZ*uQ% zwSSq=tvR?^=vM#iDyjdTlKLMkssAyd|1-UY&aoixig10TuWlII^P`TkL%Tm5rF z=vMzkZ=r^ze7_PrN&QzTp|247TB;=OAD<_EtI%r+x(i<7@h|!QA)&JgFRtGOM$q?< z3jH;S`a9#j`h?K02paNj4$`kVv8^yuGz zmPc=ie!V3h-*4b=Gw`7)Jd zE&lyoEiYiy<5Ym^XE{G8KUZ*;-vgY!-V*(G=Di&LZUcXhfxp+l4;uLU4E%Qt{QU-g z$iP2f;2$*b-!<^V2L2%f|2+f$uz}xe;JS&ob}}4E#9;KFh$LYv9i}@D~{P3k`gZfnRLk6$5{%fzLJYmuGOgi-+V!mACX? znnW$pC7JRLztq4lGw>@i_*Oi3S|C?{F`l*b+$%HXAC~f3?sHQ9ylJkU-v*sNpO$~u z2!4yKm@hkW^ftlu4UP!@Il)iLlT}W968JgM#4{ejzx0{s{^6f3(N&pt5}_rUZ{V#4 zzR18A8~D-;Ucq}(fBsY`+WwmbpZzq~@XhX@=#9YXy-rAfJs~(rR#Z>A{8t4Zm3m0u zpbv2XD*qgf z-wBSd$DfvHeWsn?lJfr`<$ogc_jO=gRR5K1z>A`9&ve!NuHcW!8+1x}qP9e@&eXpF z<*1&v7rXD%{ipOfEcj0<{AWaWmD1<5;19pl{Y`h1(r4{2xO(0_*Zoa*k<#ao;Qg1l zzv=E#`n&?|rsuv&7>wdy7W{dayK;&T;r*!m_t;PpMT$>gE zN7w1M1b?C6y^b6$hk=ah|Eb{YI|1#G;Qul|SwI!7FS? zj3RB%#tU3McS?D!hrZnsZJO?CN&ak!Zpq+(EcHA`3;}DTpI`87SO0aQ*ne2?{eo{1 z#(A;eKN9>6Vj#Fi9$mu%r}uq8@H+*+2RN;l2f;7tgJ#5^mgpBV?IdDL^qLHQOzN+^ z$bJ1?Qp*py{xO-&ufW{7nYF z&%obe;QI~y?FN3p!0$BhyA1rD2L4+Hez$?Y%fR1l;O{Z;_Zs*?1OFWZKV;w^H1NX) z{(A;~uYv!8fq%rn|Iony*ud{M@INu|j~V#K4g3=Z{z(J>GXp@&%kFI`1uBYfq_5Az%R_;Zxp%i9+96#orwNH@U%R?5RNjE zS3f1?)!+47fc3BLeXreuFI(iEtNrse!P9!mm5}?Xp4Ulv zt>+zr?@Hm{75troYkRK87pa~FZSJ|+KW`KKLD7%2e=dd|Lgn{KdF`Ly5IkLeE}ZC8 zKCOSfTksuHkG5wz^am=xMR0wun&6KMuKn{_!PENJOD}fyoG*&I*7G*O=cVv}7yLTG zwLPzfUQO+JL~!k&_Y3|*(fhQ2+AFU7+$G8R^Krq`l~3!HUl9CxQjfOhI_T}x zo-?WT)6-g_=VsQO!=G>9FEH?n4E#j~{$c}viGh<jwT-1K)4p zZ#VD*27af3-(}$MH1N9({9OkA+XjA*fxpMV-)rFSGw}Bt_y-L9cMbfofq%%rKWyOl z8u%X=_h7Y6>92L4$C|0@Ik zoPmGd!2jC7A2#qW82H~B_!kZQ5d;5{fq&V+zhdBz8u(WY{4oPp?`fJ(l6NxuX^H;P zz`tqW|776bGVqfI{%r&Qj)DKHfq&P)zh~e-Fz_b~{D%hqq=Em)!2ip@PaF7u8~Fbi z_!$HLiGlyrz~d`O6O#q;OXns4`2%(y1Am%va7%?AEj1K(ocuQTwi2Hu^)KO}arv6MY|-pibQtXu46OXbzx zDtNm5FU)o2({}0G1b>gzqxQoe2>w6{zvbnwo=EJvtL3?GHt;_Ye6^I<7yP#1>jYPO z|+zx}sS{*8$HAv?ZHsXrtxu>PP_S+i4e=4~4+YZ4m6T7jN zzgO_1(jM)%8TcaCFSz#GZoxm3vOiBl(kd!{gH#}2i?$1%F8_q!X*>3ea^uDB;@-yx+iYGw?wJA2RS^10OZ;F$1S)!|bOenlSJk2ENO{ zcN_Q{4g6OO{8tV9*9`p42L9^?{uTp&tAXz~@V6QG+YS7Hf!}H1cNzFQ4g9wZ{9OkA zZUcXhf&X6vKWN~;W8m*M@DCXH2MzqNfq%%rKWyN?Z{Qy>@IN&0KQ{0`G4PKW_{R`{5%7Hrh%Vt;1?M9vkm-01Anf8Ki|M#VBi-S z_=^nuVgs)j_)87^Wd{Co1HZ(;=Nb6r27ZNsUuEF)4ZPLB^)yR*-Yz!EFE#Mx2L1{I z*V8ZQ=f2V?|0)AtY2eozc-6pfH1O31zQ(|BGVrwqzRtim82GCVe4~MHGVogr{8j_s zY~Zgk@Lw|UUpDZXfp=x_YZ13Z`rWeSZtiH_h=YP}5?uAri(qG=@7kl<-M!-cR@ zQ2G5*{uY^{?-cwSspo!Q@E@n@za9EK)pOxBt^#e(_XR(l($j0u&#C;?QeK~XT=0E@ z>-(;NeoN)wpQ`_}f`2lFZ-AYJ%BS_*&kO!&>bcbFmZ&Gw{|@gn@NEXZ-M|M7{B{E$ zGVoyoA2skX10Of=Ndu=-b=gl#wA;YnXyAJc{0;-(Yv6A(@HZRyuN(MV4g75e{tg2_ zVBmKe_-`2aZyNY-8Th*l{M`or9s_@`fxpkd-*4a_F!0|s@DCaIhYkGq4g4bp{)Yzs z#|Hi<2L3Sv|G0sF!oWXi;D2V|e{SHPHt@eN@V_+h&l>pW4E*y3{x=5x1q1)0fq%)s zzhdBjXW(Bm@V__ke=zWWH1Ka4_z452Q^wg(OLWq}zir^(G4Ovi@b4P<_YC~|2L6PB z|Iony!@z%J;QwXdrw#na2L9g$e#XFmYT!RJ@N;HlN0H=*INe2p+!8&_D1WYjb4ve2 z9rQ;_^bDi?c?SMW1Amr*Kij}B%;4)F&yjqUmP_vw{PI`0=3gpraUT2)RQ}b1zfkaT z!EaCD-xvHXf{Xhw+5)+g>PgF`4+{QZ>bcK_oJZxqnX3Pdg8w*$KPmXEcGp0C?pBne zdeU;~F~M(;^7_7);cqHGB)Gosy9Ix13ZMN-SN?;7>vO3UI4_Xte}_NMz-Jry3k>`s z1Amc$zu3TEV&E?|@VN&5as$8Az%MiKD-8T91D|i;tp>ixz!w|%5(8gm;L8pC6$ajJ z;MW@X3Ikth;MW`YDg(d4z*igi8UtTz;Oh*0gMn`}@J<82)xb9!_-hS(i-A*ik?f}> z+G^n42HtDn+YG$lz;83~K?5H)@KFOFGw=xm-(ldp4EzlSzQ@4tFz~$w{w4$8XW(x! z@cjnhoa&;298?+{#{`y;{c z7F?fOT_N(A;QHJT3w}g!eeSH4uKW{%>vJaspNaO;N1uC4@Rtg%&z*CftB3l7KKk6Z z2);&eeJ+)0iH>CY-{GG!@S_I)83R9N;D2S{4;lDh8~DQp{sja7TLXW@z`tbRUor5% zGw`n(_}2{l?+yIx2L2BQ{*MO!O#}ZY1OJwR|FeOA+rYnL;Qwmi-!<@42L3$*|AB%3 zyMh0Qfj?>BKQi$DGVmW8`2QIA83X@`f&a|F&x!MN(K^=;><R3XBhZ- z20qikpK0LFGVo^`_=N^O%fO#&;LkVk7Z~_O2L2)gzu3TEY~U}+;Qu51{|@2*=gFY| z;`MI7cw1^8IU@KyfiLr3pGnnoY1P&94Gtd{6ynfG=0Tm!$vz%MoM%MAPq1Ha0^=NovdfiE=hHUnR5;7bgAsevyu@Z|=6 zje)N>hj~JIN>5L7f6sRRMDLLK zb1U>M`slfjPYRx&N7UyBcHfGk?@0X@v^WHA0{*;kwR`UB6kZj4Zwen{{9P?4q@6fs z!k_mGUXk*WHYobC;9CWsC*^-4_#wfyp36I^J*Z#s%cT6Rz)8>jHR*>*!QUeIe+vFw z!Reot=)KPf{)~TZiQZ@6hYb9K27cJUKa{~g-9eAfhK2q;<4=#+!{mtM=^ib&Ox^0r{<)@k$1tWE{zvQlI^dzchv7-XF$wR(kR$8OLFu)aR>= zU!Ovw=!cABQlvgJZu?`x$n^zVAWrpXMO^DM&9$rs;FAu|iOeVgc;wKZ|U-1u!=M`UN8lr;Y-Nf4!e~5Td z@inI-nxptO#OEr$3-J!cZz5h&{QGo3X`bTqh##u>QN%kHKa+Tu;;$0#Rs2)p{fbYR ziKwjjvBbGGyFXt}e7+0Je?3q92*p=wMs$?o&BTvZ{1oCpRQyrm$1DB<@e>sPg!qYy zkDw}evf@*T|48wZiJz+Y!^BThd_oJN(-psr_!)}7M*PQ$@6(FtOvP^@ewO0DC4RQz z?+`yn@hxW|I#=o6Td|9mf46dQ~W~Wmn;4v@hcQ> z*$2^;ir+;1D#bq_ezoE~`y%>@;!hF3Tk#>}!tPQ0Wa9TK{ukoEReUpYdG{-R8Sw`c z|D5=PijO-0(L;(aBL1l2ZxDY>@l6gy^tj?>;!i04An~UZA9WC-rxibj_%n+CnfSAc z?{YAr=M}$@_#YI1jrd!NuaQIa7sdA{{#V5>ApW-EuM>Y)@%e`!`iJ6|6Ms+fSBd{q z@nxv1`Q_%p=EDZUO3HFj6LhxmBKUnf36@nJMHX;S<+;{3G-H;_a`b zE8b504#m$Q&R@B~XPrNH6X&noFonPS@xPx}diEp!g5sAGe?{@nh`*}%wq?}+y5il$ z|ETz*#Q&uDY6Ga}ZN8SsG#YYhTK=E0`KUDk(;{R6sYT_R&{y6bZ z6#t0$e-)p42HN?x;ztqxM)6+}Uv@cs%Kq~z@f8%`;KwMnqT)@&S5f?O;zJaFi}-gH zU-eAX|9!;^#8+4R8scjx{yg!u72oD8)W446UBuT_{7T{*DE9J%#D^*V4e@OipLH&#yPe|a5#L_%hlr0*eEsuK zPrc&15g(=aJmR}3ei`xI6n~5Oc*Qq9AJd(nc#ila#V;eihvIJ$Z&G~Y3sCjTdF|_`kO!8-l zo`U(UgZLq$XPn_@hv>P8l*o6L-=CiXNmldM*bb(n=kv*mCZlvRxtg;^zwA-tfJNpD&!#Digmz`1(fvWZ;|E9V>R;Y4{}}@;4K| zNc3>J4+7`3j0*beNs_-roB;Z5qZWj4tjr@G#?sraU zI03(%6QXBv2!EaQ+#>q9K7SO#zjFoJbDPMoYV6sN`0c{CHGBl{&FhYlc5%PqyNAfP z692W*Gbe;EB7T?1b2~bX_}#+UUtI}&^SYyzJ-3F)KT7;w(ZluUE#mhH=Y05__-}=8 zV%~SXD}&271AJ)R10v7is8eqMm_F#VAnDH6yi^co`T`m0T1$f_mRB& z{n_n|{Kp}BR{II2yIAQT4m?QzB$98F_htQyLiC(Z{ORS48R8G`ApVSSE|-^yyWel+ zcCqa>Xs7$V*R71gqlmlTT|L6^%(W>0oapCzIEDE0!nqz6iN7G6<&Pu&qHwnJYU1v9 zSJ}?GpJKZANd9bP>^X$E`@K}QbCc^({$M4e|FB-;?6gfCsgg_ep*esSm@9 z{Ky;7eywL3@lQoRm+u_n{}Imle;o18gtPn=#6MU3ZsK1E-`3dkEbz_ij$GONv+f!5 zAAbvx|BCpRO3xZM;(KYn4e|eqJoh`h68}ax_d6}XH?KQf*;5RWUqpNv$!E@o3yCi) zob&A#;>!tV`R9m#NB9Jj4<8X!_jr?)M-R}-_Kk_DV z_xr`|Mt;MaQ2!9o&*ilP@XhNMs{EM{B0rn>_e2lB?*Q>tg>(M=nE3aFv;57(R};R2 zv2!u;HH6PI{4?Tf3+Mb??HBl7?st}VGV%uzcfXs=`Ew_6_xsE3M*dUc>xzCJmyWv` z^=~G8Ya@R&@ePEt{QV((*5KgLwuOx zcM;!OIFCPH1ipFQe5ns(jh>G}G>UT_j}*`zQcZvdbIqJ#4}3IlOcSAJ5kRlk!QcX1Mr~wFfl}aU*e5Q zPZ#kIg-7wZ?swsNN8L||yWfRp|MNBRWkf&MllJ>j|5VY>`EyJN zzm)iNk>`B4llV;GqwAbMJ3N5;he*0yZ%-utUE!TZ{%zvR3tx5_=ZA*hp`I0m?_uPR zCBCw7ey@9puPU7V_jJW$fZte&FOx*n*H}j#7p#BY)H)hn0 zGXHT9@hyb2{JF%p63*}YB=N0NzkA-tFPej?BBdoA%D#D1>N zi$mm>eH_yrF7n+b-CcT$JQ-ZR zQ-BYx)ADB%*W;z%6L-IF&i-w+-=m(Aq`QLgGt-IhBzE%qUO;?j#TOHA6mGJ+Zmq?r ze;47qoA=EVcfW_;VEA>!$BR6-ufG$YAe{4O_*1CAQ|w>E=;6)g|BM(-Nbu@4>9~P;=RI~4F5avnPO+7;p;ww_GtMr z#C3Z)jCfh}!|;;+{EE2y{rBO9e@uL~qzlcK{)~AR)7@A26vK}suH*9;5kFAmO>?cg zjkq4?|BJZ$U3D(^vCm<;?swIhA49xN^m9JnPrM+U%jE;&?ZR1p%jbjJ*LJ{%*3A|9 zVdi~%iR-xWO~gwg&vt%7-2L7<^POKn{aqr@_8dvPPdM9u1M#D!97h;?wtf-y%oq7x z4L^psmj5qt9S`64CDbz@df1+uh`ZlyXZt@QuIEj|Uq(GgiXN6P6L-J2&io$Y?)TO? z-LHuMpXlLy*zOh7f4s_v>xiEq@|+KKuLjE>MLb|W=*Wv6wrBWjsOMPWY=1BDlf@qP zOGgnuN#wb`Ulk(%3*x7Up2JKzzU0V@9l{fOcv6VByz196@1JH*crdq$Xa+uuO_?)Trh9PcHr<#&7& z<6W(sp{hGM@-FepE^heZx zl}h(K;y)42cD_pd8sVIuL;i$%bh^`sUm*5yel8~Nes_LXW9N2%Mm<{oM&cKV9?s8I z{(|z?i9Kv*f%vt;`F(F7uJx?^SJb29NHd9#5k1`BT}J%p!a*(lS^jO*bGg{rZukV^ zw}?F3^CRN7DgG?+JB0Ilt^POE?|$!|^M5zuI^83QUn%x*{(nLIZqd*A-|`OX*YZyj zzgqNg{%`kpl>d$BVLN|F{7&KgzP}@`^=$ku>bXYrbG{u+`~jusdg2c%{weW?g|j{5 z{(<@*5zhH`C~=+c&x!w3?BRSH{vPUiLiBLHokCp85BVp`|4j67zRe^4xaeU!A0+;$ zaL%_?-VfGOB7TGD-@??ldx-yD^zb-m)CZ{NW|8M~Zy^3l;hPyf8-IxMzY@Na;U^Nm zRq^#cLiwj8-PMi!X~Y)`=XCEQ{%g^*m62clU#RD4k!Sl)B7T?1Z)@aVA%3@T&WADo zMm^6cJ-;D-zsR#ayL^oD4+!7P=)Z^f?}X1We1}g^{vqL5eez-begxk>_@_?iZ*>%b!bJuXBA!{I8;i?U}R$ z_54{lzt>5`-xbdJvzWME4_f6*)bpOmv!1<(zpwa3#6J|y_Pk2`6XBdcD}IIgUsw5a zJn_#(p7ZC85c&Q8i+bJ^J?v+0C;pk}VS85j8s$F~&hIsy_?N<2{#fFF7X33!IX+1I zze@gl-=O}l6rV)=YvHqvp0kMmRq210_!5z4dse7h2K2iZ#IT+g;>)gJ)XM#?CjwuM zq4oF0B!9T*=lbwR;?sn4x@#?i>Hb6P+}h|`NPIa-cSFPPBEG!v5rz+i!0FIBy)IKA z{=Vp+&U%QiAbNNlve|N|N6XJA{-NlZWb`~td?nGt?==FBpu@Vea2`*dKzxXB$aDJh zI`E+UTtf2S6M6Q-do7RpR~0_W=(&aXYQpOcUmpTK5bqU!jp4@;*XtS|6JJZ@IsbQG z5%sJiob&&7;(DEB*_BZK3&}Um|90Z*iXP7YmqX;ot&Do~`o+1#*B3pU|0}P8@*4=} z{O=^bk#Nrcr-^SOob$PU2f#5Wht`Mkz=QC_b{bP?Y|!Z{yyCq7m2Ug9%_vz=EGZ&rLU@x2sZ ze{D>+MR=#N^AO^*gtPr;5}&R3{lxcG{3GJ~3-2}h_gn|lJy1C3|H;G;7JizMf1UUt z!dXuPT=_Ayu1z@0pGMf^nJ>l*o+ ziT_YIx1%?SpDdiyT|)dM#n;^w(>+Bv+cS~)kA$yb(rqVxnsDx4PA9J8JbwTlG|qXC z+L_~jzc?fvf| z@}CpGLgd;1?6?KmSr*Reb`alR(w$`5^zS6bs|5;@W(>r zGh3k^y)LtW`1PWP)BQ8?8xN!E|=lAL(uGc}%Cw{l+;c@a~#7`DI!%RN>llZ+Ne~955Zjb5y zRyg;At;A1LdhQ|qfXH)xF7pG_qvhujKSSyHWeEQd@drge=W~8I>VH`An}|Ouob&lp z;*SgGe4a4^_2~7H>xf^X>|ARHlz&q6@cSM_T+2T}{4%X)BI^LhKo4^sm=|`d<@y$$#Qn{t@E8RC>PKhlry)T7rOen?!$`Ts*)$Im-=LOnVj{vmN4 ze?Dwylz&0x!)wGp5IZ?PH{B&z{$%1hF8vhok3y1Y}OGFRn&vC@RQv7M+ABjDjKYt0~pArAJ$aDS-nSkkjE&4fsT8Y=KXkN39^XKQp zb-a4{iKu5;k>_#a1mfQj&USVY*YV-s5MM#$Sp1WP82AmXTS?@H7=te+zMQ-l z&!_%Ce0kv`jQpf5>RDOz@HqJ<;zNW_H1b~%UrqR`h8HHIo>hfUF#G}Hs|)A&$rgK{ z{F=gf9CAJJb%nE^-*iuuUtjpyX54!#@ePIVX3|~03FS8y&iPX!zLw+z=g%F)*AdS7 zv;7p*vx(^8{JE0&X2LmtJ}17FaL%9ZsirlyJ_s-xF^X&h2r`Oq3rZoa^&(#Lt#|V|$(g9@LM& zN%A^AxluFfA1!(~{|_KOPSPE3%J&lDI|*Oi@W+VnES&B6g!pd4`MpN%h3W31ct7#+ z!nr;EinxvkenUJf_Otx(7Sumc^fVbe4CO>( zUYD6ie6DbAM=ujE2|vr&xxs#@N5?-8CVr^Mw;B1f9eLqgKOZIDEqqfWzsmlozgPHC zhL0!SC*{lj|3u>b!q+tN7Z7*9m%XRq4?B89KgV<4bMy#@?IQFia{$^iAe_tb65fnbRgU_SuRlIc{5avwM*pY8PY}-aZPgs6dy;VOm&X(T zk#Lsp0v^;Kl}Ucrl}vJV+^=0j{36MJu7}SNzgRf;<4cIU-}~nJv&|uBr;Z0U6F*h# zWc^1Ize@D8|GAj>)xtRr{0Q;WL=WfNzlmQX@;tv@GmrNCSmZf>77{;8IM=s(i0e4v zGHs~m9Fb=|bBLd(__M@yTyDDp>N!K?`F*>HUm%>Ku`p9p9BPa&@3V^0&mR^-|K zhPkN!I>oObuH#pq6Te>M+5Uq%P|uCR*`8~O>-g0N#BUOLwr8Ib>bY6*M~LhA(iZbj z{#PQ;_MAriR^e>VGsJZ~XYE5#&+Q`5_8d<9*NVSQT*q5>?L<9yi9Fl$6XJIZXM5fw zuH!8YU8v_?k!O1@BmP^(zuS%SIv!FY{(#7{JWW&;7(7 zRebwi)T84A#}j{Ce2CmKH`f-p6z*=_|u9{=tDhvK7I-DXGNav zsq07i=Y_LB-<7zYryoIF&(nWO{6*2j`&IrzT+h=tEn~WRKE8nXY0|&2A9#cK%c7sx zVRs)uJ>L_)mhl@`6L-HapEvwF^HKg)k>`CT9mLlb&i(A)iT^?PV@A&&3sBD+!g)UU zI`OxJvwv<`i1L3H&i&xS#Q!Rs`?ax)P<~_KJZ`y^xcgoEk;a}?4@dd8MV|BLDB?qf zbN;+X{0hlu&Y%5`Kt1n>Jm=5j#J3mD^UAf4M0w5g#D|MK=jZ#x-xbdJx$jY^=RM(^ zpI;DvUpVLI5l5r^N5VNjmk|HAaL&&~KScSDg>yT4jrga+hnf6b^B9!>OgPJrBR)aqv*~e|?h3*=f0~G| zES%q~OngPfuOvQ1INS3QaXp`1^>|G8drE#1@%_~M9!dQBO8yq&dfxgE;;V~1m+x99 zV7dp1ezx-v;yK|wZ@mh5&^Y`ylGpRuPebHaIuX-dQ|wt_%5g8^YYSh;@RNxb#2)Ua z?jv3l&hmdEzK-bO^4jwxOm{uuT)w9e-%xm?N%uA48w+1-_$DW#o=t`Gxcv~~n+s<@ zc_Q(l!g>Dq1o5pE-||POe_P>PUNeag$oq16-9>zXaMr)}DX3?W@U1zYiEl6ZIX^pz z4;Mb!$lpZ#2+_mu^%(ITM84C=uW%}+n-PAD;ZuPJ)t`ex_@N>E2+}`F^fws&za>6e zIL|AWI}Pn=6wdZ=XBJ+lW?wAn-PCrIG1BH@tuWp z{hUX9qHs?40pgQ{bGqxEf$8okob?om>-pgI#HWZn*M|>?PZQ31cK$KypP~3=#G8d@ zOg{XJ_+;VyzT2FMdM=Rq!{fcviC-j~>*2G+TSO1rxz1UrXO?ibvz_>C#UCcVuW+_= z{j*We6_PI7b2Rb&MV{yBzay^aeJh-UdJYtMwsR`+gN3u57ZE>1@g>CDgtMJ9&PDxt z-ghhU8^wOkw=apeiypRT(s`(7j&Qc;eBvF7e@T3vaJHxQeAJ`oefJR8^S-(ZP`*?2 zusvDg-NMN#3C+jBbcV-){@__4y-o(Y$t9zE~7 zj`)+3Z(M)gBYwQ-VS7eihI&pE&h{Kl{A9)7B7TZ+wrAAks7KHHE+nq!eJ>H$^SCvy zKs{%Oe)hKo;y)J7@AY%y=L%=}uZW)~{4nFk+O9;c=eOSFA#awzwT8ie~EC` z-%tEf;Vl0c@vDTh{FYavo~wnkJ?9huK-n|oCn$f7$g}rw1`NgBee<^x?VDx-IT+c7I{3+UVi^#8To8qCUl>FDPLb#S_h90BzHlyaJukSAxE`Oc_%lrRH==)pdEb4A>v8)T z#P1P#F84QxuP=N@qi4+ZsQ*6UY=43H{lX!pM1Rg9{yX7qhCfUEA>o{FtKES59}&)D z(H7#53FmR+dBnFA&hd(ef%CH_N&4$el7B+vxqgnj5!2P<{BwxwasGY8e=mA?y!sJw zJ#HWJbJV|B(MDMtrhxt|zPi0_}WBIO}O5{<3iPlcx}WRXEQd?;@_p z$zKzHP2^es=$kR!KM3b~ehl$9gmZm(k+>c|Z~IHs^Onf7o%4wQNjTei5pg|Eev|m0 zMV{?k=U1rzFT&Z*Lx{gEob9}wxE?>Rd<*J%N91`vvK8@ng|q#0h`%SC?LUvW9zVZE z{GTGv_OEd(ru)8dw*Nrl9|~vte?`1aIM>7FZ$mx*63%u`A^x#&w(}_B?ZSCn^a$}! zgtMK?-j4b|70z}x6aP#&+j%{4J>FjC4%G97$g`ajh<_=Z?L3UQ9&g`4{40@XJ3k=) zU*T-$*k5D1-w06|DJHRbFI5k z|M!Knoh9POihi!2_Yz-SOWreu$_Ix*AjWQ^9JH;3uik&A-=9~ zwzKJ8)UU_$mk~cp(q;d=%zeRrek*b_h+nSsd_{aiCExQ~)U&a0ey`sU z*W=qyh;JhD{JtC9k9zcYbvNRAyjmc>sp#3(*nb9bJubbIxE`0jNnDRJmwy25(c{A( z5ZB|tR^ocRcR2CQ#m*7N&Nqo~A)NDV-QQulTM9qJ$j>CcwQye7IFa~p;hQe&Ja9kp z9fZ#|dcGn)TR7MAogc(>^?2z5;(Gk^IB`AB`7iPPL_e<|?f4Mt*W;Ep;u(?W@zr_6 z8x((;xE?>O_b}?$axE?3G zOnj{9VS9!?iu%V1XL}AI9xxstzN5&qp67_~Bz&GJ_x}>#ML65P+hdrn9w!__T#plO zCcdla;dGY}-%U8%KlX9dug3$Y6W?9r*`DW#>+!&PPoN$>9+*meyy#(jE+#%fINS3& zaoz7XK8gA#iagu1fVl4W?8T%~i*ZuP8#C5-R zD{Lmpr<0#U{lkQFKYlFnZG}%Y@;4FROE}yA3h@@<><89(9`$c8ob~KM ze3o#QKZW=l;q1>JA+G)Q7sR#S-suHQSNq#V#I;|&o4EFeUl2b)?BVxa=S9@7{oB68 zwO=})xb{D<6W4xYlb2Ax_78^;*X{ap;=29*mAGzq!(K-Hx_xyJ*X`n`#C84uJ8@la zhrNRO50rf4eT>b-4-(Gx;U~m%!a1LxB7TT)UYA+W=`~EZD4g{yBHk&S_tU;byi0h_=%4fl)YBuJ%9?d&-f6&UkG0q!haIN?*+b@$rJmpXMk^Bcf8~q$C}jwIbZ6WR^OP*^>*gVb9(x^ zatrdMaxULln%mt~>@I6r(3vmybd?IZ{@zk|uFx~kUCw1<%GHzHXh^QV+&Qkeuvi!< zmwLME=Vzvk>MtG^@hiM?_^;#O*W5sNq=rW8cPAUCWkwyE?dmNrYAP4In#)GN^IN7q zx5u=Z6UI-=Mrzj^>!A^MJ$s^_1XDQS7*(h zF*-1(eBu$A;**@{C=OBE=vpzpuP?s{q`RWb@XJTo;TN5lA=NXc2EU+RyrI8zc#-lX zrs<>d?d@5pgChsJONR{gXO-pBv;vLe!6P zvwwQNw^HVNr6aQ5D_9}py}}i<-78*2rZy+XDdI+kKTyJqMc(se&=NxGEL zG~Q@|&bqI^G{4xn$hh`IN*bIOmI%o?TE{GnH_p%-I~{#f$NVh# z%Es~lbWBZC+RzXH4LSHst3`H&bp79IwuRYLUG{})jn2lfra2krht_nqp@j317JtpJG*Q6` z=C~aEFWkE~`cle_&G+^eyW3~=Ow0F|!33O4Crvkga%1SlV6?L|-mS6N*VogBW3zPK zWc=64IAfWXVn2kIoH=@!7xvA(!)FH>e^Hr9dg$!mFP}uU;}c`nPUAtL=kU&>gU1uv z(T6k<=qF$V3GTlcnkMFbjrE)8395xI4*N=+{^v>%UkNL$*tU<(O-E%;D5A!8XEJk( zWe81TK*C9(wcOCvGr!o>(i~P|?);S^HqfQwYme?L;&Zva;+!Hh^guKnX|Y`*=BjlKGLl0#QNGKnJOnTgOU@TAXvPiTz#xO59?YXEDRy_1^K@ArfRBL z77DW^xIV+I$W-V-a3Ev)pbh5xO~4V}ASeTU!_t_etdzblruGz`FQ(=celMox6kgA# zc`$sQKZ*YVkLNdO(EVMK1ecn(t7KGAQ?2Om1Ns+VIyLolKHbo1*VNDX)CYKAc$;iC zg_lb@8A|8vlBSZ}>m^Mgx%W$&LUJz{mck%-!_cI@eXkg5+F*OfR0%IFFB#jo8hOjG z^lIrf!_ug+_Y6xWwimUh9iH;`4H)B2IV;YS>Tx~BGnuwc@XUNtngDa6So6J<>a8~n zp8x1K463&&Q>O`^9gb)%kAiu4)3mOU*(tH--C@-uOY@gew1k#}Sp{w_YT6fOP^H6}UF z3`$VQKa%1VQ>i`C15jKzX#rOW;f`3dZYOMlgGOt)#%}XbZYSR0&}x#w!5Q5oZ3Cj5 zPCNrrx}12*t+%V8!-Q-;;D{Eih8d}iR)hJ&o zOQk;f(hPmG^wVFJxADp|q&R){1~~|CGpl7?@+Y3WCWSe=(0s3|MunxeG-_5@+M#dy zKT^ZO>|UxhE!2qQH7;P^X2|pe2bJFb5Q8icj@joV;|4-ur-(VdG)U^lKy<95n8!V9 zv_}S#@ptQ)pm9#jC|Wi%1$>+iXETO4twRItWGO`0JenpF`yvFswm+ZG(3;fo^uLEJuWsvGZisX{liNuN2 zwr+$a|LxY1P^+xE;`i^--pS`ol*cE(C8akqwm4J z@wYY5ZIzES3jfN6Z{P~^)qqWSs-u8I11(eO(3qSU^K=$TjQ6*y+GR_i=9*=SPkRls zB(x^hENh}us8tq)rJ}Q{Qmu@)4ZcQtD;8`TYvbj`EIG5`_a44uWC_k1@s5j-Jsm#9 zW|bw(kg(T)@ORiF8DD-zi7H2f!maG1V&qAfaFpF)`UC6^6HR1yz=^a5xYVe>oQG>K za(InW39dgn9RAhQor9}*V5<>QJ3 z)8zRe#y{Aq*$~4Z`^y2y|K#3q&k%^=1vy+#X*ni`=L)qWv! z;LEYoyrt*vCw^B|1powX2n@Fdx4%QR!9zr$700bmRL!bN!_B+V^Qr3Mv8ePWvpSPW zjm~9F-bUlVh%9U9&6oO;+ky8aL3ot14-WCi&%PR^$M4=+cC)g^s!g_z!b_OEnTp8G z(v-xqhj(o~2DOsJPOC8+j#Zc=2J7*AVXN7*GaA=dv z^11ajwiofP3f$iaEe>B^-W=X;3^XpeH7++F?nVi^IxY*zG*2y%uT6gC9JJ)|op23c zuA|gm>~pg=>D6`Vp9J%z5U{s$HTk@Z>CD{UliKK(hp*#E-}3e z4J(3cQ?Td4{xE2D1k&_8Ty1@h>^$V?ZUdPEbpl(LrJVSRA{qN+Y zxhkn<)ysLk(3}i(lyDQL_l`{%-$Hgnt{O)f*idDV`oGgyU6X28H(i|(jW)S=ZNfVV zurGoNJ1Wwd($!G^I~CU4R8_MI>%3k>g$;7GG6(t}t9v!h9P2d`W>5oNKl{H^Ysj41 zHA?e(Nizi}u>U(XhUU|dCpBwI&g+F|itNq6O9F!i;b05&rY$&uZphIT+j}@Dfr3fh z0nhsesZc$G8h7~cF?_l$qXU>4B-M)JN_$l54GSe!XB+8`b$QTIBXue#Q_dlyXW^b) zO_>7EQloM>rE0(NLAhOX)hQKnHbDDwF5(Pm9toOPOH~aN({|G5Se|b`f_-8&yg5?C zfjTl1-pGjw${VnIN%F8KLg6|27p;XX;K&49kgA=*h!+BzNe6R|*PMcr54eu9byAM< z*2!PoL_yALz?O|&Tw9RzK zz+UgmLHRKps>gbf!|;`4n3){na&ACi+8gPLiY-W^m>3xupx)Xf6xe%3rGecmyegC! zh7(W=hfMG(w}8?&g-U^o@Tf^th@n<_6P1R}8)(C}xrtnYn-2l83ik^inNi)v1@N&B zi0Z*NIr=2Z?R12KDm3>{AucyFI1%X6RaKBdGATk~lIx4}ZYC9?k4g`gJ z%BYY{t@0)+4ec3t#D-7RHgCuducv@o5im8Y9KV@@S2^M8lJ}fxN@bI}wXU>*78$qu z_unLTKX#xc6FEUh-N1R)4z+;iSiVtVYSsSWMbsN4o|1yO*17`EiCbWPYuy0t`5YQW z{-i-=ah2V<-#K*+#1Mt9Hu4pimbR8IG{~Ru$ea^?^ad2nH)Ft2O=&A(fHGu`?ft|I ziMMnllrJZgpO;X+tFk=gi%jA@TbHOuZwd|2CT`zSt9@Q3`ap^kx^PApvL7MHQ>ALt z)kI++2s4GFFoEuG5^f@KHvCBrdm}NBhmH`=H!TOxn09f6JZrg$IO43`8lMEsN1-Xp zeha&&^iGH?#2qB!;9eN#e~I7`h*=YGuN5;}BG6e-2jgC25HVe^F!QgWb zvqp|oVH6Wp)_7N@ltOUo)*v+tL0@}l8Zg#!N2zU7oKb4v7{t1SiEf9nA2XxXqqy&nUbEaT)t2!_V-KNELYCY z#VH5u1BC0Y?6np2;;9tqIuTu?WHcS_Hbf-AT~x99h*OFw{4qS=oZoLuVy}X&guNaN zu)R$t;eZ<2yR%rC_wVqwHweHLCNxfWW1_N9Mln!qx%lBA^g}Q@4qtwb92CRT$u69U zUWZ0?Xqemt#(Rf#BjFjjc&F$MzJqS4StE;MXym|m&<%A4!x3Qx$x(My3iUm33_RGz zx)#6!JvExhE8n6QYzEs{Ub=~4s5@5uR&$od=J9eiGWb2{Icq}RF>=<~5%_K8D(^?s zhWduV8S4rTPY_W$3GcYd+W}R4+8P=|R_J~*DukJJHCJh+fz1^OKz??QQM#2sHU7b&5L&s8ruogr;E0)d3EbDD*^LEspQ70HG zs#`ijbw?P~Qcm^Myi`whg+ApkWw($qN^0dm(p^fo4UMW?;IZYJn4mkh_Sp~V==!F93Dz${=JR06`Gf4TVkc5U0B9L)erEn-tnagvzz~n~SoRay+ql@x;2q#p<(ZI$rLg?7lZV!Ybuy zxTSfgMC;r%oTb2Z{)177jSOS4QyP=p@F zR(!W?<-WDTOK=w$>m^8d5MF|faO=6RomO}W?k;1!1PKqqORy0sU&7O^#(5FH3rEA({3NIp))(GE5Fcj%Dj}1i?@71=WMTAM!P&> z<_$f}`N~*(XY+jfxVd8vg`6;rLAd6JzuJ z&fSVSc`ys^deeMNzMpQ})4ya!=KE*E{bj*6@UOv!WJZA{#V%+frNXTITu1p-`>ivh z``zCs_6%^Ad4)2TkaIJo_xF*d{)s(Zz3_OulLk~9*+&_1nVKnj1GgKd+~6)}r2`B^{|# zS%Uf%oCr}L-q&jiC^~Vap)R*~_kt2!ui8@Vho)z}1vLnE9(L(NqIRvu8%hJ(4P9L7 zl+G+^r3mdydr3&Eq7?fU8=21qvTfKx!Cq|CZi-H5z$vE|(y|r|>_rc6a{B%#TkABc8HDb?Wp73ZK?I_GjjSBoVpb&kp(pc#1 z>2?x;MwRKxA6m>gckId4%1*{iX_*Q^E~r@Ja??R*@9xrJIEuwR*!`vMx$v34p0;^# zNodyIb&&8}AqE1?jp|OK;O>)MTt~haJC*k0ocus%*?czKiC&qS0h!WX!j8RA#9dza zPMJpD`oo<%y;^%|&YWT&NW%UnS*=*S6v3);6@99c0Vbazzs-3-08{?G{Oq%lF)L< z?f@$afPI4}s69BsQdXcQj}_cnoa<&Ys)OYW*jAidf)jL* zagaeHVcX(B*FY!K&?bA-S(}5vxc|}02)K>}>Rxy4h?OI2x$jCWE~hnBBXxs|8wE zE(=>HTPM^1nsV@6P}|cwPij}|aPNSIiwiHh4KGak)oTeQXuUz&!@>UJbs@!?av!u` zdsRi8(gxg!2|E+);vPrEJMH{R}j2>ILyG&l>FyaA636ThUK2c8STjcWWk;2$s*exb7i*%zsp~qI8^%+PeaI#nf4W_O_3bqa2%UGgb0|VPmaJ#AA zr-V)i!(KJ$I849c6G)Xx#-}7O623Y6OUe?quexkW;9rF z@rImp^%~FdVX{)l7BGa-3O_8!FY3?1ZqvN+6f&H!J{zHe$=>}_mbdc!;0sB4e{*^| z$obI_0dTGh7?=YwmBWippP&4O$i@PE9H|fdU4M6PAB3yspk4H`&^J=&mt3baNby}E zj`=4+mFVD6^4O6aT8g@yB12n_gKsBIG5Y3$N}fONlL_qBw-!S+2#&$g+QAgqaJUrv z2dFx@%P(03jtqs@2z08IDvLA1Nin|ht_DEz$%f&0fCNJq0UuUkN0jygA|CaEO@n8o zH0xTXVY%!F3-^TJsF>xj8f-2#McInK|6v+&8IKk<^K5XPfy}@L+twy+;|%2PJG1HFeE;l_VRD zVI17^e9a5l)6YOZQDxraft3R;H@0?q(aVSb@KJTa+i(%%4AY zLpafQ;^bTDen9LxaB5QQ&bPr{fYO|%eG8r77jw?mIE2vk!g3$P0`SH>>4bAlQ(DL8 zS|`8{-abFhJSs*fFBjta;ua80iheQJ=U|M-7sT%^fa&w``+0PW4&Hh~uR~V%b_RX_ zk>=c(Eg`3YDMMh{6Q|XnA9e%K&B?9hYSrP`hE$SqqspaX6P~w{ZP1IzzJ1mN?R9&t}50U$Yjj-7R-Jgw_%mRRmb4^Vy-ue zQ8glN9CeMgszKWnV{}+8a5CB$;N~6Ysk%2NqC_B1CH%)R8;>te6X2__fn$d*JEV6= zV^PLdmb{nn8k6FAH+@*HP4Fq$Mt6%UY;#CDKfxA1YHraiBqvI^0jC*|X}k|Mfz6}J zJ-u9&l04SyJ{ID~0(Rm!t`B-~aB4J`kl9?gI}B9=hb!T!c#}DHScwY-M`Yk5Q<;am z)}p`2Gt1phN8_eC2=*@O&Ue8E=0d)|4F80Vve;M7&B>QK(e+BdZH1qCCKLFZjQ}FKt{FDsdb>!wM10R^<<^peZ+}{S@i1r*1?c*mz64o7@5O7lQ9k>~iR&AJf2ZteFPd+D6=B1^$>(5kH@T$M zi3bPCOVAq)Ns;?wr50CF3k!Wk*rc3o=}K7-Ve>KdiPo7owKE6uNKV1Pd-{&>$llAu zV@Dj&TNT0H?vWs7hOWAo7Vc^4op2omZOCNM)wdTri!gBTI(nJ=n=KiYUA{A2g=|u5 zxjZ;EstTQav$oaD@VH1sLxWMJGo6Qq2FEU`xrI!lBF}W-c+vBP!?3c8)Do-gA~nP+ zyGRYO%8oR|m<`1!J4cmUcIXl9ikoISAGuG-{YIjbG)%W3YUJJqU?-lS)l95UqBzxC zMeU2Klz57uM7?!kK-m5ZtEELXP?OUU4Y9#$h*$*z?Ikq<=|K5qv(SBX7W3}-HdsaU zz7QGWd#a$f7DQ@@)&3$i#A<(}p*HQ$QT45~KPTxyXn&Oz4`TZZPCT$aM=o7~Lzw{s zL32lT$o{98?a$a$ZTllNG20(~pxCr0D-xl<^uukA9*|KkuUGN+XY27$BgA7M_&_TZ za-*AfPmqY?0E=aOy5P*@^c>u#KNr@Ax=ZB}+!1iNa|AOxpVY${#*t>2?jEj$d-k2t zflnLs{2`VF7CD{m2+P7){ePr}SpFwcLoEM88fxQz993TblOpG&;&?oFs%9Rw$=U5@ z9lHm?c~w@N>aF4p9)c4OERR^ui}Y1FcrZ3q>%1IO^eiI5;34{zGmgKGd}SQk1O!3@ zPcqZF=%^`)oNNv~fDp%_RMry5sZ`by$FaCtYT{fhb(I~AD;(;cm$s8}O@g)OTF+8q zDjz&&6JbDVhvVw3&gr;%=tkABI9;4si>oTEUd5Za#Bn}WS|I~Qa6ri;dKlY)3OE(+ zm2%dMQfTomf>7wZI&BcN#*4A~1`1_dyMj$IFnEJcVMh+$f+vM^EH|ul;`mVKHnlJf zar|erhB&^{TnAT^fEr~;wzAKRw%QFMFRekDV|VR+rODeU#e?T3LlRHzBTb=&IEa`t zN|V#o4$2~1UhVv1^eczOo5-6+S{TPSRMry5KUCHd$49tYYB#=eYC>gS;iettCzrav za7`Ml@s(*N5renE^BWOwm)du@I%_b#GMQ7Q53x)d^vRu-R*3t=ZFn3Zf_k1TqiHw3 zIsfM_CD;DGBsvP?nmL*-&>0OwJiNFHMrF>f+o@LA4#te#J$+rUeWC5#77!oU?7dYx1%)rt(Emh0Z4R)~&hl6a18?*-7~>Xe}5$ zbl&RINv zVPy!^Yw&$=w->vi@yV~qm?r{%h%lnMDyqb71q zDbtj~aLu<$!f{i4PO0WEC@#yIVB#H85u-nQb57VC&AEIFymjD353#r9L|+ueOO)Q7 zDc)@Xks9L6@S@)&&g{<75TjF#u`P#Q#}@&zcgCcew!~anGhZ~Tb->$X&$krBaWd4O zc(VBcj^TJ)fK%T>W+7G^3uqd$Z_d~h(FEfJxT7m>ydX~GbzZSsaio?wu^Q*Lw}338 zMZ#FEIMRk#t(Y{_rWHG?ys??3)QX*?{q@~W-0MH1mp81_2_#1u;teMU0E|Jje>5JaEej`1>6;B5lFVVxj5f^O)NlLYYP@Q63? z9wkWo29O49zJg@rT74@MJ7cHM^99^U2IEaSVFST4DPdT55II zHPot(!N6`p-eOb3WZW!q=TQkOfnBu*DKBszBp%e5)vJ!>jm=Fe!rFQd91BfceaUjT zCjr;v$G~+A@Tpd4b~JCdC(c#m$5=R8MORarvnBQL)rxXQU(W(__$ycJ>+9)*O#wAc z)PK6jZSdxzs4CuwjsnWzEK?(EQg=XeE8IJVXAI$3Q!~_e+$1p;%7yQps7*5Ua1}vk z9zIcmcaPC2bZ}yLUk3IV6v%^$_M8amax%N;Oc^-w z%-eASn^I3B-iTVJZ7evZO0USdiNbR-SSGTd)gQ%|P$f;4;s-fkQ84K?*9=~Tk9)_83jV-H6T(7i(9|#sBKKy5y(Fk@3Dt`u z6X!BUJWB<;ww3fq%^-S@xR%<`gu{A2Wj-o*juZx^=GY}Tr*T~nyKdg`lt z^`=#_p3EAM_Db+Q3LB)acq#I@bZV!+Xa5m@3;H8Tf|lFhYX( z!FDxNVN>M0(jL=v?;57p*-V~Jr&UiP^RM3O3(aLV{%VS!A&R=W(@Zj9BouwAp8pQX zlp{pn;%Ic5p38$H9E|iL;X8~tSUwZxBEkJ7v}Y*FN+U~*^zhA3Sn|191Ms0X3X?lG z?Z&nRZ;)bJq_KDhvH|v>Q>UnZ6%R|wmWNDW0d~i694GG)N;{c=F|M1_(G>+Y;lY;- zObdt>9SawPIv+krdHWN5psl|&w;MM=^U#+w56UZWjVg2r2eT4dCp7n@qi3oF6>jmg z1~{owh#36X^J~x@&<>V*UO;1l(G*OxCIt?tB5w?p#Vvf3NzP}j^8IkzgRecpTpWwc z6_2iKP=mQn!WXd30Qu7b|JRJUkBbuS`O;YBWikmg!!@OFmxo+a zO1G5K99;kAy}}fx_0|=pI0p^6!_-!^pfBIsgtw)l#W2v}**;w4+5=15U`DwwUn=*b zOlG98o@`6nOBy}*l0r3Yw$9?>?WBOf6w?DH^*JUeLuKXM0GZrxK?ztlr;>%$T#XrY zUuT-24%Wg#N3n3I+zScwgOr6pvjI9B z&J8yM*UH+ct$ubwfkVCuhI+4o3@*n=71GYuV^cV6Yy(OWoU&qPDZuv?WC)6uTuwDY2}rswG9GL4#%cLe=1w6sclxT2f?^ zx+O(cwn$yIZVi;!V6_HExu-Qm_So(q#k&K7hYvz&Lk}HF=G**&2OQ428O!jN4OT~& zGSes!Z~VidV73cJ2xeb#Jxm@3y4||~+npIf9xwK5?&z?;i9oyAz!g;NilS~Cvl>v; zi5R;p3U^ph3B_*iQA#Xpt7`61X{hFoPCBsrjn?A3g*n)1M5-7ZrxBTCLZ=a_tJY3~ z5*sY1;VAbw4WGO8bfNCr1xWeBxi|u_YHHQ(s$ybs+g3$Imetj?uZro!ZeuYt#c5}i z)eK5otDJ1I_EuS6joX}?;2^a-D*?Oh!FLGY3o+$WGiPFUO?a_fTQhB7cHYkHGw+!TpUkqi znWu=DLAE&~jY0=}{>k}Z1jM;3jxA_Sb1C>hb8A+xvyJQjB9+w0_eG`=+wWD-636F7 zs~8l27oB7>Ul*;b#(vI8Y><4MQEvM;|GZz1EtXchA_p9mSlqT%QBjTBSH*NRDX$ z)f91;6=GUj&Frm`p>dWKqRfN?1=#;pzdYoPmPaP3eIYLw;A8$}1!BHs1!8fQ6(a4Z zu@5!Z$Y3?4^9Z$FR-iXYvaA4;m9XpoYub{Wn<|2vY~1lmCjBcN9Oi~gC)+Fkf(LwKA{fWE`*Y_58D#;rBi9MF0Nc=av>Lm_&4EIFdFXasM-*H z--mq^%C`d})i4TuhO>tb_Qxe1hdFy?!xoVetHV;pZF+ENK{jX?j+;>6PLNdTsckr; zVHccp83jb*a@AeGVD4VPY73)H--=l(b0vFlyGqzTLtb{PE(N@>KrVQIP@tUCsAcBc zTX#nDS@PQ0-vIWv_k`WK0C_V8w+PPdgUgiZ3l@3UsMAKn3FBsJ`JUt4k7VFJTB_pN z`FQyQ1U2O{9~c|f=H2le5PU$l6Rw+pkE`_;`^tP3#C+RNsGtVMRArW!lQ+jRlwIT;$+$ zdDSN5+({7T{;Je2Ss2e1)+#l>TjW#x!MhVv&+xgTcy~9B)h@DD@1@7CCpt{nWog{K-cZ0U(t0#iH!rd z73jKaWS{HCWmkti4z6%OtcvJIU{S-W;HWY7ssC;`pxO=l{^=}%6k@4|juScCl2U9% z&fuxKfNKe$&|u3yZHqEeRGr&77qtB+pG)E@sS=?wTBQrhQsievKynkYa zPt(lGI#m`i$GyRXdQ&E53crkM1!ajIIjz?dFl16H+=9qj%ZtR#6Kqd%jd0y@Xr zEv*rCosY3w(h*hDmNv)jBcxqBVjj(}r}N4fGsQ@BUW%pjZqQ-v(UBa?iVK9?U@ z=$LE8PC{faSy?s5s`MI$1k1xYAm;I0uQ>Sq73XK|#v9$UkG6m~&9rQIADyGWl zoGN7PO*9gQfR;Il>%3sn!7v@{REPilZVek`6-WA=06$Eqv?ElF7~VA5#ssX^yc9t( zK6lZ=SGl2CrqZ7N)nP+V3&CjduKDPY=t|w4sSB<`RhRE4o9}#Gs%2x2@K-!IG=LzM+lvF zjk3aB1u-r*!XbB6p0&T@p(e~mE*#LRxyPp9LRhe58Fkb_&V1T1nS@>!peyk8e zguEZzE6ar+EGua`*EL|8kb96z^a_qq7+mQncJ>zg=(M%3xdn{_;AtE}fL$%1!sA`> zxHT@Zz(H#ia%vh6^ttgARWhCOjYNRq~IOgDVg|{UwRllu_{p_)8L!^aO z?55Be8$HUTRr-p@gYC(dTV$j;YU%~EfeQ0NpE9iX?Zr9yfzC4c)XrkLh!Y(gR^n!Y zdWijck1+=f8*~Ol9w<#(vm%wnu34mIkZM+>h2LV$BD(_jwRqeGZXt<1M^e?oNhF|J z_?8U0ckmvmrM;r;oX6_Zug=+5`{-+!H;X)vn6%DCDvMp`NXsDAxkwAY#X3iJ4R)P# z5(%ht$`#Q@@aVis*3nf~7`J-3ng*wexcWnVeEQ`mmC+RzzI>gYYug}K6)T}Q)g}7m zQBp4weYPgXNsuHa%ZZ&bV43Za#JofPIRgZ`h5;YwE znv)VSyh!A+1B|65ns7(%kdIw0NXsBqi%1K<#cC10-M@y_!bv2cbMXb)VHCjqmv_xk z!swBkG3*G3_j#&N6r^=y@S%%z&c1(p(}!2IqLq=G{VN!0JsTb*gl;|AQUq=wgf^vC zjeP4n>GXP{v&|5`=Fl@N=$X4_Va19(@G<=kWz1{zqil{E1QMR`T0)zsw9*VZXt$2r1`29tg3QY zJl)&zF_3y#>yV3Mvk)GqOJm(a>MEtkzwq9Gjmtv}2CFfJYOEJlI^OjcDDhHNwXDhlE+SnV%NmiSN&tb|w zZg2$^9A?Ut(Jw$-G|qEEiW44NtHzSZi&Eilx51vvhcx;Y!1&F`^0fpOFcIJX~oI)N(9;G%#A z6Q@H+nHu{9tM_th0kxzQox>iv)+sSNhe0tpQAaT-7R2u~1|@mZfndAH(H4GLWzGbh z*XOy26VA;}iCkfB@UAd>7on$h!LUDkn>sXqXE7ajG=dh28z| zhW6ePZz^zVA!_Cov{%`$Am;P3jX%lrCR%Av$$YcZ3bQI)yp4XEH(FyR!|sLx#K4Ka*9GvUSL33~y|=YHnE5kqzvYtQ5abEmSiptCn)w zoC({29$60a(xx^qtV%__TUXlD!uFM`3JiM}C8~paEZo41&n{e#kJ^k5TNy)cY4GeI zuTQ>%eAaB~0ch0}n>*{o05~*Qunc@ff?esBPKu#BE+pyZSZ6ysxCxl*d%w_=%&j^B zA?S2`c^>Uf%pgFcRi8@l00zN5=JuNi+cCS=ic z_~3CFLKQH^X@<>tPTU7RD&u_Y38Fs!cbPAH&*AA98%@W0H=3H1BD^XLW|G!xn4vg^oJdyb7eRNEZW}f5A7n`B&!#mN@xQKN3>K{iv`RoNe#vlPnE(8vZiyZY;*L zpv~Yg_>)S_e(_Yhv1#uZf8i1uv~%dWt7m?Z0`J(>M)y+LvHT2lY6bX4nhA8k0TS!z zpHhnxr>NVUEw!K$Tuw9IBaQKD_EBJK$d2&vI3Moub~nAlEzQmcnyjtmunim%L;oOy zbY**@EWz!}HO~@Isj>v;fSw*N(UwGO5X-ee?ck`e`xiX0d!*cT9^v0!jowTw4kY@u zqLuhx3-T!06rR*qJ%xv4{Tqb6!x__ojl>TUWpYkN0}JcS)NqK0#1$s2I41Tc9AFvF zBx&Juu(mEIttZi2gJaf{XeCwG6K4l+wV|GX((o3Sub!BF!&W^>?*U+L;4N^YTn81P za|`&!4mJL4W)%NMZqsZ%HVzQHcerz@u)#EGrKzM&`r@b@i&j!~r6Ki8-MKia+Rh~^ z3o4w$@K+k6Tvr;^o6yFy=nPKUqr_4fr{H5KskJN?<1tqasw;K%2A@ zR8$wI0#r~^ZQ+}}xl6mdFuN}Yr@M&1wUg=xi3jv|X7rKJ-N#ZHr{H5Ks%Bc zJmDbtce0JH6ho)LkJ$m^-rAf_mx+?Y!*X)niJzuZ2kSNFMjkw2@9z7|!39UDG-4zz zbmu3Ak^)1NsgklUu)!T=d}Fa*YDlNv&1zpANVyk;H!V4VK-!09Uum0q)0XIU4OVrd zT9bK?Gvs7IJ*iTArOj+%b*9Q>?fQco>G%rOp!!p7Ql7;vPvjETgfLTm$NbqrnXNva zD+1-hJ-=Iv+%p5676iH_`0TeK>{;5T?>^{F(%uY2`+1CduT({ET_LzA8zS%(WPQ({ zhS{}&GGUuAAgg`bU?fAl+T3k5v|A=P(|Ah5ffvu&g|vLB;R)f z+i7gop$5P;m*HKvZ9&978?SO$=-~xWYe*B4vGuZ8YRQHcsk6HV^S2z=>hL`aOGWbm51+e@hZ1>H8{6{NH9O?>Neyo6djDV{JS=iDuS^HtcCV;!`l8p z0ao^>LM_8%F>?L5_Z2ERggEo*3P;-A>NV8~4TF#M9y;-@S2)`pV(%oz-IX&<&>6Ob zMBkRz&|f;-92KZ2>t2jxR=T29!)NL7V+!yQh51EiO}I>3I1*hHM!P>`A)Gc+@G=|R zQ&c=`peP^2_3zq1*NvBiWnoy*nrj=tkN)P|*M(dU9PjxuU)`t$+gCs-tw`JFIec67 zVbvA)naEXAXf&hZv>)-!RoFa&JraQAHl*B1W^Sl2${?ggiw zfXT6vkN6@3=BN%e^LgdCf0QxjSpq z3Cg^}T6wH~n+&W?S(~->!767_U&Au4RwvbwBxUSAkf5C1hpKPeH7sw}tif&DoWC_J zcaQ05_43kgthP?kOvf$Ho6e7$)$>7X+nkqa%OYq@Uad}E$&FRM zB%Gvt>4B=+vvVU?jeIx1tW{HL*hkBEq-$BeY_icAG3AGBPPQtID~17K0ysGVhc2wx zSzlj%QLekVAlF&!o?GrP@iho>$U<>X+q`0-4EF>jwgFehA=1T*#kfG$j0fz@6&8`N zn{qXdFHi`4^-RcXrA&(#Wnp=pZ-?-|B4(NA!#sF)CDwF5PAv{w&~q9wBqg5GYlO9) z1D?TMZ}Uwu-9@>mg+E@DvzO8Q$?@tDuJh1HKC}_ZikmO;8IX}?=?GTR!h>0|1_bIn z%VJ&&Z86U}RJfRDMJZg&UK>gpho+dlEV5Z&as;*j%*l857jxxBy%L!Ai?Oh3y52IKjO_bvch9%q4|C^9=@Z`qO_Se42~cBV;}Af zJ$O=nvca)cOBFQEwDuF+r^QsU5m1uOFQK%J-4ik^|>z2iC+k@2rQ==<{ ze<6xD1HyRD$u3yRh1|}`I)%SZMjPS`GM%imVuPF;u3Pqdw5alMB8%0P2S+EZ>g_eb zUdv6CD85{-k=Rku-!G3v40|rZQJ0jmFfa7NxJ-6ix zhvLh^{xIKUILI>ClxYpR`B@%)2Ws%98}WrrU-H&YIG&3qnPZ0yyd(QebBl=6_FWB? zCaU!{o2XhdG|P3wOg~^^=G3L`;5k$^6QjhLQ~m6Mx>|c8kkkfOL3Liv8kQt4Bzm~2 z^sOOBx{B&5sLBp|7?3<4YS8;z-Cpwa>0#gdTmA()lv01Ld!VxuJ_cXvh8RQ>ZvAg- zo@Js}iF+Klipz1Gg^qk*zd1?JTmV;2pV-hX)$dJhukZa1Fn+-Y26+Alg5ACxpmRP8 z?0*PSfj$dXuS^G1@9AJ%j~_qH84(L!Ds{cX7c$2Cws_(>?%Rf0A74kL_5S#I;PzzL z>@0CAG9As2eU+OoRrhB6an?DMfK;%ni+N$3DhG2}8Z7aRcN4)|jO115Fb0hr@O@&u zlQ&@37BJule6z?zE54#m)K_K!FFMuSJe$e17Q6D@}uapa+d=f)YnEdj_m+gHa3fZKe4cteyR(T%j}H-%sn2 zxl;F>o*+SJp!2(eC9SuyYMj?3%y=(xGAbY`JSG%mP-}Rm$xm*kxkxfikez7)-AofC znI^n#H#ETr)#<`>?fpHuj(m4}XR$7~$F!Lf#!t)5oIJS|x}{m; zCrrzl-q-u6bB!le6j(N0SSr`ipHa?Vb>D%%N3Bp-_tiJfp92hE7XJP|{NG0A-(BW! zly9))7g@Z~;^$j@w8gKs_!x`d8p7|h_`S=!c7AE`v6h}ymvMeTJD<1YH?a5%7C*$| z<19U$7T?k0M}_c{EpFR+zs0Yx(*38!?R@*vaL)fp<~>(H0Dthk?EL(J#doso9BXkq zpZB-;&X)X97T?9`0kedS6F-`|9;)ngO#Dq;~zgCX*fRCWZAig zPoCS!-adYt(SL)br`ghTpT+mG_~RCDvG~6&et^YShX2MtZ2wozKkKj#;2-7>nRdH_ z;glVgo_>pCTI_Gnw)k92{sxQN_TLr4pR{;~rROz^mn{A_ix({ZiN)=7S6R_{Uwp4Q zmi&emxAhFOxLr>Uu=v+jKJ*#R`T1QZxw>O~`~}1BwDj0^K4o#+&VyER9z^}vuN`Id zbQq5B)oZ=i;Xe8EjQk0f{9%^-jTX24*snwQ>lU~D@D?jO386iGmj2Ne@3MHi#ce%j zSsd#g*SBjeZrgcB2!Fuhb~)~~ifgBx?iCid?Z3t1w*9YJ+}1O6h^ycBS8rR~?l+eh z&gFZl^LX9zrXpc}+Wlt6;&wjlZgIQcIn?5|ogZ3!ftAlIeb2SOZ1KGQ-r?~+tq-8GiHozGub+|K8f zR&yRi{bQ{B*~sE{x*5a$>F#XF+v%QVaXZ~BEpDg#fW_@}UoxE2{nWhgpDcMh-O;PN z?`5Z(wYZ(`eipaW?Ka$>?jlRxPWLH`+v&bxaXZ~FEN-W}>KcyyobEEFUt8aBe>?i6 z#qIIKQx^BwV{wl?7Wde*rq`Yo*&f6F_S|N1+n(nvZrk%Gi`(`rvAAu|ch~aTGsM`l zuHk-rF1EOB&+Qhs?RmiBwmk=~?ba*Xo&c}Sx6}QZ#qD$#Tio^! zf3o;OtNng%aa;d)*KzH)^{;DjyMNi%;HLbvX091!tZuaOU|0 z&OBeknddB=<0@U2n|)^fym00(0cZYdaOUp>Xa0e3<{t%T{;6>0Ukzveop9#=2+sW9 zz?tV9oO!OmnWy3%H~TpZe&Z>7JdZI{{IB$`o`ROvk&ZZPB`OB!P%e2 zaQ3Hj6z>IRf0n~XVZA2TIR7hW9kOW~|P zL5`dCk4JnRIOC7PBXbviUzsQ8%{+{s1m|_jtHJ%crixAK2mY7^O^YeI~DvI9$ z=W)Iod|d2Yf!DtRJ|4ae&gFg*#lM4dxxc{KpB8t=#Qj9ZE&J0sxb~+P;@O|QaMpP! zihl=ZohfqPtcU#>3ZH`hOons0uSfA!a4vT2m-{fB{mEG1=5m?89Gv$xkHe>-&S&74 zliWORJO}?3ejYv@dH#a)xSgutzppb3oa>bz&OD{yjQ<(VKBO*mbGhup{qUDi|3mPf zu)b~K-^1UBvk#xbS^xKN)_D%j_4*smJjn{*TrbA&fHVIOaP}cnk(+sDpbrJ%nc!vN zY2b6)!-tox9;&ug~Gka}3V-Sw(NI7xQn1vk$+(U&eaffG2~eEOs-00(f6I z`!E8|`d@^z&R5}FucdJ2Sr2FYG57NBM zl0VX?$j@mw`*1!={%|=H_wT1-KMKP?&Zoh1+hXGU1$brnOYk=E8Ss?BBYmD1>%PB) z>EXEi^AVp9dAPk8zZUWIS@3Gevk{&bz8T&az6H+pdI$a#;^_n7JU-t_A0p5CeY}O~ zfw<@LJ7V4Y7P&`={6zXm=k}V5JnYYIc)qwSHlEn$FfA9iUEV`{&JZ72?gz2%^)UVb z;)^2x26(johr>qPayKEqHuA8~Eu;8jaP~hB{8QvF2j_cM)!}^4itGCY@`THixca|@ zhv|wq=l1nJMEdzvY`pig7M6PmdAPnu;J1?hn}3-9Tjb|<NUd`G1CI#d29cm&^HHZePCNax3xC^8D}W9M3#H+=%Ues?c}tN1P|* zafx|&+)EmJ-uFB_?$L8&`$jwNrNH$=KE(65$8nMb@wq~LWIs)fdMY8$tsLJPA)d## zR&XBQo{ZxC;n9w7nNUBEZ<*oTE?MB*F6;xhOIGwD+_uIY2X3VgdzCU5BZ{a-YA|Q?)$}UvGo>$v(JU$xv*YE;EXQ{=XFKo zoju=Q7+(_c(Z)aHt0SIXGm1YD#iQ-l^F$X>q9H#VILTuAAM+#_*>~i2gFC~1NS4|U-)%PWIWS3 z&O0MNy%U`4#q&jetQYg&%6dJC{L$8n*GoMRAEp)K#$iu52TIL16~yUr1SphWyF_2{7Z0-|5;J|l_>riJQwo63TNNu!V4gN9-Qa3 z`EZ^`-hlJ|ZUMY6@=s5E^Zx5uIM;VNd?E5Ig}(`Z2fhft7rq#N2+s974d-$%!j~3BapRDEu7!HyJ=cJwg*jWZyPmxdV}h^A)Uz*E5+AzX^Ft!8gOJ!neSA{rN83uj?Ym z^Q~|m-#D+!aTWOtg3njf#B#SI59{9nXZ<_jtbZ4r_3wuB_^=1g;|cRKejnnwUXjlr z_n4j^75YP4c0?zgN49?^HVK~Rb*YL8~ z?wk*)4?l`{&Zn(}KaTil~l=go5u(CEfJi3W`4#eK|K4D6wW^12Iu&R ze5T2dS6r`@aIRM>IM*vRya4){4$k#re#U1&Jl88Doa=Qvoadt~a4wgg4Rvy!jpyY% zkcY=HI`d~kd~xK@4zB^f6W$b_72X9N`K+05FRpJ+IP0M^K6jLOI`0eEpW3L0&c5YA ze)f&dItw8FR{E9?@$6e(IQtg)EZ)ECTOl~>q4T^p9Q$=NXP=88e-ZSJ*G1*wX^_7* zyeRT;|1A#Z{#ycG6?sa+x&M}e7eIU&IQzr=j4y|H?!WiKx&M}hXTWmVpYXb6+q_NOwu0P3s)XMdQV@zoK}{?vf8KULuzSA6e+`xpDh z{I_zwod@ex3(MvFNo_d$RtL^J_29RXr#|9&JZS*Wk2<-&_rMz>p7$4x;4Kl)`TWP= zydGfxA4H!2)_%?7$wSDW3-vUC^FF#cycXhXV1Hr$mWbzm@d&&!@-&0r0dED5ysr@X zNf`TokvX~(2_k=riQ#r{jrjZRujBULHte@Db<_*NfZhDa3Pov2VOz=!tmFTk`V`Rk2*g^L~@@>{~D7_r68OLvJ|aBcJ8> z>kY;~4d?N>FP!^DKX^UV&v;&^@jj?5;`<{{ZTJ8&EDKMEfOXCKDEc|4DHJ@6djxj&ADvkw#C>;uoU z?88LFbANdr-Vp0G3Emt&8QuZ@0-VSBSy6m;6n_QI{gm^oyncHX@w}dVEsD>9Gyi-z z^Us6x_`vyLuI~cG(-*>7=bP|C=;va1c{s;UZ8(q5E#XU$hxIIlKaTiiaNZZJgmb@M z1?RYW8_w~w8qWP_4V?X13+H|AIyjFfbe^ZyBfc%x_Z>LTM;qYWuQ$QjPd?}3{=OOU zoIm07HLe%)v;Ta~k{9*Ai~Q^xpL6j!BlGY&e+uRU*$18AE)bk+f z+y;-p5{@59-*58&+cKKMN$kM|*C8;q?-?V-4it^H#1GpX>2GEBeF8!{>&4FLxczGje>+!G1wMfd12Yoyl?aG2-c; zz?tXMDE=8da?cp~i3~r!C!9M@?S122QR+X0JoymM`+C;%CF1W!JfG{8fgeUZ*Z1ov zeiY8-ejCM)Me*Zs*2(8|tn)j>v(6vj++X;fFpqn?5YPLLQ*fRKcf*IFZ_G0jej4$t z^Gp=~3C@0=jpFB`_<1<{$>(wG=LN*G&flW=B{=K+Gm2l1;#c6Tlh4;!=T*e>eD^op z&v%jI$#po-<2T^d!uIm>f`88@pS#5*yLsQy2HW=<@;nRYadkSJ$FW6l9>>#vx>L{KD&N^?8;_0J!1~}`? z5T(wHh-aO5Me%HK)|n%U=Y;dTkUI9f?C(ADypSB{Yv#Wjd2Z#rkO%SX1D|Vfd*wwu z`%oZ?7lgCU!cn{koPEgp5BpFId2Xc-B@oX(@c9M%P%=tE59 zH#p-5!E>RXli}5nhu6K;;auMuaMoE1&c4-#Gfy2j`&JjuzSV=XZ}s76eI>g4r#OE}-tV?UXv0OIM4Z;U#5e0vDa>y0LG z-p4hCXUB5+o)704uErkUd_I%+egEz}?$;-N|IY2s`*-Hy{Wbg00(Ek|9**KI;oOdo zzxRh8~jnkKMB8;?eY}j zZ>4WN5PvKAdm;W-^7lskt>k|IeZH0aPa{9K7soBP*D&PgycXXd;P(0&^9*gVUH(8G zp1-(X^Ek%kRz;qEsGrAG*3a`4^HfA0*3ai1{gI#b|AP8^ArI$C2E+MW?0=%q$D;H( z9qRv|=+6M;XMd8w|7m}C-W-TLoNpNf=lB^6XPzN&9^d%tLc${6rAIv7|v7NANgFP zCi3vQr5T*_)m*R9SnhL(=RE&nIG>xWh4cF7eK_YszJ&Ao=SMh~dl}C4N|C_+A~OHO z>#@7xoQJOjXZ;VtS!YK$=WY7IS^r2lpW{!0v;J4%+%AjY&tbc4f{%rN4Ciu>z^Q3>D({)Jd69qTgYD({g3<(7eCK(y_UhbUI(JA*9ydQy;eqX=HYtLxn6w!bt~)j zHkQllggqGld_M9XJQw=27tZ_WSCPL8;#Z(Q^@96+MVrX~i2dRI&f^B_S%duCE^Fc3 zF2}H3_J2L%>F-2w=HYgsbGz_4+O2GtjaV+%YZIL7bvDX+Z9zQO>)j~MJX|k2*Ne~H zZe_i;VY$4I$L;%^qodhvPIt*qCFST5IVKb-5u&*QNEj}TA)IEph5*Ne{e;`6CnS+9dw zF4yZ*IM=H}lopX|e_p>a50AIsW4Rvh=if=;{L69v1L7N_o*dZjkHb$Qp6|W1 zMf?oJvrb-bS4EzW5#JJdzJ;Gc{3Uoh#3xT+e-XLgXP!IY%u^iBJk8_pe|7P5l4e{&f-Y+`kH9Ts@BU`VH~izq%uy`xoongggzA=Og$N z$ny>S65@Y@^K(hbuwO6_-`ixKVu)v+X7J9ahx=DyIQOsLQ76aeA8_XR6V7qP`9Pk3 zFC(7g?FyXv|BB+*;MvhnKHn?|{~PhV54r)bj`*15H}6{uzt=X5P3LX z_aOTJ81g4V{H-jvBkJdJ6C=+*T`sR%k|Ga189XcMPY%Bu&gV^>?@EFATUpXtMxU!j*^Ydkay#nb{>bke%p3AV zj^`O;<5Pt{bAID1>_?pU`v%?-^>9Aq=_o!N&hKNK0Ox%5t<;}6O8xhsPS&3V{bBul zUcmb4|FnJ{KkvYD>36|7|CtTW?VBC`6#B+^)|mtG6A`}v$2~q5$ccC!XL7-FAJysO?d%&mScsl`J4DnOp#o=?{JdW`^ z%l(DdV*JCB&wXnXW;Cyb#`2;Sv4C3n|Pgyv(`#tdgpGXK5sTdBW1 z;_IUR`{2x9A&OUu;+3QL{c!F_eE!1wuPTV=@sQ7D{CUA`vFpL#hr;@6AP@b4C|(oJ zI{7?>b=E@sKdrL}`d&d!McPwIREd01!HDBcauIyv9YI-f-RKdqD3hrEBGb6)*U95;Gmxw+xJ z;5&S7vwvZSa&+XVB&h0n=&h1F&cBFGV4n!Vq$8M;T+wpGr zt!zieb34*+WjivS+mUs0JJPuwIp4_bNauEZ2L0i7EQCJrcrqCAIkDY`z?q-(d)&Sw z5YOw_k?^~bpZ71^UZW9T74e+k%o-M~4KWFq1;-@1&=YROU!JJp&eH^#% z4CLW{%6S;xH}SbApT97k&tG1Sl7A+g$AMY!`@;GrjQwxg*#BD=`5&=AJg)Nm)x`cf z?z#DF&XFVUl8NV-ze+Xwi zoZnzQ`w`FlAHiAA$8g3UjN+fdSr6wiSkGsOXZ}NQ*7F6N@rR@MS8&$D`3lx^1o6y& z6wZ3SfiwPC6h97UJ)DMao`M-y=o*&?hKNZDK!&wjKA6Umfg{2U@{-J-~W6U%}%r{XyjU1^%bwjE+L-djrWOk-pA2-KSk$#5S{lg zJYW2UdbqyV;Ji-w8_sxM=Wx4UM|^9Hw;S;Ea9%&>g~z10`CKOUf5!bp_B+P^C)ZI4 zke}Nz+I96?7$>|h=Jgw|m$;vD945wcxxJFY+5c$!T{6UTyQGA3y?C9&@tF$o%#$XH z-wtPfUbirR`Y7=k;k<96^FAmO;#p_rD4rG0I(gl~I`2e0^Jk0VIpNID>k#J8g?Q%A z9mVs(nV;7c%%30e%wI5y7lAWBuM?QRDB_vFcoZ)MXMUddnZGpRnZIllzZcH@JdZPf zdBpR0#qZnad@tXNz8}XQo=^E6>C-sAF@LY5H;-e?&-X%^pXV>;AB6loZt%Rr<9sEo zFW*n*JVtJ;S7pTe{7mF{%lD1h=PHQj{!8cnTNUyDNuKJ+vlsQ>506P;e-Wv_8aywY z&oyeo3!~5T;mp4s&i66S!E+*yf3Iz%9{Sy=|DT>mYGA#19mw+quUqCOyEzUyk5?CY zDx)5HefT`&X$yY?&hg&@`KyI^pZEJG-|NWl3w;*L<@;3A;e2mu5uEQ$t%38sDUPd$ zQU6iI^Zh9Hxh3M+XFB^#XP+NI9`?Bv{C{G(t&u<4a-)qmZud6G^WVDu=lmqUpP9$K zwpcE`9h`NxhySo#5c; zttVX~bFHUwxB%CBUJITJ%l$QR_(SY}SkEOm>-imC9(n$NSB3uxuLHjfZw$WzZwbE& z?*RV`{sjCQychg$_(1q?@DcD%vE#>o#=$$or@+r4&rJAv_*{4wnHP|jbH~1&;$awbga~K}UGc$~n^{d(|p5eV_Wpl|-UxyWBHgy%y1oA840MevgF#qjd*CGe{7x8QZ)XW{<- zYUHn%!CNAJIlKdW1^fy4N_a2$D)>P7+wc+a)9`WdAK_ErT`}Hf!n?ue!k>gMhDXL# z_1L+C$j>VAX2G|^IetEXNAg?_@zbA0B4b9@$rb9|PBb9|PEFGZbI;iuqr;2fWg;T)eW z;T)eG;2fV%z&Sp9!H=V!f$;C(BjDXJ-p0Y7f=_|>fX{?S{%5bSjJe{^244l|_}KuD z{LeaJoNN~#6#N76&qMyh@JRj*K0e_+QU7Il|5#5K8M~36@b4nSH*M_y9S?EI;JuK? z&jXS80myR);v;!-g+CXB4@92waMthV0nOhS@sa!;!k_)Wk@!K#-wW}~KLXDB$H61{ z=Y~Jegg=A)i{Z@g+aXfVVDx7@;^X=p{+ui}F7gwJXPQm~^#AH5qd4>T zM*Y71Bl(MYQ0)J{19^(WbHNjaV{n96507K4hsUw<$iw4URXC4hb>KXXHHIfbJuTrp zj&*?ZJo^Nk$FW{;9>)g4c^n%7=W%QtoX4>#@YOh8&4g#idd-FBfG>vUgs+0X+84gLW<8$21jPn2-hues@Lcf!Gp=mE{+}LKw_`ibMgP;o7sE5aIj%Co zIj+*ewX@SGf@Xf5yrGJL81sow?{go#TYgaYE-fp>Ie2Xvd#u zI1U$#Q}gZclJF1V<>CLW^BS+uTO$Ae z-_L9N(YLu+uaDszSD(N+t`5REu0DeEc+wB!Bo~&;ad<1+{eSv;=6~1i&OURy)4AR0 z-0pO4cRIKGb2z`;%69+%>N@uSYMz$;0t{EA@nZ(~1wJA1KM%G#`-xX7Z$3i&_QEzXF;V=N(9lrUzt;Eiix&8X#2;T``In0K4HG0= z#9vHn@gIv)Vgw_ugs#yZGRemfyec%lp<~w*~t5>AA0a*78)a|NLux zzi({u^~LWSYIQy=et(!S?j*kWeS_ZO1=?DkVd90t3l|f`FT82s^X*>$$s?9$p~P?K zX1-ed^g{;Q#OF`3`2FI^s+)f$e%DV1r^J)2H~3Aw*{-mmZ1eo9&sk5Hrxu?R#>1WB zCo&im5dY)4L0R$9VS>4uc!Qn>jl|EqZ1uDj&l@g4e7@TIf9YO}?(@U3`~`wV^&e?J7a z3D@47RwuJqKKhyE}CWCFc{w&fxaUsj^bCvF1e~NI8>VErH%j0u>?jD~{ z;`h8@@%M{+d`5ryuf|7zVpRBKJqS5m;G35J zees>0E$)DL@9=@eQ{rdC3F@qP&OBC6(s1wZ%Wc2VmYYWWk+4G)5HDZN;v?Vf9QpA) zhcB2%KFd!Z9iHPnD!#O+#Yf(CWPJ5SHa>@nx2kLLW5vI1Zt>H_YljCQ{yg97eDHOP zUnKFT4p{!J;?JMAzU>w-wASK(7vIst)+b@Ofb->gJ!!-@CAE4oiH{58zo@v^Q${>R zd#m#?@!P^LqUkB_*HO=kPruvhe_p)%>$bj;-)R#0@%1WE-#qfJAieW+t0(du{`8$m z%p>1{Pd{JL@EykklK zdAQYCM7&1WE@j1=*Rc3X;&bv@{+i;iePsTi_}uQ6r=@s}XKb82Dt=?X)!j|p<0IcS z!S#BpndOOm7Xdx#BlhRWXTa&xez7_u?*P+Bp0z*E7jJseJn~tO$d8YchT#Q=$Y(|A zEfd-LMm~c{pI*k6yGguh_&{ysvx6Zuc% zKI_c1BP0yhBKT&SW~4)67)7yq!5)t^ng`DOd}g~eCQu=-1jzZR~qs)%3s z!1B})|2_Dl;$Hug;$DA0aj$>4_>%Ir+)3hF=2-nNiBJC3`ng2>XgIIEC;t1-mgkuG z9Rn@TpW?YkS)Xr+pL^Wmv!$|neS6gi?|J4GPczBl?iEk4$m*#gzG#%iw-G;D$h?zy zg~8?{#nXfv?(yQ)I@x-?Deiqc}sf8%S5ze_w@ee;Uq1H$qA0r4w?tp5$fH(#{v+g^NsI?MlPn2_>1OC+*9 zPm3?^YVpIx6XZ0XCVq0i`E2p~>R3H1#65nU_#0=fo{z-+I^mFbg{Q3Vzlyh+aoWv#Qu06Uh8c2-yxp9fyI{-&-SRrR~Fyb(dus#CS*N-i7*e)O?=cI%hOA| za1N`lpZJBz7C%A!+HtG%W$`mz&0iBw_`TJ+NZj*p7H>S;jI{Wi;vIgldh(062*-{4#eWL-7d6F?r?>oV#lM(f-c3AtnAhqp{$zMj zcf5GN7aDgJmEKWoLG4fiRV#WRM9($B>22-i7Zi@*1i)$^Npy>NVp$!P26ea;$Q&`u^k zAbc@%F7XnR?B5p@uOIH4s)_Fn6SsB6p9&Mz9mRbfshju<18u!ViTm}{MDatrEPl24 ziQVR##Q&aUepKAAKYtMKl-J@DWQyNUk54YX@iiN_CB;3yy!hYYIZIb@kMAvBXRFmQ zS={4ih>r@_Kktfr{BH5mWv%{S#W#fc$t&U?WU~0ondA4z<8z27U2Aa_#XY`;c+v&7 ze{~SgAAWK16XHugwftkmJ${n7A9vmo_xRP~1s}Kd{aD=ZFTNDd-Ou8$h5a;sxKZf8Rvh<6DVuxMt&di1?fDTAtD34|FkqQ{3ZMh^Oyu>-&kg#~&6S z6MhlU4RMc88jkmV9Lp1~w+o4X7+%0HCH{I5tG}tZ$F~;G7Oq!^ihKMR@g;pN|1xop zUn~CgYU|Gz;%Ca)IR94s?w2ipO!z#a_rc?ni4S_w@)Q>L_|oFD!h^m?#6A8|@g(`J zo>AhL+u3p_ink8u&E?`AzfL^!GRyy^xW^w8|MGq7XOb{~G>{NX+p|F?Mc zBIYUYvVZ4&Ya7mYS;hT+Jhyo1n)dHYi9b2S`kW?P{QRS)+n=+EzYylh3yJ%EZYlBn z;Xb#n_!})Oe`|5SpL#;v^Y;>Ox6<-V63?{6e73mXU(Xls{G7#a7WeDeo#G>Eh2w*G z>tVLNz7_wovE~0&-0zRBi~IFq%Ix; z6fe5M;=74^p5Edc!t?RT;-g}${#V6!hWX67;$3&!a@UFbI6Nr6BfG_)5bt@(`g2Zv z)<}#0OWem{>M&p8{U038gIUF2jC%twCMK8ow2GF$toX%nonKLW-dGzyEyZ6uZuNJG z;!lZZ_}1dbh~Kl_e46;MwYJ>3;v2*B#I@r6!?@Zk?$-^UiDyk^eK;ci-g2wwqPXY3 zB0lk98$ap7i)y}ImMpURvxxr@USKIM?)z6oanDm-{F9xw+(*QdH8<}dzWJK1??CbI z_SpIk7vHnl{AKalhb;eV;;%Kd{OiP*erfSr#HWUNjBmt`Rlp48L%!n7GH^Bc5!o^|O(<$F~swIn3J+68HF# z;y;eEx)+Fh{4()Z!}F2P#XbJ0_`yf4{u|;RpEPg$zWv_X{+vtP;|q!(=$k0+AJh`} z_(tLh!}Vx)agXmSK5Ln6->KqV!u~j0JWVF6XN|Z&ci1dmxsk;m7Weq$;**M4KmQi@ z_{90*_w$J^7N1+(;|q)DOKkDA#XbH(@u^{+v%7fH@B#Y1;?u+R{PW`e++@1=xR7U= zxW}&*9~9;ZKNFwW+xqgW`0n>@`z8zX3cmlY4DSbK68GmL*~J%y_d@Rx_vb9t#XV0w z@t1$FIy;K{bCz!68K1N5^{lwZPY`c6+~Vhp`}3x^#0$q*e|Cub^QL{`zlP_wC&c}^ z&rjl8Mp*uY1>%oef9{h){KJN}zvLG8=RSqSdxqzR)y4g}Pd)KoH>{qH;(ou}O*}z( zVgFh2KVPysCx}m4ZoXLD<5!92xZC3QiuW&Oeo(ya67!Sde~!29epb9-Rf|ttFn<5b z{cL?mEq-q}U*{M1_~PO#!t$z%e-_?Pt|vYx%x||7_vdI`#E)2+F~h|DIod>Ve~vay zeA#5{&noc=;d#@$;+|)>_}o{lpFfIEy~8|3c(2EgGYyK`a`TJ(bGqW<3(MFF*An;m zM&gstTK+EL{#>tz_?GZ|uR!>p!_SJ3smK7h?#roM$ z+}}5AF8<=rmZy)n$3G*U{fx!GEbj6Cyv5gR?0r_x`%&UQ60g4?j5l%5e_8zPoYtRA zMQu60T#wH#{?S_&Uq#&GYm28kX7zLuADPzr&|Q3df6G5j+~Z#n&z#)yzbo$XyTu!Y zWO=N6Y@Q-=3qd_VH|4C0x?^U4b1 z9$#I&*ejO5hq%Z07jIbIw$~hSk6$SM@+RxsL2-}&N<7&#t0yMBU#9DuOnh7;i!Uqg z`74RH4D)qQhDW(h+q4~ z>Ygg@?}5w~|1KPd-xK%vz2X;>T0K9Dd;D+W6DnDJrZVyS>G9dcCx-W9s)+l0AhpF; z9`p@85&#+r45Et9wV3_);HTd@%!WPdBt<)w((X=+}{Ifr2dD+_fikSycuo4CIR@|XDQ+pM1K<>L3p7f;?;UvJxj$sevSA8k6Ycx#QiyZ=DEaQo?>21{P%F)sW0yJG!=h2kJZyb z-17_)&$-9qM~YVqpI3cBe9}3KUoQU5QX4;O#XlTm{+_t^=a_h%N;Y0ki@%rD@+7Vh ze?0qpXlca#J+v(1H-_84FChL@xLzqM?$3FviEn(!wpSx@f1jtdxW8Zbgm}AT*3X{e z-NJqQ^Wy%zc$T>5nJYd!9GBLL`~3W7@v&E|Kc9*F^PMB&8M{~?E{i95($*_`#rWH6 z!H@Rm+~U{57vvNWPq^Fi)DZ9VhmD7Z;y>MH-ZqLqCVni;pAQh9H`wwF6(3gJ>VHYx zmpe!NvE)|&dU1b#w^h8;M$4Zi><50_XnmJ?KJixJeVa<+W5b{8iFvu#|xBmS?xiT{?}>OU+#EXMq_c%rT5 z7sba{u;pGC?;YMNOHtXjgKw8lKDGGF;#I?aSsw9IpW44KB;LD=)l*iy|9956isF-I zm^Tsk_(#Nld%*Jd65slV`4I8z;d$8$;w$!9{5B4{&aZm@PW7=ua1eY%46%Bu1fs=cf4x#=MkSDmRnFfM|i$p zT>NUdo-Ql?a_|b`S;BLo+TtbmS$(a))-Ib3}GJc}PI zo-w?KJWKp=m|uEJe8lZGPS%Jw4dUw#nKa^rq$cR=ntC z%k!i7=ixg4g7_cbTKrY$Nm$jE@5l3Loh&|;_}Ah5m{GiIO{+79`0Q$yKfn0i zaDFK%K03^gl@~8@JSOg^dR6+^i^%wfAP6JHkYQ`U-43->!) z#aGX_KD;kJcz8_Q&nM!qzhr(`d}8=K!U^$C;XQ<(#9wM+>vc)|*oQH3Ki9;ohR=N` zsb+ug`{#N#htj{W&b|p9}a&+~)!Q6!-i$#CwM0L$(_6`|qDGD_x#_BXReqq?jQUi?(u(%?+*95nZkM4$6=9biQ@8P z6W<#A9`TxkExwX?p0K~P5chH0QT$qXuW3*eA0ggpg7tZtxaXNIzThFNbG5j~Zxru% z*zz9~_xQu&89%f53*sLCr})Y6o@b_-ww=BIWB1sfvx=t-=jGz!LoQi-74c8=SUt7H zmxTN7cH$o2MSN2~8&^Zc{kZXhxIfQ*S-fEwKP$wCl(p@$UOes7=6l6G{-F3fO{@=R z#6A93@$-EwfAU)K`|t6$i(edTeJC#O@#VxnIB9tsiFHxJL}4vRmv(E4^t{DDc9=bU)D@LoiU+VT5b>MiSMdhv@h zEUtuj_wYH9d&S2-Wy^g;+~>)k5PxW(EqAr}`_nDYCh^LHE&hPG#~%_ObHVcbD896o z`33R2U$gbSBJRh@q;=x=?e$dl=d|J}Ke0N?iTm-Pj=1M(EdF)4j~gKVPME(PF1{js zf&D!3c6V4kOT;s@vOa7P_xN4n8^iZM92NKD&v|jr^QZX4FfWm@Zv1}wbxr|s&r?Et z#7rCiO~n2Bp|iN>c}o1d@V?e_;vPR)ykbGC`%Q6=Um?D9kj3v8_xR7n7lqGd{2}h~ z*TqK;we6UzUi^M~d_nP@VSc-oxW_jVZ~L5$pYGyg!~WY>d`D`FpCswa@rA_i-)HgF#r=6-V{w1} z)l&Sc zgZTaQ&q-w#_dGeow|B9BUryXV_jJE__vTiA3vrKcC!Xw}jfei?{yC{(;)_OE{u$!_ zIjPsg=S{Hs*Ngk-q_&E$`NFpQ7vlaosc*%Tb+LN>5clV>*TwG&&+#)ijK5v{J}!rN z^6;FooVb6E>3;DyE?Yehi+g-~@kZe~d8oL5?rDtptmkce%@X&|Jw!N;1`{#+0Hj3Y8|2$Dz@tWcNjiTcI`KAiuo~OF_hMLy@ z_TrcFnLjQ*a;z(=eP4~YBwu?@tx*RlFLiFWHr&V|gAG&)mbjt9Yso=3~X5Noak0K|JwXtADk) ze~;TH@dM%d@H6oX%`DH?;zOp{a(@&5>jfK!e~IS}&vUbfd4&|Qs}uQL+w-$+z4D3A z4cC*k#b@`o_y@%gd}#Ib7VjAH4-`LA-Rhho{^)4S^Rjs7@VVf(#1~AndRB`st8RHd z6!-77_*DG(> z%hOGKXJV^=ptwKxpCSHK=<{ph?<}x9%f$V?g3rW#UgCuK^)NqmUfi$euZjEnd&!%{ z@2B6-W)}DN_wtDQdv}G!uWqou)fV^rf@b2Lr?q&!-d0~valdZtFWxsCuO^H8eaB1U zYm(TwS|k2cKCAz*_%|uczY*`Y%lw4+m*MzuUi|Iw{Pc==#jTd-hWN04)`#@X<8QCG z_S^W$BK~-|-pC_H)Z!i2TK@}+`+2#vc-?TGs4won z7p#f+g2T4HUB&(PQuP*pd%M*=LA=;d%QIE{aAvFjE%8p_^Dpm+&&q23+%3K)d{69N z@iSrG?>q5h_gg&|#J6;_`u`UH=pL&x`NQ$I%PV1?DwDX+f8H(b_dCVKE6uj`swn>X z1LoDmzie&ZT->)y8}W4E{gA%mDOcF~%oN}GfcX~jA>nfz$Hjl1YW+Daek45iPu4Pi z-!_Hk7iqe>J#RR#65n6c+2p4#y#S`AAKe6d5(+s3iI<<#Qpdg z(<*-7D&4StW*1*L&f@ZlkJxNpN!;UWh?ffcZ)@>u;qz!6#dCz`PtS;Z{7CV?*I50t z#2*RY<2P4)&O(ddDE`+gwqD!CvxU#~92WQU%Q5levnd@^ljS_@UyRj#__4i>IAu^-mS|JWIvLmbCcQ;$0G1 z{_WzP=PU8OKU)3A#aA7(Jmw_bX}f-NZe<#|rE79&wNVNIc0RtLHoMZQ;7~C-HNgY`Is(AAQ^Mq-hs_ zdo}HAo&d!9GN zD}>LREEm5V<~KKqd!CQPHeK5KJhi5TmI7Go~M@hk*1cXq4;MnTb@?po~MU+lPs2}pLo^qzVx%=o@a)5(XVX% z=Zf#CY`#*w@$FXUE^*(#_KUw0jz7o5J^r+K=Imkr60cv z?q`pD;j^_9ox5wBm&;tPwHC}i95UUAP;UwmsV zi*F)cF}yd`UflCMEq-}Pg1EY$5x!_HQ&GHD zS&OeOeq_4U^Psrrc}(1oOHYYk>XtBW0mHSU#K4JNXi+lW7@gsj)A6^&t^WZ}9bx&J8?}>ZK5^E4IrJblC;US)lLR^0PU6!$!DiNCVZ z^1LnHxu?~+RowIM5%>J3#P1L9AD$I|=sDYtSH(SlqVQgrkAKgfTf9nmpSh6uzJa#= z%87gaD&n5Mop{0TtPh>V7tgc$`-pq~!Q!5Ow)kD){5Vg%bSBHcLfrGeBkuXX5dVCq z<@rW@O1SR*N!;`QChqyuKOTR-*ch&>vx-;lVdE;lxaTh+?)e*uKk=^B-&}lkc+SyL z-19#v?)fK(`*~ryxL*&vC4T*gt^WpbpJ#qwymvT09}!Qv)B1Bl{M9gT|Fig&(C6R8 zKe)^CqM$k9e0EmUq5*?eMvSx5OWL z!}1>yKX=Idg!mW7EPwiL@#}x}TdU_z@t1EmuP5H>qW$|O;!B2EAD$I|Jiqw_@%7>O zyh*&?PnLg&_<+t<&qeV$xh(#w_>Do5YI5o>X{~9He5f?756+F#RqJ${=6$*Iy_I`C+>N^7oXbJ#?NW-BP-1> ziF=;ZPsQI}w{Nrf+r{&Q@5#v_?s@JN&l$cqprZJO^OnDkxaWCP-1nEx;{C&X(M0hk zJ1qY!aomTW?tYi{f9UvhkKOykF_ZCEwrE ziZ`fa@kPWvzKnRC*R7t$;Zz=vvHyek&#Qpj5Q1SQvw0g#fmlEgY`$5% zZ(7T9K>Yo%zK6vB%xZO>75Dhx#a|E4r&9N{<$Is~eV&Zs8N)n#5pjS1TSok@WL8go zaeuztRD9i?R!4Vnzi#O({#1A#F-hFV;fvzcH(5PP#C@DB7a!Ky`oC9vZMbf{EIuu* z)nA}j{C+0fW8=Jq_|a1q*G_z46{~Z+_}aHD{zdUo;qy~l#M3-%_3sidA3mRQUi@52 zTkfCg$!xi~!~2XrPSS<@#=_zc&agbq#dE)I^|Te=6aG9-yjus$Gevx1S?lL!@e^U* zW~cbH{Z{`u@r>bnjs6fnncCuS>tp}*_4VU$QSl-%R%ZqAI^lWfL*ia%J8?g*J}K_w z`DyWbjjf*(#r?QCP5f+MTc2g(KK@sUx4dHc_ltY{=i)PuTKuo#eq6mGJ}8`DZhty{ zpZ&O+L)?$6`Ni+fX#c*Zc=jc>UD}BIakYoIA1C{Z&#q{BCX0Lg4Ds1*Y<#W|_v7k1 z@$B0|pT+&S`nmYhaR2g)xF1(9iBGO!{Yf3RzmI1>u4WRyw%gXXxVVqQ(&D>US^f3I zeVjBBuV32ocN6#hv5)wfCoTVQao-=8iu?O-8^ry6$Zg_f!sll{75DcczY@Q_zir=` ze(}d`iEHL*#QpjzpZNFFExxpP%5XheMcnhW6ZiMoI*b1uo@Wgd_xR!BjSg5nGsS&> zTqy2&mWdC|V0m_n`*_$d{z!O#^^CZ`7k5GYd`}w>$@<6dzsIK)-~Nf!Q$XC`iz_aE z@^g!?CGPPJ#m^P6Iy#H{{@7hSeRYc;BkueA^Wu+>xBX>-xbMG9#S4b(l3n6{emNt4 zM|eNv4{?7!^|yH0Fz=IYK>YrDd=~ME&shB>#67;8_~{`Q-$>l!n~SFp?gK@DrAm)rK=72=+Mz4-Z3mj5Ghe?Ikvc&ECyeb0;gcDy3)^JXc+{hx1_B}r|$S;T$Z z<`A#g*2ZlqagQ%A{?KZxv$43xKP=v8t;P2g_xS$eW!qZ(WO0vwNqk}0j;qCe9Bvd} zlfc$@zqrSLCf+r?_kK#;_q*T3eS7^a?)zP;XKefU_8J-9%gQhA^%NJ+c-ZQ%ChqZd z#XE+1{x;(NJi3RtKVR-IzVWz?|MB7;|Dt&I4=jFxxbH8^#FK~jledX`{QKe~!+g&7 z;vWCA_|rqJ?}@@ZsQ2IZ_vGR?!gHB?;-0^l_&3`ue@$`U-y4eO-e%*xi@1-UUgEyL zKPSGUtc{21;(lE>UwrB%i(fD9&#ktKZw}v&x<}lfLwzj1YN>7a)8Za~UVKb=u9S30 z{QbhWOIq>iVZNxSxW|_jzgo`v{E)a`=R6|be7@D+M|@5$tM3`{F>@?_oVY*lcv;-H z<8tv*;r?s0xNpb3;(hDbcKll0=WkDlw@z$*xGL^_iwXOO?-#Y7xA<)0oi<~W=RLj@zx=YT z*9CF!=Oyu(X)Hcnc#h$H_V_!*Gks@$xJTUQJt~XO`_tl^i~D_6M{%F`=qBDg%r}k~ zpBcU%Z?3q{d#o1sd5lfsi^Bf+skp}<5&ts0&wo+e=RK~7?+?!-(hawMd!PM2=nnB& z?W}Jl#r;03y!iZZJ@AnDzm6y3ztppF)koaNVSn+i8?5fh;yzBMif0R-Q(htN^B(KP z6NmRhc8dGF$9Zx8oZvNapZ7>KB7UEHe`fv6Ebj9j*~RPpZ2$fN@wHv7Z%xGgxY1R- zN1m9tpZ?-g9x)#!?s?{m`~1Ta@pr>}FI&Vtey8|rU&h4!92NKd@r=0Vxgh>=;kYz0 z$w%6MeLVYkNGG1?b&D$|?(-OB#d939J~t5e_@?4b!u#Y;iu*i9AMqEnS^f#)9{-|v zmx4BamWccQxJvxaw=I6JxbN?uh>uKd_53LA`|o-2X;&;h*|YKc@8_3d;>9dHrh>TN zzf==XS1UnW;%4F=-&%ZDcyIG*agTpSJkuV_KULi0XNe!!Wb661xW{i0Ul_gz=8(AG zj~o@>7@pUk7x(x-#6P<`VO&AUN5${I-+!eS_v`0u;(q^CMEr^Ho@7;VucwaqiQd-F z*5V%jn0SI0tp5JuejhPRd_Yah|Dw3Z&lJBejpbh@?(rMM?+(wWJ`wlh$rs{n4_ew7;wfO1c9{-B?sqkLM8gY-`Bwp!oqPT{AD(>-LiJyMY;{Oo$arn3RcOTn!NjE0` zcJcTu;zN^ITw!tF@9q`%?Nv?O_q)d8vkO`NZsJ}~AMyKsv-KS#?(vhvn}pA4&K380 zkJaKnkFiPo%|ETq1L7WkNPNj3HcoyN_xNuIDAXo$In`E-{1F%XTM=}9v1iO zx>Mr!hWCQ5iu=4r!m;uDe=LdBnNr;6F*1lxtYPs*#67-@c>nNxw!XM;m!{%bx7)bt zCGPP9#SfOU_?N`}I%kgfmS1fB*Ne}|WxiE>{tU~%U)<+Cz83fG_^WuoBsM;8i2HU- zJud!s+3|w?Ij6YKOXL?{5Z;%#U)=llfOz{gR!;|U&)-QrX4OFV7+ z#Y^JnimS>ari{bg{9&yie zO5Eok&Wf)J=bf16+=+GkAGRbMA)BKiu*jqdhv>TtPdZFd;B5sb>V*Gthn!wm&AMbvHDX_ioaca zf6pks{)&y0qT;^)mJx4o%JMf5_w!3{@n-EU|1fdCe;Fe_v!K;IQ{3ZU7ysf#J3hQ4 z?(tj2b56JTFT_3m8}Y)eE&g|LkH02f{5PvV>*V z?)P6U#QplYgSg*+^%QR(eqZNkaj)lj@i&{6O_ zJ^rY8>7*8aN!;VFiDye;@fpMQV~W`JMn0G1$CEq7$Ax*Ya^jxtJZ} z$6vSjXT`m5{>2hsHL2DAnfQse=HH3?dR-RZ|FkVP<#hXZzTExk z%rl7(Ja5Ot+~WQ{?Ipy^SFpV0#P2F>dFqLK{6pgH!h5k@#XY{4c;;qS|9EkapCaD; zNvm^(xNom@;zcgn_B|->-zWdAxc@%23*!Dg@PCS@OKbIHdMW;PNmtYQR#e=7?@}4@ zCrjDCuP^Sucd3c^D?eD@x{3SmpBfL%8S(pH<9_>dR`J&_o0k&z-w#z@e0X{5 zPh)Za{Ynpu{}tv>dW!q+IT|AFzvpO__~9_l7mBB7YW2S-?!Ry71MySg^N+{H{r3m` zD86!wt#3?tZ_AG}^}_KXwYdMDpiJVa!uRJF6E6|YgZGFJ&Tq?YB)+$`jq?`bt(Mt# z?X3-3#86F;%r>e(YcXTRk?Bc6Md#s4Z^H;Z|inYMiI zv&Ux^|7wiIR~Gm9n&QR7yl8)Mj~^!f&N8dx6>*P$L%d4(Ub21S9{;I$x>T0`y7-1L zzm#NF{5~WO^V@mEJ-&!|uR%5*>WF)MWAR_Y`?ODq=MT?+{rf6>yEG5mcWRXQ+2Y~y zD&`$=&%aIlcwO7RN5vC_=d(YE*L}_Um1K7OzIl9V@hN{;TnTZHFDE{_u=TU8xW{)E zZ&|_ej}?FOUGo>jkKSqP`?k2pZxF9B*YX?@_xSI`M~BZ}BzwjFoo`2vPba>Aovm+a z@eeOsofX6%dd$3yxW{)Auan7+56_8v{3P)_KU&>u#XWwD`1bI5;cvyygzx)3C0;ws zb0&K=et$eZop_xop+Djtf1h~ae73$F#6A8A@ivpJpA*C{x3lF=70(>z?bnKX{ATfE z;l1B)#6A88@dE3u{*-g#_s8Qih{uHYe(w=)8{RvuEdE)4%iCVuQop#J>{WbACeHpL6vS_vg+-#qasq`v0nU*Y&pCHRArpZ7e!Kj*41@ryTDd?#_g9_}t) zCfuit5%+O8UVOvf)}MLeK28>jf3i3x?&m#mf9||j{PYFO|An|ecTPAjE?tcGVQ`2` zEAG#oGmH0YWcdq;`*Y`#;+N0Z@*WmnP$fa!Uvw7tzpRR6JMs{MSx#kN;47!dk2UdvQOW`1cn0@#mecR)6A!@wb=fPc6Re zU5m>n?$4cziCg=NFHPuO4XQu!p#h+kWB?KVr)rC+_hth(Dj$@-Gti z_!Z*ilUn@y;vRoMyw^6X=cKsD|013_d@b?uWo`Vo6Zh@XMSSgU+wP;pJ$|D2 zpp%w=vAAF7tP=mejcu2`;&XD@au1643(t>^iTiWsbK<@oZwvQB-v6wpEq{7(-;TM& zJDjli(&GMH_&)LX!~Nt#;@-E1#eb}4+x=;A&p$xCN%$V=`QiyzSU*>Z`+DsWFJH!% zdq~{le-Xdb-uiG=+~-Mdf6M;f`|RI)nM2&KV~dFU{b?ET_s7||sxR*IBu&Nd4CmSI z;@wbWrwG@NDPr5j_b1bcKX%Htdtq^(Cn+ud z(tL}rBJT4fPm25RQywVp^CZK?pPg*=PZjrhl3C)_UbX&g7hj#z@_Z!j$BmQX*$!GB zzwY+FrToS6+>m(BlVf@OaqjaK`NY%Zx4xAZ_xLK}{lj%~OL5;HJBxds?&8UtS$$)~ z{kZYGc$d8vzeL>UJywaIPG#%$fw;$iEM7JIzSq;@KJRf({77P}C&`NVefId&;xl^L z_R1&j`(sh@nBo>+Q{4CW2I8NE_nAA1`~Lf+_{HCCT#Xj@^UD(P{qI`*dU3zsc~|_S z;nx38#6A8?@t8lYkLSfb{txkdS1mrx%J}{F_)Ow6pR>4P;vQdC{9-u%JS6V-FD=C@ zEVlK1QrzSFh)-B&^^6hs`?bm9e!V?Y-0#;GiTm@CE#h9!F7bjhZM=Oc?(xUOf4V;$ zm&EG$t{2CRq?l%$7dAZ($)G|RNUjsif8C<@eRcNc+x~XfB4*S4{^`mU;I#Y z%RgD%@0(_buN-9kSt;(@aih3jZ|@Ud^0W2pOK~5!--=hCWXt_k+~Y5c*L~jBD_wYR z*Uv8=pGExL$rfKi+~doM|8mZ@dn0j=Z!SJ|t*vh#aUX|+#D|CXTAvs9_-W$Hr&>L4 ziu-=IM%=g8yW+mz?H6Cx$@+6j-0L~_zv#NlsH>{B?c;QJNrNCQNJvUbN=SFNB3)8S zDkXwQmr@ccB?1D{qEb?Vlt>Fmmr}mZ<1vqCjQt<)b$@a2yU**~bDeX}wdRVwHoWl@ z#YbNgIWHU^A6}`H+Mf~b>m&u>zV1;Bo+p_;?+v))>%!ZF<6Q^1=Sx@k?bsTJL*b79 z5Z*bP>aY;*_%Gq5!tV?0gnPdK44)gG_qzml{u}W9167~c-$eF{=X+v!!Nls9oN$ky zf^g6GD)6G^RJR6juj|^uA5_)n_J{jA$@}m{X|+A0;lA!M5gtE$Z)*wM@hjo~7FR$1 z2zS5y0{F2VuW+8t(jmz+Vk@OBmKEu5;sa z`rLGIZ&yKhwf3q*8Tf&s@;BhK!@O$<_xVLz__!kKukP@x;k`*i;J)7SDcrwH@;Th= z;jiI7&;1r&zr6Z!Kit<_euY;}se0aoyC3hu|GlI9Ny76T?ia_Wfu{`j6N|uoz2!A{ z%P@cI!(IP2a9?kE3!ba4`eiiy)5dE5Jh-p7tb+Uc$p(1q?W)^BxZ{6=7mTjYy$$#E zmPhb}UxYfZ*XOv-KL1JsU$IT&xd7bfcg5fz^izFm!@VDCOb_n~=?V8Z># z_c)mZulBjN_ba%sx2%OvzO1@zhx>ZV4fx^p+TO=-UvG)NA+pXT!~0B9!F|0Y13bq9 z)&F&P(*ep`2k!k8&Bgi&c?|4`}mR%exQ)H zw*=hhP37RH!}W)HaK|@=|FuZ<=>>QE0Qjbpik}2`{B(GmaJ_6L-0|z+Umno*9)bHj z=p;Pt3Dxrk-0}C}KZX5H+)a`7_jzA3xYzCJ;Xd!n1HU#|dCS7xo+|LG>D2zFaL2cW z?;oZ5_l5iXWeEI0a^;^0clB-2GA)ekpv9wL9GL{oxnOXqDhz4xV+L_Nx=%|CUsq*>G>y8hG3Nir)>tv`_8d4?kEv+JFB$2Y39R z@R(tpAAP(2&h>O1;=!MkR@_VQCgFL8eDGzlqW|{?mEiL_s{J+KiNp6#--c&wtN5Pq zqv3w~MEHhR)y}zapJy$HyFF{*x9+I^d*BNjDgSA>-#c*??)-P)qr>-KlI&1E*FSZ5 zt|$ZCb;u4sR9p2a4fpr`E5Vm7R(xZ4^Y`Vg;jQ0_{$B%o!~GtKq42HWs%{^_*M{dC zr@&LLkMUprHSlubKHWxm;_|B3Pw;->dnkXxtK?IA9>9-;`=l{;Dxd3LXN|TuDZI=C z#bt!Q5bnR^fjfUe`1?s>{FkUA-0{`n8N>NcJ9xedG5^c+Hr(%B8Ue37Sn*@wW0Gon z7s5SXR>GfNQTumC;rror`zZe(aOb%KKUY_E{ul1}IANXZ{>s-@@tNU{&jH`uLh)tb zj;{p&xwGQi!AJin?*#uWd=GRmd`MV#eFQ(8UG@~a=^PSR{s`(SDK(aufabH*8v*C3oTdv*6`2L$cMnYhWBEPf;YXU_Iv^Vcc`}W zTll-f6#p-L_Y}21ZkT_rPl*+3PkOlHv%xc_Q+!eQm*IC<%D~qoR6DD{y`O9V|16Q> zTfo{O)JE@LVM8{33k)Y0Zm@aObZ9|18`$>;`vyKX{=N+TKs$j-L%* z@PfAYJNW1U^6l`c;XLRh+~*zV;9nlrIDZaze4IUzLN$M=W7wNiDM2tO6xb2}IA_pmL7SF5Hx-^2Z$x4m%ZIRZ~MTibOP-t{Nt zPZqA11r{NLxg+n$x@g0DO%FADd2*vi09hVKbBg!_GN?cvVz4!rd|eXg%Fxt)HW z+jzuh->dCi2zUIK@JC@CwG;05+U+nBsYdpu?7ddYIez}D3>F+Bp zJKXP=%LgwR?ypsZ`~7k?;OFuve|xykAK!t`AFu5l34b(IJ|2Gh4Q=ltxZ}Tq$8M+i zJ@EedmH#k&>5FRrW%#49%5xL`akzdGC#=gne*C_>B=A+QD}PRSvGDv-e)x%$YG)O= zpKoaZ_xtf$z&nTMvh6!SCl#eb&NHFVXxu0>2WTM}0uguI){J zKy`9G{l30*@QpVWR|xL-lJGL&`bJ&2-|yEH-o2dK-wW>ef$)KUDgG0<-}^Tc{@OOR ze>L3k-@#wKr#c^kw|-rI0$#J2>UkIL_{Z=m(G;KZm&p3hPOX1ufIr_Ue+51~Tn8uy zZ(UXOX##hA8+g{l%0B|`_;K)0&Z`bz!5zOAK3Cz-ZPo8}^1jI2c(U$H#-e z(pvF(;l55@7~a3K^45SKIi`N855ICn`8&g-h5dXF_+N*Ve*%2eVD-yX_;=40zXG17 zyL=ry!F09fD11=3e{mZALfEhV3vU|k$Hfip^?smPct2ZK`0emKYHs+k(`rw7_>+n9 zYVZejSvh7Vt>ewhNF)nD;*;48xWz_-BLh5SFj-wogQIRkGS?)zVazmZ1m zc?9?Sm;Z&IJ*VwWdsyvtoljKMc*p`jcvD^)?)ZxEF5$XRNBF^)^?BXkJ=UrH1?OzE`@`KvB9=@TQ;(vhqdhbQ}n~BuU>+pPu)Xryc=gE2`vYx&!@d|v}O67SK zzN>-SUlQKne>>=Z{#OK7<^y2Z?Y18Ew<|X4ZKl4<+%X=t*N%_5#09y zpTp0Fd7a|d$htW`9X#_v&BwxU*R3RcU_-UPA>8*3Tfh^XQ#<;>eIIQIyy9rZ&w~4Y z*?f5Y#%ljIc;7FS=K$RE;uPHNxd5+GSM`4a_jRzu$0FssmI&YunbenGXr9NhN} zYr-xYEQvas)xs+?*o>A=Q^wWHQRaF5LUc58%GvHvwLFo5sUhxc3jc;m&gaUh5U*c>wo)!)Neb;km&qVcqI_`hHL@ z__44aD+PD_>+ntW)L+fu-v4xiJ5N9O{8{Rk$#Ac)7Q>zAYxt&c-|!&Z>y`^}=eZ8= z+(_FM>rCW0bbKOs+4_om3GVop;Y+%yAFIP1Uk~0a>`(f_9X|vT?}Pu-QTeaIec$jdJmX~bZ^GXr>*@236!1+Kl>ZgD~S;ErzrUpZXu z83^}%z~S(T;d=XLaK|r!U#zA4+u*)$cmVGEeaGO-3#(o?;l6M96z)8+&PLYxv*H@h z+2MO0tIieRO&6*CP2j$7*a`0Yecj=E?&)(sg!{hX6u9%uf!}|m?O6-=eZbA|AuZJY zqj1NchBr8>`1^3*H+%}e5}pH0^+#l#ecv!6d{t}J`Bk{@8LFZ!O&S0XM@hhUX}Lg**NXe8_RN=Ly{R4P%~* z_TT?}{QC5s{`~^n_YJea8-A|(7l-@4VLAAZ1WaNh?U2XFO@`gZ}`@yp@++Gsm>zidR?;T7+y{srN_Z&(7}G2CCQ3-^7)rtpoE)Sg~&-!~ixPdZ2SoDKJV!-eq5 zYJRjI;J$CTA71O0{@@ne_YEJy`=?fXlFO0x^nJtB@NT=cy}9AOZ&(nX;U|DpigdFsM_U7`*A?hWPd2;cgl>d*zg;x}z?5BPi+!b)=-w1d9-EikW0)JtKw)Y&|@ALT^zBcTaV*eT0Uw+?03b@~+ zk{;eST)!<0_xpTG!P|!Gnf2j5A8ZW&bC>$158UyC;n8bpduG66Rg`}YKUzV)0q*+$ z0QdWR_QMZXRy+TK4}L0-c{Q@mexFZjxZlr{34ZRp{=O*O@nzt(|JHbD2>1JZTEN%E zQT{$~zu#jp{NWFZ{}k@`hs=g|$ffwTa39Av!(U#my8R0GI6MJg9KL^g2kvq50KT@l z+LQd6{_Eqc-{+GKp1i&4nG^2!`P74N?5+6LaKF!|6FgZOZSO$1-{&(7UNKxhTmql+ zlJa~D_xEAzQ4QLQv>e#TMs_t4QGNv9Jzwg>m&H?jC%EIg!P90^{5ZJdC&O!o`$Ws(p6{#RJ)UWt?1MZ1QTVcp z8i#+uJ>T!cGllE4iSI=Ai^tCkaL@Pr@D2&|xv#;!u6qOiB>WynOSs?X(-FS9tHx({ zxZlsyAO6+{ivJky_-XJT&MSTe-2Ji+KB2I-_Xynar{ERaslI>1z0QetH?sbpgzwR$ zgU`*XxEJAdUX;HA_xpUx!rhMz;D3eZ+uOn2k3Hcf!u#|_!2Q0RvGCg~)Xw>E*KG-W zLLt?8C*1jegs%zDx7>v{-=aLx!hNI!|I>{B{l28P>jilAwTjOH_jQlb@YCVC)f;fH zOB=y`zS#;s{eV8VKitAl&<-s&HTTXbSgrjJEJ0nN{b3aK{gaf09w{o(cDL zkI&&(`YC=r+~+}C;Wxs2S&zego^=*pCEOqX8~%U$lLwJ?-Wq;?EgjtBFcUmuH;t2` zaF3Ic@W#3Ic@5#d?$Hwd>^;@L3*6T|ropd==SddAecfX@yjNKFeh>F`k6rLHVLf&o ze&>Jo5&!$Yf8gG4Bn#)49?t~^YP&MQ|M*UM^1_|x4Y;pA)Pe6wqde{5j_(3LkyXdF zk#Nt)NpRc={8&&S5__jfCQPq^p%yYQBkw7nDIp1;%J5ArMjO1O_NN8#^; z`)lXmK7aWW-t(%q_X*tbG5*%)yUxQVYdoZfJN`v@t0{^v33q&X_`CTO-vsXX*6{t| zy44W4&qqeWFDBRaOoKaqF1*wEF#h2_|N0K@_47`+&%X}CcaPF|xB_>3Zoyw1qW+5U zPh`J1J^{Q(xbB?^?(>Ko@PUQ3y(Qp|F9(k?QSEOGcYJGjj!zW-F5LT*_u#*l)b`GV zJO6z6=243O4({`y?eIB0RL7HW_v1yl*Ut~&rCKOYjK`7v;&B@v{^*+OoDuH$?C`yn zmG?Ec<6noztfu&8aL2cWH<+#XfpEtUgD)tp__=V8!$t5xi`4Jy;f~(|PaM7vdkF4% z_dDGE^(Wl(?h!myKD9sj6aClwH@7Dpd|zX=|7E!2UxjCAq;Xgk?&}^+;l7U17GAQX z+SeEE_#yDmizt2~-1B8Ryz3uo=W@8?SHt@cR~-((9e)g7vZTiOO}OX#efXJhpE23f z$bNDDwD3VI)c%5S&-W7W8sYmLb>SXA&EcN!z2KSNRvm`Iy{?-8e|%VVm=E`Lk7e*G zZ)^M4zecfXO-2FHMzAjuJ{sQiPTnn!r&eM0peO+QdymGica0%|Z zU56K6sBsndd1RfPKOy{Vc<)Cs_=5?W7nR`NuIBKQ;r)Sc!8e5S%pUM7!_~eK@K-x% zoR5Wf3-^WR!<~OA{NE00|8}_R_7l8IxbOKC-ea@cli=UTdb$p2;pO)zJ}2Dqufi*a z>&6w}K5kZnj}E_o-5l=tcJSii`v`;Jjvo&1l1p`)33vSG@MGVqE*s#E-wMy(MDeHL zJ`P@hf8R^>dwME<22kz|}4F5Eb;y;Evej5DU3aaxmxQ~OY;WOS+{4TiT_rgC|s`gxfJN`O+ zWY|B%jIMgSUpybMr40EJ~jNU z`I;B`;f{Y5zB`;j$22eM zz#ZQNJ|H|l_72?hw-5Z_IQ7?uaK}%8R}Jr#S`K&o8u;Aus`DPW_df^W|87*>{(?LI zeR!TQeiFrs>=*BUQo$4dp}73;7`0UASK-eZ$}7M<4y(hfhxfz04fpu$1NVMuEPQ(S zeS~Rn&+EDHg2PnjRdC0zhkp=$H}D|b@yFr!YN~Fx;f{XRSN#{JIY%N?)V1qr{R6?o#Eau^@V3or2K>7x5IU?F>sHEIdJ#;7jW;FzJ=!q zzZd@t+}m{=zIU7Y{Tkfyci~sVbNjL5MD~mKOE18^pUDF6Ia_~U81DE|@C41&&RTHK z>xS?T^Ju^H7TobY;QP;MyiJBXekOeRUFBa5_kL+T{93rbc?9nKr{I5u^TB&?@0Xsy zzX-o8nksH&zcfpzc4mNA?W%g_hIlz$*RO$OC@IK1c?wRe)l~w&a!X4igUN4E_$HKk;oCNn;sr3x8icaJsw_zdpuNzdq2(ar1rcAcl;=L?osOBIdI1>gnu5M_uB+_{0{i6&T7v|xZ}^kcZTZ#&*2`= zvBP@M^CepNzIj@>Cy4!)+F;;X<<{H}3TAMSqd46hrWE9egY`ZLvM zFx+`2!XK~F=T3v~c~#?cA>4V^!#9=Cc5Q(l$gcc*;m&gwUbBZj_cHuyC;2_N^TbW8 z?RGzUUL=QmKbaNYW2FAR6x{v(I(&5kwWlH6@h#!Kjw-$<-0SlZaId$=!5{slJagfW zUkqQ6Rq-3(-oI^w&kXnDj=&v%5?<;%_4^~ZOAo!K-$}=2(KfKTLW4OoRbhy{&>)=BRsb9W_?|i7b?14M~ z5xDc;g_pjhJpaIlgy(7FB#o@U^CyKne*t)cH`V^4@I$dxx7Xp$Ujy#^UEnkRQTuwq zn}p|(--kQ@Xt?u#0r&o472LM?h49V9`55p zJ-GMt&EUtv_2h1F$M=J8ou>WX7`XSVliG z9*$q%!l&O-U3S8K9qcsR*TEjcXNBh?Vx*3&^ZD=sf@E;#&jWYeV!l zTEd;bKiv7Jz(-UL`vG|C8v5MjaOd9%cm8wmo?DgwDm-KO{k}(V=l6Roe4gd}1;YJF zyXVUr@IFm6e;dO+Upm77S*h*q4fncbAbeIW#eW2M{HJig2medBK zw}X3s+aG?cl0Nr6__q&~e;nL-=E0xsS3MWQKk6c119zU?aPQ|2!o3bW3*Yyf+Ib)D zIzNT)Xs27B06z5<#b1FBoTYZ&gqI5Q>IvNAA!)kEe!1U4{gnou zJbd3QJKTAS!y9x|-m>swXOzDN+<98VJwD%td%rpezVeaA&uF;!Gatj#wp2Uk!yUgA z{^JPc-v)R5kMIiNd*5f_j=v0_UqJbv!yO+xePn+X>aBWagL^*affqTV@lzV^_=@nH z{guBF-22J)@YO%4eO=&{7wdE1g}dL!!+oDA9eUkdJVSP|~?tak8^N~?Wu!>i2Kxatpg{-JQ^p9lZ_l-j=- z{ybbyUITajO>pNw36GUP?K}ss7JjGuCfxZS!JR)%rpW&C{LKpY{=XQ!L0+||65Q+R zdhi6{cMv+k{r#8j@Mcq$|6RDxLx;jQF4y)>f?!gasXaK~SS z_gk#|(Zl-&yub2!Ykc_b$%@Ygcir;B7k{F8(G2eI%d~?}9-#Q1aDQKBDEym#iXROh z6y8&|9^NPH_qM`|#?f}&g3mgq{(S^rG+zCfE4(Mhb@MnZ10T6j`D?&E4x7TKEYNm! zhCBX!c#AjHp7C(66DGr39a4K1!yW$>{Cro{VHe!-d*RpfDgOnyuHd{uag@3g(m;9lo+hI_x%3+{ErFnG%Fdks_JZqHo! zw*0EgD!Ah}z<_pAN);EsO`FOo#@DZ;q${>t&`;Bmw6H5Yp6WsHzJN)n|wR1S!@nhgmFDw6I zxZ}Tu|8`FO{sY|mjlJ-86O{i7-1%?8hll%`abJq;7wQe^p{YDjd((pd>HgJ#6E^zNphQWJ(srGyf_xfQD-0P@SaIbqez?<$?{_SwDWBoow zkMmLC`S5d5#9xJDj&eT-*^J| z`PB>Id1UXGoIeXZ!6enQINZmVa`5Q072gD&_nNk=4LoID#dm}I_%a;s@h~3l{mC47 z?QmUa8QkN475w~ewPz>X@q6H}eW>ws9`5+7@bPn0hv<3qIj+CsX-F!=idq+8_vIu!@b`)3*XpR?fDyCBz%7-T6oUU z{c^aY#$jT(_Zw;8UY8bxdwiCHdw)^~zWF_UZcDi5V+Z)QCfcrd;f{YFey*;@$uzj* z=fca@P``W&cl>7f_|Fu76z=#_@Z;fmxxe9_U;o0#w^IHT;duo2m*dmHbBs@WP>zrY=T z9R5#BjjL;L&&Rv)>va?#J6wlzzc@Y-JZ<=1Ljkzsi@{gMR{P(CdwNlD1H*$`;!^)abbV58eV&g`u96{t9Hu28}9wdFL3WqZo)l2|Au>ilCpq4$Mv5) zPXB%p?(>mX;PL9I{T1OpZ><4;Gu&Tp4|n`K@ZK9Vo=3vnkK^IxzgE95g*$!~y#8Bi z|9-g7TYrVu$*TC9aG$q6gx3nsam9Kivd&}Ash!#2?}hhi}?&sy&z}>%t z;b+75$i~9mztiF8!~OTgaK~?k_n)hF?twf09Q=c@UcCkPd)MO>jI3LXA2l9Q!u?*{ ztZ={Yx-{JHS8oRQIO!jSPlLy*sD4}x_xqN&!2SO7J8-|xJZ7QD?e+V~Ge_a2;C?@O zUAW&%+!gNk8;^y1{4asKp4;HA+Znju2YwCi_kO1-9J#$i)~kQB!~Ndxl5oG@yFI+m z5asCw_c$B_KXza3mz`Z^^0{8Lv4BYF(zu)uQnBQTRx>>pwFJUkUek*bH|acEdd$ zeucltR|nwEe--X=6{kex z_PUP8+z_u|uNp8F1HOLlpiS-22rBaIZh( zmW-^A?~kN`yFM?&Z|>3Gmx8-K)!^4sYJ4_>`@OaO;oja);f~(|KT}HmwGZz0T!0t* zMD4!=_j)p3smS_#npEqz)NmiCvcbLnDGT>{vIX4RJ0J?50rz_H8@SgA+u&YL-h+ER z8T+-!?e%&xYZP7@?)7ASxR3kY;a(?#o%5~){es8f_ptVJPMx$_c&P#_qf^*_xQO2_dHEhHgdZzhu?Qd2lqPRl_uSDV1qwtPV_y=&;e|8kU z8t(D11@1ch1owD24zIdc`@=hMww2budtBv)Z|$eQF9!Giyb^rbJjFMKdp+3>?)BvRQTQyl>##8j zKMD7K^%30b$@mo`>*MugTDa>|03I`z{=PKa^{EceF;d6J7I3c*2f)3(Q{j%^27foa z-{Sz>?YRX1@H5SqdvLEO6NKk+eEodw&Tt(A?&H);aIb&L!@Ztt1^4z2io$2Xy`KCQ z?sdWrxYv^p;9gJ0tsFTXyq?S!g_nhUJ=qZM<9<)L*9jBg9=Bh@UC&)`*X&csN zuP4)2iQL|V;XMYq;9gIbfqOmK8J;+N->M(n%bFH z_&vDCNwlhwb#R{aaM!s6-0R7@QFs@)*OMco@HudglXY;9t6$(AKUd+Nr%9?sZg2al z+7D!ad!0}y3a=T3caFkGMBxkIJ}z&F!Vkc`emD;I@$MYl>xbL$<r)dx_JGD`E4bH( zgW%rY>2SyIfH(X?{dExT_FRGQ2-i!Wz%T7nJ7c^VS)YM(ls^sJ@tNQ|!t+|i;NGq> z@a3sg&!+GuGu4hZ@GOlKKM+1IJfA-dzOIGZKM$UoIdEvXl`#Q?PJzpxr%k|giHibLB4ZK(QUfw{s=hra!jJ;~-9JuG# zLio3zD}FQF<83E=VR)bOA8?PWEATkORL?kdBkSz_Qet@33yMnv-~G4hRuEn%9FNMv zy+5o8&pbHPAMSbG5&l^N#dn1_yrXswg*Oe)Z;X$^r^7QJRDI^db6(fyehq(iT;qHr zyvYvb*$&?|T=9G0FTAJx$KWr%t?jx1Pgp_mx8eU(RsLu2a$$cSzg}d&udJtbrh!-3 zrnpS-oZ-33QgFvtfG?=8b~b=JzBzo+WySY_dwvasm+7hYPlcb_pgPQl_lT?QS^=;8 zT>dTmhhLOuAADR9`EPJvZ#fHJ72f~<5bkjvqkd$+_&Q8{`0L@l+*#odyQmI@;Ct^Y zZwdIv?G#@d?)XOV9!Zp^H~h;-@`3QxBb0v<-0{=lB|`i+@D>l0eqaR?_AV{7ul!yW^nI+-i9X_ zug~olg^z$2?yLCG@C%PMzZS!u3ub$JI{4^yM@}Wn2jRq?D&N6!5=6tJKXX4 z;AMv^z9QW5HQ>3z?? zp!f#xZsC1gZQ+{=syzeX{|=RphX1fi`5(Z&&VL498@^W(r&;9o9$l$CN#MZM9=P)yhF=cXRjz{w%>%;mmO^e8SIzBVJ`837726uc#`0nt&i#G7h;eFt5 z!Bd3e&WCWve+;izT;q8O+{f{i@b2M#%Rj=s?)nv;YrN`t2EL-c`tbqW`yDSi{Y zKw|k$_=TkMQ*g&$fInQV?R^4ob5ZS&8P**>j_>ZG_zduCugSB+^S2G-89wc%ydwPl z-16q|aZNQ2+r!uA*XIs~Z+=mEM#8@e?^m1+_jTZf@SL@je-r%CRQXPL*3tUh({RUM zgm(z)58IUhUOQaJ&J6Dy_VYR6*H@~YW#PWwQWNg;^ak*p;eGPG;FZGn znuo%jXEgl5R&D1Z`28I6ui$w{X*}{rTTYrc$MJ!Hbnwd}a9Xr1F~Z zmZ4v|!yVrr9_?#w?+m!(KZjo$p?2hLzaOe*<%@OEL|je?g6=SOqkZNt1?2;UUO(>l1X zGyDXP7S`Jb;cdh9|Eus(;r_^Nc;(94u2}6O>zt;$`Xv#3^gYGph5uegUKpMrgYs8_ zKP{*HZ^Bm&m$!ot3h!O%0-qY5qniLPkx!pH6<+tW@^63_3-`CS!5=MA{O|DE;X3MN z`08-}8^1$jJ>RXVJjvnn-jL^oFZxto7=E~-yaxP4xUXFgez3Oc&;#!Hcj3Lm?|RIH zH%+I{oezH=?q_X;-)^AK-2p%FljikFxUxr!b{^iOhvNT*_Xxk+6}Mw#oyUdw^%A_p zcWTee@Lk*FmEnuRez+F=#9Fnq6a4ZwYDahY_JL~uXn4=2@`>Tp`TsZ19b#6;~ea_-gPrAB1|seI2_G ze9*`0ufg!^(e=4w;eH-qA$;o^ zc;+X{GY{_d`D%FL{OaGI;9iHHg10EA_`C2qv*iE4=Pi+^cuW6voqgTuCAjnCgI}DZ zzpn)^@`C!eE!^vqx8YgB{jw48B(JD$W8t^L^{naeQgswRA0B&##?M#qC*eNGDtNc> zzNtg-n^(16f54aIR2^=@{rpDk@H~R+JYtdZq=5TAY-YIccjtwB{1k^@U#B`$hPyp2 z;6=ml9dv;^emMNZ9c}MKxZ}TokL#@MT?=>oUigmbYX1qi<8Q;e99Dat!yTWxi~fJt ze{$F_WrsVy6#SPn`ul2d$G3)OTc-ARgFAi{{M0`hpOfK^Uj{EwUGeMTjz0i@E8H(Q z4R`!K_!Fg%7CoG2xNeS53%~G%wl^o-@nzt3!tdbJfIGe&{P+RYzbD-Bqv7eRs6A8R zj{gdtb*9GWM!4e-!An(8{8_l;AHu6&Q+r~C^JCUC13b|L#pi)Le|h-2scO%gaL0Fq z*KeixK5)m6gMag*>OTYS_?7Uj#}xlP-0?@@tHbXgoQFI9HoV(I<$nhEelmVH{r|4B zpMOgRUmM>0mmTi=jQQbyo~mMD*r&Z>oW`f;?LUt zrEtgp46h%ak39}|{NM0A;rei#?vZtNd@lIc|Em2(;f`+vFA=W$b$~nm19L1JH8YA>{n`kU%2DP z!#9QNPBY<-Uj=Xdq4IBmJN{RA@2|D}7vPS63?CcrgU9O`SvSY$fu9?odKQN}z6pF| zPPM-i-0`E~$tNg&D%|l4;eIdAD!AwMX1Mo1JK=wZ=M9d*z5n?G?)}eS@RT9XW4PO& zp;u&`$AtT3dEkz(4u2eeZ>tI1@dM!BiB?(r=a=9f&xPQAuD&GvVmJ=gh5Px6_Hds^_k=tD0Ch3_q`Jayq4J1D+2Jl_PhuQPntcEwMCj}P~+r^0h)R-R4pVvE(D zo$$NcYi{ypj^OtBm zlz`vZB`*ixJ6(0I4PTs9-UzVQC6)u|W0j1b6!@KND8jj3?AXFGgh1%2+%@JkQW&SP-5=Mp?s_#Vv-`13E6|1sR-JZ3n5^7*gF zc}95irONXX{I4vQwK?|dY$48LDg-UjaX0K5&KlU4QU3qO`g zc_zZ0X9nDP7QzR866QPHd47aD&tZ7{s>*W$-l4kcbq9WVu(spbD6 z;*-K}f2_|<3wQq(gLkQ;{AJ-2-d6q^aL>DD@ci$oeQn{n+9}UK`1bI7H^bnmGAn)# zyiItnY$1I4Nwt3yJn=-eXD9qdBjrB`cRf$QUC;Ay*E8DS$bMNK_J{G{GsFFh)Nt4H zC3u1Gd{jR8>fjaOKgLqOSBJmxNZtuPGkmYJJ3K)L)#n4a$N$H0kN=tQ4dHhK=flrr zRQ?Tc=id%@{(bOGx0L57Jn0u257*(&e;@Ar|H2Q2=Y-=9iR|AVSM<4=;m)56?)-(} z1r8~1Dfrjnd+~MQ&fg5~{2k%LM<{ysy7=owJAUzh{O|xvbC434bNrw6}Ls`m7UyFHWO*PE!GU&7sl!pj{| z{#e5z>-kwTd2+bd3F+ZpCuE0volpT@;w9DR4S2a8&?SBM!`xAwAg!kKSe_HtBbLyw8@U3B-7l*t3b>X%DP&=E#@6FP<>IrxI2g2R{ zkKu0rEcnvN`rHNZvcvSb-@)DfBk+;QRfkjXG2yzwUAWu-1n%}H8~Ohq{~6(z7c1^1 zc#`m5h}Yn5e?xeu!>U6|c;4_lVPCl0{~p}!pA63%o?Dm+um7Uj{{`Ipy_In9_kM!A ze~-dPg!TMs__P$7U-#gyPvTLL^)EO>;~_P?QMkYGGTikk3U_^~!`=Qy@ciNXfUV#! z-BJ7d!QK9e@WB-nKOLSvT+dtqcl+1F-Tr-WuiuWsr%zQKufv`HKHT}^e-K&!vpqFF zlfg5jRlmFpFBR_7y$XLYQFW*Q_w~tc@EqIpxqaa)cdLDq;K#%L${Fx1VL!7N?$130 zZ`DGddjj5KzCQOn+|L_7gnL}Y{V=kgQ+FwUQh28qRnMGokE`f8qI z_H>0WpRYWl;r`tDaOe3N-v1MQ?oV*%IS+T9oA9|ARj>G?BkSfo+2OG#sr`B3Ra@xq ztH3X>QM{k)_i?sYc;4@A#8>@N{nZoRI+gq*c$wYG|0#SyxIVTL?mBFOFZ*5jcfxnh z)pnhPyFT~fJK8JH6ZnfylqY$(j_x}6yfPo$_bm#;Z~dtJZ^Flf^Y@1EkGHBmt>8Ys z^oINX;z0PpbjmXk?)EQ(*IuP|u7dkL_}{_Zp8at5*9mx<;Tr$v;6=lGLjH!kzfz2i z9OurT8Ga*tUpptf$P)d18MyN|hC6?Ic?)*#PZSSg`tKgZ# zdt85nJO4TO$qdT#Cw$2{wf_P9bOFUD8K?hxoR?Xt_|)+4!}X$U@WC6@zlGr5-ZJns z4-{V+{(278vjyDS+aK=yBjDdQ)Ao#mHwyQE=fjyS`zynpzb<@7_`YgWc##9@m!5Fv9|!mGdNRE78`{og zaOc?xFIHLcd*PebYkPl#`#!~A@L^%ybsxSYyk{x;N0IgSIwwE8_YB1qg_jNAAAB9| z_SA*Pc|q-O0h-pBeo*R4%>ziTe|7h4ry z1)es%59&>L^IWP=2e{V>BjLY?=ak07FNgaA^Wo034PGc*hyMv4Yrop_JKTAm!S80* z_QnqDN7v`nck0IsaOWunUlCKETLHc)tLokoe)g46H~4_Cjv59ZAI_Ub!^fOZ`xnA9 zhV!N6@GNcAp55?8VZFB>zA9Wty$Zj6NuPTg-Z0#^O%&Fru4l6FJ8$cJll6D5^V;O{Oz=7n)$b+YK3a&c#UE8@1?se%Nc*R?aKLkG??mymu-^i!<`|xlXDO$2mBkTOvBDM1c_{rSb zt|IWw0~B8hzG#l}Hi91t?;&pq|LjfW9|&I+*44w{Zx+z!&Vknm*J&5RyM*sYZ-qAw zzx%Koek{CK`8@o1m`7LP<6CPS#t!qw)yszV}p)AWkZ4bNIq+f@+0I-GZxgnR$l z9NsLf=i0$9h4){!2F?fd}#-Z1%mc&xC0TMBO+o;TYC&)r_zyAR$Vh5G#j-0R`k z;kvKuc_N%|CWa6BNcq#lz5dJtZx!CJSP|~^Micmn-&Kd+aL12^&$*)Z%!fOE9sKQ7 z>i6&A+r#)d0q+t``Om@gKUY0(!hIh1!ZdA%>scm&@??g`zOT4a@L$67&#%M3JE8X1 zhWm57!wWW7JNv`CwAAO0gzpR20X~8k4%g?W!hIck8Qh<{8eYAZ+P?+v&;1eZ&pinD z=U#-*uBJL)hoAXSb%;AXvR`)pB2NnM)kmHK?r~KL{#&@N`#QWvcz&-5+WPTe$NNg;)Jc`9Fl$d#d~k;5jcSei=N^ z1;wv}`+DOq@H}kgc;5JZc)DLz|B>*PFUrTjll-In z6W~pM)pkvW_e`QZ)8W@nDbHN^!Gzl0weZ$IEB`@w;yv=e;Y+_%o*1+BIi7dFWKw)) z_|Yu#a`5;M_4m!;Ux)8k4uoF}=N-f0F`KClv*8KDb%}4_O~U)iw!w$|pgfo14a4=B zMB#kJ+xym4wLdrf+FQy~AO70aFy7$D!uj%t@YW&!GWhQ`^tr3yPr|s}3$GZS@4N#4 zt*hFTINV?Lc8zGI_NRt-i6t)#FWW`!X#&5KSl$Nyu&lT&6h9N*xQ^O6AO3kb z-}w%n;I`U%5gxsT^85>L-d~=6o<84oh#B7NSQP#!T*s~h9~b)f9e9f#YR^J=t#Dqm z3cet>;=hMKZ6n_Uzi?djJPz+1)`u72k6+gI-hmG&qdd>ylfPD75`Gq0pJfa5@3inA z52~Fx;8nx-yh^}hhV$z;;lG9FJ-WklQqRmohxp z<8glQd$s3P_&-av{SD!JpUJz!Po-3z{_x3dRsZqu=Uo&(ISOAMg|Cjne}=CN-w!<) zh5s3a--^QHhVkyYy_HpUND_tTjKcFr;g#XT!+p1!QFw8SJ%175VbQE-0Q~7@MYn+pAYWeSttyj9@gzu z;HSfVt5)zwU#flY!6%p2_D+Ro3-A4&1Fup|dA@^J49CZ9@Jr$P&k=a^@E(Jc@O^)& z&X3@y^QfNB;komu{TUWT)<4N+#b<+;4dcHY+;y%3|DlKSwudjvru<#t(Tj&V!#y58 zhR4XS?VSowx?Xvf!WW)W{7U$caNlr0ync9|;TZg%fvVdX`11wYuG?^r+sE*@6BQqK zab*4bhxddefnS-d_Gg1TJ`enz4r=G?aKG2(4S2cTihl?0_rnZ;`@Jqh;p@K9_RNK^ z4cAu}!Q=d_?Mm=PWF0214C4@9DD1Br!0(2BY!073T6wy|GyJa4?Fa7=?$?ink9k-1 znFNm$P3@iukM@E5b9klx%CiiZR1q7~y$6@6SDclED3*z4UOuUpFWG&TrZ-KM&~qvBL9IZy?^+ zUF*YB?^M6EfiLN(`gDVD+^+b3@G0Rrld*8ee*%va?%OVdyAJE&u_~&bTj3oW%a6m| zFPGr{J=PoWmTk0MvBSF0_4MzkCWia_S~=j3&kw&lRQapJ{X44l;2(zLQx~}7d&9Sd z^~6NDe-C9kym?p;uZ8=)Lp$L9{nkD3ZCkWmSKvuPf8B!Ti>~-Y%k*E@dEF!ZI~9D~ z6?q}J-}_M#9y6!n8^Kq%)HrDcpC10*AMX2NL*dWEb21;p-+o=6I~(qKv=r`nu?oI5 z+`rfbclO4GexDN0q{6-zM{{cMhN*y<2d=)v)^N07PB!zoDnFgNrTjkFS zcYGmu!|=P|)!|-$)`h3or2Kv0UOxi4E_uQS`g=X|dE zzYX^~vnPB^c#d=+-0RF?@a%`xp0RMRGiSlQAN~UF{rnoZ*Nt1?EBC2xd*NO;o`ZYc zcpW}rk^1XzxQ}~4ASQ%M=$0vZV3Gun$ zKHj|ozt~!NYr=iJYXzhgMu*U!hm%ZBUHi{Y;GSMc67wY@*X zef|6({Hp`%mkV%@hx>3}KYs$xwnoRDBx@tbzptOChHtE<&n*HkdsJQ;?(63j;Zwr( z%tmmJ+cxmCgVfG$aG#I#g%_Qn_Kbl$ej+@4?Izk%xX)i!!r%Q}^*RLi`OEKcpTAs! z-wWU0i5Z?h^7!}pO9J?za2=^2JVUs@&<^hNm$%^)!gCix;68sD2`{ll<8wOP=P&c% z3kNBF3Ebx|E8xrjQGcz6`}}1Ke0q81{}JxPP>y2b^pTA^;mwZdxl?U$gmvV5Qzq|qO_gM981oyhDJ>2W4ci<}$DbG;2 z<43~>|EBoQ;I6~haId?*g~t!iYwd@-&ZppBcU^#A+@tn9fqNYlGwi25?~a7$A2Prl zpB>&b#FvMA9aRm!EsOfM4czf>!IOvh58z&RO@M#(tH$4QxYu19;9hragU2qVcAkNI z-E|4R^aXuxj17_F-|Maf@G=F|FS+1ecfA51FiG(>;a+z&fbYtzc65b%-PI57b=N3( z$`Pu=CveZBd2r8*FW|ApX@9a2?)V+>I^j91lW@th47Q%e%Lm+=h08_ zBuQ1bOK{JldvMRAC-4kAv|VX8M%Lf+C@VZ#7uC58-1De1yvJY4+Yat|)CKif0jo1m%u%bR>3`ww!$lh{qR1x*JDTE-A}2VSKyAn34c;a^EB?J$U1xdmIU7U zgyIUqy?!eL_xi08yz)+slXh^g-`<9QFihJu5q>}1_t_5j`t2up$(zb^3hwpWd3feJ zYUe|^*Kg0@ABS-pXLDpdy?#p!?-Je*nFj9lTPFCyc*>g-?)6)K`1yR=-ePdC-^#!f zhwE8Y;9kEqhI@b59`5~Z54hKFgW(&(_vyyKy?&bq_xf!qJWm;o=WpRY?(Bg3II;&m zZ-Vmt4tM-z_?B>9_8jgyBnsEVyk7EgCl&nbtomGEKXbh6Tnh0%?z|2!UR>k08QjN_ zcJRI*Yn%*%JAMTGVR&x&Gq{fx?Dgo<~*To=3Ie zIS#2`I>SAW`oTSq-h=3|0b2T|691@zlS$ZsrZv{&x`Z$eZ>|381DEO z+al{$jiaea@(!H{s_uDo@t1ZgQQy ze#-@~H(v3j;9kE~fOjgX?QID6`mF_gUU=ViN4VE-UE$@@D}O(@*Kb4MrNeV;AHcnS z`v{)0q4H0Kd;K;Ce&e*p+hVxaZ|mURAMSvAe|rG#_1j5!-7tTyz`cHZ2EX&F`Y}Ox z&eZ+x_^fcR_wvFEh4=dvhkL%1g})b`x2Xqrd{cOylxk;hxaZeE_~5XPoelT=S_=34 zS_#kmjXrlj-1F-wyx0Gu>ny;fs@g9;ARr)J0!j!HA`L1jNY_UzA|NF#At8#SG)R|7 zcS;z9poD}V-6^Tk-68+GXTR%z*Q|$gpXcLqes|sVuKn(P&YU@O=FCt(?~jC6s^+)5 z7@Pb$LZ7$W`)i4W&(G%d>4g82+5deO;ZNJ-g=fyq| z4*#~o;onDiKf6ESAmJzNdhc<<(TCZ>e>~;;yjXa{p+5g=;pbQRdE6-cy751SBmZgP zzvl3DF9?5_($~Ey9CaTFN8K0feNn6j)J-isQ9(cN1%;@ zA1geSy^feJe41S+wpjRKyY6n4@TPNpo=w90zTxZc5q`z?Cntm-@8x|i2roI(_xXZhVZVJec!$po+!1S$JN5$ zvpk!HUmWLs_6o0X*!!Fm{@br!e^L0%y*}q%;qkuklGKiqqHAaMd8ct`Ek83{D_^mX)HW$JDnP!ub9w(M!kd=$J`07fzu?EaQuy9(eq5V`m$lCo?iIfMeXsvZ_-?z-p(cQjUb^9$GRHZ(d*w3Ue&%Qw50IFdA$Au z;bZN71#N{lujuOz7hW)j@BdQa2kmq8+l6Nu>3wbpZ*kY>NwUZPKgLyfzxU54y!;5? z|C+*Q&hUTVO8CM)-lvc7`F0)M2;p%{c>N6FrR{p=mBLrr=l%B!Z}gYX`H%41Iej0V z3ZHo2^Vj!A_Fv-RW!Z%d)KHZHwl_$P#zWtGT_So^syTbFX_WG*ArylcvUr%^~_?|ZszOlUb zX(jx8I-jbY@Nsp$Pgmi!;(Fd)c*vf2hYG*4(Cfbyj+|43_r2%!bA==4BH`ogbC*8} zN6yv4kJ|CWAHt8>eP9j>N6ury<1F_%&k0A)3&QLE;Pp3!Bj-KgZ`$jW*a!UIVgIn` z8~-?&aO8Yh_$Ph+yk``SoLPhqxBGm@P2BeHmXGT~!q_`0tPUt7rgHRT_JpNTi=KE!pk-G!&yz^_tOCAn zPT|lO5FTf=_o*y=z<6J;rttU|yuO2Q=(`H9G1cc8Av{MH?=xQbq79z^BpmuR!hg2) zvtRhrk9viM@_nA$-ed-=71*p+7GC=0fj(TX?T{z7LOtuld`LH?>_)ivFiB=y?X= zn`e0cQo`$X@%|NsfB2X8X(=4vht*bis)SxYMEHQSo{tcIp|j_UgeSAl&;B6%!->A1 zdxR&N?DHQM{`j^ZZ^(|9(I4nv6h3gJ*Jl^rq`A+TNBFvzz5ai~;a^*Lo^O55Plcbe z>xVlD|9-yrA1eI2w%%v7@PCK0_`UEA4Sk*+!Us<9ecL0vt9@Sny6_h= zdVRqYk^KQLB)qG=&aEyS`r5*C9Q5=1sqk;?J`A0O-^%TC^b`*N0m3ucbyL%XV_xP6 zPZ`sXcY|;o&-@{L>DONWk8m76Toqm~vCsd~$;f_Udru~OsJ(v9D;(?O9pM}8dVu$Z zzjW63xqpZUT{FW!Ha2&_x65exx_pK}(>%6A$ zHhx+{9fV_@cNHGPt~(kh9P4nhaNNgvlW^#_3tx232f8R6>-L85ZNGbcqSKN6d^Mq8 zx2c4e>F@Qqgkzl-6TZ^!S6NbczOTH0L*YN${l3Nt$9N|TPhH*T-Xy%nE$_cWc%3<3 z|5$h?dq3-$@Op{7{*^P4{Xsu732&Fz*DWa=`O68cZDxZ?|CWVS+;oov2gUc zneh8|AI`qQk!P^**!O+k<_kxkmkM9m)z9}%;dp&W9~-F-}WrM6!Gm++$7e4aI3O{b^ zf1q&mdARTt1^m1&7LM2ZKMLR8-j8dqaP;|z@Ete2|9#=;^Hbqd?0bCD{S&#~jvVxL zYY9i+J`&!wsb6nj2uI&~3cs4$>!%2Zezx#QDSf^j!qMmb!XMlFlDC8(oafiWJ>eN_ zeJ1<&`F%($9QW7DB^>943JR}h-!oNHIOegg@amO(&aT4OzUK4w6y9Kp=Tn5^yvJ6+X(Y>w6>|=T%}}i|li(dcF?{ zh2uO)a^c_F^^Q|57-%yWYZ=eCfwCRd~CtvbmqV{>f9m26r_6tv)#rN%| zaLnTa;VGZ^`ATKS@8}!$59x%bitYPTR5+f0O9@|--0NElhrWaG9Jc=-AspxHCJ5g( z%=<4Dj^m9L!k^jud!m&QT6n=G9R+Q-x!_%@Kb0v0wkc3;+N9fbch8_5K%x zW4&D$zW;{zPk1Y`&saYxgxAUI$6HJ|^reKSE#iF}3&;9tDg4LPUO!OynioAED*XM; zo-Y*M(ca%*CHz5Aum2-}?+{)*mmlwW;qbX2yhk7J|3r9-6W%AzZU1|$=Zxk3;{?Jl zANKQ-U3kC!etqT<{(W}u(^&Yn?w+?4{^LgPKS}r!`#kJS;YB9<{CkBjdBx|s5y0c! zi5xHVnF4q*;W#epF8t|KpMQw(!~=c31;R6&_xb+_;AaB(qX3@bZsfR-v$pVo_Bpb~ z!jZqd@VyiLxP}Y=Z=bLCeE{DQz)uD6hr*G+$i2vMUANC^))k)Ucb~Ik03RB_X9w_A z!m-Y;3defRWbgZ7JHooHB7ABepR-z0FV73a$cZMBfN1jzs@rYFWk@neH-Cp)_Xof_~xG8=dkd-KYE_f zUiYB?&Fwmz(!$^F;Qd<*FKW+2qlDl2&i8GV@N4CK-BZGweCT~*t9wPX7cPi&_&-TMlMc*X0_laTW`=Re+`qakJ|2OP@CfSAW>*VWJ5{~}V5qDx@^>%Wj_eo{k zsVY$2T%y16htKr3@VmxK2uIFp!jZF~aOCV~+~p}xd1i|q{yzza|0dz^KOh`^xMIy%v6NF>FrVGb> zEf9`ztrm`PZ4-`h{bk(cFGD%+iXJ(W+UG&FpRWl=-F(7Pw~}#Jw=~slEP8CG1BBN) zAN7Y(KNHEP6!|O@J$yEh{yowk5k1CxRygM6vT)4H9pRXlSZN}+U-T!1aP%j)ao3-c zl(VepabKnngqODSy=};+1o?a|dW?6faO7Vi9Ql6}j{N(LyZrA`-AkfJ{@cQ5*!y>J z?eh@Mr#Sg!FphNypF+ah*!K%m5Z=Lf1M)9M{+&gS`&0E0{=m*(jUu0-<-{Yl|J8c$}|*=gO^ zjU(rL)7J~ocNG1%rk^K#u<;WCKG#Iw)AXq_ME5Np%~vkt$iJn5*S#$q{VXNC>kxlD zRzrAOyZ)!8@F{k`f)T>uKT~+7vr&^A^|R2p>t|lde~Ne>;wduvabR5V&m=tF&aizb zhjHhhn|vCJ9zLCg7q|Bjx|2^X@>xziC-Hy82mW`2UwGz{g+for=S}h{@Y?goTTb|I zL&7$ps>Ypb4)W*9!m6E}-8;KCh9_L*f~U=YIY9^Hogve0x8!jBz*K4CK?2czWW!#0Sq) zlZ4}WYLRd}PpuJ-=czr$U7mDQ_g~TDdFqC6JWr+0^87x$DZEIZs6tUc1&q78uTtHX z#9tvkMSL)ii-ae6Cu|@3k$lpU&n3~r=c(|r`(3h7D7Jmiq&mKUhdaJJ>gjAUy_e=#C`TgiXJ{oM4#7=CyxowWIXYk&tK=S8F%@eB7y0v1?U@# z{zmbrKZ^PpD|+OdA{^sgBR*@*XP@Zdb3^nqP5)}n=>EI^8f(0Uar7T`n~J`t=|=_V zXNkUv=?{q>IZp{k-KXM{+k8^k^##ZYpZvx#FDXp_vG6#?$A}N=&Jq2MV&Ulu?GMoZ zE&2ndPnbKp&o9tAf899p-?jTQ=Ms)Qg@xmFN(JF~ozhM?`qNc7{6`6YGRALr6OD)a zN%@zF9{xv!!~d4>&=BVs3OyqK804QdPjufx#A^_L<|BrEx*115b64>GeT9Eh)blaI zM>P%Ggk}lvZO>n;jJv=7kLsQgJ?dT(j=GP8qi%eAKMna&H@9%~`5octa}D9Mm-=zl zHSY31rTiU45C7q$e?t0Sh(9KNU3`$|sqkleeE(zTi=N*{jS9RAaU&uiq(=8?bMnmpXl-$W1p6Qs9~4uQ~0q2hx)6NSH$+W*lE^0`4iyG0M5lfn;$yAuliO+MGjCw0N+kLxwz z@GmO-=ceAQv~kymYvlit=+Ubm%y>?6wI{;w82e6|W-JJI{> zCZE%k=Qir2}l0E!ts5~LyfyW+bveZeV8eF z_^&7ZNgCG`;`Wh)u+M9SBgcz8d4zAa>&o6S?(!Tb|7N0xPbcBk-wu}zeMLTYNqzVi zOGJ-xtrQOby}~Qi_TxE9{&ow4u>TFw!#`0G|95U&M`&C{h#w~2-Z<6?^7Ig1XRi0{ zPd+7U9@k67ydUzwKbLW*-$VJ!h#qy{C;e{Hj})FUTs0Kh9N@EG zc=KOL7|`TS4xShpVthkpm*jgot_FUa3+?Hw*W zLiF(ep7eiGo`=G7THkWL>&NTzZzp{P;&zLN@Lx1Ej`>CY&ZPf?e1-<-CkV&+#%1KQ zm3+2}9(7NUehcYu2k2v!h#v1|(ibs~aiO23g`;j2;YsYmqbB6315mH{u4w$ z(DbWBztzrrY!E&*twq*N2}df2z`v>jD1n2JrI2QMa-11omXo z%DAihBh~FKdeogCz?Tb0-9Lp79p{VeH}2~GKy@#P9(CiEiC!mm%0Aq<0>qb*PfO!i zKk)fXIC2gZp5B)WjUoS~5OAN53`duS%u#i?*BfIaGWW^cHiSkP zcjKB% z`r!i`u&+};un^Nr$zx;IHbo$4m77&$JipDf1Rxa?M*VgF*H$NDKN9P6j5 zaIBv?!m)l@2*>*ADje%)kZ`P@iNdjdmKb;AvRlT7$F*7XSU0Rl_T?G|D0Jk z^f`rNzxuB5ZoRxOz7NXv;akenK=i2lm2s!HTmFUnKUwrRZk!_=$BpaA$8JRz_PHy1 zjO&Fek$otA_{(*C-*Omt`A3n@hoVRR#=_y>S~&XFUHA`u zeUW~~UEPsXcarE)cQxrpkp7tH(YJHL(YL4MGn{-1RDFKm-V;78z5k<%#$EnlXH3H-(C}rz7;j@>JA{E&qR-L^%CAFlk0LQG?0Aylh4nhNB-Z0!+)!A^zEqd-oLxV zq0kxQ?vZ_EQJ6mvJ?f^a;rrwCwyB5p?-<8%FZxzeIQsSx`Fu^|9VvQ@YpU?k7k!So zb7tkN5!lexlV8#l~g#6qw)wxKMM)Rc;6F_d8{Qo zWY^=>Gw$Z47mc^0=uvkh>3foXx#%&EzX-=X9w46{pza@;j{9lkyQ{r8TPZS@FYo>72T`PQka@Vy`XcPH=PX5P55C4ax z??U=C??B9Q{HR+_IO={N z9Ce!u$2#d`+|9eIi*@oH@lPqwKf>|8Tjsiv+Y#m^r*Pa4p@{H4gQ5aN{gg89^0cA4 zt%LKCqzaf0+k3Q!E z@^41|iR(r72mbE_@RGt&x1w-7|JD;ez`ozMsd1O?6Ux&~^vE-r^i4_sqv(<6h;ZyD zFOyFb@`+hLvJdci*|^KunDn^=^wmh;i1h76kNy8Z(l;diRM8{PLg7Ef^SS>ZpO4As zl<2$U_4;eV;h(U9|GgV;1M9964V& z?#e72$6YmqW4sN85BSXcwlMDcP?zeC6Ft`FRN<9ufAqa@)LkJQ+sk3&uC7aRz|PNK z6FutQ7mm8Q8%EEg`>)mJQ_VQ$@lI>6`$F{7Og~Zd=<`hB=<^=omF-2wQQ_#rW#brc zKdT$FkXsIc{(oW|d2(BxuSAc!{e+|L8u3YPJ|{$v{>N?{ zIbRP8M@?GPPgdjT1NxswIQri}IQrIHIQsB~ag6sbt2;vU@L4JxeOM(Neb_1-b@vEI z|8E*co`Ryh2t3di*l^@QVkiEhGMHt_54YvZn;6={DsQS``jNI2%} zlyKyHDEx!N)|XGB`%{7HrZ$fLz`tYwuP7YrdzAk>`?d<{{uUU;lbQNf~qvKn_e-=&~Zw=wd z(?VjB7bJ%ZoCCaUnD?Z zkMspdKbv@d;%fqY_L4py=`V;L*N5B`{$C#dM~{SOjPKV~{7)mtyXSpBznP6YRbHxF zMD*xS3*qZt@c!M&$D)J_j1fJKeHwW>W#xY*xY)SezNZ(8JShs_OW8IDtj&(ajIM(ei#$A81Q{BCyN6!C*W8Efi zA3fe|)ZIP&BWj_1wt!t=Zl6)ftfnsJviGv#b9dgN&@ z9C_xFPbTu&Dtep;xIy~YNT0N0Jq~lb(F) ziyrgUpY(P~LDXMHUBfJT%-2%kn6Hz<(a(Q`qd#|q|J=mS*AwIJ(W{g{dFROS!oPrU z^rx6`^ry0Lve<|}O%-v?JW z4e5&-$9@L$RYo}GtD|uA^DE)#&tT!5Tl+qYGVb!ErabdS5C1=eqd$9vqd%vGBhN+Q zn6EgWN3N66mHp#H#$C>rDQ6bZBTsJO$kU8`QjyO9(PO@rl0GHr_lO?zbyPU!>&32- z<3c}^2uFX?3vYeV&sSFCt`8|FPjS)1zkzV{r@3(Sr;Bjp=_wrZHA#5B7A{#RG|RYq zl$>(@B6{TcT{!YQBA;aB^U4>I{lt8gG4ARnC4Do|W4_u6$9zo|j(*M&j{f{8e1qM8 zX^nB0Ckf@*Cwlnb5{~{n7LNYJ|1z=<$dg<+<}0u8-Z%Z<7c%a0CZ?R#M2|cl3P+w1 zGOc9Rb^SQ!teEzd=9G`Czj@J?Ug{R->$8}RU=JAnm%wxQ-BKwTK zB@>Qyl}GrtTj6O8y<^<L zUF8*yc`qy+{V6Z}&P89mnsL{M7b#D3(Zhd$aP(({aP()YaO9aM9P_nF_yIeQw8OZ| z8HaM76Fu@=5so~Wd-#4jpV;J6#yF01Fkfv+AB*(EMUVNKARP0xSvdN+OE~&-LioDV zzW90LF8>RZ=dtMFpR{N6cw>@2zj2Hg`HKoi{!hp!2KjtTJVbn{_~3rae+tL`bnVyV_fLx2g0#`>m0y)2uIGr!jW^faMayy+|Ad2l=Cj} zr^Mgu9X&3`aXn#A<2tTU!V@M9w;}XB`8*;2GsGVge;_`XuM~Z}2zAki*M*}G1%+e2 zY6(Yw+6o_TAFk?R-1Y4d<(xzOA@Q~11OE%caXn#-ul*l8{|Drg+Bn7wpVx)sddPyp zaXn-i@wcz<3$-VHpXv?}AJiQq{O7ZNerF3WbL-Oqb8uDr&zpYIAkY2Pnfj(qNtPiN6%Ki@+*@=p-HVw>MNO(Xw1vPX>=e8${o;xJw*$&nV$3?0vU0;#1LlZi&9?UjK`j{UiIc;B)Vv#<+WAFBQUn zkXQ82dU>D1!Yi!sz7>UMY3KDVg`+}^SE8#Kh`{VkO&js@NUG(tTA$-aizaEYXpK1I$`8)edg}lD-AYaVocmMT+ z@#@C451mE-t?7pb=x2z&hv_$p9`kZnIL4cNaAeMM=2OqO=KMrB`tzA^^k<;>Kd|qW z*eiU!@eAUEoC$_R=A3K#%*HimVbKpY{YRole})N1-9_S4+k9>Z=${Bjf8q`G`H>U- z$zUAoB#!yF628ms)7V>lkaM=^e=_}=0R3LkPc;24(W5_EzKP6_x}}XHe-rZ=9H1X9 zJe$>9E_|lF&$pWVkN61T4J`Gr=jVA%IQ&Zr?_=L{RKd8*f0+Cyh#t?g(}m-CcBydm zXO(a~?;jNY^(!tx)c1@TcaIKHo;#vPo~Oc*r||H|{y<+!IP@O~NB)Mwk-v}dOcnj{ z)nMZ;|3S(>UG&JaKsfT;5)S=i;m{`@5jkGuPc0nziwLh($LB9)+~q$&`Rj@vd721E zp1I_+pM1`X9zIuv!zaeb=Z`DCaEvRb@QHSxw}Qsqxb{(=%A!Y}+QO0NTk_dUK6{Ao zA^xxU!2gDD%-0j)r|m^RDmyN4`FE3lCE~k?e@=WS@tMST5Z^`oPvVb=ZzrB*w1438 zY$N`WaqQmmR`?HgQ<=%e-MF?;o*zYzajg}OJh8|6KSqA!NhBP3UJ;J# zGqVftZ;QQ%@DAzRtb{_PjJy1sDgPkRBmXGj$oZXc^(SyWS@KucWUddK?$^BmG*^PZB-maT)2?kbbM^@w)7gaQK`PUU!WfVJH-9 zf;YvuaJ^Xy;de88-Rr_{E%iPHg`dgkc^Tmy>|)jTg^yb0{o5FKfBg%Mcc|zw-kqdh zP5P?=`X|Eixy9_?`aeb=(6^$(E6fbHEmYdL%W2WWzvxVSCFPkOLO=+9Kr|491HqR01+9Tbl5 z9lJz6KafwV@B9Ooe>w47#*qi-=ie5NewG!Ee%2-bW#m6cIL@n|6(98BhVWj0`u)rU z@>xp$87D=LYYFjpjALBzuR{9oN#9iT*e*H>hfgoz*bht>j{U$g;n)wX7moeF9^u#z zoEDD#z)j)U54<=zx<89)yxEMSKNxQ-(k~+Y-~j!%!m%Itg?tv0&tB1EU7Zn*b#+rX zw$m6>yeaZyJ56ugt@8y`x2|w(r-O*kC;c?>$Gk5i{XEhi7CpApe}!W^eL_BS$tU|% z|G?#+L%f7>j2GK!1>xvt9pUI_8}gq`{wsxJJG~=5=tInD{*RF-&ewiBjc?rLpGE$K zM33X2_k_d0l5iZK)E6FqjW6iwFBXnGTZDi1mmlvg;+H~PKpZ0_B zMUQ=delhOySWCirVp+2sw>?tu^cQ$c51PJpr;)8LW zBE22*g!T6V^a*TZc6II0FRagH9OFel8wp3Ftz2Sie*B=qH{G zv~F5^k^tZLv0tB=jJy1HDkbdSTJ*@@NjUo1TR8eTT6mf&etmvt+|{*HO5wWaiQ6f+ zFn=sQ$dkdI6rGQqdJOB|HjeQ^UxoB`YBsEID|+;Ex^VdXBD`5smmumjIQiSD@i4ze z+)k;7c}iPf$l2ym7>BY5?_j)$aaYaW$_W2K4bh*-?elyj9MAi$gyVU?Kl$5RJz@XJ zqW@}@Uq3&P-rm9r>$i!1ezq_U?Gyf>ruT_y2UX|;`uvh`thdy{vEFhBPq@$bA-{3= zXdpfRb|*f7_!#j)o|UBUPx@T}`tzjkNBY=y(24P4y%iFUx;2G2{luGnWZaFbFZs_D zJ$x1kM?Y5yM?bdgN&p_ay(U_9DlPs|WGo#xX8juUk$yj>A6`j_t9faBPoX2*>N1 zamHPq?v&@a=rP{A!he|Ux4Wn0^A-7&wHJXH7ksJ;$NH%!9P6j8@WZQImqVd0#$Eny zRCgWmFNq%#ALMyN`Y%YI)Lyh}{%pow-L9msAbPByuY{xSIN>v!JI7FH3i*Fd{(p-e zKG%e!pO1y3p9$^c1;$nOaJXzJrE!;{3)O8%yfg97#Rqx5BYh{*FAvafC4EQIUl2X| z`HG#CL4MSIOZXc5(0p;@Zd{*{e>>tGh>s8-)LljT_N3n}dVC)FwD8h3e4p=Iw4I8XS5e43F@ayu!EobbsYe0NNj zI26hw{DAQfjXRYcYJ~OeMGyaeq;E=jCI#r1k-iD(w+86<3*T!`!Z(E@&r5bP9eud+ zuP>6#xEohvs#}wIBjT;Z2itXj;aDf*gkzn|5svNp7vnBZL#n%1^w_S?3derwKKXo1 zK8fs22=oCyFAK;1A*XSdrvdqt7Cn5b2!~HI@~KZg-9?Z28Y~?BoFp9mTu1)($p4V& z;eVO*ACW$$y*Y&bK>xCF*N3{K&mEwz7{F@^$939`gdeXNRVeDGrEypHL#jJo^vF3| zc&v*4j~0_p9r8ITdieY!969d@FMcB&GxUV~KOp}c_9h(qiSvgAgyVhx^1_j)x^SG& z>?r(>eOR-bao4x^DbFa;BhPojk>@Y+sZBnqR{00czZUUa#xY*xFCrY*X;&d$FILoN z1${e1HHbHe;@HnO7LNBXJ`;}D(F2XUoHZ%uM&TK)?p5M7NS}6f^mwZie~WlE;#G`m z9~zUsD(Sxn(DxIL>&a&cN1qo9$Ms0R2_G`dAD?V7?)vjT%5$H172c+P}{!>6Tiz z-ZI>XY2t(HUUrc_1L>~?=+keC?tgmHziS-*g#TdS$Uj;*&J#`(j`M`eg|~aj7hi4M z^&uVQc}DzI;u$vk2b#04@bh-wprh~@c5~magkxM&g>T&Bl11Hz%D8*<3g!7#^r(AC zIO?X_5}6Hh#s%A779=Ntv?Q5Egbnb3&-*NDdR5x%Tzb{ zAO3;ksfd>#Zilu}im31CA)bQt6No1#zSB6?Kl<~JaP;T8aEvS2Hg5`_l{ft3w8mZj zWK=hw=ux+laMT?l9Qs+pp1u`ArR&|%{)XHv>}P4uYy;`Ye#qHcNNgU@*X z>cWwyuJG(v{Q7Aw{4L|1g#TX0`}Y@qXovS1X55V{35{#E=#le;aIEvch2wm}9pM<) zQ{gzjk@nBXz9p^f^Jg;dawevng+-4%rGz8Tm*kU(e3lbWNc<1+f&X6N7}rVR*naPm ze**Gh4>A4EJJ@wLR`62CzFMdImq`Ult^aX*%9!ZEJA!twlDTsWS8 zs|jy^(yzBV#@%@1P@Z<8N1ksf30&_7OS+~tWy{>6#EK)km2 zpl&nL$0YrC#A6WOM?6IQVu1gDq_>ZTMkNk~QttMDjCn+!!p7aW?5hsK`sxAtHp1^6 z3(G@&$>*svv!CxokK?xm!jWeu`8*+?ID344haM9zLi`c&8pbhRoF{KA9OubD6OQ*C z`UuB)#qW%}k`Jlwa?xX4he-c`^j8D)G51D~_de;<7{|EapM&)GNdKPb@%~*c;pk6O z;pk64^1n;|lSGd^%SeBR^jib;G50-xeI^mUaIrT_ZQMP&P5$LXk36-7kF%T4)h8dj zbxU~V_9K3i{3nSI*7HK)sJo4PZjjGu(WC!2gronV{gM5_`b;7m>+=ocuB3g1c6eMR zMUR}#NPmrTb`Q{xBK=j;&kxYACjAxC?-4!L=UL(C&n@BTPx1rN+skG0&tY7*mlCAE zMEVZ`^rHg!G~w6n_1!%3zexTEMUVcU6W%(fe;&L{J{QO*&B5sL{!6@$af}zoA&rFN zIH$dE(jllh1kb*-iW$@wkVh=kYA@_lTb%-pe@V7w2;Z2}d86 z2wz{q*IPmUr^$b(=;8l>^ruLl_ega9zlfJNj-1F-pY$h5-zh-fOE}K^O&1RT1;TOO zZ>8{kll}I!&bW(mg7TabeZ9qgom?jUanh$a8r_Fu#H$cLO1!CY?avpaKSKHu0s4i) zF<(ClM}Kw+PhnqrdC0gcd6?>66+Qf4KIX@(`Ev-bIK}rZzj0@Mi2PfM9{!&RNB#-I z<1Y8}IF0-dlK%?P!~YEF50F01@#uNnPdu-29dB9E+a=WD0oM=Ew-k=`JXko!J6br_ z^K{{7H~K!zH}0bErTjZYUvr{CZw*_KI=$=uh&mLVP>%A>xDl zbA->G#)xn;+rY|KJkJ71=4RKeb!UYAJ==r|LPbn8>(pBS^Q2uy+n`oFi1G^ED=6n zuFtW8{5O*SPSL~v0qHl8KJRJo=g@lM<&Eq1RiE_hNZ%n> z$9IG*Fz!@8Q_eHQetRa+|M+F$sGC_hzDGE}aD0z&Md4Fk z@cs>qyC`-GnD78Piyogp>LDEG8NLyY^9&1xqn|$t$GDCP?^Mb6^Newqa|!kBf#~6% z`Jd=@^*!n95w}xg;Q}3v>v|hV`bFe3H9)^mIJU<>g=4%2gkyU=E4=e}z7G$DpSQ)E z^55w3+95^w5B^8oZjBn|pBUHieo6ZIG~ST``bEOg|DS|oyt{=r{@52eY}`GXM|H1> z9{#B>`0;A~H-(R}gTVsEo%LMuZzX#8cNC8N-wOX?QMjF<>Eu6${8x$|{%1))oAhZf zM$h9c;`xm0c*~J~Cg~dl=vxWL`Wzx0;~gU$>vM+i33eW8mGCwX{qev7<1XS1%9-F& z^mwNe&um=BTZr`2NM9{L-O-$^*eJ6!l{_JlXyxGOo8>V7YJ_#YMy|4YLEP3gyf zi~OgMf2PaP{h3U>uyOPU=YdNJN8PHzvETk!IQHA)g~MmL@Y{CX{%Yec;v~v>UG(sI zD!kB4zfNLbi5~BFKsdJ3D&#YceEJa|OMH^}z<(L($B=$&fc~s-^yjj0_{X{C z$BS`on-gwZD3Nhjax~S=B6|2&6Au3-!jswk-dmIZDDs~!diXC84*%W4&tLcX50k$g zB8Pu*P4w_jb3J4el`e)|90Wn&mR$9@HgLw z)5cwtZzxZ!8;zrCb}8f2ly8f4*$x+duH{2U(2|&9zg#6i1#PHmUutn`^6u1PYK65 zc|bmW$tUkEpUa`IiI+F7>$X1W`;fj-AknZ zlJqg|MvfQyVgbC8@KkxcSxw{a(HG?Z74fdbe+7X_u*6G z4T!fP-r2bJXE5nolYV-DeoX-1Bpl;9BfRccet&Y&xGUL;>b~|cdR#4u7c#E-YX$Je z!b{lsk?!Q*g8avb9`in%^vy}XM)dfc{$b(RkNqng`?34NaXnIkN6~#~Ms+hAM<4LH z_?*J=x%kS$F|OLeaa`9#c(D_{cx&VC(I=E=qUeiM_qk^Yk8RiC&liq7D}=`%>wSJR z?n*YLx(7v%x~GJr?qlJo8}G5NgML+VbC#i8)vI*5KA$nYY{-JPOf8JO)>h=@f z{;n_bjdAzL-hy>;LbF7Vx@(1_?mhBpMEMgwi5xHTq!Etik^IJ;MMLtbD0=vOOnN(o z7tY@$KtD2oFBE>aci1NM1Nk?gJQqZdJdcG}wu7t}p87sGi~8hK*f`b$e5we4Xzyp$ zCZBrb(~tN^#3zXl{MV7bF6j>i=r5E0L(<3m@A>naPB^aj&MF*v3JOpAn=ew#xO-HG z>edoH{QC=s|7`Mci8I>gsH>Vf1-YJ7{@%q=Of|pX(}B1 z!?wclI;fv<*8*2}xYb=De3J2l!V4L{EB?3+wt#(kD)J*|P2;HhPaZegP-wE~G2S`C z;j=+}R+-Nc(ZeUMeaWllNh%zDdqp_ukinJ`|-{afAsB)aEvz; z(;s)B?qc()WE|tdcxwrVPkZs{X+8r)51$pn;j>OS`nF9t`gYnl@~5@B$?Qvi!Lu39 zCwx;b-?tjZF<$holjyI$>Gh*TU;16oX9ypd(Qk*#g}1Ebl0{uZC4A@|?{h|Y=#=-l zA-vyyKYy`fMb2ZY9Ns6haf}N&3kXNf(!!Cmsc_`%Bpf-v7LJ?~jALF(WcN9L7Cmxq z7LJ?;g(K%(;m8@=zQh`RK+Y7xk@F4X$k{Th&skpd$XQ1?a<&kToCAd;=LF%%IafGx zt}%|B6JGZ@ABrA6@$5^%(T6+5ygs$?jnDl0%w-(@J2H8F8_~o6E8*}TA{_qH#Q$kV z?|)MC@V_b?{!fI%Kc#(HyUU;74=G$Ar*ZTF*ImCQ9G{b|C>;B%_l4tgcI}P3lKH6a zEaGm9E@)p6dq#XP-kZWP-cVe>y(9nskJq>>nV0J36g}?8*iSgdHB9)FGvT&{z7syv z_+sJle(}YBGVUJPDWR~@f5dZpX_%*s7dbA>OM2m$mt4Y;zp!x3OD*HBWG<>Zka$kw zQ^f~;+e!L2Nq=7SJCgYQ_Eq8e%Z7&=x+fgp!~0Bl#`wNS;`ovM!S^w}ZrrJIP@bZq zN1igmk>`KHk>>;9$kSXn@^lqG>AVlsPk0r3Q*pd-+;?lPaJ>FnZ``@QLE}9vdaQ@X zq|Z+JWG_Yb6Z&caysPlDSG-v-L< z!f~IjBEsQcS~!lcY6y>K_j{>p+*Qj$`3H&~{v(CMf2!~e+kM~XlK<=Ee?au`KPepk zmxcGW_ZM%Ie`fN3E#dR$J&*8Aas2lCj&Wy^iF_Ioe~tL(;)DE?NuQDQ2Z(1NemTG= zj=itqq)v}@^0IMVCs~DKos<=hoK=OR&-H~@Pv!gbiE)=FJ>?%QdiYNg4*vzhzp<0z z%gH|-`JWO!{4WTH|2^R=uK0EEANjvZ{y7srf1MN&zVG9xfk*w6GVUy1A)n^N(-I#b zK6u?RpY&-+|3`p6PLk*6Oe`GF$DL#c@8Hjed=ets$(IR^^QW)~NXApex)e^m5%J$qI-{2vLw zS1~GZ)KAQ0e!iS_3i3~59Qom2Q8@f-3dcIHFC4Fz+Y4`TAsi>v)wqk2oboIXp3uuf ze-KYb`U~QZ{-;R({Pmef_?7lv_l|LAos|6hh#vhJA{_mhDZG$J5V|$!w+zshJ%DGzf*d8|u$M*QAaBPnUgkyU=FC5$BQ{ygANy?ML zuAA0AXAzF=@eSc?R`~T_UU;dkeqJjJ&sWs*I>ud|ryx8JnJoxgo$SNN~;1?bC>{vr7{2+(&V{R7eu4$!X% z;CqFqs_N(QDEZ$f|IDvMju*!#IfbKdWrU|L>dmSccm26X{!K*>|1rYhKUp}Af949u z@y}}IcK!DT<1Wu#%5z&dj(>8$8rcWrsVMx*GQOWRj5~jOizQrTlISts*}~z!R`@JC z_}WDNw<-T|(Zm0xbkEP9LOA-FUO4)hPxvpzyl-LSZoIcBPaEOr=UDN=i~kq zUdrBI+)w^Dscx$DK9|emcoF+u5#l#UKg78159bI!`m3Mc@5$#n`P>&h`X9>h{QjpF ze!jmq%V^x?zefJ=h#vkegrlDwgkyfY3CH{n6aL~#pL?8fm**@ z_`bq886*3H=jD{b@w}YRxXW{y{40na-&fdDIQsLMaGdY$Aspw2hYL?*8~1qQF3%;( z^N;9JH^ys`()Lpat?G2!nla3hR*jcMFH zIvXbbpU;J3{VW$BjCY6dx9xfK0QsCD|MXcR$A$4`6Au3p!tZtWX622${HMwPW6{HZ zxN!JS5RQJ%5RQKSBs}ehemrZ9yF8~T&o$xbXTq%h@0|WG(&sXc?G)#Q>Iz5xCc=^b zQ{l+pOZXr6e2#&}U7nMaXSHzTKPx`S^Hlhd>drChwRyJa@tz?6Ld1^~uVx&5fPX#V z_&%>T!f~DaSHkgr%6G!yKVSHh5NK48FVVy2U*VXSyTV7>NrF__eSdVk z8HB?pm+-G=_?&MUcaM%zKbwjkIX@K+|8BzT%=G?Wlm8L&Uqsx#Vl({PQ^XIEKI){~r;>NWPHA#Pf^sNH){Q~$f;W%!YCj8(zUu2$fH~Rfl_oV32&wqrYpLc|}df@x{ zg#7JRT;VD?b3A`Nyd@m|rG>Y*`_xr7?yBvj{9lS5`M(wp|B=EQZ1VY*3y04-;o}SW z;>V1;JbNh5P0_(9kk z{V$t{5Bl@9aP()A_>_9Z`}`n!?>qQTr{lfE|aH}p9 zI!->nhKc{@#e9+D%K4J#>5XGtSfB3-Z$H`peO2LDx9x;~G{ooWA^acn`9^q-Y2JUb z@ZFz!pP!Ap{w$(#?GQaa-}JX|^zEi_T=y6!e`J4-#Pdbc8ApFGzqy6qd)p-oh29m8 z>zu0!$92x_g#TzC`tKne{U0VA{a-M;Pui_t~N6sU{kuz=q-v^8rc~T2Up6tSr zr=)S0$8Jp+?oTVxV_v!l$Gi+DAGZ>w+qmY49zM&3W4^YF&q(t*BYOBe3E;5{M)qg) z1^+m$arD2K`PULX{Ob$H^H*!(#d7=g-;w;Mhdb&2887-{@B2JcNk5JBTZlX7+Hw3Z zPl^w6UKEag#(c}yapRp#{%MS3{lMpK(oZ7&{{r+K1Nc|M(YL|ETiE+yql~+p-%;Jw z#9bdsSs(U@5At6Q;CF28(Zgr7aP)b)@b|a)zRf3pJ7pQJvWK`+er@ynulS(uZQx+MC^B*gE_|Fyne^KA@?0yah=uZnrKd%Y@w}kh( zNB)C63jdq7aO674Ud^xbOvc@#fuyf4dgT9D_(R(`nv>4}@);|7_{hWmAOjePo%Px>N}eSl9k;pp>Q!e`mVv&D_O)P2dnjp*UuSvdR$kdI4# z-qyoH;n|FD5FZ>@>=j=8bsy@Ca2!9}6prmBcG1Y~<$eD!^r~@eFL++gDI9r<2}hnP z!jY%GaOCM=-1XV@2lrwdD0<|XARKw-2}hol!jWgIaO62*9C>hV<+kXN=Y?XC>kWC5 z3rC*J!jY$daO5d(9C`e#he98Ve)MVon|8vp+UuI0!twfI1^IV_dDQ>!6#d>Fe!IIY z9P9s%aIF8B#UuMu-rkptZ`_URORAe&^wqZczki$bUy!~Y@vg+Xiw|-R5x(9&-#(gr zx{%L$(Zgq#@QOu!e-4pPXYz^luJj?N8+p`sK? z_aevJ>!E*~+_)QWGx9G={1f6e#Rq+8LHZ`7?-`&UDjfZvOFoUs=U36A?k&iCvy>U0*hNOQhKwpXUACtaufWCVGA18cuMsGHS{2P$}A<-lMDdBh?xhnkpKEK`F zCI9;5pQdzVe?GkHAHQbY^`{=`YlHv#$?q_0Z)RRQ{) zr2il3&j;uqlD-P*lazaYf3g^N{i#g)VgdRZq_0H!mI3-6q_>Z*h5u@7fPMk#E0F*C z0R6E5euaF>lg|s~pWlbn#$6xEkv>m=z6|NhlD=MmzDocfNIs>>XKH}{N79!f{q_L; zDbl}3`g;NTBo&_DpG?MGf9zC6*sXAYzE%Kl9l$#Y$MflM;n;7?3E*o3_<;a^QaIk< zc_RE#Ccoc{Rnhmy_2FIW=X=KS`WiVu4B(B0W4zsk!)HtYUl_nQ1n?sP{ETqqc_JKn zl2>~EI>`~hO9k-C!qNZM!n@kdP&*oT{Vz`apG&+L@n6LU*K=+Wj_Vu_3deO0w}hh) z@hU&R56Oh1pSgs?r%V8^7r@&ZcYP>IkkI#FOl9Z?F#E-)bxGO@xB_svk1rfFCaXb?Z1i|ck9qDy$aWD zDEhOl!#LD}^mZv#_!r+0Pwl1Qe`gU-MEnwQT*K~u9ivvjcmsGA;r~Bg;r*KV=aHhu z-FRQ3Jgr2J?YgV*K}+3VhC;o_$IT6XW)Y7I81?_Zh!3t)-7Xy0sa_|a7s)4W?da{o z@f7yEGRCn^aKEyKq>n>BpNk&XoemI=>rN+=Pi*p8Ciw4j4Tjy2 z&E>C4zer-WT-W^!dXSMg$wPRKc6!cPlJuzM5YBZtJ@>hh`(@OR<2;WY!qjt~_uj;L zU5zBp>wG$K-Y%9A=j~`cao+Cs5a;dpG;!Xa+#t^TCA)ki{C~WE!#!SHA9z2R(SfKR z_kX;<#k~_9&lvST{FEg9Yk*PzZy!eq`|$HfBhqIkeFx(Fyw;mIKR=En&d;;ciSzUI zGUEKazn(ZBC+s1fgL0lG&c{(Vi1YCq7PtE~AMe?15JQghab`x_7#z<_b@LMEFGIW$`IIHzfp|IM zy@{76K9YC^;?s%q`N?I(E0KOZ@yf*a5a;u*r-}3V+Z)8Il26EX;%+_j`Q#+TtCKz> zaX!DDmpGp%FG-xww^t|5=j|I2=kxp>i1Ygny@~Vt7bA&(NcpD|uSU>JAby;9D4u`d`h0?T65=O`XC(d?@w~)O5id#nH1X=h&k%1!{4DVf#Lp4$ zP5eCZk;MNdKAreK#Fr8Om-u?(7l`j6ev$ZT;+KfuAby#6D87H-`hSIZ65>~hXC!`& zcwXYyiI*gPgLrk~H;FeQev5bq;fvFp&5t#I2WG zj9aI-47c8I1#Vs9O5A$LRk(GSt8wc#*WlKXuEni)U58sYyB@dBcFv~h2@)oab-Z(N z>xbvz)-BJ+vnSfm;v165ow>s&MZwP>p*(f*RcW zAk^aCPoWO?z7qAg_rJ*5EHnM%Dby**#l7!F9v%;6rQ-APeHq^ZJRdK_z28bP?)_iN zaPQYvfyYb2Qu$Qk-iNLVKaG579WDw z;Y0Cyd>EdSo0-mKcrG4qX^;xc!{aG3>FJMq-{At>`xh7D-XFObA5A`G_&In5J_fJE z$KqA^xp*~x9$tfw!)x*L@jCnhydJ+0&)Fg~{VVWXd_10qUxer57vlx^1iTQRh!^9R z;AMEcBtDgR1wM)RO8hds3cnn$#;?F@@X2^BekERqUxnA>SK~QbW~P57o{L|D=i%4l z`S^8s0X_vU#IMJT@#NaIkYO2q1MwC3RJ;_F9cZqv;7@(`YfKaA(&kKhIPqj(|y7+#D&j+fz2;1&36yb^yB zufqR_$zod{wiLB&&O-=*YG<0b-W&b1JBteGyQAvTzmnZhrfyE<8R>w z_(Hr8e;Y5x-@(i9ckv2*5nhSEhgae6+p~8di-NNXWPv5ufuck zPw+haQ#>F43@^Z!;Dz|-crpG3UWWe*ufUh$mH3x<75)`ojem{T;LGq@{2ROu{}!*u zzr%ByWu|{Uo{N8v=ixu#`S_1`0lpkB#DBtz@t^TB{1?0eUx8QREAcA)SG*ek4X?ph z;kEehcpbhPugCwubGFM&|D1S^M37v39Xt~ed}{GciLb*q!|UFC_INeE173qS$7}H&@j84bydK{f z&)Fd}o%8TqybGR(cg6GZWAFkzURs|TU?JX(_+tDxybO=GJV~`vfuBHpC0>YE;V0tN z_(^yT-W{*Sd*F5W$#^|}3ZBzEGyPA+bMc;d9^MPj$4|ox@YC@^yf+<_a{DQ$ISE}fal@^@uUuGSS}61^NBwT zFTl^n3-MUeF_lO$K7{x(d?;Rl55p_*GQ0{Oj#uL&@EUw1UW>)QapF(%=Djx=i!&(`FJdKnrff`zk>Ked@^2) zUx}CDv1C}P{R;eQ;w$k=yb8Ytug0&%Yw+vvT6_v#hsR6lQhCnEZ^jGpX?QVy3toobidW#b;gxt5UWMO|SL1i!HTa!)Ej}Hu!|%fD z@w@Sy7CEWMIt|bF;JNq=JP)6V=i~R{1^9h*`({tvtW|0iCE&%ulFr|>fTX}kh| z2Cu|x@GAUSyc&NFufdhH;S2C;{7t+De+#e07vgpJ+ju?x4xZC8GyUJibMZxZ9=;UM z$G^l2@UQSf{A;`zUxt_A-{2Maw|FJ~9bSdk z@g4ADyg6Qm?}%66JK>f1&Uh7`hgah*@EUvg%{#`$5Q1f&%^YMXr0X_&X#LvQu@w4$Vd@x>t55X(( zp?DQO46nw^@EUwLUW<>w>+q3yJzkFIw9ZWbQFtys8qdRHY3cO*kB=d~03VAN;^*SU z_<494J`S(I&&MnA3-BuZLcAKUz-#dFcrAVrUWZ?d*W(lLoP9FWe3@^kl$BXeR@G^WdUV&eUSK?RURru9-HC~C=;Md@___cT)ejQ$qPr;L-4`Dff zJ)YYp^S%5X&%aG23~;A#0&9z@nZZwybPa(SK#;KmG}dA z75*SzjaTC}_(OOt{xDvLKZ4iekK#!YlQ8`s!*la9)BgoL4}THQ$6vw=@OgM4{xV*S zzk-+Hui_Q>e7q8W4X?sq$E)!-@EW`puf-SOb@-cjJ^mJ+(>61m7vj12+jt)S4xW#{ zix=RF@Iw4OycmBUFT+2;EAYj5CH^5^g@1%s;~(QScpYAge}dQHpW^lSXLwT7GR*%= z@Z9|}-^=HC9{vTMkN*oVz?b5M_?LJw{uN$^e~nk*%kWD48@vkt7O%#?!)x$*ycYi+ zufu=9>+v7)oc%M?c{!eo|Agn^KjZoMFL(jI0x!f@;>Gx{cp3g1UV*Q|EAij)Dtt9w zjsJny;5m)b(<(gI;_Kjb__}yKz8;>_E;Ic%#dGn^@H~8TJRi@+3-B%QLVQcS7~cvn z!<*t2_||wOz71Z5Z;Mys&F~t0JG>U(9p)4-U%l z)A4wUYf2u#$|jTgLa{rE!3UM|g>cG*h3q#N(m1lsCuYA)u7+j>kh2DbL5_ zF7uQhgvVXEDer{GU5qI|9#7`s(4iL|cL}88`{D7YYRZS;@h4Qu&%xuSeagquVDcqhC)-Wfj(KML=PAB~4)X?TSEyQJQwpU%L$;>o$zAwF3)hR(x@KbH99 z+}#l04NuN-4SpP+oC_NKcsx00GWZF2a&BSpLOeMKFZhXga;{qNlkjKBzdN3s`xN4n zWq#v97Z}77cY@(C;JkE55eb<|1dn+2N>eZ@MK?E@Zor} zPbqk^%@8^#`(A>N3=kj5K8oPw2{ybYzvY9E!js>;!Oy{)G)jL6J_b*I8wMYXC%>VB zpNl8IHG*G^x1;?Dc(M%~;wR$Cwqo#PTPSosiFPg}zBfJz?~frz zzQOwG58-=!5zob6#ka?kZOhQPCH@-mZSdFe4)`1R5qK@$4PSttg1?Cu<8R?-;|uXo z_}ln}c(TnLI$wsrOZ;{CBK#KoJ^UX0ef%N(1AGp?7=H=>5MO|Qgnxj4jDL>T;osq( z;4AS@@%1)He+cu{XZWW05`0_ybG!xq1->`_FT6dz6h93A67Py9zi~q6?)cZlpMfvK z2jJh}!|`wN^YHKRiFiGJHU2$*6aE7}9sd!30AG&J#(%<}!+*x-o^|kY5*kN8(Sycfxz)JL3cJJbXCb0zVJm1)qrTieHVl#BaoR!|%kCeLi7)AHeq@ zem33;e-7UhpO5c_zl-mUe}cEhzsC2$f5O|~f8hJ#8*LQEE5^)?P;m!7YZeUjnx zrub0ex5bCyE$}jYZ+tl39v^`phL6O%;^laEd=!2LJ{li@C;M8%_zuU%5Pu#%7N3Zp zi(ieOhu?^g!|%k;#~;8iz-QwZ;?Lt1_-lBw4>^qQyZA-Ke}Z3(e~nMTf5Io?f8dwk z8*LJXo}S+>#kayI;XC4&;d|hh<8AR|-*_0_!T4n2JL6a4C*W7%z3{8?et0E51iuD9 z2fr2{k6(vhfltA&$CG{jVSI1H|4#f&{096Hd@BAFek1-8eiOa`zZw4kpN4;d--27$ z{Z{-};*(<;VSF1k3D4>Is*3o{@Z0fb_#OBz_?>ubd^&yreivSV-;E!G--GwSXW(bz zGx34=z4!?HK71TL3%>-vAGgl@1NcqEKZsAqtMLc%hwvxyhwCH`If zG5iz!ar|ri3H&E~HvR|xB)-w6A*=NK_78k3{Ga%a_#Au>{3*OG{xp6t{tVt3ufb2i zpT&FO&*A;>=kX!KpT1$;dIB7Oz_5`H~C55En68J~&2fgMd?o%SzTRe;`RXlvQ+y%5E&ev%0)GeJ8-EvXk1xUx!{5WZ;_u_# z@elAb@WuE5{6l;={tAS?}M-sznu7A@hSLk_^tRVd8Cww)&Gv0WMFc#_gEf3!c?}G1$C+FUT z{`bI-A-*ksEPgQF4eyK}ho68SkN3h)!298a_z?U={2crwd_10J{9fWu#UI6c;!oqf@Ok)Y_?!6Y_+q>_{so?#D;37q`(>O-{IA3p;f=NoeWmBC zVtg~a58e##i|>N>!&~De_yKq+UV!(M|e4oTe5dS9L@f-0w@H_G3oY*kF_v6!ve*(V?e-^(Re-*z6 ze;c2He~iz>zr^pwf5h*@f5&Ix8*UxOE z5`P!}3jYNE8vhz!hX0IzgXe6UnXkUZH^#rio8tBOPWbnDEBpt1fBZ-M5PUg)H2xEQ zBK|XeI{pjZA76o&;VbcT@n7)?_;2`C_$quV{yTmLz8ar}|A9Y_=frdP!#C)Ch1S7e zA%0zaA-*2|5#9)2im#9VfNy}W!jo%5LY^Bm3(x8GV`JiT@s059@s078_$GK8yb0a` z-xNOr-wf}DZ;qdW=iL@oVvI@M-wA_}zFj-1{YM zhyR24?eV#IaxG67-`DZx#4o~k#6QJ%!k6JY<3Hnhc+PfV=;`^Y1->!93*Hpp72gSO ziMPU&Ym~z9_QQ84z9YT|eiYscKM~&(KONr-FU9x9hvBX9vG_jt#dsV1N<6vtDva+9 zcs}uW;BE0)_aIH%!NC@hga*hEK-t#;?S^f7w;|KZw5?pNm)GujAL?i|}jl zPx0&UWq5LJav0yA@#~4t*)eoY&sTrPH^y(ko8nXPo$wp+R`^Z$e)!FJM|>K76n+a{ zh~J8zhTn#l;8plg{C0c{eg}RLekVQ|pN{_>zYF)iYJ!|%o4 z#P7owzknZu zzlit1U&7DC=ivkKm+=w!EBHA4Rs0fsKJNYIUc+x9{&jph{s#U4UW?Dh7vRs~Z{qXu zxA1rHg}C>vdmI0X_;>K-_`CROd=cJw=gj=}9=;|1KHePv0N)*7jOXJY;s@a$;hpf0 z@#FD2yeIw%-WUHAAB=y7kH(ka-be3q{Bq*Iz^CB1^5 z-23r;gTGJwxA+qLJN#R`9$$ffkFT4TnXi7po8Uj<+u+ObJp3noFZ^e`9sUb`D82&k zg0I9+!hgkkuuKH*4um)x8CO4xb-$a#;v#cC2qaVA93q#uEwpm*|Jd( zQ*i5T-iljqa|Uj`&4+R8ZO*~1xA`J&z0F$OdYkX#Ne!GZzDscHZGMYeZ*v81z0GxZ z39Y5K|E;h?MiHn{aR^Kk2J?u}b-vpsIT&BJi(ZFa@2x7i)H-sTy&^)?6K*4rG8 zTW|9`+XljUE<&--Qh%J}(! zEZ<_CG#r%WTSq@M%MXoyM3xVTepHrU6aAPhPp)k{KFgD9w@%9PAX10hsO9xS$%^fZJlSb zeDmmYvwWxMFK78~(O=KXL-LEe^i!_ zjDBpEUl_eG%O^!YIm@R-KP}5=MlZ_phoYBc`7_Z6W%*0dhi3U3(MM+ayV1vF`Nz@E z&+>moPihV%^V_%4FU^YoBYJYpeiFY)tS^?V9}?dtdUDNs;yXpZIjjABqbJvlC-DbG zzbh*~sW+EgbDhMW9^)U(iZ6|xT(g|SCw1kX%!dGb8%qD(Y zj8Cp{J-H?^@t>k6*9<1U zI(l+VU*a3YI$y~(cZqKiJ-H?>@$I5FitCxgTSea}%iBiZEX$9GzEzeV8@*YU_lv$u z^ze1YSvj=?F2LicruB}G%qFTC+mf_z^(te3tkhy)X@H}_(yn4 zd=zAy0y z;rY0A6x-s1iBEomgwEDK+@JV+h;N6#fVam#!;{}Kp>w17M-|5FK;n17JK#s-f5R`t z5617sJL2>4L-1elLI=nN!8b1ne zzES!^$p2{kAiN7+ig(5D#*e}0;>Y6F%j$-25EqUipX2a7@Z>jU=-dTAf%rjqA$~c2 zB7Ps9{8kN}=i}Xp{|4`YZx$EgA^(%{{qf{CZ|Hm?ek$?9@SgaUcrW}u{4{(nemedk z-W&fJKLg*6x+`bm2jWHe$#^k767PfGkN3r`15<+M#g$^1&ZYQacz^s1d;oqPJ`leV zAA~=NpM@{O2jflSN;>2@1m6!&_ECh+$Kqwgm*B(k@%RY53Ll9-jVJp+Lg)AJQN;g( zpM!6`dHO>buQB-kc(N}gbhci^xx`N-K5lBIy7tdY2Zi=8PQOh(UznHv5PU-VZR&Yy zUiw4uiRrhg=ZEsrAA(JUJE@ z;_tz?B>rW5D|{uM?5hv$Y}F<_r;lGJ$MnMIj`%jTQ;KhkUxGKo@4=H}0ipf(@a>6T zci+%8ozD(<3%ohr5#JFn!INVRq1{XHor(Vv&%-y&4}GQcX@R%GcfpUwlVcg7|Gs!j z;xET{!)M{Uz806qkN3r~)Ph2j2!4mC^TN>9(xcpiQZekh(C%M1PY#m5pq2|pLV z8$Skx*L&NDey7(SncUqJj6{6hRUyaI3jx6oR;{qguAcycT<#GQ^`O#E1U z0)9I_5q}211Yd+F$2!Asf59ga-|V2!HJ$%u_yPFkcn|yvdmelva-J_o-We;dCCUyjefw>~tJ|4e*;{9gP-{62gvJ`2AAzaM`Le*k|6e-K}R zSK~bn%jEwMJ_LUlpNv0(-;Y0vzluMGe~CYiZ&8rR=LvjYd^Ua@{v{xrVc;W?>Cpl9&C@fy4<{wzKKe-597Kabyy&&B8BFW{fzFXA~zWb%Ir z-wB_Gcf?=DPs3lq$KbEx*WmN5-Z7s>OH57vP8CZ{h>+xA2Mh zLi|qrZG0~N4*ntjF1`w1gzwlXGhXlE2jlPKz3>n45%^;K3j9O-5&R>30sb-m9bSj$ zcFyGg3El?(6z_(AhM$Em!6)IL<1_Iu@K^AE;Y;zQ_y$L1^8XUw3;zl)#J|Re;>+-> z@Ne)3@o(|B@bB;~j?Uy+kGI9Y$A{uS;FIwm@oIcI{to^Vz8wD|AxPfufl)Cf5-E?X7XH(m*9WkSK&G9ruz-g58~_Kui@+B%kcH^O^?as zlblNyWIud;;!nXhz(?a7;#2U(_``T|u38vwExs}F-{PC#O^ywHrMCl{;Ctbl;wR(D zxp1NXk@)7sPr-BXNAWH2xA86UpYh~eyD;3Q-NJJ^|E9$6hi{D+;>o%Eq5q-yw!}}y zlXLk({PXyB#4o|O$JakD^p(zY2Yh$DIes#}BR(4634Z|J8UGN^!?!*@lTR1C9iCi^ z5F&fx#}GdbKNi0Q?}q;qKMsEfKOX-LKLKxdLMH!0{3QHDybM1HpNV(JPb|!|-vb|p zpNv=Hr{FX3Q}I{v|cf2<~1V0160#D904MUuX7ZLvw zUX1?>?}M*@QYQbt_}+Lwyc=GEpM{s=H{<>BkMZPMnUKjg-819e6%|Cw?qG9lr>_3$MoS#$U(p z!B^rl@NIi%@|=km;`icZ_TM{C>RM8JXcefcL^5#LMw&{6734{5||({1^NY ze3vsb`8=fk_`CSi_|Nz= z__oEF;nv{o@n`Yw_;dJh{CWIpd@lYV{sLZ$zleX2zl3kzCnxm?Kb7a<`S{ED@%StF zVEk45a(q5M1Ah&F5q}+Dg1>>U+c%ScExr%F06!Lg6CaGfgYj;NRfy z;=A_C$G^fK$G^rG;>++YOEUR_{e161_!k6Ry@t^RC_|JG1{tMo=e`dHV@Im-W{7U>+yaxXbug6#6n+?be_jkNA zz8dd`|ACLkbJk0@8J-`)*TLVw*TuiVlWXWhJDUs)&*}Xbjfme9Umrgj-vA$oC)XZ^ zb}zvj6F(i_2!9UW82=341aCYj3?=UG!gt3v#XI4f;eGL>mOyCtVmz1l+wm>%XYeiY z5Am(=)p%39`B`D;>G9ecKM3Cj?}=}VkHwqeH{jdhkKxg%p2JeJ_gm=dOz>mW7hG)j>X#8-z3*Hy+ieHNN!tcUQ z!=J}b$3MZ78Z9BijYeehJcIZ>@iXxY@FIK`UW~tl_rbr$`{Emo%;eJ#?}(S+z421~ ze7rw?Gd=)+4j+hrhY!LJD$nG37JfRO)Vv9iqw&GS-;WQ$f53<0JC4c>cNl&UUWWI? zhvVnsBk-yCNc>g29M2t{$!8RPFg_aZjh};`i;ux?#FN?!VTe!Q=Mw)mejdIYABS&s zPA32J@wWH{_zC!h_)xq8zX~6Z-;ZB}zlvXse~C}P8;{B4KM~&pzXb1$UyAp`C*c?2 zm*KbLm*daiSKuGwlkrvfmG};0Gvjp?{x|$;{8YRWAB|swUyomlKZ0L}FTkhZ_4xJp z=I3Ve|2w`9egl3iJ{3O;zY(8|--OS^Z^mE3r{SODx8OUSm&yNDyd!=aJ|3^aZ^LiL zpT+OMKf>?CSK-s~?Z;*EybJG+-;EE)@4+9(XW$F*nfMR*y?E~VnSAcU_r+)7$Km(m zL+}UitMCW$2k~nBHT)s`Yy4rn$pxAGAHny*AH|QyAH#>@FW{5$7x8NRC42!s4`2Vn zOr9^}d*ZL)N8_*J7vS^pTk+TMC-K+uI{XcMyNXPnwfKSf0{mqBP5d1EEqn^T5Pukd z8?VLR!N0}d#hZ-JNj=tScwU6>g};ZNfWMCq!9T#Sz!&2)@elEr@Q?6i_{aF>7iIFV z!}q~I!H>m1#RuV^;g{k|@LBlh_$&Aq_)`2|_y!ke@?VO##J|M5;$Ptd@UQWS_%i%X z{2TmP{9F7B{5!nSgiQYR_%8VOcme(cekT4Selflrza9Sxe+K^<{}BHL{|#S(=S|Fv z*Gl|Q{8zj;{u_QSz6zg;|BgR}uf~_)f8d*3lF8FTYXe?AGf z{`uXw_0N~%)<56!(oCM#KR*QDf;@}yq;_U#;bPqS=jD?!?OXr+e%$)!^Kk2*e}!BB zeErKZ?OXqRSKRvNhvL>h?}aC|KSRss;LVv1*W%Vcuf}&GegVESz6{U9H@-YGUM=w5 zaOz_Y>TmSrJye;|fHaU~O_0NyQt$$vETmO6_ZvFFnaOL z{qvc)_0PY@kEWegS7(Ns)NBk=igzVG9i86ad-M9qr<|O;_;%ffSHlZ%!gGr84dVOo zQW4*Wb~cRf!%J0sAG~pVA6{zW``{bL_u=L1_&)ee4tSk(hv1vUnDDX@-UM%nZ;E%q zH^WQtX7~hrJA696Jw6xT0bhbQ#~XzaYIuZ~9aHbpPc8AC@J{&7cnO||PrzH?)A3#K zx%jU561*keC~h-^&b#3)@!j!G_#Su(-U^?9?}<;x_rmAmd*e&+)_Agw8uH%7#rWZP1%3oxg&&F6 z;GOU#cxODRj~enh3U3(~j=_({JKY2QdCLP_~5JRX`zdGomO6!MR|{8Qc$ z58aYSXFTrePIW55L;M@Dhaq@~-#q$cJj5q8DXzyue6mgRC?4WZj_doU@DN|n@IO2j z;~_rzP53z;;*(`iqqwmcV#EI>alP9TzqrAZM<;wjf(@@F_(XgHehEGuzZ9Q~Pr{er zA(`c9UKYJmmR}ToV3sHA?{Rn~`AoyF!RO%D;*0U?@KyK}ym@Z= zLm02?@s4=t_I}L2ca|sjDHw;}L_5>)oAEjLG<-20hT9`03e%anRN1JRM($zmTT%bJO%ohy!$Y^c_~Ug?JPh}&INUCHh<_}` zpNNO}b7FiM9^!k&AHkJbp4@NvMm)4LDYi2kf3?Ar$0B@wf(@@L@YnF>TcuiC>O?hBuANn~?t!d`CRA|9BkVj`-)q_r|}#OYzW7QmbeJ z{x9NZ;7jp&_?P$sJhY$G`l-jiB0e`RFT?nLjpyUb@Iw3>yd3`)pMrmf--3rclbS(u z@Ot7G!r~CuXsoNH@r8#3Ll66j!(l^<8$yo@H#vv{;i}sH%|wJ zJlDbV@OAM5d_BAvZ-iIi>*H1U26zp=A-)7}j5mtw)sTO(Z#;}qD|}<(yWpGP1Mw#K zBz#kR2EG|SAKx6W$8+)AxSkLBZ-H-zk89|b)LQC*Z%KSld@Fn$-V~pPZ;juDhv6nQ znC9Z!5Wf`P7XKa(?Ig99a(8a{(C`T3+l=__@DTr9?A8I_j`+jz5TDdSD#o`begeJ& zJ{@n4&&7AdU&F(2*9#-k@K}oPMEv)7h~F^AH^~cqrKiKr#JA2%accVH;oa~S_+We& zd@{Z(J_~P&KZb`qH;H-H;=2+59v9>w>=7vZ6a-}6E%IXR!;q5ZC*V|eVEehDAL|M@X)BRs_Si}9`S zKsU5(cxrgG#Y22jYoibk@dI}c(G9MfWdz<4ABp$I%kgpeD0~_|8lQtF`3|{A#=ouf&s+ zOTzTO2G5J@$>7)G1^9J%F+K&az^})v@W10V_zid+J{3<+f(d!vi08%iZSb4$0{mvY z7@vkuz>|HJ4Nc}u$8RNmE`A%n1h2vy#r1i}^LD%?eh1zOzY|aHgA>}Bj!z)|E_^zE zH$E4?2Va8Ez#GNwg)rQicuV|Vyc2#OUV_iUC*b$v)A0xJx%h+l61*C36t`#D#XrWE;B|PT12g%5g15v! z#XI4j;U)MId;$J|0UiU{|fJhe~k~um*JD~Z}3_8xA=Vg zJA4^lk2m>SCjam8eEbKz5dRS`!{xe>S|AN=!EAZTdGWoB>^YLHtLi{(p z3}1y;;=kjM;;ZpR_#gNRJhic$PCKXB!I}Km2`l0F=zy<__r#NZx}ldbcq8Jc;p^jb z@D1=6@bEi&@Ax~q4o~(Cr&8^hdQOc}W7^5XH^P(q3I*C2FD5?OryE+Xz?%?Xg>Q=2 z;G5xfc(M;TwBP8E@SNU$$R&PLd|X5KedBa!g>ON8TRg2{5U-1e{jsd4BwvkM@~5NMXZfP&xdjc4HatSx;r|cO^9ve2G&~Z|iQA)v z1u6cwcZpt-<;O>#kmX~ePtEe=K9{qzd{&HKl;tl*Uy-p7PmWdj$AYUR?+ja{D|lUSzZ{uILoI-FVFH@qfg25 zm!r?f^4jS0vV2warCGjB+#YS*Y0dF!8NC(WW!-d4ceB8ZX3?`yvH85g$zaN%&;EJAOSLmTzaTm(Jr+ya(|M@ssft z_$hd^qtfjKIu&n$hv6o*q6+Yy#24ee@Cy7iyb3=Zufcocb@&;0auHFWGx5BmGvif+ z7vRNsG2RES!29Bt;bHnDwW4O=$+6Io$vnJ-c9!C$c#|%f{QKki_yD{RABdOXgYZiH zEW8>&8?VI&=@IvCt@G^WjUWt#utMQR|Enbe-AEc=&!V zkAHW~j>(MIXyQBI=ioi@G58pKEIt)K7rz}3`6RWyYVh-jufxaTjgHOapB#G+(h|Rb z_)hqRcnMyCPr%3H)A5V&`|&VdNlmf&_{GF8!zbWPx@E>|BHkLm1n-7lil2;!eEuH4 z_i}s^@l){2@JI2>@rC#m_=k8HZc>|U1wNVhX2)g5_e#72eihymzZxHdSK{OGkWW&} ztO~z|_!|6Lybiw(PcEtqGzHH)J~Lj|<9p&EpF86B(gpuJ@dNSXoRQG-Bz!9IGw>Vn zdH7BE0zBlC)Jm(zZzewXgfR5ch~J7Q_p1tY8$Oo!kk7qw`b@>Eh@Xw$ zjxWORz*pdR;>`-fSf$5nI^F@l3-5{FjgP_a!KdOg@Y(oGd=Y*xz5>4wZ+>DX|5O`e*mw*AH=KhYP<%22(QB*#&b@})Phd+xi#h=3)_sHb`Jl+bQi+90azz5h`uPx?~cAA%WI-H>zN*Y zGF~g9x4=U_N$to2JoIx^JdRSF<>yDQ$nvSttFrvz=rvjXRrHtfkWW%;aw)zvBorTw zd!^q5`Vw!2e}#9!zs3jR%kW9~H~0+vTYMh=9ljK=$D5p%$^U!2HU0x$i2sO}`=@Za$o zd^KK&|AFW9&g7pHml;9w@OAJ4d|kX4Uk@LIk85Z*smVA2Z$$ibe0_W_z5%`z-w^*E zAJ;J4q*h~-Gs4)VmwAneZ;fw+cf&Wv%kWL`O1uevBOdZeihezcZ%X_^d^3DGzB%6P z%+P3hymIjtco=S@Myarzj`$YD_r|xx$KlC2;Gv}|yeaWB@i5%Rakz8wt%+ZPZ-X}~ zO6MD9+2kDXAg%Cb#J9!6aGS*8cEh(LelWg0J{eEW0T08i#+wtL+{Z2C8HStG#9T=H zj>Ip=cfy+%H}u@_2<;^2l84V7io>Fx;e8W^cR&@#FAa@M(B*?sh|S zIW>4o;_L9;@SHxOuXLWf<9T>;?skalgtsDoAigI)3EvB!fhWhbL;Lga*2FKx_rV+Y z4Sl8aZ-ckOlVimpt{a|Dd>P&ruf+GmtMTO6a%jI6Z%2GR-X72G7y3%)e*m73C&!{g zTp`|p_%i%&cqM)iUX3TmibMOgct_&v@k8+3lF(N=|3mS1cyeqx#Pz@nh#!L=j!(sp zz-QyhvFOnLBD@pvEAY;E^U}~)I{%~a0z5fJ9pXyxF2qm3yW&^k;qN`ET{{b3x4}F7 zEwtWH?*R|-NiEk}Jj8d8@%33gBzkWD&{}%DLj0uY?Xvu%=!f88xJixIo_J_yWsDz_ z_rXub!*ok(+LqyciLb=_ z;njEvUW=FF^>}|gcTi@$2H^SlK>Tlb$iH3u-h1MMi0^}k_<|T;fuBWu6`mXm4H?$p zgNd)hhu}G9g}&1B+E6?XABGp;Wq2_@9IwDf;8plYyaq4F>+n%{&e@s#N8@?;Id}m+ z1~10P;uZM0colvgUW1Rr>+tjOoWYs=FTnHg3-JQH0x!nL;}!TtcolvzUV~4->+p$q z&X7$0m*9E$rFa282`|Pk!z=L1@hbcZyau0)*Wp*kQgID0m zF}*OvD*QU)Yw#&}9ezEYGc1#Ta*QrW9)1Jy1^86F7{3v(z;D8<@SE`(d>USd--73q zW%9oj&%%dvUy9$4Hy)A6{{g%e{vh53uf_-B58;#Whw&NsBltZ0QG6->7~Xhf zCjamq?{#qcbE_;rF?yFQKRf!sEWafBq%5BueMXjl9DQDvuZ+Gl%bRvg=h?V?&HRsw z-YUz7MDLR2mqs6$<#$A%gulRan}NTG&%LK zHGBsCIzA7717C{Q;*CdV@?U_r!r#QZ;BVmr@rC##{B3*&{tiA5e-~ehFTxw2lga-* zycPaF-Ua^vABZo;C*dFBGw_e_dHBcpGQ19NGA5J%CwOc8Q@k7g89o?af=|Xj$7kVR z;Pdf+;mh!)c$2Z2{J+Fo<6q(3@UQW~_%eJl{tZ40{}!K*e}^x_>+vS%X7c|YZ;k(e zcf)_g2jk1}$@owBEc|DDKK={73}1maIWLp{O1w4xE8Y$N4IhlJ!YAXuNkXYY&+>8JEf5`zW=>y^m5i-1{gE#>0AWVaIg4le4@&`m8M9;E;6u{48%8eOZ>b ziQeS=O#WfGeWSO|@(ZGO%knAF2WR;m(I;p5oanQ%ygvH;EN^mXI=^LEzDxAveuW|T z@IOC#>kHETC4NlwZn*cW8jO3ts>!(btD1!;`{u(C=i}b5svh@#RZTC<9>_kLAlaPL<&759Esv+-n~Uub_3?)|D(;NGvQSw-k8J?(dh`#i$u4i(`!?cT4d zXGMxr-<9{P8iRYks%g0QtD1x7G2F$t_p4fkd%vpY<8xAvFrRq8s*ZTFk23`J#=T$F zINbYHO~aGgDOT4|7FoTX8F|Uy|a8q^l@4KNc3r0 z{#^7qS^j49#aaGg^i^5DEPC?^nf$#ES4Z6Ya24a;hid}fp;5Zc@H`#&K3sEg@58kO zKbUqJP0Zx!eYjfU-iNCb?tQpQaPPx40WV;<({b;^H5d0jTuX58!`0}LO#Yo{za{Q{ zxH{q9hpPnlK3o%U@5416_dZ;6@i5=6iu1#gEI;M2bl#0F&Ey~A$476O51#OB>8+y)=!qNZ!)V+Ma zwu43%^&2*HWO<*Vf%*wCWBeMXiZxnJisGtBDVDb;;IzkWrfWBQerl@~QkqQRvxzqQ7O=@q&k`#%TP zq3F1x(jjH#V;N@m^8JSl8rpS8=aY`@QPh3E@ULM)3`IT zd58Y-kEZKUqZ|5IOU#;S>{mLp->{O>E~R}+N=I}aQaG^i*nwHu{Kp>t#}ISctnF{` zf7`|ylfy4!&BZ|MvVX%LLFP|kZT*IbbgzHbbuCkh);p#C1lQJYyYMI0(Dd5A=+LQM z`Pj0x{t<+Z{DrR3_P-}r2x{9l{T-EbA9U^-Ev*sNJ}k#mo&UV01JVt3{*T{sDz6y$ zzx{UqOTT}fS^Iv2hYkH7**6TnWKdX5^(*b#Fkf~KtA+N1%1cM|34a-J<{L#yfKc(MWwD+J@h0*1I`IiF1W z_Nk>*+yC^(oE7@tzRYxse>T^oyRL2Nm<(qBhNbFX$|n{0-?9lof0j$=_CJ^6Ngi$6 zcF!y^|58G0_K}_0TIZcLdik?F*9cn60)LH`<9EMCKmU2rvPS5i{Xws-*@oC;{rg{2 zXoyW#b$=x`S>^rL*fmzu|1~=EZU5I$XVL!}oUEz;@+c-f{N?dn`vUra^d`!m%{a01 z8q+9y0T5#vzMmt84I8|+?T1Xn@uLQ(BGxuNVpKz(*&73K)`(=l}VuhTIEg+Kl{JFLBtzcw9HP5qVWXyE^LI{ue_*FGIX zPk%BUyO*~wAJy>FpzAS(|DLAdXHe(x>#3x)f1go<%Zo}%2bY$YcJ1D_sB`DeN4D+S zt#8}T;eY4w2eP(J%>VmV*BFtosZmrkYUrThMP=n9io#z;*T0tSTKFLmINPg$P z{@wl0MOwp{WVP3}^DzyW{pGJYy~BKvYAgAJY3L)rDEx9s|48aKr0v?~psYqx^U!~3 zC%<#njM=Ske)hosR#Y@#=%}K8W5zV>sVM3*c<``($rfqDkF|cC`!#Hp7Ikmva894G zBa2FhkLvTM%l@`)3;T>{*uyb+Q0dU}KVQJF8RkBLh6!;%QNv$M_`3U!>R&Xn;fF%Q z?~&}klB~_)hQ8MPl^Lez|7xb$uVKz>7}@Ua8(uSQ{poMhOi0+F)Aj#qaBKY|J79F` zH}n7Vmg6coz45)4A+OQ>&%eNQ|7-avxt4FDU0I(&BmVaz5|#zs4=74~D+m66{8s)S z4SFrpse5_m8~XomDDm3}KTp<@!~db~eBk?s%VPQRG8FkQ6sFwgE)xCY5$>P*d zIkEVRi9_6rU3Kp=Ct7?cPFdQ84k!uywfJnb<2*fquD&OvM%uLDjmG-QiRR=Vj4gEC zKcaf3SF>OrQ)LI%z%EJ|D^Os{Ll}{?9=!+*zq&6SU=FgZ|K4$F16U!%_ME@Z+ z@I~{F2~#H2nJ5C=*eP|vxzsE(WYmqWr!@y-qZ+ksBao`IwM$L7t7;b?DphUPNeJ{C zsy14QnR@=1RD}gg*L21m8k~5>m?d#K7nr8b?L0b9Tc=9rw!)z53urlgYJ90iMutiE z7A7_Zw-RWfXlm)yVrmeyN#hL;EPgnG0w>L(`#Gn1Mbw7d)Ytp1Q)a*$L@ zjG9OmNg85iIcXQ%`octwi7qKP5_6ZQvdOv2llpJNr_E}(u(F|Q%#7kQCY4Vx>yg76 zs_SOWtuAk<<^{+x6KO08hlSKpPp5jV5k~*?IT)|>cU6|%#RPqdhBs8tu5OrHZ5FuG z+I8$Ik}7q=X*6WVeor~8G$*2X`AvVTt31CtxFnlX-Em1{)|`vSPB^WuI2gFg$I~yJ zMVCHwRxnd=nhejJPA868Q_iEwVe#ntGiYc?7-Dc}61&$W!9{62#9(>ax@OGcT%P$d z&y22PPN()2+;pIEwz!l+p_Z7iJQ**tPab3)+K9|Nk}d|#nKV4XCbR^Ln*Wno3nJ^D ztc8V6k~K3D!1HS~H|8OL>Vsw`Q~`7z8(L01D{-?8Rz?3OD$FojO$UQhc}>SXJ^B@zH>7SoO{EPJ(`PkYl=-gI@YwI00n*%-N}W(>0i(QA zx439K$FPRVnN_pu$}6W%t)4x*Bgn?e>B)L*>V_CvKKatex{m0&rQviOUKsOIbv4AC z=f{|nzIHxGgD9RV&?zdqfGCO&;#v)j7{LV$O+vYyIVWsqEjq zQgOSoQ13^swMUoMvyu#Y4WtfHG;^I29^Ko!Fu8F7~%sR@%Q-XiSnDV5DPbal5>E1#I z?4qN``k#H=EEja$b@l`UR2P|qT%`?GU8IU7&fh$ydmYNuF?j)lJbf4&uN|kFUuI+p+o4HK&=I@^qKuUW~FaR*RS*ihbHm=-b!B(8MWPRSm_H3 z?Y{;RE5z*aDIVMPwGkZmf3h}$$hxOC!a{eVHh3YtQ|sW-jZs>8Ox@>mZ_Ls%!vtCt zqMK{sek@vlhHL7IV~w7f;ZSn(3s(MXvu=Olfy05ObHhyfZ5>i&fA!n3Z^mq`3D=IJ zi%By{(jMCk;NT96S)%H~sNwyQF1cLjz9ZW=yWDj@b((`a;aM&GbxD>+)X$k+Lp$T9 zo=>-MhQ_blVs+g`vy6`83avFuPqc?7Vav_Z;?B-IZSDUni`}}@rf#%#BD?KoQJt8T zXWH#J)N@AYXxCZ#+}cTN|=VmMmYXjcitKri|qcZC#j})P{8T zs?DtRD|UztO+8+nHWI}aeZ6ZJW->E)dUgDIR29w;bF!rKWNh`AMu>RpOihjDC6!=~ zMN>6+>Wx}KXOEM%w@@*>1#y8Lql)?)+&C+?yl*;K@;!os>){c!H$7>nrkkCpF#L>3 zR`WLM)bfBXo&#tUqBEfxkIYWgiKEMdCsx8s8?*5!-j#Xpq}vd9A7wbzPwOD66o;o} z_&`TyaX9Nq4PP{+E2noERP)p5bbr}wN^$!NC3-Mzbfniglm|QFD(RUWdXggCj!B(} z?j-Pj%;@5Udb_r|httq+_Ep7(AN`>y+VSP|*aqEv>#8HBZMUS_D-~|UYfDYrM5x#^ zX4lV3znhmup@-3tXt)fYSTWC0n@px^Iy&2%Cs-1koMMkyXAw|5XJ^Fs1831vXxtuO zPH#F1YS=1d7X3Qa=t}9`CsE_gqNpaKsg?DWQ)kedMLISYWf74%%kxI)_`Xba>oOf- zHnoW^JL0g)`g(KMn>xQU2g{-&i&81;{BG7LFg|6Z+I?zc?-bp}UTOrRT;f7+I6;+)!0Z3;G_E@sN&WHK>0U!`6@E3*jrkvgid>j4Ew!LJ}5!fS9 zdUwgR&A%JEOD0|R-6i8uwcRD-!4%ykI8MUu63s^G)FQXC@PN7opRq96H~27=FR#I~ zzvFg#lt625)8Lua7e*7BSq;+T8hA29Q#G3DfJZf=weM(_XQnc=aeq2J(mHcS@Vc0WomCIz0(kE>6g1`_)J8+VVFJr-Oxod>9X&l8IP*%q8SgS z=%T@Ky0VLg2h?@ZjD^X*i-w_md0mwK9bMEtL5mIEdY0q=s?mFuSvP$Dk(G_#f57A& zpyOCw*a@tIsyadk2Tp=!tSipCGjtr9mc!&He!F#&X2*a#1zlEJ50Opn?0XWkSlJq6 zF3imy(FIsi&)@S0vOEk2}h1L{J$Be(ygSN#)&*_@G zo>9>MmrwFlX&&RFLcmolaa}0bSk>|9hxLS8m@TunDk`;gr7Tocmb<%X7FBHC;AB1e zU_FBp26CbmNP_ftOC-vw=$075Y?#edTrJjuqj^Fi!(=t9#qmrJNOb+_D0n|CwS(A_ zRxq2-dT~5cA=GoQj0a183JQywVBm>u;f+?mO&}Q-$AkZzd~rM|R>!Ru_u3l{D;ZOf z{R}P)B~w%G*6S{=nGBEKhzk+HD}tr=+YQ|%;{!8UcbAMuRnFQnW<+zZF?<5Yf1Vb* zi#b4s?h^dxWsOoQmwbOBl+R*In2jo7-7urqMGqg%^KsnuSitc*B<#d7`^y z;CyJd=w>(}(&R^mQ+K(Y$DooO&mBI&UeXL(v#IBrC#}ZPzPaE{TxMf4eAEiSo{|+P`00Nnf{P9xw~GJk#c9^F~~_&)JLzSzZQ3j~LMcl-&-fQru@1vlO_`6lFb5 zbd^6gW(@a?8C@mLV*Kc=ny&WESTZ8fSkhS;wL%pl+e3y=Lj>OslfE(4Ze-$?yI>78t7UL& z;Zyp`4{H6ilfIVTG+a*KTN-?|DQyReZQ-O@jCODFK=Y7W$F3x>$5(sAa0#&s9^r^K z)q@?+^tci~hL!n=PP)=bEsGS>?nE?k0T(%$4{9FUsG+Zi33^JrLF=x?tbKZMi(@+?X!C$1t${Dp>q>M+RfTWApVpAGEPFiVF1E(7qeL;_SumqzddN$iB zI~n9JgD_K*=!su5BjhJqiJ@CFbO92-a21c0;le$`a-tKg`TnB}>5VSj%|pb_CAKpL zrn*P!0p9ekKo89YuUd&U-w5Ox-to0>>Ed^d4-R6Curf|O3RJJv~d2q5vx7d zjivF9PUm)$_C3FDSNep;L{$fC{k-haIzMU>ieA|t+~^K=`32AU2k$JVildxl^XmSn zV4nUMb|Z6=3C{iTWi%<;Azc%xboh?D{+&*SqzJd7bo%hPZ)Hw)tia%tTnJS{^_`}x>SxdM6sq!E*RjzNCRbM%s7OkS$GN0tFm7a->)fdnd+B}dP zpGQ+JhVkNB#}`6}?_()SExJvh?fCAKc>4J_ePQS98PjJ*FB^zYIH7oHHXE|3>hrtZzi{9t;jv z{=@ejP*Q2RHmI8!{GIBiHYU*jN=>bp1!VW@D(FQJ^t1|i5k#s#(6VgWuLQ4(Fc-k! zH!f_btRG{(tjmaKn(JOCQ-pM(ZM{*#d<`sqrG#7QL+WSIGlLW;e@i@B1{S9NZdUOG z_rY|1@8xBPAfvHwN6P97pK2)meH2mUW^*)i+RMCTkj+s|E1FtUJ@x$5%L2@U&atZ# z?MN8Rhg0tih>zBIn5P#n4J@=Cb~huv`@lOqKM>fl3QTP;!Sh;s4W+ZqeXy@l_tJ;;#J`ZbaTN;Ass-TN(N8l z(r>tPtiVnunD_(P^eQk=ij2qka!cW^pSojbmdVMm(yN#!2bCPGpU^7c;Izk-GhDox zMj?lt@mW?yon|~vx7TS#d-ipj@vz-kr-7Hh(w)}i;uqwmPSfx4M$gWs{?<$vss8YA z9Np-SD09IPp1RBvx90p+Tn9*cVu?mZ`X21mW4Tq~6r|ETo?BW&!&%37iw0XDsL5(Z zm|#7j3r3iX$LaRgn9-hnYs`4qZfuQ#*Vh`w5vF5BtMm2hKUR0wtv`aS>(_ti?yKVt zw_DF(Iz|&%dUx1N+ACVlR}Ev#Lyc2P%}e|`E@fx}7hOBio4rzB3Yg&$O#PPvW;oc; zsu|PxYiG+FFRHIDrZcAbNB5mApFQ;w$rSje`TzX0q)d{TKmy_|Y#?eMDVskL(}YlFu^s5_R@RRL{6 z3bq1wXGM%imCLle=nEmt;}3MbW_CekSm5tmvoo8Q=!LYkbl-+v`?|5WlRKkhH-6~rPbitrjU#6q?yNI> zQlVoAqn0C#$(=Q&-<@*5E{2A&j@Hphl^LteZgRT6o<3GvyZ3{)sixLkg9$>`ttHx7 zpYnEc-0o!Y={}$}h8MXFs9Q1}AJ6S)CNhubsg);dt9xftkYPhCeU)nTY=tv?XDKyj z5HmNRdD5mKu zAk0QcJNaf#9lr<^ci#t39`HjM;7fbJp~S0Mrx^aA#3S+TX5qrvDP7v0cawQ>i@sYJ zB0Dy2PZ=BT)=%F&7a!jzWPEi2-Fg%TXpfvX{6o8`(pcl6D+*c+uyStg=|Vv4_Y*X9 zYlFNcO4dxmjrta5?bsFCDDTBL3_liNR91IzYM#RDu&5p+7!*7%Vs@UJP%^$>3|x%6 zRY^xPeYvdbg8*BT^@!Aj^SZ|#KE{x4 z_Y4P4U!>Lz)2HQ|mqVO!qMHqTM1ULd_Pk z)6gC=&vsk)k=7sDsTEH8vOUWW{VBjh+`Mubk6l6(uN0_<(ElG{6{|p_(@d)7O#)8wg`I?Van6 z0W;di?OuE z3Z6iRNEJm-tCpup%MqI|FsJ12su-KM3t6#A7f{FR9R4zH z8|+La1qbf_O3EDn|6C=7yCpLZf6jf4fyJrIi1fXZsl^ntvH}-V(${Rf2TJXHbQhdx zL69HHr{%C<1%Q_Iqveb&UeRk7hiNzoUaFZs`K57@E_TTuye77sR&(fY^y^HttYU5) zn+<;9gK#5)SIyGZZo1Cw8tK@kl8q?ZMi_j#SoF+!F?im*V^>q%j4VnO>=x*V)%x-i z`X;qt+2>OZWEXEcZc}WYeY)?%5|fT@Cf@ zEJe}I8IncYL&9EuQt(n&PcQGRG}?@&?(tcQ&0uNv+*l)(^^HSW^!`)JCyrJ1{%#3e zI}&6WMATO7n?q*TP_%zZJt|}wN9J18ju71vM0~Ue`)u0M^FZ{CG3krZ#bfCW81l07 z5OLW#eUW-xo!M$3%zc8VC}_E~V^}rk3TZPD-Q1viEg61yV6h}}ca%80FVdBnXIR$0 z5AZ@;C;H5X;ss-2+UG1pTRT=vB4{g+FK^+#nDCdK4nk>;A3of1LP5=-_icH%D5U4C zusE`fnUc6XDdB_~WVCMiq|2zD>)aa6xJPJUaqRcq`$OR!yGe8EYw2s!>0J+Wevz(g(r}SHGv3@zLyyNUMw3eYw;ol++DHN0I4% zBAxoA`-!Oyp5_r7=aAv6UK2k&V}|oHVmFRWg5i|jk#X5Npv|g+jEIXNVcjgy|6cdGspPNiKe9q&(RtekEc=;+j~OU(-?&5Bd{Xh6YxH^HQBl%aRG(9z5U%9(Rn zD-}*3tx3;f+Is~v3<`v0IVjXv&mx6`LKjw-*-+D+)kQ~ltIM4lrB4cCXY^>v)ogT3 zHd$5d`Lw2e?mjGYI!&7?INM7yZ*P$Xth706TA-PammyG!)7`9;`HC?xb>$T!Mc{6- zNuQPR38&C(wHa7GBn%*n%FMi5MW6G`$Lq?RhZ|SA@G4!KbKW@vZ(7iq2)x)X*t%3q zFLmPo7L3}wlZJ;38i2Lk#7@4eEGJD%fpVea|OSzlti=iMdhcAxpBU0LKj^M;SE%z3z1<4epr zZx#VLm#+xvtg72CVQ!E)SCMor+i@LE2TZ$?RSSZZx8TCoy#TjgeUjZ_!&SBD5;VgV zuln#|TC%)K&d%m8x1|<;%_WunjTY*|2US4J;PEFD&Eq{CyKTw`X0bEH9NesaB-w9c zBDWSvvnvQ#O3lnXnT?f-mL=t;fUaa%8wOVSHx6)VM zJU8U&5+%5a?JnOrYh8CeX$KSSs?l{X~HL448o|>q`g!V=goki(ufo9F57Z1#t zN_Ra?^_eZG?r7^79UctHXOgjp6s?Id7>8lj6UR6x@4F-QfyuRmMX~{xSfXo=hyCGRM3>z8t28 zx&gl3*EZno->c!96~^C(fV?HDvI zH?N1|+b-djYZ{!)x-*M=)`4^qPx?@O6vvs~6q6cDmB{b2f9;|;W^B;Nws4H`y3g0?t_vAfg z>U_?FDvWL-DBFHEx$p3GdHy>N{eRZ>qr`Q-9{8?C^o!QOXhJuydOi2C3(9K5pB+cn-^W)-c#Xsf6m3bFLY5s7bB@v^I22QtDf3O zkE+t&>u$XSE9dlreO@^?3$vwWUwG^RHrd$8wLQ8cVC=yIQE7IuFD9PFI~61z&|0^m zCK;^KWxkH+Shb=H1^HWF)XPI=*LZ4qDA+Y_EfG--&`p?Wm9?|0gDNVz)i|9X z{JL_xj1wE{W&{rdB)-NE?&Mf0#aH+48c4@75!t}-mwBm(uB6l7zV99(b$Q@k+S5!- z-lIjC9UQ!LdP?Qg^DnGysG^ktXK5fKPcvUn+@>Y+*I$_Z(!pE&ro^X)33C`NZWWtH z6gpNKGHj%Gi-T@@%c~nPI(@N&a$^NS$<$nQhszMbYuh}hgUsFDI*#1!J@*EvGoMbE z{o#I0dTNK7XnD8{WVLfm;lj(<&KJ%)PNxeO919gL9AE0p_jHEeZe_+ETAX%Q<4tdg zHn`8CCELni(>ndK^i}8P!cdd7@Cvi@S+kDQ>8u6ELRnK5&boB#bOGICb+(Wl$LoTE z^0iW@3uzyxvjq%~)dhvKE_pg#K=)XkEo8^>x}czZebMPc+Q;c^0mEZ;Md8Bfb>|Cb z9jDWU3yzgmID48#qm6n}Dc*CWXN(G`&1x_cp0uZnQWMMg86h?kp!0*f<6SsExM(n= zqV;Eb794Dwr`Tw+8%)aT%tCOEttR$8-E{Lg{GRU4wy^Z?x#rv2rBkVGj7WPp)!9Q9D=KbG>2H4?7|u3a zHr|>z31J%!x2|2-P+1?J+S43|CVF%Y9B;^j(k40`ZBQG;>6u!N+W@oN@aJ5xShrE* zPtHhAm)q~<}(SmGI$j)N{naV`es@!`asGJ?;2FW5n#t3ZkRqOcZ~my0&tFT?YE) z)bUcOiytTTpEB}MJ^>&7r%b$+>i7|?|Cs3*;gvfjE`Eg6f6By1l@rIK|B{JLRa+cS z{U^hluX8A`Y-p&wD5~P>DRZXNw>(Unl{26!_;clyDGk-p78?F5dK`Ru_3SjHVdnJO z8M7PH|FV|8L@hcFZ8VGiX#To9`1kZ~7byoB=auHC7Ke_4Kojp4~_*WgJR%P5HEj$~tmRZ|KTZ8rD$2hU`0rHs z+W>!;f^P@>-3ops;Fl=))qwwnf?o^xdldY7z~8IjHv;}X1-}{a_bd3VfPX;2=WG`q z!0vw!D)?N$FIDh)fd8d}&ja-)`1rkE5&y2t+vDF~ z6?{JMzpda40RN7H?+5sI6?`Em|3(Er68JYM_|bs>hk_pm_zx8PBvAej6?_HY|Eb_> zLHr*p_(tI0qTrhW|1Sl<5b&QU_(g#Kw}M{`_^k?lDd0a<@XG=JnSx&l`2Q&QHGtoy z;MW8GzY2a6;LlTx-&>it=TF=3nEd)XXNUOszk`C$1$++$p9lD_DENHl?eow1iv0Cu z-k$%}D)=JcuT$`&LHWO`DE~OX=PCF}fZt8QPX^`RUBTBdZ_nTMQ1DH_-$%jE2mDM$ z{k1S}_rHA={zZV_PrH z*DLs~fX`9H--BG{V~>A_D)>CWAF1H?W8QB6{S|y)z#paH`vd-H1wVv&d;GtE{*M1T z^;25EE&={Q3V$i{cKtOd{F4DcTfv)aO}G6tDtPm|E==H+_=+2|m$JY5W@p_{$W08T0n}<2ptDDuDl5`nxFZ z=%*BaE#R+L_?r-~@Xu%7F8}3<{4E6j!HW170sabwe=*?aD|mCS$9(Mb-<1k}IrDb@ z?p2h31>o;i@T&lSpMqZl`1=+7I>2A0$lnI$?fidF!EXlq0tIi@THN}7SW*65`dyd* zzQS*=6dpG6CEP>L_ekR$IO+@$Ikx`6#gQ>FI4cO0slhe^CklQM;LV(v{s}(OPpSPa2K@C3ekt?z_YLr@S8yS=hNTOArjU97T~{G;m_GA^w{Iq zPZj*GfWJk-=L7y$1>YC&w<-8S!2e9aj|6BxOx7+VN3VuG|_f_yMfH!lpq~*T_@CPXTO8{S>;FmFPx4(lF z{Bq!bPf`Arfd9LKUjyPlL=pcwz?(58Y5i?r-fn+~D)`NSKTN@I1N{4n{N-}R+wu2P z`1=60e^>ruL1l)it;xC zezC&e4EQ@0{6fIrrQjC<-dvN>ArhT`7X$uog?}mFmnitzU^tIcERrJqms!@ZYQ8w*cPU6QF+*)qf7fYd-e)X|Ac0^1Cu`m;X!!-v{_7DEI=v z->)cte-Qrz3VsOiKd9hG0e-219|!p9iu{!U{+9}W72szm{PlpZR`BxxU$5X70R936 ze;wc(6nrc5cK?~F;FkdZECs&|@DC~Kza8)wD*UTJ`R6G3HNZbt!LJAW!;1260{kTk z|5m_Xs^EL<5+A?KnjjS+_(VUY^|w60FH@9%Kfpht;QImoR|c=g+|#Fj64ie_;D4>)=K=mP1;2oKd;GgWk-rw;zfr;80{k~A_{G3~ zyMkW|_{SCbTMqc!6#kW<{H+RpHQ;});Maoqmn+J@0r2LY0v#ez``--Wzf-|)1^itK zKBs3Gr``USDEM6F?fLsJ6nr1Re@CU7Iyx8OS zGYWoJ2JQM=q2T*4Z|`6HjiUVhfd5&AzmR$U5v-rRq~J#a|BDKKH1I#ID1Ry7pHc9W z0dMxy(m#pjFExOFSyBE*z`vs4o0+%U->V9K0pM3F_!bcV>k9rB;QzgXUkv=uD(Y`3 z@IR;E+kpRh1-}CD>lEc*4fvG`|2n|Gpx`$G{!K;vTL5qN#83!{`d?13@b~QY|5pW{ z3;4Gbd>->$j9~oyyMo^j_%|x}zQF&YqW%g2|B`|q3HVhCz69|9P?UcX;6G6C70lc1 z=R*Zw1NhAfz8=K?Zv{UO_&-tb^MU_mMg6q^-s~x$LnP|Iw*dY>iujiR{uM?1%K-nX zf^P@>e--hs0{rI+el7EM`~5<}uLr!@)0edVHiGzfQt(@Ve@6ws4ft0p>Myr<*iP;7 z`?m_d58z)@@CAV1MN$6#fbXf`iCcy8f;F|&edqw;U0ROszZvp(_iue}+{tpU&E8ve(_?Iwmk00il zO8O_!`EMEE|ES>G0Y5+y|0=*Aqu|#vZ;u~^3VuEF_WH*git=v({(%brHc+Z3cd%w_{OgPa}<0Y z^Y-{PS;6N6|F;!(S{z)`{Dq-Hv-`fhl6!@zZ@lOVR^Gs9H z_^W__hJvpL{CNs~9*F;Z1wSA7YZZJ8;Oi9pEg=3`3Vt!*%`;_5>+e1g{{;%Z4e+xS z{0hJ~DEQTYZ&dK>n78}i90k7t_%BrOn*l#p!EXcnJBslmm%miP9{(>=`1=6`71z*IxUH_LT_)&mwR`4Z&zf8fG0{(IZU&g#$|5qsZD&W6T!Pf%+Mn(H+ z0{q_<{CvQ_r{G%v|Gt911@J#meKukaTD{ssl#AMiIS_#(iY zce>F(iRSO40e`c?Ukdo2D)`BOzeT~XkZH}6zPTK;z6|432)s{sG8f?o^xEed`E;QyuI zHv|5ciu`Q@{89ya~{#Hf#R|5af75p0DzeB;V1OAs4<=+VSe=G98 z1@Nya{5gE%&mO;ir{H%5{2vs2KH#@1%HJ38pDOr5!2d-N|46{Uso+Zhzh1#l0{mx+ z@>c-X7Qp{Q;lBm&A1L@Gfd5dzF9ZC473FUS z{O1aO72yA^h<`2Mw<`Dzfd5p%ZwCAqit=w`o=zFT=RSI$!WRmEk3B=q=KrhUcLn_C z3ce5X_V~Y@;`~emVlz$Q6dnowDfImPH|5CsosNk0a{tyMf67XM9lz$E2cU17} z0e_?-{!M^CO2Kah{4ol?$6n$1Yma|BDaxM*_*@0QAK-UZ@cjV4i-I4*Jf$r7nDbXp z1wRt_k5%Nq1n^&1@RLCN=AC#+$N$N|f1HA^0sfH+z8?6GSMc)ye}aNv0QkQt`0D^a zO2M}R{zL_TAK*_?@NLW!l4}3ED%yWL@SmdauLAt33Vtn!f0Ke=5By^k{3hTpQSe)U zf2@Mf`C3?S_V|68g5Q;SLQ?fVPQmv9{$7gqQvmpXD*XKcKVHEX0seFaKN|37DELyq zn|Jyq9=`#9rh=~ld~ZelH8M}iRQvgc!aoo2WeR>ii2ob~-van=D)?If|5Zi)mH^&- zCt1?^Uk3Qy6ns1LROD3sO;MD8CGhXA@UH>>DusU?;Hwq<1`z*r1-}{a(-izR5Pyw= z?~xzY8zHIso1x%$1^jsmz7O;E`R9BEUjY1d3cerk@1baaLx8_t;U5Y7eH8u@!0)Nx zCjovh1z!R9uPOLiz~?LYCcy8l;O8?>RhDZ1`zZK@fd7u7{;vb^&r|TNfd8(7zYp-2 zD)=@~{$>T=4*ZuX_*H&j4=en+`-J_*9>4o4{CxobD}}!R z@Q*6^{(wJJ5q}Zj4^!}?0dKz3CTagI1^g2Velp+>SHxcfc=Mg$N#kz>{L_l~n*slf zf?o*uBNXv30{oE*elg%zD&k)X_!kuXa=;&@h<_#E`z!c0fPY01|9Zf`s^B*P{%A$~ zTLC{n!S~oVK7N|-luFuv@&NyP1-~EQk5R==e^XKZae#kI!IuGk zgMzOD{M!n?o_RuokGcQ*j)HFj{@HYlr0s7$;NMmFTR{9975pOLe_z2b2K)yKektHT zQt-1OG*e`d%@PicNPwswU z-btCt|6m252l)Re;?D>CHU(e6ygh#(qKLmg;D;*sA`t&D1wRV-hb#DTfG<+;Wq=={ z;HyCScT)7fTEOQj_(l-_E(*RG@H;E`g@8X+k-tTN|GI)-4ET`>ektIOQ}D|Hf4qWU z$-F)OoS@)W1OL8?`dbJ5`ziPhz<;BH-wgQu75p~9AE4lK_YcQ?d;C05!S`X_uD=2W zzaQ`)q~QAj|7{As5cscDoPS0Few3p9mH_@l1wRS!Cn@*}z@Mz(YXN_xBL7W*KT5&R z2mCP#zJ+w*mi91>X+*!xj80z~8Lse``Vf z4=DWWf&W&8e-rQ*Dg0Z2e}sb1IUqiM7c1KDu7E#Q;m-&BDGGmIz#pgZ7Xtox1wRt- zrz+wv0ep#qp9J{Piufx4U##G30Y63&e-q$K6#n^uAFJ@U0RA+E{}#ZHQ}9awf0`ox zWq=>2;M)OzrXv1TfS;h?*8+aLBK{44KV89Z2K+Y^@oxjX`A+zx=g-^&JVJ*^2R}0{Fk7;A?@uOu;t-|2GwUGvLor@CyO|Ed{>_l>cf) z{j~!A2MT@(h<~yo{$+swwt{a5{J9E#72vN^lz%PYZ&2_X0KZ7VZwCBL3Vs{lZ&vWR z2jv7Gd;I>Xg6{+PTNHc&;BQs%{Q+ODXg@{F+vmRu1wRV#l?uKD#DBM<{F8uxiGrUD z{8JS1*8qN)!rutuzhA-61N>42KOe+DRZ;#H;IC5fivYh&5q~R){}Ba$AKe%0FGfuLAtzit?`k@h?~K>j7V*h<_8{pHld@0)B?V-{atL{I|!y^A!B9fPY32 ze;?-U^Un$eUjX>?74i26e64~n0_Cq$@S_0#qN4mIApVyW{3O87RK#Ba_*n|R7L>nU z!8Zc_w~F%51M$D6;1>Y?0!94S0lq=Ow}SG|R`5#zzgAKHr6B%4D){AqZ&bv;67X{r z{2EaHxe9(A;NMh~e*=hry@KBi_zM;BZv%Xjg3mo9e*U;f!RG<~9Yy)`nYYg$?<)Ad zfWKG~e<9#EDf}Y=|AB%pVctG}f2iO~0skFE`O853^Avm);QynDzaGTDO~E$-|9=(y zeBeKBm*n@q76Sk03jZR&AFuE)2K2iKFr(ak3AK90q|e0 zh`%4;_g44|0e^+UUj+F13Vsye4^+fo0{ANx{!+kSrQpi|f2bn<3c!C);jaPw0tH_W z_@fl@Hv#_p3V$=;uU7C206$O>e+%G$pztpO{6Yoa3i#oQ_?H0whYJ5v=I!xoq{6=( z_)k#qD}aBLf?o~zlN9_qz;CDEH-hp{R`8pF|0@c98}N@&@I4NVpFhu5@Vhc^x1Vn) z_(ZJuV;Ku>~90gwn{Ff>C3gEwL$K?ID7Wgk$_#1)$X3&2NsF`m^|D({- zKF!Sc9F_LhIoqfIYmRx$zX$zql=JuXe+yfFKVHW$@6Wh$hn$?KKlAGibBxCL=|81? zelRWVUsL~Le%Jo=r++cWbomzM^Xy;d-?jg0ApJ{Fey3m&&tD^&LR|j|0)IREd#1?n z4=z7N;O}RiAEQkj#pPQB{srcbO_AXrT>c02*FpU`r`V9t0!)66W3fImOKB z%l!7ve`sUgl+FGam;EUf{L7h-`boq%nw%zqU&H)S5y(GX|8>l}$IYn;ft{TK6gbDb zMey%j8~&o(|6Kob0>2OQdpkZi&fgG^+E3n2Vf&5pXWGw=p#8ip_=m9H&7bREFZlbh z-|jy*0sj|*zk>Z=^^|{q3WyF7>wonL`H=$OoRI&Pz_%piFBbULg#1kczceBLn83Fu zV*7OfnT4H-;df9s{hRi`B4I&Qx`ToU;CRb@OcUOYX!c5dHx#LR4<@(rG452 zen>+9TLM3td47#i%IW(5OgtKY%E0*Z3;JDm{wf7^96q^`X1G^a=Hr=I=2J^4FY;4fkR2oK+nuPH`34Wp3bx6gl% zfcVWb$teCM3H{MC{jR?P_#XxS8G`>c_WREN(Vk@2-va!<27Yr-3zh$K_K)!7Ke{LC z`rCp3ao{&=I>=u%D-`?2|EC1Lg!$f{`2QyGXEV=_L8p%5G_#z)5Kmnw$1VS6F2CJ> zo&x3Hc}HCSM)tecf3E*%fxn9RL8-{YKe&89;!*s$JIDL~(;)t{1%Dg+c^FMa;rh=M z`~~c{$IlhOZ`L$S`*Fw5L+eAOZ~S~-h<_OK<5Q7`e{kb}T8MuU$8TRhJ`du5U+`bS zezQJce@t2J&pU#DJ^Ks!m(BU-1>hgC6K;RY*gw^l(VyM&4Se!1%Ey8zYP5I1^+zuf0g5pez@g-P~aCb?`!|}2=T85@vjE)zb^PcOBnyZ z1b&x>u*AOcb1#}uqVYSQd0+m_cVZ&GAM?KaMc--aj=zOH5 z@V5j1I^aJ-@RzaQ*M7}AK~VhDm_OPRfAmfixBYGA`0exmn;`xLg8#aN{ws(_^_RPA z*#2$*UxD8|lZMLwbVC1wg1-Rx{|5YKPdxH(PU!!W;4cFHw}F3Gx~GBs2Q-Ei@2mfv z_@0Pc|E0kHF7Ou#{&5NYg9U#L@c$k7rwRUx6Z)fj`fmA~f&YEr|FPg-lF+|UDE}hh z{|E3tDfnMc=>N6gUkdym0{@4CzsHS0UmzakzhAF# z{I}2FpMv~_WRm@y}-|B-q-$H1peBD{>KIWcIHp=)Zed&NA2P!f2g`J1oI*>|1`gA zf6ijwy?@=v{CNA9>CbNbrNpEBHF5m*_-pQ^y7{|E@ITFd-}uug_}kfUk3T(u|0jZf z6Z?JbzfIt`G4E^tYXyE6u6Un+2NIz9<37wEXP2JcZcl?;fygPmzmN5QG;*GFuzwC z9k0Ku1pYn2@AjV;1^yG}_xAXoB_6e(dXT@vLH_;6DcV^Y_5{-;&V32l1%<8-afy@HYtlyi3FUkFe^_{L!uFI>Dc_TR48&=ikA= zf34sjo6!G5!CwOWLxKMx!9SntciaEI z#G~@(?jCRdX0MZb{dK(HKczWT`ug7p!CwmeCj$Ru!Qae&U;F=t;9takyZxUG{1*%U z`x5%+2>zA8Ukv=O2>!L~ch7%r{l6gix3b^vf2RWfVKl)(^VjV!3+vzKKZtlbY^?v~ z?Gc~9jsgA)1b=__``TZv;P1zNd;C8Q_!kNOY3%p4zn=*HdiLAxZ#?inCHSvp|FEzc zQvdJP|6_u`75L8p{u953>wjfJ|48ELu(A4I4g6;U|9yi0bN2hLpY9g?Ic8yuK6d+` z2>d?lcmBUX@RtDpH-Z0`g8x$XA7m$={%q>X{%jEVR_0H!f0_Qgz4PyH3h`Hf_$Pz- z^QnSR`+0}`r#U`1{ym6C_1DCHd;B^V_)if0gRTh0BOJe5{$mAyJ1Bnz@Xr$bwd_CA z<9|@#Z(x2O4}Xsk|5_0LR1p8Cf`2LdeeHjX;NJ}V)xbZF3W(azD)#%=kc6=2->z`r+S#{{i+-@%TRy{B7)SV&1f$2H+n_4~U}r&$}uFf93HHCmxl*@M~fD z+bw@1@PAM6Kga%SJpRiC|7P}ASpK=d|DfQX^t}+Q^7!u&{H6I}`E7p_@c&!zx3T|h z$M3fPj|Bfx;J+C7C(!paqWbT>AX)jx6HkYYjh}gY$ICwt_-_{c4eTG_l;0h{t{43E z?5F8T@GS@L!u($$_%{Oo<-osM@Spwt zu;9M@za;oe_6h6X&i{PiFFO$De?I$t`JYHU%6|p>E4cnl{a*$APYV9m*-yi3+Q)5w zzZU%Mp!^Gf|8>Ft5&JJlv&YY0zZLvz*>8{kR|Egf1vvjzSBK&%kG}`;bl6z`FWooZ z{}%%PnZ%?1x03z7_BT%OFJ-^o{;mQ3KMMX&*zaq9YXtvFQ2rL+KlUJ8{*oW$1Rvl0 ze~!R6FuzN9nAHE9T-%?Q1b!a#v^kf{Ud?+lO-|hPt7i85+Rt|c|7P|_9^-EX{@g>c{{i;<+RqNe(_v%f&pjZ_ ze+8G<_-_aPnSwv(nh>mFKKkM2e}>?%0sh6n|Cr#fV!to{j|l#i?6>oO7x14#3#6$2 zuVue4|0fbphmGZbJt)6qWE zz_9(;`MVdyUnBSju>XiOdwl$#D)`HQ|9;?a7yM=H@9ps)*AM4!8uJAn{&9i7iutd5 z_+Jr^@?Q_i|4UH*V<^F>{(mF*&F|WuBZ)`;1?;!iza9quRf2yT`@dt$=+CbIdBNYt z{wC(l`1J_z|9~b)sQgWQ;_L^_PmF)M8ANL6SriA&slX#TB3K0Kt5dWV2as0dgI82)_e|f|se-rRO3H%oc{*mnW zjUU?|jpHB7d_h|6$H%{g0)HO!(>(n5h)3mb;qn(UZ~D*Ep!~ZG!11qUzdL@p{r4-x zBY!*auK@ms1%J zpY4AQ_~#4$RqUtkmG*J{mkRy`?6>ESYk+^(LAd;%v429EJzoDi5s%8>3d;XF@HYtl zao2@n-}qN2_;U^k^IyX8oBCf1{4War1?;c#l>b@5U&8(h%l`)O?>-pke-rzC_1}wl zI&7@{En&Z1|LcJNX2HMD^IR5B|+y1T>{OzFpe*ylSA-Mdt?DyS&`H$c)=o{~U z>w*6q!T&V-Pmc=DKi%@5MLf!XGyCoK_ZINqCHV7h2!%fX&jtTV;NJlJ{}lY^vi}07 z{ON$}?#8s@)+dDH*i0sgT=as9u_e&6_COgzeeEBh-f|3=`yL-6;zF$C%IHtplq z|80Ul=diH+bb1Otru^>#f3IP<{H5&gnP!iVzuy%2$;^-U@RNu~`6~qR{{zJTnBc#M z{i8kpM+AQb`|bYoA@KJZj`Q~c`}c7gtXqFyB_5T33H#S_{HFfQy8?6h-=lGLmf+95 zDg4FWPWhd1a@Gs{Ud+?!J?-Ph|0f~-=ELLdZwrXOxCrO3g#EtuKZ%p3m~ zz~3hLFJZs0|2!=CTi9=p-`jm9-v5uF393o4d;el7`zLYy(GNHOeThfqZ)bm#RsJ1- z|02QP1*UvnA-f6%X9KT(Edw}>S9gpkp6ZY@x@t;9Fs=q}?hxKRYZ%^RA zQSk5nvrxQ`$A7KhUkdzR1O9b_zkfpi9|ZqO;NKhg4?h9t{}lGqTkMh5s z{r351U*NA3{1>yIF3-|FuD?d`=M9M0|Ng+=F8Ci{KiytU`?&tc1%E%_KM?qHN8$Xh zVgD&<_IUr>fq0bvQS7(pUk3qync&~2H5B{W|3tyR0F?g_;J;b$4`IKr|6ecoTY>*j z;9n>BOWA*DPWs2K|346q^4|vhhXeniC*t~_%l?{leU9rdARhTwv%i9QbN)X9_+J$K ze__8b|IZ5k!eiq7?zo8)h8o@u0{j@xm_Hq4F1%D0j4+s9= z2>yrIPnWl8AJ@NJ@HeyHKL3sY{+^?8{x`ATZGW!+TLS-?z`O157J<*bBP{l)w9?1V ze>W1}gMMd}6WCHv{^LOTw+Q|c_WR}^9}52Uz<&bpk1EFbpT~aR`S*JQe*^Qr@%uG_ ze<&e;AWcwAox1A>uP{H(Q-AvqkLoXPVAy}{`O9dKzY7HaK8r)~Sss6_;4fo;1@mV7 zHsAH(ogNr|6_rF zqTqj<{qFeT_WvIW{KpCT=LLTIJHx~e@Z|q1)WA^w3Yqtf|2f2?{N)ddpMTB(`8!td zPh-EEKezsx1iq1Z-}T#UA^t)T{{#^K1A>1E`w#Qv{}+P41o$Tb{|kcu751<6_*V%2 z3idBy-t@n-fj@r?Za+8N6@p_OzuW%zARe`!+`(b{vCrRSz+WTy*Ry}LBXrx(RKZ`w z{sQJr`Og9V#{_?0PTc-Z`Cb1bg1>A?y#GuF{`G?YB=-BxpMMhk^}v5F@DHL2M&rli zg#M$6NAU%`KSLjSh~{uSnZ?XOITzk=hB+L<|j%m(q_CHOb8-&g-To{sbX z3G=i(p7wFaukDCO`ELUGp9|tYPw)@9C)E1JuWG@+1mv#?`2QmK&q?V2qu_4`{)>VC zm@{zxo7wMcKSvUe^1l}N=K=p^g8$}({&|9bGw@#m{I3fBW$f>r*80L+*?+ZXDbC;1 z%=^ZV(*^#6gykPYJj#FWuwFr!cK#mBNkx zLBU_c{uV2LR|9`9+F*<3FN5w2L0|cEiAUw%3d+9__%9RuWeNTB1b^P}c>BKw_+JzJ zm$2VA{=F>t`vHFo@b{gF^S>ye|3KnV{zn1-wZPvX_#a}wum86Rd^__;rCM(I2exoD8SI_a=5J|7+~`wcjTMem(QP{`;B0@A^R4e|-7>mr(wkqF%uP z?D@-`p!}zP1LyxR_WR0zufPvs-q(NcA|BOWKF4qO-z6aaJ<4$W4eTEnrZM&ZrmfkZ z-ozt+3Gm+o{FQ=#G5h~!%jnPU_&r(hH?e;+^Je~bAMmdc{0kloLErfGs^G5~5pO>a z0Ds9hasD4j=s%fwl>cVnUkdy;3H~+g_w}Fa1pgx7e+c;B7yKV2^uHtcmjeGX;2&`g z&VTOGu>O7h_fmo1i+SJp)h6&KG4IR&!^ETdUkS?J2FkzPw{ZCcWI&VN7l`}*&Efgi@aumAo=;HM-k z|8n9{{nvx?KM%^^`&?Z9c?rwkAn;c+@9V#H#H08ZaQt@veG$a}d%?ew{rhwOkAAr4 z{|V)|{BI{L|J4G&h56kgG5>V^Ju0w&$A?0|7k{(B_f5#}T#5ZBG4G52M*=@7q5o@B zu>S()ef_UY;G3EEjo%ZANA0f-^q)1L{jC!GcO~>cFZfpj|LefN|5Tj6RqXeTpZUb2 z@^1wGwZK11@V}GLf1cpa`Fi~P`3CSmA^3A14*QR<{p42R{Pkx3i109}|KC3Kr|=Iu z5RdYg&+*&i*PlWBhYS89_WRBs2MhiZ;C~bNPZa!B3H=ufd<*lw_BTg}zX{a;TOj^t z1phtk_tpO))wurKnD?E(4j{e0Ffq&dIod1*9?`uD&5|8q~8Tj7^{@Voqi=IL{*MHI0sDRRKcNQK{{ZHFyMv<{O@)iF8^l< z{ksy6{QZs#$1mHTvtxYyeyZRv{Z$yaul?RG@aHnWFPA_1;pXpFA^rs%e?EgIe>;Hq z|1S71X8(Xl%s*ZKx6jA93P)Q^ak<2B=~>C{y~o4t-t34e?IW%0snC`arvKS|6<4Q)?X3vsQiWOZ(-i_ z-`#=#A;CYbEd+hz$Nhr89hAQh@PB0%F8}51AK)qfl>)z%dEfZaOgzfpS`h!&K>VKz z{&(2l+Y|pK^|<_7nD>nz7ZH!*-wfj42gJWg@E`E&FmT`a@vh*{Jt6FWgAxO(xX&-m| z+?ROd-^%_9rcL`j9QYdr{|D?ZO0&oBpU)EfWuxN#=Lq0`Uhp6GcqsN=e?2Yu7qH)M z|3?A;-g9vNN3q}6{w@;u)0scQ$)DSP8;M8t*9zhv0OEf}@Her4h~szL&y#|`4b)#D z@b5Jj=kGrDpYHMRMm#G2M)sF5Z`$u5;4c^apRs?8$A6CCFFY}9zqWq}@ZTr+M=uY> z13dn_1%DI!?e;qi_&*W+4eUR_@w@HspMt*y_=|wQ_(EL&EeZXjh)4Cm1o)2y{vQhd z2iWiHzb^><@`U^zO}P9oCgi^*@M{zD&kFoI%=^}V+KET`ZwKvv6v+R67vb{veIjgl zzWg@`{2=DfcG|Bye$^3=;?F%P?7tPvoAKjh5dTYpe*yb_^RMRwe+~QdEq^ia_qZ76 zZ#nyEc`WVYmj4UE-weusD)1jK`1?K?YJL6@#H0ML2mUd@f05u{$bR4W)hPH!ogCJ` zo&VE-f0^LFC!zmA!Cwaav3Dc(kP5}A)RPdksR0#Uo?-s$IKRP~sOalHP^Kky3OXxp_cvSu-;6EGq zX9@lR?a9i2p5R{#{AIv@kKn(7{d9Sq_HpMQcMATZ;xPYodI~H?P8vkVAFBANe*uO9m^G~<@69xZP_S^0MT;P9H@ULgTFaHk- z{?=3C`L6)}eJ;WIFMT>Ju&?}k5|8qqe`@Hr%RdG9FB1Ig*zddl*eLkh*oO9`Ii#_%CC>@BI0mz_&2}RZsjQnsNDCnIGZdhY*j-U&`gT$Df&? z{IdlA8|(f_q+`AQ<$IN;ddk+m47`be*`1_3s`(Hf+=KM1k_8r{(3ej~oAILi~$Pi=RI(0`cE>Ij+C_=R@tjY4-T~{2vScA?zRL@qZxr`?0@*c~gJi1^%P2z~ygde~riAk9bu61?;!Sk4u4ny5Qf) z{-ZtqDT04B$p2-)f1BXnYh@_*`EL^Z8-f1{;D1H%k7mEyf3|n>vDbWDe-oJhn)CZE zf3d*N5d7OY$GcVFFHFckCGb}=zq{je{qGC>jm*3C=ko6m--8_P{>hy2@&0=?sK0}+ z#Q9&r{(U_0?@v7P=L7#j;6GdN|AqahJASwR&lLQH>@Q*7j33tk|DA%r{|g~_fXCk| z_?tlaTY&##!9SM$zWy`jDqMeM%$IxOA5A=}zZQ_cpMdyp7yNDP=O3vk-1@s!@ULZm zJCmmVt_S{)1pj3(hTyp=bNC0h|NKMnFFHN!KX&`M5%`b#9?t)p?BC7fuM+sp%%9}p z%ZW$zx1Qs-=l?f@_-_>agI)^7zWLv^fZny{+9&*eD?dUA3hiO>zF^n$)DT) zJ{96Gt1b;jG?eXJb z;Qy20uMzxi`+HsRuLb@`fPc_Jod3(&?`wZY6OZ!08RY*_;J;GvKgNDv`)d~b1!wjO z8j#)oehvJ87yP-egzaw-x8LZ8oBs`hzlQyG|9c$x5Bnj`|FP_^h{XKUJ^vjiWMW`12<83e0x+Rs|he%6BgEfM_rzYWE{{(Fbu-wfK%8^FI+@SnkcU;q7B@E1%9#}B*z zt^@v=Kf(DwPw>0_cLwn&|3$$67vO(Z@Xu$zum83S{!;cAa{Dp!m-WD(e;qFWa`yZB z?;gaX@;9^J?!RvV|2)CJ%WKKn--UvIB`E&};9o8HPh`KZ{kIR(uZS41rf91rZ{I`Pge*pZ;1pnaQh3((h{vH(kt3my52L2;&#N|I-@Vo8rP~uVf zHv<1hz<-(GuVKHh{mm2nIcLY`k6VC$jo@!(zpwqhD)Ag1;U3w*miI zH{txB!~UWu@%+>EmlBWizZT^GbKqYh_^)NZul?O2_;bGzwtu_*HGw{$}>u?XL&$UoH5LXTPufR|@_`p!_=m z|0==X!2X_|@*ne4Tz}tX-gp1;Na9ibtpx37XAu7#g8xtKKiP@jy?(k)@aL7q+iy?c z|CiuD;Pp`4$K#)J3(nsl=1=nQ-zFaAuZ-ij+kbBm|8s)Bk^Q|LzdQbX{Z<_R<;Zh<}OTU(5bM9{(MJe>MB<{<{b8kGKt&f0sXm;_)8;5aLn!H-hr- z3H&Pr|2Nn_)Z>3j@E3kFK7aWd@E89KmwzGquXQTiZ9k)kN9C_ze<}0k{Jl5uZxH+k z{4p%}2~PQ4|C@q;={fQKzc28QY{lh2m;Ju+^In0U!Th;S{7yP^?jj!LZ!3uZ01*FC zKgaPu&wk(dc^L7?Kk8fY{1pKI_XYnhZ-fQ+ji1}!j^jUo`I9{P`>zoH0*>DvKMw)% zHwgX;_WQ=qj|F}v^S<%(1L9Hs+d%#g1M%11f%CV5{l4*YI`PP#GdZk(d;IJN{5=+9 z|0hEJwsY$93W4wOr|=g~bbfz(=ie_O9>t%}@!R!(6o~%~!C%b&@s7`p|M!Bwg#GsX z`Doz3;7**sYuWD`|7(dyc0)-|2R5%x7**zz<;;k-^Bh4Jbv>%r>OiT>~CV;%zul4e}mxv_M0K- zYrlQ(!Sz?myf6L(iAV9bgZN88{8I$~pV{y0zdsT94-%GtrND1v{s5=`-2VTJQ2wHd z`21%aDF1f%;{5NkJ{0@>+XR0p@ShI+g9U#P`+e3 z%74++u>7{a68NhHf6L#(!1v|&qaSYhD+K>m_S^ICslfkp!G9n7_lm^))Ahe7@J};; zu)~|N#{Tqr5a)jb^S=3KF7YV;c~xQl?eb3t<-bz!f6o3N+riSG-SRgJ{(kJY`~M8! z|DE7(*$|4Sc>J#j{#H=_^MSwDQk?&f*ze9?-13hX_#NI313%D-->v@=;!*vzf%s>F z_TH;!*wz ztHbuc*@}NQi2oeHf7?4D=o|mf68r_zLVtzjp9B1_3jQtZ_g#OzDEOP%UugL+1pZ+U z;r#b|Hv|u7KKkM2e<1NF|4V`YBH(Wl{H5&g8HxF)>%UFlCo_My)8JhGCL#Xy9Df1x zrv1+Y@&8@$_xO7l@Ts2oHwgZmn)vvA3Gg5LFs{FG>>uax4<#PeUq1Wo`ExVyUn%$( zv46bBzf$1eX1>(no$AbaMu@)x#D4{d{|muC^u18*JO6$r_?LkCyAt>hS%&NH4ECSv zDgOb)qxx$H<^LY=R|@|76PDk6PY&|u&WN|)?*so&1po8w-_2A0RRX`3d0+c^UWmVd zmLO;$JTKOWE(6e?Kbtn}Pqw zz~A#%xcuiQEdP$gqw+5T{+|Hb3meYRR^OyOa4pjb? z?5|+noWE`a{>n#j{y#}r|K@uxkiXw~@&11k@GlkoyKM>s_qG3f1^+1E|0(bnwBhm} zmC(O0@u>V|z<(?7-yrx;VZX2be=PXx*>BhX&wzi&U*q!sl>Gy_{X{?9^Y3=Vqw=o? z<^MVGj}-i?*zX&Eh710Uz<&qu|3L7+o3Q?`68t&m$J_s%!2ch?zuiBQwf|29e?IWv z4g428hUg1@M?S3u-5XU=~Q1OMBCe=z&^as2N1w_fm<0{v$Ue;)V`{S7YvvV`?tKs+k{ zYEb_#0RQ!Ze-~c3_0@li;4hpRZ~rd={|3Q-DEoc&|EAzC0sfbPf6~)9|0g8$pFupz ze+BTr3j8k${&U#x>;KOR{wDTU%`{)n+b13ns{A)q^ ze+T?m2>v(Nf28Ac{g(*-&A|VA;D1T*_xNWh9^v@6bN>A~!Jj)TZ2yJ)`zHT?0R9mx zaQ=^D|5V54`iBsY@?XUM3d{dT;9ny6TiL(T@w@rIL+~$R|60rcC*a@xSzP{_k3#SS z$M2TE7xAe4_4V=m{~7r27yL`u-`nxK?u`+fbdH}S}yb3xetD!BZn|Gx|T*9iXS*zfCq-xvH9?6>>h-+{l!3%LB(YzYJR z^}jC!e^Eoc|Gf|V_X_@3*zfCqMK9v`*D>$we}jof^;g63+x_nY5PzHC-^PAl|9e>Q zHv|7>;6LsqT>j(#71p1x|2;48XE5)Ze?3h+%HJXo|HmNy!K-lm=du4V?my8Fcl;Va zJn}CE{(k{~gWzuw%J2Gb6Zm_C{JZ1-+XDYM^KSch`NEfR{$6DMh$wOV(~bWq;!*xq zg8Y33@^`V|-@^VAJ^nd@e?9x{`O`Mwzen&7`y>>*?bj{;9|gXY`LjLouMy(Uo82oQ zE0{Oq{}&+sy{K?F_?Z@TcB_8E}Bgp?wp!|otitGQ|3H|0hiO8SR z7`8vV{&xocZwme<_WRoZB*CB0{tC{&Y5zTe|7OAeN<#njg1-s)djbES1b^SHVc@>< zzb^RK0{>Tmf4|kZ{x4>~Z~Xom@u>cb=EUoNH{d^0@GoZng--u*$Io$szm)w=R{ie* z{H=n2zfVJOFOT26XV3IWcm6(zd0+qivk?DEkiWe^{N_D($Ulz#zVYW4fj@`&W1aH5 z!JjubY=5?YU*I?INkjR2k^L__ez*O7 zgLqW_QS4u9m4AQWzgO@t`YZ%XJ^s4{fBuE>{&yhoe=PVnvcIR}ck93J?{NOMFhAJg z-TWO$Jj!1o$8Xo)!65#bg1_H?LUA9D{}%#3lKB!3zgURBg5!^P)BXFlZZ$4w-&U&BY^+Ag8wb{@9Qalli=SB{6_)*9fJRJ z_MhVM-zNBTo8sfo(ZK(q;2*s$6xVwE?+N}Q_S@&bV}QTt_qhI-vcK8mA51)||E272 zVcxX=fxy2&@E86!1c!M1R|x)57sc~G82Dck{8j9C$3J)c`c&X&F@LTTzdL?z5#q1s z_)Dz(4FmC?{5r0`m)U=+$A725_xU^oPxJ7t#H0FeFxBCN*znuNP`Aa{6 zuVa26PyB}vkK$hq;vWg(A20Y9u-`X+mI(fhz<)gOUm^G(Vt*f}{BHYwQsAFszQn`- zT8KaA;;{ckyy^cZg7`lY{Jp;j#lH4Ci6&TR{&p7gzV>?t@u>bwIDWhRj{bj*oO^Us z)fvS{f)ErW(U^pX4KFc>Km@B<6&G1(+bJMqVM^lz42U!$XkeiRL1WVsx=^bXkn(!eA>#tPtNk1S1d$k4Vp*^IdXtW^d1#KfIZ7c7FTY-*?WP$0fl3 zzX-ov__qF65`F>T{|WGq68;Cmx6S_{!Y>B=FyQBYj`ROk_!n8`XSmX%{7Z!&eEl~J z@XHDR?ATO5PlTYKLYTN5&nga{3C>43-}`e|JI#2{~Y08YRTXGJ69c0W-7ZUy@XK0db z{^k*WHK_k4!2gW!uM>V}OZ}e^ej})V9N=etiSwW8$nUH4DF39{di@3GzX0%85`IMZ zw)yk^&KBZl3O~62PXPQAg#VUf|9>I;e88Uw_@j2={J(O{f0)vv`XeC!Nr1nO@J~4M zUm*N)z%K;+uDfylsjc+-v-Lks=~4YvApgmLKZo$c!ndveS%kj_@TUO&$Ao{U@NMgV zE8(Z#7r*}Q0Q}54od1K4{GLjW^3MYNBEVlp_-h>dzm)L9!Vj+h>41Nj@OL=&{~+NP z1O5!a|MOQk|0c)$hbleFzXIfcH{h=!{ImqU{%rHNitwX=UkvyuU*q}*3g5Q=J1RY@ zzZT>_3-IqD{E5Q1t^etSpLl=#>(AMM|32YAWVs+u3^uJp)%4)DJe_`i$rcM9M3`Qf)je^B(} zo2|xvYGvHtP5kGJ{{nfw_x}44;D5vqIKNS6>ZEM>zd-b3ML*5(Yv#XN=~4bw;y)bl z{}}L}z6bl?CVX4}&r^ED50%8v?-PK3C*kiCzW@5mkHPHUWWrAe{N;fE1L1dW!;T~>_1=hw)K;t^vHi${1*h~Zx!%gM)+?! z=6{Ol-xs}Y{TwI$E5v^|;D0snKYKsUFT1UtA6x(LQF@eLJ?Q@$z~4>y*9qVD`gVGxhR{{Qb!apMX{ucgCgkJ~vZvp-$!tc>ePnvE2eS`2D z0e=(Vr~ZWVA1r)Z{>e&@@=u!AA(mY5{r_gbzn1VP3BQLW|1jZa3O~62MFBrT_z~ex zu<#!s{CrUVyMVu)@b?Mdw*EdM{31~Qdw}1i9``@xEIofoM*Zggm#Xxr|K*_mEr4H0 z_`QTb&ceTi@T-I$7QJ`=s|Ngygg;OCw)5|+gdci9&wo~czZLM)e#ZH46#m&p{pS8V zis;`J{U0p)B}9Kx^kWRY+5ZQX9`!#<>JR3>4b;D#@JFAmN#_`Rv;K@jIKKkXXIS)| zl^*#o7XQKhYdi2in(#}6Z`(hwCHzvr{}13t2!Acf&+OkzME{1P{vgqB5xx2T#q8f+ zQhx=g|1(hk?+@ete=Yn}OaCVmeWPRjFB5&6_Bv_X`MW~t(fmb0{a=9kTOGmmcN6{~ zOZ`oRUn~6J{`Do`Paym};oJH@R_RgwiSy%MKkNqlwS-?Jd|Ur_5&Z(uoBNNse!4f{ z{FjN|*8i?bkLvFR>i-7Re>dT;7rw3k(+EFX_`&{v2lzV(|104SH|EdGZ#&@^3O_7* z@BIA(;5QNeB^@-$Hh+zTUkUQx3;5Ukg8Ls9zHRuhF~UzdN3TCy|4Ru!NBF`0=P2MGBmA)NZT&w& z_(h=pV}PG?4Cg;l__qGvMf9^oZ|i>*(MLpY>;DF&NBxh0`kO%g9ggGrR}0_P|3sxn z{BqF$Q-D8}@OKE`*8f7nuL1R+q0T|dLhP0<$11`^Wdb6db~ApD8K@8TCONAvwhJ>h2w z-|w^c`lB7-4?c*6analQ|2omH5xuSduP8n0e;Cx?0o32F3D>____qGH zR(ixQ0R8U>__q=MA>rHl@BKSD#4iQ)Cj)*Z;h&SFSDLN=-w}N;(cAi;`76$Upy+M= z@2T{t{t8h4`Jn#$2!Dj|ZT&AM{3z&u8sL9P_;ZB+H)H*q`(G{L*9*Tu^xpdK1o)#) z;rw?v@`ous%0G9Z-v5I9E`VQ6`2CXI&L5rB)lc3t&Fh~Ai{6|cbN?Jh^kYQdNAmLz zrv8sgkLs_K`h)v#2B^P;@Joc>-v`Ul>q{exB}MhB5HQ-Owb$uM&PVP=7zb zuO$4xp0D|1Ed76p@QWXe&wl{mA0qs9!nb{YlBKS*Mg6N1{iTL~Grzt{kNOuC|H1uh zAn<<=;qPJl6 zogk|JDo6hHL_b{gla2gzs?87PDLtB>TA80>d8)VnTnXl95#etXzAgVxi2fbN`g^MD zE?(Q2m!V`kzVkLmd5YBl?k!{!`U;63G8JNB`r9{x(PduMmB)qyNK1A93`5rTU&8 z)&HoY|HVYV+R^`~ME{!T)jv;ZaWl`KHA;{6zuZOo{9hl~|3-oR?`riuEvo;qbnnqn z$hLlF68*EHx9#6Elpgudc}V*Y?%$(<|ILKop_BG+>KmNhgKSBJ5#eabaz4Pz&!2fQ- z&*fgS^B+p|pE>%!O6gJlwZQ)^!2e>xZ{0cs`e@_MeBZU8+ zqyI$pIT!Mubb+pPy2XEj(j)(kz<&|&zfkxI1}7r?Y~ykN`#=BTc|PBNK#oaE^!$~| zeee7+9q?BXepL9?hB1@>B;l6}zd|v+o5!C4_^-=r?uk-naK3t~jFNo1K z|8BtFMfg$S*NEOfnDu{7_!Yv>7hhie#em;VeNN|9nqc@Z?V;*#+K@xRB>|C7Xj&hvVHg84rT{J%r|hc43d zo9s7Uj^_M)L;RCybx0RN8y z|3iuYeBqm)f0*+>p7<{mz1c5Qe-rVa{zClz^EmK7m-sJs%>Nms_i8j=CWRuRH~sqe z{o_jCzcHs_@$b){w|_1N{$CUShCEa%{9p1~I+N4E>8HO;_yxkRYS4O*zXI?#6aIqP z-c+e;mW&HfO#XJFU;2pFS6*@2YU~G7{}J(@{*+$%Mb~M)=l^No|2x7TvQ_h&di*xO zj_@P(@%(bYKTi0A4`}|=OMjc+K=_SU%O^Kuo9kZ<_-)kpbY7P-QaQ%!hsJVUe{lUg z59%LH{O1e5n-7+w@7q7#D0<^*p<>aSkNZ0R@gmV1_D}0`7W&WBN3;Ih{rX!zEtK?( zuD|AX{Xe|eVF=13)pXc3PR@x + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +namespace cppcose { + +ErrMsgOr ECDSA_sign(const bytevec& key, bytevec& input) { + EVP_PKEY_CTX* pkeyCtx = NULL; + EVP_MD_CTX_Ptr digestCtx(EVP_MD_CTX_new()); + auto bn = BIGNUM_Ptr(BN_bin2bn(key.data(), key.size(), nullptr)); + if (bn.get() == nullptr) { + return "Error creating BIGNUM for private key"; + } + auto privEcKey = EC_KEY_Ptr(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + if (EC_KEY_set_private_key(privEcKey.get(), bn.get()) != 1) { + return "Error setting private key from BIGNUM"; + } + auto privPkey = EVP_PKEY_Ptr(EVP_PKEY_new()); + if (EVP_PKEY_set1_EC_KEY(privPkey.get(), privEcKey.get()) != 1) { + return "Error setting private key"; + } + + if (EVP_DigestSignInit(digestCtx.get(), &pkeyCtx, EVP_sha256(), nullptr /* engine */, privPkey.get()) != + 1) { + return "Failed to do digest sign init."; + } + size_t outlen = EVP_PKEY_size(privPkey.get()); + bytevec signature(outlen); + if (!EVP_DigestSign(digestCtx.get(), signature.data(), &outlen, input.data(), input.size())) { + return "Ecdsa sign failed."; + } + return signature; +} + +bool ECDSA_verify(const bytevec& input, const bytevec& signature, const bytevec& key) { + EVP_PKEY_CTX* pkeyCtx = NULL; + EVP_MD_CTX_Ptr digestCtx(EVP_MD_CTX_new()); + auto ecGroup = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); + auto ecKey = EC_KEY_Ptr(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + if (ecGroup.get() == nullptr) { + return "Failed to get EC_GROUP from curve name"; + } + auto ecPoint = EC_POINT_Ptr(EC_POINT_new(ecGroup.get())); + if (ecPoint.get() == nullptr) { + return "Failed to get EC_POINT from EC_GROUP"; + } + if (EC_POINT_oct2point(ecGroup.get(), ecPoint.get(), key.data(), key.size(), nullptr) != + 1) { + return 0; + } + // set public key + if (EC_KEY_set_public_key(ecKey.get(), ecPoint.get()) != 1) { + return 0; + } + auto pkey = EVP_PKEY_Ptr(EVP_PKEY_new()); + if (EVP_PKEY_set1_EC_KEY(pkey.get(), ecKey.get()) != 1) { + return 0; + } + if (EVP_DigestVerifyInit(digestCtx.get(), &pkeyCtx, EVP_sha256(), nullptr /* engine */, pkey.get()) != + 1) { + return 0; + } + return EVP_DigestVerify(digestCtx.get(), signature.data(), signature.size(), input.data(), input.size()); +} + +ErrMsgOr getEcPointFromAffineCoordinates(const bytevec& pubx, const bytevec& puby) { + auto ecGroup = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); + if (ecGroup.get() == nullptr) { + return "Failed to get EC_GROUP from curve name"; + } + auto ecPoint = EC_POINT_Ptr(EC_POINT_new(ecGroup.get())); + if (ecPoint.get() == nullptr) { + return "Failed to get EC_POINT from EC_GROUP"; + } + auto bn_x = BIGNUM_Ptr(BN_bin2bn(pubx.data(), pubx.size(), nullptr)); + if (bn_x.get() == nullptr) { + return "Error creating BIGNUM for peer public key X coordinate"; + } + auto bn_y = BIGNUM_Ptr(BN_bin2bn(puby.data(), puby.size(), nullptr)); + if (bn_y.get() == nullptr) { + return "Error creating BIGNUM for peer public key Y coordinate"; + } + if (!EC_POINT_set_affine_coordinates(ecGroup.get(), ecPoint.get(), bn_x.get(), bn_y.get(), + nullptr)) { + return "Failed to set affine coordinates"; + } + size_t pubKeyLen; + pubKeyLen = EC_POINT_point2oct(ecGroup.get(), ecPoint.get(), POINT_CONVERSION_UNCOMPRESSED, + nullptr, 0, nullptr); + if (pubKeyLen == 0) { + return "Failed to convert EC_POINT to buffer."; + } + bytevec pubkey(pubKeyLen); + EC_POINT_point2oct(ecGroup.get(), ecPoint.get(), POINT_CONVERSION_UNCOMPRESSED, pubkey.data(), + pubKeyLen, nullptr); + return pubkey; +} + +ErrMsgOr createCoseSign1Signature(const bytevec& key, const bytevec& protectedParams, + const bytevec& payload, const bytevec& aad) { + bytevec signatureInput = cppbor::Array() + .add("Signature1") // + .add(protectedParams) + .add(aad) + .add(payload) + .encode(); + auto signature = ECDSA_sign(key, signatureInput); + if (!signature) return "Signing failed"; + return signature; +} + +ErrMsgOr constructCoseSign1(const bytevec& key, cppbor::Map protectedParams, + const bytevec& payload, const bytevec& aad) { + bytevec protParms = protectedParams.add(ALGORITHM, ES256).canonicalize().encode(); + auto signature = createCoseSign1Signature(key, protParms, payload, aad); + if (!signature) return signature.moveMessage(); + + return cppbor::Array() + .add(std::move(protParms)) + .add(cppbor::Map() /* unprotected parameters */) + .add(std::move(payload)) + .add(std::move(*signature)); +} + +ErrMsgOr constructCoseSign1(const bytevec& key, const bytevec& payload, + const bytevec& aad) { + return constructCoseSign1(key, {} /* protectedParams */, payload, aad); +} + +ErrMsgOr verifyAndParseCoseSign1(bool ignoreSignature, const cppbor::Array* coseSign1, + const bytevec& signingCoseKey, const bytevec& aad) { + if (!coseSign1 || coseSign1->size() != kCoseSign1EntryCount) { + return "Invalid COSE_Sign1"; + } + + const cppbor::Bstr* protectedParams = coseSign1->get(kCoseSign1ProtectedParams)->asBstr(); + const cppbor::Map* unprotectedParams = coseSign1->get(kCoseSign1UnprotectedParams)->asMap(); + const cppbor::Bstr* payload = coseSign1->get(kCoseSign1Payload)->asBstr(); + + if (!protectedParams || !unprotectedParams || !payload) { + return "Missing input parameters"; + } + + auto [parsedProtParams, _, errMsg] = cppbor::parse(protectedParams); + if (!parsedProtParams) { + return errMsg + " when parsing protected params."; + } + if (!parsedProtParams->asMap()) { + return "Protected params must be a map"; + } + + auto& algorithm = parsedProtParams->asMap()->get(ALGORITHM); + if (!algorithm || !algorithm->asInt() || algorithm->asInt()->value() != EDDSA) { + return "Unsupported signature algorithm"; + } + + if (!ignoreSignature) { + const cppbor::Bstr* signature = coseSign1->get(kCoseSign1Signature)->asBstr(); + if (!signature || signature->value().empty()) { + return "Missing signature input"; + } + + bool selfSigned = signingCoseKey.empty(); + + bytevec signatureInput = + cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); + + auto key = + CoseKey::parseP256(selfSigned ? payload->value() : signingCoseKey); + if (!key) return "Bad signing key: " + key.moveMessage(); + + + auto pubkey = getEcPointFromAffineCoordinates( + *key->getBstrValue(CoseKey::PUBKEY_X), *key->getBstrValue(CoseKey::PUBKEY_Y)); + if (!pubkey) return pubkey.moveMessage(); + + if (!ECDSA_verify(signatureInput, signature->value(), *pubkey)) { + return "Signature verification failed"; + } + } + + return payload->value(); +} +} // namespace cppcose diff --git a/ProvisioningTool/keymint/src/provision.cpp b/ProvisioningTool/keymint/src/provision.cpp new file mode 100644 index 00000000..e70e5ce8 --- /dev/null +++ b/ProvisioningTool/keymint/src/provision.cpp @@ -0,0 +1,329 @@ +/* + ** + ** Copyright 2021, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#include +#include +#include +#include +#include "socket.h" +#include +#include +#include +#include +#include +#include + +#define SE_POWER_RESET_STATUS_FLAG (1 << 30) +// TODO keymint provision status +enum ProvisionStatus { + NOT_PROVISIONED = 0x00, + PROVISION_STATUS_ATTESTATION_KEY = 0x01, + PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02, + PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04, + PROVISION_STATUS_ATTEST_IDS = 0x08, + PROVISION_STATUS_PRESHARED_SECRET = 0x10, + PROVISION_STATUS_BOOT_PARAM = 0x20, + PROVISION_STATUS_PROVISIONING_LOCKED = 0x40, +}; + +// TODO keymint provision status and lock +std::string provisionStatusApdu = hex2str("80084000000000"); +std::string lockProvisionApdu = hex2str("80074000000000"); + +Json::Value root; +static std::string inputFileName; +using cppbor::Item; +using cppbor::Array; +using cppbor::Uint; +using cppbor::MajorType; + +// static function declarations +static uint16_t getApduStatus(std::vector& inputData); +static int sendData(std::shared_ptr& pSocket, std::string input, std::vector& response); +static int provisionData(std::shared_ptr& pSocket, std::string apdu, std::vector& response); +static int provisionData(std::shared_ptr& pSocket, const char* jsonKey); +static int getUint64(const std::unique_ptr &item, const uint32_t pos, uint64_t *value); + + +// Print usage. +void usage() { + printf("Usage: Please consturcture the apdu(s) with help of construct apdu tool and pass the output file to this utility.\n"); + printf("provision_keymint [options]\n"); + printf("Valid options are:\n"); + printf("-h, --help show this help message and exit.\n"); + printf("-i, --input jsonFile \t Input json file \n"); + printf("-s, --provision_status jsonFile \t Gets the provision status of applet. \n"); + printf("-l, --lock_provision jsonFile \t Gets the provision status of applet. \n"); + +} + +static uint16_t getApduStatus(std::vector& inputData) { + // Last two bytes are the status SW0SW1 + uint8_t SW0 = inputData.at(inputData.size() - 2); + uint8_t SW1 = inputData.at(inputData.size() - 1); + return (SW0 << 8 | SW1); +} + +static int sendData(std::shared_ptr& pSocket, std::string input, std::vector& response) { + + std::vector apdu(input.begin(), input.end()); + + if(!pSocket->sendData(apdu, response)) { + std::cout << "Failed to provision attestation key" << std::endl; + return FAILURE; + } + + // Response size should be greater than 2. Cbor output data followed by two bytes of APDU + // status. + if ((response.size() <= 2) || (getApduStatus(response) != APDU_RESP_STATUS_OK)) { + printf("\n Received error response with error: %d\n", getApduStatus(response)); + return FAILURE; + } + // remove the status bytes + response.pop_back(); + response.pop_back(); + return SUCCESS; +} + +int getUint64(const std::unique_ptr &item, const uint32_t pos, uint64_t* value) { + Array *arr = nullptr; + + if (MajorType::ARRAY != item.get()->type()) { + return FAILURE; + } + arr = const_cast(item.get()->asArray()); + if (arr->size() < (pos + 1)) { + return FAILURE; + } + *value = arr->get(pos)->asUint()->value(); + return SUCCESS; +} + + +uint64_t unmaskPowerResetFlag(uint64_t errorCode) { + bool isSeResetOccurred = (0 != (errorCode & SE_POWER_RESET_STATUS_FLAG)); + + if (isSeResetOccurred) { + printf("\n Secure element reset happened\n"); + errorCode &= ~SE_POWER_RESET_STATUS_FLAG; + } + return errorCode; +} + +int provisionData(std::shared_ptr& pSocket, std::string apdu, std::vector& response) { + if (SUCCESS != sendData(pSocket, apdu, response)) { + return FAILURE; + } + auto [item, pos, message] = cppbor::parse(response); + if(item != nullptr) { + uint64_t err; + if(MajorType::ARRAY == item.get()->type()) { + if(SUCCESS != getUint64(item, 0, &err)) { + printf("\n Failed to parse the error code \n"); + return FAILURE; + } + } else if (MajorType::UINT == item.get()->type()) { + const Uint* uintVal = item.get()->asUint(); + err = uintVal->value(); + } + err = unmaskPowerResetFlag(err); + if (err != 0) { + printf("\n Failed with error:%ld", err); + return FAILURE; + } + } else { + printf("\n Failed to parse the response\n"); + return FAILURE; + } + return SUCCESS; +} + +int provisionData(std::shared_ptr& pSocket, const char* jsonKey) { + Json::Value val = root.get(jsonKey, Json::Value::nullRef); + if (!val.isNull()) { + if (val.isString()) { + std::vector response; + if (SUCCESS != provisionData(pSocket, hex2str(val.asString()), response)) { + printf("\n Error while provisioning %s \n", jsonKey); + return FAILURE; + } + } else { + printf("\n Fail: Expected (%s) tag value is string. \n", jsonKey); + return FAILURE; + } + } + printf("\n Successfully provisioned %s \n", jsonKey); + return SUCCESS; +} + +int openConnection(std::shared_ptr& pSocket) { + if (!pSocket->isConnected()) { + if (!pSocket->openConnection()) + return FAILURE; + } else { + printf("\n Socket already opened.\n"); + } + return SUCCESS; +} + +// Parses the input json file. Sends the apdus to JCServer. +int processInputFile() { + // Parse Json file + if (0 != readJsonFile(root, inputFileName)) { + return FAILURE; + } + std::shared_ptr pSocket = SocketTransport::getInstance(); + if (SUCCESS != openConnection(pSocket)) { + printf("\n Failed to open connection \n"); + return FAILURE; + } + if (0 != provisionData(pSocket, kDeviceUniqueKey) || + 0 != provisionData(pSocket, kAdditionalCertChain) || + 0 != provisionData(pSocket, kAttestationIds) || + 0 != provisionData(pSocket, kSharedSecret) || + 0 != provisionData(pSocket, kBootParams)) { + return FAILURE; + } + return SUCCESS; +} + +int lockProvision() { + std::vector response; + std::shared_ptr pSocket = SocketTransport::getInstance(); + if (SUCCESS != openConnection(pSocket)) { + printf("\n Failed to open connection \n"); + return FAILURE; + } + if (SUCCESS != provisionData(pSocket, lockProvisionApdu, response)) { + printf("\n Failed to lock provision.\n"); + return FAILURE; + } + printf("\n Provision lock is successfull.\n"); + return SUCCESS; +} + +int getProvisionStatus() { + std::vector response; + std::shared_ptr pSocket = SocketTransport::getInstance(); + if (SUCCESS != openConnection(pSocket)) { + printf("\n Failed to open connection \n"); + return FAILURE; + } + + if (SUCCESS != provisionData(pSocket, provisionStatusApdu, response)) { + printf("\n Failed to get provision status \n"); + return FAILURE; + } + auto [item, pos, message] = cppbor::parse(response); + if(item != nullptr) { + uint64_t status; + if(SUCCESS != getUint64(item, 1, &status)) { + printf("\n Failed to get the provision status.\n"); + return FAILURE; + } + // TODO Handle Keymint Provision status once added. + if ( (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) && + (0 != (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM))) { + printf("\n SE is provisioned \n"); + } else { + if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_KEY)) { + printf("\n Attestation key is not provisioned \n"); + } + if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) { + printf("\n Attestation certificate chain is not provisioned \n"); + } + if (0 == (status & ProvisionStatus::PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) { + printf("\n Attestation certificate params are not provisioned \n"); + } + if (0 == (status & ProvisionStatus::PROVISION_STATUS_PRESHARED_SECRET)) { + printf("\n Shared secret is not provisioned \n"); + } + if (0 == (status & ProvisionStatus::PROVISION_STATUS_BOOT_PARAM)) { + printf("\n Boot params are not provisioned \n"); + } + } + } else { + printf("\n Fail to parse the response \n"); + return FAILURE; + } + return SUCCESS; +} + +int main(int argc, char* argv[]) { + int c; + bool provisionStatusSet = false; + bool lockProvisionSet = false; + + struct option longOpts[] = { + {"input", required_argument, NULL, 'i'}, + {"provision_status", no_argument, NULL, 's'}, + {"lock_provision", no_argument, NULL, 'l'}, + {"help", no_argument, NULL, 'h'}, + {0,0,0,0} + }; + + if (argc <= 1) { + printf("\n Invalid command \n"); + usage(); + return FAILURE; + } + + /* getopt_long stores the option index here. */ + while ((c = getopt_long(argc, argv, ":hls:i:", longOpts, NULL)) != -1) { + switch(c) { + case 'i': + // input file + inputFileName = std::string(optarg); + std::cout << "input file: " << inputFileName << std::endl; + break; + case 's': + provisionStatusSet = true; + break; + case 'l': + lockProvisionSet = true; + break; + case 'h': + // help + usage(); + return SUCCESS; + case ':': + printf("\n Required arguments missing.\n"); + usage(); + return FAILURE; + case '?': + default: + printf("\n Invalid option\n"); + usage(); + return FAILURE; + } + } + // Process input file; send apuds to JCServer over socket. + if (argc >= 3) { + if (SUCCESS != processInputFile()) { + return FAILURE; + } + } + if (provisionStatusSet) + getProvisionStatus(); + if (lockProvisionSet) + lockProvision(); + return SUCCESS; +} + + diff --git a/ProvisioningTool/keymint/src/socket.cpp b/ProvisioningTool/keymint/src/socket.cpp new file mode 100644 index 00000000..137cab3b --- /dev/null +++ b/ProvisioningTool/keymint/src/socket.cpp @@ -0,0 +1,109 @@ +/* + ** + ** Copyright 2021, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#include +#include +#include +#include +#include +#include +#include +#include +#include "socket.h" + +#define PORT 8080 +#define IPADDR "127.0.0.1" +#define MAX_RECV_BUFFER_SIZE 2500 + +using namespace std; + +SocketTransport::~SocketTransport() { + if (closeConnection()) + std::cout << "Socket is closed"; +} + +bool SocketTransport::openConnection() { + struct sockaddr_in serv_addr; + if ((mSocket = socket(AF_INET, SOCK_STREAM, 0)) < 0) { + perror("Socket "); + return false; + } + + serv_addr.sin_family = AF_INET; + serv_addr.sin_port = htons(PORT); + + // Convert IPv4 and IPv6 addresses from text to binary form + if (inet_pton(AF_INET, IPADDR, &serv_addr.sin_addr) <= 0) { + std::cout << "Invalid address/ Address not supported."; + return false; + } + + if (connect(mSocket, (struct sockaddr*)&serv_addr, sizeof(serv_addr)) < 0) { + close(mSocket); + perror("Socket "); + return false; + } + socketStatus = true; + return true; +} + +bool SocketTransport::sendData(const std::vector& inData, std::vector& output) { + uint8_t buffer[MAX_RECV_BUFFER_SIZE]; + int count = 1; + while (!socketStatus && count++ < 5) { + sleep(1); + std::cout << "Trying to open socket connection... count: " << count; + openConnection(); + } + + if (count >= 5) { + std::cout << "Failed to open socket connection"; + return false; + } + + if (0 > send(mSocket, inData.data(), inData.size(), 0)) { + static int connectionResetCnt = 0; /* To avoid loop */ + if (ECONNRESET == errno && connectionResetCnt == 0) { + // Connection reset. Try open socket and then sendData. + socketStatus = false; + connectionResetCnt++; + return sendData(inData, output); + } + std::cout << "Failed to send data over socket err: " << errno; + connectionResetCnt = 0; + return false; + } + + ssize_t valRead = read(mSocket, buffer, MAX_RECV_BUFFER_SIZE); + if (0 > valRead) { + std::cout << "Failed to read data from socket."; + } + for (ssize_t i = 0; i < valRead; i++) { + output.push_back(buffer[i]); + } + return true; +} + +bool SocketTransport::closeConnection() { + close(mSocket); + socketStatus = false; + return true; +} + +bool SocketTransport::isConnected() { + return socketStatus; +} + diff --git a/ProvisioningTool/keymint/src/utils.cpp b/ProvisioningTool/keymint/src/utils.cpp new file mode 100644 index 00000000..41ad8a6c --- /dev/null +++ b/ProvisioningTool/keymint/src/utils.cpp @@ -0,0 +1,96 @@ +/* + ** + ** Copyright 2021, The Android Open Source Project + ** + ** Licensed under the Apache License, Version 2.0 (the "License"); + ** you may not use this file except in compliance with the License. + ** You may obtain a copy of the License at + ** + ** http://www.apache.org/licenses/LICENSE-2.0 + ** + ** Unless required by applicable law or agreed to in writing, software + ** distributed under the License is distributed on an "AS IS" BASIS, + ** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + ** See the License for the specific language governing permissions and + ** limitations under the License. + */ +#include +#include +#include +#include + + +constexpr char hex_value[256] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 0, 0, 0, 0, 0, // '0'..'9' + 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'A'..'F' + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 10, 11, 12, 13, 14, 15, 0, 0, 0, 0, 0, 0, 0, 0, 0, // 'a'..'f' + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, // + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; + +std::string getHexString(std::vector& input) { + std::stringstream ss; + for (auto b : input) { + ss << std::setw(2) << std::setfill('0') << std::hex << (int) (b & 0xFF); + } + return ss.str(); +} + + +std::string hex2str(std::string a) { + std::string b; + size_t num = a.size() / 2; + b.resize(num); + for (size_t i = 0; i < num; i++) { + b[i] = (hex_value[a[i * 2] & 0xFF] << 4) + (hex_value[a[i * 2 + 1] & 0xFF]); + } + return b; +} + + +// Parses the json file and returns 0 if success; otherwise 1. +int readJsonFile(Json::Value& root, std::string& inputFileName) { + Json::CharReaderBuilder builder; + std::string errorMessage; + + if(!root.empty()) { + printf("\n Already parsed \n"); + return 1; + } + std::ifstream stream(inputFileName); + if (Json::parseFromStream(builder, stream, &root, &errorMessage)) { + printf("\n Parsed json file successfully.\n"); + return 0; + } else { + printf("\n Failed to parse json file error:%s\n", errorMessage.c_str()); + return 1; + } +} + +// Write the json data to the output file. +int writeJsonFile(Json::Value& writerRoot, std::string& outputFileName) { + + std::ofstream ofs; + // Delete file if already exists. + std::remove(outputFileName.data()); + ofs.open(outputFileName, std::ofstream::out | std::ios_base::app); + if (ofs.fail()) { + printf("\n Fail to open the output file:%s", outputFileName.c_str()); + return FAILURE; + } + + Json::StyledWriter styledWriter; + ofs << styledWriter.write(writerRoot); + + ofs.close(); + return SUCCESS; +} \ No newline at end of file diff --git a/ProvisioningTool/keymint/test_resources/batch_cert.der b/ProvisioningTool/keymint/test_resources/batch_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..355bc9846c283fa9ac484caf7d98e9d6a743d060 GIT binary patch literal 694 zcmXqLV%lWT#1y%JnTe5!iAjLLfQyYotIgw_EekV~LE|h#ZUas>=1>+kVW!YvLtz6! z5Ql?@%Q-P8GcCU;FEi1Q-+&h+$i>6vo}ZtdlWHhwAPy4X<`HnrODW3FOi>6jmZT~;J1P{H6y@ioC*@Zd${WbCaROb^_MMlJ zlTl2dI3uw<&mkRbgmAG!SNE z2S*1JBQ#!^8QGbg7+Aiyd|CIY;nag?7Rk+)sn>mMONFbf&q|$I=q{_`v9ozMt(#xfW*`reR%Vef5NitE9@{o1g}{Q9kuq=B&hJ*2+bE9U**%PG|~wRvKpWY1_&yK zNX|V20SBQ(13~}<_k{GW@_@?V<~U=6Ic3*OJ#`a$JIxx(p-Ua1YN8YM_3n_8>yKx# b(4uYv8iNvBXpT^2HD;mihGHV-0AW;yW#cm- literal 0 HcmV?d00001 diff --git a/ProvisioningTool/keymint/test_resources/batch_key.pem b/ProvisioningTool/keymint/test_resources/batch_key.pem new file mode 100644 index 00000000..95ea1988 --- /dev/null +++ b/ProvisioningTool/keymint/test_resources/batch_key.pem @@ -0,0 +1,5 @@ +-----BEGIN PRIVATE KEY----- +MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQg/AbtV+kD2f4/MjQP +02kKTegLCM0XHF/l06o00gkLshqhRANCAAT3hPSu8oDK4OY4Y4M5ZddMPXUTejvN +GsqhSx2haqIT9fXukJLrj2ex0KJuAhqDEltojlBlNWah7oZiIuYAYVSG +-----END PRIVATE KEY----- diff --git a/ProvisioningTool/keymint/test_resources/ca_cert.der b/ProvisioningTool/keymint/test_resources/ca_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..f574a4c588d9acf8d388f0b97f91c14d1ef57e77 GIT binary patch literal 689 zcmXqLVp?m^#1y=MnTe5!Nu<2YqPX7T*}R*jap|l1`D`C=nX=h{i;Y98&EuRc3p0~J z<6=W@15P&PP!={}rqEzRVFN)Bhl7X9IWZ?QEx#x)Gtp4QKnNtr&chv?n3qr4V&<*u6*tu`D!ST(DbpM=b;X1j0r(x9go&`mUch%SYJ8L4? zv^d!y5g3Ndp|X4|Vk{z!InSaDemq)V|DHuT;EvxCk4LOY2J#?jWflnou?Fl4_(2MU z85#exuo^G}DFZ%`06$0om{J(qkkbvb2ZMntlOn_VlxK@`)?Kz>S}4aiW8uUVlb-#k zl$zgsakFyCW!tU(N0<~!cD&yR9XjpJ@Q;yI4H|84@Ng|vN-(*;t1!p2 bqAmQ)gbK;OxiMO|jG%HM-6yR6%`_2$PMkJ# literal 0 HcmV?d00001 diff --git a/ProvisioningTool/keymint/test_resources/intermediate_cert.der b/ProvisioningTool/keymint/test_resources/intermediate_cert.der new file mode 100644 index 0000000000000000000000000000000000000000..615f423e0773b2979152ec847ec0be46813d66d6 GIT binary patch literal 664 zcmXqLVwz&m#ALmInTe5!iAjLLfQyYotIgw_EekV~LE~aWZUas>=1>+kVW!YvLtz6! z5Ql?@%Q-P8GcCU;FEi0l#6Son$j-wZoS2tZl$ckXnVfIPZ@>!@<>Fy;&(BZKNi~!- z5C;ix^9VTRr4;37rYHobCYKgvmQ)(b7)XJnn0bUDY88?b6^cuW^7GP@@+%DG4P@Ck zflg}s&dbQjC?-&xkyxJRkPbFgFF8NgKu(<3$k4#h$il$f(7?blN}Sgi#5IF*4H{<= z;R{mSt7)JPajyc@y`Fg`sYSV|DVd2SsS3`Hq&Pm(K$wjk9NN0GsC`TLXGRt`19_0N zGK++PSc6Do&a)_kACK18zh_YnxZ}6P;}L5TIBI2u85#exa2T)wDJDh+13r)@evlY2 zjWD($rx<2;1_Ku+1-;#FR~%M{Zr-*{I^>z%+Yp28+lvIkOmw+#$JDk}x^q{?yLQ0ZBJ1d6-z=${7OeEkK?r1ao literal 0 HcmV?d00001 diff --git a/README.md b/README.md index 670e94a1..55d34d74 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,6 @@ -# JavaCardKeymaster -JavaCard implementation of the [Android Keymaster 4.1 HAL](https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/4.1/IKeymasterDevice.hal) (most of the specification is in the [Android Keymaster 4.0 HAL](https://android.googlesource.com/platform/hardware/interfaces/+/master/keymaster/4.0/IKeymasterDevice.hal)), intended for creation of StrongBox Keymaster instances to support the [Android Hardware-backed Keystore](https://source.android.com/security/keystore). +**JavaCardKeymaster** +JavaCard implementation of the following: +1) [Android Keymint HAL](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/) +2) [Android SharedSecret HAL](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/sharedsecret/aidl/android/hardware/security/sharedsecret/) +3) [Remote Key Provisiong HAL](https://cs.android.com/android/platform/superproject/+/master:hardware/interfaces/security/keymint/aidl/android/hardware/security/keymint/IRemotelyProvisionedComponent.aidl) -Here is the [JavaCard Applet design doc](https://docs.google.com/document/d/1bTAmhDqCNq1HYzChNDv8kLJEi64cwTIZ2PfdMMz3o8U/edit#heading=h.gjdgxs) and the [HAL design doc](https://docs.google.com/document/d/1-1MLJ781wAPJ2YxCdCtHMepld8F8KVAxpPtCw9J3b3o/edit#heading=h.gjdgxs) (the content will move here when it stablizes, for now these are a limited-access links). diff --git a/TestingTools/JCProxy/JCProxy.iml b/TestingTools/JCProxy/JCProxy.iml new file mode 100644 index 00000000..b71f1e5b --- /dev/null +++ b/TestingTools/JCProxy/JCProxy.iml @@ -0,0 +1,15 @@ + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCProxyMain.java b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCProxyMain.java index 2de1feba..becbdb30 100644 --- a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCProxyMain.java +++ b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCProxyMain.java @@ -15,18 +15,36 @@ */ public class JCProxyMain { + public static final String KEYMASTER = "keymaster"; + public static final String KEYMINT = "keymint"; + public static final byte KEYMASTER_INSTALL_PARAM = 0x01; + public static final byte KEYMINT_INSTALL_PARAM = 0x02; + + public static byte getKMInstallationParamter(String kmSpecificVersion) { + if (kmSpecificVersion.equals(KEYMASTER)) { + return KEYMASTER_INSTALL_PARAM; + } else { + return KEYMINT_INSTALL_PARAM; + } + } + public static void main(String[] args) { - if (args.length < 1) { + if (args.length < 2) { System.out.println("Port no is expected as argument."); return; } int port = Integer.parseInt(args[0]); + String specificationImpl = args[1]; + if (!(specificationImpl.equals("keymaster") || specificationImpl.equals("keymint"))) { + System.out.println("Specification string should be either keymaster or keymint."); + return; + } Simulator simulator = new JCardSimulator(); try (ServerSocket serverSocket = new ServerSocket(port)) { simulator.initaliseSimulator(); - if (!simulator.setupKeymasterOnSimulator()) { + if (!simulator.setupKeymasterOnSimulator(getKMInstallationParamter(specificationImpl))) { System.out.println("Failed to setup Java card keymaster simulator."); System.exit(-1); } @@ -35,7 +53,7 @@ public static void main(String[] args) { while (true) { try { Socket socket = serverSocket.accept(); - System.out.println("\n\n\n\n\n"); + System.out.println("\n"); System.out.println("------------------------New client connected on " + socket.getPort() + "--------------------"); OutputStream output = null; diff --git a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCardSimulator.java b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCardSimulator.java index 7af495f3..1333c1e1 100644 --- a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCardSimulator.java +++ b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/JCardSimulator.java @@ -30,9 +30,12 @@ public void disconnectSimulator() throws Exception { } @Override - public boolean setupKeymasterOnSimulator() throws Exception { + public boolean setupKeymasterOnSimulator(byte applicationSpecificParam) throws Exception { AID appletAID1 = AIDUtil.create("A000000062"); - simulator.installApplet(appletAID1, KMJCardSimApplet.class); + byte[] data = new byte[2]; + data[0] = 0x01; // length + data[1] = applicationSpecificParam; + simulator.installApplet(appletAID1, KMJCardSimApplet.class, data, (short) 0, (byte) data.length); // Select applet simulator.selectApplet(appletAID1); return true; diff --git a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Simulator.java b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Simulator.java index 6c4f9bbc..43fecd30 100644 --- a/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Simulator.java +++ b/TestingTools/JCProxy/src/com/android/javacard/jcproxy/Simulator.java @@ -7,7 +7,7 @@ public interface Simulator { void disconnectSimulator() throws Exception; - public boolean setupKeymasterOnSimulator() throws Exception; + public boolean setupKeymasterOnSimulator(byte applicationSpecificParam) throws Exception; byte[] executeApdu(byte[] apdu) throws Exception; diff --git a/aosp_integration_patches/cts_tests_tests_keystore.patch b/patches/keymaster/aosp_integration_patches/cts_tests_tests_keystore.patch similarity index 100% rename from aosp_integration_patches/cts_tests_tests_keystore.patch rename to patches/keymaster/aosp_integration_patches/cts_tests_tests_keystore.patch diff --git a/aosp_integration_patches/device_google_cuttlefish.patch b/patches/keymaster/aosp_integration_patches/device_google_cuttlefish.patch similarity index 100% rename from aosp_integration_patches/device_google_cuttlefish.patch rename to patches/keymaster/aosp_integration_patches/device_google_cuttlefish.patch diff --git a/aosp_integration_patches/hardware_interfaces_keymaster.patch b/patches/keymaster/aosp_integration_patches/hardware_interfaces_keymaster.patch similarity index 100% rename from aosp_integration_patches/hardware_interfaces_keymaster.patch rename to patches/keymaster/aosp_integration_patches/hardware_interfaces_keymaster.patch diff --git a/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch b/patches/keymaster/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch similarity index 100% rename from aosp_integration_patches/omapi_patches/JavacardKeymaster.patch rename to patches/keymaster/aosp_integration_patches/omapi_patches/JavacardKeymaster.patch diff --git a/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch b/patches/keymaster/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch similarity index 100% rename from aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch rename to patches/keymaster/aosp_integration_patches/omapi_patches/packages_apps_secureElement.patch diff --git a/aosp_integration_patches/system_sepolicy.patch b/patches/keymaster/aosp_integration_patches/system_sepolicy.patch similarity index 100% rename from aosp_integration_patches/system_sepolicy.patch rename to patches/keymaster/aosp_integration_patches/system_sepolicy.patch diff --git a/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch b/patches/keymaster/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch similarity index 100% rename from aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch rename to patches/keymaster/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch diff --git a/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch b/patches/keymaster/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch similarity index 100% rename from aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch rename to patches/keymaster/aosp_integration_patches_aosp_12_r15/hardware_interfaces_keymaster.patch diff --git a/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch b/patches/keymaster/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch similarity index 100% rename from aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch rename to patches/keymaster/aosp_integration_patches_aosp_12_r15/system_security_keystore2.patch diff --git a/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch b/patches/keymaster/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch similarity index 100% rename from aosp_integration_patches_aosp_12_r15/system_sepolicy.patch rename to patches/keymaster/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch diff --git a/patches/keymint/aosp_integration_patches/device_google_cuttlefish.patch b/patches/keymint/aosp_integration_patches/device_google_cuttlefish.patch new file mode 100644 index 00000000..1f5e0765 --- /dev/null +++ b/patches/keymint/aosp_integration_patches/device_google_cuttlefish.patch @@ -0,0 +1,60 @@ +diff --git a/shared/device.mk b/shared/device.mk +index 54042c107..622c6a549 100644 +--- a/shared/device.mk ++++ b/shared/device.mk +@@ -607,6 +607,9 @@ endif + PRODUCT_PACKAGES += \ + $(LOCAL_KEYMINT_PRODUCT_PACKAGE) + ++PRODUCT_PACKAGES += \ ++ android.hardware.security.keymint-service.strongbox \ ++ + # Keymint configuration + ifneq ($(LOCAL_PREFER_VENDOR_APEX),true) + PRODUCT_COPY_FILES += \ +diff --git a/shared/sepolicy/vendor/file_contexts b/shared/sepolicy/vendor/file_contexts +index 55b8d964e..a0e88fb2e 100644 +--- a/shared/sepolicy/vendor/file_contexts ++++ b/shared/sepolicy/vendor/file_contexts +@@ -85,6 +85,7 @@ + /vendor/bin/hw/android\.hardware\.input\.classifier@1\.0-service.default u:object_r:hal_input_classifier_default_exec:s0 + /vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.mock u:object_r:hal_thermal_default_exec:s0 + /vendor/bin/hw/android\.hardware\.security\.keymint-service\.remote u:object_r:hal_keymint_remote_exec:s0 ++/vendor/bin/hw/android\.hardware\.security\.keymint-service\.strongbox u:object_r:hal_keymint_strongbox_exec:s0 + /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service.remote u:object_r:hal_keymaster_remote_exec:s0 + /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service.remote u:object_r:hal_gatekeeper_remote_exec:s0 + /vendor/bin/hw/android\.hardware\.confirmationui@1\.0-service.cuttlefish u:object_r:hal_confirmationui_cuttlefish_exec:s0 +diff --git a/shared/sepolicy/vendor/hal_keymint_strongbox.te b/shared/sepolicy/vendor/hal_keymint_strongbox.te +new file mode 100644 +index 000000000..839fd1a6b +--- /dev/null ++++ b/shared/sepolicy/vendor/hal_keymint_strongbox.te +@@ -0,0 +1,14 @@ ++type hal_keymint_strongbox, domain; ++hal_server_domain(hal_keymint_strongbox, hal_keymint) ++ ++type hal_keymint_strongbox_exec, exec_type, vendor_file_type, file_type; ++init_daemon_domain(hal_keymint_strongbox) ++ ++vndbinder_use(hal_keymint_strongbox) ++get_prop(hal_keymint_strongbox, vendor_security_patch_level_prop); ++ ++# Allow access to sockets ++allow hal_keymint_strongbox self:tcp_socket { connect create write read getattr getopt setopt }; ++allow hal_keymint_strongbox port_type:tcp_socket name_connect; ++allow hal_keymint_strongbox port:tcp_socket { name_connect }; ++allow hal_keymint_strongbox vendor_data_file:file { open read getattr }; +diff --git a/shared/sepolicy/vendor/service_contexts b/shared/sepolicy/vendor/service_contexts +index d20d026cf..b8f0155ab 100644 +--- a/shared/sepolicy/vendor/service_contexts ++++ b/shared/sepolicy/vendor/service_contexts +@@ -4,6 +4,9 @@ android.hardware.neuralnetworks.IDevice/nnapi-sample_float_slow u:object_r:hal_n + android.hardware.neuralnetworks.IDevice/nnapi-sample_minimal u:object_r:hal_neuralnetworks_service:s0 + android.hardware.neuralnetworks.IDevice/nnapi-sample_quant u:object_r:hal_neuralnetworks_service:s0 + android.hardware.neuralnetworks.IDevice/nnapi-sample_sl_shim u:object_r:hal_neuralnetworks_service:s0 ++android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0 ++android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0 ++android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_keymint_service:s0 + + # Binder service mappings + gce u:object_r:gce_service:s0 diff --git a/patches/keymint/aosp_integration_patches/hardware_interfaces.patch b/patches/keymint/aosp_integration_patches/hardware_interfaces.patch new file mode 100644 index 00000000..15df3c87 --- /dev/null +++ b/patches/keymint/aosp_integration_patches/hardware_interfaces.patch @@ -0,0 +1,1129 @@ +diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml +index c39db36ae..39cce859b 100644 +--- a/compatibility_matrices/compatibility_matrix.current.xml ++++ b/compatibility_matrices/compatibility_matrix.current.xml +@@ -355,6 +355,7 @@ + + IRemotelyProvisionedComponent + default ++ strongbox + + + +diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +index 64550eff2..061efa87c 100644 +--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp ++++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +@@ -198,7 +198,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { + AttestationKey attest_key; + vector attest_key_characteristics; + vector attest_key_cert_chain; +- ASSERT_EQ(ErrorCode::OK, ++ auto result = + GenerateKey(AuthorizationSetBuilder() + .RsaKey(2048, 65537) + .AttestKey() +@@ -209,7 +209,14 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), + {} /* attestation signing key */, &attest_key.keyBlob, +- &attest_key_characteristics, &attest_key_cert_chain)); ++ &attest_key_characteristics, &attest_key_cert_chain); ++ //Strongbox does not support Factory provisioned attestation key. ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); ++ + + EXPECT_GT(attest_key_cert_chain.size(), 1); + verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false); +@@ -297,7 +304,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { + attest_key_opt = attest_key; + } + +- EXPECT_EQ(ErrorCode::OK, ++ auto result = + GenerateKey(AuthorizationSetBuilder() + .RsaKey(2048, 65537) + .AttestKey() +@@ -308,7 +315,14 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), + attest_key_opt, &key_blob_list[i], &attested_key_characteristics, +- &cert_chain_list[i])); ++ &cert_chain_list[i]); ++ // Strongbox does not support Factory provisioned attestation key. ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); ++ + + AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); + AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); +@@ -369,7 +383,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { + attest_key_opt = attest_key; + } + +- EXPECT_EQ(ErrorCode::OK, ++ auto result = + GenerateKey(AuthorizationSetBuilder() + .EcdsaKey(EcCurve::P_256) + .AttestKey() +@@ -380,7 +394,13 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), + attest_key_opt, &key_blob_list[i], &attested_key_characteristics, +- &cert_chain_list[i])); ++ &cert_chain_list[i]); ++ // Strongbox does not support Factory provisioned attestation key. ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + + AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); + AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); +@@ -420,6 +440,10 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { + * cross sign each other and be chained together. + */ + TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ // Strongbox does not support factory attest keys. ++ GTEST_SKIP() << "Test not applicable to StrongBox device"; ++ } + const int chain_size = 6; + vector> key_blob_list(chain_size); + vector> cert_chain_list(chain_size); +@@ -443,6 +467,7 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { + attest_key_opt = attest_key; + } + ++ + if ((i & 0x1) == 1) { + EXPECT_EQ(ErrorCode::OK, + GenerateKey(AuthorizationSetBuilder() +diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +index 6140df135..b73d325c6 100644 +--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp ++++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +@@ -1156,6 +1156,15 @@ vector KeyMintAidlTestBase::InvalidCurves() { + } + } + ++vector KeyMintAidlTestBase::ValidExponents() { ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ return {65537}; ++ } else { ++ return {3, 65537}; ++ } ++} ++ ++ + vector KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) { + switch (SecLevel()) { + case SecurityLevel::SOFTWARE: +diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +index 7b3b9d4b4..c564d509a 100644 +--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h ++++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +@@ -250,7 +250,9 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { + .SetDefaultValidity(); + tagModifier(&rsaBuilder); + errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics); +- EXPECT_EQ(expectedReturn, errorCode); ++ if (!(SecLevel() == SecurityLevel::STRONGBOX && ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) { ++ EXPECT_EQ(expectedReturn, errorCode); ++ } + + /* ECDSA */ + KeyData ecdsaKeyData; +@@ -262,7 +264,10 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { + .SetDefaultValidity(); + tagModifier(&ecdsaBuilder); + errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics); +- EXPECT_EQ(expectedReturn, errorCode); ++ if (!(SecLevel() == SecurityLevel::STRONGBOX && ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) { ++ EXPECT_EQ(expectedReturn, errorCode); ++ } ++ + return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}; + } + bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; } +@@ -279,6 +284,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { + vector InvalidCurves(); + + vector ValidDigests(bool withNone, bool withMD5); ++ vector ValidExponents(); + + static vector build_params() { + auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor); +diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp +index 2a7911cc3..1af544617 100644 +--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp ++++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp +@@ -912,8 +912,8 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { + for (auto key_size : ValidKeySizes(Algorithm::RSA)) { + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() ++ ++ auto result = GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(key_size, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) +@@ -923,8 +923,14 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); + ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + ASSERT_GT(key_blob.size(), 0U); + CheckBaseParams(key_characteristics); + CheckCharacteristics(key_blob, key_characteristics); +@@ -1045,8 +1051,7 @@ TEST_P(NewKeyGenerationTest, RsaEncryptionWithAttestation) { + + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() ++ auto result = GenerateKey(AuthorizationSetBuilder() + .RsaEncryptionKey(key_size, 65537) + .Padding(PaddingMode::NONE) + .AttestationChallenge(challenge) +@@ -1055,8 +1060,14 @@ TEST_P(NewKeyGenerationTest, RsaEncryptionWithAttestation) { + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); + ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + ASSERT_GT(key_blob.size(), 0U); + AuthorizationSet auths; + for (auto& entry : key_characteristics) { +@@ -1157,15 +1168,21 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestationMissAppId) { + vector key_blob; + vector key_characteristics; + +- ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, +- GenerateKey(AuthorizationSetBuilder() ++ auto result = GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(2048, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) + .AttestationChallenge(challenge) + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, result); + } + + /* +@@ -1275,8 +1292,8 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) { + for (auto key_size : ValidKeySizes(Algorithm::RSA)) { + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() ++ ++ auto result = GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(key_size, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) +@@ -1287,7 +1304,14 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) { + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + + ASSERT_GT(key_blob.size(), 0U); + CheckBaseParams(key_characteristics); +@@ -1418,8 +1442,8 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestation) { + for (auto curve : ValidCurves()) { + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() ++ ++ auto result = GenerateKey(AuthorizationSetBuilder() + .Authorization(TAG_NO_AUTH_REQUIRED) + .EcdsaSigningKey(curve) + .Digest(Digest::NONE) +@@ -1428,7 +1452,15 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestation) { + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); ++ + ASSERT_GT(key_blob.size(), 0U); + CheckBaseParams(key_characteristics); + CheckCharacteristics(key_blob, key_characteristics); +@@ -1506,6 +1538,12 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { + // Tag not required to be supported by all KeyMint implementations. + continue; + } ++ ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ continue; ++ } + ASSERT_EQ(result, ErrorCode::OK); + ASSERT_GT(key_blob.size(), 0U); + +@@ -1555,8 +1593,14 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(); + builder.push_back(tag); +- ASSERT_EQ(ErrorCode::CANNOT_ATTEST_IDS, +- GenerateKey(builder, &key_blob, &key_characteristics)); ++ ++ auto result = GenerateKey(builder, &key_blob, &key_characteristics); ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ continue; ++ } ++ ASSERT_EQ(ErrorCode::CANNOT_ATTEST_IDS, result); + } + } + +@@ -1567,6 +1611,10 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { + * attestation extension. + */ + TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ // Strongbox does not support factory attest keys. ++ GTEST_SKIP() << "Test not applicable to StrongBox device"; ++ } + auto challenge = "hello"; + auto app_id = "foo"; + auto subject = "cert subj 2"; +@@ -1634,6 +1682,10 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationIdTags) { + * Verifies that creation of an attested ECDSA key with a UNIQUE_ID included. + */ + TEST_P(NewKeyGenerationTest, EcdsaAttestationUniqueId) { ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ // Strongbox does not support factory attest keys. ++ GTEST_SKIP() << "Test not applicable to StrongBox device"; ++ } + auto get_unique_id = [this](const std::string& app_id, uint64_t datetime, + vector* unique_id, bool reset = false) { + auto challenge = "hello"; +@@ -1756,6 +1808,13 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) { + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), + &key_blob, &key_characteristics); ++ ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ + ASSERT_EQ(result, ErrorCode::OK); + ASSERT_GT(key_blob.size(), 0U); + +@@ -1834,13 +1893,19 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationRequireAppId) { + vector key_blob; + vector key_characteristics; + +- ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, +- GenerateKey(AuthorizationSetBuilder() ++ auto result = GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(EcCurve::P_256) + .Digest(Digest::NONE) + .AttestationChallenge(challenge) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, result); + } + + /* +@@ -1897,14 +1962,21 @@ TEST_P(NewKeyGenerationTest, AttestationApplicationIDLengthProperlyEncoded) { + const string app_id(length, 'a'); + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() ++ auto result = GenerateKey(AuthorizationSetBuilder() + .Authorization(TAG_NO_AUTH_REQUIRED) + .EcdsaSigningKey(EcCurve::P_256) + .Digest(Digest::NONE) + .AttestationChallenge(challenge) + .AttestationApplicationId(app_id) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); ++ + ASSERT_GT(key_blob.size(), 0U); + CheckBaseParams(key_characteristics); + CheckCharacteristics(key_blob, key_characteristics); +@@ -3945,25 +4017,27 @@ typedef KeyMintAidlTestBase EncryptionOperationsTest; + * Verifies that raw RSA decryption works. + */ + TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) { +- for (uint64_t exponent : {3, 65537}) { +- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() +- .Authorization(TAG_NO_AUTH_REQUIRED) +- .RsaEncryptionKey(2048, exponent) +- .Padding(PaddingMode::NONE) +- .SetDefaultValidity())); + +- string message = string(2048 / 8, 'a'); +- auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); +- string ciphertext1 = LocalRsaEncryptMessage(message, params); +- EXPECT_EQ(2048U / 8, ciphertext1.size()); ++ for (uint64_t exponent : ValidExponents()) ++ { ++ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() ++ .Authorization(TAG_NO_AUTH_REQUIRED) ++ .RsaEncryptionKey(2048, exponent) ++ .Padding(PaddingMode::NONE) ++ .SetDefaultValidity())); + +- string ciphertext2 = LocalRsaEncryptMessage(message, params); +- EXPECT_EQ(2048U / 8, ciphertext2.size()); ++ string message = string(2048 / 8, 'a'); ++ auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); ++ string ciphertext1 = LocalRsaEncryptMessage(message, params); ++ EXPECT_EQ(2048U / 8, ciphertext1.size()); + +- // Unpadded RSA is deterministic +- EXPECT_EQ(ciphertext1, ciphertext2); ++ string ciphertext2 = LocalRsaEncryptMessage(message, params); ++ EXPECT_EQ(2048U / 8, ciphertext2.size()); + +- CheckedDeleteKey(); ++ // Unpadded RSA is deterministic ++ EXPECT_EQ(ciphertext1, ciphertext2); ++ ++ CheckedDeleteKey(); + } + } + +@@ -6503,7 +6577,7 @@ TEST_P(ClearOperationsTest, TooManyOperations) { + size_t i; + + for (i = 0; i < max_operations; i++) { +- result = Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params, op_handles[i]); ++ result = Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params, op_handles[i]); + if (ErrorCode::OK != result) { + break; + } +@@ -6511,12 +6585,12 @@ TEST_P(ClearOperationsTest, TooManyOperations) { + EXPECT_EQ(ErrorCode::TOO_MANY_OPERATIONS, result); + // Try again just in case there's a weird overflow bug + EXPECT_EQ(ErrorCode::TOO_MANY_OPERATIONS, +- Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params)); ++ Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params)); + for (size_t j = 0; j < i; j++) { + EXPECT_EQ(ErrorCode::OK, Abort(op_handles[j])) + << "Aboort failed for i = " << j << std::endl; + } +- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params)); ++ EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params)); + AbortIfNeeded(); + } + +@@ -6615,7 +6689,6 @@ TEST_P(KeyAgreementTest, Ecdh) { + OPENSSL_free(p); + + // Generate EC key in KeyMint (only access to public key material) +- vector challenge = {0x41, 0x42}; + EXPECT_EQ( + ErrorCode::OK, + GenerateKey(AuthorizationSetBuilder() +@@ -6624,7 +6697,6 @@ TEST_P(KeyAgreementTest, Ecdh) { + .Authorization(TAG_PURPOSE, KeyPurpose::AGREE_KEY) + .Authorization(TAG_ALGORITHM, Algorithm::EC) + .Authorization(TAG_ATTESTATION_APPLICATION_ID, {0x61, 0x62}) +- .Authorization(TAG_ATTESTATION_CHALLENGE, challenge) + .SetDefaultValidity())) + << "Failed to generate key"; + ASSERT_GT(cert_chain_.size(), 0); +@@ -6704,14 +6776,24 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { + CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK); + + for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ++ ++ if (SecLevel() == SecurityLevel::STRONGBOX && keyData.blob.size() == 0U) { ++ continue; ++ } + ASSERT_GT(keyData.blob.size(), 0U); + AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); + EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; + } + CheckedDeleteKey(&aesKeyData.blob); + CheckedDeleteKey(&hmacKeyData.blob); +- CheckedDeleteKey(&rsaKeyData.blob); +- CheckedDeleteKey(&ecdsaKeyData.blob); ++ ++ if (rsaKeyData.blob.size() != 0U) { ++ CheckedDeleteKey(&rsaKeyData.blob); ++ } ++ if (ecdsaKeyData.blob.size() != 0U) { ++ CheckedDeleteKey(&ecdsaKeyData.blob); ++ } ++ + } + + /* +@@ -6727,14 +6809,21 @@ TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) { + }); + + for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ++ if (SecLevel() == SecurityLevel::STRONGBOX && keyData.blob.size() == 0U) { ++ continue; ++ } + ASSERT_GT(keyData.blob.size(), 0U); + AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); + EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; + } + CheckedDeleteKey(&aesKeyData.blob); + CheckedDeleteKey(&hmacKeyData.blob); +- CheckedDeleteKey(&rsaKeyData.blob); +- CheckedDeleteKey(&ecdsaKeyData.blob); ++ if (rsaKeyData.blob.size() != 0U) { ++ CheckedDeleteKey(&rsaKeyData.blob); ++ } ++ if (ecdsaKeyData.blob.size() != 0U) { ++ CheckedDeleteKey(&ecdsaKeyData.blob); ++ } + } + + /* +diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +index 76fb79b61..6e57d913b 100644 +--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp ++++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +@@ -164,6 +164,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParamgetHardwareInfo(&rpcHardwareInfo).isOk()); + } + + static vector build_params() { +@@ -173,6 +174,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParam provisionable_; ++ RpcHardwareInfo rpcHardwareInfo; + }; + + using GenerateKeyTests = VtsRemotelyProvisionedComponentTests; +@@ -273,11 +275,10 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) { + class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { + protected: + CertificateRequestTest() : eekId_(string_to_bytevec("eekid")), challenge_(randomBytes(32)) { +- generateTestEekChain(3); + } + + void generateTestEekChain(size_t eekLength) { +- auto chain = generateEekChain(eekLength, eekId_); ++ auto chain = generateEekChain(rpcHardwareInfo.supportedEekCurve, eekLength, eekId_); + EXPECT_TRUE(chain) << chain.message(); + if (chain) testEekChain_ = chain.moveValue(); + testEekLength_ = eekLength; +@@ -298,6 +299,17 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { + } + } + ++ ErrMsgOr getSessionKey(ErrMsgOr>& senderPubkey) { ++ if (rpcHardwareInfo.supportedEekCurve == RpcHardwareInfo::CURVE_25519 || ++ rpcHardwareInfo.supportedEekCurve == RpcHardwareInfo::CURVE_NONE) { ++ return x25519_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey, ++ senderPubkey->first, false /* senderIsA */); ++ } else { ++ return ECDH_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey, ++ senderPubkey->first, false /* senderIsA */); ++ } ++ } ++ + void checkProtectedData(const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign, + const bytevec& keysToSignMac, const ProtectedData& protectedData, + std::vector* bccOutput = nullptr) { +@@ -310,9 +322,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { + ASSERT_TRUE(senderPubkey) << senderPubkey.message(); + EXPECT_EQ(senderPubkey->second, eekId_); + +- auto sessionKey = +- x25519_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey, +- senderPubkey->first, false /* senderIsA */); ++ auto sessionKey = getSessionKey(senderPubkey); + ASSERT_TRUE(sessionKey) << sessionKey.message(); + + auto protectedDataPayload = +@@ -322,7 +332,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { + auto [parsedPayload, __, payloadErrMsg] = cppbor::parse(*protectedDataPayload); + ASSERT_TRUE(parsedPayload) << "Failed to parse payload: " << payloadErrMsg; + ASSERT_TRUE(parsedPayload->asArray()); +- EXPECT_EQ(parsedPayload->asArray()->size(), 2U); ++ EXPECT_LE(parsedPayload->asArray()->size(), 3U); + + auto& signedMac = parsedPayload->asArray()->get(0); + auto& bcc = parsedPayload->asArray()->get(1); +@@ -406,6 +416,7 @@ TEST_P(CertificateRequestTest, NewKeyPerCallInTestMode) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; ++ generateTestEekChain(3); + auto status = provisionable_->generateCertificateRequest( + testMode, {} /* keysToSign */, testEekChain_.chain, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); +@@ -445,7 +456,7 @@ TEST_P(CertificateRequestTest, DISABLED_EmptyRequest_prodMode) { + DeviceInfo deviceInfo; + ProtectedData protectedData; + auto status = provisionable_->generateCertificateRequest( +- testMode, {} /* keysToSign */, getProdEekChain(), challenge_, &deviceInfo, ++ testMode, {} /* keysToSign */, getProdEekChain(rpcHardwareInfo.supportedEekCurve), challenge_, &deviceInfo, + &protectedData, &keysToSignMac); + EXPECT_TRUE(status.isOk()); + } +@@ -486,7 +497,7 @@ TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodMode) { + DeviceInfo deviceInfo; + ProtectedData protectedData; + auto status = provisionable_->generateCertificateRequest( +- testMode, keysToSign_, getProdEekChain(), challenge_, &deviceInfo, &protectedData, ++ testMode, keysToSign_, getProdEekChain(rpcHardwareInfo.supportedEekCurve), challenge_, &deviceInfo, &protectedData, + &keysToSignMac); + EXPECT_TRUE(status.isOk()); + } +@@ -502,6 +513,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_testMode) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; ++ generateTestEekChain(3); + auto status = provisionable_->generateCertificateRequest( + testMode, {keyWithCorruptMac}, testEekChain_.chain, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); +@@ -521,7 +533,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_prodMode) { + DeviceInfo deviceInfo; + ProtectedData protectedData; + auto status = provisionable_->generateCertificateRequest( +- testMode, {keyWithCorruptMac}, getProdEekChain(), challenge_, &deviceInfo, ++ testMode, {keyWithCorruptMac}, getProdEekChain(rpcHardwareInfo.supportedEekCurve), challenge_, &deviceInfo, + &protectedData, &keysToSignMac); + ASSERT_FALSE(status.isOk()) << status.getMessage(); + EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_INVALID_MAC); +@@ -535,7 +547,7 @@ TEST_P(CertificateRequestTest, NonEmptyCorruptEekRequest_prodMode) { + bool testMode = false; + generateKeys(testMode, 4 /* numKeys */); + +- auto prodEekChain = getProdEekChain(); ++ auto prodEekChain = getProdEekChain(rpcHardwareInfo.supportedEekCurve); + auto [parsedChain, _, parseErr] = cppbor::parse(prodEekChain); + ASSERT_NE(parsedChain, nullptr) << parseErr; + ASSERT_NE(parsedChain->asArray(), nullptr); +@@ -566,7 +578,7 @@ TEST_P(CertificateRequestTest, NonEmptyIncompleteEekRequest_prodMode) { + + // Build an EEK chain that omits the first self-signed cert. + auto truncatedChain = cppbor::Array(); +- auto [chain, _, parseErr] = cppbor::parse(getProdEekChain()); ++ auto [chain, _, parseErr] = cppbor::parse(getProdEekChain(rpcHardwareInfo.supportedEekCurve)); + ASSERT_TRUE(chain); + auto eekChain = chain->asArray(); + ASSERT_NE(eekChain, nullptr); +@@ -594,6 +606,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_prodKeyInTestCert) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; ++ generateTestEekChain(3); + auto status = provisionable_->generateCertificateRequest( + true /* testMode */, keysToSign_, testEekChain_.chain, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); +@@ -612,6 +625,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_testKeyInProdCert) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; ++ generateTestEekChain(3); + auto status = provisionable_->generateCertificateRequest( + false /* testMode */, keysToSign_, testEekChain_.chain, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); +diff --git a/security/keymint/support/Android.bp b/security/keymint/support/Android.bp +index 36969bbdb..b3552d38b 100644 +--- a/security/keymint/support/Android.bp ++++ b/security/keymint/support/Android.bp +@@ -66,6 +66,7 @@ cc_library { + "libcppcose_rkp", + "libcrypto", + "libjsoncpp", ++ "android.hardware.security.keymint-V1-ndk", + ], + } + +diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h +index 406b7a9b7..4d9ed2b0c 100644 +--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h ++++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h +@@ -52,6 +52,20 @@ inline constexpr uint8_t kCoseEncodedGeekCert[] = { + 0x31, 0xbf, 0x6b, 0xe8, 0x1e, 0x35, 0xe2, 0xf0, 0x2d, 0xce, 0x6c, 0x2f, 0x4f, 0xf2, + 0xf5, 0x4f, 0xa5, 0xd4, 0x83, 0xad, 0x96, 0xa2, 0xf1, 0x87, 0x58, 0x04}; + ++// The Google ECDSA root key for the Endpoint Encryption Key chain, encoded as COSE_Sign1 ++inline constexpr uint8_t kCoseEncodedEcdsaRootCert[] = { ++ 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, ++ 0x21, 0x58, 0x20, 0xf7, 0x14, 0x8a, 0xdb, 0x97, 0xf4, 0xcc, 0x53, 0xef, 0xd2, 0x64, 0x11, ++ 0xc4, 0xe3, 0x75, 0x1f, 0x66, 0x1f, 0xa4, 0x71, 0x0c, 0x6c, 0xcf, 0xfa, 0x09, 0x46, 0x80, ++ 0x74, 0x87, 0x54, 0xf2, 0xad, 0x22, 0x58, 0x20, 0x5e, 0x7f, 0x5b, 0xf6, 0xec, 0xe4, 0xf6, ++ 0x19, 0xcc, 0xff, 0x13, 0x37, 0xfd, 0x0f, 0xa1, 0xc8, 0x93, 0xdb, 0x18, 0x06, 0x76, 0xc4, ++ 0x5d, 0xe6, 0xd7, 0x6a, 0x77, 0x86, 0xc3, 0x2d, 0xaf, 0x8f, 0x58, 0x47, 0x30, 0x45, 0x02, ++ 0x20, 0x2f, 0x97, 0x8e, 0x42, 0xfb, 0xbe, 0x07, 0x2d, 0x95, 0x47, 0x85, 0x47, 0x93, 0x40, ++ 0xb0, 0x1f, 0xd4, 0x9b, 0x47, 0xa4, 0xc4, 0x44, 0xa9, 0xf2, 0xa1, 0x07, 0x87, 0x10, 0xc7, ++ 0x9f, 0xcb, 0x11, 0x02, 0x21, 0x00, 0xf4, 0xbf, 0x9f, 0xe8, 0x3b, 0xe0, 0xe7, 0x34, 0x4c, ++ 0x15, 0xfc, 0x7b, 0xc3, 0x7e, 0x33, 0x05, 0xf4, 0xd1, 0x34, 0x3c, 0xed, 0x02, 0x04, 0x60, ++ 0x7a, 0x15, 0xe0, 0x79, 0xd3, 0x8a, 0xff, 0x24}; ++ + /** + * Generates random bytes. + */ +@@ -67,12 +81,12 @@ struct EekChain { + * Generates an X25518 EEK with the specified eekId and an Ed25519 chain of the + * specified length. All keys are generated randomly. + */ +-ErrMsgOr generateEekChain(size_t length, const bytevec& eekId); ++ErrMsgOr generateEekChain(int32_t supportedEekCurve, size_t length, const bytevec& eekId); + + /** + * Returns the CBOR-encoded, production Google Endpoint Encryption Key chain. + */ +-bytevec getProdEekChain(); ++bytevec getProdEekChain(int32_t supportedEekCurve); + + struct BccEntryData { + bytevec pubKey; +diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp +index 0cbee5104..ae5120f8b 100644 +--- a/security/keymint/support/remote_prov_utils.cpp ++++ b/security/keymint/support/remote_prov_utils.cpp +@@ -17,15 +17,195 @@ + #include + #include + ++#include + #include + #include + #include ++#include ++#include ++#include ++#include + #include ++#include + #include + #include + + namespace aidl::android::hardware::security::keymint::remote_prov { + ++constexpr int kP256AffinePointSize = 32; ++ ++using EC_KEY_Ptr = bssl::UniquePtr; ++using EVP_PKEY_Ptr = bssl::UniquePtr; ++using EVP_PKEY_CTX_Ptr = bssl::UniquePtr; ++ ++ErrMsgOr ecKeyGetPrivateKey(const EC_KEY* ecKey) { ++ // Extract private key. ++ const BIGNUM* bignum = EC_KEY_get0_private_key(ecKey); ++ if (bignum == nullptr) { ++ return "Error getting bignum from private key"; ++ } ++ int size = BN_num_bytes(bignum); ++ // Pad with zeros incase the length is lesser than 32. ++ bytevec privKey(32, 0); ++ BN_bn2bin(bignum, privKey.data() + 32 - size); ++ return privKey; ++} ++ ++ErrMsgOr ecKeyGetPublicKey(const EC_KEY* ecKey) { ++ // Extract public key. ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (group.get() == nullptr) { ++ return "Error creating EC group by curve name"; ++ } ++ const EC_POINT* point = EC_KEY_get0_public_key(ecKey); ++ if (point == nullptr) return "Error getting ecpoint from public key"; ++ ++ int size = EC_POINT_point2oct(group.get(), point, ++ POINT_CONVERSION_UNCOMPRESSED, nullptr, 0, ++ nullptr); ++ if (size == 0) { ++ return "Error generating public key encoding"; ++ } ++ ++ bytevec publicKey; ++ publicKey.resize(size); ++ EC_POINT_point2oct(group.get(), point, ++ POINT_CONVERSION_UNCOMPRESSED, publicKey.data(), ++ publicKey.size(), nullptr); ++ return publicKey; ++} ++ ++ErrMsgOr> getAffineCoordinates( ++ const bytevec& pubKey) { ++ auto group = EC_GROUP_Ptr( ++ EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (group.get() == nullptr) { ++ return "Error creating EC group by curve name"; ++ } ++ auto point = EC_POINT_Ptr(EC_POINT_new(group.get())); ++ if (EC_POINT_oct2point(group.get(), point.get(), pubKey.data(), ++ pubKey.size(), nullptr) != 1) { ++ return "Error decoding publicKey"; ++ } ++ BIGNUM_Ptr x(BN_new()); ++ BIGNUM_Ptr y(BN_new()); ++ BN_CTX_Ptr ctx(BN_CTX_new()); ++ if (!ctx.get()) return "Failed to create BN_CTX instance"; ++ ++ if (!EC_POINT_get_affine_coordinates_GFp(group.get(), point.get(), ++ x.get(), y.get(), ++ ctx.get())) { ++ return "Failed to get affine coordinates from ECPoint"; ++ } ++ bytevec pubX(kP256AffinePointSize); ++ bytevec pubY(kP256AffinePointSize); ++ if (BN_bn2binpad(x.get(), pubX.data(), kP256AffinePointSize) != ++ kP256AffinePointSize) { ++ return "Error in converting absolute value of x cordinate to big-endian"; ++ } ++ if (BN_bn2binpad(y.get(), pubY.data(), kP256AffinePointSize) != ++ kP256AffinePointSize) { ++ return "Error in converting absolute value of y cordinate to big-endian"; ++ } ++ return std::make_tuple(std::move(pubX), std::move(pubY)); ++} ++ ++ErrMsgOr> generateEc256KeyPair() { ++ auto ec_key = EC_KEY_Ptr(EC_KEY_new()); ++ if (ec_key.get() == nullptr) { ++ return "Failed to allocate ec key"; ++ } ++ ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (group.get() == nullptr) { ++ return "Error creating EC group by curve name"; ++ } ++ ++ if (EC_KEY_set_group(ec_key.get(), group.get()) != 1 || ++ EC_KEY_generate_key(ec_key.get()) != 1 || EC_KEY_check_key(ec_key.get()) < 0) { ++ return "Error generating key"; ++ } ++ ++ auto privKey = ecKeyGetPrivateKey(ec_key.get()); ++ if (!privKey) return privKey.moveMessage(); ++ ++ auto pubKey = ecKeyGetPublicKey(ec_key.get()); ++ if (!pubKey) return pubKey.moveMessage(); ++ ++ return std::make_tuple(pubKey.moveValue(), privKey.moveValue()); ++} ++ ++ErrMsgOr> generateX25519KeyPair() { ++ /* Generate X25519 key pair */ ++ bytevec pubKey(X25519_PUBLIC_VALUE_LEN); ++ bytevec privKey(X25519_PRIVATE_KEY_LEN); ++ X25519_keypair(pubKey.data(), privKey.data()); ++ return std::make_tuple(std::move(pubKey), std::move(privKey)); ++} ++ ++ErrMsgOr> generateED25519KeyPair() { ++ /* Generate ED25519 key pair */ ++ bytevec pubKey(ED25519_PUBLIC_KEY_LEN); ++ bytevec privKey(ED25519_PRIVATE_KEY_LEN); ++ ED25519_keypair(pubKey.data(), privKey.data()); ++ return std::make_tuple(std::move(pubKey), std::move(privKey)); ++} ++ ++ErrMsgOr> generateKeyPair( ++ int32_t supportedEekCurve, bool isEek) { ++ ++ switch (supportedEekCurve) { ++ case RpcHardwareInfo::CURVE_NONE: ++ case RpcHardwareInfo::CURVE_25519: ++ if (isEek) { ++ return generateX25519KeyPair(); ++ } ++ return generateED25519KeyPair(); ++ case RpcHardwareInfo::CURVE_P256: ++ return generateEc256KeyPair(); ++ default: ++ return "Unknown EEK Curve."; ++ } ++} ++ ++ErrMsgOr constructCoseKey(int32_t supportedEekCurve, const bytevec& eekId, ++ const bytevec& pubKey) { ++ CoseKeyType keyType; ++ CoseKeyAlgorithm algorithm; ++ CoseKeyCurve curve; ++ bytevec pubX; ++ bytevec pubY; ++ switch (supportedEekCurve) { ++ case RpcHardwareInfo::CURVE_NONE: ++ case RpcHardwareInfo::CURVE_25519: ++ keyType = OCTET_KEY_PAIR; ++ algorithm = (eekId.empty()) ? EDDSA : ECDH_ES_HKDF_256; ++ curve = (eekId.empty()) ? ED25519 : cppcose::X25519; ++ pubX = pubKey; ++ break; ++ case RpcHardwareInfo::CURVE_P256: { ++ keyType = EC2; ++ algorithm = (eekId.empty()) ? ES256 : ECDH_ES_HKDF_256; ++ curve = P256; ++ auto affineCoordinates = getAffineCoordinates(pubKey); ++ if (!affineCoordinates) return affineCoordinates.moveMessage(); ++ std::tie(pubX, pubY) = affineCoordinates.moveValue(); ++ } break; ++ default: ++ return "Unknown EEK Curve."; ++ } ++ cppbor::Map coseKey = cppbor::Map() ++ .add(CoseKey::KEY_TYPE, keyType) ++ .add(CoseKey::ALGORITHM, algorithm) ++ .add(CoseKey::CURVE, curve) ++ .add(CoseKey::PUBKEY_X, pubX); ++ ++ if (!pubY.empty()) coseKey.add(CoseKey::PUBKEY_Y, pubY); ++ if (!eekId.empty()) coseKey.add(CoseKey::KEY_ID, eekId); ++ ++ return coseKey.canonicalize().encode(); ++} ++ + bytevec kTestMacKey(32 /* count */, 0 /* byte value */); + + bytevec randomBytes(size_t numBytes) { +@@ -34,7 +214,17 @@ bytevec randomBytes(size_t numBytes) { + return retval; + } + +-ErrMsgOr generateEekChain(size_t length, const bytevec& eekId) { ++ErrMsgOr constructCoseSign1(int32_t supportedEekCurve, const bytevec& key, ++ const bytevec& payload, const bytevec& aad) { ++ if (supportedEekCurve == RpcHardwareInfo::CURVE_P256) { ++ return constructECDSACoseSign1(key, {} /* protectedParams */, payload, aad); ++ } else { ++ return cppcose::constructCoseSign1(key, payload, aad); ++ } ++} ++ ++ErrMsgOr generateEekChain(int32_t supportedEekCurve, size_t length, ++ const bytevec& eekId) { + if (length < 2) { + return "EEK chain must contain at least 2 certs."; + } +@@ -43,42 +233,31 @@ ErrMsgOr generateEekChain(size_t length, const bytevec& eekId) { + + bytevec prev_priv_key; + for (size_t i = 0; i < length - 1; ++i) { +- bytevec pub_key(ED25519_PUBLIC_KEY_LEN); +- bytevec priv_key(ED25519_PRIVATE_KEY_LEN); +- +- ED25519_keypair(pub_key.data(), priv_key.data()); ++ auto keyPair = generateKeyPair(supportedEekCurve, false); ++ if (!keyPair) keyPair.moveMessage(); ++ auto [pub_key, priv_key] = keyPair.moveValue(); + + // The first signing key is self-signed. + if (prev_priv_key.empty()) prev_priv_key = priv_key; + +- auto coseSign1 = constructCoseSign1(prev_priv_key, +- cppbor::Map() /* payload CoseKey */ +- .add(CoseKey::KEY_TYPE, OCTET_KEY_PAIR) +- .add(CoseKey::ALGORITHM, EDDSA) +- .add(CoseKey::CURVE, ED25519) +- .add(CoseKey::PUBKEY_X, pub_key) +- .canonicalize() +- .encode(), ++ auto coseKey = constructCoseKey(supportedEekCurve, {}, pub_key); ++ if (!coseKey) return coseKey.moveMessage(); ++ ++ auto coseSign1 = constructCoseSign1(supportedEekCurve, prev_priv_key, coseKey.moveValue(), + {} /* AAD */); + if (!coseSign1) return coseSign1.moveMessage(); + eekChain.add(coseSign1.moveValue()); + + prev_priv_key = priv_key; + } ++ auto keyPair = generateKeyPair(supportedEekCurve, true); ++ if (!keyPair) keyPair.moveMessage(); ++ auto [pub_key, priv_key] = keyPair.moveValue(); + +- bytevec pub_key(X25519_PUBLIC_VALUE_LEN); +- bytevec priv_key(X25519_PRIVATE_KEY_LEN); +- X25519_keypair(pub_key.data(), priv_key.data()); ++ auto coseKey = constructCoseKey(supportedEekCurve, eekId, pub_key); ++ if (!coseKey) return coseKey.moveMessage(); + +- auto coseSign1 = constructCoseSign1(prev_priv_key, +- cppbor::Map() /* payload CoseKey */ +- .add(CoseKey::KEY_TYPE, OCTET_KEY_PAIR) +- .add(CoseKey::KEY_ID, eekId) +- .add(CoseKey::ALGORITHM, ECDH_ES_HKDF_256) +- .add(CoseKey::CURVE, cppcose::X25519) +- .add(CoseKey::PUBKEY_X, pub_key) +- .canonicalize() +- .encode(), ++ auto coseSign1 = constructCoseSign1(supportedEekCurve, prev_priv_key, coseKey.moveValue(), + {} /* AAD */); + if (!coseSign1) return coseSign1.moveMessage(); + eekChain.add(coseSign1.moveValue()); +@@ -86,16 +265,15 @@ ErrMsgOr generateEekChain(size_t length, const bytevec& eekId) { + return EekChain{eekChain.encode(), pub_key, priv_key}; + } + +-bytevec getProdEekChain() { +- bytevec prodEek; +- prodEek.reserve(1 + sizeof(kCoseEncodedRootCert) + sizeof(kCoseEncodedGeekCert)); +- +- // In CBOR encoding, 0x82 indicates an array of two items +- prodEek.push_back(0x82); +- prodEek.insert(prodEek.end(), std::begin(kCoseEncodedRootCert), std::end(kCoseEncodedRootCert)); +- prodEek.insert(prodEek.end(), std::begin(kCoseEncodedGeekCert), std::end(kCoseEncodedGeekCert)); +- +- return prodEek; ++bytevec getProdEekChain(int32_t supportedEekCurve) { ++ cppbor::Array chain; ++ if (supportedEekCurve == RpcHardwareInfo::CURVE_P256) { ++ chain.add(cppbor::EncodedItem(bytevec(std::begin(kCoseEncodedEcdsaRootCert), std::end(kCoseEncodedEcdsaRootCert)))); ++ } else { ++ chain.add(cppbor::EncodedItem(bytevec(std::begin(kCoseEncodedRootCert), std::end(kCoseEncodedRootCert)))); ++ chain.add(cppbor::EncodedItem(bytevec(std::begin(kCoseEncodedGeekCert), std::end(kCoseEncodedGeekCert)))); ++ } ++ return chain.encode(); + } + + ErrMsgOr verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1, +@@ -122,7 +300,8 @@ ErrMsgOr verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1, + } + + auto& algorithm = parsedProtParams->asMap()->get(ALGORITHM); +- if (!algorithm || !algorithm->asInt() || algorithm->asInt()->value() != EDDSA) { ++ if (!algorithm || !algorithm->asInt() || (algorithm->asInt()->value() != EDDSA && ++ algorithm->asInt()->value() != ES256)) { + return "Unsupported signature algorithm"; + } + +@@ -136,16 +315,35 @@ ErrMsgOr verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1, + if (!serializedKey || !serializedKey->asBstr()) return "Could not find key entry"; + + bool selfSigned = signingCoseKey.empty(); +- auto key = ++ bytevec key; ++ if (algorithm->asInt()->value() == EDDSA) { ++ auto key = + CoseKey::parseEd25519(selfSigned ? serializedKey->asBstr()->value() : signingCoseKey); +- if (!key) return "Bad signing key: " + key.moveMessage(); ++ if (!key) return "Bad signing key: " + key.moveMessage(); + +- bytevec signatureInput = ++ bytevec signatureInput = + cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); + +- if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), +- key->getBstrValue(CoseKey::PUBKEY_X)->data())) { +- return "Signature verification failed"; ++ if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), ++ key->getBstrValue(CoseKey::PUBKEY_X)->data())) { ++ return "Signature verification failed"; ++ } ++ } else { // P256 ++ auto key = ++ CoseKey::parseP256(selfSigned ? serializedKey->asBstr()->value() : signingCoseKey); ++ if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty() || ++ key->getBstrValue(CoseKey::PUBKEY_Y)->empty()) { ++ return "Bad signing key: " + key.moveMessage(); ++ } ++ auto publicKey = key->getEcPublicKey(); ++ if (!publicKey) return publicKey.moveMessage(); ++ ++ bytevec signatureInput = ++ cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); ++ ++ if (!verifyEcdsaDigest(publicKey.moveValue(), sha256(signatureInput), signature->value())) { ++ return "Signature verification failed"; ++ } + } + + return serializedKey->asBstr()->value(); +diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp +index 8697c5190..0009bf713 100644 +--- a/security/keymint/support/remote_prov_utils_test.cpp ++++ b/security/keymint/support/remote_prov_utils_test.cpp +@@ -14,6 +14,7 @@ + * limitations under the License. + */ + ++#include + #include + #include + #include +@@ -35,13 +36,13 @@ using ::keymaster::validateAndExtractEekPubAndId; + using ::testing::ElementsAreArray; + + TEST(RemoteProvUtilsTest, GenerateEekChainInvalidLength) { +- ASSERT_FALSE(generateEekChain(1, /*eekId=*/{})); ++ ASSERT_FALSE(generateEekChain(CURVE_25519, 1, /*eekId=*/{})); + } + + TEST(RemoteProvUtilsTest, GenerateEekChain) { + bytevec kTestEekId = {'t', 'e', 's', 't', 'I', 'd', 0}; + for (size_t length : {2, 3, 31}) { +- auto get_eek_result = generateEekChain(length, kTestEekId); ++ auto get_eek_result = generateEekChain(CURVE_25519, length, kTestEekId); + ASSERT_TRUE(get_eek_result) << get_eek_result.message(); + + auto& [chain, pubkey, privkey] = *get_eek_result; diff --git a/patches/keymint/aosp_integration_patches/system_keymaster.patch b/patches/keymint/aosp_integration_patches/system_keymaster.patch new file mode 100644 index 00000000..b994b768 --- /dev/null +++ b/patches/keymint/aosp_integration_patches/system_keymaster.patch @@ -0,0 +1,441 @@ +diff --git a/cppcose/cppcose.cpp b/cppcose/cppcose.cpp +index bfe9928..5009bfe 100644 +--- a/cppcose/cppcose.cpp ++++ b/cppcose/cppcose.cpp +@@ -21,10 +21,17 @@ + + #include + #include ++#include + + #include + + namespace cppcose { ++constexpr int kP256AffinePointSize = 32; ++ ++using EVP_PKEY_Ptr = bssl::UniquePtr; ++using EVP_PKEY_CTX_Ptr = bssl::UniquePtr; ++using ECDSA_SIG_Ptr = bssl::UniquePtr; ++using EC_KEY_Ptr = bssl::UniquePtr; + + namespace { + +@@ -51,6 +58,92 @@ ErrMsgOr> aesGcmInitAndProcessAad(const bytevec& + return std::move(ctx); + } + ++ ++ErrMsgOr signEcdsaDigest(const bytevec& key, const bytevec& data) { ++ auto bn = BIGNUM_Ptr(BN_bin2bn(key.data(), key.size(), nullptr)); ++ if (bn.get() == nullptr) { ++ return "Error creating BIGNUM"; ++ } ++ ++ auto ec_key = EC_KEY_Ptr(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (EC_KEY_set_private_key(ec_key.get(), bn.get()) != 1) { ++ return "Error setting private key from BIGNUM"; ++ } ++ ++ ECDSA_SIG* sig = ECDSA_do_sign(data.data(), data.size(), ec_key.get()); ++ if (sig == nullptr) { ++ return "Error signing digest"; ++ } ++ size_t len = i2d_ECDSA_SIG(sig, nullptr); ++ bytevec signature(len); ++ unsigned char* p = (unsigned char*)signature.data(); ++ i2d_ECDSA_SIG(sig, &p); ++ ECDSA_SIG_free(sig); ++ return signature; ++} ++ ++ErrMsgOr ecdh(const bytevec& publicKey, const bytevec& privateKey) { ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ auto point = EC_POINT_Ptr(EC_POINT_new(group.get())); ++ if (EC_POINT_oct2point(group.get(), point.get(), publicKey.data(), publicKey.size(), nullptr) != ++ 1) { ++ return "Error decoding publicKey"; ++ } ++ auto ecKey = EC_KEY_Ptr(EC_KEY_new()); ++ auto pkey = EVP_PKEY_Ptr(EVP_PKEY_new()); ++ if (ecKey.get() == nullptr || pkey.get() == nullptr) { ++ return "Memory allocation failed"; ++ } ++ if (EC_KEY_set_group(ecKey.get(), group.get()) != 1) { ++ return "Error setting group"; ++ } ++ if (EC_KEY_set_public_key(ecKey.get(), point.get()) != 1) { ++ return "Error setting point"; ++ } ++ if (EVP_PKEY_set1_EC_KEY(pkey.get(), ecKey.get()) != 1) { ++ return "Error setting key"; ++ } ++ ++ auto bn = BIGNUM_Ptr(BN_bin2bn(privateKey.data(), privateKey.size(), nullptr)); ++ if (bn.get() == nullptr) { ++ return "Error creating BIGNUM for private key"; ++ } ++ auto privEcKey = EC_KEY_Ptr(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (EC_KEY_set_private_key(privEcKey.get(), bn.get()) != 1) { ++ return "Error setting private key from BIGNUM"; ++ } ++ auto privPkey = EVP_PKEY_Ptr(EVP_PKEY_new()); ++ if (EVP_PKEY_set1_EC_KEY(privPkey.get(), privEcKey.get()) != 1) { ++ return "Error setting private key"; ++ } ++ ++ auto ctx = EVP_PKEY_CTX_Ptr(EVP_PKEY_CTX_new(privPkey.get(), NULL)); ++ if (ctx.get() == nullptr) { ++ return "Error creating context"; ++ } ++ ++ if (EVP_PKEY_derive_init(ctx.get()) != 1) { ++ return "Error initializing context"; ++ } ++ ++ if (EVP_PKEY_derive_set_peer(ctx.get(), pkey.get()) != 1) { ++ return "Error setting peer"; ++ } ++ ++ /* Determine buffer length for shared secret */ ++ size_t secretLen = 0; ++ if (EVP_PKEY_derive(ctx.get(), NULL, &secretLen) != 1) { ++ return "Error determing length of shared secret"; ++ } ++ bytevec sharedSecret; ++ sharedSecret.resize(secretLen); ++ ++ if (EVP_PKEY_derive(ctx.get(), sharedSecret.data(), &secretLen) != 1) { ++ return "Error deriving shared secret"; ++ } ++ return sharedSecret; ++} ++ + } // namespace + + ErrMsgOr generateHmacSha256(const bytevec& key, const bytevec& data) { +@@ -134,6 +227,17 @@ ErrMsgOr verifyAndParseCoseMac0(const cppbor::Item* macIt + return payload->value(); + } + ++ErrMsgOr createECDSACoseSign1Signature(const bytevec& key, const bytevec& protectedParams, ++ const bytevec& payload, const bytevec& aad) { ++ bytevec signatureInput = cppbor::Array() ++ .add("Signature1") // ++ .add(protectedParams) ++ .add(aad) ++ .add(payload) ++ .encode(); ++ return signEcdsaDigest(key, sha256(signatureInput)); ++} ++ + ErrMsgOr createCoseSign1Signature(const bytevec& key, const bytevec& protectedParams, + const bytevec& payload, const bytevec& aad) { + bytevec signatureInput = cppbor::Array() +@@ -152,6 +256,19 @@ ErrMsgOr createCoseSign1Signature(const bytevec& key, const bytevec& pr + return signature; + } + ++ErrMsgOr constructECDSACoseSign1(const bytevec& key, cppbor::Map protectedParams, ++ const bytevec& payload, const bytevec& aad) { ++ bytevec protParms = protectedParams.add(ALGORITHM, ES256).canonicalize().encode(); ++ auto signature = createECDSACoseSign1Signature(key, protParms, payload, aad); ++ if (!signature) return signature.moveMessage(); ++ ++ return cppbor::Array() ++ .add(std::move(protParms)) ++ .add(cppbor::Map() /* unprotected parameters */) ++ .add(std::move(payload)) ++ .add(std::move(*signature)); ++} ++ + ErrMsgOr constructCoseSign1(const bytevec& key, cppbor::Map protectedParams, + const bytevec& payload, const bytevec& aad) { + bytevec protParms = protectedParams.add(ALGORITHM, EDDSA).canonicalize().encode(); +@@ -193,7 +310,8 @@ ErrMsgOr verifyAndParseCoseSign1(const cppbor::Array* coseSign1, + } + + auto& algorithm = parsedProtParams->asMap()->get(ALGORITHM); +- if (!algorithm || !algorithm->asInt() || algorithm->asInt()->value() != EDDSA) { ++ if (!algorithm || !algorithm->asInt() || ++ !(algorithm->asInt()->value() == EDDSA || algorithm->asInt()->value() == ES256)) { + return "Unsupported signature algorithm"; + } + +@@ -203,17 +321,30 @@ ErrMsgOr verifyAndParseCoseSign1(const cppbor::Array* coseSign1, + } + + bool selfSigned = signingCoseKey.empty(); +- auto key = CoseKey::parseEd25519(selfSigned ? payload->value() : signingCoseKey); +- if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty()) { +- return "Bad signing key: " + key.moveMessage(); +- } +- + bytevec signatureInput = + cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); +- +- if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), +- key->getBstrValue(CoseKey::PUBKEY_X)->data())) { +- return "Signature verification failed"; ++ if (algorithm->asInt()->value() == EDDSA) { ++ auto key = CoseKey::parseEd25519(selfSigned ? payload->value() : signingCoseKey); ++ if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty()) { ++ return "Bad signing key: " + key.moveMessage(); ++ } ++ ++ if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), ++ key->getBstrValue(CoseKey::PUBKEY_X)->data())) { ++ return "Signature verification failed"; ++ } ++ } else { // P256 ++ auto key = CoseKey::parseP256(selfSigned ? payload->value() : signingCoseKey); ++ if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty() || ++ key->getBstrValue(CoseKey::PUBKEY_Y)->empty()) { ++ return "Bad signing key: " + key.moveMessage(); ++ } ++ auto publicKey = key->getEcPublicKey(); ++ if (!publicKey) return publicKey.moveMessage(); ++ ++ if (!verifyEcdsaDigest(publicKey.moveValue(), sha256(signatureInput), signature->value())) { ++ return "Signature verification failed"; ++ } + } + + return payload->value(); +@@ -294,28 +425,47 @@ getSenderPubKeyFromCoseEncrypt(const cppbor::Item* coseEncrypt) { + if (!senderCoseKey || !senderCoseKey->asMap()) return "Invalid sender COSE_Key"; + + auto& keyType = senderCoseKey->asMap()->get(CoseKey::KEY_TYPE); +- if (!keyType || !keyType->asInt() || keyType->asInt()->value() != OCTET_KEY_PAIR) { ++ if (!keyType || !keyType->asInt() || (keyType->asInt()->value() != OCTET_KEY_PAIR && ++ keyType->asInt()->value() != EC2)) { + return "Invalid key type"; + } + + auto& curve = senderCoseKey->asMap()->get(CoseKey::CURVE); +- if (!curve || !curve->asInt() || curve->asInt()->value() != X25519) { ++ if (!curve || !curve->asInt() || ++ (keyType->asInt()->value() == OCTET_KEY_PAIR && curve->asInt()->value() != X25519) || ++ (keyType->asInt()->value() == EC2 && curve->asInt()->value() != P256)) { + return "Unsupported curve"; + } + +- auto& pubkey = senderCoseKey->asMap()->get(CoseKey::PUBKEY_X); +- if (!pubkey || !pubkey->asBstr() || +- pubkey->asBstr()->value().size() != X25519_PUBLIC_VALUE_LEN) { +- return "Invalid X25519 public key"; ++ bytevec publicKey; ++ if (keyType->asInt()->value() == EC2) { ++ auto& pubX = senderCoseKey->asMap()->get(CoseKey::PUBKEY_X); ++ if (!pubX || !pubX->asBstr() || pubX->asBstr()->value().size() != kP256AffinePointSize) { ++ return "Invalid EC public key"; ++ } ++ auto& pubY = senderCoseKey->asMap()->get(CoseKey::PUBKEY_Y); ++ if (!pubY || !pubY->asBstr() || pubY->asBstr()->value().size() != kP256AffinePointSize) { ++ return "Invalid EC public key"; ++ } ++ auto key = CoseKey::getEcPublicKey(pubX->asBstr()->value(), pubY->asBstr()->value()); ++ if (!key) return key.moveMessage(); ++ publicKey = key.moveValue(); ++ } else { ++ auto& pubkey = senderCoseKey->asMap()->get(CoseKey::PUBKEY_X); ++ if (!pubkey || !pubkey->asBstr() || ++ pubkey->asBstr()->value().size() != X25519_PUBLIC_VALUE_LEN) { ++ return "Invalid X25519 public key"; ++ } ++ publicKey = pubkey->asBstr()->value(); + } + + auto& key_id = unprotParms->asMap()->get(KEY_ID); + if (key_id && key_id->asBstr()) { +- return std::make_pair(pubkey->asBstr()->value(), key_id->asBstr()->value()); ++ return std::make_pair(publicKey, key_id->asBstr()->value()); + } + + // If no key ID, just return an empty vector. +- return std::make_pair(pubkey->asBstr()->value(), bytevec{}); ++ return std::make_pair(publicKey, bytevec{}); + } + + ErrMsgOr decryptCoseEncrypt(const bytevec& key, const cppbor::Item* coseEncrypt, +@@ -367,6 +517,43 @@ ErrMsgOr decryptCoseEncrypt(const bytevec& key, const cppbor::Item* cos + return aesGcmDecrypt(key, nonce->asBstr()->value(), aad, ciphertext->asBstr()->value()); + } + ++ErrMsgOr ECDH_HKDF_DeriveKey(const bytevec& pubKeyA, const bytevec& privKeyA, ++ const bytevec& pubKeyB, bool senderIsA) { ++ if (privKeyA.empty() || pubKeyA.empty() || pubKeyB.empty()) { ++ return "Missing input key parameters"; ++ } ++ ++ auto rawSharedKey = ecdh(pubKeyB, privKeyA); ++ if (!rawSharedKey) return rawSharedKey.moveMessage(); ++ ++ bytevec kdfContext = cppbor::Array() ++ .add(AES_GCM_256) ++ .add(cppbor::Array() // Sender Info ++ .add(cppbor::Bstr("client")) ++ .add(bytevec{} /* nonce */) ++ .add(senderIsA ? pubKeyA : pubKeyB)) ++ .add(cppbor::Array() // Recipient Info ++ .add(cppbor::Bstr("server")) ++ .add(bytevec{} /* nonce */) ++ .add(senderIsA ? pubKeyB : pubKeyA)) ++ .add(cppbor::Array() // SuppPubInfo ++ .add(kAesGcmKeySizeBits) // output key length ++ .add(bytevec{})) // protected ++ .encode(); ++ ++ bytevec retval(SHA256_DIGEST_LENGTH); ++ bytevec salt{}; ++ if (!HKDF(retval.data(), retval.size(), // ++ EVP_sha256(), // ++ rawSharedKey->data(), rawSharedKey->size(), // ++ salt.data(), salt.size(), // ++ kdfContext.data(), kdfContext.size())) { ++ return "ECDH HKDF failed"; ++ } ++ ++ return retval; ++} ++ + ErrMsgOr x25519_HKDF_DeriveKey(const bytevec& pubKeyA, const bytevec& privKeyA, + const bytevec& pubKeyB, bool senderIsA) { + if (privKeyA.empty() || pubKeyA.empty() || pubKeyB.empty()) { +@@ -460,4 +647,43 @@ ErrMsgOr aesGcmDecrypt(const bytevec& key, const bytevec& nonce, const + return plaintext; + } + ++bytevec sha256(const bytevec& data) { ++ bytevec ret(SHA256_DIGEST_LENGTH); ++ SHA256_CTX ctx; ++ SHA256_Init(&ctx); ++ SHA256_Update(&ctx, data.data(), data.size()); ++ SHA256_Final((unsigned char*)ret.data(), &ctx); ++ return ret; ++} ++ ++bool verifyEcdsaDigest(const bytevec& key, const bytevec& digest, const bytevec& signature) { ++ const unsigned char* p = (unsigned char*)signature.data(); ++ auto sig = ECDSA_SIG_Ptr(d2i_ECDSA_SIG(nullptr, &p, signature.size())); ++ if (sig.get() == nullptr) { ++ return false; ++ } ++ ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ auto point = EC_POINT_Ptr(EC_POINT_new(group.get())); ++ if (EC_POINT_oct2point(group.get(), point.get(), key.data(), key.size(), nullptr) != 1) { ++ return false; ++ } ++ auto ecKey = EC_KEY_Ptr(EC_KEY_new()); ++ if (ecKey.get() == nullptr) { ++ return false; ++ } ++ if (EC_KEY_set_group(ecKey.get(), group.get()) != 1) { ++ return false; ++ } ++ if (EC_KEY_set_public_key(ecKey.get(), point.get()) != 1) { ++ return false; ++ } ++ ++ int rc = ECDSA_do_verify(digest.data(), digest.size(), sig.get(), ecKey.get()); ++ if (rc != 1) { ++ return false; ++ } ++ return true; ++} ++ + } // namespace cppcose +diff --git a/include/keymaster/cppcose/cppcose.h b/include/keymaster/cppcose/cppcose.h +index 0f97388..03251f1 100644 +--- a/include/keymaster/cppcose/cppcose.h ++++ b/include/keymaster/cppcose/cppcose.h +@@ -24,17 +24,25 @@ + + #include + #include +- ++#include ++#include ++#include + #include + #include + #include + #include ++#include + #include + #include + #include + + namespace cppcose { + ++using BIGNUM_Ptr = bssl::UniquePtr; ++using EC_GROUP_Ptr = bssl::UniquePtr; ++using EC_POINT_Ptr = bssl::UniquePtr; ++using BN_CTX_Ptr = bssl::UniquePtr; ++ + template class ErrMsgOr; + using bytevec = std::vector; + using HmacSha256 = std::array; +@@ -203,6 +211,41 @@ class CoseKey { + return key; + } + ++ static ErrMsgOr getEcPublicKey(const bytevec& pubX, const bytevec& pubY) { ++ auto bnX = BIGNUM_Ptr(BN_bin2bn(pubX.data(), pubX.size(), nullptr)); ++ if (bnX.get() == nullptr) { ++ return "Error creating BIGNUM X Coordinate"; ++ } ++ auto bnY = BIGNUM_Ptr(BN_bin2bn(pubY.data(), pubY.size(), nullptr)); ++ if (bnY.get() == nullptr) { ++ return "Error creating BIGNUM Y Coordinate"; ++ } ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ auto point = EC_POINT_Ptr(EC_POINT_new(group.get())); ++ if (!point) return "Failed to create EC_POINT instance"; ++ BN_CTX_Ptr ctx(BN_CTX_new()); ++ if (!ctx.get()) return "Failed to create BN_CTX instance"; ++ if (!EC_POINT_set_affine_coordinates_GFp(group.get(), point.get(), bnX.get(), bnY.get(), ++ ctx.get())) { ++ return "Failed to set affine coordinates."; ++ } ++ int size = EC_POINT_point2oct(group.get(), point.get(), POINT_CONVERSION_UNCOMPRESSED, ++ nullptr, 0, nullptr); ++ if (size == 0) { ++ return "Error generating public key encoding"; ++ } ++ bytevec publicKey(size); ++ EC_POINT_point2oct(group.get(), point.get(), POINT_CONVERSION_UNCOMPRESSED, ++ publicKey.data(), publicKey.size(), nullptr); ++ return publicKey; ++ } ++ ++ ErrMsgOr getEcPublicKey() { ++ auto pubX = getBstrValue(PUBKEY_X).value(); ++ auto pubY = getBstrValue(PUBKEY_Y).value(); ++ return getEcPublicKey(pubX, pubY); ++ } ++ + std::optional getIntValue(Label label) { + const auto& value = key_->get(label); + if (!value || !value->asInt()) return {}; +@@ -252,6 +295,8 @@ ErrMsgOr constructCoseSign1(const bytevec& key, const bytevec& pa + const bytevec& aad); + ErrMsgOr constructCoseSign1(const bytevec& key, cppbor::Map extraProtectedFields, + const bytevec& payload, const bytevec& aad); ++ErrMsgOr constructECDSACoseSign1(const bytevec& key, cppbor::Map extraProtectedFields, ++ const bytevec& payload, const bytevec& aad); + /** + * Verify and parse a COSE_Sign1 message, returning the payload. + * +@@ -282,7 +327,10 @@ decryptCoseEncrypt(const bytevec& key, const cppbor::Item* encryptItem, const by + + ErrMsgOr x25519_HKDF_DeriveKey(const bytevec& senderPubKey, const bytevec& senderPrivKey, + const bytevec& recipientPubKey, bool senderIsA); +- ++ErrMsgOr ECDH_HKDF_DeriveKey(const bytevec& pubKeyA, const bytevec& privKeyA, ++ const bytevec& pubKeyB, bool senderIsA); ++bool verifyEcdsaDigest(const bytevec& key, const bytevec& digest, const bytevec& signature); ++bytevec sha256(const bytevec& data); + ErrMsgOr aesGcmEncrypt(const bytevec& key, const bytevec& nonce, + const bytevec& aad, + const bytevec& plaintext); diff --git a/patches/keymint/aosp_integration_patches/system_sepolicy.patch b/patches/keymint/aosp_integration_patches/system_sepolicy.patch new file mode 100644 index 00000000..3e0ce8d5 --- /dev/null +++ b/patches/keymint/aosp_integration_patches/system_sepolicy.patch @@ -0,0 +1,20 @@ +diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te +index e77ea9df0..74f799681 100644 +--- a/public/hal_neverallows.te ++++ b/public/hal_neverallows.te +@@ -2,6 +2,7 @@ + # network capabilities + neverallow { + halserverdomain ++ -hal_keymint_server + -hal_bluetooth_server + -hal_can_controller_server + -hal_wifi_server +@@ -37,6 +38,7 @@ neverallow { + + neverallow { + halserverdomain ++ -hal_keymint_server + -hal_automotive_socket_exemption + -hal_can_controller_server + -hal_tetheroffload_server diff --git a/patches/keymint/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch b/patches/keymint/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch new file mode 100644 index 00000000..b0fca48f --- /dev/null +++ b/patches/keymint/aosp_integration_patches_aosp_12_r15/device_google_cuttlefish.patch @@ -0,0 +1,62 @@ +diff --git a/shared/device.mk b/shared/device.mk +index 8647d0175..d1955772f 100644 +--- a/shared/device.mk ++++ b/shared/device.mk +@@ -538,6 +538,10 @@ endif + PRODUCT_PACKAGES += \ + $(LOCAL_KEYMINT_PRODUCT_PACKAGE) + ++PRODUCT_PACKAGES += \ ++ android.hardware.security.keymint-service.strongbox ++ ++ + # Keymint configuration + PRODUCT_COPY_FILES += \ + frameworks/native/data/etc/android.software.device_id_attestation.xml:$(TARGET_COPY_OUT_VENDOR)/etc/permissions/android.software.device_id_attestation.xml +diff --git a/shared/sepolicy/vendor/file_contexts b/shared/sepolicy/vendor/file_contexts +index 20538a50f..2b74242f7 100644 +--- a/shared/sepolicy/vendor/file_contexts ++++ b/shared/sepolicy/vendor/file_contexts +@@ -87,6 +87,7 @@ + /vendor/bin/hw/android\.hardware\.input\.classifier@1\.0-service.default u:object_r:hal_input_classifier_default_exec:s0 + /vendor/bin/hw/android\.hardware\.thermal@2\.0-service\.mock u:object_r:hal_thermal_default_exec:s0 + /vendor/bin/hw/android\.hardware\.security\.keymint-service\.remote u:object_r:hal_keymint_remote_exec:s0 ++/vendor/bin/hw/android\.hardware\.security\.keymint-service\.strongbox u:object_r:hal_keymint_strongbox_exec:s0 + /vendor/bin/hw/android\.hardware\.keymaster@4\.1-service.remote u:object_r:hal_keymaster_remote_exec:s0 + /vendor/bin/hw/android\.hardware\.gatekeeper@1\.0-service.remote u:object_r:hal_gatekeeper_remote_exec:s0 + /vendor/bin/hw/android\.hardware\.oemlock-service.example u:object_r:hal_oemlock_default_exec:s0 +diff --git a/shared/sepolicy/vendor/hal_keymint_strongbox.te b/shared/sepolicy/vendor/hal_keymint_strongbox.te +new file mode 100644 +index 000000000..09d0da267 +--- /dev/null ++++ b/shared/sepolicy/vendor/hal_keymint_strongbox.te +@@ -0,0 +1,15 @@ ++type hal_keymint_strongbox, domain; ++hal_server_domain(hal_keymint_strongbox, hal_keymint) ++ ++type hal_keymint_strongbox_exec, exec_type, vendor_file_type, file_type; ++init_daemon_domain(hal_keymint_strongbox) ++ ++vndbinder_use(hal_keymint_strongbox) ++get_prop(hal_keymint_strongbox, vendor_security_patch_level_prop); ++ ++# Allow access to sockets ++allow hal_keymint_strongbox self:tcp_socket { connect create write read getattr getopt setopt }; ++allow hal_keymint_strongbox port_type:tcp_socket name_connect; ++allow hal_keymint_strongbox port:tcp_socket { name_connect }; ++allow hal_keymint_strongbox vendor_data_file:file { open read getattr }; ++ +diff --git a/shared/sepolicy/vendor/service_contexts b/shared/sepolicy/vendor/service_contexts +index d20d026cf..b8f0155ab 100644 +--- a/shared/sepolicy/vendor/service_contexts ++++ b/shared/sepolicy/vendor/service_contexts +@@ -4,6 +4,9 @@ android.hardware.neuralnetworks.IDevice/nnapi-sample_float_slow u:object_r:hal_n + android.hardware.neuralnetworks.IDevice/nnapi-sample_minimal u:object_r:hal_neuralnetworks_service:s0 + android.hardware.neuralnetworks.IDevice/nnapi-sample_quant u:object_r:hal_neuralnetworks_service:s0 + android.hardware.neuralnetworks.IDevice/nnapi-sample_sl_shim u:object_r:hal_neuralnetworks_service:s0 ++android.hardware.security.keymint.IKeyMintDevice/strongbox u:object_r:hal_keymint_service:s0 ++android.hardware.security.sharedsecret.ISharedSecret/strongbox u:object_r:hal_sharedsecret_service:s0 ++android.hardware.security.keymint.IRemotelyProvisionedComponent/strongbox u:object_r:hal_keymint_service:s0 + + # Binder service mappings + gce u:object_r:gce_service:s0 diff --git a/patches/keymint/aosp_integration_patches_aosp_12_r15/hardware_interfaces.patch b/patches/keymint/aosp_integration_patches_aosp_12_r15/hardware_interfaces.patch new file mode 100644 index 00000000..bf456260 --- /dev/null +++ b/patches/keymint/aosp_integration_patches_aosp_12_r15/hardware_interfaces.patch @@ -0,0 +1,1213 @@ +diff --git a/compatibility_matrices/compatibility_matrix.6.xml b/compatibility_matrices/compatibility_matrix.6.xml +index aee2c5164..1391bbf54 100644 +--- a/compatibility_matrices/compatibility_matrix.6.xml ++++ b/compatibility_matrices/compatibility_matrix.6.xml +@@ -349,6 +349,13 @@ + default + + ++ ++ android.hardware.security.keymint ++ ++ IRemotelyProvisionedComponent ++ strongbox ++ ++ + + android.hardware.light + 1 +diff --git a/compatibility_matrices/compatibility_matrix.current.xml b/compatibility_matrices/compatibility_matrix.current.xml +index 8b6e8414d..4955db7d7 100644 +--- a/compatibility_matrices/compatibility_matrix.current.xml ++++ b/compatibility_matrices/compatibility_matrix.current.xml +@@ -66,7 +66,7 @@ + + IEvsEnumerator + default +- [a-z]+/[0-9]+ ++ [a-z]/[0-9] + + + +@@ -168,7 +168,7 @@ + 2.4-7 + + ICameraProvider +- [^/]+/[0-9]+ ++ [^/]/[0-9] + + + +@@ -349,6 +349,13 @@ + default + + ++ ++ android.hardware.security.keymint ++ ++ IRemotelyProvisionedComponent ++ strongbox ++ ++ + + android.hardware.light + 1 +@@ -511,6 +518,15 @@ + strongbox + + ++ ++ android.hardware.security.sharedsecret ++ 1 ++ ++ ISharedSecret ++ strongbox ++ ++ ++ + + android.hardware.sensors + 1.0 +diff --git a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +index 26ed34427..2d5bc9575 100644 +--- a/security/keymint/aidl/vts/functional/AttestKeyTest.cpp ++++ b/security/keymint/aidl/vts/functional/AttestKeyTest.cpp +@@ -198,7 +198,7 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { + AttestationKey attest_key; + vector attest_key_characteristics; + vector attest_key_cert_chain; +- ASSERT_EQ(ErrorCode::OK, ++ auto result = + GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(2048, 65537) + .AttestKey() +@@ -209,7 +209,13 @@ TEST_P(AttestKeyTest, RsaAttestedAttestKeys) { + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), + {} /* attestation signing key */, &attest_key.keyBlob, +- &attest_key_characteristics, &attest_key_cert_chain)); ++ &attest_key_characteristics, &attest_key_cert_chain); ++ //Strongbox does not support Factory provisioned attestation key. ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + + EXPECT_GT(attest_key_cert_chain.size(), 1); + verify_subject_and_serial(attest_key_cert_chain[0], serial_int, subject, false); +@@ -297,7 +303,7 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { + attest_key_opt = attest_key; + } + +- EXPECT_EQ(ErrorCode::OK, ++ auto result = + GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(2048, 65537) + .AttestKey() +@@ -308,8 +314,13 @@ TEST_P(AttestKeyTest, RsaAttestKeyChaining) { + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), + attest_key_opt, &key_blob_list[i], &attested_key_characteristics, +- &cert_chain_list[i])); +- ++ &cert_chain_list[i]); ++ // Strongbox does not support Factory provisioned attestation key. ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); + AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); + ASSERT_GT(cert_chain_list[i].size(), 0); +@@ -369,7 +380,7 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { + attest_key_opt = attest_key; + } + +- EXPECT_EQ(ErrorCode::OK, ++ auto result = + GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(EcCurve::P_256) + .AttestKey() +@@ -380,8 +391,13 @@ TEST_P(AttestKeyTest, EcAttestKeyChaining) { + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), + attest_key_opt, &key_blob_list[i], &attested_key_characteristics, +- &cert_chain_list[i])); +- ++ &cert_chain_list[i]); ++ // Strongbox does not support Factory provisioned attestation key. ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); + AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); + ASSERT_GT(cert_chain_list[i].size(), 0); +@@ -442,35 +458,40 @@ TEST_P(AttestKeyTest, AlternateAttestKeyChaining) { + attest_key.keyBlob = key_blob_list[i - 1]; + attest_key_opt = attest_key; + } +- ++ ErrorCode result; + if ((i & 0x1) == 1) { +- EXPECT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() +- .EcdsaSigningKey(EcCurve::P_256) +- .AttestKey() +- .AttestationChallenge("foo") +- .AttestationApplicationId("bar") +- .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) +- .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) +- .Authorization(TAG_NO_AUTH_REQUIRED) +- .SetDefaultValidity(), +- attest_key_opt, &key_blob_list[i], &attested_key_characteristics, +- &cert_chain_list[i])); ++ result = ++ GenerateKey(AuthorizationSetBuilder() ++ .EcdsaSigningKey(EcCurve::P_256) ++ .AttestKey() ++ .AttestationChallenge("foo") ++ .AttestationApplicationId("bar") ++ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) ++ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) ++ .Authorization(TAG_NO_AUTH_REQUIRED) ++ .SetDefaultValidity(), ++ attest_key_opt, &key_blob_list[i], &attested_key_characteristics, ++ &cert_chain_list[i]); + } else { +- EXPECT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() +- .RsaSigningKey(2048, 65537) +- .AttestKey() +- .AttestationChallenge("foo") +- .AttestationApplicationId("bar") +- .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) +- .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) +- .Authorization(TAG_NO_AUTH_REQUIRED) +- .SetDefaultValidity(), +- attest_key_opt, &key_blob_list[i], &attested_key_characteristics, +- &cert_chain_list[i])); ++ result = ++ GenerateKey(AuthorizationSetBuilder() ++ .RsaSigningKey(2048, 65537) ++ .AttestKey() ++ .AttestationChallenge("foo") ++ .AttestationApplicationId("bar") ++ .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) ++ .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) ++ .Authorization(TAG_NO_AUTH_REQUIRED) ++ .SetDefaultValidity(), ++ attest_key_opt, &key_blob_list[i], &attested_key_characteristics, ++ &cert_chain_list[i]); + } +- ++ // Strongbox does not support Factory provisioned attestation key. ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + AuthorizationSet hw_enforced = HwEnforcedAuthorizations(attested_key_characteristics); + AuthorizationSet sw_enforced = SwEnforcedAuthorizations(attested_key_characteristics); + ASSERT_GT(cert_chain_list[i].size(), 0); +diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +index 20324117b..741bcf8f6 100644 +--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp ++++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.cpp +@@ -1145,6 +1145,15 @@ vector KeyMintAidlTestBase::InvalidCurves() { + } + } + ++vector KeyMintAidlTestBase::ValidExponents() { ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ return {65537}; ++ } else { ++ return {3, 65537}; ++ } ++} ++ ++ + vector KeyMintAidlTestBase::ValidDigests(bool withNone, bool withMD5) { + switch (SecLevel()) { + case SecurityLevel::SOFTWARE: +diff --git a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +index ec3fcf6a3..0561a9b94 100644 +--- a/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h ++++ b/security/keymint/aidl/vts/functional/KeyMintAidlTestBase.h +@@ -250,7 +250,9 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { + .SetDefaultValidity(); + tagModifier(&rsaBuilder); + errorCode = GenerateKey(rsaBuilder, &rsaKeyData.blob, &rsaKeyData.characteristics); +- EXPECT_EQ(expectedReturn, errorCode); ++ if (!(SecLevel() == SecurityLevel::STRONGBOX && ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) { ++ EXPECT_EQ(expectedReturn, errorCode); ++ } + + /* ECDSA */ + KeyData ecdsaKeyData; +@@ -262,7 +264,10 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { + .SetDefaultValidity(); + tagModifier(&ecdsaBuilder); + errorCode = GenerateKey(ecdsaBuilder, &ecdsaKeyData.blob, &ecdsaKeyData.characteristics); +- EXPECT_EQ(expectedReturn, errorCode); ++ if (!(SecLevel() == SecurityLevel::STRONGBOX && ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED == errorCode)) { ++ EXPECT_EQ(expectedReturn, errorCode); ++ } ++ + return {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}; + } + bool IsSecure() const { return securityLevel_ != SecurityLevel::SOFTWARE; } +@@ -279,6 +284,7 @@ class KeyMintAidlTestBase : public ::testing::TestWithParam { + vector InvalidCurves(); + + vector ValidDigests(bool withNone, bool withMD5); ++ vector ValidExponents(); + + static vector build_params() { + auto params = ::android::getAidlHalInstanceNames(IKeyMintDevice::descriptor); +diff --git a/security/keymint/aidl/vts/functional/KeyMintTest.cpp b/security/keymint/aidl/vts/functional/KeyMintTest.cpp +index 5a87b8385..d30f9dae9 100644 +--- a/security/keymint/aidl/vts/functional/KeyMintTest.cpp ++++ b/security/keymint/aidl/vts/functional/KeyMintTest.cpp +@@ -902,8 +902,8 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { + for (auto key_size : ValidKeySizes(Algorithm::RSA)) { + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() ++ ++ auto result = GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(key_size, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) +@@ -913,8 +913,14 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestation) { + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); + ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + ASSERT_GT(key_blob.size(), 0U); + CheckBaseParams(key_characteristics); + CheckCharacteristics(key_blob, key_characteristics); +@@ -1031,8 +1037,7 @@ TEST_P(NewKeyGenerationTest, RsaEncryptionWithAttestation) { + + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() ++ auto result = GenerateKey(AuthorizationSetBuilder() + .RsaEncryptionKey(key_size, 65537) + .Padding(PaddingMode::NONE) + .AttestationChallenge(challenge) +@@ -1041,8 +1046,14 @@ TEST_P(NewKeyGenerationTest, RsaEncryptionWithAttestation) { + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); + ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + ASSERT_GT(key_blob.size(), 0U); + AuthorizationSet auths; + for (auto& entry : key_characteristics) { +@@ -1143,15 +1154,21 @@ TEST_P(NewKeyGenerationTest, RsaWithAttestationMissAppId) { + vector key_blob; + vector key_characteristics; + +- ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, +- GenerateKey(AuthorizationSetBuilder() ++ auto result = GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(2048, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) + .AttestationChallenge(challenge) + .Authorization(TAG_NO_AUTH_REQUIRED) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, result); + } + + /* +@@ -1261,8 +1278,8 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) { + for (auto key_size : ValidKeySizes(Algorithm::RSA)) { + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() ++ ++ auto result = GenerateKey(AuthorizationSetBuilder() + .RsaSigningKey(key_size, 65537) + .Digest(Digest::NONE) + .Padding(PaddingMode::NONE) +@@ -1273,7 +1290,14 @@ TEST_P(NewKeyGenerationTest, LimitedUsageRsaWithAttestation) { + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); + + ASSERT_GT(key_blob.size(), 0U); + CheckBaseParams(key_characteristics); +@@ -1404,8 +1428,8 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestation) { + for (auto curve : ValidCurves()) { + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, +- GenerateKey(AuthorizationSetBuilder() ++ ++ auto result = GenerateKey(AuthorizationSetBuilder() + .Authorization(TAG_NO_AUTH_REQUIRED) + .EcdsaSigningKey(curve) + .Digest(Digest::NONE) +@@ -1414,7 +1438,15 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestation) { + .Authorization(TAG_CERTIFICATE_SERIAL, serial_blob) + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); ++ + ASSERT_GT(key_blob.size(), 0U); + CheckBaseParams(key_characteristics); + CheckCharacteristics(key_blob, key_characteristics); +@@ -1491,6 +1523,12 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { + // Tag not required to be supported by all KeyMint implementations. + continue; + } ++ ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ continue; ++ } + ASSERT_EQ(result, ErrorCode::OK); + ASSERT_GT(key_blob.size(), 0U); + +@@ -1540,8 +1578,14 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTags) { + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(); + builder.push_back(tag); +- ASSERT_EQ(ErrorCode::CANNOT_ATTEST_IDS, +- GenerateKey(builder, &key_blob, &key_characteristics)); ++ ++ auto result = GenerateKey(builder, &key_blob, &key_characteristics); ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ continue; ++ } ++ ASSERT_EQ(ErrorCode::CANNOT_ATTEST_IDS, result); + } + } + +@@ -1577,6 +1621,13 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationTagNoApplicationId) { + .Authorization(TAG_CERTIFICATE_SUBJECT, subject_der) + .SetDefaultValidity(), + &key_blob, &key_characteristics); ++ ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ + ASSERT_EQ(result, ErrorCode::OK); + ASSERT_GT(key_blob.size(), 0U); + +@@ -1655,13 +1706,19 @@ TEST_P(NewKeyGenerationTest, EcdsaAttestationRequireAppId) { + vector key_blob; + vector key_characteristics; + +- ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, +- GenerateKey(AuthorizationSetBuilder() ++ auto result = GenerateKey(AuthorizationSetBuilder() + .EcdsaSigningKey(EcCurve::P_256) + .Digest(Digest::NONE) + .AttestationChallenge(challenge) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ ++ // Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::ATTESTATION_APPLICATION_ID_MISSING, result); + } + + /* +@@ -1718,14 +1775,21 @@ TEST_P(NewKeyGenerationTest, AttestationApplicationIDLengthProperlyEncoded) { + const string app_id(length, 'a'); + vector key_blob; + vector key_characteristics; +- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() ++ auto result = GenerateKey(AuthorizationSetBuilder() + .Authorization(TAG_NO_AUTH_REQUIRED) + .EcdsaSigningKey(EcCurve::P_256) + .Digest(Digest::NONE) + .AttestationChallenge(challenge) + .AttestationApplicationId(app_id) + .SetDefaultValidity(), +- &key_blob, &key_characteristics)); ++ &key_blob, &key_characteristics); ++ //Strongbox does not support Factory provisioned attestation key ++ if (SecLevel() == SecurityLevel::STRONGBOX) { ++ ASSERT_EQ(ErrorCode::ATTESTATION_KEYS_NOT_PROVISIONED, result); ++ return; ++ } ++ ASSERT_EQ(ErrorCode::OK, result); ++ + ASSERT_GT(key_blob.size(), 0U); + CheckBaseParams(key_characteristics); + CheckCharacteristics(key_blob, key_characteristics); +@@ -3755,25 +3819,27 @@ typedef KeyMintAidlTestBase EncryptionOperationsTest; + * Verifies that raw RSA decryption works. + */ + TEST_P(EncryptionOperationsTest, RsaNoPaddingSuccess) { +- for (uint64_t exponent : {3, 65537}) { +- ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() +- .Authorization(TAG_NO_AUTH_REQUIRED) +- .RsaEncryptionKey(2048, exponent) +- .Padding(PaddingMode::NONE) +- .SetDefaultValidity())); + +- string message = string(2048 / 8, 'a'); +- auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); +- string ciphertext1 = LocalRsaEncryptMessage(message, params); +- EXPECT_EQ(2048U / 8, ciphertext1.size()); ++ for (uint64_t exponent : ValidExponents()) ++ { ++ ASSERT_EQ(ErrorCode::OK, GenerateKey(AuthorizationSetBuilder() ++ .Authorization(TAG_NO_AUTH_REQUIRED) ++ .RsaEncryptionKey(2048, exponent) ++ .Padding(PaddingMode::NONE) ++ .SetDefaultValidity())); + +- string ciphertext2 = LocalRsaEncryptMessage(message, params); +- EXPECT_EQ(2048U / 8, ciphertext2.size()); ++ string message = string(2048 / 8, 'a'); ++ auto params = AuthorizationSetBuilder().Padding(PaddingMode::NONE); ++ string ciphertext1 = LocalRsaEncryptMessage(message, params); ++ EXPECT_EQ(2048U / 8, ciphertext1.size()); + +- // Unpadded RSA is deterministic +- EXPECT_EQ(ciphertext1, ciphertext2); ++ string ciphertext2 = LocalRsaEncryptMessage(message, params); ++ EXPECT_EQ(2048U / 8, ciphertext2.size()); + +- CheckedDeleteKey(); ++ // Unpadded RSA is deterministic ++ EXPECT_EQ(ciphertext1, ciphertext2); ++ ++ CheckedDeleteKey(); + } + } + +@@ -6255,7 +6321,7 @@ TEST_P(ClearOperationsTest, TooManyOperations) { + size_t i; + + for (i = 0; i < max_operations; i++) { +- result = Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params, op_handles[i]); ++ result = Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params, op_handles[i]); + if (ErrorCode::OK != result) { + break; + } +@@ -6263,12 +6329,12 @@ TEST_P(ClearOperationsTest, TooManyOperations) { + EXPECT_EQ(ErrorCode::TOO_MANY_OPERATIONS, result); + // Try again just in case there's a weird overflow bug + EXPECT_EQ(ErrorCode::TOO_MANY_OPERATIONS, +- Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params)); ++ Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params)); + for (size_t j = 0; j < i; j++) { + EXPECT_EQ(ErrorCode::OK, Abort(op_handles[j])) + << "Aboort failed for i = " << j << std::endl; + } +- EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::ENCRYPT, key_blob_, params, &out_params)); ++ EXPECT_EQ(ErrorCode::OK, Begin(KeyPurpose::DECRYPT, key_blob_, params, &out_params)); + AbortIfNeeded(); + } + +@@ -6367,7 +6433,6 @@ TEST_P(KeyAgreementTest, Ecdh) { + OPENSSL_free(p); + + // Generate EC key in KeyMint (only access to public key material) +- vector challenge = {0x41, 0x42}; + EXPECT_EQ( + ErrorCode::OK, + GenerateKey(AuthorizationSetBuilder() +@@ -6376,7 +6441,6 @@ TEST_P(KeyAgreementTest, Ecdh) { + .Authorization(TAG_PURPOSE, KeyPurpose::AGREE_KEY) + .Authorization(TAG_ALGORITHM, Algorithm::EC) + .Authorization(TAG_ATTESTATION_APPLICATION_ID, {0x61, 0x62}) +- .Authorization(TAG_ATTESTATION_CHALLENGE, challenge) + .SetDefaultValidity())) + << "Failed to generate key"; + ASSERT_GT(cert_chain_.size(), 0); +@@ -6456,14 +6520,24 @@ TEST_P(EarlyBootKeyTest, CreateEarlyBootKeys) { + CreateTestKeys(TAG_EARLY_BOOT_ONLY, ErrorCode::OK); + + for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ++ ++ if (SecLevel() == SecurityLevel::STRONGBOX && keyData.blob.size() == 0U) { ++ continue; ++ } + ASSERT_GT(keyData.blob.size(), 0U); + AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); + EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; + } + CheckedDeleteKey(&aesKeyData.blob); + CheckedDeleteKey(&hmacKeyData.blob); +- CheckedDeleteKey(&rsaKeyData.blob); +- CheckedDeleteKey(&ecdsaKeyData.blob); ++ ++ if (rsaKeyData.blob.size() != 0U) { ++ CheckedDeleteKey(&rsaKeyData.blob); ++ } ++ if (ecdsaKeyData.blob.size() != 0U) { ++ CheckedDeleteKey(&ecdsaKeyData.blob); ++ } ++ + } + + /* +@@ -6479,14 +6553,21 @@ TEST_P(EarlyBootKeyTest, CreateAttestedEarlyBootKey) { + }); + + for (const auto& keyData : {aesKeyData, hmacKeyData, rsaKeyData, ecdsaKeyData}) { ++ if (SecLevel() == SecurityLevel::STRONGBOX && keyData.blob.size() == 0U) { ++ continue; ++ } + ASSERT_GT(keyData.blob.size(), 0U); + AuthorizationSet crypto_params = SecLevelAuthorizations(keyData.characteristics); + EXPECT_TRUE(crypto_params.Contains(TAG_EARLY_BOOT_ONLY)) << crypto_params; + } + CheckedDeleteKey(&aesKeyData.blob); + CheckedDeleteKey(&hmacKeyData.blob); +- CheckedDeleteKey(&rsaKeyData.blob); +- CheckedDeleteKey(&ecdsaKeyData.blob); ++ if (rsaKeyData.blob.size() != 0U) { ++ CheckedDeleteKey(&rsaKeyData.blob); ++ } ++ if (ecdsaKeyData.blob.size() != 0U) { ++ CheckedDeleteKey(&ecdsaKeyData.blob); ++ } + } + + /* +diff --git a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +index 38f358686..74e44c7b4 100644 +--- a/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp ++++ b/security/keymint/aidl/vts/functional/VtsRemotelyProvisionedComponentTests.cpp +@@ -164,6 +164,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParamgetHardwareInfo(&rpcHardwareInfo).isOk()); + } + + static vector build_params() { +@@ -173,6 +174,7 @@ class VtsRemotelyProvisionedComponentTests : public testing::TestWithParam provisionable_; ++ RpcHardwareInfo rpcHardwareInfo; + }; + + using GenerateKeyTests = VtsRemotelyProvisionedComponentTests; +@@ -273,11 +275,10 @@ TEST_P(GenerateKeyTests, generateEcdsaP256Key_testMode) { + class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { + protected: + CertificateRequestTest() : eekId_(string_to_bytevec("eekid")), challenge_(randomBytes(32)) { +- generateTestEekChain(3); + } + + void generateTestEekChain(size_t eekLength) { +- auto chain = generateEekChain(eekLength, eekId_); ++ auto chain = generateEekChain(rpcHardwareInfo.supportedEekCurve, eekLength, eekId_); + EXPECT_TRUE(chain) << chain.message(); + if (chain) testEekChain_ = chain.moveValue(); + testEekLength_ = eekLength; +@@ -298,6 +299,17 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { + } + } + ++ ErrMsgOr getSessionKey(ErrMsgOr>& senderPubkey) { ++ if (rpcHardwareInfo.supportedEekCurve == RpcHardwareInfo::CURVE_25519 || ++ rpcHardwareInfo.supportedEekCurve == RpcHardwareInfo::CURVE_NONE) { ++ return x25519_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey, ++ senderPubkey->first, false /* senderIsA */); ++ } else { ++ return ECDH_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey, ++ senderPubkey->first, false /* senderIsA */); ++ } ++ } ++ + void checkProtectedData(const DeviceInfo& deviceInfo, const cppbor::Array& keysToSign, + const bytevec& keysToSignMac, const ProtectedData& protectedData, + std::vector* bccOutput = nullptr) { +@@ -310,9 +322,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { + ASSERT_TRUE(senderPubkey) << senderPubkey.message(); + EXPECT_EQ(senderPubkey->second, eekId_); + +- auto sessionKey = +- x25519_HKDF_DeriveKey(testEekChain_.last_pubkey, testEekChain_.last_privkey, +- senderPubkey->first, false /* senderIsA */); ++ auto sessionKey = getSessionKey(senderPubkey); + ASSERT_TRUE(sessionKey) << sessionKey.message(); + + auto protectedDataPayload = +@@ -322,7 +332,7 @@ class CertificateRequestTest : public VtsRemotelyProvisionedComponentTests { + auto [parsedPayload, __, payloadErrMsg] = cppbor::parse(*protectedDataPayload); + ASSERT_TRUE(parsedPayload) << "Failed to parse payload: " << payloadErrMsg; + ASSERT_TRUE(parsedPayload->asArray()); +- EXPECT_EQ(parsedPayload->asArray()->size(), 2U); ++ EXPECT_LE(parsedPayload->asArray()->size(), 3U); + + auto& signedMac = parsedPayload->asArray()->get(0); + auto& bcc = parsedPayload->asArray()->get(1); +@@ -406,6 +416,7 @@ TEST_P(CertificateRequestTest, NewKeyPerCallInTestMode) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; ++ generateTestEekChain(3); + auto status = provisionable_->generateCertificateRequest( + testMode, {} /* keysToSign */, testEekChain_.chain, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); +@@ -445,7 +456,7 @@ TEST_P(CertificateRequestTest, DISABLED_EmptyRequest_prodMode) { + DeviceInfo deviceInfo; + ProtectedData protectedData; + auto status = provisionable_->generateCertificateRequest( +- testMode, {} /* keysToSign */, getProdEekChain(), challenge_, &deviceInfo, ++ testMode, {} /* keysToSign */, getProdEekChain(rpcHardwareInfo.supportedEekCurve), challenge_, &deviceInfo, + &protectedData, &keysToSignMac); + EXPECT_TRUE(status.isOk()); + } +@@ -486,7 +497,7 @@ TEST_P(CertificateRequestTest, DISABLED_NonEmptyRequest_prodMode) { + DeviceInfo deviceInfo; + ProtectedData protectedData; + auto status = provisionable_->generateCertificateRequest( +- testMode, keysToSign_, getProdEekChain(), challenge_, &deviceInfo, &protectedData, ++ testMode, keysToSign_, getProdEekChain(rpcHardwareInfo.supportedEekCurve), challenge_, &deviceInfo, &protectedData, + &keysToSignMac); + EXPECT_TRUE(status.isOk()); + } +@@ -502,6 +513,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_testMode) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; ++ generateTestEekChain(3); + auto status = provisionable_->generateCertificateRequest( + testMode, {keyWithCorruptMac}, testEekChain_.chain, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); +@@ -521,7 +533,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequestCorruptMac_prodMode) { + DeviceInfo deviceInfo; + ProtectedData protectedData; + auto status = provisionable_->generateCertificateRequest( +- testMode, {keyWithCorruptMac}, getProdEekChain(), challenge_, &deviceInfo, ++ testMode, {keyWithCorruptMac}, getProdEekChain(rpcHardwareInfo.supportedEekCurve), challenge_, &deviceInfo, + &protectedData, &keysToSignMac); + ASSERT_FALSE(status.isOk()) << status.getMessage(); + EXPECT_EQ(status.getServiceSpecificError(), BnRemotelyProvisionedComponent::STATUS_INVALID_MAC); +@@ -535,7 +547,7 @@ TEST_P(CertificateRequestTest, NonEmptyCorruptEekRequest_prodMode) { + bool testMode = false; + generateKeys(testMode, 4 /* numKeys */); + +- auto prodEekChain = getProdEekChain(); ++ auto prodEekChain = getProdEekChain(rpcHardwareInfo.supportedEekCurve); + auto [parsedChain, _, parseErr] = cppbor::parse(prodEekChain); + ASSERT_NE(parsedChain, nullptr) << parseErr; + ASSERT_NE(parsedChain->asArray(), nullptr); +@@ -566,7 +578,7 @@ TEST_P(CertificateRequestTest, NonEmptyIncompleteEekRequest_prodMode) { + + // Build an EEK chain that omits the first self-signed cert. + auto truncatedChain = cppbor::Array(); +- auto [chain, _, parseErr] = cppbor::parse(getProdEekChain()); ++ auto [chain, _, parseErr] = cppbor::parse(getProdEekChain(rpcHardwareInfo.supportedEekCurve)); + ASSERT_TRUE(chain); + auto eekChain = chain->asArray(); + ASSERT_NE(eekChain, nullptr); +@@ -594,6 +606,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_prodKeyInTestCert) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; ++ generateTestEekChain(3); + auto status = provisionable_->generateCertificateRequest( + true /* testMode */, keysToSign_, testEekChain_.chain, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); +@@ -612,6 +625,7 @@ TEST_P(CertificateRequestTest, NonEmptyRequest_testKeyInProdCert) { + bytevec keysToSignMac; + DeviceInfo deviceInfo; + ProtectedData protectedData; ++ generateTestEekChain(3); + auto status = provisionable_->generateCertificateRequest( + false /* testMode */, keysToSign_, testEekChain_.chain, challenge_, &deviceInfo, + &protectedData, &keysToSignMac); +diff --git a/security/keymint/support/Android.bp b/security/keymint/support/Android.bp +index 9e218b6a3..73fb8c277 100644 +--- a/security/keymint/support/Android.bp ++++ b/security/keymint/support/Android.bp +@@ -62,6 +62,7 @@ cc_library { + "libcppcose_rkp", + "libcrypto", + "libjsoncpp", ++ "android.hardware.security.keymint-V1-ndk_platform", + ], + } + +diff --git a/security/keymint/support/include/remote_prov/remote_prov_utils.h b/security/keymint/support/include/remote_prov/remote_prov_utils.h +index 406b7a9b7..4d9ed2b0c 100644 +--- a/security/keymint/support/include/remote_prov/remote_prov_utils.h ++++ b/security/keymint/support/include/remote_prov/remote_prov_utils.h +@@ -52,6 +52,20 @@ inline constexpr uint8_t kCoseEncodedGeekCert[] = { + 0x31, 0xbf, 0x6b, 0xe8, 0x1e, 0x35, 0xe2, 0xf0, 0x2d, 0xce, 0x6c, 0x2f, 0x4f, 0xf2, + 0xf5, 0x4f, 0xa5, 0xd4, 0x83, 0xad, 0x96, 0xa2, 0xf1, 0x87, 0x58, 0x04}; + ++// The Google ECDSA root key for the Endpoint Encryption Key chain, encoded as COSE_Sign1 ++inline constexpr uint8_t kCoseEncodedEcdsaRootCert[] = { ++ 0x84, 0x43, 0xa1, 0x01, 0x26, 0xa0, 0x58, 0x4d, 0xa5, 0x01, 0x02, 0x03, 0x26, 0x20, 0x01, ++ 0x21, 0x58, 0x20, 0xf7, 0x14, 0x8a, 0xdb, 0x97, 0xf4, 0xcc, 0x53, 0xef, 0xd2, 0x64, 0x11, ++ 0xc4, 0xe3, 0x75, 0x1f, 0x66, 0x1f, 0xa4, 0x71, 0x0c, 0x6c, 0xcf, 0xfa, 0x09, 0x46, 0x80, ++ 0x74, 0x87, 0x54, 0xf2, 0xad, 0x22, 0x58, 0x20, 0x5e, 0x7f, 0x5b, 0xf6, 0xec, 0xe4, 0xf6, ++ 0x19, 0xcc, 0xff, 0x13, 0x37, 0xfd, 0x0f, 0xa1, 0xc8, 0x93, 0xdb, 0x18, 0x06, 0x76, 0xc4, ++ 0x5d, 0xe6, 0xd7, 0x6a, 0x77, 0x86, 0xc3, 0x2d, 0xaf, 0x8f, 0x58, 0x47, 0x30, 0x45, 0x02, ++ 0x20, 0x2f, 0x97, 0x8e, 0x42, 0xfb, 0xbe, 0x07, 0x2d, 0x95, 0x47, 0x85, 0x47, 0x93, 0x40, ++ 0xb0, 0x1f, 0xd4, 0x9b, 0x47, 0xa4, 0xc4, 0x44, 0xa9, 0xf2, 0xa1, 0x07, 0x87, 0x10, 0xc7, ++ 0x9f, 0xcb, 0x11, 0x02, 0x21, 0x00, 0xf4, 0xbf, 0x9f, 0xe8, 0x3b, 0xe0, 0xe7, 0x34, 0x4c, ++ 0x15, 0xfc, 0x7b, 0xc3, 0x7e, 0x33, 0x05, 0xf4, 0xd1, 0x34, 0x3c, 0xed, 0x02, 0x04, 0x60, ++ 0x7a, 0x15, 0xe0, 0x79, 0xd3, 0x8a, 0xff, 0x24}; ++ + /** + * Generates random bytes. + */ +@@ -67,12 +81,12 @@ struct EekChain { + * Generates an X25518 EEK with the specified eekId and an Ed25519 chain of the + * specified length. All keys are generated randomly. + */ +-ErrMsgOr generateEekChain(size_t length, const bytevec& eekId); ++ErrMsgOr generateEekChain(int32_t supportedEekCurve, size_t length, const bytevec& eekId); + + /** + * Returns the CBOR-encoded, production Google Endpoint Encryption Key chain. + */ +-bytevec getProdEekChain(); ++bytevec getProdEekChain(int32_t supportedEekCurve); + + struct BccEntryData { + bytevec pubKey; +diff --git a/security/keymint/support/remote_prov_utils.cpp b/security/keymint/support/remote_prov_utils.cpp +index 0cbee5104..ae5120f8b 100644 +--- a/security/keymint/support/remote_prov_utils.cpp ++++ b/security/keymint/support/remote_prov_utils.cpp +@@ -17,15 +17,195 @@ + #include + #include + ++#include + #include + #include + #include ++#include ++#include ++#include ++#include + #include ++#include + #include + #include + + namespace aidl::android::hardware::security::keymint::remote_prov { + ++constexpr int kP256AffinePointSize = 32; ++ ++using EC_KEY_Ptr = bssl::UniquePtr; ++using EVP_PKEY_Ptr = bssl::UniquePtr; ++using EVP_PKEY_CTX_Ptr = bssl::UniquePtr; ++ ++ErrMsgOr ecKeyGetPrivateKey(const EC_KEY* ecKey) { ++ // Extract private key. ++ const BIGNUM* bignum = EC_KEY_get0_private_key(ecKey); ++ if (bignum == nullptr) { ++ return "Error getting bignum from private key"; ++ } ++ int size = BN_num_bytes(bignum); ++ // Pad with zeros incase the length is lesser than 32. ++ bytevec privKey(32, 0); ++ BN_bn2bin(bignum, privKey.data() + 32 - size); ++ return privKey; ++} ++ ++ErrMsgOr ecKeyGetPublicKey(const EC_KEY* ecKey) { ++ // Extract public key. ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (group.get() == nullptr) { ++ return "Error creating EC group by curve name"; ++ } ++ const EC_POINT* point = EC_KEY_get0_public_key(ecKey); ++ if (point == nullptr) return "Error getting ecpoint from public key"; ++ ++ int size = EC_POINT_point2oct(group.get(), point, ++ POINT_CONVERSION_UNCOMPRESSED, nullptr, 0, ++ nullptr); ++ if (size == 0) { ++ return "Error generating public key encoding"; ++ } ++ ++ bytevec publicKey; ++ publicKey.resize(size); ++ EC_POINT_point2oct(group.get(), point, ++ POINT_CONVERSION_UNCOMPRESSED, publicKey.data(), ++ publicKey.size(), nullptr); ++ return publicKey; ++} ++ ++ErrMsgOr> getAffineCoordinates( ++ const bytevec& pubKey) { ++ auto group = EC_GROUP_Ptr( ++ EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (group.get() == nullptr) { ++ return "Error creating EC group by curve name"; ++ } ++ auto point = EC_POINT_Ptr(EC_POINT_new(group.get())); ++ if (EC_POINT_oct2point(group.get(), point.get(), pubKey.data(), ++ pubKey.size(), nullptr) != 1) { ++ return "Error decoding publicKey"; ++ } ++ BIGNUM_Ptr x(BN_new()); ++ BIGNUM_Ptr y(BN_new()); ++ BN_CTX_Ptr ctx(BN_CTX_new()); ++ if (!ctx.get()) return "Failed to create BN_CTX instance"; ++ ++ if (!EC_POINT_get_affine_coordinates_GFp(group.get(), point.get(), ++ x.get(), y.get(), ++ ctx.get())) { ++ return "Failed to get affine coordinates from ECPoint"; ++ } ++ bytevec pubX(kP256AffinePointSize); ++ bytevec pubY(kP256AffinePointSize); ++ if (BN_bn2binpad(x.get(), pubX.data(), kP256AffinePointSize) != ++ kP256AffinePointSize) { ++ return "Error in converting absolute value of x cordinate to big-endian"; ++ } ++ if (BN_bn2binpad(y.get(), pubY.data(), kP256AffinePointSize) != ++ kP256AffinePointSize) { ++ return "Error in converting absolute value of y cordinate to big-endian"; ++ } ++ return std::make_tuple(std::move(pubX), std::move(pubY)); ++} ++ ++ErrMsgOr> generateEc256KeyPair() { ++ auto ec_key = EC_KEY_Ptr(EC_KEY_new()); ++ if (ec_key.get() == nullptr) { ++ return "Failed to allocate ec key"; ++ } ++ ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (group.get() == nullptr) { ++ return "Error creating EC group by curve name"; ++ } ++ ++ if (EC_KEY_set_group(ec_key.get(), group.get()) != 1 || ++ EC_KEY_generate_key(ec_key.get()) != 1 || EC_KEY_check_key(ec_key.get()) < 0) { ++ return "Error generating key"; ++ } ++ ++ auto privKey = ecKeyGetPrivateKey(ec_key.get()); ++ if (!privKey) return privKey.moveMessage(); ++ ++ auto pubKey = ecKeyGetPublicKey(ec_key.get()); ++ if (!pubKey) return pubKey.moveMessage(); ++ ++ return std::make_tuple(pubKey.moveValue(), privKey.moveValue()); ++} ++ ++ErrMsgOr> generateX25519KeyPair() { ++ /* Generate X25519 key pair */ ++ bytevec pubKey(X25519_PUBLIC_VALUE_LEN); ++ bytevec privKey(X25519_PRIVATE_KEY_LEN); ++ X25519_keypair(pubKey.data(), privKey.data()); ++ return std::make_tuple(std::move(pubKey), std::move(privKey)); ++} ++ ++ErrMsgOr> generateED25519KeyPair() { ++ /* Generate ED25519 key pair */ ++ bytevec pubKey(ED25519_PUBLIC_KEY_LEN); ++ bytevec privKey(ED25519_PRIVATE_KEY_LEN); ++ ED25519_keypair(pubKey.data(), privKey.data()); ++ return std::make_tuple(std::move(pubKey), std::move(privKey)); ++} ++ ++ErrMsgOr> generateKeyPair( ++ int32_t supportedEekCurve, bool isEek) { ++ ++ switch (supportedEekCurve) { ++ case RpcHardwareInfo::CURVE_NONE: ++ case RpcHardwareInfo::CURVE_25519: ++ if (isEek) { ++ return generateX25519KeyPair(); ++ } ++ return generateED25519KeyPair(); ++ case RpcHardwareInfo::CURVE_P256: ++ return generateEc256KeyPair(); ++ default: ++ return "Unknown EEK Curve."; ++ } ++} ++ ++ErrMsgOr constructCoseKey(int32_t supportedEekCurve, const bytevec& eekId, ++ const bytevec& pubKey) { ++ CoseKeyType keyType; ++ CoseKeyAlgorithm algorithm; ++ CoseKeyCurve curve; ++ bytevec pubX; ++ bytevec pubY; ++ switch (supportedEekCurve) { ++ case RpcHardwareInfo::CURVE_NONE: ++ case RpcHardwareInfo::CURVE_25519: ++ keyType = OCTET_KEY_PAIR; ++ algorithm = (eekId.empty()) ? EDDSA : ECDH_ES_HKDF_256; ++ curve = (eekId.empty()) ? ED25519 : cppcose::X25519; ++ pubX = pubKey; ++ break; ++ case RpcHardwareInfo::CURVE_P256: { ++ keyType = EC2; ++ algorithm = (eekId.empty()) ? ES256 : ECDH_ES_HKDF_256; ++ curve = P256; ++ auto affineCoordinates = getAffineCoordinates(pubKey); ++ if (!affineCoordinates) return affineCoordinates.moveMessage(); ++ std::tie(pubX, pubY) = affineCoordinates.moveValue(); ++ } break; ++ default: ++ return "Unknown EEK Curve."; ++ } ++ cppbor::Map coseKey = cppbor::Map() ++ .add(CoseKey::KEY_TYPE, keyType) ++ .add(CoseKey::ALGORITHM, algorithm) ++ .add(CoseKey::CURVE, curve) ++ .add(CoseKey::PUBKEY_X, pubX); ++ ++ if (!pubY.empty()) coseKey.add(CoseKey::PUBKEY_Y, pubY); ++ if (!eekId.empty()) coseKey.add(CoseKey::KEY_ID, eekId); ++ ++ return coseKey.canonicalize().encode(); ++} ++ + bytevec kTestMacKey(32 /* count */, 0 /* byte value */); + + bytevec randomBytes(size_t numBytes) { +@@ -34,7 +214,17 @@ bytevec randomBytes(size_t numBytes) { + return retval; + } + +-ErrMsgOr generateEekChain(size_t length, const bytevec& eekId) { ++ErrMsgOr constructCoseSign1(int32_t supportedEekCurve, const bytevec& key, ++ const bytevec& payload, const bytevec& aad) { ++ if (supportedEekCurve == RpcHardwareInfo::CURVE_P256) { ++ return constructECDSACoseSign1(key, {} /* protectedParams */, payload, aad); ++ } else { ++ return cppcose::constructCoseSign1(key, payload, aad); ++ } ++} ++ ++ErrMsgOr generateEekChain(int32_t supportedEekCurve, size_t length, ++ const bytevec& eekId) { + if (length < 2) { + return "EEK chain must contain at least 2 certs."; + } +@@ -43,42 +233,31 @@ ErrMsgOr generateEekChain(size_t length, const bytevec& eekId) { + + bytevec prev_priv_key; + for (size_t i = 0; i < length - 1; ++i) { +- bytevec pub_key(ED25519_PUBLIC_KEY_LEN); +- bytevec priv_key(ED25519_PRIVATE_KEY_LEN); +- +- ED25519_keypair(pub_key.data(), priv_key.data()); ++ auto keyPair = generateKeyPair(supportedEekCurve, false); ++ if (!keyPair) keyPair.moveMessage(); ++ auto [pub_key, priv_key] = keyPair.moveValue(); + + // The first signing key is self-signed. + if (prev_priv_key.empty()) prev_priv_key = priv_key; + +- auto coseSign1 = constructCoseSign1(prev_priv_key, +- cppbor::Map() /* payload CoseKey */ +- .add(CoseKey::KEY_TYPE, OCTET_KEY_PAIR) +- .add(CoseKey::ALGORITHM, EDDSA) +- .add(CoseKey::CURVE, ED25519) +- .add(CoseKey::PUBKEY_X, pub_key) +- .canonicalize() +- .encode(), ++ auto coseKey = constructCoseKey(supportedEekCurve, {}, pub_key); ++ if (!coseKey) return coseKey.moveMessage(); ++ ++ auto coseSign1 = constructCoseSign1(supportedEekCurve, prev_priv_key, coseKey.moveValue(), + {} /* AAD */); + if (!coseSign1) return coseSign1.moveMessage(); + eekChain.add(coseSign1.moveValue()); + + prev_priv_key = priv_key; + } ++ auto keyPair = generateKeyPair(supportedEekCurve, true); ++ if (!keyPair) keyPair.moveMessage(); ++ auto [pub_key, priv_key] = keyPair.moveValue(); + +- bytevec pub_key(X25519_PUBLIC_VALUE_LEN); +- bytevec priv_key(X25519_PRIVATE_KEY_LEN); +- X25519_keypair(pub_key.data(), priv_key.data()); ++ auto coseKey = constructCoseKey(supportedEekCurve, eekId, pub_key); ++ if (!coseKey) return coseKey.moveMessage(); + +- auto coseSign1 = constructCoseSign1(prev_priv_key, +- cppbor::Map() /* payload CoseKey */ +- .add(CoseKey::KEY_TYPE, OCTET_KEY_PAIR) +- .add(CoseKey::KEY_ID, eekId) +- .add(CoseKey::ALGORITHM, ECDH_ES_HKDF_256) +- .add(CoseKey::CURVE, cppcose::X25519) +- .add(CoseKey::PUBKEY_X, pub_key) +- .canonicalize() +- .encode(), ++ auto coseSign1 = constructCoseSign1(supportedEekCurve, prev_priv_key, coseKey.moveValue(), + {} /* AAD */); + if (!coseSign1) return coseSign1.moveMessage(); + eekChain.add(coseSign1.moveValue()); +@@ -86,16 +265,15 @@ ErrMsgOr generateEekChain(size_t length, const bytevec& eekId) { + return EekChain{eekChain.encode(), pub_key, priv_key}; + } + +-bytevec getProdEekChain() { +- bytevec prodEek; +- prodEek.reserve(1 + sizeof(kCoseEncodedRootCert) + sizeof(kCoseEncodedGeekCert)); +- +- // In CBOR encoding, 0x82 indicates an array of two items +- prodEek.push_back(0x82); +- prodEek.insert(prodEek.end(), std::begin(kCoseEncodedRootCert), std::end(kCoseEncodedRootCert)); +- prodEek.insert(prodEek.end(), std::begin(kCoseEncodedGeekCert), std::end(kCoseEncodedGeekCert)); +- +- return prodEek; ++bytevec getProdEekChain(int32_t supportedEekCurve) { ++ cppbor::Array chain; ++ if (supportedEekCurve == RpcHardwareInfo::CURVE_P256) { ++ chain.add(cppbor::EncodedItem(bytevec(std::begin(kCoseEncodedEcdsaRootCert), std::end(kCoseEncodedEcdsaRootCert)))); ++ } else { ++ chain.add(cppbor::EncodedItem(bytevec(std::begin(kCoseEncodedRootCert), std::end(kCoseEncodedRootCert)))); ++ chain.add(cppbor::EncodedItem(bytevec(std::begin(kCoseEncodedGeekCert), std::end(kCoseEncodedGeekCert)))); ++ } ++ return chain.encode(); + } + + ErrMsgOr verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1, +@@ -122,7 +300,8 @@ ErrMsgOr verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1, + } + + auto& algorithm = parsedProtParams->asMap()->get(ALGORITHM); +- if (!algorithm || !algorithm->asInt() || algorithm->asInt()->value() != EDDSA) { ++ if (!algorithm || !algorithm->asInt() || (algorithm->asInt()->value() != EDDSA && ++ algorithm->asInt()->value() != ES256)) { + return "Unsupported signature algorithm"; + } + +@@ -136,16 +315,35 @@ ErrMsgOr verifyAndParseCoseSign1Cwt(const cppbor::Array* coseSign1, + if (!serializedKey || !serializedKey->asBstr()) return "Could not find key entry"; + + bool selfSigned = signingCoseKey.empty(); +- auto key = ++ bytevec key; ++ if (algorithm->asInt()->value() == EDDSA) { ++ auto key = + CoseKey::parseEd25519(selfSigned ? serializedKey->asBstr()->value() : signingCoseKey); +- if (!key) return "Bad signing key: " + key.moveMessage(); ++ if (!key) return "Bad signing key: " + key.moveMessage(); + +- bytevec signatureInput = ++ bytevec signatureInput = + cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); + +- if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), +- key->getBstrValue(CoseKey::PUBKEY_X)->data())) { +- return "Signature verification failed"; ++ if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), ++ key->getBstrValue(CoseKey::PUBKEY_X)->data())) { ++ return "Signature verification failed"; ++ } ++ } else { // P256 ++ auto key = ++ CoseKey::parseP256(selfSigned ? serializedKey->asBstr()->value() : signingCoseKey); ++ if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty() || ++ key->getBstrValue(CoseKey::PUBKEY_Y)->empty()) { ++ return "Bad signing key: " + key.moveMessage(); ++ } ++ auto publicKey = key->getEcPublicKey(); ++ if (!publicKey) return publicKey.moveMessage(); ++ ++ bytevec signatureInput = ++ cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); ++ ++ if (!verifyEcdsaDigest(publicKey.moveValue(), sha256(signatureInput), signature->value())) { ++ return "Signature verification failed"; ++ } + } + + return serializedKey->asBstr()->value(); +diff --git a/security/keymint/support/remote_prov_utils_test.cpp b/security/keymint/support/remote_prov_utils_test.cpp +index 8697c5190..0009bf713 100644 +--- a/security/keymint/support/remote_prov_utils_test.cpp ++++ b/security/keymint/support/remote_prov_utils_test.cpp +@@ -14,6 +14,7 @@ + * limitations under the License. + */ + ++#include + #include + #include + #include +@@ -35,13 +36,13 @@ using ::keymaster::validateAndExtractEekPubAndId; + using ::testing::ElementsAreArray; + + TEST(RemoteProvUtilsTest, GenerateEekChainInvalidLength) { +- ASSERT_FALSE(generateEekChain(1, /*eekId=*/{})); ++ ASSERT_FALSE(generateEekChain(CURVE_25519, 1, /*eekId=*/{})); + } + + TEST(RemoteProvUtilsTest, GenerateEekChain) { + bytevec kTestEekId = {'t', 'e', 's', 't', 'I', 'd', 0}; + for (size_t length : {2, 3, 31}) { +- auto get_eek_result = generateEekChain(length, kTestEekId); ++ auto get_eek_result = generateEekChain(CURVE_25519, length, kTestEekId); + ASSERT_TRUE(get_eek_result) << get_eek_result.message(); + + auto& [chain, pubkey, privkey] = *get_eek_result; diff --git a/patches/keymint/aosp_integration_patches_aosp_12_r15/system_keymaster.patch b/patches/keymint/aosp_integration_patches_aosp_12_r15/system_keymaster.patch new file mode 100644 index 00000000..b994b768 --- /dev/null +++ b/patches/keymint/aosp_integration_patches_aosp_12_r15/system_keymaster.patch @@ -0,0 +1,441 @@ +diff --git a/cppcose/cppcose.cpp b/cppcose/cppcose.cpp +index bfe9928..5009bfe 100644 +--- a/cppcose/cppcose.cpp ++++ b/cppcose/cppcose.cpp +@@ -21,10 +21,17 @@ + + #include + #include ++#include + + #include + + namespace cppcose { ++constexpr int kP256AffinePointSize = 32; ++ ++using EVP_PKEY_Ptr = bssl::UniquePtr; ++using EVP_PKEY_CTX_Ptr = bssl::UniquePtr; ++using ECDSA_SIG_Ptr = bssl::UniquePtr; ++using EC_KEY_Ptr = bssl::UniquePtr; + + namespace { + +@@ -51,6 +58,92 @@ ErrMsgOr> aesGcmInitAndProcessAad(const bytevec& + return std::move(ctx); + } + ++ ++ErrMsgOr signEcdsaDigest(const bytevec& key, const bytevec& data) { ++ auto bn = BIGNUM_Ptr(BN_bin2bn(key.data(), key.size(), nullptr)); ++ if (bn.get() == nullptr) { ++ return "Error creating BIGNUM"; ++ } ++ ++ auto ec_key = EC_KEY_Ptr(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (EC_KEY_set_private_key(ec_key.get(), bn.get()) != 1) { ++ return "Error setting private key from BIGNUM"; ++ } ++ ++ ECDSA_SIG* sig = ECDSA_do_sign(data.data(), data.size(), ec_key.get()); ++ if (sig == nullptr) { ++ return "Error signing digest"; ++ } ++ size_t len = i2d_ECDSA_SIG(sig, nullptr); ++ bytevec signature(len); ++ unsigned char* p = (unsigned char*)signature.data(); ++ i2d_ECDSA_SIG(sig, &p); ++ ECDSA_SIG_free(sig); ++ return signature; ++} ++ ++ErrMsgOr ecdh(const bytevec& publicKey, const bytevec& privateKey) { ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ auto point = EC_POINT_Ptr(EC_POINT_new(group.get())); ++ if (EC_POINT_oct2point(group.get(), point.get(), publicKey.data(), publicKey.size(), nullptr) != ++ 1) { ++ return "Error decoding publicKey"; ++ } ++ auto ecKey = EC_KEY_Ptr(EC_KEY_new()); ++ auto pkey = EVP_PKEY_Ptr(EVP_PKEY_new()); ++ if (ecKey.get() == nullptr || pkey.get() == nullptr) { ++ return "Memory allocation failed"; ++ } ++ if (EC_KEY_set_group(ecKey.get(), group.get()) != 1) { ++ return "Error setting group"; ++ } ++ if (EC_KEY_set_public_key(ecKey.get(), point.get()) != 1) { ++ return "Error setting point"; ++ } ++ if (EVP_PKEY_set1_EC_KEY(pkey.get(), ecKey.get()) != 1) { ++ return "Error setting key"; ++ } ++ ++ auto bn = BIGNUM_Ptr(BN_bin2bn(privateKey.data(), privateKey.size(), nullptr)); ++ if (bn.get() == nullptr) { ++ return "Error creating BIGNUM for private key"; ++ } ++ auto privEcKey = EC_KEY_Ptr(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); ++ if (EC_KEY_set_private_key(privEcKey.get(), bn.get()) != 1) { ++ return "Error setting private key from BIGNUM"; ++ } ++ auto privPkey = EVP_PKEY_Ptr(EVP_PKEY_new()); ++ if (EVP_PKEY_set1_EC_KEY(privPkey.get(), privEcKey.get()) != 1) { ++ return "Error setting private key"; ++ } ++ ++ auto ctx = EVP_PKEY_CTX_Ptr(EVP_PKEY_CTX_new(privPkey.get(), NULL)); ++ if (ctx.get() == nullptr) { ++ return "Error creating context"; ++ } ++ ++ if (EVP_PKEY_derive_init(ctx.get()) != 1) { ++ return "Error initializing context"; ++ } ++ ++ if (EVP_PKEY_derive_set_peer(ctx.get(), pkey.get()) != 1) { ++ return "Error setting peer"; ++ } ++ ++ /* Determine buffer length for shared secret */ ++ size_t secretLen = 0; ++ if (EVP_PKEY_derive(ctx.get(), NULL, &secretLen) != 1) { ++ return "Error determing length of shared secret"; ++ } ++ bytevec sharedSecret; ++ sharedSecret.resize(secretLen); ++ ++ if (EVP_PKEY_derive(ctx.get(), sharedSecret.data(), &secretLen) != 1) { ++ return "Error deriving shared secret"; ++ } ++ return sharedSecret; ++} ++ + } // namespace + + ErrMsgOr generateHmacSha256(const bytevec& key, const bytevec& data) { +@@ -134,6 +227,17 @@ ErrMsgOr verifyAndParseCoseMac0(const cppbor::Item* macIt + return payload->value(); + } + ++ErrMsgOr createECDSACoseSign1Signature(const bytevec& key, const bytevec& protectedParams, ++ const bytevec& payload, const bytevec& aad) { ++ bytevec signatureInput = cppbor::Array() ++ .add("Signature1") // ++ .add(protectedParams) ++ .add(aad) ++ .add(payload) ++ .encode(); ++ return signEcdsaDigest(key, sha256(signatureInput)); ++} ++ + ErrMsgOr createCoseSign1Signature(const bytevec& key, const bytevec& protectedParams, + const bytevec& payload, const bytevec& aad) { + bytevec signatureInput = cppbor::Array() +@@ -152,6 +256,19 @@ ErrMsgOr createCoseSign1Signature(const bytevec& key, const bytevec& pr + return signature; + } + ++ErrMsgOr constructECDSACoseSign1(const bytevec& key, cppbor::Map protectedParams, ++ const bytevec& payload, const bytevec& aad) { ++ bytevec protParms = protectedParams.add(ALGORITHM, ES256).canonicalize().encode(); ++ auto signature = createECDSACoseSign1Signature(key, protParms, payload, aad); ++ if (!signature) return signature.moveMessage(); ++ ++ return cppbor::Array() ++ .add(std::move(protParms)) ++ .add(cppbor::Map() /* unprotected parameters */) ++ .add(std::move(payload)) ++ .add(std::move(*signature)); ++} ++ + ErrMsgOr constructCoseSign1(const bytevec& key, cppbor::Map protectedParams, + const bytevec& payload, const bytevec& aad) { + bytevec protParms = protectedParams.add(ALGORITHM, EDDSA).canonicalize().encode(); +@@ -193,7 +310,8 @@ ErrMsgOr verifyAndParseCoseSign1(const cppbor::Array* coseSign1, + } + + auto& algorithm = parsedProtParams->asMap()->get(ALGORITHM); +- if (!algorithm || !algorithm->asInt() || algorithm->asInt()->value() != EDDSA) { ++ if (!algorithm || !algorithm->asInt() || ++ !(algorithm->asInt()->value() == EDDSA || algorithm->asInt()->value() == ES256)) { + return "Unsupported signature algorithm"; + } + +@@ -203,17 +321,30 @@ ErrMsgOr verifyAndParseCoseSign1(const cppbor::Array* coseSign1, + } + + bool selfSigned = signingCoseKey.empty(); +- auto key = CoseKey::parseEd25519(selfSigned ? payload->value() : signingCoseKey); +- if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty()) { +- return "Bad signing key: " + key.moveMessage(); +- } +- + bytevec signatureInput = + cppbor::Array().add("Signature1").add(*protectedParams).add(aad).add(*payload).encode(); +- +- if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), +- key->getBstrValue(CoseKey::PUBKEY_X)->data())) { +- return "Signature verification failed"; ++ if (algorithm->asInt()->value() == EDDSA) { ++ auto key = CoseKey::parseEd25519(selfSigned ? payload->value() : signingCoseKey); ++ if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty()) { ++ return "Bad signing key: " + key.moveMessage(); ++ } ++ ++ if (!ED25519_verify(signatureInput.data(), signatureInput.size(), signature->value().data(), ++ key->getBstrValue(CoseKey::PUBKEY_X)->data())) { ++ return "Signature verification failed"; ++ } ++ } else { // P256 ++ auto key = CoseKey::parseP256(selfSigned ? payload->value() : signingCoseKey); ++ if (!key || key->getBstrValue(CoseKey::PUBKEY_X)->empty() || ++ key->getBstrValue(CoseKey::PUBKEY_Y)->empty()) { ++ return "Bad signing key: " + key.moveMessage(); ++ } ++ auto publicKey = key->getEcPublicKey(); ++ if (!publicKey) return publicKey.moveMessage(); ++ ++ if (!verifyEcdsaDigest(publicKey.moveValue(), sha256(signatureInput), signature->value())) { ++ return "Signature verification failed"; ++ } + } + + return payload->value(); +@@ -294,28 +425,47 @@ getSenderPubKeyFromCoseEncrypt(const cppbor::Item* coseEncrypt) { + if (!senderCoseKey || !senderCoseKey->asMap()) return "Invalid sender COSE_Key"; + + auto& keyType = senderCoseKey->asMap()->get(CoseKey::KEY_TYPE); +- if (!keyType || !keyType->asInt() || keyType->asInt()->value() != OCTET_KEY_PAIR) { ++ if (!keyType || !keyType->asInt() || (keyType->asInt()->value() != OCTET_KEY_PAIR && ++ keyType->asInt()->value() != EC2)) { + return "Invalid key type"; + } + + auto& curve = senderCoseKey->asMap()->get(CoseKey::CURVE); +- if (!curve || !curve->asInt() || curve->asInt()->value() != X25519) { ++ if (!curve || !curve->asInt() || ++ (keyType->asInt()->value() == OCTET_KEY_PAIR && curve->asInt()->value() != X25519) || ++ (keyType->asInt()->value() == EC2 && curve->asInt()->value() != P256)) { + return "Unsupported curve"; + } + +- auto& pubkey = senderCoseKey->asMap()->get(CoseKey::PUBKEY_X); +- if (!pubkey || !pubkey->asBstr() || +- pubkey->asBstr()->value().size() != X25519_PUBLIC_VALUE_LEN) { +- return "Invalid X25519 public key"; ++ bytevec publicKey; ++ if (keyType->asInt()->value() == EC2) { ++ auto& pubX = senderCoseKey->asMap()->get(CoseKey::PUBKEY_X); ++ if (!pubX || !pubX->asBstr() || pubX->asBstr()->value().size() != kP256AffinePointSize) { ++ return "Invalid EC public key"; ++ } ++ auto& pubY = senderCoseKey->asMap()->get(CoseKey::PUBKEY_Y); ++ if (!pubY || !pubY->asBstr() || pubY->asBstr()->value().size() != kP256AffinePointSize) { ++ return "Invalid EC public key"; ++ } ++ auto key = CoseKey::getEcPublicKey(pubX->asBstr()->value(), pubY->asBstr()->value()); ++ if (!key) return key.moveMessage(); ++ publicKey = key.moveValue(); ++ } else { ++ auto& pubkey = senderCoseKey->asMap()->get(CoseKey::PUBKEY_X); ++ if (!pubkey || !pubkey->asBstr() || ++ pubkey->asBstr()->value().size() != X25519_PUBLIC_VALUE_LEN) { ++ return "Invalid X25519 public key"; ++ } ++ publicKey = pubkey->asBstr()->value(); + } + + auto& key_id = unprotParms->asMap()->get(KEY_ID); + if (key_id && key_id->asBstr()) { +- return std::make_pair(pubkey->asBstr()->value(), key_id->asBstr()->value()); ++ return std::make_pair(publicKey, key_id->asBstr()->value()); + } + + // If no key ID, just return an empty vector. +- return std::make_pair(pubkey->asBstr()->value(), bytevec{}); ++ return std::make_pair(publicKey, bytevec{}); + } + + ErrMsgOr decryptCoseEncrypt(const bytevec& key, const cppbor::Item* coseEncrypt, +@@ -367,6 +517,43 @@ ErrMsgOr decryptCoseEncrypt(const bytevec& key, const cppbor::Item* cos + return aesGcmDecrypt(key, nonce->asBstr()->value(), aad, ciphertext->asBstr()->value()); + } + ++ErrMsgOr ECDH_HKDF_DeriveKey(const bytevec& pubKeyA, const bytevec& privKeyA, ++ const bytevec& pubKeyB, bool senderIsA) { ++ if (privKeyA.empty() || pubKeyA.empty() || pubKeyB.empty()) { ++ return "Missing input key parameters"; ++ } ++ ++ auto rawSharedKey = ecdh(pubKeyB, privKeyA); ++ if (!rawSharedKey) return rawSharedKey.moveMessage(); ++ ++ bytevec kdfContext = cppbor::Array() ++ .add(AES_GCM_256) ++ .add(cppbor::Array() // Sender Info ++ .add(cppbor::Bstr("client")) ++ .add(bytevec{} /* nonce */) ++ .add(senderIsA ? pubKeyA : pubKeyB)) ++ .add(cppbor::Array() // Recipient Info ++ .add(cppbor::Bstr("server")) ++ .add(bytevec{} /* nonce */) ++ .add(senderIsA ? pubKeyB : pubKeyA)) ++ .add(cppbor::Array() // SuppPubInfo ++ .add(kAesGcmKeySizeBits) // output key length ++ .add(bytevec{})) // protected ++ .encode(); ++ ++ bytevec retval(SHA256_DIGEST_LENGTH); ++ bytevec salt{}; ++ if (!HKDF(retval.data(), retval.size(), // ++ EVP_sha256(), // ++ rawSharedKey->data(), rawSharedKey->size(), // ++ salt.data(), salt.size(), // ++ kdfContext.data(), kdfContext.size())) { ++ return "ECDH HKDF failed"; ++ } ++ ++ return retval; ++} ++ + ErrMsgOr x25519_HKDF_DeriveKey(const bytevec& pubKeyA, const bytevec& privKeyA, + const bytevec& pubKeyB, bool senderIsA) { + if (privKeyA.empty() || pubKeyA.empty() || pubKeyB.empty()) { +@@ -460,4 +647,43 @@ ErrMsgOr aesGcmDecrypt(const bytevec& key, const bytevec& nonce, const + return plaintext; + } + ++bytevec sha256(const bytevec& data) { ++ bytevec ret(SHA256_DIGEST_LENGTH); ++ SHA256_CTX ctx; ++ SHA256_Init(&ctx); ++ SHA256_Update(&ctx, data.data(), data.size()); ++ SHA256_Final((unsigned char*)ret.data(), &ctx); ++ return ret; ++} ++ ++bool verifyEcdsaDigest(const bytevec& key, const bytevec& digest, const bytevec& signature) { ++ const unsigned char* p = (unsigned char*)signature.data(); ++ auto sig = ECDSA_SIG_Ptr(d2i_ECDSA_SIG(nullptr, &p, signature.size())); ++ if (sig.get() == nullptr) { ++ return false; ++ } ++ ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ auto point = EC_POINT_Ptr(EC_POINT_new(group.get())); ++ if (EC_POINT_oct2point(group.get(), point.get(), key.data(), key.size(), nullptr) != 1) { ++ return false; ++ } ++ auto ecKey = EC_KEY_Ptr(EC_KEY_new()); ++ if (ecKey.get() == nullptr) { ++ return false; ++ } ++ if (EC_KEY_set_group(ecKey.get(), group.get()) != 1) { ++ return false; ++ } ++ if (EC_KEY_set_public_key(ecKey.get(), point.get()) != 1) { ++ return false; ++ } ++ ++ int rc = ECDSA_do_verify(digest.data(), digest.size(), sig.get(), ecKey.get()); ++ if (rc != 1) { ++ return false; ++ } ++ return true; ++} ++ + } // namespace cppcose +diff --git a/include/keymaster/cppcose/cppcose.h b/include/keymaster/cppcose/cppcose.h +index 0f97388..03251f1 100644 +--- a/include/keymaster/cppcose/cppcose.h ++++ b/include/keymaster/cppcose/cppcose.h +@@ -24,17 +24,25 @@ + + #include + #include +- ++#include ++#include ++#include + #include + #include + #include + #include ++#include + #include + #include + #include + + namespace cppcose { + ++using BIGNUM_Ptr = bssl::UniquePtr; ++using EC_GROUP_Ptr = bssl::UniquePtr; ++using EC_POINT_Ptr = bssl::UniquePtr; ++using BN_CTX_Ptr = bssl::UniquePtr; ++ + template class ErrMsgOr; + using bytevec = std::vector; + using HmacSha256 = std::array; +@@ -203,6 +211,41 @@ class CoseKey { + return key; + } + ++ static ErrMsgOr getEcPublicKey(const bytevec& pubX, const bytevec& pubY) { ++ auto bnX = BIGNUM_Ptr(BN_bin2bn(pubX.data(), pubX.size(), nullptr)); ++ if (bnX.get() == nullptr) { ++ return "Error creating BIGNUM X Coordinate"; ++ } ++ auto bnY = BIGNUM_Ptr(BN_bin2bn(pubY.data(), pubY.size(), nullptr)); ++ if (bnY.get() == nullptr) { ++ return "Error creating BIGNUM Y Coordinate"; ++ } ++ auto group = EC_GROUP_Ptr(EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); ++ auto point = EC_POINT_Ptr(EC_POINT_new(group.get())); ++ if (!point) return "Failed to create EC_POINT instance"; ++ BN_CTX_Ptr ctx(BN_CTX_new()); ++ if (!ctx.get()) return "Failed to create BN_CTX instance"; ++ if (!EC_POINT_set_affine_coordinates_GFp(group.get(), point.get(), bnX.get(), bnY.get(), ++ ctx.get())) { ++ return "Failed to set affine coordinates."; ++ } ++ int size = EC_POINT_point2oct(group.get(), point.get(), POINT_CONVERSION_UNCOMPRESSED, ++ nullptr, 0, nullptr); ++ if (size == 0) { ++ return "Error generating public key encoding"; ++ } ++ bytevec publicKey(size); ++ EC_POINT_point2oct(group.get(), point.get(), POINT_CONVERSION_UNCOMPRESSED, ++ publicKey.data(), publicKey.size(), nullptr); ++ return publicKey; ++ } ++ ++ ErrMsgOr getEcPublicKey() { ++ auto pubX = getBstrValue(PUBKEY_X).value(); ++ auto pubY = getBstrValue(PUBKEY_Y).value(); ++ return getEcPublicKey(pubX, pubY); ++ } ++ + std::optional getIntValue(Label label) { + const auto& value = key_->get(label); + if (!value || !value->asInt()) return {}; +@@ -252,6 +295,8 @@ ErrMsgOr constructCoseSign1(const bytevec& key, const bytevec& pa + const bytevec& aad); + ErrMsgOr constructCoseSign1(const bytevec& key, cppbor::Map extraProtectedFields, + const bytevec& payload, const bytevec& aad); ++ErrMsgOr constructECDSACoseSign1(const bytevec& key, cppbor::Map extraProtectedFields, ++ const bytevec& payload, const bytevec& aad); + /** + * Verify and parse a COSE_Sign1 message, returning the payload. + * +@@ -282,7 +327,10 @@ decryptCoseEncrypt(const bytevec& key, const cppbor::Item* encryptItem, const by + + ErrMsgOr x25519_HKDF_DeriveKey(const bytevec& senderPubKey, const bytevec& senderPrivKey, + const bytevec& recipientPubKey, bool senderIsA); +- ++ErrMsgOr ECDH_HKDF_DeriveKey(const bytevec& pubKeyA, const bytevec& privKeyA, ++ const bytevec& pubKeyB, bool senderIsA); ++bool verifyEcdsaDigest(const bytevec& key, const bytevec& digest, const bytevec& signature); ++bytevec sha256(const bytevec& data); + ErrMsgOr aesGcmEncrypt(const bytevec& key, const bytevec& nonce, + const bytevec& aad, + const bytevec& plaintext); diff --git a/patches/keymint/aosp_integration_patches_aosp_12_r15/system_security.patch b/patches/keymint/aosp_integration_patches_aosp_12_r15/system_security.patch new file mode 100644 index 00000000..22956d5e --- /dev/null +++ b/patches/keymint/aosp_integration_patches_aosp_12_r15/system_security.patch @@ -0,0 +1,13 @@ +diff --git a/keystore2/src/km_compat/km_compat.cpp b/keystore2/src/km_compat/km_compat.cpp +index 64849c1..40ca554 100644 +--- a/keystore2/src/km_compat/km_compat.cpp ++++ b/keystore2/src/km_compat/km_compat.cpp +@@ -1314,7 +1314,7 @@ KeymasterDevices initializeKeymasters() { + CHECK(serviceManager.get()) << "Failed to get ServiceManager"; + auto result = enumerateKeymasterDevices(serviceManager.get()); + auto softKeymaster = result[SecurityLevel::SOFTWARE]; +- if (!result[SecurityLevel::TRUSTED_ENVIRONMENT]) { ++ if ((!result[SecurityLevel::TRUSTED_ENVIRONMENT]) && (!result[SecurityLevel::STRONGBOX])) { + result = enumerateKeymasterDevices(serviceManager.get()); + } + if (softKeymaster) result[SecurityLevel::SOFTWARE] = softKeymaster; diff --git a/patches/keymint/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch b/patches/keymint/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch new file mode 100644 index 00000000..f533e8c7 --- /dev/null +++ b/patches/keymint/aosp_integration_patches_aosp_12_r15/system_sepolicy.patch @@ -0,0 +1,40 @@ +diff --git a/prebuilts/api/31.0/public/hal_neverallows.te b/prebuilts/api/31.0/public/hal_neverallows.te +index 105689b8a..275f9a5c2 100644 +--- a/prebuilts/api/31.0/public/hal_neverallows.te ++++ b/prebuilts/api/31.0/public/hal_neverallows.te +@@ -9,6 +9,7 @@ neverallow { + -hal_wifi_supplicant_server + -hal_telephony_server + -hal_uwb_server ++ -hal_keymint_server + } self:global_capability_class_set { net_admin net_raw }; + + # Unless a HAL's job is to communicate over the network, or control network +@@ -27,6 +28,7 @@ neverallow { + -hal_wifi_supplicant_server + -hal_telephony_server + -hal_uwb_server ++ -hal_keymint_server + } domain:{ tcp_socket udp_socket rawip_socket } *; + + # The UWB HAL is not actually a networking HAL but may need to bring up and down +diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te +index 105689b8a..275f9a5c2 100644 +--- a/public/hal_neverallows.te ++++ b/public/hal_neverallows.te +@@ -9,6 +9,7 @@ neverallow { + -hal_wifi_supplicant_server + -hal_telephony_server + -hal_uwb_server ++ -hal_keymint_server + } self:global_capability_class_set { net_admin net_raw }; + + # Unless a HAL's job is to communicate over the network, or control network +@@ -27,6 +28,7 @@ neverallow { + -hal_wifi_supplicant_server + -hal_telephony_server + -hal_uwb_server ++ -hal_keymint_server + } domain:{ tcp_socket udp_socket rawip_socket } *; + + # The UWB HAL is not actually a networking HAL but may need to bring up and down

    f9O=Y|r&X zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76 zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$ zV&lWc!XgYl zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj? z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!; zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@ zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A( zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_ zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1} z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7 z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ& z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4) z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W= z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0 zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+ z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{ zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4 z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1| z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7 zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P zk)xf&%Op&N(>0FvfgO_NnuO$B!v zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x zj=qm!iqIY6GHa`e543L>Cwi~ zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@ zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q< z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ| zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^ z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;- zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq= z1{F@AY zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^ zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2* z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^ z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2 zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3} z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S! z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc& zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$ zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X; zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO zbXhh9)Tp{?M^Q6#O3 z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6 zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C; zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S& zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI( zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)> z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&< zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM* z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$ zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2 zs(+b*m>iA>{tRt5CI;abM z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0 z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@ zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@ zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g! zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3 zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN! z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2 ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?- zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_ z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8 zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+* z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU z8CBPxf=0B|p1yd6yuF=@-7e(EP zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!| zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@ zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_ zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3 zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$% zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~ z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV zC>N5m7 zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$ zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z! z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1 zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>( zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{ zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76 z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y% znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff> zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS! zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9 zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3 z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF) zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9 zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH| zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA zUDk(8X#rD`%?`=s--AAoMOEoe*G= zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj zoadaGIWu#n+FdP|8Hm; zE%Av0; zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0 z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^ zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q! zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo! z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6 zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM( z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^ zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm zhrLy8+3h+ru>puq zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+; zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+ zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0 zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%> z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64 z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@ z5CgQG zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX( zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6 z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9 z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7 zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth= zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx- z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(< zZHmSLFf{;~WDBT)k!y^){Z^Pj( zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4 zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b- z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+ zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~= zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57 z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=> z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00 z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U| z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e& zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0 z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h< z-`OJt@15d0>w=@_ak?n% zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp- zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71 zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz% zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&; zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$ z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9= zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc< z0FaeC%M&m!!1QqUC= zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i= z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0` zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<% z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6 z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_% zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS( zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4 z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@ zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{ zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW* z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH# znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5 zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb) zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~ zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2 z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U) zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^ z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V* z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<| zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{ zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~ z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9 zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9 zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+ za%`A!W$^#Vo>9ahd%P6_2?r< zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO zRb)-I_5?N15D}&D z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n# z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225 zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6 zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK< zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h> zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u# z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6 zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5 z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z* z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^= zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6 zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+> z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@! z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^ z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw) zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*? znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b! z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR= z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3 zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi< zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+ z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~ zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^( zRUUP_HMg3Kd;&LU zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)! zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^ zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY< zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2 zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v( zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz? zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#} zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0 zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j- zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$ zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+ z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R zN88hR;yr#8kp9`3k z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly* zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p& zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^ zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S} zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf` z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&` zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0 zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM znEH<|52ldwH~f;ZWplsP&! zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!! z?Stu)`2kmoPpt4P z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3 zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2 z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_ zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW< z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~ zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d- z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U% zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~ z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?= zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q< zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?- z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5 z$Ef=^@1N6m%~G}vR?N`fsvOY z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86 ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3 zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7 z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4 z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1 z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j! z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2 zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0 z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5 z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc? z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>! z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2= zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{ zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7 zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2 zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_ z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I} z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$ zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^? zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;= zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT? z@lyL)BtM~` zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T& zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf} z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo} z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^ z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1 z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f= zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~ zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2 zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_ zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD( zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9 zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+} zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M< z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0 zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4 zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$< z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%- zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn* z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M; z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6! zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^ zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6* zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6 zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6 z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V} zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE? zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{ zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF) zJea8flNt3`8$Sh?i zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3 z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0 zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2 zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{ z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4 z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$ zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T- z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*( zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv- zcA_nm-A(y}bk${+k03Kz8(;}(rA5e% z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu z7$T}%#wdubl7PvXEC$9A`fXTTz z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx( z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~ zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9} zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5 z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@ z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1 zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9# zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~ zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1 zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8 z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+) z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*; zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j( zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66< z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W? z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E< z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1 z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1; z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc zCaLhwI>k*?|72-@S`m`kpMR;)frMy z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$ zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N zn68z%^18x@mnT= zRfcbeVUKA@?9YH3 z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+ z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3-> zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+ zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f; z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55) zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2 zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<< z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV* ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$ zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W% zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8# zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1 zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8 zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+ zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^` zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~ zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99} zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn( zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1 zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{% z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO; zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2 z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^ z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_ z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@ zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA; z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i? zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1 zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5 zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90 z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{ zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;= zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1 zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&; z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5 zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{ zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O; zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN| zcdtix`R{3C#oi;=@Pw`26t|GA zykve3@xwk2%f$4he` zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$; zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_ zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0 z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7 zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87 z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%) z@F?aibz0Mw%0t5Z}LO zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD< zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2 zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~ zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1 z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{ z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS) z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k? zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;= zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$ zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm? zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R( zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8 zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_ zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N% zsP#>Dw@y*D;bu5hlInyV z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#& zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-# zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic! zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$ z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*) zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{ zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6 z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL zpla1CsXk!K%uR6HOo zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{ zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_ z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`; zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR z^YL#fI5?r<07@VCw6 zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@ z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2## zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z- zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8 z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0 z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+ zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3 z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9 zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8 z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@ zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2 z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li* zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX? z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_ zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5 ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl% z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@ zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3 zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>` ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@ z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3 zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1 zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2 z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf( zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{ z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~ zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN zcVtZpKU81Yj9}4jS6Ui@=kH44nV zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+ z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$ zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm` zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0 zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn| zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29 z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl( zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($ zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8 zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2# zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3` zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff< zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+ z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0 z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~? z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6 zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6- z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3 zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2 zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$# z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^ zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi? z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R! zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v) zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I` zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0 zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK; z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq! z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)` zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$ z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2 ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b zHM33B?dEDs{ziu{MlgYz6PRP706!u)~ zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+ z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu# ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{ zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42 z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9 zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P> zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh= zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^> zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM z(3FX8UY?_PJ>)npV;r^q6c z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{ zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8 z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-% z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH! z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C( zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{ zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{% z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+ z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8( zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB? z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-? z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv` zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**` zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe> zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@ zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7 z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_ zWRr4|Y&= zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~ z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@ zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX* zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1 zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^ zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c* z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_ zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX zYF7HtY%%r(o_qKRxJq+vSgClH*O zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@ z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV< zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$ z{-G zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c% z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{ zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3 zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+# z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${ zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^< zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7 z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@ z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19 z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8; zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1 zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8 zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C< zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r? zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L( zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7 zK-L$^6@lXh*wC&1gRJtXcz}qG7^p zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5 zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR z(qO>8_hR!rh>K)gUuR7sc0LP(HIy z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@ z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6 zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN; zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44 zfIdkV;fI};GIMZ$^@ z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_ zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{ zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}- zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f# z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@- zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM! zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@ zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}! zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^ zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1 zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+ zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X> z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_> zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5 zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$ znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^ zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5 zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|) za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_ z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{ zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe} zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+- zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_ zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~ z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3? zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8 zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be? z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+ zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~ z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^ z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_ zI$*W4zS z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU; z^U#|)77d07cru!MQ;m$+BXj}4 z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h` zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm| z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY z+gw?kdB3&W7kIbP8kZr zp>TOf$J#OVI|LcyGOPCW09#Iz| z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3 zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81= z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0 zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7 zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6 zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9( zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{ zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0 zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5 zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7 zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~ z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1 zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$ ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0 zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q> z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X zE=tAW+RSnx8tk$9GwZerClqM6+L(sW zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~ z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{) z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`) ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10 zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X! zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP; zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0; z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f? z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk zZ?wc#s-jxpf2S ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1 z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3 z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D! zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c` zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd# zfr2G|S zLNl#Bd3uquWxtP zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;; ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX zgt`3uv1I=IP9&X{-Twe zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_ z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~| z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5 z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H z192%m$6mNljCvo{UB8y;tSyg2l z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$ zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7 zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr); zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_ zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp* zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}& z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2 z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-! zXrnglHa1we*AFywd@^8Nr1g{f zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3 zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F< z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr( z&E_I_Zvu@aTYFa!Szoa zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF` zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1 z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62 z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8 znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@; zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$ zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_ zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR; zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~& zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^ zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`> zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5 zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x zouyUEP72U)&EcaXr1IMjXH%FIk{-- zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP? zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi zh5nG*o2%KiyLK}FG!>y;xi^C zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T| zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07 z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53 zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9 zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF& zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96 zS@TrMwCDBoK3Js z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS* zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y zMqcE^G=FoN%+&Sjb4 zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$< zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{ zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_# zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp! z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5 zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz= zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9 z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c; z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@ z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5 zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y> zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX| z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~ z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5 ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi zLh0gT0sS93{&S_DbCcZf zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d` zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee( zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ? z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_ zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum# z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~ zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@? z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F) z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2 zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH zD1Ajhe^wYqzzp3Nj zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5 z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~ z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4 zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7 z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_ zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@ zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$ zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#< zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA? zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE- z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~ zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x) zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX) zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r

  • GXiQ zlP@hldsxP3k)#Y@C z`a(LOzK9-O<>g;K)QIz+x`OUi|B~)fUqZL3E9n+>72T-*6ol&(-;MwhDP!=PyY z>fg`>>fh42>fh1X>S{VeeK{RaUqO%dc=@lP2h_E6ulh>5OI=5|sprxy>M-4?zKX6@ zUrkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`Wmqbt4q&!Y#_jdZX2db&$}1Kp;+ zk#12p(T(bx=vwv7bcK38U8?>AU8MdaU7)^&&Q;$^XRDj(4E1evKz%zs+U@0k0X?8@ zp?lSTqPx_8rrXqa&@JkPbffxCx>kJ`U7=n?m#Xiki`4hf1?qe0T=ji)wz`$hP~T4n z)DO_3E4=(KrU%q*bg%kBx=Z~K-KKt+Zc(?>jp|3}TJ@uJg?b5Hs{RXIq<)MpP(M!R zs-K{<)g5$(dMO=HKS_@+_wwIK52(B7UiC7%OTC<}?x8ExtLReo zQ*@E~X}UoDS2|byH#%Frn$A%FoerpBy{XE^G?xP#k z|DbEtFVGe0wREZapLCJ>MY=%!FFIHK5}mE?r!&+q(*gA>^k|ot|8?|$dVua#ze;zh zU!&X9uhT8+LAp`>Z@O0f23?_!(WUAkx=8&dU7#MObJcIr+3FEGL;W@#P`^Wuc6#|= zPY0b2)x=Z~o-KKtzZc)EaH>y9NYt0Gt^a3;q8YWX2qT>q%$2dyyvRm%?>VEnt(%l}k*K%GJNs&}Bf z)H~8`>YeBobtc`Y{u*7Y{yJTuo<^6dzd;wNO&XRGCh#gTut{NNw* zua*y5BmW&<{^f&;82_rX>0b42beCFwNEG9LwfxW~>R&BC9F6h6`a5*3dJnonEgxvd z^`ClAx=1ZQREhkn_oj2z`_S3y96Ce2FC9?tM~^ zd-K9cTI%LiYPfA!IHi#kX*s((P&s((mVs6%wA`WU)M{Uf?SEkEdp z>tFS8bhcVP)QtA8KAsM!e@u@)=H-7jJ)kb4d(|h#{+6S_rROgF0K2aD1F zspSWCaQ{nvGF__v8C|6QIbEPWh0ax%4QlCc`sO5(eQ2*)+=xlX4ouQTw{G$I; zUqp{C@$xS}5QO7jT|xJ%Z|Bl_0@ER zx}GjoN9ZE;HFSZxfzDN5OJ}R2bcXu(bU=L_J^F~3|9SL)x{>ZxUr%?bZ=l=MH_|QY zCc0656J4vmnXXXJr%Tm;po`Rhqzlxy(7Ebc>1=f~ouR&s4ybRZN87#pFQ5n1Ep)H? zPjr|1&vcvm4!T9XkZx4pN!P0HqAS#k=u-9FbdmZVxh;~e7| z##zRh#%ac>#^ZRUC!zk0M~nxJ`;GgIR~vU5cNn)Dw;C@rZZ>W*jv9xJtBtFS%ZeZulX28IY+P+zWn6AtW?W)iY+Ps@ zG|o59GtM!dVVq^0X`E)9YCMitf)ncBc*J z4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(WnsKV}IHn9F z)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z54&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W$9RTumT{(W znsKV}IHnvX)W7kF@t|?Pai8&O<8I>)<96d#s#g~rXsO~z5< zuyM64&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS-#E`W z$9RTumT{(WnsKV}I6hgBQ2)jw#)HQF#(l=Cjk}FIjN6S{jTag>8#ft8jl;&(##P4U z#%0DO#>K{k#zEtJ<2>UW;~BBB7aJEE2aWTM^Ne$hXBcN0XBwv&ry7srlO_rEZ#-f= zXxwkyXS~|D+qlEH-MH0wp>eZulX28IY+P+zWn6AtW?W)iY+Ps@G|o59GtM!dVVq^0 zX`E)9YCMil+$7Y$@rd!Daldh&@oM94;|}9?<5uH^#?8h}#!=(2akX)kak+7safxxU zaiMY0INvzWILCN~ah7qWahh?e@i;ztlu-Z1BgTWq{lkCC0_Zg~mbSeB(Uh9OD_rS;m>hX~wC>IBZ;PTxDEtTxMKiTx?uu95l{1 z&NI$2o?)D2oN1h9oN7G&u&ICJ5#vGQe&asl)yCb%9meg(t;P$Dn~j@{qsC$5YU3*7 za^o`N660dyLgS!uzHy#$j`0lREaOb$G~-m`@rO+P8;=+d8uuIb8Lu|(HtsNPH*Pgv zXxwbvWE?dP8&?}w8J8QE8J8Fr8y6Y}jq{E3jB|`<7-t!08mAej8jn9{>fd<8c+j}t zxX*aCakp`Yal3J=@j~Nf<0j*%aoD)pxXQTPxXif3xY)SRIB1-2oM)V4Ji|E4IMX=I zIMsN(&D6i~i1DCtzj2@OYU6I>4&!#?R^x@n&Bjf}QRA?2wQ-ekxpA3siE*)Up>fbS z-#E`W$9RTumT{(WnsKV}_+nH4#v{gq#{I^9#;c9HjXR9nja!Wu8aEp^8Apx7#?{7E z#^uIk#wEtZ#)ZZ~<9y>h;~e7|##zRh#%ac>#^Vo|`Zpdi9yIPZ?lWF(+-=-p+-}@z zywJGWxXCzb95${tt}-q+E;BAME;cSS4jShh=Nac1&oIt1&NNOlPBk9C-_*b7P&7Y) zu%T$`$5<3PbgVKn)R4Nd9)E{BE4Q9lm%eLF3jVj;{TJbTC15n~Y58Z*jiJc;P}kc> zgu2Ey3k6n&dN)??gb4cF2)3G7cQ&s(z3tyk-{s?){3dLhQnhz+s4oA_tMO+jGFZ7? zs3HGsERTHy-~Ec6H8C-fV|eid3(SR6T!IsA2ON zGm+F#BpA!>3^fGTh9W(&WB)xdQCI!^6_@TKOXQch5uhjb-r&Rp7f9x0!HF9uCK`&L zub(<3zgAvb{rtq1DJhr!jA8I|Jq+_CHfjhyU$^dvx>YrivpYM)#(QDcCmik2{Lq?yN3zv;dhJ$Wxzd@OtJ@W?``hp-X11N#P9tzk=l=Q0~ll@Ei;LB@F$n&o!XVpvOO#fbxRbN89w5IxlAR)dWUJbnZ zsjt9xs9U#X-KzB_txvi^hIf%_4>@b4vR2|#`k@Hxx8Xgs1tdLoR_H*d{wq^sU;C$1 zyP>)jGfyd5K2J86_JXD|hOlERQv&>FRv=|w$#Pv=_tsQ@D;h&9iUvQB9p>S;yV4)U z-wnlM*wIdGXxLHf+KGv$eDQyF4DaICuT};>NLd;DFfdt6XEG*DiX=2rwO&#gIy|`k zl5fjj>5rs*Z=1?(y+6~cwv=D4PZ{1WR2Liz3_rUBNQvi1j*e-_ats^9Bp27=3#9zJ zu5-5dh;^=07hpqKlJ%Oqq^G76i{yXYpr>Y)Badqmxi*pO{7j8O5_#vV5_w51wnzWO z#MzO$t&n($ePzuy%*HA4T8@Qus~7Rve5N6Ffg8^%Z;6|Y`j00jhPU)@jGgT+ft)5X zX9NDMTQSYw65?eOsanVAvCT#JLMi`tBi{8DyX)}*cgcUFd=_|-Hx#c+e{_elBlBzt z`Hllt==YZ+IZh_)M)9YUNo_=RZ|%?Omn=q#*G5*=2cKvDqVrgm4M8kl8H&6Rd;bBO z)7S8|Ui75W0#O-W(KoZ(EM6Z9tieh&$ZAAbxK<8}Py?H5tRRAxi}HUk;mDBkJ{gHw zf>ym4iCH9xxx;_7NuM1JcFMLlOS_B~c4FU)(PSkdf0yMG@8T$Yr0@>xZc!*&CF>Di zPwX6gSv9hJp11iTd}tqqf|iCu^;^!NIwRhPxI4KLq1>|j;d-2LUPV`k0z5gfmDIj9 zpRKOC9tp1rMVc;Sa-tXGpQ9t4_2CQfhs{Pqus;2f8mYXx^?|vam0PZ4Flp@dNIRmL z*D0}*ZjAHf0Fx!@k2Fb~_4DMQaDv1`N9M_a$E7_rzJsnl)Kjw#Yvg}i>l{AOyvs_b zq(~9{1cw|~xJ`Q}^zSs*)uY`x3EkdXGy}g?Hv9_J&?I?9l`RNG@&A#3NObKVPE7Qq zK69s>65Ksv>FtQ9K6pFBN#2~W=f<2}p-3c4D39rkSdZ|N-}LtH_GhW=$PjQh28`CT z2WbdPLgcqNkt4Q;^e&BgYsQ>Dw~fhRNJ(e)kQa4U$k|?&?txz-a%;xvKy`;zJ;4QO zPL5DZ!A01}sqo-pw65D^c0S!H;OAcAViXeFW&K|e3rqf+@5>6O zVQ-J00Py13ux4U{`5fLn{Sg#eL!mU+?VRR%*zkc~f97ub+>`!J&P~hxh{HSnN6?0M z!D%W~yF!{Qnz7dpoEY+2amO5#plPiQsoO2wEG7R9RORLSA#teUo>&;Mu^MIX(Y(ul z;bijde=+@?668w!oKZvSnmaa2sp||xQhV?Rwx|g;gk>jg-IrtZwK9AK7T|=-74cTE zyBAa&!jI8XCa;%cy|CEvq4*uOP^8OS!mVZeg3?A`_Dt*}d}lvlB{EQPnv;RT7iCye zQ#ZDC`qkxVG7;o%r!Y5;rmjbzhRvsh=7*x0ugeC3HQ%3Dmz=2(YO$V~8VbuXnw0BD z@ugcgz*&<9_y9iz<_0)w(g1nr&D{XIF+gyE4qeZcp580vp4eXaS+!7PS%@{q&U`I? zXwhL$?4?B$6GN{^;b8qzr<8hP-${((4J0QqiY8wae~>6{wNadiuNnJNaYs@VC-|cH zDWVuY)l1XNVM(9#Cv05DlsI+MD1$aBOCCXNEP4?2A;G>LekDGo@5OcxepYa})J;mf zbsg$12{pJ~rrRv%Nw4XxLu(pFUl3|&n!`4GpzCG{FOVNd0F*&T+uXEdk##t1-0rcMXH3f(@q zz9FSv~e~N6HWnO;S!uLp$nPIV}!tu9Sjs;*q%li@=|}3<({&tTKqG z#4;ShWf9s&P4&d|${q0Ett+>~f72?rz<;-?`j#(XC^}oN`%v&~WWx(^@#nub#EPnQ zk>Zz}O}r7Ax0}$O%Nl|&;p}kevg$3JGxr5p5D9+T5d1Vcdm>W&X}B}JsS`&?t{a1- z4lA)uU`_fXxHs@==*(4Ew=NV|g;XE1ta61D5zd90Q)efEWnAQ>lttrDYu#JU5fm?k z5IQUwk~>@V#5P+jwf^qP;D(f%>Ua05l6ql_+Xj7ceQ?8YCKm5kmF_M6Gsf#!jLO>J zRu)q>^aQdXVYFvWpL+)u^#tF;f4K&=z&;iCi)J!5*K$qZbP#g7nf$!|eWoqj*~~lg zz0KZP|5=-DiQUT)=-aNL@I73CX!egrFKil=T!Mtqs#c+v(K!|`F#{n)hE+YWZ^(s! zTv_ZbgEpxKEas?pR~h~^$Wqjx)Z*d6C6zp^*s>zHY?G$=N=@}EX;nEIVygVbYxk;D zT&b^)k$gKR@^ObExiTo5}*|*{Ys)_U0Wg(n0a+5&fduk$C;$_qK^2_@not zC^wro9GGVgjCg*zne-yKOSOMZ^@saiek}fb=oM~nD+jc1r@lYE{a+&8%$R#L$o;Be z=hCV^_~Gyah-%;T@Qr%h{*R*jZ=|lQavMY&Ob@^Izm~?m*#2^%7r~VeL%E&8zvQ+~ zv}wBRpur8w&U?2PCMM=~rqA6O1DciLOso$yge8~^TK7wTgo}8Vs>+@;f`NY^&kQxZ z(jPoMyaK~NFRm$7Uq_#Wj4yIIoo&RoAna+Q=ODeoM zXp=ih8nE-jUXrXgkH_yuo5`5m+%^=5zS&Ni z-$L8+j*dyHy&Bi5zG~lv$#&Y&6ggVGL$xP%)O?|HpnQlkT+;P*mmDOI;y>On$UW0P zjllj(S~k*!9awmp3ArFKq?X=g5;)fcz9ccQljh?kq&``QC;qCN6P7!<$VCk9=;8w$ z`LRaHaP11|@g~2g%)4=+NV^5lG1)9(paA}L63N<*{!6+J2t;Ue9rC-(Rf)YZ$< zuxokDI`>E2)HS#_v!&0%|2s!$gtrIW+b`%(&~em?TBUF~gkI*@gK9D>S z&vS5uO6roc@dI25J8?Dy7f63DM}kIHB}anE_)fZo90}Nl2Q&WNJn>+z4_|^*B*eCL zO@}N?sVqZtuE1YX7(ZEyf1^#LbCmz7&^clrlR+l$cFB!l=eCyjl=XPjtnYAnN6v5Y zIM?9W$8ZKyw|RQ_+>LHkh1`BL(3Eu4RGu(=tZCP`AWnZ1_7Z%FL>_P2PJ6%qM#;@u z$pb7sS9cS{LA-Rw`#JiA6Zn$goHsgMOV%9M@=Chnt?wEc)Zo)dXyyfH4*oI}$ zij_UF(;kuiOVh^VB{uEtkODSPXIW2dTO`r+6_p7ieQeni8@xd?avsihu~f-O-HJne zBYnxmWyr;RTo=v5by2;|Nkb3=_*q+FIJ_9?TPzoFIT+8>2k)t=z9*$pF69;n_~+D6 zL+ZQdY=#qBN(eW@hjE`Hb#K=Zxmd#gKeqaB&i_Imz8Z?G33bIbL(Ho}JwaY)BaG~A zYUohxsgBpv*rz*?mVMU;@2#o6cfZRqoV@qY%W+quxE{rdZGy-EM+5XzyuU6j@b9VWz=kRWLhZzp7g;4K?0OT)Ln_xzkw<-j&d{D+ zp~%yrL;vxs$##7euEgA%W5r7nw~OGW$$b(BE)9p|pPU;Q*(YxmS` zuyfQKZtDb>TzU}7b%`$>g~^fJovA21- zO*qCYb$Duz@!vcsN%J4$GqL-GV|)*!@AHrGKs*;$J&Rn(?@uNjqVfkg@5)XcL!4^S=E<=PY%Qd%4AxQ7261)?CTX z<#jnTG&HdoqV2OJSVLIKR3FhCfHNS^Wnr$xQ97LmkF!HC!y$JJPI1U01Ydgyhf)Z; z@Rk4Bq4W!v$?^Ux=c0~b8^Tg~ZdqkqZ`tu}GJD6i#2`I|?o;*kW@RB z3D3g0#g^E@S0v7+4`NfdqAo>aj_n{7=iJ=Wd;DMQoG(YYd+y&8&2J5Etxu6W#9wLn zn)K&h7@YBOa$D>g$1QKfFM$`!IVF8=mGnUNY%YU{-O}gcrmCF8PE8Mg*9(Phs!qen zLEbpHPYPuWXIB*QeJrGCUgRj}kS&$*cSA9**!ac)h5`SS(Dyv=9*0h`+;Y2Y>_l|M zVw^VLl51R>ntM5B7^_OZt{AK9#!jtH$0N1ML+i%&tNhVWfh>!iS~vEM^sDpmcfv!q z!;l>BsrkN=H0P-~3Tx?Z(pe!%Cm{_(=Q{hXU%H>Wv_O`g=q)|fUAng{&G(i%{bf%q zQG+e>d-w1-{4e-bA?mU#|pxMqNA0$kFeO;sHb5k!{z=O z{m$RGfmfq16gV~Nyq}j;qib;r@?9l7g;Rl7qpdi+hO_YS;2znxlbRu{AG#d9!8{&j zNuAyAk^G^#_>cBAPD`o4cK)M^ZSOc9zZhEe#IkWpH=BH4l7byz?Pkeqr%x8)C#|~4 z8r=VgoiBHWlE)sGp>JB`J+TNy3g;ac2_}!w@m3c5CV3c9wE#u1$gQ(XT#F~vS)8+E;tq@^s`x^bS%v^r5sq?f{K2gl9v@Ok^9m+Bg+g z?31pj@?QMZ_m)mT`+edw%3^DbCvY2bCgQ4ZNa!(^F(z{=|$4+zj1%O>|xg z9%#$@$kgF7HuB*!on33DFX4@!VlUJ09pPm9B^h)jXL<%smA*`W4d*Ja^gc#%hEpeN znw90lXPXArk6Ri3Hp%i|f*9OZ7saW@Y;w6mr=gj*)FM7T3HOmupZHl>2-_Tk8CK$y5N|5{=^w6F&G5@msGexooB(p^_8b{mAv#4DPGTeNbl5Czmrxa z@9v24bXe|Utw+O)N7|6$yd|>==Yl&Be4DDH59^-W*CkB+%M$3^>i|N)8W#(qwg>%7sp(vG{ud@{E*s{~{eTCnN>!)A5f#X3lL2 zJ1cu)7f808XNFEU;64lGg;=_rM-o=bqXsuU&*Fx9$a{e2-|8cr8|6W1ST0E7&pe(D z%ckK&B!&j}AH1L^H=`Sz=abHTji;TFFNQ(#oG!2J5T}=a4u?MiccNObDzll3d21me z-5D=4-CQy4N68u6y()a+dj8FB>aWhY9?N`t{F!er4YLlx>n!PWua(xPrEmx~Go`SC_kJWjEQN<~btfraE!S-E zQfT2~mO@>ftdWate<|eq($w3?ZCMK4&fhGBzwmFj2JyV{CJY$1z-iH(%dST-|LKqM zRGWp2aE>gz*ld2H3CYdBFAINQLhd0U!p48ZP z<<^lKymo~gF1|Y(USI8-)bY373M??39CxnS$04v&!o z2d60X!f&Ayi3IWD8UDiiXShL*SJ2`o+09K5}z8yp!fwdGijw#OxVKi+h*pOU<5<6eI08mHZE8&m6X|bJ%`O4nv8| zt)jEH{=rJ6=(00&7Qf`X+iZpoFjyibyAARN*eGWGie6RqqjS| z!#jF%w*wb*<$NkQwXzKVVyJW)`V>x1Sg|(I;hzRb#Umi-{};fD-pj_By!Tu z`|aLNNe#yPa0rz)P@_NoB@0jf=-sc z*DK|o*sqb0#9Qt?&h3{4axVF6B~ppZr-U$C(kJzqiBTM!6vbR$6!j9t8>q8{D2}`` zAr`3{kwBetBB|0aH@WPCu#3+sU}J_IT0mk`&zqzUVHN=$>K!!*-00 zZF@wHmR;(_;a&gDj>qb}MeDDOF=@~7o!(syM*NRZK17+}wttWn`tdK(Pw3pLzj53t zJw1=wkv*Jdo+l?P4n^hOBvYpsz`w>J8HvxHJ@0A>>coA#-2b@9-5`Dj_@Z;G-uazm z#6P#njjF-zExc?xy~StEv^o-nICKd9V|vKWs}g%i7RN0&OKIT>x+iw=!~RZ{Ygbq3 z+7pu3J`i7fQ1aTw_}Z@}ue~I`b_`FR;z{Lxi{oowOkVrl_}V9u*M1|u_O^tzos!AN zaara+O>lQN;Tpg#g!8dUYzx$5{4^nHc;|>Wk1#C3MIe&~bUsn*J?4xc98dn~`;- zbZi)#_oU#Dlpzd%T*@q_p>HeY1+1Y=rGG}&UbqmGIaeQ|C?vgT_EViw*~N+3AGiYp zD+&Cx6BzqV=kbqhqHfZq)5hBSbgegiOFQ0g{R(}?weGHTisu$sifWL_Ifzm=8k(bV zcoW2sFqv`YoH#MSP*m^1+%f&ed+n&E1eKZt=tuzlW1aKE0C-rQ$H& z*v!qwUopHyVusI`xn#p-ZjHDZcej;^XR^X8f+uG>$-BH#K9;8CZUa8Ech~ zeb&HplQY)xKXbFspRx8J#$3FBGWQGS;C{g(+%G`KzKOY8PEI+`>M5M_AA1Q$DvqMO z-EbsC^M8qdVge)+juCAy#g+1xF;KK;zOTaoqkL3w_G?nx(b)l|QpQYkM+%0l;nz*wbpf&7Zl zF?c6hz8T~M&{;{&CI2waDql?i;~53V%Gm#4&KstF{XabcjQx%O*^@gf@e9rZy8;)_ zNwdJt!@^C?0`s1je8GL}JlQ_B@bi!g?ApR``Y8$wMf*iM7;;l)iD z>&hdPuVJjXGWc zcET-jJKBTYxn>`*=f*RNXx=&BaK=VQHQ~mGo2FDuPvpg6G$AE?E^&Cdo6_{TBk1AX zeCk}Ym(G@p$Dx~isoEkvoF)5n3J(LlbdFNf=WfYVaK@RAf49Tct3HLAWcSS7bH?OY5t-*pPkTjei znI>rot!H9k-KT-{Fn&N8E1G5{)$L&$) zJYV2;d79}x>|+{snC_%uXQly*5W@pC2&L7w1FKEueCkoK3mSuSD*}6T=4VXa?k;92 zvrXkawyU$JTxa~TfM52CX5RBnSWu~EtintRP{q5$T7+!e6u#2Zr-}Pa6&&0Pd z6&Hz^6eLTX)+v)PrSi0OE=Nnkfl)1ekX!IxIkG9r{Q|cK@FrnSsm${JOsm|%`!jvg z#`T`02dR4r<&XGD9szmJqBvyDk@DEmt8(7;NoZWV%S$2gyFQh2bsi0S(H38Ya_z*i zu`>Jt_JrQ+bhdP-_mV|!+Pys_ zahE9ZlRihFvWDaZSG{|qiM$cp4h^F~bd}RwzlV5yw_h~;PT2d9yoF=JZ}%DDU&lkh zp@!t}FQN4f|0*5{TYZl#ER8ShlpH-M3*!^Iv?{Mb%)ure{PM(Ug_Y8SU{CQGkF~#$=KUEn9uGn`d@~-?KYzyK6y3s|@t7vl zm%sds$1`q6eiCLpF5b!Mc~(VbjrX+Cx!H_Ue~L7u`|vErcg&8+SGO3X#xF28$;G8GyY^cAL$^NBjE>+t_>!lT^( zANo0ZoB#U>k3rcrKdUG61rsJpPCnsr@;QocpXW6foj7nT4<2Wl?D$S>!)wFDIf|vjKaZbB&|dLwtPR-ha_}Z0N8!NqnE%r;zLhP2qDEYX%4X268kGr3oAqn>%cYi{MoN(N= zob*MGyWb*|TLLMPi(3#)(sB1co`v|nJSA<|^gKUr0@z0-2pgZkc#S-S`^;I0*Wxk| zy?F90#E0a<%+5mG9>pxzwU{s=S54m3wUfR;>b&W1r#PvbzLERo(rDgo+dF5D`Vfr*u`YC z5Z6bTW`<3eg?KYpXmQLb)|RBR5RX1fw$)jPso1UQ(>FN_vHLgJ+&NAC5qD1YNYY$B zj1!OV&Bhs-$wjyf`@Lx zVKEm4i}UK2n1y%^x>_9CIGrZULi{tDLc*baBm?omH7~GU#RU#d!Sf}RXP+jik)s{s zXP#vrMn1ix9m{%R51lBxaR&A0$cQiT;$V_lh_%?lmvv{;eXyyU?@=`7*tJq||D{=o z^Q6cAKbwX4OCFm#3vsh;okR9tGA2%*h4^jsI=*pU<~a!E&O-bM_c8w0XCcl>k3Shc z6@TlK;rJ}X-m|gaq*;iM%hIG-hzn(D(k#U5WNFeY#9zzOq*;h(%F<7ypTsL}It#H- zmJWJL`LGmi@4K?}8TP54IScV2J(YddEX3hkrHti3(ZR&VY8HE^H1O-ucPGw5TyO(7 z@Ma+vZSB(1in9<`Rv}4F z_je0!YiRf99CJ&gZ*|sIC$IhEWD!=yBm5CIi4DqKr~ma?h|i!CbowZ_&i*%NA->9+ zBRU~(=dGODJGO?khr4WY&j;^7Iw9w=xKaScAkv++)P*E-o+Q5g?JJ+^tVaQLOcL5 zxUFtWq{_6(Z%?+##4mM|=W%w5U4)YV(yb0>He7u9XR0R8LR>26!1yf0>$Y%;YmdvZ zIJvkk#zEjKu2NnjI5X~oNV)gsNWJr}#Q$GsA>PAh06H`C@l>Zwc9gC%xlB$)N8u}z zLfpAR6XMjtT-;dr&u1ZSix~WEiBbJqZi6^I*yFf#Gi_<@FDBXKq4*~C*d(^Qw5`c| zFbsh{cNXFu(whIHS%}Myl`Z5h%A~Up>o8nMn1#6PDwHG!RhyoLcq>A=CDDfAP3$-n zvYRb^yZMXFLYyLZhm&R@eu_(Kr%RrO#IFjOS%}dRc^&u*%tAa10r|8Xg_bZ2@fOs} zQ~&ua#P?8r39}IEP`rupO!a2A$l3gPj{Uxxg@{Rt|MgjjbI?sE&qC}D*jb3{WZ>k^ zLOl8!`8#PAVk=I=UXalX@b_oG^}<<*t0j!nG5jfl!y*4dZewR5{-?7B5B{}8<2)GQ zp*TFqd;VGm60iG0yx@j-1y7Wu1U^KsTpt|p zh3Ilabhsh<7~)l5h*memEpCX17~-`j_s8>$*dx56U5-~<|AijsCAnqwN~}mms4{}` z{R~azcbuDb$3#{vl`SRQQ`q>p$T~^bg}6Br+gff()vegyJd<^Pk8M$MJ>!zGCw7)> z6b(Kpe_tlIc%sEmvYSKwZOnL{?sYAwB*=+&FJJ&9w> z#Y)Ft8!zjNRI7g9GYHxd+>yK3^(~=d#r|uc#`4pMzkB-?#Z#u z^Tl?SFSZb3OFWyT&&A!Alp!=-`+mnh*v@|%W7Tab$#F(;FX2vwcXn_`4IkkYlC;V5 zXXqw(CvUQHvQ1jzoBS$ylN%=6^3eH-LoMl0%!TBc=#t=su{9@_E+I|`T zd&b8M#oa~uRgQUXmwdj{4TJdogewp#;=H5O6Gryr<59SW#6Lrab47ZcT(yT9nq)P0 z<;C-^vn@^wnt=7+V{{=|=*QxA|E=`xjo@OxgIloWW2Gm1k(_K|5#ltNmwgI<5gHs>|Dg;9_??VUynuP zlBsruvw)%hb6_Z$QQ%!ycpP$5anN`Se-PK zxiO3#ZPReJFNVWx43T&Yv)mXSNs8gyz8J>7>*m5s!w=&zq`NUxCdKfoTn_NHo1WMs zUJU5aIkriS$MEL+PDvh+6vF~v43##9<+K*5g0%hRm8@fv|2PJqD*ev-ZyT+P#z4*2mYTC9gd%zV@BV zl43qCzP2}c?Y{A~4<)ai8ec2FGhouZAy0F3Db~hzz#TgD%<{>1J?1uf6nS;OHTre8 z=6>_8Q}+iSDRKLcqC4dIw%d9xlRf*7q8=HkJ9Qs&V|cH?#&Cu&hJ(Eryt)s^W7x@! z;lZRBru$-e?;tk~UJOUYW9Y|^t;o@SaZ(H~ODFB-;z1ijARfaKH->$aVz|{8!^Jj+ zCuIQdl*83-3~$Y{lYg?1oZWCX7UGmzuFa&T*qXKJV+x-l-uR+$n6+>ZSYS7G$ z61sgl|7n`Wf1*?IPtsX7d@)z{#2QMm32vPV@%*hWhUW-~3Ln^XmdP(2^u!i=)$4A@ zAvW5Iq~yb@6K0s z3nqFaGGoAv65n4wobfS3Nca9SQouNfJH+q9AiMT<#mU1(TG<-S5=7%0RB4Xa;f(8F z?nOLP%F$`@(O;sDXPyMtu8=zQeFw~Z0|(W7`ots^8?0e{p{<}JTp)jcLx%M7mAVG! zHg`ii`WIQtkPQdPi`Q3R3Fd#uKhD#nGrXj&s=DZJP z_H>~Xkn&~DqqN8i8}1Lu?~lkQ*8{%uHU_^_84sqfI!~WN_)7}r)SsI>o*MNm`Dg(u z024SFR_@{I-}3NpEYve=x`eSQtF0cx&AF6Ir!K+W#1!YJ#XqbX!-uV~G{xksA@!Jm z-Xcblrux5m=})($_BLs$*z;0Jn=Ht}^|Ei2@8mHx{fozV>JcW!zv8+r{yE7F=~Gib z!hGI%qGicDT%w~Qo67oMm@@U1KDwD{lJNIV`}{D|3qC*0eP1A+wK&@*+|_0sr}j?Z z8If~qev{>{Un-j?XKktX)CF$wU+yh&zw37SDQ*bl@Kuzof3GrjoQVpGMb={`{#tL! zH9}6qH9C&>zr@oMa~~C?KT`a9JumBGZc5j>?;rjI+a!HYZ@8u;}<+nIj@Kxh2p{e>1UFj ze^1(?^EZC6x-zJ^DilmFxQoFvU# zPnzagNOQu?6z2<{XzudaW!BIB&JN`W@D`01Iy;b8KJ+WTi!iME>^i)sWK(NTJv6zr zrXguD9OUa{_62snPMXhhNsRL#D25|*9%^A)!f40sowyzPCv*--IJZY!_nsSlD{#y?Nk0x{ z47L2{!rNH2k%IKTdmplHu>RI+>Mi51AzkbLhuAoYvY zEXCnd-K7n3Jj!AoVwK;$N*0H{-cgNcqx9Z)8dqFLVujYOE^T4c!_JzBR@bF z_@DI2KSei}d>)bUoavKGc&j6+Pu{{w>U=4p7Y}ioX+pZIjzLsO=aDbaC%+|E|ITrM z1BoU47detqjtR%XPS}C3&b<-rm*`QhamVcFeKy^r6gk7@q^2*8F}X)M5d+`Ew*PrO zO0E>@7wA#$-t7zZDA!BJo7kgVgsdi&`+RUV3&*K2wBTh zGvD#Zk{2ap2Ce+~18)Z)MbScx)AUSmj|^wzcNd)Vwj5Ua6BxV5Il68|$XqozR6Q>Dbrf_J+50 zLuf0fMpE1k^C6trxCF_51A{{(GpWJ2Ib4N!J~J2m4M#bRq`1HE)HRl>J9YNy^w1AF zT`SsYPwdW_CPqDnxDCc1oBzIrgwsAJg+q|8S5q-LDSknYGTa}HWUZWe{AV5KN^UK- zS>qlmr^~4=f>Bx&KVuTrvDIIkbI^KwC6wMAP@)iR059cme>OiLL{>x^p|q>MHH@ArA$_nh}V z=iJF8`ul%A|G&>i=AQFz&-?7p^Df6m%YdH-4&VD`s7>JMW};`@TF%?Zq)g-wVT*X6 z_nQjY&b$=6@ND5u!!1r=IN|)>z>E?G^vua) z5N)SZLw=Xi*1{Mlb_K1<@*vQ0Ld@^?BuUXTon%aOTh^94peuBsi)HB~PJk#$y`qL@gSe7Q3ai2vHPDX~bb*Ei)kh;K{08 z`O9ZhEPwf2r=v}(i)Gg)L2}>+G*e-=BIJpC<8#^0jn%#Y8#;uHQSD&3a4yxz#dR1$ zxfYnba}#C8FuH#S0gdalfzgV={u1hU^5;88qe1Mu2qFH3z9I@MqxF=n`=a%RHjRY= z{|dF$e_HRk@v72#&6F1Z@6dWW2(b{fUI1Fp2d(EOWqH2ZNnzt3Y{aSY77|)nd36Y1 z(dE%k1EDkV#oK|t1f%>7@tY$7Vdez@cmq4xm&Ps7y<}e&U|@hKgMKzj;Ft?Iz@_r4 zSSN4*G%&8DTO|9^wmEAelflOM!?IYIfkgAv^8t0)mc`Wu+ylg8YC@G}6b;Vik3h-z zhHUQ8G1>fnwRi^0j&HN%2!R5rIkfd7`*{3}f=`r3-bF zwL1jf`pydzJ28RMFew1Tem2}^*pQi$V_NNlR)2zVvu0b7x~^)}P~F5n|ApZK3gk<4 zNOEvdntBuhVS&fsf;mzX$-QJ@wB`66*fO+ImvcA5*hgU>ajbC|E?HgY`O1o5)VJ^! zLxnqPE(9OR*m-_?3`8v)1#%UG7E&TN5Jg>loM6GiSb52609pap9aBskj>a15|I2-Qz)ZbZ4gyrmO~Z?MS6#_M169oqJJ7Poh|;U4#QJ% zd4BZIN+ovDi9%4Rv}>T)pIsjf!U{qi)5igj|4`$Gp6GZ_u%)u%?k&w)=DcW-ybAQ69v2DAF%>v$KT{)pTaFm0`JY3LA# z^Ga$8`Qn=hM3=UsNRsy?Z0dERRN& z9*V&fVI*hOVFH*s;g|e+LyWCVGx>1*{Q7>$_T&du0Y<#_kE*U6H#Mc0!d4jD(XinR zEzN9(M7e6T@ojw$Qacs3Xpo_`#lVynp(#lrYL5~J=ryzz8sSm?qO{*W=ydSj!v6au zN6}00{gVCpD(ROj!j$H6imn5@2h5IxmHzl8b104pzvM9FQUHhRmpno)3NLO8SB1vV zDy-Zu*+QtjdVa|dM`MUYKCnKN>Kx4%g{2s*u@S1~;s$&IKu`DF9Si=xn77b^x9y6a zTnm24ld#~YLe+At(1M?z(HB4#fQT&kc<5cnf}cgFj&M=XvkeNa*qiLWrh{|~{tx&b z+A7V0AEf>^`b@LncaDTzIB%cGE?mh_Ohx=mnutCu_)SP^{D0JfA3-}2S@7HFiX|-g z2ej*^l5fFZWJ$t;SBkk?MGJlhscr`8(}E8K+XhcJMwEITc~wKHBGT;?bk9{kjG6AQ zX~EwUk@PJ1(Ma(ro31yiE6lMHBwXnHifPGah z>;&6%>TIQSL8xH4H4+aaQvu{V2qCbnK<4fLU453@{V&<^^Ozkqm>Q z#q<-BV917@2nk<^R&A!vVSs2^=8;O2FQDGr2fQQV$|hK(D$Hc;Xg_$b`z^7!C?~|4 z@R!4j`uRDy3pL@5ObJTgUY2RAz%R597qw4j1s-oJcTy zxhvNjF?XT4ytP%;b#gvSV3lg_BOe9WB4g8fA#=nsGtZ}FV7*)rxYK(!H`xn7Ei=0+ zX5fo)8fuN)lkljbR&u;G#9#G7#C+I+@a> z?~w>dz2(pr7zx)uN}msyv$+Rc6JXy?PsI#=cpb7s%YblJ$-OQ3)`gEA!Wht|9ZeH= zmzt%^Tj@MWXp367kBYGjD3%9LNR4MD&M5{vtRcuD&q~EOglwN?X1g!S0<>(V~-vTgrBq&K4mS7;NMO611B zxsDnt&m;XElv&Ipt&?s=dWyk6Fl8Vq+7ZKkCy^Cy)ub@nV@XtE5LaIud~^;Xg9QC8rKquY^&bOVFkpC=*U-__(@iW!H)8Nw8BFj|W6Dm^H!lV^ZDU@m8{U;|dAr)cafL0? zOcpwl=nvpd9iy07O6it#m&L>fS$vEho0TI^gUuR9X~&N{p>zz%LF!z#wi(~zKr&($ z=)>ua6X=lS_^Bihu7`iCy*wJ+F4hZkDh6|5GJ@^cPM3Tgx`Q2DW4v-%m_cv!Ysx~s z&^sXuL&?lW778GELKaR&&NR|W(H#_+B>Wt%gv)YwBa+~}@`CXdcrK6Uv65>_fZJ(!0pR`(F zcx=d$zvxH!tW6h#Wbg@LMRZb)dh83pO2z9@u{6T=xlz0-y0%@Oj+%6Z{L30Z%wA*c zdR3r$*rd<*aYwD!j{fePwveqAYOW`YLti~)^rE;YqymP^atNS9 zF#9e%4Sg+}bBK5pAp_2DHA>sO(^i$v zcf`}~w=4llMXmi96PEGw644W)G0uqNrznq)00lZ79&hJd_ZYll#R0j;;5vczUs2`r z3DSSK;bUU%y@|QEf^N*Hv>An+^>VN9-PXuaOw550#o&UyF*w)A$A5SHF@3C1Un7og zF?buI5J_K*Endt4lt^{seD1Sj z=;Tht`j0w>z>}bF{;n=W5wF@z&Pp<@pVFO+v@*G~j|?mLPvLlds|b$Bn|=_%i$glC zdOxcAm~C+NZQNs!*lSWF&<0BdK2>aS`2(k1pwGZu&|rIHdd}Hcer-q2CAY(a5rn+B z2S5`i1Fs4q0GO2sz$k9O1AScIqK+&NvGk}q9S|-Avn}B2X#zr7CI!REa3j8;h)XcK z$h_KsuOvemE~fqgnUA^gp?`@?X3Q5H5pp?aDHa}oxC&%eiU#XsJFG!xw07RQ!Ok>v zV>4Ydy)T#|V4!HDhYEn$kzM>c)`^HK2vV(lKn0OeSH;Ea1s{Uz)M9sKf1ds1(^5TZ zb@6Nw7P|g!3Ui&tulYa<#Iz8)I&==_<8?S6rgOo}_cYy&8p!1Tlzr6P%{FjB%xuEM zKH(9t68ofUfskGl;eS;iL`G~!tClM{e)p+pT)eU=Y16F2=wHZib!dN^wTP|0(<&bk$M7ChW~TV^F56u`GQ>v^6-2AT0K4m{5@2jU2HA;}}pb2IpE*7MwnszxKUZy*7ZmZ!Poud5K1Bo1i z=|Ow--#c0h-e=r9`Um!9MBdRJaCPI}(GX~A;~jmMa^DZ{XwWd!19l&TD;IHy^<0cI z{y*`K{<*ua8|@gXt|yY0a%2PGNo>#sVCo2>RrZc||BRSB+oLzi@0T{k#y)1J#qnAa@lO8TV@Dicb zeEp64MG#pjThBFF={3K>bFp_{I`i%dNlk;s#b6oova(}Mo&t$jGK)&LhzAiZ*=&x$ zMH(`H0C)o3Qdc^OC83czr7j|iPE3aS(=Fgw1Iym zs1>;7`LPWMH^~RM;YTADcr}=Wmt}gL;`aJ2`)C!(42wih_+frEs9IIw+0Ge;^LW9FU5HB4zxN!vhaxx=0SJa$1EbN13q#yK<`l##EEQN#&mHbKo5kqh(%$-GT1c8^BT1$KZ@73-wP)@{c z&7qoHuV!tJXMK{$GV5Z5NTcQV)Luo9**FP_#b_GTIAZ`X7{}xvb4`hrvzD116*H!S zjGdTq2hl%X{A0=_7}(0>gIF=q8$uY{qaG83TK~*SVW?nZ|2V3*_Bf_7l9}qFMKX3o{G?V?({HBgDq>UtiInggb_77Gl5A1!Mz~Ti8PI zaipZ8MAcxGqPOOpJz*rMcuclJnVIXSYP+n4dmm;>^o^uLq^nIeKZF{^po^{_jfNcz z%dpP`KamtFlvLE{NQ6^!@$9T)>|sA4i}fsgja)0^{^<1(2=>Cr*&uNk4V4CoA7Jq) zxRSlcZefdKxgDLL!icY*9Le;Q z2646#wkbs;tnG{IwnFADC=XCeRLf3uh;%2>TjtfTxHy#K9bu>m{Qe606_VH6&#`s1 z_HU}4YpS8egII|Tj->nU=S>rO7hprtO2Rha{R(G)2XBOtMl$kX`W9j+OMEXYx8c4r zI1EzapT+M57X-Utf1c&a{lyMTXQKcQ(;~b^GUUhl;-rdTRXJ%I z;s!_MX}B~J*z$mj^CRpvXs<;3E_AKOi{v#(k}F}vbscyB7;L6lfZGZ4kdq}+Jkte0 zk*GivA=bO?4d9h4^(lMWL!>2~evA@>l-**#2v)!ZmEH-R^*;Beo`exC--pPX6<~JM zz_8ri-+RUa*xR3|;)?e7ZuC02LS~8S9G0~wbjD*@+S%W`j|Gc0vki&_S%W#*^k~w% z+DUXmr~5VAf3&}sEEQW0ZJ^Y-5=W=4b%p+SiD7l&$#$A~E*ll#4i|_tk;m6$ouDG_ z&8-3L;%Ku38HmZL)^6rH=HQclnl8`kUxYIw%}Nc<^w`ZGh^#1p;noaTJD52thsx)& zV>@cD_&v0ec0hj7;_V=yu!4nQvWer;nRisoz_o)2xWGHOT}_l)WxICTZd#2%c-MaR z2=fHu$iZ;-hj(yf)E8=ouyqf`^=zou;p`GYXVmVj?l;wD(~uDDelCP`DrSJX>Lo8S z+eV%c{|FzH?8NK`0Phe1c1V#By#HKcadHKU>=bpMN|`AVq`;r14_!2|Ur-h4co_3A z0N8}TL(R0mNuJbFaDhRz$f}(Q-vLSR^j-`WNahN#>oNov&mgh~_6i;=pD@$80JX@T zQ_E_+U*ie8)S73dltc!g{doodOmaNc9HL6l_EkzqzLt1A_|L{PG0SY*Ib7UYJNOd zpV|dA)Ct^SwD>ikYtuETS{@S-ggl^OsomO_U%w3yiBI}p)XGt>r?#OY$Z-vYrYW@tL(c0O?C<;9>kH18#6J76Sbo`=6e zEi`356b3k3UN!QSpSC;(I&Urj_A;jJ;0TYpwHOv$L!(j*9zeP`VNqE2b-b6*+aqU; zpk~A@J6!F^Sj+cEUi**C5VWWBAu~K!w%SDg$iu=Boh$Q4t~b>%yHWTV6zSNnwm-5F z$(!nroB;B$6R(5cAXu@Ca6dy2WrSZK)=FUnrHIMHkt!2tlX9+Sdkv^anw6(y z!z%kDPk-i#vHBxF2e$g{kNhGLy*H5BE~U%b!9_IONjvxti9I09epX`u!bNB9|Npdu zUjikoVF#~3NWU^WxCDL#6F+6`;5x#k|3`LkxH@UDeayJV?cg#xp#8RkCrf~^GCQ~r zYOSgrycp|E4v($e4(r0O^iG6g(^cJO3A zugnhqj6w7&+rd3WQ^xJ!^(4ot+rcghuCar+AgHnGua#L&Re!%kG9*R)P4B-Qd`Xfc zo*iuGE8h2&Ebw00&WO6`-$ zoG5quC;A4GiuJYJrfD$3PB-_+sS%U+c!7Bj3FJ^j7cn4bO_%f`AMsWe5J&-Y$*Ecx z7IDp?7#uIr1};>VWS4JM;$a=eE(Ytmz3Z430&lEjWS6f4Nbt6c!Cp)Zkdt2xTIdeO zf~bT}w|+`wj^e#bw?!npowzZOFjBrQ^R7_>jMZE!DK^yJ0tL8_LfSC--}8XDe}wXx zU?!}%Bj2E}-x8btW^AGeF9r+V!<5ih@NZ5n(_3G9$#0vA*Hf2!D#RbcTQ8aWx35+# z4mR&28~!xYZ$f^YzejC<_=p7nW7s%MYNDS?J1>m1dcDp#SzU^xHudCp%-t#PBm33k3uYN_! zJNdJVh2J|@=C4Y=OcmrsOvrD@9TBVTuO6UzJzzebKYQd~0x=NY)B!f>G*Re?P8gk! zAl_DC4VJnukvrzq?gCnw^=4gTRXUsAH;k_47q&?Su`IYlcsuVu6=J60)e!F2_UHPS0Yx0Y%N?41p=AR{(zEokL5To|45s~5@N#b6sy%25D5 z#*owc`g_h#Ky2&L)Qq8%`)5O43M95`L<3?E;GX z*i4V+TB?FYq#iv8ZXW}{Tz_}4lI*32wVuFU1>cS|La(<2f!>5;hr*h^-74ky#)P}LC$ z_7?IcWqnU%c-+=L=YlJW!BJ3t9_RH_3*G!q98cwBz52QInub|F#l$1Bl;xH`4DpL>T@%oP=f`*!|2*&*V-Yrt30G|TDsiKRHM z`pJENe2K$(+;=Ht$K}2@ru#tglbLwJ->#?e*W6xo0vyK_?wcth<4T?qnWSrJt7k9& z^s{Y_u5q+5-=a;QZ&V&t>lhDz8e@1p6)PI!J<%A@gWSf;AVAhL76NDN-N9~hJj?kG zMA1rq+i6j&&?Mc?oMi?;w4PYPXlQU1Kki% zR^pS${7-!n+~LUO4bKX<&?*chez-pF&#^4*K&Tf0J%f;gT?}Eu0s&BCJOBzAD%iEi zs#I6tTv?gy!5Yu1T|b9xe);R?aPr5weh%uT0W8|TyksZ*;gr1Ocp4}839<0xROtN( zUsSJCF;Xk+Q5Nzl-TKrD4Tb;X zS;$GWZvDLhfi?!u+AP@~~Q2>*s! zlO461hj{^yPQs*!N7-2`Iglj^hguaLp0xkeA(U-(x%t0yKJzxqvAgOT6*t?{>Kh=C#Iafndk`&Rku@@@_W z$>H4#@aXXFkMJ1r?q+o1JZ{?LpM|A2Qtf_%9ip)0dss0mnvbYv}7IvA@-;r)K!dEWDv z()Cgo(#|S-r!u)_5+`@T8ab?W3AtErpdeE(z{a15*w-L4PfhM?!H~8h-o@Zaf0fe0 zZT&*@`UL!~m}eW8+8&O67!09TFD91>^&bai3$Si^6uyDU_3dSf?s$;=@92)x=(jn# z<4NC}CQw%1YaF#`@nEoYMSGvbKM5#`ATJxS){3DDuY;_V$5;eBPED7a0xR2J8}(vD z{(Iyx-XA@Pen!9xI(*zUEc0?ThR^pob7qi)A+YP(>--*85nz3dAi4n420%0 z!d%L9eVZ1iljEBtlTPjM0UfL+^K77GG1wBR1sW4`0f&j@M`_^P*XT(^roTy(OV%v+ z-kW2(R_!F<=Oa1pDA7~#=t$Agc#M?jF_Lm|eak%7p%PlPkI~ljNBhFhnZAq1Xtd3d zruOagW@)2Aae9mgM(0LA+#i9fQJ8Jv;?|7K@wzwKn%IOiN4SD=pEbDt{Z<~)`!Pg= zKLmzjO#TV5tXim&f50rVG`Wu*)7D`+oVRMN>ZpB9>|e4M$DQ|T4Y5iSJH?LK=fvVR zQ>@ihOF(ePT0Pu`XD8?QO}J+fdeRJmaP;*E>6L}WZK#L89qc0FDFIS1t(P$Zp7QV{ zCeBr5w0B9o7q6Su)!vitb7v>^#LBiCH-2qyZzn1|Vfepiiph4&BvVAXG4wL3-u>|a z#(lI|U=00Zu0FXy^IgI(7lU6sA1myE&5FTQ_v%a^Zs68ryx9IlqIfR%RMmEAOGrNvJwH3k)-4b5Pet<{XuL09p!{6SBwLs#k0Aty83_LAz=gU$5?o4O z`FR{KSF3-sc^#mT9fY5py-~zJ$0C-(g6p7i(85~J&_N$OQk-8pD9+*DbQtoB(ak!(Xl7yfT4E5`0g@u({e2H@@_UU#JCG_?-mYFvY|xR1+JI z(AA!Z#$6{cCT|C82CjEmV|Aq`m!50J2pW5@MXFJgho@3>fJ*R{0cH)!kFEsu?vB-qa)n+=(?;&zBqO?~r!_S&jprlhaVbPtI z?IXaZWU`(?J_l{rZOOb-2`Lri-;N2CUd(6SfjDy^H2hZJhmf3pl_pemGS)dCfP=B0GJG*x%IQv_z5N7CEhMJ2scrLv2MpJ@>Hz!vnPX~y+n6Ik z(Y++zp*Wo%>!|$Q_CDlqpXc$+@nYY1BqqlIlkG7zin{H@)9)q4=3;Tg8xbTAQeOj$ z@)e_63*W7PHTP(#>MuNfWM7^MEeUu$Rg?t#Akn3rLO<+h3-W)%0RH*85Mt2Y+XEnb z`ej>6o1sb*1)4{0c&S@+cvbW{;Ed8F0QMrs>BKnTxlSCC#*GZkjBRD+J%7M^Q)d>e zwtMbS8lFK@t|*=$eYhu{tAY-!vrAve^UL)>I34(a<7Xju{5zc*GW7R(yt216BwMJu z^t4JGArB=bWnFf#>0t-Ahvs$BLzhXFsR|fjhy43XI^@3qc8;pGR}VT-b@Iv2%+vx} zNTq7D8$jEbKGO0qQm1wnnYbIwfvOJVm)$2$ePWjjwL$su?}Y01RbXGgW;Do+O_V(Tt;ByQ;;Vs$6u!ZTjBTii*MGt zlbu(c=!4ono_qEVY5Vqt-ZY)Ingt-s29FT<;8h?rOf3M#uLcj@Eq%PeJ}5_36Xcha z9SX}y)@N=4Rkv(oY5=q;1{)#^VTB?w$OVZ(PKJktu3x*r4zhVP$UE>$ok1RYBpl=q z@GI;fq5SHeRF|tQKayHVuIYvF`Wuk8e(deE;8)am(k+`4_ZwePYY;zl-U$3j*bjA5 zwbS~n@mcYRevd=H_Kn#m+wu_mQpfoa=@t96nf)!ylgH3;KIwvYj-JNtIKvGEhNy2poud>+k2U>`e_Z;TByZhNV8jzq0bqZex-&0RHX|5y zcjAYf)I4>~2h62JMh4n*x@BZ^wHIu>69Ub)^ZtgUe#Hou41pzZ3cdBJSVP-k6M0&t z`wwUsG(pzjbdzRqx+5`j?RIUS}z^Oo6OGxWI1W_)EK6sqGtitX_8ut49J zmR2n2F`6u3WJ8d+$qNctif+EAjNTPodcB-`7dbX=)f=D{z+$OUgkrvV1GMVY3pzSL z09+V;O_K_(FB1iEwr*S3`o0nCAg znL@xKGFPTIpIN>~rWcp(kZDWXKq6SIaAT^_T>|$v1nw_dW`4m#2M!d*PeOljDN^#M zyw$Oz$j0jGh;7|3Xons_uKCS;)0>=$+(2y3qrQM%A6Elqob8vuf% z82jWNE$+)L;uYEAzIvHRao;-gTyOsBwgFha&Z4j%xT3DaZ*~Vr5aBlE!dff7Us>_M z1lp6r=uHSwVb3G+CwTEbur@QCu`3S5do+4WW*x4V-z07|B<#c^5wN0 zK;WT*_h3sQvuPIEOiwB^z5alM&`gF>edu@%VSH~qJZ)!(dlF7T-|c{SYCb#QKm+H` zOv4XrYBN0~PTCBqtEDM$TJi88({!pfh2Aa(*ks?H$@I(VPApC{4f!`jZ`% z0LSZdkoFm1oubF>@5t2tLas%J!f}3Q_rp{H>@EU$A<_!61}aZ?!Vv050KO^-pkN|c z)^yGYXODSDvp-5Zm)YO-8xE8*Tji{tIbfj>^Hm0Y8)*kn=2Mo>alg$o{s?;$e*=)! zis8L`qdJj?MJB@JFIv^8wBm7S%j;jwnKTrIyeL`42fr!sHTShqc(491#%}2yTvJ#o zKdNSI(b8L0bM-6oH1Lw4v)j(E>F$uHK{M*QAy5?DR?KaY=BDgEI6R6C{l0?IIJBj! z66W9a;O`8pY}E(mLN* z>r^UiN(^*}sX)H`cbqRBA$=op!JmPImdw)1(oc=!{xJ0_Lxe*j?|nJ4E?T@SJNu;> zTeWgB6GzGiZ6+2*4Lo4%zhGJMfah z;KEZ%xL|Hj^S&5>)eUmvNlx^PpHb?<0}mEo}|b-}zmTzD-HL z27ZI|`{7Tp4EA?NS53=T>HTW42P>L%yg-yw@`g-i6xR|x2 z1V8H4U^Ap>O8*XvObgyp6Ro61ov9F=fCFU70g2b> z5|MKlknm$?Cck&$&y{>D$(8MGszFqjA}9%trFi+dGJr)*4z;O@*O1ig;WxU8AJBu^ z6GrV4JvBwNv~lBFCE*a#7dj%B`2x^)8G=i@fG#w0C!*cxLJ!R&k>6DbmDGhl5+i^+ zzG93pw7l)|{8q{X#-aCHi@)@Kp{T{RoCRgz^qs~cXm;ll2BbVelaDQjZ%ywK24B{{D-5i+d z{+#?S+BDSvKjtcl=e)i7oyd9X#BX)p#7*s{F=Yq3M`jUu9v<^A+PZH_Ex4wwdyXl9 zGXW9FEW+Q46Ki%{jFVd3NH!X9h;zVRF@|n`_vElMF(|`W$f0JpHP=VKXROhRdKKN& z%?jP7VY>!YBU)5Rgw_UmSFtwT|E6(ar>sb%#VU58;!^N>8!O@`q@~TU!;}RYX>@Qw zL$@b&8ejd?TNqLnw2pa?OqFbuVe?^D8mp-?E7=8=j^-@%!T1CL!vUANy|P`CfwZdqIn zq~ZOxv6&9=1CU+O{fglNBMK6s+>Uo1lOGA3*a+nyqDdkYWvE|1z1=@|!|F2U<$g6%ygv z-C%58x2qUz%{OBoZ61zVz$GW5JTH8EZo8}bwh;;nA74BLd^}$H_*5ta@bRtq6Kq32 zCw8~+bI8}j81==+Js7sv@bS+cjqx#ajm}bkdUlcQG;WZW+}oC}O_(ek4u~nZCm^GY zx04ddy@L>I+5*&j2RZVjx8iNMnC|Kch9YY1as0wXnywFv zPX~;dSse)qz`qeKZeC5$SD0mJ@v%Uvp#eFrfGi>6$Sz^wF0^IZ@VW3iN3|lZ+5Ai{ z7LT)6zdwegwx>-z+L}DF3#}MYlgu?{v8v|B%OR4U#<=P5NMp>yZAsQNt!ZR~mqw?`ooU^5P15da{q7EBcN5+2$T&iIi)mMPrX#2<*45}MEa>Z=^Uc+Vkl0nRr_$5jCM&!Sgo23l1fBH`V;c@D*XqInF zO3}%a4@GWh$HOWsWUcW<&c))Zps8#`EzbnI(6@|wnZcgV5Dh6^i4HNlQbdQez@_az zxQ_}SBDC+`KCQxu*_vrMzmD&b!pZAiL&3N5a1dezz#)%?(K8JtXCoPkx08qyZyV2P z=)xAD$F-2WieyYMiMO}?5tTGrx~LtLrjP&Y~)p#M34c) zE;pBv|7%0ox}L#LNTnOdod!BsE=cMF>QKsKHYdB1k^)BXs6!?100Fxbl|2FL06$oh zyp+6Ql7^ws{OCr}+i;`Z6_(%9i3zE+o)M5&@0PbRWsgdX?;I+fL=|o|XGQmk$|M$* zpTaNK9YXGiyLcl$bcl-N>E%Y8?2q_gif%OGa#Sd=v+I*TMK3B!T+dE6 zJg7{=pG6IOv1pZSxNez-M@0=ENp1KK`0Qzxb&IIs6=)c2aSuShY$@gCXvgAw5>|$4NtL(^odj#1WT@}cfeIPw*d`_CjaXAjWvI)!6dr9@+)83+%fj7QH@xsP&iwIJ=tYI- zoyXH;VQ`s-2S*M6nA-3uXzR2QH;5WuklOItG7VoYgrIW$Jb0Nr5egBd*lychB|8MK z-M2$i4~k@HB7XZal&|PM(`WE&f0@SMYpZ)Soi?{HdclFpU)kRQ<~07=@%K>y_^X5Z zHDd4;9)o9v!)Yn9!saM6=Hkpu8mqTxKw?1I)qwKQ!e~U#Lf+!Q2v9N+D67xv6&?uB z9iZ6Qy&MQz_#iC77K9k9--}6i-;RHh+Iuomm1&Iki#&Q!RxasDEZ=l__-;smL-`bwR0~y#_YljcV)uDYymi*Lo7~KCJofVtJdD{0t>1yHm$1yFnv8crV;v zF?jrMBSd+Ub)XNg=zrf0>VvIkUYE{fkIlho%GTR@A&2#!CX{J-Wz_HkWJHo|y=Iw) zher)t(J(liVjQxyn;}37J=)EA(d^hR3a@k;m@(Sju*#m$e2~zKCJx&#l8OEB+n0%a z1*pGmTld{)7BMjr%;%9=P;ea!a!az$zRiV&p-cF7$%i#l+e()>ELJ*;`xi=B4-$7r z-R3pGWL0NC%a$ffspmLV;*ErLjrE9fm+I zO#|L=1)3|XtUwSD+(3Q|3CDg`%Yyzoj{9$5T2>#e!6|zBC|~iBp!mKd?zP~TG2HX* zl8=DLZN=Gc-yuB-js|LKwT;byI|CPiW^MT6ReAZHa>2 z$T*b*&s>vEf(;=Ah6EQO3JNx)t_VpG%FZhDe?Crw=a6f*G+2h;9u2^#-M68IM0VYR z?@*I-y?Y+kZ6Z`_atbfGA4?cr)$99@OJ4hiHrZkUUf1W$l9I>rgVc97`2GfA0lxQI z5TVt>_tp*}P;VJktg9qvq~iNnL|ADoe_Kn4?_n^4!EKbZB))ZPY$Mm$a?O8=B`@-s zKglA(mq@UAI%e5E5sn|gZ^iNW2Z1_h6)yMV{zxcCgzv-c^T$8?YK2AB1#8=1HM4Ft zZ6wWHB^&CI)~`Ueg!>Pa8oF^~+@R)$EZ3uWvyZOKtOIEt{~$~*5^8dyu63MZdHynv z-aL_`OV5Lw*B3~1jVU(^*uXyAQDONIuly8K&J{RmkG_Wdh2!AB1^%tb%zCqC)*#8! zbAhZFym&S8Xdj93*ZJR<69~9!uMiAu-rPVCPj+m%dj&SrHrIt!tMKW$Xy7$u;O^_t zxs2U?r8CUc@EFmy+%RrDxO{AXhS@P3W@~4dsnD1!2k|3dMnUYxFPSY+vuVHD-XFHT z(`nlUHGy%3iJ1mPQsN0sdGPVh9f_}|m%s)kO-1&$tg7v8hT9!5@ zz9-7{g_L!L&M=EOq-NI7fF#+*bff&JGW(SZ@-%oxjhGBob950fPXH+j=qW^8>JuO2 zynPGoioG}32Y?0o0v0S(z}havYk9=^Ohm-?clIJyF9!8c>)6Us+D(QkaYe(9v-M@r zOhny-djWMvE9&Nt71TYCKfz=M#IX}^705tE-cYzED{ENA;16&jzzy{n1#4QxU>~>z zc&@e2AHx32W&?1p-A;gK9@LZi17O4CAXT{4z}o)!NLh>&!O?H4gu%dg#wWtE+29%9 zbsvX#*~~ZTg@j?qvOQIEeG{oyycH+bvkz4_Mg^Grt;~uNqf z%gD*V6_H~ffh#xFTcm#wBIh4QtydyaO+`-N6aYCn2Aomf;E{1?)_{>89!zOKm2cBP z7UuDtscBgLbdABK0QL524!dHrN07nH%^rnTEe~;i6|@^N36?H?5LN)uP(^+=3-^$U z=WMP|g-LcKm93>P-Q639m2$VS-zvzsk~Wwky21c#tMKnvu+?d3TrKdE_+~>%INaZBBMpBw?#im3y|KP zlg=nRQ(GvbT#qzR5Z;QbO#6u2;Qe|v&-mPIqs)ns|+Wkx7 zhN-pP+!T*}@K5bTb}9&z1%*I&($4@FSp?ww5rugIc42mPG@tPlz7SPfAe`PxRGEoJ zApgJ&4QOPhK;o`g~5uo(f?EXauOVk2n}cMrf9ec(JS62(J;rs4*(uX zHuCHXyu8ic*rBqb`zf$dejc?yI%*6tw4q~0L~2=Nr1o}Edb+Y-(6em?QQM|`4=4gN zn(^VrUWzw4RrJP&72KTxL)jv&tDaj#ez6~6v(bRIv>t#QA&_8wR2ogKHE>hwZ9##G ziOY=dmyU|qT~LLZFJ7Kb+RZs{CGD(5uAJ!ni^0PTd$q#xs1STbhD+7(&gw?Lx&2bQ zDj~N&N6Q9aADAm|1$K|yZ-Plibtyo-eV_tUxP47^T)9cWT-A`u?MvwZr))PG1|4c< zd?wt?V3^L>EQ(rgX9f|cX>zza@^t03mW(b$0T|Zdx2SC&pJ4#PboEZY8wNZ zlH9#rsm76oj&Zb)<9wgBK|PG=!rr5w*j4d)DuN)3HV>bNI*0~7KP0X5vu)q5aU4Qp zfhxa-yBcYHg;+Mbyr2SGZRjoSjPX%=%Ia8w8-EvEEf?Vq5jW*Vx57PCUIB^L7v;?GPp0=a=h%a(67yZK*= zk&W!yEG7z_)BNB3v&CTol8sf2zh9Tf7AZ>Jso)6)_5)hRZu{Y;r>56m7Za14!0>1R619KPXnh^DcOa;Dk{mCs( zM_HP5v{Fpt{-pA=uwek_CMF$^&1aLCbaa8rsAqQE==X*3On*{)D+UF&D@4*U^IK)4 zV>nnXoJhKKd~hoJvaYuy9VZig3F%muL-!>eml1c7bbQF@BxWxAl#ZJaFu6P|j02A8 z7QAwC+bM3uzhNUw-C6wJzMEG#DIu~%NIgAt|kj!wv>|KN(b^G;V#$Q zl$W!)CT#nEIg0}+s{N{e%<*Ax3RUkSPlyZodYgHhN=IoB{_V};P_c;^#J(f<5M@(r zuEm~?2Pmh&&lsCojx!Lk9jv`kJ^_|XCozvID(2~e?sa(U7%=-7GhkReqRz(k zl($BXs%X7QbXR##a3>XO&dr#q9mRDn?+LCri4#b1D*ppUpyX+a)Aa*S;~)??ph-c) zK5Gg>jIq=Gz-P|$`A!fG%xy?}ty=ja#1Iij+ac~_n4=YrMup&GFfbUC4B$li;GKGS zM!Ngj9A|x!ri9;@<9EbmzdnlP4EdJK@z~pbnz;$LaVt2z!lDsB@|4jCrd)A=tAjjD zj<|jg+}&nsXxI5#%KX9LJBHmwCA=oqv4%=qAQHvtPEht z9`w?~AqVL^dUPIqjijZ_<5Y;a4{u!@32)H_iw^b9ry&w}yV&*PQc8G%8Vm3G=oN7F z_1#2)>t(V~4!9*eqTSzylM%ran+qxxgZVIJ+C*D)Qa8&BbSZw(V8nP{AC2LZ_)!BW zoQXKd1-gPH_^`LoT9DC1CnzK;l}>v?=^Q{g5~br}ydgeKar&O zvlE^XY*<%7H zB9##Fx79HLI_g44hM|kWj`R&9x$UBPisW`3DP5+_N7+U15Z_`@jo#xr#mSG15R-Cm zz5JP1hd(Z>>%k8eI`+~&#_Z+ZWW3N`-b3FD!=FzXO!H`uqYjKb+DeADc?qI)sOE1X zzWK{$=tUFVhJrtby6S#Gq94uD_yv^U=D;0F0hy-s?OWP`L zLSDZt5R+0yt>SDW+Tt32RfK+wTW5(0mp8HbclR57%?jenLNNW$ zHxC9f;eVL!-xu1W9U45yK2+}Km~Q_;`^7F%yeHH`E^|jdb8RlOFrT>tH?oe+EIj+@ zJd_#aU!hz0ePnJj3k#EQI65<5-%UP`u+fGapgTV_B9LQ*q;rQK>Sy)-R z0i$s7ChYw{^q%bIP0=S*b~-?`O<`MP-8=>LxJZ@m9C!%7G;>%Zm=ed4)%-;8qC|UZ9 z)Q94O^#BD>g<`I!A&2Jc!Mc#SjRUtGZB?WLU!IG{NC&PZr7_>74!vShp6^2aXX1rw z5!8Dt@F&69vcTaeK2{Q5_cLAlspk*Y0O3dXz?0)VFJ)FJP4S&HGb%v6YGGJssOHA3 z2@mXLU>YpgPXpOPdsm5B1ws4=6VSa06BUuZ+MQ-0uPZgWzSByM%rUrbkg1ECcD$+? zPS8XPhaSypstOBsMNyTjw0M@~UdPXfmWj2XtuV6lYql^Eb-}EIN>@jmM)|Ip^*hz- zYLSY;GjybF#bQwLT>^wl@DNym1EPYr1X8TGQg^{)451Z*gm!S!B{IBH$(?%!TWivp@s8Iu$$YVg<&L_Q#;%N9cE+pbhz__#w7Qmo*$Wop2K}w;eqaOvm1;K-QV!C;tU3LER1+fPy;GyI4$0o-hz z9ounnoq5Ym&X?lFOp{a?60vYjyL590j~Rm7a`nse6!IlwFZ+|m&GXF%Hu>52~-=WNGM)1CxX`IOrQfFxC2VBvpD1G0~ z=97->;$Uwd(I*2EAGU1_Z0Goh-s^t}+q$J6#DJQrusTeThPNefT#3yXY&Uu2@_Bg2>?V5TJs>LG zat{tXs>%-RF&(!?b5*wG^mh7)GOByY6hnWxeH>mQ5*E({KSZXjbRc#20eG>}3!}Dy ziuNyzx;9F^o=;a%zcc3F4F%aEN* zd~4}bQR&Sn1teY~W(Ou{30>@la(b)tsq1qOolL8hyZ1Q!iQyy*4@L@$!C;61Y`WCV z&tu(ep`e8_?QbK)#+cUD-w(N#xjrx>N?U|83+sJTaxyYG#>>IQz7Eh`P0>r z)`PKH4Jar=;jkfZTA5U@UGOZQ*Usuzu&95fucSO>im>BaFkF2IA^m9V*6=HFJ&$TSaa}c__;N+?qPBQ zPxPpcu9+u7hx#OLOSIT zGkCg1y4vyLG4|)!OSaF?W6fO0;;sRe9hGf4=0aJm=Ha%=j+USyCq3bt#d9i4f6V58 zN!zJyz||&=`ThZzs4PXuE}6Cq>|-%l|3KnEXDMe0=D>ZdWVVzuJ;wKQnCj@()PY6o zgvkbnBOy>7gs$Ms+^_`gVfP|wXtA|ZAK0RjAhxC=c94m6!)yqYglUK7HT31N<|Sx1 zKb*qw2t7=w>^T+wPw?wQ(Gl(!9HMA?&Y&qtF92f`pm#bD^OiJc_@=F>)mS?-Alf{NKg_e#$1QI`)J8kCmQ{ zQYSm2FddAZotNPd+h7RO)#otFG103Eu3(1fvZWLsCsRsYnuT8Kv@r@-@FwIk54uKK z6Xxv%xL#d_E?}h#=*A?(yp08-5bE&?Lz&l5$;?&c8;6h0Jct8^D8ps;Fd(M9n^`Xg z{lb)+fDse$zQFm!?|zFS2WJN$rqGBf06zcPRQ1~c4;K)iE&=}d^N1t{L*|)IC*3hl zC;C|Y1z2z-!{0(~l-D@#cd}INK~sE4U^wys%~|{o*zFDQFXYHk^Ttvv1~yRCd=DC1 z$`U2FoFF|0r5(dQ2Q+VG`y9-Sr`{%tF$Bwp%U%c!X+Zi79G&i+$i{>t<|AGQ3G#fz zNft+ta4761@1kkr;~HEE4L1N146gKG|)N5eHx*r$yM87=* z_qFAE#&29^@iiTd>5ub`m{K_eAEx6sY{=4Sqwc5%;L9? z)K8C*24z_FXtCm+58erFrif$QS`2!>1GF4ghE+=^kyROrGjH3Qo4Fj>fe&l8ZCZ}Z zWTsd0d+Xsj(}SOx-m^UB(2qKnZ@4q&0t0Z~5IO%}+JLJFiNpVW_Y1-4fpQ7hLlXeA zFs;uQ{M5lpfReWUbaoMRuNGJ|5|Xw+A~`qni(GRrz9CWByys;zd+Am*@A@z(4d0?_ z_<92>i2G4u#WpC6#bdr|ZF!3&_o^?})$*4?TtpAH--p@DBMc3KpMqe~DI}nw7tJE-XKP|ax(nT24^aUx~C4^Jnp(BOKg`-lcI4YPGhZdUEhSBzb9Ha7$Hlm@YrK4$j? zv~OQypVruS`7kK{)bD$9vN2Xb$NyN^6rU{?>OQp5;HXi04>!9ahAusH)Y%TYDIw`Z*NM_-6gW;Wyoo$}3r>$<7cq&IQg5WH~jS>mj zS6&fV)To8W0Wrk>=b@wK?7VNb$X;d0Gp@`}zVUJtNbGeqAah~wJ?*Gz>=_cggD zL*Lm4WoLO6XW&i4x4?9gfuDkVQcfd)U%oongVa)Aw5qtImh69roH$b|UvV5bu3r_m z+RI$GkW$-lb0eJe@}<{+Gn~>$+w|yt>HwYoRl3{|wZ&j_N#dkwI6FZ?qIKT@d-j3J z$=~*6A=GP03-zgZ>`AziH7_Z{NMYM@K0zmEcNtw*5nix{F7Xfpi{tV1I>|+dj_vNsoP}J^|RQ+`qqc^O9kb>Ad3-n1INqMTlA&8+xpil4Ws7b z+%5#u2j8Gsisx@EW{q^5H5PTu?`23Y^reXbG5BFLL7_6Y%Ju5q*+t|<9xF8j?#U=h zC{;iZGq}N~veR=4t>*gnviYg-aU#Z%B(5WemS;ObcTyC8i@_A~Dn3_%51@b^I4`~D zKR-td^(#`)RC$g8zpYX;3#WAvk!kCq$?XK+gg!%iri4L}aJTunk{t)#O#S_7GO?f` zwWe3=U-U+6h5O_t!BgfgAav1K%{Tj#_Ob^NuRvM&+wumuv{R71_M6*`m>K6)IFpKT zw9AI$XukhuajyhUlpY94ZBVd$2p+B$kzJh;wS^q2 z9*cZwvvfG(PonZ&j(83pWNf|-;LgsNM#31KBBV?_!f_KvUs&qfI5*{*&#H0{f zkKteN+HL9hU0F(I@FKR2>12waXSzyv#UYUraG5i2XZ)lr2hzLBT%&qC?yI%*pb3sp zwuz;F2u5`-$8e+gb{KRAUyKw8pAUt73*W4tuzAX57Lg%aX}psXO%#Wiz8Ndvgg$(f zp=lfujcmVcT1ORUJf#kL9;Ff7@%R{KAdgRiPx*m+<8eHNQtPRp@?9vMnCqUHd)*vi z*`5N-P?_JIbVi#@JyVOZK#ptQ)y{mSCt}+%d-Ncx_aJ$#0a1;lhu~(86i+9{mp8!&cl1W8<=LLX zEuOHD_&tG|M-UCq*sY=&#JFWFQN(o|VX8$B_w~4>)phfQ#6v5UPL65_lalFwJd$s) zK4_MrUqDt@YIr+pYWI^`z?sBnom?Nm8Z#g0wl^6x!M{h~SlSjP=8cST7}!_v8SP)V zdwagZD!muH?Ni!={7Xo`x3jcyyIB+61lPerYn?}f-%|v2+rrhrQm`#EYO#~0#LO6A z2DJ5;<(=IGH;bi3zD!r+k3W^&k`w@suPiAZ(Dh18S}Pt!M=ZG%{WCaR*lDm0=0@;4 zIh{wgV^t!)&4jZBWF!z^ag_-};CoK!Ox9G;eG^18I`MHhN#dU`w$_>I%q6uZZb2sc zNUC}6jiT)yL-WJFg$~uN0B}O0&3ED}w1{!?iwBnBWTV$^14DrVv6P{+yIQ4CB+(B4 z8_d*^4x=u6F&8)`Vgzl???4Sg30R$`w*0zUqkfuhKq zNW+0-LJ~UDIx+W}*_vGir_mLN$Fh6|^%=BqFdKTr3dGOBQ$`>zhG!FOgcTgn<~ZLn#B}j2h^(h+t^Kwq=s=S2 z_?-N%<;pG`Axjq!1U^7)VWC#u3Qes8E1WhPv7STIs1{w)T44Z*#_?o4X^p}8Y>MS? zkG+HoO>7zXM%vi6cy3WoY{~H0 z_W>l=(yqX5zz_l0ohAwb*pw9ErVfyr%GDSH*hBFJ{ZA3@4$3)j8}H8*1+|WD=(Y_b z%M^?L9yEN^m(`kp4*K2PsDNew30$ix<1{iC6^&7G<3w#TUcswoqdM_@PBrX-{ZeEx zXrV7``+}}B=5->pcW^(X&vNr$CD#NHioqgvw#HyxBJ%di&6gles&l-UeMH|SL!Qq- zAAinuA!S4t3NxWM4duoGXppQJED?L5&b&r;b`En8ouL++FsiGU-{48Pv02()5!xEG zDF&Z_^)!EmM|)$)VW4$d#xUeeG`tvS{rXbtMKf`&Ej+y;rU2n4O`9N2;s_na(7@H; zY4Tq$&{F=z5A$@uPvJeeIv}Qz&H@vp^`BiOjkJ1myEX22uIk)=yQe?5MEj&SsERJh zXP<3K=1AkSODP%=pH(OM>|tq3pGNp>bBK3>&wjrZK#kjO!fW$2p*~Jk_Ms&9e@0W8 zpi7<6!Jz{Z=0gCuD><7=+i*r}!LTM~GzZd^I-|ICigBkR=~QvaY3gA>Xd;B$--PSt zabq8P$B&*iE~9rYhn9%+4y{s5X9sP&kiPy}z(lWA+FHQL5V?gQ-U5i+e78#*0TecP z<&BDphq3wmRq=;F!Fl>Ny6=vvPf_sxKX5^4> zuotWi+~qU13gQF94Q7k<3NeojfP(|Kn;Uz&8ARj&LrbQ0gl#$8Z~2(CtUybEN@FMM z4|kiEC4NI)u<)+&9nFAhkK+TLw_D19fAm{UP91PB(=wO>e^a-HZfS=;OFAH5!Y$zB zgfG9K{Z-rp|A*CPw?oi{SY`321G5h}Dfeg5&bFD)P(s^u!8bBLTh(nM3DXF}yC#SO zE_gtlg!!PFS-%D&b+DYp@Q(4P434c<>TrsDq6WoIt&u?0F64^joOStd({A z+n9aY5&@ngzvwYVKf(p5bGk5QKvQMWShnY+pUiwLaM%MpKobeBo`ApNo6ULv8_<(< zrQPn{kwrLZc$vB-UMla)aqOQL2KEP}{Z?e~)&1Q}ORM!3%YP-#}oftzIWRiGinMK{_>Rxob6f@k4zvO#9Qv*untxRP+3xx;j;8cZB z$dnU_wtxfd=b+<&3!6+C`ew)D32 zyVwKFqa90LEwLH8j%%wUOJRO93!f8@} zG06#!kH`14hhJm9^5!Ptun6lPZ-@e#W-oDD72L%kV`uLnob{MjKm&y~_>1$0qoiZb zwTsW&!2S!mn)nJ;gde-slTn{PiDUq16A)*DV?!9_i!XV=V$K&%CIuBe z-J*$N==qb1(uwGxjU!C1L48?)0@6lBSb@9gW9D|cYZf!ta9$#Aa0Mgmy+~bX>r9im zd)RvmVPy9as?teN!QMV;V6G)#*324E27#N2){77rl6Mdb%98g#2>(L>`H>0`B}Cmw z`Z|ibyU5|_C8Fp>C(s)5?|?CPWNC|59Px(GKb?N8Ahl{upOmdPoYmLbCLi5NY)THsAWDe z>Twn|Ky2CJIP@Fo#^~#b?bcMp4-V4ax6Ev-kQG(bDh5x%ZNetER_?%%br@lV-PX0< z$|6<@FnL+h6`A@Bp=(^Q=VV?5>VT7Mb`rr36s0b z^d7^AD1rh!hN#=rqHZS9YClWoAg?yG1Q;U=_#!+c^eG)k(W9a{j{YWk)LjHdm&)ts zshO!-6;AyPIK7+(tWRWhLZ3_XKqx5XRL_0yx4rp^w ztO@E%J^SOgk$C`MRUlizVN(xN2)i6nkh-vFSqx@dL271$&ZZm?FCqLm>UPe%Wod&r zoKc(u7}FvbH;OB>{Y5SZgU^Pn1u?1sUn4w?NWlN7-_ctT04M-|lhiCM(K( zH5J7R)+&qvxdo=#X|Fc67l;In;O6AGYl8nXWs7$bJ{E&tt>Lxes2+7=>m(H6SfA|A zON`~Qiq!`o#^BGRR?jh{H?W8mtbv7b$UN&8{;m=pT)vFh(PSgE%_>sQ#Iqr=ID zohFedttiT&)T-jJ(LAv@k*7M*Gw`Q7xjE%;)p&0yiAaNAeG*fE)?)t51E@If3 zqG^^wEIqZC$lkv${+6G;zshU1n%VpMCmnq?ijmmLv-cUXj|qMCO)_y(Uww;SQ;NPi zV*uZ)zA6lROw3V2VZBWzwF>K9cq6XDdbgTAgbM2_*#Hz*Sm$jn!;8YI7P$aj|LC`z zEG^>-YcJC>Qdk%H%{EIN@GVvP{($@VE#EK!kGg(VL*8jx27@rsn8K=*4#(MRqOv}Kau2SgTbEQ>0LXP8{ zA~qMROHg{)z?gvF0nd)A=%>~HC&Kb@4eSUtbeIV(NdYIHA51& z`qko#CanGkz(txAeMeG{Ol|`$X-h4MHL%?nx>}LieFtBpjxwIG@c}+3!t-&F`nReH z;qVc5I`w|b#nLh^Qn#Cykw|q56+#*QN$P+zHkHZy1K#booRm7??xtmMC}cGzQqw{P za7C&Y7*TRLKEO)Wz^-iw+azU-j$0aG?3z{5JxHv9-7*yYuhJUW0ElNKb+d#?;!?ME zG*egViaSEGE{C^ZrS3XOmWtF}2+uqC##V$z*1$r~Ahf7aMC8RBkgq7>dyLb88Ppqc zdiB;mJW-S2X}BYQ>1z|>v0;BB0F!lzW1vA_d1M6CQ!o;tDI&Xxx%VdK-U{{rsHM#a zCF|v0;kzS&jEOlh?|0B;j+Q1O*lnaDwz`&J!Pj%+JL-ijJezi#J#cdqx>A6mV(=5m z6EQU=k1x@C9{DKKVvIy_DE}HgQfJai2MrU^(hZ^! z&0Ky<-8;7fmJ&)Smoqnnu=IcL+`9A)^8VhrukbFKrMSJGA>zD8#K*D|zH9_K6lw!4 z*gq(bMF+lqj8K>x^ie| zq>JEI9TC%GPz1cWxgc>a3_c}V8KoW`nGpXoWhB`zRB4p^dUz!(R7)}VTOCmVE8EnD zdaRGGah~e)FTn*21ottVE2dtW^iWIE+;c6ZX4V`cLERe{g5Sf_L#+Tk!bxDRMRua% zxesVE9yDw#(ERE%fd+jDH251q^8*7-_vyMi*cEMy-+v%L2qz^z+qKB-1eYKlBtpTJ z!Os{|s^fJYB{RM%W7I!Zn%oTvmb!)~4jz;yA81qW>6zM)roiw~AAcE_sq#6d&LlZKe;KaDCkkvLGYe)CW zZ@)1M0+OzjMDjiAs3q3fzVj7`&ULmw+qSy_W%A}WVWMcA?W!-xA4zq;A7jfnMUzf* z53zJA`~q~_D}L<&i@VA0+kL8i39kn|gIx2Q?yST8Bv1@Yyiow~6W@2Hzb10P&Qap0 z^&?q24n0tn7*ZtZP4wezK-ijA zInvF`ARW=6tt@l$V;_hdl8Ohs6& zV{RW3flp$o8IgrEb4UUE>&3J|L*`uBq!xehihqRvI{;?*c9Kg&YSWX^!F+U3Zb!uB zyKzoP37CxmH?ucn?UrTk<|@V_u81BkKXf5=zW&Df35f{cnuZ%3iqJcAGIw7(^X>{c z%Cd-jaTYXfX_##^`6FTRMWtK7D_qNKGx@RGKmBrrG@Oj8fVUV7)hMe2ZWI0wEACSz zanBZb&9yHCVH7+u3b#=u+oi3U+NK!XLxZLpGcXwL+r&q16MH&_0dyoN(t17A?KQqO z=B}*C`mh;3zQFSfB1=8*$SS5$7XVh!iAzxVZKfFPTaU^ihk!dAUbK8eW)TnG&FV*A zgJ?kWPVfhis4FkH0lHPNXyt3J8uV5o?-m5J{1k&(jcJCYy8Da3)+&AItr*+}0aNM2 z0L37S3_??`$J=7GE2tUC;5nk_tm7my_y({a+%-Is!6l%Sk-^)jymUb)@kNJP!HTh8 z-$O;mzf0o1m+*~YcVja>dRazQ&9WRflT&BAk9%kR}zPj zBAO|Wa1zP8i&Z5Bt&HkYR7wM;0zrqz4b2C02C+<-vr#Z65o}3+)j+j@gd+40(b+Qn z*2g{Ku!@s-PNh1DBi#5Q;-j9B|5huaY7g0=o#;M=o(ZFbG7;6Mw2vkR+EcukFc{lG z9)V~-qS_7XNVG_Nq^-`5WN^YD|$PO5thhfO1yGD6Mp@USN;OinDibX zSB~Yv;LpP#`_)uXt!ubPre}tJehHQDUmFnM?;}J&OQv^3=_RyXss5ZE8^bWLvqX`^ zkCBggB@)eGe%T|{bT57?GE>Lk>HkJ9F8wbC72P0m@d39P^&uCpN$8@vfyY=kYI>hM zCgfssvwOvtiySL^a`DM>0OHBTzwstrF8*4J)~h2IJ4^hXbbT&BhbxhbleqE8QU~{$ z%3~xK1LJaGeM~Y}YF^>KPcXgzQC{Jwl)S>Na6O_qS&J0e=p-LHa+;F_Xeg%_$YY9} z-t!)%!{<$R=6-a3HoU671Tf0=ouYi!pIl#Z9!8$%A1Hr{y^%cMcyTbr-u#CP|K(se zw)^#NN(atoLaLLv#0Kta=t+1uecdw@VH^&zqi}Tnz}-(VsK>RV3IDsyeu}5XZFgeV zdaCq96yRmtZlK;xu@7e<|Le>%?yCp{j0C*3k3G?uuNj?LLe_x42ZAq2_(*$FEdq1p za5Dwgo?(V~VRu4Me6HaP9qpcg=<`_qDi)QaZ!t!1N_K-mM5h_*b=6^ntxMfqiFA1E zSdJPCRK>S&x_|SP7Mr5^y+w%e&qD?1$v>Bp9Mz7fu`^2x{Rplfj#1mXM3 z@WN+b(8V&`)FY;yV=v;^QF!(uEe%sV{||fb16Ng%KK>sJja*79D=XJ-t{EB`nU<*) zniv@t`KQb*MM1$32rfpZhN3Qn7!|f=W>i*Y)|!!-sZp6&xkcp`+gh=$*+r?SwPH)S z-}f_f&OPVcd(rmu`Tkz7@9*_mU)|pKo|$=O=9y=nnR(9PUR9f_VIOMub;0{sA(B6+ zu&C;66sI<`;ZBPP@k}x7l%38cM9BfCtsD~1H~rIH!1C#4atx;!v8Pz<$zjQ+*sv>x zV~8zbYDXG6Jw9^X5DA$c?JN-U{t;$U9c6*|x0(*28>Q>nmpi%@JjKE<5LvGCq2;?B zTVi@54zWIX(b{~G{^xqevBy_p#x%|SjN=^=Sz#d#3jI}aZ^_Z%aKjt4n#j6?KlmDP zj`MiZ0cC!85cf@4o@eaftl=mp^AoX9$H}~dGT6X2>tAw)EDbuDuNIGQoy=`pmY!G# zmyigHsnCGKYUkjdueQCmOqcm-Z&^X_Tq}3*kegn$kO-zTpLmIGfkjTdh`o2-eXev< z#i#F+_*l@1QX7NrT`3d39kaez)*#ys$giBj``@eOjbGQ{28(ia>T)682X7SorxK~! zrHpRD|9oLa@ype24!kwsy=s^A3L|q2S;<`~_?W%{%<>$V8OQjQfud zmFvRMyTAK`UIfoYrTXPRxK;|Q#S_TBnW?*hh}v3=Tm9;t)AQBy7X;?RKK;elmFWj- zm&l&IRQ_I}&eZ4*HWta{v)Ci*p!Fia z`d17J+fm!vtl<#1ufO7iStdI==eZ)V^737o))p(+Ofk_~-)z}=So;$*Jb996RNuq? zq>0fCGQxJ(E#|%a>k`k^;M{kLA&U8)veLQ z`dHaT$NsN&(G7S2{C8j%ZEzTNRDYtXUdPY%>QgVHdZ4L%y2M|@ zoM1QC-rimQi*Vaaw}5p1o{CPWDKe~Hq}TecRytH$oadPl?KlqAIH&8E8{FmNzd%c- zB9#M8X6dRBH91{#t!p9&do(21`VJ}YCA&-2wy)%4*zXgzv}#VJ=+Hg0bsp_v>%cYy z%dML3&{nw>P&^NBuO7x?pHw`r#h8DV^u~Vpm(7(rqpIFsE`HdR%<(m%&S4@Ut}i42 z)c3DJt|Hi1Hj93$)pk4BCa;y4pSi2us2+-NE>{ih9RJi-+_f=#iYG(Va%ImGdo5zU zidCKbpRZRBs{Md@cG#&OW1Pxv&s?vL;f$a=kJwum`^kGl=5b{pf~#g$5G`* znH{#@Ye7r)(+r(i;_ah)9IjaH@a$FoAvO}eG!BoJlPOfUSCq55MeNdAG90#~-Fv8F zzac;0YI&*Nn9IIGZ6rSCvW`}@w->G^&Tz!Nuxmj%)qT_ryKck=e1Li`#P$P?`?Vh! zrn;&8z)0kwTf!+dF@e9)e+)+*vh!UPDWj-#GfdwB47v9s^FzM<+frAkyE7+!jcQ2X zg!zK{D9aV%<;g$^`gE6Dl5WQr)}K_GuG18~SU$GnPlD&0@<)5riB0BPv$lOT-*06X z>)Zg^lf>>`@M1rhb;;!r^vId#u=UDRYkebJ8;0<ssCAR z6J;AtQDu0yurmy`UuQS$`8Qs-LhOd(X4KBS&-@ad3O=>m$1JvY@GmlY!8`cZSRBk9 zd{>FEg*mkZx%WptaIKV#V64@y{>yZ99%|NPyHCDJ@PGtp_}thm(uc^)p7jvG;enr{n(+l zL>&Cg9SDrFOpm-c>t3o-{WIKBoS*t;C_d%)WJ#=7cOAmrL>2$z^ z|6mfkrz+#lexy|;{fq+;8h2HFer#Te(_feET+n`#PNiciLZW=}zQdvfcjr1v=Q4EX9;;NH z`yBY*l5L9Fsy;M@xf0yD`{j6LX8Bm%fN*^4oHw*{8zqnK+#fmG_4J4m>(id>^Vd1S$;&g zskUSSJ z-}N+}+=(@k^7?j<3=4(iVSnEM?uV5oRyS_rgZ!v))$}g?607D!+wZ*tisr2{yvOnL z)0tFv@L1lYNxkKxYnTnDxc7A%z9MvuxP!M(@A6%Z{3dbLY`geHR`CJt6@SVs-ak;~ zNmdzo6Sm4cU8ZZDa)%`bU}i~>%?IXU+lR|4m6-05M_c9hZ1sFg<%Xn) z3;Js;(<)`u!+(w6=!PvP(iydTRpTd(Y6*i?OKb4lW!AX}m{ zUyG_=f94HZ_!{fM<>4UT_x&R0GPBU->anSIHJ}8ap>~9n=KdYq zaNj*zYxN`|RkP`idMi-xPOt+KALX((>#dH0~= zmZ&aEe?n=+zNq4sGrIio0Pjm{2t+LA4XW(;67tI;JIKU5}6WK$0f9l73mH z6;dckSGbbCG?Q+Tq+XI#=1>Saul!MVQC$`_s=jN};PPcZD2;0q82G3uZmW@EjLz0 zgtKi*_)9ob%fiZ+tLErctVx{18t%7ku1+9v_weE`I&5907 zU-WwMx{QHqdFkjIt!@TtPqAQ!_{*DJ$HWA2^MS){@w|G29e?q>T^e;p!C9<~oB39N zEuSjG8yL-Zny@l{$t7RBjG21oiN{#@T4wbvQgYO0M`C=hkY~nwN?=|jox#gi| z(oRWw+m+PIOnO$5o_8fhn@JUt^nferP>EJYfg}~WlJ=TO6D8>uSJDnM=?Y02E=gKR z=Dgy5=y$R@6!3@NN_lE(1s{w<){Y3=y=7PB1E-mF43U$T`1p=DvF4d;$HhCXi_!MQ zv(-g&?O20j(~HE!A0@B3c5LGiqc2~{OwwzIJ(QC2iSJIi=WJQMbM4rm4t-(Pjv4aY zqiw-0@2iiNtGxORbL|LJd#WyL7R;mS zptZxANMqzYu08X)?2GI*!fNL*%7$Az`UG9K1V-2bKSpJ?z!aG__^xK!<`igEG>9;Q z^Sage8tIE}q0IH9pta*f!h@DyS+GMqu5;~BG1HFQ%CQkUUPpMS-56a5eZFql9wjRY z%}wQC6*fkvV|pFb>e6wDy9OFb{Hi8O1Z>c!iI$xSv4$&lXU2269ud?c59?ivigL<5 zO9{P+tnz`0Y$`?MEcU`IX*x-J@iSzFwR7IKMCW|*Q}eR^Iz@yk@3&hf1#NVmrWQ1< zP+i`Z!6BT3$`lZMP$^q1SEUIPxf@&Da%`7B{>rlB+VHl}NXw-)NrRP3V~CVo-H{H9 zbo08>yvBoiQ*TMG`GmHWIuEd)`=zzIy!1mIZPlcVRQoo0+_cuWVmGoLb;}wcn=6;B zo-*&l%GxYbUx{XY64#O_FXwf$LKYyJ6g<3|)EPsXChr20tG+w?6TeVA-TJ^J9eUviY%J^CBBy|JJ-lgjM z^rB=b_7a-bWfNW|u|`|LNZH(m?ZtYBs00ypl@?_U;r5%&*)fg8K(A_j``GB0CN8Q? zEF#?~ODr0axM<$!;(0~J{BBlFSitr;vv@CxmyItnCFoY=ZbhVYTMxLtI3E93oLCfb z@LB7+h`GfS^BE_}#x-g&NBzQEwQ@H_jij&D&=7*Q`8@{sNkYQRZ(wP9eAWA=JQs)n$Vxz zT3aFQy5UO^F5h2V6Zrb#M>t_6g&ngNafGJ*E>#f}rNAzm5@LxrOMq*_LNop`hBv55 zkLDYADK(k?s5iv~TVu#b7Bny-|Gn7VnH#rI%D zMdRC~1(pSEu6sF1nLhrppB#&ZPTg*&7Kf%**{SKFsSEAYt3p%L?9@J?sUt~stVr5e zzE`JKjt{lIpP0bRX=k9Qqi=zD+yy(tm$DGGyUx5L-lVMKn@e0P6T$-P#tPJBer7$W z^<_xKIz2%?PcT2%CQKP6+9s(sAq{V%-tJ7uaIZEYk2t7R#lx!d-F%85@HCn9EFn@< z$fA=#a-EsnBG%|$bk2D-ud;sR?^wjmqu(zLl{_ z|JmBKomr&TrWZN|txYA=ZLLjnr5$>0G7WUL%zNdkvAgntw_wDgmoKE_5><71q^o74 zU{1H+%W`T8iD3C^T*9JAcFXgABTlH)xupG$2M0oB{`j3O^KBH_c)43n`rcqUW5tDs zwCy>EoCPB1C-+kJoS41Y_QzxxLL}VgkZ^@asJ54}l0eVYg4940T+5hu6lPL|1(i6K zFmbLm<_(^|HH-HMR%narik|VicTnXpRb^t4jKSYk1c{YGq?8XFI#&-$9>+AJTh)l@$4BeR3k)a|n14*o@g;nw)QsopCgiy6ztR=p0Y z3v1j`i%hA#2gzna#+ zsAB=^n)-%z=hEJw-9v?FVVpP=*F^c@pfoC20ZU(ztJ+qoI7m^Kx%7Cjj)z&~McO9i zW91v+o%KDX*RCp6pKiZsU9~?F3(@tXKD8)z!0=c;S-FGd40?gp;UY^mzAdn;xmL9( zIDZuR8$WWalhR+^4>eXTYRUyH;L|y}6RDi0LlscA*;c@#9GvKY5>l+fBp4pTui{`@ z(fAzZ5VYE6Qy^qryIM->V^$AZ5>#Y})S*+2(A3}Csb4Ztg39{EqwBIeLR0@?r#=;$ z`X;H)rm9g|{XsxrerS;jTj2Q6)Vv^pN^7GLcrZ7p*-7DY{y}n%49eLxO$eBjXG}(QsNt-U`OmmuD`kH#LB>bLkH1fFRjyNWS?`O#ReKEH%VClZZO2D&KdU71 z+1kYQ?0<~1@#|?-h3-U^_$&3ugSxM8^(}Lwd_&K(hPQ87BDtBZ#etphH`tBZ^9Fi$ zCe7lHRn3k0H!@=CD{})GW^!sNPFx>>upx=n{3Jb2L;u*2t)5QL>CvSLwZ5BlN0oY7 zwUe_(U&ivXja>3I$f%fY!hE)HP5N^+YOYP( zpwyqZ0UhLDSIm!4dF4k|Wu(M0-)H9iJ$dE3nA}>wLyV-9gP)mS58v6iI|BEOBoI4JX2bp@fVR_FO3~~AjC`E6t2hsyU1~&MS6!T5@8ql zSf)?V@n9;NH}8@=&j#^es3 z50NEg&_4A%nkWEC&1V1e+1wn|+SJD!D`6ChaYX~oM<1Y2+ju{`lLX+~#t%P(|R4qbkLv|wdST5~Jy$ezTOPK|-7CD|<8GP`fAivbNgPyJ26EkIO53Cn{FsVBCev&1nI&hY*tIfUHRz5rEkm=r}^sbIL$NF?tkDP zvz61V$fYv8iT30gur8+s@S2hMUe3;ayPT9>Dz9D$MkZ0|Ww&Dk#0hjZpo|uch zwv!hRJT_Nb!NZ(kXgSlg)_0Z!Tt&eI8l7Jr@+Z-YQoMd%Q1V_RSL{MhTefF#osLN*)na%bXAq> zSf^wJx5{T*9Vd%T)1sT@h-2A|E~8pAOJIWc z=c{V#pGAPywD-%9b^Ja%RpO^1`QZ-14dS%FP@?< zTI#w>U39OLjupf9AC5n0ds(lIKE4X38(J1M2VDPM;^p{Un~-1z_rzf*ajC&vS&n;7 z=jgI2C8PMuwvv>LgZ(V+IRq_yQD>7uyI6#3#SQrfZ{2_YY(DYX;<)eB!c1*WDox?^ zD^FTm70D-aNB81PJ$iqaZH<-boes2yqT($Pr`DF4d#nrz8Fjwmh6uf|$vh-Wt#6Ka zfg=fc1q}zuT=KjwqrN4%eBd3o>9(9Dr%@4W>eaO>{b!LxFKeBOB)%9NN$i_tM-qGR z-W^Gdli6oS5>L+5En6;H3JGR>p>81SV8%x;NRC8h=PxrO8cW;}z$e&p>HtNJso2-W z=Y_~DbI80KnT-i+>yj-GTTglaw8|+PzezZ2|sQ? z!lrg3i4W3*|16St?_TT3%u`BCm`LIb_Nt8~ zk}3w_iX_f;xb7OVu{Z=Gi5pY}fjClWhVJ0$VLLd@(V81+4OOX#$PmV|(XS4F`ocuF z)Qe52Z@wF@kDoc>%MlK#U%f_dD;US`DLt!51 zWKLVll4JGC%0b-A57F*NlKQk_jzGkJ{N)N@0NjIafY ze++6&?;wF{=0qScB$jyiS$EYc=O+wpNG$O~$r&6=+!n6*3MpCBHnjE1q$FxDyKJ=q__s_D(*nL(r{1fm%m(*yY%*_a1niSKGpqzcq2L4hjkr|Bv$4XyG9Ijopf&T&+ED^=>2)%s3)#C|^; z55cyiojBqIwZWI8kSmUOA0AM}5qs;Xqt)MMuooT1u&&f{ggAJeR4f65piK~&`2GvM zp&^~EmbHtb!hlk$rAJDD?8REyW*sf&IQ2C119TohU)KD9LQf>c;X;jPuXRsDrQE}tMQFYB@dHlsL4M;~ z)+Xo7RYl&mi>wYU@@lvu586d;qX?aH1V1|Zen#D)C!P4T#?}t5hu4PPi9sJI+9X)2=F>&@B)d z{95cqbyA=1^tR>tc1k;9pFysyMO3g(=Dk^iqb_N$-}}{I`i*7Sf&}Yg)K4+XWVa%q8MJOiJNM@TQHCq% zml>_QL)JOv-@`8u<8U_0vj&Cgn)G>~hN-ui@|&gCC30SIgzCB}<0LTV4%MCgpxAtu zMQ`Z2r9326sNKY0-?u_`+Cjc0Ueru`MW;DKb(_Qql}g0c6{>q}xtdk(P~AG&tE-Z*WHP&JCQU)oN6)7i-3}*0)toN+KV_RbqapUuHSF zjk#ZR+wq0T5o|b8V)SJV^`(ckz7y23Rr!QiDe<{paR|;OIf8R3lx#51dRY&N%tT+= z_`Rhmxk_YtN+GN>GhAb4NGh+8Ck08_Wu{zcr)<_KSb#b}o@S^Ydr5Zu3bg)emyW7k^fuv9=Wa#2#zIlU zxnUAgB;kZG2}*H4uGVV7lQR6Zz9-e;Ru6-UPiUK3y;~W~prGd`Jpqf+PsO*et}ue? zej5u)h*ARA*hyQ8lJz8(6Y;O(wY~iTD^kmoELGaCB*?K>Em1|H=5UK!x$GQN7G0@b zf$RI4Hi?JQTMkS3m5=C>__HXIT9OvLp+;F({go_K(vsQ)`SSxqk_`Kvnyh#Wnku-) zpA)O+osRaDelMC*6HB{>QOS^%~&uHv_7P$Pl);cvgReXx0 z%C{e;%88D^WxX8j%L9)+XouaWvMW{`hS*LUW&x3WMX2m5wJP2kUOhU=&G1 z4u}RyWu~K5wH*2M@O2B7b1UxA8PANu;r=)Vb3o2Q<>G>Cj-y257I!=|iH)hQuGY6# zZra(VvHf~2EKzNHgH7Xoy-QVtSd3sx$P68dP@{GpCR))rhwXOI=4Ff&(96(iR2q~z zz)t-)b3Q2bR6F(Wp{Xr@3P|1-n))fJ&X|Bw`b%pAMeYeL^0X~5D>St#!4LGuLUuQ&E|V=tpC{@|TG#$`W#m zTRKSC!u8Z+7gU8G3wmhCd8`>oJ`<~(IE+BzbvnWcH{k49a7%c0(RwhUk0t z5@TASHn6tvXT`ki%ZbTa$CX?T7c^~R+??(~8F#H%gmw?BSlxr1>nq`kRN6%{LyIg4 zS0vRgagUiO&)K7%(`p_0>ty!*!jc{Oe5U-6y7T!=w9E6>>^F}d zIlZ%3dLJA)eL|gb?dLPcvMIsW1R|&TG~>5KPUY!PnqDs_T<7zd#j?Vv;Hi0%iO@%- zc0;JMTp`pQ3#HMl&)62t3Jsh-p)xoFr;nix37ld<>IqHD0PmFTC8Ew|u353uGH27Q z)a!MmXxxbMpp8%xuxm{XM6hn?| z#Wg9?{5%FkPZPeIOyaW%QGo#K60xmPQHDN-YB$@=W-YALQWYEF6x;4OwBtQ$^i(a5 zcCJRER1)l3!`32=DNjkU8>PDXEbHD8W392$*@5DI)n-+KqpJTs<&qg|y%=}5x{r1A-|)GK9`xc&DzW35WuM{>y-YwgJa=0A?L%F4Z%80RYO zsw)EFrX6(C480bcZaloY)oSx#3GJ3mLQwQIyUM)oh`x4~Lzg4^x>9_Nig&smlzgH{ zCXOrmiqB3|+ocl+(KVdA*}NH))M_Z)>!nA?Erq%Qap~ZD0tLYDEV4P~eUFE&=G0JJG$}Wo@*8W$S(RE8yCLEw@f;J~d ztoAIc3F05V@YU)4pQ@{xNX5Z1K}vj7E(Sjca1R$v&0fdg1{KM&Q!gYnMCn^4OclBc z2E1Kh0u|%Z%y?}}Ao!iFFRB|Y{s>?DVC|k9N!-6^O#Nn7_PX1;bq5k)d-Z zx^ug7SkH8de`D;|$pG?xdyHuer8vpZ`iETYs{cq5>&s1v5~`CbE^$k=pZOFQNBSLV z$Ja5|u7b<5@Q4G93aGR}mQ3@a6f+p0gO^wX=t%h5>l}BplKbzbwBAJB_%d%pp7Aut zu;XJ%uAYi+q#07oER%KST^nz%^;si<5E@uXcNGfw?k1?}f7Rc`S;(|dT*}uI~OFuzn=kF`n zot7*fC^fjmes1R5FWY|l*j6R^E)L1}u9j2&3yA0v3FcNhj%yUb}rOx5P2zIJU|*j)1Tmc zmsGx7eNwbs@ zsA!uEis2QRlJ%U+b=J|yEZ!yxK5=&ETBYd|#RBb?m$|B`p=_gB&G+v1^rxEF8Yt|G zlIdIeW|vJb$p|O&{jkZZ*3m^}%ViYJu9m5KZ@fWmCcp5Vlus#c4O^=IVX^d&)-pKz z_4^`u|EYQ(h*7_*KU%umDj%8E{Ad_!WAr((G^op>Q(4#=qxqlZ9L%M58Mz$`LO{3E zS+yG1Q8bW0kaUeC-5WM3o}`0QLyL5i>jULF_s6$4P*zr}{+068_WyKLub2N{uzBZ2 zrGT%3E-Fpbxi1D(vN`CwrJE|Qn;tKHBexq3wKGX?4hbPmV6VP5#Qku)8uj0-3h6&h z%0UXt|7&W<$_GAb8frbWo69WMQbcWn5}%bzx`U@nGt573YDEdw`?KBBZZW0Z6DsXz z{fJtPwC7zp4Vu#a?2x9P4-d4hyD4pGsI+Gs(&jm&r8=Z7CN|>e>3(zid@EZncTaD2 zNV~ux?PP~Ec|P1B?Kx9gRj9P%9n$`>(C+D557_S;aTgA0xu&!+q0(N{ab2ai2OQGw zK$?4J(`C_6nKJ!Dr_9ZibDHOCG6)w-bM#vJJ6aQ%0(!t>!xcHkE>i#JkRm@W2vbX) zoS1YiPlgtGBV3V3>>_!gMeYq(WTsu@iqImH!WFs1E)q=<-_z2!;J=Go(6md+I+sS8$TK#v5oNbcR;L8AYDqr0w7m~^}N*7O%Pv!b}@|<%0`h8#Z zeeBAob8eMAe1)|?kbSlK$oGYa^^|JgQM))rs*>8v)Z3&XDxpj9tLoZvNp{HjPM1|T zSj`4B%~Il$R15XZ6qTa9zy%MfMCFglm#aM1s;APs+^!bB5!5bAl4`YeFNq!gC%(^R zw=KtLExAnhUAvecHcFcMHL26Y^ovywA{sALO)+!U`flSO%L%tqesmdq)cQt=OtbYp z)WlSSAW46o$@as&mUyo|INUaGCEz#&IA_ELDY{2Z%7CPFB$=jrU_BPH_&z=_*dZ1X zbniYUaPMBn8#qn|;w@e1qGQJ>`{qGp-xXp;MBd5=-ac4c(Va5u<*|wKfybGbX3v)9 z$UUk$GnBJWYk`lozRj7WN>cg2sb+zJwv1OU)nfaH$f$D2@R~9Lw*023R=1+Ul+aud z+=^Qr68Z;ASYS(-Zc2DQL_&9mgysz0k3bu)uq9k-O2`V4@F{n&wPI?0&s!4IrU=y> zKQGXWC{se;5D6{_Kgjn(|mHYBC@1gTB?x3}>7L8(3M)TcvJBkk1E(A51i z0+MeFP2FXujt)&-XQy63s_z|Q7&te1=0sYkAK+WiBtIj-!xj_dohRNh{u2WLTRm^=T_xllc7W^2XT2RC9Es8zDMVafEa=;G09~e z*bJ+0$Sf=>DRUB>_K$`*6moZLsaF`-cf$S1SwByvsNp2qukmO&B)V>N-gJ> zh+6c+jAhC~13D=q#3jG{puT8cY2y}&c~P>~7w-@nDK;DI>s)^pu8Oph&Cy}KzVA{I zJk{IdrMGJ(w&Py@O6MIeEodoAJp2de4}=D;{x0Y$8Go*`?aO))x3u68E~KT5uPr%L z`Y}DYoazX-wUl;{>-O_M?H2e<{H~*bGeYgbmHPPI8btYc5V17zu)Jdt>c%gF=m_-X zcSuP7u)_yalU1&i-_;EiNYD;ARat+yZcDZ;^1xl-yID_>ZLd<1v&VX^DeL(3CGAEyvI=!Uv6mS3 zaYu@9Y?!0-ZjYyGDRA8%WxcXG!D!PddsOAOE?VUGMOyyVW&ZIO4KR%9UB>O=LdQ$g z`+l!?xxa>(bC*puEZECyoZk_sqgq|u?RLeWbdKd0yLv{BKx^bjp7^>7M}zD*RH^-A znh)nlr@EoM2I zx$Fbw=WET+waO)nZF0v&{phuF0~_S2ilEg>U>S%=e=pIUYb}0K%V;N?g2}U6bDq zm9bGOspAPjMoUJAmu%jYhKAp!dd47*mfvg9p$UHHd5&w6IP8P&N9ax~MLTTB8ijyv zMSZH0zu=#P)DVkES|)$G!S^BOiSlThxTG?JZ@TyPvC^)WRm8kUMb?e^(q87VimiL) zC@Y0(ncIdTH3^)S9540XUCxueWrhQN)k=B~~v# zLPp0?^|8;0=Jh(Ervx=9v;K>|O~P2QxbOh4V{FZphY47~=&P>~P{LN;V+wQq(&GSJ zh;x35C&-|QYbjnu@fFUYk>5^}*iHE<-hM11Y*!3vW(unxt=DN{8JsC3Tba^yoqA8U ztMv`N4cI@gM5HUzRQHQY)zjn@Av&ZlpNIJ)Nz~K;H^UWD*+;U~Q#z^V_p{NO{BUMN zQiOm;EA8AXd!5=u_3*DRj~)`=y~QVeVp6!&WHI?}b!&th;1v*b0A;-7-z} zm9ix38|UH^(M7Fqr@1988!e--%T!N=Sb`cL*#wS>Njh)*uB6w0>4*oivV10UUS~o3 zG3MLNVrsmv(V7>-MDqe_ONpuAjeX~_%OZJd-tkm?t?%g!q!!QHY!v)~tmgQ+r6`lg zVOOFYyXr(lpc7&QG)Il`yQP5^VtD*Ev%cJmhWqZV2%M69Pbl>$Cs)G0*7paAZ@KS= zV(xmj$cfroy<$Rl4bIJIVCQA|TC|-ZyL;2mbyx4j|HioIW{j%M%(W9Uv%O0|rkR?7 z@BwzRDw`(D!O~a1#YpSQ=r5(Sf z>cKvIR}%lUe@(Su1|$D_*^5cO($AAizxLh!m;}Uq%AUoA*uSRQ?kaODR&WHh-_1mF zuNJORskz0am!K7Fp#<^D_@jb$YcEnOq-=p$?`ZK6S~8HnIffvpsy`jEArH~XBedck zI_VmHYv*FF)M4z%w7WVEz3n%uKipZ>yEv(W%}(`{TAE2_J!Z*b)|+F zpDjPk*mOMcJlCFI&D4&vM#wm=(z~#hq`+V8++$rSt|^opbL`J4@_DBHIaWSTv_E4_ ze1C>^P|6DC}EtAYP&;J+I9 zuLl0Bf&XgYzZ&?j2L7vo|G#QLp4#&rqgy}BGdndaGtDz<>~+_A(sHI1%u3JpdS(^m zdp%RrJ?WX=jPyKDYPKgeFE8~@PmX$@Gj(SAG_MpaNGBep{v{SpOHWTrPxIt^Q>WdQ zoH;Ag>&eXa`egUT$A#?y;t>7^8CG> z^zwGDOFh4=(e)iio@KmN{y*?qN1J|2J7&|?{bt@>P~QKR*Fwt8&JknE&&eJb2LY?_cxwj~}dYU-Jo@bdQv^v1=2P(;Sy)% zdhhh4=TA$`P50!d-(HZOJuO|Dmha7@U&ip%v?HV%M&!0u|A8>CGlH(g2Yn7MGcqWB zlKD9gmhi$zGQ}2Bvpo5kg`Q~{=nEH+m+!HhfybNU$xY46PxlmLXHLsWqdNt7kr}Dp zbgpOW?ixC`j94nV5a%_ifReYRXG{61=`-j$mr=#Eoa{7DMrzh{PtJ677G9{*kCoJ} z76*H#=M?05(lTdcdhG@){fmBoL-~yKLd(^2Q+K*IH8ZPUXJuUcFR{>@hau!-pMOV2rZ+u5m$_pauyXa5 z^UnCN)&J4^t^OZBX!Rd5d2wB<{}f&~@>1^fnu4x(2$RQIu3J!gKlAelIFVP-`oaDqE9VYt zH8I4&PVD43sJsKyq0|z*{?~z)4VVi7nYTNeL)U$ z7g5%p%9ze9zk0fw-9}!z?88uiqZk{f%+#!rSvjfRd?QhIS)S>6IkVJ8jK$b`R z(kQZ0t{otIh6^vkO0Hy0&<4g|WLp2s^h@l-;RTtZSTm2A9&e{R3L_*m{gRO^JUMxH zy7O7}9f3tW*m^fFH80G3a!vl-t^Uvd^!4T|+e>G8k`50Zto9)chGpJk)q1V2#`YQP z8HpXR+h$D@t5f!`2Sx9xJyQ#&PfyP?jCSP>%T7zlOP`)u7$n%7Ufvv5%gh;SZOK*n zWVi4?koQ{~nwp=Vp6B(*M$IEeo~|t@xc&L*)_zU2U`;lCU}2gd;SSC$o(oL<8ZKpO z?Kv)uyE8Xkc9Z{${UpZDDM+@H)7AL{Sx-LF=0Dzi{T`mjYaXvb=1b~xG{PL~ST&QJ zqu;xaJKKD7^rigNoSZCY-ob-&a?{yj=Hv|xC&;6OQ?B1rw1e06yk_!R&1(s-;-~ei zeYuxib|k^Cu5I(b#p`okKl8fenKu7fynZlW!Q+^kf2B4&8OA(3PG(+uzPTw?-8672 z>4qUAWNmEe!)$CMb81$)7{0c5`gHsHHvebOwfWn4o%MX1{{=o5^FCQzSibja4zxK1 zyrz5PZC+~jjC8|H8y_|?EvG>02q{Ees%`Bw2w7^+_soVi|L{Mz`Kx*L=KXG78+e7b zM^)c$gB+>u7C91*)E>zu4Z8KkHvdmAwD~hOw)sEhwSdp*yhv(C4;K$G)#R=hd4Uuu z%)cYmud>sCw_j@WZ>etczs+k1@0)nl@sjf4brPt>UB7fFkR+v#T))oV&+u%f&P{Fp zTVHPT&*F6@pU>rWwDP+0e#VJ>zf;XCZT>yHB6&ZM*J-?tR(`sy!t{UKt8MOa+x)Na^1RmOU%_hfUd@~x+VAl7E3e&tBaYk;yB&If zj?kLW{-D*Itl8;f(%D5w$iOv(I$B{3NmzY`lxKGy=Sj~_bGrNAActdSTC7zzPR`lw zijX*p>_Lyxu30&=(?_e|&5`;Pyk5;n_v%8|67b27?GtD2v#dy|vnx0EGiI|fC%`Gj znV!dRTc6o5v(uIx+vLn_+3+ak@xT9cU#-hEnES})D-5HEm-VmVb;GD(xB0~|!)Sot zLHXD4re7hGtNhxNTS*t8Le&cf7TvZNctG(oYU`| zv>C>=ggnH|jPtLyf*|K#n10@+{4)YqtP4l2N3St)9`WOGM2hk=XJoUlXYTef*osS= zGT52eC&ea)qTLC(&dns=MITa-v%-#G1obiOzud~?z#)4|w$&)m75 zv$OkndiVCEP7@Oni}|&{@1HT-@4t}OLSCoxN;coi=l@%;x2UJHG1z19M|Ee+@%u03 zwV2ljyiU8z@4uhdXS|B$`u%s!Gww1xT@6YA6k=I=d{r)$2HSoIm z7UO2)7H#{E^=hn_*hSin$}R^FR`#iu8s)FT?X8Vz860I*a{lCg_Btl-jGH}19I-#M z8t1y`u7}_wYZ0+`J)EqK+abs28$cNvGU>u)Cl_?N--}eNQtV*82U|^LmI^$7kpZ zuT$3f{TK0)1~}@M00NR_u>SMT{1!Qm&ggFFI|FQtrD^+bXF3$&37)j^lb~tdaiL? zV7>ay>z5it{%6KH?sk9vF7R2e7yU14N68_}hqeAVjoO*XOphPQts8B0I#pl4*m+4c z$;^MLb7Y+nBfCD^jKkE|-&x)nF^V|zm?3e!4P!?nEAW?x{YkuUKEKtU3*-B7uLE}G zAwz>N!nl~HkTc*oSOOn}YvC7g7wk2!)gQ&QP2g`N;$g45Tm2K@23QEE7q$AUU>tu7 zvI|cAW2?UzZiO*@4dY9mgp7w{cj@*wSmb02E;Z-B#Bw)*Sglt(Csx9H9DtFbVFd$K9;V(!Zp!oA!V ztb$|K(oVQ~9ql@wIrl96f%460g>WWZ0hhwf@Kab1H$K8jIT)U5auo>3ClfGh{;1pM+J;wysKe1`dbeN!NV|@e)j0l=C6Qxa05I9>*3mC+Wal>9au*{55Q*FITCsF zt1pa)qhJc02`A9MQdkH-hAZGta5KE8W1GJLu7k!UhH-f(+6`C2WVjh-!Fsq9#vI$` zUk@wb9=I1Cf+49|uQ3FPsf4;nT1h?ty#Y;LenX*TJs*b$gHB zwfTp_%i$#WAzTFeMH3T%kHcNC4*Fo>@ooMn_BQKaEc`o6f>9?B3xe6O1TKPW;TpIL z_U%Hv1Wt$1LkwdHjDtI13XG1S-7pST!ufDBdWm(a5kI(tKeMN z`6TQD#=;sn4>rIGXz-;*8=wc)!2~$;Wb6uN!y;G(tKddh10%aq9*%^@<+LAq;8vIf zV^5*qa3U;$OW|6$8t#J4&`E(}Z1vkJ+Fs3{GhN*BBEP-3$=db~`L4%XpxZg8gum&cSc`i6JF2DlU&S2J%fLf`Nym;g5qK;N*(K;|{P2(E!ia0grs_rdKjauoZ8OVAf= zfXQ&&Ap9eoaVhf>&VkkNQ@97F45r>|n1|2fmbaP|$@H(Uc3!H?k@_`3<{3oe9BavetBzImS7kn0u zfWN{Fn4F5<;Qeqtd1mEsV*xWoQ%DI5mZ!?AETyd5^d3K*TvyoGV_TbK-w&!ap%4=#mw z!3}UX+yhU_NAIu~>^j{rZh`|~4jc#9Kreg;R>Ch~HH`359-a&j!6evq2KEmJzz5(s zxCMIQZdeI_fz@zO0p;N+cnD5{T{EyhH~=nz@k~l1ulhq;dk&bOuqyF zoQeM6P>@*+$2K&JZI00^eb6_1@37g>-7&D7`b2sH-1x$f8Fc)@S zz&Z%G!WuYtA$9_{z^H8Oycj!!qhJ#B!VLI0EP-#pwXg~9g8dg!9u~r=9OfmAh20iY zFPsQ-;XSYdu7?|-57xn6OK3MNg0nE3!#yR-k=9=hE;H5Ier&5!F{mjGUi`C{eZpT z{cr?)52nE$_u{uWyFxHDc9>CsUN+tS-K3D_qSx$Rk9W)Bqk3bI` z{viE;&##~!_$gcjJ3T}_FdpuJvmd4&_&AK3%{*PjxWoC6pntf(3jM*pYv>=$ewy|{ z&pPxDTh`;(?l6o~pF{6(0Gt3fJdgh5^9IHnu6cp+f)~GpKZL_KQLd2jgoEHaZ~|<8 znR0OE7UaWQw~_Bo`n{e0z~mb2310p>_5hc_4RG}i_H%G+Eqa)PzILGpm;e*txOXTA z*TNFm{aySOoB(&jYS;{YFy=1Kue;F$Tn1BMhreKluo70n9q%z;Vf6dVSC|Wpx%iI{ z7%#XACc%{-Q4ZF_3fOfI?S;8;+&shh(zvETm^T+t?)~@7q-E}@Ql5bznk&+jCR4A2ZU=e%=R>8Pt%EO!C6y|jaOkm!wmCtY&EP_55#XLLdd&Uj+hieP5 zYgh;Oz&(uXA$Ul}`3L+F<90b505f1TdMJT$a4k%RyI>ad!KEg!W#5395%o- zXcVIt=z&{d0{jwAfl-HOC+q{O;1E~?t6>A&2?@R#gMXwvoDCD;gK!Gm0~f)`KT$ut z9qxt)U=utHqtXBDpJ_j=gvoFl%!2!2^b-2rLOSdZlVJ+Xf_ZQ$Tn*R58n_!az$V!F z-<1C&=UNyCN5W)S0<+)?a4D>Z>tTmqC=dJpioW5kuxknZg@fP$I060w3*kMj*eP5K zx5D?}UP*_CVSF3*S;~43hr+pV68sz%!QOuSCL9BIz&yAQ?toGE;0L(75eJ9EWVjM$ z!8*7U#zy%4>tP1m4d=rq*aoA^SYJ9&9zG9~;kPggo^%Z5VJut^N5S22CTxOpVDwV@ z2jk!&m<&5dQXbBMOJN0E51)d&CA}l%p$A5n+u*Y$Je+E1Rm%^;h)C=#2yI~D%f(Kyqz34rfdSMD22Nyyw ztb~NfltC* zxD{5wf5Q!MR5!{)FKmV-FlIS+0OR4cr=vHx8hYWkuo9-7f!<&ZY=ECb<3aoY^uR6M z`E63T^Y?sfDBKGd!IeE|H{1_*!Fzi$-tbEp{U`P}f1qA?0H(kZy=XTa11sQMxB)JM zb+8IH!;LUz1$sM&@rJ|UI5-}9;dWRF>tHo(gL~kB-q;Hq1G_$C7=MHV;0`zrc0HH! zFsd*10#Acm;ni?2^uoii7emq<8 zuwncKj)0vnKyUEE{>&3N0~}Hs!VFjfAB1b+I=BngKp%`BguYkfhhaQSgDG$h%!Mmp z1>6KTz+JEocDR)Bf`eepqu3vehaCo^Z}|+pa4oEadtf!3KLmZj_uyf8!cg>G#s1(j z<`+B!r@+pa({C6Ht6--q&=>3lo8U|s{g`2V0OMh&1lkS9z+C8s6)Y^SUT_zj1fvtN6L=+D z1y{kX@Oiiwb{fh2T7%x92hN5G@C`Tx`d|_CTt&a(wXg;*f(@_^8c!l8iSn>7On^h- z6gV9g!4mWq^l_pV<9)?j3v+mV@6>wuqRA|DR2>72G_uk;SM>Q(*>N3QORJa4kFlcfr0lF<$U4 z81+2oRu~IEhDq>Sm;sH6l!r6mTDSu4g8za(=((Blf2Lj-3vYr+@Nt*{lP59H;C8qH z?uB*mTi6Vz--6yY&<;2Vz6&S8s9WhbOoXf8M7R|e!o6@cJPe~JW2Y}*pD+Rb31-1f za4CEju7{t&-SDI-_y-sZqc@@-7zek*WcV%2f}T{$!xWfO&9jLx7sgDbKX5o~h9xlO zCG-#DVR9Pd4*R4t&)^(b1$V(3_}UEg2D@jVw@rreI*f;r*_4B?!a|tfr5v0JYvBFR zcp3dc4?F}D;LHN-6TUNtae|}nVw_;7xr`I+UQ9dT{w3&nGk(4VJ;MWV0xT+}KDY(0 zfF<`(A3ULqeG2@1DSCQ^aazWFguCE4m~}7X15+v(ADHnc{D6FZ82!Qyk5Fz4`!E;> z?}y3oTbKpAuSUOcE8GAps+bS3{xSObD(92O=_l;G277`hJc&KQPV3P>T(W_A1V?P7 z99#`s;33#;EB5jt{e&fO0*tMuz3|jc_$|2fW$XbSfK9O5X4<=rdSM)#36tScm<6}O z^)TfX{0+Px9)fScuG`rsY{yT+s@KU6cfN_Af`?!=oVOFZg|F7K9=~Q7kM3ezu&Q2f`{O0*!6YxwQvBu_I>OKE`wh916%>)>ljzq>m%9?M?&Kb;xo_#m%#+M9!`Pp zz#_O8R>9~!*e~o08(=at-eg^Z9+(Rg;C`3|JN}h+!(MPb91eHGG}r|1h0!~>?*rrD zyD%9ZfLXBf$CQV?;CeV5?uJuf6PypD-!hDH7zZDP$#5IYf`5lg;WuzSG(Mp`d=NIt zXa057Fe2uRF(L|MBF>CHHmV|mI=SARSMJus{`hNnb3)9>6S|G+^1C~tii|7H7~J=w zUOlC#lpn#X@K~Ptf!05{K8aTq*X3TX^-pAac{SCy`cIXMi6_J?>2T%ookmkJA0@q# z*O#Q93C^3WFX{b`P`;A%_#>1Tu@Q4plGTVE`|vGBgmI>G z++^%JjA`|s*8$(}e}s*XspG`rV~#nygKCKA`7rhTj2=!Bfz~)&ZMU;KG6?vHIZ-9O|AZm zBgywrP`+~_mB8-g+d;c#-qPy7$9w?*O11DIbaab(35DIj-{B zU?sg5>A#T9R?;rt;qid{5u`7f(&`^bdu{n~O2NIjR874Pr?&ck=6&SJj(#u>9U5)D z>?PmKsjdEg$cg;-!?r9LFOMECX-_rvo7Uco;{>*CViZ^ta`fijVWj(nn@&9;6HlW%G^^9@E$b>}-K=9obHWV|NaZpzDb z=X1(SCf`rwJ4576bmWtM9B0e(lF#SmdpD$gw>$Dl`@Xi@w~Bn53iyr=kvGYm@0b;~ zydC6|?;oEndYK-SFT>VL6ZsbMwc5#&FC!@5X$)rC{`c=pYv}3+qK8y5sNI%<| z?pQaLlD?bt(a!V^Ba{H?$9mF#Azj)Tkl*1wl`j40PCqx^-Rl3C_mR_A+IeK0cG>MX zgq$fnyPe{ab5%f28geQ~A1>o~p+k&!o5KFUOHSm-P1hrI+-m z``h=I`=lQan0|1rqrd3I=?AwWr&neBesC}8S){k;2M?28Px@$AKSu=m*}XI4^QZ8B zP>nz7quNQAaa)g`myy1V{zU$3g*|SgmL5|adCXnMG9r?15BUzQHvQyaM}KA99Dee! z$a~E6YZp55iM=@dWH0(9-^sR7{KlE?e8;S@{Yx_WHmxz`^>F8N%9HUL$KMbrKN;o7 zC+&0i$yMYV$=?_#KY5lTpR~{6CwGvq>ocaG?Cj3x^pj2GyPv;7P<~PZ%hoz0cHr=n zT^Wal=S@F(YEV9hpKSUadu#qypglhs9Zd|Topc$exzw{`gXt&VbBw3-&*3M>A;TOsPky0T z`9c4mZ2il)JN)2?$Ps;9Vy|Qu`$~*l>J0y4JXG>|nEMtDQAkK;kapZVO?!-xyj}t}{C%~@@j+ZHT9hzYH zS?3q$UifQR)8XTHj~fLa1MW9BWD&zU?1a%jU8luybwYrr-WZwBkel<1$MuRt--1(_2QU9su36@KN$Q_j&O;z;hyty4U4I7h?qljAk^ZO*OkhMzIF z=Ao`z;4=sQ#r9b4m@NZ;8{BWq)`I83{l;t?c*F1g$7DbFO%-_WI($SC+;2=qfG-92 z8C*I(WR~9})ac_63>0=x>dGLwges#o< z1IbTA`Oxe|Zas5U9bvpb2R^glGfw(UG<5TiGIzH7#iV`j8-4t%CnXvbpkIQRu-4Bj`& zezbr;1dc=AZG*9I*$UnSUT(}~`8@~Vbv;!1S!R4oEk?5Z5b##SKf&b2S~m$?e)rao z&jH_Cq5X@&cY({fQXFSvp0t4X-i+%~li%phlUDGN;N|)+=gt`PUvin>(0%v2b;xm2 z+W^jd>fICb9)5m#7y-Tp+^?Tgz&BRl^T4-(`;Fr=@HfEy@~{?M{PD~7Tg^OJY9l|4 z_qKt{--g|4a@ogCZmz_knA6xp_FH4a;QhcaHDg$6(?-sPDEQ^zetn38PX<59EI-Sw zKMDRlaJl{z$C_)89IFDxashaEd2ROby{-@X5v+Ev%{Cy;Ts$+FXU5^pgN!pAxo8C+ zE91Oo#F5v6C%JLD_QJI=z8`*LNt}e!VA4<24j;ey-4D5t+?n71T3C`ZbAInfoPOK<=XdYJu+I$cH@`=K-(G=F z0bdO6H#g>i&jk4O z-R?iXmLks3KXZOPXTnJc{yud@XncyyRSKsRx}h{xHSN?zV3PxGeA2zA4~w@RQB*YAF$6yf+VAwr{h^We&LqBm0ns&%pP}?`cS$ z1s?<+Gh^@|mpl(X6?~}4zvuQrU~uMu!_Cc+@eDHzKDz>sf+xWJau^4n27bI5e}-Fs z@&NJEj9)UJjXm_PX!uiz@2qv-X>$AESu=McPAmK%t`DD;$~;wv6(4VMYn0PaATby9 zw4wYQybcA8dW`#(32;1j$CvFF!l!slSZcz_I%a`4f|qN9JV$Lq9g=U6=cp&|a$}$` z!Hw=Yss(X|;I~Ko+S(5lOa*t^daDtKZAEdh7yo+(J_nn}x7wcy%9><*d-ug}nc=rh z%B?k$j{tuXTwV_s`+KPx+c4gm0{#s6?IxGw!t=X~k%Uj}&M(^+m_F8RP7uk{;Maru z&95wY19-foygDD(5*~W{6qf38gYzcX$)d)gHNSnsR2H(f8;-po50tB$IX0M?mXU$ zcC>*z^Z2iKxcw zhL1Ck&oJ6+%;R~8^FDn1=D;%Wt>7z4+Ud^Ywct|<{_}Vncnf%?c`R_SulPs#Hpsq) z!IywP?mZUncaMcJ@ag)g|8>T6@G5Y>b8I7c2)x`HC)=)Na14bzM%-VLZCnVR1NWOJtHIv@Kh7*~>|t*L-&Udg zZt$((<{whQ!Ot&W3GlA}^zUy9 z{2*|@e97NE>K_ZWKT=90byk9N<(O>1m<<4T=FVTS8)n{T7;{JdF6c0;t?a#u%$5AT z(EGs8FX^i~pe4_PzYOkoP8Jc|^MQ{u%Nx(NR7wje_?FkDA%uzX9&o zzBS-)SBSp_{AF;z_U#4#EjTWZ-2Pwc&PVw>zP|_eTZ4y#%l?ls%j39~Pv4yWgYO2% zGUvuOuGQy)?*sR{7g!1|>^9$f^flmP!2R;K1$-j7-|@5;JO++K*KHs7Wy5%@=SldT z67ZPG$c=N{kATlT6?|kK;_z7mpRs0~@4Ick*`{4JP<*hr5$7L3L zQkDNa%Y&Z*?w2Pq6nO&on`dG03oFErf{z9FYkwU48{mHPED3%Qc)4*3qt9vZ3&1Ol z!+QAKR>4P(!%p}-10TO}sK!lDE4W`jh|AQj~l?JRj9uSd=j|d`K9>)d;>WiL%Q{!=jMMW__>H*Zl1~cQH_UGa(w)FJ-8fS zKRyn89C#PA{xjYB8^DKx`?aqLJOb`_zGwzN0^IL7-T*!b+;9HwWc_~et8sxQ=a1j< zQ4cQj<5zwh_^IF{%>EnKPz~T0fzLBJKc67;-vs^~c)4r#FnBZge(*}yiNg1*y95)cMQrl$loB}gZNjO<(+*<^&uU##``Fs}q`xST|d>**px+YG?^AB*pxflk26x{E;6a|08r~WXS90z|Gywdec zBYa+|;3LPW89oL0`1NB0c=yi!dE5zJ4UWq}H;=~W(5jY!0W;L zBYbh3jJ^E^@Il~yd2Ryl4}OGM-uQe%Gx*oR{pQIA@E+iP{o4sX5ZteS)uZrvo(kpb z!H0qS^=};bNN~UQHGoIJ2bujd_NKck5=H-qp_xg z`;AXM_<#z09JtJ1x&DXIr3UaiaKE)k`YeRc)CxZGILN@K89tZcb#b0q?z7t*_}{>< zFX8F~KeBuQd{h_z@?Fosek{0O`3U${aKGa)1}+ZrT!-VnQEpwx`V-&-!OP`I@)UR< zaKCw+0Y4GkZyx8skEu|;06r4jZ=Ad0hJGmcWoS#e{6@fU1oz8N3_J&p>E@Q_=jy_E zD*^rq`0*y^eYbo|=3p^=>Koh2K1Y+h1^gKB8d*S}6Gpk$+O6ORgZu40>;Vr~;B{wW ztpfKu=L`WK2<~_NH3|GkaKE)|4*8{K`;E^OF9x5E^5t^W4`o7V|8~s5&*bZWVWf=T z_ptt^@*w>N!tZJ1`gZ~NePH;>&tzuZ=My1JX8AXAoH5t2jPDKf1Ah?wFxg(sjkS3U z_pgxyQ-1O|Sc`TotZQq>C5~IC@oaP(_$u(LO>U`!O_tvez7O0l zuf6e5K=J`*d1H@o1bFBW|Kn^5csFpr`18p9;x7a5jq(^iw|~ao*;???75Fyr2A}rH z@tA=AUk`o_UWdXs8ueNt_xX&y`+jHRISc$one8w>D?A4LUGQ?ptIYFs@K3<~=656b z9`F%neB*v;C3x5F<#`xo>d?=D;FsfdXnNf3hjVX=wGQtOhtK!4&xHT%BimU!9(!c) z>4n$DTo`*O@^Ae#gO|I8k@=M4^*s1%@;H!x&_d@^t~bxS>&+a*xv;1IdLjRIko=og zh~UPs)Pf`1DgUO>a`4wm_`2fpEdSQf*hAaOK7W?w_kd3a$6@BiH-1;B?i_sQ0^INX zF$Db6Tm0`ECxOpJ`J5Twdac;LIpFoZ+S=!ra5b@I`xb-W2kv)%X#sDnz+1s@0{1(| z?*X3;?stBx!zN-B{qs9+ha7-Us=&kO-yHC+sDGc?e|gO9cGtG0@c95f*tT-Vh@Tyo zIa&iQ4r}xMT=y36?%>1C^2X;@_JR+pzxDPXjNxuQNV(J{f$G z4-X^cT=18{r<(C)4%E*!IoCnU;Ikh-QPanGwz?L)cW?hbZUf&kul)L5kC^grXVsy6 ztA*qB$|-I?&$%ynZ)l-?M^!LuVMt`Y>(9lpjacR8L>PP=__982?Za^F7ms^+{yWAv z|DnFj5qt*N%cxKGo1e9jbuC6L`8VXA!0TcxYiaTLX#rmW?sxpQf^Psn)GTl0br1N< z;1`+PI@gIG#(Q<&#CZ?=O5~+jzwFB;G8^g|RsQ|1(MS2O0rKy9om+v+zxQ=9_%UW1 zcugeRApZ{7bnr91Z5ZaZVJ&>-f4zJgrMEupfTw#<#T}F8!YO_|+;uSzjyaYxxHLwgg_g<9vQ`ocDki zz>hZhRHOgM_g?Tina?{s^#tAHX~ZP?o7ebTC1xB;eGwy!_oe{!jJ362YjQcZ#=e*Q zJAMuD8DaYH+E>Pqf8VbW{M#m%F^p%Y>*2E&K0{0&^)m|2yx#$y10Q4Zn^k{hzCst^ znh^X_lNGT zl5I&LmN>usTnPhZ!0W*;!|USM%DT8GF6UD}^tS;%&UN@+oaKD3!}lXr^#z_-+)I;j zW+Bc5@HW}z-y3mcn+tB6$6SbYkpZ?4F}*m z$p^rd;MOJn`N@E{p}b%Ia^U-XxV+|#qW_^ZN!eA9;*lmuYS7Kg8?MhgdYt zd_3&tqZ<8K2*2l~-y0skA1XhY4|&-*=^FoaLtxRV#KQ;R(F5@K0eG?km-&$6H5vVM zez#!{PRvF=g2UAsEd6?-pVwc8xhU7CcMLyy4KzxvPhlAk^`&RDwf_XK%~<@YC+B=w zHwDjnuJC`xFa$gd-VbxO7$bO?(-@iaN#Ok&a6eJPmlydQ@YUaKYY&>-+E<)oi^1aw z|9z+yaQQbw`0=}t2`Bw0C;MbOvpIOZB9`J5BCQdcEvA0o& zO^HE1$4nSy8j(NAPs8ibGq{M?bJFzE=RU(nu4~2~ZW47p4L`qJq`@Bt z_sc~V{PPOs^WZxxlo!}!96h`IJ&(+F7(5DI?mk`eDEQeGcpUr{94jZoxA^SDc&?iS z-v*9l&*jE%gr&jja4gAO7t0%a&sp#jz;XDyoEL+#eR=S=(f>h`>v1x!zeOBA;C)PP ze7+(KzP$pEf^P%&o9l6w_d6Do;JYf6PlN9UKSJQ2Zol#DDNF7*K6!9CKm543RETzP zzxgL03w#1T+N>XQSPr2x{@`_$#vlA}aKE)A3Et1AytDpe{04zL_YD_fLr>>GUV|I= z4I2<==(YZz1=e0Ew2ZApEKgi@`)w&wSdlSHK z0+)Y3qNJU-tMio1R{}mC;5y!KzNNr-fcxbu1HKE~Z$9O~KL_`_{wRRg;yV9Ww58a_ zY3{k9>t#5Xf|r|bVHA<$B{{-~&^BzO>+!JE154?%5>ZmQ6Z zrQq`KK>M|$8V!&fTLL09#i)Y=D%&B)t3|hCgyCbfLrlk>7<~Nl6$bwZ9G9O)U)5fz zGylQ+U+-T&4n6|hS>KAea=%xS1fK&QHREG$%hQpJp9WtHeu&A9&pKwo7l7Yta{dOG zET0G81@6~=frn;C-r(Q9F!;sbQ8T{Lz9{%j;QdT){MKC@{1$M(_9wyTfFEg=H=cc` z!LJ7|HxFe0vgGBCNvHqdGf>`-iy4@!;NLatH@+(u22X=`H@UI*5(QrZo-nzk9*)cU zWtagBp z!s}4#EH{R6zRw_rbz@umFX2;cgY~S_kucuMfiDLyX#?h~HQHU{#y&pDmcS}yAv(SYa0H?>v#{iZm4;y3$$e=!NZ2E0Gw75jsF&U)D(AUl2&i&J6W8FH`-uY138(B{^4uC!L{ExGG^1)_1 zjPEy$1F!mi`JBr54d8nbzg#;dZvwYaewG=ZA3~748T?%Ek~|srBpbjdfgf#_=bo-C zzY}~4c)9y-$*b{D;979pZn`<*!$`^N!B>M%DB))~lS<}!DaK(7_>*`YI_yk0hMap3 zxpOapIFoMi%ugO8VU$gQH-az6YjZwWDK|z7eA?jSw)a{pZoDTu-1zzs>k-3@#UJLGb%{_9C_Mhb|jp1DQtUw)o;a?nQdCJf%{!APXV6+Uhdp0kC{yvhYP`-J>?Fg z-8{&3_E2|Ec_rdpc!z(k)`L$5_nVJ9z{i98U2}(UavTR%r%NA8c~|riEjU=M(t&wQ(G{{LE)LF2}k7d?NVuW*z!Egy*v`SPFh=_)RhW)OCn+ z)hqkc0-r7LDc2v#TfsN`@G$ru@K*43IKLP3Dd$|qy-(|zKu+fSKT94Ce(_!9=Y*_d zGI$L9CA>E4Fn=#-9(;DeXM*WtsdGvg?=1uG-qhCq<6vow;A8Hwk%iA=_muzr0~sR^ z{s#Ciye_sw<#VeXU74@YHMqxE=%3Gi;ETZh&W&ThH-UFC>p0V$JJZ2m1oxZ2jo|CS z{f^(2;Llg!>%p6Sco=Qk0sbg>$vu+Ff%AzdnS<)txNnBfL1rI#Z!dX0_y^#A$JjXV z{{Y8jhMQ;OKB58q$b0?!*aTh&KFBO@>{B(fyx&^80em>h`yCTI!H0tT-RD+gv-BKr zzcs2Jya7CBwvXom=lTaZUJAa)!hE`Hgqs6-Tz%j^GfyDS^pt;|Q{d-=4>s#Dt}`>> zmxKGwr5t#oLi_^wcPhm1I!B0WD#VX~-wfW(Y@e}r9RvR!xL+O<;0wUZ~QPzx*UfO-Er89IQKv3-;bWxVUHfXTt8$zO{ix% zxO47)<&@HTjB|G!aUNgdUr!P|1&%utHwO2|>+zNxujj$xhRV(4FW|MA7wcU&MpvAm-hhwanj8V&2Y!J!hVi@cli)LOssFvk9Pl&1{npdP z;Pb%C&9N}*Z2`Xuykt*Fp0AB_{ucPGfREpCvKM@{PaSd|_Phb(3x0;DpYr4NvJFkh z<;&n05&WJB?iBPqGoE!%L5wZ%InIn>+`G;L{{Z}8lN)_l2EG-%yUDrtBIjT&`j7*6 zK0o$@;cgq`TsQu1&kn@t`Dpn#vag}Jc;*W3w|4deudPsi47gRH{B&?pfj5G;JyL$W zW&2iw7rz-;8BzFGs9uLR{-Ay{l8Ss)d5%WWSj6=3z4ER>?a`&=f@af>&z$>l0P4H>{fu{~$3(Gp1 z!CS${;B|4_(T3~Uh7I6*!Tsj=PVimelRf3lHM4dezI&MVUo!`S*Ms}*F--tJ9(;sZ zhw(j@S>O{YlwSybKDgg{xEg#cxL*!7fzJf@8;9NCv%o8jL)Y))I`RqsafpCV2ls13 z47>?^n3)6P_cRmWKLG!h$&G!s6!;c!zj4ffZv?M2j;-)%gOA_2Zx49&it@)yZ?voK z7CdtV_nYrSz%K^(+l!n89tR(8_R;w6#T@Xt;C|Qoi^1oEV`XsXy73&c1$-HJN&Adr zr4@VwxZm--2YfsDQD%JgNWoci>Tsj3OcC)@|oo620NG7Cslkrzc()*F^Pb z(HX~W;OByu>q8ht_Jc>kugB|Rd6@_PEvJ5XJAqs+g3mATI`rW2rGDyTbxvL5Zo?ke z5B=v<1NhP4<=P_q(gc1e_z`$rY>V+Zhi34e;C{#42Jk-Merxki@UMgWjaT*U_+B}< z-!WGYem1z@F*gqUI&i;Zt^s@jxZm2|1pa++zx{(|@K?e8^0xte4S2cx$}m#86MQFl zrR#v&J8<9fl>fEHK=1+Jetnz(9tHPXS7w2a0rwlDh2RswPci2J=A*onm2+e@_zdv6 z01SP8e)(F2) zGw(^CHvG!mlg1nI`)}~|8@D8Q6ujJ8D(fnsuJPcn%Ql@;rmkPet2p({U=w0}2;XnR zF6PIY=s3vy>;~`mWB<>N)ZU3}N$`GVdE;6BK=2{phnU>>EW!lvW57$+H016kj^8Zs z^T7S)_(JeU!ToZz8hjzR-?i>0@Mpm*&G7duJSJ* z1Fr`6Tay#u0=!%w!$2wUPf&lQH93Snj6n=%O+E`VM;{Avo*HZNHpKdaPhE08><8Zf z?zg7(z6-ek_si7?@K3;xL9AjMjNdhw0=^%7tjWJVn{XWl?l+brz;6LBH71_|2&p zc%zpa*L?}_Cw$r+m{sJZjSGOPTXq^d2FOdd9!KaquI-%jI0QB?;aGyxiDIo(As-eiB|6 z+hOc&Wx@M^cQ?85`K&y69r$G?H-0ZkEX1=qaKB?P3_cSaSH5ojGu$~91;436`8fE( z3gwgFub*1}nk9@X)8N4o<-f}=bG_*k1N5ey0`mYH?9Zo3_j2-Z#);+0p1IIl*x_H zl!flYXSu-r#<(B&UaT)i$@2R5e~ix-jRF4`_~RxwzOO$Wd@hcs!6rBE=NrNQhW>Yz zT=(C2p0E=99q^LtVq>3uJ@|OUFFDT|-!a$$o&Zmn@%b4=xqeQP`3Ikb>*~-sN4jmm z+7}$Fo{3ApdGOnfx%?-*4h=5#v)*)%iAnckjr*zpd3g@_+u-Mxv`0NKmi5T-5*a+h zlI{7AzNPK?(0xX~7IEJES@}I@8D}8+UHdG*OC|r1oX)LW(~a*^O@iOu@H@jseRmpu z^1DNWZKq@MI2)M4Ui=H5eRAs=hs*kwA1waprpB%yHw)L7b&8mEWh6^(+Q| z6x?qv8Vr zfO^(?>Iroy=DiO6>GyhD`)`Br8)W2N&fj0UpOx5+`d)pbt^KC~1lMyR_>?oDWZr5Q zVLv5T{<9R$_=7J1e+a(C^47v)UMGNyw>SZ6jlaj|dZpiu9>1I1W2yQ< z+}r=5{CB`*eRC0K7WhiM4xL{b$6BJ=E^`z^oSpF7f!A)1-YJe%7I9W@#@v%*+S7<5 z=T4P7raR%c>`!g&JLQ-zF#P10Zgs~ri~6SgrLFyEC1cuL9Me4bNAG&RqiU%K_OiWV zG4=}I^Z!0?7v zu6mu&sS>72?b@;*4JyydxBRzY3nRe=YF4s(^JMRHlE| zgq(PCEEb}^SNGsEQ)Yd^mf~2h2A}@9|FeTl;LE`;Fmuhn6)WTK25$wwyo9Tb9m#8# z;Q0K)e=G-r*Mq0c@}99wBlj!e^O4N$U?V4TEc5PIZh+s+f8rWj`t|YnUEz*F8g;JO zSNs)_(Pmb3k9opMR%6W5`r@rId`Be|UpH{a! z>u{)(;fHwEW;d_m5%jZDyYIeq7`y-;m313qqxWE<;9YCmefJpR;C0}KnB|QU4IsQHuy0nH};_N;Pb$5HMwyOA|A!Hb%pq0@crO^?T> zM`Lex1AH3cgOPT9jD5|W;J1TcWODxImuzSCV_56KCzo*bFiG-y@K3;_Cg(VW@!nG8 zxm%ZZ=b2vU<-^=I7|-=)A;v`boMy)0-iXZ4HpEDPJD(wZ(uje2%+CW!NVI_siuF@G%wmB=FG{>YoEX1l(`UU3`G} zEsWpSY`^i{fmW9H?LYWXpY}QXKgdr#_;rXMI;)pEmgV+;9>?(qU!1{QKjXPw9Q+z^ zzg#B46BT$G{3>w2zGhkeShN0V?)sJozqvwuu^hkWT!DwdZ>Yed;Maru_MaSCbn|nb z+rA`t#r}iK{`WD<8^?7Pd{zaX2cHRkkXc@RT*^5X#1Dk{7P#MB34@6LQtm_G_w?7Yv zbin>aK-_Ps_q+6l4zzz25L*K3otg=U-xClkY4vz3um~sTXG8WQws<{cH`?M^TRDzA z&)#1pF0ubwC2kM=2b|sy_IR{|ctqCN9O|*AgV-it{w>sFa|iK^ZQorjHrn={4q|21 z9q>k@YR4ioEgi*0FIm}+qBUr@R*O%A_OGhNiqMJx z-g>yoZmSm0RoNd_i@Q76c<1#F_R}53t`7E+j^ZC3RXYzm89HvG^^h&T2-;tU#DgJw zXGpflX+)O@^sEz>1;o$UkilC5Z{b4Yg`oYYE&dt=-WRmj*kZNp&aXoDW?SUt%TGi0 z9$P$Tf5#`zsn^@T2#F^H_AXnj4fJ~37K<%=g)M$&*$Zs(mSuku5}#W3){uBJXoKzy z+ArGT525E#IkI!m=>D$<#MM1u?qJIXeG}ET2JEM+#NPt;k}A<=y$|PqgzVo|iKlEi z9xvH)Kz7^Ds385vqr|#^{YXgsAz(L##Acb==Ysa8kk}ZsUkG7nhdb5vo@IX=6n6yd ztwE6t+ABih;h=qQNHmexT;A^|0r9FHtWyzYe!y-Hh+p%qvwj<}|Ao{9WRCX*WR6po z{rix3+mi3^w(K9-;`X4u$d>)ZJ0Aq?4{VVP*>BlmNyuJn%K=rnRI_qJK>UTl>)#4A zqDKz|?MJHcCl&2R^fz=GCZ=s~suHi;_6t?w*(%kOnbYh&9mQ4lpF4^toQc^O>anOs ztdV2(TBt{+M*K^@TwwQjqeiTg)8Kb@kKHx+Yhrkrs_LXokr^dd$i&#}-|Gl%A z-${meqm%v9F5>T<>_@wZykYHYG)Q~mlOOSL3>w7ERt#YVaRT> z#rvUAY9#*C(ec%+{-4h3>I>{C;yN{Eolm!~7T>fl6iuAqU5DhcD6S0JF9pRP<&a=t z=Z&{NkSpw4RbnX);SS9l9t-AxQLGgf`AZXaP2SQKp@!JrNGJInq(BrQmk&zvF zCC~%=z@NyMcUnE3v}OBn&{;ixZHv$4%e#X;{%ngivV*S&dwgljr4@e*DAePzD*WZn zKdMFR8WsL`whsR{yBPlNs$%#bRTabkrm7hJy{cmP+d34(|Dc0dD;xi2sK-kkM4Np1 zfZgLAB-4ISos4>&iTAEN@r9uHIAHxCD1L1P?+S|Fb0~TZ0i8Pb7nax%u%EExBD~NN z+hv!K5A(m;dR+BPvcE0nC{}an@rwd-oPgF>^rQ$ZdvmZt0rxUXWdRa zdHFB5tK*sWRpKrg$SHS7pmwl*W}w0Tp19TRg_FB+r(+{3V80d!JYd;NEYa*%i9Y?i z;^=(+*Wx*+99$XPU>jEkM~pH+pSV(bx4IP>*Uiv#v{ zOJ3@{YKb>w!5x7<56fl4Znwk_tq0X{eb_$(XW|PJmW_o2XL9Ef3s(v2LUWvmon_s{ zp+WQNPPdm@;(|V32E_MmThlDa7R$cdmRDkOdFrzj7idBI zWm|kETX;{X&x2LsxsbeGX|yw?!9H|?z2yd5;RM6QoeuVn6YLc%elpm?P@lzEvqJWM zTimIG4Z9Hy`C*_>DkOe~V?8Jyl?};QeUPLrmi@DkcwCl!F4*UGTfF0(r&ot=aPlyW zo%*@cj>mBVmqnYcJ|Bfd&ayX$#LKeimS7)TdEq+ieq433Xm?zuVGlLX2a{#FWw%&j zr!0%)cK@p+Uk3X8UXGmoOG|vL$?qlkFwo~$mcZfgBTKwP(&^Hf`6}@j3m1(tMBOFu zySC3~&LsL%Ksr0`51a&@*#~`G6tMF_b-|74f{WAL0r~q;cjF2eXOiI4D$ljY!(Xl; zGgSE#RC%Nw<&k#hf*s|N@IA6=DeKt)a{bSs{j^N5x-LKXbdU@Bye#L?s(@G=_@>jA zBUG%Xowhs}6zgRGBxRFa%kb$Bbi=3Q2^YZg%0Bnna)tgZB%YTg-wfE#*lL-63a$97 zE$$E5Z`$I=Y{dyv;556>gSL1SSIHsqk}QOyw8fSe$+#9np}*VWp^*ItTl|!Tj!=bO z!JNP~e^6|fg>YrPBPjmNHg<7buD;V5Mb$A?2v-v*w80WD%YEFXR-fB~V!x$2)>ocr zzH_fUqyH;#%&MUHjb-EYJJu1u3W~qWDTChkSKUlG-P{{O2>UO#cqMq+Z*dt5${}OKZ`>a2U|eA9yrQ*zwf02EQY?|{%$IEGn)c9v;CZN=jc}g^YF*3EqkLp*hdKQMaW)Mg^PF_7ZH!x^5}oh zjyXYPo4jXX=e?s)&$sQ%#Vx8nXRZ70(GOb~!tWJJO3#x2oO8tCfx1yBb>5h_1A%`8 zDNp8wOgnEDHQly5F1w+yD#pa-m?uiC!XV% z44(eyP++(8d(Q6LihHi|e)k4XuTZT_hkGuUZTPR8kDY4;T+7IV`057(Kd}O@Sv7B2 z;ypJp?T;NAIOsd}jKG~Zhy!AonH0&sc0cZN0|6Z8F9yUWmpbK+w{HkM5U6=9Ab#Q! zXBcbcK##P~6jPxkZO6U{F1YUxh#$!!$P?=Ki&Lp>m|$`$Pq5Dya@f6fG+OpkmiQH? zZl`+#HlDuY!qM^U^rN7ShxYICIO}+UeS=7m4V!AegUj}Sy}F~g!?G856i-_A{%Y}9 z@C)lp7*(mj`yIt=9qiwA6n9o1gSWn@mOr?P1`L~SKMpfse}s(@EdCwE3zogEqj)O# zOz>AV;(ZkTQH{8}+P=R=yjFb--ugvH7QJBDHA1dPUsU6q+5^k5Wk1wW{Mh;$)-}t1 zuA|szor(wQLHjN2tpvLZxlDcB5$ElvQ1ut~OMw+N;Tlt7sv}R74+UhF zuuZVNMh@<8YmfxQF9huU@Url7jb%UD3FkRfwa>EGbP_)d4ij<>+T2Mz5wh>D6)#|y zr4w$TQ7sPkAJvK$JB(fZDtl|KSXyQOrdDjJvKu>#kE-mCYsEtyuEp*1Bh~gJoyD(^ z8hI~WBk!vpt+Ai!EWW70^@z;Y2zfMKWUs0cGwp|})OxfrVE?H~UR7+U61Q0!(YFtS zcB%u;oIUY#rMLvZ(I_uSWch>6wpRv3TuvotDaTt~Bj*T|embxuD1OSp?Gx!M#ASBI z5;xhn?s_tSg$v8a8y2>L@X!IJI$n$$LEPOrMloM`Ctt6-`D%0Xwam@ei*CNQIQhEA z$=By@zJBcHYnzj=*PMLKck=ZQCtq8gd_5-f_2U4H`8D=$I*VmBcBZrVrzc<7W}0cY zxcS0{6Y_-(r`xPgkT2XH{>hLoKDzSd!dt97P5DBk~^7y=p?qw>2#-UH`U@~i|O>G zZU3@XJXmEvRV#j9Wxro5KCH5HwIbEwj=(QEi_&cm7L*5?^WG7s zmE3_?T7_LVZ0gEx`tB&4IS3Vw>Vb7}HeTF`9fhE1kx6_FI|?COsN&__*ii_{6$5(* z*ipbHqkMTUb`(NbO>rKOHPp!)p{dqgxF-(u{x~4lPv`xEIx@e26oSzx}pl_9GsHA`u9}^zRJK?8Tcv#UuEE{41AS=uQKpe z2ENL`R~h&!17Bs}f1H6hp2f+3!)kF8jDKO;(N6dh1O91sjIaLpRR+Gwz`r#E*qUzU}?Yz=Wmo6qsFNTYLc3wrl}cfmYSpHsRgPCs2SLm z8m305QEH4DrzWULYKoesW~f0KepeCs)YMPp%W~n)9o?4)aYSvE;QzO(U zHAan76VxO%MNLyP)GRee%~K0h(UJ92!_){hN{vzD)C4t2O;OX-3^hy5QS;OSRn)M4 zYM2_KMyWAsoSL8}sVQojnxST?IclC-po&hcpBkn{s8MQ+8mA_xNotCkre>&FYL1$x z7O0|@^;5&t2sKKLQRCDEHAziT)6@(#OU+U9)B;s>X8qJKHA0P2W7Ie`K}}Lq)HF3i z%~EsJJhea-U06RgOpQ>Z)EG5RO;D566g5rFP_xt=HBT*2#X+o}8m305QEH4DrzWUL zYKoesW~f!*gP5o(kg zqsFNTYLc3wrl}cfmYSpHsRgR&#`>vYYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w4rcw- zFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76?Lqi8m305QEH4DrzWULYKoesW~fZ)EG5RO;D56 z6g5rFP_xt=HBT*2#i6X98m305QEH4DrzWULYKoesW~fQu*sWEDtnxH1BDQcRUp=PN$YMxr4 ziaxBL8m305QEH4DrzWULYKoesW~fm)HpRkO;S_TG&MubQghTiwLlepSwA&QjZmZ17&T5!P?OXY zHBHS>v(y|lPc2Zzk*uE@rbehyYK$7ECa6hjikhZos99=`nx_`1;waWn4O1i3C^bfn zQxnuAHAPKRGt?|KN6k|URMC(1Q^V8Qu*sWEDtnxH1BDQcRUp=PN$YMxr4ih9;h4O1i3C^bfnQxnuAHAPKRGt?|K zN6k|URB;UJr-rE!YLptI#;FNvlA5BXsTpdPnxp2a1*#ap`l(@Rgc_yBsBvn7nxv+v zX=;X=rRJ!4YJn<_W&PAJHA0P2W7Ie`K}}Lq)HF3i%~EsJJhec@k435dKWdm7p+>1O zYMh#&CaEcEnwp_zsX1z%TA+&KSU)vPjZmZ17&T5!P?OXYHBHS>v(y|lPc2ZzAl6R} zQzO(UHAan76VxO%MNLyP)GRee%~K0haXjm%hN%&1lp3SPsR?S5nxdwu8ETfAqvojv zs)(?DYM2_KMyWAsoSL8}sVQojnxST?IclC-po$Y%KQ&B^P@~isHBL=XlhhP7P0diV z)EqTWEl|Z^)=v#nBh)B0MvYSw)Fd@UO;a<}EHy{XQwvmaBI~DysS#?F8l%Rk32Ks> zqNb@CYL=R#=BWj$7{dCgVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$ek)G#$djZ$OO zI5j~{Qd874HABr(bJRSwKovt-KQ&B^P@~isHBL=XlhhP7P0diV)EqTWEl|ZU)=v#n zBh)B0MvYSw)Fd@UO;a<}EHy{XQwvlvob^+~)Ce_7jZx#&1T{%bQPb26HA~G=^V9-W zoXq;EVQPdLrN*dnYJ!@irl@IZhMJ}3sCjCEDo$bj)G#$djZ$OOI5j~{Qd874HABr( zbJRSwKozI5erlK+p+>1OYMh#&CaEcEnwp_zsX1z%TA+#%te+aDMyOG0j2fpVs7Y#y znx&FYL1$x7N}wr>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPS z&HAZfYJ?i4#;9>>f|{hJsA+13nx*Ebd1`?w&S3r2Ff~GrQe)IOH9<{MQ`9syL(Nii z)I7C76=PUGHB60AqtqBRPEAmg)D$&M%}}${95qiZP{o<7pBkn{s8MQ+8mA_xNotCk zre>&FYL1$x7N}w@>!*gP5o(kgqsFNTYLc3wrl}cfmYSpHsRgPyi}h2()Ce_7jZx#& z1T{%bQPb26HA~G=^V9-WjAQ-OFf~GrQe)IOH9<{MQ`9syL(Nii)I7C76=$=4YM2_K zMyWAsoSL8}sVQojnxST?IclC-po;OVpBkn{s8MQ+8mA_xNotCkre>&FYL1$x7O3JJ z)=v#nBh)Ch`OMPKX`OY(8K;EnFPL`SRdcQjpFHTqL6PH57YywcdAc(?dh#Pdxx)GJO649SN6fQ52qcWeJ*Y17mo4XT-x|OCgeqa@$DTr4x91kx=QG~hv~Qz5DXii>N4vVOvUT|Zv~~N&d+eDWdx6JZ<*_$<>;6~+6xaQU(ANFgLR+`L=2+#g?Ne#%_BYVh z?SF%|ZvPJ2db~peRXiTvVgYUZPKfjGRodGB1KRk>PUm00<5c-^v}e)Q{tIcJN4}l* z(X^`usq+1351@So?M1ZpcxGt#C*Mq4{sOu4?|2o@`L%JpF_X3~-$eTYy8nr`UM~u? zb^E(UR6K1*XwPE#WwiBpyy3CM397t~-;K7;$8_4G8Sg3Dy1rLw>-P2@tm5hVn`rC$ zU-a0!Y3usiXzTi8C#rb2vi=v^8&`t@9f` zRr%}uPW0G~v~_-$(AMqQNn7W)VT6jO^E>)9W$XMTY3uwf8L7C=Pq)*Rt@ATEs%)K~ zw`uG8j~b=8&c}G#y1!}KqnOWkX?J4&KN_vdPb80?p=_PMIPHV zXzTjc(7sIje^dGE@gGlH=QB+kzXs&|`y=f-+Pi75pnYFV#k+xa)p^S9#{T!5sO%Z! zx6nR>_Jg!_{ASvEJlbgM@#u5Dil@ip^GV9q;}N|;*?K%$XzTHK?Lx(MKDW}2vpuI= zq`1y!hPKY9Dmil0S(A8lQJHEo^0bsjrMTdya7rmfra zna8gEj;c?u&u7!t$H%p_2eUm-(bn;81PRQc=k?+DtO zUrbxizZ*S#smFevc3-w<3+*$Q-`U`1G_1#TdufJ<(FQtF%3Kef5?QOJmd+HiW>pPLQZqMbk_58h& zwmyEEY3uvlwY2r|^tJD*_&jN?Vs-MZ2G+3cN8(`Rn%V zr>)yR=zEHv#PPiBDrM{Abt`S1?|rm&zK36}{B^#^(boCR)7JT&l~DdVzbk3$_^;5` z?fZVYGEV(zJCxo~5nxvH9B4@}W7(*7Xggt@Cl^b&BhJyh~f(uMfRm zaeaKwr>*aA-k?2@Ls(u|${)nUer`MzNY3uvbH)-qjd-#0iuh;7-P0B8|hjvf)X9aDY&lcKOkso=t zDzEJnZN2`jr9DIYFHrvadVUyf9sg|FSJJ1rJ|FN|7 z@jsKco-d1N>wG*xTes&q+B)7_9=kwW=XdD+s(zinb7|}2=X z>G-p0>-II$K8fS~3)*`9c++7{h)vx0Xq&;8P;vD-ZUT_05K(evjPkG-3=KHq(F zvGTv3?fngH&Fdd3<;!X7@!LULuh)?!rTG|5Tj%!%+B(1YdicwqG1e@^>&+Fsd@h1e2%zh;SQ2lZd7;tiOiJY)Rj9)16Hpyz4V(7%Qi-Ar3wZ!~-C z13hosOn-em?V+vLmzvJ%H$wD$9zgq2*1wRp?*A`o>-B4=r+jsn(s=bAdmL?jex2>% zi)hbg{h@uKwJ7d&?Fuc`Lw^<%WhZlJB>d7r=CO|I9Q$7t*Q<+^SvzUKXDU(4}% zl(v3;w3)UZkI!lA^=in$D&9RT|0~)${#&$l{p0IO>z_hf^Ubu2^PBcDjDPqcs=T(x z($?$g9NN14B9EP+t@HObZ9N`s9v<$l>eKy?($@9Q^w z-ot6@_|s?~A5Z}n$-f_ofBJghK+o&e(f>kKT+|(^$`7SIp0>UoxR|#5D=_lku3pMt z=d=2-()JFbt@C#=ZM~kSXzTW_rLFV1jrKHEofz3$#n<=i^J(ky&(hZA-=?jfm-IWl zwEQgEx;-msU&Q+Md3dCcDnFULiFTCs2HJYP-A?;f@~KCt@;d(Wv~|2LVa0X4b7}Wu z`PsB}`~yAjJkax(CdSkEL#t@({B5MI$A7EG-bMSnY~Q55s{Q)>Jd<{Ue5;2SJa*NQ zs=Pj5&!ny6C28yHlaFXOG5+;Osq(#PFQTolC*P&5`y1+~{72D$EbU*?w!W^oEaX8KHrDymA^iJji;@j2d0iuT#rwN_F&d` zpyz4t(qFfK4{cpvp8+cVEXG?vTemkuTi-8upZ9MeAI9Ujz5RCj^9XI z$6rTV$IsE$@!LGS>+z~S-M?pO_hozEq^;w<>+w%URC&!8(bnhR9BrM?@CnLaukRPq z*8Q15`{o`uMg_QuS%OH*MXYZ_(EM zSw&mV-&Wds|9&TJU4PY36~CGJeTKG<*XFU$m46rq|E{P1dfHQHhleY!{T)I3CC1-JTOTiDM=1Xvb9_FQe>DyN^#1nfsIqsl{J>Gl*6kZl zTOW@rX?LOjv$Sf<#eA4HP()bbD z`god3dnnt#n6~ckv$Xa3-TVCUujG1u^&6w=)AL~t?LC&Npy4dVb$@Q4J(%_Xn6}Pe ztH=L6kN+X#R6Ol}I&GcL^Jwe#-A7xuZ#!+>|GKkF+t-iw7i|Aw6BO6+kE5;Q&!nx7 z{|CNV>c5iqSoU`p?dxdAW6EEz7q`v-d7pTYLrNBb1o8))nE_2;zp{H>X!>et6}nD*5?-cuKp z@~3F)`MTc2w|e+qkKO%36;HRnp0;l9G}?OpFZKAZqWuE5M z_4W|jtH`(0{wD1~-%|cj+E>xmpBJe8c4>Xy=WUb7bv|d(*7<6py`AyB&(CH|QSr6E z_xVdBxt`A(X-^22t>^EvwDo*%rLE`t`l+hC_V4-~WshO}NwoF&&7iI4 z^E%pkKJTQhufGn8t9W|9dID|DucfW$=X~0_{*APC`*+jU?ca83Y5VJ^m9~EtZGF5x zNn0PU`)TX`b-7HH*ZrG8TlX(TTaU+P+B$znPFLmi_2@X-!3knWTbDnHw!Z(FL|e~?n`rC#{{(H_zc*>?@wcy3_380HkG3BF`Ly-% z^9XHyePYd0<#qd(VofnZ=!u2?NN!+{!XH;=kG1FU#I`s*C_vQ(_Tq?AnhD& zy}z-C_95gQXRGphzMV%~=l@08I{%w!>-D4CwW_?%|4p=Y{+H6$`Tw1V@20Kib7)R! z|GU%H^LZg{J)h6KuGD`rZ9U&s($?*Hnf5X4|8Cm4KZCDV@pOB}(~i=A0d2kC^$u-) zJomgomDlwRrLE(gOIznNPFv^iHQFbzzP+^d_?|yk#nz_4G#n%aTFE8!_Wpl`^jNuM9bd+eDWdx6LHet*pS{L1_Ntp`}YK0hAld4uokXn(wo?YoHizHqn7_hj17(AMMi5$);Z2igz+-|l};{JUz8J|CrM>;0$3g5r9; zc#5`O5C6aZzR!R6`#NjbetkXu5p6wxYX717tL*`_b$>_D*6Z;skH2?6+PnYg-Je{* z@;bk(J@x&c-k)6OsV_%cUoUv~7rgrk2iiaQ|J(O9{@?yS#@J8PeAMUH%W3QR+32xX z(AM+GyZ`uqdcVrMAL6~g{=fb6@!rqBuV+5>{^Q4vp#PAolm~wDtL;-P6Cr_ms{b@ADz= z{q+C#^P8u#KHZ*gcx>-}v-f`XK%b}dejYN;_zy83pVQXoPrhB0J@}-fx}&IG6BzqO zK!pC%L5Qn9!`~FEDmpnYei68K&UA6Q_+qaRivx8>TjHp?z^HTZL5xAe=363M`;AUt z9wx*Q1O6mLb?uTaZ==-757guTedSxV%d8jhB_4U--h}@wabiFOq)%X+{A`o*`GIv; z(h|$??&?yXPVg27f4V#%YM-o;r9|Qw1Z{ZI68{fh*8yHd(Y0rG_ufge2@nzz2njKv zg9M}_z4s=9AiY;9QUnwbP^xrMiXcszAfia`O+-Zm6%j!YL=Zp3hE)CEb7psLF5;i( z**m-QzUR!$nX#-?f75F#R*mCkQBKPOPl?5COH>r-D|)yU#YR5<3G;< zsu>O^&rAn=Rvky3tt=`Fs0lhNWhY6SS=||0sAowm&d79q_mp|Qf{g4 z^^oEo2+_8m1xj6$ax`rU(o=c!0Fw?eVvcu0OtYN5V8f(8UqS}+Nc9=kn#&{K^i3`L zu8=mjhSQ}gy;X=RfV%+dMKGHoY1cv|T2`vaMp96cV*$h_Klk+=tBDj!=jz6o*_Jxi)OC#9f~q%e^<_w*xDmOhKjEtbj} zFGUq#^>OG%Tnn`=QYxYIL@$+UY*{Hf0HcM^P$vr2ur_B(yBe_8TWAj}Einz$MgOLY z;D|aPZIJ5lx5&%;U~KbQq6K4HrP__5U4Dl6Z+uLTs9JchR9Q-cK#yH_4S{p437^7d zDImmRxG#VsR3x2c9-TGyTd7W?7t2bZHGc?|?WCzcOI5QIwDtsT?0--*XY+5Vmd8N# z>)@_4eAD_eQ)4U@oNEcWAG8zU)J%Czwp7^&D7*s3eZw-1F|)!#mfGJ93gd9&%Y#E( zpaE5?E=)~J#a@E0(g152LL8>3nbp*_RQqgD^E4QJ42vwCnbpuzjT69n5saCJMTvQ= z;dM~uvn&<=9imo(vC(Jg`r%qS(yz2He1y!jwN+;<)DlO=M&jR{;^4B29KRB| zbD3-*ayMHY`T+wiII;?UY7v=pW=~vZJMO4wpEvVkVm(WRe;sXg!hL2^|o@m zdUyw5-3%W5@-^T)Z1vq)G}n=cpF$W<08Eb*nsvlhZ7}tcOTc(Lj3t6sv8g2b7>cnP zgna-%^a;W~`4_MYw)(t-mxT+!ek7c$DENCX;I~mlZzB8m5g*}Z&VmR&g6UB7Keqay z0F>ten9nB&yLdMUD@QfjXz~41RsmLva8{nre_bvOw`M5}M)c=&l9N8Dd zVLn-p{yBaliKk1}3`rDpRA7O{M7ap;)g)m|BuaE1BBCofD)n`#weAD{Nw`+#G#H%WM?dGN zMdLjA2EdwyC z0K#@d(!&>%mN}|kU61qy2;Ui!9=@2g!BOr<9_cm+4mr8lwt8ebw;yFXG^<4>)?@|2Vtfm z@ePu*ukFV4sR8vv5ziWHLEUcXne4{Qg#lH)tEc!2u)Ygp3Y$sm0;+vck8~S^NURow z`j(#jYvz%FI`Vcnt*CdEC2YV&ljewTu^(J)!3HahDZ9aKx#dineqtRMc(%-k4RW^Paws^=N?AMoSh zv&>|LOqON(>Yz$_)5}Z-s8#+=7dA8Z2GvD8J97(Y4c0T^%m?jpBB=iAGGdnEo8ffXOJ+$AP-^Kj?^NM#dO1bMb#vsykjRWBOQ7 z7e0jkU@7h^)$6Dy^8xrr|3k(zRQ3pUaGgiL1nS=pp+8uPh7qc9v?r4jqh?7Q4>Se+ zw8&4A+FGq5)YufS_zNB)6M7of>GX?G1+iShCffx5 zv4_Zno{6>0%Mm#i1wEN7;NLeghADZ}N$N)vv(F;b#8sM}5RZF3j!eTssI73lCk>@$ ze=MXR*q7;2YL-=B3N%2rb*qiEYllCsoq$;Qade=8I==jn>hZ}4464HN{xEjW0nT1zF|I?S*9T58Pis>R0zFEz^PV9hs7DwanY=c;*9uSd%FK{#SaMxA$qWu0%h>cBQn=l7sW zxB+#E!s*<;yhg@?@3`uV2A0lDZU_}Hf@C=_GlyOE*Bp;j4TP446w;oFe!*3J`gwUD z0P5ubpzD03rEJD}`!V$zmUCBvxdTU_-2bGYo36eenbllbFF(wfb`rxnBqkma;%l(~ z=Sxr?v;|7eNA-B3lpM{fL6iYPos%76eCk#bcb;`!5x@P*OT2D9KPbN<#3w2m&57qR~*i8f97zOo0vlU zSKZPazUDUMaK77}Cn0p=A$9Hbkogr6UlBql9#Yw^*%_;7D9H^%=)^ zQa9S0@TfqwR@g^09GOS!rKX3u-+S)w%aYu;U2dshx^9@5UpV~G&03h`kGKUm{K&1#;Ze62habC>IsC+3%i*W)eh!bh z=e+Pfho8C0SWAga`^>G#;c@qAFC4+)=k7c&+`{1r_bV^FgRp3tD--fy4pcNPS|&Ws zCowXiEuZ9;S*R>U)AGnHWbC48X)+60xhSeK3z@fQS|OQ5ix-wzw0IGjg~U^XLoqp( zZKIYxBE)#fR~@nxhL2k=K#VmG9E?%V<9w%Fo)ghsk`^OaiinqFHLMb+myTJSjzyXp zIFCqg>XIWmuH-Q((woOz!)-&nE(uC+k?m_V=-(mtHx6qO6idd_n!~4`-ZHxFA}O+` z36T>A!y@f|f9w}%68d*|zMC z=)MF|iXPNOWy6pnUqtj&ACj+z@b2ovL2DIeD!s9f~i zmHv|Ij;9`34_FHymz1p7C3E0ToIW$#V_Q=asAyPXc22F~LAt_cQjKk7jUQ4FD04-IE97Jn53NZE8 zNl==vLUe~@eK0a+o~&B}XW64-CP;QT=sA+W zu2BOij%T1EbvBkDWpdA`mne?NSO=2tToWRH$(Ta#^+%?ybQ%3ZK^U9XuC1a{^}j8} z7BHptDBuYEh=dY#F~`j((`aVr5V%lwA0({eQtcU~om5vzg2-B8q3kzASf#K(0clbD zk1P;|$J29wRZ*&JaDveOhYZ5AkUalTRf>4>1X|c~^5?5kP)vQFB;si$!fJv28ug_h ziT*w$iKsIXzZ9EDtj^dZ1LMVmG>1rZk~xu2(_r-8*sfwBMPOSWMq=X(!fu?Y7L(2z z5+_F{5%I;yN+YEDx~#<(yhWrWs1ylvaVN3z%QPygL-FymDF)k9zQv*#MdU{vc-fx& z86fOM8Mi}^XtfCyYC{A$O2{Dog9{Rk8oJd{er^^ZZi%aciVAT(e1@y zC3gsiRop_wNWQ9@jl=5hBOG7DeU!tRZg~!CxwSZ~;V6T8*+JEVeb zL`)GO9>*cCKu9*inMk1BawFA{5F&=- zuv%eJN79)jj^4dixSZCTiv?=L*4zco0>Ddr36Y2PW)!Zg-WntY3CeBw*+XzUC=_{U zQ%&K9>Ud|JjQkqVIRlTNJu`)ysv9sEr~Mb8`v#8aSeusyghRDob>nDDRDE-gC1S?Z z5u!-bv|7lhlLJ# z5*n?-+~K`I4!U=lNf1^q&cXs`LHPGVhv+`;4R5*pbQxLMy4IS~7ZkI0D(=Z=QpzCZ%z@}&V)HSjcoC&}yE zfgcO>xPhl2AHyi#qZ+0@al14AL|omE#=wmG0}T(LK1U#83=!v$eBC1i9SAhTQm}j# z(Qo>Y9(}dw!9d|Ez&8QgEUmGdm|CL&G&{yv-%(Xr)Yf+`XxCHX`+ zWUNBh+EMe0j)+bu?l-TPh{U%@ZR!^I$Fs#9kM4m9Yh_{!JI-~G)K@O45^>+pu|?b| zzKCdi?QcuO6_>F)Yay3ULtA$o)F|$9Y+*ZD>x!Ie^$>hBE>=6)E&+7PnfeU*E9AMPSzrP7)$zT|CTPPG)}! z16edAl5wzs#?i!%b4+J)7=A>`v_)XIl+i!^g5^UnTlnl30JAwmViYCmk~*hv@F#tP zlZgx6IPV#JBJ}9~41==)QgM*dEaghXSomx>2cax{Z_iQ3;Qs2Dfh_g$<)ETuhQ=-(n4OmBdrzP11J^`Xt?S zFbUs>2od+fVkm7`_G`Kj`(*x}5YO2o80C<*{jz3^6gdY5i>KiVbK?ydno4AJb5~Rl zB4!U}%o(p1&Q%|3Zb41P>#;RK6MdfPJWyn8QKRt4Amy`&8jiy%+y%)#&)8n|SQ%i` z5WUEU11sr>JUS#{8aU=M=B2?=D3k7Ln4~+rCR$45iSG#)etHY zp)V)=z3Q72I)i8ixp8ow6Thk5~KwntTiOg6DQaDz-XBEQK|Cd6$L5xf%1t@(}Tqe zRLdEarD{G|it40Y{s_izK1;HNG^@H)QE@&i2J^n0IJ6nqOuVHvqp4K8c6zLmAXGLa z%9pUoL7dTAsLOyb0`{ zk>?$;87s?ddV&(89kCgBFn{7LydeRO%v%~$8XR8EXh&?us>i<%k!MJ?V>PB9;K*k9 zX+>nt8Si+_n1|=YB%Pof2y7VPTuhB)v-~dPjOAwndo3hSJ7P25ma57lUdi7DwmF2; zj@XP%Qk@&^;m3h}6~bvpY{o9B{=wM5`fmWc8Nz8tY{p@!X7tr%l-bH)NW$UepLTp^ zd?wX}jrw6(mH<}P;5_%sSW$dn3$h$d(K5b}>Lh&d#F6ds)76k|nzm+~mZ}9tAI3)k z8*lI&qo+Z>S7K8d3LJ{(J){{wNp+*0B^pyh-hkNcBthnrEx2(7F|W<&nX?^>5vawm zmA+pNPwX;ce>GxlNQ^d#W+YlF>jt4!N5N&214ky+%z4C8EwBL5krK=RUV%7NyE=K^ z`jwGptHCpc_<}}`79eymin?|JXh+3;;gRZt@T4J83LdGbqvrnQRd|08Mi>%TpH8l- zqjuEsGByW<<%Yx=qaVG`B?DV_d%Xv1Yy;zZr>Y5{V;KdECEn=w@H_6wSMmmMHvLb3%(Ms2{l}WYToUr1B*R7y#~V42S~H91dwsn zQE#Ms$?X8)Fp)AP$0RGD?icjNgYzIpoS7@wZMHt7Cr^7GCuVjuJ%hctvY53kQz>sbdu?(6dt8?LJ2kSIOo1Di@%Eu zI>glquwYRATdiPQxGbw;1)QDuwabv+F{uh5b;2(G2VJzTya~)pQZ=%Wy1WCPz(m2S zfXs*%3|^P22BKsFe$sqQ)*?b8Epxc5WYV+iL2wAwGIym)ZHK4^h2WE!0!4VvyknMjY{(jlIfE?}weDkEwqVm>s|%_x_; zj1??(t}B)C9MG$V(TW&aMI}qcVRb|P12AhP&j^xK=(JNfn{_M|z}~NXAXG3U(!wNN zftuOCQVY6aWeu#Z4`Fgm>6F`9Do0LaegtTf|4sGs*WXf)EkrtRg0aD{(m(c%8mvTh zxg2jlNtEIc7{`5#=^MmWnS(rZ)h3R&W3j4gVW=r*#|P^_a7 zN!G_tQ(|*>N~Bq$yIhv}HNm=ptz!n*88t-YV zd?*MdBDdgY7vWl-ritz#TTOW1%lj!{XG1tm6Wx)v`f8Df{{`%R2&ZYHJKk1(F(+XC ziI}3L;PCX*G|_#E-#BS?L#=t{M>oA+KR_D#-9T= z%HaIUle^MZ(cRH7<{*ACVPr{3bfF2`ZB_X%6n+!HgJA@z+ZVkU<$hzUFOEX+8!*oM zEWs~Exfk))-S2vsl6QcKYNm)Z({+Eg)vndvOg9PGBL>e!FHRM&5lDOvs>>j{8bP5P zCeoWs?qXT8Wdb!udilxChMP5342UUv;b-szBJ{eH`=%_{IV6&f+0E~gnQ|fMD@lav z*t5g&vk<|I>Rq%1YbU@D!wEEFb*npSSWZi)dmi{T;)JrwoECVq>4?sfbgE+z#E~f> zem%18hS`p7B|ZdbS;A350(H>@y=DTu$jPan$p0 zV#yy6f5Vsc+6oiib<}HDARMfL<#!y~O3%=E!S6h{haFXXH>$57z+yf@+e()hk*l;8hHVOzCm928MO?I8OoZ8OD)JO!*$I(2ZB>7v$&# z5MD7Po>%eYTa!|iN?D0rP9SUyC-H2G9~4ju{d_=^QsJz@t-r~T7jZ@p+8IsZTp$l> zH+XR>|Ak3!$b;JBbwKw>EimgTtTY-AYE(Q1ghWKA`;cr;xbH!2&;{NHTAGxVK&Tr| z@;#`ZeU8Lh`h`o@-%j>i=`Id(^vr-ji>R6q4*37gje8@y(z8DI170i zNsmL|!##~HVOtWv5+*L`@;^L{iES*Afb8hRNLHt4JdLUSEkSvBj7S5>9LCewsI<;# zBLf+KB9)N+iTwDMaXv4EQ6GOGx^n$M=K2`;7Yg|b;%DQq-lPP4k9Mo(u-7U?zvn~p zEyDf!=meL?+him82?(dcNq&8ds0<}ne9W&8%3qTn&G6-)+c-;I&;z8zVbS!|8OS$9 zKad8B_$Nz->8C_ds2Le3ag>Z63}yuzKO%|tNhOYz>iBKVYJ=F`IINA7x1VX9oqqHK zEezy2H#I1c5 z*pGdL7p+BI7F?{R9zvSufn78BfsptTRVH4De*i@xWmYUdA~^6*H;W&<@i+>!-da?B z344=tTResB8xfd2m#~*wkyg$IC_7nDR3M(HuowQch?LUJ;0s)BIY*zz;sP{xCGDS) zVhwGuoDV+5_m2=g-iPFugg0i(9Rfq>nM zV#-?TAGl_IB<1xH+muxOkFuii$1U~5c5JvLyf?4`gx@BdpQi0nmgmwSfEUs2DwbM* zN-|Tvf!Jjsk!IIH+ARx=g#ycN_%SkoFLIRr37e#ebQC|w>4Y;7+_MKbzQs|7Y;YOz zzxtRYx(K#Ofx1z6f<*ta6z-_>c_9||2xmLM5j)9JuT2J_5WrI5glco~RAGN&rILw+ zmB_y0oiaZ;1}!^lLx9IERRiteAIfnbNDuTih(vYmn^jh zR^?3QgexHr4ln(qGa!G(QcnSAYnKOBg>bfZVgst1J+jCgt{Z0mY^j8$_(Tqodf=xY zo#@h3PlvYOvG!cb5;Z6j6M(%!xNba*|7EG3Q$3Td1h&q|C(?t1UBb#6z^zCo(lUwt zsFhPME^h~|^qUKiox7Im8igGsBzF}*lCmO7FQ1NT{l`+cd{WCa=I)Tnb@aK07A{cRPPXVD4ND2E`Fw4pcrhFioZa0P34~G^b zbFxMBD3DYhA8fO0L9?WdB^9{+f=*{Y@Ka$NoqfLBCNcX} z6&Si#+w=yQfo3Qy^+fIwT*dm{oOBr0vsb79O$f=7dB7}1Z0eV6kj%Q7y-5Ww4b{3E zf!X=Lbhpmd4Z7ckFQ+L~$>HFQ_BD$jgYVcXu{OY05x>I6^j#^DOru%vVVMORVB~f% z4jC5PP7|<9a^@HaX8>L{giIQC+iFsA5bgntZtjRA!#G z)m-!ixf`@&|E7vyRx9T6RP?7uf{ZlfDwcerx+TTkTjXxkJnTz=jxk zUUIZ=+G;Z%JJ~lr9oVZzUgLLcb@w^lz~no?HW_(dlC-PYWpHmZM6wluVLQm}h3g;gyZP^ioyJ8I2qnk46ex!ADT zb!_8fLT?Q7@U6gh8=PN(x9y0)-K?m}FA)D7Vcct}c16m$FOi)ik%8pwmiPnMKL)4q z)x*Dv4D`fi(s(>2=fk1pdHiJ(FQwS;J1Tdo9(rUIulI- z>e(Y*j0`+l1M>}JMNR@?jv?{brIR~{g*puM+&tEUu*;A_84GsABf9-dWZ=&cP<0ZF zi-vUzw|GfEdS%AG;iw*;fOQ*;e|#1OJ?vVy??eXN!(P#HwS*CHXd~zhF-b)QPCxCn z=PDr7ClZgQnncb_J1#0P>uay7x`NRE0TTHsZ5dEg&^owilR%h5B(5{Q-PueE1k|A@ zulcVBVXM)kN#v)rBjKmSwnf%-0)(>fTV6zD4lz50u;SGnc2b8FS2TEX@4bCEZrG!Z%f`P`p@fZlgnQ#&hnY^50PY(tr z9LF0hAP7tYbV`{t(ZY~Nei6w`pri&-H|@kwEOzSDl42pE zSNf2oGm*g07*VnqZ3s=EC3oAF@wIUuNy>*6GCPM<1+fJ6KDeiGd`HsHkz!tFu^ky- zfw+wlA(%_5o*!#Y0J(B;c-;NnsY%I#G+j#Cf$686B2_LdGLM3)$G|H`T+XnD^GS88 zB$nV1-3&)tAC~+j-lVHJpaL7V(y)L)Duw_b>2rjJ@j^cdElgHJ z#5Hr{9Li$VBNy<~wg-%T2(%`&T3U50HvBXxu^xBs-;bcTW7VZk8?3r)#$&56 z?-AUB3q)FokHBFibOq+Gx|A7?VIu|6g?vb+5$>0O zUsxOH^)PWsm;bQ}cB>NJ1w(dpVkE0mG^=1W+TpchM3*B{DKdvy1Lpt6_$bO(G7-%IP8@puam5!g>UP>@XVk7wX13^9f2%FEStSV(rBgX{8Z zFl5L6BCWgdOr6RssPj)uz4}IJij2-!5TJIjur1obVLYgX+QFnwxQIf0HXPPyDwy96 zuEk>ll^@Y1d`M0v+;0b!T48$#BBX2pLd$ScF7JJkgS02M53r#=uG>OOYMWVJw|3yB zBWC~$%zaIA**O!s#R-SZRA_5`=*Slv5xo;Uy=gXkL{7F$>iZ2LU*g5+SU7`XXhpTe z_;@OQ-f3uMC1$I08!Yh=#D2jc=Ti1#?qlpJF(oUp{PR`-0!e-Fr3JEF%#+ukr=j}} zWKxgJw!|Y&|L9U3@jP%g676nWjzzce8H9WwPJa{&h@-SQLmLjA0&`;MA<}svxfr5ztj46z85xlRHFom8&bZj1N?+A7Pk_*xWZxszF*Ha! zlM)?VB-0q}yswrm(u^0t8W&`*VD|LsB=$HDrFm}DCd{ZRdYM{JV6j^nnE>Y+86MrY?UH50pPNkMD}Jj&zn6fk;5 zWd}+MiUWDvM?D4fX+`Iv+7GLff+qmCHxxP(F+ZO`hNmRcJ6_2dWQ3b)d<(5{EC{a< zoy;Yfo?M+ue_x%(iV1040eAyZxW1W^RGzd*sh+{~oHBL<_{nfJN#ulfBBUy{T-*C+ z;D3d4QjX7u9^7y%U{_T%T6ZE2oenoCzSU4C3(SBsg(@-BLmaYylQ;3SQLi4R-OZfu zqMO$5=FTE*xOoVv0-TSydI_0b^R(A|I6?j-G^U}-6wVFs%52OG4l`-`Is_(02#yz0ztJb ztHdKxoJaIEACkuiZ_IcD%Q`a=Jx4-!G!B-PUxXAivaAkc(4>JqYVdCu|M4gic*0VV z!V=YiH8S{l!UwiR2A<9oWeyY(evGcpkMV6AztBB%7V&|q*pEQ<&BIG{&e2BxkOi2gdZ3rXXlPVe}muC@wk+5Gw z7}k2vMF6{vc&D?6@vEtxuw$vpo6!`L02VQXd(e=X6=A6@Xu+}?7!AW%o*I0f`jd~4 zPG^9F48g)vq25NPa~f-@=P!UY5scTvSvOroI#cjT2+g?80AwBGKPYEa!H^#k+SOl;h0oS$TgCzu_J`J2-lwqN3r z7J#{g*t+ssV(f4RTB_;}=-!O@eLf~hr?5vfg}Ub~b#;{`s54n-5PjK@s7Hxlr8Xdq zw$z!eSku1;Fd7|}Q;;O%)o{NIn2HoVX>ueueeFaV@1;XLEsal2&-@>v9z{$!Bb}eJstIRp z_4E>yvoXNdhEOy_zz3=6ZD83S;Alf24LWJ9=8CNvke~KdFjg2AsmaX3x2dxR!P*YS zQN#KL745Mqlj(~)>MPtYwR! z3&s+|Vl{f;$A+dXSf!vAA-99Dmq_Kv&iZCD&@MvvO1&AR->D@Mmks| zYyUp>up(NXz|Yr&bKW%mBkUG!Y5CuP-6EXrX4BS52a96Irh0kL-V4)h93D~s>_6QGu57<_N^Ug>oe?VP*9}VXi;!hJsW#|5_w@x}01L{r8^yDu9 z{|O^V8UO@;Q{L$qP-+zfbM(gRa5y{@(o(L|E1*&^=b+6`vJ9|_gzKiqQ~dsR$qu-Y z>8+2>@PKj$N+!v!VD|U5=}fT)(-~lw>k|^05>O{*;&T~b%GdC-ltd^2uN<`X(ZN18 zCmr{kEdck26KGqbvnHUHjPcSv1N<^^LdIauj)2;Wg$YjRAK+1a!V==Gjn3hKT7YL! zDy7T^LJ=bA7DZo%cRmlOSI~D@NiARvd?kA8qw{S*ZQN#Q`EJ1agydJFhdNgSYBE|L z%fAF{ijfbNApQ5Ce-_HV1o3bCvR+*=!NrcP<{<0?_=zFZ;L2Q1DWnBe(J{#V_W=KA z2)eeJP$H;kkyqM%@eqzf+evGf^ahMwJE&ssQ~3cF@d<)AMmp_+YL7yTtA_YG2IGy9 z*^dX#R`-UTj(`UEu;l*3Ip9r<&Kp5h_(|+xp>8!9toh+g&WdKP394O>c{<+*>p(bD z50SJh)7c$VcfR(9DcT70TR1Z`mgRg0~c*4s{ z$3UnaM&e@OPPh!IS5WHCJE)bX!02LFbZ^kh?@mLdddGk;9N=i5Ab1C#(^07=GrS4J zo4|NBrf+JzgU{)uRBA$3hbZ5$uI^q3lJisLoht zv}%LV&}WI@+B(20T2Vjb2G$wzJwq66%FOWBP6EFkJzS;_$ zzYZ$>N0nXwNxiWP#c5>+%YK5%@k!7whEqwk2zI)FMqNEZ6&Q+q-3B8|f3MU!ZO#C% zat5Eqwqd71g!%$=bSocd#lxr~NV_JTCnMC-&p@aRuvs{PcTHx$8mO19+l|#5_>gdp z-L3|*Eo5MZ@JQ1^SR6*;oC)5bn!TM2Y|W1xZvtbFVUfiIZ&1xXLozcFfM0&CBr+ax!y{DFA-bzsc|a%}P6|GQhuiG^?7%Nq zkV;j64IUtLK}XI0vK?5Q7uq`k?E3)W`cfn_J3>vm0m4{-uRK6_w;w8M0X}Gr$(OYZ z;Q9v$^DxiNzSs^-?gqjEfG5KUk}M#C8CRiZO@vy6dzy6>jN69AlS=)B$*fHgYS3lm zCM)I~sW^0BVU~6~S0P>aLU=W*?=oQ24rggy%sLyPzHz~73r62?7VApjRe)Z0vF_-v z!R8;roZm^+Di1^!fxa3CFa6SmUi#I!;Z@&UUEq7mzDzw;8QuRAFi!b&y7(9UVNXb( z;=WaN@)&&MWKm!Iw7?=p#+I5`z=`bY{_rfuR@qfVPLCxTy69#LUo2UoEHoEc3_har zIIJdgTjq(f##gB7G$m~ethK>;j+}=k50U#+I@%o19R>k^jyP>-?BW-QBPVBYx94xX zL>^Wr(lkXb0&jVUOY@A#i5YxP9x-IVKoNONy--e5fvbxwty( z0Q&$(&0gqsR3)!S`oya)Wt$IBIb#|^&4-|z@YU$Y98>i*>!wN;70%yiBN;j8LI93{ z=Lh2nwiH?_9-O=nOBMeO7jcNsg~QswxnXFUTKOAtlY!_8J|wpjZX5yFPPrEmQnmo0 zLpaHI2vs2^1ANR|6?1+<#tZeo0f-zzpJD_v+oC5zqj3mzt1rcL2=Bll4^vv7;wC8!>nX4wNw)&l*~fJ?x1?qVU(Yq{Ba_bqV_y#yOQ*z*NjPMILbIDg2l;wd zgJ*m_#1*O4sJ!s?+y~_QddLR8ujl9rOMC$A3=Ww=+4ucB#PZL7!8xyFQ>5|rEPzbv z<~5dh1iqepc;NDVJ;$*So!Qq@au|jf&(}i<8DCEU0LIrt7sl5^7sl7~Y$o|1S>E&Y z^Z=04_w~$lg;;`!cX3#y$?&8^5=Z#Ho}W5c;vgc9`Wz2grJ`Pj2MDoOeMD9zYxusN z0w3cZMmnwMU;rFC1?Kp^o?M9beLay-V|+c2Z-glUR>4t=WE--fJzviv*wpv+oPR_! zdV$qH#PobUWPRV)a~bEvn2lpzi0S!yD0$!4({-2>t&reOu=W#^Y-4;qm*7Sx`EPLi z;G^Nbo<*Cqg8P7NtQ>j@JYUa0SV{;@n$|9CB*X1oX1))3R{AB9m8zkl@Ff|@~s--7i$ zG08Tje-r^q@^^3qU;}MA-l^jILTCJ=6{G;p>r;eA}=NkK&*b$m3ue?(%&K{@CE zxVNFuSy=z@yT-X57Hgaa!aSmrxg^v5u8|ipr14$AJBY&d%@or$qE=}&UjY9uT#e}( zb@pj{-vVx<1!qdibd7F*;u}}M@)FMJ=qB~zOL&G_9`QD|##95;5J#Zge#{MNgk>I& zp5a}HDx13y)unK#p6adZ=($V(dhr2w>1^oyx4ZP!QJ8k|o!z)gDeAx6rOSYY+@*9C za+k(+!Tv`iatDXij>b*nF8!*mC9;B?go7d3lW^lMor<*ySpr~1LwF{n0PfQ7F|}w0 ztgXQZGw!=fFFs<4fxwRT{=3}bnT!CiWl7B=q#%#JleF0kapGG*L%mmbFUZCMDkQa)AJ zk9LQ`U3#xLR%?+{t1$>Id{W3=Iu|cnQd6>?0XCR$HokF}-k~Zq?$Q@=6J*jtFqdXx zd+ySe%=X=-L+4wX^bwe!5nETD?=G!{mm{nn5P!qRBrC~?AOZnbT?ou94oPLn0_xeXP9>Gg`Yntcg zq;j&qlZwJ8lx05I0Q2z)S({JDw0uJ5;}dEGd{W9kp|Vt_#9&|JEx> z1ehx8c#QuzxWu}f`|eU_oe)P!c`4vke2(OD8F%TtfYhYcAape(E}Ld`Vk&Wh$P>~&o*Ln_b~2K6=K6(`e|KFk{7`Ik=UF! z<1YOzRVOJW9upM~tYMsXX9rPv8j4>ri{CEcSr>8(uo`JwM`N^grDOi zLJ4@~@ZF`2X`j+%fWL+le0OQ=YdUi>Y9j7`I5MT{yGvWQ)LD`lz$*|Zl#p?kmdNfY zY5_tUUy;x_+@*bPc}fNY8{sPnxl6~Fk=g)rfXxrdukM6tGu)*&S9$X91KUP8o71>U zUq-#i&k+9&VQf5ISH8Qn3O*t!Zveb&2xqu5ms1LGmyWy->%~sOqY{qH8khig>B#^z zlmuAW5VQv0U0P=c^3Vcc8=oMIyEJ+`umOl4YB1kjx}}0QP)rB3*oP$zK)SsdcWIM0 z9&;;LN5Yw$72_^#^no{&eGk@e;Y>Y5`tH(-b3JDCWIQ+H&_(CeLqo1{mzKi<8x5qg zBB*u3=plFM3)l$7q)s3V3?p%|a3}QKrQKs;^a)_hGAz2wgxsa^EnxIj0N4A3kh^r# zLT>_b448J8@|3{1OVi=Nd(hn&N0b``k62@Ix=S5&M5&v2U^WCKbsRGv_ zexHv?HgBkYjJve!Hgxz?p#A)xRNr0t;wVt9sdxy$q07r!=|>oM=?{MaECfd7f3vg? zz_?2*7KXwWpmhkNhTNqWTS3tPQ|Xfs#m_i*_5VOq8e~ch{vX+(Z5@W zEZNvCNPb6z4LN+$9l+sJ?i3E&yGuFj;O^qEqkGm1?{V14&5c|}mh9wKeDsl}o{B%s*R8$lHeUENhuzP8j&&u6mhIH4i0?7?dsAM)-jFfr zLAnv9ucGO5`azsp=>zVe#S76ngB ze1*K>OIP_YuF?OZsy(+FBEAY1E`dy!sXYgq4Ad!om9_R$*fpb02a^elt=+8*68qLm ztagoPU}yD}s6C<_uFm;atII&kcUp_p@wWxQzQ?|%Lz0v1cy1uzAA+jQAxwafhb6N1 zlZg3I3ydGWL@vO)LF$UW{&dt*`F#|wuj*^zES2j%Mpk~(*QI6c&&T5OXFq4xF5>Ec z{?&q-xVr9N4Rw&0UxMYy$g=jX!?^m@%XLT8olt+`dt8vGY<2vF6x|A{=+j=t7n82L zLABrVtT{Ll5q}3&RJs&1RejlD)d{x!Ex|ADNw!RXzf2#y$z`vSQ9almB z>Jn**Q01rv=>-D)Z^K5lLp3Mwif)CvkIDWQ7OeLa8JHjE)B%(C6{Y^i?ziOqMGv9Q zcx^lRK+$r=(JbrK!Cpl~;=ifRLmMJb-m}nSJbAgA088DAr&03ceMm`oZ*9>csqe}A zayy*cz{r6hU99~Y@7+T^dAz>rzqQp3G8sM5HpvUxZ8q**d(f$badg+jtXJLx$pU7L zC*{5u)Y%Ov5z*;BB&QSZdqK;gZN7>KDJy|cH=N`u6C+ujqH%QB#9m0s!(&8RLgp}UK2F7WLwRXrAmiwMt7RrfH)Yy5x~c5t z>D@+hbk9SJT!#pDbdwB^;BO$N@F+@3=ZY*O`C7kX40R%-aehRiiU+=mDqe}nL#T?I zufoN5Q1Sx~>l!KYtGIszpgV{TK#U=IlW@O^k2i;VoRX8NAQTBF`Ht?%t3jv=tbvc~ zYHmr*4vy~b7>i^#VC?9oV(FB)F$sq(Q0UxPWQ4lMEbvVCAg)MV`VZvMJuUbk=GPJPT$d;`vTk`h?tMVia=2$DUrkx zzN7nCV@s?@#QQ$SLsqHZPfGD2Vo&&pj3aCKj_&@sERlyHuW8OFF&Rk&B1yq#Pl3_WPRV!{pn!IjOW1`8)ABn zJWAeoEwJ7uCfUX~@;3jjp?PPGs!Z(H?IR`CseS} zfF~1$E1fCEn|C-v=WZGB_2FuaH}9A7+USRYe;&>;-n{E^mbeV;SHd|RZdW`Pq@Ko( zZmP*pH*u&EQtPaf?C5T`Fw{TZgtE*VK`Nr}`2C~S`b_=)&|5x-k9Y`AqW7 zSl;U&0|1!*@g62eYY?#whxH3tlaxr}nEr8jBeo(T;-t?p{evErenjkVJ|gc>GxGaK zjuX&=h9=$lG(h_)Fvss7>4<)4|2Q&;MtIx?aWp2`AT$|AH;vYQ|M+x|W()%Bxe(Lq zAJ1j#AI-6-O^k&&mWG&K|HzI~`28d2KHNZ%;32R+CMMa&^pDbewfsdO*L^g+e{5B_ z`$9o*0p5he;VJMof@}-o^P>>V2c)=bVIYhp zI+;r{-R~Ml2WXA+0k0qm*Eds4*O-W2z=iB^Qx z9gRb$qnlLcn|KCT9&xuX?!bUb<6uWObqmeo5jMOFQDt)%qPi3g)lma3AxAfvJLKr@irJ0j%!jCPbd#l|vkp|V?#JA+|m6<4hS9s<9Ha$OALgDX8VrrKWclV_rTmrY+ZT2qx<8$ z(0vT?r+rM4&XA+~y{h;g3RU{=i2mD2SQ)S$2cx!O zg*&=Gt_DI|fPD>t)o^Dvj_%1Lk;YgsW<7*u9NjchWO8&*!|a-(wn1i(FBfuj)3BqT zWBJ}rj&2@LoR*NO7ehN#$kBaao#&vYah)8}SKQn@`BJd_v~q6KVu} zlI)*QSt?UvSkW?$?kR8)lZ8T#?y?1u&rwV85nLSB^Jp|7NB0|p&<^J#eua<82}CfC zZr$$*HID9<_y~#o6ftLw44rv`;f`(svDiQ3O~8A>)1#oiJHUa4FfT-aqkGenluLlG83Jk0NozHD zFL=@ru-1XG)38WQW)>XXXS0KK0*vns>oO|ZWBHEm`=udx3k-XiS7P1GeMfiHMtpdZ zlqUl(=yN2O%Q(8%1n~4lr0O6vG9)gWadcn&)g$!)VUQtFo;(*e-V1*0EVN7n__`sO z3h-EXFSrvngUj_`Y&9%aV;tS}mf_Q8RO2T=_?k#7kiC$jo9>PwNB5RV7L%k{j;!F& zP0%>Hsb_^8-81fBiUg9(z)xvnvu@+){xuRGoI#SZ39u&#=LT&Y-5a}FTE0K9Ax7Rf zy01|s8AtcWd+>=YkmMWqSw?KuW*pr<os?Gk(XXM2USAKgWs9c{7ggB|mxEegbxb zaMorV-L=Mg@=+@=nZV)6`;P7yEaGz6ivTMT!hJ_~=^S3!8USk+!hJ{gh*+wFifL9LR(S3~KKf}*A;RN5& z-4ZMNlsWl3e*Pv-$QZt(`(}0gBUR!guEg{dN2Y{~qq}~JSAa?&)F6^>QT}_uOR?>P zm9zua#a9w?bk`{0W#k25;|SOCt2<%Z3`h4b=$kD62C!v>vpJ2Udqq`ba4X^u__AJI z`Ht@Iu!Jv91H5Di8@Mu;Qwnf&-)sa8cK`;kMyAc6YnushbdSajUgic^z!08mw5|HjdMW(%~pMtlc@`Ht?Z5#B)Y9H5ClEV+Mi4veGwMlU^z$)#Xz3}LJp1bm!gU4SIiq6}8$gI;S2Qa*d<=8!XxLsFn}Z;$ifVqx-8b zJW_oS+Jup~Shy2nV5awiOJliB4gh1MVbKjFs!Q&F?$9k90?LZeVFXE{vnQ z%pZ^~hxoca7Md`G9Nin>bFkWj(bZ>#9No1a1vUclV?vnk=&p?Y)Ye?Yuk|s>br7l_ z04?^oT(C&s)Np;B4o$v-`t+8v->T&39!D;gkFWVYN_g0Mh zRwdBthEauiFZlD;P|+S>uW*9z=sqz;w;O9L@K?e)#?hT8&AXMa1YvU+iLD}xqkA%$ z^b;^n85UVAu0Ks>3FDn8K+W{VWfZ#j2-N~nq8bU>5FxrQ+!X4df zn?cuLFvf?oSeJ2h(^Jv|j_wNJlcW3W6EMvITpYu}ZW6lCZW3Jr_K=vB8U4>QX+g#L z0aLoFweg5wbzEKi6dI53vPw9`*#8iVwMXNBD1mAgsmosn2LD43K)(NhmUevq!?dna zE9eP@$U>0Fiqx zc>_%1yXWX%kQw*fizDDIL#AuukhLkTmN*N!=SYu3;KSW>Gp=FH6zIe-aY>i|;hsxu zh<6$dn`Cv0#ywa3J$!rf|494p_$rF-{h8f+xtp7t#!W~eBqSja5CQ=qflva35D1-1 zuK_`Nm)?7kB49x*6a}$?s30PWfQSVY6j4DzY*@g81rYJ~oHM&~6JGUwKi}UU+va)B znVBa2 zHp#olU4q;%q-+!gM4^{F(}B_+az3aji^Et-DF5S_Oe9=8A(9+YjObu@pw?ixE1`lR zjCTj(o8az1cf(KK9q29!RtiqR-GNrzp{n6Ya9xDM*hvP+hv$4!y8|gt$)Du<)DGbA0~^*KZs|9wFG-9cahbFzgLrAyCbd z@>o!OgJ)SRUQPy-p<((LhTxrXI0UYHAY5ow#i)pO2RgMMpEmA#fu3l0pw7sV^(mP| zed39mb_a^qUgJLnJ=kx!P9qI|2j)Q#*>6emvIGgc15H_hr3(sJBh68^D*yDtU z<4Mf|(bhp!Hl>RIo&=z+gRW0Em?=-e^^>58vvm+<`{33==XYX?oJejA;6ibz0O+lQ z`W%H*3f!wZm?XN;TL%q32|_b~ZEqqtTL<+#0m49lqe>I>)N|H(Mf%y@!*<5<-AhWzw+AagTs#c*R(lJbD>!6U4Qjs=- zxizS*X(}o-Y#sDj1G~Bk zy>(DZkyLV(o(D$Z4Q?G&4pZq=XBl}x?DhQ!7`6`j?Xn%s-h@#QgIfm;uVP1PGGS!w z;MPHVp0G3H+Mt}Xb?6~W4#BO1R5}o8*pBbwrnfl)nSQSxurl+XrXspfmg7q_++V zU1BTuV9XwiLj|gYoU?V%ssoVITL)#FSM8!=boSfpSn$TMZ{dfagrB2H0KsFqux3wbH5=z0``T*l@4d? zpz7-l4$z;#%c99ru_lfRKIIvqw+`z0gRJ=^#oHbO#t+x(Zi4S8avOT~Y z^^dxpt%JN}lT z3)Zh-2;?gjZ?>J@I_Rl2Ad~}`q6sB5VC$gDuc0554X~vqkOt+C-a4p8Rj_1VP=;z+ zb}%H^I%rfccr**(%2EWSM{gZ;+QPIp2zyGCsIk6j>!2m=@l#%~KK~o08ml>52R%T= z;woq%FFH1$psB`PZyhwgB4UsXMm2|}8hD=Fr>%oJokee$-xKv=eITowg3@RU5D0gCt}3qB!B;93u4AL05uoY#sFW zF-4Lsz$_xRirXT*e@I&g-Rrlt4FWb?YvZYR6I%!U-U8o{!C5ZAX&K>4o_-lcTL)!+ zYJWiWD6l6q{tsIRy?LJ^$@jqgNVE0UL8}_uIDI~FRpWZ=pg1o=67doWJ`PnfD0PEd z2MziLZzck3pmC}vgIfn(#Q$X51M61`mrUYGMcO*(sYpA$r+_uT6jMzq($+!03Oi9B z0%4mbQ9iLrpNF_#y$g*Eq9G50a7>f9?o!_2uc&<=v^8A-;ff}41^wvSE-m#+=0M^gJRrRPy*gB}_qN?!Z z6cBi|nQK!OYG>=9X8X{UqNqIt(l*jmg5+!+bSpll=8|&|gkwbFKy!ntw+?EKWm%5w z1rRQ4O^W1f9TbiC(pgj3%XsMuM@dc2)~N(m2;wJSU|{*gD8ni1d90{Qw+F36r?W)LREVHpdXRfRJ07q%=8O z2hBW)w|zk9Uz)_4GTv*5(To{qgdYJ~fu76+!?-gHb762;K_W4ukm1DaEV&VDVCzS1>VOvQpDqYx1-h+uEpywxe z52m8CaCs9m;?&p#r*2%?7+_`W%qH6xNZ&H_;wn5e1AcbF76Euc`7iS2Rm628RdxLt z>LEQ-z1SrQ&gl*$>CWDMsS~!osp079Ej_<|jJ^QiPMZ8ADJ#ca$2PJubsb#Dg>3&Pni22f6g-pxIH@ID^Q#$X)H)G(vg`upICL{4Rqa`fw;SD0sZ|bi)b>@zVj- za$xlWpxU)*n)JN(qf*fdczcH<6g*dY!T^(sA%Mm^uu`Emb-GJNv2A(EmNTY{!kOW} z%}`rrT|#}Lx6GGv7*4Ta-q65vql zeX~r!#9xeKjRTi7G4{>sc2=o)68KJsW1ATJX1$7T0;zZl#|I8v(!|&|i%n6zgZ z6Y;T4let(SXmU zKWKvRZuK;|fHEwb!>JVxqdDc`X^idgOne_$UpS9)Ak`gjN2HkcSOoV@k5f}P#84{F zdWsgH{L6dbvQf(gNJJ67_Pllv`MDe50Zr&hgyHP*WseU%PI(I0_Zm+{WJ>t1g7}AL z$1L*eH6%O^4!z{iDNTQQs?LX3DZsKcPC-$mWs?0frRO9@{<091?wUpcDn$#Co*{q0 zZ8RveG>yZ>UUpxH6!2n8w&mq1O!t7Y(V?ks_w*aNU{sTyneQRflYaRU7_U1l$yQRV zOzEkxT-vPjU|iHJHWjy`-iFds4Q~&!F3(|PYaGf76fO}{kPZ*0#&PeR`}5wG(la+3 zUmSuc>*LgfBnFf5V@}lpd74cg)*5-GNP2E-fX@nvJQ$}Dn#|L6-uBY-({O{chg=Bk zPL0P<&FNiJhdVAj67Y7Ho-Di-MjZJpPJ1+&d-~pD?BLVT#@_?>k;Y?w4#dz9qcghx90M}JoY*J8ns^LjCRo0M?gYcpz(VbKt(A181t({xwT?cO!Z2NwT zodBPK_)}>y_Mi+in;D+4nds7c-a!7xQ6m5I7{a^4@ce<^6{mG|5VAFiLZC(?-Y2oo zJqin@gX{=GZ%vxPCZL_My_0Pd5U6w?Fg#t?+Ob;<*ZZ^>$BsQHQxX4M@P2~5&<7!y zPlNHC!xAQq7rfYKy~g*p=f{A3L^u^n$)5Ab!<%4wT4H^Oqj4F88;+8aq$JbRw4B zsk8`$)i-HkQa{u4-AOx4PlB-fCQUS`@XiJ4DFg!*zB~@XnVU2*X`$(Pf3`jH_zeV! zO0GogbicB>(~IP_V_pDsd7wG-7~V06tXeZP205LpsH*k2`z8JDYNK!5plnU9HtAi{ zs&(V&byw*hgDg=s*WU_=l~M}}f>j$wO~5SHBseUh0L-I=qB}_(5kr}|YPQlF&jQV& zhG2SEZUemCkr4c==&CI}u6qnYg7OGX#|U0RIWCE&SE?3yo=i8`8~HV$iyEFXXw+?@ zYJ1Q5NU7j5h>{P7lD7J_;Bkd;QA3d2>k?iJ^uOzCcoYM_ra0j%xKI~riVs4mrzZU8 z*OY|-hzb@XswC^pI~MQ7sg?@sVxTe#~eQgotz{+(h6mkpm^h^HrK(zMRi~1 zBd=0|znpm%YFfTAOA7x1cb#wHHV_U&aTqJf+m=TNI_N(2Ei}%A^AZPA?Yt5_!=Vz4;+Bg=9ke8a_->jRkcQ4&yY%Mj-=@Q8}0agX=vGB0poe2^KCwhZ*CW zVFeJ-^BVq|;Kh=@I0+qRyq$;&P-7Pf6RxUo;1@SSyN0yFYDe;dIQ-W#bVm3NOw`op zf?c0DB87m^*+!38Lqq~Ahr_tc{xh<`I30~?P`K805P2gA-)S6q0;Ld8K*O#P6gie& zW%S)*h#`Q+YuFov*BS>9wnc#MEd@(fF=jr37S#@~0y&_{B_fPoJPZxQOogzEB9uUz zvxQQ`CM;-Fea9NJb;v)BiE9m`( zqDMOSUPY|-E(U=(lt5e82Ef=C__6zuZwlbvhA{T40%NJt^H66Yis3xMfn*i(OyO0e zXCanr=K#A?<5X+fI0ilsV&t_E*fXVYr9=fFOM0qaKmc9`Mc2dU}6>6+mD= zYn;umLXm@QnDJK-4{~-a4vv5%`I13xAw5smHAHm~8fp?ng_)v)Nw#P$J+mLc*O4If zc1S9*>fViBVQ5Dg{W;~fgxArYg$B@J-GX&`xXc54g(IQ9G^tP#^>=75={d9v^&hZj zHBJ)t=P03DK*AJ3=O<82y#dDin#Fe1?)t{IB}M@$P@0GY5h$h8qOyd=e6yOR)_n=yjq#9>((y`6~Fo^LS)CFKK< z*hD_H#`sypGq%Q47IlH#4d(+6B<8tFku!*CeA$g89V0}#yhWj|knEr}_Xl>t>Jm_wrA2g=UOkYWSDEdUj1 z>3C{*A|Cck{0IT*59i^Iq#R7zc_t{Gx@W7DHU4z7Qc_m zimj9K5%k2hiKJ(>y2iHz z@y=0wssWFJe~CC)vwSkBzK3TZ<_>EC%G2t?#$mikP=AKH$*6El zd|2?vkAop)wziD-lTp5oNQ$ZeZ`B0W{ko*KIBuYferk;&C?xGb=uw)a0x(#5z6rr# z7uXbypQKQf$wh97dqR4Ce-XZ~1bDwDaO8qkn)zl6^y=75!nGXnNZyP7nH4wL_uL0g zCYTx(jUxR4RGc9-r^ySIJ!VAp!TjQnaQ(wU@hoP?NAs!5}L~6U`hFX5T6s3 zu>fYM1uR$NKL^z>@=X6liuQo|Y53;svBC2JM)p@AGzA=agQQjV*zEc9K`AIWYY1U~ z{fS7jxJSddiqTfUyf5+!ySbi6M3R4d9aTu&9$!@yr}|_S(TLoIsWcz-y!*29^CD?> zQ3+JYVb9LBnD~RA9t=dKmyodfc%35dm71i-Mb2pnm{^W`!}C5mypdqkCaO}x$lIPT zrsCZLAZ@gg6wWxuqO3!P=nvPyIE+M6f3IZdL{tm66w~0m%z-#5?BdFtGf~4(i^>fk zJfTS(M(zQ|or`|&Z8ZJRdJyoj(i9bf&ppj18R9&kiyE#%!BBY)^FJFNMayBraN#&O zh$?PDYpXm*=5{jP9+)xX;T+@@>Pb>1rhAe#NO@u2!;~p!n4xV^0X8B!K8IL@x+m_W z8TD&Fs@W$(Y7Ti>9}<$q6yuZ`wRb-;?gP46GwP6Hp0$d5-sPEyPG>#|?gQb7CN;#J zO~M-D+UIT3c{pFxr2Yt#`X(Xn2bbqljL4)3r*Ir9Fr-+N8S{)O;_fkh%PS)A^#C@+ zF_;DiWD4BW=IV+?#DCg|tdjA329%SHMnP8Fh@+BGWjopLRkv@A#tyj4jey^}K@gc^ zx1nB&crx@aWCYb{>`bAyL6mW0rauC^Uq3z%!8-^Q$8Z?q$R;y5{4OFSNl!2IpyU?- ze{cw@OTxB{K<|lmDVaxdAs?e2#Zf|wBB91jYG9KxL8z}u`%t3`vl8mS2+YrwABneH z;ESZqXL}H72?a$p%g={V8!b)R*E|9%AXBsOg*Z5JHcs?|aYe3mJ0_MRu#z$L6{+wI zz_w^Srmhe2yThmslrC~NDb*uJVkzS=HiV{#oPg_xBthn|@o~uNFQR58{AXZS2NTdtuhl>w)QkGSk zI#`-D;~M&d5$_q_zl4B%2JCwr&D$2MmQ|%Ihe&6!!NEQU<-_DPwc&r_PG8X()P(%g ztLIAm^lDd$pI+_0ZeyP+>%ujzdoR!UXi27SkZsyc`GGk6mPRT5NlFwj_!EvBf0* z^IgUmzwMn1Hr8RHH~pE!Ukzk7-vvz=!fyh{8NzStfFM+cLv5dIY`iOZ&N zZsS0uhw$E2@Us}$2nUykNZuL3H%Ha@CLHDiURj#LLwH)G;dux(gr|^aBqma1QK`^E zsjgJMCbh|De#ZnACThO?6!k8#gA+BR>K`U*CR&J~2O?#07?+_*vN}Cc^B&rDnE|kl zCR`-{)FcchYG!tm;s#vW0Pm(b&r<*t2NN~hFDcF#;L|kc3hsgvHNKICSOu5$8Yiuy z!XT7PnyA^h0-b(fCvg0yfmF~d(nL*VoG4whgfgL?s3D_eoJDZigk{jQYZG#mGRBUz zv&k(QL)N7_pR);dT}1LX2apD_Lw&sF>@32&=>>SozUaN;SC=w&xXbqpl+-6p_6zW% zU7i^$@s%v{_GGxu!(n(Sz?|C?Xpj{<9_`!XXu8080QgqT;rAmr6zq$Oe9sv9B!%}G zx9>EbR9tqtV{|D};c1R#JT67zoI^sSY}1V4=`N9R9lwBNQhG@e{#DG9H6T_*;^upTT42TavCQwfb9<>tziw0LoV4ke$dD z8*vx>mgKXZLbwS0`)^5_-!57Fy;9wsX`?M2*`g!pAwzaL$@itmuE1R|vPUN% zvIPEpWb^*S5pW|OS)QAf6HL(DzEIRs&rx0QZkWnQlZz;dm$|i{yO{l9T-OM>cJd>MkjYp<)GjGK?&; z0e3-*&|l(Q1pd86?m=-S@e`%QB|ZLwMS7!^76^{=jAWIM+9Ju%VVDZ%@Kv#7gLe1*uP{utZbDrNUs}b*Okm zdR!+l=B_ZrmzsqN2MLw@^sj{X^Cf;!0xwoL#Vx)b;zq^32n3EB6?^K0-Bj# zMWC1aMf#owJ?D;4d@XiGhQwp4b|xG+h(E7|kNPBXM*RfEAk9IAzu6)2MmPE-vfCD@ z9vZwD?Sp)!d%V6gAlGl725+r?1*61IQHGd#b|@zEsk-D7*xvn!Cv_v_mrmNC0;G>Y zxNe(HshmN7ePL4NlBD7NZPHvO-5-IdQI@9NQgxOlO*%_&J%@<`s3^uEH$X~`$6YW> z(?>xr0{=csuiK);A1x&=>G2=3ba7Yw<3+Q{YvrTP(#^VI?itRP2--sN&^6j;7>7_; zLJ%DV<%~ogrN2@xxsI>f;mq@N`S6`Tx2z2p^%|Ip8)q|qF)L^F4nsu!AdP`*q`1AL zV2~-ez>oz*#u>bXF5|~bUzM*BpbvJU(>+NVs~^D5a%do)Vg-RQ;u01cfAj1i4p8C zs;E%k<*@%Q)Njjb=+_c`$v(VBjG+BvkVTVAO%RxQjS!g5hI=jQ3^J36iSb};+)tnv zMb7RW_Kl>c;7LTESPBoTNcT?|=@3>O3b$|v$pL|-d|=nOL4RTipnpD5+Y{}3H{1fJ}Y z?hZqh0{=H9?eRZ^at8*{6`qvtyg!wKY$yoYLxpm|Gnj-)lJ3v&O)Pbm#(~2L_4mJ4 z~D|8qv~nuhQpy%wYVQAT~XRQNc8m3elAM~G_E%IiaYRAs#eq~k0?t^zbs34pv z6?`@nIkTbYMwUK_=!U;S0SuM+v?@t%7>fe2 zX{W4Be`c4#lgipJ4#SA=sQWXl)Fy(Q`h%UdnfD}mr6Mhpipo;=^^U5jv?j`x&u=a& zBKpVUnCeb-yFbCd-)VJW5s1NlvR=NZ`Bpl9@C!^$tgH2h=ye+)T*2**$yAG6FP0Pz zu9J-*VYT>GFb5r1RJ>;z;N35<**er;;~{`Z`{F&UT-0AXhhe%t}0%f+f`yG@+>Ml2PDD)u55hc1sACw!^Yb`Jip#m}m zod2P?4c(;bwL=j~YzM1G7vf(FSwSUq+hS(9qv{&see&pUMo-ZXA~h*QCyP}M4aF$q zf5_NB-H(W%roDkR3(AGfAokz0bK0;fsCW*$M?<3eYV762QmActg_B$)okT%sHi!Is z^lMg7fGFg8IA>SOlPK>lb^nHDg!1k#;!$1;W?Q-wVRi4vXklDvopTsd5GmT<5BVq4 z?Y?EWfgc`&@^i_|SCdu{uYp%JxT2$$UmQ)Aq`%_(~IaQuRzQ=GeATUD3s1Hs+8 zJpSr|sJefjY>4IPg7XN1=8{YNH6m?pDrewNG2KCPf9D{{#ek|rIb}V}koLl4rW`6X z1kDkemuJq1VqVxQ9@ zk>edTlyBH)-K49Tf&Fk7X?YNi|J2=bu*#9w9i=zrNR?@j-nGzpd!EAPB)^nMZ^7wZ z6Hfn`-Vv=~$y~gsldF=f3s`d1(+D!15M(@~kj`z1WpCWFL3zZePa-WHqchYjF0>*v z$@l1h_7x=WM8jSFAFzNJ+gi5-!e)U-EA1G9`LXZO~Cewp#y_>XpG4DfK zXTOgZJsho+rom(hrnO3z&-%00QCJJ7#fcS;R(g=J`=B*?K=-XMYqNt=eD6q7d6YbXUC>|_Ebx}wk9p>#-%2D42U#~AY6^+|B_yIJmsh>_ z1SB{WsvZ#2X5(gt?bYZD7tP5nZO5^0jUyWMve6@9!m2m!kATxjL|3>SMn@+&znhBwF-M0UTmGZbcP~Wau+Zhc?}S>E2*JeM zztyGOuJ8&&^ws4kW$-n5g-Ysti0Zt|mitGeldrySV%=rSC|_s&7hm}sKyJvQS@e@w z_pI?s^u_-o$^qtir?4)lFSFKF&Pb&85G_R3J(UgIr)@(zy84(;j8j_{d=HK4#kqFF zC*l3K>?qjysNAvu)N(R(Up(p_8I7r#v^d#xGM(I4F)@~WBy=a*pOEAaL%&I)>*t~F zWV(J4TAr_8hUW71>(E|&y%0JP*Iu^`ohXt|n!|eFn=QzXhA#O8ZulfZQvL`{LOHr6 z#U(=<@QquB_QK8m^2nn?)J+QwiLM?_uknRM*9fQGhBAxFLOQxZsP_-_GhRgP7~R2> z62K(dA?SV+hmnB1Wka1kCuf3w7S7)~kW6QM4~h2h>|TTr{RPZ>%@$Rwm%Lyf-6Vkr zbxA2lLGJBowGLkzfG2C=luH7)P(G$R5kucCMmJ5MRbUx&`xAzU&P(9*QPTZAgF521 z5Rx8+(-bXDcOvF{l5UoeP0~qkp2Wjo&qy@(?A^nlY$pMVnxs29BoUG14_%@gCGcDJ z@o6g|HOVt)CX8_$oX@lbDSzepCfFpo#VB}H zFWc7@jC#L6C`G*n{Z4K>-d zy^F6SA#v?dOoWWLB(C-Us)`V$wSs5a#r`$7A@a^WkAbWDhHUxuYt>bxv2t;BI93t*8|lZxDj#G3DpK zWIunq1@hy|*WajWqA>bsC%Zx2^9YtJ9AW48sIznHhQT3>k~q6z-5=R&>k!~tg>9}ob)s-b5`Y}P z8G7Ib-ZWf|Oqx^9jH1jaj55>bpb<_r6D}P#DS%Bg79uF7nBZzU(& z^sGXrA(G6&sj+68dwsxjO;4rcc*_LxvOBQ8gmd5&-puqgeHU-7lW&uO&2w<|v8GAe zZsfEyJr__Fv62Tt*zAym!rPgi+Q3=KK43>2+*b1XIwZ{i$tP$NxD-% zSIkK=b7;y(nzYwVPB+t&Qs4GB2Bxowg9EQb%*~kx#o$T`k=3Iy*C*d?hvvu~lR30BwLtfqs z>_Ngga60=`?`w$H5pKB~*Z~K>Df@h~(NIdxfN_R z^z5fBAX7l7P9%z#q`P4Dp`mFo`@Hg^?Qa02ek8(rSwv@_ulCq6m;%ClA_ev8?30vj zo8ci4w%w%3$v(@vGf z7k{tRoc_P6xx%4I8I1ZDZCR>;_}FdPyFi?_jPL)gEu-97c^|@D$Y9(|05Se=D4uIFPKvxZSDxr5JbsSU(3Z-KnY% zvUECCw675HyMEy&8+T+xPh!hjmz`xOgDrZWj zoN z9Y}GdlW=-NkDs-BH+F9*bhhfE6&Sm(+9eeOoBplfs)I+)f9k z4Z_GBn5(!^vr-g5k$DC$BT$Zdrc5wLouNL-a7d5EVcbE1baGV35r7uL`7Q^N(-^mN z)VllO_ZDE!IC$wCHHV_@ZE6xi~p$O;EbO=dSsf?>t~s7bo}mmGBz&5oQ5&SEXWVJ0!1quPIs#WB*e z5vQ$0q?nYjxQjAT<_|}dvFBSsV{dvJVjn`}Qxf}R0K^<)Z>j+3GMsNXki5XSZEVbg z;{{L*?vrq^XlY~f5`$yxnb1KznU7O@61WOolJ2yzdCtHwws#<4XH4`dDxTgXJr}3t zTAJ>(u_IZ)Hg@2e?cKAW93%mXnxwmbG4^lOP``Z%&aYa6!%Sk@*triWjWQf&jK;w+ z!AG%sF$=NE$iE0Ln!>pw4t^bkW}*0X5OS?bPj+b7Ks13V;(y&8nme; zg;m&zt&)^gxOTy!$@g?e8lZAG9HJ_TH+rZ_VyS)o!@ef=L?tmA54w^#n2)&@NPhsI zWD0DjD~b7c;wJ#)T7@i1CtXSWiDtj#km;|ncBNnsnFgArD~V6h_%q)gGQB>q^pL3& zg5_$8uscJh83>{?G^!7uouN?^+$TpaL3mKJtRn$?Xw(lHxMpFaByUM3drS&{sRU(& zLtzW@=!qgOGW)y&eW-jgLxbg^&u}QX0O?COj20Amr#v+O7ENZy1Fb{r%BLN=cEpnbocfVKF~M}F%fkqAamoX~)#H?h#2iD6AnDaOJ*cJW zPM3$t?44a6POL(FN#Gz(?~wpSP14=Jl!vTcFvhRoxM3kB!AeL>mxt<)8mv(!fmDfz z6cd#wY;hN5&dlh$p$o?T5Q9Hu(GH%ft>AqZi1Z?{iMK(_F?QElfX2Xinghu>jN8T@ zJ`UF!^Qov{sNe*ie+v;>El#Dd0NrZmcBaJ`F& z6cfA|^Ev9GRmPAu@Zx1SAH%_w4^94Zy#;&M*kKGQ!Na^c#(8F9gp80z`_{0(xg70be)oq zW~OAFGQsI+*mX+NUN&w|!z82ZmaJ3G#VOpGh8c)px$cHvPMxv>L3HYr6Y$=tQ$ECf zvU?Imc2f9760qx(G0>nVanTWLh9H9y341t{84iWas5&$hagiCdMP>835y5PpivKFg zhLCQC!}ydWoNPY-Wzf69d4L1SZy2|;dF;o)Cjp!5;H9%Ut+?uJe!7R^$;Uu`mISU5 zOm{k)y9dF=sZ;nxJ|~-7?WEWbs{9J4pKvH?y3^S_ilm)vJ_IxI6f7BwxK_czQImA{ zFWLN&1AtqB(?d(J5)#wdeBOSgQI3P_WFk^bRHCrOU6eTo?RXPoa(+R#ewOtlXsMe| zftGrDDy){eV;CA*;aUXuWAfE2$gFiM5Xs0K_$m?vbxaJTadexz+mW-bf*)E z)_8Ox(Oww3BlJc)L>pAO45xdvG~MY$;`KHsk)|332TQ&L%G)GBQImA{FNx&KgaI#s zb3;o|+*nK}Qe*?AQO3fI6>xA&MEoYSx2TIQ(Z@Hf;oK7k*G04v!*vn4+S`zDXxKm$ zY?Z>q6RuZa@Z`Qn;VbGQ+O3@jL0H_R>wNqAt9>oEh6X`+&~?%DI%+e=UGPitemqWH z)Cmjq$H|peoYmT;GYHysr`=z%2SG0v*maLx7j?$VTwM3qb!OFgQapJp$W2J#7{PR>v-wBl;?za_3bIod?S38KiGeD|;WR@_)1A)d zU$S?0|7QI;+q=!6JWB!;HA#2>lFi%FT+c~xzSI&FHx|>`JQ-^stmg(G7fi`9QHjD9 zcTwideE&IE55}H`d1Pvhl2Arw6S@$)iE~ztk*I26!dTQkn~xczSYunr;Sak zox0+Ga~SsHAc084wIU9VnxwmbG4{%GFm^L=I%x@3LSow3Q=d{A<#4!;B_hQ{8Cy+U z)80SHSFlb`)dFoVL)F26r&YC(W?$FZSK0@szJ-&n7A~PHNWX143f*ciAg5Xw)>?=Q zgOHS>!3^Dp1oa&T=h24*aegJUA%>5CAwel)6) zg>deUqx4rH8lV-1I+vy!V^K8Q&L!ko!BbrIbB^;1e)|l5;r-D zar-9OB|(UaR#Hvh1k6LL9gdQ6>QzU>WQmr~eSv9_2A=Lsp#LazzlXzU2u!3f)X4J! zX4t-l>(34%_oX8HB)*2(jifx!`>PD`9lAsK`=*G*p@bEh@40~yGOajg0Ldh@C8KFV(;&r1!b+Sg8sf<22pQud$+>wW@$Wk{^$ydHQ_IvjUZYi|<{Y zHMq~OXby#Bex&Q+0(@EOay@$&E|%+iG-z=A8kbpCZmxO!6yB7DR)1DwEb=!D;U($%4o3 z1+SnJOIX-I2;>&Ho8le{+M0LXDFwYHp@PuPPxr!B(4L=I!E7i9TMlk+2lrf1^6{U@ z&3JpzBBQuyVJBafNq+`rAS>oeD-ri$kA5IU!}ORR6r4m(A7lv8uyX7fIEB?%Xo!YY z5@>lL-*6AhMHuNm?5&n?&q#ckI9ujIMb&7EysI*SWeed@tsH$(7j|VNlvR)Ch;8f# z_ZsCX6~fkHAlC5KvY(TJKW9K$UH@-%-yN&<4eR+0(sS1laI&Kl=>F3+xX3%)lkZ712-Jb66n1cJlvh45Oskm>Y{Ow-`dhS!PZUnP%wH^ z6irbsdpA-e!;EMPH=orR=SO)-kqQr2OsaPBS)<@^T&6#hj;zz!@R2DO5r3{vt?2POU8 zVngJ1H6td1c{@3i_k0rRPp^m9_nREfd5#EsDAH$6gWRKL1bP1mVSFN;ir}*zhikse zZFND;ru+0S7ed{GO5Lfy5gAzxlL5Jn&9JKkQhZh9f-!tg;uR#3JK6{fO9D!<6Dwrj zS0MJ9m?(3fO<(J;@f+!f9!kUJVQ4A}ba>wA`7|v`%|hX(*&|72gLycp8>Rv%@skjC|V0aX9_k?!c_>Twhv$$7DT-DF>1vacW5*B^1+B8vx%7rBMX zR*@AEJkA0ne+3~5X`Jn&vKP`g$48|tq;Y*8m9LP-4SZChLK-*pb+}6YHS~Ft)Rl@< zNaMynDlQ?7^L$h^LK-*sQCSFSobRK2AJVvmZx>%%`Y7XuG%oZ}1`KK3+E<>hMLx=J zA&uMk+Vi!ok1|q7<90sEFd>aQ_$Xh5H16m-itGDw>g)J(QxjpNNHJT^#AH?z!FhGI zTsjo}34UkxG8^M= zQfqX9nwIqwWm3!gg=p&c)`Ag)ztvVlG>!1E>HPFrb<=2fc}TcK*d(ZF8e@jzDQpVv zo0W+nt*$}jFzHkLqQxCQ7x&4BdSQF!{46UZ4ej5JWcmk$t?&V?Ipo(1p}cPSuXn{m zHa|rA=Rsk94nM^C2lvH8eSWCu@7e%WMFW1w@UKLG^K<#3mVW^J%x}mKIsRhg&HP6E zkmqlU{FI-^4~71to$%0%OU+$io_|nh6c@%a`$IMo^}zj$~0~Bi$8m;M07Aotu+0oly5o1T9@80K9BOQRO|1K(58P)nHnBlLAa4 zf1#uo5`pR^r6T>^+VJq2Y85vT##Nh=JBHzS0lqvYRWB39UUQa9FTiqXLB7IHYm9_% z$IF#10M0gi^>HQo^_vLkZi>$-6(WBnCon7I0?bPne4^ab8?FVZj^x&<8Ig3uB61NZrR?E z|LJ*T%r8|C-y?1bW3F!t>^p^h>tG^1t|`>FQ?~Nad=iI{HQNR&ZihH5GJM@}C4+Fq{nWC3d7_Kz*AC`LF^=KK}pe7sUJpyoJ=fDkBH=c)Uwg_(CaRE-tg7HmHfE- zZ>Z_96x4xA*Ipu&4yt5@(T}bN>m|eY0IsC!95Hop6)FAYPe8&icsT=Tf>Ln$b_98k z;X8pV;fa+U1&pW1xnYkQDnS|%#;q<}n$sfdz7`-9bC&N;I0utLAhI@Ls9!LQy&bRB zD(Dyd`=wwWLo05A-p49zK{r;o?Iwl&1_9d3`Rh<=sr1Z?h+{L=JNQ6De^2Kz6s zBE?BLVI*F*^zeiK@uv;ZGQ_TJ2V!2mrI#OE{$J6>YZ=N9mVezGDO&pY!RLS5jfXIP zi1c5?u(@S8KScYfXVFqM266u8=b#{xkwpJn7^=67;)ja-Bem<5`oj2?@AUvO2Mq{FM#_Bhp;_Sb)FOH*SZ0kBDse+ zTw`>H1fVddANd}PnUcFj%S$t|j?6|NKjJ_>MNlx3tRej!!k?7fy*yS*)~=zqVjxrS zjO7014}U|*`d|zQi#X^JRZIE6W=gMq0X|ez6;x#+Pze|5srUrFz);RD$yrC)?!#Zl zun}*=aL|YRo#J>G2%(CwE0G#U~^M8!OO-Lj0!#adjya{BSJ6Wa`9fjz!2@k+ui}lY-YO(1oOP3Dyy} z;e)XRlXOolO&pQ-JH87oc%lMb$YF|>R>~RP7E2eBzE4Xl`0Yc8?YkA|Lejgnv{KIS zu~@p0^aom6!NV{ySa7uhUC7~@mJZr8jXA%^(uGveXBjHP1v%*p5)q2ok~``Rh(Ow; z%8Z$mmG(#;AJ7*ZLCnsKU6&$Z_DdchO#d6g2Xb#$8Z=LK(7_TNP zq6?)cOi&XPoBQFuyqc7_2a_JHZi(xKzE@aJOmwuW9zUM$&tY<-RgL&%bboLTKF-RF z-%R&^VPd3JR{ZUBzvc)ywG(F1eN{|=w5pSEFWomr`!>EK^Z4{i9Nqd$riwBv_P{xkVNI`Bhh|3}C@ ztvm5Uz(2YhXaRoc;y?8yRQKYCuKqR#9(wabH-8vu>&Fk>{U4IHVt(l1KS|mK@lXOw#y?mjE8 z1}YkAnhxQS=b$hJQ}z^24~IVor=qWV;h)?axE(Aykz;#?rk(~9#x zakew(lw5YsMjKLhSk4Hel-@t2#HenGo5VS6m6HXOVPLJw6$HP?gwmx>I61L&$o~qSy-6)2pXQwn#7A9)h>3X}rWN zgp|8Hob^e@`F&R@OqF-;=4_Q)(YtK>6dNro`xD&n z<$B>clAsh4>F=W%Y&%O?g+|UwoINiRx8kMT8ft2`95l7h|Rpc<9WmVBm9+dNhR z&OWOn+CZ1Ua!nO3yj+B6ZHJ3n1PG|y@a6+teAb`kNiG&)@K`>R&hdOE_bN>E@Y!ei z@k+7JDuZcDkClRR*rM@5bf~P_l6i~qX=<&6*{riRqLj6_k|8=g%m&^FSMGJnA-EG+ zqvzoT+-x3lzNDcE42>n|*0S_)f*{VCS^G%W`Y4jVpk3$7Stx*=ibH$$$AZ>T)KW%g ze`H@6>tk6wVua{i-XGDz5WkYZY3W*Nh|X#LJ=5_1FuBB&K<6svUC1yp7eY;O7^F%R z-#Z@MY8G`(@Ymb3pM#jmPZD(wNe}8$fGU*VZ3^@%vjvi=aaji5Z8~Q`Tk2Vyjnros zVT;Vv(6Nw7ZQBovys5vSfi9E!MlEd8AqF)W1VbtngUcKz6~CpB3eOmLn))C{I7VtV zIHt&)4SQOFIgzdF;(ZHx2+Z@nkB*4E46z#&?vD{}WvisaXm0}x%&90XT)1N)Q~`%^ zj^dV-^$6fa5r6JC6kHEbLk;^kt;gOkOL_2yEJDG`oZA$?&pR) zSvG!NC11zb;m;94Y2 zJi3e|I7EC5FaJ;uNywO(qzwEO`X$H%K7R|4kY!iFw*j{uN5rL!A#X%H1tjo|yY82; z)-|}e>miC?kr{|=h61OWqAvFilO}<|l#gCe9U- zV1JV68~VTx-VdkSoOgkrzKQeFw=mw1kq0kgmpMdJ{sR1(!x2f9HbKSDQQb3zN?boU z@i^EUERK%?d^vnmp}|wgvNoWcAUui|F8ql5l}Y`r_f#?f#1Dzci`_3aGgj9 z8=PV-{I@lL^o=Mkuy;#JYfHE&_Ax&!K;-u&UPS(p84u=BUT$J|6LOF*=_!zBxX)qQ zZa)+rCZ#t>Uxfz+R#hxNmM=mQ;%kjY>V=!91Z0-cOVe&|RKosFoagp7y6K)~?P%G`h`%rgYK z7+y-b0Wb9et*g>FARS9mfo_K1Rg4hFOvCp9fxU@WDV{FU8FK*hoPn1rM71OrQXD(H z0344@ua||~)HQJ_@K<87=OZ3kVy7Mdae8d$jGjr?grOLjm75;&$FVgj$>;rVj)m>X9g+%9OW1MkM9 z<6g$JN9GLdiFGraO>j4oe!pBk!Cjy41HB)phnRN6eIc#_a|aT4JF42ihp}UbTZXEP zKm}>GeG1jUeQ?^0!=R4<^31)npcRB2(XGKP=IYhC21BBp%K7BP2g`9RUp%)`8*ms*%#nY zP2gOv2$iLo*B{ZG1#o34f~t@etDZEUrmE;sFm`BGd04~_NVYVuV=N~R13az?1L|l( zt~7h2c9dTO{8s7NapU347E7?ig}nH`IeUX7($`*nn&D!^MEf+|hC zKSH3H^!7u=okHo<4ul>KNh&Q|1K<^e-`)XXG{C8vKr*7tc~tm;0%=9L5YSZs*Ow-k z^fTc=p$zk4b%k<*d>(|oM5;mxOs*%3r1d3+d0bJR1a{8BRWQs7g~(lPq*d%uFLudm zAh;XaN^H_!ZurzzTFXCBFPg|?5USlovQVc7+DR+_Ih&LZLi?LYTranm*4%hIOhZAK za1&|ZPtepsS{sV&Fs%S#-A$y9FC*aC+h_BqYFbM^3&P7ck-Fe(_dsVE5u0aM;va(W zsY4RxHT1dy0U6QuB~&?-Gp_)<5yZ#U0p49&A7a{)O&He*zTsdKOI~}RlQ8LTje$PW z^V}_XZHTIiW?&UMOksAS`l2sV^E&p8L6MOIfDH-awK4Jw^p_!z&BBip2%igVaS(4q zl|-@h=5&&Rik#d8?6DwTuMy-2%JAROfu-tF9sqVEi0`M`^EMgrZFecC@|5R+T?pc* z(9H@Ak|FI^;?2l-;6`J#EjaAVbg>%r50>7?FnL5JTBZWa2;xuo0Dil))^)bitQoMv zAinKQ_&-!y&%R+>asaR)L3}IOZjs=Y@^>vE_aexnKEkHe1txRua9T3SEX zwDDA68A1FZ7v#rCD;gau&MD1+6$bH+PeXpJv}O-+;ty;{5dV2N@Nv?59(H8;xxf|& z@!0Ob$4e^|jXUF;fISw(J5&HZL0VruVCz2s>_`w_{Wk13QCfZ5+w$juU375CEeY=o z9GD`*>-4a@L>}}T!f@C|sCgTd%#hZciMEm|z-k2X6AciE+0t@lt`PdQU!JHyn#V zSWP5u?v*CC!!GIFixRb9{4 zfpCY`L}60xjbfgbA#EJ9t_16m(#)IbXORk+{Nq%38PsE%PC>LAvPWJ-Cc7XbPY=U@ zoXm0otSg$yI+blqj6ee4%gAwK(b*wpSyU{kI8;)UU>-y(ANWOv>{x)=1j+*q!D?BG zDNH8eNA_>lw@JkyjL;-yMJD|rt)zW+9$5&&J(|RRa$!;G48!_knO)jpbA(ag)u4uE8f;cI!|J#dtlz*0#Q>!Q zizc0932Jr2IynnYDWGL(DjS?xrqu*xxQ1bkM0cI-QUq34VzONnX}}{0drc!Ea=P8` z7z4tzn@HPQfs|!LEJKsSos+vkSnrV3p3s5klA6)D!90p~J5a|cd(bkNBM*RhM3ZaL z*3N-jjk42Hln!|w*aeOA#?^smB<3+m=TNuayorh%~7CQs4uuZIyv-npzeYnwb?1eczMni-L?R$Y+R-PU9kJv=&Aqw@#xg(i?tf zdGy$6Ko~U)VKh4IG>{b)K8WE0W_gUr$6?z>12HjyK^-{;E*j>bcVX|5&@~>1v3>x+ z{*3)>_*%EXkC5QJ#)0JBgvb7l`YiCBVJAG#nEYadc^3+?5xCq7`e7}yl|=YQL4n^4 zU&1-T>f|{PzSAVtEYg3b0@n>+6(kS&DcuNgBn}RjTD0V!O$7`ytP&Op*}G~W)N)9+ zPna_eyw;T0nEXASA5FZ2)m+6-7Tjh9HSL{k+l7olo^ zSj7x$d=sv+P0c~L9=l2I`xD3sj~WqVJZaJ|qXJJF z{sE|6h$(-gQ&B0eY7HMW1#ONIa%sBVxhM}pibE16&mul=SX=V&_a`bfxxktRaX+e{ zz>7x2g@JZ0-V0c95Wk#^dT759adEFb$2<+#oSX1NMnsg`#@7Se;@~_46=r|xt-Nk{ z4^6;_Cure}{U986NTN(Hyvi7O!>}%*1Q=)Fex9(EWXm#Ts~~`H8P>6_0&|;izo9WR zJsNUH4L@yd#I}q>5~blNkr?K2)S7{J4C@mtl~RfsjX)?YO)7IV1*GGKRpC`kWA_C( zln4|8m85n3=wAljH&Xgw$SvyTqWTDY0INcuRfcj%;Iv^T{S5kg2yS$Q#W{Ed@QmSG zfpuW{oCB!3Qn)CGd?wQ`Ad5+NO5{hKvEWd)*qLc}kGFE$qDZ@tFGT9$vnb-JhkGDk zsjD%sYowrNHS4$pMOVnyn_IYL;e)lnUVq_z&jM?$HmUqja+b!8vC zQ<2&Oh6odx$6DjfWB2@!@$jLTS|s|{f7D7827S|dCMax4e5>Q*?ZID+)QD-4e z7O(FKY$dDBkv&Lk%nLBlX>h;7VbJI0lK+d)<6VHO&_k400GLqBpqkEFDM>VkIz43_ z1j`xp8-;kXtGlYXkSfnQ0P7Rs>p=*Nf-=p0$T_kdoO?Ks{F!ikwgu59<|It_aWNkU ze39mGhl=YP0&R9@OMGH?5jTMOqGszZqP$t8r&X9^i@XQ=1ub#~fhfry_6&?QIAS#{ z#CFgJo3rn26C>RbsdzpvoFfd=p9SUTZxoRAd?hX+w;^_gND*C@rr7c|C|eFblHltRYzFBH6P*z6_$BNb~*H514}@^iLpW2PY*{&SgXM zdTaiARPJ!CppnE$SS@isV9i6Pi{$D8$qk};M}R(PwXUeNb_UYdL6uPwudRUUhpeyD z6lEgdIX6+T^D91lv&QaHv0exGk-wvCuzp&gg7FgIw@Xntp+#aP*xtR-+Pzcpz5wTk zQaqco$x3OeD4vd3X220lNEtz?nOOW8LbcgKt-&#`2~LAjJe%@}^(v|aGEOJJ14>cs zP~|@hRgYR*|5U1`g0r?XF9u$!j8L9EzikHMvCaB%lahE6?8E;q(X>4Lc*?psMMdjV zurF%~E^CxY*$hn1ZAGFzpn!*B#<3g@Wdp9j632Hzx^1^c+tJSi++0(F`k0(@ zb_U2htu|A!0tQkahbR&^U58K4dMCZ1diQq#nHEIfpsMdV>zrE%s`%CbS*OvIX&Vrw zUFOLoYzhX~1B6gnRfbBT=+H?dGI4iAdCpSJ)&2Y;`3@$hm4)hQeNcRq}VSA68(em^$~`}yIBpBhK^tNie;KNAZR?gRYr zA^z14nS);HY@PGR-v-(t)^_0u`5lHl?$>;@#%{?cgKFIu(N&=QSR>&<1d z%3MZhQrmrlDqR%5iN$=Mm1=rk2%w|D%l}p-v)tLok!e7aWr$#gutK%v*~rXw^`U9+@}tIAWP;@;lTPqDLY9T)ux&ii*-|ZhGQ-qsuGH z7CSA!)!noTyZnDP{cF*I^rqf*m74yMX?O#KI|E_d83^ajKm>ONB1Iv02CNZg$b5L3 zN4)`Slo@dph7&T6x&zi|Gn_C>=26mHW7K0LDj@0*SOsQmJ}fL_sYhV7FzqhEYKRna zm%tithS0{vdDJJc?l40sdQeWC0&Aja_X_f;S71$2%I$7}`w)0PgZ(ECBlwFF)h+O$ zZI6K71RM;O>=sP)BS=*p1lM4b{qT%_>Ys!+oZDsd)mb`fA1{BD{y{Ot2@Ow4V0~} zrj_xK5NCmXTN+QGHr$$STJtxkFqz#@6W~zc{)BZpoTY(0Cdx^*X^bx7l*FgF{0#Qhu zr5-!6nZz+sk0Jc)>X$=*g(0V)+5H~-^Sx60n}F0L0#Qhu2RwGyiV~*>@&`xYD9vc_ zx0iYBKU&Ko%mC8zNW?Q}d9wZR=wE?Ge|x#dZd_F=`aID0{m&#c{M#!%_Gmb6GUnGn zzv7bccunn_rHBeN{@aguY!j}Wu>JkvgYYjc!7i%;O#tjw9=peKiBli>9b6pEk+Cb$ z48UIPu?sO5>JO}J2UAp_DS%z*DY*xpfF|!Vk(H;jX%1jN?y>Xnl^MCZRmgh6&8|da zyZxlcGZ^oAw*h>BvdA4sgXvj71;$+CDb?(poCcf%=7k7sQHiDj_F9kq*=e|~J230P zzbrI&Uru-)P>JRN_ER4F@$2}l24FRDG1*VV(L}&r@8Ow1W10!rPkTxbl8B?JfIZ7o z_3V>a=F(iie#TR>C$h2{(`3MY)+1*FjcGPuZ}9j@?C!=qCOjvf4)9{x-YB1rG^PoG z{k(koqA|?~>`fjyC1^}j0(-OMc|PB`6@$3_f-_9!^Blq6;wei*z2C^^NrL^79983u z2aS*6$;(ZGJ!3F_vMr?d7v48OvB{`<9{i#X1}h_b%0SGlj2ei6*imOn81(@fSQ%!}Bpr+cgjk-W2`>Tqk%-`KXa!A0H|hg1-9dH~;wA1k!RuFLuOo#Rxu1h5 zUqtX|$I&u6&KOD((k7$+LCjsEt_Mlwb%PMiq#I%MBly!;#~SOw=0#$)31r5rMBAnT z>MN?MQHsLZw&5dOd#BGh`7JO$0q&O$zBp&pqs%vb#?bO$I};hkZa+4H%C1@fLuv^o;RM_SA4#!7$gk|6kby1d*d`(X???f+GmmZ zo)`>+(Ty-(;;hM7EE%7H)hQBofGqYgsV#F;5!*4YBIjQ>_Za0irb)B?j4wdHbe$MB40!s#?0R(2?U$Q2*DW^JH44&(}=nFPcBN;V=4G?1t2YRkc zqUSuiDg0oZf{fq312R)Acd(sKNYGe{*V)yqQkBl)T_#pQdx2%R@eL8Xrw6o-wS4Qb z*^m_biSnuUNhB>U<|vwp-5~Yf<3jvsB=5q*VP8y4HZa?bgEcM~3swNu+lZxlN+Gzr zKoUP0r6xd5rx+5^F*5IG<1E~}FO6f+r_O3dF zu^Xv(4gkq~YjNtg`(R6^W&g^lydPPgHdx1Dy6NZC`x3L2fP0ZS-`I-OZ-2q}HL+pP zZ_|ccd?$sT;40-T-&^Yb5FnOKso$nU!7Y1uM@r@WdcJ=Nso$nUtSy_43isP|kT}k-z`dpJ z{{h6ZDfQdK`2H%Vbnmw(ccOF#Qj6~`JGL`fhai4C8TXbQpGgq9Pqr)J-s046m*?CR zKyX$I-pN>YTPz|i`#@Jpv$|6%;d7aT#HZA6(=JTQ-pJ{CyrE525Q5{|PCzXC?#7h9 zi!|BZ$@lr3j>9&EWP1=&zdaCg{r2|0gc*$#&7doleLW(%C@)gW9*ZEc-=;S{mQAm! z&@zC7gHSqAN^cdQ38(ZP2&L#uX%bAFe0R%a6m0c1H3~xPYS-uGAZ@jr?6V{=5prhJ4g-zEW7joDt{%U-qoDha4>-h;J4}CyOqJ4 z1`=Qx0roQB!E7=#0g~ijPkK@iqlwvh87%1LH{*3XOQX1MIiYPQqpKf$#w!#G;3g> z46u@yPVcpBI!4)VQ@Ghn5o`2e0K9Yw2kWz#vfew##i>8x3NT?K%bPGhwgiZ;Xdl)@00)OpLn+ahx+7aIV} z{u}rBaB3Pd8*ygROac?YZ_~ZE3xiipC&2PK01RNjn|Mc=%z$Kj3+_=iWcuyj=K&=T zD1Li9VJ~6qj~JT(7GuMA65g|%`QCg2w^=~xwFihTWm=s28R9(x#AG{-QGUOV8>=;P&nuOBXscsmn-= z4SaeMziHzycO=d&0m7lLp(YXze-@>28hrK&_~i44E=wri9Ti25wg(YMc)*Y!0a6~3 zi5hoet=cTj(<{*hR^5W!!rL}o3s4+SWj zm?n&JxN~;wGWdYrl?=WTc{=55g=Kz%5g+204~ zLe!7C)KdD(6=11mMl4;4{56-Hxih?X6C*(RM1Rbs=luD`OK9GiU+uw|eN(7D7?i-8 z-Y4iUvpQlAc4~+OmGHdN!D1-|V)NfNH%i5x({9g1q%bRMkVCK2AfNc;@&()p|wL;dy;zNZwU!9$SqBLi|)kOTr) z_Bq`9ZTbyRuRVq+V^$HE0DivrR$=h`l?0f*8hG^?@N6MDSum>^rPR1sH#n|wWgg2Wrx2_>@?X{Gi+C&T~)8Z7P1R&n^K!g)zl#?4s6`H1c zDe7j~yuPz32(_5Fpo)<_#0$6rCzR%*6P6Nefa7dvcQZF41iMdxi0qCSh?*sra z0RzBGXJ%Rq_1hJ*kXN+}bjW?n>T zF}>fm-T@KKpwR$ui*foO2_mq?DTZ=DydxQ9;QI#vht8i8E4uf-&vNM2Z@&Vt_c(LO=k(>zhzo%&n*>?v{x!hS`@W#m`kc}- zNc}d!y%p~y%_T~=W5gg6h*(%4^)^Q)777gLN=36MvlO;<%*Dg z#?P{^VkGn1^c#?v)Mzsy245wl<1VkjcpYC!Ps8oJdAZAts%LOI8Xo>d zM)e9pyuleH4S#u;jUT6(;yucje|ZBb-as*uQz(de6-lW{Q?RuMUp#=k`}c^-AF_9GOJ1*lp%VV_2jcM zL@(1dL~tJrhm%n$Qe_rQL^B-#eyN`GLQGfE<6P-~LpuN1A#qC~U7%|8Ay}<^vQbxx z$QJRbAZ}Ys^{I$SY1Qq)ojbGY_TV1!Myh_FQ7%ID`;4Rr)$cRv%jZr3R(+Y_s-Ai$ zcnW#2w5E5EBtSaLE|{_Q#ZgP{Dg41^~S zrsldD#&y-V=HS6OIMKQ^eavqbWKD_9uarWkRim9@SLs^Rd2MidLh(nShX0JhZh(gI z84W%Y@N>l#-Uo$QkexycA+%)?KMYNwmLk_3U@OSE1JFFx?Ev&E0pT4$KI;xZ^Vu7A zfX(Ot`&Ja~0Oh6>6M_y9Ap{*DLI^rQgpjZf5MO|j^iV={N#;00Xcg_2gnoM^yd?5j zmxNZ^H!R6iLI_F{Ap|9f5E4-mw6$C%WP)3zou`Jk@&D?cBg|?M zZG42O+O#U%2=ivu#zp*5$O#sc^HPMI|LRNIjra&T+l?CXS;^UMG;rjkmibArIgaw7XqrA@l;q|>j!MNPxLKt-tiSqM;W+yBBllRrzRU&v|z=%He`tsLA@?3_o7 z)R~_N@p>_3#sCj}WT=Q=SM>s>S;RKA4W?upi=nP?QSVCFp-{IPbYwe44t5}SRWX`< zjv8$-tg#C&frivy;oa=kaq{${Zs8gzrCTUHc<>NW`m|ATjpTvn9D1%PeM9yz+@~q$ z&=pZ=fl9K3>R*9)axv8_V@6YCpdtz$sOZKWs3aeyItD8FtW?K9 zC7*9FP*wT?C!8p`y0i6yTvus#ppr~5L&*S9TSZjGt-gCf#G?RJU!CtSVI%O6GE{NY zg45||Tb=<%ilWmUbQ_@DJU&slsoCJ~Rd~92l$@pbQzVs}2mKBlHxKgGZu4l(-dZ;g z`3xJc2HV5=veoJ4u>fqfjoDF>tL5fFH*WKg4p=u2`K+6Ve7;fh_!VqYzk>AFlyu!Z z_CY#Zny6Dqm+*hpW!MmngV-(2d(XBp=;8?fE zMW=hx-+;1th3o<%xUnP-y_^gDWzv?qD%t?bxLu?!PF3&^PKH&*@ZX_g4v?d=(Ss=t z+mlu}2}5i0J*{pMhIXKPBc}#RJ3Q%v5Q_=F=^lx1(9hh9_@6M6ex%gUX4wWzh@K+i z_g5>41v`~6{wa*4+lrxn15{WLsNIcvF}alv{D#0Sz%3R11Dy4j(-OGFIUwyLbhFvO(osoaWG& zi%+jWKSx7zXgQbeD}wYZGp_-;qhdh|ZTd3`KLymC<`?JnNGUaTiy-}C%T-|4QarRl zjXb4>Gj|Anh)_p8KzBYM+kl=U_6L+#6OCr5umKU<$hUI-5`?YF}0jqfN+us){CR*1$U|D zE3y6u#@C9jtSdDOP%cRgIq49=2Y@>f&>0GMq>DSp!3`+f_+`+gtHMil@jeEgJ5c`D zJm;n&^PJSMdCq%a`}NYIwV6IYd^BJ`Nh5ZVc@Ad$avWEl3^RWDtVRRO_~mma5nu8r zbp2v-){EnQ|E|4=w${6dLTJV>i7=s{pF8{= zC><4{c7tB@Wv;XFs(#}qoe`ph!fWZ)!!5vznqE)NF6)q2D?27hHKsb`*vgJ+B_Fdz z!nP2803HP9U?l83c7VG`BPPEkB8Y|SA4_DNXy>sM&=8Z6^H>58x)G3<6`uCShX7@j zi7A>SS|~5T`RDP%ym9S(GTGKLjao4b}LUoVP4>mdw{Xl zQ|@D6m<4SDM=(%^);Z6e0{ilj|FkD|Tn=&Ak=LTby;AH^rFP)hW>9SR1V{!3tU&jN z@x0ShnkXoKCE}kPk2SzOl5C7y+Wyd%OY0qN)$YWW=@cmJNk8Ugl^U4D#DM`QtaqIA zj7j+;sG44i*BqDEOW?&VnD*STclW}4yiB3^FvMULJIQGJjB8Y^VkaB*gtIEA z*lK5W6>QmAQIB?=WW*uD7oBVlLtEvQ5qF?qBy27Q2SB|IrT8*~=4KW$1am2!~49F6Nrzc$IVx@*&Oz?!OGAKw5xu`(Ua^guL?oi~qg|`B^ z+rn>^kqNhjuLTLU@PxfS9BvFuvo{hh0!b5TL|r}u^B-Kh7AwL6KtoK1BBUNgJ4sVG zc*VhgM&XCR;W;(!X5b3NoSN=oQLa!-tL0;M3eBv|0t9IO1*;^*D&VsEgILjYoA6UM zscH1^Y8SD)d+=sbAv7(qXFC8BQ5mfLIV9jt+mAdy#_-eZ!DF=ek7mF`aO?*+H>cgt3#xqTMS z&0uasKc2Wr9+jdRJJbI7k1_3kzZef=iL;v6ThXh`kg(@dAxa^`ERTe%@Dxw`33(bu z?v}W2QLJ?JbO1EOWT?V~FR&u%1&BEi3G+BYJQ4|O;VQfy!!=*=(CfJS01Yu2c*O5S zv2%*yya60`7wusyXRRma`Di-FKr=|uXzzbHoW>cjvl?>K5%F6QmP=JMX>J?2d8yOf zKQ*f9NFHK>pBnWVfdtK6HvdnJRx+}OuG97$G88ZPZ~ik17l4<$P65#nQTn1$A%f{e zBgtK?eD)%iXdpScK-M|EZKOY=@C88GlS~;al}{hL6~Ffi=plux3;m^o>#ixx-Po^v zKTW+P->%G+_%;KS7dDh#n=C8EsD;fhhGzj!H6w_$1o|sA8c|I zbM39SI7(!V=EA~i?5+8C*x{||SI%jO4z9z^VIZd{7JA&dQk(@(k|k-_TdKA&{jqtn zcv)`odM-opD0)Ooh$5>ZM33acLe2aTJ(ACA=7;E!e8$XgCb-{MjQfk={$Fb$M2{l4 zBYG6U9nm9~JN-KPIK^E%$K&8GI~t-#YorB5{1#}Ep>TEYto)#=Mq0bbnL=Kbh-FP) zb7xr-+>Is4%^;|t*ysuy0w}i{y(HlZ<6jg9 z$&(eW!ziTzbxA|atzdNM5OGCEiJx#fB04M=!8@Ifi8 z7J+GwK*Cy4a~5etT@IgcEyi_&;;oBV0BDHGXdK8z=PR#pbm#j4INbSYr>)!hcpq*= z=aZ1|&PNdLeBJ!m?O1^GU~{EKbY0c~lI3I^QQ~ly@j{-T4lI{J&!B=zI~&A#}coSKvk(00Rb({PUP_DM$C!fKXm56OngQI~0R3W)G(#O1 zcSup(Wd7tJ7;9r=0rFNTiuNwWyMXd+ffhtODidC9dXlA+^LKai0P&jElvgEUv6R=`Su6z`p-;B~L0!d0cbnmWvisf0N{;pqF98~2dUAn7rV4QY z5c6{+?8hh;!dxqjfD7CS)*_K;9!KSPu*Cg?zQo3#c7d^gx}+iI1{e4daU~Zx;1uQ= zibyxNED*Uaa8MB!xC|uh0^7i63<9P(8VPGfPDP{<^@I4OtfjcVu6XMrt^hQ|WGG_r zWJyD817wB5(K*vCT0qQ9By2Zooy>J1xEfWFh(w|}`-l+JaLra6waM=dCk-(-n7lop zWVZAq^zvu$&|MLR+%~)oP%iQX)yw1mM0};9!b@}U{so?_9?al%NJh@!=gN=_@-bpz z1}{T2m`>G!i>Ukvyvr=vM(%g{4FELEyL5_v_XIWwo-wP9$mRhh`pJC=fSfU#(=)|e zc)I63YsN|hFn=3`nhiGBW=iH*3Gts%xS3f zAA=4TbGRYh8=VjuxMF<%1P<)_++Pj`!}?E|g()1guBtSzab z8qHKVIu<<}I8m7iLeSY|QNPc?DXlPe)L%2OF}4<_Ass^4-Fj<$OSuFa9X;U`w($0f zZ|p9~>Xb!u1Cv`7YwhOV1eE(;rLk;eXEiiCmL9WH5MNF(=JlfA(wg^sCfZR!Cz+qO)O=D>yA>Vo&@ET zVw68Ql(cQzp(J)hiO&G>veQdA!N+lzScp@tiWeKus4NU)?V%5s{|eLhjrJ!a2vE(8 zlY1t!u(rYc?>3;DGmu~s(?HOQpIh0h*_bL*Ft!Fq0nYOv8gnycraCTln=x zT>qFRP2a{fz#HNGLM#HK#Xvw&{h_gZg@b))FQ%e+IHVZp#`!&!j(`M2{kth5j}pG}tK(38BzPddD?&ego+I#<%7-|vGRZUg4lyCl7S zvGX0EVRi_6u_Nv9KfTzIhS4u}LF><|St36b9N z352NE;Fr>s#vw&&6qW&$HSUL+BQFvE>IS?9Re1U(&|u)PmFXqWD~$VpcnMSsZLx&n zrLDXTyx2igpoJYBZ;Io0%m*WbF$bMsOv(zb*}h`*ZEJ-1HAk8tY_0RnX(9G1aGG1Z zxV27&qH*ZJg`5@+0ZDk{kbw+LpHo)gMFJ?zrbyVIQFuj9pA(7g>zE_;$926Ds;5lD z01Yuc>=_&j+b;lQyuxedD)%6uVYWxh>hPoxF93RSqAcJ2F75>fceu2@J0G1}NQG$Q z&PVAvVm>Mn;BbyXk?5xoKUK_Exy+jZ%8DrF++A)o9~}S|JRh}!*joT9vmX++5QTcQ zh0=)Sr2Rt7!L^wZs24o<02*R?SSaDqhjDB*Am-ypm>KO65ov@q{avj8as6Y0v`8yg z>GuE)F&Xjrt^iXnW)G`;8XWbSqkkrzXOy_zZt972+w(Sei6@UF5vF$dQL(h z&uJ7fjq5oj0(nmV6e0c^FJbG|xG ziY?|jm8D$INfgp^_R7PtJJ4;F(pY=WZjQ$Hpyt?f9=Z>E$rPUUoR0#}^_-^|_kZ`C z!5KM1ybH?gF;eBjZo5AXC}S{4#B4*oL=cLK`IftIhKf<FI7NWy#IGJeMJlra@U9VpGu zkg%_#(3f_;iNtn?*A&-rja5Rm(=#`~=`lUk!F)9Es(^eoO4flMp6UY1=93K^-FLt| z{2nWySqfJVPfH!#d}sov25u^Zy*4 zCW8eHPpO}vV((LYut?!Qqp-qrsy=m)`s>Ib_1A8YI$<`JK(#<%rXyh^QzTCtIgPkA zZHU*HxXx0t^awW!&=Awp=(GiIA*KRi<{@Ebw9`wZ5mw4r>|w&SrQ)GSxaR>4F&Xjr zXA-u^17hw)!aQDqLL!l{nx~oK9Ih1=4_(<80Sz%3c*LJPDa7|9q&01&Nk4RAjOw7F>xfUeb>0Sz%dDeWJI^*puA7jFT4ScvtQa0=eqG~4~01{T3xh_2NI z_=_R3Ann|O+yyAd+b9&rC8Bs6I(Quwa+4vtHg#0gjUK6cr%>b#n{qP4VsGTOA2NP| zti|B^B5|IUEKe`t;<%AK{}s7?o_PANH0Ma(G?+;Qe?E%22MD(-MXS2yJPs)9H$<)Y zgE1c?+zIF^g(F?^N_ zBy&EJkrWxB5F&2U1O@82xUKJml@p13zqb+G#kIeZtvktEHzW@+Yt&~#6evFgj`=MT z=KAb76?pOVGiujBwn!r;3r69~_7~t}iWM&&&=B)Lkm57qg?&QSKCX64vBE+R^*|KycdTM(rKfjGy3q@1A zAf}Vr_$u}Do^+#ue1_&PBCK*5nX?o<=0N;s6#fG!YpyoB zh~T%c;$YzyG5;7WwR^+G9RO$;ZYQbfJ(k+---b)+xyPzY$AnOW2Vk7=EV4pWYzlaY z^k-j2{2zRtQQUQ~dvPRpIOY{E;0rf}rycVrzysqU9NOsM+FLs2IFN)p=G*xh_P!m~ z>#TU`w|?ces98-_H!7M}h3;WR85PZIE+1jUZYWg~5cm}vJ#p*>XqaJSq{Xw?`3xc( zUwWdte;p(Zs*9WlI%&kRp7LZgs_xVo!2PBe?(;5gB~JwhH{ty_d>Miqb1xEZ>+~&& zNF(eu{W1RGdPMQk9{VDoAtvMI6*!6JH4_GUQ(=bODzE*LnjMVD)>Bm?mksm#Z$McH z%1y;6hdGqq37V4F5oN+_dxW@)9u^~Ey(uWk!BJ0Xqxvyqi!@@<1#+Lqb(s>N`^xKp zhL{KX=qx<&Sho6Wgg@y4-mBXJcvZ%Toymm z+!!o6D!I3~Ch2}d#vv98P0mV9Lcj2}FM2N>91?7@TZnr=S$Cjp1pM9wJdMKN0d-@` zQNOGgf(YE^r1}x!nLewc>{wfi{8oU}^%Shi z3#?d!P8qN)GJ{!g3l_w)gePRh=;-@9RGV+1HY+M6bvtOVO|^se(AinCkmg*Q6QFQw zV3@s;u!$3-Ri_9~1vCC;xL=V*EbecG(~fcdXMnVVuFWNYhL{Iz*a;6*o9Tn0(Q|k> zukdx(*$*h&C}MZpL~l8{sS(|^?{*>10xRrstpQCv z1@rP?92mT|9U|k9IRSu6O|eTm1`kX*g`Asgzub%dBw>sdo-{jH4*rvU-RLTqtv6B9 zW2JD^cd*nW`1&3yB=whygj2f1$^(eWjYQE}!6zCoum7vo}>%Q#b1!M}&;cNry{w+9e?2vHBy}=nSw%E85## zTCrWJCylIE(LEj}+AM5)0h21gYN2TBy0obdt&%H(cf$-_0R60wR3Ecn{xb?kJGjye zdV7sD16t^o^+MbWtSyRGkLoKN+Kp^NOsgxEHpD?dTPWPAuAE;1<&{0fi#cjRc(vz_ zMzi8-klQDzF=1aserdUpuMMB{K}h6agcx`d)bw)-)~l$rI3(PU>5w>sStXL39^J95 zLf)6XWoffrEiwTOF)jLUka(c~TJ}$0!KIY_6=54ipV|QR*k3vQJCH83${@08-??U5&m`Htd85KSGb97U zqp%0-No)xQm)~xag~@bzzg2{{3=#ZlR#&`b1p7C$tbFd&BB0cB7VvO8=v>##@)7}? zu!2dD_BHrc?j@yt;hL__Yhfk%|6746`R)o#=_e9yS&mmJ;A?hA!fl3P%zE*dNJ7uy zcgpU<^`Bd%N>y9~%mOsT^fWCvuo~+iK+NSxm{}8a0Fg*oZ#-&>S8&~+c=UF8ya{NC z$-rZDlbHydD;(`i(ubq&uL3bwWtDZwjh)IWJFs-*#&;dKiGao{+>tJB9S2v2;LuQO z&cORWKz%)B(X=;T<>1N>*j#Vk85CjO{C0lKYOz2uDC*5+eqVU=X6Q%DvZNU8&96X= z8;W-$bFMd+5%_R#E+OR2DLyB?c|%04Lc6g2sfT2*y?JXux%E>lKHQsMoiAIvxbM}&-%X>Yz3B<#)4!$vOwD^tj<}XmuAr3ya}LTX3*YTngQPY-FvXF z5Ln9glIGcetcC0XhnrP)h*9nK-rs9c$K|5;njYQqFO9p?#Fe#x!jW| zy*VLCZ{FuUP~-RVJ^`(H1_}2iI>lH1_+282`F*)tbd?$}aQW;5l+B|8{`jT^A^yn+hE9D%a)=uuI|uK#;fl<{bciVMJd5xC4zy!EK~X%XJ; zsHk|mqoRE7)MABVQEXI{2sA3DL)umFUEfKTM30K?b}Q3SN&f#vMJ3-I6_tJ>VbEkD zdV;Sx90}Jj#iheWMH1>Cf%zY<3zbS$+~%AQXo%@)RQzU+5KjPNZa~7!hEkwBk+3|d zk%PF_RXp^l_z9pPCZqY(xuMwf2guG_idJO(w^i|Fd{|fHh-~(ta{7LQ>5bfniHht6 zH`xPRaujb}kxvxi?N+4X?N+3G?$lzjVo|IjB?2lkp&RzCZUSHPEhKCW+OZjCS`wNG z1D(b-OYzgD{SnX*)01i6MH#OHVtV!{W@H7CNLY9GhARX3kB-u0deEr{Xo$(Mk!1LN ze+tn7kXy-}G#%2g6LsTYl>{N~1ay5d>NS9Jkhe(qxG#r~5$BcR<17vzBh)J&JEcrZ zqWZw(#^?#&uY${QhZ9AE*%TBm?m!!Hyfw8{mvR)(rJ*9(j{OEh#e49c?G>>e zD&~Nghl*>!mP5s`Alt6XVZ#AqUzQUMJy3k-@s603r25j>2@Y8T`z zQ208s+80ncBq69k@68j^-WFmcpypg8tOEt6d(f$lo&iR^O&lg6vfrwiVhyg@ifL6> ziI)HkF%Kv)5f7|Hi#M?26c0<Mt+~ss3!u!cqO2~sh8z)nhf(SCLp)JqSApl+awUW!-w}&QKB&y`NVv$f zeN}hXG-8=URaUd?`6dQ0sWz!G;^Gb+up%d+hRrVoma7K z2GDs5S8siIDiW9cEn-bmtnw-l*J8CI>8#kx*wZY_{m>MzILaYv06ykkBy3g+`-Yj7 zgsg|#6`0vcj6;!*!a zAu<3lyEr`75|2c}`VvvC3AnaVJhU&K4rqwUh{rD<;1g3o%w0%0bW5RQ4&74pnTvS@ z&6uOa6uPBsH*`xVB9S;ICE@fcTz_sWtLav^no1nF5#taGE$ACsL&6KPLYw)Do-lhi zeoz54r!yp{Xo#RcqwsD(-Joq)2V12gu>AAohZ3ijt%aKD7tc)K06lAPXk~0*pQTQUDu0VE~7aqg=KR`1Tt{$g;bZ~#= zFp^#zOId`M#BeEOveqkSUOhm4;h`pvpiN& zKI4tDAM5yjU}8>0!siT72$5@$RDs*Yi5BZ>&@qf6jijB&puQT{qiv+6d%C)80@URY zVy19?Ljh&i*A8*MgLvqx2xq#4*8pWh(K$?HR*W?WmHbwfqNy~^%cKvuz1M8|4FlAR z2yWkqV>I4JlWZ-O=;&5=H$a&e#qvA_=X2T9g$5c`PplzkCv#h6`-BK=!8Xy*5Fc1pOt zip*AZO04VUGu&QvsFVdJ=13&$v?$ib1tnD+w?`*Wi8PY-LrKJoaLrM==$5rEoI{A2 zqKWkbl-*wDSRwY{A*cwm-I_ZIC>Ne0AvELTb1J;wL`Cn$fWv;SKcZ>>0&Qh8X*umP zQx7X*I-e`tXHv{E+-K5nIWeyf5w7e4s;s7xm-dRrInXR2?CrO%WS$Y=h9 z`h5!2U6qu^t`*(_)U99iPT4B!`zp6(^=R?6?kg<5N}_K!SJc`8U1uFJveOAu&f<&i zc_xuE4gk<5C5JASX zNJKCM@fUHIrNrwIB;}|omJ}a0f=Kb|4EYu(EWS?pdn^~?wx@L9zhyH#kF|2pzw7Cz5pm!gd4N&vJl&y0Ntr@ z^$7B%gDaacMv%V|`@0V4;$pbIkHaiMIwXXkLoA>o83~t-M20zQBKi44{B#zs6%|80 zg7gA3MD#p@{5BVdM$^MMBrY?NNLc&gO|cBu{SBmXv?G56&=8Z+2r?TyXaso1vybK zCX;$*At4*kE~=s*(PjaW@bv%;1mIzgM8ay)`y!`ZP#hT3US#!Nh2zd}4Ji$DyLgPC z%!1rL9=Kh25yg8A4?^MVcCjB&)>!TG#0&aS82kY}R9~7^w~JpKTp27!yEueW;ma^l zSPZu^psppjU7Q&L?*gc3jfBfaBEzbHNY->S#ZX-9D~7sVi~}@8^wcf}cFmS`I+piRPH%}^e+*~=mZRNFcOx|0lDKF zOyS>c)S{S+$RZXO7r-OpIvf8PM3K=Gi3sK)vbPR*iD1j6Yf)C!{{+6 zFv5T8 zj*=@#M8Xf(@l6LZ%(f0gdVis7EQ_dqY;THQxc0+;24RbY7eO})cjjG4*gQlhvIu1r zLP!g6U5x(>LJ|p!q1j5@nLCg$y4L&2Fuk8lj%LFW=|o6<57%S(&miKACnjL!>Eya$j&lqzQ+P!T$ql4nV>h zQgG5W#8u;0gTC4?Rn4#|!ijcBJl-FV{ol9>B?0xoe@5YJfQFc1L8sr0Ogyc^|L;au z!oJ3U(u&9lG+yUS{w^nB?{UNdfoh&Z(yrSOEN?zi^H0(XwTx)z$7TD`_?yVG;J!o0 zuzRJh>=7xhCe;CTIfR%g9MLgij==#x4E#2_$YfY@iz2P*l8yi=&q_Q?j4H%O&Qh>{ zYKhT6KEvg_wjbxyBXhZ;*JdsNl+8ST9Mj?>z4sso&=iFW&&Gc^64Al!%($IcZpjLs zigWq7jY#j_2It=Z%cp43t`%*GFO{6us2Zu`1Q8wdR_vcnlUpq0Zf=e9Z-Di69ci9q zm$tD(J6h6;gqE;$J3!6eNVq9bkkoAoB9Tb`y^j5FxZbZAYJa}~&=Av;7dy8Z2UP)L zu0z7i8jX!$M(7jznPNY#;}tXQ&JF__VtQisVoNwOK+H=>m>Cr~Ofy2?gcnw2jw5)c zn00cCS`p9?(-X52JMlsg5c6gv%#1>wVay2KLPyHR^<1j7o1P<&0W`$)#4I0C!|8yS zOOP-#iW-J7BlL&UO|co*{fe0`=5|0sOi#>4z9hsufS8AnFtd|jCK3tjhtGt#jO!A` z0~O4FM&TcThL{XIg5wV0{r^`8K`6X?T)fVJa-*b%Mk^uN(tKvZbO!Ji!5mT2#^Kl} zXnBLp&cRh^x1&M$?M>1STJ@>n>}VuR@As$>D*!#DaLc-)*E+a_qs2w;^uP4opfa)(u?N zSp=o+e{$~{x_T^dCj$CKiZp}9ol^|=$a(|<0j;laH@JKcI=C_hhmRrYObc&~sQ43W z$l&;Vq;(Vk$x*zqkT*gE^TF;15Sofz9hcqj4m)>?-M7!++y1Yy)ws4)6Gh-Zqp%^M zTqGHaQERTMzUucQd_kTfI175-3am6mi}|0T%?_t!r4mlBML-N-b3PJosl+#|*%Qq~ z{IdLdT%V{VwL$z;aeM*L5YhA2orF>~sfe=CE^jHT`+7 z5Pbk`sc>}%n&RNfm8kAOJFt4A4iw)WHF7CQs@%nGfd@hNzqLUB_vM<((^sVBA}KNo zF`3q2lcUs}=c<_<&OF5O@H**7l8e_#*ZA5g6a_4bnI&xUq5spvawM)UkT_ZRW6Ww= ze2m#x&d5nXqG5=2xNgIL29ak>r(_`#oY^%A;a=P|Q@S;Cb^94mZh5kW(3yENM2Vlv zkL3n~-Ok-W8Uw?`D^l$vDgYWripJF!4Y4_(e^i$>r5j>L2Y0a35DV_ZH@|>Bp>VZJ zob2GrhKTLQ3D?o!<^yc5K*A=WyfBwYG`;Re{F`VMN9_{d1~f$U(k14iJs-xCc?^lm zO(YW9!QQ6$3)dg2$s*|DMtut=Oa_;j@csx)hyXEbB4Hl1kPOp^(3iYsiq5$9R?M_U zy#Ngnz0_zajGTifa~6_zqqiYsGfas4jn6A7=2SZfhah+CBFx5cZBk6ZSBleym?`P| zcoe>W27>t^61P!_EF#+52>t-qZ}Fc&NchQ6^tbP;N)vQ*8%z4x|3iN}QBHY$)!)7@ zS6}u&^tY(m_{<7S%mGMP3kua~t7Vad1G)G`99$>kKZCGE!qc@-|F|=kB5~i2 zY#g8=rl)~--C%4TNs!er2?FTPC_Dz7(v!zb5Oy`I*0mATh`z{;4t2rsRLyEsbqE2D z%Le8tzm zMGp1=vUMK6Q=$m;*j58j_Iz7WHd-2v8!=PZKl{?8ZSk%*m;&PVK>MqdlvcxZr2XL# z?`6Ym$c_FQZo)p{t0zUT$qgJQz&E~9JsMLfPv$0#nJ`V*r+h(Kw+C_qEheC7r+wwE zchu0_h5+CCLJzcOYv(1Qb)5B;e4{))9?5O7At?2rwLSeMjS==aUn!ZtJGaHVD*pwU zEt0rM-}&N)qV-by0=&;7nEXZ04McyBQddU8UF&+}0*{JUdJTF6@;4T1-kE@gn4X+c z-abr-h}k%Y87-f}`U;`n1kf^EmlR|62%sURCuVhEil+fFUqr&15i^mU+NQTRA;qPZCy_BCw>E$J&h z5j4>5UPsn;TN2<_5&VE#ZnU!9;mzL`jH>n?AA10^pi7|TKs39(zEW3uLGyyHh*!dQ zTq6$AKdNF-gAXeP@%-~~Q`ANNA|W9Ttw8 z@FoP`1&El9gzZOyMIvEk_QUHQT(?-VgnCeY7SIrpQMjv5_5ci4XG-j#=RHW6O#uE& zq!D8Ci->>YYAfqkbyfKp&=8YB?O+D1A9KMFw16N{tInxY2sbCrNzu7J9LhL|4q>vNf^;b5>e zfM#chU;cQi212}24Zp~N>j1?@SHo05LrexXEtmAhZZluZBLGhD$|ALO9r$HHxh9T6 zPmFE3f#i}X#=|}y?7Ri5a(yi}Dysd;5eMS7ptY~`Rq-MGfWaoWmB6ea@NEvDkNVZLx0Q^wVFa)ve2Yog%<5xue>4ea!cp5H)95whb7H9ShpI=gB z2jX#5uRYUw9^E2V6?~8qnuMWyj<4i$7BCo}?&LwiiN4a!pvokrpq@B(a1^A5MBbof zHqh_%*`tt=rOHGOoiQZH2 za$cbEa4_sIYZ#t0Fa|3h`wm};PHdhm(Q+RIWciHVV6{*bt-cMB0`Qib3y|fjB?n)$ zDK0^luNjqq+EjF>yCE^l*GV=qOz-Nw1Cc#_F%+?*>75w(H}2?@&7ELxeu#v-GJUcc z)|E+i6^sLyaBZggV0E|X*8vSNJ?d;=1@u8;7=0NG%OY_ZibTR}ThbKG0FEujCj-zB zlTqC-hcO!Ze8T{2_K)nuT~)6%3Qqyb{YhFIK9kGd(AP+o9X^xWY9n8xGi(fepUu<6 z#m@7Ho$t--h%c>M>o>6?9i+3hyvwK@VQHRM*ZA$tm*&qL8$ z4u*blKA-0o{8rVUQom`ge&YeXfqrqmdXf5-^VN&gFWy&IR+gh*d0#_UzZ}x9*?!nJ z$rt*xJXPT)=+g50zJ@pzL#hHnQ=S0JQ&G)J zDMQG9ekO|hIe)p%w)@rrY=BYFJjp2MqPTZ^3LeXA6(sfQeF$C`qWsk7Jq4@tTD2i4 zo7(clNu>+PfN1Ve`->=F2Pjzccd75MZlhXsW3|7~Y6p%if~aFrYOMnI#O3%Zs)U>o zqjk4zf=c=z%C`Z`{8y!j3a({JUX8HKs@c*qA2=fNXG_a`5YbcQNC12>v%;9-|rUljz}Hgbh&ok zaddD>wNI9cLO(4FVYk94-&~NcxFi{Fbz5GeUn2_TRCl4n(5dc1r%)JrxT~yjY8Nr^ zMz5fhYopYv@3Fi<=Wa0d(@}9tno+GnsgEB7V1om|G?5MSoCDa9*CPG0RPAF`R%$KJ zJFR7PUZAivIJ^*5I=(rvq$bgF1`4(!%GVo3ICQb7rS6F=m}99GPQe^YJsf7K+rV&Q zlbFoWtr=gWo}^e4%oS26pu1k;?E6~X#_wcr^TXh zT-wG?Y4b71A*F{mLs^JHC07=!k6Wy{T&#W$#dmW9H4{;aK@J7% z`aJd65e~+=xr5q3QU-Jn{EmQt-99QtcHJYnqE!xgm^&wr5_YesGEO)Gg>8AL5Bx=x zZw|;RC_@Y)e>x*7rPcZrFlw^%SrDC01gmnu`N$;;vh}&hanrBUfjqU=wb6(#X5Kd9-M!W3Z zF2b(W5eOs}=fhcCz+~#U*Ej>@jwhu?bumSyKcleo^{~RynlhTBGRM7%a`ehq!|icz zeF=acTDlTdeB9gd8MHr7!NR;(jQe+Dhd(%#@MPJTR^u;lc{Gf6!W$>&G#m0nfBM-1 zLgG0t_TH1|mbapOd%eDSxDS3Km22!OcLGp%@I_4oKBOV@9j}_UvhDYIRht+VsJa`i zbiY?EaEG>dOfg)~8bK#k{IEBU6gLadT&C8B_#Iv!y@?qiI-4{H&)(C)tZ2YRm5n?yN#Ef6TPu%S-LOw_;`GsfSCJ~VZquB^LD9ydHWXdVid4{k{ah55YE?o411)^XxFmEjN1IEjosDkBu0 z5rjU+RYrVxMjK>YRT-7TGjfm-1EooLQdmZ-HOL@fJ+E?bn45@}y-_c_JiZQ~@O}gg z{LPdX6#liy!ecVeaf4l+>M~4lDObh~UiTzQz^F**qF8=%}Iy(4*uRzZMLp0FUm z6h##o1PFSnR9dKl09j}=G6+z{6G!iNRS=-<`R)*2(i2nuAAD1APzrZ8Ss8^j0d<9= zZ;7^hZUw&KiRp}-kiyqdgVo{qyky}eyWwd%8S^n6H84Fzq6Vg?NYudV(NTkGkCM{0VP0xXuR>{%OxzIjtHj0Q8d}Y=ufi^@VJ+Jgnm^XdWm7Z@CZLjnM z|3juP5!)p{J0SJf1H@oJxfziDI#h7TtW6AbsNk@vh6EKVIAWGaXA_~}>?aBPOk)9f z{qt_oI{YM3f)gv)XV!>}73?z`QyFxuV4vARHZ4pGIaaXWjG>JTJelot4tF>Z7rw}4+`0L|7&Tz(>v5L;o; z8;a`(#n_AkG{j`o<5!R^HkiI;fNtFgac+PB8mTlpL z3O1Szr7fJL`17U?6(EqILIqn*9V$qKU!VbVn{3P~RM2)PDY(@1)q^T6_euqItYFoR z6c<;;bHfn@u8v1$|}j*1>{)4gkS|MCd|hxx+CFf(6;69|sGDn11T{94yEu zCrEvTL{OyB3= zwrH1>p~D5uaqf3`LsH>_3`d3&F32$JM}`a9nnl6|?HnysxS+kM!v$^2krK^K-vEf) zy;CZo;{{72m2g(U%^fA2Rd5SgE{YelT~DSfW%^zK?NhHxj+NyF1NDfgh+;WaUdrL< zRCy_@ZsmB95mG-XX<_`<T^Y@v21_P2w%468}72b?YpE&uHh?Tn<7#1((CpnfVv(7nzZPm zP{P;k^9(id!D!d^IpR0f@bv@bj_0Lrdf`5+2)|bOP@0N2J)Fl`n%s;vjK_h!WTWJv zSMHt?VLIuR`&grr97~*)`&grn1UM`Au|~Vdm3tX*D&fgC!&mO(jUp>|LgJPC2;n8s z@iB1x4?QQf!iG_0^;O7{A%xyWnv{zJYB}oM+sKrF4S6y;&_^~yK7LA0HTxN{gn}7$ ziz|wCAH|x79iya-v-E(4my(5B8@^qTIB0{^Lx&FH@p2-(#$@QAjiIKp96HEw+L8(# zv^Ct&!Fk1Sy^=0N2VD#uI+!+$5#PbSt(yn4QCXQFJlLdWaYTAgGNS5MC_oc z^fDAXnAVy2rx?D~;M7*}*TI7WMfkTEqfpv~*()`yHBGEZ{Lc7(0Aav`hB;(PN@v&sd zI9p7tM4foGZ$9wur`0w7)VIFyY*)gmDR7X{4zf$9$gFVFRMy52`U(r0)ug z8q^2;YXyH>!&_woPPp%Cn3#AkE&lHEmG$G3ipQl+`(0Dr4XE3)Xu@5G*YkI&)%&H~ zI=l^FlDnF(!@B?`yNmfcyqKTjuH|JJ7O65km?z74uj8}xuy3368SZ-;l7mVg#P#_P zHj30|LtahZD>l5E+^e-FPs$%&SI%WtAa#pAr-Mk-ULM*%(tS zER^M6>dLzlP`CW>g>`1a(b@y6$u(7$ls1rGw9t){MlNKC6-am?L945tyyu}$;xD)tiKIhc%zIzObQZ6wQ}oBPgz$)S9P?WCwnO0Sz%d);y^xaHFl2%nmNjqrj=dw(7)7 z11yefvaLFGlnydm{At7@jA^$j`P-vXmlb-3 zi{7Uu04wcthJxT#0+ z7V=evqjx601e`iIBfje$n9wtczEi`uL#^xLyFX;iQ0T4QvYY^vyY2#5o^TVs1Fs(e zHGf6I<)JK*NSI$D01#i=6x|gcZ06-Zqp&KVAtnQl;Sbfs*Diqc_~lt}9b=S>O~r<# z-{nKy03NWJeFEjAla3;_E(j_qrsS9D&nV0V3w%a38T*EeDnvyJ{%u?@gUoF)mnuPZ zMFR-`8HHOxlky|FDsa^`Tl{0p&oqUxx$5D)C>%1cR+P4lbLlP7hyIT(=GZhe0Web1z&>MF)IT{LD!%LF-av*OriNI<}EYuycqxH2hoNw z2*-%EQ56#BN%P)$rYHn-QzXvkz!qh%Jb_(n>q-)pm|Po7N3X-sZen!F!73y#>&i=loZZm0oH$z6=#}f-#${I53>L?^~d5E^`9hr&>pV_d*$hi==HY z;H#XzX}1y&n?SpaQb&M0qH=XS82_rjvhAh-_)Kh1(1@~?@YX)&*$|=Ij~FB{m|FEI zz_wazHk)EH;0QDc^Cze1B6Y(AWN)`_DJ=vXsd(JYW;NO~^-e2!D|V)V-7Co6MJU(E z9PRJGuKt)etzExi8z^!=2J9H+5`U32>Urc2Y}}EGAW;ukx6H#w!pKA*RnQVbGDN&+Njpdq@6L4vt6-bpihiR{h!dZ5%+~ zc5)an=ncrK|x}&;_rqHQ+{0t1uGlYVfY=dANzuU(8*z=va1(eJ#|{FNdq%tIm(t;9?jhRxA2 zoek>%-iQ(SV_=>sjxAE!!*j;;G_1c*VSheq=r17AHdD!##WpQ-Cz$m&tgDy-(sy&l zM6_QPB+cCPiAFHRFvCju3m-e&2;qhC;4t2>K3ap}&P8B-xel6^N7sqTGprxqG{jOD zf$u2!e|%kcfE2a&pG)O^EhRtX6V`Yq+33XjU7tktQ_H?24A$yk%oAW?FmR2`YDEeqo2rh-F{BZ%q zH-l9PbA@Vv%ZNIX;zVNW>BmZ4H4Mfr7s|#GwHm-0;?ON95w&flR>#GYuu7e7GHt;A6cKzc=}1E*liRxoyYEb9Trb_%tpEU=@9 zKj~q*L)F52h00M8gzEtRGz7L-6ON$FQb9M3I9QjHuJVnYZ9P(A-Ee2pDN~GRwUReZUM%3%mKtU2UAC%> zVMSa9<8Q;_nxMuQopy0sz1sr{b1Bp!4!2vNO4XUEYpbM-&{Y9oT|;=OWUQJ8Y}FC7 z3DF*mzJ^659i3PcTRoT;tS7;kZCH7I*2o5^^0~Ika~6Uxg0aP8>ETV@t_H#)Tdl>A zd>6?b0^u`{B)DodX|Jtre&>>|gYc&zaf{ca!?r5%2A1Jz3$Wu^$SVQ9Xf^4StyW@k z%%uB3sAouIxur=3rCNthgh`!1=xaz+RFeUpK}VvPLpczP8Z(| zY@d&xqs+{aY7^!LY~N{MU;Fq}vTu=8=c~B*EnqTi?7yGJht*Qi=+2i&DzJNed?QU# z)=AY3b4A8$0IM5?_l5qKrEE}4W9VfLf~&ob@nux>nOxOO_-Tr=+RfR4ocM? zQ!lXsj14g?EAczbjuMU{8|y&W3-EwPu;g)?!JL=s<4&##=YU-zoU17DXFQfq_ybk6 z0@d?3;*}F^f|Xbp{_})?q}pB-%2NT};}I-bwg-e&Ks9|8`}<&k5jB9-C7hLKT*ag! z;n6DnXxx(TFT$U^0rdmi1;i2k@bkDw)`Mxr4U%}Id?#O`SU?3A+e{Qo!G4J(Oc7a? zyAHP!ss~h||KUwaKw>X`4ikq=&{~<(GN9(ZrxO$xfnO(%uSZtGO|tY?3SA2v~Dpp7BWmm9LbW{l35k`|_R8 z%_qzWs7+Wkz+J`Dz~+1MZuiBcMFB-yeluw^2yYmY?!K6`I-nXp;F6AmaK?~y_r;`F z0?PToCH)S9Oz_G?_e^KrMV|Ht)Mr_4AD0S3aYNEwDw94BsPS+juuXM9Xd6S)V-*jB zlIa%$>e*yB;h~^TG;}kxS(TSwWTgfNSDj5RMs=8Q5HAIH+F8 z?IwH$tX~b2bDX$_YO#J$-HR7Wgp&hZ9}eA2bh*7ivz<0UbqqIIoZBoAsu_|l5+?Ns zszLCSFzF!>x)_ok8<;dEsM0#Qq|qSEHY6S(*?e7YOrH@{-(< z?iBU`5IPtV4?9shncg%`4O`_7c_Tob8cUB-+&fO~nB~^*O0c#VChOFN&N|1(sZ|?X zI}d?%@!!no#>g@Y@FGV;w@`0`pF1(86rxI&>FeTD>I&DG(xBG(H{FuV+#9F9#=SGQ zfVN-_h-GFkk5A&%&3h~(x`_dIQ-RvDGtHHADs^#+YtL>Fj~Fpd zfPO5^OjqhgS+{;JgLT6&DFK&MNvUe+3V9+D!T5U@4t)Wz70gULRuk3TP^k?UaG8_` z<6e(t$&oL>sIE#4!N|f{Zw0Kkhx?`Pc4l<5;eUHKn$U)oJ)j#6bXc(dRx z2z`17!Ke!4#MUd-w5FTbHSlFFFNdbU^o^v>$~#I8YUh@3DyUWNK#!_QPU5&yGcYEy zSuMfuWn@etMrZ%BQa$ImxtIXz;yci@=i-)9eGa)Y+rafgL>-@ z^z6B45>gLh8q2xJhhDQBj%-aq-!1Z;q%N(8Luw*ibu7~a{GNA^;jGY)*H}X8U>7%? zC&6EI2O0lvSf?`}q>4T5rt=#3NA4iQy$=1j=}ZYFFNv8DZ`_05JvCPM**&h$7sx@>@8iL;K4kCU%W`0G(>xq#1v7v5_V?du_ zM0}z=k_O_pA+`QdcM|s^Si6YHlN`RAH%3{BHQ^&lxB)u+ec~8sUm2xTFP1EaIZndg zA=M6jJ}2`l2!DC{ESW*Rxlp`%{&id9$r!8);&A6WzfT5UFkaQ$r5#4160mAM{sJ}{ zN+=nx7NC)_T@L~4=i&a{K3~oli->+-yt@2}o4v`P&Np;361vRx@oGt1cS61ytUZPq zRb;HQU%bjW+hu+M*0+X9gSngf8cO|%c(ro0o4O4@aV{LXaHCRZ=Aw9Yu(Hc61y*gt zG^s}`ekoqf-Q=3^D5(AaO}8W~-Wji^eda2j0@ebJ^Fiq-i$uhl3SoMYTk`-?Ub^pKV zmSkq$+h^8C&rkwCRCi^_J~2Tb_0%3WTQk90YM4>Ro~VvC`*v7e@j8SZU>z{bsFG#o zg|J$`-_>~ztX~Z?yRl6FF|5|5yY!p|;QGMvuV%nZ+fkEVa;xkv_YZY`LUKj(T2bf27z7!uy6~ z)VTvJ>s;!neQ&rr&x2~EcsYutbNg}|84GT9)TeluM1D_^0-+*CkV?)q=76JaKIf9| z2ceB2`P!rC=N;8=fNT38P^bR~UE5JAbqCBnsutdc+Z)VXID%Dv!0T|oAP;;4%l$w9 zoGAjMO3{2D64MUi%Zp%N^(4p!Ey2~!KU$(h4^+|5@vr`hS9ox1c{dK;UG`3Ce33zE z>`FmZ{T#n$0y=)MTX+(8N`oa*DIW<+#2;9R{jNYC?}^+Y5i6DQK!Mo5NX7TMlPC z138@QJkQ~LXFG=roew!&DDCXb#snvp9UwS<2yB=M@fL za*lDh&iRqU^-khV(zDSi#^ENX8HYdSErYTM6#6x9!iN<8mbV|r|DJa$hkxWf#o?cM zmvZ=5-nTgXJMT?|t-E%6%qrYl263rBg8V-~o^v{Jk%weyAa#Dnw%>%%iHkIsuXnMm z;h>Hogic(fiTo4un68LeKnR_<$OH0a$n-(PD}>OAi`0;Hkxnt>eqzOiPgFXR{j)vRc^yg0M(j}+jT}X97wC>oc{xbk@l?fB!{z|xqs3BInFu`=Q{g2 zoabEP@HxlEL!dy~eCKWs7dTZpTb&K>Y zb1HDS+-c6?N~afxtDWf_u5s3L_=2;a!?n&;4%a(L=q&m2TI!vB!`>rN34cRIB=d;=a4JP1$Q?r^P*v8M*yvcvNA_8b^QZPB}{KK-@4y*frroMd#B7=g*5Z`GIyzS&o3% zPt=0+Oc;Rf#@a0iN^hO`1-j=$5c>>=U5{L| zjF)POXZ7h1MIMF6_&Y$?J=iLBYmjB7KO8CjFh;dBEOElYf>yniQ=zh5Li$-u-jGNd zkYa>3CUc8$f?ZU7%%VkgMAspRQgoqiDiPO?Xp87>9wb`$cu#c%9h`Uq*d&8Lhm5)M zebtysQ2jq(s}24z$(N)jKItRWZ)td^6cOT0;0Fwc)6ksJ>hVmhUM0?1;8zTX^%Tj4 z#{}sURVT9ZA7Ejm&RNh;mWt5*RQhDqGZ*kez%o5tkVl_t>GXtqKm<>^bu7MNN^+O3ou*MdEph&C0 zBzW}hu|?{=P|`T_J+zgT0MmY&4xJhIMGD=659`vp?2Kxq`+}16a}&J6SiLm4=Ifno zjQE;K)!=>K2cgS2e!yW52WZtxkYLumt8Ygr;LZx8Gw`Ge}mFy zrP+!nccO$S|CpJ0`LBci+{=G8oY#Ac%A#h{rmDyx6kNvf1En(|+KQeqmCztGp^tM> zwt|#!{^^AB4_Z>AR8+|A6p9LEfWJtrUxH$OFFs+BcpwXBxxxwQyG}}&cQhP64#osQ ze=|M`2Rpqdt$~PnjM7;`R!k6YKLYGnIC%V~Z9R?n`5vZQqAUDyI9Q~av^D_T?h(W) z(y&+1HIea2IQ&BcX}uo{TA@aWm?#vAPTbu%oYoQTUflg;BnM`V?s}lRCq@GJSFIe{ z13r&K70*L*T1%`#A#T+eZdNuf55;M}57gXVG29N>xICbzot%QYbDD-{03AnvoTepP zwZR2H84>nNlqu}(gY(6rZy{`f*1Qri(Uk^HfaJUp{s@1|QO2xy1jRYKax6p%?<4W8 z5Z47`g;pS9qBw&mej>GfIPF{X)FQQW_y&o8iXXJ*-lGZZ9*)CgupCc}t+aXYjEdCW z;S`D^GTt#3o4-fzR6Ze{b}17@(?uk)IQ)X-C@)%4s6l@S>p{@PQA++(%0hvx2e8#a zhDf6cXNbUNJ%?IF%L?`OIQ{5sJP8n23p5)r+$vfDizbi~U3tr5;dr_^DOydaL_C?H zo0E45|B}S{huWeQPmd>yVjaw{^U?GXbJ`U8sUqK5VMPU@p zLVZ!$=JK0Kq)Sj~69)b8s)K=rp0Ol)y$`r0nz8kD2>eOU2{l`w?Wu4I&{sP6a zoT(g^bLMea-dWCJMQ3afvx;Jsoar1^cIIARR&|PVSk0-(VRfe#hc%sF zIK1CE#bIsdDy$C_tK=!4gG=LrczQ)StHiHA8$G9CmyN^{Am|RppxC^+oh> z57PH!y{Y%gIWJeu^0OZ4re1;)4EK1wI3icacc= z4hdGd2dh@{ekRnS`)sS0VUw&*F@7T!Kji&GsCVDQHIL{=iL?tAS@CmU1Z3N4T`rpq z9bupXG-b*AtVp1avH-2r%=?^3pquytizWftEVzb)=2pFGKe%TSGs`+lN@3umg>spd zQ;08;o1qnDR?W4IZ0B{WnU(T$cauEieIV6x9|aOBm4%Bxvu0A@FdhgXA_6^jIy_B+ z&IEDvlDf<)T5k~+sFPH8H#lX$spv^qC27G(<^$@*q4ebjNIwXuHNnNnbybp9`eZgy z$GYld!~j6U3_MBDN}kN->PM6qCq5I{JcGw|u5VGXSRtzZ#;=aYBL5X{W6|`J4WPSu zT0Md`fWA;X-5=hWB`JAM=$M_vZK;O}^~zCic*11F?KoYjb9?@ieqIC%ok zELoEN3I3tKR@-ggxXVtgr^F<*Nxh^w&^>en^3@Vr<5H;B61^0RJKI}Wg#$gqGt1zP zsqxp3D?KU$WAr?`sf?o{M`#1!q_V3U2Q>_&)aPQ+6r-sT`d`+_a@fZhYqgFQ(1 z+*r-jM$b;b^@4(e(sPeEBV56(sEAl zpHTDf(a4>$BI&JqFta3P_?2L->W%WzrDmj25c?Gqx4P znx7%S#~98@GC*^t2=xY<6LIDPUtu_}z)~xfZc3eXLj8nA;oE?{ZE%vXQcsS6*$;`x zD!d?m3D|EqxPbE4bqnanI+*vd=@cdCua&wf52~q($ki5|XC5S!frG_-Hl2wp%>Ef~ zdQ&2QUzAo8FdvO(b1h^Oi%O)v$Tjj+X^n!&(^{;&<+Dk@HVHQ&UahwAYL)6S{l{~l zP_6EUxT#ex<+Qhs;%X~XK70YtIQmnje34f0^NOz!VLMbpR*2*liyl3NRin}6A!ZcmxQle8lU?nmZ9!KwOsZ|g zK@f9*F7y~yr$hBYN$*P<%VvmTF9TVD&sc~eyV8{ zY^~JbURACVz@mt+>|x?b5JWHwEPhoW+&`uLU?dwNhO6|5>fex*c1Bb`Bj}Kf%lJ%f zC`^orKxZ085-~=yT^CgU{Ls1z*balgJsnYg`mU8%l+^&bJ_PNAp|XKm)iu?xAFBB( zu)hsX#^_vV(hb$4I7mqqEh`NN7lR;sqDjB2_2ogT3_=4#Vxu^@cKgPod`k&cqySi= zBPe}5n(p{kamN;}Aymt!g_V!gi^-tO_Gp3&$)(j6DxBM+Z3Jb9p>av^isNu|p?1IJ zvW|i9l_8O3mZazR;dVkj3NInmk@yvazlfAd#m&>G@ai((V1N=Kisv=T;ch~G`4Cm!j!-0)9$}~Ps zsJpk|?KVV<`S@8(xHgX#EQi-t+C7#MqXo<1sY11S5g!I3@;mr>pUB*7dBJk{rK;ci z>Kxei~JCh|4>{6b{b%nOpk&*P3cMJFh7R7N+5Lo3txDwHlPWBD?`DiW^cX~A-M zqfj*qyE$(Ltc{P;g5~fwq0WqV@j<|b`#3FF4(}G~A9O;je-^O$K28gk!v}<#-CyTX zYzDT?$7w-s_#>gtzpC8^;wZ3B4bHRR@C#)}jiZvI$!hphp^jsT1aZV)^i#!Th9>ag zlR~vdKgW1MU}*-=82>Ef`{XO015GwW@w~)0d_|}qJK$XzYRL~GwjD`OU5GN=xZ*Iw z5BJVriNy%iVtCVGK(Z?~8L_jCSVa<}HN4?`w#xYmCPAcn9q`u-hgCDDu&r9d5mS{o z9|Au?9I73iJg>|Pr%CnL9Lw7IG&1}X2!9(zwJ5O+x(f;SEjeT$@DPDothiJ+PGZAA z5-WZ$T>Ut7)*6slBCYxhSC=Y3mcoig0NWUXzVMjvh*YodbT6YpAdEL8ZtQG?!+A#oPyM-Oyitf=mTm-IwiFuEBQb#r=Yc^FHo zKWT;X90_o|N3b#)z||J+cUQh)faFjt9S=VqP?s=D5l6g;pN&N3%dRo?@v>iIkj4en z_jNQT4uNpYka(3*7z?a(pK*)e3b0=Z_Zz1stq-V1xOw2Luo)5Ih!UjFL^%i2Yw zYc9+gQgK8V!Nf}v7l^bQV>^NhAAnQ~gcdl0Gq9cR#WFOrq)VR5kp5c1T($7JEG~L> zDpRM?=ukH_FH|r;c&8ZyZgfz?HJ87S7mp*8gj1y@3#9Tlo5CbEQW{|~y=uEsVnFACMvM(W~2@IJv| zKLul~2N=92R2|Ccw}}7Q!^A8iq>z&+@{&l|O&wf_P%ZP9P=z`m>aH5Ni^ReD1f98p zL~`UuuGs2LY9S>7Rx<={4pgfyE1y(r@c==z z1fzptv6>X}(?wQ_8qB325$&>C3{=j3(6E+^F!=(>p{ zw&G_eu{TlTJbR4bb-LbzU2UHL`+{)33N(&Sp8Va(mA?V(cO#!dv&+Z}B5MLB2zq)M zX)4v@a77YH6t0Em9XPbM6nY;nvPM*z;nqNkSN;UO0*Y?f8w)r^CFC(L+`h1y-9|iWQkJJ1z z@|0BlE4%uy0sF{iub&ueVK$HPi(Z^}Z7~B6MS7xP^h5mPgi+qPH?cHfmsB+{1rajFjuY&Qq$I>snMZU({lt1gfN_-6L1mU_0Xo?)UD%I|F?iBeaU^fk3gkFeCtP{-l z1XM>bmB@!9%EA6jM% zjEDFnG7LZCNQ4Y@%i-8*h+rzV1uemT4&d@w0!?)zwF7EIep{#eI`DUi;}<4#TH}qi zgW4qV74S>3dib@sNT+~${Y6)ig`2iG9BzxG*WMz11FHK>c$*%!OC(+Gq7ht`7d0J{7c{ZS)c^A*)9prxku&KU0<8uRQ7{(u7 z?7kA%S|gvhhSFadP-E~MP`ris_dQv+tuSFrKrQ?h%1;CQ)(~Fj&Whe;i5v*1vU`xb z+W-Ugyxf zl)8=P+Y0gBJWS6T^kppCfmJI`jb4QfXhwqZR1C{XJk zR7tl)a1$!|=;yyc0JDOB8am7JdL($Duh?lrCpya71U9QwDg= z7>;0K>IJmINFJrG!=lz8bT=fPSMkJHlL{%7x)%H2fG|Clq-Rqlv43mg2BCIUl$QN6 z7`t)Ya~MTHe|XXuWunL%LE|hkau0+Csu82$Cp{0^RZoWgM9VN;wyrI$$oZhX_PXQ= zww)7q9vL|J;nN|sW?cwWrh@+RkG_?`#iQ?FXx40nMq_ea^`}d?Ch%DN2vpR~^*Q2& z_gH+?IhfQF@%?ewAC)3&`HA_n>Pi7X6A(SagT$AFdymC4YDnuGB7}Gmge|co@3Ht@ zq~skB^B#*=M@0In?*P%`<0_5eF!vrG)3Y@5_;^MxBmr(hBba=N(kg^A|M4;D2@!bb z$H%$1Yw?yb;)4GE$K&H?KeVkU4V#kIDVoQ}yKdMP*|3;MSE)G6nWx+gY;lpY6FDGp47YN|##1M;UI-67qR+SM7qzl4+?kw)2QAmcw?JX5C z`A8&6M%;~OCl)`Crev(Nlh^3xwPi$LGMo0(qj-rX(k{nUNG9i5fs6Bz@J~3ml50%B zrTi%W2_>%`iHoHJ|4A%GGLcSp0qpNP6V!P)?Aw&6M!MT`7fEX^Vqf(T5nr0%`?o`| zpFQn{wDto!X5gFz54d~?@G$#kBUF)rk_p0kcSI!dJ?_Kto4Oow46j2XHV&nqjdPc1qEu?O(|u>LqJ7JL>wPW<28hnI=P$ol;~7pHLq7gxV0FeC3^# zL_yajMNz(}Z%{row-|sPBAYL2>{oi)F^wP|{(N6lk#ia|z9`O~@kL!&Dy>Bj`5a~1z8EnAO_TW_(d|Z)1OJKq3WLVZyb%=Zks@6Ex0yRbaJz z-19~Ce8A1yBfz@&xaW&1fQG>OM+2MSq8e`3~Z&3d%mcS<0N+kVi&NzKJNLV zc3i*??6{7_m%z>$-1wq?!JJk6hIoOSCf(+V?)#!X{v3pS0E@*Cgl=D+FG}SCs|FZ# zJ(ll_DtW;*u_LhVgzF;od{Ogi=@CJU1NM}`Jzo^3Y7X zriUam#bMAt&nDveq7L{X@I_62NitL120i{E*Fc?0qUVcBZH=+B5Wvh>g6E66`y*SY zTNijU;`pX|zNoLhaTDqdd|0d=LbkIxMNxm=nW4RdBg?eYFU z4sPPQz-V=~WqeT+G1!y6b}g_pfoD?27gf8eOXxs^m0Vw*FKW(6DknM=y}K&)ovH;z7LE>IM_Epf3$Bv3sK72H&Eos&g_eNg|6v=ppEoo=ufl^ zyAsTu2tO6)TklXD%A|4e8PaN8ARRxmY-v@k^&Zs0#gqkiLEUkuQ6R>}R0Yb%wwsjT}LWH06u?_>w;mEtWMFmn06k3(*e=92>PCi!?>7M!dS8;KRy0t$heql;Tf25F_F<# zzC^!IE~dQk(rOC<_8t*UXOl|7s?rJm7jiMp4N7ZHG>Mzh1jOVcktiAQ8`i>FRXSru zJqdn8hn<~*nT6GZnpofSME&lL)Q=49vR#!j+44i{t&o?!woV3Oo zC=Wqa=p1t9`KBH|2g5zzR4+WhEyo!vM;zmus`NAVK8KbMNmB|Z@A{_fGk6sRvEO@$ zDB{C2?X$SS`v*`Midj&U^x-*n`%k2GH=q&*F6YDZ?MD|%s|KJ4V_>ar=*n+(dix}T2o@iH+6j!Oa)fQ;IY1`pKu4z z7Fh2XTq`lYsc9H-#5gdf8&-Qi75Jw9m@2Jhz}6X@i{JRBhN6Gn4eW@)Nj}QXd}LFYEOG<(baJu*!4V#Y`&?R_e-li zu)YQ-iEO^9&-!6dc@m6g49oXTQJ>&n$sy`qYaYkw$?K##40QcYg(1lfC^CdkC=Yx> zZHP~v@J`;xNnKJD<(n$^k)CUWy23mj7|lAV&1fMs4Y`LP9u9rq)K+{8kuc+%;_MmU zROSw8Rf5LI3$k)bnJ zFxEFkfbmU5@a~fshnRV>f+MJWbh4griieaC@r-Y3ASRLGO~f29(qqX~lqb!ZFxC&c~| zKj(-&ixM}!sVTUllcB;%EVRrhhvH&x(i z$sK`s7+41%_k2@}KX>sFz{VQf_@@5E%v8)n{4&BQ?}D0-@0)su=G(6U+!sR-x_x=R zsiGMB#Yr&EdMw{Jwd;y&!XLo?AzW91=bL)Hh3?u#f!??i#G!G|H(La;Ekkw ziH5+Mc}jfWRP*Jod>>$ge0k3|m1}}4KONXCU*7Xg#kIwALh?PW1Gd?h_k2_Js!9D+ z`yjBRM&9_Q=HT{2TtxhJPu6WKYr4RB1>aPY&(NZRebL5n=u%q5ot5XCs(2n6iUKU< z5sYu@T1mGnsSoHO4;Fldaf>v*so`jm-02Jk>&aLqCue+91B1=So++;48=&5bq5Hn6^W$AozJBok;?O0+IiermH`TTZilqh^ z4GoKi5Z^boHXjI`0QT?*zHcgdA)4=K#6RO<+`iqa@qAM~(Ln8$U~G(G`Rk{rl>5 zQcLl~+WriTZ*Z_vf&OTxg3bolHais(x1ZDwtuHsAqQe-QQ*f{l{m~AEC?R$z6zPR0 zGFV)-Hwg{8CTNX38Tu2Q5U0ToEt;~jLyPa%L#xr*G`j+`G^lDt`bE4Dyr=TMYxui`Wz1(wtP_#SLc`am-s$Pb)&O^g* zUJ|EF60A(Cpskg}sh99W?>Sqm#T7j6dk0hZ5UL?J4yNfjbn4GJkUCxtZ-X1pa=>ci zfRn47RSt%0eRL*TQ$A4d4!z&t*6d6fZ;cIu8@ltcCf?#a(e*LpCNh}|@%eGsttbJnJ|1p~@+yt!dp$^WB;2cyF3;OmcPb;%3WSca zB(FY3)qs*g9_G~t*|$dYYGGRqLxC?M-vKYj8(q90j(5jC9G6QRzK)VETu)+Qec+1P z1*bSw)SDo_L&}PfAsW4=Qs+tQ3eb~4&JtRi&|rl5ZHW zjA!(#YQaqJWaS9`{+N~Cq5(=P&o~k31ZKHwkhL;t_q;q4g*x_!X4M1K28Z333V^O^ z{-G;j2)_eog(#i0DztPuFe~y8{v_AMl^B?lOn_DDG{&RAJXHvfrRO5ze>m*nWVc41 zSNq=))<(qc@DP3p-fF{w%hiniNb@kT&ka7s7hkC=<-s%<(60ub!KLy~54;9|I4jg0 zzcn|YePso<38(dBEUysMCu9Xy+3|MTaAcn9$tp)gtK8f&kV&oB0u{2(4jdX|Ta6w= zFO0*UOPV$GiXGT~L|8o#J=lZ9Qo@_F=o@z6%3+l66o7LKVKou@FySpbFtM9$y$EcJ z!Pof-?6m{q^I6t@V4oSBo3dk8RTwWxq>WMFiQAeZ@Ya29my z4EiOM3$g_U#UaP9i=u6D-GqvQEBjDPWn29-(zZ5J%B>LFjuth^ z0UJs9e!|(g6sTakTPP5~@9PI@+Un&KSSO7L@gjaU`XVi^p|$K0MXBA}vdLi>fN!%^ zyn-e|q~rKGNhfST;@fWn$5+`ZHA2*N#Q*7Gg6LLa`&6hKhj-3!iQ9>f!~cbYg7KH<8!89#+L z356?v9@u4HzJ5I9&)F)JX=`i52<#+;!0ozsJ50wE8O+!<@ft)je!$xf_TTWUp0! z%`8;wKQ>m{V+M;(%g*tH!QS5sRmoD7e#&imnS_yvR(-|_NL3R30q48{VN_UF{X?aY zUMgOjmrec=|ycwdg~EF#stIoOEvG)2mnfk1m~Xyv@yhE9QAkqp$7722Vn7Sj3#|IUYkb4%M=?lZ{HZXW-VqZcs) zHDrYXQz4hR?-|IIj}JbxT`)Z|3WF35Ek>2iHLiPs%zN?a-awuBV9hEvv#WyHIF`-* zNoEz4X`oenu=NdXMR$+}8KUMKN<%w&R;pvgbvu~`e4gQ4pkm}tg9aW`!9P=M>m^`Y z4X$;}`U5&9tKc7FbvlQEpNrvW^Ld(`$?W+m`1oF3rhkB$V>B{L*EL@eT*Z3i&OFcz zx?fPiwq1466a%w5v8k8g0*Thm>}@J|5k*F|^bnZ+{!4eeMBFk4He%a|=1?Ujf;Y|6 zY$YX0WL%Q%O0k;z4?}kMzgl!#mtYv+6Tr_!{V~j1iV=J)lm>=^RVlN5T#*{ zRMROx!7-SS;Ly1v4T4$P)cx3&Vhv_4q7*1q4DFh4$@@|zZv*2&fE{B9T2CtH>O-l% zgz>{bm=;S~M=9!iUuJ$RRq+t!!eG662d2IOX68w$7T{VC?}K*Y-&89xCl&Susro$t z`+fl9caNn9c=qoHPR9j*$%_|7$c|iSPN_Kj!mxNpiog|oSrV5&&6h+K5NZ%fj|xX- zqsd>BYV|?gTtr)79X%x$yYd4!qN_#X)4OP8wHNMB+N*F;6ln7*zYi?ltfx2nUQNO`?5K z0`b@v1$#cSrgI>CpG^~!5`wA=d;nZ*!3ii29NKWLiS|Va98keW>REd8luQsR5s7Wm zxnt5L6|6PM-8`i^2#**|n)Lg_(3BnyR-5Qv0K-8T?UD3Xg9F>+f_d>?EHzItAJ_`Q zIVJ9AQ+c<>{{@v*Q&`)8y=QP1(VZugM#TjmgnRoW2;aq$xZh+KWMEcYaOyE(-3B4Y zL@%W%P4qrzU`br?8+e=U0ii-Hi8ZAkua29bKz=*N5}>K{FOXu}n_rRE!-(igBF)gE z1?jcg)7Eo=Vs?c8$%En`RuTr%?LgyeHcu62gCA_+2#Xwg_T2UmWY?Y*qQny?;z>%N zt8EW|53bAoi1`c$yDsTZKBnpdquGHLl?~yq4h*;L*B+C4I(i%2cvKb((w}HS)*%}w zKxU3@S50l;iKu-_-iMBh+ z|&LvYE^?5p8YW(nw`~ygK=T+eLf=`c)ikE&aK(wS0YNH~EX7&?!OL zT=?|4mq?xrPZthWMt`DBW)*C=+0@9mlY$#&VKpw=MetBJNMUN=d)h*@<6`=klkoA5 zKm!rUgE@EVatuU)hlDzM%eKZKoryT?8|0ww!%%yn;;?*bA);4#kf1ZG0N+)&5*28p zSgognP-DNv_Z5+n~I_|(GL-r`A%2lxr0<_OX zppi(SYalbD8mz?Yb9?X@l{iJF;0_Uo%O!7Vps`3HH(O@YeE8Exs3j{Ub6SGe*5|(4 z6RKK@(sZX1qWH`=BM=xsyBkR>2hyH|$mt}&#h~HGgxY%qtH=<&3dbf77PKS0mHAyV zRE!bo!K+%ue&B~ajtfr`YW(+F#YI5ZJy@$~F=zvdW3EWjWy>Cw)}kccwX@ewy9&wZ z^y3coa+Zip#&jw5J-UNR5UOH+xMESbb#T~Cv#0_Y!fU2?*ArG-M0fKbL1%6ShDB-G z1X!216nUs!>GH-KsKxM}{a|nx;8;S^ZAmeErvm|zhn$|eyz%mBZ#d3~^A3*peJ+=G zyeP&MPw~1y@j7aO3h-7!-wj0mP6BMThBJgZQ676FB034VybA}z(dCV|PSZwc6_tQj z^EhsK9k82fe0Co1@=<=>3l5|mUc{?JbNNjnN(TxwD$Iqj^a4WhWbwqphZl7*h zbTEO5o9o_#L2xUQHNE1oMdK z)Kgd>jF`KC7c-oBuTazD{d}=kZ;2l@rxx%ghO?PC<`L01J*CwJSbu|)Rx6eAMce3p zhsUk+fUU;C&s8WRI4N(@iMH$_Bn16XyDY~5KVabk2+^)?12@%$SAXYYC@buX{@T;n z$-vzgovu%_FZzc_Extk>HYz4f2Cv1$NL zQ%}O|i~ioH*m)X)q9>sK1Yf1j$=eq_b0WTef><#bKhGH0?2BIMoQuBzY=gmRUvzzW z(k6=ovtCB-zt{#fc&5<|uAaJ!ufSIGjOn}9$ipQ_Uu6w+L3z(K>aPPNAQHi0Uj-y? z67D_I=yn4SfGAcJ1)*Fl$$O@;9CK??$HTm58nih?`fsR3e#S(*)0t;XwC#;~#x!9R zzIg`WSvZ8m-G*3+GyfSA=?M{d=Vwf_zZWe2NsPFlzyI}&sfmrJ&R$}av`*1HV=B89 zuiYWKAd%u>k^hV-^}1j~D;vnHj;}`vdRz9B(N*Sc!Fz&O9e?oyX*~`BUL8*~olPnQ ztIEJV*yJCJ+gMC8U{7o>c9i`;3`&SHoy?;)Zn!}o7T%jsu7RtGyE z0cvUBQUrU8+&{bvQ(*&@C&&uzN6x%O?v;Ol;oc&5+B2{mXRI7?%p&*p`7lX_mRCvB zy_~$e$o;E4c>aOdV;&;v`tVHq;6~fJ2wXV(8^5;!L+>AuQ_7H88aYWKaj`pLJm|5gb?< z^8qa;xEH}@kvm@t6mJ%}Px_xG?nmTdBhWms5^w)w#9Ox*t?fMGFB8UTnMLl)TVp{C zqSY)H5<@95v&enwSbPc^STTcVWS~AYj-hZFM$_uRn#SN-i8cTmFqHTf26O{spkY1X zr-DW99WLTCXuzH|I2XTJLsflg>Qn!u`zQn-nio!Zv^Ij-(x-$-FY0_48)9M!;1*( z6e6xtx_Rghi_Qdb%s9q+y>YA$4Iw#@Y91UcVaBllHX9>BQ5sMMf>UVD?2TiailAr- zZVITCfz3E}AyH_20I*>Or*Vu*zzWg+UyVO1h#k|q&qD%PB?8VzsKE+ZnE_`XP6}43 zBdx4QWid>#>GNDWphNI?x-`;OmIu-m$T33b#40#{D`W=At?z1?E4~aP{p4;SL=DU} zGFg8>W}>`sL(AMvh)#!*aqPTLL1f9Y(5k&yho{ ztP3&+)-94*$Bd9h&dBg5TIPz8iO1LftgI{{d%{i<3P0y&N))e%X07p3LjGJ;i)Io| z>AHAE5y;mSGC7YP;i1p`Jos0z^`u`%?9$s51i);Czp1ccvB;(m)SA} zuTb!-U6@+AS!QUFEh8>ei6EV2h8EbexC^x)NVk$EW1;XhTV8R~8saH*wKD#SEgg(G zl;9jstE-yvjkc_NSm$tyr`pv&7wccMj@U8_;}6Ln%ch_44{T|>_>bB2Grr%J_h1=0 z$tPm|&#GPhC0>U9%eH(T>$nNeBHX|7;~D?jmet@RBfJISR4T6hjGwjT{RK2WB%A)a z*mDk@u-p%aCdtpqrl0X!w!F(NpDo$+GyaDy+qmU(ESvtv;pNCGDCMnfI{hEB>1RBj zlm%YXc;cd1`x(y-`*vtNi*Tx1w|sJc4gHm*yswMKTM!;qK8%->@<>OG56PyV@zPSx za^>e_)BhG-)b9plksG>~+34xF;u+c#kmUf8MF%`lD?X0K-cJK^6I>5u%z0mmp<@BL z6A(%L?Ms!XvG-Cy7Iu5-e01ZWuXlzn1Y{|&Wo6wRlts^K`F)-| z-b^AWB`C81k;EB4)hh2H)vTZ#`mHXPKa5m7L#2Xpq&r2+v&2g){vo=C>jY(mFLYXE z3DV`lP|cvM35e2a>`T4S08(v&@|_V{s;4i-P>Y~E0*It0_)_OuL#kI$euU>dl*CF; z%1w~*Zb3Q5or3Q5MBQ@fHL$CdH99C?I-uphiILYznlWiaP4%rPd1WPTy{^JK zxU5-0*~hKdOd^pcj%55B@#ESn5#hLKbF#W1L3H9mCxfyzAWE>ZFEt!xkaayM592+gVn4$P;!82~eNcYk zLIZrM=W0Mo#K{GnwA3_TilJLUxyFT7`%;ZD8fWE>lSyz!$y7jO;TOKt z3DiPX(KvZuqR!XPz7#|0ak3sDlFG5%ltxV|!+Yc86D_q=34(NKFjO&4P69+y^?a$v zsWckL$#>Cr(FasJ`%(-wh?7TMXtXaipGu=coGegSOD*uF7-|f*1RL5~zr@?b#Azh&h09T(%4l9w^_q@+(7d5ur_4f1)FJc+3;rGL|tx8fPf zrQ{_*B${iL$?LAKV0CdNSFF=gr3up2$WVroZ@Jaf&`1T!J?MN_1CQqrCSa{Xpj;cL z9EWY4rW|&3x^vjcd6L7<&I&i&!(kWav>V>yu&a|wizmxY+u!E*?Fn6mR~%Y2w}A;n#QZQtUs-=&8S-iIkGSI0x3TZj&U&yaSAc^{^{jk$$L z1yU|AGtrC%;Z$!`xvLTkL_cLbBoM|$X89xHuAS0c$!q_iOg zLb>&mDZI|W&z;g%?F0!1^#SKjM$mR?o)I75oQ3YXoh5JKyVk6RBCYgUSY*e=kn@G8VxTW2 zvsaS7L~W)2xd&-cSyhZC)q^~f?urnp5?+jAQu}BU6*iN)zColha6K?-d^G6+Tx(4F zXeW_s7jsE#qDeR5Ib>4Y>qKgfTL#v2Fq%{c1;(V|J3vbN1+xN?r*DK8CD3vjdR7*s z7h0%ATIv0tKwHW)CJ<@%A|5r6CijIF?3DN5Y-ufpYcm;8VI1~qa-8zg2mR8^Q+Q$6 z(VY8$*E1YmI>R4>(vRjS_4MaUxS1LWo^I}FZ$w~wS#Mfd+<%0UM@F82%emCa<9Jjv zIw|EHY&Hv-6{P=V^0jJYT+%Fz=C2`kkB8{BXl+<m=I1k`L04XN;82Mg0=l|n6UWuzF>_ma36zdg{WxKYkiG1BFR`Ivf?E?0ih^M z#&dGbg!=fD*1Czb9-{O#)Dl}S-`3Fk1RWzNbwC3c*;*vUcazpBL|?#Re@;*zhT4jx zQgA-rq-Z3@kS@dKjCU4EwIC|;1H8u&Soa6~>B{8pBG30Nq(zq00HI+lNgL2hsA)r` z)e%@9gP$iW605C7iQt=wpJBdfj|cd)A#mpWQtC?|Kh-ZuTA{HpIQ^L-)S%FR?uAUY z{xek4#b}|G!MOjdc>v`UN_K4L_&Ss?sj`Ir?&<_P$=Luw5dxAMhkY4ViW_9AW=yh^ z;^;CLnLsNU1})msOZSrTiovJYM~&akY!1RBhO`x?xTI=QZNV&nNy9;S(vXf4Nq;7` zom9`zW@`%ot~3Oau@dR4vdK;D+|$s=#9IL0$MK9PeH}~A*k*1|F=a+2kv{dL+iBba z-&}<5i<(1pD@;F&i;#Pk^z~6BdM3nI>b7ODApQMsNYi67(gdV(8TY_!M(g3EFMXgP zU)~6KR{Gn=N!$PM&08XpN}p(@7aL6IG8vghDCvqukHS+X^7gkQFA_=$q8<^Y58Q;B z%Xl>yIRrpwW@|8+3^0~hHE&`@7fMnACm!tf^QK`S2nUk*fwP_14|lmqsR5O|AL-nJ z7P$eH9-svl4=|P%Q1>4ORsiuC9wz9_O1aQST1kn4RMI8n+Pec*Qf5Hatc7(7z(rI1 zv?7t5q>i`5NJaT|+lf*hO zHygI3MN~*U;vlf2gmYFjUL&CX!7P``N_-3KXAjqFawILIN~#}F6CQV! zBy7Y*fWuY7c+-HgfU}a)!0z>MS4kPlSDS!JE$5P2fzXjiR0@L5tQ4B3B;^iNDab|9 z35!aT+67d3bmnaQ6p-eS2pO+M%qpHS7)C^z-EjNei4!Yb&2dSuM3d;1dM3S# zNs*O)3OA^%>C8R zU7___X6;ITc(PKVxiJn=hia|^&iu72^uB0_z&o#9xs9=y#An5b3;O#XYgbm{S=L*I zO|m*gvv%e6z0x8ZP7u@(7Wr#e5({GE0Yu+0P?aBXHPhmg$KW$8iCppu6`Gy!;*)}i z(Tjt1-u%4=s-!K^f<-@**2sSeb|S%SOMatNWLt|`iaipF^1Ub;gaHeFWd4Tj5VMiF;dpd!b_7mh(5JL0x@$}x7( z7|E9vomlD39&|}1qe--En@PNWJAG_Jm((JfWUgX;v$A&(NVxW9fODrFrRSu10FA~cL5doU3Du)9Z^vP!*MrN4N8_7BB$YZZT8+3s zC`RMtSAmkQXtWvKG16#UflyMQn-p*Bk=A|>uK8R&BU1t1f8dyHbSQw6MqXgYKMuS1thQE=kvwd+f&@{)L z6sEs(7a5N-I32~tO)AxZE(6|U*GfOV(Jh0&h)BA1F1f1Giwt$kpukq3q$?VIkS-i5 zgDQlQ0$m2YS8w`v&yg%{mpcH}O%}JyRFB+XxI%0G13v`MNS17invrlv>(5B`ZHK1W z(6RuB{Wo1qW=7(maK%Q%@9;1|Xa0Kp-SQLJc(}kN`=jA+&_v3B4Buq)1gjK@egC1pgGJ*gzCeX`%umMX&*i zQba%nQL%uP?|07Z?!Ae=e*gEq&vR#I=KRi?K69q*tgDf1K{WgtN%VKP?S#&`W3} z`RJNi$Ql4PI3S@k7HA}8L1!UvfOf>8m(WQ1YBuOg0KOv-<$@%eUn9AQ;Zy34M$#QM zfx|6>9IAvrM_#eG8p(@QY`IMUXhR^sTvsC*g8fvMG!TF>B_uf-NxvWLoL>MyQE^HB zvDl=PR*J{|KKG4#fOGpsZsV16WnYaj{Lzk$$ty4D-Dl(s9o|2IO5$-Dj~by(2d z7l2hI0R3{aOh_$%3N zlYV(9E+D6-lLA@;qH|K*COsQ;Dht^Gw4M&VM3X*T%@%Su08<^1ze!i0XA5}*w5J?; zi6(sxb4L#8RRG>15aog-o4-l-!!YG<(#_Fdapb=N=x1V~$SW4NNtaz}%MC|1mcu_l zuG^$1ZnY()0+2f@m~h_(5<}J(T;z?(W2l&UHkf$ zee40Ar3SQZTcS@88)W5sf$XDelYX{)j{mL;!3uIXVpXS#tl9^%*Wdv0yY1i+JW*OZ zCSgZ_SHpA1Xq>Dt20z+Viy`XEs1jz*n$2;azMesm?;M@ zl*S#*&&ekTK!50*MdV#-K&Q5fmj$?n2<~!L6Y(!d<2+V9$$MzAkjO^_FU367SHUm} zu}4IT%nD!z4Hz)8#Ij)jqd2{4uk{J)&38&;9X6v#$S41octzgu7*j{9c>P%{UQ`i9 z@GE#B&R5Ma9tu_Qs<%5ZUX^Jft|q*c-X(cKD!6G97DJ|ajMW#^h|n7VchHjE+ad*I zh~OunLhC-vw1Kgl4s0h+#R;nEWET|2^DH>IqVWdCKR7k9`|I>pVQT z29HKOBIkRI9Bf%q{c8@?KczFh;vNWHs2d4bahs)tPhjCZv7}IpYLDxJbZ5!(*`Uua zh_Y)jf>#+99NG$_R`9$U5VTr1^gBw>JB~0l#c)1kN!i4eR~huFP!YU+E;2h-8h5u= znSITPt&0}H&7e(E$;F~CpcKXIwNu2J_@^BqmJAX1D9)&$2;N4*Xn{W+IJaYwFBVXE zP1ho>n{}fXMjT4d43b6TFFD-t_n#8(Pkr!TC>4tI_{~blS|>t`Aw$GHh+0&3qA?{? zrR$Uv4%HYAhZ9($5(U?Q(ouGwZd}5CHUZ+Wt;5kHhs(y%<1f#-xfGD6S#6+5q0$_M zZqyO{$bx!&a+@nn3;5VCsc`m{wkTV6VaJv#&8`h9i>FYy)a{hW;`HkCRi$Z!apM&w zd;$ySN<%A~965UTK{78J^j4CHyHkdXXKWYT3y<;Ol*3LAxugfhV?M$U-7k$=sVW}k z8+QEd1z@#38PGz4J6Awi+^ZW~8Yzy>;P|`t$gjJ0K88sBgBmG`AmVBz;7!6oMqY#v zd$40Sn*Bn`SO>&L z=m|$2?YHqwpvqA4c8$Vj$Z_K$Zl-z`;G2#-1`nYX^|+dgxJH!`s?t^4k0AfQnqzQz zbfZ+Gibg56u@2k+roz7sZMI}%;tuTLr?@0$jvk7^FA+-}wTNW9A6sX#F8xW4Izv7Wi zWX)ZJN$)`8vkWxjx9n6?v*Xq#;=cS4k*Q-GkJPy7W)y?)E^r)uVF4lif;Tm&UJe3; zLn>Y`Mewo($Uqc&3zQ6H@+JpZY^uT~$k|?e&LVlB2=4Z!D)d9p*$MEG6Cq;ZLJyeb zWDmr0?Kz_jP6N~)A;ljKmNp?J`LH2^LslYYEu?WDj+Ik&$$8sO0y+N6UNX2HG%XTx z^Pno)1&)yaMg55D{yv0EG%jO=BDOt_jDMY%1@}Cu+GN%l#U>Bf@&DfhJ*q1D%R|Qa zAu6+~Lk5>c$;`U`Dync>-H3wnO`~Ta1@`~bjYaT)V6bi1jqG<6+v@*@jeA#|D8w0R z8XvPysk!@p;-yyOcD^_n1$COTe*qSxxGOqn=fVG?Uy6&jxLq|IpbOeTs0JCF2jq~S z%%-N-@diWQ!_o!mN9`O4SJ_5$3G!4VLt3N5pvlZQ2f|(1o%;aE8u~p}iDnx=?8Y0= z6j53Xq{`;kXGB&Zv^rppw$;T>2SbVRD^DV>`xuQng7C-i9;pT8*a@m7wcxr75L9rN z*{a!n_>-y}@rUe;DORUAnaovu(l6Ceo3@;j^!*vk?y#Di0~yRg3&Qf5g_P>^I9iLS z+`)Nl+8iF@KxkoEo@2;WL(qyi0guRA|P8D;$GzCNWTN2#cjzuTUl>Gg^oIE9LA}!C!CO|)L9hQ4u2isF)k}- zE9$^eqx&&U9CkRU4loB-Ie(2%9b{It>LBAbs(r(sop?~;atG;O(21M>F~@l!6zwh8 zj}|&`rUM~|JiLy|EIbeA(DF+K?Vq4BzYj2y?=B%j z1pkyNgr`TTpth(z)MMORoSv02o3kYv*8;oQ|6EgN2Mhs>dBqRCA|5`@Y57|iNPGfT}b`!zQAvZ^IB^|zE z178oqBoBr2!w_8@gYQ@e=Z9oH--5+-UZRU4hfIgPBpvi(L&TNBx(&p9&|Vk);k(_z z`5{?nYqFS&ak@C;km+EVq(fzFh`3!3aBRx1z)@?QNBiBu`5{?HRBS%S)Uo1GJ5j8> z&;d5dr`Y0-V8sHlnftmfUWadU2j_>VW{@d^F7HzLI|vwAWj92SAyjqCl0kKY6#c&9 z^vG_H;+@x($+El<|B-`2(4ieNDj$Y2aouk3oHTMtGO+M3H_jKLa%mY_2Z>%KW2&MC z#mby}$ao9VJrxg!)<*sDR6G+p>J~jOg)ZRdm!Yfqc{y|sKd**<#?P-pZ{gWx$jEy{ z#gFw-z3|Zw@YkY=4jpf2LwFK@4}DTcWD`9ybSGO38G0I)DTg=UL`mh)7r~JD9afU0 zo)oeij-&EoKimOdBWTA9D)9^8Y3zk2s21gIi`Fq8sq>HO!lbEG!$bAJTUXyUNEbY{ z@H>Ad9Yu`U%P@H!zOhJ`gj)L zzfla1+a&n|(_bgnUO}%ufTWfKEyo?Gl^ z#hS{Ujc2__;VI(U(ik-``qAO4gWQJ*$QWdf$O?KFlp&Fa4nPMYUw<#(u*QcV4Ub#; zr0O{vo;idIGe*Vzh~*pV1sk44pBpQ8gt&QoZ1*=C!9Ovs@jA8q8cDYd z$7VFV2hlRCBkp{UMQmonb%)5nhWCRQN#zjRwBZHvr+N^Z-EcqDibyKe*qnxk zU{AbnI?5$>igzUmnuqyG?9`lPVCIgM^V}T{M6;LT5oBbv9{TzF&YnwYJ(8z!TEq;f zo{^RGayQ;WZ8!ySpW&|^gNiEJFfCaRYPJ$ta})l5IyA{k3u+goqF(jK>152Q>wiAsXMc80|9SMMSd^!kSx&ATY+deE}p6i9XfvX_fiyCgXNR|Szi2Yxvb zv}r`=$SHbrJtzlWR2Sr8lN2kxS@!I$UDN+skq0QNZ`dl#jn9#kK67IFr(OAg%@ z!g~~5^q}{b*y;Kc029&TbV;(=yD0H`BU-YtcTsxiL5Yp+aO(n;Nh}n3#iH{Ous(WF zL)1$Syc+<81fu-1L3~tefFAV8y|$$30L(8Ti4T1Z)`RZfW=mQFz;gr&ki_TihU-B+ zA&H7l9suBo15y(ssuV_A8EN0JK(T5zZ<<|w%6}A4eOSNnSDy(qj{819W5ZwTkJjq1 zK7~V(CH3In#Gy%ENph>t@%5Bve9{lq$LfJY!a&L)Fh&u}C=%yZpEnupRG%*&mkg4R z0J*|NyVd6g^rQ*kmoJ0%8qqm&ZuP0vAD_BJCddy!``n?Is6L;s)0B`~0Q~8I{MF|X zM2Urz`4Brt_;Vm7s!#6$DhFf}0NN0U(k02}uRgRA;;%k$?6Sih572aCp~x#1xB6Up z-A=({0IVU9U#{AOL-mPIx3l4O01lLpMSi9ccJAu&e-#5@rohVB0*W+}iTahOoCi8|#^ z)VBeNV*9^|;kU9fzP*CHfl_thw4*uY2YvDdwlY&8Hv@ldK`pdrrEhf!I`{|Ro#5Tu zA;}`9+e+1`a$p?~+H{9rT&d!zucK5w@tn>$xfbB(iQz@al4Nt0DxO$7N)>OJI!e{@ zEPR63QATjyGgLmYuR*Wz@WZtGle z_T-?Ut#f5z#hCDp&b0&4GM_?Nj?Q%fF>-XPn+V>~t!~4fc#Dq7K)3pt7;N3@El6P9 zigG#N99y$rux!J+RpYY(gCm!Ke{dYJ9TMw*B19wnwdXMQ`Ul6LGN5&Ye=mn7X?NW| zp#t4%@=M4gcX0gtw#G;~7w`v&WjCYwgbH-4k&Jc*$H_1043b-c+~K0#!O_Gd`4FiB zCqVm{=o~qBaGcx@7nxESeFxfa4!y+Scxjj|B<52@8-H5}AA^T(wGea`k_uXuLoYEn zhJ1)mKO+Fy3xFX6qI5~J`3J{<6DrWHhGW@?Bfl7+<-|gfS1j(}*sGBp_%;Cc5Xdjr z9UK=I*^*8HaIu6WXK*|`*p~D=0Hsjcfs&lTF%>nH4@V>bknDhzZbg-X2ggz!ktmb0 zq}l1u?CLZ1^MLBZZ~XbIPx(!#B6mU96cU(#vDaUHN_~o!xdi?z92#z84Xi$$i>c;g z9@ZHt_XB>2Sn4s_sXncXspffDH6oC_0plkZ?N*-*^p{OY74Uv0L=65aa&GlGfo0ET z#9te<#tywi^;t5)7SaWPUJl5wTc!80g-ir(mP0R5ebP{Zlml`F08bN$(k02}uRa;Y zRP$6+OOE_efKCw$<*Z_HtIvefcHrLw@H>J0a^324e6KCZheAxiKTwiWeXjj%OUeMC z6@daIIn`(XgE+K7u^0frPzR){4^@hQ>O=XO(c}PX28P-P&pYF3e$bBA@LL1k4aC0@ z3(f9OyA^SeyWoA$A<1n_w};y2UIqPA&@Mal;zKR389PI5Q!LC7PKKVt)nE8)uhOD6 z+1#O)m${vxmKUm>p|(*Ed>|W8*%n4umz!+vP|Ld~&icjPb#`#m0a-*0lr%}Ue;H~A z^+k$a0A`QN!Eq)wcc^^|LoLhs7`|r-NGTCXpKj!#_G2tz%U|K`K`y&zQdIDiBO<9k zwpuXM#y^9=>H(A!2;`xbeC60<)gw3Z2OMXJhcgE>I zv7PiY`O-dt+D&!F>0lhh3mm6UPPWHodu`+lnl97rae6lvQ`v2g)0x;>3LK|n`ywH& z5O-&sZh1gZYfC(q#X#lpA zkmPi<-QPe*O931P;5`SVI$Ej}+|jNtM50WR)vPl@W;HM2azOQAWzb)JYGaXKmc4|T z0RCEY^yB{O^UYnLHH3e*Lz6U<@K>KDPa{*^>T?UbLWGnfV2mS{4kXT91DVTcr}~V+ zwm*U76EIf0Xt(;rcKaBv?y9KB|t)|%FP6TKcu~6g{ zi(7pnv1h<3SOLJ(1oF#u$LaS_!8rwc0XSSjl2d&~KV&E43jn??A<3yeU*Yr_PXvQd z9m4Qe#lveLR4D?g55+2@-465y7^jz9aR%f3pr5hICfk6w1M$C88^!BPiTjU51`LAt zScfE!GuHdRawb6c6OdA(`g?VK0(~Yo@y9EO4hF#~SJmLxc7l3_*w1_I=W0CbeK#HnaW)9f zkCUPoJkCS5`fRQ<2*w=J#Bb!QVP~2R;S7S$owpbK?a6BB9JS!@Y!H06$Q~r^L2zP5 z@eP8SH1j__b4Q@`FBG3BQ%# zUW30DLwo2>jVc%e(sp>i;gDoSrrR}Y<&y~eBhbz}^x`#&4$w=dM&WEEBAi-5`&Fgm*2WOHj&duFhAt~SlHgPR1%JYt}vNwWP* zjXHh@mQTVgw=f37jzVnnbU=V!f#MRrEmn0DCu(*&k>?Ei?gfg zT#sIqc3aW@v$~*nXOqCGK6dQ1qRKC$_a|Te;xQR+E9w$!tA=(fdI1A8tBSTN+2&gD zR@AP9DyiW}BjH))qtHdhN81q+n#hRjPCLjCD*GV(_81o|zaU9(w>HxWK-;xv)d)KdZ{tHEeM3>P6wlFe-*eCWh!B7CQ|)9Fr2 zhMqv&!(iOya+A$%B7DfhnH(J%h1)EMVL6OV#6U@tWc!yUva~en#Jj+J;&QMMVso3w z^cQjBlH}ZkahrgY5|Q-COW6Bet_{Yjh%Aj9PQ>3md#!?}91%(Mtpe2Ed3gYK1gL)? zkS9mvtB!*E`PBCcxa(_)*a(yAVdCwd5fN0z2fkI6@x?{zInI8bx1Zu6RLU-JxRvt8 zbGZ0!AwCR+u+-NooJu(=4^5wZ`I8lVPRQxnccDk%N@!O~;}yFS+Ldx@Oz}#26N}}H zx92y{W~;81Atfo$rcT?O^tpK#?OspCCB>qm5s zoU5QdfHOT*=5h*X_c`1JWPL^aIr56dRZvG`-IfDy3_wc)`Q^F_YP84BhW-GI zEFsBJQ1dVvu%!C|c({ZlM?r1YQ5RHvax(y19FUsdP^Dl6b$TW>ERvOXd@$KbMLOR5 z$Aa=m!qCy=Vync`Ga6+`h6p}|%0V2-7+$G5u5vhvm8ZN9IxHJ_p&5G<#PJ!HmS}>0 z+~FuT!=FJ%h2{`wi!g1mY8h!1U*W2I;xhPppQh(Wk-0{wAMtn$MZ@N z9;W9y^m>zaaY4BX`!q8xQ-2?OSadGPSFf26X-$IpjL<{!?xABvT2pp;#4+hHMvj{# zOd>{p0FJa~#=Wpli%4ss4;mx+(orR$rI$A`Z3(T|Wg>KA{u{W9fM}6}!I0M4*sBC| z&=)V3f)2SU0Ue{sE^Gmv*u?_oKtSXYVAJxAzrdTV1yy_+$5BnH6(;SRXUkGa+hC`f zlr7EjWbX-k&3BTrSsXMmE+Fgay`Ceo{xqfOjw%@~!5h>|_>D8AjB zUafov**D$?5!GWT2h2_65tR#%8l@@2BX5s|uv%p~b?XMeKP8R|CGxQ_*i)m15dP1Z z5Y{ky3fX(&OjLSW^!;QnIt)yD%qp^xT>9P=9azd0B7jOYVoUxjmM z>6tMn$v$}+?72}K?&FnUZ>z#BECo3$RD7O-_Mg5ojxfii>E+BZ>6l97Cge(^SQWcE z$bv>?Rg5+xsg261Sp0^RHHzbqQQa1zise%7z6t(zltdhHPk$9fQcVwk4}Ml{Kh{N?M6sey7z%r`F z6hyI^9yXnblwOrMe+u81I7TYc#%o~@6NChbC9?k;U^^&T?x=p`ct?h9B>>fQk=(@t zugP2nN642WNj8)qXhqskL;D^P%)wXK_i9-$Ie)d7fv zlv?oKtgBl4HI>{7|GMPs`UdTdK%aCMxYXT8rSwxA$l4&u&6G28mC%R!90!AtQ3p} z*%3y}61)fiXB#-_InaLIYd;^ipIhzcyLc{^0|!kMX}Kz|iYN|T1&DtdT%N}17PUQ3 z<3<*>Hc#Wm7PT)=;|z;hl&5hME9{thUShdTENW7o#?35hE}q8O7Bvk|;}#aR1yAFa z7S(%C<5pHWKigPTaXpQ5EvkT?#(CCiezvoyzIhtAw@&i2gGCj|)3~EW6~@yz-=ccq zXjtt@Gcczwc*n6vh{)ft zaFZERhB&5~O}uh4ruQF1(hN_NNPQP9lk=eNHHnHQ#N;+l;s{!F$Tr9kzP6jNsSqB- zxrWOafr>F!fCIPlO@WjqKK&uMBB#OLw3Ls8nit7q3bw+U8D;;1J@G&vO`OT9XU_i} z0{^P0iL3^;z|}a>m6aAu)!g*`(H)L-c0~B@hrp~x?1=RZ>kmg`b|m<^V`(fagB{g; zOK~JKE0Y~{eS;8YRugtK@(o0_%xcPxY+na-iCNj~$n_oX3`Y(-@_qHcf}=S*dio-| zfv08ZL8cUizNg0_I;~?yz%jzNgkq4(v7X?&MoDPPj!C}7?}3sR+7(Hd>bnQ8N@aD3 zqQP{IuihtcbPT5f`99ya&2V%w$3fctzSB|QDF~kh$AiAqpF!yrRtN#hd?UYvqfeQI zpses+tq54(vX8;B*0=IcIQnsPHv4w(fTMpf74=KL&$`1gAcT5|*L=gDhNF<I$x~JnIj1!CeuKQpK(})fumn*K z#2>Xt>bI{Dkvnjz848w=1*IoH@ZNUtHC40> zqH)k%v9L;KsC&8zd03;Zcp3^EuOC2HxfcZVa__^{= zX!0094I~dt`v~NYNs^pMKGo=iT{>XZ6zm&<6(7G8HsN|OBv(;Gi$sx0G9cnx5>cid zGNC|;NFgGNU>grvc5oDaLN;aQWfjFvgbm2dRUJUPrf9<)nn;MnWGJVj%Bu%m@hsWS zuz?+sh6gmOC!UmH&k~ADLID!WK-tXEbglpgiAWX1F2Yt+6y25hD@5aBVs3IGkvRYd zr$Ot^*`Zk}cv2XVfBhYrP==y9SjkE!0Oy1oRmlQ_H$a`p*`ryj@gz}w3F$^xffDw8 z4p4t3YN`uR0?rOclwa4Z5AY-bD~i(-Vh!X+iYk!TiN*si=QNi^@`_df4CE^R5z#rC z6a$gG9xE?7qj(Vh&K0XjKShCbKa)aeh1rd=NdD+9kb1DdBq9X}95585-CPZ`i*qH^ z{uXI$t`vh|E}K8Q$Pf7+ETs5QP8us3H4kEk@3}3SXdZ0$wu3R^H4kBj$M-X|yXK+n zFnufM;;kc#9hUEy0Y?}+B7EOs1FE@~9WlO_(Tz4&gF&pX#RUk6U`l!4(NUm8vLnH_ zXgvaru}Ckh=36)q6kj;i>AJ!kgNPYJG(e5>yAZo&eOs zMM9R{TbmfVa06g;~50RmB;r&-g63 zWU{E{5Xa>A%Fu(jJG`|2w_OBJ_K_2(G-2VKGW6Z5G z^dJ%RR-Hcr_N;7vdBkFlWF4K}wo_41m9aKerPn1-4d?|tKh3U;-4~%?_Dh}{-2Ml^ zM=~Lz;TjncaY7UH9f?gc{hBTsu9aal+c4p-M(%YooTdm75#nPR1!%+Pq)y@@PRZTf zY4M|L0yVBxY!1h2p=FYp!af$8*;0!y2a&Y6d>NP7?CUYg56|2x3BB=qQ|lW~VEv?J&DhV7 zBaywaX40}&*`LUM0qZ0!Q_5P<@gm>G+DOaVWvh_=4%S#&)+_rJVIDmUO#O0#{HwnX zOoMW@!}3b74=bGudt&wD z(5_oGFgxSTLf@d*G|@`w{K7Y|B^*lUH+>TxmZDWNR?H)Otvca2WJ`9$`X;S_qZK<6 zeEms4Yj#xg^&g{A6$M5u%AUVc|Tn#8LfZ zxV(A-V5epJUQEMkddJ?nkJ8x>eqNL2o4K@jM{_GqEk&a%9Ak%lNq~7|{jwtYE`^n` z&pFs=5%~#XlG`LMr3RxcDJ+qE04i1P z#|+JLeG}^VsKZxdIBAAwIcWxAy|dts;A=o*ZUCh3ulKO0y@v6$Pft+QpqgPSTU(i zG@85yEY~Rk8GRALA1t74F##%568d2hmivN=<0t|Un_7XSXo!TR=$UdaD8K?2KsF>| zCne$;OrCPLXQT>NHlABohNU}RoUtO|Mq5ZpRblrl zMpNyb)uzpI6SURb7dg|C(?5rOH}?y3h=WQH|pi9bT(p^MKjUvZ?h@^^eFUeXJN!)Z9uJZMo z$5W6D^6;9AYg6QkV44Tvk-}DsO|MzC4#oKpo65er9;NOoe7tO$zk$iJJ?Nu1V-7bu|$L8CgSxBV$;pXGz8{i6kRv0$O0^Q&>XN zGSh*<4XktG(C-;@BPx6GuDc|caliEuv=Vs?e5di(C|)XyY97MiYs}ZDqv>!<{~q*T z2;&1r)U5Xm$Pa}7xgTmI%1nkss1JWd_N`xqs4n7}A@Y^tm2qDV-d;DhMjWgNM~`Tz zfW{ZWberC%@||;TBEAffBOxX;6kW5(e0>dKm-#_?9BvVbEoNxKWBh8Z1pPT#F%l8@ zErN2-qs7A`{8I$^yYh%fEuG;p?u70IcHpI>pa>Z?0)Y)2@;=fnrH?`pNfZy`Yop<1 zB;f=2e2%}CK)FC*oBoY4wJ!blKc5>6-ECk3g0Os;Y~mdpAW=cM9pc z@oE!rGy$!RLsy50YW|gpNPZh0vRqvQBMU(v?O-H*YfRLn`*4gKA!~1|oo6`@^reJJ zrxtE`8Jn~^=yBsi7V zK>EQ?etsOtKYG{aV!WpGhd@LG{u~QYa~4&spF%eLZbzUxNOfFtt!C>H_N|cnUV ztr-`vB)9?|{~@8xNnVB3M9R^OR_NJYf%iU#q_Vxj)F4Q0p@l3gEyRbQU2^EETjyRl zKk6$8X{Cj7hbzpP(pq zgpHtX!>Azj4lklBm<+Eu_-nl=nT^q{2nC48aq+j14Nri$&IM2+Y(Pb+-$j5|L43;v zP|R&WB0kwpfHNRoasd=~8&C-oR|5PBFAo~CiUUR122_!HI|7sgG06q+Tjwg0NmAc| z(NAWA*xChfRabyysb?1=nSDVVQw*RwWra$U`j#J%{QH1d;-ZF7y-|R4ssHgZ!g(6R zEiRz8&{Z__3c09V z?WH*|NF830rvdn)1n7=|kUB_n3C7__r~`rQpc?nBx@$o8lR?{S;=VaFDp?VzBnK(<&eUJ@M``|nwKSqLdorkVc)cxRu=L)7MoZnLTm#w$KYc&-o5bmo(>$aMBN2D?k0_XwdJL z<__c|H?aYr4fWH@^aOpPG($1MGkrE_^ZoSv3ZPGt=9Sg9{57C$@Y5eThUnfS&HkNi z{x?87;?UJdqGyc+Xqxmk=w<6gUjp!r0}^_jA)wEc=G=R1As(pLA*5of9_ND$L}HFK zjVpF0Q~|AqOOHsv3Ysxrnu{>3%53u;_N6PI3o@M^|6a&nJRB|Ohb(8GUD#L@Eu&r!0&*%Lr6|h0P<~&^2Sdx z_@(*S5v0(|mWQ^AzaJ@d2HlpyM;hCpW&pHxK`Iv+^t&|U_u6%2FaQ%>5QoW)MTyfi z^Y@4B*1iO&r(7hbH~{I<%q`G|xZijcsADeDO@~zQ8LLrELpAda%nBHO1<+qyI8T-o zGOh}c;hOm;7D*WyQ303a;~!YV7!;+M>mIRF)DVDd7o?KSpcu`p*2b398-P(R$c>_? zQhyu5e7Opp+Lrpj5pY!0LSIIYNN8CEW4Xg7B6wm`O*89dL63V8{(Ff=kykStT5qsX zH8ite6Hp%l@l|mY&3|M7w3cRmJR2hZ0?Zrl2;>ZBlx}9B4X0@4Sg7lqFV%o*KuE4e z3N#3#oKZ&$kCQ@B)V+yHhI|9GgD$Cvjs$Oov83#3xFF-^6Q*SD%3Y7*%4iec2eAioiW7(F$Eu0j>h%hNRd>!pQ}TI?}n z&FAI&?cmc}Q>!DgjF~Uu!O>TXpjmQ+FsbE6(hR#}IdvkKCZHYe3a1%dB+ceJj4MO? zdXY2@?QnMl&DJ7m=GI|+0-YZGoM(?628GeU5J|Jc4ue@xv!^g!z)Fu6@c{C+#f2n9 zP)3la@vWv0J&D}QLkZ^NuPv$z;s~bQ)U3Q#xB&y+6C9G9NAz;H8X$MCX?DT$WaB3- zEMx(`{|35T0r=A{%PL~ww@8d%G^^YN^n0Mmy)X{DAT=z~Ys|(UnpL%?3R8Xoz_ehHZm=5F*>dw};DjfaI#2tgc(XdNr0Q?*d?k3koQ+ zI=Z#-ZoGH{ntTGrx_<&S)Weodw1e9Xz?%-p4k<$qtBMsxj?P)oF1mD8X65uK9@$ly zW$9s8AJ-TpgOSzY_-jWf-u!~T5vNCSPivQ1jviVC@(3kUU8pdryJ=SDD)a$kkQPDT zpgkwYUc$nzS`;3mnUjIetc5#FMCPyWqlhw-d^*-bBZ$cursQLvk zaO#&uKCiFdt$9g$LViRFXcINFBY3I|p@^Eel3mtC>N4@?NJ_r>go$;kgV+Ito-UDZ zHaRa#gZ0mcKppN-)B=Mrvmv_Km6Lec$e61|oJF4!K`!HdP2bxD46DJgpO`k(Mvn97 zL^9<+7(zeO1)Phth)28XO2hjUoR^9FCE`|ECxaf+f?q~au$FTNfN%ut2ieGJKcZwF z)OiHsNb(XDmX1f5k7;J7KX4B@XuXK;kL+#)EXr!9AgM^JMYlzngsAWs zuJ17(hpJE)AGe0blYeKEZ&IWw??r|4lqV}S^TIw|Yz6d<;&5(4WslL!?h!3%eIZIR z_dNu;3i=O_2y`kE*-T)GB*IvyMKrC3w#zFRn>8~8dzC!Co5^^)6Mt<4wd9H12Dppf zs8yieUYbPJc~Rpz&3qoyDdx+DZ@UtF*FQj9HfZ4#Gs)kWGhWc52VwLhq?`z2R&kcJ z(L<*}C(?p%%&?W;6#)Fl0STR#x_4;i#%#Q;iY`*V2HHM9JvtSA>Mkw(tHHLGaR#(= ze)^9Ukt6%H@Nak9`yjVL`>O=~fEFHU*!0+{_$U_sDnHcfNFiy{?`Ry|0-S-o#eRSrD%ffMTGEG(Q^i zALAn}@%L0}@tGIkI;HWE95aGyh;dfa<8J~Ui&_$ozl#0^>`j9BnPxqVgA1~rLr{YQ zzFv$P@}e9#K^H;ERo~3Q4iUuv<8OsLbpfcVrSrbl#Ze$%ltFj}JSf#S9<{|(Jm0r? zSiag4P1I-@LEp@4Q62eA79od_|HvBX9d;oS2Pq=iEfC*!Fhmj&gZ?A$M&~O(1?{p+ z=ML|p+)03SvMcpROF@(ZqC@d#DXL@oLVmCisHemJ!aXpow`&m^gHr%(K;Qxj?UMZF zEGk5%kM=^Lu$qK)AHQXUP@gm>xt>!>TlNhSf8v!WQmCp~B>Ly4ZmApvD{Rlb5_(S+~f{p%2p-G(u znjQ+xHZsKcGtxzCPzU|8dBe*uo1FO4R(BU&w-}nk_oKPP-6$VJ1?~sjm-12AN*xK^ z_ykf)oU#ChHu6^(j1`yV@1LLupZA1OGA9#+#EDrsRI=O3T+Yx*TQ zf6>G`*LSP*;UHen;+XB^#ameL!c90qvtmw>7k9^8T|3-{le?_(Wp@EE(ns(g2*h+w z?iHDX(h2IuH095`WZ3PdeO@yJ9h}#sO=gp}ioLvhXC}aEnY7)DqXwXP*>2LtrI$C< zOqz*!&1qPiwM^Q$^75p_Bt6PvaTa@cnP`$q>}5s3B(2BG*OZ!ci>YPOy|Z4E-dHv1 zWm>OEniadfOf%^sRm=9+OfY&~)iTNIHR-Za^8|Ywht*;a%M5Ev_Ht~}O`?|hEKD4T z$OHT@z;WaOR?EE3CfU8_pG1s9uWp&AFat|rj}-F=>=v6|Go2vK0P&iV2Ku&)PHs`PmonKRGnALU=zi$&T}xu$$$e zkXYv3*riEfj}(($`LWpanjaE>Q$W1tQ-!eRGWsn>6AhdLNz{5G4rOBXLFB!b&Awwv zED=$jFuf-Em=6P(Vm`u<+00L>j7b`n*Cc(>B;5{ifE7nrIuj#Z9b}nwL6g^{7rjlo zip9$wNIpDp)@(dM$n=_Y3y)=f!=|#=z>y2fOo!>^8&piXi3O)mza|g5zQ?3XbdY3t zm~_pI#lBwiYogH=ITl;t0U2gz_LvSDyjf`fyWu^OWeg_kBu0?0W!{0AVv;wS0wy|U z5fc+9kvDmyn8~nPYsYw%2AexDomM0lU|v@6eg; z0mo@RtPz+!nDZU@dQH+lO;T(i3d#=Z9u*|%D3)n9Bm~WYOU0W!8g~%|;+vW{)M51>})pwu9Yb(`&v) z{CxoNn)fY*br_>JF`8&NTGWI@(UPEfKNDqB@}A0OI{L2^CR%Kwx1rAM1prgbQ4Hw; z{>T%!KB3d&;k5A;nVJOq6A?7bJS+8I;V{%2mY)1%eqEEE{GKMB11sS44W9g-CZ3Pm zZhlV_ZhB9X==?rrepPGrGICe7cH)_w-dq<24S7K8R3AeOk8DJ343{Urnst)V)vRv_ z{TQweDoAJ0%m8#XYdE8;Tb?44UEPYuGr2AzUeK7)&j+BZTaPokhSiACHLM@@hUd`1<0p!OW(=~hAmyNITE8&5mh~K?Ygq>gJ#pkX zQIO4`i~w{ks|sA6{1oc~qf@Nk2|Z~b(9Ib=A^@FYb!K#JtMnt3)Y?{EJd^k0I*@`k zjD8{jUE7+&=sH#&qw82h2_19+No~vM0|Dqd))q$BwdOFouCouv-kn0!X zZ1o*D$1!KshIS4}vH?idn}8Oap8RyH^kd{sx6<$&I$``2QLva93tdLLL8M!)n5B`` zomm=Lcj1{Fz8PUHWtN8>76@!)O=WarYcZo6TN?>|&tjn0FnUh_8dOGSSo;~BVSP&I zKDec^U_GP12|#C9A2B-9`iaq*R`}yU55p{?U<0FL)BNS0X=!kI@|##SfTCv}p$}dG zdNZTjIcRn}R>$&+qML#7g4Nv+CNllM>;(2X;3 zWxBrrI$HO`<;m}49b$AR>ms2`Q5VpI(eDJHJ6YQpop1fY=zOaT_O_DiQy0*S(LV>E z^R4rYF0kqY<;gFwIuLr^aiCW)x^g3bObV9W=Wb zn#n9(tj)~Q#d;ghp+oN;CJMe}&^(6)=q}bcMt8N&F}kbuD+Q2#00CTP^veP0uGVTs zce7$vQRKT>b?{8?HUsGU7=0lC-OW0}=0>Qo zo<7!dcqTs?4xUFjm@*l59yn3!WBtJ_eXS$R($~67!8C0FmRQNB)LT0|h*e*!4qTr6 zewKKOQqs?g!!tSYalo&z%t-<0epY`*_qWm*-QOy}GhtFMpqog(7~|;xczyWO@HX=^SKL$1}MZWy?%P_YFV~vRX5Gu+@^$gRKF0CQPPu zW=MWH;-LWeU~3Y?hgj1YKE!&Q;Ez!{vlV<-0DOq`G{c8lFEM&r#q81FZB)mNN!>wds>Diiid{{>-z%gtZ;!t2p zSCIT^9l|tZo)OkC<{4ov;BY8f5sGKN%VQ6cBdn3kGt%0~JR_~6#IuhEn+A$!Uojp> z$rx!p#f+n@@0oFw6}lFT_fTL$F@EbXBL1VSQw$$%B?IQkA8q9j{Bg?R8VX*%slRTF zwhXvD`D3iU3?F07Ao!?@fLBuRd!Erj3^{^bSxx!tl#LeoXQy+=bkE8Nc4q zp6I-^M21LceiTPymPmd{WiZh=c?n~22DEd&@}5oJv@FGZBDpu#NIE~tuO6)_MzUk{ z2J)fv$ryT282j81S#%te-}BOggnsUdU~=%oJ;7Z;#?X`4|8&_o!ipXzy+kMe3Rsv9 zh+W(#jlh2`h91Pwgvex32~*^+y+kJNJ}$QkeS10NR3jNfPvW}QWmlmyJxzM)N&Kr^ zex~<*EE4BbD~I*Ky?4R-$yPzgVj*$|KoTvr^E*9dgt-m&am_KgwoD>jl_Ove)>o8O z_`VO2lxp6|Z;_O>j_+CWtr4odLcTpiOR?;}Uy*Ok(D$%<7_9eoe1oFkTg$o^J8Z#v zq2rrOzO}=?zzS!uKEm;BK)!XtEGQ|#`UJbrXiwz*HMsZQA2UP zXt4gE!?1;X)1!v7@MVtgZt`su{o!kbU19rr&HbqTNc?&-mHk8#&7A2y;S_uA=ZyzR ziGKyteXmL188vTaQ;wa5)oaGkvW1?*Q+aH+V95cqb+36ZCazwy*;x=1n0SC!80k|l zCVl+FVw%^y@&!Da!^3OR_3|cNU2d_j*Q8IVS!Np)jMt>^?^*1VORw$m|P>zOu{tS>Tc%0@~Zd0@SO%^C2)f**F8ye8SrQvjy0 z)oXqRZ}Td1ez=)9$-`pPYtpBoO;2+QJ@^G!!(qh=Cw%et*9CYau*Y0Z|3ykJ-R^HO z4T~5rlB6Cmy=H^CAa-O)7q*c1?5$)f`wkRBiuvdR1SHd(!cvq6-D7FewV@V{u~JOl zq%5IZHnHLZnwP)0W70Q*Eb}RjNnfp}sI zoK1MIzAnG}UKi&>m48py|LK<4g?knKO3)31`&6xHOladRf$k9^hxV7SfwdiA?Hw3l zcTd7~63D)=OVgxy0mGMwB}t!U;Tlmq=g=o+@vFloh5sXbLzus4gu;G=_>^vi7np2p zJr`RMzAiS0_S~?kR~MdI3m6>spyFW@hk$Z94A1z#g*_g=A6x_AW7>oZk6 z{b8>P#Kw$#U5E#5%wRWuqP6{5XsVi_lk?EoPm!f*3q&jG89EV1$>6S`-1(tv@G=hE z>9mug73D^?!24UlxKtvhI`*Rxq3Wj*$lZ1zrQJZ9A`tgF(|GzK7Qnb{0hb6>m9>?y zLJ=c&;chXTxuMIv1I#@PWI1n5l^W2tE#Hb-YCtDtQITFK%P2W^q!-F6%56t_p{(mf zI^rM_`LK+luL^5L<3;rxgj>@NH_8q7o4`niX6#03ydcXfAtOZXGJfjHZQ%1@g83(IlKE88Bdy@KrDx z9zh>VGNM2JN{AwG+-J*~?8?~<-{RNN6HZ-6&+#aSz6YgMe!zeUxO+R2wlcJ$?B3DK zD#X*r8uX&qX5$Op2VNH9Q!tLP1Mny4DtuW`n3JFtNYG#Rssv$B;h$XHDfhoAshu*m zSV`@aNySQPr>tj}l!*BR;heF!L-X}^5^!uVDjg7 zi*#82QrHVzWLwQ&b*Xv|FvRU>R@Q#X>` z+mzg5U;<(qG8(%~ex?djh$WRnZjogS|eN4H_YhJ2afc)Z2{;^0#o-K`Lhk z?R-MeRNT?$sY{`Q7w%~ya=NFwa_5Vf-Vkzjx+=MRH?ns)vS?Y9i6vUr`_ikj)^1tv z%Q)q>Th{xss#9LI>pv$%Jo=DBb_o8Qs|jDOLq3&cQMxNC&RF_{B{he%xdpCb{%NhsB;v_S_LreLlCwwI%eBOrl-@A#rViJ6pL6 zMf6(eUw=|GY>6md{>jzV+9SV?E>+}!zGfHqH9bSG0_qv4ReT=(AhM+&?6vJ0or}7B z1<`zcs){Duw$P~%irCc?bf%A`_koZ4QX2POQF%V9=BU}dqw*5t>EIxQqw~6n&TBca z&)72k74I4N7VErfXTKuE+wh%ZW2?B~pLDRA)6tdPBSaS)SIfouI{dB8&3D?I%Eib9 zPMgEH)*M1^Pf>~O;|iGpAzbE^SocG6Mm4N)(Jp)F+3UEDc%dGz5s>UeMNU2AZa#ZtQ*}e z@a3BD3I~XBnLbb(YvcS4>r>#+6wpKeDwD6q33G@7Ht9y?)jR-qIy2=ohrTz~K0NhVd@7?*xQCOeS80L&TE&(tqJ1^L)I&Wrv>ahF%H2AuIzSU0}iaqBebi zCkK@JHr`)89pTI6lU9dfH3Bo9<;O5RBLC)t=(XDz}MJ&OA|B^HxAnt z7St6alt9%&>|p6NDi8qOMb%;KtfQQ{BIfFA_yUYA7j=(+a`kUuW^I#jO35tL!xYm9 zr5P9M<&?WnRFA+&^NcOTUzhR=5V?I{JCV!AC&wTy-jT9#E7l(R=&`mG+rOv%%!k&8 z4tN%1^t2_nccb?re7TDx^4~k)0iH=(>}rtgPB&jf{kQ>(kN0Tds!JY$5$P=?yn4)D z+)8DO_qVdEVCCM4#sX(VqA+)aWMrLKl1!rawRU!}U5_Q~W4 zEmU)gF5R3MSN~h{?3!Tx6OKG z)mi4MK4`O^sodE-ktzGEUd9Pl^`_72Db$nk z2%kQ3KseS#sW(zgm?hAMM(Y4_eWJ=Ne{F99U#_Hkx&KCQM4#b2ZsYtlXasO>Z*>4*w}_{u6#g|`5*fFiB(nS-cuF8#4P2^R|POB&hCwyx9f(f_5ycuRC)x4jSG;g z-Gad#K@AL!b!grandqs!5M)u80$#RL7v;K2G5v2zs0rT?mQge!!^+Wj*Ae4*THdCCw)SuBP!qaIvC9_WuMLs#Wf7g6 zg39iNJq;T-(k-Zdz;U5k-SOy>U1tmvmqHzgPXQipMMRrn}3ZbJN1NNu8R95(vrcdC@>2S35 z+FO9V4d0VC7IEaCTy1o>u_3l*AJY->e8$H4m8Lx4xTW|9NhnQfQ1mNJ%8kTMfsnSg z5WmtyA4B7Ai4yC6V2Y~;9lmmvCY4~n(xlverHMZ5L}iIHlS#CSNTX>qeb?V7pBabo7t&m~bUO+QvCXlWo0d^K8y~d$z3?t)0!&ZHm5Lv|@JrZH%9K z(X!d`ud>gBn1Gj#-Yi5O0@8ZH;Fk6+P?De`mSQk_x-Mqm+0~9;4L5#E;2XlcXklI8 zpcaO8P3qrYK}P1-9R8a64nUldv1rXs|4w44e~+e*)cpm=vGFP=Cc7b3>-o2w08V{v z&Q1USu-HJKpi_$trT>F`OoJ$`6%4<+LxYWor7(Vu(8UNm2iY+g<;Gwdd_$NQYDE?t zRGFjuK&@B-N0g2C&u#a>Hy~ziv!*Zo1vcxLQ^=@Y<5Yrsy1|9?;*9#osndR$Tx{yJ zU*p;pa>3Pr(2Pk`+JEMx3gWvECYRu?H& z`RF4k_MBJC;e+-OYE^~KP)RGTl7)OOLavG4xD?bDQq>hw1->Qn8Ou#m%ALQe@>%6~ zPfRLNx!MDqV2hw-X!^<3BjD>cv%kw)9&WFXh{Ddu-4#F^h0!?ukB+$sjripUC9|Do zGvx=hBD*Y=4AF(Nfq#kc>2E2#`~ba`sJoWWRs>3ocx;&2) zp1*7C!xJY8>&@T2yQ?CQJ^!^Z!~8AHl_4d}=h^byo4-|Y^!zP%xj7=P;EWKHp(I|Z z_B#4=pmL+xASYjU{-!^35ANt03wxp?0BkA|-l+J#E8=!^1g@yh1_|-ZAX!lZv_~rT z2%5i_GxqA5-$;w7ddP^#+>D;H^Q>i58WV%Nb0I55nu66u;MSj)OmZ z;m6~9Ij`yQu}?m9ImeevuaC@aN$;{^DA}U-lIfM9utQO65ehLwp=6# z3mU8mKlRm;#v*L6?sg%L4V2EiNf&k)xOp8HeZWY51`s%!Ey8(Sd7jS};k>y#@5=2U z`VAv7pX)X+xm>#JcJV*vV!y9+WN00mpo14!3A>HdZ{&Io=R*X}>!!5h1|c$5+=&%8 zkYg0TH<*12D%Zo)Y9SZ557<9J?V_+WtkB0Ois)4g8~?>V1pgH-g;9jN891&I3iwq2 z?h+=ef;idEapmMXcq%I%uR#t8=0SrVCQ8&zIN;huf55pA2%-4Ak#sBbVZlP{BreD) zUh&ZE#|=s?h(!EPFXP3&17sa}Te*t)szK3JTkgih;BMuJ7_^m>r+O<#$l$GXJ?aPET*Vifj!^ z@l~X3w))}##qfhK4&=#;1GJJv74SmREX+~sNV<@dus0LSZwNLIOMUeOt?{6^zPN-* zkLLgp!*jrB5xC1JOWAelN&!wP5kw@Csf+Pf>;EAA=>b_~=xF>giV}LWykdeKR*ETN zBPlP;cV6X`7TF8X$kJ!Q>qDo=xz_V~9?R-7lx=etqNIR_-_da7W~INW*1uKi4_b~- z1w}4Gi@A?>7QyaQ*H&mLO6z|SPyb*%MQQNHkDnkMZxsE?Z(J%i)`Vy+Q`3tu@a<WPXcQkB&19p%D7OVown)kHc4)bfrTe~YSw9;| zAwqvPs<`XhjI0qtJOGwiN|4vCMu5r#x-4vek$)WRZ#k&E0PxnrvnqOP;aQF7x5%eI zJKaOjK)8bL7$J=QQ01uaemdbL~J*%QzX3Iryg;|Z{X&$1MmvJ#viSQcT zQW8OBqkqw?uF58Pu&X_dh2S9|`YES+)8$z<7tJ8H~6@Me$ zQt}>9rqiNauX^=lFQZmif5|nwT#trsa0acv z@(`Svq;z=WXGVXw>tOsmFV`!wt6=>#1uSy>Y;X_KDQq>3Jr;)b zeSs*`0K5?I{^C_o7gX-g`cfs~2GkX%q5;h-E$bwYqd@YqC8pD+$yLy9@V1v0 z;5GAb;K`Y8jFT@#NhCF8ds$*Q(s{~=Hrn86pgPQpS+_k-$gA)$Z$NSY6h^pt584w^XA@**owr)e46wD}Ril!@$Yb z{hm?Y-91o1Ao@L{wmg@1;Jk@Emv%%SGs?)_1$LR!I^y0}NE)onZ7BEMY9ckK*CZIYj1MT)2$wIr0dj{L%;mCPR;XSVvfvVdsFPsTimRho` z3%Og?olQ0`+1Zj?k$7~r^rm$nU&)Tsw!9BXx+Nz|&i*QeQMF;zB|thTMsJH4|Db9J zAzSrPNn=iNJ4lw74X_}{*@CfIu{Y6r?*Y4>DR{Pv9Z*G%5;DdVJD{07g%yi1bBzSU zx4mSQdR8oPtq7U0MkSs9Tv{Q6AFv{CHl}{X?u`mxfSo-{&eo%XRgZk8md+RzW!rW$1kaFg&M$da_6H-dEsaw*ni|`)Xrr^S^uF%|LMP+xH`$4uBx@ zF&ucdm>b;tp5op|nzr3;iRY1SRd#s2?^RG8mVw?k8YkTQ(k`M~d2wx`b#FkKPym7@AH!CEHs#O@nN1IyZBd3)_40Thj}dkCNHH1g#a2RZhOUI()GMKQfo|SU zS&*znY=j8eyKzfPR6VK_tcSNl|2xR(JX)&sMwLsT7PASTW(--i`^=gBX1RxSITy|SIRcKSIX8?gk$-0LX3b| za~2NV3AVMstJ8b+>MzQSPv<*2GfDplYy~zV9jL7H9I^*gheeM}fs9nh{TwG< z6yDodTmzMjUJpfbXdEr#r}|Rd>pcm-A?i|kI5HdIfFZTsje;$Wjfxas!DNYGOJk$X z_taezN%&M-;NKw(ac!imiyZC9F~Ra2RsoxnNEKo%)j91d5~|b_VhNq>3C6>a|BCu} zhUlmdsTzi-(XJwmRzC2eKG7qB3Z?}+tP~clCgrebGpA@9)kb5B2A(1J%C@l-Wu=c% zG#6Ce1gyfDwCorpeAOZ|KC4SZ`Ob?}*gYZ7y7~7b-Z-A3_pIYy^n@SCnAxw-SPsib|dYrZ1Ec6(>E0Cuu@b*ZDdn5WOEAF zmKY<%cAUI$w=C68U8<{~26-SC?GTZp=WKP`Y7WlP>YlSRWUJ!^GaBkzJC+6+Ze*Kr z%~$XFA^q$O8?_%4#a`m3pF})P}I%6M*2!*i%gR72p+q6 z0_h)j$%^&H_hq0uECUUqJ5H!+#{V=5k2r*3k04uCd?Tv@RWx;lj0^bj9dZsTyf+v8 z25L~F!JS(>Aa`w;+)9tSa_a=iT?e`NTVXLTOz!QVhRBV36=T9kP*c0e@?qJy} z2G(+QhIx{KA<|xi(0IS6RyRN5P3bUu-MWmkIX|h@0$}$vsEre5yHlOf-=2? zoVg0`^?-Lk4feKlR9iDymJ+NRUedrg2U%w9FJqA4Mlnb#FE* zV|<|p`9?uhma@egU#7XX%yGw;KG<(2s3o1Z-+YSW)U*09S$PCes@Hulsmi)?Pla*u91;k z)G6-bMx5P?K*}(eyRnYncTk8Oon^c8Hni2pqmZ_EY_z-d{=YWby@B9%`Q?{*^bCT`pK;)JSxv4}5MxJ}s}`+OGD%b6 zQA@;5L>pChq-ify2GwC17{1PuEE@voa8yZuV5AqR+ii)5zy;z%q$_v44K8FKa&p~Atl}LIv^{~WYq-&HF-fs01P#xxl z)yr{0R^#1v8xTVCAHqY3io;~+RbS!$b6mMV^?v*`mZ zQR-!*BsF^SNbD87*}T*aNigx8$!WZAx71F_L01Fc#a;QOcDea^v76T;cJzuX02|Ku zdoa}0QRX8MqpB-wa`Ebl0!5ZXjy$-CA2Rab2|qa`sH@QOLIB2{=*VX_!@V`&-ttP1 z=iXtg2kxay4X%4hIlDLhJ|R}%q)I#KUfhhM>}xbdxtFqof~6EF4sq|dor2u^KETNo zG!1nxg?~fbOQG`+_sUqh=Uy2w_S~yt@7ldm0Nk7238Lba`6Z?G7=iAE`T91W`Nj-@ z&g9B6-lRcstvllnuYsJavhsA+Qc$_qxPkHbUvOchlfrq`_%CqW>nNPe&G9%W(qFn7 zL#~sc8fBbVRig|sb2VmDHQt75Y_9Zp)tEh1^%BzKRwF5=YK$KOo-&HZo6W|7hvy&C zCnxQRDJn+IHzLMPRCm5(b=wog`>L(HWVptW?O7vrz5b`TDtic-Pu-w%8iGzgJPo;7Y^xc-4RRH zV_7qRlPN|T+Sw@D8`9Zgu#OAqY(xki%Vd1m>ufUL8_T2sbhfx%(7zvQtEeJ)9p*hy zxx=`z?D$7!<0@DySyZpXWIm=kOlveUF0%oOEVHZ@jC&!M5YS=N(o){ML?y=jPvhP; z+)9?d11+UO4GLXrN->aYNpvnQ3^`Xaa$139Gma@GJ(0ba> zRC?%Pm)9Blf8Q*daNv7{2f%4QfCD?6E;AUXaS)j#a`H4w%tE?KDfG6D&w}bOFC1Nf z6L$0$DADj6tq zqn<0lc1u22f*@$I$NuPUym*?VlHY_jrP{00GZ4nTg&v4;`yAOreJ(ok=a<0Q0-Qg! zkhSb_CeBiv^pvX0N#Z2u5#sCv&d;SO(g|0Gx2ct~d^tiEy$;;Y(=zN1$@Uc4HWE zKaLmTH&ELvthW!VJX>MiXe_N+eQ!slZ5+)T2^l;&8pVNZ9=MhuSX5id@dk%GAP4OX z5w3JA*}VlW?ka=~K~BpY>25ST{uo7jgZ0wXAekFPCCfk$U&=@1r$JO5Nmx&aF+^xe zQ3{Hw$1Yfb5PG914x!W2BJo#7V&C6f>bg_w`a#?FubCp_O4xr*g>B9p{BLCwiGNlcE`{v)60$hFzOSLWo5j7=ET@txIE{3(hc6PpSZ;s*i_1mM~A1+ zFi4HPh&O@xmPN+s7=N1=n@O0dV6ndvWK$4C#AQ##4gX-jc8kP%+sdn;a#y45@Yp(c zuye>tmhto(JVhI~^-(;>_yl4)O8D#2T&!R_fvWw0orbKU>BXYU(~C!!9}9{uXFP%$ z845Yol=K8GeSD~Nj3_Y^aOWYYNjJ-4Mk|*XMehV-skQLj;`>N8Q(9_p>;QypSw*x` zC^ZT3FEDn`lH&GgartwD3g%tEdCRUS!{YAso44&^*Kdy4`ua_q^lT}%P?adQI|g*$ z2X>rno(N1#2-F1DmdJ;>Iut&Y+ z&AXL-rDSwl-CkSSmm<&e9;HCsC@nyMce*|^iO=16t}#2_Y+?| zd7dMsf9m7M*16vKfw510eD5&TyNFwgaqtABU%yF~$XgJ80cy}Vh(6x~*z2Hf3d08G z6~{h^PS*g`2!+M2T9xHtQ2$5pda9Llt}eMcC-Bc7XaQ5LbQ!D0Uj7>1bM2dMsb|wgK<-&rZsNl*2svgO z99V8w$ilVj0#WjbN2433t+5rYBo~`74Oa=;BFF561G^=OT}6c2Dx1t&k zs>5v1S7=;B*m?m-yYcmptS;Y!$-;EdJ?5%>M3BPMF;}xW=>BmPG|c>NxG;JGj17mJ zMf@BW5nc_TF5-G&#JLRe0j1n)H`hUBXX(iMHFVu}YKiI9SBs}$O=#qOVoFHlePXtb zyeF3zVgMM{w2>>-yL7K9A~94b3aPVR8F}x@k$04f=%`Weui%rF=TDSL1g^+wGe;d*JkAjZ|xVkKzZWM z7SzPBYD@VF3PCmN;J~_ak%h5WMo-_a4S|`&*8E*l*7BF7aC;V3ySm?x;w6y z{9jQ^@)qyjGj9DH;gE%RlakWnwTL88*_y_xMZ_gNh_}sxdakate3>p(Z%}y+M%l%} zz|eDFsUhXPH$ByfTug!J-H&PftDmVq|84JX_t+aUy7c@h2?F|24!LFJ-RcCiqw zTQnIx#E@MlayS*O1&Ve(LpsST+9(L%qU}Q0af?R3c~8*?JjWG}x4}OO9vwYoW(qyZ znA_3NFyc`+jHn*{#9J;---bt&Az@FLEx&`xm8))n7IEu4qPs7~y>AMett+<`sKHpC zQKGvU6)(4^VJRQyxUSUANSC)yV@AL46r!}?GW+1b)kL93@8z7CBy#KqOUytzLMin6 z(L7Kc=BIIJG_))O#axdA3-h6Ah)hE5u<_r4NLwly^|jF_L3NmoWaJ@8dJYuxA`UF$ zLl`6y33dCorYQLg9wtySQnZXjP#tE2jQEA9pkM09O7$veFfck6$`!s2->e^OJMqp`|$}W;<7yl|dCmsD}|s z8;rD{lHpa*BcM9WMl!ac|4jwOd;$lqpp#U|iG(VJKPA|Vw2hMCRnRM-I?M(caj&;U zd=HfMwTll=#mqBDmM&@OEQy;$(cRg_S~A4Xg3uT*+F;d4;QO|Uhr;Ae_R0`$peic~-puYzj=s^a#-AkB*0cqN{? zaO08gpSK3x1ggU#AooF>klZ?v0aS4`|J7LfuV@wL z6rVSe`~)bsitYH}PCN9Q{1}&x`ifa*h`iR)=iaDtGpNPtYbXu#6^Fq^HyrlQeUJ44 zxXf-ia2YAy8#Jnr$m%H91f)4ip*O0`0M%iB8WH})g^Q;_F_+_@D?(%vs>69x96-8R z71kS7j)Lki8_9SdPX7cH^D7**(?ueoUe3mUbuPzETuO#Fs+0uPVK#Ema_oWIg3`W* ztdKUSDf$>idqCxt0cHPZjF)b74RC1e>8Ls~GP7c0FW=Kqx6A??M|~;2c7xXmA?}D^ z-=ZkKtBVGPHhYx~*p%@nmfpYYdp0U?p)L<4n88kDr%5gvU0khUh&v7<k|2^{FbQmD8={FsR&0D7#pA^1s{0 z0)RPSNo_-fw}eefkL!W(mJl6T@En$+iHETzRA6sRFjuKDfnuU^OlY4)mhzY|4z5W9 z!c=_T1lSBz?HW{x^o-%JOhI4{OpHSn^#H0(73qlG+O0*wyi{^-8@{ij_^p}h262Qc zzKKeu_y0p$Z0SV^6X z#kQ4=6fsFm`Ejdp!AD`e5~qS1Tw>fw4r7{wI#OXPXt^C+tb5TR{uX%ur%F=)OpTif zoGg4^L?sy~ldpO9=Xh?o8+a!v-XWUzpys_NB28jxMS)wK?}@lc#oR>39N733 zkOLLJ7rMDr+{U;ek76~j2JJy%@7KDTfErwOY4a0Sin1}b^mvN+TO}GyruxB^#(NPr z>ISY$X|l|o-u|JoFoVwkb_S@QhG7@DSl5pUcMKO|6{zMbIPgHe2vt{?fYEa=Z6U>LBvOxVl zRTgf5mOUyIOO=VMKqKsO6bFZ%Hhv|(onn!fl*ZWlMV@%&#|0s#Lyox^2QDH-&w?gT zQnKNgDRv|MRGHvSo(Dm7n4c!T@fe^_fMR}z0}C5NF3Kd-YuhdHFVZ7nG9uSP2D6cj zf8e_WP|Q>uSO!HoMIxa#eQb$VNMBGgyvefzs1CD1Mxl|1SlIm_&A>N2oY#ej8M-uUfE@27vgn=s>Y* zmEmpJDy~!Oa#{}S)v~*z4vFa(G71v+@ z-Uur`uPYZ<9(pR!tejq`;4aGCmn+0gfY)9GVy5ErB8VS@dcz1}z;&exAqHG;su-e3 z=!3TR4cN`d^{PHkzynP_K{JjiDtiLC?CO}J+A@wvsxDN)n?wOm$2W_Zvwo(-UpR;a z|GPpoMuyqm6-c-JdM&myasANR6y1;(;G0Egk#OW4JpYJa=A$@p!y-P>nIMZ%>$8x~ z!#9gSB7w%uW%y<8!-3(R-OGdQUS9npiuQIU)`y_=eWYjc%_8Qkb#&N<1M1}u?9%d& zqh2DOSGAB7$qfy6J>Fl6ev6FTzY?Mv9jekE(VCc zLcEX69Vv2P>Z&E4arM(}v^<0ELo@gX)Se1^kH$JLsB&rSd;QUVK|PZ!+gi#nU zNEpFiyJU*$$Ujj*dIbjX$0*7K)nR@Twi#NQfns)Yg;8uRNEpEl+*&XK=~gAon=rM%bEOF+bOHYn!PIB+r3I1WUp8LwMn7t+U+3|#C{2JHvcVK$Pn2`iXmpqS@yU>Q_< zK?V_gVh>CBH{vR^66U$81gH-4ldvnja4QTbW?dXu7zN~lgb{ol{`tBy($C6ESM}DG zbpzF5ei9bf4OfOhF~{M+!YIlWB#hvL@hs1Bq^~Jqo~zb_>M%bE+u8%qJ%D2F!-0jR z!ZMLasG*ZB@fFf}N`~jEi=aBp1{ra0wZaW`n+$QE!g(#f2B_TfWz@=Rkvlm8gH7Oo z>DU+pm7#cR>q2*NdF6wKH0t#MIQ{BjyvJ0by=~q?pyh&Tu8~5l7$70k4!GI`Zxd0f-&+WA7S#L7N$fnhg+4}6otHvNMYrJ(5v5v{RiU^x z8x=<*#nF;>Af?*H%X>4swxsv3muj!#aM&cIAG!rE{8dceVyqL?1YHRF3!r!fx=ES> zTM~{Vjxq{J^9dZd0-Nbj)12gX6lzKwfUMu~Zz!9Q?n#uz!6?EXqi8><4vWB=b`nl# zO`Gu1T(o~WIfnzwr6oyFD**${J7tj+7)B|vqUpITYHS!n;Dn00YrVHCFt z5=QVL_u_vIkq%bEye8WXREPOV*dmm804U~g9CV3ABB2HdODse>UzO5pvdckrn2nlj zgT{DT1(e=pr8ny8%KZ^kZnD%6)CO~qaK1MxWiWxCKpr5RpN+s@4QXATBjVo8!uo#; zmIg{%y7p~4s9GADBu5mSXkUWl%@^r$Z)4g}d|q?z3qIMLXBBJCvx1uQaYQ|)0r_o$ zEQP0cWih=h%bDk^K!u>GAg&^s)7wC;RlF^=&A)-_pZ%jHXj>m-d{=4w04uQ$x)B9UD!%0~GVH_EdC*c4DtD6BWG)poJ&xR$VKnh-aGYIeeb8#HA#q<cCy)%TQGnRaK!9l+bS> z)E}FJm(!L|ow5dg@Y~1B4pVh@??ZgmXS8r$@@EBj*pM@-v)NxyoR zyW{_h{C)n$A@cY8GhO*{XVEMlfV5Lehu4HhfXYqSZI;oIEitmhS380?ODZ&CEvm%t z0L@!v!eGKK5G8h$BoSyNIPHzoa`H5f=jRgp1B9fCsS~+n4Mw&0klS9#jn#4^b}G5V z>~6uOAX>5fUJ4dH2+sH8q>ns{db*s1aV;WoK^DnVZ4n`*MRUlaLde~#M%b|@jV{KC<2Pv%N0gZqaa}f zf2NitrXW3~gn2{vY)~EMCt(eT?W0jkK4Ava#h^(wN! zl}pTSMM^`RVYcsf&EPPr8PXg9v6@H88v9w7oADO&r_fQn1=Xf5l5DTgGktb zx#KqcGRNV-5ATpwo+J)VJ#1Dbs*LkJY~DgAXubu&nF$0EL(xFv+TuqZ? zZDGaycCc`V^`RYi0Tu1oDd05M8Nz9fNGL+7KBAMeIA~i$XA<*9LtMQ=`Uk#Q1QK!M z9uuN0Chq>qd1+d26;OG+>LJHcRN+a0(_6yTEfv~Z0QLi#*H^w#w3Y9)iA_Hq_5+fMeJFV=`a@uk?>eEA&%mgc?Jg- zN&DBJ;fJ_33`cW+9bpo+UGet*4yX?ElYNt5Um_@GI~zxHGXHo?wWT zNY~+;MQD+b4ZfH0%iN2D<`bO>l8n&(aipj4%_5LU_#0*U8o$iHaL{FuUA%@_neKiO zoe96AKki1^gG-h8W)Vl$k2r{gCv7YSK{K;(&;o+&B!$dpQrBS#KiH+Lo85L(sAz!#k$#vU2qi$FE zPr3PQ)b?Pb?pi|ixzQgnAL>siqY@O}D0;~?>P6Hi2DIdiXiD?dyQ{j3ltIM5!XI%0 z$SR6|qvkKSUlmI7=PLf3lC94-qZ6+ty;y=b$`Rnax0;=fYIUua|*S@_nwVMqS zMM^``G}#}~1Ts&UvgG(fPyQH1$AdLlg&$7{97}|R$^IH-vQ>C|0_&XYZz6Rbo)G&q z#&LU!za$NGR^cBLYV;j~{n1pHFlk~eTQ$v}lz@I^6<(Tf_vRWx?1HA)*S<%CneC51 zl0w2SP7v8&A}cm<2s#)0dY~e6}3RzgUpq{XY z`%|e^*Da_o>=Ewo2Eu;C{oPR5Bi-MPggr|Be#%&2kV8kKSHVdbHOU)wKf(V$LEjuh z`l^j?YDYnJ$R3K)I6v@@6%(C5_{ZXjjt}|tjG0r4f6ScdRNx>`+wfRbgw2UZ@ei9 zs>5tF3AFEkZ5SwKbsSg*#mYq@p~@p7-5zOfn2b9?b(jq@T5P!uQKs=F`haMT!hyw5 zU^{3GB#x$6OtA!MjWBtuL3Nm)Z2G)Fh%KO)yK!J)6ye7I*yD5#8pauW~Z)e$^FTNW%O1jkd@YJ%fce9v35RELNr ze~hB}pgJT2L!FbyX&=$_5fa|VZ>#}9Y{EgiMI;i(O2~U3=|LsWi{gI@szYqF7EHO4 z3^`r=rT+mTQ(+fq-OiiHrT@I|1%K1VFy#c{+xkn_K~B+iX{(37ISl_C;cxbr?SY(c z|B?9ZTK*sxKN9k(+lK``@k4X8pBKVX15mSIXbxj(8(Vah- z?_7Ra30(tQzsG={?y*w!|$$zVq*FmH#B6$gz|G>FG$!nqI{TnK;zm%8YuR={7 z^Qe@U;BO}7VLpAG>wEs=Y$E_U7{?ed^mbWkAxBDU*B4^>R5`R+TTNKCNbt~bw`Xc%uXNdF7zjSxpg4{f-H-cH=_(4InI0Ew zb^u_OOPDtKm4*4|12V`TG`79cH67#nC6Q{UaH7x-!Tp zkw~a{^(`?HX~QrX6G3&Djn)+PAp>iQc_5mrabQ#E!f4Q%f;dXAFvOckUkKYT9s|{3 zewy^kQ=O0WMO*=OgsSsy+PNj)4XSg**h=y`W27%#jkhA@w+e*tMbrl}OYy^1{4t8| z2<7iD`G@&9I6!_)$szp@`XYt_dF_&Hb6)WDrBHsQ|3Q~OFEH;jW^W+J>)hB?OR#5n z$fx#&DBn9|-yOb)6Oi=xPg4GMJzh_GkE}(^AGTHlsUQMY&1#0iJSHtwhszA7- zgFi;mzTg7Ul}xs_y)Q#nSguIV zNSREvQN?FJ3~jxY4fA!GR=75(^_DcDimxj9h{HD=7^&iG?8YEON)3{j>a*Vf?@!;! zQlWwK$0)iKDp9qMR9`Zc0ZVonX-V~El0a&4DV<4Pd7mBkJ~mHEUV)ZZ0IHr8bbBlB z$>R=M-pBv80(nw?d0$IuFy43YSrJ@RF{sD3$8yRp=Zl;M(YZ=tYprmlt5B{0`vE-T_ zJdCI>l7GLmN>l;oit|!lyy^OPPOv;0FQkFrS=CKLc4o@psq!wNHk)CQtI8vnopd4zewuv+Ak7A}61(f?U-Nds_RL6?q3FT|X;b zRZ)k;K5^yC$>-y-(pAT#?-3FkD_wQWYD$%16&_ZuI_0`*l62L_mYRIN9UIF7!e>^6 zzp-mZjA)!R>Wt;c0Pi1Tv-7nx-w$zSV>0$NEAnrc_01V+Y*}sWBOfYfgc|#rXRNHo z1I27RSlqV5#cewhWLu`T?e$>W?usSbwpkI2VZ}0Kn>X|y3bu_Zdf#!ZY`0ly*)d$v zfnOfS7_-f)Lw}^etBzAt@f)lX--2_)=d!HWk*S80d`gv7u5@>elQqA=szP@kScTii zWeaWS#$ZEJwvgcER*4o6vH7$V{I{M{7KaL+sRS>#YRPGT+PE4#$vo#eakH%8wLyL1 zcr|ynT@j*r4ryL&Mec@6@EQd7HO_qB-Li0blU~?5!_~<^4dlAP;JWN!KSqM zZ3ynRIUfB4beb!0;KlDJ86k^bGHAgEmUsiHPc5eF>Z*MQREPO#K^})YLB0aTv_GaR z-S|fnx`j(i#RV(;e*^x}gs3=?|7b$JT_lpA{djjz18~kSAwz7#w3-gV@*GxyOR*P8 z6)wg8$thMeZOFAFt%!#J&-+lic8qrI*PsTu7Omy4BWTwntrWMl#PU*etmQ5>#|@kF zD(+eVUzD{kHiFH$yA+)H4oGr|HY&)W**VCPq4LRA87Xw}I6S0E|1C*UZlixDtS2JL zl9ZZcY=0}F!Y78Pc~Tl%RX6PxpavPcYh3o1Ro#Xv+ZpkxvQy2U?6Cw8 zqpVEju{MslOem%vf#9Vut3mQ&_*aXFK;oKhij&Xb%AW@HvP z795ds#%Vb{!sO&>IoHhK3H>>e^Mx5R2^=Gp9ItIW5iEy8w$lm!kr}-iIbFl>uZQ9L z5`Mo~@=N4QdP~~*k?wG}e1=>v!m(@I-TSKGmTXXE-#KXdba6WSS=sZDCGFi4qP;3< zUtq?32DVxIrS{gkb$0%|c-e3N~N?D77RNTD+St&YeNpRM2WZkT@mIh^I3vJlC z5X1ar*aS2B5wNw{BMob%4f_Gq&`Q}{36H*M6_bNh-2El8cIm8X!C9qX*atdmMo?CE z4zgq^3quUsT?VSVnK32K;31z^rD1p=oIi+VgBoPmig9=6L3>+JW2=tAdZV{lg6@W* zxi$9e!yw#mmX_1`qQl|CeWKlXu z0bWr$n(C@7#+FoFl6E29>qMH`m=PTy^VBY>$-5P2K(HoSv+-cq#;mIMakYs*$&8o- zCKR%Jt3mDn)H*2GH#>_+Z+UhK%T7}T@PD5;Eyl9#Qu29KKj)!M*3n;v>Rq_+g6rsSm#|&c(LV-vH(f{9 z-SfQIC!0gJAuAO@30Y^RS7&XezAW|P85aJ;9&Z4SD2d<;U2!*#^30bLT;b4(cn&iJ_M0SFt&0C~>i?#eo!SXqt#Rk4*R3nG*?MSTQ zu))zrRF!CYDGm}}GK~4)6))ky%XKnPN5G#pXc@eh0K8D6UtCLNL?m$}lHL_(OmP9} z=*`lq#z51@DDr)cJpzfx0K3iDZal6K$qFG7+8~}33zS(E2i8x|)M))8kwiR%3-Gx} zhpF9xcb7mXP#xySCZy>xD$rEJxF1yUHV(Q#4cQx0jq>CTS*TBt|FW?b#{~voOPp_% zqOpB}!85^A2H)Buo-%eAd}(y8QGx~{I?wq4b+gV$IzxJtXGk1-rkaQ()zOhx5F1G( z0}Jm(i$9OoG;WmsIjKAMJD@sbE#ICpn18I8__EOv^sUBJoHxX;p^xLo&_y_ioow*X z_4vKh*g@o7M8=~Q?HZ!P+$~&1gb+a zNchv7!ty6b_+Z2M4g|ayBuw~VBaI@AB9YiD_OV1|VBXsxeUJNG_=6h^L3Kz5`i^sj z(>&3%4GHgO7;TU%28IZ45shZn&q$(`QNz2a&Gj?t(}_qVS?BOJ+$WGuP@3EU*(h2I zszU;)7Kx!0;B<7WWOmPKiMwk-oTPPtJq+~y* z@Rg5*cQ=eO$Q8A5C?>qSQHHLm;!hrt7q!k3cObp;qV&}*(p9L4d{7;dLBf+ch48Op zA^dK`7zToP9EW1U?>5Th03s5J{cQ-}fb>-*+-pLwgX)kB5q45%+6pvYgl- zhVXt!J1F6J8iqec(I`+Il0m{7af-%2iG=4G#^WG}6*v?Vo@>M&X5qxX^K-<1kj5(E z*;@EXP#uy%!sl}e;k`(B9mDtr1Yv(4ESy7$b&N!s;p7lp7Wr~spA9CJN_%a&*ZWw+W;ggK$ zOUT&~hX1EHKIKWmmoy?$FJgJ7@Q-Qv4}uzGzgjMpH0slfv9LRnE7v%~-HpkGYrK2j zU#>$Ff|gH%NS|p$%!B0o_0nI*wZ0!i_2tUtnQ7FM`f{Yc2v>ersn2%LyUTTOqmr!{k#N3e_=d?bFmZ$ExHr0 z@4n#6@J*W1JqcelqJ>|RBOek+UP~~FOcHt!LE?Q#A5$vbl@G3cg6fcHQaPH_d}kV` z-JN-yb`>pNF9Cs{8&_~HB7Y7tp~-H#srvJ36et#%B<#08O;HPwo=O!iitxuMY67Z5 zB1qL=oc0kN_fRz+is*^Vg=>^UAd5am(JD~6739KuSXz#&zU@sE^H4on4PeVSt^zN3 z4>gnb&f&7)r8FVN@{I>agMx@HmXVfy#x}?kZ{ol{B%wjoP0IEoDDxfC{>l{Zf!`~j zI>gV_J(c9`F|13F7lVVACo&1R3+wz$kZ)IFl4OBUqHItdVk0r}kJK{6cdKQo`)W)d zWLJ1_I3AhUa*H zV>F&`s0B!bl81*o`GfWkszV}ZuK$bEJkha!CCs@?OZ7zN$17#|y-{!ss9gSynQStT zf{{zJ5ArF-hBIm4USiA!POQX%Jwjj}b|RNF*oEIBljO{8WQl`F=PNC3v|%5D>W~Pk zl?9wa^y?&gk?{@A#oss-6TK*FD~l%P=keO(l&e^{g^A7t)gcii`e#ld`d<>gz-WO? zaSsljXnMXQazU$UBs!6puU#<37^IbyXm7VQ8&roxkm&ZDLi9=!J>Mw8xmb&X7L7+> zaa!h>CEg~i66Y;SPJrqV8?}s%6H*~&TA5#PesV?eS}FC5s+D;#6L488)2lqor!XRq zxF;EDz=_5Quu_aS{jY4OT82vmneQ2A((P}N`HDSnESpxKPIE=aWhAX@#76K9TqbSVs-+zXm9}eQ%cd!ic5k`+ zOOao4Q18TkyL}PB)TNTW9Xw4RqbTaPprTN~QnKHn*)JJ~s)N5>L~S516-oX~$qxQp zmwzJrRkfRT8N>M$E20&|-7;bzaGMo(j^=*M<(9RgxLelK++&Hmy0IR(B*nc@b6*YR z&XsMpdPB*b({fl{I3hdlHk98i?B3>nCBVH&YAha8i@dp-`yv<7u@@<;6jA1PbkS#J zLA|zC2~@6gRZ!8f6~U7uS|j7rFnFghcx8eoMGi;CE(P}{g-I@4IYP8Z#@HO0U=$)l ztiypj1?iUkt*q>CnZ(#^xFwDtovXxp@%7W7IwXSn+Y(OE-%Ju6Yh1*+_zedwS|k!f z&7VwB?hl0Pl{jy;Qwdau*rKp``Q-|K?NYE1M>3cAIyF@zn ze$DVAFZ7mHseAWqb-ubYsU(TUJR_w~a<2u6_*0Nu{uwFvUEQ)P z{^=SrP+gD0Qi~-Gij^0v){JYp27j_^595srUG-`C-KRJo9z}*D_J(^t)7+)kLqSWg z_{-2(ZL!q&t1ig^t?{m#v`|SObg15jf4jMYml@=ct{Ew-DG5s>A%W5Fl&;o;&^;X-$PK(6;^< zjBVPr3ZB=;A5GKipv>57N;y4o6{MV4e!$A25%Qg|4RAA}GC!1O{1$^f0Vuyj%Z;+P zIUNWp_oMQVPK_gB2e6|-HRs~Mr7nf6CNzxsr}Dc3L?&^4gu9!zAU&mIdK>BkpgJr9 z&3rOWXgicq3Z6NOlhGArMK#xj{|QvK;b^q7VHXy~e-mTGU&;o`5{ZQTRG1uf}N0b0c0w2dJ>>x!=N)Ybf|{rS4a1I1sM&m ztV5d{V3hq5fz^h;%ae>xae_N`hEUEe^v4?_|3Ec7^$iA)hl^_Mj172pAET(k-*}9Cu@w7vP7;?1y9XiI!N2G*20w zrmcDbREOE%%;-pZ5MDoKI`0HR?L+B&2 zMen6TJYmG+f0!!78!fJ22&>=tF;k=lItGs5q+-p_AuF)3#0TKZ*i{wBG$I9x%$<$U zs&GCNUvtPY%%g-czBr^Y%gq^+Oi_gM4WXDvfyUoeEyJHItagY?%r(*>wf|~UyyZg8 zyq%O&=7&pwbWP~Y+o6W1J6hQhP)aj_u=h6Voa&P20IZR8+hnzU^m81g#3Xv zVkd!3aYPqowrw&+plkirB*aIg7mbp~f$f`I6(`2O>J!sy1c+0~yhvL=1lc?6wx#JRjS$OqHk;9uxnH%bZ#4uJ zdndAAC&&_VNYie2!^l1MZfK(150P`)6(Gty@FH@1G+ML*_DbksyDjt+1f5ev;41~C z9mnhxIAOOrgarerRVjy!WGmA8wuEO+*^}QFA{$wFKWuPz(|MJU{keS{l{Ou|?vCu< z1d&EoM(YTiv!BN9hK!^;*k(~K%YTkMA(i}%&KWpw@6Q)v8S>Y-7?Bo>Tde{Y?aZ;b zeFM}t+#Jam*EkglOv4`88XG6%;V)@|%riFbg4Ve1GXN@Y*njsk1OoaZ26t+BMU47(xpZ9(?^ z$QnS|?1u8MKZ`=#WY|$15dB3BOhMLsH=9dhJc8?zB5oCQ1#%4gAnr9r7+ky-3L;*K zEPwwHAln)CVGOrK#s)&14@Zmgtp~vJPKN!@S-fcsHFO=IC=5PqniSS7?m-B<&#-@a z(-bw4XKa66DUxn(wyYssalc{L{2Q;Uxe;K~U`QBj*zd2vRVxi(d$|spm8%RhCK~n+ zdkpb}2JkOBh%)b1fr_53e}M-KiJl5{E4;Q_qxlydM49n(ATB?$!D@}3Y2eX3#8EVw z%RmPq#mzD7KASKKVtNfKANxK2c32fCH0(AXVDN;KY7&U8r-O)FISj@vGi-Az23h2_ z$5*zXozxlQnxOLpRvPx?n+(wld5`LREreaIT5b21@YZu^4{J>^7tm$laKtCDH4nUG z*l&JD1_SY`ixPKn-Y&!5Qx|#1K|k&0$stuT?=$QY4FR}}%)d2&EtY_H;j@YW(Cv-Y z@%4%%3(v!|gnnk&pP&~TO#$nC11S4RLN6M2t9(f957?CdfCig+-LO|f8x zQ00ZD9giEEjCDY4by0GDv##F)z%!=3_7Mz)#P<#WAGsidt5$;cnfCABDbQsA{?;IF z@e*{@w9{X~JDo^ULL_Eue5D7t(@M~1roE!4DM7aY&_;vUO%hbzve#n}VM+M_4ALNS zm9XA@5*_4b%g(eG>%U;$(b@=Cy_af!<2wIOe_<{D8{aRU5@*hIp zQOz&&J6rajHvR#VLfO>#o!kF@L@Y$2I{ zBJ!qt{ChF`2PRtflDm}U%aQk-mrsvL1!h?GL%US|UgRC}^1r0Q%(LtbyOsPekayn8 ze~j#V#-Utqmu_r?m6yHIoF-5QiX z0P;6lHl_!e-wSztb-wfALgeqZ>@RSKr7;%t*_5Xj7;^TNsKb_hFP2`$N+33bpm68F zQkd}`ih)!3#kf=v)k zsvkD~YuPVXgYXn&R&@cws@n(5w$JXc#pL@jb%VTPaN7sqF%uW5oqGGQx+Lg z>H*}x8!DACoqTrTL8;LA2KkpmCCzYaF z$g4;BvaPSrM_V1`vzJa${I?;mlgH2bQ+#&W+N$`2koU01-xI@pV4lz3a7qmovyr#Z zjThKgQQCs)W>fRK~RA~_W;magXG-6 zps{{Ct)~Kw1E5fYc!Ff}rQaAn+i#!8B_@{nBA~l9Jjid1eAaKbxL*nW5U4Lhkiufn z2EW~-mI7S^z$xh#Hpp*`#B0b7zpRi|fU2vJvZd6o54T+R+c%9bNrIUZ94AB8&UuM1=kO zK;@5_fG*Z>`lYsFV`*_eIGG%3TD@qkT++6`p04cK3*a%$#tP^lB(joiU#Y9==R2T& z(MVFDK#gqs77T^F5GjHAHyK~)4Yq=j&hcib?p)h`;T*b2Lm+N;QNkL%21XUw_E5|$ z+)%q9Z-ATcd0!1_3?GFuU@^+@serEf54gvz^vtvE3{2k4_!^i_-GDKuYp}BCZM#D= zrR);${#dt!+F^3-(*!FD9iEP%L!1vcY+KIu%zhK*a z=c!Um0kr4_@ZzQT$F}<)Q9L_6ah_r8RDofHH@IE(S@#?YsX_{U?inK4~%GNj@@Fz5j2ejTz1Mu5O`}uBa z5w{Mg*9b{#4_OD=9{lmiDp-F7a0L8}6M%iLg;Ko;s~*-kfxjc|t{C%K&F=vG?r%f301tu09~lzdL~rJd!y`U?@=}quvfvp&Ez-y!V}HPO9e6X!e)Lm?+yc~ojSMoDk>5qx^z;PF zJPp((jVx{~!+(#mmtq2ExKmb$Bz&b8G+bDW3^?{_TwY>iL!eq~WRS5xje)UAj@>$1 zIiM#{Lo_nTSVlH=>^(zOgP94`QjOHwm1h}#n_~|^@RCi~3FuqlaA7gBmt$W-5Q>p! zfx4`bLB=-Rk2d|FW4~r9WFQf-O?<K;|Bxj-$`$RJ}sYJxVq*Rj8M2ZUWf9oEPo&oc6yV?TdL$vg+t?;2U$ zScYG6?DdrtyfmJpNy9g+88Ffe*i+W2D!T=!+cYxB*lGo62C)JAs|V0dF#H&OfqFzE z*@bivRwoKIRt?z8jtdSo8czbXL?fwK3N$5PFE(U6(%25b+Zv?BsR@>476t4#UQsf? zB50CZqEI-uFV)DHaZ|uPiK|l-_cSVisk&w)&naWx4A{Rvr9dqJxLbof=|S+b0ej$J zW&2P-XZ;6U+L2aq2Rh<=_QLB3djt6zz7dUo#9K)azLoQlj^-NY5wR3$A7EGq$Be^x zQ7Oe>H-i9vMP?j~Tz+PD$KsMy}AczGs%l+TWSw1N=h=q7~n zx73+~mJogQHryi6qz+v&X!=Qe(3_RM#WqDn;9B6@7GJXvnWAZo1!SuV1A1Wo1hp5w zeRXbBuP#G5ZqlMxuaW!%=K7Fbaeao=d=)4EskzR}kln2Gyn4u=ZYlZfP-fZy|s=bwd}4@SkzGume2 zSF96L@ssH=FTR6w7=ZC~65pX#=Prm+?FYd;D#fkF??Pih3f^jTMS0PZ`O*oIgR&_zVY>;ej!fdA}2r3>x%_kyP@mIHfqOXJ92m~&*1%JoZVT+?bbH`aPG1iE%IS_ksXfHMGf<1u zU4b^7z7mMvOY~O*H96fKXwT_ufq|U99+<`Hp1=-H_XghQbbsI~r*8yG?j!z#fx4U? z3gmJ6X5e8?-wG6RdN{D2)3*cv4`<&2UPaM`J+r$vo7)I!q>(^K0wMH3=!6gmy(1mz zy>~>V3Mf^IBA_4&BG@RR2r3;#z>0zjf+#ky7o;fs?>VzOH{nzN=l}2X?A_gY-*cw! zv@<*V7N3v#FY)=f-+zGQPxveH`E7p_KELDd>zrrs`Cb1y=lnXK-}9e!&Nuk{zCRHi zbWiE`{dM^Kfxnw`z8B}ZrTwzRdcFwA60h+^P?q?NFOp<2ic8(nDY6(PcHPpcvKXau z-O}l@7$tAr(wVZD5-%@{De){>jKtG-U|LzGmXU#BWrWD3`IpoR(jJWkGn-1IAl?K= zT89L_t5CI>6shSlmFhl=!0Cg=iPS36-ZxFn$etzv;wpjZBPWW~>afM3>{9J@r6?Rj zZC+|UX&1+YAGLW&sgU%MIRDY3C}L>VI~C^DKVXbUA<_Q=~Q~SXnjAyYpNHd8<7ll2cAy4Wsm}U(u76A6tKan_T#=-Ku&|uOrO=9mT zK}1X?N~5XL{Gu_pN81R(!L9=D=F*aN`zV>;VDzaU;Z$P zS(&Q-96nd`H{x@)zYU*j_`lXd z=X0*VAM+aeTkyG&zdO6<`v>v4v40$&oA{^kxv4*adCmM8d~WWq#^)CP27GSi-_5+% z{v&*Dw_{}|nhIcY*Xh{KoxdC7Qc2dptk>m29_OUDL4TU=PA{yiEyigXE7>Vg#@ za6P1v2J7cRWw&6N^XPWMlQTdr5IPrXMJe{MuU&u=E3d%$FDnRll^H$m{yElb%H?YGlt}LRZXdWPKjy(vYaQO+ai!Lt7Tk(R7 zO+-MJ7XNyhD$(*L2o|ECl4z^Ee=_jZ_5n<3tfhb^YD`$2kzSs(7R7794HtD1$zhxP zx*!|gse z7#lzaa}ch#%MExiW&gx=I1xLr&BQ{hTP5$rlN+!vq6^Zh67^rQ+eLvF80&9Q7N601 zc`X#kQWL}Qro{sL`rm*qK=>OR#)n6MDQK}>GZ(zS;A}&TA!T(QNLdwF9+jJoCl~@! zrh-thC~44rlME49ZGTlAga$6=th%zO6Y5FN@n43xC%vY>+M9H)rj2ZqU^wK>U zGyU!PJkP(I&-48s^Lde@L~Q$J`eX->599MF{{lXb z^FPJs@&4m{p6I{K=Slv+JEUi_zcQci@)z)Vs=pVXr~8NV`9A+NKF{&5;PYJn3w*xc ze}K;q_&?$ELjNs3FZKs8IQ5i$&|e1U^x^lTC`3OX12mnOKnw4pm&zawbYkeuv*=f) zjWQ!zXJR=F4%r1lav`on0`9*+v4deS2wB;l&b}X<#OV=0S}JFLsG6@^i&|>sa4UOmdlN_P;j1x z!!8`gTa<8gC5fZfK9#Gb^p;|Q{K&?yNrad=mXq_5)dCc*Dg zyfbJ?M!8n@d;OF*G7e!*#-ZScBrUlp*UtVKDaM}H0@gs|-aZ998Wk30f2-}&4bkfH zeW)X5G{sWOcBxI^h1D7K#d7`#45J@SjClZe56jtfw>B|m1pQ5flNdqZU|bEJ{X1$W zUbATo2;T;m%wQ)Jq0A1bU@^ElKSYYs#vtFA3TRsU+`t;x;W5idL*R!3tgaoBdI1p& zcEh}bF{1b}0O7%#6LB+=Z;A(p*Tu~!zKM_X^@PY+&x$v&cOj^8&?)Ic1im3+ zWr{V$Q~D)?84ZXZ{;m;Yxvd-j3f_w zS{*`}ssxAXMD&t;!=nTp^0eOzdUH5;av{|eDAB{7^0~l=0-NCCSV0Tor^NB6Ypx=U5r~IT!1ix5eikQ=U6W;#vO+&;~k&&-8K`4t=f;JpRIcSosP7$ig z$lC2er~;c03*Zhn!S8SroRT>G=g*x4uLnIk!8rkvUwa3MRX*F-7tl1i zDW9Fu5%W^AI~R3RqjB{od}seChEvcHUpix$44a8KT|lhm~e z?8MDXNvT`DRYEqpS)1WtG=@4!^*m-KCc;4k?_CF-t!gfy8+?d3V+aUwgTs6lY1=6q zW1UId*sv-mafjE+w_@p1)vSU3F17G<@58V!>!I?w&7kHg)MPyp`3I@#GpgTMk+sX7 zhG`Tj)2j%Pg~Q0fQz=FrZ%5k4U_NIBP`W)y8nKh@n)zZI6KE zUCJqNnXTm-k%%IEWIt1y2&({Y(1d10=*u2|VULK1&R2lFt?@rF7%1es3gRVOG=-`! z!1_TmIdn?XkM{84NPnX$MtwLqc9MdkqM%5>+5O`_lwCSA3+U^#?r4MHzX z;xMsy9S==M(pHpqMgmxJ0w~j6nyM;BQ!ZyUkamapQnVrMay1wmT^0vRC{`nB`=VXe zJ}{1H7AF(0LCk6=ZTd(d>$(WSPntyG5++&nvbssTC&pitJCF@US~a7 z*=PgEB6nW3nAKm}pLWJ4GT+c$ zgugRHRw1J$j9E|D4ey}I4@&#h&3FNT$OfvDa2zURyhJf;6(&0pm4~tnuuQ^PnZlny z>LO$;pAW2gNS>B3W<4wI+|o|W`vV&q!f6R()=p`ko9^JVfjtnyX$fQ2>(ai3x`FjS z32bu+rzMP8Z%F&W5h{-IAh4q$oR;X}^91&V?LsZl`vTav8t3;pvNl#($%#R|qO1?4 zeG*1f;>ZXLX<~6Wi9tQZtWTuf3AGR7ReVS(l{!GhTk^ zP6fFiTt|`wC7`}Z=-X@&&YFNy;hXTp7LU!tT4-d`LgpgodWAZ5vEY20KQQ0 zp+llKSHp7LSd$M9se)xcjGCM?yfg?EG>Ow#X~MTLUTx|GtN?`0n#56{KeaF+3u`Qg z;e z$KG@SE3~^H9VPVxa1;&`ldzoe#zw3lAW~Tnsu3xa1YuEmLeLY;MjfgF3Xb*10$Ai0 z+v2F@7uL7vO|)M3CTz>z+0y?V-0IRrh2G9ZJNF{ly?COR1I>0XKEOr(*&a}5#7x+R z&f9a+o_dFx!8(9I$>&f|go0j@wmnN#d}j%|iYX%O1o$QjhIcn+pbsmoB#qF$kIC|n z^aLrU)H&Q8l=k9AFrGrJLT$LxMWMeE*Kx}}CFG;K?R`X68Ha#b#8nC~NN;pjDH!>0 z3OGD5&pZkL-jR0McNBf)ztBa;20OvLDDBo*q#)(<;Jt{$D2c#`&J6x2?R<0|fct+y(GWO&}G@?`RHYQ^WRP$?5P-FUWeEdz{%FCg2su(Jv{G01RbM5CcOc|`)srpq8)(Ig5JzUqi}(tF9UU!4!H0w_l%aVW32I8d%StT@x&1VfI@2BU#yv6_)}RROio&hH_$C#gv0UAK{9KlJvfs_ep6F*{0dmOnVA)ib!$={#FyafIR1} zpcik;3>o8SdlA@f!ucsscw^K43lU=ZlfXXF@+IkQ7w<+{byFYmjrxk-)}}oP6Ieu& zvc3>D4yCOm^%cDvWX`i8c4yPB(g|;TgCwiqFNfG1Htr01dzJC&ER9k9-XbJ!F< z#I(~fv}E})z$S&{sk7)EXWH{#bi)21u!lo9br!vMoA#--4!#xGOCg*(i{AT8djx8E z*8eWBk3u+g7QKs1JLh{R{67KvBZO1`&%463r>5ccX{5i5!1Ec4!-*gD|GcYA`xOk@ z7_R~>N8|jaig%M~2L_>Fw1RsV!YJ-sn+QeNW7-Y=gwsfX_ZA^YRlewb7VoE~{UO%3 z%H?3Ja#`wq7VnpMS?V`cSIHf~ULjm%0rhvi-<$U9o1Omd2f#kocqw|{rC7cvZVFWY z0OzX&g+f@8UO@4#liB;9M+mte>Mf2Y8?y$)l%;dg9N;J{LT|ZvAD6XGgha}qkMo;k zrtAcIZxW#ZI_dDq;!bQE0c#eLr~HbVQUxmS1#4MRW~kETUbc6I$NpuUQ|~dQsws=w}i!D9~`@92CF zgwKnRBt=Vg#l1&7_M>=fTwVb~qO+q)7d0WOEABmw*JV;chy$4H5`^#ZEy$IcVYYn} z#kV@#8@rh5HK@l}qMPB(3$yQj0<*#0!5CPCC46UFA-SdWY}^6D-2fM80{1kOnk>qs zzoq9nJhH}mFkaFuPPR}Q`M$(T+hPL@PnFhCcpS7-no2BTevO)?*jB?M(Q?uH2jgcD zuDB#D7saxPVs}W-u_-F|jN1Hqa|OkE+U*A1%XUk3AHm|g5aryuq(ScUpwRX0=p`$L!=g;t4GZ6`t( z&adB(AwYja7;UfdCfq+DFSxp(uB*uCh5KU9ddin_qDG^lE1E+|>2O~0Ozz`wBG5xG zg+uA#@7bu0^7~B2{A*umF6HVgY5_gOhsg!LeZ<3-r2*Zk!RBx(Bq9ux9JBkz6 zO<^nnV;zo)$B_hdQ-;@k7V=)L0qxWXo9tfj7@K}Fxrc5X0QVG*uqjorHQ_=x#9TJ$ zR??pun@~5Dha}Vuh9Me>({|!aT+!G*yB(|hY{}Dk6ZS~&gO8CvL6T|i;`UX@w*r_$!RX8`hUWrfm8Y?sKnTw z_&@=sn_YWi0W@lRV#i7No;HNv!XYP-UuSR?vL})ri@<-jCw4|gl6Vjvgv2G?{);^^ zuDc=XX*S6!AGJNP)M!ju!MO{O?xEz+_QcjTR6xgRNLvjlhHN$D5o7k}X%I$!Bw!$! z|2Z1i&iZdm#PH3kmLaxd0TRs&O!-W~)A(^Fs- zE-Gi@4>lSTo7T*d_Ip^`Mb*)CxGuqAyiQ^J`-=0Y$}J79g+=}(*P=SvSQ4m16ZMTV zAh0x+0FnCH2;3~UOLf8vL2!7VlpUg&D`b^@DK5P?NPUHHmqa!7~(#to=@t}kY)vKHLRE3#z*Ynyv2p&1;X32 z=x)QhbR4O*58yFP_=X5wnDClm&FXK6^S~}?{D+VS`weS)9Nvlo7J(qL-;(5IA<`R$ zbpl58bP#H25*s;~R45TzLr=o!FhpvXEW3X*@~trh%%S8`)39&B8uS|}9|PA(r0N<4 zMd5V~yW<`yZV~<h8>=Tw=F0%DZtVRSMrQsH0*syRrWs@Sd)v~(Pr6Tm*u@+E1QVpKKKA`uf=k|t%0iblMe(Ec2>s*kUM(i?_7z-K7A zh*n@yctzC>OOTzn40{hMZmO4z3L)&x{ZJKa+Li8eN?tR2Er%m~RbhB^6?A3KThXh@F3nPJ+sBb@l{3Sk`1@}~Vp0NWW+I8TN! zUe!>^w0B;_G(08XPa*#p!>mKq1y17m$!?{>$x9Y;OuP3p=vt6mIl@%@7^{QXh7TOM z##+vdN9}H8gnJ%-7?l#@D(?g~6o-1C;`os!+lNuXaEu>>ntwHfQ$e_gUVLG>hvB-u zsGRv`J&+cLdwx2DH5wJ6d=Cg@Y*WhF?52F6=@lc_tUeu8F*aTP3U?R6JqkK~dLEr49M*R$XyoIx*-BUg)2VsMJ6Y9gsNcJ(syy`J1!ID^#{ z$B?3Iu1}I`Ax({rUQefARVZeHv``Zj=U6JR#ispUrYa{Jfp68EWJ<

    ~W`E)iV$eD!)~$Dtm4?g#x>ST}Lrd=>PsVBN>>?cC4u<)-O@;Bx?Q9@6I+ zyc#$!H;_m7`w=(~Uls!2Zzto=plOsprwguf={v}!ok4#s=;=f|5BSG|vkZV-vWvW^ z{e(e=S#OsJuJu!xSliKEi58ndk;c(6udq~GtK8Ib`#c_~gxZha8HD3l> zV?A65oIww$S9}MYLEQ&|&v0o_mxgUuFUJRS#}hltsZ9|Gs$Z_0;Vb~8S7k}pEOX9DMDJV1voR*dTwUP=eS?-9>$-Svv54l7d(#7UqH`8nyiOW1@>JN z?zjFd*|}eh;95U)LKzDD72rI4%)EA#iAm|{ge~I8{SFXZ>+NW7omdBY2K^rc`a6Kr zIY+vO`}L3xqx|V4&+&c$a2`JV7VYvBa2_(R0iVGGj1QfsWcqNwv4U$kH@wDLob7cf z=y`ZuhJ*XP>FDtgN(u)We+D0CJud;yU=Bm^&brdE^}85Uem?LXuL(bd*{9(}h z^Y5#`>6FF(TqpuT`Sb8F%X6CG%Ktu354>D(U0;8`{yHv4QOn)$F7Tm~oHUdBtpd)= zQ;q>Xc(C!`2A7syXTv6O3Gg2_vU=W;?IpODlRQOX^5=Tsdp=m4}yE><>P(fiw6p>F*TW^{cK{ zp6gMbSAkF3)aoIH`q^ktuf3>@u0tG0>upX~+L^6-!{<@_PQ8EpRm z@V@{!4^55&{w;7`CUzX~elj5{e;(o+2YjL6`dy>o)O{=J|7OtBS&{Aj0dQUx#QG`R z*Z4DNsth;xn=82L8>6>g*FA3ue6iq~?^Dpn-Ua>$@NKTNdVUc2r{K>^)5?Ia{Tt)+ z{5sZudH|myxPC8#7!dy(a0Z)ZyKgwu=oxH_^T-Z@YdJ5t*gD|0;9m@SI?Zhl{AS<` zj?Z@d7&tF0Al`47<;$Qi+kwwa;Jj303GjP>(|J}N-EWorgKYuGCEq!`TVl~=R{qoR z$H~JjUj`N6yH^UX-`f}Vy3wG26!@gItX;MT{sH(fxC85F$_V3A13s0YUm>`*3xm57 z-+rXw+;nGuK3{Mx&lAwEnD0u^Gl&PvpGX-WI`ff!8gO1hAmYpYZU@fGRLEy7DS(!9 z8Ju?6E*Zf|0~Rhh9rQc|*$;nw)X{fKtbVeyL)hQG%fn~G{VZR){jF&7|1w zcO~${pEdr%*8T1UA0C2d|KC9xRKJVC)A(Hn0}n1m1E0%)^DygSz_%_jJ`9@Q2l!aQ zwVZEVx3)tlCzk=g>QXD`yP$sx_yVkRrMtS{JK)bt8VZ3IiXx=t=jAxfz)t|q%aMrx zS#T}SILzaNK>rHp8BBgB;QhuLe_sBxX(#(brQphE!HO;p7z}(K=o!R{a_@G~`|Imh zfq(C>2Sp$&|JB!9y`6~i>?pW?FE4A7V!K~6=(onD$Pce&_@%^QKfeI<&w>vx9eNq% z?>XN1^Dw#$EB9*Ty$QzW$kkSFGCjH9wu0+-F-XPs zz?(t;K7x2|VcjKhG3a>-Ch6}3{YU6OJAlvMKu;$f&O7@}w0wPiW)^TdJ#&n|3EW?g z>?{LW>*sFRt2ytN06z)q)-=jty5e$zSY4r5fFDCx_!9l%xb#J`8rq z@jEXM{hvV3;7J@u8Zc zyd-QF;5PtgkbTzktH6DGe(!S2m%-*ZA58?#OS3pGt_IHF3>?=V2(IPaQa5Vl_dUw9 z?*7J~!75qKG;jvZB)%LtFUzBx{{i^j+u8V?0{;CEF#Zf4!uj!5hl41TJSjNqBm^h6 zIxrsJJr6!paBVMMQptXDb{_g`K+j7a*uH-Q&ft?xDAXMJK;_S%^+mw%5j?K^pMsu2 z16ZCdq~j?c23uwS878>4*9Bi&d%Xbu2Z5fK%^eT?Y~Z}KiTv*bpXrdd><=%1op#++-0xY?^Dy^rz}Gv}=$~K9=u06dj}ct!lffFNf&MPw3>q>L_-?;7dVfE$S#Z_c z8@5^3QEmzPi$TvIVAN+e62(CCR|a6fPc`QtdSu zJcN?Z94`7c{GfW`yE<1G9|qaD7w?=2oR>Ya-(D}c>kqG3dA`B?{v7CesUYdU1HHc= zx2<#lEk7@3U>_b0oR?Rz-kuU%^PTmO^{XzOte{;gjSnyRWxfXjXRuJ>3xM+yILeb7 z1y}xGoMZe&&2ztpLGSwmyb9dkH{Y$w%EL=z`l5a^!0E)!{`Q>Un(ya-uzW}3yLx4e zk1zKo0%s5__LGZ%^KvwP?}Na332YMI^{wEVudg?*Ki%-X;V-lW==T&{+l$WRTLW(Z z&Y&M`$5(;#avYA+ZD$xCULr>NQo*%6w_~62Ch)HXJrCI(1N_gx8DwlO@NH%qpVJ=d z;*gP@?GHtQYxxNg z1=sJ|=Eb!g<$0h#9`p<@%>M8+a9%Q22>Oj?86SWDcL#@qD3pvBT))>}*PjBMmmEoU z?)Lz2UiK&E6!-hpY~#bAGJSwI1Lvi|qRzSBO5hBJ$$Iz#I4@rovEY8aYm7fH#oQ10 znSyJ*9sPneV83$A+k^ge;J%)`S)I}Il1M4^{1i@=R$oKK{P#$%1S7KmE|k z*$n!npyy?6X93?<6iY1+4^8X=d?auNYiB#21l-r#-vI90<;tW0%AY}5WLj~*2Z8f4 z#9e`}Cmmbqd8rip$wQPsDder-%ALFeD516O? zbAQ(euH|7cKvBco?_=P+oT>-#zVnTqhay@2dB6*Hv39uu^tS@%C10fPw!rxCa45^R zKX6{+y%G34D7e>pMWzM1^K@YoI#OyvSvt>iK3!>{C<8da9-L;dG#4^2G`pM`OY}j`0!FQ z>LFJFXK?>LP!FE~zpv1~D+xZ^9cO$P+imi5qgk?~>BuSW1W1UN6frkwcz_{Kx5 z9;SkRlM_*%BdkAj+%*GdFowRMe_n95H6WM#6ZHN*=FTS>e_mR`a#jK7C3x)TFAJ{y z`AF>JU&TyLHhlA2J3C};D{kV~f@{CxrF%u7UjUq!yRiPxcYMe+o4yD7&9}4q>4QJ5 zbBg8b`^VN2$Glkq`ZERB^1Lv}_{eZ}zfXbla?9O-?|G`}6;nJvjmd&5AAkR77H|e_ zm;yfc1LtL<{NC+PGd{drfc^6d!L^=?zqN8+3O*}A&tUrW2fpTXIn{<*(}g6lkciZ{>xPH_ER2Fo0cS38{<&u8B}_!)vL9|jF&8P*a7MsWsz-5dN< zf^U*r%*1@bwSLZf0`1tzh|UEc27Q!eg8MxLoR?i!1MhOS<;$Rq{H}uqXW2mNl0~5B zWt^mWNbpUh-gw@yD_(j5^t@D?^nDgv`ThO4QG#nd@RA71hnpOIxFq)Pr@&|6f2|(w z1j)PL!{9jluEKMSe?fuK*MNSi;98&leBA`x_q#p|d>A~I?VN=2+z)(;9xRfds3q?A18`nmu_^Gf-&y&O{=w+)0)C|6TAvJ(ya(`ef%9_d zk-*;o&P!1^em51xK>6_UlD?qN0OzG6I{?24I4_5x-0O0_@fo<2m2*1ihYPOtf9HKB zIQIo!2YLoU-w62Az^Wje4YtDFM^&yJ3a?K@IvFm%f?xr z8NeB|xF6`R0PgR5z6G3@ycU6ew~LHFgU_>^Rf4Ph`3~oHcLx2Df@}GGzx2z%hr!hk z0{uI{XYFD2OnKPvV#{~^T@6oy{EI(-EiJvH{d6Mo|m3; z9={KG*Nv^;Qos5TI4=d-AAE*fZuv5J1nG|xoH7BVE_oUBysVrwSAM|$%uJz-eb9@){45~91^i!^~e0iD9 zF2K(O&Y({mkM96yFcE%l;nl{+-`AK4oR{Hk2mWsZe+uhCw%1R<8Ju@A=w~i5{vT%S zdkcZz1f0QyCb1=H@X`kMx8DM1uwvrp39j{d*uU+2d!opvIwOr8A)4>lVXD1K%6? zse)_&@%I6*0bW^W^*kT+KLY0^4+jC??^ff(%Q)TuzQGF1_ecc)#kO=}sNkCKEYA*k zA?UBdKHc`*IJ`4Wq-eEW|H{2EYc;LMB zW(x4@f&1q;HoDXJFo+rZ;WXe3j>md_S#a$?kKMGk<6Hs$8{cJoc$pj9eI9V%PQFrb z<>UL;Jq!9*4zT*13jSY#z8Lx#`{yQiTfPkH6qFyhf8O?J;Jiem5d2pQuI0JvJhK7`_Aiy>|!wfxxF=z07>)3$E?;gx7B$1pSIzIy(+k;PX1@&)D7aoeaEirSb9i zk46E1}!0s1Iamp>%6lP^UlV=mx7*`W|8NYzy8UID2qx>fe zuJ!!d-PS=K1OFo(j)ze4B>3=hyN~d*WWSuwr?l< z>k)!$J@7KdEAY~zz+anh<=+$d{*M~He@=6W;QC!pV4~X|^bdocm&37rKLySp#lHsq z&_5Y}2Bl&91_FzbojU5ZvhrIPX9`;UnRd05|3o}2-k!M7_we?4#p!5s#? z=U=Rz{qyyM1lRB4rP2#Q|1s!Sdv?E0PZ%HHZ?;%)<#XSeR{lEhc?~#&2<`)XvJ7OU z?>*k=PXoSKaP1FUUuAeb@CShR^Yq@ogHP3tYdgxVP|p`UrF?RKuL`d1{ztFfzZ6`{ zGYoQj7reUT(^eio&d*fAm7bR_F|WmrJ~!WMKws?bFFXqT_h?_ry`O-81UmrbOu;i& zp1$zMyBS%%DY%x$mm8g*HTuutXI=pMT?AKp1`pl?c-qnDmVYkjyJ9}&_}U_?U@Czdy>k#S8kqxxaG3^}Be9Amz`hJoNql zX7m@s4nv-0g6nvh;+>Cf20brlC| zEVb`tJfgFJKl7RO6V8Lb7hJ!W!KeF!Pp_AZ|D!({pCaJJf-C*+&yCjqJka}op{IfV z#U`UC|L1}862_t6-|c1N&&xbN2R4tkGaF}1A)&6{>cm0j+CGG39fQ) z1vw$(J!Es>J>D?>OW}un5bzS}w)|A2mSir~uU^Ql%I%9+jIR6e=C zMu*FM@raGPc~}pw06zM5<8w7$eNJ%Yzv4i{`vL#eTZTUldAl9($%1SDY50%P{|e;2JqQ}D?Kme z=nMQc&_9Ft0EYqZ`;O7SznhhRAK>Q!_xDL323~fe(H{x=t=>gBp(peKK2-3y_Bt2z zyexzD{7>M#G=38Jl)h*DcRs(1L*@a09yl+3;r#fq;M!gOFOH87k*%ThW4<2`)lCG1HY%2m6Q2i0(=|HkCe~<5M0Z-1mkWt`tA3i z|M5`c!~TExYNPM@p5^;4@;zU0ZFfJ;#_Pa+Kl3gh+Ppd1vqNqnxbpcN>s;1D8Sp*5 zb<=0S$1SpQQl9tz$oQNIy9ejBX~21D1i$Mx!L=Uz_!WO~I6g9z^!V8L`}=5Pfd8)4 z%0u~cf#AyDKfiM~=1qE{x*GquPU(mXaC$E_?}}eU;1s{4}2x;36ydR2I z@R`y3`!bEd*TTAn_3$?EigSz)zi~@ZFtq*`B@7p}#QhEzT)%fwf2+?Sz#jq5%UT8l z@AEIC_xAy(2(EhIP;Y;>PH@e4CiFCpyR*QDmqSwSt^0-XzhzLgeQSaLP-EpUM0xHN zd{g{8oIDA7UhdBN`4PB(&TES=@mc^eYBN+okBc`0}4BxR#%nUKfM^?}5)keeMK&;J=OD->1GA_!gL#_Xho! zf@?YFJz@33cG>)U#E(ShxSHs64-_8DO z_4Cw?R-W!Gr{LNy+dyv51%5i{S0jGQzQC^s{W_2vHvk{{qw(RT=^S?#0q128=Y#$M z;0vHX{08`2zNEuwaZJu2Lrzo zaa4u@pD4I%uOe&TeSkj?`q!>BKKlayFX(xhVGrP2NZ@bfGijvJb3Qssa4mnAXAM6G z<-Zy9o5GKMGWfjf=3c_$h@(pG0|H1n&FI zj$Ft1@UmvM*U`XlK>0a;{T}$S(7RYC-Pbifyd-Z1@@)dX%_i0#C^zl}K4_kmlk@WK zU5(GBpkD|+PYSN>e%7T%|7+lV)-!x(tOxf4et_UwKfLsfy#IO^V0ghpzphpmM8aDEV$;&ORjbW$s*vq zoQU7`3h$xXRB}o;`CR=zTryGQqXp&cnGF%ERYCKOgHa%9+F_ zmao5$xu4+5XBpxf-;eKF0Q$2qkM9Zmd(dCsDBN!{V)|0OIy{JfV&G(}k%eM&hCj2S0==nt1b4g7XME_qUL z9oJL6_;nu%uKD`@Z2h(|-1j>j3H$;0KQOO_z)zZO<>5NzA>cK&hI9N*>Sg6w?dfT= z1lRJsHpA+N>ydkaPnm0cs6UU{*60V#H=KIN8G`Hg-r)JM-{f$)HwXJ=?4M7A&l6LP z5BtN8+Zq4wPqXr{-K&6K2fd5q>qg*TVV>gr^%n5c&o(}s_t)=j{C&UcA%bhaT8Vjo z2Q=nkpg*J8%6TvFzc~7Ei`&1q+}`*vfnLY<8V7th{f-7@s$=pTc!bqu^RUT~`}@6X@>; zemM5QWth0%zre@$8{e|8@#iJqTwe?Tz7+ciY~MqGkLqjn&w1(*;LD)@Q;w~-qw(M6 zI4dXhqRGI0KjCG-7grj8(mxLT0q8j*PTg;de#U=tqtRCzoH!78732x^(n|%`aj^j7 zZe!5j0s3yejn7cvJ$ABs{^}zu{~pM9U%|C~zwc%A>^}>D=fq0^zO!dP{0#VNZ@**5 zovoa!yzx6!aLu>eqd!Yu0U24W~SL82Ck< z4Sx~k`49M9hy9)5z#lKLeD}inDfYK5lg9sytE~SIGIoi9!2NjFiv-v5PtVx*_5uGV zfHy8S2AnT`1pX%GedtUTv|9HzPzCtk3w)dR zjGpV$7r@`w6Lu@Ie6KyizNTs;*L;@^wDQo7 zdNSz!_z%|u_xINBZ#~|1U&9L^uc&WS z1OE}@t`2-|0{$ZWD=LA14Sc;hRvzl-g}*_6``YlHpdSnTqE8JcpDP8|a{BjEyb1i% z9jqQs0iTgWjeozl4d*zz7`VSbc(35f|AJ!6m-fJKf&1|xw;5*i{yj1kg6lX+ylMF| z4*&VUH$^;W&O1+n&okI(Wc_SB-1z(V`-}rVa5Lk7I==Td;IC|NIOmJ4Mp$`jAh)@` z+f8u&UjH7J%YaW9Y<%W{{{|zC-oNK)AK(`uupo^?R2PmZK484j&$`0C_jce@1lM}-?{i!X+&|~_BJeMEvhSk& zS$l%nTJivJz>uTXxr``C%b-`{7P1ALcrj1TK)CGc6} zteiYYzuP3M2Y|74QCo3=6f^n<1v0|Z|ObR=>2={P5{2^mzFR2d@Hz~_dnE& zKhv$$_vavU8EybJbaP6VIVf#18p=tl$J{6ORH`zszQxYo~W_CF822O ztezi35$Xije9xH}t>=}%$6)_x1nBoY)ad=V6Q=?HbXb(n+rSTlJm`CIEJAKh-> zl>+~y;94I497ieWdtYw!GX1&VT+m;zui;06&)-WP%^|KYIfQa|6Y!uX$z@kss!zz=}Ei1knj{L#a#oSg6O0)8yk={?Xc z>rS(Lw?E0~M_7_55M1kdTL8@WV$hc(9x}(*qHoh{xeJ^u( zZamfJ1lRIhhV>EUz+P2``~D0If&2Hdz6|{6QtLmoV{Di)KK?x^`v|V>G7a|Ob5Z^? zfe*UR_*@VCR`Bunum1!5AAPKXSr5afTfV+Nc8%bg@5|7usn0wD+&|Cq2KbDI9J>hR z*?ETX?+g8zdcp$WRY@!VaM1rvaJDrdmz2%4@_cixmA?#syh(6vm!;^3v^Q>44IKV& z%Ru{XF;!{pTh^h z4>>wYzhkZOUpC8d#!;UsxbkoC{N+vpy?<`y3E+q0+y~3Ecb)NRgx?Fxf0*FfzU9!X zxn6q*_&TryRN{Ll)EoU%*stMw@Lb@TnO1)KH$DfvpC=!F-C*Up^8=$V2mjv)uH{(; zeS`96De%W2&)I*z1E1!98J|PIXY?FfFQ4M=6U`J{`TKr2R|(F(2No__3HtuE#$U{y z_G`5A@9>iKlauYwi9+BjRvLaA=xd0tYlO4|pCP!G$B(1_H_$KmoAKEm*?tas|2*1m zP4VR)A-M9NeyH)GUb+s+H>@saUoyPO8x z-(P-KaP7~J-)Z!#Z8}M;KhO9q$GBj>nkcx^pL)E}vpfx;-@qG3OM&lml+hQVobLgj zfc~=p_{{m1?`W)-Iq%#BeExpMrx5f%0zVgWgX61Wf$`b)L!+Mw`a6O9`|n>0uHWUi zZ?}cU=Q_`>ezxFB|2_O{*^c*t-rt| z^R9c8@mUT3`D5_v9N@cQpNRc!x!_vQ)8N-v3i|brHa`8l{ksDNkE@3{p!fIRF9z=4 zBk($K|9;6WkFk6goMCcfI?6KzxNqNk3iwMCjh=FNi(`$Czh5&CxW6C$DDduB$5Fq1 zL-4ro{T%fEz2v_>&g%2wbF4p5kKG6O)ElgvtMFZi39jw#-@|wnaQ{Az7lHftVRb(q ze2Oezj_X4N*Y@@A#a;mV-@z`*Z+sZIe=qj;jt>eQN+z6O{O`klH|=!`1=sKL?^(D6 z_(}b&9yqR7fzRQdJ^w@C|9~9eIND&5<=gLD6R2OKOhbT|zist!>RR@P2EnyF{yp8# z0bgquD-ZS3^-csm)}h=7pAOuQ=W{>s1ool&pgg@#GCsatZZE;LU6%aS@|^|xGSI&Y zc|v_`Iq;dVf6~tLI&lAd^uUuX->soHvVG47erU1P&jXmRyPRV5CqbSMMR`sXT+3P4 z#mY&$^dCTfk;lK+sm8~*o1FyQzX#+?!PUT)czb&}d|L0!) zcRtJL-@tls2K1I41=o5Q4gHpKvKhF44(Kf4AC0i`kbdp6jnCqv45!=}0leI^i{1p> zzZdvD;Qqa<`z<#9zCX_ug0rnrH7tPPcXkM!Ak|_#PeA$xYo~R zt8IMIfAW6dFGB8dALKLOJq|E>maXJmcdw4AR1Ujn}}`ax}czLn?4x2=79p*+RF z*I8ot9PnQxxR&!O)HC;+o)cXA=MA2J`^Vt3@#V(&F7Vmp0^{S~1O6M}?@zb#p9cCH zfd2#Q=nWtb%PurN|HS?R+vQx~pTO=-J!+kcjJ{-!@u$410e-`7hF^hvp9kKnm(@c7 z@GpTchkcCgwbR8`pBq1A^fE2F-!Q>9!MoukEx6X_Kj1IN^4|d5zu)RT$3M)${#|&9 z@j3Jq%a`M{7WiAR&zyl*9{}DJ^GJ8#1(zD1+vgY`uJ`8&-WxRGVfS$5BQu7jedO;^$NkYJpR4Uw}JjxoHt?r{1Ui- z?tY6U#^-|Wmhak@B*qD@^?5M%c_}B)2JYWS`84q2Ev%gMf7tUHvz;LpPUg!Qx2jYjX^``ifpse0ox z7v=c?_)^T99Ct&P86W?isX4&?d(-Y0oMixOm#lr0@$t_A4FkRv4q%;ymsSE#K(8jx z-ph^8SJ+46I64BjZ+CiLaFqk+eQy2pcC14;xY_vJS7-Gw1^EsKKB~Lnln-YEKkL`l zZ<|5?Eb!vKh8F`*R5ms@HP4+sy?X-qfQrYmde>oQG=bh@fOJ)@?6 zT18E|s=26jnfg~YG$hgomo<+|4r!>)RA%N^H)Yb5^>t0n zjdLrT@uvY5H8u5>6;eXsGsD0^)idhq8#D4SVc-~HI4)UKSznczR9{`!TwcF_`KaR5 zEdAq*{n^1+$u6?1Ev)533dx}mgz^^6o-ntjCIlo0*H$dpzof2t(7<6$ zBkSi*tI34^T3Apuw?V3CQ<&Rl~JaqNxe;)H7Qzk#f_PoOhr>P@5*e>gG=g4E9z!sN~)_GFb5&1e5Q ztEIm#SkTg6s~5)nHCa&7BvqD~(O6NFs*>^yl+Gkwrdb+DJ9xD=w>(MDuBfY$ZYHfJ z9ax_Ws;d*}{l-lkK5U%4GIv_KB<)7PJgrza0NmsJ#%dXz7!d4h#nnwC>ScV@*Nl*s zuc#D?RH!zRg>zkZM~yBlofQ7#AZe8eb89n=)s^F9_((HPsw@jvSK&YzX|5~hWFl>o zt@J_}TJdxR+PgzdT`Zqn*D$SdHhO)y&lI>1F0Y?Fw_b#c6?sDR{ba$Yil*iRT}>nl zT#Z=wD;+zbEL~*(?ys_-M(VplBp7;mvaqaqVNIs0Bd-?Qt5Tp$MQsNd6b=|Zx4Ncz z4Y`a<24ca=@C%8B^r+Hd<5TI>gpp|(IO+W+?4M4J1~__Tsfzoi`t(fc#5I}3$OHS! znC&kjbismjL#9#Wtkiq+!t^|u7jz0pxXzzQk349?u<<1${O&RR8%*Xj4dlni-3^lWI?)2L_=kB zvZ=YGtVkh9y+V_E0;L9I>Z(%nv{yv3=!i@$N|!YcNtaZ~>?R)^%~5j~IjcDqr^lx= zjUupAf+q*?v(j}k7dZ+kjEMGvbh;+9pt`bNz zmBH53oK|U|Q=a?{b&;p421qf=2B$+aT~Rt+-_VpSN|)$-uXBUrCSt8TT{c`rX4!~z zxtp@;Dr$!g-EUmU@DWp{qzCjLXmwXqm6qx)p3>r`Q(d~;)_DbqMFldi33 zNLMtcr^(!za)VtOHp%6Al}Qv;h9HrQ+}9T1;iIH{s}=CH;YBI)azQ>l?j_kHDM{B!AC>B6;{RAXa( zqnqfZiO|4CGGyXhRNoLsR8lv+K4|TtX`(mQS(V9)?Nv?&qnoEn$4a$Dx?2CjWV9M5 zjb)LeU(`aC42)Dsb25-CuBluHRKX#=Y(aJH+*)ZnCxN7X3(})S`?4-Nu2$wT5$Z6JzU1d z;OeH-oVlVl+rPot)AczzIVgG~=cvMG_YdY7{l1zBXM^S;;xb zE#jIhW~5}U48JWs-M$A(UMe-IJUwZw_UmD3k$g^4h`QP!Q?bmmF3UjD<{Kp`ouX}g z6zdSNa>un}iy|<1L0g34AiJ&<*)P&Y7kt?{d(zl^1Gky&fFUdr%*hyOsX-`U+l8}a zt+SdfX)78URQ<`S+<6sK*D*RWJ&6*YEF4i^t22$$cL%2GM5;>r*#D-vrGTmc?eDEs z6bsVVax|%q6jrL$rovxN9?Ey88>?r`YD070#(aeI8=M0yH$$r);OxMzSh((t->L$3d^a$$tYQKi%)1Jl3n}g_$yFN zSyXV*l>&Jf!eMJDqf3H^TD|@N6xF=0xdcs!5Bsl8n^^w7|i%=O#(3 z(rD&RC3U*|5Ud@_W$h7JIygQN{i!2;M*4`(#=5+-$zzC$w^Arq)^j6cG23z1utSBF zZTXg%MhvT`LJ_;x8BwU3;XIi_ZFEaN*7>r;tt-5G?!b`Jx=|Bjw#js0%gROSI%e5Y zP8EHkEIL(Cg@w@!5iihv!_&V^vJiP?&cp_*0Os#Jb4x2-Z$z@BEL|cUG0=~shDyhl zW6}+TcRqRGjec#OHdrJ=CIPLblCmLbRgQwG3B4&iGzX6oJ70a{!jT0X)sqK76_ABV zbaih_E^Vh|x?Ie>us-PeXN*+1D~vZwhy+z7W2VdpB0Wu+v_cQgN^UiPi8Y_oP4H1! zlN_dE$ypXSVlS1IfN8^d^dvDDg)_54Nw-*FePB(;S!5m4anp;ML)@e;-xXs4P!S^K zEe|Ac&Qe_7%hQ{4R~A9Pb)zF(JD^P#G|jGVC~K$?ZJS+3lyq3y(z7!QX><||%ci!D zh{tT_{a+c`WY!ojJ2vyR)6~xu9XF4yP2pf1XDt9CVYmni{`xbIay5xLGoUU$b?KAe znx|9tNGEjMFhScDi7il#h_aO=5-Mx#o~HdhW;_ijbk=d`;=`uPfO6)AiFIYN59hX} z!Zvf^B83_f^aa_y$~4NZoNQGzW@P)XLJUmP@>HLwE~RBr(@nNe1Lo;2MtQwS=;1|f z=PFfY3jvuaDpM*HB6c5rIkb8jP?wpXoyKEy|JLlEwt@;&eGxDtb@!!yp)&+H8;)e> zc4X=oicPZvQ(h`HPvp@Mo4#6XUCt8mvQ*kOl?oO*zmyf+4VOyM;F~jU5R{Bj!7YM3 z&#)QUAQm=lmB20-U5o34uLaL)n2~|+dZ#~Y1dS$dw!?t0Q;l2XPmr~ZOj5&Cy>lOt zzxZM$7$w?e{LptFCVvxKMU`xSYd2Yk}RsKRy&niT+`0jDyo$J zuSIJ{%U#+xZE%_lD?)=SbbE2oK#|)`4YCE&JRM^uUD&^{e^GY8g%m)VB7U*faOMTK z8=-rd(Y`dVwa%1(h@*Gq&Tvjv1fM!2wV+Zq-(?FG>R`K#&seUmp|X%nhNm7~K}r#2 z@g@tUl5w@k)EJtMWe-vY9kvkjF0gbxE%uFOr+&$XgxXR{rbyS5(dWRDF(Vsf-60*` zto@}BJT?p1M4>B7%MFThs9R8f6m_jyq#d_SJ0$qBjS=h-z=$EEQ=m~IWai3Vkk+)5 zi(#7{EQ0BZ!V;Cj90sv^x>&*3}oM>vpNB(o2L(P+}@YgVmHV!da^@TRPoH z+CVf>-GQ2!sgbQs*OUVKE2`||8*1Cs7+E?afc^GSuaci#Z*kc_t~ zLA#37jcn}7mXU2%IO~PAWZa6pZKK{_lUs{qYa>^8$F7mES0@u0?6NOjV>;=FA+a z-xl=cjx@I#q|soWxg)NvISypD3+=q5t16l+uxgz!wj+~Swg+iDlpnxBXpSQ0 z1d(WFv07Pnh)2w5?hV`Q@1U`lnw4Z5ZTLJ^2CYurL!|*P)SrXBQt1O~^VFUS8J4TK z1WWU2+L?2g^v+F9X9Uq|tz-T|3(-&otckaTd~;ws6r)vM*TejSGx%bejf!<6&!+US z%3Hl4CH_M?L3)jqpKIQN1pYW2u^8xKjZC_iKM=E1dZ08}iQ2veCoBE&XX%sFWyvkpcA2t7?u`|ZYojb+G{mN?dQlZc%aQ-e%#~m2XthS>FM1NyH0OUwBy)bb zl9g8CZJ=d~mEw6ipmslOZ)Ht8!Kby+iF=S)h3$F)l8O&TJ`?PRtEap9K$xJn9bIDbTIsFb0aKh0*|_+${3gNzeQm|KU+pRtm%wMQfF=_BC8?6Xo3G()C;|uSRQnfnfkS4zpb6|+ zvLo0odqqdBT3M+f`gJ?qrrIDZMyWU#<;Jw(ka81vO{sp9XAdqrHHYTHQt6n^mqGin zZVSl9pDHQJSmA^3fXqy$ z#6D1%ucTNDzqx|CN-TTU~J z)D4zyVb#Rbgp!4JfXR$75r-)4_U)bPT|a?&CwCLQSa#H^rNpusm^I#N4ax_!V8Dv) ztDYIl^sbm58fyIZD!dULH+l@Ga6ovEa(G7EGo)8wTwGg9pW7w?@AlEY-eRl(wpWW+N?i%K4Ln!;UCtP>73&+ ze`Y2Va{Fr3H7&^2D#JMp4i?jTea$@aTMM0k!uMM<=Jp@4B#IVY**soOpm<$Kx+;$> z2t&sprc^Ds+lxw(J%J!P@*3`}3=EvXX$KU&kM0WGoa>m|A13nF8pYS}iUUtUQN(FJ zZA&j`LA?yyJmfqdPFx1eeP8Cd8AP^%RO1O&rT#lD3zHRP1`V4MU{^(lnLZXf`&Y-lZ}NV{PGYT!l4JPfo-)#*ko7RM**Kqr%RSyQ`yBvV7A zE%J?RzMj9gx_LLWiB}QXy33Uo&fF8-w+q~zqV*rrj$&4lMQ*B)EzA0_sLRd`F{ft+ z%GtFHJx*LTxMt5zgq+nJ?Br=OSzYI*S5?nCsJp{v`3o(_<-CI&*qh#xL%Eo-oQp*3 z`>Ae|fZM4mt*h%wX31xZ(kfl4&`qPRa*DZ+D}%(E@OWG0LJTt3tS9nwZNyQ#VPzOa*`=%GPMIuySsr_~&Q{g}K3$_zMk35vy4jBpDo~ z*ucqO@Qzh8ztsuytoU`pw+)A>ig}ibQ%APC!b2tZOjQe0U+#$L$f%bUNRCS7Do>XR zx!W)3=fMthJ|(1eUvo27hlE0$92;BNp>GmB#@T$`^yHeXeVYX0TaoYZb7X+|T|eBG zZPn7Hc)yf65lcVGLF%@7W@G()5lB_$%NaG$qoUeqHT0~Fxr@V5Y8jRo67FoxcsW{F zF(cEI)dXbyQ#rFS$A9h@GoeR?g!GMEArb5*4{VxW(I6C|V^>)`PeS`5r8mnSTOlYA-hi>RrTxw!>*>Q-iHHG+%(oP|CZ z=KRaB1uy1m4ICu^#gQ8px}*VQzC~ zBpkMNvNcsOzNFdO3Qdra&YAUUaGlfj%lsWEj|5DGm;D1}*)N_BvCDqz4AOFH<<8TO zvO=)E)?=B@)kmIgm0}W=Lb#oEk&^|m?*%8(({k26D1{YF{BGnW1w&O3ryW_*Jrh}I z85c1}Xd{K}%TVg&B&;)FmNJS7v$kFtvi#ElCzt>oMONGmoIkSy8_g|jUrGn@mT?_Y z@Iv07W?yN+)(mr4xKOc`*#XN|sIEgx=7=eGs(dt5j9S1_LG9JdQ$lzEv6$i(8e%Kp;nI^v*a)f%cNvd_7^5(7BuVm zMg2Mnw^v~*QCc<~DrXKID#4J34KGP2`w!4zl5K`Ok|EHIU_BA#t-b9+&)#_74^M?} zr5G}o<~XvVWRdo8m0|-mXj9oH>rmt^CzaZM0?w*6)Hi~7zk=IbvZeR*oGsb*jD2_2~$Ol zRpLnMc^}$fgkM5*$a4@#GtWzi7iwi~Lr$*wM*t1{CZdC-w@7F;B8VklW~L#Tx(W&4 zny#K+GNq|eT3p149O@M>EB$9(eY1o-(A7=4x+!f(&T6V>XLL;~lD;r0s0*bO=#$mL ztVA_ic}q4c?XMM0P2xza`M5vHVG!9wQQK>9LTzB$-16kDNL;7r_EBuV*3861So~+Q zC%;;633WP*w5zm&PHs5*3km8=58b1K>DEhStq_V77gmgls`ZSf=|h3R zKfb}G#>J1gzQG-~WpQsUtt5Fw3&Sv_Ka)Y03CGEsxJd z$j)0TO^T&|Fl0Hf)Hk8S9=;G`p;ZGXCRb-zb0&*rB6X%gaU3bNNIY&4-EO5U;^`9; z!pDs)FNCC(F}9}%rUSO5D|Ox|UCE@|6NP0-`%hW3de+7YbKTq4!50mTCc_+I&sRBhqqw972IAlDU_*r|g?(43#R!)@H*1nNzZ(>q%#ZdUv2~kQwh%Yu}+0Yx{G~*IP zAvF~#K6nimf-fz#KTR{U==ALY_9R^ib>~C(UxRDo?p&dFmZ+i}QN>c=kzvV!UE@GYt zjX>h3S}r`u24jk9Gua?a zZRyH|C8aSjA*AgCC7_LGVdQMRjES59;l3%aRHXw^$Wd}qS-leyaq_f7#R{rdM0ETt zOnoH3Oz~=%FSw5jhrgF*b1EbL5Q-|CyL9hB73(CUdt)+6vWwZ42WjXmhenpsU7lJ! zrDokI5=kLDCq#DnB{agC&I(o?F%D$y4~W!);Lllk1$7>;6vualkiAFM8?pDu0v-zx zcA)rSoRwW@63ZZ#n7T;lfWA@N@Q;X?a0e@tb-ym@4jMLooCL;b5O?co)f(KN3mjPv z#fQj_wy6clw%#foF>o-Bkp+|@c_PiZ{pFT?hlYiHhr$MTZ{D`==N42*JVreWLZzM7 zQnun?<+&_@b&+@>RL)c*IGh5h7k5Oua72do1V#O_b3XaSNqo->?^KC{s#D`~_Nu~5 z+d&mgdLs;*p5M`mp*h^;*tRmlV|=(J@?yS5S5v6^0_vW->~ajsBlxX153J)|Hj+>K z_iQOt<>hGS)^OE1`YP)-?5LD-v8`2XhNSb5Fa=^El46auxUhLHUix@bO4LSb$CYC3 zq#8?6_YCR0BQ~)aa@SEtFA9)8?VDFxke7J}9H+O|6hKjd)jk*mTnS9v@iqv{k6Kh@ zV>auL4fA?7s!aY-B#rNF8?rm+>$PsZm9^&&R{2iZp0{Vl%I~aIz=K9i7Cj)X$915Bn#41;_h>u_eIw`aB;fc6&MU2%Q=nf%q!=PY+WiUJ)#Z7Fk z0@U^(3Ta?^$j)b|_JJah$H{$r5=_(S2HI5C%VTT^y1*=UgV{y=qJ1H|%*?Ys2-$L5 zS{;m)rL<@?HHCnKlWX-2w-?BB-s$4pC)_*JS)o9v8 zEl9?WbTiLmZV)Z|>~zwzLt{1TN8q-r7>O<{FkOIoQ7@!9>C~0~baoO}8rjQ&l?Law zZC9&3w)Z0Oanu!WD3q%!c-|R@(q4L0%-oo5>e$bBJNzMG<(a`d&=Oo9hz`pYd#I^n zY~CF*TxC0_D&t}#uv0p&%ZDydi5yW#w&lK;&=Cdn7;oP|!qfUUzKH%I7Ir^SImKL9 zbO@mzxDi4wnDyGGJ7-sj(mzA~Y*~H6?#2)itM}A7p&2N*HWIR=aqfs3hJ?XC^jtau zM&~YOqz476p`B*s&O&$<@2s%@E7c;qd}^;r&vn|Eop_N~YvSFlYexynqN{J|0YPN> z`Eto#aG_A{WG!Y*X>+F z!qec8ilz}^A!2_^#+>I@<5qTA5r~{N9~H&|L^qFBh3fcO3TLUoRa}L^A|e|=J}tIC zi-MnL$E!4771L*0eCo5T#sG;@e`> zAsO`-ak+Y`pMJI)Vw}mKa%M)ZW*1wei-qTA_DZ>4LME2*;@rkM?bIzUq(pnq4MHZ8 zQ1@io5Qa=llUlZL7_y&7T@agd&LLHABLlr7cSJ>Pym})o&sxO}hxW?{XBUeYRtJf_ z%vJ-kktHEr!|}RX*o%pF@SKAcYwF`5hglGjUq(h7#ZcIy&K{JDm4ja2RbO1GB%~peE2?Xt4`nZi zkrKr$OIlRnvKm>-cg#yaaIR{F+1*(;gW5D4-z&9(evZXp#Iv~ACOXq1V%$KyZ6Zg9 z>9eIvO-0^Fzffn%=xxSw1$T$8E`gR4_P7#lSr#u=VeM6a<=t8}m=4H2%Rr-iTr*Q{ zxY9UJN~iI6WU8`5$eyLzyMZ>myrq>_tysb3=Hkw4qAFLR2~1s5xLjLU5T7~LgIBKS zbSGY%dvvQAw0e5Rob_CtnJPa><0i>IpSGPfY&bFx{Io(^Zb#}@rwz4E2fB$=gYRkE zl9NK%7}~zuX?~&ga%k*FPGm|~mJVST;DtNPV0XB}U4Z3`g1=C)WSGlMeG;2pj0WkM za?h6TE67E;az|R*lnz}um+eQTLs}_rZ$MhIMMI1HJy=gjwsDa(qP97qiM4Mx1TH%< zYuOgIX2O>QwO1HP%Z?Wh^JZP6iN8oH?uyaCR2|v3g0b4BnmjflRXM~JD9)9%1t%ii zrHFGHm3j+0QaZR8Cr{Q91A`8BX`1#{4%EH~tH4$f6y@hNO%*1kL3Dq0f^4*BuTrF? zP~-?sMdi5=5tCKq6o+k-IeV|%Tq71T@xWeCF|B%DQaXIPvPSd}cRij|>hyYvKNdYP z9Uj=l6_Jpatr@1ArlBIj#jVV0b|!h_X1Q$4-&ijq9bVyUsM_DAvN5fqITGMexQd=< zL62(cXUKg!dEKU50pdL=!&2M%QHCr^q0Oh_*%QR=O=2jx0i*(>y?R~?1|_t9*k{0Z zU6CArp{^UOlI-kfV~Kp(aMcqQP3U`(h@|q%380Z1}^!N zAG1aVk({nnZ$>#LDASN!K&OE`rpekLI`z-DV=N;!Cmw)qB3rC`Y1}s2O@hX1$;m)E zr>FI|HsYNrI%}T|2j0!&;TbCh0u55`BG75i17R)*a} zq!0S%?3!5#9c+0dpuLh%}>Zzk2G}4l11v?rjN#q+;OY%-ld>}RTRu zkJ5xf>zb3CCyQ~s??{ct>QkXl#8Svx63Pe444#ttrUM`7q-l0=CkML&Wx2=6LjArY zU&ghTC`J-V$=_}ej=B9MIyM7Q!yT}2f#S3&%~7i*>seP0dJv!NrE*a%*?Bipbs2=G>VbEwTJrXEGg^1-B!*Yw4u$@;_|^ z%|`0JqqWG@ldymQM>M0<-#O`iXTZ&x%A_pBKzCl^Wp@#O{gCgza z3_;djxU>Shy?STGc)4aS(>Ot*l81tkI-9c`@y^;7gX@qZEuD%Rl0m=pNYSk*e%d&a zLcK6ppBH2g7GibY7WLO{76r#~-AO<<6hn1YBh3+bcm}aH<10Ka+-4iUi6+kWuj)+t z$HmdpPm$5!c^=9|-!amdqAR?7lJTOh6%g_5wIDe2ifRNk?h4vizlX4H`*ThAEh)f} zgLhI3Yvy4sb%WbQRe1kGD@*V2dn+R;Sp9YIipuPq7QYvQ@tZqCgyUleo+)k^g}prg zmk!_Fp0o^N=K>tDe#r0$wqf&Z9qJG$nP+E!M6_Y1rhY68+B+_snMds~Q6LjzKr~V}TOIcciicJ^YB)ASqJ})E|JJ6%mySaHt zxhKt}?L`vDim0_$;e#Y)X|@MQq!_Tp5ah zAFVH%3j)1D`!VIED(}8GRi3qT=n5pQ9hkHk4k>2{q|`>CadCB}kiDKSq*ipKT2XCI z|3S3NW>dBGjfo>q&+HEa!mKRpv&-OKC>A6jr>?(_^({@P0 zI3pu;p!_4N{h#lQg;C*$YdVox(22!%P>VlBLuq7vscGlVip!vrhD3j?&KmS;^$QNg zK8NR&TbfD-3t1rJHVQi=##&O;B+`9gsnp7Ks}A*knP1UZ6({~|RBL~abSo@)yn z@w3B9Dke~AEI*r6d62ukv%PMFxN93H#rm$ww|RYY4MuY?9(AWEexoM38|!V=@SuQbkD#(KGXf1C!8k z(jYu&s-iP499X{k6YWxNxOW27>6SY6x4#uoNm-++cVDCXx~#mVB7gzlHWb1)RLfxP zNMnW6maKh9X336olK~c03%PWX_6X{ndVlL@d~?-37wyB1VY`#r6w|g2d(Xx!SC6|; zG`c`BMj>_F)%DLMm35vAoWNbAgbsQl&5N-Esfr)?8DU&R&XHTtG z*{EAk-JI3&3;P$ftE*88wjdg8uFDScux&bbpIj;~&IPRvb9rs8n;nDi&7D7OU!o>9 z7`BXPaabr-5iH8GIKb35xeMJSwzRZ@F1A~e7BaA;cS_vnRP^#f^OY)VZm5Y1z-@Wv zmuP{XsJPk+dzpsK$3Y4iRTuLJ@jwj-s6&BWWkX-=_)!amO+M3Q;F{Zt_zOeK`357~ zH`njAJ}QcatW2c>toL~3%m0a$@-4|qxw(SjVk^}cB`p!y$68p4$-8T2x)ps>ID#mT~o zCWOh6yaH{ad9VpMyZi)vrsT57*15=gmy69kqBMr zi0(G1QLY=PuT57}R*G#ga_v+q6!OE<{nR!f5?buBqAKG=xfh!tydG$CWCC5$2BO=U za9R`e>V>4Pv*it*<7``{eZCB2e#4s5!mj?1aqL<`qv-++sx24|W0^{wAakX;`MLXKf#kv#xa zS;R?9yiHrbL^mwrV-8!%tkaP)ss#Pz>w#+x?YlAV(k+ZR_OKk85SdzG5tRz~IaCUF zCGh`g?rUNr%d)hBzkwDEJq$wh2sM;o7>!^^Iqdwi*mPBvYsOWTl_oR$M?#t)Y=<+W zE9`JZgq@i!7R?4Bjf9E?qZUF!{0KE0m>sk14H7%HBe5A^hcwd6VvrCL&3FFpJ@>wQ zU%dBhmq?W>?1;GU-FNS~=l4731Vjb3aH*L;WYj^~dw+6{;6~{5(~+N~u~W=F^LTbn zF=9WLEpeaC+y=#E2Y=JW)g>R8v_zK=3>o8+TwTPd!m>G9Bo%ImW-6G`BHIjrKx2Qn zfbK{t`HZhO_Ti4WC8CQ@Cs&u3RN;MjMQTx#%@9G++hGdqhTx7k$}CS8M``s9QF0%2 zE^8 zo4moiRdOBE$aV#c_SqHTz7q5qD~bIrA46y*A=bN2A7UC&X&Ms$3&en=y$baRIfNm% zo81J!so>f2kPW%wSxUF z#ybV63ZeeYv%+lK!i=`$L(~%550b49P8PGNFcTO7p@c;6>m*RW+H(>&fR!sP*WfQ9 zuf*Z^0G)}*DTU939%@pD$uX)&lpds6Uojxi3|}j`86vCaL5$qE z9@~SZaLl1UTRgzNbb_-mD?|5d>Q6ze42Oxer3&Br%8%GCiDNQ1mEBqx40cP5s;Y)Q zgoHb&^yUyv6vm=bW4ekN6i!a(nM; z!3`F@(l8z~Px`gx0`8eR1mYuzh{IO|;&YU@(RmSmgN_?Mj7tpTkXlNxkzl5{&*@H&Tv{k}!7Z^&|nYeiWun>21VcO37aJ*Z|69H46% z7YgxP3X%|A#I#(;QA?W)GE(d(ad*TWuv`h)1B?-05kw$nY0|HyK!U6Zu2XVu^X1xI zFUD?BaR?~HMi`?MOFAKmiOS8Hq6Wnv3d9(pmT;A`^yCB=xtn4GNuS~6tCoRo!(P)v zH2XH^3JMHSO;);ilNL(|cP~wGJKvR=7pxUC%mcO7zG*z(2JljFr5L!iPfrO%ad`3m z>J@9Z{UO^BYQZ}KEx6h%^11g16~jo>rttvE*=KNk-2a3e{IqtMe(lN98nT5Gcb^z zRCU_2j8ExizVu#k-Mc4tIw- zV{7#c&w(#oMiZzd*qhqgcDe4<+IA0LE9Ue-Y;6VWtG*G2{#K{ur&6ls|l;3nhZO2w9S#tFj@}Na{Y*`sHm=R1m zIEF{`F?W)-nzqBQNrGDe64-0Q@n(u{OU(exDIjsNwPky%%Dh~X3--pW+nP_ZxzE8N z$woaD>ru}Rd%7^4u-k~{!(bxwwBiFyJS4*2!r{hts4lL(w5 zojy({6>)~Yz`biwa4*6uKyZFeJ(TW>MVE?DQ(P1e_DUwbXC;2OLy@Jaut1TCMG+dA zb%iMQ%US^x0YWI@%#;fw1os+0VY+l7Ck|wq#;hezA4$Y)kq z(XQxoNN6aT4!_uP=^<34`VXk1V--;dB#9__l89T3#|WFl7flim2h5OEIr4Z#6a;5m zDJGz^IpC_OV1BZH`~Clzd5Y(zl(9D9rtiqz({f6Ew<} z=t6`Ju=|kKk`9i0b_>yjw@YoWKqpwYvY{Mw86(u-mpNe1zlhjwCk-Hz$>}oYZIN99 zNs0eR0iX%A){`;osmy&6K~VZiJN34*hyc=Ie5GzNR!sa6(3gUC-I1VZ;)9LUua`EOIn<-@u)g1=bKpi?m`btLgf_1I`k@`rVgLI92OO`fQg|hBS%L#htS<7j66W?rq8oV*qm@nmDkV!$}gtlvEY!I z+tWBQu}o5btg?|@pn8m%$q!*w><80zV^Mei09FU()XRUznrR8Nxzz@nOef>RS{xas zCZ@43?Yt-Rv%~MLS1_kB93=*i=bJb4nA=Mozk$%dKF~nI5n-#vP!0F@`O-P7*yoa5 zmzO+meFiZ_oT^pwLk(G|sIFp`#IG3#o>XQN9y53=gdYS(F)Y!gBX5equJjMly4#0_ya-6jABwriG+Enrb zmz2@z3lYZ!A2{g~u4;O55`o*b1n#O2vFN8RVX7pj7xm5^8p|96NeNQ z2*Qw`N0PYR8ZMw&SUe*+40ot;B}+_v7|Tvvm8Z3UBKcy;zN17LEIoRW_>3Ed0f{-= zZoh!)XoW0LsOg5RLOWTt1mO`!Ob z8P5%Wh|gk)!fAC40LVEL-zRR$c;^zO3{hO^e1QnW^@m#pQ>sf&5}2qUAN!&tQZTC$ zdW}Y1g~G59cdGtE(|T&SH{xX_`HZEiU`r~&DPW(-!HpCv-s{;HcCc04^i^JnrkW~( zX^pa$4W*JXK4u^%a@TRQ8!MsX@nZQV;P@4p&$OjAScJA(8QaUm9UYm%V_-cFR;wjI z?1Sn>cyAH3eW6)Dj-l!R1;3JfW5d4>CazXNuc zRUz{XdwmuJl!hzY^0-pn?100BG_uIt&Nn1;HDfG8#S+_f#uaSU_{O=OIK;bs_-D+hF>@hQh z$25}NwYTKmX>b*Sa8jvLtFERg1YQW$PKu8t5t_YFo8sH9I7NO0MNXE@J}}IN#uUtF z)w0c&Fwrz_R+ZllZ47b#vJx>=N7}&0e@80AWXc~<-#@{9O^rN)#e zpkku5_({=(B=M=Rvch|!!BW$XFd=m!Y<0X!7Pxb2l>#uIROER)m|%z`q2T1<5E!eI zqSb_>+n+Ur#DYg^qO;bGC;%a7fY=cP>)e%4qBadA@rGHWu->wYfUNk#LOc=&uRkBb zD7!D16na{>jG1q+wo{27j#f=rIM&b8lIi}w`|~xDh6!gVv9mj4Iix;Ov;k|`*&B}O ze_-D5Z4#yzO*s+6=b{=}bqo7>zb{o+%6GPD6|ti!!DxTs*O|?sWzS2 z*$@X6jhP=wxr5Z|(Y$b$sg9~jhqEjbgUAFYFx`=OEfW}M6{pdF$;0gSwo=0A`w{`n zPJGw4T&*uBz?J!V%qS)={sHsKmn`VGeTESIaCwEebqbqEfqs0icrgo#$)SrE+@(G( zpHjOm@cd5+u5xkuWVyIHzo2{ZuPP^%ZQYe}{ zQNekfWRQsiaeBd0^KiMIe007!TTEZAU-0wc?Vvi#xw!#jZ+dPX2vpT`yzzrMinCo@ zqj~upTlsPc$iifw&77C-E@ujCYP#6#)-w))`B(eKsFC`Q(KW;7j?4ihY9ayRY(vq; zqVt&#Gy(=LJRDjD)kF^oYt)p2bR&dBC|=TcK~($|6?ezEGI^K-2%2!CBH~%MG#*N4 zA*VQPsXhf(0sA8KpQZ5odcL&r(u1xE5))k z6fUw~rTl80bXs=8Vw2l5+iH?1icP1`I_2Y*At+LB(AW{dDR@-|Iv9f$;@Hp-=G+mK z{GOnp1-D9ERM!qlAHZU?zO( z23JNB7h;_2mno$=!##KL3|T&DUwzJ@B~^TVuo3K`7AQ&sXrQwqxXGNNM2I)OR*cU@ zt0!e(vQ|yrzm=7B)<9KdHOsx~y%AduKH^F@81wEh4;40&XNy)vFV-^eDXmB_}M^cwK`F6UOXThd-E7BIG97VV} zMdYKB@Y;E^g7=lJa+X^@l`^A~DEgiGX2fP&oGil~@)%QE4AXZHR>7Fakkx58de5ebx|5Ej1pi0~V7&N0MEvk4uR zj(TLDgBlUw!bx$ts8t4}I#_F4lbj{DcK1!ZznUJj-oP8ZDhZC8AUDZBs=?o;*yuCI zC@|n6qHW-{H}|yWrAaxN+^yOhCO`~d7&F0nU(XgOH_Olp)7VmhS!$!qBtVMhpRlX301E-I+;t49r=>;u<*8v{B~crtMwDnNl(?S+HG?Qg5oIb za{TOS^${vsULow|BN3_kmuf*Khq3O6|3L%LdYDLEr3^~!HytAH`Ivoy(au?b4SM%=jVNf6%zU%=`~moLKT*r=6GKc zY|Qow=s}TqjEGY;wha5}2H_Krit+#$ic)=)w+wn`cjfxMt|fP&PS2l>zFj-xCT$6>*o1$R=z&Egf=P;j>c z_PLs!8JSWrF71fM^WnNkaQtlRrCHoCD)?z#(twJzPJVsaDZJ*~Pd%-;DezTnSzf@W zwrg-Gh!De=Bz1SHrS>w(3n`HYWSKw`XHu&spBw-ZHDOQK8oEhgg9oTIzjNUxl9`s>W9L=>81_PO*%?`4kxBUt>}H>vf}Bj(Ggust=Svid!0&8Y z1$1Yb?Zsr4JCac$fm-p|m^vLjb0U+t#yjdg^ULHkcTULyy+WwpBoy6@8`Wh+|4EWU zX*(j%k@9>fV9&JdOW4*L0h?BVY;*Dtu3vKsBv;lXJR+}0EJGbnY)xol(Fwzd^On|f z<2}Knf_=u?B$jlSPMso@LC%(7WH%PRbP{82 zLn<n8N!aPL^$Vc~D)!F^TA&UXGQSHw7;v{JONMu0)s>+u#=%j&fAG-kdO zBXd|ufuP!sl!K+ner$90-bTP3galP#aWYv==b*FQhsX2NIj|Rm6-BjT!=+C)(^p^+ z2SCA`T$}4X`*{kL19oQyA zcmTRoEWI@gh9?y@0qsruK8Z;NzS801;xv>$|7N;6MUkLPks$pxu`D`8H>$+c@C&in z!5xlX=ByfAgbUm{vdzr3L7c#A33&cAT)1vjU8iB4x{ zQ&dWvOwp7NT?||y;ysSL9$LPq!Xv~SimO>iuv;t|hhJpK4GS4P)O_3LoI{JVl~ zKLm^~I7RT5V-?7dZyMd2Te=7VRX&9wvw6K* zqD)Y1Rx2L$%Q{Ocs`;z0c3UG#X$%T*|x$(#+9z~F0V5y)L7@ebe(UaX3`}=3oV%^ zx?K9B8s!UYp9YZaFzh3MJkT zrs+(Cz3Wm}HfEbXi1lE)4z)LgFO&x!tJMaxcwp%RRY|b~wh}sFh!I#1%|Pu03kH`@ zRxqJ>76{fuBE>m>I1ml3kd@^^;wtbg6$S$KRfv)%)Y{6Fx0HO0oKL+s<%{8ID56fy zGD1W>Q9NPaeufszZqG##9H&8p;W`rTJA}?HBK%?_I>H?pR?@ny_WRnnaUM>z6e2PL0vmo^B7C00@n`(6lbbx^?gWJ*JNN5|9l43;h zc<1a^oJ5IPJO+E1qprvdK19nu+8}2$|C4h;2fZw&P<&jH&`hFi&QBJD(_JdD*F zc$YNi9Lh{h_#$%AD*Or(Se2914b8kx951zp>R^Xn%CQ5@OLjy^sXawBRUP7_igd?` zlY4~BB>Eu=Op{#uUCN}#rFkK4MG0kwla;Py^>jet%2Z@LKnbhrlI$N)& zuV!nD0XQucs(Z{@YZ{?NWslTHa`!dbnTroFfI_j%57qs$Tv?2f2H#SU-uc4G!iQ7r zu>}SbInm!bB#>dJj#379a_o~TAuLd~V0Jp8rtMc}q%mAh=c{UM4dTg3QFbg)uqnlz zUje#cEom^v%goVbb&JbuUs1Ua+*;BVv6lDaTJ|-rABAFWWk6uNXY6?PYJS0Ija$K= zU^T|nS<5Ks1O-=!gs?K`#JYqNV>Ufk9}e4Zu~;UpPBH~yujQp_l4X~TOKZ}EB9TS@ zzJ(6RC1<|-gn)~hW|$mQ+aB?dX!9j_RSW4)LQ$bq>=$e@94mwV!)3NeWROAQem@5w$x)AN#mtbqN4Efeai_znN|Iai78v zpP+6p(FGsTDmcN!L<`Bcsbe|KM+bMid@kx3BBY(4z2p(+R-q&af-o2LuT*;4pa`up za1iArLNT@d?og)3SScA{!3U5faR&A)TOd@MVT{FeZPWEjl-kXkD)_#RNcq!J zx9H-{`4MweVR7=gaBF@W+~BriJy@4Y*68-5#Bf^XzOn*+brZI*n3&a>(Y=Z!Rv>d+ zw`OX1n3ed2bREAs7eW!v5e=*AYMaeMl@$Bb2kJ4noa|)+7g8B zBRF+Nz^uJVQdL%TJbvJDnnnOZ)QVI-k)3!n89>Hu1`(h7eP}P7W>Sd$!z3O;+X1Rh zHYZLVgA7FCTd8=;e`LTkA1E`ix+bP!75!*SqcJ}1Abo}OG+yiye>Pjgtx4wVZ!^Al zG~62WKn1vOyPpG^C;YD;6L#r<(&WKJx8>ENs0VS&$H=S4uLRPd{q#J&QBk^SnzgxH zgGp|dqEq2W|3x=x0s#Vy3z@Pxd7Z%kWv#Yr5=_v+T()3$#*W(3=i!izmh+uC2e=}H zX4)J0y5X!N8AH2(b6zWE(@llNzGyicoWG_k!B#0(twA|0E(XLl!a@npJSXfqCol#Z zvve>VGS+XR)gb>xIg_g}NM=XHgWqmXByrD%8w)AhlYtL)e z(*k~1h!twR{_5@92@3qIDJKT_oXPc0@x)|ez+_^bDX~zoa4aWz4q@8f%}FqGt0Tdr zoGo>iJpu)jCh5qxO0+E`i}U12wp2(n>F)#bC)xmd$27y(|b)HG&M@e<>x&%ad zm(Cj(ELeBjj9lW7ZHF=M60koxq^hSNjA6(Ia$Tw03KI_AFNX%rSgM68bfXf<@o2v0 zB4EL1cmG1VZcG+)@Qn50>A~aq#TgZN)uea|aplk^UF5{r!!%=^uG@$f`GmJV{;+QO zzM`1zE19resFtDyj5KM4o{82T zuY__A0&Pui5+GN+=obEZ`#2U_eh=7+6OBFKsWSi5PON*}P34M;3NDtNf^8&0;i;VH z?@SXlN+}(KX6|bO%(bDsT#b@TMb(dv2t6L_zZOW183VWDmhpb&)(B{#g>&nv5}k>3SN}nxBYyAwTn#21*O@R6IU{s%$0^cgbtBAXG$xo+*ax`e(>ZJV%|4 zI@8_sLp7%?V~w@kz;d#6i$djLRuK z=H2QkhCH?AWY-A$3z>q?ClN)oHWuHD;Xhndu^*@P8vHbBxDmJjR-THha6FDio&V zxgB>j;XG{SeIwS1hXW((lF}TrfOi-&k4b$Jj@B*T_CJ*bBQ5Li!RM_!c%02JSk`PaQNbEF$j|4p4LIf z&f$D;Uy0f#oc%VrC=Tz_$zu72l)mK^ij7oiyjB*A0HV484O6=&U890U26eTKUOX;v zl@E&jIi=hM=eTEAL9v(g-=atTV4_LE+iZh@O}$h_0kuGHY1pbQx`ut5Q%=>ZQa_yH zK5J=t5SKi!NLSlSmp^oV^htz~jLYukIcNpPkL$l0(y#D%ly{J*Uo6mE7?kR&_RSpJ z9+ezhRPxjFodd)sDLVNavRFZ_5{0BnHynl}H4O9GolpU!x6U5<1A50gzz@&cnCuz&6>a?-UO;sYAb@$ z#7s##1gGR3sfwi3PR7_!dfmj!R$S_^f6 zVG+~CLcN@5G&s~)aAj>R(L~Dj;Y+HsxI&`98cN~Ir%x8ki`h$R6e%KU`-u-YggZF# zaI{?>uRd?!BfJdBFc-|`lJKVKDwP^DWT+zb0Ju7@{@*fLWS4i^2M7l0UDl!5KVL!2 z!fF^qoRYTt?Ta@+*iW9%)(FyJX`eiq?A_au?cNqla1)QlCp$bf8j)D|MfwazKGl>l zghX%OY<+*y=tNbx7Buf$a<2|86v&1@R%9{5NmRq1+{vVlH?`#uWGODPF$+?MDoSN> zTwor;$3ja!2eb&$Y$TQCqU6nibXyHbB9P za1(GV={)T8!x{#0%D%W*Li|>A0xXF@FP1B2o(bS^GD3W!SdX$9K!c%L=MQS+@E5EC z(~eMiQCcskqpMkr&|Vtum~CvGbw+(QItHmt91D)77O<2YRXt`alPR8|c=m2G?Vv^Q ziltx-CJQP)2{ppdUe7CQ--4FOkZ>6wq2g*I_DwM?bJzFRWGM0}tx*o1pO?Bu$dgo4 zfB;YChQH2ID!7Z{{JK{g-PdZ zkX_a*xy@AXVT%veGCe&t?dh%piR1C?iz}49TTL&h&bx}XxJ*NLF76Cmmc(co32(Um zf*~OOHmi0jloVOdZpZosapH*d=PCEMvJa)W(x3~I9s*pp{K5_EAhm(?6=_#MFiFrhA&0$RE;d3_5`ZqfROj&U&`Go|WU}phG(aEC`1C-wc%m6d2E2&2pm zP+#df>V*h_L}|Q~BCHZzn=Z5&$e&%EAH(m7tqlr{t2#sH@0Qb?%>cx1He95s6FGSK znx(Zlu3m7_RM4yg0_X2fv_7b}m&)8>2)zUsqBl7l=+-H3Tg*kDTEi5Sr=EO{E2*n9`q~b@IW&JqAits(gEK8F)ap=|7(C(9~YK^4lFXoO^ zwa8^UnUtW6Q%3hBHk55jPH9G%mh8(L)kdK6hd4JHWPrE4Pn8j5jlLrGLPB2p+E7J= zFRoB+n`flzGR|DVLZh#6>ucT49xhuFIbvG^QRa;G zI`X6G`lH2iD#b-!Vk@GKl1Oc(h0O6+WVvccV;5@aa3x-!oaj;@-A*Z3A&%+E+qdI! zBeSCdu@{vgc^=J5!%T`MY|1Fons|HC0}(@$c$_>y^!vDHFh&F7H>W%EIXILl5du7) zmUo+E8N!jBR_c6Nr!!Hd`*@eZDT-+D$*c3_#ROI8R+|YuhH0@;oUq#JL{V0MzxN_` zv0VDoNM}Gk)^S3~?_BIS11A&fq^;zqef-gEy19bb9q&MMo}X-<8iHRwuOQ3bh6{+~ zzDZkU(CFi|6b=K{@OI{x9)wEd!pj10gL>rZ#x%)L%DLPhpxb-Ln7j+6 zYjM^LV3blh-C=_+2Th3ZMHO@r3*W3>k`^hZaBo8=Z((!X#EHX_QlgmFG0OiOh)F~k z9IKqRye*c@k*Ea!cLaNlT}S=T`$KI>2sv6146-MbcJq3+K>Y``{{X*xC`!YppTK1xLqHNgaKScjxQxP(KPrG>6_^{g|26N&l3)Y@AMyt^t#XO%w0! zhlPs=dfZ$RzhaLO7UeouoKDhPk4@Y%!2sy14IAfUIaT0&a`=Q8+;=sr-!b%Nn9?Y| z0zqQgKx`;Phrzc4bOwrjJI*!RHTfnl~;hqfYCDxnIuH36IiPoxrezuZu3 zeZe6FT!Y{whl(;w;b>jTC|MvPx`ZV}R90$9<`WIztZ4H%+RX`}giSAT++b@2G^~JU zFm8cZz4Hm)sI4vCnA76g+#Y$5b+8?i(=oQW~;w<1 zMwGa+Y3*V7GHmB??S#aXkOLndqu?5Ib_MhjF)Sd&;8!~N8~{AWQgN2_loBTei(-iJ z{mZNMYt+ic$kDy^yYtQT7_Xa^yuP;IE>I)--m8nNdzY&v%(~6H(Y^52FPp(l85Fy;;j|n~l)@Vut^ta2!W^|8q>Crv>dhgXze_78? zM)x+TEHJu9@lSkvNgQ=_Z}xg}wwj*LCa+I%HTw&Gn;F3J$>G>S@!kuXbc!zIuyk3v)q4^u-PvgDW@zpDgCk!3lmp@S@jxHb{9Ure| z*Y+0$i|u!;sr{yLj^{{9nq`6KwT z@!ycQM=$XD$M9q0AO9!$z+Nx@6^)Aj(!WNdzl)E4>gNA%U&)p1^&kHk8Ef;m``GJi zeEfgi_{SUh#9n__hL33ebPb!ozCC)Q@7wjhaV5Xm>m@CYeurLdygmOv(9b@g5Ap9G z{ZPi+>u+7k`*iPLz)wE@H}D><$p#KYe*DoVa$kG>mK#gI+BkdtXL!$#|5C@>>w8=7|F5(0zxA7Pe|x?9b=w)b zd%VB=H5&ap{NnHb%YR5aJsR2T&+=dKfBE|T2Yf{1<6UegOnzwrS*zm5Nq zj{lL4e{CP=1@i0t3s)+Nq=lZAF{YQUA$9-L2X>#tL-QQln zj?ex4NAKylpOe=g|8+MQzuGu^{YEza#|Jv@fxOy0?J73T{{G7tPw(0D|3t_CwvPX0 z`=Y+)*ZXUF|DEi6HvVs9@6)r=KYRTZ9WU?3|NnQr|IUZ;J^IbY*}H$cGXCd(AkY8q z(soWpHQ}8jb$z zx6%`5Ax2NvJd*L(#W7}unea<~+-*eA>EO&BumXweXagh=Y7O_vo znNniPj((wM+>wq%B0Et(Q9Jl)B$6iT+z! zf5pG!<^TR2)+d98ME@;~e<97w|NT3r8QoS^tPrjK-?E<>{#`JY{O_0-;u_kczDQe8 zqMITSm2zlC#C&8ZBwkqRksdFFe|Mh#PFNb!-|>>w!DP&f$iV+U^?B0Y`DtSug{7Gh z+UF&&Zxs9;{ssR2|LZ3;yJ$4k*IGM7lTlvsp2_NEHdvo=88McHyPR>n*RW$X`pkac zwWi53>gO2iaTEJ4Z(3L!GqvXZE%>!a78GYf84YL;5LH!3WVsEFuhq+uE_YBCbx@b~ z*Kg~es%9slu`kX}q+Hlh6eelzC#jljY-i^%W9p$%%I%NZ?GSmY#9xlq$ynd+`QmuP z+1u-7RSiVSD@DN~z1*#a#?l69%9W#fncp1mBr=GJoc_mlnE%v&vU2eSmhpOa1_vVC zs+1km6Z|Ws&qqu8+liv%T}M^MtGd*-Y3KT;yjT>Y+@{+@%Q1GjokXHI8P(x3ITp1d zQLsXwtAq-KLDFus_s=YOe>?dnqBy(3deVV8@on@)ZH+9uwZF2ua(1y}Op;?x{KV8Y zb`zrIrC&xDyE+X!u5c~RUZJ0zo@B6Ht<#8Fh0zKDS+4I_-|Hml&?(j2V$xW3$;6H^ z5(df;T{(3Ldj~r$kxuy_yOqb~Kcto$M{UTlQ|J(~Qc@}=)iBM@RxihK>{tt{qZ_8y zn`B8w_MK}GQXXk1s*P$wy8EGkd7%NK$MvFw1iVhN@XvZ8Mxdg{N+vs?U*`BZMEDXxayC`SL8B4S| zf4ba9)WpRvyoWf-c)sY#8S>L%SzHrGx; zt|+IfpRF;!JStn+*m-D1f!k&|$%}f%(w-uFr+7I>J10@BNV!Xlf=EG1PCmLzvSCNL z5R1UB#&(wdT}3_Gi0mR=d*>)ei}a+dH%TuvGwhVBq@F5gxkjlztV__aa$@P^u5j-NvKGkjCTB`)~QSTE|S*D7wjGv4w9UDx{LXC1LIgv ziGk%Jy;XXi$rUPkiqYZHc7b|&F)=rM3?==dn`6_>*jT`179bQb7Z47J0L%j{05Dky zSOi$YK7cI8LKFjKEFg|PucUGnl<|NBKq7HTP_6-_0@45(fK0#!0F!LMM!+V(R=_qu z4q!WA2cQ736Ho{!0_*|o1?&Sb*$+4XC;=P<904#n3MdsHi9{!%ECZYdQ~;^~X8>mb zOwIw$1FisS0M`IquERkc;4a_+;341<;4$DSfXOo~#6Mra&j$MZ2Fka9_kfRpPk=9g zZ-5^FCT!~d1Ng^2FoD6Jr6z3vvH&>%leSdKQ`rv6_5fvoDxf2vGoTAV9iRcw0q6qs z09^FxxEqv4ble?EV?Ymp3BU|s4(JK60Q3g@uk?Y>Hh{jw+d?^jjt5aWgi08yL_+~i zfMLYBQ#k@kPrw-Z>;40Fs3;>haP|gK}10n#CfCYdkz(N3% zMNlpVECDP9ECa*2}o{kf!OoTFtj!{b_N`}vC0BZqhfONn*z6tpbpRkaM7k?T`2Vd z-2g@aV}J>Oi7Aw3bj&{YgyUX-J^&klEnpyEFklG49`L{7_&=YW;Mf%~4B!SB0T>M! z3m69&5AX)~044%_0sa6cQ>hG~avGG=0l|P7fSG_$0FyaT&ILpQ<^iGr3jvD&O90CN zOxT1N1Bj*1E1+BrNB|@O)&SN5(gEuM8vsl;Lb(O76|fz!1CS3W0C3p}$GhqCJ}8Un z_yCoMp*#vW1}G)&1eIk_o(5C`&JuS4%8PV-8Op1G8o)Kcb-)e4O~4%hlY3OMTVCEyj{HGs=oIDYp(pWnmrCqUExa7_0LeEtUb3HS~83y_jRD{Y{Z z0muU6h-1HzhvRktMSu#R1E3?IGe8}n0pOxV$2w5z0So}$0LFkG08@ZDpeKNd1(dx3 zeE`;gz5p)$;J81)mbigX4h9SX*b(Olr4zsfFq}9KDm|eb4e+AR%DUiSe?TB02rv`CBoxZIfN=WExOsHE2+E~^Wq{>?Xg~}g7O(=qBo4||bi5kMct9e3 zUIXP?Knft0xHKr!0qX!6fDHg9*-&n#<1J8b1LV+W_WN8oE&vn)iU7L-djU-LLAjrf z4^YYYgK&HlPzpE!I0+~NlmjXORe*DV^MDJ0i-1c2CRd=m3aFva*P*;Y$G4!oO~*|4 zE*#&Z&-bBxK*tZMd<^9iI(`P_3&2ajE5IATJHQ9PM?fQh$!93P0)7B~0)7Mj0R94) z{9~mwjK=^bl2A$k+R$eiDB1mCTYx;EJ%EWKl*)9>KC9BP8kC&?T>u&YO@KbY0MHF! z1n2=U0hj`q^n}t9&>LU{um;!wxb%bL{(u1h2f$Fk|BB=Pe0G9kH^2zMNa8)A91R!) z@B)klcmpN^d;$J|06-96I$#E17GMrwE`UimmFzeIj^_d90~Qj$2+GBPC4i-XWdJ72 zsbt5|aJ&Mr8W0ai1grt91*8C&q(hkj$Odd8j`3UQI0wq@fLuTxARkZwCR>;~)w z>;vovFe!$zgpLnFc^GgMa13x9a1u}kr~ojjhVl&H9N+@rDxd~%4R8Z+6Ho`Z1-Jva z3wQu{1mN-*j-S%!=TN?&DHHN*O>~ z`m6wDdw?Q98K44Sq6(!Npd)?m45d0i6QDz!K9mM@%>Je;92)|<5!ancxZ(T1(i4vR z&}VBX`vUsW=l)RI((xcDhtRPdln#KQ04IPmU>JbOa4OxQ903>w@B)klj0boFm`s3j z5@0gGkGQE&1^@y9GXNognSfb<*?=&>TtGM=5)cJovXIKfP%Z<+0Ac|v0r3DP2~Z}} z@fs-C0#fKR`+X`Mr&E~$WhP()APbNU*aX-N_+QxypSJ;a0P+C&fC9iyz%IaUz#hO} zzJfG+?hKcH*|{097GoD7Vm02x4AfC8XBKoOt> zPzH1Wr~#OCrcxbBO@J1CW=oK|bj45o4jl=gJYcn3Ik0(5hol#cfv%-5&uPh`vI+CJ2}W7$JF#Xss>Zy%E)!;Gk$kR3-R2Vcqh^|wRc zUW;yjH5_>U++`alNx8&Z}9&6KazOWsyK(@O3>De~J<&u-_cZVyZXbR%4& zev{(Oy5GJL=E^A+A%jClxMep>YIq%7I&JWy;0|eN=~;U9um34_)z5n6V|lPF?^)^O zV8si%n=Pt#Cdf8?a_Db*C@Adoh|)1(Cpt(=lqB3U8}Is0UOs8h-{GabisZh=7zPA7 z8lOIY)GN2c*1?&Rk2?Q&F!+~+Ow111`-4jc&JgRLz8o%27?W=5>!)j|2mF==}yUk^Q(S+J>B`x#$C z-~X20qVLl=K+j?A$b(VN4i64j{gaKe+3TvGq|j%s*-ph*G2@(L+MeuC{r=r=&sPP@ zbcRpR{WNgg=%fnyIX#RAn!j(doZ&Ed?WI$x8opOw#XdZ`LNRsyHd(7tfqAF;Z2utH zE&a={hw>NhH8|cKF?pH7yfMk|i{>6J%PXo=c(8xZ={uL}*Ds4Ww=-dRRMn1UChuNY zJlK4vY`jX!N`nsHzYWvTc_-;!nlN&o-^vwz2YD@AUoq_0mbzQhj87jvJN9Fo+9sv5 zr5*(fUSICJcf0YQ-1`;2uVn7d&nz*{%^Y@neXduo=I*_-PIhrP^8Hbusr&33`%RZ^ zP`+Yz3s*sPvSN0s!GxgyxNpb9&p)aq5mtrFCia#kFH6(ey{pNQeAzM&%5WE z+8?fO*3GD`vbDeLe?T$t^;w5=4(;j|`=2#=rglTe-Q}R2$>iW0W%-=~JX87)X}d+= zakRC@`nhiud%e1H;h@D%#Yv0WCf({jE7D=z?0JJ`875|Fi#AxL4~lCTeQ)2d3zqvv zP7Ii;9$cIENn5-BTAO+K@zDu;miJxWFD?GJ#{H_73(R*^9XY+`V#Sam8^iaPtyWD7 zS--2+QR7JOCz6A9_^7*Yj#Zc!aVF$_(8P>0T7NBec$7W;qdxG;&n;P@^%YC1b`0A2 zFe%&lRdvLRa0zXLdW+px{v{SosMtI8pMPTawBd!_y&Gno>9R>_Rr`C(+stuUu%qsF z*6;w!8D_gaJ{)`gi}oAWaXR1gKA5P@-F`zS_FPH&4b{G- zIsKn~$=L3(_ve{51*Io6qjggUHhQZhdhJrr|8nzYm96$@|DNTa#?G2__06k#hw zMrC=PGb4MtEmPaOqUYq`A0f?4< z{MIyC?Nr>ltZkChEn}qtS1tGTmKbNfY|o=jy%be7ui4JakDBlySM&VK1;YMp^ z>n+-BZZffasr$dQixq3`AM;sowESS-+|!eOq@2~vZs@VTeAw7u7lS-rPm;9UVXfGA z#pK&zrR8bUbsQJ}c|3W{=4kVx`iiXs{123M`0jHx-^oUMwzb2-35yf#ww@ob+J0W& zn`1s7=w34N=a#6=`Xv_sI=ZTf%x8YCn7emX!Hy2Y9QLeR^GH`ldy~@G=<@Fy+(JJ#_sHTWlcoYzQM1` zKG?(_GwO7=%C`37)zd|HuIz0)>BMp4C&@RQ417veOw00=QZyb8nA5yOX1CVb_j6U3 z-F<6P7t?1>C$p92i#F8i9r-+7rFiShf%;3YTkgwh?pky=z2bU7hTHuOzvJefDi120 zBGv!>gbLll<*#-hRCasXyx?EAH&Ls*ZYq8-r_-v(-&ET^4JmkCnQ`;WvxP+-uFs7f zG)uh3AE}vVIz@f4#E7xKp4gP6pBO#h$RGRV8y&7Behrh`GxX6A{{tyAMlH!bR#Q_r zrN69Y$<@aj468K*sCZqUsO}H=l7uEnyq6d z&$HfPlP1~RM=7fB%LOu3v(vV;Q7!D`w{K*#i=4`d6E&}1Ot-%`L*sqn&p8!;zPqFj zH>zJ){@v(WzV{`=Q=7eexxSuuz@*$tJw{c;Iper<-Dzcp`;IP-VM?ZF>c znVPN6+NG~MO?gd5LRag(pQp}W8h^_1N0QNsx6_h0Dp|YVoou_b>4Ns=N7^!X<}TYS zy-g~tOtxg(JB?K<76g?a_RMNGTlV3X)UOZLs%9;3dRgBqTz^1G`t=?~ZKX!9?tX9c zfpb+wUdaQUmv7wuGPd7-vzh*er_Y)gE6ME-ihQ`>#mSl)`RyBAr1hsQRq7S?)5>%I z?KbiuCMS2~&uP>sYm@!x=MvvvO;%dTr*&(5F4VkF+MYG;pv~7*OV95yuEjHAbI1LW zbx1ef^ZeIp{|-G0-4?@5niI?5kP9GkxHjpMq&9_HVs?c99T?2p5oeUbU4 z170qWE$!K3+dfgc@%My`BAxezzMFG*bS*gab98-4pT6#?!_WM)9#T9m@%!X+hwm@G z9PuOQ%kT#^Z@Lc`4U;b4<|X&ktnF0O!n8rRq*Csr)E-~a!@K`(vk%vN-t5yVV#${QK_kZ&V3Cx{p@L~@3xpP`mGzdr{nxjTFN~}m>%*Py?J@l z&UNy%;b%Q7XP#HTjLf`@&NnHtxTr{r>L4=I}m~tS()(zO-$m z)cDd@(^C9AlCC^SS^Ma856$q$ceh>qtmUxoPD+>2LniG1^((z0idnD~%A}m8gxZ+v`HwX`tr9ox3_Y$oyLQl=t3M5#;zAeyI;ERx8mRy4g;e*O zBM&xwH>>}qrJZ4Qp#0#t=1I=(o9pKVEU>&S?>F-Ns}IMfY&f0nV>-&f^!L-l({clj zKh{%x{#5$(XH&0sCls5X98h!Vo>Ug-+39Vy>|9;1$Iou>^9#6Ky8cAUaId2c6`!iI z*H>)$TG4sx=57B1X5Y+3qvx^G&atv>yNYQwY+?`yYv z_VnNg%?rnuZLIAbwXjdO4|W&f`0~k4Ve`#Zvc@`OTO>>LEsqH|e4FbwM6codKC9W1 zTffX2_U~H_`y0UIi|?Hm%}tbQ?{f0XuXe?vL#kZ@-1GJK4BqPGpj}iFGN$6nP?eB12OWPYIC@}>YCuVm-y?5Ma6cT%R9e({h0nC^79tf7ak$0zMaVDo&e?0&-n z@7pUZYHHZ$M|meLcdKo1v0V~=!u8K^wM$!fhOXZn7+m`Alx}?CuUi23Tyt z_eNd(vOmKIzLDxa zTNkSL7B{La9kh3!!lhy9?+S09P8n`-K70N9vEAGxbH7%Y{2FW<@ye-sh-2!}nw2xB zT^s!1{-x;weViid^3T-j$$uK;eWYMkgyyPtRz=erbiY>nI)vYE?6WHR(27vIWhZW= zL`Autj`}H4{UZ0ui3IN-yG|gP33vRlD4a5_rK|~!9~Y%N@(A{c?VZdOP!njS0O0v_JqH2e$zS|#U$%hw9Ee) zSZMEe#rXNK3$u<5Tk=7wyJNwPx_)n6Z~QUy8Ch|z_(t0_|GbHB2k-Crb*N|0_Lqju z*}tRh!#$2P2A-}69Pr10$CPMw=%pbaD84Hh$n?C8yK2-)XYT&;P%caOdiV~6f|dNV)$`;MM(E#jB2 zJ}S|9{$b^*!CfP#w0RJ&Il0FqJ>N_2<9%K^)%Kejbhb?6;pg-oRzq~(4!sm^WV2U$ z=#;3&ui+bin#+EwKIJ)Fw!4Q?!XBUeQ0)O7eGfZSO_(k@qw&H&>w!bt#=iAQxnW;- z>-fbe^=#AasGypp96D`2RyE7l&~H;BAt?w0YDU%l=*Y5f`) zH`L?ys(X{Ay31E;s%1`ay^-7TMqR=4X&U=7E3J-RwQvZSv0>xbcRRmyb$LEAQ^uq7 z=-c)4th#*Gsa}{iVbnQ?*o;z}Y0DzDw!KU^w`$OL<$~E)6uiuTZ?H>L{X1d*5F6QR z1G3jI%$OJYZ=A|IHTf6Ei_1nW^03-tU#L-}(mX=(?||QxKdYbX_Rn(vGpa7Z?o-r) zu|q?;?#_L`=hea3HtB``LL07yXJ1+UeE9>(XD@H&CoElHURk>*%YLNZw&&|o?>j#U z*F1V$d8)#|Nv@t9&hP1QK;k*6b;_vl!P9DFq zdLMOdyffx=;FC)cOEtT#@mGn@C{W$r|J1KLw!8Oz^?4qCL`!!_L1gjV2}3WvyJA&0UTdmU_hS;x$DXU-sJr9qdgJ59N-N39p$*dm>-V}& zt}e@-q>&!yzQ01DVaHr^=jWG}g01g~RXb8IImEVqGp|EMl-9OE*_t)yuU)^gID60N zioc3`iyCDYW|una7(7t!eRQYwn8j~0RsXy_Ub$i4mEn`B*9=dLQVsoCr2 zq@t;j2eQY1Qu-~W?p~7HxAWPBPe-1M)A}<(v}W=_t>r`aluaFE>Hc!OdH#`){q`=8 z`z$hfZGA|3V_wC&)YN#1p{H`>*DciXc^5G}DB3xou9L*BlY@eKvEwD`M@=+l4;g+z z`sAIyPO054d#otgTiIyp<-4t+DP4WmS7%-MowJ&iQXYTTEzqsDxe*@l>EoP1PDY-e z7uF73r#a-piRvR`ZGB=stIkYnIyOb_)X#giciy;eT6RNybaF;PXN$XI4wh=^o~)>q zF7_RINvB(9D`%a5OK-jO8v5zC*5&juMeQ9wt69Gvtdo$bzw-U6b^|hccy!p*`EiY` zS`X!^9pabQes*=zemDB>nVTkx~n>GYxe3}^(pX^rP(gu#FD0oo+Y_g{SRtw z-&{S?cZu$x2+xhZinsObb}D0K_vK(Ka+LEYIjQrj;aTcOf;eWk&r&TqYjR`1%B zzO$o=>1vbv_AgI6JRNVYJk{F6dH=Ev@BFK_eS7FKO}pyB%+Au`&r)tb?)ph_mQq-b z?DgSpH5NOiMsKy=``BY@@GP~alF%z_>R)Wj8#n7gm-|aD>KsV;Q&&1HO(|ejN^rdY z(hsxls%-K%o1O6K-!f%O--Hu8YbG0Y{&Cii5*bRDbtJ=Twn^h-@xR+_Z#j83nc zhjkX5`xNM|bM(TYqJjg(zt$BrTTc9NMW?Z|l+Gqs6%#Gp`kd;K+oN>{iLzIA&-GWc z9+axNsI$Aib&TJZgKHHltsdJyUmoX~FLUf!?6h*53-UegCTrxE&3b!GGwJzZ(Y^;! z{XMh|W?DVXt~sIGZ=m)r+hI}PH5c`~pB;Gpg=E{yMN0;!yN^{FB_a9cN1*RJ&28GL z`)9pssthrDI9rT)Xez8JM)*RxeGOg`6*`IS}B zIHOW6qSx%A8%wH}{8~6aRrOH!oDtezUWYa2%vap2p_=h=?z_BGekE7`+IQTR5>{Q5 z-s6=~;PvCmDY{|ThWx#3-mm|RTkfl8kIWp|H|&?%wX2$2Jls_$MtvQ2Z^FvjSE?|k zRUOEE_w-fA>O+@J8)H^K=@g`JMrK*ZMKcQ4$~r9GALm%L`Sk3%60I9&9qvSj+U@g| zTiIP9$-VSId{~a^yf=FXglYRUPVZ!2f7few$)4Ad z@3%dSj$i5@@FVc%L9P6Y!9PrsWa?(WI&HWk^Gbgo*NU6LJ3rT1ZmqtzNk8S@UoB-9 zofpTfuC9-bGa4Xec;-=Ex^;lAy|I7$SG^;3L(J7oo*nHGF>8I7L7yZOsxI67I-ard z4wWDs)67-Qht*Y{P&(AdZ;xkjW8SGv*Itci_wVb$EuWPv zzdD>fa&KSYXGizE5oPl2=bhR)uZLIUE8qA{FAk;soG5cn)-}7QP1=_gVUcEEAAVOe z@adC2w)2hIF0maKZBlL8wQTjH}|-%Lw<-}Wu@b6es4qFb)F$Lf~tT!c-OE!BIhm40~c zI6OCQp&i3kwrr=Qm3SWO+p@l1EA6!#HlDWRr`oEP`33V^j>C_YE%Se}TDFtZN<1rC zxsFO&@pFt}%l0S0{=SyZ%chn1$FFZ$|6eQdY$xBc{>E0~cE1&#?GtBhqVO+&kXNIKcL1wp6cgEA1%zs%8D! zR>oD6vn}fvx6)ogFdnvay*zGZe1q=O;`v%a|8MEM%v#ak(ywLxhHEYJm96AgV_O-Q z*k0k5{JEgPctz2JdfdF1Ol|k20r|~;*=8wxhk}*b3t4`mD7rTec|S&iyodAEhd0L> zQd$W+K|j zW}B}-W{7{nemQkKuW(7!_aJ^Rykx-q*I}E9K!S;HqV{#BO`bhjhXv^kFTXH-!#K2~ zh_omHUeFNpj%de|_?t73_hK8sKum}ay^40^6p`oWb@MOslC<%S+Zm_C#&cy+YCG&F zFdT_xxgOeoV2^fqUk&bnb{cii&#t5&120mreyc^Bv)FqEOxm7C{c2^j!{g~R9C;&W zw8PtX=0%L>zMaSqLNlV5@In!bLk8P`3BvoW1B}CrugpZg3+XR|>y+`X6bBxkjZhKe z*Rl<&Akb~Z@^(D(gKd%Lachpn^D<@|)C7C%Ph{L7u(y!9+MAX z8tMm<{swAyy*>Y(FAkr^dNnqqolMe?g+Q_M&5}YM(qOR!=wZDBsDJY7^as4u#MiOa~JXpj2bPGJ-BBlM6rB>k^?$OlusLByNEh0p5M8-RZD z>t(hb`V%(^?KqSE)jp^n$TpdSI1t|?&Wm7tNJD+-eqvFD7siuSet$@Bb&^r9S58prxp9P5Ni2V!eAPZ{cxRVUPNjY%?_o*Z;B} z^ zCF=jcv=26;qo0pTQGYs4C!&H@@}D?GthbiVm(Od@w&6J0$QA@Zl&RjN&*+b@F4oKE z-#5#VUrX07kAofL`7AH>qr4Qof_JGXZyZPY1|QFdzC!=^u@_4~c)sED82RMa$orE& zBOwuDaflNk&-;I568a;|D=a7D`8v)<|9SsE`x@=s5g~t&>^pQr{S5X(2nau~p%Tbn zrWa3)NZ&t`;z{%DJmL?~^(D*)7Sefrp!4E+tco~pokTg*Z+SjnYKrzX={|^GcNLVM z_!eLs_<1RhL;X`UK6Cw55y;0b!SmvN1|7k;Sx_F%^%d#5$TCNLK7MLZ{PSpD@S*d) zt%mVzpqK0Teaf9Mtk+a9UmLYSUdIIO&mue7e&|n68qYh^^`5yO`6ilAdHf$!o{&R% zf~AA>!pe?JBFdAnSLKV;|o|6IQ`kN=~2oZE5Qg!YB`hPDgZ z5#}4aO_5Kh`vq?2StFkBbs3CXC-UEx@)=?Na848TGw7ws5}HRGve2J6TCd>t<5iIt z&ik1(KN`{eXh8M0>xlOIUB>u3(D( zjTE#qpY9W9kpAq$sK0eRo)_=`@0TKPOXthS=PVjmXVJLIdG$GH-);VXjqyHMW3uZu)iwDZ6p?eqDx0tQlcecftC zJEO5$(M5{GUy1{t*Qy_){f16xhhOhnl+V1YL!Mv1Z^}_WSOs}~vhTM5`6qNgm`wb> zRODaMeP~zW9*TbQcCnp`{0E2s`ah>H@?nO^N0XgB;TVTIG~OB!KcDgqCCWGW zxSbk+`j^Aef8Or0f6>0QA@cTQr;74ww=u{MC4L=r0M?Gey!Y{DwO>w0}z#{m~_U7mPE^pJr|3t%=XSfcAy+ z=Cc^o??nA=AnAXQ!uXu(f_9+$iRE`Yv{TGpOb6lq7s4O1dgJJNC=8<6MyaD_bD5zg21lrSI5608$8^g#WNuILY> zyJC5L0PPp0|F__k3g!+6QS$Tr;ZNdGu8Qn)*7OXdx|3UjtyP_RF4(}g^e5@1J z%k6Ii`{Mo}nBV0)!|*PaRU^>8swLXz_r=@KqMaz3mw7+$ zHI|NQ#8qlM=cN%uz+Nna288#~`z_N5FUI#`G#&9Gi`%41>L5=#K} z!$`Uxfj<{Z60P&((>TW4(fv8N7^q=?hXGk9 z@#N!=c`n*7r1^r!ClCIR#o2WSo)_0|xQF_BG=K5-DhfwlWd`c=@g$h?Mqxgnv>D?W zC&&ZK+GD+$r?Fw#_jNE?tc&`3#@H@A&fc_+Wb_>szoNS6LK)gwy9xd2L3}kV(6IA5 zREl;66CY}h`Ua|~4JJHXpq+k0K^{uFX^7t=*j(jBX+|E)MKv@6WvkcFR&%aY> zogqF5?fa7b<`t-aO^_GmHzV(+hWb1XsTmlDfuE4)<3l$ZPeLk?mzKZ^R$8K+i~8sf z_rDFTA9~UH;WYB+?q$>$&cE(=u)UNoqaA2gvE*!L>kP^wJNo`kJ`dVfqrN1qgYkO% z3_$x0w4TPVyI)PHuONs1?x zmNUmt{}9cy_N0IQ4C>3!d;w;~vT8f(_hnxk0>a}zv@PoUvMrL=aV!K7I#Gd z^@%S}K|A+CQJ=?QJbYyR#Kz#i{6Ko1ICT!%2_ZX*t<1kZ?XW*Q&_sPmFU8_xi1we; zdOokW53SebjYNIkKXr;w|JqvghqvP@YF|BSU!Kq0e}r*}dV%`gsor85H%jPvCBH6? z(Yj>>ty{wBh($FY>wT1rcKE!I*vdREIUn_f^SH|>5&;%8Ujc{T6)ZyY?SA9_+hjUxu#3!D_{4h$8AKJ7s&q~6L1B=f$FSO%Ec4A@u zkntX0Fh2ZzD`{QvJgqBsA^mF`QQuTBzs!dQWp-{Ep?w~I)hhHqF$a0xKQB{Wkw*QK z*BeXMk#OGp_!I5RP+r92@TdU!Qi>9@w|FbyZnekUbufF>H_+inTLL! zBmFh7FwN|wTc91D|IDL(9lR=6xN$fc{`8i`UX6&B6{w5g6y0Up&c(;7lqqiv1l$r zenbP>*C&1vtz$G;BhSYTV{Npr@C6(I(ZE8ae+qeFp3uz;?SGh#c3jDRfi?Q?*$3ml zocN*tkRMI^DEN6DqWB2&fp#l#e*a8)$Rx6(9)xxjrl5V^j;cQB&!Q0YhmUVvTFD1u zYVf?aK0-U({~8*{-q8GFK=sN*qy0vDzQE6G#}D);L?7!7BmFoF}%iW>@5OXq}wLQx-ZB%Zp+)@w{L;LM%PMqCaYsUvd4b z)6hfvz^OLR6PZ*y|`&D>I?IM z3OCfhMeEXB|Iabh7v?95^c*>su8W@JXBu3OtX;g)F`h6jiY1HY<-he9A8oqs!WHnm zjT<{|J6$l`Vkr@WW< zH}z|1$EpMRpG5U~z=g@$J=h!l=k4_x1}GKCwrZVZ#hQFPj5v+@jnq%f$j&7gc-eES zc)>haJr4bGp7G!QIbayt@uT$$-ruBXTovXIi~6AcRl1LcZY-8$6|}$B3hi?{ZR}A0 zx*eX^DAJGJiM+8O?`jM|eju$I@NsodFxu};>#;lzBNgd7WnYR2;zIV{%|iV#QRokk zkJ)Fm|40XUKK@Jxp7pB+8RQKm(2#Fmv~zDP^4y=|`)DU!5qY@W#PZ_^@@wch6b$2H zv7>cDW%dP&ATUgcA_xrrR+4-SA_F-7BD(QbdhwE46g8cwj zLs5Sqt#@(#?W2(oqw9-3hKlGosyAuS8*%$63t%mbs`redp@Op>B1J+X2@NvG$3hlh3JfFAMzf`m{`aPa6pT~Q^N9Lz+{aLn^d}bk> zAoH`IE}k#c}eqoXY9VBp^!i_eYMe8FD&DWB^Q1&K1v(y3?ZJ4uZ-6w9;S7% zboWI&1r!H0>L)4G|1+rnJCc4FjoZ^+VZHpiu7=+;`yp!dHkmvo`rx5i+Xx#3O=0(dWuZW_&g2%JNJkA6~Ch0P3IeMSWG$Pn5wp zE7Nm_!^A)FLH$g6?!)KnyK-pX+YIgVJX4nL>%W*I-;?ZkpTs;QSdfPVZbthPXa7rZ}se@FXXbRW@)>~y}2=j&I9^+H-J zmf8K$j&PrC>JhZ#AehH($0C25#sNMrPfbQUVS@X_(=-n{?8FO^U%zPw(ayVd=npiL zSiGq}AE&&Sy-DdU-$G_z(F& zy028H>ux;V7cVoydT)_G6SC31^JnCFK9Jyxc5Ei1eIB3XFd(q@+G>n^2HCmr8~OCE zXovT!yI+wP<{Q6gKFXo>H#JE#bS44k{h$kIhaNMCEa^T)xDV=?G1`A=hW_w*v-vvq z6Jg#WGZN4D+ZeRpf&6zaMmuJ-zQOzRFjv%nN9%r#q^~~$^(`oWo<;n^c;r*rmpp?c z6F-#lnPSRk?1|q2?Ze_}L-_`TS1gU!(EmKzZ^^#no=GYBIf4A-=j*Z`?VJ*fSJDCK ze`z?LFYiBT&|z4;ednT|{C<3N4)TZMkq;Hu3g7Yj7WoDxw8Q(!@$JYDqjhE&-o@e# z6A-g6%tLBu{>`E5j^`U|rlI~<8sGT!{_Q66x74s+KCji?#`xU)j(%>UdIJhje=V(> znG&DX5944=<2+nGVtF@VSaVO82u6EIg_CdrY}$PGQWpT(!43mHyr5t%AxCvUw0O?EXOYnT*G8D_p#TXx(`N;G0Ix-LK>j<99r|&}j z?UV=ddY8a7$MVKQ?4Kln@ODu@j`ycglz;MmuJ;q|+!M^#Z(OimwPAQ(N@8p9{rdT+ z-;|7g@_O~?c}+2WsWm^}!<45@9glXP8;C{P2JNTPeLdIrmPPwpyQ2L`r0?d4{8^eW z_&C<-4W6%X|E=N^)bB^@?fib^Q#0}*v~JJqT}gSxI~w0|sa}yf+E;jw@nrwwgvlV7 zKv}!5qW0qFwFw+%{3%*T;^X8Qx{nT`@u4@G5nWx5{rv21jE_I@Lt4pa{?U5rVOr1R zv!mk`kiVqKH!E}A_t;O-0#mMzr2!hB%(X|&(G3Ht+Y_lIQX9j!Zg zke%W+6#u2D&*vReE98aqzJ4q7`&5V%i<@wM_cz6O3irL_l%t=Go3UOC^2h!b^0$s5 zZ$`Y*TeL5nm&;|)ez6J0xjX5P9*(@9C-VBlC!fdb+L-oDbs_%tbF{ye=6$}7kp}ZJ z8y_s_JvivzVzH!n&Z4}fAMt+o(T-gwte0O$uc2L7e6(o4#Q(i-QbGHlcjNgEAUjv> z(Ep3{-qv*Dcg{mQ0imeBfOvUG-BQ%IB>hA3=)cAx^q-Hz18*ar`4#*m|tDnZ|QF;@`l;$NZ0_{=?hxY9#7krF9kPu3|BTiIwS> z3iO+39y#(H{SPGlnq6q;AkE`^y!sr5{DbLuUcBB*5O5ZskS6qBgX~PD`>(tjzuVIM&fEP@BF5no#fS6k9}Tkp@T36a z&+lKXD6fmBejY&eo~G+vZ5HbDabVspJTDu1KWiuHw{Kc^v+HK;Dp^Q*eK}(l~RG*5!C!I%yT!?{^yG=1=wqJ;pe=zDE0w#Cwzf z*5p4wuc)PHXGsp)q4YvD1|~ihheZAV#-SfQ7kf7k^_|K7Kj?={Ke8k8ydSo|f&RRq z{NIW6@Abm?4UfL(2j6^_ozVrGVNdLNcy()+^Ul11s(_W=jf+!KfL8O zjDaIp|3Ke}INy=j-8)=f&Io*(LP9 zcOmlpI;zM(eP6*kWbhf(Pv4IEynlwrVLzW*itP^FNi1g+QU6#2>Q5woEj`E7p}dH< z;|~e+-_029@cRx=T0a>@;|Xuafsg>O^IB$%_W5-e3JDwI-2~THemwg5m*%yxENn2q|) z^j<3WGesNgt^9@a{(QQh`Um%SY+lg1g>i%C6U#HQFU%hv!9>jTkH}%%-bkSS1p};C zj^YO0SS%N*KMTKyM0o(lr-<&y*?JI@HI&B+^NP+5SZ~-bthYVY+X*@Vi<>Y{D5ZQX z`W))trt=*@>r2A@Mfot$F*}EBQJ=5JR?>XBC(*9e1Ul~FEJQDch zLiuC@#j_W$_XpY$?uYTE{#GoD_45AdLF;nDd0dX(2N%xQ0l(4ye0sj1MfGZaLtZ$K z&!+n|t!-HEY0}T2aprS(yk7XY*KR-BDWvsto^ND6#&}MBgLcx%P5=ao#k064@_bzV zWruu@J@UN0l8uoU&ihTYPe6&DFYx=LGc=!eS%7}>aZ&{aURJMgUhdcn%2_tJiKQ+Tr8v8d>CYrW6&Vmx;uhM!H=i56W z|AzeM=k+2G_S)lv z_44aIGZ6VOiUYSZg!;)uK|fgmH->Dy3Vb9b_5{*+vE30L*{+_84bAzCEM;ki~T0p-T3{N2C5$%By3E zkMEECO&j!ww>!(@nEfwW$n)z|4NjcJKTEKmCju@6rZ3!=J}njP99@of__*-~`m;E% z5X`f~A@N{#dWE1q&!6X7BOl)zdA>e&c`nu~T(?Z}LB59Wb8YB+Cx66xh0hC)!MMcg zHGPTkNueF#Jb0it`YC+xEQOv^@1p&9{Jbt*!}AsHqfnsd2to85fyeU+ zwYzYB+**fr6pvthcpmbi3i+F~uaEa<8)#@2hgnlGK7A>kTj{#!NY@1)2M!&@^SYOb z_5(=2mh=aaKEF;6zDNCFWwg)xPa&<#8PK|@5!q4IMSt?_QD2dGr3mEzE=Hb@t7Xw> zKWhQ{17Q)%-Mz@0P@c^D`G;=A)BPj&$C~oq5CK1Z8|wF4h4%UPtgeB9f?baTtE9yB z@%!8t`%zy*@SL$0ZX{WpuWO7=4mg~-%9*Fny(l6p?%)}k1R*~t0-=K+*5^$n4cCVs9#8SZbAUr`7WdHomdO` zG!v^<=A#qxc)lm;evSJ-GZ*b2N<{m7d^_!m`o`1`9nrifiPkaH_G6se;OU9pPC`3h zX&(-MFILC%`tlI%&mn&5BD60ZiGIT6ES7e( zkGG%^9pQ27@Cfx)==nSE&khHW&l2>9DjJtcL(z^m*`Kx@^JEdd2MXzjSRPXTaFW(P z{fN&CL;If7(a&V!}?R*@9@c}ilI8i%Z zrgr4#)i@XJEDT0FeEw}*f$L7id(lp3>bKgokA2@e&+G`_pY?>Ww3H9{ZAASBnt%EE&UQmyxIZ}$ zCRS#@h`#5FkMqB2{QOSeW5(@_)JOeEy68WA6iZPx`Xiiw&p}6J_I+vnisg$;LMU%J zNza3LKZ&Dt{ybXe=hw@(Ahcsg`=hx2sS2$3DXpvXILA}mY=@(t@K{7FkNTmV7;EHt zo?PD<`_DcbY+v3keK#O~jILjvhbXK^K9TY|9*1*@*neJLK|5ts@AFsar!lP)x}ZBE z-(BcWF}0Tl@mm+*{e_<3{^HUb)ITp6=i5O3$;L5dT4&HAJEz*ApHI!vA0E&CebA1` z663)6l`wI$_OhaN2?)Db7C%A%4d0=@EAd~~p#FoU$oC>Xwv~B&9PQ_ED?oqNlfD!6 z!`eP*=N|Eew4Sz+o?F#WJU>!CRz&xYJTK}53j)l4*Ewh>i|q8F>rVI{V(khi=H52=WI# zdcO88ALGNvv8#0dcxn{#{5q0>e!|W-hw><%kByT<{*Wo^?;wB9r(wM_DG%q@^)<@t zcF=t4L;8ha{cvMy$8JVEt_-&C3_*fg!(M-kPAkA?>64 zPIkII!+M4J%*a;qqV(aY?@03(@6T-@p=JJ?(0b-{Ih)sgJ0TOcNzc5dzq5gc6-k;**$#&{*k@SBb zg2~S{E76WUJx}*0z8j6VVL#BH!Ni~bjQU4((SNQlITCr{JU(F{p6?^N9|twD9O;65 zbzii@ulEDj(N4G`@;o0*aacT)MAsru%w6KJ=t@7~%IEYAizgw<0iZJTF>J*IisswBMiN&;XY|^Jkm^ z>Squ?ItKX%biZIr{3Js>UkiFKhTFG+0fE^O<`ol~kw4u5>*d#}Q6lof{GtCqMi0RAvLye9-a|WoJEA{)96Lhm z!S}ZP&Otk=31}aNDX|=1gZYE#G1~7&v1q$k1!pG<@FehoACcTY#xF9*=gucZ_>X&@t;NeF8Fof zR*HUl(sjY(`EV54c^QOupt;3Ty8-!WpONS7)tlqcWc^7&%bJLHW8>lm6>kZ%yI$9{)_m(8c; zH8`J+CI5H(;rT8LLq9JOf8hw)SwQP5eB7=CH&{QH?~4BL>v7Ivv?KQ#?eOvEZ8++8 zrFCXL{ut|_{s&rD;r*oh4zf@A10Uz@EsziCh4u1wNq#_lC#;uW7Y39EI_Dw3pZe_w z+HdJb`z^Wsn{jBTJ&p6+e#TbhJJUP`m#tV9p2Bz@+l2lY5br|c_6Qoc=M(<{_QSBa z<)rDZ`On0U4@LWX=si#fyI5j3p`G4z zAFV-r@k6vzd>`%nrubayjdsqD!MO4JwXf7JzVzIXw^uCPr|hBo6wcSK!u~JJtN+mc zfpFSC!28v|2=p_H*4w$Au$5?M#0m6=kLNu`yuxxR>I?UmE($YvW&=dzpVr;!Z)!Jc(k z?+3aM<$fA_Bj1&tBk*>Sy^i*Uc}OzMUo1YkH_)FD@}~$cOxFK}d4;Yc+V`4*=gaMn zqxndfSDaEn`-w&9Kisy6rSUfM-WRc6?*B_8tT)l@|FHKa@R1eO{&>qG0YxJZAp&Yx z4T#vCZ4yw(EIlN{EFlRPap`oDo=HO|-E=xL8AOeHeQ)oPn|mFR9(g|QT$}p zzH&+NdAItv;UG^2m!z%9aO2y}vLGHJ2J2%w!^NA!tG4F4C0^>hd^O9EU;Ek`~`F)?F zQ>*6J?{7TtL#Fe;YfMM47oYws_xqc(n9ii4bGn-MCoB5TQ~0eCdbBoM}bpvBZX$-w!{D`O$QKsMfomD0_a6YJVa*2BN*+54rpEJg)D( zi|Jgd+D|`<@iX41-bdw+oon%1{;KTB*Ofide%(<@&aZwc%jZf(|D!iBKg}v`tm6Y` ztM>P+_Ip+PRb^+6R^zHxc=k4?vsmC6wgbO;^*^?jQjnZ6W*Y3pMP@YIODgfeZB7Ycv4is=cklkq38WWZH(_y_Tehk z?}LpjhZB03PrW{VjW+m#&KdR0XG*pI?zdU~y%XG?(w*{8M76(h7q{P~+8^A-^!KYe z98y>L=YJKQ55I)zd|%<$T*mEh-p06|_gDRf`~CV+jCZm6hO)|D`R@sjD*v`ity9|m zyk5l*{ph~5E=ked$AEOsj@Doz;Z7sLYDEg09^!2*=Rpp1Z@)-zzx9fKtJ3p3mE0(7BLDpGPUio9 zwO(ueY)SEWzohJ>)~jEw7$^7>#`nSJ_`SE|J;3eA`_pjrbQ@LONdD17G!1Vp= z>04F%WA0-CA69a{mi!r^Cx7|_^P}y2%?G*PDV2}V<2r92GM!Jofaz%c zd`P`V|Dx8Zi}iS^f6=dhy?)>|j4!J?K)tV-S>f@fRNi4g(FrBE{SThc^QGMRu_ym@RdM^z-^vsFY=wXL zc*g(nCC0y_@K>doj(`2VPQ`Wo=V!ls2J^r38O;9&nOvymUZzv$i*p|SDdX3u{X3;i z<)3pCOy`)KR}QBQGVcGr&+w0!&doL4Ufc5@O)>6Y$0KiN+`o>W*vzWaG@t_ zDqf-W`Sb|$)1vm*dcLmz9k-uU@&7g@&x3oo{eBg9I$PndJ(F?&y1Y}>^Bhw3Jj90l z^Epy5p+B7`@w`WsoV(u5`TbROZ-Ca%`R6b{-&Xse0Y&Gpa-UKino#Y}RQUNyAGZC4 z>7TCf&pd|t{D+F`>hTW$koo!BZ@B$G)I2tPf$`gB7}x&Ex_V#!N4+nzivC?;rtiOZ zv0KF%PEm0N?dP9;DYy66gZ<*kjEB^Er}_LM**7td_2)A`&sF`-?PL5_m6u;u{Qv7b z*K76p>e&weoX2&8k`JXt_(`fKMf|5q>^`iat?sq?wL*3Tb)fZOj>>+jjB{R@?U-lx``0}Ai_I=BDRNlfRN z3LhqeAoT6pKXJcbRd`yBYxY8J|4xM;^J}K_N)^x1@8f+m(L(-yf8dWqP~f+yelJmU z?xzJp;72LH>uCxXWmf|KrOG4d@!oz8vEr3m*1@Lj<+%$|GK=77C0fdTUFju?^8armvR4kJx4FBnD@Vl zjWhkx`Gwy+$nC3q@rqwP!1xg?~N0dzJfb{5$u1 zyK28X$@K5(V_dJxe^&nUx0U~_{fe{xz;tdup8KV8O8Mu;YnhJ!p4fJZ>x%LI{teu| zL-l*@r@6g<{XPCkJgy5>+*|j1^!vGe=C#bH#=Fzp-hV#y|31#`_q~bRYyG+RYmEEX z%`fd_{3N9(7b!kJcs1iMQuzgKCx3ht_v>FD-=_4|U+?sBr6>ON?t&hsf5txMQ}_Fm zX*DhtH$GGGbG&+A{PjzBe2eGh;yakmg{u9(R*yzqEzvpK>+Ni`J{{XE8rL zwM>V^DF3`m)nEPQSKNM3;pbe#?fv%wzQ(dnZ6`j(`|^jAna=r&&i{Oq`QNYj*Z8?A zKYrT9-2Tx@-xg?qLa(Y;nNKnc^3TtH!1y12$@tS%`z_Dm@g9}(j(4}Ej^&ON^La;{ z>1g?%T+Q_c&-K+COn#C3^`B$?;4c{We}AWm-fO{s=eL;t4M#EmC#t%Lel;&mYFw?# zPq@?PCw%5Z%;)gynT~!h_9^@0{|?msD$aB1Z7hdLC7&dXOU#S^J8LKQv)ul0J-65T zKd0=&tg;V!9oebstNrWd$7`AX*PhCJYC3~d@FV)YU&Zu-*G-v!2Rp~jPf5^{>=Tp zO|>6Z^E)!j^R=Yrx9^Wio<4uz*^P|**ZrGMXL&yN5lo-dO#b=)ml=QM`x%cZ{0`~& zo)Vh$op0Kw_7~Hm%ukbQe}LixVqBAIy*o|eZ+It<_lau#)%twmE!_SdwJ+BA#1zTWSLT&dQ<7yXU-|AgxIOywuv(ZziBD*P|XkG)&%yRTCCg(q^qA5;FA z_LrXaIhK$AyI1d3a`>u}gXaGQs^7<`{f_4Ufp745pR4So_Ge;ObH7VN%;!PH&)v#? zzUSjSuIrRNdA!;mh1LE@%m2ZDWBL~=dDbgB?^E%Ub>$a5N8!(UG>_|J>Yh@q4?|QR zD8DD}tFJiaam?rb2=nR@=P~`CtHK1`?@7BEpHTJKdcEGO>XyIqVdm#2 zil6s3Fh6e(Ge6q?Y*qH*US%Kjyqv1`(YL60xYnz?k7GJDYM-L<*6qyCUC-x!cdLG9 z-o@>oJIVcOK0}m`6Lxa-1Kj=U93Dcq1S^k;c z!|gL_zqU)^ryR%amoMPVXrO z{`c-+#_v}2A9}XpN1gl7^YRw854!QwOn*kTzwq-+=RZEc{AhhUkrqV3&z<)({(IGa zkMbYx`3~a`srP+n7x(MG&+yaZJl^Bgc(p!Ur|jEBYM*|!qW^Sd|Ib+Gap~{hJ@^); z^R<_9zuIqnv*PoWpXT=ZyEaQVD}8tgw||PFpWe#&kG3*SX%6}4xqo8Z?+-ls9G1iF zKj-#6iq3u4aQiP^&A8_02V@ZB{JxxVVo(10Z)zaq`LQoDpSzXZ63XA3j&pl$pI@o= zBfHdo@!#|R(`uftr7*YG`?%MBlIzLm z)VY{b6`eP$eZhNv&+X4t_@!h(#CSiY@?YA{#P8+t`tP4PL)A0*>*`Owhuizt_l|$% z_i@%|=ePZV`}MEmH#IWuUpHT_+be(XEXDu8ueiN`J-udu@okUe@#^>PD{p7HEj+}y zp07|Wc3?O?5*y9Mv$S&-PS$B+(P^PbK&_^DnW1@px>1 zawMKg-arkn896lEd651&nCd*(O;oSh+ntL<28QCF`c#}cvrvHh`8 zVsKaxZQM1Q9*Kmv6Hi^Tw;kMD&(--qMa>Uz5Bbe^gk{%a@aC?z?2HfO(%HiWy3|d~ zUF%Yu1RWoM|XXUW|96s8jUI? zqlr{M`kqnkv?@`v(n;emn)x--11^Wo_DDx}Q|w^W861y-$EN7EMzh&;wqs;}I;w}} zs;C-Su?O@RQ{NqI?dTq=Df12=KVJ?b3Xsw3SrI=96;zM`>u-)t&UUqOlxEHcAxoLasm=nvdi3T+niYx8RD2*I7-u%2 zqbZYY~R)HODeOAaSC(w$#vBJ~4f*(}M{rZ{1tRZ5h|tDjJ-XvdRLs9B_b zFfl+2=-#p6{zNuU2hsNErrpv-GB;&?qv?_M8RkC{89fxwbjA;-((%D)7iqe~FhApw zuS15^u2o8+=Wr&Gx7^4v@(WXNjA8Mzb!SLxNBIT!3@bv0b8liiCwyMR&r;xO%=zze zM2K0xTKPZAhm~yeer+0#=LV#wpLB$wY)52^q}!c4oJ!cK%kgi|WQsHk(<`Bg@DgKx zo69%t#OY`vdoZwLo7qiYkBY_OqeLaAoKdm4Dc2?t9cO9x%&*dLgW8hPl-*695=O|e zA4nfeWOruM!)ywKA#as>X;j;YW23f?40iFu6|h#eUioFB{X;OP%TY~-PQJFo4q1F;K7>(}FS9yNduZZe&M|zC5;U05Tu+!v-y;Cw=<32Xo zW6U#G&BUFDE5~FVb_f(_R5UGL1!-SEuQBZldScxzF=rJ7LanZsN4r_&>sg&M8nyJ= z^Y*~BU1|_sAGwXOj`V13UnVg!OpAqNJDDYyWl;PpIV!rtG=(tox6V40`#L9XaN8g)ge2||*h7zOAa2}BMoutd#^*#_S~rB3xq@2?t3iiLYS z{jW2fBnjgZ*d^?IW3201XJq>6Exg{Vr=z0-@l2vy#DPWzd@qrWguCU`n_4ut@T*}9 z>Hezs-{xnv0G-`=u{~_7aKmH$6w?r^06XKPmnH5s8f9cgF3=@EL=tzcwTDko~7xEw9 zna+|Ql3=HKPhxa5P8L}|E=A&fris|(X9_=5vLKuKDXcoeo>%Ep){qz(R7QpNyf*ca zy3i@CSU>%%2$=4WG0!ALapM$g&Z?#RvwtLZ6u*d(Y>VGw%B&k zZK=13g?5zrtqtC}VNk_3d_dQ{=Ys~8Z6CBS@BG{b^>XvaoOhF-l}cPWmd>eIv~R*A zmW`rIErNSRcl+!%Fl`szUkmRTpFiW^KBFz0&tx@KDJ+6<+k%t8a;q z@+^CnMeq(wOdio*VxJ13`sL*qgw5U(dd8I;-IL(BPoQ|b;SJSqe~G)Y{FyO4Xy_)O z6YO?ZzX3nkrQ)t<9#`1d02f$O1CK*&Y@jHVv#6Eg7MuEVmS?+XT<|fEbIdB|wy!V8 z(=FvO{aUJ(Ft5LWF00$MJI{__3VE#sA2d0x#s@0tyB6udO`zKR%_0Q6E+>=^c-{-F zDPU2KD=wPN9SM0XOXDr$n)CGbMJ^ zea$`YYNs0Ang$SBZ}LW3X^V5j)<5% z`7BLxZ`_@uXd{;*1!KP{Mv=l;#~`J*sCa~jVHgrc8+FA~a+o59-L0|R{SheHpxO)( zlGKexCNFW?!7=b1vOVv#4~07ahZj)^d>Q z`35P%>tBO$nTiOPocDrz=Z+EWwpp5>w3{v)|jDPLby>k`SCv=3eM$Q%7<$K=hrujq*5b zAmYl~1{x&>)*8va#e+YM*}q75Y$Pel;xoCdN-N>+N+iP@2YFXR_4BDjF455~N+U(F zZi6V+?WDg7{UcEXrIpcDa)Bx6_XEE?V7QZ>%ggm%wY=;e=$& z&729OBP}Y+DqS6O>qsjdRUw}v){}`*eZNS1r`7vkq#s!QE7N$=edZ!p{;%8{Fqg z?8xP;ypBql!(z-DX0zBM#(6FFP-SPhSZ}UGOPm799+f1FCSvhiOq4bhQ$V%E6n+D| zmGFFg#Qd_fQ1LsL&xlZ!WA40-OE6?QQdE#H$V%wK`SQ&w*)X!rg{t66w9gbt+7lBN zD8;Y73`>{Kk9XxEquJ>es0X69CnmQ8*|C9~7%3eClJ$OK;>)Mk9M4ek-k^I5Bhu`c zU48hF42Vs!qtRBE8L~3FWO9OzQ620eBiPv!+mYEvCrOyMQgyzW5H5Th@p1F3a1|v;_$^B~4jmZUxQ zbcLsv*Sn3H!*eDTrDJzuE(^XZjk2aq>0}w*h$1*y_#_Rs?Txk6UVMJr)GT>+OqDU!*umvMS;3K(Of zRD#=MBRR*!m1&ZV#2hsmmkNCtZ86C&qcr7zcVd?oS?XCZ5cS#3CJrRrf8pJ3mSd^henvA+6R;D;&A) z7eOR(NY}(cb1d4`FVmoc57*f`LSl1c)Si^Av*=YWCF_vP)rXy#xGr&+yy0OwJWk;@ zl`^J@C^xD@4yz{LN;e*ijLFL%M9SX{LR3DtTshh3sN50D+&OW$Bco>G{t`G1aHNJQ zx|OT840gM!E(;4pT96&mO606uucDF}L2EEgNN@+owdhie056Ofz1Vk>NuuReTo%Bx zs37-RB=$El2;=SrA3<}sPVBgXW0kRn!Gzj+({_jCt2QeY?Bz(C32$DLW~;&rBL!1v zOJ-gd)!Ruw9~l#cyPlx=9T9%_SJ_TK1C5@5z;CllB7K!dbEUeMR~0qioU8DU;G$!tOORkL|t=S%A-OJ zb+kY%%+`8FGXAoRrB{SCrhAbvm zTw<1_@~9gUa&nFHT8x{(43wv$#n@2M=@ON-7_~xbYkRh21ujm&qspG}TY(7`POyIE zMGjY(%%W*Du9gy|SiVc+oY52w!fewf#Tdl%zU0v;oja0gX3o{>^hpWkn+yS^OH`Il zj!h*63Z@St^^^k?_ch7nUdJx7fg)?;rdPJ?PiGIsvx6OUh{5v8h=7AAd@z(Si0uK_ zFo+Qp@ZfEvF|E`f(@NsTiReL3N{LqB5|yBZuH}%IS;|$H9MNzrCa-FW@wJ+?&7-dJ?_5=0+F_k)xGqnLq|ZF6_>GDzhHtr*~)`WgP+;JpX_VG+7yPTWLFX*zfQ z%9tTx&GigXRhGD&Y}7MNqzmj~J0^dS#;1~bBIZ*D&y?{b|2-=HXWSc?K}t;{U0$S; zf%$xREr?^6hKHSkx00Ws1Y7y4<_5KC+hWTk3iD9I<4$Q(GUpoj+sSXj+m zIaJMSEBVrJ1e0{B{2Us^#=0B}cx0lk^^N4;iHM*lbxYeJs!VsS@sZ($UcRleZe6(U zVmauRJ3x}8-bw|MYJp7_<$m2w){zQyN5Uj>C2o-;-%G>v44t-VWQk0F##UcmeE{gB zrLG{5kPG<;t)Q#ey)2)wMG@!#jjQ1HC<5t}FF6~GeJ8eExy-!lG;dDTg4$wizHD6o z*m-?}o%$^Cuzw5f`?JXdL%G7Q)RAFk3o(;Q?Eim)7s~HY1SU%XKN%tt2FIuTBKSrI zXTv#u6~rhK!3*LkxXNUya125;8VS3BDO!D-DH`Ks(T|Lth;6REf09hlk?EBDIdM+m z5JkxP(_^BR->edrrRj+KNlvC*A9SwR`s>_|d1M6NOjdyk(CF-h*{KmP4*kS;vjkd^ zghwshSZ81r_8e%zBl=cnjlGsi_bI;7U>6wuvZ0cPdQyKrXiH)I+*l@+=-8zqrJl+F z>c^k&m*;imfn7=nH}c&wDqkQH_8q&2!_o3+Nx!B+auHL}=Z;=F-s!ToBO_|3qRP$b zqT?ql^bH9?y6AieS)H8}0^f*Og<+!#6dfflcW)@yET?7xPc4a5jM^SK_Z!4=@dHW< zp4@~t;H_f?PRyfF*4OfAsnJpMmH(uzd0FoCjmN*@Hp=`5C%&ywQ6`xca37lSg8+O>~W)ktC0C6=06;YD8(TAJ7Q)eUNh(_doos^-dLkX676l4bI zriffZI+fm{m^_6l##JEIvJs`Lcf4+$Psyy$x$0J8HrE&z^E%O%Y&FfE^p)vieVQ3v z3|q2Ua8v&x$1PIa&Kls;Uhf;_=qxEsUb2_me<$wbeXP(fofvR8-1PpGRJwq%dpZIt zq(Q^59{}~TB`cj^GiY=0+d2P{DXouC{)F>PE#7@NbN{hUC zy{1*-n8+*L6B7qCY+3yVSvZ@Y)en}_hrO_WedS>qgYJ%QYn72cihl_+K3c*mW_->u z3Z*V&Mk@JhnWfnVQrzXNUB=!W=>}Q83R2v_3TC8R+9GCt)Uu8l8#@v)W#9};nVE=j zHIt^%)E=#`y^%Ds1x=`lwsWg;g^niELRo?#EzC(kTWTa4z?@p>lx$Ir&uhKe45Mo7 z(8;)Z?CL)uY-0|c9BoK(VDRB4{`_TCrf9u0zwuVv7t5 zxgifndvixdCCDy7>Xw3HoVpd!yMF=$19Y`9h45{0TuPME{(u4}tU8nJ$x!0Gg?{>Z#eNLFmpWh&B?W`*4d`A>%Aa3CEnw3TUrtqk;DFyBa_IM4Q{ zQhd@HX_*bN)3a|BNmM=q6--Rp7d&F>EIcw@b6+G)b;N9~+$Cqm^o26{vQ>FAVu<3E zJJhXj;`*W8{b9OTBc?|b?8Gc>i7C{>@m>3j2by2c;@?S$FA)Xm&ZTmu`#5Q>r#qwM zw+U=DKF$qE(eAA(7E$RW0KE_*uH;x(w-kh9AHhQRR4?TV-HXYL#Ck*?fR9g>AH=7Z zR}@D}t&p`wLy1%-k(KEH70U2r7Islfb811p+om@*CoQEiu9H0#LjrIT{-oOQoo6i#|t4k`Y}E=u=yDR3m*L zIe;fM$eaz*7wg4pCvysdn~#SjAh*r6D#E z@;=E<`Hi;n)7{dT(KkBd1N6lNj{4I36qpTF{a^0$v^sUu{Tms&go8ekO=05!IzmIs zKfl8PsBsvR&*bP>cG+Y^W`p#CiU8eX4LSf*=vb$2;|tPw!<7Z>x?np&0q}}j|o24>4KON?3 zp^7^O;LVLenZw0Oius*;0~|^?G(!6WwyCwsq=ZS{lxK|-Z-}uOgd!Y4eUTu&uq7sW zOffxNNDIHwn53Ztm9+YaBn>UH?hT#vs;c0-_pQ+HDBSX2tf}qrg_&@9=Pk@M3LLR8 zS}?0lL|xu>rbT3HlOz6YEd@5j(&yy4^Cy}nIZ7@c%{G+^sc$<(8svH@j)}_SwK_{) z%F_jA+d3RKUqe@x%Vj>m`|s0rC+}lFIvL?j6U~aazJ#(c`cP$=>6a#1#3xj>l+BYh z{_NiG<(OAvT#_Pey2d5{#bg;9pDWwQ8mW}J?3y3;q~`KWt@)Y4*4F$?$p&{*9`~st zkJDgw&7FHJZvnete%fdnyhgzIU^#Z6L;^)kfsqcVNU7GqOvg71n`97-eTySTqOjLv z6NHypiAb67LJ!7MPN^Hwt;DG)_b5{F5I-H|*vt?=ghDIUPoXgERtTy3`!+;>3X#I% z6q;}M>A?i;$Hme90zuYN(h%Yl4J1X5d>TSjazh;!UCSZ$+@KHQ2d6A%la&8RMT_f2 z`I0!qx0epi>2fyrs~_eqM}@|W7q8H9I#IUNBJQo{2*xIN?XjY=V~U+{?3Us?vH0L1 zU0pGn-XG|oO_W9<4nfF(qI=t8pa8R~NgGUcN)M8(V!1(?E$Wt5x7La#&=UvUJxt+F z0{x*=_PRU~RxgYp=mH6|+~`0$Lc=W^@1!AsmAB@qZ5BK9fes5c07 zf17w2oG5cd9H%TrD!V8kVvjI4dLqo?mN-u@VfqZ9be}zvHcg0(yokb83TBIS*CPQ_ zG+RV)ov19`Jd-$(&eFDtqP*6C?UuauLUCl-8}&$+_iQNcOS#kLEG0|R!?F0l0KH-^ zd#d!@zDM%zK3zR@VjBFJIMUDpI|(n5yv+j*(de7%y`t^{+_^6DF=Z^eWX?UtN8DS( zq3rx9nmC2-54IKP#XB}fK&3ySgH84)teagebNi!;yZqfY$Wpt;h2vD^NyW}`(WsoA zWi2VvmtqM^`DzIY(!ICV? zQ)O3SdFgoLl1lflu&a%A`rKfVn0r-fA({PO5V=p(uoO>%Ul#C!3?%8?iPEJ}Qk zGdlFF*FUl_#XgX`Y-|_bQI#J~vh_r3s5dAYh|Nrfqe#UR%DBOGRu22qN}0`%=STcp zLuP)WObgGlvymz`@`AjVYthV1xJGSn(RbQRp~TnP{BVhHw(;Q&yxgVJb6#WPBNcp; z3)3(7G8-Q)_C6aQD&v(lKJUmwztyNy6yK(MVh@ZY24lmCVetvvKpQOI`AR3W5r`VC zE1s~Gh!yB#$nxLmdJ7R(AREg2ZdsuvcXmf=%TFr|MLM)KmYHfD>^N8~+5u*9Go%mX zeHk@c3Mvs}gsWb+h=>F2(|si|o7At*<8M(Ozkdf^@_tiR58F4@Wo_r(%~I*x`2f$r zc3YpJ^6p>Di$VZ7C!g!t4wqkT=91JwW4l87eA*IrKfWjOU4;Uj`JUCip*8d=u6n}Y z{Cd~d0?7l32Rs}lTdNXjNm=nEZKT} zh%y}-n_E#H8Fw8geO1{cFI(n_yUbL$59_nug;rVb>HBL`r@OGHFZmge%vd%NJDAMo#^T~@7N(|KcE$&Clopnp zU%gkPcn8ME~5}8~wJ)#06Jy#AbY9YJ2C72=xTPe zr?siASJ^#ecA&1aYt$%Cr@7=?uG>q0?@H`>E1oHDl4tLBi=%f@@r@*^!ywHqxBMp>qAuuIS7?7Wk#H^0maF5bu|x;W zY@A;HZSm0rgcA*iuXPch`Xm)gy=6O%QD|#aUKgcbB~~9p4<7Y0{9fQrO!b9tl0Yo4 zZ*ica;K<|^D8{qz?yw5bRWDgS!*pgNOS;I;K22&sxndIDY&s&nC(d%hFgbowe zSD-_iP-U6A)7f4tUk&0$+l}gy%IvY_^}Q+de$p`2RX~zkUxP+@FqT;`{T^vdj^ZN4 z+(Jv)1HGaV&srv5P9CM!Pc|h-1{32Z2Cj8Xfv+>Y@>nMT zX<8dKj>Lx(+nUHliYRktZ5j!S#AG77m!6={lzLX|d}HEi?FuB)A}zJ7pU~!7n`$XB zV*`(+HB%_A@dZp`p`JH~aJ-w8SEyFLPSXYKfVB`rs1|6R@=n|FS`H40vOK*xsmGs+!xsmWoZfA4X3 z-FC`S1#qYICeEd0=|bBZIdjljdAV#hT)gqnP~77P)OU@ISS!Wn+|sIBSuBF{&{qluj2N9;#sszWL}6LWS4 z#He*qrkS(rs>~gyu#+@5I5yNCQTfBN2XC2#N~{z zar6+~041drLi|;i*|#P};{DPVN`S@{&ggsqwkE#E8^)c z7QU}OmAoz??p6?i^a!D{IMpfHNfNORk>R1ITJ*0JprKMI(U1Ho8f`i#_IJ^P&h_?m z4*GKB?pkpKU~_n*v)4A>=qCejjj`^iboESfr=>&7Rh|XEmJA`qV4a)0*^c^DE|sHJ z;xVxqAI@0a$i(%kos0@O;Tjd+^AV*{@gYL-K{p~UMoDoWx(0V37a7gT(k^Nu0!H#% z(xT8>R(rX%OX7l)4yw?W1w2}#M7z8KC#Nr?j`N1wxirI5JZ2JN#aUOjVbeO+#%w?9&iAHu>~=sG(PwO$Mz#4qP4ej;9>m%xp?pJ6;wKleRr+{66!`ToL==)p z<|t}Jp($@WdABuaAQ4JBYbn1^hUI{u@%&aIhKAZttp@WUwXecHo$x4vaxqa`N-rMR zvGOs;Zgu|F*V~)A{d=QxCRZ!{&5}(rT+*#l7jnw)CTvJuFHtY#|VZo6lT+(jo186;TVL7{%o+w=^ zA-pQXxGXq(VY0pWGT8>!#FAMYv9Qt_AKk8U8hMl1O2>B9Zz7tML(}&GAv06U+Z0Y58GGTu`Fa zSKcEOW4HX$!o8RtqTP&O!1Pn3K0dlTo;^TU!y0*yG&sMT$3WfgNRQF}$iQoSbZ089 zV=pKvy3%r#0eQR=bFXdRXGTTD zI*JwXW}yv~z0P|%^vefpc+)^C5qBz7H#*Ni4EkuMD=m^YB=X`d$#I4@tP)L>Os0!J z)zud?X==A@U2&-Pn(lq6cQ3=|J-c{woG&PKnV&9nTMY#n@GkM9Txg%F1coc-+C?Jx z-B4F#8=U%PzK@=yDm*Tl0)K=jLRv{>km@il$C9WLPDGoOdq(!klwB6|SgHlzA!@cy z1#|FSsF;p5?x)0`Rx$k<(~a35PrjJ9sKl;+*BTM8PdarlK~*M{^{0!Ebqx-@V&+C_ z(~0sB*FHzDH9AR=`s672>&d|mnc)YIKkRJyoFW>JN>X~><*udI-@(teg*>&5z0kSWcPy-_fc6sJoP zDa>84j{P(vJPk@8HCr2=0HLjXOOnTlA}`Q0;es2~f6wpYN1D3&*wqw+O{=RP2r0Wt zO2=v`#-#kC3KDfm$qTNX2&0S3OQ|=+w?nk~pcF;0^UEq??Mk5{)EwR_IpBI)X!L#O z6{PEuQggLWtq+w|vj}is5gDU6DnhW*9B!fYGm$-*(3i_^(9?nMH+AQ@V5}l;0A=MW z@B+1F^yf5bo_YUP&}}N>DvR%W$~zE-(}Vl{29Z3vZRxaOpAiYmU3lU^mWti-b|GX( zZ98K631c9*u=#VoqL8FnC4oCr@d0@mq(58W&lKAqLPH-34^c3N^W9?OZRyAR2>Dg& z5xugP_+(>_A}^w(*&Bb6Vv_<8HEnLmGi_RJKQ$c^71O$V>5#EkDaC^9f)0C@ICpOi zqQ}Mn``Si4wcgr}s{vrGw{HNRpD>QXKsm7|IHsN*BEAP`F3pC@0r>g>Ax|8KtAA!s^KyFaFFO z)$QerO(qYixNRpVQQclljmzv-$LC!&D|HGe0L62_4w{?<0;rq4$vEdZ#(23fjH|SFrA`D7j zC!mX)_lbBH#iC_VD4jmzShOe?<>>rAdjIH!cb>VngeN$VylEA0)>1p|C6L+%tABK- zg^ntB_0t(ksl~|sTlC=8(1FhSZt5tXGim?8qb#3-e24YQ zylKQzW-Z zomgKXSyZQN`KD=#xD+RwPOF-c|37piu92Ztou|#Qm1re=MRUc?uDTRNn`$pD6_XOj zHligMWO*&P?;GfH3G`bqXZ0!Xjq#R*ksLP51awQ))Op%XdO5fgA+B=MK2CX_%A{?c zAh1Ye)1>XXjvEa&vr#iw0&q9?}W zh_?o3vpUf=GWu$=P3p&AU!t5sx2(po9B8Oq*GTRo_R;;3W_MGRmtc*}CXGUVo|3B8 zL}DQ}lpM*4Pa0lN_g3r@A8nz14r!aIScQHo_y*AL@Cm0)VqTZ3Z1PNV)s;>+*af0q z!40O}TC{hq5=x{-g&gbwdCLNMb2Mg_pm5M-o-%AY&vp7ToSqAxH@gD-bYlVL;ga=4^q@ZQ~Q1tIEu zO@5#jn@FX_H>&h*u_DCjV>sfB?NBy- z$n8KFNm@)~Vw~UYI320(msUra$x3wYy9|sLoW_)bBNn>k4 zfGrwP^~}lfdXrS4laatZWGt(t`W~0mmz$kMx-f3+&2f zc|c62>?nx3S!kldS)15Y&hmif(>jqwo})d#Pwmu4-|}3pB82i4uh;|H<@LL)MV_Ot zW|pFSHYzl!Lj9Uh{TxTr@=(b!LDwo^N(pHtMJw`FOx+|j9Wd3BH zi*<)*z36n6K^GFBn+rkCRYfH3)#c~`DOhL6Y`LQ=0Vk>Q1P+3 zM%!^eD;u??ZA2`aJTR1_YnRc-^@N@`EoMwN7{pSE{r{ZK$)TZ@HJi@RW@(U)qZyQk zHrQ-cHc9%Rt->RBt~Mf-CgZ|+Nzf_!ScP;y^<~Jy2$ZeyGQUoH$0*sf?%1fjekqn7 zp^ZG}^z@}DL0<*Qx?Y7gOKy?a))a+1K7 z*2UXo+9+<4DBPuN^ZI}~ERh#TCB~BjX*w2>8KNuYQY08%EfV|)iC88?R-~U?zZUt4 zV5x@`E>4KchDpyWNSohj(*G`1^Wuazimhg1$t8U&U@LJAuE1)!X?hchNWsSFbMgno zq4UjtV}-Gm$-7v5Y`kcCN!h+l8@=#I#35dFSaFly%}674g9p_umcpV=n?EUnKT17Q z)L2?lCogE>)A3(7abCJb0U8}vHY{wLy&Bi+jVn9&m@$oI(xXL{_Q=eaV$Shd9Nm>u zD9Z)t?Xk?@rg}4UN2WV@2DUb}bLq{MZeRp2o3~*4(!7xLwC8Q>^YXUjXY|mut#tRP z@D1e`SqtQS>s7)RF8^@*B`>8wH3F?_PBnt@aeKFg$YPNLkR`v!mK`ocjXVU0N!qD7 z`c>KekTls|lW1qxm9Kd9$$@c_*_PMOF`(eo`!>Nr(ll=HG-w9Y7Ss&Fjo6jQ%%mYQ zTXdfsq(d=$QYv+tJ-7&n#t}*ai^Jh9GGHavIbZf*BQ*H{eWoJ^|XSb1W6%zLB^eOxrT4G>U?GZQ+vm(viW` zmA>()g1zFC!c>z*x4|aqw9*ZULAlF}@xHziebHM%eMKoeN*gQs7-TDl)hT?cHbE7f zH;mFY(dPk$5fGnIZ5GL5V~lnKn&|F(E2P<`2(KDK(fBUq<7u&Ti{c8HcT=*@W53M} ztOnZDTv%WcAUD;Y6t}=8iq1ht>zi(TDjEqx#*{y1%vn>hfEUg~swAXPQ@c1VSsWCo zwTVrnmIs7TMU*0tP%Siziq-aq+V~khu`T73PA*Vm22RN_t{U7NN)^G?)2l9mNQ0ohkQ4&7^rS`E;iC}YC@{t zF)JTuq{ZvZt|loVQSRY0;bj`0ErY5+Ntzs55$M`NPNNigvCO4Ku6R%n*uZks8^{I= z*^6a_ZdS;0JQ>LOHuofmGV{|iTSpm(O%7By(Eyax|B2a9@xstIElc3QypWYIUg>j0 z8@6B?bR-u~jwG_Y6Lar+O^*m$z`J%~Ez6!txlmxJqVjqo;~*-58=OU1jim1e44MX( zL^eCAgo#)oS(OIf#K10Ts9P0G9@Qp=A%oC%qLvI?tw6;*Diz+#W z)1#Yx&e`{|@FQQfB2x{rXy%BG*7@Lhfzbv}kPFKsvf3gTX;2=yPozP|C`?6mQPwzb zG#?+8d45Tm(r%D=; zJcA%o%VTs?Ht9=xj56((jEH5dZYq_phq1^r)?vw~k*7!L7z%vSaY*_H{g=-~(zeho z72VhiLznBwOU^e>gujzK0MMK2iKz{!qqNbLdvj|PDDg$=RSY^|L^+K)1oTw~3pQo190e+P& z&NuCl^0ZQzV9!Sp^_?!f?aI5rLg+c45>^*z)H@@mG)I3t6{oBAWBVy9BXi>xrn;d-Th&C{SS>n*}Jlm)sz9z4?6r-cBW*!$?@K`MhjIf_h52S z{kQw^v<}cVUw-U7Qcvqoqn>SE__>H;;HK_wm z2v(T)7L{D2+pjyX5W=Cig!~bG zQ=&88MP5Kt=veH+irIeSbDlhFCwaf_$yAkPm0KyfYLijW0akM`mxe&QGcJX(TM$cX zt%M=ip7af((K?8TxD(PHgpHmY1}}K!4+CvoBiT9`h%L+3S=e%I710#Sj}GyYIn(7w z+M3x&&{HxMT`bj8?D>r*dy3I7W>AYfZ?~DY2VJuWvJGGs>0)BOUspOB_;nmx&w5JA zPx{y>8pq-qPx28;RTELPrF|vZh*RQPZi&^7rBo|y2~nXU{s7Nrr~j_A=i_ZpN!%(FFG?u z3Z!Ww&*pmFa>Xe1G5795QXtDNz|<{u=s4jbBc~P^JsNXXP_arywf?$0Og<7Hh3f7| zKTEjX#KbcZ_IvPBbfl-9GEhLf!Ey@lOnpSf>qNV7)_r=f)WLO{q997^s=wITi}glO z*|Zo_y^b;M6;};9C7e3lXx0xQR_ExH2u@Lmw(u>^oMv;!CcIU8wOe#v*QSX{rJVu9fys5k*HL#&{hS*+^uF(bcJ))YIY>vu!$_)~ql$2dn z;M8P(Uu=ms8j!EI1mtN56s9~B&kl;*dVuVSG%^M1zUatv@oL4O76%u{7QHxD)_kHr zL(vyeSIq^J(u}&*XWAHBV!bkOUQeI6H3!a13c3r@{w2VkixGUf-FZ?l#d~8;X_J%} zDkmPwi&jI>d2?rmtWXJ2X8D3e_4Su}Idta{bA7(GimXlfab>T=NYe9WbOS|DMH*M` zu!$U*H@(S-#bc4p3CU79imygZ#!#ivBb8LY@mYPLq!l?sAuKNYceF3uCOtCnBaFU( zfC+-F0meDuY!h@^35D?aW7;LAS`JyvmKYsP?^j6~e|asnb;<_aLVn{Wz;R-Mdy~j4 zJ3^2OZ!|evBBjFN64?3JXsFG(_YElHqdp~Unk-#=w@pq+OK+PjPl>RQSk4R^C)~V~ zf^T@^WaA+J-H{vx+&Wo$iPCO~OuKry$cv<9pT1Pk;h2lD>dn5BqX$s8IgPI!h33A@ypwpN^9b3jX1@nwZ<;-fZcd@ zrJc0Wu+7>vVtM31szU~tt=H9X=>!E^XoasdWMvY!_NKDeEDV-UO zG{rhZZJD?XUDl597H6B>;%tv`Mpk?W!&>k|3foTuRDlSt=2zSDich5L?5lSR#uM?q zodIPw&b7(5w=Zj=P)gzm~olPh|)}9CNV-(t0mbhvZjvlC|s73NOA~7lbCi3x4;v zhra8;?yFeU@(g(ZpEWv|kg-A{7mjUDtNO7(V&L<_9x2nvE5oJpAv_}JUCb?xgyVpf zvYZ#A;a||X^2x5`7J8*D>6S;y$I>I>wbY-Z@#}(xj$GCy`y|K`mvtK{q43O%^!qrt zWZsvX_Z5%pnX@H9PP<;2tfBV#yIxa2mGY{nl!ymP25f^n zVH2CeAJ=}Lo)t9w&iY!Y?6!cF_l4j#%kRm*)=H$-Y5g=UT=aue$tqkiiqX=gXh{*L zZSGGFCbMMOlj#xoa&0UZKR~+!I)hCm@rgqzDp{o};|+L4a-pFWP()MYcb4hBfXnSm z=ZH$e2Sx@d!n#3bwD%=mN_eF#z8blf8|{#S*|JX>xUbI&`BUEaoEDbC2`lm@IT6gZ zx|HUg15eIJZY(c~texFQN~z3VS;ezr>#CnDp(C-E)y<2KIwI=6$xRm@<)K+ERxG zQu3yC!g5%ZL{Hk;niz@qi<`gpcl3^CX&z{qNsh+)lR5c8CFOXECiLmrgVCmg@zhv? z%o|w}&T-I;@PB=m_?NuU>+8gb8S6?zbyy|DTy4UUTN?HN` zq(XR&`F^wMA-iMDg*ht9Y`I_4D-3i5AThp^q?YnMXn80}UL#>#_ir>3)sa%jf zIlU3(*gV1F5FJdQJd%2$oMfTxghHWfF=);Aqyo!fg(6$!*wgw7*wd1hE5~q)V;f|? zg#qt!Z>VEKE#e5$Qj52S=Ab^-F*2AKkLAQYgB`niN7;t+O?KjMq6$UEVvR3GkR792 z!A7g9tpMI?Gic`6WVr4r1%)hbx(o>UcaUNeT=*0O$)(IFq6lkIO{#O;M5MUI=K+Lc z=M=hN;HJFHrC<9?(g#QJHboyOPDsa~id{-6KY!UEl`BRUjSna2J7K+I0-Ub^DyKoc zj$O|2Oi}UWo;I~EuseDNQX-G(wjD?f=Jsb|tYuQieM=s7&npcrsY3nulUeb4s?ne$ zuolH5*C9$V8B#r(Q{_z=-w2}#cU6A#1BK#DgitzK5gmn-FSQ@oNx&k&s4D~J#+|Vao6yB}NV`vz+J(s~cdocg_Sg>5 zz2$|vq}P@La@t`Q$xx?b*{x6$@`;-1;_Sina4bGBpkvnJ18HJ!7^O`lKV$vcQB*iA zVyeXDGV)G|9+hcrjgAi_GGfOmMa=pX-km;>9EfJK>Fka$7w6^wpgz~5G_Y%IB$pgc z7@n#3{KQZ7bgLK(^d$OsaL+^diP*^st*mXZvL!o%f5RmF^NcY9tolYx#*RXG@Yg7iZWTM-#dIViEL` z5Q<&A6=w%&u=0#Eomx#$j}B?cU&Byh+y`nQ@1&5yv$Ddzsn0_7T%G?D&Obb$PKc=a zhaXrmXi=qc9TG>A1w*6z#pRNTK`|8tvt$HsKK?xC=B*r8yd|J z&D{QCP5a#jt%{o~$I`^5mnU&M6djk$^k=UV50vk0WOh@@-hg~Iof?gH?!@U35ghu7 zs0uwurcxaPqzvR%sK1G2N?u`r=F=I3m?*6+&8$PNq9{OrHAc>-#?Wpkj6xi;b{yO36G*HJVOPIAjU)JjO(W~+ zMn17cefHKpySIyPMC6kF$&~Zy&Ac9(4vAMnYb32t-7!9P><$q7jf7?UtL4_$-`b6? z2Th?s;R%%Ei2Wn+MfHhvq&PbaQ9(8L!gUstg;54W<3Q07GfRVKQl7y2 z?%d&2VvtqQt0bPE>Ko*Aks=5;a9e_kJrm}+GtezK*M{~D_1M|g{bXrnU;9S72D;56i8YvC$!y$MS3Lgd!NYi?F6|&1U0=UGk{xDJE2vy!O0XW_iN=Fb283aB*MN@h;>0W_{1& zw=$f_7lWLrf$OLP$5$q+Q`S`nwA2g_(DTl@r*aA4`9OMO%6;6uFxIVb5GynHE9vw*m>zyQZ}8nnLa%IaSWe5`?g8flV|c zBGz86+JHA=pvk74e8aSPfiXN%?#gH&VX!%DAxv!x`AycR0lUq93XMMxAv1BS|G#7>Vw_m>_ocnsUib}GL(UGxXk>TY3 z(k>UBI*)-8YrWo^SvdpqL9T}Ty#7FRk#UJMvwdDFGA=9Y+O~n`+}WLW!U&Kot0qajGncN5-ne`=PPIatUcx1Kx6h5 zZ&&bIX=)N_qG~b}4M*n+JkfHHz8W-0@%7S2n;hSu&&#`8ViTgr($)2Z{ActednBGPx{&Z_^Fjy33i!7FrCGW0E#v zk@P~dVSdE-jcFvjfNX@LNJQLr%Ql$FQG!t%s_y7=if%lnJGzhFs7P}*Ax~as6Y66s zlpRqu9=do+m~Ou;jWQSa+g8Nhi;5MNh->c5F{~g)!EFCnW!1MHk6gFzt4LdTeXT~Y zjbouYI!`@6jLvrkE{Hg-)l^v6vRQUUo-TLn%mz(^xX@jH2S=A{o8KM78zJ2u>G#kV zcJw6}BF=yXSY=WRSd}H->y3$ms@}wBW`sYdOp`DI8>8v5bfAJ1)%7Q6E9uwJc7>KA z^)(o$nyt)<5bKa{T7{7Ft5M6QE6p5{qS82FzoG2QOllXk^&4YWy%KA|9CeIDcbU7e z_aMd`q)5=MKrFXM;oz3lrF+Ade|BiRhLM>UGI{DlB?R*-K+R*27n|q}Hg&Xd-B4Tp zO3?Dxr4miQ!iieBJk2sor*Pq6BNQGQ`U%qxn0MBmD28!zlww~YsvLy@^2pRs=15Jv z7Y&s$D0ypi&(9l$>($hED6uoll}#2-tY-SPxdL& zv^-OU)GSf7P%7C!nj0K=>QgToO<&Y3{yOaZ+kpZ4u7vnoMBoDse(h*_WFV6fe-DQ) z-`%lod#wJV`iq)Emv7%5YXGd#`8A^cwYQfVG+tES9NOO7yLDSfEOJr9MXm4`enK~k z;9o=waw`1v-W90wzZ^z0OqOEvJ{C2ebcY%x6M};1#aBd-59;ezc zQYHW9?d@oK_L$J|iXKxI)C9d_=s(9w+M?A_#PKnq6X>6h0;(bUB}9K0J&FH3;^F^1 zEP;n5@UR3PmcYXjcvu1tOW5SCGh{e1jvb(Jl^;2M}(^B-)rfAW2YsL4+(Go zJ&&Nj@$V17@15rzepHBd1dnxoKRWaa^?Mt&KRKB^F%+r_ol3t8ns0i;TOJvrUCNp2 z?@XU|GS2hIhCZ*Jr{;FcZj^jfYs`iKP`v~=ST<8+@_iudUI@)|38){d7zh1UK zI@GQHo;&~MDzVGzr@xCo6Hho!{*yrYr|;j6mj9ge;aeUp_B5f;ln<{}?WcWs+oNb$ z^k>F`&qlrd>c7va_JX^YahH#H1NyH5{xcT5 z9q=8*pU_?Lr_X{{13%cl&VsjD@C@*ebS5qMj0In`;GMw##jLV&Ttk3A;TQ?Y{~HJV z9741lCN20p^o#9REcluQp8)zJE<2$qz;^?mGk~84@cXMxTT=>Htxrvg3? z_-_DTvEWtEFScKV_P>MowEfAf&tgc3FG2f9LHiK2M|>IDe-7T$HNbxjcoon=d>z`~ z3FDoD_K1gIycuX;1Ni#^4+DN1jH?~+&q4c6z~i7NeSm)j+7AK#1{iM!@CLxg0ly9K zNx&b1ewRU?5ubzhYoNCi&>rz+Xg?2fSONT9V8>Pg-wXH};O_uAgrMJFLHjDepAUF7 z;Ex5o2JjyM{W`!KL2hBdzXx(?0sO^)w*h_}(CGyHeSl9}@Hq=U4)`G$*A(E3Kz|nS z&p`VHz{dbz0{l!E*DBz5fZWyrS1yaxu4;I{`k;Lc;O_wXwSYek^s^4|i(p(~z#j*A z3*gU%e%k>58PM+pd>8Q33;5TeeIMX;(C-l7{{`(cfZq-8#W>)XLHh~7zYgsu0e=Ln z7t?@W4s>P!?*Tq%0slPEp9B1TAcuLtzX9|Y0RL~$pGCl*4egfzZv+090Uv<&D}W~e zUj_Vf7}px$uYmUJfd31$pHu#=P>~*JUsKELm-zqp!?HTrz&{53F9O~K_!8jX27DRt{lL%) z;4v82D&QZ7_G^G&1@zYe9|b&grmMGAK&J}uKSBFyz)u3a2JrJi-)aHJ{Z}2}T`(_U zz+VOQTLAwh$iEHnGeJJ>fPWvx)d~1(fqpOGF9Ux10AGZDhXDTrw9f$kRp@sd@DD-z z3BW%C_$1(WLBCUgKLOfL1Aa5Kp8*_(8=3|DxxnWf;9FoG=K-$<`U`-+66C)K_|d@U z65xjcUk3a$z|RWcUxa>F0Z%}`Yk+?P+OGo+a42+^tN&YoP8HxFhEO%&-O#=U@V9}W zYXSc(w66pFRFFd$@Q0v%3*cV{`fY%J00!0$_zfV>PQZEOyqNR?{wAQ`2lyjF5JQ0f z9_VKPzYX{w2mCWYe**9WfKLLx4)_${SHO6u0e>0rGXwZM@G}ee@gV;>z*PuL3TPhi zCqw%Mz`qFe7Xe=fK9>ML9mcf`_$1&ffIk!HuLAyNXuk&d>p>3dfY(F&(Alp3-vWGA z0j^_+LJ-w}9}Vqm06!M^tOfiKo=0sKqQz76nK!FbyNKOX3G0)7*; z?*)7a=C=>(`sXukmXeK4*?z|V(yUjlpy=qv;NOu$zFKNalHD&W^b z`!&Gd19DpjJPCY;&T;ksMBuXu@CBe#4fst!rv`8e+&h120skn-zYg#W@E->JL(p#v z;O}>+Q#={)e}VSxfPWvx)d~2|0Ph9-0+4eb-~%w;A;5nQ{AU0k2KwWGw*Wo?_<2Bo z67c^4d2AoRZoIf>yf80SS zw+8qdfPNj|j{rOj_;X;qEr357=(hoW63}S}{FTtY6Y!^je0l+If^qc$-T?H60AB?> z1NdQ(^ElwUpx+6=FNXG$fJZ?7Q-J>~$Y&aGN<=z;W&p2;am@n$7^ih8Gza)Mp#41H z7XiKi`02p^BH+IR`78ncR=}45KOg9?0RCxczY6#nAcr-;4+6dp_}xG!be^mKe}Q?a z0{m$p|7yU00&=SX{OLfa7Vv)oI(2|Q3FHR{@`$fRBJ2 zdIA3)(CGtw5bzoq%5q^63Tqdw}-=ej?yQfZq#v2Jmel=W)RQ2ii{nek$-e3HTSF{S@F& zgz-)T9*6cbfIkV^&jNlH@Hq$gDKPKzfG0uz3xLl7{YAi+f&LQUw*Z}Gz&{E23gG7f zz6$sWFy1x5{}1H34)`-*T%kHw|NkA@R{?$x(60u(2HMvEelp0R7Vs}a`#QkC3wRjt z`+-gi;A6ml8{jVjydCi40Ph6+F)%N^fWI5s_W}N1;ByG@zW|*K;Ew|S#{s_s=u80q z6lgyQ_*i5BMcOX94hkb9xPh76CsS z+AjhAUFdfi@H0T)Rseq-;H!W?0s377{4Qv}4)_&-ht7BP|C7K^72p@cyi@~z9pE*9 zp9bTt1^fp3Ujh6y;C~hHG_+p>{71mgI^d6kenS_y`hObC zZx!Iz16~dIZ=l~Az@spawSaE}ybkb30H0yNdjW3&{B)2*8{mHeKHC9*F|_Xl{CSZ>Ir&9rQZ`_yfTI zEZ|4Myvzaq59oIu@b?0p1;D=m?H2)mA&hGY@NWYD%YZ)v_*ntG8TwrX{3saj8sJAm zzw3bC1AK;_>gxZMFfUbr_W)iE_#xoG2Jl7bw-)es0H1Y$e**9@;5&hS3*hI19NGYX zGK{Mo@GnC9PQcHCetQ9bE#Q5CpAGXe1o){i-VESx20G(_-v;uW0K69Xp9K6bfKLIw z1ml_p{GGth4B%LYHVgQTz~>y`TY%0y;A=213xNL&#=1v2mI&2 z=LFzag1$`xz7zPL0=x{j1bjQl zVF~b`0-wu(Pe8vbfIk)JtOEW7z}En$Bkazfb-*73atJ-m)qgyHQ3ZG#%x^W|{{{4G z0DqIyE5-i-|32_p2l)R29tJ!P^jiS`IpA%8e+K$(2mH0be<$F-fcCwBe;L~M0X_nJ z4gvlwz%zh<9Q0uv@E3#rOaT65z$XEJ3h+4vcrWld4frEKJ~M#VLHk+2_X0i#cnJ8J z2fP;aX94gZ0H2G1p9peT0z3}%mjRCgKP!Om06DJ$9tQerfcHWBb--&tKB0?T{l6ag zuLAtdz-Kk!bC7?eE_ys_J3h-ZnoTmZ*Z@^~&{{iqb z3-}+P{T$%;!o17_{$Xgp0C)uWUj+P@(C-r9#{r#Xz`qCMT><z)hpfe8mPk^5Zz^4G81pE(xPXYcA z$YC1rb3qO>fbRtUX952f@IMFmnpB2DY zq5Uf0?*#g5fL{gpI^eZ{hr+J@{~hF61$YYjtp@xpz-JBMw*sA7z`qT69pXSI4EVc2 ze_8-PANXklJOT644)`;Hekb7Tz)vsWD}eU_J_T|c0{mORPX_QMz{df<2k;5N`vIQ> z{HcIX0saOU?=;|_fc7(hKM(ky1^iQh&jG#_)jIIY2beu z@RtMsD}bK~bXEbs2>M+E`~je|4)`>TD-?0{|LH)d3h>85`)a^%2KqIC{|?4g3-}PU zuLJy#KtBxluc3Vl;2#3K4e!fPVw{nF9O-Xg>}3Ht2T-@GGI;S->X%p94G$;b0RKDiQw{hR z0j~jkH|js&4KQDIfIk)RFyIZqPYd8Tz_{7~kAocA0lyyFcLM%yXx|I?aln5c;I9HY zLxBGn=wtxj4fr_VjWDhWz>kCZodmoI+D`%gKfup4;P*hkGk|{^+Rp;M4D&b#_!|MA z2mHH0X94inL;FR*zX|vf;EOQcWx#KQ@vZ>g4EQSGS(vXizz+fab->R8enJhd{@)FF z72xNBepUm%1^B4}{6e5p3;2_PpE|&w2J#F8J`D6*0KW_HHo$wJ-*&*i2lP7uPec1& zz)yhoeSlvM?S}ww27Su_-U57%16~DmCIJ5|(3u200r(W)*MmH#0e=DDGk~`OKeK@E z2mP4?{562j1AZOQSpfVfXuk;fO~C&W;6DL;8Sq)4zXJHhfUg4nahR_)z*9hf9q`A4 zK8G4z{l5(OuLAsbpkEF6hk>6Oz<&q*)&l-~!0Q12B=j2w{BMA_0DeF4(*}4W;O&5) z4gGckemb=81^n-T_W^zhjCTm|ZO}dg_(ws{#{s_w#x()>>7cihfVaYYO#!|Q=uZRw z9vJTo;Lia5X93>|{LBIVOlUt3_yDwD0Q@l^heg1zhH)(cJ_GHS0e?C4y8`%~fUg4n zzksg+J_Yhw2fPO48ESI%{~>5!1^B0cel_4bpnVPC&j$I|0)8pbsRR5!p?w(eagbXJ z;C}|WwE_NLK&Kt>9WdTbz@Gs0djbCh(C-8MYQTp8e=+Do2Jki*?>OKuf%X%CzZu$3 z0{&F!cM9;Y0sqs0Zv{Ftfd2^aS-_tKa+?GE<1oMTfPW6~1;Eb+eii}W2K1KzzXAAJ z2K>K){tDn906DAzejLp28sJ%IzYh2TkbkJz)&E}uKUILY!?>ye9|t~b0RMNuYXQFo z&jLOT_#EKdfzCYOGr;Ep;NJv% z5%5`%&l2F@f%eOQ{}kG<0RCveR{{SX@V^H5FzCZN;J=6Vp)IcdF92Qzcq_aw)quYi z_^AQB9r~>W{E2|q0e%d~Aq@CC0dE032K=-E{zGWr4)}XvT%Cab0{HI*{C1$<2l#t| z{~^G?4(&65w*vifz`qLoOaT5mpfd^hUC{3o;J*NT8t~@;of*J)f_!EHkAj}h0p0`c z=K=pM&|d)jrGPI2{wBbe0KWtHUk3aKAh#93-wAxK0{(QMvj+IfLC))de-_$@T3r1< z7w{^;cS66_fPV|dRRj1a@Lvn~%R!!XfKLLSVZa{`?OOo93Fx;0z7y8LcEH<#|4zVf z1UkKde+v5T1N_Ut=Mdm81Uv(H8_*vI{4mIQ0`PADJ_-2kfKLHF1^rF~{yrG*4B#ID zI6>44)E^)9tQj%@Y4eLr67kkz^?#0 z?SOBG_ML!_0^SSw4bX2N;5Wi}hXB7D@C@KD2YejxH-J1R0RJ2GI|=yJ(0&T=7_^@T zJPQ5J0RDU!?=0Y_0sT3^_XGWTz`q3a7XZH!=6wwupFb~1FatN(uh{iy={T`;a{z~2t^YXH9y_^btd0_fKPeg@DF1AZ3p z*#h`OFy1!6&jEhg0q+L96Y$-@PcPurK)(<0H1IhDcoOs>1Nbc@T;Ny0^rXBeii}W1Nwq5yI-yHk{r?KksRH~E(5VLegD~D2z(XLPTEHiP zP95NH06Jm7TVcLh0RJ=4Zv(s<#?=n^lYmYq;E#au_5%I_;Ij|#FwhwS{5Q}(1Ne7= z{y5+fz$XCz0gP)B@CQLYQ-JS7)y-X*{M?w2_zz;(E&@){9uLFBq1^7pR|7yVh z2J~wHZw5NGfWH{zQwR8aU|zz2zYgfP0RABG(+2oSfVTtwMd-H^@Y4bB1^f%pZy(^l z2R?@Ye>~910DdXx$vEII1U@GK|0}eg1pFn?ehTm>K>KOHZv}p40I!4gvw%Ma#ybai z70ly2;2prv0^olId=c;`gT5^Rz7OQN4ETxA?+W0Z(0�N5Xj50Dm>KUkChUfQO#x z>i-Xc&nmzt0Ivr8T`=An!1qA=TEJfda;^jXH9#i}_}c()0el7cZv%V*=(huY4B(xB z9|k(TfZq#x(g*k)jB5z+0cf8A{HuVE1AZTjYXb1!!aPm_UIXo?0KX9QWE$`p;ByA> zPXL`+!1n;3bATTUbmjs79LQ|}@GAjd1pE~s|0TfR1>;=?{C&XZ3gF*?_N#!u5%4v@ zUjXA;2mH-2uF$2f{=Wd|Q~|yP@M^&0K&J-qM?$}~fS&+#>HvQu$Sn-`F)+U^fPW17 zZ3Daw=(hvj1@t=sKLz;g1-u*D_W`~H?S}y01$YMVOM(A!z&{20Fah{i0G|Z>GSG)9 zz&{Q6G~oXL`OEq81e+EBFy2nU`=Q@nz@G(t_5uD97}pTs^MGdnzZ&pyz+*sv z0`PakxF!L=4BAftek<@l4R{9H&j3CI^k)Ho6Uc22@YA6EJm9Yec`g8cEa=-J;J*ca zmH=-6d>QZ=;AaK!e}{fo0UrlBuL1s2puZ0Ig)pvAo2&nih4xi|zYyqG1HJ=mJ`H?M0NxAjClQB!rvU#m=)*MNr+|EB0KWppH4FGvKxYo{{m_0M@JZl* z0q|*PzXi_S7P8HyH z0G(>U&w+8(0KNcns0I8mw66pFvCuvY_%*<13*ct}KW%_N0Cd^`Z-;Sp0{$GJ-wSvc z==1^pcHn;q@M{3i0DcqD9|!!ofKLEk1AI;b{%fE=1^6M5!!+P^@IKA}{x_gA3;6SZ zpEae+|rg72rPvI@N%`7WkIepFNXH*fcHVaoq&H8@Ls@o1N}b0t3Yl;fWIB^4B&SFopHc#gMKFfzX<%6Nx(l3 z^D+haGlBjz;Cq0d8Ngo;^D+zg4ro6I_#WVM9`JtPX94h&fd56nx5B(E0X`4(mjQng z&{+XI0{pN3f9%~0TpZQiKYlifcOD>wG^l8*5+Mm8+NK7Tnp)AIQWp^o@rD<||MUIK%y(zMi_!W# zeO|x+>t$chV|dS;Idg7v=FH{H`j+qED~I*I}-#TU<3zU6=S z#WU5n{1sohP4g|k!57bT-|`21;b;1mZ{;hW{e8=K_oed?-}3docxL&Q|I(MvkZ<{? zzU8xh%g^>LKiRkZFkii#?puDpFJE(f%hP=6yx6xq;>*`%zU7Db!q@ngAK+VF?_2Kv zl;-BhUew8ntX};y#`od55EpPXwXQprYxxVH5`;ph35-{mWZ`M%}X`O>+-x4gy|zc0vFe|}X0UzNaDCGb@Vd{qKpmB3de@Kp(X zRRUj?z*i;kRSA4m0{_pKz`NpEKYpYO0>Qi`b5ej!!PMKH}s#~$ua;AME?^P_` zFfrpb{FA$rz*Q&oxSE#4arE2*Bn+-!n>Tl8o>YeFa^|$D3brzkW z-h~dR<%a<_42_O^`JYY?sI%!_^=@>RdUv`_{cXBMJ%eske}}GB??G3nXVRtWJ?SF# zUUY$aZ#q}K51p;fp)=I`(gF2;^ysHv{`aQ`)bb%Vw14#hbeCE_M27aSmJfKL{j2ln zMzwsX3hiJ0UAjVj2wkd{4-=vO)rZjq>ci<=wS35B!%((bKGd>dC`0{yI-ov+9{t42 z|15eyT|oD$kEFZQN6~HSqv;lPkZx4}fUZ^lkgiaN=u-7DbdmZ;bb(qXHf|WoRm;RJ z5NsFT~D{wVZ%943(PzVg z^<{LaT3*CQ{?)&s3)H`*bJf42v(?pfhWc_kpuU10{m{#Q4LzW)rF+#^(p~C0x=lTo zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEM%l|xjK;209 zs;{TJ)Hl#=>Ko}6brapFzKO0?-%MAi=hLO?KhQ<$Khg#2Tj*T%t#r1!na)t(MhDcl z)1&Wu`CmW}s9We>^`Gc2^`GfB^&NDJdLiAYzLTz1-$hrb7ty8ayXhkJJ#>NkUOHEO zADyjkr8Cs`(*gAZ^yqtD{uk2&>NdJp{UF_?eu!>UKTNl%+v!I2BXq6$QMy9Cgf3P8 zg)UM*Mi;0br*qX$(Anw^Izzpb4yd1`N8k1G-$@UsyXao^GP+B>oNiOEpj*`4bfbDD zU90Y)E7Ys#QuR}Gk@{)6K>b%bSN%6STfLgjQ2(6{sGp%nH+cD9Ll3BX>0b4-beH-$ zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~sF(kB z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt zHXTsELyxZa^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caFR|Gw?zUna^U z|7v+b0^@)64s@4#N4iZdA1*-t)tPjoS|*ku|LU*P73yhpsahuTV*IE6CS9Q3na)+q z2Q!d=wY->$@xOW(I-r&xRzm(qy!=n62h`bguX;DSOT9bYrj{2qkbkxO;0CUL)Zd|N z)iRL-*FS2Rh>ZGI?@1S__o55bd(*kf3DkZOxLQvOIN55p-a{Bp)}OLT3+Nt`&S=M=c>O)XRGt+ z47E%=NBdVFL5~i5`JY7(sO1Gkw12gH&=&buA4RvRkEUDHLAp`>1G-lIL%KpO6M<0w z>SO34wM?i){?#&Z1=s)TLR*VeFEL3K9O!y z|AcN)7t@XEpVGDJljsWd$#kjuXLOPJ=X8NuCL|&M>Qm`#bqSrJmJeQ{{?)&rM~A%p zpH2^`OX*&W?tiGyqFdBubfa1(4x#^3pF>xu=g_6I>rldO%%4_o{zMcd6xrcF4cFl5SDUL^2%zYI$)R`Bz^` zSEw(eOVz)oi`2iN3)H`*bJf42v(?pfhWc_kpuU10eZ$Lt4LzW)rF+#^(p~C0x=lTo zZc&HnM)g&6t@>)ZLS0Xnsv~rf`Wm`G-9YE6ucfoqQ948Ydpe-LjvoEDm;ZV6fVz?H zRbNkcsc)d$)Hl*C>L$8TeG^@)zL~C2&!45qHdh~TK|BLAXbsOEQevs}`KSZ~wAEsN>?R2C15xQ3WC|#jmLYJ!l zLKmqYqYKoJ)4A#==xlWdouOVz2h>l}qpx}S@1zIRU39N{8QrB`PPeI7&@Jk2x>3E7 zu2uKY73x)Vsro6pNc}Wjp#CeJtNt6EtzJ!MsQ*p})X&hPuX_1kLl3BX>0b4-beH-$ zx=sB&-JaT|SN#&5t?s8Y)GyNk^(*w~fS3Pu z^niMR?p41^cd1{a+tjbqE$TtKQT=baR{aKDp^nj|>LI#F{U%+Y9;S2EZ_(N65jsQt zHXTsELyxZW^1q%QP><5R>J4<4`dzwB{T|(-exGhse?Zr&Kcp+vV|1zdBf3caF2!uUtM zC0(JGiDVf6tGA|$)bgPijQ`c!(z$B+U;xH{YWaa(jQ`d0p>vFX)iUuBtaZH@Zu`JKd(1i8#3aRm+Dck$?4f=vwt2 zbcK2*U8SO34 z^^fQR^|5rW`ZzjUEfYSGfA#TnK>cHS^hGcKv*`hK5#6gkf$mbDNVlnfLbs@k=|=TW z>00$kbcOn4x>Wr$x=1ZQl!5lIK84OzpGs$|<-@DUzgm813H_h?7xd^qz5Jg}52#D& zUiBGtm-fRI7pTvtbJZ8n+3IpSLwz9~ zP+vrkuJ!US6XnqU)fIHFT0Z27_OF(S=eYh?%ZDM*{?%15OI=5|sprxy>M-4? zzKX6@Urkr2>*-Q;gf3EFLl>wU=v?)+bhbK5XQ+Qq2h`WmqyO;oKaU*+4_ z4Ro9OM!H4aL^rB$qHEPR(-rFZbgB9ebdmaxbb00$&bcK2mU8=sDE>hn^7pU*0bJh3J+3Hq0 zLw!FTP(MJAKJVp!F+HGeqkGj4(p~C@=r;Akbc?#3Zd5-)*Qy_-E7VKqQuSZxBK2c* zf%K?j6 zy^1bXKSdX*pQa1cf2DKPf1|V2tLY5&-|2w*8G7_tFaK-k0d+6ktA3X5Qa?wxsh_7? z)O~cL`X6+y`USc|y_POj|C26KzepFT|3&AjU!t?s{d9)R0J5^=ovS`gOWRJxDjI|4rAb-=HhhF}hSeL>H;wqzlx;bgud>I$J$LXQ(X-7pXs{3)G*`x#~~p zZ1p&uq25Rb)D!gRGhY5vHk0wifLcBTkLQ1C`G5q*KkCisHnsd<6~;g6RJu{U1zoF_ zA2!DLN4*tYs@|F|Qg1^SsJEqa)!Wh8>NGk-y*(XJ%MZBY`v31<{-@Fd>I}M9Egup` z{?$9uZR(xq7Pb6P5w3sL@NII$NDZ zXQ+3f1L|Gr(bZo5r_%%KY`Ryy8{MVeoo-Xhhwo7T>KSyS`a5*3T0T&N`d81SOVxYQ zMe4oi0`=Z>u3A25iu)hx96Ce2FC9?tN00u^%m4oLfLeZ#0PSCW0NtfNkZw~SM7OB( z=tlLybglZkbcI@eumbh3K9nv}A4V6b52th0@&PF1Uo9U(!u6k8ejo_ff9fOX(Z726 zpG6O-3+P_;k#v{(D7sC3G~J>O(v52Qp*6IB^$+O^wfvwY@~@T;%A@_O<%3wb{!t%G z=c?rcRmi`(kj_vaPY2XLrbnOl@;{p%P#4j?>J#WLwR~^|*MDmHVK}sZwR}Jm$G`fg zbglX%xWU8I%|DkA@C`7jgi|EN!;v(+VZhFX5;2=%X)54@rOd&

    f9O=Y|r&X zLmUS7uEv#)CD(w@u|3!BRsMVn{O=+h6?`f)B8k}#*`7)JRhpK-%vA*(T(9sG!9{~x zXp!^=AscN^*M2H#n&7@Wx#@bdux@7Wv^^ImDc$42yr0-qXWg#5WATANo`wCW9ol8N z4!n)7X5nM-1=Efz0JsP4$6QPqztbpb6l(`2b+F_{eh$WE&Em9E1Wd}D!Gc^V+hP76 zhYEZl4SP-d0rah98GzZEKpG^oR8Wt=KD7az6WIckJ2b6)C?s#1cI-|th6B922tnzI z=2)FD?N2493_#deltfLfGiA%n_f0!9+z`9LdgmXQYLLOqPfYt^JPYz7Xutn26}ul$ zV&lWc!XgYl zKhCycPBykQj@qualm|isLuS!>-l3USl7VtV$`6XdoMj? z^rz;5jGrxg@Ci84xFW-42{xb_*S#M98&1?30&D5ws(Mr;+voYDhf|&hf-r_iT;r)w zlL6I;_IZ|l>}1t^5FWaXM7B{wdh7)#9UQe6K-f(ru4%csV*{$;@z_UvPVqkp!a1!; zk;pb`cwrm8;Uv;k5KPRf6xPI~pvUfu!8a#cG6wr%U^EwqzBP0nKt@ zNpB;Gr0-&(0*k~_F@r!V)&O7cavT_MauuJXRO|+H*oBpf7Neg*lI6=tP6f8hQ|b$g zg4pWl1^o3KjKn?yTHEJ_p;^o$5`VX#ckq^YOL!~_n^`A( zS64g2_y4BZA)00&r3^$XZlK6qIl+;7!{Px?0wA?d70Efo!PaY$3j`_ zdVejPjII|O;$(Gg6^T=L*FzO>D&F-Gh>Fr($CSq@FSCA4OKi)$17a<^HjIS_a+Q1} z1CWqnl{{D364-5a#x9vy%@Q;5!>-7Y2-s>_4p3@044D6dUuI*OM9$Jo!^XnqI>S@L zu*4hW@+1Ck;xJD1Mhn1B^e1LXrY<%-%MfdJkA=Dr4JDvrNBTw&grfGf>%k~J%Q=as8){d@Wj&W59bhFAO`yoC7Pf7 z-&dAJ_QyLBbWDj=?2ak1GtW?RxUaZ;*9poGL+%(3V=nyDQ(^_10iB2QB^Q!Q33sQ& z`u~bX1rAbL&>Mk+Dq-TvDYWh+CR(`=GeKI$pTDmyUg z2Ip%8J$Vg^^b}?CPuQ&$&M}CNg7hm7O~^y{Ee8s;zDYxUmOE-M-hcQ)8Uw#D#Y9MB zb@5o<_<(1%2g0QcX>j7eRx#cYEO$B95Jvwbjf-!YVs&9b6^~!OjWaQL4B+~Qi^#Jfc#&}wivhe)8iRucRJR=DwfDO2wNn2AA?-fd58kMis+8muMjhfVw5xv zdF4f`<{gJt6COMYM_LVK{7$|p7){q%bh9b+djRbx_!hzZ8j-h{EWytdxhK&QUoYCP z*^emVWjOw#1=?Hd0i(&sPD3D2@+N622UNt29opR&nKNkrBPsyGi(H$bjXj z7*;i~M5V>4)TnwY*Z0$lW1h+l{C)VG>mR?D?(_T;kjb9Pjr=qDobP{>&yD@N_}s*Q zlFtSH@A%x*@3}$zX8t6clUHOTJSjT@J^RALC|I9Tc4pBw5rOYNz&?2|S6GkUHP=un zyDIE_9oN*?OnIfk(Id#RrcDKJry`Q4^+HRW@_OJ&t!7^#H3tf*Iap!R9#_qw3h%gT z$WbJVMhH#v;J^W>8Kd3|OCB1?tcGa^%$y{DVxz+pcG`CqaPUv`n!-+(;GU)MROu4) z0~$V0m98-(D1KGCIrrV2a}RZ{+QvVYaGW3F^Bw+I_}tZhlFxVgFY&pzKkP5!_3@W= z&INq#>mTTx=kU3of1`6g#OMD0FPyW1vQgJAZ}}_pMV93+gNx*I=nu-UHGyaPArjA0 zB-W%n{|aKS`$ZzT;TF6sgIxIvoPWv*YBt@RpzY5%C%7$5PKbtjB%y_7`yZ0IO%@a>em3ZhI>aG#!f^<_rn_P0yG59<6TJZ zBi!wW-BnqLBXGbMi$Qp#D9P=IMIhPbW*2k&VHD0avea-X^1_Xe18D=$F7o?xkIIt+ z@MM2e{wki=@X`%T8UtOjeOn|i%J~CwH%Qt26cB~}Xx|Hz9`IvKp zkz{W_M2GC3V6gp@>nE~*@2{CjLV9&n1)8kas#xIU5XHi^f09Pm{&@lO&&T2LJ}Emz;dbqx*S^FGAh`bQBJu*kuKjb{ zH}KN~wLD`;lJc97_XHZ=_kK9_j)uR0H0uklHjc(d;5}jTc@bQfla>+`PHh}LI3Br4 z_;bK^5MGXOZ5*W@kF*HT#?imfFChnc9)DkjL|o%2mHUu!^ot!ZkrOF67|DY}1wb1| z?|d6h<>6k##U#-~#?iqafzT3Q=i3ObakK~83u6Sp$wdhv<0z8oUyY*+@=*C8%Et4M ze$mzNZ^qGAFa~1M889ypo0Cf$M@=-LtnCIcIRv;$Zr3>aI;LD%J_%SV;Y!{$jwV!b zLQ@Y|qmaC794*<%k?#qtUr63Hj;_1pWXV0iW@&kC9Hm;vFkR!Qca&75Ensd9X=CFj zjH4Hlv66x!`4+HuwKkJ+7)QGwa+2&jU_WVjZ5*vl1xp)8n;;jY^*3nRIGWl@D!Gb7 zfl+uv#?caMF(HRa%V-|L-rSF>7RJ#lzd6wyNEih%WE>rVodG%KGYO-_4jD&xqc6yX z@v)E`O{W<2!cs9u?v;?7YaHDkFjP1{3}LQu^t%mCIDZadu5mOQqZdxV044{WaJt6P zk)xf&%Op&N(>0FvfgO_NnuO$B!v zDjx{d#?jil9l0HFeZ8ohHjd_ZaEzm;LHI_K=*scIHI80HJsmQR`sX{!BZi~l#-RdL zNX|8mu9^fnZ5++~LeZN-q^B06WZ{%l)r2;V{*2X=q0`7N+v5o)0Wz)xsS6G}#H9Id?H5Ep=buW_ZrHI7z%)ZhSlMhKCJL&cgn zD)>CFppBzFeo|>#9n9v$rh0*&2re3`<<`d02k%z8`++(6Uv<02QD2zS{UDed|4p|x zj=qm!iqIY6GHa`e543L>Cwi~ zGng2E4uk_mNz_>1W*nX04&S%~>+(M^iyB8Cdl|xV6ux?ZL*+dMO*QV?I69#;Vo(l@ zY?q}Pcx@c*cwUGuB-a{*t}aP(a%$t~8`aQ5KnF;U17Ql0RIB0|M;p&mPm){)>=9Q< z$T&J1W*2@Ow*%Xy<+XA2mxZdh$@hVs*7Djon((+I{|m4`wY)Zt-k6NAY2#>5%+nJ| zmO>4ffrC>gWE>S!G#kdz6YnUJYy)N|Vyn2h#?eQj9c`n4O(0ygxQxR%`X`K|O=4ipp^iPH7U?UD`O>d#$7CXAs2L{|%TnjxH;Ux}^jd zWi^XuKOrgvLIIID;7XHg9NqdoJ_t(BNFNY}YfUP4u5mO0V`d+b=78{^ z)}%lqsj^*+gYNX&$N|;pCIJ$Y3A*zGWxG1Tpadi42DY}6$v?z%+rJt;iHphrJioFLk zn(mB5!&nr=GAKB#B#~z@pQE0+CbTJsQO*cZP=xu4JiHfp8N>Q}mg*%Q20yI5U-IDF z7##&cHZ2H?Joj}!3WH!j!?^Y+#IBPIx;<<+pc`eCP;uo(pGD1=pM;+i4Ws5*)x$8V zLnzl3q?^KmER)n`7i2uPT^0FBWq%l0_ubQgxYOZ#pgKC=$zN-iYn$}uo^l+|fRBc-R8w6A=M zz5w7Jn!KBoC2-fVwJb|rM~lFu1DHcG`bxXy0E5|c;kb~b_OSq4tXs%LdJ>ey8gs;- zuaeB!4&JU1m+T`(OUbjp%3?iK+E|dqoX^1fGQ?$zbq86A`o0#qE4%baeClrt=Ahtr zF$6INhe`$oPmp%k%}P%tK($@Cu-W<^X&?DnsptT_tIKiB*0ZG@1WaCz1$2)K7dBfj zlaZXZg{FQeoaxa6v2qBNZQu%8XuT+)(j0sm4QdXMszG>OLW=@w%t18>=L;?*>FQq= z1{F@AY zcWMS7}k`o=aq_`!1uVE(8_=V=q8YglQ_<~aN#7z$^cG^ zLP<>FY&97hTC|$|ELH{_#v{>oSX=DTwEli<6Xfgd&zO$MRN5xUHz$*xA>Jm)H#f2* z9(2)X!k~%5_q5&cThu$U6`VTYFnUob9>v%;d-8|C2E%!>3#sn-5F+t5LB4zA)f5gf zl*;pVtGRgo0mL=nERkE|p=_W?Yn2@{CWmp%T?4pf7N^T2-BIGGR%`L2R^ z!`?On&fdF_@i;j2l0&C7-LlKWkS5CmtD|uWiXuHG**{a-AMFRNJt%!OjRI7J=9TtP zEJ2b}K)GMjI9%*y$JNLIAB=X3lOQSAfwIM=sctuK0_4k*_Vkn3OOW)-!(hDYvLvUH zVpW!Q@?vaw$E-_W{GnN#RNRI4)t7b_)}AmcVk(L?4wVZ0-XibA;k!GYd+*$z_ceo2 zu@=6N3!-dfC+gErop8v8dWOgE{h55D#cF_w;@JV3n)y;Aenc&^T`y`zqh1E~Vj99Y{BPA_iz zuq9F5GEQKI0vjE|>BVgyb|KndQ-x7J0BlJJrx&+<*o7z^)eMJkGq4vzI1LSa_y+3} z=m&83=qRvvG|s#H_#Uakokw0a>Dz!UkJcN^k$-@ALz8)A;KRmieVR&z$KHdA3x`S! z9vS#{V@snRNT_OXuTK~~<&p}G;5S=+e@lB;3n8+m!?_Cx{WNI-mkfFV!8bLYnrvwi zsKmkyd;DofY%yF{X|bgt-DM1$zC}z$L+$|KpeE6kR36aOj_)C-w9uQrzH)f6rGk?I z-+_3os2F>|JNEeU4Ldj;txUwdDE~MLm46;X_?8&;mERP)hckM;^XJ({5JL@#+Q$VbllWoGe62G3|z5OHO228iWc& zDx`@<9=-;q{ZxM^K?*=K74$1{2NX#JqW^@+cYt$ zk7-|q*_{()CkXp)(?o*`-)xYchelNR@)Hm)-lmC3^RUmrOr#f)Zi3*QULV6+b+Hd>akFrjmcBZ^HNE z_!D}6#Shwn@F2i7n(#gm^!|$H>kIJ(TwVmeS96S+nuGlnFJf3poYTO+(3}+F==~LU z+-HbC2}96TKu7``*4D)Si`X%-c?Ikz2&@hc-Z61Cx-Gn8;u-XSlmt0Rx}`;I)da;G z7uj4F35)80?2QKyMeL&a6V$l7XjZ=jw+V2VioN}NNTv_Bt_KB)kOc`;P|G+F1vLC9D7x#Ey1rnf;MNIRN6t68K zAuNm-D@ac4mSsKI7HYY@6e|Fv`~Yqr<1lvL0$7T%6}BA*><2hsbseLK(n+oZ(bhpxV5hS+HYdZWvUS1D37v*bv?+@(dQL%4WbiYCI{VzPtTVbqkyMqW`O5+6q)o!=H%z zxHSI8*|A=gWJ|%3_b~=Pr%|`%9Y4b1~FNkpy-iJ5rj@MvO}sR z(%@Vkhf#;1E(~>*k#(`SHW$tevtHzs9D17yv#3sbpW-%RMH;w>&PZKzDp;Q`rtN?>}P9|X; zLhO^Hu=Y4S?ykTkj1*NNxI6OqvX%(oJ_?7?lDtsJw8;E=mM9C?YAzx>6Re8I%*cDO zbXhh9)Tp{?M^Q6#O3 z#|C>x8B0)b-Xetk4VJ`y4{=Wgxr))LfLW5h=>Jf)V_il{C6~uS>F~JSfj)SgDpRV6 zd~z42(tOBHz(Q#9GmQpf6GDEzVRu1+CO;bxGL?`(9T*?u_EjN07CFZyp2y!?_I^C; zGr$-cQo_gy`&R^fE|A$;Nh%kdcOn-HORR+JV>pb3q<)2D=!3}f*_PN2=L0UpS>Zgc z%sCr*zBJPN6bKhIiNnb4MBL{wKb5ltMdun|3z26pR5VlwzO>&)`G^OUrs0(o3{~bZ zTAGJ7?nWJeO*DZMD3sc&%u#Z?1@9+hQ2OwjXd|e-p-N1*H;<9>)^|lxhDKdp|NGf5JL@DW8MXF7k3SBqWO|#%VLMJ<6|??*RQoGoB>HJjRQA$+F)I zx5SGi_!|f}HEBGq91>>S|H6_hCdDHZX*iT$D{-Z^kcq?hnYV!?>%ggrCXkHqjoogF zxRqw$cd9Z+0vwN{2kl`^Nr8)OuC7?8_}?_5R7rogIAke}HbPdX5l1CG94(7XI^YSs zrLlva5@+Cds4dNYvIaGy&-rUEa2t&ssk3KN@H`vPOiF3@LqjXCL51}IB6xw)Ui39a+5B-apxmM%$Y;RKIBjT?)qn@Iyf7^6vTGY}S& zUPOt&Xm$ajy8}Uy^Fer!NLMK+s#$(1$jz)tZ=ytCzOWy>C60UiNL(y zuXqiD@l(LgYCJXvZ>L1;3RXlaNQ>Of`X9slQCLij+6!^T_;)_Wzc@HK9DKaA7a}LU zgl7V)OgIPcRsNDl#AI1~S2CVsYK&R{Y^MpP7(-nae8ecn3DPiNV+g187QSEh0ADEW zt7u^4T(~cFF-b8{g)QO{X@BxJ!nXU2;+OkdI( zJ@=%SJb}KDR7Lh>Pb_^6fko&$A|n0zUL+Ec<`yP30mLMlh!n~1qN1mjqWi&7OB;)> z4kaU$TH1K10?iKd(nhvSrN8+V1!963_ztp_>C-4mG5Ii*cGoGx)8-<5-$|;39x(&< zLJ-NP5K*L;8$;+?Gmt?j=_-uAb3f4N5k{afp`@VD9DDkx=O~JJ(}nilQR#p;U33)b zLbU$#B<6F2w&j0%F)EPdNWY-Zisa>)hHv-{Lj;p8JN5|tc@$cnz+u#)-0aL)s%1Ak z4r~|P54xD7D^c=`p{58Hw~|ShG&iMKBA8{_xp^itX!R2va zr(E1oQW@1u@D9sPuI7+_2H^&gC>11KiITLMIT&r#+J!PN&E9ymFWAkpv+r~KO+yM* z#=(JCB4%yU+sCrYc5w7I2cZ*@LVC?cluQFGyXF&)rcof=b(^L)v9WJ(xMlDC(n<7@eq)xMS0OuzAWXIOn)f(XpuyMkm=4SZ5cP-AUdZn>Id$ zd22X~0(@6d3Xe@`7M=&#YHUg&PcK;#eo`FC5~kyLFR4vF`zMzFV+P_KJl6Td4$VN2 zs(+b*m>iA>{tRt5CI;abM z;bH5KiqjqVK+U;;tI!NYU=+SC1D81(C#@oS(4Fd=4NpMhv%p@(@xKYALiQ4c|5Xx0 z{aH<@B-AqylxXSa5nN8fpP)x4Ax9~_0oo-lCNao6g`t>GH-)QX>iObJ3>cu$dhqJt z{O@}3H!SZFvpU*b+j$4Qj2f~IRk`d?)o zQuwk$Br0>Pj;C|d$Cp5y;{u*QEteEmOeG9H+Bu8|o{G)`@#OA%smu%t3@ zPQ$zpy(tB6%*Iu*{zDMfr%({kL@ac*C!vYZ;pEbr{v7pXDF}O95(R;JFSiAu*ILS@ zGcThyh;1GSUyd1!_W_+m1FJE#B$}CFh5s9ia#9)j1|8zX$@9E^XrtyS3ncBH}pCsY0|G#KK(gt1W@rR4tWhy@@-s&UZ+g! zk1j2N|NJ`T>P<@gRuOSYxBv1wWxp;keIq!^GxA#bs9&ed?Gve(|Ao;VoOv#b3Nf!pSOgcfut0go#fIy2{hs826?osfuwaO(`XQ78qScQL z5suvV(3O~KdEytDoVC{=r`r)Z$Ai?PKhd*Unkgb%dXBF#MMccQBj2j=^UHxsg^LrY zP&nMDB^{@07Pa)(U)p666a+u7!t@d9`j3 zWm0d}_wi|%;6N$%u%nM&E>fR{<}0Od&v0~q-u7I88EYuW)rd^`m~sc{i)n<0Hm;1v zQ_82N14e@rdOr1hL&f76&;d-1gw;qpW&uX>amgM}OrDyRda|%^Xku%fBxyBW6}Pqm z=G|L*W_H0|YA9+)Ai@tB-N+N@a*4S41!x#sdfxpWpL~Jqw=RW0@DqlPjfhzaLsIN! z(=+=^RYO!-iKtNxLFun+h=0l!&LGa4nD*#%#m7s};f_j42U60sDMoNm!Z|78DwjsO zE%5x+LFM06*Pl?<(Us^q3$;UJKhN2^uzi8UQKE;!QFHMmVqL}acBH||UoAr6_9AWy zLgEIs2vSQ_-9ift)p%#2oK0fjZG5Qp{zHi{dJKJm1#0#I*=1Dm_v-3oFvZ zSvfeB2~A|ESqE3sYG{fn7Xu}k$VyDywkR&e_`*sgD;as45}qwk1qfweRgyEiRah`I zVZ{Y#3u&Mhz?qARSv~?=ymgHC)NG^Hhg||ezatjreifV-0MS6K(7Q!(v&(QfI(G#X z6beajm6Pby0LbfDDkkDyft?)X=x}pGP(P!pOQH5j*1#$&5toPdApV@E*4L??5Ctb1shf*3hyd2*2 ze#0{cwqgp)jeiNEDh9~G4=`g}Dqe~jtN*7MREAUGVxV#`0``5Q9$xdsXn<1h4zT3r z1jL>GL|jI1ejF`WPzU#BlHLt?PsWpz31D%L6Qt~^aF*I4~|1QoG6{fo65s&@1b}C+KYi1?- zS)6Ca1SQ(?|02qDE%#OeomZeHU0wEF#3H8A6;s$X4Kt^gir+Y>kyG%fpvuJ47IwjG zjXBK&eK80igx}YlK6KDs!n7^(bwusUt3qrdh%Q9Tc$%*}Vw$m-=_8i|8jAZJ^{_d_ z+>FW18GWSqoRGP=khB*HKHdlkbAWjWCxUO?2Cqe_H~W~IV5%g3!dgfx!4-sbH9Nt8 zNDj4K#DP5ocQV`H#a)7FmmfwH+;+qitS!qy4KMb|O>;4{EFt}|yI}5+G3D?<-+0+* z1pSSL*m8OFDQvQk=J%Ao;a`6c?+2H*r2jR(@JRn>xbQ?(EJkm}d!i~8TaRizyA|qU z8CBPxf=0B|p1yd6yuF=@-7e(EP zC~A_f)b{{+(N9zZwO3jx`U-5+6nhq}YWWJBKePlZAu*9b8>U6gu?M4_V?D)?j5J!| zn5gHSpCpSutejjh8eY|?6&Mai)}Po}y++-nZph0lYd@~*sq6kZcu%rn!Xk2Ckq7s@ zc;bZ3Y9#p!^TLyH)Iawq@-X9LzxsCYmwxr_;ER6s&ET*6>YKse_!k`~-nV}GcJO{V zaM)y#@sT;ayAY({Ac7%>K{x-26P&=l;?r$WKVB^8})S&9U+8VUEd?u7g3+eG@&enO%q3JiA)Uw3l92B)JjHXEa;Qp4P)hRo=(y1IWw6z>X2lfm3+CX*YTg zYd_ZmzX}y-o&IZm($^)z6;*JuYyX<7z?=N=Z z)fR;AM51^}x)N%3HN~t=gE(h)wX12T)^Yru1=1oCp};E8EDBZYIa8hDGwP{A#fMwxQ1Kc2GK$Y&C>u!%TR?rN`1BnF&t}7Yv5QF_ zTk7Joh|`R0WkD350Os?EDPO|ht0dBc)al|gli6p_r(4ZfAj{dV(a4bV-hyy zfxI*~;_<+t0;h{l#ol<;gXGhIRd(^)iqB_H7)nWV5ZbyVXL26JXE~CZl?(+o!NqSY zK0W%V6p)KSSVbg?m!zvu@tMexmxpM85AfA@oQoJ1&Pm544rU+;Ee@D&I@6Dg!u z7oU_`PBQqAiLp2eYjTUv!fxmRQd(32p)QdMX>yCtN(`bY`{W%U^l(XPTugi>Bx?)|>;^Tf^9yJyhHz7n#ZAa?)r2gYi0@5|Q0~v56{s;X)SOI5?J1I9dO)cW zoBlu5aCa>Ef$x=?X8*rx#&T!|3sO@nKwpw@+sJ`H+%}T0|ErC>lhkCldI{Ay`ZZUc zb~`Wa?LYAJ$!*a4G7h88pWwOun%<+3?8o7J%7tV@#+`o6@BM&Z26n~8i}q`1zeDNv zYic~Ic(NosFNecuMKE3IehqD=sQWctL(+Zi$D1RQK$Si4H%LpR>#+s0AJZ!>t9X?F!WbeEnaw0L>zaSfhwQI-wrKJ zS32u?dd3|j9UE?Nu;j;}d`kipHAz?hk@XLjKz8|%I*B-x1jUWTbk^VfJSLRMwK_<3 zh)6LJrD*rZsHMi7masw%hVx_`dU~IY2;{1a2ue365YH8qq8%Wk9x(br&A z)w#8Ee%(3KPMVdg;ZN6hKSG?|)vEnGH1KYsZhberCG7v?O0!35qRXxC_I&HqZ%%#Z zdC{rgoPp9^F-7aUUw?J@&Om7kMv;XFO0+?zwE=#)10~w$(;X0PhWGA(=mlIS|20$% zh;ER8GayQZ20im7l8<11i|Wx7q=!qX>{524c`CHXrFE~ZPN%p3wnCj=N^BA8^p1QM z`Pmcd`r$C{_#2=eGo2_4Yzo|GyO``l1l{Rx`>JrW}9??w0!T4>R-o9rI zrKAA}ja^cx)BDpIN6DSQhPwD|o!&CvIPsbd!eSy(yd+(PI=#C%a&D*h-me{hUjk`A ziBRB`i0<@`xaxTRDF|N?DWq3-dZR5T8E%2#Lq-m{U;JB%WSv!tYfxYe41c2ACY7n#*4`~ z6k8Xc9@kA#4f3)Uum*&4;B@i%7As@^{xiqE@-rIg$Y!fclmDn54tXC;pT zd)mcsD?S3t0x1RL0T50QiQ*;cDpY)ybL8COvltV`9QfZsxf+Ns;AqMPp#_l&X>yCtP)y--GzNe$`Zi5&@tGL31ZAIm0E8tjNfjR|6orZp z=}P|HizuTq$;cj`riLZIp+}**3+?SUN+I~o0JkB^WIPMHC*i^9SN4bV zC>N5m7 zNzB}+G|Fjky^n|#6Wx>O>_>ubgY$kIMSBwD>hvTiq1m{jHhge<64Sqd@Hx=FD=e(S z&W#ked)%m5w1wpw**Q^&(%}hJ0w27D#+^5gOsHM+019QeXt?vD6bW_hZVjQe0`O`$ zjQ4?wRE8SZuZ)DX39jv3MDhaX21j0n6(P_5aH%1hpvyWG@MxDJ6xzhT`Kc6JjtDUi z$Ra||lIjNZ8d5@YyIXx_P~QmTnUE}_t?lmY_bj^POPjCmD>i2JdUAj%|kws~0fvO}TXwPOuBh4v!&ndvEe#^koD9dTTH zzkWvLVtN$lPsIF=dL%f_^sLEL>!WA65=EYB*`^XC=ntkMR8PT$re`^7YzoJVu0)Z! z6PaEU67(lxR;MaI=9|iouUrYr=zj{;LHR7LiiIabVDTqU{xcGywq>tCx2d)aFNx~1 zHeSNrAVuwPdkGvZ8lvEOJ`=)HnBW;+4;2U1F^8n(88&*N;13AY4)@I62Y}`_a6J>( zwToNdVAx$d-1?qQmi6K?I7%Z0rO~30g@;cqN&mm`|I}ni7Pk|hB1uooViNI$cLsMm z=`@PRTI5uG7Hq}g;Tymn`!@b&e2OAosc*#H##_`bZ4N_bBM6T-HAJ8V z>3%McKc)aUHMH6Fqvo%80i}n#g1Y10f?`uZb zYy%9^uD*T{d4e@bqweVqk;Mq;QC6rs;@$4~7vgOwF(j0Gi@Gq>d$*sjV#e?@jVQy`{ zi4P9$jhi}rQ##lMk6&(GzR3(eh*|R7dVEtg*dKo8*5{kr!G0EQ8t_eCuuURpd3@76 z_;yF!G~%1~!R&8wlg~HZg2j=qxlKw~Cxqx5+%Ou!X&U3h&CuXt3PE!Y_1NHLib4y% znHXI34v?1qYlpDHHaHne1#;U&r6I9q2CIF7o3;@Ra5Fo&eKT&_g%^jm`+}#VAk!hD zG;SUU*7yTR_n_x6UPTBFL$#ONGp+)VRl#pcfz~UbCT`XTSO1NhJ2^O;gRi1C$?ff> zlCUjEA1%r4*Ylsu(HnWy9O+Mu3E(QDsa1b3A#4q~Ad`n%6)va)`mf;8L2>6w@JjO%&Eq zW2B;&h{?xPRNhP@PzPtCPq>Yc;-R>mR^eLUg5o|ow;KdMQ|>AC9|EbmjG%PgO(aS! zNq3TNkrY(WQ}&pkWh&ZNMB}8mjhphl7n;*0$M!E`(H~U2Pb%VCAt^d26`8NOD)_3f zcce2VkCOB&6~varEtI5>wgGloVf|c8q{KIZ`nD>q?$hd7vy))`+9D438-Z>(Q-W?@!I5BllB`b`1>QS&>GXjs{OscvPQwLX(QuclZ622V41wa#&f-^%9 zp-Jod=nGgfr_?~YD(gRjX#Hi;*69G9v==Ql5a`}7d#11V*=DH zX9nlb0TLTQ#k;Do#v`C<3x*(~=QuK12r*}_NNa#K7kPs?Wm=M}P8ohGF>3(RX5J`H z)Zwm_Di@RvB5hUy@Lnvx;2-2u+B871=&G`P8xc6~`HB^D(!yL~60e{R1KG)L0Pi=b$eu>H{ZJN<}n@d8JidwV4R?u#1#3 z*w`e`P|j~@z5LiIxxdf_%L|hn^h^JwIKcwJuL%AFMdGG3yc>&jiBN=!n!wMUA~d7A zrj>fAn-GD#M~zSKxa7^jZgn`*1Kl@-#XZy&zCMvmCt}ZVA+9-vf*sp%b9QY8kNcyanR`8#9Li*WcI+4Q-ElqI}aSU(a6G$QpyCuMF) zgkq+Q8H*slrj@9|Sec5_ZoG;D?6V@6Qy9A}K*sEsrD}q3^B)Ly_@>gB5eR<~|KZNR za``nCZNyWjBtCc$OI@hIsZ6|cR5q?8T~|UG&o7rq{r$l4X1LBQNqw%srrF?^kD(%9 zwMLID5Y-$GStY2?8@M_O3MwYhgA;h758Nvy(K8ZwD2VGCQ6-80_cSQWiO!_!ZfkH| zGr9&{FFOiOt(ZKzJ_qx0e(h-1Uv4*a)`_{3+z-scb=~M;bp0sSOy$>$nMBueM5Yv(|AbrN%0dMuIun7TfMMRob>6WRS~Bu3+S70xP1fW`?b zY?~43#)&FC*Ad6YNh%BGn18TdFjCg!rx0^)a;C1znZwTXfw+xlcj*7YvHMKw)?U>0dCo#1FWBQ@+{-Qw`yr z)2QgBW>7Jt|8neNJMMkq5*|K?|F<5&fM14()0#Ak*1*}}wEQoe|Lt(<6WH9b4iBeA zUDk(8X#rD`%?`=s--AAoMOEoe*G= zVkk;iPy_@-P)tz4f{oZ-OB7H?n3cMX+Jx|2${r-rY@nzrW9aKcBtj zoadaGIWu#n+FdP|8Hm; zE%Av0; zqr$<>bh$Y?BZJyz$W3L&yVN#IZl+|sO>J}JW@^TX)HY9Ure(ZIZ42dQdd5g4XEd4uy61fd`=>vP8Z;uD)9e{!2>0kouR!%0 z8P3fHp+9w82%-#cv6)s5CL>2}%v=r9h%cvMiglCpCPuu`+fk!7OPf2Q0Wn(*=4)c^ zFqpT9xl=G3^<~$9kz*Q58AKoOLn*@Wyu6?L`fj}G^a6@OmjU>Yzkdo{mRhHm&O1q! zA0c;G7UT_p$_FG-c4?%1h&y{Bnzuk`XeO(VFEmWIJZ}q*o5aQs;Ywy8%`{};T`1$_6HH^g zi##46@eWQe>IQ|F7%8uGa(HIy4hE1``zbk3I!GxmLhux{J*w3&q|O&(7R9K&QGLo! z6tngSsD;DO&n)lmW^x2PlVncjnFD(YW|&sP_`D=TM6 zs_=_*AdHXP8HG&Dh1UhlYJVysG{DX1OeRxjk|K$c^t`NF(6Ec0jG=@`xj9=Oi{54V zv!=YwI)*pT>x_8>$ShK;2_cY95sR-Ol@`~$LVn3GW;p@d#mrk1049W1edd6FuXHM( z`xk!U@FT#Fn1p@g15{zh4j^wc2Kk3%=~7E4#`NfZTaLtRHgbF^H#XE#g*%xGQ{6(A zUcRUs_s(sr;jA`GTC*_o-CbLR&X^5tFGzQUZ}P^HX;X3eSoH6sm1d6p4XwB59R|(wI9n#(f-^(nlSus)ys^i9PFOMMV?Qq$OQqpRr$@(@xJKj98e3Fj|KG$Q`ASq$Q_d3d5(@g~wp7sN!}L$8^ja3fcG;smFzvpgU9Xi2<|?0K7sX zDw&8aV-S(M9I2?oe1s}Ig+}?(7-f1uK3jkGU%>ZSzi@L4fWmIZ83ahWS}kr4(xqbJ z%VN~sn3k=$T&Q>WR3k8J|2I&0zmxG~5Xh`8@M#sDb;f%>NertBe;5TV-A&ks6L?Y^ zjmuoCZ$_c7_^%kPRj-e5{fKzumUxt46}?r80IH2u29O-fvk|JhR%1Jg#E3@FG`5pm zhrLy8+3h+ru>puq zOTG@0ZS%W0IDX>cNlx26I67_bIoDBc+ccEBP}?yx@H$T0pV7TeZu??qM}^gK1Lq+; zqvE*a7pUUb7E}>lf^2Ae9cJI1w!MIHRo695;Gv>tMh2r6U8i{$Jv;p^j3e}Skoy&X zhp{r{sLgZeyhhi#r=i?RHOqojL;RhefKhF_Yytb+tiPXd47(Fp-2-;U4c8(~>t)Ia zMq#|Vo`tEy{OFyLkM`o`=v;h57Tue2)|*(DR6qZ5kciJy^?6X!HVuAJwS8zKV%PSK zrdSkRH5;-T4~n9P(jNqWvo6X;1pbK7cp;|{gsk@wVJ^kzX4MX z{(2vyCo+sSKNIsq>Zae#BTIcF_;(PKLJ0|{4Zo|4{+RmiYKwUu{5R@g9{m=!+aG!Q zdn`4LWa{t0|H;RwHmz@fiUZk|D6W#qRA3_bOE7p=y$I}snK$6mAW45au*zcWDi*At zQ*ZjyMqngZV*_@J0XHD*-%`)oj@LjyJ&7DKI8&`M=Jtj3KiT5^F44?tPlcHJhCi-D z;vZ|e7sW@nzHSi9@<1mw`z_49@Gd&YN%{nj4IY5P$EY-m`f_W@I?_oRHXddG`6HiY z%$~b446Q?))bkrDb$~qR6H(K+NFQia&eu>f%t>Q=gax(r2{Z64F*@E!SqyaLQFyW+ zJ<5s5&3N8SaI()NXIU@EO?1*Z(O8*{$<62_CzURz^3iF4O*R@U+nkCx9PQ*bWQ-f0 zekWLuH2s0;3{hvpr|t#+(Pqh?kwV2yPaFBZ#i(xdP^HhO=e$X>=(%> z97yyvbJK9*v$(mhQK?|F-UfCOTFvOLhD~v;8;(Qaj6Rh2heW><*+*0Qtw#OG9)I64 z(EEXE+79L;0f33HfFkXlOu*}4ei#54a|>vp-7g3@0Mg$9fN{5gmfHQDfZTV`z~gV@ z5CgQG zuBaA>n*&q{%Z&l_((Ye(Bb>*;d?5h5jh4&;`e}DMZuG}seiHy#CN1Cy?JmG`UVRwM z)ZKnsS+?*x+_}iF0ov_~N87qNn590z)FxTrE;?AJ&Vb+U2oXIDfT$1BMvHiWq1yX( zC$t;~=E(toGAea1{C#w|_VAG_{4ki8CIVcpdK(?7Gg6Pm=Oicz`gQ>BCaBwQP~eK6 z9Id@C{+g3hm7bo0m-WPXPQ?2Xr_IA&t@AMVQ*7k#wVX@q!Ef z5|Y*A!KX*ZYH#Sh7Ss=b;dMabm&a-Etj0D@GXXfU4rtC#&=l3)rqMP|>j2nL2Q(h9 z6-Ti+>y01d%sAZ&z%d<}&l)L#mAdk`EdrKX~TBrK}HPA;Y_bB>{W09MG z;aLi*jGhACj2OQwhG5Z|I%Qk6qgdzkD)6df{EFWpKTD_f##;gO5&CNIHpcipkAVCf zo%tJ5L3gPi0&ho*&v&Jwb9L6Y_)>|^Q@;n^o)~{Ox>?bAI%OPQ{NVE*eF(h6G5+`M zq5n9Yx(%ax)@a=r9gQOVZDG4(3i!us@9GIQ&-#EjFvh>-C4|2~d-q_vL5k26@MgsL zH`9J6Xz!aXw)Ct5uR6xxgWh}eMD5*qwdG$8-o_aJz~hi#sJ#V4EdL?!cEtFHnjwBC zX>ZtG%YP5NJu!X-z4s#R9Za+FKLp<47=P&{(7#xF2g)qJ@drph{x<#BiS`p#Q2xK0{gAd-m&AX{CnVi?(IMV*Qt-7 zMu;751mKPUB(14Q;zK$zsVC-dnWz^4c#|MWVjSpEo!WPV)$~08zXzJ6y)>Gh(2?KK zy%J417^XDC-)M>hy^7_{P>Uo^y#N?YkVL$MIc$uzTc=#x!5V8i01E?6jFV|f4Dth= zQsJBR9H6dEMAn7xK`wN}L=bb~K0u!h;EbYeqqaPZLiV+ed~kwNVu(FJ{TLucr?HKT z5lD2Ojx0SHUv|=fDSI&IjK4`y9P(+j^3k7l%Jy}bdSd9^fEtj1RIY%2*C{Xcv7kx- z<^&*PMFIV(y~4+A894)hivo~@DV4>ja~$u_3v6w_8K?&Wq@*|w8FIWk&>xa=_c~Bt z2FM^C+Q3)WqL`*R-VO{11g<{8s0V+OY$?zN*`zg)S&sMjH5S<(s2)Vdl`sM2INs(< zZHmSLFf{;~WDBT)k!y^){Z^Pj( zUkv+*APLd7j@M-%`f<;LzMDKo-VACu(_m5U9dG>2Kz&cdrwJ&T(T;<5aJ;vx;i2*Y zYa2kt;DU0!fe5yv#^9P-BP`yBN@Hv~tlhCo8hr_B)OTU}+uDEu#SH;$&Tb zCPz9a7Xomp4^j=epG)-K!d@IVxZEc++Re#%+H(Y>9|CYk0G8cfXc`u$w;VMp-W>U0-K(=wk3X1pM5-XCg9v9j|gW z-k$+^yw8$$M$;^+Nl%OfqWzuJ({hc^I02wj0w8nUVvcZ9AG*_csEfhBJ^^FK1*3XH zNwm^Q;y_p}+s)D66eokd;*gi`Eqi@52vhMEEJ6>2KX&+wUBk?f>+Hrk|aR)N}9xEckjm;Ex0%_fSN>K8gP7q!)Z*)akbY_#^Wkf$DN#!><(Qlo6sW@k9euNXvbkn-8*Mibl z1yB`YEvUHv3>rJvjZA=@ePfdtEp*)n(K_gz5P6$oI~YQ$@QPgb7G$^n4)kAro_;n4 zXzseRZ-YhBzrf2d_=~W9nSjZnp^clK_NP`I!0Q$80_w&Ki=i_jB0E)}AGByA2cIBKIJuPuG#-I?mCXoGcno%M#7e+nwCm@GV5@?{N4v zQKZX>^H!n7aZ-L*ZMzncuas(pzr;tmGKYAd<82+}D47fD3|`L|KNs`<(TAO^ujg1F z9tCf5jDN5Qe&`7&>w8Q@Nkg{;ycKo$&p27xNtV9>ylZ{FHe=73?5jNQq&~A8i_rXr zxZMZ9BR&WlNd1Czzvy`1qXsyygT9-*YiY~WoDxLvWygE%W{|!I{b0az+cbdOt4?lD z)Ge`P2C^t0|G3O>Utb5%PRIKQ?-kJUPFDbqNCc(6+5({09k1Dwn8Tg`=CK4Y1|~~K z<)U{PeamT))di6n)$bGBz2kV)=cTfQL_cuc!UL$l8z6Y4FRb3s!u-%lzZh>+=v#b- z@s%pX5>hdudq^z_CFw}PcStbrLSgL=X^HOyKZd|J6q^1AqQXX2rS`xQVj)kv^YE>n zJ`85+Hx^)~cT#W0ie8~?ObYaXhUQ>)_5u2Ms*!GbZY%7k6KbHn608?I41j0=GWw;?vz z8e{&li&8;o=M$3WtJWW|pm@z)Zw$)UoBC#?!90udTDo4_&RE$_wS54F(QoM^7cRsz z9Pa*$lCVpMp05LAY-x2&ILe9}AfolT3K}S2nM(xGco`WrwvEj&(A^kjZ zM@Jzy*_Tzz*JI^7Z&*lAM5WWThCUh0)jq(Fqg1)>S@)vmiStGr1$>PUl=7vSxri-U z3vPtPn}?2$FzP$-h-WY_FzrVA<*g9f`;h&D@<~X5jxZHB=q_)gm@LU+f6&vZ#Cqi+ zeGZmx)u~Vt!C&xd`3>Za4e4XBBB0(5J-QUko<6|D{5-L)7Y$|ogUaHYSI|>{oI!LW zhU{L^3L%~rO8!30lzhDkytO{xj?Osr_bv!|J+L~kG{@Hia0@|_2Jv6-=#3Z(cpE~= zjSxd^BvpuE?$(3h{66v8nWDODKb9|`t<+h<_?sU$L)jlxIE_X*j!`qrw-EpIAJG57 z-!K=FnM;jc)YXeyhg1jfCIx&M6SakUshn{KsY>jLt9Las)|=}l?Sz-~bM_g8e=5|R z8>o`*qGWC=-Kw|DO@07{+Pw~lZ3!rqO26ve;U*t$0Kns5zL*Gb=~%sw+~i+Skr@^D zGXQ=_1f|lmdWYQPldvg}8~PD*w)mTLi+@a|YsE9Ug9xzr{nC-26Mg-P^t8;UV~8b0W59mR)M}Y#-n@n8i$gPbRl;Q z=r{R1<6l$hU%d{YvN5_k2y4>y37Om-{YAbh=)JPf8|f8gj-PQ4||%KC5yi+n1X-pN`IX3cL7X0Z=YH|onM`BK`}E8&~phOj;o%nBdidj%=> z%XLO)+lJBU3VJb+r}=2xXiAZ<*2%r_P3k4!T~miICH`TZyd6dHPVgR10;b|xNIvDyOc>e_aSWm+9oaENcLn`+GX2S3no0y)2m+K@yj0I3T zf!xPunZlkcg+1R%J_qI+3*JPZZ+a45fs=eYc1&9U^5Pgvih7Zg+zc(?T97aCS=K00 z(z`jy&!DN<0^Xg8eCbJe1Dxc1@R{frz<)CllP5iiJ&m4*L!j&Y9&8imbm>TZDm5WP z`VpUHk?UnhH{x^CZ^)2d#20ciC__3CUrL3TnNfviE%cS#%*~K4#Me@s=c^F2dBGug zOD}Yhl)E2Mpjf-?q%ROirj63zWT$EpYEMGUAA z#CG^QXEU}JOZ6br>!@{8Ht7Sw9OeU1JywGm+MLz`t%?2_LFk!ap6CNiEK>)*m+?U| z;&!{_Q(G0H&Iaw-J-IQIwFBKA_U#*DBo)`mPoIO*XPy4M^D#u!JvfW8~e& zM&=sq4P`>R)yJs3PuZqkmGK)oEmZsrIjjPfb7e;UK*RZ%9C0=@eYRiP;W==PbzD`5X`FBcu$RQYIz>t5c52~brbgZhE`avJ-PP0 z%R%wH%ibcLubFrrJB?wH3d^-;>0CoE>~W<+&*Q3kcvTkHVS9ZLl(5I6=lw3%=MN>t zT)!yS@8IZpTsbZ5aeX>`$}yZrUgP5qxo(AH*yGXj&Kt(-#zNt>=UpZA>x9DVu-9h< z-`OJt@15d0>w=@_ak?n% zUHv7mIm{1xO}p@#6MJA0+GrA?!`*!{aw7&n3bP%MlR*B{U4c z5^uCXdW$@lKnrmWChTpWL4`c7)sxZajT#wQ@;r<+4gP-ASot*IS^zaal97XIRgIp- zsH3t-xr;0wphG^!8%Ueb?=66(dg}%}Q{4I6kGu(8_&s44@G0Mt zd|sI9oWAozS53Mii*L`QcW;C1D%EhWu4Fv;1UFa z?-jzmxCB{nR}uHJ=(vuT?+AiavOjnJ71 zdnbYHd3)eKLnT63cO1!S^Le~%0gq&cy(dH$CDG{Mi0}PRg%G<$Vef2QhP^gb42WcW z|BoXK0ZOP^Ad5~Xa~6*9Q>)1wU(M?u<;ZK#`<&6ZL*U0RC*iVF2>A@xVXp#^60bcp zdU6cy7N8+?SVQs|IEH=z*^_C#5a(_@@3}KU<>u&cnE-^n$IqfBlEWSa!}j`V(BZz% zrVy_~+#9?^F7d%1$RX~b9rg}Oz~8PVljN|+fWr3rN6^C_x1bJtN37#<6po%pdWc&; zm&hfIb}p~i0O-jvv`w@d!dXnpLqhl+m!9_|Q^76i(XWv>a}vn&xL0e4yU&)$Wmt}$ z$IfktyV{1m56|QA8#$8fd0ccY#Kqmh-XNfWU1%J@4j=a5-3b zqk5*G%aI#7mU!H>(34|`yEBI6GAuHv7aJhCQ6%Rt z#pSKIED>Ibbm{x^16{7nC0|e!K@r!#3X$S@T-pooIZ@|VNJiLW1q*xp7$WR($GEWf z0*+{xFpY*s2?TOd(UT*l>8XShjF^2Uj}y3?#GP_@HXY2NIDe$QYaFe*3Yw6x$H`yM z<6K0DGj1hv8TL3ehea503~}NCy}pAaa7+^7P%G?lIEJE00!NA{{J5NbZv$+d(^TPV zCEks`09ShUfTKWb2HJXE__(7wZ&Ydxek(uLKjK}z{SAH_E|_uNg%sta_B&$QZso5R%?>bsaw%ty|LU7XW#$XtpVItwYv{A?9= zjY6KO;z^+2kJ04yIRE-{5=eN}UXDm#?aiP@M80Oe!5&0^;3ZIJTI>}8_RV-~H?Bc< z0FaeC%M&m!!1QqUC= zPR-0d>=ZaPm8#n=)Tt){e(p45qK1Kr*L)QtQN$%VT%R{7q}6f97;G##oj^@Y4smhG zS$s&s`#+OYdM7;87;FBVARbeo339Vl-i= z{BXa7_r?6w3g$i)*IjMCRpL?7wU^?}7aKySAcP4B!DxC!H;-vrge5L?88?K4CUukM zf`81uQvolimz=erN^cbbAC@%`abMcb5tc6W>T$OH$J_kxk)>rV>&Mc?si+Q|{o{H;EaX#uG$StAbVyn0` zP+SJ8#NTLw-MAj*SWuT(Y%Idle5_xr^SSkC%2Jd4@P+czwYLF>)hgpQ8@(756Kiok z+2sw5eJWREm$$I-jN--4f8YpT0`}*Vjn0OFPQK+X@$?;Gw~7n#(g&!!EVgxkbyF<% z2;ZA<`_nBJ*CD`-1g=iSTjy6iRuWXabNq@oQ{_*Bl2KO4v_Q$7P!cT785D_Nm(8pX z_Q^)6g(kuCvrfjwn%FqC)E1De>UMHJkgJQcF&M+$RQE7u{+6iyPQfQ}U1k?^z|wCS zUYF}Kdl;{^Y-l=$+o%3UeB!RCV?G7FB-QHSILOx{*H#a&tsZWhI*|Cp-B9znL+TUt zs`y1f{;xezSA*BG!y1^#IDwW){Q`%pXf9qT}ih!}L_r=zBHINMa~t^wwCV30htTW@PjO3~w6 z@BFqdyZBO;h?(G{^?6$lFs)Ce%I6Nlj@8vZ(A6kC&LtV8Kk9-6r9bM{fnWM)HeULL z$R}r+NVN^<1NVWK22?GmXIX5lf5MGy#fOny z--m70&T=RJ5%2@C*H`OnwjtE&aZ@jVoTk(-GsS#O{3j`Rr)D~dT9LpQV|t8>GO z0p@m4$Bp<5vEi5kX0}`NV0C#XEOygyobPn;CK$}HYrY8z!!-Hn+FCy-$_1Nu#$1_% zxy@~5%FxIx33Qv=&)g5nl2C7P^Za0qZ@b0qNZ;nxY_HCdc--se8;MF)$~}r7w-Jez zs@EBj;pj*cm(>?<*kMcJrbYzl>A>G~eLR%3SGhd2BQ^;c2u_ch)f>~&S4u=Bai@e*6>VzvBq2n6oG<2QKkHG5XB zAJbB9dwi^wi6!sOco`J8rPv0!(bH07=BqK>2l;(J#xcLWzFEv~ukXQYHHK?Gb9ZBj zF&A9*V=QcpETJm@XBsmNFQ-!#Ta(*8iGV1BO zI$odI8~MC{)7LhskUQ*BUq1I!{_%h*g|S}7SMi$aY?k~ERmQa}XcPiZf7UvsegWS( zjDvXk8U&<@sqeDpA=NTlt7mLzvHnjfs1XrkjP68?R;@G+G1gBw3z+|7>(;DcIVg2U z<@YzWety=XPtoQ~$nOz&f!yPi+6*Nho@!M0l?ulp@Z+FLfwleFG+Qj^t@e5F|$ET_D#6jjElbYlMQNe6pi0dq(;)PT;waW z(o3MHrPIiaucNBqhK_jnOXeXQ(7)=U=-wrNJMO|v2ggeddg*4Q;${_ZI(~&4Rs1+4 z&JN=>M=V|N#|mTmL4o-OfEwtFNDwviBOgmVW=6h~GsXbdu2AY2Kwq;8V#VSFP$ljs zA~dGGU>D-L9#rQJUpE^R1k&~2B0Wjxk!>P9Nw;JQR57(4+^^MVIG`y%j&pR4u)zfN1CtH5Hwk@dfrAOs=n2(wDQ;eA=1h|R7p=7N@ zy>g1qJf2k-dbt(QYH-vEruxQ4M%<4(=mtvwX4-+X9~foDMn-rXh>};z9mvl=&V*VP zg!-vynYcu80Yym8!j9w(s2X<0?QGn(Hn-@QS3*S>I~~#^P%#>xMf|UZb6JULDJxCG zxon`hjhcpYc@yKnN0yJCgf|Dy$>El-PR(MKe=$OOX}U==Od&sA`;;FN#r{{j`MBG{ zXstBu=HqT3b00PB<__03&m&Ef`muTkaVrJ&1Nyph3#N73As6hEZ7xs`YzQH!T*}ovh zmw|JXb*8bw_XG7~EQ4>^atkpwF|Sl})}uTAD!>{ak0kf{UdxjksrP)~(r@Pzn0eXR zT$=F(b9vp3*ZPZQO5Ln?U+<`b-RbzI04>%~__9VeBK?D08%n+Y4&~CH%3ff*$MdCF zWG@(Ca%iTS^C%)S6#^Igkzos4FEY|X+sN?xUm{b$t($A1#kma!(eS{tK+0y#BdNaU zt6DvZ^Yi$Z5m|N<4l29#nfUw>TR59M`e@hoe{9>aswcp>z z{VIj~j;7_uQ0*=F)crH-hPw@Vj8ARn7T$vf-n6+B(A1Q6zZx#aN)!hne;Y{j(?t}A zgoNhw(_PFxV*UWUeF_#XJk83-ynQ23CFXX*NM-Lk0pmYVADv-hhq_}^xjYd&(!_LK z*iJ4DGU2WZcj8k*4lh7BQ90*?bC_)Q^HsMy;T4Uqd@znMD3VxnglgFKux#U zBLeJ)b+8BsJ)HCWX|9>7bR_Ki%dsW}u`s+QzI_|IjTuYYx0E07@2Q9F9$=ff1wOW* z>pgg94jiWf2Ps^97NB|(y=khW7UR6j>dFe@yAsrhh#|bN_Y($=r4x~#k6UD{_jNar z;&?xR$^1SP#Z5_gg_5U2^7eX?`+Ui(Rcx$Eb(Ac45?!)Cc$3}K#+#iJQz^1_t53mJ zJ*i^!Opt-O*ai@*6vIG`hz?W=7dNaF1#2&Xf8fpeI7qjNy+7&NumdS3y4Vk@0lGH# znH%)S(6xC4H>#ML8)D(0$8jER!yOSAZ}-0{j!2-0$s(}XwK-kRl`t04mh#pXtU5 zvE0lBH6l7-!`DUeOx5jpl&`Mfd~NZusxuB$u~EX5#^O+(8K1(*%*6Wui-0PhX2QBI zu=wk~ES-#7bDnh!#a^cYLReD`@zQJ>re+n~}dg(N$TeFdf z6Yy!87b$|n66cb?d@8Ec4ATpXoBzV{6G6ul`Gy_|=D!jidBn|s}~epfCm?}_9$yC1LS+rWpKuo3vD z4BVgg2zEJ=;U%_c8pybDuAjrpjE~*k=02*j%LhY6bFJR8ec=6p#zCM;ZjSzg#uHb) zNTs}&T$s_vSQCa?MnW0;D{jrU>YRai@Rag#a!wN<@F+oLbLY-ep=j4n#^m%N{OQ`w zpav$FsXgM%R-F>8>6MN|!H#=?I!GR%nzrJ>YCcPU=OR=P=Njay4I)-SK9C?V5Fp;K zAPkokB)<)0?zYdudYD)tTIDTlCbCx_bn${}mL>C8U397G^v^f_@h*CZxu0qJ<6X5s zOV!6@9>$`Zp|29koy9mvedH4cc-I9gqeZCIQ(&u}487;lFZAJhLad_{?QrAFfd9x zXr2~vERuGxj|`0dY=UsdB)7x5KM)*3FOusxL#Cr%sr(bJ!LuzJznDuso*^U-k*bS~ zYqLY7YCDL<5UDxzp8D>@?Ucf=p^8T}!ccB+g zzo_LNT&s~(e8S&ay@&JX_?J=7JP_M_*)d$rMOq0Q4+g^PeH1@s>~;K`o21}~w2 z+TUW!pqxKlJKD$ojP?qJsv{?WvqtA}0K=kC;{AOIJk`Z8R{MG-avg-l#~hDjrWVB#^O2ABM{fo1u2JecP#s-t4M!FX zw?t)KR`ff#s+dyC@H&2LKpwO@V_v2Qs1Z?tLjN;WA*I>7F_f4H&RN4uD<6d-{&eju zP{p7f#VVDmpf846i$QhH!9g;QBe5Zzw|A!NvWIY^dQ$9HEW>;Y&NHpjSj~GF)QIRn zBv#@^A~ARg);qw>`k^Kg??@CF2@lhR5((4Q@W&v3rZn=$Ag15&cZ&2I_@+*`Ss0U) zKuKf*n3kw8OW7z+V9}J#OjN=mOY?GM4ny#2QXay9u(&{97NfN zGE^bz^1+xGX$ynb)6ojlh=@@~FFdB|0*ccQ2hs5`brciz{=Hfqi}N6>qbM-j@t{UT zj5?fZeC`8^a~lpaLf{BRMhG0_h}Mr#6l5^M5dzt`F(U**R53NuJAH!l4}(oM9TkLk z=wB5_B+#15$Of>{;zh2L^GLk;g|R`4c3SN{(rChbv;1`JGEjrDL0mby%69mV@tTArj|m{FG*;7EgBlSXsA+qti`9L>5PUiT&W7)e%lX+cvCy?&gDPD+vg5jTEzyQ^ z{F9aQhodrY(=CtaN5Y2ctr~Yd)&kwf)W!3vm2@gI@6mbeRMJK{>rQZ0=6yPg-4=FC za}K-=HTN3=%$)PV2e^O0NTB-WygCR15BmIQ&h~96QxEwHwpFYAtEVCjHvUHhMl3It zLbya8HAq65fMOD2+FraemeBUrePxWP;H0<8z8+Ru3h8@Gjg^oa^3%0Xf+{T~`;d~q zv=8Df&3DSDNiEpnM!HOYZf{ZnflRpR(Ctm?ZU`_9AETyxo|JBTbSnQYv^Vo@kQG6Y zhb3X?84m?%*j>LliW(3eI-~E0?E58{f?C)c&rq#2x)k!$wbMHIeaqK$6Tk1s2f8V* z=?>=JjAn4(-`tzgOv+B((DW?_sqE5Y@zE>4{v)CE<| zc#po_Rmh|Jf!c0mO9I)aeOZoL#2q&Tb}y*wEw(to{#Xxt7y6%>9pOLrnK;c2u-uI{ zE^jKcxRpZ6-^oQby}cY;dd650xNeM=4kt%U=3)LQ?C~|}eD0Eaht)qQ(7ze_W&D<~ z6RsJ*o#75*@WJ@4%I#zBF~E8VHRlO1CtHoN;pnS=jEyDW(^dhy57d9YGpRc|2>no9 zY(cYWh;SzanvH|;>c|Y$lgNrM9Mv7I7pnQ zf)#i;Zb+|sQtTdVPyY+fciTa4%)=#@A#l+F5BCgpp}1v_Ls4x5PSo}#`UH_U3e-A9 zb%{!urkni-_Jgb`y3=$!Q*_bcX>}VGz=V{u3L%Uf{Ey)+ za%`A!W$^#Vo>9ahd%P6_2?r< zuEk^PGSlwH(6<0Bfpa#=?<4zfKFnDIOY8vRGyLn1AOcHp*brEPH>!Yj{3l2`xm|3A zEJpzS-b1%7tv2sXaK%PxwH?e*f+2j>8Y3aVyW?L*;j%w?NXD%y_~$yz|KiG-goEVp z1JB0i@JLF1H`Gzb;k*$4GNM(%(~vt2SI$}-0y#C3kgHx(>I$5%#lMUoRe(W(x&>Fx z%Qy%;7VnL5@!nXn3h7ZJDY_V;eu(ov{L3g@b~g`?;{fB2g7L?6gYmPwT2p_4h$HpO zRb)-I_5?N15D}&D z7yGCj{sP}=KxgS>SaN$OQ;cJc&Ps^FE1=)M9y<@>28|T%F_XDocQN9RZJCO_=(owe~E7-`8z_6%=3<*Mnsnr0(AWj+KSM+n# z$v8h}l@$fbP6IU}@>I46_3}JWoJ(<#OgaQ*s+g#6F_^m#=k-=czd*<1phiRtI3zXx|2Eo}WigB^{q{&~3aEO4`~Y**Zwk zqka_FtCxYodYNk)N*p-N%~2f$3;wOmkaY1rc;KRkv#qPF_zm@m98B zAln*LDS!UJ0-pfhgl^55=+-Q@=s^K`CD78XVG3kgdMJ3NTXTUsh{}R)&4q3sbC225 zH)Pn;EWrApZpYSr-%lM&hPq7w85YHDL6 zy8#OM)3s|8WjTSpNM#Pmvz_=}|Fsgx1NoI_{|BR!Q4P$Td1X1@Tg@!DJ$U%B(yizj zms_DMBZFYJA(&u-_DlUCKn*OYX8_99N8-69kk8p9whLJM5~GQ()-V0h;`PSI5gkK< zigl{FrYY9IEXTi58{*&z6eX>Z^n6{RTgu)w}KiGc`Ew=k$(^rXD1GU#~AX#HbrU}0N$8C2ytD*2`c zymo39;uQ_Z>~C$V%jiI6MZ8S%Zz~#AHrD&4eUsPAyr($Ryz}{OUL)h> zF-G_=yx&?Vakk+Qqy;{1nM%uWS`ud*UWU_S&$CPzgKVy~dI;wi@h_uz*+o2DgM%u# z9_HDNE9X-j0+nhc!B3-!Jb?4>_?Ho+3XboK2=@oPF%AM}5s1qgVsFPBS%2_b+pHNG zSYQ~a5s_zGm{p7QHd`1g`NLzpF%C>%+5cswkMiWzWwd?9N+0KSHdcd`I-pZ^E0j2o z;UID3ynif?BN@UARp?RT{1*OYM5}^VkOzBlDkW(WGDO`ee7;$!w0GuFn=aCuN zxOLj%5LnI>thP=oMn{b#{{H#!$T$zhzl;)P1vsdJnlR>;aOKRyAy5z(PYPUh6jp%6 zc{ToJM5~n#L2=rZnHS;4*@T0LvX37pO8D=Xti2282kz_x2^gWTRzO=)P@{4b3%BNz z)j6X7dS5?w@5<-uh7&(E`pG`ck}ROR$tgxFSx8gn%RzO#@sh=emkIcq;5 z0dF-dQr=miRIcpd*6gb4b-Rtn`!*5n7AWuRkSx6cYgYAo+49k{$giCwX>BO~Z4?Z* z=G`h#3(ke7c?QvUcH9X_%{Z^OH8bW|-9f0mB2UNK15wWg#c6^= zpiC7Lm4oJB0L~}W(=h_nh=@_gmJ^kl1d1~Q2hqV{hAJlNk?--O2D(5vU zb>~g+3A?J=&094`c@smjMuA&%Q&qdUi3P8t&YnB9oK;xp%_Q>E4e%_7SFwd_YdMAYDzSe z_9Rd@52+7uUSb>d7J-`2L5+wQ3+LTXa{v^TG$c+(oDB#s$_c5q;O~38t_`|?8lgOG z(39BrdWF85Cp7x5;YtXZ`ngp9j%U-H!T1)LNSJy&oxH(y=9C6 zFCaf%I~m3?Mk56ni7c89z&Wbk;{uBhw9|lXHO5Ne&4}9&*G#4F0V@z|g zhW;JWHv)Iw>qh#AK>G84mu?&y>PzR`{VmpuD+)C-?h&sj-HIn9Uh`1VBdEV@?o>9H zVReV$g|=Nr|0anWW7i7QAa*En6E1vMscs;qxHFreTfkp`emg~)tT56Ei%;V^n`^%w zjf;n^&Q1mlopV8r(+TTv4cW6nooKQ10_>(bSYz4r&|s#9^8wjhpmqmP|LinzpA^Wx zQb!iA5&VG1{h)5KSoFT-hbQ906XRsUIpp>a!r^kdB|v@ostM<@AP@E@%8oR$AGy+> z;KR6q3()?5Y!;1mYUbwr!tTW$vxKWtbM&e%uNjr6*y!8_g*jYd-}}@oo&>}98g4;T zEhuLcRtE9*x;cIsQ@!r9kgt76H>~XFedo%4^-j(7Ui&NnvpDiIf$VcLxeyesiFS_b z3TKVL3K=h&NL2@3ekZ6wzDY@yVt$9)KPYRG(mUOBF6HRfY^j#wvIlZ0ZoVxpJqC@! z47-@%9#^)*bZf4uK6VYLw*r`RJk}-j9&qg&jMrA1I6i2Ww{>f3t9xvx0!jVDZX**k zdSt5Cg|C7mQn!KW5N)XL@d>Ey7A(hNmTq(NTzG#~j|fxEZ56z0+@_{3uc zxYjoVo)t3-xfb;sh|vj8n&gCnqIx(!IdDwI*UWXhm_jtu^o{4b!%q5x1p-41u6vy^ z3JOlfK^!Ih)DUUk$GZiLNOv~FN4W)D^mvFg!4nK)h%~kw) zxj^XAZUb2Ww3u=1ghf6tM}XJtFe%s>q+mCw5k?5Hi!_pRG}21W6_GMI4~q21nLXpk zD7n~P9hoegk&!ua_S878!0$D3lm7srw+&^MEjSn_l-q2dEq0i1a=nq;*V;*q;|l*? znw#7g$o-F*SR&%`)3sCLp+>Et)I|X`&ff}cGz8c337`%N>@_cX(JZ$1IJ;1N4gE!XR z=N#cX-*MdF!Ta1v-Uj5oR(?Pre_tJWHI5rbcpo{*?}9Vi;xW9GpRWC-4&FL!r&kaj zH>L2N#45@a=*K;1;(J$+H=lwUmp<$8pLBYf(qSF`Q;w{I960=^&AuLV_`g||zQeDD zLgVM2HQT7u;io@j!cBDe&pB}p|8xua#3n6A9R5xxaQL@az}Y@PT9sW+oWmc-4LZEb zo#fCM%oW^g!u&cI3p@jAkk**fzud775am#u{uNH5(|-$cDQ?sjqaL4(fcIJ*LOs9Q z?13y!zd0P;MgWb|zs{-S^shG?SBcY)(o>4l-{izQ{qr9%F+MsWg%3FOoIWEYWq2^w zK*#mC&P?|dC;2bjZ2zy(l81>3{&el_V-wQtJN_w7S5t%G_?sh5lL0f1{{*Lw<3G_S zSjWH6PdFWal=cwEztV|0{xzVAG;<;bsYbhzA233AIBYAywOhbPQ>b! z+f9-_Hz`7r{)$f$oPVRmr=X1)?R4Tq2RXs=mJ2=wBD4YU=HGc|WLuwai$Z>(svu@+VtO1o{Tx1M%R%w7D_o zm(4Zsv&UonV`Z-hWV?eJ1cb=<*gqV_ID9n9W~!5F=7bkRn5*nh0QT3LOz0B=4NDR= z*o@Uq7vJ?}a~1zffEvEV$le)bP32Jup}1M>O{BumD#d}Znws&^xbYQ z6dJetjh2OC>2|kTP@>!YR>!&BhBjI6+hiHHdr${%caQ~~;{(L){;cENZZ>x_I293C zy~(8W#lYqEnh=-Hn9F@wOD|2DesQ^v=tP%00&*$t5?hLTM430@a(C!hKYIhI02-J3 zw65cFpV4-91^w(N2o;z6oQ`+7c{iFEADfW64|F}3%Lqvk?yo{jRQ72|^NF}P?rNi< zVc4k9wM`}_q}g}3)w+YJc5t^FhGAWQ2pf01LDzA&H9o<*+e`gK)7?G+S>tZ6*D-gy zA5?L-TXf9bHfO4(pS@Mrakn@7X0ZKiZg0^S5x?~+lblDaL3HiW@yQ8X>vG-66jk)A zxw*zXpwwa<#H-TPsbWe#(-rT3;N0Hom0mq`>)LBUjZh2~R~1~@8?$%3xd#W)!ABIT zn5gDYyXqaBCuW(r6$NqI18PLXsN*Me!@dW_`3(or!N*yun5Ye1T~#m%Gg|d@v;s9E zV$hMz-3JDP^3tUytQqEn_?Aw#*?K+_$GKVK$ouH_LAE|I6kl{h*ko(DpNp6mmf_QA zpJ21KA}(83{c^bp>3W;EFQLbDM<$ud=+^vP)vM?VgYr9^rpiw?wb8BFUxiP3)iA$+ z92-|aI)f?&WTtLq24cTg^_VHp?(liDwTypQMHzvWMEUrBLAZ8*j ziu4B28H|IdxrS)ZHtiiUkx*}3j0nkKNb7Wcs~{7Bi5KsTV1}H^J@p~)c2;<6Qvygn#E_9Xq;E~ zn28cU5tHA)$tD*lJ*#_c0IA*LWf(_er6&KW5Mr9o-7)4~VB&*075VAfVNY!DOY zoPxQGk0gR@6koUe{sA8oT3KAB)~T7;>toCH^I_sFOmEp|xicw|&z(G4oMVzPB(Uxy zNQSZQH64w0_FHRivDUoGT61e)%^rMVo7TI%Ej_QlOkz z?I^PxD?6EwaWAayC=(qk$C#3HUUm5#yb0!=?(Kb^C1ZQ_#D(*aajT{O!r8O(d5w^( zRUUP_HMg3Kd;&LU zvH#NM+|UGhsq(qK$@vyKK7clv=0g`1afcIua=(+?&oo*;3ZUHC#Auyc!VO1g36s)! zjkpgAQ(At-xfoa+m%`U_IXxo1;A#h#$jb6-@2UICQZWZqC!-h&wX0Ht~O!fX}Jw^ zI$+IZ4zRqNsfU%#B}2=PWQN0Hrq+!XPe2Ei&#hfcPbb%uP+(66*0tD3fc=~h$i0R0k zwUa7JnMH_fb9%9)ir(gyZ+P;ml-td`S!GOdT_9gcdAiM{fgM={Am5QWo;0u@Rdc4f zlpE4)x00;_$+N(2K4-p4D(m3CVp70u#x_vwMjWI~U{@)wO`uSx(_Hl&&KG8w$oRfU z*X{&0BJwbKF|o7uIqCq;?Jagz5d5F<*aB|glyWQrZi++DF2)5+c&mS0H4yx_zN#DW zNKhjp&wz=Y*CeD)1ocvjJu(P*c|11%0%YJki|G(xHUX2hr4T#Zg+tk&{Vrxz`CEY< zV6i0u_LTtptefX!J&zl`gviT&3s=A5;@vMzw2uo!yUnnDi#NcA^Upd4UdX-P$$btY zD8*TMNCocOnEPnXf3SC&yUB@|`-Lj|9{`VnmQ7Z7uRwS8zv{jy&~0>G64Mp-9)Pm2 zmyKiolSt|!tFud>^I7Obxt^um#88UA(uZ=<+TD|}znP;_Efy5{>Ds}-_Tf6^$OC(xslL`{mSd0N z|F+oqv{}UbXKXOYUo53(QqFuI!n|7o^pQr*Of_ar3w+!Rz>otsYt>?b&Wk|Lkl)Nr zr&QeFO|V7e^rH$jrU?XIgn+y))?$<{A_iq>{2ZKgk{X2wJ3Mu73_saP4{Ypa_D$=T z)F*9G=BV7RY5g0|&DFqQI|o9O%9IN_-UdsA#(?1n7Re>T1JvV1il?A4txsA$Zc>v( zLHEW^K3-?yjR|d3E(z&bRyd=P;XsNiGP~CSVi3l7Fw&7udPMHr+-#i_9+ZFO;Kqz? zHrQUg;+!PaMMB8Uh*R7<4R6UNCS+7@f6>q|J_22VYh($q3}ciRe@lKoqmdAa#(`#} zVo_$yL`>sYNtq6S}a%eF9CQzWrfBHuSvYh+G>vD*YVF_tlCvCR_6QRa2YV4K%%gV+Ji z*tIK@veur(lE_jiKwz=}b%@#dKPIy~+ENr~?&Q=-ZrQnKX^^P9v&79tH?fF!38F2U zOtiZuTFM65t&_49#oD?*3L?INt6zHv`Ez{V8r)maKO&D=XtkBLX0 zrZ5I&`=)7@GJIMQU+!(Z`jf`WTPJ6aFw!ii1Jd-QJiO!PAUp;Q1;*L(BiVyJ+Wj17Y{tizEi~j- zxkLcdx{1nJ;pW&%Ix%3`5<+GWHokz2FF&TH;sHuxxgZ(ujo55}p1HZkHB<)TlBfjL zQw(oWX7|QMEt4@->rrCeX~Jdkx6v}$F}(#!R~amPOnjc3z>Z~sp^_Ovp_fou{qgN$ zVpL)Vm=&Lv-f1jXv*QbhQghBjtu*Be<9Y_nQ09eDQwOB64T<@y<4jw^0(U$df|}n+ z#W`E-oM&B-UV$>aG@Lj*wEgI6gxXJpK|R zN88hR;yr#8kp9`3k z>&vDX*+);hD$x${t^H~BW3*n|l6`uj7)|RJ`qhD$Eg=bZKO^8uGUElSjDyBDLAly* zrxuC7UZedK825Lk?vAYIhU9qxlEvn1ov59W5+mZ(dEEy^Dpr`*1uEH;(`(R8odYeg zMiT2!XesV-Ed`7FdG&%}HlMHK@)=1t*}C3nsMDQN>H?!9&`d*^0(haOV`VA7h;g*l z)Fk}k1Z}4BU1DPstLzvY`l&-aAc=l-4NN9wHv=n4_}8Fc25I)3XuivR8$s%PEj^$s zpvVM$rKV3d_257C4B%(}Rk{x%@7L$65s+_mMz(1xjeL!dk>Y%99YgpXidr9KB7;p& zw3J&2vD{u?Cknf?`&(Nx*6YF@2C*lv$D1EUu$}XC3aS+={d@`91>E6fwSyO+24v z=`M@#OJ(3W?gnE-?x>)%Zhh1}8a~br5wIzvHXR&lx=#ubyZH-cyl}rLFb>c(P7lDo zeoFv#_@V~Aqc)kj=#VtYoRpWXBk1cq#KJ9=iAo<%Fxo(AC7Yr@^@uIyN&h!!(Xh!B`*+tsSeW^ zFJQkMV@sS^OdwKB+?8&Sy-|BxA754u@-S} zES}cX%shM^A47u9a6eCsp{0J2;B~sfpAh?HofstgnXl?_86u^={uesF7fXnV(f_SQ z8V}}ockxm)=zc?Fbnc6z_@4QDpJodV!~UTT4QpaZ@i9{#`;qI?j$%IiC;u9b;{g4a z?Z{HgLBDi}X1rSikB0RGeX5ih%r}DCMeOt&I2>>NE)+AkJ0vvrWd9HkN1qpTHSuf` z5tXqSf(XbA`!7M8oDCTGh7I`m0f%8(|NBoJ<|sRjVcGw`W{KjbdSY`${!CDqqba&` zCd@N4N-06ikVIAmlVzAEG7~oS=ZO3XCQMlSb3mE?ybLr|vhe@zGZvnNHis32u^hVhsMirL23-y#^FplmVGEdv5H zkkBeNo6Ub>>Ic&Cb6&+kSW+uYCYLY=O<^@NJ#FncF35#;F^k*c*gjAMkSQ-F zLrVjO1RXz|!JJXNDg7eQ(Vv0pWHK$GR+Pn;B$+pg&qEuTF8-`c*Z6W^8ia1~vsT@0 zN+n^K5ekOVHm>xxJtda5^!km0Nn5WV0g`BAJ@ohJHjpWt(CHh@n?NPAsh>Y>*FWCM znEH<|52ldwH~f;ZWplsP&! zZ}@-C3MIyqRds6o%)+$9@=G%-HJw9kQ#}`DGE0w%HFQ{H*q<$#5u-Adm=Q8FIkV!! z?Stu)`2kmoPpt4P z@Mj#%OpzV8n(RIiNmUC2Nm~WjbvntPGsJWdXCW{Z6mwukc!_DuPv(g>Tgvhm8^YMR z9>1fGO_AcJ4iFM8cuIU`;5+d6Nt;s>=Q38tTPNP%uBtnca+#9$^w!$}skL@OYVD*6VC(GwXl=jy_51(UUVEMM zo+*GGzCQn3o`;-s-nHJn*WP>Wwbx#I?X_Y%CZaySODo`E;)%w4>)WHcg&ly1&c6#y z^&4Dz1l2b^gfF;9dSlg2+fTcrg_|*A?uZnBM_h4SScEO^j4I%UEPj(sKEf2DKXAQw z1sY%jVbk+_7$&O~-au}qh^gkiar?0ma21b?3UHNY-yc(_)cAoI#aYzad!YKMxn_@k zH)b53STZU08Z|GXo3Jg1bH!g&*!Ws5;qo&-+oI zC5EjxT%4}gx*z=)ACB3^ek{gX^YOSr;*L&b!Qn1u`%R?#%&_vvsmy;MTACfWm~nm3 zf^~ZF7=9v|dFLS>v`AB|dFNjf3TI-GOcIk^CikcGH8ZaEwNFO}*32e;=`-3@22qxs zhxKKH6}9g~tT+ZY`usowIWi#-d_+sP^_68rtvd0$A-3meOQjKP!AW9<`7Bt7Ig0!2 z@yO=n-veNFHp+}(7@K5pBODlCP!bH$BSw7DyutPt-qr~26G?0_{V}$fftW6d+F}mb zKF4`}v=a<7L|GxZ#YGt<-s+<2Ae&tx0t~eCk&uxYY<`IVB2`(?lgi@&Ai9JMc#N9B zHkdeb&ezdT(Ovt95#NaEGMzr(j9MK)j_mgn4J~52i8ryt2)v`d>CGb)Z&P7pUc;XD zSx3HYts~Dw%$VOXc9Lg}o#eaG4gqNqLI1rd#b&wsKL3ufldvTvGgIuTrjMDPAF6=_ zPmD#?Z%>KtBjA={Y$rd8R&GYaF9n`YSPrD$ew<(@c_GFs!fMY?VxF)iCC26g;+WW< z+1jJJ$nX}GSk8&Hbile2v;By*sB&#D#Y_V^EE|k_D_SOURRLz^wCPHj)og9ic`l2~ zN$}fcMh7`%IFE%oA55_|C2Gm|rGCfchUEktJ8QIWVG+}b?-A4cU#2`=2-t4Ilb&}W zzlltL#``U3QVmiyZL7fk&bNZ$5nEAWdr4@p*k|H^e~yX5I|F-FF{a{rc)HLyH2c_7Aaf=5d- z`$Tl}&QeS?1DGiMkC_vg$V7J*yH7D3#I=u%ylAGIz6jezoXI2JZXv|VMlx!%Fr6eK zhwCqkw{Ae!i7J1L5p`ejF*R%#{*8OI(<}VjEGEA)7E`;UN-Qujo-5k4>Iey_kx7U% zUg(m+Aeb-w+kb2QiMp`pUVD;X0b{x*`#C`L02nH?OD%g(6}^)yN_1vX69WtqyxkWE z7Q0_jD*?YL?km1UDcV~zBKv!cE#uDgbC@N9O%(QRX5HChR)A5$-*Ah2k#5iDMr{J~ z)ZjGVZ}?bXxf~U9sg1g4hZVvL^R|fEM?Gx_GWwAvjb5c>8#PY~6ScWr(2reY*i^2mV z`wtbEme=5x;-A>Q&CHu)S&WC>7#{rS{4mmIS4DRP%%WFYo;5?n52D^FW(fFQRjaOz zr$PbOnHhj>N}InwMvO@Ajv_*p54y!6#cJX##<)9f01+b)jN5NX@wuUJM?|)XF)b5s zlo*(Z#WjAqrIMSXHU!usbY}%WlvuuuDPN2c5o#I6Dpf~}3SsA1XVfyYUgkIaR3aPz zB-!rW>>oW2favqkh_gZPB#G>A#YZKksX7*$BW*C_7iSXL5^HdP%e&YzZc##HLkK?= zJ^B()j4uDcMt3RU*vg`63J)Y4R{S~%Kicj$JMD;?j^LbPc^_S)M#Y`cEy-=M_KCMg zbZel)dZEPojSuItVOVJwwZy$E*0|y`UZ4_LV@HhG71c$2-OFrXEf~gtr3(=JQq)xt z*gS&lkP>-@a^;zEO0lCU18}EN3i-Pn+ruFxjy3%U?=h|^mM%Y>yZ$|@W*SO#2w5q< zTa`e#PrO&ZV=}WPBPx$%jeoyypJB}i@J%tK>9!j;)=-r+V~=i~P^tK$_&Gw{LiQ?- z8B6v{@z24i^tn$U5vKRA&>zw=P>(S~d^oyI!6Vrqd?dy+alg2X;5hH2zCHdw+xKMq z0*bin{zbda44B>ce=JH4YVcd%;*B1D5!z=hNr?8KYBb(fi_8AVPAuZCVye{9Vs{lk zugfC#iMTF{orMnps+}&fk1ZWZOaPyZJIVZ%5@<+Z&y_^yiqFJs=pV*zD&FHQV&5>O zL^t{3tHKlFpiGFE`53imM2%AZZcOx3QEBY+P(h8Gb0Qnp&-$9flU`PH_Db=yo6N_5 z$Ef=^@1N6m%~G}vR?N`fsvOY z>%c$)(BDgk;-CzRyy~;9*m7gQ@dg$isjv7ZKhFzmO!3V~VX&`icbPFqcVX^78ApqB z)_?lU5nqc=Su^XtZp{l=re<$kr7^aTCEWv zkiAOSUE`TpQve_$HNKNzR(LkXh`B<-M zi5*lnrtm(QceHFsi5eAtrr%*y_&H1h>~v!FXq3j-FB(Gu570}1@Wy5^Vme?0haR86 ztPyeWf+mdI4ABOHjLkVQb^@RChylji38r`BlFNu)kobYX|IW$A-vC>j@jp=C-L$Yv#u&#dNhMR8g+Om1=)~)sS zb6P{)&br$oh4It#eWz>NS}t(4ypupuefzE9Sh8-NJ7@KrS<^Od*xY^Vw9d`lLb|0h z@%?q}H+6SP38<#NbM4ytgc9Z{ujNLb;4mAKtmOy=%mX&Fwq5*VnFJ zvu$;F+ZsUX*5lUIh_3KP{BCcL{#w_5OSk>Gt$oe9_H6*UaPUT_t`2Y6vJpRVgKFc3 zO*}Fv(f}+b#)N@fXjgd6+P6hZ?P?E4e{64G8{Wd@f`FUWbZuA*>}?x1cP4ofUb~jD z)@%jUl(miNB8En;SF0h%ad^T){X7lC0xjwjh$Q2HcJ+dLX;|7 z&xUaOHg3~u##_y0`35BxXhusH^?-O*u23{|Y{3at zuer&VzIF$50Y7fPb#41rra#(~n22b8#|9n?%vxVX{DR?TKp^W!aEs`0Ke&@I75RnCrrUl62@abSm?c zJiz$jJBVw%se8l5Fn}iT+zueEX7e(wBIkr*+2=h980~V=v#s8#ZxsQN-%i9b30_DMj3}EduD;*~J6S9DxUD zBz|nRFd6=7N(q4SMBa?BC4^B&`S!T8s7**9%EW7f`r6Z|VRS#0dKE%|fJ3;s&Hr2mm!5XU zG4Vv%cyo?|1_2t?Potx6GPunT9&O(YfuMBfW@Jt=h2{s)l|$qnrh-n&_6jN2E1(Rw zpv~RVMg{j$10L0OP<9*D0+3rrbLy#~gK8ViBW@Z$=Fd9H;14&a&h5J3S7-C9^>Bm4 z2TJD;)W9F8m_OocNw0HnMJ-QV5P@^JB+$)hzSRwoGeo6L z{WN}%ruI{P3srjS`zdRP#thJ?R?29lKr6L+|3rCA%^6Au<8^pfs1rU29rOmL-l*5kIOx-+z$YW89^M$Ee~t${Qs2N0c!H!HZVkOLN?1 z-ZAqwIv_vfjsbHNc+XHK{ug=AFp_kQn}L3*I|1^Wcv$k516)s~9Yohs&J1u(1Jx{t zm}#Pd0m?f-BYT-)GQs93*Leq;yN~kG%!I#1m>ok5DwZ#9R-1@we#SD}!zKYZoy2?rVKI)I-$7IH zfk992G)(^s3e2W?%MI_M6fitk&~2kE41PD|c2YW~LIIlDM%5iO3Ej}gb2UfI{4l@%2d6n0h0kML+Jn&_n0}2*;2y&TS;l1G#2j! z`h8D|z%w_@xeFDHu2)CKNxWaizZ$uJ(hj+|)h(fn@sd*^S~|+HE{{1?5sg5J3#3NXaYZKqjdg=DVs+UWs^HY zmWqz^t3+PIMB@U{Yn^oNs@@o3f$21+nLJ4MRy$rrX1t(KfWh6HC~YR?R#Bjv8X9<2 zIYFZ_`5^#Q`P8oQ&q?@L8Fsb0#%FuJ>8#sYm5eT(YI%aJj74D`f9WxavtiYeBfaTH$TDR{ML|B zlpL?sj52<5Jx(8$w_^DPVb_DOHYSW;f*4?Bz+FJoSF*Zg3R+25;8|dSEcn;qd(bXw z-0q4McmQ%I6{v)NDwf<%uMd;640=;HisX{;R+aX4Tco#h(c6ubb1$X2H-;~vGPlgM z+AMIFnmW)CJb};=qup!J3Ary(z^%jL;dYvpg4ctPo8$4KZPtdekeeP|L`R44Rtq$V zE`AMbM*UfE#wgYk3JqIi5AhsKJI0Dd&I-!n<#azy-cOZ-Gpy*C;a6%y>w=&~=o)o|)2UsV!7-FZYM(d~P)Kv`FXYdSB-L z%=jRUa#y#Z#Z}x_8-)E@lppwwXSD?+My;RVng4{4^2bFfx zB-Au=C2wx>8;P1I?GvK8^ogYJ!A=E@>LeC{j`WM;Ov$IRRWt>!f_F>3M#_Xhc5ey0 z`Cu_1Lhh98Gu1m&3rt5jp?<MUmhHaA18osV-`c(3ymy12)P?*Iy_=oOXGSx`WW zK|m0KgO^Lz?RlvUIn_l55Gpr_nC?6=@R9AE#20Wn_qK~7Gx#$!MC07s+Nch*!z-o5 z&Z2Dd9*-5j=<19JQ#Pxd<1ngqJSV*Sg$=O&77h5gU|ct5NWJBRao1Ar7b)-pUb_WN zxeTvuq=iRO`RF04>7nu-ng$+#HVhd%9&7^b6Oyrq)!q^;!Yq0B^J0<)fbIK<1!TFm zM`Tt7rX%kGu;{l?k+ZxAtXD`yt1j@P`g(NHF-mVFsJY|!foBQ~E4f~s5r!@{MGfc? z3_nP)!Zt!e0qds>h17tydOd{LlnSGqy4{#l*F{7QjSsowSdw_(0=iX7p-eP>#XC*o zd6Quz3hPt*Sa~-}0JJtn?x5U9C>z4Rk4kKBOvd)c5ar!rv=3)2){?JKL6{fp@sSc*1JC(GWCeF6wk*0X)u37sFs_w%(3khoMLm??LwUQYWIGVibkxUhLv}>! z%kVy=4J~oED8E3qW_m}sBD*EoNQ=3N5Sy701ASB!Z2>PFrbMIoaSIOf@@Nz|2=0AU z0`9|@68_ss3(YkHdqSgCqFdsBm3ZqT^v3s(4AXY#nHg^G9$xf|+_y!@h7fXd;|O2= zWy~@V4z;TgT6`{cbVa?WALfXwDB~-<-*$i5mfwiXZvpY>3KxE}t#z*}Kn4B|V#$!J$Q~@?{ zE-Ipm=6;$qNVEHCE;EGt2LuC6V&eEv)Wk9Q-G2ci1yt7Z=h#S*kMRJHq|(Lhcd6PXQKaV&{N;lb;ry z{d+WZ%#PYVW*ghbtmuPT=E2PCX*QS@qJa%4f&`_Ij#1hQ$~^{wSZNfnN?vbwP6Q}nlWb0Xp#c>-Q$|6ZyfCv6>@1g~94OauW}&UHvlO|7 zZ8Wl~umD&A$~%PsRvD(qWy?mwS;f>=DFLf-g;P_At@;_7T~0af z+xlUA8htL~(=pk|VL@YkZg}gHX}{n4)NZU#cJ^88Q~UW^pW=Gu24j7iDAp&n^+l{t zQClBdpE|_)bX6F}r+PEzjb$a?_>|*b1r`|X?!dtnTcGA)#Cbai^Gb%5#XfnNtCdny@%dIS7kf6E)-Om>z0q zf`tl)k3DpC6WxGsF#k0+(Ixl>vwU+CEycHS2Ja%lo6&?b@D3W?LvtdfENY_5@vNeU zX0x5m4MDSEgMu4sg0X;2h26(NZP5@-9FS=T50nY=ZAzh0DIMpELYl>o_=_>V@s~;Z zgw;+1G6y>hGVk-3$qM2s4bDV&yC;WlFwjlF2^RoHiK_B_pXK{r>-#>*_uY>_-uK*J z=49Vd(-qXK3^w&0ue`(O=>N6@U_AWQ4EI7;Da~8EU zv3+(SI=u=uLH_W}fgp~6xZEIA`!W0pi202z1{+s{Fg)`aB0rbkZKj|3Id4JuIrn=I z_-vx(=R7j}Tz=zp*FNVn3w|!Yaeix`voV#Q%Wv!o>~kJielEXp{Ahmfrz*4$RO1M2 zI{r_<{~G+S!2c@zpNRiBVEYzctUiIK_=vRB)PR=8*C;LC_gCwIROSDrd!`!a`h%ty z;(LdG$Mw*Ye6(3&oZQNt1?-U3i_Tn0HG}BaBJ3Zq5MsktH%KG<(DU%l!x^MGrwG-_ z9&nuL$iUCV!R18({z@!|U_);k7;P(+;FHe<=byklfJYsUOUiIG=v2c<(#I#nCC)VV zkbwyrd(4c`A-JvW2vhMBFv7#_F3^M$ZZQO4?&gO0_?dwL*c&^XT=pqVGY+%wR;SUk z*#Wwwhc4?8UsZvARH45IbV(0gYN6@Ill6c?UmOuQErk+}_tKrG6>xU|fI{(LWx#I} z0iJoIXk1VnR8NQW4FSwe1Q1k>bms;I91R5eono%TGc9_j0-ofeE*1d$>wZrGpGISf zz56KWEGnepdno92I%$H(C0|`(X?Y|&0LCagNppIr3>#Jmn1*f)a|dKi9c3LNx78_$ zHqNto8r>Ho6uG8xlNGR^w4YoR7dRY;U_a^? zPvxK?@>+#H;<3MOBb*fmap>Jt;M8&vg7iy8+M9-2PQ!1@Uqr@u?doBQ=u@PlIq+VF ztHgNt3^*f&Om_PIqayqV`$fY&wqJNS-H<_dL@_#%W$kdq|;= zr8B)v@D1+}HWBzSg+FQG@Gem}b6VO&Tl&Kofg-fG6w_yHqo3eeiqa1Pf@cZF-q1nH z3zGx?g;m@ayxQX_j_`rrI#eUmQ(UVWo}_D8d_J0B5o-ei#O5P@HozfKYT? z@lyL)BtM~` zUqH-(2zaH4*v>R>R!_53JcyFZUS;bgoUjE$%HF6L{<7ue_bKQpOrQK$X<84B$He$J zirDS1-CH}~aAZ3N>EFt%JxP0;|Rl&y!a;8aeq{}8N&PPKmJjM>e z4qaCuE1h8MRg9m5qS5dTv;tT9;xUE3$HjC%!^BQKA{FGCW#yP6d=LG|2RfN5;c`uH zji|RoejLSnUI}HLVS$hjm+e8y?SzfqVU-%hb$c~CHk=}PH^iC%LEhu;r za=uffU!D;XKT!neG1M|ZE99<`UBP~<&;)_N>uw&B44c*E3qf6waa#v~1_k^ph8#T& zuaR-rQ*aj!ugE(p<0fKS0a_SCet|-vO0e*o z+D%isXezEk^w88EUT*NWp~t_%tkYNiBQM|`cv-qCXtaq>D#+hlCgK|k_}>`xd>rMa z!}bZSApahG*acELrfh~K_naMbmtv;qn0|$)=$Ka&p0s2Bq|o#4m@8*m(oM%u@DxNy zQ=#?`cf+%a@qKh%3(dsBJ4gjUqOq-1u!|io;g0FRHO-k==#;VS5hi$emM!`uR`q$h zs$U$lsvlRJAG6-@Dyt37E~>bm*F|g&;PY43LTR5hI)hbmgu&;{wuL8U@Z}196vd9i zbc7l=aZnf{-%QwDit!5!ZV;;CT&Jo)5DLtUJ*)^n1wyv>7INU72Jb`X%Q(I&WU{Jz zXi^KW=H-j9UxHbrg+hX>`Q%kPqBQjvr@2t<5}%KC9~T1!fU4#VGj@-Z}|YBV#4oMc+v^~VTGRmgg>RPq@3{U8!gG_KjCFg zEorhZrkYc?E5cuWPJOu9lJaNGse*;Jl)u89YFlK>9%fGQZ26wzo&RhZzt|R?YPPf} z!mzVNRGLK_bk!QUoWvl{{S<15lm2HT4+%}Ex=vTe!8SjCa@@$i!QdP z?|}fRK20@NJr;uBs?d7@O+PHO78#koRYAw06*WZOVhMA*f==f^!axWIx5M=M6a~*f zgr)s2qS@MLUK4+**e9V0EgPWa)`%n;>4-}#ecZhzP#UcE!g4p=DNrb^JdmS1pgY;k zun@UO;eH~e;42mMypeJ{_y%Yp)<-QsM&xeA`a>Zv*m)=68!{IwmNUMHyk+bvhrh;e z9PMM8JPNhy#(`V-)=O<0!1`2jhQ`7>JnZj+9!2;A3_a}GJKyUQDK84__Y}St z&71V{CV!SMf>>D+hmIR?&7LTx#yum;MiSf?>9a zj5F(UJ8lH33dcsTy31|7hoMd*L_pBFIA#~PTjBnln$Y!-f?$9JGhKX=ro*|jpUUo} z*-!9wlQeG{l|6zFT$_D6mEl@e4_(y4_h^ci(WLE+8+;Vku+qH_SSRMcZ!V+?>-+mS`3{Y2MLdTW}%W^9_9|W%m>yra`(h zzttB0!w|FT15}FZMZJ{WLu1!d-b=jYtZJjY7Hr&Zr=p!y)5C``qu`PI5{}D1$R8o^ z!!&jpBZshq&4?1dV!16lQ5MUh*`)}-Hi~F7jNElH#;}2dxITqHjIkT-6{Dv+>0;9Gk(Kp2)en_D(h@EGq$o$G@Zq_vW*SyP3_3*d@$^@(qI;6y$aat^(=Z{)tic zCQHI8X82cW%n=TEfgQHb1lXcD!!CkC#D2y74azGbmuum+J$yw zX4G3Vg%t6MLVu5SGEDPMP)#piWvYV@5zbJG7hu&;4V53KvgXJ_c%-k>v)AXRZOM#0$d~qhg$9!&x-PUlUhvf>pIOFDe zPM9)V2+zvCEco5BI_#2z)JM!O$e=8|0%e+44(BsmN(g3H^Ld4N80;}u%rMj;eu^_1 z{_ra0{I6G@;vP9az0MqS2K(e8Y@j>X25L?$q*bHdVq5hLS`|8*%x;Pm8YYyCgK^f= zcj}vQrZpL)4=OZakXTTDTA?Wf<)0LuC@9OXvIPIX6_l@CZOOP0LAmG}`_efC<>wUd zFDfWS+I;g`OGBKrku$UB6^g^OSZOo=I{V)FNSntLIhC|IrU(}zZRWRG5{8jB>lNob zq|IT)9ZuT3sz?cp%<5alN=wp(Nt*-uT1shCy~-B+{~Kw;qI=HuwpDSRDGGIqLLV{~ zu!2*Rk7yTX_#$Xcv3V-#d5hfDkXv6S*=L9W+R)_SO3aBwMY zg_>{{N*YbWBGQ5-{|r^)KbvI&u%cmSWOSdAX4i7+220$pVc^a?gM~+yG1siNe^Tg2 zu{43GyaWC*d|t7+g}~tz4ho%9-F+Lcs?V zkEaC;>!V_*KcLV!>P2E4P63r|)Uyix4z!p0$X<^p$Ile>G3a}<2WYNUIE18E6?z|_ zvj!p?5`ku|whenX^mNB-=G~!gzhr;6Ofmk1iZkKGjXRTyk#7dHOEG=`l`kEgGaiSF zzE1h1!cU`)aRczY(g9~x_>e+-a|7@T0yiR7gTuGbgROj~U*J_y+OMf}CaUf9Z|QD( zt0nza-my&|!i_DvW0R&GRd~OQh3}9<5Pqu&pGMDMPuOVpNy4T%Yi#kiqg6#{)fgzU zM&FXR8x?*$cBn_0?f)u;eh4Q$xo4=*j@T%p1?^Pmr=TTPpP?zXX4ysFuh4&nt}yGg zSX-rPLHL3qd=vK~|GKb~}gm}~Fvg3Yc>&*h)>@5T-(Xjt7xgnIr4OMjfmm(B8cg{HDFzf}?bEDN*0%j<8p z1f6789o!I``5fiq4tFa?ccmU{@Yvk1h(8CzFBzaq?J_OLGY>2Dg z`)K4c4!||Cg+@Qhds`f;R_>*FSZYm(#@Ypl8D!)TZ`>RshhQjSaTJOq?~rjzY_-7PClX<+en4IDT-Ynj-QX3a3{fC zCR|kzRuNOFca*Efp6knO&FP^QV}L*;4(T(QzRzs5eb$eqpaOG$yk}il1peO&PvAu9 zth!D1{oSUsR=_B8nmeYXl`cL+Guvosn02U;yD04hmYNxInG$}-&%sDR_4tB#4BR>i z`hsXfm{Fy>jRPrcYV3uH{p@`HXrU$iVILllATd9LM-I-wUY9n>MttpNOB2L4mh^&O zUP0u{vnQn@m7Z6Wq*CdR3QZxE=5DbS_@$Bvw96HALE`4;`qmp3HygKFl2VGBhZG}G z-2A745(Zhs&8rGeDsIwmu~jFC8|jjZ6n?I0xnB{JPRqv?`afY>9_zAwnqpc8!xo+} zVlpk~DE#keTE4B@(wuBsisJdAqWlTIsx;DtIkIGsZFlBOT5#rUx5fMy>&A135YWTw z#Bz*>?Gn_hF67GslO3}muUh7~1lp%mzyDWF2-{R;hW6hF#)6I?fHibdE7!V8M< z4IorOfM1I3p)Bde#(lKpR!iV1Y;p=&f_lyP8`vi*jJJRsdr~1P*IN|-HOA*aY7wVZ z@iE=02;Xf8V7XWbkBT}(Hxn&>6k^e(JD*e(_UIhTJ7#;9BzuJKD)?jKM7q%K5d``h zg~sh51e(3mHs@gM{-V?K0LKGD)))g_tWZdOEDV*WXzUZ%dNl}p$;$B0 zJ{F0)JiM7bO1o+-BSK2E@NC(`9eBB_zlLq3a5T$BEV)W0-iWLRlf4 zjh?y4Zs~+0b}QJw+zIGD1tl_zARJNz|K46`{+5CgWSmg-M};S+s{9?c$%$0eDJYRD z(U7lEgd`h(S@Pbc7;$DMIXAgap<>CrgJ3@@Xf#JBr~Mk~am5?PSvK^)Y&%jJI;Sea zg%~>b=u1froiYH273X#6ewd{db{fk5>IH><9ZZpIeXsu8t#DjQG`tnD9R9oP6m9u9LN;tjg#DToB^MaNi3+R6*X~iON_u9{Vq$< z?_Hkd#V3r+n{G}sINlW>gkS^5X0pKVjH4BPIdkL`R_ge)7LmxcUsO;Eu05gfYfBZB*f8PR#fp%GYh^^=rWi>_^gRkqJybtZl+;5td6#X$xrb`2q9(RThUz1V z@J5D8*1wt_OAcS5s5(OvP7AY$rR#Eqo{lxh%F=tILX$4cTT?*AnA@Y!Ggx@*J`XgXgNZC66Ujr zg1Z%-$iss0xFYz=7SNLlI`>rZ?ywE_mm&(>NCll!ffK9bRf_)x9qL45_>Pv6de$D)is5R^}jfznzh?Ony$Gp9gdt zd+IwaB~Ch@)CfY=du-*r$B#vjk>8^TsqeuYQj`n62UB&otv&9rUS!Qh3QZ$`N{@kx%-i&yN!&d<>eaFpk<_5$cOX{fofF;VPsL(#BLUSg-IK>uB#-^S7yv%Ils`MU~b zt@*OkbVY<{hW=Ke=jQS`_t@6Qv8JekS12@Y^%liolR}fKf$vplYBli3ijrCloVv%- zH(XOhZf#T4kD$kL4#kPR-3q-6Vz0p4N#$3X<50seQos|6@<}crdaN$c?rf%M+6(wo&4l6Wu^Uf$r zV)JAwmF~6e|4%SGACy~;wtA#O6BaemLsuz0@hC@%zh4m+!i#VKw^O9=WxhPDz~7?o z8L*$lKo2RDedZhcsl`HNSe{X6+^`7rL<*=ZwtrG+Qt6%dLE9s#r1v`&AyImdHb#?I z6yY^6WtFj$74=XM{*FkR!j2-yG=vZM1$Rq#$ZK!9&sO{&;8y=@i_B}dMpfB@3-Kn* z1HTWq$(Z-QuJ2!1wY495qt!}Z_v!n?O?Q#ZgNmxg5p^mJi)ln=O~Z#RK}l!L5{0Io zH9Hg~>8yFbLX*uJY0{I5631LJPR}d!!uq-CBX6{yC4R)`^!zoeln;Z55LK(*Ce{Ozp2oPF4Jl z%c+VdHbE-B`SYFPr!S8tesQf4N=%#ii9a7IkWyq#_2ohZlH@`)nMsi$GMYaVAS6*u z$W@v=r)GTCRlFS2G|v9Xb)A25RbczuD4AFJea;vOU}ADrekch$C0(v2Qsw88NEMBY zFp5p2%D~i#RPn+(P791G(|{P0lGj#;^qO3qW>)2|CW$6LOvtQ?XOihsGOMBpWZ8^n zR^^v%W>tJm$gB!=uFOK}S^RUGp_25&LCWR?br2USWinLc zJWZJn)kVOwbmtZ=7UzWH><&=$@wY4FH@x{``}`q^^NWxGY?g1sCKDh1l!FK<5qBP@$x5zLfpGeU&Yysdy@M; z#4eRV#1F$q2v4&@C#enz0uiLhmu6{7=#)txg)D^!5Ll;@$`4Ql@_wOoq~63$F~}zb znZ_A%NyvNMl#B1E>3&2nz|B$Q8=TTg*~nFjL@A%8+$ofe)KEwthaiaCY1TrT-%l6! zLj?-BcfPBU#^I`j*R-4_p2hWH60%FeRTmDs`zfP^ zFL5IFd7zSJH?R+P;d7J;TDz&H*=rfXO;tEKRZECqR@^3)LT{38T zpr4kSPxjY#LW8)gR}pHU288`Z!C%D}4wuGh2`3^RG-C3ZVvA8MlANGe9E*)XoNc6* zy@mqMqu{MTzL}(eKS@0tbFZ1nvXuDGz3wjty1pBOF53@g3J0=y8y6 zh8YnV$pS-kaWluvLmCbQy2Fzkbh~@pbQ(MKxd^})8Ztjkj#BkmZlZCzs_lzsd z9N}W6rG`D)#P1I2J>i}Q!g^`ia!lbS%5LH8U1JXNtxBGU2MIHdr-6(vH8*2kAz>c6 z%v34SCBberKccKYn%KmD5n+@a%WE5H45&bwsOMw~BE=m19hp+(v_(P`*ktH&V} zwH}~VoDeSu(eq4eR^m2D{YavN9OMhRhl(IV4pQ}WJZ{9<22%FoL3e|@i6f!9#TC2p zUOjHhucTa%-M!rWEWppaM*M6xrRL&i;2^pHHSov=4lcxZq}1c@Pw^{FbPc{whrrPLAPK96~o zxd;La(MsT1g~U}WsSr00JE*3G=C)Ez7nL65zoz`pAoK4|6w6gQ)yyK8FkDC45uP>g zaH@*XLIj{ht`?^n?mkGRhAc5io{H%mHd+MQ$wdXc)&>NRJ+^2OrA=UhbC3j3k}aE? zm6(#p&}oQ{IirxK?Zq@i|M8_CX7IwxDHEBeo3Kzy=IMzrSfcka8S;^63ynno4cJMN z3-4N!oGa%DJcTiP!58?bSPr?-g!znYVmgP$EvH&st3N<>&FDvPIRsF4D;7z7VmV^b z3a-E+!o*aX46v9fNR~LhgYPY6aYm}b{VV|raciX3e)Qm1GylrRbz_Wn12^BMoek3{ zB(g;K6?ul-d-EQmYY}A@BZ%9pZRXo7d@I33<*Z|7O+emYNNv+NK&~SUzw$(NgmxsB@AfOQI7=9&fYY9?{hgn$8dpx0$1!yF) zJea8flNt3`8$Sh?i zgmyz4$s9s2&o81pXA$_O&uZNv4lg?|1ed;R`)D*)22fJ%Tv1GggNSIvC73HV&K`UX zhS7q`5V&tbAN>2)Q%&T9yxl-R>Mo-^67aG@?q=v~6A)5lviBMmw^zY%f80vf~=rX*}1K-Am&+wb^j3 z8ij(RbjP=up&UX=+MLj;QE1gzv}*g`xK$HQNvp;(8xi|hfj^nEeLX%Jq?boYuQylF zqoX+*q+`GEXOg}x$$%sqhKVQ6F$|?b?Kmu((i~(5jcrdU2p$K5omr5@e+Cb2^^yF0 zRAHuf63(f8mGWPsz#*F4Kn3PY1xpn0(nRj{DNwc^ps85?otlx9b(9L%NBO$aj0n=R z;u8u!|HKW7RDA7vT|kKPY`N{M8m?z@AJsg-wbeM2M$#0SLcXeaq683{!dAsUFQBS2 zJ3R`ys;m>d$W@|Ak5Coz8r{Lw5n|pZosIES&pHbsgWg%_)Q_T)n`q%-s$NQ?`_OwfGqf?VwpF&Y;v}V+4d;cFR=kQ;R1PnX zp=4zY_ikq41F<5^!pF2Ad6cB&g!tr#_}~Q-AAk1S%Z9Dn^iimlmT_&|y=kC?SMD?{ z&-@U9Zuln@=Bx%nMgv}A(GGU`beM8p&ZnBsHuEr8XMP6T7$2j`ODpirq)~iU5L~p4 z9|E6$0^h~*54C%m+hI)|*kOd+Qq0ndlZdN_g_`BX64TAWNHaak>~tF?z!HWQ{E7kh)O>k&pCo^&9m3aUuA zXydYCV*|a1YR}?UbG&}z+YYBeUZVZkt;p-#Xr_vT;>*w}P?9t5#ik0z8IQ9ejKUVq z`v?_ZB`H~9_(Qq{UZN$!yxAaxUiu&&V3p}(@!kb(fyriakk9&6?E3$RGVY_P-tlu$ zh33Uj#W}Q#k>?lo2Hbovf+~zv3-{|Q@O%Q-iJNNtfhYW7@_8lncMd{qB3tZUID-zc zP|m`YGs?r0%c=NhpsW^M*kuI2()=2BVXq@b4QE%spCpOwgguvCZ!79o zW$-?ld*ZxWitPoi{ZB;!^U*rq^honuX9fnj^i!T- z_tkaY*jiG9`1gzd%)wa@8Jr>>oKd*( zbC4F?LYHBDaDZQdrr#1bLJPb<&}BSAfbV$?LvrEt*PNiG$NsAHFCCu#rAj|tdKNat zeK1C}Vzb1o9O}SdhyOs9@O%nF37WAUO|CO06YOUfo?oM@xVRRYy^pRs23{MWMTxv- zcA_nm-A(y}bk${+k03Kz8(;}(rA5e% z02pVpHdZJLq$#^mJB%eTlwb>ljVI@RZXV=#76Hy*F>^PDf)lGeg#d^!1uX`rT?zxw za^zu|j!irQ{CoSjEg|lpxUSg_3+*^`5SKN+5V^AZscHym3urMvnOf*Qk0-J_!=#(N zpRVdLQUzPgA{Yb8VM68hm>qu}>`MsVfyblpc!;iYZJH31(*wEJ$B;{mvq zH{fz@FU`lDIR0H*xci(VW5h2gN%xLokJd!F;CN0cl+U`;(KDtMPW+1yAqEDuKEuXy`>39oY@SsW z`Fj}xz)V2UTCgB=syZs;1(Y>l=ENW;PU0ge-mtPt9P++tnu^6d;|7EoxfRb{@1qRi z#S1whWygq&OJL$qWU^MdW1I^qg2DSiguqPTB(kEGLjA|C4Y#zTGPZ>W+Fu z7$T}%#wdubl7PvXEC$9A`fXTTz z`uv(^@>r&@^%&-JYdt1oJ$8-N0EShr0X*O$DHOiqK!MHAoUS%~Ik^ZD&6@_e<-XsE)u2p0{eUfhh?na`?g0adnARzJJ;;rOBw@`?par874l0*n(`bwW;a z;-oy7bvT#n@Av~JhIuBd(q4#_^|CcMMtRq>)wX&iH6XuqKNdDbclE~4r;KWBTTxUu zMB}OiWEeVuT%U+s;jIEU^R7dSE?>#}N*vaaw_-jOR7H7MWzI0V^)zLW zrs1py-_oDsZb#UTOk*K0hUMOwiu_q93$Yyy_w|Wo5GG}=pvAxt!;l%oZ8eJ=bApkL z!l>ASr!(*#8nvB2L!6ef6sfUz2jTQd;0wEp6LH5|e8`hDeDI8$*^9vUd;pjSB_s=y z2ysi8iSu9)2NsU3_jCAAv-^kT2XBF4jr0T|I9f@&j!GJM{bWh)pmr`kWTJv$=`kx( z2-*kN=H84=)F>CJhDzLQa4G}cXqsZ|u|9}gU_Zuyk4EyZ(?(^hS{a`Bl9nvFc$h;>;Zg4V$vv`*B9ek`N~(3fBY0M8%z3)Bh61#_H z{UU}Oke`ND!XE${1_;XoKjD-muTz9SNNkCcm;(|4uYoFsUOQLMprtWYrEEDD3!ZhK z4a4At@cGF8%{Cew@R@~+MVD*zSFo1~u%f9+Fr8}VlBBrM^$MZ1`HJOjLQ+(?LBtXu zTi1A8_p!`66P*s*4xCK8pAYYWc*fbO`z_>5Z|w2d+cn*IBn_yqi(WqN=X?q=!JRmx z+bKnh<~EbtYhI3ZvWd@aR;z$7L=uu^m>VsZD*$&35w@~~X%Waag&ovvoYS?p5e)Z4#!lw`-ASU@$uHpD&3ik&ul3sdELGj721U#$I68c#apbGm~ zIB;R%dIau86$GPQkf$r6z?HoZJ^(k%6$NSISM=4SZTzl6#`dZdhX&x zEFIGqzK?rTrEDRVYbF_HxX&u|E18JxfK%E6+$zC_&8GAbq_M@8qDO$lsQ?A3+9G9} zl9nn`p9%K@1s`khq&BULr%YH;o&hOikUl6v3PblQ^bFY8m#<64=P`vQW-kzg?sLLUZ{Qw&yWJWP4}W`&E((28p{Ee6Z@hO0eAcRLd<-f6lp@@N;>V)+3N2oGAb+GKJ~5@46fjp2-V6FC zpnzH}K;Sni{AEPMK)`>f-moJSvUi+05@|8oBx0DDLk$Uy5k%NItoK2qKjM4^-?0I5 z@R0#s6>*L-oVSdkJSao0&LmmP_-^OkQI^*K%l^5@U!c+6WgaI@G$$+6xf9K0neIHS zHM|#YvaEw$0@pFH(`^ui9RK8TMBnuW7Qq=AE>X1B;18KPg7T4H|z4)#qU;Q()pg}xuOCRvNO zNKVA#3Qi>AdkTsrB7uhLvBS~8B5R{!B<(83cu+AOL!Mun24f(+h@tQqy-}L_M@30l zNJF_Lgp&nxA#?iSnq>>gH+*=PqWm|6#~AS8By88FTE$YXZyr&U$AJQUXRLKM7bRxn4^o{n=Mc-ZmCY#*tm#y>XnSFLfiopeU)EkW*nxxf?5R@+MrN zDE(+c@K9W`0BPnn#ffXCs6xY}Sri$aD$Sy_bi^e=xdFj(PkmupB*aDPJU}u%?^4p@ z!nlacdsv}}I+hqw?5INhIgkpC((}B6{IP<9hAn=npmXFv68f&Lv?G9HM1KyXAhGUs zvqB%iUKMGf;3Wl1%4CE}Mt%#E=vYd5Uh%$C>UB!!fzeA_Zb9nUtEarT&#op`pcPMi@TkJZSLfrB;n znDj%DnMkJGtOQm@i;!5PlFKh7M5vuB2bnO*i&{b4E=PzvtI+pBcyV}1 zX#cuIu)bG5*%HrhBiF(dSggBf3Y>|1Xo|TGKM{HvJU8*Z2f={#U0y@))^|UGg`qws zp^!A-F-3S02#`3%xKINpDVwZEaE8x2EI7xtobN-r7r?#Mo-b4~8_OXG4#`+J;0T9# zo2)JYs1V3$rCj_W!Unu6=@S9l`VeOf^>%v`zNlD97u>T7O$aG0#8=e~ zNBk0nrXW77@I>NwD`;5a4=Ywu;-6J$0`W58{-p4@2`7V^S8tnkVS_3<(j)rvze0~1 zi5YcF=9^Uf9fc;X_(g@jk&16`uvDKw#W>U{vtc|+%$9AhLK6ds2sb>d2v4vgJaLFm z6K6uu__XPY>9&UCySZx>oUohYnbe`s&tL{a7_r}3uJ_16nmIrtS)%8*Vgi=kO+`4e zL(0YRCYf>YCo~nIJ=y}SC%E_oU0+^=EBzy zH&Gj@8HXk~)4|yY&X|zvyvW;yKu05bJK`e3NGd74-6@BY5XRQ01PXT4!z%B3!=)nl3GrWH?f8 z>3mDm522^xSo9>7J97%eb)rQaLGT;XFXHXMOE{mX!f~1oQ~p#li5zDDFgLD_!V*va@?*oWgO+J ziYQ}TD}1FUp$xd=mcvzxcu;&vvV@a=v(UCXX^?m6n8aHc`~M=qx7U67XzoNTjn0NxHZ$CXq$b+IijE*+9o)}qjF7P20-geLAH z!Z@5T0vH974G$-UJ*4O_8?98fhs7rD`Qr*YhUrrbZF#h6%d!H$pzyd2nLvL%EOf*Y z+lIJzh35(sDm-^w!qHxA!qKMlUPI*aUPbfE{O1+) z3W63bYJgf>LEV2GF+vY@W+M%F?*ud`96(Vp&V!KTwRs z!e3HQio%O8w{#^bTn2lgV#G}*8SFPJG}T~#KoOD+wlM2Y6(za8ij2!*a7?PNRx9*; zIOU1I4X4y4aEewuET>3+k6CV;o3y_XctAQMvA<>J+^h)a(;t8L`nz<=y>Ck1B@!j( zA%!AJ4E!}_hzMsr^Op)4K8vb|#J65)D~a1A2#@wC^msOFAo*;SMX(LHhP6^9GF}eC zs}Y+cWHx}aIzpSU*#uYO*ayym$0t5q_6b4|0An=?g<3;49j27O?aj9KPuXo9lE%+a zwN^|ghZW@oET()oPz&7#{*x`D9!ohzZ?WaPG5bxczMjl}!`s7$6d`W2Bn!tE6#66< z4hN@vg!`XDo`{Q_t1Nj5aoS7G%KA6RR|p3{wB!6!y@)Jivklf&j`W? z6d^J5jI8HJ6k!+4s+?DFB*s1zRYqP@xL>1?vNNu>UHU6%<~4|;ZNs?>v_hfJcN%_db%d}FRy<3=iIJu$=-$>r-W_aW`2snw`**=V)z^Lo$2(dw zL@i-jp>j)n|LRuSioXV-FcUtab;peFU&PmpgOzPoq`!4GV(D$%-;~Zt+1t{VVY6Jx z3Ch)4R1cpbL$$W{J=yl$tWfy=uv-#6f}H*OTNqvBzh zL{uVQI&QG-iwkotEPl@XHKJzj)HlO2I*ooP za0_9r$o0)DG#cH}p-3shA=3C(7)2azOd$;16zC3a04p}*+#{AV+z?P^z~E< z*?%iSQpU+yYbi{{I30?Rz&N5@?@@Sya(zr8I*M_ztEKr>>ns7O4lXZOguTW@#5cWW z@DgHAE=53{Gl8*4x!bj@6jqT(6rRK?!i&(L!V?ZBMQAm&+r}i=MXbD1czmLTF|hBY zJE=16NyeUYW!&QuZq$rGvAHP3PLL{1k?09`D{XPvl|(Q9m_ifSKzjBY3QsU2i1zTh z!ta6pRt2+aCBiYVzR=M*K$*xF9*IoKn}{1aY(MUYO0{4BCVamxxJ{w=13G^Iw=7j1 z<9F|hK;a&9fNEc+sn^1~wL=cT(#^VYLUG`XWp4NdaKFU zA_D1?Ih~x9qRYyTb8DxiFkutUG#~<(XbTB^CcXKX!V@>?ws=iu6<53{Bfr+yQz|1; z&7Ad?3{#CWzKG^J7Z*rg5RuZKRE)T|?J}zlD>P0u7G{4|p`XIU9EH1|xBhu&tJmqPTsS>Y)}&z%bA?$Jc$QuRj_bS{&#v(eHJXL1%^DpF`t?a#Yc zCaLhwI>k*?|72-@S`m`kpMR;)frMy z#HzF3XbX*m@Awlm@~x%}bE`3~409>hcT;^jE>>5{h-4D49Q~VZqrZX!0rqGf)j|^n z&8240Gn1!s4^7~Y7_v+rahwlIQPM#LTWnFoGD4;~<+(|5AHnXl#knSGn|oRz!`tR$ zb}!y)tBjMEvZuOQp}W{CQx*al>USyxm2d=zx|1yJ>-ZWAq8%WPMS-ah5ieseiaT*^WhbU+veRI&3rU$r??r0zz7scG{nZ_Z|X}gLf;t!?U%1N zn68z%^18x@mnT= zRfcbeVUKA@?9YH3 z*PYxIAP~0Z&zMT%Fb-(TCXUH`vqz4zbb;J*|S6-AT6)$3XRJGFZCZ+ z=zn3ADm@F26T3o53;v|w#Oz+u0UO_8>5uCGSz&t=I{Y#&g#KQU;}Y6RMJ4|$c}3-> zky8{Jm!nKt(WKC1Nw5TEo1(-e!4m0smqO1shn1K|UeVW{8G-BNm8{+fp!}V-F$Q3+ zunXV{1>me8=8fB90Q|=1mvGjqwda?$YD9f^*S31iJ%wC3_48~ZtMywpwb!rNyl&f; z4eRPRZn%k4Bq1wLz5SflP`9)0w#b|O^n5d2b!}VA1+JEN66KtRh$DTnvx2sVm55) zGRcmRLI%GQvQmY&Y}p79?n-UgvT4oc4O>kzB$EpWMRAX4f`HML1t)ym0^0GvBI0=B~4eB$&hu(6gCb2 zHv<-Z&>jCo3X)Nm@7(c9A+y8V^ale3ML0vguU_4;6(Yno$uNpV+S#?becQH;8@d<< z67Xa57J>P*S^09}b;KmL61JG8?L`Ul#1?NjK)&0=SLl%u2!4|?e^u)2RgPJkhshTu z2|G*C~wLx|SG&$Q=pO9Qj;7OBf!Cf4bKc+eitgwqX^sPiq71yV* ziBZVT=9jp6briw{Jp^aN-C6t%BcBJN0Zl0&xGCU49(=fwVg+C7D3j9{9V8byMrKgc z#jJ#G3F=^B8PVFEiZZ7?Sixwuk$ zkjnOPY(a!guLY6VlNfg`iTY@-ys|?!)5?_~ZNxQ{F_WVdPHTXBcK=ApBlN2(IM;r@j#3C6KlTHu1W% zk%DnD;hH2&$uVnQ1Mf~km^>JRCL%sv9ZlvRmDJ|l2dDM4Q(3Y40(4NE4WH#IVW$%f&Qc5;x#V1gnJ;I+N8# zi|zGT6F7sp0f{i`s0ESL7GrQ*VCO^>dX93;DcEwHMMa34XJcI=`VH4NXgucv3-DbH zr4p451CzhoTxf7O5eJWA&>IYSgUIz%!69?Ao$({7c#ujLQ0^lfjF96h7lCFDpB6YK z7Ffh7#Wl$zNMdvud^Z5Z7@g+_?t~zOV;`mUQ5kF{NZw!~D2oS1 zGJL2BKhcf+lv8(b5P0B-<+YDWpE79dT3E`6_%s3Deqs8-{S_5X<#2atFfwvfI>&9R zplo*v7ztG8x^D(P0&~JnQjS|8e39EVQG!7Z;=+a8Y4BAnLz13c_Xa!&xDAL%-s0f8 zf@}D~F#*tA=6_5p#IZikx4X=hPxyhsUkrirI;G2cOyp8T)5}E2J;dKzi3I@ktP`@f zQN}xXmaM2}*F+iETprkYII1({*?~n5aJbPoGO{^5vIXcTjO<<=*|FRWh?E9NX{tGf z@osv9LpzR#7Gb}uBhrDb5{?aHimwn`%$+P9{tm|e%5#i;U1aR9H)B8D+v7|qp?pri zS3xlT7vV~e_cBf3dqub`G<7*$)=zK3F+48h!HUQcLOF0>20mF(O<#{WTa2K;&H`jJ zLEva)0hxt5Oh8remEng0emXnp(*|&99B%oIC}@aQFh?AbsEx%pm393K_qQVZx0b$Y=a;05X(0lX9uxZK$uCW~{=(vXbWD zD~EE0|C*Vdr(yTo&-oK`PGiEEP&U^ArM6%4%JAU<%NrLoar9WE|C_@f2e=4-(jQJ+ zfvgJdZO)Vc(G&1;N^heX2znUC1;wm>cO5eQx#bl!&b_MN`KCqil>^A;6UYBXB3&S8&x8*-A3;8__{0p%`8aa`9^@uAUj@H$sDA zDEX^93c)?AD93H#OJ|U}2%Hw;F~z7(!KfB`Px+odjnR7c|6}i6gCxnW^RV98?cG^` zz`|I73y=gj3liXR_SMzT>A~y(^Qa|yc6O%OJ)l8|ag7o8$=DReXTMM0ezg_k_LT3AiA~ zSS~W4zqeIqmWmj62?G}pI-dffjVFKA+;&&_%n+ic^fLGhjsk2TSu(V z|EO2F_2lCpJ^x$g?;IWS0j$Xex|2QzRSyc_?|p6YQ(vXq2<`)n8>P~Ij3(_IYMn1W ziBYadC2;#umd}YND9dl+4qm^k6&JVs?RxM zAO9J;Rf`|{>BXn_IXBPf9PrLQ#ky&9F^l54Er$Uul_1o|ub;yMO8oj>9;ztLI z-~ZFH6?igHYJ6%WbMar88eW8^=6zR5WO_-bfTBJd{Oeq+55Fv0`BS&q#`P5VXRmOl z8t*{>zHxu?Bh=luu}^19Hk7~g9A-P{)wwNbs%O(Ya#~pPzcXKHIu`aiRZiW zCpdkrUvq2m?vwcW_hZ1&c@_v_U%!qiW7t>BVR`jE&OdqVn~R_0jKJqOBM|l<%@99} zJ02{)_6?W__(mzjNi7T!9g4Hvnh+`LG7^SZbc|G;1xyvR$q9Of*4|CPn( zIIRXesj_T~Sdb6ny-=zC*B3uT#rhf)D+cnNd+CEXEg!nD_yzFDg4O|t1yAxr81RC1 zzltlI!?!51e8(T+pD1hLD<(04;LK?m^MpQtByTXy~NKf#aGI$%p5d-BWIP!b?Z{^Yq^;6COrpf%*V zuOd+Up${*p9K>xpQiQ@$kWc{0E0j|zr0bYRozW6xCx6W??U|g{% z0SiFN=8r6bgZ}-P(5Q0v(Qkb7{Hy;kZ4f|l2$KNj8deu>K_bU%2~76E=e zi{Jz5|L>eY`=kF2(m)3UD{dxs8|M>cq#g9M!@146SCgjO; zKgqp)LZ)6md7hBSc|;NX?EI7Ge*7bgAOAJ{6|j-Snre9Ag`t6e11y?Pi$#Dz;K1G2 z#QPVkAU5Aw1$<)70;WJb4c&&>0SL*jz6x*zVcRnd+dhbe0$^0&?uSBySHU`uiVXzd z8E^gnKf%CHU_~&rUC7!Q%Ds#gXFy=g0zI3@zlQJRScPY+ScUI<{7sGUO2h&$7smoO z&J%7cjs-44pg;cjmoP2?bJ6i$n6{!GC_`$8r`^Io=wH$seG;RJPZ~3b#lRd6&tjZ^ z?fk1iu2MmS+6-u?BAf9H-r=dor!J5Xn*lZT$!{;dAL02Gg`;#tAu1Rl;0a>_6=96Y zr?~*unEb27Pre=eeK@JOxY(EVRKyj1`L2wO*gLA|nH;j?_ z2Q~(Qk$Fap47$_5=l?cQ$diaj#M*phaqG5P8(&kw+I#?}|1sS5h1-jteGkJaerfUI zOk;D4#s(!th`*jgpar)bE-_7xf9;IP0W^<+9GE?SQj-JWNSPcc#7~`j3H;v(&uDgb zCGOBC{O+HYzyihxX&$z?5y)m-K`rwH21WA^7k{wJ787Sc28eG`pTkByd;WFxRPffH zgdzHrj&6AYbxZ#Znas-u9pJou?EG(I$RsD`eCi8-1bKh{>*xu7e(|xb#dF`m4>|t@ zbF|K_d}Q&l?<`*Yvv>|fdNe}kdq;~eqUW7c(d@T>51*`JiY!9GC0yjQ__KjOH^sJb z%$F1^BlspncFz6uqFnVrC&jp*5;S@Y-&G|=>u3js@uw0S{<4JNk3nA}bi|~__vzoh z+W=3j`RRxM9JT}$W4!oR7eDjMAo9E<|9JA; z=Rd5v_0%}B7t#aoAI|7pA|gf+_^i? zDq6w6NS2C!d7fYAU&No_Uw!~r{}!KuxBfw-bnM?>_5KcE$^HBV@9)ohf5!z5ejVZC zGYpvlsPH-f_%U1*$PGHO5i$WRdj<}d*v_vllHGmjJU~OZf}h03b9y;wjXnrJgD3`b z8Ir5`uNFV{cNag7LHC?q`te^|eCBV$Dt!QJ_bPt$fHvy<7x+U$onQSU+=U|t4?c$l zdLHw-aq;JMSoV|O5(@Swa7YM6f^J>^4G|!$Lke5X0|CR9e}73lJ^q}^{|Q`>o*!XQ z{r4}+a`NZ;Z=n9>I*iBpbN#o@8hiqw#Pje7@f66Ly@db$F#h*x{O^S9xdW;9;9Uu~r1+brA!&Dw|pf{1&#HEnB z#IL*$p7rJz7N7fDi|_l}ix4sX#&h87cnpIVzKeBcPhxeSKKJ`&!leB|$-PFPo2>+^$T{(AS>Wd8cS!bW5BA~%gNgt&HeM8#jRj~QYZ|9~w1 zx9nGf4CDG8WF)kHKE*Ju#gw^|4fHWTX@B{jlfv&~--ZEQ`LMQa=tKUT{X&SzU9a)v zD`rRjQ&!dfF^55cGx8}@e4*bd=DXGJ{HDFtKLFqC)87H-%9pgoLqEX@VRd;K4m6>=r8=P{RQxOEPmjR zfv~F@`;bU<-edrkzlED-&B=)AQPyc4dj4bp%oKu-{k;8cpK4eyJd2%MAdQ{(ys3o`e_j)Zg|MSOIakK3FkvxPGTHDY*W60V%k?`TZBo;$)g%b^S||f@^QW z&c8I5&9+s1P(<#l_6zfHrCGASe=}JIRmgwl56v5=7&G+KU$vj6s3KI?{N-!r^kyb5 zXbtB-vY-DiAEJW4NMh(uo&Wbi{Mlne;)lKrWU{gN{x6{P>XnZGO#NeM3XJkI zk*`biHU1;}(Ts5*dXIl*zYVY59|xk>`gyCes!eV%uhBFwnVssTU-&8eg$$jss_b90 z+xm;J0WV@}E@9v;LRB+B0Oc-Rb^9gSu%-7FK`*yqcop<2-}QeO(fJqHmJ8om`~kzy zrHcQe{gfSU-bg(C-7EIf-^Qm;gBA81LB+=aDn9k(w|#Tew_p4xxXJf@XYu>ZP1HgZ zF==c6VLtJy?t754RfYfO?X81H<7@WQ)X`7{HV0{|eld@SDN4*X!b5Zg66iQn@@p+8S0SWf^|HtqnmpJzdpbw`GeS(g%s_xhS z19RmpG089KG1n*f1^YcZf*v)xKKeFVn0t&Cq5^Z`t|pWN%-^VLwE+0i%o>}oWufM`)R7{ zRPD{r*iZj+*qhb&7FU3PI(tKd^egrYe-U3mu6Yf^WqxY$HOHP%j-*qiqkslaHE}QzcbEgQs7ZL4&8yHIw~HRrrFXm`O9_=wAP$BO?nzE_waV`my;= zW{i$1fS|Q*Utf5eP!_lBg4<3bPqFM`2Vl1G z%k&ieEBkS(C0aklAb3Mlfw5&jh>=moU(!!sw4eUh$xn4-#JD>W_;-}wJFh(7mb3bi_FT>fU%I+omd4{u1 zCG(aQpT7?)olx(T+qdke{}21%zOnc{=71~X?a$axe*;f;?Y+e>Bn0zU?59DY{_pIk z{{?69eP{7==66+oW^(VSi&)6LqwaDs_l|xik9$W?$t>=jj|+-$_-D;Nq(;5y9{z&; z^fywpyDBGNw;yMTHk8Os@A1Mfn0x#W*bOxNy<*l(HUI1O)3oN-%WJP{K$KYcg#bp_!f+b&@C?H zfzf68o?kS}k|JI<2f%)s;bhY%__F;xix27L|APHOlJr~O?z8so{t%0{{Po3+#LB#B zKm8TFJ1VSinNM}YW)a(}aQ>zx7fCU1=&t_KpEvJb#MPv?`1+v@Zll^SyIF`xv7F{p9~ld_v-i=*xFjZ-L=peW%;%bjOY5 zPPaYkbZ?H1_WIrC&Yj(*XzkwU?e4I-fUj;w(ZTR2YCn9~SV=GsY;Egh)_$zjKk7D{ zH&>g-`~|tT{_w_XbI<+A-tJPX(`k;!qw%$2X9ssa?v9%~Z`|3PZbWjIMq}Bh71(O; zP8$uc-+!y!+->1M&BUYfsW;`R?}2|no_u$@hQ9Rn+o=b|k2_tkEo|*BN4OCFi%YFe z9<&adJG<-A0_ZQgeCRiJr|ZhnuvO*Zc_pt>w+#=_-jKws@W0MudMimZIHmzuTTRCR2H6e5K!=OyutNJ+PN| zcdtix`R{3C#oi;=@Pw`26t|GA zykve3@xwk2%f$4he` zigaHUjnKTg%omJ&Dvm2)mbiS`or){eb5~!wAb;pf8D*tA6mNjHCKNL&vDPk5=&C$; zLccc-y3;!#`{5Gc0Y-=2acepnUww@?fR^(VMg=8|rP`ftMq3^1A9PSse|U$Wv5M6_ zI>gPRJu0u}Hf|l#Bl2_iOrl?eBE_5zY;?nVAO6+DB4gdM$UC-RSj=r6#{QdiG-~0 z;7?JY&Aay^T)Yu)ubS8f&JWpwwuYVV!{%GtP@h%!p@eP(-X zg&sGX_aZ15Jno7-ZhW9~c5Ic$*?gC$SQnerLuRM5iogneV;RfL1&~8;cRqQIq@!Yg z69&yF`#Hajv%8DK`=CVzn0Jm^eGu*Rq0@F@fO}IIc5(ql6PR~7SY@<#C3TWg=R)7Z zr-AC-$0?Hs0T&M+4q7Kk3WP_7q3({aOzw}y(+l|5Ro!wYiq)*&oXWtuTh~=StVcG7 zk`p&Xm0VJFc^2%%zD}djA3bo2YDbhR&hp_Sm9#xLmEw4{mapu$`jhTU7wAu4zU<87 z<;%{CyLhqqQ?u?RRE%gCD10mho@`s5&bWL|L8)D#pLa!EC-Z>fs$afreL?$V^5d%) z@F?aibz0Mw%0t5Z}LO zmoNK1znH<7E{JWUDKyTawT>a1c>$0A85qvda5B|jtnbRFcHJ{QbI@|v`XIg%iwfD< zfj6&v9Cpj~FlM*B*=#Izx}L+n0vTL(PJ3CKvDS{@J*wiyiB8B{&|FykeQD5oC`yjM zYfLTK#Y9R}5H8xo6)-7<*LD_xo}{Q8Yn?p(Sf|Fh1igJMade*hvml3AL_ZOGiEjiQ zllO^P0<*4RQz*XKeyTHuk}+HN=Lhp##2 zIuqr=QE#kudbCUAn~P|xnz#c0f4aOr2LI(~5VhKE=mn?4;ENxerBPagUp(nvUnA7f zm>I0;la-bBO-O3LJ3N@)SLY*^`0&oGiV|g5gqXC`JBGi}-s>LphPw940B5?>=zg~k zzgi-mP{4BwTM~|VcJ3`$pvr54p$~6Tk_`o6vQIud~ zY^)^yY25($tQv}xUCvbiAB-g0bk#}f7kJphgH9VdZ6H7w2M(^=I3ly31XRu^WuTH1 z0R%5DheLvZ-os{pK^=5hMo+0|HYA-uwR1mCFLbdlc$je4myt;t3h z%m931?KapU2Zu+~?oD&DbzPSsEs8BgZ+9QTBN`ln#S(as!bLuc5c^!d%K20&FcHLKW_l8x=(v z$_L$cqXn;eFz5~tT9VJR11TO2Tm37b*@ROnCLv%pl3-f>e%MPF_CT+D^)v9B)GEQ{ z7Kla5Nr71JT=1jNW^AD-fTViWsd2rw9aw zcM$ME4&coq>{gez4!m3LwZXNs2W18EKpqy|fc;Nm%@)U`Yapl`E*Mm3yBmU-uJTqy zGih+Vbv;G-SSFN3yQ|((WZ9cX09F;kHGpbkBbJ!!N4-A46`Lh_!`t`nJN!L0f{AzV zzH?&P0Q8)AXhAR{aNHsgKs;?xK{>iy%ox7F>*k;bTm9x5=zn|66ag9O9SlKf40Qwq zqJFKSJM293xzHg!$txP1z=JxOB-&JtO<*lV+}?ZoU}cT<;ce zhlBo9r;A{A^hjcC^KfO|1W}-?(2KLOX=S%e7Y(pBl#LB%6K;LslEVWw;81Ha!AWmO zvZ3%PCvSsSU-WX>M_t!@n0!WBWF^9PA+IKlYXOk-VLc;Krvfe+UXHtah;58ZApqS) z182DOSa82gmI*1i2fa>LWL94*vDNtzoKyT`qkFaX;BLV{5M*@RyTM)5j-`t@ZovwQztq_n>QbJ=%otlHE-zc*k? zz9Rsiby(fkmZC3Ubp>t$(m;SD11jixC6cX8aX^__<=)WGfwN%<@vlgjz_)<860Uxg z)DsF<8ogIPRF1O$XmOq}yKnj;0a0=3Jt$M6p4;$3CFg>?p#dL~#w-l$xbM(S7lVxe zwg+n?sUwGihJRT+IhNw2gLXhli3%O#gV~Usl^Xh^vUve!1^_?}db#O1C*_Lzq_U;= zBH&B}ld>Qn1Y$GVy&?X4xl`-5Lh3q@!HR}adlF$FM!O3$tfExb@W9wBNPZv6a|{vL zZmYEf4#LqK_;0rbtm#c305MWqXUT{f3lmO2EFLn4#|XzLkFaFGd!Y-Wr40rQ8Z02$ zzt8{lc!hFnED{clBRCc=fovyCQQ}GF(2+5SdFPEdtVoxWRdPb(iWZGGcd`GY!`1=E zkzj@o-8Omag4>E>$R2esyIRFvf_^w&KxA~KKN=ofI2zJr>UK<`l@X&u96NT$%yCVg z9peBf>fognZR#%b0YDc8D>9#4lnkGUz$s{03Z6|0Irlde8@SRx2zHh2_G=RvJOMm? zz1x}|Nd-{EAuyNVk24~jGJ6X&KX3WOmokd6?oidCUXn761M};wt+RqKud81^wx%=S0>P|+vKUYu7b(ABp^`lpUVdDnxml($`1Z*f z0Oq=+mdZyp9b&mk6veDasCc-FC6H=Iydb@Ax&rU=s|!g zk^;9mc@b>3RtUI&$aKo!bzvVh{VaMHaAz`ogprt))Tgd8ZYsYWKAJ9v=^Jim6j=R( zlKYhn|6PVqAVYXI;-a|oicM4ZNX`di@cFs6rJfnSIlPh5M8 zS<#~XQJc%UC<0m<@tGA`vN^)(*kC9=6cxhKB>A~9#!e%QDd|sOd(^2hE&$84P%5Nu z0FB@#37D&#^{6Ou>bR=0e8wZ?r<%W4aMZZ&lf$1_?_iJ+G02<*~LoE;_ zb!WHd<@u!jPo%H5lALUY4&r{7=sLi;ar^#w0fnJ)WXD(Hk8ayKav9p+yas6-2bz+%s-3m5q%1CO(4JM*<|O+KW_YW4ViT z531h)<)AJ3mbySTm*=7Ts+zKEZjCOE8TTv3kiDwax`h)F_B%%-g;?lNs>nu6D6sjd z%2D5l`|M&T!E@_QG476K_ITlbYho%6`5L|{YXq87=@drs5cnndO1b%=MT_s1h72_Lq*hb#+~y>gI|?b=t<^hQ^c$ld|l#OkOLw$5ic z*Z>!1H)>dUqbVH9Tczi0HlCTW@n|G1#u18^qe*MfwS^??G173;Q((nx2R3_5MV){Q z!(J0ArxhiX-l#N8ScfS=565oQ8KI(EFvu>_(-2Ygm0*2|e2h|}!|7N% zsP#>Dw@y*D;bu5hlInyV z&Bq_>MZGL9jUazSPx30V!#<7kdrWT>7%rychx_9J{zQCpC7oRiq1_eat_g1j=|^}w zroacr0HFA09OPb*!M|Zurs#>Da$|`LY^ycB0Z*F@@WDs1wJjSVN{Vx68#& zuVX@*9|Dy4)|52Z^oXZyndP?{x+B>bFSWg}Z>nPeFbtymqoeTxQW4!D0~RUgOKz-# zy`Ye?HgnD*z7ywMRxF?_(YxjXM19zrg{ZZ>#rVNiE`&FTbqwGGf}Cg}gJ`_@H+Iui z-ZJ-KdY${zd^WPZqLL=Jc1?DaVGmws6UKDfRVK7I(e~UzCCY-BRs{F zQH0XD#sp`AZf=3jX8ULinw3X`J=R5*3)q)iQ&j7YyCA=t#I!=DGHTumK*Q$X3PaQAhePwS4y@+IA#@bJ1?642s->u08ic! zlvn+bs7Fflt|}sl$Rq#l+rE#|PPFbCLK#yd2coPlinzL+8NR*4bv(&+6g0M2Mw))$ z#hiq$!5p+)KtAro#x^t%$0+06Xg{}fya~LWMHzbKvi`Jks`2ohG$L;!)9MPhs&~2z z7+Bt|iS-)arA7hPI5eo+^dnmZQ-^lOj_-p0$MCYiaN@q>E}P?S9vuQ?oX9TEAF!;U z22j{DOR86WGieQmU}@Ggt!x3^!_u-|c+eWZ4LzLD;YrWP;;f!ma95myNNWgL1jS#U z|IO3@pa?d@DrG69ydM61eiRegC;XbMPPLB@r!LXMH?Oyf--~f%;)5w34|wCGl1P*) zgxwa1cB;0bl6lE+5M7c^9E54nVXL#2*vSO4AE-Z*MUfURl3y79j0|Fg-FEJ=UjCF{ zFwRuOP^N^ujR4r>D#E;=c+*uK!BYlefrB8$yr_hZn?&Li653eB&Ed;=hAR}b$xX6S zru9hxodFreBzZ(kvjwvBf#v)$W<1;*qjzc!$V=_K!@0~q1G^oxf{9a5dc%DvXqBD6 z3I*$yWc&PWejr{-()TnUK3sr{>QhPPp?Q|eEXRGD?cNzF%}8Z?!1A_xM<>9i*GCo5F&W6l#W|QVGEa+zI~{?J-I%iZz#h^ya7n4vo6c8g(i*k z9{i7l2!&O@2}|FV1TViI>-xf9ko7tnqzzV&6wTO0(w3n0_Yo)=SRJ2kY3Jjs;I3fd zVvdT~nX1DXz~itAO92%Z6I!;44y-NX#*QmqDL zpla1CsXk!K%uR6HOo zh-=1RIPeO(WkH(2`J&}dpLNQGU0I$?T3C|Wll3LXz`?+GPrMIzLS)z4o3MXN|0a%h z`MZmc3K<0Bjhb$~+QGtJtK;SdxSRABCP#a4P23NLh+`a2x%;VDb27ZOI=imG8@MGn z5wniHfR=2BFQz;sbF}~4sMS?vZA&&7Fr!KtnD;ei_wg{2wVQra=?P}4v|*l{ zih>$+97&kYb%6wwl0^j?PxcfkY$!tg4jJeIPZN}M=K(UcYsj0xtH5HajMV$SkLeJD zJWNMN6^ov%ex$vj3&JW3sj8Z#tYb<=)K-}KF+4Qi*;~wjpPmvM=^mhWJ{)Of5J7dE zwRdfqA>w3V;h$XZf}o)b!SYyD38;D$AlUo4*(PwJE&U%BIyK5;15XomNBeLtr9ZtM zTPU|QBxFSvSOmw?$p<1DafqZgGs32^toH7{sTtd5As;ytS#FFDQZ{?zkM-5m#=u9Z z%Lu3fWiA5aI;8p_bp#8Aez_5h`{;tClKgxFO6A-;yau_PKEjpK7>fb4PovBv9DW;_ z4{T+bRuihK-3LsoJum=|EQxpALc3a#Mys!F0p7&}XSv;M=e7QDB!DeUIgSfcuz_XW z<8`%p7=K_SpjLOx$MSrybF(+W9Fgw0*QO|{Evu{aIUf0vFja-;#Ae0wjDqrxAP21o zAnl+R-gy9wSJYFnR>9X{i3dzB4tYs9%X>e0h^pG`; zd5D^GByIFlUIc+Vz(A%ZNB~emiFFTgnq#fQObulBN8?ASXaeHn?SP{P7Ob|4&uWFi zH?^U&4}1*?XDRLRznXHi(w-bv+lu^&vllk{v%1!{Y|=gIO?>Y(Z$pEp0wIAJXhOcN zTu8{%Ua5D+F-jr6v)oNCB*OsQ8juj-L?N7`Zt!kXQ-1;O!;Y0*@wlz}so1S&QCROO zGmBwrAAOJB(-W*-(l@W#*xt%%4FLT!P7nPP^*YO#cYPvs1|E~7id~Y>Ejg5+S8xwR z^YL#fI5?r<07@VCw6 zI~W7>dAKo3ZW;4Pe5+YEHZu3S`_qEG+M4XLf`kf8heqk(yb7*OV_B$B`k2H7CKUFj zs*?llbo#Xd83K4kwPW1%qGfz9bZUe88Esg${7Z_WrDg)hPb#Kj#aT~SWmw64H5@dC z>^uNFGgMAOWv7&3o*R*zB-vOIY|U014+c%kW9G@_DXJ9-n~<%F?to0l7DEfei&=N@ z%=uA;K_K2AmruTc31tnuzI5@-s+(&PSD#-c$a#$fY6u~P{>`)!O#zsOsuD2## zToSVu)U$E{auN)2FU11)$$c>Uy-k{^{hss(3A8nL@ViQ|(i91zrmuZpU#wBliGTsO zQ~b(HHGUcEqevUHq<2C*uh{c9s%dT+7vmM*sRmDbd8nb!n`L7sYCUXuWd&M^EAihc zJ$IZ^CsN_j>+S%*?T$Tmy{iCq4$=5H!EiL)PVbS*Z%Y{;#sQNgq`m{l9S854>u!Z- zOgt-gT}-!$uvh1e68u60vRICK;j5gUSj2vcsxxoqrh1UJ(kL|VPzt)?HmUcvi$?|8 z3G%YhKE^|h#;A_Xp+-Z7N&0OJ)RfBx4U#x^D9KWqbuhXotQve_5ihn5Ev)C0zI_@L z^y66Dot678<_lWCBy)7-*DZ~oGfetZeeskdUZ*}VZUHCJ875b`dhD;jmt=Kxkjl#0 z6%U_?e=}6CL!E6(dd0DypuPn`swA2b0bptkoNwhDhVAkFK0V3_lap`o{MFskNSo{l67ftb}*aufGc z8=f&*VJ{(zNyN>&;S)(LyemKBX62s;L-Z+us&gzPqMFzFP-)J;L)C+BFw8lFE`gS+ zPa>9ulT1h68NP-5$99tb_iW^NnUjKuBb&Oj`?TTl5WXU+GSX4NxwQJG4xhzVqp`9L z*EQ0|BBy>I6z@_*(2)Nws{!#A$x}w2ezoeCkvJy3&~C9z35L7DdAfK7ce=s+%BYYe z8w&f(OxjUTCnPB3oXADVDhqs!Sw3^lWFCEUAWW2goQsm$qL%G8-XK-0hKEM_4BF3x z;-+;Y(3yyR4yGuK!`)3u3~nCXT_F2e8NE}&_$XQpM>yx_E3iZh%T zld+{(xS|5+n1BYpt(InJJZ+K+71Bjlp%}okZslXe`LjE5$U@9#%Z_KZgaP^QfL)1y zS18FViH(^JY2pd*L=tuqFB4FW9nPmZs4V6OJ%eI~OdYU`W;pog-)U@&S)7%zF*;j3 z`m+&F4L#X9C^{-(&OKR)X(cSQ4^PU}iq;wmmm8RhOsRUR^Ovn_=3dHplXDYudTs?9 zbG}wygke|3>MNYx48j1F3^m5WN?@l0(PwmVy?yrFv=ckoMf1uX#+BIaeDBTh7T{@Z z+eA<_Sj8xjU#!!XK_UR?frZ{C9FAlh1*k5!x=nz$LLAY3csLp&5N<39%5ZufwATZf zSol-a|9ZewPVr)OR-Ogtkbx8?zR%IR}996QWJTWOCr?`2Zyu>mMpD%6AwzjMFfv9lUEM;*#hgobSATVud z2n9*COSga;(0jU+CzSOftegFYk1%@r#+G8^C`U4*+0LA0*;)hw2Rq*(;PB_`5C>4v z3lirCxJZYy-nwIS7VbvJWK&gbUZZSUmE?l}2~tnAf=-~E(B=o7B=-4&0I4RJFIw2y zW!*6;rG%}<2XihvJut17gWi;9AOy_$r8;5D4c7ux$QZ+{PR6n%4}6SRhpKr`@w5m8 z6Qj`LvfdKJ2k=`!4uJ*fNNe4Kk?sNhi)p*n@LoDGz7g$B?(UI@NX?S>NnEycR(4>X zQA4y3^KP!~JHYSM5y*PUZ&{|;z-#$ZsE+J3MXBMJRlss74vLpOVUmBXJvzeVPqL#U zV3B+^>PAsJI&7Oc*{;lv@+yhTDKRNmA;}*Q5x|kQC0U)R6BMrKsYa z@#>_EV~NZ>^lWSzv`9+TM%m2z1`JMjjBa7u5|&W+NtI*WU&+Qh2$lq%|~=S8xR03rAsr=VqNK3ZT#RH^pLw@TF;;_@Eg5p4?Q|x!3;I772s;FrP)3B z*BDVcwY&=cb!R#X)!+v8X_(9m^UdJ%y9Pe?7B>8nm7c(M3y2;wwsv_#Ytz3t?6oPC zpmIO#?vj%U=RQI5xkK;_6>D$t`O7F|W$PFihYY{z1$L*ZDWhn-7lBi>x6f{D5xcXw zb;6{%TZ&KW^67{=xuoXYjl@TZ>w;Sma6+>`z`mYqbkP50sqeB6I z@k)v4J!lr3Ugr2?8KR($By{>*;D@cGsnH=9`(#aovn}f`4Psz|Ek1fp0BE9H>QZE@ zKz#ksSRZ%WpvD-#J{}DO>}uYDlG=16G0>@Y)^l7*HiLjwVvl!UZ!vqMqjt*cfyR1V z%S_e`^sy;1y*z!OPGb{_4vr1b6jcUkImwUER>{3%HArDBiWg%TYUq5XHPZ+m9@@k%&V#}dfbR){O{?~=pHq*&tW6pbd+9lw4X!ssH z_xY@h<&x?GB61^;)2B#H=t}I5M-VP8z4o3krPA||QjY|g0wi;b?4YXh zWFbT(w07lBqSm}h!p|RHdkBtjJCa<_WU_Zr-64cene<39*CKJVqdJ%sC6uj%l2our zZ^CHgD+7)C*i^5w(-T6S<{bof3OHS2 z*Z~w6n}bwI)tZz^IX@DOI|3KI-<)EFwGGBBNQ>|oS&LGKs)q!JZw1)NtPx_Py!Li* zTHCrrQ@NC?b!s-56%iaE0|(cAdjG8`M1l5^vz98-wM4KAg6nD2sls%{b_EQCXt0>U z>n+?cUKKW=hfzwAp~RcXN;#Q69)w0hnKHC6L0WWh1iK_BTkA6Ni?IzTAmt(HX? z^ps5s3h|`qnC0{mQxPU6s1%bY=f-OABzv9FYql=Jla*A-npU@H30kr!PpTQ%hy`IO z&3LD~cXVK`pU}lY|Io&TzB^218H&OT(igl=a2{|_>sDEClTYTz)rHo?O!xjGs;Ugn2nenk%_7)x$6Wx_ zU_&`F{C{QL9$WYuyobVtE^Q-;7mfS#o%?i(In|g6SDcIFAMnPqPY#hl+;lx1esrph z1vva<%f1^#7bI1sPm|rO#M=asca2+%p!lv6mkvi5mZ_mWn)fg*Z2%np*dX*E#sK|6Gz2pcSE7oK%`#;e!31pz^klLr?n=f5 ze(Ayz(kz2Razk@y!Q>FoovTEHZdI>J*qUlT>yGFt64N1Vb}P%4HS26-6SzX6Ss?Bc zfRwoWSJ|__(N?-#5Io{C8YE{xfP5kIrKO@gWXn{d?VaYmdp{n%{>3{t?rq(@6G^fF zvR1Y2tBm)1P;$bq0w(0)Xez@>>Zs+f+$PVNVkHKZpYvQ7bGBl% z65BnI5Ibs5O{P)(9y={c|5dJTjeROI9fL7b&`^nok=bQ$znh}_8iXBO~@ zMbbyDBMMLHj{=t>&%n|PR0U{T8D99|Sphba=u&?VX6BqMe{GH;Bxb@{O=f$Sge+h3 zUsBzM^E6L!8!6)XraXSJ7v35lL{t0-rnb~Y1$1#BTPxe7|z7J&z#(eWa)$U@QAv~vNJ$i}o-SQ6AytvT7Ce{nN?Ml6=m%`9iplkxJX^xVB9egoj}!C+hb3VGvLQf;7hb999H zbeTXa_3b#2!O}pofx-zvA($m(JWD-UH)yI|Dlm?VW1PXNAnaB7mC{0V1_x$J$A)QK z+1kM|tE*{@ZDKokIwpmai41n{G*`JoO&}5iMaX+JR&9~HFyKzMI;g`MqtdLy3ML_r zG&(y>4+7oaKHjsdlBd|S2Qt=0ny)DW)|B1C)*5>P>m3Ye&@>#o70bk5#j0XB8qXAs-5KUVL zDQGaYHB~gv;cXi7aIu|MJXIq&m3(rbfmAbLelhbpGj4r1JuI1_2$y3*SV=2N)tCWb zEGv=dFSh9%4ddd24r1y3)=_^NH6#luojUpj`w6RaO1Xw`#kK`u6E14h2eSHIT|gkb z2mS7k9*w4Cedb#(M7Kv6*mgMT_u68yQ+BJd$=|+_B+b&WhtayhX-!OPMtmB7HnfLW zC}b7lfGRnyF?WiwtF%|`>oA&-C7R_|Ahd4k%BhS>mKxm)-{_G!YfR;z`&awIvbHOKAB?3@iFMc zu|GztB>}}90jv_-$XIl5qv}gudq6>DXd51x1!v1%!{+A(1F7yityioV?*RDGW)3^K zbOHP?H%D5C$O75o7Bu?Dl26|UbT(WN0>b97b9WzR7d=)+O_Z|YE??yb9A~Ed=m>Vk zz}2O-B&Vlrq0`$p9X)ZWuCJc!40w_h)q~Lf$0?}6Mu>` ziJQXGgX_ErrxHcnKpO1b%|av{x_l;_91;NJ4RSt_sSaWy?6LGE?Gz0YobMzf_6%pB zqN8KWv#frFVUJNt#sGm0uK?^|B6m|o+7icF9$ci1)F)_Ufx zt&+i-YnUuA`DyF{CePYI%bcW!)&<07_5|353UvNA@Jk8R$U1TU|8#ksDU8t|YDpHr z9Ulp%z1*tty+Yo13_-@AV$9B#O#-K#xH`46>+-Z>Yy7rwm~7XTt7dDt+=zt`X$RDN z;RPLirKnh3l)?2o5vRY3oM^Z*SC$}s{^oQ*LCqYu0Q$xIQur}gP=7)KHqYfrmGGO@ z$|_)WDmrYROJ$%Xuj>5u#D{TXYpJ*dp`~?H%Kn~lx@yJ%@jy^CLB*Gdy%H=JOU;tG zA)E6|iH=#(IQ%csfShpP!&@CZ!!GMnQ)mc4D(Z~#qC>81F<4dBGGN2vM2Qh*tuQu3 zX~6nz0r4KHIj_m!mHVhL#1NywAxfc)qg>I1s=$aQ@}{z9PnAQH<{HUf1;n&rsb?rp z=>J)~pNWU9yR1-DR}_878ev4QZ{2Phjt%}0NS}UGjo{(t(IF5)=_TKG*kDL+=OIFF zku@Dc$nH%TxtV-Sv=ru{0#Msz#$|NoKjj`CoDn1 zoTDvq9aZ(@Zrn{RDxIx$d^2Q!Gf`FdW3+#Nq&r8d%811hwuU?L%eg;LqX)7)*Y3;bkB8>?$2 z+7`jqvY(8lN3L_75)FSrL4l%4_Wa=q{hp$fS669YB1;U5Daf( zOru!)EkXN9JT+$sBwRG%F^>|t6dg#LH^R0l-x@q7WMq%`9~{DinMxZ*!MX>u)eNLo zIM-5TMNDp=+OY-9VmV&}+3~s$vnq)=Y%Z{^cInr^VleEe4)$D}I(xaZ^NXa%M+fK{ z?O)=I3s|p}dTq3x;Q|E9279m$V7WsrIviwXtqoX92Yy~rCf4Vjl;zncWsI31wkEY~ zzyx>GksYM*zM6w+DX1|Xqtn2rirKN!-KF%*Fxv;?)}e{4LmlnxC?tOEip`QrzNlOb z0JSL>6V;U-F0kC60!$!TH_FMj(Ad_STt}BUJV)2hS3^%HA$nA==K5Ml&b0B$N~UQ`G)VN7TRGcI*V)!%C*FXeY1vJBigf8);4CZm}yN zcVtZpKU81Yj9}4jS6Ui@=kH44nV zP8Q3ZNft8e9LGL;ASDAUkG;xP!@2Sl+bWbrDp>`aHQFKFgj-Z`LUYC2Xg_UJvN^8kviDo%O zEZ-CuL_1&5S_vIZg$$S*oXX4(3^XN?4)n7Y#4hie*B~8qZY4lsTM|PeElJ0&`jz3K z$4+_{PAB3>Sh!w<3YvA+5yBfQ^|dOIB)6O9W%Tpe2U08XhyZZmJTFcqJgeq&-U3eG zE;DVYaf?Kn)CbiE+=wmUb!wL`5?Belh?4-{ge17`w$-Z>Xr+-O)6*pnV79uk!3G{P zk4i{1Cz)0>A3y^{ks1(Gb)VfO&OoEcTE2XEcgh}iNZYJ^OZr-I^d;{P@!{*;lRz_4%OfB50?4iwmSatdgn z|B)qd2qz}ZG0iHuWU3L=8{2Ojqf3Jfnyoe}whk~6DrWZ)o^z~@e~gw5Yt9$-#5&HY z#92x*R?DwzepPj+RZnwbjWV*7(Hf}V^JqV@QL7Ha5yxW7EJ85iz`#%U?GcDHfOg3U zH%V+&Fzu;!FvsUkz&zLuhE**N1(KSURdIpg_8D+EWO)+X=S5vO;D+cY5h$m!M|1tQ z9DeV8Qc0ieDRMEGUS5U6YxR`mLyE#FPK>AKp|1MJ91Q-GQG0VUdH_Q8Az-=muqQ}+ z_ncSlc&1!lIPhV+9l2XcdNjOc_`H)#)qL#{PJ>Wmkc2;*|;gQ%IFa<9V zzZ=99J{0#N1g%^McuQq(oF?@#m+>%3PYrlGT`d@gsbV+l{&X;sw1%uz9igtm2+{F$ zuP?=s0w?y7JCO#|XyIL`37vXVVT~Fa!koR|8&B9RCDhs2Dsq!qq~?VmrYA<@XrKm` zX&!aacF5w5V;x9j!&WbGu5st-Fi~j@MiNo1b2Bg5_kgKqI4KN?V0A{t0Nm>C!=5Eg z3YzFbHJ{*F=Q^_zq0^;f$B5STCMc#K%Cu<1vH!ZQi6JsDE>GE$f;bQZT1nlwMqqUW8T)P!BipIB=;HQf5ORad@>0oWkx@7aBVTANwNMJqZJzH($#nMB3BudktD zc?09m$0~c|@cIL16d^?l0AmsBYZbvQu*;}nXiZ-4k6Ke9d=;Y+I2A!5v3oUl?Z3?H zL}H?Ma9`{oZzTF7zI;W+q_&^H`nq#q$(K_Rz-Kf<4_4DVZEzg#PZGH}1hndlQrbCWL`0 zzzD>J2t&Aet1^CgzDCVe!l__(1Hml1=@87831qPtWy?nnVJo|+Y3+CE&5Bk^k0ij8qsMgcYbHN!PdAYS^xf-|lJME~G&_eo=_rNe z-=d}1sXBs4Z)_3wKAX_4q;`!x)Ul6}CbQ`WRf?HLtn?nwa^~&I!Jii-Fr(W}@wfn| zFa|*qKZPfmO$R8t8lvfjQ4rc1lC*3;=+e29 z4?MPrT5BJ3D{XwLo<(Ko2alx_5;{Hl( zA?3WlXz!0l4=A>pnG7IvLok|ZMqaCxj|LL*N#2_y z_9l=j2ETavNelTwOKtx34yks*jcImrWQH}!@$>i{}<9O|i;D1}n4+=L%|nhsVf zW0FkYbBn!AN}-|o9)q>W(DE6Yn@FYrp^)qHO9V`U0vQD1VcLBOJ;`iI$j`c3;W($ zIP7)X=)D33l`BHgd!A511|%>gBQP4Ns^}{2QNGbn%Ak$BoMT|TD41ugvJz*T#ZHby zSZbOJ`4zd%+k5Emw3~WjYa*_ej-a1;rh?9}dz4i8R&|cNCn|AjMSkd-xMhP6g)ZEz zTQCD#WF8U;*qBaXMwKJN6XR1k$17Rps3mnE)3ptSg(tpjC|(xvWIY=SuE`?5GcfE8 zWv_v?mS~B;@27{Yz}h;1>DXY*30cKK3r=*118}vz{?t!O@M2# zn;k$S-|u3=Ib{Y5xH0akzwh{6pf2Hd7ghu}Q|MQIDTDJ(YXT%8vXW`X)88|6HD~3` zie`#z&qcv2Tb9IdX~!WGi{s(#?(kqLGu_YX`PX!^l`J2~L;zM|t_}%XV5Jat8Cff< zLqhdMQu`_%#@Tpcanns++Cv_u^s6oVBv`g!8n-BWArEup1LAN|vsNO)14cysB?(Cj zN_dOx8Q2royAe@inuRvPCN}1b69i`zaUpumwV_cC+0C zcD5T~bmd_S(^(ja)5bBadLyrcz*0;b=Bi zyz)p0hfY5zdU>aXdRAVC?!@b(F?(SAj9}scJP|vw-GWev#lnA3HdD#+ z8&}DPC!tUCN_2P+PhF?*2vznW?8Zc2`iO;sp|7-R8V|?aJ#bx^!*1)c8OYRs{zU`m z=@@1!`U5ZJ%K1-idnIdcd<)^P$Pdw&;1W+4fzG89QA4xf1>|z0M|mED$$@#USa~;b z?mC}XPwazv?}0%*LxrWY^4l_Q=TPSqVw(e{sdHYz=Eo|M!`fmP5w*Hfn>aPB2m^)Q zZnwXGPe@v_lfLbY?-QeKUJY$F*fs3`6%6OPG52_rcx-i9?=FTE=l40{JvljMD-VzV zSX%qUQ)JbMMQgmGrt-%LisD+#VGLo|_RF#BfTD2CyVzKfF`k}`)#h|Dr7LZ9yt?eN zyT=e`a76wzj4!tidIe{9ZA@pENdO{#Gc=k-ZpuC^03|JOHIE96vQKmkfKsb%QHELz zOZ;9QnBpo6)TIlC@z-l^Z7D-&{hs-^oiZ8Wne*r;r23qt-xD()0 z?+5vIyyssBrq@S-cDEC;b?a!q5{F>Z=QDs=L|lY`sBD9mjE-Fqp|uUvTa1a2DU}~? z-9lu9Sv5^V4Y-4$vJ06JTwx3qi_2imv@70c{kY9lEF#-J6 zMkD2r(V5mo2~eiN8vE@*n$8#m5{z~~L;s*|el}>!f2{II13MfJfi$qe%K!~vyg9TE zVlb1Iygv%Umg4jXs@pkZXxY+(m$e0gR;KL1JTZig?zfWJA_#N>BNe%>G_<^O$CXkgpV2Zpif8+iDT59R-UP6- z8~JXFX7x~`L0B0&D5V1H6m_f%j^!pDZ@{tQ(H}l?tm{g>R|dqy4ode!voC3D@onUJ z<0IWzVo;?6ViFud`l7YK8ALMfjeEzvR$s(c;3bVd>kV!Pt%n}J*$ktQS_nU2p&Vq3 zFa1_V7~5kUh*w@moIV;qVre?tnp{7KCl$Si*wiW}2QB1B-phI%^Vg3?O^E(?|VoM`4!)Fp}H0swPg2 zh&5}e0stivCjhoXHbuMRuW`qBr`>moreTP4Ap=)uPA0p7AsM92K}1OOA`T*Vly&WtCDLS4JU$sT)^iqU0Aw$`Lb?=ysq8u zt0Em0a6&Q3T0I9Dk_~NH&NmAXSlHat)InG&a0+~Hc165dVm~RCgV>Wz8v3;JDyftZ z4_DyEE^9aI;%nW(;q(!_I9Me(bR;#C^Twsff8peVHf?ggj7y%w_KBBFgoepG*(J$# z)zDDSeBQu9#iTrT)_ShRWtja2mCQb%DlJdZGrGL%aagvGAxKzHWS6@S1Sg9fnnsqz zR1JbD49$OmqL|5l1prihy6mx+C(U%j+Gbe*LU=J&HlYMbz_7+-ngkz^Smf%n!w}Dm z_e+N3stcX3TnVPc#peP)aR0l&JMQv%f@+2@63*Rl*wVW$Fq3{gNKOJRsB@)QL15XONYFJ5C%#UNmlliCAy?ZCvEqiEFtSe$EH8l7ltdJ|YWMyH79nh2c@Zk1!piot}4RV6I@`%S?VW-ir`;_x3Tk7A&UVTB2C^ zK2Rvv`$n~7Z-=QCIN%XVlDkk&kD|$8t8EmNts1V;m}!|P5SeWLTw;X)lLm{~$XQi? z$=pj9h^bxu48RBlw{Thkbsx3w<1f)3IIp{t&nSJzDJ{P(@$>=M#!72)8~q-rV)F^k z3+GAj8zi(4K7((%-P6A3)6>#+yt%HAXG;R! zlsX=Pbr$?Fw`GB{B?XoOn@d1~_bIy(LJNjEFKvjdaDm3Uv;$B-(#V3%l|dXyeD}v) zzz2qIcD_o17;3{c;FDOLW4QkPnKlNls>4BmGGtL&Ko?3axhkcAMvS?Itm5)fdGRnW zUY)CkC~$H6>a)}>zUjj9iv4ONwMZ#I35jjzDvX~?qVKE7h|xuQ0k&HFYnG3g%qBf{QQkBN!fGa z57$Ece`U#{>M?dWe_fgC%p?voPxxVhn?%RF!tv{?B!Y}Rq`b{ClA2ETWj0l^eu-I` zZxlRX(fmsQ8i`4!fn;H|paUHG5F_ViiyG9hZZg3*p?4E>bJfh$hONZ$!-25d2bG7S zv(4xZ3ePZtM*oSL5x{;~oYg2V_w4l&l1k&UUp5gKb4r{kXZa+>K0LBK=0;f8oyd5D zS8|VFIy=DuCUg`CC>66ukv~qoQy>wrZ_`m9>={Wgp|RYX07UI|w!pyo(9Tq^HHp}0 zcypF$(G(Y{U?5|gCQE=TB*LVu-M9WYKzGc!V^@MxxHs4&uhGr}y~v14hj!-fiE z2pcMB_kxg7+>qg3Zh(ut<4%>L9AXR zrc;!Uaw}_p!6;I@FTy@q=Z=b!E>0B-#Fgza1guD>mJx3Si{52zGC~z6w=@%LLN?M zf(9Kxc(KkQ(VZykDM(SHT#0q9rv3zP8C0O#Nu(^9)rAvn^=1KXTiJMGCxg}#+nwND zx}sii&dGJOni-@v_v|=kq`?-Lk>E`!jR=Qkn7m5aHFtJ;z{tC5P>TGM^pcw)R=WK; z`=&2vGnmZ{6N`}rJ}#z%>rCnuDqQr^y>&E{ZVoIvqCgofqLBIW7D*qu0*Zp>X1hgN-fW1jaaXhER!s~$W0klP9*psq! z47GY8lJ|uZ)Ege4U7Y}2f8w(GS1!mpm0i>_Vx6inaoT834+hC5q~{FE3;2s`siU)` zwiqP%WKmh~cY4Q4V_(6&@+MlbNQGxDbVq&b#B&D)#~y^n%H%$l9h2%us6{dPMLeFf zkCiedIL31&U|BVhfa#Z&0RYsuYJ-L-k0$8y*wBG5*iV?c%{ekzpK}LK zwvGR>b^=}(`$}+D?A(Sc`<#^`9?U#YR&ZgPQdP-@9Gi-v@*})JPNlFyR3#g{Tt+)$ z#rjGRlu<9T_wc-uN4;qs$l_O;6|cBnqj13}Tw?L(>hQ58Ah2jDNik+drIa_0{jh*a zzDNWYS)47Y-x5nLFH(qqqsS2_&`Sj7`2hBqS^7isTPatt92E>zw(?nv2cW~)6#qI2 ze^A`orHUAVCvr=8Nl$K4(0MhNOsalWUc7|idZ#-8Lp*B?>G{(Bvju}Cn9)8!R|S6b zHM33B?dEDs{ziu{MlgYz6PRP706!u)~ zqU`Y9L;)a5-8&BhA{<;G`yweRuH#MOKJJqbTNC~=;rE8rmKFj?9sAjuc0O{vze#;+ z7b8$Q2KN{JU5EXn2?ig);ZwAcCdT9xBc|jJP(dvo4YIG=Yb4}*+zj0FYz(gx$pIW9kDS89@1wR%n@GLwot81mn$2^+#hRt=cqxlvtAV=;H+*r*W;C6;sT+G2tSaJ(a zc+7A|@=1BS`B0=19oGa)u*)d7QRq7$@Gsw3bxmu# ztaeeiBHyjbbKs%<$^u4)*F(S}>w6}+$jY}F(EUVfd!NFnM?l^+P?Bt`x&7jcP*SN{ zDG@w}iCIc{0LK%JDU(1F+S4~l;450!Tk87mABPHMH^tTm`kr;@xy+nD?d+?t`Dq42 z#SNsh5fYj^LSzL^AY8Yo6(dp>{bJnF9cTL4akgfs2ClMD4SVv%VUK?_F%kW+y9*D9 zN%4Ss%xW^{da?Z1Ad%v738O(sC&Hm~R@_hwsSn{1008iBtRy%COg%tY%_gGKXbQ(*q#N8+i%C$H9U9T|SDPqO1p%}VT(@I}a)3al0-CSau z)m-F9Zqj{5bx?02tj(29Dy|@{#v;zDwQ!v|157{lidHQY!Lgeb8Rf*ON{Ws>OE#P> zZ(A&PF@^qmYtqwBmefNR#*_9683IKpA1OLIKv@;g?17BAk?^Qi*xB_gQ5~LD=mqh= zCgfv$!#4aMqLDe33m|((TP!&pm9j!y7;Q<_Bb&^Pl*5sb27;CcLD8T!ep}}%l@|hP z;uh*q4usYQPFD9J;u3f8{CcPj(>*N5nLUO0;xLB!pMR~OQrU(8Ax%1?x7R4QutTYS znoDo_ZFV4yARN#PP(~od3r$iD84qxMDD8UT?_dYTrf?bi`A}_7UN`6_c)|~lGIk{^> zT#*VLo$iF-S^bPbD^wAfw0%rI3NUvqz|=@`L>MsczU>a1J|nPc#vtlzbx;ArtQuJM z(3FX8UY?_PJ>)npV;r^q6c z>oq0+m_XKOT)qq+tJgN0Qz^Zvd?j?R(7Vw#wQ7+hu(01(I-{e#emAEWM>Icx_3lA{ zNLrfcuNt#swo{N7rG1n$6I=D=1_?EGMaXt><9_!?k49)alDO-{Z8usVH)~E&BG~pd zLY&r(3rvt1sB^}GiJ~sa3f*8`&6dG>1xFS)3|%>LqAeFm1i_tqERY~wcw?>8 z+c%ZO(yFhvg9ty=r|E~JL7-Z23Z+1AT1CTLtW*N9Wh{e{`hgU$Twt2=x5Fna$&~Ph zOnc@K6~t3QNX@mYaRMsy`X1*UGslQ{Jmud?PH+yrLrh{6{uE~v7i2+})u9U;{kT-% z)Qm5@jv39*>TNcbFR3Wi>hs`a-(~upC6F{s?301xK_+HMm*-@xwfmT#s0z<|))+eQ=w^M6w-L9iETt0$(cJJxb4KB?4{EMR(7cXEH! z?<}ab#T*P6t3jc;RV@NRt5w=vpi7lp7B1WRoJv>jxIo|e29i7qi>b(x8C5h`Al00b;Q3C( zGAd+Kn1=E0&{1>AG9n}6f)LcRSZjiBL2pxLYF0-bm)$C6UzWpeYTq72pXVq%{iwMs3(dN3LQ^7Wj+GQNR{1w1oQo4iGIM z5atP!$+Uto>~RIQ*lX${ZxvHVG^q+b zu`7}+>#&hR%%pR{m0~mc-sXEY_ry`6-~Hn^x?|}naHgWD2s0M~RPIz#LhF1;S1FBy z!s>1#7nw6x;Ks&r`~dUxDANU5vN(jvg^PDRdSCE|L1-}KcOLy{geTKDl!4j#4ag9{ zFd3nXlp%1m@$`bvp{onwiAMSGVDA3yWj3dn+=iCSD{BE?IB13-tAZNVk|jX!1susPMvOMT7OJZOT=RypXuTwR0yQ*|D-xl7m2$54@q zE_qtK1G3(mTn8(eb?D}g^_O{kZ3`l(UKy}X5}l8XTTjTlmtX=DxABeRk?k18j3Gc*%#}>o=eoa-1{hSr`Hht>9ewZUu-}bn0ZZGm zVnCQwdYL>zatDkl5a~7#-RtAgK&tMormp{% z)IeqRWyva{T)PBPA5;e2>>f_6+khEmP zT(bOBsvZ@7DF~md2uvc#)&-(7XE{oYBdK<84om^37w@`^3vpkg2bi1afR(ICXx?M+ z4T%yDgU(l{cYsE{#*%7*vLP9g_PZJg(<`5V!;&r1w%;H=uK3;TAyujswThIq7F2C}-2J|1K^@o;8( zfpb9AwazZFbwzCY+S8^D_9&0~$K4%Ew`e=cMFoeA0d}_z+f%9nl~bZ(N6gZ7FUSB? z6_grI7dI?XO@kGaPF8Ql@T0dx!i6HWK(KlGS%hYJdX&vbv<|}WJVDIvo{NgG=w^-? z`l6-V-dZ9T7lrhqHAbP&oIMJC=uA?MdpG;c*fdJnGfcpc;DL>@PUx%I^Qd__*-Nv` zGt*mVV<-`)X$&m^x~!Tz)ZwVYRt%^wn&cF5LAxO>e~AnEWjM=%OxSlYhcJ;v1E zklPZ#tp`7x$&;8N*_ZZ^O>5XmysC zGYI=zm3GKH5T4$7ESi%wPZX3lI4$C@6y+MzZOI}D#OMbgxQh0N$Rh|J<^)E^E%HqF z%3zO{Uv2L1V~TUQklwPax!K1vFG*%;sm`CL69AxS1}>dZ+Am1z<;z~%m*6Zgnq}?C zYP$=H95efYJc25XCp0H>Z{z9U=_b0L**` zO?Y&|RXTEcbhBm+Bi>z+%}C}glGoXr4#BI#dGB>J-hZR}h~>CFOBa*qAP#Fl;kAe> zi3Os77FP0G>~g9Yto{jd{Y2v0Ly8(r7-96Q~x2M;J*MKly7~?B=b1fb#HvyP(4@ zP!BP;ih{Cy)6M3y$qzf%hao%dA~dwgW0Ipl%NMUI0WWEDXWAxf9&^o|`2w*4R~X0a zUB*c98=BL@W|lWSSkn{?F#|6m1R{75BHaWNT?v<@E#5rVtH2u4r5d<>a4R0k7 z7qHanc=Tx2E?*^}Kom>YdH&RChIR_#p9${5-i>D;!gWRg`DiS~_7SHOL^R}0sLUC`z)HvXSG<_7yndRymLQXY-PyffoPrg7Sz>ojz)mBRrjw47gUe>l zmc|s0*;}3FhN&M_1(uEpmpqPRdhXWw#5P%;|1MQmZ*p=_RJ{7}X!;|zAAh5M}ueowOS zU;v-MzZkF_<9heN7B|i>zVlL}a|J!0&@^sAldVYAo^9H2fN~IbNMp+5?m;wZfih1E zF(jH>_B|+NfrjofIvT!R1zn*r8sSr~9^qu8j>ah6)4_9G82Z63DD%p6%+U@g=|pfU zDmoJGTj^N>>$M57JRRvR{)ut1xXR6GhJ|+%<+_D$mDE_NjutVg9?3Rp&JQlQf)FD_ zWRr4|Y&= zt@kghb~Y-tfY$e}*_t1Z-}d@ZuMbi<)H{p?|D!KXMHc(wrzEs~{V2{H9M4m_k?`F~ z;(subJe3Li&2ARvPBE32ozvn_mgB1HO~5CCI+b2sNkSfvBDKxN@ zfppNGP{M*9+hKqD7PD{QhM5p4pA}c}qMjMGc~#UQ3`st(hCCCQ?OmnmVMP zWuY@_gQW*eR_=C<0AEaeWKU_U$^|}VJh)#fjF$78LMt@eH;qSaVYn%}le+D-wM|$E zna0L>cR=)RGmbzS7kI+SjEe1UdBgNg@tK{gDp@~@u{uqkXAN!HH z2dLr{{58z>O1v|_nsm7jXr$c;70jTslHxqoD^=EW%&?r{ICj^>U0s=Yp|OD2YMpX* zBvUVNk6Kr~(eUSxV(lRsY*Eo6T)0~n-%G|!PO>bMfUkHDnE8?n3(esr#DbYZsZ7k1 zEFR5#oGLEOd@hxx)2|F&j@i@D<>h^Ta4yH`(sns?mI}q(>1v3;U=Iqow*a2YaN@}O z5{`hWDW;gXyGZz?V}4a1W+iC0AJVs&c=nfb#4lzw4?upK?;Q0I*xhN};YmFf2i2R^ zhv!eInk>p;3pX9{?zoEp2gBzq?3l{6q<&mu5=?oXPTrrSB?@RZ(S(0~FqEmD5y!c* z1xa(eLq8Z?pN@h7bG71Lq&0spEaQ@2gN-3;Nb(;HLCMBs_|bl)vic@%Eq!3?FFN6_ zbU7vzr<<;Pl5&8Wi^^0Dk-S5!HdXX zYF7HtY%%r(o_qKRxJq+vSgClH*O zGHv&L+9DzGf9KzNn|UYf_D7i5Hz<_Bp@S@ z!nDRfOX23Vh6h~?{OGoYBe%TSa`UcGyR;j1Mqb}-+C?pY@wsiHQSw%S397XHi3x|QfV7TJt6tvh)__ehU1}I(!bA?8rlD@)1U4y0PFmEV< zhWU<5uM^?bPp*CjFJa0chhQ(C9JTMmgNgRWn2|8~j52TdD5y~%0tDFl90OiDF9I2G z>o7D|z>8wd$O+3GSyFb?>Z^KyvL(Tc9Otr;)nDAgdt>JO`OI;$bj1(vFVQ@l(ab`y`guB%KP7pi}ysk>|ReJq6qG)ViYZtjqi#EKnN9C@|+c;@xs%WUD;;SjSt!yqHt)-7`X)=1xG_$ z{-G zj@z(gfVDw71AHlXXb45tWzl0|fKV|!Xg}N8?Iro}PcJko$D$;Ve5G^j6@VoztUbEE z2W_g}Eg{vuA*50bQY)t5KsOU4c;}#u4e&Vhkcst@uOdDeI%CTQMSZ)ZwMJrP=>>c% z;y15~_!dv}%YQwbs2CQY&8ZYV_}rjO#~yFr6U8r^nGJjvp#p%5~EDJq%LJu@m4^}&p_5cVp+9u&-=^){)ArqS`J zhj7*l8I$;veQZUqZFCu~p{ewYo-0g`&(4D&444i~VVj{YS4q=s4#I`QcIq)jls-4CXBr6)8)pN=$VSrt_!m{M8oj?m{ zrPtj-owF1)kQ7{`JH3+XZMmQ3p$#l#lf5V#@7T%)o)$Y?L9e7TRJ0Jwr@0V#n~>Fn z9YA3B)*UQdW8)?`qk5Q}4zOZ-gugv%^3lCt6RW||jLW;ILhd0~&Y4&8Ee9qPWOc3a zS*FWi8O?kP%u-i4Kdohu$}H3#kJ83>DrhI3N`QPC2jFS*5PrA)k7J=3j-l?;`|;C&_dQ=x6bA(D`dlTL^RA6hA`S+tH*85KMuo1Yw z*oesG{yb)!Jk@p48m(+9GEbZ#@}#JNXCTfn3JxSGs$yA94~mdWV9M@0w&ZPXqliX3 zcCmtJnV0!z9t0G2LX9^QIP2)4_1bNi%i$|Pg(Mp+Or|sS!~9}LiwlLoWrq@lKD?+# z18T>Pv)C(|O|fJ_zlBWV$M6-acIEoVUeGcyzZ}1HYrlzACnAV)$wOenL-hKoZVs_h zSkwH5ui)LeZbBm9Ct95=N8juLru)9#JCp(I6UDP^OG$`M+P<9Gh8i==FJ0IJpQb{W zJf^9AH_AI0yu|`kNgiNM4N-lP+kpDZ-uh4s@${ zpxYzNt(3Mx+3I-J8XMg08`|e0gD?S2-a(Dbn*2lL3yQz6z zq!9+~Y{hoWP2k0*^P85qfuj-x%2Imi>@xLt>g=otY-hteh!~bD7;MCc)=odqkUKP17&!sEauLd06Z{>wiv#g8cvg_{DQjAHW2#?p{(a_r||%f^g3fWFwa=p zB52jXvBGPjrX}_5Y@4{Cz-3`y2}{&`qNW$se1>r*74tii8E7rr9FUCk^IQR|<~$fv zj&63Xz1L(t%(9Dk?KL@P5jc}XG>J1&AuPcGo2wv47`06;Op3SL9ZK=+L~H^< zH&1eU`cM9j($TzWI=J;)*?Jhe_?b_fX)+l@O$pc_GY7 z_SuWUGpypO$?L#dUDaFIpjC>}JH+o;>or7)#la9b%S1+t_+BcOedi586_;KIYyT0z z2Juw#y#(Fi*zfU%u6dBQbs6w7*+y+N@8M~XDIOl!(oNrW&-f)NrENVKn0}*hl3%c@ z*`wFdvWN9mk_WK>Vqt&M?Me-n_o4yZG^skzz#5bj(4>sD&Qvjm=bZ z|Cj>mlZBp*3FT`}feRm?0+QIQ%3ea}2Dino$EKU)W3xBqVgZSLp=YEb*LL14Xba19 z1mYRANNagH?r2sn`zlSleQx)XI>U9zJGExLa8s!FppDfX>@7$|mqr%vkSksb6D9NJJo_Cvz6vhpW*1JiKm^i)^`{Fj>0r=kN2q=IwnqcMR z4vi$*cj(5~dhc7_X3kw@l22$F=efe{5n6U`qg!S!>j(8^7Fu#FU9QVbi_U}+(0CYj z)Urs3SAOZBCPfz*RaqA>RhqX(>IDxa@h-kzj7$%cZ#s0NzjPfw;0jGB&%hxI5-PY5GVhf^%L}rP)8q`>!iVL8; zrCkhOGu^i6fezFjg9ULqAQxIbp4fxW&K7{N5589V}*$T$tI5swW z9BeZ$dpWrpjy6OT)etThjYYu2Q9KOhm|vZt6~`bdHLVy-Kl8<6R|^FKn!Nvise2PR z$+EIeG*v)gR1|q`fR=zQG);F!*4`Ek)m2e+R#$hGmBk_|VN_&fWmIKmWJg41RiU=1 zh%ADDK0#;14Us`dP#F|O98ghFKzy=@zzCy&D~#K3L?841-*(Tr=bjUHiO71R0$-hs z8#nGf%eVZ$ZPoxQ?AkPRLUReoAg^F+?1-4Hq87D^!7lxKh$ms|toE~NpE(OVx)fyJ zVCLFZzML0x#w;EfV`p$v*%;Lyfx+;sMvT;hj_m~8I^$1~-zai3dq=06)ip2GuE^NE zw=DwKVIv(T7nX3AVqoRHJn`-w!4I?*#8 zTz5cHszQ{9WT#O!mgdBG)7#pQrBjlk+c`c&<}yVkO^XmYm5Y(a_4p61SLqgx&Z)PHy;t_;bY?C< zaRtn6fn&x|i9#iln7N)$6pUQ~Yv0c|id|v>Xj4%_4iL+bdy>%LFSv7%D=WX{eC2r? zWY>d>vbUArg&kfS)@jfbBridC3&jf$=aCWknrOGhn3;L( zH0Zcl8tSA&p;u=y33v<~c8kYGoPy6Vd~u6>Av_oGo{;^s!%(U-K!PD58SRl4vcqW7 zK-L$^6@lXh*wC&1gRJtXcz}qG7^p zl$!__;zp~7mzEdvp^3acnhU?LS;@J+UR_?ZvjL8Y9oIe&4H5Ac2d$@NghvU-&2cgh zk?~$_p4Ko2iTZWqdCNmYc!k6fy42d|>WX8?I6;sRUBR$|R4-&RTKR^q7ILPOowfr5 zfH(jUwTbDRH6Qa%O)FABT7(s`@PVoW9FakIpm)H#(sM0oj+Iu;YZ57h;zGU42256G zY1r!)7|~vz_<6eiYjVdkgw_cV&s)gbue)eOcu^%}4n!*Avy&zwC(>{^hjh7oIgTiR z(qO>8_hR!rh>K)gUuR7sc0LP(HIy z&dZpD&7VFKs;p0?nEdL0(4;^eJ%YySk5WKgqx zMKTW^up2r-#qiAjsuD1U1!@k3ze=sW0}ANk2u3@)VTM{(a#2=uV_~&BSVw~6RdDG@ z-cR19F{OO|(Fvrgo$GH&(yDZ#cnZaW$+oJiA0E^k5!ou62>0}EmSbj9jy0N!amwcy zJKVxyi{*rfP0~Y>=f9zyQOJ~xpBpDvie3lu^@+0>UemN{&vxqu&gxwq&FdMXISbG6 zw3K}6mrmv$stb5x$@I>SX)!4iFs{$cu0+P)6DS*|VwY3qsL+5GyQ#vm;!i5Z7Wd0b zO`R?(vIt6B=N(r^@?1=QdcW}+N>E(xAW(mGFcEg*przCUXH1?%yaWPJuR8iVPE(eH zFpr0vZplK%@t$=-4O8uOiFV?H%zWEfL)BruGA)?x0BFIZ?#h6pCa^6sPcS1J5NUN; zogaCP-Ey$Qb-Xu+Ud53GHl{k7igXm6LOc_T|7odp(zvf+c0tqt?^LYkXql4=tQQCT)=I_Md@(P6~zGwC!&L@44 zfIdkV;fI};GIMZ$^@ z0ou`_3SG~HYtWs{NJtOd`)#U+tARbVlG)_AgY1Kn#}|w9gYTrcnpUq7m7X_7#JkdJ z0WCZsQQ#;%<5GrXYsJAs1ia;p(sPJRI!jGJc5ydOH-e6UgG8%ZPYm z?w>3)2{H~5fn5Ec(aP?kVqU4UR?rqhw~w5Sq7E!KjGp%lpvJR=?RvW7)7{ZUY{aXXe6_a(Wu~qzc8r2)1PQe z6}c9{z*`4(%-Mp}0FOD~e1Zqep7Y_$Sm*#%P2<>sxD_FaZn*guHNEu7n*%D=eH{Ni zI|ReZx$n;r27pa`DF-)Rm;yRb0Fv7^3Iq6g3+$mYm_Bpn5zHf>u){|%i-;gUKunFo zm00{`o_o=a1HIf6=fq&?EKNt2@_Vh2|oC)78lK0IVMK}GGA zvL0d&?KU+>-9Vef$r^gQb~jhXNFGqYxArqEc8+ly-L-*K@HpGE)(jSLTu~IIoj$!R zD3rH&R;OYgU{&EQc~-zz6@;_NZXBH&`OjHOrAz4H9F;CqMJmjR3{m`pa8#=-LFu=o z?3Y$CWhWYm;o}r$+qu1qrepA}(YN#OQ=iLJW^ML*5(~y>*LuvxJ>*DrXUHuwtp>45spo|y?+si5N*}iX>%3Aa`p?}I}(A_ zVCkS{PYFXh>>ENk1$P%u62&PIFD7{_DJE`hrlhM&Yns7ko0^yIP>&Q*mCzjb0<`0P zpM#%J8;K%U=78^l1Z)nXI_d#RMM?x+x5Rz#X}%(BHm!Wf^<>~-@8Ed=@tlxm5OP+X ztq_sLR$8_SvSrBaw~I(uhC+a6#PPQf`3x5~D}75(SzT@89E^wqCFJCBPoFDzRMg}{ zL(emVGL!>{)tOMU1e&Yh=xD2;v33fI0Q>9|$XZ&>-#@HAi;T73z|NIdBCp$-2BRWqG3E9`xcMMnN;hIw?N5c(-3G};)0$cg(bU;TV ziFkp6#iR&!CH0f9CiT+_52K`?D$^iBzvt6z`KjEu8PeDB};If3!&70{f%g@;Gyzj3CQ9KM}S_$}- zXbE_p2>`tph$mSn@x1*Z+i*({!>cc%T+=hjj_uOXcahpWUh-A!4pR&%O zeE4x8@HLFl)&@2Fx5)k5A1PFa=kd-W*mxmhyrHoX@nCtDdBAA(iwR_|i~}4rwRB2V zzg$ij7;7}UmDGLcGDz0kqJ;I4tMe|_4nCF?0iEq)Rd#SE_0{{kRtslSbk63Q=0?WQQ zLU})MJ`Q>T;)MmH1MUd{?^~WyWw=Q_$Ev3tgqp?lctuvB{4$FCR8cLL;-t=*t8ALk zY_hf6cmscZh2KM|uZ|HqI6E0ZvwstXqg;AX2G;Ff=FUQ)i1q)BA^K|Da{^f# z75aGt)wL-y)9ubaA{!7yimn23r+IMYEC7Q|x$zdW$vH>B`Wj8JJ6nr>&m`;_iss@- zuJgkupFas#dO@+sbuP#=)Ud%FX#^Lc6L4SV?M=c~`zsXJ%5E7?K?vi;LuJPELgYOt zXJJ%t6d1A>`g7~8$HC!9`L%c&7OwuE{oYe4he(m1IXfM2$NGZB^L+K=rzmyh6}Ymp zRq_f^-S0NqDrm4tYePmmJhhFCnG9k?h#y&Z6oBmll;q|)=24skGYTzk17+TOmrwM! zCTpFGTvV>ZI()N(rvVq`ilhV)9T7By($6A6(-tfp?*BuC>Ky0fNsGdbQQM z^;RIwgPyLLn3Q-PiUQfUXfaC_cQyO0EYw@86@o!v|20gfb>4IHoW^XuM!V=j+W=6@ zFP+Ev!%3i;2?*ig;2L>()500jpCWFJ!{=c?0>NNPOuBGI+}*!&dLS88nAGMts0-}! zo-?<|QKi}*P?iN-gyO)|hpeKwAn|#x)$=NwQI@r+5m`|0CVQ-zb0qae&EcpVLNaB>EiXtYkYo4D0>=vqzrrBG1!Ko+g?0`J8uD3>mtjo-$9JG zuLoo^G@B=!3OkD*{H~6m-gs7GMF@&O#S&zOY_D>3siO6Dr%BL3*hw@6q5cS^iT$z^ zRl^t&P>a2tBOG05fjW2=R5k#tQK9Xtnd|wfUh!K8RaG*6LDPc z&7u|PdBI$?dv^n-+LqqlcmvZlt`n1XZnz@QcA_*nn9rXeg{~bCM>;EOS4cI_rJNt%Li`LMR@pQV$O1 zv(UQaJST%u7P6&#$9)JE6%gIE3zWAiWh2lM8+?g8OjB=BhYq@U{sFM*pqevR`L=W z1ZXJr-1B=pth(StQ*CEn>9qo<1v5BhS_`(9Ie!ZuWPXprC*}eX#o*9!aD2Ju_U!?+ zbw@oHxRiR6yEqTV1s3V6SMDgl_8i5)@1jyBu2hTLpaW_Uc_tj$|J&>ssiSrSdX(X> z&=;UCaDsWkl~Y%Q%0o>>ie!Iq!D0cPx0xgOiR3YB6g7D2$B?x-M30e06}&Nwp`Z_> zPcv%>8oEQdFZ8~U7Im3f&?K9~`bP+XVbz)EFe_SDl(>?dBhtIMo|$cBPqDXhKaukV z1&w8g>)7NozQPv}d510@5UbRXfo#?N6t;$FwZM#u#i-@1(5Pu^N{>U>c@?UEF%u?q zj_WSoAxm5+1yHnP%8?GdzU27bO}4>FJy}?6%8#P^b?N~<0JjV}yD;K!aSaJ;nW~|5 zxePaDgXUnMh|?iy=vHz+C@6nr)ZNM{(G*`@`qTCv+M7l+VNaW*bVA@N=`OQuQ3byf zST$hP4lkV{Z6R+P0rF*=m+(W+l0n&1D|!p_saS@j{;3JAm;Zqc7z>Czd^E49U2n-`9JMsXJ57)Oh zHYs-c+(2VVX>+va1V;l2)ltHYA63arH90#zzEpM?xa&f#q*{Ugov0LmYUygDz_e z9fWG0S#^T1Haj+#H^oiB{Rc5BEwISmP?e9@tNw|QoI9()I+bTaNkcs?a$PYR2<&Au zYkn~!AjE=N8^j_~X*Qo;uEO#3H!7CLB=J>}ZmsxRWhgl-)KtX($*Jb**o*Y^HYq&D zi1(u))edz&++J-ISJ@`~7T$TTN**Zn^*2mq7TRhN#)4ew;Wi|#V9s0-i*{^6TdZ84k=0*lL73V>L#tE>mA#Mu^NDAE2xx5C}K106;&v;(Dqe9UVvS!YofZeqY z7xSI*A`R53TryL^As^V0UbJxL7!PWb=}>S1eo7Q{l%)!1sE!Xt+1IE0MGT2VD=|i;+YubJ~M%9w1=&N_T`%mfD4T@nGQwYC&G!-M=~^V?8wqb^Wb$ znx*3(XEX6(s;l0E-;%(#I%ydz%by!Ne9(S1S)A;^8WxBvp_Y9u{tJxkQv1OXDo=y^ zXMsf8tWz+LeZ1|Lbnmj+E1MzG+ONqWMYJRJK7k75HGpI!nf{^{5ru3D2b+h(`UoeM zGKMW25|e;uFcz6thFdN403ff2#@Y6e1G$0vlyo)EP@wW--L#iuxNJp(+t%6(hykY5 zmwIbd4@T>KM1P2W2C2x-F_qW<bjCoekfS?;@N9l2}dkOsXPlFSGD-Ge2qCVzJ(|) za=oqf*SGp3j@{PdlVgrC9?A;>rjEdD>?`_xkMUCUHiaT0ZkyJPIjX011SUhzYmcBd zSk2`nuZhJ+NV_n#yJPo>$`;$5*%!!WXr5%t#ivLaP$S!6sT6?4P@#Ahts*6#F5SQ_ z?m&BdYb!|7z#;S|F=E*D+Pz2sV!?P5UbnbBftA%0TTIwB=W6Q{7q+W&O-DYGz3lsY zc2n=8s8?V0YZRQ|M6x;J>0s+A2IjUh+~{jAF&IS@0W6UYt>{ zCQu{&oHjS*I$0=`$I7h+E6%XBlN3HY1*x;02CY2yhIQH_zQiNwQ}Nz@z_CSt__I zuxga`vcN#1%Ikxf^zw^t@{>l{T00l=w6CMFV=Giobg;R#jc$jgsAF$uV!qV^!hcdL zI4~D9OosFnEP5>ukE;xbc-!{sG#hQqCMM&Cjf$F9*T zkjirnSIKnOz{2;qiH8N7I!87%bO5Xw3^#-{_a-gsi%rKYDELMk3M+U94s}_nd8oe} zXK2ULg^`HX?@7~`v#epkj*Sgb@X0P+=%D03y-lbeNB2gigcNedCL5iL8oA&+|bJ^={NbGAkZJ-+uf=e%C(yJ-o!yIv_gIcQJ)aM)ha54#Cv!E;bEhMJ zoz2qzp7_$n%s?osMsxA7*sR{N8`yq;>yn;PJrb0m1TH6*85+- zJ)HC@Z-u4N{Iol#D6;KB@`I~}V&S7b(x<2+lwY3b8O*^_Dot^FL!H!`ej5Ywj9`_v zz2;s5BZU2dHV{&hY!Fm;_Bl}BLsZ&QAg_R+)#F~Q%x9J+a3mHa0`Y-S7FEHMS-?(q_YH;I~h!_ zH8T0KWT*0`p>;ED4d}8E!fc{BJgx5Cuwcx*t(=9g^&%#G3|WaPaAve_ZDqAyD{3!r*b;1=XNage zlvV5%l*YETr*h%7!0m(b?tTz=YwsE&1%?~kBW|98fgYLp;912Q(M#60GF<79R9x_g z0BK5EZ+7|=;XvW%9%{otDdEOKm|pJP(v0tB)k+`(WJ1`*7B;E3cnZc$=}R z94E?|ZDhhJumsc;h+KblvN5!f_q0IBt9b20YK<%r^wHiqiwt#?8ueO8V$<`+Q7r>I zCtp;Xl413dR^EYwOUaqqX&q+2&T%RQx1@LngVHgbIC#9GCXC+QmNQQ#_H3a9UKo&f zIshLJSPta>b_rUzSZ)#toXpwa0817lGd`Y`Il=^Ic*Qim5&MB6Zv==TSL$)~7W3QG z-+?aUl^&oj<2zJ8#t@3Dc!00l(IMZ3CX|Z$BUr8Z!>~mYq08KhR#?eA#3d`tVIf_K znDNeX#Ou&tVKhvzyjFtu%Yj;nd6`R`pkd!fLD+o)9b7c0E&!{u5is;^$JUB?rDoKpgk%IiU8aQ z@@l2nJ+_en9c9VF^*NzVe$;E)gKsqJ!U<+Ao=0f(kyx)@TlI8uy@?|c7iNO5k&Osj zs-kTb&90@Xos$aWHeb^Ufyeig^|k|n0AC-MCPIwWWl5U9ZWDEYF=mQ0HNISNceY}H zW|Fb_yx1MDDJ65HT@-Z~6;@C+Qp+?`OkiEZr*()BAG8f0jVIt{lg@CpZ4vlj`d*|~ z{c@cyIy64dQ+bx98DQ%c-0-j*v3BG(Knl?Y$$74#%>M(}3NYb1xsP4puR_{!X|)5D zeuiKs?dSTO#&VCZ4^MEer9|kHY_&$p4feN1t7}p8T%_0m_Hl}|k~30lN5^T3bPz3? zqgAYrun!;)?vl3)rlgE!ho_#V#l8=Y$|t9o3E5rC5Etga^~GSov&xNv;kC~%8sOkt zt*HqG`XhKjFQ+f-WDq@tZB*kY?nnoh3s;{e+Yp7TxBq>$cd)}Y57@(Wc`+*rT;G$8 zGxANllam=hT*M|ee>`OR6yt$o!`QNh;lN1`=b##!k5`K?BjKTzQB1qDR_$fVz@<)i zl$?hMQVRsTK73D(R|b%DHX-H)<2B+9O{C;OmXh=~CM3y6g341AxXTc0U|mah<>@PE zz+G9AY_O8R!YsFWu2EY-BT-R~f(#nwk69tn2KKdG~HijvYOa591abJR(E zQP_nb)t>RHEYyO`9e@Wosh94Cz1BK(Lc?X@r#w4E;Ow1E32s)_&Dnp#*2gVx5746<6G-OnBCcm7oI`LLxdxu<`Mh6b2656iNYyf%Be? z*O5vrNTG(*evUEUpn!`Nl$)b+la~9yT&~_Jz5&Ui${aU`oBi>2Zw&Qe7PpJnpk3kkf?ZoZ7G`KoE4o|5ehsOwaY`{nSE)gDRv9{opC$>?KV~e!Z0GA zJxR$7?{x7alD|1;F|`*^(P#Qho|ABzA~tS@yFdQ%WzzjN*-51+ zbbQL9r)6sbTX%=lDDX6k8j#(c+jJ7@-8!5PUL=PR!;9hjHZf(1^?`$dn;l~vxA;>s zKe^wkFl8C{Np?_?X?4e>WRrqbX!(oFK+l$t#z}d&*eRPN=fCDzm0B$UpFlgczO?@htTF4%`f%~ z|C_y>P&*?&jWP~MaXh({pGq4Rn)+SPpU@uHYsV~(OLq>VOF^Q7giy<+slVAk_mSfVT^PP z37$2pl^zpJxvn#ZN~+O2P=1`e1M1)bZjV%cn)f>GwxjI!@%z^Y>Y3`c`bXBMyEGBpL&kr-E1QpNg{kp zcGg^f(AC5U9l$B2&e!P3X~c@f`tV|l%nDL6_}>B_lC$cbZKSB4Md)(nGpLr2+jAvL zolnVYsMcWDBPj8JHUK%Y+3$`nTvN>ya8)+8(^LbQawwK2;W17{TdUN%OTD??nThUGIc9+Op4AV&e7_qe|4)*Cx`A9e?R;^ z2%{`h;R$(xLhZf&!49F&%z-cghe=Jb2{2X&>tq!iTArjL112#NwK4Dn3fh&baOE4d zg2CTN>xVFqR&`tzw?rtF9^<&sbcfi3G`Wv9R-6p9P+~XX{8Fe}Zdh^UTnHR?;u1+_ zI$*W4zS z>$_@8>>`RrCVi#@ca!=iRZvRruEN$$URs2In-~>pQ2?_(LyB2gyHby%`Iijylt0&V z6i7!HW^92Zo#DBGYI~+SXY}D!u!+x)20H^S0#E%Y$3@((L?r4;RF1eWH0N()**;9;w%O z^eJ_!vY+#{lH<@NsI)dCPl}4hpB7-kLaq@xyPtEctH7cQVOJ52DKihbQUW^JLD@kM zB`V(`vBB4c4V+;tcxkBx#+-+aq!^xXu{_S3-0@R^*J&)Bz_#VdW>%g&5SMLfDHsU; z^U#|)77d07cru!MQ;m$+BXj}4 z0*nGVvLy!%_7AHl1f%eoEoySHW76Kzn#KAdmwH@z>WJj589Hv#`uBiuq#oO;mY#h` zn~OZr5x9y?Gz6BM)CaDMM`C|bkQW#w2VWGITzp4S-77j3$jKRVQQYd>T07^J;Wfm| z+1%TZcG=8)=ID14fL{Dg@@mCkXg-dji+Vwle04!i*j`h^8dF=PXc}T6j&Z9uscOKwn%K6Zia9|U6WvirG zSN6imP2JLaCj4-e8B48AMkG%UFAjQH$pEnREb|MD0}5+7izYq{ZJ^w1W5LXp0OQao zPV`N@kHM&dc364jggz&_vzZ07ZT1vN0jt1Ol|h>mhB&$p(DqoSH|xv2?wG7_NI zEChauw((;auIlFVgQWP0w3Vs~SsON;OAr6`wd0;FVIB?kp;kzYz@UpQiV`c*+lUmylVt^F3`6qNZwCqp(A zyy2>%(}wEyCfnWh)BVkh6Xb!M>rb{vn*{p^nn`v3VFVJeN&mDsJ};`lMOf9@bm*JY z+gw?kdB3&W7kIbP8kZr zp>TOf$J#OVI|LcyGOPCW09#Iz| z6%Vkv&6YJ;UtWO^X)03(qQ~v_uToW4eh2=i7|i=AR!{yZzb9s02`8#&r9y6E0TBw3 zgJR@K2nJIvs-pVCv1j#SjlfsPRN_2>uzE=(yi*nN(hB*<7njaKw~=T}ykV=uR+lHqm11|kBxgvGK!%x(n-i1U7ikh1TNVpJD;rg33eIhc90I$Ts`nkAnp^%qE81= z-~lY9y5=`svb`kku}iDsa#-!Q3drulz2wo!Oi}7UbX3~h2&Ct`w>qtqsZB@=rshb0 zvy15H&R})vY2y*591IGf(-#JlD+A~Hrc2N&Y^Qx-r@OvQ8C}r7B(4m&p8Utd;lQPc zM=WuAO<-I!QGT$INZ-rb9$*Btv{Tcrp%C(%RE?OA9T?JQd}W3X2Yz=xuSNXK-HM}7 zB(i&+=a2oNcZMcoCyW;1hgkCf{g2}vZ4MNuS?(egMlLRB z_$?U8nQKxKJ9@>Dyt1&3_IIq4qh!=&^jzbhdM{=-^C%~+L0yfC?2e^B|B6PQ6U)U6 zAHupy?gjsl#sId|A(zR}*jCP*Sz=PkJE-h{5Y9( zt$7F?eoDvBP9MQc{i}oC5Q%YHYiQTBj#I(4w^{#`X);FxPkV;tHG%4>F6R92SuZA{ zP-qMZ2S=@iil=}WzmKkh;pSFL%Qx?00x5HXYDNu5#Ra-%M32jaU#rlKh-^7$mrZ?0 zGeYDmd3R<7e$ZPdfIuV9wZskD*``gcM)hp+?~@QlX5}8>eyz|VEqo@$ig29yQbmY5 zgitF0Y3p0^Q&2myN(#hNqneD=xPZcKH=Vj3;B;Zde@o1^qF7Ph-C0Vh!(M}>oo`E=l|;eT@)_%g z@GcbX!v=9HW!O?|gqcueTW%5uVVJD)0>xPb7 zK8YvFr?&5B-!Gv|Ggwa$#VPw~-`4O791`T1SX&rOPD9o~zbmo)MIB34;Utq{PM}8~ z?I_N$e(o50@e(#~S=|Gxh3gmjI+U&h#0sxo@QnmGJDudL%M5$2%DmAW;pnIC9OBfS zD$Xu;WVfw=6uF%&$0z3sh{RAu&j<$-Ln&BBiy11wD(&}B>|AU|`1PTHdwp8?~pH4HYdnii1lr8xb9X6*hHey9%69rb=vUh;CAMO6J|I;N@(9?KD zEPNfPjbGdO0DYD#@1iO1aD?tX1j&W5ZhCeFX&UrErg^eC_6E-ZCEb=)(^El|MpxW(05Cj4Lx1 zadc0P%LJybxtI9Qbxujdy*s5MWai!l;(P~sw(wb4BD^dmj~Rd=kqic(?S>92cXlTD z69F@0H0|b3_Rh;HwGBFdCp;h3x+W(n{710wu%=rRR+B5kdEjA~r3fkp_Jbyn6pO%$ ze%a|V1UGr8^@7T|*?d@`8!SRQ^K+)`Zn45B=&sSGH8TGRyuoMUY~u(}0Uq!etf(1a@B z<45i#pYRk%Yz2;2!~1&B9sdbZ5GG^FE@K{`aDjv#m#wPkx6buRGSzCXpdzsX#V=yEvzj2T zE?xsGg~FIHv&3Eq%k#?Sk@0fRhzqLfKUD#-Ou;N>ob0wR)GVcnp)?trvlPZr^*htz z0U7Qw$ATHUi65sIrHv~XnuuFvE(j+BPoV0u5Wj3^xr%_I6d{DQy6T}Y5>z#>B3-hK zB;^E2G&IdhJq&|HD$)`==eOj22xn0zS&O62WN`6#F z&C2}sot5#hvj&Y22co8$gyLJ)x1Fqy!KNJ`Sqi~d6Sp4?1xo6=ijdI1aau>{8{$E7|0 zFG2kf%+7J^wYSip-yQRW5f}999QNF#O>xg>!an{Yd8|W)k@uSZcK568IxfTi%C=q> z$?7if&tmWcc?+l*l{DMk_S}}eygVchMp(X=SszJ+T6_$)5moTV*ATuaEh)(@F^h+R zI6XWSoC9~56y}AEYbVg`r;94Dq#QMP#2txXm@@yE9|Q;#_Pl(f!3xT3GW+Jlp4K8X zE=tAW+RSnx8tk$9GwZerClqM6+L(sW zp~99v4w^0wAoo3rGvXx{0+M338TBqcDOqV5(a1o}XyT2Qb^55dni1Isc#sI3q`vs3^-uq=$4WQBCg|$zCr_oH6>IdKoftF$rgzb~md?;Yxw>KbH zeiNQ&H5l<-`_-vWD&B%P=#8b8Y%zDQk~e@_y^MgltDQ0W?$K6}ypFPc(&R;fp*6B1T^#5Ud3Py)9aj3!fIrbtwQEYp|k*3$3fH`{=;vZ zj-2T((@rk1?~3oy+Pl)vw$fP~h>Zm-A$eV8l6Omo_v`7AKf>NKw3w%Ihlq8eilWC~ z65H1VZHC4{xwQQEn7pizw=Ueo+egk8WeVK)-gq-WW_aZ9VF;%4I0wr&SZ!le$+t}o6+Or5vz-KY6e?WPi&xY z<#?S#fTfCwkk7p#Dl@GTB!1b#$>gL3cv?)p+6)8#O8D}s%XHTB%`=Qd1soYpn-r{) z@O8K(r5}j^go(4ME=lB}Y_t|u2cz+Xjm%)l0^u0lKjg3HrN(c2mGMM(6Af<$tC4(e z_yJ%M(Evqy-s&O^P5R6>oW3tplSYO+c2z8w#j0He0Bv;2Y(wD1Tw#!iK7r4hIRH`) ziXwl~{!J3bto36grY2YThQNwKX{PxEIO9ao+M0J$%CAU(Gd@Dx`VLokaskdL=CS10 zc__Y=ImvvqEx@Rzu8SA?4>qjL9$kUHM427wxGr2X*aeCGWCAjx?BfP`R|I$b14IMu zK(sFUm$N^0&Gtdd^}8SDIdFKK8@QIjeozv!lg|=!071!n`*Fy@j7?pi$b8|baNKbI zg=1Dq>X|as28Wy$hA}!ZQaGQMo$p-NOr)$T79#{X3^zL69@^GR=Oc>H=uEm7(YJZh z7Gu-nHuHF-P_hQ=isRHosut4)34Z6Op)3P1FeHsrc-m5xDrgz6tf;1vrC4yevX1X! zkg@P?-%Z^;yj3tkgt1|&O6nq%MyxvsrlP9EzmFQUhSA{}Jh{m{f0^ax^#kub1F>YQ zHnBh5y7+)0K_gUeh#02GzI-})L&?YcpmyB0bCAk<)4s?QQ;VrsT2ALYke))kP?m3c zv8np!ld$uAM)qN8HjcL~-6c_#)NwnnE~eK}&i3-uljI-*b&8(f-csX)qvfYmS`qco z1;rIOK@-^|amj>sk@YBIlK)u=Qi{K7e4>aWX)3LlrS+me1$`(vYH=^5cbNQ@<9;xm z;b=e^Gx8>0I3OLhCMOs7!e$LDiY7NAbAt{A7ux8LxsXkDy`4RV5VRNjo!(l%cUeP; zv}bHzI$wIGUo>B-f;)bi;fK=hYWM-F8Lsd27gkpW6w>60os?=}UZ%=@XA}rQ-x*0; z^rkAlOVx(=3>-f7BA*XwZQC|I?VbDq#~KmnL~p{IL)(tw8Z^E}jcUY;KeON2s`Y}x z{4&wz)Fu>`R?TUeGd%qnly~G;$VtoCGGFf8>Bi}@I0W`g0kpWNz>SEctloK`)5f? z;0W)QGl&9UcvJaR=QRQ*mQ@MIW29_M^ra0&$eLPPj0|$<@+dr*IOS5BSJjQPy{g{7GnhEq|4TF%yvyrY|CBqMAe7UnS%#w@Xh(P=i{C{eLKM%W-H6KUY*YSFBw0mv~qY-yGN!_g#bM>=Fd>7WO351aZ;h2b2|Ksh&Hm@|ea z2u26jEUGeyN=5%-bxMw==hyHe1Phj0RMlbYg(h2(xWewVrVM|FCKH~JaRs=nk zZ?wc#s-jxpf2S ziP$JLdY>kCA;p$s$NJ&rS$k8mze-MObh+KuC*>R4oHNx$&U8>!+KbyHFyF$5I*7cE z-%svBQDG7V&yRdgQ!$`NW`d%EP+DaEIdLo^7H8QRWSNuOb9$?oEaFNa5k6U)+jc zjwir*&>Y{csP{sJ6+A10Gh|AAS>TkkgP9RmrPX$gFk};r^{fv}C%)*oJJ&Hv+t7$1 z8;sAQp32~=LRR=Wt{jArnBi)o#XVGO!V2)!NZm^{N9S3{%Q|K*bUa8m!h0%nnP{MO zYUf8>>xoN=f0MsI3yuOhO@)C(wcvk}Gd0aFYuLLeO;=$F>acvUj*MyS znqx}*Qd`$**FR5G3Oy%=GPK|g)Wa2N6iCN5VT1_H08?NMg*LhwbELPBx}lvR;7QC3 z+e7T{SyEN=_U^bZplm!s$8Lzcv%=5Qsmi*PMo#{9#{vnf!8@0Lfu3a(m-3iLnmgGy zl6c~Y_L#08zmMYwp0;3yu@{1n;wQ?upgJK$Lk+o5duk@&)raHa+RNm_ZBim|UJ8bq zQ@#mR&+kJq<2k<%*G$q@lR8xuH46l$rFt;g9pcNI+a{7!DO@ws-%ZsZ*pHkcAhJjP zy(%?w@)&8;5|DdtyD=;AWq2#yi!o_!d04WS>#$ZQ5CpPGFf%$%)Py^BFw-G`Q_3D! zfHMU0EJiMPX-AezR2q^>C7Z!f1sV||c` zu)sQmrlqP5vpl)B-d}m@i1cq~chtPI@{|f2&+jf?iGkEC<3kpp7xL^Czq%2mabGJ!>|dIMx*!B zs`L?~oxl7f>mwFZr66TZnlhFWsfCl7bDkmYyg-a|XB|~*3t-2jl(T?Cc)7Dv0WXd# zfr2G|S zLNl#Bd3uquWxtP zY2@0Yc*d*SB2w@;q}ZJM|aU?$$qty3LjLZARQ`gQ4M2s1?e?zG;; ztc5i}&oirD)Uvg%V{==CUPbE$&ZT_qMPX$M=lFp+nk&w=ew!iTTn0D<)e(|_>E$GX zgt`3uv1I=IP9&X{-Twe zsDy5^E+XEMIUEQ?r4&MFi)@_L3l<%^M`UY+s;ix*=FXO4!s{&eVm--$v`MEu%OeDX9mGn1{V#vJUKv7mFn2NwIQW}Oy_ z>nrxyE1aaLUeo4>wxR{e#bO!j%~f#f>pwH$Kx8=bxu5%u!=g1@GCr(Xvk#_3z6*|k zg{!F5E&yYrP)KyN$26`K(npeWi-WL&udMVfSW0w9+6>;r#CB(NMV*MJ@Cis|3Hz)T zF<9@8;o`-fv6hBK2Wb6bcVhz`6^^a1qcsn*Y-u9gOU0kid9hK_mFzTOr{;(83XX~| z#+%rh1|&I9!gVWiT_R2dI+A0*qXwXlgctHUYDqd0-1v;qs z0yaeizD69uf)?L6xc}Jr#BdwMJ2B-@V`=X$ox4<__Hq?qq#;{|pGBae?)sJPwXp!5 z1x_6~H_@}nDb9>Mg|{o^zG<5ei<;)Ag#}GsnqhnHBuHdOI$DkI z0GFwi6_tN$bd3KT#+tC|gcJ~4x_vlYKaZXcycPB#y3_rOH6V{^HEZ1oE%pSLy2i%H z192%m$6mNljCvo{UB8y;tSyg2l z3&v%TGVa%|#r}#H;?p$GnFC9;?JEMK$XJK`I+A7oEIn;J!tWmhz?*GJs8jJ6jtvxhEfYtH%9*d|qOl(9%=S;G|2#&r}+chhI--Qh(9LOe$ zvbtFbwtCX(Gq)c*-RX?CFLahVm&T|VvqR;OZ|-ebLg*Y@(HWl+t=~&kYOeERW5ps7 zSXzn*G*rvdjb@UB1@_$RZn*%5NDEZxa8~>U4eBXULM3tK016TV-pQ%7!F;S^v2#ky zeNUglEvo`j(Ta-Lt0v5&JKW?;{R&TTkWlgkWyFc~>OE(P-f*ZlGVClTFG{|~ehr); zf0;;o)p)w#z?&D1|4azj@?^7*FBU`nB#h$5&ZNe`swOh4M;H;^vvJnYVrB6(Vrp{9X&O~&2dy0#`lcKdAvMX zpUjXS#k-4htgKPvd7yq2^Tjq=7Pl+LZTx}G(`n@E4y}*U?5lf(H8Gln{9M5W zPOl2(WjJI{Iao$wleH}@RfNr=4+HVi*(u1mMAB_s>M~$)lE;61Cu19rn+i;@0MncZ zQLT$7;>HYls1S?KnSbW4nlZc#2`p4@`=Cn$IYT|N=|p%(FAzMb#d7sE6*H_VDhT~V z@;@QGNLi)E^-HJ<&1Oo47O*NeEJ~DoNWJd*h4sxoxnCGXTUlK_8)7Cge$s@OyO*Sy zgmuL+m%?kZdR)Bl`NllSy8S*S(nvM@b{S;l@^X1WR1=Mty$cT)mby%5XOLat^7A z9P#!k-hg@43E#^bv{B}n=|Dwb5MLM6NV|tyeSZj`f=EuSuNYNG6&#?H_eAAPCC1D_ zC}uMT_4s6J?KX+urZ*!c%@FOZ9A`CEB{t2G7w3t`qN^_ARioZd%24}UmblxVmZ}@I zep&g5{AS{X#UYBiFO+{IQ?y(5f377Ym^?-6Bs5cB4&JE!##FXdlr-M?1zr{UO_Iqx z9<%e}K+MYbw5X})A|H*9(;PtmgsLu`zJR1KfFk-CL#;UCg;Ns!C2r2@m(S6v@{)ga zR5w9+ekbKfwp2K>L_(q@3zfxvi5|!^F+Dn31QlL@_I0>}6F~jjOXUDfO2!ZgdL>Rs z#`BW;Eec8Q>~3ejPTqZaq(hsoi^^2BxIu;``kvXufie!_=T0$OkcT{oK>Vf63C=Yn zcWa+;{fk@~XoPC2ojdy76{$s8g3jEuCo9PWiLqN}*3Ekkvx9Dm-Ga&$g}5GpGyLKr z@|R?WL@~Rf>^W~j8=n_vUpNwrpGFLt`yR|Rp* zm^Rx28M59Cj#T+S*Lxz8G_f1ICr#o6#MRoyc@kPf>1NsQP}& z9{^6Zf-Xq|1U&VRZLUZpm_!CJ`p7&dmC9S2$8fQb(EesMzk>Cxb@|Qu_Lu%3Rz8#E zQY0$s8!b^*XstNcHv|dv5G6%tU9>06>?&au^=n9rHb>gXiT-#p8eU84*=_0*Nf?jw z@MT$VMfk{&Y2Pf+m(QeV#5-Z9soV%*qtu)UAx?P7Rg}vI$hbsGsq39vIAtYE0==sqyT@6vDqeMe%bkBxvFw-2 z*i-5S9D{B)@FQZk!`AwAf;1VZgnlP_KS-2R)-! zXrnglHa1we*AFywd@^8Nr1g{f zsB~XdoY)eWe^?W=a#RFHBBTW2%fBV?K>p28Djna9yLdW!{YfCJ7mW+E!l5voq<9Bz zRW}zK$3Fx!(pskSNQF#de3fT7d&@Wv6|v#%jF?_hW4r08uY{;2*-1f#XL;^0HBUo3 zMA<>-`m61twOX7K(!s#t2_mpi6su#6)rv(vRgmsro{1t`VqBT6)CisjGbN+V7<8F< z5^0Amm=Yc9$PubR6Eo95Dnhh9+P*RkE>%_^1@W>m-%3H;61yACx-tp+o}G z!%|aK?oihfv0owZl^Gl!8tv2iz-J~XXr@aP6#!9I7w~rpSFd=Epd~5>GFcl9ujIr( z&E_I_Zvu@aTYFa!Szoa zD0#!tMpsk8YwKFr5*CIqdqLlwB7c%qo}%O$N;oe`fqA4IK0j3sN(UxM5{13HHe(nj zyS=?vvd9NuGN3AFVC}_~I{&RJftx{~A@c{Q@p*r_d+Ciqs*gmbOc7@@Y!1Qq9jKF` zF2BS9O^9w-8LTQ~zCQlhUVW)v$VCxP9b7!c~yezV1 z%+kr;*h(L!qvCF}oX857I9sKP8*;(JdtjJzkiFJLvn5QNOj<8F(dES=Py>;-en)V~{;2J#~}%UxJE_+Mf!p*pE*A zHaO(6mU5yaD)pS06DuFAq2~p7rmMDvd5r2Vv?7_esS?^HKu@l_EH$q`i;xHQZ~97g zg!iY4e>gJ&%SIcA!BZ>g;66?47u#xJwwO9|@04QV5(zgg!ms3n)OAmIae-BLR~Q#x zPsJk(WexEbk?JUwrqaZt+gTiNJbg!JJC;#(s~5z8z+88suf81YP`GK8dZnaqBR_BH z6d{(Rd1LpU?~qADhFW0Lv%{MzYqFjyygFV+pMHHhc$Vx`L2ND`&^@axM!{yqU#o62 z2i?|GG0d>X`&%`gN_-DTRnkQ8MOdYkebl@VWn89SQi1jC!K|m^*br9%PU#!Gu{gHG zk>YqTl}pfYIUWocCYAVB0G9qKu+sX3HqtI3d!}52zt(2_;%*n`94uZf-+&ugxH}Hh z6rUiz?$jYZN9;~w>#7MzhK7-_E&|Z@c8YzI|A_F6yE{cnkYgePRq1k1No!`^9R#!8 znkX9NWY$z>c?jpHKic8wptOIeZVs;%*YM5ny7wT{;4tw&DrICbU6qb@izZ^ch9U@; zQ34$*BY7)x6U>%m1Kh+-s)D2(sNcZQY;(yr&Wg!D8R?royuU=MMeW1lf-_0G8*?c$ zDltRTNg9f>fNXlDh%bu)FRn1&P>mjl^jz7+0_getaMr!cW$U<6rXWi$rYQ;8)eB!P zgf%4Zi|7V5#YjH7wBDuD8+$R0aI-quB{%_ zUG1rIS``IcyHvq8ltlv!_rd2S(@6hXT}UAQ8q9F+0$gnUzSL@PyHLQyTHLHy4v)9o zjQ7OWq?+TjksMztnNUA$o)pFiEK@S8B!{z>fp=q}62E9}Gp#`yg&C45tf>6WO$Xsp z4%lOWE2e(jSIze$g_#**9#?d87T?Iq=6uJ8CWXn2%jQcsoryzIXD3kncGe)tGUJ@q zlHwxm@_?xWYuC1h6G%oY7|ol?GQ?8OTu&iSOr9OS!@cfSw}W8MSCAgOCF1S6*;XFR#R%7jLfNpUj8OOIR; zh%OTY(@vt~;KWa&sg$XG0X{&W6Bi@!1F9(K56d1$f~gr5^JPdd4b)^mGG`=VinKgt z0!;)gzz`zcqWXEYm;ua)lbcnFkKxEziN1=aqsq+O_N4<28?1uiT@^QFZRazgP1sd!?++S=(BLJt_(>M~& zo-S;-CNhD<4)Hy#+8Lm^wD(16@aw}czA6bbWsD}Kak%a6I|^+#XFqw^ln-}^E1N~^ zZMfI(t!KshhoeNu)-?Nro(VG(RZ-LgLtGAf(Ek0Xt;n|C=x?&a)MIbaccfiG=2A`> zVLP_7kq+=6wzA&uj{CWYUWl}-;+^ZPgW32)N%KD_m14z2&;b-sW#AE!XR#u)`BkOU z4h|(Mb|j2SngiCBMe7t7wwUogZWI9zqO&R$H1mm@9G=44ZALe-HL<0otBqV3%m=na zJb(oy9*XMZFsE|vqPz)(pPFtB(v209c3dDjIoXy2id3zi9BKKaBP?{z!Y-6K+$Gz5 zk&^!{@_ucwIU!8=9yqv9QQ2Q$prn#yE;U27nX^s>_3>Sasxs&<5#oW{N3DSRD=nTp z-wq%j3UIZESEPo8Yv2VKOTpV4U2gI9Lj4F#%|#TYNOV*v-E6EdqF@^JZRcPB6(lCs zXOWMuf-qJkAo;PDx^yq?-=&@xj`3sgH+9=c)Ut!fC`x zouyUEP72U)&EcaXr1IMjXH%FIk{-- zoaZpBQ&M>+nd(JUT>-V{Q?b-n;s zz>cA+DV*;}oKaOYFk__o6JzFDoe2QB%%&=4+sc#xrp}6+XbI%~-K=~u|5G8*>_kP? zJyjko4$0Mpb0VPR5wYL#s!+=TOQUf7y{Cs42fg-agnw@#VcT2!qO8Cc6FS%B}qz`NI-$QKp8^&8|X>TO$k^+C8m%J}9Fx|6^Mj{4ZBk zg3rMbYB|+iMW7iVIYea>hmkUNonxbmW8|?B;m{>-&H_{`e&BrrrOc46=X&OzH-qsi zh5nG*o2%KiyLK}FG!>y;xi^C zYG_L%)`xk5aIF`KmQ4G_Mkh8+8i+)q!2@_uBGHV&pp>X+cLC~Wc|!bWoxbZ(@|(7u z=_OOlpW`jS>5C3a$C;)YpK!}V|X?#5G57^@Fu9=$nwY^uujhsCt_udx6_`l-%&B;EHr!a;GiQIkRY$x{0=1?~1K4|T| zLadLa07W@i++dp?H7K%;zo6DJyTm06Py~zrd=?p=XLl-r{0k9lfo|X49bI@7EJH07 z!2&uq&xcOpFbzl7pevc0INSQEbLry5t+?Je>zx+u&4R9%&5C}fv1<$iM75f_1wyR_W)m$J9B53 zhYLHD!D163Gi*VR@m-T*IqEPlC)44_K*9MRnkfJb(Zj_lN*!O_3p*-awSJg zqZy7X9SVe(N$2_gB6AB~$fP)}dNzCot$$C$?CYpltsn`xG`DibBf4e2ej5QID|&(s zuwKaRqiMYd>+9T6z_l3oYH2YbEZErgl!P7xAPvUHMx*YvyHM(Ea9Zj)T*uY(8hHd9 zr-e|vswx$SGKvGd(?gX71dY-$CC~ZlpiiD6gi!Vd;BkZ1f%Q2*m}N0}bxRuYnlKcG z;U?(imXqs(VTk{`>Xk4rS}{8!CLG&s4nfLrgmo;{>Hg-$3EAFw>bcxk5Ehb@jipqp zMM0Kg5K$cSweH3`B+?dy%Y}7{MB414U($*~*^QYXftgt_2+qG3+DRQ-X47GGMrYF& zM2lJOPp+tVl`|Zvz>w3I_=Mkjt8e)=>KXzqYdqYZETHnp@>ah$=&qlnX3}Gx`02co zn>je$vA*z~Nx)@r?L4-%m%N0%z1AHcUmL8i@Vn7NCRM3ci{&^WJ8Xds#>^i#`^+oB zGml3sz)Y2J%`sbx5&=!cJI|bEwV=^-;zSn1m*bj4jB5%ofw~b0YNpejW3^#avnYdn zM5zm>n(viq?c0I~heCtomB>5l$Y6TF2v*)96 zS@TrMwCDBoK3Js z+k5l1o1b~hc+{g0xfvFJ)ZtS-vX)ra5p(dW$LYJ~%my=kV=tR+$K3g=uF%T#%%AnH5tS* zjJq>f?S{u^8!x#Rl)bU??F`JZY8ymn)pxq#x?y zMqcE^G=FoN%+&Sjb4 zUtaf0tu(i3fuo#2kVNQ0ucmC*m3_inN#mJ`(K)zAqP-B`KfWw(7v)=KH5@&v${X{o za^u_MN-f`pCb23C&N48X&H~at+>yWr$1BYNc&U?2PW~jPeTjtzBboGA`kyNcy$r$< zFt5lUYD4ERU##*<$ZVS2i(zCa#n4w8MbL0pfPJi-n}}K>lqwgB#X(jQDSJ-SD6XSy z_nMtGKcc;z3)p_9b|vi?TSj;oPDS7fb;!5R z0Tz)7PacVHICj@*^HU7iQGt~~;ci4#q6A=`FDMkaaMy4=5$;s0V3yoZc{|E3Bv3W#~(tVI)wWds6=Ld&v@)_It)={EcG=Hd-S>7%X;2=*!%*O ztrtU!qPcs6F(nevrZ4_tZC2)*`vRoemEArYN^pQG|4j1sbSuIVaDJOubUD`Hq@v*s znBcs$--~0IZBchU9G8fu^+kJ1*3{o#bXU=sTovNkB$&9L#1We2KABiXsUHIdHjoIHu0v2WM$$u_fTIlwA{VllXISNV8P`ABbcTGc!v~f4IpUfySA7<3gNk{qqSce-V2+R8y7J{ zbm)k%zlQf@Z37QS&Qgh8J~jW0gGTt;5AtE?Bni;88%-9Nj<_BBJhyD{Z_L zG($gUusPc(d-;5Po}e4h>$bM~BXq%H)VuaR%g!-ROr(4V zQsfhh?+e4>dUt(mt-Ii}iL(>S*qC`b6;(|>Yu#;R_|~_PS7do|B;!-(JUlkX+ng;p z-I`18^!ddo4bR~zBW8D?MxllWy}?XjhJ-BvI~ffwu1)UhjxG+w=#!VkZgJ*^S)eoh zoWVV_@HJM}Xro~JMf_808I(hrH|^O$)QhVoZGi%QGKd3iAgUz9W|l{1Uc`GG(8}HM zMeY!n;-a6#__K_fS>BYi#BlFOwM1U$q};`l@0$6d28!>?T##T*fI+nDrbcVxjaXNA zff~wvYgp2}7-B-pc8|eh$Z=|B^810b)nnUycpazD@gzHa*nI)7Z6pyn&IbSE^V`_# zThz=ve%41WB<~{QGVVS7Si2rdhGY^ZzpxF$z3~bMvRDJ44HrA`;eyFhPrTPpjDu|!naDBLG zVIFuh;Jt$t!8Fk7omD~ED-k`~eBgn>X!^Zz^<0pr2i=N}M67)o4dgCuj}h2JnGTFX zQ3cUbz%oeGOTqYc5i3kJvp5A0V$RbAFU6VyTB@(R|HavN5lTFG0fIc06gx&~BeY3m z=_C>y8U>}W`2l-*!_wU62@4~qlGwG(r3_u7_>3#v(MmN3?QNK5lrFh@d!s)Z^iGp! z$USpXFq&^axhcV}n~4oX;J896b#P(q<4PQk_muim=9BNTvj9buT1sYXot(GO%aU!5 zoUAK}QYzQ%kj8>7*;!{D1C=7Ix7k{M9cV?A@k(P6@nCcQCSC@W7|2mPP)0XfJWV2W zA__lDjn~iSEW!)tl1zYYloz&B{Sm@Ht(j$=Z#sQIo#uR+OylN&0yr?K8?P0M+#Sz= zvj76uZZhZwOW?pfO6qTN*5h%06|g+cZk#15fS|`#ov;Ayl28(i<{aiwayZs?;a-v9 z3qw)q=^(j@EA(G$lAatE&AU^p=ACtYgm8{Ef&y4f+_Q%H2%~N_)u--MX#|A`hL}c; z^TMGD#H?p3nqdA9UxkmmeJ*5-xfQ>_%T0=3z${SSDSpAFvY)u7Of)cF>Y-y|1X*A@ z;v33-bp?L1XzWo9`(b($i~U&>i+f!fzOT=cUb)g&S6AJNG}`N_{&p#S?p zrH^~1jPF#+AA0}u!+PEOl-hNJ#PuK4>%QWrezd!o7<$F(3`YNU2^Q^p0uABUh(6=f5 zd!^y^+j{-wir2sE59GdA-YN8@N^gCajKlk1e6Rfdr$uUmM(+|RDNGjaWw z>UCF@+I54(^*{Czx$oPQ{;tyBQyR|agFhzMKl-nQzF6r?l)gjhkNu5&9)5q%$K~(u zFsj#oLTPyY{r^&~A1l2>?>kD||BZhu*Ps2Q&~H`xYNg@*U-7@>y3hYtp$}I2#Y> zeS^~Q`@f~%|JP5;_sg!oO|N@}(sjM>^AqE9?l^2GT4FTG6O^B*53pBsJP!)0vr;W{>YmyYjNdPV6~rN11|Ki9F*`+lX| z|9(mjC_Sk3sY;)w^m_yP!#XzlvpW7crN6KA50rjV>8F%_@mI<3KSb#vrH7S%qtb6u z`t3^ZRr+qFf24GIkKFIP($D>B8Q)*&W0c;gbV=zcr30mxls-@C^OgQ*rLR%?drIG~ z^e+Q?@DcL+MxU(XrzriafIi@na{U99z9OKX*0Iqqdz4&n^pK7ZE8Pm{r*v%e>%K<5 ze^lw~0{S5xe^}{rZjkGZzEa0V-=pLAD*fEAmFtb})A4?#KN8T_>e%SLkCyKn{ZSpi zLh0gT0sS93{&S_DbCcZf zK1!db^!ZAETj|@B{)N(yDShPQe%SQEpk7j107#d`rLqiNXJG$spC&6eb8RH-xn&qMd@Cp|0$sF(D6H!{%@rV zExFHw1KQK^iqcmF^tW~VHl+_;l>0nP>2m}6MjijE(!W;vH%dPf&@=nwerJ`wOX(jf zea(LP-01ss{C=fJ4#?+5@6_>WrQaFQH|yBwA0L$O8$GLX%;*oP{4)BWBXa#0D%}d` zTXbyn<2wF?(#PK_-@i@iH!FRH(qB^gdZl~5POdll^*TPM^t+WlTj>u4^y51Igwl&g z<$h~QZ-2aujeduYpQZGNZj;ZAKKKbTHu^M`*GAv1<3CdR$YXN7(Ip+9Qu<>`e_ZKD zlzvp{-`+0Y|2w5mJT7CS9UXs*(xK8VrQf0SSxWy>>0c>bI3f2l`d}R!eWH$yp3(7H zrO#9Pe5K#gmirm~P91-j(mx95{ZGpEMsLuu(Gxm0`V<`-{T>}ZN9ijA`Y$^Ew9+$A zlHWV4bf|Po>8}R#<~!tiqtDi{(Vx=sE0uoRDY@S0+jMO7);r~Mqj#N_vC*-PjsB>P zU!io*U2?tA*XY>jn{;gSVRy^*Mqi@imn!|0fIjq$Ua$02Kz~ffKd$tB0sU(o|BccY zot66;z3%Jz4fW`xzX3^_;pI(8_*+9)9aP41@zZ-{AQ*96wn8JgM9yiN`Ee( zk9@j({wSpfzfs0UPwCj`$G=HF|Af-d1oUCwET0>_S;t1(&ydegDt)2S7b*R@fWBGB zM*mR9M*q8xjsBC4jsAy@{NCp&T?*(}$3}lz$FEZQrhs1i7P;RumA*ZopVG0>FX+nk zM!!zSN0mN3px1P4^kq7JxzaZT^nE&hztV^H^<$gv#sAHoKS(DF=?$fc+zK)Gv)3MQ? z(ebO5{+iM^DgB~>+~4RUb!_xobZqpNOLD!@m+RQ*YjkY%o$GSF(SOsi(VI8qbECaY z85{k8j*b3{jz6vR@KCNd`Xn9Sq4duJy1pgX8-1mYjsB*NjsBC4jXvNW`M%LZIyU;_ zIyU-?IyU;=v3%d?eI_zCdQitkFK^4|Mn9@!qX%~6^MgvC6VP|+*yyKqZ1mPE@_nNd z9UFa)j*Y%t$438D#~)PsC0FHsM$hTk=rtW1{b?P)O6j`;`bixd{rqckf1{7pvC(5X zHu}Rl{t=~bRQjt*|5rd?{7kvO(T9DjjE&x{W24`qW24`#<7X@V0i{2v^w*TWN$Kwg z^j~!RX{8VUHu?RpRQfojH!FQ|K)*xBMt?xZKdAKm0ln|H%l+@C^rnD*zm8w5^vwbN zppK3HhkNCIM!!+VMt@evKd1EX1N!CPA>TLpGdg~?(q9hfU+DN_N+0kn`Thfye!0@G zP7sepfA(0(XaU~x&8*FcLekqIySncW24`tW25iX zvC%)%vC+@|Zuvc?-$41|zW229FzFx2NP(YV-Z1nXyHu`BD8-2hFe%Q&$Cs48MCnVF{zO23NykRttz)B~)bXd39{hg!eWQ2l*yx6ijlMv~M*mdD zMj!iPx!+AnM*)4dj*Y%i$41|!W25(ZiQLcVjXE}ZyN-=^b!>F3W23LuvC%i{*yum# z*yxwPRDS;}l-?B3r|a10%XIv5rLPI-n{;gSojNx9F&!KIjE;?d;Sb337`<1=M*l{~ zM$i19TyONZb!_y}|F?W@^c6Zb`sX?}y7!0VdZV}N*yt4<8-1aUjlNaKMn9lqqmO@? z+~4Rg>G<_Z|4HdTEB%_6%k`mu?aU9$-~W@+%^#8R&nOMAfBH}B=Sm;;DjDCcG`#-M z8|Cw7EB!mAH~gynJ-q&Veog-V)Hexz!LJK_htlx+FVVkWQu=pF_q;iN|2OI1AMhLU z`H%iLq3=~1-v4I3?pu}Gbq{(={Qj@i>;6rtU3W*~`j-Cgy-Mx6XC|&+c&q>}nUt zn=*drZ^fTyq}Tn1QoHVa;`)Ek>z=6hwd-D(xPC{k`%R^G-ESnWU;b@*&L3C$jks1h|6Be0t?!V}&nbPj((w7e`JHmzYm~lK z=|3tBumAQxmh0cH^b6i2<0mQ&um2JK`^S|YdY@dsr8K<$CGVBb|5@ov^tzu-T>p^w z%k^EQkNAL$zfoy;|9{ZGKk-lHx}nmaP#RwUY5n_?J}B3p`jF7?RvKRa5&iqkAC~LB zS?TvH4X>{rmL#n<`%a(7%`at|>k9k1~F) z((wL&{8{(qKRy4mh5nS%*D4LK|FO@J>u$P_UVmSqZ&4av|8c$UWx;j#y`Ow9y#5B2 zvu8g~J~w)gj?3av?7DB&>y5rz$41|y(HSNgR|AFcFBO7BoQ3g}C8{8FX&d63-C=sq2X@gn>6@5@ThD;+DH zD1Ajhe^wYqzzp3Nj zQu?WYKJ1I+`HbGKW20+2Hu^jrTO5nUt=QlHqkeAmArF@O8@)ltMt@kxKce(KO5dyW zpOpTy(tTen_uH@ZHv;-@9UDFM5V_vyH|f~udvyF>rT-YvhyP#leWNFJY;>Yyqc7F5 z(bwtN=(~0NM@l~v(69Ou`Mo_#pP=-KN(V|WDgA+f{MN-gds74Pz9z3w4jF5fqLO2vRr393DE+TW-=Oph_Q>Z(@7A%=k&cai zuZ}Hl$l`>ITD;K036ZB3w_w!b7M`p3c}+lnPseXp`X@?1p!6@5{*}_@ua@UOuk=zt zKcHiypVG0>`#nOwZ*-vJOG=*=(7)5M(Va)i_l>?($3{P@W25(Zlw5DLt>cqQKkIAc z^Uqd#E}$zqHu~*1$o2OsJ^!^bHv0QI{sX0dAJDIQv|PVO>8XIe_%ZUi(bwwubxJ>~ z)Ydf>k7C#Tqh4?HD{qwh8-2cxjlNFDM&GC7FkbHc`u7JtR_zV(n&zSTgT5<`s+&H ztn?29`WYP?{lZ)1_l*9$j*Y%c$3{P**ZrAZZ}gKoHhSL!@_R-fs^f<#{f2=4 zXC1#r=^qF5<2wF?()%5h`y2gv9UJ|Oj*Z@ZNUk^fTRJwn=dgTk^fnzE{U#k7{fb-V zdZRados5kh)v?ik(ebC1o;)ho8~x-HWNh^IC;orjeFvOX#TEBMP_YCnSP(@)G#1>q zu&~%dd&tt+T@_1wEV~a_*v9VC>;-#6WA7q1M8%GpXe=?tipHq18yl9WvBwzw&YAQ7 z-*@l4`?jI^zTfwLiNpQxxo751IdkUBnKSmxbhlyl%ybN%nO=kErATl0(%10J^iw=D zO$;~wOgF_d({u2AF4C)!vR}|2WeM=RymZ?U#-C{co|ztoXQt=jnd$9#X8Hl1eg7Te zeMee;Oq=n{bmo5ccc%04%=AV)GyN-`UqJefmv$d*{Fwd*&rB!dndw=0X8H!6nQmTU z{FwH^b6=!A$JyVR?v7`sv+&IHoQX!y^cp-bMf#DKrY9NwRHVltJsxS}WcxeQ2k^{v zvr_x}=19kS=~6s1y&KO=yOr7dOpEdC`w#j43ZxqYdZuUM`7ET5d+FDB{s!rK<(B{Y zNPBzf+56ky7bCsSOCQBE(^v4!^gBE=?QwwdW4be*nNGtq(+lx@5z=K|T5+K9n}&3m zm##a-{@xYo0HgzvzTu_2A7u3Xk=A+X28Y<+H$+;F)c02*J_~#&rGM|ndt*~X1W^B zOgEZp{Fsi#^EjkUUV0LqnLdGMrXS<^6Qr+I7=NZaPqSyHHF#!v4W60)fM=%ND(!uy z)A7u7F`k*eh-aodRN4DXN8_34v3U0V?}*=mzcYOo&rAz4#-C{h&(o2finKNVqt^T_ zP6MCIy!0_VGyM+FOb?xI%8>7I^)lD(|UVmIt|ZEpTaZKVGTylv<%PXNRRf?k~v1tbSa*huEI0Zukg%ty+(VV z>0~@Jy${b!pTaZKO`Gt2NEaeK9O*?~`ZS)IevIc&kalS{eoTAdndupLW}2F7^h^)L z^Aw~@z4T!`GyNFPpCB!qXZ)Cs!86m-@XYj8JTu*LzP-2fdK_Hg?<)4lP`bON54K89zeui}~Mu16R@ zrZe%(^jbVKy${b!U&b@jAMwnz=1Aku^f){pkMvtF?S7Qe_dvRDNeiJl&ps`o5`Bw{r$!(EWI6chhAmRKK)go zzZ~?hfj*Uoe&frHPci7%0bS2L^j)tu`bU>o`WK{UTw~8qBHd-FJ^SU`*?Ye=`YS=d z7xJk=dLB}r|D5YA-v^PthV*r$KK;;JjeflqmY#iwrEeki>FYrE_3cLYBj|3p)1H0$ zk3jz+=ywL)IeF+0zRmb70(~jyX5^tSzsuX)zo6Gq4PTcf`g^v6DF@7;#< zRir-u6_EQsy=U~T`7gBQk3c@%-#30tcf~W)eele*4$n-l#Pd~1Uqbpa(tSTL{!BA? zW_k{u&qexIq%R=tyxQJx%^!kvn}MF`csx%)T9357{tFFw?;NDNY;WtY5~O30RwJE- z^i-s$A-xglhe#Pm!}mv^UjXA-FyE!fzqS2i-@f77Ps!(9@MGHbL#uD5z3}YsUvCTi zBrkmo&whLce?N+JpMk!;``e%6z50)=yi9M!^9rPYLi!leoj*2ursMEDs=MLzL-@Jl zT`*2XTjNu(T=P&qrf=f;Eu=ppZSVeaYx|MD{mi$AwYJ~Ma_#?#)$0LBZ}HMk@yxXJ zpGM!>{^pwQXEL9&k>6sZi$1sfnO=+M>yWNQ`hPqAL3`sDu-u=b{7g6emwhkOUGU6w zZ#*-djprJqry=$C7ybPtf4_1CfxzEIu`%27b z74l=6`oikNw-@{N;nwWI|G%AI|6iX^ABA?vcQIDT_>94-D@xgRgJToo9b8GhYHMK|ozjmH;48FS>=`5s+ymSeknf?*a zOy9us&uyRmrO)@V-2X)Rnf`=lroFzh{=;-HJX0=HPxbAiYkHoI`HV+?Ow)Mw_YZyh zWNYWk{PST`!S`#V-yq%bYx{nGeb?%9=R~K(4Qu6+bxy36csv&GocKHz?~+*DKaS7Z ziQ+%S;p-%>n~}??b7I{@adRBrHL>N~IDEatDaXd)>r1A&K{GoiHc0f2#Wze$8XHId ztHk11yjx<$1#$EnC3cQ!jLwOTr9A88R7B^*CW)!N;_yuqi$}!an&j>ET3+>naHdnW!Ei*J)tb_F^odgZ~l z&4X{32k)H+-#!n%Lk`|akS>XT{p9~)Ljl%GEO_BDWoD1y?>(Jw6K^eQtlaNbtDw-{9!8{ge4V0=yIYE%BFuujS$I39jW~ zkk(x>EZ343J4yfV0(vuXBoe;{-qpkRa(K_gqv$83A1}D_|IH;f?oyJU{_27M?ncAE zH8^n=@T=B04u?QS>gz4lL%{|%zT|cHV?882ob^!X;s2Ev^?Qc`myzRs-K0JgKNfgb z;JXQ~-^Ig4Ujv^EyeAItK8*q$1AO%*_Fa{rUj}^arH1ze{v_~w*0%~60{lbZp97x) zd|jy@Ezjr;jD8>BI|4ru_`$$O0RI+;xTXU?1o)evC;!ud58lxDiv)2$ZN8S;rJ+ZB zyUg)$wo9Xj--~={^z4ItHP*L&?_XgIy&U*Az#ERSauxz-e{KeU_RlTlAIfJ5=ylxc zZz%B9z#9xs%mQ9@y79jU_=&)Ko?-ZjmL!$|f8tyN(!k#VKK)_?x96*n8c z1#o>&@w$f%|IVs4aV_v0Up4$d`F{Orw~K3+&E>sLiA@tVG4oLz{SGdl-1)A^@yVSp zh67&#Il%F9nBZ$Aa_8A9hv&}wvmBq?d94ZjS9DZ;HUeibvtrMI{g+DzkRQwQ z1n3!TjWcD>^^8A*gzXPLhXQACD37-eNKaTm8@nJCC z8sNtR=b=Q_|Kq?JM0Yai*As<9%frKvy8u5JID<*d1O7B{I!UnqY`T&0VQ|R<$OkwN zEo=|`4&V$1I|}vxo#5Iompo|w=UL!$H#YtZiqoBZfHSBozjvKYjGl)F*xwcjuKdsF zWc-=$$G~s7-rAS**SgXuN?&lJ;U^*Aoq-?yo(a6OAScTO*ZO48Q`W=9z!{8#{oyX) zG*T9Vf3MAq4-duiyQT}S`0O#Q(%8hTpXXQ=CXC~--_Ax#*da^tx0B2BI zsTTKp1~{Eq$^XB=d3g62&=>bL{yc0Z;@AC-0?uG(vw`0uxYonY%dOuo1-`+K#)r

    • Lj>xRnB_wN- zo^cJGP-!MfXTLxh)H)G~tAWyG2LVX)2wR?&Ro2ql~s3`wz`E#c-(x zqf7j@m6r(H8TX}9g}q`;vfD=O9#TLu`;!@jA)Md@-(vJ1SBntk)4S7^3O%;RGH_4l zjj%Uc+78$B{P$3C*{7DClDTc|!sE}|GibT%a4F8-U zY*MOFF+zhR%AL$f8aZNBeP(6=Y3r|;EQQx_8~0TKJ$SqZi@6c>+1L!Jp(q-l0|;%3 z%%_!Y6FY9T$fbfWHi3yFdjJpmC`>xrrP{moHmPqF!s-4T(hAn@fLKq^j-6dg)(|?!veF#7tixGD zeB=`^#x2+c^=B@Vvt&i5hlic z#?6v0aAgJ}j=!B02i{!cOqpdQ)e=HXa(^O>@nn#t*_{NfHl=E1n%?(l2{`k_b#*~; z4Ol^ICBm}D1!NUpJF;K($IjIS1b3e8Mgn|s9qmyP?-`~GPj}NZS!yG=4)$Gad%~HQ ze}ZED7%F2;-l}%gL%7;TD<6%%K-cKIMyjKjJ>vFY1BIp~`~t_TZayV~%pp?X6{pQ- zhvR7a5zd3mx_l-@E9`%p3eqty+6wBE)1{7AEYzB3<3Qob&y;XI0o;VIKISu;Hp56d zoN}!$q9gM5r-n;fCmtNVcLKBV+dDl&O^}XbA`1!{J;m&zQ6@M zyS88PZ#w~FePaM7bsI4os@_9WATgbf?Skddw~=B9c*gpO4m4vZDqj#^qB7t{IUlLH z1201$0M!^?noqj5y=S%ziSKVYkGNMPn!?eZzy&-r1dj`V!@7({*xys?~+u-?vP#kTm>@+ zk~X8UpZ5oz#Tpi!8P_>Iitx=<^ab~H#_-s7WP{_6tJ?l+hN%XzQMFPt>^njR#z>JD zrQu-)HkEMl{YO*cJ+p4UI02G32_pebyeNI=2~%zbt&-WNS+xP?_L1w|%ZLvxtnnrm zUJK~`x15)24Ae5cXXcu*0ntc(eR};;-xQ5CI${hLUtqPNPE_tndSKQs%K5xz zLKKjGlNBC24ED*hWS+G&$g}(I8!39L_w|!G&c@({lS%E++f+LjK}`1qdgR?+FWvg( ztS8}+khB=9UPDP^R%I2L1%|=+ku<5&?lx447Nzr$FMS0zQAM332Zd=New}O%%Guf% zWyYUNwOf5aItmUgAm@e|c{s4P5G=pJY&G1XTME~w$D0H5mhu5qHc|9Cp-wz;TpvK= zLY&%|?e~o$MgtmG$Q8b&e#2uj*jI-Abpj2wzh1ZhnT1K( z*~-b>&dS{Q{|0bI^S}oDMi(+g8JsgTYeIE#LWDw$($ZJwvmgD8GiKOTdPK$T5ybeV z^P?nPN@uHsZyL=H#~`HBDa4XQ{7wVX*F1T*=&bU*$Sjc5MyS<3;r&lGCyr79$_sjw zzIJ5$j>bwv&Um^}7=x)=8r~ukH|vX&`)(49I4|e$LvHy5X!!_PB1>?|LKDv*~wTK_<&#$dsJ(8 zgBEFxr}-PsL?n6&@*var;mSB!UyHErjx>hkx&mCNT9GCZt(8NfBY)L!J%v;~Mb*qlu={KS2A==xPmh&BOq5 zw@Hjj0YTCcL@}3F-K; z$#$%lVfxUE?gz^x`2p~m!5+Yd!{$p7-cSH{U;s~0EsG@1WUWpuwBaD@v~&VbC>~TW zvFeSj2e;yG6uyz5HCdf5AO?nG4cI|2{(&?Q9v;>T%{}XsgH7y_U#REQuPZTmqVlng{L2f34}SI5YQK zuWxq~R zU3AoS1M&lUmgNMnC$~^Q8_A}YuhUdnoMr>@qcgzeg{wp4YD0@1-2g`ei=_U;sGKSF zi$&XS^mCB!0}huSOoUC1l@UNMT7PYTv^5$UC+zq<-M{dv&eUvn_V$N0sbuUNt!+Z} z0Bvcfqeth0$?>E&y3S4KQfM`>vUcT0CAWB?#7QI;3i z9ShuL&RW`KZim?{u_+xL3ySQy-gPy+|F8GsFQ86l{M{;6B83ylW2QqammpQcB-&dz za6!}Y`VlkDbRJl82b`#rE&BAK6BGJom&uMf)6Xd9-O>1#u&f{xTZvOH)R$ zKIFF&!G+x4ClHr4g|77MRR^VQE@mhcSHYF!i0V^iwPZLFz*)2TPSBFvja^=i*ZL+V z+CAfEfooOS67WU1CL-JIL{iP(TTlrFTL9=G%;<4hW*0W0lxTCrYSzL1jXZOr(;=Z%|u?lD~TxOS1j0+g{J)t1c z-&L10S>p~F_jT9Hd+t8xH*g-5gv;4_NC;|0kwIT<<^#N#_M}=JnG90fR0E&%ovK#L zFGn8Vtxl+l9_oZEXh`g0OES&FIv=Ngbg0F9d;t7_^lU9sq&_2>*z7{1-4)Y$$J-gC zzIVL!Z%G&K3V(t{M8E;qYka(Cfpv{_iQ5S%m6$u=k;v)+Rq|Xv2=j@Ph9}FGKlL8k zQ6D-{eU1x+)e5B&iUr58DFb(~kZw3W77DlX44(2DWI3f#?ua6a{)h%T%Mvg^-in;* z<%qa)m)Q$ZU~`VF;fkDC+P!5dO$o-wqZIVE87Jg;cK)J=59z!bWBBYhI~THC>`u+hXm^ndMNwmxxrAFXe( zH~V}(yaD*)Xc{c%rW7_*k(Xs<$s3mIS`^;5sL>~s5v)a56-m@FrYa{o(s<0zLls-( zQ2EmrU^XDa>zZPaF*02(K~1oaTq{^!?_?TME;gi@_2}{{JbcS|B+7OwmT9~*c8rK;J zZl7(FSPmX`6V`(Aq68({6$@5UjQuRjhba@DNi`f{;%`4Fn2-p?#~E@aDrwnwN!aEV z9K}g7LLm2smZ3jaONE7Zw1_i!v=~&sg~9}n9VVDEyb0XB=$WK*uZ__A_+Sz|*Mq}e zaDHVDnIoNQtwVk5bH(uT{zFQ9{v?O1YdYuI4#j)0Hq)^A?w0K}?3=TL$2ve|K z@NX@27pk;KsKq~Pb_ZT6zJK0y{i{lHq%44y`U<)WXOg6vjb|1yGmbi^!EH+OIMvmP ziJ)|*_6MyF{;1ECBy_Zj@AdjmcnpH~eOcsrrzJgvy9eqE>4)Ghr!tn<_p_E3lTg(+ zG-Su{dkh;NhV$YB;7{iN%;L#|DJ-tbnN6%f^qb60sfruy$WW< zXY#27LQB^)*(%-Gnuc>)hpZ$ zwvQ-nupPRJX_C=NRKZFrE0jCEBh1#2ayXtVGPvK(QI>ag+`L~-^H$ukbkTSF@pVXU zmnbV`gi3yGKh*Mvt6(2Hw3O3SYI9IsU1fuR&GaqJt>TSv27kRLxGf|qbe`*7{BgZM z1{^hJf*;8`zT9i#W*ApjwZjUD3F7l2&q;IHGE&U(DA7 zff&!_%-5)%*S(jm)~K|zBKpy!(_YvCG}>8%#&O#CCoQBwqHjnlYiEEB3}bFOfe2N<>B>kOwP#6kQQY>c~KW7&k`}jVX;y# zo#k4C7dha%s)p~SIu3R_`Mz`gl7l_b3JY)_$DKU)cM)mHSMe+QOEHvnNMy-rgaQv_ z1Ds0W@e%e_Bnry*sMpI+jdu+YD=#7j3#z9yJ>{0TeQ296643J->n~G79{Rmnsd$le zcJwDqApx>xIA&WMQLVx>TDUl3u57mDGjrr4u`XR|(>r!Jc*zh0JTy8(_v z#&lJ`;}(`tTq2prD)zbBO)I`5zZ=a`vus=Bn1p(_ljsvuX;-Rbd(l>x#+~MDC0T98 zD=X|GHd*MQf&x!daj42d8JK4L_2?Sh)Py4O8MKT;)ffJ7n4qPwbBhb7Mbg(m2k*c+ z&#}1JE5Oj&tBBr71veEpkr|2)+6Q@LY2|g)4MW}NFTgvm)Vc-jID^5~gE|Lp@#i3L zoK+>ES!ZGxe@;irrd7tZPg3#+GkkWV6&=B#VG<6_iY_8^O;M({G4o}jH*0A~(s^b= zWnKu+t(Rz-#~%OdKF|`HyeDg`CIC9gO6ae`?3gD}Rb_7KN20RClp$2E*;$lZ+0-@( zH|7vq3U5i4YVNBK@so-^GMIs9h%u~IvY?KeqO_u?$cJe+)!4)7@+KqLIV0WFzdUo_^r;=aPeN3G zu}O~{$Dgu+6E=k^A#Z!fCd1QFq8CPo``?fPls-t2L1GpY{*xz4DuROzKnJ4-ZVG`_ z*4X3}S+m~3F!2zw@FH)?JCkNNMPsnz3jz|zb9U>)Mi5MBgo;;|vLai?vy-43E7LEW zGW_y4IEDT7ch-$1ddkY)Ah2j{uqW|OSbvfns^hA~jis$rJE%+#OH)ja-4wUOUYF}7 z<;sYt=A0x5YWonqlP;Wa`rn4hTJb2F(s9clPV(7sb^~OyNxG*LJw@l@OqH%+p~prB zYJv1$6D+^Lc=TIVMzEA`!24Zx!rbgzF)Y%iCz%az)F63+#4e20Q6@sNK0m#K!xX09 zfARdp(C!0f*AKm`wHpKH0nLvRC?gxtlc=L?9G&Z^ISB_qZ4%m}K5J`OirqLMUmB_A z|I$`$Gc_0ZG&O#!n@A4N@a-xPyOKz|BiduIjKjV^B%txzad4jn?4W$b(Vkg>p*~KU zp5r`Td~=@8-&*Fodg9^fKNAIUJ`!b!llvfbv;jRu>iy8zP*5qBQG8llV2T2CB9L_v zKSMQ5Y}e*h>I#}|KtA{0(|wYw`D{xAanH%hM`Vc|FL1cETIkmuRU1zhO zQ?bvzwa%4wIirw3qS$4wJ>?C;Q~Z;d)j4K zc5PmcatRvMKA2=*(;K|3?=RiPA}4?DmjE`}=jgD?w;J-UM%-HUm}<0wJt!@TH2idm z=)?cn5xoGt|LO1@_?r8-fv?>EU|1<^E3Iez{~knT%1haNJ4e0NmetnKX855}rf#iR z3xxrYNBOWY{E!l6v)F9cmN8ujeFR5~N?bmHP}v^AG@*8TVgY}J*GaS4g30%ZmuIGC zy1hM4yuUwOaQcES6S!g_tNjiSE$+qB&v&J&%TbZMJtosPNWH}~xW(I+yY_sJdvGBw zMe0|)h6l!1#jX)RDWH<^@7(kiiOUndHkBJOx#+%e^nXQ+g?vfKIee+Mltn{fN&ymP zk>DbDK6XMK-l7$x(byoLFmn_k%GA6Kj8TW|KaX*39|_Lv&}n!t#9gA-5KkH6!a*_t zJI0qF^{kfJcBg%R@wBSgsR&ZaAY8sZJbJIcN6IL>=i;l`2PLB^8`|g6i$mnPPg3a_ zBGzo$-i7d6L983Q6U32BU$3=;UZONU18Vckm$h2YFxrx@6Xi+b=?gSk{5 zeNv>4Fz|PM(R;@IE2<*HssNuslMxs>==o#*>qyg z*l#a6{Q6_KF!}|i!3}DoGI<&5L}PFNc|Szr*F@1J>%UMD2gz(?;d^v<_P0~a|Hg9s zmuvLf;3;P9$Y*b_=k{+{RFSa75<&kInY&w_8NnH|7P>uGjllM2T1`AB!wIzAj8p-|a%eZ=M-dK~8xE<& zYZtg1$2hjdU4JGb7|LGKUi|jWgMRo_d%s;}Z-M%LTvz>gt1oQz^G|ky1VpV%wXfQp zfR;=~312C+EZRj~_iK&(#kp+^N)rBQ+M1yz&kNVn^1C$woy;)&#c%%}nDvYj4+3wh z^91=L{0FrH;;Tj`ka!Q0c41Xnd+RhV z?1u+4h3PJ1A4DcZ+OXJ z{Jj$<5cvo1eHj|}!>IL_9ao9r5RTwAq-s=DgNG8xQ%^LlwbRbTN#sc4$r~9EML(D# z<1{!Ak~{T3W#MuPd##rVd$vsmJ>HLJCV)GzIg8bk@)UWCs+} zD?IJ;7s!7pg#kQb&B{ZcQZBZx4-MJ2t7zgo#+bSaz^J9SKCigC$kwJ z0hx}qf2M|~b6%p{eO5#Ro$A)$!r?Joy!2M7Rs)7UgPL}pD|b*@Tl>fJ^JCCya}8uF zNFZ-zDr`%b;`i&1BpuSjcto_2HZAYE`~nJLa>apx%rRh)5(GLvKiR;b94|M~H>YYz zMpZ4#KkjBYo6v<}?1F*uj6HbB`vFRSxF@5If1I;thZ0FWK2AsAEfipogP)pq>F#d8 zSZHraQ;&wp1t)+-S?ekpRIQ(o`r_7{f{53JT+UOA+`>zO6(V+c5cq=x@=IY~+t|KZ zcPDoZEr#q+Nq;bI%2fNN2(k*I7)bU*J}3NP;Z7{T^b{(?s7Tu=)Y@RV5NMjAb)DRJ zZV)LWi!>zmDGS^1cH1jx$B*$Kvhd`7)P`0b>|DfEZLXOi>Ey{ zwl*vT{_w2Iin(wIIop)7Dv5~Nn1vrCn$gMxwc&=ZZ$_t0Px^U9i2%oRhDodLN0OX) z=7gegOp<*|LS2yjj2G5d4II$%n+_lCv$mdZNW{iI0;F!ZQa%h1mANfC9F1N#gbt$a zu)syl3{N*r4~w$qprl)AFHjqDGhBpCPdJFmPI@G)2Tr9kO&%}u25KM5tyS=P^ERhz zA(dPxK2RWQ49X+#_9?k0VHsOjfKF!1mVdpq4S%`S=A1W#RrAjl5P8~!Q?NoNnuVv( z@kd!>(ojv|+P48IQy)BCAb>s^s2pgMMD&w#K9e!fX=haD;??~0>F*W6xcx^K)9nyz zR`xOyVft~ce60gv170Da(Ft&%)dB_LrvtHMv2)_Rv87mAAuODK0JnO!OU9EGN!Uel z1yhUVSLK9A`H4mH5tNp8z!sJb=R$L7IAVboKr)qAUvaj5WwbGV5i~drhAA@Z<$sF2 zk(x@2*?GhgDJ^cJr6Hz<*TIB=D$9CK&y-F=ovid+4cfd>|(NSIa=yn7|RY_kpxHsuy5vF9zcacJlT0je@cH|B12RxO3 z@k0zbxMy=sF~NN&E;r+r3?VtGn?7MuD@=G0S_;h0%Ak<=WsmKpiKpVzn zqwqe&>=}we-}75YqQ@zCY`nNJmU_TuNv^z`^9!i!=&X}$slT9L7BN{bU8#K=#a`wI zc<-MHc}a}K%Tj^x;}XTfP#2G6{skZ`fNAw!C>ic+Wh4sYwc})cW^TClV3&E5R!~Z(JC|>A(c=eqN*8 za-$5`BAw`NF$ByUcl~@*rQZrND3wYv^(h4rs|O)nliAAysjfwciM!{%2!v;JfDsG* z`Dl_y>w8)?5X zYxu_A3Or>vRw28Z*jBzEFm>^R7uB=4NNmp_^i7lBHn$%Qy$6RHoTT zFvpfi6xgJVNYrJ6yHOyiKiP4U6>tlk?i(COvI7`A4uK^lhLl5;)CjEDK&%iI@?dCX z|6K>fw4jTqHHATzd-A+ci8^46%79KSAuWeJYH6>A5-=;zc^n3-if=1j3o9MIvjeFV zBlW@WmS6q?O-cc?6hu_Qm>nG$nuZ#vdr#P<6bq#dAe`rHn;474)&@69LR7`DR%=ju z*gnU-6s*fsSb{p0Y)=@%*P8`kVnsy6sc{R2;`EV*;>^xO3c;4=eRA|<(PcLP(eMUH zA``Cg!^#F&A{(yg!z_EqSk36gcI(y|V$x~Z!L>$(=t%{={jdXYik`|avgmIGgdq>U z9`$2GkLA%ACKLIHxL6c(BjJP&R6bimEm&Pniqhdy%$8l!)A`eeTufmyzcJJ!2FwCA z=BCqzDr(DLkNueY&TrI3U1EovcDgwy_z~H^gx|cOso$NB-;f(5>mKP4hI`$!FTyI` z)0~7~_j(7WY6$f+V};oj(}EUbidJBgJ3Dq_Ya--`E-a@f+#y0=cWN|*&Eb)MVfB=Fh3xn+KziWPEjPK85eN^lZeJa0W4E z0RbTaK>_&=`1n_|n6N_iX83)TF!}!cXB+!}6Q29O&7y*tm93=_znO`kk%5_&p5?!_ z5lR{gh$d*>EJQ@x`ai>neVJ8Z@xz464 zGAHM6@-~;zoy=3nGjXinaNRdfl)m`Zo;E%Z@OX#ejr*G4I;ZY%vaU9s-afK%eL!k3 zb;Q_m4(q@LRG10rD=C5!3QZ8>Tk}dM%fgK?)d|X%Qv-`ghVCslr$O%T;iVSp!*@c6 za_!Vp3V-1Kva`R>in8nXJGuL$JFL z^?O$4X4P|5{HNrR1qjvU``Q|eNu|b=B@>;82q+!mwEAPz!3QnWMvHM{#7gQJUK6-0 zq~zLi!GzT4+agJrmh#~-OWJrg<}U;gR+XikG=$IHX?N<2@+Tnco3bd7pf>=tOrDyFl-))0WU_H4Z0S48qO&wB$HM+8?MMX8|&T#`g3ttRl~7c-%YY*Zc{ z=NCraiSuzLY8Z%+zU1o&Z5BilMLP`WVW=ty)2QTpx(p4LWKGJ_6JAQX`i%pJi)1!E z=_#ONV2!ggPBp!wexZqDIXD|ld1{BPR4PxnZ-~F%Q+ZB6h1L% z?>tw>;R#Pl(k@4jvcU#f#S7-YQ1DdvW;&1pOAXxiQfJ{ZFiFx!{b)?eVu?^gZ^JZF z_kTK{J`RQIpJ0$cyU>@TuPD>o-$d%vGBMi!ZE`6jOr!#CO5dk#ztp1q%a|-MH`R=j zaF3zb4!pjh&^Uqr7k$URgX|EdYdp2h487nabQ|L}_NH61b&h#4;9w~^&WFmW9df24 z;046C*KO(k9Y(gUXJKud<=6xNiBD+E^33pij3A^T5+!5Go^|KtpU2d|;9I!}z*~kN zdK`+h8_CS30kDm~uYo(=wnZ3atlg~-Tcs>QH!*9n;B;m+Fl)IQsq zui9K_bvOZ*gt9D5H;^&~Jce0KQ-+Je4ksLzZzY%>e`w@m!`6Ic3EW)|AT>z48$9t9 z2^sv-r8F?x=mNtj?P->U3bu(v@R!>P=aqwTlra?Apt}B0q}+RIrX4NGJYmJ>WS-Dl z(mL|<=L}X{_(dzRqqS14LT!e`g^a$#ag{aFAyc7S;qCgh5 z2yG+}-l??RC9chvtFOhR+?R_0L(7Xp5avhG9e~`;30&$B(+;1lBmC8^yKr12u0SR5-Nxm{vyn`v2R2D1&aYca zub1-1K$?aePYxBnD*tBE0Io~4^=!N4FQrWqh*6eJblwxZ+KWs^z>0<#Msyq}&Y-L} zWrI|PtUTw0BX$6Zi)(jn)s$sn$=SN{xs57+uA%?WJQy34+6 zVS*>X-#P;y-#ZlyzKdJL+9J8CMSf7%>U*LO&gnCYBIkQk8x*Fl>BN}pO_ zUKEf+6UD~?iDLwIjCYVIn1D0J^V$MKUYZI`(=5yPw&XOC7sSr`x9>VDYQn9{0=aNs zT6}!HZ4x2M9A+51b2X7(ZMfrNdnHbPud(BD`Z33K-d3K$#V=eN~(3Y;{-15b- z!A53Sp_N%fBaR^yDlOSn79`aVP=;2__|4V0ufeb_nJ6ANflqJy^fFR&&c#5cAfPv# z<`Srj8VmPC@?adEv0l$w;VT*k1jnPJvKcTYl#`?R-o~J(59YqpcWlkWd41WQkQ8xr zn3n;;Ab&_5B)7M!Udhg+n|?EvF5Z|TZM#X;M9&Wk}&h6Vtk^ zyj$5%UG)Iu=cEZ}nuDvifWqea6bnbCqUtE9Ee6`5BeFH+IAH z%h+_LFjY~H1eG`bJOw9D#u(a62EZBht^|5TRyTiUSRlJT5sQiN(CBWoM&6++O_ubi zFHgC6G-%x3il*)|R0U)Kqu(|Msil6->Z2WuSF0o!b6s!v?$~+_y!PbwGD6=Hs!TMo zWP?crdK78YK=7>0VzPHa@2mXOpXo{6yvwgVmILV!%%&b?kaRMENxwOcW#J4Cav!#- zax$~$63m}O0hanuI2@n?62H)SJjPH6;v5FXAB3U;M{_}}+A-Wm^LRj@!3o*17#Bez z6{&QimVot7cquX=BQX$-@hpgL_(C#mp#u_~glKhP&+&?u=#Q!0pQi8`&h$uYaW&N^ z#ER?K2@}WuTthJ7K!yOYA~dZ35CEedF&!UC`7rZOBH+kx55^bIgIDZuY=Qz?uI(bD zGrtL^+^$#F9_7uVL)bH(qS|Tf@~u* zu?~|Ns0Y*783hYiOB!&rGjF-myhK3Zj9%}&iIo%F1c%JB5&qgAx1_-mVMD#HyHwOg zur4fAp)aAyb1F7^upon|78+tV@N}TUiIPQLkf@9c&;zFNU9gT^y-0!Vx1(Yxja@GR z@Hlp#@5e6LnT*zky2Grb>jt-Ia+_<39r;B4)R0;RVK}6|R_1tP;c9O@O4A0uteflt zR3J$mLRz&*%yHRi98f-0|AP#?X(iSH8a5MXW;o3a(J^el;vr`a0jUV{bWzNy3=4|V z;OiB?k`bo0;AI*VJBk)RbC0IH9W2Cjt{FIx=>Z1QzT;*4%RFq-=r@~3AmuShvTZ-4 zjGo}$%H%wac?b!+a4sQkAZ!btKe;1O-;xv3aiQ%N1}kE%X9e;zoM%dl*T61IPLBw6 z-!PTqJ~au!Se)Rsz{ndJ7NPRoGGkIvHWaKuWPOSndgKk1*&|qnZq7jcMW`$~V>&av z1CO5Dz8nZF4KYVjT47t&yaQ(?~bcRbg_9MCLDI>v9#=}ttmlp34kB^nV@SXM1k(E z@Qx2~nhgQ8*Ia3BPg~+;ic50rfGVrDAwR?8r+|8oSJM)l?Oh|Lea)}dNcm;UxpG|t z1fb7;Sv}swB=pS{sh(XCKR#u_vg5ZMoA!zUM><=*G(dkc87Go3HC!vE67$gGTgoTCEAx*qj9XGE+LJCq0b3=2z+iG|zw6_?I z2w&cqf!V~_P|^25(iSgPU6mnT_JeQRc}l?aYUVbOucc%U-g&KG($}*#lZ~q6R6xGg z$iJ%rvy3D;*D(?NJd5osb0Zu!M=IIxWM~^ z+l>z9ytdcK7CpU&1IcLHN}~uFl3Pa323U!KpzdS`K~q9gZ}y5+`A%esRbtNhGaYwn zAm72hziFK>fpV|CxYiD&DwK(3M*%hMI0&n1UI?L{O7y&q2_CnN3AkJ=S}1ZH9uip0 zjSp-;32!lMvufa}C>Z_NMnLbQG31uC%>8=fKi&5s)C?+sfVr#DBB zv*4AH(p33~;9bL`s7!p+-3BN_WR}QjCGK~KTVkq=IZCEoh`%S=ktqwYyTu$W*t_D( zwy_Wp%h-_OFckR`_4O;9O+l<@4utDCLoaR10N^#H42@)6^7Ge;dh^{B#gGjeN|p_N znpAIs9uySur6ywqnvue8lUAtW*JgkagR_s)<;@ARxkEm z>0#;qESD!{Ap-8%F(>OqieEsRMa)3aB-B-GD#b5h6QPhp=aO40teJJUVO{vzy}9t{ zT-+8+`s80Nur^t15|w?T483WcLJSW^2Rh60SbQ7^d>f$8;)9^|KL53q%QQ zxjF?XTirM9)g&SI7j18s?U}pg*64{at;gJ&%KPf--eP$UVd>*)o_VA&hVh%bvwC)g zC&kYd#<(5k*RQ0A^VBL6T2RhqWfC*pNxH2Kh@sc=Z!`)zs{}sd%7nm@(w@;O!@~(y zpE#H{6tCtPH>O0MDfAkVLEe9FV{4|Ftkih-?uB1UY{p2JT01p3R;2C1RRo@IXE-(m zS2x#N?s!S9k|>iU{OuN+#2;~K*+V>WQY|;A_8fI--eYyAz`6<69KPmL?12GC%&lC= z&oj33ghnyRD7xQ>qNZ}((HX^tN|oqfsL*f=VE6|3KBMe|Stb)EzQg_rsr|#OI(@AJM|WYG78X)!F;!($ShZeD35i zz+#HpA=wE2DZ^1*1Jtp@e)vm(q&Gl;=$;wAFt78Ei*%zZ(R>QHd$QhO^di9;7Py~? z{X&7^BRD(b^Qp!DZa;aH%><4YTp>$%osoiMGm|?w1?ngeBPq(LU|--?`&PQkEjj61OD)|-ruYZO57Q-vy-x2kyf^G(K2T=eAOYhYQw1fvL>QO8P$=BW;kpkh6Umi7PeNR4r zjs1o`i&Uk)FKWe8~Cx$4M|C_`>Ny7$H3GNf7{jAgVf}=r#9Xi3b8L`+p-Bp97 zFrft)%iaP}epdE)Xp;@|1!3h3=ofy$J*eO{f>N2R_B&Vy8*&1ecFDlkwhi3jvR{!r z!C<4|R4O~;)_Tm>>rt}SkE7ZV-6M)Z#hEF$!Fln?%0mlp@4ajiqvVD*- za@yoJ?h_iR`3S#m_502;h#@!)yQOu-8ERB{g$PP*8d-dLC|uMV;X}NvKDf5s=H?Xdqn_Lz69BK8tyuR?i%@nb*R&w zfQ!S?jQDQ|+ zac$3kfeDb)cue-!@YZ98Yc-4kiXp_8e9bo7mCQ$RB}Nu2OVX%pi_$b|?49n$een~H zF@%LT5}KRDH`0YWBJYteZV$XR@O*z3px4TE6oG+#U#6Q=qE#TTG#-;cF0*Z(M5l48 zM*+jDe{5Wu;Rp!WsDZ?k{ufcuL-Yu#aPhB zq$rL^*!C?pj7}1eb{i3cu1u^*TkEckT5K(p zclf&W2liDNk(B{*Je1z83^%Hca{oXB**KDQxRd2D2jSvP4^+Y4MvU)r$rK$ahD&;I z&Z8q(aCZJB5K9avfTbV)D-#QS3siDU%=5T2{Hc~FIm2f-PPZiSRc;IhQNX6yYjW(d z1TDKAO{RM&L!S5-Ok_4bk7R@6*DEO5beMOx<&MzHrh%3G<;N?hM$`UV%ynG8sIzFD zQrkYP9V>a`^(jgfY3pp?S@ck&Hv1MzCRPK#ro|4m#H7t63;avWR)*B9ov3f)^<^M( z-2w>{f>^y+Ymi@96r9DSl}*XGJg!AF3z?l%-MmOkPh<9DerIT|bc1C)0vF%?=XUn~ zEo?!vF3e|i10k#4XZZa)jHL)l>2i4C0Kpm^GA9vaHv2B(K*;%Tf@kzy%z<)eQDn~{ zdH3ZBD?uhsq`AO-0I>p_X85RBDJl{{6R`qDe1dw_Y`7qUzHLm6M5`zT;pluw`vv-z zPaygiR?YNe5M!*&*~3>Fa&(y-*oNPBP!jd?R*|+F;2IRL@Yqha-Vh#-|R(d4x&kh_GXIYjeL*Rr57Fe0~ruh@khAYr!1O`(GJH z`|9_`6yLh1^>1e7KT{F^MECTsn)Lr+Rx;(s#QS-XxaW$Z!e)3pHBf2dThJPjQNz=B z`Qaw`Py3Y8q%HVy3d6#E3Uk0{-hccO@0dYCZYx1gX-#f@%J4X(yTYxu`O#F{TXQA& z^GQqOdEMb$j@B7)Gs>F(XtQ>20F|pI-hu|p+s*i?GS*b2_nPQjUkV&Z9gD89~B*} zW=cUcZuXl#KgTy51lT-n0d3w-w4!z~$$DR|e5jl4@%~Ez4I3mVP}8v5`cxPOUHrX& zde$NA_o|$XZhS>7udqB-LDdW_WkHr4)eMP9>1s{|-&3Uipl5H#XqKE*%q!t6vEI)J zHG?SqRaJ&;S+9{l5~`Db9;(H7SJnxl={W)&7};dQuEJvV)VD7x z=G*i8cv_bC_YRSo3lgJ-0}C{5(YoAtQLe87l;2sARht147lKy8Oau=&&pl%(aW#@t zunvI&cAuCGGv>^^@won^b5!0=!J0GU5!#Ag?{Sx2*r__s+FA%_$s9+{^f@Lul&?dMksN^Q@oyzvlM6g z3#F@yz&SRN1xgI-`jPo5QBtrpVKelpZ8dO$EQ9OV@)KhpdxorGH*oxp?b2a%d2F|A zCg^fHJ@gI)qb#DwH@X2ufaQ!`UI$)x7KzB|{ zs`C|TGXoj1^pWskMg3#}*~xh%dk{;3zwepuNCGgzs<2QWD5`F%6`*dM~}9FoM!1&H8I_*uPhhJ4k}0O1@FIiFtA!PoZhYUsGtCfL&Y-5oclaZ(-Yr z@sO-;`G(vbn=d&7yng=}h7oZ#KUPx~Gi4*KcENMalRDpcS4L4_&+pybHIbNEr&ckX zkj-e5!VIkj&5s39u10i|ZY?2_K}VB(LU^<%EU$5T6rZU{>v+lwCeflbn=V zIy8{jN{}J$j7#;=8LaIpL)SW98#~TS+uFPDQ=9MEu@6`5{U$ltP1b_r8yn0QN(dy8 z9{q$-qp)#txsUUkX-~o=glBQrdgHrUju5a*W!1-s8BXv^p?Q2;f~L7Mv@ca$uJ5k` zJm3^~7M6HjVRI979$0Ph(YFa^dj>&hNP$0Z#pU-2G9iW%eF;kVgw7M4>9gYW%VZLR zk@(N!Q397Nipfgtxe$5BpJ z`hp3E_N;?u?+RG}u~f%<1Hpp%Md!MuA_@_H%{}D$E;UQmckB{scS8uGSO)5YWtKBJ zceSO`Qt(26{4DI+@^KBzY+J1KTz%Y~U4|!r${olfh(+{5`!Cu&=wgc~>Km(;{?>WG z`wz&De^BifWR-dND-MW}0d{6=_J1z?3I5o43Q<>SIxHE%i#zwCp+LyNsBVI-T} znh;lN!1ej_q6qM(Ed9CPS@@RQ*|YUO;q?yL==hxZ*-B(cXH4tU-SaQ<0>c3zl~8F8 zBS!RMx9^=6UzuBVY$Pq_ZuhE4TBHmdcS9JYoWh~A^!&DZVliP4s$=)aa>o;qH!JVl zG|4?^Rj-fHnQbEG2#3b{5R!aol+nX#x4Cm4uNO!v?48j}*r#%z!Tw8k6%!H>2}^LF zwHnKj_TwYMGT}}=RVets-UoU}y-~Q^)kH_?`1|{1_s{j6IJz07(Mj{YmTB`w&9yjG zrHcpUawpqh31psSQ*R%Ihxydm=josDAVI5S&VP>H+sGo5%ms7O=seBTC${4!On6e( zD=rIL@f&a}ns;J*^7oqd7H%@&qK58(ijN=Q_NaQnSG5{!vvTgHUIU+7)iE?9LJ#^; zW&nv3tDdct!$B-oQ|zP>!S1(s+Rk{sT6CVVSpC7W|O80!rOGI6B!5o2@FJ zuXlS$Jz7X$isf5#n!|Nkl@_T1T3aV(oFBO+QB-rVni`lO(d9~@fDZc-ctB%XcR{7C zMNf(zEpv^Py#Bm3H7BmpviNY};*>#bC~Q&AKNd}j^G7(Gc2p(oPtjIIJs$Z zdt??5+`s5Lb=OW-7UBsurrG&CcUvlIdytq5k^O}U0VYU5!=g`IPCvBL@g`NnC(8~V zx!+U^(Ha$Q(g}ancpy~4Q>A(GmVa3a@T#U(ULnvnaY5bZMOu%u!FAV^|7!iX_&b2a0E58XKn3 zmcGnxj@_#2dT$-5{2uTM?aNL{ol9q(IQ9`C<`Jr+azaIwEDg7|mI z{?7;czmdfMb)dh+P2ZAuBNHS0e;+_E1qm5MIi%03%-IlNL0;-`WjT%2Kih9|o=AQA zP~rfho>ceF?%2WO>-db#Lsd>!+WC+MyG`Z4)Quaxh|r>VIVB=c(H-~Qh3megVL z<8^Ni#Me%eAu>IyoU@4>%WGxdo4ZD<^N_h|9bnAUHQ0wAoNsLw=q#U0l&Cn-x76Vhu2AlTa9NEfryTutvd6 zgSP>o)uaaV!|Yyf8(02rf)||Cj~j{{r!9RGA_!^Ctr@NwZLK8o_W+OK+;Rjyf!?b> zCH=6`h6A+NECLiP$M5HC7C7VnW+jDeSXirpKc>Y^MW!v3>!^@80!<22kx($ZvdaNj z{juGKP{Z&jE@fQ{wn2(>F;ca8mNF!^fqFz&s|?u=Zj7YdiRED#$aeP*=3!%+n+Gv> zVpv9K>#KEc2WzusmeJ3y7=$AVvCJA1U}mL-rtgZAWZ`=3g-~&#g*AYrXmNb`MV{6a z!L`zoO)4fi23!N2sl7j;iovg#jCLQ~K}=Ywk4%{%FZhJtKHF>Ma#8t{BNY1rPa2k( zZbCVs>EGxq&mN-PNNw4nh`%n$WkA9u8qtPkE~VU@{NfeEg<+403!Dt-XlQM_uiZH?H8k$?tQTt!UuEI$5zOya%==$(>)>K_oEMKOAm_#VCjW zU|KBeSSPAq@SX~BUZWqJ5WEzqzJ~Uz1ncDZJR`R)(c7Cm{U6faDah6+=@u>9wzbQ) zZQHhOo4ab4ZQHhO+qQXjcmLD>_Nsp}aGciDah5@T5_oithP~W&Gl_1DP{f&EZUu8=L%N5B+p%Sm-q6bbMG# zj^+9Jq-B&rn9!^WuU$-D!9ha#`!`;0sBrrtR<&>MDw*BC+{nmaZ$|h2Ceh%(O``wg zg2z9TNXgmJ!q)765-3Jl#$M^K9*pgd9v0p+=_4QuBnpbOo-U+#3FF>2$$F}EcTldnbuZe^w9Wv$Y1qu%&hp3SZs9bE#~YGT|rGv zKgK_sUe`P)Tsv>mZEwC`87u%|cZ5M{za~kXWQV6oOPEv{v>Z(nQlOpQCS#&i9GzSp zr(GP!5L-?UOC+H%f>>>I8WK3D_>yqCxoym}L4krcuMTn9rU(YPhLy#C2O;Fq2Unv& zGZmyvXPW6&wL>pE*^7{S@Qe#}kN!O8#XQN?^_JB2xPd`?WlcA#0g&Y4+l zs8$-Ka!)d-`O{;1lxfYSvfx3zl>N*2YAx`O8!-E1uASPS5+Uwzq0?MxKD90=Hi$l| zLPu$5M^>@Ui@7z8j#aay@XNg``W8G7gP@R$CwdOElakE}-4<|V95M8j8`$)R6axncWfSR zM3>e!X1BIOfm;R)jMZWs)SKL#jvNyR%{6Pk>Fm0PYiOj8g)0efIAHEOug!xT0C0|7 z1Vl;>=;la+Y6+|xWWtTG8;6$Q6~)q50OHLLq>vYd1&3%;IglUb1+Lr`;U1&EMmI%b zKx66xyBFy~Oo87l9ijqLjk3^N{b%8IuJ9+x8L5aIc>N6`@7n>A&y2_uOFNwlCC=}U zaOo*&^3~s`xIFmTT}?@AB>PVaDU4opEEo(VK2N5fRDbtjy3@TztpE z#lLlrz1BA9iiCAwZbpj>Ys;lH?G4UMCE;!si+;=N6n4#Hl3KQNms6Din1#=fJPN5m9;N97#9si5;@yrBRW96j}@ z&M|Jc1>UMP;av(^Rf$wJp@Bw2J@fJx?#-!Q%mbb)`m6e&*4?3AVl#&ZJ5Q2Wq+wp{ zbB5G9!&?fXQ?aWL-#8=m@-&i%SJPVF_akNfsS^f^f66>1s@xtbY3y{w&lwz)aJr&( zt=^w?e{Dj=*f}$lWK01)HWMFfN0Iez8|$+QLCah*sUhFP{qrlNo_hh6W>dV({9KU6 zYARW;_9BsU%vTa+DaMLB+2w_ z-{*1(&H0X2(69xQSemNhNqQUSD0eA`s3rH_Hmy@j6!-h-2Xg0Nz^@Upo4i8f2heUg zBZj?ifsZMFczvKZ*Pb(-z@7$?C0{2;C*OfmEr%3K;fat_km2(SpG2}uRJ#JPYS)+( zF=ol|#~aTJYO6{8n>=@xvn!H0W+jb~0kY`4$Mj%1utvG()-1LkN9n z42m|BPAvz*;*aC}HF!f{)K30UA;oO%s14E4&H~waec1$RG_T;qXuUMbw>h#8+$;7! zI+3BlB>0)XrBeOhjx%ZhQ@m?pYh-8q7jXPnZi`(1_30x2`k8-qIxaB`cK!4SAv*%% z1XuDAZC;e2Mh1pLhT*}9c}C<1>Z9>SVi7^7dKa_*(1KrLwlwh9y1w4>+VS!6^9EAi zkFQOrHZ3S()Rve_&Z_pf@ub=*I_*^0^s-UcIFnp*?ZgcQ5q2*hRH#LK?j7n@oF~UX z-tUugpWbHm=>A}_7!kS2*zS2(jqv0He&wCr?c6+nV0!h(phcJn|?SjSs_ z@i^lvih?8-W?x|^l12!+MQEmYw2(JtOMKJ>^!*F?z#+VH>n(==27~n9b~J4Nb-2V$ z-2WA-EG3=42oQlM#nz^S1_CAWZ?DDo0Z3blVofC(KR7IjEW;dJV$$)O^s3pS1aLL2U&w1V{kLadxxqIBNUj~KtyH0sT$_EYcPuS?QXD9y z@LDP^!?m&;puCV=U>uLMwOmTjwWFYWB8JBpIL&((P#G`x$VGX9bD6sD9oluUhp7mu zxU*do2;I|MriZo4>O+m{f$jyafq~?eT-Ap%>}Y$njqQ^X;FU7~@P(Pc=!X!Jr(i0V z>~3`_JY$(CO~;F7oOD5IGm_dVU0FIXTqtL$YEjiuqr!`xfapi}$6oOkW*Mu!*K@no zk4%TO2$7xmmQ8cdzJUF30A7Gu;33~(mYFC$^{F?*6zt+&!af$LZtI!p*i1y+>lS{5 zqG$Nj*ts3KUW^Lp{eT~m+7Ya58{JGSxj3ND^X%h?2hH0uDT`RcK`mb zWMA6m+t=XI&QubyVVrwZ#i_BjV?s_b_Fuomp_b(Y2ch4^l{v^L`(;H^DPMiUK1^WH z3ftK>i-FLyEX4fsRxD+-3GUnV{L&xk9uLVo?u8cDlXC=z_k2aZ*k3I9*br+vs`+t9 z&fy%E+m2A?9Q8hV`XAgL_ch!`m4KvgSy@XpuBil{OYgw{kta-YLh=KDF&@yrHJbcS z=pg^Zc>hn)`kN>JM`cM;)UrYrK>2R=N+YqoRPI=6k9d(vFV)hCi4>`AGUPuEibC*l zXwcZ8u^<{#r3!z}^W(=y5vc^pqw9vy6e#5D1@{Zh=j-=0O;DwVYOmc%b4p{{c{Anx zdaVW0#~4A$gu`NzrGe^CXTp7*vZP9Ppp04bv}e23a-eZGJt#d6e#%vV&7e6^WM|vf zV4{F}ZS>o4v-I_uPb-xU6PV1UWPkJHS;0PsnrFmXBIoH*ghqYT#xK%m`J`#3DHn4% zT*+5;-+PHp$8NU_B#ak^mqz|O&uIWM61L_v3p7%K!g`l394rUd`n9%~Pms~Ut4XPo ztRw&$5`t;Jj*ZYQ4$;2*lTFr^(t&TFrT{07nRUgH~+?SK31~Qxr-q}V5Nhg zZvAPPG*ss%e=wu^1#Dkw5Y=sLQm6zK;bg~1D*GWWqJBKAtA04n!z2s;WgN_{i}8TG z(=jmTaeQ-EL~vLRk?hr?pM*~+b)R>SOqY<^gFp3HrGJW>r0}52P5k78{)gc%HdIIS z2MZe-m?T`^DWcH8Sd39*Yo2Kh+Xe=mdh2T7{41ZK6f%N3Xv-<3&S~nP>m{Tk_m6o_ z!~3GunoFv$1MWr{6Hm%@qsM*lBbQCKX0XY_Bax>~wzly6afe=@h1BfgijJ<=vPai% zbO>(6s6dsu+UQBD%TaV{p^EmnZKE9~3@LG1j0&j=Jw_2zh6!`xQ;ewd)JjiD(r9;I zbaX)hN9~r>*OvOjTvO83%%n^`?3cD8yG+&E?H!Y?;#7CvxFx3$lf$U=qAq`#5_3%# zOfkQ@We_VBaa#);X_rX=)blLHKC#S~ssShbq%usCut(IctTTGmo>6Hf#yyh#zt$rndm~&R!P>zy38Ud>`xx)ox88^ z^<2Zz;Q|L(va!9K1;HD!|WTIm7=)G5PFA9`b;WnB!bX$9``0r`}{BO%Ew%e#fGXg8VA z_P}9pm;g)~Rtkou%}A7{DwA@%s+>_-;Zf(3tMWxMwi_L@L-X!{iZ)YL2xe#TqqoKi zm5j;?5~Am6x9QONE9s#0Fk)!6XgRlWp9~?_Gm5ZaS(zGazL{~>0v2gYv z77(ehO|JRJqb6J&{d=>3)1)n43pvAnv=b4!XOO|Kb#liG!uW~VqkY=Br$}0ep3#Wv zC-xSJWS=&K;SWcmE_Fg}aCvOf4(KexB&c}Hy zd$-Rll72!Hg%N)--iVr~GhxA-XW zq?hnI7CbHe?c8>e*ULk1{{=B@{GG4rgTrynJuiPuA|h%~NK zFO0?Gk*qJbUT>dRFPB|SiMCnC$tDpKyNz73sh8MLNnnH2vRnTs;NWieC&yp4nZ8!{ z>Bp}qA-CB^qkdyifZwO8r=wZyc>UPNcO6@i=rA-I{DWY;P_<&=(_^+sYPHa5-Ymic zB$0BKF5yt(vBo-9T+O)5?BVgJw!Qki82$Z>W0|IcbxaDb&ESdCPODjZJ)ME#dB#ky zPI;Xq#U=*AXgKdZq};_6b>ICo0I;RA$CpOEx_P}~!d#K`6M3K1$O1s`1%@!w_wbF8GzOKqj z-1$xg3^HAmf4mOWr`I^*yOj46L(|MSN9&rgR)C=)zHbsPBzZrNtjJ^!g*d#)=&`Jfz}40y`r9_hF-u~GQZ)l0>Z>m0?vl%%`Zw_#+94ZKo%L)G)%g^p+GwkJ2_br=@LZG2D42X8GxlXEU zTeIl{;42h>?q3^~&OQh2xRjjjnLb^2QnPq0}CxFks_gtPgr5Sm7_jFp$F7P#vVx$3B0 zlm?g#MtXT-Ivf}f#4Z~@thFC;Zw>;xfl}G+(&6fAmgt4r&90A903>^Yhp1kqQ7>Tk z*`1|$Z&gVU^tYA#4u+hJSyKVQn%HO@6#(Kz3T}l&(rgMV%unJ>lH?;?q}Iu|G=Uu8 zZB4G3Cz}C-`|V};+h~d_mU)D7K-b&A9_g}AmL9Xg#b_ux=-O1_0N+Fh?ir4Os?{7* zVJ|FkxV2!wQmAu~fHz%LtI2|a0%$Sil9Mj4BCtkN&unZ0{pU$q7S213k-C#Y%XQ$q zj-LH7qId<771IVOthf-? z5Ua>YN(O&>x-C7{3$69MfzvKeFmI}mVfek=SVGO0wxT0}qD)Y_E5Ktp0m+0`K>zWg z>1#}e07}$qyKT|2r7sUQFjloIV{hfoUg%494~ND-#iNHk2`gl+t=uOGOUsN1fIu}> z&~0$sXVMoruS-4m_xE)_N4z#84MN|{tO15ho`rIlTOL$F1Q3sesW!bz zvWtsMy9pd69=Lu_aO0OWapL4cwLx>!A*nJ5`2A0koqy=q3Bt8nZTs6Y88QAOD3?%B z8r4qNIVr8&AJIgq5c=KTzWpl9QTi*kV^ZECgGgW_Qp5q_RC^K~Bbz#tgNf8-Y*X?s zNbmSuwuEL}{$Fy2gEl%US37H8`ES7J>~`(Xot9?!7u6PKCe4hMyTB;YybWFqwD(89 z1N=bYE_2apZnLU(!)&BZc-V^@nD5^u0UZdW zur_pL?#{M%)rtj*rX37K-?4fcIID(IfACKdCW7{v0gKr)o!OI1 zU|Zc(g$l}dg3$qOhfocGs|9(%8C-CVhIe1_*n%O|r|xWpmuve0$yw*`_EK#U@sU!c z@$ybLwutC3V>~CFEp;iq#)j54W=HOtlEPEPWR^~4M3k`)fGl{>?jJ&sAZ$T@?lWsS!&vFo(9xQPP)`>T`&%Cr|ZeLzEKlTF& zl0$qi3wUU>cq0PqC{5rCTL$i0ePiz8CjdtA1uFU!wk?fYXU)XzX*d>X(r2IWHKVzu z6c5hCIgQ}IL2q8QIc^x4LXP*7PgyaF8lMsB_? zN6%pcmCU+JoC4ckzu6Pg;)4ZX$1OjIz{D>v1q;5@e(||cSN$>h(%*ihRO+m?o#Y%^ zbt#PRA~9m^;Yqtyye%tYBLtP%i&dNiOI!EHbb#^HQ?_M|e{msTC;@*J^{jq3jQCy^ zrGIyz&k^WjEdL9hL9qO3f=~AQ`4SVKTQ)&z*d65ajjpG&pC0G?V<@Vpi(A4P)apTE ze!nE4oNxh|Gf+gYu46$+#SMtP0?2gx@262kp0K*y0So=2d1tB)t33V=O&N2g9& z8Xj?C5-KlY2mFh0CSY5j<9*35Dxs;)7&sBYGz_v$z~J z+4q+@(#l)}g*;|Pl|)C$K?h|5bw6Zg3SwsGs`t3{nac2l4Bk6TK5^(VfYSj=yY?|7PzugY%8$ zI%YWi9?+b-VZQ^I&=dAYco08taTt+@{%k1zW7$As{H;klSr;XS-eCU8M9XO&#G1+N z94X5A5{wiTe)xL*t{f^F1LU!(b>!OkkkiV^vQ8Nx#6Y{>=nv1-wsp34OUJ=@p zIy!0EStK>J)VzzxeLU+WHjmu#iujLl~&F?SB08Xtv}V(_vVsicgUjIJ}733*Tc0XGVL1pZDz=Yg=r z@#j$f7?sdKigJn+v2d_9V=L0c=&)Q~fhoBR;|6K$0EhaJugigr3tge_jx_h>@8~JY zz;)r`U;Se$cFAR8s~ER%#(c?R`A6S>-dMN#z5+)l;^VZ=jqv=kbPjR6TJwoz=$B7M zl)vkXpb@_2Gt<1)d-()(HqEOVI1~5F7PhGHE6CtY`7Etxlfb8C(<(EJdvBdmGaAc* zXI~g0#VLyKv(r3+X%n8hv>OJL2M>QSUxHW*v7^qJA49D;^e)oNRc3XVH3Ec zTA6z80A{$#eSjEK^%tNo>~Ba0G&f^Odf*L>DxwW&m+Cn63H1tF_yLJ!gqdZ^b#5D* z$ga)pbjCYQIX*@xeJ z;b90%31jmzb@D2mo^>g@p;=BP<`p0j-eeNzy#h%f>bCP0hS7B%+gj)k=5ay~b9>LK zb|F61ug^AUm;tpYJR(|j%f`R~xJ=(+he%z7u)sf z*x8MTHnjKp6Mr{NW;9RtJv#E%9hz{h-8(-UfcM^m2Jj)Ns-Ss{brzsRg0m0z6ceMfWkvT!9Jih7VdY%c9iz z9YuaeID?@SeiO$4MLN=8C+OQcQ)hNB7Psh5!ji}tEtz$BEtkW zx^QJ_3^2(wcFfdu1eO`)EbE(r zFK-^anxq>SIc}H_UbI3}u@os{3zKthV`+xe4rrXoQ>wAPYXbQx%I7X&Z5OjaVPHBs zhX0;PUc?$iIreu2v?0=0wMl^3O>?o@`_)@?yFPb?Gx=I&jP9GSajUiZEer%kJnVaB z_gu$8%#t5))Yv(h6gOp94Zya7JO)g^Cp`I{n!rIO6-@(p7=v9@zKuUQc!U_QV^U9{ zg_sk~TWq&kcvq!PZ#&8k0-eevBzwnBh&}MT<2Tzz7p-jGJZLhmy3nLBcV*?ZZr^(9 ziW_M61S(k2q4Y6lG$%iUo#-0mXlDxvK=9x0Wh#`8V9BD^EObT*OG3O;f8czB+X!mG zp$Ztyhn%n}jHjp5KQDhx*&Rma56mK3y^FHzm=Qo8Xa{s;aydR|SZxBfn-(dXG_}tl zD8V<2{OHu8Q<=-R94-Md{L>tro~_G1yia|bfx&W?>Hat}bs_HNs_&scn&i*oM0`*Q zPbW7n&jIXR=2yYoR0a~fAb-YqGRQl!za#A+6QMcJK7?EuG50a4TmOcwv0PV>KvI!Q zGg6uHyd{+WZ+x9H=%#c2Ew+6$xK5kglDtetnUfHY0Z;;FVTOJl&^GFE5By7J+XzgM zTF-tT`8AiKAq>UTh?r8lc?CU;_?ER*lGDX=Lf8Y!N1+4;TY(&DvbP=LQtrwE(}Pgd zXurwXRv1uJ=puYJxnU?&)&QQg9R>z*3Sp@CjPQGB&%r9O!$#5@bw&H22=>+i$)yx7 zse^N_O-PYh2G%q#4v-6790MyD!NC4v(S$FKJl=Q2atJ3NE%v%u}}15K>^>Sp)W06eJdI`st*(j z8T$QfSZvn9oU>8FJFfVt#=h-57qTva9K7vx430yMB%XO(rUTi&3qWAUtYFOF6d{oH z+$UxcY2KRTQmT!=vWj})shOP6=@e6aSb8vEc@ycjoDMkorb0jLy~5z2m*8!(gqVPy z;87MvQo6s;|0MP}3P<}|l57_uWBTq8joRjmi7p=;oE#v7(F^SE2nR1Z&HJZxW8^S| zpBog6XZxbXTjI|FP`b?=6FD~$gi5DM<_2AtwZ+bu$pebs?9rjJXP27izsr`xHTNQa z#Hv2}hF?~mK(K1-4M}&nhM4vDtx(lekWAg0@J}(7Hu%psP-hgMGW7oaLSw*kUwD{* z`HPUTnF{z?E(#5q4PM<}Ranwqs~!KCp%ZRNdXquCrEQ6}t^t8N+1Mr4FMq=?5TaYR zWeb1cs=0F35i?AQmzSl73eS6Y?$VAwNOkE`)kX|fvoI94Sf|tL`D5*53TLaPOYCFq6F<(yP0AaOzjEeXeG#;9fGTE9m3Cule#x|*|^BT+#QGA71UR8V0a?(PawbCvH$V~vq3WL4v$}c4J~1ZB4|~8Bd-z&Wr_iuFxrd9Cy&G9;av91 z&f@lZKCK`ox0?(_%xQ{%AbS=YhgojNrg2?6)Y%Gz|F$5Q%Jk^S2q8wMT58#Mzm9#U z5KpMCfP-%>)KFd8=dYu1Og|XWxiz|)(d+VjdZNIT-byM3EDOf-qEN%$*)0U)($*>x=mqpQ6l|507e7i9s(6nS0_aw4n8HQFJU#@^h#CBzwsfkl$(ZQANW~EvX_in>U z@_VO>%h7+pRdn)GDS^L^TNOX&Z3cbDZ?6|vU@xp8koqR?057l#KkIX+>yKP56fcRk z?zG&mkKPj>cvQYW+o1Mp2t4-;-|qcdMfFaR%z6`xTIX7EZr&18*tYB**z$HXRuRmz zpQ@zB0cLt89DJ+`ewJI(5QKc#fD@0ZICy^}NDSrpM6e_-Kree=Jw3a*xpTD2? zimJdz@#nX58s8wCmj$X|<((=ICSN>-6IN1brnn>RZNdhAznIy)8H)vCD<%;gCA`5M zdCrzmQW!D09EPRBlbObiJPS?U#ja3rAGI-JA&#*_a9EWZ7RaDEw(QqP&%kcSU?Zi? z?LgiFEHG_BaMX^}W4E4U0P5N+r%6A5y@e)uV^S@#=2s*Hx?I-u+zBE)DJvN8RDfYB zC?!qG>oAitJ&Ph7>@dt~HNt*gOWIthOZjP`eFEc1D zyQxrDWr}+{laLk`B#5zSskL0v*he#*>ivQLbn^pvfY>VS)MvYtv(HR+8K=@K4U_nJ zq`;LlWc>{iiSr%gSHLmu>=a*3krOkI_A$Y!TqQ+6+32s?1-%kZZiwra_%ABybf*G$ z8ae=gbIHHk*-8EXT?gnHoBSUe0X?Tp)&#$m68<4N*QET_X`7?{a&Bo+S5;IoRqCHL zsVitRu!6k^p=qE(X8!MM30cXaEK?3W2QVLy=LkL zUCxX*Yl{((L?kpYXV*9)FhxXaY|ltNxdBut6|^VdvR3uYFNnd(1qEKM+V;)w8b&7% zTe*%omDiB&{z^ODL`{}p{N=GeWe!8K`1TfBVZaUs z1J-D#20_5JBz?M)7^RXpncFQ)A@2I8D3+d<C)G_VVEq(xT{6)?JQCYG6bog@1tWLeW!CzU zq2p-Gd#Gblrb{)_=2pLI0LUWs2|KTE))5PZQxtq)yn<^nxyU?D;a2PkhcK!-rd432C4Hd|zSbOO3) z<7fSfQF!67C#)w-VNg+{S?Xkt-)IhT5)>Eu{sfZxYX&G?@~ktdrt?uouXTdw8+SO- zWNLzr2$R~#O=~#F=V+dyNR&*KD=&J>ZTfQEVWcK)#f%^ZM^(rxzk*wQofetZl`sC{ z3K*-#BIas6%1Vy7+Eryc+0@znIVp^ z_b%<{fmFiCZeA|czCoC-LQGK!6E`(10^HaVzdm*Kk~Fz{BY#7#*MhsU^{;xC3=zic z4LL4TZXSzn5=rKhW-Mr8t(*{Z(sg=d8)mJMfE|RE=_j4g)vy(`J}sV)Dw4asl90NU zSZ|pkmMWM^v%Mqkd|ZY>^Xwx9MJk|+7*M@Hd1!5=$fHc3pT{2ji?L`T)Te$ki|HC~ zFMZ*6!8jHx@+(;07Ew8V8Bh`JkRw@>S1oUDy=X>)>519fGi8RC~g{s5*Bb;&ktEGpGU8z=X4 z7=opbDx`Ax*xxFR7$h2v#JRt+0bhKQ zW_urJk$~3cE5TZ|0O&LfU;Pv~%8M98!jFRVKP3V4MYlTOYje`1Z7E`d6nRX}D^G-n8vn|W zb%qn1{zJl-2Un!SMgmLcVEF~+{2jygR!nHMRk7O9D!{nJ6IoLx=otd!Z3XiB>^Lyj z8b#>>0?3ucofxMKrI1Y9_r6d}Mwn<3eqOiBuhp}7aGD4A&0C*r{ScmPf@im5|M#+9 zpk$A!AWBAO0VJ?FrF2i6aCtpBskATwee-DgT_vR5o5<`n9K|EH`8Zpu$U^yehIFMp zkc{~0_!(kY{uQG$~ z=hNfaPB)(cZ7}N)%q;BTb?;gCxNv68GUfE_d~cK?7}e(OU%#sLngdzXC6(-!}rmkWu}ygfIc#2^0WX0ZjvJ>n5zCmDdbRmT;ivu3TXn^R-XpMW>1%(c(qUzRV)$CX&+EIsV&o94OHwFeuE1p99Li=dz zRPih))iRi~tL?^Bc9go+@|W21;mNT8CP9>>N~c;yvFS=?{bhijf0w99P^-m>?$DN! zaL?SkY1Z0)maCSJ5hUuuo7*H1cJS+x0YX&XL6TtmXWQOcIXr_m4YB;xMu>odT$X|I zx~g5Yr;hNd7iCunW_K?T>eTuv)LC!LIh45%T*ibV9kGb}MF;xz`yJk;ULdcKbY}ZZxnj-ndU&>$RQhjfZsT1aKH=te@K4)@kjps{Z0X z{ki?r*~+kOCY$mPYqp{RZjLc$2cQ=%9}ALgKF7*%B8R$c?tK@%p0vTh=ucng57K2y zk{vqpNGhz~bBfMYp{oQTF*#GY?0ebX=zk%Ss#ydv|1>#TTM3K;Y=Q;2%q{%mdQvX2 zDN1zG#+k1qdR$A`T_~Dj(seS>_N-L>a!+y9#~Ztl8O5SExH>kCA_;%mP=Y|2qWX3HYpFH0@tA9#@d71M{bCWP!OGnRD7V2(nbmf} z-4=o#pST=&Z>D*H89zQd4s|SE)T*R&3ZK0 zZ>%bx{sXqH_TSz0Ay_ccHken~NV;v__TdXE+);BnUC`NN)5=+M`g6H0=;r3M)<874 z`g=Ni{e+B216=||a@|n04Mei1w1Ix8yMS|s5{_~>Dq}xh8s<3mt%rhj26`0&WhWB( zLCo!fA{cRv&Cj6&+g`6{xkxYp1M-l{*A46XbHe~Ng$6tO&rqKrwWlM2KNY!Os&Xiy zo5n-Cu#4M(fOwjDTR&DbQnVW`UQ)O2j*qv$Wg$=VX31O_+#Fn~k0 z{j)=&*yvEH#+C4tfc}qBr(nkY?j__16?=uPH~t7I@)X>U2iTny3|*Y8BaQA)<&)o! zy5njGoFGsIjCk``K^XXF7kt!W0$I!hI<8AyGJB89l^Z3p%z<0?6$U<+vr9VMzbnPk zT-sI1V`bLQi~9;KtQt+@n@+X|l)3zum!LgI)tY;p5rrU|Hrs!vq{ufmoGQs{RJs(< zMoXDXaoVaw=sQV=t=V6^^N2oDpGc_j)%7zktk7k+os@D1lMGCtDbEPjQPz8Bpr+(i0d-D!y z253!cXw9%^fuo%$C`Dt`Q=H)3fd7N0tAC{7$Q-U}7T>0-L2mFtkD9tc^pkqIpLzz9bjVFe!ZLoK)>i@1ZFN5w3*UOp|--&=l=11gWk0Ki4|Ln`}Fr{$*5klE+%6Vkl0ocd~L6_B$6t4 zgGxTK;_9sLeN45#-=KKHp4m+iebCfJ$N@flAItH7&RRL_M9~>IfwA79JPqktqVY_6{Y)LJQoGYQXNJ=AdB2zQ`p^A`z)ATZYE5YxZjWk*i@?M- zN=P10L1lXQ3#=AiV&y>9I$~DBlbWySEa-K(@r^c58hlAQ!~0`%lRp#c|-X~wwQdkE88uV_*P*Ys1v*}t-&5&SHZe|N4;Ct zX1i^~4zmc6+AMTXypB zUd85jg*S0|HzPvZJ7w>&@M#Z#1*9Ct^BE;nWAD4JPr3J&QN#gaw!@1xiQBDYCRd$b z|51#r4Cl(M4+2ceav3%lco^jhDY2kRfjJ9j}v0*x0 zd)zj)>hQQlw{O(fd#N;klUfrDT@2+md+Kh4n6@fZkL9-;AH3t(8L zsuNHryL?kVL3G}ze@I(B`P3lx+Z}t*Zt7VHUuA^Lpl;c_MI{rar~;;oSm{vvhXTtv9dI-3dfQ10s~I zYOo{2UG02eop!0v>)%8UqQp8;AABHSHAVzkJE_I$SI435l0(7t2p`s?TibZJzMJ+y%d zfIEaOm;{$2SM&QV`K6L@@6AKX9p`Y332LTH!W88^de1`BRMdT;(E(YOk0~CdwaH3?=@>rt1GGn-~%lHei00t<=JsIBHSsCy3JC;*n0z2r!)8Pod-{Hy8w;u3LoCFrTje0+j*);^b1g4jIRZX z1nTBPHlUBsJVwOHP&%|Wn_pHP#HAZ{gmA7I&hsw4ai;!B_fKcO29V0btar_OPd4vc zKE!Zkg9?LZ+3;uPNQ|S1={-^37!<&*_V2rs z_n%k#i_1NV4OwmcIjQWt53`!&Sv76^p|`!}u4x!lev4b$i;rn>tGZlr^+=6Td~w|z z{Jcrgf&(_p=>M(G@^gb{&8;@!X04=t!S$8~d+aH@uG`%Av(D98e*Zwfbz@)uxA}Yf zuZ70;`$@I?+dTE`WgTi=+dD9>WStj^;^i}D zQ1A26?E*h_TV^=;xNd<@4$uBPU#4FF|2EVw-Rkn!LbWHRU)qp5q}|8JZ;ejBZ&>{C zw9ZGLF6&gKbDgNV-M62bw`7j<+B1C@zA4ard(e;)k-xpy7wyqasjqOf*TInw9BaPs zdMEMpq{KT#hejTc{I_$3;H7=0M!(^**s8&4g&);iT zf9u=##n-^+7cM=Va_9MrQTu-X)XDqT55IvIZwOYUs|xyZ+#uo9t@hl&dJ54 z?2r=oj(`0;cF2h$x))w~yxuNdwRYVft$JLE`nP3`p=klX9{c{sp8d5(-h0%_@y%>y zQs1~v&x`$Ap=#K3rz$Q3t6nU=rCPJkL&%mt|MFKyg_gzMv;AZqE0;qFMF~aTym=Lk zJF3Dkd8NQM8uOD+frAF9C)hvSr*=?Cfcy7j+@J36`s76t{`ok(C8(c~(^a#78tfAi z6yUE4uM->~L{3w`0|ME9DD;c`6lV?W$+zrS6#89p>UX`U-(~M~6apws0W4<&^imr& zoZ{yVp3wXlB)x{y9I8<$F9lG15~GupfXmqVXj`&x8!x+k!iLUrc@zp)3eyq)$D)#K z(aa@NVn=7NT8HgO1~#ng)+%|I0gjyDMo#0gJe_f)xCB^owv{199mP}Z5lPP)SHR}2 z2%yob=#JA6`S9E7)zJakcpl7#cLEd>po-xTyo#m3_;$J|KW4B#I*AYQ;M$10|Dk>? zMM=qVf0k!$Nq$6JUYHcGHt7vjd=hbsp-CC9HX2FM`IOzK@9VK=aSdc7Hmp^*aNt{> zG7@Om7Az4zvS)v2;}Wz{mjbO_QvzuFB%Mi{psC`)M%SfA9H|V=gu|VEDfFLk8VR5M zvNe;1P86h#Qj?9nK{}&Jt>g2TTDX<>OL>K&q_;vrjythDGa;N*KDI2g+UyxR1DbMx zrfOS&@$F@>1Z-7`(WFUWLmNx`rw@nod_%ONp>MY1hYmNWbw;g5XA0IN=na`SrrTD0 zQqZi>jp%Om?22SUM;THQO?pmHirw#b@e)pIs9Q*(sBeX$P~`3?gyUmONl4J({H-XZ zHZe|P2*Qn>Y$a6K_xaBqaPJAI=;U-1%hSAvGzOJ6R;M;488rMP{g*5EZ-Wu*!iatr z27K$1C`96G-qViwiaqT(Hx-_gm}JsKhZ_8_rO0RsGwA#C7@+&QiGk~2+XRknN0A!ucLrAGs{5u!(UsQyA}{qosDx(^Y7 z^sL8*9PeGO`(iX@s}Kw6rpIlh5TsvV8%+woCFis+bmb=qUl%2%16P%a!mwcmZL->= z5kwz$Vv;%0sReX*E5#}lBd3a>C-p+C5(LjZnaYCU7a|+#hyD+R2mCU`kveN*dhr*h)o9x{!f-bI+58JkTZ9?qch_FjH zo-_6ffkPiYu?CGM0Zjv`KUMsdet`i=@$uRJmt9dKPyPDzD?*97m~D;Pen<`<8+}#5 zf%(IbzlK1f>K4z$w_+zn(D{Qv<;0a=&ZEdfQRG?_=(bZLpkZpQKx5S6QtGB>0Q?6f zrmNEZOCrFLT2ow@+Mq_OmwjlfZL3_kucOyf#KbgYoHV@K6(RV{!vQiH9e%Z#jwT#+ zL@Re2k(^G0Om~Ig+pBfa`UF3?x{}p0TNzGt>oN>4t0TFx= z#^@$#$0tbyg2hiuoK}A}qS$G)8szw3%aib361s%+h+v|Anx6`ppBW$8yt!CLh#`L7 zPjBeMNf^n`vY@I`P+P^Ij2c5SjuhfR{vOi>GjIw;XSg0YZqV{L<`XGh7NoD*sEtx( z;Pd;q?^UlI9Z~p$2<_e$7JMsSSRxVWI=4q&ZqkJI>aB?q$`CydcQ2%XU)F|LbocRU zQHgART4SQx6eXBn4;?$;&+QOuHH0EZ2w5KQG7@Rp2M1;9jveC(WR}gHEcp1=r96`Y z2SeG0#^g1>9}h$kBM=^cr7#xrVkmw5*af-};dmt#Am{M9QeX|7`3giVCo(KyjF}uB zi+wy_HzY-@G0S_1UOX)(J`0(u0X=^*u`vJiBCRf5`Jl0ZO;n`I-qL+DzK zNnkL0F~?5vSGxCl2cQI0NV>ab6vXk>_K#?-(^Y;;N=OH;2bPM%zHQnCsl66S1+E9sc0=E3`Bi zJwUqR1$s%t4hmDEhiTGB>3RCjx32y(FdAOd8oH`SIpnb>(kO)S7Y_?cDFgMKLgP$} zFtM35{BUKMFvVEEv_rWO1y>;@q6ZlA`wLNI)vJtPtBfZDB5XUvjySVq50uma&P01` z-?q{jL_)(S)6#Wi&`Re)Z%{cApt81D`{Z$*Tl`y7Qj3NZjvtB%(W zQ1^=0_yq9;OzY@Sj&h{AotfZ9HF_8tBPTrcc#?Z385M2;h0~e&Lt!Aa(3*?^QMMJ& z7JU`75f=O#zCtUwd{@B|`X#C3vyCUjP-=X@p*?W+{e^6k^SWw5hCoexygpKIh>sS6 zkJPpN;fZjt8x*tvZF>vC2Pegwv{~byLJYm1e_cb4Jo^C#TK9MLf()uSwTBR}wRg~M z^NJ)kFlm&c5a$^Uz2<*6Z^glfhry7(l&ifL2P17q_Aqf3@|QABtKkAzFzP0m+wX>vmiA z|3uAp;4;e+!{$TYUFeZFp=6%4!aia)&+Y(i;WH3$5Co)Ci)pE%JgqZ>ipR!Hg?2h~OweSzRD!HGg@TaMQGCa>-W zImUp7PVc55d1Z`)8Lisb)=HIN47k#^WR*!!Pdb5qC5d#l|F0!~k4c{Qv+Fw83igPgVl@c2wu;gT*r4rZHxUKnN=t)5D0 z0)@*&Wea?;c!jME(O-G)Y&#BcPFs&o1x!IC_X*t z5_3-g+E)KLWBhnp%uk;^qE|??4!=j zv?vAN1hm%(&*Mcv*b4h*jnmO3|1Rri z#jSp%P~<9N^)vo~^5K7Mce;mK-Wf3&O0#8i{gVo z#1}7z>OMC)iln#~VjDdb@W_c5jIG(;&m0#wM!7U_eV|!ApR4miDfJ0Ft7WcT{5A;# zHi}nx=}11TCNErebzv9r+Vy=GNPE)&mZw$c;>N}_ui0XQc~HX^}^JFcC>2CL(g{X9vng0W%($bPLeXlNU2{MV1J3n{ER_ zPXpHZ7qkMD0^ZkWLIjM*&|J*FEN%0xBt%)j1t?34REibhuC(h*~tFp%}EE896EhTV0&k8%>T zdyoQWKl|GWmXQQH>v>i-e9hx!Y7PZ7?pd)(8h%m?L8e`90h(w{0*4Pw!b_Zc>k!jkd9^($^0K62ybT2Rv4U9mc zv&MS_i+$P0C14WNu@5gDXG(MuK^IU)Z;zuhwJ0+pzKw(YPZFv~&AVLxH%~G$6^54% zWBa=>3yq<2Ok48C?inLSUnY0MU&Ko*p=(z*p1FAuDdoNI$(1p|tk{5;u7EeYF;UG+ zgfS?Hh0`L?yN8SjT?pYXq@k^L-;wt_Nd4oGsc^b+q^p1{H_g%31WG5fdV%U$O0ef(8ejKi*%yJH)jXaYB! zh+tBQ!ulzORTgEOCaMoQwrsRARTJ-eWZJYkg*GmZiDq7(Eu#5j>G!7}2UtUnxJ7%j zK>Y;7o%8R1ZmGb^4=mb>HTp2I$huv&tOtg6Xt4oMKLd(RjDJNInjLtut>_nMS%k?( zbb6h;!FnJ%0I@PYEsskA4`SBBOE%!)M;G@HX&pJ5tE^)JnwPb)v0nEZvS1^yegPJp zA(YeeV2R0FHfBL#wgxLD@<9p<{M+q>Hlx**F;kbIje-~G^#i~&$5M)8&>yt31}0T=+=5nKRGOH z83wM5o;?-lq!Q7|;rae7bY5kg4tBm&35vLbs7M=sZ3+*N$a>^rwI2rk4^78ujP$rz zbc=75e&azD?5Y%lrB+S-Zg&WU9Nn1(QH_&z4eKZqHk90w& z^7r@S)u5~6lN7Q-IvHi8TlY?w4B$pb89ub=quU@K7>4Y5qf7hqSW#%U0&Z*=y(JO~ zNWe>5XZ8dZq*zt&99#WO1hB}Ui8Efy({dscPq?D*d|03qQ6`cXn>`i}m~fV*&%(9w z+vE$|<^Z!B@)}y~@snA_wBWMUIKj*L@g2xI4P~Vh#iVIWJe%dtY}73+=BMrjD%tN! z+xze7!l=C7*?4k^-FpCu#eFvQd-n`JNMRE>)lL}1w)pXxEJXA^3>vb;n=Ny-s1ASL zLE(nLGOj471B_9|<3DaZ72YDbcl zm3ZlBK6kMoTxM-=kG*GD8pfjoQa(7R`N2Gw)$@6Y1-(BfJtqG!>vve*zWgz*nmmY|Ku$OeyCD>Hfh>*YG~8m?Z+BNT(t7tKV`m^IR0=q+9T}tN9?q zHCX<~yFMxD@P_d7P#qR<+EmFUe=`xygM%okFl@tS-!}FG>=L{+@mih}sZ3aNXFXaJ zm*8Ysxs(MI-{!4h;d+?#AskEhGTrHfR9w*@x9zCSJ$?`rjerSSe9_yJX=Kqk2K;T( zgTL4FmM#-m#PUO2>Z~DEWjvtiK4`*5A?VT}c%8KfE+@)D~XkEY}h&^P`eGcWy&js}ns_Wj?o66j{9B$=jYy9|+i0 zcEei{44*&Z-=mp?Xkan6NiA0X6&y@d?Nu@vW(tWD_hncuSXBDg+R^;Gv z=FX5Zgwu5ho~fKRp8Jlt85yFh01*k4V;j znG8u$I8;NZxVtY-a_<4)@=yQ`p7*k3aK4gjMx8F3hLV#>0=juVbcG)r0~-nEIar}` zFYa2gESV@qV`l^X@Tx>;zEZn|IxidxXf*RSp?x4$wORUZmJmlg3+5B43dBJHX@2Oy z*9`-nEL>(+?9C_jb0doP4On!ye1#BDsn96tO3#hmSqZc9Q#J zEQ79tQ&u$GM8_J&h5V8II6dT)!2*+g?wPHoyj9E2ZYqE-Y)4!7jgy3zh?4eCh_{8U z9Uec$h@z2ILv$-PFp z|H%*}nfRGF0y(Yqfv}KC`2UPhSHb51AaJYXvI08 zbwVw3&xk46!GNk3+4dI*&V*&!FAwrw1`AobLn|)ky9}0A8Z73^m@Ev(343gBJAF3Q z>lOxjZzH9q_cyIZ*I2SdK{}jfhWuEgW-L-5GMzvFYc7)0VY9bQ&3T>wCpkPO4f8BX z!m+#O-7tb*77pi0IYHS1GB`qT&=Ff%`PT1rDhTkG=q}M!b6Y_f1R3XfuqmQOuO83_ zGQ@$VB_%`kBC;uhqOpn*F^w;rHJf>T{0_u`#*Vhezg<)g8FFr7d~~+hLKW_LAz&wj zDG$NCDWMdl?Bfv%($~r@t~MD=2xT@$KGY~Jhb_q@;?qAD+PW0S#wf7O)5ccLWn~Z% zS)e+RppZ6u-v&=elpp;{I>OB=Cxc9->6@g%>6ffU`=kyjKU_b&1r)y(wB3j3QPB<> zwm%ef+@d-KKOjRH%_)CqQ^gJvA!o?zHf9k~+Z(ufeTr&CRasOfK8=lf^2fklnBIF` z#CF`YObvMqY-M#y?%3uSO5PpHqT8J7?(*=3^tAiPuYZ-xi;dbC<7!Ij$}gbxvlOHuH?@L{_qOCkO~ebj!1f6 zi5wWkAV)yhq}6N<#*K{HT^`l*A*yF9N`qsSIieHNqoLuOVQTn?H<~>^inLsSbW*GF zrckj4(6!={xFgW$O^8W5{i`<88F@G6lE59ZU`fPCXp+nt(uqUq5a|?Fk_c&VVp>X{ zKOoOL5Yky={&q6RL|fR6UvHv6+`1yRv`Y#PsJbeRNl1o8 zfsc&j+@Qi}D`?9P?kb%`JhcA2#XlGg8f-(SkC%tYkwfm!Gr^)DQ+A=S+?hj@hQ<KwgjEzgaBX6VoOyVImV5597*#j zeiPX%-5t(GuY^fmE}epZ7-@Zfya4#Q9`=f^3m{vthRN6 zAav)qL8^2jp&n4p*n!t$;ljl+TSE_3?p-67L2R@t--_HTN!Mouq@hPZrfiYHC6=o@ zMU?c61jQ{_h)$$iqQXkGj>JTI!LT}B7}rx=LQJF6sh@VrAQMfbJMVk;eL4iHf}vhI z3JlyMod*-uxK09F7KNN{a^HE8lb}DcNrG+)1{{!1C7iRLNSavtBV2)-vnL#u&mq(l z{O#5+av!AG32Eq@{nQaTOguUJZB1a;|3MIL&i>+cTQ_>m28+ZsgR+ooyA=qo8@Zi)HFJ!k;E2enYqek45VR^vg zh5AB=|LPZI@i11Dk$&2;N(&!VL#{+7h3O=A;$`Xhf}=Q1`aSj84|^J5gsgG~y7jut5Ju^g&C zI()knAMd$H7ze%JD4e|@u_tEIkVc?muCl&&}`Kg)tneh?uLn4VzYcz2dh8*zj=}1lq zt%}g+PvI_-g&Pv23eU)VEqN(VKqoA0QBrZglq45O>=Q*FV@O=9ajqv9&Y_XmRnb~bLwSsU{(Ig5Zo3LtxUq<=FB5D ziQ4WstJ1NiUEzh`>P^XTw1f;9Y{}}fL)|Ceb*(>vEt$jixl|6=7^fT)+0IuTl#XS@ z3KfT~XSp1()nm(6N|DmP1nSZX4%_^SIbic-vrX_T;NA^vF=%~hyH#|_0b6}G+x918 zn~-s_7Kjrx+taE!VDnNa;p!okTPo6T{O?oDz)#uK;-J+ADHwQ&kJj@i04&jA}x;QF)0;OAHht@y%`?XY(a z*myK~&N;Ff8CGehT1w8`V@DU7<-MhplPH9I){Ot{SIucO(mMA94cMxi0pz@l=3Uu0Ovl z3DK5wMElS^2V^{fYj|QpAxx7h9&y-G(D$>~Y@R%UYv`0t56C4WwK!Qxa7+%^cmh|K z+U@Ec0^3v$Tjkz4VB@jdh`JqSpNEtD%W;wp7+JMflRRcDtYbWIRD@s88uV8$ec!BU#CT_LK3% ztj^aSeYgQKe-4@FVEf5~t8)4In`W~5^*S1}IBzfxiS zd>$*0%8q`uyEUJ}dy+At^u{zk@-#}w75rv^x~06`;^0$(T}JRCIPpvn2*$HZw8 zCF}21w=rkPVD|DYMUyd<*9QY2w27X`!u5%d)ni|AT!Lj7hwT%e!iG-R4K1F63(`|@ zr)SF%B=c%rU5uX1({4!DRVMH}K%MfZto3%j9G;HQnjPL(gQC2)NGc`QLIWJ?_R}Jm zpTvqEdLEAQ;#3gF>p-l+ic@P+A z^|f9vha^C&iI4V==Q$LcFimJ$ZV(yZD+4B4oY+mWnOIi~5|W*p2j|)ioz+3@@uqAv zVyhgI%*7uV=EuYn^QsNP)_wh_m+MeRSHkyvD7LlR<*?aNN2^nGC-#ZcF%C^3GR%8l z;L#g^4d!@t<$olD`WUmWul9}CNA=-5RfX{Nm^`oq+2rF7SMZ~R7_r|Dz6>gyZo)oA zkuYwa^-uZrU~&g*FvVC5cQ1>ju$gMJNJueetghnSbJ*@t=RRveNsh>)m+>?|B$?WL zu(`l7mPAHXx0a<{LGltWJ^2}aSUQoI?L5_c^O11g6iY)Sx{3NIZ6$DNc;C3a{sF_hD|hn-GFU$uoMeKm!vHgqF1FqdCSS>OEK_f-@M(G6&r2o>(j{Xn zZFGjmh2xMT5%t}UeAC|rs@sm2j)b}kl1UNyGGh>?pT*q#!-n+0CSW7GUuoxaxFne| zSj{*sgShtfz_LliQeW}X>G<5slF>8oeo;!POM^N%oXHDuj^U;K@5mL&gybkqz6t2U zB@bMC1Znz$fF2^Kdrc+*xj2OXSWTin;&ZTz`JtDQ4Zkj#OdV^`m~${rXK8z@;D>vG z|2Og#+QlE(1Me3orCC~0uDHt$C~qE8SbD)lsoQqQ(uB~mIsnU#( z-goV!RZ0<;aAcW~?!r4fkjxux4v5^T{@q{O)gcC)1zq}5LaF70XRZntiiu;3c(_%= z_P0SrZJmG8W7)#A)$3w~$l^P?4s*ar%Px@7i-cX?$|ei;^Ah5!Q1|H25cJ?ny4c3u z$zNo1wGRsO5BBqDP*;d?Rktxi+QAoBL7j9Q3Co>ZY6cpe=@+U%9}gk2F^!jd&4VhN za5^Q09PJ^iSFgShU6-w=<}3zX0EezLHrPtcuB~LN=hZ-n&iCTh&r4AYqEHKbs9I11 zHwMY4^K2w2-K>ILi{eC8#Xt^SlS=l`d3n?mlFmAS&}~3OWyy5dyRVPN&S!22Dg1fz z;An*76i5_6DQ}y7@Jf}3c^ebh`1ZcfRuBK50&PwK4AS{goRg~BC6W~4Tj@5x^oQ4vv!4pcqmgX01ie;wgr3-V)I>y=XqV|W3JyJ)UUp|S-^fE6A6k%#S{;ObJ1$#AORYeA`D(El?R1tsppQ>)lDP zhfj#h+U4o>==wy-T(RcEfH0Q9_4>2JSAQi73dp2;TS|9l?ZWpX*Y{+Podjy)amEHJaJmf8!wly*WL{|DLt%j?3d%&CXcTZlAJnwma+kH*FN6QmM$;;vC z+I8MP;CP2zlHNNtc!E5RKwggevr4ZZ>u?w0bQEt&aZ9Gj>)lc4iekpcXuUZq=I1l?hF|06S=qQfEm*kFT^_D48x% z9nH?(YFE?yl3TA9;SHqpw80K^D}N5lU}Vd*@Ki+Tb1>#bY@l;Suf_6Z%DjU&y1pQ1 z_fK~hyaH!oaQae`PG2gYGpvnL)liUcUWsdSJmK$ds8jUp_I)Mbo=GH zRxY+>(#71AWKPer{nYzz_$G4ZBAGX*XL)9>lgn$Jo=6y0z3v|BNv>9^25Kdx&gmQM zq81y+T~epQIP5l4j73=UrU++ml20hcR-^IwYa=1vX*eit(bpJYlbARslF4o7bFtWhPz{xSx#6RqZ7>zk=V7;@-c{K5j8-;|6S+R{@feQ@wmB z#!CC`U=*X=^8OIO9%l_d_^1 z6`a`r^_YB4OV?CF&FOWk=FK-?&JR7)vH$o9yQsxHIVQD0v+p1zRh4$A+Nb0bS}sf! z<89GCJ%aGIg`jjaUV7RNUa5ZEZSRo0z7X{uUT@G_p3-OK(ppznc5QtU;PH;!AVgYn zIu53vlgnmND4F{UieNJqowB)>28_+XXp_`m$QfhCrI2jan|rPo*#*`qV5N;Y9>82Oxn@L zhqK5Dh&T|)M%uq`*uj`tRh0&EJEa&msV1nX=7%0sS$|79x54IW95PKkE$~S<9It0y z$xhEB7q~4CIb$Lu!%aoTi0(JhC{{q2G`v0;Qf2=4?mc;=lIRF_miFiwgb(*6(;3YR z3%DJmxtf)(WzabOjm{?Rh#elt2FFUE3^fWZV@Mf1b0y}z74O05ovF8sk2_CgGonpa z`3SMSD6#3(y8KwM<76wJ`)k>38RJI{qU#AUF5SEP-Z;!#%;iiThkcgK7^YGQarMa8 zIO+UJ^!`fo2_$NriHGLIkM2pym_qO?X-kua zZ9!s9ty%9GG~^tGDgpI)?riWFwECA?2xc`gQcSNqU0Ti#nnbn}MLyrQlXPaz!cpmM z1ofR|v#=@d{#;=Cewh9RmN9r!PF1V29181o@ce3X*kf3c3bh#u*e(d^T+@Cw9__j0 z*5@MLwh!8)7q=Sg+Dpb(;=9WGwl0M7YJ-igLv!oNVG73WPg)!g&NnHzI9F?wyQjO>fxw^Efik6gRMN)KQq+POzHv4e)kJQoW-_-;h&ycn%B?cA-sWwWsD zQn7?K{UU7g93DWgq^^W*ds2fzKw^kGM$9xP_Fk{>9dV}tOhZpk^~6qlsZ`j0VZNJ< zEzb0-ZeOC|X0dqb5PBd?I!Bm6qtquP2J!B~YSuhG3dyoUh1f<<;7>p!AypKW7ME9R za2=)}?v6@O^IRK~_I*XiVDJ>IWP708d<@|tP|U#H_@Lj|_a*u)njj#rXYV${XV?Oi+^hY!st zjO`MNj;Jj3YMSjS5;-ysD&)Z@8qU%>J^l6=t(qhm%xnB`BqC>-_rOIPwWOC^6^=u1 zneZPX7u&qFkFO2(3{{4aBec-#vDwaN`duzjpr$`NY&jHKTBj}oNfN>^9fIc%w}V7b zAZx4CAb(^(jYdo4(&{<(*z)OQu~ZJy;+gQf z=_M=^52euw#kw)l1<9b4;K6j<_%TkLg1MRd)b4i8=9I$x?MmB$(D3mRA(hyw8HRhY z+iQ}wntmEXFmCKtV|S6jC6@l>uZ{{W3-j!^ohFG|mP6Ja(He?4H!2Dq2Zh6{16Yx= HkNo+6GuF>m diff --git a/Applet/JCardSimProvider/lib/junit-4.13.jar b/Applet/JCardSimProvider/lib/junit-4.13.jar deleted file mode 100644 index acc3c4320b580776193b875cd6e131d460ce2b7a..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 381765 zcma%i1ymi#k~V=r(BSUw4#6R~yL*s}I~NNU+}+(hxVyW%ySqCfKbd*EJCpyt+2vd~ z9H{D&{<^xls#{JH>^(FH2qXwdgdd?C$X~vo-hP)BR^q1>ml2_tdm}>ufrNzo|Hx4O zN+!)OBQ7GWs6;0%;t^m-D`+4S zNRGRkLm7qV(ud`u|ZGznW61Q;54AHY|Ib9}I>2D<$~Cd(gh43ra@Ul@km z2cij$Y|8!t^|aI=KJ3-Rl`(E*%o0CuL904t!L#Xk&A@SmB0CID+YQ@~%9|6Mhz{{y$ZgN==aDZuWp zg3q7eaMZIfHPi!I|8MyGACCVI&c6%5`|0ehUF!?zDo-JMVvxY6q}&0NDQ{Z2k_`|CaivhyMzh-)DsE-y8a0jP}4c-2Bq|uVehK zHsL>yVQFm$_-oYoU4{RJ-Oj<{Z(-wi_W$5COFf{0$=|2ych0|~!pOnO;D3S9uQ2~t zwEtbP-`#@r8}+YH|4(it__y>ndcSs*w`gVh6=3)e*unU>-2a>J|L%gn`RvcE;di5O z-^BbG9{#l{D!n07;g85fXJDacZy%-x<*cQQ`l@T>5_4!CO(wk*TPGDa2h2Cs@I{Hy z$Yk`3C83p`Qua+qN-$a)luC4&t|=@GBp|2?l8ADL$`;W4f<%EP_l~x#;XHV&jXF4c z!}F{qNosmNwp{nTdARZC;&@|BcR8;kWQUzJb$@LGU7%@$PCp#KvrQ`vFH(=hirUzs zsDm3#AP6trGTY$-^*T17LET^Wpn)`S=w+;wshL)+XSrbW;|isX(_rT+Q?sbrDs~UW z+4QCOVw>&(AL&g-eD(Ny#t-oCFA46zEBL;F@pJnIfH@19*uM)M{Hoe9{losI_w6ex*OfMahNUiou_FgZsd+?yDMRJH}U>Wg7oeL;pXy#hhqPZ zjwc|usirBMJ(rVVjBWE^o#XPN^E3o?jP$~oX$eG5L3wFuYr+1@-6(D=R?SDa>1Bn% zP)oAYFe4&!7ZdGBtI;IfG*EUG28`r7jIQ?+^R724?yT}<+JWh`#E5H_=m zx;*`O|DiGGsiU!vx0;7K)qI_4M`KDeQWh-Jw(49dI<5@qlX9N96Rj$JYmw4qaXr=8 zoKA_&Bl*t7;zg4N1+?~s%Fd6XQ?_})QtBXoWbFJZ|IY{A;N31$i@E+uAM1USR@P?X z8JIDJRjd?AYG)X>DWKsTM5*eH8!|Vh279Q9!^OZ%?FX>L^PH$0mPbNon}Wr5c`i@I zr^oVLTps1Sq}(-0c=9^qvK=aq9oGm-w;;=e;OB=~95fyU1tVjaV=ASMQg?3q^+ovI zl4#O$^pZI?WpvPa%}1QOf=x}#4s6TK8S4GpQxwkTnOC%oCv!h?w%T1){pR7XaWujkQiOLG*G_eo4B?JF#{ zB~QAjNNiATslHpl;Yv|?tg+DHTEjtZDZoZ^P|YK6+WaxedSS$f@;Wn)aA&O2~P{8b><$P>?31y8FP8;mBz$VPfTp{w&;G zZq;F7Eg2n$E(hX;q+e2aIpzcB95y@5D%KuOGYM30BU7s7M(G#nQYYl^qDYd3U*T@P zr1-1%7p6lfERc2EM3tljL-k?W6u zeZk<%n%Cay>v*;a^2*pUhVTeShkX%3pN(G%Vd^?D|E?v_0Lww?4`8@Q{9jN``I;&g;tkW6{JRyR3-RGl%1<5L`g=d zOrjb4^7GRLeoL3X(|73d?RJRQ09Ck_zR(URmnJtoD-CJyDFIDo{VE>JWh{M-ysEmH zZME;rW4OX~9j%!R^rPJ(iF2eO3Skd$fT&xI z=DfA9*qpv4{SuNI*7YZ40$t;=!JfdZ5?hzAC~K%eJ5k|sP8c0p5U>Svv_kB6{}uc6(oWm!4hw?>ve&u!~Cct+%t z6Aw*>Hg?su7Dn$-bY4-GS<=@M1GyEw4vEo952d5%3}W;3pUXLKu^O%X#s{i$b$KeB1cVwpvgI86 zBF?UuzN0qkpgH(tsa2oweLgeU{u5?6?uzLi9yK%QCfG!uT%E3b=`O|&x*9C5UTSwz zRDmFQ(@gpMJLV5L+TvhR@c6#Ql7_Hrj1OdBw8R~D;7SSPj^7OHJ|1UL4%p)ku;wBb ze{qI=wb?;DKz2sGpy+H>^Ri1-@y4Xlhp6=G(>tk7y1kNOXm*xWO7uYRqV1u@7qyA$ z_$tw(CCn&GKk3BzR1vic+}EGaui<%9~c z8PvMpWvI@h#fO~e?y;ex^CZ_zK$+F+a5PJQ+R*3b@>S%OWmU;r3w)aYW2P>lc_7gq zfm0!SHa&Ufi$t#_G*K!a&61K&9;mnxkxf!E+?VF6V}h-ZCq>Ys;CC-bgA#g9UkajW zY~2D6Vi9y)M%WR^(LtXHs7&jM-D4uR%J|c$nyO|QoAJV(P0j}A10>#0hIk(gF(iXx zIex<{P~(SE^Y02h>$~WlurI_D9fh{ey_6rJ@frEy@XA?UOGMBg=HP{6)@^TJXr8*! z94P-z3le`Sv=jDv!N|&(5x=nSjdk9yyqC3!E@ETEfps6FY##X5lc~rB} zR43zAWA-=|+!K}Wu!L-AEx)=mqEaPlqEG7sxJxM{T0)asRsG}y8M_}4#u9K&N!MTo z)@6&)fy(p;cPy?vqiq_xI}>RQtP00mjZbhKEth1mt|_fK4N|A6xsJu%QIhUh^BgoM zSiLe1HDb8JsWE7tt?g!}AFa*ij(?NremmN%|IPn{Rkp!B zlbTh2x3ym4N-(l5cK3y&{~_*oPA4XYGyS0E6!0rNl~h+uyd0Jn_m$R+ZCdAVKl?5S z8o7PDofEa}UM87DWVW3VBdFLuPMo?Y4il^tNm#;lU%=)E^S{8`>}`kH#ZmFDC6%O} zD0;rybwxAV*5`JXG=x$BdR+XxYGSx{oz=lh(eai1;@X?pujao^ds-2M<#xB&kOWMd zUBu&PXtdm}k#3tPJErc>V9JUs^Yv(XdS5=~DtuAK%SMEB%Ql4I-BG$N z36XY>^WkjF+Hc;{8@ktmif<3xbxLmR8;Rwbf5HD%6cXH#>yCOWeL$i8Srqy+xBdM* zK=6BRtMJEhUC!>0^VGl6Ta`yo6l2VvGF5{zpOC}-Z2YT&KCO~;pwTYK3Q)d7g3OhR z0e??VmLiVPloV85{kc{G-mDhywr(b82F5z1OF*;qwotUScI|%hXGccq`hMD?4+G5V zxN*Asx>Nf7^U65$_>c3!f_LBhVW3umT{S8&@1Yy%`RybIeh945?YtvA7u!g4mg{fc z`MGM_LjDfy{=m8Xg^vX1JZAP8`2mENVn>jZm!=;-YE;yZ`}=lHxTx=`0Vi+SHZmt~ z(e|WDYNvq!FKU0m?vSyso65jGFjYDeIU_+*7hzI2_A~+MfvJrsQFr!|6*pq|DmA?P z_`yH?nv?E;;;^A`J35>k$r(wO)!M}bW{14l`sgi*C~$D&3OC+*kil7>MabaXSZv!h zHNodG!((QyOKDuK#`Rper?EHs%wE^{xD}eik3BijGU#aGS?v!v6njnofu+B^A}-ne zBEMXDhhj`dLvJp#;}VVIU~lBnez;f#4{z{_*qoVVaAOiRfVs}OiGDhgs7$fv?q}gL zll|yiXf*vj)l@968%8mm!vNQ*m5WKeWaGm;C9%3`mMXC74%T7PQQnet z0E5w zb)z;mXYIlA<4B}pY9;q{y|(ce687U zNV~mC?~Tw&!RIqRtlTueO<*- zqNx0&NmAX59e_^yex^uzH8oXfus~0{h8K)=W05%BRZAaBsc3v2>2AP$gtlY~d2eMd zGIM1@0j_>7j(Zf-)udGm+UvuTkGD!6miB1H5u={>bj9fnUX{0zl8%2t+P9jW zQ0;Fy>qB=;bKJuVCOCk#;C~7MQ90Yed%|V|QqE{2HxL@B-a;9Ej`_e_g@tB~g*|kJ zyXork0O8@E zQLRKd9`(1~FDn8)`g&np4btI5VEZu1SGZz~J2W^#Emt$ix@=@n7l%G~SiWln0;;8Ng7VGWsZ>C?>3 zu~vPOM;F!i^lQy^`)qpU6Co68+cfEZ_8tx#>B@VC%9Wvpr|j+yBjWO9CDwskW`Kp} zXl4|Lr`ce(or^_iNw43D5vIn9j&xa;8N=Hv(A?bkaxfBWl*pk*Q ziNorCT}n}L*@_|u1Ej&)NX*D?53tQ^p@Zn9v20rv$B%J>yViu z(I?dYhDOuHP16S{8~=X30;U=D!7Wq)));TOBOQS|K*XWBl}%aTdwsbt8R4kFmNKH` zgiuo|5S&jy6{*-qK!uW#QUD>7C_fErUB+3x70W;($ktHMYq=r83C2}&LeeCv-7wpC zuDHSln!%4ftp-F}A`npv+OH?KKHwX&lEg!^IY@@L?FG?N^tHsz(h(BcMZ2#bqJmXs zEK8ZFY*>F2bv}?9jNK3r>U-sAgYN4?Cvl}7tEDC2iprj)Q=av$)}agGft<{M5*i4V zkv9lH%w$6X{$TygVf!HSSvS`YsV)XLg21ti*b(B`EUh|K=8!^9*p3w4{E>u<%8E0j zO=C`3wL(W#FU&IZmd9%rOU6K*UKIyqJhPfdMPR-t(ebVqy(drvAcPK_N-3Oyz^aM5 zF>1m4QNj2P`Nb34O1=-OUr#Gwz7mUsLsn&kTl|%+P>DT=?aIea)I(3X^F;L8Ri>)Z_01R)t1TTce; zWwY5!ftC{wkBHtX=}IO}LOS*euGD=RD^fGnzdjtR)QyT~@Udc0JP8xn@7h!P!sZ6k zKzPYA#0U>OyM4I@JKClfG&M`j19ehx&B2D}g5r{FMh&N9*wTd+?OJn(sm++ojcMno zU6eu`6yfIlzqBgNVf)+?m4T%qGh^uivMvFx+3fP{Z{KO}yD> zf6|7+F;UQl|EZE-mo(0hYAj9VUg7eYy;?^8@_BI!zi@hM*iN?i+3DvWsmS6-M?;>s zuARv>)X2naz4JVyu_M+iC* zh&%7>m*|-tBoPQBxKRcX2)g;;of+@wk(U;IM+hqdKKAw+3XWM?X7acwegcqec1B8a zWqRsLny4s#&Jq^-Y9YQ-3P!eC?sf`Id~ql_FtI2P8GW6mHcth#1uQ*ZIWZA=4-PRx zY+^8CFk~=DhAI&4t`5+hYETz~WVpaZFAFk=k8fsufMgnpSWSF0qW$grKb!fh<@39l z{Py+$yI+M^5j|52fT6IRoweP+a<3>!*{;the&b>;vs8i54|6?l!B0PwIt=PE$|R6Z z=?*NEU2Vy5=}6YDggO+ap6r!kJ8fzs#7}!&ET*M%+O5Cwv336LHa}XV}WAuW6m^ zHk#gqiZS8rFimh-bS~ZbQe}IepoXDj_9;vs*rp8BN*qAFmC8`hgI!fuRf_QzF9tgp z6Y5NGDR+yt{SOsNyU(3__hg#wHmMJ5oE&BiRh{vy0|2j(18$O9*By7yP{nMp%qLkc zn-Im6;d!69m`7&vJpi3uiGJMBoEkd5yihc5dR*+$Fu9=zK5VF!)tEJhpr_vuY9%k(~haBhbjVp~Sj4nghBkl>VXFq?WU0VgH z{(RnY0Xe=5_fN5r62#{1iGaV}CdT8=%nED{xgfyC**}Z8+9rg9-)=z1zurKE131TW z@s(wPMwmXl=RNE!Xt*>zdkytBOWio@=V2cVBX4+)^&j67FLRgaR&-7_A2)g6ZtJL} zH+w*88>yYf8rz`OdM@@a-#pfOhTv;E?5xJZvKCDn9oJoMNLM^utg~9qB z?OtSCMAyh{LF{ZYz+gskG6iGO!1dNJcDcBkfd^3hdAEklf1{IldE-B;-keOc0 z*I%*SGz3cGy(|P|Y$$t`SfmEQHg?AI0fv_su2?_0rhS}nskWiXDp))+ws2_vz<0li z{y@rhcC(?n;_QRnjn^_5rfY97%|AFmfkQ*{Cxh+5=R+H zS28SY)@V@brWw83#dWj-Ky5Eys`xYfanYy;{%auLu zbn_WJegxOqBbm`tg08ez1;3uHzH&j=^r^n$)3T*iPDK5K4gA^drnPelTK5Y1OED17 zS3~)XIT`uPqc$ZNt~OcwepPOa&4}T^8#4;o;({!{JM@$NW6R`69v=St4BphOl04=G zQ?x6RY~<2_l+7;-G&{!&3Q-G zqw>~#$)D7!dHSO{2Q3cWWcz*7bEyN2o5?2h>TB0(_P!5z1-O?1T<10*K>(oepXoR7bPnQJHI$K5wQ#>koZsNFDrK z@!>Z1eC7SCxe#FnQO#++yg67L5F(R;1;#d>Dx@MU9V;#qr5s_`q#${mMc@Nx5zS_| zC=^hBu#S{kwi9_sf3ii41NuN+oJjd1TLfA;sjmTZH9G%2PhjMG$+c_}wrDtbRT>pT z`3+wUX$%i+rAnnQc{(suQt=j=c>2X%%oH>>@@6C-z&;h*g%q!3A2}3I0nKU=W*y3u zfNIo!DU^6GWlTV*ynQ(q_K+sIT7#Rl8YElRBr+M-fY-Zd)-5s`6eeTkwNn~_m!UORXd=z(e=`f&*>IiN&>T#zG)WNdIu;k@dfUWvO z08l?sA$3e8(h&n(gUU+eku>)|6*3+A}3hbxT3IWn~vsbl2F_uyD9V0*7tiuwdD^P^#4;9fV744&TiJ zQQdHa;xdbYGp;W#Jvmq)hszld+}Wp2v&$p~7#mTRcm8~zm|#_b)YL&``<}n)aX$@4 zeatUVUyc)#%A$zUPuP~WCwiA4zZfQsHq~K z(KWNlBPL1ekEwBj&65On{;tJxvdfQt$XVwY>(p}$6LtkD5sEl6ODi`L+5=19usW$7 zMsGa}rcTMV^J!s9$Ml7HerP#%PS-4ER0bueKLA)p-cjm^bmPcPG}T^>V0;xy;|qzC zS)69EH^!kp|5khTkzz_OWQLn;NPxOptv1+$E_WR1(B4Iy7|m2DD1v5zm|CoLj`A5a zYK&d%*WXT~Jg5ZyLM zwu$7H?~|rgh>@e1&cxNMQ9eUNwH*@t@rOfxwkcMjrar$LTAT2c2;dY^no=&K>Qt@F zVtvpJ?uWx%Va_74f)z3Bz?x3Kn{%P3h?ZR25SB7A6ZW6-K%G?Z>Sg-psAcjEaC|GwhKbwQ!mWa$VG1w_Pos38F7m z85?>xCW`XI*I5`H0#xh~bQomMO4M3?>`#HGb(3sV1!nTnkAX?&IJKY--WCtgFzw3+ z?nk|x9+gpezL)92*o9LgaoE>aKqOi8CZUCRY~NCXfVYowq&X!Udp1%_Gi{$v?F&oe z#aaq;IHv7Ttnf}S`4!$uNo!$~R6s1LQnDI@y28cuiB0PM97>P7CVsP`RHoBR@+@Pmj_W66#wDN=S(7 z8$eouNt3Q|svC9Z4%3Z|`R8gVmiD=xn_7m}Ey2|G!w+(x_M{r{+&%Pq3PyPPKeaG- zpZKZo+?;Htt>3z2+;evGyK51N>a zz>QyxU@Q;17-}q!tW9A|q!ZE>8U$6qQ*fXvYfJv71Grpf1_g?gE0cAsgpoME{aJ(F z?r>eGlZ-Y49ad76!7j6+${^T!1_t3`k~uKf&?fr8(Tg~onzSO7byQ_2Oom3;dr8B`sRD89oL#l} zSsH(af;v>O%hp*cs&uB((Wf(?s&8whQ=cmKevjfaSco6_Av~*I5!gr`+htmj}tl_{E;%vYSfH~EIZrtbTuW?0&mq+7j`l|()IEk z+bbR775NEDktTyC9ws~`L~1(maNkolY{|gyD!V71m-q=R?C#am>yX2Gi#lxITO)jF z*W0_zrYS~baCmgBZ&`|JPIWyWEMi%>e}vP+uD7U9waos&I{6yE3* z*kexqCXEsFD3++F#HrCd^A>yo~S(!*-N@EHa9JYuI%XpL3JORdyJ^8!h>M2%f`YsT1u+ z*$^=nc05b95>J#C2zHe?u-}S@03w5S?SdC8fyQYz_;qf@Mq~Az3Lr$i$f`{a`yHzV zD!e~>+|Tr-ra3lJbLGuRT*m*cpweG31P!sc^upR8#b(|Qu54vgf_*5`l66q z?-B7AkuLE}hgXn$zDG0+%a#?@d@j$488}Q?32d4uE!&JBk|E|Y(FgZPfXDCu$bClk zg6xs)LQTvMmAV(Gy~4JOq}p>iNMKX|@gvaz-m1sqYoN$kFvFLhWr>HjF5ZM3qdmzE zjkzlbrdAc%K%oq5n#}~*5!t6stjLe2)fl^qT?vsjx}pi*eDA;NpN%aRcZt9EyGCi- z;=0I;KtT89%X&6ibja|2t99hAWL3UU{Y+x%* zi6E`_Ok34rc!4qT{vey0KeBAs=xrVRptRF_rmK@jHJI;_FO$*5=6(;P;;9L4R;e)f zdVp+gH%^-%7b?7Z&dVhxpRP@^WhyyY-4UYI+^0xyd&l%Muca@hJQKP6YRCMb?|7t~ zO-p2(J82^W#WR+i2xruO=Clmg>Gt-+#{>8!Vb2W^qee9mNl*LJ8 zs=n|RY-G)>+^j3u-|VCpJQia-0l|X=k0uIuj>uD74P`AOwEA_58a!8tywEhJBo}m; z&V)}(_OyrYowwW}et>CIbsarNwr=KRy5s4kyPPtIHGAK=FkSSEuj6Cwg6f8E!Babv zhTGBY^(mN*hK!lpvjusU3{h5Q64AZK!@cKON_um~{Nzx7+wsHYoIaVb>jt6xbTU?TWg*(N;f{$r; zh~rpgsTGmK)9>0KCw@O8Jr*;=!_clT7+UFWafO3a4(|vH8S0$)uS67I!^{es=5PMpz-!0OoL-42Bu&V3c#CwmhiDIHvxfY2r<6QLmHAD7yqE6=T(6WuxQ%C$( zHJYr<8w539^Q}~T9X4(X^s8~=Dgz|tT6x>?CCqQ199UeQsFO=-p9SaHxQ}MRYaCCZ zk^K@MXpT1U<@~h|dOUc=KOQXdkEzSCe`@G^>Z%KzQ72hh>fJ1c42H7&%x#SE+BE0iv`M-ixaV z_yU~>bhPD$_)N@+PIXCvMKNP8+u?6lKScR%bMFsQk1W(aC}=c+^bz-7FaH z07aLB=^BJD>s6t9m!vg4uJM)j+)_8CAq%tBpn35|{Bcxc$%SPr0rth8v}@LvDHM?IqJJ)2Ue~2#;$gs zF=@44Z{Uw=JW|b#Mb>(Nats4;Nw5VQzNvZDQowWeFY#Z+8R0agorT*nwpph!UtepI-Vr%EXD$ovthI=%l?gH>oVc8XnT*8D+M?2>ptk>G|`I z2U|JAcVFzlK|uUr|0$M}|C?AYXl?m+JKog(&sLGc+XaX}Z=fq!S|jlzc%XeO(<+ab zGqH3p?S-D7s`g-D#6tE~GNtgKh<++s#DmfCYu?kD$;cC@4kCL6@r<>-%QOKopl@7F zTHJRrGBWmjeYykdpu;m2+w_38Ux*zBLj{L}4ra0tGneeG3q}&$%X9;3xvZL~L?rj$ znr#EFQNct$6 zll7h7A?G2CX-1nJEYi3V&y z@0Q^d^ohKWhxD=VYbmw2kL2e%xzt(nV1|U%v6vtGW;KFrH#C*T!^QChRp(-ixEv=3 z17E~N(Il1b+DpP|sBL(}nH*L+wQ=Dqhbvy!RWPq&602klKAsQ?)s&>~e}!$tw2x+{ zKrvIrO)!Il0W74Fe!}hIY+XZXr3E*iV1S26Yr#MpX!q}}%*f9uqpGT&ESpgOI9yW} zIiKGk;JUPc^$l|wJrFYwrl(yf^ti?-`x=#GV7fwL$-D-%FH&?Z>>#edHs(g%aFvJ} zO}&0FSTWYhBeqgN0;%>1cW4XKem5A@qPl#Vltd`22PWrb7meSh;y8oO{{CZyXd!Of5 zCLv{N|MoTy@UJeVgKV=*_h*DuI5Ni(!Q9YT_-|z7X6S+5O7RqdQ@SVM79(jjPJKT` zIzL><2Xcu*LPgO!s^lasu8x=A!-LGT%i1Pyg+?AWwINpusAcg^R?{TDHqG*{#s&RK!FdK6G&)ydkNc8rM)pL!qm)OsV1S-)8;gP;x zHlc@slvRkvh(1j4?%pxhzg$#fQG7T3<^YwqUf+Lq(Z6fx{!hv!sAmrl(KFC9{I8X& zsQtE5QFyA|XlSTs;x#lYwQE!|<7)eQK1k~plVB;tpozQT#J@w=OMq?mcp=AUnfx>< zwEjcBuX$J^D&Fi97nlA1iv2hb^Yium{5gnYWeH&zwrQ@7Vve3-H?2icLz;lNASeJ8 z6?K`)QE5eQf-9nTAo^~iT020m^=znY@fvrTIq#fZAX)Jl9y2<^VrkicBA(7aJ_YvD zy`C1s&S4qx!)qp~p-=r2iu(6vv~#w`8XpIgP}lMk#BLS$k;N!Cg0-fr+Q$>{(sQ<+ zf#rQ-`E4|7nCNIzS!!9AvnX=Qg5gN|xMQAI{}lH#;HYivh5GOLUoL&|#`WjxfmUuoPzHreCzGVMa6Ao)CN?17{ zT#|FHGOKIG7MvQ^yx!^cw~KL5;j0hCqnWdiaVU2?Kuy6$wgztgu$_&wjKw0L z?;ZR^i#4n}2XHXMOzxDfd+#UChwiQ--~H0`ih;rx7v3mO`w^3{@^@(x_Pi8Frj5Wm z-(hK#!>)p?&w>!ZVbFqu46%t6;cy}tmXgUf0o_tNP?g13&|TzG6s?c)j9Alw#1BDC zJs?c%LIzMS1gW&h)Hwm)BiPUV%n6h^L{2a+Bar(HF~RVM^Z-PtkmAPWj5H~vpv0wo zF$jwvuzw+Q#jpTjBK^fu>JUr>2y1Ig1IuIP4ZkoU8)tnBRzkE9wz2H=BkBRK6&8b;t)j@J z*Z>Wr*z$%xdoH_ezi)MMVZM$I)@^Tb+FyHv>OS93j{6qgrwrE!Fg3!lkC|ZirVYB? zVDDnL`T5#N)^$H-BEmmjR=ivWqC81}==SDdwUMps&R?j3OkXzmlfOLpq07wF7XV0mS9#uu_0IUZ1YG;|_PyO6{MBWH+lzd6 z#?Dp7?l!&0i?YnC^w6s|@2k9@=a%l(gv>yM7s??DqM_Yx@_HVUFn1CH zstdWeLX_m#>*0QucE|@|RPwyJk6DsQ8H4>f9*OTpP-kBV^JS5lh2Y`>HQqrUv<~Jb zorz;4g(e{uE=*g8CW3a3qGKmuok9_F%v!%lvuR9l4{JEy|6zy1KZpp?5p>H}pkbG6&v1BwqIP|?X zFTci_8u{Wj7sBNwbo4TJF#~(iGQS?H8F?r}X++F|dCK;2IUVIi^I&Q%18bny|9RxZ z#>{3Lz-Z5cElZj=_nm1pY|y2dK3`Kyb0_&k+Ner|37c()x8D0xg51(d%!UfIu0%|3 zhYB%|q0#CUxCAnk{eal_klqogKH8n}k15auUQ0+LCO`%7DysNw<-^oauMSXn!LMZR z8!S}_r|9|+N0CSrhYr&5s$&1( zC1o{JM)sXF+RJUeA-Hp|!COy!Qc0E47ikCZQ;{(8_OU(iqZj_0BN?x@(X% z2^wzEffg4wS3eB1W0P5v0-9R20XXL@;N^bD!3pA+E@L-pR0$({*r=z?Xc(NR#PP)3 z(M-(A-klnfnu754^l#u{g|Avds*93HlQ&oOmSZAZEV2AM)a=gtOYfu zRC-e9p_&qg-OG%tN#zGsQ$ldCrtRdFlnEoz#n4afAmgMInp&UBk@%G}A@038=QWgo z+7lAbZOnS-F9dOt{Ug%0EINlO$x-qe6Hg#P^n?N#()13E6m5#&56a%b8+YU5 z{cJ*3tAjo)+)O7El?vAUwvpH)5!{AcBl-0E24%UK7fWZ?kTu93*{lb6Z^FL zBjGYT!x@fls`u+;P6%AKGBUP9B~-$}7ENU|CLlC?>az!%bA9~U;eZ00^-y2jIuyws zn&4KCr0CrprbDl@1F5pOeR&)MWA(#UJ)eh$M1hF_70-+nI7#{rr8x0qn*)2=5_LO~ zvlgo~#sF5OWRKa_PW7scB#lDWM%R$U*Q zw=eUqSK4O2xXG?aO>aX)cw3fV*$tt)n6ptkOLJG##YAOH-3Zj3u37StqC0=KL_POX z;-s#X?D&*;LO;EiSu5Zg?`o1#HK;MB&(d`XQl{w)e~;Ixi3LF$KJ z{JI7)7=T1^ke!dGlrB4!%|YHX&3IKND0!8oGKTs9QfpMH0vK-zeV*r$-)`39I22)c zn^Q4r*RaCiGEL0q;IG)&v+?;8tAypv=j7$%qJC?#5kzLnloXDbO{pfdJLr|Z5+d`S z-2k(1L5X8Vb^X=dF>VegHCsThq|v+>rrK-hxS2YoRPu+qvxTat-Cj5CF)_mm1l$RJ zHu*kJnstzMnuAo=S}ff_g#1B;-b?d$mo!ul@XmyGDB0GqA%)in;(l(?x79 z$>{1B)7}c@brIkbuFH?a@*R=Y$Oev4q2TtP6y*w%D@t8see4vKrQRqw9~Cl2H=B9J znkl*0PV}+Eh+Xv6;8j(;Q<5n6dhzTw0&byv?>#)|N@54wzj~xfm8LxoGJ~(R=x|sN zqfK#MPV?KJ3|XDIGCNE62M^SXT#^+g-U|3 zN-#uQ6cpLN7e`%mTGCL^%IL+E^iX;v&(rDWpx!b~AFGS33T4}+js;S55wM<7WCS(B zPPYiA5QiG);9L@X;WUyP0X5)U?*LE5B>1u%t9Uhl)t0BIz-x$2Jvy0&X(|)$$vd_) z+8Dc60k;#%VjQLcRvfPP8ouE@fanWP$>?H}r_m&bYeHGtwHrJwa930p3|ALSz(ya6 z)18gW>P4*P#uks`$f8b1Lc!595Z=H7aS72fIp>@ghYal*G!?KX~@t5!_RoEY>}RW-O0nQz};@u^RS8>taSvafOrq-!jSnmjy}J?!jBUV3RK zXf`6rO{a5_&E}P=tR;#;CrJ6dA?sSGRg2#@E$Kyb@tR}E&1J~DWm~W{uODunDChe7 zjyxZ?d7N?BI2TnydV>=Iu{Q?ztfq#;NM_B+6FR+GZq(Ja-tGGe*Q`63osQnOzPR5p z9*M?jw$}+{J(|-j^?LKjPe3#ja>8f08j|6QcV@UOWqM=h4J&ddiXkgCc{+(h(m$9? zNkeWJ?FKqX#Tlr?S;pfG+R5$d$7s1Gbmu#j_>|XA8$6>J)`d~nM?IpYjC>H^(j+IW zRt~!x#9O{Q<3Ee0aE!%4IyL86(_Y&wxgX^UlrwL&1{e#IAQiKFv+nfF@`~p|5n#o} z%PxL$!;-Z9u=J?oGft)1)Yuk_a7v7VYB)~RcLA})FdS~mF&vJncqkcQVEoX6My3#Ap*|H>gdhLJ4+l!b9EW;eS#03Bli@DEo%>A@yBqYS8=!3 zZX`@f@BOl;niP(f3+~0t2VR*_nD?G4`h4wbXRgfd*2ZIqOPhb~O|gSktQ~3@lZ>|4 zsGsp2kML>lmpC=3t~yKBxOh!2Iu}(+CHK^>ohWGQ13e42G@L~JzzsRaz;l6UoQ=xe z>H@l=nB8{`p1BITk@ea%@tygE9ZVX(UbaPiqnq5guqz#2R2p0J-s@K$ULsW8l|hD5 zQ9!8A30s*K`CZtun0vw=wG8-3oQ)$O3v*O0u4dhD2RBWQ)$Qu9+r7uro7s8G_)y=` zdO6Zi`}|o4WpkK6Q5EV8%HyZFpa!^z{jpN`gkIno#2B0sBFTu~XaE#oK!`O!M1vGj zD?&5)k_X8p!VD%7;h@)OT!2iBEatuh%^LUQoQgGKS)UQAQ}Dd)=saH3R(+?KKRMwI z|L1a$5qo3ehw0%m-O}vX-SU^> zYSJ_46#g*io5Ju-Pv$abl$xx|G-Xv_TE<^LT_yX`^WMMP7haoX3cg^We`Fh z_6{0kdvkgEzBzz>u~E_8-!ggu;rT5qQ9A1eOk*UKNUfE-QbsB1hD=lYvJlWz%Ih$D zblFeKT;&Fcx{S>O>r47x{Y`IPJ3#RvR9%C_P2T83dkjfG7k}zN5~2(02)L2OOVAt5 z{RFKYPy3Y4rZ`F56<(|zm$X;x{Zwu=;PM#!IV;5~B=8oQI=*|qm->PY_1Nm=V*k3C z7a;Dhg=^S9f{~b4U&b#H@2PKMxbd3>b$hKk`M`uHUCfS%Grk$#cX0NRl<%jKhAn2m=t~2TQ<#g}9WzlG`4;4c zTVho)r4BVBEV6P37xscRF7fg5R(->=sPF(BL4on=vz6R9i@T~W!eseAZAQ#BS*sgC zpp~iqBtLYCfE_u9ofn*QU=i^4);{l9CcntES}{Vt-{_H1ZenpJpFK%> z>6cw-$16=gazZS!QoLJxrV55WRCTsYJB25i?Wb%yeP4yu!S#p)N2aCn@k73U;FQcB zVTj6sAI{lkm*B-AdJzu9A#Uv!SUgU4k-Bcs+2y93Qc}!DFip9HA(n6oDnL2`c5)%z z5|9{b-j<58>CMJj6Woq$VU=vawif34%^dFHL?rkEKRtzE9)Icm%kVqGy7_26#3c;j zHRL6Yz0Yh`zkBKn>xdU~q8IcZaHmd55L_ zQeI+b7+sb@S3?kH@NfzM55%&x$E1E@l-Bs26^5{WO6`71&(bWnIH*V8v+^kD^ziva zAfH_=0Yv%8S>|7`V8&A1zVUF0nD^9 zYOvKM;lN4mnRS*BLm=T2AOwO~Le#U&aIwe)O6~+iwb!^nQ|;zam<2(-Xrb)y*+$Up zc`BgA$i6ls>_oL413PtyJ)sCib@!Fv@Ec+CSS6mzLD&$bb;v2|rC!=zzTcV1Jq?%2 zA+rR|CA`7_u}4VknwE|k8YBukKsJe~yKA?c;SK0Q5G6aQO>ASy zwb8pYjE9n|_#JQvNM!JOmr177o&Dh`Ht|a04$tver+lM)=J!4kWzTje)?Bzh_I111 z1d&G#vz=Ks#TK=cjPbso%3#xYWhURzAqbP2>3Hgle6IGCoMcI;7%_vgfv8UXyB+|I zJT-*!i$fCo@_7IE{`=qX`@h?~Nf`g$c)bE)PJjR9XKE9^jlNU@1jS4*m6Rd=%YJfNhb0A6{E1<4=N*hB=OD4x?w+B~IzYv#&q`k&2y@Qzv0iiCk&0qja@WR%&^b`SvC6O!!69LH?F3 z*+9<=Ui52?*w*QplH5q{H8=db`@PD5wX>f7pa5z)oD~cgh2C%fz&OyUUMxu`*T8!Q z6q!|x-vcc`5@UX zXeq^fiN#XQF_dUB_1`Y$IX>E9WWcLO-T<;|MyBSjosHNGwjW@aSMYUe<~dU362KYx zDYN4%gAhadn@-x7D>#7v@0$2eSomwh{(tu5zc`)0!NUJ62?b4hU;&iR zqDmXe`I!iuR~^D`+30sc!lNjg~p05^`$^;Etz^R7B_Eba?j<29hXsXx5n2JBOv@fD|O>qSfsH-e0`TW33{FS)%n%^~JBfXd63n##uPo+By%5`=&XkYJ!I5lOH>%FC5NK^Ez;&?Td1&`$}g_oEJg z+6~C*RadaH+%O*`{gs!u(AI2mk=Izc*rd^JW~pg?Hv4(hl|Hg3=S|{;6AK z4+)v{%#p>PnAmWlB4F)_S#gTss(jEn;oGg>;lTsLE zBiFar-=I|V*T0Qn4hMBYAmwB#^UudwObnv2t*s1}!nuNo7o#p0TucVxjxDl~CF>I} z=S)b_*VP93UnEKiGAK0?TTg9K_k)cR4`d1{>XkHNH{h&v`@VL@GReyoVj{rIy$r1(YjG98 z6peNWzk1}9Z{-RDV`uE2Qe*Jb4UvVENo$mFAH{m7RtdnGL_6%JzPPmHm|QZfxu#EE zhjuTfoS*D1Box?StH-6Xvea)giDUi)yaBQJ+_;h7CWUX8yOYMkl2ndXlf#(4yp7Xb zWmr{qWvr}GMWeAUQR%VH!YV;E(&`{VjJR6q(xjZM1C)tU zRB(YP`5g4jWT77nu{aAo83_8=6fE`IdIYyO< z`jj1PeB*!H0lI);6n|AD@zr}lg%tr~d_b}sZ$P!WE6~$SXBuTx1VoBE$%$C)=6R;IKxe0xQhZHSrtlB(3f zp>287sqr^Cp_Nc7;PA@kTI}mv==9<$bNX_CSqECq~ZFx7+%SxJ$&Zts1rCj7kHH*|fLr$thH=HL0)dF(0{!XU` z!==`zwF@!-er$;%L+};l*hlY0E@NBe5%s#^SO3)KllJ$~hvcTJ4Ezbp2 zR4bB^XZs9vPjsEMI-k*r2V-&Xv=xY(XZsTLO*HLSm&N_UbmR6JkSqN%+bm22eux9@ z?S7b3pjO&XJ-XrQK&xlWXx(BO8J9H^Jv^=3o81ypnp|Wv#8nX5B>wS1=dwjfud?4=z+pHl1$;Yv| zWf_){F`IR|cC(W`magc>?2r$$s>}SayKksmt?C@rSX>HF-W`jc0*>Lc6gPK*TD6&p zHvI5A{17|b6#4CXp7d6iMPW|xxKdC0O`41b*hBk_uRx>If$Vm8-~0O;0$veJ*34OX zh}4`o`^<<$U1yMLOlvH)6Zp+R7i%MuM&-5g7i(d9vp_6&I04TP3&7l*baLRwK%XSs zJgfvgb4;Z6ltMr47}R9#ajSHE{w#CjmMHPSAJL<9^!rHg6R0239uj2ksQhxbhF~1y z9+X}z-SkUg;~AuJoy(U(n3zM!+_pyOVD{^o=>z#lZ41cY)6F7UGiq98{p0}|f2$cH zkEpXz2C^0|FS}z=aeXEvdx>>Y-$`kWXN#GgOeTV9`&Nh~;klDTS~;quZ2AGx$A?=} zFn&OD0veats_G_LF+0-LlS3aNnQPg<*Ch{}5l-A!g+MQvXd*P>{j2?Y;! zCFC?Z&-lqLGj}2?FaImSNg>r%u z&gF7m^yXAjVxd`X)To!w>s$hY>+$>{QQbMEO?kfS+ZUky{Sy)$Mhb`F$f>y<&Xw92 z_VSW}3Tno3v+8+bSDM=er_4q?BvVVI`l^A7@bz+TQoP)FRsjP?g|IWNu(O1L@=g-G z()uPrgLE?cOltegxRy<&T?Nh+L2>TQ z`mo{S3Ti_8M6%kY#ARyIU5hjOd)#s*ZBgD@m!6qsi7ZTMyL>gt>_X;>kQ7)ExLcXi z`PLDoaW&^M83f1t;*|7`L7Zadbuh+ectR7$Sfy9D%yT@e&CY(_!mk9A*+$MY;F#xa zgyQ=oBBV2?I^3A&dS2MDDHy^VlPS6K70w06<=G=1zDgTPreUzmUDENJ z1O2I+MWP1s z;imr_{ITA~6;kSG*M#c*L#T|*m72lzX5{SI2U-zJFYEY>6g;Mm?;Tk#Gsz>F{R9r` zL)Omr+OGYG#U^QoKL_s1O(6IRzO@HX7ifWd9tPCMXA^4i(L2~*{V5*mbQt&k1Nzrx zs?I!4fdcv~<>4#;_g`o3|4c3UpG2DfQh)tJaR2wiccR*vFS0S3Pmv6#c}h}~p5@K= zD)BWGED`=-jdQdZ14=sDP}ky-hRn3dfmBHJD^G=`vCB5}4V9;|_A#A#Q1tK5z1jHh zFTH#{d}7{{TtaDN=E!{eof%IVM_QYAS2iF)cG$c!eSKC)=?uvOGAXtPqe=RN zVdSy#`U*|5NOZS-?+F#$vDe1fzZa9O1px7t$GxRr$#qN_61(Qy^4Hvuua z2|L4_K16qN@z0n#lDozoaRXDvZm8AAZZgAXoSV}((74@S$*8c__3?|P=40?f4n~W(%eoqNL-)Bu>8OM%NH)X6sPrt_w@?h|Lu(IrNAC}1YxXh0xlWvG=}#&% zxkO_m6h@nt)k9Gp^cy!an5E4$s4jR#&mmfNe}|!aTF$w3K8DFywgP>_2WN;Qg)#d5 z@1&c%rHz0ywY~Y6l==iDs^e39h)6mR7djsOH;1e;BDf`xbz%-Jp_O`$;8smF6@>&dl$yS z?45Z0L=<0`a}a(eVr|2=VYz3eDBN3evKys!!;FBt>vd7%86*sAiQ2+=ru8w^gK!+|}j$wBF`>uJ(t&LEO5qfHc@P)PKjHG(T21fVms%aresG z`vXR&r!g!7ETT1Q|8p4CL}vp@c%V>=i>Y4E*zN4hveVrqSk!@%rqvsEUHW%x+!6E6 zP1J%vnYPMgltx6+MS`Mwf7Qa^P-eWzYLW+&G9G@pw?h-62+Bndx2eU1bVW6Pc=7m%Fh-dW%f0bNSFOA&NyB#v zN^Ah4U`Wc-0Eld}0DHNL41c|y%Dm1=`ezhRd zyrt3Rrur0c^AU2D?GxiIocNJ(@MdW9DUA`#Na&tKtc!k-m!D;t6}G>$Ku|xsrjSfw z8I`z^U!FGF$7cH)zj(rLjG!qxu8@9kLFCnUJ81g$hJFV$A(OIluD;xI>Ov%18MztB z2~&aD6^h&FU=wDLq&_F5IN#kQ7>Xuw%YeyZWm6Et@M*%Eoe#Wpuf|1@wCJB2zB)q- z>kRpcxICZ>!`Cyh{7ZBC7hUO_-o{=xfDFcNs%*+RnFVyxnj2d%&9vEpO(cwLva+;y zY??0jgqv;Ry&Z^Tq1S{2qCKvNP3R+<2)^Q~V1{skjA1)Y*#5A2=0LvE{!0XG zQMfo-?V%SW1EifcqFb6*tA4FjvJOYt%8~D9>-dL=TpvEJrjE)dSELz7p z9zkjOHFh|}a)~ZlqH+2b%N;NI8qQ7sPe{%wShN}El>RoNMLC=H08191`g{AC${ol1 z^Qb}(!}$)bO>FwzRo9s|6|_#%?hlW%I9AORdcAK*4Qn~@ne$zduda%38}obsi7Xt2 zq^M~?X2U(h)ZYH-;R@lV1^tqkUH52xVBr`i#>>pe_0@r7ULSnn?|g5C1WvFeeIdjp zZ%7`OuR$2CNTZ5S5QA(d?pt)@)h6aUIeJKZa?LaG!Rx;{z7->m&;aj`XwPM$$Io5P zr{+F4bo0|AZ;7(^iRlixwlh*Ey^c)mkwaM40(wR)L+Qrr-=kh`twow7TknIilarr` z%Vd5xPH=kU`fHDD=Z?mi`g&OA$Ny?d`)`2bUujqWv@m!pX)Dd~qwuUH6~X#1-j;$E z2FxZ!Lp-k#`7m4?EP!K}T+>=NlgcBR#E0{Zf@j9=9{*zQdd4e9EXl zy4?JDcw2-2M(tKb6#PO0h)os}5Ks_-xpPn#*Hf63qDsmgJI<0!K}9WBSF+RX1qOx3 z1jAkftn5B$U$(&PCH6NNw|NL*48PB#iM5R9ac9&XqK=3+$bdNmwz^9Q7{!HTK^!>5OiqXs^CDZa8MlD(}!uSB6pFlF`K^2XZ zE_&I@*Kr(XOiPeVi@J&;Or!50j^J|9oPTbj9Fu%n(M=k~61@=@!dhZ6Vi4>KIO?=Y zujE9>!rOxsDqtbbj|->+I8W~;;S|{^^(w()yA3g*)4T-l*%4a1wChVjXfha8w`e$c z?Ce=T#4Kr5<9Q6X*gN!9a`r2BAq^zZ>n7WFT(Cno0+|WDk6uM}ynnVHSRk7+#<9 z7(HX2dh@@L-k;%`Sgbflw|$eZEU;j=wu zI6iH*za3pwZ+&B0J_m#s;3!ggFjN|V(JM<6(yFzE|1{cXAP-4~Iz;U-ke6#gbq!Xl z^#aWF=@0(!{^&Un+nu-XK56f}YYy!G2?*8w(fLdxvdkk(LiZCW* z93%VqslRN7?WBeI2w0mt4N$K`dI#@=x7p*Tv>SMA1V>CoJ z$zY*9aSJ3Vr{4@PJN?4Tu5h=}Kuu;>3Jcgvy2skA6xY~r@w)4waoBRQ>b%4ZD#y|4 zDOwd)P;uCb*j2~k0fk2KAdpMFAMMk_u+8hH>&UYNOW|)CZee2JZpD`8+m4#j)`cqJ zk{zTC@1SI6pXH`M5%TFPh2dy7qwA(vKAU%&as&`|bzrvhjZLYS88a6Q<>to;cRbk8^M;@*%zw z<{lR_3P$l`!JEwoIHSPdK->;u_A$6iq|pn{3f$?P{(_k7DJq9hn~_i|fI0}5gZ)`TYPAJSrF_4~Gd48x6Kqk zAV8uZF|V#`l9GT(kF)Y>!SnitFWIIGquNlsf@yNN_VIXU`3GnlkqxZ~%>?FyJ(Yay zc_AWCWT59epx2R*dazLArUOm;!W5=|@n|a04%5BBrJ+o?Fi&GBJXz8T!$daa#`W@0 z%VtA8v2>jm^og3M*xAEDh_~OJ@F9iXg=^N6U-SQ^zJsEH{oBy4yk{VmK%`B#opok#`+J z-JwRa&tWAUKUi*^>qXFX;s!>QgCl~=M@7m+uWd{^a@kx?7K%D6qk#5}f^1aXzZdK8 z->{2VEbXg!9RJti`PaGYAKy^$iwOKj0sYgvm-rLfOZgy?k32Qi)6vnNfuDe%MA(01 zAGD+d$i4f!L?}oukOEzNIs-#0B(tkqiL>`Y)1$s-C0dzy<=T1RCD=USn)0f*va6(s2L=mwLEdB zw&?IlGErWS3bml5AMa#IgQ)w>SY6?w@;i`y=j({Aa# znO^ZR*2!YYLtHR*$JUXyKPZN{ST~JhCh(_Q)^d0^X`^`r-6O2%ku}si)s8fsyJU{M zIW;-2mN<$WqbHlp*2^8UGuU(Nwe|v~QMK8cFPH5!-vGGj&6QW`b6x(F>n_ur2CU>2 zM!Js4UrK?uBxV_nWJwbo>XY*Zq@U>{=NHmzoi3}gL+3C`g`Q+*1IQDZC-Z)pF1s#Z zM}3{%7mKwnT=BK9=Rdesj&SsLRT<7N)-dGQUE0QK4MJ*~(j~5}rGD}t{6^70lpD%S zlrD^I%arzaF2xhioJEsc#a;RQaPbIf=|pIvu2u`u6-C0>9;#>ra}Dzd zR$p}-x39vhM~$puxBFs+wwK?`o{DIFwq zJNPQ_-4avAIhUM{22Ig`FcRKq7gb{gSZ6?Oh#kT%_ZKy8ro+l6#v7xNjCD%o7D z!;hl6k*xPddi*P+KOXtExC*f~hO&;9w-88@5H9NG$A`sF(3UbJ=e*RlWB~s0=P)wU zI{RT4XaCu(`uPlVi`=$d2j`p(7q|kC+g@&2a#!0{qwN+WK3;~j>pAF`s?aKs4;C(c zSfleS+#4THnW2Z$_0yy_1B7BA@*t$xR?r^y7}+pu%USOgAFdN4675Hn&b+V+cDQ-J zKXzssvCQ9j3>wY|fPbbAck&xG2Z{WaZA(&F9?ob$b@YPMR_B%vhX{+royAoTi9kKe zQNc9H7vSOm+R=W|G}O4p`z~r*RYAR(+<=pqAN%Au)R}mz-q!^3m`M{fF=BFl;nLTr zo2O|`^jR|p^`U^?x2K?}2bYB@A_@Q8!(m52+9V6~`0xvO6vN8WqjDQiqZSopfykO3MePFiCKTvUhwPo6m|vRiQcPlZpg5|n^X+==RB@!hVjn+T z4dyV{#tX>tHf+W=MlOBMCr7WUCLY5bJ#OFpg|)QwP2dWm%INgkL4S%?e;tx8P(}1k zP{3%wg%#)TQEP*is4=ultvF5EZy2q;I&G17$-G1H7*2fJruKz07*3i`q{uczx5_dR$g+7#U}K!%%nqrxk;|?qRAd)BA3!aYnst$=}BTdYa0? zfiTp$(VX!`r%P_{ZJ49e&42D$h>WiX|HljQy8?)oA=3e9=m`Anu=FePs}ccK(y++y zPAB}?Tt<^wwqwvpKAT(e=lGWPM>n#-dR7BDnek4#<&qmAGGED!X^-}$QL>CQplbo} z$aLxSck{MTO)I7s=J%SB=xbA%w)D%`nS8(TBC>OCQTo(-s?Ki-U_C|YAeb_r88j)M z;;6+Dj_F{x0`w9N4lFg?O!)I7kHs>tD0p50au)9|GyGW56@HJpfkjwf{|53q!(7MH zH^E4`)OV7Po`S16XtIxhF6OifP`v}C{t!i^@M7`|J4SJ7|9I*M;)IO%fDt)J*$z6q zY6@xA5s!loFQXqLGF8CWIq{TDjT@6jpmXKn)-J6pKkDtKE>zNQXPLwZxv*`qfZ1vV ztbdAS2EazA2lD3WiGg~?r_Aja%Ef?V#3lvK6*RY>T zl{@CdvNPkxU`RXU)L2L;cEEB5---saSQ-4_iSFmF${Fvjf4-6r4qkYwp>wpG3Qipy z{mA9Y!b=tJc5Glk<@ip50IJAyv&kMKN#sIQ*i5Z0UNjbX!e5|bVfPyrxd=OaeLm~S zU1fGv#_u$BZ@2G{HhbmoTeI&{q0xZ|^XAvqD&3mm$a1S1)Cc=y8k)tu* z?3ScVpgbcb*6qXn{r1A1e0ij#v0BqS2V6tuB1sB9;6_Q}qaprYp(ZYaq}QYNxiy8u zyiJu)Ox_CRuT{(0BfdusXsiWHvl?DPfza#K!43;!WdU|tuPh1dFXnk>N7RfzDu08` zPOHhpM{N}Mne|AT%FAviohr9guM9$A{4$x8{H1L%WL=`7dEAnD+3;1xz-7YGl^&6W z6{ok5+f6YV>&_Z_ytu`p25p%E$|A1QnHat?p^|1mn6n@T6;gyMwh2}bfjb|kJn#)> zxHs<%CQExTW6@zVcLOs$j>-PNn7bN0y0O?=DZs&{U5fNLz|Jo*X9Xp0EB;1H5_Q@H zPFo22L_^&k_x^(>LoIIr2Y{h)GK!cs&m$c_HJ4D?uZ##QH=)3umTw+t)G*TiX=y5; zE<4v7e$A%VDdp9dWcVa{UY+-|0js^d1WgCGu@0v^de$(-8_pM~!bvC=*=e@kwX!&r zaQ1AlK(M+J`~z$Y6yx4qIPw)U6;JJkIXkQ6+*_93s2THV<<;`akvB7soX15or%o#r z4|bky-%OOS`NwRDwtcz%$?dvRbowvZIdp!W?5sR`*==l^(Pm^XTMvA%?4r1DW8f%W zW4E~Zo6iXfh&P`1Z&e*}vUag!Z6MXkyg*m`W@Pa8?QZ6(Zv@UxEQe+;QaM!DM8T(; z-)9ih0(;W2t0reqRe-qr?yi3;$V469$&2~?k*wG~R_T(tG=re0@XkUzG*cKR2=0ZQ z6{VQnu**6H@Z;hZy~Zo!!Lqf0YkZIV1-xwj%E{`fp$rNDGxwHaptlGsK^mW##nHY% zRtwtI*lPL>MoqGYlIE{hp?DPup_mRv5%^^21OS-TdUXHtqEvahruY_ShJV>Bh;UUb zF&`M;$?l1v_1bgv?Hi@6+KhmPFl3N9U&|KhfQtJlY`OLEHd+$ZSgw=4GM{?cE9B62Q*wzczU`7>X>Q zWrptT$Fum!vihv~N;}X5z}Sd=HDh`$W1ZJx%-ds3J?(AL%-*(r8R^TEqh~M8QC5{R>f1{f)FiqWlF0$-cpkcnSHev85$U-S zzwEqIl!jDR0fa*ZQh)IY6g_f&ValOd#P*OX8)ma8^np)cQGg-vb5!C0*()^A6Fr0$SLfoCq?>0|GX-O_SOR>{x~)MeSl}fqw4VO!Z_ptP%uh)k0QUl?q~MNM|P~+wS-~& z#G{qcohbd)Cg&i|_WYgn$+<^H&yAR8AdF9jDH;%dHxU&PAs-0G)SFJbjQts2uzb4a z@vCJjTF~$d_cr$w7s-W*nW|&xf}Ib40gc5U;!ViHvGcW;e}jRL9!77gjWm8u}?C~?V!Gy7|w^*GQiWJpTPCm z-zj~-l0V2NbwOCVf!u8ccGGYFO!QtHZMz~yPGZNrp^T&K&mNpE~XoA3;0H<@wgujw-C& zVgnXTu>dD%Il48Z^4?$|@f0xgt7nW=pu~BucIVo&J6zn zZhx4Glm&~Zwv1F}y1$PJUpp<>B=)fCzp@3}8sB?^?3UQu9F+^TYKELNecyAtW#20x zCUW+f=dkt5COc-8ev{4d#ls?mmapr!4l>wyI4Ujn4m!8Ff9=F2o?qH<%YqZnkI8p) zmAVE^(?P{43MAk1?i9fC6AHZg#6Z|W3Wv+>m4Fct1*UVRe&0E5fbk*95+JN1$t*7k zFjYdG%GJn{g4GgQy7AH&Y-~tHpHbD}zvzf*vM0gEx!ArFnqP|PTf?W+Rrv=0ndwuZ zXTlNiNS;#~tm_lrLmT`K5%6?$eaTw#yLv}BW**)=>qAOeqkn7XmXU^%ON?6XH7Cd$ z&e{)KR}7|oSk4{RSTp#O`@uCC5U;)AZ&y~%g@Jc`3KtCT>TJ2=q}Gf#>Ex^y)CZTP z@pVyD_1M!Ytzpi4a8w|V&dAf-9{(Vvh~T^PPd>eOXQVwuYs*TW)6fw(W8Ca3{}Q$+ zCO}bo+GxI~IgA+WUtyP>pWN%ZcUa#@S7wab@(NV~DPLVHp#0M31e~mNWa^`a-x0Pa z!RUneX-8+WC92wf@cjkdjST|b(tj~tT*Uvs@Fmr+x3It7c=@{+#9CoY_Uru*9^ha> zTu}Fyo+s)-P}tt!u%XDXa#0xuD=k=tUcy4wLe`t=`Cu&cFM+*r2Q7(kVMOa!pvu#_ zW3lcQe)cykc7_~7%D@8})fx+e$TEM{inHbE+L0Jul`5!7j5w3ZiJVMNo{^aPL~8ne zeX&=zygdZPn$9Y_)jl-^UZBQp*+>kkM*x_$>_t<1&D?Xh649v~ddY#$5Mzl0X`JyFuw`&H zan_c1eiK$3CL6-P8JQ(%0^Xe_RZI!md+AFa*rE1gvPPgwo0$GTk=L)e{fC&|*zGIo>aUq|q*pYyGyZxV-smq7?H|?|C2cw6 zuRN!@q^1ff|L?SwplB%85%LJ{G&!MZF)X~_2z#3gaYuJunpZMaeEfX-2FP{YZUm4E z!$@8);crY!T${$ko=3@CuR8zAb-EmX|9smc_rv5?nGW=V31$z65==Q3X1n~oUl2f< zP{4-U|0_UtJ+Zgq{&2U2{7*gOdh`xZU|XjROH2D`x)wT&RWKo^tvW#6==ULYJ6>y{ zwV3U-Ytvm(!=$!?4y6@?aMA^q>2VbXn(qN?Q%il7ZEAvq>Uo)s&2bdr9swpI7hsG5 z>Dw(&FYQtdZS(x)xFv5LO#z?K>F%WPBxDL%S(7Pbs`jF`?DCG6|L+josXShEX5E7- z)9|{2DHwdIA(++m_xEIRVifEXNPf0Pgv_n^p9m7lxBD^LJrLgMmaA?jbGM2>j=vT=+y>ckAggO z2~;7BsGZtyrbCrq{D$J$g^%OR<5;fyRiLPBj8z7Ra-p`HknCtBdx@rf3|=! z7sq`r7);6Q$Q(!h?=S8nUXQn7$ULsYkK?OpHR+$NU5~UE;inU1%@#26=)GA|ptoZf zh0QZUQ-B$v+?7~#!fyBvBXEi`Vrl#sO4)`U2mBf5&}kE@XxZ zB7r~FdZ4!P`L`vo1|GFq_f`HY|7(5}#s9Pf1PqwT&hAKza8m=VOkSA8 z%H71}aAJ7!*Ix;QxcvBUV+=K=;+nCQOp?dScJQj0t~J)%UH;(T3ro*5!+s(AH}<+? zxrN=)IneKiFnC5C`)}Ns}eJ^FTlOBjL zUi8mFO{Wyk=P*4vb>*OU_!?B{3ExhD@qk_ zj9f$HYFX`<1Ly^H5>yTWZ~imnf&ks4kCsV`1zPS1!~|dJVvX?W^r9(1tl_>kczB7) z^>!S~##pDhR-oz*zEjHfdNKp7?uhNL?a;(WzT)YtpRWF|WW>LitpBT@{?$j7jGdhA z{trDKtf=tSP7ywvcsvfc*A!7CdjsTaaDMmZ_dW-tq$rd6b=XFOR^fS0T;g3fOM@We zzXN@}cy^vRJuu*roSB;WVse$q*|5&S&JBO7r1$6aLN|K!guIgP1Vi5$YK7q;^=1$e3HzlVXn2-O76cmPVcB? z?;nj53OJLF@Pk^#<+MR~f7G1x4;$j+;k}gP?CceyYW_gT6EJ0uLKT`&g-52F>X+;E znY8)5y5q#S#hc{gk#yUhntpdh$5Jx}`FZ|+MMT!XkPWGOX^$%w@}txWM9p^2GK|#2 z$e8m%0>y%ri;h3dq&P%9M@1kpkF`!`rc1mH%W6FUG`*PuWJ}>a4Y*i52?By!AhRHQ zO-0%e>`~Elh9H5~k$-h4t(UEai(PewYF*#pm@<-TaVI8&FudM~jX~^BiN{^nD-LZ4 zw@e;e_7UCo&r3^vM7fb$ic_LLpMPVp=0XlG559`V=zlF5lK-g#{Z%x=#)h^I`u|K0 z@Q&NC`RYEwQ-{MYxbaCbNg#sh--8E$Xb@aQ66NJd3m^)bPCE^odI=i~8)3Oo&(E_=XRH%Pl@({z4~QfX7(vT%i3>0*o^F3}Y^e=?`of z9U0QezTfK0e#Z5TS0^}_LlPZ}o4+N8W%1Hp9J_)(jC0`kZ-_{i@ys{z~G8k!{pJu1N z_noQuG94X~dxt^AtUvH}zg;QAY~lng!Ivl& zDY=Bh@OoT)16l*|DZKM5f}F#h6DVz__nnDY%s{OUHk8f34o-n3zwkJ7P2gDT4}HYU z?ZO-&9ZM>C8~;Df-Z9A5Hpv>Us#CUY+vX|Twr$(CZQJH4+qP|;a@F~&pYG|I>6n@5 z_lvl9#E$)Q-&f|fa^=cgr&~Gz%aD4}lx!$*UJJb^l&OReZsCvvsR5>CbT~r}_q0<6 z^FGq-vkB0ycK+uL8MGBfOIp$LWekukj|a>b=_-ceENJvSwB~D?vj!*{*Ls>Wo*q4v zC#j+DPy-4*Wu?DEyx_#YuC|aJd#z6N zL{?--=>=KH!ygF0`$@`DQHhKE;A!}=Td#p=YjCPpntUUn#PIKayvT>GMJE%+7kRE` zXL~=Vuid>o=i>bWxGX^G9SDh?0)TA+vO36##ld@qzz?FESE~3FI&7bW*j`|d{*9|& zyv9efdg&v#FO_3@?)WTr+_8cQzxjD7goyfPPpOMyI--CReh|dN_O4Ex;4fFdmMWv_ z8+hY`1uacH*W7QmVa{cQ+tr!; zzDR2YA=E^~{rg@MUBz0r^Y6q2^WVp_ zaQf4Q_hQ0Nkdx_C5l6n%+9XhM3FguKYM>a3wQUm3Re0nvRLS#OK-Wh!6GHKKxNmdU z2C*3bFIG;om*08vW@uWrZz5hpR1c@gy_8eTAVJ4i8%hIP{TrPYF z^!#s*=Sq9S=2PAL5`W_5Y?Itpp^?Zn3!X;`$hdXvJi3$!*w69{~^{k1dV z`zx?L_VTD*w)N+FQ$vR0x$K$EkvGH^_g#dL2i=$$*`IM-e|%s5)G%y$3qpFs90YfD z^SAGv^6VisI1sv7JF2R>#l>wHS;?_|J!KAQz$kk4%*VB!=Qm|+19tWSOTnK>Kxw;>o=K~ts#+&oB1{EOQ{LI+9Hgk1vy4S&G}&5(>`sf{LGa zdO+4;H1v9F9yUJ$^|2dRLf*E&&O*X;|`*gL^a-<$UUP4J?WiLVbdrh?8$cj zz6t4K6xUb+9ZMH!(I9Hv&O8$>s=0UZsr}fHx$Ip%LCn9yS-2<;<%L=w?6Al|*g3-&--mk0P9hIw(_O#w zf{|U#hvbk`K=5$xzKe>%*MnU;F0bOiy?Yj7gXf0A>vpW=lFNU=S&&W7?(Qa^20Dn} zTBnT-eQ%bYU2A>9OF|kH8nQ{{^gunHA3*}ST0sdQa(TU#QZRTLwA^_d6@gU`sm0+H z93+Tx@!t9!>Tkt{N-?&+)OUL3|GwJ)^PT-`dgl5!-kH)rULNsZU)=d^49)&y5!ICH zg)6ct#-Hv?X_H0_0Wt6(f%#%$<2C73IWwvt1wjC5ECGvoJ&i~l7qT_~wRCnSD8QTM z?Pi?{TcLWKov3|Hw-UhUmzJO#iI*Hd?i6L|3$0)A z(;2AUu$UnhFsBjLl`R0k=T}~w)gHA5a`@+EEsjdg4JIObBXQ=^#WF`QQ{w9GCe4Z* zOoiv=L@5c1Ga1X~u}!glX>-D;t1W~(YW`vD8DwD5Oc6E4BFG|+VG?=fr%4VX;zu~r zvM}Z?1EYoON%`#Vk|^wLrw?C##8dd-f^&+WE!i{DTp8w3mL)ap7RR?z8qRQUu<&|Y zKGCOe;MkF>R(c?)SLkTqaI^Wn>jYDBp%3ke6)YuLi)Tgdqf%6FZ3gBa*LWe>RU)i> z=m4swCCZW$Xx)Tggu50_&Vx(p%?^et%Z($ELw%n?>mClfA?(Q`GUs1qK!c@3+;5SqP^C zWqR>|rpys45L(W(uPNs>q?4$@&?zP7x$ZK|AZs&}D2&MDC@jeAjAJlMxaYscluf+S z7)%uvuOHfM$VWA0o=C!vVW|&|o}TY_I3-%Se#l6sEr`UGZF3nTn>8+)FE~WdE>ADG zPV6tIMS(HnO=uje*Ua^hrQX4h*=nbxee9Po3D+27hyad_UUYb0Hfg$QX-nj7s?-wJ z3PG3#p3DkH6h@^Py_c;FV$5ziJv}`^URJ`}iyP`M2{3h&v}r>>ms;$7$vUz#H%6wu zyRAvL#B@yUg$-xBOZO#YL(>{!j~E-}jh_zar-Op*TTnFn`%EZI-+2=s@OKFh+g!%m z^Wnzb{=ncHB*6eK=JR8VAMsMRx+sOP=Ru2;(!2^e`dV653C(ea@?FxE=G zWy0Vap<*;y0~~Nu8b+scOiQ(s9(L}c)aM_jdwHO<4~*!Dc%nQYwV5+kQ;u=I-XHyt z7_Pm;!U(l%v&ef#KV`xAHDv8Ch(czhE=f?R6q$YYgo;snKw0=D(|=>!1*qJQcM4k} z!RKFHdF(>KGSQjX`viFrCqkP+1^G_Htdz7%?W|CWD2Z~?!?UzVjgnSy5sMY!S(K3E z7;PJQjUoB>}~9!!7>_?ga1pl+!(-kXrnc(XSGMA zB$mCzRmf4yi-JI&IhlL!h+rx`F`{IlxH-$_fV+M5$56b{gHt~96;TOG)iiq_Jqwx< zDA?ohJ(7aL!w6wV`8Ybzfx^SQVh5f%tZ{r%!yfOrHT8C(yev^HbL(4o({JX55d0bn!ILs@2UlGrq1!fB51r*i5m zK(%Xrj7q_PWLasZ56{+RCVecd*1*6c$#LIa^(ojUP9@PM4i$2NZ-%Yc9fikz>-r#7 znQuFJ(KL^i9iVY+@3&$=7YT)lPqaYb(TkXWGoC|eEF{D-?xZdRPGgomw7Hcan2tcJ zF*l|k4PnCzP!n}l2(`x2CPxqoN77M^FLc>*RgTf|hd8iJJeuzJ4(6NgwrKv27(AC> z?F!z}9jAZ5w?#6#x1s~_JLqMtds1RMNqHxjB35#M7cZeR+^jNKt*tPO?n%2F+p}mtJ_b&7spsCb zB>M9`FR9cnATDR9^RDS86X_7^$zAg~I5!jd-8T-<-+D4haPjjUsi z(u170+%FiX=finXjg&!{v42z{+@s+sA*M=R&>&!(?t}Sv^bqYvblECW*&`@i9R(0f zX-ZSLdyqtiyY;?=dM5i7)5YlPBvBE9XclEnW`h8=4U;O6I>Oz{R`#B$FmOpO3W8Lp zIzmCq7& zIyln(jq@@#lKn^XFj<~Q@&`YBc67LD!Q6|oS{NZ>ll@%3NG6gDIPq~?7Hc_cDuK=F zB~GVj-vr%)?eGX0BH4h0&(D6cvcPNQr6WeO;0{i12yQT zqywH62m(E#miOu^>4ps`(XoZvT^s^r=g0j8bT1Ym$P}d?R<0JKUf5UW?Y+ik;bpn< z+dPLC#hSR0MWkl)>$|xpk_Pv-E<^Z@DV1bQS|vd)pVR6;*j8fW2+|K+;^V3EMYTRa z4iGTTfe?z@gAhw3NQH^%JiNj*v;F$^_T$yk5I7BTsIS2wBX94h1qqb}`R=*+v4x;( zzJ3u04sRB5p&Ra_W79ll>lTgq@rQ3i;$$VC^~ez@1uWI>1hQ0=E>>hHXI;hM(ruH)Ag z_`Pe3?O{-xN0|Z;Y;=*Vs>Z5D^J_3YLsJb2De1{Mgl42?Y@+@SD^~{K)EC_(R^6#h zz&z?k=+z<8KM)`U57gJoDvaC_E*qQYR_9fe!j==2cW7~xzRoD-A2jQB$>+svq&<_G zs&!3E!pe{7NkZ8E6kjimAa3OPsh2BCW#K0COCyQmoMULjke6zw+M0fzWqhS`ih zz`Y)s3y1iT&Q5yQ+pB~PcQ@MWgdNK;KrjCp#00I~RTj#7QsU5p0PXCQP-49yuO%)D zr)%+x1+_KuIBJOJCQrR51TP~)RLA2*!Q5LeBZm6KiX?)Q+E5a2@s$O0YH`!PDgwkk zR%yLHs0X7sW5V7xPF?KRg@^`GPXn%W)9^FQY!qq&bZQ(v)zt?Q|6<&vxA5)| zY{1N$2K-ylEnASokIt~!w%~;Pa685>He84pEC?b5_s|$4c75m=(f7<~p+}}u&BjPI zfSDc4%g-CUPdspjQ_(rtz-3Y)?`u>ol4}NoT#|I*OuQ|s2)!tm>PPG$80cNb1Y~P8 zg*Jf>aF1E(9BW>cnuOqO?E&X;QVFxGLo|GEP_}Y8{s!E9#iSy>EY0MP=jx8pijCSi z>-pa=or`#X3oWjzJd&&LuxkB32f_ZG+Dy*&yXEd=u5ZQf=xAza%Xsi&mC4_Xtz_aWE0^oS#ZB``OlIyS^qCQJPvvH@YNWMvT z?OXVDS4h$xy3-spj=7FA=6}9AKVb9_Z!{1DRbUG#_t7Kw)qxKv9n!)K7$Z&)q=Xr& z38OGj=;$j8Q0NNNBK3F!KtQTXJ2)m=36Y6eV}2|0n4YUJJn!wQA#;NY8T%EdUVOOE zFjNtK(nN+ByVW8`6=Cf~`%T6K%tm;Nb*zTyhgVCy{$$^H^FPDWLvwNzb%k!P#SqjP zvqSmm|Fqo@)M#*CLuHn}RhMmW-PV8Lxc?At7u8V5y*24hqR$m#=ZI$=iz>*Ls=Y$4 zG0($I;YbN-Tbkjh%DKR7Ia32!6WccZj?1AEtZ5g8G*d?dV*N#{T*`u zx4O`+#sC&IQ-4JoX=#2ES5aPLI5|kSrz%D%Q=rZmf@vUyYtBtiNUK`7p7H=@0_JkO z5sAX}?tZ*sD#p+6nIX!cfO4)~wM?Roa%Ee(Ewzkc2b1f0@+w7onobrSUm(vM$Z^i% zNfr*@+H^ls7~;&?8{?EimB?2S(7|&l$aRP@tRo~vt5>|D@y`-F?QU}VKHr~Ne}aB; z({cgtPLk%647OrDzXI~?TEGGVbBr_;p2#&Ao`4(q;=f1>%nj5B`{VP|iB9Q`%!ZD{ z>FV);S}=1=&!bKIgx)v9ZhHT~?g51(RR2LYOX-ahE_aI7-^nkY@FzUQqo4;%2xmn| za78GUIAP2y0oZpoBh1RHPl?bYGr7foDhTr_+7QjG(=TNQ#(wF#6Y064MjkU9LMi#S zBi%OP&qPImj}SX42kczpKJUPm;6tq|{%kR&$8u!4# zaVycdr$}V79ikegH-k9Y$G_A@Ob)4re~YS<|8o+Vb8&cpBn7W9BqATY0E#Bi{(_O`mdxs8(%Ra5Zn11I5FSwlInlUmwwMT4*0dp58Ogn0&h5Mm76lVRa_A zE7{4HK*lIhEK}fZnk>_S76&(gFjTXV-WXqd)Ydg11?Rs$Hpp+;g2N>>stl{To;`uS z$E*!&5Pw!n5m{Yv|J7->&a}za9(`6#DWKIo`0!9r77nkufAYLYSY{N2?k=lJ zx@&2Jis>QkwYE^(y-)coK(xY);iPCUZQ)vamhmMJU(oP*1a83#yg=snter`1^jL=3%ju6-|syTHJas`^n z=y+dYBZIl*J%!b}(0pN;mNnWsIy|qw-i67!<3_WCZEGWU_L1jA=Xz5e{B+?Y-f^1e zglp&7=N&`$%|TL68B*s5{Wkp8b560^ENy-_GJ(4LG+Ux;Q`4fDdN@8 zCn@svz-JQSf$XCU@u3`mH(WM(ci}|}p!80iftv!|ht{uj@I=vVK9mWNy4R4`ODD^V z-^+`^ZwZJW-gM~J2>>Ar$#Vug!F1@vy*>lJG%?^02!qz+UONEop5*?eJA)Q#kuK^0 z3SN(bz-JF7Zx88ok4}K?t_6fnFWb;9P5pBL+>VOeR=eSQZ%Oti4ps--)y2+MXSuDe ztY~e({q>J^{%ZG4W`il7Z|6slFJ43Tn)Cy4?Y{HL1=b6ulA+K{E<+85m9F*^EltjumI(J>fV}8E>O5rd8V1^20)MqQsz;P{l2__b?Ug! zPsysH159FERC*e&m3_iUCr2N3G+)DBjfv0k zFr92W$tXjAIa82hWg?O(CIDtog(UappWB^$?W+Umu`&UOYw^G&oMZc^IJbW41|IKe zJwPz5SoU2E%P*ST%6N7}v~6)Pr2xv;i9%;M9{tAGs~kn3nxdx~GnS{>MuSOKnSr=2Ceonn7Ut!^Cv4nz^sHepag%h+=6k4fjMz&yF11K7Yu0 z*GqNi`PLiHCvQLWB_57XP+UsbGG|_t8Jw|Rc|*1dF!w^i6|wyz)||>z>Z12B|fqr4W*Vg+h4_)PU+nx~P*W$=lP`QDnklRq?hZSXz zyq3yZAitU+mGTEQ%9Y8RRg9I%TUAh$(+sOAE9FR3(CDA5fZNgy)B5?zhtekMG1>A! zCFLVE8DeiQz%6-O3<0l8G&IG^5w#eu`&BAHos2K5j#7&^aSq4lEi0X(8o0A6`{PT# z7cc0kwow?+DtM{qR7H@$qUQ|5+AEqTZ{Y%7hXq=T$546$kkT*%(x2zx5&-ax_e!a5N#YUy`9x&!MH;(N2&`ph$=sEfZV0ZN^r`Gu)*bBy%@}T#4K|*EF60~t)TZIE_lG+~t zpS$8blb7ncw^Pt`f(GCJnv0kVfUL^1)`Ty()-1Z{PI4sDiS(Wi(C>oHXwpLu43lW3 z?T2^Tm}beMsrbyQZqy&?Ao?&|sb|<3QNN{zlQqz1cff_&EBOvP7uRAXbD9yC3r{zGJY4>=<3 zC(IK4@etJMKM&HWV_hZSQ%ZirhIvGdwJ8dnG_gb>mgPZ09v`+m5+^5Lh;KRxNZfmT zk0$n^qP^!0@QOVNj5L`TkX5TkP%R*M<?WpIL@xlIx&WFv0Wco} zm`wu7;p;%M`i*cvov>sHhP`%G0g%ZVRu6!*1<8P6as+lWg8U$%M7a;3(GRlry6Q zI0w0e?N>kM1}ypwwCrFJw>ed4K3-VA4Iq{XH*Z4>6K#6(#H{;e7GLzvixL^1yx^+p zpsw%JklOCz>Qb{NqGpOSq*HhJm00n{W=B9iW@kQVTVRN+O|*E_oWGNN1YWGS4af?1}Y^WzXTzH=TuiibzJY z&kVpNouLc{gVE{|(MP38RTp|MGf3&k^*JI*-B*#pF|2m;JA1>A{IDl04G5xLyq{%f zlMjBDjHALvQCaPg9?*_InltbMh+S`P(oy)?#cksYN+3UoqFR;W_>tH3l>c|(l@jy7 zBIdU#MJvXCr9c0*L(BJX)GPmEhnAS(pG?3%_%%?<;08I`c|X;-2y1?gYX<}xHeslQ zpKiTijaFn={Vu7K*FbNfZo@xWcwc^ekny^~^kB|dMVdo{u1dQcXEB-fyqZjNFy;FA zzJTiiOgNhf39xn(1kI6UzB`BI@dc?62a1jP;D_;>V<(K;ffJ!8&#S@11)!Unttv;C zU6sMo*)8awPOA~7ZaPSBi9@b1x7Q_tP)$T1o|i8W3q~idT#@T1R#hFfljxL6)7U~N zpdA&d3pQKZfH4dKgxoo~L1N7Pzx+3Jre)I9F6!C)rh`c-Q`^OM~=oyJ*J8nYt3@OMx%8Ak%o<4Sm0 zhzgCWnHPWRBbJQ$?}_xL3wK2(YE3pr$;~lMbr3j)>O7Du$c)*lydT<-oW>8}u_#4z zL$kgd1&}866SE$msvwSOs&#&3{M^cQVWyBdM1t)H?`{|!)6t&rlF&pwDSGG+;?em% zyV-Y9`sN$Z6ZL;cPXpwjyk-zLiu0s~>Ev@M3{L4dAP5swr>go+lti`b$y+LGO6)Te z$_klpZIi_H&?B^29gWAS?qTPv`eXWxaiVf2+7Z=f(j8V)+G{+J3(JwOy!ub988CMA z(4PkUYQnKy=Lt_FoR<)kB#fd4S@-FvDjtT8QCE!O)ML(cOLOBW;o@TH|#f@+!*3mzjU^ptLp3?)Y0esp^uMXFXb+4}@Q5%LfTd5PuR2BTOR1gyktR(Gs4$=#*DIo)<*C4ZhSJ^AW(^nGLxaJP7LY!H>vI z8={M~B(tuB`Q0W+6eVJli2VCyCi!)znD1u_=l$i~lP4U*3@U%taR6+2hR!U6hA3}U zac%wL=U<*(pJ~t?wBKc6HrRg+&42AoQ2)E3`45RpupF1{cNO&&5?YE6$qQ*1H5_1e zFuWcC97Re9Dhu_U9R^7zaN9SC?pLV)l51y?&c~@q9cOyQZl(X_0DrOyQ-`9*)eD<{ z%xJlwf_%65z?ARiz=_YSF+HT?iPXvZ>vZz1fIVEUJ+_f}U(zsL4n~(l=GfGbXCbKD z=eR5VworU(_MVV{1bgcc)3_On;#0JY*VBcg13$@h-2`#{L(~IJ6KQG){t?e+;KC-< zu5J_Y+-OiIX=LIx<|y1K+v z8(}jWw&Nj0s3e|7R)IJ^a*@xpI$@Grin(yfK7hYmB@mRFpzvEyUd8N16eeq3`T!Yx zVa)Jf8hPXA;{p8dqI~N6^PjSnfBonG9jTGI&9}_R=39L9pVX-1-&ve$HFqy$SCl_8 zE{O!01d@(F1rfnR>#SI{^USG%XW?NB#eWJ=Q0PdyV5Z2pw01Tk*EKH{RId-LFH3Z5 zaNm|?;1bJGE5ug(?zz!u-fsP>_1T%cyd>@Vze$wpX?csgS-Rg%83P92n+UWG^rj`onBc)TmGN=)N96Iwz?#7V4f1=!KZKct0ONnpHcu-W)3Pb+EFK3+i(aOnmyoeZq$%7i}zTFc^{ztn}-+2ofEY`%}u#@6U z+adMhI0BK&V_ASPuAdZb`XbZXsTySs*4&oI@+FH|#=0^VqSC6+d;XaXTK7y;t3@o3 zFI_NXz-M?7ZyMG{t*Oh%6IRmV@9zx)!#QfC1UE6Wwzy(OC{9zS)`a4+iAl%-sQn;i zu;PM5<>dpjfnlXbE14xWa4onrgz~O3d>5;L<%NSVYW=(8v!Gn zsF!1+Ey|t>y}K{1{xG!kI3cc2Q_V7Rf+PDH>673DGs2ZCs`&E^gli(EL@WlysIz@U z?S|I8pWeRIiR#l9TWpOb`DEql@w-E825~pD#>-BD%` z^9>kU4OiN_NjZ!#DXEJfn?SfSJn3^;3vO6~#hF$(s;hz1g;vhy1Gi!tB|x1mo{H^7 z=2N_^=OytcEAU+IT?9;tVljx$KBpD)Rf|T`^bK4!djPvqFwp7)W|{)9JP+J3w}|Q$ z`ba$``aC)n`I59)b@BrXFC8I1UV^kcN_R9cJHxK4>l5jr*et=gONnEHF=B;?opcMg z+Rzp+xIMLcS5P->0e3%O_y%K{KhRsvULbrV&`L#x`ihO2g<<#xW>_wJWne&unLmIE zF>6vL=?=Jh4)Q^0X-o{JOOT=^Q8bJKFRV@uD}jah--;PM_exqflc` z3|J=XQU5x8(|IYA5jZ->d4fV$+Nd?Ac#6m=5mv(WN>jNa zmWK{h@Su=DUA;?&`lT_vFseFZ>Z;Y9Wt5|R^@O9z)>xWZ!U6o4<&t)sxgu$`wDXNZ z@?MaSU3xHYR`=SwUf$~?k52imnR{Mw?w6G{C_4W#V$~w;m ziSw0jCueF3zDAW0iOIf%v#R278V?uZL_5~?#iotMW-Lj$Xixy&#W5vdPlg@Jx|o{_ zo|`SNlioweINL0%pBE)!WFr&Kwu- zE;`%XpGW3OFhc#M`8j=AkXr7jO9Q3|=s7~tMc#<(Z4)ia8c4&~LZb}>25TkEp2dN2r8r5CJ#P7F2e)eRt;M+PFy?Xh%z{M|qnfJamnF(D1X>Iv0xd?_M{s1RisG*IutgFD zG*fqEv-GQ*N4AfxSwA&J3x9FYDq(%btVAQF@i|S_W_|25;sgV%3NJ$?10T<=N^Enf zL1)r1Cdc_EUJunN+sLPyAgjuksL8&+DE0j&=mM=R=Bh1RoUyGv*};M@6bjoG!m)3r z;r0jl)L)(+qOL9R4@+J?C_|m=_ZK73Vr}%%0c-Pi*);tGKiVpaJwdH5ygk475 z{zJ?SyN(2GtJ?$SkK3-3St-ss)%r!f15o~h8V9_4#L;wHjRJl6?TdO7+(t7xMN#*( zgc&vq^v}2#DD(VY%isyi;DO2z0vW<12*ZpS?$5O|<>UAhY@f9WIVWf#P_Aj`S8wg) z=;Y`xq}9bawRRV8WyK|6TJ>7i@{?OP0iRclo1eVWgnHBI$1YZX}#a>RTz9K zV+!60Zk9(=(U*iN886!68&jhO6jIkaf|v9dsH5@|k=ln1Ng(M*Y{?q(hh_3ZC%jsr z140%0Ua@M%+7l?Euf#(wE5AMIwnwSO9z$2*;J9AnYAg@7clUe7#+y!ePS1CkNn~8M zwI= zX^%Oqh zs}9I7*+zG8?(bOq&iPQO|K+SHcyQ$w%4PMbQeW$WqhAj5!rCk{o&8g?NO`b27}tGm zmH`jyrhW7g*PZQnAD4Mw2ep@{4fwe|kbQKInn%H{#zoSM<+CkX>bN0L!n7(4F@1yP zk?S@oStp)lf1>Q`uP$Tcrd9;UchxS0^?w0W@qeQ<_$NSBv@(8mm^SgRt5qIYKoQ4>ch1c)^)w@?!MRlUrs1gHs_FTuy*E0tTP(i2B!YHx1& zeIX z{=ysZ?glRm52sv21a3$f0bNp<)Mvgu*908x7`g+Zds%gbvwXSYrKV2~*rn%Y~&?JLOG zO^1@B7N5CK9E5D4god$rKf&%KiX@UL+nmf)?IFZ++}@h;5KT(9uN&0v&Oy4(M1HkL z|ICM_DW-qBq+3bc@TLR8+C_)u)!&cN)$vI8j2GOar?|;$c@-5|I8#+n-B8( z=6Q0)^>sILQ|G>L_;z>%WP71Bb5>11b()X<_^l(z^fI$6^KOasjO>^am&N|lx{5Y5 z+Yx<7DV-rOmK)fg&pB)7E6DqiwuPG+Ov83-)oYdFAy>4$q+6&Mtw>a=?u^jAb1{C0 zne&_^AvWx1ca#9}rF~R2+3FP|*WqV5$602DZ)0az?Bla&!>!-}qwDp0D(4F#_0q%R z!6FK(`;Tp~nK+}oJ!;-1JA_nZ=&Mr0dFO}?cFGjy!@4Sdy>gAx9Y02uv$>uY)IYcGNK+?sIITa~2dj<~Dr17)iC2I)cnh1%*HU`P?u>_u)N1 zuKhwFFnH~u*#M|+d&v({SV#_kFWx>b4XohF3Zu@nS#$LeK*f&O7VH6+ZAHQ`iSQ`x z_($zdv&DZYo9XVU6 zf^u<4(N!}d5Xg`uNY_@!xI(JrD29+tsPq*N?%R|dUT5wOPGeY%b3AT0@uasx0Iz{Y z9~pc3v;V0Zm4!lng>B#&nL`Kq0NVTVXOsKVqw||t6`^co5OLk(_S{+`_mUx2^3dG} zVi34jKE|w1V)xZ-S4mRyFZV|es6|*8s*6GeN&f}!a}RnhW>y!a0zyP{m%_M?{1G9) z7D>J;p6pbdrH+_wVnz3s$5?>}LHufjx6|MQEyrrSIE2a& zHi3*qIt=eLemM+ObGu^_XNI9Q#DZzxZKB9>4(hqoT-)~KJhW=N+PSt_GYwZyrSkoV ztmI!M6ugUj#ub=6>W@71Jub-eZHNB97x%pX zFS%2|*4D~c-{xNgh5wLgBuY1&b+oW7zgTNFca-ldJn~CXDCNucL23du%Oii)yzu6pd-)(H6Xc zE77JnP!Y;f)!BBjk1Ob`NjiT?&(7aCAm@|Zg9I&UogTLGT1WK=cta_0e$_Oh9BOI) zj8tb8V?2CYkbTaMeJF$+@l2F|Bu5-lIg1^sBpDyf$RI!#)Fq`z;)Zxs7@r`}TBb}b z6sL_;h1<1FjZ&L)h!N??ZWyEOW#tMfu(7zV4 zci`(j_w-6!P9WsaoH@6E`#DXC=#@pN5)8>CWl;MC@;xh3R*LoEDG% z>$(t=>!OviopFSPYHJ@rPwnhIVwTMSJk;~&u~2nE#t}uR=Ss$Oc<>qpZ7Q!J^ZAOd z1LlH0v&92sN}OI)fb9*8K7QbPDrq!Vdff;R$$a zT&A;7J-bbw4?l_)LXy|p2HYE2Ln1d~u3QZy>6xr5f>8=|TH`imVdnjK@QO@K*VO$4aOLyqpKb<${7;!JB%Eo(6rI2l@%5SAVEVc=8Sun zTeWE8hgj;I-kk7VrDA5WX?f^lI%*T77sjFbv{ygmveStZJlJ!0L|98C_Xub zfuzx;^8g{BRuJ1_7`BIZHWzy6T$%u&4j`m5kVxW5_p2GtcQphlIW7Dj>NA| zJq1QNH!-cbhI##b+*VDK#9^`VDxO^c!N? zbW!;B)OgeF^WAhOGh&=}@YROQ7L3J(aKOv3Ns(P%Kyp) zTUuBCe+pJ5{$CRJKQ&Y49>zxB6s@s?)A!~mVF!o*m@TYUkyIs8hX104I3s3`g}CVx zmD5jvA7u}WO{X^t31tik4FLocy^52ZuV29F;DT;*Jd@o;n>0af8#8)5<*?amdpId` z?i6%m$x%-m@>be)B1KDBOQ*3e#2 zxe3NbqavSAC&N@P7M=41daD6tYg?`f(>CqMyXm2sze;SL7$PnP^H^p?8v301R1PUZ!WA3*|(OL&|>li3dP z+f{-E1GNcEV;bd3m_P)cO1MYxMN2{PB_f+tvL=OcYkPU3ku*axWNGvp51kRU!vZN7 zn$!aQg3+?dBw;HWtgE~7D8?JlmOeO=*cf>geA=$d5D%odavGsaH*QTr#?1GDZjn9JZ=LqcRPP zsTt;;oL5)=2Pa?C*ual?;=?_^XYCMHsu_AOkbQmWB}lEV(4C_NS6IDp;)tuR<=&wr z_KKVm;r@l)$tAH#M2X2C9~p)DSsIHdohAv<&8pGyWGSYboHV9Ki_7P@18u4%ZrVnJ zWLZoW$F#ai!T<$-;*S-9{B%qwBcj#qDSuC}o@yt^W4JQVGYptB&JN5{ zsS{ga+*WUhMQh+BoBtCfhaNgRyKD4Lz-UtwxtV96iu{R1S@M&L_-!{!p>b4ez7uV@ z)|{eG(IM%UVaD~EW1=?7oKjRt6L4s}0u=!>Qd{?I8pfXbiW$0K?IgKeh~F9&07aGh zTH86kQUNrab3Q`xchE2IHUGwvQl&~QI(jJ&r5WYa8BBktT~rW}vrcD4FGn-%K1=3b zGM%hl{s2CCALt}wn#60Nzk3jBFGa zUk1dAr2BC}ltJCh((VQ5K_5()+90>W6CoL(kXdIoX8cUJW{jVaeyA)$=!g&BLEskg zEr@|nhgzAlhaUR_?X&Zcvgh{$-5wgYZAAlAG_K!zo=Kie`j%@N7aVet^Ke2e5H{g5 z$DHt!{Jh=$4}YQ-Im6sf(;wPosQ@C=@(_DG_ej$cFX9xm6-iD&=du|?JARXNr`sO> zIY;5CZGCl&uZRdChMNV#bOYYL4y!vqb#Xp3ODp6U30h{pUa8ba{PK1k$)gehccl$* zi+xE8(Fq0R=ZV7>weOE{dHSGv0`l0UhYQh5Q0+F{%cLT$K=J0q$IUQrh@_c2DQuVy zJK-8>P6o?kPm?O&)0{BKkl_$eaf&f&jWf2~Sm@mnqM>uyk@}b(9#1kkY^ea$) z0gRz#U?4e|MJ#GNMS0!R{SC+df3&@0kfq(0E?Q~Zwr$(CQI)psO53(=+qP}nMrGdo zzTUh0cE>sU?h_|&#Jm2iUu(_r&N1g0bMdboz%oeWj{}5|#?Ow``oT5GL*6(u2N^7WFP6K-glEt}uBB z3^IU1&w3q4JT-ND>L$!!_a5Gj1y}ye+U(mX+$XqC*uDcRfMOhiD0Yy8+xBs1_wnY( z>oZ+90J?9gFdDCT9u^+!t)p1~Ch?G+T)!6#9HMJVKu|QZH1SPskOYiU*q;;bG=|Ip zXkH0@)NFIt3}LP#WEJ^3U}s@f+##+yVWk!`yw!MSE>K(z-W zxkuE*c~HJq6hfHB#kXk_yd$$Ia#XMqn=a(fopEH<+V2TTVD(L7kd5LC>h^77R)JA3 zjCd_NTqh-a*e26y(&a}7)`Ylo3c|?EpG9H!%WVKkBkCj2AYjzbYXSn>bG`s#+b?Mv zYWT?#wpov{XENJfd*=-r(n7=bu12EEYmh6$v*TrVp3>cf^Rb0#kV6F~E~`A_Uy+M@ zeR_X_y7E_(c;YbCu28X;<6qZy2Q(UVi=}^kK&L9tvv~gC>F>{=?M!tCg1M_5Qm{2l zP&w36N$cycD^4R!(ok9zH^G$E8JtTgaYKdR;8SnIKTFY7yn?E1B^>kHEfn~nVJ#=B7hWYeu>P5^Zt$cj!=67 zrR^H{wCL;Q*a6E@{4!63du8UH^Mv(L?dlcZ<)_OMza*GFSD-COXXDlJXn+jl8u8p` zI%FG_LcB#H3STJO$sMW4E94n~*q?xbA9<^sj|*L2!bn+SQiAztngW8KOSmRtMVes zrwt<$oir|d-L7yF0$~6#y8HqnIHI_pI=(WzLW8rkZeP!VOolXk1?o9%6Rnj_UQ?rT zVP%7#6rkd=YNhk+T4$4U?R(d?M7KXVtc#?{Pl;`hG@aQpfLPlkUpze8WZ>0{$U z?ET=Sn#>pA4jP8xCV-P0YcGcOl=bGLJI`jliSRW!e1!@u>2Y9u>EQNOK=mH&N%jZd zrwVihpc`wi#&o3!k#y4uEjB!`nDf*z_8|(f+0(jvu`=sI8gRL-W8P-E`GbE3EQ+H` z(F1qz91QXj`|;TVPvWXR&}qIy2I{T(I~#-nkB{vp9PooN#QuXa&-iU(jJ`Omk5v#^9>o0kLqu~){UmhfjRYp;^8v|avd`gwxM-3F~nF}Dl?KL5&h02 zzit}T))T_OQ>wktsWzETXJ(D$lf*8@id|_FC#0Od%AspzkkrAN3((SPuM}<=uZxdW z*Rjt>krS@WYAcZeXBERVs7*`?xzw0n-^2;m3<0Gifm}EzKA5r zFW+yd+OJf$TP<0@l&oygr`KP#FpF25Ra&?Tb=;wtz+{ck1fCDP9WXYbOgWfWAVrxPH(g*+XlF7u(sb$&6A25AgT8MTu1uM@cM%sONC=|Sa~i1l zo}FdwbIPvaZq3oi22sgst+{`aR%!2Cu$unLByKs_E2A!t%;KXllwlN@tlMDFBFUt( zk{nZB(W#!vE=*H@p_#RAc$$JS$4<4DCMH~0B(~v&&i1^|C?o$$n#Ur{^Y5E#Hhv}= zUj?==@=p&X5z$)KlG8GmsuU7f@EVh*-O5;iKEewOyQQ{p1SE@zARYlya$f=* z&RSgMI!8`)xK|7_$F#?s8&$)0hN)x5MG|61)^PQA1d!C)%>bHbFE3n{G~Qb_@w>O{TodJtG!I#iNV3YloO zhx?FfPOZzd$UbZFsJF30>7b(`(S>PKLZ~DoKS+8didV@J;h(bNdoH~}K$%#gFO-;8 zCY_kxf}Whx0-cOyo>v;BNT8%rlFxL&9y}JeWm>T*nPMK7HZjpDz^Sytv8=45!mk>b zS_qdpjzS4ambo>qR6H)};bvb=bI?Fi`Sex;duc01xP?-LbpC;19j(RlG-0^1Cix6G zd}+JEK-kJIO5j7*D@ZXfDpORqMbGLZX1R0RuQX%F-ZmT>sg5hlVOE>cr>#m$%s^pj0LapuOq->J;s9H}{OY;gvG!!{Kl!WTcFjq)bc^iulU2cDn4q4OMOUGc? ztaX)h3`ZgIdsSJTupCh^gdYBBuqO7~jYC-m3*$pqo~=c)e9>$eN!8;m8JTcIMI1sn zIH}f(WBIY$u2`I5=S+Pj4)=q zv|$C>d{g@4_yofQew1_N;DeFTjsxMRNXPPBWQ`MN>?%8?m1%Hq>TsVR7)F)=EN3l( zx8#K|a{7oI!IuAIh?%#G>&KPtYvLAuxBfR949$rB+MdDcJ{pBn>o%AtgQ^}4YCfJR zm6tZsOlBv+Tl!MS>=GbgnlKTF-I%ZFaCbrn?B~k4n-qf!(4ibjAErKcAST3>8|JE^ zWBbUF+X$-1-w)g^wu$f!bY4r3&@FQ+GM*JY@;sBmLV>(8=cm18C*L7FlX1h)00^ZBWp`Ww@=Jx+w;I!H1;N3g;u$>HN&8p z5jSdDWM6TFC>h(UI=51RgiedxS%2Qj9um5x+CzUf9c3TT-3NQV(|eGm33f5w`DlCP zkRs2hmS%eWaGGd$Fn?!gesN_rVqS(Ayk9vV4vllvw$RyCYlpqUGOwXxNE$7`R+}eY z-cjbQ?sLMtDc$JGkdRn_v;C$6ayD7`Y4RXy@-Q`;pSZP=&D=X(D^@)grdFu{O}PMc zC;N2pasE!k=8wx;{{9Jeae|$EUj_Ul*Y3vg4<~7lqB0}sux|J`tqdXDF`=HIaO^wo zO>FYjSfO{Md0#)uZUnlzQ&+6@$~qUNs+8>Vj0GlYxB9#O^TAb%k-~d6CFy3kBi-f< z=>2^}bTMWBVte%Sa7SWB((%bhTP`<~nFDuvU9aTv=Q@}sEYGa2J>78E#~1pW?YdHF2LxFKLaMi$ zFou(M^I$Jj-pV?ibx*Y-uVk-dp7AdF_ExFat{kEmHsOvVuU_rdH?z>yN7uNB*3XO! z&au&Q^duWnSR2QIS`^_xWK@#Q?V+e+20omX4La|VDWL}Kuyy91AvU=lZ1aj^P;6pB z@hC=1G#^eWorzR7`6e9fvUXDWeP_Wj)p9pVPxvZWAPuS4a^<0rJc^JyY_--A@aHUF5e z0(rnUPEgl4p1oMsP7VltL}_Ln-P8dLgtAw7*(M>Z$L|9U{?tk%DXM@ z+ZN{2x~z|B-@SzSxnFG2!AhG{5LsXEtEiKIO36#TiA@!?f)l~ z7a;gJ8^RNvYH*LQe8jipKl54VSxZ#FA3pp+P6FH;t$1Q$wn6Gk3fy_^f+?jSQMHNd zzm|*9TYbIjdol3-B^+G+-&n5y1*e}_$i~UiP}as#%;?+Y_1muE?-rYgtAUa2U$cmR zfW;NpC4m^=d6Yb68y^)bm#DybT>;Q;6)40zbC3}#y`otfVp(EkRNu9DA$VT^yc5`0 zQIQew270E5nM|fKMvpH49HR8FCIJ~LJQ`R14g^GnKvEr&6sEz@GJ04X1@M)HC~TWu zg1FQqlr)6>BNFhDH8-{hE@W{|BiLkZO{~|E+rTY#Rb{k+yo?|=1~YH0*?ZuL3tV4S zPOaB!9d~jx(PB_)M4cg>j{UTDw^a)+cq{CXhYMjrvY!rvh*ux5Ge>Nv zg-gMw@EAO$)m0VpBY#U8rAD~r^|ES;tHN@0Z~4U#bx?{~IrYsJ)HVe<7{@ zBglbqowEJ(@Wa!EBn_S@Yk>g1@MXVx_4V{92@_*9L*jb+4uXhU>@P;_DBsMXxqrX~ zw%`j3lr8i=tv*t>HRUG(B~1CMhy zmWSmo71KkWIsyLB_rCsOe89Bw6B`jKJ&)+lw02u9CDxdGJT}L82JW4R?@0(0O~^or zm!i=T`=>)g9bn+z6-Z>F`VGH&tb$}y$QZX8Vs=$o#z&#=0(nE4Y#uh!D|Nivmv;j7 zX$DRF>$V%{rCXrOJ_Ko0Z*O1T@${@gPmZWTATK~UQ;Cp&1!jf!G;YPLyYv<*gHr%% zMZc&KFQCv$0L@C3Gekr8cNYl^d`OhhQuI4c68|ku|8oY<_HV@LKO5iwWB#t#EBl?( zyr2Rh^YF>DI(@;g_7Md2BQh{qd~JW86;Nxe8Mmv@dMA(}!Tn_hl!2NL1{XBIGcnbX z>Sg2Xyv?V({Uc+)C5n-g7FGuvLOGaH(V1BO>d^#nO2tzSQ0AwIV|?Y2VUc|mhS|Fv z{-ZQz;_%NL12jsMmKy^k_wk5OZcQ@7g)l;@MiVq-ERj+dvPkV%5~k5OVJb$TCGgRy zf+g^4GTxK98ykH%a1ILcnR@xuj(z;e>bn$benI&5_{&-)}TVFxW3F6!VzhG4C!!>|4 zd77n`ZCv3a?|35nD_pBsyLFP^;qv%z;rgE(M4o>mT>onhBIAGTugt#~hzjtZvJ{(& zXynLagIMB;P1;R_XssbjiU|dI5Wt9Dnn?!jHJet>%^;s4aGxOA($t9mVOo)4g@Pz) z*(5PNk&%^ZbM+sl716hCPzVJBv8cld>_tQ^fvMoexx(;5q=MH+gsy&W5KxGy7zb(Q z#LVT|3@zgrs8C5d%28!SSCk(OeO8?lGHNWy%>y)A$5DCdw9PVYqnuH?%!AWYltRKQ z6b{XXIE)2V>b2!XqgG-RTEQFgtX7Q^a@6lHk0E_0^L8pqM09UZV&*a` z(2LZRHgHibM|1r#T63AgqJ2tt?rJR#Ni2>GOOZ#MAlGNg8kQ9bJO z5@wmZQgg*HKCc#BKbMi>*9^dqP8fu21lV4k8$Ek2bsl?e5Y5cWYKzy}V$zcZV#Pt} zso$X(8N^B<9VoR`P-Ny~k!1q{sORwBXUaTdKT3zFs;pC^0*vBZD#|KvWpr8={-Bwt znko|i#Z44r3y*9us`#ZM%D2a8=s12NP#r=3W(ch(-Io?&qMm$elpeZ$*K847R8G{Qt0$g zf@QbX2h08=Zac#5Pr{PEd+(VNvG5J6mv5Qx#iPSt-(qRu$};<~mA=wJdV|+7MO#e5 zbSk4beTB5jJjUzx&E-M8@N!Kz0u675=^#0mMd>W(DaUeDd6^a)?D?fqy3K2lB`P1I z&Ok%x16N>vvnA*lzsY4Hzg-i!CGUml03UGr=r8>d_E^QQh&j`;%KQt9&%p~!&Q8Rm zfzQEeU5ggm$oV0TrA9PMHcy zp#mh%a%^nRuyx*(oA&#lmV)WSbF*Rar-JBvgLo=j`*o41q#d#0z#Rk!q?iRl;CQ5> z=}$KYV+Qc;{y3ubBZA_8;&x8|t@sssG@B$^XU4=$rbyzJzCJT zZMloU;CP?7Hhk#N5X;bjcql0)Xc?BO5Kj_8KXj@rg6?D>+>Q{2oD8r`T1(0)-`DG> zL(%2%@jBO!jNU3BBd{i%6}=cd2Mi+rJB3OQt{sCb$tuBSgGhP3Oo3BH3aeHWO_rO$ z;kh_6!9o~bkN6*A5+wRHk8D09ZpaFrwL;X*wYdmn6eF*zJf5toz&(V-|&Q4Z< zSCHfCEMTl({ZYrVNV)wxohvHP_u@l+e&oz+?(f|2s`;|NoRG8UAtC zRJHn^>mqy8LTIee!q*m7Hm>Qfk@~XcG&F)JNaiX6krym9nYU9nkM$-CeRXxtT!;W-+szC&bZ%jnC|TU^L}6bBdB&Q)Y`Kk z%?^j>MV%$vG-YNsii>kDWx)_g4bt2GTlG zmC7x!jEQz~xWw>-*A>%mRaR*-1Ghz|V5uqF{F6|7y~d-px}N5x)|&E-#3H2_$l)XJ zUS|?C+Dhq{E*hE;XSw-EFAzF@V+Dw+)6(MiIge84^}bS@_KGfh-COzlJ+79Mi(04^D-{y1mK` zJ8p|eJ=*oS-)4HMuSH}_#z29y+ESw;W|CDQY8tA+CZ;sr@F{+`&+xjBGshSyjJBMCu>ss7LxI@qX`xqSvKv5?((3h3XC(s^PsYO3BF9Ozwm>( zabi=*h?y$nlc2c=k}+{HTqDRpyZV;Df$}%V)6gmEOTRGG0hVtz_%To@bg%-UbMc(x9H&!<~v{UqY8nZp|n_A`_X6%SwSi z)OqN74N_@oa;fjJ^(9Z4)t2F8<%YSJ^V$6{#R`X z`u~&j=pW?jz*s3cKnD2X;ttgtU-B1r^hmHhDr;^F>4=J0;enpBK&4(gic*?WXN9gb zFuvb-W9$}r;iIIuYoA>A@6!*rf15av)$H<5`m%s6VH}WYi;mqDhX0I}8e%o+++z8v#d%Y$y>W5xkm8G3JA04MtO@ zuJHKAHnKb;1YIDy4DTl_c*M2T{6L0r7uK`!1*&VhMC^RE;-NSP#wm(1V6)3jdX#b4>{`2DgkDIz0geUSM#+O{3SY0YOF}5fGnt%kLULv8Y-!E{#T!LIu zeE|y`=U~GT-H9nc1x>0sAqy)MI?GCz`7o=-VbOxZr@5uIaos2DOTFuN-h!|1lIsb! z_kzx5tK+%z`o(AX{U|j#iyd;uQUoRki*4kF6~h|(7t9uIzYJps(Qk*_sUOxuG~U?Y zJE|K;!P>j4R(_g!>1hl3|U?K zV=H*wuq7Y%I{BD~@Ins*7UGcz=H&-3d4KSS>q7J}pgKMn>P|nSr*Kg8*iG#Z&KQVa zAh@>%8_~mue{6x0b|Cbeg$ukoV6$V$5;-w@$ZiYpvLXM{$HU=0A3h#96YATgsC_g; z_;SPO+8Jg7(Ed&Lc3Xk>Q!xh?_8h{YfeIH_HpTNYbl9n$tE^DbUDDU45P_{i1+u95 z>1xK=EVl#|4{~)q(<&XswG9bDr#C^DsOq`UVBOI{ejW8tQptv}LWIqth~RoEZy1wx zq@j~d4>r)bV3ecaTH>q-VSYae6-FcP`%o10pDIxDbrBArNKqyI**l?6kUyG{b6Pk+ zwXPP+YrC6OlhqI*%zZeVjIscSE@U?;na<5vKEcmH#G19LnNyvL>ZzEEei;=6`k0Ui zmcKRDNtwbI$^l1A>5Yep)4XX>mhsU^z1U{OG=6(;A>RGf50 zsjgnvP}ft`tH)HUwR4J0z9!|SMuZYu@2t=qVti`BBDJ1CzqiCG6fIif@6s-f+<=_H z`gp0YG*XmH9&MZkg`8o(D$K0FBa2xmCJ@;hYST`%bHF%@W}FlB29Sv(R``3s1u#bZ=kRh8O^H z*!q)#9!P?NQbRl>jkY|dI+7x|IG)&?J(}gGf1iKvQTIP?uC{<_u z3BD*q4L7dw^1*Q=S3r#wWZ8kZ(>Qrcb1N!3AQ)8wiTui*l6PHNhdMpNr0k!hHv>~_ zhD_En%m}#ObpFn!B-|?8Ng!zvot`8_z8LXzJ+DlHWqyMzTn$3Za`oUxM(w;kmX*9c zNQ@xE7s#%%Jqy>V=<4zp(5}%9jx454_k-bPWlyZ>`XbpkX~{vC8y&u`;=T75fa~dw z<;%V4xb&YGHPS@94Ww4WL~RsrUonl_MkozbM)HHvHwGwty-)|J5rs;sw&}Ri60wlw zFBG~l{(SfQ$CTc_Xeu9bsON~J^XqwnFH|3E(c3pollRka;eg&$;++V~WiL41*Tesi zhBNsHM4Kk=99ef%bonX?>)x}W{G?_4BB=M-`$_p3`9-eozE>Cr@^px7hVnIdPx%>q ztXxnlH7LbClt4AUpW~NBozTBV%aal!CdP5n>vxB0xd=1H=S`0IO+RqISMA( z)-1L1Yw)SfPh|0?Y(^L1fM64Ig3Z#TL6wd^kR}~_oj)eSV6xR--EmfiLPKBhc14p1 zdr_Jv&LYdWxk+XLX|k+tuuarh2ZUy%4sz11SF%eB;!uvG$WmGuS{1(4+d^x7#XD0m zSIgcMc>$vopuM1G*!0qD-5f72OIeEak)7q7e1TZ2B}|#3%xKO>A&{3e-t$+&d~D8? zq~USLJJoH`O?+52(OH2AA<4m?b?2El+1V6U%erzLrq&*ct4H?YI<*bi(*tvl0orBZ zN2b#E{lQAZ%w1;F4{M4xAt=n|qB|9R=8D3%2c9GtR+yWC%Vhl?Y@pFTs{>0SHnND2 z8SBc0+R4e;Cz1lI@#LOQ*JO?aO4E<~i8sUz{d>yV{S=;d@p#4_KhUo}`sR7m<9Vkrm2NjL;R~Kk?rn zo5#j*H+6sOk)J=p992sOMLgF7Fh76%e9yBZkG4|{$4!@1_1GB%{rsJ(LD>P>$%=-@ znirk%#-a8)QDwPzv6$iU(t!??vG^;-#&VAx$*mmnaFN?s>EQ5DLDvVxE#1xx!6n); z5O&!LcDb~#Q57^AdaHv+rT~oPPBHsOW2&IH8;6n(hf*y{GRi6mRkA};<5A;BHzApt zhMc!|6`uKYPqHtce_LeuJ7*N_^8)Sj)Xmh*Mzj{Ev1@YGP2)?NLbkw;nRL9FKhI+% z!BU^Y*}iE96i#^5P63S=z0o*(5v$C2j>J>it7Y00fj`E6iW_>pxoxS#$pHjhV*>Wt zwaQS`;9X1u68KC4C?W)(jyc(f^c(oupoc*<)Wpi#@NYPZkQ$b7ImFd9d zjJQg;8N2uxI6zj^dalC}inz8o97hc6j;=kT+F>t`GU(L|@J<#ZLrd{dFAodc)dl3v zl$~vw7R<&fN)HVuGlwk=qzyyg&&uotqY1T*8~%XtxE=e3lTR1 zLJRI$?0AY_$MjCaTt|19VpUaKaN+ANRXn1Djw@$t7}WD@U~hj)@vr^8es-N)1ul-% z>KzH{lXKG{42+CdZNY|UYLo9;#@!H&@SmQ;N*;{nezenSgA>d)Sr{Vhg_K?g}eJLq#R^JL>1?Hf*a_~S-b z^JLcj4QO3AG*mSs2VIDCZhZ$Uye;WSSon4=vwIx%NG=V3IK;wstAHds7Z%mICm!d* z&2!BzwEQO-0;b-apoDe|J+*j`?o0~Y;{)B}19IK#xt~{a-M$YR6;%W{e3qHwygiSa zyz5cF29uub9HR`3suQ5O%BHqkLVTOTo<W1yC~-Qbop-2pNtRcQAGl6qH`lMPE{`=;XW8s7C!whZRU5+1rR14$dqK2NLxc8D z+!s0lyqYHA&_UC~`WsdnqLazY^9?DL{FkbB z|Dx0NSKr^#(#TTC#>&>|Tf*s|!^}u!3#EB}WS(_Z!FBME7u25}nq|VCR9!X5AXM~C zdlB17j)mc;MfDQEfA*%om00LLcHnNrN?q1>{7WT`<1V&%o;Tv-+utA8kLiApDoo{o z8DJd5$QiH=)sycuxMi$9o_V}W8URK?WH!>L4sm2meXOHcvD%-?OJco-=-ncJLG@%!ovT`R0h{UYx6#&=8u7SuzJE!B9@~n1otf zx%E-KMH(YR@^DLFwgENMn#byK$5=o;w`e-yib|#mDv4@DYbEPeBHqcP(+2slW z$@6YQhLUkYYR+tm^0# zmF7+SIv-1d@;R3=&+e40Kx>^%wO#lSXqbyJTzs9fT5jF2 zL>6sZG#B83wD@e(N52TEh>ML*poq~)(N(WV2n&Z|LJ8W>3~k;K-W*W)R79`4}ASD&2;Mu4}~;ubCv&6PSq( zok~NAr1$Sl{}-e7V0_WlvW=D9_))cn7<|>SwID-s-(#u1ERQw(VhDwq$U8MLQv3 zuk6av(fd{I8<8F_w-6xDcXwoNZ%UA&D!_KigMu5!!^J8a(O}Ak3`fK4a8VSl^1Z;< zFA-rzuHqt4xW>0)$lPT+3@8ZLcl-4ppV)l7*TZNpUfE&JPYwiKBl399`Qa$u5`)RN z0e;mbFO*$F?%h+2+rLV-ANI8%yC(OqZ(e9Ywo&lg8m@%yr7l`b5YS|cnX&LKZyZd6` zj0&$UAw42KVhpI=;~lgQ07jLrHfL$1Z`6D@XlL}jpu^u7jF5TMHVQMZ^nnxqbX`V_E_2t0a++>={&4z z;d(UXHYNY(P6gwza!Ex7B^YKgZ6PE|9zs8^>`+D-vrDz!^O;>)6p^SUeYOi#QKM2? zvfo3dD))ABLwj7RaK%0U!bok`nQ$VP8+STT(ph#yb5#LLN_YgMuNGn)4;j8U_HG$$ zDg;`rv|DqLb^1`hnQFLD=9#sXWOGTMBKN>u9N_3zaqcNl;_nim(Fhcl7r`82>j++L4^6o`x`82YTF0K6eSO7?xGoTIe8C#mF*&C@3$=+&~ z576#KTM+U;#>WurmKtvY#xlLv%-`x}@;72IK7CAoshPIjT$-2*CA_D zkoYT1l{yK)eD!sMtc~67CGZAsBw83D9!bjA6LA?T0IX&=&_=u3GIs!|G0c74>~~{+ z2BV#h+>Ks1^XSsRn^Im4OdXmJ8z(uRgcdr>t9Iw$I>LhlR~(4f-~;&~Gtw#S%nHea zv?(L0xXL0e_7#U>DwKnZAbBg0!Dm#_QV1>zch0(el{ZpREWH7 zUcG)lorZ&qzDjqXj@6mr2V7h-6Ug-^NfY5#>-EziilWmr%h8HOD$O_d5BuhJAWIp) z*ix<|kL6V0OV3WOyk?v;Xtb}E?uI2g3HA#s3nPeY^?n5C@Ca%jHE<0&;SKArhwUuE}^dO|WZ>0xpT^AvjXz67Feh^gQ}Awuq?^3 z{Ctwf3jYxc(Uyn3Q7qT56txo9AANw><(smixPk{VuJU`d8{o`LZkXOq;t$GcR)XXf z$+U9HsVpqb_ogwLv9ZT6h_8T2vfGLCE3HElY6T(}4pG__BKu8A-Q#u=)T7G52?THz zbK(JdR-$(%#L_f-BJB?4Zh-{PC1_BBDfU>hVaLm3ai|H7Rue!J>^%nw{rd}4Cl%^c zXLu9Kt9~i5YN-w4McqQCb_@lC^4yledBn;5OdDjAxlF&Np_O%k6ZR0`CE8sQQ=HG> zSr3LngDP>-fpurGMOiP6cg;vzT8cv$zblJ$L>s z3vi+xp|Cn7z)+k>i1uj`c)WLu)AtR>V5TlbLAqy&g8q82CVbU#@sjxW#pQ?XiT6vr z=|~;}w)v#KF=~As_yJ3~;`(3-S+|DA%<8dO_O(E#MMmoga{;#l`O+D~w&>bGD{qo?R?t@@~f2I1d}oW-K8$ z;(MtOn;Og3xfouY+ThKyMIH+0ngU2m8vMdGyPQ7CG<-(7HaKT4P6{39V28V< z8WUVrtmKrxIQxqF*1a^JN-T^1Q;C*QC{M+BPZY9MW|w<63aeSkazlW4QzHgdCM%b8 zIVL-!(^^rJor!`j4;y~D9bXq8zVSgeu%4YO+yOS;h}5}0qO#DcRh^?h5(P5;EZFvn zopXb_cdg0xs(w#2GVEX0mj6PQ`Tup#{V#d+NJSaB^>0L3 zdP)FrGcmDeGYNmd-E7@KMu-$JV&c4zlHJcZ5^8(PhNkid6FdGy_Z_gC{IV%d(8kgj z%TX>H6XWfU)y(4UZd?FIc{==WMHqG0?BQVUCv^MWNXWBHZgc2gHFVr^XI)f&{GiZc zQPpH0tar*IhZnNuEQz}0+Po-Cyzup1)kdB3BxzZB8A?IZk&a>+TDLm3YOYAQYEsw= zCE8ad_!q2n7!_T7Nzmm{cL&L)?j(ADgOB9FAXyoobX7jPF=ASIAI`KN#Z?U+e4o2vg!e_O5 zIb7`bqE&e0HjFX5k$g?H(Lh*I|^U(qiXtnxBu`^DH&03dWHA};Ce6g*?UZ^&vlY^_6HfAi+ z3Bf7}ztIzGgQO!UOB5Y5Z$$Sfx^o~|DUt?JFBw;cU^T*1Txz99=nv?>>KyL>?ku=V zm}wV$kGvGWE1mx$tp3j`=U?dM|0DY1W)6-v_HM+AMpl0_?#--Cq`$xV3j_R*8JMb; z+BXd2Qx-fG9u!=@ROOqIO)P+QqiPX@nk&xm8?j)?9jlK3T9&k;760)r2k!B?B}u!? zqSf7-Ae>`G4p2M>LOYRVpvN?m40$g`k?#R(a@0_#P+r{Y3t+CD?@mz(cz zb;OX@uqP1ryY{87L>Qp;QCckz4&Nw09s5fBhk~BVd7I*Ul676$#1y>{4vVfElk}>>P@qYzBT?Hq@Zh zSf@FJAjLqucajTaJy!3cqe!rr44-wVL6&L%$ zC7^H?Zu9%Bh_R&y`HgE#Ki$!->3wm{!UmOkefDrNV?R<0;=-!kl%mH{MzP(<@~fP6 zD-X3iccL=Tx<9kmLApwU&k@jy_{dCiXUr!IqlNB=uVDG+tp00J15m8Lgp)Kxf!2}% z3}oUA)fkA@qpIBgAq)!wscv6PC>ldai5xUH{VfGKF5Y-;GZ>(+pY zlbIqZqF=#Zx&}dB|vR9b><+++zic%(n5S{gT!~`egNu#*HxjdX8rrvV`*W z2cpIV-u4jSHrY!Cz>7f3x@IMrxbpP&I`o6Aqk?Q>gdAcB+dtU99R|6u-)eI`k^K``V=9uEcuKTt(lj9wgrZB(gne0NukI=1B zk%Zx9vtDs(!G`H!5xzu-pzkk=nB_&mw25nj%R5qq^LVTDpv}d!huI5Jo)Gge+v)D9 z_K?U<*ah|=IM;2veN$!-0o-e=XF%^Ua$#XDw^(q zje&jg&cQd?@(+YbgTV6cz|hG8TfOAL{>rcbfG7LEw2QrPwgsG>-d{*5yLFI(N+v@(E@m!Bcx7 zJK+j{M+fz`?u%Tu+jm8>Vc93`C2di$@N<(a?;B!78it2iNTIdTAc9pRISXOv=+A?a zIi#0~1m9XrV?tllh^iq`OBv+dI6xYG`CAc`#na-R>KjYp`QOw){%2mI`Ty*`{4+28 z0}K`!Ap_Y*4NNaY6nAjR>W=>LLbLmGEE$@@Eg$wb|bGJ2Gu-eu(c1< z|Lo3}^&<)0&NeE5fMcb6+$^7&A%aQ6CJ}CF6Rogg)Kw#0TdP_+R)KvTX*fpDT8Ch) zTtPtIi=dd2QNUbbRPzITo&*S8l*?eGvf&|%TWHNTFsTUs-9WL z09%Ti8>syvhybY!$4PIK?OA}wW$AO4&}=p^>+vtdU}WlJ_bQM`=e;*g>x%2jmc_%n z(TuDe*L31N6!H=9kx_fbfG~>zF-~lByx#Db+I-LOx^89qc<=uDK>JPbA>$7z)z4@> zrlcw&D}>xM!A_}acqf8V6$E<90~2{uI4V_7IbTj`J(|V>W4EDt8yCd7VZGB=EqX83PN};z6N<)yJ-}ArCW0y05oW`>r{yX$*v#U%&&Bvs#k{R_>jlH`!9RG8>0am~ zH2D9p_Kwk+c3rn%Rcza~?TT%?Dz?oE@7T6&+qh%9Vy9wOoX+#&ob$b-&(r7Y?jITV z82P*Ry5?SM&bej=&8G4f@aG_#j0^LnE53P^89qDD_tFF%X59fdU2q#G)2RtPPQ7vc z^m@Ln!j^zH0?NoU^!a-_U^gFgv0$3&4BPLOY`c|rbkYn?E2T#jH1h}}50JUf1k>W= zC^gcwKULO_Ynt2@xx^;)tAHFgIq;lyTYPG`20&M$>=Vk+>dZvqz%@5XBSSQ5iMBS-h$vJGx z>Zx{9jXtCq6WCU8)>Tk)iN~c0%;far9A-E9i=7Vq<7rFOlyY%!(nAgo$~$)MoM%du zIg=Ay@0k|H;@E$Jn;P3l=Aakz$+4msY=*v|EqDk3xxp2ZSyH>Yt&88Fy~r<1KuDKe zZO838s`v{nQfs8BCMGgZ4jKf|7p27!ev8vl*vkva6gg{PmHiyZpRVhwIL5A!t)gJ4 z$SEH&=D185P`eh%9w(o#S$6~vyhh5&NGZs|W9@3RLTCA1!N*J1X`wtI(ov&g@As;V z8{Gc=H9h;@)QEb9>$@GLv3m_wg* zD%g3c#PaL9N{klYo$~1BLEVLQ)wE|9gA3~tHpygFcx#?FRoqoUAzYnx&SL)7FfcF> z2IZQc06mViei&VQY_!9|iH|DG$0P<7B{~{=qTF2v7;_aJtrSVc_4J{d6-{WQ4pg{` z4#?&gD>Xuyz8*YNw5=S(A6HF&R|S41yy0IOCIdUA^}^@9=4LjPli%}qHnxMy_C7Nr z_8Qp~_96qSvt+_>aS>RoQC`0vKa%?v?Jo2925yxzRlyVW4q97) zJ}$wH4`dU5LYk1Q4%rsRI;p)o4=oc7Aw=@6DqdEwSdf_%db> zLDAAyyDo%2gsYSfrW$sPly}>u&#sSj!pWa^gid zep)3Oziq`b=I;BR$eNE)bDO`CmcOzw(ZpUC)*KAacl~v3JO)4P9npT zk&63ITvdd5NLWh|Qyo+A2~p35Uxpp0hZ{P&Z^o(Beh*x*A-?X4=#lU)Ay=(`HN5ZT zy;Dri?+>VRv^yiW8NNv~wd|O0oict2F1rGBzGC= zKNu+A5zaIuzx#E{rc=E%(~n%daNT^7u(EHWtHt=Dw>Rud{pA8--;(xgOOoHOE005p zO<1^mL1wMU_CU1r;L>jdeO`(MZb(&6USh|~B6)6!SUl2jjH+q{KAh|rgayNx<>j;8 z9XR8vdxr>?-gSk;O@i>j?LKXi4lFAg`PL-Ov5FisD%ck8N@WXC@;C*# z)Wd4^!Sn0~ivBD&^iGf{#}n+Tj4P{LsQWnw3tE=#IF}kS&N@+F_4x1k+rh^)!60>~ zynUf(exRIr{s)#4pzIvneo{I8h<}Hrf0KdpAB~QxiIekRZ0aYm`q}vW3tClWJ{>t| z?-z~E$6QG;p^So}iQUenyQpAE;e6qAM0C2TaQE7fC9K8-FhBc53&I#8aW>iv{KN7c z4A#>g3nGu?DG#VQ7!EhRF1Y`^OgZ_!y+7a!5~#qa?(a2bD#i9{fxmH4UQE%p`b7wL zk|mD|MAL)Born9tsHVZQj^Y!K?xi^@D@btxl zb>O_r+D@ZZlEgMT&;oT~$P95dv4Zws-K%;x;*ID$ z0XFbw)p9YclCIf#PHwygE&$~t`(;jk2=U8AmOtVy19!o=J|Fg^db%@&zthWfOsdRv zOoSu(w#VT{&%-wt039b!;QBWZ&0ApAjQ3$6*7MME`oruHOcM(_hddE+h|k1&E$kxR z!&Ex$m}Hh`c6CqL29~E{1nc}cB48C0E8Qx)1%Tt$Vwb6T5QQNDwhD7$<;?1FEG4C0 zcy!wglMJ8P#Hr_$Kk&_Gen-DvT(^ws;uicF#kGm_q7%ObUa7a( z!oH-Ahp4%?f24FLD6LP*s1T%^U`&68ns$ar#r?cgYi0txQ};(@-v*P<=bWLWiq!{! zK&QtA!R#k8Bq^~z3Q$8fVjsjJrU3PcL~{DtU$%Wn%?S}JA#nI5)o&^S9xZ|b@^)%l0z<^B2@VjJz3fO@T( zcta#cUb19`=z0o=lK8iEU6kWwMffQB%$aJ&UDf1TKG7?NMD=Qs74FdDT_v!(nY~=j zxx-+mRIqCb=~J*a+^9 zbg6Suyoo^)C^?*%_TddFW|*iXjflKVUXFFsj)~dVMcBR`&NBQlt0d_2w^7G=1ns;g=byA?5H@+krh@WdzaG&~@?I8P)xmzM;PG54smqdJ?WBWYYoi2__Z0SA!*5k(CZIGSbTk&_5O{f z=tLh?p`vU;iX`m_zV_ckx-P=YN>&QL4}aR5Lj5c#ViBedznh;B;usXlho8Mr8;0-@ zy=8)v0-W?chr6Xo!Vj$X@H5FaqbA{GHOY}Z{`%ewd+$HmmYcxO)tOl0U1n1yovd-QOoeuv)oJ4?S-7FXb0n1b#Al#BX8G$4HY6_X5<1D;^mCeSGcxH*g##gjT; z(%udJ!_R(>pzAMw|fp@Fz?EU%e9MVsTZrC1!ltnu(IZyB&5Gfm;fii3? z8fV+z%DHs|kY%;qiw^2w$!e$E=?;R1@W{XwiMBd5_0RKhh_G{7+%^@Od}65&mH%CQ zA1$T$U#X*Fz%RPAd(UCO)nFaMM3)?ITjD4F}48B&I)i98@v&++JUyQ=C(B z`0DSM_s4jzU6s+!8oFwjtucXHyGRg-G=2h}(1D(z-06ts>C!^i2?m~)Va+x{%{Y^( zR>#g<<3)bPr5)BN5%T++nI+&rQG*V;#r%L=md4%hGo6I1Bo`kMov*(!0Na>+f+lr< zPej2-W>VFel+k()t&O#H)FsdmXMrwX)W;kH0-bLd6&e;Mdly@zz0Mr%E-y#Orgj8h-NJ4-TMM9s^HlXJz(Y zZ?dgOnav{_7p=Kuim{IS#eLmOA}jZ3gLQCF&vc7+U+1hqMa|9sQ+Zk?WRXc@2mw4! zfFC}D5su}quxT!1WNod}wm>cD{rouBtT;h^4{8>2WOM(Z=T z!ETMoUGB2TttYvlCIZs4vRcqqK}50S4XY-)*``pqw;7j#o4cX<^BoK zV;9^fFrNUO`(N}?|KE%4U+(rK)l=nv7F%KAR~WQ?5>50bOrn5LD)c0f@PH}J!P%cO z?TrR=g@^rDG<^O)UqActmF3RY^A2_=VIBBR2tXc{YzH;&TV;X{nv2IN?TyJG;U4hwOMge zyA+E7S@WV7_ru9E>#JvwEF~TJOUGL7(%mV+1*^{h%?2z0i~k!-486T?`e5Wg&MLKo*Zqwo26XS_{g4$Tyhpulxp>SI;b-3gq0WKIlwnuv=gyU z-+IVy56ybHTJn`(pU4Ewv7oXLB@7Ayb?Sf-v;rF6P-g%M1{oaM(urI(?!Jh20~Nd~s402X59nz!K8@N)Ot|0Rtiv;I`fOOk3}E8aMCC<( zCv(KJyT}TFb*-kg)NrIQVS>p=XnBs3K;jGSqFQ$4v@@;AIP2uuA|`!NhbyuO!=zv2 z*R!a_6ajPATd%-htQ#iEm(z4P)fnS9e6l!iOTHsc|wR)!(M zOz$6p*>t|1&TGfa`493GZiSJp*`GCvfMKqGTuZ|2K@N_LPBbaMqvH5ku&VCkm zGo@fw*j>keW?$Rkkv9QQ%Qs%3hus0^#LW?^XS@sth%+dC423I{gZViber6!sn*-y- zwLR?t#5^Tyz{QzCp16l5!0k8Ut}Thq3YQox$mV^1GK5^wtBcfDJabH_qgiO&0SOL3 z90l(k){dwB5rlZa6NT+8UcnJhVE300rN`Irum4zlJ+epn_3#t5cESG+wf@F7_;1t_ zH?XjFaWwghcl#$`MXCN$MioNhM+L!+Kfr*(tU(qMM$xRH!n_U;okg!0tY2s$hhti( zm$IQi^9}#LU7=2$s9n_kxQqD6`FoX2Qgnf@(5$$lWty8m>*@LJP2$VZ4~f|@Sz4Z0 zb|wrlR2F~in7;m1EYvB;!vOyXCEflY|8a}->) zWbC0vE&q!Jq1ag<$WB{73^I@P!RXMz-bcuQ#Iz?;PU9$ zLFLm#&41pCF_fsMw??X%F!$nBb~M!G$O=i#&Oo=lsr;$_Ovib<9SBJx+5wM4Q6pNu zUaEXL@1%n`z+$y@BVw8(Y7~@&hrU~2{ysD3=GWo(Z42VP7_5RK%j2_O;=U1T-fNG^SQu%n%OQOEoB&PnU>qdy|!Pvz?*gK7Q!yg*Kd&BFCo zLcD4_iEo|RivrTjr(fn~=iV28*A1BN5l-5E_>g$ml)HA}887kNt?m8v)q+kXc=}y)+_ls5Fqitt$M9UGprC!E#3J9eHOtQS!sK`^v zsyFz8X9ftr2{SGWcxKzfJ46+`5znQyKy@9KLBBPg>-Ir1L~=CVu=T3gvExeEqm`bO zFUF{`h)vGl!d`N@QQF6I2)^`()9W66%RM<^=yx@RocuFyhvXT8;XhR8#ssFn4abS> zKW&}`V+PsJ8`>=jRK0~vRoMF^B0uhKfGrcW7?W3O-Jw|iApL=%Gp@74Qf(QtV0&*9 z$3tMy6LGFYhRI|Ul5Alr=GDgVyKE*8#1X`B8phMhWa9QoAX7*c@ES}3szv?<=ng0U z=vQKLH)1|Mi%anTXO#LEpY-`8{AcU(xtuLor)^YD=`%-WL;XryFwbuZjXe3sLWvD; zqfB$hGwwJO*5rBFOL=~UxR!_7%H9w~{v{E$F@K9hNaFGs;P(Q3y!$Cz)A;}n z=BLvV;}^Y|7E~7Jsd}89`7YFpLXN0#qR3H?Et<>xQsfPV8;vP-s2H}4X7X%=05&q8 z0hT}+-=$*ujiuha%sNRGO*udH9<};lt#lBDo0=S@KyxJAQh;Vkoxd4NcAzKIECD3; zGV^F|rZI|`S4Y;g@$?tZS$ zi9$gUh7fZG(=G(B!NL$LG~10VrUFwB$uh)L>DQ~@X3*d_*p7YI(JGo&z6Qy;hvtB0KGbq$3e@eo7p0 z$baPbb&8(qm-#fnJHxypLO}?SY=1Zx@3vu#bQ_Hbtmiscx&;%J@Qsiovf$;sfw%cr zHz=~wEAAMTG8H>SJb*SbzS^OpG6Rv^z_W+&BU|ap*f&CFzW+4z{yCrDpY4Iq{3=Bv-=|F~Ww!kYJ#xQ|%TsSt`ml2?$G}qV&Lx&oHcB#QTK4 z)4m4H4iaw1uxzf<&m`N{4pN+Fb?_feq_wfS{rq^khV4bku8=g)8X`AFuPhDS@efc# zhvrkgk_-+2!ep09j`5WcO@9HX&ejJtm^v<_Gl$spn~`o-S$yzDnHx;;+4*ceJ=PcScAkrmEOCXr zf&5(*c$~o8ZnT%^nKnvStYJ>?aZ>3ad-!-C1FdEt|3I^(XJsSso73dJx*G36tnirq zcy~4I^2WU!z}b|6Nomg|%k;i+*f>ZwIjVe!e~Wm)j^xMFt@_n0GZm%Vj-%Ei_J zK&sw~Fk8_k z8PjF^C3Z+a#E|N>LA4wD(ZEaLIB(XuWA+Py?B^DnGwQi=WyFx1AW^|#ZH2Stw>^~( z`|6X)bR$AZ`|X$9hBm7HpLFL?=b9n;zQ6NPFjLj&e{~l`xQN&;*`IFcC8Cxv`Sqbu zIAmS;YH0j4m2%8+mD5RX6kcwuEaX2;Zx%Kyq=gvx@e)>YDA|(9^V__{P|dg@l#wst_5-1+Ykj5yI-D8mbdKmKLFt zW0q=#-jy63{UUR`;&z88+)V_)QQU^8hDgvQg+cES8jZ(&vb&)))IpU9CCui6wrG%J zh$nMQFr;D=dt$TALYKCljraT&tgaJeYX2f?o_xbQ!WN{T1w*Y|ssJ;T9;Dv_HEEE& zyOB)!N4^k~>igL~Gj-9TYm81D0sHeNqPWa)36~tWG(^URM9m=+1r9UDaL-@0GAE|W zGX7aBzy5ZH`QM*Mu>Q|^1gaF;JC7)UjQ&Sx>*mr~KzalVRdot@4OA$EXu=!~VWlO7 z+}wgO1^c|xD|PqzukJ^~q;ZUw+JoEoQhEgiaZtL-B|vC45EH@5VdZvAeK<{m$csh-IxD0%0^YN-?I8_->?N$!*vsRwQ z9EmM1CoXQ0d;IfeB=sSH^A__2S~p}p29>r7xnASyE-j6e#j0WIg&U(tJA(+N;%WUM zYvu-Uc3@F?R z9TjQF$}7+6a%~O?jg@oRF2hZ>K&=Or%TXzf6z`W8ib^pa&jzoxv(&!w zM}R>+b^ojQa?;NVXI91*JnXoX7&IZVefmmAz9AeS_da&<^J)4X+Z5A^k7fMM#D~MQ zeH)`7fUtCtrfF|1H9V>H+wbFAUXK+U0xB%*o77g1p1qS1Ngxv%F11m!;u%b3L6Vh* zs`);9=d$oG9A(@r224a{Qp(HzWl{q!r4@WND~NZU0XFbM1e&D2@JsglpDXmla^bEz zp7-hNbI90TaB6ZPt1AkF7qkEiPk4!AZj*un@f z%9Pmar8&Aa`fl(Y08|28Ge~FlO-$`d+^`m$axH7?+Ei!CofBpCj#I57ut4AaCMXW~ zQ!6~yj-1UV@VvnFMEJI2W_Tdr!h&3|6+Np`bYpg9gSYYhc#ffTfwT1UTa^7Or5n1- zn2+QWu@I2g5h=rk9VhV|?h5Dg4;3s5JZkP=bi@AN!rI@g!u)p=rs(*Yb7){_ZSv0< z;y)`jOWn$8UL1`dH)BLSk#iDMk{Z4-8bk>ST-rvsw@jy0#vE@BAW({eQ4mR5G*>S2 zobgON(a5~O`u6orDQi;?`kQe)ihz5Q7va$-HK;fG@%pm7^@U+zDNaI20)~^F&a$W`!J-MG3C!B{xGkN@oXSgnr+(GKoWL1yo_8B>(!2?lOm{+-Dg-_aAV}wQP=t0E3 zWv*#*eD8s@1U6v2dRwvNdd$;*BeHzZ-BhmX0iky#SUC(B()IZDzSwNptkV?E&I@(J zYSaDt#PBBz{{p7NRBYS-zSr%zQ)^Fd#Cg`M9~)vkdi*kkH)H*Kf+rxZzU9-FWwRA` zq?wB0)p3V)5kA4RWTD_%H$7VD(5FlGVm(yW-VEi#LhX`7VzZf-?sy@0_J)FDa|u%N z6vsGFHsDa^1|G5>0axIFpJ#8Wz8WXAOl~oq>1Xi%c+IL{Qz8x*_eT*WZAV;K^>}Lb zKInE~wLW;SO`RHKT;>6GRCa4qE7|!lim#%wXf5=X!81>0zsQl*%_7&4b%TAsBM4YV zLfRQlv{cS!Qsch>C#JlbF8H{Msr5P zyNy{&X%Fdi$@dyZ&C~~ z@UM{`pc)QQhmDItNs~6+VkQcBt}dng&F$xKDbc=ZE_&QJ)aeaqquABm2Sp0qatcS$ zbJ2wPhQ}3-N|yQ){!`aQrvzL*vtV+E>8Q)h<}8!*k5CEp18EF!#<@l% zz!pWOi5vVUhOO~eL63uO^V2G;?;7s-J4l5f66~pl;Z`f8G1?R>RbL zYEWyPp?1oFi#VRI< zlC+gL<--0X&%FHV-b4?^Z*pLQshiXU@I%ICH1&WbG^4mD@L1C8~}{8O=LS@LZQzZmx6qWXseGv*pE;i&OD+**fSD0mfK0rt%i1#~fCB0!-H(5{5FM3BHL-^lz*=2Qi7@JR{Xs5~704 z3Wk+woAJ6053BV$pB~-&{m!PD!dCK(>hU5wdQbQZ%|HDur*b=Nt#n6(Oy+xNKaMM5 zQWQ8bt#mhAtPnifEA%&9309O#|FD-}@SzKcyyt+t9-yQc#&!6gS88O~pGF_uil-6Z z%SsuppsI}KE|ZYM0b8ik^4uD#HDu^*_;p|-F=&D~DfE|~l!^G3mmQJ}jw(~#&U2}$ zi%@X0#-3tMOb&xk?YY%&K`oX8V*^wgR@W0WJDyr2idEds4oq+==?{?LyYR)GT4k6y zMq`nTkMGs7S!t$m)pj7^^pqS~k)n(E5;MY(#Z^Xa{iB-$see#!hQSPFXk|Q9E+@M9 zs+8icZfFN4z*z0#49mi8mxjsfnyqvY8^}t(B+cas?@`$P5C+Pjw%F?c3&VI@t@6X6 zwHN43}C>$cdf!(|JZ=;`>T zqC=ElA7It3S=@Zz3(FWx++qQ$J;EV?S7fJ!^E>6s23mXUAc1GatQozOS-T<)#jI}bzUT4NRQd{+Yp2pwsmC8RMY^qh--Xr7ZiPbZiHiinOez>pjB6?q8OaMFeXes2`{^;JG0u|B>?gD_aRhI+ zF&80LFhW!^rD2`p$~`c-X0ZmIGSPX$z{)26@TWiu!eT=n7tThsX-?5*(ikYsU+*HF7sXzyoU;}`^>n@3&_dqB>;SjND$VgPNAyFBQi zqsF5+iDKcjO5`nypyke+f+1W-1K_O)V3yTQ$oZ{{AJDEscY5~J0euN`6m?uJOm8s` zrpghmEZ)a{?yWQoBSK|hdeeT&9pvG%SIF(w)hVL7ir)hob}If&@dsa(pORZ!lu;{1e6MkgBT1*w^qgv7Qn`_MayYgTxcXHyb3^A!zW%5Bg z>Yp96KMk9yR_?Wh8$_0Vrjdn9$Z>=)v83^AXk_Iyzys?>J8l*3T^pj` zn!RN~k>7_)#oFD=D&rpL7PRe0L_=XN!=kl zYJ!TVp)4pdPa0uX3+{TD#Cx^k!nFY?2eD8rbn$zQ1e5W(S(!9Kt4jiTJ6O_Zu<73f z!yVTAa@9f!QYqKKh02l)Fc(jXVvT%LnJ!{mWN*2^;kIpqgP1O6TcEXNjKhd%f}A*b z+}Xv-bX9YsOVMGPJc~-PihYy<)$$EPHA34jBhvG>K0NRiGnW1CL;giKmRJi1RJYQ`U3co5yG30 z%~6bFQ+1!mOo7Z-6ly432nHJ*3zHPU*pfnS+qNFu#VggV=A))~1^SpbxY~g=4`y`S z)w;Tx_B1(g@mYeOY+is+i> z2Q5(|ok)Q2sQ;Dl#To*l*p`Me*h3-U!MQ}Jh)X)wmuN$g3c$HIh5gZgPL)`_5ht`# zI{DeaoHj$QCk%`n!-i2Bh&BI3&euf z>(0FRBGJHIj$q#;7RC-x?fY1n3G6BF79T-1ypbvqWTW(tH`N2??lxoam=}V2MT75* zz9~lwU|Kde+B;6WG+;Q6uy%IzkEWPi6b!4RSrUP*2=Spuy#oi;Mj`_o@cy7FO-;JO6CB$*#<)cU5x~(9n!ztm50LD zZ>9I&PuXZE?UG!eJ>2)n#dngI?M3mJjASZ|%d%Kc8Z#AR!&%1%@966?4REYp0^@jF z#p|(H8<@&gZTR|B_I>}cdDB+Tbf4mL&~p8^!jJ#6%lNNb=<%6bVPX8gXgfdsYp5D% z?-VUkfUhJ-Y})LaLtryy+7{r2;?jv20qmhsOKVb&P=N{9Jgh>sm|k^%*4)0o>{{6@ zgOtf=IaSnE?R4zLBp5qzP?>+MZ?d`>qN}W>Eh~nfvlXotU0#V^1g*v~Stpbty2Q2-PcODyXzatwBmWZ* z#3;O2a}TfcdXNutD@gx`tG$@fi6b>IlAF6EzR*g0di-~%HPu5K&7D?6_~_1lqb*ud z5es+x%5N6dM3i|tt)!d!q44%RCYAJ3>*YfeHR_RMTg9_1+9c45e8XUDQ~KZF2n7x) zG6j_u6HG-YLMlax#3?Is8?8#S_;RhOsp_&BR6q5T>^6353)0X%kCYG`j~!NJwI)h; zk#R&Fj=dQC6ML+&_Ah!DF=y4%#M{@=9Q4bJ)7*FHMnkaywn)ErmV$oa2ubC+ovKyQ zFIQKT6iGvzp>VD5&*;e}RCqM&(qkfEet*}_K5tZEK%+QcH%+w|6YKY2+RQW@7h7u@ zOR`e4!02@1Q*dS6Sr&f?6b?4Y0-61gUTp|t~< z%>wHt9X~CECLc_0(09=Nm?Zg{8Brt%T1FI`R#XHPhJaJ7(ok-Y-kW5XK6B@~EOh#c zJLH`;WI|Ja$_mJCyXq5NV_#p{AE<&6*dZr0%dmrAQ>JNAiNB`$?8U)S?m1engzHZEG zP~XPD53*ge^#l7|@?sb@rvb|%3Ky5%hx8AfaXg;z3F&s7vmbodB>Y?5CXy;*)Qbip zVrUB1--6n;i&TF{)TfzNB(oOR%rMPniYQEmodQOO-j9e1f^ZzY1Qdy_uT^oA4TfaX zi{C0lZb?m!$$5>f7*Re4F84vzS#z3{SI7yLUSZW)r9&`WICQ;3a+4=X?-q_ za}wg-N?QpAJ#Jh`(4wzBhBUt;z@lTWdIoyJzJ$d6U~7fW9^fB5*NYwa4iy!Y|4IRt zPtq9O?1cmY$j^fh{gdAXjYttRm5OF$z*-aXYCb(C)>0IkRe8hA1w z3o=j}=m@aX{PaQ-Y?Ek8T_|I1b%m2}<;y<4gMH*U8 zxM~>h)lH3LE$5nb4On!tXJp#DBU(^lnBYeBR9qx06n$SI)*K}+3KwnKb^1)R408Oj zAIRxgv9Xv`4~RQIx8=ilNS7aaynlU-D8o5i|5Z;W<46urJ=mN-%0A#7=ht}u^WobG z@dL6O(EwHcnjDythSZ+t@SE-X)Rowgj6e_pRwfJigtR*k70Rz_KE@qzhBref#+?|HceLJd;&p$G$3GP)`mj4Loyh%q?kfE` z+eVw7D=;0``V*U)?&kcRgbWHq2qRWh8yr=weEsnwcNMVq4Jw#Uug8;XJv4 zt7Dj3F4@4yW;RaYXs4lh1Gt{UCs%Ab0lnyY#>`%04pCO#kSW*QITa}$wx*v~Gc{SB zoU8#aF`J;psgQ0-DIraE@-%e?#@x8HA1RdXc-vol&w)BpYwMAGXqLj#ek2ou~ET2SISGsEAUeuzIZOh>|UXXAS4K{?#ei`BfHh zVXn6O8{|H_eu7UVa7pF&*Sy$bk6bQ_OL{3}*RroTc=fzkT~!N}Xg`^(%D^(vxCeo@ z1?&FS)N=Ym^-$)m>QPh9i@B`H6oacp&`bKHClB{Os*V;_`K{5MvnaLgDP@u6=2Nr&SIc=2@+jCOl9Ebjm}EZ2|Zvf)_G6O59uBI@>s%9(FJw2FruI%S?-`BM~! zz1+VKLp~}FOFX(aEtN9_1}PYOhdZGNBwTX~BwvGf7kaBFDGzTsNcMj-&IEqLCOO!H zOS(=i!*&LxiJz0ktc=iTrPT?*AJAaw9_~5rPI&?7*RuY;GZ@OwtB$>jinOciHR&;0 zX-@AQv9uu`hD{gQV6H8PQ~P#1xk@vfFq@#ZT>Z@3-2Sy`opb~1qb$Ed^A5w#Mk%-l z8JDKycremLV4x<2%QBytNB0`;O#gZZDf1>Gj?U`Z?XfZ+Q&nKt=-yPCsD^75`?;-m zJM89Uv5}7UHAK=uehw8cYB48gN1Gvv%CaPqM}ndgu(Fn)9>eegm>LKP{rt@69c#XYsbJj! zXJ?4q4M+d(D=+Qk-3amUxOd*Y>G~mlNfMBPq%Ej&NV7k>Id1-Z0?Bejsq$;I7V_7K zDju=l2I#jA%qVL{?NxzFv$td8K*`#-l_@~1G4+|rpS+ZPAQI6ALwzh6Y}K(Kp^|>3 z1TOq`7Fcb9Z|Nn;n8GWO>mETo>Bvf;mzd;BZOS{V(7n+Ycr3E^h(g^C5%LZZb_fM*Z59Yb_!MG1xTjtClv(%`Y0{LPAO)}r?uf_( zbNgPm^u{-}vxN3@4Z`N~l6wr@t#2w_;VFOsV{;%Wuciw3S;;Y5i}{YU1O@X2JaLaYX3CCSQQAgXi z`kIgTM=(SN)g$t`f&Afe)+jowdmxILkNErhR9|mqY)*wC5TRq4@d}awxda&WoeQni z-qLJ5DL6Dz*TXLUF>!Ej&eR|uh@;Qu(}Q+INIehOg<{USkuen2@E*!pZoa`&qDND{ zm*SUlY`Eb`x>weWuvt;zoDIKbmyvvI|7`A@G-<<1UBzF+=`6e7Tn*_Ka67Rpk1 zmo}GRo2~lO6KgtoK^OP^b{q0hX;|N|R}^(G?^C~6UQ+(@ws#NTOI(hygm2AL3ROs{ zEJ3DN%?WWt${kmoY1UEqHuRM;mC0*g|Bpkysr%v=sMTFD_&0gmqrTK7^+0Ar# z&QpP&6NDmv1C78m(^?(?hKwFCWZms7R9bgF5nsV9JtC z-Gf?=y&AK<3&X1V&FpS zo0`a%yBfqgADUdjkst{GieFEw|;6!DLsuS&z*ztG1}cB>Gb4!zAxyH7YX zp5FIPIlt(X(rRk-*(-=4;L@3R4Hx^U*7`DarWu5$Ex+9OAg3|n1y=kjvctUpa8`|e z*ScIA0=JfJDu?z8Ep+s98jW|vKTii&;; z_uGSRz`D~8FcdKf57~pW9y)Xpd6{hSC#rTJ>&Dh6g~s?-zFmgzwz4vH^#r<>a!tRn zbw-R>W|#q6e#A(U&G9oKxO6;R*}RKb2#)@Y461|87P{;A@+DW0mhtbfWrMrqQJf|) z1MA#7xbwVZ%J3f6G7WT-qyWRt#|lAB{)@3AU}07$pecU`I@?mSuN+{esdkmQbMQ0z zdmk*|`7%P*SmGk~y=__#aKcr~M(s3TN4I$&Y!uR7eL`rs7qMlcs+_`Mg8;F9!Mt!c z4%*6>AjyFvH|#cyH1P24ctG(DSIC@*TN~^qrO+o1$cB=d_sgqr1oY-Wr8aO3DhxUP zdw;D~z2#%6iY2tuK7DkcQg2hOW_BzIdZ&E1_z{*C$tA=S^g7&VGHE?W6>(Y)eF+UU zhcJ!2su)BQbp9E(QgW;gW+<8COXM+v$K7mPk|?~evFtUP3M6SE>=-o50dl=_rr;Z1 zvE-UFRx`SC^f(6T7}y2C6&}_ZV`SU_^)~k9?kfSw3+i8&JQO@f#PRcj2mh_I`fq~x zjQ+<&lJVbTA#n@q&;7~b21b9aJNh?Su=Q8M)H}nf@qnuo5)^qUeRCrjF_I3tws09% zL_Tp@n;R$@67$~K*{0Jp|53-* zlf&iv)1S+luj~CzpaYt0_K_$K}<^?Tg!;euod8z?i<_j)=+TCRK@b8B052dGxSBGW?M8tsc@a(s3> zTJ{gG5^DPv-IS(&{Rlzu7qNllsqXWqWSvs&ZoLW_pe=@Uo_pb4K9!}y9XzV@z>}21ZnW-03$Xxuxr@huZ53M;A3FJPwXO~y2D@+&A1d6MVU6D zk6%)p+Ezv2@Q59u&JTuZ2b*stW)A+t0$-R>klYCv3GX2^rG=puM0OZRN z8~gLvqCQCIWRg8-w@u-!9qB+Xl0(*{wI9kdc1g$2zBc_MT3HpD5Bf@go)s>n#|2|o z1j0UI%^{lj!e$p>MX2PK2{7k6)g%G z&LZ{=hB%GeZP3q7ObfdIYe9&V8PEU4+BZhmx@FtOJKV8t+qP}nwy|T|wzXs1_Kve- z+fH82sk&9~)U8|Zz1H53wOY$+U(1hg&M{{nqmR*h_p__X%ilbkH*kowcwO5(kDdRsFC%PlI_qiIc*N8 z0ygmGWxmrVmYtDzEUdC^7tWFg1h8{oCu{+7EVPQQ-t)$K78o&+%)sK<;;yo)c9%EZ z15`OJlRniLT1_NKNe-I>*U@Iya%H+b5pDS9&a;E->Xy2R*+LE$j0Peo@?f)MhRbR1 zei}oU*Xvw*K!`;5e)K(C|{UmD>6!-gYKD=GoxSnaP-@~2I4=c|yP;#cy6 zE*@JD!V;GH{J9kJs630*Uw{Pu{{tZT8uR`upG5TcU;Yn(B)L!HTF2i{q(FRE5(aFu z>0F%MXvO-$;HY~JHC=4yOZguC&`Q-T1y60H_Fh>_#g^PuK$!5*k!F_^zoYsJox8f;DuE1mxWP7b0Qt{_XrHBKes^SV4$v34J0=)$jC$NS?0`UOIJQss|04LtMuj z+C`SPUEE8W1d;2cXB(w??a0fJR1dw{o;uPPa3pm z^MeoX=ESt-U4u4~%9*oztZ$bDDCmEP?@Fij(K+%z4c&bYQxe3{oTHMs4b4NN?Lq~w z=+}OJOKsSltx0D3;%ZCnHSh!|IM zCJ(N4*`3KPA-@}1d0n?hN}S9UPwK?1VF$y!-vH1|6U9e~BwT0V57gYlzR)Rsh`?cp zMWgt=5u5Ao(T9N)A3Xq)-}rhxL!aq+`wjq%(&{fWsWW>mkT(XR-yDSWl5J_IQOSzM zLF$m|7C44d#kvN(f!G8aMZl{kEXGbuCo573Yn8FdgQ8nS!WmD8)dj9&5XO(3JLYrl z&5DYuAe1jsvZ3K=%gMx%!^RfvBAp!43C|Vx*I0oCYa5*9@E5>_*vz?EcZ)$Q!vcb#ZU^dGViszmFU9@m6fxPabD=xlvwU&6Crmvy`^a`$wOg+u^H#GZ#)Ufl-adTuR$y zZ1t}gG={8PTC~OXIn+)wH>w3upR-w+GR&5B&K(I1@3yqr9AbJMCtzkf83G`711(b!6c` z?vvfLB>Pdl z@U#f0{_=tB&ybYrVsOQUDOTZwZ$^Kh={0bB{_(Tyc~9$}<-}>9=0c8m*2C{&fVGj= z5~=?H)D&}^HSPD})L`!syy@{uIxURJs^lm0+=CcH{K^pevZ_X*TyD4fpOoniMHOTi ze6@a-QLu+c78UdsH(-?Y1*bwzb|$_z#xNZmrORp*;QoLaBwYmp%hB5qw2h0+Tsao0 zeMO5c7%R+8df|051`@s_ha_WI4Kr$Qx^PX6I4QL2P9S>I@te(AYXBvYBt0WkM)<}M zA(zMn>mS%S&3NvE=*NAAE>V7ZTFBg=SO+B*3o}>tVLz!Sg5AHIi@9 zQw6N*C#MYS2t6<@%B7tQXNbvbM&~Yh7gyVuKI`Z` zMC-qN+wEg;AIJ81c)Q3qZAb0C6nbHE(I3BE0pM8m2%;r!ukm<^KHwy8`$ETzTxrMM zo)i_8sy298I017}24IIj$lCPS>CbOhI0*ASsTa)Y#i4|Hkko8W;_ke8 zzNUah32+VQXtCl-GTH;%sSfL}^@)k-caW~86lIryM8jRW)=+Aum@249OQ9g_U?6I` zYCL?|Y1or7KHakdX9qR^c!V6D#hu`!(|u!*GDz(2*yNu$21RDwEvs ztL0}bt+fxCsr7pj6Wp)2TEftL(x^~>oKc;@yBz29>doCVjqmQi!#ch5)wQTgR3&fs zq9WsQM8(s&wn`EaK?)unZ_0T*r{y}V3h2BP7Wh-zr38* zdzX3ThqxBfHUC1EOzS|R`W;SKYDf>2y~JSX4LK=#s8kw8Yo}21umKjFktP{7wc>5k z#F(^geHad}5)QfeQw?|4xlLkD$~!?N*|l|ag05pD!%=gbpnyv*)I(s^TS|aS8~<>9 z(SGCZsZT!x%85W8f`cKsf>I;pe%Qre!NtU(_s01GK%KkzjNYc5$JE$S14erd(RHJ; z$z?_DrlJuGa2^@adUx6Zn5%s!6&WSm!;mV;gzCYn$)zqt!HhhnYRvO`Fq}IpoLp!a zRcN=fl24T)Crn*xac(I|%cK12^-3@(dUxalj0R})W`JQIOl2DwjAhgg-eu&95cqN! z9gM@s4UCti28$9plcxXh${l!mC)5vwMlqE~qFP^pLf-;DkN0|;9e8>dG-&nQgup(` zFK5RTGCTPJ1z(pbR&=#z`Wgz?$9zlGZ8RhW<_&`u?Fq(bT*#q8k|j2N{`3k07`Gn> zSas}*^DWypckkVC!V1^6r-%8e0rm&o6{HUHmAKbf&zI;P@Xu}MpqZzD=^o6ddOy}{ zm04sB7|omUN*vJ@O1HHh&Zmeze@MiaNh7W-*`uBqB+l|C!&Z~F8f6KQp2)#UE0^AQ zVo9U}Wy{R*fL1qyvdmQ7MpSBEhN{Lol(3s2_{f`0vi2_CEXbFA(iEwd&~h z3(C{}Nfiw#!ZrnsAp{-b@964{)`F5Wx+-?=zcdcI0NQLc!b%vE#N=f1GRhe}J=Cnx zsBP$plcUd-xuo5}xEHh~wiHDGoIe1E7*Gf+DP=<<$#5iNK4K~@I?W12Tt{_zEbLB_ z6o^9;W#pyKZ5ZQdnS_2(j6}+>=l0VY-j}#&8egBXfjZ{dVF1wj$Dgu!;+it6jXob6 zI~I$~@sCEo$qb?r`8iw$WLk@0llQPeH#(avR|LyD`Z~fc+Eo@{Z9!JcmLwA_ za8w?CsHdwujIBf;ILgU#V_I=z%2l{ybp9sYUO9nq#tv-OnpM`2=T{@-3531%TntSj z>ju3(v|wae-C4S!?iBr{nG-V@FQ}?Li@Y8okpjtbyDv_M5`Y=3XlRZ!WN#OVJc1j)(5>IH)t{Hga z@z3i}U@MY5z~-x`Dkf7}5#k z-a!E*so$i{Ugd9?8Bu>U@Y+1-{wazl1PnwBWt1cHIQ`& z|6UFm-PW6jD;|e*rGbXsE{xyF^?{q#!||L~v=3}OV^_sdHw;J>rM)LCtF6~=*j^XI zVejM`@M1Egwdf2$;&BA8pR(o*TmiBm2}?lE7P%dgdxbkND}MjMjxT+6; zsqxefO__;Ksg0C2yB?+4o7x|ldBf|>5SA&>yjcI`kUtKm9M#ar(&jo!&6;%ZY6;J` zDj5|$45m$^A=KtWOA@kbWRK?fXb^5%!IS9XG1=l10(xy5nb*yz^3fZ3Crgt1;~Kepy!5mA^t}X|a=t04 z5ju3^g&29>P+wR_I*RG~0n>fihfp7bS6AP#-J86A?OgIYa~oz{P+d=V95Wli4I2%5 zKs|h;xxCjv`IIX`-K+-yF&334I9MwL0EUyVA0vBi0r|TeeTf}Ic|S=dK58q7*LJU0 zW;f+#0Q~D-vRPpBdZ-8ny`P9wA$;#=20Y-itTCp2YZv;#LBCpy^H*t6AEig}d;Yxu zJ__nFuyIeumg+pcdX|u+X-oG0muS^iLYfRQrPh9DP2C*%r7AqwXVHr6j={SSS=J~i z5)7`NEWPoScMH?EK*6j?jbCSTXbsGZbzQnu5pv{rM#2)Zd>>e=V3!RrI!GKq-65R= zelti7FnRCh4PiUJmFJ?~PjE8IWRjv5I2{%|C%*`!luKIVsOsdUh&N5I)Q86`%Q8NH zT5qVXv}M2&3YgM{1!oHjvN?fEs@L|Pz$K418`&oeq(IIuS<@+TI*XtgNNRaxtPEDp zeApN~D&D!8+ZNTU-n==#d5bG988$vt5KUv+k(~U^6fZ~nuvQTg0KgvWe=pwrD}ojH ze?_o=&8z;wK1s{=@xf(n_XGL=7yHDLO-us9jDP(H`_!;dOQYUYyn*m!iSq{dHQk?x zW4FR%qy&7w zX)zmK#N#D1TeuWjpovzSTI$GA(^**a^eU2*5m7%gr74?`2y>D@J_#Ow=}}-aPqM6~ zbs0WbYdQr9OY{fcf=3>U!xwoKODJ6H=3DbAC`tv`E*k7~XE6DKo5(3EZaO7Y@o49` z+1XX2hx+BLUCsTyk%?teXVlc&IXhhvfZBP8l)NWx?4BU0R-{n@sUH*do!_21~He=WRyIZ^=FI+)U0INO*z(f*;h zNhD)y^LIBjYq@rrem=NN=N&crser(%lUOoeASii%v&dM4d?t{`6gvqT2G_YPm`&jz zq26y-@}Z5=0RzaKoR0O5F+VS3WC2jwz-N18d^Z3*1G^Gb!l;rK$qR6Yn?cgyIKpOW zP&s6URm5=b2?S0x%#$|ZFi1-W@pwzgpun^iV8h?8U{R7MvMRqsgmUSDgqy|p-L!}ontTrTQRG!|%IXWtA(h0lwk>*3LV zn#QUqBA*J>8N6*|{&^46_M?-{f4IAswjV$J3SD!83uN7WA0kq-Qi}nh;K##vj|wXI zrC9jXt0QiXb>T(`Z7bDme&vuO)!z&bfjFzYf8=&b5*t*gUvD?^>+?@??_b~UUwzE~ zrf2GGWh7(kBw(y)X>Mm{Z1fci#&%BTwl;rDB-LmM zW15I70k1{%^7I>S6<(vIfRX9c1@s=|%=cqJ9xSB|U$3q8 zSXEXNelbMJWQbJs zk9m^E{z4=+)F_OKX+vs-U_1d0?+A;;jg7J?ln5YZjbZSCT6{eu(z^{YVx%G3@x&BgqM~%4Mnt5FP_0M^;b40Qj=dZZP-ZYouMv9>YwyZM&VvIB;bIvMdq+Vtdve z+f2Ft<~}^j_WHcur}RZoQ6?LyI1=R_1fHmvkynz7AO8|_Bh-nX*TPErM}dd_WQ<2W39Ye&C-j!C25jqkPjUO1=)!=eNxg14&nVSt(UKk6{Hx5IrHLS`JUHg< z*YWfTH14OMRFW9C4$ei`WBlpi^Et0vOk$}j3u1^cdm@^NAwCk9K0tua;v&IgiBj@X ziyh9l;Mq`%Jrvx5k~^R;MVN{Vm-!XM(_pUOh@Cg6PP> zt*IUu)rJDSko`NtuL%8Py8FTSsNDk4^QJBs7D!n<^T1NFNIXpc({Zh~x&I0f1=x)Ad!tlK0g0ksF2 zE(qvB+|30nIN#Rk)h^fHaXyeP=3k9kCZX#-7{3uHl8Kkk1A&R#1ZSh2l$2BJ(G-1v z{BhicV9IFLeMLs>e`Im~I=lVvqT?UI@E3MBNm)~IO$3b_3dpZA*-qSl9?G9(V8~Z& zwGfGu>AT-h6fOA!+kTk3(I5&TQ4CcYNjHVL=|sasgZGJ`kJJx=lFilcEJE0kI9=LV z++Wl#4d?5{=H@4W9V#&>qZ;Ng(*;H905`g>@D=j~rJJuUNFB|tCORfVJS0+O6h84# zh=I4_M3*96v?#-ze+S8KZ6tMYs{==ddpr%YOT;T@(8jwHk1kn}D@MfKJzjI{It<>;R^Hi~{dqMK3J$bQGExe~sJ~MJ9vgw|mRrQ65=M7F(vkl-uJU z%0G1dLr_P{29i#AlNruzzL5#DUO_t!BOFe>|9Dmj5=E9@SNQVTRpRPp>CXb}99x#Z z=FT1)DSZN*Rx*k!AP6!_*;awwfWg}2V0cBbeL#umGG+fY>}RYhHD+`ZS>#@qn9MjC;Y3u-($pL|PkrTfh_cR_e zxi{!je1~t)dWlP?#ftiB$GioK^NyTTNog!&iKSe;FMI~Bl+MkUE(g$(_@dN<{jcc1XBm;Cd;lzeFQ>f2n+0ujzP|>Gj7ONW?4$N80#!T ze5dJ`c;pKDIWs=}gxId;Y0)Ga=-yBZ*Kan_)O`}3U~ntC)5lXgQO`wy^${TTfq>GBLz;>& zag|BLdi#P_?nX3SNQWC_`|IZZ2$O@+-C>y&vt>o0*BrpULE!&RzY_++Er2DtM>`wU z89;@|5S&y$08#x!P?AdYuGnpGWX;Llc_%zl-K1FlH;8`|Z?Wh0#n1lw%aGZ>-g|%L zXa8Mf|8Mu+Ka5~HA;0+9K-2e#>~A`jruz6OV7UB3y#iDquWqPQSo**zNB!zg06dAQ zf@f6g`le`TU5BS105w7scpwM@4o*uPOPYqv`W*%?{GhwbIf=|ckkvX$C&l0eFo%oo z{rfs05tJaofvpvi>e?$H?ynd7v?EU90Qej9rykZxkE@7vVANGR3OG|qQ^5KUwDcK5 zI#4;5qWDeU+vquugmDLCcY@QC@Bf^&qpnvPDEqqHU%x*8GoJga8P30Z4gWac{!SGo zTH7N0F<&R?P8Qm*vx5Ot5n2^v{+9GIO&wta2d1I($zO)o5z82U{#u(YD^nY?rrILYkz8 zi9UGY!HBuUlTdx~6kB?sag~%ERVVZCaz-<#_R%#k^+l(O{wS2@qKem{(zaN^;0~J= z?y5^TvG$$dGY8`pjZr4*!409R+Nc|2uW#G95jHDZg8m(o@1nKX^GIJdmvYR(i%5d| z?#MTet17#S!5eVkVBT?3y{v3&^1_e><92A7B?h;CPev=a+)M7(gHxihGtj~FLARi+ z&Fu5*-|}dvC@SFy)<#@)Jg@y?Mnj6}7Eoo;*S8&N4W9^OE!3hn;E|8J&a2oj9~+^> z34=7v2jax=a)tnPW;%kf05I0gu^U}(Dz;>44WcWfmU>~7FG|*+#o(;BFZu`q_8eL z(%L?P;pj7F3*Mq1fK?!+V(-2_O25=eiNF<*?|V7h>lsZ=rXnAgE^&DQxdv6R0#d^a zQ5-wbe2evTdIhjHQp5D+$A)hl$b*gDXLdt(#51vSM)zC&Q6W{3I*ib!4j#f!haL_* z^f^;D)>c3192PTBJhV>N=(Xr5 z^MZqm@iJNK&J&*^_86yN z-pn(a9ZGEj1PQq2jr*9=q0(;3cpJR6*-EN{)k0wWUG`)gmT!P$2&q%%7R5?|fM$Sp z0x(UtxOfmWoOL47a~{4gU)tA|L?wAv7~U*aCT5tFp1kMtrTkEb1E#A|8?20endSdT zu~?f&5Fib9UVNUAhtJR4SzEK`h0rwu!DF!5xI zM31mxwWC0lTzT?HIy1o!wRRg)PvZ5VZ2dw+7U@s1_Dl4orZTM)5aX50gdl5(rMTT5 zI`5V4UdiF>1`FrwqV4#ZYIME$>|p*GTK-LKc1WU-MgTd&|6U|80^EWl$MAn{d@B=G$ODj$gY4!#b- znw#+K-x;k`@x)UhH;Vr@m^6q_8(#Re{{{c!{{O2>=0ErUpUL&V+x^jK-1^i zXLGS6*3kH1M9?I77=olCr06-_vjpcw`;d#_ofR@S033=jc*k`pvWZQ!l`p zKCVHg!N{u_2V%;L!FD^Jk`~9ndq*3q$@JVJQx-GoO2co85Q8sD5Am!W`&4daYBX8X z;PV2D>92aA_@A(b^X`MrlMf{dSe;B9Ya(}*biK(t%H<w?j0xA%P{HrmyV= zKjs4mJCDxm;frL!0|9LW3H#s*j)rGpVug}EN=N^slU2B=hlakcC%*q!a`7m`cr~^_;XDYPlS&T=^BV&CL=IB{3|~##ZEhZ0_v~N(>@gt%hZa! zRy>B9c-ne83;D`UhgcTrK$LJ;&Mw%yKeHVlthzs+ZjkvvF)5G|m7sGgcX&{gkJJ?8 z;>KZ-z7zsO@l_F%uUOFLp8LKF9<*-kK=;GwUoU<1(zrH7X(yFQsW&S*4enW#C%VpJAbn;GCB3cV<8T$zoMfb@@zGi2G4Dm!qD1j-FjZ-F)hC z>8g;VUq0D6qhQhIytZ;sjan0y8Iy~xTi*5p7^HWiU15<|Yl?-@X0B%KJ--{h2j@O> zYHxz5H)1H+K;3_f4cX}~zrR}M<2=l^g==NXD<znqDoXU06675_=|eYHNAsoZ!$Y_UM=x? zfeu{xyCbB^SDR0{KQoN-0@^{ssCi4YIOr)fC8}2p+Tte#J@nw-zJ4nEZBU+T>m$#N zik(JlYD{Y&6of5%ztCm{qCff~!lP5950Cj#YB6pp;7B)>LfypzWQtjn5aS8dUicYE z+4P+*WP0Yeiq{sYg2mb%xN49<`N+7WJDsAeM5E;BxQ~THt8Y_?*a6j!D7!5ZuZVv4 z%oxXDK`p3v(vqJF&uD2r*|=B5oG98l-&yI9ajr;g;zUEdJom`|k(#1N?%R&w5H87X z#?1Vp(Jo5*u005SLBI^OLW|#s>2nQ2#pC)Tm^aFORW@XJq5#e-0*@gmzLq5X3RW1L1x~uDK|rP_>)5Hf@_8!=TYdF8!fFYizx=8VK5m%9xernC&{1 z##q1k!|NF`*S{PL*&Rk5i3v%5&JLB50-9Z0#a?#MJ6P(M16A#4?ASgm+MK3M0%PO? zRY*5v^vU`f>nY1*14~b4)}CB z=;!45x>h@Eb!F&?RyFa_>mrf@bS`AX;TDjua-ViP>+&P|ujY z1Th)mpO8^wO!*nUQhr$i&qAL_M-Et17Y3mk?-M}%Ef@$xbTTS)o>?kLqf|a3Cx$V% zr!(#+6S=!wz7SG#FG^z{^FD_%mPd7w&0b}>TQ-Pih|fBqI{P=+D!lZ>5ZK2X@j^$ z#aWh1J@zxlKcXSuv0N{3@1ShhELo7v>*Fm`w4u)mM|!AltF{|yRHF`T$J!)L zx9p^dJdQ<9qv-hs*i=TPE9eSaY|Y0bLMW*OkK^`U#N&64r0Tv8&p~)GXV%Z2{ARbg zZNj%pUEdj-A?%+jFzVc%PfWXbOIuF-$tkl|)jrvDyT{{%@q?$SY#50`kkF=_$lAu4 z6ex(ekUMo|20Rh5bzE2(6hr~b@@<}gI#wjO!ns1d8KjGBE2Ta`iyE$ z6kGrY6v+?v4?v%YS@*>Lby?GYEy(|zQwshMi}7zS?7#o`hxp;&7wf-_(TY^86~DwY zd~9@%I>DY|NU? zn_}}h3Hb<;`IID_O$uagKlij33x!0NcHRdL<&71s?ZlB|j7S{GliK@Mvdj_FcMN4L4wT;+5 z6stp@3YFP&gJ9)Yb+Byqtg5)Qy#;bTqUrUzL1yWUerw5tq8^|XRrurmTtwQCwIT+O#w=z$ILmge<&e8_ zuq+rd_da!Onl9$^1&zUVhBIV8zhu7yZI(L-W?#_gRzA#E8XKo8^W;HT9=j53O-0%{ zm5Dls=3D8gGf2E&xKS6|Gh|N!06<|I(S;TFS?TfEzw7PeYae!q;lz+9PMG5)_7g^% z#*9{ly>0B3X-5PgHpr?pLAeb_98t}Y?W8=)Lbve7%kf24>l&oXLc{T~RQ1YRV)Fgt z!mOYWx=rAIQ4M3fFz^TU@x&AsEDxAEU^sj>-IU27i6A(ES(ppvGy*^Xj{?Yux!{!zrx;^o$?uJa*$hO zHHGB5A#yl`Q#Fr1A4L>r2T%ovTYT;Ma}ao9PsxLeKfE%XMiv4&7H#`_Jup$ z1apk6H};_wNI~YP-KWFZmfHt;M{`b(D>Kgx+6T20_@0avKl~FYa3%;yHeu@BAYm6N zIPrS{JVp?A%l*|LZ$bAja~!9hDLmhLv>`Tx)E@Q^Y5lo8p275Lm9McXJ!KZSF)?&6z$%_38pHRG%2aC2 zvxigb78wQiPlgR=u7UbwXUAh)w_u%k9b^=NeG+>qG7qle7!5gsfc8dOtGd-yAp zD;t-uQ!DkRx9>}bKLLWTv;;6kgd@el^_arhhB9IW+8~-^w|}k?T!@9@jZeA?ONp8F z6^4>S47+hs=Yb|5Tx@rRqQk=qaUsPS0t9dwrl)i3mqr(`Lr>1PnIxhr3({6p8#6Xc zSX`7VTbe(RETOH|7n`@1SI}T;M5${`9GH;Q2R#RI2~sr|+muQS{(>Pc;j{_IPhV1% z`c<`zA-Mf>+i9v!HL)?gtbJ? z3pX+=aN3Wo(h6ZJL_H)3AEusE&WpLoj>B@OOyt<5SLxCtW zJAtdDj9YR^72puAkOv#U!!^M;P@~NQPQu2o^S1bICPUYT?;A)5AMO3#hImV;N6XdKW$ejT6K>E<83Yj8jk(K4{I| z!Q-@Fa|74WZ1!Dl+wsF0ez^`b!UhZhCLsq6q2O*nXnqXWj)6v;5O0`O(KR3jgadw; z*zb0rpaGGQ@rnilK6}7toICp9M|u%(L)S&R$hG{w-dgf&lHP}< zQPFey_t|79obb_6J-iS)ak0Lt?n}dp5$R#}`nmc?BhMZ1i~MY*5DEk}6({2~d&pxSqQp1*A+j25535u{p^YjdUCkh9H9~!q>TnLW?y) z5p}(7HF90a^OuuE9OFH6zx{OFhI5%hEo)As6K=xE^@YYY6$MeiCGvM=POA4%Hd((< zs!MJPT>Ijp4Vq_o%VEet3m{!lJnwT+{)j297-q%d<*r${5f(z@c$y!VXMFiwamJie0ird6 zJ++1g!}R3t+o=F`)N7DUdtwe^c(KJD7~nAoxe!d&EaZg^e#9%*`7EHTH^CP!ufBEX zE^Bj30(qcKGpI$LQxj%R&dy05k857KB95k0Z-+UIrc;^d-FLI9IUv5ER^1Q*SE`6C z{h~^5Fi>C|h9pRGj)0Ex5ygzny^u}^^m(Dj3r2GCp#^E;jRX`ON=TTMLZ(F|QY5~k zR`I=KM@yzP4lh|&b&x9J@ybe4^yi4 z0$`^F`^T)yzEgdLcCq330WhajeLeL=2vI~S3^PEDr|2!3hQRt@McQ#@EnjLcv{<^B zCz!n`x~i4DOm#d+F*D6pPNX4(5Wi7zE!MfB`J$-9gxIpJO!R`?tgXGUKq-N>GXymS zqX_ekEL&GjkAR_vTgED%sGf}9@zbu%L@{`j|miTSYnW%z2 z|9}}X59RyNPC*_~NT~zbuN85H$^?FXzJ(GtvBt(m`&t$xOz;>YL9a@wKaEJ z&Hx7buw*x`25#x56~G$Slqx~Q9KKbMP^AmJ03Pz>DCj0H%^z-&>$G`{&~A->VW(v- z2CcOzuRkkLQI%l}d9j64?r9M7$6HF@oRF-~t&#Jqw3K`}!mE$935AyIfZWB zXA3ElU1kS;+nI%J}0kw8WyR$ug|B zYu#FS2Ob6Pi*{#?jF>uj;zM(blg*ftq3x%8k4(3d(C5!O{6Ji4S33w)+zi(1t>mY6 zY#7!dj|o=SEGo}55HVmh{RW%)^Yhbjh(Y&NSKDxEuhE@8bb(71eQCunMP>zN(`~!% zOyg!&Is6;YCu++NtfxvrH3bQs&Jy=S=i>yDY6tZ-Y1S`vqe+k-zp(}-z#V{EE*ZE78$QN^oe}j@>C`omt6t6lxa8R2$+zekTqL?e zX1lQ^=Dy`J!iH!)LDbw7TVup%2ShhhEL~HvPj9(3saFhhx>ItP ztez_qUJSHg1^MvcU!C<3XvtNJ$~I9ml&2hcP~$SxuGp!z+}uGueClCq&Fy)NWl-FJ zCx+wc)9W0Y5%qej6PpqnfXZLrxN!yJ=okW8j-FVm=!X#I(@OUpQJ+BmWEr+|oU|%5}IJHy>|Q2!Y%MXiGY$O>Y&qtA<|*@ znY16OxSR4sMOpvDsg>vI`tb$wt8@d_Jx>jo6*R^e2W!Z`DS11YlZLmw|9iC>Ru+?sURP9fQks(`m%lbV1O3{8@fzrZ;hj76uV{L3 zjxDO`kQ-&TqWaU&+wZjP*&Dg_Svn8)O%Xgi{Ee8S$<2z_(qNQJ#C<-e)?~5Y1@C>f zKkt3Aqn2J0=zs7op+4MZf=8{=p$H0mkaZ)IfZxba%m~TO3vkO0I@Vy`x@g6dn;RwK z@-KH?7k;M8<(ose(BAirGhL&Wx`lO|32W@tO~k6r>B&%^Q|kQfOc*rOUDJZUDGt@rp|L&hxQHPV?s~l z0ObI-rnm9juzmze1-Hl+Y)b4M2qJ9E0wmwv2*gDgxKnd^f~B56VwYSaH~h@QIBZx1l;FM ziaSma9%biFeQDo=5~}jds4#lh)%RvOSi;izvjnQSVjYbLbfOe@k{$-s5!vqSbW+K- zqoav9^23bCR&l3zT$@Pax8<$Ep|`H##BFrpC7>fzsYSa5GZKw8IPHL;<$1IcBdfq| zB|VjebNgpGg6`ZFF)&I@OJ96<<8o+6?N`NRWFcfMxCyt9;B2m$Z!*fGermt+l3oi=m1~AP(VhYutqzu%9ZrZZN$9_i8WB-V^+Ftm^ z2V2~e1V|1DGp+#w;SYF^RjL3kh%m&SA+QX&ga^WJlMriK09|%lla6HOqHu^8b?}eh=!o1w0Gg;;ECu#4iQtS|t zsR<8^6VX}!e*g!z3HA!MG%(Be9g#wF>f7X?~Oc#WU{$x-l zJ#QkH>Ns*{WMKGdc1ncX7clXUFJMvBj^VKBd7&BCkU2Q&v21U_Nl*|C`%N^<-P?vJ zm)?78$HS^=#|1e|Xg`w9Dwzo-&ntc$87f`JImpds_7hY}Rj&=GU6^`OBQftdaioae z|4GwiQzm3)J!IA%cc;aNzHg_cS)w3WtRNoDw2g;z!%*ze4P`^q+DUq>nRwYc{=z`_ zxqQn}&KZ)VKu{G#maph1WCS9eagtRO%V=Pk)#~A-oPl_5WTLFS2ftA>}f=qUG1m#OAlyx^06+4Gyqkf$jj`A%LxNe z>stNDFOZ~~Z$F{hmP1hLksS24n1N8>GkrI(o^T-6!#0U*YtrgXN_uSjjfKtVeu6IX zt#@Mm@s-);*W%e4bj15S-`13=OAs1kO?c|hm{=o;m?`uEoj5yb-b77J1)|PRUtY9UYLcX4W?rqvL_Ef9o z&g_4mM%D^}bXi`;QL%!RY=V`JJhuU9r>0#CL0$`ST*k3C;#{iU(owR@i8}8O zKktt}MxaO`^za z1?*P1&PJFuly2XVxoizRm1?;uR(MEO9*U<673J0xJrVpzUO*OB_Lb-1v`+^oFes`jd7%7fj&7Uur0K22e(*EI$;oCD}+l09K)0fUc>Q7_(+ zku{zYH?zwg`^J{UyO%X)&z!VtLE-6Gd?U+#C{go$I?0_yn}+qM8fZ-^x}pqgnnP8} zqas03o!VYfhM%yQ{PtN2WqFn|Z&^8sbfry~So77b&Un9DFzZV2Ch%uG>6;H3Om+}y z2ityxbx8*$cyYyd3T+saTV?Vh2+rZVt?{@EG&+cqA`pBUra248h#cez@Goa+k(S&i zYXHX8I1xNKbBDWOfV+(iJUI)dbC{J2tdYB931w*!I6f>o)(r)Yz=Gs#rs1BOfG-ZF z3a=8YzSZNscGd!~I$;l;ki{)8)KHqh9Kr{hJxDO_w5pvC zDtnPKSzmojiv&xZ(2{IKfOTP%t4oE=nGaeBzLf`)?iE%je{Ud^9cx{_C|v8^ZCiAi zuPMpoR0>}w?3ZUR9@#^irx!*scZfDz_wQ-;pKe_1Tlw;1N;G$9l}K>yNqEYbOj|tk z;xz5RZar%*Xh$-w`&4{8J;kFj*#y|S+DyEntcfz&zGgPo{$H%UV{~O}+BICUZQDu3 zwr$(Com8~rq+%Nt+jc5;#a6|(zMRwDZ$GC;Kiy+|@B3qqvB%oK_FDIv_kGQIU2{@^ za(xXssYjp17hNfE`!0S?XwLg|y>HfDChq71cas zdAIO+a(begGFep2DnBMc+tc#hj;+i-n zZ`W8i(N{nK#xaRe)=~dpV8=4!s$|QsY=L0G@L*y0U_Bwys7ORD4^1|@Bfk{NW)EP? zcxq4z&c1ceX3$fKQkND^A4t^$Nm<So%PHa_KA!U!y)_oR+A{}Z+j=;G_+h6(Zx@f;#WSD zAKlkL=Ehrf?yRjRrL-k(>KK>qb)IS{mBc8j#);>})zUxZNPp3N!EcVJ8p>ahZH!f{ z{AM+q9a}y!AySvC8#SZ@l+Xa5T3H#K`wQ%*QFXe|Ram1vQQoUGH8}ki&uZ44vVVgd z4ky^}k?q$S0|8raw_)WM*&Dpas&Q$0h^xZ${#N~!knMPxI`Dpv_1(23Cb4cynr6M0 zoS-Do3|WO@T|>tJ&k{wO9?wgHOj)eV5zla!JwDIx=9~McQ}kN653WXm7u=H+PeDpE zN(xh5R7(bn&Lr43#T7p`Z<%Ao`EEG!J}}==FqCLBAmzc^7$0swcdm!AaBa_m||?OG2w=H_J@nueYu?89Zih*;P7|eUwe!Roc{+T3^)}v=4#q zp!2@Oc{%O|?u3o$Icz_1aJFAT2!WG5w|dwud5j=uXRGWFQxqV;hsDK*Wqiq#=h0p20>_${$Az`de;nwj<_ZD>*F*zEbO;<4>e3#?9IYe| z)McMRT2PHKWsU@%w*hFTxl9jk=Fq0DsxyAf9nH7OP?Jo@>CM_7g$LTvkuzl*Yef!A z`pq`!$TxRzb}F!?*Gf<;mzrF!+>Wa-+d+zuC8cF?@UOxqpw>0*W1-R8YDD6%N1|F{ zCdJ3yMP&*Ezb4-S6H&;F-41~n)y{hjpK!i818+-mn?p7f$&RH`VPL?TtLal>;6-)?&*HZ5yqclq(PjSd|%FLx0NOU+KU%ZyU# z8jV%m$x41vZJs9W2ZthW2H6i^lKy_+xmsCuHioZ7Oghaz-|6(%I`-kZ;+3#UU$F7) z9DGXRIK~I^Fn-3S^QPC1$^DW@UklPbxdm`g!@bn#3&VP|c1&(@h_Q5plVCsB7VZec zfuX8uVA~{u4!x`M*D9(94Ihkg5ZCN3k7iP5gk%Z^HrG_-^#u|zKBo3kJgN-Z!sTqo z0H&@&0Q6UALG9FC=n^(eYytOeFZD3e;IWz(78YS#x72T6QP6fR?fu!Lj#YNa=@77w z&!UYrS)DpQkdNkr(sDx%zaL3#xJ7Ug{Qwd3>`eO7ezKtAL-HkH9ERoi232e?-TF?v zlWmIC%U17BNpkXP3y_@f(K7$0WsBhKJ*{*DUTdzxt!V32f}kWWcKUUTQR`sW2yKQLLhW)E7U)dF zu(8wbd_Z&dMhvHJ8@bekO z8AF0V(b_mAaplZ##T`=_&JCmSdfNICVuETsP7W0k(Fxc0cok`G6 zf9iZrMK4FET*Dn$A@aIOrzwMWm|eM^SiZ$V6gzHP|!zP@$SuQaWSjsE{@gqzk%b zoTy7Vi*|d$QX!UZvRlAzE`wU-Z^?bD($ecg;C_C(z0c4Glaa(QoS65xaplT9k=>jC;yat;4rvQZVIBlx zu7cDtK6&O2qLPUcq|_V%oZ^$J?VPQ{{>s9NAP>3(U7WxUkO$>Jg|n)y%0j%mx!GaH zZpPEg#UjBMvW}mG(M2pu3=6dt#$+IH<)aS0OGQz3vaKSDu ztEfy4J{QV&cu#&ZxetthTfhC)IExUYSmH(aNA=H;F>7t@JeQ7pYjEH0HE8ZNQ;9A| z9txka%Q}yZE2iWk@*uO9&$O_*1CRU-&NZ~UUU%KR_!qjegcVh<&5{s(T;hC%8`D*; z-wIyV10!7SYcZ&0L&8X)9kSmNG2IgO-rAULk?de`uLp}9b&E&Lrw`HM#S2ZEUSn*+ zUBwreeZRh>Lz@}E%freT5B1QRVOGE#>tZsiqHUE1yl607!cJk?=^=hIbek7UQxgTS ztVASQaYJL6er43*=WU-@2RUX+m#)?5JcYbdtF{3QGDb20^v36|e^_p^to5kM%odwV zMs8ytamv8m@w|x`kxq#| z+ILF)g!24gcxu@fFE*cL*hDho zxd+8iThpxQwDsTS^YTZZzY$EwMx0j(Dj!4+#v|+V0`$(Fd}s!lh)B~;%^Tka69JhfU!8cY;2_DQSydV}RHAsF)} zoBI(vo}@sDL$wA2N1&&J9umwWS>;4xGb26!H_rQd_N&1T7>gi<6m>{lrdI z^!W2}O4vE*Ykb0v{ag0X+xr>mO%8#Wn;@lU9y1u=?+yoCq_oy1r! z8}2LA;K26YLGqIq>s*#?dRH`cf#u#9_Tv%k9qV;4=FityDmc zeO7!x&8xCPrLs@3;SiJrZ9nN7?3~M?<;`ARwrc&K<8;|?lx>-xe`D4qvaOC$ZE3Wo0gsMloiK07 zR^dE;m5oGpR5ox`z~>t!A)nxyf+AulLmtj8Be^^pC_!$17y=@qiqE$#5dHCsOmAoB zgpJvEm(#`1%<)fi#qPxqpH27n;mx)Ozb`bJr6}$#y*07=T|@NlZH^d2nM)UaKosYn znIlm*rBLiTsV+vNa8Los9F&j39_$_~zBG0LV> z0eq|jQtWk_{mqzhkq7SPcFM&y#^x?l*A%_{eO3s zwRif|TcUop1u!Y4ZT2I?uSyX`5a#mO0_#f2qI2)Ng3 zU=~QmO5gTmy*JjeSJN2A*hHEO?M4N)@Mz3|tP@vdNw_O)%;Z+F1AqSvucT{&6iccO|&bab&Kgq8;WIcx|-VAh$gZRdI(q40>oivumbY7(e$w4{(X6TUj} zb5*>84JFYJ=CZz;At%L?RTw>a!dU}xT2|~7_xn+j;N2OA9Vep_&O|liaH6jkmzg4` z`BAfYtPSC08Nz*WwYt|$EyUkeki$*14t`PrjGI%xo9xOu+aaAfA^?(9+IYYIun;e@ z3`)%hQw?#h&esR-I|FtQCX#G zPpl_JA*PvJgYupv+y^_DmfGA8yTMFU=z4$D^FLS2D&0MmGa@1}h>8>0a-BeKG9F$yE2xJ_hx?7t~LhEs+ zs)+Bo=!tP!$^qk4UQdo5Rb^z^9qEW^+8#A%5(&)>;sfE|YEnCcev8yLzO~~OUPR*3 z^-b)X?Pqi{u$;#oVUAtPBSJcy5?%e^6psJm8FT#3&ommE=+mU`NtbpSU!bTsgN5$B z$(M`U#9}44P((_)2tRK|7N)gXTy{N~twAj-q*bvwo(JVHq?Dh`wA2xu5w28=N{_ib zmpD#3yQ9i3Uzv_2T1zJ8iGJNydK5P&nZ&H5s+7iIYuM1sO8W!Q_^er>lNh%-ZU!v{Y>P$exBqz+zPvn*WiRmmic19XUo#a{Pe^WH_Yfmk9O<3^-P>d)4|AO>0= zZeZyaL`OfYB*c)NfeX?O;Ohs*`hhU`t=U9(%d$8V^lSzSKl*Ki$AVy-OA2^DoFIC0 zMbfk|6O~bZOJY$siS^46soRREctui|T;;y4tREnm-4S;;r`N(2pjPZDE{uL#o?v8 zOrZ&A(&HnIEg`KXIoEc}=_}Y=Q;RJNC%S@*V&O>)?2KjX%RTa15&qn>orWUeuw&sG zRw6>&as}fys`I~LiUsJ67_#us)>Kfhvmf*CoM9=Zu62_pw$;qd!*O5%{9}UoTx8XF7 z;KzB^>X@l6RQys$b%^g%p#8zYjFs$VeqX+nhvBWx24w}M2kRa0q_UTPl&0)GD9sz9 z68S)d?zh3y&sQ#@$K6lBhbi~7T)e*yJHM}*lvpa8C`8i$_rZr!cwX6veFKybzWD2$w`_PT{dvBAo1nPlE*VgrQ^DuG zPkYK?is#S4y0=4U~nkns~58kfXI;*~vO^A4mqPZ)Gx|NZWP!*FX zEwYeNzxjBiV<&tP5Lg}Ogc2Dvxi&9%efnpgh&4nVZu+YG?WfPKJThZmwvL;hgx=iz zEuhIlewU44#tMFk{VrU|N5xh05*C_uQG&|1^EF?;ImG`f+V^w>YDUsm=I`tYH={KM zHZmAUzZSl-i#*a@^4lo2>I@%}oPq9|9E`5TQYIf z6^IPvKx64cl2u);(6kas)`F+E7NFXKLe~<>w2Zl5^_Exw5BZ{I-G+JZ3YEgdIJ&Y( z#$kp+VpqCuVwvLL{A)JSLL@qFvfr%jh82F3x8!T#Mq)Sxye^M0HkPk5MCCyr*^16N ze^^0;!?_=bFwC5=$z?w|p9BC4`D-x}#s~iCG+sAA22t}2@%WkZm=qn=>Mm8XoHpHT zMJ|0cMB3#{%VlmftoY7*tKp(3xVHMssU(U|p ze6BtU3)aI!tEwS8j?)*LO6(X4IPVh8uAkzfa|>O$xA^)dc9r12T={L!_xiJ2!K!=26DjIIShY0R9$jx@h4#M z=&{>yG!q8ah&C7W8mW(-qE&rH2PwL`$>0<;hGuUlBRQ&b2=b5`XlR1>8ySj*mc_ZD zv@?H%_1)Xa9jZ3j^(L>&?9tM+{n_oc6agq_1vSWt@ng&6onzZgZqwykZ_nF_t@Y`` zy(qh}XYNXuRb|1XBjOn5>t6pl<;@}|dCjXJYOJoIxid`n-0FYX7pVvo|G%6~|%%dM3=oT4O9^OBrK?vvKT)BF9qd zlzjok^OZai!`BXdR&-Kz1p;V(V3S00H!LLBQx1-0WCSZStX8P8jvHP^&zE}&P zXd6z)UcBJ)(ZkEsR~eAS{E}`dKE|+cNf7Lp<5ga;E=#_`N$T%Rgym#bm&tFPhM^;; zpT`M)%m->!3Uzrt9XEO@Ek2X;^+x(YUuZ@+2{+pY!kuDG?HSdRA}e<*Xejjqrcii> z*<%oOGsB}a%_=5tnPMdyTUAWNX4MDjW zy2{tTu9(rTZ?6@}uwW#YTcJNakV=fSpeOIKE|u?&G3%yA?Re|{qcYwn&v8Qjq{iOx z|9@5(Mt{ul{f)-qzO!HC0|y5e2A6XKcXI=W7X$CQokvcY-`UF_4~!pw zby35Ategn{UF9V2WMb;{&+*Zucp~`)}~+9o%#wQ(xMEH6_CVqs2z&dqCP9d z!fWw%Ched6-_zD-_D6VvN9lCLGa^&{&BVyIjh35pb zY*th8wt)FAZ|t9LFA9Xdl|FQ~CO>=2zA49N!^x@>YX3@?2~^b1o$vN-a7V}9v=!6R zTohqEZz@!aRV1v0ZuGXqHc7m1<`+STeF{oDVPL{fQt8PiN7++b4t>+mF=$1$EZ0&| zwpB&=EpjqVZe(M4lL7R^>Of;6IgA#0=r35+C*Y|Io;5ll+UTQ)szK19lr%&!w)bnx zlQ9?FTCF{HK%vabUG;UwP?O&QJ{db)hn~3$bK!etl(u&@rCeZM*1JJ>V43e%#^!5g za)$LACr$f!b1*jWm6MQD16hL)|CG_Z4_hL7LWY4UhL3#W!92s@cExkR_wBi>!cn8Z zO|WdaYZlSeJ{Gf`Yy3clNZbR=)L3~QTEYog01gBVCXQ_PpP4UhvH1jkpXENt=Pbkj zUIqU(?f38O%_lu$>ELSfr>h~oppAotp`EL(sgtGgKNx_dMD0&=qt6@+kVM3zzNu;Thu7TR zlbP!m{9Qg^(*oDa}S-ntme)O$aB(Wy(YJ&f|eLk-+>5%9_ty^dXWk&G>efg*znzK!Ev&rKy{U-1 zGi2n!qCw*i{vsj-jefQ)(i((&_G=y} zV<|A(^LT~!5zW&&Q#FlHwTM;lc^7zBt5-F$6vuky`# zf0W&%tbtrZ8}wp4z`47JQ_6$8_Rt};5cLi8oII|*B_-3lMcy1h9Kb`j9&Ur&{{H72 zdds$w5ymIOB={dm!@qjD{JUkRZ13dqPmm0W68wX55;Zn}Jc$%>L%VaLVmq$QY`ic-zCG?K zueTf<__}O*oUu1qMO&&V1H}oPq3)N5jZ-}Sw3;`6Wt+a@#}#MHyCQcp3Dy9GykJyA za8>jJW%ZIjrvga@o$4b#L9p#V!X(eXgUP?VT9S5uy0rWWotAdy|6&N66*nRUB8Uk1 zU>dWCBFEnC+F*$Yf+QB{Xb~X&EjZCBn_k#oDDGu8zj%#$`A5c;(Va=yj*}z2>cWD* z?;ZQi{rfev0fIHBNsUE+Jlq((8g2!0L;#DF2b?AF{>kbJRlrwB6pAi*p}c;;C2?Bs z7KzZkge4k2ic*F)oY3=ty`)fHRYOOVm;3Bm7PLkdR6GLtQR*Ttog1=*DWrRQcZ|_w~_&*BS}Zih0!UC29QA)*Jghqe$%g z8{ka)dO!5!D1E)K+-d_@PP>U{iD5!-D09RZ0H}){>ARrr_nat)GDQepF=Pq2&Y8V+ zEHE%S`w+yajA+8kZonL7MGIy$tG-b_6sS8`(y4eQ$bpqoso^O%Cn##s6Ga@{NoQGn zN}Gmc`03$>Cm_p+2c!(z6Gkx$!A~Au+aQ1J`_!Pbm9d|gdiWO#^`QAr~FhDrq%o-cLT6x}?c7K2xLCiO&t zF93`dFz|=%vSz~ccW@-_CilbBOwM}lT>}1YKZu&>P%PS9i@qK}fGmpS8ndF%vcRA~ zQZLW8oucE^)eEfknXzBr8D(PC8&?x6Cc0Z8MZYdU=ZHs#&p?9JSDb;ixrjnf>`gdt z<5F1Nf~&iK9i*x-J2tAch5`hfL4$4zrR?aM5YeQx!FQoCmIT_YTte6_$J+_9l_#;w zyjv+oVfF;QSyCmyL^?Fo$i@~-R-bAH3M;Kv+G)#ECVm3pw zDI#+Hepqh7p1|&2TF%+e@9Xdk|GuYtA2Z{%3{fc0M1#4ARzvzJ zJL#sHeB4U8DqnzaZ^%lhMoF<&L`tHB7gl-6K;lXFI{ARk5E^s>Q2>|@*|W9D#BjLf z=`+D8__E!QlO58q7f)L>cP&E@X!VffEI-|W><924Yc?-E1VZC;y^{Y&bFIJn8~(3r z_MeCx{ayAGkr6{SEo>X!x2RsVG1pogD+wXLf<9Q{NJ+_%Htj6yczi)1D@N0ah%`Ka z+srULcxvPSLd#$fhS>(oD>T-o!qsO}SO0a_(^92Z*D}iGl{AVgMGJKlyQ`YxNNtXU zNNW?>vuXtc(6tDm-6mp}m>eu98=*1g`L!yL;oaCF1O<>3U~S0M73-Xa8a!iv)7!SQ ztNRY#d_dhGbz(YdvI!ytoVQ(Yq%RCaBrsM!UEX7UP;hnv&Sn3{oq5;icJKZKY5vbQ z`hPzmQU6yM|6{8%{d>bvma4Avst77CO?w>OSab##kg)bFGPb`WMF_Z*%*xj6j+*4R zhBQFvBxTc(s#q-#O{=gU^hW>$mrrm!7NG080P{Qvcfoaj;4*jNc%%I=)BEB4_`?7F z5v7N?iDl1$I~rC^)hA96I2v|xJ0^mjRc5OS;Qc5is$3BELXBU-!1B9gV$-_AMt2Yp zQ4L0z%igXl&4xR7Ln}|%`u>vvv@pdKQmL)ji&{S6d;y*VfgL_|v%=wSR~tikrHZw}oJAcjVH0;k@=&5k(Yx@M*KB-u){`C7+DX!>-T#R$&=j}z4!def@gclTY3 ztx{-7NII8RGzpw@3@M%FGp<+~f?7wB$?qz2cjCQst8S+qE!oaBv$Zt1HP78*S0##2 zey2?CLP?E1Do>T$&3g3D-5fM+#6t;o~g2iCIedxX4>zTko>bbhkafk@2wA zF{Z`4$gMI4x1X_P)_Xa51m8TS+))m=slKg{vOIUz#Bx#|6pryGb=W3#gjGgP#W_sJ zkpxO|q>y&kFDr5P9J^c!-i9e^E*R00(jZ)n&v1M$VoIJR_rar!Ps!k9eiW@+7Xz zC1%zv`UE>aMR7UjYXopDN6nEIp}g73zP|89_z)z}RqVrIr!C&~5_wBd08i2}4Y&jUjd5*z}u8vO#cV~VfxugFB6e@IT8#_NsCK;&z z1PV0&6%_v5;{SmP(Q4M8A;y?~auQ2A$=$WPO zG2!c%qrD9)J_h`*=;yKM1}9bCj$@sCrVhluoX7#{&8J>?F5Y;@Ha}k9fqPhe5(Y%q zBnYD)5+1*>C$xmr=_I4A$r+*2Q2B&$L#ypRQig;6+I#VWcCW=B7Q-c=X-VlLrH1BH zyrdFdbAvsHEFbw^z9Og0eMz@%8Dp=xHlx)>w$fGV-PhEhg`sJNsf!-0Wk?Ai-*3js zw{GgiA}{OP(e|^B5DjLi zDARfz;8$Y(X_aR?!6v)$>G$zI;HcVyU#l9_4kzAFlsPV!BX6P*ta?J3!&6QwYv*@y zb4R3#LgC>0)sQN*z3Zs5?Uq^=PV}Q>eXJ+i*;j)v<2%azC{5wVG1ZiiLW3cNFhjh% zzs03qRCt?(R@))>-u?TN zh+x=*i+c_e9TftaPn8jlzQTn5xyc~cysY8vP?2=%mhrWT3Y&#Sm(bNv|KKv&mjjVDSSBL^%V&atz)Hu`OO7Jhkd(rj%~kJ40>Zc4 z6lbU1KnffgP=qMV$I_?Xx2~!3JJ**wi^n8rTzS;%I-=c-TW;z`SLii`1a)C)+G7T7 zx`s|3Be~rwo!;;~`}nMly+u~{iUdJM9djsDJTwpS*sR!_xm%VXnZ;NAih#A#uIxWpS# z2pRH5gjvC`0v06m(4{j5^H;{@-#dtoLiowqpfi$Fn*mZMu$A?DSGb<8X}>&C9l;jk z3J}ckSy3%KA{Z0`!RW%yJ7YHAeyErY$B>ybC?4ZY6=^Difq9m z7XVWwfQ@;^QN>I%a4TW&X918GWuDxYF5%L-l(o#fIrT}b_`LW%q4l6^sg7^Og)*se z;(Jr>Kn*L$u*R6f8kBU-YNZn*CxmA*cnE&nt)A<-cXtoh%yT0V1m|d=Jqhw)!;sk6 ztiUb=U|SiYkYF`cgSmRuVm(uYtNmgRufNnEm9&^&D${6omnd9QbZP5Xuwg;KloIq2 zadPG@+Rrd?p`7UAh@z~Ujub}1gDhBkV9}@>j+kA4oHHYBz@~_E;PYe0CVuRcj#}zHeZCpjJSHzGr(fZN+XE4Y22MP|kohplT~tE$CVVvM z>{_XQvt_NNOIO#q@(`sUAT3WZkL9@Ow95&v8mFR^w>T)qA93pk)lmP~1 zW>JZ!mv=*;L#6{vL%HsDP1vdfiaW#u6I`+pOyyjZuG~x{mGjZD%cx7c>1f0X@IyV% zFC|!p7qCHh49cvatRlAVfz0us#CJqhE%o2jgNZ76^<3vliF0jwRev)Y(d%SNy7)YL za{OO1C1RE~pU2PtQ%WjJ+oLcdzGvFt%Yqc;gpJcy(3H>HxoN<61cHNwToRktO}u-rZZyh(Nl zUF6{N`mrBQ78?1OX`f2Sk5A%(nr|D;=s|w!>?6)Gjq9v z!l-LqGYuHoT{?*~E9XHh^nNO~8p}6a`j*QNg7v)z8k5+dD0hP2%N(8}!Q6mU^ABT~lm?59KjkVhMkqru8#EHyxcRMerxhjJGoXKgs)k zzDxc4|99(&`ES5fsXS&kr+~=I?v^F4n+}+UrX&MXj&CRpxYj^*6$C0(DnS%YGB_L{ zZ%y*Xdy4blhFPll5?+if;q!$cBsH8aKr6VzU^}gKm)Ts*dFt)z=EVJr`&9`nO7l`h zZL4lCZn}+@XafzyY(JMc4w=i6J-Q)=qj)Zlo6kuWY=MSBB~CEN3#B4cQ@;omeM2lB znRxic0F%PK^U<(g3!TDt{?8MLQ8b2~yeQgyCVc6#H6)4jr?7X5GFQsn3-BrmhRvkW zRrwfiy~mZKr^Hg%psrm4uDm_xb0~rF3Inb#J-C#vO41Z z1HL?nsg@k0Mg77o5?`Nwks9m+%`z1c%hwT8ogXGD&{Uf=lG6-0h>^sKu3Bbq9z1>K zA8%!Z1+j#Hch+!vxoI_yT7&*nXYTI7$M$8_AvIi}S`h@|dh+sq1I_Pr3>0d22Cnpl zeq-K;X%YEF$l?$sT6e%wWela>b6vPP(xQjlCg9il1{QJ$WwucumX{0=eFJeh+r^rk zNpxnc9OK|@1E4+AKRPkr`}R46+`$cHD5JKHfEGcGHbP_BCE`=0em2RBJ;shyRzw08 zsE)zy;ukHg(Z4FIY*Vmj0eAnoIJfg?C51m(i2nZwcK^NB{u|i+eQB!v>CDSJXV-q# z1gR21pb9E@3Q_0tq)Ez187|oi3JFDy-MktgSHEuS)-3iBaq$fMERZY8p7?9?v4@U3J~AA_djnr`PzQ%H5YE!1=dfKJPH>@vjogr@JhRog6# z9=eZKQLn3JFqf8_b#huCiA~>{y?kw*r3_t^32m6Ag03I!x*bR5wT*COyLda}PW5~- zYeo4yt;#|Y36S)9#N_p5UucP%ne`kho+-_x_HlVZI{;{gYJ)F_3LF<<{z^2RmLA0?~wwrbpgZZSdY{V{W#cbLQm^0!MC@ zmD6xUs4RhruCkah3|6#qb*}2*p&A z;r8n|t9gQVSMy{BpeA;baUi7d1aWfVdIuh&*CPHA)&)L-TFATVa6pm0S?ISl~;NBy`B2D3hZSH{v z#i4|fXgXl10Ng6D8`mh%r1c(3Q%RwO1ImfzS$Rr=+|v|40nIFGKT+Di-D5y0_7<9^ zXEf+WE&}*qdBBoIXs&jpPV_c;_$`tXF3NyIWInVg`B7)I&ms(kTv{3p8ov;Yuh=UJ zt7&zM7o=-DhbouA&XO(w@{8akcFUK@!gSu9R+1}R=!X0k$sY=Zj6$M`F<$&~o7a+f z#I3$x&R}+41chU8QptX*5PF9O3&2IipG?k4$|)EJJ^kq&3p20XI{W#i)PVn|0`#we zOaJbS`F}WOVS76lQ;)xUT_t@sSmS&)Si2{jrn^?A&z4oLh!hQ=>D;XCNQ-<2_bqwk zlLT-WW+jc-UFqLePT$L`SRg%56HF7RdYRW#Q(E}6I`dC*KAf6b0D41$cXJ7 zJ1eAzs>dtZH+1`zbfDp4d_K=5DL+8bN2!f5;p9~&23noA*pk0{LaFgk}v$rO$nI8_Oi`HKbPT)Whl|OW)UU27b2c(Xx(t-LE$}Q zQSnoaObB? zdWG)~txk`3{WOVvmHG}}?NPI@h_`5}KZeG-4yEXae+!M6{X%wRjKv5!z&ECygKMr5 zNO8yYope1m9*B+^8`a};ul+W-wxBfW6Qb#7otacSnqB6R&0PHcr}prs7yZ)oxxHup zM?LqyYY%@z(EmZ?#{40zA&P#e*fv6YMY$OxuC@M3qAY2VAETsVO=3ZtI_LxOpk!2Z zpn`|J`M7*%h&?=mHwY9A)(cKW#8(ouB>2){$(>D`I#swWvN;;xC1vi z%S)84@67jNikOHY-% z%C>VmLFM^HU4jtwQq)!m#`chV@(HUgCKG~try>>w1V)HP8Phb0b4>C{G!3i>>?xpa zWG-UAP>Wbhsc)p7H1LQ)4_AI)2Tt>G$UtrU`#&pgPyMaf`PW6FG! z|D7b?Mwm(dYhs|o=(|G_<7jvYi?fJZrmGfPEsVQC#Qogr#tBmdm zcGH9Vna9^0((C0WSd{C=!)dmi4o!fgT36rOeYR3`x)(G1 z9tHUV(al-qaLw_T&0S>5_Qe-s;u6#y?yX*2zf>Kb@_)R)Q+%^~B^3-LHWCViU_^2x zP=V4T^+`pIOWX<~H4Avt@k%^`TaBX8=#lUR1E4U zf)OiXDcMZs9Ez9rvW1xU3sJ#X0;m>T$O7r4WaS#F*+C_N9}yqH48S|)8; zwRk*=>bb?p^3*^1cVhxJ5HxK1FB1!D;Rqo$fFYbL4Ip{+cSL2Hn8iRux#o=$SDGZL z3#(t^>oFV$By&@7s2CcFo!mo1N_F|@4zZ{Bx)rF(@B%1jFPtbymBJ;*J!%GLaj|i7 zvXPovP(Jw(u$8Gs6{w9fR-K9yi&%3t&QmJQ-K%tPqRekE)pK3n)vQ z$C?Z0b|RR&aL)?y6eWIyVQQ06`4uCptvQyq+I{LMbzFHfuc=ozvvwZoT0;lV*B?$~ zOl?jAUP0xJ3*x_G(74_VtO|W}sQ4C;Y-bftqeOG7F&4&xFg+~D+)CHL$8h{DiuWZK zsB#TW(}Cx-)+Ek~ie*e?)DI3U1Tb}Md=)vkHC{mm4avPML!_vSlr7oXM8(L9OESHd z*2>th%zo^RI>px3VHwe&x3>6bnB74yu@wB)%EYF^hzoF8YM}KRIo#KzCbDzyQTs6` z{eCHk%I2zeD%X+nGe|4lQZCu-OqbKqSG4S$MgWn-Y$&4i4LefSb~0gICN>K39`T&1 zygcKoTex6=wUepMZ)N^BPu=wdY3?#_!7C$Q%qvRSCZS#Nt}b@KAamKbIJvyQadras>gz)tmabEZ4GrU=m;3`~@Z8ZjyL!vADHYO<|2ihQwQlc8sxdwv>TRq;Ro- z*--E2W}=D{)TB&OcMSz&HL1z^?GG3zAfuzEE;+q@h<2sd4ANethKOKiI;PB8D9!iH z2v6YWJe7wQAH{~6#|PY7h;l2(!HWY_z<*dV(rk`B0`WsHsp9t(Db}C5G3hY`)`3LK zoGg{NY=Yf`O;&QyNpB)FRs9rrfD_Kb+fr}AeA;Xp7qcTwPB(1?rO%iB;j)0We*!`V zVe3m2ZAQA#*C0f4VE{FCVa!+E90A^9H2~(41g(!mrJc_U_WEIM7`|zq!MTM;Ceuo3 zEIF3BfA~duvlKbB!aFh98`Ry|R#lE4ibMN;IqNKJA#?JsVh^>Sg{94h(-JLw?=;X< ze++9&YU7E=%(M{|%CmV+JsR{Ltqv>ecfKq8+l>L7?;PZ*MV>jk;{A*i0ZqxN#V=$NE;Ty`@m)A;LaZ+_tgbE2#*JfylbL3miVj>ga~he{r!<8 zk!%&Eq(%+-yKKiKiuS`izr^ec41rG0uOA{UqQ2&q8us(Bfgjdd;%Bs@Px~}8d*Eo> zAuZ8?n($jaaRKf?qk1=`a|H!DK^x)abAfyZki=+WkTww|aer9cCJabs_EPB-mQLxM zkqm1~Hl>(QhZ*B2W*4qw#h>>ZuEf=I1QvYR43Q*=H03`!p@y@LkhgWotO3?bvrP1ltB!+T2!WPLWuVyu*GjhGil0PV!KSF__;&s`JMEM zDkaM+^I)b_1TOnv(3@Ca==9TRKIQ`{KU&cQubtY`bjAw)Jp_+^=Ko{uE5q{MlO=<@ zI|O%kcXxMpcMTEs~ zne5R_AlOCYqQDaqo@p@CbX{BU(OQC&0aSP?F`ZGzI7jLxDbFB1>N;=`m^StrcS+AUBzD*^d zr7!zr9`dOow6>>~QNB5xtD5Ot@6sIe^vKIlqpK7vc*vB*Q6NFRSg~wIAlYIz%Cbd5 zQ7F3@^5D(hK%W8c+!rUolRM5sxap1bT;<{jHHXPP zAT>(p(`m_z7nKV*)sC07_x>D6yxEs5>b^%PP7lKNL+6&vM_eAtAF%@fl5DZ zP;1p5{18i|b*h2Ik3F+|0-cl4K7WV1=#7U$TgFCnTXX7$3+=gaj&4&ZazI}2C}LW? z3tRt88V~+jM=xS_3ygmrA2n^<-50i?hADR0HOrAT4?8;tajK3^tjF*<(@z0)l^c^8 z8?Im%nMjr)+D^;tZO}=Y@x|ns0}Qhjt`W`l=ySGss2Y1u&PYGh|_j=yxBLr zmS)MLgikghI$|(MVC9sW83XKq83AuYCu{14L(aK1qRwu!S2;aI%03b44RF+G=sJr7 z*>%#5@au55-X4--SRJtdKQS4c)LvbXCkAT+_&aQLSQ;bAes2(jg;6FvrpBz4L_ap2 z0;a@YUtE+Qj6OK3?d&2t&9{--Sxn$635I8!>vow)=zt4X*LL)}HHaK+nv>s`V_=%n zs6I=T?}STy(QVZ;P$DPZ4VnhT|52v#ra8`>9w%QPM$FN0_>VOHvecWo)EwS<)jaXs z@4AV!J?)^82PJhspAVO`|!bTErCy`6)62Siuf?!a(>XCrMk1ypDGAX)3VF?Cl zj92QvhHGk5`9Qh{Q3*lN|9C;-`h`=MWCTn+6RHktEMc5k2{l&?f=(HpNQQoqC>h%7 zvdz^M{vncYLPs3*Y4 zfR%;Hc`JH=nf)m;;eMe(t}bakidLluoA>rR>JJO5R2inmy7=qZ zn|1VXmuh&ytowd$Yt?udTan4wi|CcflU|FAcxC^fz|H)KX1uickv5{Ws&pBHb~dwh z@g9EUhwout`;impa!BA0f*GCTKtSzM&_O*`*6)!sX&9~h|s7+x3c)CrA( zg<%J*hdg1mB~p43dDq4<_hqYCIWYyPlz=+NZK}Y$OOMHIZAw5{q8*$Q-_?Tc@bSZZ zS(n8W_-F%j0vV8Yi+jIOHv{=m><&C;voJSsL;s|prk)%Fur)~Ej5SXdE1{G$-HP^(X+gKFu3CF!yd4;lzj%6m zQdX>S)-0=wQh5nwjApQ&kvJaMO8br$(FY`jz5&xjpH;Uf)-w9kMW#Q$#_5lJ*=yx@ zs7=?5t!9K4RO((u5(He|zC4qlr)2Gp$_R(QEewWl`4jVq<+F%RKbg&JEsQp5=JGWZ zA6hCm=P2G->ZoAzDs#a}XiA(cHede{bob0P=?m-EARjOcmakFvs9!5~h`LcUkaJbP zJ5EftCF?p$_WOLEx#smTPz6W*RcgrWGk4AGvy@A6g zGF}whr{5G#-9e!D3j4iB6>d4!wEPTP%uzTX8YIzB6of{B`?3fZA|#5#)bl}c^JIKr zFL;lHN%EQIGL2y6NIf^!af0Mo!5xQueRu94)L{-QK0Bl1-HfX}p>J2o0XC~bHHeSN zNF(6aSFof3qMgEk2J)3;dKObML)CUm`Aog#Pg>=liFu^se`OMAF;zaejTQDpB4tCl zfb%`JXgjCKzWUULFFG;}v3fd-UUw_iXd0-Fsg8IIK7uyCAxt|(7l-Qw>V5x22T3LP zjJ%>zY2xgCH-T4UZ!4%kidU>vUb9(z(Yl8Slrp*85bScvl-X(<-OALP?!N*}5}HeA zxCVYEP2gQ^*8zU8Kle!-9nW~)u4w7#yWz8dH;^*B_Y7A^s+Hlk7nO5`$0z9%XD+Gl zV1?xBX4s1}so`8r))vi32Q0u=#LI+4#uV$`xChIK?LyY38q&1if&;p5g)IiUSmt;< zHbPt%a)#bCu8c3pX_9r>g0VoA8Nq|v$0X2I>yl{}?i9x82~n{JCmerbbAi%`^Qz5! z>(!0V?+p-yU{lbSH$jNa_a9-~5nMB_r#sb*8&kB1Q&iC}c5D-=j6JJ>POK`#enWi7 zLQ!ik{ibm`OB>hnbHuwFYq1*(X|BtR>DLgjXhj{``X^2!B1Hie+ORdm}Ed(xB|zw5f{`p_>6Y<)YZ=Ev6^s zzJKTJRmHj-@3`_WvlwU3%VYX$w~-?b$ru$nE$**5YKojV~Ha7;7kH@)3$ot*P{tPx@;5{1eLO(L01kfI3^z zWOkP(S>`cZd7yOoCh-1%?))*2En(S&Y8K6ASAZVQ*ULv}>R`Kk^set_Or8FEzuF~9%`2~JyKdd;xgs^^?ArW*wGx)G{fLbDP8fNm zjT4}f`#l&vvZ~#Iy>tcZ}=d{Wvu)-+AO@tl#W6eYAKq~qUpz{j;R_Fc8Q9wI;7fUls<3Bg3 z{yDWtMN=6?5b>Ri5W^ z5`PcA>1x9&G-0I$o~LK~>#OI>%CDEVH*#M~o57jrGP423ssR~Tz`b#QamGLfG~)5f zIXv+jlHih5=?E? zk^jP7mfoN^txmvC1`P_vAep6Mnkcq6dl-zlWM-kw00Y$MlEOAA@(4jqC0}8~GSfeFB;f1GVyqF zt*xF)if)6=fv8$}vxQ!70+nAdAB}ZulpfsXahQQatp6=l~Cl8WG$l6(YVcAtXH4VS&Ft$vE z>hbroydSWI-fFw}EzgvBeZS6SFu{Vu?jO>0@e9;xSv&j9;bB2iPKtIQ$G3~5TXc1k zbVH7|xE38Fi{Db#?7wl*hny(2qKL-x-MBGq2qAV!@_7bjqLi{8e-;5qI~m-s=-8EKYokE7HooSa7$IaT=jgjkY_ zN2I#OKnfizx4vDJmZ$ujpH>5@Hgn%Lgzt7?Ojn{7b;E&mX*|$>hR0WU9krdtfdOew6{>7D(nHnGnz2LDb>2^IE@{nwiWyTtcD!iQ2RTS)H!rF-1pb~PFQRWbTc z-;$E6o!lSa7GUCu<4;ALq^v8yAb`r-kXW@|HA54=1=&up-lwJ?sc3A3h!Q^rg7_ok z^87NEi*-Kvc$x`G_A4N8&LE$E#JvQj!$(v)V=4b;ZZku zTfR`rc{PQRea4|gVZDgHQPPVB>SrLK7O(J+?}ILnSd~$Y%QW@#i|3jm@*iO*jb}1ltAG%gqw+_z(9> z>3%L@m7RNh#*IB9Ge?_8BOn&7hK-lPT|oi9?vrj#9&-1~Q~w;0xGW?hJpIkZ$rZ`oFs_#?}w z*k6?O+4!FWo~?&VpL-!>x@hB=8<(JJ8Z$0MV{BQLshLDwiCGtG@ox zkCLBvn*BZT^yP1dO1S^+qf+*;Gq!NDx3ly#H32*@8B1puQ@el6Zf7N1s-u_#c3lym zNCFvY{M8DfcjMuds-$Tb!fDV<6@>~KU9sZ*VBwful8r7-PBMI;`2}8sF&;9*j~1NI zcRPGav)^+@5gBOGUWlGFFP*R6Ho3oKkN$2>VfT3OMDIWjWgra)qUMYq$WoFOwUQ3n zQWh7cCL4)`Yf@egIAAyrIW^HGgTd& zhg%=ZEjhtmn!?S`rri6V9v8=DIY&``T*nHSEba>?xZx^OpSD;vS7MK^t`4GAZ7XcD zR4RMRZhP*2Yu&t{Ov8YTNf(vPb(Lao#QNf@*l@TwSWiZr0oIhMPODq}Hd(7YXX{7p z+IQH^3{4ur$+H-4Z;t+jWqn6&N|9Ea8v6bs4sg2*gT`C7{T5R@d>sdv9G(p^G>V_n z;zwWfHq7DSaHhfHc|7b|gZK>Rq}zB>I*aBHo$ZzGVbHb0<;)6hE!LFB(H$370burYIY~Co4q?;9{OB}inoSM#V;Pb!sVZ&3W z@(<_pv;lLm)4tl#-Q@?a+U5w+m@;w?_?IaztorpVO#l)-mP$)JiAh#nUmEe^{JHMv zxjq@|zxPwBSFy8X8?zlPQ|P-tXgoBN6C1%`E~+LaUylbEMp0|vJ0u=OYa}&r%8wH? z#cQN$=+9NOYjEoH7)73#ITY@p;=tryC}-`;r%e^vJkwog$?eU>nv#Ad+xKAb_TrV@ ze83o6MZS7lwW8}*89`Mfv#@Nd0!Cl-&+X9o&j^<|rp7TW1VX;jWx9@t_un9X8=eL6 zd*amI4nrJXT96J^c>%*#0{pDJPcriEW`@%QG6`ns18rXM++AqQ(cZr735J2}34Yid z<~RVFKG;Gt0Yz*bL+=r&3L!U zi#ba$``kCeci5=BsQa8ydFc|YX~(nXJ-c@BrP)yOz;9zP_g?Q?Z$P>~9fw8N)MayH zYTViTU6G7KsXgLuaSlNuJ*+*wgPMa=>%#hRvrsdRUz*5@a@-0VRf`d;Jxcfn zT|YK3hZWzAGGl5>*{9e({vgNA)jBPG0ET_Q{9QxgKO;xZe~{x}o2Bh+jozy(N{X*pX5rWMd#yz))x2mO4>shZE}CIqaLT|Z+3LUs(h#fu%iZ5 zood$_$}{|yH04})LtseR06Qwe zH)IE(A>e}Ir91F)aO@d^=LM)DSVKxoQLgnkeCPAbcp9t|-uzh1TDB@ktPo_Oi_KHc z$g;W`*EtW(-za3H4hGQUuN0hTZ_m?>HFr$cz7JMeu|8_~<6h)9Keo3xxUFSx06mf( zLwYk`TTo2TT@pSko4gV5fWoLD%tH3Xq_!B~?;u09+tk-=mxt;06KOSCE81We z3>P2UR^0rtiBE+g1oQ-8M~}Z{$A38`^G_w0vWvZggQiMK& z-rJ|^+b50zwMedZBsL-&WUe+RtzzQ?C)>&67k>fvK((#(4e7mMCR!EW141G9@~B7i zz?aJ(sWZpxWkih-Yo+T(jEa|fa!PLPAQ=pRF_|;`h8=uYISxDxc9c7R!9KJh3i8N@ z7eVs5J4B;n+vKv7=kd^xj<0emYHQ?y?iMg9rPR88%^%UY69)-4MqrFP$Nb)qUC4w= zmS(%v40`knSLALAdk;5MGr}N1TZHPYBERzMsn4jm^UM7VKH%=PMAIt`O@}P%*iwKh z^K^l@RjuA|{#d(x;+;eP-TnDn_x0cZ_y1cxLZV{fWNK)lY-sjZbPQkzR~m#7F?j2~ zzsY*>1q!c_O6hu+$o-B)D^H=Rv4S9b?xN95vY|eM_P=75Lmz5${Y;oVa?&~{hL6^{ zeVNZaE!&6Y5E_s?5JS9dwEAPf6Uj zAQ(R1{K#71uD+HUryv)DYY>4OFc(Oc2Gd9^_)vYWiclZ;#j{kPh&R5CWvg|9$26KSSETQc;tX z|3cbg0Mc6h7t-DbK?q2cqC$<{=ao^BxUX_$m{2!}b*o%!N}!V9{rtoS&Dddy0u8C7 z{Ua-l*V)C)?CouM+5QvTjI9AW`$PSCPha?-Dr677{}-YBns?lA+E?`v6-F9SOEy>p zDbffA>Lg^%pEjQFp}kaMO!iymknbYpjju z$K-XVJ%XVjOOiH^x4aUqAG|_|YAIshnZy9D;|%w? z*1h@?kNgu}ZWeeR@%?0PQG`c!Wyt>Y%;j@0QtEfNz;yhty%XXAHgi@;$nHTNTDrzw z_jEIQ!(cijiH9Ci9cFf*@8k=71$?9q6TQ~RH$$;B(SE}uYgz*U9b!X)RUMmKLH3GW zov{K(lP9VcVbp-hk1l$(WX=DF4$<$etpAO)-hYd<|1uBcpOE&yi`(B{`9GBIpHvRG z8Lo~4=)%Y`jgs`Uh}f~QEtM0reah2|m6quJ6wd}~sYJEdj28?Pj7IKamOuDym;Snq zj=D;B{6MSwxnRLtjxMm+8tYt`?DgFH@k_Tir`KW4_iwMbJ+2zqhjqDzkgE*5=&Z2B zkXBy2gcP| zXE)hnZ8TW99lCAW`O)t~QXk`LT^_RtzkJ7)c9Mjy9xn1p2U^tu*-oZu?p4CD1|{OS zPbc(oAQkE$Hr2q#X~(E9)v0C*+MLro%S>n@7TXUuK-Gf4R1pJrr}0w}G0$qgrUWpM zVtB1t04t2k1CxE?P(x-z7=Z8Ge=B!<4%|NU6R=OP>%`xQC8AL54b&A=WLDlTK zF_;1yU_ML34WF_x(2a}xbe$Al`! zXaFts$_4K*!f^NTlB47zX5#!b!qTZn#O1u)YM4qF6=R7_5P^{nx~WX-q$m7ktI3DK z^h5cBGR(i!ZN$orVzX1^b}@^4rpiE&JE*lfnO3Q5p0b&O;W#05;G6l~W zV6Ak}3Z7Y-OT6oe*7sA`#mm_UAiKf7JM}t)`HGHTB-D;EhSyEnq~>UTnSeE_aJ|8v zqjr-!eQ*nr)51U!M_7}b>=QR$8KK5f7&i*%Zj^lEe|svKli!ig5|WhV5fu=4CRGth zcLsG0*e8WzC)#;kcX*4hMZj;2K~BfC#3qcKXZAA*;J^|0{jt_lus{#VBOXim3Vb@1 zq#VemB~)ez!#qLFc)-aLjL%43$QR6?I}M>!*HhEVf>fZ3gn#)SIDXeViV=GGE0W!) zR~eS&;p3O2!h6`LIp$X(P;|usvRP};C&F2<+r%_9*tr(r&(@8`Su9{{55UsH#t8ty-pRq}QLa_p&5xI&&tnKmh2vOVN)-e7*07C+~N>c9X{ z!~C}^>i-#u{k84&UnJJf_**U%ZAilaVRu9cO7MIV5-O6AC`OQ7e5z`YY-VE9sv#cJ zCsd4e2Sg76P72JEDIm5scQ!D49Uf1d|9p+9+4{sIQsSq%!8BeTz_s*wV+a?A7Uv5V zx)_h;g9sk=v)nihVE2!S6%rvrE&=w->)w76>-RTa03&7vDT7Sv65eu!g%A(>%&$m22|9Ulpz5ozrg;^ZQ#8 z`_En#`#(hJKOEYn3pERL!Czv!LAHh!^y#IHgrLX?Ne}{mIT-HPRjFL8y#o8|6!nb#6p)w}cYxAT%OZ)*MC4g!?Fk ze9hY5kt98!s{cJlJjSP0`&#Cae#F*L0?;)kWYHZpIHO-{ZfCvfzJB zUCf8I4;#fs=!c(LG|OzA^Mf;;R;QmQk7b%`GQABCJV)^r_$;%B6^CDPfL^$s0XRGU zcoDc7@r~3K_Tt!!8;k*DIR^I=|hsFAj zhxNbR4VgdPjTtsKoPLnM;3^NH@bqNEG{!gUHWl4o66Q!zYKUScss@k{M*7s4AIPSbtyB-ekJzt zkXgYrDYOIA^l%6!j>kQb^T3pKFp%D>@&^$hxz=6#+~=3t1peNU-Znf zuQ;(svfI;W4&fQZ4w6Q#W1tqI&(H)!KxV-r8Ob&JU8ASj)qID*QXgj~IiTj2QDa{2 z-zK)oF_4AQalVcg>0~E~Fy3Yi`$4-4jHJ(!2%91?W18R%rY?Jqojg;hoAA5lW)oGf zTKi+TDdu2M^WR(l{~22SHDQ?qSS$UrpR`1qWQ#sXuQCI+ir#!0fM6v93uIh>`zi1# zkGlg`siYWR#csgw7Huap42($BUtqOA(e>r!ZutrSQ+Dq10L$f>;cQS8DF(vz zjNouDQ-IgNyc}IP6)l$CL&H~8Ts5g=MLkN=TZ>_vE`!=}5%jEK*qt1Lq$DQ_W4$pM zQSPKQw&oGn6=}&Hby#~fdZZ_L+)ZzAYhoP8U^RU}FR6NLMYa}t2=v2nQOFi^=%>@F13c(~7%p2tMjGl6Hly=Vx`khql| z8sY*@baCLp<`1(SUn%6^#@NpaePK7(&IcG0+g4CSC4bOb)e|9s1P6Ub zJXOVGtI@R2B#TzpRwHX6}@8Rhi{g&>a@N z61M;;aEsw#mB8Gx5ef=+CjWoql&g?s_A-k#z%TnMxJO;d47_X;DIsDcaX1XVb#Q}mH; z7l_080LUF!PU5rsCpQplusdlnrG^bD78HA$(9;P&WP+J|dKuKqvKcwV6(ju7&zMl{7+>CXpp{gog$#XKKyPV0rr%k)B=6cSz}E-0f6 z`kM1hLvJfg;Z+5ku*kvMl%hQA#BvL73?$Nq^p#3SERt||myh`Jcg``v!m3$Y{gFqe za!fVZ_7pAhqeqwEFk7tQEC!|GQXyigM0wg&X}TEQtpdD{5org1Is8x4}oy} z3?`bCdLyV;ADx34Bof8!QLgB1<**OP(caPe=1joSz?5vEQ`{!(7WBScmkwSb>sPfi z1bS}fX?n$^-kc3@Z5F&K71A{g+mQu7pJs^DngIUF1J)c?1+}8Y6Sns+jL&lH3<8 zjYT+#=oY4y=}L1#t26`(=oNJYhSU^XB=c?zfPqa=$V=+hZ8~VWZD=a0(n6z{-GuDD z0C~RG{R+O5S@M{Vt~8lB%Qdn&XU~?lkEgefw-m3t`R`j_A#zdlrH=c$iWZKMlY0>j zrLKDns2!0)q#Z>3Lkn!Q^I?Y_^r0@z-#~0$1BmdFuPN|QZdwCR+=T`bkjou2S;<9s zNb}(38-mHEB}&cpPgnOfp`vW&M##uXCrlTnB`wS%CT(s!py;^MSehp+le*MOLdY@n&J#_Ax(g3v0Cy642%JQuo%)s^vs^5)h+c(_ z1?OP`6Xdd#V;2iWuvEd~B_fRbwU&v22x?sxPZPQ-BuuteLu%~(?Bv3nhX8@tOSb~Q z=Kz7X$fTsnu#$nXiLn-h>GYyCl>T_~QsjRTEqxGC1OmeZy&~Rv%xJ;et|iM#@V+)VjwRFjaDeQ=vz+BjoM#$5KDPh zjEpps8DL*v6zJ-jD(H|gPLu`)vGlAV@D{iZ zx=-Cfnfik5@LU`j~xMGS(nUHMA7v* zv2c(lhxs7W8P5%*SzvQTMFO^D-cZ$VG)*mn)U2;e)G+Psds><;^L$AC4~E^4)-Nl; zjCkj`3r1YpqnWuEhf-t5ljU})X&dqT4jPP+&$zg_Dvh@ilpO+%(e%F61-MuPa=|O= zkVbr$uDBN_lgPVJgS(!o{;3{~Ofcq*D0fEum$$oOE?#x;XJCzHJ$;O{pO;-lnL&8# zb_UdJTjW-2^_CAn_il`6?efnLfE6`yVDASDW^EZ&nb9`oV1ODtO`>cp^M!5WGg#K< z6X`r6?`Y}$TV)5<^)d%Jff}kV%1+tzc5yTBc6B?+cfEmhJ%$&4ou^Znk`eJ;?+RyP z)Y>>zDhRUJiH5rO4OpHq#I`w@}9``eU;_MZcVe z`s4*uMdp3KV10Ety(x{}?a0`oxK)i~07{v4se!78-M&COJREUzsoPORrpz^{)4^#) zbQqDQ^j+?`+i||#mv$K<{UNz*!aXcSpDWL3Rf5yT&t4xsV@RJX-^wPxgP~V{$i<4g zM!o||pV77ZhmN_-caipEbNFo`v<|yt^FAv+?EtuQqC7{ms##o-3-I(!X!a;ytq;hJ zcSZLXaRnDJy6>;h;q=b4cy#-Q8KqUiU}m}C)U|PHos@<)eP*>=B-#!QV4XR>x(m~m zuSoM^gpcY;k-7KjAJlzz(n9UwOc-w5SZ2!H5C<0dip=Jv(s>%NHVYBjp~3`<@u=&I0zC(dr4sqKECbDV*U?6v-*9k^7fCZpQ(@>w zf$eL1acqQNAX&h=M}f(S%U|DYiAyE(*$P?)_%DIH;WwZqvmUbux1&nBTpR~lyjeaGhSL(@jnceIC39qU5+#=VfBC9Fq^Q81dHS=q$lPJGA-+gB=P0jcCf z&`t(J`4t)z+ptvPvqEk(*nae3YT%cL+Xr9QMHA<$^g>9;Eu_NMK$$D&dc?lWkASVJ z1$b*4f8!RgE(1m`ZVI)vNdEro7Yij0Iw$R~>|YQ4pzl(e6au4Yz!#sL9Fc*@_oqRh z$59CxVqxk7gx$#M2B4m)1>f1g_O&|n+-C9II0k*DQ-Ra^Ua~sx#nlXHnql?~)aq_! zR4_NynzT-XnVCKcAL*Sgw^SWitc>0owC&;J_E$y`+ztgTyPct zckP+}TYKVO7p|gsWR5Ne$)NQskpr9!pMN+T*|Jmkj4Oi*hm#!uwIGp%UQcgaoi{tK zWQ(J3!gWzcvW*fvbxL{rPFvhGZeUx;D;VTbh`fGK!5epR-4#d_B?svEqyRcT;)2o< z=AQzdgysQ*XVYMR44(ZcaWb1cS&yE80SunG1=UCYx52a440|KP@M+u)!tWW$nl#zc zx|tslBaeLi+Y8CEXylf3iw4qv_!^7CFn{_QQ|_sP#|D774d8g^a5e^>(&$Toui;ku z`n}`sFJA+UsgVlcYuuZXxrykxNNXzaCr*R_y6d+ob(x()s$%Tjaa=neePmC&I*v-H z$tU`aCtH=z-PxZ6xTA!{k2Czlm+xpa5k_|8AY~vnU zJVaj1bIW%G-Dwc~+4QLn=>;@>`qL3x54U;4ei}%ii}w&C+x|-dN>CwKXBml?k>67F zr(HI-#f$t3PzwQns}}w<0m}C0%PRV7#jjXb!(v&9ZWqlyaSq0`7e>$5Q?Q(*h)js# z##Xb~Wu#r&tp(I4{Cf{MN?3j`#9qVq0sXveO$$G(Ia0fNX6LC)&Li%vOlE!`?>BG* z z=EnQ(O0c-z(yx_JV4v&vs?Ts-wSTs2x7c2uHt$80Gr;L{G{4u|sRO5V+^$3t^b-k_ zI)^(~?PwpILkBP&RXPS|*VlR!y_+RU$VHs?h#s8dqP_51Zx^& z+B#RdI4m;}#u;I91bg)!Rqt@$KDJkq#Ud{M80baJ*kXGw-ndrTAodt7>mZ|tl2p3I zEZJkC+uZH6)ruxRe-OP~&SXVYzz%mW-Hi(#cF#A2m&Xzl zIw&{N6NZ|mNKw||>{oF=BP|%i0ajg;tmDsJVLEs18if~TYy3h~O{LR4!TWvTd|^i> zRgdyr{!S7iEP<;W)=`6W0XFUYdqv5WJ#By%b0_o`8OE&4BkN)XE+hyXIS@a+8hb0H ze%9mp=O(EQexqQ*Wx4|~2orUOsO(Wp-i$aCrDSXY=EbaqnXLd4UYxE*&maoabT8*; z-dY_)gg70abC~>&!pQuXAvq?n9|bu>z1!~e;12MRYDc3UpcocaU~WpzaV*euJ4};I zBWeU7CmZA<31M^Kn>`rKtai2>E?ZM$OR1(!|i^9|vNylx6J!N%`LEg^t!62uks& z&tU$6#3-B2xUr+F6XNCamMP8T#4UQ=^BBQ1kF24d*eIBmJ915posf`P%HLOf$#MVY zSYu3o_9(wtY^(`k_K5=3%^I zIfNxhE;W}5lh7C(DKb-CmZ6P#RfhM%_XSNaDGF-G84KLX8}>l*-LXQtN4p07Dr=M; zM5>z!ELWUO-d@I=*}$sI1cRdf*u-V(Qpew0_8WctWYH)ZO&lxuCz?IJEE4(Ww8XFB zupT{Ybf(>ecQE7pv2TevT_TszYlCQqbYk%lpx`p4M>;~BNp$eX!j=cT0)A4c%4%Vq ziwj;qF@6*N?WNfAXTX!A{wG-epGR(S|J9TG^T_RA5Ula6j-n3Oc!VSi1ftQh)gfNQ z7JzG299&aEg~``I(kj;-GU=%sh0Pi)dhK5KZhGyeZwBKz$b1~m287X+Jawm$2upC3 z9fY*}xcYIm`Q<7L&4K38{)tYQ4(JekN z(dbT|K3S*n&5uEeK)9~YN{ATL(LRZ>jxWg?7k<*Gh9`J)?Kcr{g`{$*^xV%DoKKg?a)aBH)TDdmGEI%+>o5)D$bsmle)`ID<)8Yl5_sXc%C^oT5uzEDDll}QD^1rTj1em zSGbS4P$hoHyr#Akth>U_{)8D{h;wQkN9TIhZOIR^jw9Ol6lp6GkhflihY z6{1j7vUGKRjCfpyNxxaOXfA%NBd%z#E^gq&EC2GI6KC`=YQ5=dsztq!>8WpR4pBin z!R3LznK1Q&g@ePUOI`JFk{SMxT|{dm-fO2*V}QZFxl)iDA+n9yzn?=Sq_Vo0ao-D!-$14}=BH%uFX%aL;M zflu^yyubc+h5r^qkpYC;TuM6&H>LR+U5fq( z+kzn&*D(}*ZIWI&p-lnj0bEo@o6wj~%GTAR7gY|)w}8YgX=kc@r!MhFLOF}mlz3P) zRjXGEHy~CPVED#Kf;qN`;}zJ`VnjN4;laFI!^q$V<zI!R%OQro;O zupY6%I1v5WKXpI6r4GZ&`n7XFxDIOLEHYQ_>*9jsy@s z)wXqs<0Jy<&j8b#mR$--M!tjf8q-()6yF%|o+iGPh+0D}Zna0mJSI6zYH6cFU;g7^ z!_4bldX@rj*XoeV ziS^9DQrOUWfJ0Z0IxIqDs}}P#fWvVd)trrG-q_akNe=ZCwzk;ZO1gaks757FU$!~Y zN{I_TixOt$E;3YYNbYqwwAfdMct*E#Mc)jdE}=~h><@9ici}-!xBG{2F*zbo@({|S z`%|grkeGW+t($i^sQ2alv@1QYoSqu6?3W9vI4D59FLmvcd%df z>F7qtFMlv8E?efv2cU4%L;gGI%=fRD^v}eSzrqzr{`?DIPzwX5S6xg^{^tm>qU`TW zf!^BdLjx8~`pwY(+j;l~*JNru8Z?k~Dak)tPU4FPMA&fneUdT25Z*t1OXLX4N2`GN zV({f?aw4Opfxbq5`V)MuEkT4)eG-cbiwf55u-l%R!f70?)N=YD$w0g#a{Z48uMNe#&h^)%^8VZi`X6I`+ zmv4oA17ucYPNmi>MjXFtJ_pYM11)T!oeGH{eJT6aHk+BisW1nlGq+;(O9Ze>uM*5Y z>N}6W`m9apRwt5^Nh6jlob49Xsoclxf?f3pqVbB9=5@=YAy>Q)%D1EJe~ghn!Ek`iyhRAGVG@f1guS2YjhjM zRjK^VCpDS+i6?>{)kx)DPjCq8;J~;JBe0d)RJUARNT-h%ZR937z!*%oB5c1q0K(x^ z3v9dW2_FHC2l*tY&T1kX4U+6@3Rr*oyrGgFq2&*g>h?MduE+Z&Vl{&w33(W)&Latr z(L=SbgXNG}V<}le7G09xla!jQ7bK=ML{^-RoCat)Q#2%CvRH7HT&IRZl-5dTei|szkFB2aAxy$T*+SY}EL!KolJL1{oDieje~8qjA5 z_jMU_9}W(TXHHLFTkl3M1C)?qOCp-|0|C3(PH;d>d_qHE+62wYtX9Dw)GW3jFG?nb zfp8aiW$iU)<=TOaeIL(ngl`4K`k~Q1{7|L;UPzA~n?s%$4y{$DP2-z3JDi%J$^d#! zJyhqZHz9+U`p6+bnPHR6Rz{B$N&e#HYXy(fXo>(oV@CU}I-`t?Z_al!SAD8>5e=wf4`9My zT?u^-3tMXe(i0yCCywpk<{i&|syM?bG@Q>{s{D=#ZT!Vn+?41*`6bD!y zWeI~G8K$YR?9q=q?M&?Op{SzfO#&XY-$t-qB(6f+FiI>Q>O;;%Vvq}Lf08u@mmS!i zocDLbCX<|C=LHtxSK#auo9|31y5)XHQq<`;)?{D!me*A{=gso&lMxqt#HBwk!?N(S zgP4KvXhBp}?Lq7sUgQ3=W+COW9qCw3I4P|Fl>u=?FIpFgezxTX`Zl=?5BHr}LVq1! zkNzdSF|G!dz0D=F0t6`akEwS=fK8X#YGLI@|n@Ak53A2 z+=wYvE5GXR$c6fl%5+m`zGzHCM*Cn!cS%eN>7Y`R5nt2!I|`Z8+$X1j#d|F=DF^MV zdM0-d?&Q#@L2WKm$pvfjjrFn%GaJSo@QhyQ%o-GbCJZ_49fj;{gxaHqS(>NN7IQn3 ze`H?wi*AWP8RLY~m9KtXTuCETmX2iqwY1uSCnMbZGR2B6dOA?qA&aX?{)WVPvwnB1 z9@Pmm0&I#;!g$1$`yGMLXvc0tJc1RKvz^l4KCxrWO}sXMwmR{)9+6us?2y~h=xDV2 z_ktz;>7f!Y-!*CF=AS5$P~bs;^k=c+`CGC2?~$G6pNiFgMs`xA&urRHnCMfzD{AXt z{nrGqcKU~B(Qlb%iTOM|KLe>`;G#xzBL8{}1xUDJ@CeWd=iIM}46NB@4PS=5hqM*! zw{Ht_3XWG%`wCifNUjL(XKvlLCnO~%{CG;ogxCX(UxIF>Ap@sc#uqZAcZtYx7pGeIL)h}vq4GjwbE_+!n-IjSGDfl`XC zGJj{iJmHlMs45#nY`rASW$Wx58+j-E6pJZ0Q<>E`mX|Fb^Yt*EXDTScBcq&BNk)QB z#-kEIRaL?`Bvpm4#ALsTS&&bvzM-BI(YMTPIQ{^G2h}sP0}V9A+>d(8Q016vFr-43 zi&R_RpiZw63mX$fWlo(Jy{4a7|NYW2&)(Y8)IDw~48-^a z7Ne()1{s%gX3D)lBc5x{8Y5%QESgh|Uo}Z8tI#~sYY!tBlHk8_&U2xct-BZcm!EsY zP!z3;YKB)_@UWm}t2S66d(08((~?vm#n(b_B70y$G1tS#M!E_0Cvwp3Qi|pb+XLNI zh_~Q`@bv9Sx`EFy#U2au(C>nEQtXmtA>P&psoj(ZC2|n$vUbvapRlhxUDZ)XMc;)( zvXyj$v6XUzxMup96ZD8Rk3i}b77OacL5&LN$hP6iA*Q!%Q&fXem$zxC2i#I=xSXPB z(7|Jofm4eq^*TU|hze+-LHDFRoTz41A4$s)x{`CZM4G7UJMXjCMaRxK#OtU|uq$`) zYLaNrzGc?X7)lf5VlKjCmlr8#gfp?ZE~ky$d*zgig6*^{_j_PJn53gHKK!;wS!}`$zOXZqcy!JI|Cqk(s^V62g!UxdDDC0vwRUn|ekLD7hyZ?2z!(VuoWD zZ1P=`jJD6ktdb3JC#*N&F*Gpow0__$QR;3|Gt*iu(>fGgeH0BAw8VuC z)sNHF*z?-x?`^BmVo8ELVDv4LXhb1GLO^#j`k%HMn(Fb8Hl=06?&6xtN!3SwpCtfT zlVfLgkJuAw#}@L2vwX2d`S}|1;t}*5;-WuxH8j`aO9_>q(yBiu(3V7J=&;XAY@!&_ z%LvPHG2@oD!1+~0r*-wkNQur{tFd_A|e2iQf>(S8_r>F~l}hh2;ftN20|MCFwOT1rmr=>mX`z zJSA864@Q>PFzLS2x}!^lc9hg!G(d+Cu6)SYf0UI;lZX%$&PmmkC*Q`~(7zl%+cT@w zuew)?ftie1D8ilZC+6P7DbD#tNY9SB`)ZrkFdu_BXY)>Hh1%7|G_0rJ(PCC}bWlxK z%i(cuYp!V6?MT0@b9CW(voz28&=utdYxVlP;|;*&e0e`=uumkvA^4+;XYvV?EqxjQ zhQR+@6({|ta`Csh^gm_7J8nu6gz?kn{c^j}kall6ni`|s{6zMoUY#O|>IrlOa~yWT zXw+!1J0p@$fS~-|geo9x>gebo%aMQdmc00lMyjSk%>;3g&Q#$W` z#G4p=v7eK^<5r-EvRewweFzxl_jo%;rg-Me+~qPKNM(E! z!Ukh_+td+lAx7vp0TRVy04eS$0@V}~v%)(U*^ku6k6sw!gj^#pWLVnH`nleWXkr>1 zvdV^jz4_oZUKvF7$?fjc(lnLSt0)u-1>X?7qmrFIxoqFub40f9?*!(rrHL1J6cC4i`F+m=sBLa~&;So4aim^R#k zI`U+%G>`JYaNQB-m?XPA$<0KS-)c{^QqC@dRRf|c{rt&fcmdJAC^L0Y8k)w6#pr%L zf4mqzW@1Xl(ENnVRsQ&nH{`hvy$%mUf0o0#TFvTD>X|(t;C| zv64CMJQ!_Zqzn}LMsZ?ZHq%&=hQL|%C(rP#!q*?+N$7R#@%iGI;PAN3_3ISVLSYdC zv*Qf!vFn4Q?aQ^V?>n5{m!7ec0AfR+@+iRQUFg@{kSG(HpCbvN+M-c+H2Yt-*+@}I zQH>jWlj;JrvdnIaX#3*lz}5P#u`XLl_IWoB*DH{>QtJ>1#GmAcfxJj}4WV)w{D>G8 zXe^dX^H!Tpn1w^{^RHl;S;#sZVdE8;YZx0%?(^9W(a~8fWi=SW=2I9|hDIq}OgqYzX1|f2pT)499!n@n zH8IA+5=UhOqpi$U_MNXYD`?s|lhkOy0?@2H;=e~k#6P%R-h&NbF4$01?@p#QSJ9t@ zT%CNz)Lh;X*S6Kcz5*JV>wu3;|LPl3@|;&TWSsxe>6`%(C9G`^;Wmvx)MLY%kC z458g;<&g;7TaY$XA+k+s`Z{Fl6F@?4ylT#VP}Xw^@0cS>P9UCGqc zW~vM|QF7wtA;RuQubD-@Mmw!5bWzQMKvi~{)F57ZuC_!WM2!!kOL#X*`aw!WhG_BYIFW48t@_<8`<{VX<;tP${d_R zM??{a2?&9ab6`Beviz5jhCCd=uk2lGRva58z}O2XdzBYuykRsl=af5+?0wp41EUpI zTtF(Tw$u_u*CG`ZK~*kyR;)Dx3`&5bi~YP|l*kKsyV@ldSu$mmp41h9c~CYvj7sBO|4+HR>G8l9b_>(jkD zjgwe7yBLB`70A%gd2U4S8^vx3sLwD6{t{M*GVf`nt%1f{YPkR?nIvU3;&Zb8wuvmm z1r}p9Z;%EGeeiT47*}WWgb^Sxy+pQ^ltNn zNf6F-4naOR&i=ofX6cEri|%^(+q zc@hSPf>k`&=Q>!I8e;Gg%bZz$@d+Ie#bc?iQQtC@ld(2ARC;+XC zZM@?^bE;)*kq0S&3<@%DtMSNkWRZVhPTd)~H&)I!yg3CQ+Usijq7}hYufAs=u#_dh9ti8U=yEObQyNcvN;2pL4hP{_qwv{6mSMsu4cei_B*f{z4 zP`OLljjZl@Qexe|vMGV}h3Ou|Jwb?BgnQwnH>&oK<#OoLIj~bWL(|+DK9F=pa16hH zf*4ASQ91?Sl|4iqq}!aXL^qpidKXsfzS!a(wUtHQENiYaQoUx@seu%oCQuzEDovQ0 z&nOy?Ujpelsu2O!QW?yhLpyDk!MRxqeNaEJJI#c0f# zIT_y8xv6rfWj)FslU!5#hTU+bf7)hJk7|ZKBI2!-|*Y4SB=7uOMXuKq`EJFCOb+lo4AkcN; zRvHv8n$p$`ks#qHh5=L9?6ijFRtWK|(`KM)CJ5#@?Zr}>^T8=}PV_9{(SW?u1UmD~ zM)USr+NsBnkmBQL(FEEt$y10f>no3|u4}%ow_J?sFDJd3Ku)_s0gqriec@y``#_95 z6d|F&ZkVwYZY;f1P>eiZLq>+|=3~i$)dL?RryvH;0)2Q+M<~Gv6mNFFoPmk)^6ia? z4ZYQUIlH;F;0cz4+>?vgRr2v#i!DL(`sz2c*BD@m>NOoZ^LiWnWqB_WD620ObRu=g zPPI>M@J$6w7e%+5jwM&=Ci=_rex|`4?d|jW(i40)b;vc?jdvDCAqFZ>#SSMF^~>a# z1Z^@VgW}6(M)GnMUW&0M^5TcGWXnr}CRbGnnQ|77)7v;~D8__}+Q0;yvzq2NLykI_dh zVE^nFMD0NPW$N7TYaTt1B30`z&FlnL%dD64@loQ*6u_{Pos*5DxLVRu2S3KtrqU;@ zi<>$=m%M~RQCJYBffYfOK`F@ebY8+~?`YwXX>7iLyf$8TdQD#=&LtE(LgT0yFv6D3 z7&9g;oVjTJr79)tV$I+LLdLTsU4qO7H}*WnQ)8#nL{@@#Xw1;AbXkNL;Z&(uWRk1j zc%el)DCGW?xjm6*t2G6w4lczwxt7J|G^45m7P-B@Xdd&d3^u#0Qlid*37b0pdB2(k zid|WLh+8-_LsFKWA{Nd#YC@vgER#MHevg5_IxMr@Q=4V*SvmD6|!ce!XBS4H})%)TVT36v-~-l z>P)QVjf|DiCJGCk%AQIZy5>tPlJr?xH2y*3VR9#BDU*Bo@kW5TNhqVq2^5;z4T=9$ zB(zWE9(n&p?w%=?PX7#9rOPDbW-3!`5!m*p&u60ovtj536z?D`e7X%qDh9RM4Gdb( zU=3zwONEiDr+*=T`r=3v>2=#=VNU%qQeB-%0@TO{BS|tOXBQny|LdO4Zr=p7Pn7{~ zkHW21Xa1hbTTH4{ybW5L?7J9*ou2n$_{U91G)9iO z5*vG0O+7q``CYKJt@XkYD7$v{nKTRR-ZZ|n5=k0z>Ga_792ZH-kLE-!xia;Qj$ z9x&lvogw$iLPCwWf@ATSMSJ-TQx`~ytluP88^R=;yE1~S!*r6r13@nc^LKkj(GqWL zQ)Q@fF=x1_fVwNoiWw3Ki$?T`n~$k~MDNV-Vv;s?M!WuKM4qZks`gULCt0C)A(L9g zr$h3&oRVRj=l)u9VSc^r`t@m7?A@BmDzfy$NboJ_n_6f&1KsI zx0Llm&)oq>EtFDlud~`3U2&bv4Sp*B%zZStsHOH^+s^1>rxjQy=2u)D>V$ltXbkPf z^+8!ia@e{(gy|996=~}1@>urMk*z2EPZ5gayPsau?)yAGJrlW2uXH(ZNy+=PB*()d zhZp_Gum&yX@7g@Kb~-LlKJBeWghH6W@d2&a{UD7B;@o)J*J0Z6#(kTs`(bJf!eCw^ zVWz>w7&Q>SvV>k zjAM0To1fuEEz@NSPMI$@iewxN#8Wq@yKHf4`CyyoH?7#;!Y-OwR{@F+(Rs;vk%O~D zSc9D=j%(v7Ug+|!X2}*&g7uuhsV&qT()xZin56*ar(XNH!p79L8TbKfPCok92 z7Fw8NU6BsFH)ImefrMNm=DadE9Wr!vh=Xe6htFZd{904p83*HVdj(A{D95L&2bs?h z)ri$=cJZS)@>(+xhE&*5@oyQN0I#UeURheItYl_xEgOw}IQP|DfiK{kC)Sd}0bA3% zi8@>l*WhhCs?B=v^HqS>nDPvcnxfS#_a*i4$JsA}O9|}XhgbzFx6U(G`t$Mf#(XOC zl|0Sh2bq^yuVp0VIbwxfnsiS;SHBR4DyDTEycDi3o+525wR%Er@=i{#_5NC!2pcj{ zYJqCP)toqO;M+8s^|0i|?asTvDogucRiC1(9V_sXL*2Q?9kX@!AV~xZ;1`zcN5;6t zQB1I+e`dxeY2h7oCE3L#d2)DS$!$7YLmGaAS`q!J7j;n3N1ktq!$*sfRb7pR*V+OMw2N$QV*o-lN1uTpRik;c2`yG#K(AdW-$Up zAzJEicZRcT4h!@%luwdmboKLC>#>;QU+CcMYYHy+u1k5TZUTS zbYarE*U~Vfq&Ue8Aduu~pj5q>e{ndT-thE2o@C(n_5Og~VdR2)GJ96H{T{GPbJlv^ z&r9&=-3XRq<-#F9LgilcHGVEs)wE2&GcKJ2_qeP%Z)`z1{ifzc2}mx(jd&I}>aY$L zC4G1|hm|W@qk?}S%aiV=(3AJ*%+6N)e&Qkf}8Hu!}vx`y?)Py4A(`^t_rrNh7GZZ zF_#uKVcPR zY)5tFkIBFA3oHnxv*M*%q6L`PFm4@Ph2g1Gmz z0WJ##rkJZyVDotmKmt;+v<92Pwe*UZhxFqED459UBPOv*8Fcp+mH7_NESf$jEpk7? z79$6SfH9?U==^}G)oHOFKJauX@w%0qs@}o>fN^q^zjxPt!Z_4_gK_>F-}^_N$6u?n zzkA&lsmeIwh#-2CP-}X!Ivk{tlA`y4?v64EGhuS~5fK_uk5VwIi^}#NTd=0ARJtg2 zP*Zg)fI;khf#B!``T$Y+UdV9+@}z*uTabJJov;rLF(p0I>GR%xZ20Su-}eJd4~Z5} zqLWQ2}?HR=mtvULknGD<>opocrb_@~b zfrdZZltazF%fzPVQeAM`k~`+cL95?(y^qSjT7$(qn=oX~#qbV2)Cw;YS=C?43xcGsEeoH#^)b)jQ3BG0%hzBCu-8 zw$O9)H)G&o7v9gfk(p`7P_Hfs8pa8P3V{*hW;i*2l*xnD9q35X!)y>XzI`;BO)Cjv zH0w9F(xR1&wU!q`<`5W4Hdl99ClPQ7lOKVr)Sh55s{9tF9MQCyvtDHA5xhGtGxE#m zW?`P{$)}@;2}&P(%kay<_(?Wi8%(66#(|FxTO=&A7-3nMO3P(>zR_4$tSbiHHBK&$ z(?e+r5L%VVGdf;$000V0zpZ7|(Q^hxw7}vb;rOTFJbC%nsW`%$DrZi=d5lt8Nw|HgCtc!<9QL~`U-q_lCZM&>VXeZ|QR zCue|nq&sD;ZG5=K3yaKLNd#Hq&*C{VTqO6~6Ms&?GO`BJ*{_R!f-oZjy$kkwVh$<4o>oq1mcV z6}{XliYwurEY6+5q>;=F#MA$}(f(}lIi%g>ia*Vapno7knGUqd!S8cGr}e z->&$y>`3<@9jOyi+Z*2){1Z0T=;dg`{bW!K|IK;ozwaA@f13UO*FNDd+*sLM4(0Qn zsF{%FZU)m7K$4e_vtbJ8K;&CZ3M!l%Ou*hNF;7n-8h}k7x>P&G$Xp#H*okG@VrSN_ zjigPyr+wUXobGCQ?D`|Y47fH>4S8=gl0qEvwvA#hFNmU(16EHQ7c0af z*=eX*B~x&91$K&457N|;HAH-jM+M7-DkHDkp8l-dxpL9DzL44kFlQN2bnC4b#bJtV zPopMXL7CejOsYj!k}7pHRCHdtj8C~r(gn?adeCB3}aUaSdkCR*P{ zJntwpm}UQh*a@7`R;{ooXu$bUG% zj5LGd=AR1N(6zd~JhK!sAdi{+3n~3%*i08~>#Oku6J?fk?9S696aTZeDt@K*wWN%? zs?T+()7Byn;EI^hRuz}Nkz3@qel~tL#}meGEN%izu^IV-^fi9|Gy1Bl zW)K6QUp5AX!aFUl3nG&nMVu7!GJ ztb_HioC6qI$RTuLc-TiEHJ)A8ZC=Eqip*9tMEYH}aC+B){S>tNN^q>LK5hDR*0rjA z9YmpMnk*#>RA0h}nlqc+@>vzM_Hy7W!~F=V7ORIcK1k)3lhj|ToEzUcWhx-w=+ESQ z|3t8AfD1+4KglLp|0+xR=jDg9%^#wq|GdP(@d{GFf`}u(E!T=PG|(3Tn7rahjrUfd zNZ!J+$2u36P(DrgFJHV%&89l;y;^ZR4@dZQ8S;ZDrU7{oyu|LFWO?CZtpj81r7{_jQ0-);IMQDYWj^wL*H z+F!Z-1gsgo*kR2NK(X6=A}d(HK%sG^-U9PSBfk%BGP#1e;Zom~M?oKhD^*mYLw(w= z@>1s#LE@C^qdfiTbiqlK_nZ8)QGxnbj?cd@BLBx{_0L75cV^tDQqaa>HmHiLbzGjV6?4S?Gt~M`?M3%SoyfD*RScbiO#zuN&7I zpZPfx+O~R}B`Nd=?q`z{$*_8}I#R{WhG0PCGsBk_77&G=l=eAp63~E(E#4M7nt{4+ z>tWuZ(JW&5sXt+e5cHk z1Lw(b@@#q^ukTqMYOMb3?Y}kpNSCNnxj8;nYj!sqB`jX6u44 zN(b(^CFEKfSaPp>bjm-aOjY0V<#N&N^ivHH9nvDaEX8GNPJcdS$e0tx`btH`SF=eIcWH>LA&BgnD(HxsT`-31_`;oYgSt5-0~*yeb+3 z#m9{r(5VK=`KKM<+DchxQiGtCoPlNH6}h37TZnPJvJmZ{)f3bo%`h7L4bmTOD&PMm z{R$5zlK-qn|MNrm`J1hSDg9?iy}1*;!=Jo9`oDIX|0{~sTR}z+_%n(%I5^mugxcr! zFd9T}Pcol88Y4d(%0pnFO8|syg6;~UM+zl69KzR+f1E>mWe_u!?NVCTR7cm8k8gVm z$jM$_7~K<`<>I{bq?8Gh`ikX!)H!%Y{?hYfF-NQ#_R@9|fAA=Z$d?YPThFXfv0x1V zUUe)33Mix3w#T6r?e94z35|2u#&I+q^)8!+Dh+1FV({zhR7K?th43dVyqzK0BSIEj zy-3K|Qw|CgcJ5lzDOhj4Ble}KF7%j|=7>4+8j?6D;&$m2XkWlVn(hn_$3FY&Fq%0# zr&n4OsaIO4tyt$n<L$s$m0lYL~!AM)0Q@7uj?X!<0V=^Igaz(B1ppGuRHa7<4E! zNbu)1gnLGHtaYv)bL)9xXjYM?4QPs?LwFn#(4{{`XbUXl)(8S_JW!+llG3HL1)%4ZI2OkL%@06BhsqewVWiHX1SRATlU{!>`6V3~S z@xlJ)&*45`x+nAZm#l0p zw;+$|b2WTHVI1YZuPrR!!k7+%>V$%e18~A22q7ItD2`&1l$2_Zf$Ztc4NUkVY4BDU z&Oh$97Nej8zE;@vm~*#r%yYc4@M%5Oa{XnG!Y=F%a|AS&O**52oF~U1B9vfZ%E)sW zIOLcIS=_;`FK~n<6bnD#GUxCn0TAIY-=AMD>7j{4jaJs*YkbsD*3xDiqGzMDfn=xx zP&F{Ow$xe_0W6@vPKmTtMu@7UVh-1Ul37;}mmj9lRZ%OBg&mR^0<@$i5&di8#%FxR z(H8E4Ck^!diR4qFqLdYdwKW^;3yo+F^y==(`mb?Nm|2RNSQ8dg5>?9NH#L**jqO#4 zqzFrrg^fiPjUBa_Jt#J|@Byzy6tG@pInXLb=gJD(O}l}|1s68CqGz3$L|BX!h&@TU z<~@8vS`r$`(OBTF6rDn!5;>+*>~V7s&SniVHEC5i2{n zjpqV5?fDf*EE}h@?q7}qAzQo1PyBkrU`~07`ZwT& zfxjyur7AL&LC%h0wEJfzP16-srV!yYl(4?mJSpL#*TF|;U*;#k2UXj${rE$uFG5AW*)e9 zBvJdto0D<-tYHqVwrfk3O5C#c@v@9rvCm1KJG}goQuInB zkitIxufR6^KhbnT04&!lKfF>dI1Qu*A}a$K{S<`F8;f{}uhq3RH|7PpQEskdW*xp< zfdWryBJ401F@-LwV!xW9H-zD%)Ja_BGaT)c)v$hm{ZUAS{HLAiKM|G3f9((dp8NJc zU*M-lzpbmjft9f%sgl#D+==urXWeMUKddTIv#hgLo#FiF!6~`~7uYbM$Pa4kI!KGQfLfrPve_A0|qK#-;+x%oU@rZ2FreLjAD zMpZFIP#JBg)CGA0rE&BKi}WDfL&<2gNrOQk=D*xEmaLBy!XCMqtv3WXG6-G-%TZr)vdKl{nhNC_8m z8A5P>-$0aI&aGnvf$#cDmj7lO+MfXj!-PNu^GFAx+c-3jBW-sq=;P;tS$qOlZ9%v1 z+CgCJrLR+%{>wmb{Uh!!kvHY7yd9;XTgrLpAa7VQ3xyk@Apn4$iQNopMN&c(i#u?n z43EWDyfa3@z?0*|uI5IsHh5U|mMYxcM&@JhQlf02o^>CotDP_&(CD#hqXM^3$*$|f z9rEM!swtNMlV0oc-KI%}dGtLgm3T>0Ccj2o->^k^MkNH3nFVcfoio8i3X-Z97m`Zkhzop!AXq{ zxI}-=;t)I6JGada1o{p0^32;D=6R$UP-J1&cRU5(Os4O$!GSDOWNYzIH7m+ziNn z!-maV4Ih*=x{kEjj^ix(kDy6W2j+@stok zZ`n#wqI){1cFX#yq1mB?lY<#vVdY62r1JuVn1Y>i_PrE`*qXcPq|lqS7Ve6`Z7<*8 z!EGMeb zdAm=a8_+y6blfM70{UZ2dNv|toZB=ODp22d1VeEu(ZH9{lul3=Ik)Y+1#zwX-A3=B zt5qIoN8t6iF|Z+^JJ@^>Dbv_04Tg+Y>uFI}V{B~O@bcPAegDJYU}H9 zR)iKq39Y@Gl;e*Jj8jmZTWH5_&C_?Z3QVIm01d9xM5OMCx?kCT>Qge$Yg5ejP773L@xF6s-o9(A zsMK+)%!+g_bLY-jW}zzA_%)^>;^w%(kF{v_;(~~CsLrDO5P_~}SJa0MWjfSVP5yAX zc*6nZXV1Dz1g1`E@DC*0o4qFh?mQNrFEYx$c^;pJNPn3=HY;y>E+?a>n~j~Fy!1g) zYVj~*#wu%u?8+#O;L|6w;RXZGcWB$`4ez)7>N~!-jJ}&8|7sa_eFvM37xblUaB+)i zknQ^NscIC>gnP4U3aW|zLo7s{9E@YUN5yE<^x!@bC7?N{gy?4p* zMYpt+!DEY1(v}1SwhXC?=f(zRyIRhy>;(5Ws#gr)Sh*O&`3&Mpj9PWMmg4JLw>m-&GHO3k~A_%6#&(`ukh_ z=|pW`m_s!WpaS2l9oT)<7$E1>30X^4O|SMjhBr~yo*Tae|R6nAoM8PP{^DF^4E_szBfLIBjw&J)eGQg##ee1}5Ag@%Cx4|q9x9V4we zAXzXW3@F$G?RO}*#4j>~>$a$UnGFdz1vN*ThY+^UhGt+c!+cq>qlP$VJmLq5j60s~ zFn08}QvFNI{xyPX$EKj7{7^Xl(A9K-a&qwp8%2AZF^&=8EE6hd*mGvs2N+n_!1mO$ z58a3altf*v_?1M3GN-QK$4j4f1XnJVji&Z3Xc;?g=ho^{WK>6*pHlw`Nh5^u()=Th z_v2rA|NpOD*%0s|_q4u66%7G5A6=IfVbsAh@6L$EwzmPO;zd`kr-Yh?Q5 zR1NFmML}8Uo?u@_Hy|0W&btD{mEr&hDpjeNn%EiMN1fNBk(o%_FXgKa^1W~n?Dm%E z?v?7T*80hLPb>)v4^jHhf_G6phdPtS+b~RMV?I@N-h**9DilrWt3(APFA+J-yzq%TbM1B#cLy@^(I73jm zmw?UJe`3{^u#UFM$Pp|{{+~s5)YcQ5R?#7Z7>BfkmXF2!cL5-Z5UWfcSGYZ7UN<~6 zLn@4ZfI}kO(=6#5YMqV#z!2Vsvpqs4td`Q!P%S6ej8OXSZ6QWm;hu#I|Bp3a31wP@ zUqdMs$Q{|^q4tT^#U8_%1Vin8J!$LCf8M@A|mH2F$|NE~5VrYMZ@{epa~ki+3(Z&l^D zKm87jI*DMoI^pV1g)nZHMRDtPJ!Z$NF2@;8X4j9m_gj=+ZyvQgeJK&-Ls(TiDG}^- zXqyRXks&-~v_&HaF>q%vI53%z#ZkoO8LWs+M*h9_scaDM9)5I?-(V`bnlXnx2I7lR z+4$CYt`wL*wI`5l10;0auHClL>(}w@I!1V7j9{&G_sTv2S$;Z3u`HZ)5mJZOO$q>JDSrVM{=)xAX}&8tFqaB z_((YC_nzWvG3UF)xh_<<+x^)Qi^<+o=vbB#g0O$KR^)+c1JF6cuNYC$HA8S_yI8S@ zLBJ4LdHM}KDnvFLwXZDQ0!r#1qVk^k5eDQn9K3$Cxyk6LaqhVgK8V4dvvgi*WZq9( z-ZyVDKTvcr!6Mund5Vh~QqUBx@1kNhK64yknvIub=m+@<<4NR*v`|_WOBf2L^A(Hs zBp*@g#>r>NRDPXFXWGbE|i80WNSp-ytMG{PH(-X%c_fxl;8avp|bQKh{bR zqP5;bdBRxglE%6dW$_MPfB{sMXrqRvBgVWASvzR;?n~AKiK4z~$1Tp790j`%k$ZqL z^V*s2r@9b!+%%~)gHNy+%UVGtA8Rop^e zGF2#L%J+}alHCh1!u^SWA^j^xN&3&=&Y$#ICHK#8+P^feGP0lfZwjzki%k{30&{3| zcv@2Vcs!AXVcF}jZC7jcc zSUr(zX?&BaL34PvD5*Nn$#&24V96nB^W*JD>xlUt$(Wk`LrRC+ofY1ztzE|T5v{U1JE z17~w9BVz|gdO;f-+dpP+BccEN<*!foGe7Io#Ns1_6h26>jcTntZwWa;@2m(z(3}x$ zC_yhVOr(lS8k~tCJ`BdwSlXc6d5DUT)1XLKtcHHF2RGHp6xrI5?RN($PB44cd@KaBZN^9I@^UW+o^G z>-@Bsy5kg*6p%OSqt>(4qxRvuqYM$Hn64x-r)g0o5BDy=x#vCE6{{a`b;wW3rIOvx z)Re_8RhDU1{75*)Ts|ud%E_{B%dv2eEI&O*MqOd&dC#y-L)(mJ;Iiee_`$l()LFT& zm2%bkBSU*`%8Jpgf_i=~j~YC=n6xmV#+?TDTElhxtiBAUwz)VX zvfME2k&F3E1x~HME#*td;b}}!#*f3A-@c5=u`;>T#J`qu57pMv1F9-_Aim)seAmSI|qjjukrC|jsm{oY`< z`=nyMK95R$YHr_mi0~;tDHBw!ev#11G}N>5@p;thedPgE_;qBi{>plK(HNa$I_f$L zta8Kcz$mOxBM)N&{ikZU0YMEltW2otwPb~lN;xDG@-q7!-&IU;M@()yIJbXYXc8;S zm=UKBYOwFBT5ng9mY*5&=6z**GhUcQ&PWT1sc~;kbn8zb+qgW+mtdk0&Y$ZrWMV`0 zf)o4yIQt5(y3-}w1b26LC%8j!cXxMpx8QJacXtWy1b24`9-QFrkaxQK&VAE&rn}#I zYw`O7IA7H++qFwYUnZFYTN(u-L)EfegpB&Y2yxA+-SkL@yY(UChI*}WXEK5hq4Zh6 zsYdRMX&oPaYUVYN3NE{ab_gK&{iAb?aE;~J5iP|uU&mL{{CS6d$6n~{EY#1>t0gdD zjGk>~p5!_*n>>u=X9DzMV7}J^;BNKB{OPctEpbo@H;_rc)$s%_Xc`Vm)9)HPh>zlI zjc;!7`aP-Hl$Lm*e4<>V*F)~wcDF!Ws}qg7T+Yk&N5ba}*!3a%hW-sce%y=_pZo$% z&RO=-Hl-fn{AvNCNaY#Rg%|!-yp`Yp5t30plDA!m!Ji$G*&f<~MQQ z?HloP#q)HR&o?NA=^sUMh@U~?`yQq7B%^-;u)MFa5o}ACwc~Dpm%?HjCEp~F?!XWn z>7D2c5nCd3OjLzn+(E&ppU;IE#NvxYA(xr1!75}xRUs^|zZxd%ICPAGU?wr07ysfwAkiLU*OS;-O|A4Q&{gOt&oU*D^ybY1F{lPd~ ze4D@t48V9#u7p=>_(q29q!4uHa*IeM9siN4*!*Z4xW+6Ix)+amv_V&74F6Nf<-?m0 zrP{J4pu|sXxcOKlDG!pusN2|~+@ETJi=YrC^^mhY#MmGF%b?=@m6Oge{Q1{m#o~cH zlk5Z>JEyA6K>Q+Z(I4+B|ZR`H>m&i(lG1)9)JFgugb2#l<1F9!=DjWS=V_^ z0f`S2B;X5Cao`qsQ*x}7mi|u{Jf8cAdqM8AGWn0yWZA4g*U9{%fMT^jqzR9uc?t`G z6Px{3j{GE$LSuq+JNAyltc{MRyO%Zj4<{ZKg8iiMmUNXGvq;0cXjU}GI0+VI78M$* zSHZ+>hFmGYHb%|j19lRPlq4rl1s2as_BhwYymJ=aeN53=r;ynrTbClUv|PtCe@rnm%#RZHAqLp;JQ z@aAP{846p`pj9hcT@%OA|S8GLvdLA7>7SyY{(r02spU z*6{fKh+x3;ITa?8TfzG>{h3E;8i%a+83D*%t~=w^Yw*uzDy$eH9+tV@?-pYFPgYQ} zC+z`8H@4FEnmO4X(o3fCg6xqUt;4ms&{oBYlryiCz{M+F2Xb^IE-4)z6QM?BcUa$khjDY0Ng!AfH|6)qi-zCT# z+atr{u)NcTIkq@hZ25m1`2K*AQ!?lc01ZRHLzZ9-M)6DhqFRms^_|{*0@{Q}=*o_f z&}qY5I6@+SHzo~_kzS??%+{ZV7i2M}lF|jkfRrX_y2&U30hD-H$GZ_%!V{m|6$Bff zYS0y^Z#2q_rmw=y;x=7oVkIP8)wRh`FyAqgzjw6X!5(~C12n!%5FLqfk;9IaMq%8>;YHbiZ zJ~9zB^(~kia-Gl>y%|#>@wCNPHdAJml)_^r%L2X;1HO)9t2jI{&nVklaH>!X=-oF) znm;%==%nrzHozpW4y==CctvaqK znjgiANunui00|Q9;wp_K3|PJzY4nf+p)$rv|in%dAYdtZ8s`G`I}+ch#f zFaP$#{*v&KaDgY292&Z$oRHc5;M_U4&G}-T=V|vs-yial009lmkrJ?c6%nNxvZu@B zLlc^XwKNc??tu94a*4h4qR?l5j31cLbf(Bpv*Z4zFt6J+v{BL2-_wlMhrO||AsT8xqG=MBQiVUo7&kAQQ-hz>)|sCS zKL@v81u#Qn)5f&cr*2c-FdW&V^JeJOCoO2SYhPz)Bh{_`IfT%X?Xtv}@>H$Hvi_2? zdt|yXqnpjsa=e8ZPF_b2>{>qMPtsMe}+{m`6m)R|nQPi)2=J+t1j zwiIT0n3KgNIc~8o89hTE*JEZ4i%X2aC@a;LXnxcRD_!Ojyx(pQbh`jaXjLm`mT?it zy8Spfbs0ao3w}!r*Y7HBRc%+KPA!yS9bvDS%2R!DY7kZf7oSMQJfMZ;)V}*ETp(*~ zw7);`8(fRBsZwNc_pDg_&nvh-wYImsKEzJAk;hP8h9mEigC(2QPaDW)b^0w5xi<^T zukctUD5KTxN9Sg+-wgR5tnQs7q^X(06L%?T|}%ZouTHS zxQ0sIm#8RvRST-|va;_VQ|l^?5LMB+?^S)m$g+zMtL_7BDSWO~mB^=T7>m5*;fw2W zTOGufDB7|2tV3r7rhfgh8+GW?w8T|id(PLptTQt-x7GHRcq6IeDj1?3k2p)Y{-(Zp zh@J{)D9pUgT~fH2eG?PSrikb52!MCB!rrSm*n0w9_EtHHj+e1#@)4Rl4lny?n_AQ2 zdahD1j3R;I7@;>#)LA7$e$F;Y!dhxAx0~5GMkK%@Aj$VpTC$ty67?&HN92&-w9^L^ zz9L096wJJ(Sr6P)z9mN;;v@qt;!1&_pMBUeg#)Z&GLEs9MKSm312T`|)K_X3a||+- z(Dtcd3Gbi$k;T*Y-1a!YqIUl%5y%Omj$yKlij#iJd<_}*Nk`$)PV6D$<6@0sceZCY~q z=5w^N?fJ#cQMU?)v1kT?1{tKp~?*1xEW;-zAf4D`)5@yZjiRwkqHBHLs2n%|{swJy_^Sm_FdMT!JCKruq1( zP5!U3E)|RXSl^>qn$8B?M4aMQ#0TpsF6WEvx3|L=`49HB$Rs_5A7X`hd*?q)3#nZ3 z_E>#k6SCFEJwt#>p8WbL-zy6N&9JL5+ACH6HtCJX8(KYu+ftuG*Rp9kY_Ni79(&uB zvZ;=9T2sPeH;IiIxl@M{)Rg6loxNN&sE~P!bivjxs-Ci(PtN4vDKp#oNfRKFp@G)a z`PH9Hy46FU^I)1YxsBNM3L|l*edRb+e))`@viIc-w8p){m{iveo5ZeZhw0Y|1+T30 znmXm`)=VqcY0NU<@&ik7NSz2YOfA7SxE_kzd0iKf9;d|c2$<>mH3yBG2x_tusLzc( z#nd+`FC(88nasmV;X3zo0m<#ctIAO{CeLVMhmGwb&$TWF=U3KyCdd-epxI=-M~)tY)IGKo<*BQ#o%l|iPqEate(1z@b-3KymR|3UAR$qf);Sqp}C0u$L{OUfhtP0MS2Wukwxr0|TXdj49bA z!|Et+Ct6>Vb3kDHz7UcxxeT$9OywV|x^@nq9D92D`askMfMfEdxiIdNgjhndAedp- zuSr!pgb{b@R4|&{zeb&pH0WPSrZSPC z9gBr68!tWBls1c5Kl1aIz8~0?t{Y*o#xKp`J(^9Uew4m}UfWdr8EIsm zmHS=fRfj5wG5??=4Q}v4?n3Lr4wgTxMcvI}bEEs~s9Kp1K4%)~o3iRMNfex-M`}~r zO)AgBLadA|0aZt%y}N#F@pF7gKjW41wy*rv6R+^kEnHKL*>B0Yh7xqG!h;S90frKi{QQ(;0P5Z z9IYt~F}H4zH*^&65B~ZA+9gpC0j#V{zcqBISl}8bPPGBoMcT~IW&GdXftL?RtGH_& z=L15tF;ejN9M}5rA>HeYwsS&W;09gyD=mVE_3cj?(N=qNOsL$G88~*gs~7m{P87}Z zac@IfNE?}7=rqIcRYzuyA-sAJjZk*RVvFuWhTV<#&m{4$Q){SyJ$kn58dLrJ{!n}l z)_xWdcT{NO2sibb zXP=-%Gz%3v!8_w5Ce5y*3w zF7PgU0v2NImIW-2$c1`d>kh&>b0wCPv?weKz@O(nil50Gpop>oV1pwyq$YGrlI;>n zj13ZJs8&=b;zD*(6_;;6B(rRsDsp%iWM;ccd+QV)d7*4Pg8pWADb@?JxIml3`BPQ& zpYZZeb^X7>jMnqUaC2 z+)F^hKvx)~$I*}YpkX*z#fjJ$tc*9%_lPhi^<4*^1Iy=xUi^`|9nEU+{_F0mNrOnG zicF1`KpWSV9m*2h?GMQ-$Y{j zgRQ*Pslq|{=rMogUP6_#c<_*!$KAD9xT%|kF zVY*#q8CVqxqZ!@nit?a9MMv3)X^NOnT2wJ)a$!&$Qy`2yZIU3RN0d!6{JN12nKqh- zV;{H2jbdMfZ|Voj$C8OiDDSiI}=3u*mz&Grv@Do+Vf~L470eM2IpBCxj7c)!>C0lD(*&@4S z+U1>gG_$V1#x3>HWQU%q_8zzep(e>Ia5YQ9Yny>cFW5MTj%1^>wZ`Cr^-ow+{m|3E zEd$qAd=3aPZrXhqP0PRitZ|&_bhOvJ&Tgz70cEDA~ zevffoS+vTIv~7z=4O$EZc=;|Bf&qr!@SvUrcKacQ3h6dRM^$HW*{9 zm_AjAN&yPZnVL8NdrcUk4^-I9<43%Bj;E1_8N`_TJ;`uA6*h07^ZVPh|NF_qua5Wm zZvPve50F>V@E_A~l+x5|^9+$w00iKeY{BIGQL&XH2GLd@y9Lw17P%~gB}Q_44cZu%A@z4ML2?1i<=Y(yA<&ub4Ji;68Qr_RTRDOM`pYTEv@U zH)5~>M0dw7ivjV6ous4Qycsl@^xoS?ZiFq)MTKJtnl#w32TQfQfaDf3U`~2k z5Bjfn7^IZK+U?cn#GLedI*&GvgN*Lo&kPT>pBPFoy-5?7cHOdEtUzhHP3aiM!^B)_ zR(?CmL_4Zb4rqtyBfl6rr(@BswX}X7tLL($V>+MmZsL@!6_rFs$=J;#6%buJXAICz zf^D=5;q@dq)wW_Fl*Ug@%dE$+DV%UxHmRXeUS=4ifp67}T$J?WsNA&S^th5zc3KV7 zRTppft0^0<_pBLjDir6Fo#iXxSBYV~DOi^+ci0mT zSbmJ}H(Tu*6t=3v!#%gr#zMpLWOvH1GQ*Z55lrJ-^W1WVQsN8h zo$>9ZZJi&%`_qdnaGBfMEe}ybo`RP>vmc5VYOITGJg>%nrm;+#`m?)Jnzsa%BS`PC z*w8V|!v<{rnw`-$AQ{$c zeDiHk<>uO<`e-xw5>PsaXg|YdKU&Fu?6y>!X5ndi^16%pF|zVf0AbYtvRfP^ZVT5I zrMrlvh>NXwBX~#E{6dD4C(rvM1$jKqxkko<{y;J;R)jWxBu_D=eEY z!|97@o1?)?w_i}b4spA=S~xUW2!DE{KIf!rEG6TM+Sz3yA$7ioQg~WjvXP)fwy5Iz z1(SVdoe=ugnu#8xEk=l2>??h`MNP*^xrYmWowWxm`Z7LA_Hl&xuGg2Jx}p^GSoTqt z)*eKg9+dMQxL;YW;`XXY{V2)zmu8v)2djmZ85+Kas>@r#swYUVmjTk|9N&d_T7TvDHm955&&lTOgiq}>)P#kNk zM9?hh`JH0lNL#5N%TSDEhsh@nctbMDC?%%$XZ6lSlou3C!wrW|c+%MVdQX_7X!9+& zzM3B7R^AfQ!|c89vSUH1ZUI#q022T5*7N(`4bJNF6#?|@gHr@#gh9k)aO`PJ=GBi$ z{q5e&MFP7*@h^gBm}wDoMk7q;p3g>H*nAVH*>!Tv%qts(i{}J`lGnk)zQNb<2zQD~ zAJx7vC{I5K`?#6)*z&UWLpS=*xAFv>dQ&KX&C4Y49#*bo3e+eB;Ms53+)hQ@;P!IQ(KJBIgF!!n4sW;|s#7|2K&tfvA9MF4v*4RFF|9JdiWncb0v-3k1 zEa+M~WSWL{NB$DwkYIj(VUpw>2XWJ>$5k(`!3_oY(__`kmJe8dzX<=4;Le+|m)SMm$&P5UKq)M|HS)1vYaX#( zj)9CsoQ57`knd2)q2`Wprl4Cka!1cfs%ckaAX@Z0Q;;i_9q6_beKmHxLHBOVu|DT)_{PQS{vLF3X67vX zHY<@6b{Uy;jTWZJs%Vf3xP5>A{y1E0u9Mqf>EmRkxI|j3VS_I5kUBrb5W$v$j+yPb zq*1~_I9CKyF;Al#@Y4tY8XX|9pSXm2RnpctlsWRVC>gRxYP-s9^EF@r%4SeFlhxcP zaL0j~IJ^Sy04gK4<4MGhn1W&Eenykj(Ttb$?QvM+Je6s8Sc7^~>-G0-P2>q}*#KY_ zoBy{}EYbh|qQ6%U|8+P7$glgoY!yzm(@eQwfGx`_uobNMQua|&Cb<+4fkfbg+iZ+I zH1ygeXf7pK*6kvj=P<|nd}5>fm){%2C0-3*QSIJNUD#*d zt2n_WKPQ5eIwO90-703Xmf{4nFyi=80%p#TS~4s#fKo(fnHSmZNB#;0lW$lM-<(F8 z8c)P#n1<_z81>;?x%^R(74>LH8+Vd@^82jW6xWO{HzSnkLF_~#h~KD{#MB1!t0Z?k zDpf36rx=xsZ zW62JG9!lYBv39>XYxLw#>}0dw5^50LoT+ai6yrwfm`l0DefVaT{~6*3)5In(!eyNMC$06<>!2-GVb(TFBbYV+7GeSI@70_leffMe(UY+}ks^otx?)*#mI67ex$oK4kR0st_7I?)DG4Yz~dzP42Bqz#)d(J zJX_V+(9poroxZYh!N2MMVMatZAUG37sc&YWFzzIdet_eFuFErpxBwk|T z(m~93(NjZ2X-JM2My|srE9ng}jJL`FWpyfm){E*@a2>PDgvnj$U`Bbm$#dj)Twb!|EjQSBM>91W=n}MB@yeSd~qo9va$we7Q%+&_iI}Fu7v~c`IDv37By8HXM zieODjip-|tD`gqtGT#r-<4K<)DjsEC7zQ2zsy@<>gZfcP42`N)$XvpdB=6js0?7ab z7*=T)lK5}!H453R_a^I-B>TC)1vU$0CE|M^4EFzR&sOMvhe4pmrJ=d0t*M<0aJ$&d z#?;uw(#;guRB^GiHI>y6GBva#ld%7duJ#8xtyskxxTcBaH^sihOq&`&7o#O{I* zv#Aj-MTP=HVGtgXE9Jf})vi33jq)VwgD$&}c4WRA%iLufmJ}IhkxPLue{(I+wIy)emBz66IZ?3ml6p#D&!bR+_bmEDcoWR+jY*-()KX6 z?lzLZrZeu+EHjOevo@4u^PRrps?XJG-FQYV_{U~~akEy|X=Lch;vIf2&QWvRI%-KF zhpgd}Cu3e0GQ9D{6}-Mg$LO*i|8B{M_`XGJl%?jk#W8gn^w3$MD-t5BMW(_kR z=fiKh_YtZ6j1CF2ZyTg)FY>V}^z;xWHtk*JSEfAS*l)1z`$Ve!sxFpCVu;(YaQk^` zPiarr5qRLvI0ufo65I{KjWDI5vzH$bv4SEt(%aI;HXz+lfm8t0$Y!uY>d@Yohw_hDDYLIKi@_j146qy8C$Q z`<*POQfa)9oxiVHAm^)DqJA8+Sv~%!y@Y>Yz1N3H&M#8#V^qFiJaEP@i~{I^&RE&o zo}k#*VEAKTFeZ{ea0cPx*u|XUs+j-;eNfpP5(g4;@o)+g$RNqrVtwV%l32o-7*iZ&CIyMqK~R zEr5V)YH0F@FZ|&IsxeFmfdWXPzo-C4h1udrupD}VsIVx;A4BT2P3u1egj7X_HC%om z7;7C6D^1^f`^9|Y#h>$GDJ>W)EF4OC@Kc9Y%2Tr?i!Kwf2AQK!+R2)JT(hjQ_Apm| zces2o)mLrr?d(sTtS@d4!|>7#G<&)zDNU*c7SV1(xWh{$N-A>_gXp-Fe(=8}4#Smj z$Po?$8SEs8Zf9f}E;*1t_#rah1|zxQ75+{{0g(k*lmmT#4*31wVDq0u6t;gv2QfqI zKjXr`*s6-UKyeYEl2&D=nP2k#-JG&TK+rTmArQ$19DDA>qMyB)hxWu~rn{oFAk0sI zpQgPsFdylb(V71s3pnO`xqG{U&Wq@$qq8xu3j#z}MC;;u!~JZY8*{-*XnOwAdkpcA zkpF{R#^|=nrh7ncUoX(M?$&?TWK(R=vY?fdlh2TzFiX>2UO_}p@T9Z<1n zzFSlcjAmT3J>W1t5Qg@l+4l^j#|qw5TQwC7Q!=&jx>|o6VyAK&)n<_ zXS!g@`8wVg*=vD!jO$>)Xf*hWm-vopi1zbf6UKTUoN|$l>N_@J#!PF*;H6Vv!B$mefLF~t z+7!FJ7Mi4rZICwndD`YCV(5CTSt{{CP*>Ae-)%+1dvc*s9FdRB- zPYDElr14VHtvPz3PR*+akUA}`Ha{;iYzSL<`Xy3>3F=`4>Y#+QC!h=sx)q;u%dt` z2mQ2A7gNnnYPcy~oG%8f;AF7gY3Xuwv>Yjxe+*8hN*?bYV#$5GGOdSrp*p60=d4;8 zYs7#`bap5S-&yofL@<(8)~t&;F`pm|nfax=f)6AcX9`&4eYQf*upsx7ToB+XK8@#g z|IKAdG7{X{f&cac@cX}r`=3Lue@5K@;j(}HIN3_l^1!=p?`ky3S_7D$k+$#_Kf^!v~Oe3060WgxMtQ!%GKJB^U;4M047G~vSGB9xW`z#~cj%^5UQ zXjGl8a+8dBJUL$>!CNgzS`QVTSh(`_%q`=BIciztdwR8xH&v@iEj#-Qlq-6i1VCif z{jxazqVg(J9%U$bOC^TWt?*{zHJw%e@L^p9#h79#j=e5MGsC6lX3mime|)#zOjqT& z4;uR(0&Uc_`~E#|U$^5j_Bm&esdYD;Xk?}N4HeA>w{ph9xR3z?V*_smO>`|d%E99V z`!phpI4Y41inP)Y5_K=#7KMUIG_8kq4nM%=1TnAE;3z(>>3H|+DKe8e<4Y>`iD`~v zcbnRSXB3i|#RRA8@~AWtPH<^!Oa9;c*JqbAaf1q$cv!!-^)wgwVA_7~4H4`)&HTuEtx#ak>Zq%CsZ z>3#BB@O$txV(Umv#>ApU-ejZVrj|pmt~{=+sn;@MHAihdT{`WA+1@D~*->FQIHSQH za5yZg!0KIlz5IX+#ko4GyeKyKPRjd)6IQtOVMLtJ&EbmBg)mO?3qmuM{sHmJa>G}! z&TZCMYOOWYoIc1nOb$FvAL=dHbedX~II7Xvc03x0iiARE%9xvKYuXWr5>^?1sY$Dm zF8?*l%k|PMCa>2nO#+|zH~X%5)ouHZs+<4>^tI-?*IVCtyND)noT(eZWI0Tbvr+dm z)7V-MS^fqLbDrDqT<*qbx#*JN11>h~ps^s#czCbM$DBb<5L%hpH&MMRD`8*!9w*;N z-PoU;9>xv6qsJCH#t+e7&L7G5`VGwyZg2;X)ITX{i-q$OrSJu(WIuxDZ*jsJrWx1t znH>>F637??H@vgsQ2Rhr$$ITe50mTIy(}c0p6WI(<`BQah<=qxf5Xoo;ScA9i+zo# z9{bp?FT^i!ySx?;8-I;T7HjeZfz^9B~fGBiF zb4QQ_GSKNmgqOAfXr$>{($Zt$HxH6ok&Ab#UF&iHo(%74muDhJLxbl9;dIT17{@pP zuqP}SXbV01p<2xT&%%wLl3nDmg^HbWiPss$1Bo|Mq;%RF0&2Z|43H9SGllJL+vqz# z6ZKDtOkrEu&J&y{r$)Jy;~CQ09kEnDYD@$>-BNU;c1F-Y9_>8KIJox3VZ)kBveC6r zn&)VitJ*PHI1Thbq3ypei!3+M&ASbZOnZ&T9c5JWp~?Of9sSC$lzr`;BLe3bDvWpn zp>F&pHQDXMol@IID(m{rh?WA0Rq^Wu+IMfboh1#B->>krW~>^E)7OZl1!_wz61Jn% zA}CQhRwhORTT2OogW@9Y%M6fhPaOYPp{;_gBmud@E$i)eg=xV78@#!6ORb+v8Dj?0 z8OHqmK6lcH(t#Vs$RdB3Ew)bz;*6)idTaml@3m;Ns_C8uFe>~e=lIttf#CmVRQQh$ zjji&$2Aba|da?x~rLEdWB~6908K^GU0*y%S=F=Eav0+3xi5ha5)}KWjG4CY&9aB|2 zJPj|P_rFfnhbgHg1}a$2!}hYWZn6$@Ue=v&E{40`KQe|va={rdiEu&UV#-cnrx6a2 z>rCYns>|rGIZXDrf^tAOB5~|42L@s4do?tWM5UR+4gZez2oc(qGdf1~corO5p&=}GU5PqSIEA6a-21SQ`V6@8zpa;y_ z%jODPiA%v|Jq1jy|8Q4nc7P(qxW-~~&^OrjheK=WYMH6Q)dsr`&niYWW1Epi=lE{_wmH&XL1?B*$;`qZ`gp4mm?&N#)yLtK+)6662P+|JFbi*%p zXY^Ii+G#%ZcXQqvn488&_|Wy7VU}e@VC11r-EHcaN;Q8Fix-BX@E7xV&yr_+w?T&Dat=LqIy$IpuN(lOLt zfz~eMM@~s73n3z9*wrvYTsRs7)M$UWB%pBclne;2=6|c6CG?Lj`9HFBvOl2qPj&Tw zu_A$WwbJi(^%t!*z{V1muLU_qQE$;87!HWMNjv`d(wSZT2FjagSKwy>va4B0;E2ht zBd!TaW_Nr&Hr;zF-P_y`$ch9NfSxWT+KrFG)rhO5A`K^pw!}816S>k5gOE4jj!%wD zy-XrrTK}$9)3srLdR|kl&VikBlCq)L0jlh-vf&bJ>m+>UnCLDdpBA&qTMKT_;ieAG zF%B0GkfT(`3S3!75Vn}Kf(=b?w*yQH){vi4*kdP2F3?Bg@~kgye3uT*0_~j6i(=%U zE2Ou9*-9^|U54AdfL+yn3dy8wOi(u>Ak8&n&WZNqkHy*Ls>#||8( z1bu+9|8mExfc~nNDC9Z+Qn|fpyy)h673bHZI{IYV>hZLMM~Q%_q9BSpSrQh_FBZ{+1iXj?ce3KYy}Jl{Gn_ zz_o6vKa{`ZC;c7aHe!h5iH`GKzkqE>GS`_3f!}!1=cpNeBN~H`8*xjkx#rwrvGw zm0P-bPm5=_$1OBBNNqRSycz?ofWwRRyDZtCut$~Ew7%#fN}W2luYfvTbG&{x(4QS8 z#wxPQRU;KHpvJbTw$JISyRnk@swNK78Ru`&wwB-^z~I5O-_x=&)@LKK&@-#RII1F2 zcg$ID#LYFH(6l-xE&UnMW}4ig0(7Kip}(l0_6cetRUTiANo@nuMixqg!+ejhuPm3>tpncwEU$NFzznM^e!{clgVYYETqP=RsU=&e;~W|Vqa===k6DjDlE9NiFU+O?oGauk`)*^^M9 zG|6BV_jDO^!ouAy#9Qn;*l)S}wD<(MDloiw02wELo$>MfV|e+Cq1?Y(K`MU`o>MSV zmXf8BMFi*+YUxwyK}eJ&YvaEcS%3tmJ+dY_Vy{mnoYDP8T%gbkk4UBbtzXNsh7ySu z!JC!N(y*0vGwFUmF|D854U#rk$XS3D+uJ9Chu>;Vf-erCiJC}JA|sQT#$-4g-(MBs zO>rPIfotJ?+}5$qVSrw|=hthxNK=E;dJd@+0i)0FHIdF5M|IX9Y}O&eeSeef3%u3s z!pTsiKnvkDf5>m%3@-w^`H5pj6D5HkmWF42%ZTUG^7c1o=azJa+x9MORqsG0h7{hd zx(84gTiEhehIDK7G!ujxhw@YS_pxHIojCgiuC5up2>F(NRYd|Yt3`K^=wgcqmy#iR zg}x@~f{F;-B-_>iCyz6b$_h$xQ@_06(!yx=4}j`%{DbP0@o!qTV8t0L-d}(jss~XY{O)?RVo7|`3%~l4+&+5A zi!$d8jFji;BmISt3}G~W_zb5QvQoGq9*5;i(5;$gd;(u--nLkLU;1)MThAn@RI0sFG*1K zQmtql70;mSCF4YboelKZ|K=#HCJ6LBz;M_1w_`f;|J_l5sn&m~nEp#CD@4f#nPb!ZgfQhYegKc*2DauYDh>nMAuuqQ;$}FHISs# zSNoKEjirSNOH%#|&eY=aR6!nBTuO~z}~Yd_xMC^*Vj>}A)g z)L*#YsX968BFrKRp=q6${eCa3QEc~?PJo5=Z&3T!F#G3AAOGH06Sgolw*J>$Dc1yP zd0gOu_1GJnYm2@@NzY_;@}we^`E#U*??f7+UnJ1VBR^&J;$$HZu%-*{>-W+q(I%6l z@Wb4#LI=hfVszbKbw2RiKVJQu=Kru&mn;lXiShX`uBU=viLOffyTJ%+al-az;d-qT z<|2ew=UxRXN%EM&@f;}bZ-?>BTi5vKuAW49UUVgWuv`WjmQMlJ52RKm(&zvI$LY_l zNK-X}LA^?T9(bMv{ccT*hs*2ttxji&ditD(h3xc9MKx`h*cKCJrgNi{iw&73rNV0~ z%`WJOghGuDt@gbDjt_Z$LGhsPAM2|ay_qROEGJP{WDlcp(F?w4vW|Xk-V{ClE4+{ART~8G3C?e!mRz_0hd$~Q3DL>3B|j3GUiKnhLJs62 zQ`Qk#)agpN9qeT#VpG`XGSqyySCAl$@r31qjf5*lmG_#Z7PhPO8oy}UbzX5hj=whP z@KOC{D3JwD-y8SUOKHJtqeKCI^AOki!PlGU6EAt~-r`DAsW#b`0c#I^JMp)|@V~ zYoJ=RyX=a;Pq-qY*BE+g&N=amab00su#UtsqR@^WZYdnf2#ZbB0wBaRv1AnW{-<;B$x5>JK(3r` zW~<{a-2#21C3KvhzzOh5PBp3!0#?D9w@5F)v8KS19!o@__ zi++b*{C_xmr@%_IZCkWbsib1twr$(CZJQO%*tTsuso1vdic>Le)>?a?bM|^?@AvNe zm_PG#&OZ8RqxIHXb45FyIiv}AVDlwLHvyFxGacB;Vxo=fj9_piN;7H?m8Z!f;%=`V zgjz$rOKh4wCPEbHBHv$*8c=jkDR-5K1}FnytfLCBWyYQJCM17d&ky&H-tKO@>!c|0 z$Y0z&@g_EF%d(lkF$g8!nUaO33u!KqMWL__A#44%Pd3EHA0k-A!jv&N^R*eQd3=zb zOm6#dqdPTG5y+p8avNg;0)m!+cAO-r6`ds3&*W(%LNf_Hmm3G`dqkq*5j;O2KPA12 zBJ~7f)x~3uUS>AvC>wGfN1QYOIuBj+EOTmndn7FC+T-ziK!*lU*bH2gK9Z)C-ONGZ znko5w@3gJ@6@nyyv5s?cSEFojV2C_d=$O4IINC5Goh%a_@*50S@5H~`=V0n~-BC`; zQHx^Z@lRiL5%6*J)z8Y||Cc`Scg4%U5&ryF<@~i>_*WhMGjJm^f*+!n?o;?<)~Erw z_-USiPXomrK-L1sFAH}jrzzkse!8RO_63%>sLlSw%LFj>>OQsf281VyK^PSa7ng5t z)srqkuV1Gy+X}3U>Efe4mQED0)FwBm+_qlZo#Ge)udi=Kek!7>qqJJTpaA~j?YN7| zFb0lSpjo-%1M>?^Jsd^iRN_Eanm+6 zU$BJ{Henlw$lZe~OFaMO#_4&}{Ep^kd$%GOgbL%bDF8*^Q^p(Cq@?+|Il;VMVEL_j zE9S}$RM$6Sey95GaV$u^%WgQ&TV<^X~(a1yO_%CHW^o6JBYqqwj*nvf87T!Jx zkrJ={VS&ggilr}SY(vGWk2Fbgrj~nLG*W0dc18}3)iu%nvNdLbjJWT3D=7q}k>Xy0 z%?$V}JEvi#Ff5`uD}+pg$no$I&7+X=JKDV(wZjKr-9g5zmRh<-$+B%}>Vmp|=CjxV zFUtM_-&=Atnh!q@+wi}zRevwDf1?8VuQHQ$_*9twy-R2Q<8@m^ZPi|7Z5^&4_l?%s z)9-f}35Kqiv{)EXV$2nrHK}p>xlN|c_04|wH8LW3D9QVmPu6t2E(nw&kJj`s<7x7# zi_y`=_x<@E_$M&ef;~7Z;&g4vcwCfbOXVKSg$0>eOL3o&d@vvmPzQhrAQ@QmJAQ$3 zWR`8Joc!77EeWHgDpu~}bf1BLF_IM1v}Qs#wcEDd=m{MB(sZPejvrT7q`MsGF(Q{4 z!$jdT<1k zs5yVPe~Z_NEJ9jG{mlo}*P)()$D;-|9&)sztD)xl&|=suBDL@!J)`*j6ks$Q#~Uo@ zy9aHg*iomf*sAES%Hb7_DQ39x!*2{UPRv}5UQb`8&pV)K7r*cHgWRZwWJ6mn*H*dk z&Pe-?>x7bgf>P3~%g-0h)$!FHUF*s#(z}(6` zC-V()JAey)yWue&2&D`^ksH7|=hLz;OC_O|OmrNcqcwk5la7+PaYB*j%B^BU0kh9M zrC$g0(0GLYqijDNn)TH_k;UP^lpT@iINjkHD z;X;so0yTI#>(~&2Fg!A3UuQc2!?@FHVp2n(czm09M@MM1ALG}k2%aCX2W~9T3I$|) z+4b$DN1R)(F0zx+*?&l+hX4^s7eq6#$|)6Whekv($#j%ERe|i_8eboX#vvcP(KkLL zDu7^(iE7CNdkMj#iK*zt*4_3ntA^+_oZPh69<1l)T5Q)qmzp%TlE^FWXB)Tz7{|4s zERUO3?x;5yu{A9R;EB2n6vin8`8&C87vhXv(egk{m-LRQ)0%2eSSdia7AaBO6@-h+ zG&wm~2iToNI=SbJhno*rttE`ll2BBB0am8MB9?kF;+^}}Aol4ZN>^ZR0)+Y8&{%Gg z@kIPlKIBh|>ZzHm(V;gQST|K8i|i29XxMqGF$$FDJ!EdyyWUk)?XYE$3g~n6-~=IT z2=evNDWM=g1V?h5+v>kuT3}{y3T-*Hn6Cbw<4kKCrDP}w(wUe&Z(9^$Z9OsK!Y5L6 z^zvk#o9;ZtA)b3cEhHaz-Ow|d^RgdTu$D>v**xxxwoz%OSuz4PvK!jQ z8QlszN8$-qZX>HJRMHr39wn=1$Z#>99n%ltkxe{KnOl>u-1G5<`y&l{cg9#?F8%u(C|k^SIt2MJg&fC~p9FK&MY3Q^7L zB?;YW$B0eCJM3>*c`a@wc3|{%icDC=Gr{Qevf|;-n#TSuw)$~)=4LI@u>^e{B^mG% z^BlK-8ozKoy9G9U9*Fq=NW=WUfu=tao&Mg&|I3vDRboscw-FMAHmBsg$=*=P%kRqn zx^yOxA~brAqg1iE{>*7H(6=y@?=L?PE=Fpy+}}4frjr?K51F=%TfSaTpxf}P#7Oq- zA;MPb_14v{5G|SlIGl^?l-oW)uxJn(9kK(Cn+OVT|L^x?QByNTHcfG81O@mPG;Dr*uab$2lV-`s|(dp!-x`l>#P^-ANoUA>s%c$XVgyp`r32C|`d0r5G-YQ4hSVS({&tRN#4Ar0US>HJt4*R=)I+&nxyvEkL}Fdi^F70KC*_t(57cts z6BQnkE4N05ULm!D_$uts=(ys0b}YMa)h+VV(!S|b%`}H_?(Z39Wo&Rr^?Yb=jIKko z$M{3?NMVBJP)w$@ouae$--v%S-3qY`DbUXvBm0-8`**BB^M3(J|LVDk%9ej_@6~%# zZ7Ag&l>YEnu}&Up+QuZ}hYA&^hY(scG<7`=MKraaD_=!XXIOqz+=8UZduFlNmn2bGGh&$ z&=*hmB!X2QdR>grW1mZYXlbUy72$2x&wgX*&r?UJcfu4S3sNtML+MI%HP(PT|C*rg zVLG{vFCE&eMq)Ia?cdfEky(6kurBOe`_^m8;;K2A=T@1t@h|P^PA(x4N>#C&ZLq$5 zvj$r`s3*61mWVRO{ z!(x0Bv>ZJ|W{qc}{ir-*#|+>e3eXMItdsL9gA#Hc>fL?>Lk+mZq8Gg@w~fMLU&}B5 zo^$B5o2aZ4#n~aL^V=Tj4-y>87<*pfF<=n!1Z1V0&_asdvQ`zza{4d-xjph z+>-PkMXA;{wgs|&%iU>=p4E&jTpp;wNN$^{U(3Z_QP&4&%kDiHW1h~k1$E!HzQNLl za=yPNGgadPwS;tS#z;dmWLJso)>Xd*E|uNA`#ycb3n^7Tr49PK(Atres*k*$`Py3I z$Ud&E0TXNynv}q#Byp{M&{MD($`h`(LPbV7Z1#8MG#t-?q8~hyE9i*aqw3kvn_;Kp z2WhqWSweLO+wrycmXnn%K;{+OQ4iB+8$pQIk=c*^!-c_YQO}KgV4K9&f)T6EX&O#4 z9)lG+ATIc7)Tk%C=#eCl6{YSw zOr(<_@!9acI(2&V8-tksoMXavsTl}i1a;wZpMU~v{QDpRaB~gB1mO9YTxDo)5cP2g z7J3;21Snfks9WW8%7V)fUlEcU6CQm4w#5P=5lmmNKa(_y8C*wb`JFe|jermx0jiGQ zn=DLo3u&nO@;$kb0yYtq7OJYQL0DZPa53;6iik7?U70~w)%R{i#AXW9VC zua7T1^^*0l=gzyfR&Tnw-j9Oix`9CkP2g&lm|Kj6wn<&aK2iIVjga8n4#6 z-KB;QZVD9!B%#dJ3f$7L}VyQFf1S_qJ`Vu%7!Rc4lmv498OO3B( zhW8#Q#E{NYwwR>e0+>yhYF(BbgMP?P9eYJbw_R#gU?tSmFN=5J4T;s+DVI`x^czh( znzmTw$WXs1`}aE9%ye6+z<0K)M^k)?Eb<=jPy95MPxSQ{X7Do_`sJLrv7hHaXBfE=uzI#((zv+1X3K?|(pI;ETw%YX zxGopDC6YnQIiQ)A!9RL1Fg(f{LThAzwwDSPWNzek8Vgj{0@Ql=Yw70`aF2+XYPe}g zCVrP<*l`g9XQ`JE;E1%Oc1kW`u39dv@DeR_?~ZF!={Qs0L4E&my`K#wgf`zsXgHuG zEUeaiDAM&^MiQBR`he*7ZS=3y+7_kDR&^6Vj`IMDFxw51;tUW6*mU98bh*m3P z=;SwZiJXd{C8v}gnw>ePK!&>@le{Nu;KVP@X&YNg)eBormjTKe5iH=iGRfg-t+^|p zz88YusjYR7Oh5bz(UPEgwM>pVhb$=C_*W;Z`01NUMMh>b%B01p;eDok^pe9p3VQ|h zj~`t3#jk}o7sJ{NPG8y%=!h_Lr!rWv({nx`*}U+xzBrh^ci7R;Gu03GLA)|ej6eZP zUJp?99T$c{?JCUNDYE;HHW(;BB&R{xrScIqYBh#Gr}d02KJgoc0gtBi4KWzJ!pM%g zMaBKl2CPZ{7)t@{oHA;0rYC<_?pvR+_UXXWlO2RiVYt_q2Q4y6&{x19kVpUi`c#}V z9>J>bXeBbpcELo>MQNC4zT?S2APu>d41dt8iV@yxcN>>CJ4}&gyt&35dt4f4()@6j zC%Ayo1@}Y$!U?tw*!H?3ed8E)N2fcd-P|Y1X$WMjrMYdU8TLVglWm$Bquq5XljLI# zxL}$8>a49^bMyL2xcFBnk*HZh^sFUu1H(^9NVx1P_x>aK$#zip__%@}EM9@_OuNNq zuHkGS;=y28`3Kbg-9Mr~*k)87eld^8&RLGdXAA!HUiCrFU9L9s4u?|(VNirV6@qgL#!!atv( zkp+GiWY*&CmBa1}x{6%Hu))z6dW6mu7{m9N7r26Zv%q%>!Ec=Q2!a0%=BG-Ee4cLu zw3!3!s|R;UHvX``VRI8#Qgk@j?UJ0PUf~YD(1FUe?-OzyBQk)`Ndy-rZDkO_wb>Qc&n`D zf`gG+($9)u@k0uS4N6LiTU5v;1JBi)v56B`gG$fXkRFJht=^{O7Oi;f&9{B-g*~{Q z{B;QaHLRDNG5&Lb^TYLWedF!6TGtntE>Zyr^$O4bRt-r|1qycHiY!nzpNSWxPXS5x zN*!uU4SdfWt=!R0 zM*R2f_a`)iM36O`3udev6Ev;O1>MusG#eF0_92GxQ>@I&VL{3^#nl~@fi(lLwx&(Q z@&Rofhhw3ZSr;7bD$RxQs4msImUAO6&L<%Uk%jrpB4Pf)XO4}T!x37yAv$Q&EPWn# zESs|y58uwvuK{&xwDD?QD|AnDhdQyE?wxA!?DLXJ44Dw3-Q4-RztC9vq|t4g#i7vq zoLY=e8>NbkK=O6wuyuS|ba!X@`sF*z^LDT|?j?}jP9}3Zt9G3reV5EaMe95Cuj4|- zYp!?^P??chqbr%EhnDw1`dGyDdzj9mXuz!bXF?Zd3WXF#>JwZ~w>+9tF78LpsQe#3 zUY<~T#j@dgt1@vox(ye)ky(i|(Y2SwwzS)ZDO^=rtk0AkFl1!zJiGFYZIY?-hi{z$ zy$OY(B|@P-ss+ht*vZkhwc zS|(_x@#$gET!^Nd;QERKC|yuHtzp()1Ka7+a?Pq|lU4!)OKv?mMTlPA{7XG!y+!$A zZw^i0!{g5N+&0!5-CK*{*mcTV2FMg5(O<>o+e6&qsZOQSPh(~7yQdH@t~G4k+?`i0 z(!tJ}ER9om9D+LO9KAiacf}vbbVwsXS;ySFF0tH)HK08;5c}8XHYrQC7(Gs}@gLlh z?HhaTUa}du=m`c-3|)ZkCWU{bS%UR7;J{}SM8rk5MK1>Ao$pIUl9`?g-$;se+XtFS zM}7ynj63kG3x!Q9>I9ur_bEyr#~-Y!!@D%%Qa5q z5_}Oof9xQ9t}ZZ=b4p&+4ygLp(6_fOyl8Y)KPvI3o%vxN5hQ~`_;T4Q1);O#a;9sF zl!C@n_d;?0o&>J*!`L3_w15U)>H6VgVA_0Z1w?xS3`K>LB{0_?`3k2f`cq;xfoIF0 z;bLGUs$YATK;UEHx^O}?hwx0eLMZsj5C{qjNMHEI5&OBpb6cad;VMsC*t%GvKG34N zzaRA(vf;)C|5V4r$`0Q%9q+q#-r*w2AP!|b1;-h%4~l~D`UPI$DIDGWt-+~WRVx*! zwNr$FUE`>I6xUXAU@dj%8r-Hie1noBoE;;`3}CW@J?+E4AKauQhmkD~-mC^B>%RkY z;SpRqXIzxNDtp!0!zVEw9P(VlU;dMl%Z_z^UT>Va7*yGopYvTX!%;ht)s2#wZF)rk z2EN#s^ntwJ%u7aglZ88ymTZXNKqt?Na=uYnfFWjpM&$}xKV5sNW~FL^#Ce=M_0k*N zb?48yV6)Bd%9 z@%;<$v*Ns??IIlBI2fbp<;u(Y(dUkfBdhQ0+b!*v&Hg#G!5T9?asV8PryaU$LTkAc zzQ|z~1Mbjtv;l2WZQfNmC{Jile;z}&$aU(f`q==-1!cXyo+9=mSJ-!mYq~H|d9U0M z6+^cO($j9zIdIrqU|b7faebc5nUnPIJ}v?P=7@T_q5#$y4Nm#yjpE z5~2v!G0a5@WkhfB)g?273rhB1Tjn*h*;bXsF$_4vMD6&=CqAc#rcW?2d(s_y85cI?o3yg zhvSf=Wl60?F-VE2&w=EiSgE?S(5mru#5@gMN{5zCOna{icMceNrb+|FYtCJGsgox3 z*;>`D60u-E{ny4jOg2zUax|2Vh6%X1C9v7W#IME^-qgCoYX)dM&TdsSmd3eX zm66T|hvi}3kKL`D+oeB=lf+nNjqPg)WtU8Y@Wi~ubti|Op1mafkua{ucSeoS!B8aP zvBjLSYP)xu6b9*@l)I_bzum;*Ei8{7vA(01(e*rt^_^^Lap*jaG(2;X1()Cb#>}@> zM|3ZF7obnqY_dD&3 z^N*TDcE0{JF1}{tPCi%Q!6N5YzvJjMW=R()&=q?Q?hrPep)Uj2MZs?B8SF*=e3c0J3!=$&7?Wc;nQUd zFUV2|zqDdo2)cX5OH6^i(^G}CxRsuR**>SA?jev+TZaB9-~ip3t)F~6@ov)j;w$_d zj`HkNA5V<&XtULopa4v?nKMw4=(-F6+7-b`Q({}m~eUX!yt&xJQzLB{x5&b_Ii$q21KSZcLHe(nF3X9Hr znLR&x(~_8#b`hnJODGT&fI_8TvWirWDA7MQ>q?O1TVj`<>RB|)AWY@TsMK7ql>e@G3*-0fUhzW2}Q(%e$I)=zNDdM0-fmE|$bgRgAQ(#b*Asv-tp^k)m zB+FvSU+TU#KgEd6lO&nTBY;-HfVKGGa%>u5+Gubx?eE5%~0pfmSJvO)ppf~ zh(%P@J$pUFA2Tmh<&HR$x)OMxlUNYY^dgPrPI=PQg5L-+TgG*gcE~R)sE@JyqH12D zVZ3>Et|ae|I=a{f5V3Bxc24LV5)T>~4moTR&ZO5VtZ`WEV;e~fams2HsQ*Ir{DimJ zyPwjBt$)!O{r#rN5`hx+!fg}6#$EWDK{-_;;%FGzv%TJM7`yjx_o%OI7|KTayw)B@%HG76-<|J$P&dcuC%k45_rnL;-%x(t+x%b^OU#Vp%$5Z zMXcUcv3J1cvQ264g{;eX&?@jNMPS~!Ye(#A^O6Sdt=oExrUGJ@A-9&=``XEeB~o@szzL}KA|Ct()vnj`)Z2Y>V)Xw#)e zDh}^aTT}LV>hN4_=}n1XnjyyO+C^lcw}PP6PszE4RrsMsQODc4CSH6MGqDIaa!N+? zr>LLs3@GF5Oy*k~``L8??6lnG#u*LBZamQKzVzRI>9b<0*^I)7la+KxTTLI`+UMI0el}-j2*At$X_e5zJVla9 z*)lub1mGG!QU^By5yUEaMXnwK-m*6(r!dhhWrtq7z~Y8Bp0t7fZTX6A;-4=yNWJu% zs35C6*Cqf61Bw(AkU^8Va3w}QGBe4Xl2?=U-YXAseFb`S5h@RY$8&M;n!vp;wlSZq zWY`RbKLPI9)2s-EF} zIoYbO>F&d006=h8f`Pa$eubSjS)BB!LYT8PCVi5vbRT)`p^eIyh1Is5h_WeQ_%T0} zcV~)YljRy_li`}?y%)4iaV56uooGFPx%nNTJxUsC)u|~Qv@cWy|9f8>ss2QW zlvV$%A3G(dg>IZ#i$%Gvsm6X8Xgp2E&Fo}E{%ogpyhpSRd8xIUfxJ02)iO=MQlq*V zYffHTF->Nhh`M^=AQBEF;Z-l=Sb77gl}p`^Cj#}MPopXeNx4&TG)3&(9iA}uN($Yq zd#_5eU2)m0vE}~xWxWy`D&2d5G-Z*jwH#RLS7NUI>P05b9T1>t38H&sx|@rwZ>#WA9kwcC%Y?y;WEq>=Cd8F)| zYUk&$D_jwEqtQpc4nhE>iUvU#g%g>BOPf~Zn-|1n98MZrjhTuDqL&mc%NY}@_jsWx zsYvUS)QVG#nGP8tdqWf>>q;64rM|)iZYDCvWVV^moP zI(YEyjn(am2{WFrxg(C8SMTlLm(w9oFUiNcU5OcQt}FjCaK4oJrQWN9Z*!1khM1!u zbFP&%EnmWlpS$YKI^zueT_VUyR6uNoa2?jVw^Ol}$4T`q{rcP&6}I~c-s?Nd4yW78 zsi+;dLa*~%U!j2}wtk}6fJ!a3#tPDRH9hZ&{ZA+1WOYQ=lnmIEtdCu&_u%42Znk3Q zTWVjJsqzAzL8ssL&s;&`N_onhVr|8#{T$~=MRqEqTAbOq$XuCyjB#FBSp$wz9*Hca zX$@M;r51X^&RI%38+4bwB5qlvl9@%Z3i+fH)o}?dSH6D?rrdz_c@(~X`C|Vc4WR$c z%hcgt?(2U5zJFS;e(nhLeNI)^MCJyS<`!SH$(O^?kgtWW3(3HgbCbfltk()R5Ljah z-jlaMysm&>$?RFE=Z8QUI6X~1Gn!LhUwyoR*?Mg-Kvk%u^cQ*&7NsiEm+5Lp=&*kq zsj(T6ExhKO-G7%5sZxpsLwZ=(%Siwecn}fd?pAzo7Y$=1$dt5b*ITBQ8K+=Ik0{%M z|5PuQ_MdOJ68nSNx(DuC_@sMEQ*T$Yo`Nkrg$XBVva%wy?GqXm(J5m1D2WlEASqp zb~Mqo=7toZ+CEx3Rt*U^Cf97JHAvkk*EB}Zr@&64ysB{2Ru5M!>Pe;IRqTl8ZB8tb zDJ~_N6SYRHoS%1>AtOb&UgY)l&+VW4-W%XQb_D7^hc^GMasE33`!@zD|NKYAZ9c;o zKk=7`{vZ6Ru!F-tQP_V8my)R~g=-QZ@(2iK!|S%W{bJyLew#BhsEz$xuB?S3uQzg0 z9bo;4B}&7H{7Zb=&@`R&{Xzdw>+ogrY4X?W`|TU*4`MFy9)9{zA_?;Ko(&{*NbnYL zsq}z0Z2fsujT;eVGhL6fdoMN8S2Kq}lT z*L7&%6}z!n*d+8gWOY?8utvR%p(`C^uap`NC>QAF;B0_AJaiE%XJM>UjO^Zkll zPR@nc&n=PAMVLub(9wf;$=FcP9(TYnbc-1T6G3!K86@OliKTi20p{RD+<28k6a}n* zDVlJI)Zh8INXJiO4ZuE+GM2XVk$U4;XGJtf;dBh3b%7O%d>`ICF#v4F2}Tq8Q;O|; zMVnp36d5cb{D}L_7!oUuFoIJ&Y`IF~g*<_1 z^-RbxE!$=;F}9|-ZeUrq-!+eS`&UAmm{J{!YY&S+2iz~8LL`B;6WYgl8%|%&xRL4-s@3w6q9_T6! zNrF(;FZp0}%MQw2ydrJq%~hx!u~S5KhJdj@ugHD@i00aoJxy#7Y)Ou=uW)oITB^_W zQOMsI;EtD@Go;Ke#c3fx`t$fK)#?MrrTt?4k1kW%V=aS=&H=No)I)cK#5gIE3>EGR z%2Q>l4rv06Ec)zz*H(QB;e=;jS1VK#ziNZ5B@UR`YCaoVuHhH9Z!1%oZroV^{s<`{ z-}*L)(HNUrU^}sIH$mY@?*Cx51Yw*w!?P<|*%zd3xy6t_?J^#Aq(ZQjY-5%bUop;G zJ#3nL-m0{aj)y(AK_5N$oA3F>C8(_`yTbClwL&QOC>a4ucoi)(UdZ{tD0PMKheS1P zz_7j_s4UWmASq3nyDg4jw1eMo>L}Ft-siBox;j(gG;DOg!LCV^>RUF zKRHX)6^0}fh@ha^*Iy3yRZgcwOV{(6O)ylPRJa=g_KZ-*s8jHmJHiX{u4TvAHNcx= zu01db7k-SryC5xupTTQSgYUeH&`%{cs^uCJnoWpn?J3+vA#c0bL?gOG$~;!wUST{! ziX4@P*xQpkM|(^CwqJ1LKkqGVCc(W;W{!IZgS%5orpPXl+c7k^R7*;~?K8Kaa`^1_ zl6SvVtDe+9LHO+UFJ3)(Pt12#7W}F51rX=Af745N4(AK?XQCJ zI7i3$pDq7jI9-rd_Z*1pCmD*K0lcdmo=;E)@xJ{2M5DlovDI~0LoJ5rGaSeD+weBV z@BPv}4uJcr0H^EzB^qg4%dx?4XeKEU9Vh@=+9~3A{8tqg-X+9TAVm-@p zBG%k)$XZ(?m|4&+{eW{KCCV}DRM;N*;(aMIgzrbh@%VOk5ouffz>VW^)Aa&Wfxt|` zaV-L3s~{i9nye4GnKx^PI<+}k-+bMp4Y6632X(oRgP_Ws`*Kj<=+qV>}S0FlGvB9+Dk9A=#Uc$ne zeIMmqUXkj)nGYld9TZ)Dwsjp_y9dq4UZMjYEaR@qR{ebxUBQ=>kAD8R6pyj~xR88& zXJG?S<&0&d2qFSG>nsTOG<`Usurp<4FEKt!(L~ma7$+=<_Zoh6I*x2bYvN;YW+QAm zM-}-VR%{07-}47^u%uic)!mm zReG#57SrXLm)G|aaAsrA0%}XfXk3ZtQ+Y?RX7T=AxZ6^!#Nf9{mvw`wL%Qjz(rKaE zlqfYg+$3PE&;je)9QKm>Hh2cpXsvkZR9o|LZE&WkuZdD(cvT!NEHS<{PF+ z%Pum7NqWE(@k>4K_Qq$?@fN0z1Gm93x8Dw zm^95%VUvlqESi@%!z+F-lx-G+rrj0K)4=WU?e-eJ^!q{GSe7b7x^Qnkmr@<$29GDX zb_i@g#sVgrEnRcyQYSmu1yAV{QLmd;?6Qieu$@vEU5I={4AgUZt0g&5B6VJr4k4ZS-Lc+!53x^IChtla%8qz1(zg^tXU19(6cdL z^J&gZEDblnEXwIk(2*W8&>&BSSwtg!81)reWb6$yr_kcrESc~0co!N40u7eSnVbxh z0hZTN(5iWoef8+PT9281N=96fib36cv-VY z#P^DAT8#HFLJXU}bBuRDx8m=~3Ll8~+@0*lWYBbVmZ`iu3pWH*rj9SPNGY7s;EPuV z9f7CjI-~{ED}sKZ{0zZxX=J^KUnw0`=g-^F3%g?J!^?GJujX-wrB_ayU5{@QrM=+UtrupSk!DswDy zId;-dzW@FTovcqz_htYFk$gdRW`9=k9SDgixG zzVhOk=vA?_rD+`JM6$t!1_?YqQa*1tECMdSJikMGq-=gXEE#+^P~tmz8ALw%EEz*= zeVe|e&n-|r^f&@BO6b-!((2*Fh3I$(WG=n zzfnIr^#%*91@d_*24!M9PV~z#^a#^!yjU2$WkdT2Bm;TOP>&JzapdI%2bkM$7kt># z79co6+OjQ)^Xa}fz4`Iuhj0Yb{6b54Kxf2#bg^Zm;ZZ*e6cfL(2lgq1h{%SBsDkyt z0;z_ygQpqlQI|IV@PVA#&9gxXF~*Pe(9n)WX)F>x1!D?EjUz=Zta;oI5>1me4xBS# zxIkg>CS}*7T-0kvvSZF{jM1ag`|;H}6)6T;{j8P9A8nUNjk&aMMrR)+y}nN#ciS|O z^3~YJERi!;IlFftb*6C+Rr`P@{|m3E7DD_?YHu7;lF9Ca6k;Zj&yN=QRzR1R%E>k@ zB~SDLxmKLGNprMRp(F{m8$QNK>^{UDntsBxt76J)S4r@2)iGE`|8A6COQEwqT@b*Y zDa%Eb%ebW|YWp)O84?&WfVy%oCo^fTzdMjk#h~zY5fN83&qc$YBQfS1MxiQkkPkEQ zxq-y0hr}9jf?H&Q8@@ygSmCgUMEHh6u!8@b9Tw?uvLqRQ)E>vlwX{x%b=*6$!(h)K zgVQ$q{(?cTR^-vHdx3S}F&FLfy?>sW9PBYzxp57c&}Hmy>N%;_>yQQg75156J1SoagOo?Wux;Ptz9F@E13^@Tuz{D&5mZiJ>J>4E>W7<{DgdY<1ulx~e{u33mDPrP>_) z3lBfWqvb9@R>IK~DJoEiaEWWnW-41a!7^2wDtC@kUhCP z_r9E`THmLR@rRGCovWxSxa>m&V7Vljc=I`7Z}p^iw&GkCmC#Je9i5WZ@F|KbcwDV! zo6b+W9bdtWgq!kAtl!ya%RbqgwuaF!a{=xgp&5`kq0^Y5)l<9xtZjT;gz9xE4zA;^ z_jK!GcVIpUW2^5gtPV|ry|L+(KV$P?LpRW#*=aT9-c^FRkBWF-oaLth& zLsn+F$3MAHqMu!-?O0%YKW@)SA0#Uwou^&DJXZ?uU>_LgUb%+jg6BR=mA8}GU^Kf7 zX-JGmS4{zdF)Fzp&8bylY;n!Aslz^?b8Q={le<@6Tylg=uv9-v zg1ma$^jCS5n>iV!zmNUTTYArxX2ztpOqNBxZK@SUnN9o(_~b_0ARUcSIO|iWG&VmT z#LK;!P(n6~U0|maHozVS7Gn7EoSnf#62zG_6!&~AW9_%4{vm@#)g<^@dxvP^{65Co z2vH6%ME7qT5F|Kzp`pcYgK<8ZDyiuc`I`0NT=dt_T?bsA!FhDo*j-E0A2!apxupV^ zDaW6-xUg>hBQ4Echfd4vGRvz-3v_b&4V}ga*5|)3xMhVVgV=|fjqeiyV!IzC7G$Mb z*jr;l#uE%jg}Kwq3!U|eXH5=|Fm}E8KLs}P3^ zMMfb+bckRi_wf68mKtv#dt_9E2_vCwJzl)5H+E~hdKcwtmfwGM3cf;pF$fV8bwG_R zQcCa^UnQ#)*MPn!=4j2@pOfXPCa{*}3Qjs!7bKc#2bksALe~muT0tw9kBTG@%c(A+ z!3glsogSBlcC8+lrjz0#Q{(&L@ST4PEpqWE&U5i6DRc2B9mMtI7II8d+K=qFE%ETP zfKK0pF5Kdu8cJZTCqwrL7oQ4LQRv67n`l6A2Y79 zU>m5W?77tk-=Zz>e*>#GCR&u2w5Yn8&?*=VoZeI|4+QR)pOPiXt<*Z3$uXmZA=CIa zGh)XV92dw2On1_db%D`>`lYfU7~Bw85BLO~L_>fVK_GIte_!H<2I5ZWB{={~TU5L3 z2;`Jm>aL3~;8W-_IpK-%E@0Ru8~*NB@2nr+pPW+9KpX(2_VB89 z;H+%hr1WL}?UT0iFqXb#tgAKF#j~FI^PIDVz;0qPUYP2o zk*jQ)0X5%%y)-;~U+A3n!%>qQD_TX|CE}C~F&IJ^p7Bp2O3kb@_^F}AHUo-vngmEsEnndLPCEZA zYJN)kK?Qz{Ii+C!F2GCteSo)j_&AgP?Q3RF_xp@c#!B(S(ahS>fmlG#!a`5q!sri6 zaL>)j4dnZPQ5EE$WZk&s8OpY+LZJ9cK)d0K3F#LgnvRMVlkweMb)47eT6IxE*YueG+&y$+k>b(qjODp}Dp zjYlC@T#sm%u;S6ckaVYw6DYdZJQN^^M*LO#+zk-bOX|&O{IRIwJBXFB=WA8C71&3* z8}^#Y!^DRD>qBg?i`2gQlOEnMs`nw*CHIlaB-aXijzI>L=XNI2~vErPY|_?1t(PXXt~C4ajqq8OyfMR+38 zEK>B?#WyvgoB|UP95%J2_k`+B_!D{5drR+oZ;h^<=#pH z;D-|j<~L57gAkn?_7j)UM{BeUZeWh6C zSw9r5E+d|k(+TZEKD=G-gCsrZ;Kz6wq^gF?&%xY<)NwMR=LC0fMc=P9>KY|lqJ^+- zrU;h;?C;q9L>V=C6^Ap!?G7_PJ51v@n?kI`3BkjPTrrt$QKNi}O)9vSVTDuOPErAn zp;f{=bfKDQYaki9O4mMVUW`3JBDAcAiC=wLQ`7e~E9R!cIMrJ#18-VHWFd=o^?&^c z&LI8?HbaNa!nftHSRuO#-o}eeX0IzZ5ZywU5ShK^xEh3DC7cc>9*w;x@1s$1Nx#~I z8t)n}O6L8?kk#UR;^y1OWO3nR%le=9asR>j=AV_>zW`U>(TdO5!N~3(8hvR>S|1m{ z=w8xD)dUs-PqRVl6c7ZT>rF$yRMM0Mmw^?7W*yG~QBhksF{QwQ(jBw+xLo9Q_>_#t zNoVN~6r;Iq!C!Xc}3c5JX<@L49f}-c(QJiG?bc7zt-z7g6S;jUe^N+|2)>0fe}+cnRWm z9nn%+7XKl*v0813WhF+%E&<3Jb7?j~fmy*q3vz32v6yUQ=_sx^NzPjtSw0I;GMH*O z)^Q6%X2((;NjEcdts%AyXWFkWb2nN*K20PRVeL!%bBKcYUKPd!h*)|L})MUB;pz$Uj| zK3$zJ!;FweOvXg479(3JOQ~Q_GOxu zZJIk0L6r!Mr>&6g=ByGZzj4L4m(Pn0?BHwmnoS}-jyOZ{Zw8igC3Gry6IRriLK6-a zfTH}i^HK~x8sDy1a2J#W3ug7g-aeDm>K4;o$)*57OO+lZzYvwFf@~ZdN^N0zAu??w z(--*j+>_%Jq?!=6se(-bR6K$TUGY9t6Jnyi=kFvqfp#w3hT&>UgiooMg&k}2JL;c}gy^JRCSaHDIg;eUd0r#@ z??`C#iIf6sV47`^c8jX_l7vPEkMjGR^ZQYKN!t_|HR&|S-BPe^jt_J2A*YZgDO%)e zQ)8N}RBu}~!Mo8MWpPxpQsAwzGS28_t^?&u3?sc`#1UKq>>#vm5ptKz<8%u4c_ttx z?r)KU9E{PjZZ~PWkFvA`onAc-9?y1T;cF*rP{T`Ob;DVeUHz6F5M)3OKI_EX1<(x* z6X?XKb{}Sy&Rb~Jf)=_J5oG~O68tnFy6fN->M@Z)7%RXdss#@aalvEoE$Z@QhVqES zg|hY4nPg7GUG{4Z?^Pv^4Lc=5?0&uH^|stODH_$a@yz;QN5IxKR+%!Y2cO2uBXH*D z#)^}$$BXqBcX^Xyd5ypN?BkH5?`|9krSidy4PI*sAm$BwhNc-m-TXXY#oZ*h(|DZk z0H4vhD~QW=M*B6vpuu)?$GGDfW|yx*p>uFsy=oqjl9oS#=@~McaHx$Of)IuH14#UTj-Ja~z#|1;4Vmce<>x@_OM zVgI2}KfKDg#aihS2jF3@Xw}%AjGit>rKWBqnu(F0D~G)03ee$EMP1)l6=9@`-f|<{ z%CK>Qr@7(cN!cCUZg)(SOWsg0+0-&H1F}XO>pBIpewjjh|04@G5hWDQ`El?28S?Lf z6UYCps`#shs8fT~)Esbqhi@5K(ZUT9z%Mg0^pC1l{{}HM?+Yivk1z0P2#A8;>hvoO z-DR#(!l|Bwv_4lb7MImDyV>%-gFac+biP#;vajKBj#=@l^D;5FosQH@zQ}pc_~Th765EGhGu}-Z@6~Fo46vzE!;=jNvKL$|813^`H_4OBbRflRnFr6_z?h4= z@&v?TP4zREny0F=H(g02`Xe}R{8qJZL+jQK@UEj4%1Bu#`heUcjAV2i%qH@hb3TdYWv;{mla;6105KT$(k?C-@F8rH<&MJ zc#|(JdDSm*fHzn!xp`T4%;?(bZs0+#H;nECd>?aHpWuOcuXlK_bi7VGBVk_~eBTi( z-+%VJQ+3H)Dqwgi|H#-uV|a7*K`c%Q`2S~(LGbX%x{1&UE(7vvJt2ex75P51WazD0dPTRsJ<4Q z?bVV>f<_3w7B*b69`342R1T{?9KPtT9q9=6*$Y^St=QKmq!~=QvBH9dU_p?A_e}0D z4Lx5A^npYa6W^wl)C*3c4Q%Y@5aM%3uJODYOf!am_g2XR{n zO_%2j4F=ubV*-HSJwj z*(3SbzVy%8&chY>JAE$sBF<7P$dg;Kff1qJ9r2?Mzvbpg_ey@&-!-+?#Ge1^hl+5_ z#O-yjgZQX`95;Mp2Cdj-BWiwBiS>}*@dS>8U^T5;%-}?WQno)woVeNU+t*wTD25J% ztmRjGOonsfiM<-F{NUZIYOl|zd#SC=I6!9x6jL?)(KFxj_AnYk8O%uxVl-cK;*rPX z$t83o9fX+ll+&Gy2E>SG(8l-a*+w}xxD#-Kqo6_<>7gAz`xOYd>}Vzn1L&4_;`xDI zPEEhpa>vI|W;H*KO>@LQ-NO_dDXDJd+P9>&$8u=I_qXukHjLkKIm>5qhwgpH6$`gf zW|<2pol6TfX!E2_77Y*Y+m;*-9Oxyk*6o7<@zpErgx@*LD@zI zlH9Oy|E|3j@86+>)|XwAVr2SLFSPrfBs-f|eXBA}l-XiM(w{7W__{ni)NSPH#h}P# z@!TO-TXDRzQq1D}b^yB`VVGQimP(duw(N-HDgX_ucvTUV-K`B;ZrOana}1C z>^X3LS+r(k%*b{5>Sg6jN@=3)0ATH4m84?rG9%KC>z#f@*zajY^CM%h_*^Gn?xq=( zWGxNTDP-Gs$$Ph(2RSW@h3Dc(T4X6$ZSl_8uE6Fjwxu4C1NNW3+W8bmuLuO1Xu_9B z<$sq;F{w;fsaD=a%V|W$8E0WDd58>OQvNEJ5H^=qed6#`VxR4Jw5n=StX$Wps4;h! z-|P##?gNg>Ix(P4r^7R@+WTc?M#>Hw{d-DLeF;wYk#vBPN}(r{jERc0LS2y->AJ5o z=J$r8`@**TX1Oz_SuX{gs7NPN#yP$@vqFLVW--Sk_Q;2n(?V_CLR^KrVjcw?Wf4io z8qV*9UJ9^<1^`a0Vzgpp04DR2KH>;X2;x1Vqxt+g^nrOmnFIt6j~Ch~w?#&L91iMo zyfV-C!6LTv54K=W}3yeZyoM+W#+6`4dUAy&W?4` zQ1)LozH~XCC~a$0E=sY{k))D&GAZiBG8axo(xlw<-9ul<$2Rqb6vkQ zCBl;3P3{57*^QjpnBL&brBiW6vD*mXyuhV_JVr4gbYM z@FmqkZmYy9NQ@1aYXA*Hry6R3uDhu~4wuJq87_3pM1I)PJ-B8~oaC`sl_4cTb4L+P zvocGygu)2QYYS=mys^^+vivlZ(j10U>`>I;E1WJU5;NT z&_rV=hRtM7HC-OK*UiPlO)Y}V`XtY%HG)SG$3rPrM0 z)fUH()HNv=rLUVsULB#1zbWg7YR{-p`GL~bYc_2hjnQyXs8dTL(~Kl>u7OclP`+Xv zy;>@mUQH@C#G(&c*T2+U0GoY1GhB#LW-gI%ji}PRp?)gFGPeO?1GdSLe+Dn7+>@&? z;kmgRE#Njm<}riH)V(r?)r@-gP_Th57Hb?J=rGUNRvpD?j4(hK071UYxr_pl#chU= zSwkjI_nBf3&K_t|$+dps01j6LkS=P@nE~y&Kmu5@?82hB^Hkt4sJhMCyh#NZvKgvg zhUgP_J-cM_lKt6c9X?aex*)bgUyf+nea;`vLz874>tX2yu^=p+qCuU zcdPcd?Ghy<5#}7}IlO8O>>ua-u#Mnct_PpA0|Z=HuGT~_;iHCsu>%%j zrcXpq__kfS)3(BUpE0-FBX4o>*I&%?7m!X)g3kE#UAY;)iUzTnId=G?z{>{Ek>mz0 zhD77H2D)@Ag_IZ?Pi(f`rV~I-pbti>Y&xy-^t|9~mBcgEa*3er!DK2g=ToQ@tf2tG-ZU_M6o@GCr`}Y=E$a zJp?3^R@rL4%!xlweScO+OW$kxd~(+?dX2*`>phaH{LAf`;L<7LVsl8K^~oyvKyTdz z6 zA<+)YtATrB1eKDY1>u-h9Luc4(#U#93_@D-)z{UK^Ht_VrD5Xal~t((IZPWiDP4se z_FW?f$t)uqs1$IrDfK2JAdRBJ6Ar0OfS3ic4m^vDJ{O&&-azI71v5-D(D@smbLWgV zA{W^dEAHeHDNap_Z1)v#+ivS0Att;M@FW-S5!0y-=bLZuc6d@Xy|3fNYwS0eeVYEO8F6B<)Akc)tpLj&`v&k5JqvON#+# z^xO@jO>g*tE6?K{aF|lOYS~xOP}jK6t7DUHO!oB&lP7gHVBAl_uM}^RFVjh>hbET? z>JE5E?E#EIZ;?i~c=+WFh$9Z2`C04Ig@i|gOnT28-Qt*sx%r$AnkN_(c+Eiq?piCW zb5<8bi;6EOsM}^RE~GXy_1nkW%ObLfx;$$~#rfUMn&=%1EDjYKY2I(pXj9y0W(1Z# zI+KPSxqRLMsE;f&L)PeK9eD%Xfoa15YpcAOFf>n6yV>!Mmjtb$&hvq-=*{Bwz;j;o#A73RM4p^+FD4$-a_PG&j|sK$+b4-gb>;<= z-089=0tTKvA`xrj3{|#mg#9sXot4JFm3=EJ?iR1Z{#?gjgGJcvGoJ08)#j)aQK$4M zVTr*=GXtO)mId4Mqtdz@b1A2Y>R@%EN0lQJ+BpCb+|hgpjQw*MFs=Mxywy=~)g zTi7zZaa4oN7jpQUU`)Co&a~>Ug6yReytxC==#xfEQUx5{Y<>ywp+pXOgm&)!5tQ#l z9m0;M(64a6cZ@%iY_$7fKYaov_`7EDKiK#D|4g#}eFXiF%iFYYKC3@+;+W zx?Px5#cn`~#9zpv8+{;iHU}{z>U*|SZG3QxyX90YxOBXQb)MaBZrodd3uO%l8F&3( zH^DY8=T%9m>z5bRBl1nydL0WYk}t1l!X3LrTMk@o4`43*=?*mJVD+;Zk(NU1hv5lN z{h;JT&eil~Wm=VlK4mS2*M-j!*x<+Qpc&QG7V|i+3U(jxZtgK=kv*m)5a%-YnKvtp zPJ2m=D+Kl{j^q7)Joa7`P4yq0GStWM{eK?xvH!1oX)!A&YjdN&$h7}h$Hr*MpfI2S zHW-P3dp4_~y}Uc2`i)qmnb*-_wb4Z-mD_xD!&KJx3>!u)BskMRz2hNG^|ODQU4Kmz z!Y?OvnVLzTxk)eJKKmo1>*C+SK&YA0Ph9S9Pt-kz-eAMkt?y6byC`?A9ea|5<2x5$ zwN|TRx+kw;D#a=TZX8(c&@=q`46B7p+>@04DEBM|xv=ipj(kS)*y_1{tsvs2WdapV z4O!JZwPoKWZO+p7l7tLeQC)l{MSqgCg=7W8wftz%LPLG;*N*O?8zq{H9awQKQHhZg z|3sPtGyd82?N8ifEzYJH6j&qW%kpoNmzOTTG6meFG15c|YdXxJReC2s}+-Z8yv#OFm%)qoey{;F&} zmS7o2$xSBM409L!D4RWPa(b1kS2x>+y=A>A>!$KsKmDGSXz40U^(+ffHccea;kNwJ z06P)g)@pO^x{!#y`OuM%D|k(5rL$)902&>rUFnL1{g?bu6s?^ ztV6vSQlO-v^afk!pYL?lq_;t=0b3VR*1dWssn~)BM*TWlX{?K*10@MFq@=sgT;@)* zvJ~CknI~e^U?;WYs6pSNI@GE1xcm(ji&%-ZK_lyF6iPf-ll4+G%M;PvmBQ|8yG(^&P7}Cla-d*1CDtkbX2S+LvUI$cur5K zY&0%>0>?axi{c9wQSuMQnkp)hat(!6I~4R%*YYszH<5$vkQlWxHCQE{r7q9nSN;m7 zFN5$`+_k22BuU2`t5ZJgv^S7xTP>IZ!l)!77)l8UE=2qryJRjr35zL$Ub=WD8RHiM zy9YXi@pP>p&ed7$X%sgg8fj;0JhfoLws0yzi8xH7Ta*alitLEtik;}|`-_JJls04m z&Oul44oCs1wG7jMd#rI3xQv}HF^i*5MP;6cNi~+} z-}A!lv5kb699V^Bm{VB$=i%tv>tq*2_HFJ}G`Tx_l^49O{kb2`4UR8CXF{W|$;SnM zp%O1q@eSt!znSa54&~AhvBb9I2T8~7!u(`udI1V(8tho1##OLPiHFVRRX`zGmvWOb zfZ^CZI$+pK6Y>2quJ>~hhyluu*b;_U4^b$@DZB>c#nx*f=jVg=ACeYN(!62R2k3?W zb}7X7zs?o^o=W*0%`85=1OBnYRno9V7D0LIZ>U2<{^1LPCJF=Drv{M{B`;1(jDRFs ziA0%FI|OXnmc)rQU*kX*H}D3LF6+%tB`1ginR~5T#9O>Q>Sh@jDr$JcxM1IY;bAg9 z`ugym;{7QsCytM#RUFscUU;3|73{#U1m=8|1g)lerZI?6_|J=vvM{b&?~zfe!tbp6%rB=APH;|!wl zX0zs_TYw~9R2PcC_vP#^Sb&SIVfgEQn$);Wt|4SQ(rn3U8M;!6vK`3)^C?SD-R@U) z$w!TNk=X{Ik@a0#0Vgqt^YInHf$ef41&5W?Mts#_{ACjrjD|C?+0IeA^<%5_mdkUt z-cm{SGy*+#mYhwXSIujgxWYot_BD^4aP#hnL^~46B2rzX{a2OM!!JC2LPXX>#hM0- ztM(XY`0^pk;zwj9*wlBgkLT2bWm>bKWah~9l-}gk)ht{pD zDu$%1@@wwu)&3U3D_p1Gh6}Cl)lweehezTiMr1Zp?WO@}m%uF}jPcZV?D0Z)&o%53 z$ZDyA+FfhZ@skrav@i>-f>JuwmfB3GDONO5sn8RWZ@mrJT{fI0t>{!Qj*wQ!S2O4b8LtP6vI?86+K}RRQbu zsdLAyY)5XIXNB4r;~rInhkDd>qZQ?=v`new@yoSF8+qWQt#owFB{9I7ClPc^>alp(MWBqVc)Sc5HA zMvX02C%=LK$T2mB4f3R<%HH7|z8%p(*UaS^yWUim3h ziXt#CuHjH^fwo!;+pOooUydhB@>Sfx8eXVfD4I-)NVhGsrU^w(vp`#&WrDqi z_rW>;SBc&WH(1fcRAB-m>o?Q_IhoCiKcPX8VmYbwBQ&J^?Mmi3M4so3-)A!ov%=4>UHY&D5C(m%OH!)gPvt52fgn)Cd)3b zcDNj4c>oK8OaSbGv?&4RPSngbVM1gY#v)vgO}w8F7b=HZn`F(RSRPPA&VbA_B9=y# zCYB>KDpg*`Od-P*J=8R-Htf#dR|}pqUaT3!UH~OAlNhBCQkd>OE$-xUvbwX;>u@9}DV4EdJ{$|s6q_H zFSy^_JGg_N+nNght>6yc+=pS zP?@RCRAF5yhD35%=sSziAkES2-edH2^O4=kY?uJ{_-7yyPc4RmUqcAbk5~RHSm0u5 z?}z(@eq3!=U$p1Kpz=&0NCUE$bO;5GSDP?^o)H8N5N+tpFq6%f3}a0i;-3H|8u>(9 zh<@2AO6F-VRWM04D^{gDT~rI(yPzfdbT_TE#%N`cE{Z;~li~h9$d^$ZG8Oo^^pWyW zzV;(S%AiUb2q$JRz+}`k{~(r!dXCP#vBJ*#p|*?BPwNH`6YPDSnw6t%Rb{A=^42C8 zkpWaDUjdsIL7l|uiBT1+{%j?Y%yiKP3B$jb& z=h~Z=E{@71qu{qzMPT@lx!2d1!YxSi%?jQ9w7uJ9n!!!1Lplb&O|YGIM5lWctpzfj zqy;jwq~-6_>d_{+V@ilgGQsLkVck2j>`Rp^^>Wo1!qXWm=(#VJZPytK5|3XVU5dTD zZFnQ6MTWD+4?9D8g@0x7%=F{MRG&QTG$(0`s97`$-7C|GHf>4ZaVA4&7iH0}b%*5m z4)cpoGo&=URTQZJJ?NyD__9bijBeCdqiNV^EuW$J&W&81Am$#yBOY^`YZS8NpfK4Y z*-I?-hs@TZg;?$q)lMH3vU7JlIAVSx%-qtuQy3!c5695oEp=AGIQsJkvRwa73;w@z z*(v`XU5ZBb4u3A2|B8ZXDq8l)2dG~2F|F0AE4}>@M%$R*#lwhmdVR#gBn)7rA%$gk zIYE$;>ssp<23w5l2q#Ht@@mCWYNehrOqXj%9Xxs*rjzESmnmjSG;j003Enf`GjBOs zrp2ob1>CaM9(GzMp4`S=Rom2bFqKX0H%&7b9o)W#ohLHV(E!$jV(U-S zs?!2)<)a79X6#@Grf%b6%#&TO zB+pG%oHYF4(cG(Ao@{6z(3 z06JPl->L~#v}JL%JM*4|#vr_E!qyk4@Qo$s_$?YV=FmREpH1(B--+ASD_F;jJs6Go74yP8vG<13%DmBUqmsdrS-c0_MTc*~xD_=w3}C&fgxWE8 z$>mYF_244Z1M}7?$vey~T!wnfR3iamVo*Mu*cC&+cJetII%07s*9ehE5ZnikcG1T!K8c z1p|y%;~jCiiG}=y3LY=Zsmq$?o@Ybm-Ilz~zH5CyC~KOB_Eed8V81(gcyocpG5BsT zFL%aE`B)F{=o(U(Z#ypV?Y&pp<*5fP!56CfIO2p)D$Ku9@ zP1f3(?+HG;5aDqTRpGx-0sFS2hzKm|OtX$Q3<@HrL6i}^Mw1aWC%4^s$pl6s(;Qve zPJ8goA&^afGSQVtEx_7lX6tmdgT@wWPL9kOWt3lO^t!o_)lnC@bs)S#V=l|tL+(W} z1n_jRf;QNu150)BPH|#J1o8^6m=fb+SVpjI;K>OPO_iG_xS`4PrL<)CXBxdtMB3EQDIN#N-C;rAM73sGSJ!gd*Ua0bOalpV+wm^h*^x(@-z^d3kr9BhJ- zBsVT%>;JCNE?LA7k=^SaQDcIbReoR_mkJR}mC*Qt8Y#pE+`pQeOHVr7LBGS^4*})u zBsa{<(HYx5D~RuyD(|%_b2$K}J-ksua(_?CRb>FH!? zhU)@aJVMV}hUJ^u6fpY0_vy5(YP+YtIRp-Wa*I^E#3A zG}Yc|uh&crWhjcT-=C-#_&>9G7Wsbr&KZTdS&ny8Vebq^XGiN48Rr&CT84iMUt7Kv z9RACwzPQ7b#C_boMXL4}KjZ`9gHAtHo{Q)K;#1J36-a6YP}nSUsf6Z^h(s_#4@p#^ zPidAl(YU-{KiZFTu`$Af0LyY>%TMpXzq7USE%j&RkAcP!!ru+R|A$N0KOA}{_J1MK z|CfN|e;JLks6#s)%m-+|_JzC4$s+JweX0U1BO!^(!yj}5yO1-?qkJ|&MC5_UC4{^pSsVL;MJl2X>%@XPIFd@#KwnS?ob{^KQY zQwfK#byi!Q2Bje*Zl@zxO!yPQ67%*=LPQj+N4Y=k>RHxypmP35VV@-@i-VP3TjOe|o7SV<3En`rb*@4oXM5rMCq68mPU{(9 z^KySxa@jN8d}Xq)Y4Lu0dj-`+oFnd!O3>)~h9m@RPmV#p6CDBSHyR%i5+Q^m0n^Xm zZ0CCrSU*9pa`T$+h~7k4`#R`ox$)gr1zQLXKHxyz5mm)V)E}I1Pzn8u8$vfp!AKe{ zbEUQ?@y&I9kKbk+qu6dU{tj4A!K>-ymN?ZZV=r5qX9|H9a``XT?`KPI;Oz%dM%nu; zjWr{l1RX8?jTQl)VfG_(l{hS`6@`oG8U)9VU@IJZJ@vJQ7T}&38nDk+lL(!0t{!0gEt9_bEg^vMpwd)pbf zHbpil3TQY@UiL+Y>8ZBtenovozST9uZPJ6%b@AfMYZFXxhvrJmYakIr8}f-C8vG1I zY?gdW-DjE?O>n_(Rx-&MuYUwns>N-w!g2+Ev*fWEa-&v3`~F5=hD^=X2xd!99jPS5bpmNS$+uj3o5g& zfC$9MqtYmwRr4u-tIVEL4~S>&rA++tk}1I$wME^M?pf)D%IjOp8d+31fSIRH=Q%eh8Ue=+>y*2G^M?cT6aBZu zw^{w41hy+h_5cU9#a5(KD?8`4)mqV53NDtJ;^gwE6VaqgtZswElTD~Uj%9M6CKgFD zji{6A`Z*t7Bf^wwv~^emP#Xm?sp6bR3-a}n?(3`8ZPIj%{4Yh#HXIt7I&Mq*bB=f2 zmKjqCx4-K?Z3p)e*#$1VPKo2Bo@+^u#n^Ci2}q`z46+h|w^xRtiqGESB#C=ChuS6L zq)yOdD)}y0yJ}Zrr8$;QmgHJ~(2=NT4(@u$j2wa_{5ToIEFcp`B5Nd_hs`fJNfaTd zyeq4OGddHVMek_ZsPUMqncrr7g9URqWQHmG#|)8Z=PpbPs2Gm+XpUq00MB+)|c8ZEHby>z3@4CY)Y8! z9=PeFjnFB@!ZFK^v<6W^aDK^uNtbD$aa0wM$q&K|Ch#82%IRVhse=*kxutwf!qZ*| zoGo-}9K`*`Su7G%L3v%87&!m0x>4NNo~es)jY-i*`Emm5Ws{%E^Oay zE|*AyO$1A?_KX~SAbOP7AbPs92)%o^f#~j+1&g_p=Sl9)zK+8U9WWgotchPAmTo<* zK1F7met$R>n}*WoAzmVgZV%s6k;zyp-NqlY#bL)hg}%P+7vg0LUxfDlwib~D#l$5Q zW~-kLyK^LnS%3|d8!V6q^hIpJ6M&RY&e|g+DPlq{;%X9UoMa`UD3D^0p66CqGg3dO zhTe!0V?vJ=jn)GNoJ=fnj4Rw694ji%LM&&#EG+0&@nS3OVDGRU=VnLyuw&TFG1JT7 zX1D)hE8N1N5?r$wTQeCMd$v!FXwpP>Aa44!^oPS%4hOa~`!U*#_}kIu|8Q;oSKyF0 zGPd|wb(%RD{gb-(kM3S>M0({L3U@3!E4%Mye%wPupsqgxRk4*Ul~Q$xAklp+y?^j% zV=_BM1}IjPYOOmDlx@GDnJ;SH?#tJQ)q$^H*WbY^1MAQU_6-y-3A*{i7+Etig> zMKM#%O_V6LCe+WGuVeg+zD^w!S?%RlL@Fjf9}CnI3+oyiFdY@P#}rjtx~`rg4CLa! zkMlx4jN*4J@sJHk8DkCCIlk=`=Xtv&uv|?Z39EidH1tbI3x0~e)0FUL@$!9Yus?f_ zXAwj%(gSn!J#!wF?SWDTy?@`q1wyWEFMJBL&zRNX>^A1ja!(8K7v!O{V`EHxVhOeblS1nGjvnt zGaLjRd||(tYYfzgfLpp!V;_&=!o7aJ%?W99^etYEFt!Jf-xUxm`y*=b zNA)xHZ^P05Zso`OzeyBQjusAPHWo&|r`aFw2mgJ={UJ6<#D~C*YVgBgwzT|;_OZ4F zDuQP?2w(dfhEVHnTey_Pkwaj*mGdv^j4$_kyq%Fq=A`2E_(3=Hj>U!c(n<<46Yp=p zi@kRK1k{REs(naV>0$-`R^ka1=H(IhkPedQD>bAy-H-W`d~i7rh*{NTVb@&#MHxqF zjcB%);sZs)9@iyeV0 zTtEE)lnIFUhE^t*lgFj=vZkxP=W?Yh7fj{Pi)hx(o#w;p!td5Rz-;AD~ zj-F5GYNz{IXp%d)6$Zj3fKAU)q5>pEUQ{4;G3-MO0r&p>tNH(6Wx|WuGvZ~*~izw+|@;> zD|*#vQT!ZtJv$Y95jEN&0&fTh^l8b++u^yFw+xq8%({(IY0Xs*egfzhcd$}DlHs{z zn5dp7_$KSF+#5<+U>=|5)AEg#yc(eMOZLdaL{^SQy_+}IbN$>cIwk-}#_kgkfTsEV z+*Iy1#ZAnnC{jf#~7qjerqoRYs18rKa93!n14Bp*v!O(Rla3dIDIgU@G@q3`d6wd`n=dSU6gj z`q^?K1Bow_@QyFVAGiJkAEbs%E$FZd zDzd-)cm@O-AxG@5ADbqUqn;v%j;w4vHa{*^Oh31B-UCziBgW|RnNs_k|s5 zKLY0s8}xoQ7`^$1uLD|W<}KZ}I#V9i2iPJRYn55mxZZTs^w8%*c^{2 z!UX0~BFeAp{fpK2^5qW7X-vwuX&D3~)FFy%eztdd2ruS(CO!jprED!moN4Ce_k8ed z*LIZ!9vtg{e*>$}W;N!R?>Dd*{~cI4e*w!g$a%pqv2k@3KF|bq{Gm8ARf{CO@4R_$ zHDIub-?MBdUUA(bA@@3VX(fh1m{$7TmQOW_bqIKIq{q-Q8nqKU#-(Vu6Tig z{zc3PbEPiDJ}zmS^$m}A<3%gRb)@pwgi0jdqHUfY%PS&w)7L8px*NANf~0bXhYXO+ zZx65d;hu5jzwm*+SN_2gbs7YWp$sBB0hte?8$c-v)*$Xx721croG&fSmKZWGh8K}m z(24T_v};0i`~yrE8^LXT9npR_X`K~Z-g)G8TFseLKpZe*-3x1pB4xrd$}(@58T!XW@|j0E>u zE{&8S+Cqbr$E!gny1-TY0Mq+efXy!3?^;C)B9dwH1565k3#R`;U*SKesec92zhw|ttl-x*5qwFE57yHd#O14#Zp41Y3|vj7)G=!zC&3-mM0y33h{O#p8&{AMV+ zln3Zek|l+#m_;!glgYT(0oO(<2h+>lLIK?;;}7E{2zj~NVuJ86fCb2moIm{xI1UGF z4d%I7q5%XN%!rK&`i~*SB!XIF70@2tsmfl3igu!1)(wUsCe2!^RciYWHNP1QJ7?HH zf_6QK8ue>zXQi)h`$cqBWbq`s$wN3I2-~((@hqMbIg0<1p~muU98gt|C=HTQgnzcw zr<#7KmkGjQ>QIPKxB~9{OQoNsJO!?s*=zSozzo_O2jCk&GF1Lcax&Zmi)5QAyOs7C zx8_3^Oi_d@M)qp8MM4X}k^$ydbf9WLT)m>w_lY5TxAsEodl{&dGetgvHvX^BXRgpm zOz8>%&pGi)Dz*xiF;FJi_0D;og|m-?>ohsWwhOVu=avJGD#y(+^I7GJYCS-}=+{H% zoEG!EPn{>&J@O4OvmhGvWK{Y+vLz=krc4j>7fR~#j8DaJU?3BbfU zHbX<^v|EQXSFQ?*HMTe@?MW;$R?%RqEHP0|RRh2ocI9+c-|3tqF&}RcSe@?$`;1i2 zLe!tssQ_>Fclyo;o%9=0_yTwpivBy2qvLypu+?cDltl?JDetckPZ2a932Mx`-}k0X zhK{L18ACXx@BTUV)9zv3MIJOlULbFf&vyp(yBYCZ7rXvEG>;d&cSuzt+_ zm>&rW^7xBZKSY+|C0BQVDei>Fw@Yr}d|skk!dRSh4&g_l+E3|tPmriPpT;_!O&@(r z9*>v`u%@Jpjl#D>GAywT{GlG_*~{fl9jlRf0{PcWv#jc68xGC8H@eQ)O+%5#XlQ4! zO|7D}TKlHJGD&j5of(b-rJf#%0l$d(iVZLY4A-(St{`SJ?0K-CV1I+kcMd`9cZO2> zTTn^;Uo+HSwcuYVO4d=|!pz_wg`eUFtmF{hq&1rJP{_%H9#vq)y?rcE5iI&35C!CW zKk`${jFZBbhL+t^+CwInojU8Ta6u`LPdZ(u+o9+OsqsGodh^}vy^K4a_EVOUZvLRk z&ILgTq=?*YFGg6nNAaJiQiE+^S)HOEL7+{nKcZm(i7i4BFzqYCgz*!aVNHL$t0t&- zSt1;tQ#cMNb(S5Lv7f=%k<{0P%;#TT+Y=27$W)&^ z=Ngu$-EKu?`lZFb8XXHs_ibRJf9U`}teOkIxG(mc5PO0PPAJ!!#C3sVTzt?A`<4;a zUJq2}cJB|1#eC%u=@!KmCR(&X3$>$#)duG4+U4DbN@iM9A6Y(opL29=Zt^8*-ynY% z?r8N1)Ldl=Joa;)0VU!;?6;Ma<6oM@8nqpsy61@FDUH)HOZiY!~M3l@lD2?C-o z^CBQ{b2#cfcGy{LD?;cUv7dSDNLq5U00#d92Vu~#Ns zyzr6^xv9HE7k;MU=jW(mIKPr&@Ynlk57-FhrdEd%88_9LyyOPYq(Vf~Hv zI5!DQJL#MXwZe6$=2aW%F@;1?+H-nk@LL^gVlF4tX?;u99oD!FfY*5b2}vEEO03e2rK@K*pT)D%O2H zI`Y44v55b>f6iYQ^?zoX|50DsknCf?{9rQEIxEzD1=4*61@CD~@`DD=5wfp+t6CG2 zkwFoky&&`^ruPOSkd$UW8N3&S4fH-DIr1hS89G|y2GZ^^fOLTL0iVGwNXa1v&zqA@ z_fKv>2Bd3JG9{^bipC+psn$;)nh2}Nl8s1a5GNNy`;yPB+U2?m-b$+{XUJflM~UQ2 zFAREheXelx61-Q-(X(MHOL994Qv1#&jp%a=wi0@HvU&Qoko+u{K#z8@DP%#N7320T zC#~?5Q?<*PFv)}4`PFm5)hG{$6kIuE*EN5kzl{&JLJIgqzuaI4A1jMBv9FhXjY(#4 zfvx;A#|ET7?Ppp|7l3!{*?y(~0m9#Bf+jFkRkL-&|LslS{_jjbf`7yW^XpBZetoY0 z?*SNmDm*3T7mC33> zu;WnXM(ZJ$R1)^J+{Q`mV>_@T(``MxM!6_IxSIEJwa}#5C9Fij?k3G4WECX21w%$E zL1xM!`khZGiLiCO8!1oFQRuy)T17M7WW3olk>6!~C~A4-J+8$XJIO)~7Hyt=p4R}& zL*cGgF8wXlGdW?xt(?V@M)k-o4?H{wtVS{24MXNqh|7&0MODHs zbkY7Yv1aC~+-VKgz+<;p64Dg|cEUcyI{b52@Ppi{gX=Its(qhPx*<_`)gMbpZSLLK zYfV_{^C(>s3!R7ZS84j?1Vmt^bKTcgVDZEB2KfQrbwkhAUaIxAa@M{_W6Ow$ilPzW zCH@!mj9Pb!=JxC3#MA-^BfP`g5OhYSMF!{ei0$U!_`0~05?7W%Ox{2)yf4WgVISm( zW03~^1nlWaMlN$l_%sf7;Ix>HFcyDamSzWVw=1mR@8is65sH)dID3QBr+ntJWA`Ax zJp#neEUc3&ZIOMvdc@0-7(6Ot_J?i^;Ttre=R(0EoJ(JG&Q+N|DcBc1x{}0VZ`E1e z2-6%nhT_UZKk#7XLyoTu8Ul&$XDl8qHp$BS`af)lN`e$I}-&U9k^=mh%x^7Kvakz4#8uQRE*xF zxX^}ACYs6m>(rh7WqxY%RmMO3mtOh*zfj#@esuqv>b|ND3W&T-|B)<}f)@~UH$p?& zF8oDxBsKY>TefR58ta#7ZCcY?+YwWrFuEj`xikG3KNB1-zj7sU>r(nBqsQ@7<~rst zE$oyY@c#8bGNm!nuS_Ww(lig!z!r$B7W+%wlxOgpFrx`~>}NNkbfF|{j!Kgy6D$VJ zkoRhFvP{ju7@LMDjBU^wDIJZ69hT5%6eiPzCI8op?%zb``@f0KCgvYRCq?kRS}p`A_#Z?!hiwJ&PoiV| zBD$x)h%WU@*a8tb;VbY(bf)!JKs$0@MAupMMRbJ!h3L{ZX}^eW=!@u(Q39ch=Scnw z(dAV(D*SJvD^1*Gy6{u|i|B^Ze>KMN{Y`Wg*AkJXe-jGYx2J)MY49b|A-(tM*(XmyMKym{-ZwLpt|OWBZA1AH&#hA7G^X=xYLRVA(gb( zU?@fs#}F%ni%gOpu2cvjXJjFXU$bLIsu$x8<~YwSG%|nQ z6Xx;7Akjr`-)b^8UN`P-KWpof(mk&;_@|FHyr{`_SDhR|zwZ_FR=+J*-td_0q}UNh z4*(Th*n4y5kXwtMGaKCNu`>AXmK0hh!Sey)0q2W#ph*DO`VqOIP5E|Oc%BCpXRDUR zDFXYo9osQ@`ZH)QKj-tb`+!+{7Ai6)VxC|7q3AzSl0Sc}Wn->w5r zSd$sq0!`2bJR%0^JhEZt;$3w9yj3gF7@%+dJLUIYj3uJr!tp!ncP;OaXL;Uquw%_k zU6QU<_(vKe2;#5!D+`;o?aSJX}bi$UzQs{Q{ zB1Qcx*W%<}C8i5RpnRM_?rTu6%NDD(9++#CiMeA3yn zxyIl?9Uy1V9l-sZ@ZF}AE@Id40(uMq#yZxUm$HG!WTYD!L3}v+cZ$pR0NyjvE8kgN z&yr-F#e}f**AlB$R+I-=wweL^KZ&d`R3*M?O|DNO#QN$uBN<5#uCORWj{`GI6V*)N zM134~EX67l=#?}xLRy%eaEHZi<8V-9>{>*{@by)R=V70TUKTeBLrJ~~S=U;^u#KN? zTlm)Ft=qD^dRxY!>?H(~u*d*ipdcWrdxgwwB7TvrWe&sENOQMfSGEb|KjM=FM2~^! zjM6jafxTCZGDc(|+cdfXm#9Y$e)5_xdcCPEOLtv_y3+eavF_pfdJHJhv7s38FGURa zxeW2{f%DS0NQW$!gtJPfBkr(HR4Pn#fBb6RUV>l-31_Dm@cWMB1OaLNUg9&)pja=l z(tiSJe91byrn9=MD0UE8d0?P6N!OW9+5zm4T0|S>BK@uT52rHiXk3azYwjVq)6_6m zalievjL(RW18EJDR3)@?ogyZQCZ4>~oOmZ_G7o!yP00BZdA8upoUshGBAL(wj$0t7 ziIe*cQ$jIGCHG(gfjE(hmg$XxRXx%eQ**!38BK_PK>T&_?h;X2ReW8%^#8Jd{yz+x z{G&$s&$Q;hFL%pS*7~aJWAX|~VJs3A$hVJqmUQ$Ig@;iRVh0KN6OrfD^ONoM{JzIZnrx1tLezA4>IcB< z?5v>*T;BfLt+2W{fet#pkNldlpX}CmENIUz>SJ)BLn(PRsG~$6>N>h*9RI}I)p?SO zxvj=m4KK^DTi^01a1Q2tFz4s>ODwiskEI<5kXIV}$T7osc&`c$5VPjeEyghv674a2 z1+PO)oPKY53Va|r(`qTts;gz$n=e^Z?V!c>^Lrsd*T+$po@Fj_p$vm?Pw5w-VW#;! zi`P%#v#If&M%>7wlzSvC`XeIs4RG$PQzP*tjCC6%&^HO^(E$q%g)dR?>T)c?%Db@x z+_(4sLRVGxv80G~Ov;?yC?5b8&RJ^y5%jS|rj!LpFYQ6NzA#hU=ugfR;+qsogk0_L&y`6NL~b z9vb%y`mQj@JU5Fz3TokToVvn%3~hW4Yh9&nNqA0L*=S@AIy7bQbX=!pDZt7K zwvT*iE{sYJOd^#^P6;KD(8hc+Es>s~`bpVQiuJzzRGp18R|IHj297ijBO@V@Gk6$h z>C1@90QT13!m^Q~L_zUUSdq(UrEIj->J*Th4lqqG%~__KqMSB22MYqFv&5lJ(+R%d zRux8s%XjHb(LWAdsL$me+fJ{!oexQhw6&zy20W_jFb>Zp)i{>Ms@P=mCui`P$&feB z)|cUUL^U!h5KJlZ-JEghn!4Q;&zr+-F-!D4p?>PGM2Njg55D3YV6H4?Hc(x34o(VX z23rI*QYDy91t10d49dGZTpFSqsM4b=LWB0n8zJdC!^30JoFOCjH@)=goz`7BO0X$w^R7ewJ*wW#9Gv4B>ac$Vdm{QRyUD&_f?jR0 zA)}9B;~C8Wv!rSXb`uk${N=gjdsAA`+oFaKO}O_!iS@Iw*^HE)OloJ5ZoR|CF>K>> zJcPn)Yzm9r-e}Ut24oy*&xkJ36q$*q`FR*YH-X%FAI8&V9}d5;{tM77ACDKv2h$4O z^9a{RgAD%l(&WtPxymq|dV*e_{W951qDS}G&H>(rzOq51J6 zn^$I%va?&ItHx6rQ~?RNRHRdi^~qvGC=mKyMW#>a#G@ZDh_ZF+2r+5If{`IaPN*1x zue#2P@vR^Nv)==)@`rt}!yfu@IUMI>Mug5PiTK& zX<#P-;y@MdXo)1}xpc+T6sUF36eA$ukQIm3eN29geYQ-@XETLjv-h=OEeK9&@%arE zi=mi~58~1Hll;>JuS$Qy3a@<3T-}y+G}k8(#=Y)3x1KzXp1AE^_W7@TfwJMUsLY3& zUT*Mw*Q>HY5h#j>+>&R`0>*u!TdtU&Ko5PtWQQCB(F71Ti1_fkEciP^c})05kwYdt zNW!$g6K)bBi!^Squ%<>i^0L9FDBbbthuveFI!X3Sz|I_!*gJ^!RKTJ*sP|aG(o;Gs zvqyBi17x~JxR{wX6%qehbymMkQ}rJB^sYR}35KM0%Z$aZR=wf#5)^sIL^u3g@J(F) z4Fzgr)y%T7Vh#E94R#{~Q+#DomzS$_ZPI>pp0pfyI9CRPnc zF+yQ=;qHy8e1Nqt3Ov=$Z{Pz3?Z|@&_Ixj+#)zfXB#PZvkAsr5I4^dUj!4loWFqn> z;vN%?90@$krwOm*b?Yb_ARi$T$;E1{OJ~@(P@pQUaaI@HsBy+51{83<=JzaAIm9Xg z3`7lsFJe~J0mWs-+N`t`Vb?{qW8Wifp=J(uzju_n1`m>adn6^NV5c?|6(o?p=~S@M zcGjiAS{i4xWcGau1U4JZHb1y=)^koi^b4e-&-}KzgFqg|D07*L#K&$c;dDo1INk7^ z5ICKC>XXD)K_I8;*5(_t!ju=5whFN**Xh-vabmuhe<{A){_UrEo2`b#7`jjIaeswo zN?ZI>{#}zv37uy&!l|=?4l{Bq zI(v*(mY_&w?Z%#~qTtk#LtL@_+;1}@smI887c@@u(4wow$c^zRPa~(|`MSE*8$R-v z<8Z=p$1{Z`THZUt)*T|XMEJ$;Rx9-Bmdlq-6FzX3H_czg4x2SCt&{ak^M^3k`qwSj zTP+o}_4~@EThqxLrZ{O0hmI-z>IE?5+NirKA~3C>foP+5%t0S2x?Mc9k7kJh((zKv z?(Fcf6eY&M0H(@fcZ@r#&A#@?Cl&8s2qxb7yI=ds!nd}YoIjINAke@8lFM42TBRJ3 z(I@2zvsm|0qorn@ml<(eGd1IMEe{$O(Xp{}iOM%#?*fAaD&GG5Gt;qc^jgMf66?eU z#S}#tStiSS{AJHDpHv1v6_$fUb7o^_<5hnuhzAV{qy6mLQn}Ao8|cUw6(Z$sd5&4q zs$Hub^EtoZUtUWOzi;f;FE`}(B)v}r9OvTc*Jlo7&qybCEQbt6pE{&La)sZPMM0=M z#kKieHET&`u0g}LT7b4K{}>6_G1zKY9}R`zCrJLdyBYk$Z96R@>XgDBb%p|Z!szYf zqzeMQz4YoL@)l?L&}(zw!PwptUD$XizvEZUrYAYKnP7@=N{)Mznd=RPyj#$@qKDUH z_xa?k;{JRyplXgCeo&O%4AKC_k?MFb3GFfw)M_OH2!#(Z5VJ}DsXfy?XGU7YdH-H3 zZ^#v4jki>HFa&2d>PA68gKV>Nt#*5?Lg))D(VR0(36MM2kr=bGuomX#0va~ot^#s^ z^X`If-O7XbR&n3~j%-WT3CrkNR3bWTQ8+Se=O_6UHzZi3vcwu#GY>mskbzo<@(xgm z(g#w-hOOtw2{3{Ws-BgCV7zvszhJMImF375WBnLw$bMa;?Z7+f4G=OB&+I$mRMfP{ zDF7sMd3W68UBDM;g{jSuG6bfL7J4ewsQ( z<&Hv<268wYq8HcRr?oTBL?k2`aAW9Dl7&X)+ zoEec4w(cCW6>i{}r+>A%>>XFG1PP@4k;2bncNbr<~ipR|u>LCj|8Z6_6GIY-t1nvw7JSh;q<%rL#BHaXC*w<-Pxa9Wic}Vp9Xc<{fsdGoY zm3KX=+u!=)Zb$q_O{A1QJq1iGphk;(+3mB6-tDT8_t%=$*WrM* zg{@5Z+ZaA-8k#w5h-mYN9C`$*qfc(E^qwc(PgZ>6kFb%dMl@(-tymI857advUQ6AG z-E6-TEDYEDC{l~i04SWNj%CC;36vn@z0_lH~ z3jVvO^S{bv{t5X1tN^!HfETbY6JhkIA`>FZXi5amAFoXVOdQ&zOq;U1dN8s+FnD(U z(sO!6lJQ|qSxfl|8Y=muaymV7e^LH8XWf?X&rfK5aD?2@?^q&Lnu_99!@>+`B9L=F z3^5A~c{`QC8o~CP^)hy;gel@ln1W@pA`GzT(po$fOO1i+`&#H0!7#F^TBLL`F1A!c zn~f(-uxLR|7s}x-OIk<>SqlqA%P4E;jtje$)R4E$+ryrBQv2HLB% zJJ_R@6w1TMP2S{-Oe0>jSD}#-!BbKOK^25cY zf(3IX({NGJ$dtF&y7z0~VM@+THR)l(hA~dTJ5{e|_#ZYYu>>C~h?4qKK(|9Fz&`V0U_0S#p zJHB7mNmz@YQyhwN1Y2XTivS8QSZbXY)z-zZoUV)Z>5T=3aTlZE>7g-`omLd)I*rpv z=_3T0ThhK){w}Fb!@l@JorgE4?R$=CrwMAb;8@|Dj!$7A4bM+63$omMc1WV^R)Fk> zGn09dgMi#Aq8}(S2xd0xIdzv&%%VEzmtEBlxJ8jjL`keJa_!K^n|rZu{QAbHFoN{6 zsXM=g0{I1CwqN`R)$=*#L}!VBQwEYQv9IBdu3L zIh76aOIpP^_bN}!%~%ix95d1mVUItUMO=Nu^Wc6&h$GnU0qodL_E0b%1HP32C}Crr zBV51KXkBwH_WKBbReC1OPYw>h(q_y5*7g5CmGdf1rPMtNBQ1 zR3m2jJY6*}yCJ6~Nb979tb0vu9A$J&akjjiWnugTY7WeT%@`mBC4T0KvcOA*Gk@;w zPJSNkM$=w!kQs6T#X?<}$XMMFH`1-p!x7&r1lXazCjr3lBEToN8v&$vV<4bTfV03m zkiL~!z(;>0cB57kI<_k!suKcOJ(!&mG;9*CTBWEL&TQ2x4xDDNr0#?*PrZ*==9(z& zx+{pE^~l}XqHO4@W2`4@!D+x$pglo>QShm(RgGQ8;QPpa+gKq(Zs#Tq&nd+n z+Ru_*bj4jSc8}GImjX~7l+Z2IQH6&^JkR%2s4hRa^`FW{x_Krfb;DlwW%r_mqk-HGH z=iju}mJK|l%lDAT2_^D=?EGZu>o@+#McqxyU##uT*LV;pcHtUQY6$|4v?klr&hp^`dDbpDQ!>vq)c`vSKw4O``Pxtnj zfA&xbne3mioZG75@<|rPch6ULvia&zlTV5IZ~K(M`D&HEd(0-n10`k{3L&*x&?83@=6;8CjpKd)LA@*ryT7D+NL)DR;WY?*ccL==TuyACDWNUklGo;nBs<#lZ#7Dd1pFmg>=OEY{sn zjIYh%Z>-Pf$#S7HpoY%1KnS^d1C(%1*D)!a6*@s7c@8zd>YYs4jOn%J>MjR<;s5r=)dryYQ@OkSF++pi> zXCnw<2RrBvM1U0!gd)E92g5W|h$bs*FIIz-D{E7BYqsa_e*M;$d>eK+M%9_SYl5by z@r9mIrc07IBx3hWdtsfE^O4-yiA8 zfHVuoHX5H*r0n}f!Zphky7_NntWgA|;=aM?svo)Sz*P4%v_^2kh5%-pne%s523AR~J1T&O(~<6oOG z`XJhyAK12pDAD51B^5rP7f?MsubD7sXf-M+8Lu!IUXCx7yl9+3;#BcH11q^V%QBP} zaa=AuM`*uzc(58Pd?3m=vKI~h+Z|+y?6jt!;W8i9j(r#FXh-~;=yJN#97SsJYBKPW zxE0tCEF`igX}U#A^9mND(1?C~>Ny}N2xza9jMzfq)JizC>g04lc$EUJ0omIAMZRkk0R7cTjl9RfiUtiK zbzgh_;atl&ahQ1VK|(2Nk(^tCOSfmq#d?74#vDD`?zkCef`=EmW^D|LtV;f}D&86O`3UIaa#^w8q;PhBPcp%#O9g}|s2_oKhgeB-l z=!f#q)O9If>DmdetDD|qOIoGfxgC_frdLL%E^tS$=2NcO)a4z!OW{TfudDBjrc)^) z**q%u*<)fv10=dLStU}U0{gdhP+U~bB!8aYs7X`EmW4G zh9_rtitE$A>vn#kp6i$+u+NbEvvBu{>(lS&>2tC;pg~E?8~}wHhF-T+or`r-nX+QB zbYr{TBgEPlU%cnz-UVPcitu06F!?^EloUOaxP9*E!Ak#Ga>FK!fQ3X&W57JaY(5hy zY*k8Z?B<`y`8tC;Venf|xeSCD7ym3c>9Eso77s8@F-h7ZJzjC@tS@-eZLL|c^3ao5 zcEJ|6P`ycJ(8;eho~z9^=320vb@!TauFlPqyo}M{6UlryVLe(`A-Clyy|&%(@`v8^ zZUDHd2?wGO?2WG~WhD)D!nZH~DLlGGY0E~Wm&u{Z*^GmPh{EvXYCDk2Rh20Wcim~&#=b5NovF3IMMVQs@$gbMnDEIe_uGP`V>4=-B4@nfWR$q`kYcQT#B+PPYu(c*pPuf- zd#7GBoc+yM2Ow*EO*j_J9&P9xi$ia!>Eqh|+c-kx4~web2ut5@gSYYhk8q3bsx#$e z!ddb{Gkf6y=*v{gVNF1e_o^(@=X3y<&jvHw?c!J?jI{hQQ@)_F%nYPgO?}AC9}kH0 zPKuK5X+qIIVAjn=_*R+PEiCNPU<0#&gzwmfOvxVtOxSbi>UFnxXg_DekHDyVW*9IPv1uYSpOQ;2>G<&5OOZd5z$gpfoC!tYswq%hi_BIRTJ&W5XBX6m>eK%%DPjo+() zJLqNq&CS6X_p1NnoYQrfX4?KjS>}ZRH8fmBPC?5G1I=tke9JiP_N=JE}6G7qcph_LDF3B8#bQj-;)I`4HS2_Vkw882&?~LU)uehq;tQHX?uJa{fqN-Q?sbv-i2717 zPxPbd#hN7ar6A8up(1@6K+j!Q(Y~70*{ar>&d{B?iJ%m8w{7&x7-6brJp z_$VztU=1G>NO@z$Hl+rO<&FkGg&l+U>tXxOM&{nmJhlgM-4khkwfnkp0%KU`ByjEM4!jioQd9M1%J-lsYVc54;h7oHL&|53 zrzKES?Fllq_Zp`1P!L&q>M-8y{@#Dbu}LE2RHIl90qw&Bbp};&{&&lT6jf7b?yJSW z^e>Am|HH)W|ILgfa@NNG>4hg?Y+&#FrKOd&aB?=W{SV`f3RNqmHBnSvt8OO2UwzCL z7SJ|=k#LZblCyEaw~in#-@ydaJCO~>MD_C{NytB_UoeadgX%L+>h<38xH{Zu1C6XB z&0YnlFTS9$^XfS3??vA%xM)7=iZjs%uCJOqHkt#VJo_dpJ!#NjdN*Ww+X@iM<;OzC=u3`PFJOuE3*@DoI;#-7+T88B3fg zGq}mxQ)9`q2Lq(;!JB7Fop6XWmc16d=+TpR-&X%H(f_1s|IT!=NjHt@6vW77;dcvF z4(=#znLbXZv-3@@fp}aM zxTR}+dVWjHeib;B6y@vqU^Dm1o^B_<^yE_0!{vn-5dhhs2y1bVux=jVTUf9hV_9~# z0YXx+4=$v3MdA=?A2XKry#4SPEeWc8TlvS&JkjsIs>V2NZ}SBEVzfq+B==-aMALEG z^#Gk#>*3P&gS2us8Ro4uX3AD#*3(Ky?CS7Kr5aj%ZyMIMAElS$FeSaVQfyT3bHGEp zI`f-XZ&LWPNX(geC*b=;8%Sc%BLKkfM={ z<>vVJ`~dzLHDePveIfo;B$SD#m-qbPWr`#50r$Y#s`OL9hvgH8>l6i<8 z;YnPD`CiQ(ho{ujK`f0yS{OU?)EL=|8yTA!853nkL7bZUQ~J`cah|btYB+E9uq8aZ zA&A8Wcp_4Gt1u+ka(ig+S7r2jXqPC&3ljfeBC+8WXKDC457rB5YmItN0sZ_eM&Tj+ zCHQ%nKth7CwLM92HIM?HvC)*}j}~|MOgHP}6e5QA7J2tYxj`aYbfz+%;?)U1;UBRJ5PvAmOkS z6vAuhmsKP`U`iT%{N`aSnx{S5P!QC(PRX7ul_TGa2Z7x}T9(t^t@#eJxElt6&hOs< zxy8whJ+{b^41v#5H^upOes|H))p2xe_vd3z2FS}nXTTX13pH;zH@`PjpDf&UT$F+Q za6*=k4)VlEkg6;tx>v9O2Ikov!&-TuPeB2N3u9oFlu$?2fi#>$a`(phTNdJ#oM_Ir zlHhB7_>^!BRF=w(H0so@6V>ksBEKUQZ@%ygcRqi5NG*Ed8zNoBn*oa8Yf{GNT6b@e z0W}qG8G+{FrBYFqp1~WKR}o&dFX^xCdO24fG#B}}hLoFSV~)Q0#4Vwl_F~1#`hJE^ zOTJuk)J)$x8g0^pWkdE9Oj!+C1Jn>(g@$DyLTb_pu4;@V8|~3RfJ#Js)z2ju1Mv{S= z(~xzWVHOiQRilu0(SG^$Dq|_&Tb{lW3?CRClOgo3pFG-q<)D*Ej-SPyrcuZ&k?u;; z_s|!Yy%+FmqaU*zTGrOL4kCMoUtb@61vUW0TFKRZ5<=gZ?{_l@=p|ZE#xpOKg?(EkCl0}{jA{Bcz`Wur zJXHr6&Bk--P@SZI3IIlc{kRQ1h{005mP@nK;g8a(^xc@gvkIu>$S#dLO5iRp)q2nC zV55r&B7CWkzuSu5^ifi z65c9e9cDpnpunwAgEIK;?<9ix1};#3Tsbq(5H^S1h4IEBy^|4aaISFOJ-VZ~_TV;- zq0(Nylm46(ZfErj-&tm;&`16JJNRl30{RjLvM{*lIwhE3R|SrsHw4XEBSae8H;|z2 zu?`BZYKI)#H++fp9kwd|hFZ(osL&cUa~+Ax zM3m>3?}TQjj2y!907I%kqi?`g>2qc< zX?v;u(gl{gHv8B+Y&ebH-1S%2xDUrr>k^-zeq3}+ASzK_(VqLab%inG*3UM!p=j9| zHs_&~;#5G5r2$j7t`h`Q{>Cw$mh;r9X*Usj2fPf;h_d|=pkcE1V&Y`M-(e*dm}BVB zZlveX*h$LE`xQh&90jREd9-bzi#EG}Jpfe!<_?GbY+PdPeKP3bYfUs&#Y;GAu6KH6 zS=>!-R@J~k(`u-agGqQ)<(P4mqHQNhznWldRf0$m64RQqTO!+Nuu{!>^`&&9C}FnQ zP#kc)Lo!P4t*U|{S@+8y7zstUjm4E*GifcsOnc`w#+1BR?tQlnoH)DDGEEP&*0R^6 zHTKuF6}D0*QK&U{ys6vTt>6^%wRZob{bK>Z$~2`I#}ne_M9Y&sOB92k_fvk|g`H3; zvqAl4SEL$FC4zO1ypwTIdtRO{t5%1XjDl?|^5>%@DKx zqH*pg{`$OIAFhr_`A7OtW4liOOC0m8a2Fcl_abY9=RB)gw*0ev?BABaAm zoi0zwQhCoxp%%}xtP^Kftk|<-=_2N_P+hSl=yw)8pvGH%SpuDA0pQ_Y z$#zStNSaPd_y-v{F(~tYfaKJSf9UQ?b8iu!uuo%o;;g10;}@+zpnIZbjCTgXL8I3s z_KJdC=_?WTO%I$lU!7L`G)c-A*>RB8#4?1A6V5WsWuC2LIZ~4TfYSY<@g%mwXpAU#WqFb7b<*^$ z*JYiaWF)@J=|M+|j~Tq62T9bJ{{VFSs*ff^Ve&k=#k$%c=GO$0 z0D*xt(jEp8n4vDLc8EuEx=a?lwz2cb40kAKnT)KA<5bI9|!tkU~; zA~q<6INNs$oniQ;8g4I8Atis65iUhTvJSxtU977*Z@!Uo>6ug~=fie6M(o=jgl%G7 z6L@jM28Sip5hvjHyxGD}{=Yg}X!7A@Kfj9LL`eVYhNu14h48=JpG=JZVUYii5_ptC zi!3N3qR%9yV+>5M!i)e#Z7#f^f1r3a8raa|q$wnT&2|5Q$TtEy%pYMp53w#?Jg0vE zcgk)va%hV`OAlzWT2BDK&BS?Z8O40iI585Wwub5T#FXT_E!e40o)LKijB$cIQW^0# z$sH^LbH6EKjVoYc4#p>BdINW!KP%s{n z+_jpbzh&wV3EOLwkz}flSJbf~mGPwwg|N%&J0G5E`ID>Spold!p$qa#x_f+bGd1P2 z4F~Y(8`xyId@7EBzW)GSOc&d<&ii(kHkSTqsAY!#K)BJ#fEQGJ%l)ffkhrk zCmkuA0_#EFsKoH!P$_@={%AK#z+O`XS5+|6(n6|^0)OL4!zv4MeFV#7^@4c*ds_3U zARvJ4Yg%*mU(U|{4=>~&-9<$^17nMSnl2@(Md+b^^(4Sm!IOZIkOCH(v027yLlsF? zC~m?G{nSY*B-WhuAux4ZM=r}#4p+$7uEcQCzuC;@)6ZHGEH}@`^cTvcvz)vocBb=v z`hNn;bTKn?pZD&9`g&budQEXYWnB3l{Z4KA^K@$k#J0`vYu&33rRgA@wwC{rz|!>Q z0C9Q0N4HKp!F&5`!H>a5Jki1AmKDC|o3K;IQe-QPB1HOG(|I;)M})LC{dx9PJ^*gG`V;~u4=rX4Kx7a$n$5aYUTIx2r-2vDH^wa z;$Z)vOw;jW*{FM*F#HaFOUTw6VBXa-a%m4&a-YTO5zykclp;X#+n#4X3&}1LM!q0) zHQZ=rsR;n{1{FbJr7Syx8bZdZnVk6q=CYxHW6Ox(!4c4i6L1q4dye&mh$l^Oj&`qg zEI87G1SobF*Qk5Qn~i6t^PwD#Cl_%vLTvyz%+$Tg(I!8CrlmeuqS>7b1pJAOLNg8|0;daB;|cP}9tw?_Wh8EFH$bD994wY8GAUsj7mcs~e1HVxjkyQ4aw4`ap6vSSmF%zqy*PPX0UaN_4?MB(; z!L&^t7JiUfs$J&R9vjpgv*eN_rqkgz#xWD3{svSRe%Nqq;kS@7e-8t6-DiY;r7+;U z4OBaH6D8NoVtM@{#xw?S5+X2G9!CS~s#F#W1FcA?qP9zAvkS(&xm*MGM~h~BEmrG3 zS2*r!r9Qg)vXt3tpA5B|+F*-{1z;btwaj<+LK-FY0KN znm@z&mgyfvF&Y6Pc7B*vCYD>n+!vL1r~J15GJ|jLgQ=9!{_vTUa93WshG;L_jmG{A z{1O621b6MW2Y2mUaUvd?;>Q1UH9w~cf_k;D;{#)b>Eg#|LVG_IOadi7FKH==%9Ze=`orwDx z1>(bROiRZZl#kxR-A_-jq@kf>x4Byv{gE>*r5+T|;h12G6}c6GQ+Nf>UxA_WMu-oXjXv-z#^~a2<|bGV@H=GOmDLb3 zDX49!vCo)AFj2EYS0uT0y-1(Xv&Ky_$q13e!tF^sFju4siNH)nu&v!eEAL& zsFri;%znydKG;jHL3(2LxSbM9y%NYY)>Uq!upusc%SkmDX*N}HY#^x6ZP9R(_#5}R ztyP3PK`xCIag&H(OVX<|4NQd%u0PY}ovy9OHGd>f01)pmmoD??Ddx^p3tjx(Ny0)0 zlw@|$aR&?{cTjEnA`-Zx)*Qgy^pV{>EIh-tpE>w?>b6Ao?RG{`rxzKJ7Q=S2Byo2$ z><`Pu%sV0L&;rYJChxgwDz8ZF*eH&nv&7>49m==21E9BN*9U7fcDn#g4m$t7q7;}L|luMKPyG~8z}xNa>* z&!IiFBE-PCDij4v)ImoSveE9y5^ay#K(F7)KfM{6{J$uB=jh6}v|G3;w#|xFv01Tg zSL|d5J66RN+qP}nwry1Gq>`I+&fE9x)3>|7@r|+f7#n}BXRS4V59cg--{*^=Pe;%s zObJ)L@i5Ca35~>LoUV~jJmD)(c6pc4AF4 z(G~K-$n5>TzVVr(ClyAu$~q8}ZN$ag5S1GP2SZoGWxUI@#~FxJDn%v~_*)lAcFjCT zb$cbQglr721H$IaPSmyIXW|eDDkB~_ zG@nAaZz)gO4tozyL-HpOhQso|sAyk?C!^sygQMk!Vs*Emy(tBa@3GaH?ihZoTo0QS z`j8O?HOBxWih78X&8dB3>%|3@LiAO}%+vX?z zMPawCf6jlxDJGQHe7Nh*9}PwSc@~G}zsFF2lz{%ZDKK2cS_xML&5I3M10?~>6;+-( zKh8goOm(`!x1NeVAw`jvs=gc`)#RVApSZj}_lDv9!>gK^!*KT~EF$wH?AypybE{NM zl(2-!dAs{L=cKFq#QEm?>pkQTnj&(>AF0rAIh2W7)CsZb-6bLQe0^8d+BT)?a@RGa zju+(BKJL_fGCRy`YSqO#Uug-7mK2e`A)RN`=j!FuReqa=WnC}Bu&UNVMQ^lSY}HbZ zvJKd!TLca&Flg1BS?G7#;MjCC=;)`qmFq3aC@slmdz6XgKE?>7}JK-6QD|9UT9&)+!iBYC^_i;;$pNW z`y`y%Ka7cNf^`-G(eZgA%Fl7?1&1%MGXSV`j)3McPJy8vx)*`ICVjrz45nYvwtEi^ z59Yhhx;1k5&A$?=S$BcTJjz$iA!2bhnvSi+3vdzvz|zSZ6rV+!ohc0T_0q-1-z`+D z4aOW0Qu0<#N!j6n+6`71tZfm4IDrgh`e3elMUSF>5x-FRejgMSnJxK@H9791Cyx|L6>jUC zQ8&31T*))6*L<&>7gnkK=&<_DpJelsLg|-ee28t2@(sJK()xnNsT$&7H?7%OslF|dL_Y9-Y8=^VyS=m+O3MbvF6@h~ z=vX#~ghd?esgUnyj}i)Q*_IgF$*mjuni)W>EGOiNn^lIcN(p~%iL>+}!*giLy?d-h zJ3ihVo)O;k7jQ|sca-S0{KTJcd)U&p_`+eQAOEJvehFZIge>r2ZVQ&^;+9|!agK=~ z=E>~U@<~N(H`SwjU?vv&$vSldV{r!Am-CHHr=K_8fuQZ66!MakfcZK*Ls2V`lR1yete`1eFL-&Ue+mC^*!{O3$kn>L|ilF9p$Xx z)O^y|L`XwC#1TKhJ+kC~sgMH46g=u3hk&1bF~0EXSWYNi%g_6s<77EhFE8|*Y75?m zKeykW)#zC!1%&zypBEu3@HODeGYHhTQ5x;dV~F_kPmVX=vd}uNFhGh}?^Q9rkhR7~ zzD4*z=(;cMIL@@{=!=$q=sTu7914>UA0ws)XccC|HD(l;@d`Rj-O+t2&~ zU07ZTRy9>tPjF~OR8%6kD3X+#R-bceCcIht{z8QEc#rWUm; zjpS=YFDqT@Du`NBxS~5RS?Y0z*|-o<4G7VuClBz@`k)TNY(@0%2i=ZRlb65D1`GGD zpL9&bgoS+3?y+@>^cWMlae8oipzJ+aGlc$VW#0lUz|Gn+qX-5!<3nG!sN@~_Y4q-`-mTCz!df*-#zdFp z*PbBM!rLME*Jv@~L95j!=*V8oQ^~I|=-8x|rQG{0$!gA#Z0&h`_Q3;$i#&hXm>C7r z%!Lsi79#8YYSX|1V4I$9Z>IYlHrJ$89fDGj630fbLZ!@gcswL&(!fiz-4lz6qtYxP zI+Nf}AY=u^Q5$Zs(4~VOMi4g8#m{;riolkwa1CqzWb)OH4UBQrEV0H}xOKG_EIsuM zY~S2J76mC-l380973}CsjQ^=+K)kH$0Ip%cJTR5p=9$f5#kAm{yrukxJ21(u&bkVg z_{*}@rDy7CSb?NG;hfB3(G`9#<4@{F=~?^a4-}r&+;qrPfv@~hpbv@2+7`0N5~iQF zG!voPErvs|T`jukF42t&Pq>Q;o@wz2hj>iR)3{mp!J}d8kRE(?MNHwlaFo&KI9iZr zvzE`bLpB=GsNK`2y>__l%YWMp5vT*+5=dOYVjIU2*KdQOgrZ1q_nA~WZQc~R-S`}0 z4Oa$8@(xUt=1aUz_!WXgf@a`%s$z1JQ<<#?tHW{Mlgen95V64_X`8uRM$SbQ;s6$; z)$=>jsY*te9-s5@^kr?~x5KDZqO*1H*B4>(R%^-afb)+`fj@n2kdL>5sS3;rfa3{t zw%m4cs+}UnCfR~Rt6-N&>F}D&tvmO2lD|=RDs!bK#D3C5n zILDFl2~Cm7H7oq$YEw#it&eTvau<*W)UW-Qfe33Xpz9q z;ctSc>qcy>A(szL(Od$g?A|HRw4;XhXWY`0k;76n+ryX8aYDCpfsxa=n$K638eDGo zawk}x%ekiBZxDCW;_pgko$OIM{(_t4x5xz?# zoFqu5-#;Zp!`c_glK-2Wed_QA_zXbH5}H#C<2;I#XrVEs2}%U88_MiE2vG6C(@Nx+in6OM(NR^5Q> zSS4pEXO;L)Dhh5`pNWwaBcng8k&yE0`M?`;FoUu1oed%Yus8BTLAn?f0*lq5IubR>IZ6wBf*y!X3(Yk;{4xp0F&+ zy#{pxk*Z#XUuVnZYNGkwjqrsngVupA)y9iA?xM98Hx025=Zjc#F&d3 z``0U68nPH4LX!*F2TC78-mP%ikmWc;>2xU=-gD-vO*$A}3~96tC8CClRWf$>bV3su z%O*_}SNGgtne4Pds|nLX>^gH!9UuJ^7x=41*Mn^4GNl_gd>fH&z$p>BHbNuzh5T)z z77OG;)!knu)~YVe{Z$-#?L>}{5z94sc6AG_dQA)~Nkj+FOLW+qR|Cks+9geZSG_&l zK$XeFR%0Eh&b+;31OQVSu0~`>k3e9W> ziFWjztQ{MJOZ?2F{^2H~EGWs}4X3=K6k$eKmJn=t$av(K7NZkw?{6_e#m z^kjkI01RneNE!s^Ki9qu^=twE&c4e`KNI2RquTv4wi|BZI)I!f|_+%IVvUOHBA<0+OvB}zmjszkDl(a>#)<#YEcv_+85>HLl?ulC+?&Hk}%xa z@PJ9P3*4Su$(Boj8=KSku@`>5af{44(9R-lzlj1WQxXR8q%PDTy_6eQ&N=UC&O4E( zl~8?ikRuU96)rm6o7`G;c5&z_q;{dVPUdtDa3YrVt+jgMlP(IHxG$wwQ6`vM3n5W3 zD7d9K4r?8>o(WC~B`D)?UY_OL>MOO@m3r#)6XTd>4MCxwgdw4oNc|;MhlDn3XUkbn!8fAvG z8U)I~+z!=P$sLxhvy&T2vGc5Q=7`Ok#iXQrnz#U>=?N>YRlRr7J2i4k$iViDOXTLb z5e8G!)ELNRt(S!c^|Z(@-un9>zHd*nYWK0@nArIgRSEe)@ARt`EYgG!h8p0=v9eT^ zZ)2z6boAe_=$e^r6R^f#n*h6!%##QBQbJr%vaiXSf7|Mn%Grc=mErj<%N z2axdfNF?MH-Ay5Dz3n0#{40pTzL>Z7*}1(-B5ZW!)Co0T7X2VA$eM?-%?TJ4_NLlM zrvP8KdtI0kCDJQMw0fBQP!QTRWsG*FujoSOE}CMSDMn#8=+%USi4@64Pf6!9k9ReL3uoZjiBvt0iq^S>pIEQ z(LjHZUzUw1slWNX`<|O4okbgxc)Kb|hnz#xV zFwk{wrqd2sTC=OSe)mWhut~v}at>lMEh6Wd$Ax^JY+0Bsk5~X&&z_V4=jZVXGgeV8}}{e*}w);5i|PLZ+)xS&E8zfKyc?z{Czex)Gv>d647UrIj$90sSkU-RR7TqbsV6*lVGCDZ}+Jn8H)`(&yj;;Q#ehD#=? zjSz5B)mt(b=ToeZ35Ptj57$4oXN*h(H8QJa=N?=ylCsq!7@%0o)G`$DWfC8-uY(cb zl=8x!)yPTOU`cvb3wHIxkZj0E(khEcXEH8wfQ}SJti2<7$H^>J-{!R}gWK423l)Yd z1V%A4;b<4nZggfDsct++ahh7PF4A1ZwOY0j&J1B@a^_de32l2lMey@-Q+J5cf>GE@ z=Q{lTbH3jNgJT7uBJ$TUk;|GR1U7UxN?$S2$zi>rM}O}J=}=@0YQ(0yCh>EhlbV!n z)H-=N&u8gSy@JP~Zn#qKN9d5*2-)Dq3K_F+27&9o?Jm8R%Z^YIVKQaWUg%ESlfD zei{5Vj>Z&v+HM9asPl=X#NjF^+?nW2`4bNJwCW@X${%P!EprNzUNM%9Jz8DGlf8FSPF(j_d7Pos4pu869$p!_D^Yw8s`+=>?`IN$Uj=c({&%A4me7FPq_TK!9R`J4HK#Pa(@*!iIw6Gp9LDg=wRn3+g ztq6i5gTJRako)t5?3ChiFQ)+8#<+A|sy!45B!hy!*Igd}ijK$La^zoN;jixsJMaM( zx&IX`NdA2+qx=tl!r`xUOuh!Ri}FX8Ex^Q;zL&%w8k#g9rU5Ll%pb!7bp!(htVWMq zuyAgG$hE7>h&(+Yzo8+a1)x%zU{R_{YoS0jPx_PA(X!rR-TBmJ{UQJSG4o;LYqGRr zha6wW!#VfETJ7868uMkJ_qS)LAFA`edh1=(2_he>P!5gmiUK2Fwz@gtGcN^tDLl=3 z3jMFmm%Xeo2nJ1!?lj=#h6sj@AJgRd=p*Te4hxNUB?voy(nG%|N>$^2k6y1FIb1Z^ zK79=2=_uaT;yd^JAg;{aZsq$r@Bq}Nw~`y)eIY(iiy$0&3A%oa9(t>e$Q&A!b9@~O zD!g)l@0?;R+D_!F+fvI{zO#hyyxMO3=x=NlzPn)k=x8MLJnG8ayD}xLKx+65_lSZ-3`{qxF9`d#prEwaeH+r&OZSh#%@D%e2vP1@6zs7trXa z<+ofPTO?G#>5MO^Bv%|9m1wIuuqvB87GMSU3XEC^ECc_kn ziJ_89^un;NL-qvq&`#T0eV6K4!(|Opq~$fS@b+lZ*{<=K*y`Fkc!TFnZ+(7lM7#$g zSp8aMSsK0Q#{Zq3+FEf8N3DD|5sNHMMqKU5gG4||^l~j5@5#dwOv0={9W=UKv zZc*+_Q{_?U+e*SGeQ^L3GcWzL0tsL>|8`32IO-02LJTn7IwDq_Mf0XkD$1( z#}ikQmm*DILanx~GuHDa_EKMpVOh@1+I`)KI^$t7iYOqyN)j~uGTHjo{pFg+A|aIt z4P6z3x4X{-J2oYyFpKjU4MRHDzas&H;+{(?<>lAtre5n=*8%sX?V>UJvoAu_qYRM{@T9~f zBnMT-i$AQ@R7#@Au}#iLtT~UBNmpj@B?^Qgk<%gy&`Ju`+ZpkL5wzS&$alAo%pg!d zeDjLrlV{D0N;;E5!`T{aza&7(Djec3HFXvVF;Pv^IXp(g9#s^Lo}oSb3xlej;wBCQ zj%YjJqzpy|g< z3>6zDO>R-YmPSzqt*m^loxQ`^s>2VcVW$C*dn$3Dzp`iyDA37)n8$!1f&yXX6A3TF zyacQ?35F2;GITK1dd-jFGE>3KS_) z9Fs75Zz4a^F-!s+;;zKH3ia*=dn1vE8b!+IlkL(1cvJy3T7|ijh zY`FQN6u9{?ZYEVNhNUQR|40}NVaL#H)go1)a^*zkx%_Q3*6-P>!-n-AQbd#bn6%b5 zHVs2+jCu94ehbQ}*(>uYVMoK^0gMw0<<(>IYNhoM5LY1Ntw`-Dnx;i}7JfeL+v8TM z{V)A-aZ5%*)^U`MMKU|`h1qPS77I1=bAgr*c-FbUw30OIRgOd}+#BW(jF~GVWtgTG z`j+O%P7NRc@z!ZoCLOYx{Sm()dX@~g1k%_TNK5ry+mM}WMz1_-9XmLq6T0h@AL;VQ zQmsW0rg@kwn69NQIZ_4{qIZXq1WOhRsy5MTEg}H%EbqHvOdI64-YP5GFRdin&5bH3t;f zv4$ezZ|6}RvIU}&yJCzd5k|aVG9XCzI1;c>gDkI(C12-FPh!WLM0s1%4qfd>`uCI- z?qDmA!=j~&jFPik%T7fb9S)hD6y5c1t(dRePPBbqs?K4n@_49~HrxkK_qn-0$y+A z@@HHpc-jw;S9T*bDu)#u#teqUQ0>g$l-iV+(2^KoM(J(&fq;|Ke2R1aM6gwK0=hOv zW+H=-IwQA8{C-!TiV9+Zn-zy}L8WS=35GLv^jQwj&J64;7g(7P?Kiw8hAGzAu#vPU z{Hr2|JBod^*shuTSwhMkW2$)51E0G|CPZ~ik(aQW3*X~=tV!`R`PVP$Z6)F!1%p>c zaIT!zXHr*U(p0mFz>>Neb*mMMI}p>H`Vp-IUH86QyFTf>m{wxqXudH33a${PvEn2z}M2|MWywXS{@69%0M z&`DNheo*std4y>FfKm$__Xp(|a;D0`A_{_P>OtNr&-|g4P8~HR4NdEc()N>R;-Sd6 zqz8U)w+lRxtaLhBMbVp%X3$chVklNY@k=f=RcK0qPLS=A-B_M9<|bx(00j#I;6cMI zJJ9Zk_b%L!(i+Q;-n1;!_eW{AA?<+yeo57aqPk^h7qV1#1Poq(xH3bcNhcEf6_Cni zqJ-zX$jX?~#F0JCCtG~>iS=bpBQD@%kiishpBFwHHA$-E`vyyaAe@~>pf+6iq;=S> zQ(Sf`%u5v(cNN&AG4S~&%)&A3I_iyhO%N4hHeBn<0LL*EmB#%7YcF$^BYp*232|y! z(Vj=d{Xpij5Q4T`vFVxR;DJqAuN&J|*}_4sbuvp7@3E?kPSFJoc9lnFK7;Y=i8WVv z=*3{VX*EaP)Qzv*T!U+A`7yKxcPhvNs)$X#FzFJ8Y1jL6z_Gc z1l3bR^#SoE5ZN^EmQ?Cr8x` z%$NdPey%IO;f%mvc{IZb<6Af2kXo9ZbDX-%dLDNiu=!Ffnk8$yj z%U_{!7mYELMJ1YjPK6tOj?{?k#TKtdyW=+Jn}HTiKXdR@#Cj|$y^b(yzfo3fZJq~; zMF=@${#bRaS#^v#1Pa#Dl~x8e_}y*gZ*tM(1+pp*4$+dqF;A6ue{BPIzB*GJgsJA* z5+0%W=8u;}myd^N-Ux$55EMyPd%|H8hq z=ypB45ru?38inM1Ee^GtH%~(7w71=bJGTl(>k?r{w8o_rHCx(l)qSujv3H33J@eif zQOSv3YjqWRz*$@GOn3kNA&(C0BT{-C4o7@^(@b=c(uC6p6-TAy^~CA&&Fl7Y znm0*vK6xVREel`GLj8))u`ZC%0*7XuW|ik|W^55ZXwdW8sgcX>?U?7LB=0s3^Cm7( zL~_ue;xsNg;F2fdN=W&T=-v2{0oN3IvHlS%`yz)bG^ub=(?$ItiL8|Iy4W6nR|8V3 z26PBa5++xP)BG_BiIK;n;7H%`bCCI>SZ(ek<0zM&Eyy}zwu(0vK2c&P1(yAbyB|?x zCq35nvon}b%6oHnP}RKk#e+k8xpwV0-yWVXW0R-{={;>USTnyD!G!j8y??f?f^Se) zj^(ginBRA7GB!?5ZPg|$6Yk0wO`5d2e$#1`cq^2CJ9-EGW9q>H`Z5a<{?jJ_-hb=Z zq4@Xl)n8pYN+08l#`dI4f5lhR&(-tS#+dTEpzy&0GC0+I zQ@5U3G&(hBN&1X$=^ zyZAvO;d#2VYeu-JA%Mz`bHF)A9%FF=?u=b$teyQ4PQL|oOtxN=$*Z&3Wh1>&Wl60!Qu?UC1Jj95hR%;*H5 zxlO&s1BiZ%0d;E8KenZWhQBu}vG=u4JBt!Lm`V}sxWL9bz6yZm{B%2NBS!l0_pl_{ zokECiI==?4IksShup8wTL|VPa$%$)JXls-RZ6@Xw{zlaJsSutkz=;aCx1YF0oMiDBvXpbrH86f)Lnoh(jC*r zx&m7dZs7Qg@zeSGd-TvG^fc5oRPuM@afl7q5ZW((#OYF>g;>W>7%44rok15s&ZE(D ze|~kcCA=D=+1U(#+>FK|qtGe;Etn&_2{QatPfQRPp@wGO^Wgi!!fQs4qzFYEx>tIS zLNHySpSe(;WinU%h3yXWkF&U37y`!r!6~QoQAqgD-DCe@;6n&tZTlg<?uw)v%K)xG8RQht`%|=_g=evt1sO^t&5T+uIswyMHxcq}3 zkPh1y_oc2p6)9u=o^UuDMR?OgVwWipH2o?SeM0(QpNJ|52ZO7nms6gOik) z=fR-Vq%=fk4(4zTe7es3V>d0Gj$Rx-dI8fvcJx2*Cd0o+77-VHL*W0rrT-YI8kOzg z|A3hMeoe4$XYHe&pW;^9hSG4|O=iGs{cmy52vkaEy_Z@QEOf7*J|vwBS@b`XJK24A zm`G-B{Bx*^&Q7nFzjpwmf%Z&&$(W%sFJ_oksM>YGl%Zu?o050qmh1lV zIbFne24FTiUYwrhl0#J_jL_-(g+7PIXWf8OT3hyI5Uey0R5wt@2!*`O+)j`rHsR@< ziTp9jM9m95z_ML(4kw{Ocuwph+X5BtoSOYLes(C1=f)eqes=?vANBYmjF^LRMOG=i zGP4RQYe`-Hc$m)npMzE@Tw^EFA3ODj48nijDXPEil!>E_A@D<-gZ|GP+y6|n|53X8 zYm0OuWMFz2kVHF+>!(iyk>s{S*&z_KwFLS-aSUXrl!C+E*f0sYgo1-{yM3NqdvTK% zU#`Ha`sB0dqfogf9Exh6e4;APSJJdrFGci_Tozpl$5$2t8J07(9cs00cx$OGYK!Jn zkPE_TjQ5utu8%YZEuSh;L=_V1cNA?xMvf8~-pV_?(3nAp1mGllwZuW4LHjcT(DY@e zUjD3C&R*=+q!QGk5+$0q51A|1z7LzU*#>sJvA)ftMMXl0Ey_XlJgnDr zat0Qi43nUWPU_Mjx zQpmLj^98Q%Pt&^Rt(`Z4EyNf9=b^~+K@ctpuA2kbvhqgV_$li0fmlvC+HI>`_h#=% z{-Pnfz1?ETq8xG^9WII=G;;}EFb&gDE9iA3w{(VxGG~~V=;)%bzliZ)KmT#}?|YgJ z{t#O1`FQ`YdH z+Ah9zfhj1c5}JsIJ)ka>jQ#mr9tYlhV{Lz&rYItPJvc@pzU2v(8hK3=jOO+Yf2EBS zLCST`X6rs3qyugx^V9fZ#G3Xc=H9TXnu-G%Q{_?bH#Y3g{ziZ>U^B*sl$^Lb&SKBp zt2$ea1@!2*C?Gx(sD~+*{}geUpePn(W?*4GF9L56?crK3|2 z%JHY9t|qDL?65N`J>Zwf)v9UK&L{$W9B+FLp`ZU<}*Y6hsu48y9o+|C>oE^ z%oT_-cwL%!(0Zs5HSS^MyH@FXr9pNS%UtMP=C?KT zg<0QznBZL*{^*>%oX}`cv`W9(Z6ox9p`*k?kuQfHk82Jsz?&@u7xar=5u%M=47(C; zF*_M}oTet%!Kr2J*zva!;X>C&GdreT%bby3r^afCr^S$l5yuW>alc71mXP|wsm?Hn z8cQZbPkwL(nvy}E%%m9P!{Rvz^vy&%3Zdg{@l?*rZj6crDTQzpLWn;%&Ew25zK)^! zYE=J9*ilmPcIL2S~~GGdl<#;yYSE$iBK{XoI!&0Qg9 z(;Szm#T2h-etjpx_kwJvdFIyFfzMQ-Ox7sgiunXKBLz6k`7F_TnsF@aMGC(1=39_6 z>m&%uMaciiE)BVuWkAzVy!4Z;fv!~CP`IC~OwA5Fmzu50F@EtrN2s4QjIya>2g0VL zDPR@E(vsV*CGXH7W@2G=S^(MER;`~mN*>~ul`(jq%(ML2)jOAm&sN*Ltw~G)zkuwQ zYGGBM@ldB2>R|g*^T3*!8scGDF5fp}?UZkD1u`v>5|wm@MsL<^G)ylV1v|iM)H0FT zFNgVzx@lFXvg5so3?7{HusfILN=h?Xy~{6hjl=0gl5NA(#$VYhS*MlPcV7Di$?j}f zR0wPBqRY%Ldv9?+xghUMQ_%GJA%gjNFb}D1ZHEdjx^cUb_}@-FB&d5pWGsDctA518 zF`2>&9puZkL+HS!%!JzRMo2C9$%vfxr%(?sTnaP&ITa%5(dV1K1n*@mJbg}$mnXiV zWY~9@?B|UkLs;s;=YH`7f>1w#{6Zp@g)kV}f_Ftd2s)DX;MP>eq{<X6(Lcqbn(fWh-3SgsZ z4zSV(8XJkY7#jci!(Z3_V=U&c=qfHhufBd|g`QS_&?=EKKe{g%h7(;@WeArN zi;}7ArKh%O9U}wKJdya!4RIf>f4Ao7F^s=_;PfQ{=?zP$#)31Uj1kQ~{PX+BD4Vm} z{$#ojgK_@0Tf2QGqKw>Q&1{{_{{eHk!Oaqg^C#r52}mWkH$|MX)S$Asf>4byU2g$0~28 z{R8rkd>6s1Qa}B%6nE@}L2^drI|p~IRyTD36UT~ouRE>gcf1d&D^=vo5`qp2fxuaK z9wm>ex!IwwF7Ok|?;j&WB|RN58t4ev5pT!51{|&18WCt2y}v}@hYW%{$e!t{U_q(4 z5|60^Sy19)QAY^nMZU;-cMV~N7*^3p?yBb|k%Lr;5X)7`YLMq`6S3Vwnr@rBmVP;E*^u-!q@^P1W8I0hqW03jLYV@uNbM zCgMUL<6r}<<*M*|1TnFH5lbmF7b%F?#XR+3UD1p;UD*m-@+=Stj_>seF7DkW<*t#2m^!f1%REiU(YSPE6D2DdxrxC2%Ctu)64Q=JEY96}Tdn0pjkJrjZ( zK0Ut9jc=dQ^yT!$^wspmkG=)Aj6AJyk;BnFu_}9LrUVe371l>O4NN-O6h_duAx;b9 zzNXoFESl9ZcT62be(;Xm!*fvpF$d;RxSqwHk+1fK zxlYAsT#%9bg(B%Pc;izPyETKSLkq33dINt|kfsX0r~Da&uDLKI{s3jZ+4Agqd478Y zvkfQl5%TfrikkAaSBbt>#wCXv0Az#)D;T@Rm(~-f^~K-0_0zY^N%b09rmN|4YoXAc zTZXfYm?-{6W-^&<5M}p2*G#4ci~R5lxpHS^7=AuJ5jCfZ`PVv0<%EQJ%Ih}VL~pAM zNwZzx3Aek(jbSwU8>$&GRhHe?9E)SIVTT$|6jP)%4zTrqn2h2KsO_KSO6t z;em=O!=ix7s(^|Lz6<;92jPf|4SP#M_$1xYkAk zMwH^i;v^(vO$?|#(l8E6NmTj;LQUvB)`3}CQ|am{+3c3ftHtRt#jRAWMz$372b%r7 zig2u$}x4; znc8U^4@*&jJqO^zn>nqvFg%k}2XXeC6E{7GHs&ovX~iy1V(ta`aN}#T<(O8Ma%qkS zx1J0wQRk?Z*n$&E?doWc`zxrl9J1z%BvwZW+08ufdfx^|hi1WpCdFa45kRp_Qh2>$ zF-Kf1X1p|$;Do-^;0jC5d*=5M=$n@0$xd}<7M1E=b^#Y!A; zMGw5B%S|i+o#PU#GY%0>pf)o$u)O}%?RG-L)q9Fla-yV?xpJtqNIfT>jKzh3sJ4x7 zM)VTc@S4zdVF5i092>81^t zv<*VaEj|~RnB^9n!W3?UQ#lL8`ub-&?0W|f;r<6c%l=npcKm;HgOts!jRB6pe?$t_ zN~mgBys*$x2_oR&eK5ZAI0mfwnlHZf)Zzi6^1jMNA*n_I{o{e>q1L9)^}j)XtG^(w zV6Pw_&n3V8cq@{ftkq!uAw0vF-0TcEze#h*NOWg^e|=fp{4{`6)RZmI4TNES6!eQo z3nb7uX`<>agL5#jmkL~E8Y>+N{p~xj9T6zvQM^r;V5FX~P4l^>aHk^#5~rmqXD1s* z$j6Pg>MZ7%da4kA5J+Lwdm}CPSwUr!IyJsaEo+R@EPft;aOYatX5GcW2z0Ziwm(D( zPJ0pfdM0SZP?0rTp-dpBverh3Mo3@QT%bTa!o&zm{}ecr+Z@uGqJwx8;|RKXD+q>y zAeI9amsAud4Ibo>U^oG>?|V##1)kbjr(JX8oQ!dNJT1a>KrPa%%c3oHPm=53X~LMW z;U-LKMy1t2D>_p5(PF%2JD#(h8n?<#$boW`v#%lCdcuLed08GJw0mv=Vb!ZKzTh!H zR+0=FLt+p#3mHgf;s;N9WaL(0L(p9AMlKRZsiDRCJ0KC9H=R$Mj3xuB$AYlXFk-(h zZN44dS~jw#fFe};=^##j*+Et~+O%Yhi3ojd3BL@OoJd<+=ET;3LulP4Dlk&ojljB> zt@GYsW+SX3g@cQG?+io0nsbDXim^h|q6)Q;r5nJzRG+J2z&NuE-n;9hRUBB7^?p|t zM)4hbEr-)s!u?dCW)d1Sa{u#sjv*L0x(Gg5T1>w?mu!xlSm#$rhN4~2BrXDdl|ivb zbpbhiVSLLS1AU!-L;OPhQp!_X`RQt(O2?*4pa%#HUyIx=kJepYL@=G|gZQ|0MU@Rk zKH~Q)MqY2eDB&tZSM6ur)fwr<@ndZpE^ki*8z&}0uIk~{976?G?7e*8)Ox`H6g7NC zQpM&}HO1nSCRoC5YK7sF-A!NmFJotXQt-@QEtI%UYj$E`oj%;mx8eJh{T8YS5x4O3 z_b}hnVGkwUo@BOTw{gY0uix7faL7r9)z@LYJT_1DfXIFxLJyba?s(%zaSp?spy~E3 zy~%~KwSj1et4QU6%{ct1d$Z3VBQtC%Y(#)xjhqd(5EBk~-Q0bsr4>@j$N>1(#913M^JynewUZho-m!M4F39?I=lBf(3tM~dPRQ(IcD z7r_qZ$!HYGiIggPo7JF40-|%~c|@pY!N(wOkn_;sm!yLSiCBZJLz0%zTTGhY;J5j2 z7BK9Fw-zJiNHU0-j?a?FN=@>Zxt@e@0L*~^q+Kk)K`8RTd{NXdQ>IC*3+AFpyQ4x7nq)t8{PdkWV&@peM_H{6?0BT-ubgDTWhUn*N5;sl z^1s*iJ1r~zDo*(-Q6@Bg6a%XNE9oZLze7M{>kpPqeS23?fR)id$b;k6EM3s%vArnV zQ+3#)${=*)vBAepVxvCckWu5H6e*xYfw3$}QVf$~ubmat)`H|WthkxamxyRd)z#0a zx@U)!TOm<@*|=C~y?^T^yfc5fy}vz<7G9NrsCCKluqa$g#B{;BsD^}PcF(sx=$X`Lk}vi{QbMc9+@F+A;n1dr7pz2 z`^08s2t^!}t>417B=BP5d+pD~q2vN=l?BXbz87LKhf=M&i!8S z+tcVsRen8L!ql4A8Zf8C*$X+hNcr_XBzg560YND8~`v4h)iZVx@E<-tTUF1 z;HOokGd9wC4!;Tx%hy`fA)zW{vnxv`E~C2Ag~W8_11<^qfd{d*T{yttpc49XbC`u0 zeNDm8sJ9+ULV7n9a?upvC#)6$+72-RQ{l4fs#U%!*oqpo7~)dABh6%N^Y(`33}+Za}ttZ!8mmkxlYROr;_jAE%Bb{Za&%yg6cIRghzx2V8Ai zP(Os?PNuSW&}O#MT$bgHKN*FG$6h`Yr_0|WT|9@GbY$k1D-E;Cx9_&HG3r|rOrf2Sq`4Bb!Ma)({FT-3>->pi2+}YCJ7d(hbH7E{Ij*5Qgla0L8B0 zGQxK_c`CEsJWX`bTKLb942W?1^Fi+I!l3S9721BDVy*k`o!9s88R=1z=zisPaFjWl zX-K(GGKs|2Op#qU$#sFIXRbbBBY|iwWP4eIB8?qSR}?N zH_((yb)F_-R44n&7RSmGCYDkv&=nVU-=obQ4Ye`*<@{fjBjjq^e&jB=57Y$08QT}@ zL(YzK2)Zj4;wuRU>;e{*TVjeElCTN-CogX(y?h#TT(sg=iAGqh#HH@$&ZGsZbi`r8 z*(b4TnA4Jvox-2#7M^Kmu@*?pI`Qn?IoUV=aklB9yKa{;=dnH`9E?lvbidC^~+qP}nso1t{ z+qP}HV%vPvPxszu_r9Lf*Lyy!AF$S3W6m*djQb3yo?c^97-=?Bys@OQQK|R#yU!%2 z-~%uX{oxt&*&rtVP;1Jta1lB9x}`se;$ps@X!u=UgnO zXGnC!K%6lNW6V{5NZi(L!brKJOU_C}*Y7ndFzo7hv4b-9*^OOECe-dP!!(|xU73FF z^#>_Y>w-CSO;A7xsQ1L<-RYL?*N#Jsl}~+&BVd%0{3zR0zmaPHvR-uk()d-Qs>*xR zon5&oD&EE3SgWQ2Yf$_cJgGv7+l1a3Nu(_jDDsgWkcnI}Jf{}gp11Edx-yrD(B*)e0=I?ia`>+`PBp6{D5Vd&Dn zDj~Z?y1HfVrLt3?s0dbmq^KYq4xQxE6PQfu?wihzz`E6s-K2ksP2gNJJs#MJ6KxO} zK`3f1G-DVITE6m)odZMBvwm(C=F=KzX*px5NLq50H-qEC;QWsv{8acIGXmHr( zP%mo>?2Xh7n9YO!PN#E^H9gG3{m|OglIdx8ssqu^-W%D&sd@c`poU&cgw)BkUZ_*# zs98CpY=pa*;=AK&aYmGpMi^xaGbjMVKbRBkSdv@zKI8USW;c5fBc=dQ{EJgqMPdi$ z-wEEKpQ3J0J9-jaV?%Ed`mgD=z96lK%O&fVZ*aGCN45mB;2N8s+22^Uvy@ylAa2;= z_o4XweuGKKAXG|&`zJV&HSJ&!FL9z|A(aPZdtYax!@IYjzXf4%q5jryOvim zKIC9P+DA}KOwAFTKYcxwv}CHZ%XW^`k*NbxB;Nw4WbAyg!Ae| zi0Z+2s&m-(2n+)Q3G3aCsKyXybrfljZF`a2!Y{M8Ke8{B15hBY*$9!6MKsPeU$~gC@9tDY&S2ewyeKBsg){9(UH!nfNkxxVZ@ zYO(WIKrQP7cV=M*`hYdl=HkB z>@S{5bi6Vo2R6O_Ze1S-)4xz){i>l%z-QFBM(&bG@n{s!p_F$B2k{W81=73-WbeIn z27sch1#Gt!@6AV@(*n#MhIF&yp)NCZ6^A)k&~HKz=#*C>{`Tva#T_+}l#j7naagp9Z}1wTV~^Z!zzJso$3z$d}tlA6X_b+oKZKU!)l zKxzvofxo`68(ZP9uOa-PG-gNu6_=5BL%c8-mQ;%fnDZkNr%1Bv(qvnoJw*_grq!u3 zned}TGPw=g;=PbL#2oD$yR%DkNi5Z)+oH&j7%3(j?QMzc+( z1^)FHP>P1??9cdZY<2&So38#{m-0_2OYz^^P(pquv;WbK%4=CHe9IVISlZ3>8!Rff zaT+hoU7GcqLg4a9Rms4^J!>dQ@Aa6m%$FF+;swv*y+?u}QTYA>Q?DfXt(yCsAto|g z9j023q%W^{c)S2q`NsLMnjh$|`iA@>g-}t_m@ijaB(9wU(fbdxsj>U ziQ+f8%(0$0AY59RAljH`H2QX3QS!Cmf$62vH?5abIIS`tkMC3-+rAc*8`e4@7M@jF ztK&66z=tqdp@}hrZ z>!c62_TjuSaxhQUPSsBo_4<#IWE0p`ICbT}F7_0`h?0O{bhv^1IHDVmRlU>~^D^EC zXs`G15jXjYxlFrvCl(Ukl?R|8x|epJOVsM37{I0vib!$#!H)MBJNOv&TnqQ1Ig}{B z3s81A^#XAQ!=kv3V|IK84^aHmRPqmbRiu*Ff{CleTKg9U|29mM=W};F4mNXfg{nscHDX$@c$%phw zyxP(>gb~@i#vHjAJmBL$4G(WA0hJqw0qB{rDLD}^X`QnAa9h1bk_+O^>#cY*K`c}$ zHQJZ8?s1nno}tt2y#dHNP!$ZQ-Qs$J7py`}POaTuLhqCNOcz$b4HHN=M>~O4DoQjA z{i5F4zmqYfHCnSFAN!sF>sh+q2S--776t_G9H6|E4V+m}9b(XqeCEI{8X9uOm=NSr zpv*<&6rYPLoPV8`tKuF|CxpgbV2Q^gA&4JLFP= z1+0C(b;qFinVntaq=%Vr-Ql9*JCQdu2>W7UR|fQ=y;@88VfLkqODzZwb!{p-Z`|Nw z3U7nfRD_2no)i*{&wiBs;R_w-owGhis3V`=?GbJL$|V%T|sB|i07uw z2JY7dO_2GJELJ`-^pd&|8^=>kkWmoTR~0Bg`i*BkTD4chKFD zFA*uRnVv5HK*S{=65eXQ&tB`B6#T!RJ>K7({XaIM{Tl|}s646iy%OyUra%%xds<3Inyl_D|c1)!7V*w9c_n0=60kP1_aWS#|bS#hpl`Ctn&w5O5`sR3v zXKe3Enm8VqA6)d$gy-F5$5VUv+l}=W&)4Vo9u7uj_1Qo*coxBl&=#`YJ>~OZD&%I3 z+}$YC%d(c`ptom1;_R{+qYTto_*i7U5>?sS5`8fMB-3Tfb=x7zO(z%?zHyLw=FV`) zw7m}pNPL6VirgH7zJ|!rzOjx!6Q_45Oj?Mo5!RC@QDk?#=r>7{`oFS9*uqN>0Da}9 zd+9e8D*m{!IMLJ_vgSiR9=~)v$oBGgnCD*GDo`+*78-MIGAKi@V{XPZv=Un@OG$MB-J*@~YHmrmyy;DTB;8 zFD{i*#X|0@JW}2M+&gzMxNsg9|Hhvujz|@>xBm;Y$>Bp91gz}tnpS5_XuGWu)!a{q zP|$Knv%#r)$98$~LT(#ck#ns*CtX=cv1-7AddsUMEuz8Cz1>GS+Oz$wXX1$B_$)D& z&T87$a#LK(ezPwOj@#sr5=GA0gUJARsp(>M##xF~)w8zYG_a)q!Eu=3VvtrC3(6Av zQeJ35|Idl6tz-Ba!bFn(EGgQmm=_2i3_^2Nk_$FGz=g$6v0ksuP835tMT(TQ14@YE zrE%dcI{G>(zG=ta#|dPEDMzWHlQ^rRmARIML=?Fw!{2bN!V(bs7Gw?si>Y+WT-=O| z1-kUw&B<3g*Hy5gqT#Gc%t<;CL((olsHC<)HRor#jLZ+NMr z$QcoKg9%AnYI+w1=L@zdB#aq?;{9Y9OSYOt1o+xRe4js;bKN^$stc}164|P&A*l^YGVw6$ zqe!6YvPTOhZQKRy2D>{V%EuTN;O!=k+mTLjk5^(Y=hMw2xgVnMByD-hyV4^ z-TcSt*IpEHDYUq+=L8+TB;x2%2v;C88|^dZTAJ;h8ZS|pGJaShPzHcPLj8g?K@j?R zKg_ndA1R&rHgC2~H$}ttfriq1GwZ7v4Lmz}8X*%<7m2@zY9~NF$pF0jX6Sy8gQ?7{ z7dQP1VkzM=fBfRUwSr6Z8i(T}wSw(73Co0y)dFm62J1Rj+}R@p#is@x>n$;3I)$n8 z8)G_9ni)5z4#1=iVA{?8_R1R&JHlvpO>)3`HvS>QRmosSFtqrD`)?hvx&%-tlh|$S z>vFLV`c}1Euuf#`0Rgz(d)<}ch+ymi7T2HEw>!|;v1>##tD+Dd!YAMH*|FmYr03=k z8I_ZkIs_A41@A#?)g${B^zIGe6Zmt#{O4VVmTv;8c!r`q{lUU;1Q^71iSZ{Hd|cCI z9H>HUD5C6$1WV-;ai`(UssL7~s**$paWoJuKIm!?ZB}Ko`rBY zQ69k)p@ThDn{1+-*uGlGj{cBOC3}3d_jb`m!N2IOkeBgT!7tua;(1kp&7uz?ccAh{ z%tPG>9NcL2XRSrH9hZfb1H_DhYEcp*UrFG>-}+185^w}(^aKO!i#Te;p%LxxV5C_X zpdezw(B%(&Z!j01&~FaWmu~}^twwAlc2n3p_Ds){u|kM~DK)44_5N*Tn4+!JC6Ij= z9_#-4OUU)?dTgTpO^Q?f$0PvKzqzQtMOuFmmhwgpHcs{i|1DvQRJ4#m{D&w$FtAP* zxEHsCvn-*h#)lKw8~_4XpjS{7geS#v{D(x6R$aT$vycZd{B`WHi+93}WbbWA0prO; zri0Bim%~-&wJZ)EM`v08tV`5sV`V2Mg)A3*K5{ zJB0_j;3(zM{iGd)hDOP8ERTn(28{y8EBf72&3EP(pReeU{l2&!4M`^xg9)P9Sj+GE zskE%ZsbpQz6J#HsPi4EQ)uJm2{MkCcJb@0rNW(zL2^v{+g%cs%nYdLZILUtIOe+Jc zVF#Xa&C|BIJI(0*NK}Bpp1R10gYv${Ek&1xFB!e7%9RE0(fI=KX`I6YFWpvHg#eXs zd{oN8S$mB)pIzP9!_1D0*QEMRN`EXDh5nW(m6Vy;5HNO(pR=<8uvqcOKTW$3=+Ay1 z#>(gCYrPa#y|V>K7U`gO$*POLtwnbv=g-2`{qwaIBa7^h%$Z!1ETh@H-N}jCI{b!q4Iq5_$n04r4GyHJzkG zNkSa80aw}Srz4hd9^G`G-0YI~!z306ZJG(p|5DkdIF-(kn?=;FPjXX_-RBNNDx#T| zScoIcdxTbwCF&BC$fO8=dL7XC(Z7%Whi2$Go$R)7G=(2ExFK3oEFwQ!MmM1g$#Y)Q zzp0?PH=U2m&4vp4JZf*Kj@#hox0<`y3;nko$mI2huGm# zR7e>JW~ag#J;;h;yp&iU#^4sqD-nS5_1VQ5H%WvOl?%oYb?Z@_ZPOgriWW1=kL9V`jxA_RVjlRenMH zF?7UgwJ5H;uG+|_l!ooyJd`LL^)_j_jKN5uo>|JK-(P*(>kPm<+vmCV?1;<*v7HxfqCsSp+jFXY4Yq( zYTqhAcGfmec^@w`TD!Dg0`za4)Qw~XDF>gPs4rOda%>qZ+F4%vR@FhtT@Cw3A9ySrBX5R1`9ImT_bz6+~1NA;0*`MTNxEiy^aD|x%J+z(V zMPY&2;GgY*)-L8P+o-x|tauo4V(}c#e^Gm>?R^uswrc);SkQp3wjfCYDKvB^R5Zna z%_i2RboyT7FwUooGxBKmJlCUAf~E?j)v^i|EN#DG+~S6^BPK~Y&BADj@rN$gUx*Muepx{Hx21#QGy$n8+yUXAGB8Ql;R^=81tX{j6jT#_Z>rq zZ==pip3`#*X>oUaNoR(w((Uhwys+TSiSma%J zZcymzk=Q}+hl^|vY04*G0gq@GZkOPDt?xD=JcVE1A~-RQYnY*00Xi4tc}ciP7A2J1 zGpfYlOg<#DR4l_sW=|t9b8md%QMHM$$Wa4AbF&NZ(e9|&GAuqFiv4T@{Gd(#OO=7_ z{+ww8$t6e;S~#$>LsEtu=`xIhnD{)dvGPEWhQvNenm%5=Sm{HuPiV4{*rgR-i)s3D z@)VKW>RP`RecEU`rEv)&q^~hktq)ZFRDV_CtzIoB>%PAB{n!GWIsNRHD1M5=(KUt+ zezOn2N5_J0BK2*RS?+&I&0?=Y>x;i@KK$RL4F6jU^mjzw{}BTTSlSp^{7Xs|BP9XE z2OYHCux_oj+_W_9CfDolcD$>0BmXlYFF0wd_-sacb1LCO_Pfp@{dWI?Oc*TSkq3Om z=w)t=`M0)ov;ltUjr;ot1tV9qsk+qik!F)t&MENQedWm5t{ti)m}3GRQSz?+iB_n0X-2>8lmPQGCkXrXquH(0)x&etpl%Qq#T9S8|C${o=1jfG!=`VV$ zXUl{(PW$28_9RA55^$L9S>umSGnoabgZ%?IIp2p%&HfoU?cfA*-5%CNRrkyrrKcak zy-s0zkgBSQ?Fct+3-)B$4 zzqxb;%^dz=>yWV)G}3o6`RDJSsHCCsJ$`Bh6G9UzKmzdzYH09b#?8o;CNqc36)7_E zQi;a8arn~xf{tfpkUPu1Zv6z%aV^<4p?Tgpa`@u=ifEf6glU!K_Fyxa=60{{oMLw; zk@x3C7qg!lJZ@>D)O9Az|di|V4`5YtANLud+U(=5YK-v1H) zMa+HLpSQ)sd>!iR=S$>UqC&v|xEC0vQs-h(1!;M4bHOwWXFWRxac{#hs9svI5$Cgl zbeyRak&eh3@8f_!LdCRie3j6lTqku1P|VDMw-ZqDccW zhrY?#w$Vw_`C?B#c`F;$Tp4*QeaUahR35f&f?39+lnUi>7mzNiVSBCNy9=&Ub>j}` zU!M7zDj}IJ?^H5MKuUHF3M9Na??NZ>Zv&xzh~J6;K$Ga|Y1@M%ICoRl#Rt*zGVWDZ zoK0-4Jn;JxG2hsviNT&5L)n{#=i6&58pk{wDmn^bdAG=FW%I41`kZ?MxaOxdp-eN~ z)d5IrjOT>`s){tUehN1=20FijP|6~yh+PoG>ODW-X~~McCSMrD?7g^9sSUkhC;OkY zMJ#>2^fw?~hVjzl2sX0HgB0!SJjzlYfz@OeH~ll99r7DaO{Ci^cWE*`+??{%4-Q7F zTk+Hs77yozMXk8aq*QMAwgxbwh|yIf$3^ zC#zBqfKE@WpX%ck^BGtdt<0#f44m9w@HysmoW1Y`7hsxWO-`s@>06gyx`@XO6D6H+ zg1HXB=Aho!$yZLm%^7zVh^Owr)&VtOxi(fs-xHf1G3}yfd4f<|qwXvK;D>$yolF>n z0NsOg^6$I2xm_bHySloe7svFEHwd52vijHanwmNCg-4DvM4s43ABUZYgcLEr{gg1l z$$tWXj>LqpqY`XAY}FRwQG@;?9O7M-wK~w8_KY$;h4`YhW<1ZpH*Glb$n?re5b3^& z7bPrS^yOm*S3BW}Q7ifQ!xMhPM%xA#S{?8xhS9o7R+O2HFt$%ol{S=-ej?(m)>88^ zdC16Q4(u3})DZS3YD=&f283_79<^F=9UR>?#YBbED<0@5aog8=w+z7>mN_ZlCBiGm zCqcUu`JUnqzGV`f>L*N=899S%xOt8c%th*swu(Ve7bP{*LQU&gN{X^U_wTo@nHLAu zGFSwQ4fUN1+SAN`PCnE;`LK)M_cQ_cf4V0A?wF=>;sN1Yrt4Rw$ z4k|1}X~7v;S+H}~R6kL0&Zjm}@UqEh&RWem{-TOI;b(blis^2kn_dJ>4yyJm+7QEh zZCsJ6_2G2ti`QKyL;c&sQ#;%b6gvhWAR!=v8bOEE9^{GeSwC0~f5xg))djmqy*?^B`;pBne;;UvEIdO4_%B>UIsHS4qY!Wu+3AB-A0N|TN7KDJ^qm3x0ALsAG(qQdnq z=%;!X_2y%z-sZ0vDwSwtdE~M-@R9^}(<5&^V16`aQ&|2Ql1_Wubd#Dr0m~V|)-o(3 z7KEM;1Zo`^SM+18xHD3rl|t6}8JdDNEQg40D3!vRXD~Y86p@NHh}ORkAe!687i}a; z482#UnzhGr-l!hFTpGaeRf*FXIp#mNcKQ)Ux-=t?yc}B`Y%}8$E688Kmme@9_?Q6v zz|I&;bSyP@4u4^|a8%K(t85PkF}@-&=LTa1SE?fKB3VHobRjXud*z^{cpK zm1xEz%&pBnL;ikPaCrdMLYemn!pzBSLQWlo8{q}<_Xnk#iP3~2B^|MyBy?_Q2b z^ugv(!X^17OhOm;od#&HRTJt$AB-v8CK6*VyRvzbPiEeU5iRY|tGUa7k|HK5^GBJi z*gsc{GLiGb}-ODVRHiwev^&N4zAcwsN7#3osa0v0mcMB~Qh-7C1e! zKETwYO+I2Lsh@5Q9AJBYQ8~0A=&MoRno5=bIDGuwJNVxitd*Yie>u|<6*c}b)_(>i zHBpXZbqET^gcWMEfdC7V2K^L`5W>NI=G=sJw4*Vk$(jB{%NF~Ah_kfL4h?B8^2j_ev8qjYnsB#mq!*FR>v?;T1ZFrM-rpn ztV4GOwl&^KNb$)6Iv$y4h2hCyI%)#0++O1+Yioau zCINwf%;4id`$}b)Zn_Fq-MxxOI0px3&B0S49T|}R5C2c$%htndS|mest1@;DDjAuX zo5B5byx90E^xU~drzX_Up1r76jG$WgpQ~NX25+#HC6(TF0rWH60*RhpBT~Wc?uX7? z*U<%xbrvdwbNN;;cDkW38fBO5RfVJ~3O#382hX_|7g`xA7!K@*wK@4XK1 z1;S@$OW>!TPCBXyN>qu$#1XDPXKxsgtWoc)SyGv?^eol*7l4&)jFZQRD?&2QY|tq$7w=0cO&8-jPmp)v2*^$YsXjvKau;m_$lr)6OuaYAd_e^@~C*6 z!UR7t8Fr4TWFmyj?$OG1Mdvvm&LfD9ZPD#r6P@P4Pstz6Nk{{K_}+Ue+jWyv$E-< zsq*@c<%9^OC<03?j4f>KHinrbFru19lLVmAwLwIdqERH%aTl_Pp+u(ajp?9FCs+Ya z--N^vS0k4k{Z$7gCT_Y--*s^O|6B)uWmpT?SXvtWPcx#13Zlw)9Rx_y0~3-iNGz(- z1Q4QCgrWWnCsWt(LnTGJ>Zc9r)eDj~mUVMK?mkw)c`LJM)E!s9I8|6ajXphfk){R) zms<}uoca!`w()+me`NFix?8{cF}1@117;^NXaz&ng4_?VF>8w&PhOPwtSJCIPj0N} z@g2rCVLoFk^S)`*55yU<8zUSkLXK@Ax)YjmY?a~z7ycTS1?4e56{$hwEy`y(N6y}c<67jmWwra~c4H}1-`c#_ zA^XgsiH(uJa-`-!^)tjzw#-JIkM(Lw!F#&pAO*2^F5^Thv=XvyNK2r(*l8N!ZcKkg zr$&^R?b2;Isf&&W1~#h zy9`gLS1h;C-)T;6s1FfbK5?hg7(Kro517D!GG(Z~6l7B+rnK3?!a5c>nD7I{bM$&5 zE}P<*`^kOI@hr?5Z0-$99CD%XRvLsW622gZ+q`^yaU`&)h?ILl)+U8MHVvv@A=zaO zOH6JTa1DI$;)h$&mw30oW07@=xhBC}O%(`EWy<6OS@LJ2N8>nmtH zq%`BUoYcxGGeTA9PW*$!G?s(mTLh6~VeDOOs*i+<|T z@8S9Jk4&-Z7KeUOn6^)B?OU>C~v$IsXBhWN$wT9pQR%PX3Lr>Hm z8h4HU6wR$Y88+5k^&|ncR)juk9TT;W9P|_GZuihU4cX(`cXve7o#Kdx;L?b4|P& zPm5LN>a(Ot_i}1Qt2XEvG_t$7mGm{Q%~1AZ>lr&kPb8^s-6V0h*oRu0#pRMxi4Ega^R&brSXWjGxa<|U^4_*rWla?3GI9-P}$l8qG<`qh|S*7wiDIv zC2sSP>+~Hl*iKG=)Q(l5hLVj8&1t#QuQEA8=I63+SI@3{z@%VW*wUqOQ|!SL6y9xc zjo3vmAk;xItqN5o*1L*fbZgRejkN^5NYQ$St~wI0cSlt*ooB8}?=lo!L=nbPQ!I!Q z9zWDDCd4?Z?~BerEY6CFvMa3$jg2{0$;NNi@tgRc0d^+eY!~ks@$HwDr>CYJPmf7H zROgEPRueTjPyrM^7LfFcu7l-wI%yLb^%TAWXuJOTb`$dOp33rmismp;sm0 zB$ephBQ+#te0vXQ2Y_q0=7{xL@tlfL0LLh80e4+Kfuh0d=>UXw-F*l!R5cf_J9~WY ziN}}TSju+tGm6i`Nyed1V9d)7^4c9^{8_smLm&4*3LZi`x1yEp{DiipQsg@812veyfr-1W+%#i$4cty{AlkQ?*hGhCaK_&}zV zWU-LI7XTnoE1y}AxA?pt8XbxgSPLOfw*1(RCnGQR8xv7|j>2pgtO_+yo4gPlu~`~j zv9x^;z@1!#L%fjW(Q|QPcMzdj37Bjayc0J}Y&c2OZMHTvEmCBqHg=c^6XnoqrA2>_ z9K{mpdSw6+Q>Iqnh+PUO=)K#Bu0neaJn=WSebLYUwS!hsZg%~ve!XagFx14acEZ%K zx|h2Inv(@0cnwV%MU;f&(8<}!k=~J`MCl*D(z0-``@6|7pkW)pSq zT1NC_Ou`#yRKn9w)zSI=@fbWu#d65BOw#vhR>ikCdx5l`k#)HxwuTp{>*5!_Le9jq zg9$YU-@~jke|?D*zx$8>VUL#jr$zAJ1y+h$3iICrt94L7B3-gPzg?0Q zxR?-9uLflhxgLD-kbIlmNUM|?da<${nVV4-9giM#EJ2fB*&lLIPephzfu}R6){lFa zY$jK&?cHA^;O3Y^y`c1U`Z`X};PiI* zjef$bj5s@;p$6Xdw8MRgHX|rOhw?Q{sY>>s(nIKVF{lO_jKR7?MJg@b7CpB3a#f+m zg31G`P3MId3~Ay-DHAgjiy=}>X=U6DQEDhrg+xHTU!&+oA9hYwLd{7H$nnPdt>W4Y z$xP!rwJc<8ME<~$t*2*{Dz5@9p@;qm=V;CWU4BKkv6lX=cCly-R ziz5xp5bXK-0dOkP`s0C!4H!+3r}UTjiHwk?3>*07gN-WMhUUwoCDrEaKxEOcGSI)q zfXE0h!*$fuiPsw5YkvW|A+`>cFsfu(uFPAUO%?U5vR_@g=S*=G>vgKLN9dl2H{Dbz z_tr0K9NT99|ub6*e4iE%hH6?KKPiLW8yymchK z$dnH55lZ`d1F=fMM>I<6d~2e0aAB@;hyqX}5Mg)jbNmzT+c7p&aYTC2<*96^j&@S- zx^AHsVD(4lGjnN%2U0A+Dgm$XByjKod0xgeHbeFR7U{At@OQILDX`@+jd(wUnks`n zNPynfJ3g3%AYMs4Gm^E5_n3q(6o28&r0>ePg2n#y$~C|oLz#8-5>Ux33TO6Mt} zv#JR*IaSsw+Dch(zy0f7abxVJ(ffvsYX1$||No(YpFNLt02 z^qtT`5<=9F_$5Xy(4=|tf^v*>%qc(chMLXT=J5I(ra*e(@NS?y5(hB3(Xv0Fc?36) zW>9L8F(T>W*|d%_I+wNI=s#{R_DFsprbH9?#erfHA+5AuS1rRZLRUAYq)#z&%`ofZ zZnm~g3$kLj7y`;}H{Lp2WoI$SatB!^e^VYEg{`C|bqNj1r7~gjz*`w{a8YxmFR(B4 zGpkOiB6>^|7^G3h7I?zbPIn*D-=T!$Elcb;i8T|{rY*oc(HE`22G=|0QYRG{)?->f zD9gJ6y=QQ`O=>-Y@?2Hh4Wm-Ch&lnIZhiAsT_q6srSm|#&3NJSjNXTC_p`fMY3FuJ z!OkCg!hUrttNuIa^sD4WDl(^UlD}52-{OQmprThj{o6hHg#1jT5>YeW*;5p{{Q?(g zP2T@3Pi71C-bGYY+Q>d^z#ke!_{x|u>;no@iQzU|tgkMB!a#0qo-#-U(@Zx!^TLsc zak*pd|7MOG^l6|(-++T;+9S9(MHFj?eX#tSFM$dlEa8utg6GE>cP`E@4+`#09%?{eK)k5{IEm>KG$a>q`X{y| z4mSFS&x}TZOW_|e_4s=Vgf81@Z4@WKz%Q9h65sLSm?Aum2jd@i^v*r@x;!^#52IxPSA! z{d2M6KdR$jRCgpFY%ecb;I>Yse*YT8N{Xt>wvtdD3EDfKlu6nNbgeT56qqe(ZY?fC zXtV3@aGLG*O&XOS3XTQ?bnF45%8BgoQ~47sk)$14Ydd-G)%ru5-`e{W8J3>Kzb$ zJ8$(;xWK0Tc)5W!Y9U!zIUj!!O+(loBSqie2Lb)fQ-O1Wx%w+3|dc4 z5oI_>c+p|ohS9Mmqtyqz0He|GjatULuEP_d%b8GZHgvW6On&=fOLXlyvh)opW3Kjl z)sRSu12)jX2gYFuizKNS%S611%8qVMhjHA+b!e=cP?(^dyv!p*o5>p2wvP6}%#3e{ zTzWgL(&8}a5KaHW2DCGe4^4pNjdy8y&q@m^NkDq_HbRRZE3*2+)Lp&q9Nk#HnX2=g zb>lXUja`c*rWK-%U$%!1x*6Umq{T?Oo3hlZ^hrKvq-URc_02L%yAIRr-`~$|A&;s0>eWH@yC~H6YNU0Y2 zs9CWxd8!Vr<#6=xLt>XuS7JJU=qm(ejw2agUc%Km&9IY|(g5U0*WI?gdIpAsOO%4d zSSZfa(o#)}>N@rKF6x5B3N2^HF8vVp(<(@9H=mb1aIG|YNS8e+teJ3vPbA?SW` z$Q)9sjB{~;XoNB$WEa|L+dqO-L0M@gsg+n&3QBOyVNlDLi9#ho(oH<$wxvcaIcd@~ z1q`bPgOYA!5==t$?i;xuwMR_rbw|(xXJHIyY=Y*afi=fyY^&{u>ajUOI2lB^VJbYH z;%HO(K%V%q_ZPoK3S_zrZa1Zl5-c%>O`YNiPuc;P>;iTU@z~+)4$&)t(2C`9S!$xF zEq9Rdlwt?VTL5nex}I4n2+0f+2k`hqM?C{9NH-0ETzR*vqy(>J@iVJMRbr7&sGMje zasL=h#RtX6lRz+DgW-e8dX?v8#daM#nKE@NO6rGA`KJsi;atFS@wu(kgN9&1z{gA1 zkpm0F^$qS@2669T6?nibd)6RvWlr{pBT&lKE+CyVbzG(+)bPD_`(j?`K1l<-83Ubb zTvUG^kX2*PCLg>##^BX%Wv)}gM7G{ida z{B-aZg!3vhu&IW_`pI>ximV8bAE|WBp!YFX0O=;=e`|O7S{sU;>%!0rJIli6yIqJ&?hmskkDzAZ=w^aP;$JXqPNYh-DRkT+g z7D<`6mFn;4xoJ=0P)*FmVr?9`;qrAb;#pyAHkc0m2l0TO0u_9w0^GKk1VfPk2sHg1 zbQq@ zsd$JXpxl}IDoSTkmLOv^v1tq#OK z(KE!L$5L1yJm!My}EyqBCrpz5Pf>yMx_mXz72DSdf0F#ZWIs_?Ee?SG9;cYDk zkzwYGH)FPFep%I%sfh`)*47uiX3nu$XN6vO18LbgM&Y!e;8Yma62)CLa~3bgbYk^r zyr{8AKF+c%tIxvHR4A2G4fmui@9u5NG0~KEcrc$PJG(L+dRUV5`-TAO%O&+YONNa} zC5du466l4H$`||L8F&`|&RFQ-C@XM~-vte;rShBr462%mLkj1_v17Hg zdX5$6Bi-PT+hJrE-{DwnALDzNOWs$K-pA+?+sF2jG$bGGM zydF&Jqbz#S${hSfC;lAQ#H88JekeBxcq9It)xTNlyfLTN&wK@(i632ltsH)E(rwj6fT}1}><>Rl=vc-9T ziMa1ENBBQ7<0OAm;zIu$s`!_NMp?sUK@sV5PNT@or)dTXsZrC)#K(+}&lDt=s%g!S zzESo%X{sP|M^Zi>x*;!QM+>Q%R9nZfHEA47Q(}!=!gCG`=K<^(XNE;b>oT(-)sdK> zpOesJYW3)?%aiSGf7!eH3!aySJ6<-FkVhV0(Mv|$w7(#P41y`8qA=AF7^7Pz%$1)X zi@qZ+F{ghAW}ee6PNWDJswv=?bnU2FR{EdWihyF!dRi`t<)CtXnKe{Qu%i~!8-18jX_C)@+Msli(jBk#c!8n6Fp~p+kxwCM~Xnap{u768hL&^irKn=0(ERB!rq*QR(K!3icv3jLOSp zC;tp$VEa0@9Q^L!91Az5-7Siox_pO-MGP?_hN2V#|l_)b|VF+vDe5WFItCUAkKH6w==QX(Fs;J$NBvfI#_7J&BNf{Gk z5J_js)e$GX!Fr@~$qky6EPTYUoJ2+@)TVl9V8}lK`lW$*lt!A#V|!374__~2fn|FX z$UbLM>Z8O`i*Ync zjrNF1cPhM$8=bq66($y;x&dkoa+wq*GNX36uD1&bPu*(uk7xB>bTrD%4wlghCbn?N z-PAda1Pi~75mq*5l*~zA=1F&di+>d48NE83mdLph3w896T|isdWYL6C2+7BZLEa5j zRZ#TpD1vX-K(>vu3H`IppViIj{vg^c%A(= zcn;JE@xBvRL!)1)iu}=Hv}i6BUbD*IH1=L+QKMfn@b}rm+_k3kT&!(EHR=e^hNl^K z1*sl8=Btiawv`*gmFcG5gV98|DT-*e6&qT2hS;0&Lr8R-!h@vqv!6438A3p z9uNUMy(44iw2K1{c~%`Fc}@_omc1i=aV8wb(?O3@U5m-qa%ndAY|R95Q<*@^A^!45(I-wKI1(r4ZM^ zEptkoHeJhrCPi^if)bIYq0CiS-9UaR<;X)#XKS#D)4@y7RGX4?=|@YnFi~K^@yD37 zAaxOSYBrL?EJY2agM)CAB+L`McaZ(n!^+=BL)KUL67(KGt2a1n3#MdH*b+Z{^1eFr z@a0?aGx;zhWHd$P9u-*3WxYtlSR~2KD!$h6EMEE0O6Xd zJIowQ6jMG^URc)A$!`=2TUef;VfeS~qamj^1oA(kYJgznbl~MI0mhGN@?wrn@Lvmo<#<3LLtgD>NZOKx z{n2iB8+b$&d4hvHj9LZ1vsAB$LN4$6xX}=B{VbqoKfroFej@_3Z7*|4=EvIRCE^Ks z!_RILg}@@iW2wi5f_6!E{;+x?=j&UM(dIuQ$asTqBPodwW0iR|GrV75Nw3k5phxzsK+>f8T2Cf?d5$*sbML)p* z_*5M&V(ZR04Ay4%SVeK%OGz?0QILQBg}`I^H4pfK{`f)hAFVEb=STfV=lVYYiUQ3j^T>dEhsc6_U!Jk2*Rgsa z^P$y(@bF@_imL+dJS;4U(sC?lEN9Xx5i8kh5dxF5G?uu(_y*Fn%+98kg^$8{pabmm z{HT5_P!LPPp1*UGYBS&BL)6>&>yvQv=&d30i)n>!*8Z6*2IddoMnVJ)c?;a%grEBh zs0^ySamoIEpHII(|BnRN|8n*G3!qR~xBe!;xXxIcPC?bx)yFCeP;t!&E4aZP3aJ3e z082yhZ(5vLDhY<8oUKT`L1YqncY&Ts2hN8Yc2LYEvNqAP**F}W-}jD|uYNes-tO## z2D7J8GjlG~oam1aHiZ{M>za0mA>ch3R3*qlPmPm?)^P=?mvb4`Jk1;Q*35(>+%RVY z^TWFSR4^<}4&ubNM>p#RUt2X3{FUCRnDxAu5#o_L%>NQ>k{SaM9UUOa`0=WaOp9s2Bx zCtFYYW6H=?t1#D`h{G4HFfQy7cA8%gR)IRp>_(W7bns1hN+nj=yRhOmobIa!^O||-D^igm1$WKHC{Atu8Qlp634nT=lg zSP$OgG~p}9DLqeWBNs_$hal3r2WxbfNf$5*)k0{AaUI&rUSgcEHr zcJ%Q1Q`uZF;WhT=i`%mOhbOCl=C|)jo}H0+ z70!e<0d#AaWmP|=-R1J?&_W>e^|ePb7w7%kRVb%?bt?kC2{f^av__+DQpyfSa^S=I@+5ea||BBE1 z`$Xv9T{!+*x%dn^aj)X@>A9C(&GGS$O)q&Pe$?IlV3`kG$TyUjTg>Y4MFCwQ@Tw$ZK#zdT0*w&N>E_zfdTu?eUFbRlG zv}-05BlS$Q))|5jVt#j%b$Ed;^MW=-#IiszrwgL=i*U4A&}$M|T#ZQ~Yu)>NqGXFJ zg*5$H*Xg^O;O;&YHyqR*4>f^o{dlNN>&84UorNty)2hvmwe#(pXkt&P)a0_jF_c^gO^ zhvrqlYo>ZVlNb&?>^HfCG0GW{UvARf${C&4T>+RW`p!;3&Np>*vByI-uKPd9I?AYl zbK^NhuU~b^a82b#k&-f*&el-!YdIct`>JZsSr+ZHU1&Bq(0zaX$qc8#BS^k~WlruF ziu(8U_upMLGWynk2TOU_t1bL+G-JCxamJnn)(050Uu7Xl(-QslAt!?iEFcEPy~( z-Eun7^o1b;x=`FVpjCEtR*g+oEEVSyO1fGj-Iga~bMkzvVt5!sInmTc*8T9N!=J1m zg7zyjFiY?8a?nM}F7kOl!)8C}vcNc$Fq9IxgdgvFz zxalv$maUWik@`(?RZqrWA1wIm3FF^?FoJ(k>i&z>`kIyf+hv*f=Vcl4IZ-PO$jt{t zy)UPMCk|AMrUl|(o=;HNASR6r?E2j_)2e1EzO#5Y11+FJ0`K}87qY=(EneZoPVeR% z@7DO__?L3|*8(iJlB3ujKPsG~*tR@s5!I-=5_-3sTS3wl92O2Rf!;7zs>BHz^oT<1 zKpe*vM}U4AO)?woM$=Vh$NBW6#YTPW+-?`ssT*UFX9BwGNzPW|3%)-Uual4-v+$2C zd+SH7Y71y{9(1-`jIN{)#SA{cG2+;mg=sA)RWj{NGWNSx%1N%zz4&SFpNbWa&!jf& zTFzC?=Up|`8KzH0b4neS@wjc(1|O1_VMutKB{JkjZpLqRG@j*P%{WZRWg&q zY>P>xj-y3}XAhEuzfGndC#8fBzVy`TC3;tj&_ja#s(%!n%-$t&5FKIsYz;wsX<|z% zexfW8_A#I%aw7)qsv-9-)Zv9lPN_B<;X`!RC67g<RD`@|@l|7eYqmHH_3{Xq4EWEbRawA3u8jzNzq>JaB zOC!i>#IZJhrt+*#5)cme@$G9TdlHgf1hZ{qJ(kh*qSMpF=i}uAs2erkUFmu_eTavv zlCyrNAe>qH++XH^CL>L3jAyqhggd+(h@LvyrOQ1!&>7#91p2M)`*fOTxJq(ajSSg z=W!dAR<^hMC}~y*=XAJ4)qEfv!S~`JoE%WM5SMSb&4BZCxOm+Tex8#~HBv9qxS{%c zBIf8RTBmCE++ndHB=2{JpQ>r0#VR`bKB^08kZqM5_QN51H!bqC zCA!^iNqQ72q1$bS17!n6P$lB6kG%~H9Ass9 zs9OGT$p%HlCF>vciux4jW9+M5+5X21M&Mrr#{Zz`i2lbficb1Y#@5C*e-~9&9J85| zgXd0caXx7wVzT!8RuoJ0TmB@-x#^KwR)sb+`w32-sqtW50+ z;0+Ou9w`{Fkw3b>_i++Cm;G@3>1FLFtu6r5wHK_T8oi#Laz1nTqBAl~l3dDu85Ih) zGB$I-L4}W$nk~pqt@G;b#xkU5*U#SJ6Hw97dRPNa747{Y&7hU1{^*G4Q#)DVMV(J6 z_F9hBQ_d4A7a-m3H5won@YiJWD@C@_rj;uiQi$}F(~6}|8`0oUm!Z9J0ZKcopVpz( zS)$_7SV)kpzXuC}9d+kjxH%(`4P9*>HQrdUo2#79!ip46)*n2wNQfwRv)D8&vR4nA z_E$b?o!t;YZ3jq}&<#mk^ss7=>%{Npmas|#!l zfTpCZdKqT;5^LUhsS#Cd-<6i=kceC4*X))0S<8D|EiB6=8O*&H);qp;UTsDD`%;9~ z``)USkxT5GCzV@QUVR!~$tHIPjH3^m7@zb(e+{0xcaD{)ddb}6lr7NmHBO1mv(Ut0 zMM?A!-@I_ny>CB}I(UuVa?4N&EF zga5-e0CXy+QUtj&8NJhOHH6-3`9h+O{O+gw71&cje>m7F{&x2`mmBWY-)t6C^)R@F$LMcz&%yBgZcWuUm1g5C>Vdd8ntluRt1d)aZF=r)yu_S!{|)X#6k zJ`v@6{j~!pAvRi@8j0XO<9XaH>w?jhZk%#AV+?!s+ld#9C;5{|&%LbNNz#vZqlM?c z4;@eZj;J{t0j<&{4e}jZBISM^pt-8XQ z84mi{{_uw*Ws^~GC7eX6Y&ljHA~{$_VO7S~B)|!}Ig*??GM#=y;nVqGzKT>!E#mw6 zWM2SQB0&yO)^+!EUcn#lv3L0L*G2;nGHe~O0bR6qZS2Ge$4StXQ>;VY!j9D#Rhwj& zTQF}qq;e;(GaG*V)Z!%lvwAYVn zc6gA0nq-WM`h&1(bv5tb*ZGsZBjuy}+JiVSm&bOHsCs!|Z%(iNeBwZeNTFu?I`y-E zIQf5uw*NdKY-3~W;7BW{@9139t!$oKPR+sNHq~3Qp zG<%50b<+h=kVo%z{`!bU3JpMq!rg9?R(DG$ikb!K*~F`c8WOmIzq z;B)EWDPW4{ZX!gs(Cu&i+j8Vqs5^y&^6S7m^`;BSM zT-xQ>pErx^FK~&3F^^RT#kI0`bIaom2}taPz(e%~<@sp{PuV6;Vml3XCIG#32M7JM)X_2`-Yn5pr zY4O6D!{++2QX73MtOKZrZ(Afhgl z#J!HC`73xW%J?JJwU%iSfy(La?N1DMK9+4i^%Wjn|M7|?{)gmr_%kRR|4dRrTN|e@ z{f@t@*k!B!ZEr}6goscAm?+=R@5>XnsH%z>c_56L1sDoB^1hc(1RYwOgAt(?ZEf{+ zL#L|AvQf6nqJqG=iYE7UId>XYp?xYHAAk|y42bmbY~_&C^J{wu*7yB&DEC|2RXrMY zoUoLeJU}ZVCmlJ#e(;zUnHAfqFide;Zvz~K$+BHcS>cM+VkmT-)o{3*bkHEOGeQWO z&u`%@Q+P)mt!^&GUq?mzr^$EcFf1L%g4mlkd6=nR>Vv{aj0e~Vmyo4cqb127QF#+k zal7eJ`2(|c)s$`Dz^{xOlk%fSkGYVTh)jOpIuO~G9*c1m89^_k@e-WQ0Xfh}i1nQ) ziLl&c5NzwYPvG1tYJ33zP*Rg5al$q!#3}UAq zCLUl@QAd3W%$w~fms5>WvsyApq6Nw+*;`}X~e0KkIr6rl$ephIB!K_q1d?Z7Yef?XHs@lkmr0P zmu)$KitGc;TP8Hlgedp%L$tFHy*R=K!c1$!nxij{c@&F5QMXQ=@3ale(J~@OHqk>F z|Gx5JPeICcO`=yzfHBgfU7BZ^!o!1PPG#u|*7SC@&_QiKxILhc+v;Z!>2;DH---xz z9(Fsh6%ECmc?Q>%OzO0MO^^(W)}SZi<`5VGPf`souJ{vrF5Q(Zu~*2HuowQ0q!;lH zWLGgHweAV>fb)<}FYA*EpYzB-5A25wpLZ({9)19+kQeO^m{#%?A>$dHPMjS~Cu06l zd|baX%bU=KBeiE+=~7jmp!ea77zF%O{deaps?(P1xQTnwY^GGw0dE$VRwcwb%Q0n2 zBoV$U7?mU7dl&7_(ksmn%ofJs*G|z!51e{Bqb;cSB83|(jm5-Kkib3qD`?$$U~6lq zt6qy{#&H>LBUkQ~njx-IZ6A=5xk8EkN=Dl<*hsm7L0jK+Ml$(@S5wD9u6E_JAt*M@ zt}@gy-}|n*u1U9NUu>nOp0%0|7OsqA@)dz8HBxS(GQ#N!Id@rK=4G#@%*0()0+UJqgHILD#5?Dgyj8{M4a zBV?K0OT%Z*Tt!99ly}@dQg*}XERk>THJf;l47z}z?N#+hJVSk&9<4o<+5l_{ z;=v*!3PG>uM;^m#LfWln2n(H-6+@|Poe>KYU=-SgZW$CacA*hK?B0Gh@&fpdSllAf z-F+c!gO=>~d1-J9G*9(ovEgj6@0T>*T9xyn%GYe!&Q{Gn z&PgBZ2nX2X&v+}4=UKk%HPP`{#6yl+pJ4P~5?1uNo;wGa^1GA#7}LRoVfCL8EtR=O zdmtF@*7kFLl5C^(cfypqQsVh>B|uD)2Gdc2+jx^|o0IADz-fj)bE-V9U|Fm{lQw9? z*D4o2&79j!;9<2GrrlfAp#5uRb{_#AEGr^~z*_xNE?{litY-R<6+qQ?hXk0}QZIJ& z+imLL?oh0RG9x}oQZjNGu<#h-3DCPtIsyI&GGp+^*my&+@lu6=+@s`njA)R@^r9Ml zTW#!Lg6jjj=4_xECNcZn6jJg6FT#yM`mKe4KwN0#qfu%=A1b}7Z ze>>$(HQa3YUGiiMZy#*c?xWhmjzhDW;tNrjJ}ufe*zZw1%~S!;_p^Hb_3Y&ZHaO$_ z_3Skc_y0GU|J>^E{mXmotJV49BENLr%sq^ah?E_T|LX_Gzxp4MKW#eQ|02GE71kua z%%`&(t7;o9I=A433&{fbuf&C~W(A5Y%Bl!>s_dnjZCH)#5$@)^u7KXi>=9>_G|mN= z)3X^5v(nFAhfcqLv+BzSnL`~{r<=mN?>F{?CRt(~mHz0r9!a*umArWMgdT)TzJX@# zRV01t1~Ny_O6ERao#2BoJmn*w@7g%XXrBIoO6z8eD?a7URfVKSN>DCRYN?NzY@4O~ zJLdY1(Y%m0xS|DuskPf0axvmUQr*+C;75+zMQ@g;4@EL1ZgnRq`C6xVdJd&j_hKBMI3$LBe2d1Oqu<8 ze%_14r3b%3q><&6HIZDMiz2yNO}AdNXYenTT9wD^SZW5fr=Mxm!RB`*ai}Sg*4pdL zGkK47>vQHECIWZ%sixg}eqF%ax+#S{c*4(k#t>js==plzW|by|X6THLwTiuhG7`WG z=s?-qFyZDj^}vznAnKhG{o_0#O>T~5|G;Ar3{O(DBs^3W_Kct8X~HycvvEMrC_57WQ{bM~iixWtng zVWGma(@v_2%G$ZQU+NY>T1ISB)5KbuC^0u`?z9{bFGR*(F4y<|$*PFLlD(C@Fl|ik z``Sz|eN+=KsoPC;bkZwF#rO=bw1fh#Zzjgr+E>OQI=#1YWy#@`L3a114q*czLo`d*E31j=U(Aiz?=)$ZU{!#g!-G@L3tRU>tU~0H zC{4+nP@Pj}dH?xZ>=dzyz4&!Jf3U*;jm`c!ZKVDe2Pp7|n3II^7kFd(o2~L6$U)WI z$?U(6_U|-ZqoSrI(jQvK&C;_~+6C5zm1^e}h$yK6wh>|GfHO?-MAodJnz+Ot8hRHNjBVYs_uX|0I>cF31e|U zgiex&PU>QD9PZj>0zjK+;u7l+7}b0rUq&+xL32iy4o>Te&6(2pJVQ@nJJK$G+RIho zx}fUDo9LCzoWh2@cMjGpnWBH>5{Ud5oITWG7-d>pQE6XUsbx7%-#=cVuc#~$u?$Mp zo9&Vs7R+G!@c?r6Tk{%80rx)jBTB0H5hwi+VjN+d5ySDUKm4@DM-Ce>j!iz z(G+*(m%M~#x(gJVxQef(d6HPMT{y!xjLL)#nF^sV4w_Q7wqn^s;ThtOlw~kMGJpDt zHrjunQ2sgM)c&s`PTa=gYpw9hepSic?r+acjY`&EC>Gu)rQPBD9&%qeD1w&ELbD-M zg0~Uh%)hWOub38ox1<1T|KvVK>r(7aRb0H^jLGXk6vH&tVpR+p_eh5!amC%_FugVV z{rU71?i+1fG~XZ+ifp_RT@hZDKp!I7RBu?>Z?8#&bUKojMHDJVA*lUxiz)@$`B9V* zwHfntm@S9w)lkDke#$TH0u-x)IeJd$#)MPmdzG(kr3;Ytg_&5GDYMM3V|CmKp!eu= zmQC9Qh#G=?3cyCoXHnbFZH`DFaR=zUiCq!%Y<~51ckOapC5)5HkVNyl{u&^i5gP{P zLS%;??jMuUsZ>Mju&b}ds*DfTtMWn@H~4+>b@L1|&>JjS#X9%gW9A16efo^*4&OsM z4c$;lXAB8Afe*WU)#O5NP>t1$(^>&_31B zy7WP;KIXrCbC>{&RRRbF*d0^n^%O4G) zqk(7O71A}OJi+`C<2mA;W`pXAIoQ@mL`!*Z(p=E-? zr#P)r!;g_>t&lDXha$*|9BN@C_H0(cp^@KBjzz$-OJ=)Ts`WZ)nJJwg5$zb3#Pq@q zc}Y1e%B;3Xi5lWdyks}5n_SmK8|yWT?f{19TwD9*o>Oi3nhl8+EQavj*dxL zr6wBg^&NxEtoV5N`hbau#aChY_qdob{Okq`(!J6PWOJOv2-rnNBB<7){*%U5mi5!h zQ=fTgh^CGYLf=ajC@cn_GlcOVU{AR8G}5fI^@#}C) zKY{6+pdL`Z2Fg%fy-o|3+q66ELCkxN4r zlF_K~fdwIy&=7*daTV>)g3cBu7E;Ch>Sw(N@HP^ex%R(K$K7{JpwS~YbUtyKU4Pxr zx}@3~nV6Zn4E;8EMdxP%9S)91B_JXsgxm)xA`~THAD`w&55S6%kribEH;8_KRGh5B zauaeurm{)bVob@tpisZQlk$-9lbo?FebwtG0(#KYd7(+yLxnOU(Otf-ey^XcEPjNk zFVoJOtfIzfg1MS9GUnupiZ#p4KyX7Lxuf7%LZCjorDJ?MmzXeQG05b~^w}ywQ_@0# zw2)iBSjk(xk;zpT_}vC~ID;W==d^gB6Bs-mbv;hUC97%7xy-zV0J?F)_6j>x|3`=g zMo{6Q)N>Gpr0LO1XV->S+2AOPbPk5)rnJ*q152(0sbTd%NjOVQX%WoAh-QDGO5y`t z{+l$DDz7+W)3~%wH+skvtore#2diaa3Mh2xG>02~qW|YRf4##XV&g6#aYr(A^Z*X()yxNVFYjV*B zGi=4JiW-kW`$$fxx=Z1*V3wF_1vR>3t2}>NJE~#qH6JSzwEw zjfck!R8Pb(u>g&yzbDx|iWYUqB>V-#y(rwY-M7yjrKJ0g;9;L1_HYKj8JAg^u=&0O zP&;C8R|*n%^5Jr2e$VMnmf$Xd7w8voy_g;LearI^05$jC*lY8LZHo+Io?B|f?$Z6^ zhWmLb4Sf2Qav}eaa{v4gCjWnwa{qw8s}wb9fxf^)F`6Wb@}uP}D-%5tBHTcrBvMj@ zISXTak#s`n;AZX6zOuVfk#T2=}OD*Rk2F$z>EcrDn`k$6lOs_1kFy$jszyqtE&1*}O{*Sbzp2`DERCSS;buy6*KD<^ ze#S16_E#EI=*dX>E`J&buZI&+IWbzf8dUo)LihQAO@-m3yb-$wc@9MGM>Lq*Rh(mb zjWNkIk*8Q!Rn9UyJ<${;+07S#gSHz+vCJR(lIjY8(t7|q?H>yZft&Xmd6Ml0MbUL# z0X|^SkPf>9j}UnXen$j<1;==y=d1kThAn^Nm%}PVQ%4)d^NuJM3|Qc-Ac%LRfL?gd z^i1E2{}R$S8c+L2M8wIl0wjL*^-cc~inIMMBI3_kqkq7Se-STL%9e`Xjgfs=nql0#0;hfjnjoKdvB%lg*{w7L;) zRCs!1q2=G)@A;l(MvfxnhpjYW(|443Bhb7d9)Rn(>5M~}_ zL|mYl5v)?k1Ft9OO1Xk@0fD}yj}>Q{x;JM+r0WeeMM6-PYV@Jl!PZK#1Ca;lG%aeg z&KPB^Mk`SjIujo@)a^wd6fXUfmd_C*`$496@r$)E==+a+Xr{-$h^ph)a&moC3<%89 zjIJZ-WG9jrZVw^GJCWS|sZ2mcD2S#M>MC$VA5}|yvq)KMZB@iuJ zK~u|$!L=CfP;qAmx7k8k4%DybPqoZ z1h7RDcf&gmMQT_i@QbumqP+o*S!DT7$33v9nO2qtx1%5Cxw!A@zdhkQF2xf$?y+++ zqaHbvu7rw*5y|Rj{KlB&67~D=dqgaOPpG>jep@4F@7C0Sy-5+v!Ala$=9B6Wa3l4O zh)E60`f;mDsvWgx|8fl&LOu=70RbwAP5_?@(F^RKMhI?SC)QGCCJPwTF9#xOP{Si? z(Be}lmeNsAA8`Ii6Gwv0OjiY+>)HfC;v;wzY}oB55aTc_egX>NAr8_Z$vadvX;AN2 zS#^t*ciqV5%EDQ)%GQ4MGd>1%T~LlBI``o?@|Kq-<_fz!&LveuBoewTqB>(;UHI|B zo;&gk`G%s(@rXpM4>^@lWW!8n@EgjFpjL_226{i2I8VZ{{Z$?BW8F{E1YSaPHkps` zAD?XU1HnY^pZ&NaOGoa*Eefzrk)mmOOypqkUO_&C=?*myIQ-CW0e+v*#cOD{N&(;J zT_WedOCIH`8pAh(-$2^uSo?MATt+(AX%ob$hE*ER(w}8IPc~=U;=Mz9bC%EqQP3#U zl9$%KowXe?`**9Dr zQcsXy3hVi!Z{=A5$)rCz+{BR+V{er81k7h|=a|X`LI8f1-%)P-Op#}9T>n}AR=)bv z2EH8gd49A+M)5wWOa*d=LK*}JUAcnUxu6&mkgZe&>KCi|NwEZ$3chqzk;I9~O07&2 ztA#~pF^gHbH~^%FE`ffr$F2y6bumgxtP#=%5(Xo)RbiC5jFP=UGkd&L`a@K4FXY$@ z;?RT`Ns3fdb_P8PAY+}0!*|ztoMT>_EIN)o5raBMGcE9DayLXGxl;S8XcL9nexfC> zHN$W6vC?0xeZCFLM-9M4*X?~9SGi5Ib zVl$Rm5hY6Pi=kjflzJGNaGhxU%#p@mWHe!Nl?l$&4n2t+nh+=4#12n8c8Up^O>Utu zDO_es`5`N9QZgYl*xAR4pN|qibCbl5P(qTOqGDh}7%yf5tr;7!zJsD6xoo#=-8Z-{ zCNzL3e@m2nR*+DPkgh-$ylKA6u(?9{YLZy?dYDWW$voTKl(Hg4wYef%4LUK}xDXRy zGM_JV$+NFex7t|3n}SNUj(1e=wJLgv9xf)Iwa-_dPltMBK#J2Ak!GWN!tat$!D4O# zTD48nZ$Z=Xo}VjSYY0JtNyn%-a@3Si={2{QFL0aiOoyLMw_8hgek?$1+BcAr#I?() zSXO9MTMR-nQo+cQEHN3eUwNwW}RXiZ@G+@aHyi9&&-a)6n^_NCG~ zYPD*FENqA%K5i`fLc|!BS|z4}u46VPvrEE)5UI9(VH5m_D2^3gg81df zr`N*axQfR;70hlZo?mX7?!F!@tiQF;6Tj8k5NNiCYRa(jFqn7#P1H-1SOaxlFqd9G zwUwiHb24wE)vNb-(5}AyW8YEQG$$%*iN=4>uux$fk(D+$m(+$ttbILf2x=bUfVGf# ziL^ey;V!M!Kx%_a_>p;5dcsSr9cl6bB+-^kUrEtq24q*SB}w|@qtX4 z9F9$w=82!O9VV;Ida0e!b>>jQ1>giREw3>tIRRb9crgLA%Sg+Ft`9{X%sGtk%3zNi|EkG?Qs9pSHD%?c#N$o7#~5`p-SYoVf*5uIdWSc@k{fA#rRt zzsA#I5a9(#0@Z9C^{gOQQ^V`hbVT7MhVU5a^t^RtqNKbT!L~N#4U*h7^A9;H?EDSE z)#?gti<08a{0i-I&7t}hu^jh!8eve_qJ;2~xNLmEk#M<> zQ49vend$1R6@jKPPE?s-f)T3#4kvYv3l+5m)ci^{t%SNrebulYeqqmf9O?5S8>X}q zWmhwc-0BxQb=B7akMAiV?%Eq=FU-t*CA7~zd1d_CFlGAM8^W<=2+Za18fSz3fLn&a zo@CZ0H$xED`M=uA2pd@AO`;);B==QH~y8CR~|sCpG+%YdXfB6XX?I;yAD zPLTN#Mv17?vmnI>8=mUhjHP9mmkF@(h9xLi*pq8}5EmEt8%0$^ujo+llV&mI!XkW~ z?^PN@^XAs^_1G)R+MS(&O`V;QOPrnIJl&*19(S3hmQrgX%GM53yzGtpnDe@mHV`ml zGDTLQYj+W)@J~(9Fj*Pvi_^ia8?K5fUgzmi_qj;B0?RY24AV)6Rm+{hm}`rT;4@@a z4`hN8Iub|ZVYu@4_S_VP6x|Y-UFf-5P6&nDMcOb`5wwNv(^WrD6WAhi+zlLCr>Khc zyI2@{TEPmIBq>$z7p~2-Xooe3$MUL4fY~chwe+$^ODe>jrBoFg@Vf9&*B!Z?_V0c1 zGiSd)-*nI{>fhkDekj)y(VX`$4wa$roi!LAb~-4lEWZunc0xOE0t_DHQbV3fF8XSk z#Y6==^)37ib7yGPq$Tui?${50MA1o`ou6ofywa&MPS_|*vX9__P9@teihSXYE*N)? zF9R?vj+bE8kYMJJV4g$6!@NdkeL6_*4Md@f;MCC#_%srq%9JOsB@#jh$UwM;kE-M_8 zV7HQPxzrd!6}vbrFYvMUFTVX&Ns*D?XfQdJz2Ch3r9?loM3q(KTM~8m!(E{!tp<}9 z<*3p3S4(YS`hhQ3i+OydmYp@_vK5#}^C?&y^$tjhl}@i`pQW;@K%%j(SIzV$ahAZg z(lD(zw}=W(i}g-I?A}2_eUm#@<`}++;T)s=+=n{9Pe4szaS^bdq+}k0w4@hgUHKI6 z0?4#rc&{!Zg=Yw;=#U8PT@*}oi`XTL;y6VjNa5yYSLb`B^u7p_2D0|8$nIDn1%t3$ z@i?$8^T=zF&U{<0d6NQDUt7h?NQVovTXTy$ZBe? zN3kx~IH<9J?Ma#9pU}U5&LYcg^vWF2Xcos_v^sO*<*7ta( zUw448bU3t(yH&4nbW@y=#!^>e0H4TpJ4ey1$ULmE@#~L<3_M4x)!9kC#&%&L=Wx6e6ZM|>paGIEDEemEX z`x;hLXWAEl^JkW)xAU62#@)sfyifQ=@`JJ!e#-#qD}=HhCv_)K<8pZC+jkM#z8zQ( z6Wq;ko{N@5&lo#b-bqB@t!{0%;2JlS0yh{#3$U0QV$az9B@88pPDEaR*B=4%oWncV z(1Ag*m*>{8Njw%X`(S^If2O0pZuu{CCzEECCz0=OgGvm@NQ%`;4cIUL5P>*`+;rbPUb;EA1pqMa+N76G!g zG4J%_Zo2BkRXio$1zoL7^Pr(yHW`Qn4n?BBjL$)0(Bao%L!)sieLC@u&2QT@t-lh= z?ar>ch&wM@IPpfzbFEoQf!g$LjVIMW|AjWA8X|Zox1w{&xw^y7;&gHE^sFM=S@M3f zH{7)3$xZeyOgB+e^om2;vwar%xwycGdB8gcR~Ti`8&uG1B=8#?_&x3}{z3%U0!gnr zmq(I6=v zfKDzNU`CdAFc9uV4SWF~AX&EIU#X10gE)Hjy7?s6K%h0Y^8A~)j;x({q`Y~B=DB;X zL#yh8&N|th7IzAs(Ai&Wu%v#V-to$uF4vj36XfZVj?|#`Ikrghu@S`0X-w&_5J%zI zm=|5u-m>3SdVrGFxWMZAfxEv5>$b%j@UY3>O@b z;1W*B)lmwUrIy=OOhLqXM(CB_)m*PXU$yBFUgL4O z2M)%4-!-AFA=eJBb7f&~1S>j~Usr`+8l6L~YU%}iT0tXgjn~%QeZL#27D9_qt823H z2|0EHCAFwKKojG6&3uYXIFB#&KDo^}j>t@fDZ5uc??{|@d`R_Hbx^f~4^=YH>?(VN zKgm0mNJZ#zxJ+4)v}W(`uPDd{#z zuhyKnQDIi&c}!MZdplm>?lMLl>y>!umL8=;ZVy48xMhXqvWD%#oB&RJm>Yb+4kr6d z8j0*RF;F&mpmc5;#jBftR=PV^MMcJ`>ootAaR1IgVAWn)(*spO$34t4nk?T$vIfzV z*sgNx@XXEC!k;ksI1kwbwp_g;cm4SX@yFenE>s2k<*iBhpFlFvzXZu&FDU;tWd1k! zs{x^h{B`5o*0m>Ekzhf<6X2=(870EYG(rIPB7~Cwhzk`cwOgUq)tn7(zy#cvF6J0$ zYFcVqRXj+*RRkc$G#Jn}uFgd?EqdT8dzx#W>+gSheytf!;)tg_&|Y{Ad2M-KdOp6A zz;!y_=@4j?M&HjiYMmFs)yN)V(xTM-1ZQl#DV=lgN_DDE?EzG8k@JWwY+fFdbSs-I zaW{v~t-i%zc&5qzUTB>(#NbYqx+Gm^DNHZyW=zj|OW|I*=q^n!z0=6BK~OO{@1C7n z>}ZLQJ7DU0ZI-Ch?sptFfN!*87laH|7oQ{vu)Sr8u9J;hxZ)vH#let$3x!!dz zpz2rRw7wCK5|<+Gujbjd2@|>3vo0T2^u95V$6oc_N`X^j?X+&sksYcb&0?1-*|u}f zk{rJ3WUmpG_YfUFPu`emJ5#}ouAKAszH|7_Nvd8qJ9TYHsv2U@`Dh+;I&~=?wmWT3 zDYbE&#SXDPga%d=?AX!8g$<@fEs7DLE7}IwlNj9CSlC!<&#gE57?RGlG@XBFf355Z zk!fwAMv!8rM{o$P5qt>wQVq|?U3;i&GBs8Cc={40m2U0Bg?ha4DQuxcks^mkkCY9P zd}9FY%(IiFLN|{Db)lPZ>V^~|^#4HDAwKDI!}ys>9Kab5JixT(Pq|2261H?1^#I&Q z?zK#BV@Z|;J{Z7VL2V?3#29{YqHu>i0MyxoQv+sIhJ*Sf!h9k{Gr%)d2cN=BFI~!j zANn3|eNO_gkeQ}cQ5$b=rAdZ(cC^(>jDC7!3t?D{Tyhi2`fP}gp_y1MWD8!B86W5e zz5vOzF;DtK^#(Th1F^u2nARbX)V{iCva`c# ztFrsBFlr1;f53-O4JGl+oWm6@ExzXx@T)=3w;%U(os_KR?f~WA7!mWbd!+N+z^yD} zgz_PNaWvMjfUpF^WkxiEAd#O_RFzLQrQcMJ5dD($2)O2>Y9KDfqoa0E_~kR^l4cIO z%I|lk00#wP19mE?EqrcsLz ztZSF9(ZqrpIoQ2jS1vU;f+IWa!A(21R2Vb8@I6w8BBI*uWDJ;TU7;xCqpRx*XN?gc zp7IFpjzM|U8k!q*u7BYY>!1+W;@%dRu3qo!;2X<`7!5YoN`SjPpAj%8yHJo}H-sVj+h7jZE zwZCWO@?DkfD4SMVyW4iS-636lDyN&troVB>z%$!QvpK-V>V_Oe#k;N`)`2z>QedQz zttAbZFu@fjWDOJm{~A3T2Zui}sVi z6tLG6Lvn2O3Y#eC;NTb#AF2Wze@mQIBKu^cOg@n+V&xD}0i%+4NU;EWm=vNyULk44 zKxHGi%_@J}Es0UJ=KoYFHscv(bm-?8F=UXb@2({!vWk7`yPvpr`;-B3P!t1(KdVhl z7vcOqZuec!LpB20?RqAl0)Ml$kL78g6Y;Mg(S{4%kzq!R4Hj^MIngGl6sxUm z4j1D7J~KpaD<75Od7m$*sezDUJ;E0H;x3dx=67{muQGa#w2_UETKwgH*viQGI7;jw zqB~X|(pV*7R6O;hLSF%iL4l$XfInY;EzZjJcbIbzb<-VcS)6ySmP{rTy7bwL%fuH# zXBDZi#t?#2X)BNUAQE*IAG7qu!oIPX=i|XF%6AkNT6AVtvB0_c(%X$I^XpABU-Wb( z1HCwqJ-h(<>v8F{+Vuby$7p%ZNh~Hh9j#t~+^B)i z&_D%MVZLSmDSRR`HbU=51)tdH*^!1PKA zb^3_u*(wr+?n;gAx!qS4#_+=Ro!Y*gYU!^;; zC!c4-bgxO|W)j_HQ(MW&^U_9KcR`h6&p77y^!DMCd!X)*W+xx{!&GP=3=bjOSxwN-9NqY#3eXL4 zSBy8zK8_EvA$RoEVP8anls8uPlu2KfC)&DBs(rZ(L;6pg@N|cxC79}MMJJ!W?O!)r z4tXPlnG8>ty)CRTK9QgLSG>WVNXH1-pT<{8IVLrkpV3Zz7`23)0o`M{_95hvGVj&=;Lstme&8=WP@V z%EhcsLpBlw!p`C;ZrJ4j8)vlOu3?l#l1=|~hiSw9@TY9pooRF}JEPk^c4X%e#mW7D zq@81|VBNZ6+OvIcjZA&F4g;e~i zc1*vz(lanDLtM3gA?C+UeVgU9je6RCoZ$FMBduj(y`iaqO`{7nqzV$i*;DiUwr!ef zItNss`^Qbpjx7RIO_=3eq*-S8%_!uetSa@yStrN4@aq2ci5UuxvSPzwJw%d&1h|En ze$7yieP+gaI>+0XXR5n6i}v*UC;`FCnQ<&Q@LJ#u-)2{uBDf| zSS|29&{7!>LDbZY_M?;?++1(7+2$LQjK_n#2Q}Y7E@#ys9o*rJLOv&#kG#3r`AvIS zg9ze`qcC0LSg_fq!dWIIpLEZxSG(i+=tDlPoM#EZY9*UzMd$bA_$nqx4J})F=jlAacP*Y|h>Q^vB_(^_5!hJNt!0CJxK1C6jR*7sw=r@ z4nZs5A?_jaAQw$nuVoE>N4=f0UWl+zS|+**O@=aydJ4+EC_MQehN#O>qQxC2^vPRdh9UW# zWPvyM%X6v~rPi<=XlqV%@>wkBtaBN+K{v?FwC!?(N@Z8SX#M4xg$+9_VdvL6t)6h3 zc`o>sj0!0x4CLaca|k1O^wfwFS$6YmHQ{?fDYX?nHVk@!54p~1J-hG@ft^};dccYb z#+uhWf`?bkdl)fK1G+{Fl`LHNebc!~i`>{DG{xtt2+dR}n9H#dGa#oWaV#>t%gmj` z%@6;*44f7T&VXHo%pzOBR4D60+c;9#g`!XMdq7G)!Nl|p%UF3(!)0kFS^bXK5~ro5 z@eU$pl|AXjvo3!mxe{<%l{_0#I{8^peHeWHuxEWA+UQb(4_MWddF~I|?aDB#Cb+pY zXFt(TfM^UbyYb^vXTMPZ1!e1S_+PR)8+#RY6dzbyC^nZMC<{trX*+x6chc2ZMHs+j zIkQDyvhqE6CC+}RLJorOoP9MTx1LYlX8ah+>f~tk)b$j4f_(BH#NBucvB=j_OXiRO zvtqA>r;4W!6x32zj^i_6RoM;$M;~DIGu)T4_nu>@s!NJ*55UZeoHtd#%v|d-IHrFK zUdIdovOz+MnM<}vJGmqGk6HDPHK2Xdd<3h)-q=k*KDh1GldtJNIX=xIYF*+^S|%NF zb3)4`pDQ;ll~~O?f)4i%4V49B12cO|AU|MaO3C(^bCrc>=mj=~X9{x{X8qQLn9fh1 zpz>rnLfui@Gqwm#;niRoydso+$vl4rB;}2KiY;P7#AmtBj)1Rni=2J9JtjxUwLNg=JoMhDPiI=2aOO zHb1D=V&o+dR9x1S9}6+_4YSk&y^@7J(80n^|Lw-px(~khVSH;}J&2>2TSrAW=>%gq zP4Il#I!ZdhFWn(F6(HrX1wP^`On4juKjO|Gn?D-aB|Mdk%)*dA4K@#o!YUBK2YHNy zn@@n&T*GHeWj9OLUt}CC7?x4W(>-sRsxxEQ{g$mikzjY3E)h{(hMixqq2Fs_-A72B zKR0&zwe+KNKKSbkQ^|=!=0HMu=y>X8&%zMUJb;DTSTsOxKlHda`7eyFw4}s zbMrSS+$}uKWr}z`H__HTH5h8`G-$1{AO*E9)FjCJQUXl3gn(W=g!d2qoD8n1kn8v< zR%9;Lz37WMXsao|&avNLcngcMwd`)udXIz>Ys!-h-N7qjw^jCmIsbE>b+A{&hBe-t zg6X^8x$^`Va~u9z@^%j-8tjHwkg7Se-2p|}mW8MTLrK523)R->3vd_Kjys1RZ7E8H zvm29*|3h^l#+Ia%8!*cqM-%on=T2EnGl-{YS=%f58Uw1Xtad25d8PM~suZ`4rckd~ zoE$}Y`(vAfR5h!TUcOrOV2uD3G##=rb`eWD5SQNkZ^+`g{R%}UAp0&a!X|uHE%y!|R<_L^Vq2M=1IX4bAa0fLc3Cjy*ECk?Wk)xgTJ*~J^27E0Dganhi!#npw2%A3MeDweqU5L;wBfQ2xN z>@jm7viw9J=9FUR$~T1^=%4g8hf-xZhEA9x(dcaXI-{Le+WbX7rfvpo3F_zFH4cEK z%rcH~J6KO@#T_L_u?*s>Q7&4HXe*DgQWT`BUj4Ev;Z6`T8#O|Tjo&EQQ@v{lQDs<_S*U9vunpo`H> zTd=h2u1&CZYV(h(=eKo4nFc0#I_k&Y}iJB%|y!vLrs(ox|QIou}d{Smn{_OfD|XWfW}Q1P%f`5VpQk=B5CO} zT~G@{9?U92+!o${xl^9f%_09#%AD5DQ~wZ7pJ2Xwfe{F6%2nFa{@n3 z()R*gbK=&aG+~b-qfqlZ*;A>|@S_yxzp{EnE^l29w&fw#{o#|BrwI*UJotuK%zP|X zo$$s%Ms|M=hGuKlpcMT2V-voG#<66qps3@;f>I;oR8MSBz;=s~2LWT#wMEF=I(Cue zwx;Hp2Bc`bBZNx@MvhC!2RWBxNZONUg}%F2FE+u1Ja>LKLp2`Tw;`4q*fohTLf4wU z?eCTN1`BfBX-0S(I*jMnyem^$Sfn!(YEA;TKpFJme3m;cc8>i6>wNEO&a^Al?G^R$ z_SqEb%b!~KP5x(YzM8t+0Fv_^JWJ2d8@wRMjmpqi@Td zyFF3oWd`dyn=r@-QLwL90~o@ckGDD^+8scr$4xnt*K>9)31n5U?A%$G1|&ey)J2FQCph z$=WBl^`2OHW^7<{?1GEW6l^lf8w4=aZ=S?zM0-&DGgM&LHR!GWU~MA?`7OWpM|O{s z53K8FN!Rts;gTDRW_6{Yb~XpbO7E~1*FX_2bWr)W!j&o_6@l`#RRW%QlU6ywrFNK{ z4oI_eS(s$wB7xdDyu9%NMRJcOfzeLLZ}4Z7Id_x}<-F9q-!<{k_5Mh%OZ>-&Q5&@L zdkH)eP4h2TAI%FjdY@R_%@kRk2_kQ`juTb%B#nYnCb2|RL|?kf)fA19dn{qO0aH04 zQ#rt3dU+CGj4BUQaqE>%q`kkC-hho>#31i-$p?J%x4$@b#%<@8zt}o*c8fCKX*ehT zlmat<{VwYKHI|&dV}UDHMLQX>Y&;IB`olaW znapQIa_}fj20Nd_3L%%eOs>`zI}vi$y=|gP53%C$ULUndI4u>d$&hUJOJ+gRtcGJ;q}}<1)=g%R}gb6@QqoRwvgjnQTFN ziW{`IoO^oUs;r?#QDx;1qMHEp8~)yBcy}qevN7lJ?uyu`Mj1ntVAj7N z)9$2#Mc6Rp%!2%bCG`B;RjIwt5Uh)3g7G-Y(LKka@{EXb#x0L#bs^NgqH^rZws@IU z-&Ycvcp_ zI6nQpJ`jPdZiuivB0RVRb-&R7kub0dHfgBQZ$_lkexb_hjf!WLUDUsaB+Blu{vmXc zB}i4v=H}|=6$?vCOTE_>&&^Gb+iD%lTqe_*^mJn2txCO@b<^3MKOd_bmbKk4ydM{Q zxg5{{&2OGy+7TLz+93%+>x@PPfm%j3 zcGW?bM(V+r?P6qTSZ!wq2imkVhXt9D(TFw)`ZPW{dNZkaKp33%OugFVgZ6px)7g6YeBpat>bpQe65pp7&wgD0Y13Pvm$=sV2*YGbO(gQ`sxGVe>t+AsJsecIq%h0D}7&FjSkGnXGKhEH!$)?UnV_&F%G# zhByJ0H0T%A>!>hqge+X#K6LSQ$(tkPilr(eFF1T z_MKiQkn8PWLf_b-U89z`P&XuOGr}0Bwc4n&(TVJIeC&X+rpe6Y+{%uwzCm5^?hqZi zg?L(VdI?sRlhc~JykCq9S?Vn^C{E{vzkfSZ8JpC+D1@DaFX@n`AIOrL=!CbDDFPoj zV#VB#d9nSQ>dm3?u^2}a?BFKA>%EL_5zmdi(vBB=lJuSH^nU(jp-Dcs8t&5KLd@z5 zu9UzYCsGyQ0yh*SBXiZ&6u^?8<>IblJwnoz0-aif{%W{Ap=~IewXalg*v0%oV6-SF z}H_&cKBzJ}A|9hx)`SiIClGzZj)s0Mx0Y!}cAiV7R$n9`m6Yp|}sj3mDa(={{J?6SzN4@~dKjP4it8q*JZYxrWp}vSPF6nf*6u zLF!_qCV*=(P9N1OO`_At_{LBRnWaiUNuz%ffZ)=k1yb%^? zP)e;qg8lH{ntPH({W_XlEp-p!NNzV+HD#Vtu`xMD!!E zSj+Nt3`>^p_L8||S?u_W!@A5otX0WA44VTCG)wee6p>dq*y&RWJF1f!Bja z5t0)37795X@zG7d*0&oh{Y2y44>A!3lF5YdVcyT}n?RRzj2PDq-{?c5-o#%xcU)BR z12zoJ^60i6imsa+rpy?fOX(I`Nzn<$kw-Yq0YM9iwIYTr+A_96xvG_07ijtKG!W#% z3TT}-5G^$w6aiID-bShsk_`=0#A?~wk{1aoHkD&r;q+5LQ+&$j<=fEqjou`qvxMZ$ zNr-tio9ulf1SG(%q`kYw9G$}32^C4)|Q({ zFU#da)nfb@qT~`Jl$6S_fv2*O5r%~nL}9F+^RRL5-B)zQ;2nibco~QxIjn`ahEMWM zJN%N_oMB;)1nCvibbP|9aP5IwJfr}WizYdsDb?gkGfwmKaLS&^WtniPxak1oJ>%-$ zW7)2)$pw(XUXxY!GM&P+e6<$OiyRI={j}&Vm<5-2&m7k-i^0^J9`j+LXI4Sq#3Gk7 zx}Cxf#!JQja?gV^M%r#c`xxSN-aOI6Fa$_1r1q|j2a+2cj>3+Q8-L#!Qa6@O9x=5= zZGwm=7;S6XTUr3=G0{!SItc5st|KgQG>^tO+SPPkL_L;6gNjnh)DVbgH}}Ijc`R!4DJ=Q@F(YhcNVr;ef#)c^s6&6 z5U|;ezi4!L$L*th570|-AP^FFpcFo10jxc3VbfxRu&^sTlYj(U(GESAbohW2^)n}c z=q<|Fqj_7^KUEwC*#fyOaG1Ls8!V!EC_H9%mhuf7SM|=FyI>E>EsY-$tvG=0Knl_e zOqUn8w^B(yid-BagqpnvfCB#R4Tk^l3#*1>^YHO;s;lZRKfVNr&kv9CPKkEs_`sXi zM*q#F~cbjSBJ$k^hhV=FvL~cg>dhN;w~vkF z%Rhi`s1^AO;Rjt`z~jz{mq*FqC>MXJh=(=>D4S8BB7bl5O$n6OpO4~BjPefWD?R9z z^3Bmr)xXtkC1Pa96u~5_xsl=xw;B(7NYCys1shKudrN;j2!`pH z)yN-R&pL?X&{hsS*|1*DK9pa=YlDk1II+4Xjy)2SjfG?!3}aGs3d=&RVsHjM)$be+ z9YVc;*1E!!O3?1=QTeNniFfgEO4@;f!-6?G6Sbs`nWcFsR-NTuAqjUX`%O0e0nr|k z5{oOnDaXaIz1l}I^A_`y*{r9DI=wFOS9b>SMJ;HJvc@TKr1?;Pp_dY7OB!nLr5URp zPQ`eMOpj-pdf$+m7x29J<;n<+zI|~AyUI((4hZrPOx_E+8pq?v6a3?OC3W{LCb-hn ztH_5Jwd5rxm&O^fB@|warw8V@&rFs~_p=#Ql!Sy&KHXN@gCN}`6Mfzx(z0T-nRXL^qOaLqSFju=rI$7&%Z#|*=6?Q6&nk1ely^R|^Q zqt%VH3j_6sV66`@!cGe9=tOEWPnO%B z=Mo6kYntpz&W!0I2cV0YH4<9ulNuTGnoVg$S&hg^57i~PA?mug+6YaJX?Z971x(nF z=d)hQ>~FGesdi&BXEq7qS!qi;>F40vr>Dg082&FvTdAuk5{%O7;}jk;>$(Lu^0aIR z!y}(8ra9TAosE^1j-KN3!R@Xb#q}jTQ^W6f+9Tq(Gq%K#iAPCEXeoK>GwV~Q>7oyc0AE-{+g_dOo2H{l$4d-e3$Pb}bQ14w=Z7)yHI>OiE2fM2_LbZD<=` z`DIm};n`n=_Q}V#sd-ELRri}z)L{G(Q*}W!lyl^cL5GZ(BwpgCJ@c`>0>%XeY5lF* zzXUyjhf923x|B!2%s)H2HMzkV7?d&Uf0;F0Hod^FccInLz-p{;Jt zvUpc^h7mCKJSJCmR)Z0G2G24fNTo{|0v5L6qe%<>%`j~;62Z=+hy2zFKt1`P_4#xd^X5+1>A!YCbENLx0cEsNNmD5MRi!#IL6B;SQjda^cC z{Ml3>;8grW{~>`WAbNiwE(Mr14-+k6s~_@&@=3? zAe$iG78{zDnxhSYbgkQfTs-giGf2n1KDT?s|t|U^BC1 zm`euD>`)Fk7NCIb?FP-48AM-f7W~ zCq2$iY49gt7HlsgM;J#P31yeO+FRWlPsz(;2d)^%C0dmE#X@T1!{0tORs53411qEZ zP1~_^UPcKu=yS;gCzA0kx{`!uFKP|E#H!ugJZdc8?>S@Vi$;P);wkvVIP!BkqeD6A z1S6q@EMf`SgeM#~ja21Yu6d*FTBh7U6rs5^^iMvP_E{qxWooQ4L_aYYe&irGHqCT^ zKvpEf&i=I;TU(Pp!@G!^lVAAh`4kB97-)09c8i-!`@3XpyKq-y1RKZ1G(+~TUcTcl zaf4O1mj~xK)fFVh$1Nm(vpaK$`L>+Tx_qCb&g!4psm*O-x<2R8OVSoY<}Q{m$L9lF z;-g{V!=Vi#SA`O4Lz1|mCLJ=C4Ij(LQsp6F<)f$xg0W(Z&md>4uI_mfzE!axYgSSv zNu5t!-gze|0YM2X4vo)XHFdC%sGaLe;RZKvCnG1VkYG+(OVUsAB1x4P;p~p+)jBE5 zcDw0xQi>SRpMy`qw{Ou`+17DgixJo&b9Po{zv!>=*Oz+0Q)hy>1O{N~Q`#Ulq?)UT zSfvtd7EhjRXbG}`n)Ju+jS~A(et#lO_+N+US<=`lMMm>AoI|`WbFMx_u&?W%aW1Nw zIc~YYtyO~MhB!i5%MG{-&B-9OG1%ZE)Yhk#RKb-L!ezB>r=bEdgQsEzO~MQubMA9* zgzxz0A|#;pRrz1)3>L8=k`|_zpZ{$M(}H0wm5HrWeD+CWhRhr*Va*tt9fhGp<+~vc zykWJcVromq*qR^*vD}()5>p`O?iI`LH%XJXd=FN~xQ!jYo=V!9S#8&e8@r}FaG8d% z|HKd91Pjpm<;%R>rk_NQvt+nSZdHiqnj5McCPB#q@Z+V=sC1hm+K(>KL3-WXQBtVR`j4qC`*nC=_Q)PDCN-zc?w|Eg zVps4lqsS1e>We9#9rH?LQ~VgD??7QMNNrg$!MxtfVWvf7JR1P89r5~o(lmcIA>bV# zn=X`@L9X9qI}oXdx^0-Z0hZ_PTst(-9m&#L08Hj|-*Je!ii~%)=B|?g*-tMBUn!Ds z)mGKkzi{$=#C{!9teHyp^BO|FU?|nemhD z2J^GQ3f1Xcg@Dq_19TgGM^@G5R|vt!aD}&w-H>hL;dkQ&Dc$QU30E+tsY3XOSDp0d z?(d4bL?y30+%6SdoB9$A$t@VHni{XNp>_ri-N4s-My$bP!*~9nU;8He{zmyJY23^+ zU7DFFq)(5D`O0M$cmk|D%zHtN71ccR3MrT;KRR?Q@t!fCvy0e6-(33>`SSz&XHLz& zl9sad0euZ87U2uF=rIT7N2G3FDlV8VbI%dxO&f-{Ha%uB_oB}9ye=kUf~YQ0_9Hy} z!~rR3(9faIx3M4mg7yv1uyJ8#zQM0xe9al3MD@Xhq)zzS_x(t&3~qpL6rY@=gz*q* zDr9!(&*Pwcqp&aJR#P7aC=K~~SX%yT6^dDsM(ltMq!b!nP=Z2RkcA#QxLY53MX?PP z|A?A68G~h7IO~1WV5;9O;}yK0)PCerD+d3n+9#PLtvhIYNd)c}F8dGYzkI)qmpBqF zNB{tDtpAfDNckTXK_zE%Cu8D&p8vq&jQ@*T6db=R1tb7J+H1K{tf8TCB7{yL_B=P= zh#-s({te$9aA)4UugURxU?X>@cbU(Z$48mb2^P(MuJ3Z%`M92*yVGkQzGp*Sx^Q3ol7*!wsvwoOrk0aJ3X4&0jGt<%CY}5tfE{zD`koY~ zj=?F%@9#mkA}VvHA!2d1*u3H&FAB0!t9 zYVALGMO6dM!zhhwI=aa#!(PheNfz>OBh}jd6pZsNO7Qx&(O`!^2Q4^@F{+6{7S&ur z@34TtyvTxsWZ!wr*N~X!sG*_kfgNLR1cI49j7D^Xr=hrx3O`m~edim={Tc{VsiMlE z?$wdvA(G@~Tc>+!mLos%ixtTgKwwP}bQAijJ~^&vOJJGy=O3hVd%Xm?z+V!>zbZBU z?^5mm1NEEv-x6)H(tq*NxIB;5ul+&v>S<571TXmAwV;n&D*3uIQHAGj&jULVP|4&q-ydYLB?7 zo5r76GCxY1AR#20!3XX^X#R{b3g&qcEM~DkklYcPMT>yj)(ew9h9D=lvGk|6QNQ1J zfBO=229qR^q=hzwW;&gmL>YhB#P{&%w*x=s+!#Ewb*Q{?`-<-g4d4!ZL|CSd)s%;J z3j{a+;eRce>t^T(_7s78try)WX|6RW?#tH^y65@_35nqr3xD}{`%wOmfIjB`_+9@) zMEc(()qlfN9se7>rCIZDynPwvM~;!nmeJimj-S~I79KyniW)Kq9oio}1B4hMYQs2< zJ0V`5bY_4suen*JQ=_`Mcv-b`euD;*IKMo?`SQdDZFOa(qS~c?qkB2WaW~W30O58 z9bawrkUtX_Y%Ens%FfYrt zYaa3Yku_E)B#DTU%^?Q;nA;LpPF1~YTQP*o0L7m-Nz}$)pxDW2Ynce!mU0Q)dzAzM>?}1gCb691z;lc)7 zzY2cj?Hc)z??j__nmfHiFn^O+&HL~fGLA1%8nlP!)uy@@MZMDHj%K!WO^Hl zIrkQIilR0ar*br26IRmRHF2q?c6ATzmsif8+04OW7};XgI+RWv)t&xyF>){X2&y*I zEuTk@mIQy4VS^;Hz8CxC5}KcpcME01pH%vG7O=o~5*hsYy*u%|e#F3Acb~nmRSDx( zm@uF4qp@k%@*dbdVlxnB#BL4ldf&>ASo>6*!kHC?c7zQx5-r_quWt++=uqS9dJNL$ zJwTm9WPc?}PsxyYS}T53@zIl`^4tIyY%qx09JH%oJ;F{XxyVTE-H+tw_A4H)mZdlzS&%XQzt@J|=a9X*Ykqcjr{n~+jgA^24|2+IST1U0< zM3Y^1u#rilU>PgCB53a~ITY%BT)@<)MfAD92jSA*Yw37+QyOR%9&VMa*qR!Mt*I2|Dy-H%m6bE5DUx->swA5#fO&nZ}B>VkQ@|6V-s@ z<&rp+vjt<|u@jD7zZyhjY;K^FMTtsKx~-bcnHwK(ALNbonqI5x{LcjCYm7Sa1uWHq zt7qU1d%?{dYpa@H?2@@th%8N02F1rfcg0PwU9V_$!2@RW%EgkX>BGJY;Gb?OX>~Dn zPws0qFu|T{)9gv46iSk5c*#~Wh07%zyyK$x%1%D)4P)K9Z3=rNqh63gpX3?}TAA#D z`n6M-Ch`ZV^n}15M)fp$8a3%h0+rwNN>>brKS}mSckQFkUG6}#)m0O`9pK+&E+;s* zwXA|`8GH?@PJfMQynGsLEsYM|DlhNj!xq9SJoEB%P0fU>EVQ3R6bAV;6t1tu96n`| z7!taVmx+}}ubt{~0(Z7be06D%Q`J*jG^;SSrEKtqO;U?RYylZ^W`Dn&T2xSVHkuLbA2 z-=G7;bit=-v6wxSRw#%zG`|EGwk58l+&LMO5+RI*w!UR@-g<;C7)(2qYI*n({!j5D|feGZ5VG4mndTEjv z=nPZ3z;az@H9xAxRK!L;qRoAVn!P?10Xg|Zi&ADlVl7lk14TeyEhkAMRillg%^Q#Q zlnl-AOJ(U%t6o)e5^&B;2|<-d>A=JW5h2w|h;2ZCjbv*=3UP*d7{!XLd?%E>?os(x zQhPXplikapEd#+}e0gxgC0Y-4 zyVxjF*K1aiIQk0osa`%EO`o35S1im zXx#!+5UEXw-3NU}qF>rQHze7%f4dV|pdFfQvFG1J(vA;pggp;d!mM^1KL)kHl5zU^ zUv^TG!CagD$rz0Jc`8|}A{BOt!{rg(cFskHew9U&hK)^Aq||zss95_Tqg~BYQm`qr z#qpKJHM!;k{OhaI@r%Gr6v%c%CJFdz0Zb*$rHRlXkMGn9&)AJmShXj5^%MHWnSE6u zSyD1ugA~@<1n?X6Y|cy;sVb-Xq={FIb)!C{>~QqfUz^8f8wwjms}tEmRp#LLqs6U_ zmjFWKlg$az=#g}5gGSMILfnf;az(>~6i3;`M`5se1l3Rg?{Q? zYhObq#XfnfyM>8Pyxeh&eiLbbgK@&z;#i@ny!fmEAWtZ%hi-p;Osi%ewSAo7N`Ey( zD0wHP{#`{-eqIodtrG=k@X7r4E6x0y->SMl0(!%l<-FNsTY;& zUEvWm(_@9P;voHutOd7(S)gv9Y^@xWZwPH5CkdFeKrod>ayRHDEqzQ%)0?uPo#pB z3s3AAHCOJYdpeo0?*xRtsXrknAWh^uE)$M%7zZ@z@%=EnJ=skI>a0>5Kyaa%=^GcU zehaz;1>uo8Z^_V3v~|SZl{O(S2=K$79qu52R^zQ3ZF#@+t((&q`c`t6AGm)BMV0E4 zsJAcx0H^R;fO#QbX%74od*=p~4OQOhsV5yBD6pob3R*DH5uxTlE`HRc))N3FO z`gQf$_>CmY5>)C_tDkx-;jWEsJzHPYg*C6`zVm&RH`&H_I-QC?--&Ohr?`3^cQW1A zdw+U-fcsdtkntmbqoXN+@tpz@cFD7|5f~sUc?qD{DGCFYfP%cciTbI6<1_-{o)`)R zK}ZQBs4*iPSe8QCW17BM{*A~WSl)yC@=zWyaL>^25$t98k%?IKHDSrwd*nz>b>1`M zaUYH}X8mpO2*JQCSsL<{@_+K`?~pBBLHgPl9m|$+zoe%*Tr0LA;|BT4q?ppddElzpg0J{6wF)@Q|A*HPVw`A@ydRW4#3ry!6ABN00DOkvWH(j-nc=DFk^Ybk8EcrebGeA*P?@FlXAS8xzX{A|pQaHKX}E4* zFZ*s#-hcVE zz+AfoIhY@X{|7FErt~NeGmeHNU!1d1(WJby?x)Hl!DX&(Ig+_BTfpIzKx4zrNoZO>R%l(pd)Bz53G?>btI1%St zy!mB*=+hf$bIH-f2!GomtC1Flv<94&!8j%Xu<=ZSJ|^WG0X?==_G+v}Sjd6&!j++k z*_Q>OU&fGJbbK0%PLsTK&;!!QZ!=9>DFT`r; za}H6-StC&}^&p|vj}QH3gXlf{m3=|&PfUJ}C`7Pa@K8RJ5@ZeS*+^>fuDg*TXoWQqp`X@UEg;*LQCQ!TeoqGC(G+x6vy^7 z#b~cmf9-l}1rFjJ5J2!SPg6Q4rd;ik z5rTpY1A4^lKa6KBPNot0+(@X9YBkv4MOC6OvH2N4>2CeLv>&Z?V4m@js+iG)cpSo! z7g#BMqF8G{4ybXS$t4c+qPFpLOn9n|CQXZN0|=wpYo?i0f?zjY8>Z^+N;}C>nar1DbM>CJ!w9*jlKLZ--`A|e=Wv1mPG)bOjrd0$# z8_aWp5Gj1tuYxE{JCU*(saI8??tdAW)>N3QsUiY&m4bGK`k0eT+cFyh z_=RN0#q>HSjqHkW{{*qWNAl@T3_RtC52K&d(m|;ciHzTLqH;o0khPDfJflMY<=lCEA=7jO z>k&U!l7MM2u-4_bA!0S&e^2#CJM6YMT$9`SEy1(sI;_&~Ul03t|&%oe>e~LImcFomNX{k_$ z3{VjACH;evEr+lO!zJG5ShwU_4Lhe@R9hgvw*qYS>ax~*%%IvlthR0ZCk+?MXLc_R(v262la#yC zBB2=LP2Kp_*8=}|6V%l@{KgsPA+hU45x!u?b5>c1-;T>ER=t|M6D0NDL6en& zLh$qZlqHH0OfQMZiN-Kxd7-Fg4gdN&XLC_~$(hNK`u4v#=JY9E$DEKl4`#gZ|HnA9T@;~+!L41jCO-dk>x4955#W@YHjRBt4%VO6Cb`!EC;)`0uzsN1K zf`7H@veP%55dn3^qSLX;pFzuTh67rzFKE1xe^+j2$!0m|4BC-V?JVO)Q2*r1y=B#* zvoxaioG@^#7s9Vlp~<#ZJ1OhScg?9ZOnL*HnYmF5%eE!=W?-PDX*83wi(O%{1cOpP z>SEq^2iV4)bW^9_bzG75e1$ajXP9HSVG5XqX>vhQ<$taSK_QL3f1&w7xB&f`yW;p! z-FO!&PgA6XRK|!kmvReGnL*82P>p71?Tq)g{MQ|+er85^`mgAo|KI4@|7V54|HI6N z>E9b9T1o3)O|3sAG&*av)(9H+A)pm0G%nq}W?lsFSd|Qd^!L_gWY-DTR!m$_ACX?9 z2rRs3oqQ8+CdDJa4jRU%(jTWecH5`cb9;Nd!R+9Epd-rCt=B_>Q5vf^$_`6{wNP!C zrf~1-a4l*tX|3UEQ}ziEZ8p&wVZ7k$xVE}FQvM!h!Wy^tnx3H9hJwzBQI4vT}uN6|2g@5Uf5 zqiFf(XJy{)o`PjXY$a{eM*y$;Qas^bXsA2x<)8P7j`uU0V6&?`*+E32uHbA5MCOoG zGKL&a=`u}aVt>U=_VhBz&+q3>r2fds@^C>v<RSzI;0_iX#84#8j&*NFxrUAXft*eL~@9-#)zGSWTcxk9}M??SQ4bQbveOA`hy|9mK}wt0+XauGQc4&ATY=<4`F<2OWtQ7XDr`%IHBOcKG|+ zT*@u8SFQqz<;;On^?m8Zscs02?S!RK$EPi2`iH?uHH&pw6Z;D>E9FqI^8|}$&p;Kb z+E&}nJj0P)v%$BYrn(N;V*2fhJUnNlr!7HG-9?0LZVpuV00zZen7VKW?xw;*R1zC0 zuX_&v7isStT>08W3(v&1olI;S6Wg|JJ2SCu+qP}nnAo=SWzKnV-&5zFx>aALc2)L& zd;j)&x>v96rx(aE`r?v6u?2G74twQ94XGnXGf04>BRRgN0aKwuH#b(U3HM-ne^osI zpB+|v(UbERXss->w3-7kL;aOgM>%;lvuuM^_I3QUQ+=^wAu9sl%uV@#^c=7Px7M=_ zg=!0qVm3!v@#12$MTI-AMWt3qi1Y0XzeyyI2pS}h;7TL|x~}>#u}8ITW{+MDeJD`! z9*5a!N_i%`jegyO2#kRs=G+A6gEEx}D;WdERSI&fE%o19UC&-3&7<(zqGeJw9=Lao%svYc=(k2#0l>NYZGomg6$;FBEnnx(Tq!GrN z)OH&^wSPpJD!OQ58Xiatlb1vkQF)^$_SO&pu{0E67$!2G)|^-s)i9h|9v(v^%$wlC z>KThn4Yg%&b8FB;srkNC&nhvC0x5#Md-i#wH9P=Q2jZ#5_-H7CqRHuIW|dM1#+AiE z;}bcC=LnKSMId<|%WrKLMsHNg()eJ@M15y*8=4VM2)$LEJY2s6vxwmmBz#7THWawX zbn{y>5cWWyLENf>vE0Sr#jTGGnz6@JZOBdk`BGdMrOaWF7oD9kh8W()+OH|X2)mT5 z6}eAD_&F1h`4q^&Ea@~P897alE=eqADReEmFI}eJB+ZcHQ|{}+`!w&vBHFL+ z=lY%2%0c#sM)(3{raIJXS%&L=u1Vi|${qIY#*o>ScS-!r({KN{Rm`a)Bf)_=)-|ZX zu#V?)*pSyQZA0IOajzvN?CqzCtsAi#D6Pl_@-qtWB)~1d&!>a%k8m$XTM43ZddgP6 z2*a|Qj2qM!(7Df~e zd4am70+V=RK@&A}4nF<*ln6*k{fq+Onx?B^N_~Cy7r4~-uKf^l7IYMmC+LvqyD_vY zi!#()%ec&LwDhb6(Kbn{iohM43zcVQiw+vBrm!Yj>gQ$=7@T%UyO8gPIaf1YJnd|* zl(l|T^?1%DGZg!k_yM+Q@Fj;c*E&)z)xpMxn^vBiJ53ypiTi7%A;N2eA+x63-k5io{)- zot8BfN2MOKz+oAW`>(jffZsd#ZqtIeC67MlGy48m8n_(@TOjaBh&ABxuaG)?JyX&!p&=tEHEoaakL2*LB%LN}T2>H^4Fy z;lU*R$W>ic+(JC3jJG~@xFzwu^1>>iOPa`+OsYX|2qdQSMs_tSLXkw#yo z!lSL9Q((E#JW^#&UU4d;vZo)IbNZe#k^b@oVKU1=oD#WYa=T=KU(T94Tli!ahiO}g@s+MYcA(;mV4fH9 z=^SL|Z~FOVyxN}rlYXN7{~Z}(`tw%^S5UV`kcE4P!J{}Ks4J$@QmdY^vuwA*O$2)Dyoi%`}*~rbSKTSJYUDOrj@~XKh@f3BDuEH>*EnT zDW$_G`lP-M@PJy+1IVFJnf*VU49O)%a!>hhNif>;%ohvTH(%%G;F0_OzOZ!OP3 zW7uW!5V`1GPJXBYXsft=D+_puXqA3szbdjMv4OrRkD{WIn4{@6iT$+{u;X2YpRqFWxg0Ii#R~!;ORDH z1Uob4nN1apvKvO^USQmmW6liHb4)j9l%{RVK6^rIM)_%}a!wpi+m<4GZJ2Y?-cMZP zFpi9Ixf+x=doA%L#^L)dMbK1gpXPOe2uGG*-mhcBEcy$PnV0TIGrv0diE)viJy zhX4hxyLximjE{MJT^)e;fc84ep_ep z4f4K2-*-c;;x!Ku)q~GDoxFT^79b7F%P*0GNd?5W{lrTd5y~!3*lC>#-jOLA#Y(O^q&5 z?ra~zaA{sT+yeeG1h+5nI=Wc*HPoKY31(Zlv<-I`*|^Np=ib!Z7xs9Njp^LD8Ejej zU}S?`P@h_bChyh##%Lo_+ER1`qEaRsP{Wx-%Zb(|!I^Ig$f*UznZMDp2k*Qx{TbI_ z|FNv*`F}_=y!Q5vmNvhQWR*;7v>Fa~$YBlloQ%{1O z3QC4PC?|`2NY>@CE$@ajI`deKgsb`JsO_NI_LI&?_05xm(d2Cems(Kn&$Ry|DjWng|R92m4z$$7HxUWWV2b z1rxKFQb6`~gGvQz5L2{b9o2Sw)`EZ*3d?x_MZmkb-wZWMyHDm`EuZ7IKzqP$0u*7? z0t+yz&JV*hZ{w8?^y2!NTuuKOs{)J3`{f;J65`6N%ApR;~5l>9Q?m_48JzIZ=Uo5}gMPIZ!v zq4*2iTAo@9h<$^$Oh2mD$0dKYsFzumVSu zR!g#5Z?ttB<>6*pUwoO6y@~3}2n`7(=Wij3XS58swsjuBZNjx-y5jg6nX^Cqv-`+T zzdPzejL2&HC40(~8!Cv*sTUp=L_<9FM{Gp$NYGXm=5a7j=o1aPT(qf3tD?yvds@0+iZh7Kmy2J+T+4u*FB`dQ)?RHYGR zk=_HSXA`pH00dEx;qs}(4eiYZ&B#K?_H=&&dD8Nuk3{JPNE8yjQ=lN{PG6oz(q}MW zi-ZzwGBzJ%oN*j*JZ!wb-@KvzB%=i0>URKRNJ5^b(WCZ*;oRCIbI$;VgWhJ-@)HrQ zB|`j;I-2;^q1HGfUYP&|$S-s`{&lb{Z4?zXG1M9e3R$8wZKV_=CB3F3AX_bdF2w92 zWwpk1IWHgBWy7)z3=Z{1eEF^?<)_T>8jlQRKQqYfa{qP&uZf6?FKi{f5IMTDb6r*)JK(-3tXFbh#8Vkmjiji6z3W5 z`SD%u0zLe4A2^JqxM|I!Cm6b?&bb~Ulb63;8Wfd@2JCfm6TPv#Y^Aw{zXMTP!+ETB zvB`>c?R!C9YZ{j=HJdzYCQHdnGUmY;E&g(u8j+)@e#11#2jPzB;SR|x4Swh%!1=GA zWV&!{;IP%C_yIWZuHdq_ReSIk>_iS%Gvf_b4l}-Hr)obd^HM>WW*zBJ2OC@Jg#ksh zo8{OvixpLS?996OH4+1mv*Ts3qkL{^I>X*x|2b^d;)l&X7gC20?j> zY_l)D{*Gz!uH7dLJB{J2)C04W$^whDlhi(XNUlitN4Q*k0=Ew2` z-C^$%nFeqN-diVDPs`aAv{R@$I|6sHmAy|!z{YF?^22T$vQK}83q~l3uyL<&Olich z49$>!yNEx`Sz_Gx(Ga`gHYQ()nYV#(V9kwehIJtE73#{YHrH|dc@2Om$`ht`td={+#y-@MjGeq*YQSE;@=fB!F z@$%xIz;eI;8eFzdw16D>kc9XUKSF|xtp%d z$Yo0%t;_zpO3%Crg9vxMhAKf&pv7z)fICt%KHxVvM>VI_Z-Q-eR`v!)@Q&!r;_2CU z3-p?!m`OA({H>_W)Mf%y7iJ!1s1|E{iUlxf-p2m$xRa$nbcM2aQmAAjke|CJ5Ym~* zqTM!yc_+P&gHYdl?L&8F2~OR(7IE1&bS7aUUpss(p~MoAm<3zYi4xnYnf8qy z=wymSWz8nTi2)`a%@M<>@M3s86=#}WV)g-PRBJpz6^l7UsMKEKi0MLwJJ28PzAr;5 z5y2>kR6rbF6M8_5=btp;&mh~z65_-UP#KU#_YLw$wn;alT}e=Xz=v=KWQ_j!iGazU zFtMLf6fEIP{9Y@8jszADe#9&~bBt(K#@hcwXk$&AM!Dmg7SXd$A7|ASW)(N!f@m%A zDf@X0p={_0fgRujP-mp%6%-MBC0xE}VbBtxWU~M;(T}gc6S1q)?BZ_+`lWxA`&s@L zvY(2|e@qz&|G1v@Cx|U94D}tX?fxXZ@k;8-n2Jd66H&CZ5|DdpyktsMqD?@QinK@} z@Fo^`U?Ta7Ctu{zlEya2{P@~m5It^CZxuBy$(*QArMVwTUP+EOVx#((G(-G@7lo)O*&jOI2Clnoe6zRq$G#s1DLLdXKeN^E^-Z!I- z^f!~(K?DwM8l9DP{e|#jy|mlYW1w=f6#Ugc4Af#%{Bux1$)F5ksAZ2W;2dI(h^5Yw zD&-1_A%#(chFFHnx=b}C(bnNPV>Ia*$lDos&d=~j>eJ0P(Rste@IYk7X(0y_ee^O% zDj?e`&Uw&sbQUVbY2UG5Xjoz|h<8fXJ4D7s77wmbd059XCW|5Yw&tADWRzI+IQBlo zh}tZo`zDQcvmCQ8d&4-kUN7Z2#FztMaTG3j9?Q;kBGWO!N{@YIB&1^xTq0oPR2q?u zf&IwD^ey_#Lh3|<)(Obu*vf&|nM(=llX=c^i{W_~`2%!Yj*mt8mJgl~U#JpHDfkV) z2#k&ke`{!UM61uJML-X>2|zH80NRm;5jsmb&refapH@~KXomC`H>W8wHZOm{>LP~qqo%a57w9~3<+Ha=c_&yQCFYYVD!(8N6GU%qoQCWgNER%z&wyRGg~xb6O$l>@5}kQjNRDhQ^F&I19J*7_lX z>&1lV05TB`;TzbNC?9+WszIE@ZuBf8vlM16TW+Sm!BrK&EL<-TOY4B1lRQ zQd1U4E4MI0nl!v}7FehU8R$rIFqu$UlwM33{#dCf^prQGO`v}U2VfHJbzHbp(Ar-} z#1~A2WlGeZDO4D>!h019n~1NfBJ*e;F{`?>^=tejK5mvB@ikI+Vv*W0`0cy@%7&)` zWZTbcps&?|pBsJ=&TGmcek}-M;6rB%VF)RNJlzwhrn9-fBJ(y*X5(@l60I`TEd-LD zolV~8&wbzcG}k*}2eIe;ywdErp=;N<(*vntFzDJ4spieqVrEE^2vp#HFH3U?xpI`t zyZJ?tVZB{?+T~{fOH6!QrZbTeixfWYaQ+4JQSm0BV2gXulszLVg7UC;R$ujA1SL7H z05FR^uR;;f0Ny;^zHi!sE=ICqR0v<3@=_Y`E;5LyZrTEc9V1VlACFW{`hZf5@-+4% zv|Ho%-c^J9gihFxKQ6ziRr4Cne#T67$p16d|FwXj{lCRcUCaMme&aRzWX*qw(|-m` z|EO*;z)xZNqprbxv84W(R{$v*hqKA$UcsT?r`}Mr-9_xADbJubW*p@>*Y)zN2dV9X zuOca9)L7;i3q$hLtJ}vHn+Q$VRGbx@2H@A1vMT)+r4*nQep5rSh%&d_gWBLUG4J*w zTB-coB0Hv;IVNKJnc}fs0O3X=L=)4P@9*qBLGnp*nqYGUa;RyowLsWLYT?FMn}V>; zww1ULSd=iq`I19)u5C-WW@2o{obE&c$8WS9=o+p|@T}t&2oeyv8aj~rL;KyG5z;L* zWnLLB^gn3EwSu+Hk`MYk8~6P|bHT&YyS92d#|r!VVve!DdP7{0k0|y-WFpVW7`IN2 z=>HvzUN*p-36`YcqAK41SOS$}=-il%J-O-OA~6&pMePS8qIdx z486whZHq5gKv8;>ctCo59`xbkF6s*sNjUL}%J&wd90#Rh>qxpa)2fyl#i3j;p~JvJ ze*V?|Wf+=nrkLf+>`ynX65x1Y&S#dI6bDQ2F$tvR`H-%x%4x1Wr?8~Spc0_JjzRF7 zz}l<6-S%PyMDPcwB|>rk{^nd%{-pVzh}!;q{olX&-(&9YS1S_I|0_w$t6R^~BE7FU zL5l-Ytu`f${sgd00t*ZEYvPo#oRLAFQF=Z%Dv&%_8WQF3LJ`3f;k*QVlnvT(n9*^N z3qrzu;rP}3{P@S15T_qcB%4P4C=;rohO_KojV~sQ6@3#THDIm}P7{qp;sX&rBsR9)@(yv$0e_W2sm>SQMqMsrU0{5Q z=2`PHIZfl>S|V-{_=0JHy5=}2@o^>NJ`&C-4QLgBk#<-X~) z@s4Rqx}w>#3z)YBhODy}s4y){O8aXxm{;v;{;35-P~UBCB8Dt`@re z-MYr@*JqjjA`Z)LZ{2;Uw2QIHizm!3G+gc#?hWva2>p#jzbcl-n4+=dI)&{pUACeg zD>h|@Y2eJVQxpvg6(84vNVUBcLbK*!R%+k(lqt3R;OTrsVhODPNl;xlL6+~<7@pj@ zy$6Wd?KM(*8Tqcr3+=HB?9Q)-_lztQXF~WFrp9{s{j!hJv%jK9{ z6o0Ycj;~s1ejYVYuvl2MUn8H7LGyot&R-uC>pwiG-;&iI9GUP>wS?c=(ni-#_rE+@ z{*OsLuG%-17K?0!J{l;&A`7w_6j^;SkrW6&l@b2xU}+;V{^gc+rrGl6T#sqcFmANW zH`xJ>RY`pR0jAXDX6N%{`-6<;o0rMR%r9at6}kYf&}6&vEDl(-FP^?yxW?s; zWiJN5zOAxsJJxj)E!eWz%sl4 zu0zw?Cfnq|;*-hlpk%*f75c%6Wp`U3KgWl`^}&i%%;9Q!Es;{(8m00EvImI{QE-?U z7g`o9pizaFO*hE%Z1X8fUvrVDyUu`jN49L)Bh9U8xk`kly*~Axs7K$LC9{@Su0e*ux*{6S5`?JZY9&=Vjs4ao|uPVgM zLb$JAyhwMFb;~VH-m|zgnh$rC6s-Zq{#uMO`q56$x&oMU*^d5!yw|@B8()Do#qzkejg^p z;At?P1qUZs-b;fd3{}9vJlpGJKItl1=xV5t=Z_u)+^+9~n)r8pHQ477W6r+SRRuk> zi1i~fshE9L-w$w$ca4&u@@LV1a6hIx>TiIp3Wc%`YelY%WpLTKqCEkbOr)0)PB|rS zo~VYS$`z!(&^I?6fK2;|_(hx5xNGgI=je}0Tn{!@<8L`!SZj=40jy%5h1mSUG+Ua| z)sq)SVZ#m`I-IJ`&o15p&zNaV+sQaG%#5Fq`G7rxDoqT~RY4EFj6ZS1hwZl^*OoOY zmghRSd{>o9=mqDuY`}?CbVYueb)vu7iqbtwBdv!em47NM7GNX{5p?zYa_5k78!9qY zxC2qXZ+h#qFM13q^aeI&f`zZ^!G9fUM=3)=rxQwAVkyzGO>XsFX%j(gmxyi$Ef-Te z+QdVc-1{LWS|O|qYJ`+?luXL?7}I{&1f3$Je23U7`oR(-QLlKk$-d1g(c&Sl;YFlB zmtINnMQM?OWk}>7UE8gWI4X%xh~oSsM5+D(qC$3`+}hdN&iv2J^e=v+ zFf8|}Msv{w6B3q>6$JqjMEPYarXk9L$d&-80p}~8rtBtjo;s+nV^e9qASU2$4gg!F zp(LoUKl2>BrvD_2Q?!kCzi7Sau%E=9;qmf(g4hH&CyMT|fJn4a4W+QvkR%8&SJPO` zz+4$2iXN1t+TU(M9<=n1XtPtGC4rMP#)0TVS&ucYaC3vSny$fB z%a}O`U_eobqlqGG(pp}tfFHUwi}=R%s|;a~IgzWBJhOEpR=1D`-E&ncs7E6?5N$&|qMW?c?eL6?sl&BRph3d2zD%_@yN)fYe z`TQD~TgCtXnNL4249hIP-Q>l|?+gu(^grN=j-h7=uN37Q#JD(=c z06RPDsX}?rGr!zK?9}kJ8;@mbIGbz9Qd6`$zEN#5V9a;vVg>7ObO8`UQR<26G`4R!{Bn9a&f5&i!Hn2&|wKAlpT>){Fs(0Od{dhVidXsgE3yskl#%1N#H z=1?%jZ#oA!70P}5PCWS~s7#%IlJ1#+Rf^3Iv5xW8*$f1aCi=E=MN+2dy(+m*qYQ+_oOmZV-XV{a7p5} zpRq}M>yBZ5d9@PmVT=LjhV?7hJuwrsB{)2Mr8rDgsE$sRZL&(e zL^{iK?Etsn6Q#5K54kA4%*RM6=wi&K5x0mK+=PkV2udNs(l4cL82Iy}Vu zT>eMxYDO;151CJ;>IcixxgLcL ziMJ%kEb7cwdqGskPBV=&E<=?uRC39|^H*nI;tPL*i0()_!i|Nz+dS#`JL(^UXS6nM zPU}~`Q~?IPM@^hy`8uQ$evP0_gXOp}u{gMIL=D7&9O6+auGOpzMSQmF!MeIeAWwthnBER+5fuy`mK4kK zwksaOK#DleK70-s6CZXR13;0TpRg6eK27T!SLd{6_c?2W#b_WSJHaidotCT#rh%W_8DOPT| zB&k6bk1}5x8Reos_0>j2BSEZbSyvPz#`vMS%_*lybIh1Y^h#nM5r zAp9zDuH>qXqJ6eL+)0i$Zpm_0J0@=NzL@kQj;)+)v>eSjiN)<`H0 zU2Owe(iO4s(?X63WP8C_fIGYh>a5Hp#e3y3$|%bz+~Z`0{Php`ntI4u=zM05zJC<5 z|9;-*&r;_9$Q-}hng5mt!sRu8gO>|%sNsaX4z4_NJ_IFU2KXhX_}+i24~S`{fQB1- z6+Qu`)xatHPTQ2g%;OUDF*nQ^MUO(SrggcQ!FhtqesZmq=ZELV*DUXJL$s#KKxi&b z+G@X;U`I~IE3j0M5fE~y{iIR3K1F2#sM0fTTzg@=&XczDTYt>62{`_WM?3@4Hg%w3 zAubxqd35r#?~dv3Lk|SP;U3yWQ|Lg0eC#hsG*W<$*Kz{wn<}7OH((8emj!98$G>_} zcjejih8W2*@E7kruFMz@!5oJ;H{8&&VsfqZjHB?=S%NdlRzR_Ir12UJx`b69HcNET&O+;Ip10c*^YohyQ z{7P?uR-m%THrj%yP*Vvo-J++2WV2AWkztvtx;XVgSICi}K)*?lu~GjOdoA4agzyAoTw;X@j;Hev;0=}TXJdT=&+31G_t(;p z;vXo>pYuU{j;0m{|E`|nmCW4{2a&xNwM@g?ep=!ObrXvLs3hzKeZdbeXWzmQvEaAx zIhm@{6gPJtc2ia@$CDb$H$8vIOUygsdYh`;byWk~8{R|2eMbEJ`?k`-&>BN&z6XlK zm6Dv!W*u;Z8upv_+onaHRirGuIwt%FQMI2DT8zm1%IMl{_%6PIP+_ra|&pWge`7Lw( zz*@86WILq@T-}RNKWzM6LsPDfJA-5C9){;?&SmUt&IzTOIMj|rkOkf>N(z`-;z_jD zsHz+sev=-nQnMMRPyK7MOpH;BxKaM0YK$ast2zsgbr~d0el**tHgSg17DN5KEwr`l z3Tgbrh=gJl3Hd-dWB+KjM}wrsx8WHs`~G%=1q;j2D!~A~Nsz5&`0^A4wWKBp91BI; z>~z3u7fCf_+vk>$Q3?AVos4=bo##3U5S+BgJ|wcX4YO=ZHL!kAb!^p0_MY&JgxcBG1`>O9x}yZTV(f48j3HxM^OtR0rxvrig=tDty0)}-!e1g90Ge*V zh>X@tlo_SfYI>NFM_>GLu+gDvix?d;=*dSZ57_T@DkC`WPe?ZdA!6Y3gOO`=*X%rI z?V(z=vZP%yPR5fA7jINy0akl9RxviFuc$ZVt7_lK7B4#@U@x;HA}^~0q#Zm$w2vQ= zy~?*(*tvTT2IOWPkUe@gH*t*BJhQpJY%H)N#b>^U|tqbi5&BZL?M7KGPt; z%~x}*_+%PVU|`>kyJVu-ZB)X!&01j%^ed3L z;#x?P@z;_d1s%JVVF@vVtaDGtYU{YmuedQmZdEa1W#lnonTG62c!j!FMtz}Xi&-JF z@^HLm12ATm_Lj$zZLTGuXHzZqU7HmZcxi9q2jjOXjmc*=t=Q0tMm?Fk-sA;rRDx51 zBT2ziM?iUj?*MxcMm$h-ro%B*-#WsZRTdk&|uUM%*k3Mfys#gG?FB;*3 z?FZz6BxEXMFso@#5c^!%?{aWBPp1g;JbyuoRES{<79%q3MFq{QtXaWB@-=^NO$U2Q zN5mH`y<7DdqqG+X3LJbPLnHQ;$;^mwZ5i%dEa`RlRHWht^R&g=8^$BD+k9y~NK%8m ztqnw?28LJ_G&Zl>UQ#Et&HzRjwa^)1j7^`%F0Z9F$410xyd?Y?Tol{FzG ze~zZwnGuAqx(eVg9Lcjsi@dJ_` z$YW3bLSg+!w_KK`22O_$l#t{xNgTxM2ibuavGBmh9|@J>2$%Npvj{QzpF7ZhO{o8G zGS$E5X#OixA*(=YL2TqFkW(&E-Nm3`BKXE6$#{}>_ceN_PxTu%E{libj`j^4`r>xM z>fMT?O+uMlil=V(PNZ?!?>oO68%=tByxn2`B*ytvs#@)u68{gSYR!1)%=X_()fDy( z*T0pj%ul5Xo1>_Vq0HegN>#0&{=EQP12zs2y~k|9Pn6!BW2~#e+4*OvVrF2v-PQ&Q zEx}mtOLvdWr~|!4OuOGoRmb2&T-@LnkhlD?>?R-1Qscr(#(W)atdRAnY{!<(h)I&| z_Jht<1UYHS)vfa(4=%LOEd>|193^x!dtWq^!`E+$Yf!P-E_K_mtv^bw#!_`>P2fqE zPo|TW8-%H0zh!>Gv`3`?uhT?%^ibLYi*}28K{DXj;c^7sO?gcb2O%4IiKTM2O zxEY}NO$mF9D^C15k(35eBJ%O-W{NXxoIW@MTeqTenO7r*OWK0_bG_{BNA*QG}L)!#} zFiWkwY5F-D1>NLFASgP6m)E<$le>Q#$L%NAI1YMGOEhntVg-c@ZAmEgJnKBvfBClJWlX;> z6m*!vWPHC|`|y6>_`qhoKl$T_JK!e0mY)sAEETIi4Znykv4E*kcbbno#6G_a?Rr?{ zu03yuw#9%an`%t2FPzU~3o`7LNVopcQ@D@y-VF!vuhD~8B`n{C5Gl%0{Phr8dI$$# zX<#4omRdbSAUCNivbhIURr2ljVu7E*?We2k-kh z-Q!ySdc$?Cxdi(;hrF`71oasU{t2%9U#fJ>Ktl2f>5>&FV9|Au1;wkF!%PFiM8@T- z?1e&ZSFT!}h07SVd#glL#s-XoHOXo>Mz%dR=~{NcgF{5}0|D|9qKh*W03;`b)VcJ2 z+O=n)0PB&MNxKfQ#M>1=C$r$@ELUriU#8VWyerH~pf;z^Dy!RNy&IeK)IUFiMH;>u zN?2Jj8*r-Dm6{T0vuI7bbt#>>V!XvfoV>R{`+GCiNy3C}Ix+0Y9BJ*NcXGVIj(-MO zfonO=Hg{_a8}6`j3ivHHc}&+DC@-_#nls)Gs1SARf<@$MyxUMbv7;-qwJQohwDS|B zL??~VH@#}WVAod1o`(7ZK|AG>uZt=3L`ymGxf+}jaNf(XU(Nd%>vWJ$>%2yzRvRxg z3#X%?^0p~!$lYv(xA21tgw z7E#4_d4-1CUEW_b9V5pPsEtVS0GCNT$l*+n>_GJ%S}f?gRd!!dR+&&%3$NKlg#CkR zfe=`6)~#8T5UWJ;bi0fO$xDEG?(B5Gu9PJ5oa7kNGwoYP<6M~!Ad$>S@s5htAUZWv z6{Nz5&kUeG46kO?K^P6l=arS$Yzs7J$SyL+O>!w(l$Hd8{ZN&Z`nb8%u^gU~9-8#(pyqhK$$-FxC__*AT$n6r(TsTygT| zL89N0lPM59@Wb00RFVPEdLUKkRrkjQg#)zTTW_wni!)v|De9e77jm_EU z$NTd=_IKn!^uwhI9bQklrQuCvC&wgm%{kcx+3Bkkd{077cq|6Ov27y$nsaU2fW3gr zN7p5D`{kNdYQt;jPW{%z1|&0VlGyI>L&RqRn}?F~2P;cc&<+DyDXz%T7W0Rfv@f90 z+U!a!ghb*2C3B5#gu7}~8?XdR_dvqoycYr#Gi;2QnlBR#8msn{!Q^54nompnfHnu1!g63^VOg1Wj3wXuD(F6g8?;0 zx0(!V5{7R+>ba~pz}u#rN0T$<=rswAL6Rp9+lydMlRA9vehvo^os(8aS6g_#3lodB zY#fi_5)2sI8olJha}ugqlmg2CrH$5Ne45ma83uOZ3`dnbsh{p+{5!;C@f#8An5^|q z;lee#(%6yY@dnFBaRl^pGs@vT>Jh30pFCAwJTFD4ksF#wdw z!hG{b#~7hAeKR;d1!54CZt57JA5oUyPrvVYNkD!{Xz+LR&7vU047v$;Iwv5N^DC0- z$Z92ugbjj*)0F$cD}pa|XRBr>?vp7t{AC!Z#q zJMMmT*dH8F;Bvadd`Z|W!e*Bl0YSEON{U!USg}mf2c;N6*k9r08k3LznW;Yrk!C*V%E|+Z zVe?gtb~pgDdEH>pXpM49 z@s&OkmkOa_MVG7LDntFTI= zrsm`>2T_~1wpH9EF*q`ZL$*P$=9-(U2jW9ZvRu7B?7dxOq&s(lGYikX$YEmDFBmSg zC|Z+1ZYxl@YxQ{%?W$I~C7vw5I1ySuJQh#@v!dxrzg{ymUA0*0I}*4rROV(IQ#J1c z161Yem<>#I*2@7^WkkPCQL%rUqGprUf_-|JwkrORY{iHGbGnI9Dd$VtXvy}RO%RZ( zkKK%;WUd~$eU1kN4Kf_HGL$L4qVV3p;FYjnUiEDMN`wGi3??{yb9c@pAh$-N5|HYX z9q=6wP4>5&>fPc{?x&Gzfg(EI$SR`nvHYW}#J7;{QsN1x`4mNB9I6hRJTJcVR6eoJ z78)9wnVO6NAZa(iv6pFY{1!Lb-W^HSEU;w;pen+eBl23_+x9fyab&Xcmx25Lzl87 zsmqYP1gtZZa~4t@g*zCjND_WMLTixNDc?#mm`xl#ceh?;L8;tp>y*PSU;{|O7D|B# z@$1#cV%JM%`>y;gG8WVObZnmwTj3%J@>^TE(3GPT38YFjVyh_zZCZZT3z2?<%X?Re zJ0L+1XP%fQHodS4X&n)@7G7hUBekbKrtk~Fj>Q|9A>^&PrErj;>dY&`Q;~)VyLY0q z%0|&041{;n1Krr^c)o8LR+G`*%h~6T3+~Oz(_YT4P@ez#@oo-47+N`4n4QOfeoHPN z(ILSE2Yy!Q3B)+~gUSlxZ4Dy7=fFVXArM?$r@akx!C(E#mL@&K}u zLzhGSSVUilGhcBOM#OXTP;}e0jL4EJuh?#3ajr_@^DXj%LEOMX@ScP+ z9dSjHJ3NBqwkztY`nS!#&W zm_vBR;8nTP9>bgC)oD*_u^D{IbO_I}lE@!O)EO;V7BA?<`9@2qhs54$7aXr;LD49?mcJR`~LW9?5Z*9PmNJ?uRYgXb3QO8 zaco;574z1oY>mCbsv!5QTHudd@!6@G)%D9wt+t`(6O;1U0W=#JaG#w)<0IQB z_0=IBGo#j8=u{k>b}C|`X{ZNvzbI*!VVoQGYgzPudnu*Snig!))iKKO@!=d};rmKw zq{qAwsD{;t81Kk1cN($a0ehc71cF3DOhuR;K0mILrAM|6J6E=St_-evS|*3G#^R0K zv5=Jzz-#qLt`t88jRoJIJ9^Ff)CT)|+YAf-dJlq;*ch}B8Gfu4!H;5ZQo_B)Qu0%? z@(UKiE}cr7>>M2J-;I{s>P2#iALwRRx|E%57x zFeGd-zv6Bc6~6BhjHcEW#g1KDKSje%JGtPRrxWxWBj?09LK2h~>>6=ID4zlyD2;5HmomSkS5JsN>0ULhXa7+2B`$rf5eh-pI*V!Msc9^{+3EPvrbepEQ7tO zzcbf(sZnm-X5Ut2c5~tz_dw1K`$2=`VAREiW_nh@_l^C?r#e4;9>ZbmiIk6QkIF-L zX#P4N*xbYe;WHdxDdt%gf*yB3utHZ|o$0B0`Vy!xtzyZv=~vb@eMhPIhI znDVPD9g5%3(={~74ZiEGF-xrZyp)n#%WZKH!qHdt?HX}D-MJJk5D?_3fQ>#o2W=5W~5 zocAdVVXA5Yk`%$z%Q4~5Uj*%5HX|Q%U}LO*DviG+3AE^MV#9{|qQadCbzSPQKHv;d zt2<3{C0});hje46wr0#{HIW+I0S78?gfWDJwwkmBx6XD^?~}vMXv!USN|6<{D2msB zL{5SuxrVvPj>cy2S=Zy^?v|AoFC3)=Sdg9oGPQyRRirS==O=Jr=xCH5vR5KmkS7qA z!@9GIa3~7nMsZ&KKtpNXr0AW&dpq4%?d z0H;nKnO=))uq@`PCIqc#gX7LGbrGYCsI3nmmFZgFmgN<@oWn7SDu;Cs$UK692YDZ- z;ax-YcL^@aZ)v6vF<2@PS5?#}1$<$h$-dK8gB?@`-0j6zTuCV4%<&~OMjWFP%#A5I z(y>WjI=18(m<$P6eOE)nDe7(q=2l-N(!6( ztsOHWmH0uxPqLwn_k8&~2^c?J*U}fd!T7}9V&_MG27pyA*tx_4wee010FKBgZ(xHC zvhF$dV}hD02%SOea|j^HtU+z6yw(q^%kcp=?u(QwxdFKDO%@0917pA~bMtU+UTP?} zqH%Dn3c!)QP)*x`Xbaks)2g-Lr} z6{!_sfBpV|qXJ>6ru>9>Q_LMyLjPjHlR1RYo(qUl9Kj3X32r`RN&`56J}6NT?0}`| znY(I;=jYMS$9vj|rkIAP(4v|10w2Uo7+G3o+u}mE<2EBv{)!U1A%Y5>>K?r#Lzz#7 ze!)@&f17#s-W@6j!r@&`$i*3}4lL#eDJ#^kdxt7%036yGu zxhzTh4)DCDYK5qmc;mdbJe6!@!{7tSC2O+=+dK-hD;0E46l4#5$)!-%4)-I7-lT!` zUU3*OUN`l+u|lGpk6WU zgwu3|NdA0NDxo<5Ry%l#Yz-O-UVvrQf&U~>2wL+zjUo`}4vzrH(QqEGOUeC7Zp~56 zdhrKq3fhv9^)tzgnyQWN*gJNRQ*aw?EJ-Afhi3M^n?yfj`_y4=C+yOEOr@d&et=J? ziQ~$UK@1pxaGA)ln;3)(LGx2WcQ-}{l=IG}6te>$vmgk#3MSk4N1Fjl?T2qokeLBy zpON9dN6p{9C(TQwj7bR8Y%IX;0@WuUrVV&@fb9~3r!96x=5>{-4FhSP z6XMpR(;2l}fr_1hM(h+1SznQ9YLr{wX|3xw9)hP3xxN`g85$!3VZ^6^m~+*3-)47h zT`B4pi1da%B#!Fk30|V+ji#=+`R~qnLz0>O-G;b zshm`rfi{@Wg0wbrr%%YChkYBWfR>na2k{_o1ynu(AV9O!rwpjZO~ZbpLXweTHBlJ6 z=aTJYaZp=6Bj;s=*#L#*BvBabl}u}#5lXaTb65C~g$|<>MIBH4z@uKmz&E*X)4iO&g&5(+L{C<{i8i%a&0e#h{%d2yp!Ov%C4%>KAVA%+&$oCUlImxY1*WH3 z>?aMxK}D45uE7OU{lu|72Ue~0?alFtpp*>pJm6O7#@d(142UU>|F$d6R zci%@~5I>dE%B*)xpXf)oiRW3`(xzv$;;)!q_IAG}g9!~x&2$su=>@2};&I&>P&;D? zZ8BDJNzE!i-Y;+iCnS?LWywH?5h=SQ_dbHg{Y+!2-Ri2Suj$}yd)6{Mck5#E5TVpq)=+WMa*TxA(Bxn@Enp^NckdTg=1syf#)HHky{ zO%-{QMA1DdN1;=(Hz%5cA*bNwW)o!R?F;WI4#&J)PJR$)65Vjud}wt90uW}Hi!qtM zPJT-GhMSpqK)h#rp{YdkfPM&$5-Zn@Q%-=NeT7}J#H^fW)F`!MynLg0RS)dtf(vpz z1)u-^zRtMvf!OlV`8~G9im%HHv$^;Qvw;wYjIw`&KR@;-tB=o*%RR>59^Un__FsK; zG{i3_umKN-t%s00V(%p?=bsAoTvUULFkjVUg)y*p+5++V9e5cwB`+8^5N|)2CO;fI!#UWI-bu@x+^Wcw!S=#c!Foba02!mAtA7_w;Uq4!A$#(Ic_;)_ketp=7e0alt zgu)pE{=Pm!m0twdj^-sl|oA5Jt=OM+%gc|D5CTNgvWNFO2El z%&_iH&F_443)>eLeYtYX@3CX_g>t&#MdTj z4_ALqlJ)x50sF{6Kszk|)YAPYH2Gi9EM;R0Qu)nEIy3uu?gh5o%tBR&FS4YHG z&@&?kH+N)Em`h6>YbhBb+gA<<{+?K56eQ4}zqTDNJExc5z8C~i^#>D?6#2TwH_a#1 zjyzViLRE)YKFwm0NYS-aB&JS{ec$p9R>T)jbD2_eDiyNB*RhPWkJk-F@2hWsv(Hup zX(7lzTCPsX_&5n(wSQ1(uE$0OCK76;e8>#@@-ZyILsZ)n-}UDo7o2V`%K4l-PJX`s z?_Tz2RDkTA%o(g)KY_apPOf&Jqey3l|Lz#7SlXJJ$h*3TdKjDjsc7|IWWja2PXRRE zb)BqMdN|4P;^F}!&@2Hf=mVt)4@*Jf`Vrwd2{d`RdZ=n-oO9P5{wH|SIE%8lZ4i$` z`#8h~JBbQp#hd!APhIhebgbv!H4Hz2Dz^=x!NAm2P#sl8p_Wy2LWyGQBP>VWSwa472DJ5aRLfka`5cyOhJk?kD!~X#T;71!kEc}sMM{EFqqha z_b#PSvoC*f3mHp06vfQS#~TQ*O^bP;oT-ANckKS8EUu-QreURNrSSPmWjQ%jQEKrH z{Owg%kvif_Ud~dx*`;ZJbseK%VAUFe2G+v5(OVwaj(usU+V9IV!x;JrqKjXQ>xUJ- z@Afhu!As@_-qc)}xI0|dQ$N2gv-dxNIDUibRNDEh*~mEgvg6dOXq51>?bNu)Y@MfAp$ zz)JunwJWMKMEsVYYG43`0XbU+3Z-Q7CCu)}NL+^`&0G)h0Rc9nr0fuKvb;n$K_mr9 zEhdyzC=`jH7E1D~u$i&bX+M;cDKRI3>B(Q9%H%k@m_N|GrvKRT{xlT+KNqm9tBs4L zgN><}p{0$hlj(o1VYQP#M(Q7MP%@a{Gmw`SA}Mi@`D?OB+5(lc{>_4nR@R{=kRXZa zE@r?+7}k%zKhLdFonN)4Ej7n1oAiI@zahN*c%!ho%7m4a5RxYfWxv{dyln6O-9A2H z|M7YU;Y47qYt-0MPo93mAS#@QqL?v2+3{NXwIcim6nqm%o0(RES+tauShdJQ>|T#N zEH=O{tq3bU!K_GONNGVqgsBQ2eo>LEOj2zqjtc(SW#>|`{wh*ioEC>f@sv<2}@ry}Padfm- z+L6;1$#w#2HQ)5sO2zpE%_P9+YRM>=Q#Ub*ZWwy=GQ5#PHUiaCDl-xu( z@mOtsqR7UeFrr#2C5uwvbebk=q=fa;Lwumt?tXmMk}R8^V{E2_XjislaL*R$YFigx zdnt@B#Kc62&EzL7juuLn%@9F>T--7TD<9b~9sX6g2LZwLlfr=bQ<~6x`Lj<|N%!J8 z;tf>w&6CQ2IVR%lG+_EBB#dG8oCw!kI1LU7Nq>hcwno$^$et6Iw!i;_M&a3h>v7fVGOkc~$jfEw7e6;{-zK_6+Id->^&)SD6= zmOF)hT!pg5+7_i9DD4q!!}ze7gt6MBf@3vF6%*|EWlegR_ri8BTHiq!jLo4Hgw$vY z<#dn3cI4tnB5j*hb9B-RzHh6K!ubI{;06f3`Hl13-N5TR;t^tBz^=Ee%TwlJk zJoYxnXh!to|74S%i>7tCPtAmLNM7bEf8kn`H@_V8Ey5#y`|TJvgJOm&6#G`3*kiap ztd|jaHzC#LtVfW)3gR(yWQ;{79B;Gaq?NjtYca9;mH4g3$n)TbnpJGLn5hpY$fs*RA89yuF2E0U1K zlKP@hV6$a~ijd0OLSq;BO3z`B-3H$2Uc*Q5w*dV!PAP5Pi<_s}j}eB`>;M6f1?AWs zlf$X(->;kA<{wXIsp3F-0aeEE+FWMwIHd=+a978WyGo#`tTtz@ffZcUJG!Gj_Q0Mx zxjnxrM@+?qnF4h^Zv{aKPSg6te<{q>mhOP}H`;#!md>?v?AxcJU(vwbvJIWqU444- z>ZWn%Xo9B*jAt@Zu5L315ovI5xHoJZO3hM&&AFRsg+1ooY~qbIB>CJrH@CZTFBrA@ z?9#y2F;<&=0o%>mWZJWV7aD_V4K|+M9UBTuo6sSHR2*FH>4J(azTgepUaYs@MRR0o z4meQTS4p|ySgtm9;M&{FpM{<~PCcu|4F@;+g~!X3qB>~+EW$|0xKg<=eL^P*D|ZGP zu(zc_zYm{CdsYP#Gs|#CDZpiH_{f{pA2(`>+|;CEQqME`MaM~ue-J?yH&>q8 zK*v~`k{qPx5tS7~V>OYa#5@#xF~V$6_bQ`N_B8a=q1+!9CAenlo~Y&6-*FnZQ=y}p zuz8tgIe)L25HHSKrk(9KWaHE-*>CQMaGgv^*1=wt!cm&+VSe}o5Ca0t9a9WPHyk~vT*$`i3hfV_JB9rZ*r6w``@48Ne{5` zzLWEksKgT6Yn2in`-{hp0%z>MhNB*Zjr&siF zZLlY;KbK54I#S}Bgp0q&xJS$<&iRfk8>CTO`NZ3x?EcO->Mg1#R*F&XEU7JqC>X22 zeDq6LjmkB!o{Ic8R2mJkh6FDtDCTTZubhXeO|2_>(GFKM1?;x01Ut-c#4`MO&oqG$ zkBDoM!+pJ>Gw{G=Y{bRCG3|xBu_mhcdq9QBTQPlrf_A)3NLfd(aY~r;UDUbJ$xaTg zfGeXV*!Ga_66q*`J^{?Fste@fW=)4B9N zxN3hN%+!B-qpD;1h3c+Mx_{74ZiV3Ve~yIVygFfFhvo-oK&zr zeIAW(ly7cWdR z%m#-U2KV4@Jmf|;VRvM~6!I?FWjD7n=a{j03k^ntbMRUcpqK8mXULm8q*#V`oBeo- zDe6B#kTpR%*#JwEc2paSoZKo?2|?H5{aT0dfOOh;}Cosj_w3mUYmrY5Mj zB-7lxnWdD&6prBqpCg;iLytrm!MMy+Pg_H`}fbC?A=t)s}xXR6hAp z#QN;P9T^7~v%W;tyEIGoi_st|U5m|Jxx5K>#>WZR-1mnuG`cyYE(2T@2DIw_h7|TN zoGu5dh23h60aduT3os*?AE5Koycr_6^k88st%qUv3X=ZFDmO>MvM*y_q1F-JxSK2u zK78R+Q;Xk%8H{*zGFb`nRv9BAXv`MMK-<&)_b{B<`4UiHRw2?e9 zP-Cu2j}3M0mX}}m3d|=hX%crbTS}V=jf(0OaLFtoqfX%^vZ~K3B%I&bAC~r?$%yB5 zt`urkS105?sV+`HcGi~CWVL6|GdOc7uM|*l5O+>rO`%>`Kxf-1s8Fdeoq>Qbt#NgS zzub7{uX0Hibl%r~G66KC%*!vTWu#p(4@b(isB;z+Ln>F3Y4D}fU0k4^Kl6`y7F46}Jv{)D%sJR2KCE#{yxh{`u?sm7>SI^=cHWtO%2hXqg-BYVWZ_PlUyV zDmf~~I?-#PvB1(^ubd+?i0D;tkif8vBM@qeG&J+`amFO#tSKN3S1{c$jw11uV=1%r z)cO8Iix0UYPyHUna$bm>BAG)*%@_1rmGs&_u>A-|uG_U{N}fcKYcn*f%zl+vEt~os zm^TPc2rOlRBcC?-inF1#}>VASb>egTshE%BPG;BR>4AwZmMk8;x zbFu}AR$UpL&;s}0_hQldu`In%Cu!hIm*h8t-$LpNUiZL_*$!M-h+sy}h>nWAr+ir= z4s$JHotYA=6jO16>Joduvk+o&OQey~mi74tyO~s?dfuxiPz}np#axTPOW)l33XVRk z7vPi)GrWx~xj~Lr4j)u;2+TuSZm!3adZ#8JEfghWB;yaVRvtZ z;nDgA$|nKYR|i6pv*%k33&u7)hJgmqgz&xf6;&UmTN4dOa6kP}B>hmehOjoiG#*_O zdnuBA=3xDf<^tTbfv2x8K8+5H&SK3zNvyVc?I~-eUT`7%cOt^7B@_}yfwLfunBNwA z7V+P7bH3@~MuQ-$VsKuOWDp^g=HZeZD9@!D&WRmfQ`-*E(C%xZS!2^1>i2)`ySJ_} zaC~cf4m<*u(UaMp9r1*hQ)>GMJz@^Jc@quJng zFi*I6-0qc;@(`Vvz51>kZhxsM=&jzLmnqW3Z(>YTbCH9HRi8<9Cbz+e9in};D0#oa z?%fjV5pIsJb7H)_AxmR>Y~2YgXj&C{q)Y^9>u+B8nusz9z3z8WjIBo43zJ6UwKJ?i zv5kkb8WI{Jm;5oNS?cWvu!*mFT&E_;Nd=?}qokD8oqIYrGtPsWq3^}3@1+^+U5r2_qe7pl_H9+CT7#`aqV-n+ zZb&i!&7yE#8_)iy5Y8eebqkux(%80+;f#LKScT{p`)dIvx5NJ7_81f$x_QKUo`8$>Sc;I{(31A^e;l_r>1Vj;D*`$)i7G8joc*tQk~0r zrIgg!u@IdzhJE)#y8Y?IA#c?K$n)zn&l)384>D&*To)1rlKu43SiMKC9>r_H_(ay6 zL{^V5UTvMXz+Y%JFWqB{tIzON+^>ZEv=Exhlb6pKG~MGMRM3>M+;8a`Ob8>PH?EYf zhCV?-`4J#~qNAu@8s$)}_`DIr`@b`JdInt-Opb1@y8nQ{-r{L$E`L@_(P;m(V){>T z_CImL1nunXT?}0ejciQ+s+OXo+oAge5Jj(^BJ5uw=w$YYHL#FGYLRJW%$rV;k(YE= zY+gBF{^;Yg6Z6&1P?^!YA8!26kv9htZshsO^A+ksVkKQ^%?Zak8QIJCTZ7C~Jj^gK$+P;3Y7g5Mp*eXI;OUtg1&!+Cq$u6uAdRLW4S~U zDxZ#yU!e{N1fAtOOdwTYzN$NgMpfZ}Sd8)$9XTmDpMR`S2Ph~>iccwbH}|K1nU6Pw zLqH*>uM9D+SQ>I4jcubo;tNHowUC1?0jgn^RpDg@wX)r3ou6%K<*ZpXaXtg@39 z@6Nv!x-^9fAhp?z;4?@A=ZhjxcPy&j()?}dXQ{XYWgia$&K`bU5H-vaudH9GA- zbfEuLqyNbU_va1x$HMdBxujIo~N`-PzV_SA#PW8yZ;LFK;)vr#I3k`9HdzKzi0a z5_&M3jh-4Ya>)<{iDDFOD88>s8en)cZKMWGALLPHCfIbvv0-2CNpt!TW`@>t#!Zr} z`k?h2pWM5`{$z9^uo9|altGP2zDlmF#$2oU9arF2^0 zoU;L_^fs2S8mHEeXjL0Rj!)$%(DG)sB%wH3Y02vyU{^q!huXjvmbt`j)_pCMf`8ku zwZkka9KjUv<4yKMbx^@}UUg>gyJy|Ow1a3`SwLIYlXMrD|Hh}t{ z*JWmGc%)O-ST7dlp;&<(v8T1)m_tLy@L^AFP4~R~V{U=jVUix73hh=!g>4Fx8ShHq z#eXN^1Q*I$djvWU&H4dQtXgiQ%^^;ntfel+zG^8xUBvw9$cT73S|AQchEk%fmfLj?-_W5V!e@Da3kB@u$deuOcl1(}o?} z?00=`fW5JTg=&l@13w@HKDZL*hziToEs|)HDL8+n%)WXaF1dg#qQtt4xMma^*V0WR z3EM#?Z-UXcdN`)y%)7*lqt6PmuXZg;wp`Dae4MyUOUO}#%(GlEzEw_%DWO^sDaB8$ zjjU7JN>NOabLa+K988)CGDbMAJhA47D96^IH|{cHzat(yhZz$_KT;^bIL6%}a}R#& zNF!wu+6nhlvC`^T20upB1nZDXC3|Phvs}B4zC5DKPIVK-kmE~wLX})OwGH>S&{2rp z#(3Ehjog|ytM@eBS;iQnUoTMs&SVMBeV6^XOHSj zR@AI|WK8g9)9QYfC4haDS+bL0MwFkB^#hmomic=ZIM$yx7= zb0n-}TJ-xFw`ZD8ILNOTQjxB~{od}6-ym|P5EL+&}- z4i7OWE_cC_PkbCG(AdEEoAWbWz9lcw79!K1GstI%R zNq4IyY_vK1ON*Bd^ub3Q(v@H>)Vg}KxlnACH z*FB+z0J3PGz^54yC=;Xt^ciUyc@`Nx5z#%})$FZ$POwnyaSEcM~FmP^NZhLwNLS zSTtDC*V%POfs~#o9DD{K8_(U9G6YKeQ0wouUB)|S&I%#F7OP8HVyRo|6WQvHi8T-N za{dSuV#(L1!50lQaJ1XFj2-Y7^QygOxV1zw4)=}@AQGjJ#WBNLqp1&e3Z6s4_0r2{ z4B^pfd!*DVb`dmyJ6n2&v^s@ZxiJ(+qq)LIIoHViba~Sy&mqJV%uYpeKCj1syd&Si2Ak!b zrPE^4Yu5hn+MAV5YMn^Jh4SjKRRIe|8l(`!n@124an>Lx&aAs-jlT$L4L=2%g|C;q z+&%@GagyiHY?O4J13hRxK8 z#X8^QeH<9TRNUF{c!@Q+ttY_G$l=vORsp42T2;@SfQ`DYY45yXX|y^5w4UJZYvk%g zKgg+oacw^(BItAmU03P~AL3J7ZzJ5?F>(@8l^3RFIfjeB+4*3&%ZwEaEXr!Z3E3&q zw`5P^(Q?~>xz`<^pS<<@{`I`ymoiOVey$~=f5Sig=kw0(HV=etJ-W=Jgw#uI< z2tTT(IR19_sXe8jrH`H+;f?A ztl!M@?>NKG?3NOwGKB=&X4Ae?&QrcqoR9A>r^C5lCU$7hgf$f62Lb~{(G+Q6YfUA4 z$Gh21-eR9Uu*)~+AJ#u>2Q^#W3E3UwB#oa-E9Gs}r zl|Eb#;jvAIwpPvXEs74TM!Smp{yOd+N&Ok$;A^8;ffcLKtW*M_93)zM$EyA{ss`_I zhfWw;(Sq6n%3J;C#;S2!po&f2;YydmkEd;OZwJ=?7D8qx5)%@W-|#YF{OD?kYC8(> zI$-Q^2}N8_CJI}lk2nQsi3K8>xP60NXz_aI302fjSwMkXz*UF_2}%`|DqZQ?ofZJPcXPJ0hv(-qd?B+Np|9db$+2x3J$DEHTG% z0X5^An5SL&tEvlUxSbGu-UNxS8l;|wN;?GXxHTlN^&$>|KNG^v<(jih#%F$@_^|_>*bsrxr>qluyrDI=wWu(;S6kiZAJJh6$u2 zS4%I@a9_&l_?0xzfI9?^=GcHEg;e9cIt+=J;a@D%j1nuMDZk-wURiKsw=V^e&GQ&< zr2(%2q;KI+FEExbIP-T1=qEoJ>pbCEdqdw435dvpnw65eORgQ$_K~M{cqrJzc$i0+ z+j)9OYh-=eqNkf~=A-N*Qso1R=e6fH_mhhSvx*CYR8Z#P?-Qt^S-)I}?4}(oXLG4U zwgif46VdM`I%E(3?ts6oA@ci_$3Qa^0`K^f@2k!_hMD*|9wPn6@zDRS#QCr7{m;!_ z$kfc<=`UfC|2ox=f0|36@><#s^DSt(5)ns8unR#fSNlY1)HW~7Mpw9Wz*D71nJ|aE zSkk`&@k@2=^(lRNOYD;#IXd6|X?l$7jo-}E$a@aCKrp`{=2Gz$sxfqKEErewUa)5K z4{M1xMY}AiV@*@5%9FXY1<6vSL@3;!7})yKD8GN@UW?-zLc0(tq)TNxyP1c$q*hABXa22K@~@j*8MW!B(RX;V9Dx4i7bC3?7-RZSV7~Ewmp}3D$KHXHXbp1 z7aA^Aze~}2X-Bc3&C2NPbEq;+L2}>9NX3t$K;;Z5EUroaz@SlExPpXC@<>sPVqWr~ z%MYZ!f{5ZdT!LaFWwtD}DIW1urD97U>UjiL=l5f7e<6*=PFq z3R%q3<1a~fd8dEr_eCq}N(%|1X0cwR_*$Z)BKZcaNT=p_Bdb7u6|E7xYdjrQTiVok zlzMN%fBEwE{a7cEK0pCsJjd{G;+*sM&GQ5NHumo?ZXij(=TQ5HO2ecMia%_$*x@Pa z6!~20nD)&KBVQZv?kjJj>_8(_jVn|2G?fb}u&fyz9%8%l)a+G$Pf8H}Y^cLg61Ie= zV_i6FX}l2IuO@e*2ZL{~yRnjbv?>A5m>Ws&v1FMI*2-|C{1#R#og<^E?Ic&wM zLmGSfa8D~H)B{6}0LcgERXX9n= z`9WOPM*0u#$M?%@ZkEh%AHR>#fOH@-0^IYG0$4pN2T;gzsBdJ#UCG9zRFYOkddPhW z2U^g5%s<%!V$M1a=@g6!**{6+s6E!BdQ8G$9$FVGnY)E5;1*<(c~aTf%BB}NluAsp zAwcPqc)AbI8)xF@i{`3W_#NAG#r^EsE9tb@*(>Y=DK`}lOE zRBXij9ygz*=1kh?T1^AgQ2wak;EmM>W;vrH@=Ub-<-eDRM#LjY_9&8Pbe{gOD_B@; z1QyZiRua+d)Nr`!V!bcC8CGF>ApsQ!iCX->=Jp77raqB_8$_H)foma)| zB7jm&L3%(;DV-ac;V9jh{AL{oueC_XoE5Q-G(xbZP0yz|m|E^tZ`X?eDu>o#mJEaT zuDjqmUC>DldJ6-G4GPOH`0Nn6e(!U5$0OE2PsY69x^lj~KO1{Zcs}KZX{xh36G-5g z`)GzPZ0koG;yekEQtCH8u?iKyI z>J?IOy<9gzBlk1qjLfR_GkyDXe@oW`y1o)64!OZxV6F`Z*u2!l+BK3-)jGrtxqtX|CQThoBvX$hW*3b z4lo0&AWmn;SVCL3RBqcj)fNeIO+xi_WM~-VVb2i1`zZ^&2p#tr3WrlI*$Te?6U<2N z3Mcqg0WMr}B4fy$oxFeIHGZ?DDvdJ4iwuNXUX&ph zHqhK41d_8`Bn!4LUyTB%tn)Zq4g3$c3%;}!1-vVG(|<`~7Sx1u!5Zc|W}d*w3&FHt z`r@(yx;Z1DzFq#M4Okj{gem1xYj-X>BX1)>+Ioy;As@g=m?tsxlZ0Rzmq5Cbj;pq74 z+q=(~ZE|epl3H40unK0rzF}tiJkp(6acIcZ}hZQr0KKvp2 zgXLG7H*BXFIgTVpY)iXpSU1Re>ju&m^dhd0C2h;-g^9S2iJ2Fa*5S0BH+F>=Z5zL8 z=ZP-@&dP=~Lv(8w9&|l3h>`jbyV47TrY;65RGFtmF15+msWlVPIxWkq%@aR14^DUU z0E@Iga{9NKDn<4`KK2c)M@EAdK9-mlf6Pal!(I3D{7iBxa0U}>E5zaL=}RlQQFm=j%u~I&TXC)+E)*JKn{}!t8FTTJ>iR)-VzjOv zYUeSG#X)^16U-_&_mYD+=;v($%%ZkPo>6LlS|SQ-aSR@J`-2|F<;U-G z@1W`AKQ;pC7Mmw6nIC5tQF}!X;r8q z?feCrj65Ar=&Hnj`-N%zi1}OZdKz5XV^G}uvvQPT<(*VSybt*`Y6ysmK(zcierTZl z9$p7cV5$5UPiKov`UHY(`u&d{57^-}L@LTG0VK|_&^)e_tx{Vt31@82a`3QO+^xc( z!|9a>-F3M7O;l!kC@7duQn?CmR!%w%D6&#l@DCIjSc|9ludgDvxgh}S_bIzAW+6Bf zl4^2vr9>nvu4bIZ!wS#bg^i(X!g2RN+E_&|WhAtF8nOqDqy?spK?vfqma;V;F{pN!bIOw z?yqjMLHt3fnpj53t1~iEKykB<-0^!p_*F~Lh(}?Z8@2dynnOkp`u5xUh97^4zB|4^ z5V0YIXH6be$j3GuEW11_@>Q!7EH}tAPaaQCpZGd4E<*V91e$b7 z5HyJJ@x9ec907ljN&EObnmssXljbHI98PYk1lIbDC4}oxYg# z$?OS)a<3(|X4We|o6{q)HaE359J7$>`MfviG!(YaSQcG%YWA5pOO%$swAisx6EPdRZg;@j@a# z@6QIm`sIJ&on$7J5wVq(R=Sr0Lx-r^cG^$h8CQ}ihj&!_ajSA#@7S#M3si6OtbMKL zQ?I}7tpLvncHZm_OdEv11?Kme{iVbH)8^Xh6KlSg_8o@+xro$rAsP%v0ZSrtDYMpm z1s*aW1|l)rC%947y0{R$VqQEQV=QUOxvDvYT(~SCS;INTJ=@w^)i?s?uHN3DVq07* zhw>}7rD`t`@H+gPI9hG3iC2b;mYrGAO7fWiJ-lf_ z>(UQSY@aX}$@46PCL2OD8AJOFSAVEJPplu`slm669Y=CYkiWNXARboD$0B6X_SK#@ zzR4chhDE5c7qkCHbj8#(x==nA?l*uQLdnLhRa8~Kx_4(Z>3s|4DO<^&g#X5NFN$_? z@P=;^5IhV+{5a!Q9X?`lR~N8%q~T*jiF!v@IuM%`Z(wKfs_|X=4vxoBpZ$Qe5B0%i z9A-n1q~9?v8rWN?=ZiIm%D(<^mdwadGau`ZO9$O0x!l+Er?d$Cst@n62Sqg09zD`( zAw-|#Q=A84Gjjief;9h5UQV40{)}H5>{W@V%wNron=E=$H@RD%*-^c#cpZy*e-Ld( zt+YTmIlJ=oZRn-a+o^J(>W3R91?_Oez-B=L4Vp0?z@;)0>2qKrfk0`Ld>RsxL99E2 z;c4aKkZko_s)3m58O*{L3;_tsYHSYwUu#za7h~7<#~M9kSGJVWDv=UWw5qgeBbAJr zG)yx!(`v7*q3lbcBC_Ul~d zI?Fv@XG2}fMcrHZYg!e|nA~pT)S~;|1En9joIm5vS|95XqBtqK2(%lzM$65vU=UC_RF$wxtb+pdiu?r25$z; zanLAS8ri+m8ve7S4XO7|pXhlapn1&Kd2>G*oNw*hDIIde=txy+68Uiubes zvV%7z2KuI72^rAO<3goD)h;;lq+C2VI@@G%ca!^hnm$K16+7In^j-O@*16@5u~prj zY8TBKI$Lk+h{QurRn~rSoxJW$IkwnGkW%E`&sM4$~?289&aZbjPm&OHgN4ln-j)u)zbT@Ca#YhreW2~ z`}mIXRc;zXYXs+vH!OKO*Q0W4&vRAWYX6x=ZIrEaUjH!YeZ2HQu=j#i%RhHZ{P*RX z{g38%PR~7x7h2yy0 zX3vYfI%ubD$Ex2J_S-&w$%(pls-yD!vU%S<13k*`n(0=L?>ct=#ka4!w2%Dh-2Q$m zGdAmbK&KwZ5)+O_AK7qqLq-1PMNb?vM_pXr&dh1wDXS56i%j_eZt;)0b+z*BWV!$F zRBg3VpC7F{uJPsuJkgr5rK8o8%a2pW7fxBREtWO$@ajya-ZJ(-hkM_1yllBJ(a8m# zcb-3T#GyOeI(a=v&+E6Y%`)$YfqmSsb=vXM@4~g9yJ%rbXFDXl1o6{tJ+XCE03p3 zOk8bw9FK%eeX1v!NP#eBSt>3XvjAwdLAujv8eOmomF`?e2c=UvE zHJgX8H5pZwH!$!^)Yg`Eo1!gsIVJlnv(BkTIR7 zJ>RDHYSY*5ky>gubQ26;O|80@d+k@}h5uan6wQpYcKVS&ynmc(map&GlvmE18b8)XytVDk`}?Dei_GK7*C**89x^vb zIYM*%*XrU)l~F10tM%W+TYXB(-``U$Y+erI2rp;MW^;dyepNk7@0dBx=XAG^IJoU> z>b~HaZBvJ5^}EI#@iu0!zf!nu(Z>lUFUxoJ2|HFFp)$C)?@!$#xBdUwpPt#p&wR`K zhYLQh7U<5r?e^w!h)POK{@$m7HrsNJ2jq4r*cD{!H{H?CvT)R1TQ(!V|GY1b#sMk^ z-j>J4U$f7?>cH!Maz%{!{=KZjQGPS~{S%$1``j?#qH9*hN^9@Bo52AI9Sn;8Yp4Id z+q&5&mZaTx-PN_l4&L*Kd3!F54GzC_?)1-7+x4f9*5S*~_xZ1#9k9}Pkm%y5g+k4e0=>&~rHf|gW|(+^P- z7+AetH|Hs1rkn4xZa?2~(}tA|I`Z6)y*R{e+)U?Yvv(OLa+ya`%nvpHq;uEqUS{OR zx;KWC%3tQIR`7WS8Q*HoUA%G5eF0ZFrphJ4!+3ZRO z_1#?!X9aP#-Hd9<98+22+u?}!GLN%i?)Da6#~q05Z=2p{`W%asZ;ZW;2V6GJHEW-C zW^3zjYq|F;2CTmPZ)&af)$T#8b)1Str87Qg+^T%}KD=|#llI&Ww91_*m2G9ZL((Y`^+_iOYczeo77pJhL;@RrMF= zT>bj2+A46)E2n`s-K#?#ymefjjTytad9B~Z#g)^(!v8ZNDMfW*a*oogw4bX6-n=&c z{#VUM1FEC+Mi*B+=bUnS;l8wNqLtOYzT^F#>5RP*cK4X(*vM+jLlLfpZeG1Oy9do- ztZFf*m+gm62Add3-nN#4=Ci{mlye{dFkRHsJo_fEqD@|LdyC2IQ-1tde1GepCC6qD zDKn2Bmb%)7>3r*REcaJC?%I9n2l`lAF`rqyPKqR@lGA z&dlMQQtj){MmlIlyqa0%RcX;)we(23i`lhmwN-lyXDytn`D?`Xg4oj=wh!vRamLCS z{=by=pZchB?~$FB_nnG>DEHUNwWT9gmlbjjuIP|k($->9>{daKS%Qqj<}c6gI&r3| zP3QWuDg6#zoUa^n?EAlMAI{ACHR7FmdjGj|3;OM^nwk;XxBSYR5hZ8J>-h(-3~k=2 zO~$o4o%hU7{lB*R^&&T?o%Im^Z##cDTc4OXx6ezZl^<6eICj0|Rr3}(iD`?!>P%|= zSmU!!C~M=afb70qPH$OsXUUcIreo_WIGaNcYg7iGU*Ds6*8TbZb0a<(tG9g1tZ!4A zx##k#c^!TYUBWBMX>AI(GRE~C3=FuyMOj~|Z+Gu&LZ=zed*>Cf; zPp$k)y4z%bFRv(fD4Di%=uB&$!&-Ak`lR*z9x&!n#G4<@i%V8tec64Ul4~nEdj^H3vvq&eJnHhIyKRe~zI7{I^=2NsGJMVPfKAu$H4C)%|L(R`^>*a3 z?L+i=pKiFX@Y&L_W`B&z`n>fKuT6C-ylsEjrENSkO>2XlftgXzpx74A?%X{c8LRnY z@z200pJcao_3s{c^BHMl(Mj)ENkGr9lb#j(oKmrQWS{iXS?_M~8Nm>fi6+OE_E`I7 z8GB&=*!Dx5uSfI|-0gP#SB>5lPm8aQ%T6pY+_b-Y{lOV(RTh1(%qshx6T5T4=J0@T znfE=T+tt0)@>=$B(S;eQ+?h(-OAfsGwl{sr)0(bdng@6IQF*sRyLYM`-uS%O+JD_p zZ^!t%CwneUsft?j@Ve)R!d9oFC)ZVX{WeHFq1hwXQ-bHEofF@%Pv(|BT@ZM-$CNj9 z@q6-XZgo^WSo37X>D4nk2i=a@H{{{H{4s3{KhAnob0d7T>m(O@p82ccL%S|-r|k9B zBV$+XmUbJKrl0Ze%@2G!aF4^?QElFCsXW$dSsDM%_LR%sy5>1~IaRGr4Zn6eto7&? zo`wA_51n!UJ#s-W$D*TM9iFt*+}*dGt6^+io!_b33n#kuY#V%LKVQkd#h}-%qwi<6 zZojog+2Fynad#~4vcD>MeNW4`Syg;3EMV-N)mJCBUw?1h>+R`pTNk=ED?j_=&VL2t zKKj{AzFRxy(#^0@+|wt@k8xiX#TJ|Wo@=m9FVx^k`;GOR^|+ zTwkDM27j zyy%T-^Z2KQD~wbFf8{?qHTXknOw7n1ZH!y$sPnuBRGJM>?(xDe%Fp!l+*=E#R)7BF zKj3BQ&u@XSVJx)S?%%~p6Iq1|x)m%i9uU)f&%UoYdd7uYVY4RKd=09t@>iR7=6!R` z$79_it<3~?9qaiEi+lI`V4-4uEM%1ZA$28}=T~~G&t2HBZbt;`bzQ#Ug{-B%%Olil z)z^PJemp1B!;IbcNZpUzDYdH~#9Io^{f^oCEQO!{)^>pT6pj7g43Y*0|7wex67EF< zCi=n)F(P2csmIu6&AYaMJzTIpn7TmI13D3s5A-a=pN@>z*65$E_TJV;PHqmyqQ|;2 z+O%mSd@M4t{h1T+AB=+4m#*T6(2wi{v`tv@n5(s$lY_mN_dr(%X~MEAG;kDF{6U1Z z0aJ9Xi1ahE`xoHotkg4(l4qh=aZ%B1F~cG`Wgi7qNIfc$JQ~{Y`cLd>S!QvAJGTNStNNBSY~krYegC45(CJ}apixDbs1h#O+$a{Gt3dc(4X8p5j-iJQXU56puP+8Pj~s z1k;r)M|ga3Fa$z)$})hK=0zXGKsxF1a3+@>5zP_4q!eRCKGt0l7Mv+zhq6IA5cn9D ztXN$d*b@3u7kJM=qhgxmjJ+`cJ2Jo&(K`g?I}om-Ib;MaOg$8$}}4wh1QFdk14u9OFHUg zS;XNE$cN*@#bY>kvT(Q&-jLxWdnV*DhI^^LlCAa;Yt|z+rkQV9|;?%Gz$a(QDG%6lF;=bp2DyY?SB#JM+Ai&rA#Fz#1bBw z1j=pH4}uyFtYJ`|!qLZrFU&_|G?Sv#M;m~lGw^NnVuW@M0$7A5Rf6$(QLJF8Gk3Dg zC8_d8uWZI(oPtuIu{c0*d%&q>;a~xu#YZlP?(|}XNZpqri+k6~clcUh@fdu2!nfg* zov;S7pDZp?Az9p-dpW=Jp`;!MzR(zDh`&e}hGlU?{LvsqUF_!oF4P6aH;o2%;AeJ1 zG*mCLNJ66utwBcHcJ=dQKBUNn?HCMn1g+tdozQkL6-{(>17TW+FeAYAZJDrrii~{n z;JLHLU=42=?Q|Pp;b(S2DcrUu%ctlSH*A5(Byi0d8T2q`_vc#x;tQs3tT+&;-*74@ zV$_8#fO5Lw!bMs07Bw^9Yy(Wr1}1U0nKgon*C@U%QvmnD1v5hke4?-$`0It+P}otD z0j}LxW+6ViTT*cmpI*`IC;}J?yzaUi7wLnI#y}i57N`hp<5((Kqb7y_3WhR?tjnX< zyJ?;SJr0Lj4cBFlaa7nwM{0PTwX`mg%ttx%Mj6xRm#K_d%B`}%|g_yy8amHjSR->84UQPxLIG4U;Dae`w zrorXiGL;I7^e4VSkPK&d+<{*La23GkK#B5@ym8a0a1L#`}E$%yVFB zIQK01WG8G3Z@?Cp#2nsK-oUBsP-*KTi1dxjU;lu0&%+n@mNKpkgwR!@x$+|~{j}DY zG+;ykEa8dOG(rYX5YFUq==i#NzS(W={q5v#` zv$ZBs2F@2IlQ4vkt@%JH<^CbSD1*cToJl^}310IXaHJ;so~#HK%!`Cqcu@gSbcN3G z*!u+-yAS%(lfWVO@Lfazw1x^RMkp<9kRhwyT2xtA38*1}id%Kt5&|mHo);@BI)cv8 z?)^B(?Eqr81F^L+F7GX+!Lwrp^Z1RgsFd})Ag_PpYJkJ`fT)2X4o{&$6mm$`qR-4> z(d$80Rj6ZhFto@O1T+~fQZbPZeYf{!x&VjPAU6yel23L*z#8cqjod$wY_k`5i8>S^ zHt|$C$OBB2G`f!fz73(2vyf0h9?)@}VmjX9wu-j!AMw`Q;4r#@;iKy_{b3*wdQ;di zj8N_t#e^CgEy!Eo+FwG1AaN{SXZC*$6pli^8;wyJm-#nT#Ok9N?1u2y2P0}PAX($e z+q+FMH4mshxlwE;2MROxR4!_F(M7;S*NTwKpu95hGAKzTpX`L@Ie$fn>I}%~yiE&l z_k?=jXb)K%ne1u;nTDy07f8d5B9>doMn5;S%O41WY*vEiu0#~%a))viQz5#X_Fy{A zvA$FlYJldh!51$@U5_@A7$I_yvX(v!NFEN#vV)lg9-$YZu5X-0kt0;nRB1H6_{6Jh zu6nDJ(DgjzDNCsQoG^8T75)JouLxE!>IK=sB_kd@Am5N0XngyiZ~5F0pfq&Fu@y!( z`_dnfwc+tNEGAce9F;ArY55M~Xct5+9!D*%{sAp}ZgjYOLQxa?2CWByp0{N%oH3yS zi~oR-B)y_Zx@6iXXTsO(d(9SWpxXxg#TTQ?fr&@ceTBnuWra_H5}`p%ZPC#l2}AH| z=4hI7b%Jk4O(j@a_@o7+3dY0Wd;c#U$hpL1&V&c2flOcUAzO@GPUZiL99^U@cZ+(R z1jH)AktSdS?^G!!NJ_@Gyl75{8!t-u5^N}>gvyn;i(v4jvB4z|2eOiH3HDmaqE-D=hPPzb!P z(22n12z;j)oGgd<)Vs9hksOJxJ&p&19FstfL6{r^KPx6Bk%KS_AVC%fZZ@@q?BNVU z^FR#!%@@V!4T6xB)Y3o@s0sseD@eb%1r|4NMwgwCBXKw^4(bO)L(_&7mWc6Qyi;MT zfbnEtTn}UXM=M%zv|{DTjI)K)p=6e4II#n=LD`f(a+KL zW&;wC%}a!b`3x?^ckGTcoJhYSB!z{Ja~CZh$GObAP#X#12Yw ze3TEa)D5pz20dkh5zH{$e|2eb8&+6Fz3zsiquSz&ZKPR8BrZMIZB_-WKZE%PPNKKr zpOT=-&Z(J?Qhx)9(I5q$)mQ@+k`TA1Pz+Fg2?=oc)~NV8Kp#fYQNdt^=rTGY!~r64 z)85p?m7fBLl?6@Bte#;bNeotC>~IY4L8ClnD5fW1C5=BkV(wFJ}RvUNGL;2 z!i$O;3xy4TP1fGc0M$=OeFL&B=gE>3_D})T~pVNDR zIzVp$1K`kGZE2xpM;9_Q*EO_42W~f)sf$$A% zPFxua$#fKG%m%~nJO0n`wQ{SjvITfszK+V$g6-)g~e}PSxs;5oog$NQfuKr$K*0 zii(bOXS8BWE?IZenN2~5Sqkpi+Ty>Eb%#i9WZnFw4Z=`^$s^>iNRlPX2z+tS3+lm0 zSg^Flyy5{|4oZ_QrDC=*ShaC$k;!S?;##0SD%I&XNB$u>T&FZ{;qClr0F-WwW$=ZH zSMq_iMA!w`C?2YSwB2}ILVb(8>vb2s)M$W+1%u$_{?RB|n1*`ChUGP#9T5R5&-e?` zWUGcnz1;lKD#8i~61=msI7S+~aYK~&a$2-|P?E#Mod?P9RP`e{-mjWg5eETT3V975 zxpu@Wq9uWr8;3@@-sg6Kn!m#rkHdMh6;Y6qhNgPpZXHmp2f8`}ISe1X7R^zFF5#c7 zn)8~*$=LvH3(&ZUl@rL&9??@c>|k3CQ_#pb8QXWH(S-}35E#2`SLjFN3YY6ykY=*53Psww(f)9X{KNZ;q*aJuojhP^(p(-#YYD)Y^RKO|FSNOim zqtP0P*7J)LF?B^V(UDe<8Pd{`PJl zXaRh2Ha8uVCgC)dOWT~_-?K^z1V!zEvQ$$dDDtLHhomtYnUcGP@5qe^f`W;`14t(f zF6)RioOrEWxQGwXuthS&h0R6RYYD`)KT-qsXFg5O8Yz3rPrdw2Kn^1v1fpLbaVtC zwWpRe37g(g_68h0f;P3gz*HRX7A0I)1dUWrw`Z*MUHTQYk!ArTZ@gW%?zSRap*rY* zC!I1``v&wd415u)fQ&Xa<0gFlq-n@xUHqK1{CghgViTAVuXR;475?gUiu5#AWOr1Illq-}b~zQOx)9a`s%t?}8IzBSkQ=n2Eq8w8TO>{0ES zKu2PBn(2G}O`C(Q0D1_F)_6H{MdeT6kpK;}$c8Z*_koWDNuUTayvv_Zq8YPN_H6F; z4dAmV@TuMY1m2v?eQM=-KXUZFggTazIp-GdR zJ_ee2_8GeA(r@4x9SMSM`jSs}g3mw#EZwpe%Es49Y(IE_ey0MLc&jr5_MuV~fVKU# zMZbXoZ6Sxjo>K)Wb0w#PYXNBDdOO)3lE1kETErzA#J^2aMWPGvKN9%IRS^k)qVNx) zNZf;tw3=>Z*S{3%mxa)d!fTi|RwO9l@g8k2n1(`s3PwH$9zUGy2J!c@AKwQnL1UVs zEwL6Fy3Oqf$e5C;h=|uYVe_M4y2-czm7FGq7z``*6tPhsMYsipCO=%s?LFWPh^_?= z1^oxfCp%%*7y_K9=sYNuHDr;5#g92!Fq%X{I>4v)M_mb6a+)z@{4L&@r=iirFa*)@ z$;pWE1bj@H!o6KIi+_Iq4LjZ&yz>I^t|QR^GLo$y0ax73p-+v-O#e2|c8CYh+yudj zpGV4t_7|<0$bt{o%=!)cA{bD{$QUVpG64)+o!oyxjCE6a+X)Q_nIJIkKd+bsEQ$Zn zR1sQd{dp*hZ~;;S)15~M0Z!~cbd!n1;vC;9Ktanp-7vH|mNc4mC~dRACZRYQt=4}5 z#rMY`R3XzfDqgb5ShP!2UjHHOrk4e(U(o6)Uf6G(MuddQju(rjlLBqwtNFBPDi@7^ zW=%x%k6(~?a9*o9WMG*7()%5X!K7T1>o%?z&xHQKgJR9h3Ug99!@;a z;YI#p?PXor6D8ot^7A8NFlO#mMv7kt|Wm4z_bV)#>B$R$-ixL7a3 z1w6Xa2HAOYf_G*vl<2k{WOLWal|%|njn_^^{;seV%g6%uwJ-;|w2=r5TMjw$!d0NM z(hSlmLlr_+0|QJ;Cjts(CvE6Ka))*D)I_tkLP{R=+(Ja7fxLqm@En|@o}AC0|!8~9eEtd>qlf)Uz)onhwTD7H{pwi z&M{a3CS)-wdZG@4hzK=@p$u~=Hg#P9sL2;3!dDH?!1}vq`Z|w}b@`yu&mQ&U(vNS)-51w>~mWo)4=c3`9YNDn5eE zIG~6Qvc6&p$=lAq(gsPULX~5U8Q%`J+5C+pa)V`L_(VPAYj?ocY%p?nk0>HXv5mMv zC(qSN#uWAU0rBEchQ;Vbz!h2Y#iP;_`?x%UrXeau|ABx7kbUr8?a-5o2sU~~6TG~0 zc*UJsa1A6~e@wEVGekmC`IAsVB5%vj70f#WkYNCcPl-04B|_SUv4W=)=4=RTF>n1d zG)t%gW#BdWu0kT16n~$%a;Y$m}D(#mzqq@TxQYK@&|y z&VyRUU}pEf({yZYk=dIvJ3+QMe0qmJ%*q+_L0!5S(LrTIqS7;Mk^>`97uTJKTLWMv z41IXtwB`X3R5q@u3PP|)2J;FQ0&EMI3*sZ)n5RTo*lHCWF5G0}%jUs_a|&CW>e_p? zU4TM=U>x^M<4Q6GKA#!iSZ&K)0kqcokns${`UxZ@JgV+h6T$i7;|C&@d-9keY!>-k z7t&5#3#OGP3}KNlNx&Vy$Ezm5%jsDo^v?zFTcA{p_SNE=xeUvtq?ABno~9f>RJ|h& zCV31s@O<2`>7V3+JHb1#h3#A61%Nbry%77~Q>=^9~Xi&>t z@SCw%^z+-xMV7j^5Ba=1*Bd56yyz&{vd-b4rkQYfMmIi?374#}Ux#j|YzEz0y#6-q z)KtPy00~=&G{wc*jS-VBw1-2VnzDylE_G`v2~0M!B!W5m$MZmS$`BlQG51O9ugK6P z)sXw#YiRdJIM@rnU!-gQrV@f3Y`p0#Q9dDyW3};4$O@o*&7Ys~dV!_t79h@^ErxlNj5CLu>S4?VMIPU+KI!DLxMPiFi(U29sqPD;@7f8ZM zf0_M4)1XQ4SEOl*qNSrQv($h}R}j<@6LOL7Us6IEmADyMzMJ#HYFLm5s-VvE!Kikd z@RwBKrZo<%eQ~D>(~x2n?|XRQ$T^~QfBOF=3!(@Ukw%3TJD4o}vwr&1_kr}rkOhM< z=|=|r4@kplJ`r_yzBNa{6Q^am*dDR-{Z@C-!%Hah@G&taxCzXN4Gl-~e~hrSU^)H;Jq z;ApQ8ZKJ{2UO{^RAIbug{*ZvSJ4bk_q|n8M*O@~6%U`qa=8?Q-E-0;EC)qN}W3gQ7 zLidK7EXCa?njKDPwEVI?DQPIA)SK|dSCUPjWS5h?Q7HiH;H*&Mi7o`)Mzj8$9T>-~ zt1NWkO1aR|y$P~e+IgE??@JAqf;d8AY zJLJPd8V;Tw#b*YygqL4{bIK*OJ=yBQMNmH<6ogmDygl*>Ng8vu%xHmpY34KI|3UlN zwgC~mI!^z$i9}pk0s$4*`kFR`%*5Ej6?*Qc~x0Xa!c61$nXM7 z=wg6+XNiC!j}afJpqYdz*}-$`&GSQ>Kns`PtB+}80C-R%v?1(B4A0RIb`vwaIVtr9q`Ehetu zihMvRgCSz*z^%3&J2ccj4#g$y_2I*8-yCoR%MF03FrKRti=_$vaqBvHw^OqhAVDl> z7(dsmbwe6h-Y5{ZQ|WarV9W)Ko|rb=Zc1Ya+ipTrQ4<@|YS8JCeW72@K$pGX&EkYx z(l~tKt2NNEjaX(>a2Q;F0(;Bgtw7_^Z*=GV620`+9fepu2*W(SWw`JT6Qz-@hw4glD#-#4>l?rLc7NGp- z&b4DriJnSE9Mq~uSqcQsc+ey6kVAh`5gU5$a=m8f)ESfW0P-b3;!LVCT1q8!Q7lR< z9S%F1Xv}h^O+>#;K=Xl77)R{ef{G|CZ*6&SlOlamoUA{uWHj)Y070XJDY8>rMTm4< z&M-Y=%mm{c1n0rqn%n;&U<&~CFhC*~rKv(L zsL#5z14RD^+*1Qn!TiotEOFHha8y4+&Te_$BX=h#Qyp?79yxJcsAv*rr-C6jFTK^Q zXccJE0o+^*V=Y{b3MTO&@{O4YuutOAbBWL?H-zM)ivfDT4*td(L*$a8)dVTikhxsA z?_F#LfYrbkH-@ej6%=uatU<=IUG+WnJs5&V@yE{ER4mzaM#V%X>B!p9F$;J@TL3lT z+wjRwn4m+&l$eChy*G61H1;R3m;r{tE$paEg=@$ZG!dQWv9F#5U<<&Raow%bCxC(O z+~6HfR5_7x=dR)nfkP*ZG{_MB8ia(Oa1H~GQOO!t;w_MG$aqGzEq+}E-cVCQ1H-#- zM8#_u_2|^*ZV=1Y1n%O%vNjmn2V*K4#r5ElF|@QL<&3By2A84It#dB)JE!&v=%7uu zy)b(7O{D3Gsxq3A3aPbI@;ako0P+gHP_0Nl*$KyoNCT0b8ad$WtD7U?atOw0P$ZsY zhnPtt@Wl)FaM%XKLS;QfGR-t+mePeA(GbZ+u;&0DuYAo(n20-c0RW8Br1B22nOyYq zU%35<(HGbpEfEv>kGd5JQg|k);eBG-aPn932Z4xpxrfK2k{|cE15}Xr~>=@I2EPN($IrOn47 zB=L*GFWUZ(C_8bdp*_(&E^2&G0~vAgan*-AFM*2$7%lxU!|rkTA8`Q&7fwxtDj^KC zh>d^WxVEeXHWmUK6EQY=I{)w35XCbcA1I(#c$ha^4eo%>BaOrOSnm42;X|(Df2-{K zmK-7o15C2BMb>;^Ea4pC{8j z=esa%4fL6>LQHF8%H0r5q6>zSu^rkv zlLfJcE8-+n$y7JQ6hWw&5SyQJ1v}e=!O+=o9P`m`g_uLgd_G&$VTT=v9sq?g-rBI* zN5T}k02zvL?V!K}MD7kO;w_kKxg;nMS;|h5-^k#lmly0thfNG%K*41XI6?z12`_D$ zD-_95z9VBA_hCOQ9dP%S7@B5n^V%}9Uz&5U*O>| z^b842x;sq+86R`&E~*Faf$QS)uNiQ@pBfIhs%he3;z8@sTL9<}Q%-!1!3bXNLj}cR zOw#t1(|EiY+#6I|4PU(X&ALKEM9QlhYXh?3ER7cEZ3lxrgDY8>`RlZtWV zd>a$bmj!{ROou?ns|0U2FiSP62p)N}(4yi+XHl!1d@nenQhs`kkqb~!2P*iQLl5vM z#Z+h}Cwhmgr)xmaFM-IxTd^lg>0upE9*pJjr;C(C^%TT0d)7D(+NysJjEbw>99~^W z$8nQ(DZ!wTb<4O>g-bnV6yzSM{v zj3y+Kbgt-H;VG9-TAG0fHK2GriJ8~Y(`pn!xcN+xyH6^3u&|;toTY?a5O|uo@wN#> z$R253l9#;&v~vx&R}L+1y; z@&Fe1!%w~GVdXTukQ%aPp8Grl9Ob66?EWDKNbhvfDp7+lfT-*uP zE`z1&fM&=i@?7Csb{rIV3*H zorUFVsvHu%2(={D0-+iKCH8F&pAvKcnn5w>$br)E4(vElQ7b%LNXE+W^IY}}lrjXG z4LS`PfuGq4`;Dcs!bK~~0%M_fh!=SXW<>n0JleAxEO0QAp+$nPs8 0) { - //verify if padding is corrupted. - byte paddingByte = scratchPad[i + len - 1]; - //padding byte always should be <= block size - if ((short) paddingByte > blkSize || - (short) paddingByte <= 0) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - - for (short j = 1; j <= paddingByte; ++j) { - if (scratchPad[i + len - j] != paddingByte) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - } - len = (short) (len - (short) paddingByte);// remove the padding bytes - } - } - return len; - } - return KMType.INVALID_VALUE; - } - - @Override - public short getCipherAlgorithm() { - return cipherAlg; - } - - @Override - public void setCipherAlgorithm(short alg) { - cipherAlg = alg; - } - - @Override - public short update(byte[] buffer, short startOff, short length, byte[] scratchPad, short i) { - if (cipherAlg == KMType.AES && (blockMode == KMType.GCM || blockMode == KMType.CTR)) { - try { - return (short) sunCipher.update(buffer, startOff, length, scratchPad, i); - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalStateException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - } else { - return cipher.update(buffer, startOff, length, scratchPad, i); - } - return KMType.INVALID_VALUE; - } - - @Override - public void updateAAD(byte[] buffer, short startOff, short length) { - try { - sunCipher.updateAAD(buffer, startOff, length); - } catch (IllegalArgumentException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalStateException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (UnsupportedOperationException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_USE); - } - } - - @Override - public short getPaddingAlgorithm() { - return padding; - } - - @Override - public void setPaddingAlgorithm(short alg) { - padding = alg; - } - - @Override - public void setBlockMode(short mode) { - blockMode = mode; - } - - @Override - public short getBlockMode() { - return blockMode; - } - - public short getMode() { - return mode; - } - - public void setMode(short mode) { - this.mode = mode; - } - - @Override - public short getCipherProvider() { - return KMCipher.SUN_JCE; - } - - @Override - public short getAesGcmOutputSize(short len, short macLength) { - if (sunCipher != null) { - return (short) sunCipher.getOutputSize(len); - } else { - if (mode == KMType.ENCRYPT) { - return (short) (len + macLength); - } else { - return (short) (len - macLength); - } - } - } - -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java deleted file mode 100644 index 62b26cce..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMECPrivateKey.java +++ /dev/null @@ -1,38 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import javacard.security.ECPrivateKey; -import javacard.security.KeyPair; - -public class KMECPrivateKey implements KMAttestationKey { - - private KeyPair ecKeyPair; - - public KMECPrivateKey(KeyPair ecPair) { - ecKeyPair = ecPair; - } - - public void setS(byte[] buffer, short offset, short length) { - ECPrivateKey ecPriv = (ECPrivateKey) ecKeyPair.getPrivate(); - ecPriv.setS(buffer, offset, length); - } - - public ECPrivateKey getPrivateKey() { - return (ECPrivateKey) ecKeyPair.getPrivate(); - } - -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java deleted file mode 100644 index c382f3cb..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMEcdsa256NoDigestSignature.java +++ /dev/null @@ -1,191 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import java.math.BigInteger; -import java.security.AlgorithmParameters; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.SignatureException; -import java.security.interfaces.ECPrivateKey; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.InvalidParameterSpecException; -import java.security.interfaces.ECPrivateKey; -import java.security.interfaces.ECPublicKey; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPrivateKeySpec; -import java.security.spec.ECPublicKeySpec; -import javacard.framework.Util; -import javacard.security.CryptoException; -import javacard.security.Key; -import javacard.security.Signature; - - -public class KMEcdsa256NoDigestSignature extends Signature { - - private java.security.Signature sunSigner; - - public KMEcdsa256NoDigestSignature(byte mode, byte[] key, short keyStart, short keyLength) { - KeyFactory kf; - try { - sunSigner = java.security.Signature.getInstance("NONEwithECDSA", "SunEC"); - kf = KeyFactory.getInstance("EC"); - AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC", "SunEC"); - //Supported curve secp256r1 - parameters.init(new ECGenParameterSpec("secp256r1")); - ECParameterSpec ecParameters = parameters.getParameterSpec(ECParameterSpec.class); - if (mode == Signature.MODE_SIGN) { - byte[] privKey = new byte[keyLength]; - for (short i = 0; i < keyLength; i++) { - privKey[i] = key[keyStart + i]; - } - BigInteger bI = new BigInteger(privKey); - ECPrivateKeySpec prikeyspec = new ECPrivateKeySpec(bI, ecParameters); - ECPrivateKey privkey = (ECPrivateKey) kf.generatePrivate(prikeyspec); - sunSigner.initSign(privkey); - } else { - //Check if the first byte is 04 and remove it. - if (key[keyStart] == 0x04) { - //uncompressed format. - keyStart++; - keyLength--; - } - short i = 0; - byte[] pubx = new byte[keyLength / 2]; - for (; i < keyLength / 2; i++) { - pubx[i] = key[keyStart + i]; - } - byte[] puby = new byte[keyLength / 2]; - for (i = 0; i < keyLength / 2; i++) { - puby[i] = key[keyStart + keyLength / 2 + i]; - } - BigInteger bIX = new BigInteger(pubx); - BigInteger bIY = new BigInteger(puby); - ECPoint point = new ECPoint(bIX, bIY); - ECPublicKeySpec pubkeyspec = new ECPublicKeySpec(point, ecParameters); - ECPublicKey pubkey = (ECPublicKey) kf.generatePublic(pubkeyspec); - sunSigner.initVerify(pubkey); - } - } catch (NoSuchAlgorithmException e) { - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (NoSuchProviderException e) { - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (InvalidParameterSpecException e) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidKeySpecException e) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidKeyException e) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } - } - - @Override - public void init(Key key, byte b) throws CryptoException { - - } - - @Override - public void init(Key key, byte b, byte[] bytes, short i, short i1) throws CryptoException { - - } - - @Override - public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) - throws CryptoException { - - } - - @Override - public byte getAlgorithm() { - return 0; - } - - @Override - public byte getMessageDigestAlgorithm() { - return 0; - } - - @Override - public byte getCipherAlgorithm() { - return 0; - } - - @Override - public byte getPaddingAlgorithm() { - return 0; - } - - @Override - public short getLength() throws CryptoException { - return 0; - } - - @Override - public void update(byte[] message, short msgStart, short messageLength) throws CryptoException { - byte[] msgBytes = new byte[messageLength]; - for (int i = 0; i < messageLength; i++) { - msgBytes[i] = message[msgStart + i]; - } - try { - if (messageLength > 0) { - sunSigner.update(msgBytes); - } - } catch (SignatureException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - } - - @Override - public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) - throws CryptoException { - short len = 0; - try { - update(bytes, i, i1); - byte[] sig = sunSigner.sign(); - Util.arrayCopyNonAtomic(sig, (short) 0, bytes1, i2, (short) sig.length); - return (short) sig.length; - } catch (SignatureException e) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - return len; - } - - @Override - public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2) - throws CryptoException { - return 0; - } - - @Override - public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) - throws CryptoException { - // Public key operations not handled here. - return false; - } - - @Override - public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, - short i3) throws CryptoException { - return false; - } -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java deleted file mode 100644 index 64837ace..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMHmacKey.java +++ /dev/null @@ -1,43 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import javacard.security.HMACKey; - -public class KMHmacKey implements KMPreSharedKey, KMComputedHmacKey { - - private HMACKey hmacKey; - - public KMHmacKey(HMACKey key) { - hmacKey = key; - } - - public void setKey(byte[] keyData, short kOff, short length) { - hmacKey.setKey(keyData, kOff, length); - } - - public byte getKey(byte[] keyData, short kOff) { - return hmacKey.getKey(keyData, kOff); - } - - public HMACKey getKey() { - return hmacKey; - } - - public short getKeySizeBits() { - return hmacKey.getSize(); - } -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java deleted file mode 100644 index a97377ea..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimApplet.java +++ /dev/null @@ -1,35 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -public class KMJCardSimApplet extends KMKeymasterApplet { - - KMJCardSimApplet() { - super(new KMJCardSimulator()); - } - - /** - * Installs this applet. - * - * @param bArray the array containing installation parameters - * @param bOffset the starting offset in bArray - * @param bLength the length in bytes of the parameter data in bArray - */ - public static void install(byte[] bArray, short bOffset, byte bLength) { - new KMJCardSimApplet().register(); - } - -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java deleted file mode 100644 index 2086620f..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMJCardSimulator.java +++ /dev/null @@ -1,1408 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.keymaster; - -import java.math.BigInteger; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.MGF1ParameterSpec; -import java.security.spec.RSAPrivateKeySpec; -import java.security.spec.RSAPublicKeySpec; - -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.JCSystem; -import javacard.framework.Util; -import javacard.security.AESKey; -import javacard.security.CryptoException; -import javacard.security.DESKey; -import javacard.security.ECPrivateKey; -import javacard.security.ECPublicKey; -import javacard.security.HMACKey; -import javacard.security.Key; -import javacard.security.KeyBuilder; -import javacard.security.KeyPair; -import javacard.security.MessageDigest; -import javacard.security.RSAPrivateKey; -import javacard.security.RSAPublicKey; -import javacard.security.RandomData; -import javacard.security.Signature; -import javacardx.crypto.AEADCipher; -import javacardx.crypto.Cipher; - -import javax.crypto.AEADBadTagException; -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.ShortBufferException; -import javax.crypto.spec.GCMParameterSpec; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.OAEPParameterSpec; -import javax.crypto.spec.PSource; -import javax.crypto.spec.SecretKeySpec; - -import org.globalplatform.upgrade.Element; - -/** - * Simulator only supports 512 bit RSA key pair, 128 AES Key, 128 bit 3Des key, less then 256 bit EC - * Key, and upto 512 bit HMAC key. Also simulator does not support TRNG, so this implementation just - * creates its own RNG using PRNG. - */ -public class KMJCardSimulator implements KMSEProvider { - - public static final short AES_GCM_TAG_LENGTH = 16; - public static final short AES_GCM_NONCE_LENGTH = 12; - public static final short MAX_RND_NUM_SIZE = 64; - public static final short ENTROPY_POOL_SIZE = 16; // simulator does not support 256 bit aes keys - public static final byte[] aesICV = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - private static final short RSA_KEY_SIZE = 256; - private static final short CERT_CHAIN_OFFSET = 0; - private static final short CERT_ISSUER_OFFSET = KMConfigurations.CERT_CHAIN_MAX_SIZE; - private static final short CERT_EXPIRY_OFFSET = - (short) (CERT_ISSUER_OFFSET + KMConfigurations.CERT_ISSUER_MAX_SIZE); - private static final short COMPUTED_HMAC_KEY_SIZE = 32; - - public static boolean jcardSim = false; - private static Signature kdf; - private static Signature hmacSignature; - - private static byte[] rngCounter; - private static AESKey aesRngKey; - private static Cipher aesRngCipher; - private static byte[] entropyPool; - private static byte[] rndNum; - private byte[] provisionData; - private KMAESKey masterKey; - private KMECPrivateKey attestationKey; - private KMHmacKey preSharedKey; - private KMHmacKey computedHmacKey; - - private static KMJCardSimulator jCardSimulator = null; - - public static KMJCardSimulator getInstance() { - return jCardSimulator; - } - - // Implements Oracle Simulator based restricted crypto provider - public KMJCardSimulator() { - // Various Keys - kdf = Signature.getInstance(Signature.ALG_AES_CMAC_128, false); - hmacSignature = Signature.getInstance(Signature.ALG_HMAC_SHA_256, false); - // RNG - rndNum = JCSystem.makeTransientByteArray(MAX_RND_NUM_SIZE, JCSystem.CLEAR_ON_RESET); - entropyPool = JCSystem.makeTransientByteArray(ENTROPY_POOL_SIZE, JCSystem.CLEAR_ON_RESET); - rngCounter = JCSystem.makeTransientByteArray((short) 8, JCSystem.CLEAR_ON_RESET); - initEntropyPool(entropyPool); - try { - aesRngCipher = Cipher.getInstance(Cipher.ALG_AES_BLOCK_128_CBC_NOPAD, false); - } catch (CryptoException exp) { - ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED); - } - aesRngKey = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false); - // various ciphers - //Allocate buffer for certificate chain and cert parameters. - // First 2 bytes is reserved for length for all the 3 buffers. - short totalLen = (short) (6 + KMConfigurations.CERT_CHAIN_MAX_SIZE + - KMConfigurations.CERT_ISSUER_MAX_SIZE + KMConfigurations.CERT_EXPIRY_MAX_SIZE); - provisionData = new byte[totalLen]; - jCardSimulator = this; - } - - - public KeyPair createRsaKeyPair() { - KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); - rsaKeyPair.genKeyPair(); - return rsaKeyPair; - } - - - public RSAPrivateKey createRsaKey(byte[] modBuffer, short modOff, short modLength, - byte[] privBuffer, short privOff, short privLength) { - KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); - RSAPrivateKey privKey = (RSAPrivateKey) rsaKeyPair.getPrivate(); - privKey.setExponent(privBuffer, privOff, privLength); - privKey.setModulus(modBuffer, modOff, modLength); - return privKey; - - } - - - public KeyPair createECKeyPair() { - KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); - ecKeyPair.genKeyPair(); - return ecKeyPair; - } - - - public ECPrivateKey createEcKey(byte[] privBuffer, short privOff, short privLength) { - KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); - ECPrivateKey privKey = (ECPrivateKey) ecKeyPair.getPrivate(); - privKey.setS(privBuffer, privOff, privLength); - return privKey; - } - - - public AESKey createAESKey(short keysize) { - byte[] rndNum = new byte[(short) (keysize / 8)]; - return createAESKey(rndNum, (short) 0, (short) rndNum.length); - } - - public AESKey createAESKey(byte[] buf, short startOff, short length) { - AESKey key = null; - short keysize = (short) (length * 8); - if (keysize == 128) { - key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_128, false); - key.setKey(buf, (short) startOff); - } else if (keysize == 256) { - key = (AESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false); - key.setKey(buf, (short) startOff); - } - return key; - } - - - public DESKey createTDESKey() { - byte[] rndNum = new byte[24]; - newRandomNumber(rndNum, (short) 0, (short) rndNum.length); - return createTDESKey(rndNum, (short) 0, (short) rndNum.length); - } - - - public DESKey createTDESKey(byte[] secretBuffer, short secretOff, short secretLength) { - DESKey triDesKey = - (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES3_3KEY, false); - triDesKey.setKey(secretBuffer, secretOff); - return triDesKey; - } - - - public HMACKey createHMACKey(short keysize) { - if ((keysize % 8 != 0) || !(keysize >= 64 && keysize <= 512)) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - byte[] rndNum = new byte[(short) (keysize / 8)]; - newRandomNumber(rndNum, (short) 0, (short) (keysize / 8)); - return createHMACKey(rndNum, (short) 0, (short) rndNum.length); - } - - @Override - public short createSymmetricKey(byte alg, short keysize, byte[] buf, short startOff) { - switch (alg) { - case KMType.AES: - AESKey aesKey = createAESKey(keysize); - return aesKey.getKey(buf, startOff); - case KMType.DES: - DESKey desKey = createTDESKey(); - return desKey.getKey(buf, startOff); - case KMType.HMAC: - HMACKey hmacKey = createHMACKey(keysize); - return hmacKey.getKey(buf, startOff); - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; - } - return 0; - } - - @Override - public void createAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, - short privKeyLength, - byte[] pubModBuf, short pubModStart, short pubModLength, short[] lengths) { - switch (alg) { - case KMType.RSA: - if (RSA_KEY_SIZE != privKeyLength || RSA_KEY_SIZE != pubModLength) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - KeyPair rsaKey = createRsaKeyPair(); - RSAPrivateKey privKey = (RSAPrivateKey) rsaKey.getPrivate(); - //Copy exponent. - byte[] exp = new byte[RSA_KEY_SIZE]; - lengths[0] = privKey.getExponent(exp, (short) 0); - if (lengths[0] > privKeyLength) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - Util.arrayFillNonAtomic(privKeyBuf, privKeyStart, privKeyLength, (byte) 0); - Util.arrayCopyNonAtomic(exp, (short) 0, - privKeyBuf, (short) (privKeyStart + privKeyLength - lengths[0]), lengths[0]); - //Copy modulus - byte[] mod = new byte[RSA_KEY_SIZE]; - lengths[1] = privKey.getModulus(mod, (short) 0); - if (lengths[1] > pubModLength) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - Util.arrayFillNonAtomic(pubModBuf, pubModStart, pubModLength, (byte) 0); - Util.arrayCopyNonAtomic(mod, (short) 0, - pubModBuf, (short) (pubModStart + pubModLength - lengths[1]), lengths[1]); - break; - case KMType.EC: - KeyPair ecKey = createECKeyPair(); - ECPublicKey ecPubKey = (ECPublicKey) ecKey.getPublic(); - ECPrivateKey ecPrivKey = (ECPrivateKey) ecKey.getPrivate(); - lengths[0] = ecPrivKey.getS(privKeyBuf, privKeyStart); - lengths[1] = ecPubKey.getW(pubModBuf, pubModStart); - if (lengths[0] > privKeyLength || lengths[1] > pubModLength) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; - } - } - - @Override - public boolean importSymmetricKey(byte alg, short keysize, byte[] buf, short startOff, - short length) { - switch (alg) { - case KMType.AES: - AESKey aesKey = createAESKey(buf, startOff, length); - break; - case KMType.DES: - DESKey desKey = createTDESKey(buf, startOff, length); - break; - case KMType.HMAC: - HMACKey hmacKey = createHMACKey(buf, startOff, length); - break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; - } - return true; - } - - @Override - public boolean importAsymmetricKey(byte alg, byte[] privKeyBuf, short privKeyStart, - short privKeyLength, byte[] pubModBuf, short pubModStart, short pubModLength) { - switch (alg) { - case KMType.RSA: - RSAPrivateKey rsaKey = createRsaKey(pubModBuf, pubModStart, pubModLength, privKeyBuf, - privKeyStart, privKeyLength); - break; - case KMType.EC: - ECPrivateKey ecPrivKey = createEcKey(privKeyBuf, privKeyStart, privKeyLength); - break; - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; - } - return true; - } - - - public HMACKey createHMACKey(byte[] secretBuffer, short secretOff, short secretLength) { - HMACKey key = null; - key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, - KeyBuilder.LENGTH_HMAC_SHA_256_BLOCK_64, false); - key.setKey(secretBuffer, secretOff, secretLength); - return key; - } - - @Override - public short aesGCMEncrypt( - byte[] keyBuf, - short keyStart, - short keyLen, - byte[] secret, - short secretStart, - short secretLen, - byte[] encSecret, - short encSecretStart, - byte[] nonce, - short nonceStart, - short nonceLen, - byte[] authData, - short authDataStart, - short authDataLen, - byte[] authTag, - short authTagStart, - short authTagLen) { - //Create the sun jce compliant aes key - if (keyLen != 32 && keyLen != 16) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - java.security.Key aesKey = new SecretKeySpec(keyBuf, keyStart, keyLen, "AES"); - // Create the cipher - javax.crypto.Cipher cipher = null; - try { - cipher = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding", "SunJCE"); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - // Copy nonce - if (nonceLen != AES_GCM_NONCE_LENGTH) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - byte[] iv = new byte[AES_GCM_NONCE_LENGTH]; - Util.arrayCopyNonAtomic(nonce, nonceStart, iv, (short) 0, AES_GCM_NONCE_LENGTH); - // Init Cipher - GCMParameterSpec spec = new GCMParameterSpec(AES_GCM_TAG_LENGTH * 8, nonce, nonceStart, - AES_GCM_NONCE_LENGTH); - try { - cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, aesKey, spec); - } catch (InvalidKeyException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } - // Create auth data - byte[] aad = new byte[authDataLen]; - Util.arrayCopyNonAtomic(authData, authDataStart, aad, (short) 0, authDataLen); - cipher.updateAAD(aad); - // Encrypt secret - short len = 0; - byte[] outputBuf = new byte[cipher.getOutputSize(secretLen)]; - try { - len = (short) (cipher.doFinal(secret, secretStart, secretLen, outputBuf, (short) 0)); - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (BadPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - // Extract Tag appended at the end. - Util.arrayCopyNonAtomic(outputBuf, (short) (len - AES_GCM_TAG_LENGTH), authTag, authTagStart, - AES_GCM_TAG_LENGTH); - //Copy the encrypted data - Util.arrayCopyNonAtomic(outputBuf, (short) 0, encSecret, encSecretStart, - (short) (len - AES_GCM_TAG_LENGTH)); - return (short) (len - AES_GCM_TAG_LENGTH); - } - - public boolean aesGCMDecrypt( - byte[] keyBuf, - short keyStart, - short keyLen, - byte[] encSecret, - short encSecretStart, - short encSecretLen, - byte[] secret, - short secretStart, - byte[] nonce, - short nonceStart, - short nonceLen, - byte[] authData, - short authDataStart, - short authDataLen, - byte[] authTag, - short authTagStart, - short authTagLen) { - // Create the sun jce compliant aes key - if (keyLen != 32 && keyLen != 16) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - java.security.Key aesKey = new SecretKeySpec(keyBuf, keyStart, keyLen, - "AES"); - // Create the cipher - javax.crypto.Cipher cipher = null; - try { - cipher = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding", "SunJCE"); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - // Copy nonce - if (nonceLen != AES_GCM_NONCE_LENGTH) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - byte[] iv = new byte[AES_GCM_NONCE_LENGTH]; - Util.arrayCopyNonAtomic(nonce, nonceStart, iv, (short) 0, - AES_GCM_NONCE_LENGTH); - // Init Cipher - GCMParameterSpec spec = new GCMParameterSpec(authTagLen * 8, nonce, - nonceStart, AES_GCM_NONCE_LENGTH); - try { - cipher.init(javax.crypto.Cipher.DECRYPT_MODE, aesKey, spec); - } catch (InvalidKeyException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } - // Create auth data - byte[] aad = new byte[authDataLen]; - Util.arrayCopyNonAtomic(authData, authDataStart, aad, (short) 0, - authDataLen); - cipher.updateAAD(aad); - // Append the auth tag at the end of data - byte[] inputBuf = new byte[(short) (encSecretLen + authTagLen)]; - Util.arrayCopyNonAtomic(encSecret, encSecretStart, inputBuf, (short) 0, - encSecretLen); - Util.arrayCopyNonAtomic(authTag, authTagStart, inputBuf, encSecretLen, - authTagLen); - // Decrypt - short len = 0; - byte[] outputBuf = new byte[cipher.getOutputSize((short) inputBuf.length)]; - try { - len = (short) (cipher.doFinal(inputBuf, (short) 0, - (short) inputBuf.length, outputBuf, (short) 0)); - } catch (AEADBadTagException e) { - e.printStackTrace(); - return false; - } catch (ShortBufferException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (BadPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - // Copy the decrypted data - Util.arrayCopyNonAtomic(outputBuf, (short) 0, secret, secretStart, len); - return true; - } - - @Override - public void getTrueRandomNumber(byte[] buf, short start, short length) { - Util.arrayCopy(entropyPool, (short) 0, buf, start, length); - } - - public HMACKey cmacKdf(byte[] keyMaterial, short keyMaterialStart, short keyMaterialLen, - byte[] label, - short labelStart, short labelLen, byte[] context, short contextStart, short contextLength) { - // This is hardcoded to requirement - 32 byte output with two concatenated 16 bytes K1 and K2. - final byte n = 2; // hardcoded - final byte[] L = {0, 0, 1, - 0}; // [L] 256 bits - hardcoded 32 bits as per reference impl in keymaster. - final byte[] zero = {0}; // byte - byte[] iBuf = new byte[]{0, 0, 0, 0}; // [i] counter - 32 bits - byte[] keyOut = new byte[(short) (n * 16)]; - Signature prf = Signature.getInstance(Signature.ALG_AES_CMAC_128, false); - AESKey key = (AESKey) KeyBuilder - .buildKey(KeyBuilder.TYPE_AES, KeyBuilder.LENGTH_AES_256, false); - key.setKey(keyMaterial, keyMaterialStart); - prf.init(key, Signature.MODE_SIGN); - byte i = 1; - short pos = 0; - while (i <= n) { - iBuf[3] = i; - prf.update(iBuf, (short) 0, (short) 4); // 4 bytes of iBuf with counter in it - prf.update(label, labelStart, labelLen); // label - prf.update(zero, (short) 0, (short) 1); // 1 byte of 0x00 - prf.update(context, contextStart, contextLength); // context - pos = prf.sign(L, (short) 0, (short) 4, keyOut, pos); // 4 bytes of L - signature of 16 bytes - i++; - } - return createHMACKey(keyOut, (short) 0, (short) keyOut.length); - } - - @Override - public short cmacKDF(KMPreSharedKey pSharedKey, byte[] label, - short labelStart, short labelLen, byte[] context, short contextStart, short contextLength, - byte[] keyBuf, short keyStart) { - KMHmacKey key = (KMHmacKey) pSharedKey; - short keyMaterialLen = key.getKeySizeBits(); - keyMaterialLen = (short) (keyMaterialLen / 8); - short keyMaterialStart = 0; - byte[] keyMaterial = new byte[keyMaterialLen]; - key.getKey(keyMaterial, keyMaterialStart); - HMACKey hmacKey = cmacKdf(keyMaterial, keyMaterialStart, keyMaterialLen, label, labelStart, - labelLen, context, contextStart, contextLength); - return hmacKey.getKey(keyBuf, keyStart); - } - - - public short hmacSign(HMACKey key, byte[] data, short dataStart, short dataLength, byte[] mac, - short macStart) { - hmacSignature.init(key, Signature.MODE_SIGN); - return hmacSignature.sign(data, dataStart, dataLength, mac, macStart); - } - - @Override - public short hmacKDF(KMMasterKey masterkey, byte[] data, short dataStart, - short dataLength, byte[] signature, short signatureStart) { - KMAESKey aesKey = (KMAESKey) masterkey; - short keyLen = (short) (aesKey.getKeySizeBits() / 8); - byte[] keyData = new byte[keyLen]; - aesKey.getKey(keyData, (short) 0); - return hmacSign(keyData, (short) 0, keyLen, data, dataStart, dataLength, - signature, signatureStart); - } - - @Override - public boolean hmacVerify(KMComputedHmacKey key, byte[] data, short dataStart, - short dataLength, byte[] mac, short macStart, short macLength) { - KMHmacKey hmacKey = (KMHmacKey) key; - hmacSignature.init(hmacKey.getKey(), Signature.MODE_VERIFY); - return hmacSignature.verify(data, dataStart, dataLength, mac, macStart, - macLength); - } - - @Override - public short hmacSign(byte[] keyBuf, short keyStart, short keyLength, byte[] data, - short dataStart, short dataLength, byte[] mac, short macStart) { - HMACKey key = createHMACKey(keyBuf, keyStart, keyLength); - return hmacSign(key, data, dataStart, dataLength, mac, macStart); - } - - @Override - public short rsaDecipherOAEP256(byte[] secret, short secretStart, short secretLength, - byte[] modBuffer, short modOff, short modLength, - byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart) { - KMCipher cipher = createRsaDecipher( - KMType.RSA_OAEP, KMType.SHA2_256, secret, secretStart, secretLength, modBuffer, modOff, - modLength); - return cipher.doFinal( - inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); - } - - @Override - public KMOperation initSymmetricOperation(byte purpose, byte alg, byte digest, byte padding, - byte blockMode, - byte[] keyBuf, short keyStart, short keyLength, - byte[] ivBuf, short ivStart, short ivLength, short macLength) { - switch (alg) { - case KMType.AES: - case KMType.DES: - if (blockMode != KMType.GCM) { - KMCipher cipher = createSymmetricCipher(alg, purpose, blockMode, padding, keyBuf, - keyStart, keyLength, - ivBuf, ivStart, ivLength); - return new KMOperationImpl(cipher); - } else { - KMCipher aesGcm = createAesGcmCipher(purpose, macLength, keyBuf, keyStart, keyLength, - ivBuf, ivStart, ivLength); - return new KMOperationImpl(aesGcm); - } - case KMType.HMAC: - Signature signerVerifier = createHmacSignerVerifier(purpose, digest, keyBuf, keyStart, - keyLength); - return new KMOperationImpl(signerVerifier); - default: - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } - return null; - } - - @Override - public KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey) { - KMOperationImpl opr = null; - KMHmacKey key = (KMHmacKey) computedHmacKey; - Signature signerVerifier = createHmacSignerVerifier(KMType.VERIFY, KMType.SHA2_256, key.getKey()); - return new KMOperationImpl(signerVerifier); - } - - @Override - public KMOperation initAsymmetricOperation(byte purpose, byte alg, byte padding, byte digest, - byte[] privKeyBuf, short privKeyStart, short privKeyLength, - byte[] pubModBuf, short pubModStart, short pubModLength) { - if (alg == KMType.RSA) { - switch (purpose) { - case KMType.SIGN: - Signature signer = - createRsaSigner( - digest, - padding, - privKeyBuf, - privKeyStart, - privKeyLength, - pubModBuf, - pubModStart, - pubModLength); - return new KMOperationImpl(signer); - case KMType.DECRYPT: - KMCipher decipher = - createRsaDecipher( - padding, digest, privKeyBuf, privKeyStart, privKeyLength, pubModBuf, pubModStart, - pubModLength); - return new KMOperationImpl(decipher); - default: - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - } else if (alg == KMType.EC) { - switch (purpose) { - case KMType.SIGN: - Signature signer = - createEcSigner(digest, privKeyBuf, privKeyStart, privKeyLength); - return new KMOperationImpl(signer); - default: - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - } - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - return null; - } - - public KMCipher createRsaDecipher(short padding, short digest, byte[] secret, short secretStart, - short secretLength, byte[] modBuffer, short modOff, short modLength) { - byte cipherAlg = mapCipherAlg(KMType.RSA, (byte) padding, (byte) 0); - if (cipherAlg == Cipher.ALG_RSA_PKCS1_OAEP) { - return createRsaOAEP256Cipher(KMType.DECRYPT, (byte) digest, secret, secretStart, - secretLength, modBuffer, modOff, modLength); - } - Cipher rsaCipher = Cipher.getInstance(cipherAlg, false); - RSAPrivateKey key = (RSAPrivateKey) KeyBuilder - .buildKey(KeyBuilder.TYPE_RSA_PRIVATE, KeyBuilder.LENGTH_RSA_2048, false); - key.setExponent(secret, secretStart, secretLength); - key.setModulus(modBuffer, modOff, modLength); - rsaCipher.init(key, Cipher.MODE_DECRYPT); - KMCipherImpl inst = new KMCipherImpl(rsaCipher); - inst.setCipherAlgorithm(KMType.RSA); - inst.setMode(KMType.DECRYPT); - inst.setPaddingAlgorithm(padding); - return inst; - } - - private KMCipher createRsaOAEP256Cipher(byte mode, byte digest, - byte[] secret, short secretStart, short secretLen, - byte[] modBuffer, short modOff, short modLength) { - // Convert byte arrays into keys - byte[] exp = null; - byte[] mod = new byte[modLength]; - if (secret != null) { - exp = new byte[secretLen]; - Util.arrayCopyNonAtomic(secret, secretStart, exp, (short) 0, secretLen); - } else { - exp = new byte[]{0x01, 0x00, 0x01}; - } - Util.arrayCopyNonAtomic(modBuffer, modOff, mod, (short) 0, modLength); - String modString = toHexString(mod); - String expString = toHexString(exp); - BigInteger modInt = new BigInteger(modString, 16); - BigInteger expInt = new BigInteger(expString, 16); - javax.crypto.Cipher rsaCipher = null; - try { - KeyFactory kf = KeyFactory.getInstance("RSA"); - // Create cipher with oaep padding - OAEPParameterSpec oaepSpec = null; - if (digest == KMType.SHA2_256) { - oaepSpec = new OAEPParameterSpec("SHA-256", "MGF1", - MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); - } else { - oaepSpec = new OAEPParameterSpec("SHA1", "MGF1", - MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); - } - rsaCipher = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPPadding", "SunJCE"); - if (mode == KMType.ENCRYPT) { - RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(modInt, expInt); - java.security.interfaces.RSAPublicKey pubKey = (java.security.interfaces.RSAPublicKey) kf - .generatePublic(pubSpec); - rsaCipher.init(javax.crypto.Cipher.ENCRYPT_MODE, pubKey, oaepSpec); - } else { - RSAPrivateKeySpec privSpec = new RSAPrivateKeySpec(modInt, expInt); - java.security.interfaces.RSAPrivateKey privKey = (java.security.interfaces.RSAPrivateKey) kf - .generatePrivate(privSpec); - rsaCipher.init(javax.crypto.Cipher.DECRYPT_MODE, privKey, oaepSpec); - } - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (InvalidKeySpecException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (InvalidKeyException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } - KMCipherImpl ret = new KMCipherImpl(rsaCipher); - ret.setCipherAlgorithm(KMType.RSA); - ret.setPaddingAlgorithm(KMType.RSA_OAEP); - ret.setMode(mode); - return ret; - } - - private String toHexString(byte[] num) { - StringBuilder sb = new StringBuilder(); - for (int i = 0; i < num.length; i++) { - sb.append(String.format("%02X", num[i])); - } - return sb.toString(); - } - - public Signature createRsaSigner(short digest, short padding, byte[] secret, - short secretStart, short secretLength, byte[] modBuffer, - short modOff, short modLength) { - short alg = mapSignature256Alg(KMType.RSA, (byte) padding); - if (padding == KMType.PADDING_NONE || - (padding == KMType.RSA_PKCS1_1_5_SIGN && digest == KMType.DIGEST_NONE)) { - return createNoDigestSigner(padding, secret, secretStart, secretLength, - modBuffer, modOff, modLength); - } - Signature rsaSigner = Signature.getInstance((byte) alg, false); - RSAPrivateKey key = (RSAPrivateKey) KeyBuilder - .buildKey(KeyBuilder.TYPE_RSA_PRIVATE, KeyBuilder.LENGTH_RSA_2048, false); - key.setExponent(secret, secretStart, secretLength); - key.setModulus(modBuffer, modOff, modLength); - rsaSigner.init(key, Signature.MODE_SIGN); - return rsaSigner; - } - - private Signature createNoDigestSigner(short padding, - byte[] secret, short secretStart, short secretLength, - byte[] modBuffer, short modOff, short modLength) { - Cipher rsaCipher = Cipher.getInstance(Cipher.ALG_RSA_NOPAD, false); - RSAPrivateKey key = (RSAPrivateKey) KeyBuilder.buildKey(KeyBuilder.TYPE_RSA_PRIVATE, - KeyBuilder.LENGTH_RSA_2048, false); - key.setExponent(secret, secretStart, secretLength); - key.setModulus(modBuffer, modOff, modLength); - rsaCipher.init(key, Cipher.MODE_DECRYPT); - KMRsa2048NoDigestSignature inst = new KMRsa2048NoDigestSignature(rsaCipher, (byte) padding, - modBuffer, modOff, modLength); - return inst; - } - - - public Signature createEcSigner(short digest, byte[] secret, short secretStart, - short secretLength) { - short alg = mapSignature256Alg(KMType.EC, (byte) 0); - Signature ecSigner; - if (digest == KMType.DIGEST_NONE) { - ecSigner = new KMEcdsa256NoDigestSignature(Signature.MODE_SIGN, secret, secretStart, - secretLength); - } else { - ECPrivateKey key = (ECPrivateKey) KeyBuilder - .buildKey(KeyBuilder.TYPE_EC_FP_PRIVATE, KeyBuilder.LENGTH_EC_FP_256, false); - key.setS(secret, secretStart, secretLength); - ecSigner = Signature.getInstance((byte) alg, false); - ecSigner.init(key, Signature.MODE_SIGN); - } - return ecSigner; - } - - - public KMCipher createSymmetricCipher( - short cipherAlg, short mode, short blockMode, short padding, byte[] secret, short secretStart, - short secretLength) { - return createSymmetricCipher(cipherAlg, mode, blockMode, padding, secret, secretStart, - secretLength, null, (short) 0, (short) 0); - } - - - public KMCipher createSymmetricCipher(short alg, short purpose, short blockMode, short padding, - byte[] secret, - short secretStart, short secretLength, - byte[] ivBuffer, short ivStart, short ivLength) { - Key key = null; - Cipher symmCipher = null; - short len = 0; - switch (secretLength) { - case 32: - len = KeyBuilder.LENGTH_AES_256; - break; - case 16: - len = KeyBuilder.LENGTH_AES_128; - break; - case 24: - len = KeyBuilder.LENGTH_DES3_3KEY; - break; - default: - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - break; - } - short cipherAlg = mapCipherAlg((byte) alg, (byte) padding, (byte) blockMode); - switch (cipherAlg) { - case Cipher.ALG_AES_BLOCK_128_CBC_NOPAD: - key = KeyBuilder.buildKey(KeyBuilder.TYPE_AES, len, false); - ((AESKey) key).setKey(secret, secretStart); - symmCipher = Cipher.getInstance((byte) cipherAlg, false); - symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, ivLength); - break; - case Cipher.ALG_AES_BLOCK_128_ECB_NOPAD: - key = KeyBuilder.buildKey(KeyBuilder.TYPE_AES, len, false); - ((AESKey) key).setKey(secret, secretStart); - symmCipher = Cipher.getInstance((byte) cipherAlg, false); - symmCipher.init(key, mapPurpose(purpose)); - break; - case Cipher.ALG_DES_CBC_NOPAD: - key = KeyBuilder.buildKey(KeyBuilder.TYPE_DES, len, false); - ((DESKey) key).setKey(secret, secretStart); - symmCipher = Cipher.getInstance((byte) cipherAlg, false); - //While sending back the iv send only 8 bytes. - symmCipher.init(key, mapPurpose(purpose), ivBuffer, ivStart, (short) 8); - break; - case Cipher.ALG_DES_ECB_NOPAD: - key = KeyBuilder.buildKey(KeyBuilder.TYPE_DES, len, false); - ((DESKey) key).setKey(secret, secretStart); - symmCipher = Cipher.getInstance((byte) cipherAlg, false); - symmCipher.init(key, mapPurpose(purpose)); - break; - case Cipher.ALG_AES_CTR: // uses SUNJCE - return createAesCtrCipherNoPad(purpose, secret, secretStart, secretLength, ivBuffer, - ivStart, ivLength); - default://This should never happen - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - break; - } - KMCipherImpl cipher = new KMCipherImpl(symmCipher); - cipher.setCipherAlgorithm(alg); - cipher.setPaddingAlgorithm(padding); - cipher.setMode(purpose); - cipher.setBlockMode(blockMode); - return cipher; - } - - private byte mapPurpose(short purpose) { - switch (purpose) { - case KMType.ENCRYPT: - return Cipher.MODE_ENCRYPT; - case KMType.DECRYPT: - return Cipher.MODE_DECRYPT; - case KMType.SIGN: - return Signature.MODE_SIGN; - case KMType.VERIFY: - return Signature.MODE_VERIFY; - } - return -1; - } - - private byte mapSignature256Alg(byte alg, byte padding) { - switch (alg) { - case KMType.RSA: - switch (padding) { - case KMType.RSA_PKCS1_1_5_SIGN: - return Signature.ALG_RSA_SHA_256_PKCS1; - case KMType.RSA_PSS: - return Signature.ALG_RSA_SHA_256_PKCS1_PSS; - } - break; - case KMType.EC: - return Signature.ALG_ECDSA_SHA_256; - case KMType.HMAC: - return Signature.ALG_HMAC_SHA_256; - } - return -1; - } - - private byte mapCipherAlg(byte alg, byte padding, byte blockmode) { - switch (alg) { - case KMType.AES: - switch (blockmode) { - case KMType.ECB: - return Cipher.ALG_AES_BLOCK_128_ECB_NOPAD; - case KMType.CBC: - return Cipher.ALG_AES_BLOCK_128_CBC_NOPAD; - case KMType.CTR: - return Cipher.ALG_AES_CTR; - case KMType.GCM: - return AEADCipher.ALG_AES_GCM; - } - break; - case KMType.DES: - switch (blockmode) { - case KMType.ECB: - return Cipher.ALG_DES_ECB_NOPAD; - case KMType.CBC: - return Cipher.ALG_DES_CBC_NOPAD; - } - break; - case KMType.RSA: - switch (padding) { - case KMType.PADDING_NONE: - return Cipher.ALG_RSA_NOPAD; - case KMType.RSA_PKCS1_1_5_ENCRYPT: - return Cipher.ALG_RSA_PKCS1; - case KMType.RSA_OAEP: - return Cipher.ALG_RSA_PKCS1_OAEP; - } - break; - } - return -1; - } - - private KMCipher createAesCtrCipherNoPad(short mode, byte[] secret, short secretStart, - short secretLength, byte[] ivBuffer, short ivStart, short ivLength) { - if (secretLength != 16 && secretLength != 32) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - if (ivLength != 16) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - if (mode != KMType.ENCRYPT && mode != KMType.DECRYPT) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - //Create the sun jce compliant aes key - byte[] keyMaterial = new byte[secretLength]; - Util.arrayCopyNonAtomic(secret, secretStart, keyMaterial, (short) 0, secretLength); - java.security.Key aesKey = new SecretKeySpec(keyMaterial, (short) 0, keyMaterial.length, "AES"); - // Create the cipher - javax.crypto.Cipher cipher = null; - try { - cipher = javax.crypto.Cipher.getInstance("AES/CTR/NoPadding", "SunJCE"); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - // Copy nonce - byte[] iv = new byte[ivLength]; - Util.arrayCopyNonAtomic(ivBuffer, ivStart, iv, (short) 0, ivLength); - // Init Cipher - IvParameterSpec ivSpec = new IvParameterSpec(iv); - try { - if (mode == KMType.ENCRYPT) { - cipher.init(javax.crypto.Cipher.ENCRYPT_MODE, aesKey, ivSpec); - } else { - cipher.init(javax.crypto.Cipher.DECRYPT_MODE, aesKey, ivSpec); - } - } catch (InvalidKeyException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } - KMCipherImpl ret = new KMCipherImpl(cipher); - ret.setCipherAlgorithm(KMType.AES); - ret.setMode(mode); - ret.setPaddingAlgorithm((short) 0); - ret.setBlockMode(KMType.CTR); - return ret; - } - - private Signature createHmacSignerVerifier(short purpose, short digest, - byte[] secret, short secretStart, short secretLength) { - HMACKey key = createHMACKey(secret, secretStart, secretLength); - return createHmacSignerVerifier(purpose, digest, key); - } - - private Signature createHmacSignerVerifier(short purpose, short digest, HMACKey key) { - byte alg = Signature.ALG_HMAC_SHA_256; - if (digest != KMType.SHA2_256) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - Signature hmacSignerVerifier = Signature.getInstance((byte) alg, false); - hmacSignerVerifier.init(key, (byte) purpose); - return hmacSignerVerifier; - } - - - public KMCipher createAesGcmCipher(short mode, short tagLen, byte[] secret, short secretStart, - short secretLength, - byte[] ivBuffer, short ivStart, short ivLength) { - if (secretLength != 16 && secretLength != 32) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - if (ivLength != AES_GCM_NONCE_LENGTH) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - if (mode != KMType.ENCRYPT && mode != KMType.DECRYPT) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - //Create the sun jce compliant aes key - byte[] keyMaterial = new byte[secretLength]; - Util.arrayCopyNonAtomic(secret, secretStart, keyMaterial, (short) 0, secretLength); - java.security.Key aesKey = new SecretKeySpec(keyMaterial, (short) 0, keyMaterial.length, "AES"); - // Create the cipher - javax.crypto.Cipher cipher = null; - try { - cipher = javax.crypto.Cipher.getInstance("AES/GCM/NoPadding", "SunJCE"); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - // Copy nonce - byte[] iv = new byte[AES_GCM_NONCE_LENGTH]; - Util.arrayCopyNonAtomic(ivBuffer, ivStart, iv, (short) 0, AES_GCM_NONCE_LENGTH); - // Init Cipher - GCMParameterSpec spec = new GCMParameterSpec(tagLen, iv, (short) 0, AES_GCM_NONCE_LENGTH); - try { - if (mode == KMType.ENCRYPT) { - mode = javax.crypto.Cipher.ENCRYPT_MODE; - } else { - mode = javax.crypto.Cipher.DECRYPT_MODE; - } - cipher.init(mode, aesKey, spec); - } catch (InvalidKeyException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.INVALID_INIT); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - CryptoException.throwIt(CryptoException.NO_SUCH_ALGORITHM); - } - KMCipherImpl ret = new KMCipherImpl(cipher); - ret.setCipherAlgorithm(KMType.AES); - ret.setMode(mode); - ret.setPaddingAlgorithm((short) 0); - ret.setBlockMode(KMType.GCM); - return ret; - } - - private void initEntropyPool(byte[] pool) { - byte index = 0; - RandomData trng; - while (index < rngCounter.length) { - rngCounter[index++] = 0; - } - try { - trng = RandomData.getInstance(RandomData.ALG_TRNG); - trng.nextBytes(pool, (short) 0, (short) pool.length); - } catch (CryptoException exp) { - if (exp.getReason() == CryptoException.NO_SUCH_ALGORITHM) { - // simulator does not support TRNG algorithm. So, PRNG algorithm (deprecated) is used. - trng = RandomData.getInstance(RandomData.ALG_PSEUDO_RANDOM); - trng.nextBytes(pool, (short) 0, (short) pool.length); - } else { - ISOException.throwIt(ISO7816.SW_UNKNOWN); - } - } - } - - // Generate a secure random number from existing entropy pool. This uses aes ecb algorithm with - // 8 byte rngCounter and 16 byte block size. - @Override - public void newRandomNumber(byte[] num, short startOff, short length) { - KMRepository repository = KMRepository.instance(); - byte[] bufPtr = repository.getHeap(); - short countBufInd = repository.alloc(KMKeymasterApplet.AES_BLOCK_SIZE); - short randBufInd = repository.alloc(KMKeymasterApplet.AES_BLOCK_SIZE); - short len = KMKeymasterApplet.AES_BLOCK_SIZE; - aesRngKey.setKey(entropyPool, (short) 0); - aesRngCipher.init(aesRngKey, Cipher.MODE_ENCRYPT, aesICV, (short) 0, (short) 16); - while (length > 0) { - if (length < len) { - len = length; - } - // increment rngCounter by one - incrementCounter(); - // copy the 8 byte rngCounter into the 16 byte rngCounter buffer. - Util.arrayCopy(rngCounter, (short) 0, bufPtr, countBufInd, (short) rngCounter.length); - // encrypt the rngCounter buffer with existing entropy which forms the aes key. - aesRngCipher.doFinal( - bufPtr, countBufInd, KMKeymasterApplet.AES_BLOCK_SIZE, bufPtr, randBufInd); - // copy the encrypted rngCounter block to buffer passed in the argument - Util.arrayCopy(bufPtr, randBufInd, num, startOff, len); - length = (short) (length - len); - startOff = (short) (startOff + len); - } - } - - // increment 8 byte rngCounter by one - private void incrementCounter() { - // start with least significant byte - short index = (short) (rngCounter.length - 1); - while (index >= 0) { - // if the msb of current byte is set then it will be negative - if (rngCounter[index] < 0) { - // then increment the rngCounter - rngCounter[index]++; - // is the msb still set? i.e. no carry over - if (rngCounter[index] < 0) { - break; // then break - } else { - index--; // else go to the higher order byte - } - } else { - // if msb is not set then increment the rngCounter - rngCounter[index]++; - break; - } - } - } - - @Override - public void addRngEntropy(byte[] num, short offset, short length) { - // Maximum length can be 256 bytes. But currently we support max 32 bytes seed. - // Get existing entropy pool. - if (length > 32) { - length = 32; - } - // Create new temporary pool. - // Populate the new pool with the entropy which is derived from current entropy pool. - newRandomNumber(rndNum, (short) 0, (short) entropyPool.length); - // Copy the entropy to the current pool - updates the entropy pool. - Util.arrayCopy(rndNum, (short) 0, entropyPool, (short) 0, (short) entropyPool.length); - short index = 0; - short randIndex = 0; - // XOR the seed received from the master in the entropy pool - 16 bytes (entPool.length). - // at a time. - while (index < length) { - entropyPool[randIndex] = (byte) (entropyPool[randIndex] ^ num[(short) (offset + index)]); - randIndex++; - index++; - if (randIndex >= entropyPool.length) { - randIndex = 0; - } - } - } - - @Override - public KMAttestationCert getAttestationCert(boolean rsaCert) { - return KMAttestationCertImpl.instance(rsaCert); - } - - @Override - public KMPKCS8Decoder getPKCS8DecoderInstance() { - return KMPKCS8DecoderImpl.instance(); - } - - private short getProvisionDataBufferOffset(byte dataType) { - switch(dataType) { - case CERTIFICATE_CHAIN: - return CERT_CHAIN_OFFSET; - case CERTIFICATE_ISSUER: - return CERT_ISSUER_OFFSET; - case CERTIFICATE_EXPIRY: - return CERT_EXPIRY_OFFSET; - default: - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - return 0; - } - - private void persistProvisionData(byte[] buf, short off, short len, short maxSize, short copyToOff) { - if (len > maxSize) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - JCSystem.beginTransaction(); - Util.setShort(provisionData, copyToOff, len); - Util.arrayCopyNonAtomic(buf, off, provisionData, (short) (copyToOff + 2), len); - JCSystem.commitTransaction(); - } - - private void persistCertificateChain(byte[] certChain, short certChainOff, short certChainLen) { - persistProvisionData(certChain, certChainOff, certChainLen, - KMConfigurations.CERT_CHAIN_MAX_SIZE, CERT_CHAIN_OFFSET); - } - - private void persistCertficateIssuer(byte[] certIssuer, short certIssuerOff, short certIssuerLen) { - persistProvisionData(certIssuer, certIssuerOff, certIssuerLen, - KMConfigurations.CERT_ISSUER_MAX_SIZE, CERT_ISSUER_OFFSET); - } - - private void persistCertificateExpiryTime(byte[] certExpiry, short certExpiryOff, short certExpiryLen) { - persistProvisionData(certExpiry, certExpiryOff, certExpiryLen, - KMConfigurations.CERT_EXPIRY_MAX_SIZE, CERT_EXPIRY_OFFSET); - } - - @Override - public void persistProvisionData(byte[] buffer, short certChainOff, short certChainLen, - short certIssuerOff, short certIssuerLen, short certExpiryOff ,short certExpiryLen) { - // All the buffers uses first two bytes for length. The certificate chain - // is stored as shown below. - // _____________________________________________________ - // | 2 Bytes | 1 Byte | 3 Bytes | Cert1 | Cert2 |... - // |_________|________|_________|_______|________|_______ - // First two bytes holds the length of the total buffer. - // CBOR format: - // Next single byte holds the byte string header. - // Next 3 bytes holds the total length of the certificate chain. - // clear buffer. - JCSystem.beginTransaction(); - Util.arrayFillNonAtomic(provisionData, (short) 0, (short) provisionData.length, (byte) 0); - JCSystem.commitTransaction(); - // Persist data. - persistCertificateChain(buffer, certChainOff, certChainLen); - persistCertficateIssuer(buffer, certIssuerOff, certIssuerLen); - persistCertificateExpiryTime(buffer, certExpiryOff, certExpiryLen); - } - - @Override - public short readProvisionedData(byte dataType, byte[] buf, short offset) { - short provisionBufOffset = getProvisionDataBufferOffset(dataType); - short len = Util.getShort(provisionData, provisionBufOffset); - Util.arrayCopyNonAtomic(provisionData, (short) (2 + provisionBufOffset), buf, offset, len); - return len; - } - - @Override - public short getProvisionedDataLength(byte dataType) { - short provisionBufOffset = getProvisionDataBufferOffset(dataType); - return Util.getShort(provisionData, provisionBufOffset); - } - - @Override - public short ecSign256(KMAttestationKey attestationKey, - byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart) { - - ECPrivateKey key = ((KMECPrivateKey) attestationKey).getPrivateKey(); - - Signature signer = Signature - .getInstance(Signature.ALG_ECDSA_SHA_256, false); - signer.init(key, Signature.MODE_SIGN); - return signer.sign(inputDataBuf, inputDataStart, inputDataLength, - outputDataBuf, outputDataStart); - } - - @Override - public boolean isBootSignalEventSupported() { - return false; - } - - @Override - public boolean isDeviceRebooted() { - return false; - } - - @Override - public void clearDeviceBooted(boolean resetBootFlag) { - } - - @Override - public void onSave(Element ele) { - } - - @Override - public void onRestore(Element ele, short oldVersion, short currentVersion) { - } - - @Override - public short getBackupPrimitiveByteCount() { - return 0; - } - - @Override - public short getBackupObjectCount() { - return 0; - } - - @Override - public boolean isUpgrading() { - return false; - } - - @Override - public KMMasterKey createMasterKey(short keySizeBits) { - if (masterKey == null) { - AESKey key = (AESKey) KeyBuilder.buildKey( - KeyBuilder.TYPE_AES, keySizeBits, false); - masterKey = new KMAESKey(key); - short keyLen = (short) (keySizeBits / 8); - byte[] keyData = new byte[keyLen]; - getTrueRandomNumber(keyData, (short) 0, keyLen); - masterKey.setKey(keyData, (short) 0); - } - return (KMMasterKey) masterKey; - } - - @Override - public KMAttestationKey createAttestationKey(byte[] keyData, short offset, - short length) { - if (attestationKey == null) { - // Strongbox supports only P-256 curve for EC key. - KeyPair ecKeyPair = new KeyPair(KeyPair.ALG_EC_FP, KeyBuilder.LENGTH_EC_FP_256); - attestationKey = new KMECPrivateKey(ecKeyPair); - } - attestationKey.setS(keyData, offset, length); - return (KMAttestationKey) attestationKey; - } - - @Override - public KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length) { - short lengthInBits = (short) (length * 8); - if ((lengthInBits % 8 != 0) || !(lengthInBits >= 64 && lengthInBits <= 512)) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - if (preSharedKey == null) { - HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, lengthInBits, - false); - preSharedKey = new KMHmacKey(key); - } - preSharedKey.setKey(keyData, offset, length); - return (KMPreSharedKey) preSharedKey; - } - - @Override - public KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length) { - if (length != COMPUTED_HMAC_KEY_SIZE) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - if (computedHmacKey == null) { - HMACKey key = (HMACKey) KeyBuilder.buildKey(KeyBuilder.TYPE_HMAC, (short) (length * 8), - false); - computedHmacKey = new KMHmacKey(key); - } - computedHmacKey.setKey(keyData, offset, length); - return (KMComputedHmacKey) computedHmacKey; - } - - @Override - public KMMasterKey getMasterKey() { - return (KMMasterKey) masterKey; - } - - @Override - public KMAttestationKey getAttestationKey() { - return (KMAttestationKey) attestationKey; - } - - @Override - public KMPreSharedKey getPresharedKey() { - return (KMPreSharedKey) preSharedKey; - } - - @Override - public KMComputedHmacKey getComputedHmacKey() { - return (KMComputedHmacKey) computedHmacKey; - } - - @Override - public void releaseAllOperations() { - //Do nothing. - } - - @Override - public short messageDigest256(byte[] inBuff, short inOffset, - short inLength, byte[] outBuff, short outOffset) { - MessageDigest mDigest = null; - short len = 0; - try { - mDigest = MessageDigest.getInitializedMessageDigestInstance(MessageDigest.ALG_SHA_256, false); - len = mDigest.doFinal(inBuff, inOffset, inLength, outBuff, outOffset); - } catch (Exception e) { - - } - return len; - } - -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java deleted file mode 100644 index 761b388a..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMOperationImpl.java +++ /dev/null @@ -1,82 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import javacard.security.Signature; - -public class KMOperationImpl implements KMOperation { - - private KMCipher cipher; - private Signature signature; - - public KMOperationImpl(KMCipher cipher) { - this.cipher = cipher; - this.signature = null; - } - - public KMOperationImpl(Signature sign) { - this.cipher = null; - this.signature = sign; - } - - @Override - public short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart) { - return cipher - .update(inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); - } - - @Override - public short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength) { - signature.update(inputDataBuf, inputDataStart, inputDataLength); - return 0; - } - - @Override - public short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] outputDataBuf, short outputDataStart) { - return cipher - .doFinal(inputDataBuf, inputDataStart, inputDataLength, outputDataBuf, outputDataStart); - } - - @Override - public short sign(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] signBuf, short signStart) { - return signature.sign(inputDataBuf, inputDataStart, inputDataLength, signBuf, signStart); - } - - @Override - public boolean verify(byte[] inputDataBuf, short inputDataStart, short inputDataLength, - byte[] signBuf, short signStart, short signLength) { - return signature - .verify(inputDataBuf, inputDataStart, inputDataLength, signBuf, signStart, signLength); - } - - @Override - public void abort() { - // do nothing - } - - @Override - public void updateAAD(byte[] dataBuf, short dataStart, short dataLength) { - cipher.updateAAD(dataBuf, dataStart, dataLength); - } - - @Override - public short getAESGCMOutputSize(short dataSize, short macLength) { - return cipher.getAesGcmOutputSize(dataSize, macLength); - } -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java deleted file mode 100644 index 921cae28..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java +++ /dev/null @@ -1,223 +0,0 @@ -package com.android.javacard.keymaster; - -import javacard.framework.Util; - -public class KMPKCS8DecoderImpl implements KMPKCS8Decoder { - - public static final byte ASN1_OCTET_STRING = 0x04; - public static final byte ASN1_SEQUENCE = 0x30; - public static final byte ASN1_INTEGER = 0x02; - public static final byte ASN1_A0_TAG = (byte) 0xA0; - public static final byte ASN1_A1_TAG = (byte) 0xA1; - public static final byte ASN1_BIT_STRING = 0x03; - public static final byte[] EC_CURVE = { - 0x06, 0x08, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, 0x3d, 0x03, - 0x01, 0x07 - }; - public static final byte[] RSA_ALGORITHM = { - 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, - (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 - }; - public static final byte[] EC_ALGORITHM = { - 0x06, 0x07, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, - 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, (byte) 0x86, 0x48, - (byte) 0xce, 0x3d, 0x03, 0x01, 0x07 - }; - private byte[] data; - private short start; - private short length; - private short cur; - private static KMPKCS8DecoderImpl inst; - - private KMPKCS8DecoderImpl() { - start = 0; - length = 0; - cur = 0; - } - - @Override - public short decodeRsa(short blob) { - init(blob); - decodeCommon((short) 0, RSA_ALGORITHM); - return decodeRsaPrivateKey((short) 0); - } - - @Override - public short decodeEc(short blob) { - init(blob); - decodeCommon((short) 0, EC_ALGORITHM); - return decodeEcPrivateKey((short) 1); - } - - //Seq[Int,Int,Int,Int,] - public short decodeRsaPrivateKey(short version) { - short resp = KMArray.instance((short) 3); - header(ASN1_OCTET_STRING); - header(ASN1_SEQUENCE); - short len = header(ASN1_INTEGER); - if (len != 1) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - short ver = getByte(); - if (ver != version) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - len = header(ASN1_INTEGER); - short modulus = getModulus(len); - len = header(ASN1_INTEGER); - short pubKey = KMByteBlob.instance(len); - getBytes(pubKey); - len = header(ASN1_INTEGER); - short privKey = KMByteBlob.instance(len); - getBytes(privKey); - KMArray.cast(resp).add((short) 0, modulus); - KMArray.cast(resp).add((short) 1, pubKey); - KMArray.cast(resp).add((short) 2, privKey); - return resp; - } - - // Seq [Int, Blob] - public void decodeCommon(short version, byte[] alg) { - short len = header(ASN1_SEQUENCE); - len = header(ASN1_INTEGER); - if (len != 1) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - short ver = getByte(); - if (ver != version) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - len = header(ASN1_SEQUENCE); - short blob = KMByteBlob.instance(len); - getBytes(blob); - if (Util.arrayCompare( - KMByteBlob.cast(blob).getBuffer(), - KMByteBlob.cast(blob).getStartOff(), - alg, - (short) 0, KMByteBlob.cast(blob).length()) != 0) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - } - - //Seq[Int,blob,blob] - public short decodeEcPrivateKey(short version) { - short resp = KMArray.instance((short) 2); - header(ASN1_OCTET_STRING); - header(ASN1_SEQUENCE); - short len = header(ASN1_INTEGER); - if (len != 1) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - short ver = getByte(); - if (ver != version) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - len = header(ASN1_OCTET_STRING); - short privKey = KMByteBlob.instance(len); - getBytes(privKey); - validateTag0IfPresent(); - header(ASN1_A1_TAG); - len = header(ASN1_BIT_STRING); - if (len < 1) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - byte unusedBits = getByte(); - if (unusedBits != 0) { - KMException.throwIt(KMError.UNIMPLEMENTED); - } - short pubKey = KMByteBlob.instance((short) (len - 1)); - getBytes(pubKey); - KMArray.cast(resp).add((short) 0, pubKey); - KMArray.cast(resp).add((short) 1, privKey); - return resp; - } - - private void validateTag0IfPresent() { - if (data[cur] != ASN1_A0_TAG) { - return; - } - ; - short len = header(ASN1_A0_TAG); - if (len != EC_CURVE.length) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - if (Util.arrayCompare(data, cur, EC_CURVE, (short) 0, len) != 0) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - incrementCursor(len); - } - - private short header(short tag) { - short t = getByte(); - if (t != tag) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - return getLength(); - } - - private byte getByte() { - byte d = data[cur]; - incrementCursor((short) 1); - return d; - } - - private short getShort() { - short d = Util.getShort(data, cur); - incrementCursor((short) 2); - return d; - } - - private short getModulus(short modulusLen) { - if (0 == data[cur] && modulusLen == 257) { - incrementCursor((short) 1); - modulusLen--; - } - short blob = KMByteBlob.instance(modulusLen); - getBytes(blob); - return blob; - } - - private void getBytes(short blob) { - short len = KMByteBlob.cast(blob).length(); - Util.arrayCopyNonAtomic(data, cur, KMByteBlob.cast(blob).getBuffer(), - KMByteBlob.cast(blob).getStartOff(), len); - incrementCursor(len); - } - - private short getLength() { - byte len = getByte(); - if (len >= 0) { - return len; - } - len = (byte) (len & 0x7F); - if (len == 1) { - return (short) (getByte() & 0xFF); - } else if (len == 2) { - return getShort(); - } else { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - return KMType.INVALID_VALUE; //should not come here - } - - public static KMPKCS8DecoderImpl instance() { - if (inst == null) { - inst = new KMPKCS8DecoderImpl(); - } - return inst; - } - - public void init(short blob) { - data = KMByteBlob.cast(blob).getBuffer(); - start = KMByteBlob.cast(blob).getStartOff(); - length = KMByteBlob.cast(blob).length(); - cur = start; - } - - public void incrementCursor(short n) { - cur += n; - if (cur > ((short) (start + length))) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - } -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java deleted file mode 100644 index 573be574..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMRsa2048NoDigestSignature.java +++ /dev/null @@ -1,145 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import javacard.framework.Util; -import javacard.security.CryptoException; -import javacard.security.Key; -import javacard.security.Signature; -import javacardx.crypto.Cipher; - -public class KMRsa2048NoDigestSignature extends Signature { - - private Cipher inst; // ALG_RSA_NOPAD. - private byte padding; - private byte[] rsaModulus; // to compare with the data value - - public KMRsa2048NoDigestSignature(Cipher ciph, byte padding, byte[] mod, short start, short len) { - inst = ciph; - this.padding = padding; - if (len != 256) { - CryptoException.throwIt(CryptoException.INVALID_INIT); - } - rsaModulus = new byte[256]; - Util.arrayCopyNonAtomic(mod, start, rsaModulus, (short) 0, len); - } - - @Override - public void init(Key key, byte b) throws CryptoException { - - } - - @Override - public void init(Key key, byte b, byte[] bytes, short i, short i1) throws CryptoException { - } - - @Override - public void setInitialDigest(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) - throws CryptoException { - } - - @Override - public byte getAlgorithm() { - return 0; - } - - @Override - public byte getMessageDigestAlgorithm() { - return 0; - } - - @Override - public byte getCipherAlgorithm() { - return 0; - } - - @Override - public byte getPaddingAlgorithm() { - return 0; - } - - @Override - public short getLength() throws CryptoException { - return 0; - } - - @Override - public void update(byte[] bytes, short i, short i1) throws CryptoException { - } - - @Override - public short sign(byte[] bytes, short i, short i1, byte[] bytes1, short i2) - throws CryptoException { - byte[] inputData = padData(bytes, i, i1); - return inst.doFinal(inputData, (short) 0, (short) 256, bytes1, i2); - } - - @Override - public short signPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2) - throws CryptoException { - return 0; - } - - @Override - public boolean verify(byte[] bytes, short i, short i1, byte[] bytes1, short i2, short i3) - throws CryptoException { - // Public key operations not handled here. - return false; - } - - @Override - public boolean verifyPreComputedHash(byte[] bytes, short i, short i1, byte[] bytes1, short i2, - short i3) throws CryptoException { - return false; - } - - private byte[] padData(byte[] buf, short start, short len) { - byte[] inputData = new byte[256]; - if (!isValidData(buf, start, len)) { - CryptoException.throwIt(CryptoException.ILLEGAL_VALUE); - } - Util.arrayFillNonAtomic(inputData, (short) 0, (short) 256, (byte) 0x00); - if (padding == KMType.PADDING_NONE) { // add zero to right - } else if (padding == KMType.RSA_PKCS1_1_5_SIGN) {// 0x00||0x01||PS||0x00 - inputData[0] = 0x00; - inputData[1] = 0x01; - Util.arrayFillNonAtomic(inputData, (short) 2, (short) (256 - len - 3), (byte) 0xFF); - inputData[(short) (256 - len - 1)] = 0x00; - } else { - CryptoException.throwIt(CryptoException.ILLEGAL_USE); - } - Util.arrayCopyNonAtomic(buf, start, inputData, (short) (256 - len), len); - return inputData; - } - - private boolean isValidData(byte[] buf, short start, short len) { - if (padding == KMType.PADDING_NONE) { - if (len > 256) { - return false; - } else if (len == 256) { - short v = KMInteger.unsignedByteArrayCompare(buf, start, rsaModulus, (short) 0, len); - if (v > 0) { - return false; - } - } - } else {//pkcs1 no digest - if (len > 245) { - return false; - } - } - return true; - } -} diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java deleted file mode 100644 index 88b7b4d1..00000000 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMUtils.java +++ /dev/null @@ -1,438 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -import javacard.framework.Util; - -public class KMUtils { - - // 64 bit unsigned calculations for time - public static final byte[] oneSecMsec = { - 0, 0, 0, 0, 0, 0, 0x03, (byte) 0xE8}; // 1000 msec - public static final byte[] oneMinMsec = { - 0, 0, 0, 0, 0, 0, (byte) 0xEA, 0x60}; // 60000 msec - public static final byte[] oneHourMsec = { - 0, 0, 0, 0, 0, 0x36, (byte) 0xEE, (byte) 0x80}; // 3600000 msec - public static final byte[] oneDayMsec = { - 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00}; // 86400000 msec - public static final byte[] oneMonthMsec = { - 0, 0, 0, 0, (byte) 0x9C, (byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec - public static final byte[] leapYearMsec = { - 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; - public static final byte[] yearMsec = { - 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 - //Leap year(366) + 3 * 365 - public static final byte[] fourYrsMsec = { - 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 - public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte) 0xE8, 0x00}; // 1577836800000 msec - public static final byte[] firstJan2051 = { - 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00}; // 2556144000000 - // msec - public static final byte[] febMonthLeapMSec = { - 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00}; //2505600000 - public static final byte[] febMonthMsec = { - 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00}; //2419200000 - public static final byte[] ThirtyOneDaysMonthMsec = { - 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00};//2678400000 - public static final byte[] ThirtDaysMonthMsec = { - 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00};//2592000000 - public static final short year2051 = 2051; - public static final short year2020 = 2020; - - // -------------------------------------- - public static short convertToDate(short time, byte[] scratchPad, - boolean utcFlag) { - - short yrsCount = 0; - short monthCount = 1; - short dayCount = 1; - short hhCount = 0; - short mmCount = 0; - short ssCount = 0; - byte Z = 0x5A; - boolean from2020 = true; - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - Util.arrayCopyNonAtomic(KMInteger.cast(time).getBuffer(), - KMInteger.cast(time).getStartOff(), scratchPad, - (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) - .length()); - // If the time is less then 1 Jan 2020 then it is an error - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, - (short) 8) < 0) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - if (utcFlag - && KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, - (short) 0, (short) 8) >= 0) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2051, (short) 0, - (short) 8) < 0) { - Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, - (short) 8); - subtract(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - } else { - from2020 = false; - Util.arrayCopyNonAtomic(firstJan2051, (short) 0, scratchPad, (short) 8, - (short) 8); - subtract(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - } - // divide the given time with four yrs msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, fourYrsMsec, (short) 0, - (short) 8) >= 0) { - Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - yrsCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); // quotient - // is - // multiple - // of 4 - yrsCount = (short) (yrsCount * 4); // number of yrs. - // copy reminder as new dividend - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - } - - //Get the leap year index starting from the (base Year + yrsCount) Year. - short leapYrIdx = getLeapYrIndex(from2020, yrsCount); - - // if leap year index is 0, then the number of days for the 1st year will be 366 days. - // if leap year index is not 0, then the number of days for the 1st year will be 365 days. - if (((leapYrIdx == 0) && - (KMInteger - .unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, (short) 0, (short) 8) - >= 0)) || - ((leapYrIdx != 0) && - (KMInteger - .unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, (short) 0, (short) 8) - >= 0))) { - for (short i = 0; i < 4; i++) { - yrsCount++; - if (i == leapYrIdx) { - Util.arrayCopyNonAtomic(leapYearMsec, (short) 0, scratchPad, - (short) 8, (short) 8); - } else { - Util.arrayCopyNonAtomic(yearMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - } - subtract(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - if (((short) (i + 1) == leapYrIdx)) { - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, leapYearMsec, - (short) 0, (short) 8) < 0) { - break; - } - } else { - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, yearMsec, - (short) 0, (short) 8) < 0) { - break; - } - } - } - } - - // total yrs from 1970 - if (from2020) { - yrsCount = (short) (year2020 + yrsCount); - } else { - yrsCount = (short) (year2051 + yrsCount); - } - - // divide the given time with one month msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMonthMsec, (short) 0, - (short) 8) >= 0) { - for (short i = 0; i < 12; i++) { - if (i == 1) { - // Feb month - if (isLeapYear(yrsCount)) { - // Leap year 29 days - Util.arrayCopyNonAtomic(febMonthLeapMSec, (short) 0, scratchPad, - (short) 8, (short) 8); - } else { - // 28 days - Util.arrayCopyNonAtomic(febMonthMsec, (short) 0, scratchPad, - (short) 8, (short) 8); - } - } else if (((i <= 6) && ((i % 2 == 0))) || ((i > 6) && ((i % 2 == 1)))) { - Util.arrayCopyNonAtomic(ThirtyOneDaysMonthMsec, (short) 0, - scratchPad, (short) 8, (short) 8); - } else { - // 30 Days - Util.arrayCopyNonAtomic(ThirtDaysMonthMsec, (short) 0, scratchPad, - (short) 8, (short) 8); - } - - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, - (short) 8) >= 0) { - subtract(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - } else { - break; - } - monthCount++; - } - } - - // divide the given time with one day msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneDayMsec, (short) 0, - (short) 8) >= 0) { - Util.arrayCopyNonAtomic(oneDayMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - dayCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); - dayCount++; - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - } - - // divide the given time with one hour msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneHourMsec, (short) 0, - (short) 8) >= 0) { - Util.arrayCopyNonAtomic(oneHourMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - hhCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - } - - // divide the given time with one minute msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneMinMsec, (short) 0, - (short) 8) >= 0) { - Util.arrayCopyNonAtomic(oneMinMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - mmCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - } - - // divide the given time with one second msec count - if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, oneSecMsec, (short) 0, - (short) 8) >= 0) { - Util.arrayCopyNonAtomic(oneSecMsec, (short) 0, scratchPad, (short) 8, - (short) 8); - ssCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); - Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, - (short) 8); - } - - // Now convert to ascii string YYMMDDhhmmssZ or YYYYMMDDhhmmssZ - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - short len = numberToString(yrsCount, scratchPad, (short) 0); // returns YYYY - len += numberToString(monthCount, scratchPad, len); - len += numberToString(dayCount, scratchPad, len); - len += numberToString(hhCount, scratchPad, len); - len += numberToString(mmCount, scratchPad, len); - len += numberToString(ssCount, scratchPad, len); - scratchPad[len] = Z; - len++; - if (utcFlag) { - return KMByteBlob.instance(scratchPad, (short) 2, (short) (len - 2)); // YY - } else { - return KMByteBlob.instance(scratchPad, (short) 0, len); // YYYY - } - } - - public static short numberToString(short number, byte[] scratchPad, - short offset) { - byte zero = 0x30; - byte len = 2; - byte digit; - if (number > 999) { - len = 4; - } - byte index = len; - while (index > 0) { - digit = (byte) (number % 10); - number = (short) (number / 10); - scratchPad[(short) (offset + index - 1)] = (byte) (digit + zero); - index--; - } - return len; - } - - // Use Euclid's formula: dividend = quotient*divisor + remainder - // i.e. dividend - quotient*divisor = remainder where remainder < divisor. - // so this is division by subtraction until remainder remains. - public static short divide(byte[] buf, short dividend, short divisor, - short remainder) { - short expCnt = 1; - short q = 0; - // first increase divisor so that it becomes greater then dividend. - while (compare(buf, divisor, dividend) < 0) { - shiftLeft(buf, divisor); - expCnt = (short) (expCnt << 1); - } - // Now subtract divisor from dividend if dividend is greater then divisor. - // Copy remainder in the dividend and repeat. - while (expCnt != 0) { - if (compare(buf, dividend, divisor) >= 0) { - subtract(buf, dividend, divisor, remainder); - copy(buf, remainder, dividend); - q = (short) (q + expCnt); - } - expCnt = (short) (expCnt >> 1); - shiftRight(buf, divisor); - } - return q; - } - - public static void copy(byte[] buf, short from, short to) { - Util.arrayCopyNonAtomic(buf, from, buf, to, (short) 8); - } - - public static byte compare(byte[] buf, short lhs, short rhs) { - return KMInteger.unsignedByteArrayCompare(buf, lhs, buf, rhs, (short) 8); - } - - public static void shiftLeft(byte[] buf, short start, short count) { - short index = 0; - while (index < count) { - shiftLeft(buf, start); - index++; - } - } - - public static void shiftLeft(byte[] buf, short start) { - byte index = 7; - byte carry = 0; - byte tmp; - while (index >= 0) { - tmp = buf[(short) (start + index)]; - buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] << 1); - buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] + carry); - if (tmp < 0) { - carry = 1; - } else { - carry = 0; - } - index--; - } - } - - public static void shiftRight(byte[] buf, short start) { - byte index = 0; - byte carry = 0; - byte tmp; - while (index < 8) { - tmp = (byte) (buf[(short) (start + index)] & 0x01); - buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] >> 1); - buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] & 0x7F); - buf[(short) (start + index)] = (byte) (buf[(short) (start + index)] | carry); - if (tmp == 1) { - carry = (byte) 0x80; - } else { - carry = 0; - } - index++; - } - } - - public static void add(byte[] buf, short op1, short op2, short result) { - byte index = 7; - byte carry = 0; - short tmp; - while (index >= 0) { - tmp = - (short) ((buf[(short) (op1 + index)] & 0xFF) + - (buf[(short) (op2 + index)] & 0xFF) + carry); - carry = 0; - if (tmp > 255) { - carry = 1; // max unsigned byte value is 255 - } - buf[(short) (result + index)] = (byte) (tmp & (byte) 0xFF); - index--; - } - } - - // subtraction by borrowing. - public static void subtract(byte[] buf, short op1, short op2, short result) { - byte borrow = 0; - byte index = 7; - short r; - short x; - short y; - while (index >= 0) { - x = (short) (buf[(short) (op1 + index)] & 0xFF); - y = (short) (buf[(short) (op2 + index)] & 0xFF); - r = (short) (x - y - borrow); - borrow = 0; - if (r < 0) { - borrow = 1; - r = (short) (r + 256); // max unsigned byte value is 255 - } - buf[(short) (result + index)] = (byte) (r & 0xFF); - index--; - } - } - - public static short countTemporalCount(byte[] bufTime, short timeOff, - short timeLen, byte[] scratchPad, short offset) { - Util.arrayFillNonAtomic(scratchPad, (short) offset, (short) 24, (byte) 0); - Util.arrayCopyNonAtomic( - bufTime, - timeOff, - scratchPad, - (short) (offset + 8 - timeLen), - timeLen); - Util.arrayCopyNonAtomic(oneMonthMsec, (short) 0, scratchPad, (short) (offset + 8), - (short) 8); - return divide(scratchPad, (short) 0, (short) 8, (short) 16); - } - - public static boolean isLeapYear(short year) { - if ((short) (year % 4) == (short) 0) { - if (((short) (year % 100) == (short) 0) && - ((short) (year % 400)) != (short) 0) { - return false; - } - return true; - } - return false; - } - - public static short getLeapYrIndex(boolean from2020, short yrsCount) { - short newBaseYr = (short) (from2020 ? (year2020 + yrsCount) : (year2051 + yrsCount)); - for (short i = 0; i < 4; i++) { - if (isLeapYear((short) (newBaseYr + i))) { - return i; - } - } - return -1; - } - - // i * 1000 = (i << 9) + (i << 8) + (i << 7) + (i << 6) + (i << 5) + ( i << 3) - public static void convertToMilliseconds(byte[] buf, short inputOff, short outputOff, - short scratchPadOff) { - byte[] shiftPos = {9, 8, 7, 6, 5, 3}; - short index = 0; - while (index < (short) (shiftPos.length)) { - Util.arrayCopyNonAtomic(buf, inputOff, buf, scratchPadOff, (short) 8); - shiftLeft(buf, scratchPadOff, shiftPos[index]); - Util.arrayCopyNonAtomic(buf, outputOff, buf, (short) (scratchPadOff + 8), (short) 8); - add(buf, scratchPadOff, (short) (8 + scratchPadOff), (short) (16 + scratchPadOff)); - Util.arrayCopyNonAtomic(buf, (short) (scratchPadOff + 16), buf, outputOff, (short) 8); - Util.arrayFillNonAtomic(buf, scratchPadOff, (short) 24, (byte) 0); - index++; - } - } - -} diff --git a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java b/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java deleted file mode 100644 index 42f102e9..00000000 --- a/Applet/JCardSimProvider/test/com/android/javacard/test/KMFunctionalTest.java +++ /dev/null @@ -1,3928 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.test; - -import com.android.javacard.keymaster.KMArray; -import com.android.javacard.keymaster.KMBoolTag; -import com.android.javacard.keymaster.KMByteBlob; -import com.android.javacard.keymaster.KMByteTag; -import com.android.javacard.keymaster.KMComputedHmacKey; -import com.android.javacard.keymaster.KMConfigurations; -import com.android.javacard.keymaster.KMHmacKey; -import com.android.javacard.keymaster.KMJCardSimApplet; -import com.android.javacard.keymaster.KMJCardSimulator; -import com.android.javacard.keymaster.KMSEProvider; -import com.android.javacard.keymaster.KMDecoder; -import com.android.javacard.keymaster.KMEncoder; -import com.android.javacard.keymaster.KMEnum; -import com.android.javacard.keymaster.KMEnumArrayTag; -import com.android.javacard.keymaster.KMEnumTag; -import com.android.javacard.keymaster.KMError; -import com.android.javacard.keymaster.KMHardwareAuthToken; -import com.android.javacard.keymaster.KMHmacSharingParameters; -import com.android.javacard.keymaster.KMInteger; -import com.android.javacard.keymaster.KMIntegerTag; -import com.android.javacard.keymaster.KMKeyCharacteristics; -import com.android.javacard.keymaster.KMKeyParameters; -import com.android.javacard.keymaster.KMKeymasterApplet; -import com.android.javacard.keymaster.KMRepository; -import com.android.javacard.keymaster.KMType; -import com.android.javacard.keymaster.KMVerificationToken; -import com.licel.jcardsim.smartcardio.CardSimulator; -import com.licel.jcardsim.utils.AIDUtil; - -import javacard.framework.AID; -import javacard.framework.Util; -import javacard.security.ECPublicKey; -import javacard.security.KeyBuilder; -import javacard.security.KeyPair; -import javacard.security.RSAPublicKey; -import javacard.security.Signature; -import javacardx.crypto.Cipher; - -import java.math.BigInteger; -import java.security.AlgorithmParameters; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.KeyFactory; -import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.SignatureException; -import java.security.spec.ECGenParameterSpec; -import java.security.spec.ECParameterSpec; -import java.security.spec.ECPoint; -import java.security.spec.ECPublicKeySpec; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.InvalidParameterSpecException; -import java.security.spec.MGF1ParameterSpec; -import java.security.spec.RSAPublicKeySpec; -import java.util.Arrays; -import java.util.Random; - -import javax.crypto.BadPaddingException; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.OAEPParameterSpec; -import javax.crypto.spec.PSource; -import javax.smartcardio.CommandAPDU; -import javax.smartcardio.ResponseAPDU; - -import org.junit.Assert; -import org.junit.Test; - -public class KMFunctionalTest { - - private static final byte INS_BEGIN_KM_CMD = 0x00; - private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01 - private static final byte INS_PROVISION_ATTESTATION_CERT_DATA_CMD = INS_BEGIN_KM_CMD + 2; //0x02 - private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 3; //0x04 - private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 4; //0x05 - private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 5; //0x06 - private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 6; //0x07 - private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 7; //0x08 - private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 8; //0x09 - // Top 32 commands are reserved for provisioning. - private static final byte INS_END_KM_PROVISION_CMD = 0x20; - - private static final byte INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD + 1; //0x21 - private static final byte INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 2; //0x22 - private static final byte INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD + 3; //0x23 - private static final byte INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 4; //0x24 - private static final byte INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD + 5; //0x25 - private static final byte INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD + 6; //0x26 - private static final byte INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD + 7; //0x27 - private static final byte INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD + 8; //0x28 - private static final byte INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD + 9; //0x29 - private static final byte INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD + 10; //0x2A - private static final byte INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD + 11; //0x2B - private static final byte INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD + 12; //0x2C - private static final byte INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD + 13; //0x2D - private static final byte INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD + 14; //0x2E - private static final byte INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD + 15; //0x2F - private static final byte INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 16; //0x30 - private static final byte INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 17; //0x31 - private static final byte INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 18; //0x32 - private static final byte INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 19; //0x33 - private static final byte INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD + 20;//0x34 - private static final byte INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD + 21; //0x35 - private static final byte INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD + 22; //0x36 - - private static final byte[] kEcPrivKey = { - (byte) 0x21, (byte) 0xe0, (byte) 0x86, (byte) 0x43, (byte) 0x2a, - (byte) 0x15, (byte) 0x19, (byte) 0x84, (byte) 0x59, (byte) 0xcf, - (byte) 0x36, (byte) 0x3a, (byte) 0x50, (byte) 0xfc, (byte) 0x14, - (byte) 0xc9, (byte) 0xda, (byte) 0xad, (byte) 0xf9, (byte) 0x35, - (byte) 0xf5, (byte) 0x27, (byte) 0xc2, (byte) 0xdf, (byte) 0xd7, - (byte) 0x1e, (byte) 0x4d, (byte) 0x6d, (byte) 0xbc, (byte) 0x42, - (byte) 0xe5, (byte) 0x44}; - private static final byte[] kEcPubKey = { - (byte) 0x04, (byte) 0xeb, (byte) 0x9e, (byte) 0x79, (byte) 0xf8, - (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, (byte) 0xcb, - (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, (byte) 0x86, - (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, (byte) 0x66, - (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, - (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, - (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, - (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, - (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, - (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, - (byte) 0xbc, (byte) 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, - (byte) 0xa6, (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, - (byte) 0x3e, (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14}; - - private static final byte[] kEcAttestCert = { - 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x78, (byte) 0x30, (byte) 0x82, - (byte) 0x02, (byte) 0x1e, (byte) 0xa0, (byte) 0x03, (byte) 0x02, - (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x02, (byte) 0x10, 0x01, - (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, 0x11, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, 0x69, - (byte) 0x61, (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, - (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, (byte) 0x6f, (byte) 0x75, 0x6e, - (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, - (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, - (byte) 0x15, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x03, 0x55, - (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, - (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, - (byte) 0x2c, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, 0x6f, - (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, (byte) 0x30, - (byte) 0x31, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, (byte) 0x6e, 0x64, - (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, - (byte) 0x4b, (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, - (byte) 0x6f, (byte) 0x72, (byte) 0x65, (byte) 0x20, (byte) 0x53, 0x6f, - (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, - (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, - (byte) 0x65, (byte) 0x73, (byte) 0x74, (byte) 0x61, (byte) 0x74, 0x69, - (byte) 0x6f, (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, - (byte) 0x6f, (byte) 0x74, (byte) 0x30, (byte) 0x1e, (byte) 0x17, - (byte) 0x0d, (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, 0x31, - (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, - (byte) 0x30, (byte) 0x39, (byte) 0x5a, (byte) 0x17, (byte) 0x0d, - (byte) 0x32, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, 0x38, - (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, (byte) 0x30, - (byte) 0x39, (byte) 0x5a, (byte) 0x30, (byte) 0x81, (byte) 0x88, - (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, - (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, - (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, 0x13, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0a, - (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, (byte) 0x6f, - (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, (byte) 0x20, 0x49, - (byte) 0x6e, (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, - (byte) 0x30, (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, 0x6e, - (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, - (byte) 0x31, (byte) 0x3b, (byte) 0x30, (byte) 0x39, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, 0x32, - (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, - (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, - (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, 0x74, - (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, (byte) 0x6e, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, (byte) 0x65, - (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, (byte) 0x69, 0x61, - (byte) 0x74, (byte) 0x65, (byte) 0x30, (byte) 0x59, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x07, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x02, (byte) 0x01, 0x06, - (byte) 0x08, (byte) 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, - (byte) 0x3d, (byte) 0x03, (byte) 0x01, (byte) 0x07, (byte) 0x03, - (byte) 0x42, (byte) 0x00, (byte) 0x04, (byte) 0xeb, (byte) 0x9e, 0x79, - (byte) 0xf8, (byte) 0x42, (byte) 0x63, (byte) 0x59, (byte) 0xac, - (byte) 0xcb, (byte) 0x2a, (byte) 0x91, (byte) 0x4c, (byte) 0x89, - (byte) 0x86, (byte) 0xcc, (byte) 0x70, (byte) 0xad, (byte) 0x90, 0x66, - (byte) 0x93, (byte) 0x82, (byte) 0xa9, (byte) 0x73, (byte) 0x26, - (byte) 0x13, (byte) 0xfe, (byte) 0xac, (byte) 0xcb, (byte) 0xf8, - (byte) 0x21, (byte) 0x27, (byte) 0x4c, (byte) 0x21, (byte) 0x74, - (byte) 0x97, (byte) 0x4a, (byte) 0x2a, (byte) 0xfe, (byte) 0xa5, - (byte) 0xb9, (byte) 0x4d, (byte) 0x7f, (byte) 0x66, (byte) 0xd4, - (byte) 0xe0, (byte) 0x65, (byte) 0x10, (byte) 0x66, (byte) 0x35, - (byte) 0xbc, 0x53, (byte) 0xb7, (byte) 0xa0, (byte) 0xa3, (byte) 0xa6, - (byte) 0x71, (byte) 0x58, (byte) 0x3e, (byte) 0xdb, (byte) 0x3e, - (byte) 0x11, (byte) 0xae, (byte) 0x10, (byte) 0x14, (byte) 0xa3, - (byte) 0x66, 0x30, (byte) 0x64, (byte) 0x30, (byte) 0x1d, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, (byte) 0x04, - (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0x3f, (byte) 0xfc, - (byte) 0xac, (byte) 0xd6, (byte) 0x1a, (byte) 0xb1, (byte) 0x3a, - (byte) 0x9e, (byte) 0x81, (byte) 0x20, (byte) 0xb8, (byte) 0xd5, - (byte) 0x25, (byte) 0x1c, (byte) 0xc5, (byte) 0x65, (byte) 0xbb, - (byte) 0x1e, (byte) 0x91, (byte) 0xa9, (byte) 0x30, (byte) 0x1f, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x23, - (byte) 0x04, (byte) 0x18, (byte) 0x30, (byte) 0x16, (byte) 0x80, - (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, (byte) 0x77, - (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, - (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, - (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, 0x30, (byte) 0xcf, - (byte) 0x30, (byte) 0x12, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x1d, (byte) 0x13, (byte) 0x01, (byte) 0x01, (byte) 0xff, - (byte) 0x04, (byte) 0x08, (byte) 0x30, (byte) 0x06, 0x01, (byte) 0x01, - (byte) 0xff, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - (byte) 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, 0x04, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, (byte) 0x30, - (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, 0x03, (byte) 0x02, - (byte) 0x03, (byte) 0x48, (byte) 0x00, (byte) 0x30, (byte) 0x45, - (byte) 0x02, (byte) 0x20, (byte) 0x4b, (byte) 0x8a, (byte) 0x9b, - (byte) 0x7b, (byte) 0xee, (byte) 0x82, (byte) 0xbc, (byte) 0xc0, - (byte) 0x33, (byte) 0x87, (byte) 0xae, (byte) 0x2f, (byte) 0xc0, - (byte) 0x89, (byte) 0x98, (byte) 0xb4, (byte) 0xdd, (byte) 0xc3, - (byte) 0x8d, (byte) 0xab, (byte) 0x27, (byte) 0x2a, (byte) 0x45, - (byte) 0x9f, (byte) 0x69, (byte) 0x0c, (byte) 0xc7, (byte) 0xc3, - (byte) 0x92, (byte) 0xd4, (byte) 0x0f, (byte) 0x8e, (byte) 0x02, - (byte) 0x21, (byte) 0x00, (byte) 0xee, (byte) 0xda, (byte) 0x01, - (byte) 0x5d, (byte) 0xb6, (byte) 0xf4, (byte) 0x32, (byte) 0xe9, - (byte) 0xd4, (byte) 0x84, (byte) 0x3b, (byte) 0x62, (byte) 0x4c, - (byte) 0x94, (byte) 0x04, (byte) 0xef, (byte) 0x3a, (byte) 0x7c, - (byte) 0xcc, (byte) 0xbd, 0x5e, (byte) 0xfb, (byte) 0x22, (byte) 0xbb, - (byte) 0xe7, (byte) 0xfe, (byte) 0xb9, (byte) 0x77, (byte) 0x3f, - (byte) 0x59, (byte) 0x3f, (byte) 0xfb,}; - - private static final byte[] kEcAttestRootCert = { - 0x30, (byte) 0x82, (byte) 0x02, (byte) 0x8b, (byte) 0x30, - (byte) 0x82, (byte) 0x02, (byte) 0x32, (byte) 0xa0, (byte) 0x03, - (byte) 0x02, (byte) 0x01, (byte) 0x02, (byte) 0x02, (byte) 0x09, - (byte) 0x00, (byte) 0xa2, (byte) 0x05, (byte) 0x9e, (byte) 0xd1, - (byte) 0x0e, (byte) 0x43, (byte) 0x5b, (byte) 0x57, (byte) 0x30, - (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, (byte) 0x86, - (byte) 0x48, (byte) 0xce, 0x3d, (byte) 0x04, (byte) 0x03, - (byte) 0x02, (byte) 0x30, (byte) 0x81, (byte) 0x98, (byte) 0x31, - (byte) 0x0b, (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x06, 0x13, (byte) 0x02, - (byte) 0x55, (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, - (byte) 0x11, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x08, (byte) 0x0c, (byte) 0x0a, (byte) 0x43, 0x61, - (byte) 0x6c, (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, - (byte) 0x6e, (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x16, - (byte) 0x30, (byte) 0x14, (byte) 0x06, (byte) 0x03, (byte) 0x55, - 0x04, (byte) 0x07, (byte) 0x0c, (byte) 0x0d, (byte) 0x4d, - (byte) 0x6f, (byte) 0x75, (byte) 0x6e, (byte) 0x74, (byte) 0x61, - (byte) 0x69, (byte) 0x6e, (byte) 0x20, (byte) 0x56, (byte) 0x69, - (byte) 0x65, 0x77, (byte) 0x31, (byte) 0x15, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, - (byte) 0x6f, (byte) 0x67, 0x6c, (byte) 0x65, (byte) 0x2c, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x33, - (byte) 0x30, (byte) 0x31, (byte) 0x06, (byte) 0x03, 0x55, - (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x2a, (byte) 0x41, - (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, - (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, - 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, - (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, - (byte) 0x6e, (byte) 0x20, (byte) 0x52, (byte) 0x6f, (byte) 0x6f, - (byte) 0x74, (byte) 0x30, 0x1e, (byte) 0x17, (byte) 0x0d, - (byte) 0x31, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x31, - (byte) 0x31, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, - (byte) 0x35, (byte) 0x30, (byte) 0x5a, 0x17, (byte) 0x0d, - (byte) 0x33, (byte) 0x36, (byte) 0x30, (byte) 0x31, (byte) 0x30, - (byte) 0x36, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x33, - (byte) 0x35, (byte) 0x30, (byte) 0x5a, (byte) 0x30, (byte) 0x81, - (byte) 0x98, (byte) 0x31, (byte) 0x0b, (byte) 0x30, (byte) 0x09, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x06, - (byte) 0x13, (byte) 0x02, (byte) 0x55, (byte) 0x53, (byte) 0x31, - 0x13, (byte) 0x30, (byte) 0x11, (byte) 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x08, (byte) 0x0c, (byte) 0x0a, - (byte) 0x43, (byte) 0x61, (byte) 0x6c, (byte) 0x69, (byte) 0x66, - (byte) 0x6f, 0x72, (byte) 0x6e, (byte) 0x69, (byte) 0x61, - (byte) 0x31, (byte) 0x16, (byte) 0x30, (byte) 0x14, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x07, (byte) 0x0c, - (byte) 0x0d, (byte) 0x4d, 0x6f, (byte) 0x75, (byte) 0x6e, - (byte) 0x74, (byte) 0x61, (byte) 0x69, (byte) 0x6e, (byte) 0x20, - (byte) 0x56, (byte) 0x69, (byte) 0x65, (byte) 0x77, (byte) 0x31, - (byte) 0x15, (byte) 0x30, (byte) 0x13, 0x06, (byte) 0x03, - (byte) 0x55, (byte) 0x04, (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, - (byte) 0x47, (byte) 0x6f, (byte) 0x6f, (byte) 0x67, (byte) 0x6c, - (byte) 0x65, (byte) 0x2c, (byte) 0x20, (byte) 0x49, 0x6e, - (byte) 0x63, (byte) 0x2e, (byte) 0x31, (byte) 0x10, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0b, (byte) 0x0c, (byte) 0x07, (byte) 0x41, (byte) 0x6e, - 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, (byte) 0x64, - (byte) 0x31, (byte) 0x33, (byte) 0x30, (byte) 0x31, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x03, (byte) 0x0c, - (byte) 0x2a, 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x20, (byte) 0x4b, - (byte) 0x65, (byte) 0x79, (byte) 0x73, (byte) 0x74, (byte) 0x6f, - (byte) 0x72, (byte) 0x65, 0x20, (byte) 0x53, (byte) 0x6f, - (byte) 0x66, (byte) 0x74, (byte) 0x77, (byte) 0x61, (byte) 0x72, - (byte) 0x65, (byte) 0x20, (byte) 0x41, (byte) 0x74, (byte) 0x74, - (byte) 0x65, (byte) 0x73, (byte) 0x74, 0x61, (byte) 0x74, - (byte) 0x69, (byte) 0x6f, (byte) 0x6e, 0x77, (byte) 0x1f, - (byte) 0x44, (byte) 0x22, (byte) 0x6d, (byte) 0xbd, (byte) 0xb1, - (byte) 0xaf, (byte) 0xfa, (byte) 0x16, (byte) 0xcb, (byte) 0xc7, - (byte) 0xad, (byte) 0xc5, (byte) 0x77, (byte) 0xd2, (byte) 0x20, - (byte) 0x52, (byte) 0x6f, (byte) 0x6f, (byte) 0x74, (byte) 0x30, - (byte) 0x59, (byte) 0x30, (byte) 0x13, (byte) 0x06, (byte) 0x07, - 0x2a, (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, - (byte) 0x02, (byte) 0x01, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, (byte) 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x03, - (byte) 0x01, 0x07, (byte) 0x03, (byte) 0x42, (byte) 0x00, - (byte) 0x04, (byte) 0xee, (byte) 0x5d, (byte) 0x5e, (byte) 0xc7, - (byte) 0xe1, (byte) 0xc0, (byte) 0xdb, (byte) 0x6d, (byte) 0x03, - (byte) 0xa6, (byte) 0x7e, (byte) 0xe6, (byte) 0xb6, (byte) 0x1b, - (byte) 0xec, (byte) 0x4d, (byte) 0x6a, (byte) 0x5d, (byte) 0x6a, - (byte) 0x68, (byte) 0x2e, (byte) 0x0f, (byte) 0xff, (byte) 0x7f, - (byte) 0x49, (byte) 0x0e, (byte) 0x7d, 0x56, (byte) 0x9c, - (byte) 0xaa, (byte) 0xb7, (byte) 0xb0, (byte) 0x2d, (byte) 0x54, - (byte) 0x01, (byte) 0x5d, (byte) 0x3e, (byte) 0x43, (byte) 0x2b, - (byte) 0x2a, (byte) 0x8e, (byte) 0xd7, (byte) 0x4e, (byte) 0xec, - (byte) 0x48, (byte) 0x75, (byte) 0x41, (byte) 0xa4, (byte) 0xa3, - (byte) 0x63, (byte) 0x30, (byte) 0x61, (byte) 0x30, (byte) 0x1d, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x0e, - 0x04, (byte) 0x16, (byte) 0x04, (byte) 0x14, (byte) 0xc8, - (byte) 0xad, (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, - (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, (byte) 0x0d, (byte) 0x16, - (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a, - (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf, (byte) 0x30, - (byte) 0x1f, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - (byte) 0x23, (byte) 0x04, 0x18, (byte) 0x30, (byte) 0x16, - (byte) 0x80, (byte) 0x14, (byte) 0xc8, (byte) 0xad, (byte) 0xe9, - (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, - (byte) 0xcf, (byte) 0x0d, (byte) 0x16, 0x10, (byte) 0xe4, - (byte) 0x79, (byte) 0x43, (byte) 0x3a, (byte) 0x21, (byte) 0x5a, - (byte) 0x30, (byte) 0xcf, (byte) 0x30, (byte) 0x0f, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x1d, (byte) 0x13, 0x01, - (byte) 0x01, (byte) 0xff, (byte) 0x04, (byte) 0x05, (byte) 0x30, - (byte) 0x03, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x30, - (byte) 0x0e, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x1d, - 0x0f, (byte) 0x01, (byte) 0x01, (byte) 0xff, (byte) 0x04, - (byte) 0x04, (byte) 0x03, (byte) 0x02, (byte) 0x02, (byte) 0x84, - (byte) 0x30, (byte) 0x0a, (byte) 0x06, (byte) 0x08, (byte) 0x2a, - (byte) 0x86, 0x48, (byte) 0xce, (byte) 0x3d, (byte) 0x04, - (byte) 0x03, (byte) 0x02, (byte) 0x03, (byte) 0x47, (byte) 0x00, - (byte) 0x30, (byte) 0x44, (byte) 0x02, (byte) 0x20, (byte) 0x35, - (byte) 0x21, (byte) 0xa3, (byte) 0xef, (byte) 0x8b, (byte) 0x34, - (byte) 0x46, (byte) 0x1e, (byte) 0x9c, (byte) 0xd5, (byte) 0x60, - (byte) 0xf3, (byte) 0x1d, (byte) 0x58, (byte) 0x89, (byte) 0x20, - (byte) 0x6a, (byte) 0xdc, (byte) 0xa3, 0x65, (byte) 0x41, - (byte) 0xf6, (byte) 0x0d, (byte) 0x9e, (byte) 0xce, (byte) 0x8a, - (byte) 0x19, (byte) 0x8c, (byte) 0x66, (byte) 0x48, (byte) 0x60, - (byte) 0x7b, (byte) 0x02, (byte) 0x20, (byte) 0x4d, 0x0b, - (byte) 0xf3, (byte) 0x51, (byte) 0xd9, (byte) 0x30, (byte) 0x7c, - (byte) 0x7d, (byte) 0x5b, (byte) 0xda, (byte) 0x35, (byte) 0x34, - (byte) 0x1d, (byte) 0xa8, (byte) 0x47, (byte) 0x1b, (byte) 0x63, - (byte) 0xa5, (byte) 0x85, (byte) 0x65, (byte) 0x3c, (byte) 0xad, - (byte) 0x4f, (byte) 0x24, (byte) 0xa7, (byte) 0xe7, (byte) 0x4d, - (byte) 0xaf, (byte) 0x41, (byte) 0x7d, (byte) 0xf1, - (byte) 0xbf,}; - - private static final byte[] X509Issuer = { - (byte) 0x30, (byte) 0x81, (byte) 0x88, (byte) 0x31, (byte) 0x0b, - (byte) 0x30, (byte) 0x09, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x06, (byte) 0x13, (byte) 0x02, (byte) 0x55, - (byte) 0x53, (byte) 0x31, (byte) 0x13, (byte) 0x30, (byte) 0x11, - (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x08, - (byte) 0x0c, (byte) 0x0a, (byte) 0x43, (byte) 0x61, (byte) 0x6c, - (byte) 0x69, (byte) 0x66, (byte) 0x6f, (byte) 0x72, (byte) 0x6e, - (byte) 0x69, (byte) 0x61, (byte) 0x31, (byte) 0x15, (byte) 0x30, - (byte) 0x13, (byte) 0x06, (byte) 0x03, (byte) 0x55, (byte) 0x04, - (byte) 0x0a, (byte) 0x0c, (byte) 0x0c, (byte) 0x47, (byte) 0x6f, - (byte) 0x6f, (byte) 0x67, (byte) 0x6c, (byte) 0x65, (byte) 0x2c, - (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x63, (byte) 0x2e, - (byte) 0x31, (byte) 0x10, (byte) 0x30, (byte) 0x0e, (byte) 0x06, - (byte) 0x03, (byte) 0x55, (byte) 0x04, (byte) 0x0b, (byte) 0x0c, - (byte) 0x07, (byte) 0x41, (byte) 0x6e, (byte) 0x64, (byte) 0x72, - (byte) 0x6f, (byte) 0x69, (byte) 0x64, (byte) 0x31, (byte) 0x3b, - (byte) 0x30, (byte) 0x39, (byte) 0x06, (byte) 0x03, (byte) 0x55, - (byte) 0x04, (byte) 0x03, (byte) 0x0c, (byte) 0x32, (byte) 0x41, - (byte) 0x6e, (byte) 0x64, (byte) 0x72, (byte) 0x6f, (byte) 0x69, - (byte) 0x64, (byte) 0x20, (byte) 0x4b, (byte) 0x65, (byte) 0x79, - (byte) 0x73, (byte) 0x74, (byte) 0x6f, (byte) 0x72, (byte) 0x65, - (byte) 0x20, (byte) 0x53, (byte) 0x6f, (byte) 0x66, (byte) 0x74, - (byte) 0x77, (byte) 0x61, (byte) 0x72, (byte) 0x65, (byte) 0x20, - (byte) 0x41, (byte) 0x74, (byte) 0x74, (byte) 0x65, (byte) 0x73, - (byte) 0x74, (byte) 0x61, (byte) 0x74, (byte) 0x69, (byte) 0x6f, - (byte) 0x6e, (byte) 0x20, (byte) 0x49, (byte) 0x6e, (byte) 0x74, - (byte) 0x65, (byte) 0x72, (byte) 0x6d, (byte) 0x65, (byte) 0x64, - (byte) 0x69, (byte) 0x61, (byte) 0x74, (byte) 0x65}; - - private static final byte[] rsa_key_pkcs8 = { - (byte) 0x30, (byte) 0x82, (byte) 0x04, (byte) 0xbc, (byte) 0x02, (byte) 0x01, (byte) 0x00, - (byte) 0x30, (byte) 0x0d, (byte) 0x06, (byte) 0x09, (byte) 0x2a, (byte) 0x86, (byte) 0x48, - (byte) 0x86, (byte) 0xf7, (byte) 0x0d, (byte) 0x01, (byte) 0x01, (byte) 0x01, (byte) 0x05, - (byte) 0x00, (byte) 0x04, (byte) 0x82, (byte) 0x04, (byte) 0xa6, (byte) 0x30, (byte) 0x82, - (byte) 0x04, (byte) 0xa2, (byte) 0x02, (byte) 0x01, (byte) 0x00, (byte) 0x02, (byte) 0x82, - (byte) 0x01, (byte) 0x01, (byte) 0x00, (byte) 0xc5, (byte) 0x28, (byte) 0x06, (byte) 0xb1, - (byte) 0x75, (byte) 0x6c, (byte) 0x84, (byte) 0x7a, (byte) 0x61, (byte) 0x6e, (byte) 0x49, - (byte) 0x66, (byte) 0xf8, (byte) 0x60, (byte) 0x4f, (byte) 0xec, (byte) 0x17, (byte) 0x8b, - (byte) 0x34, (byte) 0xfc, (byte) 0x3f, (byte) 0xce, (byte) 0x70, (byte) 0x6a, (byte) 0x02, - (byte) 0xf2, (byte) 0xf3, (byte) 0x6b, (byte) 0xb4, (byte) 0x78, (byte) 0xac, (byte) 0x8c, - (byte) 0x7e, (byte) 0xc5, (byte) 0xf2, (byte) 0xa8, (byte) 0xea, (byte) 0xc1, (byte) 0xe5, - (byte) 0xd3, (byte) 0xa8, (byte) 0xa9, (byte) 0x4b, (byte) 0x4b, (byte) 0x5a, (byte) 0x49, - (byte) 0xc2, (byte) 0xe7, (byte) 0x85, (byte) 0xdf, (byte) 0x56, (byte) 0xa5, (byte) 0x34, - (byte) 0xb2, (byte) 0xb6, (byte) 0xfd, (byte) 0xf2, (byte) 0xbc, (byte) 0xf1, (byte) 0xca, - (byte) 0x34, (byte) 0xba, (byte) 0x60, (byte) 0x50, (byte) 0x8d, (byte) 0x0b, (byte) 0x61, - (byte) 0xca, (byte) 0xd2, (byte) 0x76, (byte) 0x7d, (byte) 0xe4, (byte) 0xff, (byte) 0xdf, - (byte) 0x39, (byte) 0x10, (byte) 0x68, (byte) 0x9c, (byte) 0x45, (byte) 0x79, (byte) 0x8c, - (byte) 0x80, (byte) 0x0b, (byte) 0x58, (byte) 0xe4, (byte) 0x30, (byte) 0x9b, (byte) 0x74, - (byte) 0xc5, (byte) 0x09, (byte) 0x5e, (byte) 0x16, (byte) 0xa1, (byte) 0x63, (byte) 0x7f, - (byte) 0x03, (byte) 0xe9, (byte) 0xb0, (byte) 0x87, (byte) 0xf9, (byte) 0x81, (byte) 0x69, - (byte) 0x35, (byte) 0xca, (byte) 0x86, (byte) 0xe6, (byte) 0xa2, (byte) 0x1d, (byte) 0x3f, - (byte) 0xb8, (byte) 0x66, (byte) 0x39, (byte) 0x35, (byte) 0xf0, (byte) 0xef, (byte) 0xe3, - (byte) 0xde, (byte) 0x11, (byte) 0xa9, (byte) 0x9d, (byte) 0x54, (byte) 0x6f, (byte) 0xa8, - (byte) 0x04, (byte) 0x67, (byte) 0x75, (byte) 0x83, (byte) 0x67, (byte) 0xfb, (byte) 0xc2, - (byte) 0x71, (byte) 0x25, (byte) 0x43, (byte) 0xbe, (byte) 0x9c, (byte) 0x8b, (byte) 0x3e, - (byte) 0x94, (byte) 0x5e, (byte) 0xc1, (byte) 0x18, (byte) 0x83, (byte) 0x48, (byte) 0x9f, - (byte) 0x4d, (byte) 0x09, (byte) 0x1c, (byte) 0x0c, (byte) 0x61, (byte) 0xc5, (byte) 0x50, - (byte) 0x47, (byte) 0x34, (byte) 0x49, (byte) 0x17, (byte) 0x51, (byte) 0x16, (byte) 0xbc, - (byte) 0x09, (byte) 0x9b, (byte) 0x14, (byte) 0xc9, (byte) 0x44, (byte) 0x68, (byte) 0x58, - (byte) 0x19, (byte) 0xac, (byte) 0xf9, (byte) 0xd5, (byte) 0xa8, (byte) 0x52, (byte) 0x1f, - (byte) 0xb2, (byte) 0xcc, (byte) 0x9a, (byte) 0x22, (byte) 0xfe, (byte) 0xa7, (byte) 0x76, - (byte) 0x12, (byte) 0xe6, (byte) 0xfa, (byte) 0x3b, (byte) 0xc8, (byte) 0xe5, (byte) 0x26, - (byte) 0x6f, (byte) 0x62, (byte) 0xd8, (byte) 0xa4, (byte) 0x20, (byte) 0x0a, (byte) 0x6b, - (byte) 0x82, (byte) 0x6e, (byte) 0x43, (byte) 0x34, (byte) 0x34, (byte) 0x00, (byte) 0x59, - (byte) 0xbb, (byte) 0x3e, (byte) 0x54, (byte) 0xc9, (byte) 0x35, (byte) 0x77, (byte) 0x14, - (byte) 0xfd, (byte) 0x8b, (byte) 0xbd, (byte) 0x4e, (byte) 0xf0, (byte) 0x82, (byte) 0x6c, - (byte) 0xd1, (byte) 0x3d, (byte) 0xc0, (byte) 0x65, (byte) 0x98, (byte) 0xe4, (byte) 0x7e, - (byte) 0x4b, (byte) 0x69, (byte) 0xe0, (byte) 0x06, (byte) 0x92, (byte) 0x69, (byte) 0xb0, - (byte) 0x77, (byte) 0x90, (byte) 0x6b, (byte) 0xaa, (byte) 0x48, (byte) 0x2b, (byte) 0xd5, - (byte) 0x27, (byte) 0x95, (byte) 0xc2, (byte) 0xa6, (byte) 0x84, (byte) 0x45, (byte) 0xe2, - (byte) 0x84, (byte) 0x18, (byte) 0x0f, (byte) 0xfe, (byte) 0xc5, (byte) 0xf9, (byte) 0xab, - (byte) 0xbd, (byte) 0x28, (byte) 0x1d, (byte) 0x33, (byte) 0xcf, (byte) 0xb3, (byte) 0xb3, - (byte) 0x02, (byte) 0x03, (byte) 0x01, (byte) 0x00, (byte) 0x01, (byte) 0x02, (byte) 0x82, - (byte) 0x01, (byte) 0x00, (byte) 0x35, (byte) 0x96, (byte) 0x54, (byte) 0x83, (byte) 0x65, - (byte) 0x6c, (byte) 0x32, (byte) 0x71, (byte) 0xe5, (byte) 0x0b, (byte) 0x89, (byte) 0xed, - (byte) 0xef, (byte) 0xf2, (byte) 0x95, (byte) 0xa6, (byte) 0x91, (byte) 0x1b, (byte) 0xa8, - (byte) 0x32, (byte) 0x2b, (byte) 0xd1, (byte) 0x9b, (byte) 0xa2, (byte) 0x64, (byte) 0xdc, - (byte) 0xce, (byte) 0x26, (byte) 0xe7, (byte) 0x2d, (byte) 0xa9, (byte) 0x90, (byte) 0xa2, - (byte) 0x60, (byte) 0x81, (byte) 0x3d, (byte) 0x42, (byte) 0x59, (byte) 0xa3, (byte) 0x73, - (byte) 0x2d, (byte) 0x33, (byte) 0x9e, (byte) 0xa0, (byte) 0x83, (byte) 0x90, (byte) 0xea, - (byte) 0xe5, (byte) 0xec, (byte) 0xf0, (byte) 0x30, (byte) 0x67, (byte) 0xc4, (byte) 0xf4, - (byte) 0x12, (byte) 0x62, (byte) 0xe1, (byte) 0xd8, (byte) 0x53, (byte) 0x4b, (byte) 0xe7, - (byte) 0x9b, (byte) 0x04, (byte) 0xd4, (byte) 0xc0, (byte) 0x11, (byte) 0x68, (byte) 0xea, - (byte) 0x2c, (byte) 0xdc, (byte) 0x42, (byte) 0x09, (byte) 0xbd, (byte) 0x36, (byte) 0x5a, - (byte) 0x17, (byte) 0x48, (byte) 0xa7, (byte) 0xb9, (byte) 0x06, (byte) 0x79, (byte) 0x96, - (byte) 0xcf, (byte) 0xfe, (byte) 0xc0, (byte) 0x3f, (byte) 0x29, (byte) 0xf1, (byte) 0xca, - (byte) 0x20, (byte) 0x6a, (byte) 0xaf, (byte) 0x71, (byte) 0xfc, (byte) 0x4e, (byte) 0x28, - (byte) 0xad, (byte) 0x1a, (byte) 0xeb, (byte) 0x4a, (byte) 0x78, (byte) 0xcf, (byte) 0x34, - (byte) 0xec, (byte) 0xb0, (byte) 0x4f, (byte) 0xfd, (byte) 0x9e, (byte) 0x3f, (byte) 0x94, - (byte) 0x8a, (byte) 0x4c, (byte) 0x60, (byte) 0x89, (byte) 0xf5, (byte) 0x5a, (byte) 0x15, - (byte) 0x20, (byte) 0xed, (byte) 0xde, (byte) 0x32, (byte) 0x76, (byte) 0x0a, (byte) 0xcf, - (byte) 0xef, (byte) 0xa2, (byte) 0xf4, (byte) 0x2d, (byte) 0x13, (byte) 0xd9, (byte) 0xea, - (byte) 0x74, (byte) 0x89, (byte) 0xe5, (byte) 0x17, (byte) 0xae, (byte) 0xbf, (byte) 0x1d, - (byte) 0xbe, (byte) 0x0a, (byte) 0xc4, (byte) 0x4b, (byte) 0xf7, (byte) 0xbb, (byte) 0xc9, - (byte) 0x33, (byte) 0xd7, (byte) 0x5b, (byte) 0xa3, (byte) 0x45, (byte) 0xf4, (byte) 0xbe, - (byte) 0x02, (byte) 0xe6, (byte) 0x77, (byte) 0xd7, (byte) 0xfa, (byte) 0xa5, (byte) 0xda, - (byte) 0x13, (byte) 0x68, (byte) 0x94, (byte) 0x9f, (byte) 0x3e, (byte) 0xff, (byte) 0x15, - (byte) 0xf4, (byte) 0xd6, (byte) 0xa8, (byte) 0x28, (byte) 0xe1, (byte) 0x3f, (byte) 0x4e, - (byte) 0xa0, (byte) 0xce, (byte) 0x38, (byte) 0xa5, (byte) 0xb5, (byte) 0x17, (byte) 0x65, - (byte) 0x14, (byte) 0x06, (byte) 0x6c, (byte) 0xca, (byte) 0xb5, (byte) 0x8f, (byte) 0x70, - (byte) 0x98, (byte) 0x4d, (byte) 0x2a, (byte) 0xda, (byte) 0xeb, (byte) 0xe9, (byte) 0x07, - (byte) 0xb8, (byte) 0x09, (byte) 0xe7, (byte) 0x29, (byte) 0x31, (byte) 0x17, (byte) 0xf6, - (byte) 0x61, (byte) 0x96, (byte) 0xbf, (byte) 0x98, (byte) 0x76, (byte) 0x0d, (byte) 0x93, - (byte) 0xe1, (byte) 0xf8, (byte) 0xc7, (byte) 0xd1, (byte) 0xc4, (byte) 0xd8, (byte) 0x3a, - (byte) 0x33, (byte) 0x66, (byte) 0x4e, (byte) 0x84, (byte) 0xbd, (byte) 0x35, (byte) 0x29, - (byte) 0x51, (byte) 0x32, (byte) 0x34, (byte) 0x02, (byte) 0xcc, (byte) 0x16, (byte) 0xc6, - (byte) 0xce, (byte) 0xfa, (byte) 0x4f, (byte) 0x11, (byte) 0x9f, (byte) 0x61, (byte) 0x19, - (byte) 0xf6, (byte) 0xb6, (byte) 0xc1, (byte) 0xa4, (byte) 0xef, (byte) 0x83, (byte) 0x17, - (byte) 0xf1, (byte) 0x1e, (byte) 0xe6, (byte) 0x08, (byte) 0x76, (byte) 0x7a, (byte) 0xf0, - (byte) 0xf7, (byte) 0xa2, (byte) 0x9d, (byte) 0xa3, (byte) 0xa5, (byte) 0x69, (byte) 0x02, - (byte) 0x81, (byte) 0x81, (byte) 0x00, (byte) 0xee, (byte) 0xb0, (byte) 0x63, (byte) 0x52, - (byte) 0x47, (byte) 0x7e, (byte) 0x94, (byte) 0x3b, (byte) 0xe5, (byte) 0x0c, (byte) 0x5c, - (byte) 0x0c, (byte) 0x5f, (byte) 0x9f, (byte) 0xec, (byte) 0xb8, (byte) 0xe6, (byte) 0x81, - (byte) 0x32, (byte) 0x7b, (byte) 0x2d, (byte) 0xf9, (byte) 0x2c, (byte) 0xa5, (byte) 0x30, - (byte) 0x86, (byte) 0x2b, (byte) 0xd0, (byte) 0x6f, (byte) 0x64, (byte) 0xfd, (byte) 0xb5, - (byte) 0xb7, (byte) 0x32, (byte) 0xe4, (byte) 0x02, (byte) 0x2f, (byte) 0x16, (byte) 0x94, - (byte) 0x95, (byte) 0xae, (byte) 0x7b, (byte) 0x57, (byte) 0xee, (byte) 0x4b, (byte) 0xf0, - (byte) 0xde, (byte) 0x9d, (byte) 0x54, (byte) 0x29, (byte) 0x99, (byte) 0xcc, (byte) 0xe0, - (byte) 0xf6, (byte) 0xb5, (byte) 0x17, (byte) 0x03, (byte) 0xfe, (byte) 0xfc, (byte) 0x56, - (byte) 0x91, (byte) 0x43, (byte) 0x22, (byte) 0xce, (byte) 0x0f, (byte) 0xfa, (byte) 0x08, - (byte) 0x88, (byte) 0x5e, (byte) 0xb6, (byte) 0x73, (byte) 0xaa, (byte) 0x82, (byte) 0xe7, - (byte) 0x4c, (byte) 0x2a, (byte) 0xaf, (byte) 0x80, (byte) 0xc6, (byte) 0x83, (byte) 0xab, - (byte) 0x2a, (byte) 0xdd, (byte) 0xd7, (byte) 0xc1, (byte) 0x15, (byte) 0xdb, (byte) 0x94, - (byte) 0x98, (byte) 0x0a, (byte) 0x97, (byte) 0x00, (byte) 0x26, (byte) 0x5b, (byte) 0x62, - (byte) 0x0b, (byte) 0x27, (byte) 0xc3, (byte) 0x64, (byte) 0x38, (byte) 0x98, (byte) 0xd7, - (byte) 0x26, (byte) 0xcf, (byte) 0x73, (byte) 0x98, (byte) 0xe4, (byte) 0x59, (byte) 0x0a, - (byte) 0xb1, (byte) 0x06, (byte) 0x1f, (byte) 0x80, (byte) 0x3c, (byte) 0x19, (byte) 0x20, - (byte) 0x1b, (byte) 0xc3, (byte) 0x47, (byte) 0xaf, (byte) 0x2b, (byte) 0x12, (byte) 0xdf, - (byte) 0xef, (byte) 0x1d, (byte) 0x4d, (byte) 0xfc, (byte) 0xbd, (byte) 0x02, (byte) 0x81, - (byte) 0x81, (byte) 0x00, (byte) 0xd3, (byte) 0x74, (byte) 0x85, (byte) 0xf6, (byte) 0xad, - (byte) 0xdf, (byte) 0x84, (byte) 0xf4, (byte) 0xde, (byte) 0x97, (byte) 0x19, (byte) 0x30, - (byte) 0xa8, (byte) 0x4a, (byte) 0xf6, (byte) 0x7f, (byte) 0x80, (byte) 0x55, (byte) 0x49, - (byte) 0xad, (byte) 0x55, (byte) 0x2c, (byte) 0x87, (byte) 0x5f, (byte) 0x29, (byte) 0xda, - (byte) 0x7a, (byte) 0x81, (byte) 0xd6, (byte) 0xe5, (byte) 0xd8, (byte) 0x8e, (byte) 0x9f, - (byte) 0xbd, (byte) 0x35, (byte) 0xfe, (byte) 0x82, (byte) 0x0b, (byte) 0x5c, (byte) 0x28, - (byte) 0x95, (byte) 0x44, (byte) 0xab, (byte) 0x8c, (byte) 0x9e, (byte) 0xa1, (byte) 0xf2, - (byte) 0x5f, (byte) 0x2a, (byte) 0x6a, (byte) 0x96, (byte) 0x35, (byte) 0xbc, (byte) 0x09, - (byte) 0x4a, (byte) 0xb1, (byte) 0x19, (byte) 0x2f, (byte) 0xc1, (byte) 0x00, (byte) 0xba, - (byte) 0x3f, (byte) 0x8b, (byte) 0x9e, (byte) 0x2b, (byte) 0xbd, (byte) 0x0a, (byte) 0x0f, - (byte) 0x2d, (byte) 0x75, (byte) 0x09, (byte) 0xb6, (byte) 0xea, (byte) 0x98, (byte) 0xb1, - (byte) 0xff, (byte) 0xd8, (byte) 0x21, (byte) 0x13, (byte) 0x5d, (byte) 0xee, (byte) 0x5b, - (byte) 0xf2, (byte) 0xad, (byte) 0x46, (byte) 0x81, (byte) 0x9d, (byte) 0x18, (byte) 0x2b, - (byte) 0x9e, (byte) 0x77, (byte) 0x78, (byte) 0x27, (byte) 0xf5, (byte) 0x3a, (byte) 0x5a, - (byte) 0xb5, (byte) 0x9b, (byte) 0x02, (byte) 0x66, (byte) 0x1b, (byte) 0xb8, (byte) 0x51, - (byte) 0x9a, (byte) 0x07, (byte) 0xb7, (byte) 0x3f, (byte) 0x41, (byte) 0x8b, (byte) 0xfe, - (byte) 0x1e, (byte) 0x85, (byte) 0xc7, (byte) 0xfe, (byte) 0x01, (byte) 0x7a, (byte) 0x7e, - (byte) 0x2e, (byte) 0xb6, (byte) 0x3b, (byte) 0x64, (byte) 0x6e, (byte) 0xdc, (byte) 0x9d, - (byte) 0x7a, (byte) 0x48, (byte) 0xd1, (byte) 0x2f, (byte) 0x02, (byte) 0x81, (byte) 0x80, - (byte) 0x36, (byte) 0x6a, (byte) 0x76, (byte) 0x2a, (byte) 0x42, (byte) 0xec, (byte) 0x63, - (byte) 0xa5, (byte) 0x08, (byte) 0x01, (byte) 0xfa, (byte) 0x56, (byte) 0x43, (byte) 0xd2, - (byte) 0xb4, (byte) 0xe8, (byte) 0x2e, (byte) 0x7c, (byte) 0xd3, (byte) 0xe2, (byte) 0x6b, - (byte) 0x47, (byte) 0xbc, (byte) 0x5a, (byte) 0xe8, (byte) 0xa6, (byte) 0x1e, (byte) 0x05, - (byte) 0x05, (byte) 0xf0, (byte) 0x53, (byte) 0x3b, (byte) 0x03, (byte) 0x4a, (byte) 0x11, - (byte) 0xdb, (byte) 0x41, (byte) 0x9a, (byte) 0xf7, (byte) 0x42, (byte) 0xec, (byte) 0xa5, - (byte) 0x68, (byte) 0x15, (byte) 0x86, (byte) 0xb0, (byte) 0xa2, (byte) 0x3f, (byte) 0xe1, - (byte) 0xf9, (byte) 0x1d, (byte) 0xfc, (byte) 0x2c, (byte) 0x69, (byte) 0x72, (byte) 0x3d, - (byte) 0x8e, (byte) 0x06, (byte) 0xaa, (byte) 0xc6, (byte) 0x9d, (byte) 0x95, (byte) 0x5d, - (byte) 0xb0, (byte) 0xf6, (byte) 0xc9, (byte) 0x7c, (byte) 0xfa, (byte) 0x82, (byte) 0x05, - (byte) 0x3c, (byte) 0x77, (byte) 0x6a, (byte) 0x22, (byte) 0x8b, (byte) 0x25, (byte) 0xcc, - (byte) 0x1f, (byte) 0x22, (byte) 0xa2, (byte) 0xcf, (byte) 0xfa, (byte) 0x14, (byte) 0xdb, - (byte) 0x64, (byte) 0x44, (byte) 0xb4, (byte) 0x6b, (byte) 0xbb, (byte) 0x01, (byte) 0xe7, - (byte) 0x0c, (byte) 0xfc, (byte) 0xb1, (byte) 0xa6, (byte) 0xb7, (byte) 0x7e, (byte) 0x58, - (byte) 0x38, (byte) 0x58, (byte) 0x02, (byte) 0xd8, (byte) 0x42, (byte) 0x1b, (byte) 0xd7, - (byte) 0x71, (byte) 0xca, (byte) 0xd5, (byte) 0x55, (byte) 0xef, (byte) 0xa7, (byte) 0xc2, - (byte) 0xb4, (byte) 0xbc, (byte) 0x7e, (byte) 0xc9, (byte) 0xe8, (byte) 0x2a, (byte) 0x6c, - (byte) 0x04, (byte) 0x4e, (byte) 0x60, (byte) 0x9e, (byte) 0x36, (byte) 0xe8, (byte) 0x4a, - (byte) 0x68, (byte) 0x4d, (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x06, (byte) 0x73, - (byte) 0x24, (byte) 0x6e, (byte) 0xec, (byte) 0xc8, (byte) 0xc7, (byte) 0x96, (byte) 0x6c, - (byte) 0x7f, (byte) 0xb1, (byte) 0x5e, (byte) 0x01, (byte) 0x94, (byte) 0x1f, (byte) 0xc6, - (byte) 0xad, (byte) 0xd4, (byte) 0x6c, (byte) 0x25, (byte) 0xe4, (byte) 0x56, (byte) 0x32, - (byte) 0x5e, (byte) 0xdd, (byte) 0xb8, (byte) 0xf3, (byte) 0x49, (byte) 0xa8, (byte) 0x93, - (byte) 0x64, (byte) 0x32, (byte) 0x9d, (byte) 0x7e, (byte) 0xb8, (byte) 0xf9, (byte) 0xe5, - (byte) 0x5f, (byte) 0x91, (byte) 0x55, (byte) 0x0f, (byte) 0x90, (byte) 0x83, (byte) 0xa7, - (byte) 0x0b, (byte) 0x63, (byte) 0xa7, (byte) 0x2f, (byte) 0xed, (byte) 0xec, (byte) 0x48, - (byte) 0x5e, (byte) 0xa5, (byte) 0x38, (byte) 0xa7, (byte) 0x55, (byte) 0x95, (byte) 0x8e, - (byte) 0x16, (byte) 0x55, (byte) 0xfe, (byte) 0x58, (byte) 0x57, (byte) 0xda, (byte) 0xe0, - (byte) 0x3c, (byte) 0xa8, (byte) 0xe4, (byte) 0xe3, (byte) 0x9f, (byte) 0x11, (byte) 0x47, - (byte) 0xca, (byte) 0x0a, (byte) 0x14, (byte) 0x4b, (byte) 0xd8, (byte) 0x7c, (byte) 0xd1, - (byte) 0xc9, (byte) 0x68, (byte) 0xae, (byte) 0xd7, (byte) 0x4d, (byte) 0x1f, (byte) 0xbc, - (byte) 0x6e, (byte) 0x5d, (byte) 0x41, (byte) 0x5f, (byte) 0x59, (byte) 0x07, (byte) 0x8a, - (byte) 0x38, (byte) 0x79, (byte) 0xaa, (byte) 0x30, (byte) 0xa5, (byte) 0xe4, (byte) 0xc1, - (byte) 0xd6, (byte) 0x90, (byte) 0x9d, (byte) 0xb4, (byte) 0x94, (byte) 0x0d, (byte) 0xab, - (byte) 0xd9, (byte) 0x44, (byte) 0xfa, (byte) 0xe0, (byte) 0x55, (byte) 0x76, (byte) 0x4f, - (byte) 0x32, (byte) 0x1e, (byte) 0x59, (byte) 0x60, (byte) 0xf5, (byte) 0x60, (byte) 0x04, - (byte) 0x65, (byte) 0x39, (byte) 0x47, (byte) 0x78, (byte) 0x66, (byte) 0x66, (byte) 0x33, - (byte) 0x02, (byte) 0x81, (byte) 0x80, (byte) 0x37, (byte) 0x90, (byte) 0x1c, (byte) 0x72, - (byte) 0x46, (byte) 0xc4, (byte) 0xda, (byte) 0x2c, (byte) 0x50, (byte) 0xb8, (byte) 0x4f, - (byte) 0xdc, (byte) 0x82, (byte) 0x98, (byte) 0xbc, (byte) 0xec, (byte) 0x1d, (byte) 0x84, - (byte) 0xc1, (byte) 0x33, (byte) 0xb7, (byte) 0x60, (byte) 0x1e, (byte) 0x58, (byte) 0x81, - (byte) 0x01, (byte) 0x24, (byte) 0x4c, (byte) 0x66, (byte) 0x17, (byte) 0xbc, (byte) 0xc3, - (byte) 0x83, (byte) 0x0b, (byte) 0x10, (byte) 0x38, (byte) 0x3c, (byte) 0x3c, (byte) 0xb4, - (byte) 0x36, (byte) 0x0e, (byte) 0x1b, (byte) 0xb5, (byte) 0x93, (byte) 0xd7, (byte) 0x47, - (byte) 0x14, (byte) 0x48, (byte) 0xf1, (byte) 0xf9, (byte) 0x53, (byte) 0xb5, (byte) 0xe1, - (byte) 0xe3, (byte) 0x0b, (byte) 0x51, (byte) 0x02, (byte) 0x14, (byte) 0x24, (byte) 0x0c, - (byte) 0x37, (byte) 0xf5, (byte) 0x78, (byte) 0xac, (byte) 0x00, (byte) 0x9f, (byte) 0xb2, - (byte) 0xfb, (byte) 0x32, (byte) 0x6c, (byte) 0xef, (byte) 0x2d, (byte) 0xa1, (byte) 0x7c, - (byte) 0xaf, (byte) 0xbb, (byte) 0x53, (byte) 0x9e, (byte) 0x7a, (byte) 0xc2, (byte) 0x5f, - (byte) 0x37, (byte) 0x74, (byte) 0xe9, (byte) 0x9b, (byte) 0x2b, (byte) 0xdb, (byte) 0x48, - (byte) 0xa0, (byte) 0x62, (byte) 0xcb, (byte) 0xee, (byte) 0x80, (byte) 0x07, (byte) 0xdc, - (byte) 0x0c, (byte) 0xc5, (byte) 0xe6, (byte) 0xc5, (byte) 0xbe, (byte) 0xd8, (byte) 0x82, - (byte) 0xd1, (byte) 0xd8, (byte) 0xd0, (byte) 0xd5, (byte) 0x8c, (byte) 0x55, (byte) 0xd4, - (byte) 0xfa, (byte) 0x50, (byte) 0x05, (byte) 0x7a, (byte) 0x02, (byte) 0x6d, (byte) 0xda, - (byte) 0x56, (byte) 0xec, (byte) 0xca, (byte) 0xf4, (byte) 0x27, (byte) 0xf0, (byte) 0x8f, - (byte) 0x8f, (byte) 0xc5, (byte) 0x3c, (byte) 0x28, (byte) 0x30 - }; - - private static final byte[] ec_key_pkcs8 = { - (byte)0x30, (byte)0x81, (byte)0x87, (byte)0x02, (byte)0x01, (byte)0x00, - (byte)0x30, (byte)0x13, (byte)0x06, (byte)0x07, (byte)0x2a, (byte)0x86, - (byte)0x48, (byte)0xce, (byte)0x3d, (byte)0x02, (byte)0x01, (byte)0x06, - (byte)0x08, (byte)0x2a, (byte)0x86, (byte)0x48, (byte)0xce, (byte)0x3d, - (byte)0x03, (byte)0x01, (byte)0x07, (byte)0x04, (byte)0x6d, (byte)0x30, - (byte)0x6b, (byte)0x02, (byte)0x01, (byte)0x01, (byte)0x04, (byte)0x20, - (byte)0xfc, (byte)0x06, (byte)0xed, (byte)0x57, (byte)0xe9, (byte)0x03, - (byte)0xd9, (byte)0xfe, (byte)0x3f, (byte)0x32, (byte)0x34, (byte)0x0f, - (byte)0xd3, (byte)0x69, (byte)0x0a, (byte)0x4d, (byte)0xe8, (byte)0x0b, - (byte)0x08, (byte)0xcd, (byte)0x17, (byte)0x1c, (byte)0x5f, (byte)0xe5, - (byte)0xd3, (byte)0xaa, (byte)0x34, (byte)0xd2, (byte)0x09, (byte)0x0b, - (byte)0xb2, (byte)0x1a, (byte)0xa1, (byte)0x44, (byte)0x03, (byte)0x42, - (byte)0x00, (byte)0x04, (byte)0xf7, (byte)0x84, (byte)0xf4, (byte)0xae, - (byte)0xf2, (byte)0x80, (byte)0xca, (byte)0xe0, (byte)0xe6, (byte)0x38, - (byte)0x63, (byte)0x83, (byte)0x39, (byte)0x65, (byte)0xd7, (byte)0x4c, - (byte)0x3d, (byte)0x75, (byte)0x13, (byte)0x7a, (byte)0x3b, (byte)0xcd, - (byte)0x1a, (byte)0xca, (byte)0xa1, (byte)0x4b, (byte)0x1d, (byte)0xa1, - (byte)0x6a, (byte)0xa2, (byte)0x13, (byte)0xf5, (byte)0xf5, (byte)0xee, - (byte)0x90, (byte)0x92, (byte)0xeb, (byte)0x8f, (byte)0x67, (byte)0xb1, - (byte)0xd0, (byte)0xa2, (byte)0x6e, (byte)0x02, (byte)0x1a, (byte)0x83, - (byte)0x12, (byte)0x5b, (byte)0x68, (byte)0x8e, (byte)0x50, (byte)0x65, - (byte)0x35, (byte)0x66, (byte)0xa1, (byte)0xee, (byte)0x86, (byte)0x62, - (byte)0x22, (byte)0xe6, (byte)0x00, (byte)0x61, (byte)0x54, (byte)0x86 - }; - // AttestationApplicationId ::= SEQUENCE { - // * packageInfoRecords SET OF PackageInfoRecord, - // * signatureDigests SET OF OCTET_STRING, - // * } - // * - // * PackageInfoRecord ::= SEQUENCE { - // * packageName OCTET_STRING, - // * version INTEGER, - // * } - private static final byte[] attAppId = {0x30, 0x10, 0x31, 0x0B, 0x30, 0x04, 0x05, 'A', 'B', 'C', - 'D', 'E', 0x02, 0x01, 0x01, 0x31, 0x02, 0x04, 0x00}; - private static final byte[] attChallenge = {'c', 'h', 'a', 'l', 'l', 'e', 'n', 'g', 'e'}; - private static final byte[] expiryTime = {(byte) 0x32, (byte) 0x36, (byte) 0x30, (byte) 0x31, - (byte) 0x30, (byte) 0x38, (byte) 0x30, (byte) 0x30, (byte) 0x34, (byte) 0x36, (byte) 0x30, - (byte) 0x39, (byte) 0x5a}; - private static final byte[] authKeyId = {(byte) 0x80, (byte) 0x14, (byte) 0xc8, (byte) 0xad, - (byte) 0xe9, (byte) 0x77, (byte) 0x4c, (byte) 0x45, (byte) 0xc3, (byte) 0xa3, (byte) 0xcf, - (byte) 0x0d, (byte) 0x16, (byte) 0x10, (byte) 0xe4, (byte) 0x79, (byte) 0x43, (byte) 0x3a, - (byte) 0x21, (byte) 0x5a, (byte) 0x30, (byte) 0xcf}; - private static final int OS_VERSION = 1; - private static final int OS_PATCH_LEVEL = 1; - private static final int VENDOR_PATCH_LEVEL = 1; - private static final int BOOT_PATCH_LEVEL = 1; - private static final short MAJOR_TYPE_MASK = 0xE0; - private static final byte CBOR_ARRAY_MAJOR_TYPE = (byte) 0x80; - private static final byte CBOR_UINT_MAJOR_TYPE = 0x00; - private static final short SE_POWER_RESET_FLAG = (short) 0x4000; - private static final boolean RESET = true; - private static final boolean NO_RESET = false; - - private CardSimulator simulator; - private KMEncoder encoder; - private KMDecoder decoder; - private KMSEProvider cryptoProvider; - - public KMFunctionalTest() { - cryptoProvider = new KMJCardSimulator(); - simulator = new CardSimulator(); - encoder = new KMEncoder(); - decoder = new KMDecoder(); - } - - private void init() { - // Create simulator - AID appletAID = AIDUtil.create("A000000062"); - simulator.installApplet(appletAID, KMJCardSimApplet.class); - // Select applet - simulator.selectApplet(appletAID); - // provision attest key - provisionCmd(simulator); - } - - private void setAndroidOSSystemProperties(CardSimulator simulator, short osVersion, - short osPatchLevel, short vendorPatchLevel) { - // Argument 1 OS Version - short versionPtr = KMInteger.uint_16(osVersion); - // short versionTagPtr = KMIntegerTag.instance(KMType.UINT_TAG, - // KMType.OS_VERSION,versionPatchPtr); - // Argument 2 OS Patch level - short patchPtr = KMInteger.uint_16(osPatchLevel); - short vendorpatchPtr = KMInteger.uint_16((short) vendorPatchLevel); - // Arguments - short arrPtr = KMArray.instance((short) 3); - KMArray vals = KMArray.cast(arrPtr); - vals.add((short) 0, versionPtr); - vals.add((short) 1, patchPtr); - vals.add((short) 2, vendorpatchPtr); - CommandAPDU apdu = encodeApdu((byte) INS_SET_VERSION_PATCHLEVEL_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - - } - - private void setBootParams(CardSimulator simulator, short bootPatchLevel) { - // Argument 0 boot patch level - short bootpatchPtr = KMInteger.uint_16((short) bootPatchLevel); - // Argument 1 Verified Boot Key - byte[] bootKeyHash = "00011122233344455566677788899900".getBytes(); - short bootKeyPtr = KMByteBlob.instance(bootKeyHash, (short) 0, - (short) bootKeyHash.length); - // Argument 2 Verified Boot Hash - short bootHashPtr = KMByteBlob.instance(bootKeyHash, (short) 0, - (short) bootKeyHash.length); - // Argument 3 Verified Boot State - short bootStatePtr = KMEnum.instance(KMType.VERIFIED_BOOT_STATE, - KMType.VERIFIED_BOOT); - // Argument 4 Device Locked - short deviceLockedPtr = KMEnum.instance(KMType.DEVICE_LOCKED, - KMType.DEVICE_LOCKED_FALSE); - // Arguments - short arrPtr = KMArray.instance((short) 5); - KMArray vals = KMArray.cast(arrPtr); - vals.add((short) 0, bootpatchPtr); - vals.add((short) 1, bootKeyPtr); - vals.add((short) 2, bootHashPtr); - vals.add((short) 3, bootStatePtr); - vals.add((short) 4, deviceLockedPtr); - CommandAPDU apdu = encodeApdu((byte) INS_SET_BOOT_PARAMS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - - } - - private void provisionSigningCertificate(CardSimulator simulator) { - short arrPtr = KMArray.instance((short) 3); - - short byteBlobPtr = KMByteBlob.instance( - (short) (kEcAttestCert.length + kEcAttestRootCert.length)); - Util.arrayCopyNonAtomic(kEcAttestCert, (short) 0, - KMByteBlob.cast(byteBlobPtr).getBuffer(), - KMByteBlob.cast(byteBlobPtr).getStartOff(), - (short) kEcAttestCert.length); - Util.arrayCopyNonAtomic(kEcAttestRootCert, (short) 0, - KMByteBlob.cast(byteBlobPtr).getBuffer(), - (short) (KMByteBlob.cast(byteBlobPtr).getStartOff() - + kEcAttestCert.length), - (short) kEcAttestRootCert.length); - KMArray.cast(arrPtr).add((short) 0, byteBlobPtr); - - short byteBlob1 = KMByteBlob.instance(X509Issuer, (short) 0, - (short) X509Issuer.length); - KMArray.cast(arrPtr).add((short) 1, byteBlob1); - short byteBlob2 = KMByteBlob.instance(expiryTime, (short) 0, - (short) expiryTime.length); - KMArray.cast(arrPtr).add((short) 2, byteBlob2); - - CommandAPDU apdu = encodeApdu( - (byte) INS_PROVISION_ATTESTATION_CERT_DATA_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionSigningKey(CardSimulator simulator) { - // KeyParameters. - short arrPtr = KMArray.instance((short) 4); - short ecCurve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short byteBlob2 = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob2).add((short) 0, KMType.ATTEST_KEY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob2); - KMArray.cast(arrPtr).add((short) 0, ecCurve); - KMArray.cast(arrPtr).add((short) 1, digest); - KMArray.cast(arrPtr).add((short) 2, - KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); - KMArray.cast(arrPtr).add((short) 3, purpose); - short keyParams = KMKeyParameters.instance(arrPtr); - // Note: VTS uses PKCS8 KeyFormat RAW - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); - - // Key - short signKeyPtr = KMArray.instance((short) 2); - KMArray.cast(signKeyPtr).add((short) 0, KMByteBlob.instance(kEcPrivKey, - (short) 0, (short) kEcPrivKey.length)); - KMArray.cast(signKeyPtr).add((short) 1, KMByteBlob.instance(kEcPubKey, - (short) 0, (short) kEcPubKey.length)); - byte[] keyBuf = new byte[120]; - short len = encoder.encode(signKeyPtr, keyBuf, (short) 0); - short signKeyBstr = KMByteBlob.instance(keyBuf, (short) 0, len); - - short finalArrayPtr = KMArray.instance((short) 3); - KMArray.cast(finalArrayPtr).add((short) 0, keyParams); - KMArray.cast(finalArrayPtr).add((short) 1, keyFormatPtr); - KMArray.cast(finalArrayPtr).add((short) 2, signKeyBstr); - - CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTESTATION_KEY_CMD, - finalArrayPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionSharedSecret(CardSimulator simulator) { - byte[] sharedKeySecret = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0}; - short arrPtr = KMArray.instance((short) 1); - short byteBlob = KMByteBlob.instance(sharedKeySecret, (short) 0, - (short) sharedKeySecret.length); - KMArray.cast(arrPtr).add((short) 0, byteBlob); - - CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_PRESHARED_SECRET_CMD, - arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionAttestIds(CardSimulator simulator) { - short arrPtr = KMArray.instance((short) 8); - - byte[] buf = "Attestation Id".getBytes(); - - KMArray.cast(arrPtr).add((short) 0, - KMByteTag.instance(KMType.ATTESTATION_ID_BRAND, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 1, - KMByteTag.instance(KMType.ATTESTATION_ID_PRODUCT, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 2, - KMByteTag.instance(KMType.ATTESTATION_ID_DEVICE, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 3, - KMByteTag.instance(KMType.ATTESTATION_ID_MODEL, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 4, - KMByteTag.instance(KMType.ATTESTATION_ID_IMEI, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 5, - KMByteTag.instance(KMType.ATTESTATION_ID_MEID, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 6, - KMByteTag.instance(KMType.ATTESTATION_ID_MANUFACTURER, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - KMArray.cast(arrPtr).add((short) 7, - KMByteTag.instance(KMType.ATTESTATION_ID_SERIAL, - KMByteBlob.instance(buf, (short) 0, (short) buf.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - short outerArrPtr = KMArray.instance((short) 1); - KMArray.cast(outerArrPtr).add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_PROVISION_ATTEST_IDS_CMD, - outerArrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionLocked(CardSimulator simulator) { - CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_LOCK_PROVISIONING_CMD, - 0x40, 0x00); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - Assert.assertEquals(0x9000, response.getSW()); - } - - private void provisionCmd(CardSimulator simulator) { - provisionSigningKey(simulator); - provisionSigningCertificate(simulator); - provisionSharedSecret(simulator); - provisionAttestIds(simulator); - // set bootup parameters - setBootParams(simulator, (short) BOOT_PATCH_LEVEL); - // set android system properties - setAndroidOSSystemProperties(simulator, (short) OS_VERSION, (short) OS_PATCH_LEVEL, - (short) VENDOR_PATCH_LEVEL); - provisionLocked(simulator); - } - - private void cleanUp() { - AID appletAID = AIDUtil.create("A000000062"); - // Delete i.e. uninstall applet - simulator.deleteApplet(appletAID); - } - - private void resetAndSelect() { - simulator.reset(); - AID appletAID = AIDUtil.create("A000000062"); - // Select applet - simulator.selectApplet(appletAID); - } - - - private CommandAPDU encodeApdu(byte ins, short cmd) { - byte[] buf = new byte[2500]; - buf[0] = (byte) 0x80; - buf[1] = ins; - buf[2] = (byte) 0x40; - buf[3] = (byte) 0x00; - buf[4] = 0; - short len = encoder.encode(cmd, buf, (short) 7); - Util.setShort(buf, (short) 5, len); - byte[] apdu = new byte[7 + len]; - Util.arrayCopyNonAtomic(buf, (short) 0, apdu, (short) 0, (short) (7 + len)); - //CommandAPDU commandAPDU = new CommandAPDU(0x80, 0x10, 0x40, 0x00, buf, 0, actualLen); - return new CommandAPDU(apdu); - } - - @Test - public void testAesImportKeySuccess() { - init(); - byte[] aesKeySecret = new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - short arrPtr = KMArray.instance((short) 5); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 128)); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.ECB); - short blockMode = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.PKCS7); - short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - KMArray.cast(arrPtr).add((short) 0, boolTag); - KMArray.cast(arrPtr).add((short) 1, keySize); - KMArray.cast(arrPtr).add((short) 2, blockMode); - KMArray.cast(arrPtr).add((short) 3, paddingMode); - KMArray.cast(arrPtr).add((short) 4, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); - short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); - short keyBlob = KMByteBlob.instance(aesKeySecret, (short) 0, (short) 16); - arrPtr = KMArray.instance((short) 3); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short) 1, keyFormatPtr); - arg.add((short) 2, keyBlob); - CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.PKCS7)); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.ECB)); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.AES); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); - cleanUp(); - } - - @Test - public void testHmacImportKeySuccess() { - init(); - byte[] hmacKeySecret = new byte[]{0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - short arrPtr = KMArray.instance((short) 5); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 128)); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short minMacLength = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short) 256)); - KMArray.cast(arrPtr).add((short) 0, boolTag); - KMArray.cast(arrPtr).add((short) 1, keySize); - KMArray.cast(arrPtr).add((short) 2, digest); - KMArray.cast(arrPtr).add((short) 3, minMacLength); - KMArray.cast(arrPtr).add((short) 4, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); - short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW); - short keyBlob = KMByteBlob.instance(hmacKeySecret, (short) 0, (short) 16); - arrPtr = KMArray.instance((short) 3); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short) 1, keyFormatPtr); - arg.add((short) 2, keyBlob); - CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.HMAC); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); - cleanUp(); - } - - @Test - public void testRsaImportKeySuccess() { - init(); - byte[] pub = new byte[]{0x00, 0x01, 0x00, 0x01}; - short arrPtr = KMArray.instance((short) 6); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 2048)); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short rsaPubExpTag = KMIntegerTag.instance(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, - KMInteger.uint_32(pub, (short) 0)); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.RSA_PSS); - short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - KMArray.cast(arrPtr).add((short) 0, boolTag); - KMArray.cast(arrPtr).add((short) 1, keySize); - KMArray.cast(arrPtr).add((short) 2, digest); - KMArray.cast(arrPtr).add((short) 3, rsaPubExpTag); - KMArray.cast(arrPtr).add((short) 4, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - KMArray.cast(arrPtr).add((short) 5, padding); - short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.PKCS8); - short keyBlob = KMByteBlob.instance(rsa_key_pkcs8, (short) 0, (short) rsa_key_pkcs8.length); - arrPtr = KMArray.instance((short) 3); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short) 1, keyFormatPtr); - arg.add((short) 2, keyBlob); - CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 2048); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.RSA_PSS)); - tag = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), - 0x01); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 0x01); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.RSA); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); - cleanUp(); - } - - @Test - public void testDeviceLocked() { - init(); - byte[] hmacKey = new byte[32]; - cryptoProvider.newRandomNumber(hmacKey, (short) 0, (short) 32); - cryptoProvider.createComputedHmacKey(hmacKey, (short) 0, (short) 32); - // generate aes key with unlocked_device_required - short aesKey = generateAesDesKey(KMType.AES, (short) 128, null, null, true); - short keyBlobPtr = KMArray.cast(aesKey).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - // encrypt something - short inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, null); - byte[] plainData = "Hello World 123!".getBytes(); - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short) 0, null, false, false - ); - keyBlobPtr = KMArray.cast(ret).get((short) 2); - byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - cipherData, (short) 0, (short) cipherData.length); - // create verification token - short verToken = KMVerificationToken.instance(); - KMVerificationToken.cast(verToken).setTimestamp(KMInteger.uint_16((short) 1)); - verToken = signVerificationToken(verToken, KMConfigurations.TEE_MACHINE_TYPE); - // device locked request - deviceLock(verToken, KMError.VERIFICATION_FAILED); - cleanUp(); - } - - private short signHwToken(short hwToken) { - short len = 0; - byte[] scratchPad = new byte[256]; - // add 0 - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - len = 1; - // concatenate challenge - 8 bytes - short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate user id - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getUserId(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate authenticator id - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate authenticator type - 4 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType(); - scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); - len += 4; - // concatenate timestamp -8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // hmac the data -/* HMACKey key = - cryptoProvider.createHMACKey( - KMRepository.instance().getComputedHmacKey(), - (short) 0, - (short) KMRepository.instance().getComputedHmacKey().length); - - */ - byte[] mac = new byte[32]; - short key = KMByteBlob.instance((short) 32); - KMHmacKey computedHmacKey = (KMHmacKey) cryptoProvider.getComputedHmacKey(); - computedHmacKey.getKey(KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff()); - cryptoProvider.hmacSign( - KMByteBlob.cast(key).getBuffer(), - KMByteBlob.cast(key).getStartOff(), - KMByteBlob.cast(key).length(), - scratchPad, (short) 0, len, - mac, - (short) 0); - KMHardwareAuthToken.cast(hwToken) - .setMac(KMByteBlob.instance(mac, (short) 0, (short) mac.length)); - return hwToken; - } - - private void deviceLock(short verToken, short expectedError) { - short req = KMArray.instance((short) 2); - KMArray.cast(req).add((short) 0, KMInteger.uint_8((byte) 1)); - KMArray.cast(req).add((short) 1, verToken); - CommandAPDU apdu = encodeApdu((byte) INS_DEVICE_LOCKED_CMD, req); - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - byte majorType = readMajorType(respBuf); - short retError; - if (majorType == CBOR_ARRAY_MAJOR_TYPE) { - short ret = KMArray.instance((short) 1); - ret = decoder.decode(ret, respBuf, (short) 0, len); - retError = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - } else {//Major type UINT. - short ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, len); - retError = KMInteger.cast(ret).getShort(); - } - Assert.assertEquals(retError, expectedError); - } - - private short signVerificationToken(short verToken, byte machineType) { - byte[] scratchPad = new byte[256]; - byte[] authVer = "Auth Verification".getBytes(); - //print(authVer,(short)0,(short)authVer.length); - // concatenation length will be 37 + length of verified parameters list - which is typically empty - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - short params = KMVerificationToken.cast(verToken).getParametersVerified(); - // Add "Auth Verification" - 17 bytes. - Util.arrayCopy(authVer, (short) 0, scratchPad, (short) 0, (short) authVer.length); - short len = (short) authVer.length; - // concatenate challenge - 8 bytes - short ptr = KMVerificationToken.cast(verToken).getChallenge(); - if (machineType == KMConfigurations.LITTLE_ENDIAN) { - KMInteger.cast(ptr).toLittleEndian(scratchPad, len); - } else { - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - } - len += 8; - // concatenate timestamp -8 bytes - ptr = KMVerificationToken.cast(verToken).getTimestamp(); - if (machineType == KMConfigurations.LITTLE_ENDIAN) { - KMInteger.cast(ptr).toLittleEndian(scratchPad, len); - } else { - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - } - len += 8; - // concatenate security level - 4 bytes - ptr = KMVerificationToken.cast(verToken).getSecurityLevel(); - if (machineType == KMConfigurations.LITTLE_ENDIAN) { - scratchPad[len] = KMEnum.cast(ptr).getVal(); - } else { - scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); - } - len += 4; - // concatenate Parameters verified - blob of encoded data. - ptr = KMVerificationToken.cast(verToken).getParametersVerified(); - if (KMByteBlob.cast(ptr).length() != 0) { - len += KMByteBlob.cast(ptr).getValues(scratchPad, (short) 0); - } - // hmac the data - /* HMACKey key = - cryptoProvider.createHMACKey( - KMRepository.instance().getComputedHmacKey(), - (short) 0, - (short) KMRepository.instance().getComputedHmacKey().length); - - */ - ptr = KMVerificationToken.cast(verToken).getMac(); - byte[] mac = new byte[32]; - /*len = - cryptoProvider.hmacSign(key, scratchPad, (short) 0, len, - mac, - (short)0); - */ - short key = KMByteBlob.instance((short) 32); - KMHmacKey computedHmacKey = (KMHmacKey) cryptoProvider.getComputedHmacKey(); - computedHmacKey.getKey(KMByteBlob.cast(key).getBuffer(), KMByteBlob.cast(key).getStartOff()); - cryptoProvider.hmacSign(KMByteBlob.cast(key).getBuffer(), - KMByteBlob.cast(key).getStartOff(), - KMByteBlob.cast(key).length(), - scratchPad, (short) 0, len, - mac, - (short) 0); - KMVerificationToken.cast(verToken) - .setMac(KMByteBlob.instance(mac, (short) 0, (short) mac.length)); - return verToken; - } - - @Test - public void testEcImportKeySuccess() { - init(); - short arrPtr = KMArray.instance((short) 5); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 256)); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - short ecCurve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); - KMArray.cast(arrPtr).add((short) 0, boolTag); - KMArray.cast(arrPtr).add((short) 1, keySize); - KMArray.cast(arrPtr).add((short) 2, digest); - KMArray.cast(arrPtr).add((short) 3, ecCurve); - KMArray.cast(arrPtr).add((short) 4, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); - short keyParams = KMKeyParameters.instance(arrPtr); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT, KMType.PKCS8); - short keyBlob = KMByteBlob.instance(ec_key_pkcs8, (short) 0, (short) ec_key_pkcs8.length); - arrPtr = KMArray.instance((short) 3); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - arg.add((short) 1, keyFormatPtr); - arg.add((short) 2, keyBlob); - CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); - short blobArr = extractKeyBlobArray(KMArray.cast(ret).get((short) 1)); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ECCURVE, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.P_256); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.EC); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.IMPORTED); - cleanUp(); - } - - private short extractKeyBlobArray(byte[] buf, short off, short buflen) { - short ret = KMArray.instance((short) 5); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_SECRET, KMByteBlob.exp()); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG, KMByteBlob.exp()); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_NONCE, KMByteBlob.exp()); - short ptr = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, ptr); - KMArray.cast(ret).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); - ret = - decoder.decodeArray( - ret, - buf, off, buflen); - short len = KMArray.cast(ret).length(); - ptr = KMArray.cast(ret).get((short) 4); -// print(KMByteBlob.cast(ptr).getBuffer(),KMByteBlob.cast(ptr).getStartOff(),KMByteBlob.cast(ptr).length()); - return ret; - } - - private short extractKeyBlobArray(short keyBlob) { - return extractKeyBlobArray(KMByteBlob.cast(keyBlob).getBuffer(), KMByteBlob - .cast(keyBlob).getStartOff(), KMByteBlob.cast(keyBlob).length()); - } - - @Test - public void testRateLimitExceptsMaxOpsExceeded() { - init(); - short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 2)); - Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(), - KMError.OK); - - // Cache keyblob - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN); - inParams = KMKeyParameters.instance(inParams); - // Begin - begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false); - - keyBlobPtr = KMByteBlob.instance((short) keyBlob.length); - Util.arrayCopyNonAtomic(keyBlob, (short) 0, - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - (short) keyBlob.length); - inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN); - inParams = KMKeyParameters.instance(inParams); - begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false); - - keyBlobPtr = KMByteBlob.instance((short) keyBlob.length); - Util.arrayCopyNonAtomic(keyBlob, (short) 0, - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - (short) keyBlob.length); - inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN); - inParams = KMKeyParameters.instance(inParams); - short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false); - Assert.assertEquals(KMError.KEY_MAX_OPS_EXCEEDED, beginResp); - cleanUp(); - } - - @Test - public void testRateLimitExceptsTooManyOperations() { - init(); - byte[] plainData = "Hello World 123!".getBytes(); - for (int i = 0; i <= 8; i++) { - short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 1)); - Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(), - KMError.OK); - - // Cache keyblob - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); - short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN); - inParams = KMKeyParameters.instance(inParams); - // Begin - short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false); - if (i == 8) { - // Only 8 keys are allowed for MAX_USES_PER_BOOT - Assert.assertEquals(KMError.TOO_MANY_OPERATIONS, beginResp); - return; - } - short opHandle = KMArray.cast(beginResp).get((short) 2); - finish(opHandle, - KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null, - (short) 0, (short) 0, (short) 0, KMError.OK, false); - } - cleanUp(); - } - - @Test - public void testRateLimitClearBufferAfterReboot() { - init(); - byte[] plainData = "Hello World 123!".getBytes(); - for (int i = 0; i <= 32; i++) { - if (i % 8 == 0) { - // Simulate reboot using set boot parameters. - // Clear the rate limited keys from the flash memory - setBootParams(simulator, (short) BOOT_PATCH_LEVEL); - } - short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_8((byte) 1)); - Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(), - KMError.OK); - - // Cache keyblob - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); - short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN); - inParams = KMKeyParameters.instance(inParams); - // Begin - short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false); - short opHandle = KMArray.cast(beginResp).get((short) 2); - // Finish - finish(opHandle, - KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null, - (short) 0, (short) 0, (short) 0, KMError.OK, false); - } - cleanUp(); - } - - @Test - public void testRateLimitWithHugeCount() { - init(); - short maxUsesPerBoot = 1000; - byte[] plainData = "Hello World 123!".getBytes(); - short rsaKeyArr = generateRsaKey(null, null, KMInteger.uint_16(maxUsesPerBoot)); - Assert.assertEquals(KMInteger.cast(KMArray.cast(rsaKeyArr).get((short) 0)).getShort(), - KMError.OK); - - // Cache keyblob - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - - for (int i = 0; i <= maxUsesPerBoot; i++) { - // Cache keyblob - keyBlobPtr = KMByteBlob.instance((short) keyBlob.length); - Util.arrayCopyNonAtomic(keyBlob, (short) 0, - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - (short) keyBlob.length); - short inParams = getRsaParams(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN); - inParams = KMKeyParameters.instance(inParams); - // Begin - short beginResp = begin(KMType.SIGN, keyBlobPtr, inParams, (short) 0, false); - if (i == maxUsesPerBoot) { - Assert.assertEquals(KMError.KEY_MAX_OPS_EXCEEDED, beginResp); - return; - } - short opHandle = KMArray.cast(beginResp).get((short) 2); - // Finish - finish(opHandle, - KMByteBlob.instance(plainData, (short) 0, (short) plainData.length), null, - (short) 0, (short) 0, (short) 0, KMError.OK, false); - } - cleanUp(); - } - - @Test - public void testRsaGenerateKeySuccess() { - init(); - short ret = generateRsaKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 2048); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.DIGEST_NONE)); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.RSA_PKCS1_1_5_ENCRYPT)); - tag = KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getSignificantShort(), - 0x01); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 0x01); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.RSA); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); - cleanUp(); - } - - private short generateRsaKey(byte[] clientId, byte[] appData, short keyUsageLimitPtr) { - byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00}; - short tagCount = 11; - if (clientId != null) { - tagCount++; - } - if (appData != null) { - tagCount++; - } - if (keyUsageLimitPtr != KMType.INVALID_VALUE) { - tagCount++; - } - short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 2048)); - short byteBlob = KMByteBlob.instance((short) 3); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.SHA2_256); - KMByteBlob.cast(byteBlob).add((short) 2, KMType.SHA1); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short) 5); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.RSA_PKCS1_1_5_ENCRYPT); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.RSA_PKCS1_1_5_SIGN); - KMByteBlob.cast(byteBlob).add((short) 2, KMType.RSA_OAEP); - KMByteBlob.cast(byteBlob).add((short) 3, KMType.RSA_PSS); - KMByteBlob.cast(byteBlob).add((short) 4, KMType.PADDING_NONE); - short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short) 5); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.VERIFY); - KMByteBlob.cast(byteBlob).add((short) 2, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short) 3, KMType.DECRYPT); - KMByteBlob.cast(byteBlob).add((short) 4, KMType.WRAP_KEY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - byte[] pub = {0, 1, 0, 1}; - short rsaPubExpTag = KMIntegerTag - .instance(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short) 0)); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.INCLUDE_UNIQUE_ID)); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.RESET_SINCE_ID_ROTATION)); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, digest); - KMArray.cast(arrPtr).add(tagIndex++, rsaPubExpTag); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - KMArray.cast(arrPtr).add(tagIndex++, padding); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime, (short) 0); - KMArray.cast(arrPtr) - .add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG, KMType.ACTIVE_DATETIME, dateTag)); - KMArray.cast(arrPtr) - .add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG, KMType.CREATION_DATETIME, dateTag)); - - if (clientId != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, - KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); - } - if (appData != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, - KMByteBlob.instance(appData, (short) 0, (short) appData.length))); - } - if (keyUsageLimitPtr != KMType.INVALID_VALUE) { - KMArray.cast(arrPtr).add(tagIndex++, KMIntegerTag - .instance(KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, keyUsageLimitPtr)); - } - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short) 1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - return ret; - } - - private short generateRsaKey(byte[] clientId, byte[] appData) { - return generateRsaKey(clientId, appData, KMType.INVALID_VALUE); - } - - private short generateAttestationKey() { - // 15th July 2020 00.00.00 - byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00}; - short tagCount = 11; - short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 2048)); - short byteBlob = KMByteBlob.instance((short) 3); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.SHA2_256); - KMByteBlob.cast(byteBlob).add((short) 2, KMType.SHA1); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.RSA_PKCS1_1_5_SIGN); - short padding = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.ATTEST_KEY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - byte[] pub = {0, 1, 0, 1}; - short rsaPubExpTag = KMIntegerTag - .instance(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, KMInteger.uint_32(pub, (short) 0)); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.INCLUDE_UNIQUE_ID)); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.RESET_SINCE_ID_ROTATION)); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, digest); - KMArray.cast(arrPtr).add(tagIndex++, rsaPubExpTag); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.RSA)); - KMArray.cast(arrPtr).add(tagIndex++, padding); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime, (short) 0); - KMArray.cast(arrPtr) - .add(tagIndex++, KMIntegerTag.instance(KMType.ULONG_TAG, KMType.ACTIVE_DATETIME, dateTag)); - KMArray.cast(arrPtr).add(tagIndex++, - KMIntegerTag.instance(KMType.ULONG_TAG, KMType.CREATION_DATETIME, dateTag)); - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short) 1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - return ret; - } - - @Test - public void testEcGenerateKeySuccess() { - init(); - short ret = generateEcKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 256); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.DIGEST_NONE)); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.EC); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); - cleanUp(); - } - - public short generateEcKey(byte[] clientId, byte[] appData) { - byte[] activeAndCreationDateTime = {0, 0, 0x01, 0x73, 0x51, 0x7C, (byte) 0xCC, 0x00}; - short tagCount = 6; - if (clientId != null) { - tagCount++; - } - if (appData != null) { - tagCount++; - } - short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 256)); - short byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.DIGEST_NONE); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.VERIFY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, digest); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.EC)); - short dateTag = KMInteger.uint_64(activeAndCreationDateTime, (short) 0); - KMArray.cast(arrPtr) - .add(tagIndex++, KMIntegerTag.instance(KMType.DATE_TAG, KMType.CREATION_DATETIME, dateTag)); - if (clientId != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, - KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); - } - if (appData != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, - KMByteBlob.instance(appData, (short) 0, (short) appData.length))); - } - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short) 1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - return ret; - } - - @Test - public void testHmacGenerateKeySuccess() { - init(); - short ret = generateHmacKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.SHA2_256)); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 160); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.HMAC); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.GENERATED); - cleanUp(); - } - - public short generateHmacKey(byte[] clientId, byte[] appData) { - short tagCount = 6; - if (clientId != null) { - tagCount++; - } - if (appData != null) { - tagCount++; - } - short arrPtr = KMArray.instance(tagCount); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 128)); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SHA2_256); - short digest = KMEnumArrayTag.instance(KMType.DIGEST, byteBlob); - byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.SIGN); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.VERIFY); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short minMacLen = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, minMacLen); - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, digest); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.HMAC)); - if (clientId != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, - KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); - } - if (appData != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, - KMByteBlob.instance(appData, (short) 0, (short) appData.length))); - } - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short) 1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - return ret; - } - - public short generateAesDesKey(byte alg, short keysize, byte[] clientId, byte[] appData, - boolean unlockReqd) { - short tagCount = 7; - if (clientId != null) { - tagCount++; - } - if (appData != null) { - tagCount++; - } - if (unlockReqd) { - tagCount++; - } - short arrPtr = KMArray.instance(tagCount); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); - short byteBlob = KMByteBlob.instance((short) 3); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.ECB); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.CBC); - KMByteBlob.cast(byteBlob).add((short) 2, KMType.CTR); - short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.PKCS7); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.PADDING_NONE); - short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.DECRYPT); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); - KMArray.cast(arrPtr).add(tagIndex++, paddingMode); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, alg)); - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); - if (unlockReqd) { - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.UNLOCKED_DEVICE_REQUIRED)); - } - if (clientId != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, - KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); - } - if (appData != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, - KMByteBlob.instance(appData, (short) 0, (short) appData.length))); - } - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short) 1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - return ret; - } - - public short generateAesGcmKey(short keysize, byte[] clientId, byte[] appData) { - short tagCount = 8; - if (clientId != null) { - tagCount++; - } - if (appData != null) { - tagCount++; - } - short arrPtr = KMArray.instance(tagCount); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16(keysize)); - short macLength = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, KMInteger.uint_16((short) 96)); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.GCM); - short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.PADDING_NONE); - short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.DECRYPT); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, macLength); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); - KMArray.cast(arrPtr).add(tagIndex++, paddingMode); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); - if (clientId != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, - KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); - } - if (appData != null) { - KMArray.cast(arrPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, - KMByteBlob.instance(appData, (short) 0, (short) appData.length))); - } - short keyParams = KMKeyParameters.instance(arrPtr); - arrPtr = KMArray.instance((short) 1); - KMArray arg = KMArray.cast(arrPtr); - arg.add((short) 0, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_GENERATE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - return ret; - } - - @Test - public void testComputeHmacParams() { - init(); - // Get Hmac parameters - short ret = getHmacSharingParams(); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short) 1)); - short seed = params.getSeed(); - short nonce = params.getNonce(); - - short params1 = KMHmacSharingParameters.instance(); - KMHmacSharingParameters.cast(params1).setSeed(KMByteBlob.instance((short) 0)); - short num = KMByteBlob.instance((short) 32); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(nonce).getBuffer(), - KMByteBlob.cast(nonce).getStartOff(), - KMByteBlob.cast(num).getBuffer(), - KMByteBlob.cast(num).getStartOff(), - KMByteBlob.cast(num).length()); - - KMHmacSharingParameters.cast(params1).setNonce(num); - short params2 = KMHmacSharingParameters.instance(); - KMHmacSharingParameters.cast(params2).setSeed(KMByteBlob.instance((short) 0)); - num = KMByteBlob.instance((short) 32); - cryptoProvider.newRandomNumber( - KMByteBlob.cast(num).getBuffer(), - KMByteBlob.cast(num).getStartOff(), - KMByteBlob.cast(num).length()); - KMHmacSharingParameters.cast(params2).setNonce(num); - short arr = KMArray.instance((short) 2); - KMArray.cast(arr).add((short) 0, params1); - KMArray.cast(arr).add((short) 1, params2); - short arrPtr = KMArray.instance((short) 1); - KMArray.cast(arrPtr).add((short) 0, arr); - CommandAPDU apdu = encodeApdu((byte) INS_COMPUTE_SHARED_HMAC_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - Assert.assertEquals(0x9000, response.getSW()); - ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - - cleanUp(); - } - - @Test - public void testGetHmacSharingParams() { - init(); - CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); - //print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - KMDecoder dec = new KMDecoder(); - short ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMHmacSharingParameters.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - KMHmacSharingParameters params = KMHmacSharingParameters.cast(KMArray.cast(ret).get((short) 1)); - short seed = params.getSeed(); - short nonce = params.getNonce(); - Assert.assertTrue(KMByteBlob.cast(seed).length() == 0); - Assert.assertTrue(KMByteBlob.cast(nonce).length() == 32); - //print(seed); - //print(nonce); - Assert.assertEquals(error, KMError.OK); - cleanUp(); - } - - public short getHmacSharingParams() { - CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_GET_HMAC_SHARING_PARAM_CMD, 0x40, 0x00); - //print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - KMDecoder dec = new KMDecoder(); - short ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMHmacSharingParameters.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - return ret; - } - - @Test - public void testImportWrappedKey() { - init(); - byte[] wrappedKey = new byte[16]; - cryptoProvider.newRandomNumber(wrappedKey, (short) 0, (short) 16); - byte[] encWrappedKey = new byte[16]; - byte[] transportKeyMaterial = new byte[32]; - cryptoProvider.newRandomNumber(transportKeyMaterial, (short) 0, (short) 32); - byte[] nonce = new byte[12]; - cryptoProvider.newRandomNumber(nonce, (short) 0, (short) 12); - byte[] authData = "Auth Data".getBytes(); - byte[] authTag = new byte[16]; - cryptoProvider.aesGCMEncrypt(transportKeyMaterial, (short) 0, (short) 32, wrappedKey, - (short) 0, (short) 16, encWrappedKey, (short) 0, - nonce, (short) 0, (short) 12, authData, (short) 0, (short) authData.length, - authTag, (short) 0, (short) 16); - byte[] maskingKey = {1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, 0, 1, - 0, 1, 0, 1, 0, 1, 0}; - byte[] maskedTransportKey = new byte[32]; - for (int i = 0; i < maskingKey.length; i++) { - maskedTransportKey[i] = (byte) (transportKeyMaterial[i] ^ maskingKey[i]); - } - short rsaKeyArr = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); - byte[] wrappingKeyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - wrappingKeyBlob, (short) 0, (short) wrappingKeyBlob.length); - - byte[] output = new byte[256]; - short outlen = rsaOaepEncryptMessage(wrappingKeyBlob, KMType.SHA2_256, - maskedTransportKey, (short) 0, (short) maskedTransportKey.length, - output, (short) 0); - Assert.assertTrue((outlen == 256)); - byte[] encTransportKey = new byte[outlen]; - Util.arrayCopyNonAtomic(output, (short) 0, encTransportKey, (short) 0, - outlen); - //Clean the heap. - KMRepository.instance().clean(); - short tagCount = 7; - short arrPtr = KMArray.instance(tagCount); - short boolTag = KMBoolTag.instance(KMType.NO_AUTH_REQUIRED); - short keySize = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.KEYSIZE, KMInteger.uint_16((short) 128)); - short byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.ECB); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.CBC); - short blockModeTag = KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob); - byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.PKCS7); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.PADDING_NONE); - short paddingMode = KMEnumArrayTag.instance(KMType.PADDING, byteBlob); - byteBlob = KMByteBlob.instance((short) 2); - KMByteBlob.cast(byteBlob).add((short) 0, KMType.ENCRYPT); - KMByteBlob.cast(byteBlob).add((short) 1, KMType.DECRYPT); - short purpose = KMEnumArrayTag.instance(KMType.PURPOSE, byteBlob); - short tagIndex = 0; - KMArray.cast(arrPtr).add(tagIndex++, boolTag); - KMArray.cast(arrPtr).add(tagIndex++, keySize); - KMArray.cast(arrPtr).add(tagIndex++, blockModeTag); - KMArray.cast(arrPtr).add(tagIndex++, paddingMode); - KMArray.cast(arrPtr).add(tagIndex++, KMEnumTag.instance(KMType.ALGORITHM, KMType.AES)); - KMArray.cast(arrPtr).add(tagIndex++, purpose); - KMArray.cast(arrPtr).add(tagIndex++, KMBoolTag.instance(KMType.CALLER_NONCE)); - short keyParams = KMKeyParameters.instance(arrPtr); - short nullParams = KMArray.instance((short) 0); - nullParams = KMKeyParameters.instance(nullParams); - short arr = KMArray.instance((short) 12); - KMArray.cast(arr).add((short) 0, keyParams); // Key Params of wrapped key - KMArray.cast(arr).add((short) 1, KMEnum.instance(KMType.KEY_FORMAT, KMType.RAW)); // Key Format - KMArray.cast(arr).add((short) 2, KMByteBlob.instance(encWrappedKey, (short) 0, - (short) encWrappedKey.length)); // Wrapped Import Key Blob - KMArray.cast(arr).add((short) 3, - KMByteBlob.instance(authTag, (short) 0, (short) authTag.length)); // Auth Tag - KMArray.cast(arr) - .add((short) 4, KMByteBlob.instance(nonce, (short) 0, (short) nonce.length)); // IV - Nonce - KMArray.cast(arr).add((short) 5, KMByteBlob.instance(encTransportKey, (short) 0, - (short) encTransportKey.length)); // Encrypted Transport Key - KMArray.cast(arr).add((short) 6, KMByteBlob.instance(wrappingKeyBlob, (short) 0, - (short) wrappingKeyBlob.length)); // Wrapping Key KeyBlob - KMArray.cast(arr).add((short) 7, - KMByteBlob.instance(maskingKey, (short) 0, (short) maskingKey.length)); // Masking Key - KMArray.cast(arr).add((short) 8, nullParams); // Un-wrapping Params - KMArray.cast(arr).add((short) 9, KMByteBlob.instance(authData, (short) 0, - (short) authData.length)); // Wrapped Key ASSOCIATED AUTH DATA - KMArray.cast(arr).add((short) 10, KMInteger.uint_8((byte) 0)); // Password Sid - KMArray.cast(arr).add((short) 11, KMInteger.uint_8((byte) 0)); // Biometric Sid - CommandAPDU apdu = encodeApdu((byte) INS_IMPORT_WRAPPED_KEY_CMD, arr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short) 1)).length(); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - Assert.assertEquals(0x9000, response.getSW()); - Assert.assertEquals(error, KMError.OK); - short tag = KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, hwParams); - Assert.assertEquals(KMBoolTag.cast(tag).getVal(), 0x01); - tag = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, hwParams); - Assert.assertEquals(KMInteger.cast(KMIntegerTag.cast(tag).getValue()).getShort(), 128); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.PKCS7)); - tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, hwParams); - Assert.assertTrue(KMEnumArrayTag.cast(tag).contains(KMType.ECB)); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ALGORITHM, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.AES); - tag = KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.ORIGIN, hwParams); - Assert.assertEquals(KMEnumTag.cast(tag).getValue(), KMType.SECURELY_IMPORTED); - cleanUp(); - } - - @Test - public void testGetKeyCharacteristicsWithIdDataSuccess() { - init(); - byte[] clientId = "clientId".getBytes(); - byte[] appData = "appData".getBytes(); - short ret = generateRsaKey(clientId, appData); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - short keyBlob = KMArray.cast(ret).get((short) 1); - - short arrPtr = KMArray.instance((short) 3); - KMArray.cast(arrPtr).add((short) 0, keyBlob); - KMArray.cast(arrPtr) - .add((short) 1, KMByteBlob.instance(clientId, (short) 0, (short) clientId.length)); - KMArray.cast(arrPtr) - .add((short) 2, KMByteBlob.instance(appData, (short) 0, (short) appData.length)); - CommandAPDU apdu = encodeApdu((byte) INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - cleanUp(); - } - - @Test - public void testGetKeyCharacteristicsSuccess() { - init(); - short ret = generateRsaKey(null, null); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - short keyBlob = KMArray.cast(ret).get((short) 1); - - short arrPtr = KMArray.instance((short) 3); - KMArray.cast(arrPtr).add((short) 0, keyBlob); - KMArray.cast(arrPtr).add((short) 1, KMByteBlob.instance((short) 0)); - KMArray.cast(arrPtr).add((short) 2, KMByteBlob.instance((short) 0)); - CommandAPDU apdu = encodeApdu((byte) INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - cleanUp(); - } - - @Test - public void testDeleteKeySuccess() { - init(); - short ret = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(ret).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob, (short) 0); - ret = getKeyCharacteristics(keyBlobPtr); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - ret = deleteKey(KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length)); - Assert.assertEquals(ret, KMError.OK); - cleanUp(); - } - - @Test - public void testDeleteAllKeySuccess() { - init(); - short ret1 = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(ret1).get((short) 1); - byte[] keyBlob1 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - short len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob1, (short) 0); - short ret2 = generateRsaKey(null, null); - keyBlobPtr = KMArray.cast(ret2).get((short) 1); - byte[] keyBlob2 = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - len = KMByteBlob.cast(keyBlobPtr).getValues(keyBlob2, (short) 0); - CommandAPDU apdu = new CommandAPDU(0x80, INS_DELETE_ALL_KEYS_CMD, 0x40, 0x00); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - Assert.assertEquals(respBuf[0], KMError.OK); - cleanUp(); - } - - private short deleteKey(short keyBlob) { - short arrPtr = KMArray.instance((short) 1); - KMArray.cast(arrPtr).add((short) 0, keyBlob); - CommandAPDU apdu = encodeApdu((byte) INS_DELETE_KEY_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - return respBuf[0]; - } - - private short abort(short opHandle, boolean triggerReset) { - short arrPtr = KMArray.instance((short) 1); - KMArray.cast(arrPtr).add((short) 0, opHandle); - CommandAPDU apdu = encodeApdu((byte) INS_ABORT_OPERATION_CMD, arrPtr); - // print(commandAPDU.getBytes()); - if (triggerReset) { - resetAndSelect(); - } - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - short ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, (short) respBuf.length); - if (triggerReset) { - short error = KMInteger.cast(ret).getSignificantShort(); - Assert.assertEquals(error, SE_POWER_RESET_FLAG); - } - return ret; - } - - public short getKeyCharacteristics(short keyBlob) { - short arrPtr = KMArray.instance((short) 3); - KMArray.cast(arrPtr).add((short) 0, keyBlob); - KMArray.cast(arrPtr).add((short) 1, KMByteBlob.instance((short) 0)); - KMArray.cast(arrPtr).add((short) 2, KMByteBlob.instance((short) 0)); - CommandAPDU apdu = encodeApdu((byte) INS_GET_KEY_CHARACTERISTICS_CMD, arrPtr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 1, inst); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - if (len > 5) { - ret = decoder.decode(ret, respBuf, (short) 0, len); - } else { - ret = KMByteBlob.instance(respBuf, (short) 0, len); - } - return ret; - } - - @Test - public void testWithAesGcmWithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.GCM, KMType.PADDING_NONE, true); - cleanUp(); - } - - @Test - public void testWithAesEcbPkcs7WithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7, true); - cleanUp(); - } - - @Test - public void testWithAesCtrNoPadWithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE, true); - cleanUp(); - } - - @Test - public void testWithAesCtrNoPad() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CTR, KMType.PADDING_NONE, false); - cleanUp(); - } - - @Test - public void testWithAesEcbNoPadWithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE, true); - cleanUp(); - } - - @Test - public void testWithDesEcbPkcs7WithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7, true); - cleanUp(); - } - - @Test - public void testWithDesEcbNoPadWithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE, true); - cleanUp(); - } - - @Test - public void testWithAesCbcPkcs7WithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7, true); - cleanUp(); - } - - @Test - public void testWithAesCbcNoPadWithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE, true); - cleanUp(); - } - - @Test - public void testWithDesCbcPkcs7WithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7, true); - cleanUp(); - } - - @Test - public void testWithDesCbcNoPadWithUpdate() { - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE, true); - cleanUp(); - } - - @Test - public void testWithAesEcbPkcs7() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PKCS7, false); - cleanUp(); - } - - @Test - public void testWithAesCbcPkcs7() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PKCS7, false); - cleanUp(); - } - - @Test - public void testWithAesEcbNoPad() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.ECB, KMType.PADDING_NONE, false); - cleanUp(); - } - - @Test - public void testWithAesCbcNoPad() { - init(); - testEncryptDecryptWithAesDes(KMType.AES, KMType.CBC, KMType.PADDING_NONE, false); - cleanUp(); - } - - @Test - public void testWithDesCbcPkcs7() { - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PKCS7, false); - cleanUp(); - } - - @Test - public void testWithDesCbcNoPad() { - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.CBC, KMType.PADDING_NONE, false); - cleanUp(); - } - - @Test - public void testWithDesEcbNoPad() { - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PADDING_NONE, false); - cleanUp(); - } - - @Test - public void testWithDesEcbPkcs7() { - init(); - testEncryptDecryptWithAesDes(KMType.DES, KMType.ECB, KMType.PKCS7, false); - cleanUp(); - } - - @Test - public void testWithRsa256Oaep() { - init(); - testEncryptDecryptWithRsa(KMType.SHA2_256, KMType.RSA_OAEP); - cleanUp(); - } - - @Test - public void testWithRsaSha1Oaep() { - init(); - testEncryptDecryptWithRsa(KMType.SHA1, KMType.RSA_OAEP); - cleanUp(); - } - - @Test - public void testWithRsaNonePkcs1() { - init(); - testEncryptDecryptWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_ENCRYPT); - cleanUp(); - } - - @Test - public void testWithRsaNoneNoPad() { - init(); - testEncryptDecryptWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE); - cleanUp(); - } - - // TODO Signing with no digest is not supported by crypto provider or javacard - @Test - public void testSignWithRsaNoneNoPad() { - init(); - testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.PADDING_NONE, false, false); - cleanUp(); - } - - @Test - public void testSignWithRsaNonePkcs1() { - init(); - testSignVerifyWithRsa(KMType.DIGEST_NONE, KMType.RSA_PKCS1_1_5_SIGN, false, false); - cleanUp(); - } - - public short getPublicKey(byte[] keyBlob, short off, short len, - byte[] pubKey, short pubKeyOff) { - short keyBlobPtr = extractKeyBlobArray(keyBlob, off, len); - short arrayLen = KMArray.cast(keyBlobPtr).length(); - if (arrayLen < 5) { - return 0; - } - short pubKeyPtr = KMArray.cast(keyBlobPtr).get( - KMKeymasterApplet.KEY_BLOB_PUB_KEY); - Util.arrayCopy(KMByteBlob.cast(pubKeyPtr).getBuffer(), - KMByteBlob.cast(pubKeyPtr).getStartOff(), pubKey, pubKeyOff, - KMByteBlob.cast(pubKeyPtr).length()); - return KMByteBlob.cast(pubKeyPtr).length(); - } - - private String toHexString(byte[] num) { - StringBuilder sb = new StringBuilder(); - for (int i = 0; i < num.length; i++) { - sb.append(String.format("%02X", num[i])); - } - return sb.toString(); - } - - public short rsaEncryptMessage(byte[] keyBlob, short padding, short digest, byte[] input, - short inputOff, short inputlen, - byte[] output, short outputOff) { - byte alg = Cipher.ALG_RSA_PKCS1; - byte[] tmp = null; - short inLen = inputlen; - if (padding == KMType.PADDING_NONE) { - alg = Cipher.ALG_RSA_NOPAD; - // Length cannot be greater then key size according to JcardSim - if (inLen >= 256) { - return 0; - } - // make input equal to 255 bytes - tmp = new byte[255]; - Util.arrayFillNonAtomic(tmp, (short) 0, (short) 255, (byte) 0); - Util.arrayCopyNonAtomic( - input, - inputOff, - tmp, (short) (255 - inLen), inLen); - inLen = 255; - inputOff = 0; - } else if (padding == KMType.RSA_PKCS1_1_5_ENCRYPT) { - tmp = input; - } else { - /*Fail */ - Assert.assertTrue(false); - } - byte[] pubKey = new byte[256]; - KeyPair rsaKeyPair = new KeyPair(KeyPair.ALG_RSA, KeyBuilder.LENGTH_RSA_2048); - RSAPublicKey rsaPubKey = (RSAPublicKey) rsaKeyPair.getPublic(); - if (0 == getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, pubKey, (short) 0)) { - return 0; - } - - byte[] exponent = new byte[]{0x01, 0x00, 0x01}; - rsaPubKey.setModulus(pubKey, (short) 0, (short) pubKey.length); - rsaPubKey.setExponent(exponent, (short) 0, (short) exponent.length); - - Cipher rsaCipher = Cipher.getInstance(alg, false); - rsaCipher.init(rsaPubKey, Cipher.MODE_ENCRYPT); - return rsaCipher.doFinal(tmp, inputOff, inLen, output, outputOff); - } - - public short rsaOaepEncryptMessage(byte[] keyBlob, short digest, byte[] input, short inputOff, - short inputlen, - byte[] output, short outputOff) { - byte[] mod = new byte[256]; - if (0 == getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, mod, (short) 0)) { - return 0; - } - byte[] exponent = new byte[]{0x01, 0x00, 0x01}; - - // Convert byte arrays into keys - String modString = toHexString(mod); - String expString = toHexString(exponent); - BigInteger modInt = new BigInteger(modString, 16); - BigInteger expInt = new BigInteger(expString, 16); - javax.crypto.Cipher rsaCipher = null; - try { - KeyFactory kf = KeyFactory.getInstance("RSA"); - // Create cipher with oaep padding - OAEPParameterSpec oaepSpec = null; - if (digest == KMType.SHA2_256) { - oaepSpec = new OAEPParameterSpec("SHA-256", "MGF1", - MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); - } else { - oaepSpec = new OAEPParameterSpec("SHA1", "MGF1", - MGF1ParameterSpec.SHA1, PSource.PSpecified.DEFAULT); - } - rsaCipher = javax.crypto.Cipher.getInstance("RSA/ECB/OAEPPadding", "SunJCE"); - - RSAPublicKeySpec pubSpec = new RSAPublicKeySpec(modInt, expInt); - java.security.interfaces.RSAPublicKey pubKey = (java.security.interfaces.RSAPublicKey) kf - .generatePublic(pubSpec); - rsaCipher.init(javax.crypto.Cipher.ENCRYPT_MODE, pubKey, oaepSpec); - byte[] cipherOut = rsaCipher.doFinal(input, inputOff, inputlen); - - if (cipherOut != null) { - Util.arrayCopyNonAtomic(cipherOut, (short) 0, output, outputOff, (short) cipherOut.length); - } - return (short) cipherOut.length; - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } catch (InvalidKeySpecException e) { - e.printStackTrace(); - } catch (InvalidKeyException e) { - e.printStackTrace(); - } catch (InvalidAlgorithmParameterException e) { - e.printStackTrace(); - } catch (NoSuchPaddingException e) { - e.printStackTrace(); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - } catch (IllegalBlockSizeException e) { - e.printStackTrace(); - } catch (BadPaddingException e) { - e.printStackTrace(); - } - return 0; - } - - public boolean ecNoDigestVerifyMessage(byte[] input, short inputOff, - short inputlen, byte[] sign, short signOff, short signLen, - byte[] keyBlob) { - KeyFactory kf; - byte[] pubKey = new byte[128]; - short keyStart = 0; - short keyLength = getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, - pubKey, (short) 0); - if (keyLength == 0) { - return false; - } - try { - java.security.Signature sunSigner = java.security.Signature.getInstance( - "NONEwithECDSA", "SunEC"); - kf = KeyFactory.getInstance("EC"); - AlgorithmParameters parameters = AlgorithmParameters.getInstance("EC", - "SunEC"); - // Supported curve secp256r1 - parameters.init(new ECGenParameterSpec("secp256r1")); - ECParameterSpec ecParameters = parameters - .getParameterSpec(ECParameterSpec.class); - - // Check if the first byte is 04 and remove it. - if (pubKey[keyStart] == 0x04) { - // uncompressed format. - keyStart++; - keyLength--; - } - short i = 0; - byte[] pubx = new byte[keyLength / 2]; - for (; i < keyLength / 2; i++) { - pubx[i] = pubKey[keyStart + i]; - } - byte[] puby = new byte[keyLength / 2]; - for (i = 0; i < keyLength / 2; i++) { - puby[i] = pubKey[keyStart + keyLength / 2 + i]; - } - BigInteger bIX = new BigInteger(pubx); - BigInteger bIY = new BigInteger(puby); - ECPoint point = new ECPoint(bIX, bIY); - ECPublicKeySpec pubkeyspec = new ECPublicKeySpec(point, ecParameters); - java.security.interfaces.ECPublicKey ecPubkey = (java.security.interfaces.ECPublicKey) kf - .generatePublic(pubkeyspec); - sunSigner.initVerify(ecPubkey); - sunSigner.update(input, inputOff, inputlen); - return sunSigner.verify(sign, signOff, signLen); - } catch (NoSuchAlgorithmException e) { - e.printStackTrace(); - } catch (NoSuchProviderException e) { - e.printStackTrace(); - } catch (InvalidParameterSpecException e) { - e.printStackTrace(); - } catch (InvalidKeySpecException e) { - e.printStackTrace(); - } catch (InvalidKeyException e) { - e.printStackTrace(); - } catch (SignatureException e) { - e.printStackTrace(); - } - return false; - } - - public boolean ecVerifyMessage(byte[] input, short inputOff, short inputlen, - byte[] sign, short signOff, short signLen, byte[] keyBlob) { - Signature ecVerifier; - byte[] pubKey = new byte[128]; - short len = getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, - pubKey, (short) 0); - if (len == 0) { - return false; - } - ECPublicKey key = (ECPublicKey) KeyBuilder.buildKey( - KeyBuilder.TYPE_EC_FP_PUBLIC, KeyBuilder.LENGTH_EC_FP_256, false); - key.setW(pubKey, (short) 0, len); - ecVerifier = Signature.getInstance(Signature.ALG_ECDSA_SHA_256, false); - ecVerifier.init(key, Signature.MODE_VERIFY); - return ecVerifier.verify(input, inputOff, inputlen, sign, signOff, signLen); - } - - public boolean rsaVerifyMessage(byte[] input, short inputOff, short inputlen, byte[] sign, - short signOff, short signLen, - short digest, short padding, byte[] keyBlob) { - if (digest == KMType.DIGEST_NONE || padding == KMType.PADDING_NONE) { - return false; - } - byte[] pubKey = new byte[256]; - if (0 == getPublicKey(keyBlob, (short) 0, (short) keyBlob.length, pubKey, (short) 0)) { - return false; - } - short alg = Signature.ALG_RSA_SHA_256_PKCS1_PSS; - - if (padding == KMType.RSA_PKCS1_1_5_SIGN) { - alg = Signature.ALG_RSA_SHA_256_PKCS1; - } - - Signature rsaVerifier = Signature.getInstance((byte) alg, false); - RSAPublicKey key = (RSAPublicKey) KeyBuilder - .buildKey(KeyBuilder.TYPE_RSA_PUBLIC, KeyBuilder.LENGTH_RSA_2048, false); - byte[] exponent = new byte[]{0x01, 0x00, 0x01}; - key.setExponent(exponent, (short) 0, (short) exponent.length); - key.setModulus(pubKey, (short) 0, (short) pubKey.length); - rsaVerifier.init(key, Signature.MODE_VERIFY); - return rsaVerifier.verify(input, inputOff, inputlen, sign, signOff, signLen); - } - - public byte[] EncryptMessage(byte[] input, short params, byte[] keyBlob) { - short ret = begin(KMType.ENCRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(params), (short) 0, false); - // Get the operation handle. - short opHandle = KMArray.cast(ret).get((short) 2); - byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; - KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, - (short) opHandleBuf.length); - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - - ret = finish(opHandle, - KMByteBlob.instance(input, (short) 0, (short) input.length), null, - (short) 0, (short) 0, (short) 0, KMError.OK, false); - short dataPtr = KMArray.cast(ret).get((short) 2); - byte[] output = new byte[KMByteBlob.cast(dataPtr).length()]; - if (KMByteBlob.cast(dataPtr).length() > 0) { - Util.arrayCopyNonAtomic(KMByteBlob.cast(dataPtr).getBuffer(), KMByteBlob - .cast(dataPtr).getStartOff(), output, (short) 0, - KMByteBlob.cast(dataPtr).length()); - } - return output; - } - - public byte[] DecryptMessage(byte[] input, short params, byte[] keyBlob) { - short ret = begin(KMType.DECRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(params), (short) 0, false); - // Get the operation handle. - short opHandle = KMArray.cast(ret).get((short) 2); - byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; - KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, - (short) opHandleBuf.length); - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - - ret = finish(opHandle, - KMByteBlob.instance(input, (short) 0, (short) input.length), null, - (short) 0, (short) 0, (short) 0, KMError.OK, false); - short dataPtr = KMArray.cast(ret).get((short) 2); - byte[] output = new byte[KMByteBlob.cast(dataPtr).length()]; - if (KMByteBlob.cast(dataPtr).length() > 0) { - Util.arrayCopyNonAtomic(KMByteBlob.cast(dataPtr).getBuffer(), KMByteBlob - .cast(dataPtr).getStartOff(), output, (short) 0, - KMByteBlob.cast(dataPtr).length()); - } - return output; - } - - public short generateRandom(short upperBound) { - Random rand = new Random(); - short int_random = (short) rand.nextInt(upperBound); - return int_random; - } - - @Test - public void testUnsupportedBlockMode() { - init(); - short desKey = generateAesDesKey(KMType.DES, (short) 168, null, null, false); - short desKeyPtr = KMArray.cast(desKey).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(desKeyPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(desKeyPtr).getBuffer(), KMByteBlob - .cast(desKeyPtr).getStartOff(), keyBlob, (short) 0, - (short) keyBlob.length); - short desPkcs7Params = getAesDesParams(KMType.DES, (byte) KMType.CTR, - KMType.PKCS7, new byte[12]); - short ret = begin(KMType.ENCRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(desPkcs7Params), (short) 0, false); - Assert.assertTrue(ret == KMError.UNSUPPORTED_BLOCK_MODE); - cleanUp(); - } - - @Test - public void testDesEcbPkcs7PaddingCorrupted() { - init(); - short desKey = generateAesDesKey(KMType.DES, (short) 168, null, null, false); - short desKeyPtr = KMArray.cast(desKey).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(desKeyPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(desKeyPtr).getBuffer(), KMByteBlob - .cast(desKeyPtr).getStartOff(), keyBlob, (short) 0, - (short) keyBlob.length); - - byte[] message = { - 0x61}; - short desPkcs7Params = getAesDesParams(KMType.DES, KMType.ECB, - KMType.PKCS7, null); - byte[] cipherText1 = EncryptMessage(message, desPkcs7Params, keyBlob); - Assert.assertEquals(8, cipherText1.length); - Assert.assertFalse(Arrays.equals(message, cipherText1)); - - // Corrupt the cipher text. - ++cipherText1[(cipherText1.length / 2)]; - - // Decrypt operation - // Begin - desPkcs7Params = getAesDesParams(KMType.DES, KMType.ECB, KMType.PKCS7, null); - - short ret = begin(KMType.DECRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(desPkcs7Params), (short) 0, false); - // Get the operation handle. - short opHandle = KMArray.cast(ret).get((short) 2); - byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; - KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, - (short) opHandleBuf.length); - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - - // Finish - short dataPtr = KMByteBlob.instance(cipherText1, (short) 0, - (short) cipherText1.length); - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, - KMError.INVALID_ARGUMENT, false); - cleanUp(); - } - - @Test - public void testVtsRsaPkcs1Success() { - init(); - byte[] message = { - 0x48, 0x65, 0x6c, 0x6c, 0x6f, 0x20, 0x57, 0x6f, 0x72, 0x6c, 0x64, - 0x21}; // "Hello World!"; - for (int i = 0; i < 250; i++) { - short key = generateRsaKey(null, null); - short rsaKeyPtr = KMArray.cast(key).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(rsaKeyPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(rsaKeyPtr).getBuffer(), - KMByteBlob.cast(rsaKeyPtr).getStartOff(), keyBlob, (short) 0, - (short) keyBlob.length); - short pkcs1Params = getRsaParams(KMType.DIGEST_NONE, - KMType.RSA_PKCS1_1_5_ENCRYPT); - - byte[] cipherText1 = new byte[256]; - short cipherText1Len = rsaEncryptMessage(keyBlob, KMType.RSA_PKCS1_1_5_ENCRYPT, - KMType.DIGEST_NONE, - message, (short) 0, (short) message.length, - cipherText1, (short) 0); - Assert.assertEquals((2048 / 8), cipherText1Len); - - pkcs1Params = getRsaParams(KMType.DIGEST_NONE, - KMType.RSA_PKCS1_1_5_ENCRYPT); - byte[] cipherText2 = new byte[256]; - short cipherText2Len = rsaEncryptMessage(keyBlob, KMType.RSA_PKCS1_1_5_ENCRYPT, - KMType.DIGEST_NONE, - message, (short) 0, (short) message.length, - cipherText2, (short) 0); - Assert.assertEquals((2048 / 8), cipherText2Len); - - // PKCS1 v1.5 randomizes padding so every result should be different. - Assert.assertFalse(Arrays.equals(cipherText1, cipherText2)); - - pkcs1Params = getRsaParams(KMType.DIGEST_NONE, - KMType.RSA_PKCS1_1_5_ENCRYPT); - byte[] plainText = DecryptMessage(cipherText1, pkcs1Params, keyBlob); - Assert.assertTrue(Arrays.equals(message, plainText)); - - // Decrypting corrupted ciphertext should fail. - short offset_to_corrupt = generateRandom((short) cipherText1.length); - - byte corrupt_byte; - do { - corrupt_byte = (byte) generateRandom((short) 256); - } while (corrupt_byte == cipherText1[offset_to_corrupt]); - cipherText1[offset_to_corrupt] = corrupt_byte; - - pkcs1Params = getRsaParams(KMType.DIGEST_NONE, - KMType.RSA_PKCS1_1_5_ENCRYPT); - // Do Begin operation. - short ret = begin(KMType.DECRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(pkcs1Params), (short) 0, false); - - // Get the operation handle. - short opHandle = KMArray.cast(ret).get((short) 2); - byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; - KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, - (short) opHandleBuf.length); - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - - short dataPtr = KMByteBlob.instance(cipherText1, (short) 0, - (short) cipherText1.length); - // Finish should return UNKNOWN_ERROR. - ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, - KMError.UNKNOWN_ERROR, false); - } - cleanUp(); - } - - @Test - public void testSignVerifyWithHmacSHA256WithUpdate() { - init(); - testSignVerifyWithHmac(KMType.SHA2_256, true); - cleanUp(); - } - - @Test - public void testSignVerifyWithHmacSHA256() { - init(); - testSignVerifyWithHmac(KMType.SHA2_256, false); - cleanUp(); - } - - @Test - public void testSignVerifyWithEcdsaSHA256WithUpdate() { - init(); - testSignVerifyWithEcdsa(KMType.SHA2_256, true); - cleanUp(); - } - - @Test - public void testSignVerifyWithEcdsaSHA256() { - init(); - testSignVerifyWithEcdsa(KMType.SHA2_256, false); - cleanUp(); - } - - @Test - public void testSignVerifyWithRsaSHA256Pkcs1() { - init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN, false, true); - cleanUp(); - } - - @Test - public void testSignVerifyWithRsaSHA256Pss() { - init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS, false, true); - cleanUp(); - } - - @Test - public void testSignVerifyWithRsaSHA256Pkcs1WithUpdate() { - init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PKCS1_1_5_SIGN, true, true); - cleanUp(); - } - - @Test - public void testProvisionSuccess() { - AID appletAID1 = AIDUtil.create("A000000062"); - simulator.installApplet(appletAID1, KMJCardSimApplet.class); - // Select applet - simulator.selectApplet(appletAID1); - // provision attest key - provisionCmd(simulator); - cleanUp(); - } - - @Test - public void testAttestRsaKey() { - init(); - short key = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(key).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic( - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - testAttestKey(keyBlob); - cleanUp(); - } - - @Test - public void testAttestEcKey() { - init(); - short key = generateEcKey(null, null); - short keyBlobPtr = KMArray.cast(key).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic( - KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - testAttestKey(keyBlob); - cleanUp(); - } - - public void testAttestKey(byte[] keyBlob) { - short arrPtr = KMArray.instance((short) 2); - KMArray.cast(arrPtr).add((short) 0, KMByteTag.instance(KMType.ATTESTATION_APPLICATION_ID, - KMByteBlob.instance(attAppId, (short) 0, (short) attAppId.length))); - KMArray.cast(arrPtr).add((short) 1, KMByteTag.instance(KMType.ATTESTATION_CHALLENGE, - KMByteBlob.instance(attChallenge, (short) 0, (short) attChallenge.length))); - short keyParams = KMKeyParameters.instance(arrPtr); - short args = KMArray.instance((short) 2); - KMArray.cast(args) - .add((short) 0, KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length)); - KMArray.cast(args).add((short) 1, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_ATTEST_KEY_CMD, args); - //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 2); - short arrBlobs = KMArray.instance((short) 1); - KMArray.cast(arrBlobs).add((short) 0, KMByteBlob.exp()); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, arrBlobs); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - //(respBuf,(short)0,(short)respBuf.length); - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - arrBlobs = KMArray.cast(ret).get((short) 1); - short cert = KMArray.cast(arrBlobs).get((short) 0); - //printCert(KMByteBlob.cast(cert).getBuffer(),KMByteBlob.cast(cert).getStartOff(),KMByteBlob.cast(cert).length()); - } - - @Test - public void testUpgradeKey() { - init(); - short ret = generateHmacKey(null, null); - short keyBlobPtr = KMArray.cast(ret).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - short keyCharacteristics = KMArray.cast(ret).get((short) 2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - short osVersion = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION, hwParams); - osVersion = KMIntegerTag.cast(osVersion).getValue(); - short osPatch = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, hwParams); - osPatch = KMIntegerTag.cast(osPatch).getValue(); - Assert.assertEquals(KMInteger.cast(osVersion).getShort(), 1); - Assert.assertEquals(KMInteger.cast(osPatch).getShort(), 1); - short NO_UPGRADE = 0x01; - short UPGRADE = 0x02; - short[][] test_data = { - {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, NO_UPGRADE, KMError.OK }, - {OS_VERSION+1, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, UPGRADE, KMError.OK }, - {OS_VERSION, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, UPGRADE, KMError.OK }, - {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL+1, BOOT_PATCH_LEVEL, UPGRADE, KMError.OK }, - {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL+1, UPGRADE, KMError.OK }, - {OS_VERSION+1, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL+1, BOOT_PATCH_LEVEL+1, UPGRADE, KMError.OK }, - {OS_VERSION+1, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL+1, BOOT_PATCH_LEVEL, UPGRADE, KMError.OK }, - {OS_VERSION+1, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, UPGRADE, KMError.OK }, - {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL-1, NO_UPGRADE, KMError.INVALID_ARGUMENT }, - {OS_VERSION-1/*0*/, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL, BOOT_PATCH_LEVEL, UPGRADE, KMError.OK }, - {OS_VERSION, OS_PATCH_LEVEL, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL, NO_UPGRADE, KMError.INVALID_ARGUMENT }, - {OS_VERSION, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL, NO_UPGRADE, KMError.INVALID_ARGUMENT }, - {0, OS_PATCH_LEVEL+1, VENDOR_PATCH_LEVEL-1, BOOT_PATCH_LEVEL+1, NO_UPGRADE, KMError.INVALID_ARGUMENT }, - }; - for (int i = 0; i < test_data.length; i++) { - setBootParams(simulator, (short) test_data[i][3]); - setAndroidOSSystemProperties(simulator, (short) test_data[i][0], (short) test_data[i][1], - (short) test_data[i][2]); - ret = upgradeKey( - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - null, null, test_data[i][5]); - if (test_data[i][5] != KMError.OK) - continue; - keyBlobPtr = KMArray.cast(ret).get((short) 1); - if (test_data[i][4] == UPGRADE) - Assert.assertNotEquals(KMByteBlob.cast(keyBlobPtr).length(), 0); - else - Assert.assertEquals(KMByteBlob.cast(keyBlobPtr).length(), 0); - if (KMByteBlob.cast(keyBlobPtr).length() != 0) { - ret = getKeyCharacteristics(keyBlobPtr); - keyCharacteristics = KMArray.cast(ret).get((short) 1); - hwParams = KMKeyCharacteristics.cast(keyCharacteristics) - .getHardwareEnforced(); - osVersion = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.OS_VERSION, - hwParams); - osVersion = KMIntegerTag.cast(osVersion).getValue(); - osPatch = KMKeyParameters.findTag(KMType.UINT_TAG, - KMType.OS_PATCH_LEVEL, hwParams); - osPatch = KMIntegerTag.cast(osPatch).getValue(); - short ptr = KMKeyParameters.findTag(KMType.UINT_TAG, - KMType.VENDOR_PATCH_LEVEL, hwParams); - short vendorPatchLevel = KMIntegerTag.cast(ptr).getValue(); - ptr = KMKeyParameters.findTag(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, - hwParams); - short bootPatchLevel = KMIntegerTag.cast(ptr).getValue(); - Assert.assertEquals(KMInteger.cast(osVersion).getShort(), - test_data[i][0]); - Assert.assertEquals(KMInteger.cast(osPatch).getShort(), - test_data[i][1]); - Assert.assertEquals(KMInteger.cast(vendorPatchLevel).getShort(), - test_data[i][2]); - Assert.assertEquals(KMInteger.cast(bootPatchLevel).getShort(), - test_data[i][3]); - } - } - cleanUp(); - } - - public void testCardRest() { - byte[] input = new byte[] {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08}; - // Test different combinations of reset events happening in the ordered flow of - // begin - begin1 - update - update1 - finish - finish1 - abort - boolean[][] resetEvents = { - //begin, begin1, update, update1, finish, finish1, abort - {NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET}, - {RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET}, - {NO_RESET, RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET}, - {NO_RESET, NO_RESET, RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET}, - {NO_RESET, NO_RESET, NO_RESET, RESET, NO_RESET, NO_RESET, NO_RESET}, - {NO_RESET, NO_RESET, NO_RESET, NO_RESET, RESET, NO_RESET, NO_RESET}, - {NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, RESET, NO_RESET}, - {NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET, RESET}, - {NO_RESET, NO_RESET, NO_RESET, RESET, RESET, NO_RESET, NO_RESET}, - {NO_RESET, RESET, RESET, NO_RESET, NO_RESET, NO_RESET, NO_RESET}, - {RESET, RESET, RESET, RESET, RESET, RESET, RESET}, - }; - for(int i = 0; i < resetEvents.length; i++) { - // Generate Key---------------- - short ret = generateHmacKey(null, null); - // Store the generated key in a new byte blob. - short keyBlobPtr = KMArray.cast(ret).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), keyBlob, - (short) 0, (short) keyBlob.length); - short inParams = getHmacParams(KMType.SHA2_256, true); - // Generate Key---------------- - - //Call begin operation---------------- - ret = begin(KMType.SIGN, keyBlobPtr, KMKeyParameters.instance(inParams), (short) 0, resetEvents[i][0]); - // Get the operation handle. - short opHandle = KMArray.cast(ret).get((short) 2); - byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; - KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length); - //Get the keyblobptr again. - keyBlobPtr = KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length); - //Call begin end---------------- - - //Call begin1 operation---------------- - inParams = getHmacParams(KMType.SHA2_256, true); - ret = begin(KMType.SIGN, keyBlobPtr, KMKeyParameters.instance(inParams), (short) 0, resetEvents[i][1]); - // Get the operation handle. - short opHandle1 = KMArray.cast(ret).get((short) 2); - byte[] opHandleBuf1 = new byte[KMRepository.OPERATION_HANDLE_SIZE]; - KMInteger.cast(opHandle1).getValue(opHandleBuf1, (short) 0, (short) opHandleBuf1.length); - //Get the keyblobptr again. - keyBlobPtr = KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length); - //Call begin1 end---------------- - - //Call update operation---------------- - // Call update operation and check if the secure element power reset flag is set or not. - short dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length); - opHandle = KMInteger.instance(opHandleBuf, (short) 0, (short) opHandleBuf.length); - // update with trigger reset. - ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0, resetEvents[i][2]); - // If a reset event occurred then expect INVALID_OPERATION_HANDLE. - if (resetEvents[i][1] || resetEvents[i][2]) { - short err = KMInteger.cast(ret).getShort(); - Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, err); - } - //Call update end---------------- - - //Call update1 operation---------------- - // Call update1 operation and check if the secure element power reset flag is set or not. - dataPtr = KMByteBlob.instance(input, (short) 0, (short) input.length); - opHandle1 = KMInteger.instance(opHandleBuf1, (short) 0, (short) opHandleBuf1.length); - // update with trigger reset. - ret = update(opHandle1, dataPtr, (short) 0, (short) 0, (short) 0, resetEvents[i][3]); - // If a reset event occurred then expect INVALID_OPERATION_HANDLE. - if (resetEvents[i][2] || resetEvents[i][3]) { - short err = KMInteger.cast(ret).getShort(); - Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, err); - } - //Call update end---------------- - - //Call finish operation---------------- - // Call finish operation and check if the secure element power reset flag is set or not. - dataPtr = KMByteBlob.instance((short) 0); - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - short expectedErr = KMError.OK; - // If a reset event occurred then expect INVALID_OPERATION_HANDLE. - if (resetEvents[i][1] | resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4]) - expectedErr = KMError.INVALID_OPERATION_HANDLE; - ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, expectedErr, resetEvents[i][4]); - //Call finish end---------------- - - //Call finish1 operation---------------- - // Call finish1 operation and check if the secure element power reset flag is set or not. - dataPtr = KMByteBlob.instance((short) 0); - opHandle1 = KMInteger.instance(opHandleBuf1, (short) 0, (short) opHandleBuf1.length); - expectedErr = KMError.OK; - // If a reset event occurred then expect INVALID_OPERATION_HANDLE. - if (resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4] | resetEvents[i][5]) - expectedErr = KMError.INVALID_OPERATION_HANDLE; - ret = finish(opHandle1, dataPtr, null, (short) 0, (short) 0, (short) 0, expectedErr, resetEvents[i][5]); - //Call finish end---------------- - - //Call abort operation---------------- - // Call abort operation and check if the secure element power reset flag is set or not. - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - ret = abort(opHandle, resetEvents[i][6]); - if (resetEvents[i][1] || resetEvents[i][2] | resetEvents[i][3] | resetEvents[i][4] | resetEvents[i][5] | resetEvents[i][6]) { - short err = KMInteger.cast(ret).getShort(); - Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, err); - } - //Call finish end---------------- - KMRepository.instance().clean(); - } - } - - @Test - public void testCardResetFunctionality() { - init(); - testCardRest(); - cleanUp(); - } - - @Test - public void testDestroyAttIds() { - init(); - CommandAPDU commandAPDU = new CommandAPDU(0x80, INS_DESTROY_ATT_IDS_CMD, 0x40, 0x00); - ResponseAPDU response = simulator.transmitCommand(commandAPDU); - byte[] respBuf = response.getBytes(); - Assert.assertEquals(respBuf[0], 0); - cleanUp(); - } - - private short upgradeKey(short keyBlobPtr, byte[] clientId, byte[] appData, short expectedErr) { - short tagCount = 0; - short clientIdTag = 0; - short appDataTag = 0; - if (clientId != null) { - tagCount++; - } - if (appData != null) { - tagCount++; - } - short keyParams = KMArray.instance(tagCount); - short tagIndex = 0; - if (clientId != null) { - KMArray.cast(keyBlobPtr).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_ID, - KMByteBlob.instance(clientId, (short) 0, (short) clientId.length))); - } - if (appData != null) { - KMArray.cast(keyParams).add(tagIndex++, - KMByteTag.instance(KMType.APPLICATION_DATA, - KMByteBlob.instance(appData, (short) 0, (short) appData.length))); - } - keyParams = KMKeyParameters.instance(keyParams); - short arr = KMArray.instance((short) 2); - KMArray.cast(arr).add((short) 0, keyBlobPtr); - KMArray.cast(arr).add((short) 1, keyParams); - CommandAPDU apdu = encodeApdu((byte) INS_UPGRADE_KEY_CMD, arr); - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - if (KMError.OK == expectedErr) { - short ret = KMArray.instance((short) 2); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMByteBlob.exp()); - ret = decoder.decode(ret, respBuf, (short) 0, len); - Assert.assertEquals(expectedErr, KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort()); - return ret; - } else { - short ret = KMInteger.exp(); - ret = decoder.decode(ret, respBuf, (short) 0, len); - Assert.assertEquals(expectedErr, KMInteger.cast(ret).getShort()); - return ret; - } - } - - @Test - public void testSignVerifyWithRsaSHA256PssWithUpdate() { - init(); - testSignVerifyWithRsa(KMType.SHA2_256, KMType.RSA_PSS, true, true); - cleanUp(); - } - - @Test - public void testAbortOperation() { - init(); - short aesDesKeyArr = generateAesDesKey(KMType.AES, (short) 128, null, null, false); - ; - short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - byte[] nonce = new byte[16]; - cryptoProvider.newRandomNumber(nonce, (short) 0, (short) 16); - short inParams = getAesDesParams(KMType.AES, KMType.ECB, KMType.PKCS7, nonce); - byte[] plainData = "Hello World 123!".getBytes(); - short ret = begin(KMType.ENCRYPT, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMKeyParameters.instance(inParams), (short) 0, false); - short opHandle = KMArray.cast(ret).get((short) 2); - byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; - KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length); - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - ret = abort(opHandle, false); - Assert.assertEquals(KMError.OK, KMInteger.cast(ret).getShort()); - short dataPtr = KMByteBlob.instance(plainData, (short) 0, (short) plainData.length); - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - ret = update(opHandle, dataPtr, (short) 0, (short) 0, (short) 0, false); - ret = KMInteger.cast(ret).getShort(); - Assert.assertEquals(KMError.INVALID_OPERATION_HANDLE, ret); - cleanUp(); - } - - public void testEncryptDecryptWithAesDes(byte alg, byte blockMode, byte padding, boolean update) { - short aesDesKeyArr; - boolean aesGcmFlag = false; - if (alg == KMType.AES) { - if (blockMode == KMType.GCM) { - aesDesKeyArr = generateAesGcmKey((short) 128, null, null); - aesGcmFlag = true; - } else { - aesDesKeyArr = generateAesDesKey(alg, (short) 128, null, null, false); - } - } else { - aesDesKeyArr = generateAesDesKey(alg, (short) 168, null, null, false); - } - short keyBlobPtr = KMArray.cast(aesDesKeyArr).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - byte[] nonce = new byte[16]; - cryptoProvider.newRandomNumber(nonce, (short) 0, (short) 16); - short inParams = getAesDesParams(alg, blockMode, padding, nonce); - byte[] plainData = "Hello World 123!".getBytes(); - if (update) { - plainData = "Hello World 123! Hip Hip Hoorah!".getBytes(); - } - //Encrypt - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMType.ENCRYPT, - KMKeyParameters.instance(inParams), - (short) 0, null, update, aesGcmFlag - ); - inParams = getAesDesParams(alg, blockMode, padding, nonce); - keyBlobPtr = KMArray.cast(ret).get((short) 2); - //print(keyBlobPtr); - byte[] cipherData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - cipherData, (short) 0, (short) cipherData.length); - ret = processMessage(cipherData, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMType.DECRYPT, - KMKeyParameters.instance(inParams), - (short) 0, null, update, aesGcmFlag - ); - keyBlobPtr = KMArray.cast(ret).get((short) 2); - //print(plainData,(short)0,(short)plainData.length); - //print(keyBlobPtr); - short equal = Util.arrayCompare(plainData, (short) 0, KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), (short) plainData.length); - Assert.assertTrue(equal == 0); - } - - public void testEncryptDecryptWithRsa(byte digest, byte padding) { - short rsaKeyArr = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - short inParams = getRsaParams(digest, padding); - byte[] plainData = "Hello World 123!".getBytes(); - byte[] cipherData = new byte[256]; - short cipherDataLen = 0; - //Encrypt - if (padding == KMType.RSA_OAEP) { - cipherDataLen = rsaOaepEncryptMessage(keyBlob, digest, plainData, - (short) 0, (short) plainData.length, cipherData, (short) 0); - } else { - cipherDataLen = rsaEncryptMessage(keyBlob, padding, digest, plainData, - (short) 0, (short) plainData.length, cipherData, (short) 0); - } - Assert.assertTrue((cipherDataLen == 256)); - inParams = getRsaParams(digest, padding); - short ret = processMessage(cipherData, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMType.DECRYPT, - KMKeyParameters.instance(inParams), - (short) 0, null, false, false - ); - keyBlobPtr = KMArray.cast(ret).get((short) 2); - short len = KMByteBlob.cast(keyBlobPtr).length(); - short start = KMByteBlob.cast(keyBlobPtr).getStartOff(); - short equal = Util.arrayCompare(plainData, (short) 0, KMByteBlob.cast(keyBlobPtr).getBuffer(), - (short) (start + len - plainData.length), (short) plainData.length); - Assert.assertTrue(equal == 0); - } - - public void testSignVerifyWithRsa(byte digest, byte padding, boolean update, boolean verifyFlag) { - short rsaKeyArr = generateRsaKey(null, null); - short keyBlobPtr = KMArray.cast(rsaKeyArr).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - short inParams = getRsaParams(digest, padding); - byte[] plainData = "Hello World 123!".getBytes(); - if (update) { - plainData = "Hello World 123! Hip Hip Hoorah!".getBytes(); - } - //Sign - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short) 0, null, update, false - ); - inParams = getRsaParams(digest, padding); - keyBlobPtr = KMArray.cast(ret).get((short) 2); - byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData, (short) 0, (short) signatureData.length); - if (verifyFlag == false) { - Assert.assertEquals(signatureData.length, 256); - return; - } - boolean verify = rsaVerifyMessage(plainData, (short) 0, (short) plainData.length, - signatureData, (short) 0, (short) signatureData.length, - digest, padding, keyBlob); - Assert.assertTrue(verify); - } - - public void testSignVerifyWithEcdsa(byte digest, boolean update) { - short ecKeyArr = generateEcKey(null, null); - short keyBlobPtr = KMArray.cast(ecKeyArr).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - short inParams = getEcParams(digest); - byte[] plainData = "Hello World 123!".getBytes(); - if (update) { - plainData = "Hello World 123! Hip Hip Hoorah!".getBytes(); - } - //Sign - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short) 0, null, update, false - ); - inParams = getEcParams(digest); - keyBlobPtr = KMArray.cast(ret).get((short) 2); - byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData, (short) 0, (short) signatureData.length); - boolean verify = false; - if (digest == KMType.DIGEST_NONE) { - verify = ecNoDigestVerifyMessage(plainData, (short) 0, (short) plainData.length, - signatureData, (short) 0, (short) signatureData.length, - keyBlob); - } else { - verify = ecVerifyMessage(plainData, (short) 0, (short) plainData.length, - signatureData, (short) 0, (short) signatureData.length, - keyBlob); - } - Assert.assertTrue(verify); - } - - public void testSignVerifyWithHmac(byte digest, boolean update) { - short hmacKeyArr = generateHmacKey(null, null); - short keyBlobPtr = KMArray.cast(hmacKeyArr).get((short) 1); - byte[] keyBlob = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - keyBlob, (short) 0, (short) keyBlob.length); - short inParams = getHmacParams(digest, true); - byte[] plainData = "Hello World 123!".getBytes(); - if (update) { - plainData = "Hello World 123! Hip Hip Hoorah!".getBytes(); - } - //Sign - short ret = processMessage(plainData, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMType.SIGN, - KMKeyParameters.instance(inParams), - (short) 0, null, update, false - ); - inParams = getHmacParams(digest, false); - keyBlobPtr = KMArray.cast(ret).get((short) 2); - byte[] signatureData = new byte[KMByteBlob.cast(keyBlobPtr).length()]; - Util.arrayCopyNonAtomic(KMByteBlob.cast(keyBlobPtr).getBuffer(), - KMByteBlob.cast(keyBlobPtr).getStartOff(), - signatureData, (short) 0, (short) signatureData.length); - ret = processMessage(plainData, - KMByteBlob.instance(keyBlob, (short) 0, (short) keyBlob.length), - KMType.VERIFY, - KMKeyParameters.instance(inParams), - (short) 0, signatureData, update, false - ); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - } - - private short getAesDesParams(byte alg, byte blockMode, byte padding, byte[] nonce) { - short inParams; - if (blockMode == KMType.GCM) { - inParams = KMArray.instance((short) 5); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, blockMode); - KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, padding); - KMArray.cast(inParams).add((short) 1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - short nonceLen = 12; - byteBlob = KMByteBlob.instance(nonce, (short) 0, nonceLen); - KMArray.cast(inParams).add((short) 2, KMByteTag.instance(KMType.NONCE, byteBlob)); - short macLen = KMInteger.uint_16((short) 128); - macLen = KMIntegerTag.instance(KMType.UINT_TAG, KMType.MAC_LENGTH, macLen); - KMArray.cast(inParams).add((short) 3, macLen); - byte[] authData = "AuthData".getBytes(); - short associatedData = KMByteBlob.instance(authData, (short) 0, (short) authData.length); - associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA, associatedData); - KMArray.cast(inParams).add((short) 4, associatedData); - } else if (blockMode == KMType.ECB) { - inParams = KMArray.instance((short) 2); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, blockMode); - KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, padding); - KMArray.cast(inParams).add((short) 1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - } else { - inParams = KMArray.instance((short) 3); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, blockMode); - KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.BLOCK_MODE, byteBlob)); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, padding); - KMArray.cast(inParams).add((short) 1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - short nonceLen = 16; - if (alg == KMType.DES) { - nonceLen = 8; - } - byteBlob = KMByteBlob.instance(nonce, (short) 0, nonceLen); - KMArray.cast(inParams).add((short) 2, KMByteTag.instance(KMType.NONCE, byteBlob)); - } - return inParams; - } - - private short getRsaParams(byte digest, byte padding) { - short inParams = KMArray.instance((short) 2); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, digest); - KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); - byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, padding); - KMArray.cast(inParams).add((short) 1, KMEnumArrayTag.instance(KMType.PADDING, byteBlob)); - return inParams; - } - - private short getEcParams(byte digest) { - short inParams = KMArray.instance((short) 1); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, digest); - KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); - return inParams; - } - - private short getHmacParams(byte digest, boolean sign) { - short paramsize = (short) (sign ? 2 : 1); - short inParams = KMArray.instance((short) paramsize); - short byteBlob = KMByteBlob.instance((short) 1); - KMByteBlob.cast(byteBlob).add((short) 0, digest); - KMArray.cast(inParams).add((short) 0, KMEnumArrayTag.instance(KMType.DIGEST, byteBlob)); - short macLength = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.MAC_LENGTH, KMInteger.uint_16((short)/*256*/160)); - if (sign) { - KMArray.cast(inParams).add((short) 1, macLength); - } - return inParams; - } - - public short processMessage( - byte[] data, - short keyBlob, - byte keyPurpose, - short inParams, - short hwToken, - byte[] signature, - boolean updateFlag, - boolean aesGcmFlag) { - short beginResp = begin(keyPurpose, keyBlob, inParams, hwToken, false); - short opHandle = KMArray.cast(beginResp).get((short) 2); - byte[] opHandleBuf = new byte[KMRepository.OPERATION_HANDLE_SIZE]; - KMInteger.cast(opHandle).getValue(opHandleBuf, (short) 0, (short) opHandleBuf.length); - short dataPtr = KMByteBlob.instance(data, (short) 0, (short) data.length); - short ret = KMType.INVALID_VALUE; - byte[] outputData = new byte[128]; - short len = 0; - inParams = 0; - //Test - short firstDataLen = 16; - if (keyPurpose == KMType.DECRYPT) { - firstDataLen = 32; - } - - //Test - - if (updateFlag) { - dataPtr = KMByteBlob.instance(data, (short) 0, (short) /*16*/firstDataLen); - if (aesGcmFlag) { - byte[] authData = "AuthData".getBytes(); - short associatedData = KMByteBlob.instance(authData, (short) 0, (short) authData.length); - associatedData = KMByteTag.instance(KMType.ASSOCIATED_DATA, associatedData); - inParams = KMArray.instance((short) 1); - KMArray.cast(inParams).add((short) 0, associatedData); - inParams = KMKeyParameters.instance(inParams); - } - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - ret = update(opHandle, dataPtr, inParams, (short) 0, (short) 0, false); - dataPtr = KMArray.cast(ret).get((short) 3); - if (KMByteBlob.cast(dataPtr).length() > 0) { - Util.arrayCopyNonAtomic( - KMByteBlob.cast(dataPtr).getBuffer(), - KMByteBlob.cast(dataPtr).getStartOff(), - outputData, - (short) 0, - KMByteBlob.cast(dataPtr).length()); - len = KMByteBlob.cast(dataPtr).length(); - dataPtr = KMByteBlob.instance(data, len, (short) (data.length - len)); - } else { - dataPtr = KMByteBlob - .instance(data, (short)/*16*/firstDataLen, (short) (data.length - /*16*/firstDataLen)); - } - } - - opHandle = KMInteger.uint_64(opHandleBuf, (short) 0); - if (keyPurpose == KMType.VERIFY) { - ret = finish(opHandle, dataPtr, signature, (short) 0, (short) 0, (short) 0, KMError.OK, false); - } else { - ret = finish(opHandle, dataPtr, null, (short) 0, (short) 0, (short) 0, KMError.OK, false); - } - if (len > 0) { - dataPtr = KMArray.cast(ret).get((short) 2); - if (KMByteBlob.cast(dataPtr).length() > 0) { - Util.arrayCopyNonAtomic( - KMByteBlob.cast(dataPtr).getBuffer(), - KMByteBlob.cast(dataPtr).getStartOff(), - outputData, - len, - KMByteBlob.cast(dataPtr).length()); - len = (short) (len + KMByteBlob.cast(dataPtr).length()); - } - KMArray.cast(ret).add((short) 2, KMByteBlob.instance(outputData, (short) 0, len)); - } - return ret; - } - - public short begin(byte keyPurpose, short keyBlob, short keyParmas, short hwToken, boolean triggerReset) { - short arrPtr = KMArray.instance((short) 4); - KMArray.cast(arrPtr).add((short) 0, KMEnum.instance(KMType.PURPOSE, keyPurpose)); - KMArray.cast(arrPtr).add((short) 1, keyBlob); - KMArray.cast(arrPtr).add((short) 2, keyParmas); - if (hwToken == 0) { - hwToken = KMHardwareAuthToken.instance(); - } - KMArray.cast(arrPtr).add((short) 3, hwToken); - CommandAPDU apdu = encodeApdu((byte) INS_BEGIN_OPERATION_CMD, arrPtr); - if (triggerReset) { - resetAndSelect(); - } - //print(apdu.getBytes(),(short)0,(short)apdu.getBytes().length); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 3); - short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, outParams); - KMArray.cast(ret).add((short) 2, KMInteger.exp()); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - byte majorType = readMajorType(respBuf); - //if (len > 5) { - if (majorType == CBOR_ARRAY_MAJOR_TYPE) { - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - if (triggerReset) { - error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort(); - Assert.assertEquals(error, SE_POWER_RESET_FLAG); - } - return ret; - } else {//Major type UINT. - ret = decoder.decode(KMInteger.exp(), respBuf, (short) 0, len); - if (triggerReset) { - short error = KMInteger.cast(ret).getSignificantShort(); - Assert.assertEquals(error, SE_POWER_RESET_FLAG); - } - return KMInteger.cast(ret).getShort(); - /*if (len == 3) { - return respBuf[0]; - } - if (len == 4) { - return respBuf[1]; - } - return Util.getShort(respBuf, (short) 0);*/ - } - } - - public short translateExtendedErrorCodes(short err) { - switch (err) { - case KMError.SW_CONDITIONS_NOT_SATISFIED: - case KMError.UNSUPPORTED_CLA: - case KMError.INVALID_P1P2: - case KMError.INVALID_DATA: - case KMError.CRYPTO_ILLEGAL_USE: - case KMError.CRYPTO_ILLEGAL_VALUE: - case KMError.CRYPTO_INVALID_INIT: - case KMError.CRYPTO_UNINITIALIZED_KEY: - case KMError.GENERIC_UNKNOWN_ERROR: - err = KMError.UNKNOWN_ERROR; - break; - case KMError.CRYPTO_NO_SUCH_ALGORITHM: - err = KMError.UNSUPPORTED_ALGORITHM; - break; - case KMError.UNSUPPORTED_INSTRUCTION: - case KMError.CMD_NOT_ALLOWED: - case KMError.SW_WRONG_LENGTH: - err = KMError.UNIMPLEMENTED; - break; - default: - break; - } - return err; - } - - public short finish(short operationHandle, short data, byte[] signature, short inParams, - short hwToken, short verToken, short expectedErr, boolean triggerReset) { - if (hwToken == 0) { - hwToken = KMHardwareAuthToken.instance(); - } - if (verToken == 0) { - verToken = KMVerificationToken.instance(); - } - short signatureTag; - if (signature == null) { - signatureTag = KMByteBlob.instance((short) 0); - } else { - signatureTag = KMByteBlob.instance(signature, (short) 0, (short) signature.length); - } - if (inParams == 0) { - short arr = KMArray.instance((short) 0); - inParams = KMKeyParameters.instance(arr); - } - short arrPtr = KMArray.instance((short) 6); - KMArray.cast(arrPtr).add((short) 0, operationHandle); - KMArray.cast(arrPtr).add((short) 1, inParams); - KMArray.cast(arrPtr).add((short) 2, data); - KMArray.cast(arrPtr).add((short) 3, signatureTag); - KMArray.cast(arrPtr).add((short) 4, hwToken); - KMArray.cast(arrPtr).add((short) 5, verToken); - CommandAPDU apdu = encodeApdu((byte) INS_FINISH_OPERATION_CMD, arrPtr); - // print(commandAPDU.getBytes()); - if (triggerReset) { - resetAndSelect(); - } - ResponseAPDU response = simulator.transmitCommand(apdu); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - short ret; - short error; - if (expectedErr == KMError.OK) { - ret = KMArray.instance((short) 3); - short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, outParams); - KMArray.cast(ret).add((short) 2, KMByteBlob.exp()); - } else { - ret = KMInteger.exp(); - } - ret = decoder.decode(ret, respBuf, (short) 0, len); - if (expectedErr == KMError.OK) { - error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - if (triggerReset) { - short powerResetStatus = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort(); - Assert.assertEquals(powerResetStatus, SE_POWER_RESET_FLAG); - } - } else { - error = KMInteger.cast(ret).getShort(); - error = translateExtendedErrorCodes(error); - if (triggerReset) { - short powerResetStatus = KMInteger.cast(ret).getSignificantShort(); - Assert.assertEquals(powerResetStatus, SE_POWER_RESET_FLAG); - } - } - Assert.assertEquals(error, expectedErr); - return ret; - } - - public short update(short operationHandle, short data, short inParams, short hwToken, - short verToken, boolean triggerReset) { - if (hwToken == 0) { - hwToken = KMHardwareAuthToken.instance(); - } - if (verToken == 0) { - verToken = KMVerificationToken.instance(); - } - if (inParams == 0) { - short arr = KMArray.instance((short) 0); - inParams = KMKeyParameters.instance(arr); - } - short arrPtr = KMArray.instance((short) 5); - KMArray.cast(arrPtr).add((short) 0, operationHandle); - KMArray.cast(arrPtr).add((short) 1, inParams); - KMArray.cast(arrPtr).add((short) 2, data); - KMArray.cast(arrPtr).add((short) 3, hwToken); - KMArray.cast(arrPtr).add((short) 4, verToken); - CommandAPDU apdu = encodeApdu((byte) INS_UPDATE_OPERATION_CMD, arrPtr); - if (triggerReset) { - resetAndSelect(); - } - // print(commandAPDU.getBytes()); - ResponseAPDU response = simulator.transmitCommand(apdu); - short ret = KMArray.instance((short) 4); - short outParams = KMKeyParameters.exp(); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short) 1, KMInteger.exp()); - KMArray.cast(ret).add((short) 2, outParams); - KMArray.cast(ret).add((short) 3, KMByteBlob.exp()); - byte[] respBuf = response.getBytes(); - short len = (short) respBuf.length; - byte majorType = readMajorType(respBuf); - if (majorType == CBOR_ARRAY_MAJOR_TYPE) { - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getShort(); - Assert.assertEquals(error, KMError.OK); - if (triggerReset) { - error = KMInteger.cast(KMArray.cast(ret).get((short) 0)).getSignificantShort(); - Assert.assertEquals(error, SE_POWER_RESET_FLAG); - } - } else { - ret = decoder.decode(KMInteger.exp(), respBuf, (short)0, len); - if (triggerReset) { - short powerResetStatus = KMInteger.cast(ret).getSignificantShort(); - Assert.assertEquals(powerResetStatus, SE_POWER_RESET_FLAG); - } - } - return ret; - } - - private byte readMajorType(byte[] resp) { - byte val = resp[0]; - return (byte) (val & MAJOR_TYPE_MASK); - } - - private void print(short blob) { - print(KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff(), - KMByteBlob.cast(blob).length()); - } - - private void print(byte[] buf, short start, short length) { - StringBuilder sb = new StringBuilder(); - for (int i = start; i < (start + length); i++) { - sb.append(String.format(" 0x%02X", buf[i])); - } - System.out.println(sb.toString()); - } - - private void printCert(byte[] buf, short start, short length) { - StringBuilder sb = new StringBuilder(); - for (int i = start; i < (start + length); i++) { - sb.append(String.format("%02X", buf[i])); - } - System.out.println(sb.toString()); - } - - -/* - @Test - public void testApdu(){ - init(); - byte[] cmd = {(byte)0x80,0x11,0x40,0x00,0x00,0x00,0x4C,(byte)0x83,(byte)0xA5,0x1A,0x70,0x00,0x01,(byte)0xF7,0x01,0x1A,0x10, - 0x00,0x00,0x02,0x03,0x1A,0x30,0x00,0x00,0x03,0x19,0x01,0x00,0x1A,0x20,0x00,0x00,0x01,0x42,0x02, - 0x03,0x1A,0x20,0x00,0x00,0x05,0x41,0x04,0x03,0x58,0x24,(byte)0x82,0x58,0x20,0x73,0x7C,0x2E,(byte)0xCD, - 0x7B,(byte)0x8D,0x19,0x40,(byte)0xBF,0x29,0x30,(byte)0xAA,(byte)0x9B,0x4E, - (byte)0xD3,(byte)0xFF,(byte)0x94,0x1E,(byte)0xED,0x09,0x36,0x6B, - (byte)0xC0,0x32,(byte)0x99,(byte)0x98,0x64,(byte)0x81,(byte)0xF3,(byte)0xA4,(byte)0xD8,0x59,0x40}; - CommandAPDU cmdApdu = new CommandAPDU(cmd); - ResponseAPDU resp = simulator.transmitCommand(cmdApdu); - short ret = KMArray.instance((short) 3); - KMArray.cast(ret).add((short) 0, KMInteger.exp()); - KMArray.cast(ret).add((short)1, KMByteBlob.exp()); - short inst = KMKeyCharacteristics.exp(); - KMArray.cast(ret).add((short) 2, inst); - byte[] respBuf = resp.getBytes(); - short len = (short) respBuf.length; - ret = decoder.decode(ret, respBuf, (short) 0, len); - short error = KMInteger.cast(KMArray.cast(ret).get((short)0)).getShort(); - short keyBlobLength = KMByteBlob.cast(KMArray.cast(ret).get((short)1)).length(); - short blobArr = extractKeyBlobArray(KMArray.cast(ret).get((short)1)); - short keyCharacteristics = KMArray.cast(ret).get((short)2); - short hwParams = KMKeyCharacteristics.cast(keyCharacteristics).getHardwareEnforced(); - short swParams = KMKeyCharacteristics.cast(keyCharacteristics).getSoftwareEnforced(); - cleanUp(); - } - */ -} diff --git a/Applet/README.md b/Applet/README.md index 064fc9d9..ace69502 100644 --- a/Applet/README.md +++ b/Applet/README.md @@ -1,21 +1,15 @@ # JavaCardKeymaster Applet -This directory contains the implementation of the Keymaster 4.1 +This directory contains the implementation of the Keymint 1.0 interface, in the form of a JavaCard 3.0.5 applet which runs in a secure element. It must be deployed in conjuction with the associated HAL, -which serves to intermediate between Android Keystore and this applet. +which mediates between Android Keystore and this applet. # Supported Features! - - Support for AndroidSEProvider, which is compliant to JavaCard platform, Classic Edition 3.0.5. - - Keymaster 4.1 supported functions for required VTS compliance. - - Support for SE Provisioning and bootup - - Support for Global platoform Amendment H in AndroidSEProvider. - - Unit test using JCardSim. - -#### Building for source -- Install Javacard 3.0.5 classic sdk. -- set JC_HOME_SIMULATOR environment variable to the installed sdk. -- Give ant build from Applet folder. -- Download [gpapi-upgrade.jar](https://globalplatform.wpengine.com/specs-library/globalplatform-card-api-org-globalplatform-upgrade-v1/) and copy inside lib folder of both AndroidSEProvider and JCardSimProvider to resolve the compilation errors. + - Keymint 1.0 supported functions for required VTS compliance. + - SharedSecret 1.0 supported functions for required VTS compliance. +# Not supported features + - Factory provisioned attestation key will not be supported in this applet. + - Limited usage keys will not be supported in this applet. diff --git a/Applet/build.xml b/Applet/build.xml deleted file mode 100644 index 4a14664e..00000000 --- a/Applet/build.xml +++ /dev/null @@ -1,26 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/Applet/src/com/android/javacard/keymaster/KMEncoder.java b/Applet/src/com/android/javacard/keymaster/KMEncoder.java deleted file mode 100644 index 1ae67595..00000000 --- a/Applet/src/com/android/javacard/keymaster/KMEncoder.java +++ /dev/null @@ -1,420 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.keymaster; - -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.JCSystem; -import javacard.framework.Util; - -public class KMEncoder { - - // major types - private static final byte UINT_TYPE = 0x00; - private static final byte BYTES_TYPE = 0x40; - private static final byte ARRAY_TYPE = (byte) 0x80; - private static final byte MAP_TYPE = (byte) 0xA0; - - // masks - private static final byte ADDITIONAL_MASK = 0x1F; - - // value length - private static final byte UINT8_LENGTH = (byte) 0x18; - private static final byte UINT16_LENGTH = (byte) 0x19; - private static final byte UINT32_LENGTH = (byte) 0x1A; - private static final byte UINT64_LENGTH = (byte) 0x1B; - private static final short TINY_PAYLOAD = 0x17; - private static final short SHORT_PAYLOAD = 0x100; - private static final short STACK_SIZE = (short) 50; - private static final short SCRATCH_BUF_SIZE = (short) 6; - private static final short START_OFFSET = (short) 0; - private static final short LEN_OFFSET = (short) 2; - private static final short STACK_PTR_OFFSET = (short) 4; - - private Object[] bufferRef; - private short[] scratchBuf; - private short[] stack; - - public KMEncoder() { - bufferRef = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET); - scratchBuf = JCSystem.makeTransientShortArray((short) SCRATCH_BUF_SIZE, JCSystem.CLEAR_ON_RESET); - stack = JCSystem.makeTransientShortArray(STACK_SIZE, JCSystem.CLEAR_ON_RESET); - bufferRef[0] = null; - scratchBuf[START_OFFSET] = (short) 0; - scratchBuf[LEN_OFFSET] = (short) 0; - scratchBuf[STACK_PTR_OFFSET] = (short) 0; - } - - private void push(short objPtr) { - stack[scratchBuf[STACK_PTR_OFFSET]] = objPtr; - scratchBuf[STACK_PTR_OFFSET]++; - } - - private short pop() { - scratchBuf[STACK_PTR_OFFSET]--; - return stack[scratchBuf[STACK_PTR_OFFSET]]; - } - - private void encode(short obj) { - push(obj); - } - - public short encode(short object, byte[] buffer, short startOff) { - scratchBuf[STACK_PTR_OFFSET] = 0; - bufferRef[0] = buffer; - scratchBuf[START_OFFSET] = startOff; - short len = (short) buffer.length; - if ((len < 0) || (len > KMKeymasterApplet.MAX_LENGTH)) { - scratchBuf[LEN_OFFSET] = KMKeymasterApplet.MAX_LENGTH; - } else { - scratchBuf[LEN_OFFSET] = (short) buffer.length; - } - //this.length = (short)(startOff + length); - push(object); - encode(); - return (short) (scratchBuf[START_OFFSET] - startOff); - } - - // array{KMError.OK, KMByteBlob} - public void encodeCertChain(byte[] buffer, short offset, short length, short errInt32Ptr, short certChainOff, short certChainLen) { - bufferRef[0] = buffer; - scratchBuf[START_OFFSET] = offset; - scratchBuf[LEN_OFFSET] = (short) (offset + length + 1); - - writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements - encodeInteger(errInt32Ptr); - writeMajorTypeWithLength(BYTES_TYPE, certChainLen); - writeBytes(buffer, certChainOff, certChainLen); - } - - //array{KMError.OK,Array{KMByteBlobs}} - public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, short certLength, short errInt32Ptr) { - bufferRef[0] = certBuffer; - scratchBuf[START_OFFSET] = certStart; - scratchBuf[LEN_OFFSET] = (short) (certStart + 1); - //Array header - 2 elements i.e. 1 byte - scratchBuf[START_OFFSET]--; - // errInt32Ptr - PowerResetStatus + ErrorCode - 4 bytes - // Integer header - 1 byte - scratchBuf[START_OFFSET] -= getEncodedIntegerLength(errInt32Ptr); - //Array header - 2 elements i.e. 1 byte - scratchBuf[START_OFFSET]--; - // Cert Byte blob - typically 2 bytes length i.e. 3 bytes header - scratchBuf[START_OFFSET] -= 2; - if (certLength >= SHORT_PAYLOAD) { - scratchBuf[START_OFFSET]--; - } - if (scratchBuf[START_OFFSET] < bufferStart) { - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - } - bufferStart = scratchBuf[START_OFFSET]; - writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements - encodeInteger(errInt32Ptr); //PowerResetStatus + ErrorCode - writeMajorTypeWithLength(ARRAY_TYPE, (short) 1); // Array of 1 element - writeMajorTypeWithLength(BYTES_TYPE, certLength); // Cert Byte Blob of length - return bufferStart; - } - - public short encodeError(short errInt32Ptr, byte[] buffer, short startOff, short length) { - bufferRef[0] = buffer; - scratchBuf[START_OFFSET] = startOff; - scratchBuf[LEN_OFFSET] = (short) (startOff + length + 1); - encodeInteger(errInt32Ptr); - return (short) (scratchBuf[START_OFFSET] - startOff); - } - - private void encode() { - while (scratchBuf[STACK_PTR_OFFSET] > 0) { - short exp = pop(); - byte type = KMType.getType(exp); - switch (type) { - case KMType.BYTE_BLOB_TYPE: - encodeByteBlob(exp); - break; - case KMType.INTEGER_TYPE: - encodeInteger(exp); - break; - case KMType.ARRAY_TYPE: - encodeArray(exp); - break; - case KMType.ENUM_TYPE: - encodeEnum(exp); - break; - case KMType.KEY_PARAM_TYPE: - encodeKeyParam(exp); - break; - case KMType.KEY_CHAR_TYPE: - encodeKeyChar(exp); - break; - case KMType.VERIFICATION_TOKEN_TYPE: - encodeVeriToken(exp); - break; - case KMType.HMAC_SHARING_PARAM_TYPE: - encodeHmacSharingParam(exp); - break; - case KMType.HW_AUTH_TOKEN_TYPE: - encodeHwAuthToken(exp); - break; - case KMType.TAG_TYPE: - short tagType = KMTag.getTagType(exp); - encodeTag(tagType, exp); - break; - default: - ISOException.throwIt(ISO7816.SW_DATA_INVALID); - } - } - } - - private void encodeTag(short tagType, short exp) { - switch (tagType) { - case KMType.BYTES_TAG: - encodeBytesTag(exp); - return; - case KMType.BOOL_TAG: - encodeBoolTag(exp); - return; - case KMType.UINT_TAG: - case KMType.ULONG_TAG: - case KMType.DATE_TAG: - encodeIntegerTag(exp); - return; - case KMType.ULONG_ARRAY_TAG: - case KMType.UINT_ARRAY_TAG: - encodeIntegerArrayTag(exp); - return; - case KMType.ENUM_TAG: - encodeEnumTag(exp); - return; - case KMType.ENUM_ARRAY_TAG: - encodeEnumArrayTag(exp); - return; - default: - ISOException.throwIt(ISO7816.SW_DATA_INVALID); - } - } - - private void encodeKeyParam(short obj) { - encodeAsMap(KMKeyParameters.cast(obj).getVals()); - } - - private void encodeKeyChar(short obj) { - encode(KMKeyCharacteristics.cast(obj).getVals()); - } - - private void encodeVeriToken(short obj) { - encode(KMVerificationToken.cast(obj).getVals()); - } - - private void encodeHwAuthToken(short obj) { - encode(KMHardwareAuthToken.cast(obj).getVals()); - } - - private void encodeHmacSharingParam(short obj) { - encode(KMHmacSharingParameters.cast(obj).getVals()); - } - - private void encodeArray(short obj) { - writeMajorTypeWithLength(ARRAY_TYPE, KMArray.cast(obj).length()); - short len = KMArray.cast(obj).length(); - short index = (short) (len - 1); - while (index >= 0) { - encode(KMArray.cast(obj).get(index)); - index--; - } - } - - private void encodeAsMap(short obj) { - writeMajorTypeWithLength(MAP_TYPE, KMArray.cast(obj).length()); - short len = KMArray.cast(obj).length(); - short index = (short) (len - 1); - short inst; - while (index >= 0) { - inst = KMArray.cast(obj).get(index); - encode(inst); - index--; - } - } - - private void encodeIntegerArrayTag(short obj) { - writeTag(KMIntegerArrayTag.cast(obj).getTagType(), KMIntegerArrayTag.cast(obj).getKey()); - encode(KMIntegerArrayTag.cast(obj).getValues()); - } - - private void encodeEnumArrayTag(short obj) { - writeTag(KMEnumArrayTag.cast(obj).getTagType(), KMEnumArrayTag.cast(obj).getKey()); - encode(KMEnumArrayTag.cast(obj).getValues()); - } - - private void encodeIntegerTag(short obj) { - writeTag(KMIntegerTag.cast(obj).getTagType(), KMIntegerTag.cast(obj).getKey()); - encode(KMIntegerTag.cast(obj).getValue()); - } - - private void encodeBytesTag(short obj) { - writeTag(KMByteTag.cast(obj).getTagType(), KMByteTag.cast(obj).getKey()); - encode(KMByteTag.cast(obj).getValue()); - } - - private void encodeBoolTag(short obj) { - writeTag(KMBoolTag.cast(obj).getTagType(), KMBoolTag.cast(obj).getKey()); - writeByteValue(KMBoolTag.cast(obj).getVal()); - } - - private void encodeEnumTag(short obj) { - writeTag(KMEnumTag.cast(obj).getTagType(), KMEnumTag.cast(obj).getKey()); - writeByteValue(KMEnumTag.cast(obj).getValue()); - } - - private void encodeEnum(short obj) { - writeByteValue(KMEnum.cast(obj).getVal()); - } - - /* The total length of UINT Major type along with actual length of - * integer is returned. - */ - public short getEncodedIntegerLength(short obj) { - byte[] val = KMInteger.cast(obj).getBuffer(); - short len = KMInteger.cast(obj).length(); - short startOff = KMInteger.cast(obj).getStartOff(); - byte index = 0; - // find out the most significant byte - while (index < len) { - if (val[(short) (startOff + index)] > 0) { - break; - } else if (val[(short) (startOff + index)] < 0) { - break; - } - index++; // index will be equal to len if value is 0. - } - // find the difference between most significant byte and len - short diff = (short) (len - index); - switch (diff) { - case 0: case 1: //Byte | Short - if ((val[(short) (startOff + index)] < UINT8_LENGTH) && - (val[(short) (startOff + index)] >= 0)) { - return (short) 1; - } else { - return (short) 2; - } - case 2: //Short - return (short) 3; - case 3: case 4: //Uint32 - return (short) 5; - case 5: case 6: case 7: case 8: //Uint64 - return (short) 9; - default: - ISOException.throwIt(ISO7816.SW_DATA_INVALID); - } - return 0; - } - - private void encodeInteger(short obj) { - byte[] val = KMInteger.cast(obj).getBuffer(); - short len = KMInteger.cast(obj).length(); - short startOff = KMInteger.cast(obj).getStartOff(); - byte index = 0; - // find out the most significant byte - while (index < len) { - if (val[(short) (startOff + index)] > 0) { - break; - } else if (val[(short) (startOff + index)] < 0) { - break; - } - index++; // index will be equal to len if value is 0. - } - // find the difference between most significant byte and len - short diff = (short) (len - index); - if (diff == 0) { - writeByte((byte) (UINT_TYPE | 0)); - } else if ((diff == 1) && (val[(short) (startOff + index)] < UINT8_LENGTH) - && (val[(short) (startOff + index)] >= 0)) { - writeByte((byte) (UINT_TYPE | val[(short) (startOff + index)])); - } else if (diff == 1) { - writeByte((byte) (UINT_TYPE | UINT8_LENGTH)); - writeByte(val[(short) (startOff + index)]); - } else if (diff == 2) { - writeByte((byte) (UINT_TYPE | UINT16_LENGTH)); - writeBytes(val, (short) (startOff + index), (short) 2); - } else if (diff <= 4) { - writeByte((byte) (UINT_TYPE | UINT32_LENGTH)); - writeBytes(val, (short) (startOff + len - 4), (short) 4); - } else { - writeByte((byte) (UINT_TYPE | UINT64_LENGTH)); - writeBytes(val, startOff, (short) 8); - } - } - - private void encodeByteBlob(short obj) { - writeMajorTypeWithLength(BYTES_TYPE, KMByteBlob.cast(obj).length()); - writeBytes(KMByteBlob.cast(obj).getBuffer(), KMByteBlob.cast(obj).getStartOff(), - KMByteBlob.cast(obj).length()); - } - - private void writeByteValue(byte val) { - if ((val < UINT8_LENGTH) && (val >= 0)) { - writeByte((byte) (UINT_TYPE | val)); - } else { - writeByte((byte) (UINT_TYPE | UINT8_LENGTH)); - writeByte((byte) val); - } - } - - private void writeTag(short tagType, short tagKey) { - writeByte((byte) (UINT_TYPE | UINT32_LENGTH)); - writeShort(tagType); - writeShort(tagKey); - } - - private void writeMajorTypeWithLength(byte majorType, short len) { - if (len <= TINY_PAYLOAD) { - writeByte((byte) (majorType | (byte) (len & ADDITIONAL_MASK))); - } else if (len < SHORT_PAYLOAD) { - writeByte((byte) (majorType | UINT8_LENGTH)); - writeByte((byte) (len & 0xFF)); - } else { - writeByte((byte) (majorType | UINT16_LENGTH)); - writeShort(len); - } - } - - private void writeBytes(byte[] buf, short start, short len) { - byte[] buffer = (byte[]) bufferRef[0]; - Util.arrayCopyNonAtomic(buf, start, buffer, scratchBuf[START_OFFSET], len); - incrementStartOff(len); - } - - private void writeShort(short val) { - byte[] buffer = (byte[]) bufferRef[0]; - buffer[scratchBuf[START_OFFSET]] = (byte) ((val >> 8) & 0xFF); - incrementStartOff((short) 1); - buffer[scratchBuf[START_OFFSET]] = (byte) ((val & 0xFF)); - incrementStartOff((short) 1); - } - - private void writeByte(byte val) { - byte[] buffer = (byte[]) bufferRef[0]; - buffer[scratchBuf[START_OFFSET]] = val; - incrementStartOff((short) 1); - } - - private void incrementStartOff(short inc) { - scratchBuf[START_OFFSET] += inc; - if (scratchBuf[START_OFFSET] >= scratchBuf[LEN_OFFSET]) { - ISOException.throwIt(ISO7816.SW_DATA_INVALID); - } - } -} diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java b/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java deleted file mode 100644 index 7913f6ff..00000000 --- a/Applet/src/com/android/javacard/keymaster/KMKeyCharacteristics.java +++ /dev/null @@ -1,111 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.keymaster; - -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.Util; - -/** - * KMKeyCharacteristics represents KeyCharacteristics structure from android keymaster hal - * specifications. It corresponds to CBOR array type. struct{byte KEY_CHAR_TYPE; short length=2; - * short arrayPtr} where arrayPtr is a pointer to ordered array with following elements: - * {KMKeyParameters sofEnf; KMKeyParameters hwEnf} - */ -public class KMKeyCharacteristics extends KMType { - - public static final byte SOFTWARE_ENFORCED = 0x00; - public static final byte HARDWARE_ENFORCED = 0x01; - private static KMKeyCharacteristics prototype; - - private KMKeyCharacteristics() { - } - - public static short exp() { - short softEnf = KMKeyParameters.exp(); - short hwEnf = KMKeyParameters.exp(); - short arrPtr = KMArray.instance((short) 2); - KMArray arr = KMArray.cast(arrPtr); - arr.add(SOFTWARE_ENFORCED, softEnf); - arr.add(HARDWARE_ENFORCED, hwEnf); - return instance(arrPtr); - } - - private static KMKeyCharacteristics proto(short ptr) { - if (prototype == null) { - prototype = new KMKeyCharacteristics(); - } - instanceTable[KM_KEY_CHARACTERISTICS_OFFSET] = ptr; - return prototype; - } - - public static short instance() { - short arrPtr = KMArray.instance((short) 2); - return instance(arrPtr); - } - - public static short instance(short vals) { - short ptr = KMType.instance(KEY_CHAR_TYPE, (short) 2); - if (KMArray.cast(vals).length() != 2) { - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - } - Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); - return ptr; - } - - public static KMKeyCharacteristics cast(short ptr) { - if (heap[ptr] != KEY_CHAR_TYPE) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - if (heap[arrPtr] != ARRAY_TYPE) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - return proto(ptr); - } - - public short getVals() { - return Util.getShort(heap, (short) (instanceTable[KM_KEY_CHARACTERISTICS_OFFSET] + TLV_HEADER_SIZE)); - } - - public short length() { - short arrPtr = getVals(); - return KMArray.cast(arrPtr).length(); - } - - public short getSoftwareEnforced() { - short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(SOFTWARE_ENFORCED); - } - - public short getHardwareEnforced() { - short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(HARDWARE_ENFORCED); - } - - public void setSoftwareEnforced(short ptr) { - KMKeyParameters.cast(ptr); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(SOFTWARE_ENFORCED, ptr); - } - - public void setHardwareEnforced(short ptr) { - KMKeyParameters.cast(ptr); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(HARDWARE_ENFORCED, ptr); - } -} diff --git a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java b/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java deleted file mode 100644 index 709b604d..00000000 --- a/Applet/src/com/android/javacard/keymaster/KMKeyParameters.java +++ /dev/null @@ -1,386 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.keymaster; - -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.Util; - -/** - * KMKeyParameters represents KeyParameters structure from android keymaster hal specifications. It - * corresponds to CBOR map type. struct{byte KEY_PARAM_TYPE; short length=2; short arrayPtr} where - * arrayPtr is a pointer to array with any KMTag subtype instances. - */ -public class KMKeyParameters extends KMType { - - private static final short[] unsupportedTags = { - // Unsupported tags. - KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED, - KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS - }; - - private static final short[] hwEnforcedTagArr = { - // HW Enforced - KMType.ENUM_TAG, KMType.ORIGIN, - KMType.ENUM_ARRAY_TAG, KMType.PURPOSE, - KMType.ENUM_TAG, KMType.ALGORITHM, - KMType.UINT_TAG, KMType.KEYSIZE, - KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, - KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ, - KMType.ENUM_ARRAY_TAG, KMType.DIGEST, - KMType.ENUM_ARRAY_TAG, KMType.PADDING, - KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, - KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, - KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, - KMType.UINT_TAG, KMType.AUTH_TIMEOUT, - KMType.BOOL_TAG, KMType.CALLER_NONCE, - KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, - KMType.ENUM_TAG, KMType.ECCURVE, - KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID, - KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, - KMType.ENUM_TAG, KMType.USER_AUTH_TYPE, - KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED, - KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION, - KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, - KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, - KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, - KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED - }; - - private static final short[] swEnforcedTagsArr = { - KMType.DATE_TAG, KMType.ACTIVE_DATETIME, - KMType.DATE_TAG, KMType.ORIGINATION_EXPIRE_DATETIME, - KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME, - KMType.UINT_TAG, KMType.USERID, - KMType.DATE_TAG, KMType.CREATION_DATETIME, - KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY - }; - - private static final short[] invalidTagsArr = { - KMType.BYTES_TAG, KMType.NONCE, - KMType.BYTES_TAG, KMType.ASSOCIATED_DATA, - KMType.BYTES_TAG, KMType.UNIQUE_ID, - KMType.UINT_TAG, KMType.MAC_LENGTH, - }; - - private static final short[] customTags = { - KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS, - }; - - private static KMKeyParameters prototype; - - private KMKeyParameters() { - } - - private static KMKeyParameters proto(short ptr) { - if (prototype == null) { - prototype = new KMKeyParameters(); - } - instanceTable[KM_KEY_PARAMETERS_OFFSET] = ptr; - return prototype; - } - - public static short exp() { - short arrPtr = KMArray.instance((short) 9); - KMArray arr = KMArray.cast(arrPtr); - arr.add((short) 0, KMIntegerTag.exp(UINT_TAG)); - arr.add((short) 1, KMIntegerArrayTag.exp(UINT_ARRAY_TAG)); - arr.add((short) 2, KMIntegerTag.exp(ULONG_TAG)); - arr.add((short) 3, KMIntegerTag.exp(DATE_TAG)); - arr.add((short) 4, KMIntegerArrayTag.exp(ULONG_ARRAY_TAG)); - arr.add((short) 5, KMEnumTag.exp()); - arr.add((short) 6, KMEnumArrayTag.exp()); - arr.add((short) 7, KMByteTag.exp()); - arr.add((short) 8, KMBoolTag.exp()); - return instance(arrPtr); - } - - public static short instance(short vals) { - short ptr = KMType.instance(KEY_PARAM_TYPE, (short) 2); - Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); - return ptr; - } - - public static KMKeyParameters cast(short ptr) { - if (heap[ptr] != KEY_PARAM_TYPE) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - if (heap[arrPtr] != ARRAY_TYPE) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - return proto(ptr); - } - - public short getVals() { - return Util.getShort(heap, (short) (instanceTable[KM_KEY_PARAMETERS_OFFSET] + TLV_HEADER_SIZE)); - } - - public short length() { - short arrPtr = getVals(); - return KMArray.cast(arrPtr).length(); - } - - public static short findTag(short tagType, short tagKey, short keyParam) { - KMKeyParameters instParam = KMKeyParameters.cast(keyParam); - return instParam.findTag(tagType, tagKey); - } - - public short findTag(short tagType, short tagKey) { - KMArray vals = KMArray.cast(getVals()); - short index = 0; - short length = vals.length(); - short key; - short type; - short ret = KMType.INVALID_VALUE; - short obj; - while (index < length) { - obj = vals.get(index); - key = KMTag.getKey(obj); - type = KMTag.getTagType(obj); - if ((tagKey == key) && (tagType == type)) { - ret = obj; - break; - } - index++; - } - return ret; - } - - public static boolean hasUnsupportedTags(short keyParamsPtr) { - byte index = 0; - short tagInd; - short tagPtr; - short tagKey; - short tagType; - short arrPtr = KMKeyParameters.cast(keyParamsPtr).getVals(); - short len = KMArray.cast(arrPtr).length(); - while (index < len) { - tagInd = 0; - tagPtr = KMArray.cast(arrPtr).get(index); - tagKey = KMTag.getKey(tagPtr); - tagType = KMTag.getTagType(tagPtr); - while (tagInd < (short) unsupportedTags.length) { - if ((unsupportedTags[tagInd] == tagType) - && (unsupportedTags[(short) (tagInd + 1)] == tagKey)) { - return true; - } - tagInd += 2; - } - index++; - } - return false; - } - - // KDF, ECIES_SINGLE_HASH_MODE missing from types.hal - public static short makeHwEnforced(short keyParamsPtr, byte origin, - short osVersionObjPtr, short osPatchObjPtr, short vendorPatchObjPtr, - short bootPatchObjPtr, byte[] scratchPad) { - byte index = 0; - short tagInd; - short arrInd = 0; - short tagPtr; - short tagKey; - short tagType; - short arrPtr = KMKeyParameters.cast(keyParamsPtr).getVals(); - short len = KMArray.cast(arrPtr).length(); - while (index < len) { - tagInd = 0; - tagPtr = KMArray.cast(arrPtr).get(index); - tagKey = KMTag.getKey(tagPtr); - tagType = KMTag.getTagType(tagPtr); - if (!isValidTag(tagType, tagKey)) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - while (tagInd < (short) hwEnforcedTagArr.length) { - if ((hwEnforcedTagArr[tagInd] == tagType) - && (hwEnforcedTagArr[(short) (tagInd + 1)] == tagKey)) { - Util.setShort(scratchPad, arrInd, tagPtr); - arrInd += 2; - break; - } - tagInd += 2; - } - index++; - } - short originTag = KMEnumTag.instance(KMType.ORIGIN, origin); - Util.setShort(scratchPad, arrInd, originTag); - arrInd += 2; - short osVersionTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.OS_VERSION, osVersionObjPtr); - Util.setShort(scratchPad, arrInd, osVersionTag); - arrInd += 2; - short osPatchTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, osPatchObjPtr); - Util.setShort(scratchPad, arrInd, osPatchTag); - arrInd += 2; - short vendorPatchTag = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, vendorPatchObjPtr); - Util.setShort(scratchPad, arrInd, vendorPatchTag); - arrInd += 2; - short bootPatchTag = KMIntegerTag - .instance(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, bootPatchObjPtr); - Util.setShort(scratchPad, arrInd, bootPatchTag); - arrInd += 2; - // Add custom tags at the end of the array. So it becomes easy to - // delete them when sending key characteristics back to HAL. - arrInd = addCustomTags(keyParamsPtr, scratchPad, arrInd); - return createKeyParameters(scratchPad, (short) (arrInd / 2)); - } - - // ALL_USERS, EXPORTABLE missing from types.hal - public static short makeSwEnforced(short keyParamsPtr, byte[] scratchPad) { - byte index = 0; - short tagInd; - short arrInd = 0; - short tagPtr; - short tagKey; - short tagType; - short arrPtr = KMKeyParameters.cast(keyParamsPtr).getVals(); - short len = KMArray.cast(arrPtr).length(); - while (index < len) { - tagInd = 0; - tagPtr = KMArray.cast(arrPtr).get(index); - tagKey = KMTag.getKey(tagPtr); - tagType = KMTag.getTagType(tagPtr); - if (!isValidTag(tagType, tagKey)) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - while (tagInd < (short) swEnforcedTagsArr.length) { - if ((swEnforcedTagsArr[tagInd] == tagType) - && (swEnforcedTagsArr[(short) (tagInd + 1)] == tagKey)) { - Util.setShort(scratchPad, arrInd, tagPtr); - arrInd += 2; - break; - } - tagInd += 2; - } - index++; - } - return createKeyParameters(scratchPad, (short) (arrInd / 2)); - } - - public static short makeHidden(short keyParamsPtr, short rootOfTrustBlob, byte[] scratchPad) { - short appId = KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_ID, keyParamsPtr); - if (appId != KMTag.INVALID_VALUE) { - appId = KMByteTag.cast(appId).getValue(); - } - short appData = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_DATA, keyParamsPtr); - if (appData != KMTag.INVALID_VALUE) { - appData = KMByteTag.cast(appData).getValue(); - } - return makeHidden(appId, appData, rootOfTrustBlob, scratchPad); - } - - public static short makeHidden(short appIdBlob, short appDataBlob, short rootOfTrustBlob, - byte[] scratchPad) { - // Order in which the hidden array is created should not change. - short index = 0; - KMByteBlob.cast(rootOfTrustBlob); - Util.setShort(scratchPad, index, rootOfTrustBlob); - index += 2; - if (appIdBlob != KMTag.INVALID_VALUE) { - KMByteBlob.cast(appIdBlob); - Util.setShort(scratchPad, index, appIdBlob); - index += 2; - } - if (appDataBlob != KMTag.INVALID_VALUE) { - Util.setShort(scratchPad, index, appDataBlob); - index += 2; - } - return createKeyParameters(scratchPad, (short) (index / 2)); - - } - - public static boolean isValidTag(short tagType, short tagKey) { - short index = 0; - if (tagKey == KMType.INVALID_TAG) { - return false; - } - while (index < invalidTagsArr.length) { - if ((tagType == invalidTagsArr[index]) && (tagKey == invalidTagsArr[(short) (index + 1)])) { - return false; - } - index += 2; - } - return true; - } - - public static short createKeyParameters(byte[] ptrArr, short len) { - short arrPtr = KMArray.instance(len); - short index = 0; - short ptr = 0; - while (index < len) { - KMArray.cast(arrPtr).add(index, Util.getShort(ptrArr, ptr)); - index++; - ptr += 2; - } - return KMKeyParameters.instance(arrPtr); - } - - public static short addCustomTags(short keyParams, byte[] scratchPad, short offset) { - short index = 0; - short tagPtr; - short len = (short) customTags.length; - short tagType; - while (index < len) { - tagType = customTags[(short) (index + 1)]; - switch(tagType) { - case KMType.AUTH_TIMEOUT_MILLIS: - short authTimeOutTag = - KMKeyParameters.cast(keyParams).findTag(KMType.UINT_TAG, KMType.AUTH_TIMEOUT); - if (authTimeOutTag != KMType.INVALID_VALUE) { - tagPtr = createAuthTimeOutMillisTag(authTimeOutTag, scratchPad, offset); - Util.setShort(scratchPad, offset, tagPtr); - offset += 2; - } - break; - default: - break; - } - index += 2; - } - return offset; - } - - public void deleteCustomTags() { - short arrPtr = getVals(); - short index = (short) (customTags.length - 1); - short obj; - while (index >= 0) { - obj = findTag(customTags[(short) (index - 1)], customTags[index]); - if (obj != KMType.INVALID_VALUE) { - KMArray.cast(arrPtr).deleteLastEntry(); - } - index -= 2; - } - } - - public static short createAuthTimeOutMillisTag(short authTimeOutTag, byte[] scratchPad, short offset) { - short authTime = KMIntegerTag.cast(authTimeOutTag).getValue(); - Util.arrayFillNonAtomic(scratchPad, offset, (short) 40, (byte) 0); - Util.arrayCopyNonAtomic( - KMInteger.cast(authTime).getBuffer(), - KMInteger.cast(authTime).getStartOff(), - scratchPad, - (short) (offset + 8 - KMInteger.cast(authTime).length()), - KMInteger.cast(authTime).length()); - KMUtils.convertToMilliseconds(scratchPad, offset, (short) (offset + 8), (short) (offset + 16)); - return KMIntegerTag.instance(KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS, - KMInteger.uint_64(scratchPad, (short) (offset + 8))); - } - -} diff --git a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java b/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java deleted file mode 100644 index 0eebb569..00000000 --- a/Applet/src/com/android/javacard/keymaster/KMKeymasterApplet.java +++ /dev/null @@ -1,4154 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.keymaster; - -import javacard.framework.APDU; -import javacard.framework.Applet; -import javacard.framework.AppletEvent; -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.JCSystem; -import javacard.framework.Util; -import javacard.security.CryptoException; -import javacardx.apdu.ExtendedLength; - -/** - * KMKeymasterApplet implements the javacard applet. It creates repository and other install time - * objects. It also implements the keymaster state machine and handles javacard applet life cycle - * events. - */ -public class KMKeymasterApplet extends Applet implements AppletEvent, ExtendedLength { - - // Constants. - public static final byte[] F4 = {0x01, 0x00, 0x01}; - public static final byte AES_BLOCK_SIZE = 16; - public static final byte DES_BLOCK_SIZE = 8; - public static final short MAX_LENGTH = (short) 0x2000; - private static final byte CLA_ISO7816_NO_SM_NO_CHAN = (byte) 0x80; - private static final short KM_HAL_VERSION = (short) 0x4000; - private static final short MAX_AUTH_DATA_SIZE = (short) 256; - private static final short DERIVE_KEY_INPUT_SIZE = (short) 256; - private static final short POWER_RESET_MASK_FLAG = (short) 0x4000; - // Magic number version - public static final byte KM_MAGIC_NUMBER = (byte) 0x81; - // MSB byte is for Major version and LSB byte is for Minor version. - public static final short CURRENT_PACKAGE_VERSION = 0x0200; // 2.0 - - // "Keymaster HMAC Verification" - used for HMAC key verification. - public static final byte[] sharingCheck = { - 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x48, 0x4D, 0x41, 0x43, 0x20, - 0x56, - 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E - }; - // "KeymasterSharedMac" - public static final byte[] ckdfLable = { - 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, - 0x4D, - 0x61, 0x63 - }; - // "Auth Verification" - public static final byte[] authVerification = { - 0x41, 0x75, 0x74, 0x68, 0x20, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6F, - 0x6E - }; - // "confirmation token" - public static final byte[] confirmationToken = { - 0x63, 0x6F, 0x6E, 0x66, 0x69, 0x72, 0x6D, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x74, 0x6F, - 0x6B, - 0x65, 0x6E - }; - - // getHardwareInfo constants. - private static final byte[] JAVACARD_KEYMASTER_DEVICE = { - 0x4A, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, - 0x65, 0x72, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, - }; - private static final byte[] GOOGLE = {0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65}; - - - // Possible states of the applet. - private static final byte KM_BEGIN_STATE = 0x00; - private static final byte ILLEGAL_STATE = KM_BEGIN_STATE + 1; - private static final byte INIT_STATE = KM_BEGIN_STATE + 2; - private static final byte IN_PROVISION_STATE = KM_BEGIN_STATE + 3; - private static final byte ACTIVE_STATE = KM_BEGIN_STATE + 4; - - // Commands - private static final byte INS_BEGIN_KM_CMD = 0x00; - // Instructions for Provision Commands. - private static final byte INS_PROVISION_ATTESTATION_KEY_CMD = INS_BEGIN_KM_CMD + 1; //0x01 - private static final byte INS_PROVISION_ATTESTATION_CERT_DATA_CMD = INS_BEGIN_KM_CMD + 2; //0x02 - private static final byte INS_PROVISION_ATTEST_IDS_CMD = INS_BEGIN_KM_CMD + 3; //0x03 - private static final byte INS_PROVISION_PRESHARED_SECRET_CMD = INS_BEGIN_KM_CMD + 4; //0x04 - private static final byte INS_SET_BOOT_PARAMS_CMD = INS_BEGIN_KM_CMD + 5; //0x05 - private static final byte INS_LOCK_PROVISIONING_CMD = INS_BEGIN_KM_CMD + 6; //0x06 - private static final byte INS_GET_PROVISION_STATUS_CMD = INS_BEGIN_KM_CMD + 7; //0x07 - private static final byte INS_SET_VERSION_PATCHLEVEL_CMD = INS_BEGIN_KM_CMD + 8; //0x08 - private static final byte INS_SET_BOOT_ENDED_CMD = INS_BEGIN_KM_CMD + 9; //0x09 - - // Top 32 commands are reserved for provisioning. - private static final byte INS_END_KM_PROVISION_CMD = 0x20; - - private static final byte INS_GENERATE_KEY_CMD = INS_END_KM_PROVISION_CMD + 1; //0x21 - private static final byte INS_IMPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 2; //0x22 - private static final byte INS_IMPORT_WRAPPED_KEY_CMD = INS_END_KM_PROVISION_CMD + 3; //0x23 - private static final byte INS_EXPORT_KEY_CMD = INS_END_KM_PROVISION_CMD + 4; //0x24 - private static final byte INS_ATTEST_KEY_CMD = INS_END_KM_PROVISION_CMD + 5; //0x25 - private static final byte INS_UPGRADE_KEY_CMD = INS_END_KM_PROVISION_CMD + 6; //0x26 - private static final byte INS_DELETE_KEY_CMD = INS_END_KM_PROVISION_CMD + 7; //0x27 - private static final byte INS_DELETE_ALL_KEYS_CMD = INS_END_KM_PROVISION_CMD + 8; //0x28 - private static final byte INS_ADD_RNG_ENTROPY_CMD = INS_END_KM_PROVISION_CMD + 9; //0x29 - private static final byte INS_COMPUTE_SHARED_HMAC_CMD = INS_END_KM_PROVISION_CMD + 10; //0x2A - private static final byte INS_DESTROY_ATT_IDS_CMD = INS_END_KM_PROVISION_CMD + 11; //0x2B - private static final byte INS_VERIFY_AUTHORIZATION_CMD = INS_END_KM_PROVISION_CMD + 12; //0x2C - private static final byte INS_GET_HMAC_SHARING_PARAM_CMD = INS_END_KM_PROVISION_CMD + 13; //0x2D - private static final byte INS_GET_KEY_CHARACTERISTICS_CMD = INS_END_KM_PROVISION_CMD + 14; //0x2E - private static final byte INS_GET_HW_INFO_CMD = INS_END_KM_PROVISION_CMD + 15; //0x2F - private static final byte INS_BEGIN_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 16; //0x30 - private static final byte INS_UPDATE_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 17; //0x31 - private static final byte INS_FINISH_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 18; //0x32 - private static final byte INS_ABORT_OPERATION_CMD = INS_END_KM_PROVISION_CMD + 19; //0x33 - private static final byte INS_DEVICE_LOCKED_CMD = INS_END_KM_PROVISION_CMD + 20;//0x34 - private static final byte INS_EARLY_BOOT_ENDED_CMD = INS_END_KM_PROVISION_CMD + 21; //0x35 - private static final byte INS_GET_CERT_CHAIN_CMD = INS_END_KM_PROVISION_CMD + 22; //0x36 - - private static final byte INS_END_KM_CMD = 0x7F; - - // Provision reporting status - protected static final byte NOT_PROVISIONED = 0x00; - protected static final byte PROVISION_STATUS_ATTESTATION_KEY = 0x01; - private static final byte PROVISION_STATUS_ATTESTATION_CERT_CHAIN = 0x02; - private static final byte PROVISION_STATUS_ATTESTATION_CERT_PARAMS = 0x04; - protected static final byte PROVISION_STATUS_ATTEST_IDS = 0x08; - protected static final byte PROVISION_STATUS_PRESHARED_SECRET = 0x10; - protected static final byte PROVISION_STATUS_PROVISIONING_LOCKED = 0x20; - - // Data Dictionary items - public static final byte DATA_ARRAY_SIZE = 30; - public static final byte TMP_VARIABLE_ARRAY_SIZE = 20; - public static final byte UPDATE_PARAM_ARRAY_SIZE = 40; - public static final byte KEY_PARAMETERS = 0; - public static final byte KEY_CHARACTERISTICS = 1; - public static final byte HIDDEN_PARAMETERS = 2; - public static final byte HW_PARAMETERS = 3; - public static final byte SW_PARAMETERS = 4; - public static final byte AUTH_DATA = 5; - public static final byte AUTH_TAG = 6; - public static final byte NONCE = 7; - public static final byte KEY_BLOB = 8; - public static final byte AUTH_DATA_LENGTH = 9; - public static final byte SECRET = 10; - public static final byte ROT = 11; - public static final byte DERIVED_KEY = 12; - public static final byte RSA_PUB_EXPONENT = 13; - public static final byte APP_ID = 14; - public static final byte APP_DATA = 15; - public static final byte PUB_KEY = 16; - public static final byte IMPORTED_KEY_BLOB = 17; - public static final byte ORIGIN = 18; - public static final byte ENC_TRANSPORT_KEY = 19; - public static final byte MASKING_KEY = 20; - public static final byte HMAC_SHARING_PARAMS = 21; - public static final byte OP_HANDLE = 22; - public static final byte IV = 23; - public static final byte INPUT_DATA = 24; - public static final byte OUTPUT_DATA = 25; - public static final byte HW_TOKEN = 26; - public static final byte VERIFICATION_TOKEN = 27; - public static final byte SIGNATURE = 28; - - // AddRngEntropy - protected static final short MAX_SEED_SIZE = 2048; - // Keyblob constants - public static final byte KEY_BLOB_SECRET = 0; - public static final byte KEY_BLOB_NONCE = 1; - public static final byte KEY_BLOB_AUTH_TAG = 2; - public static final byte KEY_BLOB_KEYCHAR = 3; - public static final byte KEY_BLOB_PUB_KEY = 4; - // AES GCM constants - private static final byte AES_GCM_AUTH_TAG_LENGTH = 16; - private static final byte AES_GCM_NONCE_LENGTH = 12; - // ComputeHMAC constants - private static final short HMAC_SHARED_PARAM_MAX_SIZE = 64; - // Maximum certificate size. - private static final short MAX_CERT_SIZE = 2048; - // Buffer constants. - private static final short BUF_START_OFFSET = 0; - private static final short BUF_LEN_OFFSET = 2; - - // Keymaster Applet attributes - protected static byte keymasterState = ILLEGAL_STATE; - protected static KMEncoder encoder; - protected static KMDecoder decoder; - protected static KMRepository repository; - protected static KMSEProvider seProvider; - protected static Object[] bufferRef; - protected static short[] bufferProp; - protected static short[] tmpVariables; - protected static short[] data; - protected static byte provisionStatus = NOT_PROVISIONED; - // First two bytes are Major version and second bytes are minor version. - protected short packageVersion; - - - /** - * Registers this applet. - */ - protected KMKeymasterApplet(KMSEProvider seImpl) { - seProvider = seImpl; - boolean isUpgrading = seImpl.isUpgrading(); - repository = new KMRepository(isUpgrading); - initializeTransientArrays(); - if (!isUpgrading) { - keymasterState = KMKeymasterApplet.INIT_STATE; - seProvider.createMasterKey((short) (KMRepository.MASTER_KEY_SIZE * 8)); - packageVersion = CURRENT_PACKAGE_VERSION; - } - KMType.initialize(); - encoder = new KMEncoder(); - decoder = new KMDecoder(); - } - - private void initializeTransientArrays() { - data = JCSystem.makeTransientShortArray((short) DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); - bufferRef = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET); - bufferProp = JCSystem.makeTransientShortArray((short) 4, JCSystem.CLEAR_ON_RESET); - tmpVariables = - JCSystem.makeTransientShortArray((short) TMP_VARIABLE_ARRAY_SIZE, JCSystem.CLEAR_ON_RESET); - bufferProp[BUF_START_OFFSET] = 0; - bufferProp[BUF_LEN_OFFSET] = 0; - } - - /** - * Selects this applet. - * - * @return Returns true if the keymaster is in correct state - */ - @Override - public boolean select() { - repository.onSelect(); - if (keymasterState == KMKeymasterApplet.INIT_STATE) { - keymasterState = KMKeymasterApplet.IN_PROVISION_STATE; - } - return true; - } - - /** - * De-selects this applet. - */ - @Override - public void deselect() { - repository.onDeselect(); - } - - /** - * Uninstalls the applet after cleaning the repository. - */ - @Override - public void uninstall() { - repository.onUninstall(); - } - - private short mapISOErrorToKMError(short reason) { - switch (reason) { - case ISO7816.SW_CLA_NOT_SUPPORTED: - return KMError.UNSUPPORTED_CLA; - case ISO7816.SW_CONDITIONS_NOT_SATISFIED: - return KMError.SW_CONDITIONS_NOT_SATISFIED; - case ISO7816.SW_COMMAND_NOT_ALLOWED: - return KMError.CMD_NOT_ALLOWED; - case ISO7816.SW_DATA_INVALID: - return KMError.INVALID_DATA; - case ISO7816.SW_INCORRECT_P1P2: - return KMError.INVALID_P1P2; - case ISO7816.SW_INS_NOT_SUPPORTED: - return KMError.UNSUPPORTED_INSTRUCTION; - case ISO7816.SW_WRONG_LENGTH: - return KMError.SW_WRONG_LENGTH; - case ISO7816.SW_UNKNOWN: - default: - return KMError.UNKNOWN_ERROR; - } - } - - private short mapCryptoErrorToKMError(short reason) { - switch (reason) { - case CryptoException.ILLEGAL_USE: - return KMError.CRYPTO_ILLEGAL_USE; - case CryptoException.ILLEGAL_VALUE: - return KMError.CRYPTO_ILLEGAL_VALUE; - case CryptoException.INVALID_INIT: - return KMError.CRYPTO_INVALID_INIT; - case CryptoException.NO_SUCH_ALGORITHM: - return KMError.CRYPTO_NO_SUCH_ALGORITHM; - case CryptoException.UNINITIALIZED_KEY: - return KMError.CRYPTO_UNINITIALIZED_KEY; - default: - return KMError.UNKNOWN_ERROR; - } - } - - protected void validateApduHeader(APDU apdu) { - // Read the apdu header and buffer. - byte[] apduBuffer = apdu.getBuffer(); - byte apduClass = apduBuffer[ISO7816.OFFSET_CLA]; - short P1P2 = Util.getShort(apduBuffer, ISO7816.OFFSET_P1); - - // Validate APDU Header. - if ((apduClass != CLA_ISO7816_NO_SM_NO_CHAN)) { - ISOException.throwIt(ISO7816.SW_CLA_NOT_SUPPORTED); - } - - // Validate P1P2. - if (P1P2 != KMKeymasterApplet.KM_HAL_VERSION) { - ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); - } - } - - /** - * Processes an incoming APDU and handles it using command objects. - * - * @param apdu the incoming APDU - */ - @Override - public void process(APDU apdu) { - try { - // Handle the card reset status before processing apdu. - if (repository.isPowerResetEventOccurred()) { - // Release all the operation instances. - seProvider.releaseAllOperations(); - } - repository.onProcess(); - // Verify whether applet is in correct state. - if ((keymasterState == KMKeymasterApplet.INIT_STATE) - || (keymasterState == KMKeymasterApplet.ILLEGAL_STATE)) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - // If this is select applet apdu which is selecting this applet then - // return - if (apdu.isISOInterindustryCLA()) { - if (selectingApplet()) { - return; - } - } - // Validate APDU Header. - validateApduHeader(apdu); - - byte[] apduBuffer = apdu.getBuffer(); - byte apduIns = apduBuffer[ISO7816.OFFSET_INS]; - - // Validate whether INS can be supported - if (!(apduIns > INS_BEGIN_KM_CMD && apduIns < INS_END_KM_CMD)) { - ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); - } - bufferRef[0] = repository.getHeap(); - // Process the apdu - if (keymasterState == KMKeymasterApplet.IN_PROVISION_STATE) { - switch (apduIns) { - case INS_PROVISION_ATTESTATION_KEY_CMD: - processProvisionAttestationKey(apdu); - provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_KEY; - sendError(apdu, KMError.OK); - return; - - case INS_PROVISION_ATTESTATION_CERT_DATA_CMD: - processProvisionAttestationCertDataCmd(apdu); - provisionStatus |= (KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_CHAIN | - KMKeymasterApplet.PROVISION_STATUS_ATTESTATION_CERT_PARAMS); - sendError(apdu, KMError.OK); - return; - - case INS_PROVISION_ATTEST_IDS_CMD: - processProvisionAttestIdsCmd(apdu); - provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_ATTEST_IDS; - sendError(apdu, KMError.OK); - return; - - case INS_PROVISION_PRESHARED_SECRET_CMD: - processProvisionSharedSecretCmd(apdu); - provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_PRESHARED_SECRET; - sendError(apdu, KMError.OK); - return; - - case INS_LOCK_PROVISIONING_CMD: - if (isProvisioningComplete()) { - provisionStatus |= KMKeymasterApplet.PROVISION_STATUS_PROVISIONING_LOCKED; - keymasterState = KMKeymasterApplet.ACTIVE_STATE; - sendError(apdu, KMError.OK); - } else { - ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED); - } - return; - } - } - - if ((keymasterState == KMKeymasterApplet.ACTIVE_STATE) - || (keymasterState == KMKeymasterApplet.IN_PROVISION_STATE)) { - switch (apduIns) { - case INS_SET_BOOT_PARAMS_CMD: - if (seProvider.isBootSignalEventSupported() - && (keymasterState == KMKeymasterApplet.ACTIVE_STATE) - && (!seProvider.isDeviceRebooted())) { - ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED); - } - processSetBootParamsCmd(apdu); - - sendError(apdu, KMError.OK); - return; - - case INS_SET_BOOT_ENDED_CMD: - if (seProvider.isBootSignalEventSupported() - && (keymasterState == KMKeymasterApplet.ACTIVE_STATE) - && (!seProvider.isDeviceRebooted())) { - ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED); - } - //set the flag to mark boot ended - repository.setBootEndedStatus(true); - - seProvider.clearDeviceBooted(false); - sendError(apdu, KMError.OK); - return; - - case INS_GET_PROVISION_STATUS_CMD: - processGetProvisionStatusCmd(apdu); - return; - } - } - - if ((keymasterState == KMKeymasterApplet.ACTIVE_STATE) - || ((keymasterState == KMKeymasterApplet.IN_PROVISION_STATE) - && isProvisioningComplete())) { - switch (apduIns) { - case INS_GENERATE_KEY_CMD: - processGenerateKey(apdu); - break; - case INS_IMPORT_KEY_CMD: - processImportKeyCmd(apdu); - break; - case INS_IMPORT_WRAPPED_KEY_CMD: - processImportWrappedKeyCmd(apdu); - break; - case INS_EXPORT_KEY_CMD: - processExportKeyCmd(apdu); - break; - case INS_ATTEST_KEY_CMD: - processAttestKeyCmd(apdu); - break; - case INS_UPGRADE_KEY_CMD: - processUpgradeKeyCmd(apdu); - break; - case INS_DELETE_KEY_CMD: - processDeleteKeyCmd(apdu); - break; - case INS_DELETE_ALL_KEYS_CMD: - processDeleteAllKeysCmd(apdu); - break; - case INS_ADD_RNG_ENTROPY_CMD: - processAddRngEntropyCmd(apdu); - break; - case INS_COMPUTE_SHARED_HMAC_CMD: - processComputeSharedHmacCmd(apdu); - break; - case INS_DESTROY_ATT_IDS_CMD: - processDestroyAttIdsCmd(apdu); - break; - case INS_VERIFY_AUTHORIZATION_CMD: - processVerifyAuthorizationCmd(apdu); - break; - case INS_GET_HMAC_SHARING_PARAM_CMD: - processGetHmacSharingParamCmd(apdu); - break; - case INS_GET_KEY_CHARACTERISTICS_CMD: - processGetKeyCharacteristicsCmd(apdu); - break; - case INS_GET_HW_INFO_CMD: - processGetHwInfoCmd(apdu); - break; - case INS_BEGIN_OPERATION_CMD: - processBeginOperationCmd(apdu); - break; - case INS_UPDATE_OPERATION_CMD: - processUpdateOperationCmd(apdu); - break; - case INS_FINISH_OPERATION_CMD: - processFinishOperationCmd(apdu); - break; - case INS_ABORT_OPERATION_CMD: - processAbortOperationCmd(apdu); - break; - case INS_DEVICE_LOCKED_CMD: - processDeviceLockedCmd(apdu); - break; - case INS_EARLY_BOOT_ENDED_CMD: - processEarlyBootEndedCmd(apdu); - break; - case INS_GET_CERT_CHAIN_CMD: - processGetCertChainCmd(apdu); - break; - case INS_SET_VERSION_PATCHLEVEL_CMD: - processSetVersionAndPatchLevels(apdu); - break; - default: - ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); - } - } else { - ISOException.throwIt(ISO7816.SW_COMMAND_NOT_ALLOWED); - } - } catch (KMException exception) { - freeOperations(); - sendError(apdu, KMException.getReason()); - exception.clear(); - } catch (ISOException exp) { - freeOperations(); - sendError(apdu, mapISOErrorToKMError(exp.getReason())); - } catch (CryptoException e) { - freeOperations(); - sendError(apdu, mapCryptoErrorToKMError(e.getReason())); - } catch (Exception e) { - freeOperations(); - sendError(apdu, KMError.GENERIC_UNKNOWN_ERROR); - } finally { - resetData(); - repository.clean(); - } - } - - private void generateUniqueOperationHandle(byte[] buf, short offset, short len) { - do { - seProvider.newRandomNumber(buf, offset, len); - } while (null != repository.findOperation(buf, offset, len)); - } - - private boolean isProvisioningComplete() { - if ((0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_KEY)) - && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_CHAIN)) - && (0 != (provisionStatus & PROVISION_STATUS_ATTESTATION_CERT_PARAMS)) - && (0 != (provisionStatus & PROVISION_STATUS_PRESHARED_SECRET))) { - return true; - } else { - return false; - } - } - - private void freeOperations() { - if (data[OP_HANDLE] != KMType.INVALID_VALUE) { - KMOperationState op = repository.findOperation(data[OP_HANDLE]); - if (op != null) { - repository.releaseOperation(op); - } - } - } - - private void processEarlyBootEndedCmd(APDU apdu) { - repository.setEarlyBootEndedStatus(true); - } - - private void processDeviceLockedCmd(APDU apdu) { - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - tmpVariables[0] = KMArray.instance((short) 2); - KMArray.cast(tmpVariables[0]).add((short) 0, KMInteger.exp()); - tmpVariables[1] = KMVerificationToken.exp(); - KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]); - // Decode the arguments - tmpVariables[0] = decoder.decode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - tmpVariables[1] = KMArray.cast(tmpVariables[0]).get((short) 0); - tmpVariables[1] = KMInteger.cast(tmpVariables[1]).getByte(); - data[VERIFICATION_TOKEN] = KMArray.cast(tmpVariables[0]).get((short) 1); - validateVerificationToken(data[VERIFICATION_TOKEN], scratchPad); - short verTime = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getTimestamp(); - short lastDeviceLockedTime = repository.getDeviceTimeStamp(); - if (KMInteger.compare(verTime, lastDeviceLockedTime) > 0) { - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 8, (byte) 0); - KMInteger.cast(verTime).getValue(scratchPad, (short) 0, (short) 8); - repository.setDeviceLock(true); - repository.setDeviceLockPasswordOnly(tmpVariables[1] == 0x01); - repository.setDeviceLockTimestamp(scratchPad, (short) 0, (short) 8); - } - sendError(apdu, KMError.OK); - } - - private void resetData() { - short index = 0; - while (index < data.length) { - data[index] = KMType.INVALID_VALUE; - index++; - } - index = 0; - while (index < tmpVariables.length) { - tmpVariables[index] = KMType.INVALID_VALUE; - index++; - } - } - - /** - * Sends a response, may be extended response, as requested by the command. - */ - public static void sendOutgoing(APDU apdu) { - if (((short) (bufferProp[BUF_LEN_OFFSET] + bufferProp[BUF_START_OFFSET])) > ((short) repository - .getHeap().length)) { - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - } - // Send data - apdu.setOutgoing(); - apdu.setOutgoingLength(bufferProp[BUF_LEN_OFFSET]); - apdu.sendBytesLong((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - } - - /** - * Receives data, which can be extended data, as requested by the command instance. - */ - public static void receiveIncoming(APDU apdu) { - byte[] srcBuffer = apdu.getBuffer(); - short recvLen = apdu.setIncomingAndReceive(); - short srcOffset = apdu.getOffsetCdata(); - bufferProp[BUF_LEN_OFFSET] = apdu.getIncomingLength(); - bufferProp[BUF_START_OFFSET] = repository.allocReclaimableMemory(bufferProp[BUF_LEN_OFFSET]); - short index = bufferProp[BUF_START_OFFSET]; - - while (recvLen > 0 && ((short) (index - bufferProp[BUF_START_OFFSET]) < bufferProp[BUF_LEN_OFFSET])) { - Util.arrayCopyNonAtomic(srcBuffer, srcOffset, (byte[]) bufferRef[0], index, recvLen); - index += recvLen; - recvLen = apdu.receiveBytes(srcOffset); - } - } - - private void processGetHwInfoCmd(APDU apdu) { - // No arguments expected - // Make the response - short respPtr = KMArray.instance((short) 3); - KMArray resp = KMArray.cast(respPtr); - resp.add((short) 0, KMEnum.instance(KMType.HARDWARE_TYPE, KMType.STRONGBOX)); - resp.add( - (short) 1, - KMByteBlob.instance( - JAVACARD_KEYMASTER_DEVICE, (short) 0, (short) JAVACARD_KEYMASTER_DEVICE.length)); - resp.add((short) 2, KMByteBlob.instance(GOOGLE, (short) 0, (short) GOOGLE.length)); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - actual bufferProp[BUF_LEN_OFFSET] is 86 - bufferProp[BUF_LEN_OFFSET] = encoder.encode(respPtr, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - // send buffer to master - sendOutgoing(apdu); - } - - private void processAddRngEntropyCmd(APDU apdu) { - // Receive the incoming request fully from the master. - receiveIncoming(apdu); - // Argument 1 - short argsProto = KMArray.instance((short) 1); - KMArray.cast(argsProto).add((short) 0, KMByteBlob.exp()); - // Decode the argument - short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - // Process - KMByteBlob blob = KMByteBlob.cast(KMArray.cast(args).get((short) 0)); - // Maximum 2KiB of seed is allowed. - if (blob.length() > MAX_SEED_SIZE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - seProvider.addRngEntropy(blob.getBuffer(), blob.getStartOff(), blob.length()); - sendError(apdu, KMError.OK); - } - - private void processSetVersionAndPatchLevels(APDU apdu) { - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - // Argument 1 OS Version - tmpVariables[0] = KMInteger.exp(); - // Argument 2 OS Patch level - tmpVariables[1] = KMInteger.exp(); - // Argument 3 Vendor Patch level - tmpVariables[2] = KMInteger.exp(); - // Array of expected arguments - short argsProto = KMArray.instance((short) 3); - KMArray.cast(argsProto).add((short) 0, tmpVariables[0]); - KMArray.cast(argsProto).add((short) 1, tmpVariables[1]); - KMArray.cast(argsProto).add((short) 2, tmpVariables[2]); - // Decode the arguments - short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - tmpVariables[0] = KMArray.cast(args).get((short) 0); - tmpVariables[1] = KMArray.cast(args).get((short) 1); - tmpVariables[2] = KMArray.cast(args).get((short) 2); - - repository.setOsVersion( - KMInteger.cast(tmpVariables[0]).getBuffer(), - KMInteger.cast(tmpVariables[0]).getStartOff(), - KMInteger.cast(tmpVariables[0]).length()); - - repository.setOsPatch( - KMInteger.cast(tmpVariables[1]).getBuffer(), - KMInteger.cast(tmpVariables[1]).getStartOff(), - KMInteger.cast(tmpVariables[1]).length()); - - repository.setVendorPatchLevel( - KMInteger.cast(tmpVariables[2]).getBuffer(), - KMInteger.cast(tmpVariables[2]).getStartOff(), - KMInteger.cast(tmpVariables[2]).length()); - - sendError(apdu, KMError.OK); - } - - private short getProvisionedCertificateData(byte dataType) { - short len = seProvider.getProvisionedDataLength(dataType); - if (len == 0) { - KMException.throwIt(KMError.INVALID_DATA); - } - short ptr = KMByteBlob.instance(len); - seProvider.readProvisionedData( - dataType, - KMByteBlob.cast(ptr).getBuffer(), - KMByteBlob.cast(ptr).getStartOff()); - return ptr; - } - - private void processGetCertChainCmd(APDU apdu) { - // Make the response - short certChainLen = seProvider.getProvisionedDataLength(KMSEProvider.CERTIFICATE_CHAIN); - short int32Ptr = buildErrorStatus(KMError.OK); - short maxByteHeaderLen = 3; // Maximum possible ByteBlob header len. - short arrayHeaderLen = 1; - // Allocate maximum possible buffer. - // Add arrayHeader + (PowerResetStatus + KMError.OK) + Byte Header - short totalLen = (short) (arrayHeaderLen + encoder.getEncodedIntegerLength(int32Ptr) + maxByteHeaderLen + certChainLen); - tmpVariables[1] = KMByteBlob.instance(totalLen); - bufferRef[0] = KMByteBlob.cast(tmpVariables[1]).getBuffer(); - bufferProp[BUF_START_OFFSET] = KMByteBlob.cast(tmpVariables[1]).getStartOff(); - bufferProp[BUF_LEN_OFFSET] = KMByteBlob.cast(tmpVariables[1]).length(); - // copy the certificate chain to the end of the buffer. - seProvider.readProvisionedData( - KMSEProvider.CERTIFICATE_CHAIN, - (byte[]) bufferRef[0], - (short) (bufferProp[BUF_START_OFFSET] + totalLen - certChainLen)); - // Encode cert chain. - encoder.encodeCertChain((byte[]) bufferRef[0], - bufferProp[BUF_START_OFFSET], - bufferProp[BUF_LEN_OFFSET], - int32Ptr, // uint32 ptr - (short) (bufferProp[BUF_START_OFFSET] + totalLen - certChainLen), // start pos of cert chain. - certChainLen); - sendOutgoing(apdu); - } - - private void processProvisionAttestationCertDataCmd(APDU apdu) { - receiveIncoming(apdu); - // Buffer holds the corresponding offsets and lengths of the certChain, certIssuer and certExpiry - // in the bufferRef[0] buffer. - short var = KMByteBlob.instance((short) 12); - // These variables point to the appropriate positions in the var buffer. - short certChainPos = KMByteBlob.cast(var).getStartOff(); - short certIssuerPos = (short) (KMByteBlob.cast(var).getStartOff() + 4); - short certExpiryPos = (short) (KMByteBlob.cast(var).getStartOff() + 8); - decoder.decodeCertificateData((short) 3, - (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET], - KMByteBlob.cast(var).getBuffer(), KMByteBlob.cast(var).getStartOff()); - // persist data - seProvider.persistProvisionData( - (byte[]) bufferRef[0], - Util.getShort(KMByteBlob.cast(var).getBuffer(), certChainPos), // offset - Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certChainPos + 2)), // length - Util.getShort(KMByteBlob.cast(var).getBuffer(), certIssuerPos), // offset - Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certIssuerPos + 2)), // length - Util.getShort(KMByteBlob.cast(var).getBuffer(), certExpiryPos), // offset - Util.getShort(KMByteBlob.cast(var).getBuffer(), (short) (certExpiryPos + 2))); // length - - // reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - } - - private void processProvisionAttestationKey(APDU apdu) { - receiveIncoming(apdu); - // Re-purpose the apdu buffer as scratch pad. - byte[] scratchPad = apdu.getBuffer(); - // Arguments - short keyparams = KMKeyParameters.exp(); - short keyFormatPtr = KMEnum.instance(KMType.KEY_FORMAT); - short blob = KMByteBlob.exp(); - short argsProto = KMArray.instance((short) 3); - KMArray.cast(argsProto).add((short) 0, keyparams); - KMArray.cast(argsProto).add((short) 1, keyFormatPtr); - KMArray.cast(argsProto).add((short) 2, blob); - - // Decode the argument - short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - // key params should have os patch, os version and verified root of trust - data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0); - tmpVariables[0] = KMArray.cast(args).get((short) 1); - data[IMPORTED_KEY_BLOB] = KMArray.cast(args).get((short) 2); - // Key format must be RAW format - byte keyFormat = KMEnum.cast(tmpVariables[0]).getVal(); - if (keyFormat != KMType.RAW) { - KMException.throwIt(KMError.UNIMPLEMENTED); - } - data[ORIGIN] = KMType.IMPORTED; - - // get algorithm - only EC keys expected - tmpVariables[0] = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.EC) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - // get digest - only SHA256 supported - tmpVariables[0] = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(tmpVariables[0]).length() != 1) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - tmpVariables[0] = KMEnumArrayTag.cast(tmpVariables[0]).get((short) 0); - if (tmpVariables[0] != KMType.SHA2_256) { - KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); - } - } else { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - // Purpose should be ATTEST_KEY - tmpVariables[0] = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PURPOSE, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(tmpVariables[0]).length() != 1) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - tmpVariables[0] = KMEnumArrayTag.cast(tmpVariables[0]).get((short) 0); - if (tmpVariables[0] != KMType.ATTEST_KEY) { - KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); - } - } else { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - // Import EC Key - initializes data[SECRET] data[PUB_KEY] - importECKeys(scratchPad, keyFormat); - - // persist key - seProvider.createAttestationKey( - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length()); - } - - private void processProvisionAttestIdsCmd(APDU apdu) { - receiveIncoming(apdu); - // Arguments - short keyparams = KMKeyParameters.exp(); - short argsProto = KMArray.instance((short) 1); - KMArray.cast(argsProto).add((short) 0, keyparams); - // Decode the argument. - short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0); - // persist attestation Ids - if any is missing then exception occurs - saveAttId(); - } - - private void processProvisionSharedSecretCmd(APDU apdu) { - receiveIncoming(apdu); - // Arguments - short blob = KMByteBlob.exp(); - short argsProto = KMArray.instance((short) 1); - KMArray.cast(argsProto).add((short) 0, blob); - // Decode the argument. - short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - tmpVariables[0] = KMArray.cast(args).get((short) 0); - if (tmpVariables[0] != KMType.INVALID_VALUE - && KMByteBlob.cast(tmpVariables[0]).length() != KMRepository.SHARED_SECRET_KEY_SIZE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - // Persist shared Hmac. - seProvider.createPresharedKey( - KMByteBlob.cast(tmpVariables[0]).getBuffer(), - KMByteBlob.cast(tmpVariables[0]).getStartOff(), - KMByteBlob.cast(tmpVariables[0]).length()); - } - - private void processGetProvisionStatusCmd(APDU apdu) { - tmpVariables[0] = KMArray.instance((short) 2); - KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[0]).add((short) 1, KMInteger.uint_16(provisionStatus)); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private void saveAttId() { - // clear the attestation ids. - repository.deleteAttIds(); - - short attTag = KMType.ATTESTATION_ID_BRAND; - while (attTag <= KMType.ATTESTATION_ID_MODEL) { - tmpVariables[0] = KMKeyParameters.findTag(KMType.BYTES_TAG, attTag, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue(); - repository.persistAttId( - mapToAttId(attTag), - KMByteBlob.cast(tmpVariables[0]).getBuffer(), - KMByteBlob.cast(tmpVariables[0]).getStartOff(), - KMByteBlob.cast(tmpVariables[0]).length()); - } else { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - attTag++; - } - } - - private byte mapToAttId(short attTag) { - switch (attTag) { - case KMType.ATTESTATION_ID_BRAND: - return KMRepository.ATT_ID_BRAND; - case KMType.ATTESTATION_ID_DEVICE: - return KMRepository.ATT_ID_DEVICE; - case KMType.ATTESTATION_ID_IMEI: - return KMRepository.ATT_ID_IMEI; - case KMType.ATTESTATION_ID_MANUFACTURER: - return KMRepository.ATT_ID_MANUFACTURER; - case KMType.ATTESTATION_ID_MEID: - return KMRepository.ATT_ID_MEID; - case KMType.ATTESTATION_ID_MODEL: - return KMRepository.ATT_ID_MODEL; - case KMType.ATTESTATION_ID_PRODUCT: - return KMRepository.ATT_ID_PRODUCT; - case KMType.ATTESTATION_ID_SERIAL: - return KMRepository.ATT_ID_SERIAL; - } - KMException.throwIt(KMError.INVALID_TAG); - return (byte) 0xFF; // should never happen - } - - private void processGetKeyCharacteristicsCmd(APDU apdu) { - // Receive the incoming request fully from the master. - receiveIncoming(apdu); - // Re-purpose the apdu buffer as scratch pad. - byte[] scratchPad = apdu.getBuffer(); - // Arguments - tmpVariables[0] = KMArray.instance((short) 3); - KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); - KMArray.cast(tmpVariables[0]).add((short) 1, KMByteBlob.exp()); - KMArray.cast(tmpVariables[0]).add((short) 2, KMByteBlob.exp()); - // Decode the arguments - tmpVariables[0] = decoder.decode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[KEY_BLOB] = KMArray.cast(tmpVariables[0]).get((short) 0); - data[APP_ID] = KMArray.cast(tmpVariables[0]).get((short) 1); - data[APP_DATA] = KMArray.cast(tmpVariables[0]).get((short) 2); - if (!KMByteBlob.cast(data[APP_ID]).isValid()) { - data[APP_ID] = KMType.INVALID_VALUE; - } - if (!KMByteBlob.cast(data[APP_DATA]).isValid()) { - data[APP_DATA] = KMType.INVALID_VALUE; - } - // Parse Key Blob - parseEncryptedKeyBlob(scratchPad); - // Check Version and Patch Level - checkVersionAndPatchLevel(scratchPad); - // Remove custom tags from key characteristics - short hwParams = KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(); - KMKeyParameters.cast(hwParams).deleteCustomTags(); - // make response. - tmpVariables[0] = KMArray.instance((short) 2); - KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_CHARACTERISTICS]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private void processGetHmacSharingParamCmd(APDU apdu) { - // No Arguments - // Create HMAC Sharing Parameters - tmpVariables[2] = KMHmacSharingParameters.instance(); - KMHmacSharingParameters.cast(tmpVariables[2]).setNonce(repository.getHmacNonce()); - KMHmacSharingParameters.cast(tmpVariables[2]).setSeed(KMByteBlob.instance((short) 0)); - // prepare the response - tmpVariables[3] = KMArray.instance((short) 2); - KMArray.cast(tmpVariables[3]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[3]).add((short) 1, tmpVariables[2]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[3], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private void processDeleteAllKeysCmd(APDU apdu) { - - // No arguments - // Send ok - sendError(apdu, KMError.OK); - } - - private void processDeleteKeyCmd(APDU apdu) { - - // Receive the incoming request fully from the master. - receiveIncoming(apdu); - // Arguments - short argsProto = KMArray.instance((short) 1); - KMArray.cast(argsProto).add((short) 0, KMByteBlob.exp()); - // Decode the argument - short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - // Process - data[KEY_BLOB] = KMArray.cast(args).get((short) 0); - tmpVariables[0] = KMByteBlob.cast(data[KEY_BLOB]).getStartOff(); - tmpVariables[1] = KMArray.instance((short) 5); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_SECRET, KMByteBlob.exp()); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG, KMByteBlob.exp()); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_NONCE, KMByteBlob.exp()); - tmpVariables[2] = KMKeyCharacteristics.exp(); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, tmpVariables[2]); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); - try { - data[KEY_BLOB] = decoder.decodeArray(tmpVariables[1], - KMByteBlob.cast(data[KEY_BLOB]).getBuffer(), - KMByteBlob.cast(data[KEY_BLOB]).getStartOff(), - KMByteBlob.cast(data[KEY_BLOB]).length()); - } catch (ISOException e) { - // As per VTS, deleteKey should return KMError.OK but in case if - // input is empty then VTS accepts UNIMPLEMENTED errorCode as well. - KMException.throwIt(KMError.UNIMPLEMENTED); - } - tmpVariables[0] = KMArray.cast(data[KEY_BLOB]).length(); - if (tmpVariables[0] < 4) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - // Send ok - sendError(apdu, KMError.OK); - } - - private void processComputeSharedHmacCmd(APDU apdu) { - // Receive the incoming request fully from the master into buffer. - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - tmpVariables[1] = KMHmacSharingParameters.exp(); - tmpVariables[0] = KMArray.exp(tmpVariables[1]); - tmpVariables[2] = KMArray.instance((short) 1); - KMArray.cast(tmpVariables[2]).add((short) 0, tmpVariables[0]); // Vector of hmac params - // Decode the arguments - tmpVariables[0] = decoder.decode(tmpVariables[2], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[HMAC_SHARING_PARAMS] = KMArray.cast(tmpVariables[0]).get((short) 0); - // Concatenate HMAC Params - tmpVariables[0] = KMArray.cast(data[HMAC_SHARING_PARAMS]).length(); // total number of params - tmpVariables[1] = repository.alloc((short) (tmpVariables[0] * HMAC_SHARED_PARAM_MAX_SIZE)); - tmpVariables[2] = 0; // index for params - tmpVariables[3] = 0; // index for concatenation buffer - // To check if nonce created by Strongbox is found. This value becomes 1 if both - // seed and nonce created here are found in hmac sharing parameters received. - tmpVariables[7] = 0; - tmpVariables[9] = repository.getHmacNonce(); - - while (tmpVariables[2] < tmpVariables[0]) { - // read HmacSharingParam - tmpVariables[4] = KMArray.cast(data[HMAC_SHARING_PARAMS]).get(tmpVariables[2]); - // get seed - 32 bytes max - tmpVariables[5] = KMHmacSharingParameters.cast(tmpVariables[4]).getSeed(); - tmpVariables[6] = KMByteBlob.cast(tmpVariables[5]).length(); - // if seed is present - if (tmpVariables[6] != 0) { - // then copy that to concatenation buffer - Util.arrayCopyNonAtomic( - KMByteBlob.cast(tmpVariables[5]).getBuffer(), - KMByteBlob.cast(tmpVariables[5]).getStartOff(), - repository.getHeap(), - (short) (tmpVariables[1] + tmpVariables[3]), // concat index - tmpVariables[6]); - tmpVariables[3] += tmpVariables[6]; // increment the concat index - } else if (tmpVariables[7] == 0) { - tmpVariables[7] = 1; - } - // if nonce is present get nonce - 32 bytes - tmpVariables[5] = KMHmacSharingParameters.cast(tmpVariables[4]).getNonce(); - tmpVariables[6] = KMByteBlob.cast(tmpVariables[5]).length(); - // if nonce is not present - it is an error - if (tmpVariables[6] == 0) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - // copy nonce to concatenation buffer - Util.arrayCopyNonAtomic( - KMByteBlob.cast(tmpVariables[5]).getBuffer(), - KMByteBlob.cast(tmpVariables[5]).getStartOff(), - repository.getHeap(), - (short) (tmpVariables[1] + tmpVariables[3]), // index - tmpVariables[6]); - - // Check if the nonce generated here is present in the hmacSharingParameters array. - // Otherwise throw INVALID_ARGUMENT error. - if (tmpVariables[7] == 1) { - if (0 - == Util.arrayCompare( - repository.getHeap(), - (short) (tmpVariables[1] + tmpVariables[3]), - KMByteBlob.cast(tmpVariables[9]).getBuffer(), - KMByteBlob.cast(tmpVariables[9]).getStartOff(), - tmpVariables[6])) { - tmpVariables[7] = 2; // hmac nonce for this keymaster found. - } else { - tmpVariables[7] = 0; - } - } - tmpVariables[3] += tmpVariables[6]; // increment by nonce length - tmpVariables[2]++; // go to next hmac param in the vector - } - if (tmpVariables[7] != 2) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - - // generate the key and store it in scratch pad - 32 bytes - tmpVariables[6] = - seProvider.cmacKDF( - seProvider.getPresharedKey(), - ckdfLable, - (short) 0, - (short) ckdfLable.length, - repository.getHeap(), - tmpVariables[1], - tmpVariables[3], - scratchPad, - (short) 0); - // persist the computed hmac key. - seProvider.createComputedHmacKey(scratchPad, (short) 0, tmpVariables[6]); - - // Generate sharingKey verification signature and store that in scratch pad. - tmpVariables[5] = - seProvider.hmacSign( - scratchPad, - (short) 0, - tmpVariables[6], - sharingCheck, - (short) 0, - (short) sharingCheck.length, - scratchPad, - tmpVariables[6]); - // verification signature blob - 32 bytes - tmpVariables[1] = KMByteBlob.instance(scratchPad, tmpVariables[6], tmpVariables[5]); - // prepare the response - tmpVariables[0] = KMArray.instance((short) 2); - KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private boolean isKeyUpgradeRequired(short tag, short systemParam) { - // validate the tag and check if key needs upgrade. - tmpVariables[0] = KMKeyParameters.findTag(KMType.UINT_TAG, tag, data[HW_PARAMETERS]); - tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue(); - tmpVariables[1] = KMInteger.uint_8((byte) 0); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - // OS version in key characteristics must be less the OS version stored in Javacard or the - // stored version must be zero. Then only upgrade is allowed else it is invalid argument. - if ((tag == KMType.OS_VERSION - && KMInteger.compare(tmpVariables[0], systemParam) == 1 - && KMInteger.compare(systemParam, tmpVariables[1]) == 0)) { - // Key needs upgrade. - return true; - } else if ((KMInteger.compare(tmpVariables[0], systemParam) == -1)) { - // Each os version or patch level associated with the key must be less than it's - // corresponding value stored in Javacard, then only upgrade is allowed otherwise it - // is invalid argument. - return true; - } else if (KMInteger.compare(tmpVariables[0], systemParam) == 1) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - } - return false; - } - - private void processUpgradeKeyCmd(APDU apdu) { - // Receive the incoming request fully from the master into buffer. - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - tmpVariables[1] = KMArray.instance((short) 2); - tmpVariables[2] = KMKeyParameters.exp(); - KMArray.cast(tmpVariables[1]).add((short) 0, KMByteBlob.exp()); // Key Blob - KMArray.cast(tmpVariables[1]).add((short) 1, tmpVariables[2]); // Key Params - // Decode the arguments - tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[KEY_BLOB] = KMArray.cast(tmpVariables[2]).get((short) 0); - data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1); - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_ID, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMTag.INVALID_VALUE) { - data[APP_ID] = KMByteTag.cast(tmpVariables[0]).getValue(); - } - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_DATA, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMTag.INVALID_VALUE) { - data[APP_DATA] = KMByteTag.cast(tmpVariables[0]).getValue(); - } - // parse existing key blob - parseEncryptedKeyBlob(scratchPad); - boolean isKeyUpgradeRequired = false; - // Check if key requires upgrade. - isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.OS_VERSION, repository.getOsVersion()); - isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.OS_PATCH_LEVEL, repository.getOsPatch()); - isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.VENDOR_PATCH_LEVEL, repository.getVendorPatchLevel()); - isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.BOOT_PATCH_LEVEL, repository.getBootPatchLevel()); - - if (isKeyUpgradeRequired) { - // copy origin - data[ORIGIN] = KMEnumTag.getValue(KMType.ORIGIN, data[HW_PARAMETERS]); - // create new key blob with current os version etc. - createEncryptedKeyBlob(scratchPad); - } else { - data[KEY_BLOB] = KMByteBlob.instance((short) 0); - } - // prepare the response - tmpVariables[0] = KMArray.instance((short) 2); - KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private void processExportKeyCmd(APDU apdu) { - sendError(apdu, KMError.UNIMPLEMENTED); - } - - private void processImportWrappedKeyCmd(APDU apdu) { - // Receive the incoming request fully from the master into buffer. - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - tmpVariables[1] = KMArray.instance((short) 12); - // Arguments - tmpVariables[2] = KMKeyParameters.exp(); - KMArray.cast(tmpVariables[1]).add((short) 0, tmpVariables[2]); // Key Params of wrapped key - KMArray.cast(tmpVariables[1]).add((short) 1, KMEnum.instance(KMType.KEY_FORMAT)); // Key Format - KMArray.cast(tmpVariables[1]).add((short) 2, KMByteBlob.exp()); // Wrapped Import Key Blob - KMArray.cast(tmpVariables[1]).add((short) 3, KMByteBlob.exp()); // Auth Tag - KMArray.cast(tmpVariables[1]).add((short) 4, KMByteBlob.exp()); // IV - Nonce - KMArray.cast(tmpVariables[1]).add((short) 5, KMByteBlob.exp()); // Encrypted Transport Key - KMArray.cast(tmpVariables[1]).add((short) 6, KMByteBlob.exp()); // Wrapping Key KeyBlob - KMArray.cast(tmpVariables[1]).add((short) 7, KMByteBlob.exp()); // Masking Key - KMArray.cast(tmpVariables[1]).add((short) 8, tmpVariables[2]); // Un-wrapping Params - KMArray.cast(tmpVariables[1]) - .add((short) 9, KMByteBlob.exp()); // Wrapped Key ASSOCIATED AUTH DATA - KMArray.cast(tmpVariables[1]).add((short) 10, KMInteger.exp()); // Password Sid - KMArray.cast(tmpVariables[1]).add((short) 11, KMInteger.exp()); // Biometric Sid - // Decode the arguments - short args = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - // Step -0 - check whether the key format and algorithm supported - // read algorithm - tmpVariables[0] = KMArray.cast(args).get((short) 0); - tmpVariables[1] = KMEnumTag.getValue(KMType.ALGORITHM, tmpVariables[0]); - // read key format - tmpVariables[2] = KMArray.cast(args).get((short) 1); - byte keyFormat = KMEnum.cast(tmpVariables[2]).getVal(); - if ((tmpVariables[1] == KMType.RSA || tmpVariables[1] == KMType.EC) - && (keyFormat != KMType.PKCS8)) { - KMException.throwIt(KMError.UNIMPLEMENTED); - } - - // Step -1 parse the wrapping key blob - // read wrapping key blob - data[KEY_BLOB] = KMArray.cast(args).get((short) 6); - // read un wrapping key params - data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 8); - // Read App Id and App Data if any from un wrapping key params - data[APP_ID] = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_ID, data[KEY_PARAMETERS]); - data[APP_DATA] = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_DATA, data[KEY_PARAMETERS]); - if (data[APP_ID] != KMTag.INVALID_VALUE) { - data[APP_ID] = KMByteTag.cast(tmpVariables[3]).getValue(); - } - if (data[APP_DATA] != KMTag.INVALID_VALUE) { - data[APP_DATA] = KMByteTag.cast(tmpVariables[3]).getValue(); - } - // parse the wrapping key blob - parseEncryptedKeyBlob(scratchPad); - // check whether the wrapping key is RSA with purpose KEY_WRAP, padding RSA_OAEP and Digest - // SHA2_256. - if (KMEnumTag.getValue(KMType.ALGORITHM, data[HW_PARAMETERS]) != KMType.RSA) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); - } - if (!KMEnumArrayTag.contains(KMType.DIGEST, KMType.SHA2_256, data[HW_PARAMETERS])) { - KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); - } - if (!KMEnumArrayTag.contains(KMType.PADDING, KMType.RSA_OAEP, data[HW_PARAMETERS])) { - KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); - } - if (!KMEnumArrayTag.contains(KMType.PURPOSE, KMType.WRAP_KEY, data[HW_PARAMETERS])) { - KMException.throwIt((KMError.INCOMPATIBLE_PURPOSE)); - } - - // Step 2 - decrypt the encrypted transport key - 32 bytes AES-GCM key - // create rsa decipher - // read encrypted transport key from args - tmpVariables[0] = KMArray.cast(args).get((short) 5); - // Decrypt the transport key - tmpVariables[1] = - seProvider.rsaDecipherOAEP256( - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length(), - KMByteBlob.cast(tmpVariables[0]).getBuffer(), - KMByteBlob.cast(tmpVariables[0]).getStartOff(), - KMByteBlob.cast(tmpVariables[0]).length(), - scratchPad, - (short) 0); - data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, tmpVariables[1]); - - // Step 3 - XOR the decrypted AES-GCM key with with masking key - // read masking key - tmpVariables[0] = KMArray.cast(args).get((short) 7); - tmpVariables[1] = KMByteBlob.cast(tmpVariables[0]).length(); - // Length of masking key and transport key must be same. - if (tmpVariables[1] != KMByteBlob.cast(data[SECRET]).length()) { - KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); - } - tmpVariables[2] = 0; // index - // Xor every byte of masking and key and store the result in data[SECRET] - while (tmpVariables[2] < tmpVariables[1]) { - tmpVariables[3] = - (short) (((short) KMByteBlob.cast(tmpVariables[0]).get(tmpVariables[2])) & 0x00FF); - tmpVariables[4] = - (short) (((short) KMByteBlob.cast(data[SECRET]).get(tmpVariables[2])) & 0x00FF); - KMByteBlob.cast(data[SECRET]) - .add(tmpVariables[2], (byte) (tmpVariables[3] ^ tmpVariables[4])); - tmpVariables[2]++; - } - - // Step 4 - AES-GCM decrypt the wrapped key - data[INPUT_DATA] = KMArray.cast(args).get((short) 2); - data[AUTH_DATA] = KMArray.cast(args).get((short) 9); - data[AUTH_TAG] = KMArray.cast(args).get((short) 3); - data[NONCE] = KMArray.cast(args).get((short) 4); - Util.arrayFillNonAtomic( - scratchPad, (short) 0, KMByteBlob.cast(data[INPUT_DATA]).length(), (byte) 0); - - if (!seProvider.aesGCMDecrypt( - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), - scratchPad, - (short) 0, - KMByteBlob.cast(data[NONCE]).getBuffer(), - KMByteBlob.cast(data[NONCE]).getStartOff(), - KMByteBlob.cast(data[NONCE]).length(), - KMByteBlob.cast(data[AUTH_DATA]).getBuffer(), - KMByteBlob.cast(data[AUTH_DATA]).getStartOff(), - KMByteBlob.cast(data[AUTH_DATA]).length(), - KMByteBlob.cast(data[AUTH_TAG]).getBuffer(), - KMByteBlob.cast(data[AUTH_TAG]).getStartOff(), - KMByteBlob.cast(data[AUTH_TAG]).length())) { - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - - // Step 5 - Import decrypted key - data[ORIGIN] = KMType.SECURELY_IMPORTED; - data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 0); - // create key blob array - data[IMPORTED_KEY_BLOB] = KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.cast(data[INPUT_DATA]).length()); - importKey(apdu, scratchPad, keyFormat); - } - - private void processAttestKeyCmd(APDU apdu) { - // Receive the incoming request fully from the master into buffer. - receiveIncoming(apdu); - - // Re-purpose the apdu buffer as scratch pad. - byte[] scratchPad = apdu.getBuffer(); - - // Arguments - short keyParams = KMKeyParameters.exp(); - short keyBlob = KMByteBlob.exp(); - short argsProto = KMArray.instance((short) 2); - KMArray.cast(argsProto).add((short) 0, keyBlob); - KMArray.cast(argsProto).add((short) 1, keyParams); - - // Decode the argument - short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[KEY_BLOB] = KMArray.cast(args).get((short) 0); - data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 1); - - // parse key blob - parseEncryptedKeyBlob(scratchPad); - // This below code is added to pass one of the VTS 4.1 tests. - tmpVariables[0] = - KMKeyParameters.findTag( - KMType.BOOL_TAG, KMType.DEVICE_UNIQUE_ATTESTATION, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - KMException.throwIt(KMError.CANNOT_ATTEST_IDS); - } - // The key which is being attested should be asymmetric i.e. RSA or EC - tmpVariables[0] = KMEnumTag.getValue(KMType.ALGORITHM, data[HW_PARAMETERS]); - if (tmpVariables[0] != KMType.RSA && tmpVariables[0] != KMType.EC) { - KMException.throwIt(KMError.INCOMPATIBLE_ALGORITHM); - } - boolean rsaCert = true; - if (tmpVariables[0] == KMType.EC) { - rsaCert = false; - } - KMAttestationCert cert = seProvider.getAttestationCert(rsaCert); - // Validate and add attestation ids. - addAttestationIds(cert); - // Save attestation application id - must be present. - tmpVariables[0] = - KMKeyParameters.findTag( - KMType.BYTES_TAG, KMType.ATTESTATION_APPLICATION_ID, data[KEY_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.ATTESTATION_APPLICATION_ID_MISSING); - } - cert.extensionTag(tmpVariables[0], false); - // Save attestation challenge - tmpVariables[0] = - KMKeyParameters.findTag( - KMType.BYTES_TAG, KMType.ATTESTATION_CHALLENGE, data[KEY_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - cert.attestationChallenge(KMByteTag.cast(tmpVariables[0]).getValue()); - // unique id byte blob - uses application id and temporal month count of creation time. - setUniqueId(cert, scratchPad); - - // validity period - // active time or creation time - byte blob - // current assumption is that if active and creation time are missing from characteristics - // then - // then it is an error. - tmpVariables[1] = - KMKeyParameters.findTag(KMType.DATE_TAG, KMType.ACTIVE_DATETIME, data[SW_PARAMETERS]); - if (tmpVariables[1] != KMType.INVALID_VALUE) { - tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue(); - } else { - tmpVariables[1] = - KMKeyParameters.findTag(KMType.DATE_TAG, KMType.CREATION_DATETIME, data[SW_PARAMETERS]); - if (tmpVariables[1] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - tmpVariables[1] = KMIntegerTag.cast(tmpVariables[1]).getValue(); - } - // convert milliseconds to UTC date. Start of validity period has to be UTC. - cert.notBefore(tmpVariables[1], scratchPad); - // expiry time - byte blob - tmpVariables[2] = - KMKeyParameters.findTag(KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME, data[SW_PARAMETERS]); - cert.notAfter(tmpVariables[2], - getProvisionedCertificateData(KMSEProvider.CERTIFICATE_EXPIRY), - scratchPad, - (short) 0); - - addTags(KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(), true, cert); - addTags( - KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(), false, cert); - - cert.deviceLocked(repository.getBootLoaderLock()); - cert.issuer(getProvisionedCertificateData(KMSEProvider.CERTIFICATE_ISSUER)); - cert.publicKey(data[PUB_KEY]); - cert.verifiedBootHash(repository.getVerifiedBootHash()); - - cert.verifiedBootKey(repository.getVerifiedBootKey()); - cert.verifiedBootState(repository.getBootState()); - // buffer for cert - we allocate 2KBytes buffer - // make this buffer size configurable - tmpVariables[3] = KMByteBlob.instance(MAX_CERT_SIZE); - bufferRef[0] = KMByteBlob.cast(tmpVariables[3]).getBuffer(); - bufferProp[BUF_START_OFFSET] = KMByteBlob.cast(tmpVariables[3]).getStartOff(); - bufferProp[BUF_LEN_OFFSET] = KMByteBlob.cast(tmpVariables[3]).length(); - cert.buffer((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - cert.build(); - bufferProp[BUF_START_OFFSET] = - encoder.encodeCert((byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], cert.getCertStart(), cert.getCertLength(), - buildErrorStatus(KMError.OK)); - bufferProp[BUF_LEN_OFFSET] = (short) (cert.getCertLength() + (cert.getCertStart() - bufferProp[BUF_START_OFFSET])); - sendOutgoing(apdu); - } - - private boolean isEmpty(byte[] buf, short offset, short len) { - boolean empty = true; - short index = 0; - while (index < len) { - if (buf[(short) (index + offset)] != 0) { - empty = false; - break; - } - index++; - } - return empty; - } - - // -------------------------------- - // Only add the Attestation ids which are requested in the attestation parameters. - // If the requested attestation ids are not provisioned or deleted then - // throw CANNOT_ATTEST_IDS error. If there is mismatch in the attestation - // id values of both the requested parameters and the provisioned parameters - // then throw INVALID_TAG error. - private void addAttestationIds(KMAttestationCert cert) { - final short[] attTags = - new short[]{ - KMType.ATTESTATION_ID_BRAND, - KMType.ATTESTATION_ID_DEVICE, - KMType.ATTESTATION_ID_IMEI, - KMType.ATTESTATION_ID_MANUFACTURER, - KMType.ATTESTATION_ID_MEID, - KMType.ATTESTATION_ID_MODEL, - KMType.ATTESTATION_ID_PRODUCT, - KMType.ATTESTATION_ID_SERIAL - }; - byte index = 0; - short attIdTag; - short attIdTagValue; - short storedAttId; - while (index < (short) attTags.length) { - attIdTag = KMKeyParameters.findTag(KMType.BYTES_TAG, attTags[index], data[KEY_PARAMETERS]); - if (attIdTag != KMType.INVALID_VALUE) { - attIdTagValue = KMByteTag.cast(attIdTag).getValue(); - storedAttId = repository.getAttId(mapToAttId(attTags[index])); - // Return CANNOT_ATTEST_IDS if Attestation IDs are not provisioned or - // Attestation IDs are deleted. - if (storedAttId == KMType.INVALID_VALUE || - isEmpty(KMByteBlob.cast(storedAttId).getBuffer(), - KMByteBlob.cast(storedAttId).getStartOff(), - KMByteBlob.cast(storedAttId).length())) { - KMException.throwIt(KMError.CANNOT_ATTEST_IDS); - } - // Return INVALID_TAG if Attestation IDs does not match. - if ((KMByteBlob.cast(storedAttId).length() != KMByteBlob.cast(attIdTagValue).length()) || - (0 != Util.arrayCompare(KMByteBlob.cast(storedAttId).getBuffer(), - KMByteBlob.cast(storedAttId).getStartOff(), - KMByteBlob.cast(attIdTagValue).getBuffer(), - KMByteBlob.cast(attIdTagValue).getStartOff(), - KMByteBlob.cast(storedAttId).length()))) { - KMException.throwIt(KMError.INVALID_TAG); - } - cert.extensionTag(attIdTag, true); - } - index++; - } - } - - private void addTags(short params, boolean hwEnforced, KMAttestationCert cert) { - short index = 0; - short arr = KMKeyParameters.cast(params).getVals(); - short len = KMArray.cast(arr).length(); - short tag; - while (index < len) { - tag = KMArray.cast(arr).get(index); - cert.extensionTag(tag, hwEnforced); - index++; - } - } - - private void setUniqueId(KMAttestationCert cert, byte[] scratchPad) { - tmpVariables[0] = KMKeyParameters.findTag(KMType.BOOL_TAG, - KMType.INCLUDE_UNIQUE_ID, data[HW_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) { - return; - } - - // temporal count T - tmpVariables[0] = KMKeyParameters.findTag(KMType.DATE_TAG, - KMType.CREATION_DATETIME, data[SW_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_TAG); - } - tmpVariables[0] = KMIntegerTag.cast(tmpVariables[0]).getValue(); - - // Application Id C - tmpVariables[1] = KMKeyParameters.findTag(KMType.BYTES_TAG, - KMType.ATTESTATION_APPLICATION_ID, data[KEY_PARAMETERS]); - if (tmpVariables[1] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.ATTESTATION_APPLICATION_ID_MISSING); - } - tmpVariables[1] = KMByteTag.cast(tmpVariables[1]).getValue(); - - // Reset After Rotation R - it will be part of HW Enforced key - // characteristics - byte resetAfterRotation = 0; - tmpVariables[2] = KMKeyParameters.findTag(KMType.BOOL_TAG, - KMType.RESET_SINCE_ID_ROTATION, data[HW_PARAMETERS]); - if (tmpVariables[2] != KMType.INVALID_VALUE) { - resetAfterRotation = 0x01; - } - - cert.makeUniqueId( - scratchPad, - (short) 0, - KMInteger.cast(tmpVariables[0]).getBuffer(), - KMInteger.cast(tmpVariables[0]).getStartOff(), - KMInteger.cast(tmpVariables[0]).length(), - KMByteBlob.cast(tmpVariables[1]).getBuffer(), - KMByteBlob.cast(tmpVariables[1]).getStartOff(), - KMByteBlob.cast(tmpVariables[1]).length(), resetAfterRotation, - seProvider.getMasterKey()); - } - - private void processDestroyAttIdsCmd(APDU apdu) { - repository.deleteAttIds(); - sendError(apdu, KMError.OK); - } - - private void processVerifyAuthorizationCmd(APDU apdu) { - sendError(apdu, KMError.UNIMPLEMENTED); - } - - private void processAbortOperationCmd(APDU apdu) { - receiveIncoming(apdu); - tmpVariables[1] = KMArray.instance((short) 1); - KMArray.cast(tmpVariables[1]).add((short) 0, KMInteger.exp()); - tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0); - KMOperationState op = repository.findOperation(data[OP_HANDLE]); - if (op == null) { - KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); - } - repository.releaseOperation(op); - sendError(apdu, KMError.OK); - } - - private void processFinishOperationCmd(APDU apdu) { - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - tmpVariables[1] = KMArray.instance((short) 6); - // Arguments - tmpVariables[2] = KMKeyParameters.exp(); - KMArray.cast(tmpVariables[1]).add((short) 0, KMInteger.exp()); - KMArray.cast(tmpVariables[1]).add((short) 1, tmpVariables[2]); - KMArray.cast(tmpVariables[1]).add((short) 2, KMByteBlob.exp()); - KMArray.cast(tmpVariables[1]).add((short) 3, KMByteBlob.exp()); - tmpVariables[3] = KMHardwareAuthToken.exp(); - KMArray.cast(tmpVariables[1]).add((short) 4, tmpVariables[3]); - tmpVariables[4] = KMVerificationToken.exp(); - KMArray.cast(tmpVariables[1]).add((short) 5, tmpVariables[4]); - // Decode the arguments - tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0); - data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1); - data[INPUT_DATA] = KMArray.cast(tmpVariables[2]).get((short) 2); - data[SIGNATURE] = KMArray.cast(tmpVariables[2]).get((short) 3); - data[HW_TOKEN] = KMArray.cast(tmpVariables[2]).get((short) 4); - data[VERIFICATION_TOKEN] = KMArray.cast(tmpVariables[2]).get((short) 5); - // Check Operation Handle - KMOperationState op = repository.findOperation(data[OP_HANDLE]); - if (op == null) { - KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); - } - // Authorize the finish operation - authorizeUpdateFinishOperation(op, scratchPad); - switch (op.getPurpose()) { - case KMType.SIGN: - finishTrustedConfirmationOperation(op); - case KMType.VERIFY: - finishSigningVerifyingOperation(op, scratchPad); - break; - case KMType.ENCRYPT: - finishEncryptOperation(op); - break; - case KMType.DECRYPT: - finishDecryptOperation(op, scratchPad); - break; - } - // Remove the operation handle - repository.releaseOperation(op); - // make response - tmpVariables[1] = KMArray.instance((short) 0); - tmpVariables[1] = KMKeyParameters.instance(tmpVariables[1]); - tmpVariables[2] = KMArray.instance((short) 3); - if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) { - data[OUTPUT_DATA] = KMByteBlob.instance((short) 0); - } - KMArray.cast(tmpVariables[2]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[2]).add((short) 1, tmpVariables[1]); - KMArray.cast(tmpVariables[2]).add((short) 2, data[OUTPUT_DATA]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[2], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private void finishEncryptOperation(KMOperationState op) { - if(op.getAlgorithm() != KMType.AES && op.getAlgorithm() != KMType.DES){ - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - finishAesDesOperation(op); - } - - private void finishAesDesOperation(KMOperationState op) { - short len = KMByteBlob.cast(data[INPUT_DATA]).length(); - short blockSize = DES_BLOCK_SIZE; - if (op.getAlgorithm() == KMType.AES) { - blockSize = AES_BLOCK_SIZE; - } - - if((op.getPurpose() == KMType.DECRYPT) && (op.getPadding() == KMType.PKCS7) - && (op.getBlockMode() == KMType.ECB || op.getBlockMode() == KMType.CBC) - && ((short) (len % blockSize) != 0)){ - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - - if (op.getBlockMode() == KMType.GCM) { - if (op.getPurpose() == KMType.DECRYPT && (len < (short) (op.getMacLength() / 8))) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - // update aad if there is any - updateAAD(op, (byte) 0x01); - // Get the output size - len = op.getOperation().getAESGCMOutputSize(len, (short) (op.getMacLength() / 8)); - } - // If padding i.e. pkcs7 then add padding to right - // Output data can at most one block size more the input data in case of pkcs7 - // encryption - data[OUTPUT_DATA] = KMByteBlob.instance((short) (len + 2 * blockSize)); - try { - len = op.getOperation().finish( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), - KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff()); - } catch (CryptoException e) { - if (e.getReason() == CryptoException.ILLEGAL_USE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - } - - // Update the length of the output - KMByteBlob.cast(data[OUTPUT_DATA]).setLength(len); - } - - private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) { - short len = KMByteBlob.cast(data[INPUT_DATA]).length(); - switch (op.getAlgorithm()) { - case KMType.RSA: - // Fill the scratch pad with zero - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - if (op.getPadding() == KMType.PADDING_NONE && len != 256) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - len = - op.getOperation() - .finish( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - len, - scratchPad, - (short) 0); - - data[OUTPUT_DATA] = KMByteBlob.instance(scratchPad, (short) 0, len); - break; - case KMType.AES: - case KMType.DES: - finishAesDesOperation(op); - break; - } - } - - // update operation should send 0x00 for finish variable, where as finish operation - // should send 0x01 for finish variable. - private void updateAAD(KMOperationState op, byte finish) { - // Is input data absent - if (data[INPUT_DATA] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - // Update can be called either to update auth data, update input data or both. - // But if it is called for neither then return error. - tmpVariables[0] = KMByteBlob.cast(data[INPUT_DATA]).length(); - tmpVariables[1] = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.ASSOCIATED_DATA, data[KEY_PARAMETERS]); - // For Finish operation the input data can be zero length and associated data can be - // INVALID_VALUE - // For update operation either input data or associated data should be present. - if (tmpVariables[1] == KMType.INVALID_VALUE && tmpVariables[0] <= 0 && finish == 0x00) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - // Check if associated data is present and update aad still allowed by the operation. - if (tmpVariables[1] != KMType.INVALID_VALUE) { - if (!op.isAesGcmUpdateAllowed()) { - KMException.throwIt(KMError.INVALID_TAG); - } - // If allowed the update the aad - tmpVariables[1] = KMByteTag.cast(tmpVariables[1]).getValue(); - - op.getOperation() - .updateAAD( - KMByteBlob.cast(tmpVariables[1]).getBuffer(), - KMByteBlob.cast(tmpVariables[1]).getStartOff(), - KMByteBlob.cast(tmpVariables[1]).length()); - } - } - - private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratchPad) { - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - switch (op.getAlgorithm()) { - case KMType.RSA: - // If there is no padding we can treat signing as a RSA decryption operation. - try { - if (op.getPurpose() == KMType.SIGN) { - // len of signature will be 256 bytes - short len = op.getOperation().sign( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), scratchPad, - (short) 0); - // Maximum output size of signature is 256 bytes. - data[OUTPUT_DATA] = KMByteBlob.instance((short) 256); - Util.arrayCopyNonAtomic( - scratchPad, - (short) 0, - KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), - (short) (KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff() + 256 - len), - len); - } else { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - } catch (CryptoException e) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - break; - case KMType.EC: - short len = KMByteBlob.cast(data[INPUT_DATA]).length(); - // If DIGEST NONE then truncate the input data to 32 bytes. - if (op.getDigest() == KMType.DIGEST_NONE && len > 32) { - len = 32; - } - if (op.getPurpose() == KMType.SIGN) { - // len of signature will be 512 bits i.e. 64 bytes - len = - op.getOperation() - .sign( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - len, - scratchPad, - (short) 0); - data[OUTPUT_DATA] = KMByteBlob.instance(scratchPad, (short) 0, len); - } else { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - break; - case KMType.HMAC: - // As per Keymaster HAL documentation, the length of the Hmac output can - // be decided by using TAG_MAC_LENGTH in Keyparameters. But there is no - // such provision to control the length of the Hmac output using JavaCard - // crypto APIs and the current implementation always returns 32 bytes - // length of Hmac output. So to provide support to TAG_MAC_LENGTH - // feature, we truncate the output signature to TAG_MAC_LENGTH and return - // the truncated signature back to the caller. At the time of verfication - // we again compute the signature of the plain text input, truncate it to - // TAG_MAC_LENGTH and compare it with the input signature for - // verification. So this is the reason we are using KMType.SIGN directly - // instead of using op.getPurpose(). - op.getOperation() - .sign( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), - scratchPad, - (short) 0); - - // Copy only signature of mac length size. - data[OUTPUT_DATA] = - KMByteBlob.instance(scratchPad, (short) 0, (short) (op.getMacLength() / 8)); - if (op.getPurpose() == KMType.VERIFY) { - if (0 - != Util.arrayCompare( - KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[SIGNATURE]).getBuffer(), - KMByteBlob.cast(data[SIGNATURE]).getStartOff(), - (short) (op.getMacLength() / 8))) { - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - } - break; - default: // This is should never happen - KMException.throwIt(KMError.OPERATION_CANCELLED); - break; - } - } - - private void authorizeUpdateFinishOperation(KMOperationState op, byte[] scratchPad) { - // If one time user Authentication is required - if (op.isSecureUserIdReqd() && !op.isAuthTimeoutValidated()) { - // Validate Verification Token. - validateVerificationToken(data[VERIFICATION_TOKEN], scratchPad); - // validate operation handle. - short ptr = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getChallenge(); - if (KMInteger.compare(ptr, op.getHandle()) != 0) { - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - tmpVariables[0] = op.getAuthTime(); - tmpVariables[2] = KMVerificationToken.cast(data[VERIFICATION_TOKEN]).getTimestamp(); - if (tmpVariables[2] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - if (KMInteger.compare(tmpVariables[0], tmpVariables[2]) < 0) { - KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); - } - op.setAuthTimeoutValidated(true); - } else if (op.isAuthPerOperationReqd()) { // If Auth per operation is required - tmpVariables[0] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getChallenge(); - if (KMInteger.compare(data[OP_HANDLE], tmpVariables[0]) != 0) { - KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); - } - if (!authTokenMatches(op.getUserSecureId(), op.getAuthType(), scratchPad)) { - KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); - } - } - } - - private void authorizeKeyUsageForCount(byte[] scratchPad) { - short scratchPadOff = 0; - Util.arrayFillNonAtomic(scratchPad, scratchPadOff, (short) 12, (byte) 0); - - short usageLimitBufLen = KMIntegerTag.getValue(scratchPad, scratchPadOff, - KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, data[HW_PARAMETERS]); - - if (usageLimitBufLen == KMType.INVALID_VALUE) { - return; - } - - if (usageLimitBufLen > 4) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - - if (repository.isAuthTagPersisted(data[AUTH_TAG])) { - // Get current counter, update and increment it. - short len = repository - .getRateLimitedKeyCount(data[AUTH_TAG], scratchPad, (short) (scratchPadOff + 4)); - if (len != 4) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - if (0 >= KMInteger.unsignedByteArrayCompare(scratchPad, scratchPadOff, scratchPad, - (short) (scratchPadOff + 4), (short) 4)) { - KMException.throwIt(KMError.KEY_MAX_OPS_EXCEEDED); - } - // Increment the counter. - Util.arrayFillNonAtomic(scratchPad, scratchPadOff, len, (byte) 0); - Util.setShort(scratchPad, (short) (scratchPadOff + 2), (short) 1); - KMUtils.add(scratchPad, scratchPadOff, (short) (scratchPadOff + len), - (short) (scratchPadOff + len * 2)); - - repository - .setRateLimitedKeyCount(data[AUTH_TAG], scratchPad, (short) (scratchPadOff + len * 2), - len); - - } else { - // Persist auth tag. - if (!repository.persistAuthTag(data[AUTH_TAG])) { - KMException.throwIt(KMError.TOO_MANY_OPERATIONS); - } - } - } - - - private void authorizeDeviceUnlock(byte[] scratchPad) { - // If device is locked and key characteristics requires unlocked device then check whether - // HW auth token has correct timestamp. - short ptr = - KMKeyParameters.findTag( - KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED, data[HW_PARAMETERS]); - - if (ptr != KMType.INVALID_VALUE && repository.getDeviceLock()) { - if (!validateHwToken(data[HW_TOKEN], scratchPad)) { - KMException.throwIt(KMError.DEVICE_LOCKED); - } - ptr = KMHardwareAuthToken.cast(data[HW_TOKEN]).getTimestamp(); - // Check if the current auth time stamp is greater then device locked time stamp - short ts = repository.getDeviceTimeStamp(); - if (KMInteger.compare(ptr, ts) <= 0) { - KMException.throwIt(KMError.DEVICE_LOCKED); - } - // Now check if the device unlock requires password only authentication and whether - // auth token is generated through password authentication or not. - if (repository.getDeviceLockPasswordOnly()) { - ptr = KMHardwareAuthToken.cast(data[HW_TOKEN]).getHwAuthenticatorType(); - ptr = KMEnum.cast(ptr).getVal(); - if (((byte) ptr & KMType.PASSWORD) == 0) { - KMException.throwIt(KMError.DEVICE_LOCKED); - } - } - // Unlock the device - // repository.deviceLockedFlag = false; - repository.setDeviceLock(false); - repository.clearDeviceLockTimeStamp(); - } - } - - private boolean verifyVerificationTokenMacInBigEndian(short verToken, byte[] scratchPad) { - // concatenation length will be 37 + length of verified parameters list - which - // is typically - // empty - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - // Add "Auth Verification" - 17 bytes. - Util.arrayCopyNonAtomic(authVerification, (short) 0, scratchPad, (short) 0, (short) authVerification.length); - short len = (short) authVerification.length; - // concatenate challenge - 8 bytes - short ptr = KMVerificationToken.cast(verToken).getChallenge(); - KMInteger.cast(ptr).value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate timestamp -8 bytes - ptr = KMVerificationToken.cast(verToken).getTimestamp(); - KMInteger.cast(ptr).value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate security level - 4 bytes - ptr = KMVerificationToken.cast(verToken).getSecurityLevel(); - scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); - len += 4; - // concatenate Parameters verified - blob of encoded data. - ptr = KMVerificationToken.cast(verToken).getParametersVerified(); - if (KMByteBlob.cast(ptr).length() != 0) { - len += KMByteBlob.cast(ptr).getValues(scratchPad, (short) 0); - } - // hmac the data - ptr = KMVerificationToken.cast(verToken).getMac(); - - return seProvider.hmacVerify( - seProvider.getComputedHmacKey(), - scratchPad, - (short) 0, - len, - KMByteBlob.cast(ptr).getBuffer(), - KMByteBlob.cast(ptr).getStartOff(), - KMByteBlob.cast(ptr).length()); - } - - private boolean verifyVerificationTokenMacInLittleEndian(short verToken, byte[] scratchPad) { - // concatenation length will be 37 + length of verified parameters list - which - // is typically - // empty - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - // Add "Auth Verification" - 17 bytes. - Util.arrayCopyNonAtomic(authVerification, (short) 0, scratchPad, (short) 0, (short) authVerification.length); - short len = (short) authVerification.length; - // concatenate challenge - 8 bytes - short ptr = KMVerificationToken.cast(verToken).getChallenge(); - KMInteger.cast(ptr).toLittleEndian(scratchPad, len); - len += 8; - // concatenate timestamp -8 bytes - ptr = KMVerificationToken.cast(verToken).getTimestamp(); - KMInteger.cast(ptr).toLittleEndian(scratchPad, len); - len += 8; - // concatenate security level - 4 bytes - ptr = KMVerificationToken.cast(verToken).getSecurityLevel(); - scratchPad[len] = KMEnum.cast(ptr).getVal(); - len += 4; - // concatenate Parameters verified - blob of encoded data. - ptr = KMVerificationToken.cast(verToken).getParametersVerified(); - if (KMByteBlob.cast(ptr).length() != 0) { - len += KMByteBlob.cast(ptr).getValues(scratchPad, (short) 0); - } - // hmac the data - ptr = KMVerificationToken.cast(verToken).getMac(); - - return seProvider.hmacVerify( - seProvider.getComputedHmacKey(), - scratchPad, - (short) 0, - len, - KMByteBlob.cast(ptr).getBuffer(), - KMByteBlob.cast(ptr).getStartOff(), - KMByteBlob.cast(ptr).length()); - } - - private void validateVerificationToken(short verToken, byte[] scratchPad) { - short ptr = KMVerificationToken.cast(verToken).getMac(); - // If mac length is zero then token is empty. - if (KMByteBlob.cast(ptr).length() == 0) { - KMException.throwIt(KMError.INVALID_MAC_LENGTH); - } - boolean verify; - if (KMConfigurations.TEE_MACHINE_TYPE == KMConfigurations.LITTLE_ENDIAN) { - verify = verifyVerificationTokenMacInLittleEndian(verToken, scratchPad); - } else { - verify = verifyVerificationTokenMacInBigEndian(verToken, scratchPad); - } - if (!verify) { - // Throw Exception if none of the combination works. - KMException.throwIt(KMError.VERIFICATION_FAILED); - } - } - - private void processUpdateOperationCmd(APDU apdu) { - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - tmpVariables[1] = KMArray.instance((short) 5); - // Arguments - tmpVariables[2] = KMKeyParameters.exp(); - KMArray.cast(tmpVariables[1]).add((short) 0, KMInteger.exp()); - KMArray.cast(tmpVariables[1]).add((short) 1, tmpVariables[2]); - KMArray.cast(tmpVariables[1]).add((short) 2, KMByteBlob.exp()); - tmpVariables[3] = KMHardwareAuthToken.exp(); - KMArray.cast(tmpVariables[1]).add((short) 3, tmpVariables[3]); - tmpVariables[4] = KMVerificationToken.exp(); - KMArray.cast(tmpVariables[1]).add((short) 4, tmpVariables[4]); - // Decode the arguments - tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[OP_HANDLE] = KMArray.cast(tmpVariables[2]).get((short) 0); - data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 1); - data[INPUT_DATA] = KMArray.cast(tmpVariables[2]).get((short) 2); - data[HW_TOKEN] = KMArray.cast(tmpVariables[2]).get((short) 3); - data[VERIFICATION_TOKEN] = KMArray.cast(tmpVariables[2]).get((short) 4); - // Input data must be present even if it is zero length. - if (data[INPUT_DATA] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - // Check Operation Handle and get op state - // Check Operation Handle - KMOperationState op = repository.findOperation(data[OP_HANDLE]); - if (op == null) { - KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); - } - // authorize the update operation - authorizeUpdateFinishOperation(op, scratchPad); - short inputConsumed = 0; - // If signing without digest then do length validation checks - if (op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) { - tmpVariables[0] = KMByteBlob.cast(data[INPUT_DATA]).length(); - // update the data. - op.getOperation() - .update( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length()); - // update trusted confirmation operation - updateTrustedConfirmationOperation(op); - - data[OUTPUT_DATA] = KMType.INVALID_VALUE; - } else if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) { - // Update for encrypt/decrypt using RSA will not be supported because to do this op state - // will have to buffer the data - so reject the update if it is rsa algorithm. - if (op.getAlgorithm() == KMType.RSA) { - KMException.throwIt(KMError.OPERATION_CANCELLED); - } - short inputLen = KMByteBlob.cast(data[INPUT_DATA]).length(); - short blockSize = DES_BLOCK_SIZE; - if (op.getAlgorithm() == KMType.AES) { - blockSize = AES_BLOCK_SIZE; - if (op.getBlockMode() == KMType.GCM) { - updateAAD(op, (byte) 0x00); - // if input data present - if (inputLen > 0) { - // no more future updateAAD allowed if input data present. - if (op.isAesGcmUpdateAllowed()) { - op.setAesGcmUpdateComplete(); - } - } - } - } - // Allocate output buffer as input data is already block aligned - data[OUTPUT_DATA] = KMByteBlob.instance((short) (inputLen + 2 * blockSize)); - // Otherwise just update the data. - // HAL consumes all the input and maintains a buffered data inside it. So the - // applet sends the inputConsumed length as same as the input length. - inputConsumed = inputLen; - try { - tmpVariables[0] = - op.getOperation() - .update( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), - KMByteBlob.cast(data[OUTPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[OUTPUT_DATA]).getStartOff()); - } catch (CryptoException e) { - KMException.throwIt(KMError.INVALID_TAG); - } - // Adjust the Output data if it is not equal to input data. - // This happens in case of JCardSim provider. - KMByteBlob.cast(data[OUTPUT_DATA]).setLength(tmpVariables[0]); - } - // Persist if there are any updates. - op.persist(); - // make response - tmpVariables[1] = KMArray.instance((short) 0); - tmpVariables[1] = KMKeyParameters.instance(tmpVariables[1]); - tmpVariables[2] = KMArray.instance((short) 4); - if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) { - data[OUTPUT_DATA] = KMByteBlob.instance((short) 0); - } - KMArray.cast(tmpVariables[2]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[2]).add((short) 1, KMInteger.uint_16(inputConsumed)); - KMArray.cast(tmpVariables[2]).add((short) 2, tmpVariables[1]); - KMArray.cast(tmpVariables[2]).add((short) 3, data[OUTPUT_DATA]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[2], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private void processBeginOperationCmd(APDU apdu) { - // Receive the incoming request fully from the master into buffer. - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - short args; - tmpVariables[1] = KMArray.instance((short) 4); - // Arguments - tmpVariables[2] = KMKeyParameters.exp(); - KMArray.cast(tmpVariables[1]).add((short) 0, KMEnum.instance(KMType.PURPOSE)); - KMArray.cast(tmpVariables[1]).add((short) 1, KMByteBlob.exp()); - KMArray.cast(tmpVariables[1]).add((short) 2, tmpVariables[2]); - tmpVariables[3] = KMHardwareAuthToken.exp(); - KMArray.cast(tmpVariables[1]).add((short) 3, tmpVariables[3]); - // Decode the arguments - args = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[KEY_PARAMETERS] = KMArray.cast(args).get((short) 2); - data[KEY_BLOB] = KMArray.cast(args).get((short) 1); - // Check for app id and app data. - data[APP_ID] = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_ID, data[KEY_PARAMETERS]); - data[APP_DATA] = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.APPLICATION_DATA, data[KEY_PARAMETERS]); - if (data[APP_ID] != KMTag.INVALID_VALUE) { - data[APP_ID] = KMByteTag.cast(data[APP_ID]).getValue(); - } - if (data[APP_DATA] != KMTag.INVALID_VALUE) { - data[APP_DATA] = KMByteTag.cast(data[APP_DATA]).getValue(); - } - // Parse the encrypted blob and decrypt it. - parseEncryptedKeyBlob(scratchPad); - // Authorize the begin operation and reserve op - data[OP_HANDLE] will have the handle. - // It will also set data[IV] field if required. - tmpVariables[0] = KMArray.cast(args).get((short) 0); - tmpVariables[0] = KMEnum.cast(tmpVariables[0]).getVal(); - data[HW_TOKEN] = KMArray.cast(args).get((short) 3); - /*Generate a random number for operation handle */ - short buf = KMByteBlob.instance(KMRepository.OPERATION_HANDLE_SIZE); - generateUniqueOperationHandle( - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); - /* opHandle is a KMInteger and is encoded as KMInteger when it is returned back. */ - short opHandle = KMInteger.instance( - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); - KMOperationState op = repository.reserveOperation(opHandle); - if (op == null) { - KMException.throwIt(KMError.TOO_MANY_OPERATIONS); - } - data[OP_HANDLE] = op.getHandle(); - op.setPurpose((byte) tmpVariables[0]); - op.setKeySize(KMByteBlob.cast(data[SECRET]).length()); - authorizeAndBeginOperation(op, scratchPad); - switch (op.getPurpose()) { - case KMType.SIGN: - beginTrustedConfirmationOperation(op); - case KMType.VERIFY: - beginSignVerifyOperation(op); - break; - case KMType.ENCRYPT: - case KMType.DECRYPT: - beginCipherOperation(op); - break; - default: - KMException.throwIt(KMError.UNIMPLEMENTED); - break; - } - // If the data[IV] is required to be returned. - // As per VTS, for the decryption operation don't send the iv back. - if (data[IV] != KMType.INVALID_VALUE - && op.getPurpose() != KMType.DECRYPT - && op.getBlockMode() != KMType.ECB) { - tmpVariables[2] = KMArray.instance((short) 1); - if (op.getAlgorithm() == KMType.DES && op.getBlockMode() == KMType.CBC) { - // For AES/DES we are generate an random iv of length 16 bytes. - // While sending the iv back for DES/CBC mode of opeation only send - // 8 bytes back. - tmpVariables[1] = KMByteBlob.instance((short) 8); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(data[IV]).getBuffer(), - KMByteBlob.cast(data[IV]).getStartOff(), - KMByteBlob.cast(tmpVariables[1]).getBuffer(), - KMByteBlob.cast(tmpVariables[1]).getStartOff(), - (short) 8); - data[IV] = tmpVariables[1]; - } - KMArray.cast(tmpVariables[2]).add((short) 0, KMByteTag.instance(KMType.NONCE, data[IV])); - } else { - tmpVariables[2] = KMArray.instance((short) 0); - } - tmpVariables[1] = KMKeyParameters.instance(tmpVariables[2]); - tmpVariables[0] = KMArray.instance((short) 3); - KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[0]).add((short) 1, tmpVariables[1]); - KMArray.cast(tmpVariables[0]).add((short) 2, data[OP_HANDLE]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private void authorizeAlgorithm(KMOperationState op) { - short alg = KMEnumTag.getValue(KMType.ALGORITHM, data[HW_PARAMETERS]); - if (alg == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - op.setAlgorithm((byte) alg); - } - - private void authorizePurpose(KMOperationState op) { - switch (op.getAlgorithm()) { - case KMType.AES: - case KMType.DES: - if (op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - break; - case KMType.EC: - case KMType.HMAC: - if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - break; - default: - break; - } - if (!KMEnumArrayTag.contains(KMType.PURPOSE, op.getPurpose(), data[HW_PARAMETERS])) { - KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); - } - } - - private void authorizeDigest(KMOperationState op) { - short digests = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[HW_PARAMETERS]); - op.setDigest(KMType.DIGEST_NONE); - short param = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS]); - if (param != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(param).length() != 1) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - param = KMEnumArrayTag.cast(param).get((short) 0); - if (!KMEnumArrayTag.cast(digests).contains(param)) { - KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); - } - op.setDigest((byte) param); - } - short paramPadding = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, data[KEY_PARAMETERS]); - if (paramPadding != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(paramPadding).length() != 1) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - paramPadding = KMEnumArrayTag.cast(paramPadding).get((short) 0); - } - switch (op.getAlgorithm()) { - case KMType.RSA: - if ((paramPadding == KMType.RSA_OAEP || paramPadding == KMType.RSA_PSS) - && param == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_DIGEST); - } - break; - case KMType.EC: - case KMType.HMAC: - if (param == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_DIGEST); - } - break; - default: - break; - } - } - - private void authorizePadding(KMOperationState op) { - short paddings = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, data[HW_PARAMETERS]); - op.setPadding(KMType.PADDING_NONE); - short param = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.PADDING, data[KEY_PARAMETERS]); - if (param != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(param).length() != 1) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - param = KMEnumArrayTag.cast(param).get((short) 0); - if (!KMEnumArrayTag.cast(paddings).contains(param)) { - KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); - } - } - switch (op.getAlgorithm()) { - case KMType.RSA: - if (param == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); - } - if ((op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) - && param != KMType.PADDING_NONE - && param != KMType.RSA_PSS - && param != KMType.RSA_PKCS1_1_5_SIGN) { - KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); - } - if ((op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) - && param != KMType.PADDING_NONE - && param != KMType.RSA_OAEP - && param != KMType.RSA_PKCS1_1_5_ENCRYPT) { - KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); - } - if (param == KMType.PADDING_NONE && op.getDigest() != KMType.DIGEST_NONE) { - KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); - } - if ((param == KMType.RSA_OAEP || param == KMType.RSA_PSS) - && op.getDigest() == KMType.DIGEST_NONE) { - KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); - } - op.setPadding((byte) param); - break; - case KMType.DES: - case KMType.AES: - if (param == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); - } - op.setPadding((byte) param); - break; - default: - break; - } - } - - private void authorizeBlockModeAndMacLength(KMOperationState op) { - short param = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, data[KEY_PARAMETERS]); - if (param != KMType.INVALID_VALUE) { - if (KMEnumArrayTag.cast(param).length() != 1) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - param = KMEnumArrayTag.cast(param).get((short) 0); - } - if (KMType.AES == op.getAlgorithm() || KMType.DES == op.getAlgorithm()) { - if (!KMEnumArrayTag.contains(KMType.BLOCK_MODE, param, data[HW_PARAMETERS])) { - KMException.throwIt(KMError.INCOMPATIBLE_BLOCK_MODE); - } - } - short macLen = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MAC_LENGTH, data[KEY_PARAMETERS]); - switch (op.getAlgorithm()) { - case KMType.AES: - //Validate the block mode. - switch (param) { - case KMType.ECB: - case KMType.CBC: - case KMType.CTR: - case KMType.GCM: - break; - default: - KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); - } - if (param == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - if (param == KMType.GCM) { - if (op.getPadding() != KMType.PADDING_NONE) { - KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); - } - if (macLen == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.MISSING_MAC_LENGTH); - } - if (macLen % 8 != 0 - || macLen > 128) { - KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH); - } - if(macLen - < KMIntegerTag.getShortValue( - KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { - KMException.throwIt(KMError.INVALID_MAC_LENGTH); - } - op.setMacLength(macLen); - } - break; - case KMType.DES: - //Validate the block mode. - switch (param) { - case KMType.ECB: - case KMType.CBC: - break; - default: - KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); - } - if (param == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - break; - case KMType.HMAC: - if (macLen == KMType.INVALID_VALUE) { - if (op.getPurpose() == KMType.SIGN) { - KMException.throwIt(KMError.MISSING_MAC_LENGTH); - } - } else { - // MAC length may not be specified for verify. - if (op.getPurpose() == KMType.VERIFY) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - if (macLen - < KMIntegerTag.getShortValue( - KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { - KMException.throwIt(KMError.INVALID_MAC_LENGTH); - } - if (macLen % 8 != 0 - || macLen > 256) { - KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH); - } - op.setMacLength(macLen); - } - break; - default: - break; - } - op.setBlockMode((byte) param); - } - - private void authorizeAndBeginOperation(KMOperationState op, byte[] scratchPad) { - authorizeAlgorithm(op); - authorizePurpose(op); - authorizeDigest(op); - authorizePadding(op); - authorizeBlockModeAndMacLength(op); - authorizeUserSecureIdAuthTimeout(op, scratchPad); - authorizeDeviceUnlock(scratchPad); - authorizeKeyUsageForCount(scratchPad); - - //Validate bootloader only - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, data[HW_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getBootEndedStatus()) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - - //Validate early boot - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[HW_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - - // Authorize Caller Nonce - if caller nonce absent in key char and nonce present in - // key params then fail if it is not a Decrypt operation - data[IV] = KMType.INVALID_VALUE; - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.CALLER_NONCE, data[HW_PARAMETERS]); - tmpVariables[1] = KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.NONCE, data[KEY_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) { - if (tmpVariables[1] != KMType.INVALID_VALUE && op.getPurpose() != KMType.DECRYPT) { - KMException.throwIt(KMError.CALLER_NONCE_PROHIBITED); - } - } - // If Nonce is present then check whether the size of nonce is correct. - if (tmpVariables[1] != KMType.INVALID_VALUE) { - data[IV] = KMByteTag.cast(tmpVariables[1]).getValue(); - // For CBC mode - iv must be 8 bytes - if (op.getBlockMode() == KMType.CBC - && op.getAlgorithm() == KMType.DES - && KMByteBlob.cast(data[IV]).length() != 8) { - KMException.throwIt(KMError.INVALID_NONCE); - } - // For GCM mode - IV must be 12 bytes - if (KMByteBlob.cast(data[IV]).length() != 12 && op.getBlockMode() == KMType.GCM) { - KMException.throwIt(KMError.INVALID_NONCE); - } - // For AES CBC and CTR modes IV must be 16 bytes - if ((op.getBlockMode() == KMType.CBC || op.getBlockMode() == KMType.CTR) - && op.getAlgorithm() == KMType.AES - && KMByteBlob.cast(data[IV]).length() != 16) { - KMException.throwIt(KMError.INVALID_NONCE); - } - } else if (op.getAlgorithm() == KMType.AES || op.getAlgorithm() == KMType.DES) { - // For symmetric decryption iv is required - if (op.getPurpose() == KMType.DECRYPT - && (op.getBlockMode() == KMType.CBC - || op.getBlockMode() == KMType.GCM - || op.getBlockMode() == KMType.CTR)) { - KMException.throwIt(KMError.MISSING_NONCE); - } else if (op.getBlockMode() == KMType.ECB) { - // For ECB we create zero length nonce - data[IV] = KMByteBlob.instance((short) 0); - } else if (op.getPurpose() == KMType.ENCRYPT) { - // For encrypt mode if nonce is absent then create random nonce of correct length - byte ivLen = 16; - if (op.getBlockMode() == KMType.GCM) { - ivLen = 12; - } else if (op.getAlgorithm() == KMType.DES) { - ivLen = 8; - } - data[IV] = KMByteBlob.instance(ivLen); - seProvider.newRandomNumber( - KMByteBlob.cast(data[IV]).getBuffer(), - KMByteBlob.cast(data[IV]).getStartOff(), - KMByteBlob.cast(data[IV]).length()); - } - } - } - - private void beginCipherOperation(KMOperationState op) { - switch (op.getAlgorithm()) { - case KMType.RSA: - try { - if (op.getPurpose() == KMType.DECRYPT) { - op.setOperation( - seProvider.initAsymmetricOperation( - (byte) op.getPurpose(), - op.getAlgorithm(), - op.getPadding(), - op.getDigest(), - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length())); - } else { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - } catch (CryptoException exp) { - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - break; - case KMType.AES: - case KMType.DES: - if (op.getBlockMode() == KMType.GCM) { - op.setAesGcmUpdateStart(); - } - try { - op.setOperation( - seProvider.initSymmetricOperation( - (byte) op.getPurpose(), - op.getAlgorithm(), - op.getDigest(), - op.getPadding(), - op.getBlockMode(), - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - KMByteBlob.cast(data[IV]).getBuffer(), - KMByteBlob.cast(data[IV]).getStartOff(), - KMByteBlob.cast(data[IV]).length(), - op.getMacLength())); - } catch (CryptoException exception) { - if (exception.getReason() == CryptoException.ILLEGAL_VALUE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } else if (exception.getReason() == CryptoException.NO_SUCH_ALGORITHM) { - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - } - } - } - - private void beginTrustedConfirmationOperation(KMOperationState op) { - // Check for trusted confirmation - if required then set the signer in op state. - if (KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED, - data[HW_PARAMETERS]) != KMType.INVALID_VALUE) { - - op.setTrustedConfirmationSigner( - seProvider.initTrustedConfirmationSymmetricOperation(seProvider.getComputedHmacKey())); - - op.getTrustedConfirmationSigner().update( - confirmationToken, - (short) 0, - (short) confirmationToken.length); - } - } - - private void beginSignVerifyOperation(KMOperationState op) { - switch (op.getAlgorithm()) { - case KMType.RSA: - try { - if (op.getPurpose() == KMType.SIGN) { - op.setOperation( - seProvider.initAsymmetricOperation( - (byte) op.getPurpose(), - op.getAlgorithm(), - op.getPadding(), - op.getDigest(), - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length())); - } else { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - } catch (CryptoException exp) { - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - break; - case KMType.EC: - try { - if (op.getPurpose() == KMType.SIGN) { - op.setOperation( - seProvider.initAsymmetricOperation( - (byte) op.getPurpose(), - op.getAlgorithm(), - op.getPadding(), - op.getDigest(), - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - null, - (short) 0, - (short) 0)); - } else { - KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); - } - } catch (CryptoException exp) { - // Javacard does not support NO digest based signing. - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - break; - case KMType.HMAC: - // As per Keymaster HAL documentation, the length of the Hmac output can - // be decided by using TAG_MAC_LENGTH in Keyparameters. But there is no - // such provision to control the length of the Hmac output using JavaCard - // crypto APIs and the current implementation always returns 32 bytes - // length of Hmac output. So to provide support to TAG_MAC_LENGTH - // feature, we truncate the output signature to TAG_MAC_LENGTH and return - // the truncated signature back to the caller. At the time of verfication - // we again compute the signature of the plain text input, truncate it to - // TAG_MAC_LENGTH and compare it with the input signature for - // verification. So this is the reason we are using KMType.SIGN directly - // instead of using op.getPurpose(). - try { - op.setOperation( - seProvider.initSymmetricOperation( - (byte) KMType.SIGN, - op.getAlgorithm(), - op.getDigest(), - op.getPadding(), - op.getBlockMode(), - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - null, - (short) 0, - (short) 0, - (short) 0)); - } catch (CryptoException exp) { - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - break; - default: - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - break; - } - } - - private void authorizeUserSecureIdAuthTimeout(KMOperationState op, byte[] scratchPad) { - short authTime; - short authType; - // Authorize User Secure Id and Auth timeout - short userSecureIdPtr = - KMKeyParameters.findTag(KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, data[HW_PARAMETERS]); - if (userSecureIdPtr != KMType.INVALID_VALUE) { - // Authentication required. - if (KMType.INVALID_VALUE != - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, data[HW_PARAMETERS])) { - // Key has both USER_SECURE_ID and NO_AUTH_REQUIRED - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - // store authenticator type - if(KMType.INVALID_VALUE == - (authType = KMEnumTag.getValue(KMType.USER_AUTH_TYPE, data[HW_PARAMETERS]))) { - // Authentication required, but no auth type found. - KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); - } - - short authTimeoutTagPtr = - KMKeyParameters.findTag(KMType.UINT_TAG, KMType.AUTH_TIMEOUT, data[HW_PARAMETERS]); - if (authTimeoutTagPtr != KMType.INVALID_VALUE) { - // authenticate user - if (!authTokenMatches(userSecureIdPtr, authType, scratchPad)) { - KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); - } - - authTimeoutTagPtr = - KMKeyParameters.findTag(KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS, data[HW_PARAMETERS]); - if (authTimeoutTagPtr == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - authTime = KMIntegerTag.cast(authTimeoutTagPtr).getValue(); - // set the one time auth - op.setOneTimeAuthReqd(true); - // set the authentication time stamp in operation state - authTime = - addIntegers(authTime, - KMHardwareAuthToken.cast(data[HW_TOKEN]).getTimestamp(), scratchPad); - op.setAuthTime( - KMInteger.cast(authTime).getBuffer(), KMInteger.cast(authTime).getStartOff()); - // auth time validation will happen in update or finish - op.setAuthTimeoutValidated(false); - } else { - // auth per operation required - // store user secure id and authType in OperationState. - op.setUserSecureId(userSecureIdPtr); - op.setAuthType((byte) authType); - // set flags - op.setOneTimeAuthReqd(false); - op.setAuthPerOperationReqd(true); - } - } - } - - private boolean isHwAuthTokenContainsMatchingSecureId(short hwAuthToken, - short secureUserIdsObj) { - short secureUserId = KMHardwareAuthToken.cast(hwAuthToken).getUserId(); - if (!KMInteger.cast(secureUserId).isZero()) { - if (KMIntegerArrayTag.cast(secureUserIdsObj).contains(secureUserId)) - return true; - } - - short authenticatorId = KMHardwareAuthToken.cast(hwAuthToken).getAuthenticatorId(); - if (!KMInteger.cast(authenticatorId).isZero()) { - if (KMIntegerArrayTag.cast(secureUserIdsObj).contains(authenticatorId)) - return true; - } - return false; - } - - private boolean authTokenMatches(short userSecureIdsPtr, short authType, - byte[] scratchPad) { - if (!validateHwToken(data[HW_TOKEN], scratchPad)) { - return false; - } - if (!isHwAuthTokenContainsMatchingSecureId(data[HW_TOKEN], userSecureIdsPtr)) { - return false; - } - // check auth type - tmpVariables[2] = KMHardwareAuthToken.cast(data[HW_TOKEN]).getHwAuthenticatorType(); - tmpVariables[2] = KMEnum.cast(tmpVariables[2]).getVal(); - if (((byte) tmpVariables[2] & (byte) authType) == 0) { - return false; - } - return true; - } - - private boolean verifyHwTokenMacInBigEndian(short hwToken, byte[] scratchPad) { - // The challenge, userId and authenticatorId, authenticatorType and timestamp - // are in network order (big-endian). - short len = 0; - // add 0 - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - len = 1; - // concatenate challenge - 8 bytes - short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate user id - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getUserId(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate authenticator id - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - // concatenate authenticator type - 4 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType(); - scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); - len += 4; - // concatenate timestamp -8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - - ptr = KMHardwareAuthToken.cast(hwToken).getMac(); - - return seProvider.hmacVerify( - seProvider.getComputedHmacKey(), - scratchPad, - (short) 0, - len, - KMByteBlob.cast(ptr).getBuffer(), - KMByteBlob.cast(ptr).getStartOff(), - KMByteBlob.cast(ptr).length()); - - } - - private boolean verifyHwTokenMacInLittleEndian(short hwToken, byte[] scratchPad) { - // The challenge, userId and authenticatorId values are in little endian order, - // but authenticatorType and timestamp are in network order (big-endian). - short len = 0; - // add 0 - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - len = 1; - // concatenate challenge - 8 bytes - short ptr = KMHardwareAuthToken.cast(hwToken).getChallenge(); - KMInteger.cast(ptr).toLittleEndian(scratchPad, len); - len += 8; - // concatenate user id - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getUserId(); - KMInteger.cast(ptr).toLittleEndian(scratchPad, len); - len += 8; - // concatenate authenticator id - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getAuthenticatorId(); - KMInteger.cast(ptr).toLittleEndian(scratchPad, len); - len += 8; - // concatenate authenticator type - 4 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getHwAuthenticatorType(); - scratchPad[(short) (len + 3)] = KMEnum.cast(ptr).getVal(); - len += 4; - // concatenate timestamp - 8 bytes - ptr = KMHardwareAuthToken.cast(hwToken).getTimestamp(); - KMInteger.cast(ptr) - .value(scratchPad, (short) (len + (short) (8 - KMInteger.cast(ptr).length()))); - len += 8; - - ptr = KMHardwareAuthToken.cast(hwToken).getMac(); - - return seProvider.hmacVerify( - seProvider.getComputedHmacKey(), - scratchPad, - (short) 0, - len, - KMByteBlob.cast(ptr).getBuffer(), - KMByteBlob.cast(ptr).getStartOff(), - KMByteBlob.cast(ptr).length()); - } - - private boolean validateHwToken(short hwToken, byte[] scratchPad) { - // CBOR Encoding is always big endian - short ptr = KMHardwareAuthToken.cast(hwToken).getMac(); - // If mac length is zero then token is empty. - if (KMByteBlob.cast(ptr).length() == 0) { - return false; - } - if (KMConfigurations.TEE_MACHINE_TYPE == KMConfigurations.LITTLE_ENDIAN) { - return verifyHwTokenMacInLittleEndian(hwToken, scratchPad); - } else { - return verifyHwTokenMacInBigEndian(hwToken, scratchPad); - } - } - - private void processImportKeyCmd(APDU apdu) { - // Receive the incoming request fully from the master into buffer. - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - tmpVariables[1] = KMArray.instance((short) 3); - // Arguments - tmpVariables[2] = KMKeyParameters.exp(); - KMArray.cast(tmpVariables[1]).add((short) 0, tmpVariables[2]); - KMArray.cast(tmpVariables[1]).add((short) 1, KMEnum.instance(KMType.KEY_FORMAT)); - KMArray.cast(tmpVariables[1]).add((short) 2, KMByteBlob.exp()); - // Decode the arguments - tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0); - tmpVariables[3] = KMArray.cast(tmpVariables[2]).get((short) 1); - data[IMPORTED_KEY_BLOB] = KMArray.cast(tmpVariables[2]).get((short) 2); - - byte keyFormat = KMEnum.cast(tmpVariables[3]).getVal(); - - short alg = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]); - if((alg == KMType.AES || alg == KMType.DES || alg == KMType.HMAC) && keyFormat != KMType.RAW ) { - KMException.throwIt(KMError.UNIMPLEMENTED); - } - if((alg == KMType.RSA || alg == KMType.EC) && keyFormat != KMType.PKCS8){ - KMException.throwIt(KMError.UNIMPLEMENTED); - } - - data[ORIGIN] = KMType.IMPORTED; - importKey(apdu, scratchPad, keyFormat); - } - - private void importKey(APDU apdu, byte[] scratchPad, byte keyFormat) { - - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) { - KMException.throwIt(KMError.EARLY_BOOT_ENDED); - } - - // Rollback protection not supported - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - KMException.throwIt(KMError.ROLLBACK_RESISTANCE_UNAVAILABLE); - } - - // get algorithm - tmpVariables[3] = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]); - if (tmpVariables[3] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - - //Check if the tags are supported. - if (KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { - KMException.throwIt(KMError.UNSUPPORTED_TAG); - } - // Check algorithm and dispatch to appropriate handler. - switch (tmpVariables[3]) { - case KMType.RSA: - importRSAKey(scratchPad); - break; - case KMType.AES: - importAESKey(scratchPad); - break; - case KMType.DES: - importTDESKey(scratchPad); - break; - case KMType.HMAC: - importHmacKey(scratchPad); - break; - case KMType.EC: - importECKeys(scratchPad, keyFormat); - break; - default: - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - break; - } - // create key blob - createEncryptedKeyBlob(scratchPad); - - // prepare the response - tmpVariables[0] = KMArray.instance((short) 3); - KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]); - KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - sendOutgoing(apdu); - } - - private void decodeRawECKey() { - // Decode key material - tmpVariables[0] = KMArray.instance((short) 2); - KMArray.cast(tmpVariables[0]).add((short) 0, KMByteBlob.exp()); // secret - KMArray.cast(tmpVariables[0]).add((short) 1, KMByteBlob.exp()); // public key - tmpVariables[0] = - decoder.decode( - tmpVariables[0], - KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getBuffer(), - KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).getStartOff(), - KMByteBlob.cast(data[IMPORTED_KEY_BLOB]).length()); - data[SECRET] = KMArray.cast(tmpVariables[0]).get((short) 0); - data[PUB_KEY] = KMArray.cast(tmpVariables[0]).get((short) 1); - } - - private void decodePKCS8ECKeys() { - // Decode key material - short keyBlob = seProvider.getPKCS8DecoderInstance().decodeEc(data[IMPORTED_KEY_BLOB]); - data[PUB_KEY] = KMArray.cast(keyBlob).get((short) 0); - data[SECRET] = KMArray.cast(keyBlob).get((short) 1); - } - - private void importECKeys(byte[] scratchPad, byte keyFormat) { - if (keyFormat == KMType.RAW) { - decodeRawECKey(); - } else { - decodePKCS8ECKeys(); - } - // initialize 256 bit p256 key for given private key and public key. - tmpVariables[4] = 0; // index for update list in scratchPad - - // check whether the keysize tag is present in key parameters. - tmpVariables[2] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[2] != KMType.INVALID_VALUE) { - // As per NIST.SP.800-186 page 9, secret for 256 curve should be between - // 256-383 - if (((256 <= (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) - && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))) - ^ tmpVariables[2] == 256) { - KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); - } - if (tmpVariables[2] != 256) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - } else { - // add the key size to scratchPad - if (!(256 <= (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) - && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))){ - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - tmpVariables[5] = KMInteger.uint_16((short) 256); - tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]); - Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]); - tmpVariables[4] += 2; - } - // check the curve if present in key parameters. - tmpVariables[3] = KMEnumTag.getValue(KMType.ECCURVE, data[KEY_PARAMETERS]); - if (tmpVariables[3] != KMType.INVALID_VALUE) { - // As per NIST.SP.800-186 page 9, secret length for 256 curve should be between - // 256-383 - if (((256 <= (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) - && (383 >= (short) (KMByteBlob.cast(data[SECRET]).length() * 8))) - ^ tmpVariables[3] == KMType.P_256) { - KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); - } - if (tmpVariables[3] != KMType.P_256) { - KMException.throwIt(KMError.UNSUPPORTED_EC_CURVE); - } - } else { - // add the curve to scratchPad - tmpVariables[5] = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); - Util.setShort(scratchPad, tmpVariables[4], tmpVariables[5]); - tmpVariables[4] += 2; - } - // Check whether key can be created - seProvider.importAsymmetricKey( - KMType.EC, - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length()); - - // add scratch pad to key parameters - updateKeyParameters(scratchPad, tmpVariables[4]); - // validate updated key parameters. - validateECKeys(); - data[KEY_BLOB] = KMArray.instance((short) 5); - KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_PUB_KEY, data[PUB_KEY]); - } - - private void importHmacKey(byte[] scratchPad) { - // Get Key - data[SECRET] = data[IMPORTED_KEY_BLOB]; - tmpVariables[4] = 0; // index in scratchPad for update params - // check the keysize tag if present in key parameters. - tmpVariables[2] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[2] != KMType.INVALID_VALUE) { - if (!(tmpVariables[2] >= 64 && tmpVariables[2] <= 512 && tmpVariables[2] % 8 == 0)) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - if (tmpVariables[2] != (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) { - KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); - } - } else { - // add the key size to scratchPad - tmpVariables[6] = (short) (KMByteBlob.cast(data[SECRET]).length() * 8); - if (!(tmpVariables[6] >= 64 && tmpVariables[6] <= 512 && tmpVariables[6] % 8 == 0)) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - tmpVariables[5] = KMInteger.uint_16(tmpVariables[6]); - tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]); - Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]); - tmpVariables[4] += 2; - } - // Check whether key can be created - seProvider.importSymmetricKey( - KMType.HMAC, - tmpVariables[2], - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length()); - - // update the key parameters list - updateKeyParameters(scratchPad, tmpVariables[4]); - // validate HMAC Key parameters - validateHmacKey(); - - data[KEY_BLOB] = KMArray.instance((short) 4); - } - - private void importTDESKey(byte[] scratchPad) { - // Decode Key Material - data[SECRET] = data[IMPORTED_KEY_BLOB]; - tmpVariables[4] = 0; // index in scratchPad for update params - // check the keysize tag if present in key parameters. - tmpVariables[2] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[2] != KMType.INVALID_VALUE) { - if (tmpVariables[2] != 168 || - 192 != (short)( 8 * KMByteBlob.cast(data[SECRET]).length())) { - KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); - } - } else { - // add the key size to scratchPad - tmpVariables[6] = (short)( 8 * KMByteBlob.cast(data[SECRET]).length()); - if(tmpVariables[6] != 192) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - tmpVariables[5] = KMInteger.uint_16(tmpVariables[6]); - tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]); - Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]); - tmpVariables[4] += 2; - } - // Check whether key can be created - seProvider.importSymmetricKey( - KMType.DES, - tmpVariables[2], - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length()); - - // update the key parameters list - updateKeyParameters(scratchPad, tmpVariables[4]); - // Read Minimum Mac length - it must not be present - // Added this error check based on default reference implementation. - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_TAG); - } - data[KEY_BLOB] = KMArray.instance((short) 4); - } - - private void validateAesKeySize(short keySizeBits) { - if (keySizeBits != 128 && keySizeBits != 256) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - } - - private void importAESKey(byte[] scratchPad) { - // Get Key - data[SECRET] = data[IMPORTED_KEY_BLOB]; - // create 128 or 256 bit AES key - tmpVariables[4] = 0; // index in scratchPad for update params - // check the keysize tag if present in key parameters. - short keysize = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - - if (keysize != KMType.INVALID_VALUE) { - if(keysize != (short)( 8 * KMByteBlob.cast(data[SECRET]).length())) { - KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); - } - validateAesKeySize(keysize); - } else { - // add the key size to scratchPad - keysize = (short) ( 8 * KMByteBlob.cast(data[SECRET]).length()); - validateAesKeySize(keysize); - keysize = KMInteger.uint_16(keysize); - short keysizeTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, keysize); - Util.setShort(scratchPad, tmpVariables[4], keysizeTag); - tmpVariables[4] += 2; - } - // Check whether key can be created - seProvider.importSymmetricKey( - KMType.AES, - tmpVariables[2], - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length()); - - // update the key parameters list - updateKeyParameters(scratchPad, tmpVariables[4]); - // validate AES Key parameters - validateAESKey(); - data[KEY_BLOB] = KMArray.instance((short) 4); - } - - private void importRSAKey(byte[] scratchPad) { - // Decode key material - short keyblob = seProvider.getPKCS8DecoderInstance().decodeRsa(data[IMPORTED_KEY_BLOB]); - data[PUB_KEY] = KMArray.cast(keyblob).get((short) 0); - short pubKeyExp = KMArray.cast(keyblob).get((short)1); - data[SECRET] = KMArray.cast(keyblob).get((short) 2); - - if(F4.length != KMByteBlob.cast(pubKeyExp).length()) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - if(Util.arrayCompare(F4, (short)0, KMByteBlob.cast(pubKeyExp).getBuffer(), - KMByteBlob.cast(pubKeyExp).getStartOff(), (short)F4.length) != 0) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - tmpVariables[4] = 0; // index in scratchPad for update parameters. - // validate public exponent if present in key params - it must be 0x010001 - tmpVariables[2] = - KMIntegerTag.getValue( - scratchPad, - (short) 10, // using offset 10 as first 10 bytes reserved for update params - KMType.ULONG_TAG, - KMType.RSA_PUBLIC_EXPONENT, - data[KEY_PARAMETERS]); - if (tmpVariables[2] != KMTag.INVALID_VALUE) { - if (tmpVariables[2] != 4 - || Util.getShort(scratchPad, (short) 10) != 0x01 - || Util.getShort(scratchPad, (short) 12) != 0x01) { - KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); - } - } else { - // add public exponent to scratchPad - Util.setShort(scratchPad, (short) 10, (short) 0x01); - Util.setShort(scratchPad, (short) 12, (short) 0x01); - tmpVariables[5] = KMInteger.uint_32(scratchPad, (short) 10); - tmpVariables[6] = - KMIntegerTag.instance(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, tmpVariables[5]); - Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]); - tmpVariables[4] += 2; - } - - // check the keysize tag if present in key parameters. - tmpVariables[2] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[2] != KMType.INVALID_VALUE) { - if (tmpVariables[2] != 2048 - || tmpVariables[2] != (short) (KMByteBlob.cast(data[SECRET]).length() * 8)) { - KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); - } - } else { - // add the key size to scratchPad - tmpVariables[6] = (short) (KMByteBlob.cast(data[SECRET]).length() * 8); - if(tmpVariables[6] != 2048) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - tmpVariables[5] = KMInteger.uint_16((short) tmpVariables[6]); - tmpVariables[6] = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, tmpVariables[5]); - Util.setShort(scratchPad, tmpVariables[4], tmpVariables[6]); - tmpVariables[4] += 2; - } - - // Check whether key can be created - seProvider.importAsymmetricKey( - KMType.RSA, - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length()); - - // update the key parameters list - updateKeyParameters(scratchPad, tmpVariables[4]); - // validate RSA Key parameters - validateRSAKey(scratchPad); - data[KEY_BLOB] = KMArray.instance((short) 5); - KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_PUB_KEY, data[PUB_KEY]); - } - - private void updateKeyParameters(byte[] ptrArr, short len) { - if (len == 0) { - return; // nothing to update - } - // Create Update Param array and copy current params - tmpVariables[0] = KMKeyParameters.cast(data[KEY_PARAMETERS]).getVals(); - tmpVariables[1] = (short) (KMArray.cast(tmpVariables[0]).length() + (short) (len / 2)); - tmpVariables[1] = KMArray.instance(tmpVariables[1]); // update params - tmpVariables[2] = KMArray.cast(tmpVariables[0]).length(); - tmpVariables[3] = 0; - // copy the existing key parameters to updated array - while (tmpVariables[3] < tmpVariables[2]) { - tmpVariables[4] = KMArray.cast(tmpVariables[0]).get(tmpVariables[3]); - KMArray.cast(tmpVariables[1]).add(tmpVariables[3], tmpVariables[4]); - tmpVariables[3]++; - } - // copy new parameters to updated array - tmpVariables[2] = KMArray.cast(tmpVariables[1]).length(); - tmpVariables[5] = 0; // index in ptrArr - while (tmpVariables[3] < tmpVariables[2]) { - tmpVariables[4] = Util.getShort(ptrArr, tmpVariables[5]); - KMArray.cast(tmpVariables[1]).add(tmpVariables[3], tmpVariables[4]); - tmpVariables[3]++; - tmpVariables[5] += 2; - } - // replace with updated key parameters. - data[KEY_PARAMETERS] = KMKeyParameters.instance(tmpVariables[1]); - } - - // This command is executed to set the boot parameters. - // releaseAllOperations has to be called on every boot, so - // it is called from inside setBootParams. Later in future if - // setBootParams is removed, then make sure that releaseAllOperations - // is moved to a place where it is called on every boot. - private void processSetBootParamsCmd(APDU apdu) { - receiveIncoming(apdu); - byte[] scratchPad = apdu.getBuffer(); - // Argument 0 Boot Patch level - tmpVariables[0] = KMInteger.exp(); - // Argument 1 Verified Boot Key - tmpVariables[1] = KMByteBlob.exp(); - // Argument 2 Verified Boot Hash - tmpVariables[2] = KMByteBlob.exp(); - // Argument 3 Verified Boot State - tmpVariables[3] = KMEnum.instance(KMType.VERIFIED_BOOT_STATE); - // Argument 4 Device Locked - tmpVariables[4] = KMEnum.instance(KMType.DEVICE_LOCKED); - // Array of e4pected arguments - short argsProto = KMArray.instance((short) 5); - KMArray.cast(argsProto).add((short) 0, tmpVariables[0]); - KMArray.cast(argsProto).add((short) 1, tmpVariables[1]); - KMArray.cast(argsProto).add((short) 2, tmpVariables[2]); - KMArray.cast(argsProto).add((short) 3, tmpVariables[3]); - KMArray.cast(argsProto).add((short) 4, tmpVariables[4]); - // Decode the arguments - short args = decoder.decode(argsProto, (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - tmpVariables[0] = KMArray.cast(args).get((short) 0); - tmpVariables[1] = KMArray.cast(args).get((short) 1); - tmpVariables[2] = KMArray.cast(args).get((short) 2); - tmpVariables[3] = KMArray.cast(args).get((short) 3); - tmpVariables[4] = KMArray.cast(args).get((short) 4); - if (KMByteBlob.cast(tmpVariables[1]).length() > KMRepository.BOOT_KEY_MAX_SIZE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - if (KMByteBlob.cast(tmpVariables[2]).length() > KMRepository.BOOT_HASH_MAX_SIZE) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - - repository.setBootPatchLevel( - KMInteger.cast(tmpVariables[0]).getBuffer(), - KMInteger.cast(tmpVariables[0]).getStartOff(), - KMInteger.cast(tmpVariables[0]).length()); - - repository.setVerifiedBootKey( - KMByteBlob.cast(tmpVariables[1]).getBuffer(), - KMByteBlob.cast(tmpVariables[1]).getStartOff(), - KMByteBlob.cast(tmpVariables[1]).length()); - - repository.setVerifiedBootHash( - KMByteBlob.cast(tmpVariables[2]).getBuffer(), - KMByteBlob.cast(tmpVariables[2]).getStartOff(), - KMByteBlob.cast(tmpVariables[2]).length()); - - byte enumVal = KMEnum.cast(tmpVariables[3]).getVal(); - repository.setBootState(enumVal); - - enumVal = KMEnum.cast(tmpVariables[4]).getVal(); - repository.setBootloaderLocked(enumVal == KMType.DEVICE_LOCKED_TRUE); - - // Clear Android system properties expect boot patch level as it is - // already set. - repository.clearAndroidSystemProperties(); - - // Clear the Computed SharedHmac and Hmac nonce from persistent memory. - Util.arrayFillNonAtomic(scratchPad, (short) 0, KMRepository.COMPUTED_HMAC_KEY_SIZE, (byte) 0); - seProvider.createComputedHmacKey(scratchPad, (short) 0, KMRepository.COMPUTED_HMAC_KEY_SIZE); - repository.clearHmacNonce(); - - //Clear all the operation state. - repository.releaseAllOperations(); - - // Hmac is cleared, so generate a new Hmac nonce. - seProvider.newRandomNumber(scratchPad, (short) 0, KMRepository.HMAC_SEED_NONCE_SIZE); - repository.initHmacNonce(scratchPad, (short) 0, KMRepository.HMAC_SEED_NONCE_SIZE); - - //flag to maintain the boot state - repository.setBootEndedStatus(false); - - //flag to maintain early boot ended state - repository.setEarlyBootEndedStatus(false); - - // Clear all the auth tags - repository.removeAllAuthTags(); - } - - private static void processGenerateKey(APDU apdu) { - // Receive the incoming request fully from the master into buffer. - receiveIncoming(apdu); - // Re-purpose the apdu buffer as scratch pad. - byte[] scratchPad = apdu.getBuffer(); - // Argument - tmpVariables[0] = KMKeyParameters.exp(); - // Array of expected arguments - tmpVariables[1] = KMArray.instance((short) 1); - KMArray.cast(tmpVariables[1]).add((short) 0, tmpVariables[0]); - // Decode the argument - tmpVariables[2] = decoder.decode(tmpVariables[1], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET], bufferProp[BUF_LEN_OFFSET]); - //reclaim memory - repository.reclaimMemory(bufferProp[BUF_LEN_OFFSET]); - - data[KEY_PARAMETERS] = KMArray.cast(tmpVariables[2]).get((short) 0); - // Check if EarlyBootEnded tag is present. - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE && repository.getEarlyBootEndedStatus()) { - KMException.throwIt(KMError.EARLY_BOOT_ENDED); - } - // Check if rollback resistance tag is present - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - KMException.throwIt(KMError.ROLLBACK_RESISTANCE_UNAVAILABLE); - } - - // get algorithm - tmpVariables[3] = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]); - if (tmpVariables[3] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - } - tmpVariables[4] = - KMKeyParameters.findTag(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[4] != KMType.INVALID_VALUE) { - if (!KMIntegerTag.cast(tmpVariables[4]).isValidKeySize((byte) tmpVariables[3])) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - } - // Only STANDALONE is supported for BLOB_USAGE_REQ tag. - tmpVariables[0] = - KMKeyParameters.findTag(KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - tmpVariables[0] = KMEnumTag.getValue(KMType.BLOB_USAGE_REQ, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.STANDALONE) { - KMException.throwIt(KMError.UNSUPPORTED_TAG); - } - } - //Check if the tags are supported. - if (KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { - KMException.throwIt(KMError.UNSUPPORTED_TAG); - } - - // Check algorithm and dispatch to appropriate handler. - switch (tmpVariables[3]) { - case KMType.RSA: - generateRSAKey(scratchPad); - break; - case KMType.AES: - generateAESKey(scratchPad); - break; - case KMType.DES: - generateTDESKey(scratchPad); - break; - case KMType.HMAC: - generateHmacKey(scratchPad); - break; - case KMType.EC: - generateECKeys(scratchPad); - break; - default: - KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); - break; - } - // create key blob - data[ORIGIN] = KMType.GENERATED; - createEncryptedKeyBlob(scratchPad); - - // prepare the response - tmpVariables[0] = KMArray.instance((short) 3); - KMArray.cast(tmpVariables[0]).add((short) 0, buildErrorStatus(KMError.OK)); - KMArray.cast(tmpVariables[0]).add((short) 1, data[KEY_BLOB]); - KMArray.cast(tmpVariables[0]).add((short) 2, data[KEY_CHARACTERISTICS]); - - bufferProp[BUF_START_OFFSET] = repository.allocAvailableMemory(); - // Encode the response - bufferProp[BUF_LEN_OFFSET] = encoder.encode(tmpVariables[0], (byte[]) bufferRef[0], bufferProp[BUF_START_OFFSET]); - - sendOutgoing(apdu); - } - - private static void validateRSAKey(byte[] scratchPad) { - // Read key size - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[0] == KMTag.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - if (tmpVariables[0] != 2048) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - // Read public exponent into scratch pad - tmpVariables[1] = - KMIntegerTag.getValue( - scratchPad, - (short) 0, - KMType.ULONG_TAG, - KMType.RSA_PUBLIC_EXPONENT, - data[KEY_PARAMETERS]); - if ((tmpVariables[1] == KMTag.INVALID_VALUE) || (tmpVariables[1] != 4)) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - // Only exponent support is F4 - 65537 which is 0x00010001. - if (Util.getShort(scratchPad, (short) 0) != 0x01 - || Util.getShort(scratchPad, (short) 2) != 0x01) { - KMException.throwIt(KMError.INVALID_ARGUMENT); - } - } - - // Generate key handlers - private static void generateRSAKey(byte[] scratchPad) { - // Validate RSA Key - validateRSAKey(scratchPad); - // Now generate 2048 bit RSA keypair for the given exponent - short[] lengths = tmpVariables; - data[PUB_KEY] = KMByteBlob.instance((short) 256); - data[SECRET] = KMByteBlob.instance((short) 256); - seProvider.createAsymmetricKey( - KMType.RSA, - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - KMByteBlob.cast(data[PUB_KEY]).getBuffer(), - KMByteBlob.cast(data[PUB_KEY]).getStartOff(), - KMByteBlob.cast(data[PUB_KEY]).length(), - lengths); - - data[KEY_BLOB] = KMArray.instance((short) 5); - KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_PUB_KEY, data[PUB_KEY]); - } - - private static void validateAESKey() { - // Read key size - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[0] == KMTag.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - if ((tmpVariables[0] != 256) && (tmpVariables[0] != 128)) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - // Read Block mode - array of byte values - tmpVariables[1] = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, data[KEY_PARAMETERS]); - if (tmpVariables[1] != KMTag.INVALID_VALUE) { // block mode specified - // Find Minimum Mac length - tmpVariables[2] = - KMKeyParameters.findTag(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]); - // If block modes contain GCM mode - if (KMEnumArrayTag.cast(tmpVariables[1]).contains(KMType.GCM)) { - // minimum mac length must be specified - if (tmpVariables[2] == KMTag.INVALID_VALUE) { - KMException.throwIt(KMError.MISSING_MIN_MAC_LENGTH); - } - tmpVariables[3] = KMIntegerTag.cast(tmpVariables[2]).getValue(); - // Validate the MIN_MAC_LENGTH for AES - should be multiple of 8, less then 128 bits - // and greater the 96 bits - if (KMInteger.cast(tmpVariables[3]).getSignificantShort() != 0 - || KMInteger.cast(tmpVariables[3]).getShort() > 128 - || KMInteger.cast(tmpVariables[3]).getShort() < 96 - || (KMInteger.cast(tmpVariables[3]).getShort() % 8) != 0) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - } - } - } - - private static void generateAESKey(byte[] scratchPad) { - validateAESKey(); - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - tmpVariables[0] = - seProvider.createSymmetricKey(KMType.AES, tmpVariables[0], scratchPad, (short) 0); - data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, tmpVariables[0]); - data[KEY_BLOB] = KMArray.instance((short) 4); - } - - private static void validateECKeys() { - // Read key size - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - tmpVariables[1] = KMEnumTag.getValue(KMType.ECCURVE, data[KEY_PARAMETERS]); - if ((tmpVariables[0] == KMTag.INVALID_VALUE) && (tmpVariables[1] == KMTag.INVALID_VALUE)) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } else if ((tmpVariables[0] != KMTag.INVALID_VALUE) && (tmpVariables[0] != (short) 256)) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } else if ((tmpVariables[1] != KMType.INVALID_VALUE) && (tmpVariables[1] != KMType.P_256)) { - KMException.throwIt(KMError.UNSUPPORTED_EC_CURVE); - } - } - - private static void generateECKeys(byte[] scratchPad) { - validateECKeys(); - short[] lengths = tmpVariables; - seProvider.createAsymmetricKey( - KMType.EC, - scratchPad, - (short) 0, - (short) 128, - scratchPad, - (short) 128, - (short) 128, - lengths); - data[PUB_KEY] = KMByteBlob.instance(scratchPad, (short) 128, lengths[1]); - data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, lengths[0]); - data[KEY_BLOB] = KMArray.instance((short) 5); - KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_PUB_KEY, data[PUB_KEY]); - } - - private static void validateTDESKey() { - // Read Minimum Mac length - it must not be present - // This below check is done based on the reference implementation. - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_TAG); - } - // Read keysize - tmpVariables[1] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[1] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - if (tmpVariables[1] != 168) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - } - - private static void generateTDESKey(byte[] scratchPad) { - validateTDESKey(); - tmpVariables[0] = seProvider.createSymmetricKey(KMType.DES, (short) 168, scratchPad, (short) 0); - data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, tmpVariables[0]); - data[KEY_BLOB] = KMArray.instance((short) 4); - } - - private static void validateHmacKey() { - // If params does not contain any digest throw unsupported digest error. - tmpVariables[0] = - KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, KMType.DIGEST, data[KEY_PARAMETERS]); - if (KMType.INVALID_VALUE == tmpVariables[0]) { - KMException.throwIt(KMError.UNSUPPORTED_DIGEST); - } - - if (KMEnumArrayTag.contains(KMType.DIGEST, KMType.DIGEST_NONE, data[KEY_PARAMETERS])) { - KMException.throwIt(KMError.UNSUPPORTED_DIGEST); - } - // Strongbox supports only SHA256. - if (!KMEnumArrayTag.contains(KMType.DIGEST, KMType.SHA2_256, data[KEY_PARAMETERS])) { - KMException.throwIt(KMError.UNSUPPORTED_DIGEST); - } - // Read Minimum Mac length - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.MISSING_MIN_MAC_LENGTH); - } - // Check whether digest size is greater than or equal to min mac length. - // This below check is done based on the reference implementation. - if (((short) (tmpVariables[0] % 8) != 0) - || (tmpVariables[0] < (short) 64) - || tmpVariables[0] > (short) 256) { - KMException.throwIt(KMError.UNSUPPORTED_MIN_MAC_LENGTH); - } - // Read keysize - tmpVariables[1] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - if (tmpVariables[1] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - if (((short) (tmpVariables[1] % 8) != 0) - || (tmpVariables[1] < (short) 64) - || tmpVariables[1] > (short) 512) { - KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); - } - } - - private static void generateHmacKey(byte[] scratchPad) { - validateHmacKey(); - tmpVariables[0] = - KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); - // generate HMAC Key - tmpVariables[0] = - seProvider.createSymmetricKey(KMType.HMAC, tmpVariables[0], scratchPad, (short) 0); - data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, tmpVariables[0]); - data[KEY_BLOB] = KMArray.instance((short) 4); - } - - private void checkVersionAndPatchLevel(byte[] scratchPad) { - tmpVariables[0] = - KMIntegerTag.getValue( - scratchPad, (short) 0, KMType.UINT_TAG, KMType.OS_VERSION, data[HW_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - tmpVariables[1] = repository.getOsVersion(); - tmpVariables[1] = - KMInteger.unsignedByteArrayCompare( - KMInteger.cast(tmpVariables[1]).getBuffer(), - KMInteger.cast(tmpVariables[1]).getStartOff(), - scratchPad, - (short) 0, - tmpVariables[0]); - if (tmpVariables[1] == -1) { - // If the key characteristics has os version > current os version - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } else if (tmpVariables[1] == 1) { - KMException.throwIt(KMError.KEY_REQUIRES_UPGRADE); - } - } - tmpVariables[0] = - KMIntegerTag.getValue( - scratchPad, (short) 0, KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, data[HW_PARAMETERS]); - if (tmpVariables[0] != KMType.INVALID_VALUE) { - tmpVariables[1] = repository.getOsPatch(); - tmpVariables[1] = - KMInteger.unsignedByteArrayCompare( - KMInteger.cast(tmpVariables[1]).getBuffer(), - KMInteger.cast(tmpVariables[1]).getStartOff(), - scratchPad, - (short) 0, - tmpVariables[0]); - if (tmpVariables[1] == -1) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } else if (tmpVariables[1] == 1) { - KMException.throwIt(KMError.KEY_REQUIRES_UPGRADE); - } - } - } - - private static void makeKeyCharacteristics(byte[] scratchPad) { - tmpVariables[0] = repository.getOsPatch(); - tmpVariables[1] = repository.getOsVersion(); - tmpVariables[2] = repository.getVendorPatchLevel(); - tmpVariables[3] = repository.getBootPatchLevel(); - data[HW_PARAMETERS] = - KMKeyParameters.makeHwEnforced( - data[KEY_PARAMETERS], - (byte) data[ORIGIN], - tmpVariables[1], - tmpVariables[0], - tmpVariables[2], - tmpVariables[3], - scratchPad); - data[SW_PARAMETERS] = KMKeyParameters.makeSwEnforced(data[KEY_PARAMETERS], scratchPad); - data[KEY_CHARACTERISTICS] = KMKeyCharacteristics.instance(); - KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).setHardwareEnforced(data[HW_PARAMETERS]); - KMKeyCharacteristics.cast(data[KEY_CHARACTERISTICS]).setSoftwareEnforced(data[SW_PARAMETERS]); - } - - private static void createEncryptedKeyBlob(byte[] scratchPad) { - // make key characteristics - returns key characteristics in data[KEY_CHARACTERISTICS] - makeKeyCharacteristics(scratchPad); - // make root of trust blob - data[ROT] = repository.readROT(); - if (data[ROT] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - - // make hidden key params list - data[HIDDEN_PARAMETERS] = - KMKeyParameters.makeHidden(data[KEY_PARAMETERS], data[ROT], scratchPad); - // make authorization data - makeAuthData(scratchPad); - // encrypt the secret and cryptographically attach that to authorization data - encryptSecret(scratchPad); - - // create key blob array - KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_SECRET, data[SECRET]); - KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_AUTH_TAG, data[AUTH_TAG]); - KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_NONCE, data[NONCE]); - KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_KEYCHAR, data[KEY_CHARACTERISTICS]); - - // allocate reclaimable memory. - tmpVariables[0] = repository.alloc((short) 1024); - tmpVariables[1] = encoder.encode(data[KEY_BLOB], repository.getHeap(), tmpVariables[0]); - data[KEY_BLOB] = KMByteBlob.instance(repository.getHeap(), tmpVariables[0], tmpVariables[1]); - } - - private static void parseEncryptedKeyBlob(byte[] scratchPad) { - data[ROT] = repository.readROT(); - if (data[ROT] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - try { - tmpVariables[0] = KMByteBlob.cast(data[KEY_BLOB]).getStartOff(); - tmpVariables[1] = KMArray.instance((short) 5); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_SECRET, - KMByteBlob.exp()); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_AUTH_TAG, - KMByteBlob.exp()); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_NONCE, - KMByteBlob.exp()); - tmpVariables[2] = KMKeyCharacteristics.exp(); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_KEYCHAR, - tmpVariables[2]); - KMArray.cast(tmpVariables[1]).add(KMKeymasterApplet.KEY_BLOB_PUB_KEY, - KMByteBlob.exp()); - data[KEY_BLOB] = decoder.decodeArray(tmpVariables[1], - KMByteBlob.cast(data[KEY_BLOB]).getBuffer(), - KMByteBlob.cast(data[KEY_BLOB]).getStartOff(), - KMByteBlob.cast(data[KEY_BLOB]).length()); - tmpVariables[0] = KMArray.cast(data[KEY_BLOB]).length(); - if (tmpVariables[0] < 4) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - data[AUTH_TAG] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_AUTH_TAG); - - // initialize data - data[NONCE] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_NONCE); - data[SECRET] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_SECRET); - data[KEY_CHARACTERISTICS] = KMArray.cast(data[KEY_BLOB]).get( - KEY_BLOB_KEYCHAR); - data[PUB_KEY] = KMType.INVALID_VALUE; - if (tmpVariables[0] == 5) { - data[PUB_KEY] = KMArray.cast(data[KEY_BLOB]).get(KEY_BLOB_PUB_KEY); - } - data[HW_PARAMETERS] = KMKeyCharacteristics - .cast(data[KEY_CHARACTERISTICS]).getHardwareEnforced(); - data[SW_PARAMETERS] = KMKeyCharacteristics - .cast(data[KEY_CHARACTERISTICS]).getSoftwareEnforced(); - - data[HIDDEN_PARAMETERS] = KMKeyParameters.makeHidden(data[APP_ID], - data[APP_DATA], data[ROT], scratchPad); - // make auth data - makeAuthData(scratchPad); - // Decrypt Secret and verify auth tag - decryptSecret(scratchPad); - } catch (Exception e) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - } - - private static void decryptSecret(byte[] scratchPad) { - // derive master key - stored in derivedKey - tmpVariables[0] = deriveKey(scratchPad); - if (!seProvider.aesGCMDecrypt( - repository.getHeap(), - data[DERIVED_KEY], - tmpVariables[0], - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - scratchPad, - (short) 0, - KMByteBlob.cast(data[NONCE]).getBuffer(), - KMByteBlob.cast(data[NONCE]).getStartOff(), - KMByteBlob.cast(data[NONCE]).length(), - repository.getHeap(), - data[AUTH_DATA], - data[AUTH_DATA_LENGTH], - KMByteBlob.cast(data[AUTH_TAG]).getBuffer(), - KMByteBlob.cast(data[AUTH_TAG]).getStartOff(), - KMByteBlob.cast(data[AUTH_TAG]).length())) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - // Copy the decrypted secret - data[SECRET] = - KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.cast(data[SECRET]).length()); - } - - private static void encryptSecret(byte[] scratchPad) { - // make nonce - data[NONCE] = KMByteBlob.instance((short) AES_GCM_NONCE_LENGTH); - data[AUTH_TAG] = KMByteBlob.instance(AES_GCM_AUTH_TAG_LENGTH); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(data[NONCE]).getBuffer(), - KMByteBlob.cast(data[NONCE]).getStartOff(), - scratchPad, - (short) 0, - KMByteBlob.cast(data[NONCE]).length()); - seProvider.newRandomNumber( - KMByteBlob.cast(data[NONCE]).getBuffer(), - KMByteBlob.cast(data[NONCE]).getStartOff(), - KMByteBlob.cast(data[NONCE]).length()); - // derive master key - stored in derivedKey - tmpVariables[0] = deriveKey(scratchPad); - tmpVariables[1] = - seProvider.aesGCMEncrypt( - repository.getHeap(), - data[DERIVED_KEY], - tmpVariables[0], - KMByteBlob.cast(data[SECRET]).getBuffer(), - KMByteBlob.cast(data[SECRET]).getStartOff(), - KMByteBlob.cast(data[SECRET]).length(), - scratchPad, - (short) 0, - KMByteBlob.cast(data[NONCE]).getBuffer(), - KMByteBlob.cast(data[NONCE]).getStartOff(), - KMByteBlob.cast(data[NONCE]).length(), - repository.getHeap(), - data[AUTH_DATA], - data[AUTH_DATA_LENGTH], - KMByteBlob.cast(data[AUTH_TAG]).getBuffer(), - KMByteBlob.cast(data[AUTH_TAG]).getStartOff(), - KMByteBlob.cast(data[AUTH_TAG]).length()); - if (tmpVariables[1] > 0) { - if (tmpVariables[1] != KMByteBlob.cast(data[SECRET]).length()) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - KMByteBlob.cast(data[SECRET]).setValue(scratchPad, (short) 0, tmpVariables[1]); - } - } - - private static void makeAuthData(byte[] scratchPad) { - - short arrayLen = 3; - if (KMArray.cast(data[KEY_BLOB]).length() == 5) { - arrayLen = 4; - } - short params = KMArray.instance((short) arrayLen); - KMArray.cast(params).add((short) 0, KMKeyParameters.cast(data[HW_PARAMETERS]).getVals()); - KMArray.cast(params).add((short) 1, KMKeyParameters.cast(data[SW_PARAMETERS]).getVals()); - KMArray.cast(params).add((short) 2, KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals()); - if (4 == arrayLen) { - KMArray.cast(params).add((short) 3, data[PUB_KEY]); - } - - short authIndex = repository.alloc(MAX_AUTH_DATA_SIZE); - short index = 0; - short len = 0; - short paramsLen = KMArray.cast(params).length(); - Util.arrayFillNonAtomic(repository.getHeap(), authIndex, (short) MAX_AUTH_DATA_SIZE, (byte) 0); - while (index < paramsLen) { - short tag = KMArray.cast(params).get(index); - len = encoder.encode(tag, repository.getHeap(), (short) (authIndex + 32)); - Util.arrayCopyNonAtomic(repository.getHeap(), (short) authIndex, repository.getHeap(), - (short) (authIndex + len + 32), (short) 32); - len = seProvider.messageDigest256(repository.getHeap(), - (short) (authIndex + 32), (short) (len + 32), repository.getHeap(), (short) authIndex); - if (len != 32) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - index++; - } - data[AUTH_DATA] = authIndex; - data[AUTH_DATA_LENGTH] = len; - } - - private static short deriveKey(byte[] scratchPad) { - // KeyDerivation: - // 1. Do HMAC Sign, Auth data. - // 2. HMAC Sign generates an output of 32 bytes length. - // Consume only first 16 bytes as derived key. - // Hmac sign. - short len = seProvider.hmacKDF( - seProvider.getMasterKey(), - repository.getHeap(), - data[AUTH_DATA], - data[AUTH_DATA_LENGTH], - scratchPad, - (short) 0); - if (len < 16) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - len = 16; - data[DERIVED_KEY] = repository.alloc(len); - // store the derived secret in data dictionary - Util.arrayCopyNonAtomic( - scratchPad, (short) 0, repository.getHeap(), data[DERIVED_KEY], len); - return len; - } - - // This function masks the error code with POWER_RESET_MASK_FLAG - // in case if card reset event occurred. The clients of the Applet - // has to extract the power reset status from the error code and - // process accordingly. - private static short buildErrorStatus(short err) { - short int32Ptr = KMInteger.instance((short) 4); - short powerResetStatus = 0; - if (repository.isPowerResetEventOccurred()) { - powerResetStatus = POWER_RESET_MASK_FLAG; - } - - Util.setShort(KMInteger.cast(int32Ptr).getBuffer(), - KMInteger.cast(int32Ptr).getStartOff(), - powerResetStatus); - - Util.setShort(KMInteger.cast(int32Ptr).getBuffer(), - (short) (KMInteger.cast(int32Ptr).getStartOff() + 2), - err); - - // reset power reset status flag to its default value. - repository.restorePowerResetStatus(); - return int32Ptr; - } - - private static void sendError(APDU apdu, short err) { - bufferProp[BUF_START_OFFSET] = repository.alloc((short) 5); - short int32Ptr = buildErrorStatus(err); - bufferProp[BUF_LEN_OFFSET] = encoder.encodeError(int32Ptr, (byte[]) bufferRef[0], - bufferProp[BUF_START_OFFSET], (short) 5); - sendOutgoing(apdu); - } - - private short addIntegers(short authTime, short timeStamp, byte[] scratchPad) { - Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 24, (byte) 0); - Util.arrayCopyNonAtomic( - KMInteger.cast(authTime).getBuffer(), - KMInteger.cast(authTime).getStartOff(), - scratchPad, - (short) (8 - KMInteger.cast(timeStamp).length()), - KMInteger.cast(timeStamp).length()); - - // Copy timestamp to scratchpad - Util.arrayCopyNonAtomic( - KMInteger.cast(timeStamp).getBuffer(), - KMInteger.cast(timeStamp).getStartOff(), - scratchPad, - (short) (16 - KMInteger.cast(timeStamp).length()), - KMInteger.cast(timeStamp).length()); - - // add authTime in millis to timestamp. - KMUtils.add(scratchPad, (short) 0, (short) 8, (short) 16); - return KMInteger.uint_64(scratchPad, (short) 16); - } - - private void updateTrustedConfirmationOperation(KMOperationState op) { - if (op.isTrustedConfirmationRequired()) { - op.getTrustedConfirmationSigner().update( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length()); - } - } - - private void finishTrustedConfirmationOperation(KMOperationState op) { - // Perform trusted confirmation if required - if (op.isTrustedConfirmationRequired()) { - tmpVariables[0] = - KMKeyParameters.findTag(KMType.BYTES_TAG, KMType.CONFIRMATION_TOKEN, data[KEY_PARAMETERS]); - if (tmpVariables[0] == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.NO_USER_CONFIRMATION); - } - tmpVariables[0] = KMByteTag.cast(tmpVariables[0]).getValue(); - boolean verified = - op.getTrustedConfirmationSigner().verify( - KMByteBlob.cast(data[INPUT_DATA]).getBuffer(), - KMByteBlob.cast(data[INPUT_DATA]).getStartOff(), - KMByteBlob.cast(data[INPUT_DATA]).length(), - KMByteBlob.cast(tmpVariables[0]).getBuffer(), - KMByteBlob.cast(tmpVariables[0]).getStartOff(), - KMByteBlob.cast(tmpVariables[0]).length()); - if (!verified) { - KMException.throwIt(KMError.NO_USER_CONFIRMATION); - } - } - } - -} diff --git a/Applet/src/com/android/javacard/keymaster/KMOperationState.java b/Applet/src/com/android/javacard/keymaster/KMOperationState.java deleted file mode 100644 index bfd67ceb..00000000 --- a/Applet/src/com/android/javacard/keymaster/KMOperationState.java +++ /dev/null @@ -1,334 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.keymaster; - -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.JCSystem; -import javacard.framework.Util; - -/** - * KMOperationState is the container of an active operation started by beginOperation function. This - * operation state is persisted by the applet in non volatile memory. However, this state is not - * retained if applet is upgraded. There will be four operation state records maintained i.e. only - * four active operations are supported at any given time. - */ -public class KMOperationState { - - public static final byte MAX_DATA = 63; - private static final byte OPERATION = 0; - private static final byte HMAC_SIGNER_OPERATION = 1; - private static final byte TRUE = 1; - private static final byte FALSE = 0; - // byte type - private static final byte ALG = 0; - private static final byte PURPOSE = 1; - private static final byte PADDING = 2; - private static final byte BLOCKMODE = 3; - private static final byte DIGEST = 4; - private static final byte FLAGS = 5; - private static final byte AUTH_TYPE = 6; - // short type - private static final byte KEY_SIZE = 7; - private static final byte MAC_LENGTH = 9; - // Handle - currently this is short - private static final byte OP_HANDLE = 11; - // Auth time 64 bits - private static final byte AUTH_TIME = 13; - // Secure user ids 5 * 8 = 40 bytes ( Considering Maximum 5 SECURE USER IDs) - // First two bytes are reserved to store number of secure ids. SO total 42 bytes. - private static final byte USER_SECURE_ID = 21; - // Flag masks - private static final byte AUTH_PER_OP_REQD = 1; - private static final byte SECURE_USER_ID_REQD = 2; - private static final byte AUTH_TIMEOUT_VALIDATED = 4; - private static final byte AES_GCM_UPDATE_ALLOWED = 8; - private static final byte MAX_SECURE_USER_IDS = 5; - - // Object References - private byte[] data; - private Object[] objRefs; - private static KMOperationState prototype; - private byte[] isDataUpdated; - - private KMOperationState() { - data = JCSystem.makeTransientByteArray(MAX_DATA, JCSystem.CLEAR_ON_RESET); - objRefs = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET); - isDataUpdated = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET); - } - - private static KMOperationState proto() { - if (prototype == null) { - prototype = new KMOperationState(); - } - return prototype; - } - - public static KMOperationState instance(short opHandle) { - KMOperationState opState = proto(); - opState.reset(); - Util.setShort(prototype.data, OP_HANDLE, opHandle); - return opState; - } - - public static KMOperationState read(byte[] oprHandle, short off, byte[] data, short dataOff, Object opr, Object hmacSignerOpr) { - KMOperationState opState = proto(); - opState.reset(); - Util.arrayCopyNonAtomic(data, dataOff, prototype.data, (short) 0, (short) prototype.data.length); - prototype.objRefs[OPERATION] = opr; - prototype.objRefs[HMAC_SIGNER_OPERATION] = hmacSignerOpr; - Util.setShort(prototype.data, OP_HANDLE, KMInteger.uint_64(oprHandle, off)); - return opState; - } - - public void persist() { - if (FALSE == isDataUpdated[0]) { - return; - } - KMRepository.instance().persistOperation(data, - Util.getShort(data, OP_HANDLE), - (KMOperation) objRefs[OPERATION], - (KMOperation) objRefs[HMAC_SIGNER_OPERATION]); - isDataUpdated[0] = FALSE; - } - - public void setKeySize(short keySize) { - Util.setShort(data, KEY_SIZE, keySize); - } - - public short getKeySize() { - return Util.getShort(data, KEY_SIZE); - } - - public void reset() { - isDataUpdated[0] = FALSE; - objRefs[OPERATION] = null; - objRefs[HMAC_SIGNER_OPERATION] = null; - Util.arrayFillNonAtomic( - data, (short) 0, (short) data.length, (byte) 0); - } - - private void dataUpdated() { - isDataUpdated[0] = TRUE; - } - - public void release() { - if (objRefs[OPERATION] != null) { - ((KMOperation) objRefs[OPERATION]).abort(); - } - if (objRefs[HMAC_SIGNER_OPERATION] != null) { - ((KMOperation) objRefs[HMAC_SIGNER_OPERATION]).abort(); - } - reset(); - } - - public short getHandle() { - return Util.getShort(data, OP_HANDLE); - } - - public short getPurpose() { - return data[PURPOSE]; - } - - public void setPurpose(byte purpose) { - data[PURPOSE] = purpose; - dataUpdated(); - } - - public void setOperation(KMOperation opr) { - objRefs[OPERATION] = opr; - dataUpdated(); - persist(); - } - - public KMOperation getOperation() { - return (KMOperation) objRefs[OPERATION]; - } - - public boolean isAuthPerOperationReqd() { - return (data[FLAGS] & AUTH_PER_OP_REQD) != 0; - } - - public boolean isAuthTimeoutValidated() { - return (data[FLAGS] & AUTH_TIMEOUT_VALIDATED) != 0; - } - - public boolean isSecureUserIdReqd() { - return (data[FLAGS] & SECURE_USER_ID_REQD) != 0; - } - - public short getAuthTime() { - return KMInteger.uint_64(data, (short) AUTH_TIME); - } - - public void setAuthTime(byte[] timeBuf, short start) { - Util.arrayCopyNonAtomic(timeBuf, start, data, (short) AUTH_TIME, (short) 8); - dataUpdated(); - } - - public void setAuthType(byte authType) { - data[AUTH_TYPE] = authType; - dataUpdated(); - } - - public short getAuthType() { - return data[AUTH_TYPE]; - } - - public short getUserSecureId() { - short offset = USER_SECURE_ID; - short length = Util.getShort(data, USER_SECURE_ID); - if (length == 0) { - return KMType.INVALID_VALUE; - } - short arrObj = KMArray.instance(length); - short index = 0; - short obj; - offset = (short) (2 + USER_SECURE_ID); - while (index < length) { - obj = KMInteger.instance(data, (short) (offset + index * 8), (short) 8); - KMArray.cast(arrObj).add(index, obj); - index++; - } - return KMIntegerArrayTag.instance(KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, arrObj); - } - - public void setUserSecureId(short integerArrayPtr) { - short length = KMIntegerArrayTag.cast(integerArrayPtr).length(); - if (length > MAX_SECURE_USER_IDS) { - KMException.throwIt(KMError.INVALID_KEY_BLOB); - } - Util.arrayFillNonAtomic(data, USER_SECURE_ID, (short) (MAX_SECURE_USER_IDS * 8) , (byte) 0); - short index = 0; - short obj; - short offset = USER_SECURE_ID; - Util.setShort(data, offset, length); - offset += 2; - while (index < length) { - obj = KMIntegerArrayTag.cast(integerArrayPtr).get(index); - Util.arrayCopyNonAtomic( - KMInteger.cast(obj).getBuffer(), - KMInteger.cast(obj).getStartOff(), - data, - (short) (8 - KMInteger.cast(obj).length() + offset + 8 * index), - KMInteger.cast(obj).length() - ); - index++; - } - dataUpdated(); - } - - public void setOneTimeAuthReqd(boolean flag) { - if (flag) { - data[FLAGS] = (byte) (data[FLAGS] | SECURE_USER_ID_REQD); - } else { - data[FLAGS] = (byte) (data[FLAGS] & (~SECURE_USER_ID_REQD)); - } - dataUpdated(); - } - - public void setAuthTimeoutValidated(boolean flag) { - if (flag) { - data[FLAGS] = (byte) (data[FLAGS] | AUTH_TIMEOUT_VALIDATED); - } else { - data[FLAGS] = (byte) (data[FLAGS] & (~AUTH_TIMEOUT_VALIDATED)); - } - dataUpdated(); - } - - public void setAuthPerOperationReqd(boolean flag) { - if (flag) { - data[FLAGS] = (byte) (data[FLAGS] | AUTH_PER_OP_REQD); - } else { - data[FLAGS] = (byte) (data[FLAGS] & (~AUTH_PER_OP_REQD)); - } - dataUpdated(); - } - - public byte getAlgorithm() { - return data[ALG]; - } - - public void setAlgorithm(byte algorithm) { - data[ALG] = algorithm; - dataUpdated(); - } - - public byte getPadding() { - return data[PADDING]; - } - - public void setPadding(byte padding) { - data[PADDING] = padding; - dataUpdated(); - } - - public byte getBlockMode() { - return data[BLOCKMODE]; - } - - public void setBlockMode(byte blockMode) { - data[BLOCKMODE] = blockMode; - dataUpdated(); - } - - public byte getDigest() { - return data[DIGEST]; - } - - public void setDigest(byte digest) { - data[DIGEST] = digest; - dataUpdated(); - } - - public boolean isAesGcmUpdateAllowed() { - return (data[FLAGS] & AES_GCM_UPDATE_ALLOWED) != 0; - } - - public void setAesGcmUpdateComplete() { - data[FLAGS] = (byte) (data[FLAGS] & (~AES_GCM_UPDATE_ALLOWED)); - dataUpdated(); - } - - public void setAesGcmUpdateStart() { - data[FLAGS] = (byte) (data[FLAGS] | AES_GCM_UPDATE_ALLOWED); - dataUpdated(); - } - - public void setMacLength(short length) { - Util.setShort(data, MAC_LENGTH, length); - dataUpdated(); - } - - public short getMacLength() { - return Util.getShort(data, MAC_LENGTH); - } - - public void setTrustedConfirmationSigner(KMOperation hmacSignerOp) { - objRefs[HMAC_SIGNER_OPERATION] = hmacSignerOp; - dataUpdated(); - } - - public KMOperation getTrustedConfirmationSigner() { - return (KMOperation)objRefs[HMAC_SIGNER_OPERATION]; - } - - public boolean isTrustedConfirmationRequired() { - return objRefs[HMAC_SIGNER_OPERATION] != null; - } - -} diff --git a/Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java b/Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java deleted file mode 100644 index 7bf5bb4b..00000000 --- a/Applet/src/com/android/javacard/keymaster/KMPKCS8Decoder.java +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" (short)0IS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package com.android.javacard.keymaster; - -public interface KMPKCS8Decoder { - - /** - * Decodes the PKCS8 encoded RSA Key and extracts the private and public key - * - * @param Instance of the PKCS8 encoded data - * @return Instance of KMArray holding RSA public key, RSA private key and modulus. - */ - short decodeRsa(short blob); - - /** - * Decodes the PKCS8 encoded EC Key and extracts the private and public key - * - * @param Instance of the PKCS8 encoded data. - * @return Instance of KMArray holding EC public key and EC private key. - */ - short decodeEc(short blob); - -} diff --git a/Applet/src/com/android/javacard/keymaster/KMRepository.java b/Applet/src/com/android/javacard/keymaster/KMRepository.java deleted file mode 100644 index 1cfe8ef9..00000000 --- a/Applet/src/com/android/javacard/keymaster/KMRepository.java +++ /dev/null @@ -1,1022 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.keymaster; - -import org.globalplatform.upgrade.Element; - -import javacard.framework.ISO7816; -import javacard.framework.ISOException; -import javacard.framework.JCSystem; -import javacard.framework.Util; - -/** - * KMRepository class manages persistent and volatile memory usage by the applet. Note the - * repository is only used by applet and it is not intended to be used by seProvider. - */ -public class KMRepository implements KMUpgradable { - - // Data table configuration - public static final short DATA_INDEX_SIZE = 33; - public static final short DATA_INDEX_ENTRY_SIZE = 4; - public static final short DATA_MEM_SIZE = 2048; - public static final short HEAP_SIZE = 10000; - public static final short DATA_INDEX_ENTRY_LENGTH = 0; - public static final short DATA_INDEX_ENTRY_OFFSET = 2; - public static final short OPERATION_HANDLE_SIZE = 8; /* 8 bytes */ - private static final short OPERATION_HANDLE_STATUS_OFFSET = 0; - private static final short OPERATION_HANDLE_STATUS_SIZE = 1; - private static final short OPERATION_HANDLE_OFFSET = 1; - private static final short OPERATION_HANDLE_ENTRY_SIZE = - OPERATION_HANDLE_SIZE + OPERATION_HANDLE_STATUS_SIZE; - private static final byte POWER_RESET_STATUS_FLAG = (byte) 0xEF; - - // Data table offsets - public static final byte ATT_ID_BRAND = 0; - public static final byte ATT_ID_DEVICE = 1; - public static final byte ATT_ID_PRODUCT = 2; - public static final byte ATT_ID_SERIAL = 3; - public static final byte ATT_ID_IMEI = 4; - public static final byte ATT_ID_MEID = 5; - public static final byte ATT_ID_MANUFACTURER = 6; - public static final byte ATT_ID_MODEL = 7; - public static final byte COMPUTED_HMAC_KEY = 8; - public static final byte HMAC_NONCE = 9; - public static final byte CERT_ISSUER = 10; - public static final byte CERT_EXPIRY_TIME = 11; - public static final byte BOOT_OS_VERSION = 12; - public static final byte BOOT_OS_PATCH_LEVEL = 13; - public static final byte VENDOR_PATCH_LEVEL = 14; - public static final byte BOOT_PATCH_LEVEL = 15; - public static final byte BOOT_VERIFIED_BOOT_KEY = 16; - public static final byte BOOT_VERIFIED_BOOT_HASH = 17; - public static final byte BOOT_VERIFIED_BOOT_STATE = 18; - public static final byte BOOT_DEVICE_LOCKED_STATUS = 19; - public static final byte DEVICE_LOCKED_TIME = 20; - public static final byte DEVICE_LOCKED = 21; - public static final byte DEVICE_LOCKED_PASSWORD_ONLY = 22; - // Total 8 auth tags, so the next offset is AUTH_TAG_1 + 8 - public static final byte AUTH_TAG_1 = 23; - public static final byte BOOT_ENDED_STATUS = 31; - public static final byte EARLY_BOOT_ENDED_STATUS = 32; - - // Data Item sizes - public static final short MASTER_KEY_SIZE = 16; - public static final short SHARED_SECRET_KEY_SIZE = 32; - public static final short HMAC_SEED_NONCE_SIZE = 32; - public static final short COMPUTED_HMAC_KEY_SIZE = 32; - public static final short OS_VERSION_SIZE = 4; - public static final short OS_PATCH_SIZE = 4; - public static final short VENDOR_PATCH_SIZE = 4; - public static final short BOOT_PATCH_SIZE = 4; - public static final short DEVICE_LOCK_TS_SIZE = 8; - public static final short BOOT_DEVICE_LOCK_FLAG_SIZE = 1; - public static final short DEVICE_LOCKED_FLAG_SIZE = 1; - public static final short DEVICE_LOCKED_PASSWORD_ONLY_SIZE = 1; - public static final short BOOT_STATE_SIZE = 1; - public static final short MAX_OPS = 4; - public static final byte BOOT_KEY_MAX_SIZE = 32; - public static final byte BOOT_HASH_MAX_SIZE = 32; - public static final short MAX_BLOB_STORAGE = 8; - public static final short AUTH_TAG_LENGTH = 16; - public static final short AUTH_TAG_COUNTER_SIZE = 4; - public static final short AUTH_TAG_ENTRY_SIZE = (AUTH_TAG_LENGTH + AUTH_TAG_COUNTER_SIZE + 1); - public static final short BOOT_ENDED_FLAG_SIZE = 1; - public static final short EARLY_BOOT_ENDED_FLAG_SIZE = 1; - private static final byte[] zero = {0, 0, 0, 0, 0, 0, 0, 0}; - - // Buffer type - public static final byte DEFAULT_BUF_TYPE = 0; - public static final byte ATTEST_IDS_BUF_TYPE = 1; - - // Class Attributes - private Object[] operationStateTable; - private byte[] heap; - private short[] heapIndex; - private byte[] dataTable; - private short dataIndex; - private short[] reclaimIndex; - private short attestIdsIndex; - // This variable is used to monitor the power reset status as the Applet does not get - // any power reset event. Initially the value of this variable is set to POWER_RESET_STATUS_FLAG. - // If the power reset happens then this value becomes 0. - private byte[] powerResetStatus; - - // Operation table. - private static final short OPER_TABLE_DATA_OFFSET = 0; - private static final short OPER_TABLE_OPR_OFFSET = 1; - private static final short OPER_TABLE_HMAC_SIGNER_OPR_OFFSET = 2; - private static final short OPER_DATA_LEN = OPERATION_HANDLE_ENTRY_SIZE + KMOperationState.MAX_DATA; - private static final short DATA_ARRAY_LENGTH = MAX_OPS * OPER_DATA_LEN; - - - // Singleton instance - private static KMRepository repository; - - public static KMRepository instance() { - return repository; - } - - public KMRepository(boolean isUpgrading) { - heap = JCSystem.makeTransientByteArray(HEAP_SIZE, JCSystem.CLEAR_ON_RESET); - heapIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET); - reclaimIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET); - powerResetStatus = JCSystem.makeTransientByteArray((short) 1, JCSystem.CLEAR_ON_RESET); - heapIndex[0] = (short) 0; - reclaimIndex[0] = HEAP_SIZE; - powerResetStatus[0] = POWER_RESET_STATUS_FLAG; - newDataTable(isUpgrading); - - operationStateTable = new Object[3]; - operationStateTable[0] = JCSystem.makeTransientByteArray(DATA_ARRAY_LENGTH, JCSystem.CLEAR_ON_RESET); - operationStateTable[1] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET); - operationStateTable[2] = JCSystem.makeTransientObjectArray(MAX_OPS, JCSystem.CLEAR_ON_RESET); - - //Initialize the device locked status - if (!isUpgrading) { - setDeviceLock(false); - setDeviceLockPasswordOnly(false); - } else { - // In case of upgrade, the applet is deleted and installed again so all - // volatile memory is erased. so it is necessary to force the power reset flag - // to 0 so that the HAL can clear its operation state. - powerResetStatus[0] = (byte) 0; - } - repository = this; - } - - // This function checks if card reset event occurred and this function - // should only be called before processing any of the APUs. - // Transient memory is cleared in two cases: - // 1. Card reset event - // 2. Applet upgrade. - public boolean isPowerResetEventOccurred() { - if (powerResetStatus[0] == POWER_RESET_STATUS_FLAG) { - return false; - } - return true; - } - - /** - * This function sets the power reset status flag to its - * default value. - */ - public void restorePowerResetStatus() { - powerResetStatus[0] = POWER_RESET_STATUS_FLAG; - } - - public void getOperationHandle(short oprHandle, byte[] buf, short off, short len) { - if (KMInteger.cast(oprHandle).length() != OPERATION_HANDLE_SIZE) { - KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); - } - KMInteger.cast(oprHandle).getValue(buf, off, len); - } - - public KMOperationState findOperation(byte[] buf, short off, short len) { - short index = 0; - byte[] oprTableData; - short offset = 0; - oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET]; - Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET]; - Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET]; - while (index < MAX_OPS) { - offset = (short) (index * OPER_DATA_LEN); - if (0 == Util.arrayCompare(buf, off, oprTableData, (short) (offset + OPERATION_HANDLE_OFFSET), len)) { - return KMOperationState.read(oprTableData, (short) (offset + OPERATION_HANDLE_OFFSET), oprTableData, - (short) (offset + OPERATION_HANDLE_ENTRY_SIZE), - operations[index], hmacSignerOprs[index]); - } - index++; - } - return null; - } - - /* operationHandle is a KMInteger */ - public KMOperationState findOperation(short operationHandle) { - short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); - getOperationHandle( - operationHandle, - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); - return findOperation( - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); - } - - /* opHandle is a KMInteger */ - public KMOperationState reserveOperation(short opHandle) { - short index = 0; - byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET]; - short offset = 0; - while (index < MAX_OPS) { - offset = (short) (index * OPER_DATA_LEN); - /* Check for unreserved operation state */ - if (oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] == 0) { - return KMOperationState.instance(opHandle); - } - index++; - } - return null; - } - - public void persistOperation(byte[] data, short opHandle, KMOperation op, KMOperation hmacSignerOp) { - short index = 0; - byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET]; - Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET]; - Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET]; - short offset = 0; - short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); - getOperationHandle( - opHandle, - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); - //Update an existing operation state. - while (index < MAX_OPS) { - offset = (short) (index * OPER_DATA_LEN); - if ((1 == oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)]) - && (0 == Util.arrayCompare( - oprTableData, - (short) (offset + OPERATION_HANDLE_OFFSET), - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()))) { - Util.arrayCopyNonAtomic(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE), - KMOperationState.MAX_DATA); - operations[index] = op; - hmacSignerOprs[index] = hmacSignerOp; - return; - } - index++; - } - - index = 0; - //Persist a new operation. - while (index < MAX_OPS) { - offset = (short) (index * OPER_DATA_LEN); - if (0 == oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)]) { - oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] = 1;/*reserved */ - Util.arrayCopyNonAtomic( - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - oprTableData, - (short) (offset + OPERATION_HANDLE_OFFSET), - OPERATION_HANDLE_SIZE); - Util.arrayCopyNonAtomic(data, (short) 0, oprTableData, (short) (offset + OPERATION_HANDLE_ENTRY_SIZE), - KMOperationState.MAX_DATA); - operations[index] = op; - hmacSignerOprs[index] = hmacSignerOp; - break; - } - index++; - } - } - - public void releaseOperation(KMOperationState op) { - short index = 0; - byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET]; - Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET]; - Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET]; - short offset = 0; - short buf = KMByteBlob.instance(OPERATION_HANDLE_SIZE); - getOperationHandle( - op.getHandle(), - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()); - while (index < MAX_OPS) { - offset = (short) (index * OPER_DATA_LEN); - if ((oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] == 1) && - (0 == Util.arrayCompare(oprTableData, - (short) (offset + OPERATION_HANDLE_OFFSET), - KMByteBlob.cast(buf).getBuffer(), - KMByteBlob.cast(buf).getStartOff(), - KMByteBlob.cast(buf).length()))) { - Util.arrayFillNonAtomic(oprTableData, offset, OPER_DATA_LEN, (byte) 0); - op.release(); - operations[index] = null; - hmacSignerOprs[index] = null; - break; - } - index++; - } - } - - public void releaseAllOperations() { - short index = 0; - byte[] oprTableData = (byte[]) operationStateTable[OPER_TABLE_DATA_OFFSET]; - Object[] operations = (Object[]) operationStateTable[OPER_TABLE_OPR_OFFSET]; - Object[] hmacSignerOprs = (Object[]) operationStateTable[OPER_TABLE_HMAC_SIGNER_OPR_OFFSET]; - - short offset = 0; - while (index < MAX_OPS) { - offset = (short) (index * OPER_DATA_LEN); - if (oprTableData[(short) (offset + OPERATION_HANDLE_STATUS_OFFSET)] == 1) { - Util.arrayFillNonAtomic(oprTableData, offset, OPER_DATA_LEN, (byte) 0); - if (operations[index] != null) { - ((KMOperation) operations[index]).abort(); - operations[index] = null; - } - if (hmacSignerOprs[index] != null) { - ((KMOperation) hmacSignerOprs[index]).abort(); - hmacSignerOprs[index] = null; - } - } - index++; - } - } - - public void initHmacNonce(byte[] nonce, short offset, short len) { - if (len != HMAC_SEED_NONCE_SIZE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - writeDataEntry(HMAC_NONCE, nonce, offset, len); - } - - public void clearHmacNonce() { - clearDataEntry(HMAC_NONCE); - } - - public void onUninstall() { - // Javacard Runtime environment cleans up the data. - - } - - public void onProcess() { - } - - public void clean() { - Util.arrayFillNonAtomic(heap, (short) 0, heapIndex[0], (byte) 0); - heapIndex[0] = (short) 0; - reclaimIndex[0] = HEAP_SIZE; - } - - public void onDeselect() { - } - - public void onSelect() { - // If write through caching is implemented then this method will restore the data into cache - } - - // This function uses memory from the back of the heap(transient memory). Call - // reclaimMemory function immediately after the use. - public short allocReclaimableMemory(short length) { - if ((((short) (reclaimIndex[0] - length)) <= heapIndex[0]) - || (length >= HEAP_SIZE / 2)) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - reclaimIndex[0] -= length; - return reclaimIndex[0]; - } - - // Reclaims the memory back. - public void reclaimMemory(short length) { - if (reclaimIndex[0] < heapIndex[0]) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - reclaimIndex[0] += length; - } - - public short allocAvailableMemory() { - if (heapIndex[0] >= heap.length) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - short index = heapIndex[0]; - heapIndex[0] = (short) heap.length; - return index; - } - - public short alloc(short length) { - if (length < 0) { - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - } - if ((((short) (heapIndex[0] + length)) > heap.length) || - (((short) (heapIndex[0] + length)) > reclaimIndex[0])) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - heapIndex[0] += length; - return (short) (heapIndex[0] - length); - } - - private short dataAlloc(byte bufType, short length) { - short maxSize = getMaxLimitSize(bufType); - short dataIndex = getDataTableIndex(bufType); - if (length < 0) { - ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); - } - if (((short) (dataIndex + length)) > maxSize) { - ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); - } - dataIndex += length; - setDataTableIndex(bufType, dataIndex); - return (short) (dataIndex - length); - } - - private short getDataTableIndex(byte bufType) { - if (bufType == ATTEST_IDS_BUF_TYPE) { - return this.attestIdsIndex; - } else { - return this.dataIndex; - } - } - - private void setDataTableIndex(byte bufType, short index) { - if (bufType == ATTEST_IDS_BUF_TYPE) { - JCSystem.beginTransaction(); - this.attestIdsIndex = index; - JCSystem.commitTransaction(); - } else { - JCSystem.beginTransaction(); - this.dataIndex = index; - JCSystem.commitTransaction(); - } - } - - private short getMaxLimitSize(byte bufType) { - if (bufType == ATTEST_IDS_BUF_TYPE) { - return (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE + KMConfigurations.TOTAL_ATTEST_IDS_SIZE); - } else { // Default buf type. - return (short) dataTable.length; - } - } - - private void newDataTable(boolean isUpgrading) { - if (!isUpgrading) { - if (dataTable == null) { - dataTable = new byte[DATA_MEM_SIZE]; - attestIdsIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE); - dataIndex = (short) (attestIdsIndex + KMConfigurations.TOTAL_ATTEST_IDS_SIZE); - } - } - } - - public byte[] getDataTable() { - return dataTable; - } - - private void clearDataEntry(short id) { - id = (short) (id * DATA_INDEX_ENTRY_SIZE); - short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); - if (dataLen != 0) { - short dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)); - JCSystem.beginTransaction(); - Util.arrayFillNonAtomic(dataTable, dataPtr, dataLen, (byte) 0); - JCSystem.commitTransaction(); - } - } - - private void writeDataEntry(short id, byte[] buf, short offset, short len) { - writeDataEntry(DEFAULT_BUF_TYPE, id, buf, offset, len); - } - - private short readDataEntry(short id, byte[] buf, short offset) { - id = (short) (id * DATA_INDEX_ENTRY_SIZE); - short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); - if (len != 0) { - Util.arrayCopyNonAtomic( - dataTable, - Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)), - buf, - offset, - len); - } - return len; - } - - private void writeDataEntry(byte bufType, short id, byte[] buf, short offset, short len) { - short dataPtr; - id = (short) (id * DATA_INDEX_ENTRY_SIZE); - short dataLen = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); - if (dataLen == 0) { - dataPtr = dataAlloc(bufType, len); - // Begin Transaction - JCSystem.beginTransaction(); - Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET), dataPtr); - Util.setShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH), len); - Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len); - JCSystem.commitTransaction(); - // End Transaction - } else { - if (len != dataLen) { - KMException.throwIt(KMError.UNKNOWN_ERROR); - } - dataPtr = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)); - // Begin Transaction - JCSystem.beginTransaction(); - Util.arrayCopyNonAtomic(buf, offset, dataTable, dataPtr, len); - JCSystem.commitTransaction(); - // End Transaction - } - } - - private short dataLength(short id) { - id = (short) (id * DATA_INDEX_ENTRY_SIZE); - return Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); - } - - public byte[] getHeap() { - return heap; - } - - public short getHmacNonce() { - return readData(HMAC_NONCE); - } - - public short getComputedHmacKey() { - return readData(COMPUTED_HMAC_KEY); - } - - public void persistAttId(byte id, byte[] buf, short start, short len) { - writeDataEntry(ATTEST_IDS_BUF_TYPE, id, buf, start, len); - } - - public short getAttId(byte id) { - return readData(id); - } - - public void deleteAttIds() { - JCSystem.beginTransaction(); - attestIdsIndex = (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE); - Util.arrayFillNonAtomic(dataTable, attestIdsIndex, KMConfigurations.TOTAL_ATTEST_IDS_SIZE, (byte) 0); - JCSystem.commitTransaction(); - } - - public short getIssuer() { - return readData(CERT_ISSUER); - } - - public short readData(short id) { - short len = dataLength(id); - if (len != 0) { - short blob = KMByteBlob.instance(len); - readDataEntry(id, KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - return blob; - } - return KMType.INVALID_VALUE; - } - - public short readData(byte[] dataTable, short id, byte[] buf, short startOff, short bufLen) { - id = (short) (id * DATA_INDEX_ENTRY_SIZE); - short len = Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_LENGTH)); - if (len > bufLen) { - return KMType.INVALID_VALUE; - } - if (len != 0) { - Util.arrayCopyNonAtomic( - dataTable, - Util.getShort(dataTable, (short) (id + DATA_INDEX_ENTRY_OFFSET)), - buf, - startOff, - len); - } - return len; - } - - public short getCertExpiryTime() { - return readData(CERT_EXPIRY_TIME); - } - - public short getOsVersion() { - short blob = readData(BOOT_OS_VERSION); - if (blob != KMType.INVALID_VALUE) { - return KMInteger.uint_32( - KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - } else { - return KMInteger.uint_32(zero, (short) 0); - } - } - - public short getVendorPatchLevel() { - short blob = readData(VENDOR_PATCH_LEVEL); - if (blob != KMType.INVALID_VALUE) { - return KMInteger.uint_32( - KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - } else { - return KMInteger.uint_32(zero, (short) 0); - } - } - - public short getBootPatchLevel() { - short blob = readData(BOOT_PATCH_LEVEL); - if (blob != KMType.INVALID_VALUE) { - return KMInteger.uint_32( - KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - } else { - return KMInteger.uint_32(zero, (short) 0); - } - } - - public short getOsPatch() { - short blob = readData(BOOT_OS_PATCH_LEVEL); - if (blob != KMType.INVALID_VALUE) { - return KMInteger.uint_32( - KMByteBlob.cast(blob).getBuffer(), KMByteBlob.cast(blob).getStartOff()); - } else { - return KMInteger.uint_32(zero, (short) 0); - } - } - - public short readROT() { - short totalLength = 0; - short length = dataLength(BOOT_VERIFIED_BOOT_KEY); - if (length == 0) { - return KMType.INVALID_VALUE; - } - totalLength += length; - if ((length = dataLength(BOOT_VERIFIED_BOOT_HASH)) == 0) { - return KMType.INVALID_VALUE; - } - totalLength += length; - if ((length = dataLength(BOOT_VERIFIED_BOOT_STATE)) == 0) { - return KMType.INVALID_VALUE; - } - totalLength += length; - if ((length = dataLength(BOOT_DEVICE_LOCKED_STATUS)) == 0) { - return KMType.INVALID_VALUE; - } - totalLength += length; - - short blob = KMByteBlob.instance(totalLength); - length = readDataEntry(BOOT_VERIFIED_BOOT_KEY, KMByteBlob.cast(blob) - .getBuffer(), KMByteBlob.cast(blob).getStartOff()); - - length += readDataEntry(BOOT_VERIFIED_BOOT_HASH, KMByteBlob.cast(blob) - .getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length)); - - length += readDataEntry(BOOT_VERIFIED_BOOT_STATE, KMByteBlob.cast(blob) - .getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length)); - - readDataEntry(BOOT_DEVICE_LOCKED_STATUS, KMByteBlob.cast(blob) - .getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + length)); - return blob; - } - - public short getVerifiedBootKey() { - return readData(BOOT_VERIFIED_BOOT_KEY); - } - - public short getVerifiedBootHash() { - return readData(BOOT_VERIFIED_BOOT_HASH); - } - - public boolean getBootLoaderLock() { - short blob = readData(BOOT_DEVICE_LOCKED_STATUS); - if (blob == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_DATA); - } - return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01; - } - - public byte getBootState() { - short blob = readData(BOOT_VERIFIED_BOOT_STATE); - if (blob == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_DATA); - } - return (getHeap())[KMByteBlob.cast(blob).getStartOff()]; - } - - public boolean getDeviceLock() { - short blob = readData(DEVICE_LOCKED); - if (blob == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_DATA); - } - return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01; - } - - public boolean getDeviceLockPasswordOnly() { - short blob = readData(DEVICE_LOCKED_PASSWORD_ONLY); - if (blob == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_DATA); - } - return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01; - } - - public short getDeviceTimeStamp() { - short blob = readData(DEVICE_LOCKED_TIME); - if (blob != KMType.INVALID_VALUE) { - return KMInteger.uint_64(KMByteBlob.cast(blob).getBuffer(), - KMByteBlob.cast(blob).getStartOff()); - } else { - return KMInteger.uint_64(zero, (short) 0); - } - } - - public void setOsVersion(byte[] buf, short start, short len) { - if (len != OS_VERSION_SIZE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - writeDataEntry(BOOT_OS_VERSION, buf, start, len); - } - - public void setVendorPatchLevel(byte[] buf, short start, short len) { - if (len != VENDOR_PATCH_SIZE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - writeDataEntry(VENDOR_PATCH_LEVEL, buf, start, len); - } - - public void setBootPatchLevel(byte[] buf, short start, short len) { - if (len != BOOT_PATCH_SIZE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - writeDataEntry(BOOT_PATCH_LEVEL, buf, start, len); - } - - public void clearAndroidSystemProperties() { - clearDataEntry(BOOT_OS_VERSION); - clearDataEntry(BOOT_OS_PATCH_LEVEL); - clearDataEntry(VENDOR_PATCH_LEVEL); - // Don't clear BOOT_PATCH_LEVEL as it is part of - // boot parameters. - } - - public void setBootloaderLocked(boolean flag) { - short start = alloc(BOOT_DEVICE_LOCK_FLAG_SIZE); - if (flag) { - (getHeap())[start] = (byte) 0x01; - } else { - (getHeap())[start] = (byte) 0x00; - } - writeDataEntry(BOOT_DEVICE_LOCKED_STATUS, getHeap(), start, BOOT_DEVICE_LOCK_FLAG_SIZE); - } - - public void setDeviceLock(boolean flag) { - short start = alloc(DEVICE_LOCKED_FLAG_SIZE); - if (flag) { - (getHeap())[start] = (byte) 0x01; - } else { - (getHeap())[start] = (byte) 0x00; - } - writeDataEntry(DEVICE_LOCKED, getHeap(), start, DEVICE_LOCKED_FLAG_SIZE); - } - - public void setDeviceLockPasswordOnly(boolean flag) { - short start = alloc(DEVICE_LOCKED_PASSWORD_ONLY_SIZE); - if (flag) { - (getHeap())[start] = (byte) 0x01; - } else { - (getHeap())[start] = (byte) 0x00; - } - writeDataEntry(DEVICE_LOCKED_PASSWORD_ONLY, getHeap(), start, DEVICE_LOCKED_PASSWORD_ONLY_SIZE); - } - - public void setDeviceLockTimestamp(byte[] buf, short start, short len) { - if (len != DEVICE_LOCK_TS_SIZE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - writeDataEntry(DEVICE_LOCKED_TIME, buf, start, len); - } - - public void clearDeviceLockTimeStamp() { - clearDataEntry(DEVICE_LOCKED_TIME); - } - - public void setOsPatch(byte[] buf, short start, short len) { - if (len != OS_PATCH_SIZE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - writeDataEntry(BOOT_OS_PATCH_LEVEL, buf, start, len); - } - - public void setVerifiedBootKey(byte[] buf, short start, short len) { - if (len > BOOT_KEY_MAX_SIZE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - writeDataEntry(BOOT_VERIFIED_BOOT_KEY, buf, start, len); - } - - - public void setVerifiedBootHash(byte[] buf, short start, short len) { - if (len > BOOT_HASH_MAX_SIZE) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - writeDataEntry(BOOT_VERIFIED_BOOT_HASH, buf, start, len); - } - - public void setBootState(byte state) { - short start = alloc(BOOT_STATE_SIZE); - (getHeap())[start] = state; - writeDataEntry(BOOT_VERIFIED_BOOT_STATE, getHeap(), start, BOOT_STATE_SIZE); - } - - private boolean isAuthTagSlotAvailable(short tagId, byte[] buf, short offset) { - readDataEntry(tagId, buf, offset); - return (0 == buf[offset]); - } - - private void writeAuthTagState(byte[] buf, short offset, byte state) { - buf[offset] = state; - } - - public boolean persistAuthTag(short authTag) { - - if (KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - - short authTagEntry = alloc(AUTH_TAG_ENTRY_SIZE); - short scratchPadOff = alloc(AUTH_TAG_ENTRY_SIZE); - byte[] scratchPad = getHeap(); - writeAuthTagState(getHeap(), authTagEntry, (byte) 1); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(authTag).getBuffer(), - KMByteBlob.cast(authTag).getStartOff(), - getHeap(), (short) (authTagEntry + 1), AUTH_TAG_LENGTH); - Util.setShort(getHeap(), (short) (authTagEntry + AUTH_TAG_LENGTH + 1 + 2), - (short) 1); - short index = 0; - while (index < MAX_BLOB_STORAGE) { - if ((dataLength((short) (index + AUTH_TAG_1)) == 0) || - isAuthTagSlotAvailable((short) (index + AUTH_TAG_1), scratchPad, scratchPadOff)) { - - writeDataEntry((short) (index + AUTH_TAG_1), getHeap(), authTagEntry, AUTH_TAG_ENTRY_SIZE); - return true; - } - index++; - } - return false; - } - - public void removeAllAuthTags() { - short index = 0; - while (index < MAX_BLOB_STORAGE) { - clearDataEntry((short) (index + AUTH_TAG_1)); - index++; - } - } - - public boolean isAuthTagPersisted(short authTag) { - return (KMType.INVALID_VALUE != findTag(authTag)); - } - - private short findTag(short authTag) { - if (KMByteBlob.cast(authTag).length() != AUTH_TAG_LENGTH) { - KMException.throwIt(KMError.INVALID_INPUT_LENGTH); - } - short index = 0; - short found; - short offset = alloc(AUTH_TAG_ENTRY_SIZE); - while (index < MAX_BLOB_STORAGE) { - if (dataLength((short) (index + AUTH_TAG_1)) != 0) { - readDataEntry((short) (index + AUTH_TAG_1), - getHeap(), offset); - found = - Util.arrayCompare( - getHeap(), - (short) (offset + 1), - KMByteBlob.cast(authTag).getBuffer(), - KMByteBlob.cast(authTag).getStartOff(), - AUTH_TAG_LENGTH); - if (found == 0) { - return (short) (index + AUTH_TAG_1); - } - } - index++; - } - return KMType.INVALID_VALUE; - } - - public short getRateLimitedKeyCount(short authTag, byte[] out, short outOff) { - short tag = findTag(authTag); - short blob; - if (tag != KMType.INVALID_VALUE) { - blob = readData(tag); - Util.arrayCopyNonAtomic( - KMByteBlob.cast(blob).getBuffer(), - (short) (KMByteBlob.cast(blob).getStartOff() + AUTH_TAG_LENGTH + 1), - out, - outOff, - AUTH_TAG_COUNTER_SIZE); - return AUTH_TAG_COUNTER_SIZE; - } - return (short) 0; - } - - public void setRateLimitedKeyCount(short authTag, byte[] buf, short off, short len) { - short tag = findTag(authTag); - if (tag != KMType.INVALID_VALUE) { - short dataPtr = readData(tag); - Util.arrayCopyNonAtomic( - buf, - off, - KMByteBlob.cast(dataPtr).getBuffer(), - (short) (KMByteBlob.cast(dataPtr).getStartOff() + AUTH_TAG_LENGTH + 1), - len); - writeDataEntry(tag, - KMByteBlob.cast(dataPtr).getBuffer(), - KMByteBlob.cast(dataPtr).getStartOff(), - KMByteBlob.cast(dataPtr).length()); - } - } - - @Override - public void onSave(Element ele) { - ele.write(dataIndex); - ele.write(dataTable); - ele.write(attestIdsIndex); - } - - @Override - public void onRestore(Element ele, short oldVersion, short currentVersion) { - dataIndex = ele.readShort(); - dataTable = (byte[]) ele.readObject(); - if (oldVersion == 0) { - // Previous versions does not contain version information. - handleDataUpgradeToVersion2_0(); - } else { - attestIdsIndex = ele.readShort(); - } - } - - @Override - public short getBackupPrimitiveByteCount() { - // dataIndex - return (short) 4; - } - - @Override - public short getBackupObjectCount() { - // dataTable - return (short) 1; - } - - public boolean getBootEndedStatus() { - short blob = readData(BOOT_ENDED_STATUS); - if (blob == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_DATA); - } - return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01; - } - - public void setBootEndedStatus(boolean flag) { - short start = alloc(BOOT_ENDED_STATUS); - if (flag) { - (getHeap())[start] = (byte) 0x01; - } else { - (getHeap())[start] = (byte) 0x00; - } - writeDataEntry(BOOT_ENDED_STATUS, getHeap(), start, BOOT_ENDED_FLAG_SIZE); - } - - public boolean getEarlyBootEndedStatus() { - short blob = readData(EARLY_BOOT_ENDED_STATUS); - if (blob == KMType.INVALID_VALUE) { - KMException.throwIt(KMError.INVALID_DATA); - } - return (byte) ((getHeap())[KMByteBlob.cast(blob).getStartOff()]) == 0x01; - } - - public void setEarlyBootEndedStatus(boolean flag) { - short start = alloc(EARLY_BOOT_ENDED_STATUS); - if (flag) { - (getHeap())[start] = (byte) 0x01; - } else { - (getHeap())[start] = (byte) 0x00; - } - writeDataEntry(EARLY_BOOT_ENDED_STATUS, getHeap(), start, EARLY_BOOT_ENDED_FLAG_SIZE); - } - - public void handleDataUpgradeToVersion2_0() { - byte[] oldDataTable = dataTable; - dataTable = new byte[2048]; - attestIdsIndex = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE); - dataIndex = (short) (attestIdsIndex + KMConfigurations.TOTAL_ATTEST_IDS_SIZE); - // temp buffer. - short startOffset = alloc((short) 256); - - short index = ATT_ID_BRAND; - short len = 0; - while (index <= DEVICE_LOCKED) { - len = readData(oldDataTable, index, heap, startOffset, (short) 256); - writeDataEntry(index, heap, startOffset, len); - index++; - } - // set default values for the new IDS. - setDeviceLockPasswordOnly(false); - setBootEndedStatus(false); - setEarlyBootEndedStatus(false); - - // Request object deletion - oldDataTable = null; - JCSystem.requestObjectDeletion(); - } - -} diff --git a/Applet/src/com/android/javacard/keymaster/KMTag.java b/Applet/src/com/android/javacard/keymaster/KMTag.java deleted file mode 100644 index fa9bb38e..00000000 --- a/Applet/src/com/android/javacard/keymaster/KMTag.java +++ /dev/null @@ -1,39 +0,0 @@ -/* - * Copyright(C) 2020 The Android Open Source Project - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package com.android.javacard.keymaster; - -import javacard.framework.Util; - -/** - * This class represents a tag as defined by keymaster hal specifications. It is composed of key - * value pair. The key consists of short tag type e.g. KMType.ENUM and short tag key e.g. - * KMType.ALGORITHM. The key is encoded as uint CBOR type with 4 bytes. This is followed by value - * which can be any CBOR type based on key. struct{byte tag=KMType.TAG_TYPE, short length, value) - * where value is subtype of KMTag i.e. struct{short tagType=one of tag types declared in KMType , - * short tagKey=one of the tag keys declared in KMType, value} where value is one of the sub-types - * of KMType. - */ -public class KMTag extends KMType { - - public static short getTagType(short ptr) { - return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); - } - - public static short getKey(short ptr) { - return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2)); - } -} diff --git a/Applet/src/com/android/javacard/keymaster/KMArray.java b/Applet/src/com/android/javacard/kmdevice/KMArray.java similarity index 53% rename from Applet/src/com/android/javacard/keymaster/KMArray.java rename to Applet/src/com/android/javacard/kmdevice/KMArray.java index adf61723..dc7513a7 100644 --- a/Applet/src/com/android/javacard/keymaster/KMArray.java +++ b/Applet/src/com/android/javacard/kmdevice/KMArray.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -44,7 +44,7 @@ private static KMArray proto(short ptr) { if (prototype == null) { prototype = new KMArray(); } - instanceTable[KM_ARRAY_OFFSET] = ptr; + KMType.instanceTable[KM_ARRAY_OFFSET] = ptr; return prototype; } @@ -75,52 +75,122 @@ public static short instance(short length, byte type) { return ptr; } - public static KMArray cast(short ptr) { + private static KMArray cast(short ptr) { if (heap[ptr] != ARRAY_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } return proto(ptr); } - public void add(short index, short objPtr) { + private void add(short index, short objPtr) { short len = length(); if (index >= len) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } Util.setShort( - heap, - (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2)), - objPtr); + heap, + (short) (getStartOff() + (short) (index * 2)), + objPtr); } - - public void deleteLastEntry() { - short len = length(); - Util.setShort(heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + 2), (short) (len -1)); - } - - public short get(short index) { + private short get(short index) { short len = length(); if (index >= len) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } return Util.getShort( - heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) (index * 2))); + heap, (short) (getStartOff() + (short) (index * 2))); } - public short containedType() { - return Util.getShort(heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE)); + private void swap(short index1, short index2) { + short len = length(); + if (index1 >= len || index2 >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + short indexPtr1 = + Util.getShort( + heap, + (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + + (short) (index1 * 2))); + short indexPtr2 = + Util.getShort( + heap, + (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + + (short) (index2 * 2))); + Util.setShort( + heap, + (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) ( + index1 * 2)), + indexPtr2); + Util.setShort( + heap, + (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE + (short) ( + index2 * 2)), + indexPtr1); } - public short getStartOff() { - return (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE); + private short containedType() { + return Util.getShort(heap, (short) (KMType.instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE)); } - public short length() { - return Util.getShort(heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + 2)); + private short getStartOff() { + return (short) (KMType.instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + ARRAY_HEADER_SIZE); } - public byte[] getBuffer() { + private short length() { + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + private short setLength(short len) { + return Util.setShort(heap, + (short) (KMType.instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + 2), len); + } + + private byte[] getBuffer() { return heap; } + + private void deleteLastEntry() { + short len = length(); + Util.setShort(heap, (short) (instanceTable[KM_ARRAY_OFFSET] + TLV_HEADER_SIZE + 2), + (short) (len - 1)); + } + + public static void add(short bPtr, short index, short objPtr) { + KMArray.cast(bPtr).add(index, objPtr); + } + + public static short get(short bPtr, short index) { + return KMArray.cast(bPtr).get(index); + } + + public static void swap(short bPtr, short index1, short index2) { + KMArray.cast(bPtr).swap(index1, index2); + } + + public static short containedType(short bPtr) { + return KMArray.cast(bPtr).containedType(); + } + + public static short getStartOff(short bPtr) { + return KMArray.cast(bPtr).getStartOff(); + } + + public static short length(short bPtr) { + return KMArray.cast(bPtr).length(); + } + + public static short setLength(short bPtr, short len) { + return KMArray.cast(bPtr).setLength(len); + } + + public static byte[] getBuffer(short bPtr) { + return KMArray.cast(bPtr).getBuffer(); + } + + public static void deleteLastEntry(short bPtr) { + KMArray.cast(bPtr).deleteLastEntry(); + } + } diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java b/Applet/src/com/android/javacard/kmdevice/KMAttestationCert.java similarity index 79% rename from Applet/src/com/android/javacard/keymaster/KMAttestationCert.java rename to Applet/src/com/android/javacard/kmdevice/KMAttestationCert.java index 487dccc7..67abb60b 100644 --- a/Applet/src/com/android/javacard/keymaster/KMAttestationCert.java +++ b/Applet/src/com/android/javacard/kmdevice/KMAttestationCert.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; /** * The KMAttestationCert interface represents a X509 compliant attestation certificate required to @@ -60,7 +60,7 @@ public interface KMAttestationCert { * @param attestAppIdOff Start offset of the attestAppId buffer. * @param attestAppIdLen Length of the attestAppId buffer. * @param resetSinceIdRotation This holds the information of RESET_SINCE_ID_ROTATION. - * @param instance of the master key. + * @param masterKey instance of the KMMasterKey. * @return instance of KMAttestationCert. */ KMAttestationCert makeUniqueId(byte[] scratchpad, short scratchPadOff, byte[] creationTime, @@ -76,22 +76,18 @@ KMAttestationCert makeUniqueId(byte[] scratchpad, short scratchPadOff, byte[] cr * @param scratchpad Buffer to store intermediate results. * @return instance of KMAttestationCert. */ - KMAttestationCert notBefore(short obj, byte[] scratchpad); + KMAttestationCert notBefore(short obj, boolean derEncoded, byte[] scratchpad); /** * Set expiry time received from expiry time tag or ca certificates expiry time. Used for * certificate's valid period. * - * @param usageExpiryTimeObj This is a KMByteBlob containing expiry time. - * @param certExpirtyTimeObj This is a KMByteblob containing expirty time extracted from - * certificate. - * @param scratchpad Buffer to store intermediate results. - * @param offset Variable used to store intermediate results. + * @param usageExpiryTimeObj This is a KMByteBlob containing expiry time. certificate. + * @param scratchPad Buffer to store intermediate results. * @return instance of KMAttestationCert */ - KMAttestationCert notAfter(short usageExpiryTimeObj, - short certExpirtyTimeObj, byte[] scratchPad, short offset); + KMAttestationCert notAfter(short usageExpiryTimeObj, boolean derEncoded, byte[] scratchPad); /** * Set device lock status received during booting time or due to device lock command. @@ -153,13 +149,6 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, */ short getCertStart(); - /** - * Get the end of the certificate - * - * @return end of the attestation cert. - */ - short getCertEnd(); - /** * Get the length of the certificate * @@ -167,8 +156,43 @@ KMAttestationCert notAfter(short usageExpiryTimeObj, */ short getCertLength(); + /** - * Build the certificate. After this method the certificate is ready. + * Build a fake signed certificate. After this method executes the certificate is ready with the + * signature equal to 1 byte which is 0 and with rsa signature algorithm. */ void build(); + + /** + * Set the Serial number in the certificate. If no serial number is set then serial number is 1. + * + * @param serialNumber is serial number represented as KMByteBlob. + */ + boolean serialNumber(short serialNumber); + + /** + * Set the Subject Name in the certificate. + * + * @param subject is serial number represented as KMByteBlob. + */ + boolean subjectName(short subject); + + /** + * Set attestation key and mode. + * + * @param attestKey KMByteBlob of the key + * @param mode is the attestation mode. + */ + KMAttestationCert ecAttestKey(short attestKey, byte mode); + + /** + * Set attestation key and mode. + * + * @param attestKey KMByteBlob of the key + * @param mode is the attestation mode + */ + KMAttestationCert rsaAttestKey(short attestPrivExp, short attestMod, byte mode); + + KMAttestationCert factoryAttestKey(KMAttestationKey key, byte mode); + } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java b/Applet/src/com/android/javacard/kmdevice/KMAttestationCertImpl.java similarity index 56% rename from Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java rename to Applet/src/com/android/javacard/kmdevice/KMAttestationCertImpl.java index 6ca72904..9e817c9e 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAttestationCertImpl.java +++ b/Applet/src/com/android/javacard/kmdevice/KMAttestationCertImpl.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.JCSystem; import javacard.framework.Util; @@ -29,74 +29,59 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static final byte MAX_PARAMS = 30; // DER encoded object identifiers required by the cert. // rsaEncryption - 1.2.840.113549.1.1.1 - private static final byte[] rsaEncryption = { - 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01 - }; + private static byte[] rsaEncryption; // ecPublicKey - 1.2.840.10045.2.1 - private static final byte[] eccPubKey = { - 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x02, 0x01 - }; + private static byte[] eccPubKey; // prime256v1 curve - 1.2.840.10045.3.1.7 - private static final byte[] prime256v1 = { - 0x06, 0x08, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x03, 0x01, 0x07 - }; + private static byte[] prime256v1; // Key Usage Extn - 2.5.29.15 - private static final byte[] keyUsageExtn = {0x06, 0x03, 0x55, 0x1D, 0x0F}; + private static byte[] keyUsageExtn; // Android Extn - 1.3.6.1.4.1.11129.2.1.17 - private static final byte[] androidExtn = { - 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 - }; - + private static byte[] androidExtn; + private static final short RSA_SIG_LEN = 256; private static final short ECDSA_MAX_SIG_LEN = 72; - //Signature algorithm identifier - always ecdsaWithSha256 - 1.2.840.10045.4.3.2 + //Signature algorithm identifier - ecdsaWithSha256 - 1.2.840.10045.4.3.2 //SEQUENCE of alg OBJ ID and parameters = NULL. - private static final byte[] X509SignAlgIdentifier = { - 0x30, - 0x0A, - 0x06, - 0x08, - 0x2A, - (byte) 0x86, - 0x48, - (byte) 0xCE, - (byte) 0x3D, - 0x04, - 0x03, - 0x02 - }; + private static byte[] X509EcdsaSignAlgIdentifier; + // Signature algorithm identifier - sha256WithRSAEncryption - 1.2.840.113549.1.1.11 + // SEQUENCE of alg OBJ ID and parameters = NULL. + private static byte[] X509RsaSignAlgIdentifier; + + // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension. + private static short[] swTagIds; + + // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension. + private static short[] hwTagIds; + // Validity is not fixed field // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys - private static final byte[] X509Subject = { - 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, - 0x64, - 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, - 0x65, - 0x79 - }; + private static byte[] X509Subject; private static final byte keyUsageSign = (byte) 0x80; // 0 bit private static final byte keyUsageKeyEncipher = (byte) 0x20; // 2nd- bit private static final byte keyUsageDataEncipher = (byte) 0x10; // 3rd- bit + private static final byte keyUsageKeyAgreement = (byte) 0x08; // 4th- bit + private static final byte keyUsageCertSign = (byte) 0x04; // 5th- bit - private static final byte KEYMASTER_VERSION = 41; - private static final byte ATTESTATION_VERSION = 4; - private static final byte[] pubExponent = {0x01, 0x00, 0x01}; + private static final byte KEYMASTER_VERSION = 100; + private static final byte ATTESTATION_VERSION = 100; + private static byte[] pubExponent; private static final byte SERIAL_NUM = (byte) 0x01; private static final byte X509_VERSION = (byte) 0x02; private static short certStart; - private static short signatureOffset; - private static short tbsOffset; + private static short certLength; + private static short tbsStart; private static short tbsLength; - - private static short stackPtr; private static byte[] stack; - private static short start; - private static short length; - // private static KMRepository repo; + private static short stackPtr; + private static short bufStart; + private static short bufLength; + private static short uniqueId; private static short attChallenge; private static short notBefore; + private static short notAfter; private static short pubKey; private static short[] swParams; @@ -106,20 +91,107 @@ public class KMAttestationCertImpl implements KMAttestationCert { private static byte keyUsage; private static byte unusedBits; private static KMAttestationCert inst; + private static KMSEProvider seProvider; private static boolean rsaCert; private static byte deviceLocked; private static short verifiedBootKey; private static byte verifiedState; private static short verifiedHash; private static short issuer; + private static short subjectName; private static short signPriv; + private static short serialNum; + + private static byte certMode; + private static short certAttestKeySecret; + private static short certAttestKeyRsaPubModulus; + private static KMAttestationKey factoryAttestKey; + private static boolean certRsaSign; + private static final byte SERIAL_NUM_MAX_LEN = 20; + private static final byte SUBJECT_NAME_MAX_LEN = 32; + + public static void initStatics() { + rsaEncryption = new byte[]{ + 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01 + }; + eccPubKey = new byte[]{ + 0x06, 0x07, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x02, 0x01 + }; + prime256v1 = new byte[]{ + 0x06, 0x08, 0x2A, (byte) 0x86, 0x48, (byte) 0xCE, 0x3D, 0x03, 0x01, 0x07 + }; + keyUsageExtn = new byte[]{0x06, 0x03, 0x55, 0x1D, 0x0F}; + androidExtn = new byte[]{ + 0x06, 0x0A, 0X2B, 0X06, 0X01, 0X04, 0X01, (byte) 0XD6, 0X79, 0X02, 0X01, 0X11 + }; + X509EcdsaSignAlgIdentifier = new byte[]{ + 0x30, + 0x0A, + 0x06, + 0x08, + 0x2A, + (byte) 0x86, + 0x48, + (byte) 0xCE, + (byte) 0x3D, + 0x04, + 0x03, + 0x02 + }; + X509RsaSignAlgIdentifier = new byte[]{ + 0x30, + 0x0D, + 0x06, + 0x09, + 0x2A, + (byte) 0x86, + 0x48, + (byte) 0x86, + (byte) 0xF7, + 0x0D, + 0x01, + 0x01, + 0x0B, + 0x05, + 0x00 + }; + swTagIds = new short[]{ + KMType.ATTESTATION_APPLICATION_ID, + KMType.CREATION_DATETIME, + KMType.USAGE_EXPIRE_DATETIME, + KMType.ORIGINATION_EXPIRE_DATETIME, + KMType.ACTIVE_DATETIME, + KMType.UNLOCKED_DEVICE_REQUIRED + }; + hwTagIds = new short[]{ + KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, + KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER, + KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI, + KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT, + KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND, + KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, + KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, + KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID, + KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH, + KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE, + KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE}; + X509Subject = new byte[]{ + 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, + 0x64, + 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, + 0x65, + 0x79 + }; + pubExponent = new byte[]{0x01, 0x00, 0x01}; + } private KMAttestationCertImpl() { } - public static KMAttestationCert instance(boolean rsaCert) { + public static KMAttestationCert instance(boolean rsaCert, KMSEProvider provider) { if (inst == null) { inst = new KMAttestationCertImpl(); + seProvider = provider; } init(); KMAttestationCertImpl.rsaCert = rsaCert; @@ -130,9 +202,9 @@ private static void init() { stack = null; stackPtr = 0; certStart = 0; - signatureOffset = 0; - start = 0; - length = 0; + certLength = 0; + bufStart = 0; + bufLength = 0; tbsLength = 0; if (swParams == null) { swParams = JCSystem.makeTransientShortArray((short) MAX_PARAMS, JCSystem.CLEAR_ON_RESET); @@ -156,20 +228,23 @@ private static void init() { rsaCert = true; deviceLocked = 0; signPriv = 0; + certMode = KMType.NO_CERT; + certAttestKeySecret = KMType.INVALID_VALUE; + certRsaSign = true; + issuer = KMType.INVALID_VALUE; + subjectName = KMType.INVALID_VALUE; + serialNum = KMType.INVALID_VALUE; + factoryAttestKey = null; } @Override public KMAttestationCert verifiedBootHash(short obj) { - if (obj == KMType.INVALID_VALUE) - KMException.throwIt(KMError.INVALID_DATA); verifiedHash = obj; return this; } @Override public KMAttestationCert verifiedBootKey(short obj) { - if (obj == KMType.INVALID_VALUE) - KMException.throwIt(KMError.INVALID_DATA); verifiedBootKey = obj; return this; } @@ -186,30 +261,41 @@ private KMAttestationCert uniqueId(short obj) { } @Override - public KMAttestationCert notBefore(short obj, byte[] scratchpad) { - // convert milliseconds to UTC date - notBefore = KMUtils.convertToDate(obj, scratchpad, true); + public KMAttestationCert notBefore(short obj, boolean derEncoded, byte[] scratchpad) { + if (!derEncoded) { + // convert milliseconds to UTC date + notBefore = KMUtils.convertToDate(obj, scratchpad, true); + } else { + notBefore = KMByteBlob.instance(KMByteBlob.getBuffer(obj), + KMByteBlob.getStartOff(obj), KMByteBlob.length(obj)); + } return this; } @Override - public KMAttestationCert notAfter(short usageExpiryTimeObj, - short certExpirtyTimeObj, byte[] scratchPad, short tmpVar) { - if (usageExpiryTimeObj != KMType.INVALID_VALUE) { - // compare if the expiry time is greater then 2051 then use generalized - // time format else use utc time format. - usageExpiryTimeObj = KMIntegerTag.cast(usageExpiryTimeObj).getValue(); - tmpVar = KMInteger.uint_64(KMUtils.firstJan2051, (short) 0); - if (KMInteger.compare(usageExpiryTimeObj, tmpVar) >= 0) { - usageExpiryTimeObj = KMUtils.convertToDate(usageExpiryTimeObj, scratchPad, - false); + public KMAttestationCert notAfter(short usageExpiryTimeObj, boolean derEncoded, + byte[] scratchPad) { + if (!derEncoded) { + if (usageExpiryTimeObj != KMType.INVALID_VALUE) { + // compare if the expiry time is greater then 2051 then use generalized + // time format else use utc time format. + short tmpVar = KMInteger.uint_64(KMUtils.firstJan2051, (short) 0); + if (KMInteger.compare(usageExpiryTimeObj, tmpVar) >= 0) { + usageExpiryTimeObj = KMUtils.convertToDate(usageExpiryTimeObj, scratchPad, + false); + } else { + usageExpiryTimeObj = KMUtils + .convertToDate(usageExpiryTimeObj, scratchPad, true); + } + notAfter = usageExpiryTimeObj; } else { - usageExpiryTimeObj = KMUtils - .convertToDate(usageExpiryTimeObj, scratchPad, true); + //notAfter = certExpirtyTimeObj; } - notAfter = usageExpiryTimeObj; } else { - notAfter = certExpirtyTimeObj; + // notAfter = KMKeymasterApplet.instance(KMKeymasterApplet.cast(usageExpiryTimeObj).getBuffer(), + // KMKeymasterApplet.cast(usageExpiryTimeObj).getStartOff(), + // KMKeymasterApplet.cast(usageExpiryTimeObj).length()); + notAfter = usageExpiryTimeObj; } return this; } @@ -245,7 +331,7 @@ public KMAttestationCert extensionTag(short tag, boolean hwEnforced) { swParams[swParamsIndex] = tag; swParamsIndex++; } - if (KMTag.getKey(tag) == KMType.PURPOSE) { + if (KMTag.getKMTagKey(tag) == KMType.PURPOSE) { createKeyUsage(tag); } return this; @@ -253,22 +339,24 @@ public KMAttestationCert extensionTag(short tag, boolean hwEnforced) { @Override public KMAttestationCert issuer(short obj) { - if (obj == KMType.INVALID_VALUE) - KMException.throwIt(KMError.INVALID_DATA); issuer = obj; return this; } private void createKeyUsage(short tag) { - short len = KMEnumArrayTag.cast(tag).length(); + short len = KMEnumArrayTag.length(tag); byte index = 0; while (index < len) { - if (KMEnumArrayTag.cast(tag).get(index) == KMType.SIGN) { + if (KMEnumArrayTag.get(tag, index) == KMType.SIGN) { keyUsage = (byte) (keyUsage | keyUsageSign); - } else if (KMEnumArrayTag.cast(tag).get(index) == KMType.WRAP_KEY) { + } else if (KMEnumArrayTag.get(tag, index) == KMType.WRAP_KEY) { keyUsage = (byte) (keyUsage | keyUsageKeyEncipher); - } else if (KMEnumArrayTag.cast(tag).get(index) == KMType.DECRYPT) { + } else if (KMEnumArrayTag.get(tag, index) == KMType.DECRYPT) { keyUsage = (byte) (keyUsage | keyUsageDataEncipher); + } else if (KMEnumArrayTag.get(tag, index) == KMType.AGREE_KEY) { + keyUsage = (byte) (keyUsage | keyUsageKeyAgreement); + } else if (KMEnumArrayTag.get(tag, index) == KMType.ATTEST_KEY) { + keyUsage = (byte) (keyUsage | keyUsageCertSign); } index++; } @@ -279,9 +367,12 @@ private void createKeyUsage(short tag) { } } - private static void pushTbsCert(boolean rsaCert) { + //TODO Serial number, X509Version needa to be passed as parameter + private void pushTbsCert(boolean rsaCert, boolean rsa) { short last = stackPtr; - pushExtensions(); + if (certMode == KMType.ATTESTATION_CERT || certMode == KMType.FACTORY_PROVISIONED_ATTEST_CERT) { + pushExtensions(); + } // subject public key info if (rsaCert) { pushRsaSubjectKeyInfo(); @@ -289,18 +380,24 @@ private static void pushTbsCert(boolean rsaCert) { pushEccSubjectKeyInfo(); } // subject - pushBytes(X509Subject, (short) 0, (short) X509Subject.length); + pushBytes(KMByteBlob.getBuffer(subjectName), KMByteBlob.getStartOff(subjectName), + KMByteBlob.length(subjectName)); pushValidity(); // issuer - der encoded pushBytes( - KMByteBlob.cast(issuer).getBuffer(), - KMByteBlob.cast(issuer).getStartOff(), - KMByteBlob.cast(issuer).length()); + KMByteBlob.getBuffer(issuer), + KMByteBlob.getStartOff(issuer), + KMByteBlob.length(issuer)); // Algorithm Id - pushAlgorithmId(X509SignAlgIdentifier); + if (rsa) { + pushAlgorithmId(X509RsaSignAlgIdentifier); + } else { + pushAlgorithmId(X509EcdsaSignAlgIdentifier); + } // Serial Number - pushByte(SERIAL_NUM); - pushIntegerHeader((short) 1); + pushBytes(KMByteBlob.getBuffer(serialNum), KMByteBlob.getStartOff(serialNum), + KMByteBlob.length(serialNum)); + pushIntegerHeader(KMByteBlob.length(serialNum)); // Version pushByte(X509_VERSION); pushIntegerHeader((short) 1); @@ -310,7 +407,7 @@ private static void pushTbsCert(boolean rsaCert) { pushSequenceHeader((short) (last - stackPtr)); } - private static void pushExtensions() { + private void pushExtensions() { short last = stackPtr; if (keyUsage != 0) { pushKeyUsage(keyUsage, unusedBits); @@ -323,22 +420,22 @@ private static void pushExtensions() { } // Time SEQUENCE{UTCTime, UTC or Generalized Time) - private static void pushValidity() { + private void pushValidity() { short last = stackPtr; - if (notAfter != KMType.INVALID_VALUE) { + if (notAfter != 0) { pushBytes( - KMByteBlob.cast(notAfter).getBuffer(), - KMByteBlob.cast(notAfter).getStartOff(), - KMByteBlob.cast(notAfter).length()); + KMByteBlob.getBuffer(notAfter), + KMByteBlob.getStartOff(notAfter), + KMByteBlob.length(notAfter)); } else { KMException.throwIt(KMError.INVALID_DATA); } - pushTimeHeader(KMByteBlob.cast(notAfter).length()); + pushTimeHeader(KMByteBlob.length(notAfter)); pushBytes( - KMByteBlob.cast(notBefore).getBuffer(), - KMByteBlob.cast(notBefore).getStartOff(), - KMByteBlob.cast(notBefore).length()); - pushTimeHeader(KMByteBlob.cast(notBefore).length()); + KMByteBlob.getBuffer(notBefore), + KMByteBlob.getStartOff(notBefore), + KMByteBlob.length(notBefore)); + pushTimeHeader(KMByteBlob.length(notBefore)); pushSequenceHeader((short) (last - stackPtr)); } @@ -357,21 +454,21 @@ private static void pushTimeHeader(short len) { // SEQUENCE{SEQUENCE{algId, NULL}, bitString{SEQUENCE{ modulus as positive integer, public // exponent // as positive integer} - private static void pushRsaSubjectKeyInfo() { + private void pushRsaSubjectKeyInfo() { short last = stackPtr; pushBytes(pubExponent, (short) 0, (short) pubExponent.length); pushIntegerHeader((short) pubExponent.length); pushBytes( - KMByteBlob.cast(pubKey).getBuffer(), - KMByteBlob.cast(pubKey).getStartOff(), - KMByteBlob.cast(pubKey).length()); + KMByteBlob.getBuffer(pubKey), + KMByteBlob.getStartOff(pubKey), + KMByteBlob.length(pubKey)); // encode modulus as positive if the MSB is 1. - if (KMByteBlob.cast(pubKey).get((short) 0) < 0) { + if (KMByteBlob.get(pubKey, (short) 0) < 0) { pushByte((byte) 0x00); - pushIntegerHeader((short) (KMByteBlob.cast(pubKey).length() + 1)); + pushIntegerHeader((short) (KMByteBlob.length(pubKey) + 1)); } else { - pushIntegerHeader(KMByteBlob.cast(pubKey).length()); + pushIntegerHeader(KMByteBlob.length(pubKey)); } pushSequenceHeader((short) (last - stackPtr)); pushBitStringHeader((byte) 0x00, (short) (last - stackPtr)); @@ -380,13 +477,13 @@ private static void pushRsaSubjectKeyInfo() { } // SEQUENCE{SEQUENCE{ecPubKey, prime256v1}, bitString{pubKey}} - private static void pushEccSubjectKeyInfo() { + private void pushEccSubjectKeyInfo() { short last = stackPtr; pushBytes( - KMByteBlob.cast(pubKey).getBuffer(), - KMByteBlob.cast(pubKey).getStartOff(), - KMByteBlob.cast(pubKey).length()); - pushBitStringHeader((byte) 0x00, KMByteBlob.cast(pubKey).length()); + KMByteBlob.getBuffer(pubKey), + KMByteBlob.getStartOff(pubKey), + KMByteBlob.length(pubKey)); + pushBitStringHeader((byte) 0x00, KMByteBlob.length(pubKey)); pushEcDsa(); pushSequenceHeader((short) (last - stackPtr)); } @@ -415,22 +512,22 @@ private static void pushRsaEncryption() { // softwareEnforced AuthorizationList, # See below // hardwareEnforced AuthorizationList, # See below // } - private static void pushKeyDescription() { + private void pushKeyDescription() { short last = stackPtr; pushHWParams(); pushSWParams(); if (uniqueId != 0) { pushOctetString( - KMByteBlob.cast(uniqueId).getBuffer(), - KMByteBlob.cast(uniqueId).getStartOff(), - KMByteBlob.cast(uniqueId).length()); + KMByteBlob.getBuffer(uniqueId), + KMByteBlob.getStartOff(uniqueId), + KMByteBlob.length(uniqueId)); } else { pushOctetStringHeader((short) 0); } pushOctetString( - KMByteBlob.cast(attChallenge).getBuffer(), - KMByteBlob.cast(attChallenge).getStartOff(), - KMByteBlob.cast(attChallenge).length()); + KMByteBlob.getBuffer(attChallenge), + KMByteBlob.getStartOff(attChallenge), + KMByteBlob.length(attChallenge)); pushEnumerated(KMType.STRONGBOX); pushByte(KEYMASTER_VERSION); pushIntegerHeader((short) 1); @@ -443,53 +540,36 @@ private static void pushKeyDescription() { pushSequenceHeader((short) (last - stackPtr)); } - private static void pushSWParams() { + private void pushSWParams() { short last = stackPtr; - // Below are the allowed softwareEnforced Authorization tags inside the attestation certificate's extension. - short[] tagIds = { - KMType.ATTESTATION_APPLICATION_ID, KMType.CREATION_DATETIME, - KMType.USAGE_EXPIRE_DATETIME, KMType.ORIGINATION_EXPIRE_DATETIME, - KMType.ACTIVE_DATETIME, KMType.UNLOCKED_DEVICE_REQUIRED}; byte index = 0; + short length = (short) swTagIds.length; do { - pushParams(swParams, swParamsIndex, tagIds[index]); - } while (++index < tagIds.length); + pushParams(swParams, swParamsIndex, swTagIds[index]); + } while (++index < length); pushSequenceHeader((short) (last - stackPtr)); } - private static void pushHWParams() { + private void pushHWParams() { short last = stackPtr; - // Below are the allowed hardwareEnforced Authorization tags inside the attestation certificate's extension. - short[] tagIds = { - KMType.BOOT_PATCH_LEVEL, KMType.VENDOR_PATCH_LEVEL, - KMType.ATTESTATION_ID_MODEL, KMType.ATTESTATION_ID_MANUFACTURER, - KMType.ATTESTATION_ID_MEID, KMType.ATTESTATION_ID_IMEI, - KMType.ATTESTATION_ID_SERIAL, KMType.ATTESTATION_ID_PRODUCT, - KMType.ATTESTATION_ID_DEVICE, KMType.ATTESTATION_ID_BRAND, - KMType.OS_PATCH_LEVEL, KMType.OS_VERSION, KMType.ROOT_OF_TRUST, - KMType.ORIGIN, KMType.AUTH_TIMEOUT, KMType.USER_AUTH_TYPE, - KMType.NO_AUTH_REQUIRED, KMType.USER_SECURE_ID, - KMType.RSA_PUBLIC_EXPONENT, KMType.ECCURVE, KMType.MIN_MAC_LENGTH, - KMType.CALLER_NONCE, KMType.PADDING, KMType.DIGEST, KMType.BLOCK_MODE, - KMType.KEYSIZE, KMType.ALGORITHM, KMType.PURPOSE}; - byte index = 0; + short length = (short) hwTagIds.length; do { - if (tagIds[index] == KMType.ROOT_OF_TRUST) { + if (hwTagIds[index] == KMType.ROOT_OF_TRUST) { pushRoT(); continue; } - if (pushParams(hwParams, hwParamsIndex, tagIds[index])) { + if (pushParams(hwParams, hwParamsIndex, hwTagIds[index])) { continue; } - } while (++index < tagIds.length); + } while (++index < length); pushSequenceHeader((short) (last - stackPtr)); } - private static boolean pushParams(short[] params, short len, short tagId) { + private boolean pushParams(short[] params, short len, short tagId) { short index = 0; while (index < len) { - if (tagId == KMTag.getKey(params[index])) { + if (tagId == KMTag.getKMTagKey(params[index])) { pushTag(params[index]); return true; } @@ -498,50 +578,50 @@ private static boolean pushParams(short[] params, short len, short tagId) { return false; } - private static void pushTag(short tag) { - short type = KMTag.getTagType(tag); - short tagId = KMTag.getKey(tag); + private void pushTag(short tag) { + short type = KMTag.getKMTagType(tag); + short tagId = KMTag.getKMTagKey(tag); short val; switch (type) { case KMType.BYTES_TAG: - val = KMByteTag.cast(tag).getValue(); + val = KMByteTag.getValue(tag); pushBytesTag( tagId, - KMByteBlob.cast(val).getBuffer(), - KMByteBlob.cast(val).getStartOff(), - KMByteBlob.cast(val).length()); + KMByteBlob.getBuffer(val), + KMByteBlob.getStartOff(val), + KMByteBlob.length(val)); break; case KMType.ENUM_TAG: - val = KMEnumTag.cast(tag).getValue(); + val = KMEnumTag.getValue(tag); pushEnumTag(tagId, (byte) val); break; case KMType.ENUM_ARRAY_TAG: - val = KMEnumArrayTag.cast(tag).getValues(); + val = KMEnumArrayTag.getValues(tag); pushEnumArrayTag( tagId, - KMByteBlob.cast(val).getBuffer(), - KMByteBlob.cast(val).getStartOff(), - KMByteBlob.cast(val).length()); + KMByteBlob.getBuffer(val), + KMByteBlob.getStartOff(val), + KMByteBlob.length(val)); break; case KMType.UINT_TAG: case KMType.ULONG_TAG: case KMType.DATE_TAG: - val = KMIntegerTag.cast(tag).getValue(); + val = KMIntegerTag.getValue(tag); pushIntegerTag( tagId, - KMInteger.cast(val).getBuffer(), - KMInteger.cast(val).getStartOff(), - KMInteger.cast(val).length()); + KMInteger.getBuffer(val), + KMInteger.getStartOff(val), + KMInteger.length(val)); break; case KMType.UINT_ARRAY_TAG: case KMType.ULONG_ARRAY_TAG: // According to keymaster hal only one user secure id is used but this conflicts with // tag type which is ULONG-REP. Currently this is encoded as SET OF INTEGERS - val = KMIntegerArrayTag.cast(tag).getValues(); + val = KMIntegerArrayTag.getValues(tag); pushIntegerArrayTag(tagId, val); break; case KMType.BOOL_TAG: - val = KMBoolTag.cast(tag).getVal(); + KMBoolTag.validate(tag); pushBoolTag(tagId); break; default: @@ -562,22 +642,22 @@ private static void pushTag(short tag) { // Unverified (2), // Failed (3), // } - private static void pushRoT() { + private void pushRoT() { short last = stackPtr; // verified boot hash pushOctetString( - KMByteBlob.cast(verifiedHash).getBuffer(), - KMByteBlob.cast(verifiedHash).getStartOff(), - KMByteBlob.cast(verifiedHash).length()); + KMByteBlob.getBuffer(verifiedHash), + KMByteBlob.getStartOff(verifiedHash), + KMByteBlob.length(verifiedHash)); pushEnumerated(verifiedState); pushBoolean(deviceLocked); // verified boot Key pushOctetString( - KMByteBlob.cast(verifiedBootKey).getBuffer(), - KMByteBlob.cast(verifiedBootKey).getStartOff(), - KMByteBlob.cast(verifiedBootKey).length()); + KMByteBlob.getBuffer(verifiedBootKey), + KMByteBlob.getStartOff(verifiedBootKey), + KMByteBlob.length(verifiedBootKey)); // Finally sequence header pushSequenceHeader((short) (last - stackPtr)); @@ -616,17 +696,17 @@ private static void pushEnumArrayTag(short tagId, byte[] buf, short start, short // Only SET of INTEGERS supported are padding, digest, purpose and blockmode // All of these are enum array tags i.e. byte long values - private static void pushIntegerArrayTag(short tagId, short arr) { + private void pushIntegerArrayTag(short tagId, short arr) { short last = stackPtr; short index = 0; - short len = KMArray.cast(arr).length(); + short len = KMArray.length(arr); short ptr; while (index < len) { - ptr = KMArray.cast(arr).get(index); + ptr = KMArray.get(arr, index); pushInteger( - KMInteger.cast(ptr).getBuffer(), - KMInteger.cast(ptr).getStartOff(), - KMInteger.cast(ptr).length()); + KMInteger.getBuffer(ptr), + KMInteger.getStartOff(ptr), + KMInteger.length(ptr)); index++; } pushSetHeader((short) (last - stackPtr)); @@ -670,6 +750,7 @@ private static void pushEnumTag(short tagId, byte val) { private static void pushIntegerTag(short tagId, byte[] buf, short start, short len) { short last = stackPtr; pushInteger(buf, start, len); + // pushIntegerHeader((short) (last - stackPtr)); pushTagIdHeader(tagId, (short) (last - stackPtr)); } @@ -787,17 +868,17 @@ private static void pushBytes(byte[] buf, short start, short len) { private static void decrementStackPtr(short cnt) { stackPtr = (short) (stackPtr - cnt); - if (start > stackPtr) { + if (bufStart > stackPtr) { KMException.throwIt(KMError.UNKNOWN_ERROR); } } @Override - public KMAttestationCert buffer(byte[] buf, short bufStart, short maxLen) { + public KMAttestationCert buffer(byte[] buf, short start, short maxLen) { stack = buf; - start = bufStart; - length = maxLen; - stackPtr = (short) (start + length); + bufStart = start; + bufLength = maxLen; + stackPtr = (short) (bufStart + bufLength); return this; } @@ -806,46 +887,110 @@ public short getCertStart() { return certStart; } - @Override - public short getCertEnd() { - return (short) (start + length - 1); - } - @Override public short getCertLength() { - return (short) (getCertEnd() - getCertStart() + 1); + return certLength; } - @Override - public void build() { + + public void build(KMAttestationKey factoryAttestKey, short attSecret, short attMod, + boolean rsaSign, boolean fakeCert) { + stackPtr = (short) (bufStart + bufLength); short last = stackPtr; - decrementStackPtr((short) ECDSA_MAX_SIG_LEN); - signatureOffset = stackPtr; + short sigLen = 0; + if (fakeCert) { + rsaSign = true; + pushByte((byte) 0); + sigLen = 1; + } + // Push placeholder signature Bit string header + // This will potentially change at the end + else if (rsaSign) { + decrementStackPtr(RSA_SIG_LEN); + } else { + decrementStackPtr(ECDSA_MAX_SIG_LEN); + } + short signatureOffset = stackPtr; pushBitStringHeader((byte) 0, (short) (last - stackPtr)); - pushAlgorithmId(X509SignAlgIdentifier); + if (rsaSign) { + pushAlgorithmId(X509RsaSignAlgIdentifier); + } else { + pushAlgorithmId(X509EcdsaSignAlgIdentifier); + } tbsLength = stackPtr; - pushTbsCert(rsaCert); - tbsOffset = stackPtr; - tbsLength = (short) (tbsLength - tbsOffset); + pushTbsCert(rsaCert, rsaSign); + tbsStart = stackPtr; + tbsLength = (short) (tbsLength - tbsStart); + if (attSecret != KMType.INVALID_VALUE || factoryAttestKey != null) { + // Sign with the attestation key + // The pubKey is the modulus. + if (rsaSign) { + sigLen = seProvider + .rsaSign256Pkcs1( + KMByteBlob.getBuffer(attSecret), + KMByteBlob.getStartOff(attSecret), + KMByteBlob.length(attSecret), + KMByteBlob.getBuffer(attMod), + KMByteBlob.getStartOff(attMod), + KMByteBlob.length(attMod), + stack, + tbsStart, + tbsLength, + stack, + signatureOffset); + if (sigLen > RSA_SIG_LEN) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + } else if (factoryAttestKey != null) { + sigLen = seProvider + .ecSign256( + factoryAttestKey, + stack, + tbsStart, + tbsLength, + stack, + signatureOffset); + if (sigLen > ECDSA_MAX_SIG_LEN) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + } else { + sigLen = seProvider + .ecSign256( + KMByteBlob.getBuffer(attSecret), + KMByteBlob.getStartOff(attSecret), + KMByteBlob.length(attSecret), + stack, + tbsStart, + tbsLength, + stack, + signatureOffset); + if (sigLen > ECDSA_MAX_SIG_LEN) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + } + // Adjust signature length + stackPtr = signatureOffset; + pushBitStringHeader((byte) 0, sigLen); + } else if (!fakeCert) { // no attestation key provisioned in the factory + KMException.throwIt(KMError.ATTESTATION_KEYS_NOT_PROVISIONED); + } + last = (short) (signatureOffset + sigLen); + // Add certificate sequence header + stackPtr = tbsStart; pushSequenceHeader((short) (last - stackPtr)); certStart = stackPtr; - KMJCardSimulator provider = KMJCardSimulator.getInstance(); - short sigLen = provider - .ecSign256( - provider.getAttestationKey(), - stack, - tbsOffset, - tbsLength, - stack, - signatureOffset); - if (sigLen != ECDSA_MAX_SIG_LEN) { - // Update the lengths appropriately. - stackPtr = (short) (signatureOffset - 1); - pushLength((short) (sigLen + 1)); - stackPtr = tbsOffset; - last -= (short) (ECDSA_MAX_SIG_LEN - sigLen); - pushLength((short) (last - stackPtr)); - length -= (short) (ECDSA_MAX_SIG_LEN - sigLen); + certLength = (short) (last - certStart); + } + + + @Override + public void build() { + if (certMode == KMType.FAKE_CERT) { + build(null, KMType.INVALID_VALUE, KMType.INVALID_VALUE, true, true); + } else if (certMode == KMType.FACTORY_PROVISIONED_ATTEST_CERT) { + build(factoryAttestKey, KMType.INVALID_VALUE, KMType.INVALID_VALUE, false, false); + } else { + build(null, certAttestKeySecret, certAttestKeyRsaPubModulus, certRsaSign, false); } } @@ -872,24 +1017,88 @@ public KMAttestationCert makeUniqueId(byte[] scratchPad, short scratchPadOff, scratchPadOff++; //Get the key data from the master key - KMAESKey aesKey = (KMAESKey) masterKey; + KMMasterKey aesKey = masterKey; short mKeyData = KMByteBlob.instance((short) (aesKey.getKeySizeBits() / 8)); aesKey.getKey( - KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ - KMByteBlob.cast(mKeyData).getStartOff()); /* Key start*/ + KMByteBlob.getBuffer(mKeyData), /* Key */ + KMByteBlob.getStartOff(mKeyData)); /* Key start*/ timeOffset = KMByteBlob.instance((short) 32); - appIdOff = KMJCardSimulator.getInstance().hmacSign( - KMByteBlob.cast(mKeyData).getBuffer(), /* Key */ - KMByteBlob.cast(mKeyData).getStartOff(), /* Key start*/ - KMByteBlob.cast(mKeyData).length(), /* Key length*/ + appIdOff = seProvider.hmacSign( + KMByteBlob.getBuffer(mKeyData), /* Key */ + KMByteBlob.getStartOff(mKeyData), /* Key start*/ + KMByteBlob.length(mKeyData), /* Key length*/ scratchPad, /* data */ temp, /* data start */ scratchPadOff, /* data length */ - KMByteBlob.cast(timeOffset).getBuffer(), /* signature buffer */ - KMByteBlob.cast(timeOffset).getStartOff()); /* signature start */ + KMByteBlob.getBuffer(timeOffset), /* signature buffer */ + KMByteBlob.getStartOff(timeOffset)); /* signature start */ if (appIdOff != 32) { KMException.throwIt(KMError.UNKNOWN_ERROR); } return uniqueId(timeOffset); } + + @Override + public boolean serialNumber(short number) { + short length = KMByteBlob.length(number); + if (length > SERIAL_NUM_MAX_LEN) { + return false; + } + byte msb = KMByteBlob.get(number, (short) 0); + if (msb < 0 && length > (SERIAL_NUM_MAX_LEN - 1)) { + return false; + } + serialNum = number; + return true; + } + + @Override + public boolean subjectName(short sub) { + /* + short length = KMKeymasterApplet.cast(sub).length(); + if(length > SUBJECT_NAME_MAX_LEN){ + return false; + } + Util.arrayCopyNonAtomic(KMKeymasterApplet.cast(sub).getBuffer(), KMKeymasterApplet.cast(sub).getStartOff(), + subjectName,(short)0,length); + subjectLen = length; + */ + if (sub == KMType.INVALID_VALUE || KMByteBlob.length(sub) == 0) { + return false; + } + subjectName = sub; + return true; + } + + @Override + public KMAttestationCert ecAttestKey(short attestKey, byte mode) { + certMode = mode; + certAttestKeySecret = attestKey; + certAttestKeyRsaPubModulus = KMType.INVALID_VALUE; + certRsaSign = false; + return this; + } + + @Override + public KMAttestationCert rsaAttestKey(short attestPrivExp, short attestMod, byte mode) { + certMode = mode; + certAttestKeySecret = attestPrivExp; + certAttestKeyRsaPubModulus = attestMod; + certRsaSign = true; + return this; + } + + public KMAttestationCert factoryAttestKey(KMAttestationKey key, byte mode) { + certMode = mode; + factoryAttestKey = key; + return this; + } + + //Check + /* + * private void print(byte[] buf, short start, short length){ StringBuilder sb = + * new StringBuilder(length * 2); for(short i = start; i < (start+length); i + * ++){ sb.append(String.format("%02x", buf[i])); } System.out.println( + * sb.toString()); } + */ } diff --git a/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java b/Applet/src/com/android/javacard/kmdevice/KMAttestationKey.java similarity index 95% rename from Applet/src/com/android/javacard/keymaster/KMAttestationKey.java rename to Applet/src/com/android/javacard/kmdevice/KMAttestationKey.java index 3d626bbf..1dd4667f 100644 --- a/Applet/src/com/android/javacard/keymaster/KMAttestationKey.java +++ b/Applet/src/com/android/javacard/kmdevice/KMAttestationKey.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; /** * KMAttestationKey is a marker interface and the SE Provider has to implement this interface. @@ -23,3 +23,4 @@ public interface KMAttestationKey { } + diff --git a/Applet/src/com/android/javacard/kmdevice/KMBignumTag.java b/Applet/src/com/android/javacard/kmdevice/KMBignumTag.java new file mode 100644 index 00000000..bdafc67d --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMBignumTag.java @@ -0,0 +1,139 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMBignumTag represents BIGNUM Tag Type from android keymaster hal specifications. The tag value + * of this tag is the KMByteBlob pointer i.e. offset of KMByteBlob in memory heap. struct{byte + * TAG_TYPE; short length; struct{short BIGNUM_TAG; short tagKey; short blobPtr}} + */ + +public class KMBignumTag extends KMTag { + + private static KMBignumTag prototype; + + // The allowed tag keys of type bool tag + private static short[] tags; + + public static void initStatics() { + tags = new short[]{ + CERTIFICATE_SERIAL_NUM, + }; + } + + private KMBignumTag() { + } + + private static KMBignumTag proto(short ptr) { + if (prototype == null) { + prototype = new KMBignumTag(); + } + KMType.instanceTable[KM_BIGNUM_TAG_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + short blobPtr = KMByteBlob.exp(); + short ptr = instance(TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), BIGNUM_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), INVALID_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), blobPtr); + return ptr; + } + + public static short instance(short key) { + if (!validateKey(key)) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + return instance(key, KMByteBlob.exp()); + } + + public static short instance(short key, short byteBlob) { + if (!validateKey(key)) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + if (heap[byteBlob] != BYTE_BLOB_TYPE) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short ptr = instance(TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), BIGNUM_TAG); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), key); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), byteBlob); + return ptr; + } + + private static KMBignumTag cast(short ptr) { + if (heap[ptr] != TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + if (Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)) != BIGNUM_TAG) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public short getKey() { + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_BIGNUM_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + public short getTagType() { + return KMType.BIGNUM_TAG; + } + + public short getValue() { + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_BIGNUM_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); + } + + public short length() { + short blobPtr = Util.getShort(heap, + (short) (KMType.instanceTable[KM_BIGNUM_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); + return KMByteBlob.length(blobPtr); + } + + public static short getKey(short bPtr) { + return KMBignumTag.cast(bPtr).getKey(); + } + + public static short getTagType(short bPtr) { + return KMBignumTag.cast(bPtr).getTagType(); + } + + public static short getValue(short bPtr) { + return KMBignumTag.cast(bPtr).getValue(); + } + + public static short length(short bPtr) { + return KMBignumTag.cast(bPtr).length(); + } + + private static boolean validateKey(short key) { + short index = (short) tags.length; + while (--index >= 0) { + if (tags[index] == key) { + return true; + } + } + return false; + } +} diff --git a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java b/Applet/src/com/android/javacard/kmdevice/KMBoolTag.java similarity index 68% rename from Applet/src/com/android/javacard/keymaster/KMBoolTag.java rename to Applet/src/com/android/javacard/kmdevice/KMBoolTag.java index 69619c0d..453eccb2 100644 --- a/Applet/src/com/android/javacard/keymaster/KMBoolTag.java +++ b/Applet/src/com/android/javacard/kmdevice/KMBoolTag.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -32,29 +32,34 @@ public class KMBoolTag extends KMTag { private static KMBoolTag prototype; // The allowed tag keys of type bool tag. - private static final short[] tags = { - CALLER_NONCE, - INCLUDE_UNIQUE_ID, - BOOTLOADER_ONLY, - ROLLBACK_RESISTANCE, - NO_AUTH_REQUIRED, - ALLOW_WHILE_ON_BODY, - TRUSTED_USER_PRESENCE_REQUIRED, - TRUSTED_CONFIRMATION_REQUIRED, - UNLOCKED_DEVICE_REQUIRED, - RESET_SINCE_ID_ROTATION, - EARLY_BOOT_ONLY, - DEVICE_UNIQUE_ATTESTATION - }; + private static short[] tags; private KMBoolTag() { } + public static void initStatics() { + // The allowed tag keys of type bool tag. + tags = new short[]{ + CALLER_NONCE, + INCLUDE_UNIQUE_ID, + BOOTLOADER_ONLY, + ROLLBACK_RESISTANCE, + NO_AUTH_REQUIRED, + ALLOW_WHILE_ON_BODY, + TRUSTED_USER_PRESENCE_REQUIRED, + TRUSTED_CONFIRMATION_REQUIRED, + UNLOCKED_DEVICE_REQUIRED, + RESET_SINCE_ID_ROTATION, + EARLY_BOOT_ONLY, + DEVICE_UNIQUE_ATTESTATION + }; + } + private static KMBoolTag proto(short ptr) { if (prototype == null) { prototype = new KMBoolTag(); } - instanceTable[KM_BOOL_TAG_OFFSET] = ptr; + KMType.instanceTable[KM_BOOL_TAG_OFFSET] = ptr; return prototype; } @@ -67,7 +72,7 @@ public static short exp() { public static short instance(short key) { if (!validateKey(key)) { - ISOException.throwIt(ISO7816.SW_DATA_INVALID); + KMException.throwIt(KMError.INVALID_TAG); } short ptr = KMType.instance(TAG_TYPE, (short) 5); Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), BOOL_TAG); @@ -77,18 +82,23 @@ public static short instance(short key) { return ptr; } - public static KMBoolTag cast(short ptr) { + private static KMBoolTag cast(short ptr) { + validate(ptr); + return proto(ptr); + } + + public static void validate(short ptr) { if (heap[ptr] != TAG_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } if (Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)) != BOOL_TAG) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } - return proto(ptr); } public short getKey() { - return Util.getShort(heap, (short) (instanceTable[KM_BOOL_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_BOOL_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); } public short getTagType() { @@ -96,7 +106,19 @@ public short getTagType() { } public byte getVal() { - return heap[(short) (instanceTable[KM_BOOL_TAG_OFFSET] + TLV_HEADER_SIZE + 4)]; + return heap[(short) (KMType.instanceTable[KM_BOOL_TAG_OFFSET] + TLV_HEADER_SIZE + 4)]; + } + + public static short getKey(short bPtr) { + return KMBoolTag.cast(bPtr).getKey(); + } + + public static short getTagType(short bPtr) { + return KMBoolTag.cast(bPtr).getTagType(); + } + + public static byte getVal(short bPtr) { + return KMBoolTag.cast(bPtr).getVal(); } // validate the tag key. @@ -113,4 +135,5 @@ private static boolean validateKey(short key) { public static short[] getTags() { return tags; } + } diff --git a/Applet/src/com/android/javacard/kmdevice/KMBootDataStore.java b/Applet/src/com/android/javacard/kmdevice/KMBootDataStore.java new file mode 100644 index 00000000..ca875b96 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMBootDataStore.java @@ -0,0 +1,45 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmdevice; + +public interface KMBootDataStore { + + /** + * Get Verified Boot hash. Part of RoT. Part of data sent by the aosp bootloader. + */ + short getVerifiedBootHash(byte[] buffer, short start); + + /** + * Get Boot Key. Part of RoT. Part of data sent by the aosp bootloader. + */ + short getBootKey(byte[] buffer, short start); + + /** + * Get Boot state. Part of RoT. Part of data sent by the aosp bootloader. + */ + short getBootState(); + + /** + * Returns true if device bootloader is locked. Part of RoT. Part of data sent by the aosp + * bootloader. + */ + boolean isDeviceBootLocked(); + + /** + * Get Boot patch level. Part of data sent by the aosp bootloader. + */ + short getBootPatchLevel(byte[] buffer, short start); +} diff --git a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java b/Applet/src/com/android/javacard/kmdevice/KMByteBlob.java similarity index 57% rename from Applet/src/com/android/javacard/keymaster/KMByteBlob.java rename to Applet/src/com/android/javacard/kmdevice/KMByteBlob.java index d980bd9a..97b73bec 100644 --- a/Applet/src/com/android/javacard/keymaster/KMByteBlob.java +++ b/Applet/src/com/android/javacard/kmdevice/KMByteBlob.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -27,16 +27,17 @@ */ public class KMByteBlob extends KMType { + private static short OFFSET_SIZE = 2; private static KMByteBlob prototype; - private KMByteBlob() { + protected KMByteBlob() { } private static KMByteBlob proto(short ptr) { if (prototype == null) { prototype = new KMByteBlob(); } - instanceTable[KM_BYTE_BLOB_OFFSET] = ptr; + KMType.instanceTable[KM_BYTE_BLOB_OFFSET] = ptr; return prototype; } @@ -47,25 +48,34 @@ public static short exp() { // return an empty byte blob instance public static short instance(short length) { - return KMType.instance(BYTE_BLOB_TYPE, length); + short ptr = KMType.instance(BYTE_BLOB_TYPE, (short) (length + OFFSET_SIZE)); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), + (short) (ptr + TLV_HEADER_SIZE + OFFSET_SIZE)); + Util.setShort(heap, (short) (ptr + 1), length); + return ptr; } // byte blob from existing buf public static short instance(byte[] buf, short startOff, short length) { short ptr = instance(length); - Util.arrayCopyNonAtomic(buf, startOff, heap, (short) (ptr + TLV_HEADER_SIZE), length); + Util.arrayCopyNonAtomic(buf, startOff, heap, (short) (ptr + TLV_HEADER_SIZE + OFFSET_SIZE), + length); return ptr; } // cast the ptr to KMByteBlob - public static KMByteBlob cast(short ptr) { + private static KMByteBlob cast(short ptr) { + validate(ptr); + return proto(ptr); + } + + public static void validate(short ptr) { if (heap[ptr] != BYTE_BLOB_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } if (Util.getShort(heap, (short) (ptr + 1)) == INVALID_VALUE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } - return proto(ptr); } // Add the byte @@ -74,7 +84,7 @@ public void add(short index, byte val) { if (index >= len) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } - heap[(short) (instanceTable[KM_BYTE_BLOB_OFFSET] + TLV_HEADER_SIZE + index)] = val; + heap[(short) (getStartOff() + index)] = val; } // Get the byte @@ -83,17 +93,17 @@ public byte get(short index) { if (index >= len) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } - return heap[(short) (instanceTable[KM_BYTE_BLOB_OFFSET] + TLV_HEADER_SIZE + index)]; + return heap[(short) (getStartOff() + index)]; } // Get the start of blob public short getStartOff() { - return (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + TLV_HEADER_SIZE); + return Util.getShort(heap, (short) (getBaseOffset() + TLV_HEADER_SIZE)); } // Get the length of the blob public short length() { - return Util.getShort(heap, (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + 1)); + return Util.getShort(heap, (short) (getBaseOffset() + 1)); } // Get the buffer pointer in which blob is contained. @@ -112,26 +122,71 @@ public short getValues(byte[] destBuf, short destStart) { } public void setValue(byte[] srcBuf, short srcStart, short srcLength) { - if (length() > srcLength) { + if (length() < srcLength) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } - Util.arrayCopyNonAtomic(srcBuf, srcStart, heap, getStartOff(), length()); + Util.arrayCopyNonAtomic(srcBuf, srcStart, heap, getStartOff(), srcLength); + setLength(srcLength); } public boolean isValid() { - if (length() == 0) { - return false; - } - return true; + return (length() != 0); + } + + public void setStartOff(short offset) { + Util.setShort(heap, (short) (getBaseOffset() + TLV_HEADER_SIZE), offset); } - public void decrementLength(short len) { - short length = Util.getShort(heap, (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + 1)); - length = (short) (length - len); - Util.setShort(heap, (short) (instanceTable[KM_BYTE_BLOB_OFFSET] + 1), length); + protected short getBaseOffset() { + return instanceTable[KM_BYTE_BLOB_OFFSET]; } public void setLength(short len) { - Util.setShort(heap, (short)(instanceTable[KM_BYTE_BLOB_OFFSET] + 1), len); + Util.setShort(heap, (short) (getBaseOffset() + 1), len); + } + + + public static void add(short bPtr, short index, byte val) { + cast(bPtr).add(index, val); + } + + public static byte get(short bPtr, short index) { + return cast(bPtr).get(index); + } + + public static short getStartOff(short bPtr) { + return cast(bPtr).getStartOff(); + } + + public static short length(short bPtr) { + return cast(bPtr).length(); + } + + public static byte[] getBuffer(short bPtr) { + return cast(bPtr).getBuffer(); + } + + public static void getValue(short bPtr, byte[] destBuf, short destStart, short destLength) { + cast(bPtr).getValue(destBuf, destStart, destLength); + } + + public static short getValues(short bPtr, byte[] destBuf, short destStart) { + return cast(bPtr).getValues(destBuf, destStart); + } + + public static void setValue(short bPtr, byte[] srcBuf, short srcStart, short srcLength) { + cast(bPtr).setValue(srcBuf, srcStart, srcLength); + } + + public static boolean isValid(short bPtr) { + return cast(bPtr).isValid(); + } + + public static void setStartOff(short bPtr, short offset) { + cast(bPtr).setStartOff(offset); + } + + public static void setLength(short bPtr, short len) { + cast(bPtr).setLength(len); } } diff --git a/Applet/src/com/android/javacard/keymaster/KMByteTag.java b/Applet/src/com/android/javacard/kmdevice/KMByteTag.java similarity index 65% rename from Applet/src/com/android/javacard/keymaster/KMByteTag.java rename to Applet/src/com/android/javacard/kmdevice/KMByteTag.java index 89401e4f..a5507515 100644 --- a/Applet/src/com/android/javacard/keymaster/KMByteTag.java +++ b/Applet/src/com/android/javacard/kmdevice/KMByteTag.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -31,36 +31,42 @@ public class KMByteTag extends KMTag { private static KMByteTag prototype; // The allowed tag keys of type bool tag - private static final short[] tags = { - APPLICATION_ID, - APPLICATION_DATA, - ROOT_OF_TRUST, - UNIQUE_ID, - ATTESTATION_CHALLENGE, - ATTESTATION_APPLICATION_ID, - ATTESTATION_ID_BRAND, - ATTESTATION_ID_DEVICE, - ATTESTATION_ID_PRODUCT, - ATTESTATION_ID_SERIAL, - ATTESTATION_ID_IMEI, - ATTESTATION_ID_MEID, - ATTESTATION_ID_MANUFACTURER, - ATTESTATION_ID_MODEL, - ASSOCIATED_DATA, - NONCE, - CONFIRMATION_TOKEN, - VERIFIED_BOOT_KEY, - VERIFIED_BOOT_HASH - }; + private static short[] tags; private KMByteTag() { } + public static void initStatics() { + tags = new short[]{ + APPLICATION_ID, + APPLICATION_DATA, + ROOT_OF_TRUST, + UNIQUE_ID, + ATTESTATION_CHALLENGE, + ATTESTATION_APPLICATION_ID, + ATTESTATION_ID_BRAND, + ATTESTATION_ID_DEVICE, + ATTESTATION_ID_PRODUCT, + ATTESTATION_ID_SERIAL, + ATTESTATION_ID_IMEI, + ATTESTATION_ID_MEID, + ATTESTATION_ID_MANUFACTURER, + ATTESTATION_ID_MODEL, + ASSOCIATED_DATA, + NONCE, + CONFIRMATION_TOKEN, + VERIFIED_BOOT_KEY, + VERIFIED_BOOT_HASH, + CERTIFICATE_SERIAL_NUM, + CERTIFICATE_SUBJECT_NAME, + }; + } + private static KMByteTag proto(short ptr) { if (prototype == null) { prototype = new KMByteTag(); } - instanceTable[KM_BYTE_TAG_OFFSET] = ptr; + KMType.instanceTable[KM_BYTE_TAG_OFFSET] = ptr; return prototype; } @@ -95,7 +101,7 @@ public static short instance(short key, short byteBlob) { return ptr; } - public static KMByteTag cast(short ptr) { + private static KMByteTag cast(short ptr) { if (heap[ptr] != TAG_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -106,7 +112,8 @@ public static KMByteTag cast(short ptr) { } public short getKey() { - return Util.getShort(heap, (short) (instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); } public short getTagType() { @@ -114,12 +121,30 @@ public short getTagType() { } public short getValue() { - return Util.getShort(heap, (short) (instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); } public short length() { - short blobPtr = Util.getShort(heap, (short) (instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); - return KMByteBlob.cast(blobPtr).length(); + short blobPtr = Util.getShort(heap, + (short) (KMType.instanceTable[KM_BYTE_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); + return KMByteBlob.length(blobPtr); + } + + public static short getKey(short bPtr) { + return KMByteTag.cast(bPtr).getKey(); + } + + public static short getTagType(short bPtr) { + return KMByteTag.cast(bPtr).getTagType(); + } + + public static short getValue(short bPtr) { + return KMByteTag.cast(bPtr).getValue(); + } + + public static short length(short bPtr) { + return KMByteTag.cast(bPtr).length(); } private static boolean validateKey(short key) { diff --git a/Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java b/Applet/src/com/android/javacard/kmdevice/KMComputedHmacKey.java similarity index 50% rename from Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java rename to Applet/src/com/android/javacard/kmdevice/KMComputedHmacKey.java index 9621b417..82c55785 100644 --- a/Applet/src/com/android/javacard/keymaster/KMComputedHmacKey.java +++ b/Applet/src/com/android/javacard/kmdevice/KMComputedHmacKey.java @@ -1,5 +1,6 @@ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; public interface KMComputedHmacKey { + } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java b/Applet/src/com/android/javacard/kmdevice/KMConfigurations.java similarity index 96% rename from Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java rename to Applet/src/com/android/javacard/kmdevice/KMConfigurations.java index 6e5090a1..85c7aaf5 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMConfigurations.java +++ b/Applet/src/com/android/javacard/kmdevice/KMConfigurations.java @@ -13,9 +13,10 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; public class KMConfigurations { + // Machine types public static final byte LITTLE_ENDIAN = 0x00; public static final byte BIG_ENDIAN = 0x01; diff --git a/Applet/src/com/android/javacard/kmdevice/KMCose.java b/Applet/src/com/android/javacard/kmdevice/KMCose.java new file mode 100644 index 00000000..e9e05d0e --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCose.java @@ -0,0 +1,591 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; + +/** + * This class constructs the Cose messages like CoseKey, CoseMac0, MacStructure, CoseSign1, + * SignStructure, CoseEncrypt, EncryptStructure and ReceipientStructures. + */ +public class KMCose { + + //COSE SIGN1 + public static final byte COSE_SIGN1_ENTRY_COUNT = 4; + public static final byte COSE_SIGN1_PROTECTED_PARAMS_OFFSET = 0; + public static final short COSE_SIGN1_UNPROTECTED_PARAMS_OFFSET = 1; + public static final short COSE_SIGN1_PAYLOAD_OFFSET = 2; + public static final short COSE_SIGN1_SIGNATURE_OFFSET = 3; + //COSE MAC0 + public static final short COSE_MAC0_ENTRY_COUNT = 4; + public static final short COSE_MAC0_PROTECTED_PARAMS_OFFSET = 0; + public static final short COSE_MAC0_UNPROTECTED_PARAMS_OFFSET = 1; + public static final short COSE_MAC0_PAYLOAD_OFFSET = 2; + public static final short COSE_MAC0_TAG_OFFSET = 3; + //COSE ENCRYPT + public static final short COSE_ENCRYPT_ENTRY_COUNT = 4; + public static final short COSE_ENCRYPT_STRUCTURE_ENTRY_COUNT = 3; + public static final short COSE_ENCRYPT_RECIPIENT_ENTRY_COUNT = 3; + public static final short COSE_ENCRYPT_PROTECTED_PARAMS_OFFSET = 0; + public static final short COSE_ENCRYPT_UNPROTECTED_PARAMS_OFFSET = 1; + public static final short COSE_ENCRYPT_PAYLOAD_OFFSET = 2; + public static final short COSE_ENCRYPT_RECIPIENTS_OFFSET = 3; + + //COSE Labels + public static final byte COSE_LABEL_ALGORITHM = 1; + public static final byte COSE_LABEL_KEYID = 4; + public static final byte COSE_LABEL_IV = 5; + public static final byte COSE_LABEL_COSE_KEY = (byte) 0xFF; // -1 + + //COSE Algorithms + public static final byte COSE_ALG_AES_GCM_256 = 3; //AES-GCM mode w/ 256-bit key, 128-bit tag. + public static final byte COSE_ALG_HMAC_256 = 5; //HMAC w/ SHA-256 + public static final byte COSE_ALG_ES256 = (byte) 0xF9; // ECDSA w/ SHA-256; -7 + public static final byte COSE_ALG_ECDH_ES_HKDF_256 = (byte) 0xE7; // ECDH-EC+HKDF-256; -25 + + //COSE P256 EC Curve + public static final byte COSE_ECCURVE_256 = 1; + + //COSE key types + public static final byte COSE_KEY_TYPE_EC2 = 2; + public static final byte COSE_KEY_TYPE_SYMMETRIC_KEY = 4; + + //COSE Key Operations + public static final byte COSE_KEY_OP_SIGN = 1; + public static final byte COSE_KEY_OP_VERIFY = 2; + public static final byte COSE_KEY_OP_ENCRYPT = 3; + public static final byte COSE_KEY_OP_DECRYPT = 4; + + // AES GCM + public static final short AES_GCM_NONCE_LENGTH = 12; + public static final short AES_GCM_TAG_SIZE = 16; + public static final short AES_GCM_KEY_SIZE = 32; + public static final short AES_GCM_KEY_SIZE_BITS = 256; + // Cose key parameters. + public static final byte COSE_KEY_KEY_TYPE = 1; + public static final byte COSE_KEY_KEY_ID = 2; + public static final byte COSE_KEY_ALGORITHM = 3; + public static final byte COSE_KEY_KEY_OPS = 4; + public static final byte COSE_KEY_CURVE = -1; + public static final byte COSE_KEY_PUBKEY_X = -2; + public static final byte COSE_KEY_PUBKEY_Y = -3; + public static final byte COSE_KEY_PRIV_KEY = -4; + public static byte[] COSE_TEST_KEY; // -70000 + public static final short COSE_KEY_MAX_SIZE = 4; + + // kdfcontext strings + public static byte[] client; + public static byte[] server; + //Context strings + public static byte[] MAC_CONTEXT; // MAC0 + public static byte[] SIGNATURE1_CONTEXT; // Signature1 + public static byte[] ENCRYPT_CONTEXT; // Encrypt + //Empty strings + public static byte[] EMPTY_MAC_KEY; // "Empty MAC key" + + // Certificate payload supported keys + public static final byte ISSUER = (byte) 0x01; + public static final byte SUBJECT = (byte) 0x02; + public static byte[] CODE_HASH; + public static byte[] CODE_DESCRIPTOR; + public static byte[] CONFIG_HASH; + public static byte[] CONFIG_DESCRIPTOR; + public static byte[] AUTHORITY_HASH; + public static byte[] AUTHORITY_DESCRIPTOR; + public static byte[] MODE; + public static byte[] SUBJECT_PUBLIC_KEY; + public static byte[] KEY_USAGE; + // text strings + public static byte[] TEST_ISSUER_NAME; // "Issuer" + public static byte[] TEST_SUBJECT_NAME; // "Subject" + public static byte[] KEY_USAGE_SIGN; // Key usage sign + public static byte[] MAC_DERIVE_KEY_CTX; // "Key to MAC public keys" + + private static KMCose prototype; + + public static void initStatics() { + COSE_TEST_KEY = new byte[]{(byte) 0xFF, (byte) 0xFE, (byte) 0xEE, (byte) 0x90}; // -70000 + client = new byte[]{0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74}; + server = new byte[]{0x73, 0x65, 0x72, 0x76, 0x65, 0x72}; + MAC_CONTEXT = new byte[]{0x4d, 0x41, 0x43, 0x30}; // MAC0 + SIGNATURE1_CONTEXT = new byte[] + {0x53, 0x69, 0x67, 0x6E, 0x61, 0x74, 0x75, 0x72, 0x65, 0x31}; // Signature1 + ENCRYPT_CONTEXT = new byte[]{0x45, 0x6E, 0x63, 0x72, 0x79, 0x70, 0x74}; // Encrypt + EMPTY_MAC_KEY = new byte[] + {0x45, 0x6d, 0x70, 0x74, 0x79, 0x20, 0x4d, 0x41, 0x43, 0x20, 0x6b, 0x65, + 0x79}; // "Empty MAC key" + + CODE_HASH = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xAF}; + CODE_DESCRIPTOR = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xAE}; + CONFIG_HASH = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xAD}; + CONFIG_DESCRIPTOR = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xAC}; + AUTHORITY_HASH = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xAB}; + AUTHORITY_DESCRIPTOR = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xAA}; + MODE = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xA9}; + SUBJECT_PUBLIC_KEY = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xA8}; + KEY_USAGE = new byte[]{(byte) 0xFF, (byte) 0xB8, (byte) 0xBB, (byte) 0xA7}; + // text strings + TEST_ISSUER_NAME = new byte[]{(byte) 0x49, 0x73, 0x73, 0x75, 0x65, 0x72}; // "Issuer" + TEST_SUBJECT_NAME = new byte[]{0x53, 0x75, 0x62, 0x6A, 0x65, 0x63, 0x74}; // "Subject" + KEY_USAGE_SIGN = new byte[]{0x20}; // Key usage sign + MAC_DERIVE_KEY_CTX = new byte[] + {0x4B, 0x65, 0x79, 0x20, 0x74, 0x6F, 0x20, 0x4D, 0x41, 0x43, 0x20, 0x70, 0x75, 0x62, 0x6C, + 0x69, 0x63, + 0x20, 0x6B, 0x65, 0x79, 0x73}; // "Key to MAC public keys" + + } + + public static KMCose getInstance() { + if (prototype == null) { + prototype = new KMCose(); + } + return prototype; + } + + /** + * Constructs the Cose MAC structure. + * + * @param protectedHeader Bstr pointer which holds the protected header. + * @param extAad Bstr pointer which holds the external Aad. + * @param payload Bstr pointer which holds the payload of the MAC structure. + * @return KMArray instance of MAC structure. + */ + public short constructCoseMacStructure(short protectedHeader, short extAad, short payload) { + // Create MAC Structure and compute HMAC as per https://tools.ietf.org/html/rfc8152#section-6.3 + // MAC_structure = [ + // context : "MAC" / "MAC0", + // protected : empty_or_serialized_map, + // external_aad : bstr, + // payload : bstr + // ] + short arrPtr = KMArray.instance(KMCose.COSE_MAC0_ENTRY_COUNT); + // 1 - Context + KMArray.add(arrPtr, (short) 0, KMTextString.instance(KMCose.MAC_CONTEXT, (short) 0, + (short) KMCose.MAC_CONTEXT.length)); + // 2 - Protected headers. + KMArray.add(arrPtr, (short) 1, protectedHeader); + // 3 - external aad + KMArray.add(arrPtr, (short) 2, extAad); + // 4 - payload. + KMArray.add(arrPtr, (short) 3, payload); + return arrPtr; + } + + /** + * Constructs the COSE_MAC0 object. + * + * @param protectedHeader Bstr pointer which holds the protected header. + * @param unprotectedHeader Bstr pointer which holds the unprotected header. + * @param payload Bstr pointer which holds the payload of the MAC structure. + * @param tag Bstr pointer which holds the tag value. + * @return KMArray instance of COSE_MAC0 object. + */ + public short constructCoseMac0(short protectedHeader, short unprotectedHeader, short payload, + short tag) { + // Construct Cose_MAC0 + // COSE_Mac0 = [ + // protectedHeader, + // unprotectedHeader, + // payload : bstr / nil, + // tag : bstr, + // ] + short arrPtr = KMArray.instance(KMCose.COSE_MAC0_ENTRY_COUNT); + // 1 - protected headers + KMArray.add(arrPtr, (short) 0, protectedHeader); + // 2 - unprotected headers + KMArray.add(arrPtr, (short) 1, unprotectedHeader); + // 2 - payload + KMArray.add(arrPtr, (short) 2, payload); + // 3 - tag + KMArray.add(arrPtr, (short) 3, tag); + // Do encode. + return arrPtr; + } + + /** + * Constructs the COSE_Signature structure. + * + * @param protectedHeader Bstr pointer which holds the protected header. + * @param extAad Bstr pointer which holds the aad. + * @param payload Bstr pointer which holds the payload. + * @return KMArray instance of COSE_Signature object. + */ + public short constructCoseSignStructure(short protectedHeader, short extAad, short payload) { + // Sig_structure = [ + // context : "Signature" / "Signature1" / "CounterSignature", + // body_protected : empty_or_serialized_map, + // ? sign_protected : empty_or_serialized_map, + // external_aad : bstr, + // payload : bstr + // ] + short arrPtr = KMArray.instance(KMCose.COSE_SIGN1_ENTRY_COUNT); + // 1 - Context + KMArray.add(arrPtr, (short) 0, KMTextString.instance(KMCose.SIGNATURE1_CONTEXT, (short) 0, + (short) KMCose.SIGNATURE1_CONTEXT.length)); + // 2 - Protected headers. + KMArray.add(arrPtr, (short) 1, protectedHeader); + // 3 - external aad + KMArray.add(arrPtr, (short) 2, extAad); + // 4 - payload. + KMArray.add(arrPtr, (short) 3, payload); + return arrPtr; + } + + /** + * Constructs the COSE_Sign1 object. + * + * @param protectedHeader Bstr pointer which holds the protected header. + * @param unProtectedHeader Bstr pointer which holds the unprotected header. + * @param payload Bstr pointer which holds the payload. + * @param signature Bstr pointer which holds the signature. + * @return KMArray instance of COSE_Sign1 object. + */ + public short constructCoseSign1(short protectedHeader, short unProtectedHeader, short payload, + short signature) { + // COSE_Sign = [ + // protectedHeader, + // unprotectedHeader, + // payload : bstr / nil, + // signatures : [+ COSE_Signature] + // ] + short arrPtr = KMArray.instance(KMCose.COSE_SIGN1_ENTRY_COUNT); + // 1 - protected headers + KMArray.add(arrPtr, (short) 0, protectedHeader); + // 2 - unprotected headers + KMArray.add(arrPtr, (short) 1, unProtectedHeader); + // 2 - payload + KMArray.add(arrPtr, (short) 2, payload); + // 3 - tag + KMArray.add(arrPtr, (short) 3, signature); + return arrPtr; + } + + /** + * Constructs array based on the tag values provided. + * + * @param tags array of tag values to be constructed. + * @param includeTestMode flag which indicates if TEST_COSE_KEY should be included or not. + * @return instance of KMArray. + */ + private short handleCosePairTags(short[] tags, boolean includeTestMode) { + short index = 0; + // var is used to calculate the length of the array. + short var = 0; + while (index < tags.length) { + if (tags[(short) (index + 1)] != KMType.INVALID_VALUE) { + tags[(short) (index + 2)] = + buildCosePairTag((byte) tags[index], tags[(short) (index + 1)]); + var++; + } + index += 3; + } + var += includeTestMode ? 1 : 0; + short arrPtr = KMArray.instance(var); + index = 0; + // var is used to index the array. + var = 0; + while (index < tags.length) { + if (tags[(short) (index + 2)] != KMType.INVALID_VALUE) { + KMArray.add(arrPtr, var++, tags[(short) (index + 2)]); + } + index += 3; + } + return arrPtr; + } + + /** + * Constructs the COSE_sign1 payload for certificate. + * + * @param issuer instance of KMCosePairTextStringTag which contains issuer value. + * @param subject instance of KMCosePairTextStringTag which contains subject value. + * @param subPublicKey instance of KMCosePairByteBlobTag which contains encoded KMCoseKey. + * @param keyUsage instance of KMCosePairByteBlobTag which contains key usage value. + * @return instance of KMArray. + */ + public short constructCoseCertPayload(short issuer, short subject, short subPublicKey, + short keyUsage) { + short certPayload = KMArray.instance((short) 4); + KMArray.add(certPayload, (short) 0, issuer); + KMArray.add(certPayload, (short) 1, subject); + KMArray.add(certPayload, (short) 2, subPublicKey); + KMArray.add(certPayload, (short) 3, keyUsage); + certPayload = KMCoseCertPayload.instance(certPayload); + KMCoseCertPayload.cast(certPayload).canonicalize(); + return certPayload; + } + + /** + * Construct headers structure. Headers can be part of COSE_Sign1, COSE_Encrypt, COSE_Mac0 and + * COSE_Key. + * + * @param alg instance of either KMNInteger or KMInteger, based on the sign of algorithm value. + * @param keyId instance of KMByteBlob which contains the key identifier. + * @param iv instance of KMByteblob which contains the iv buffer. + * @param ephemeralKey instance of KMCoseKey. + * @return instance of KMCoseHeaders. + */ + public short constructHeaders(short alg, short keyId, short iv, short ephemeralKey) { + short[] coseHeaderTags = { + KMCose.COSE_LABEL_ALGORITHM, alg, KMType.INVALID_VALUE, + KMCose.COSE_LABEL_KEYID, keyId, KMType.INVALID_VALUE, + KMCose.COSE_LABEL_IV, iv, KMType.INVALID_VALUE, + KMCose.COSE_LABEL_COSE_KEY, ephemeralKey, KMType.INVALID_VALUE + }; + short ptr = handleCosePairTags(coseHeaderTags, false); + ptr = KMCoseHeaders.instance(ptr); + KMCoseHeaders.cast(ptr).canonicalize(); + return ptr; + } + + /** + * Construct Recipients structure for COSE_Encrypt message. + * + * @param protectedHeaders instance of KMByteBlob which contains encoded KMCoseHeaders. + * @param unprotectedHeaders instance of KMCoseHeaders. + * @param cipherText instance of KMSimple + * @return instance of KMArray. + */ + public short constructRecipientsStructure(short protectedHeaders, short unprotectedHeaders, + short cipherText) { + // recipients : [+COSE_recipient] + // COSE_recipient = [ + // Headers, + // ciphertext : bstr / nil, + // ? recipients : [+COSE_recipient] + // ] + short arrPtr = KMArray.instance(COSE_ENCRYPT_RECIPIENT_ENTRY_COUNT); + // 1 - protected headers + KMArray.add(arrPtr, (short) 0, protectedHeaders); + // 2 - unprotected headers + KMArray.add(arrPtr, (short) 1, unprotectedHeaders); + // 2 - payload + KMArray.add(arrPtr, (short) 2, cipherText); + + short recipientsArrayPtr = KMArray.instance((short) 1); + KMArray.add(recipientsArrayPtr, (short) 0, arrPtr); + return recipientsArrayPtr; + } + + /** + * Construct Encrypt structure required for COSE_Encrypt message. + * + * @param protectedHeader instance of KMByteBlob which wraps KMCoseHeaders. + * @param aad instance of KMByteBlob. + * @return instance of KMArray. + */ + public short constructCoseEncryptStructure(short protectedHeader, short aad) { + // Enc_structure = [ + // context : "Encrypt" / "Encrypt0" / "Enc_Recipient" / + // "Mac_Recipient" / "Rec_Recipient", + // protected : empty_or_serialized_map, + // external_aad : bstr + // ] + short arrPtr = KMArray.instance(COSE_ENCRYPT_STRUCTURE_ENTRY_COUNT); + // 1 - protected headers + KMArray.add(arrPtr, (short) 0, KMTextString.instance(KMCose.ENCRYPT_CONTEXT, (short) 0, + (short) KMCose.ENCRYPT_CONTEXT.length)); + // 2 - unprotected headers + KMArray.add(arrPtr, (short) 1, protectedHeader); + // 2 - payload + KMArray.add(arrPtr, (short) 2, aad); + return arrPtr; + } + + /** + * Constructs COSE_Encrypt message. + * + * @param protectedHeader instance of KMByteBlob which wraps KMCoseHeaders. + * @param unProtectedHeader instance of KMCoseHeaders. + * @param cipherText instance of KMByteBlob containing the cipher text. + * @param recipients instance of KMArray containing the recipients instance + * @return instance of KMArray. + */ + public short constructCoseEncrypt(short protectedHeader, short unProtectedHeader, + short cipherText, + short recipients) { + // COSE_Encrypt = [ + // protectedHeader, + // unprotectedHeader, + // ciphertext : bstr / nil, + // recipients : [+COSE_recipient] + // ] + short arrPtr = KMArray.instance(KMCose.COSE_ENCRYPT_ENTRY_COUNT); + // 1 - protected headers + KMArray.add(arrPtr, (short) 0, protectedHeader); + // 2 - unprotected headers + KMArray.add(arrPtr, (short) 1, unProtectedHeader); + // 2 - payload + KMArray.add(arrPtr, (short) 2, cipherText); + // 3 - tag + KMArray.add(arrPtr, (short) 3, recipients); + return arrPtr; + } + + /** + * Constructs the instance of KMCosePair*Tag. + * + * @param key value of the key. + * @param valuePtr instance of one of KMType. + * @return instance of KMCosePair*Value object. + */ + public short buildCosePairTag(byte key, short valuePtr) { + short type = KMType.getKMType(valuePtr); + short keyPtr; + if (key < 0) { + keyPtr = KMNInteger.uint_8(key); + } else { + keyPtr = KMInteger.uint_8(key); + } + switch (type) { + case KMType.INTEGER_TYPE: + return KMCosePairIntegerTag.instance(keyPtr, valuePtr); + case KMType.NEG_INTEGER_TYPE: + return KMCosePairNegIntegerTag.instance(keyPtr, valuePtr); + case KMType.BYTE_BLOB_TYPE: + return KMCosePairByteBlobTag.instance(keyPtr, valuePtr); + case KMType.TEXT_STRING_TYPE: + return KMCosePairTextStringTag.instance(keyPtr, valuePtr); + case KMType.COSE_KEY_TYPE: + return KMCosePairCoseKeyTag.instance(keyPtr, valuePtr); + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + return 0; + } + } + + /** + * Constructs a CoseKey with the provided input paramters. + * + * @param keyType Instance of the identification of the key type. + * @param keyId Instance of key identification value. + * @param keyAlg Instance of the algorithm that is used with this key. + * @param keyOps Instance of the operation that this key is used for. + * @param curve Instance of the EC curve that is used with this key. + * @param pubKey Buffer containing the public key. + * @param pubKeyOff Start offset of the buffer. + * @param pubKeyLen Length of the public key. + * @param privKeyPtr Instance of the private key. + * @param testMode Represents if key is used in test mode or production mode. + * @return Instance of the CoseKey structure. + */ + public short constructCoseKey(short keyType, short keyId, short keyAlg, short keyOps, + short curve, byte[] pubKey, short pubKeyOff, short pubKeyLen, + short privKeyPtr, boolean testMode) { + if (pubKey[pubKeyOff] == 0x04) { // uncompressed format + pubKeyOff += 1; + pubKeyLen -= 1; + } + pubKeyLen = (short) (pubKeyLen / 2); + short xPtr = KMByteBlob.instance(pubKey, pubKeyOff, pubKeyLen); + short yPtr = KMByteBlob.instance(pubKey, (short) (pubKeyOff + pubKeyLen), pubKeyLen); + short coseKey = constructCoseKey(keyType, keyId, keyAlg, keyOps, curve, xPtr, yPtr, privKeyPtr, + testMode); + KMCoseKey.cast(coseKey).canonicalize(); + return coseKey; + } + + /** + * Constructs the cose key based on input parameters supplied. All the parameters must be + * instantiated from either KMInteger or KMNInteger or KMByteblob types. + * + * @param keyType instance of KMInteger/KMNInteger which holds valid COSE key types. + * @param keyId instance of KMByteBlob which holds key identifier value. + * @param keyAlg instance of KMInteger/KMNInteger which holds valid COSE key algorithm. + * @param keyOps instance of KMInteger/KMNInteger which holds valid COSE key operations. + * @param curve instance of KMInteger/KMNInteger which holds valid COSE EC curve. + * @param pubX instance of KMByteBlob which holds EC public key's x value. + * @param pubY instance of KMByteBlob which holds EC public key's y value. + * @param priv instance of KMByteBlob which holds EC private value. + * @param includeTestKey flag which identifies whether to construct test key or production key. + * @return instance of the KMCoseKey object. + */ + public short constructCoseKey(short keyType, short keyId, short keyAlg, short keyOps, short curve, + short pubX, short pubY, short priv, boolean includeTestKey) { + short[] coseKeyTags = { + KMCose.COSE_KEY_KEY_TYPE, keyType, KMType.INVALID_VALUE, + KMCose.COSE_KEY_KEY_ID, keyId, KMType.INVALID_VALUE, + KMCose.COSE_KEY_ALGORITHM, keyAlg, KMType.INVALID_VALUE, + KMCose.COSE_KEY_KEY_OPS, keyOps, KMType.INVALID_VALUE, + KMCose.COSE_KEY_CURVE, curve, KMType.INVALID_VALUE, + KMCose.COSE_KEY_PUBKEY_X, pubX, KMType.INVALID_VALUE, + KMCose.COSE_KEY_PUBKEY_Y, pubY, KMType.INVALID_VALUE, + KMCose.COSE_KEY_PRIV_KEY, priv, KMType.INVALID_VALUE + }; + short arrPtr = handleCosePairTags(coseKeyTags, includeTestKey); + if (includeTestKey) { + short testKey = + KMCosePairSimpleValueTag.instance(KMNInteger.uint_32(KMCose.COSE_TEST_KEY, (short) 0), + KMSimpleValue.instance(KMSimpleValue.NULL)); + KMArray.add(arrPtr, (short) (KMArray.length(arrPtr) - 1), testKey); + } + arrPtr = KMCoseKey.instance(arrPtr); + KMCoseKey.cast(arrPtr).canonicalize(); + return arrPtr; + } + + /** + * Constructs key derivation context which is required to compute HKDF. + * + * @param publicKeyA public key buffer from the first party. + * @param publicKeyAOff start position of the public key buffer from first party. + * @param publicKeyALen length of the public key buffer from first party. + * @param publicKeyB public key buffer from the second party. + * @param publicKeyBOff start position of the public key buffer from second party. + * @param publicKeyBLen length of the public key buffer from second party. + * @param senderIsA true if caller is first party, false if caller is second party. + * @return instance of KMArray. + */ + public short constructKdfContext(byte[] publicKeyA, short publicKeyAOff, short publicKeyALen, + byte[] publicKeyB, short publicKeyBOff, short publicKeyBLen, + boolean senderIsA) { + short index = 0; + // Prepare sender info + short senderInfo = KMArray.instance((short) 3); + KMArray.add(senderInfo, index++, KMByteBlob.instance(client, (short) 0, (short) client.length)); + KMArray.add(senderInfo, index++, KMByteBlob.instance((short) 0)); + KMArray.add(senderInfo, index, senderIsA ? + KMByteBlob.instance(publicKeyA, publicKeyAOff, publicKeyALen) : + KMByteBlob.instance(publicKeyB, publicKeyBOff, publicKeyBLen)); + + // Prepare recipient info + index = 0; + short recipientInfo = KMArray.instance((short) 3); + KMArray.add(recipientInfo, index++, + KMByteBlob.instance(server, (short) 0, (short) server.length)); + KMArray.add(recipientInfo, index++, KMByteBlob.instance((short) 0)); + KMArray.add(recipientInfo, index, senderIsA ? + KMByteBlob.instance(publicKeyB, publicKeyBOff, publicKeyBLen) : + KMByteBlob.instance(publicKeyA, publicKeyAOff, publicKeyALen)); + + // supply public info + index = 0; + short publicInfo = KMArray.instance((short) 2); + KMArray.add(publicInfo, index++, KMInteger.uint_16(AES_GCM_KEY_SIZE_BITS)); + KMArray.add(publicInfo, index, KMByteBlob.instance((short) 0)); + + // construct kdf context + index = 0; + short arrPtr = KMArray.instance((short) 4); + KMArray.add(arrPtr, index++, KMInteger.uint_8(COSE_ALG_AES_GCM_256)); + KMArray.add(arrPtr, index++, senderInfo); + KMArray.add(arrPtr, index++, recipientInfo); + KMArray.add(arrPtr, index, publicInfo); + + return arrPtr; + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCoseCertPayload.java b/Applet/src/com/android/javacard/kmdevice/KMCoseCertPayload.java new file mode 100644 index 00000000..1643c28a --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCoseCertPayload.java @@ -0,0 +1,137 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCoseCertPayload represents the COSE_Sign1 payload for each certificate in BCC. The supported + * key types are KMInteger, KMNInteger and the supported value types are KMByteBlob and + * KMTextString. It corresponds to a CBOR Map type. struct{byte TAG_TYPE; short length; short + * arrayPtr } where arrayPtr is a pointer to array with any KMCosePairTagType subtype instances. + */ +public class KMCoseCertPayload extends KMCoseMap { + + private static KMCoseCertPayload prototype; + + private KMCoseCertPayload() { + } + + private static KMCoseCertPayload proto(short ptr) { + if (prototype == null) { + prototype = new KMCoseCertPayload(); + } + instanceTable[KM_COSE_CERT_PAYLOAD_OFFSET] = ptr; + return prototype; + } + + public static short exp() { + short arrPtr = KMArray.instance((short) 2); + KMArray.add(arrPtr, (short) 0, KMCosePairTextStringTag.exp()); + KMArray.add(arrPtr, (short) 1, KMCosePairByteBlobTag.exp()); + return KMCoseCertPayload.instance(arrPtr); + } + + public static short instance(short vals) { + short ptr = KMType.instance(COSE_CERT_PAYLOAD_TYPE, (short) 2); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); + return ptr; + } + + public static KMCoseCertPayload cast(short ptr) { + if (heap[ptr] != COSE_CERT_PAYLOAD_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + @Override + public short getVals() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_CERT_PAYLOAD_OFFSET] + TLV_HEADER_SIZE)); + } + + @Override + public short length() { + short arrPtr = getVals(); + return KMArray.length(arrPtr); + } + + @Override + public void canonicalize() { + KMCoseMap.canonicalize(getVals()); + } + + private short getValueType(short key, short significantKey) { + short arr = getVals(); + short length = length(); + short keyPtr; + short valPtr = 0; + short index = 0; + short tagType; + boolean found = false; + while (index < length) { + tagType = KMCosePairTagType.getTagValueType(KMArray.get(arr, index)); + switch (tagType) { + case KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE: + keyPtr = KMCosePairByteBlobTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == KMCosePairTagType.getKeyValueShort(keyPtr) && + significantKey == KMCosePairTagType.getKeyValueSignificantShort(keyPtr)) { + valPtr = KMCosePairByteBlobTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + case KMType.COSE_PAIR_TEXT_STR_TAG_TYPE: + keyPtr = KMCosePairTextStringTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == (byte) KMCosePairTagType.getKeyValueShort(keyPtr)) { + valPtr = KMCosePairTextStringTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + default: + break; + + } + if (found) { + break; + } + index++; + } + return valPtr; + } + + public short getSubjectPublicKey() { + return getValueType(Util.getShort(KMCose.SUBJECT_PUBLIC_KEY, (short) 2), // LSB + Util.getShort(KMCose.SUBJECT_PUBLIC_KEY, (short) 0) // MSB (Significant) + ); + } + + public short getSubject() { + return getValueType(KMCose.SUBJECT, KMType.INVALID_VALUE); + } + + public short getIssuer() { + return getValueType(KMCose.ISSUER, KMType.INVALID_VALUE); + } + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCoseHeaders.java b/Applet/src/com/android/javacard/kmdevice/KMCoseHeaders.java new file mode 100644 index 00000000..a1c2a653 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCoseHeaders.java @@ -0,0 +1,203 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCoseHeaders represents headers section from the Cose standard https://datatracker.ietf.org/doc/html/rfc8152#section-3. + * The supported key types are KMInteger, KMNInteger and the supported value types are KMInteger, + * KMNInteger, KMByteBlob, KMCoseKey. It corresponds to a CBOR Map type. struct{byte TAG_TYPE; short + * length; short arrayPtr } where arrayPtr is a pointer to array with any KMTag subtype instances. + */ +public class KMCoseHeaders extends KMCoseMap { + + private static KMCoseHeaders prototype; + + private KMCoseHeaders() { + } + + private static KMCoseHeaders proto(short ptr) { + if (prototype == null) { + prototype = new KMCoseHeaders(); + } + instanceTable[KM_COSE_HEADERS_OFFSET] = ptr; + return prototype; + } + + public static short exp() { + short arrPtr = KMArray.instance((short) 4); + // CoseKey is internally an Array so evaluate it separately. + short coseKeyValueExp = KMCosePairCoseKeyTag.exp(); + KMArray.add(arrPtr, (short) 0, KMCosePairIntegerTag.exp()); + KMArray.add(arrPtr, (short) 1, KMCosePairNegIntegerTag.exp()); + KMArray.add(arrPtr, (short) 2, KMCosePairByteBlobTag.exp()); + KMArray.add(arrPtr, (short) 3, coseKeyValueExp); + return KMCoseHeaders.instance(arrPtr); + } + + + public static short instance(short vals) { + short ptr = KMType.instance(COSE_HEADERS_TYPE, (short) 2); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); + return ptr; + } + + public static KMCoseHeaders cast(short ptr) { + if (heap[ptr] != COSE_HEADERS_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + @Override + public short getVals() { + return Util.getShort(heap, (short) (instanceTable[KM_COSE_HEADERS_OFFSET] + TLV_HEADER_SIZE)); + } + + @Override + public short length() { + short arrPtr = getVals(); + return KMArray.length(arrPtr); + } + + @Override + public void canonicalize() { + KMCoseMap.canonicalize(getVals()); + } + + private short getValueType(short key) { + short index = 0; + short len = length(); + short arr = getVals(); + short tagType; + short valPtr = 0; + short keyPtr; + boolean found = false; + while (index < len) { + tagType = KMCosePairTagType.getTagValueType(KMArray.get(arr, index)); + switch (tagType) { + case KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE: + keyPtr = KMCosePairByteBlobTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == (byte) KMCosePairTagType.getKeyValueShort(keyPtr)) { + valPtr = KMCosePairByteBlobTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + case KMType.COSE_PAIR_COSE_KEY_TAG_TYPE: + keyPtr = KMCosePairCoseKeyTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == (byte) KMCosePairTagType.getKeyValueShort(keyPtr)) { + valPtr = KMCosePairCoseKeyTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + case KMType.COSE_PAIR_INT_TAG_TYPE: + keyPtr = KMCosePairIntegerTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == (byte) KMCosePairTagType.getKeyValueShort(keyPtr)) { + valPtr = KMCosePairIntegerTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + case KMType.COSE_PAIR_NEG_INT_TAG_TYPE: + keyPtr = KMCosePairNegIntegerTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == (byte) KMCosePairTagType.getKeyValueShort(keyPtr)) { + valPtr = KMCosePairNegIntegerTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + default: + break; + } + if (found) { + break; + } + index++; + } + return valPtr; + } + + public short getKeyIdentifier() { + return getValueType(KMCose.COSE_LABEL_KEYID); + } + + public short getCoseKey() { + return getValueType(KMCose.COSE_LABEL_COSE_KEY); + } + + public short getIV() { + return getValueType(KMCose.COSE_LABEL_IV); + } + + public short getAlgorithm() { + return getValueType(KMCose.COSE_LABEL_ALGORITHM); + } + + public boolean isDataValid(short alg, short keyIdPtr) { + short[] headerTags = { + KMCose.COSE_LABEL_ALGORITHM, alg, + KMCose.COSE_LABEL_KEYID, keyIdPtr, + }; + boolean valid = false; + short value; + short ptr; + short tagIndex = 0; + while (tagIndex < headerTags.length) { + value = headerTags[(short) (tagIndex + 1)]; + if (value != KMType.INVALID_VALUE) { + valid = false; + ptr = getValueType(headerTags[tagIndex]); + switch (KMType.getKMType(ptr)) { + case KMType.BYTE_BLOB_TYPE: + if ((KMByteBlob.length(value) == KMByteBlob.length(ptr)) && + (0 == + Util.arrayCompare(KMByteBlob.getBuffer(value), + KMByteBlob.getStartOff(value), + KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr), + KMByteBlob.length(ptr)))) { + valid = true; + } + break; + case KMType.INTEGER_TYPE: + if (value == KMInteger.getShort(ptr)) { + valid = true; + } + break; + case KMType.NEG_INTEGER_TYPE: + if ((byte) value == (byte) KMNInteger.getShort(ptr)) { + valid = true; + } + break; + default: + break; + } + if (!valid) { + break; + } + } + tagIndex += 2; + } + return valid; + } + + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCoseKey.java b/Applet/src/com/android/javacard/kmdevice/KMCoseKey.java new file mode 100644 index 00000000..97f73bf3 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCoseKey.java @@ -0,0 +1,239 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCoseKey represents COSE_Key section from the Cose standard https://datatracker.ietf.org/doc/html/rfc8152#section-7 + * The supported key types are KMNInteger, KMInteger and the supported value types are KMInteger, + * KMNInteger, KMKeymasterApplet, KMSimpleValue. It corresponds to a CBOR Map type. struct{byte + * TAG_TYPE; short length; short arrayPtr } where arrayPtr is a pointer to array with any KMTag + * subtype instances. + */ +public class KMCoseKey extends KMCoseMap { + + private static KMCoseKey prototype; + + private KMCoseKey() { + } + + private static KMCoseKey proto(short ptr) { + if (prototype == null) { + prototype = new KMCoseKey(); + } + instanceTable[KM_COSE_KEY_OFFSET] = ptr; + return prototype; + } + + public static short exp() { + short arrPtr = KMArray.instance((short) 4); + KMArray.add(arrPtr, (short) 0, KMCosePairIntegerTag.exp()); + KMArray.add(arrPtr, (short) 1, KMCosePairNegIntegerTag.exp()); + KMArray.add(arrPtr, (short) 2, KMCosePairByteBlobTag.exp()); + KMArray.add(arrPtr, (short) 3, KMCosePairSimpleValueTag.exp()); + return KMCoseKey.instance(arrPtr); + } + + + public static short instance(short vals) { + short ptr = KMType.instance(COSE_KEY_TYPE, (short) 2); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); + return ptr; + } + + public static KMCoseKey cast(short ptr) { + if (heap[ptr] != COSE_KEY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + @Override + public short getVals() { + return Util.getShort(heap, (short) (instanceTable[KM_COSE_KEY_OFFSET] + TLV_HEADER_SIZE)); + } + + @Override + public short length() { + short arrPtr = getVals(); + return KMArray.length(arrPtr); + } + + private short getValueType(short key, short significantKey) { + short arr = getVals(); + short length = length(); + short keyPtr; + short valPtr = 0; + short index = 0; + short tagType; + boolean found = false; + while (index < length) { + tagType = KMCosePairTagType.getTagValueType(KMArray.get(arr, index)); + switch (tagType) { + case KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE: + keyPtr = KMCosePairByteBlobTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == (byte) KMCosePairTagType.getKeyValueShort(keyPtr)) { + valPtr = KMCosePairByteBlobTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + case KMType.COSE_PAIR_INT_TAG_TYPE: + keyPtr = KMCosePairIntegerTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == (byte) KMCosePairTagType.getKeyValueShort(keyPtr)) { + valPtr = KMCosePairIntegerTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + case KMType.COSE_PAIR_NEG_INT_TAG_TYPE: + keyPtr = KMCosePairNegIntegerTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == (byte) KMCosePairTagType.getKeyValueShort(keyPtr)) { + valPtr = KMCosePairNegIntegerTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + case KMType.COSE_PAIR_SIMPLE_VALUE_TAG_TYPE: + keyPtr = KMCosePairSimpleValueTag.cast(KMArray.get(arr, index)).getKeyPtr(); + if (key == KMCosePairTagType.getKeyValueShort(keyPtr) && + significantKey == KMCosePairTagType.getKeyValueSignificantShort(keyPtr)) { + valPtr = KMCosePairSimpleValueTag.cast(KMArray.get(arr, index)).getValuePtr(); + found = true; + } + break; + default: + break; + + } + if (found) { + break; + } + index++; + } + return valPtr; + } + + public short getKeyIdentifier() { + return getValueType(KMCose.COSE_KEY_KEY_ID, KMType.INVALID_VALUE); + } + + public short getEcdsa256PublicKey(byte[] pubKey, short pubKeyOff) { + short baseOffset = pubKeyOff; + pubKey[pubKeyOff] = (byte) 0x04; // uncompressed. + pubKeyOff++; + short ptr = getValueType(KMCose.COSE_KEY_PUBKEY_X, KMType.INVALID_VALUE); + Util.arrayCopy(KMByteBlob.getBuffer(ptr), KMByteBlob.getStartOff(ptr), + pubKey, pubKeyOff, KMByteBlob.length(ptr)); + pubKeyOff += KMByteBlob.length(ptr); + ptr = getValueType(KMCose.COSE_KEY_PUBKEY_Y, KMType.INVALID_VALUE); + Util.arrayCopy(KMByteBlob.getBuffer(ptr), KMByteBlob.getStartOff(ptr), + pubKey, pubKeyOff, KMByteBlob.length(ptr)); + pubKeyOff += KMByteBlob.length(ptr); + return (short) (pubKeyOff - baseOffset); + } + + public short getPrivateKey(byte[] priv, short privOff) { + short ptr = getValueType(KMCose.COSE_KEY_PRIV_KEY, KMType.INVALID_VALUE); + Util.arrayCopy(KMByteBlob.getBuffer(ptr), KMByteBlob.getStartOff(ptr), + priv, privOff, KMByteBlob.length(ptr)); + return KMByteBlob.length(ptr); + } + + public boolean isTestKey() { + short ptr = + getValueType( + Util.getShort(KMCose.COSE_TEST_KEY, (short) 2), // LSB + Util.getShort(KMCose.COSE_TEST_KEY, (short) 0) // MSB (Significant) + ); + boolean isTestKey = false; + if (ptr != 0) { + isTestKey = (KMSimpleValue.getValue(ptr) == KMSimpleValue.NULL); + } + return isTestKey; + } + + /** + * Verifies the KMCoseKey values against the input values. + * + * @param keyType value of the key type + * @param keyIdPtr instance of KMKeymasterApplet containing the key id. + * @param keyAlg value of the algorithm. + * @param keyOps value of the key operations. + * @param curve value of the curve. + * @return true if valid, otherwise false. + */ + public boolean isDataValid(short keyType, short keyIdPtr, short keyAlg, short keyOps, + short curve) { + short[] coseKeyTags = { + KMCose.COSE_KEY_KEY_TYPE, keyType, + KMCose.COSE_KEY_KEY_ID, keyIdPtr, + KMCose.COSE_KEY_ALGORITHM, keyAlg, + KMCose.COSE_KEY_KEY_OPS, keyOps, + KMCose.COSE_KEY_CURVE, curve, + }; + boolean valid = false; + short ptr; + short tagIndex = 0; + short value; + while (tagIndex < coseKeyTags.length) { + value = coseKeyTags[(short) (tagIndex + 1)]; + if (value != KMType.INVALID_VALUE) { + valid = false; + ptr = getValueType(coseKeyTags[tagIndex], KMType.INVALID_VALUE); + switch (KMType.getKMType(ptr)) { + case KMType.BYTE_BLOB_TYPE: + if ((KMByteBlob.length(value) == KMByteBlob.length(ptr)) && + (0 == + Util.arrayCompare(KMByteBlob.getBuffer(value), + KMByteBlob.getStartOff(value), + KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr), + KMByteBlob.length(ptr)))) { + valid = true; + } + break; + case KMType.INTEGER_TYPE: + if (value == KMInteger.getShort(ptr)) { + valid = true; + } + break; + case KMType.NEG_INTEGER_TYPE: + if ((byte) value == (byte) KMNInteger.getShort(ptr)) { + valid = true; + } + break; + } + if (!valid) { + break; + } + } + tagIndex += 2; + } + return valid; + } + + @Override + public void canonicalize() { + KMCoseMap.canonicalize(getVals()); + } + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCoseMap.java b/Applet/src/com/android/javacard/kmdevice/KMCoseMap.java new file mode 100644 index 00000000..c5ebf405 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCoseMap.java @@ -0,0 +1,165 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" (short)0IS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.JCSystem; +import javacard.framework.Util; + +/** + * This class represents either a Cose_key or Cose headers as defined in + * https://datatracker.ietf.org/doc/html/rfc8152 This is basically a map containing key value pairs. + * The label for the key can be (uint / int / tstr) and the value can be of any type. But this class + * is confined to support only key and value types which are required for remote key provisioning. + * So keys of type (int / uint) and values of type (int / uint / simple / bstr) only are supported. + * KMCoseHeaders and KMCoseKey implements this class. + */ +public abstract class KMCoseMap extends KMType { + + public static byte[] scratchpad; + + /** + * This function creates an instance of either KMCoseHeaders or KMCoseKey based on the type + * information provided. + * + * @param typePtr type information of the underlying KMType. + * @param arrPtr instance of KMArray. + * @return instance type of either KMCoseHeaders or KMCoseKey. + */ + public static short createInstanceFromType(short typePtr, short arrPtr) { + short mapType = KMType.getKMType(typePtr); + switch (mapType) { + case KMType.COSE_HEADERS_TYPE: + return KMCoseHeaders.instance(arrPtr); + case KMType.COSE_KEY_TYPE: + return KMCoseKey.instance(arrPtr); + case KMType.COSE_CERT_PAYLOAD_TYPE: + return KMCoseCertPayload.instance(arrPtr); + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + return 0; + } + } + + public static short getVals(short ptr) { + short mapType = KMType.getKMType(ptr); + switch (mapType) { + case KMType.COSE_HEADERS_TYPE: + return KMCoseHeaders.cast(ptr).getVals(); + case KMType.COSE_KEY_TYPE: + return KMCoseKey.cast(ptr).getVals(); + case KMType.COSE_CERT_PAYLOAD_TYPE: + return KMCoseCertPayload.cast(ptr).getVals(); + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + return 0; + } + } + + abstract public short getVals(); + + abstract public short length(); + + abstract public void canonicalize(); + + private static short getKey(short tagPtr) { + short tagType = KMCosePairTagType.getTagValueType(tagPtr); + switch (tagType) { + case KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE: + return KMCosePairByteBlobTag.cast(tagPtr).getKeyPtr(); + case KMType.COSE_PAIR_INT_TAG_TYPE: + return KMCosePairIntegerTag.cast(tagPtr).getKeyPtr(); + case KMType.COSE_PAIR_NEG_INT_TAG_TYPE: + return KMCosePairNegIntegerTag.cast(tagPtr).getKeyPtr(); + case KMType.COSE_PAIR_SIMPLE_VALUE_TAG_TYPE: + return KMCosePairSimpleValueTag.cast(tagPtr).getKeyPtr(); + case KMType.COSE_PAIR_COSE_KEY_TAG_TYPE: + return KMCosePairCoseKeyTag.cast(tagPtr).getKeyPtr(); + case KMType.COSE_PAIR_TEXT_STR_TAG_TYPE: + return KMCosePairTextStringTag.cast(tagPtr).getKeyPtr(); + default: + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return 0; + } + + private static void createScratchBuffer() { + if (scratchpad == null) { + scratchpad = JCSystem.makeTransientByteArray((short) 120, JCSystem.CLEAR_ON_RESET); + } + } + + protected static void canonicalize(short arr) { + canonicalize(arr, KMArray.length(arr)); + } + + private static void swap(short ptr, short firstIndex, short secondIndex) { + if (KMType.getKMType(ptr) == KMType.ARRAY_TYPE) { + KMArray.swap(ptr, firstIndex, secondIndex); + } else { + KMMap.swap(ptr, firstIndex, secondIndex); + } + } + + private static boolean compareAndSwap(short ptr, short index) { + short firstKey; + short secondKey; + short firstKeyLen; + short secondKeyLen; + if (KMType.getKMType(ptr) == KMType.ARRAY_TYPE) { + firstKey = getKey(KMArray.get(ptr, index)); + secondKey = getKey(KMArray.get(ptr, (short) (index + 1))); + } else { // Map + firstKey = KMMap.getKey(ptr, index); + secondKey = KMMap.getKey(ptr, (short) (index + 1)); + } + firstKeyLen = KMKeymasterDevice.encoder.encode(firstKey, scratchpad, (short) 0); + secondKeyLen = KMKeymasterDevice.encoder.encode(secondKey, scratchpad, firstKeyLen); + if ((firstKeyLen > secondKeyLen) || + ((firstKeyLen == secondKeyLen) && + (0 < Util.arrayCompare(scratchpad, (short) 0, scratchpad, firstKeyLen, firstKeyLen)))) { + swap(ptr, index, (short) (index + 1)); + return true; + } + return false; + } + + /** + * Canonicalizes using bubble sort. + * + * @param ptr instance pointer of either array or map. + * @param length length of the array or map instance. + */ + public static void canonicalize(short ptr, short length) { + short index = 0; + short innerIndex = 0; + createScratchBuffer(); + boolean swapped; + while (index < length) { + swapped = false; + innerIndex = 0; + while (innerIndex < (short) (length - index - 1)) { + swapped |= compareAndSwap(ptr, innerIndex); + innerIndex++; + } + if (!swapped) { + break; + } + index++; + } + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCosePairByteBlobTag.java b/Applet/src/com/android/javacard/kmdevice/KMCosePairByteBlobTag.java new file mode 100644 index 00000000..d53de1dc --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCosePairByteBlobTag.java @@ -0,0 +1,134 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCosePairByteBlobTag represents a key-value type, where key can be KMInteger or KMNInteger and + * value is KMByteBlob type. struct{byte TAG_TYPE; short length; struct{short BYTE_BLOB_TYPE; short + * key; short value}}. + */ +public class KMCosePairByteBlobTag extends KMCosePairTagType { + + private static KMCosePairByteBlobTag prototype; + + public static Object[] keys; + + private KMCosePairByteBlobTag() { + } + + private static KMCosePairByteBlobTag proto(short ptr) { + if (prototype == null) { + prototype = new KMCosePairByteBlobTag(); + } + instanceTable[KM_COSE_KEY_BYTE_BLOB_VAL_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + short ptr = instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), KMType.INVALID_VALUE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), KMByteBlob.exp()); + return ptr; + } + + public static short instance(short keyPtr, short valuePtr) { + if (!isKeyValueValid(keyPtr)) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + if (KMType.getKMType(valuePtr) != BYTE_BLOB_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short ptr = KMType.instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), keyPtr); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), valuePtr); + return ptr; + } + + public static KMCosePairByteBlobTag cast(short ptr) { + byte[] heap = repository.getHeap(); + if (heap[ptr] != COSE_PAIR_TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + // Validate the value pointer. + short valuePtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4)); + if (KMType.getKMType(valuePtr) != BYTE_BLOB_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public short getValueType() { + return BYTE_BLOB_TYPE; + } + + @Override + public short getKeyPtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_BYTE_BLOB_VAL_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + @Override + public short getValuePtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_BYTE_BLOB_VAL_OFFSET] + TLV_HEADER_SIZE + 4)); + } + + private static void createKeys() { + if (keys == null) { + keys = new Object[]{ + (Object) new byte[]{(byte) 0, (byte) 0, (byte) 0, KMCose.COSE_KEY_PUBKEY_X}, + (Object) new byte[]{(byte) 0, (byte) 0, (byte) 0, KMCose.COSE_KEY_PUBKEY_Y}, + (Object) new byte[]{(byte) 0, (byte) 0, (byte) 0, KMCose.COSE_KEY_PRIV_KEY}, + (Object) new byte[]{(byte) 0, (byte) 0, (byte) 0, KMCose.COSE_LABEL_IV}, + (Object) new byte[]{(byte) 0, (byte) 0, (byte) 0, KMCose.COSE_LABEL_KEYID}, + (Object) new byte[]{(byte) 0, (byte) 0, (byte) 0, KMCose.COSE_KEY_KEY_ID}, + (Object) KMCose.SUBJECT_PUBLIC_KEY, + (Object) KMCose.KEY_USAGE + }; + } + } + + public static boolean isKeyValueValid(short keyPtr) { + createKeys(); + short type = KMType.getKMType(keyPtr); + short offset = 0; + if (type == INTEGER_TYPE) { + offset = KMInteger.getStartOff(keyPtr); + } else if (type == NEG_INTEGER_TYPE) { + offset = KMNInteger.getStartOff(keyPtr); + } else { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short index = 0; + while (index < (short) keys.length) { + if (0 == Util.arrayCompare((byte[]) keys[index], (short) 0, heap, offset, + (short) ((byte[]) keys[index]).length)) { + return true; + } + index++; + } + return false; + } + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCosePairCoseKeyTag.java b/Applet/src/com/android/javacard/kmdevice/KMCosePairCoseKeyTag.java new file mode 100644 index 00000000..bcb12566 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCosePairCoseKeyTag.java @@ -0,0 +1,97 @@ +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCosePairCoseKeyTag represents a key-value type, where key can be KMInteger or KMNInteger and + * value is KMCOseKey type. struct{byte TAG_TYPE; short length; struct{short COSE_KEY_VALUE_TYPE; + * short key; short value}}. + */ +public class KMCosePairCoseKeyTag extends KMCosePairTagType { + + public static byte[] keys; + private static KMCosePairCoseKeyTag prototype; + + public static void initStatics() { + keys = new byte[]{ + KMCose.COSE_LABEL_COSE_KEY + }; + } + + private KMCosePairCoseKeyTag() { + } + + private static KMCosePairCoseKeyTag proto(short ptr) { + if (prototype == null) { + prototype = new KMCosePairCoseKeyTag(); + } + instanceTable[KM_COSE_KEY_COSE_KEY_VAL_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + short ptr = instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_COSE_KEY_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), KMType.INVALID_VALUE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), KMCoseKey.exp()); + return ptr; + } + + public static short instance(short keyPtr, short valuePtr) { + if (!isKeyValueValid(KMCosePairTagType.getKeyValueShort(keyPtr))) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + if (KMType.getKMType(valuePtr) != COSE_KEY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short ptr = KMType.instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_COSE_KEY_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), keyPtr); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), valuePtr); + return ptr; + } + + public static KMCosePairCoseKeyTag cast(short ptr) { + byte[] heap = repository.getHeap(); + if (heap[ptr] != COSE_PAIR_TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + // Validate the value pointer. + short valuePtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4)); + if (KMType.getKMType(valuePtr) != COSE_KEY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public short getValueType() { + return COSE_KEY_TYPE; + } + + @Override + public short getKeyPtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_COSE_KEY_VAL_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + @Override + public short getValuePtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_COSE_KEY_VAL_OFFSET] + TLV_HEADER_SIZE + 4)); + } + + public static boolean isKeyValueValid(short keyVal) { + short index = 0; + while (index < (short) keys.length) { + if ((byte) (keyVal & 0xFF) == keys[index]) { + return true; + } + index++; + } + return false; + } + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCosePairIntegerTag.java b/Applet/src/com/android/javacard/kmdevice/KMCosePairIntegerTag.java new file mode 100644 index 00000000..94741357 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCosePairIntegerTag.java @@ -0,0 +1,96 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCosePairIntegerTag represents a key-value type, where key can be KMInteger or KMNInteger and + * value is KMInteger type. struct{byte TAG_TYPE; short length; struct{short INT_VALUE_TYPE; short + * key; short value}}. + */ +public class KMCosePairIntegerTag extends KMCosePairTagType { + + private static KMCosePairIntegerTag prototype; + + + private KMCosePairIntegerTag() { + } + + private static KMCosePairIntegerTag proto(short ptr) { + if (prototype == null) { + prototype = new KMCosePairIntegerTag(); + } + instanceTable[KM_COSE_KEY_INT_VAL_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + short ptr = instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_INT_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), KMType.INVALID_VALUE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), KMInteger.exp()); + return ptr; + } + + public static short instance(short keyPtr, short valuePtr) { + short offset = KMCosePairTagType.getKeyStartOffset(keyPtr); + if (!KMCosePairTagType.isKeyPairValid(heap, offset, KMCose.COSE_KEY_MAX_SIZE, + KMInteger.getShort(valuePtr))) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short ptr = KMType.instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_INT_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), keyPtr); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), valuePtr); + return ptr; + } + + public static KMCosePairIntegerTag cast(short ptr) { + byte[] heap = repository.getHeap(); + if (heap[ptr] != COSE_PAIR_TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + // Validate the value ptr. + short valuePtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4)); + if (INTEGER_TYPE != getKMType(valuePtr)) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public short getValueType() { + return INTEGER_TYPE; + } + + @Override + public short getKeyPtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_INT_VAL_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + @Override + public short getValuePtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_INT_VAL_OFFSET] + TLV_HEADER_SIZE + 4)); + } + + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCosePairNegIntegerTag.java b/Applet/src/com/android/javacard/kmdevice/KMCosePairNegIntegerTag.java new file mode 100644 index 00000000..d6582ba0 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCosePairNegIntegerTag.java @@ -0,0 +1,95 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCosePairNegIntegerTag represents a key-value type, where key can be KMInteger or KMNInteger and + * value is KMNInteger type. struct{byte TAG_TYPE; short length; struct{short NINT_VALUE_TYPE; short + * key; short value}}. + */ +public class KMCosePairNegIntegerTag extends KMCosePairTagType { + + private static KMCosePairNegIntegerTag prototype; + + + private KMCosePairNegIntegerTag() { + } + + private static KMCosePairNegIntegerTag proto(short ptr) { + if (prototype == null) { + prototype = new KMCosePairNegIntegerTag(); + } + instanceTable[KM_COSE_KEY_NINT_VAL_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + short ptr = instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_NEG_INT_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), KMType.INVALID_VALUE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), KMNInteger.exp()); + return ptr; + } + + public static KMCosePairNegIntegerTag cast(short ptr) { + byte[] heap = repository.getHeap(); + if (heap[ptr] != COSE_PAIR_TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + // Validate the value ptr. + short valuePtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4)); + if (NEG_INTEGER_TYPE != getKMType(valuePtr)) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public static short instance(short keyPtr, short valuePtr) { + short offset = KMCosePairTagType.getKeyStartOffset(keyPtr); + if (!KMCosePairTagType.isKeyPairValid(heap, offset, KMCose.COSE_KEY_MAX_SIZE, + KMNInteger.getShort(valuePtr))) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short ptr = KMType.instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_NEG_INT_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), keyPtr); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), valuePtr); + return ptr; + } + + public short getValueType() { + return NEG_INTEGER_TYPE; + } + + @Override + public short getKeyPtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_NINT_VAL_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + @Override + public short getValuePtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_NINT_VAL_OFFSET] + TLV_HEADER_SIZE + 4)); + } + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCosePairSimpleValueTag.java b/Applet/src/com/android/javacard/kmdevice/KMCosePairSimpleValueTag.java new file mode 100644 index 00000000..b239d9cc --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCosePairSimpleValueTag.java @@ -0,0 +1,78 @@ +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCosePairSimpleValueTag represents a key-value type, where key can be KMInteger or KMNInteger + * and value is KMSimpleValue type. struct{byte TAG_TYPE; short length; struct{short + * SIMPLE_VALUE_TYPE; short key; short value}}. + */ +public class KMCosePairSimpleValueTag extends KMCosePairTagType { + + private static KMCosePairSimpleValueTag prototype; + + private KMCosePairSimpleValueTag() { + } + + private static KMCosePairSimpleValueTag proto(short ptr) { + if (prototype == null) { + prototype = new KMCosePairSimpleValueTag(); + } + instanceTable[KM_COSE_KEY_SIMPLE_VAL_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + short ptr = instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_SIMPLE_VALUE_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), KMType.INVALID_VALUE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), KMSimpleValue.exp()); + return ptr; + } + + public static short instance(short keyPtr, short valuePtr) { + short offset = KMCosePairTagType.getKeyStartOffset(keyPtr); + if (!KMCosePairTagType.isKeyPairValid(heap, offset, KMCose.COSE_KEY_MAX_SIZE, + KMSimpleValue.getValue(valuePtr))) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short ptr = KMType.instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_SIMPLE_VALUE_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), keyPtr); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), valuePtr); + return ptr; + } + + public static KMCosePairSimpleValueTag cast(short ptr) { + byte[] heap = repository.getHeap(); + if (heap[ptr] != COSE_PAIR_TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + // Validate the value pointer. + short valuePtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4)); + if (KMType.getKMType(valuePtr) != SIMPLE_VALUE_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public short getValueType() { + return SIMPLE_VALUE_TYPE; + } + + @Override + public short getKeyPtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_SIMPLE_VAL_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + @Override + public short getValuePtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_SIMPLE_VAL_OFFSET] + TLV_HEADER_SIZE + 4)); + } + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCosePairTagType.java b/Applet/src/com/android/javacard/kmdevice/KMCosePairTagType.java new file mode 100644 index 00000000..9cde1468 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCosePairTagType.java @@ -0,0 +1,242 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * This class represents the COSE_Key as defined in https://datatracker.ietf.org/doc/html/rfc8152#section-7. + * This is basically a map containing key value pairs. The label for the key can be (uint / int / + * tstr) and the value can be of any type. But this class is confined to support only key and value + * types which are required for remote key provisioning. So keys of type (int / uint) and values of + * type (int / uint / simple / bstr) only are supported. The structure representing all the sub + * classes of KMCosePairTagType is as follows: KM_COSE_PAIR_TAG_TYPE(1byte), Length(2 bytes), + * COSE_PAIR_*_TAG_TYPE(2 bytes), Key(2 bytes), Value(2 bytes). Key can be either KMInteger or + * KMNInteger and Value can be either KMIntger or KMNinteger or KMSimpleValue or KMByteBlob or + * KMTextString or KMCoseKey. Each subclass of KMCosePairTagType is named after their corresponding + * value type of the Cose pair. + */ +public abstract class KMCosePairTagType extends KMType { + + /** + * Below table represents the allowed values for a key. The maximum length of the key can be 4 + * bytes so each key is represented as 4 bytes. The allowed values are placed next to their + * corresponding key. + */ + public static Object[] allowedKeyPairs; + + private static void createAllowedKeyPairs() { + if (allowedKeyPairs == null) { + allowedKeyPairs = + new Object[]{ + // Key type + (Object) new byte[]{0, 0, 0, KMCose.COSE_KEY_KEY_TYPE}, + (Object) new byte[]{KMCose.COSE_KEY_TYPE_EC2, + KMCose.COSE_KEY_TYPE_SYMMETRIC_KEY}, + // Key Algorithm + (Object) new byte[]{0, 0, 0, KMCose.COSE_KEY_ALGORITHM}, + (Object) new byte[]{KMCose.COSE_ALG_AES_GCM_256, KMCose.COSE_ALG_HMAC_256, + KMCose.COSE_ALG_ECDH_ES_HKDF_256, KMCose.COSE_ALG_ES256}, + // Key operations + (Object) new byte[]{0, 0, 0, KMCose.COSE_KEY_KEY_OPS}, + (Object) new byte[]{KMCose.COSE_KEY_OP_SIGN, KMCose.COSE_KEY_OP_VERIFY, + KMCose.COSE_KEY_OP_ENCRYPT, KMCose.COSE_KEY_OP_DECRYPT}, + // Key Curve + (Object) new byte[]{0, 0, 0, KMCose.COSE_KEY_CURVE}, + (Object) new byte[]{KMCose.COSE_ECCURVE_256}, + // Header Label Algorithm + (Object) new byte[]{0, 0, 0, KMCose.COSE_LABEL_ALGORITHM}, + (Object) new byte[]{KMCose.COSE_ALG_AES_GCM_256, + KMCose.COSE_ALG_HMAC_256, KMCose.COSE_ALG_ES256, + KMCose.COSE_ALG_ECDH_ES_HKDF_256}, + // Test Key + KMCose.COSE_TEST_KEY, (Object) new byte[]{KMSimpleValue.NULL}, + }; + } + } + + + /** + * Validates the key and the values corresponding to key. + * + * @param key Buffer containing the key. + * @param keyOff Offset in the buffer from where key starts. + * @param keyLen Length of the key buffer. + * @param value Value corresponding to the key. + * @return true if key pair is valid, otherwise false. + */ + public static boolean isKeyPairValid(byte[] key, short keyOff, short keyLen, short value) { + short index = 0; + short valueIdx; + byte[] values; + boolean valid = false; + createAllowedKeyPairs(); + while (index < allowedKeyPairs.length) { + valueIdx = 0; + if (isEqual((byte[]) allowedKeyPairs[index], (short) 0, + (short) ((byte[]) allowedKeyPairs[index]).length, + key, keyOff, keyLen)) { + values = (byte[]) allowedKeyPairs[(short) (index + 1)]; + while (valueIdx < values.length) { + if (values[valueIdx] == (byte) value) { + valid = true; + break; + } + valueIdx++; + } + if (valid) { + break; + } + } + index += (short) 2; + } + return valid; + } + + /** + * Compares two key buffers. + * + * @param key1 First buffer containing the key. + * @param offset1 Offset of the first buffer. + * @param length1 Length of the first buffer. + * @param key2 Second buffer containing the key. + * @param offset2 Offset of the second buffer. + * @param length2 Length of the second buffer. + * @return true if both keys are equal, otherwise false. + */ + private static boolean isEqual(byte[] key1, short offset1, short length1, byte[] key2, + short offset2, + short length2) { + if (length1 != length2) { + return false; + } + return (0 == KMInteger.unsignedByteArrayCompare(key1, offset1, key2, offset2, length1)); + } + + /** + * Returns the short value of the key. + * + * @param keyPtr Pointer to either KMInteger or KMNInteger + * @return value of the key as short. + */ + public static short getKeyValueShort(short keyPtr) { + short type = KMType.getKMType(keyPtr); + short value = 0; + if (type == INTEGER_TYPE) { + value = KMInteger.getShort(keyPtr); + } else if (type == NEG_INTEGER_TYPE) { + value = KMNInteger.getShort(keyPtr); + } else { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return value; + } + + /** + * Returns the significant short value of the key. + * + * @param keyPtr Pointer to either KMInteger or KMNInteger + * @return value of the key as short. + */ + public static short getKeyValueSignificantShort(short keyPtr) { + short type = KMType.getKMType(keyPtr); + short value = 0; + if (type == INTEGER_TYPE) { + value = KMInteger.getSignificantShort(keyPtr); + } else if (type == NEG_INTEGER_TYPE) { + value = KMNInteger.getSignificantShort(keyPtr); + } else { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return value; + } + + public static void getKeyValue(short keyPtr, byte[] dest, short offset, short len) { + short type = KMType.getKMType(keyPtr); + if (type == INTEGER_TYPE) { + KMInteger.getValue(keyPtr, dest, offset, len); + } else if (type == NEG_INTEGER_TYPE) { + KMNInteger.getValue(keyPtr, dest, offset, len); + } else { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + } + + /** + * Returns the key offset from the key pointer. + * + * @param keyPtr Pointer to either KMInteger or KMNInteger + * @return offset from where the key starts. + */ + public static short getKeyStartOffset(short keyPtr) { + short type = KMType.getKMType(keyPtr); + short offset = 0; + if (type == INTEGER_TYPE) { + offset = KMInteger.getStartOff(keyPtr); + } else if (type == NEG_INTEGER_TYPE) { + offset = KMNInteger.getStartOff(keyPtr); + } else { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return offset; + } + + /** + * Returns the key length. + * + * @param keyPtr pointer to either KMInteger/KMInteger. + * @return length of the key. + */ + public static short getKeyLength(short keyPtr) { + short type = KMType.getKMType(keyPtr); + short len = 0; + if (type == INTEGER_TYPE) { + len = KMInteger.length(keyPtr); + } else if (type == NEG_INTEGER_TYPE) { + len = KMNInteger.length(keyPtr); + } else { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return len; + } + + /** + * This function returns one of COSE_KEY_TAG_*_VALUE_TYPE tag information. + * + * @param ptr Pointer to one of the KMCoseKey*Value class. + * @return Tag value type. + */ + public static short getTagValueType(short ptr) { + return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + } + + /** + * This function returns the key pointer. + * + * @return key pointer. + */ + public abstract short getKeyPtr(); + + /** + * This function returns the value pointer. + * + * @return value pointer. + */ + public abstract short getValuePtr(); +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMCosePairTextStringTag.java b/Applet/src/com/android/javacard/kmdevice/KMCosePairTextStringTag.java new file mode 100644 index 00000000..7c927c05 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMCosePairTextStringTag.java @@ -0,0 +1,99 @@ +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMCosePairTextStringTag represents a key-value type, where key can be KMInteger or KMNInteger and + * value is KMTextString type. struct{byte TAG_TYPE; short length; struct{short TXT_STR_VALUE_TYPE; + * short key; short value}}. + */ +public class KMCosePairTextStringTag extends KMCosePairTagType { + + private static KMCosePairTextStringTag prototype; + + public static byte[] keys; + + public static void initStatics() { + keys = new byte[]{ + KMCose.ISSUER, + KMCose.SUBJECT, + }; + } + + private KMCosePairTextStringTag() { + } + + private static KMCosePairTextStringTag proto(short ptr) { + if (prototype == null) { + prototype = new KMCosePairTextStringTag(); + } + instanceTable[KM_COSE_KEY_TXT_STR_VAL_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + short ptr = instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_TEXT_STR_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), KMType.INVALID_VALUE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), KMTextString.exp()); + return ptr; + } + + public static short instance(short keyPtr, short valuePtr) { + if (!isKeyValueValid(KMCosePairTagType.getKeyValueShort(keyPtr))) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + if (KMType.getKMType(valuePtr) != TEXT_STRING_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short ptr = KMType.instance(COSE_PAIR_TAG_TYPE, (short) 6); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), KMType.COSE_PAIR_TEXT_STR_TAG_TYPE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), keyPtr); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4), valuePtr); + return ptr; + } + + public static KMCosePairTextStringTag cast(short ptr) { + byte[] heap = repository.getHeap(); + if (heap[ptr] != COSE_PAIR_TAG_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + // Validate the value pointer. + short valuePtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 4)); + if (KMType.getKMType(valuePtr) != TEXT_STRING_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public short getValueType() { + return TEXT_STRING_TYPE; + } + + @Override + public short getKeyPtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_TXT_STR_VAL_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + @Override + public short getValuePtr() { + return Util.getShort(heap, + (short) (instanceTable[KM_COSE_KEY_TXT_STR_VAL_OFFSET] + TLV_HEADER_SIZE + 4)); + } + + public static boolean isKeyValueValid(short keyVal) { + short index = 0; + while (index < (short) keys.length) { + if ((byte) (keyVal & 0xFF) == keys[index]) { + return true; + } + index++; + } + return false; + } + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMDataStore.java b/Applet/src/com/android/javacard/kmdevice/KMDataStore.java new file mode 100644 index 00000000..9b78f34a --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMDataStore.java @@ -0,0 +1,180 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +public interface KMDataStore extends KMUpgradable { + + /** + * This function stores the data of the corresponding id into the persistent memory. + * + * @param id of the buffer to be stored. @see {@link KMDataStoreConstants} + * @param data is the buffer that contains the data to be stored. + * @param offset is the start offset of the buffer. + * @param length is the length of the buffer. + */ + void storeData(byte id, byte[] data, short offset, short length); + + /** + * This function returns the stored data of the corresponding id. + * + * @param id of the buffer to be stored.@see {@link KMDataStoreConstants} + * @param data is the buffer in which the data of the corresponding id is returned. + * @param offset is the start offset of the buffer. + * @return length of the data copied to the buffer. + */ + short getData(byte id, byte[] data, short offset); + + /** + * This function clears the data of the corresponding id in persistent memory. + * + * @param id of the buffer to be stored. @see {@link KMDataStoreConstants} + */ + void clearData(byte id); + + // Below functions are used to store and retrieve the auth tags for + // MAX_USES_PER_BOOT use case. + + /** + * This function stores the Auth tag associated with keyblob. + * + * @param data is the buffer containing the auth tag. + * @param offset is the start offset of the buffer. + * @param length is the length of the buffer. + * @param scracthPad is the buffer used to copy intermediate results. + * @param scratchPadOff is the start offset of the scratchPad. + * @return true if successfully copied otherwise false. + */ + boolean storeAuthTag(byte[] data, short offset, short length, byte[] scracthPad, + short scratchPadOff); + + /** + * This function checks if the auth tag is presisted in the database. + * + * @param data is the buffer containing the auth tag. + * @param offset is the start offset of the buffer. + * @param length is the length of the buffer. + * @param scratchPad is the buffer used to copy intermediate results. + * @param scratchPadOff is the start offset of the scratchPad. + * @return true if successfully copied otherwise false. + */ + boolean isAuthTagPersisted(byte[] data, short offset, short length, byte[] scratchPad, + short scratchPadOff); + + /** + * Clears all the persisted auth tags. + */ + void clearAllAuthTags(); + + /** + * This functions returns count, the number of times keyblob is used. + * + * @param data is the buffer containing the auth tag. + * @param offset is the start offset of the buffer. + * @param length is the length of the buffer. + * @param scratchPad is out buffer where the count is copied. + * @param scratchPadOff is the start offset of the scratchPad. + * @return length of the counter buffer. + */ + short getRateLimitedKeyCount(byte[] data, short offset, short length, byte[] scratchPad, + short scratchPadOff); + + /** + * This functions copied the count into the persistent memory. + * + * @param data is the buffer containing the auth tag. + * @param offset is the start offset of the buffer. + * @param length is the length of the buffer. + * @param counter is the buffer containing the counter values. + * @param counterOff is the start offset of the counter buffer. + * @param counterLen is the length of the counter buffer. + * @param scratchPad is the buffer used to copy intermediate results. + * @param scratchPadOff is the start offset of the scratchPad. + */ + void setRateLimitedKeyCount(byte[] data, short offset, short length, byte[] counter, + short counterOff, + short counterLen, byte[] scratchPad, short scratchPadOff); + + /** + * Stores the certificate chain, certificate issuer and certificate expire date in persistent + * memory. + * + * @param buffer is the buffer containing certificate chain, issuer and expire at different + * offets. + * @param certChainOff is the start offset of the certificate chain. + * @param certChainLen is the length of the certificate chain. + * @param certIssuerOff is the start offset of the certificate issuer. + * @param certIssuerLen is the length of the certificate issuer. + * @param certExpiryOff is the start offset of the certificate expire date. + * @param certExpiryLen is the length of the certificate expire date. + */ + void persistCertificateData(byte[] buffer, short certChainOff, short certChainLen, + short certIssuerOff, + short certIssuerLen, short certExpiryOff, short certExpiryLen); + + /** + * This function copies the requested certificate data into the provided out buffer. + * + * @param reqCertParam is the requested certificate parameter. @see {@link + * KMDataStoreConstants#CERTIFICATE_CHAIN} {@link KMDataStoreConstants#CERTIFICATE_ISSUER} {@link + * KMDataStoreConstants#CERTIFICATE_EXPIRY} + * @param buf is the out buffer where the requested data is copied. + * @param offset is the start offset of the out buffer. + * @return length of the returned data. + */ + short readCertificateData(byte reqCertParam, byte[] buf, short offset); + + /** + * This function returns the length of the requested certificate data requested. + * + * @param reqCertParam is the requested certificate parameter. @see {@link + * KMDataStoreConstants#CERTIFICATE_CHAIN} {@link KMDataStoreConstants#CERTIFICATE_ISSUER} {@link + * KMDataStoreConstants#CERTIFICATE_EXPIRY} + * @return length of the requested certificate data. + */ + short getCertificateDataLength(byte reqCertParam); + + // keys + + /** + * Returns the persisted computed hmac key. + * + * @return KMComputedHmacKey instance. + */ + KMComputedHmacKey getComputedHmacKey(); + + /** + * Returns the pre-shared key. + * + * @return KMPreSharedKey instance. + */ + KMPreSharedKey getPresharedKey(); + + /** + * Returns the master key. + * + * @return KMMasterKey instance. + */ + KMMasterKey getMasterKey(); + + /** + * Returns the attestation key. + * + * @return KMAttestationKey instance. + */ + KMAttestationKey getAttestationKey(); + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMDataStoreConstants.java b/Applet/src/com/android/javacard/kmdevice/KMDataStoreConstants.java new file mode 100644 index 00000000..dece7cae --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMDataStoreConstants.java @@ -0,0 +1,69 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmdevice; + +public class KMDataStoreConstants { + + public static final byte ATT_ID_BRAND = 0; + public static final byte ATT_ID_DEVICE = 1; + public static final byte ATT_ID_PRODUCT = 2; + public static final byte ATT_ID_SERIAL = 3; + public static final byte ATT_ID_IMEI = 4; + public static final byte ATT_ID_MEID = 5; + public static final byte ATT_ID_MANUFACTURER = 6; + public static final byte ATT_ID_MODEL = 7; + public static final byte COMPUTED_HMAC_KEY = 8; + public static final byte HMAC_NONCE = 9; + public static final byte CERT_ISSUER = 10; + public static final byte CERT_EXPIRY_TIME = 11; + public static final byte OS_VERSION = 12; + public static final byte OS_PATCH_LEVEL = 13; + public static final byte VENDOR_PATCH_LEVEL = 14; + public static final byte DEVICE_LOCKED_TIME = 15; + public static final byte DEVICE_LOCKED = 16; + public static final byte DEVICE_LOCKED_PASSWORD_ONLY = 17; + public static final byte BOOT_ENDED_STATUS = 18; + public static final byte EARLY_BOOT_ENDED_STATUS = 19; + public static final byte PROVISIONED_LOCKED = 20; + public static final byte PROVISIONED_STATUS = 21; + public static final byte MASTER_KEY = 22; + public static final byte PRE_SHARED_KEY = 23; + public static final byte ATTESTATION_KEY = 24; + public static final byte AUTH_TAG_1 = 25; + public static final byte AUTH_TAG_2 = 26; + public static final byte AUTH_TAG_3 = 27; + public static final byte AUTH_TAG_4 = 28; + public static final byte AUTH_TAG_5 = 29; + public static final byte AUTH_TAG_6 = 30; + public static final byte AUTH_TAG_7 = 31; + public static final byte AUTH_TAG_8 = 32; + public static final byte ADDITIONAL_CERT_CHAIN = 33; + public static final byte BOOT_CERT_CHAIN = 34; + + //certificate data constants. + public static final byte CERTIFICATE_CHAIN = 0; + public static final byte CERTIFICATE_EXPIRY = 1; + public static final byte CERTIFICATE_ISSUER = 2; + + // INTERFACE Types + public static final byte INTERFACE_TYPE_COMPUTED_HMAC_KEY = 0x01; + public static final byte INTERFACE_TYPE_ATTESTATION_KEY = 0x02; + public static final byte INTERFACE_TYPE_DEVICE_UNIQUE_KEY = 0x03; + public static final byte INTERFACE_TYPE_MASTER_KEY = 0x04; + public static final byte INTERFACE_TYPE_PRE_SHARED_KEY = 0x05; + + +} diff --git a/Applet/src/com/android/javacard/keymaster/KMDecoder.java b/Applet/src/com/android/javacard/kmdevice/KMDecoder.java similarity index 50% rename from Applet/src/com/android/javacard/keymaster/KMDecoder.java rename to Applet/src/com/android/javacard/kmdevice/KMDecoder.java index 7bd0e6ec..55d1feb7 100644 --- a/Applet/src/com/android/javacard/keymaster/KMDecoder.java +++ b/Applet/src/com/android/javacard/kmdevice/KMDecoder.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -25,9 +25,12 @@ public class KMDecoder { // major types private static final short UINT_TYPE = 0x00; + private static final short NEG_INT_TYPE = 0x20; private static final short BYTES_TYPE = 0x40; + private static final short TSTR_TYPE = 0x60; private static final short ARRAY_TYPE = 0x80; private static final short MAP_TYPE = 0xA0; + private static final short SIMPLE_VALUE_TYPE = 0xE0; // masks private static final short ADDITIONAL_MASK = 0x1F; @@ -48,7 +51,7 @@ public class KMDecoder { public KMDecoder() { bufferRef = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET); - scratchBuf = (short[]) JCSystem.makeTransientShortArray(SCRATCH_BUF_SIZE, JCSystem.CLEAR_ON_RESET); + scratchBuf = JCSystem.makeTransientShortArray(SCRATCH_BUF_SIZE, JCSystem.CLEAR_ON_RESET); bufferRef[0] = null; scratchBuf[START_OFFSET] = (short) 0; scratchBuf[LEN_OFFSET] = (short) 0; @@ -67,7 +70,7 @@ public short decodeArray(short exp, byte[] buffer, short startOff, short length) scratchBuf[START_OFFSET] = startOff; scratchBuf[LEN_OFFSET] = (short) (startOff + length); short payloadLength = readMajorTypeWithPayloadLength(ARRAY_TYPE); - short expLength = KMArray.cast(exp).length(); + short expLength = KMArray.length(exp); if (payloadLength > expLength) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } @@ -76,23 +79,31 @@ public short decodeArray(short exp, byte[] buffer, short startOff, short length) short type; short arrPtr = KMArray.instance(payloadLength); while (index < payloadLength) { - type = KMArray.cast(exp).get(index); + type = KMArray.get(exp, index); obj = decode(type); - KMArray.cast(arrPtr).add(index, obj); + KMArray.add(arrPtr, index, obj); index++; } return arrPtr; } private short decode(short exp) { - byte type = KMType.getType(exp); + byte type = KMType.getKMType(exp); switch (type) { case KMType.BYTE_BLOB_TYPE: return decodeByteBlob(exp); + case KMType.TEXT_STRING_TYPE: + return decodeTstr(exp); case KMType.INTEGER_TYPE: return decodeInteger(exp); + case KMType.SIMPLE_VALUE_TYPE: + return decodeSimpleValue(exp); + case KMType.NEG_INTEGER_TYPE: + return decodeNegInteger(exp); case KMType.ARRAY_TYPE: return decodeArray(exp); + case KMType.MAP_TYPE: + return decodeMap(exp); case KMType.ENUM_TYPE: return decodeEnum(exp); case KMType.KEY_PARAM_TYPE: @@ -105,8 +116,15 @@ private short decode(short exp) { return decodeHmacSharingParam(exp); case KMType.HW_AUTH_TOKEN_TYPE: return decodeHwAuthToken(exp); + case KMType.COSE_KEY_TYPE: + case KMType.COSE_HEADERS_TYPE: + case KMType.COSE_CERT_PAYLOAD_TYPE: + return decodeCoseMap(exp); + case KMType.COSE_PAIR_TAG_TYPE: + short tagValueType = KMCosePairTagType.getTagValueType(exp); + return decodeCosePairTag(tagValueType, exp); case KMType.TAG_TYPE: - short tagType = KMTag.getTagType(exp); + short tagType = KMTag.getKMTagType(exp); return decodeTag(tagType, exp); default: ISOException.throwIt(ISO7816.SW_DATA_INVALID); @@ -116,6 +134,8 @@ private short decode(short exp) { private short decodeTag(short tagType, short exp) { switch (tagType) { + case KMType.BIGNUM_TAG: + return decodeBignumTag(exp); case KMType.BYTES_TAG: return decodeBytesTag(exp); case KMType.BOOL_TAG: @@ -138,31 +158,186 @@ private short decodeTag(short tagType, short exp) { } private short decodeVerificationToken(short exp) { - short vals = decode(KMVerificationToken.cast(exp).getVals()); + short vals = decode(KMVerificationToken.getVals(exp)); return KMVerificationToken.instance(vals); } private short decodeHwAuthToken(short exp) { - short vals = decode(KMHardwareAuthToken.cast(exp).getVals()); + short vals = decode(KMHardwareAuthToken.getVals(exp)); return KMHardwareAuthToken.instance(vals); } private short decodeHmacSharingParam(short exp) { - short vals = decode(KMHmacSharingParameters.cast(exp).getVals()); + short vals = decode(KMHmacSharingParameters.getVals(exp)); return KMHmacSharingParameters.instance(vals); } private short decodeKeyChar(short exp) { - short vals = decode(KMKeyCharacteristics.cast(exp).getVals()); + short vals = decode(KMKeyCharacteristics.getVals(exp)); return KMKeyCharacteristics.instance(vals); } + private short decodeCosePairKey(short exp) { + byte[] buffer = (byte[]) bufferRef[0]; + short startOff = scratchBuf[START_OFFSET]; + short keyPtr = (short) 0; + // Cose Key should be always either UINT or Negative int + if ((buffer[startOff] & MAJOR_TYPE_MASK) == UINT_TYPE) { + keyPtr = decodeInteger(exp); + } else if ((buffer[startOff] & MAJOR_TYPE_MASK) == NEG_INT_TYPE) { + keyPtr = decodeNegInteger(exp); + } else { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + return keyPtr; + } + + private short decodeCosePairSimpleValueTag(short exp) { + short keyPtr = decodeCosePairKey((KMCosePairSimpleValueTag.cast(exp).getKeyPtr())); + short valuePtr = decode(KMCosePairSimpleValueTag.cast(exp).getValuePtr()); + return KMCosePairSimpleValueTag.instance(keyPtr, valuePtr); + } + + private short decodeCosePairIntegerValueTag(short exp) { + short keyPtr = decodeCosePairKey((KMCosePairIntegerTag.cast(exp).getKeyPtr())); + short valuePtr = decode(KMCosePairIntegerTag.cast(exp).getValuePtr()); + return KMCosePairIntegerTag.instance(keyPtr, valuePtr); + } + + private short decodeCosePairNegIntegerTag(short exp) { + short keyPtr = decodeCosePairKey((KMCosePairNegIntegerTag.cast(exp).getKeyPtr())); + short valuePtr = decode(KMCosePairNegIntegerTag.cast(exp).getValuePtr()); + return KMCosePairNegIntegerTag.instance(keyPtr, valuePtr); + } + + private short decodeCosePairTxtStringTag(short exp) { + short keyPtr = decodeCosePairKey((KMCosePairTextStringTag.cast(exp).getKeyPtr())); + short valuePtr = decode(KMCosePairTextStringTag.cast(exp).getValuePtr()); + return KMCosePairTextStringTag.instance(keyPtr, valuePtr); + } + + private short decodeCosePairCoseKeyTag(short exp) { + short keyPtr = decodeCosePairKey((KMCosePairCoseKeyTag.cast(exp).getKeyPtr())); + short valuePtr = decode(KMCosePairCoseKeyTag.cast(exp).getValuePtr()); + return KMCosePairCoseKeyTag.instance(keyPtr, valuePtr); + } + + private short decodeCosePairByteBlobTag(short exp) { + short keyPtr = decodeCosePairKey((KMCosePairByteBlobTag.cast(exp).getKeyPtr())); + short valuePtr = decode(KMCosePairByteBlobTag.cast(exp).getValuePtr()); + return KMCosePairByteBlobTag.instance(keyPtr, valuePtr); + } + + private short peekCosePairTagType() { + byte[] buffer = (byte[]) bufferRef[0]; + short startOff = scratchBuf[START_OFFSET]; + // Cose Key should be always either UINT or Negative int + if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE && + (buffer[startOff] & MAJOR_TYPE_MASK) != NEG_INT_TYPE) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + + short additionalMask = (short) (buffer[startOff] & ADDITIONAL_MASK); + short increment = 0; + if (additionalMask < UINT8_LENGTH) { + increment++; + } else if (additionalMask == UINT8_LENGTH) { + increment += 2; + } else if (additionalMask == UINT16_LENGTH) { + increment += 3; + } else if (additionalMask == UINT32_LENGTH) { + increment += 5; + } else { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short majorType = (short) (buffer[(short) (startOff + increment)] & MAJOR_TYPE_MASK); + short tagValueType = 0; + if (majorType == BYTES_TYPE) { + tagValueType = KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE; + } else if (majorType == UINT_TYPE) { + tagValueType = KMType.COSE_PAIR_INT_TAG_TYPE; + } else if (majorType == NEG_INT_TYPE) { + tagValueType = KMType.COSE_PAIR_NEG_INT_TAG_TYPE; + } else if (majorType == MAP_TYPE) { + tagValueType = KMType.COSE_PAIR_COSE_KEY_TAG_TYPE; + } else if (majorType == SIMPLE_VALUE_TYPE) { + tagValueType = KMType.COSE_PAIR_SIMPLE_VALUE_TAG_TYPE; + } else if (majorType == TSTR_TYPE) { + tagValueType = KMType.COSE_PAIR_TEXT_STR_TAG_TYPE; + } else { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + return tagValueType; + } + + private short decodeCosePairTag(short tagValueType, short exp) { + switch (tagValueType) { + case KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE: + return decodeCosePairByteBlobTag(exp); + case KMType.COSE_PAIR_NEG_INT_TAG_TYPE: + return decodeCosePairNegIntegerTag(exp); + case KMType.COSE_PAIR_INT_TAG_TYPE: + return decodeCosePairIntegerValueTag(exp); + case KMType.COSE_PAIR_SIMPLE_VALUE_TAG_TYPE: + return decodeCosePairSimpleValueTag(exp); + case KMType.COSE_PAIR_COSE_KEY_TAG_TYPE: + return decodeCosePairCoseKeyTag(exp); + case KMType.COSE_PAIR_TEXT_STR_TAG_TYPE: + return decodeCosePairTxtStringTag(exp); + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + return 0; + } + } + + private short decodeCoseMap(short exp) { + short payloadLength = readMajorTypeWithPayloadLength(MAP_TYPE); + // get allowed key pairs + short allowedKeyPairs = KMCoseMap.getVals(exp); + short vals = KMArray.instance(payloadLength); + short length = KMArray.length(allowedKeyPairs); + short index = 0; + boolean tagFound; + short tagInd; + short cosePairTagType; + short tagClass; + short allowedType; + short obj; + + // For each tag in payload ... + while (index < payloadLength) { + tagFound = false; + tagInd = 0; + cosePairTagType = peekCosePairTagType(); + // Check against the allowed tags ... + while (tagInd < length) { + tagClass = KMArray.get(allowedKeyPairs, tagInd); + allowedType = KMCosePairTagType.getTagValueType(tagClass); + if (allowedType == cosePairTagType) { + obj = decode(tagClass); + KMArray.add(vals, index, obj); + tagFound = true; + break; + } + tagInd++; + } + if (!tagFound) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } else { + index++; + } + } + return KMCoseMap.createInstanceFromType(exp, vals); + } + private short decodeKeyParam(short exp) { short payloadLength = readMajorTypeWithPayloadLength(MAP_TYPE); // allowed tags - short allowedTags = KMKeyParameters.cast(exp).getVals(); + short allowedTags = KMKeyParameters.getVals(exp); + short tagRule = KMArray.get(allowedTags, (short) 0); + boolean ignoreInvalidTags = KMEnum.getVal(tagRule) == KMType.IGNORE_INVALID_TAGS; short vals = KMArray.instance(payloadLength); - short length = KMArray.cast(allowedTags).length(); + short length = KMArray.length(allowedTags); short index = 0; boolean tagFound; short tagInd; @@ -170,57 +345,92 @@ private short decodeKeyParam(short exp) { short tagClass; short allowedType; short obj; + short arrPos = 0; // For each tag in payload ... while (index < payloadLength) { tagFound = false; - tagInd = 0; + tagInd = 1; tagType = peekTagType(); // Check against the allowed tags ... while (tagInd < length) { - tagClass = KMArray.cast(allowedTags).get(tagInd); - allowedType = KMTag.getTagType(tagClass); + tagClass = KMArray.get(allowedTags, tagInd); + allowedType = KMTag.getKMTagType(tagClass); // If it is part of allowed tags ... if (tagType == allowedType) { // then decodeByteBlob and add that to the array. - obj = decode(tagClass); - KMArray.cast(vals).add(index, obj); - tagFound = true; - break; + try { + tagFound = true; + obj = decode(tagClass); + KMArray.add(vals, arrPos++, obj); + break; + } catch (KMException e) { + if (KMException.reason() == KMError.INVALID_TAG && + !ignoreInvalidTags) { + KMException.throwIt(KMError.INVALID_TAG); + } + break; + } } tagInd++; } if (!tagFound) { - ISOException.throwIt(ISO7816.SW_DATA_INVALID); + KMException.throwIt(KMError.INVALID_TAG); } else { index++; } } + KMArray.setLength(vals, arrPos); return KMKeyParameters.instance(vals); } private short decodeEnumArrayTag(short exp) { - readTagKey(KMEnumArrayTag.cast(exp).getTagType()); - return KMEnumArrayTag.instance(scratchBuf[TAG_KEY_OFFSET], decode(KMEnumArrayTag.cast(exp).getValues())); + readTagKey(KMEnumArrayTag.getTagType(exp)); + return KMEnumArrayTag.instance(scratchBuf[TAG_KEY_OFFSET], + decode(KMEnumArrayTag.getValues(exp))); } private short decodeIntegerArrayTag(short exp) { - readTagKey(KMIntegerArrayTag.cast(exp).getTagType()); + readTagKey(KMIntegerArrayTag.getTagType(exp)); // the values are array of integers. - return KMIntegerArrayTag.instance(KMIntegerArrayTag.cast(exp).getTagType(), - scratchBuf[TAG_KEY_OFFSET], decode(KMIntegerArrayTag.cast(exp).getValues())); + return KMIntegerArrayTag.instance(KMIntegerArrayTag.getTagType(exp), + scratchBuf[TAG_KEY_OFFSET], decode(KMIntegerArrayTag.getValues(exp))); } private short decodeIntegerTag(short exp) { - readTagKey(KMIntegerTag.cast(exp).getTagType()); + readTagKey(KMIntegerTag.getTagType(exp)); // the value is an integer - return KMIntegerTag.instance(KMIntegerTag.cast(exp).getTagType(), - scratchBuf[TAG_KEY_OFFSET], decode(KMIntegerTag.cast(exp).getValue())); + return KMIntegerTag.instance(KMIntegerTag.getTagType(exp), + scratchBuf[TAG_KEY_OFFSET], decode(KMIntegerTag.getValue(exp))); } private short decodeBytesTag(short exp) { - readTagKey(KMByteTag.cast(exp).getTagType()); + readTagKey(KMByteTag.getTagType(exp)); + // The value must be byte blob + return KMByteTag.instance(scratchBuf[TAG_KEY_OFFSET], decode(KMByteTag.getValue(exp))); + } + + private short decodeBignumTag(short exp) { + readTagKey(KMBignumTag.getTagType(exp)); // The value must be byte blob - return KMByteTag.instance(scratchBuf[TAG_KEY_OFFSET], decode(KMByteTag.cast(exp).getValue())); + return KMBignumTag.instance(scratchBuf[TAG_KEY_OFFSET], decode(KMBignumTag.getValue(exp))); + } + + private short decodeMap(short exp) { + short payloadLength = readMajorTypeWithPayloadLength(MAP_TYPE); + short mapPtr = KMMap.instance(payloadLength); + short index = 0; + short type; + short keyobj; + short valueobj; + while (index < payloadLength) { + type = KMMap.getKey(exp, index); + keyobj = decode(type); + type = KMMap.getKeyValue(exp, index); + valueobj = decode(type); + KMMap.add(mapPtr, index, keyobj, valueobj); + index++; + } + return mapPtr; } private short decodeArray(short exp) { @@ -230,23 +440,23 @@ private short decodeArray(short exp) { short type; short obj; // check whether array contains one type of objects or multiple types - if (KMArray.cast(exp).containedType() == 0) {// multiple types specified by expression. - if (KMArray.cast(exp).length() != KMArray.ANY_ARRAY_LENGTH) { - if (KMArray.cast(exp).length() != payloadLength) { + if (KMArray.containedType(exp) == 0) {// multiple types specified by expression. + if (KMArray.length(exp) != KMArray.ANY_ARRAY_LENGTH) { + if (KMArray.length(exp) != payloadLength) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } } while (index < payloadLength) { - type = KMArray.cast(exp).get(index); + type = KMArray.get(exp, index); obj = decode(type); - KMArray.cast(arrPtr).add(index, obj); + KMArray.add(arrPtr, index, obj); index++; } } else { // Array is a Vector containing objects of one type - type = KMArray.cast(exp).containedType(); + type = KMArray.containedType(exp); while (index < payloadLength) { obj = decode(type); - KMArray.cast(arrPtr).add(index, obj); + KMArray.add(arrPtr, index, obj); index++; } } @@ -254,8 +464,8 @@ private short decodeArray(short exp) { } private short decodeEnumTag(short exp) { - readTagKey(KMEnumTag.cast(exp).getTagType()); - byte[] buffer = (byte[])bufferRef[0]; + readTagKey(KMEnumTag.getTagType(exp)); + byte[] buffer = (byte[]) bufferRef[0]; short startOff = scratchBuf[START_OFFSET]; // Enum Tag value will always be integer with max 1 byte length. if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) { @@ -281,8 +491,8 @@ private short decodeEnumTag(short exp) { } private short decodeBoolTag(short exp) { - readTagKey(KMBoolTag.cast(exp).getTagType()); - byte[] buffer = (byte[])bufferRef[0]; + readTagKey(KMBoolTag.getTagType(exp)); + byte[] buffer = (byte[]) bufferRef[0]; short startOff = scratchBuf[START_OFFSET]; // BOOL Tag is a leaf node and it must always have tiny encoded uint value = 1. if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) { @@ -296,7 +506,7 @@ private short decodeBoolTag(short exp) { } private short decodeEnum(short exp) { - byte[] buffer = (byte[])bufferRef[0]; + byte[] buffer = (byte[]) bufferRef[0]; short startOff = scratchBuf[START_OFFSET]; // Enum value will always be integer with max 1 byte length. if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) { @@ -318,13 +528,24 @@ private short decodeEnum(short exp) { enumVal = buffer[startOff]; incrementStartOff((short) 1); } - return KMEnum.instance(KMEnum.cast(exp).getEnumType(), enumVal); + return KMEnum.instance(KMEnum.getEnumType(exp), enumVal); + } + + private short decodeSimpleValue(short exp) { + short startOff = scratchBuf[START_OFFSET]; + byte[] buffer = (byte[]) bufferRef[0]; + if ((buffer[startOff] & MAJOR_TYPE_MASK) != SIMPLE_VALUE_TYPE) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + byte addInfo = (byte) (buffer[startOff] & ADDITIONAL_MASK); + incrementStartOff((short) 1); + return KMSimpleValue.instance(addInfo); } private short decodeInteger(short exp) { short inst; short startOff = scratchBuf[START_OFFSET]; - byte[] buffer = (byte[])bufferRef[0]; + byte[] buffer = (byte[]) bufferRef[0]; if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } @@ -354,15 +575,80 @@ private short decodeInteger(short exp) { return inst; } + private short decodeNegIntegerValue(byte addInfo, byte[] buf, short startOffset) { + short inst; + short len = 0; + short scratchpad; + if (addInfo < UINT8_LENGTH) { + addInfo = (byte) (-1 - addInfo); + inst = KMNInteger.uint_8(addInfo); + } else { + switch (addInfo) { + case UINT8_LENGTH: + len = 1; + break; + case UINT16_LENGTH: + len = 2; + break; + case UINT32_LENGTH: + len = 4; + break; + case UINT64_LENGTH: + len = 8; + break; + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + // Do (-1 - N), as per cbor negative integer decoding rule. + // N is the integer value. + scratchpad = KMByteBlob.instance((short) (len * 3)); + byte[] input = KMByteBlob.getBuffer(scratchpad); + short offset = KMByteBlob.getStartOff(scratchpad); + Util.arrayFillNonAtomic(input, offset, len, (byte) -1); + Util.arrayCopyNonAtomic(buf, startOffset, input, (short) (offset + len), len); + KMUtils.subtract(input, offset, (short) (offset + len), (short) (offset + 2 * len), + (byte) len); + inst = KMNInteger.instance(input, (short) (offset + 2 * len), len); + incrementStartOff(len); + } + return inst; + } + + private short decodeNegInteger(short exp) { + short startOff = scratchBuf[START_OFFSET]; + byte[] buffer = (byte[]) bufferRef[0]; + if ((buffer[startOff] & MAJOR_TYPE_MASK) != NEG_INT_TYPE) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short len = (short) (buffer[startOff] & ADDITIONAL_MASK); + if (len > UINT64_LENGTH) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + incrementStartOff((short) 1); + // startOff is incremented so update the startOff + // with latest value before using it. + startOff = scratchBuf[START_OFFSET]; + return decodeNegIntegerValue((byte) len, buffer, startOff); + } + + private short decodeTstr(short exp) { + short payloadLength = readMajorTypeWithPayloadLength(TSTR_TYPE); + short inst = KMTextString.instance((byte[]) bufferRef[0], scratchBuf[START_OFFSET], + payloadLength); + incrementStartOff(payloadLength); + return inst; + } + private short decodeByteBlob(short exp) { short payloadLength = readMajorTypeWithPayloadLength(BYTES_TYPE); - short inst = KMByteBlob.instance((byte[])bufferRef[0], scratchBuf[START_OFFSET], payloadLength); + short inst = KMByteBlob.instance((byte[]) bufferRef[0], scratchBuf[START_OFFSET], + payloadLength); incrementStartOff(payloadLength); return inst; } private short peekTagType() { - byte[] buffer = (byte[])bufferRef[0]; + byte[] buffer = (byte[]) bufferRef[0]; short startOff = scratchBuf[START_OFFSET]; if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); @@ -377,7 +663,7 @@ private short peekTagType() { } private void readTagKey(short expectedTagType) { - byte[] buffer = (byte[])bufferRef[0]; + byte[] buffer = (byte[]) bufferRef[0]; short startOff = scratchBuf[START_OFFSET]; if ((buffer[startOff] & MAJOR_TYPE_MASK) != UINT_TYPE) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); @@ -395,7 +681,7 @@ private void readTagKey(short expectedTagType) { // payload length cannot be more then 16 bits. private short readMajorTypeWithPayloadLength(short majorType) { - short payloadLength = 0; + short payloadLength; byte val = readByte(); if ((short) (val & MAJOR_TYPE_MASK) != majorType) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); @@ -415,7 +701,7 @@ private short readMajorTypeWithPayloadLength(short majorType) { } private short readShort() { - byte[] buffer = (byte[])bufferRef[0]; + byte[] buffer = (byte[]) bufferRef[0]; short startOff = scratchBuf[START_OFFSET]; short val = Util.makeShort(buffer[startOff], buffer[(short) (startOff + 1)]); incrementStartOff((short) 2); @@ -424,7 +710,7 @@ private short readShort() { private byte readByte() { short startOff = scratchBuf[START_OFFSET]; - byte val = ((byte[])bufferRef[0])[startOff]; + byte val = ((byte[]) bufferRef[0])[startOff]; incrementStartOff((short) 1); return val; } @@ -435,7 +721,17 @@ private void incrementStartOff(short inc) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } } - + + public short readCertificateChainLengthAndHeaderLen(byte[] buf, short bufOffset, + short bufLen) { + bufferRef[0] = buf; + scratchBuf[START_OFFSET] = bufOffset; + scratchBuf[LEN_OFFSET] = (short) (bufOffset + bufLen); + short totalLen = readMajorTypeWithPayloadLength(BYTES_TYPE); + totalLen += (short) (scratchBuf[START_OFFSET] - bufOffset); + return totalLen; + } + // Reads the offset and length values of the ByteBlobs from a CBOR array buffer. public void decodeCertificateData(short expectedArrLen, byte[] buf, short bufOffset, short bufLen, byte[] out, short outOff) { @@ -457,16 +753,6 @@ public void decodeCertificateData(short expectedArrLen, byte[] buf, short bufOff Util.setShort(out, outOff, byteBlobLength); // length outOff += 2; index++; - } - } - - public short getCborBytesStartOffset(byte[] buf, short bufOffset, short bufLen) { - bufferRef[0] = buf; - scratchBuf[START_OFFSET] = bufOffset; - scratchBuf[LEN_OFFSET] = (short) (bufOffset + bufLen); - - readMajorTypeWithPayloadLength(BYTES_TYPE); - return scratchBuf[START_OFFSET]; + } } - } diff --git a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java b/Applet/src/com/android/javacard/kmdevice/KMDeviceUniqueKey.java similarity index 53% rename from Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java rename to Applet/src/com/android/javacard/kmdevice/KMDeviceUniqueKey.java index 258dc461..517a5b06 100644 --- a/Applet/JCardSimProvider/src/com/android/javacard/keymaster/KMAESKey.java +++ b/Applet/src/com/android/javacard/kmdevice/KMDeviceUniqueKey.java @@ -1,5 +1,5 @@ /* - * Copyright(C) 2020 The Android Open Source Project + * Copyright(C) 2021 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -13,27 +13,9 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; -import javacard.security.AESKey; +public interface KMDeviceUniqueKey { -public class KMAESKey implements KMMasterKey { - - private AESKey aesKey; - - public KMAESKey(AESKey key) { - aesKey = key; - } - - public void setKey(byte[] keyData, short kOff) { - aesKey.setKey(keyData, kOff); - } - - public byte getKey(byte[] keyData, short kOff) { - return aesKey.getKey(keyData, kOff); - } - - public short getKeySizeBits() { - return aesKey.getSize(); - } + short getPublicKey(byte[] buf, short offset); } diff --git a/Applet/src/com/android/javacard/kmdevice/KMEncoder.java b/Applet/src/com/android/javacard/kmdevice/KMEncoder.java new file mode 100644 index 00000000..1519fb61 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMEncoder.java @@ -0,0 +1,761 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.JCSystem; +import javacard.framework.Util; + +public class KMEncoder { + + // major types + private static final byte UINT_TYPE = 0x00; + private static final byte NEG_INT_TYPE = 0x20; + private static final byte BYTES_TYPE = 0x40; + private static final byte TSTR_TYPE = 0x60; + private static final byte ARRAY_TYPE = (byte) 0x80; + private static final byte MAP_TYPE = (byte) 0xA0; + private static final byte SIMPLE_VALUE_TYPE = (byte) 0xE0; + + // masks + private static final byte ADDITIONAL_MASK = 0x1F; + + // value length + private static final byte UINT8_LENGTH = (byte) 0x18; + private static final byte UINT16_LENGTH = (byte) 0x19; + private static final byte UINT32_LENGTH = (byte) 0x1A; + private static final byte UINT64_LENGTH = (byte) 0x1B; + private static final short TINY_PAYLOAD = 0x17; + private static final short SHORT_PAYLOAD = 0x100; + private static final short STACK_SIZE = (short) 50; + private static final short SCRATCH_BUF_SIZE = (short) 6; + private static final short START_OFFSET = (short) 0; + private static final short LEN_OFFSET = (short) 2; + private static final short STACK_PTR_OFFSET = (short) 4; + + private Object[] bufferRef; + private short[] scratchBuf; + private short[] stack; + + public KMEncoder() { + bufferRef = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET); + scratchBuf = JCSystem.makeTransientShortArray(SCRATCH_BUF_SIZE, JCSystem.CLEAR_ON_RESET); + stack = JCSystem.makeTransientShortArray(STACK_SIZE, JCSystem.CLEAR_ON_RESET); + bufferRef[0] = null; + scratchBuf[START_OFFSET] = (short) 0; + scratchBuf[LEN_OFFSET] = (short) 0; + scratchBuf[STACK_PTR_OFFSET] = (short) 0; + } + + private void push(short objPtr) { + stack[scratchBuf[STACK_PTR_OFFSET]] = objPtr; + scratchBuf[STACK_PTR_OFFSET]++; + } + + private short pop() { + scratchBuf[STACK_PTR_OFFSET]--; + return stack[scratchBuf[STACK_PTR_OFFSET]]; + } + + private void encode(short obj) { + push(obj); + } + + public short encode(short object, byte[] buffer, short startOff) { + scratchBuf[STACK_PTR_OFFSET] = 0; + bufferRef[0] = buffer; + scratchBuf[START_OFFSET] = startOff; + short len = (short) (buffer.length - startOff); + if ((len < 0) || len > KMKeymasterDevice.MAX_LENGTH) { + scratchBuf[LEN_OFFSET] = KMKeymasterDevice.MAX_LENGTH; + } else { + scratchBuf[LEN_OFFSET] = (short) buffer.length; + } + //this.length = (short)(startOff + length); + push(object); + encode(); + return (short) (scratchBuf[START_OFFSET] - startOff); + } + + // array{KMError.OK,Array{KMByteBlobs}} + public void encodeCertChain(byte[] buffer, short offset, short length, short errInt32Ptr, + short certChainOff, short certChainLen) { + bufferRef[0] = buffer; + scratchBuf[START_OFFSET] = offset; + scratchBuf[LEN_OFFSET] = (short) (offset + length + 1); + + writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements + encodeUnsignedInteger(errInt32Ptr); + writeMajorTypeWithLength(BYTES_TYPE, certChainLen); + writeBytes(buffer, certChainOff, certChainLen); + } + + //array{KMError.OK,Array{KMByteBlobs}} + public short encodeCert(byte[] certBuffer, short bufferStart, short certStart, short certLength, + short errInt32Ptr) { + bufferRef[0] = certBuffer; + scratchBuf[START_OFFSET] = certStart; + scratchBuf[LEN_OFFSET] = (short) (certStart + 1); + //Array header - 2 elements i.e. 1 byte + scratchBuf[START_OFFSET]--; + // errInt32Ptr - PowerResetStatus + ErrorCode - 4 bytes + // Integer header - 1 byte + scratchBuf[START_OFFSET] -= getEncodedIntegerLength(errInt32Ptr); + //Array header - 2 elements i.e. 1 byte + scratchBuf[START_OFFSET]--; + // Cert Byte blob - typically 2 bytes length i.e. 3 bytes header + scratchBuf[START_OFFSET] -= 2; + if (certLength >= SHORT_PAYLOAD) { + scratchBuf[START_OFFSET]--; + } + if (scratchBuf[START_OFFSET] < bufferStart) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + bufferStart = scratchBuf[START_OFFSET]; + writeMajorTypeWithLength(ARRAY_TYPE, (short) 2); // Array of 2 elements + encodeUnsignedInteger(errInt32Ptr); //PowerResetStatus + ErrorCode + writeMajorTypeWithLength(ARRAY_TYPE, (short) 1); // Array of 1 element + writeMajorTypeWithLength(BYTES_TYPE, certLength); // Cert Byte Blob of length + return bufferStart; + } + + public short encodeError(short errInt32Ptr, byte[] buffer, short startOff, short length) { + bufferRef[0] = buffer; + scratchBuf[START_OFFSET] = startOff; + scratchBuf[LEN_OFFSET] = (short) (startOff + length + 1); + encodeUnsignedInteger(errInt32Ptr); + return (short) (scratchBuf[START_OFFSET] - startOff); + } + + private void encode() { + while (scratchBuf[STACK_PTR_OFFSET] > 0) { + short exp = pop(); + byte type = KMType.getKMType(exp); + switch (type) { + case KMType.BYTE_BLOB_TYPE: + encodeByteBlob(exp); + break; + case KMType.TEXT_STRING_TYPE: + encodeTextString(exp); + break; + case KMType.INTEGER_TYPE: + encodeUnsignedInteger(exp); + break; + case KMType.SIMPLE_VALUE_TYPE: + encodeSimpleValue(exp); + break; + case KMType.NEG_INTEGER_TYPE: + encodeNegInteger(exp); + break; + case KMType.ARRAY_TYPE: + encodeArray(exp); + break; + case KMType.MAP_TYPE: + encodeMap(exp); + break; + case KMType.ENUM_TYPE: + encodeEnum(exp); + break; + case KMType.KEY_PARAM_TYPE: + encodeKeyParam(exp); + break; + case KMType.COSE_KEY_TYPE: + case KMType.COSE_HEADERS_TYPE: + case KMType.COSE_CERT_PAYLOAD_TYPE: + encodeCoseMap(exp); + break; + case KMType.KEY_CHAR_TYPE: + encodeKeyChar(exp); + break; + case KMType.VERIFICATION_TOKEN_TYPE: + encodeVeriToken(exp); + break; + case KMType.HMAC_SHARING_PARAM_TYPE: + encodeHmacSharingParam(exp); + break; + case KMType.HW_AUTH_TOKEN_TYPE: + encodeHwAuthToken(exp); + break; + case KMType.TAG_TYPE: + short tagType = KMTag.getKMTagType(exp); + encodeTag(tagType, exp); + break; + case KMType.COSE_PAIR_TAG_TYPE: + short cosePairTagType = KMCosePairTagType.getTagValueType(exp); + encodeCosePairTag(cosePairTagType, exp); + break; + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + } + } + + private void encodeCosePairIntegerTag(short exp) { + KMCosePairIntegerTag cosePairIntTag = KMCosePairIntegerTag.cast(exp); + // push key and value ptr in stack to get encoded. + encode(cosePairIntTag.getValuePtr()); + encode(cosePairIntTag.getKeyPtr()); + } + + private void encodeCosePairByteBlobTag(short exp) { + KMCosePairByteBlobTag cosePairByteBlobTag = KMCosePairByteBlobTag.cast(exp); + // push key and value ptr in stack to get encoded. + encode(cosePairByteBlobTag.getValuePtr()); + encode(cosePairByteBlobTag.getKeyPtr()); + } + + private void encodeCosePairCoseKeyTag(short exp) { + KMCosePairCoseKeyTag cosePairCoseKeyTag = KMCosePairCoseKeyTag.cast(exp); + // push key and value ptr in stack to get encoded. + encode(cosePairCoseKeyTag.getValuePtr()); + encode(cosePairCoseKeyTag.getKeyPtr()); + } + + private void encodeCosePairTextStringTag(short exp) { + KMCosePairTextStringTag cosePairTextStringTag = KMCosePairTextStringTag.cast(exp); + // push key and value ptr in stack to get encoded. + encode(cosePairTextStringTag.getValuePtr()); + encode(cosePairTextStringTag.getKeyPtr()); + } + + private void encodeCosePairSimpleValueTag(short exp) { + KMCosePairSimpleValueTag cosePairSimpleValueTag = KMCosePairSimpleValueTag.cast(exp); + // push key and value ptr in stack to get encoded. + encode(cosePairSimpleValueTag.getValuePtr()); + encode(cosePairSimpleValueTag.getKeyPtr()); + } + + private void encodeCosePairNegIntegerTag(short exp) { + KMCosePairNegIntegerTag cosePairNegIntegerTag = KMCosePairNegIntegerTag.cast(exp); + // push key and value ptr in stack to get encoded. + encode(cosePairNegIntegerTag.getValuePtr()); + encode(cosePairNegIntegerTag.getKeyPtr()); + } + + private void encodeCosePairTag(short tagType, short exp) { + switch (tagType) { + case KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE: + encodeCosePairByteBlobTag(exp); + return; + case KMType.COSE_PAIR_INT_TAG_TYPE: + encodeCosePairIntegerTag(exp); + return; + case KMType.COSE_PAIR_NEG_INT_TAG_TYPE: + encodeCosePairNegIntegerTag(exp); + return; + case KMType.COSE_PAIR_SIMPLE_VALUE_TAG_TYPE: + encodeCosePairSimpleValueTag(exp); + return; + case KMType.COSE_PAIR_TEXT_STR_TAG_TYPE: + encodeCosePairTextStringTag(exp); + return; + case KMType.COSE_PAIR_COSE_KEY_TAG_TYPE: + encodeCosePairCoseKeyTag(exp); + return; + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + } + + private void encodeTag(short tagType, short exp) { + switch (tagType) { + case KMType.BYTES_TAG: + encodeBytesTag(exp); + return; + case KMType.BOOL_TAG: + encodeBoolTag(exp); + return; + case KMType.UINT_TAG: + case KMType.ULONG_TAG: + case KMType.DATE_TAG: + encodeIntegerTag(exp); + return; + case KMType.ULONG_ARRAY_TAG: + case KMType.UINT_ARRAY_TAG: + encodeIntegerArrayTag(exp); + return; + case KMType.ENUM_TAG: + encodeEnumTag(exp); + return; + case KMType.ENUM_ARRAY_TAG: + encodeEnumArrayTag(exp); + return; + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + } + + private void encodeCoseMap(short obj) { + encodeAsMap(KMCoseMap.getVals(obj)); + } + + private void encodeKeyParam(short obj) { + encodeAsMap(KMKeyParameters.getVals(obj)); + } + + private void encodeKeyChar(short obj) { + encode(KMKeyCharacteristics.getVals(obj)); + } + + private void encodeVeriToken(short obj) { + encode(KMVerificationToken.getVals(obj)); + } + + private void encodeHwAuthToken(short obj) { + encode(KMHardwareAuthToken.getVals(obj)); + } + + private void encodeHmacSharingParam(short obj) { + encode(KMHmacSharingParameters.getVals(obj)); + } + + private void encodeArray(short obj) { + writeMajorTypeWithLength(ARRAY_TYPE, KMArray.length(obj)); + short len = KMArray.length(obj); + short index = (short) (len - 1); + short subObj; + while (index >= 0) { + subObj = KMArray.get(obj, index); + if (subObj != KMType.INVALID_VALUE) { + encode(subObj); + } + index--; + } + } + + public void encodeArrayOnlyLength(short arrLength, byte[] buffer, short offset, short length) { + bufferRef[0] = buffer; + scratchBuf[START_OFFSET] = offset; + scratchBuf[LEN_OFFSET] = (short) (offset + length + 1); + writeMajorTypeWithLength(ARRAY_TYPE, length); + } + + private void encodeMap(short obj) { + writeMajorTypeWithLength(MAP_TYPE, KMMap.length(obj)); + short len = KMMap.length(obj); + short index = (short) (len - 1); + while (index >= 0) { + encode(KMMap.getKeyValue(obj, index)); + encode(KMMap.getKey(obj, index)); + index--; + } + } + + private void encodeAsMap(short obj) { + writeMajorTypeWithLength(MAP_TYPE, KMArray.length(obj)); + short len = KMArray.length(obj); + short index = (short) (len - 1); + short inst; + while (index >= 0) { + inst = KMArray.get(obj, index); + encode(inst); + index--; + } + } + + private void encodeIntegerArrayTag(short obj) { + writeTag(KMIntegerArrayTag.getTagType(obj), KMIntegerArrayTag.getKey(obj)); + encode(KMIntegerArrayTag.getValues(obj)); + } + + private void encodeEnumArrayTag(short obj) { + writeTag(KMEnumArrayTag.getTagType(obj), KMEnumArrayTag.getKey(obj)); + encode(KMEnumArrayTag.getValues(obj)); + } + + private void encodeIntegerTag(short obj) { + writeTag(KMIntegerTag.getTagType(obj), KMIntegerTag.getKey(obj)); + encode(KMIntegerTag.getValue(obj)); + } + + private void encodeBytesTag(short obj) { + writeTag(KMByteTag.getTagType(obj), KMByteTag.getKey(obj)); + encode(KMByteTag.getValue(obj)); + } + + private void encodeBoolTag(short obj) { + writeTag(KMBoolTag.getTagType(obj), KMBoolTag.getKey(obj)); + writeByteValue(KMBoolTag.getVal(obj)); + } + + private void encodeEnumTag(short obj) { + writeTag(KMEnumTag.getTagType(obj), KMEnumTag.getKey(obj)); + writeByteValue(KMEnumTag.getValue(obj)); + } + + private void encodeEnum(short obj) { + writeByteValue(KMEnum.getVal(obj)); + } + + private void encodeInteger(byte[] val, short len, short startOff, short majorType) { + // find out the most significant byte + short msbIndex = findMsb(val, startOff, len); + // find the difference between most significant byte and len + short diff = (short) (len - msbIndex); + if (diff == 0) { + writeByte((byte) (majorType | 0)); + } else if ((diff == 1) && (val[(short) (startOff + msbIndex)] < UINT8_LENGTH) + && (val[(short) (startOff + msbIndex)] >= 0)) { + writeByte((byte) (majorType | val[(short) (startOff + msbIndex)])); + } else if (diff == 1) { + writeByte((byte) (majorType | UINT8_LENGTH)); + writeByte(val[(short) (startOff + msbIndex)]); + } else if (diff == 2) { + writeByte((byte) (majorType | UINT16_LENGTH)); + writeBytes(val, (short) (startOff + msbIndex), (short) 2); + } else if (diff <= 4) { + writeByte((byte) (majorType | UINT32_LENGTH)); + writeBytes(val, (short) (startOff + len - 4), (short) 4); + } else { + writeByte((byte) (majorType | UINT64_LENGTH)); + writeBytes(val, startOff, (short) 8); + } + } + + // find out the most significant byte + public short findMsb(byte[] buf, short offset, short len) { + byte index = 0; + // find out the most significant byte + while (index < len) { + if (buf[(short) (offset + index)] > 0) { + break; + } else if (buf[(short) (offset + index)] < 0) { + break; + } + index++; // index will be equal to len if value is 0. + } + return index; + } + + public void computeOnesCompliment(short msbIndex, byte[] buf, short offset, short len) { + // find the difference between most significant byte and len + short diff = (short) (len - msbIndex); + short correctedOffset = offset; + short correctedLen = len; + // The offset and length of the buffer for Short and Byte types should be + // corrected before computing the 1s compliment. The reason for doing this + // is to avoid computation of 1s compliment on the MSB bytes. + if (diff == 0) { + // Fail + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } else if (diff == 1) { + correctedOffset = (short) (offset + 3); + correctedLen = 1; + } else if (diff == 2) { + correctedOffset = (short) (offset + 2); + correctedLen = 2; + } + // For int and long values the len and offset values are always proper. + // int - 4 bytes + // long - 8 bytes. + KMUtils.computeOnesCompliment(buf, correctedOffset, correctedLen); + } + + // Encoding rule for negative Integers is taken from + // https://datatracker.ietf.org/doc/html/rfc7049#section-2.1, Major type 1. + public short handleNegIntegerEncodingRule(byte[] buf, short offset, short len) { + short msbIndex = findMsb(buf, offset, len); + // Do -1-N, where N is the negative integer + // The value of -1-N is equal to the 1s compliment of N. + computeOnesCompliment(msbIndex, buf, offset, len); + return msbIndex; + } + + // Note: This function modifies the buffer's actual value. So after encoding, restore the original + // value by calling removeNegIntegerEncodingRule(). + public short applyNegIntegerEncodingRule(byte[] buf, short offset, short len) { + return handleNegIntegerEncodingRule(buf, offset, len); + } + + public void removeNegIntegerEncodingRule(byte[] buf, short offset, short len, + short origMsbIndex) { + // Do -1-N, where N is the negative integer + // The value of -1-N is equal to the 1s compliment of N. + computeOnesCompliment(origMsbIndex, buf, offset, len); + } + + private void encodeNegInteger(short obj) { + byte[] val = KMNInteger.getBuffer(obj); + short len = KMNInteger.length(obj); + short startOff = KMNInteger.getStartOff(obj); + short msbIndex = applyNegIntegerEncodingRule(val, startOff, len); + encodeInteger(val, len, startOff, NEG_INT_TYPE); + removeNegIntegerEncodingRule(val, startOff, len, msbIndex); + } + + private void encodeUnsignedInteger(short obj) { + byte[] val = KMInteger.getBuffer(obj); + short len = KMInteger.length(obj); + short startOff = KMInteger.getStartOff(obj); + encodeInteger(val, len, startOff, UINT_TYPE); + } + + private void encodeSimpleValue(short obj) { + byte value = KMSimpleValue.getValue(obj); + writeByte((byte) (SIMPLE_VALUE_TYPE | value)); + } + + private void encodeTextString(short obj) { + writeMajorTypeWithLength(TSTR_TYPE, KMTextString.length(obj)); + writeBytes(KMTextString.getBuffer(obj), KMTextString.getStartOff(obj), + KMTextString.length(obj)); + } + + public short encodeByteBlobHeader(short bufLen, byte[] buffer, short startOff, short length) { + bufferRef[0] = buffer; + scratchBuf[START_OFFSET] = startOff; + scratchBuf[LEN_OFFSET] = (short) (startOff + length + 1); + writeMajorTypeWithLength(BYTES_TYPE, bufLen); + return (short) (scratchBuf[START_OFFSET] - startOff); + } + + private void encodeByteBlob(short obj) { + writeMajorTypeWithLength(BYTES_TYPE, KMByteBlob.length(obj)); + writeBytes(KMByteBlob.getBuffer(obj), KMByteBlob.getStartOff(obj), + KMByteBlob.length(obj)); + } + + public short getEncodedLength(short ptr) { + short len = 0; + short type = KMType.getKMType(ptr); + switch (type) { + case KMType.BYTE_BLOB_TYPE: + len += getEncodedByteBlobLength(ptr); + break; + case KMType.TEXT_STRING_TYPE: + len += getEncodedTextStringLength(ptr); + break; + case KMType.INTEGER_TYPE: + len += getEncodedIntegerLength(ptr); + break; + case KMType.NEG_INTEGER_TYPE: + len += getEncodedNegIntegerLength(ptr); + break; + case KMType.ARRAY_TYPE: + len += getEncodedArrayLen(ptr); + break; + case KMType.MAP_TYPE: + len += getEncodedMapLen(ptr); + break; + case KMType.COSE_PAIR_TAG_TYPE: + short cosePairTagType = KMCosePairTagType.getTagValueType(ptr); + len += getEncodedCosePairTagLen(cosePairTagType, ptr); + break; + case KMType.COSE_KEY_TYPE: + case KMType.COSE_HEADERS_TYPE: + case KMType.COSE_CERT_PAYLOAD_TYPE: + len += getEncodedArrayLen(KMCoseMap.getVals(ptr)); + break; + default: + KMException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return len; + } + + private short getEncodedCosePairTagLen(short tagType, short exp) { + short length = 0; + switch (tagType) { + case KMType.COSE_PAIR_BYTE_BLOB_TAG_TYPE: + KMCosePairByteBlobTag cosePairByteBlobTag = KMCosePairByteBlobTag.cast(exp); + length = getEncodedLength(cosePairByteBlobTag.getKeyPtr()); + length += getEncodedLength(cosePairByteBlobTag.getValuePtr()); + break; + case KMType.COSE_PAIR_INT_TAG_TYPE: + KMCosePairIntegerTag cosePairIntTag = KMCosePairIntegerTag.cast(exp); + length = getEncodedLength(cosePairIntTag.getValuePtr()); + length += getEncodedLength(cosePairIntTag.getKeyPtr()); + break; + case KMType.COSE_PAIR_NEG_INT_TAG_TYPE: + KMCosePairNegIntegerTag cosePairNegIntegerTag = KMCosePairNegIntegerTag.cast(exp); + length = getEncodedLength(cosePairNegIntegerTag.getValuePtr()); + length += getEncodedLength(cosePairNegIntegerTag.getKeyPtr()); + break; + case KMType.COSE_PAIR_SIMPLE_VALUE_TAG_TYPE: + KMCosePairSimpleValueTag cosePairSimpleValueTag = KMCosePairSimpleValueTag.cast(exp); + length = getEncodedLength(cosePairSimpleValueTag.getValuePtr()); + length += getEncodedLength(cosePairSimpleValueTag.getKeyPtr()); + break; + case KMType.COSE_PAIR_TEXT_STR_TAG_TYPE: + KMCosePairTextStringTag cosePairTextStringTag = KMCosePairTextStringTag.cast(exp); + length = getEncodedLength(cosePairTextStringTag.getValuePtr()); + length += getEncodedLength(cosePairTextStringTag.getKeyPtr()); + break; + case KMType.COSE_PAIR_COSE_KEY_TAG_TYPE: + KMCosePairCoseKeyTag cosePairCoseKeyTag = KMCosePairCoseKeyTag.cast(exp); + length = getEncodedLength(cosePairCoseKeyTag.getValuePtr()); + length += getEncodedLength(cosePairCoseKeyTag.getKeyPtr()); + break; + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + return length; + } + + private short getEncodedMapLen(short obj) { + short mapLen = KMMap.length(obj); + short len = getEncodedBytesLength(mapLen); + short index = 0; + while (index < mapLen) { + len += getEncodedLength(KMMap.getKey(obj, index)); + len += getEncodedLength(KMMap.getKeyValue(obj, index)); + index++; + } + return len; + } + + private short getEncodedArrayLen(short obj) { + short arrLen = KMArray.length(obj); + short len = getEncodedBytesLength(arrLen); + short index = 0; + short subObj; + while (index < arrLen) { + subObj = KMArray.get(obj, index); + if (subObj != KMType.INVALID_VALUE) { + len += getEncodedLength(subObj); + } + index++; + } + return len; + } + + private short getEncodedBytesLength(short len) { + short ret = 0; + if (len < KMEncoder.UINT8_LENGTH && len >= 0) { + ret = 1; + } else if (len >= KMEncoder.UINT8_LENGTH && len <= (short) 0x00FF) { + ret = 2; + } else if (len > (short) 0x00FF && len <= (short) 0x7FFF) { + ret = 3; + } else { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + return ret; + } + + private short getEncodedByteBlobLength(short obj) { + short len = KMByteBlob.length(obj); + len += getEncodedBytesLength(len); + return len; + } + + private short getEncodedTextStringLength(short obj) { + //short len = KMTextString.byteBlobLength(obj); + //len += getEncodedBytesLength(len); + return 0;//len; + } + + private short getEncodedNegIntegerLength(short obj) { + byte[] buf = KMNInteger.getBuffer(obj); + short len = KMNInteger.length(obj); + short offset = KMNInteger.getStartOff(obj); + short msbIndex = applyNegIntegerEncodingRule(buf, offset, len); + short ret = getEncodedIntegerLength(buf, offset, len); + removeNegIntegerEncodingRule(buf, offset, len, msbIndex); + return ret; + } + + private short getEncodedIntegerLength(byte[] val, short startOff, short len) { + short msbIndex = findMsb(val, startOff, len); + // find the difference between most significant byte and len + short diff = (short) (len - msbIndex); + switch (diff) { + case 0: + case 1: //Byte + if ((val[(short) (startOff + msbIndex)] < KMEncoder.UINT8_LENGTH) && + (val[(short) (startOff + msbIndex)] >= 0)) { + return (short) 1; + } else { + return (short) 2; + } + case 2: //Short + return (short) 3; + case 3: + case 4: //UInt32 + return (short) 5; + case 5: + case 6: + case 7: + case 8: //UInt64 + return (short) 9; + default: + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + return 0; + } + + private short getEncodedIntegerLength(short obj) { + byte[] val = KMInteger.getBuffer(obj); + short len = KMInteger.length(obj); + short startOff = KMInteger.getStartOff(obj); + return getEncodedIntegerLength(val, startOff, len); + } + + private void writeByteValue(byte val) { + if ((val < UINT8_LENGTH) && (val >= 0)) { + writeByte((byte) (UINT_TYPE | val)); + } else { + writeByte((byte) (UINT_TYPE | UINT8_LENGTH)); + writeByte(val); + } + } + + private void writeTag(short tagType, short tagKey) { + writeByte((byte) (UINT_TYPE | UINT32_LENGTH)); + writeShort(tagType); + writeShort(tagKey); + } + + private void writeMajorTypeWithLength(byte majorType, short len) { + if (len <= TINY_PAYLOAD) { + writeByte((byte) (majorType | (byte) (len & ADDITIONAL_MASK))); + } else if (len < SHORT_PAYLOAD) { + writeByte((byte) (majorType | UINT8_LENGTH)); + writeByte((byte) (len & 0xFF)); + } else { + writeByte((byte) (majorType | UINT16_LENGTH)); + writeShort(len); + } + } + + private void writeBytes(byte[] buf, short start, short len) { + byte[] buffer = (byte[]) bufferRef[0]; + Util.arrayCopyNonAtomic(buf, start, buffer, scratchBuf[START_OFFSET], len); + incrementStartOff(len); + } + + private void writeShort(short val) { + byte[] buffer = (byte[]) bufferRef[0]; + buffer[scratchBuf[START_OFFSET]] = (byte) ((val >> 8) & 0xFF); + incrementStartOff((short) 1); + buffer[scratchBuf[START_OFFSET]] = (byte) ((val & 0xFF)); + incrementStartOff((short) 1); + } + + private void writeByte(byte val) { + byte[] buffer = (byte[]) bufferRef[0]; + buffer[scratchBuf[START_OFFSET]] = val; + incrementStartOff((short) 1); + } + + private void incrementStartOff(short inc) { + scratchBuf[START_OFFSET] += inc; + if (scratchBuf[START_OFFSET] >= scratchBuf[LEN_OFFSET]) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + } +} diff --git a/Applet/src/com/android/javacard/keymaster/KMEnum.java b/Applet/src/com/android/javacard/kmdevice/KMEnum.java similarity index 61% rename from Applet/src/com/android/javacard/keymaster/KMEnum.java rename to Applet/src/com/android/javacard/kmdevice/KMEnum.java index a55c243d..d051f991 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEnum.java +++ b/Applet/src/com/android/javacard/kmdevice/KMEnum.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -30,27 +30,32 @@ public class KMEnum extends KMType { private static KMEnum prototype; // The allowed enum types. - private static final short[] types = { - HARDWARE_TYPE, - KEY_FORMAT, - KEY_DERIVATION_FUNCTION, - VERIFIED_BOOT_STATE, - DEVICE_LOCKED, - USER_AUTH_TYPE, - PURPOSE, - ECCURVE - }; + private static short[] types; private static Object[] enums = null; private KMEnum() { } + public static void initStatics() { + types = new short[]{ + HARDWARE_TYPE, + KEY_FORMAT, + KEY_DERIVATION_FUNCTION, + VERIFIED_BOOT_STATE, + DEVICE_LOCKED, + USER_AUTH_TYPE, + PURPOSE, + ECCURVE, + RULE + }; + } + private static KMEnum proto(short ptr) { if (prototype == null) { prototype = new KMEnum(); } - instanceTable[KM_ENUM_OFFSET] = ptr; + KMType.instanceTable[KM_ENUM_OFFSET] = ptr; return prototype; } @@ -60,17 +65,21 @@ public static short exp() { } public short length() { - return Util.getShort(heap, (short) (instanceTable[KM_ENUM_OFFSET] + 1)); + return Util.getShort(heap, (short) (KMType.instanceTable[KM_ENUM_OFFSET] + 1)); + } + + private static KMEnum cast(short ptr) { + validate(ptr); + return proto(ptr); } - public static KMEnum cast(short ptr) { + public static void validate(short ptr) { if (heap[ptr] != ENUM_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } if (Util.getShort(heap, (short) (ptr + 1)) == INVALID_VALUE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } - return proto(ptr); } public static short instance(short enumType) { @@ -96,40 +105,41 @@ private static void create() { // The allowed enum values to corresponding enum types in the types array. if (enums == null) { enums = - new Object[]{ - new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX}, - new byte[]{X509, PKCS8, RAW}, - new byte[]{ - DERIVATION_NONE, - RFC5869_SHA256, - ISO18033_2_KDF1_SHA1, - ISO18033_2_KDF1_SHA256, - ISO18033_2_KDF2_SHA1, - ISO18033_2_KDF2_SHA256 - }, - new byte[]{SELF_SIGNED_BOOT, VERIFIED_BOOT, UNVERIFIED_BOOT, FAILED_BOOT}, - new byte[]{DEVICE_LOCKED_TRUE, DEVICE_LOCKED_FALSE}, - new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH}, - new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY}, - new byte[]{P_224, P_256, P_384, P_521} - }; + new Object[]{ + new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX}, + new byte[]{X509, PKCS8, RAW}, + new byte[]{ + DERIVATION_NONE, + RFC5869_SHA256, + ISO18033_2_KDF1_SHA1, + ISO18033_2_KDF1_SHA256, + ISO18033_2_KDF2_SHA1, + ISO18033_2_KDF2_SHA256 + }, + new byte[]{SELF_SIGNED_BOOT, VERIFIED_BOOT, UNVERIFIED_BOOT, FAILED_BOOT}, + new byte[]{DEVICE_LOCKED_TRUE, DEVICE_LOCKED_FALSE}, + new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH}, + new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY, AGREE_KEY}, + new byte[]{P_224, P_256, P_384, P_521}, + new byte[]{IGNORE_INVALID_TAGS, FAIL_ON_INVALID_TAGS} + }; } } public void setVal(byte val) { - heap[(short) (instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE + 2)] = val; + heap[(short) (KMType.instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE + 2)] = val; } public byte getVal() { - return heap[(short) (instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE + 2)]; + return heap[(short) (KMType.instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE + 2)]; } public void setEnumType(short type) { - Util.setShort(heap, (short) (instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE), type); + Util.setShort(heap, (short) (KMType.instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE), type); } public short getEnumType() { - return Util.getShort(heap, (short) (instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE)); + return Util.getShort(heap, (short) (KMType.instanceTable[KM_ENUM_OFFSET] + TLV_HEADER_SIZE)); } // isValidTag enumeration keys and values. @@ -162,4 +172,22 @@ private static boolean validateEnum(short key, byte value) { // return false if key does not exist return false; } + + public static void setVal(short bPtr, byte val) { + KMEnum.cast(bPtr).setVal(val); + } + + public static byte getVal(short bPtr) { + return KMEnum.cast(bPtr).getVal(); + } + + public static void setEnumType(short bPtr, short type) { + KMEnum.cast(bPtr).setEnumType(type); + } + + public static short getEnumType(short bPtr) { + return KMEnum.cast(bPtr).getEnumType(); + } + + } diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java b/Applet/src/com/android/javacard/kmdevice/KMEnumArrayTag.java similarity index 73% rename from Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java rename to Applet/src/com/android/javacard/kmdevice/KMEnumArrayTag.java index cd3981c4..3a8713cc 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEnumArrayTag.java +++ b/Applet/src/com/android/javacard/kmdevice/KMEnumArrayTag.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -29,11 +29,15 @@ public class KMEnumArrayTag extends KMTag { private static KMEnumArrayTag prototype; // The allowed tag keys of enum array type. - private static final short[] tags = {PURPOSE, BLOCK_MODE, DIGEST, PADDING}; + private static short[] tags; // Tag Values. private static Object[] enums = null; + public static void initStatics() { + tags = new short[]{PURPOSE, BLOCK_MODE, DIGEST, PADDING, RSA_OAEP_MGF_DIGEST}; + } + private KMEnumArrayTag() { } @@ -41,7 +45,7 @@ private static KMEnumArrayTag proto(short ptr) { if (prototype == null) { prototype = new KMEnumArrayTag(); } - instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] = ptr; + KMType.instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] = ptr; return prototype; } @@ -69,15 +73,14 @@ public static short instance(short key, short byteBlob) { if (allowedVals == null) { ISOException.throwIt(ISO7816.SW_DATA_INVALID); } - KMByteBlob blob = KMByteBlob.cast(byteBlob); short byteIndex = 0; short enumIndex; boolean validValue; - while (byteIndex < blob.length()) { + while (byteIndex < KMByteBlob.length(byteBlob)) { enumIndex = 0; validValue = false; while (enumIndex < allowedVals.length) { - if (blob.get(byteIndex) == allowedVals[enumIndex]) { + if (KMByteBlob.get(byteBlob, byteIndex) == allowedVals[enumIndex]) { validValue = true; break; } @@ -95,7 +98,7 @@ public static short instance(short key, short byteBlob) { return ptr; } - public static KMEnumArrayTag cast(short ptr) { + private static KMEnumArrayTag cast(short ptr) { if (heap[ptr] != TAG_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -106,7 +109,8 @@ public static KMEnumArrayTag cast(short ptr) { } public short getKey() { - return Util.getShort(heap, (short) (instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); } public short getTagType() { @@ -114,26 +118,30 @@ public short getTagType() { } public short getValues() { - return Util.getShort(heap, (short) (instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); } public short length() { - short blobPtr = Util.getShort(heap, (short) (instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); - return KMByteBlob.cast(blobPtr).length(); + short blobPtr = Util.getShort(heap, + (short) (KMType.instanceTable[KM_ENUM_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); + return KMByteBlob.length(blobPtr); } public static void create() { if (enums == null) { // allowed tag values. enums = - new Object[]{ - new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY}, - new byte[]{ECB, CBC, CTR, GCM}, - new byte[]{DIGEST_NONE, MD5, SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512}, - new byte[]{ - PADDING_NONE, RSA_OAEP, RSA_PSS, RSA_PKCS1_1_5_ENCRYPT, RSA_PKCS1_1_5_SIGN, PKCS7 - } - }; + new Object[]{ + new byte[]{ENCRYPT, DECRYPT, SIGN, VERIFY, WRAP_KEY, ATTEST_KEY, AGREE_KEY}, + new byte[]{ECB, CBC, CTR, GCM}, + new byte[]{DIGEST_NONE, MD5, SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512}, + new byte[]{ + PADDING_NONE, RSA_OAEP, RSA_PSS, RSA_PKCS1_1_5_ENCRYPT, RSA_PKCS1_1_5_SIGN, PKCS7 + }, + new byte[]{DIGEST_NONE, MD5, SHA1, SHA2_224, SHA2_256, SHA2_384, SHA2_512}, + + }; } } @@ -149,20 +157,20 @@ private static byte[] getAllowedEnumValues(short key) { } public static short getValues(short tagId, short params, byte[] buf, short start) { - short tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, tagId, params); + short tag = KMKeyParameters.findTag(params, KMType.ENUM_ARRAY_TAG, tagId); if (tag == KMType.INVALID_VALUE) { return KMType.INVALID_VALUE; } tag = KMEnumArrayTag.cast(tag).getValues(); - return KMByteBlob.cast(tag).getValues(buf, start); + return KMByteBlob.getValues(tag, buf, start); } public short get(short index) { - return KMByteBlob.cast(getValues()).get(index); + return KMByteBlob.get(getValues(), index); } public static boolean contains(short tagId, short tagValue, short params) { - short tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, tagId, params); + short tag = KMKeyParameters.findTag(params, KMType.ENUM_ARRAY_TAG, tagId); if (tag != KMType.INVALID_VALUE) { short index = 0; while (index < KMEnumArrayTag.cast(tag).length()) { @@ -176,7 +184,7 @@ public static boolean contains(short tagId, short tagValue, short params) { } public static short length(short tagId, short params) { - short tag = KMKeyParameters.findTag(KMType.ENUM_ARRAY_TAG, tagId, params); + short tag = KMKeyParameters.findTag(params, KMType.ENUM_ARRAY_TAG, tagId); if (tag != KMType.INVALID_VALUE) { return KMEnumArrayTag.cast(tag).length(); } @@ -233,10 +241,10 @@ public boolean isValidPaddingModes(byte alg) { switch (alg) { case KMType.RSA: if (padding != KMType.RSA_OAEP - && padding != KMType.PADDING_NONE - && padding != KMType.RSA_PKCS1_1_5_SIGN - && padding != KMType.RSA_PKCS1_1_5_ENCRYPT - && padding != KMType.RSA_PSS) { + && padding != KMType.PADDING_NONE + && padding != KMType.RSA_PKCS1_1_5_SIGN + && padding != KMType.RSA_PKCS1_1_5_ENCRYPT + && padding != KMType.RSA_PSS) { return false; } break; @@ -298,4 +306,30 @@ public boolean isValidBlockMode(byte alg) { return false; } } + + public static short get(short bPtr, short index) { + return KMEnumArrayTag.cast(bPtr).get(index); + } + + public static short length(short bPtr) { + return KMEnumArrayTag.cast(bPtr).length(); + } + + public static short getValues(short bPtr) { + return KMEnumArrayTag.cast(bPtr).getValues(); + } + + public static short getTagType(short bPtr) { + return KMType.ENUM_ARRAY_TAG; + } + + public static short getKey(short bPtr) { + return KMEnumArrayTag.cast(bPtr).getKey(); + } + + public static boolean contains(short bPtr, short tagValue) { + return KMEnumArrayTag.cast(bPtr).contains(tagValue); + } + + } diff --git a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java b/Applet/src/com/android/javacard/kmdevice/KMEnumTag.java similarity index 73% rename from Applet/src/com/android/javacard/keymaster/KMEnumTag.java rename to Applet/src/com/android/javacard/kmdevice/KMEnumTag.java index f69aaf51..b796832c 100644 --- a/Applet/src/com/android/javacard/keymaster/KMEnumTag.java +++ b/Applet/src/com/android/javacard/kmdevice/KMEnumTag.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -29,14 +29,17 @@ public class KMEnumTag extends KMTag { private static KMEnumTag prototype; - // The allowed tag keys of type enum tag. - private static final short[] tags = { - ALGORITHM, ECCURVE, BLOB_USAGE_REQ, USER_AUTH_TYPE, ORIGIN, HARDWARE_TYPE - }; + private static short[] tags; private static Object[] enums = null; + public static void initStatics() { + tags = new short[]{ + ALGORITHM, ECCURVE, BLOB_USAGE_REQ, USER_AUTH_TYPE, ORIGIN, HARDWARE_TYPE + }; + } + private KMEnumTag() { } @@ -44,7 +47,7 @@ private static KMEnumTag proto(short ptr) { if (prototype == null) { prototype = new KMEnumTag(); } - instanceTable[KM_ENUM_TAG_OFFSET] = ptr; + KMType.instanceTable[KM_ENUM_TAG_OFFSET] = ptr; return prototype; } @@ -76,7 +79,7 @@ public static short instance(short key, byte val) { return ptr; } - public static KMEnumTag cast(short ptr) { + private static KMEnumTag cast(short ptr) { if (heap[ptr] != TAG_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -87,7 +90,8 @@ public static KMEnumTag cast(short ptr) { } public short getKey() { - return Util.getShort(heap, (short) (instanceTable[KM_ENUM_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_ENUM_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); } public short getTagType() { @@ -95,21 +99,21 @@ public short getTagType() { } public byte getValue() { - return heap[(short) (instanceTable[KM_ENUM_TAG_OFFSET] + TLV_HEADER_SIZE + 4)]; + return heap[(short) (KMType.instanceTable[KM_ENUM_TAG_OFFSET] + TLV_HEADER_SIZE + 4)]; } public static void create() { if (enums == null) { // enum tag values. enums = - new Object[]{ - new byte[]{RSA, DES, EC, AES, HMAC}, - new byte[]{P_224, P_256, P_384, P_521}, - new byte[]{STANDALONE, REQUIRES_FILE_SYSTEM}, - new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH, ANY}, - new byte[]{GENERATED, DERIVED, IMPORTED, UNKNOWN, SECURELY_IMPORTED}, - new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX} - }; + new Object[]{ + new byte[]{RSA, DES, EC, AES, HMAC}, + new byte[]{P_224, P_256, P_384, P_521}, + new byte[]{STANDALONE, REQUIRES_FILE_SYSTEM}, + new byte[]{USER_AUTH_NONE, PASSWORD, FINGERPRINT, BOTH, ANY}, + new byte[]{GENERATED, DERIVED, IMPORTED, UNKNOWN, SECURELY_IMPORTED}, + new byte[]{SOFTWARE, TRUSTED_ENVIRONMENT, STRONGBOX} + }; } } @@ -144,11 +148,24 @@ private static boolean validateEnum(short key, byte value) { return false; } - public static short getValue(short tagType, short keyParameters) { - short tagPtr = KMKeyParameters.findTag(KMType.ENUM_TAG, tagType, keyParameters); + public static short getValue(short tagKey, short keyParameters) { + short tagPtr = KMKeyParameters.findTag(keyParameters, KMType.ENUM_TAG, tagKey); if (tagPtr != KMType.INVALID_VALUE) { return heap[(short) (tagPtr + TLV_HEADER_SIZE + 4)]; } return KMType.INVALID_VALUE; } + + public static byte getValue(short bPtr) { + return KMEnumTag.cast(bPtr).getValue(); + } + + public static short getTagType(short bPtr) { + return KMEnumTag.cast(bPtr).getTagType(); + } + + public static short getKey(short bPtr) { + return KMEnumTag.cast(bPtr).getKey(); + } + } diff --git a/Applet/src/com/android/javacard/kmdevice/KMError.java b/Applet/src/com/android/javacard/kmdevice/KMError.java new file mode 100644 index 00000000..6d932a40 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMError.java @@ -0,0 +1,137 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmdevice; + +/** + * KMError includes all the error codes from android keymaster hal specifications. The values are + * positive unlike negative values in keymaster hal. + */ +public class KMError { + + public static final short OK = 0; + public static final short UNSUPPORTED_PURPOSE = 2; + public static final short INCOMPATIBLE_PURPOSE = 3; + public static final short UNSUPPORTED_ALGORITHM = 4; + public static final short INCOMPATIBLE_ALGORITHM = 5; + public static final short UNSUPPORTED_KEY_SIZE = 6; + public static final short UNSUPPORTED_BLOCK_MODE = 7; + public static final short INCOMPATIBLE_BLOCK_MODE = 8; + public static final short UNSUPPORTED_MAC_LENGTH = 9; + public static final short UNSUPPORTED_PADDING_MODE = 10; + public static final short INCOMPATIBLE_PADDING_MODE = 11; + public static final short UNSUPPORTED_DIGEST = 12; + public static final short INCOMPATIBLE_DIGEST = 13; + + public static final short UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM = 19; + + /** + * For PKCS8 & PKCS12 + */ + public static final short INVALID_INPUT_LENGTH = 21; + + + public static final short KEY_USER_NOT_AUTHENTICATED = 26; + public static final short INVALID_OPERATION_HANDLE = 28; + public static final short VERIFICATION_FAILED = 30; + public static final short TOO_MANY_OPERATIONS = 31; + public static final short INVALID_KEY_BLOB = 33; + + public static final short INVALID_ARGUMENT = 38; + public static final short UNSUPPORTED_TAG = 39; + public static final short INVALID_TAG = 40; + public static final short IMPORT_PARAMETER_MISMATCH = 44; + public static final short OPERATION_CANCELLED = 46; + + public static final short MISSING_NONCE = 51; + public static final short INVALID_NONCE = 52; + public static final short MISSING_MAC_LENGTH = 53; + public static final short CALLER_NONCE_PROHIBITED = 55; + public static final short KEY_MAX_OPS_EXCEEDED = 56; + public static final short INVALID_MAC_LENGTH = 57; + public static final short MISSING_MIN_MAC_LENGTH = 58; + public static final short UNSUPPORTED_MIN_MAC_LENGTH = 59; + public static final short UNSUPPORTED_EC_CURVE = 61; + public static final short KEY_REQUIRES_UPGRADE = 62; + + public static final short ATTESTATION_CHALLENGE_MISSING = 63; + public static final short ATTESTATION_APPLICATION_ID_MISSING = 65; + public static final short CANNOT_ATTEST_IDS = 66; + public static final short ROLLBACK_RESISTANCE_UNAVAILABLE = 67; + + public static final short NO_USER_CONFIRMATION = 71; + public static final short DEVICE_LOCKED = 72; + public static final short EARLY_BOOT_ENDED = 73; + public static final short ATTESTATION_KEYS_NOT_PROVISIONED = 74; + public static final short INCOMPATIBLE_MGF_DIGEST = 78; + public static final short UNSUPPORTED_MGF_DIGEST = 79; + public static final short MISSING_NOT_BEFORE = 80; + public static final short MISSING_NOT_AFTER = 81; + public static final short MISSING_ISSUER_SUBJECT_NAME = 82; + public static final short INVALID_ISSUER_SUBJECT_NAME = 83; + + public static final short UNIMPLEMENTED = 100; + public static final short UNKNOWN_ERROR = 1000; + + //Extended errors + public static final short SW_CONDITIONS_NOT_SATISFIED = 10001; + public static final short UNSUPPORTED_CLA = 10002; + public static final short INVALID_P1P2 = 10003; + public static final short UNSUPPORTED_INSTRUCTION = 10004; + public static final short CMD_NOT_ALLOWED = 10005; + public static final short SW_WRONG_LENGTH = 10006; + public static final short INVALID_DATA = 10007; + + //Crypto errors + public static final short CRYPTO_ILLEGAL_USE = 10008; + public static final short CRYPTO_ILLEGAL_VALUE = 10009; + public static final short CRYPTO_INVALID_INIT = 10010; + public static final short CRYPTO_NO_SUCH_ALGORITHM = 10011; + public static final short CRYPTO_UNINITIALIZED_KEY = 10012; + //Generic Unknown error. + public static final short GENERIC_UNKNOWN_ERROR = 10013; + public static final short PUBLIC_KEY_OPERATION = 10014; + + // Remote key provisioning error codes. + public static final short STATUS_FAILED = 32000; + public static final short STATUS_INVALID_MAC = 32001; + public static final short STATUS_PRODUCTION_KEY_IN_TEST_REQUEST = 32002; + public static final short STATUS_TEST_KEY_IN_PRODUCTION_REQUEST = 32003; + public static final short STATUS_INVALID_EEK = 32004; + public static final short INVALID_STATE = 32005; + + public static short translate(short err) { + switch (err) { + case SW_CONDITIONS_NOT_SATISFIED: + case UNSUPPORTED_CLA: + case INVALID_P1P2: + case INVALID_DATA: + case CRYPTO_ILLEGAL_USE: + case CRYPTO_ILLEGAL_VALUE: + case CRYPTO_INVALID_INIT: + case CRYPTO_UNINITIALIZED_KEY: + case GENERIC_UNKNOWN_ERROR: + case UNKNOWN_ERROR: + return UNKNOWN_ERROR; + case CRYPTO_NO_SUCH_ALGORITHM: + return UNSUPPORTED_ALGORITHM; + case UNSUPPORTED_INSTRUCTION: + case CMD_NOT_ALLOWED: + case SW_WRONG_LENGTH: + return UNIMPLEMENTED; + } + return err; + } +} diff --git a/Applet/src/com/android/javacard/keymaster/KMException.java b/Applet/src/com/android/javacard/kmdevice/KMException.java similarity index 70% rename from Applet/src/com/android/javacard/keymaster/KMException.java rename to Applet/src/com/android/javacard/kmdevice/KMException.java index bf588aba..36a3eb55 100644 --- a/Applet/src/com/android/javacard/keymaster/KMException.java +++ b/Applet/src/com/android/javacard/kmdevice/KMException.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.JCSystem; @@ -24,33 +24,34 @@ */ public class KMException extends RuntimeException { - public short[] reason; - public static KMException exception; + private static short[] reason; + private static KMException exception; private KMException() { - reason = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET); } - public static void throwIt(short reason) { - instance(); - exception.reason[(short) 0] = reason; - throw exception; + public static short reason() { + return reason[0]; } + public static void throwIt(short e) { + if (reason == null) { + reason = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_DESELECT); + } + if (exception == null) { + exception = new KMException(); + } + reason[0] = e; + throw exception; + } +/* public static KMException instance() { if (exception == null) { exception = new KMException(); } return exception; } - - public void clear() { - exception.reason[(short) 0] = KMError.UNKNOWN_ERROR; - } - - public static short getReason() { - return exception.reason[0]; - } +*/ } diff --git a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java b/Applet/src/com/android/javacard/kmdevice/KMHardwareAuthToken.java similarity index 50% rename from Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java rename to Applet/src/com/android/javacard/kmdevice/KMHardwareAuthToken.java index 900e9069..05119173 100644 --- a/Applet/src/com/android/javacard/keymaster/KMHardwareAuthToken.java +++ b/Applet/src/com/android/javacard/kmdevice/KMHardwareAuthToken.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -43,13 +43,12 @@ private KMHardwareAuthToken() { public static short exp() { short arrPtr = KMArray.instance((short) 6); - KMArray arr = KMArray.cast(arrPtr); - arr.add(CHALLENGE, KMInteger.exp()); - arr.add(USER_ID, KMInteger.exp()); - arr.add(AUTHENTICATOR_ID, KMInteger.exp()); - arr.add(HW_AUTHENTICATOR_TYPE, KMEnum.instance(KMType.USER_AUTH_TYPE)); - arr.add(TIMESTAMP, KMInteger.exp()); - arr.add(MAC, KMByteBlob.exp()); + KMArray.add(arrPtr, CHALLENGE, KMInteger.exp()); + KMArray.add(arrPtr, USER_ID, KMInteger.exp()); + KMArray.add(arrPtr, AUTHENTICATOR_ID, KMInteger.exp()); + KMArray.add(arrPtr, HW_AUTHENTICATOR_TYPE, KMEnum.instance(KMType.USER_AUTH_TYPE)); + KMArray.add(arrPtr, TIMESTAMP, KMInteger.exp()); + KMArray.add(arrPtr, MAC, KMByteBlob.exp()); return instance(arrPtr); } @@ -57,25 +56,24 @@ private static KMHardwareAuthToken proto(short ptr) { if (prototype == null) { prototype = new KMHardwareAuthToken(); } - instanceTable[KM_HARDWARE_AUTH_TOKEN_OFFSET] = ptr; + KMType.instanceTable[KM_HARDWARE_AUTH_TOKEN_OFFSET] = ptr; return prototype; } public static short instance() { short arrPtr = KMArray.instance((short) 6); - KMArray arr = KMArray.cast(arrPtr); - arr.add(CHALLENGE, KMInteger.uint_16((short) 0)); - arr.add(USER_ID, KMInteger.uint_16((short) 0)); - arr.add(AUTHENTICATOR_ID, KMInteger.uint_16((short) 0)); - arr.add(HW_AUTHENTICATOR_TYPE, KMEnum.instance(KMType.USER_AUTH_TYPE, KMType.USER_AUTH_NONE)); - arr.add(TIMESTAMP, KMInteger.uint_16((short) 0)); - arr.add(MAC, KMByteBlob.instance((short) 0)); + KMArray.add(arrPtr, CHALLENGE, KMInteger.uint_16((short) 0)); + KMArray.add(arrPtr, USER_ID, KMInteger.uint_16((short) 0)); + KMArray.add(arrPtr, AUTHENTICATOR_ID, KMInteger.uint_16((short) 0)); + KMArray.add(arrPtr, HW_AUTHENTICATOR_TYPE, + KMEnum.instance(KMType.USER_AUTH_TYPE, KMType.USER_AUTH_NONE)); + KMArray.add(arrPtr, TIMESTAMP, KMInteger.uint_16((short) 0)); + KMArray.add(arrPtr, MAC, KMByteBlob.instance((short) 0)); return instance(arrPtr); } public static short instance(short vals) { - KMArray arr = KMArray.cast(vals); - if (arr.length() != 6) { + if (KMArray.length(vals) != 6) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } short ptr = KMType.instance(HW_AUTH_TOKEN_TYPE, (short) 2); @@ -83,7 +81,7 @@ public static short instance(short vals) { return ptr; } - public static KMHardwareAuthToken cast(short ptr) { + private static KMHardwareAuthToken cast(short ptr) { if (heap[ptr] != HW_AUTH_TOKEN_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -95,77 +93,134 @@ public static KMHardwareAuthToken cast(short ptr) { } public short getVals() { - return Util.getShort(heap, (short) (instanceTable[KM_HARDWARE_AUTH_TOKEN_OFFSET] + TLV_HEADER_SIZE)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_HARDWARE_AUTH_TOKEN_OFFSET] + TLV_HEADER_SIZE)); } public short length() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).length(); + return KMArray.length(arrPtr); } public short getChallenge() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(CHALLENGE); + return KMArray.get(arrPtr, CHALLENGE); } public void setChallenge(short vals) { - KMInteger.cast(vals); + KMInteger.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(CHALLENGE, vals); + KMArray.add(arrPtr, CHALLENGE, vals); } public short getUserId() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(USER_ID); + return KMArray.get(arrPtr, USER_ID); } public void setUserId(short vals) { - KMInteger.cast(vals); + KMInteger.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(USER_ID, vals); + KMArray.add(arrPtr, USER_ID, vals); } public short getAuthenticatorId() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(AUTHENTICATOR_ID); + return KMArray.get(arrPtr, AUTHENTICATOR_ID); } public void setAuthenticatorId(short vals) { - KMInteger.cast(vals); + KMInteger.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(AUTHENTICATOR_ID, vals); + KMArray.add(arrPtr, AUTHENTICATOR_ID, vals); } public short getHwAuthenticatorType() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(HW_AUTHENTICATOR_TYPE); + return KMArray.get(arrPtr, HW_AUTHENTICATOR_TYPE); } public void setHwAuthenticatorType(short vals) { - KMEnum.cast(vals); + KMEnum.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(HW_AUTHENTICATOR_TYPE, vals); + KMArray.add(arrPtr, HW_AUTHENTICATOR_TYPE, vals); } public short getTimestamp() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(TIMESTAMP); + return KMArray.get(arrPtr, TIMESTAMP); } public void setTimestamp(short vals) { - KMInteger.cast(vals); + KMInteger.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(TIMESTAMP, vals); + KMArray.add(arrPtr, TIMESTAMP, vals); } public short getMac() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(MAC); + return KMArray.get(arrPtr, MAC); } public void setMac(short vals) { - KMByteBlob.cast(vals); + KMByteBlob.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(MAC, vals); + KMArray.add(arrPtr, MAC, vals); + } + + public static short getVals(short bPtr) { + return KMHardwareAuthToken.cast(bPtr).getVals(); + } + + public static short length(short bPtr) { + return KMHardwareAuthToken.cast(bPtr).length(); + } + + public static short getChallenge(short bPtr) { + return KMHardwareAuthToken.cast(bPtr).getChallenge(); + } + + public static void setChallenge(short bPtr, short vals) { + KMHardwareAuthToken.cast(bPtr).setChallenge(vals); + } + + public static short getUserId(short bPtr) { + return KMHardwareAuthToken.cast(bPtr).getUserId(); + } + + public static void setUserId(short bPtr, short vals) { + KMHardwareAuthToken.cast(bPtr).setUserId(vals); + } + + public static short getAuthenticatorId(short bPtr) { + return KMHardwareAuthToken.cast(bPtr).getAuthenticatorId(); + } + + public static void setAuthenticatorId(short bPtr, short vals) { + KMHardwareAuthToken.cast(bPtr).setAuthenticatorId(vals); + } + + public static short getHwAuthenticatorType(short bPtr) { + return KMHardwareAuthToken.cast(bPtr).getHwAuthenticatorType(); + } + + public static void setHwAuthenticatorType(short bPtr, short vals) { + KMHardwareAuthToken.cast(bPtr).setHwAuthenticatorType(vals); + } + + public static short getTimestamp(short bPtr) { + return KMHardwareAuthToken.cast(bPtr).getTimestamp(); + } + + public static void setTimestamp(short bPtr, short vals) { + KMHardwareAuthToken.cast(bPtr).setTimestamp(vals); + } + + public static short getMac(short bPtr) { + return KMHardwareAuthToken.cast(bPtr).getMac(); + } + + public static void setMac(short bPtr, short vals) { + KMHardwareAuthToken.cast(bPtr).setMac(vals); } } diff --git a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java b/Applet/src/com/android/javacard/kmdevice/KMHmacSharingParameters.java similarity index 66% rename from Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java rename to Applet/src/com/android/javacard/kmdevice/KMHmacSharingParameters.java index f89ac608..772864ed 100644 --- a/Applet/src/com/android/javacard/keymaster/KMHmacSharingParameters.java +++ b/Applet/src/com/android/javacard/kmdevice/KMHmacSharingParameters.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -38,9 +38,8 @@ private KMHmacSharingParameters() { public static short exp() { short arrPtr = KMArray.instance((short) 2); - KMArray arr = KMArray.cast(arrPtr); - arr.add(SEED, KMByteBlob.exp()); - arr.add(NONCE, KMByteBlob.exp()); + KMArray.add(arrPtr, SEED, KMByteBlob.exp()); + KMArray.add(arrPtr, NONCE, KMByteBlob.exp()); return instance(arrPtr); } @@ -48,7 +47,7 @@ private static KMHmacSharingParameters proto(short ptr) { if (prototype == null) { prototype = new KMHmacSharingParameters(); } - instanceTable[KM_HMAC_SHARING_PARAMETERS_OFFSET] = ptr; + KMType.instanceTable[KM_HMAC_SHARING_PARAMETERS_OFFSET] = ptr; return prototype; } @@ -59,14 +58,14 @@ public static short instance() { public static short instance(short vals) { short ptr = KMType.instance(HMAC_SHARING_PARAM_TYPE, (short) 2); - if (KMArray.cast(vals).length() != 2) { + if (KMArray.length(vals) != 2) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); return ptr; } - public static KMHmacSharingParameters cast(short ptr) { + private static KMHmacSharingParameters cast(short ptr) { if (heap[ptr] != HMAC_SHARING_PARAM_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -78,33 +77,58 @@ public static KMHmacSharingParameters cast(short ptr) { } public short getVals() { - return Util.getShort(heap, (short) (instanceTable[KM_HMAC_SHARING_PARAMETERS_OFFSET] + TLV_HEADER_SIZE)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_HMAC_SHARING_PARAMETERS_OFFSET] + TLV_HEADER_SIZE)); } public short length() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).length(); + return KMArray.length(arrPtr); } public void setSeed(short vals) { - KMByteBlob.cast(vals); + KMByteBlob.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(SEED, vals); + KMArray.add(arrPtr, SEED, vals); } public void setNonce(short vals) { - KMByteBlob.cast(vals); + KMByteBlob.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(NONCE, vals); + KMArray.add(arrPtr, NONCE, vals); } public short getNonce() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(NONCE); + return KMArray.get(arrPtr, NONCE); } public short getSeed() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(SEED); + return KMArray.get(arrPtr, SEED); + } + + public static short getVals(short bPtr) { + return KMHmacSharingParameters.cast(bPtr).getVals(); + } + + public static short length(short bPtr) { + return KMHmacSharingParameters.cast(bPtr).length(); + } + + public static void setSeed(short bPtr, short vals) { + KMHmacSharingParameters.cast(bPtr).setSeed(vals); + } + + public static void setNonce(short bPtr, short vals) { + KMHmacSharingParameters.cast(bPtr).setNonce(vals); + } + + public static short getNonce(short bPtr) { + return KMHmacSharingParameters.cast(bPtr).getNonce(); + } + + public static short getSeed(short bPtr) { + return KMHmacSharingParameters.cast(bPtr).getSeed(); } } diff --git a/Applet/src/com/android/javacard/keymaster/KMInteger.java b/Applet/src/com/android/javacard/kmdevice/KMInteger.java similarity index 59% rename from Applet/src/com/android/javacard/keymaster/KMInteger.java rename to Applet/src/com/android/javacard/kmdevice/KMInteger.java index 2ae32ac1..85da5ce7 100644 --- a/Applet/src/com/android/javacard/keymaster/KMInteger.java +++ b/Applet/src/com/android/javacard/kmdevice/KMInteger.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -30,14 +30,14 @@ public class KMInteger extends KMType { public static final short UINT_64 = 8; private static KMInteger prototype; - private KMInteger() { + protected KMInteger() { } private static KMInteger proto(short ptr) { if (prototype == null) { prototype = new KMInteger(); } - instanceTable[KM_INTEGER_OFFSET] = ptr; + KMType.instanceTable[KM_INTEGER_OFFSET] = ptr; return prototype; } @@ -73,7 +73,12 @@ public static short instance(byte[] num, short srcOff, short length) { } } - public static KMInteger cast(short ptr) { + private static KMInteger cast(short ptr) { + validate(ptr); + return proto(ptr); + } + + public static void validate(short ptr) { byte[] heap = repository.getHeap(); if (heap[ptr] != INTEGER_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); @@ -81,7 +86,6 @@ public static KMInteger cast(short ptr) { if (Util.getShort(heap, (short) (ptr + 1)) == INVALID_VALUE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } - return proto(ptr); } // create integer and copy byte value @@ -101,33 +105,33 @@ public static short uint_16(short num) { // create integer and copy integer value public static short uint_32(byte[] num, short offset) { short ptr = instance(UINT_32); - Util.arrayCopyNonAtomic(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_32); + Util.arrayCopy(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_32); return ptr; } // create integer and copy integer value public static short uint_64(byte[] num, short offset) { short ptr = instance(UINT_64); - Util.arrayCopyNonAtomic(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_64); + Util.arrayCopy(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), UINT_64); return ptr; } // Get the length of the integer - public short length() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + 1)); + private short length() { + return Util.getShort(heap, (short) (getBaseOffset() + 1)); } // Get the buffer pointer in which blob is contained. - public byte[] getBuffer() { + private byte[] getBuffer() { return heap; } // Get the start of value - public short getStartOff() { - return (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE); + private short getStartOff() { + return (short) (getBaseOffset() + TLV_HEADER_SIZE); } - public void getValue(byte[] dest, short destOff, short length) { + private void getValue(byte[] dest, short destOff, short length) { if (length < length()) { KMException.throwIt(KMError.UNKNOWN_ERROR); } @@ -135,19 +139,19 @@ public void getValue(byte[] dest, short destOff, short length) { length = length(); destOff += length; } - Util.arrayCopyNonAtomic(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE), dest, destOff, length); + Util.arrayCopyNonAtomic(heap, getStartOff(), dest, destOff, length); } - public void setValue(byte[] src, short srcOff) { - Util.arrayCopyNonAtomic(src, srcOff, heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE), length()); + private void setValue(byte[] src, short srcOff) { + Util.arrayCopyNonAtomic(src, srcOff, heap, getStartOff(), length()); } - public short value(byte[] dest, short destOff) { - Util.arrayCopyNonAtomic(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE), dest, destOff, length()); + private short value(byte[] dest, short destOff) { + Util.arrayCopyNonAtomic(heap, getStartOff(), dest, destOff, length()); return length(); } - public short toLittleEndian(byte[] dest, short destOff) { + private short toLittleEndian(byte[] dest, short destOff) { short index = (short) (length() - 1); while (index >= 0) { dest[destOff++] = heap[(short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + index)]; @@ -156,19 +160,19 @@ public short toLittleEndian(byte[] dest, short destOff) { return length(); } - public short getShort() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + 2)); + protected short getShort() { + return Util.getShort(heap, (short) (getStartOff() + 2)); } - public short getSignificantShort() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE)); + private short getSignificantShort() { + return Util.getShort(heap, getStartOff()); } - public byte getByte() { - return heap[(short) (instanceTable[KM_INTEGER_OFFSET] + TLV_HEADER_SIZE + 3)]; + private byte getByte() { + return heap[(short) (getStartOff() + 3)]; } - public boolean isZero() { + private boolean isZero() { if (getShort() == 0 && getSignificantShort() == 0) { return true; } @@ -180,18 +184,18 @@ public static short compare(short num1, short num2) { short num2Buf = repository.alloc((short) 8); Util.arrayFillNonAtomic(repository.getHeap(), num1Buf, (short) 8, (byte) 0); Util.arrayFillNonAtomic(repository.getHeap(), num2Buf, (short) 8, (byte) 0); - short len = KMInteger.cast(num1).length(); - KMInteger.cast(num1).getValue(repository.getHeap(), (short) (num1Buf + (short) (8 - len)), len); - len = KMInteger.cast(num2).length(); - KMInteger.cast(num2).getValue(repository.getHeap(), (short) (num2Buf + (short) (8 - len)), len); + short len = KMInteger.length(num1); + KMInteger.getValue(num1, repository.getHeap(), (short) (num1Buf + (short) (8 - len)), len); + len = KMInteger.length(num2); + KMInteger.getValue(num2, repository.getHeap(), (short) (num2Buf + (short) (8 - len)), len); return KMInteger.unsignedByteArrayCompare( - repository.getHeap(), num1Buf, - repository.getHeap(), num2Buf, - (short) 8); + repository.getHeap(), num1Buf, + repository.getHeap(), num2Buf, + (short) 8); } public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, short offset2, - short length) { + short length) { byte count = (byte) 0; short val1 = (short) 0; short val2 = (short) 0; @@ -209,4 +213,55 @@ public static byte unsignedByteArrayCompare(byte[] a1, short offset1, byte[] a2, } return 0; } + + protected short getBaseOffset() { + return instanceTable[KM_INTEGER_OFFSET]; + } + + // Get the length of the integer + public static short length(short bPtr) { + return KMInteger.cast(bPtr).length(); + } + + // Get the buffer pointer in which blob is contained. + public static byte[] getBuffer(short bPtr) { + return KMInteger.cast(bPtr).getBuffer(); + } + + // Get the start of value + public static short getStartOff(short bPtr) { + return KMInteger.cast(bPtr).getStartOff(); + } + + public static void getValue(short bPtr, byte[] dest, short destOff, short length) { + KMInteger.cast(bPtr).getValue(dest, destOff, length); + } + + public static void setValue(short bPtr, byte[] src, short srcOff) { + KMInteger.cast(bPtr).setValue(src, srcOff); + } + + public static short value(short bPtr, byte[] dest, short destOff) { + return KMInteger.cast(bPtr).value(dest, destOff); + } + + public static short toLittleEndian(short bPtr, byte[] dest, short destOff) { + return KMInteger.cast(bPtr).toLittleEndian(dest, destOff); + } + + public static short getShort(short bPtr) { + return KMInteger.cast(bPtr).getShort(); + } + + public static short getSignificantShort(short bPtr) { + return KMInteger.cast(bPtr).getSignificantShort(); + } + + public static byte getByte(short bPtr) { + return KMInteger.cast(bPtr).getByte(); + } + + public static boolean isZero(short bPtr) { + return KMInteger.cast(bPtr).isZero(); + } } diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java b/Applet/src/com/android/javacard/kmdevice/KMIntegerArrayTag.java similarity index 72% rename from Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java rename to Applet/src/com/android/javacard/kmdevice/KMIntegerArrayTag.java index 558e44e2..8c16051a 100644 --- a/Applet/src/com/android/javacard/keymaster/KMIntegerArrayTag.java +++ b/Applet/src/com/android/javacard/kmdevice/KMIntegerArrayTag.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -29,7 +29,11 @@ public class KMIntegerArrayTag extends KMTag { private static KMIntegerArrayTag prototype; - private static final short[] tags = {USER_SECURE_ID}; + private static short[] tags; + + public static void initStatics() { + tags = new short[]{USER_SECURE_ID}; + } private KMIntegerArrayTag() { } @@ -38,7 +42,7 @@ private static KMIntegerArrayTag proto(short ptr) { if (prototype == null) { prototype = new KMIntegerArrayTag(); } - instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] = ptr; + KMType.instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] = ptr; return prototype; } @@ -82,7 +86,7 @@ public static short instance(short tagType, short key, short arrObj) { return ptr; } - public static KMIntegerArrayTag cast(short ptr) { + private static KMIntegerArrayTag cast(short ptr) { if (heap[ptr] != TAG_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -94,30 +98,31 @@ public static KMIntegerArrayTag cast(short ptr) { } public short getTagType() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE)); } public short getKey() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); } public short getValues() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_INTEGER_ARRAY_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); } public short length() { short ptr = getValues(); - return KMArray.cast(ptr).length(); + return KMArray.length(ptr); } public void add(short index, short val) { - KMArray arr = KMArray.cast(getValues()); - arr.add(index, val); + KMArray.add(getValues(), index, val); } public short get(short index) { - KMArray arr = KMArray.cast(getValues()); - return arr.get(index); + return KMArray.get(getValues(), index); } private static boolean validateKey(short key) { @@ -134,25 +139,14 @@ private static boolean validateTagType(short tagType) { return (tagType == ULONG_ARRAY_TAG) || (tagType == UINT_ARRAY_TAG); } - public boolean contains(short tagValue) { - short index = 0; - while (index < length()) { - if (KMInteger.compare(tagValue, get(index)) == 0) { - return true; - } - index++; - } - return false; - } - public static boolean contains(short tagId, short tagValue, short params) { short tag = - KMKeyParameters.findTag(KMType.UINT_ARRAY_TAG, tagId, params); + KMKeyParameters.findTag(params, KMType.UINT_ARRAY_TAG, tagId); if (tag != KMType.INVALID_VALUE) { short index = 0; tag = KMIntegerArrayTag.cast(tag).getValues(); - while (index < KMArray.cast(tag).length()) { - if (KMInteger.compare(tagValue, KMArray.cast(tag).get(index)) == 0) { + while (index < KMArray.length(tag)) { + if (KMInteger.compare(tagValue, KMArray.get(tag, index)) == 0) { return true; } index++; @@ -161,4 +155,40 @@ public static boolean contains(short tagId, short tagValue, short params) { return false; } + public boolean contains(short tagValue) { + short index = 0; + while (index < length()) { + if (KMInteger.compare(tagValue, get(index)) == 0) { + return true; + } + index++; + } + return false; + } + + public static boolean contains(short bPtr, short tagValue) { + return KMIntegerArrayTag.cast(bPtr).contains(tagValue); + } + + public static short getValues(short bPtr) { + return KMIntegerArrayTag.cast(bPtr).getValues(); + } + + public static short get(short bPtr, short index) { + return KMIntegerArrayTag.cast(bPtr).get(index); + } + + public static short getTagType(short bPtr) { + return KMIntegerArrayTag.cast(bPtr).getTagType(); + } + + public static short getKey(short bPtr) { + return KMIntegerArrayTag.cast(bPtr).getKey(); + } + + public static short length(short bPtr) { + return KMIntegerArrayTag.cast(bPtr).length(); + } + + } diff --git a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java b/Applet/src/com/android/javacard/kmdevice/KMIntegerTag.java similarity index 67% rename from Applet/src/com/android/javacard/keymaster/KMIntegerTag.java rename to Applet/src/com/android/javacard/kmdevice/KMIntegerTag.java index c4bab026..8bd3c5e7 100644 --- a/Applet/src/com/android/javacard/keymaster/KMIntegerTag.java +++ b/Applet/src/com/android/javacard/kmdevice/KMIntegerTag.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -28,30 +28,38 @@ public class KMIntegerTag extends KMTag { private static KMIntegerTag prototype; + // Allowed tag keys. - private static final short[] tags = { - // UINT - KEYSIZE, - MIN_MAC_LENGTH, - MIN_SEC_BETWEEN_OPS, - MAX_USES_PER_BOOT, - USERID, - AUTH_TIMEOUT, - OS_VERSION, - OS_PATCH_LEVEL, - VENDOR_PATCH_LEVEL, - BOOT_PATCH_LEVEL, - MAC_LENGTH, - // ULONG - RSA_PUBLIC_EXPONENT, - // DATE - ACTIVE_DATETIME, - ORIGINATION_EXPIRE_DATETIME, - USAGE_EXPIRE_DATETIME, - CREATION_DATETIME, - // Custom tag. - AUTH_TIMEOUT_MILLIS - }; + private static short[] tags; + + public static void initStatics() { + tags = new short[]{ + // UINT + KEYSIZE, + MIN_MAC_LENGTH, + MIN_SEC_BETWEEN_OPS, + MAX_USES_PER_BOOT, + USERID, + AUTH_TIMEOUT, + OS_VERSION, + OS_PATCH_LEVEL, + VENDOR_PATCH_LEVEL, + BOOT_PATCH_LEVEL, + MAC_LENGTH, + // ULONG + RSA_PUBLIC_EXPONENT, + // DATE + ACTIVE_DATETIME, + ORIGINATION_EXPIRE_DATETIME, + USAGE_EXPIRE_DATETIME, + CREATION_DATETIME, + CERTIFICATE_NOT_BEFORE, + CERTIFICATE_NOT_AFTER, + USAGE_COUNT_LIMIT, + // custom tag + AUTH_TIMEOUT_MILLIS, + }; + } private KMIntegerTag() { } @@ -60,7 +68,7 @@ private static KMIntegerTag proto(short ptr) { if (prototype == null) { prototype = new KMIntegerTag(); } - instanceTable[KM_INTEGER_TAG_OFFSET] = ptr; + KMType.instanceTable[KM_INTEGER_TAG_OFFSET] = ptr; return prototype; } @@ -104,7 +112,7 @@ public static short instance(short tagType, short key, short intObj) { return ptr; } - public static KMIntegerTag cast(short ptr) { + private static KMIntegerTag cast(short ptr) { if (heap[ptr] != TAG_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -116,20 +124,22 @@ public static KMIntegerTag cast(short ptr) { } public short getTagType() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE)); } public short getKey() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE + 2)); } public short getValue() { - return Util.getShort(heap, (short) (instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_INTEGER_TAG_OFFSET] + TLV_HEADER_SIZE + 4)); } public short length() { - KMInteger obj = KMInteger.cast(getValue()); - return obj.length(); + return KMInteger.length(getValue()); } private static boolean validateKey(short key) { @@ -149,11 +159,11 @@ private static boolean validateTagType(short tagType) { public static short getShortValue(short tagType, short tagKey, short keyParameters) { short ptr; if (tagType == UINT_TAG) { - ptr = KMKeyParameters.findTag(KMType.UINT_TAG, tagKey, keyParameters); + ptr = KMKeyParameters.findTag(keyParameters, KMType.UINT_TAG, tagKey); if (ptr != KMType.INVALID_VALUE) { ptr = KMIntegerTag.cast(ptr).getValue(); - if (KMInteger.cast(ptr).getSignificantShort() == 0) { - return KMInteger.cast(ptr).getShort(); + if (KMInteger.getSignificantShort(ptr) == 0) { + return KMInteger.getShort(ptr); } } } @@ -161,24 +171,24 @@ public static short getShortValue(short tagType, short tagKey, short keyParamete } public static short getValue( - byte[] buf, short offset, short tagType, short tagKey, short keyParameters) { + byte[] buf, short offset, short tagType, short tagKey, short keyParameters) { short ptr; if ((tagType == UINT_TAG) || (tagType == ULONG_TAG) || (tagType == DATE_TAG)) { - ptr = KMKeyParameters.findTag(tagType, tagKey, keyParameters); + ptr = KMKeyParameters.findTag(keyParameters, tagType, tagKey); if (ptr != KMType.INVALID_VALUE) { ptr = KMIntegerTag.cast(ptr).getValue(); - return KMInteger.cast(ptr).value(buf, offset); + return KMInteger.value(ptr, buf, offset); } } return KMType.INVALID_VALUE; } public boolean isValidKeySize(byte alg) { - short val = KMIntegerTag.cast(instanceTable[KM_INTEGER_TAG_OFFSET]).getValue(); - if (KMInteger.cast(val).getSignificantShort() != 0) { + short val = KMIntegerTag.cast(KMType.instanceTable[KM_INTEGER_TAG_OFFSET]).getValue(); + if (KMInteger.getSignificantShort(val) != 0) { return false; } - val = KMInteger.cast(val).getShort(); + val = KMInteger.getShort(val); switch (alg) { case KMType.RSA: if (val == 2048) { @@ -191,7 +201,7 @@ public boolean isValidKeySize(byte alg) { } break; case KMType.DES: - if (val == 192 || val == 168) { + if (val == 168) { return true; } break; @@ -210,4 +220,20 @@ public boolean isValidKeySize(byte alg) { } return false; } + + public static boolean isValidKeySize(short bPtr, byte alg) { + return KMIntegerTag.cast(bPtr).isValidKeySize(alg); + } + + public static short getTagType(short bPtr) { + return KMIntegerTag.cast(bPtr).getTagType(); + } + + public static short getValue(short bPtr) { + return KMIntegerTag.cast(bPtr).getValue(); + } + + public static short getKey(short bPtr) { + return KMIntegerTag.cast(bPtr).getKey(); + } } diff --git a/Applet/src/com/android/javacard/kmdevice/KMKeyCharacteristics.java b/Applet/src/com/android/javacard/kmdevice/KMKeyCharacteristics.java new file mode 100644 index 00000000..18572462 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMKeyCharacteristics.java @@ -0,0 +1,159 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMKeyCharacteristics represents KeyCharacteristics structure from android keymaster hal + * specifications. It corresponds to CBOR array type. struct{byte KEY_CHAR_TYPE; short length=3; + * short arrayPtr} where arrayPtr is a pointer to ordered array with 1 or 3 following elements: + * {KMKeyParameters sb; KMKeyParameters tee; KMKeyParameters keystore} + */ +public class KMKeyCharacteristics extends KMType { + + public static final byte KEYSTORE_ENFORCED = 0x00; + public static final byte STRONGBOX_ENFORCED = 0x01; + public static final byte TEE_ENFORCED = 0x02; + private static KMKeyCharacteristics prototype; + + private KMKeyCharacteristics() { + } + + public static short exp() { + short sb = KMKeyParameters.exp(); + short tee = KMKeyParameters.exp(); + short keystore = KMKeyParameters.exp(); + short arrPtr = KMArray.instance((short) 3); + + KMArray.add(arrPtr, STRONGBOX_ENFORCED, sb); + KMArray.add(arrPtr, TEE_ENFORCED, tee); + KMArray.add(arrPtr, KEYSTORE_ENFORCED, keystore); + return instance(arrPtr); + } + + private static KMKeyCharacteristics proto(short ptr) { + if (prototype == null) { + prototype = new KMKeyCharacteristics(); + } + KMType.instanceTable[KM_KEY_CHARACTERISTICS_OFFSET] = ptr; + return prototype; + } + + public static short instance() { + short arrPtr = KMArray.instance((short) 3); + return instance(arrPtr); + } + + public static short instance(short vals) { + short ptr = KMType.instance(KEY_CHAR_TYPE, (short) 3); + if (KMArray.length(vals) != 3) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); + return ptr; + } + + private static KMKeyCharacteristics cast(short ptr) { + if (heap[ptr] != KEY_CHAR_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public short getVals() { + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_KEY_CHARACTERISTICS_OFFSET] + TLV_HEADER_SIZE)); + } + + public short length() { + short arrPtr = getVals(); + return KMArray.length(arrPtr); + } + + public short getKeystoreEnforced() { + short arrPtr = getVals(); + return KMArray.get(arrPtr, KEYSTORE_ENFORCED); + } + + public short getTeeEnforced() { + short arrPtr = getVals(); + return KMArray.get(arrPtr, TEE_ENFORCED); + } + + public short getStrongboxEnforced() { + short arrPtr = getVals(); + return KMArray.get(arrPtr, STRONGBOX_ENFORCED); + } + + public void setKeystoreEnforced(short ptr) { + KMKeyParameters.validate(ptr); + short arrPtr = getVals(); + KMArray.add(arrPtr, KEYSTORE_ENFORCED, ptr); + } + + public void setTeeEnforced(short ptr) { + KMKeyParameters.validate(ptr); + short arrPtr = getVals(); + KMArray.add(arrPtr, TEE_ENFORCED, ptr); + } + + public void setStrongboxEnforced(short ptr) { + KMKeyParameters.validate(ptr); + short arrPtr = getVals(); + KMArray.add(arrPtr, STRONGBOX_ENFORCED, ptr); + } + + public static short getVals(short bPtr) { + return KMKeyCharacteristics.cast(bPtr).getVals(); + } + + public static short length(short bPtr) { + return KMKeyCharacteristics.cast(bPtr).length(); + } + + public static short getKeystoreEnforced(short bPtr) { + return KMKeyCharacteristics.cast(bPtr).getKeystoreEnforced(); + } + + public static short getTeeEnforced(short bPtr) { + return KMKeyCharacteristics.cast(bPtr).getTeeEnforced(); + } + + public static short getStrongboxEnforced(short bPtr) { + return KMKeyCharacteristics.cast(bPtr).getStrongboxEnforced(); + } + + public static void setKeystoreEnforced(short bPtr, short ptr) { + KMKeyCharacteristics.cast(bPtr).setKeystoreEnforced(ptr); + } + + public static void setTeeEnforced(short bPtr, short ptr) { + KMKeyCharacteristics.cast(bPtr).setTeeEnforced(ptr); + } + + public static void setStrongboxEnforced(short bPtr, short ptr) { + KMKeyCharacteristics.cast(bPtr).setStrongboxEnforced(ptr); + } + +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMKeyParameters.java b/Applet/src/com/android/javacard/kmdevice/KMKeyParameters.java new file mode 100644 index 00000000..675747da --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMKeyParameters.java @@ -0,0 +1,519 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMKeyParameters represents KeyParameters structure from android keymaster hal specifications. It + * corresponds to CBOR map type. struct{byte KEY_PARAM_TYPE; short length=2; short arrayPtr} where + * arrayPtr is a pointer to array with any KMTag subtype instances. + */ +public class KMKeyParameters extends KMType { + + private static KMKeyParameters prototype; + + private static short[] customTags; + private static short[] invalidTagsArr; + private static short[] unsupportedTagArr; + private static short[] hwEnforcedTagArr; + private static short[] swEnforcedTagsArr; + private static short[] teeEnforcedTagsArr; + + private KMKeyParameters() { + } + + public static void initStatics() { + customTags = new short[]{ + KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS, + }; + invalidTagsArr = new short[]{ + KMType.BYTES_TAG, KMType.NONCE, + KMType.BYTES_TAG, KMType.ASSOCIATED_DATA, + KMType.BYTES_TAG, KMType.UNIQUE_ID, + KMType.UINT_TAG, KMType.MAC_LENGTH, + }; + unsupportedTagArr = new short[]{ + // Unsupported tags. + KMType.BOOL_TAG, KMType.TRUSTED_USER_PRESENCE_REQUIRED, + KMType.UINT_TAG, KMType.MIN_SEC_BETWEEN_OPS + }; + hwEnforcedTagArr = new short[]{ + // HW Enforced + KMType.ENUM_TAG, KMType.ORIGIN, + KMType.ENUM_ARRAY_TAG, KMType.PURPOSE, + KMType.ENUM_TAG, KMType.ALGORITHM, + KMType.UINT_TAG, KMType.KEYSIZE, + KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, + KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ, + KMType.ENUM_ARRAY_TAG, KMType.DIGEST, + KMType.ENUM_ARRAY_TAG, KMType.PADDING, + KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE, + KMType.ENUM_ARRAY_TAG, KMType.RSA_OAEP_MGF_DIGEST, + KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED, + KMType.BOOL_TAG, KMType.CALLER_NONCE, + KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, + KMType.ENUM_TAG, KMType.ECCURVE, + KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID, + KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, + KMType.BOOL_TAG, KMType.UNLOCKED_DEVICE_REQUIRED, + KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION, + KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, + KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, + KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, + KMType.BOOL_TAG, KMType.TRUSTED_CONFIRMATION_REQUIRED, + }; + swEnforcedTagsArr = new short[]{ + KMType.DATE_TAG, KMType.ACTIVE_DATETIME, + KMType.DATE_TAG, KMType.ORIGINATION_EXPIRE_DATETIME, + KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME, + KMType.UINT_TAG, KMType.USERID, + KMType.DATE_TAG, KMType.CREATION_DATETIME, + KMType.UINT_TAG, KMType.USAGE_COUNT_LIMIT, + KMType.BOOL_TAG, KMType.ALLOW_WHILE_ON_BODY + }; + teeEnforcedTagsArr = new short[]{ + KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, + KMType.UINT_TAG, KMType.AUTH_TIMEOUT, + KMType.ENUM_TAG, KMType.USER_AUTH_TYPE, + }; + + } + + private static KMKeyParameters proto(short ptr) { + if (prototype == null) { + prototype = new KMKeyParameters(); + } + KMType.instanceTable[KM_KEY_PARAMETERS_OFFSET] = ptr; + return prototype; + } + + public static short exp() { + short arrPtr = KMArray.instance((short) 11); + KMArray.add(arrPtr, (short) 0, KMEnum.instance(KMType.RULE, KMType.FAIL_ON_INVALID_TAGS)); + KMArray.add(arrPtr, (short) 1, KMIntegerTag.exp(UINT_TAG)); + KMArray.add(arrPtr, (short) 2, KMIntegerArrayTag.exp(UINT_ARRAY_TAG)); + KMArray.add(arrPtr, (short) 3, KMIntegerTag.exp(ULONG_TAG)); + KMArray.add(arrPtr, (short) 4, KMIntegerTag.exp(DATE_TAG)); + KMArray.add(arrPtr, (short) 5, KMIntegerArrayTag.exp(ULONG_ARRAY_TAG)); + KMArray.add(arrPtr, (short) 6, KMEnumTag.exp()); + KMArray.add(arrPtr, (short) 7, KMEnumArrayTag.exp()); + KMArray.add(arrPtr, (short) 8, KMByteTag.exp()); + KMArray.add(arrPtr, (short) 9, KMBoolTag.exp()); + KMArray.add(arrPtr, (short) 10, KMBignumTag.exp()); + return instance(arrPtr); + } + + public static short expAny() { + short arrPtr = KMArray.instance((short) 11); + KMArray.add(arrPtr, (short) 0, KMEnum.instance(KMType.RULE, KMType.IGNORE_INVALID_TAGS)); + KMArray.add(arrPtr, (short) 1, KMIntegerTag.exp(UINT_TAG)); + KMArray.add(arrPtr, (short) 2, KMIntegerArrayTag.exp(UINT_ARRAY_TAG)); + KMArray.add(arrPtr, (short) 3, KMIntegerTag.exp(ULONG_TAG)); + KMArray.add(arrPtr, (short) 4, KMIntegerTag.exp(DATE_TAG)); + KMArray.add(arrPtr, (short) 5, KMIntegerArrayTag.exp(ULONG_ARRAY_TAG)); + KMArray.add(arrPtr, (short) 6, KMEnumTag.exp()); + KMArray.add(arrPtr, (short) 7, KMEnumArrayTag.exp()); + KMArray.add(arrPtr, (short) 8, KMByteTag.exp()); + KMArray.add(arrPtr, (short) 9, KMBoolTag.exp()); + KMArray.add(arrPtr, (short) 10, KMBignumTag.exp()); + return instance(arrPtr); + } + + public static short instance(short vals) { + short ptr = KMType.instance(KEY_PARAM_TYPE, (short) 2); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), vals); + return ptr; + } + + private static KMKeyParameters cast(short ptr) { + validate(ptr); + return proto(ptr); + } + + public static void validate(short ptr) { + if (heap[ptr] != KEY_PARAM_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short arrPtr = Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + if (heap[arrPtr] != ARRAY_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + } + + public short getVals() { + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_KEY_PARAMETERS_OFFSET] + TLV_HEADER_SIZE)); + } + + public short length() { + short arrPtr = getVals(); + return KMArray.length(arrPtr); + } + + public static short getVals(short bPtr) { + return KMKeyParameters.cast(bPtr).getVals(); + } + + public static short length(short bPtr) { + return KMKeyParameters.cast(bPtr).length(); + } + + public short findTag(short tagType, short tagKey) { + short index = 0; + short length = KMArray.length(getVals()); + short key; + short type; + short ret = KMType.INVALID_VALUE; + short obj; + while (index < length) { + obj = KMArray.get(getVals(), index); + key = KMTag.getKMTagKey(obj); + type = KMTag.getKMTagType(obj); + if ((tagKey == key) && (tagType == type)) { + ret = obj; + break; + } + index++; + } + return ret; + } + + public static short findTag(short bPtr, short tagType, short tagKey) { + return KMKeyParameters.cast(bPtr).findTag(tagType, tagKey); + } + + public static boolean hasUnsupportedTags(short keyParamsPtr) { + + byte index = 0; + short tagInd; + short tagPtr; + short tagKey; + short tagType; + short arrPtr = KMKeyParameters.getVals(keyParamsPtr); + short len = KMArray.length(arrPtr); + while (index < len) { + tagInd = 0; + tagPtr = KMArray.get(arrPtr, index); + tagKey = KMTag.getKMTagKey(tagPtr); + tagType = KMTag.getKMTagType(tagPtr); + while (tagInd < (short) unsupportedTagArr.length) { + if ((unsupportedTagArr[tagInd] == tagType) + && (unsupportedTagArr[(short) (tagInd + 1)] == tagKey)) { + return true; + } + tagInd += 2; + } + index++; + } + return false; + } + + // KDF, ECIES_SINGLE_HASH_MODE missing from types.hal + public static short makeSbEnforced(short keyParamsPtr, byte origin, + short osVersionObjPtr, short osPatchObjPtr, short vendorPatchObjPtr, + short bootPatchObjPtr, byte[] scratchPad) { + + byte index = 0; + short tagInd; + short arrInd = 0; + short tagPtr; + short tagKey; + short tagType; + short arrPtr = KMKeyParameters.getVals(keyParamsPtr); + short len = KMArray.length(arrPtr); + while (index < len) { + tagInd = 0; + tagPtr = KMArray.get(arrPtr, index); + tagKey = KMTag.getKMTagKey(tagPtr); + tagType = KMTag.getKMTagType(tagPtr); + if (!isValidTag(tagType, tagKey)) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + while (tagInd < (short) hwEnforcedTagArr.length) { + if ((hwEnforcedTagArr[tagInd] == tagType) + && (hwEnforcedTagArr[(short) (tagInd + 1)] == tagKey)) { + Util.setShort(scratchPad, arrInd, tagPtr); + arrInd += 2; + break; + } + tagInd += 2; + } + index++; + } + short originTag = KMEnumTag.instance(KMType.ORIGIN, origin); + Util.setShort(scratchPad, arrInd, originTag); + arrInd += 2; + short osVersionTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.OS_VERSION, osVersionObjPtr); + Util.setShort(scratchPad, arrInd, osVersionTag); + arrInd += 2; + short osPatchTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, osPatchObjPtr); + Util.setShort(scratchPad, arrInd, osPatchTag); + arrInd += 2; + short vendorPatchTag = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.VENDOR_PATCH_LEVEL, vendorPatchObjPtr); + Util.setShort(scratchPad, arrInd, vendorPatchTag); + arrInd += 2; + short bootPatchTag = KMIntegerTag + .instance(KMType.UINT_TAG, KMType.BOOT_PATCH_LEVEL, bootPatchObjPtr); + Util.setShort(scratchPad, arrInd, bootPatchTag); + arrInd += 2; + return createKeyParameters(scratchPad, (short) (arrInd / 2)); + } + + public static short makeSbEnforced(short keyParamsPtr, byte[] scratchPad) { + byte index = 0; + short tagInd; + short arrInd = 0; + short tagPtr; + short tagKey; + short tagType; + short arrPtr = KMKeyParameters.getVals(keyParamsPtr); + short len = KMArray.length(arrPtr); + while (index < len) { + tagInd = 0; + tagPtr = KMArray.get(arrPtr, index); + tagKey = KMTag.getKMTagKey(tagPtr); + tagType = KMTag.getKMTagType(tagPtr); + if (!isValidTag(tagType, tagKey)) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + while (tagInd < (short) hwEnforcedTagArr.length) { + if ((hwEnforcedTagArr[tagInd] == tagType) + && (hwEnforcedTagArr[(short) (tagInd + 1)] == tagKey)) { + Util.setShort(scratchPad, arrInd, tagPtr); + arrInd += 2; + break; + } + tagInd += 2; + } + index++; + } + return createKeyParameters(scratchPad, (short) (arrInd / 2)); + } + + public static short makeHwEnforced(short sb, short tee) { + short len = KMKeyParameters.length(sb); + len += KMKeyParameters.length(tee); + short hwEnf = KMArray.instance(len); + sb = KMKeyParameters.getVals(sb); + tee = KMKeyParameters.getVals(tee); + len = KMArray.length(sb); + short src = 0; + short dest = 0; + short val = 0; + while (src < len) { + val = KMArray.get(sb, src); + KMArray.add(hwEnf, dest, val); + src++; + dest++; + } + src = 0; + len = KMArray.length(tee); + while (src < len) { + val = KMArray.get(tee, src); + KMArray.add(hwEnf, dest, val); + src++; + dest++; + } + return KMKeyParameters.instance(hwEnf); + } + + // ALL_USERS, EXPORTABLE missing from types.hal + public static short makeKeystoreEnforced(short keyParamsPtr, byte[] scratchPad) { + byte index = 0; + short tagInd; + short arrInd = 0; + short tagPtr; + short tagKey; + short tagType; + short arrPtr = KMKeyParameters.getVals(keyParamsPtr); + short len = KMArray.length(arrPtr); + while (index < len) { + tagInd = 0; + tagPtr = KMArray.get(arrPtr, index); + tagKey = KMTag.getKMTagKey(tagPtr); + tagType = KMTag.getKMTagType(tagPtr); + if (!isValidTag(tagType, tagKey)) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + while (tagInd < (short) swEnforcedTagsArr.length) { + if ((swEnforcedTagsArr[tagInd] == tagType) + && (swEnforcedTagsArr[(short) (tagInd + 1)] == tagKey)) { + Util.setShort(scratchPad, arrInd, tagPtr); + arrInd += 2; + break; + } + tagInd += 2; + } + index++; + } + return createKeyParameters(scratchPad, (short) (arrInd / 2)); + } + + public static short makeTeeEnforced(short keyParamsPtr, byte[] scratchPad) { + byte index = 0; + short tagInd; + short arrInd = 0; + short tagPtr; + short tagKey; + short tagType; + short arrPtr = KMKeyParameters.getVals(keyParamsPtr); + short len = KMArray.length(arrPtr); + while (index < len) { + tagInd = 0; + tagPtr = KMArray.get(arrPtr, index); + tagKey = KMTag.getKMTagKey(tagPtr); + tagType = KMTag.getKMTagType(tagPtr); + if (!isValidTag(tagType, tagKey)) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + while (tagInd < (short) teeEnforcedTagsArr.length) { + if ((teeEnforcedTagsArr[tagInd] == tagType) + && (teeEnforcedTagsArr[(short) (tagInd + 1)] == tagKey)) { + Util.setShort(scratchPad, arrInd, tagPtr); + arrInd += 2; + break; + } + tagInd += 2; + } + index++; + } + // Add custom tags at the end of the array. So it becomes easy to + // delete them when sending key characteristics back to HAL. + arrInd = addCustomTags(keyParamsPtr, scratchPad, arrInd); + return createKeyParameters(scratchPad, (short) (arrInd / 2)); + } + + public static short makeHidden(short keyParamsPtr, short rootOfTrustBlob, byte[] scratchPad) { + short appId = KMKeyParameters.findTag(keyParamsPtr, KMType.BYTES_TAG, KMType.APPLICATION_ID); + if (appId != KMTag.INVALID_VALUE) { + appId = KMByteTag.getValue(appId); + } + short appData = + KMKeyParameters.findTag(keyParamsPtr, KMType.BYTES_TAG, KMType.APPLICATION_DATA); + if (appData != KMTag.INVALID_VALUE) { + appData = KMByteTag.getValue(appData); + } + return makeHidden(appId, appData, rootOfTrustBlob, scratchPad); + } + + public static short makeHidden(short appIdBlob, short appDataBlob, short rootOfTrustBlob, + byte[] scratchPad) { + // Order in which the hidden array is created should not change. + short index = 0; + KMByteBlob.validate(rootOfTrustBlob); + Util.setShort(scratchPad, index, rootOfTrustBlob); + index += 2; + if (appIdBlob != KMTag.INVALID_VALUE) { + KMByteBlob.validate(appIdBlob); + Util.setShort(scratchPad, index, appIdBlob); + index += 2; + } + if (appDataBlob != KMTag.INVALID_VALUE) { + Util.setShort(scratchPad, index, appDataBlob); + index += 2; + } + return createKeyParameters(scratchPad, (short) (index / 2)); + + } + + public static boolean isValidTag(short tagType, short tagKey) { + short index = 0; + if (tagKey == KMType.INVALID_TAG) { + return false; + } + while (index < invalidTagsArr.length) { + if ((tagType == invalidTagsArr[index]) && (tagKey == invalidTagsArr[(short) (index + 1)])) { + return false; + } + index += 2; + } + return true; + } + + public static short createKeyParameters(byte[] ptrArr, short len) { + short arrPtr = KMArray.instance(len); + short index = 0; + short ptr = 0; + while (index < len) { + KMArray.add(arrPtr, index, Util.getShort(ptrArr, ptr)); + index++; + ptr += 2; + } + return KMKeyParameters.instance(arrPtr); + } + + public static short addCustomTags(short keyParams, byte[] scratchPad, short offset) { + short index = 0; + short tagPtr; + short len = (short) customTags.length; + short tagType; + while (index < len) { + tagType = customTags[(short) (index + 1)]; + switch (tagType) { + case KMType.AUTH_TIMEOUT_MILLIS: + short authTimeOutTag = + KMKeyParameters.findTag(keyParams, KMType.UINT_TAG, KMType.AUTH_TIMEOUT); + if (authTimeOutTag != KMType.INVALID_VALUE) { + tagPtr = createAuthTimeOutMillisTag(authTimeOutTag, scratchPad, offset); + Util.setShort(scratchPad, offset, tagPtr); + offset += 2; + } + break; + default: + break; + } + index += 2; + } + return offset; + } + + public void deleteCustomTags() { + short arrPtr = getVals(); + short index = (short) (customTags.length - 1); + short obj; + while (index >= 0) { + obj = findTag(customTags[(short) (index - 1)], customTags[index]); + if (obj != KMType.INVALID_VALUE) { + KMArray.deleteLastEntry(arrPtr); + } + index -= 2; + } + } + + public static void deleteCustomTags(short bPtr) { + KMKeyParameters.cast(bPtr).deleteCustomTags(); + } + + public static short createAuthTimeOutMillisTag(short authTimeOutTag, byte[] scratchPad, + short offset) { + short authTime = KMIntegerTag.getValue(authTimeOutTag); + Util.arrayFillNonAtomic(scratchPad, offset, (short) 40, (byte) 0); + Util.arrayCopyNonAtomic( + KMInteger.getBuffer(authTime), + KMInteger.getStartOff(authTime), + scratchPad, + (short) (offset + 8 - KMInteger.length(authTime)), + KMInteger.length(authTime)); + KMUtils.convertToMilliseconds(scratchPad, offset, (short) (offset + 8), (short) (offset + 16)); + return KMIntegerTag.instance(KMType.ULONG_TAG, KMType.AUTH_TIMEOUT_MILLIS, + KMInteger.uint_64(scratchPad, (short) (offset + 8))); + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMKeymasterDevice.java b/Applet/src/com/android/javacard/kmdevice/KMKeymasterDevice.java new file mode 100644 index 00000000..e25d05a1 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMKeymasterDevice.java @@ -0,0 +1,4624 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.APDU; +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.JCSystem; +import javacard.framework.Util; +import javacard.security.CryptoException; + +/** + * KMKeymasterApplet implements the javacard applet. It creates repository and other install time + * objects. It also implements the keymaster state machine and handles javacard applet life cycle + * events. + */ +public class KMKeymasterDevice { + + // Constants. + public static byte[] F4; + public static final byte AES_BLOCK_SIZE = 16; + public static final byte DES_BLOCK_SIZE = 8; + public static final short MAX_LENGTH = 15000; + public static final short WRAPPING_KEY_SIZE = 32; + public static final short MAX_OPERATIONS_COUNT = 4; + public static final short VERIFIED_BOOT_KEY_SIZE = 32; + public static final short VERIFIED_BOOT_HASH_SIZE = 32; + public static final short BOOT_PATCH_LVL_SIZE = 4; + public static final short KEYMINT_HAL_VERSION = (short) 0x5000; + public static final short KEYMASTER_HAL_VERSION = (short) 0x4000; + private static final short MAX_AUTH_DATA_SIZE = (short) 512; + private static final short DERIVE_KEY_INPUT_SIZE = (short) 256; + public static final byte TRUSTED_ENVIRONMENT = 1; + + // "Keymaster HMAC Verification" - used for HMAC key verification. + public static byte[] sharingCheck; + + // "KeymasterSharedMac" + public static byte[] ckdfLable; + + // "Auth Verification" + public static byte[] authVerification; + + // "confirmation token" + public static byte[] confirmationToken; + // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys + private static byte[] defaultSubject; + + // Top 32 commands are reserved for provisioning. + private static final byte KEYMINT_CMD_APDU_START = 0x20; + + // Master key size + private static final short MASTER_KEY_SIZE = 16; + private static final short HMAC_SEED_NONCE_SIZE = 32; + + protected static final byte INS_GENERATE_KEY_CMD = KEYMINT_CMD_APDU_START + 1; //0x21 + private static final byte INS_IMPORT_KEY_CMD = KEYMINT_CMD_APDU_START + 2; //0x22 + private static final byte INS_IMPORT_WRAPPED_KEY_CMD = KEYMINT_CMD_APDU_START + 3; //0x23 + private static final byte INS_EXPORT_KEY_CMD = KEYMINT_CMD_APDU_START + 4; //0x24 + private static final byte INS_ATTEST_KEY_CMD = KEYMINT_CMD_APDU_START + 5; //0x25 + private static final byte INS_UPGRADE_KEY_CMD = KEYMINT_CMD_APDU_START + 6; //0x26 + private static final byte INS_DELETE_KEY_CMD = KEYMINT_CMD_APDU_START + 7; //0x27 + private static final byte INS_DELETE_ALL_KEYS_CMD = KEYMINT_CMD_APDU_START + 8; //0x28 + private static final byte INS_ADD_RNG_ENTROPY_CMD = KEYMINT_CMD_APDU_START + 9; //0x29 + private static final byte INS_COMPUTE_SHARED_HMAC_CMD = KEYMINT_CMD_APDU_START + 10; //0x2A + private static final byte INS_DESTROY_ATT_IDS_CMD = KEYMINT_CMD_APDU_START + 11; //0x2B + private static final byte INS_VERIFY_AUTHORIZATION_CMD = KEYMINT_CMD_APDU_START + 12; //0x2C + private static final byte INS_GET_HMAC_SHARING_PARAM_CMD = KEYMINT_CMD_APDU_START + 13; //0x2D + private static final byte INS_GET_KEY_CHARACTERISTICS_CMD = KEYMINT_CMD_APDU_START + 14; //0x2E + private static final byte INS_GET_HW_INFO_CMD = KEYMINT_CMD_APDU_START + 15; //0x2F + protected static final byte INS_BEGIN_OPERATION_CMD = KEYMINT_CMD_APDU_START + 16; //0x30 + private static final byte INS_UPDATE_OPERATION_CMD = KEYMINT_CMD_APDU_START + 17; //0x31 + private static final byte INS_FINISH_OPERATION_CMD = KEYMINT_CMD_APDU_START + 18; //0x32 + private static final byte INS_ABORT_OPERATION_CMD = KEYMINT_CMD_APDU_START + 19; //0x33 + private static final byte INS_DEVICE_LOCKED_CMD = KEYMINT_CMD_APDU_START + 20;//0x34 + private static final byte INS_EARLY_BOOT_ENDED_CMD = KEYMINT_CMD_APDU_START + 21; //0x35 + private static final byte INS_GET_CERT_CHAIN_CMD = KEYMINT_CMD_APDU_START + 22; //0x36 + private static final byte INS_UPDATE_AAD_OPERATION_CMD = KEYMINT_CMD_APDU_START + 23; //0x37 + private static final byte INS_BEGIN_IMPORT_WRAPPED_KEY_CMD = KEYMINT_CMD_APDU_START + 24; //0x38 + private static final byte INS_FINISH_IMPORT_WRAPPED_KEY_CMD = KEYMINT_CMD_APDU_START + 25; //0x39 + private static final byte INS_INIT_STRONGBOX_CMD = KEYMINT_CMD_APDU_START + 26; //0x3A + // RKP + public static final byte INS_GET_RKP_HARDWARE_INFO = KEYMINT_CMD_APDU_START + 27; //0x3B + public static final byte INS_GENERATE_RKP_KEY_CMD = KEYMINT_CMD_APDU_START + 28; //0x3C + public static final byte INS_BEGIN_SEND_DATA_CMD = KEYMINT_CMD_APDU_START + 29; //0x3D + public static final byte INS_UPDATE_KEY_CMD = KEYMINT_CMD_APDU_START + 30; //0x3E + public static final byte INS_UPDATE_EEK_CHAIN_CMD = KEYMINT_CMD_APDU_START + 31; //0x3F + public static final byte INS_UPDATE_CHALLENGE_CMD = KEYMINT_CMD_APDU_START + 32; //0x40 + public static final byte INS_FINISH_SEND_DATA_CMD = KEYMINT_CMD_APDU_START + 33; //0x41 + public static final byte INS_GET_RESPONSE_CMD = KEYMINT_CMD_APDU_START + 34; //0x42 + private static final byte KEYMINT_CMD_APDU_END = KEYMINT_CMD_APDU_START + 35; //0x43 + + private static final byte INS_END_KM_CMD = 0x7F; + + // Data Dictionary items + private static final byte DATA_ARRAY_SIZE = 40; + private static final byte TMP_VARIABLE_ARRAY_SIZE = 5; + + protected static final byte KEY_PARAMETERS = 0; + private static final byte KEY_CHARACTERISTICS = 1; + private static final byte HIDDEN_PARAMETERS = 2; + protected static final byte HW_PARAMETERS = 3; + private static final byte SW_PARAMETERS = 4; + private static final byte AUTH_DATA = 5; + private static final byte AUTH_TAG = 6; + private static final byte NONCE = 7; + private static final byte KEY_BLOB = 8; + private static final byte AUTH_DATA_LENGTH = 9; + protected static final byte SECRET = 10; + private static final byte ROT = 11; + private static final byte DERIVED_KEY = 12; + private static final byte RSA_PUB_EXPONENT = 13; + private static final byte APP_ID = 14; + private static final byte APP_DATA = 15; + private static final byte PUB_KEY = 16; + private static final byte IMPORTED_KEY_BLOB = 17; + private static final byte ORIGIN = 18; + private static final byte NOT_USED = 19; + private static final byte MASKING_KEY = 20; + private static final byte HMAC_SHARING_PARAMS = 21; + private static final byte OP_HANDLE = 22; + private static final byte IV = 23; + protected static final byte INPUT_DATA = 24; + protected static final byte OUTPUT_DATA = 25; + private static final byte HW_TOKEN = 26; + private static final byte VERIFICATION_TOKEN = 27; + private static final byte SIGNATURE = 28; + private static final byte ATTEST_KEY_BLOB = 29; + private static final byte ATTEST_KEY_PARAMS = 30; + private static final byte ATTEST_KEY_ISSUER = 31; + private static final byte CERTIFICATE = 32; + private static final byte PLAIN_SECRET = 33; + private static final byte TEE_PARAMETERS = 34; + private static final byte SB_PARAMETERS = 35; + private static final byte CONFIRMATION_TOKEN = 36; + + // AddRngEntropy + private static final short MAX_SEED_SIZE = 2048; + + // Keyblob constants + public static final byte KEY_BLOB_SECRET = 0; + public static final byte KEY_BLOB_NONCE = 1; + public static final byte KEY_BLOB_AUTH_TAG = 2; + public static final byte KEY_BLOB_PARAMS = 3; + public static final byte KEY_BLOB_PUB_KEY = 4; + // AES GCM constants + public static final byte AES_GCM_AUTH_TAG_LENGTH = 16; + public static final byte AES_GCM_NONCE_LENGTH = 12; + // ComputeHMAC constants + private static final short HMAC_SHARED_PARAM_MAX_SIZE = 64; + protected static final short MAX_CERT_SIZE = 2048; + + protected static final short POWER_RESET_MASK_FLAG = (short) 0x4000; + + //getHardwareInfo constants. + private static byte[] JAVACARD_KEYMASTER_DEVICE; + private static byte[] GOOGLE; + private static byte[] X509Subject; + + private static short[] ATTEST_ID_TAGS; + private static final byte SERIAL_NUM = (byte) 0x01; + + protected KMDecoder decoder; + protected KMRepository repository; + // TODO Remove static + protected static KMEncoder encoder; + protected KMSEProvider seProvider; + protected KMDataStore storeDataInst; + protected KMBootDataStore bootParamsProv; + protected KMOperationState[] opTable; + protected short[] tmpVariables; + protected static short[] data; + protected byte[] wrappingKey; + + + /** + * Registers this applet. + */ + public KMKeymasterDevice(KMSEProvider seImpl, KMRepository repoInst, KMEncoder encoderInst, + KMDecoder decoderInst, KMDataStore storeData, + KMBootDataStore bootParamsProvider) { + initKMDeviceStatics(); + seProvider = seImpl; + bootParamsProv = bootParamsProvider; + storeDataInst = storeData; + repository = repoInst; + encoder = encoderInst; + decoder = decoderInst; + data = JCSystem.makeTransientShortArray(DATA_ARRAY_SIZE, JCSystem.CLEAR_ON_DESELECT); + tmpVariables = JCSystem.makeTransientShortArray(TMP_VARIABLE_ARRAY_SIZE, + JCSystem.CLEAR_ON_DESELECT); + wrappingKey = JCSystem.makeTransientByteArray((short) (WRAPPING_KEY_SIZE + 1), + JCSystem.CLEAR_ON_RESET); + resetWrappingKey(); + opTable = new KMOperationState[MAX_OPERATIONS_COUNT]; + short index = 0; + while (index < MAX_OPERATIONS_COUNT) { + opTable[index] = new KMOperationState(); + index++; + } + KMType.initialize(); + if (!seProvider.isUpgrading()) { + initializeDefaultValues(); + } + + } + + private void initializeDefaultValues() { + short offset = repository.alloc((short) 32); + // Initialize master key + byte[] buffer = repository.getHeap(); + seProvider.getTrueRandomNumber(buffer, offset, MASTER_KEY_SIZE); + storeDataInst.storeData(KMDataStoreConstants.MASTER_KEY, buffer, offset, MASTER_KEY_SIZE); + // initialize default values + initHmacNonceAndSeed(buffer, offset); + initSystemBootParams(); + writeBoolean(KMDataStoreConstants.DEVICE_LOCKED, false, buffer, offset); + writeBoolean(KMDataStoreConstants.DEVICE_LOCKED_PASSWORD_ONLY, false, buffer, offset); + writeBoolean(KMDataStoreConstants.BOOT_ENDED_STATUS, false, buffer, offset); + writeBoolean(KMDataStoreConstants.EARLY_BOOT_ENDED_STATUS, false, buffer, offset); + writeBoolean(KMDataStoreConstants.PROVISIONED_LOCKED, false, buffer, offset); + } + + public static void initStatics() { + F4 = new byte[]{0x01, 0x00, 0x01}; + // "Keymaster HMAC Verification" - used for HMAC key verification. + sharingCheck = new byte[]{ + 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x48, 0x4D, 0x41, 0x43, 0x20, + 0x56, + 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6F, 0x6E + }; + + // "KeymasterSharedMac" + ckdfLable = new byte[]{ + 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, 0x65, 0x72, 0x53, 0x68, 0x61, 0x72, 0x65, 0x64, + 0x4D, + 0x61, 0x63 + }; + + // "Auth Verification" + authVerification = new byte[]{ + 0x41, 0x75, 0x74, 0x68, 0x20, 0x56, 0x65, 0x72, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x69, + 0x6F, + 0x6E + }; + // "confirmation token" + confirmationToken = new byte[]{ + 0x63, 0x6F, 0x6E, 0x66, 0x69, 0x72, 0x6D, 0x61, 0x74, 0x69, 0x6F, 0x6E, 0x20, 0x74, 0x6F, + 0x6B, + 0x65, 0x6E + }; + // Subject is a fixed field with only CN= Android Keystore Key - same for all the keys + defaultSubject = new byte[]{ + 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, + 0x64, + 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, + 0x65, + 0x79 + }; + //getHardwareInfo constants. + JAVACARD_KEYMASTER_DEVICE = new byte[]{ + 0x4A, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4B, 0x65, 0x79, 0x6D, 0x61, 0x73, 0x74, + 0x65, 0x72, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65, + }; + GOOGLE = new byte[]{0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65}; + X509Subject = new byte[]{ + 0x30, 0x1F, 0x31, 0x1D, 0x30, 0x1B, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x14, 0x41, 0x6e, + 0x64, + 0x72, 0x6f, 0x69, 0x64, 0x20, 0x4B, 0x65, 0x79, 0x73, 0x74, 0x6f, 0x72, 0x65, 0x20, 0x4B, + 0x65, + 0x79 + }; + + ATTEST_ID_TAGS = new short[]{ + KMType.ATTESTATION_ID_BRAND, + KMType.ATTESTATION_ID_DEVICE, + KMType.ATTESTATION_ID_IMEI, + KMType.ATTESTATION_ID_MANUFACTURER, + KMType.ATTESTATION_ID_MEID, + KMType.ATTESTATION_ID_MODEL, + KMType.ATTESTATION_ID_PRODUCT, + KMType.ATTESTATION_ID_SERIAL + }; + } + + private static void initKMDeviceStatics() { + initStatics(); + KMAttestationCertImpl.initStatics(); + KMBignumTag.initStatics(); + KMCosePairCoseKeyTag.initStatics(); + KMEnumTag.initStatics(); + KMCosePairTextStringTag.initStatics(); + KMByteTag.initStatics(); + KMEnum.initStatics(); + KMIntegerTag.initStatics(); + KMCose.initStatics(); + KMKeyParameters.initStatics(); + KMUtils.initStatics(); + KMBoolTag.initStatics(); + KMPKCS8Decoder.initStatics(); + KMEnumArrayTag.initStatics(); + KMIntegerArrayTag.initStatics(); + } + + public void clean() { + repository.clean(); + } + + protected void initHmacNonceAndSeed(byte[] scratchPad, short offset) { + seProvider.newRandomNumber(scratchPad, offset, HMAC_SEED_NONCE_SIZE); + storeDataInst.storeData(KMDataStoreConstants.HMAC_NONCE, scratchPad, offset, + HMAC_SEED_NONCE_SIZE); + } + + private void releaseAllOperations() { + short index = 0; + while (index < MAX_OPERATIONS_COUNT) { + opTable[index].reset(); + index++; + } + } + + private KMOperationState reserveOperation(short algorithm, short opHandle) { + short index = 0; + while (index < MAX_OPERATIONS_COUNT) { + if (opTable[index].getAlgorithm() == KMType.INVALID_VALUE) { + opTable[index].reset(); + opTable[index].setAlgorithm(algorithm); + opTable[index].setHandle(KMInteger.getBuffer(opHandle), + KMInteger.getStartOff(opHandle), + KMInteger.length(opHandle)); + return opTable[index]; + } + index++; + } + return null; + } + + private KMOperationState findOperation(short handle) { + return findOperation(KMInteger.getBuffer(handle), + KMInteger.getStartOff(handle), + KMInteger.length(handle)); + } + + private KMOperationState findOperation(byte[] opHandle, short start, short len) { + short index = 0; + while (index < MAX_OPERATIONS_COUNT) { + if (opTable[index].compare(opHandle, start, len) == 0) { + if (opTable[index].getAlgorithm() != KMType.INVALID_VALUE) { + return opTable[index]; + } + } + index++; + } + return null; + } + + private void releaseOperation(KMOperationState op) { + op.reset(); + } + + /** + * Selects this applet. + * + * @return Returns true if the keymaster is in correct state + */ + public boolean onSelect() { + repository.onSelect(); + return true; + } + + /** + * De-selects this applet. + */ + public void onDeselect() { + repository.onDeselect(); + } + + public void onUninstall() { + repository.onUninstall(); + } + + public short mapISOErrorToKMError(short reason) { + switch (reason) { + case ISO7816.SW_CLA_NOT_SUPPORTED: + return KMError.UNSUPPORTED_CLA; + case ISO7816.SW_CONDITIONS_NOT_SATISFIED: + return KMError.SW_CONDITIONS_NOT_SATISFIED; + case ISO7816.SW_COMMAND_NOT_ALLOWED: + return KMError.CMD_NOT_ALLOWED; + case ISO7816.SW_DATA_INVALID: + return KMError.INVALID_DATA; + case ISO7816.SW_INCORRECT_P1P2: + return KMError.INVALID_P1P2; + case ISO7816.SW_INS_NOT_SUPPORTED: + return KMError.UNSUPPORTED_INSTRUCTION; + case ISO7816.SW_WRONG_LENGTH: + return KMError.SW_WRONG_LENGTH; + case ISO7816.SW_UNKNOWN: + default: + return KMError.UNKNOWN_ERROR; + } + } + + public short mapCryptoErrorToKMError(short reason) { + switch (reason) { + case CryptoException.ILLEGAL_USE: + return KMError.CRYPTO_ILLEGAL_USE; + case CryptoException.ILLEGAL_VALUE: + return KMError.CRYPTO_ILLEGAL_VALUE; + case CryptoException.INVALID_INIT: + return KMError.CRYPTO_INVALID_INIT; + case CryptoException.NO_SUCH_ALGORITHM: + return KMError.CRYPTO_NO_SUCH_ALGORITHM; + case CryptoException.UNINITIALIZED_KEY: + return KMError.CRYPTO_UNINITIALIZED_KEY; + default: + return KMError.UNKNOWN_ERROR; + } + } + + /** + * Processes an incoming APDU and handles it using command objects. + * + * @param apdu the incoming APDU + */ + public void process(APDU apdu) { + try { + resetData(); + repository.onProcess(); + // Validate APDU Header. + byte[] apduBuffer = apdu.getBuffer(); + byte apduIns = apduBuffer[ISO7816.OFFSET_INS]; + + switch (apduIns) { + case INS_INIT_STRONGBOX_CMD: + processInitStrongBoxCmd(apdu); + sendError(apdu, KMError.OK); + return; + case INS_GENERATE_KEY_CMD: + processGenerateKey(apdu); + break; + case INS_ATTEST_KEY_CMD: + processAttestKeyCmd(apdu); + break; + case INS_IMPORT_KEY_CMD: + processImportKeyCmd(apdu); + break; + case INS_IMPORT_WRAPPED_KEY_CMD: + processImportWrappedKeyCmd(apdu); + break; + case INS_BEGIN_IMPORT_WRAPPED_KEY_CMD: + processBeginImportWrappedKeyCmd(apdu); + break; + case INS_FINISH_IMPORT_WRAPPED_KEY_CMD: + processFinishImportWrappedKeyCmd(apdu); + break; + case INS_EXPORT_KEY_CMD: + processExportKeyCmd(apdu); + break; + case INS_UPGRADE_KEY_CMD: + processUpgradeKeyCmd(apdu); + break; + case INS_DELETE_KEY_CMD: + processDeleteKeyCmd(apdu); + break; + case INS_DELETE_ALL_KEYS_CMD: + processDeleteAllKeysCmd(apdu); + break; + case INS_ADD_RNG_ENTROPY_CMD: + processAddRngEntropyCmd(apdu); + break; + case INS_COMPUTE_SHARED_HMAC_CMD: + processComputeSharedHmacCmd(apdu); + break; + case INS_DESTROY_ATT_IDS_CMD: + processDestroyAttIdsCmd(apdu); + break; + case INS_VERIFY_AUTHORIZATION_CMD: + processVerifyAuthorizationCmd(apdu); + break; + case INS_GET_HMAC_SHARING_PARAM_CMD: + processGetHmacSharingParamCmd(apdu); + break; + case INS_GET_KEY_CHARACTERISTICS_CMD: + processGetKeyCharacteristicsCmd(apdu); + break; + case INS_GET_HW_INFO_CMD: + processGetHwInfoCmd(apdu); + break; + case INS_BEGIN_OPERATION_CMD: + processBeginOperationCmd(apdu); + break; + case INS_UPDATE_OPERATION_CMD: + processUpdateOperationCmd(apdu); + break; + case INS_FINISH_OPERATION_CMD: + processFinishOperationCmd(apdu); + break; + case INS_ABORT_OPERATION_CMD: + processAbortOperationCmd(apdu); + break; + case INS_DEVICE_LOCKED_CMD: + processDeviceLockedCmd(apdu); + break; + case INS_EARLY_BOOT_ENDED_CMD: + processEarlyBootEndedCmd(apdu); + break; + case INS_UPDATE_AAD_OPERATION_CMD: + processUpdateAadOperationCmd(apdu); + break; + case INS_GET_CERT_CHAIN_CMD: + processGetCertChainCmd(apdu); + break; + default: + ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); + } + } catch (KMException exception) { + freeOperations(); + resetWrappingKey(); + sendError(apdu, KMException.reason()); + } catch (ISOException exp) { + freeOperations(); + resetWrappingKey(); + sendError(apdu, mapISOErrorToKMError(exp.getReason())); + } catch (CryptoException e) { + freeOperations(); + resetWrappingKey(); + sendError(apdu, mapCryptoErrorToKMError(e.getReason())); + } catch (Exception e) { + freeOperations(); + resetWrappingKey(); + sendError(apdu, KMError.GENERIC_UNKNOWN_ERROR); + } finally { + repository.clean(); + } + } + + private void generateUniqueOperationHandle(byte[] buf, short offset, short len) { + do { + seProvider.newRandomNumber(buf, offset, len); + } while (null != findOperation(buf, offset, len)); + } + + private void freeOperations() { + if (data[OP_HANDLE] != KMType.INVALID_VALUE) { + KMOperationState op = findOperation(data[OP_HANDLE]); + if (op != null) { + releaseOperation(op); + } + } + } + + private void processEarlyBootEndedCmd(APDU apdu) { + writeBoolean(KMDataStoreConstants.EARLY_BOOT_ENDED_STATUS, true); + } + + private short deviceLockedCmd(APDU apdu) { + short cmd = KMArray.instance((short) 2); + // passwordOnly + KMArray.add(cmd, (short) 0, KMInteger.exp()); + // verification token + KMArray.add(cmd, (short) 1, getKMVerificationTokenExp()); + return receiveIncoming(apdu, cmd); + } + + protected boolean isProvisionLocked(byte[] scratchPad, short scratchPadOff) { + return readBoolean(KMDataStoreConstants.PROVISIONED_LOCKED, scratchPad, scratchPadOff); + } + + protected boolean readBoolean(byte storeDataId, byte[] scratchPad, short scratchPadOff) { + short len = storeDataInst.getData(storeDataId, scratchPad, scratchPadOff); + if (len == 0) { + KMException.throwIt(KMError.INVALID_DATA); + } + return scratchPad[scratchPadOff] == 0x01; + } + + protected void writeBoolean(byte storeDataId, boolean flag, byte[] scratchPad, short offset) { + if (flag) { + scratchPad[offset] = (byte) 0x01; + } else { + scratchPad[offset] = (byte) 0x00; + } + storeDataInst.storeData(storeDataId, scratchPad, offset, (short) 1); + } + + protected void writeBoolean(byte storeDataId, boolean flag) { + short start = repository.alloc((short) 1); + byte[] buffer = repository.getHeap(); + writeBoolean(storeDataId, flag, buffer, start); + } + + protected void writeData(byte storeDataId, byte[] data, short offset, short len) { + storeDataInst.storeData(storeDataId, data, offset, len); + } + + protected short readData(byte storeDataId, byte[] scratchPad, short offset) { + short len = storeDataInst.getData(storeDataId, scratchPad, offset); + if (len == 0) { + KMException.throwIt(KMError.INVALID_DATA); + } + return len; + } + + protected short readBlob(byte storeDataId, byte[] scratchPad, short offset) { + short len = readData(storeDataId, scratchPad, offset); + return KMByteBlob.instance(scratchPad, offset, len); + } + + protected short readInteger32(byte storeDataId, byte[] scratchPad, short offset) { + readData(storeDataId, scratchPad, offset); + return KMInteger.uint_32(scratchPad, offset); + } + + protected short readInteger64(byte storeDataId, byte[] scratchPad, short offset) { + readData(storeDataId, scratchPad, offset); + return KMInteger.uint_64(scratchPad, offset); + } + + private void processDeviceLockedCmd(APDU apdu) { + short cmd = deviceLockedCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + short passwordOnly = KMArray.get(cmd, (short) 0); + short verToken = KMArray.get(cmd, (short) 1); + passwordOnly = KMInteger.getByte(passwordOnly); + validateVerificationToken(verToken, scratchPad); + short verTime = KMVerificationToken.getTimestamp(verToken); + short len = storeDataInst.getData(KMDataStoreConstants.DEVICE_LOCKED_TIME, scratchPad, + (short) 0); + short lastDeviceLockedTime = KMByteBlob.instance(scratchPad, (short) 0, len); + if (KMInteger.compare(verTime, lastDeviceLockedTime) > 0) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 8, (byte) 0); + KMInteger.getValue(verTime, scratchPad, (short) 0, (short) 8); + writeBoolean(KMDataStoreConstants.DEVICE_LOCKED, true); + writeBoolean(KMDataStoreConstants.DEVICE_LOCKED_PASSWORD_ONLY, passwordOnly == 0x01); + storeDataInst.storeData(KMDataStoreConstants.DEVICE_LOCKED_TIME, scratchPad, (short) 0, + (short) 8); + } + sendError(apdu, KMError.OK); + } + + private void resetWrappingKey() { + if (!isValidWrappingKey()) { + return; + } + Util.arrayFillNonAtomic(wrappingKey, (short) 1, WRAPPING_KEY_SIZE, (byte) 0); + wrappingKey[0] = -1; + } + + private boolean isValidWrappingKey() { + return wrappingKey[0] != -1; + } + + private void setWrappingKey(short key) { + if (KMByteBlob.length(key) != WRAPPING_KEY_SIZE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + wrappingKey[0] = 0; + Util.arrayCopyNonAtomic(KMByteBlob.getBuffer(key), + KMByteBlob.getStartOff(key), wrappingKey, (short) 1, WRAPPING_KEY_SIZE); + } + + private short getWrappingKey() { + return KMByteBlob.instance(wrappingKey, (short) 1, WRAPPING_KEY_SIZE); + } + + protected void resetData() { + short index = 0; + while (index < data.length) { + data[index] = KMType.INVALID_VALUE; + index++; + } + index = 0; + while (index < tmpVariables.length) { + tmpVariables[index] = KMType.INVALID_VALUE; + index++; + } + } + + /** + * Sends a response, may be extended response, as requested by the command. + */ + public void sendOutgoing(APDU apdu, short resp) { + //TODO handle the extended buffer stuff. We can reuse this. + short bufferStartOffset = repository.allocAvailableMemory(); + byte[] buffer = repository.getHeap(); + // TODO we can change the following to incremental send. + short bufferLength = encoder.encode(resp, buffer, bufferStartOffset); + if (((short) (bufferLength + bufferStartOffset)) > ((short) repository + .getHeap().length)) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + // Send data + apdu.setOutgoing(); + apdu.setOutgoingLength(bufferLength); + apdu.sendBytesLong(buffer, bufferStartOffset, bufferLength); + } + + /** + * Receives data, which can be extended data, as requested by the command instance. + */ + public short receiveIncoming(APDU apdu, short reqExp) { + short recvLen = apdu.setIncomingAndReceive(); + short bufferLength = apdu.getIncomingLength(); + short bufferStartOffset = repository.allocReclaimableMemory(bufferLength); + short req = receiveIncoming(apdu, reqExp, repository.getHeap(), bufferLength, bufferStartOffset, + recvLen); + repository.reclaimMemory(bufferLength); + return req; + } + + public short receiveIncoming(APDU apdu, short reqExp, byte[] reclamBuf, short bLen, + short bStartOffset, short incomingReceivedLen) { + byte[] srcBuffer = apdu.getBuffer(); + short recvLen = incomingReceivedLen; + short srcOffset = apdu.getOffsetCdata(); + // TODO add logic to handle the extended length buffer. In this case the memory can be reused + // from extended buffer. + short index = bStartOffset; + while (recvLen > 0 && ((short) (index - bStartOffset) < bLen)) { + Util.arrayCopyNonAtomic(srcBuffer, srcOffset, reclamBuf, index, recvLen); + index += recvLen; + recvLen = apdu.receiveBytes(srcOffset); + } + return decoder.decode(reqExp, reclamBuf, bStartOffset, bLen); + } + + public void receiveIncomingCertData(APDU apdu, byte[] reclamBuf, short bLen, short bStartOffset, + short incomingReceivedLen, byte[] outBuf, short outOff) { + byte[] srcBuffer = apdu.getBuffer(); + short recvLen = incomingReceivedLen; + short srcOffset = apdu.getOffsetCdata(); + short index = bStartOffset; + while (recvLen > 0 && ((short) (index - bStartOffset) < bLen)) { + Util.arrayCopyNonAtomic(srcBuffer, srcOffset, reclamBuf, index, recvLen); + index += recvLen; + recvLen = apdu.receiveBytes(srcOffset); + } + decoder.decodeCertificateData((short) 3, + reclamBuf, bStartOffset, bLen, + outBuf, outOff); + } + + + private void processGetHwInfoCmd(APDU apdu) { + // No arguments expected + short respPtr = getHardwareInfo(); + // send buffer to master + sendOutgoing(apdu, respPtr); + } + + private short addRngEntropyCmd(APDU apdu) { + short cmd = KMArray.instance((short) 1); + // Rng entropy + KMArray.add(cmd, (short) 0, KMByteBlob.exp()); + return receiveIncoming(apdu, cmd); + } + + private void processAddRngEntropyCmd(APDU apdu) { + // Receive the incoming request fully from the master. + short cmd = addRngEntropyCmd(apdu); + // Process + short blob = KMArray.get(cmd, (short) 0); + // Maximum 2KiB of seed is allowed. + if (KMByteBlob.length(blob) > MAX_SEED_SIZE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + seProvider.addRngEntropy(KMByteBlob.getBuffer(blob), KMByteBlob.getStartOff(blob), + KMByteBlob.length(blob)); + sendError(apdu, KMError.OK); + } + + private short getKeyCharacteristicsCmd(APDU apdu) { + short cmd = KMArray.instance((short) 3); + KMArray.add(cmd, (short) 0, KMByteBlob.exp()); + KMArray.add(cmd, (short) 1, KMByteBlob.exp()); + KMArray.add(cmd, (short) 2, KMByteBlob.exp()); + return receiveIncoming(apdu, cmd); + } + + private void processGetKeyCharacteristicsCmd(APDU apdu) { + // Receive the incoming request fully from the master. + short cmd = getKeyCharacteristicsCmd(apdu); + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + data[KEY_BLOB] = KMArray.get(cmd, (short) 0); + data[APP_ID] = KMArray.get(cmd, (short) 1); + data[APP_DATA] = KMArray.get(cmd, (short) 2); + if (!KMByteBlob.isValid(data[APP_ID])) { + data[APP_ID] = KMType.INVALID_VALUE; + } + if (!KMByteBlob.isValid(data[APP_DATA])) { + data[APP_DATA] = KMType.INVALID_VALUE; + } + // Parse Key Blob + parseEncryptedKeyBlob(data[KEY_BLOB], data[APP_ID], data[APP_DATA], scratchPad); + // Check Version and Patch Level + checkVersionAndPatchLevel(scratchPad); + // Remove custom tags from key characteristics + short teeParams = KMKeyCharacteristics.getTeeEnforced(data[KEY_CHARACTERISTICS]); + if (teeParams != KMType.INVALID_VALUE) { + KMKeyParameters.deleteCustomTags(teeParams); + } + // make response. + short resp = KMArray.instance((short) 2); + KMArray.add(resp, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(resp, (short) 1, data[KEY_CHARACTERISTICS]); + sendOutgoing(apdu, resp); + } + + private void processGetHmacSharingParamCmd(APDU apdu) { + // No Arguments + // Create HMAC Sharing Parameters + byte[] scratchPad = apdu.getBuffer(); + short params = KMHmacSharingParameters.instance(); + short nonce = readBlob(KMDataStoreConstants.HMAC_NONCE, scratchPad, (short) 0); + short seed = KMByteBlob.instance((short) 0); + KMHmacSharingParameters.setNonce(params, nonce); + KMHmacSharingParameters.setSeed(params, seed); + // prepare the response + short resp = KMArray.instance((short) 2); + KMArray.add(resp, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(resp, (short) 1, params); + sendOutgoing(apdu, resp); + } + + private void processDeleteAllKeysCmd(APDU apdu) { + // No arguments + // Send ok + sendError(apdu, KMError.OK); + } + + private short deleteKeyCmd(APDU apdu) { + short cmd = KMArray.instance((short) 1); + KMArray.add(cmd, (short) 0, KMByteBlob.exp()); + return receiveIncoming(apdu, cmd); + } + + private short keyBlob() { + short keyBlob = KMArray.instance((short) 5); + KMArray.add(keyBlob, KMKeymasterDevice.KEY_BLOB_SECRET, KMByteBlob.exp()); + KMArray.add(keyBlob, KMKeymasterDevice.KEY_BLOB_AUTH_TAG, KMByteBlob.exp()); + KMArray.add(keyBlob, KMKeymasterDevice.KEY_BLOB_NONCE, KMByteBlob.exp()); + short keyChar = getKeyCharacteristicsExp(); + KMArray.add(keyBlob, KMKeymasterDevice.KEY_BLOB_PARAMS, keyChar); + KMArray.add(keyBlob, KMKeymasterDevice.KEY_BLOB_PUB_KEY, KMByteBlob.exp()); + return keyBlob; + } + + private void processDeleteKeyCmd(APDU apdu) { + short cmd = deleteKeyCmd(apdu); + data[KEY_BLOB] = KMArray.get(cmd, (short) 0); + try { + data[KEY_BLOB] = decoder.decodeArray(keyBlob(), + KMByteBlob.getBuffer(data[KEY_BLOB]), + KMByteBlob.getStartOff(data[KEY_BLOB]), + KMByteBlob.length(data[KEY_BLOB])); + } catch (ISOException e) { + // As per VTS, deleteKey should return KMError.OK but in case if + // input is empty then VTS accepts UNIMPLEMENTED errorCode as well. + KMException.throwIt(KMError.UNIMPLEMENTED); + } + if (KMArray.length(data[KEY_BLOB]) < 4) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + // Send ok + sendError(apdu, KMError.OK); + } + + private short computeSharedHmacCmd(APDU apdu) { + short params = KMHmacSharingParameters.exp(); + short paramsVec = KMArray.exp(params); + short cmd = KMArray.instance((short) 1); + KMArray.add(cmd, (short) 0, paramsVec); + return receiveIncoming(apdu, cmd); + } + + private void processComputeSharedHmacCmd(APDU apdu) { + // Receive the incoming request fully from the master into buffer. + short cmd = computeSharedHmacCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + data[HMAC_SHARING_PARAMS] = KMArray.get(cmd, (short) 0); + // Concatenate HMAC Params + //tmpVariables[0] + short paramsLen = KMArray.length(data[HMAC_SHARING_PARAMS]); // total number of params + //tmpVariables[1] + short concateBuffer = repository.alloc((short) (paramsLen * HMAC_SHARED_PARAM_MAX_SIZE)); + //tmpVariables[2] + short paramIndex = 0; // index for params + //tmpVariables[3] + short bufferIndex = 0; // index for concatenation buffer + // To check if nonce created by Strongbox is found. This value becomes 1 if both + // seed and nonce created here are found in hmac sharing parameters received. + //tmpVariables[7] = 0; + short found = 0; + //tmpVariables[9] + short nonce = readBlob(KMDataStoreConstants.HMAC_NONCE, scratchPad, (short) 0); + + while (paramIndex < paramsLen) { + // read HmacSharingParam + //tmpVariables[4] + short param = KMArray.get(data[HMAC_SHARING_PARAMS], paramIndex); + // get seed - 32 bytes max + //tmpVariables[5] + short seed = KMHmacSharingParameters.getSeed(param); + //tmpVariables[6] + short seedLength = KMByteBlob.length(seed); + // if seed is present + if (seedLength != 0) { + // then copy that to concatenation buffer + Util.arrayCopyNonAtomic( + KMByteBlob.getBuffer(seed), + KMByteBlob.getStartOff(seed), + repository.getHeap(), + (short) (concateBuffer + bufferIndex), // concat index + seedLength); + bufferIndex += seedLength; // increment the concat index + } else if (found == 0) { + found = 1; // Applet does not have any seed. Potentially + } + // if nonce is present get nonce - 32 bytes + //tmpVariables[5] + short paramNonce = KMHmacSharingParameters.getNonce(param); + short nonceLen = KMByteBlob.length(paramNonce); + // if nonce is less then 32 - it is an error + if (nonceLen < 32) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + // copy nonce to concatenation buffer + Util.arrayCopyNonAtomic( + KMByteBlob.getBuffer(paramNonce), + KMByteBlob.getStartOff(paramNonce), + repository.getHeap(), + (short) (concateBuffer + bufferIndex), // index + nonceLen); + + // Check if the nonce generated here is present in the hmacSharingParameters array. + // Otherwise throw INVALID_ARGUMENT error. + if (found == 1) { + if (0 + == Util.arrayCompare( + repository.getHeap(), + (short) (concateBuffer + bufferIndex), + KMByteBlob.getBuffer(nonce), + KMByteBlob.getStartOff(nonce), + nonceLen)) { + found = 2; // hmac nonce for this keymaster found. + } else { + found = 0; + } + } + bufferIndex += nonceLen; // increment by nonce length + paramIndex++; // go to next hmac param in the vector + } + if (found != 2) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + // generate the key and store it in scratch pad - 32 bytes + //tmpVariables[6] + short keyLen = + seProvider.cmacKDF( + storeDataInst.getPresharedKey(), + ckdfLable, + (short) 0, + (short) ckdfLable.length, + repository.getHeap(), + concateBuffer, + bufferIndex, + scratchPad, + (short) 0); + + // persist the computed hmac key. + writeData(KMDataStoreConstants.COMPUTED_HMAC_KEY, scratchPad, (short) 0, keyLen); + // Generate sharingKey verification signature and store that in scratch pad. + //tmpVariables[5] + short signLen = + seProvider.hmacSign( + scratchPad, + (short) 0, + keyLen, + sharingCheck, + (short) 0, + (short) sharingCheck.length, + scratchPad, + keyLen); + // verification signature blob - 32 bytes + //tmpVariables[1] + short signature = KMByteBlob.instance(scratchPad, keyLen, signLen); + // prepare the response + short resp = KMArray.instance((short) 2); + KMArray.add(resp, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(resp, (short) 1, signature); + sendOutgoing(apdu, resp); + } + + private short upgradeKeyCmd(APDU apdu) { + short cmd = KMArray.instance((short) 2); + short keyParams = KMKeyParameters.exp(); + KMArray.add(cmd, (short) 0, KMByteBlob.exp()); // Key Blob + KMArray.add(cmd, (short) 1, keyParams); // Key Params + return receiveIncoming(apdu, cmd); + } + + private boolean isKeyUpgradeRequired(short tag, short systemParam) { + // validate the tag and check if key needs upgrade. + short tagValue = KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.UINT_TAG, tag); + tagValue = KMIntegerTag.getValue(tagValue); + short zero = KMInteger.uint_8((byte) 0); + if (tagValue != KMType.INVALID_VALUE) { + // OS version in key characteristics must be less the OS version stored in Javacard or the + // stored version must be zero. Then only upgrade is allowed else it is invalid argument. + if ((tag == KMType.OS_VERSION + && KMInteger.compare(tagValue, systemParam) == 1 + && KMInteger.compare(systemParam, zero) == 0)) { + // Key needs upgrade. + return true; + } else if ((KMInteger.compare(tagValue, systemParam) == -1)) { + // Each os version or patch level associated with the key must be less than it's + // corresponding value stored in Javacard, then only upgrade is allowed otherwise it + // is invalid argument. + return true; + } else if (KMInteger.compare(tagValue, systemParam) == 1) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + } + return false; + } + + private void processUpgradeKeyCmd(APDU apdu) { + // Receive the incoming request fully from the master into buffer. + short cmd = upgradeKeyCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + + data[KEY_BLOB] = KMArray.get(cmd, (short) 0); + data[KEY_PARAMETERS] = KMArray.get(cmd, (short) 1); + //tmpVariables[0] + short appId = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.APPLICATION_ID); + if (appId != KMTag.INVALID_VALUE) { + data[APP_ID] = KMByteTag.getValue(appId); + } + short appData = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.APPLICATION_DATA); + if (appData != KMTag.INVALID_VALUE) { + data[APP_DATA] = KMByteTag.getValue(appData); + } + // parse existing key blob + parseEncryptedKeyBlob(data[KEY_BLOB], data[APP_ID], data[APP_DATA], scratchPad); + boolean isKeyUpgradeRequired = false; + // Check if key requires upgrade. + isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.OS_VERSION, + readInteger32(KMDataStoreConstants.OS_VERSION, scratchPad, (short) 0)); + isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.OS_PATCH_LEVEL, + readInteger32(KMDataStoreConstants.OS_PATCH_LEVEL, scratchPad, (short) 0)); + isKeyUpgradeRequired |= + isKeyUpgradeRequired(KMType.VENDOR_PATCH_LEVEL, + readInteger32(KMDataStoreConstants.VENDOR_PATCH_LEVEL, scratchPad, (short) 0)); + // Get boot patch level. + bootParamsProv.getBootPatchLevel(scratchPad, (short) 0); + isKeyUpgradeRequired |= isKeyUpgradeRequired(KMType.BOOT_PATCH_LEVEL, + KMInteger.uint_32(scratchPad, (short) 0)); + + if (isKeyUpgradeRequired) { + // copy origin + data[ORIGIN] = KMEnumTag.getValue(KMType.ORIGIN, data[HW_PARAMETERS]); + makeKeyCharacteristics(scratchPad); + // create new key blob with current os version etc. + createEncryptedKeyBlob(scratchPad); + } else { + data[KEY_BLOB] = KMByteBlob.instance((short) 0); + } + // prepare the response + short resp = KMArray.instance((short) 2); + KMArray.add(resp, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(resp, (short) 1, data[KEY_BLOB]); + sendOutgoing(apdu, resp); + } + + private void processExportKeyCmd(APDU apdu) { + sendError(apdu, KMError.UNIMPLEMENTED); + } + + private void processWrappingKeyBlob(short keyBlob, short wrapParams, byte[] scratchPad) { + // Read App Id and App Data if any from un wrapping key params + short appId = + KMKeyParameters.findTag(wrapParams, KMType.BYTES_TAG, KMType.APPLICATION_ID); + short appData = + KMKeyParameters.findTag(wrapParams, KMType.BYTES_TAG, KMType.APPLICATION_DATA); + if (appId != KMTag.INVALID_VALUE) { + appId = KMByteTag.getValue(appId); + } + if (appData != KMTag.INVALID_VALUE) { + appData = KMByteTag.getValue(appData); + } + data[APP_ID] = appId; + data[APP_DATA] = appData; + data[KEY_PARAMETERS] = wrapParams; + data[KEY_BLOB] = keyBlob; + // parse the wrapping key blob + parseEncryptedKeyBlob(keyBlob, appId, appData, scratchPad); + validateWrappingKeyBlob(); + } + + private void validateWrappingKeyBlob() { + // check whether the wrapping key is RSA with purpose KEY_WRAP, padding RSA_OAEP and Digest + // SHA2_256. + KMTag.assertPresence(data[SB_PARAMETERS], KMType.ENUM_TAG, KMType.ALGORITHM, + KMError.UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); + if (KMEnumTag.getValue(KMType.ALGORITHM, data[HW_PARAMETERS]) != KMType.RSA) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); + } + if (!KMEnumArrayTag.contains(KMType.DIGEST, KMType.SHA2_256, data[HW_PARAMETERS])) { + KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + } + if (!KMEnumArrayTag.contains(KMType.PADDING, KMType.RSA_OAEP, data[HW_PARAMETERS])) { + KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); + } + if (!KMEnumArrayTag.contains(KMType.PURPOSE, KMType.WRAP_KEY, data[HW_PARAMETERS])) { + KMException.throwIt((KMError.INCOMPATIBLE_PURPOSE)); + } + } + + private short decryptTransportKey(short privExp, short modulus, short transportKey, + byte[] scratchPad) { + short length = + seProvider.rsaDecipherOAEP256( + KMByteBlob.getBuffer(privExp), + KMByteBlob.getStartOff(privExp), + KMByteBlob.length(privExp), + KMByteBlob.getBuffer(modulus), + KMByteBlob.getStartOff(modulus), + KMByteBlob.length(modulus), + KMByteBlob.getBuffer(transportKey), + KMByteBlob.getStartOff(transportKey), + KMByteBlob.length(transportKey), + scratchPad, + (short) 0); + return KMByteBlob.instance(scratchPad, (short) 0, length); + + } + + private void unmask(short data, short maskingKey) { + short dataLength = KMByteBlob.length(data); + short maskLength = KMByteBlob.length(maskingKey); + // Length of masking key and transport key must be same. + if (maskLength != dataLength) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + short index = 0; // index + // Xor every byte of masking and key and store the result in data[SECRET] + while (index < maskLength) { + short var1 = + (short) (((short) KMByteBlob.get(maskingKey, index)) & 0x00FF); + short var2 = + (short) (((short) KMByteBlob.get(data, index)) & 0x00FF); + KMByteBlob.add(data, index, (byte) (var1 ^ var2)); + index++; + } + } + + private short beginImportWrappedKeyCmd(APDU apdu) { + short cmd = KMArray.instance((short) 4); + short params = KMKeyParameters.expAny(); + KMArray.add(cmd, (short) 0, KMByteBlob.exp()); // Encrypted Transport Key + KMArray.add(cmd, (short) 1, KMByteBlob.exp()); // Wrapping Key KeyBlob + KMArray.add(cmd, (short) 2, KMByteBlob.exp()); // Masking Key + params = KMKeyParameters.exp(); + KMArray.add(cmd, (short) 3, params); // Wrapping key blob Params + return receiveIncoming(apdu, cmd); + } + + private void processBeginImportWrappedKeyCmd(APDU apdu) { + // Receive the incoming request fully from the master into buffer. + short cmd = beginImportWrappedKeyCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + // Step -1 parse the wrapping key blob + // read wrapping key blob + short keyBlob = KMArray.get(cmd, (short) 1); + // read un wrapping key params + short wrappingKeyParameters = KMArray.get(cmd, (short) 3); + processWrappingKeyBlob(keyBlob, wrappingKeyParameters, scratchPad); + // Step 2 - decrypt the encrypted transport key - 32 bytes AES-GCM key + short transportKey = decryptTransportKey(data[SECRET], data[PUB_KEY], + KMArray.get(cmd, (short) 0), scratchPad); + // Step 3 - XOR the decrypted AES-GCM key with with masking key + unmask(transportKey, KMArray.get(cmd, (short) 2)); + if (isValidWrappingKey()) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + setWrappingKey(transportKey); + sendError(apdu, KMError.OK); + } + + private short aesGCMDecrypt(short aesSecret, short input, short nonce, short authData, + short authTag, byte[] scratchPad) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, KMByteBlob.length(input), (byte) 0); + if (!seProvider.aesGCMDecrypt( + KMByteBlob.getBuffer(aesSecret), + KMByteBlob.getStartOff(aesSecret), + KMByteBlob.length(aesSecret), + KMByteBlob.getBuffer(input), + KMByteBlob.getStartOff(input), + KMByteBlob.length(input), + scratchPad, + (short) 0, + KMByteBlob.getBuffer(nonce), + KMByteBlob.getStartOff(nonce), + KMByteBlob.length(nonce), + KMByteBlob.getBuffer(authData), + KMByteBlob.getStartOff(authData), + KMByteBlob.length(authData), + KMByteBlob.getBuffer(authTag), + KMByteBlob.getStartOff(authTag), + KMByteBlob.length(authTag))) { + KMException.throwIt(KMError.VERIFICATION_FAILED); + } + return KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.length(input)); + } + + private short finishImportWrappedKeyCmd(APDU apdu) { + short cmd = KMArray.instance((short) 8); + short params = KMKeyParameters.expAny(); + KMArray.add(cmd, (short) 0, params); // Key Params of wrapped key + KMArray.add(cmd, (short) 1, KMEnum.instance(KMType.KEY_FORMAT)); // Key Format + KMArray.add(cmd, (short) 2, KMByteBlob.exp()); // Wrapped Import Key Blob + KMArray.add(cmd, (short) 3, KMByteBlob.exp()); // Auth Tag + KMArray.add(cmd, (short) 4, KMByteBlob.exp()); // IV - Nonce + KMArray.add(cmd, (short) 5, KMByteBlob.exp()); // Wrapped Key ASSOCIATED AUTH DATA + KMArray.add(cmd, (short) 6, KMInteger.exp()); // Password Sid + KMArray.add(cmd, (short) 7, KMInteger.exp()); // Biometric Sid + return receiveIncoming(apdu, cmd); + } + + //TODO remove cmd later on + private void processFinishImportWrappedKeyCmd(APDU apdu) { + short cmd = finishImportWrappedKeyCmd(apdu); + data[KEY_PARAMETERS] = KMArray.get(cmd, (short) 0); + short keyFmt = KMArray.get(cmd, (short) 1); + keyFmt = KMEnum.getVal(keyFmt); + validateImportKey(data[KEY_PARAMETERS], keyFmt); + byte[] scratchPad = apdu.getBuffer(); + // Step 4 - AES-GCM decrypt the wrapped key + data[INPUT_DATA] = KMArray.get(cmd, (short) 2); + data[AUTH_TAG] = KMArray.get(cmd, (short) 3); + data[NONCE] = KMArray.get(cmd, (short) 4); + data[AUTH_DATA] = KMArray.get(cmd, (short) 5); + + if (!isValidWrappingKey()) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + data[IMPORTED_KEY_BLOB] = aesGCMDecrypt(getWrappingKey(), data[INPUT_DATA], data[NONCE], + data[AUTH_DATA], data[AUTH_TAG], scratchPad); + resetWrappingKey(); + // Step 5 - Import decrypted key + data[ORIGIN] = KMType.SECURELY_IMPORTED; + // create key blob array + importKey(apdu, keyFmt, scratchPad); + } + + //TODO remove hwParameters when this is refactored. + private KMAttestationCert makeAttestationCert(short attKeyBlob, short attKeyParam, + short attChallenge, short issuer, short hwParameters, short swParameters, short keyParams, + byte[] scratchPad) { + KMAttestationCert cert = makeCommonCert(swParameters, hwParameters, + keyParams, scratchPad, seProvider); + + short subject = KMKeyParameters.findTag(keyParams, KMType.BYTES_TAG, + KMType.CERTIFICATE_SUBJECT_NAME); + + // If no subject name is specified then use the default subject name. + if (subject == KMType.INVALID_VALUE || KMByteTag.length(subject) == 0) { + subject = KMByteBlob.instance(defaultSubject, (short) 0, (short) defaultSubject.length); + } else { + subject = KMByteTag.getValue(subject); + } + cert.subjectName(subject); + + // App Id and App Data, + short appId = KMType.INVALID_VALUE; + short appData = KMType.INVALID_VALUE; + if (attKeyParam != KMType.INVALID_VALUE) { + appId = + KMKeyParameters.findTag(attKeyParam, KMType.BYTES_TAG, KMType.APPLICATION_ID); + if (appId != KMTag.INVALID_VALUE) { + appId = KMByteTag.getValue(appId); + } + appData = + KMKeyParameters.findTag(attKeyParam, KMType.BYTES_TAG, KMType.APPLICATION_DATA); + if (appData != KMTag.INVALID_VALUE) { + appData = KMByteTag.getValue(appData); + } + } + //TODO remove following line + short origBlob = data[KEY_BLOB]; + short pubKey = data[PUB_KEY]; + short keyBlob = parseEncryptedKeyBlob(attKeyBlob, appId, appData, scratchPad); + short attestationKeySecret = KMArray.get(keyBlob, KEY_BLOB_SECRET); + short attestParam = KMArray.get(keyBlob, KEY_BLOB_PARAMS); + attestParam = KMKeyCharacteristics.getStrongboxEnforced(attestParam); + short attKeyPurpose = + KMKeyParameters.findTag(attestParam, KMType.ENUM_ARRAY_TAG, KMType.PURPOSE); + // If the attest key's purpose is not "attest key" then error. + if (!KMEnumArrayTag.contains(attKeyPurpose, KMType.ATTEST_KEY)) { + KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); + } + // If issuer is not present then it is an error + if (KMByteBlob.length(issuer) <= 0) { + KMException.throwIt(KMError.MISSING_ISSUER_SUBJECT_NAME); + } + short alg = KMKeyParameters.findTag(attestParam, KMType.ENUM_TAG, KMType.ALGORITHM); + + if (KMEnumTag.getValue(alg) == KMType.RSA) { + short attestationKeyPublic = KMArray.get(keyBlob, KEY_BLOB_PUB_KEY); + cert.rsaAttestKey(attestationKeySecret, attestationKeyPublic, KMType.ATTESTATION_CERT); + } else { + cert.ecAttestKey(attestationKeySecret, KMType.ATTESTATION_CERT); + } + cert.attestationChallenge(attChallenge); + cert.issuer(issuer); + //TODO remove following line + data[PUB_KEY] = pubKey; + cert.publicKey(data[PUB_KEY]); + + // Save attestation application id - must be present. + short attAppId = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, + KMType.ATTESTATION_APPLICATION_ID); + if (attAppId == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.ATTESTATION_APPLICATION_ID_MISSING); + } + cert.extensionTag(attAppId, false); + // unique id byte blob - uses application id and temporal month count of creation time. + setUniqueId(cert, scratchPad); + // Add Attestation Ids if present + addAttestationIds(cert, scratchPad); + + // Add Tags + addTags(hwParameters, true, cert); + addTags(swParameters, false, cert); + // Add Device Boot locked status + cert.deviceLocked(bootParamsProv.isDeviceBootLocked()); + // VB data + cert.verifiedBootHash(getVerifiedBootHash(scratchPad)); + cert.verifiedBootKey(getBootKey(scratchPad)); + cert.verifiedBootState((byte) bootParamsProv.getBootState()); + + //TODO remove the following line + makeKeyCharacteristics(scratchPad); + data[KEY_BLOB] = origBlob; + return cert; + } + + private KMAttestationCert makeCertWithFactoryProvisionedKey(short attChallenge, + byte[] scratchPad) { + KMAttestationCert cert = makeCommonCert(data[SW_PARAMETERS], data[HW_PARAMETERS], + data[KEY_PARAMETERS], scratchPad, seProvider); + cert.attestationChallenge(attChallenge); + cert.publicKey(data[PUB_KEY]); + cert.factoryAttestKey(storeDataInst.getAttestationKey(), + KMType.FACTORY_PROVISIONED_ATTEST_CERT); + + // Save attestation application id - must be present. + short attAppId = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, + KMType.ATTESTATION_APPLICATION_ID); + if (attAppId == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.ATTESTATION_APPLICATION_ID_MISSING); + } + cert.extensionTag(attAppId, false); + // unique id byte blob - uses application id and temporal month count of creation time. + setUniqueId(cert, scratchPad); + // Add Attestation Ids if present + addAttestationIds(cert, scratchPad); + + // Add Tags + addTags(data[HW_PARAMETERS], true, cert); + addTags(data[SW_PARAMETERS], false, cert); + // Add Device Boot locked status + cert.deviceLocked(bootParamsProv.isDeviceBootLocked()); + // VB data + cert.verifiedBootHash(getVerifiedBootHash(scratchPad)); + cert.verifiedBootKey(getBootKey(scratchPad)); + cert.verifiedBootState((byte) bootParamsProv.getBootState()); + + //TODO remove the following line + //makeKeyCharacteristics(scratchPad); + //data[KEY_BLOB] = origBlob; + return cert; + } + + private KMAttestationCert makeSelfSignedCert(short attPrivKey, short attPubKey, + byte[] scratchPad) { + //KMAttestationCert cert = makeCommonCert(scratchPad); + KMAttestationCert cert = + makeCommonCert(data[SW_PARAMETERS], data[HW_PARAMETERS], + data[KEY_PARAMETERS], scratchPad, seProvider); + short alg = KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.ENUM_TAG, KMType.ALGORITHM); + byte mode = KMType.FAKE_CERT; + if (attPrivKey != KMType.INVALID_VALUE) { + mode = KMType.SELF_SIGNED_CERT; + } + short subject = KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, + KMType.CERTIFICATE_SUBJECT_NAME); + // If no subject name is specified then use the default subject name. + if (subject == KMType.INVALID_VALUE || KMByteTag.length(subject) == 0) { + subject = KMByteBlob.instance(defaultSubject, (short) 0, (short) defaultSubject.length); + } else { + subject = KMByteTag.getValue(subject); + } + + if (KMEnumTag.getValue(alg) == KMType.RSA) { + cert.rsaAttestKey(attPrivKey, attPubKey, mode); + } else { + cert.ecAttestKey(attPrivKey, mode); + } + cert.issuer(subject); + cert.subjectName(subject); + cert.publicKey(attPubKey); + return cert; + } + + protected short getBootKey(byte[] scratchPad) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, VERIFIED_BOOT_KEY_SIZE, (byte) 0); + short len = bootParamsProv.getBootKey(scratchPad, (short) 0); + if (len != VERIFIED_BOOT_KEY_SIZE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + return KMByteBlob.instance(scratchPad, (short) 0, VERIFIED_BOOT_KEY_SIZE); + } + + protected short getVerifiedBootHash(byte[] scratchPad) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, VERIFIED_BOOT_HASH_SIZE, (byte) 0); + short len = bootParamsProv.getVerifiedBootHash(scratchPad, (short) 0); + if (len != VERIFIED_BOOT_HASH_SIZE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + return KMByteBlob.instance(scratchPad, (short) 0, VERIFIED_BOOT_HASH_SIZE); + } + + public short mapAttestIdToStoreId(short tag) { + switch (tag) { + // Attestation Id Brand + case KMType.ATTESTATION_ID_BRAND: + return KMDataStoreConstants.ATT_ID_BRAND; + // Attestation Id Device + case KMType.ATTESTATION_ID_DEVICE: + return KMDataStoreConstants.ATT_ID_DEVICE; + // Attestation Id Product + case KMType.ATTESTATION_ID_PRODUCT: + return KMDataStoreConstants.ATT_ID_PRODUCT; + // Attestation Id Serial + case KMType.ATTESTATION_ID_SERIAL: + return KMDataStoreConstants.ATT_ID_SERIAL; + // Attestation Id IMEI + case KMType.ATTESTATION_ID_IMEI: + return KMDataStoreConstants.ATT_ID_IMEI; + // Attestation Id MEID + case KMType.ATTESTATION_ID_MEID: + return KMDataStoreConstants.ATT_ID_MEID; + // Attestation Id Manufacturer + case KMType.ATTESTATION_ID_MANUFACTURER: + return KMDataStoreConstants.ATT_ID_MANUFACTURER; + // Attestation Id Model + case KMType.ATTESTATION_ID_MODEL: + return KMDataStoreConstants.ATT_ID_MODEL; + default: + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + return KMType.INVALID_VALUE; + } + + // -------------------------------- + // Only add the Attestation ids which are requested in the attestation parameters. + // If the requested attestation ids are not provisioned or deleted then + // throw CANNOT_ATTEST_IDS error. If there is mismatch in the attestation + // id values of both the requested parameters and the provisioned parameters + // then throw INVALID_TAG error. + private void addAttestationIds(KMAttestationCert cert, byte[] scratchPad) { + byte index = 0; + short attIdTag; + short attIdTagValue; + short storedAttIdLen; + while (index < (short) ATTEST_ID_TAGS.length) { + attIdTag = KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, + ATTEST_ID_TAGS[index]); + if (attIdTag != KMType.INVALID_VALUE) { + attIdTagValue = KMByteTag.getValue(attIdTag); + storedAttIdLen = storeDataInst.getData((byte) mapAttestIdToStoreId(ATTEST_ID_TAGS[index]), + scratchPad, (short) 0); + // Return CANNOT_ATTEST_IDS if Attestation IDs are not provisioned or + // Attestation IDs are deleted. + if (storedAttIdLen == 0) { + KMException.throwIt(KMError.CANNOT_ATTEST_IDS); + } + // Return INVALID_TAG if Attestation IDs does not match. + if ((storedAttIdLen != KMByteBlob.length(attIdTagValue)) || + (0 != Util.arrayCompare(scratchPad, (short) 0, + KMByteBlob.getBuffer(attIdTagValue), + KMByteBlob.getStartOff(attIdTagValue), + storedAttIdLen))) { + KMException.throwIt(KMError.INVALID_TAG); + } + short blob = KMByteBlob.instance(scratchPad, (short) 0, storedAttIdLen); + cert.extensionTag(KMByteTag.instance(ATTEST_ID_TAGS[index], blob), true); + } + index++; + } + } + + private void addTags(short params, boolean hwEnforced, KMAttestationCert cert) { + short index = 0; + short arr = KMKeyParameters.getVals(params); + short len = KMArray.length(arr); + short tag; + while (index < len) { + tag = KMArray.get(arr, index); + cert.extensionTag(tag, hwEnforced); + index++; + } + } + + private void setUniqueId(KMAttestationCert cert, byte[] scratchPad) { + if (!KMTag.isPresent(data[HW_PARAMETERS], KMType.BOOL_TAG, KMType.INCLUDE_UNIQUE_ID)) { + return; + } + // temporal count T + short time = KMKeyParameters.findTag(data[SW_PARAMETERS], KMType.DATE_TAG, + KMType.CREATION_DATETIME); + if (time == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_TAG); + } + time = KMIntegerTag.getValue(time); + + // Application Id C + short appId = KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, + KMType.ATTESTATION_APPLICATION_ID); + if (appId == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.ATTESTATION_APPLICATION_ID_MISSING); + } + appId = KMByteTag.getValue(appId); + + // Reset After Rotation R - it will be part of HW Enforced key + // characteristics + byte resetAfterRotation = 0; + if (KMTag.isPresent(data[HW_PARAMETERS], KMType.BOOL_TAG, KMType.RESET_SINCE_ID_ROTATION)) { + resetAfterRotation = 0x01; + } + + cert.makeUniqueId(scratchPad, (short) 0, KMInteger.getBuffer(time), + KMInteger.getStartOff(time), KMInteger.length(time), + KMByteBlob.getBuffer(appId), KMByteBlob.getStartOff(appId), KMByteBlob.length(appId), + resetAfterRotation, + storeDataInst.getMasterKey()); + } + + private void deleteAttestationIds() { + storeDataInst.clearData(KMDataStoreConstants.ATT_ID_BRAND); + storeDataInst.clearData(KMDataStoreConstants.ATT_ID_DEVICE); + storeDataInst.clearData(KMDataStoreConstants.ATT_ID_IMEI); + storeDataInst.clearData(KMDataStoreConstants.ATT_ID_MEID); + storeDataInst.clearData(KMDataStoreConstants.ATT_ID_MANUFACTURER); + storeDataInst.clearData(KMDataStoreConstants.ATT_ID_PRODUCT); + storeDataInst.clearData(KMDataStoreConstants.ATT_ID_MODEL); + storeDataInst.clearData(KMDataStoreConstants.ATT_ID_SERIAL); + } + + private void processDestroyAttIdsCmd(APDU apdu) { + deleteAttestationIds(); + sendError(apdu, KMError.OK); + } + + private void processVerifyAuthorizationCmd(APDU apdu) { + sendError(apdu, KMError.UNIMPLEMENTED); + } + + private short abortOperationCmd(APDU apdu) { + short cmd = KMArray.instance((short) 1); + KMArray.add(cmd, (short) 0, KMInteger.exp()); + return receiveIncoming(apdu, cmd); + } + + private void processAbortOperationCmd(APDU apdu) { + short cmd = abortOperationCmd(apdu); + data[OP_HANDLE] = KMArray.get(cmd, (short) 0); + KMOperationState op = findOperation(data[OP_HANDLE]); + if (op == null) { + sendError(apdu, KMError.INVALID_OPERATION_HANDLE); + } else { + releaseOperation(op); + sendError(apdu, KMError.OK); + } + } + + private short finishOperationCmd(APDU apdu) { + return receiveIncoming(apdu, prepareFinishExp()); + } + + private void processFinishOperationCmd(APDU apdu) { + short cmd = finishOperationCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + getFinishInputParameters(cmd, data, OP_HANDLE, KEY_PARAMETERS, INPUT_DATA, + SIGNATURE, HW_TOKEN, VERIFICATION_TOKEN, CONFIRMATION_TOKEN); + + // Check Operation Handle + KMOperationState op = findOperation(data[OP_HANDLE]); + if (op == null) { + KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); + } + // Authorize the finish operation + authorizeUpdateFinishOperation(op, scratchPad); + switch (op.getPurpose()) { + case KMType.SIGN: + finishTrustedConfirmationOperation(op); + case KMType.VERIFY: + finishSigningVerifyingOperation(op, scratchPad); + break; + case KMType.ENCRYPT: + finishEncryptOperation(op, scratchPad); + break; + case KMType.DECRYPT: + finishDecryptOperation(op, scratchPad); + break; + case KMType.AGREE_KEY: + finishKeyAgreementOperation(op, scratchPad); + break; + } + if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) { + data[OUTPUT_DATA] = KMByteBlob.instance((short) 0); + } + // Remove the operation handle + releaseOperation(op); + + // make response + sendOutgoing(apdu, prepareFinishResp(data[OUTPUT_DATA])); + } + + private void finishEncryptOperation(KMOperationState op, byte[] scratchPad) { + if (op.getAlgorithm() != KMType.AES && op.getAlgorithm() != KMType.DES) { + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } + finishAesDesOperation(op); + } + + private void finishDecryptOperation(KMOperationState op, byte[] scratchPad) { + short len = KMByteBlob.length(data[INPUT_DATA]); + switch (op.getAlgorithm()) { + case KMType.RSA: + // Fill the scratch pad with zero + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); + if (op.getPadding() == KMType.PADDING_NONE && len != 256) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + len = + op.getOperation().finish( + KMByteBlob.getBuffer(data[INPUT_DATA]), KMByteBlob.getStartOff(data[INPUT_DATA]), + len, scratchPad, (short) 0); + + data[OUTPUT_DATA] = KMByteBlob.instance(scratchPad, (short) 0, len); + break; + case KMType.AES: + case KMType.DES: + finishAesDesOperation(op); + break; + } + } + + private void finishAesDesOperation(KMOperationState op) { + short len = KMByteBlob.length(data[INPUT_DATA]); + short blockSize = AES_BLOCK_SIZE; + if (op.getAlgorithm() == KMType.DES) { + blockSize = DES_BLOCK_SIZE; + } + + if (op.getPurpose() == KMType.DECRYPT && len > 0 + && (op.getBlockMode() == KMType.ECB || op.getBlockMode() == KMType.CBC) + && ((short) (len % blockSize) != 0)) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + + if (op.getBlockMode() == KMType.GCM) { + if (op.getPurpose() == KMType.DECRYPT && (len < (short) (op.getMacLength() / 8))) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + // update aad if there is any + updateAAD(op, (byte) 0x01); + if (op.isAesGcmUpdateAllowed()) { + op.setAesGcmUpdateComplete(); + } + // Get the output size + len = op.getOperation().getAESGCMOutputSize(len, (short) (op.getMacLength() / 8)); + } + // If padding i.e. pkcs7 then add padding to right + // Output data can at most one block size more the input data in case of pkcs7 encryption + // In case of gcm we will allocate extra memory of the size equal to blocksize. + data[OUTPUT_DATA] = KMByteBlob.instance((short) (len + 2 * blockSize)); + try { + len = op.getOperation().finish( + KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), + KMByteBlob.length(data[INPUT_DATA]), + KMByteBlob.getBuffer(data[OUTPUT_DATA]), + KMByteBlob.getStartOff(data[OUTPUT_DATA])); + } catch (CryptoException e) { + if (e.getReason() == CryptoException.ILLEGAL_USE) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + } + KMByteBlob.setLength(data[OUTPUT_DATA], len); + } + + public void finishKeyAgreementOperation(KMOperationState op, byte[] scratchPad) { + KMException.throwIt(KMError.UNIMPLEMENTED); + } + + private void finishSigningVerifyingOperation(KMOperationState op, byte[] scratchPad) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); + switch (op.getAlgorithm()) { + case KMType.RSA: + // If there is no padding we can treat signing as a RSA decryption operation. + try { + if (op.getPurpose() == KMType.SIGN) { + // len of signature will be 256 bytes - but it can be less then 256 bytes + short len = op.getOperation().sign( + KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), + KMByteBlob.length(data[INPUT_DATA]), scratchPad, + (short) 0); + // Maximum output size of signature is 256 bytes. - the signature will always be positive + data[OUTPUT_DATA] = KMByteBlob.instance((short) 256); + Util.arrayCopyNonAtomic( + scratchPad, + (short) 0, + KMByteBlob.getBuffer(data[OUTPUT_DATA]), + (short) (KMByteBlob.getStartOff(data[OUTPUT_DATA]) + 256 - len), + len); + } else { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + } catch (CryptoException e) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + break; + case KMType.EC: + short len = KMByteBlob.length(data[INPUT_DATA]); + // If DIGEST NONE then truncate the input data to 32 bytes. + if (op.getDigest() == KMType.DIGEST_NONE && len > 32) { + len = 32; + } + if (op.getPurpose() == KMType.SIGN) { + // len of signature will be 512 bits i.e. 64 bytes + len = + op.getOperation() + .sign( + KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), + len, + scratchPad, + (short) 0); + data[OUTPUT_DATA] = KMByteBlob.instance(scratchPad, (short) 0, len); + } else { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + break; + case KMType.HMAC: + // As per Keymaster HAL documentation, the length of the Hmac output can + // be decided by using TAG_MAC_LENGTH in Keyparameters. But there is no + // such provision to control the length of the Hmac output using JavaCard + // crypto APIs and the current implementation always returns 32 bytes + // length of Hmac output. So to provide support to TAG_MAC_LENGTH + // feature, we truncate the output signature to TAG_MAC_LENGTH and return + // the truncated signature back to the caller. At the time of verfication + // we again compute the signature of the plain text input, truncate it to + // TAG_MAC_LENGTH and compare it with the input signature for + // verification. So this is the reason we are using KMType.SIGN directly + // instead of using op.getPurpose(). + op.getOperation() + .sign( + KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), + KMByteBlob.length(data[INPUT_DATA]), + scratchPad, + (short) 0); + if (op.getPurpose() == KMType.SIGN) { + // Copy only signature of mac length size. + data[OUTPUT_DATA] = + KMByteBlob.instance(scratchPad, (short) 0, (short) (op.getMacLength() / 8)); + } else if (op.getPurpose() == KMType.VERIFY) { + if (0 + != Util.arrayCompare( + scratchPad, (short) 0, + KMByteBlob.getBuffer(data[SIGNATURE]), + KMByteBlob.getStartOff(data[SIGNATURE]), + KMByteBlob.length(data[SIGNATURE]))) { + KMException.throwIt(KMError.VERIFICATION_FAILED); + } + data[OUTPUT_DATA] = KMByteBlob.instance((short) 0); + } + break; + default: // This is should never happen + KMException.throwIt(KMError.OPERATION_CANCELLED); + break; + } + } + + private void authorizeUpdateFinishOperation(KMOperationState op, byte[] scratchPad) { + // If one time user Authentication is required + if (op.isSecureUserIdReqd() && !op.isAuthTimeoutValidated()) { + // Validate Verification Token. + validateVerificationToken(data[VERIFICATION_TOKEN], scratchPad); + // validate operation handle. + short ptr = KMVerificationToken.getChallenge(data[VERIFICATION_TOKEN]); + if (KMInteger.compare(ptr, op.getHandle()) != 0) { + KMException.throwIt(KMError.VERIFICATION_FAILED); + } + tmpVariables[0] = op.getAuthTime(); + tmpVariables[2] = KMVerificationToken.getTimestamp(data[VERIFICATION_TOKEN]); + if (tmpVariables[2] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.VERIFICATION_FAILED); + } + if (KMInteger.compare(tmpVariables[0], tmpVariables[2]) < 0) { + KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); + } + op.setAuthTimeoutValidated(true); + } else if (op.isAuthPerOperationReqd()) { // If Auth per operation is required + tmpVariables[0] = KMHardwareAuthToken.getChallenge(data[HW_TOKEN]); + if (KMInteger.compare(data[OP_HANDLE], tmpVariables[0]) != 0) { + KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); + } + if (!authTokenMatches(op.getUserSecureId(), op.getAuthType(), scratchPad)) { + KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); + } + } + } + + private void authorizeKeyUsageForCount(byte[] scratchPad) { + // Allocate first 12 bytes in scratchpad required for integer + // operations. + short scratchPadOff = 0; + short requiredScratchBufLen = 12; + Util.arrayFillNonAtomic(scratchPad, scratchPadOff, requiredScratchBufLen, (byte) 0); + + short usageLimitBufLen = KMIntegerTag.getValue(scratchPad, scratchPadOff, + KMType.UINT_TAG, KMType.MAX_USES_PER_BOOT, data[HW_PARAMETERS]); + + if (usageLimitBufLen == KMType.INVALID_VALUE) { + return; + } + + if (usageLimitBufLen > 4) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + + if (storeDataInst.isAuthTagPersisted(KMByteBlob.getBuffer(data[AUTH_TAG]), + KMByteBlob.getStartOff(data[AUTH_TAG]), + KMByteBlob.length(data[AUTH_TAG]), scratchPad, requiredScratchBufLen)) { + // Get current counter, update and increment it. + short len = storeDataInst + .getRateLimitedKeyCount(KMByteBlob.getBuffer(data[AUTH_TAG]), + KMByteBlob.getStartOff(data[AUTH_TAG]), + KMByteBlob.length(data[AUTH_TAG]), scratchPad, (short) (scratchPadOff + 4)); + if (len != 4) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + if (0 >= KMInteger.unsignedByteArrayCompare(scratchPad, scratchPadOff, scratchPad, + (short) (scratchPadOff + 4), (short) 4)) { + KMException.throwIt(KMError.KEY_MAX_OPS_EXCEEDED); + } + // Increment the counter. + Util.arrayFillNonAtomic(scratchPad, scratchPadOff, len, (byte) 0); + Util.setShort(scratchPad, (short) (scratchPadOff + 2), (short) 1); + KMUtils.add(scratchPad, scratchPadOff, (short) (scratchPadOff + len), + (short) (scratchPadOff + len * 2)); + + storeDataInst.setRateLimitedKeyCount(KMByteBlob.getBuffer(data[AUTH_TAG]), + KMByteBlob.getStartOff(data[AUTH_TAG]), + KMByteBlob.length(data[AUTH_TAG]), + scratchPad, (short) (scratchPadOff + len * 2), len, scratchPad, + requiredScratchBufLen); + } else { + // Persist auth tag. + if (!storeDataInst.storeAuthTag(KMByteBlob.getBuffer(data[AUTH_TAG]), + KMByteBlob.getStartOff(data[AUTH_TAG]), + KMByteBlob.length(data[AUTH_TAG]), scratchPad, scratchPadOff)) { + KMException.throwIt(KMError.TOO_MANY_OPERATIONS); + } + } + } + + private void authorizeDeviceUnlock(byte[] scratchPad) { + // If device is locked and key characteristics requires unlocked device then check whether + // HW auth token has correct timestamp. + short ptr = + KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.BOOL_TAG, + KMType.UNLOCKED_DEVICE_REQUIRED); + + if (ptr != KMType.INVALID_VALUE && readBoolean(KMDataStoreConstants.DEVICE_LOCKED, scratchPad, + (short) 0)) { + if (!validateHwToken(data[HW_TOKEN], scratchPad)) { + KMException.throwIt(KMError.DEVICE_LOCKED); + } + ptr = KMHardwareAuthToken.getTimestamp(data[HW_TOKEN]); + // Check if the current auth time stamp is greater than device locked time stamp + short ts = readInteger64(KMDataStoreConstants.DEVICE_LOCKED_TIME, scratchPad, (short) 0); + if (KMInteger.compare(ptr, ts) <= 0) { + KMException.throwIt(KMError.DEVICE_LOCKED); + } + // Now check if the device unlock requires password only authentication and whether + // auth token is generated through password authentication or not. + if (readBoolean(KMDataStoreConstants.DEVICE_LOCKED_PASSWORD_ONLY, scratchPad, (short) 0)) { + ptr = KMHardwareAuthToken.getHwAuthenticatorType(data[HW_TOKEN]); + ptr = KMEnum.getVal(ptr); + if (((byte) ptr & KMType.PASSWORD) == 0) { + KMException.throwIt(KMError.DEVICE_LOCKED); + } + } + // Unlock the device + // repository.deviceLockedFlag = false; + writeBoolean(KMDataStoreConstants.DEVICE_LOCKED, false); + storeDataInst.clearData(KMDataStoreConstants.DEVICE_LOCKED_TIME); + } + } + + private boolean verifyVerificationTokenMacInBigEndian(short verToken, byte[] scratchPad) { + // concatenation length will be 37 + length of verified parameters list - which + // is typically empty + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); + // Add "Auth Verification" - 17 bytes. + Util.arrayCopyNonAtomic(authVerification, (short) 0, scratchPad, (short) 0, + (short) authVerification.length); + short len = (short) authVerification.length; + // concatenate challenge - 8 bytes + short ptr = KMVerificationToken.getChallenge(verToken); + KMInteger.value(ptr, scratchPad, (short) (len + (short) (8 - KMInteger.length(ptr)))); + len += 8; + // concatenate timestamp -8 bytes + ptr = KMVerificationToken.getTimestamp(verToken); + KMInteger.value(ptr, scratchPad, (short) (len + (short) (8 - KMInteger.length(ptr)))); + len += 8; + // concatenate security level - 4 bytes + scratchPad[(short) (len + 3)] = TRUSTED_ENVIRONMENT; + len += 4; + // hmac the data + ptr = getMacFromVerificationToken(verToken); + + return seProvider.hmacVerify( + storeDataInst.getComputedHmacKey(), + scratchPad, + (short) 0, + len, + KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr), + KMByteBlob.length(ptr)); + } + + private void validateVerificationToken(short verToken, byte[] scratchPad) { + short ptr = getMacFromVerificationToken(verToken); + // If mac length is zero then token is empty. + if (KMByteBlob.length(ptr) == 0) { + KMException.throwIt(KMError.INVALID_MAC_LENGTH); + } + if (!verifyVerificationTokenMacInBigEndian(verToken, scratchPad)) { + // Throw Exception if none of the combination works. + KMException.throwIt(KMError.VERIFICATION_FAILED); + } + } + + private short updateOperationCmd(APDU apdu) { + return receiveIncoming(apdu, prepareUpdateExp()); + } + + private void processUpdateOperationCmd(APDU apdu) { + short cmd = updateOperationCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + getUpdateInputParameters(cmd, data, OP_HANDLE, KEY_PARAMETERS, + INPUT_DATA, HW_TOKEN, VERIFICATION_TOKEN); + + // Input data must be present even if it is zero length. + if (data[INPUT_DATA] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + + // Check Operation Handle and get op state + // Check Operation Handle + KMOperationState op = findOperation(data[OP_HANDLE]); + if (op == null) { + KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); + } + // authorize the update operation + authorizeUpdateFinishOperation(op, scratchPad); + short inputConsumed = 0; + if (op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) { + // update the data. + op.getOperation() + .update( + KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), + KMByteBlob.length(data[INPUT_DATA])); + // update trusted confirmation operation + updateTrustedConfirmationOperation(op); + + data[OUTPUT_DATA] = KMType.INVALID_VALUE; + } else if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) { + // Update for encrypt/decrypt using RSA will not be supported because to do this op state + // will have to buffer the data - so reject the update if it is rsa algorithm. + if (op.getAlgorithm() == KMType.RSA) { + KMException.throwIt(KMError.OPERATION_CANCELLED); + } + short len = KMByteBlob.length(data[INPUT_DATA]); + short blockSize = DES_BLOCK_SIZE; + if (op.getAlgorithm() == KMType.AES) { + blockSize = AES_BLOCK_SIZE; + if (op.getBlockMode() == KMType.GCM) { + // data[KEY_PARAMETERS] will be invalid for keymint + if (data[KEY_PARAMETERS] != KMType.INVALID_VALUE) { + updateAAD(op, (byte) 0x00); + } + // if input data present + if (len > 0) { + // no more future updateAAD allowed if input data present. + if (op.isAesGcmUpdateAllowed()) { + op.setAesGcmUpdateComplete(); + } + } + } + } + // Allocate output buffer as input data is already block aligned + data[OUTPUT_DATA] = KMByteBlob.instance((short) (len + 2 * blockSize)); + // Otherwise just update the data. + // HAL consumes all the input and maintains a buffered data inside it. So the + // applet sends the inputConsumed length as same as the input length. + inputConsumed = len; + try { + len = + op.getOperation() + .update( + KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), + KMByteBlob.length(data[INPUT_DATA]), + KMByteBlob.getBuffer(data[OUTPUT_DATA]), + KMByteBlob.getStartOff(data[OUTPUT_DATA])); + } catch (CryptoException e) { + KMException.throwIt(KMError.INVALID_TAG); + } + + // Adjust the Output data if it is not equal to input data. + // This happens in case of JCardSim provider. + KMByteBlob.setLength(data[OUTPUT_DATA], len); + } + + if (data[OUTPUT_DATA] == KMType.INVALID_VALUE) { + data[OUTPUT_DATA] = KMByteBlob.instance((short) 0); + } + // Persist if there are any updates. + // make response + sendOutgoing(apdu, prepareUpdateResp(data[OUTPUT_DATA], KMInteger.uint_16(inputConsumed))); + } + + private short updateAadOperationCmd(APDU apdu) { + short cmd = KMArray.instance((short) 4); + KMArray.add(cmd, (short) 0, KMInteger.exp()); + KMArray.add(cmd, (short) 1, KMByteBlob.exp()); + short authToken = KMHardwareAuthToken.exp(); + KMArray.add(cmd, (short) 2, authToken); + short verToken = getKMVerificationTokenExp(); + KMArray.add(cmd, (short) 3, verToken); + return receiveIncoming(apdu, cmd); + } + + //update operation should send 0x00 for finish variable, where as finish operation + // should send 0x01 for finish variable. + public void updateAAD(KMOperationState op, byte finish) { + // Is input data absent + if (data[INPUT_DATA] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + // Update can be called either to update auth data, update input data or both. + // But if it is called for neither then return error. + short len = KMByteBlob.length(data[INPUT_DATA]); + short tag = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.ASSOCIATED_DATA); + // For Finish operation the input data can be zero length and associated data can be + // INVALID_VALUE + // For update operation either input data or associated data should be present. + if (tag == KMType.INVALID_VALUE && len <= 0 && finish == 0x00) { + KMException.throwIt(KMError.INVALID_INPUT_LENGTH); + } + // Check if associated data is present and update aad still allowed by the operation. + if (tag != KMType.INVALID_VALUE) { + // If allowed the update the aad + if (!op.isAesGcmUpdateAllowed()) { + KMException.throwIt(KMError.INVALID_TAG); + } + // If allowed the update the aad + short aData = KMByteTag.getValue(tag); + + op.getOperation() + .updateAAD( + KMByteBlob.getBuffer(aData), + KMByteBlob.getStartOff(aData), + KMByteBlob.length(aData)); + } + } + + private void processUpdateAadOperationCmd(APDU apdu) { + short cmd = updateAadOperationCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + data[OP_HANDLE] = KMArray.get(cmd, (short) 0); + data[INPUT_DATA] = KMArray.get(cmd, (short) 1); + data[HW_TOKEN] = KMArray.get(cmd, (short) 2); + data[VERIFICATION_TOKEN] = KMArray.get(cmd, (short) 3); + + // Input data must be present even if it is zero length. + if (data[INPUT_DATA] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + // Check Operation Handle and get op state + // Check Operation Handle + KMOperationState op = findOperation(data[OP_HANDLE]); + if (op == null) { + KMException.throwIt(KMError.INVALID_OPERATION_HANDLE); + } + if (op.getAlgorithm() != KMType.AES) { + KMException.throwIt(KMError.INCOMPATIBLE_ALGORITHM); + } + if (op.getBlockMode() != KMType.GCM) { + KMException.throwIt(KMError.INCOMPATIBLE_BLOCK_MODE); + } + if (!op.isAesGcmUpdateAllowed()) { + KMException.throwIt(KMError.INVALID_TAG); + } + if (op.getPurpose() != KMType.ENCRYPT && op.getPurpose() != KMType.DECRYPT) { + KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); + } + // authorize the update operation + authorizeUpdateFinishOperation(op, scratchPad); + try { + op.getOperation() + .updateAAD( + KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), + KMByteBlob.length(data[INPUT_DATA])); + } catch (CryptoException exp) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + + // make response + short resp = KMArray.instance((short) 1); + KMArray.add(resp, (short) 0, buildErrorStatus(KMError.OK)); + sendOutgoing(apdu, resp); + } + + private short beginOperationCmd(APDU apdu) { + short cmd = KMArray.instance((short) 4); + // Arguments + short params = KMKeyParameters.expAny(); + KMArray.add(cmd, (short) 0, KMEnum.instance(KMType.PURPOSE)); + KMArray.add(cmd, (short) 1, KMByteBlob.exp()); + KMArray.add(cmd, (short) 2, params); + short authToken = KMHardwareAuthToken.exp(); + KMArray.add(cmd, (short) 3, authToken); + return receiveIncoming(apdu, cmd); + } + + private void processBeginOperationCmd(APDU apdu) { + // Receive the incoming request fully from the master into buffer. + short cmd = beginOperationCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + short purpose = KMArray.get(cmd, (short) 0); + data[KEY_BLOB] = KMArray.get(cmd, (short) 1); + data[KEY_PARAMETERS] = KMArray.get(cmd, (short) 2); + data[HW_TOKEN] = KMArray.get(cmd, (short) 3); + purpose = KMEnum.getVal(purpose); + // Check for app id and app data. + data[APP_ID] = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.APPLICATION_ID); + data[APP_DATA] = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.APPLICATION_DATA); + if (data[APP_ID] != KMTag.INVALID_VALUE) { + data[APP_ID] = KMByteTag.getValue(data[APP_ID]); + } + if (data[APP_DATA] != KMTag.INVALID_VALUE) { + data[APP_DATA] = KMByteTag.getValue(data[APP_DATA]); + } + // Parse the encrypted blob and decrypt it. + parseEncryptedKeyBlob(data[KEY_BLOB], data[APP_ID], data[APP_DATA], scratchPad); + KMTag.assertPresence(data[SB_PARAMETERS], KMType.ENUM_TAG, KMType.ALGORITHM, + KMError.UNSUPPORTED_ALGORITHM); + short algorithm = KMEnumTag.getValue(KMType.ALGORITHM, data[SB_PARAMETERS]); + + //TODO should be removed for keymint + // If Blob usage tag is present in key characteristics then it should be standalone. + if (KMTag.isPresent(data[SB_PARAMETERS], KMType.ENUM_TAG, KMType.BLOB_USAGE_REQ)) { + if (KMEnumTag.getValue(KMType.BLOB_USAGE_REQ, data[SB_PARAMETERS]) != KMType.STANDALONE) { + KMException.throwIt(KMError.UNSUPPORTED_TAG); + } + } + + // Generate a random number for operation handle + short buf = KMByteBlob.instance(KMOperationState.OPERATION_HANDLE_SIZE); + generateUniqueOperationHandle( + KMByteBlob.getBuffer(buf), + KMByteBlob.getStartOff(buf), + KMByteBlob.length(buf)); + /* opHandle is a KMInteger and is encoded as KMInteger when it is returned back. */ + short opHandle = KMInteger.instance( + KMByteBlob.getBuffer(buf), + KMByteBlob.getStartOff(buf), + KMByteBlob.length(buf)); + KMOperationState op = reserveOperation(algorithm, opHandle); + if (op == null) { + KMException.throwIt(KMError.TOO_MANY_OPERATIONS); + } + data[OP_HANDLE] = op.getHandle(); + op.setPurpose((byte) purpose); + op.setKeySize(KMByteBlob.length(data[SECRET])); + authorizeAndBeginOperation(op, scratchPad); + switch (op.getPurpose()) { + case KMType.SIGN: + beginTrustedConfirmationOperation(op); + case KMType.VERIFY: + beginSignVerifyOperation(op); + break; + case KMType.ENCRYPT: + case KMType.DECRYPT: + beginCipherOperation(op); + break; + case KMType.AGREE_KEY: + beginKeyAgreementOperation(op); + break; + default: + KMException.throwIt(KMError.UNIMPLEMENTED); + break; + } + short iv = KMType.INVALID_VALUE; + // If the data[IV] is required to be returned. + // As per VTS, for the decryption operation don't send the iv back. + if (data[IV] != KMType.INVALID_VALUE + && op.getPurpose() != KMType.DECRYPT + && op.getBlockMode() != KMType.ECB) { + iv = KMArray.instance((short) 1); + if (op.getAlgorithm() == KMType.DES && op.getBlockMode() == KMType.CBC) { + // For AES/DES we are generate an random iv of length 16 bytes. + // While sending the iv back for DES/CBC mode of opeation only send + // 8 bytes back. + short ivBlob = KMByteBlob.instance((short) 8); + Util.arrayCopy( + KMByteBlob.getBuffer(data[IV]), + KMByteBlob.getStartOff(data[IV]), + KMByteBlob.getBuffer(ivBlob), + KMByteBlob.getStartOff(ivBlob), + (short) 8); + data[IV] = ivBlob; + } + KMArray.add(iv, (short) 0, KMByteTag.instance(KMType.NONCE, data[IV])); + } else { + iv = KMArray.instance((short) 0); + } + + short params = KMKeyParameters.instance(iv); + short resp = prepareBeginResp(params, data[OP_HANDLE], KMInteger.uint_8(op.getBufferingMode()), + KMInteger.uint_16((short) (op.getMacLength() / 8))); + sendOutgoing(apdu, resp); + } + + private void authorizePurpose(KMOperationState op) { + switch (op.getAlgorithm()) { + case KMType.AES: + case KMType.DES: + if (op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY || + op.getPurpose() == KMType.AGREE_KEY) { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + break; + case KMType.EC: + if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + break; + case KMType.HMAC: + if (op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT || + op.getPurpose() == KMType.AGREE_KEY) { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + break; + case KMType.RSA: + if (op.getPurpose() == KMType.AGREE_KEY) { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + break; + default: + break; + } + if (!KMEnumArrayTag.contains(KMType.PURPOSE, op.getPurpose(), data[HW_PARAMETERS])) { + KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); + } + } + + private void authorizeDigest(KMOperationState op) { + short digests = + KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.DIGEST); + op.setDigest(KMType.DIGEST_NONE); + short param = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.DIGEST); + if (param != KMType.INVALID_VALUE) { + if (KMEnumArrayTag.length(param) != 1) { + KMException.throwIt(KMError.UNSUPPORTED_DIGEST); + } + param = KMEnumArrayTag.get(param, (short) 0); + if (!KMEnumArrayTag.contains(digests, param)) { + KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + } + op.setDigest((byte) param); + } else if (KMEnumArrayTag.contains(KMType.PADDING, KMType.RSA_PKCS1_1_5_SIGN, + data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_DIGEST); + } + short paramPadding = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.PADDING); + if (paramPadding != KMType.INVALID_VALUE) { + if (KMEnumArrayTag.length(paramPadding) != 1) { + KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } + paramPadding = KMEnumArrayTag.get(paramPadding, (short) 0); + } + switch (op.getAlgorithm()) { + case KMType.RSA: + if ((paramPadding == KMType.RSA_OAEP || paramPadding == KMType.RSA_PSS) + && param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_DIGEST); + } + break; + case KMType.EC: + case KMType.HMAC: + if (op.getPurpose() != KMType.AGREE_KEY && param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_DIGEST); + } + break; + default: + break; + } + } + + private void authorizePadding(KMOperationState op) { + short paddings = + KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.PADDING); + op.setPadding(KMType.PADDING_NONE); + short param = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.PADDING); + if (param != KMType.INVALID_VALUE) { + if (KMEnumArrayTag.length(param) != 1) { + KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } + param = KMEnumArrayTag.get(param, (short) 0); + if (!KMEnumArrayTag.contains(paddings, param)) { + KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); + } + } + switch (op.getAlgorithm()) { + case KMType.RSA: + if (param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } + if ((op.getPurpose() == KMType.SIGN || op.getPurpose() == KMType.VERIFY) + && param != KMType.PADDING_NONE + && param != KMType.RSA_PSS + && param != KMType.RSA_PKCS1_1_5_SIGN) { + KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } + if ((op.getPurpose() == KMType.ENCRYPT || op.getPurpose() == KMType.DECRYPT) + && param != KMType.PADDING_NONE + && param != KMType.RSA_OAEP + && param != KMType.RSA_PKCS1_1_5_ENCRYPT) { + KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } + + if (param == KMType.PADDING_NONE && op.getDigest() != KMType.DIGEST_NONE) { + KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + } + if ((param == KMType.RSA_OAEP || param == KMType.RSA_PSS) + && op.getDigest() == KMType.DIGEST_NONE) { + KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + } + if (param == KMType.RSA_OAEP) { + op.setMgfDigest( + (byte) getMgf1Digest(data[KEY_PARAMETERS], data[HW_PARAMETERS])); + } + op.setPadding((byte) param); + break; + case KMType.DES: + case KMType.AES: + if (param == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_PADDING_MODE); + } + op.setPadding((byte) param); + break; + default: + break; + } + } + + private void authorizeBlockModeAndMacLength(KMOperationState op) { + short param = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE); + if (param != KMType.INVALID_VALUE) { + if (KMEnumArrayTag.length(param) != 1) { + KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); + } + param = KMEnumArrayTag.get(param, (short) 0); + } + if (KMType.AES == op.getAlgorithm() || KMType.DES == op.getAlgorithm()) { + if (!KMEnumArrayTag.contains(KMType.BLOCK_MODE, param, data[HW_PARAMETERS])) { + KMException.throwIt(KMError.INCOMPATIBLE_BLOCK_MODE); + } + } + short macLen = + KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MAC_LENGTH, data[KEY_PARAMETERS]); + switch (op.getAlgorithm()) { + case KMType.AES: + //Validate the block mode. + switch (param) { + case KMType.ECB: + case KMType.CBC: + case KMType.CTR: + case KMType.GCM: + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); + } + if (param == KMType.GCM) { + if (op.getPadding() != KMType.PADDING_NONE || op.getPadding() == KMType.PKCS7) { + KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); + } + if (macLen == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.MISSING_MAC_LENGTH); + } + if (macLen % 8 != 0 + || macLen > 128 + || macLen + < KMIntegerTag.getShortValue( + KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { + KMException.throwIt(KMError.INVALID_MAC_LENGTH); + } + op.setMacLength(macLen); + } + if (param == KMType.CTR) { + if (op.getPadding() != KMType.PADDING_NONE || op.getPadding() == KMType.PKCS7) { + KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); + } + } + break; + case KMType.DES: + //Validate the block mode. + switch (param) { + case KMType.ECB: + case KMType.CBC: + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_BLOCK_MODE); + } + break; + case KMType.HMAC: + if (macLen == KMType.INVALID_VALUE) { + if (op.getPurpose() == KMType.SIGN) { + KMException.throwIt(KMError.MISSING_MAC_LENGTH); + } + } else { + // MAC length may not be specified for verify. + if (op.getPurpose() == KMType.VERIFY) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + if (macLen + < KMIntegerTag.getShortValue( + KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[HW_PARAMETERS])) { + KMException.throwIt(KMError.INVALID_MAC_LENGTH); + } else if (macLen % 8 != 0 || macLen > 256) { + KMException.throwIt(KMError.UNSUPPORTED_MAC_LENGTH); + } + op.setMacLength(macLen); + } + break; + default: + break; + } + op.setBlockMode((byte) param); + } + + private void authorizeAndBeginOperation(KMOperationState op, byte[] scratchPad) { + authorizePurpose(op); + authorizeDigest(op); + authorizePadding(op); + authorizeBlockModeAndMacLength(op); + assertPrivateOperation(op.getPurpose(), op.getAlgorithm()); + authorizeUserSecureIdAuthTimeout(op, scratchPad); + authorizeDeviceUnlock(scratchPad); + authorizeKeyUsageForCount(scratchPad); + + //Validate early boot + validateEarlyBoot(data[HW_PARAMETERS], INS_BEGIN_OPERATION_CMD, scratchPad, (short) 0, + KMError.INVALID_KEY_BLOB); + + //Validate bootloader only + if (readBoolean(KMDataStoreConstants.BOOT_ENDED_STATUS, scratchPad, (short) 0)) { + KMTag.assertAbsence(data[HW_PARAMETERS], KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, + KMError.INVALID_KEY_BLOB); + } + + // Authorize Caller Nonce - if caller nonce absent in key char and nonce present in + // key params then fail if it is not a Decrypt operation + data[IV] = KMType.INVALID_VALUE; + + if (!KMTag.isPresent(data[HW_PARAMETERS], KMType.BOOL_TAG, KMType.CALLER_NONCE) + && KMTag.isPresent(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.NONCE) + && op.getPurpose() != KMType.DECRYPT) { + KMException.throwIt(KMError.CALLER_NONCE_PROHIBITED); + } + + short nonce = KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.NONCE); + // If Nonce is present then check whether the size of nonce is correct. + if (nonce != KMType.INVALID_VALUE) { + data[IV] = KMByteTag.getValue(nonce); + // For CBC mode - iv must be 8 bytes + if (op.getBlockMode() == KMType.CBC + && op.getAlgorithm() == KMType.DES + && KMByteBlob.length(data[IV]) != 8) { + KMException.throwIt(KMError.INVALID_NONCE); + } + + // For GCM mode - IV must be 12 bytes + if (KMByteBlob.length(data[IV]) != 12 && op.getBlockMode() == KMType.GCM) { + KMException.throwIt(KMError.INVALID_NONCE); + } + + // For AES CBC and CTR modes IV must be 16 bytes + if ((op.getBlockMode() == KMType.CBC || op.getBlockMode() == KMType.CTR) + && op.getAlgorithm() == KMType.AES + && KMByteBlob.length(data[IV]) != 16) { + KMException.throwIt(KMError.INVALID_NONCE); + } + } else if (op.getAlgorithm() == KMType.AES || op.getAlgorithm() == KMType.DES) { + + // For symmetric decryption iv is required + if (op.getPurpose() == KMType.DECRYPT + && (op.getBlockMode() == KMType.CBC + || op.getBlockMode() == KMType.GCM + || op.getBlockMode() == KMType.CTR)) { + KMException.throwIt(KMError.MISSING_NONCE); + } else if (op.getBlockMode() == KMType.ECB) { + // For ECB we create zero length nonce + data[IV] = KMByteBlob.instance((short) 0); + } else if (op.getPurpose() == KMType.ENCRYPT) { + + // For encrypt mode if nonce is absent then create random nonce of correct length + byte ivLen = 16; + if (op.getBlockMode() == KMType.GCM) { + ivLen = 12; + } else if (op.getAlgorithm() == KMType.DES) { + ivLen = 8; + } + data[IV] = KMByteBlob.instance(ivLen); + seProvider.newRandomNumber( + KMByteBlob.getBuffer(data[IV]), + KMByteBlob.getStartOff(data[IV]), + KMByteBlob.length(data[IV])); + } + } + } + + public void beginKeyAgreementOperation(KMOperationState op) { + KMException.throwIt(KMError.UNIMPLEMENTED); + } + + private void beginCipherOperation(KMOperationState op) { + switch (op.getAlgorithm()) { + case KMType.RSA: + try { + if (op.getPurpose() == KMType.DECRYPT) { + op.setOperation( + seProvider.initAsymmetricOperation( + (byte) op.getPurpose(), + (byte) op.getAlgorithm(), + (byte) op.getPadding(), + (byte) op.getDigest(), + (byte) op.getMgfDigest(), + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + KMByteBlob.getBuffer(data[PUB_KEY]), + KMByteBlob.getStartOff(data[PUB_KEY]), + KMByteBlob.length(data[PUB_KEY]))); + } else { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + } catch (CryptoException exp) { + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } + break; + case KMType.AES: + case KMType.DES: + if (op.getBlockMode() == KMType.GCM) { + op.setAesGcmUpdateStart(); + } + try { + op.setOperation( + seProvider.initSymmetricOperation( + (byte) op.getPurpose(), + (byte) op.getAlgorithm(), + (byte) op.getDigest(), + (byte) op.getPadding(), + (byte) op.getBlockMode(), + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + KMByteBlob.getBuffer(data[IV]), + KMByteBlob.getStartOff(data[IV]), + KMByteBlob.length(data[IV]), + op.getMacLength())); + } catch (CryptoException exception) { + if (exception.getReason() == CryptoException.ILLEGAL_VALUE) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } else if (exception.getReason() == CryptoException.NO_SUCH_ALGORITHM) { + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } + } + } + } + + private void beginTrustedConfirmationOperation(KMOperationState op) { + // Check for trusted confirmation - if required then set the signer in op state. + if (KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.BOOL_TAG, + KMType.TRUSTED_CONFIRMATION_REQUIRED) != KMType.INVALID_VALUE) { + + op.setTrustedConfirmationSigner( + seProvider.initTrustedConfirmationSymmetricOperation(storeDataInst.getComputedHmacKey())); + + op.getTrustedConfirmationSigner().update( + confirmationToken, + (short) 0, + (short) confirmationToken.length); + } + + } + + private void beginSignVerifyOperation(KMOperationState op) { + switch (op.getAlgorithm()) { + case KMType.RSA: + try { + if (op.getPurpose() == KMType.SIGN) { + op.setOperation( + seProvider.initAsymmetricOperation( + (byte) op.getPurpose(), + (byte) op.getAlgorithm(), + (byte) op.getPadding(), + (byte) op.getDigest(), + KMType.DIGEST_NONE, /* No MGF Digest */ + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + KMByteBlob.getBuffer(data[PUB_KEY]), + KMByteBlob.getStartOff(data[PUB_KEY]), + KMByteBlob.length(data[PUB_KEY]))); + } else { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + } catch (CryptoException exp) { + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } + break; + case KMType.EC: + try { + if (op.getPurpose() == KMType.SIGN) { + op.setOperation( + seProvider.initAsymmetricOperation( + (byte) op.getPurpose(), + (byte) op.getAlgorithm(), + (byte) op.getPadding(), + (byte) op.getDigest(), + KMType.DIGEST_NONE, /* No MGF Digest */ + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + null, + (short) 0, + (short) 0)); + } else { + KMException.throwIt(KMError.UNSUPPORTED_PURPOSE); + } + } catch (CryptoException exp) { + // Javacard does not support NO digest based signing. + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } + break; + case KMType.HMAC: + // As per Keymaster HAL documentation, the length of the Hmac output can + // be decided by using TAG_MAC_LENGTH in Keyparameters. But there is no + // such provision to control the length of the Hmac output using JavaCard + // crypto APIs and the current implementation always returns 32 bytes + // length of Hmac output. So to provide support to TAG_MAC_LENGTH + // feature, we truncate the output signature to TAG_MAC_LENGTH and return + // the truncated signature back to the caller. At the time of verfication + // we again compute the signature of the plain text input, truncate it to + // TAG_MAC_LENGTH and compare it with the input signature for + // verification. So this is the reason we are using KMType.SIGN directly + // instead of using op.getPurpose(). + try { + op.setOperation( + seProvider.initSymmetricOperation( + (byte) KMType.SIGN, + (byte) op.getAlgorithm(), + (byte) op.getDigest(), + (byte) op.getPadding(), + (byte) op.getBlockMode(), + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + null, + (short) 0, + (short) 0, + (short) 0)); + } catch (CryptoException exp) { + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + break; + } + } + + private boolean isHwAuthTokenContainsMatchingSecureId(short hwAuthToken, + short secureUserIdsObj) { + short secureUserId = KMHardwareAuthToken.getUserId(hwAuthToken); + if (!KMInteger.isZero(secureUserId)) { + if (KMIntegerArrayTag.contains(secureUserIdsObj, secureUserId)) { + return true; + } + } + + short authenticatorId = KMHardwareAuthToken.getAuthenticatorId(hwAuthToken); + if (!KMInteger.isZero(authenticatorId)) { + if (KMIntegerArrayTag.contains(secureUserIdsObj, authenticatorId)) { + return true; + } + } + return false; + } + + private boolean authTokenMatches(short userSecureIdsPtr, short authType, + byte[] scratchPad) { + if (!validateHwToken(data[HW_TOKEN], scratchPad)) { + return false; + } + if (!isHwAuthTokenContainsMatchingSecureId(data[HW_TOKEN], userSecureIdsPtr)) { + return false; + } + // check auth type + tmpVariables[2] = KMHardwareAuthToken.getHwAuthenticatorType(data[HW_TOKEN]); + tmpVariables[2] = KMEnum.getVal(tmpVariables[2]); + if (((byte) tmpVariables[2] & (byte) authType) == 0) { + return false; + } + return true; + } + + private void authorizeUserSecureIdAuthTimeout(KMOperationState op, byte[] scratchPad) { + short authTime; + short authType; + // Authorize User Secure Id and Auth timeout + short userSecureIdPtr = + KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID); + if (userSecureIdPtr != KMType.INVALID_VALUE) { + // Authentication required. + if (KMType.INVALID_VALUE != + KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.BOOL_TAG, KMType.NO_AUTH_REQUIRED)) { + // Key has both USER_SECURE_ID and NO_AUTH_REQUIRED + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + // authenticator type must be provided. + if (KMType.INVALID_VALUE == + (authType = KMEnumTag.getValue(KMType.USER_AUTH_TYPE, data[HW_PARAMETERS]))) { + // Authentication required, but no auth type found. + KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); + } + + short authTimeoutTagPtr = + KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.UINT_TAG, KMType.AUTH_TIMEOUT); + if (authTimeoutTagPtr != KMType.INVALID_VALUE) { + // authenticate user + if (!authTokenMatches(userSecureIdPtr, authType, scratchPad)) { + KMException.throwIt(KMError.KEY_USER_NOT_AUTHENTICATED); + } + + authTimeoutTagPtr = + KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.ULONG_TAG, + KMType.AUTH_TIMEOUT_MILLIS); + if (authTimeoutTagPtr == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + authTime = KMIntegerTag.getValue(authTimeoutTagPtr); + // set the one time auth + op.setOneTimeAuthReqd(true); + // set the authentication time stamp in operation state + authTime = + addIntegers(authTime, + KMHardwareAuthToken.getTimestamp(data[HW_TOKEN]), scratchPad); + op.setAuthTime( + KMInteger.getBuffer(authTime), KMInteger.getStartOff(authTime)); + // auth time validation will happen in update or finish + op.setAuthTimeoutValidated(false); + } else { + // auth per operation required + // store user secure id and authType in OperationState. + op.setUserSecureId(userSecureIdPtr); + op.setAuthType((byte) authType); + // set flags + op.setOneTimeAuthReqd(false); + op.setAuthPerOperationReqd(true); + } + } + } + + private boolean verifyHwTokenMacInBigEndian(short hwToken, byte[] scratchPad) { + // The challenge, userId and authenticatorId, authenticatorType and timestamp + // are in network order (big-endian). + short len = 0; + // add 0 + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); + len = 1; + // concatenate challenge - 8 bytes + short ptr = KMHardwareAuthToken.getChallenge(hwToken); + KMInteger.value(ptr, scratchPad, (short) (len + (short) (8 - KMInteger.length(ptr)))); + len += 8; + // concatenate user id - 8 bytes + ptr = KMHardwareAuthToken.getUserId(hwToken); + KMInteger.value(ptr, scratchPad, (short) (len + (short) (8 - KMInteger.length(ptr)))); + len += 8; + // concatenate authenticator id - 8 bytes + ptr = KMHardwareAuthToken.getAuthenticatorId(hwToken); + KMInteger.value(ptr, scratchPad, (short) (len + (short) (8 - KMInteger.length(ptr)))); + len += 8; + // concatenate authenticator type - 4 bytes + ptr = KMHardwareAuthToken.getHwAuthenticatorType(hwToken); + scratchPad[(short) (len + 3)] = KMEnum.getVal(ptr); + len += 4; + // concatenate timestamp -8 bytes + ptr = KMHardwareAuthToken.getTimestamp(hwToken); + KMInteger.value(ptr, scratchPad, (short) (len + (short) (8 - KMInteger.length(ptr)))); + len += 8; + + ptr = KMHardwareAuthToken.getMac(hwToken); + + return seProvider.hmacVerify( + storeDataInst.getComputedHmacKey(), + scratchPad, + (short) 0, + len, + KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr), + KMByteBlob.length(ptr)); + } + + private boolean verifyHwTokenMacInLittleEndian(short hwToken, byte[] scratchPad) { + // The challenge, userId and authenticatorId values are in little endian order, + // but authenticatorType and timestamp are in network order (big-endian). + short len = 0; + // add 0 + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); + len = 1; + // concatenate challenge - 8 bytes + short ptr = KMHardwareAuthToken.getChallenge(hwToken); + KMInteger.toLittleEndian(ptr, scratchPad, len); + len += 8; + // concatenate user id - 8 bytes + ptr = KMHardwareAuthToken.getUserId(hwToken); + KMInteger.toLittleEndian(ptr, scratchPad, len); + len += 8; + // concatenate authenticator id - 8 bytes + ptr = KMHardwareAuthToken.getAuthenticatorId(hwToken); + KMInteger.toLittleEndian(ptr, scratchPad, len); + len += 8; + // concatenate authenticator type - 4 bytes + ptr = KMHardwareAuthToken.getHwAuthenticatorType(hwToken); + scratchPad[(short) (len + 3)] = KMEnum.getVal(ptr); + len += 4; + // concatenate timestamp - 8 bytes + ptr = KMHardwareAuthToken.getTimestamp(hwToken); + KMInteger.value(ptr, scratchPad, (short) (len + (short) (8 - KMInteger.length(ptr)))); + len += 8; + + ptr = KMHardwareAuthToken.getMac(hwToken); + + return seProvider.hmacVerify( + storeDataInst.getComputedHmacKey(), + scratchPad, + (short) 0, + len, + KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr), + KMByteBlob.length(ptr)); + } + + private boolean validateHwToken(short hwToken, byte[] scratchPad) { + // CBOR Encoding is always big endian + short ptr = KMHardwareAuthToken.getMac(hwToken); + // If mac length is zero then token is empty. + if (KMByteBlob.length(ptr) == 0) { + return false; + } + if (KMConfigurations.TEE_MACHINE_TYPE == KMConfigurations.LITTLE_ENDIAN) { + return verifyHwTokenMacInLittleEndian(hwToken, scratchPad); + } else { + return verifyHwTokenMacInBigEndian(hwToken, scratchPad); + } + } + + private short importKeyCmd(APDU apdu) { + short cmd = KMArray.instance((short) 3); + // Arguments + short params = KMKeyParameters.expAny(); + KMArray.add(cmd, (short) 0, params); + KMArray.add(cmd, (short) 1, KMEnum.instance(KMType.KEY_FORMAT)); + KMArray.add(cmd, (short) 2, KMByteBlob.exp()); + return receiveIncoming(apdu, cmd); + } + + private void processImportKeyCmd(APDU apdu) { + // Receive the incoming request fully from the master into buffer. + short cmd = importKeyCmd(apdu); + byte[] scratchPad = apdu.getBuffer(); + data[KEY_PARAMETERS] = KMArray.get(cmd, (short) 0); + short keyFmt = KMArray.get(cmd, (short) 1); + data[IMPORTED_KEY_BLOB] = KMArray.get(cmd, (short) 2); + keyFmt = KMEnum.getVal(keyFmt); + + data[CERTIFICATE] = KMArray.instance((short) 0); //by default the cert is empty. + data[ORIGIN] = KMType.IMPORTED; + importKey(apdu, keyFmt, scratchPad); + } + + private short importWrappedKeyCmd(APDU apdu) { + short cmd = KMArray.instance((short) 12); + // Arguments + short params = KMKeyParameters.exp(); + short bBlob = KMByteBlob.exp(); + KMArray.add(cmd, (short) 0, params); // Key Params of wrapped key + KMArray.add(cmd, (short) 1, KMEnum.instance(KMType.KEY_FORMAT)); // Key Format + KMArray.add(cmd, (short) 2, bBlob); // Wrapped Import Key Blob + KMArray.add(cmd, (short) 3, bBlob); // Auth Tag + KMArray.add(cmd, (short) 4, bBlob); // IV - Nonce + KMArray.add(cmd, (short) 5, bBlob); // Encrypted Transport Key + KMArray.add(cmd, (short) 6, bBlob); // Wrapping Key KeyBlob + KMArray.add(cmd, (short) 7, bBlob); // Masking Key + KMArray.add(cmd, (short) 8, params); // Un-wrapping Params + KMArray.add(cmd, (short) 9, bBlob); // Wrapped Key ASSOCIATED AUTH DATA + KMArray.add(cmd, (short) 10, KMInteger.exp()); // Password Sid + KMArray.add(cmd, (short) 11, KMInteger.exp()); // Biometric Sid + return receiveIncoming(apdu, cmd); + } + + private void processImportWrappedKeyCmd(APDU apdu) { + + byte[] scratchPad = apdu.getBuffer(); + short cmd = importWrappedKeyCmd(apdu); + + // Step -0 - check whether the key format and algorithm supported + // read algorithm + tmpVariables[0] = KMArray.get(cmd, (short) 0); + tmpVariables[1] = KMEnumTag.getValue(KMType.ALGORITHM, tmpVariables[0]); + // read key format + tmpVariables[2] = KMArray.get(cmd, (short) 1); + byte keyFormat = KMEnum.getVal(tmpVariables[2]); + if ((tmpVariables[1] == KMType.RSA || tmpVariables[1] == KMType.EC) + && (keyFormat != KMType.PKCS8)) { + KMException.throwIt(KMError.UNIMPLEMENTED); + } + + // Step -1 parse the wrapping key blob + // read wrapping key blob + data[KEY_BLOB] = KMArray.get(cmd, (short) 6); + // read un wrapping key params + data[KEY_PARAMETERS] = KMArray.get(cmd, (short) 8); + // Read App Id and App Data if any from un wrapping key params + data[APP_ID] = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.APPLICATION_ID); + data[APP_DATA] = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.APPLICATION_DATA); + if (data[APP_ID] != KMTag.INVALID_VALUE) { + data[APP_ID] = KMByteTag.getValue(data[APP_ID]); + } + if (data[APP_DATA] != KMTag.INVALID_VALUE) { + data[APP_DATA] = KMByteTag.getValue(data[APP_DATA]); + } + // parse the wrapping key blob + parseEncryptedKeyBlob(data[KEY_BLOB], data[APP_ID], data[APP_DATA], scratchPad); + // check whether the wrapping key is RSA with purpose KEY_WRAP, padding RSA_OAEP and Digest + // SHA2_256. + if (KMEnumTag.getValue(KMType.ALGORITHM, data[HW_PARAMETERS]) != KMType.RSA) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_ENCRYPTION_ALGORITHM); + } + if (!KMEnumArrayTag.contains(KMType.DIGEST, KMType.SHA2_256, data[HW_PARAMETERS])) { + KMException.throwIt(KMError.INCOMPATIBLE_DIGEST); + } + if (!KMEnumArrayTag.contains(KMType.PADDING, KMType.RSA_OAEP, data[HW_PARAMETERS])) { + KMException.throwIt(KMError.INCOMPATIBLE_PADDING_MODE); + } + if (!KMEnumArrayTag.contains(KMType.PURPOSE, KMType.WRAP_KEY, data[HW_PARAMETERS])) { + KMException.throwIt((KMError.INCOMPATIBLE_PURPOSE)); + } + + // Step 2 - decrypt the encrypted transport key - 32 bytes AES-GCM key + // create rsa decipher + // read encrypted transport key from args + tmpVariables[0] = KMArray.get(cmd, (short) 5); + // Decrypt the transport key + tmpVariables[1] = + seProvider.rsaDecipherOAEP256( + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + KMByteBlob.getBuffer(data[PUB_KEY]), + KMByteBlob.getStartOff(data[PUB_KEY]), + KMByteBlob.length(data[PUB_KEY]), + KMByteBlob.getBuffer(tmpVariables[0]), + KMByteBlob.getStartOff(tmpVariables[0]), + KMByteBlob.length(tmpVariables[0]), + scratchPad, + (short) 0); + data[PUB_KEY] = KMType.INVALID_VALUE; + data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, tmpVariables[1]); + + // Step 3 - XOR the decrypted AES-GCM key with with masking key + // read masking key + tmpVariables[0] = KMArray.get(cmd, (short) 7); + tmpVariables[1] = KMByteBlob.length(tmpVariables[0]); + // Length of masking key and transport key must be same. + if (tmpVariables[1] != KMByteBlob.length(data[SECRET])) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + tmpVariables[2] = 0; // index + // Xor every byte of masking and key and store the result in data[SECRET] + while (tmpVariables[2] < tmpVariables[1]) { + tmpVariables[3] = + (short) (((short) KMByteBlob.get(tmpVariables[0], tmpVariables[2])) & 0x00FF); + tmpVariables[4] = + (short) (((short) KMByteBlob.get(data[SECRET], tmpVariables[2])) & 0x00FF); + KMByteBlob.add(data[SECRET], tmpVariables[2], (byte) (tmpVariables[3] ^ tmpVariables[4])); + tmpVariables[2]++; + } + + // Step 4 - AES-GCM decrypt the wrapped key + data[INPUT_DATA] = KMArray.get(cmd, (short) 2); + data[AUTH_DATA] = KMArray.get(cmd, (short) 9); + data[AUTH_TAG] = KMArray.get(cmd, (short) 3); + data[NONCE] = KMArray.get(cmd, (short) 4); + Util.arrayFillNonAtomic( + scratchPad, (short) 0, KMByteBlob.length(data[INPUT_DATA]), (byte) 0); + + if (!seProvider.aesGCMDecrypt( + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), + KMByteBlob.length(data[INPUT_DATA]), + scratchPad, + (short) 0, + KMByteBlob.getBuffer(data[NONCE]), + KMByteBlob.getStartOff(data[NONCE]), + KMByteBlob.length(data[NONCE]), + KMByteBlob.getBuffer(data[AUTH_DATA]), + KMByteBlob.getStartOff(data[AUTH_DATA]), + KMByteBlob.length(data[AUTH_DATA]), + KMByteBlob.getBuffer(data[AUTH_TAG]), + KMByteBlob.getStartOff(data[AUTH_TAG]), + KMByteBlob.length(data[AUTH_TAG]))) { + KMException.throwIt(KMError.VERIFICATION_FAILED); + } + + // Step 5 - Import decrypted key + data[ORIGIN] = KMType.SECURELY_IMPORTED; + data[KEY_PARAMETERS] = KMArray.get(cmd, (short) 0); + // create key blob array + data[IMPORTED_KEY_BLOB] = KMByteBlob.instance(scratchPad, (short) 0, + KMByteBlob.length(data[INPUT_DATA])); + importKey(apdu, keyFormat, scratchPad); + } + + private void validateImportKey(short params, short keyFmt) { + validatePurpose(params); + // Rollback protection not supported + KMTag.assertAbsence(params, KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, + KMError.ROLLBACK_RESISTANCE_UNAVAILABLE); + validateEarlyBoot(params, INS_IMPORT_KEY_CMD, null, (short) 0, KMError.EARLY_BOOT_ENDED); + //Check if the tags are supported. + if (KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_TAG); + } + // Algorithm must be present + KMTag.assertPresence(params, KMType.ENUM_TAG, KMType.ALGORITHM, KMError.INVALID_ARGUMENT); + short alg = KMEnumTag.getValue(KMType.ALGORITHM, params); + // key format must be raw if aes, des or hmac and pkcs8 for rsa and ec. + if ((alg == KMType.AES || alg == KMType.DES || alg == KMType.HMAC) && keyFmt != KMType.RAW) { + KMException.throwIt(KMError.UNIMPLEMENTED); + } + if ((alg == KMType.RSA || alg == KMType.EC) && keyFmt != KMType.PKCS8) { + KMException.throwIt(KMError.UNIMPLEMENTED); + } + } + + public void validatePurpose(short params) { + return; + } + + private void importKey(APDU apdu, short keyFmt, byte[] scratchPad) { + validateImportKey(data[KEY_PARAMETERS], keyFmt); + // Check algorithm and dispatch to appropriate handler. + short alg = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]); + switch (alg) { + case KMType.RSA: + importRSAKey(scratchPad); + break; + case KMType.AES: + importAESKey(scratchPad); + break; + case KMType.DES: + importTDESKey(scratchPad); + break; + case KMType.HMAC: + importHmacKey(scratchPad); + break; + case KMType.EC: + importECKeys(scratchPad); + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + break; + } + makeKeyCharacteristics(scratchPad); + createEncryptedKeyBlob(scratchPad); + // prepare the response + short resp = KMArray.instance((short) 3); + KMArray.add(resp, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(resp, (short) 1, data[KEY_BLOB]); + KMArray.add(resp, (short) 2, data[KEY_CHARACTERISTICS]); + sendOutgoing(apdu, resp); + } + + public short decodeRawECKey(short rawBlob) { + // Decode key material + short arrPtr = KMArray.instance((short) 2); + KMArray.add(arrPtr, (short) 0, KMByteBlob.exp()); // secret + KMArray.add(arrPtr, (short) 1, KMByteBlob.exp()); // public key + arrPtr = + decoder.decode( + arrPtr, + KMByteBlob.getBuffer(rawBlob), + KMByteBlob.getStartOff(rawBlob), + KMByteBlob.length(rawBlob)); + return arrPtr; + } + + private void importECKeys(byte[] scratchPad) { + // Decode key material + KMPKCS8Decoder pkcs8 = KMPKCS8Decoder.instance(); + short keyBlob = pkcs8.decodeEc(data[IMPORTED_KEY_BLOB]); + data[PUB_KEY] = KMArray.get(keyBlob, (short) 0); + data[SECRET] = KMArray.get(keyBlob, (short) 1); + // initialize 256 bit p256 key for given private key and public key. + short index = 0; + // check whether the key size tag is present in key parameters. + short keySize = + KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); + short SecretLen = (short) (KMByteBlob.length(data[SECRET]) * 8); + if (keySize != KMType.INVALID_VALUE) { + // As per NIST.SP.800-186 page 9, secret for 256 curve should be between + // 256-383 + if (((256 <= SecretLen) && (383 >= SecretLen)) ^ keySize == 256) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + if (keySize != 256) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + } else { + if ((256 > SecretLen) || (383 < SecretLen)) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + // add the key size to scratchPad + keySize = KMInteger.uint_16((short) 256); + keySize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, keySize); + Util.setShort(scratchPad, index, keySize); + index += 2; + } + // check the curve if present in key parameters. + short curve = KMEnumTag.getValue(KMType.ECCURVE, data[KEY_PARAMETERS]); + if (curve != KMType.INVALID_VALUE) { + // As per NIST.SP.800-186 page 9, secret length for 256 curve should be between + // 256-383 + if (((256 <= SecretLen) && (383 >= SecretLen)) ^ curve == KMType.P_256) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + if (curve != KMType.P_256) { + KMException.throwIt(KMError.UNSUPPORTED_EC_CURVE); + } + } else { + if ((256 > SecretLen) || (383 < SecretLen)) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + // add the curve to scratchPad + curve = KMEnumTag.instance(KMType.ECCURVE, KMType.P_256); + Util.setShort(scratchPad, index, curve); + index += 2; + } + // Check whether key can be created + seProvider.importAsymmetricKey( + KMType.EC, + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + KMByteBlob.getBuffer(data[PUB_KEY]), + KMByteBlob.getStartOff(data[PUB_KEY]), + KMByteBlob.length(data[PUB_KEY])); + + // add scratch pad to key parameters + updateKeyParameters(scratchPad, index); + data[KEY_BLOB] = KMArray.instance((short) 5); + KMArray.add(data[KEY_BLOB], KEY_BLOB_PUB_KEY, data[PUB_KEY]); + } + + private void importHmacKey(byte[] scratchPad) { + // Get Key + data[SECRET] = data[IMPORTED_KEY_BLOB]; + // create HMAC key of up to 512 bit + short index = 0; // index in scratchPad for update params + // check the keysize tag if present in key parameters. + short keysize = + KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); + if (keysize != KMType.INVALID_VALUE) { + if (!(keysize >= 64 && keysize <= 512 && keysize % 8 == 0)) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + if (keysize != (short) (KMByteBlob.length(data[SECRET]) * 8)) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + } else { + // add the key size to scratchPad + keysize = (short) (KMByteBlob.length(data[SECRET]) * 8); + if (!(keysize >= 64 && keysize <= 512 && keysize % 8 == 0)) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + keysize = KMInteger.uint_16(keysize); + short keySizeTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, keysize); + Util.setShort(scratchPad, index, keySizeTag); + index += 2; + } + // Check whether key can be created + seProvider.importSymmetricKey( + KMType.HMAC, + keysize, + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET])); + + // update the key parameters list + updateKeyParameters(scratchPad, index); + // validate HMAC Key parameters + validateHmacKey(); + data[KEY_BLOB] = KMArray.instance((short) 4); + } + + private void importTDESKey(byte[] scratchPad) { + // Decode Key Material + data[SECRET] = data[IMPORTED_KEY_BLOB]; + short index = 0; // index in scratchPad for update params + // check the keysize tag if present in key parameters. + short keysize = + KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); + if (keysize != KMType.INVALID_VALUE) { + if (keysize != 168) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + if (192 != (short) (8 * KMByteBlob.length(data[SECRET]))) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + } else { + keysize = (short) (KMByteBlob.length(data[SECRET]) * 8); + if (keysize != 192) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + // add the key size to scratchPad + keysize = KMInteger.uint_16((short) 168); + short keysizeTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, keysize); + Util.setShort(scratchPad, index, keysizeTag); + index += 2; + } + // Read Minimum Mac length - it must not be present + KMTag.assertAbsence(data[KEY_PARAMETERS], KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, + KMError.INVALID_TAG); + // Check whether key can be created + seProvider.importSymmetricKey( + KMType.DES, + keysize, + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET])); + // update the key parameters list + updateKeyParameters(scratchPad, index); + data[KEY_BLOB] = KMArray.instance((short) 4); + } + + private void validateAesKeySize(short keySizeBits) { + if (keySizeBits != 128 && keySizeBits != 256) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + } + + private void importAESKey(byte[] scratchPad) { + // Get Key + data[SECRET] = data[IMPORTED_KEY_BLOB]; + // create 128 or 256 bit AES key + short index = 0; // index in scratchPad for update params + // check the keysize tag if present in key parameters. + short keysize = + KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); + if (keysize != KMType.INVALID_VALUE) { + if (keysize != (short) (8 * KMByteBlob.length(data[SECRET]))) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + validateAesKeySize(keysize); + } else { + // add the key size to scratchPad + keysize = (short) (8 * KMByteBlob.length(data[SECRET])); + validateAesKeySize(keysize); + keysize = KMInteger.uint_16(keysize); + short keysizeTag = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, keysize); + Util.setShort(scratchPad, index, keysizeTag); + index += 2; + } + // Check whether key can be created + seProvider.importSymmetricKey( + KMType.AES, + keysize, + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET])); + + // update the key parameters list + updateKeyParameters(scratchPad, index); + // validate AES Key parameters + validateAESKey(); + data[KEY_BLOB] = KMArray.instance((short) 4); + } + + private void importRSAKey(byte[] scratchPad) { + // Decode key material + KMPKCS8Decoder pkcs8 = KMPKCS8Decoder.instance(); + short keyblob = pkcs8.decodeRsa(data[IMPORTED_KEY_BLOB]); + data[PUB_KEY] = KMArray.get(keyblob, (short) 0); + short pubKeyExp = KMArray.get(keyblob, (short) 1); + data[SECRET] = KMArray.get(keyblob, (short) 2); + if (F4.length != KMByteBlob.length(pubKeyExp)) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + if (Util.arrayCompare(F4, (short) 0, KMByteBlob.getBuffer(pubKeyExp), + KMByteBlob.getStartOff(pubKeyExp), (short) F4.length) != 0) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + short index = 0; // index in scratchPad for update parameters. + // validate public exponent if present in key params - it must be 0x010001 + short len = + KMIntegerTag.getValue( + scratchPad, + (short) 10, // using offset 10 as first 10 bytes reserved for update params + KMType.ULONG_TAG, + KMType.RSA_PUBLIC_EXPONENT, + data[KEY_PARAMETERS]); + if (len != KMTag.INVALID_VALUE) { + if (len != 4 + || Util.getShort(scratchPad, (short) 10) != 0x01 + || Util.getShort(scratchPad, (short) 12) != 0x01) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + } else { + // add public exponent to scratchPad + Util.setShort(scratchPad, (short) 10, (short) 0x01); + Util.setShort(scratchPad, (short) 12, (short) 0x01); + pubKeyExp = KMInteger.uint_32(scratchPad, (short) 10); + pubKeyExp = + KMIntegerTag.instance(KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT, pubKeyExp); + Util.setShort(scratchPad, index, pubKeyExp); + index += 2; + } + + // check the keysize tag if present in key parameters. + short keysize = + KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); + short kSize = (short) (KMByteBlob.length(data[SECRET]) * 8); + if (keysize != KMType.INVALID_VALUE) { + if (keysize != 2048 + || keysize != kSize) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + } else { + if (2048 != kSize) { + KMException.throwIt(KMError.IMPORT_PARAMETER_MISMATCH); + } + // add the key size to scratchPad + keysize = KMInteger.uint_16((short) 2048); + keysize = KMIntegerTag.instance(KMType.UINT_TAG, KMType.KEYSIZE, keysize); + Util.setShort(scratchPad, index, keysize); + index += 2; + } + + // Check whether key can be created + seProvider.importAsymmetricKey( + KMType.RSA, + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + KMByteBlob.getBuffer(data[PUB_KEY]), + KMByteBlob.getStartOff(data[PUB_KEY]), + KMByteBlob.length(data[PUB_KEY])); + + // update the key parameters list + updateKeyParameters(scratchPad, index); + // validate RSA Key parameters + data[KEY_BLOB] = KMArray.instance((short) 5); + KMArray.add(data[KEY_BLOB], KEY_BLOB_PUB_KEY, data[PUB_KEY]); + } + + private void updateKeyParameters(byte[] newParams, short len) { + if (len == 0) { + return; // nothing to update + } + // Create Update Param array and copy current params + short params = KMKeyParameters.getVals(data[KEY_PARAMETERS]); + len = (short) (KMArray.length(params) + (short) (len / 2)); + short updatedParams = KMArray.instance(len); // update params + + len = KMArray.length(params); + short index = 0; + + // copy the existing key parameters to updated array + while (index < len) { + short tag = KMArray.get(params, index); + KMArray.add(updatedParams, index, tag); + index++; + } + + // copy new parameters to updated array + len = KMArray.length(updatedParams); + short newParamIndex = 0; // index in ptrArr + while (index < len) { + short tag = Util.getShort(newParams, newParamIndex); + KMArray.add(updatedParams, index, tag); + index++; + newParamIndex += 2; + } + // replace with updated key parameters. + data[KEY_PARAMETERS] = KMKeyParameters.instance(updatedParams); + } + + private short initStrongBoxCmd(APDU apdu) { + short cmd = KMArray.instance((short) 3); + KMArray.add(cmd, (short) 0, KMInteger.exp()); //OS version + KMArray.add(cmd, (short) 1, KMInteger.exp()); //OS patch level + KMArray.add(cmd, (short) 2, KMInteger.exp()); //Vendor patch level + return receiveIncoming(apdu, cmd); + } + + // This command is executed to set the boot parameters. + // releaseAllOperations has to be called on every boot, so + // it is called from inside initStrongBoxCmd. Later in future if + // initStrongBoxCmd is removed, then make sure that releaseAllOperations + // is moved to a place where it is called on every boot. + private void processInitStrongBoxCmd(APDU apdu) { + short cmd = initStrongBoxCmd(apdu); + + short osVersion = KMArray.get(cmd, (short) 0); + short osPatchLevel = KMArray.get(cmd, (short) 1); + short vendorPatchLevel = KMArray.get(cmd, (short) 2); + setOsVersion(osVersion); + setOsPatchLevel(osPatchLevel); + setVendorPatchLevel(vendorPatchLevel); + } + + public void reboot(byte[] scratchPad, short offset) { + storeDataInst.clearData(KMDataStoreConstants.HMAC_NONCE); + //flag to maintain the boot state + storeDataInst.clearData(KMDataStoreConstants.BOOT_ENDED_STATUS); + //flag to maintain early boot ended state + storeDataInst.clearData(KMDataStoreConstants.EARLY_BOOT_ENDED_STATUS); + //Clear all the operation state. + releaseAllOperations(); + // Hmac is cleared, so generate a new Hmac nonce. + initHmacNonceAndSeed(scratchPad, offset); + // Clear all auth tags. + storeDataInst.clearAllAuthTags(); + } + + protected void initSystemBootParams() { + short empty = KMInteger.uint_16((short) 0); + setOsVersion(empty); + setOsPatchLevel(empty); + setVendorPatchLevel(empty); + } + + protected void setOsVersion(short version) { + writeData(KMDataStoreConstants.OS_VERSION, KMInteger.getBuffer(version), + KMInteger.getStartOff(version), + KMInteger.length(version)); + } + + protected void setOsPatchLevel(short patch) { + writeData(KMDataStoreConstants.OS_PATCH_LEVEL, KMInteger.getBuffer(patch), + KMInteger.getStartOff(patch), + KMInteger.length(patch)); + } + + protected void setVendorPatchLevel(short patch) { + writeData(KMDataStoreConstants.VENDOR_PATCH_LEVEL, KMInteger.getBuffer(patch), + KMInteger.getStartOff(patch), + KMInteger.length(patch)); + } + + private short generateKeyCmd(APDU apdu) { + short params = KMKeyParameters.expAny(); + // Array of expected arguments + short cmd = KMArray.instance((short) 1); + KMArray.add(cmd, (short) 0, params); //key params + return receiveIncoming(apdu, cmd); + } + + private void processGenerateKey(APDU apdu) { + // Receive the incoming request fully from the master into buffer. + short cmd = generateKeyCmd(apdu); + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + data[KEY_PARAMETERS] = KMArray.get(cmd, (short) 0); + data[CERTIFICATE] = KMArray.instance((short) 0); //by default the cert is empty. + // ROLLBACK_RESISTANCE not supported. + KMTag.assertAbsence(data[KEY_PARAMETERS], KMType.BOOL_TAG, KMType.ROLLBACK_RESISTANCE, + KMError.ROLLBACK_RESISTANCE_UNAVAILABLE); + // BOOTLOADER_ONLY keys not supported. + KMTag.assertAbsence(data[KEY_PARAMETERS], KMType.BOOL_TAG, KMType.BOOTLOADER_ONLY, + KMError.INVALID_KEY_BLOB); + // Algorithm must be present + KMTag.assertPresence(data[KEY_PARAMETERS], KMType.ENUM_TAG, KMType.ALGORITHM, + KMError.INVALID_ARGUMENT); + // As per specification Early boot keys may be created after early boot ended. + validateEarlyBoot(data[KEY_PARAMETERS], INS_GENERATE_KEY_CMD, scratchPad, (short) 0, + KMError.EARLY_BOOT_ENDED); + validatePurpose(data[KEY_PARAMETERS]); + //Check if the tags are supported. + if (KMKeyParameters.hasUnsupportedTags(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_TAG); + } + short alg = KMEnumTag.getValue(KMType.ALGORITHM, data[KEY_PARAMETERS]); + // Check algorithm and dispatch to appropriate handler. + switch (alg) { + case KMType.RSA: + generateRSAKey(scratchPad); + break; + case KMType.AES: + generateAESKey(scratchPad); + break; + case KMType.DES: + generateTDESKey(scratchPad); + break; + case KMType.HMAC: + generateHmacKey(scratchPad); + break; + case KMType.EC: + generateECKeys(scratchPad); + break; + default: + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + break; + } + + // create key blob and associated attestation. + data[ORIGIN] = KMType.GENERATED; + makeKeyCharacteristics(scratchPad); + createEncryptedKeyBlob(scratchPad); + // prepare the response + short resp = KMArray.instance((short) 3); + KMArray.add(resp, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(resp, (short) 1, data[KEY_BLOB]); + KMArray.add(resp, (short) 2, data[KEY_CHARACTERISTICS]); + sendOutgoing(apdu, resp); + } + + public void processAttestationCertDataCmd(APDU apdu) { + // TODO optimize this function. + byte[] srcBuffer = apdu.getBuffer(); + short recvLen = apdu.setIncomingAndReceive(); + short srcOffset = apdu.getOffsetCdata(); + short bufferLength = apdu.getIncomingLength(); + short bufferStartOffset = repository.allocReclaimableMemory(bufferLength); + short index = bufferStartOffset; + byte[] buffer = repository.getHeap(); + while (recvLen > 0 && ((short) (index - bufferStartOffset) < bufferLength)) { + Util.arrayCopyNonAtomic(srcBuffer, srcOffset, buffer, index, recvLen); + index += recvLen; + recvLen = apdu.receiveBytes(srcOffset); + } + // Buffer holds the corresponding offsets and lengths of the certChain, certIssuer and certExpiry + // in the bufferRef[0] buffer. + short var = KMByteBlob.instance((short) 12); + // These variables point to the appropriate positions in the var buffer. + short certChainPos = KMByteBlob.getStartOff(var); + short certIssuerPos = (short) (KMByteBlob.getStartOff(var) + 4); + short certExpiryPos = (short) (KMByteBlob.getStartOff(var) + 8); + decoder.decodeCertificateData((short) 3, + buffer, bufferStartOffset, bufferLength, + KMByteBlob.getBuffer(var), KMByteBlob.getStartOff(var)); + // persist data + storeDataInst.persistCertificateData( + (byte[]) buffer, + Util.getShort(KMByteBlob.getBuffer(var), certChainPos), // offset + Util.getShort(KMByteBlob.getBuffer(var), (short) (certChainPos + 2)), // length + Util.getShort(KMByteBlob.getBuffer(var), certIssuerPos), // offset + Util.getShort(KMByteBlob.getBuffer(var), (short) (certIssuerPos + 2)), // length + Util.getShort(KMByteBlob.getBuffer(var), certExpiryPos), // offset + Util.getShort(KMByteBlob.getBuffer(var), (short) (certExpiryPos + 2))); // length + + // reclaim memory + repository.reclaimMemory(bufferLength); + } + + private short generateAttestKeyCmd(APDU apdu) { + return receiveIncoming(apdu, generateAttestKeyExp()); + } + + protected void processGetCertChainCmd(APDU apdu) { + // Make the response + short certChainLen = storeDataInst.getCertificateDataLength( + KMDataStoreConstants.CERTIFICATE_CHAIN); + short int32Ptr = KMInteger.uint_16(KMError.OK); + short maxByteHeaderLen = 3; // Maximum possible ByteBlob header len. + short arrayHeaderLen = 1; + // Allocate maximum possible buffer. + // Add arrayHeader + (PowerResetStatus + KMError.OK) + Byte Header + encoder.getEncodedLength(int32Ptr); + short totalLen = (short) (arrayHeaderLen + encoder.getEncodedLength(int32Ptr) + maxByteHeaderLen + + certChainLen); + short certChain = KMByteBlob.instance(totalLen); + // copy the certificate chain to the end of the buffer. + storeDataInst.readCertificateData( + KMDataStoreConstants.CERTIFICATE_CHAIN, + KMByteBlob.getBuffer(certChain), + (short) (KMByteBlob.getStartOff(certChain) + totalLen - certChainLen)); + // Encode cert chain. + encoder.encodeCertChain( + KMByteBlob.getBuffer(certChain), + KMByteBlob.getStartOff(certChain), + KMByteBlob.length(certChain), + int32Ptr, // uint32 ptr + (short) (KMByteBlob.getStartOff(certChain) + totalLen - certChainLen), + // start pos of cert chain. + certChainLen); + apdu.setOutgoing(); + apdu.setOutgoingLength(KMByteBlob.length(certChain)); + apdu.sendBytesLong(KMByteBlob.getBuffer(certChain), + KMByteBlob.getStartOff(certChain), + KMByteBlob.length(certChain)); + } + + private void processAttestKeyCmd(APDU apdu) { + // Receive the incoming request fully from the master into buffer. + short cmd = generateAttestKeyCmd(apdu); + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + getAttestKeyInputParameters(cmd, data, KEY_BLOB, KEY_PARAMETERS, ATTEST_KEY_BLOB, + ATTEST_KEY_PARAMS, ATTEST_KEY_ISSUER); + data[CERTIFICATE] = KMArray.instance((short) 0); //by default the cert is empty. + + // Check for app id and app data. + data[APP_ID] = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.APPLICATION_ID); + data[APP_DATA] = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, KMType.APPLICATION_DATA); + if (data[APP_ID] != KMTag.INVALID_VALUE) { + data[APP_ID] = KMByteTag.getValue(data[APP_ID]); + } + if (data[APP_DATA] != KMTag.INVALID_VALUE) { + data[APP_DATA] = KMByteTag.getValue(data[APP_DATA]); + } + // parse key blob + parseEncryptedKeyBlob(data[KEY_BLOB], data[APP_ID], data[APP_DATA], scratchPad); + // The key which is being attested should be asymmetric i.e. RSA or EC + short alg = KMEnumTag.getValue(KMType.ALGORITHM, data[HW_PARAMETERS]); + if (alg != KMType.RSA && alg != KMType.EC) { + KMException.throwIt(KMError.INCOMPATIBLE_ALGORITHM); + } + // Build certificate + generateAttestation(data[ATTEST_KEY_BLOB], data[ATTEST_KEY_PARAMS], scratchPad); + + short resp = KMArray.instance((short) 2); + KMArray.add(resp, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(resp, (short) 1, data[CERTIFICATE]); + sendOutgoing(apdu, resp); + } + + private short getAttestationMode(short attKeyBlob, short attChallenge) { + short alg = KMKeyParameters.findTag(data[HW_PARAMETERS], KMType.ENUM_TAG, KMType.ALGORITHM); + short mode = KMType.NO_CERT; + // TODO Keymaster specification: Symmetric keys with challenge should return error. + if (KMEnumTag.getValue(alg) != KMType.RSA && + KMEnumTag.getValue(alg) != KMType.EC) { + return mode; + } + // If attestation keyblob present + if (attKeyBlob != KMType.INVALID_VALUE && KMByteBlob.length(attKeyBlob) > 0) { + // No attestation challenge present then it is an error + if (attChallenge == KMType.INVALID_VALUE || KMByteBlob.length(attChallenge) <= 0) { + KMException.throwIt(KMError.ATTESTATION_CHALLENGE_MISSING); + } else { + mode = KMType.ATTESTATION_CERT; + } + } else { + mode = getSupportedAttestationMode(attChallenge); + } + return mode; + } + + private void generateAttestation(short attKeyBlob, short attKeyParam, byte[] scratchPad) { + // Device unique attestation not supported + KMTag.assertAbsence(data[KEY_PARAMETERS], KMType.BOOL_TAG, KMType.DEVICE_UNIQUE_ATTESTATION, + KMError.CANNOT_ATTEST_IDS); + // Read attestation challenge if present + short attChallenge = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.BYTES_TAG, + KMType.ATTESTATION_CHALLENGE); + if (attChallenge != KMType.INVALID_VALUE) { + attChallenge = KMByteTag.getValue(attChallenge); + } + // No attestation required for symmetric keys + short mode = getAttestationMode(attKeyBlob, attChallenge); + KMAttestationCert cert = null; + + switch (mode) { + case KMType.ATTESTATION_CERT: + cert = makeAttestationCert(attKeyBlob, attKeyParam, attChallenge, data[ATTEST_KEY_ISSUER], + data[HW_PARAMETERS], data[SW_PARAMETERS], data[KEY_PARAMETERS], scratchPad); + break; + case KMType.SELF_SIGNED_CERT: + //cert = makeCert(attKeyBlob, attKeyParam, scratchPad); + cert = makeSelfSignedCert(data[SECRET], data[PUB_KEY], scratchPad); + break; + case KMType.FACTORY_PROVISIONED_ATTEST_CERT: + cert = makeCertWithFactoryProvisionedKey(attChallenge, scratchPad); + break; + case KMType.FAKE_CERT: + //cert = makeCert(attKeyBlob, attKeyParam, scratchPad); + cert = makeSelfSignedCert(KMType.INVALID_VALUE, data[PUB_KEY], scratchPad); + break; + default: + data[CERTIFICATE] = KMArray.instance((short) 0); + return; + } + // Allocate memory + short certData = KMByteBlob.instance(MAX_CERT_SIZE); + + cert.buffer(KMByteBlob.getBuffer(certData), + KMByteBlob.getStartOff(certData), + KMByteBlob.length(certData)); + + // Build the certificate - this will sign the cert + cert.build(); + // Adjust the start and length of the certificate in the blob + KMByteBlob.setStartOff(certData, cert.getCertStart()); + KMByteBlob.setLength(certData, cert.getCertLength()); + // Initialize the certificate as array of blob + data[CERTIFICATE] = KMArray.instance((short) 1); + KMArray.add(data[CERTIFICATE], (short) 0, certData); + } + + /** + * 1) If attestation key is present and attestation challenge is absent then it is an error. 2) If + * attestation key is absent and attestation challenge is present then it is an error as factory + * provisioned attestation key is not supported. 3) If both are present and issuer is absent or + * attest key purpose is not ATTEST_KEY then it is an error. 4) If the generated/imported keys are + * RSA or EC then validity period must be specified. Device Unique Attestation is not supported. + */ + + private static void validateRSAKey(byte[] scratchPad) { + // Read key size + if (!KMTag.isValidKeySize(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + if (!KMTag.isValidPublicExponent(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + } + + // Generate key handlers + private void generateRSAKey(byte[] scratchPad) { + // Validate RSA Key + validateRSAKey(scratchPad); + // Now generate 2048 bit RSA keypair for the given exponent + short[] lengths = tmpVariables; + data[PUB_KEY] = KMByteBlob.instance((short) 256); + data[SECRET] = KMByteBlob.instance((short) 256); + seProvider.createAsymmetricKey( + KMType.RSA, + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + KMByteBlob.getBuffer(data[PUB_KEY]), + KMByteBlob.getStartOff(data[PUB_KEY]), + KMByteBlob.length(data[PUB_KEY]), + lengths); + + data[KEY_BLOB] = KMArray.instance((short) 5); + KMArray.add(data[KEY_BLOB], KEY_BLOB_PUB_KEY, data[PUB_KEY]); + } + + private static void validateAESKey() { + // Read key size + if (!KMTag.isValidKeySize(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + // Read Block mode - array of byte values + if (KMTag.isPresent(data[KEY_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE)) { + short blockModes = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.BLOCK_MODE); + // If it is a GCM mode + if (KMEnumArrayTag.contains(blockModes, KMType.GCM)) { + // Min mac length must be present + KMTag.assertPresence(data[KEY_PARAMETERS], KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, + KMError.MISSING_MIN_MAC_LENGTH); + short macLength = + KMKeyParameters.findTag(data[KEY_PARAMETERS], KMType.UINT_TAG, KMType.MIN_MAC_LENGTH); + macLength = KMIntegerTag.getValue(macLength); + // Validate the MIN_MAC_LENGTH for AES - should be multiple of 8, less then 128 bits + // and greater the 96 bits + if (KMInteger.getSignificantShort(macLength) != 0 + || KMInteger.getShort(macLength) > 128 + || KMInteger.getShort(macLength) < 96 + || (KMInteger.getShort(macLength) % 8) != 0) { + KMException.throwIt(KMError.UNSUPPORTED_MIN_MAC_LENGTH); + } + } + } + } + + private void generateAESKey(byte[] scratchPad) { + validateAESKey(); + short keysize = + KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, data[KEY_PARAMETERS]); + short len = + seProvider.createSymmetricKey(KMType.AES, keysize, scratchPad, (short) 0); + data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, len); + data[KEY_BLOB] = KMArray.instance((short) 4); + } + + public void validateECKeys() { + // Read key size + short eccurve = KMEnumTag.getValue(KMType.ECCURVE, data[KEY_PARAMETERS]); + if (!KMTag.isValidKeySize(data[KEY_PARAMETERS])) { + if (eccurve == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } else if (eccurve != KMType.P_256) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + } + } + + private void generateECKeys(byte[] scratchPad) { + validateECKeys(); + short[] lengths = tmpVariables; + seProvider.createAsymmetricKey(KMType.EC, scratchPad, (short) 0, (short) 128, scratchPad, + (short) 128, + (short) 128, lengths); + data[PUB_KEY] = KMByteBlob.instance(scratchPad, (short) 128, lengths[1]); + data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, lengths[0]); + data[KEY_BLOB] = KMArray.instance((short) 5); + KMArray.add(data[KEY_BLOB], KEY_BLOB_PUB_KEY, data[PUB_KEY]); + } + + private static void validateTDESKey() { + if (!KMTag.isValidKeySize(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + // Read Minimum Mac length - it must not be present + KMTag.assertAbsence(data[KEY_PARAMETERS], KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, + KMError.INVALID_TAG); + } + + private void generateTDESKey(byte[] scratchPad) { + validateTDESKey(); + short len = seProvider.createSymmetricKey(KMType.DES, (short) 168, scratchPad, (short) 0); + data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, len); + data[KEY_BLOB] = KMArray.instance((short) 4); + } + + private void validateHmacKey() { + // If params does not contain any digest throw unsupported digest error. + KMTag.assertPresence(data[KEY_PARAMETERS], KMType.ENUM_ARRAY_TAG, KMType.DIGEST, + KMError.UNSUPPORTED_DIGEST); + + // check whether digest sizes are greater then or equal to min mac length. + // Only SHA256 digest must be supported. + if (KMEnumArrayTag.contains(KMType.DIGEST, KMType.DIGEST_NONE, data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_DIGEST); + } + // Read Minimum Mac length + KMTag.assertPresence(data[KEY_PARAMETERS], KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, + KMError.MISSING_MIN_MAC_LENGTH); + short minMacLength = + KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.MIN_MAC_LENGTH, data[KEY_PARAMETERS]); + + if (((short) (minMacLength % 8) != 0) + || minMacLength < (short) 64 + || minMacLength > (short) 256) { + KMException.throwIt(KMError.UNSUPPORTED_MIN_MAC_LENGTH); + } + // Read Keysize + if (!KMTag.isValidKeySize(data[KEY_PARAMETERS])) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + } + + private void generateHmacKey(byte[] scratchPad) { + validateHmacKey(); + short keysize = KMIntegerTag.getShortValue(KMType.UINT_TAG, KMType.KEYSIZE, + data[KEY_PARAMETERS]); + // generate HMAC Key + short len = seProvider.createSymmetricKey(KMType.HMAC, keysize, scratchPad, (short) 0); + data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, len); + data[KEY_BLOB] = KMArray.instance((short) 4); + } + + private void checkVersionAndPatchLevel(byte[] scratchPad) { + short len = + KMIntegerTag.getValue( + scratchPad, (short) 0, KMType.UINT_TAG, KMType.OS_VERSION, data[HW_PARAMETERS]); + if (len != KMType.INVALID_VALUE) { + short provOsVersion = readInteger32(KMDataStoreConstants.OS_VERSION, scratchPad, len); + short status = + KMInteger.unsignedByteArrayCompare( + KMInteger.getBuffer(provOsVersion), + KMInteger.getStartOff(provOsVersion), + scratchPad, + (short) 0, + len); + if (status == -1) { + // If the key characteristics has os version > current os version + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } else if (status == 1) { + KMException.throwIt(KMError.KEY_REQUIRES_UPGRADE); + } + } + len = + KMIntegerTag.getValue( + scratchPad, (short) 0, KMType.UINT_TAG, KMType.OS_PATCH_LEVEL, data[HW_PARAMETERS]); + if (len != KMType.INVALID_VALUE) { + short osPatch = readInteger32(KMDataStoreConstants.OS_PATCH_LEVEL, scratchPad, len); + short status = + KMInteger.unsignedByteArrayCompare( + KMInteger.getBuffer(osPatch), + KMInteger.getStartOff(osPatch), + scratchPad, + (short) 0, + len); + if (status == -1) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } else if (status == 1) { + KMException.throwIt(KMError.KEY_REQUIRES_UPGRADE); + } + } + } + + protected short getBootPatchLevel(byte[] scratchPad) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, BOOT_PATCH_LVL_SIZE, (byte) 0); + short len = bootParamsProv.getBootPatchLevel(scratchPad, (short) 0); + if (len != BOOT_PATCH_LVL_SIZE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + return KMInteger.uint_32(scratchPad, (short) 0); + } + + private void makeKeyCharacteristics(byte[] scratchPad) { + data[KEY_CHARACTERISTICS] = + makeKeyCharacteristics( + data[KEY_PARAMETERS], + readInteger32(KMDataStoreConstants.OS_VERSION, scratchPad, (short) 0), + readInteger32(KMDataStoreConstants.OS_PATCH_LEVEL, scratchPad, (short) 0), + readInteger32(KMDataStoreConstants.VENDOR_PATCH_LEVEL, scratchPad, (short) 0), + getBootPatchLevel(scratchPad), + data[ORIGIN], + scratchPad); + data[TEE_PARAMETERS] = KMKeyCharacteristics.getTeeEnforced(data[KEY_CHARACTERISTICS]); + data[SW_PARAMETERS] = KMKeyCharacteristics.getKeystoreEnforced(data[KEY_CHARACTERISTICS]); + data[SB_PARAMETERS] = KMKeyCharacteristics.getStrongboxEnforced(data[KEY_CHARACTERISTICS]); + data[HW_PARAMETERS] = getHardwareParamters(data[SB_PARAMETERS], data[TEE_PARAMETERS]); + } + + private void createEncryptedKeyBlob(byte[] scratchPad) { + // make root of trust blob + data[ROT] = readROT(scratchPad); + if (data[ROT] == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + // make hidden key params list + data[HIDDEN_PARAMETERS] = + KMKeyParameters.makeHidden(data[KEY_PARAMETERS], data[ROT], scratchPad); + // make authorization data + makeAuthData(scratchPad); + // encrypt the secret and cryptographically attach that to authorization data + encryptSecret(scratchPad); + // create key blob array + KMArray.add(data[KEY_BLOB], KEY_BLOB_SECRET, data[SECRET]); + KMArray.add(data[KEY_BLOB], KEY_BLOB_AUTH_TAG, data[AUTH_TAG]); + KMArray.add(data[KEY_BLOB], KEY_BLOB_NONCE, data[NONCE]); + + //TODO remove the following temporary creation of keyblob. + /* short tempChar = KMKeyCharacteristics.instance(); + short emptyParam = KMArray.instance((short) 0); + emptyParam = KMKeyParameters.instance(emptyParam); + KMKeyCharacteristics.cast(tempChar).setStrongboxEnforced(data[SB_PARAMETERS]); + KMKeyCharacteristics.cast(tempChar).setKeystoreEnforced(emptyParam); + KMKeyCharacteristics.cast(tempChar).setTeeEnforced(data[TEE_PARAMETERS]); + KMArray.cast(data[KEY_BLOB]).add(KEY_BLOB_PARAMS, tempChar);*/ + short keyChars = makeKeyCharacteristicsForKeyblob(data[SW_PARAMETERS], data[SB_PARAMETERS], + data[TEE_PARAMETERS]); + KMArray.add(data[KEY_BLOB], KEY_BLOB_PARAMS, keyChars); + + // allocate reclaimable memory. + short buffer = repository.alloc((short) 1024); + short keyBlob = encoder.encode(data[KEY_BLOB], repository.getHeap(), buffer); + data[KEY_BLOB] = KMByteBlob.instance(repository.getHeap(), buffer, keyBlob); + } + + private short parseEncryptedKeyBlob(short keyBlob, short appId, short appData, + byte[] scratchPad) { + short parsedBlob = KMType.INVALID_VALUE; + short rot = readROT(scratchPad); + if (rot == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + try { + parsedBlob = decoder.decodeArray(keyBlob(), + KMByteBlob.getBuffer(keyBlob), + KMByteBlob.getStartOff(keyBlob), + KMByteBlob.length(keyBlob)); + if (KMArray.length(parsedBlob) < 4) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + + // initialize data + data[SECRET] = KMArray.get(parsedBlob, KEY_BLOB_SECRET); + data[NONCE] = KMArray.get(parsedBlob, KEY_BLOB_NONCE); + data[AUTH_TAG] = KMArray.get(parsedBlob, KEY_BLOB_AUTH_TAG); + data[KEY_CHARACTERISTICS] = KMArray.get(parsedBlob, KEY_BLOB_PARAMS); + data[PUB_KEY] = KMType.INVALID_VALUE; + if (KMArray.length(parsedBlob) == 5) { + data[PUB_KEY] = KMArray.get(parsedBlob, KEY_BLOB_PUB_KEY); + } + + data[TEE_PARAMETERS] = KMKeyCharacteristics.getTeeEnforced(data[KEY_CHARACTERISTICS]); + data[SB_PARAMETERS] = KMKeyCharacteristics.getStrongboxEnforced(data[KEY_CHARACTERISTICS]); + data[SW_PARAMETERS] = KMKeyCharacteristics.getKeystoreEnforced(data[KEY_CHARACTERISTICS]); + data[HW_PARAMETERS] = getHardwareParamters(data[SB_PARAMETERS], data[TEE_PARAMETERS]); + + data[HIDDEN_PARAMETERS] = KMKeyParameters.makeHidden(appId, appData, rot, scratchPad); + data[KEY_BLOB] = parsedBlob; + // make auth data + makeAuthData(scratchPad); + // Decrypt Secret and verify auth tag + decryptSecret(scratchPad); + KMArray.add(parsedBlob, KEY_BLOB_SECRET, data[SECRET]); + } catch (Exception e) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + return parsedBlob; + } + + // Read RoT + public short readROT(byte[] scratchPad) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); + short len = bootParamsProv.getBootKey(scratchPad, (short) 0); + len += bootParamsProv.getVerifiedBootHash(scratchPad, (short) len); + short bootState = bootParamsProv.getBootState(); + len = Util.setShort(scratchPad, len, bootState); + if (bootParamsProv.isDeviceBootLocked()) { + scratchPad[len] = (byte) 1; + } else { + scratchPad[len] = (byte) 0; + } + len++; + return KMByteBlob.instance(scratchPad, (short) 0, len); + } + + private void decryptSecret(byte[] scratchPad) { + // derive master key - stored in derivedKey + short len = deriveKey(scratchPad); + if (!seProvider.aesGCMDecrypt( + KMByteBlob.getBuffer(data[DERIVED_KEY]), + KMByteBlob.getStartOff(data[DERIVED_KEY]), + KMByteBlob.length(data[DERIVED_KEY]), + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + scratchPad, (short) 0, + KMByteBlob.getBuffer(data[NONCE]), + KMByteBlob.getStartOff(data[NONCE]), + KMByteBlob.length(data[NONCE]), + repository.getHeap(), data[AUTH_DATA], data[AUTH_DATA_LENGTH], + KMByteBlob.getBuffer(data[AUTH_TAG]), + KMByteBlob.getStartOff(data[AUTH_TAG]), + KMByteBlob.length(data[AUTH_TAG]))) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + // Copy the decrypted secret + data[SECRET] = + KMByteBlob.instance(scratchPad, (short) 0, KMByteBlob.length(data[SECRET])); + } + + private void encryptSecret(byte[] scratchPad) { + // make nonce + data[NONCE] = KMByteBlob.instance((short) AES_GCM_NONCE_LENGTH); + data[AUTH_TAG] = KMByteBlob.instance(AES_GCM_AUTH_TAG_LENGTH); + Util.arrayCopyNonAtomic( + KMByteBlob.getBuffer(data[NONCE]), + KMByteBlob.getStartOff(data[NONCE]), + scratchPad, + (short) 0, + KMByteBlob.length(data[NONCE])); + seProvider.newRandomNumber( + KMByteBlob.getBuffer(data[NONCE]), + KMByteBlob.getStartOff(data[NONCE]), + KMByteBlob.length(data[NONCE])); + // derive master key - stored in derivedKey + short len = deriveKey(scratchPad); + len = seProvider.aesGCMEncrypt( + KMByteBlob.getBuffer(data[DERIVED_KEY]), + KMByteBlob.getStartOff(data[DERIVED_KEY]), + KMByteBlob.length(data[DERIVED_KEY]), + KMByteBlob.getBuffer(data[SECRET]), + KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), + scratchPad, + (short) 0, + KMByteBlob.getBuffer(data[NONCE]), + KMByteBlob.getStartOff(data[NONCE]), + KMByteBlob.length(data[NONCE]), + repository.getHeap(), + data[AUTH_DATA], + data[AUTH_DATA_LENGTH], + KMByteBlob.getBuffer(data[AUTH_TAG]), + KMByteBlob.getStartOff(data[AUTH_TAG]), + KMByteBlob.length(data[AUTH_TAG])); + + if (len > 0 && len != KMByteBlob.length(data[SECRET])) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + data[SECRET] = KMByteBlob.instance(scratchPad, (short) 0, len); + } + + private void makeAuthData(byte[] scratchPad) { + /*short arrayLen = 2; + if (KMArray.cast(data[KEY_BLOB]).length() == 5) { + arrayLen = 3; + } + short params = KMArray.instance((short) arrayLen); + KMArray.cast(params).add((short) 0, KMKeyParameters.cast(data[HW_PARAMETERS]).getVals()); + // KMArray.cast(params).add((short) 1, KMKeyParameters.cast(data[SW_PARAMETERS]).getVals()); + KMArray.cast(params).add((short) 1, KMKeyParameters.cast(data[HIDDEN_PARAMETERS]).getVals()); + if (3 == arrayLen) { + KMArray.cast(params).add((short) 2, data[PUB_KEY]); + }*/ + short params = + concatParamsForAuthData(data[KEY_BLOB], data[HW_PARAMETERS], + data[SW_PARAMETERS], data[HIDDEN_PARAMETERS], data[PUB_KEY]); + + short authIndex = repository.alloc(MAX_AUTH_DATA_SIZE); + short index = 0; + short len = 0; + short paramsLen = KMArray.length(params); + Util.arrayFillNonAtomic(repository.getHeap(), authIndex, (short) MAX_AUTH_DATA_SIZE, (byte) 0); + while (index < paramsLen) { + short tag = KMArray.get(params, index); + len = encoder.encode(tag, repository.getHeap(), (short) (authIndex + 32)); + Util.arrayCopyNonAtomic(repository.getHeap(), (short) authIndex, repository.getHeap(), + (short) (authIndex + len + 32), (short) 32); + len = seProvider.messageDigest256(repository.getHeap(), + (short) (authIndex + 32), (short) (len + 32), repository.getHeap(), (short) authIndex); + if (len != 32) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + index++; + } + data[AUTH_DATA] = authIndex; + data[AUTH_DATA_LENGTH] = len; + } + + private short deriveKey(byte[] scratchPad) { + // KeyDerivation: + // 1. Do HMAC Sign, Auth data. + // 2. HMAC Sign generates an output of 32 bytes length. + // Consume only first 16 bytes as derived key. + // Hmac sign. + short len = seProvider.hmacKDF( + storeDataInst.getMasterKey(), + repository.getHeap(), + data[AUTH_DATA], + data[AUTH_DATA_LENGTH], + scratchPad, + (short) 0); + if (len < 16) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + len = 16; + data[DERIVED_KEY] = KMByteBlob.instance(scratchPad, (short) 0, len); + return len; + } + + public void sendError(APDU apdu, short err) { + short resp = KMArray.instance((short) 1); + err = KMError.translate(err); + short error = KMInteger.uint_16(err); + KMArray.add(resp, (short) 0, error); + sendOutgoing(apdu, resp); + } + + private short addIntegers(short authTime, short timeStamp, byte[] scratchPad) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 24, (byte) 0); + Util.arrayCopyNonAtomic( + KMInteger.getBuffer(authTime), + KMInteger.getStartOff(authTime), + scratchPad, + (short) (8 - KMInteger.length(timeStamp)), + KMInteger.length(timeStamp)); + + // Copy timestamp to scratchpad + Util.arrayCopyNonAtomic( + KMInteger.getBuffer(timeStamp), + KMInteger.getStartOff(timeStamp), + scratchPad, + (short) (16 - KMInteger.length(timeStamp)), + KMInteger.length(timeStamp)); + + // add authTime in millis to timestamp. + KMUtils.add(scratchPad, (short) 0, (short) 8, (short) 16); + return KMInteger.uint_64(scratchPad, (short) 16); + } + + public void powerReset() { + releaseAllOperations(); + resetWrappingKey(); + } + + public void generateRkpKey(byte[] scratchPad, short keyParams) { + data[KEY_PARAMETERS] = keyParams; + generateECKeys(scratchPad); + // create key blob + data[ORIGIN] = KMType.GENERATED; + makeKeyCharacteristics(scratchPad); + createEncryptedKeyBlob(scratchPad); + } + + public static short getPubKey() { + return data[PUB_KEY]; + } + + public static short getPivateKey() { + return data[KEY_BLOB]; + } + + /** + * Encodes the object to the provided apdu buffer. + * + * @param object Object to be encoded. + * @param apduBuf Buffer on which the encoded data is copied. + * @param apduOff Start offset of the buffer. + * @param maxLen Max value of the expected out length. + * @return length of the encoded buffer. + */ + public short encodeToApduBuffer(short object, byte[] apduBuf, short apduOff, + short maxLen) { + short offset = repository.allocReclaimableMemory(maxLen); + short len = encoder.encode(object, repository.getHeap(), offset); + Util.arrayCopyNonAtomic(repository.getHeap(), offset, apduBuf, apduOff, len); + //release memory + repository.reclaimMemory(maxLen); + return len; + } + + + private void updateTrustedConfirmationOperation(KMOperationState op) { + if (op.isTrustedConfirmationRequired()) { + op.getTrustedConfirmationSigner().update(KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), KMByteBlob.length(data[INPUT_DATA])); + } + } + + private void finishTrustedConfirmationOperation(KMOperationState op) { + // Perform trusted confirmation if required + if (op.isTrustedConfirmationRequired()) { + short confToken = getConfirmationToken(data[CONFIRMATION_TOKEN], data[KEY_PARAMETERS]); + boolean verified = op.getTrustedConfirmationSigner() + .verify(KMByteBlob.getBuffer(data[INPUT_DATA]), + KMByteBlob.getStartOff(data[INPUT_DATA]), KMByteBlob.length(data[INPUT_DATA]), + KMByteBlob.getBuffer(confToken), + KMByteBlob.getStartOff(confToken), + KMByteBlob.length(confToken)); + if (!verified) { + KMException.throwIt(KMError.NO_USER_CONFIRMATION); + } + } + } + + public short getHardwareInfo() { + short respPtr = KMArray.instance((short) 4); + KMArray.add(respPtr, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(respPtr, (short) 1, KMEnum.instance(KMType.HARDWARE_TYPE, KMType.STRONGBOX)); + KMArray.add(respPtr, + (short) 2, + KMByteBlob.instance( + JAVACARD_KEYMASTER_DEVICE, (short) 0, (short) JAVACARD_KEYMASTER_DEVICE.length)); + KMArray.add(respPtr, (short) 3, KMByteBlob.instance(GOOGLE, (short) 0, (short) GOOGLE.length)); + return respPtr; + } + + public short makeKeyCharacteristics(short keyParams, short osVersion, short osPatch, + short vendorPatch, short bootPatch, short origin, byte[] scratchPad) { + short strongboxParams = KMKeyParameters.makeSbEnforced( + keyParams, (byte) origin, osVersion, osPatch, vendorPatch, bootPatch, scratchPad); + short teeParams = KMKeyParameters.makeTeeEnforced(keyParams, scratchPad); + short swParams = KMKeyParameters.makeKeystoreEnforced(keyParams, scratchPad); + short hwParams = KMKeyParameters.makeHwEnforced(strongboxParams, teeParams); + short arr = KMArray.instance((short) 0); + short emptyParams = KMKeyParameters.instance(arr); + short keyCharacteristics = KMKeyCharacteristics.instance(); + KMKeyCharacteristics.setStrongboxEnforced(keyCharacteristics, hwParams); + KMKeyCharacteristics.setKeystoreEnforced(keyCharacteristics, swParams); + KMKeyCharacteristics.setTeeEnforced(keyCharacteristics, emptyParams); + return keyCharacteristics; + } + + public short makeKeyCharacteristicsForKeyblob(short swParams, short sbParams, short teeParams) { + short keyChars = KMKeyCharacteristics.instance(); + KMKeyCharacteristics.setStrongboxEnforced(keyChars, sbParams); + KMKeyCharacteristics.setKeystoreEnforced(keyChars, swParams); + KMKeyCharacteristics.setTeeEnforced(keyChars, teeParams); + return keyChars; + } + + public short getKeyCharacteristicsExp() { + return KMKeyCharacteristics.exp(); + } + + public void validateEarlyBoot(short Params, byte inst, byte[] sPad, short sPadOff, + short errorCode) { + + // As per specification, Early boot keys may not be imported at all, if Tag::EARLY_BOOT_ONLY is + // provided to IKeyMintDevice::importKey + if (inst == INS_IMPORT_KEY_CMD || readBoolean(KMDataStoreConstants.EARLY_BOOT_ENDED_STATUS, + sPad, sPadOff)) { + // Validate early boot + KMTag.assertAbsence(Params, KMType.BOOL_TAG, KMType.EARLY_BOOT_ONLY, errorCode); + } + } + + public short getHardwareParamters(short sbParams, short teeParams) { + return sbParams; + } + + public short concatParamsForAuthData(short keyBlobPtr, short hwParams, short swParams, + short hiddenParams, short pubKey) { + short arrayLen = 3; + if (pubKey != KMType.INVALID_VALUE) { + arrayLen = 4; + } + short params = KMArray.instance((short) arrayLen); + KMArray.add(params, (short) 0, KMKeyParameters.getVals(hwParams)); + KMArray.add(params, (short) 1, KMKeyParameters.getVals(swParams)); + KMArray.add(params, (short) 2, KMKeyParameters.getVals(hiddenParams)); + if (4 == arrayLen) { + KMArray.add(params, (short) 3, pubKey); + } + return params; + } + + public short getSupportedAttestationMode(short attChallenge) { + return KMType.FACTORY_PROVISIONED_ATTEST_CERT; + } + + public KMAttestationCert makeCommonCert(short swParams, short hwParams, short keyParams, + byte[] scratchPad, KMSEProvider seProvider) { + boolean rsaCert = (KMEnumTag.getValue(KMType.ALGORITHM, hwParams) == KMType.RSA); + KMAttestationCert cert = KMAttestationCertImpl.instance(rsaCert, seProvider); + // notBefore + short notBefore = + KMKeyParameters.findTag(swParams, KMType.DATE_TAG, KMType.ACTIVE_DATETIME); + if (notBefore == KMType.INVALID_VALUE) { + notBefore = + KMKeyParameters.findTag(swParams, KMType.DATE_TAG, KMType.CREATION_DATETIME); + if (notBefore == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + } + notBefore = KMIntegerTag.getValue(notBefore); + cert.notBefore(notBefore, false, scratchPad); + // notAfter + // expiry time - byte blob + boolean derEncoded = false; + short notAfter = + KMKeyParameters.findTag(swParams, KMType.DATE_TAG, KMType.USAGE_EXPIRE_DATETIME); + if (notAfter == KMType.INVALID_VALUE) { + notAfter = getProvisionedCertificateData(seProvider, KMDataStoreConstants.CERTIFICATE_EXPIRY); + derEncoded = true; + } + cert.notAfter(notAfter, derEncoded, scratchPad); + // SubjectName + cert.subjectName(KMByteBlob.instance(X509Subject, (short) 0, (short) X509Subject.length)); + // Serial + short serialNumber = KMByteBlob.instance((short) 1); + KMByteBlob.add(serialNumber, (short) 0, SERIAL_NUM); + cert.serialNumber(serialNumber); + // Issuer. + cert.issuer(getProvisionedCertificateData(seProvider, KMDataStoreConstants.CERTIFICATE_ISSUER)); + return cert; + } + + private short getProvisionedCertificateData(KMSEProvider kmseProvider, byte dataType) { + short len = storeDataInst.getCertificateDataLength(dataType); + if (len == 0) { + KMException.throwIt(KMError.INVALID_DATA); + } + short ptr = KMByteBlob.instance(len); + storeDataInst.readCertificateData( + dataType, + KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr)); + return ptr; + } + + public short getConfirmationToken(short confToken, short keyParams) { + short cToken = + KMKeyParameters.findTag(keyParams, KMType.BYTES_TAG, KMType.CONFIRMATION_TOKEN); + if (cToken == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.NO_USER_CONFIRMATION); + } + return KMByteTag.getValue(cToken); + } + + public short getKMVerificationTokenExp() { + return KMVerificationToken.verificationTokenExp(); + } + + public short getMacFromVerificationToken(short verToken) { + return KMVerificationToken.getMac(verToken, (short) 0x04); + } + + public short getMgf1Digest(short keyParams, short hwParams) { + return KMType.SHA1; + } + + //This function masks the error code with POWER_RESET_MASK_FLAG + // in case if card reset event occurred. The clients of the Applet + // has to extract the power reset status from the error code and + // process accordingly. + public short buildErrorStatus(short err) { + short int32Ptr = KMInteger.instance((short) 4); + short powerResetStatus = 0; + if (seProvider.isPowerReset(true)) { + powerResetStatus = POWER_RESET_MASK_FLAG; + } + Util.setShort(KMInteger.getBuffer(int32Ptr), + KMInteger.getStartOff(int32Ptr), + powerResetStatus); + + Util.setShort(KMInteger.getBuffer(int32Ptr), + (short) (KMInteger.getStartOff(int32Ptr) + 2), + err); + return int32Ptr; + } + + public short generateAttestKeyExp() { + // Arguments + short keyParams = KMKeyParameters.expAny(); + short keyBlob = KMByteBlob.exp(); + short argsProto = KMArray.instance((short) 2); + KMArray.add(argsProto, (short) 0, keyBlob); + KMArray.add(argsProto, (short) 1, keyParams); + return argsProto; + } + + public void getAttestKeyInputParameters(short arrPtr, short[] data, byte keyBlobOff, + byte keyParametersOff, + byte attestKeyBlobOff, byte attestKeyParamsOff, byte attestKeyIssuerOff) { + data[keyBlobOff] = KMArray.get(arrPtr, (short) 0); + data[keyParametersOff] = KMArray.get(arrPtr, (short) 1); + data[attestKeyBlobOff] = KMType.INVALID_VALUE; + data[attestKeyParamsOff] = KMType.INVALID_VALUE; + data[attestKeyIssuerOff] = KMType.INVALID_VALUE; + } + + public short prepareBeginResp(short paramsPtr, short opHandlePtr, short bufModPtr, + short macLengthPtr) { + short resp = KMArray.instance((short) 3); + KMArray.add(resp, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(resp, (short) 1, paramsPtr); + KMArray.add(resp, (short) 2, opHandlePtr); + return resp; + } + + public short prepareFinishExp() { + short byteBlob = KMByteBlob.exp(); + short cmd = KMArray.instance((short) 6); + KMArray.add(cmd, (short) 0, KMInteger.exp());//op handle + short keyParam = KMKeyParameters.exp(); + KMArray.add(cmd, (short) 1, keyParam);// Key Parameters + KMArray.add(cmd, (short) 2, byteBlob);// input data + KMArray.add(cmd, (short) 3, byteBlob); // signature + short authToken = KMHardwareAuthToken.exp(); + KMArray.add(cmd, (short) 4, authToken); // auth token + short verToken = getKMVerificationTokenExp(); + KMArray.add(cmd, (short) 5, verToken); // time stamp token + return cmd; + } + + public short prepareUpdateExp() { + short cmd = KMArray.instance((short) 5); + // Arguments + short keyParams = KMKeyParameters.exp(); + KMArray.add(cmd, (short) 0, KMInteger.exp()); + KMArray.add(cmd, (short) 1, keyParams); + KMArray.add(cmd, (short) 2, KMByteBlob.exp()); + short authToken = KMHardwareAuthToken.exp(); + KMArray.add(cmd, (short) 3, authToken); + short verToken = getKMVerificationTokenExp(); + KMArray.add(cmd, (short) 4, verToken); + return cmd; + } + + public void getUpdateInputParameters(short arrPtr, short[] data, byte opHandleOff, + byte keyParametersOff, byte inputDataOff, byte hwTokenOff, + byte verToken) { + data[opHandleOff] = KMArray.get(arrPtr, (short) 0); + data[keyParametersOff] = KMArray.get(arrPtr, (short) 1); + data[inputDataOff] = KMArray.get(arrPtr, (short) 2); + data[hwTokenOff] = KMArray.get(arrPtr, (short) 3); + data[verToken] = KMArray.get(arrPtr, (short) 4); + } + + public void getFinishInputParameters(short arrPtr, short[] data, byte opHandleOff, + byte keyParametersOff, byte inputDataOff, byte signDataOff, byte hwTokenOff, byte verToken, + byte confToken) { + data[opHandleOff] = KMArray.get(arrPtr, (short) 0); + data[keyParametersOff] = KMArray.get(arrPtr, (short) 1); + data[inputDataOff] = KMArray.get(arrPtr, (short) 2); + data[signDataOff] = KMArray.get(arrPtr, (short) 3); + data[hwTokenOff] = KMArray.get(arrPtr, (short) 4); + data[verToken] = KMArray.get(arrPtr, (short) 5); + data[confToken] = KMType.INVALID_VALUE; + } + + public short prepareFinishResp(short outputPtr) { + short keyParam = KMArray.instance((short) 0); + keyParam = KMKeyParameters.instance(keyParam); + short resp = KMArray.instance((short) 3); + KMArray.add(resp, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(resp, (short) 1, keyParam); + KMArray.add(resp, (short) 2, outputPtr); + return resp; + } + + public short prepareUpdateResp(short outputPtr, short inputConsumedPtr) { + short resp = KMArray.instance((short) 4); + KMArray.add(resp, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(resp, (short) 1, inputConsumedPtr); + short keyParm = KMKeyParameters.instance(KMArray.instance((short) 0)); + KMArray.add(resp, (short) 2, keyParm); + KMArray.add(resp, (short) 3, outputPtr); + return resp; + } + + public void validateP1P2(APDU apdu) { + byte[] apduBuffer = apdu.getBuffer(); + short P1P2 = Util.getShort(apduBuffer, ISO7816.OFFSET_P1); + // Validate P1P2. + if (P1P2 != KEYMASTER_HAL_VERSION) { + ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); + } + } + + public boolean isAssociatedDataTagSupported() { + return true; + } + + void assertPrivateOperation(short purpose, short algorithm) { + switch (algorithm) { + case KMType.RSA: + if (purpose == KMType.ENCRYPT || purpose == KMType.VERIFY) { + KMException.throwIt(KMError.PUBLIC_KEY_OPERATION); + } + break; + case KMType.EC: + if (purpose == KMType.VERIFY) { + KMException.throwIt(KMError.PUBLIC_KEY_OPERATION); + } + break; + default: + break; + } + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMKeymintDevice.java b/Applet/src/com/android/javacard/kmdevice/KMKeymintDevice.java new file mode 100644 index 00000000..cc326a64 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMKeymintDevice.java @@ -0,0 +1,613 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmdevice; + +import javacard.framework.APDU; +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; +import javacard.security.CryptoException; + +public class KMKeymintDevice extends KMKeymasterDevice { + + public static byte[] JAVACARD_KEYMINT_DEVICE; + private static byte[] GOOGLE; + private static byte[] dec319999Ms; + private static byte[] dec319999; + private static byte[] jan01970; + private KMCose kmCoseInst; + private RemotelyProvisionedComponentDevice rkp; + private KMRkpDataStore rkpDataStoreInst; + + public KMKeymintDevice(KMSEProvider seImpl, KMRepository repoInst, KMEncoder encoderInst, + KMDecoder decoderInst, KMDataStore storeData, + KMBootDataStore bootParamsProvider, KMRkpDataStore rkpStore) { + super(seImpl, repoInst, encoderInst, decoderInst, storeData, bootParamsProvider); + rkpDataStoreInst = rkpStore; + rkp = new RemotelyProvisionedComponentDevice(this, encoderInst, decoderInst, repoInst, + seProvider, storeData, rkpStore, bootParamsProvider); + kmCoseInst = KMCose.getInstance(); + initStatics(); + } + + public static void initStatics() { + JAVACARD_KEYMINT_DEVICE = new byte[]{0x4a, 0x61, 0x76, 0x61, 0x63, 0x61, 0x72, 0x64, 0x4b, 0x65, + 0x79, 0x6d, 0x69, + 0x6e, 0x74, 0x44, 0x65, 0x76, 0x69, 0x63, 0x65,}; + GOOGLE = new byte[]{0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65}; + dec319999Ms = new byte[]{(byte) 0, (byte) 0, (byte) 0xE6, (byte) 0x77, (byte) 0xD2, (byte) 0x1F, + (byte) 0xD8, + (byte) 0x18}; + dec319999 = new byte[]{0x39, 0x39, 0x39, 0x39, 0x31, 0x32, 0x33, 0x31, 0x32, 0x33, 0x35, 0x39, + 0x35, 0x39, + 0x5a,}; + jan01970 = new byte[]{0x37, 0x30, 0x30, 0x31, 0x30, 0x31, 0x30, 0x30, 0x30, 0x30, 0x30, 0x30, + 0x5a,}; + } + + public void process(APDU apdu) { + try { + resetData(); + repository.onProcess(); + byte[] apduBuffer = apdu.getBuffer(); + byte apduIns = apduBuffer[ISO7816.OFFSET_INS]; + + switch (apduIns) { + case INS_GENERATE_RKP_KEY_CMD: + case INS_BEGIN_SEND_DATA_CMD: + case INS_UPDATE_CHALLENGE_CMD: + case INS_UPDATE_EEK_CHAIN_CMD: + case INS_UPDATE_KEY_CMD: + case INS_FINISH_SEND_DATA_CMD: + case INS_GET_RESPONSE_CMD: + case INS_GET_RKP_HARDWARE_INFO: + rkp.process(apduIns, apdu); + break; + default: + super.process(apdu); + } + } catch (KMException exception) { + sendError(apdu, KMException.reason()); + } catch (ISOException exp) { + sendError(apdu, mapISOErrorToKMError(exp.getReason())); + } catch (CryptoException e) { + sendError(apdu, mapCryptoErrorToKMError(e.getReason())); + } catch (Exception e) { + sendError(apdu, KMError.GENERIC_UNKNOWN_ERROR); + } finally { + repository.clean(); + } + } + + @Override + public short getHardwareInfo() { + final byte version = 1; + // Make the response + short respPtr = KMArray.instance((short) 6); + KMArray.add(respPtr, (short) 0, buildErrorStatus(KMError.OK)); + KMArray.add(respPtr, (short) 1, KMInteger.uint_8(version)); + KMArray.add(respPtr, (short) 2, KMEnum.instance(KMType.HARDWARE_TYPE, KMType.STRONGBOX)); + KMArray.add(respPtr, (short) 3, + KMByteBlob.instance(JAVACARD_KEYMINT_DEVICE, (short) 0, + (short) JAVACARD_KEYMINT_DEVICE.length)); + KMArray.add(respPtr, (short) 4, KMByteBlob.instance(GOOGLE, (short) 0, (short) GOOGLE.length)); + KMArray.add(respPtr, (short) 5, KMInteger.uint_8((byte) 1)); + return respPtr; + } + + @Override + public short makeKeyCharacteristics(short keyParams, short osVersion, short osPatch, + short vendorPatch, + short bootPatch, short origin, byte[] scratchPad) { + short strongboxParams = KMKeyParameters.makeSbEnforced(keyParams, (byte) origin, osVersion, + osPatch, vendorPatch, + bootPatch, scratchPad); + short teeParams = KMKeyParameters.makeTeeEnforced(keyParams, scratchPad); + short swParams = KMKeyParameters.makeKeystoreEnforced(keyParams, scratchPad); + // short emptyParam = KMArray.instance((short) 0); + short keyCharacteristics = KMKeyCharacteristics.instance(); + KMKeyCharacteristics.setStrongboxEnforced(keyCharacteristics, strongboxParams); + KMKeyCharacteristics.setKeystoreEnforced(keyCharacteristics, swParams); + KMKeyCharacteristics.setTeeEnforced(keyCharacteristics, teeParams); + return keyCharacteristics; + } + + @Override + public short makeKeyCharacteristicsForKeyblob(short swParams, short sbParams, short teeParams) { + short keyChars = KMKeyCharacteristics.instance(); + short emptyParam = KMArray.instance((short) 0); + emptyParam = KMKeyParameters.instance(emptyParam); + KMKeyCharacteristics.setStrongboxEnforced(keyChars, sbParams); + KMKeyCharacteristics.setKeystoreEnforced(keyChars, emptyParam); + KMKeyCharacteristics.setTeeEnforced(keyChars, teeParams); + return keyChars; + } + + @Override + public short getKeyCharacteristicsExp() { + return KMKeyCharacteristics.exp(); + } + + @Override + public short getHardwareParamters(short sbParams, short teeParams) { + return KMKeyParameters.makeHwEnforced(sbParams, teeParams); + } + + @Override + public short concatParamsForAuthData(short keyBlobPtr, short hwParams, short swParams, + short hiddenParams, + short pubKey) { + short arrayLen = 2; + if (pubKey != KMType.INVALID_VALUE) { + arrayLen = 3; + } + short params = KMArray.instance((short) arrayLen); + KMArray.add(params, (short) 0, KMKeyParameters.getVals(hwParams)); + KMArray.add(params, (short) 1, KMKeyParameters.getVals(hiddenParams)); + if (3 == arrayLen) { + KMArray.add(params, (short) 2, pubKey); + } + return params; + } + + @Override + public short getSupportedAttestationMode(short attChallenge) { + // Attestation challenge present then it is an error because no factory + // provisioned attest key + short mode = KMType.NO_CERT; // TODO check what should be the default value + if (attChallenge != KMType.INVALID_VALUE && KMByteBlob.length(attChallenge) > 0) { + KMException.throwIt(KMError.ATTESTATION_KEYS_NOT_PROVISIONED); + } + if (KMEnumArrayTag.contains(KMType.PURPOSE, KMType.ATTEST_KEY, data[HW_PARAMETERS]) + || KMEnumArrayTag.contains(KMType.PURPOSE, KMType.SIGN, data[HW_PARAMETERS])) { + mode = KMType.SELF_SIGNED_CERT; + } else { + mode = KMType.FAKE_CERT; + } + return mode; + } + + @Override + public KMAttestationCert makeCommonCert(short swParams, short hwParams, short keyParams, + byte[] scratchPad, + KMSEProvider seProvider) { + short alg = KMKeyParameters.findTag(keyParams, KMType.ENUM_TAG, KMType.ALGORITHM); + boolean rsaCert = KMEnumTag.getValue(alg) == KMType.RSA; + KMAttestationCert cert = KMAttestationCertImpl.instance(rsaCert, seProvider); + + // Validity period must be specified + short notBefore = KMKeyParameters.findTag(keyParams, KMType.DATE_TAG, + KMType.CERTIFICATE_NOT_BEFORE); + if (notBefore == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.MISSING_NOT_BEFORE); + } + notBefore = KMIntegerTag.getValue(notBefore); + short notAfter = KMKeyParameters.findTag(keyParams, KMType.DATE_TAG, + KMType.CERTIFICATE_NOT_AFTER); + if (notAfter == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.MISSING_NOT_AFTER); + } + notAfter = KMIntegerTag.getValue(notAfter); + // VTS sends notBefore == Epoch. + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 8, (byte) 0); + short epoch = KMInteger.instance(scratchPad, (short) 0, (short) 8); + short end = KMInteger.instance(dec319999Ms, (short) 0, (short) dec319999Ms.length); + if (KMInteger.compare(notBefore, epoch) == 0) { + cert.notBefore(KMByteBlob.instance(jan01970, (short) 0, (short) jan01970.length), true, + scratchPad); + } else { + cert.notBefore(notBefore, false, scratchPad); + } + // VTS sends notAfter == Dec 31st 9999 + if (KMInteger.compare(notAfter, end) == 0) { + cert.notAfter(KMByteBlob.instance(dec319999, (short) 0, (short) dec319999.length), true, + scratchPad); + } else { + cert.notAfter(notAfter, false, scratchPad); + } + // Serial number + short serialNum = KMKeyParameters.findTag(keyParams, KMType.BIGNUM_TAG, + KMType.CERTIFICATE_SERIAL_NUM); + if (serialNum != KMType.INVALID_VALUE) { + serialNum = KMBignumTag.getValue(serialNum); + } else { + serialNum = KMByteBlob.instance((short) 1); + KMByteBlob.add(serialNum, (short) 0, (byte) 1); + } + cert.serialNumber(serialNum); + return cert; + } + + @Override + public short getMgf1Digest(short keyParams, short hwParams) { + short mgfDigest = KMKeyParameters.findTag(keyParams, KMType.ENUM_ARRAY_TAG, + KMType.RSA_OAEP_MGF_DIGEST); + if (mgfDigest != KMType.INVALID_VALUE) { + if (KMEnumArrayTag.length(mgfDigest) != 1) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + mgfDigest = KMEnumArrayTag.get(mgfDigest, (short) 0); + if (mgfDigest == KMType.DIGEST_NONE) { + KMException.throwIt(KMError.UNSUPPORTED_MGF_DIGEST); + } + if (!KMEnumArrayTag.contains(KMType.RSA_OAEP_MGF_DIGEST, mgfDigest, hwParams)) { + KMException.throwIt(KMError.INCOMPATIBLE_MGF_DIGEST); + } + if (mgfDigest != KMType.SHA1 && mgfDigest != KMType.SHA2_256) { + KMException.throwIt(KMError.UNSUPPORTED_MGF_DIGEST); + } + } + return mgfDigest; + } + + @Override + public void beginKeyAgreementOperation(KMOperationState op) { + if (op.getAlgorithm() != KMType.EC) { + KMException.throwIt(KMError.UNSUPPORTED_ALGORITHM); + } + + op.setOperation( + seProvider.initAsymmetricOperation((byte) op.getPurpose(), (byte) op.getAlgorithm(), + (byte) op.getPadding(), (byte) op.getDigest(), KMType.DIGEST_NONE, /* No MGF1 Digest */ + KMByteBlob.getBuffer(data[SECRET]), KMByteBlob.getStartOff(data[SECRET]), + KMByteBlob.length(data[SECRET]), null, + (short) 0, (short) 0)); + } + + @Override + public void finishKeyAgreementOperation(KMOperationState op, byte[] scratchPad) { + try { + KMPKCS8Decoder pkcs8 = KMPKCS8Decoder.instance(); + short blob = pkcs8.decodeEcSubjectPublicKeyInfo(data[INPUT_DATA]); + short len = op.getOperation().finish(KMByteBlob.getBuffer(blob), KMByteBlob.getStartOff(blob), + KMByteBlob.length(blob), scratchPad, (short) 0); + data[OUTPUT_DATA] = KMByteBlob.instance((short) 32); + Util.arrayCopyNonAtomic(scratchPad, (short) 0, KMByteBlob.getBuffer(data[OUTPUT_DATA]), + KMByteBlob.getStartOff(data[OUTPUT_DATA]), len); + } catch (CryptoException e) { + KMException.throwIt(KMError.INVALID_ARGUMENT); + } + } + + @Override + public short getConfirmationToken(short confToken, short keyParams) { + if (0 == KMByteBlob.length(confToken)) { + KMException.throwIt(KMError.NO_USER_CONFIRMATION); + } + return confToken; + } + + @Override + public short getKMVerificationTokenExp() { + return KMVerificationToken.timeStampTokenExp(); + } + + @Override + public short getMacFromVerificationToken(short verToken) { + return KMVerificationToken.getMac(verToken, (short) 0x02); + } + + @Override + public void validateECKeys() { + // Read key size + short eccurve = KMEnumTag.getValue(KMType.ECCURVE, data[KEY_PARAMETERS]); + if (eccurve == KMType.INVALID_VALUE) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } else { + if (eccurve != KMType.P_256) { + KMException.throwIt(KMError.UNSUPPORTED_KEY_SIZE); + } + } + } + + @Override + public short buildErrorStatus(short err) { + return KMInteger.uint_16(err); + } + + @Override + public short generateAttestKeyExp() { + short params = KMKeyParameters.expAny(); + short blob = KMByteBlob.exp(); + // Array of expected arguments + short cmd = KMArray.instance((short) 5); + KMArray.add(cmd, (short) 0, blob); // key blob + KMArray.add(cmd, (short) 1, params); // keyparamters to be attested. + KMArray.add(cmd, (short) 2, blob); // attest key blob + KMArray.add(cmd, (short) 3, params); // attest key params + KMArray.add(cmd, (short) 4, blob); // attest issuer + return cmd; + } + + @Override + public void getAttestKeyInputParameters(short arrPtr, short[] data, byte keyBlobOff, + byte keyParametersOff, + byte attestKeyBlobOff, byte attestKeyParamsOff, byte attestKeyIssuerOff) { + data[keyBlobOff] = KMArray.get(arrPtr, (short) 0); + data[keyParametersOff] = KMArray.get(arrPtr, (short) 1); + data[attestKeyBlobOff] = KMArray.get(arrPtr, (short) 2); + data[attestKeyParamsOff] = KMArray.get(arrPtr, (short) 3); + data[attestKeyIssuerOff] = KMArray.get(arrPtr, (short) 4); + } + + @Override + public short prepareBeginResp(short paramsPtr, short opHandlePtr, short bufModePtr, + short macLengthPtr) { + short resp = KMArray.instance((short) 5); + KMArray.add(resp, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(resp, (short) 1, paramsPtr); + KMArray.add(resp, (short) 2, opHandlePtr); + KMArray.add(resp, (short) 3, bufModePtr); + KMArray.add(resp, (short) 4, macLengthPtr); + return resp; + } + + @Override + public short prepareFinishExp() { + short byteBlob = KMByteBlob.exp(); + short cmd = KMArray.instance((short) 6); + KMArray.add(cmd, (short) 0, KMInteger.exp());// op handle + KMArray.add(cmd, (short) 1, byteBlob);// input data + KMArray.add(cmd, (short) 2, byteBlob); // signature + short authToken = KMHardwareAuthToken.exp(); + KMArray.add(cmd, (short) 3, authToken); // auth token + short verToken = getKMVerificationTokenExp(); + KMArray.add(cmd, (short) 4, verToken); // time stamp token + KMArray.add(cmd, (short) 5, byteBlob); // confirmation token + return cmd; + } + + @Override + public short prepareUpdateExp() { + short cmd = KMArray.instance((short) 4); + // Arguments + KMArray.add(cmd, (short) 0, KMInteger.exp()); + KMArray.add(cmd, (short) 1, KMByteBlob.exp()); + short authToken = KMHardwareAuthToken.exp(); + KMArray.add(cmd, (short) 2, authToken); + short verToken = getKMVerificationTokenExp(); + KMArray.add(cmd, (short) 3, verToken); + return cmd; + } + + @Override + public void getUpdateInputParameters(short arrPtr, short[] data, byte opHandleOff, + byte keyParametersOff, + byte inputDataOff, byte hwTokenOff, byte verToken) { + data[opHandleOff] = KMArray.get(arrPtr, (short) 0); + data[inputDataOff] = KMArray.get(arrPtr, (short) 1); + data[hwTokenOff] = KMArray.get(arrPtr, (short) 2); + data[verToken] = KMArray.get(arrPtr, (short) 3); + } + + @Override + public void getFinishInputParameters(short arrPtr, short[] data, byte opHandleOff, + byte keyParametersOff, + byte inputDataOff, byte signDataOff, byte hwTokenOff, byte verToken, byte confToken) { + data[opHandleOff] = KMArray.get(arrPtr, (short) 0); + data[inputDataOff] = KMArray.get(arrPtr, (short) 1); + data[signDataOff] = KMArray.get(arrPtr, (short) 2); + data[hwTokenOff] = KMArray.get(arrPtr, (short) 3); + data[verToken] = KMArray.get(arrPtr, (short) 4); + data[confToken] = KMArray.get(arrPtr, (short) 5); + } + + @Override + public short prepareFinishResp(short outputPtr) { + short resp = KMArray.instance((short) 2); + KMArray.add(resp, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(resp, (short) 1, outputPtr); + return resp; + } + + @Override + public short prepareUpdateResp(short outputPtr, short inputConsumedPtr) { + short resp = KMArray.instance((short) 2); + KMArray.add(resp, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(resp, (short) 1, outputPtr); + return resp; + } + + @Override + public void validateP1P2(APDU apdu) { + byte[] apduBuffer = apdu.getBuffer(); + short P1P2 = Util.getShort(apduBuffer, ISO7816.OFFSET_P1); + if (P1P2 != KEYMINT_HAL_VERSION) { + ISOException.throwIt(ISO7816.SW_INCORRECT_P1P2); + } + } + + @Override + public void updateAAD(KMOperationState op, byte finish) { + return; + } + + @Override + public void validatePurpose(short params) { + short attKeyPurpose = KMKeyParameters.findTag(params, KMType.ENUM_ARRAY_TAG, KMType.PURPOSE); + // ATTEST_KEY purpose cannot be combined with any other purpose. + if (attKeyPurpose != KMType.INVALID_VALUE && KMEnumArrayTag.contains(attKeyPurpose, + KMType.ATTEST_KEY) + && KMEnumArrayTag.length(attKeyPurpose) > 1) { + KMException.throwIt(KMError.INCOMPATIBLE_PURPOSE); + } + } + + public short generateBcc(boolean testMode, byte[] scratchPad) { + if (!testMode && readBoolean(KMDataStoreConstants.PROVISIONED_LOCKED, scratchPad, (short) 0)) { + KMException.throwIt(KMError.STATUS_FAILED); + } + KMDeviceUniqueKey deviceUniqueKey = rkpDataStoreInst.getDeviceUniqueKey(testMode); + short temp = deviceUniqueKey.getPublicKey(scratchPad, (short) 0); + short coseKey = kmCoseInst.constructCoseKey(KMInteger.uint_8(KMCose.COSE_KEY_TYPE_EC2), + KMType.INVALID_VALUE, + KMNInteger.uint_8(KMCose.COSE_ALG_ES256), KMInteger.uint_8(KMCose.COSE_KEY_OP_VERIFY), + KMInteger.uint_8(KMCose.COSE_ECCURVE_256), scratchPad, (short) 0, temp, + KMType.INVALID_VALUE, false); + temp = encodeToApduBuffer(coseKey, scratchPad, (short) 0, + RemotelyProvisionedComponentDevice.MAX_COSE_BUF_SIZE); + // Construct payload. + short payload = kmCoseInst.constructCoseCertPayload( + KMCosePairTextStringTag.instance(KMInteger.uint_8(KMCose.ISSUER), + KMTextString.instance(KMCose.TEST_ISSUER_NAME, (short) 0, + (short) KMCose.TEST_ISSUER_NAME.length)), + KMCosePairTextStringTag.instance(KMInteger.uint_8(KMCose.SUBJECT), + KMTextString.instance(KMCose.TEST_SUBJECT_NAME, (short) 0, + (short) KMCose.TEST_SUBJECT_NAME.length)), + KMCosePairByteBlobTag.instance(KMNInteger.uint_32(KMCose.SUBJECT_PUBLIC_KEY, (short) 0), + KMByteBlob.instance(scratchPad, (short) 0, temp)), + KMCosePairByteBlobTag.instance(KMNInteger.uint_32(KMCose.KEY_USAGE, (short) 0), + KMByteBlob.instance(KMCose.KEY_USAGE_SIGN, (short) 0, + (short) KMCose.KEY_USAGE_SIGN.length))); + // temp temporarily holds the length of encoded cert payload. + temp = encodeToApduBuffer(payload, scratchPad, (short) 0, + RemotelyProvisionedComponentDevice.MAX_COSE_BUF_SIZE); + payload = KMByteBlob.instance(scratchPad, (short) 0, temp); + + // protected header + short protectedHeader = kmCoseInst.constructHeaders(KMNInteger.uint_8(KMCose.COSE_ALG_ES256), + KMType.INVALID_VALUE, + KMType.INVALID_VALUE, KMType.INVALID_VALUE); + // temp temporarily holds the length of encoded headers. + temp = encodeToApduBuffer(protectedHeader, scratchPad, (short) 0, + RemotelyProvisionedComponentDevice.MAX_COSE_BUF_SIZE); + protectedHeader = KMByteBlob.instance(scratchPad, (short) 0, temp); + + // unprotected headers. + short arr = KMArray.instance((short) 0); + short unprotectedHeader = KMCoseHeaders.instance(arr); + + // construct cose sign structure. + short coseSignStructure = kmCoseInst.constructCoseSignStructure(protectedHeader, + KMByteBlob.instance((short) 0), + payload); + // temp temporarily holds the length of encoded sign structure. + // Encode cose Sign_Structure. + temp = encodeToApduBuffer(coseSignStructure, scratchPad, (short) 0, + RemotelyProvisionedComponentDevice.MAX_COSE_BUF_SIZE); + // do sign + short len = seProvider.ecSign256(deviceUniqueKey, scratchPad, (short) 0, temp, scratchPad, + temp); + coseSignStructure = KMByteBlob.instance(scratchPad, temp, len); + + // construct cose_sign1 + short coseSign1 = kmCoseInst.constructCoseSign1(protectedHeader, unprotectedHeader, payload, + coseSignStructure); + + // [Cose_Key, Cose_Sign1] + short bcc = KMArray.instance((short) 2); + KMArray.add(bcc, (short) 0, coseKey); + KMArray.add(bcc, (short) 1, coseSign1); + return bcc; + } + + + public short validateCertChain(boolean validateEekRoot, byte expCertAlg, + byte expLeafCertAlg, short certChainArr, byte[] scratchPad, Object[] authorizedEekRoots) { + short len = KMArray.length(certChainArr); + short coseHeadersExp = KMCoseHeaders.exp(); + //prepare exp for coseky + short coseKeyExp = KMCoseKey.exp(); + short ptr1; + short ptr2; + short signStructure; + short encodedLen; + short prevCoseKey = 0; + short keySize; + short alg = expCertAlg; + short index; + for (index = 0; index < len; index++) { + ptr1 = KMArray.get(certChainArr, index); + + // validate protected Headers + ptr2 = KMArray.get(ptr1, KMCose.COSE_SIGN1_PROTECTED_PARAMS_OFFSET); + ptr2 = decoder.decode(coseHeadersExp, KMByteBlob.getBuffer(ptr2), + KMByteBlob.getStartOff(ptr2), KMByteBlob.length(ptr2)); + if (!KMCoseHeaders.cast(ptr2).isDataValid(alg, KMType.INVALID_VALUE)) { + KMException.throwIt(KMError.STATUS_FAILED); + } + + // parse and get the public key from payload. + ptr2 = KMArray.get(ptr1, KMCose.COSE_SIGN1_PAYLOAD_OFFSET); + ptr2 = decoder.decode(coseKeyExp, KMByteBlob.getBuffer(ptr2), + KMByteBlob.getStartOff(ptr2), KMByteBlob.length(ptr2)); + if ((index == (short) (len - 1)) && len > 1) { + alg = expLeafCertAlg; + } + if (!KMCoseKey.cast(ptr2).isDataValid(KMCose.COSE_KEY_TYPE_EC2, KMType.INVALID_VALUE, alg, + KMType.INVALID_VALUE, KMCose.COSE_ECCURVE_256)) { + KMException.throwIt(KMError.STATUS_FAILED); + } + if (prevCoseKey == 0) { + prevCoseKey = ptr2; + } + // Get the public key. + keySize = KMCoseKey.cast(prevCoseKey).getEcdsa256PublicKey(scratchPad, (short) 0); + if (keySize != 65) { + KMException.throwIt(KMError.STATUS_FAILED); + } + if (validateEekRoot && (index == 0)) { + boolean found = false; + // In prod mode the first pubkey should match a well-known Google public key. + for (short i = 0; i < (short) authorizedEekRoots.length; i++) { + if (0 == Util.arrayCompare(scratchPad, (short) 0, (byte[]) authorizedEekRoots[i], + (short) 0, (short) ((byte[]) authorizedEekRoots[i]).length)) { + found = true; + break; + } + } + if (!found) { + KMException.throwIt(KMError.STATUS_FAILED); + } + } + // Validate signature. + signStructure = + kmCoseInst.constructCoseSignStructure( + KMArray.get(ptr1, KMCose.COSE_SIGN1_PROTECTED_PARAMS_OFFSET), + KMByteBlob.instance((short) 0), + KMArray.get(ptr1, KMCose.COSE_SIGN1_PAYLOAD_OFFSET)); + encodedLen = encodeToApduBuffer(signStructure, scratchPad, + keySize, RemotelyProvisionedComponentDevice.MAX_COSE_BUF_SIZE); + + if (!seProvider.ecVerify256(scratchPad, (short) 0, keySize, scratchPad, keySize, encodedLen, + KMByteBlob.getBuffer(KMArray.get(ptr1, KMCose.COSE_SIGN1_SIGNATURE_OFFSET)), + KMByteBlob.getStartOff(KMArray.get(ptr1, KMCose.COSE_SIGN1_SIGNATURE_OFFSET)), + KMByteBlob.length(KMArray.get(ptr1, KMCose.COSE_SIGN1_SIGNATURE_OFFSET)))) { + KMException.throwIt(KMError.STATUS_FAILED); + } + prevCoseKey = ptr2; + } + return prevCoseKey; + } + + @Override + protected void processGetCertChainCmd(APDU apdu) { + KMException.throwIt(KMError.ATTESTATION_KEYS_NOT_PROVISIONED); + } + + @Override + public void validateEarlyBoot(short Params, byte inst, byte[] sPad, short sPadOff, + short errorCode) { + if (inst != INS_GENERATE_KEY_CMD) { + //VTS expects error code EARLY_BOOT_ONLY during begin operation if eary boot ended tag is present + if (inst == INS_BEGIN_OPERATION_CMD) { + errorCode = KMError.EARLY_BOOT_ENDED; + } + // Validate early boot + super.validateEarlyBoot(Params, inst, sPad, sPadOff, errorCode); + } + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMMap.java b/Applet/src/com/android/javacard/kmdevice/KMMap.java new file mode 100644 index 00000000..b4763688 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMMap.java @@ -0,0 +1,194 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +public class KMMap extends KMType { + + public static final short ANY_MAP_LENGTH = 0x1000; + private static final short MAP_HEADER_SIZE = 4; + private static KMMap prototype; + + private KMMap() { + } + + private static KMMap proto(short ptr) { + if (prototype == null) { + prototype = new KMMap(); + } + instanceTable[KM_MAP_OFFSET] = ptr; + return prototype; + } + + public static short exp() { + short ptr = instance(MAP_TYPE, MAP_HEADER_SIZE); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), (short) 0); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), ANY_MAP_LENGTH); + return ptr; + } + + public static short instance(short length) { + short ptr = KMType.instance(MAP_TYPE, (short) (MAP_HEADER_SIZE + (length * 4))); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), (short) 0); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), length); + return ptr; + } + + public static short instance(short length, byte type) { + short ptr = instance(length); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE), type); + return ptr; + } + + private static KMMap cast(short ptr) { + if (heap[ptr] != MAP_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public void add(short index, short keyPtr, short valPtr) { + short len = length(); + if (index >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + short keyIndex = (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + + (short) (index * 4)); + Util.setShort(heap, keyIndex, keyPtr); + Util.setShort(heap, (short) (keyIndex + 2), valPtr); + } + + public short getKey(short index) { + short len = length(); + if (index >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + return Util.getShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) (index + * 4))); + } + + public short getKeyValue(short index) { + short len = length(); + if (index >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + return Util.getShort( + heap, (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) ( + index * 4 + 2))); + } + + public void swap(short index1, short index2) { + short len = length(); + if (index1 >= len || index2 >= len) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + // Swap keys + short indexPtr1 = + Util.getShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) ( + index1 * 4))); + short indexPtr2 = + Util.getShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) ( + index2 * 4))); + Util.setShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) (index1 + * 4)), + indexPtr2); + Util.setShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) (index2 + * 4)), + indexPtr1); + + // Swap Values + indexPtr1 = + Util.getShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) ( + index1 * 4 + 2))); + indexPtr2 = + Util.getShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) ( + index2 * 4 + 2))); + Util.setShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) ( + index1 * 4 + 2)), + indexPtr2); + Util.setShort( + heap, + (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE + (short) ( + index2 * 4 + 2)), + indexPtr1); + } + + public void canonicalize() { + KMCoseMap.canonicalize(instanceTable[KM_MAP_OFFSET], length()); + } + + public short containedType() { + return Util.getShort(heap, (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE)); + } + + public short getStartOff() { + return (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + MAP_HEADER_SIZE); + } + + public short length() { + return Util.getShort(heap, (short) (instanceTable[KM_MAP_OFFSET] + TLV_HEADER_SIZE + 2)); + } + + public byte[] getBuffer() { + return heap; + } + + public static void add(short bPtr, short index, short keyPtr, short valPtr) { + KMMap.cast(bPtr).add(index, keyPtr, valPtr); + } + + public static short getKeyValue(short bPtr, short index) { + return KMMap.cast(bPtr).getKeyValue(index); + } + + public static void swap(short bPtr, short index1, short index2) { + KMMap.cast(bPtr).swap(index1, index2); + } + + public static short getKey(short bPtr, short index) { + return KMMap.cast(bPtr).getKey(index); + } + + public static short length(short bPtr) { + return KMMap.cast(bPtr).length(); + } + + public static void canonicalize(short bPtr) { + KMMap.cast(bPtr).canonicalize(); + } + + +} diff --git a/Applet/src/com/android/javacard/keymaster/KMMasterKey.java b/Applet/src/com/android/javacard/kmdevice/KMMasterKey.java similarity index 88% rename from Applet/src/com/android/javacard/keymaster/KMMasterKey.java rename to Applet/src/com/android/javacard/kmdevice/KMMasterKey.java index 7a88778e..d91c0bb3 100644 --- a/Applet/src/com/android/javacard/keymaster/KMMasterKey.java +++ b/Applet/src/com/android/javacard/kmdevice/KMMasterKey.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; /** * KMMasterKey is a marker interface and the SE Provider has to implement this interface. Internally @@ -22,4 +22,7 @@ */ public interface KMMasterKey { + public byte getKey(byte[] keyData, short kOff); + + public short getKeySizeBits(); } diff --git a/Applet/src/com/android/javacard/kmdevice/KMNInteger.java b/Applet/src/com/android/javacard/kmdevice/KMNInteger.java new file mode 100644 index 00000000..17eb04cb --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMNInteger.java @@ -0,0 +1,186 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +public class KMNInteger extends KMType { + + private static KMNInteger prototype; + public static final byte SIGNED_MASK = (byte) 0x80; + + private KMNInteger() { + } + + private static KMNInteger proto(short ptr) { + if (prototype == null) { + prototype = new KMNInteger(); + } + instanceTable[KM_NEG_INTEGER_OFFSET] = ptr; + return prototype; + } + + public static short exp() { + return KMType.exp(NEG_INTEGER_TYPE); + } + + // return an empty integer instance + public static short instance(short length) { + if ((length <= 0) || (length > 8)) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + if (length > 4) { + length = KMInteger.UINT_64; + } else { + length = KMInteger.UINT_32; + } + return KMType.instance(NEG_INTEGER_TYPE, length); + } + + public static short instance(byte[] num, short srcOff, short length) { + if (length > 8) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + if (length == 1) { + return uint_8(num[srcOff]); + } else if (length == 2) { + return uint_16(Util.getShort(num, srcOff)); + } else if (length == 4) { + return uint_32(num, srcOff); + } else { + return uint_64(num, srcOff); + } + } + + private static KMNInteger cast(short ptr) { + byte[] heap = repository.getHeap(); + if (heap[ptr] != NEG_INTEGER_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + if (Util.getShort(heap, (short) (ptr + 1)) == INVALID_VALUE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + // create integer and copy byte value + public static short uint_8(byte num) { + if (num >= 0) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short ptr = instance(KMInteger.UINT_32); + heap[(short) (ptr + TLV_HEADER_SIZE + 3)] = num; + return ptr; + } + + // create integer and copy short value + public static short uint_16(short num) { + if (num >= 0) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short ptr = instance(KMInteger.UINT_32); + Util.setShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2), num); + return ptr; + } + + // create integer and copy integer value + public static short uint_32(byte[] num, short offset) { + if (!isSignedInteger(num, offset)) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short ptr = instance(KMInteger.UINT_32); + Util.arrayCopy(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), KMInteger.UINT_32); + return ptr; + } + + // create integer and copy integer value + public static short uint_64(byte[] num, short offset) { + if (!isSignedInteger(num, offset)) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short ptr = instance(KMInteger.UINT_64); + Util.arrayCopy(num, offset, heap, (short) (ptr + TLV_HEADER_SIZE), KMInteger.UINT_64); + return ptr; + } + + private short getStartOff() { + return (short) (getBaseOffset() + TLV_HEADER_SIZE); + } + + private short getShort() { + return Util.getShort(heap, (short) (getStartOff() + 2)); + } + + private short getBaseOffset() { + return instanceTable[KM_NEG_INTEGER_OFFSET]; + } + + private short length() { + return Util.getShort(heap, (short) (getBaseOffset() + 1)); + } + + private short getSignificantShort() { + return Util.getShort(heap, getStartOff()); + } + + private void getValue(byte[] dest, short destOff, short length) { + if (length < length()) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + if (length > length()) { + length = length(); + destOff += length; + } + Util.arrayCopyNonAtomic(heap, getStartOff(), dest, destOff, length); + } + + private byte[] getBuffer() { + return heap; + } + + public static boolean isSignedInteger(byte[] num, short offset) { + byte val = num[offset]; + return SIGNED_MASK == (val & SIGNED_MASK); + } + + public static short getShort(short bPtr) { + return KMNInteger.cast(bPtr).getShort(); + } + + public static short getStartOff(short bPtr) { + return KMNInteger.cast(bPtr).getStartOff(); + } + + public static short getSignificantShort(short bPtr) { + return KMNInteger.cast(bPtr).getSignificantShort(); + } + + public static void getValue(short bPtr, byte[] dest, short destOff, short length) { + KMNInteger.cast(bPtr).getValue(dest, destOff, length); + } + + public static short length(short bPtr) { + return KMNInteger.cast(bPtr).length(); + } + + public static byte[] getBuffer(short bPtr) { + return KMNInteger.cast(bPtr).getBuffer(); + } + +} diff --git a/Applet/src/com/android/javacard/keymaster/KMOperation.java b/Applet/src/com/android/javacard/kmdevice/KMOperation.java similarity index 95% rename from Applet/src/com/android/javacard/keymaster/KMOperation.java rename to Applet/src/com/android/javacard/kmdevice/KMOperation.java index 3132e4b3..b3341231 100644 --- a/Applet/src/com/android/javacard/keymaster/KMOperation.java +++ b/Applet/src/com/android/javacard/kmdevice/KMOperation.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; /** * KMOperation represents a persistent operation started by keymaster hal's beginOperation function. @@ -29,7 +29,7 @@ short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength, // Used for signature operations short update(byte[] inputDataBuf, short inputDataStart, short inputDataLength); - // Used for finishing cipher operations. + // Used for finishing cipher operations or ecdh keyAgreement. short finish(byte[] inputDataBuf, short inputDataStart, short inputDataLength, byte[] outputDataBuf, short outputDataStart); diff --git a/Applet/src/com/android/javacard/kmdevice/KMOperationState.java b/Applet/src/com/android/javacard/kmdevice/KMOperationState.java new file mode 100644 index 00000000..0d0aaf2b --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMOperationState.java @@ -0,0 +1,331 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.JCSystem; +import javacard.framework.Util; + +/** + * KMOperationState is the container of an active operation started by beginOperation function. This + * operation state is persisted by the applet in non volatile memory. However, this state is not + * retained if applet is upgraded. There will be four operation state records maintained i.e. only + * four active operations are supported at any given time. + */ +public class KMOperationState { + + // byte type + private static final byte ALG = 0; + private static final byte PURPOSE = 1; + private static final byte PADDING = 2; + private static final byte BLOCK_MODE = 3; + private static final byte DIGEST = 4; + private static final byte FLAGS = 5; + private static final byte KEY_SIZE = 6; + private static final byte MAC_LENGTH = 7; + private static final byte MGF_DIGEST = 8; + private static final byte AUTH_TYPE = 9; + // sizes + public static final byte OPERATION_HANDLE_SIZE = 8; + public static final byte DATA_SIZE = 10; + public static final byte AUTH_TIME_SIZE = 8; + // Secure user ids 5 * 8 = 40 bytes ( Considering Maximum 5 SECURE USER IDs) + // First two bytes are reserved to store number of secure ids. So total 42 bytes. + public static final byte USER_SECURE_IDS_SIZE = 42; + + private static final byte OPERATION = 0; + private static final byte HMAC_SIGNER_OPERATION = 1; + // Flag masks + private static final short AUTH_PER_OP_REQD = 1; + private static final short SECURE_USER_ID_REQD = 2; + private static final short AUTH_TIMEOUT_VALIDATED = 4; + private static final short AES_GCM_UPDATE_ALLOWED = 8; + // Max user secure ids. + private static final byte MAX_SECURE_USER_IDS = 5; + + // Object References + private byte[] opHandle; + private byte[] authTime; + private byte[] userSecureIds; + private short[] data; + private Object[] operations; + + + public KMOperationState() { + opHandle = JCSystem.makeTransientByteArray(OPERATION_HANDLE_SIZE, JCSystem.CLEAR_ON_RESET); + authTime = JCSystem.makeTransientByteArray(AUTH_TIME_SIZE, JCSystem.CLEAR_ON_RESET); + data = JCSystem.makeTransientShortArray(DATA_SIZE, JCSystem.CLEAR_ON_RESET); + operations = JCSystem.makeTransientObjectArray((short) 2, JCSystem.CLEAR_ON_RESET); + userSecureIds = JCSystem.makeTransientByteArray(USER_SECURE_IDS_SIZE, JCSystem.CLEAR_ON_RESET); + reset(); + } + + public void reset() { + byte index = 0; + while (index < DATA_SIZE) { + data[index] = KMType.INVALID_VALUE; + index++; + } + Util.arrayFillNonAtomic(opHandle, (short) 0, OPERATION_HANDLE_SIZE, (byte) 0); + Util.arrayFillNonAtomic(authTime, (short) 0, AUTH_TIME_SIZE, (byte) 0); + + if (null != operations[OPERATION]) { + ((KMOperation) operations[OPERATION]).abort(); + } + operations[OPERATION] = null; + + if (null != operations[HMAC_SIGNER_OPERATION]) { + ((KMOperation) operations[HMAC_SIGNER_OPERATION]).abort(); + } + operations[HMAC_SIGNER_OPERATION] = null; + } + + public short compare(byte[] handle, short start, short len) { + return Util.arrayCompare(handle, start, opHandle, (short) 0, (short) opHandle.length); + } + + public void setKeySize(short keySize) { + data[KEY_SIZE] = keySize; + } + + public short getKeySize() { + return data[KEY_SIZE]; + } + + public short getHandle() { + return KMInteger.uint_64(opHandle, (short) 0); + } + + public void setHandle(byte[] buf, short start, short len) { + Util.arrayCopyNonAtomic(buf, start, opHandle, (short) 0, (short) opHandle.length); + } + + public short getPurpose() { + return data[PURPOSE]; + } + + public void setPurpose(short purpose) { + data[PURPOSE] = purpose; + } + + public void setOperation(KMOperation op) { + operations[OPERATION] = op; + } + + public KMOperation getOperation() { + return (KMOperation) operations[OPERATION]; + } + + public boolean isAuthPerOperationReqd() { + return (data[FLAGS] & AUTH_PER_OP_REQD) != 0; + } + + public boolean isAuthTimeoutValidated() { + return (data[FLAGS] & AUTH_TIMEOUT_VALIDATED) != 0; + } + + public boolean isSecureUserIdReqd() { + return (data[FLAGS] & SECURE_USER_ID_REQD) != 0; + } + + public short getAuthTime() { + return KMInteger.uint_64(authTime, (short) 0); + } + + public void setAuthTime(byte[] timeBuf, short start) { + Util.arrayCopyNonAtomic(timeBuf, start, authTime, (short) 0, AUTH_TIME_SIZE); + } + + public void setOneTimeAuthReqd(boolean flag) { + if (flag) { + data[FLAGS] = (short) (data[FLAGS] | SECURE_USER_ID_REQD); + } else { + data[FLAGS] = (short) (data[FLAGS] & (~SECURE_USER_ID_REQD)); + } + } + + public void setAuthTimeoutValidated(boolean flag) { + if (flag) { + data[FLAGS] = (byte) (data[FLAGS] | AUTH_TIMEOUT_VALIDATED); + } else { + data[FLAGS] = (byte) (data[FLAGS] & (~AUTH_TIMEOUT_VALIDATED)); + } + } + + public void setAuthType(byte authType) { + data[AUTH_TYPE] = authType; + } + + public short getAuthType() { + return data[AUTH_TYPE]; + } + + public short getUserSecureId() { + short offset = 0; + short length = Util.getShort(userSecureIds, offset); + offset += 2; + if (length == 0) { + return KMType.INVALID_VALUE; + } + short arrObj = KMArray.instance(length); + short index = 0; + short obj; + while (index < length) { + obj = KMInteger.instance(userSecureIds, (short) (offset + index * 8), (short) 8); + KMArray.add(arrObj, index, obj); + index++; + } + return KMIntegerArrayTag.instance(KMType.ULONG_ARRAY_TAG, KMType.USER_SECURE_ID, arrObj); + } + + public void setUserSecureId(short integerArrayPtr) { + short length = KMIntegerArrayTag.length(integerArrayPtr); + if (length > MAX_SECURE_USER_IDS) { + KMException.throwIt(KMError.INVALID_KEY_BLOB); + } + Util.arrayFillNonAtomic(userSecureIds, (short) 0, USER_SECURE_IDS_SIZE, (byte) 0); + short index = 0; + short obj; + short offset = 0; + offset = Util.setShort(userSecureIds, offset, length); + while (index < length) { + obj = KMIntegerArrayTag.get(integerArrayPtr, index); + Util.arrayCopyNonAtomic( + KMInteger.getBuffer(obj), + KMInteger.getStartOff(obj), + userSecureIds, + (short) (8 - KMInteger.length(obj) + offset + 8 * index), + KMInteger.length(obj) + ); + index++; + } + } + + public void setAuthPerOperationReqd(boolean flag) { + if (flag) { + data[FLAGS] = (short) (data[FLAGS] | AUTH_PER_OP_REQD); + } else { + data[FLAGS] = (short) (data[FLAGS] & (~AUTH_PER_OP_REQD)); + } + } + + public short getAlgorithm() { + return data[ALG]; + } + + public void setAlgorithm(short algorithm) { + data[ALG] = algorithm; + } + + public short getPadding() { + return data[PADDING]; + } + + public void setPadding(short padding) { + data[PADDING] = padding; + } + + public short getBlockMode() { + return data[BLOCK_MODE]; + } + + public void setBlockMode(short blockMode) { + data[BLOCK_MODE] = blockMode; + } + + public short getDigest() { + return data[DIGEST]; + } + + public short getMgfDigest() { + return data[MGF_DIGEST]; + } + + public void setDigest(byte digest) { + data[DIGEST] = digest; + } + + public void setMgfDigest(byte mgfDigest) { + data[MGF_DIGEST] = mgfDigest; + } + + public boolean isAesGcmUpdateAllowed() { + return (data[FLAGS] & AES_GCM_UPDATE_ALLOWED) != 0; + } + + public void setAesGcmUpdateComplete() { + data[FLAGS] = (byte) (data[FLAGS] & (~AES_GCM_UPDATE_ALLOWED)); + } + + public void setAesGcmUpdateStart() { + data[FLAGS] = (byte) (data[FLAGS] | AES_GCM_UPDATE_ALLOWED); + } + + public void setMacLength(short length) { + data[MAC_LENGTH] = length; + } + + public short getMacLength() { + return data[MAC_LENGTH]; + } + + public byte getBufferingMode() { + short alg = getAlgorithm(); + short purpose = getPurpose(); + short digest = getDigest(); + short padding = getPadding(); + short blockMode = getBlockMode(); + + if (alg == KMType.RSA && digest == KMType.DIGEST_NONE && purpose == KMType.SIGN) { + return KMType.BUF_RSA_NO_DIGEST; + } + + if (alg == KMType.EC && digest == KMType.DIGEST_NONE && purpose == KMType.SIGN) { + return KMType.BUF_EC_NO_DIGEST; + } + + switch (alg) { + case KMType.AES: + if (purpose == KMType.ENCRYPT && padding == KMType.PKCS7) { + return KMType.BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGN; + } else if (purpose == KMType.DECRYPT && padding == KMType.PKCS7) { + return KMType.BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGN; + } else if (purpose == KMType.DECRYPT && blockMode == KMType.GCM) { + return KMType.BUF_AES_GCM_DECRYPT_BLOCK_ALIGN; + } + break; + case KMType.DES: + if (purpose == KMType.ENCRYPT && padding == KMType.PKCS7) { + return KMType.BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGN; + } else if (purpose == KMType.DECRYPT && padding == KMType.PKCS7) { + return KMType.BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGN; + } + } + return KMType.BUF_NONE; + } + + public void setTrustedConfirmationSigner(KMOperation hmacSignerOp) { + operations[HMAC_SIGNER_OPERATION] = hmacSignerOp; + } + + public KMOperation getTrustedConfirmationSigner() { + return (KMOperation) operations[HMAC_SIGNER_OPERATION]; + } + + public boolean isTrustedConfirmationRequired() { + return operations[HMAC_SIGNER_OPERATION] != null; + } +} diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java b/Applet/src/com/android/javacard/kmdevice/KMPKCS8Decoder.java similarity index 61% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java rename to Applet/src/com/android/javacard/kmdevice/KMPKCS8Decoder.java index 921cae28..be94b586 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMPKCS8DecoderImpl.java +++ b/Applet/src/com/android/javacard/kmdevice/KMPKCS8Decoder.java @@ -1,8 +1,8 @@ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.Util; -public class KMPKCS8DecoderImpl implements KMPKCS8Decoder { +public class KMPKCS8Decoder { public static final byte ASN1_OCTET_STRING = 0x04; public static final byte ASN1_SEQUENCE = 0x30; @@ -10,45 +10,76 @@ public class KMPKCS8DecoderImpl implements KMPKCS8Decoder { public static final byte ASN1_A0_TAG = (byte) 0xA0; public static final byte ASN1_A1_TAG = (byte) 0xA1; public static final byte ASN1_BIT_STRING = 0x03; - public static final byte[] EC_CURVE = { - 0x06, 0x08, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, 0x3d, 0x03, - 0x01, 0x07 - }; - public static final byte[] RSA_ALGORITHM = { - 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, - (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 - }; - public static final byte[] EC_ALGORITHM = { - 0x06, 0x07, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, - 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, (byte) 0x86, 0x48, - (byte) 0xce, 0x3d, 0x03, 0x01, 0x07 - }; + public static byte[] EC_CURVE; + public static byte[] RSA_ALGORITHM; + public static byte[] EC_ALGORITHM; private byte[] data; private short start; private short length; private short cur; - private static KMPKCS8DecoderImpl inst; + private static KMPKCS8Decoder inst; - private KMPKCS8DecoderImpl() { + private KMPKCS8Decoder() { start = 0; length = 0; cur = 0; } - @Override + public static void initStatics() { + EC_CURVE = new byte[]{ + 0x06, 0x08, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, 0x3d, 0x03, + 0x01, 0x07 + }; + RSA_ALGORITHM = new byte[]{ + 0x06, 0x09, 0x2A, (byte) 0x86, 0x48, (byte) 0x86, + (byte) 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00 + }; + EC_ALGORITHM = new byte[]{ + 0x06, 0x07, 0x2a, (byte) 0x86, 0x48, (byte) 0xce, + 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, (byte) 0x86, 0x48, + (byte) 0xce, 0x3d, 0x03, 0x01, 0x07 + }; + } + public short decodeRsa(short blob) { init(blob); decodeCommon((short) 0, RSA_ALGORITHM); return decodeRsaPrivateKey((short) 0); } - @Override public short decodeEc(short blob) { init(blob); decodeCommon((short) 0, EC_ALGORITHM); return decodeEcPrivateKey((short) 1); } + public short decodeEcSubjectPublicKeyInfo(short blob) { + init(blob); + header(ASN1_SEQUENCE); + short len = header(ASN1_SEQUENCE); + short ecPublicInfo = KMByteBlob.instance(len); + getBytes(ecPublicInfo); + if (Util.arrayCompare( + KMByteBlob.getBuffer(ecPublicInfo), + KMByteBlob.getStartOff(ecPublicInfo), + EC_ALGORITHM, + (short) 0, KMByteBlob.length(ecPublicInfo)) != 0) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + len = header(ASN1_BIT_STRING); + if (len < 1) { + KMException.throwIt(KMError.UNKNOWN_ERROR); + } + // TODO need to handle if unused bits are not zero + byte unusedBits = getByte(); + if (unusedBits != 0) { + KMException.throwIt(KMError.UNIMPLEMENTED); + } + short pubKey = KMByteBlob.instance((short) (len - 1)); + getBytes(pubKey); + return pubKey; + } + //Seq[Int,Int,Int,Int,] public short decodeRsaPrivateKey(short version) { short resp = KMArray.instance((short) 3); @@ -63,19 +94,31 @@ public short decodeRsaPrivateKey(short version) { KMException.throwIt(KMError.UNKNOWN_ERROR); } len = header(ASN1_INTEGER); - short modulus = getModulus(len); + short modulus = KMByteBlob.instance(len); + getBytes(modulus); + updateModulus(modulus); len = header(ASN1_INTEGER); short pubKey = KMByteBlob.instance(len); getBytes(pubKey); len = header(ASN1_INTEGER); short privKey = KMByteBlob.instance(len); getBytes(privKey); - KMArray.cast(resp).add((short) 0, modulus); - KMArray.cast(resp).add((short) 1, pubKey); - KMArray.cast(resp).add((short) 2, privKey); + KMArray.add(resp, (short) 0, modulus); + KMArray.add(resp, (short) 1, pubKey); + KMArray.add(resp, (short) 2, privKey); return resp; } + private void updateModulus(short blob) { + byte[] buffer = KMByteBlob.getBuffer(blob); + short startOff = KMByteBlob.getStartOff(blob); + short len = KMByteBlob.length(blob); + if (0 == buffer[startOff] && len > 256) { + KMByteBlob.setStartOff(blob, ++startOff); + KMByteBlob.setLength(blob, --len); + } + } + // Seq [Int, Blob] public void decodeCommon(short version, byte[] alg) { short len = header(ASN1_SEQUENCE); @@ -91,10 +134,10 @@ public void decodeCommon(short version, byte[] alg) { short blob = KMByteBlob.instance(len); getBytes(blob); if (Util.arrayCompare( - KMByteBlob.cast(blob).getBuffer(), - KMByteBlob.cast(blob).getStartOff(), + KMByteBlob.getBuffer(blob), + KMByteBlob.getStartOff(blob), alg, - (short) 0, KMByteBlob.cast(blob).length()) != 0) { + (short) 0, KMByteBlob.length(blob)) != 0) { KMException.throwIt(KMError.UNKNOWN_ERROR); } } @@ -121,14 +164,15 @@ public short decodeEcPrivateKey(short version) { if (len < 1) { KMException.throwIt(KMError.UNKNOWN_ERROR); } + // TODO need to handle if unused bits are not zero byte unusedBits = getByte(); if (unusedBits != 0) { KMException.throwIt(KMError.UNIMPLEMENTED); } short pubKey = KMByteBlob.instance((short) (len - 1)); getBytes(pubKey); - KMArray.cast(resp).add((short) 0, pubKey); - KMArray.cast(resp).add((short) 1, privKey); + KMArray.add(resp, (short) 0, pubKey); + KMArray.add(resp, (short) 1, privKey); return resp; } @@ -167,20 +211,10 @@ private short getShort() { return d; } - private short getModulus(short modulusLen) { - if (0 == data[cur] && modulusLen == 257) { - incrementCursor((short) 1); - modulusLen--; - } - short blob = KMByteBlob.instance(modulusLen); - getBytes(blob); - return blob; - } - private void getBytes(short blob) { - short len = KMByteBlob.cast(blob).length(); - Util.arrayCopyNonAtomic(data, cur, KMByteBlob.cast(blob).getBuffer(), - KMByteBlob.cast(blob).getStartOff(), len); + short len = KMByteBlob.length(blob); + Util.arrayCopyNonAtomic(data, cur, KMByteBlob.getBuffer(blob), + KMByteBlob.getStartOff(blob), len); incrementCursor(len); } @@ -200,17 +234,17 @@ private short getLength() { return KMType.INVALID_VALUE; //should not come here } - public static KMPKCS8DecoderImpl instance() { + public static KMPKCS8Decoder instance() { if (inst == null) { - inst = new KMPKCS8DecoderImpl(); + inst = new KMPKCS8Decoder(); } return inst; } public void init(short blob) { - data = KMByteBlob.cast(blob).getBuffer(); - start = KMByteBlob.cast(blob).getStartOff(); - length = KMByteBlob.cast(blob).length(); + data = KMByteBlob.getBuffer(blob); + start = KMByteBlob.getStartOff(blob); + length = KMByteBlob.length(blob); cur = start; } diff --git a/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java b/Applet/src/com/android/javacard/kmdevice/KMPreSharedKey.java similarity index 95% rename from Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java rename to Applet/src/com/android/javacard/kmdevice/KMPreSharedKey.java index 273aeb4a..268f9a8e 100644 --- a/Applet/src/com/android/javacard/keymaster/KMPreSharedKey.java +++ b/Applet/src/com/android/javacard/kmdevice/KMPreSharedKey.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; /** * KMPreSharedKey is a marker interface and the SE Provider has to implement this interface. diff --git a/Applet/src/com/android/javacard/kmdevice/KMRepository.java b/Applet/src/com/android/javacard/kmdevice/KMRepository.java new file mode 100644 index 00000000..56a3cb3e --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMRepository.java @@ -0,0 +1,113 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.JCSystem; +import javacard.framework.Util; + +/** + * KMRepository class manages persistent and volatile memory usage by the applet. Note the + * repository is only used by applet and it is not intended to be used by seProvider. + */ +public class KMRepository { + + public static final short HEAP_SIZE = 15000; + + // Class Attributes + private byte[] heap; + private short[] heapIndex; + private short reclaimIndex; + + // Singleton instance + private static KMRepository repository; + + public static KMRepository instance() { + return repository; + } + + public KMRepository(boolean isUpgrading) { + heap = JCSystem.makeTransientByteArray(HEAP_SIZE, JCSystem.CLEAR_ON_RESET); + heapIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET); + reclaimIndex = HEAP_SIZE; + heapIndex[0] = (short) 0; + repository = this; + } + + public void onUninstall() { + // Javacard Runtime environment cleans up the data. + + } + + public void onProcess() { + } + + public void clean() { + Util.arrayFillNonAtomic(heap, (short) 0, heapIndex[0], (byte) 0); + heapIndex[0] = 0; + reclaimIndex = HEAP_SIZE; + } + + public void onDeselect() { + } + + public void onSelect() { + // If write through caching is implemented then this method will restore the data into cache + } + + // This function uses memory from the back of the heap(transient memory). Call + // reclaimMemory function immediately after the use. + public short allocReclaimableMemory(short length) { + if ((((short) (reclaimIndex - length)) <= heapIndex[0]) + || (length >= HEAP_SIZE / 2)) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + reclaimIndex -= length; + return reclaimIndex; + } + + // Reclaims the memory back. + public void reclaimMemory(short length) { + if (reclaimIndex < heapIndex[0]) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + reclaimIndex += length; + } + + public short allocAvailableMemory() { + if (heapIndex[0] >= heap.length) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + short index = heapIndex[0]; + heapIndex[0] = (short) heap.length; + return index; + } + + public short alloc(short length) { + if ((((short) (heapIndex[0] + length)) > heap.length) || + (((short) (heapIndex[0] + length)) > reclaimIndex)) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + heapIndex[0] += length; + return (short) (heapIndex[0] - length); + } + + public byte[] getHeap() { + return heap; + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMRkpDataStore.java b/Applet/src/com/android/javacard/kmdevice/KMRkpDataStore.java new file mode 100644 index 00000000..bb7023b4 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMRkpDataStore.java @@ -0,0 +1,64 @@ +/* + * Copyright(C) 2022 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmdevice; + +public interface KMRkpDataStore extends KMUpgradable { + + /** + * This function stores the data of the corresponding id into the persistent memory. + * + * @param id of the buffer to be stored. @see {@link KMDataStoreConstants} + * @param data is the buffer that contains the data to be stored. + * @param offset is the start offset of the buffer. + * @param length is the length of the buffer. + */ + void storeData(byte id, byte[] data, short offset, short length); + + /** + * This function returns the stored data of the corresponding id. + * + * @param id of the buffer to be stored.@see {@link KMDataStoreConstants} + * @param data is the buffer in which the data of the corresponding id is returned. + * @param offset is the start offset of the buffer. + * @return length of the data copied to the buffer. + */ + byte[] getData(byte id); + + // keys + + /** + * This function creates an instance device unique key and stores in persitent memory. + * + * @param testMode flag denotes if the key is used test mode or production mode. + * @param pubKey buffer containing the EC public key. + * @param pubKeyOff start offset of the public key buffer. + * @param pubKeyLen length of the public key buffer. + * @param privKey buffer containing the EC private key. + * @param privKeyOff start offset of the private key buffer. + * @param privKeyLen length of the private key buffer. + */ + void createDeviceUniqueKey(boolean testMode, byte[] pubKey, short pubKeyOff, short pubKeyLen, + byte[] privKey, + short privKeyOff, short privKeyLen); + + /** + * Returns the device unique key + * + * @param testMode flag denotes if the key is used test mode or production mode. + * @return KMDeviceUniqueKey instance + */ + KMDeviceUniqueKey getDeviceUniqueKey(boolean testMode); +} diff --git a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java b/Applet/src/com/android/javacard/kmdevice/KMSEProvider.java similarity index 70% rename from Applet/src/com/android/javacard/keymaster/KMSEProvider.java rename to Applet/src/com/android/javacard/kmdevice/KMSEProvider.java index dbfa3710..03dfcd50 100644 --- a/Applet/src/com/android/javacard/keymaster/KMSEProvider.java +++ b/Applet/src/com/android/javacard/kmdevice/KMSEProvider.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import org.globalplatform.upgrade.Element; @@ -23,12 +23,7 @@ * interface is created by the singleton KMSEProviderImpl class for each provider. At a time there * can be only one provider in the applet package. */ -public interface KMSEProvider extends KMUpgradable { - - // Provision related constants. - public static final byte CERTIFICATE_CHAIN = 0; - public static final byte CERTIFICATE_EXPIRY = 1; - public static final byte CERTIFICATE_ISSUER = 2; +public interface KMSEProvider { /** * Create a symmetric key instance. If the algorithm and/or keysize are not supported then it @@ -70,6 +65,14 @@ void createAsymmetricKey( short pubModMaxLength, short[] lengths); + /** + * Initializes the trusted confirmation operation. + * + * @param computedHmacKey Instance of the computed Hmac key. + * @return instance of KMOperation. + */ + KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey); + /** * Verify that the imported key is valid. If the algorithm and/or keysize are not supported then * it should throw a CryptoException. @@ -228,7 +231,7 @@ boolean aesGCMDecrypt( * This is a oneshot operation that performs key derivation function using cmac kdf (CKDF) as * defined in android keymaster hal definition. * - * @param hmacKey instance of pre-shared key. + * @param hmacKey of pre-shared key. * @param label is the label to be used for ckdf. * @param labelStart is the start of label. * @param labelLen is the length of the label. @@ -277,7 +280,7 @@ short hmacSign( * This is a oneshot operation that signs the data using hmac algorithm. This is used to derive * the key, which is used to encrypt the keyblob. * - * @param masterKey instance of masterkey. + * @param masterkey of masterkey. * @param data is the buffer containing data to be signed. * @param dataStart is the start of the data. * @param dataLength is the length of the data. @@ -286,7 +289,7 @@ short hmacSign( * @return length of the signature buffer in bytes. */ short hmacKDF( - KMMasterKey masterKey, + KMMasterKey masterkey, byte[] data, short dataStart, short dataLength, @@ -296,7 +299,7 @@ short hmacKDF( /** * This is a oneshot operation that verifies the signature using hmac algorithm. * - * @param hmacKey instance of KMComputedHmacKey. + * @param hmacKey is the computed hmac key. * @param data is the buffer containing data. * @param dataStart is the start of the data. * @param dataLength is the length of the data. @@ -348,7 +351,7 @@ short rsaDecipherOAEP256( /** * This is a oneshot operation that signs the data using EC private key. * - * @param ecPrivKey instance of KMAttestationKey. + * @param ecPrivKey of KMAttestationKey. * @param inputDataBuf is the buffer of the input data. * @param inputDataStart is the start of the input data buffer. * @param inputDataLength is the length of the inpur data buffer in bytes. @@ -364,6 +367,134 @@ short ecSign256( byte[] outputDataBuf, short outputDataStart); + /** + * Implementation of HKDF as per RFC5869 https://datatracker.ietf.org/doc/html/rfc5869#section-2 + * + * @param ikm is the buffer containing input key material. + * @param ikmOff is the start of the input key. + * @param ikmLen is the length of the input key. + * @param salt is the buffer containing the salt. + * @param saltOff is the start of the salt buffer. + * @param saltLen is the length of the salt buffer. + * @param info is the buffer containing the application specific information + * @param infoOff is the start of the info buffer. + * @param infoLen is the length of the info buffer. + * @param out is the output buffer. + * @param outOff is the start of the output buffer. + * @param outLen is the length of the expected out buffer. + * @return Length of the out buffer which is outLen. + */ + short hkdf( + byte[] ikm, + short ikmOff, + short ikmLen, + byte[] salt, + short saltOff, + short saltLen, + byte[] info, + short infoOff, + short infoLen, + byte[] out, + short outOff, + short outLen); + + /** + * This function performs ECDH key agreement and generates a secret. + * + * @param privKey is the buffer containing the private key from first party. + * @param privKeyOff is the offset of the private key buffer. + * @param privKeyLen is the length of the private key buffer. + * @param publicKey is the buffer containing the public key from second party. + * @param publicKeyOff is the offset of the public key buffer. + * @param publicKeyLen is the length of the public key buffer. + * @param secret is the output buffer. + * @param secretOff is the offset of the output buffer. + * @return The length of the secret. + */ + short ecdhKeyAgreement( + byte[] privKey, + short privKeyOff, + short privKeyLen, + byte[] publicKey, + short publicKeyOff, + short publicKeyLen, + byte[] secret, + short secretOff); + + /** + * This is a oneshort operation that verifies the data using EC public key + * + * @param pubKey is the public key buffer. + * @param pubKeyOffset is the start of the public key buffer. + * @param pubKeyLen is the length of the public key. + * @param inputDataBuf is the buffer of the input data. + * @param inputDataStart is the start of the input data buffer. + * @param inputDataLength is the length of the input data buffer in bytes. + * @param signatureDataBuf is the buffer the signature input data. + * @param signatureDataStart is the start of the signature input data. + * @param signatureDataLen is the length of the signature input data. + * @return true if verification is successful, otherwise false. + */ + boolean ecVerify256( + byte[] pubKey, + short pubKeyOffset, + short pubKeyLen, + byte[] inputDataBuf, + short inputDataStart, + short inputDataLength, + byte[] signatureDataBuf, + short signatureDataStart, + short signatureDataLen); + + /** + * This is a oneshot operation that signs the data using device unique key. + * + * @param ecPrivKey instance of KMECDeviceUniqueKey to sign the input data. + * @param inputDataBuf is the buffer of the input data. + * @param inputDataStart is the start of the input data buffer. + * @param inputDataLength is the length of the input data buffer in bytes. + * @param outputDataBuf is the output buffer that contains the signature. + * @param outputDataStart is the start of the output data buffer. + * @return length of the decrypted data. + */ + short ecSign256( + KMDeviceUniqueKey ecPrivKey, + byte[] inputDataBuf, + short inputDataStart, + short inputDataLength, + byte[] outputDataBuf, + short outputDataStart); + + /** + * This is a oneshot operation that signs the data using device unique key. + * + * @param secret is the private key buffer. + * @param secretStart is the start of the private key buffer. + * @param secretLength is the length of the private key. + * @param inputDataBuf is the input buffer. + * @param inputDataStart is the start offset of the input buffer. + * @param inputDataLength is the length of the input buffer. + * @param outputDataBuf is the output buffer. + * @param outputDataStart is the start offset of the output buffer. + * @return length of the signed data. + */ + short ecSign256(byte[] secret, short secretStart, short secretLength, + byte[] inputDataBuf, short inputDataStart, short inputDataLength, + byte[] outputDataBuf, short outputDataStart); + + short rsaSign256Pkcs1( + byte[] secret, + short secretStart, + short secretLength, + byte[] modBuf, + short modStart, + short modLength, + byte[] inputDataBuf, + short inputDataStart, + short inputDataLength, + byte[] outputDataBuf, + short outputDataStart); + /** * This creates a persistent operation for signing, verify, encryption and decryption using HMAC, * AES and DES algorithms when keymaster hal's beginOperation function is executed. The @@ -401,14 +532,6 @@ KMOperation initSymmetricOperation( short ivLength, short macLength); - /** - * Initializes the trusted confirmation operation. - * - * @param computedHmacKey Instance of the computed Hmac key. - * @return instance of KMOperation. - */ - KMOperation initTrustedConfirmationSymmetricOperation(KMComputedHmacKey computedHmacKey); - /** * This creates a persistent operation for signing, verify, encryption and decryption using RSA * and EC algorithms when keymaster hal's beginOperation function is executed. For RSA the public @@ -422,6 +545,7 @@ KMOperation initSymmetricOperation( * @param padding is KMType.PADDING_NONE or KMType.RSA_OAEP, KMType.RSA_PKCS1_1_5_ENCRYPT, * KMType.RSA_PKCS1_1_5_SIGN or KMType.RSA_PSS. * @param digest is KMType.DIGEST_NONE or KMType.SHA2_256. + * @param mgfDigest is the MGF digest. * @param privKeyBuf is the private key in case of EC or private key exponent is case of RSA. * @param privKeyStart is the start of the private key. * @param privKeyLength is the length of the private key. @@ -435,6 +559,7 @@ KMOperation initAsymmetricOperation( byte alg, byte padding, byte digest, + byte mgfDigest, byte[] privKeyBuf, short privKeyStart, short privKeyLength, @@ -443,93 +568,86 @@ KMOperation initAsymmetricOperation( short pubModLength); /** - * This operation creates the empty instance of KMAttestationCert for rsa or ec public key - * attestation certificate. It corresponds to attestKEy command from keymaster hal specifications. - * The attestation certificate implementation will comply keymaster hal specifications. - * - * @param rsaCert if true indicates that certificate will attest a rsa public key else if false it - * is for ec public key. - * @return An empty instance of KMAttestationCert implementation. - */ - KMAttestationCert getAttestationCert(boolean rsaCert); - - /** - * Returns the implementation of the PKCS8 decoder. + * This function tells if applet is upgrading or not. * - * @return Instance of PKCS8 decoder. + * @return true if upgrading, otherwise false. */ - KMPKCS8Decoder getPKCS8DecoderInstance(); + boolean isUpgrading(); /** - * This operation persists the provision data in the persistent memory. + * This function creates an HMACKey and initializes the key with the provided input key data. * - * @param buf buffer which contains all the provision data. - * @param certChainOff is the start of the cert chain. - * @param certChainLen is the length of the cert chain. - * @param certIssuerOff is the start of the cert issuer. - * @param certIssuerLen is the length of the cert issuer. - * @param certExpiryOff is the start of the cert expiry. - * @param certExpiryLen is the length of the cert expiry. + * @param keyData buffer containing the key data. + * @param offset start of the buffer. + * @param length length of the buffer. + * @return An instance of the KMComputedHmacKey. */ - void persistProvisionData(byte[] buf, short certChainOff, short certChainLen, - short certIssuerOff, short certIssuerLen, short certExpiryOff, short certExpiryLen); + KMComputedHmacKey createComputedHmacKey(KMComputedHmacKey createComputedHmacKey, byte[] keyData, + short offset, short length); /** - * The operation reads the provisioned data from persistent memory. + * This function generates an AES Key of keySizeBits, which is used as an master key. This + * generated key is maintained by the SEProvider. This function should be called only once at the + * time of installation. * - * @param dataType type of the provision data to read. - * @param buf is the start of data buffer. - * @param offset is the start of the data. - * @return the length of the data buffer in bytes. + * @param instance of the masterkey. + * @param keySizeBits key size in bits. + * @return An instance of KMMasterKey. */ - short readProvisionedData(byte dataType, byte[] buf, short offset); + KMMasterKey createMasterKey(KMMasterKey masterKey, byte[] key, short offset, short length); /** - * This function returns the provisioned data length. + * This function generates a HMAC key from the provided key buffers. * - * @param dataType type of the provision data to read. - * @return length of the certificate chain. + * @param presharedKey instance of the presharedkey. + * @param key buffer containing the key data. + * @param offset start offset of the buffer. + * @param length is the length of the key. + * @return instance of KMPresharedKey. */ - short getProvisionedDataLength(byte dataType); + KMPreSharedKey createPreSharedKey(KMPreSharedKey presharedKey, byte[] key, short offset, + short length); /** - * This function tells if boot signal event is supported or not. - * - * @return true if supported, false otherwise. + * Returns true if factory provisioned attestation key is supported. */ - boolean isBootSignalEventSupported(); + boolean isAttestationKeyProvisioned(); /** - * This function tells if the device is booted or not. - * - * @return true if device booted, false otherwise. + * Returns algorithm type of the attestation key. It can be KMType.EC or KMType.RSA if the + * attestation key is provisioned in the factory. */ - boolean isDeviceRebooted(); + short getAttestationKeyAlgorithm(); /** - * This function is supposed to be used to reset the device booted stated after set boot param is - * handled + * Creates an ECKey instance and sets the public and private keys to it. * - * @param resetBootFlag is false if event has been handled + * @param testMode to indicate if current execution is for test or production. + * @param pubKey buffer containing the public key. + * @param pubKeyOff public key buffer start offset. + * @param pubKeyLen public key buffer length. + * @param privKey buffer containing the private key. + * @param privKeyOff private key buffer start offset. + * @param privKeyLen private key buffer length. + * @return instance of KMDeviceUniqueKey. */ - void clearDeviceBooted(boolean resetBootFlag); + KMDeviceUniqueKey createDeviceUniqueKey(KMDeviceUniqueKey key, + byte[] pubKey, short pubKeyOff, short pubKeyLen, byte[] privKey, + short privKeyOff, short privKeyLen); /** - * This function tells if applet is upgrading or not. + * This is a one-shot operation the does digest of the input mesage. * - * @return true if upgrading, otherwise false. + * @param inBuff input buffer to be digested. + * @param inOffset start offset of the input buffer. + * @param inLength length of the input buffer. + * @param outBuff is the output buffer that contains the digested data. + * @param outOffset start offset of the digested output buffer. + * @return length of the digested data. */ - boolean isUpgrading(); + short messageDigest256(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, + short outOffset); - /** - * This function generates an AES Key of keySizeBits, which is used as an master key. This - * generated key is maintained by the SEProvider. This function should be called only once at the - * time of installation. - * - * @param keySizeBits key size in bits. - * @return An instance of KMMasterKey. - */ - KMMasterKey createMasterKey(short keySizeBits); /** * This function creates an ECKey and initializes the ECPrivateKey with the provided input key @@ -541,74 +659,53 @@ void persistProvisionData(byte[] buf, short certChainOff, short certChainLen, * @param length length of the buffer. * @return An instance of KMAttestationKey. */ - KMAttestationKey createAttestationKey(byte[] keyData, short offset, short length); + KMAttestationKey createAttestationKey(KMAttestationKey attestationKey, byte[] keyData, + short offset, + short length); - /** - * This function creates an HMACKey and initializes the key with the provided input key data. This - * created key is maintained by the SEProvider. This function should be called only while - * provisioing the pre-shared secret. - * - * @param keyData buffer containing the key data. - * @param offset start of the buffer. - * @param length length of the buffer. - * @return An instance of KMPreSharedKey. - */ - KMPreSharedKey createPresharedKey(byte[] keyData, short offset, short length); /** - * This function creates an HMACKey and initializes the key with the provided input key data. + * This functions checks if SE power reset event occurred. * - * @param keyData buffer containing the key data. - * @param offset start of the buffer. - * @param length length of the buffer. - * @return An instance of the KMComputedHmacKey. + * @param resetFlag flag which denotes to reset the power reset event flag. + * @return true if power reset event occurrred; flase otherwise. */ - KMComputedHmacKey createComputedHmacKey(byte[] keyData, short offset, short length); + boolean isPowerReset(boolean resetFlag); /** - * Returns the master key. + * This function saves the key objects while upgrade. * - * @return Instance of the KMMasterKey + * @param element instance of the Element class where the objects to be stored. + * @param interfaceType the type interface of the parent object. + * @param object instance of the object to be saved. */ - KMMasterKey getMasterKey(); + void onSave(Element element, byte interfaceType, Object object); /** - * Returns the attestation key. - * - * @return Instance of the KMAttestationKey. + * This function restores the the object from element instance. + * + * @param element instance of the Element class. + * @return restored object. */ - KMAttestationKey getAttestationKey(); + Object onResore(Element element); /** - * Returns the preshared key. + * This function returns the count of the primitive bytes required to + * be stored by the implementation of the interface type. * - * @return Instance of the KMPreSharedKey. + * @param interfaceType type interface of the parent object. + * @return count of the primitive bytes. */ - KMPreSharedKey getPresharedKey(); + short getBackupPrimitiveByteCount(byte interfaceType); /** - * Returns the computed Hmac key. + * This function returns the object count required to be stored by the + * implementation of the interface type. * - * @return Instance of the computed hmac key. - */ - KMComputedHmacKey getComputedHmacKey(); - - /** - * Releases all the instance back to pool. Generally this is used when card is reset. + * @param interfaceType type interface of the parent object. + * @return count of the objects. */ - void releaseAllOperations(); + short getBackupObjectCount(byte interfaceType); - /** - * This is a one-shot operation the does digest of the input mesage. - * - * @param inBuff input buffer to be digested. - * @param inOffset start offset of the input buffer. - * @param inLength length of the input buffer. - * @param outBuff is the output buffer that contains the digested data. - * @param outOffset start offset of the digested output buffer. - * @return length of the digested data. - */ - short messageDigest256(byte[] inBuff, short inOffset, short inLength, byte[] outBuff, - short outOffset); } diff --git a/Applet/src/com/android/javacard/kmdevice/KMSimpleValue.java b/Applet/src/com/android/javacard/kmdevice/KMSimpleValue.java new file mode 100644 index 00000000..314c0670 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMSimpleValue.java @@ -0,0 +1,74 @@ +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +public class KMSimpleValue extends KMType { + + private static KMSimpleValue prototype; + + public static final byte FALSE = (byte) 20; + public static final byte TRUE = (byte) 21; + public static final byte NULL = (byte) 22; + + + private KMSimpleValue() { + } + + private static KMSimpleValue proto(short ptr) { + if (prototype == null) { + prototype = new KMSimpleValue(); + } + instanceTable[KM_SIMPLE_VALUE_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + return KMType.exp(SIMPLE_VALUE_TYPE); + } + + public short length() { + return Util.getShort(heap, (short) (instanceTable[KM_SIMPLE_VALUE_OFFSET] + 1)); + } + + private static KMSimpleValue cast(short ptr) { + if (heap[ptr] != SIMPLE_VALUE_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + if (!isSimpleValueValid(heap[(short) (ptr + 3)])) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + public static short instance(byte value) { + if (!isSimpleValueValid(value)) { + ISOException.throwIt(ISO7816.SW_DATA_INVALID); + } + short ptr = KMType.instance(SIMPLE_VALUE_TYPE, (short) 1); + heap[(short) (ptr + 3)] = value; + return ptr; + } + + public byte getValue() { + return heap[(short) (instanceTable[KM_SIMPLE_VALUE_OFFSET] + 3)]; + } + + public static byte getValue(short bPtr) { + return KMSimpleValue.cast(bPtr).getValue(); + } + + private static boolean isSimpleValueValid(byte value) { + switch (value) { + case TRUE: + case FALSE: + case NULL: + break; + default: + return false; + } + return true; + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMTag.java b/Applet/src/com/android/javacard/kmdevice/KMTag.java new file mode 100644 index 00000000..d420b453 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMTag.java @@ -0,0 +1,102 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.Util; + +/** + * This class represents a tag as defined by keymaster hal specifications. It is composed of key + * value pair. The key consists of short tag type e.g. KMType.ENUM and short tag key e.g. + * KMType.ALGORITHM. The key is encoded as uint CBOR type with 4 bytes. This is followed by value + * which can be any CBOR type based on key. struct{byte tag=KMType.TAG_TYPE, short length, value) + * where value is subtype of KMTag i.e. struct{short tagType=one of tag types declared in KMType , + * short tagKey=one of the tag keys declared in KMType, value} where value is one of the sub-types + * of KMType. + */ +public class KMTag extends KMType { + + public static short getKMTagType(short ptr) { + return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + } + + public static short getKMTagKey(short ptr) { + return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE + 2)); + } + + public static void assertPresence(short params, short tagType, short tagKey, short error) { + if (!isPresent(params, tagType, tagKey)) { + KMException.throwIt(error); + } + } + + public static void assertAbsence(short params, short tagType, short tagKey, short error) { + if (isPresent(params, tagType, tagKey)) { + KMException.throwIt(error); + } + } + + public static boolean isPresent(short params, short tagType, short tagKey) { + short tag = KMKeyParameters.findTag(params, tagType, tagKey); + return tag != KMType.INVALID_VALUE; + } + + public static boolean isEqual(short params, short tagType, short tagKey, short value) { + switch (tagType) { + case KMType.ENUM_TAG: + return KMEnumTag.getValue(tagKey, params) == value; + case KMType.UINT_TAG: + case KMType.DATE_TAG: + case KMType.ULONG_TAG: + return KMIntegerTag.isEqual(params, tagType, tagKey, value); + case KMType.ENUM_ARRAY_TAG: + return KMEnumArrayTag.contains(tagKey, value, params); + case KMType.UINT_ARRAY_TAG: + case KMType.ULONG_ARRAY_TAG: + return KMIntegerArrayTag.contains(tagKey, value, params); + } + return false; + } + + public static void assertTrue(boolean condition, short error) { + if (!condition) { + KMException.throwIt(error); + } + } + + public static boolean isValidPublicExponent(short params) { + short pubExp = KMKeyParameters.findTag(params, KMType.ULONG_TAG, KMType.RSA_PUBLIC_EXPONENT); + if (pubExp == KMType.INVALID_VALUE) { + return false; + } + // Only exponent support is F4 - 65537 which is 0x00010001. + pubExp = KMIntegerTag.getValue(pubExp); + if (!(KMInteger.getShort(pubExp) == 0x01 && + KMInteger.getSignificantShort(pubExp) == 0x01)) { + return false; + } + return true; + } + + public static boolean isValidKeySize(short params) { + short keysize = KMKeyParameters.findTag(params, KMType.UINT_TAG, KMType.KEYSIZE); + if (keysize == KMType.INVALID_VALUE) { + return false; + } + short alg = KMEnumTag.getValue(KMType.ALGORITHM, params); + return KMIntegerTag.isValidKeySize(keysize, (byte) alg); + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMTextString.java b/Applet/src/com/android/javacard/kmdevice/KMTextString.java new file mode 100644 index 00000000..e6bf4cc5 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMTextString.java @@ -0,0 +1,103 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.Util; + +/** + * KMTextString represents contiguous block of bytes. It corresponds to CBOR type of Text String. It + * extends KMByteBlob by specifying value field as zero or more sequence of bytes. struct{ byte + * TEXT_STR_TYPE; short length; sequence of bytes} + */ +public class KMTextString extends KMType { + + private static KMTextString prototype; + + private KMTextString() { + } + + private static KMTextString proto(short ptr) { + if (prototype == null) { + prototype = new KMTextString(); + } + instanceTable[KM_TEXT_STRING_OFFSET] = ptr; + return prototype; + } + + // pointer to an empty instance used as expression + public static short exp() { + return KMType.exp(TEXT_STRING_TYPE); + } + + // return an empty byte blob instance + public static short instance(short length) { + short ptr = KMType.instance(TEXT_STRING_TYPE, (short) (length)); + Util.setShort(heap, (short) (ptr + 1), length); + return ptr; + } + + // byte blob from existing buf + public static short instance(byte[] buf, short startOff, short length) { + short ptr = instance(length); + Util.arrayCopyNonAtomic(buf, startOff, heap, + (short) (ptr + TLV_HEADER_SIZE), length); + return ptr; + } + + // cast the ptr to KMTextString + private static KMTextString cast(short ptr) { + if (heap[ptr] != TEXT_STRING_TYPE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + if (Util.getShort(heap, (short) (ptr + 1)) == INVALID_VALUE) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + return proto(ptr); + } + + protected short getBaseOffset() { + return instanceTable[KM_TEXT_STRING_OFFSET]; + } + + // Get the length of the blob + private short length() { + return Util.getShort(heap, (short) (getBaseOffset() + 1)); + } + + private byte[] getBuffer() { + return heap; + } + + // Get the start of blob + public short getStartOff() { + return (short) (getBaseOffset() + TLV_HEADER_SIZE); + } + + public static short length(short bPtr) { + return cast(bPtr).length(); + } + + public static byte[] getBuffer(short bPtr) { + return cast(bPtr).getBuffer(); + } + + public static short getStartOff(short bPtr) { + return cast(bPtr).getStartOff(); + } +} diff --git a/Applet/src/com/android/javacard/kmdevice/KMType.java b/Applet/src/com/android/javacard/kmdevice/KMType.java new file mode 100644 index 00000000..0650b775 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/KMType.java @@ -0,0 +1,403 @@ +/* + * Copyright(C) 2020 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package com.android.javacard.kmdevice; + +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.JCSystem; +import javacard.framework.Util; + +/** + * This class declares all types, tag types, and tag keys. It also establishes basic structure of + * any KMType i.e. struct{byte type, short length, value} where value can any of the KMType. Also, + * KMType refers to transient memory heap in the repository. Finally KMType's subtypes are singleton + * prototype objects which just cast the structure over contiguous memory buffer. + */ +public abstract class KMType { + + public static final short INVALID_VALUE = (short) 0x8000; + protected static final byte TLV_HEADER_SIZE = 3; + + // Types + public static final byte BYTE_BLOB_TYPE = 0x01; + public static final byte INTEGER_TYPE = 0x02; + public static final byte ENUM_TYPE = 0x03; + public static final byte TAG_TYPE = 0x04; + public static final byte ARRAY_TYPE = 0x05; + public static final byte KEY_PARAM_TYPE = 0x06; + public static final byte KEY_CHAR_TYPE = 0x07; + public static final byte HW_AUTH_TOKEN_TYPE = 0x08; + public static final byte VERIFICATION_TOKEN_TYPE = 0x09; + public static final byte HMAC_SHARING_PARAM_TYPE = 0x0A; + public static final byte X509_CERT = 0x0B; + public static final byte NEG_INTEGER_TYPE = 0x0C; + public static final byte TEXT_STRING_TYPE = 0x0D; + public static final byte MAP_TYPE = 0x0E; + public static final byte COSE_KEY_TYPE = 0x0F; + public static final byte COSE_PAIR_TAG_TYPE = 0x10; + public static final byte COSE_PAIR_INT_TAG_TYPE = 0x20; + public static final byte COSE_PAIR_NEG_INT_TAG_TYPE = 0x30; + public static final byte COSE_PAIR_BYTE_BLOB_TAG_TYPE = 0x40; + public static final byte COSE_PAIR_COSE_KEY_TAG_TYPE = 0x60; + public static final byte COSE_PAIR_SIMPLE_VALUE_TAG_TYPE = 0x70; + public static final byte COSE_PAIR_TEXT_STR_TAG_TYPE = (byte) 0x80; + public static final byte SIMPLE_VALUE_TYPE = (byte) 0x90; + public static final byte COSE_HEADERS_TYPE = (byte) 0xA0; + public static final byte COSE_CERT_PAYLOAD_TYPE = (byte) 0xB0; + // Tag Types + public static final short INVALID_TAG = 0x0000; + public static final short ENUM_TAG = 0x1000; + public static final short ENUM_ARRAY_TAG = 0x2000; + public static final short UINT_TAG = 0x3000; + public static final short UINT_ARRAY_TAG = 0x4000; + public static final short ULONG_TAG = 0x5000; + public static final short DATE_TAG = 0x6000; + public static final short BOOL_TAG = 0x7000; + public static final short BIGNUM_TAG = (short) 0x8000; + public static final short BYTES_TAG = (short) 0x9000; + public static final short ULONG_ARRAY_TAG = (short) 0xA000; + public static final short TAG_TYPE_MASK = (short) 0xF000; + + // Enum Tag + // Internal tags + public static final short RULE = 0x7FFF; + public static final byte IGNORE_INVALID_TAGS = 0x00; + public static final byte FAIL_ON_INVALID_TAGS = 0x01; + + // Algorithm Enum Tag key and values + public static final short ALGORITHM = 0x0002; + public static final byte RSA = 0x01; + public static final byte DES = 0x21; + public static final byte EC = 0x03; + public static final byte AES = 0x20; + public static final byte HMAC = (byte) 0x80; + + // EcCurve Enum Tag key and values. + public static final short ECCURVE = 0x000A; + public static final byte P_224 = 0x00; + public static final byte P_256 = 0x01; + public static final byte P_384 = 0x02; + public static final byte P_521 = 0x03; + + // KeyBlobUsageRequirements Enum Tag key and values. + public static final short BLOB_USAGE_REQ = 0x012D; + public static final byte STANDALONE = 0x00; + public static final byte REQUIRES_FILE_SYSTEM = 0x01; + + // HardwareAuthenticatorType Enum Tag key and values. + public static final short USER_AUTH_TYPE = 0x01F8; + public static final byte USER_AUTH_NONE = 0x00; + public static final byte PASSWORD = 0x01; + public static final byte FINGERPRINT = 0x02; + public static final byte BOTH = 0x03; + // have to be power of 2 + public static final byte ANY = (byte) 0xFF; + + // Origin Enum Tag key and values. + public static final short ORIGIN = 0x02BE; + public static final byte GENERATED = 0x00; + public static final byte DERIVED = 0x01; + public static final byte IMPORTED = 0x02; + public static final byte UNKNOWN = 0x03; + public static final byte SECURELY_IMPORTED = 0x04; + + // Hardware Type tag key and values + public static final short HARDWARE_TYPE = 0x0130; + public static final byte SOFTWARE = 0x00; + public static final byte TRUSTED_ENVIRONMENT = 0x01; + public static final byte STRONGBOX = 0x02; + + // No Tag + // Derivation Function - No Tag defined + public static final short KEY_DERIVATION_FUNCTION = (short) 0xF001; + public static final byte DERIVATION_NONE = 0x00; + public static final byte RFC5869_SHA256 = 0x01; + public static final byte ISO18033_2_KDF1_SHA1 = 0x02; + public static final byte ISO18033_2_KDF1_SHA256 = 0x03; + public static final byte ISO18033_2_KDF2_SHA1 = 0x04; + public static final byte ISO18033_2_KDF2_SHA256 = 0x05; + + // KeyFormat - No Tag defined. + public static final short KEY_FORMAT = (short) 0xF002; + public static final byte X509 = 0x00; + public static final byte PKCS8 = 0x01; + public static final byte RAW = 0x03; + + // Verified Boot State + public static final short VERIFIED_BOOT_STATE = (short) 0xF003; + public static final byte VERIFIED_BOOT = 0x00; + public static final byte SELF_SIGNED_BOOT = 0x01; + public static final byte UNVERIFIED_BOOT = 0x02; + public static final byte FAILED_BOOT = 0x03; + + // Verified Boot Key + public static final short VERIFIED_BOOT_KEY = (short) 0xF004; + + // Verified Boot Hash + public static final short VERIFIED_BOOT_HASH = (short) 0xF005; + + // Device Locked + public static final short DEVICE_LOCKED = (short) 0xF006; + public static final byte DEVICE_LOCKED_TRUE = 0x01; + public static final byte DEVICE_LOCKED_FALSE = 0x00; + + // Enum Array Tag + // Purpose + public static final short PURPOSE = 0x0001; + public static final byte ENCRYPT = 0x00; + public static final byte DECRYPT = 0x01; + public static final byte SIGN = 0x02; + public static final byte VERIFY = 0x03; + public static final byte DERIVE_KEY = 0x04; + public static final byte WRAP_KEY = 0x05; + public static final byte AGREE_KEY = 0x06; + public static final byte ATTEST_KEY = (byte) 0x07; + // Block mode + public static final short BLOCK_MODE = 0x0004; + public static final byte ECB = 0x01; + public static final byte CBC = 0x02; + public static final byte CTR = 0x03; + public static final byte GCM = 0x20; + + // Digest + public static final short DIGEST = 0x0005; + public static final byte DIGEST_NONE = 0x00; + public static final byte MD5 = 0x01; + public static final byte SHA1 = 0x02; + public static final byte SHA2_224 = 0x03; + public static final byte SHA2_256 = 0x04; + public static final byte SHA2_384 = 0x05; + public static final byte SHA2_512 = 0x06; + + // Padding mode + public static final short PADDING = 0x0006; + public static final byte PADDING_NONE = 0x01; + public static final byte RSA_OAEP = 0x02; + public static final byte RSA_PSS = 0x03; + public static final byte RSA_PKCS1_1_5_ENCRYPT = 0x04; + public static final byte RSA_PKCS1_1_5_SIGN = 0x05; + public static final byte PKCS7 = 0x40; + + // OAEP MGF Digests - only SHA-1 is supported in Javacard + public static final short RSA_OAEP_MGF_DIGEST = 0xCB; + + // Integer Tag - UINT, ULONG and DATE + // UINT tags + // Keysize + public static final short KEYSIZE = 0x0003; + // Min Mac Length + public static final short MIN_MAC_LENGTH = 0x0008; + // Min Seconds between OPS + public static final short MIN_SEC_BETWEEN_OPS = 0x0193; + // Max Uses per Boot + public static final short MAX_USES_PER_BOOT = 0x0194; + // UserId + public static final short USERID = 0x01F5; + // Auth Timeout + public static final short AUTH_TIMEOUT = 0x01F9; + // Auth Timeout in Milliseconds + public static final short AUTH_TIMEOUT_MILLIS = 0x7FFF; + // OS Version + public static final short OS_VERSION = 0x02C1; + // OS Patch Level + public static final short OS_PATCH_LEVEL = 0x02C2; + // Vendor Patch Level + public static final short VENDOR_PATCH_LEVEL = 0x02CE; + // Boot Patch Level + public static final short BOOT_PATCH_LEVEL = 0x02CF; + // Mac Length + public static final short MAC_LENGTH = 0x03EB; + // Usage Count Limit + public static final short USAGE_COUNT_LIMIT = 0x195; + + // ULONG tags + // RSA Public Exponent + public static final short RSA_PUBLIC_EXPONENT = 0x00C8; + + // DATE tags + public static final short ACTIVE_DATETIME = 0x0190; + public static final short ORIGINATION_EXPIRE_DATETIME = 0x0191; + public static final short USAGE_EXPIRE_DATETIME = 0x0192; + public static final short CREATION_DATETIME = 0x02BD; + ; + public static final short CERTIFICATE_NOT_BEFORE = 0x03F0; + public static final short CERTIFICATE_NOT_AFTER = 0x03F1; + // Integer Array Tags - ULONG_REP and UINT_REP. + // User Secure Id + public static final short USER_SECURE_ID = (short) 0x01F6; + + // Boolean Tag + // Caller Nonce + public static final short CALLER_NONCE = (short) 0x0007; + // Include Unique Id + public static final short INCLUDE_UNIQUE_ID = (short) 0x00CA; + // Bootloader Only + public static final short BOOTLOADER_ONLY = (short) 0x012E; + // Rollback Resistance + public static final short ROLLBACK_RESISTANCE = (short) 0x012F; + // No Auth Required + public static final short NO_AUTH_REQUIRED = (short) 0x01F7; + // Allow While On Body + public static final short ALLOW_WHILE_ON_BODY = (short) 0x01FA; + // Trusted User Presence Required + public static final short TRUSTED_USER_PRESENCE_REQUIRED = (short) 0x01FB; + // Trusted Confirmation Required + public static final short TRUSTED_CONFIRMATION_REQUIRED = (short) 0x01FC; + // Unlocked Device Required + public static final short UNLOCKED_DEVICE_REQUIRED = (short) 0x01FD; + // Reset Since Id Rotation + public static final short RESET_SINCE_ID_ROTATION = (short) 0x03EC; + //Early boot ended. + public static final short EARLY_BOOT_ONLY = (short) 0x0131; + //Device unique attestation. + public static final short DEVICE_UNIQUE_ATTESTATION = (short) 0x02D0; + + // Byte Tag + // Application Id + public static final short APPLICATION_ID = (short) 0x0259; + // Application Data + public static final short APPLICATION_DATA = (short) 0x02BC; + // Root Of Trust + public static final short ROOT_OF_TRUST = (short) 0x02C0; + // Unique Id + public static final short UNIQUE_ID = (short) 0x02C3; + // Attestation Challenge + public static final short ATTESTATION_CHALLENGE = (short) 0x02C4; + // Attestation Application Id + public static final short ATTESTATION_APPLICATION_ID = (short) 0x02C5; + // Attestation Id Brand + public static final short ATTESTATION_ID_BRAND = (short) 0x02C6; + // Attestation Id Device + public static final short ATTESTATION_ID_DEVICE = (short) 0x02C7; + // Attestation Id Product + public static final short ATTESTATION_ID_PRODUCT = (short) 0x02C8; + // Attestation Id Serial + public static final short ATTESTATION_ID_SERIAL = (short) 0x02C9; + // Attestation Id IMEI + public static final short ATTESTATION_ID_IMEI = (short) 0x02CA; + // Attestation Id MEID + public static final short ATTESTATION_ID_MEID = (short) 0x02CB; + // Attestation Id Manufacturer + public static final short ATTESTATION_ID_MANUFACTURER = (short) 0x02CC; + // Attestation Id Model + public static final short ATTESTATION_ID_MODEL = (short) 0x02CD; + // Associated Data + public static final short ASSOCIATED_DATA = (short) 0x03E8; + // Nonce + public static final short NONCE = (short) 0x03E9; + // Confirmation Token + public static final short CONFIRMATION_TOKEN = (short) 0x03ED; + // Serial Number - this is a big num but in applet we handle it as byte blob + public static final short CERTIFICATE_SERIAL_NUM = (short) 0x03EE; + // Subject Name + public static final short CERTIFICATE_SUBJECT_NAME = (short) 0x03EF; + + public static final short LENGTH_FROM_PDU = (short) 0xFFFF; + + public static final byte NO_VALUE = (byte) 0xff; + // Support Curves for Eek Chain validation. + public static final byte RKP_CURVE_P256 = 1; + // Type offsets. + public static final byte KM_TYPE_BASE_OFFSET = 0; + public static final byte KM_ARRAY_OFFSET = KM_TYPE_BASE_OFFSET; + public static final byte KM_BOOL_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 1; + public static final byte KM_BYTE_BLOB_OFFSET = KM_TYPE_BASE_OFFSET + 2; + public static final byte KM_BYTE_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 3; + public static final byte KM_ENUM_OFFSET = KM_TYPE_BASE_OFFSET + 4; + public static final byte KM_ENUM_ARRAY_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 5; + public static final byte KM_ENUM_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 6; + public static final byte KM_HARDWARE_AUTH_TOKEN_OFFSET = KM_TYPE_BASE_OFFSET + 7; + public static final byte KM_HMAC_SHARING_PARAMETERS_OFFSET = KM_TYPE_BASE_OFFSET + 8; + public static final byte KM_INTEGER_OFFSET = KM_TYPE_BASE_OFFSET + 9; + public static final byte KM_INTEGER_ARRAY_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 10; + public static final byte KM_INTEGER_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 11; + public static final byte KM_KEY_CHARACTERISTICS_OFFSET = KM_TYPE_BASE_OFFSET + 12; + public static final byte KM_KEY_PARAMETERS_OFFSET = KM_TYPE_BASE_OFFSET + 13; + public static final byte KM_VERIFICATION_TOKEN_OFFSET = KM_TYPE_BASE_OFFSET + 14; + public static final byte KM_NEG_INTEGER_OFFSET = KM_TYPE_BASE_OFFSET + 15; + public static final byte KM_TEXT_STRING_OFFSET = KM_TYPE_BASE_OFFSET + 16; + public static final byte KM_MAP_OFFSET = KM_TYPE_BASE_OFFSET + 17; + public static final byte KM_COSE_KEY_OFFSET = KM_TYPE_BASE_OFFSET + 18; + public static final byte KM_COSE_KEY_INT_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 19; + public static final byte KM_COSE_KEY_NINT_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 20; + public static final byte KM_COSE_KEY_BYTE_BLOB_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 21; + public static final byte KM_COSE_KEY_COSE_KEY_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 22; + public static final byte KM_COSE_KEY_SIMPLE_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 23; + public static final byte KM_SIMPLE_VALUE_OFFSET = KM_TYPE_BASE_OFFSET + 24; + public static final byte KM_COSE_HEADERS_OFFSET = KM_TYPE_BASE_OFFSET + 25; + public static final byte KM_COSE_KEY_TXT_STR_VAL_OFFSET = KM_TYPE_BASE_OFFSET + 26; + public static final byte KM_COSE_CERT_PAYLOAD_OFFSET = KM_TYPE_BASE_OFFSET + 27; + public static final byte KM_BIGNUM_TAG_OFFSET = KM_TYPE_BASE_OFFSET + 28; + + // Attestation types + public static final byte NO_CERT = 0; + public static final byte ATTESTATION_CERT = 1; + public static final byte SELF_SIGNED_CERT = 2; + public static final byte FAKE_CERT = 3; + public static final byte FACTORY_PROVISIONED_ATTEST_CERT = 4; + // Buffering Mode + public static final byte BUF_NONE = 0; + public static final byte BUF_RSA_NO_DIGEST = 1; + public static final byte BUF_EC_NO_DIGEST = 2; + public static final byte BUF_AES_ENCRYPT_PKCS7_BLOCK_ALIGN = 3; + public static final byte BUF_AES_DECRYPT_PKCS7_BLOCK_ALIGN = 4; + public static final byte BUF_DES_ENCRYPT_PKCS7_BLOCK_ALIGN = 5; + public static final byte BUF_DES_DECRYPT_PKCS7_BLOCK_ALIGN = 6; + public static final byte BUF_AES_GCM_DECRYPT_BLOCK_ALIGN = 7; + + protected static KMRepository repository; + protected static byte[] heap; + // Instance table + public static final byte INSTANCE_TABLE_SIZE = 29; + protected static short[] instanceTable; + + public static void initialize() { + instanceTable = JCSystem.makeTransientShortArray(INSTANCE_TABLE_SIZE, JCSystem.CLEAR_ON_RESET); + KMType.repository = KMRepository.instance(); + KMType.heap = repository.getHeap(); + } + + public static byte getKMType(short ptr) { + return heap[ptr]; + } + + public static short getKMTypeLength(short ptr) { + return Util.getShort(heap, (short) (ptr + 1)); + } + + public static short getKMTypeValue(short ptr) { + return Util.getShort(heap, (short) (ptr + TLV_HEADER_SIZE)); + } + + protected static short instance(byte type, short length) { + if (length < 0) { + ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); + } + short ptr = repository.alloc((short) (length + TLV_HEADER_SIZE)); + heap[ptr] = type; + Util.setShort(heap, (short) (ptr + 1), length); + return ptr; + } + + protected static short exp(byte type) { + short ptr = repository.alloc(TLV_HEADER_SIZE); + heap[ptr] = type; + Util.setShort(heap, (short) (ptr + 1), INVALID_VALUE); + return ptr; + } + +} diff --git a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java b/Applet/src/com/android/javacard/kmdevice/KMUpgradable.java similarity index 95% rename from Applet/src/com/android/javacard/keymaster/KMUpgradable.java rename to Applet/src/com/android/javacard/kmdevice/KMUpgradable.java index 87204a06..d19fc3be 100644 --- a/Applet/src/com/android/javacard/keymaster/KMUpgradable.java +++ b/Applet/src/com/android/javacard/kmdevice/KMUpgradable.java @@ -13,7 +13,7 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import org.globalplatform.upgrade.Element; diff --git a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java b/Applet/src/com/android/javacard/kmdevice/KMUtils.java similarity index 80% rename from Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java rename to Applet/src/com/android/javacard/kmdevice/KMUtils.java index e41663ec..62677a35 100644 --- a/Applet/AndroidSEProvider/src/com/android/javacard/keymaster/KMUtils.java +++ b/Applet/src/com/android/javacard/kmdevice/KMUtils.java @@ -13,49 +13,71 @@ * See the License for the specific language governing permissions and * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.Util; public class KMUtils { // 64 bit unsigned calculations for time - public static final byte[] oneSecMsec = { - 0, 0, 0, 0, 0, 0, 0x03, (byte) 0xE8}; // 1000 msec - public static final byte[] oneMinMsec = { - 0, 0, 0, 0, 0, 0, (byte) 0xEA, 0x60}; // 60000 msec - public static final byte[] oneHourMsec = { - 0, 0, 0, 0, 0, 0x36, (byte) 0xEE, (byte) 0x80}; // 3600000 msec - public static final byte[] oneDayMsec = { - 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00}; // 86400000 msec - public static final byte[] oneMonthMsec = { - 0, 0, 0, 0, (byte) 0x9C, (byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec - public static final byte[] leapYearMsec = { - 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; - public static final byte[] yearMsec = { - 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 + public static byte[] oneSecMsec; // 1000 msec + public static byte[] oneMinMsec; // 60000 msec + public static byte[] oneHourMsec; // 3600000 msec + public static byte[] oneDayMsec; // 86400000 msec + public static byte[] oneMonthMsec; // 2629746000 msec + public static byte[] leapYearMsec; //31622400000; + public static byte[] yearMsec; //31536000000 //Leap year(366) + 3 * 365 - public static final byte[] fourYrsMsec = { - 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 - public static final byte[] firstJan2020 = { - 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte) 0xE8, 0x00}; // 1577836800000 msec - public static final byte[] firstJan2051 = { - 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00}; // 2556144000000 + public static byte[] fourYrsMsec;//126230400000 + public static byte[] firstJan2020; // 1577836800000 msec + public static byte[] firstJan2051; // 2556144000000 // msec - public static final byte[] febMonthLeapMSec = { - 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00}; //2505600000 - public static final byte[] febMonthMsec = { - 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00}; //2419200000 - public static final byte[] ThirtyOneDaysMonthMsec = { - 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00};//2678400000 - public static final byte[] ThirtDaysMonthMsec = { - 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00};//2592000000 + public static byte[] febMonthLeapMSec; //2505600000 + public static byte[] febMonthMsec; //2419200000 + public static byte[] ThirtyOneDaysMonthMsec;//2678400000 + public static byte[] ThirtDaysMonthMsec;//2592000000 public static final short year2051 = 2051; public static final short year2020 = 2020; // Convert to milliseconds constants - public static final byte[] SEC_TO_MILLIS_SHIFT_POS = {9, 8, 7, 6, 5, 3}; + public static byte[] SEC_TO_MILLIS_SHIFT_POS; // -------------------------------------- + public static void initStatics() { + oneSecMsec = new byte[]{ + 0, 0, 0, 0, 0, 0, 0x03, (byte) 0xE8}; // 1000 msec + oneMinMsec = new byte[]{ + 0, 0, 0, 0, 0, 0, (byte) 0xEA, 0x60}; // 60000 msec + oneHourMsec = new byte[]{ + 0, 0, 0, 0, 0, 0x36, (byte) 0xEE, (byte) 0x80}; // 3600000 msec + oneDayMsec = new byte[]{ + 0, 0, 0, 0, 0x05, 0x26, 0x5C, 0x00}; // 86400000 msec + oneMonthMsec = new byte[]{ + 0, 0, 0, 0, (byte) 0x9C, (byte) 0xBE, (byte) 0xBD, 0x50}; // 2629746000 msec + leapYearMsec = new byte[]{ + 0, 0, 0, 0x07, (byte) 0x5C, (byte) 0xD7, (byte) 0x88, 0x00}; //31622400000; + yearMsec = new byte[]{ + 0, 0, 0, 0x07, 0x57, (byte) 0xB1, 0x2C, 0x00}; //31536000000 + //Leap year(366) + 3 * 365 + fourYrsMsec = new byte[]{ + 0, 0, 0, 0x1D, 0x63, (byte) 0xEB, 0x0C, 0x00};//126230400000 + firstJan2020 = new byte[]{ + 0, 0, 0x01, 0x6F, 0x5E, 0x66, (byte) 0xE8, 0x00}; // 1577836800000 msec + firstJan2051 = new byte[]{ + 0, 0, 0x02, 0x53, 0x26, (byte) 0x0E, (byte) 0x1C, 0x00}; // 2556144000000 + // msec + febMonthLeapMSec = new byte[]{ + 0, 0, 0, 0, (byte) 0x95, 0x58, 0x6C, 0x00}; //2505600000 + febMonthMsec = new byte[]{ + 0, 0, 0, 0, (byte) 0x90, 0x32, 0x10, 0x00}; //2419200000 + ThirtyOneDaysMonthMsec = new byte[]{ + 0, 0, 0, 0, (byte) 0x9F, (byte) 0xA5, 0x24, 0x00};//2678400000 + ThirtDaysMonthMsec = new byte[]{ + 0, 0, 0, 0, (byte) 0x9A, 0x7E, (byte) 0xC8, 0x00};//2592000000 + // Convert to milliseconds constants + SEC_TO_MILLIS_SHIFT_POS = new byte[]{9, 8, 7, 6, 5, 3}; + + } + public static short convertToDate(short time, byte[] scratchPad, boolean utcFlag) { @@ -68,10 +90,9 @@ public static short convertToDate(short time, byte[] scratchPad, byte Z = 0x5A; boolean from2020 = true; Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) 256, (byte) 0); - Util.arrayCopyNonAtomic(KMInteger.cast(time).getBuffer(), - KMInteger.cast(time).getStartOff(), scratchPad, - (short) (8 - KMInteger.cast(time).length()), KMInteger.cast(time) - .length()); + Util.arrayCopyNonAtomic(KMInteger.getBuffer(time), + KMInteger.getStartOff(time), scratchPad, + (short) (8 - KMInteger.length(time)), KMInteger.length(time)); // If the time is less then 1 Jan 2020 then it is an error if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, firstJan2020, (short) 0, (short) 8) < 0) { @@ -87,14 +108,14 @@ public static short convertToDate(short time, byte[] scratchPad, (short) 8) < 0) { Util.arrayCopyNonAtomic(firstJan2020, (short) 0, scratchPad, (short) 8, (short) 8); - subtract(scratchPad, (short) 0, (short) 8, (short) 16); + subtract(scratchPad, (short) 0, (short) 8, (short) 16, (byte) 8); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } else { from2020 = false; Util.arrayCopyNonAtomic(firstJan2051, (short) 0, scratchPad, (short) 8, (short) 8); - subtract(scratchPad, (short) 0, (short) 8, (short) 16); + subtract(scratchPad, (short) 0, (short) 8, (short) 16, (byte) 8); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } @@ -103,10 +124,8 @@ public static short convertToDate(short time, byte[] scratchPad, (short) 8) >= 0) { Util.arrayCopyNonAtomic(fourYrsMsec, (short) 0, scratchPad, (short) 8, (short) 8); - yrsCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); // quotient - // is - // multiple - // of 4 + // quotient is multiple of 4 + yrsCount = divide(scratchPad, (short) 0, (short) 8, (short) 16); yrsCount = (short) (yrsCount * 4); // number of yrs. // copy reminder as new dividend Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, @@ -135,7 +154,7 @@ public static short convertToDate(short time, byte[] scratchPad, Util.arrayCopyNonAtomic(yearMsec, (short) 0, scratchPad, (short) 8, (short) 8); } - subtract(scratchPad, (short) 0, (short) 8, (short) 16); + subtract(scratchPad, (short) 0, (short) 8, (short) 16, (byte) 8); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); if (((short) (i + 1) == leapYrIdx)) { @@ -185,7 +204,7 @@ public static short convertToDate(short time, byte[] scratchPad, if (KMInteger.unsignedByteArrayCompare(scratchPad, (short) 0, scratchPad, (short) 8, (short) 8) >= 0) { - subtract(scratchPad, (short) 0, (short) 8, (short) 16); + subtract(scratchPad, (short) 0, (short) 8, (short) 16, (byte) 8); Util.arrayCopyNonAtomic(scratchPad, (short) 16, scratchPad, (short) 0, (short) 8); } else { @@ -287,7 +306,7 @@ public static short divide(byte[] buf, short dividend, short divisor, // Copy remainder in the dividend and repeat. while (expCnt != 0) { if (compare(buf, dividend, divisor) >= 0) { - subtract(buf, dividend, divisor, remainder); + subtract(buf, dividend, divisor, remainder, (byte) 8); copy(buf, remainder, dividend); q = (short) (q + expCnt); } @@ -353,9 +372,7 @@ public static void add(byte[] buf, short op1, short op2, short result) { byte carry = 0; short tmp; while (index >= 0) { - tmp = - (short) ((buf[(short) (op1 + index)] & 0xFF) + - (buf[(short) (op2 + index)] & 0xFF) + carry); + tmp = (short) (buf[(short) (op1 + index)] + buf[(short) (op2 + index)] + carry); carry = 0; if (tmp > 255) { carry = 1; // max unsigned byte value is 255 @@ -366,9 +383,9 @@ public static void add(byte[] buf, short op1, short op2, short result) { } // subtraction by borrowing. - public static void subtract(byte[] buf, short op1, short op2, short result) { + public static void subtract(byte[] buf, short op1, short op2, short result, byte sizeBytes) { byte borrow = 0; - byte index = 7; + byte index = (byte) (sizeBytes - 1); short r; short x; short y; @@ -421,6 +438,15 @@ public static short getLeapYrIndex(boolean from2020, short yrsCount) { return -1; } + public static void computeOnesCompliment(byte[] buf, short offset, short len) { + short index = offset; + // Compute 1s compliment + while (index < (short) (len + offset)) { + buf[index] = (byte) ~buf[index]; + index++; + } + } + // i * 1000 = (i << 9) + (i << 8) + (i << 7) + (i << 6) + (i << 5) + ( i << 3) public static void convertToMilliseconds(byte[] buf, short inputOff, short outputOff, short scratchPadOff) { @@ -436,5 +462,4 @@ public static void convertToMilliseconds(byte[] buf, short inputOff, short outpu index++; } } - } diff --git a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java b/Applet/src/com/android/javacard/kmdevice/KMVerificationToken.java similarity index 50% rename from Applet/src/com/android/javacard/keymaster/KMVerificationToken.java rename to Applet/src/com/android/javacard/kmdevice/KMVerificationToken.java index 1be88ded..f553d5ce 100644 --- a/Applet/src/com/android/javacard/keymaster/KMVerificationToken.java +++ b/Applet/src/com/android/javacard/kmdevice/KMVerificationToken.java @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.android.javacard.keymaster; +package com.android.javacard.kmdevice; import javacard.framework.ISO7816; import javacard.framework.ISOException; @@ -33,22 +33,30 @@ public class KMVerificationToken extends KMType { public static final byte TIMESTAMP = 0x01; public static final byte PARAMETERS_VERIFIED = 0x02; public static final byte SECURITY_LEVEL = 0x03; - public static final byte MAC = 0x04; + public static final byte MAC1 = 0x02; + public static final byte MAC2 = 0x04; private static KMVerificationToken prototype; private KMVerificationToken() { } - public static short exp() { + public static short timeStampTokenExp() { + short arrPtr = KMArray.instance((short) 3); + KMArray.add(arrPtr, CHALLENGE, KMInteger.exp()); + KMArray.add(arrPtr, TIMESTAMP, KMInteger.exp()); + KMArray.add(arrPtr, MAC1, KMByteBlob.exp()); + return instance(arrPtr); + } + + public static short verificationTokenExp() { short arrPtr = KMArray.instance((short) 5); - KMArray arr = KMArray.cast(arrPtr); - arr.add(CHALLENGE, KMInteger.exp()); - arr.add(TIMESTAMP, KMInteger.exp()); + KMArray.add(arrPtr, CHALLENGE, KMInteger.exp()); + KMArray.add(arrPtr, TIMESTAMP, KMInteger.exp()); //arr.add(PARAMETERS_VERIFIED, KMKeyParameters.exp()); - arr.add(PARAMETERS_VERIFIED, KMByteBlob.exp()); - arr.add(SECURITY_LEVEL, KMEnum.instance(KMType.HARDWARE_TYPE)); - arr.add(MAC, KMByteBlob.exp()); + KMArray.add(arrPtr, PARAMETERS_VERIFIED, KMByteBlob.exp()); + KMArray.add(arrPtr, SECURITY_LEVEL, KMEnum.instance(KMType.HARDWARE_TYPE)); + KMArray.add(arrPtr, MAC2, KMByteBlob.exp()); return instance(arrPtr); } @@ -56,24 +64,30 @@ private static KMVerificationToken proto(short ptr) { if (prototype == null) { prototype = new KMVerificationToken(); } - instanceTable[KM_VERIFICATION_TOKEN_OFFSET] = ptr; + KMType.instanceTable[KM_VERIFICATION_TOKEN_OFFSET] = ptr; return prototype; } - public static short instance() { + public static short instance1() { + short arrPtr = KMArray.instance((short) 3); + KMArray.add(arrPtr, CHALLENGE, KMInteger.uint_16((short) 0)); + KMArray.add(arrPtr, TIMESTAMP, KMInteger.uint_16((short) 0)); + KMArray.add(arrPtr, MAC1, KMByteBlob.instance((short) 0)); + return instance(arrPtr); + } + + public static short instance2() { short arrPtr = KMArray.instance((short) 5); - KMArray arr = KMArray.cast(arrPtr); - arr.add(CHALLENGE, KMInteger.uint_16((short) 0)); - arr.add(TIMESTAMP, KMInteger.uint_16((short) 0)); - arr.add(PARAMETERS_VERIFIED, KMByteBlob.instance((short) 0)); - arr.add(SECURITY_LEVEL, KMEnum.instance(KMType.HARDWARE_TYPE, KMType.STRONGBOX)); - arr.add(MAC, KMByteBlob.instance((short) 0)); + KMArray.add(arrPtr, CHALLENGE, KMInteger.uint_16((short) 0)); + KMArray.add(arrPtr, TIMESTAMP, KMInteger.uint_16((short) 0)); + KMArray.add(arrPtr, PARAMETERS_VERIFIED, KMByteBlob.instance((short) 0)); + KMArray.add(arrPtr, SECURITY_LEVEL, KMEnum.instance(KMType.HARDWARE_TYPE, KMType.STRONGBOX)); + KMArray.add(arrPtr, MAC2, KMByteBlob.instance((short) 0)); return instance(arrPtr); } public static short instance(short vals) { - KMArray arr = KMArray.cast(vals); - if (arr.length() != 5) { + if (KMArray.length(vals) != 3 && KMArray.length(vals) != 5) { ISOException.throwIt(ISO7816.SW_WRONG_LENGTH); } short ptr = KMType.instance(VERIFICATION_TOKEN_TYPE, (short) 2); @@ -81,7 +95,7 @@ public static short instance(short vals) { return ptr; } - public static KMVerificationToken cast(short ptr) { + private static KMVerificationToken cast(short ptr) { if (heap[ptr] != VERIFICATION_TOKEN_TYPE) { ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); } @@ -93,68 +107,69 @@ public static KMVerificationToken cast(short ptr) { } public short getVals() { - return Util.getShort(heap, (short) (instanceTable[KM_VERIFICATION_TOKEN_OFFSET] + TLV_HEADER_SIZE)); + return Util.getShort(heap, + (short) (KMType.instanceTable[KM_VERIFICATION_TOKEN_OFFSET] + TLV_HEADER_SIZE)); } public short length() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).length(); + return KMArray.length(arrPtr); } public short getChallenge() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(CHALLENGE); + return KMArray.get(arrPtr, CHALLENGE); } public void setChallenge(short vals) { - KMInteger.cast(vals); + KMInteger.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(CHALLENGE, vals); + KMArray.add(arrPtr, CHALLENGE, vals); } public short getTimestamp() { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(TIMESTAMP); + return KMArray.get(arrPtr, TIMESTAMP); } public void setTimestamp(short vals) { - KMInteger.cast(vals); + KMInteger.validate(vals); short arrPtr = getVals(); - KMArray.cast(arrPtr).add(TIMESTAMP, vals); + KMArray.add(arrPtr, TIMESTAMP, vals); } - public short getMac() { + public short getMac(short macIndex) { short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(MAC); + return KMArray.get(arrPtr, macIndex); } - public void setMac(short vals) { - KMByteBlob.cast(vals); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(MAC, vals); + + public static short getVals(short bPtr) { + return KMVerificationToken.cast(bPtr).getVals(); } - public short getParametersVerified() { - short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(PARAMETERS_VERIFIED); + public static short length(short bPtr) { + return KMVerificationToken.cast(bPtr).length(); } - public void setParametersVerified(short vals) { - // KMKeyParameters.cast(vals); - KMByteBlob.cast(vals); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(PARAMETERS_VERIFIED, vals); + public static short getChallenge(short bPtr) { + return KMVerificationToken.cast(bPtr).getChallenge(); } - public short getSecurityLevel() { - short arrPtr = getVals(); - return KMArray.cast(arrPtr).get(SECURITY_LEVEL); + public static void setChallenge(short bPtr, short vals) { + KMVerificationToken.cast(bPtr).setChallenge(vals); } - public void setSecurityLevel(short vals) { - KMEnum.cast(vals); - short arrPtr = getVals(); - KMArray.cast(arrPtr).add(SECURITY_LEVEL, vals); + public static short getTimestamp(short bPtr) { + return KMVerificationToken.cast(bPtr).getTimestamp(); + } + + public static void setTimestamp(short bPtr, short vals) { + KMVerificationToken.cast(bPtr).setTimestamp(vals); + } + + public static short getMac(short bPtr, short macIndex) { + return KMVerificationToken.cast(bPtr).getMac(macIndex); } } diff --git a/Applet/src/com/android/javacard/kmdevice/RemotelyProvisionedComponentDevice.java b/Applet/src/com/android/javacard/kmdevice/RemotelyProvisionedComponentDevice.java new file mode 100644 index 00000000..814cb8f0 --- /dev/null +++ b/Applet/src/com/android/javacard/kmdevice/RemotelyProvisionedComponentDevice.java @@ -0,0 +1,1450 @@ +/* + * Copyright(C) 2021 The Android Open Source Project + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package com.android.javacard.kmdevice; + +import javacard.framework.APDU; +import javacard.framework.ISO7816; +import javacard.framework.ISOException; +import javacard.framework.JCSystem; +import javacard.framework.Util; + +/* + * This class handles the remote key provisioning. Generates an RKP key and generates a certificate signing + * request(CSR). The generation of CSR is divided amoung multiple functions to the save the memory inside + * the Applet. The set of functions to be called sequentially in the order to complete the process of + * generating the CSR are processBeginSendData, processUpdateKey, processUpdateEekChain, + * processUpdateChallenge, processFinishSendData and getResponse. ProcessUpdateKey is called N times, where + * N is the number of keys. Similarly getResponse is called is multiple times till the client receives the + * response completely. + */ +public class RemotelyProvisionedComponentDevice { + + private static final byte TRUE = 0x01; + private static final byte FALSE = 0x00; + // RKP Version + private static final short RKP_VERSION = (short) 0x01; + // Boot params + private static final byte OS_VERSION_ID = 0x00; + private static final byte SYSTEM_PATCH_LEVEL_ID = 0x01; + private static final byte BOOT_PATCH_LEVEL_ID = 0x02; + private static final byte VENDOR_PATCH_LEVEL_ID = 0x03; + public static final short MAX_COSE_BUF_SIZE = (short) 1024; + // Device Info labels + public static byte[] BRAND; + public static byte[] MANUFACTURER; + public static byte[] PRODUCT; + public static byte[] MODEL; + public static byte[] BOARD; + public static byte[] VB_STATE; + public static byte[] BOOTLOADER_STATE; + public static byte[] VB_META_DIGEST; + public static byte[] OS_VERSION; + public static byte[] SYSTEM_PATCH_LEVEL; + public static byte[] BOOT_PATCH_LEVEL; + public static byte[] VENDOR_PATCH_LEVEL; + public static byte[] DEVICE_INFO_VERSION; + public static byte[] SECURITY_LEVEL; + public static byte[] ATTEST_ID_STATE; + // Verified boot state values + public static byte[] VB_STATE_GREEN; + public static byte[] VB_STATE_YELLOW; + public static byte[] VB_STATE_ORANGE; + public static byte[] VB_STATE_RED; + // Boot loader state values + public static byte[] UNLOCKED; + public static byte[] LOCKED; + // Device info CDDL schema version + public static final byte DI_SCHEMA_VERSION = 1; + public static byte[] DI_SECURITY_LEVEL; + public static byte[] ATTEST_ID_LOCKED; + public static byte[] ATTEST_ID_OPEN; + private static final short MAX_SEND_DATA = 1024; + // more data or no data + private static final byte MORE_DATA = 0x01; // flag to denote more data to retrieve + private static final byte NO_DATA = 0x00; + // Response processing states + private static final byte START_PROCESSING = 0x00; + private static final byte PROCESSING_BCC_IN_PROGRESS = 0x02; + private static final byte PROCESSING_BCC_COMPLETE = 0x04; + private static final byte PROCESSING_ACC_IN_PROGRESS = 0x08; // Additional certificate chain. + private static final byte PROCESSING_ACC_COMPLETE = 0x0A; + // data table + private static final short DATA_SIZE = 512; + private static final short DATA_INDEX_SIZE = 11; + public static final short DATA_INDEX_ENTRY_SIZE = 4; + public static final short DATA_INDEX_ENTRY_LENGTH = 0; + public static final short DATA_INDEX_ENTRY_OFFSET = 2; + // data offsets + private static final short EPHEMERAL_MAC_KEY = 0; + private static final short TOTAL_KEYS_TO_SIGN = 1; + private static final short KEYS_TO_SIGN_COUNT = 2; + private static final short TEST_MODE = 3; + private static final short EEK_KEY = 4; + private static final short EEK_KEY_ID = 5; + private static final short CHALLENGE = 6; + private static final short GENERATE_CSR_PHASE = 7; + private static final short EPHEMERAL_PUB_KEY = 8; + private static final short RESPONSE_PROCESSING_STATE = 9; + private static final short ACC_PROCESSED_LENGTH = 10; + + // data item sizes + private static final short MAC_KEY_SIZE = 32; + private static final short SHORT_SIZE = 2; + private static final short BYTE_SIZE = 1; + private static final short TEST_MODE_SIZE = 1; + // generate csr states + private static final byte BEGIN = 0x01; + private static final byte UPDATE = 0x02; + private static final byte FINISH = 0x04; + private static final byte GET_RESPONSE = 0x06; + // variables + private byte[] data; + private KMEncoder encoder; + private KMDecoder decoder; + private KMRepository repository; + private KMSEProvider seProvider; + private Object[] operation; + private short[] dataIndex; + private Object[] authorizedEekRoots; + private KMKeymintDevice KMAppletInst; + private KMDataStore storeDataInst; + private KMRkpDataStore rkpStoreDataInst; + private KMBootDataStore bootParamsProv; + private KMCose kmCoseInst; + private short[] deviceIds; + + public RemotelyProvisionedComponentDevice(KMKeymintDevice KMApplet, KMEncoder encoder, + KMDecoder decoder, + KMRepository repository, KMSEProvider seProvider, KMDataStore storeData, + KMRkpDataStore rkpStore, + KMBootDataStore bootParamsProvider) { + initStatics(); + this.encoder = encoder; + this.decoder = decoder; + this.repository = repository; + this.seProvider = seProvider; + this.KMAppletInst = KMApplet; + storeDataInst = storeData; + rkpStoreDataInst = rkpStore; + bootParamsProv = bootParamsProvider; + deviceIds = JCSystem.makeTransientShortArray((short) 30, JCSystem.CLEAR_ON_RESET); + data = JCSystem.makeTransientByteArray(DATA_SIZE, JCSystem.CLEAR_ON_RESET); + operation = JCSystem.makeTransientObjectArray((short) 1, JCSystem.CLEAR_ON_RESET); + dataIndex = JCSystem.makeTransientShortArray((short) 1, JCSystem.CLEAR_ON_RESET); + operation[0] = null; + createAuthorizedEEKRoot(); + kmCoseInst = KMCose.getInstance(); + } + + public static void initStatics() { + // Device Info labels + BRAND = new byte[]{0x62, 0x72, 0x61, 0x6E, 0x64}; + MANUFACTURER = new byte[]{0x6D, 0x61, 0x6E, 0x75, 0x66, 0x61, 0x63, 0x74, 0x75, + 0x72, 0x65, 0x72}; + PRODUCT = new byte[]{0x70, 0x72, 0x6F, 0x64, 0x75, 0x63, 0x74}; + MODEL = new byte[]{0x6D, 0x6F, 0x64, 0x65, 0x6C}; + BOARD = new byte[]{0x62, 0x6F, 0x61, 0x72, 0x64}; + VB_STATE = new byte[]{0x76, 0x62, 0x5F, 0x73, 0x74, 0x61, 0x74, 0x65}; + BOOTLOADER_STATE = new byte[] + {0x62, 0x6F, 0x6F, 0x74, 0x6C, 0x6F, 0x61, 0x64, 0x65, 0x72, 0x5F, 0x73, 0x74, 0x61, 0x74, + 0x65}; + VB_META_DIGEST = new byte[] + {0X76, 0X62, 0X6D, 0X65, 0X74, 0X61, 0X5F, 0X64, 0X69, 0X67, 0X65, 0X73, 0X74}; + OS_VERSION = new byte[]{0x6F, 0x73, 0x5F, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6F, + 0x6E}; + SYSTEM_PATCH_LEVEL = new byte[] + {0x73, 0x79, 0x73, 0x74, 0x65, 0x6D, 0x5F, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5F, 0x6C, 0x65, + 0x76, 0x65, 0x6C}; + BOOT_PATCH_LEVEL = new byte[] + {0x62, 0x6F, 0x6F, 0x74, 0x5F, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5F, 0x6C, 0x65, 0x76, 0x65, + 0x6C}; + VENDOR_PATCH_LEVEL = new byte[] + {0x76, 0x65, 0x6E, 0x64, 0x6F, 0x72, 0x5F, 0x70, 0x61, 0x74, 0x63, 0x68, 0x5F, 0x6C, 0x65, + 0x76, 0x65, 0x6C}; + DEVICE_INFO_VERSION = new byte[] + {0x76, 0x65, 0x72, 0x73, 0x69, 0x6F, 0x6E}; + SECURITY_LEVEL = new byte[] + {0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5F, 0x6C, 0x65, 0x76, 0x65, 0x6C}; + ATTEST_ID_STATE = new byte[] + {0x61, 0x74, 0x74, 0x5f, 0x69, 0x64, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x65}; + // Verified boot state values + VB_STATE_GREEN = new byte[]{0x67, 0x72, 0x65, 0x65, 0x6E}; + VB_STATE_YELLOW = new byte[]{0x79, 0x65, 0x6C, 0x6C, 0x6F, 0x77}; + VB_STATE_ORANGE = new byte[]{0x6F, 0x72, 0x61, 0x6E, 0x67, 0x65}; + VB_STATE_RED = new byte[]{0x72, 0x65, 0x64}; + // Boot loader state values + UNLOCKED = new byte[]{0x75, 0x6E, 0x6C, 0x6F, 0x63, 0x6B, 0x65, 0x64}; + LOCKED = new byte[]{0x6C, 0x6F, 0x63, 0x6B, 0x65, 0x64}; + + DI_SECURITY_LEVEL = new byte[]{0x73, 0x74, 0x72, 0x6F, 0x6E, 0x67, 0x62, 0x6F, + 0x78}; + ATTEST_ID_LOCKED = new byte[]{0x6c, 0x6f, 0x63, 0x6b, 0x65, 0x64}; + ATTEST_ID_OPEN = new byte[]{0x6f, 0x70, 0x65, 0x6e}; + } + + private void createAuthorizedEEKRoot() { + if (authorizedEekRoots == null) { + authorizedEekRoots = + new Object[] + { + new byte[]{ + 0x04, + (byte) 0xf7, (byte) 0x14, (byte) 0x8a, (byte) 0xdb, (byte) 0x97, (byte) 0xf4, + (byte) 0xcc, (byte) 0x53, (byte) 0xef, (byte) 0xd2, (byte) 0x64, (byte) 0x11, + (byte) 0xc4, (byte) 0xe3, (byte) 0x75, (byte) 0x1f, (byte) 0x66, (byte) 0x1f, + (byte) 0xa4, (byte) 0x71, (byte) 0x0c, (byte) 0x6c, (byte) 0xcf, (byte) 0xfa, + (byte) 0x09, (byte) 0x46, (byte) 0x80, (byte) 0x74, (byte) 0x87, (byte) 0x54, + (byte) 0xf2, (byte) 0xad, + (byte) 0x5e, (byte) 0x7f, (byte) 0x5b, (byte) 0xf6, (byte) 0xec, (byte) 0xe4, + (byte) 0xf6, (byte) 0x19, (byte) 0xcc, (byte) 0xff, (byte) 0x13, (byte) 0x37, + (byte) 0xfd, (byte) 0x0f, (byte) 0xa1, (byte) 0xc8, (byte) 0x93, (byte) 0xdb, + (byte) 0x18, (byte) 0x06, (byte) 0x76, (byte) 0xc4, (byte) 0x5d, (byte) 0xe6, + (byte) 0xd7, (byte) 0x6a, (byte) 0x77, (byte) 0x86, (byte) 0xc3, (byte) 0x2d, + (byte) 0xaf, (byte) 0x8f + }, + }; + } + } + + private void initializeDataTable() { + if (dataIndex[0] != 0) { + KMException.throwIt(KMError.INVALID_STATE); + } + dataIndex[0] = (short) (DATA_INDEX_SIZE * DATA_INDEX_ENTRY_SIZE); + } + + private short dataAlloc(short length) { + if ((short) (dataIndex[0] + length) > (short) data.length) { + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + dataIndex[0] += length; + return (short) (dataIndex[0] - length); + } + + private void clearDataTable() { + Util.arrayFillNonAtomic(data, (short) 0, (short) data.length, (byte) 0x00); + dataIndex[0] = 0x00; + } + + private void releaseOperation() { + if (operation[0] != null) { + ((KMOperation) operation[0]).abort(); + operation[0] = null; + } + } + + private short createEntry(short index, short length) { + index = (short) (index * DATA_INDEX_ENTRY_SIZE); + short ptr = dataAlloc(length); + Util.setShort(data, index, length); + Util.setShort(data, (short) (index + DATA_INDEX_ENTRY_OFFSET), ptr); + return ptr; + } + + private short getEntry(short index) { + index = (short) (index * DATA_INDEX_ENTRY_SIZE); + return Util.getShort(data, (short) (index + DATA_INDEX_ENTRY_OFFSET)); + } + + private short getEntryLength(short index) { + index = (short) (index * DATA_INDEX_ENTRY_SIZE); + return Util.getShort(data, index); + } + + private void processGetRkpHwInfoCmd(APDU apdu) { + // Make the response + // Author name - Google. + final byte[] google = {0x47, 0x6F, 0x6F, 0x67, 0x6C, 0x65}; + short respPtr = KMArray.instance((short) 4); + KMArray.add(respPtr, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(respPtr, (short) 1, KMInteger.uint_16(RKP_VERSION)); + KMArray.add(respPtr, (short) 2, KMByteBlob.instance(google, (short) 0, (short) google.length)); + KMArray.add(respPtr, (short) 3, KMInteger.uint_8(KMType.RKP_CURVE_P256)); + KMAppletInst.sendOutgoing(apdu, respPtr); + } + + /** + * This function generates an EC key pair with attest key as purpose and creates an encrypted key + * blob. It then generates a COSEMac message which includes the ECDSA public key. + */ + public void processGenerateRkpKey(APDU apdu) { + short arr = KMArray.instance((short) 1); + KMArray.add(arr, (short) 0, KMSimpleValue.exp()); + arr = KMAppletInst.receiveIncoming(apdu, arr); + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + // test mode flag. + boolean testMode = + (KMSimpleValue.TRUE == KMSimpleValue.getValue(KMArray.get(arr, (short) 0))); + KMAppletInst.generateRkpKey(scratchPad, getEcAttestKeyParameters()); + short pubKey = KMKeymasterDevice.getPubKey(); + short coseMac0 = constructCoseMacForRkpKey(testMode, scratchPad, pubKey); + // Encode the COSE_MAC0 object + arr = KMArray.instance((short) 3); + KMArray.add(arr, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(arr, (short) 1, coseMac0); + KMArray.add(arr, (short) 2, KMKeymasterDevice.getPivateKey()); + KMAppletInst.sendOutgoing(apdu, arr); + } + + public void processBeginSendData(APDU apdu) throws Exception { + try { + initializeDataTable(); + short arr = KMArray.instance((short) 3); + KMArray.add(arr, (short) 0, KMInteger.exp()); // Array length + KMArray.add(arr, (short) 1, KMInteger.exp()); // Total length of the encoded CoseKeys. + KMArray.add(arr, (short) 2, KMSimpleValue.exp()); + arr = KMAppletInst.receiveIncoming(apdu, arr); + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + // Generate ephemeral mac key. + short dataEntryIndex = createEntry(EPHEMERAL_MAC_KEY, MAC_KEY_SIZE); + seProvider.newRandomNumber(data, dataEntryIndex, MAC_KEY_SIZE); + // Initialize hmac operation. + initHmacOperation(); + // Partially encode CoseMac structure with partial payload. + constructPartialPubKeysToSignMac(scratchPad, + KMInteger.getShort(KMArray.get(arr, (short) 0)), + KMInteger.getShort(KMArray.get(arr, (short) 1))); + // Store the total keys in data table. + dataEntryIndex = createEntry(TOTAL_KEYS_TO_SIGN, SHORT_SIZE); + Util.setShort(data, dataEntryIndex, + KMInteger.getShort(KMArray.get(arr, (short) 0))); + // Store the test mode value in data table. + dataEntryIndex = createEntry(TEST_MODE, TEST_MODE_SIZE); + data[dataEntryIndex] = + (KMSimpleValue.TRUE == KMSimpleValue.getValue(KMArray.get(arr, (short) 2))) ? + TRUE : FALSE; + // Store the current csr status, which is BEGIN. + createEntry(GENERATE_CSR_PHASE, BYTE_SIZE); + updateState(BEGIN); + // Send response. + KMAppletInst.sendError(apdu, KMError.OK); + } catch (Exception e) { + clearDataTable(); + releaseOperation(); + throw e; + } + } + + public void processUpdateKey(APDU apdu) throws Exception { + try { + // The prior state can be BEGIN or UPDATE + validateState((byte) (BEGIN | UPDATE)); + validateKeysToSignCount(); + short headers = KMCoseHeaders.exp(); + short arrInst = KMArray.instance((short) 4); + KMArray.add(arrInst, (short) 0, KMByteBlob.exp()); + KMArray.add(arrInst, (short) 1, headers); + KMArray.add(arrInst, (short) 2, KMByteBlob.exp()); + KMArray.add(arrInst, (short) 3, KMByteBlob.exp()); + short arr = KMArray.exp(arrInst); + arr = KMAppletInst.receiveIncoming(apdu, arr); + arrInst = KMArray.get(arr, (short) 0); + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + + // Validate and extract the CoseKey from CoseMac0 message. + short coseKey = validateAndExtractPublicKey(arrInst, scratchPad); + // Encode CoseKey + short length = KMAppletInst.encodeToApduBuffer(coseKey, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + // Do Hmac update with input as encoded CoseKey. + ((KMOperation) operation[0]).update(scratchPad, (short) 0, length); + // Increment the count each time this function gets executed. + // Store the count in data table. + short dataEntryIndex = getEntry(KEYS_TO_SIGN_COUNT); + if (dataEntryIndex == 0) { + dataEntryIndex = createEntry(KEYS_TO_SIGN_COUNT, SHORT_SIZE); + } + length = Util.getShort(data, dataEntryIndex); + Util.setShort(data, dataEntryIndex, ++length); + // Update the csr state + updateState(UPDATE); + // Send response. + KMAppletInst.sendError(apdu, KMError.OK); + } catch (Exception e) { + clearDataTable(); + releaseOperation(); + throw e; + } + } + + public void processUpdateEekChain(APDU apdu) throws Exception { + try { + // The prior state can be BEGIN or UPDATE + validateState((byte) (BEGIN | UPDATE)); + short headers = KMCoseHeaders.exp(); + short arrInst = KMArray.instance((short) 4); + KMArray.add(arrInst, (short) 0, KMByteBlob.exp()); + KMArray.add(arrInst, (short) 1, headers); + KMArray.add(arrInst, (short) 2, KMByteBlob.exp()); + KMArray.add(arrInst, (short) 3, KMByteBlob.exp()); + short arrSignPtr = KMArray.exp(arrInst); + arrInst = KMAppletInst.receiveIncoming(apdu, arrSignPtr); + if (KMArray.length(arrInst) == 0) { + KMException.throwIt(KMError.STATUS_INVALID_EEK); + } + // Re-purpose the apdu buffer as scratch pad. + byte[] scratchPad = apdu.getBuffer(); + // Validate eek chain. + short eekKey = validateAndExtractEekPub(arrInst, scratchPad); + // Store eek public key and eek id in the data table. + short eekKeyId = KMCoseKey.cast(eekKey).getKeyIdentifier(); + short dataEntryIndex = createEntry(EEK_KEY_ID, KMByteBlob.length(eekKeyId)); + Util.arrayCopyNonAtomic( + KMByteBlob.getBuffer(eekKeyId), + KMByteBlob.getStartOff(eekKeyId), + data, + dataEntryIndex, + KMByteBlob.length(eekKeyId) + ); + // Convert the coseKey to a public key. + short len = KMCoseKey.cast(eekKey).getEcdsa256PublicKey(scratchPad, (short) 0); + dataEntryIndex = createEntry(EEK_KEY, len); + Util.arrayCopyNonAtomic(scratchPad, (short) 0, data, dataEntryIndex, len); + // Update the state + updateState(UPDATE); + KMAppletInst.sendError(apdu, KMError.OK); + } catch (Exception e) { + clearDataTable(); + releaseOperation(); + throw e; + } + } + + public void processUpdateChallenge(APDU apdu) throws Exception { + try { + // The prior state can be BEGIN or UPDATE + validateState((byte) (BEGIN | UPDATE)); + short arr = KMArray.instance((short) 1); + KMArray.add(arr, (short) 0, KMByteBlob.exp()); + arr = KMAppletInst.receiveIncoming(apdu, arr); + // Store the challenge in the data table. + short challenge = KMArray.get(arr, (short) 0); + short dataEntryIndex = createEntry(CHALLENGE, KMByteBlob.length(challenge)); + Util.arrayCopyNonAtomic( + KMByteBlob.getBuffer(challenge), + KMByteBlob.getStartOff(challenge), + data, + dataEntryIndex, + KMByteBlob.length(challenge) + ); + // Update the state + updateState(UPDATE); + KMAppletInst.sendError(apdu, KMError.OK); + } catch (Exception e) { + clearDataTable(); + releaseOperation(); + throw e; + } + } + + // This function returns pubKeysToSignMac, deviceInfo and partially constructed protected data + // wrapped inside byte blob. The partial protected data contains Headers and encrypted signedMac. + public void processFinishSendData(APDU apdu) throws Exception { + try { + // The prior state should be UPDATE. + validateState(UPDATE); + byte[] scratchPad = apdu.getBuffer(); + if (data[getEntry(TOTAL_KEYS_TO_SIGN)] != data[getEntry(KEYS_TO_SIGN_COUNT)]) { + // Mismatch in the number of keys sent. + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + // PubKeysToSignMac + byte[] empty = {}; + short len = + ((KMOperation) operation[0]).sign(empty, (short) 0, + (short) 0, scratchPad, (short) 0); + // release operation + releaseOperation(); + short pubKeysToSignMac = KMByteBlob.instance(scratchPad, (short) 0, len); + // Create DeviceInfo + short deviceInfo = createDeviceInfo(scratchPad); + // Generate Nonce for AES-GCM + seProvider.newRandomNumber(scratchPad, (short) 0, + KMKeymasterDevice.AES_GCM_NONCE_LENGTH); + short nonce = KMByteBlob.instance(scratchPad, (short) 0, + KMKeymasterDevice.AES_GCM_NONCE_LENGTH); + // Initializes cipher instance. + initAesGcmOperation(scratchPad, nonce); + // Encode Enc_Structure as additional data for AES-GCM. + processAesGcmUpdateAad(scratchPad); + short partialPayloadLen = processSignedMac(scratchPad, pubKeysToSignMac, deviceInfo); + short partialCipherText = KMByteBlob.instance(scratchPad, (short) 0, partialPayloadLen); + short coseEncryptProtectedHeader = getCoseEncryptProtectedHeader(scratchPad); + short coseEncryptUnProtectedHeader = getCoseEncryptUnprotectedHeader(scratchPad, nonce); + len = KMAppletInst.encodeToApduBuffer(deviceInfo, scratchPad, + (short) 0, MAX_COSE_BUF_SIZE); + short encodedDeviceInfo = KMByteBlob.instance(scratchPad, (short) 0, len); + updateState(FINISH); + short arr = KMArray.instance((short) 7); + KMArray.add(arr, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(arr, (short) 1, pubKeysToSignMac); + KMArray.add(arr, (short) 2, encodedDeviceInfo); + KMArray.add(arr, (short) 3, coseEncryptProtectedHeader); + KMArray.add(arr, (short) 4, coseEncryptUnProtectedHeader); + KMArray.add(arr, (short) 5, partialCipherText); + KMArray.add(arr, (short) 6, KMInteger.uint_8(MORE_DATA)); + KMAppletInst.sendOutgoing(apdu, arr); + } catch (Exception e) { + clearDataTable(); + releaseOperation(); + throw e; + } + } + + public void processGetResponse(APDU apdu) throws Exception { + try { + // The prior state should be FINISH. + validateState((byte) (FINISH | GET_RESPONSE)); + byte[] scratchPad = apdu.getBuffer(); + short len = 0; + short recipientStructure = KMArray.instance((short) 0); + byte moreData = MORE_DATA; + byte state = getCurrentOutputProcessingState(); + switch (state) { + case START_PROCESSING: + case PROCESSING_BCC_IN_PROGRESS: + len = processBcc(scratchPad); + updateState(GET_RESPONSE); + break; + case PROCESSING_BCC_COMPLETE: + case PROCESSING_ACC_IN_PROGRESS: + len = processAdditionalCertificateChain(scratchPad); + updateState(GET_RESPONSE); + break; + case PROCESSING_ACC_COMPLETE: + recipientStructure = processRecipientStructure(scratchPad); + len = processFinalData(scratchPad); + moreData = NO_DATA; + releaseOperation(); + clearDataTable(); + break; + default: + KMException.throwIt(KMError.INVALID_STATE); + } + short data = KMByteBlob.instance(scratchPad, (short) 0, len); + short arr = KMArray.instance((short) 4); + KMArray.add(arr, (short) 0, KMInteger.uint_16(KMError.OK)); + KMArray.add(arr, (short) 1, data); + KMArray.add(arr, (short) 2, recipientStructure); + // represents there is more output to retrieve + KMArray.add(arr, (short) 3, KMInteger.uint_8(moreData)); + KMAppletInst.sendOutgoing(apdu, arr); + } catch (Exception e) { + clearDataTable(); + releaseOperation(); + throw e; + } + } + + public void process(short ins, APDU apdu) throws Exception { + switch (ins) { + case KMKeymasterDevice.INS_GET_RKP_HARDWARE_INFO: + processGetRkpHwInfoCmd(apdu); + break; + case KMKeymasterDevice.INS_GENERATE_RKP_KEY_CMD: + processGenerateRkpKey(apdu); + break; + case KMKeymasterDevice.INS_BEGIN_SEND_DATA_CMD: + processBeginSendData(apdu); + break; + case KMKeymasterDevice.INS_UPDATE_KEY_CMD: + processUpdateKey(apdu); + break; + case KMKeymasterDevice.INS_UPDATE_EEK_CHAIN_CMD: + processUpdateEekChain(apdu); + break; + case KMKeymasterDevice.INS_UPDATE_CHALLENGE_CMD: + processUpdateChallenge(apdu); + break; + case KMKeymasterDevice.INS_FINISH_SEND_DATA_CMD: + processFinishSendData(apdu); + break; + case KMKeymasterDevice.INS_GET_RESPONSE_CMD: + processGetResponse(apdu); + break; + default: + ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED); + } + } + + private boolean isAdditionalCertificateChainPresent() { + byte[] data = rkpStoreDataInst.getData(KMDataStoreConstants.ADDITIONAL_CERT_CHAIN); + return (Util.getShort(data, (short) 0) == 0 ? false : true); + } + + private short processFinalData(byte[] scratchPad) { + // Call finish on AES GCM Cipher + byte[] empty = {}; + short len = + ((KMOperation) operation[0]).finish(empty, (short) 0, (short) 0, scratchPad, (short) 0); + return len; + } + + private byte getCurrentOutputProcessingState() { + short index = getEntry(RESPONSE_PROCESSING_STATE); + if (index == 0) { + return START_PROCESSING; + } + return data[index]; + } + + private void updateOutputProcessingState(byte state) { + short dataEntryIndex = getEntry(RESPONSE_PROCESSING_STATE); + data[dataEntryIndex] = state; + } + + + private short getHmacKey(boolean testMode, byte[] scratchPad) { + short macKey = KMByteBlob.instance(MAC_KEY_SIZE); + Util.arrayFillNonAtomic(KMByteBlob.getBuffer(macKey), + KMByteBlob.getStartOff(macKey), MAC_KEY_SIZE, (byte) 0); + if (!testMode) { + Util.arrayFillNonAtomic(scratchPad, (short) 0, (short) (2 * MAC_KEY_SIZE), (byte) 0); + short len = + seProvider.hkdf( + scratchPad, //ikm + (short) 0, // ikm offset + MAC_KEY_SIZE, // ikm size + scratchPad, // salt + MAC_KEY_SIZE, // salt offset + MAC_KEY_SIZE, // salt length + KMCose.MAC_DERIVE_KEY_CTX, + (short) 0, + (short) KMCose.MAC_DERIVE_KEY_CTX.length, + KMByteBlob.getBuffer(macKey), + KMByteBlob.getStartOff(macKey), + MAC_KEY_SIZE + ); + if (len != MAC_KEY_SIZE) { + KMException.throwIt(KMError.INVALID_MAC_LENGTH); + } + } + return macKey; + } + + /** + * Validates the CoseMac message and extracts the CoseKey from it. + * + * @param coseMacPtr CoseMac instance to be validated. + * @param scratchPad Scratch buffer used to store temp results. + * @return CoseKey instance. + */ + private short validateAndExtractPublicKey(short coseMacPtr, byte[] scratchPad) { + boolean testMode = (TRUE == data[getEntry(TEST_MODE)]) ? true : false; + // Exp for KMCoseHeaders + short coseHeadersExp = KMCoseHeaders.exp(); + // Exp for coseky + short coseKeyExp = KMCoseKey.exp(); + // Get the mackey. + short macKey = getHmacKey(testMode, scratchPad); + + // validate protected Headers + short ptr = KMArray.get(coseMacPtr, KMCose.COSE_MAC0_PROTECTED_PARAMS_OFFSET); + ptr = decoder.decode(coseHeadersExp, KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr), KMByteBlob.length(ptr)); + + if (!KMCoseHeaders.cast(ptr).isDataValid(KMCose.COSE_ALG_HMAC_256, KMType.INVALID_VALUE)) { + KMException.throwIt(KMError.STATUS_FAILED); + } + + // Validate payload. + ptr = KMArray.get(coseMacPtr, KMCose.COSE_MAC0_PAYLOAD_OFFSET); + ptr = decoder.decode(coseKeyExp, KMByteBlob.getBuffer(ptr), + KMByteBlob.getStartOff(ptr), KMByteBlob.length(ptr)); + + if (!KMCoseKey.cast(ptr).isDataValid(KMCose.COSE_KEY_TYPE_EC2, KMType.INVALID_VALUE, + KMCose.COSE_ALG_ES256, KMType.INVALID_VALUE, KMCose.COSE_ECCURVE_256)) { + KMException.throwIt(KMError.STATUS_FAILED); + } + + boolean isTestKey = KMCoseKey.cast(ptr).isTestKey(); + if (isTestKey && !testMode) { + KMException.throwIt(KMError.STATUS_TEST_KEY_IN_PRODUCTION_REQUEST); + } else if (!isTestKey && testMode) { + KMException.throwIt(KMError.STATUS_PRODUCTION_KEY_IN_TEST_REQUEST); + } + + // Compute CoseMac Structure and compare the macs. + short macStructure = + kmCoseInst.constructCoseMacStructure(KMArray.get(coseMacPtr, + KMCose.COSE_MAC0_PROTECTED_PARAMS_OFFSET), + KMByteBlob.instance((short) 0), + KMArray.get(coseMacPtr, KMCose.COSE_MAC0_PAYLOAD_OFFSET)); + short encodedLen = KMAppletInst.encodeToApduBuffer(macStructure, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + + short hmacLen = seProvider.hmacSign(KMByteBlob.getBuffer(macKey), + KMByteBlob.getStartOff(macKey), + (short) 32, scratchPad, (short) 0, encodedLen, scratchPad, encodedLen); + + if (hmacLen != KMByteBlob.length(KMArray.get(coseMacPtr, KMCose.COSE_MAC0_TAG_OFFSET))) { + KMException.throwIt(KMError.STATUS_INVALID_MAC); + } + + if (0 != Util.arrayCompare(scratchPad, encodedLen, + KMByteBlob.getBuffer(KMArray.get(coseMacPtr, KMCose.COSE_MAC0_TAG_OFFSET)), + KMByteBlob.getStartOff(KMArray.get(coseMacPtr, KMCose.COSE_MAC0_TAG_OFFSET)), + hmacLen)) { + KMException.throwIt(KMError.STATUS_INVALID_MAC); + } + return ptr; + } + + + /** + * This function validates the EEK Chain and extracts the leaf public key, which is used to + * generate shared secret using ECDH. + * + * @param eekArr EEK cert chain array pointer. + * @param scratchPad Scratch buffer used to store temp results. + * @return CoseKey instance. + */ + private short validateAndExtractEekPub(short eekArr, byte[] scratchPad) { + short leafPubKey = 0; + try { + leafPubKey = KMAppletInst.validateCertChain( + (TRUE == data[getEntry(TEST_MODE)]) ? false : true, // validate EEK root + KMCose.COSE_ALG_ES256, + KMCose.COSE_ALG_ECDH_ES_HKDF_256, + eekArr, + scratchPad, + authorizedEekRoots + ); + } catch (KMException e) { + KMException.throwIt(KMError.STATUS_INVALID_EEK); + } + return leafPubKey; + } + + private void validateKeysToSignCount() { + short index = getEntry(KEYS_TO_SIGN_COUNT); + short keysToSignCount = 0; + if (index != 0) { + keysToSignCount = Util.getShort(data, index); + } + if (Util.getShort(data, getEntry(TOTAL_KEYS_TO_SIGN)) <= keysToSignCount) { + // Mismatch in the number of keys sent. + ISOException.throwIt(ISO7816.SW_CONDITIONS_NOT_SATISFIED); + } + } + + private void validateState(byte expectedState) { + short dataEntryIndex = getEntry(GENERATE_CSR_PHASE); + if (0 == (data[dataEntryIndex] & expectedState)) { + KMException.throwIt(KMError.INVALID_STATE); + } + } + + private void updateState(byte state) { + short dataEntryIndex = getEntry(GENERATE_CSR_PHASE); + if (dataEntryIndex == 0) { + KMException.throwIt(KMError.INVALID_STATE); + } + data[dataEntryIndex] = state; + } + + + /** + * This function constructs a Mac Structure, encode it and signs the encoded buffer with the + * ephemeral mac key. + */ + private void constructPartialPubKeysToSignMac(byte[] scratchPad, short arrayLength, + short encodedCoseKeysLen) { + short ptr; + short len; + short headerPtr = kmCoseInst.constructHeaders( + KMInteger.uint_8(KMCose.COSE_ALG_HMAC_256), + KMType.INVALID_VALUE, + KMType.INVALID_VALUE, + KMType.INVALID_VALUE); + // Encode the protected header as byte blob. + len = KMAppletInst.encodeToApduBuffer(headerPtr, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + short protectedHeader = KMByteBlob.instance(scratchPad, (short) 0, len); + // create MAC_Structure + ptr = + kmCoseInst.constructCoseMacStructure(protectedHeader, + KMByteBlob.instance((short) 0), KMType.INVALID_VALUE); + // Encode the Mac_structure and do HMAC_Sign to produce the tag for COSE_MAC0 + len = KMAppletInst.encodeToApduBuffer(ptr, scratchPad, (short) 0, + MAX_COSE_BUF_SIZE); + // Construct partial payload - Bstr Header + Array Header + // The maximum combined length of bstr header and array header length is 6 bytes. + // The lengths will never exceed Max SHORT value. + short arrPtr = KMArray.instance(arrayLength); + for (short i = 0; i < arrayLength; i++) { + KMArray.add(arrPtr, i, KMType.INVALID_VALUE); + } + arrayLength = encoder.getEncodedLength(arrPtr); + short bufIndex = repository.alloc((short) 6); + short partialPayloadLen = + encoder.encodeByteBlobHeader((short) (arrayLength + encodedCoseKeysLen), + repository.getHeap(), + bufIndex, (short) 3); + + partialPayloadLen += + encoder.encode(arrPtr, repository.getHeap(), (short) (bufIndex + partialPayloadLen)); + Util.arrayCopyNonAtomic(repository.getHeap(), bufIndex, scratchPad, len, partialPayloadLen); + ((KMOperation) operation[0]).update(scratchPad, (short) 0, (short) (len + partialPayloadLen)); + } + + private short createSignedMac(KMDeviceUniqueKey deviceUniqueKey, byte[] scratchPad, + short deviceMapPtr, short pubKeysToSign) { + // Challenge + short dataEntryIndex = getEntry(CHALLENGE); + short challengePtr = KMByteBlob.instance(data, dataEntryIndex, getEntryLength(CHALLENGE)); + // Ephemeral mac key + dataEntryIndex = getEntry(EPHEMERAL_MAC_KEY); + short ephmeralMacKey = + KMByteBlob.instance(data, dataEntryIndex, getEntryLength(EPHEMERAL_MAC_KEY)); + + /* Prepare AAD */ + short aad = KMArray.instance((short) 3); + KMArray.add(aad, (short) 0, challengePtr); + KMArray.add(aad, (short) 1, deviceMapPtr); + KMArray.add(aad, (short) 2, pubKeysToSign); + aad = KMAppletInst.encodeToApduBuffer(aad, scratchPad, + (short) 0, MAX_COSE_BUF_SIZE); + aad = KMByteBlob.instance(scratchPad, (short) 0, aad); + + /* construct protected header */ + short protectedHeaders = kmCoseInst.constructHeaders( + KMNInteger.uint_8(KMCose.COSE_ALG_ES256), + KMType.INVALID_VALUE, + KMType.INVALID_VALUE, + KMType.INVALID_VALUE); + protectedHeaders = KMAppletInst.encodeToApduBuffer(protectedHeaders, scratchPad, + (short) 0, MAX_COSE_BUF_SIZE); + protectedHeaders = KMByteBlob.instance(scratchPad, (short) 0, protectedHeaders); + + /* construct cose sign structure */ + short signStructure = + kmCoseInst.constructCoseSignStructure(protectedHeaders, aad, ephmeralMacKey); + signStructure = KMAppletInst.encodeToApduBuffer(signStructure, scratchPad, + (short) 0, MAX_COSE_BUF_SIZE); + short len = + seProvider.ecSign256( + deviceUniqueKey, + scratchPad, + (short) 0, + signStructure, + scratchPad, + signStructure + ); + signStructure = KMByteBlob.instance(scratchPad, signStructure, len); + + /* Construct unprotected headers */ + short unprotectedHeader = KMArray.instance((short) 0); + unprotectedHeader = KMCoseHeaders.instance(unprotectedHeader); + + /* construct Cose_Sign1 */ + return kmCoseInst.constructCoseSign1(protectedHeaders, unprotectedHeader, + ephmeralMacKey, signStructure); + } + + + private KMDeviceUniqueKey createDeviceUniqueKey(boolean testMode, byte[] scratchPad) { + KMDeviceUniqueKey deviceUniqueKey; + short[] lengths = {0, 0}; + if (testMode) { + seProvider.createAsymmetricKey( + KMType.EC, + scratchPad, + (short) 0, + (short) 128, + scratchPad, + (short) 128, + (short) 128, + lengths); + rkpStoreDataInst.createDeviceUniqueKey(true, scratchPad, (short) 128, lengths[1], + scratchPad, (short) 0, lengths[0]); + deviceUniqueKey = + rkpStoreDataInst.getDeviceUniqueKey(true); + } else { + deviceUniqueKey = rkpStoreDataInst.getDeviceUniqueKey(false); + } + return deviceUniqueKey; + } + + /** + * DeviceInfo is a CBOR Map structure described by the following CDDL. + *

    fac0hW95L6tN!|Df{XjoZ5K@(8vgf;l16zPb3bgK{e zVWEJ}ug&^@0Hv~=)PMYL9|buDK*s1JBUBF@Szu%&%ZnNH7Qa2sK-QwC2r1xVDhQ*F zs=TaTcN%^6WoIBM0>aN<;3FqkZx2Z3Sm$Ck$NBiO}au$Utj(+rjvgA zutSjqaaL>Wr#5$W`y8_#%n5ZxIQ*80#1D)Xo-DEYdlIUQv2(T-cL@-Lxa5j1YrzrYyuvfh?G>#&r zMvc@x{}bwA3h`K$pV0%z2v?qD#x<(g$){|@>pD08aVgj~N;>I~5OHab+_{S%mm|u^ z=~)c`)IfjRQo{IqsHvD5yE<9Ac>IUbLK4OS_jSY}^H)>_kko{C0TC1e@O*cm#j3W# zOC@xqZ!AC8N+W5hKp&NReD5yVrloG|KQOF&$b1>|V`s5HXQ%>lfQJJv72z(VhkMwv zl^i-@f;=C9f-%n-6^&|{`4p8?p@8m>NO|e)DEh>s)P=>&flMg3aiH+F>Ie-Ou5T7@ zpx!I?Jr>?_g6pZUEmcN^wC&s(65%-OGwj1`Dzni80-+oG9o)x0${?tP2al zKT3%{y_1np*?H`>OeBjBghd<<1ajr&@;<*N>ZNw#AG97mW}+vw?{5y*2^<%FQjhj{ za*G~~A4F5li%bCNL}<76rmAj3U6c_A;{S0y<6(;GwFBs~@VC1BMdIxIXD;_2I{e#V z{JaM6m%}iC9G~bO9wr1*F3n9!ds}&)o1BuN(>u{UHr%bPn4FuXrE`*~nRt*sG)!2y z88pB<1oT$XdYn=mod2EE{^QC@e>-Y0kYtyiCDdPyhIM}z2Pns16<}fhIOMz#v3MK+ zj$OZXF#ki|@aG}_dCQ8EQUF{NLWXoLEnh>2(Ccv4;CXID#_P=622D3h!v-dyr4aTe z=CRT}(#cB__GA-;V7?U->P>t*d43DPi zA>$iK)vovHqv6i#fG_4w0OG>8{Z}IO6hbHKCg%)?NYE2@( zdzl-kk;SgnyrWokP@S)aEuA!1juq_N10iZbJ|&qbnr3=*p|rW*9Yz_(y9*#7KpwW? z;h`YY46#CDt`;XG&==qAK*As@t{Lk!z-<%q-ddC8y{Wrc36eu);f6Yj55YB%TD^+i zN7fOfCx3(AlDxruB^-#6@D{l}T1V;vTE0La${NLY~eF zcZPUwYhIxzTeAR#?=jAbX(ZJW09MZ5g7p_{m5PO-lj+Y&RqEp4=|72U8`1p*v;S74 zg8o;L>ci{~paa&7T^yVo9332B8sC4~JgYa0%y)SG7Gl4!qd%Hy{)w#EKkx5FmevGH z+7(N!(=l;!7rvazW4g>GzZjqn<)$3N;kCp;ha>9NIQ8uaS zV{D!OXe_ceGemC2NO+i&uBy+Ak`A!2dv zQ)kt%PFg?5?@(&W;J_}arJ8SL2=T#849U4v+X{-k6~aI;t#Ju{C1x~Ad)2bhf_Ysk zChc37R>YZ~Po3l-SsY-fUoDYBu5PtKBn;khS@xKj@dOXEzdJfZ%I>EBs%ybgKcv$Umh1cMJhE(uMrQ zI6rO8690QA-O2l`03A}b{~!D3+WmqRaskFZ|67Cq#h9hPH=1{-$=Tzmq4G`UAS}ym zk$z!yJPl5*id_v{ZpO4w&XX64F+nEHlq{y@ZloAt{ko8iCDI%Cf=DY!C<>No(`u+D z`o3|?dWucJU%wk3QJHAv){NOvq-`MT_KfGY(`%ybHrD$k_xucqatkdq!g|n4yw4#c z1Z~J7^V~h_OYd^doN^DQcuU1urm)+Q61{X6|tsXB`k<2=8Ai?%U6;n zs*`jGn~0&v@r+}H9@eR&@s+&dk0&|9_ww#ZL_K0o**bd>5-Vj~p{Lkz^1OK)7b0Nq z>{@dc)$>nx?ZQ_)I-IH{>tN#i(eGf$8PmIwiVnppXAHu1sAgzJbhKU@8WhP}WmFF3 zUCH@NkJf8+u!UY;2u0yN1kPJ($MD5B5rd+HUm{bvPJw>Z#PBHc9H{4Nx2g9ePjEDg z)07P}q#Ry7!;a8p;Wtx4TN-SAt$WPrlKQ1KEkN=KR^N>B&D;%e zY441q{TLjR+WK+W7I-AG;bB?Bw0Ei0!kgk5My=6MW2`T!ueV`DYK<26jH+}wvVpKF zJ;jZm6>Nw#!n4Two%*6etyZ!8HV1!a8+&Mi=iSA_;u073Pg7 z6+O*QLGNsWY#D8sRd8pTL~OE@bU#)`CHD>ti`<7k;6u; zkjgbA&drCG9ygNOL;F%;A@$ir?i)772#r2nV%TRK&O?Hs>IcKFqPur~ifm#kU4hiL zB9S($vnKCFrPkI~BhKbGbfrK5740LjX@`)-1i(Jz+JRvKf-w(gz~xc z;kOzhtOnpue8L6cad}}6bqpKaqaRo=mDv6mv}O*l!}_4+?pCUPnA*d;k6%MUUM)8NT_=_(GiP@gfW559H*FD zd1?X#R_r~~i{Zv+86(mCe(N{0=lz!uKKy>6>sHd$TR%8#3qc572*7(D>)(zGLfDXr{5qXrXpkd=elRp_;D*h*)(L5jlJfwbSZ@pwKb}o)*G0FzQ`ch zKeKXhL>0MLlsw5uZ#)FyQy8)YlANRaM92Cj{@MDW11Mt;k6~J^{$P6KlkkNyS?g8l z^?{5keE6p>o2TfJ3IaRjo(7O8M$ZY+K$`rj8jL_)od%>ecf^?a;K}`ASv8*Q$y=Qh zmqZzes^GYx4%2kga^3{3ci1!JZxGDhqn4vHqd!#7ZYspTWu~`snP**iE=NXO;Za-& z2G3xWxsDZ2+Q>6q>25}+Z9d2|FR?#ZFTwZ>Ht{`6K>boW_8D+~q2C57!kRQNYc-&NCd;1F2Eo&>1Nz& zcc@+65c)SzBvS|%nbEBi34{?J`?5ObJ3rKY<-a~1+OGnVPD8?6OsFbObnLVBdXMrj z(y6`pb=IzJrk)5C+;t7kqTy+*FxhuP24#fuL(Df=lcV6T+q6I36w zX~&O6-wNJ}2;3x*1*qn0o(Bc#L7;yFrNzUjhN=44pjAU3{}T58O;?I&+->r_^dn_G z6XmC-U9!<0_5Q%ql6<6_3gmdV0<89Ri8e2eYUjoyi_XcN|kJAqt*u3_Hem8ynC-Bj=hRViD`mjF28~Q zE!EdjJTltE63o`~2R)4)L*WQmqUgwvXN-(hV5<^xa}!xpj>+Z2Y@lQti= z4@}zw%3%M|u$R%i4vh22MS_4w_~l!OG)b?;{B5ymyr z%7mdF;L2_A^b)LW;?Jc6Ik0v}5z|H+cA`eV& zpazAwr}j2EWk_mfqg}XABJR22&55PAkTLrXm)vr}XB-lW6f%T3hmDZr`m$QO757t3 z-CRd+T}Iik(p2)!DT_CkR`x_HwI3%=?l|@&p`oGN*4=dq_m9<^1UCBCDo`ok586U+ z;^}uL@ulQ{BRJbr6LzJz+d{T)17IP zK?Y{4Q}G5U!5~E=R@Y!t6p8{|B?^;9-31W7G%lS^wHM9HrTy(FS~sMv@P4;^G|TRC z%|-;YiNwA{=S&_(D+G%7@}{OL8ywAnKHS*xOLJQUJJ1b)TVWTy*sOSKuU3NLtl` zm{voq%iM>v$Ze@EQ!}BTUK|Y|y?-1#{o;!D1K`-uzdiPUyr=!QV=FpYx*58d{&o7l zuQ0Fv{XOm0?9Oz-SfaEKMx1}aSZ#lz>iMknf4`^w!7zw}W65R@f78Um>aR(MOEob! zF`$yCi!d-Tm=AY@hW`v}Y@*n&da9%PS~2llDQxMN-w-@_KCdPw)QD4vQd>L7cpD~jw17={fp zFhyD|{2nhrA=Y`_9U<89$t2-zy0pfvpc%C^3cTLwSG3RAo3{hZ43+x#K47a$FP4T# z*anQXnE7BZ!TD~obrnhSbT!se7<{&nPXrL5-9IS(fxWqo@7Ra=?YaM>_vCNvs|fuT z{C_`$`%Cq24Tk;;{lx#Jd@R|DALu8o#)eNd{W<#2{#WQnNdF!B&)xlUY5_t3|E&;y z;Q#xN)x|2LnCTXln9v2p$S_G#bTn!+q7gznbC_>{ z@S!(n-wD@TT#f91Td{sPe%MCoCi@nAmeo-czRS|JF=dTEI!zEq-tHn8EU$KhVMFy8 z_LeKIC)4 zg~~r)eY(cbm>XaD!UCOH{R(EzN;_C?fiSBqySTP&7+oi*-pXXT+6}hWI=)ee+X`Lv z%&<$Hi*Yz#C>GYqCZ67t%_(rE3-s>Q_bZ6^x~&W*0Ab3%C9!{wGBJ_gTG~%grm_ED zhW6hm`&pQQGW);wvQQ=tJ;hOrm{@6;n*M1q0U!qgxTz&|eN$Qcmb^Q!|b4`F>XyJ7=*pGPbU0BSvkVQA76)KNv z_5Y#l9ia2vn)l&0R%6??)7Z8eH@0mXjcq%PZ8m7w*tXr^d)jl}gZDkB|L?a}pVf5r z$-VA9GkedqXRev)H+UqWL=)QoX3ne6c+oqiVsp|%2y-eKvo5h;c*|!KW<=W5>j*EL zhqAHN!KD06X0MhTjWc6+s-I}%+3mb_w8k(~f@Vg#P!L_438~=24TXL+oFvW*h%3d` zCh4=qhgfgaA|nh?kTXPbYyoK2(J8KcL#&T=k!~!d@1SurCs5X)K_DwpvGcF^b~3|s$WRq+z`3$fuH0z^QFzZ z;2d<5S6r`F+cFyOl2qTg&l4YOYc#5iL!AU6x9jeg%5N<@Cz!jQwtuDzh)*Pv(G(S{ z_dE!f;gx$IBKOKEE1H@;XdrMqu`@shRVX@RJ4 z%MH%b@vIturnyEgKL(Q7_gwhM)MLCjuojXR#4G6%W))q#ehl`+uA|Lo;h%TZ6re(J z@?CHyzg$E%0t+PQpnUD)Q1li#HC>hq^yOj`wxI}8yk;MmYCiYh67Dwl8m~s08)iG7~RiLdily z3EDzNe%rP3GatfjR*Sr^D3>C?f8#~ImE9+R$+qCinYQN6gqKyu;v<<35BBMHVYh)Y zsOLd(r^k-{mX@8a$~_rIokD{%Mq0*$!cRBOM2wAC+f7@v9lFQcPD)#yo3tSY4=~ITqgpO<88_3_S57951_Md?3osV>1r1 zT-zGTEBFM+N1M(fSxT8?Dbl#pMYVmm-$9Ehi=gKZ%Vs8# zig{R<9LgJ~|J2dNsO0ry@4FWnB*y}l_5+UpdqVG@{Ul&%{Kj^Me<9slDri|F@*{IA zHsHrkC3-ECD%X7jEi1dIHmjljAYL8&F{A=6P4|5_pfNyV0mZ9CR;tM++_@;m8MS!p z1kdp(pzm6```PjH_p>>?H`eE=x<%vT&FdQ}4Dou%?(X@X}X85V!R*fVmXlW zjTvk35Nt;)tKAl5rZU_tMP-HODSzHIXl&{DxQdK2-Ds%HhEXzz;Cc2UW1m}4g3kGJ zzRL&}^OVsf%$WROERAjsD#IRE+^x&sE|{4OMTH$#i2qq&h<_Wz3+#@kS{;|=lRa&Qc>@%M#<_rC1M>I^U+fAK^B*zy#*Dg5(U*o2z z=*mgeo}4WV!b)R_g>x_~u-2Ip?Toq?=3s6v{h`YvO6W_%*qm`KMF98qAoL(c> zoW0xCqzc`_;!VG9A9W927sEGE^ic1EKdA$I_Su3e8+a;+S(UFe9#UPmSS)Bs`Th5& zui4JtuM<9!VN~$FvGZ*7yD%mS9a0mi>B~FN=hZtwRE=K}`fYYtTh$3n>S^aRyIYTY zNA(J_-KK|PW0d8ztcFG`D4W^n*h&~#zovBB+O;jtGaFAzmoc!8r7YAb`?2nGu^&#S z6Y+NzHbXa8qSTcH;AZ81ohK=z+$jUC-?tn8JgsaJ<+iOz0D9^XnVrCaLt#RX+7;Cp zeI=s*Ht^;iTiTBmZ8$=}Dh+hyk+o&nF&v?y)uFCJq%QELX@phqTe@CgTLW}UK^>)Y zo65w%6BqTib4E4|2}|?Rjh`8#dUY8t&&0uwFyeoY}Pd$`ZRynJa9Bs8Jn zQnhLmkDIB@t_={ScCaVVn0N4^MSYJ2lgr9};e*s;_h>W8NNKc){L-$#LE`?VeQC8O zN;^UPj#hj;{9MSlO_xocpj)>WO=;44x5(?H8tNrvdxfjS%t{(ps0Y^^!Sz17y*v%Y zN4ombyDJ7nk%gi2K8|8o3uxyCQBwPC8`_#0k_w^|JjIcc54OUmL&J1LpK9%z4^L@1 z^9>CWPo1vC4y1(_r=d-obC;IL97h<|C`nHa>(2a|{E(~L8<92*OPe&ZY?>)gj}m04 zlg9Mi_h>POpoEtun>8v6BoNLHXMoEMbz7OB*`PnSkO(?EK}x12b9B;rwwj;{M}M*1 z*V2OJIOogsZD-S&nfUImO!1>G%%J z-3H|35Z|MEqyCUyU>x?S<7&Y6+Jh?zB=b0i$ybV{%}r{EO|XriXJPim>$Tfb5L5^M zE*oPj3Ok~~%>XakxO-sCk=afNb_@kTd**EaChO^rBc zPkfDSST(pdAxE(#QRJZGjh+3_CoGYq34&{Q_9PTRvpJ~JLLBK7&pIrXQrlutKs9Bi zVM{euFnY~IrImoCNXRu$j-*vPRW?=JCuH@Banf9+<;Cgyx;)uqLV|XZ2u^>bT}vlF zth6X95Ogg<+i)%$awwjRbPj!9RllPnG23a3zu$1tPTrIfGgg^a=)EQ-vTS6a-qpG4 zhJ@7SNUFQYuAFZ$;)a|Bb$mn+sa}lFQ}moYGcHC-R!RtQZLFC$C2}S%?AW0c4!I#p z)2`o)A0g4vm#l4B+8Q5KdTq!C#!3)XKr6*LdTr23Lrrk)u_oNMAY0(37+a*K6kF&Q z4GcgVD2yu5D*ZOxHeXwC7osic^|6RXA8TC?Di^9P%k`58XCG^Q4^9^{eXOQ9TeSJF z^KV!Co3NI9UD%qEZ1L{3BJO<7K0aBUXGE+4ua3+^o*EwmwPKjBx1yf`yQ9PToEdRJ z;OcR~;OcTg-BLbWYm;PoNbo!)ctDXq)aiUFVj#(aC4X@E6f3(W!Goi8c>wsrsp92< zC*WTSmlVa@)87H#rFdY@*;Y&@wa0$DHhxd<5@w6+5pcoGKHvg|ZJhpQoYCt|x&ars z3_~V3o}mZK6aE(HxnKnE8?WRGqIEdN7x?=o#IxXpd!F3B+M)Zr^-l~uZ@rWjvIfz4 zVR^pXZ>^J|djma*8}jn@-%qcP)ANA7P;ZUrzBw7H(w=- zhkBZswXj8BQLeMZr%4uGAs>sT9E5MZ!(Kv}wZ3URV}Fh=RCT-u#UBv$^XN;0EG9sL z-$YcxuUuj;mz{Rx*rA)OlAS)Pc{RVL8PRoY<*KrKq~d8b{u<;JycB%BdUn$m-Hvq) zp01n1F7BPrmi@{`o-U96!;PKXI)8D>g> z_%4dEFm{}N3LGT3$zJwu(LTs03Eoimjk6FFq>2}~46RuuWo2bGwb1cWqlNEyJ(ci4 ziZ8SA+1K7bfCM7Vj`#y0i$DI$0j2+Zxd#9VIbBn`-|sVuOA6C+$XehM&?K6D<}|7( zrqGyg`=N*AD76PlVGQ3tW@j)PNYG20r83Tnc8VD*89599Zu!`A;=sr>{lWHjvpnt< z^|iHEM|XEwZ+2~U@Eh_@%vyG>N|XhwnhRA`voLQQ#~g^@f&4E4L;qUyJIGJbThRE6 z_=qz+mF9;EK>N(d5|Zb!0-#bNr7;d6YH+uw5Mz-OY-ki+*zcr71c11|$2el_BSL(S z7(@&N6)9j`TsMZbGLDMU6%aRYR*~ zw{jQbvOzaFo|QsE_0|-K$WnRX+pup~mx((XWfDwPH!8X$@sb%;ldqcEWcuq#8=u(6 zHkOMC(QfJG*ilg5jtG5K?y=j;RAnNLc-w}1^x^j{MmsEXGhvC<6l}h}<)&EU<~z9? zU@`mM_(}{T2oScngdsW5x)94TamQPyq|1WXmObr#5=f^+r`A2deg4w-$Y^9TU%AGy zi8fn>phw|7oQgW|Z{HDRJs-O-Cx~F@p>Ns8Pz_^!46HAxCiW&XO5fWg2Q{NBp?%HI znZczk^1^?iocJp1W>fj>i2KD7q68DIWyEga$ z>B-23=DZd5CS;A%t?9Z9_hPHhCdtcQw3X$xM7k04?An)euaM>S_RG_!uAjjdgs5(R zR{$L5{AIP(Kj#D_tpQwHD@9>pp+9b!hSBX-0B(PP@dJ}D2m}oxIZlb@Hl&RWf?7`u z^`som9w>&I^S(#ad0D{_@ODlvHu6)5mGLdsiHY}XhxeN{U9sfjzNF}$e6Q{r=9G#j zF)UO{$X?gJ1aLx_sOT){`kSqrsDc|gvWU|>NXgz?WOGFIep9Dj2NdEe$(|9SHEKUCt=>(q% z4q)MMIYD5ngAN6Ac&@q(H>c9b_wQYV#+yB1(*1w#cbw%T*&jSWo?qU=|HeK2;}-sl z*i_^nu_(49)WtKaTzcOEZEB7YJuj97ebr&ejIFkDiCw73} zGmB?{qwJU2i9hq{c|w&ez-%15Q7+huPtZSGxEca5jL?_kvFH^+_dBO!@~9q41}{6I ziWl;s34)mnyg0v!t3U>rc3(Dsrrdh0mxj@tPz@E5j}D>V}|Hq2I%vEAQZ5YOP>SFeIJtl=dX>h#+#Z;?)+CA zL=L(iqr@q=vU*Y6hCjc9jij=SdJxDTi>cX{^!e=5k4*_u`iW!q0aT;M?n{$)&+q`% zhcUI2a&`11adTehxt*2u^cS&rD?cgZ6wv#wasV|s{WA9S&qn<>RsD8AS0pSbApMvI zA&E~Ape5Y(ZVn{+GrCYe33Px7kOaLInhKL?@45jg3sX~jsCAC2y7~_Ayty$UMc?Cz81)E$R0HOSO)7(lx}`!E-_~Rgi=4ko1}H zBV)nX%)dmQXyx#qd~~>gtK4Iil3%U>ZZ}gsssgFBRiF_!Py0Xl3j#afUJ-oSTLe+sFXjm+!o)WH0U}`IZD1O z3H@Ci5aT4>S7G55RQmRW%pH;2pK$XuyXXZC?BdrkHQT?DNCHHEXx{BbFbHf`8$W$g zsxxZQdYELNChskI^B#t>q~FKS=PhVAx+Bd|;pwWu41%nZ9>>)8%QBfAq|v`C;HKQf6DPx*>XQ)>Bz9XU;Oa z=x<&O3t#*Dk-g;3*J_8il-Ub~~uS-Ufvw4n#sVI(Arw&@>P6Pf1sIsIH+lR9z=(Rko8~1dUhwnL=@z+YBPenE1i! zmWPO##1qa$9_3Jz$)qXINVRdRvgDnHjfM+p4nCyLAihO6uX!(4f8 zdkz^W>nBU$fytF~j&ZIQIPNVzv@RZ4)HMyI12hiu6!-RZ!RJ*o%^PGK z$C@RchTMNXrA>s4SK$zt-ZcY&KXfxJ@mk z?|tAS-G)ODt}DZbd}Yv@wY=}Ibl;6MZmDOnYpOPxU(1doa7VnMkF{)IruTowU9#_} zJ^2AK7k>a``u9lRKgV7EJs$=rS4{bztn2gtWW)ZutV0A$Udr?1yMHKCT&@nTR|TB% zmcI;068vL$=wEYIfVVvOhqwH%j1|!T2|rJ+yx5yEO3?XEJdrC(h<+`_Jdd=L2A?t+{t_M}bO9!xBEwORr3Z1Nsn z!of=5Ad1M)2Ljxi;++XdUNn-KF+X~-z29toFsd27)cyy8eR*m@zZJ*hqt_=73HGOw zBeJUx!bwcB1C${Gz^FNg(z!~ARuIXrDy&nxFbOAwt9^3@tqhpD0a~0v2tDK&m2h04h-54Kcw?ZKlINw|EHdQ zb3%biCo%vh#4RX^CJ_UNVkwLay5iSDSS%DN&Z{!@L4BG=I)r!Vb4J&uQ{w^-vUWcj z{YBDCkI5$Ry_86MZMh{9(s3cD{nvK;Q*Nf|m;0L=P9NoRrcvDU#^qi9C5S*zboR@6 z6Pv0N=V48|cM-Y@hUm0+w-Jx0zMl(%Kze)Bj!+LXKi_%|V;fEAb)~lft;G)CJm|pQ(_#oH?#)>$-OqbPG~eGwuvZcBRT=A9fiNucbr~Fiw#V0N*agvK{)kH(W(ayTJNA?#1$emS0(fj z8cXn+@$Szk6#}VIhV>~T)u`j%uAW)-9k8(6bw&+Hdc{*~EOY0B9@OlE^%Q0h&wYtq zQ_-}pGI1^}>lj->g~RSR3M+JDkW#{toq^?SB@9Wim9+alMtU~Du6VKUBS8x%h(Nl> zAhahU8b&QbFR|az!X%~-dKlL~|0eCAdaJJ{nOoFF?~N>CCT7=kz&PAGv=U88B@6>x zNJ?%@$@c~azmY6kH>BDj`NL8mO|?(r&mTXFoTVs|ERzro_q{*u#;*?! zu#3^loF~~gunWv&x!Lm(z4l?nzd(9CpSS)7H=V2QX$kV9BlMFVh>|W;9cN~qEhv!Eyn_#M*I%M}4=;ur&#@C6!k~n2n zS;uNL5!yP}SVs`Th!gD^RICK9&ICp_1h)Y5EGLuR8%TZLARqI5;#wdAu?aHFhLD$#%vfd=RL-{?jE!vJmX80}ko9U*0JG z8K(XzwLeAnX$;Cw4mn^i-gF@g4qm8Lvw0tqQd1Zi(o%ipnoy*8pXK_S`t=)bC5PpJ z4YTBpG>-JUy$7Jre!|IXeS-Id(CM0w!l)&~9Ii+DsN4auoN5^Oe#(Mhwfb`Gn^yCy zU>qQ8o$42k5JojiJrR-b2+7b#Mh32qnRF*FVAUKl!kHOU;ZedS-2rti5Pj|=PdSvW8nVi5)`AmY@0>3)P%>Uq-3I{*S9 z|D{0wIUD#xAb;nK82%v-!`EgwKc{B9NhGDFFmlAjx~U^!Wcf++{j&P~w{FGzO`$#C z=zH1h*{klhAU^{8e~wsgrCMHYgrXScQmS{fZP=R%7qpG8hb2URr{8ad_<@WrR^VVC z5%pwOwn7vgMFB^#Gh)OqyULn#kfAC-xwUcpNUFez#GtT;d6I!RqS;baEpn zn{|U!aLW3p2Uui4S1nBR9bT5mas4iao>_>itTgfGxnV~ z-;fc*dc5I5-jrU1&8t@?Qgh1O+q?U8vgYme0(1@|i;nBLi`F(CzAYF2QXFmMfj**S z%S74t;!d*3Z{$HAltGdW7u=mS1+!{jlJDBR?%;0x&gC4qscB%{s96pMe1#syos7zW zM{mA0Ot_z&ZQ+Q{GX^V#0`Farn|HD)f3v7-&pVo@(?R+ucjNf_@*vFpuV3y}B0lvX zE^6(6?XfV^jiQL%?p0+(NfoG6-zi!ZvOZt7`jNYx|bEwT|E|$14wUPc`BjeHOJs-F&#i zFVW=SRC95s-)A>_usAxr{On0cs;``}4zO$QUwVvxvF-nu&F{!4>A)RJ6=h)jhEzj) z(s)qZky5zA2$>Y2+k%q?-DzXK+mt4v?Xw2B2!h zFj&C}VhL}u>bXzQ<;;Y+#lF37oC){&tNUsDUZ(q3v8$ffOwXtg(tX~DTTPX!V$*L! zAj9e{di%TTe3P}H-^$TbgVFP>PT_}20xdq;?$ji*a?cFyue0{T(x5UM)&wTS2ELM+C+v^g-??e$rd8=)3UYfP>5SC z+Fi3Jr8Qz(exb1&{n8x5_yy$?U^-YGU7Ey8`euNEX_`Pq&)(S87B#ytV z=9d1@<~Ss3>2{IDa3MXrspivUrL-Ak!iUX6FA?`fYQ&{IA1yKaaLMWk0g2H5+}Rk8 z!JS&k36Ax}uR&}Ox3j0QvfgfOJS+U-eFlyf69e@F6%=Qy`11$vsd1Q}j)Zv#!#|85 zJjaHtA8i&B>(#fo2<>yvrPc#Ai#iooXxOt;aetl#CG}bpw%$^4GwM;EI zWeGY}+1yizaj|1<*p_N8aSW4B`Y7ySB^Zy@0_yLmSFErQFYz^a6I!emf1bs6&)1#r zL|hk=6U3JdB#)q*Fo7Yjp-+!F(GPsqtdWOqFmcnEj^2!;0?pwHCQsyb-wvExO0|7P z$lPYc%&1L{^_zft?_3HmHmnYI#@eoiWzgig2!~#I!l>S{nL1U9TlIPl8%jkYr;vulE@CNRRA#RS|rhEl)U^j+n=4-!_l8Xvo(P;Ok|Y(;x(?-T6Pxi&d00}n zln^^3*C-tmsuv&b1{{4Tz6(`fT!uWKaJDHYu^QUo z`py=PK6b_Z*pbvBIfnr{-S2^4R8+6I&d8fnlL?n!Ap;Q*9bv|r-W#?j$pOb5=ynlY zCVdY~$1Tm~kD2J;QuW0#sI9kxyC$SDZz{604facPY>B zMCxO63MNy@8w$l3dM&?hCU+WlB&*nul;&J9r|-Q+AG@|^(ez!_t1J|Uw&STTr z)!GFNbOr_o#RalRbgq5Q<9p{12XPDx2kn7&pWPMQGDC{Gm zFTV9TA04W5|MmE;D&R7pDxYZ}-J87z{L zSsl8YFoJJhYKJ(AhZ$kWYbdH7EBm%jLVi1EPoQwl13Gb^mb2No0KF!#4y0{%?9lp1 zk5Hal3RX7hmOpd*HJ*wd(A;k~v?;=wUeRUe@dC70F?-GFoB;;hYGyqywFG+0!V;~kocvL2@pzvGprQt-OFNyzDUos zVFJT-2@+U^De;?qsd-u$9glcQ;_qMN6kDsGBnBGf+ zfaLJ%7sNsCJywuHSYwLB;4R<<-Uy>x`HUUVIhDPpRR#F!**7YbcvicRIdJh3JJ4X; z=Z@+LVj8B56>L;YsUKTbAk*r?!KT8)>f+Ht>^0b1aDUDZ*ABmCFo_|6)!2q0T7r+V zok~sLJf?f=_45)QVvZ{Rqok<_@cH)$E7V_*xXb^kq#W*Vzo~0u;P`*~^}jOxUFd%P zy0D9bp_PH5fs~<@v4hEPXztIOii!x>f0+L9P|tmS@d}=EVX-r9@iWL-Gi}$gFuzyS z{WsH}^>00Up1FybqyTR&5BU7MRFMC7ZH^A67XPOO{xy#G`vQMHgC8)``OjV;o?m}d z&A@}7cg8gk;FMd`6LMbr=XGPNJRzA#~=RcRxN{&Wp}ZO~6u1kK~tlrc^b+J!E22&)YdcXcqWU`Q)4 zH1Q=t@=WBQmR;Fj&f48$g9wA_A{dewW{DRdqV9?<>vFUAnd;uRMr#MAGjkQ23dz{0} zeAK{nb_n!{ICVUwW9dxbrHV~pALx&x<7<-wbBvv@hpy+V+TdQq>(lcM)|h`>0j)w!t>VhBU0wZ24w?c>-5`HtgsYeP)YQ6#kzA>zNvwh<>?2yrj6 zB=tcJ++j2><0iz0lJC8r-IpJHFbOZNp!AgpuRq{dZCT!|5d~#Qcnd+iChI4D@5|Sw za<;d@z+4mUL&n~alS=Sa;Zbx@k?tCD#(d1Ey;X1XcCIVSyz&e}NtF(a6YF7c!vHmZ zox>ML>i*!>9yLPE2GNaw{;sfSUbZJW@*+WtnA=w?MECm}tk00<(S5)j3REBz+jRpN z+vNis+ie4&+qnZI+cg6y+m4ZR_|_&K2oJFXNikI>ZK31JkyQjbb1u*iK?BO$X_#vQ z9TgWi+pU;uf*n;Cz}u+#W(A>J=Crp)JZwyt;S6>NrmUvKM&p z;iJOL1G%k_+%@g;&WQDBF>{h*RMk_^FF#GXKS)i07ZCMS`sE$=ukpLTm^8p1|GTeQh&6J;WH@7fg7RA3x zb-eQKjRMBJzube^L~#f8%3sF9#OkrLoiXyr2w#{rFrAKqAJh)HXoKprYm=tj2{XzV zx4AG|_N+3aEwIy&sG`HnU8Pfvgnv&&1j7{i8b*0x7HZz-7JAed ziHOx_PNH4((T;r4SW@X$dW6T(R$y zlPJxWWAnbqnV9-8Y@@Oi4194c@i`R}4W@(!`C`)!b*1-V2w0b<6Ig6@o$P`rpuV^Lba+XRZ z5EX_ZPElCN?)g>xIE9QXbqWTXA^$-C1mdKf9(}ikg+ZNC&HOl6{XR7@nbzpR5;hJ- zBV_ua(IyNe)*Q%)fLJUJd| zctz_-~ za!xiw!jEAK3c?b)f`au8qLY~JbBomLnvs6M+j0o4@1Ua1t~+Kn5iTng5X#ZxpLX&kTvAr$H|SQcm(jMQul3!@_#fuHMaGw_pFU=v7a z*Kl>ZlP+Ti;Rc7f7ez$bNT7G#)U&x%vf39IN}`kab~LmZ-Q|zWDpkR?d|g0ss+H4X zCyb>&?&GbzNwxubOLt8Nz2V7zVTu`>Rc-zCg=H`K$&}WndF{>G55(-)U#&C^@QA{{ zH0;0TdH*7*pREuL{zp`Q;wwPs&V=8y(g1vwKl-#h6PqjX{Iew@a?$8h^vtqfI-qyK z?=VZ^f6~(&)Q|EGHH?fyT{HVdC?vauiF;^$%1m zu$)}L=ie2N_Ky&N!NFSQ{{#d6+DZ6Nsr-BlKqf!_{u>-fh}Vz>q*n*WktK4j!8Spy zL&A`ep zCN&>F-9MagzTxsyg+aZ2g7X@|tNR4qn(^WV56e>#=-DcFd_DGo>(F7T8~<$t|JM)D zTAg>5>&K^{74&b3U>H%fW7~F>LFPCm=s)%&NCDb51`$d2lu?Xb7`==ttx9FA(IkRl z99{aQ#hBxrZfKkvQt<&z4)ruWop6kJZpwR+v_1=E+WNgiBO1Gc&mSi#*tm<1$%*nY zB9g?@FrD@inqr!pJ_houvMCw#r7|$ zDL&6gz0Id_%%HMLf&56{uyEkmGY2DbDH(~(6(E2pqKm>g&te?1XZoOfERfbrF<}w1KA@soI07&FcF6U zV}_&S0?1+%1Ez;CdepYDHz>AEd(fhdA#{W~gzgzHQF?0cwMabPJ-pw*8e)SSCs-ro z`s9&z4gd`SXwhc~+CpEEv<0+DJ@6jhZlEl4(>o(2yt6;BHQ2?|d4V$585JI&(Hu;o zK$SMOx!m5l#~!mxMFXlQi#ejO?GJ9s?6%+36V##$p}JK?`>j8ap2NDD4d4)D1^v~2 z_$#CEpAGrHaDJaHG--}_m{#DtNW@}9zM=;2 z2!O`{U=sIn(nvUb+_eF86m4e8(mBI>V*}<60(<7a_Ys{quh|ai!j?QXNwHhH0LeDg zf(Ir`sBeofTIsW08pxK-KpeQR@M78kA!cyNI<;@A75Z^3rdJjwE)ickHETbm@`{l7 zoJVAfk{Je&^tc1pQiB`q^i!18!)ce%RIdQdw7NvOIo6CJ50g9U>}-A(k=%pnHb;0o zm#;tXMa`!wg|yNZ&hv%(;pB!EG{d28 zRNvet$$Kd@_JZN9Pzb$AINTzFpi++jxfjoH$YVjU+Ruc?e7I12@V5J)I^q|IdK~>! zA>WXz2r3KjF*n`9tnp_R+kDf8B)6KwC2(9tU_Gb2{7+P)%Rp$ZnV>sKJ4H_mz9m+L z0~LDw9A=e$H8x-jIGh=N>B`9d{X_#CMbdxmvhOJW8~8vlQ1!}ez zL`4Mufj+uI^gkvYM}a*v!+H7O72Lx1nMBx^I4JX$y07wTuf0j%@Yy)$=L&6r;OzB~ z1obTG-BZL-x)Mfd5@Q1>S;O2ZAvtYB^*lIc?5&Ef8przRw?|FUqX}AQ0{wLQa@ai_;*2id<3# zoE&{C#`u^S5pzar$AZdW36Z%Py7;Q6O8GDtru^u;$1A=lzd{%ylzW(xW6PL5_FiTb zlUi(ll(-=7msfa(_q`3+CT0e@8OztAI~bVjVY>Cot>MALFWI6_k^<0M!Hc-^A`53j zx+j%{xsxAizLUAT9)Cx3jooP;e(mrg&6>tI>H1W6&XRG$u==uOAFr3p7yIG?gds&J z%v)nj7`|D8cfmX*UMhr%pN_MIz59;#Nkk#7{v`}ngkdQ1p&1w%M~ag9KnXK zK3@!}qE6F9Ac>l|ZZ?yr=JE#4aJl}oeJb76uHmYCJD%(tdl<+qKdlb~saq@(ft1Zw zR!kMM^3*d?N%aP)bje1zA@nt?Vl|YXSWUZ`PPz#|IOb+O%Q(7If*5r1Wy&M~J@K2a zwp3TJzM(hnDTR%C5#LX5!;^_8!;`*he4wqusH&Gs2+o9jswjfZ0Y!7dPMQz_r@vnJ zUJ!m0XI@#Ui+BIik0n7PS%Z*bi zH?Tz_W<-8CK31w(D!$U2Z*XwRBla{n@`tGRiwqjR&XZwWSMpGT04HG^Wurqn+zMqc z8_BzngVdpv4~V0;N@^Uh-HUYZvE|T6SDlU@%w^irPx$=WXgPY&XO=Sd);xfFgkvN_ zJV@=)LD!8za_;M*TYlhrV1?eMZr0A?wacQbNttE`kmKL}YETLjZ5GeXevbP zR(vMH@7YY&jfO#t9lltQe`upk`sOCgK_bU6e{{1N#1v+CIOW`vuUP>zO8a=8gEvP; z&}N++WX}h&ds)vOn;gd9!_05Tah6^Nn@Cv~u-fphNP`_=rCqN>WGG?}+4|zrpEfm0 zHw9r7Val7enXz( z-!*voqFASL1HjBg3S=h(d0hEeLGzxqHL)d(LaXArU z0(-qyCkF|!(i^9Q~A9(;T*zb%JjvD z1D?J#(*Q)YU`1JRL)ul$M8npMl2Scav<7o_uIN)WyP+?L1g$zPl@Jbt5Q2bVOpqN( zPc=`QSH5yPorK1l={z3&my$3_7;3s=!=R{0=}6bu=1bTVl{*|zNO4@j%sDx4by3U} z!7xmtJyIFSbD4AV`7f8&$&@nv7&`@z=FuY+&`+37MdvlMl~GMJUKevvb>cUV3gw@F zQg~7WSLy5kN__pL693vp?2oF-4|XlgQhpv(-v_x|+=q^{Jz&F6R}su) zo>r&}UYs#`fvPBDC{frVA5(AvKxEv|y5s5MHnUHiVuKGtSIt zqo)UyhP%JQvZ5Tp$}$PtI0@M?5$ipOpg`z1B0IsN^-oxBlP&6M876PPm=dY8#rD19 zU>Pow8XFxSx9JOb>k{V4X%d%I0zn5yS8b37p04m~n0BA=nLDhV;kieb%!AaLT zPg&LOq_wrxo8hp4cd%SB7*|e^O0Ya!gKG+h6TK1ODt285L!(lj{o3O{`%y>P=Hrq3>HiuaYNgj_}s?ajFmz zAIz-o^eQ;sKUQx43~EVlrBYhxyS!bkS&+V`nOAep9Z!knrmI|~{;1xqxxss{T~Hp| z+@`F_R7N{pwb)`yRiUc6oJ5^4TBtyz?x+a&qTaEcWd{Xx2h{}E zq|*i51rFi??;_VF*wqWf1LENCPhzE!ZY6YIi z$hr7iUbrVeAKAB^mzB&lGnWjSARG;@SEk1l4XPc++jbxrTCHM++ zUhcE!LkHo4>%!mFW`qXn0eR2zRtL;WtMmX%K{`)CT3 zFr04@dp$_;EJrOqQGG}Zzeq25FL_9My%D;cfP1dyQ^wrnk&yw`xREz(1{3)vJk` zil)cJEE5Lql;Yk}o54KTOGuE<^+zeC`tIQWF8lVpPM<} zsl2F}x;nntMs(|CFo$9&ADwK2vYLDioggbuDmtdP9qRK+XR`V;&__y#`1j7)7$K=F zyTgaRzAf)wadgmUx5mm(CJb3vmui#(2z?e6Z`Uv8L6AzIZ626Y=AW8^FKWO8tG1yE z`BUn12WsszRz$4`p{CjDsb-HVKW~_lRy5`u!izuoOQ3QJty|*{UvqYtzwIMKtyT;Q zLpHQ4aAs@S_Mi^;6wCvxQFR*T`f%g2F}&!q({PaCJ`y4E`@iSC{+er zFZ~i{mXcvVSn<6y+&&W5u2(uYng?cWQQ3q^PrKvLS^|E3m`$AZrkn5GRmcTRyt+7e z8m;smOv1c=bKVks+CT&L8Qc#(ApSu3?1!9t#&13S*Uj_aJS}K!4D6Qp$9-oc6OfET z71P|@_Vodosur($_etOr)|B9B8 zScavw$|zwvuA-a`e0M@DOUg-`I=@uP4=TYGbz28F_n2sE5atT%`CFb^q=ngwgI4F3Xn%(*!J_thCv@Nz(D{KP6 zudi2rymv(aVpl$J_HX|-0{k_T$JEi#2Hm^sq*DMJ~N`I3(3Mq5(HwVLmfYAT6w^;Z|2 z_x+(VgvgSa)4~>a8^X&WL&q`mH7zTlpHX-oEpIK`uPO^oeKrm4ptm$&bLAUR0ruVXu zWs2G9@~v!Q@^kYtfG$^ZPJ@fPzw1mDxm&AbxtKy3kJJIqDrhwROKxIHOQa7c-j=8R z7OBUP8TbvFP*Xqr6=^)z8BAj7k-+z(uF;D)wN7IU*ThgRi7u?{6Ea2WL>?Ka#f+90 zhVKrunsOr+vJ{tL&~%xrd0x!;hhdso#^jZh18I2tYK3Z1=zbimz*!sHy@fiuC#MLuWSy2N2B)*1~O>e!8$?hRyX=-LonCsD`ebZ zV2s0vJC#iqiY}7betDj8&8mz-rZ>(wMy$w6a^HMwlnNcjz}e8yb?9fpE$GZR@_@LPo*xha9Pp#UG7f z|3irZCCKvsv#Y7e>0X+?c+9bWTI!C6ee&!6(apbb7^ny+CI<03mg_%6n8_zf781}j zSyMgJFgy~_FCnIw2%t2eI2fRBK)GY})3rML+q035QE_qev4C{nMtWBKph15-SR&+W zatN_lN5TQPEocx6F~X6O+6;eV5{=gsh>n8!9{!klQAor+Kh{!6DCZMO&0OGI>G*Br z`*Q=(KhG5>XGaTLvwsw~{+xvS|1hQe)8gNELjNituVJmOJuf^E(rHj?8t5#CvS3aY z_&ELOUy8U;RLvIWZ26#70fxcnhd{QXm&t`ESf?;~??{_Qbfl7Ls@4Yj>4a+o0-#n6JJvt}vU$fj1WGZ-KKtnt1E(c!*kxZg5)3YNk=HcrSs2#(TVF2P43 zjNNL9{AAiaB4hx+(d%lG#CBZmzRzyXBbdkL==t#DV@|q0^v@g)l(3Nr6d-6_ejDfh znyv7kh2oE~`{nRItrm&%a*M#^#TO#d(O%@nQyQ{yGH{rnWT7-vL}aoe2(6A_Ksq#L z0LACf{L|?)J=FtIf=>vl*O4fYyPeUf^3RtUoQsi{x2vc8uL`QW89hxhQ&d2n2tg_NQCkx#AZ9G&n zJ)CZ(1>*GcMhpwKwII{-g$_dNqr*E?>K1SL+Z>0L1@SAPCbkNuj(yahV2sebF`g9a z9Y^9G{hDC+H}w2MeVXah1L=cveg&V%%UsRo4}q#ZQU^ z$91M94Uv6<{NLIVg`r}ul)izAa^}io$@@Z-L6U*6|9Uczh*!juBkxU~xX?Y!ekqX; z96M#7izhQ}JRnx>MOEU_@7}~d!Byw83PKZJ*U6ggdor&%-X#R4@=)IPuKtvmGmdUY z-XrKtu^pT!!!e^d%BiZIeyp?5>-+$H2bxajf!7&ngj|<-x9tJ7P5I#w9+n>C{=iOww4>sA}Ny*iHhks zV(w#5VGmFun%HWeX&Zp_aqNYBdG$is*HXjbk9;gm-}ErQe0s86xytVg(yr_-WN?`h zr4b6goN%Dn4)K^k&|De*TvU=qH|R-?2qGO{e3Lp`$_5|fAzlr6&w5@f>ea;59B5S+teh2_RdTjssp1FJ8_JPSkzyGi?aUW#KZev=VIj*R zX{7nHX(#6@DkD?cxX6rul~qm#s*$dK+L2Cl5ikG{M;3dbi!OuhWHx2e=pjmcppnB* zUblottrruB^Nswly6@UURFzc2s^v7C0RKX$v#PvK?jMYgk&FSe`If;>8_9H za8thcvF(}pvKI@j?YcjUZV~dPA)JNt{ySvu9TLJ)?vyS+CgYMiQG7Sgdet-Ht|Dw( zg!sv6xKKV6l@3!o?ot4(FEmf$S6J$WOD66JS9(*1PZ=@u;58WQgJ5l_UsP*QJ#zOv zf-(U-(3zXLnwAcs{*xhC@}_e0Hnqif)r-Nh#g6oltj?-Cu*q2EI60l1pRcv!xy z@&i*7<*KCTtRgba-&f7MX=U#X?h<-Cs}$}g4zkxuErTFke01RIbjvt=sI#Vg13~1n zbC=0Qff;PX8$qgMkx~U!z(=7G+@w^iRfY_2cD)9%?JLYj#c)Pv0)?esLc_1rX(!P+ zk(JH-u3OnQKVVW|;C<*MS)*CFEbBTlJj^9{C%}KiS@gcb6SJc0+H|Ys3~D|Twq<6G z8LG+X^Aw%>UYjDrC9yek8vZGA>Vw3Y@t!Rj44TGb zTICT^p0b>7`PC!DJ5ov}|Lo0=p%PW7oz(=cr(b@1^T6<%@FQ$z3tU=VjGX}{e~uu* zQBCjx2C%{M;37zN3~O7j=)3E&A*0d~u+a5r=5nO$LIJP7 zJi*u^o&W+|KnuF~dRR9<_mId@fO5JuZUZk@E{7Dr@yuimp>L`|W1mpy5aZbpRj8Uk zEE^XQb;woLoDy3h8)e#Be!Ogb*cJL%U+*%Eo6oC5FT^1)w=;TX!zU-&h@TKspHmbA z+;vRoHDIiM#vLdZf1D&G8WE?WXh4($)d*3o2nK^I zWOTm2;!8Y-uSCQje z9wyi}$UV7zFJSL#HFq963MMK)fjy-XOCSu4O0!;!C9a@oOw&4xFKQ;4r6f6bTF8=2 zJPD>qmH9%N3VfQ24ZWy7tlYxMiSCB^xGefuM`ox;=Aw$^c!BgCraHa?nas@`qX*@)Qg=(*RJg%G+t@ym|Sxvm)8sSz@Ht_vmJ3SYf*MFu74E zb|_}J0~wJ3S-zh0p)lLH~kwRO}x;ut+T?Ybn~=ad^3q`F z(J+!uV8Y|9b>NO`M5f5|jLT2AdjDvF#Z49m1Hm1en(o!+#qle7Qm%T;-h0ffdF)F^ zGw<+s4IZ+2VeQ^8H!kQ=Bv>ONg<(75jk5j z<&*qi?+$|$O?F*X2ETt!8QEaLF!##}?9Zc4whlfvHxRZBzYWWO<=6iTTNN3#znv;w z;^%)Pvxba0%iHK4XdPCpIV!7Eu@gr+V1r5~lEUrDLSZv4kRwkm%w9;H{cK9cg60DA zkJ^})Z@k72h`6;gQCh|_qv&eq4i|e&Zu&eU-aCE*W&h|Zl~%w=_M9SF$EI1 z)muar!J0S?b^W2=?Us{oR)>a6C?$WORv~)B zNtm)05yaytXaLA--v3;ta1!RnP3|gnhOK%OEzH=;W zj8%rZpXzzu)sms=5%w|OV7pLnrwvwLpX@u>kHADLPm~o79O3%kj_`k@Pk&ZJg8pPQ zfOGd1(8kY?|9)HW*BX%jK;@?)K}SbJ4;ec%3*%oqE|>Tp;;4vyFC-F31kK*-fq~>O zI@p_v#vme5VMrtgJyQ$x1(PT7`IO$Y^5nqU9iS`>x*~R2+L7z+?91@c@KN9HBDbFp zD)eH^QJAL8yw8{Xl)kKd%QW6qhmjH`YkPVE+@V)U%>LufsqTz8w=qi>aNSU0!r~my zNJMJXtD}b4VW=C7P!{MZvj8*u9`0dF6zcp-NesvlQ!pBK=zJ#pl}(ws=GDEsC^gxe zpk>|@?dDBxCCn5u)V_m=%tJjX@$WjpZ!d$EvqXeF^k~Q%hhg3lIee_Tv{SXcLY_2* zE=5VzlTf_Q-_-~zf1ffUIJ>LY-;+~uJl+$w*;uG!kCuW?uGnwmi#l=0*z=B#_z*|+ z!qEm-ac=Xy;*DFaA@_!hg_F?1?Sk%+p_CgJW=Lk^IidBQuG%{)!X$N4{eTyhc335B zTi^`?&rX#etmDVsmowbtxBAg*SR?As6O}oP8kkogtu})ueuyfG<2RH9bH{~5hf;5aKj}9vp{avmO?lE1 zLAJc7g#|H|5ijcrE*lPkEftMr!4n7gw2KJsn-<0qhDNNr#qBOXOeTS|JAB}MGrJ2h z2(}~Sga_ulu)&M|m1N?C{qg;6XJR9usXrk~)Hv|lWznC+Zw$$Bha>XFsRK1Xs(M6#A; zOC4zRg>0cEi$m0c(HXp1WKp3yoCEz;@YNg$27}*%;jfv&f1B1nNUp!F0kY9! zz%>A|w@ngw$(s8u&HZAdO&VTL6v|;j0LEy+ukiDaJ62su_PWaL;(4h74fV0GgGeS(K+cHPb+QRu2G44w>+*?Br zbt~;rRZv@`&bLF|F6mJb95~P*+jOl1^xRz!+D!O)cZB%l>>GnoyaDeN4<_}H7bxy5 zCWJAxb!#R_z;3FUho(Q98C`Ws*}UN_MavCKrN-?vj+L#7f&0FO!cT3`GCz(d=h&+A zz%y@r>~K2lWjG_ zL%PT?yf7NFQ2&?&;Pq57{K#QooUSl#Jts9P`d0EFj~DBziU@_gl$sq2Gl=(G%Sh6C z{X1M*CBJ~CtLP_Eoev2?1Hm`jTcSnKN*}Okpxy~b(T=O37o~z*0{jQ(p5HZQ(2m=p z7iBzOYsvpgbbLjtamx&x5Wi1!{LxuKR#ZihPEt;c!N$-PVEd2wu^;R0-~Qa#&W0W+ z(+l`#sSm`zGh}IO=xE|(Ve^k3?MI~kuaEX`i}t{$b+@rT*3q_GtVi~h^9_zxOb-P~ zj<;?)9&m_cjYm(*`S5ASnTw-M#VZOs&U%Js{VC*4qRUr zTqQ1C(a048bqzOvf{QO5O7Hik9YAV2v!jT&=&NPtI~(q=Iy?*s=EXr}Jv{p)#h$JY z)gKP+!cVsL_U7(ZLvNMMF+UMOHwa`$WTR0O>Y%k2(jy0jKxAmjqPi_j1q+LsbzK^G zn|G{Ie!{5UY|FjnPulmdi)wCym*)%7&~08uBea}<+aBY{$ee81|~H?)4Wxn+63 zTX-0kkZeUAyN^yMQIEMw$mVz0l&<3Pr_2 zsB7okH9|9-;~H6;v0!taC>2n-hJM0^vXY1o5(?6cJ z3CbDo7!6Udgv>2CT2LYmr-=si_r(`~q>C6WZ{8jFw%t$VsQR=wYG6)Dx~ia;IrOYY zy}(sSnX93DTF-TG#sbKORp|pqI-#52}e8gdV z7t`3)A7dE2NClrh*C&2+-fuxR=#kBcHcMjtc;w{)r2v7DSpJSfpnqdrahs%YiPp>w z6qE1>w^UDBaWEL%2$7zKuTIcEKOQ8TJFI_I^cC2oktTCo8j70+QzQbV$Qy7H@S8~u zj<~KRMyib{Ge&UO@=z*Rc$60MA-gTaN>>lIxUVT~-I%CI-1|x(ewm^a+sS;UOH!o< zTh{P-%^)zw>Vp%cOK>o>uWW@=9Ez2TICK$-UY=gRB%jMjIhU+aCG>}Uj8isO4Rqbr zJ}ji+4gC~ymrk0;`p0lgh)0Ql}qKK$6&FMgk{|4cWo+_!Vqh9Jr($HfCpAbBS zm^aE*b9TLCfW`KnQOW9y9BnXYvmmvuwtg|xWGq+}XRrmHIH@;#K(ZEoFryFyd{hFo zh-z1)7CGlahD1=YfLQ+P)~*UIa5&>iyn0rn?(C4>sHxv2!qyy#cxml@ zIkn0B9vXHG(mXmqYzn8LjLwHHJ=p7%A_5zKP94-5t`0L(Tk;rODG+Kt1Up>JX75zJc~tQp#T7p5#d5AUg4|X zby{PlY76V~w4|YntB&Ctl^$g-+v7!zS_>~dR$}-D!@ww%S!;Tjw2kOuKRRWRyvZ95 zoU6mID0c&9MtoSo06(eOWzH(~+RU4EQZ(4jECHD_jAwa5a+tWb9g{2+eM%w^d^;4i z!-=m{H%nwYWxXE<99iD5zFAyc)e4kJfHKItEkMSDnP=U9<>KK(;y(uxVVRrP-21im zeSAZI-*_|E)%jCv_`CUv@1rB-l8J?G&tQ)f{)`7WC&S<=B2`?Dvf{kzn5+10uD#_g zAS1pj6_d@Cx224GyKpoki}K^xX~p)(^KQ5mM{c|NqpR`-Q$v>w?|kpic0xB3Qk5|y z$}!cIqsV+sUU)apMnjiRc+O1I`9z`*oPmaF_y(WX47N6 zWfE-4bEZ2gEZ3yGm86PoqCH$*Av0vfGMe@-CSoKM^1vbMyQhNF6*3DCB+A~KQi?uT zBnX;=ZMWqobkQrm2e; z@DmMcV@dc8&83O#M~(>*8kvP@4HB|eV53+L6eTV&Roq%sAi~NK<|9e(krgYyjAbn~ zR+yiCSG(>m8|c1Gk|HpTnAnYULojO+3&Y6@`fB4uboeDrc%1)hf`QfwZalNYQL_@7 zDwio=#gUyT*!v(o_P&!s2rEk%6+pv=1B7 zTi3A7(Z}jd3)6JH6QV@w_XtSR?L}zkRqU!1uftZFpbxpBBqTsC;M#;~=SNVb4;C4Z zD8%Dzb~2S+3haa0Y0EeXrK}bfOH8Cd8Nz6zMlz6wW;iXf>@u+T+j%Vl1S z%Qrz2&EOkjbFtanKLME3Wk?UOCA?OOuCbJcxM*vY$;?Vtf^L!=k5Qe4;D8Jl1C1?~ zP;7Kx5im>v#ioHXl@|j>GhHQJZ+9nNEInWEL!PgNc5t=J-D^f%^Ko5f#_;3~FiAT$ zDlS^uU7uJ+7Z!IEvOmnvDCBqEdPu}wJ;f?M_&l_g<Zi3Q0Bn@K*ct{&``s4 zuxqlwk;u9W{ji;WbCT}MnW7KB6NfuY?+~|Q zAs^pLe((+Fh|C(BT9%`vj5ZZzm~RlHig~HH{Arv2ozaWtMj|fXX{V5>*boDLGIRFB z&WODL_zJhSi`KeK1^x5K67{`Gs_WZjNONKQx@FmX&#kyc0MrhGTI6YV;pIS&oR0F6 z^A2qCqxzsNUi3W7y#ugK(YLqW9|taz9}adeLx+l==NA(m)0s9^G@k4o6{ZXp=wNDJ#VUGZZNx^0QzQul(4ef&4Xo1wVIZZ-Fsd^lG zldoRvt+kgkRN@b`6Tk-{-W*Qq@P9*>fr8C049V`P+T{JHG^I225~t5${>|}0fc>;f z{ovNqM{_M$?^^iDSAG_~Y%IBGztuw(vkE%G-7Ijcpe204WW61cbvsx`y4CL;n|VV{ zoX;Flp=69#elR?(S=xz_z|-_jU_z%G?$uY8_!qlYtNe)2w4PqaqRT44MV$yucBl_+ z6}V^YWHR6Lc~@EK8oK!*7DswRpsvTTL_G^au`Bs^J`;zla@`{=ri8CECgxu|lf5tN z9No(66mfk?;=mghXY{5X!#`te&VhHrOt6}Ek;SI>Iwo9auu2)Fnd}#p=1zSj*RtJw zg#)dOK2P*HZjMA;R(V;s7eAKV(1o36aYCpRmH?x=ajy|eP~>wRm<>c8zSL`Ji8w;- z(6!gfYSHO@F7JBnBbC@tR3P#ns@_=&s#*mMN5>Drj<_)Tw@;0sZ{Da;|Q_PmRC5#m&XMYHw%h@tuoJZE9 zy<1QF(xC+}{G6Dj%Y&nE{nSTx0WOmL{yS3_v}`wF;vMrH!?@vw)2m$t$-fB zIq045;~6tFl#6?8rBFX;jDbH?O4oKSSY3P@tsyRF`jwoc#GsT0ZMK$#ZLph4Xfsy< z-OU%S=$g>k&Z8}gp~ysEZh)@^T5s>=$8lXiId9?%EU-(9#_y6Lexy|WZzmypM>~6f zqq7CTN!e9?M4C>DR#H|`qD19PmR5RXb6W`>(s5ZS0Tq@G4Hm8(7Pedl4izLo7&Q_$ z64t$8P$?puKgV+#wG9x7c_wPQP{m za)Pv9j^;p^C{<5tL$l6La+XfTI?f6BxX!@O|B$m>8p;a5AN>1+5cnPNn91<#nECIs zoROW2t+9u(p_8*U;I~J`zuP1GAM6=A*)shjqZ0qCQ9)%nCP909;L8{~1B)J%?E%IX zrWVG)d_kvw<(DQYNdJ%|NQcZ0xj<54cukW4j-!DVCrTz&dIQEV3d$*EJp}(=FA5wI zsG%)PHUnVt#NHn<|HVM*tVi0Lc~^2<y34=l_>kR!$IgQY6xCQb#nA_w8p5ouaO!xf*c z8gdS)Lzh}5)F$PUwJ~A^13ker-exl6osCILCS3_T$$DXZr-SQDu7${)a2!*opT>kB{lo-8?^&E`4&G z8|ooCSeaOutL9C10LgPq%vI(h79r=1Rm@cmOjV3kz~5Mka0`lX2omcEkd59^6~l(Z z$_UUyF)}d*OoK||6UsyNn}JMPYfUaGiTjIh6CY z|GOJl|A`xf&Fz3J%-_8L>}>h;KYL*}()$zhPapUL6I4b1lX|)ZOh+~SYqLuOECyKp zAJ6yOH{kduZvZR=vNJI>vi{>Gl9YAjrxY-KM`y}&QMa}EOu~zt4?n@a<`;bOTM?PtA4Yg*lRGfE5Jubz z)<3SaRyVkrYwL)m6RjdISUMacYXlI<;fI_|>JQuKIW#}rp_+uFhig+&!VZAN ztKB&yO(oZPkmjljX1&U=(M&D9cEg0IRdPxgs=k9b6a)vwG%|mu?@+(25R)xWqx<3Q za9adYTvmbiiN1oG1A%V99;I-bt8%?U!04eZ7J{VcgUvVRz;{RAwR(&rY23l03=6(F z=&2Hx3iQRg=c_uyWHQMxJC7%R%>6n<%uG(~5i;$M1!P^=agVVB2cHz?B+@MClr2-G za*@!!q@bM1W0Aj9s`Wad$us7zf$xM#2fC6JY>@3N#C7Mqj~BtCX~nRg+Tighnq)NX1!Gc2w0W6%Aznf&dFF|WIJHT{ z<7TY1>0%iZ9TCj1oxt`Tfa@^{iNbq%Qhs19&9`@i4fKPK`qkYEU8SZ>BikXCi5QN_ zDI9P{*FSs8$zQ*^NB~|sJp3hN;_pig-~TV*s{xFi?f%ee&4|~R?o_}GeJB2*v362s zX!2Qu-4cVsj+zmKiUEv@60tFTQIOmTls))fMi(_vNYHsXG<;>mC4qguXOwf%!}s*^ z;`3PLtlO*5IWvxl48E^2x*E-eR-j$156zpfHcxW1I%CK>PRG=ht2$~pbtjlweaJT1 zUZaHYz4niVSE8Gqk`U+8!l<`=S27Xum6ov8%2RADEFtE_OKM2sLjGW>MAtac z#)|$hnmr&!%)}Z6v8I@?;`uX6E#C%hAc8mGq_2XHnM|aoo@qx;E=uKM@>tvQ->Ui8 zg;?vZ-_@Dk5%581%BWroh>4myQ#;O`0n%WKapNT0;V0ewzfHg`N8y5%Cv$-Wo(CVhLQ6zW(Jp>F=Y; z`Oikx#RlLAZ1!mK_n`b*3}W+t4$8C5lS|V%-SN|?KO-|q&fCU%2%NqF+vPQ5cW{6-4w&8je?uBIfjx z7R!#BeNRXf>bFO<(K2Px3!h+{np*#u6hI7=QF)}SjvpWjof~h?S?SF6^=)f?ot`7g zp=?W!oa;<%DpfEwJlxYwSLUh6JcL4LV(PWw=)H`?NAnbmV<$-UDOdHmV>)wUXQ<{9YYz~B1#AH^GSfGrT1 z))t-s6BP@a|7*_xglEM64A0x?W*|D#hfAgtV~3Z1b#Qdbac-)IFf=#)Ek+S%eqoe> zZeV!AO_El!Hl*JvV5Dd!g&98v#+isGYcPTY~rQ%IOmiMNG59so^Uc5d{O)w@exY>bX+Q zzE&!7y-EiLK6b>pqM^Bt)OhL#+lh6bTLH?mgH>#al6F!QXddHmL<$Y6E9A4KVfXN? znQHNydfZ^i^G4os552Yx{M#YY?P%(d-)j7z-negGjIQ6-KCsU5qkg4zHcK1^8CUoD>>_-iLDzhw^VOWEj328}*QiA@%DBf-dZG$IA zLpPAe!xP=1qZE%gUB85*-dtqR=s4_jgpY%RlF}MdUoeZWe@CY`?5E!O_IrO*0!c7d zDY9y$sx18*y>Uw(=&B;@cp-UD%db$hJn(_|pzolaI8w8Nk<&E}f^jmDJ=G3Hp-Dpy zz({k#T&T6)c?uZV`mf&K;3)zq%gNue%lV+_4tNYz2auJM&N5a;%kc2gD!ix(4(5I1 zxMa~#^eyA65Z!tm@5F^on(og6K1i2$bB!nJnMqcak_m=NClx?xn4}@_4J6Q#7F``A ztW_Y#trS_-Yn)WUP%3;#i@#K0VBDm>TvLdIGK9sG#geB^j{=E<1QR~giu>5KSy0Sz zW+7MMp2G>11b&mbLRAQ7S1>_$f=*aCi2RE*8yuBlt$bADgxpOYN^m;5J%km5`SpfQ zbH<&rVnZOWAze1%TLg0A?WDcCOR?gmZY?G=qKaPCEN|2c?m zua=vgt2iQof}QGvY0(KPyAd*~t+L(xt1?2jep>H2ILp2-Ia}Q|Mh+w_9o^WWqj&!8yeno)b&e?|~8MneXnIYO>G{p4CW;J{9gX3mF{wNDir z9}AZ1^HKLMtya3G+cnB^Im!mP&goXe;Jcl0JY;pFEYYcU|ku66-#zr z5G4ScG-`P6LS*&AJfOEASq>axdy7nJGH^_yXxETq>S#+hwL_0=zo)i$_yt$~UB)T~ zrRM&bXbV2noZI zR=&si4mhxj@_8HkW@_Vf$T#Z|AYbiXTYvDq|=ce&H(;mO(p0t3etU*_MdOl zQ{ul$*TcD;VOTgN>)M1D6z31m_NP$2&5%?Xkg7*6%}%@FX=!hu7lBZ9DST<>|y zrM0}81M2xUPR2B(K3TcZ4U~zje6|h};Y|=Z=LtIRKE4Eb9fp=HSu4ppk@wf{db)tSOUB_A4##8vYFWs6XMWox?`T!Iv zsN1jZA06I_8($XPEjc%sVY|AYdHJuA^34|QAIi?u%wAm+fF;WZWc26V(RWLtN#hA$ zP&BCuuh^)*5kJ^18oMS#2^7unx83h3j{FY7e$k_U&JO*qW3@16xDhUy`6cm;CyW0$ zBcncE3ni?cSQ)Q{a-EEv*9S%%>SK*0*LL@kyJjbijLplQZ$%E0gU)hscjGrfF76lc z&eGw|m7a(rHcpMYHu80sg0IJ4?T4_?k5fn)S=)k(1Fw}Q!YtzL8H$U5P z7&~>-8nqi2_Iy1{j&%$V$SdvN$cLrSOBJkD&_^d@v&y2gkgfw-j-&Y4=2JS>G4bN} z+S}{K;=8RMIGsl8&-c-tNELghZ=NTKExBZ^EKa7;LmeemWT>{5;b`aMG1#Jn|bP#@f8E*g+HtQ0U95?a(P4d`f{1rlA*2!*ms0yRtx zxbEs>EVxX;4L@I#WsmbhMQyxYma0|}&pqV#$&#zX>}M@#K_g;zb6H+bV`7Qvm6-pC z)O_5pivqRJV}i{02169YeNr8Jt`^dE*OvniZj@(%IJ*QXeQNI_DN~kVXJ-Pb*#4eI zm$TUz?C^6dXZ@0UE1%Lnb_axKs<2yKX9J}A{i#8mq;5{N&=HyzQ(cA{N;zi@v4?e7 zP>R(UZ@oL%1g&P1HGI#`;wjHc6cL+d0DeR@S{62ADO>;o7na<@B7QBxba zoH{28s_Z6EQ-^2&`xC5-B-&^;yhmWyigc{MUpIF$d zaoDv7s-oXqM`rXzA@Q<`*(>J`K?PQ~G&nRO)o^+oMSQ0zj9Ht(z0oG38QNrXMdRg* z?Na~ZSw&ABu3C;&3TIk|J*-i??O+x(a5B1nxOEnIPyV3`$_9Qv&C98OYKPCqi6fLm zQ+FLwV?B0Ee|>m8O>^cZTVnnzrwu-*5WOdsodIkX<}L@qs=uuGZCtKqHNO6Sj_%0w zq^MVQ$AnDg-Sa}paOuSUtcdyqHfzC;|ry4a~lo zc=b^Ni^(pXT-J>E21Ij(j{~gj94Co8_nkvMz zbo(J}bKJ-qL_)CF@DS@U-AdXz1I+$KdjE&I z1s*{Dcj|VmIez-;kH(n)PwE!P)c%#bm9YG7LY7Q+uuGn7vd0Z55U$k}R&fYWarnXW zx(k813xG5Wyxx6GRDlqMASc8COYz4vrvxPd<&Px;L;XqXF8rW%15_CUBD=`PqGESD zVn3{mwnN65{W=#3S;;-=Oru)A=2Dg3H+V_@LdWS{NA>6&aGVb38f{$Ia*Eq%J)e0h+bK zjQ4KQ%0jx!p9jkLL;E>`3drTvUMG47aowt_sm8@0OmIutQTbPa(}cP?X-v)Z&#(=0 z&ZsC#Q}^kQ>nV)Sib*NixGJp+enh;PuE!6G#jid{1_PQ-%>sQ zhb*)|P#RdxOx?r`RYn zJH^^v$Mv|eud7N9_Jt4~6JIW)oC*PALJk#bMcpBj2qi*xaKK8V8#z$SDKJs<6Yq4yEu2i~Bo8qwi^SUdhpFOk1fi~Rp282rMUqzS;*8F+R0uK=2% zpeqd`h|0U^2Gn@5TqU@#v8=yS!xU6Q@Fyh&o1ChTuKPSX*a-1d>ZvHP2YHp7!)-0U zFZ`C#tsYn`d6N3@D{?uiI@ENX}+)1gdjevy)rUu(!u2{&eI5m57>IagzMMyPy{Yi^R z{ffx`T!xIbLgAc)N-78wI5f!x63s*$HRGb+9sOALH10Zv@=DGgVY6po2WC)4W1oMHn{jBdr!+85nEy6T{3F #{qZgEay+N%?~{QnOOVQN{F? zgIcb#&eoBNTLCF&#aKwx8yAW|#-{3*Eu#GN4d4XTF=9I>4PH94m}UOrr~h5REb-H@ z##0Wf}XxDndCtLEP8>F@$AO>TV& zx{npvPE^TWY48U$c~`3=As;ui7S=b>UL{^ukp zP8V!56X!Kr;aR;DG3Sh36`%3J25?)BRMserjAjc7jZvzjJTbBL5vA%!3FDrFv_8?+_UaV~ z-m_28Y(nT!C`a#CQrDBAH;wn%Ul6)ApDiUL_27m4AI{z>Fw?Es7Vg-#ZQHhO+qOG; z<8(TbgY8g5N56L-oF1=e zEm1L=P%h!c_F`dU)-v)bSQW46Pq>0d;}vuAFr>tk5aAnS6lxSMN0MdIOJ8*P@R-e8%A-E4={n@cPP=TB&&N?IWV+m|cXqHV~j zHrWOlrsN6&6tm89aB$b!2SF#JR~;wwBx(9AhlOy(wBRwr!)58O%43MY>-7?BMYmX5 z&{x~S=}SCT*1;?4bd~NP8VIOJ&2;4?`xr|;-M>$i$cE-8NF)(*^rbcd;||rD9;s+8 zlSi-CFi<`SVrKVMs#U3eSQkh6rAnVDB+{1i~A9FlK6xXw0 z5X(m=WSAtpB_wLT^4jK3zsAM+%Q$9-@iynKkp zyCBu*B}8i_(oXOna8iayQ|~OS=H#N{BaukJix=r{iunEM>PdwL&B*#*&rcirkS34Mo={58h z8BEWMKo+G+peHe7)O-t{{E+7OfZZqfS(gb9nPFZ9(tzHpdc7E*z(L9xB>g++7||OG zS!UL*w$MkbM}%YS>U~Cu?D?xDzLSZ;!ZHqfSx!fmvNn$Z1~ftu5fXJ*%96XLg8e#T^k;Er?L4vvLm>E%3fup=ApgpT`BVf&_6nkgoW{gn zLx6j@fax`^{F0sy-9AQCxSHh`7B1Fl)#)k!dG!Tf8umxMhmxYA>a|ky>jAW35Rg%s zUZrg5K#6qyR#=_-PabW*McjO(fu17k&b0y^JhF>?2D|Gq{%{4s5TgMKb%0%7lNT8` zxh2wUvpU9@tySZii#=)2Q5z%8D@o(+ku1D^(DKt6MM$;qu0WBa+!KDxQoz?j8|$z= znp8JP0!xlxxof;acESk12Y3FQ;2;>zi?@D80rzja0iJ&pCpXvsGJnWY`cu8k*IXG> zR4VgJ`LUJP705&kObK;{KfDkOCg__LuC#P|qWkU*)omtr%s>vAy@&tri>V_ErZQ^EiGEuy$BkH2zj5(sA|L zI3U|J^p*ogTJ(|T8_#;1ghlSosLISYU9SaBavDS}Ron^Mf3N6e1R-$04^E za8AO?WLzAnb#2RU6hcx6_hZ3BbI|}VcbTgt6NLov_wH$=6=pn9l3=1F`AXC)J;m}A zN*W!0k!Htv6kU@v{viPz(26N;R)R@l>T@vcWp-aTKq`xv2)(z_328H;dO6V`rotFe z3b~s~-j7Ehvkb4`Y3^ZjZ}RYM-xzYP%9S=fC67=D67MN;SnnW16A?OWyYkDhi%MqH zZegT{;QEg1A^z`X{}4u~Y?93nrl9u^{X;zG7x+Go9LTd>971U9wt{Abp_DKgXl1ICvRj<2J^*H(gJs#*xlV`j5a@fDeNA~9Lh5#;@mBx z0@kl()OxF5xph?SRJw$*$zCrl+jDuD(q+12E{JE|?h}GJ8f3zaKr&=XL`Eh1_R-Fd zocj^}z}ukkO+TPMqn`Y?$L$}D@>R^7+|2Av%t)F31>3Sz zYO=8|Co|Ig90ER`-$4XX6foIgJ#tr)iEJw!9H;Io0~cMwVx6oV1!_VE{fZ0E-3^*r zcl#7M0hG<8i~!*r0+)%y$-t(qQy7xCIP+zB*vCkp&MQ(=tXUBM-fmYw#X)M&+d5P8 z*aagZzT2u)bVr{f6=%bnb3$fuvI*D}X2mG1AWMPj7Nug`6j7)bnDZIkbYhaD1$-1U zbIa(oG%Vc?x5!{Keuww|D@h{4F(7s8r zjCTzMP)#8=P*tp7P=bz6DY$ zPl{n_yR-;jlY7}DCXlxkEDlnZ+%rY~;?PxDsHT*4w23}oP(ts+TQ96Pl84Z``FiAP znY4Ig;l2HXQN&LsVAE{#TP=4_pZqz7bWU9LZ&9nD)$m?%Ty}EHSnD5&lK$3H0q|0^^9 zBQMphJ{KHd`rD_w$Dbr73kOOkHRJcA zU}e{k%`=|qyH%ZcAX{Tu)A}dpak2lHEZfPfJlRP=og2TfDB;P)O8?Ec0_u^ex*bN_ z7v&8oT8klL9o7u<21EAs_nhum%-MCHudz*XX2ON##&TVd48>c2_2^fJOINg`?4KET zymK_A?_p^&$3|vn_9O?8+8SG?j;5dFd1WA&*Z<<}+uZJ-rdIyBjcO}Yu6d~kon9+c zB-Y5}T0u)(cFJ4$D|khfegduyc8m`;L;Y;C-7;Y@zrjuyuWAxzjVvYQE)NH%UPiz(l<5S*O!r zB7Q~q8j=C8Zt%EgO+Aocf3Hv}m*KONDA!AvBvDW7f_1ZS)(hY%G{huf1|S+O>ld(` zYl60dth1rxrSFd56TmY+MSxLI_f;7tm19QW(vuLxzYWAO1ZD4QyT9#q94&VHQ~l zt6DF)bfbus`s_5JgeO1y!wKn#hw&gfgFxehnDoyNG_!?;BYSMDj=YS5MbRu%k!B_p zm5S7Cyq9HXF9MWN2S7x8EsF|`@yMnNmn7wXm?uj}gEcZLf1|a1WZiL@j{^G;fwnP{ z>Y<&4GIfET1@*Ld;1-qWtU8>1N_%qUsNZ|T{#@v zJV?5*jH2+ECP!z;AVKXrb$^Zlud42tR^(ouJM$gS{&e*fZ8t_M&=m1K2SaYgOGdTP zDcgDnrp{o~wONBoMeO0Z7bwr|aX$ICD`fZI%KU9%01>adqwC>FAhUJZ%V2nKPEJgG zHzr+Irg3{cL7bm_?oe>V+P8bXG2q5vf~>V);d{{x1oxO@qodNuqUq@OLe>PRDvU$b z<}rT16JS8g&U$U{u1HoIPGP(No!+Kuy3%D2S}hqzMQK7IQMv8qO_K3yG$=D^)!nqH zqgvSDt8g&tHRO|&IzLPauX?CfmrJV)xdB<)0y|=`>lQlO>SiY~#K(;-XKSznNbMGuJWYVyQXJmZT?S4Gufk2n#Sn9w#4A#2 zy7~llquqZ4o%r}REFaYD4h(Vr(r#{9e+Hu=ZJ4U&Mt=e}h#x8JMOaO~Q@ETQRrOaR zeYJUstW-LxxncMNvxq#b4K#jM1z)(oYo+-9Un;|2`>4;+!6%yzwW8QWdk>;VhP2!r zo%nM}5jqfCeCGB2YzDAW`klqRTrnG>0{{9JJ4W)z^qf?F$Csq3?V@iNLFpPJ85K zIsi;h;CTv80dHd=9pIvG7E@{Sq>L$yl`L96PJy zA%Y4XWGx9=oppbg*8}V3l{kFPRwaKz`Y3?eigHhXxfff6rH7Uu7s?7649)nCaTOa- zdHcW(gH(;XkoTh~Khk?ynmE%C+?daHz%aFV#Z}Kff(oe;RJ5O|KS-QWB|~5EQWYG6 zxJFJp7;h<`O|kgwX@B#(vL_Gxqu-86sO9L_Ly;}x7J|DL6`}yrs2%Cq4HCk-1}qv8 z3;2}bO+vdE<5|*_yH!lE4t{Z^4**T;J6b4|eRS;`S)_4G=-NKcpzC)sI8S-`a@S;m zxhVWlq!*l*TlQQ3=mn??51TH<-yy!|6lEy9nBTP`CuTuolPb;dx z;-gKI4WoY4BjdlnzA*Wz#g`5b8vJpZA!);N|G;_Ie@hYnW3}G@P1W?L3h58Qkc!!V zjF+-BUR`iB(B7*WXGc%%jEmi|*_hR&p(9BpoP;yQYvGzmBD<4C?0_R-&c#=krI%$blWYS!kr~4yu7HQ_FhE@D>nI~O%6O+Wfk`!)eB?GKtv~S#M!nN;^cZouZGgiJ z?e_4@^0^nRgK`faXv=VOT&Hi}`)OJWt!<{%5Tg|opE5%sJ(R}0#Lx$0G$YRriB#Bs zU1oN*H^}~wl45PoDO!;?<~&<@Cb+})kUwxTi*Xnd@@Zr~H7`jT_z}>2S{qSdC=djF zAyM6ZffvS%j~FM#Upav?y|MG*7QBzJEd)l?o+GOT7FM=PM1Ii=0qTt%YSM?Ip1T{@ zt=sZ!D`!(*?>#wj^D}wQ_pJ(cBpizJS^4G{@W>$@Pv4O$uDGrcK`bP0g_-;24&;5P zYf2i2YrzrxtCMPO*0yT{G%g$mR`<#N5Bp(i{*XOeS3$znii(Xk1Q=LWDAowl30tD# zEDl!=4Ja@Qp)dUFtY6*W66@kAz~2_y`6R|kwI7&S|R`nq_VW< zTcn_Jm7=LId#tEC0JO~f(uMrRN#xLCd{)Qn`($VYBJCjG2*vgW=Bu?YdM3-Ni+4~k zEgmAw_f}#{qot^c=u%X!rNrGazd^$`PlNH)6pGg*uue$5BmzemU959)n)!+gf$LG5 zKCR6FuzqQF;D1O4gR>p>QJcv$|kFW+_uDE4wzhDPi4GXMY{UhGxyhXfT#yU?#4d z$YN>2CA#s1p*r+hz;0FnAp_$_-1Vov`dKS1Z*i&6W|H|!+mQDyK>NskwqlpMsy3on zRrj!B;~RrwHM7Z$vKC8;#y2(rH|yp{E}*2hN)=UKtRWspa09CcIwg#xYc=Vti?P|BuU@yxLmLJgrRdhKNtTyt4_4AasUMk%<@`Wu%{^0~vp6~+hg9Tamd_#OL z93TPaiP_LiBfdo0>FW<)w2_Z1@uKzXUEA0w#ukNF@-y_74$aSqNd{Y_orE zx2+VZ=M56Dz4JgWCt0TtBbe7gQ<*=iZ*hgLQFUI`J%ZkP+>u*L?j0s&(u7}_EpH9M zW|re@p}PymeZ>3tDM2ubLR04O2j%dS8l&9Q8garqFG ziWG$8>BiUuEOIp_P9&3Es5N(q7(2W^)0aM!$&q1X@XUnot_ENuA*gZodwak#$FbM! zbdC@f)T!DlZy4pVUS*tXrm#T<_x7+tp0=FaBx=6gb+ND`*=?ai_N|$B@J?K9R%Y@6 z`*OVMJ$p9v5F2##L;OLVG3rTN4;r}%VQloRusEk9)vdS~*9BuU3N7B2e&OpJn}J*x zSjL_)X08&!-wnZFJPhUOnj(@W0wip}>GL!_M4UG;4Z;{uBGi?tob;;Nn6?+CLRby3 zEbc{=Fn0WCZ=PLi>TT>PC65EHPx3y02aYEZc={Ay-bajg-Y_XfmBO)oUm;GFlqpPN z{wjm2o>Np!164Y;kQ09QIfUXsj`O?+Yj3`85EO=g%8U^pgm|mAe-BQ9?)(Y5HF{{k zTOPkBgtMhy1wo{ZRd!)nNlI=U5c~$7trb=IbA5iD{t@-sxrZNlBiyb%GzZq_Qwd(` zf#o-Yf1(-vo{Y3_hrwPww0=)EJPS=a^($ZWYu6gihG(s~6Wlbe6C7+CcuAaouJFrq zKX)=qEw#S%qZo~+9atMm{033it}&^q`jTWFj1N*bTztaSnzvb}tigKcRGS-dN03E9 z&#Hudc=|aVr|Tk+sN5CvigL|5A1L=S3?S;Iv|2zR*G_mTs6#*|u`9k_8laZdZ| zi~=AdRjve*W7>AUH3}cdAACP>vA+0|BLX;%@G*w?^5qio@9_9P61IF+@c#_Od!#>~ zY%_~(epE(oD;!f*P0RQouZsv(HW*y7zsBj+NlDEb2TX_vbbmt@fyq8K!aQW`8~6S2 zJ^#YHoqlEMTWx34|7+6G()d&1Tb;Fn9Xk?vcr5+9!Ivf_ev?ZS3R<+~#ItX;?sfXM z6(s>x9_n+nI<=7RJjkJ|qr^!f8(TNAUVg`Ki%|!SJWv>HfCLa~;hHCmzPvDa*E5lB z*?O{u;6ljpqQAC8Q62Qk@z|+i|4mebuq&nkwaZz@7Bvoojm29kkV4Lq1fz5S+xf2Dy`sq9cdj0;`i}RRxW;uUfBRFSlNc zYt1aToh+9;x8_?h^bq{)q$vAEHq%=dnZQo9moX_y?D%w#4f=2^<0 zL*CnIzzFAFtKP}7CPtU-<;|cJo65TM5N&fND}t%RpD>`DOy{PL z*Z}OC1%KC?5+_ZA_7n1*NtQs_rF2_=MDJFHfwHd*TFkf_)pqCChF}vgyJy%13vnbH zmI8BNgQi=cW83oW4-(U=)O?ZK&)M?S&+CpzvY*fMN9yqEhQmO=snE)u3@AwH@u7L} zp0cT<$cV|#0iGRm=Y`h3BJ3$_e9Fa6F#*G9*7Qq#Cg$xw|>0k+!v z*2KitGa+a~ld6WkI$M3tLXF`3ROYmFpXACkeNuR^&3DHIrZ(w@EPX_hjegpkdBM28 z?Y@)DB*UJg=|_|Yu|IA32yFbdlX$I)VQumz%@me)V%vD<>si~i`8C5eYi1dQ?}Xi0#l06kSpIK>&h z$mN~M(-$r5lysbwpWeFtbI{qwQzGsY=Ml_xxAeZ6hE~zLg(K2th>Ay!UJBn*Ck%C} zbf9k}uA_s#ZJW5`9XE4cMSQ?)zFT<;6mBOxHApo|Q`+_>9J7cw2HJbd!u;*odqXC+ns%A=> z!%bBG@gst)%pXppW#M=0Ntx2=`cqNu8y#5R`u4*z-(5CrN-JfXD#H642d&+n2WorxrSc(h14X@Nd5)^FnVi#tg5ypPRJyZ;;hY zZ1zai#wWJyIXi0t#Y4jwDe2KC9IJSN-LQJuW(V6Nwl5Whtskj6T{)QR_>$jZ%64jS z1Wc3>_T1=$?u_nf`Nx!=3-zF3%leqb%uKt+P0eDFV;^01G=Sk$^}}XoJkRqtIK$4W z!1tD(CXCnn97^>i_MG0OGmg$5eBJ{6-u7@;`^$hZ-evJvxKzas2MsWnGoEOY!a7|u zBRiEV*|;hSF}Y7{a`^S1b&|~G-U_9=q6kyH?>;W?8ld6hff5B7IU@#dA4XXO(Z6}T;Dv8YU33PR}Q)*_d8 z(nJ}4qt+IO^sK$;e@s6j&9{PF_P5E3R(}sW+iUDD*Yv~aL-Fjs#Z6AURxGe;2=QwM z*(83z;6*vUWj@4X#U}d7x5(}s=C8#*@5Ko6^ zG4^}FH*sg}UB1}%gkoZ*B$3-A%WU5&1(i>e=M#~b#L*?z@GZKL#2N|j(*a62Oe z`TGWoiBL25z=f}YiCkwc>)Sn$rp~WuTY|WiAUUO5tSn@!C9- z2GgZ{eWF|nZ@qBs(wr5|U?r%T$=avYGzNntU9zrQ+RHcRS~8;P==KJ}n}2qOq(Enz zdB!JWk9wx9Z#N3({nQt@WR5)@ROgmySyZz)W>317E*MzTEgq`YoG}=9q0={MLndF5 z9RsEJfr}+EA@a(Qx-prPT_poHfM~6T3Y?Q;Yv+$ zc#g(w_KQQpH$QWt741PW=@|o9r1Q;i*sj>HwTsn+JT>~Zk8aR5m;B{)(gfw#_M6QUpE$%wZ(krJl5xeBNq=2q6Frw5QtQ*i=PBX9+Q{r zE>k02AHT0DzOp=J8>zC*?Ic!NmtM7&nWAv<;psEo0$K~Hxo8SQlQNl5vr{wh(>3Cy z=$Pv3s!Ef;3?f!(HhP z%KM4X>A!}cH$;|*;D}tdI_p3cqmp377AtEjOUaogJU5tY*2<}kX|`HHa*j^_D9&0g zYywU`mvdsYQzYQV%8ob&*o$Ft2dVh9xTvdh#P9uvL5|&N35U-#Y*F{`y+7RsI;m)I zC+lh*t>58l{grF-Q$myjxS!Nvoq3!GaOx?@0c?iBjeeDvl1iBtZBB|Q{L18IJi;Uq z$QOF_GYtb%oB9L_QW-kFbR;o;jHv-)%;`)FIF5-hpMVH(7%2x-j0HNIqduGHArY+5 zD)eH(NJ<=S#B7!}Sr$_7TZ{7p_9*xoWZ(BA2$BI98Jmz@aZ@*O`dHFbsTYY}FP^Y_ zs4xYS9yA5syf`_Y>8JTD6Oaa`XeZ{{Fbx&-nPd`!^QF+8iW6qpiXIRHi=-v;Ql7f*$E|}|M(W`fGNLJH2;fumuum!ZhIJl8@NBx_7nG-n4*^8s; zWF4$Omub)Or7(f|3dBXCurDj-Sv4kTxAry;*@Fcz1FRKR_7{9)M6*5Q-))O!$&_H> z9rm5{d7fMfoE>WcH!01`Uh*m`v+mb+%~{hEj=n|FGsSneCq)PzR+^vM&B!86>rDls zD>RBLw&0~wO=BqDBR;7MAEEcTfGc$1cZrxme4LH%>9D^Y^6$x6=T01~7GV%hfV19x zEE8cYKXBaE5N2wZAI|9C0)BGJ9Xn4M)SZ73xiJa9A(`I@R-pgIEBd%gFW+>Jc13Ii zht4Rh40I%|80{~T>5VFB+BwS?VZ z_Z9zW@HfVhm8;O4VLpMa<6X^QGTLowWBTL^?mAvUUw^@lqn+qlyAobwJ!Ki|n})5K2n7vUy3|1Q0*oeki5JNgPV$1!wfu>Gbs&lkl- zrI&q~6PK{~L4)pB_g!B_*-QkP>=X_OrpQP8Y)=y}8y+eLMQo609$rQ83v$#L4@bkObER zn3S)F3R%&)zTl|)Pvd!+%I`jVpYaO&+XsVxBqmc+75N|BEdFgVS>H6`(f@X_`1izQ zkT(Aklcgk^9v-)mCKqUn>~jg-=tjflD?VrTx4ZuS7Xm1O#*c&k^dv+7FS;`R|6W%% zKJ+hL8Tr)z7L~Cf7I*z&wj%MjA^W$J@N-?$f8#>;FCI}$bO&@VBW^!KlQx}wth_z7 z@L2_Q|6%M5ey*vj`h8n zVw#1B;s@Jf;e1zZXQlLzspK`Q?AHv((R4j}DLhm$!w+C|fiFNJb`{aiC;%ys#&;O@ z4ZHY4qKpXDu?|v;C?$t2QM5)(B4U7}Jxc^Ub*F!S`|n@%J326d9EkU8!8pH`F2NlB zIG+)0lJgaxp+W!K&`A8d=kvc0&0kMxp{k7y%BR$(d8PH-z42SW#k{709Q%S@nHXtd zoHakFGEEHVi&Gue9>A2tbZM!p%n+p}ck8#(Zq^2J6xhmQppp4yrqAK}(Akv1RwsyN zA9&vGlV95rcb$a?9+NGE{g(anCErm!Nl*=i9g-)RPg|=77Az*Y@X{kT$VrQX-ccha zxN}J`B#hp*&@$hS+u4S?26tX8su2&8SK)Qp9m0c^Ff}S3@B$2MP zAy>1aWmi6qb>hU^MwfWh^a?5i%k zQ+@Tvvh2NPv2qG62X5)g)3wHpUlbDXs0=t5}2dA=h*+Um6js$7N9yw<;pA@G}nwC;OuiZV;5?eR8}U_n<>qQ1ZnFDYGifQw+cr|C8|K1#*g z$t_AU$0gu>sKmke+6Fw55~%^hKjS23WC18ys{`C0zD!N+@rJ-i>YlzDdx|U7_a($b zOT54{t9g*OK1{Pg9pU>sFq`B(G6*VTpF#g=^gY@MQXK@+u9c`{MULuXZ0*ls@Pcn~ zYZhCn@f%(9wpt{B1@N_%NR|zvgGsK>{x1ni6@?~bgv`% zq{Usx<^Jr8-n!7zWSWT)BOr@yg)@;`zYx}C_A1w|rgK##VJU50MTmzW0nk0pg zSD0JsV#;CKP+?GbXklzOL`zIl=YgGK{&EwUIxSi|XRe4SUSmE;g%Br~>`)O$J>_~~ z68?5ll^Z(?KR_jg#bg_Y*eecbjdGtP!*IK1;p5GpSnefR9j&RgWwpb6Nws!eGXcA3 zB0lA0(i%*%o>RfZTcCOm0WHkb7IQVSH3?T#4KgHV)lUobl!PL!)$2_-Hq`tnh&d=v zO?L8F?gj1VmgG$ZKD!mehwQ#XMXZ;VIX^)w;^WKYSZhz^Usr?h>IFT|!DIYmK5j*G zvLK+$avZA}TAbZHO`NGntEfD_pjCu~Q&Or`{X~9nju#hf>MD{BDbx~x4`p{;h(CXX zc{o_?x<)2Dj?5M<78hR=k7G^gR)5TjCE+QT5qAh^y86Yh;jXrDurDnf9P;JGOjOZ8 zVJo|sDcZsszh60_5svAsRFB5YT3sEF$yH!Y2!9_65F5sh2=0|!3Up|ahpdFbYx>44 zZ`19RZQmPVSa>L^%D5#+! z99QTuWu*qrM?b4KHE%bb;5QGh9wF(QoTUi&K=k8jo)iI5zy#^vN;kyqXaq_O zC>6h#h=yXz^hadR{i<*>e1AOO&^kR+_lDa8giJXlIeg`pKTm-j3-w!Y4O9IgxDw(m zwk37TfDM5IiIs1F2UH<~mmIibh7j_SWQWi0&YS*{sVb zj^|x;WP;Zy*$Kf%M*obh8x=~>C;MBp!H73*?y1TA(3VlCn~}SYODEP<)b;@V^|vot znR;`d`*GVACF;Ax9>SjHENv*4v0FVLl9{8X9c{uXueKrAdrlw(s9cO@CF2|}?n$%m za1gBy6m;9cB4T&t&eX6ud_3i>dfB*3z^d*Ww+7Z=Ic7?xn;)@weOZ5R6OauXy?rvu zEN&B!l{ijNh$U!B$M^><{3Crv&^#9TQ;4VOhr0jxs$q`CQz7 z?_qp3ON2syTuVN6+|j0+%+%cyyIuNpbsEurA0rw-|79OK`)hlBzik+0y& zMp1>D5x(vg1qJ}YNm0dkfWq|G!1mCr)7^`AG#UG>JJbPa;6v(imD{HpH`kjpW5Ylz zPkm8#8aLA<_r3>8@vZwS08Wi%dY3wdBXN^OU!IKJ!9$D*nTc^`M9@; z@jTE&1&D4H-Zs2pfS^9m)CX`Bh@sSIG^N+a7jww*$7^TF_7@T^f^3MQq)2{fj8vuK zS4w@t*H`G4KQo02Ki_ib6Nzs8ZSnuNWj~*p@|TMLR}`A1YWL}oi|S7g3)9GKIvn++ ztlF@a3g#<>83g-m$UG2Er1fNY(K>dfyjs{H@~n}1Y_6OCi9!eG+;@?aTbB2WJS>iQ zr?{rPnm%m?{2*$==>TeDJj{4&$gx`WEe23$B=u)(x~KiSfvzDVARZ&MXYDJE1#v#J z%^SaLE+Bd}x-kc>-%>N+J<1R5f0EOd8pat_GE7%?Xvpv>hG8ap+#iGVN!L113M0Ky zijT19YBuZX*ekLO1{fDSVu8opbpnudRlk2N66(2v1ZNy&)JD5ecvS6UG%JYuj@@L@ z>3AA5i7_wT$?$GB1y`^|I4q4(6?7eEp!U5NR3u(A3cp%Wo|L1HdFCPXBhwvoK~bW# zUfjcjUpt@PZc2@DqGqNV&)ZdoN7YfS50k#UV1^C+*1!_ZipL1&x*{+Lr@^;Xy$LtW zXz-ZI@+CJ{Xecu>qh)~66c=@uY(t4D$_qS3lsiMckF==QKiYo+ADgJ*%fuX+JizFt zdS%ZECZ?}%x(81H8cQf&lk>2pw|SAMbii~Ss!T((`5K= z`y#U4@6w0Ba|P*H^T-WNi`Puj)(34@b;=x`Q9_tP&}0S+GJx(*AR$)-zG#?ygPe+A z(1C5Pw@~&0CO!v|pY~3U!U8+k6{LY(xp3TqRHwyxbtKNoSPR={Jpi zvm=MRFFH~}*zx+0cudbEW1?r?!eWIeJ5w3EeQCON0t4G!qoxRoJ8R+`JEJ{`knC>6 z!0FpRw+PE;=c|W)!d>>i6}J4_Qu#kJ{=X48>c{{qA-;=GG`h7_CatQKhpFXNh7(2t zkA+bpLkHn6-4oKB+8@`BDO_Vbt;;A2r4;89pk?XF6i}RWbA>&dA7-RE@ONeFf2lAE zt+8rl+h~$CKUJG6Nx@NiLg4NONlA0DGrHDrEJ$T=a3AX@i->)`sHadv^{! zKnjbx2=X-88MVDme8e1i7qqa~vznn7kc`!yR%HntpBh0Ns3p99Uz@mhquN=m3VIuW ziov2Oe_$aJ#f(}2nFnHk_>;mH#EQrfaue!nyIG`%lxA5C$S#6~3!do3Z^&8_Pnhes zA;_2a-|GrueiI2 zj=eIuz{m~yqSg_jq8Mkmk7b;n>N*3Fm1~>>h*t9iXmm;2XAFO!RGcv7To@mxZ|5v7 zhvVbFANFoBzR0bUvvyb-LUd99w_X0cHs3`!(@z9!@=VE@654V=={%?$d1%1tH$5w;AGyhH0~@^$Bf>?6oM_nB;Scme^$Uhb$5#)_fTTDT2FbKY zmxLHg#9H;PUj_x@*sr7^RJq|5L07wc8hVI3n%#a_F2shCElk3J%$1bgudSbqT0Xz@ ztRmCaeGt#9fR@^fSwwYNNB3)5pPAh3Q3}qen0N!`$T7#@YzUGB+MQ4Xc=z%$uM7sd z3~3pgDyvgpzhv$7(_iQ;93om&VsEmr0$N%+@1T|-+e)9@FP=8xFdH+G%{J+xbKb1|DOPkNK$=7^7{u1qOzwxHz zHhGd2p@dpgW?ya{&$kF1hy4!oLS z`8Q|8(m-(H@%w!Xt7m4%$}D?@m0AGr&VXpN!zux`1(gNl>bp>@QTpOO@3r8F|6rX^ zOT!76{#*LhYzv`8qsTDMLToHCJq&8@=`^E`D7*$#5J}cJ<4&4V*4g*Ri4AkZu-LPg zNHO|?pSQv`HpR~a>JYUU;Mj+0SHkgZiEiUN>D|Q1kYpMIm5SWf6}Km-+$^wB6$)#( z*!Efb#eJ|uDNZi49w-ufpk~K#c+E}}wXP{w){(~92P4#83b{dOL6aj`ZSzhb9AFp^ zKt|6EInBNXKW80=nAJZPEMhj8ymiFByQ1ZdU&ssTA~HB?H3pV-1Iza2JH7L(+)5ha zeS-@1$m^3eev=MCOIG>9!91lq>-koX?ukzH)W2Iz#y@pUJ&shB+DJg@C&Em50@NvG zJlam8Z!vL63Fq{iGNzOX_Xh`6XhnaSequQs>472~+3}gC78TKE{{K7x(tWV=76$+=* z0#+;STt)nYlVvatMZ^+CC~XGfMp5GYs0&;VRa`E2vu}B4Pcb(jdi7GEFr-ayFkN5P zYek^Gg_6;(EIoLwyI35KHGj+bQel|X?*f`!uCq&SFJ8XH;>>*7?$tK+O2?lH4!YKb|D$|{eE zchc&*;I_hRx3*6YNqoP*=AGbWgLbqb+BtG?ANdFt;r82te7_JeH}S5#z=X;rS2gY! zOr`o7zw2}0Rj=RxZC}Sa(-5E9I8(*p#?Dq!@hvsShibMNWoIm}kd4x`j&suFPCEdM zmf7-Ex1o(syC>C1$icP{grfJBjz{u^*Li=~22Ho03=XAbobf{;GLigfWUlS3PdHFT4R8w|o~;#A(pyLJ%+wldjwHbAOx4l*e(TabkmyHKNP zsz_qMP7;!SSp0685w*y;Dd>uccXY04$N&?t8Ce!-doDE;-7U-Eme3F9Lr8>iYnQJu z=5P+Bm>{%v3<2G801{O>Zx$@@n%J%YHZ-Y(Zzi&%aT65-daW>tdGK$44(zQZHAP@P z%cJq%X4=0k_WiR&{wD@$mde^^z9I4@w6rh*K#@la4`!VsOhD|Zi9joPlc@Kz{z^fKMK2c;TreUQ;C=2%XZW(qcg%}lMR_>7end4*1oeFTU zR(P~qGE~Rx+}h#{8!}#I>^U;8l~p@1`QykchBQ+)nhcCpowdrTSYF9?Mn$LZKnh}7 zVsa8-7_7Rzz@@*b9Irlo_ooKz| z6-{*Agj#woSJqog3z2gu91kbb=`A||u-_8DNM264gf z-2b@^oyktU^!4*5`~J82^-nPOUq_Pvp(j_J(D;K7(n0QOh?$3~4WnASQg3=Oz=>j_yW$?IMPa{AmL(HmQ&japC&Q%9VrbL z>4SSJ;GH$L)(v!Q=32)@{5~3WOmc&KV%ByDk^Jc93@y<*vX=32_c7>Ai&UGGJ+G;I zF+Re_S*B@L^uq8PyIMgeMmNH}LCCt`>sE}(jregLw zY;(qPW8@{W0i2Z<(W8QAI6y?x?f=KxJ1}Y1X6w3DY1_7KXQgf1wr$(CZQHhOvr?7D z&i=ahK5Lz`*B9LpC*pm7z>N9K@eJJKx;ZN!GAQcr%I6TD<$HGI;}Wa|BL=s(Aiw++BQWs1O04}z$rtm!mdTo?ku7T zuA%Hike0)E3PSijb4s-|nbfd$5N zzE1Qqhth#36Xa6B%A;LaIu-bfg#VbFv<_d1H_<69+1cJ42!~I!WFeo*g03%Cp@E6} z^S&zJRtSpvf_~^@iRqOXY4For!}6~kKWszA!X)Pzu#$jf9|oD*a~ef;5SJU3Vp!fH zpFRux?fk14{OuwIchsJFhUN&7MoF%rLzv=&twosE!)sW{pj7R30k|9z$hTB=Ovqb3 zK-?)J(1f~2?aL(YoAKaO(w8XJY|hvdeox7}iMQ6S<``h{gM|hOe4dnbxF>#3sSvmw zX59~-S2UIZ7#c&<6S~0Fb&p3E5|*uTBC@d429ZW1j2i<6f0DNo-><)JpIp&nhvskK zAndmw?td=Oe*Fh|&VP*#|1FzV)R6feg?hq=V zhg`EJor-sEIkSfDe&)S_eclHonJ0-K?cg2%M)R1Z`-0Preb;I1CmD=8FUDW*AAc}= zfwt+W(4566(?Mv>L4&o&IE}?7)|4imEl;C04%4qy&8(OkKD23(T)in>zSEm5Z97+D zfMGb!S>7{sxfY1@-w}9&wXVdANm)}5MzvK?cinm#(HdnKG&78~+#qHxD44VWrCHX~KGU57c1qqY`fjgn8m0zM2GTQ}GG>*~uCDq6hub`O994^g{> zr@E&SpP)*@NLdK_r~0bm*G4w3z__I%{E+VG{9-;{GW=*>3C@_r6Nyq>Ey%4BT5FA6(EDuxEa{kno}>*P1uB%T+znZEP@FX<;hE3Z*0FU- z>`bm}%vO~CdckFrdTG6qDtR=V;$`Qp;?a~+6teL!C*vcFlkb5HDdI9kBqAHJhNsYI zk4&PQsml1eLP>P~^ztyb$fA+%X`Nz648w5%_3+`L`!H3EjTptNbZg$sI11fZ_z0iDwq$nUtJkjBTTYuFKk2pm za3AKubPOrB)qcgOk9aYA`?sdE_4#sm`}6UJ$W6+^ZHXnvSt4h+`S_M_M6ov#kKO6BYt1oE6~_$K2~ z*{NP~@nNYC^bchUjqClC@t4b$sM>qE9VSn988KI_F!-1pfG9{}Fn#}Pz6(_4n0x!3 z+-ZRP-RH&k?|xqYm*MXJF&4>^{}*eh(jYyZA5)UvEca;Pdv4Y zpDWKiSv|Fa1*m7qYUHwDt$_b#th^|x%-qroy;#ErZeYs*8p#AeH!+4Aa05m_=-1HQ z4K$Olc)brv5^rXx7Or|9ukXk^Xk(zENad5)rJ=9P3XhMRfD)6dUN&7r5vwmYDY>|o zdof#U>MUL}-5>^*7$u4uMvgZzCn?C|yxtC-W`H)Fff>mL93YTOXF>p8vGqcsY|YyR zP{cp265S17z0l7grf2OcmXgW_L)A?qI(Se#P=zZ`Kt*&2r6R}J@-;5>#h1}epEfX@ zIqII>_nJJp^D5-w^ORgHwt#<5o*y&ZIph(*?8jr2F{z6=ECgwN1*E*tJQz47qq#GE zr?h5x$Qz2#%)OJK*qJKrWbeJoFBE?hEz?YLj?g?xa|!8D;>o7UBMz2zh`gaV`HepU zgBJ!zO+W5o`;5P@mOB)7r9Y_3YrKh1na&)8hDt(LeLV7fEMg|~{-Z7Gfv506^+8!L z)KD-KFUW_;`{SFE_SY;T^tFnXC5$ z0um1`2mgu;1qLp%Z;+Z8f)M(-!9fHF1)avmC|64@Z_$M6G4}}kCi^xR0qb0aVR^>y zbwzu+bBbHKWy0_aNEy?R{vtE8;fZJG<}2; zJZX`UMo9`D%oJ$GGC?E4CAh0|o~3N*gfz=?b#uI`!6iH9YXE~#6r^0Q+?qTeOYyJ_ z8a8z2QsI(h21#y2)+8W6Og-E5JD@3jC?SlhbdUgp#sF_@C57^};a!NRL19kwkWnT@ zPNF;@PA<4w1^>`|eYV}CUH^=kaU!IF0TW~-Ji|6S&@lmt8G5D=eeNLbPEO<%ggaGv zvm=odnK9JE(sCh#k1a+!;;9!~J=g&~{wGO#_GxaOK!nu{RL>IF|y{0_5lqWM$wE^*&sz z459er5|aGb=Pw_GP}&h&g_-H0Fq0U?3|IV#d8*4!ZY<5vPONg|Fd)<{c@2D^MaHuJDSvg`b&z})V;^@p%-oJmwNjIFZz_UU${+B6h93(Y< z5Jq<;J(IOaJQe6J zx!-4`iLc-0@bnUy$;6hmL7Z@rfBogjP@EpAp3k7!DlDGtG{g}vfN_N;xi^eqd(%vLSfhhk-k`(|)oXF4&o;uCZ=;)_Gf-=<*DEoY z@^=9jRvYXN?XJ%QSM5e~HJ%1()O9VRY)|0H3iUhEi5aAyMrUlpb2g9PB|x%Ok(Ea< zT)XMzo{5O}fCQ9Uphln*njf&JUe7O86!`oxgh$pe?{D}f$){}#(hG3TDXsl$gfh;q z?5a*<@XOh~cGKLyVl(1r{fM%fd%nj;s#3QCR1 z?J~h*bLhk=wze=YdJYw5(on3bT@oz)hbTh9ZUVo;AZDOm5g)&XdSbQ8}apBfDIBwv1nhRFeU(4=rc!y~_f4C68 zAS%5Byhp2fw$qRGDtQ{~v_=5j{s_6i8L-35zqj5ZWOH|`bbr0Z8wH$ee24Mm!jbZV zy;%a#>?Z&^p%7tRCfgK&XBY9XceOX>8cnJ_dYwwjj0s2)dBbQCHPtj#G#)5>VC~{Z^U#@SVjI zP%>}eg_Ny~4B1y18mZ7wJ^+nGSgF<=<&1mvL`i#tfqnddzXI)Z3L9}s23pahJ|4C| z*iN!Naz0<5R#eUB=dn^!S5#Xutw-Cf%xY9ynY&MnnXcTi)(>5L zcY*E83D5$TRaQ6c$r~E$%rL4$=?2=o>mGdxphDEQIR|d`i$8;^*V+}9Jl~)O_R7yt zGLtJfL6#V59ABPW8OMfDX=3lPy^~9HH;k29PSTg0w;VU$u?IHotAYvl=>|+`ODx|W zts2PpiS@mQ?5SLm@hgdJ#@PH*1NornGaKI%!-7TV_1MFz8E8oJ*~I5wmy^#F(G-n* z_Qt$Kc&;NO*@W3AC!p%IsRcX7;fPB!t6J2dM3Sz#w(*JCqF0Ep2G9oLa0)^bpa_Oi z9yrRl^Dj&IZcA*{`2lJW6E|*Tj57B^0@xk5qv2$x(yb_Ogt3@o_E0Qe~C4b)`8Fr4GkOn>(A=UN@L_i^sW`A{7Z46qJ&*Zt0 zc-tq@q@f3n;jNE`}x&JI|?pQh&N^{Q&&a}=1)n{((mtS!?6nKqp zi_(;`nP$#-)zUf4jAT$|e^&1yoC_e^M+AA9C_YMei{bQ=gdqp+(aO=&>MxlEpIlLM z7cUi3VH4CMvU&Au3H=1^6v;;na8}{wj1~I;C;tP=zk{Ftik&CI89Tv=MrC8*>RK3} zB9EPUs++mZ;c9?cw&RPZ#v#faM#tUD)@B?&g8NJU!}FXrHQzIjp{sMLFUhL&V>H6p zbJhP8n1FniBV&D-^K2{hgH0Z4Cc3O+=OB?IIXZHwSbvVw6M4BL_~!7!rn}3HcGBDR zPR1N`t-d|#eJ1tm)=Zmtlv5lb&@{<)Td{p2M40{tJwGV|PV6J_h1=ZZb4T(3GgSn@ zA@N-MGWTKj97q55YT?BrIZ6=a0VfJK8RZbsTLBxm++)yTR&kT5~#d0|lk zhGCap>i$6`eY~T6MQ2*{Li*9AAkhM#`9(3r^>!&6YX@>^b<*n~R2pC`=$+X`mrS(FYiwx$$!+G0^YIsPN(e&Ku3RHIPU53`xh{i6ka9NW?mc z^ooQLh#`$8$O^&lHJ{&+4}=J_86g(zMrO9B?_niHYkKpjGYx4>q%qt4<{gP`P%87< z8rdz3B7lKCfYn>3+1ta$k0y-8_#%93Xf;OFO@In*Pk^D{?0yMRt^?sram423U+I%+ zfLTEvIF82rFvDzUFvcf@+rUY@&^_@Y7_qJihT-Zr#zCI_eZ=3#7c$tFDMy0vO5a4fIMxbb#u@=f9~aLu2-Q|}TLbNf8=JbnE zp{~B|`A3LAg4HzjY+-Q9O?|kVX9UA&HdL1^z5SvrH*9Z>#~)ev=csry!r4P2&w5+A zfeP0sYR{3gRddepk$2Tyaxuo*0`)!5oi(0qso^Ij&4Y@<&o!r(Pgvmf&C9sBw{tyS z@4|hl_f#6yjJxwli?uWVqI=$P}K^- zOSI%PaN>BxyxXw4!_hX`;YKnf#)A=RaWx%|lkLrV1#xrgUom~);Q;dvYojVq^!hKH@@@xKcG7TF1GMjSA1K%_jd$1cG{1+_vSkY>Kmwe zO&z$-M$30FybPZ6S2Pn&09tAh?q`kTQkB6}E zhJq}NBIVu0rjYsz!=EO*(LSmi3-GN$A9c}>(dDEoq$ouFUn-VEAU3-bW5B;#0zlgd zeF89ED7hkTM0kQsjIiJ2FHEJX^19et!(|PTb996vx0T^_2I6GQWw~h-BeN$Vak-f# z^~&i%X`L~jvx#83X+Cn`?zUbrQc=5@BNeKF4ZYM>W zgLf;2m%wC~RSU+JL+@TXU|~8yzlRdA+)1K}>I0|CekK-|<1F$u0S_izq_dgoL#${D z1e3&A7~9gpd`NK63L280g0c)Su?hw(Y*IR?p0M0$TC^e!`|HJVodb`I6W7kg&0h0P z)FgkzKKO!HTf<~!+robN_V{yWYEq=9wXM8fLcEIf^8J+5EN(?F8lkcJjujJ=!S7s2 zqLTSflq;mF1Ve|b!I^DQYo#&$?sIylPtL(Wz(l6r%Gl z)$JqFZDVKQ@}D-nl++?+`N3-B!e6+#K~4tEpBE9bhs2}u%%0{}sK?L%f94uSCs}=5 zpm#WXqAd~waAkS6C5M)865?ne_D&>BIjCz6sub@zEnJ@v!}o{H)HtrKZkxvjRaG8f zU3;XgZy(8OPNh_0s`rl_nB|mecZpwlBIJctMm>MvziwR`HdGwXDz_`&<|Rn+emUB= zfNJK)2(cV$tPU|Rykl0!gf1?K)I%}$)P-)rry=axcEiX}pyc*f_J1UwkNQ!rO354u zul#mZi1&77Aimg2Ag}Q@WH?&zAW;bSc4RnOiIFOH%<;}t7UJcr(BT!c2=ES9R>I9~ zl9QP&KMQEQo}Za-*TBth67w;?i*el%WB-KwhgM>Uv$+TJ8-nBv^LJ_czpZ%wN7`;< zV`-%KFKh2C#SP~TL8Pq%2_j1IEsn0(!bWq2U)_!287QV%0Cwli!J2q>fMTuW_2*=x z^0kM*c!|CIS~?%{5|@qTl*wtiZse$@MG2VmV5K{gxeC%6p4Loe&_Dh>)y({q+_eCi zvdu`hLNBhe!f>y+R+F;Yvf>=}5_t05Sah5rH)o}cFj{Gn+Jf(W1(u?nLPcF>l^Q^W zGZD4EaNaP~HA>$}&(JB_qM4wzl^A#dHIV+O#y8NN}^SG_r6|WnS$}qBK5?xq}ktkYX>8s1w=;t>lFvHsw z4WL@Y{u#qbjDM;+$w+c9I1r&UE8$$7ovRMkHQx*ze0%BO;>k+^oTg>ps@1Ba+VXUx zSYFW|+T4Bu)lNYe0r1_`+U|VmlA)>nXi5D&;TNh=lD5={?Ztz8)y%>HPvb`wOHJ=$ z2JtjI7E{`h`BG3eCg(~G`5PH972W7g6V*;7(Eh15OzF~Wh)gZno&goTD3-=cbJfP- z#^KLJ5nKui?akS)sI**9`vM9AV*cDC@&TA`lFdiX&BvLsZaV38%Gm-B)PjW{`wy`* z54`;~0(8axcCo_d@N}MHHmqdnbE=cydHWNnJ|~<5Eu6;#lmO*StoE5cn?rs;oF=FV zr)z*QcB$5(59pU&IlmyYIAI9~LwmrYf#&*9uYn}jdIY7g9U@WmM8~hh-;+_?zKUS? zDBgX{afA;w21b(>y$jvhN1NBSa|34WHn9zjwxG3wUNbm|68ZTYuVccuD=`JLEWfd+oiE)_Zk-!G8c`(qO@mpAv z|F_!af1CaH*Xwn%GP2imG&20xn^m&<-q%F(wtlTYyCMimo|ljF1~H!Ioa9y`auUhW;<4;WVPc^Wb?Z)s{!>@sK~e4OSY~c zw(Vj5f|PZ{_8K_u;H{qEJ;*)i5m4!QE~#U@0vIG1ZCGb_S#b-J;^lZbxe^o27_D;; zI6K|sv|(NdQRD_CB&-0+q%)L33DQB*jj#LwYehi}tH89bgED|Yp!!}h4lL{3c8eXc z0BwPR6iv8&iq1A3Uraut+cY+)K$%pgRTL4X#keL>5yoiy+ZmS4JKDuDdczRFlv`sc)MV(`W-xc>uG%HVqE0!iBc}0P)IoZC7wQ2Ja)0zkMAR2MN9L7}MMQ&n9J$t6! zfMi5;A6yHpryF0ti`D)osXc`}V;#b`=c4B6ST7|>1-EW&6hDwBN(SXcBQi1MBI(@3 zWvNPofP%mpGY<`>W>f*rGq0n;tNm2h(BDjgvK@jO?`<;BnMMAO3tvA9BF-gt1RnB~ zi;+{Zt>>$^GsfPbvtJ;?a^fbr1oqE4Xe-8Oy)`cF z)eQFq1)^u~k#;7}MgNrOC-Z|S*p%}?^>FPi+AyIi=y2Z_8Y5r%>+|u?V~I2!yN;-t z{7qkCDuqtrtVjpU>1bPM^Sy}Ba>a>Zk2sp->+V}-Ie z;bhx4G!Ug^c-yZ(EY=LoR^(mx`bc%&Icc7<(+a7hs)2Ma)w38K9@lodGrcB$`+VF{ z`ZA*-sv@!m=YJc%D9rV>nv=}0%Qo(ep5D&2rZ>wolo$V5K5fqC<{qIoJ2xMP#D}8} ztFW-Kxw!u1LvQIUMM_PXm2}@B1T7^0(~4xep;qn)N|GGgUIcAAZ;7g!d&c-fLjol7 zELn1$4HB`u=&`IUa+74iP64wSs==^O3=zC6J&_I}JsSy*zFwuBX2U#|Zi~Pq#f(;O z`h3=L%3W4hqSi6WT@|*8m-r2AkZvR64TvIO%FBCl005V(6gf2~5k+jx8be^3+%NA7 zk6>A|+RB@%UmusER#10gYuFD};-j>`axJi-ajrxP8*l zIJ9%tfr}=DdTO={44i82VK1^Ma@9B72u)m^IiVf{-fyTcD}l^|I$^(Y3p{LzClDTa zb<2V**(yzcwU`{R(3OAA5!J4V-!rW>iM}YF&QM*)h}?`kL^OV$7TMreop4A|JT3B) zX;EP=8==b|4DU(<4`to1UsCGo+(Cx7Kn9hgAeM)=t3-4gVN&trwJffvaZAC@$%}g< zSd&K)c|hidE>NQe)mCOK7Udn~w{Yy)M39zX$?(%b7DR1ZtK+QAQRgCSm)e%7Hwo|l z_}*Opj~HA~6eK>$sTo7&Mr%TKm+LC^fn{L=b0aB&!ymUjEHuj2@9b(#5dm!~xykxo z8(C51i{{#s`oTU>F^u14ghD{L8EfDxDKvP$(T2A|NYPSWhY*xIR86Rm-NHf9U&t>_ z4gmowCK@&)O1#(x_4>0f+Zsx$DOVDjS!VX>EDGekIP!~QESVAJW7t+oIEXw=cSAyO zLt=ADELolJ&W{-aji}106={n&3|V)Boc}CEnp!?3=6_`V63CwAHXox|P!uV-bEiKH zn8x;qR=~XU$4As;$$)i!qmL}8WZsfoqE~1TohaY!vu2s+4^|Ud#YwoL|0wm#x!42u zi|U&P^r#GtmC&-Mzlq|0wi^^e#$1hhNB4xh-+{A?toDAc2PP{esN=9 zJZ^jv{G)b;d=%{|&ElS3*@BixxD@#}=iJu3HRT5Rz=s-cH~WM3r23|Hh8?+JtEPr+mC+R@Ax~gn0Mp~j-L`~n3RmAo6%2r@B>PEiv&USgpQj~1 zju-AhU)v+a_W`Ga>{V6Uh>@yi_OiE=HA*>ShVqg#N-;%t9fMMdm|6pa?UzNo-b=e_Ou5;ya$e_R;)~2^mcO?n=svw=uB&WP(D#0>pHj@|?Q`KYeqcb7sGB zAcXPeh%kr-@(3Zqa&b=I#73YO=R{Pk%juS`FU8WnjA}HzMYsw%p}emkRLdOShaM@% zJ=+mbE;98(v}t?H!gpHzA{}Uvwfm`*WRQ2mtmrn}&nmZf-bkfS3+Zat=&{0Xb}_Oj z9I}3D`l_A1ekhxPWu8#*=grOBWYBpA)S!BScTl8S9&6q|!I%9m<%^z&oFC?J>;yuE zCCQTk_LF=)B9`-hGiT2e-u}ReRokr9cC5*oYZ4-eociuo@<5*69Z#kt2ZzQBaO>xS zfL}x@jH1?%JW+B>h=i>wwO@c?y*uKZKudFT>={*{gJW_((C^<$|_#7rS$3HEO z&j$Ap-MYQ`g&uu~*9)ZF>S@jYhy6D@bnub^v3%{}61}F9=X2d;~wEx`N&x zCp&kh0&&x;7o^pMy4bz-$B;eLS1d&t&! zwz3b7UiSFe10jJ?zW*F|tlKNHQATYhcRMkE*oF<$4Ug|)z6RW9{YP>JnI<}-^j)O| z{q5TEf6}1*e<2xm#J`aY!##f?8Pp9bildYYnx}Bb%TY>uTcdG2pt{Ams?9+cMNiJ7V~~x?aW#4C^QeuJE`# zvK3H}{$Vz=UA-PS1?wWEji}S!e~>RI3e|9lpdB5H7keqVcAJ^YA9{TEMuI>GWhyFe z)=9037i@w6Xi;{Tv)V5slmb`H5o9mQmL(sYGfk-}ymO3ne zNH0kQ*GHx2r6|U63|=#0htKp}=f{*i+QY)chR60bwvlVdFQUm_D@qpq<6M;`R;fM1 zz?2(HiYkvmxo-A1bI}_*zV@;8>c#k1;d-K0wbDm$Z~cQn!VD(?VLjg=MU`c|gCxug z$uF`|CGqJ(XGpJ9-rR0B5_)E^8Ul>q6UYN@?X6ib6A{*9s={Hr+TL|}hN=bKx|MOUHt5O<*`opnvPGccb+x%<~a(Ky;s z9{w)r|DMS3Z^Ki+;;Y`F|CmL{o~umnD#pGXZik+ z&if;FYa=bm2`4Lvfwb!l;re24IgS-aFaWX$q{^~TJyTOX11G)_5xZu>7^FuIKYBc6 zJ6yLtoyYX}Y=hGMOwb#yT!9*4p&nVKZ)-W)U^Zyjww>}Ic>)|^X#FjX0a=u>LcMa= z+JNEOtdZ1<7FjKSqMSmi!s0^37#nNIwnM%1Q!acj71!GYO>=WE$8KQHdMWf863R=7 zlB~nKS8GAPHLrO{urp|LpAlJX)#P)Cf-_p_XgX8HYLSYS%u7$b!%xeF_<=ss@jTsT zv(3N_A)D}ziscH7F?ziDb+iA$=;-Olj{!4I|H);6G_{SX<|KRejA8Kc=_Hb87h+ujGQ)vc6j*r+I0D<(<@NZ+MU_^6HX;;x71+H?# zjkF0zLKX`c$i9p+0)U@si&F|y zRovP?0{_`(c{=8b*@<9_fY|PLihE#zu0KluL!F)?q4lWbx&Y>k>EFB0oDPGrB%7zj zI!}`y-HM=$mN>)BSu38$zushE&dzYky_tARqipugZSK*6g3RTnp(G2F zliu|LZn4!^RMm?G<~y?v;5>X?{3>PimZ^fw*nik7=^9-|_6&>x-XJx!BNE|p>@O*j zkfj6<$__k5>^e3|Cru~g*n7AzcZHQS?-5w`7TDJ)Y#I^eS`Uz46Ywbt>g&rR$zDl! zEeo@IT^_8UHtpem2QT%6V)i5Y06akAXk&86t;g9r`xNWV?jhj zH9-{>h4sQvhg7+L>nTi*Z!mcM1cW*>c&RJ<$@OxVp`k;(<|6aC_-I>|-$M6Ah|tt>X#{Gvq?DuR!#4N97{ zn7JDn{y$L4B9%86OcnUgYMkUsOG~vn1ci}7@ZvaXcKiKB{N@8V-uP5?=g=)6&R-32 z-;6o)BXbootXydPUlRqhcjW>ZsZ6>!KQrgY^JvV*3xe*7J11~^_iWkTM`aSzwvwoM z`|TpW?aH5~JsDlTSrrqw&;a4aHpK)Iq?PM zmBa-B!YoC^8$ioM$OS43&}tD0qEw1R2KbFjPhET=;9e5|>NVvQVrp9{QpfY*#t)fc zln25T1#YqwwcceWS#5K2#20-Se({fq$qXDonR%~-2+R4Cpx{RU8S*HGR>O{sEJaHw z*u_oD5fJmqBO}Pv_;BFVyxt%6#1qyTflj4{jC?=8=0ja;`FbUa+ZEMTfR}^9?Iwi) zToJEt@*tJ~jwD#POW|)~y?Z9j%AlxS0v=fNmP1$#7}FRSmdgWMZt?>;{C34h=m#81 zV0kQ&X9X%Guo8?!rAd+kvu@(PNDo}P@H23jz!K#}D>eME^OiXEI;ipeg>m~=N%{b5 zU}2cRFEzdT2BC*)3C{XpHn6n|kUIGPjBpTN4r=i*6$tfWb1a($y;)hBw){#;gArgi z5QH65(;_Eu&48szl&~!*Obq0#ymXlWK{djEV<#*Uc8h|!bG|fKloodo=M=h?S|l+o zQD*HjFm{1_1|uv!ZO>FBx-`*mJowRIN3Q(=@5hPKi78n$q7>xvXi{&MrvC-w7Y^<| zq#rie7jV{CZG*jbE|df7!WdVMazmvh{YO-|AespePq@>SRLQpV$vF_~VGl02bm=r) zP8NAp_R>UeZIR8t!16^)v9q8!1i)zmwn=^}au>~_+e2;+MgCQr(LyU(X2h!%wZ3<~ z@F;=Ukl1+iGMTtMpE!!X;p#zLmTsJaNFD(eQ zUFCruI%sC_ z*ZBT|XDUk1==_?^lmsO&F+i$F3WN`U?$JHBNPF}d(~?B0HrF_Trpo&*r*!1hd70>FO{OA&?=Z$_kL`hhNvFT% zZ;~%^{_LZR5AH*&XA<*Jr9AF?Bqj`9Xiv%=-56da-*`1U;jjW@O?GKCGEQ$<=LxE$ z)(ll$fj;A>oW_)5qovVQ7g{Q3*K$xHFGRS8$^1c-ZbX?O0&{($I6;%~&!o>jz^NWJ zYq+XnyeeUs+xE-%es_RTnJ_mQK+uHs79zIg$Y4msSrBkTm{=ROsS|? zxnbbY^x}k-*K4?sGG|m7K_&WJu;leAXm`#Ku%E#j9X;iUfy%7~;l2=>H)Ef82UeKW zGrNVee$;gZP20b61Avuq!?NjbU<}i}$1Xb1a03e9R%tV8V1T1>s)1vZC3Na`6Ongr zRZ7Bk23txvXIlA6;0X^&YY(^qK0}Yy7Ie(zJeBV>yomBHsBiHUODMe%r*>%u#v9ND zwBY23p`kxi{SXTn#|1<4Y?t*zTrL;_!w$u;2D&XkdNS69;SlQ@2WHTC4mVy#Tc zQ~$NehiP(edvBCVdJ+(PP|gBSX?98S*TBN62Ag|+EwyHI&eyS(_X+*6_+j3wNOA2F z4|@$~1j`6HfL|qYFuKQ9hUtmTQenGELC-CNIP2?x!m0+8oK*!zrUFVe4ZAgM76sMq z_@Mr2d{SP)7vefUc;`+qMZ8g%+NO<7D!ko|Y(3y3+R%W&3Z$Qd7wgR&n$de+boz)K z#f6Nr{z0!m8{`KdR;g}?RJbp=_P@EI`b(s%`53Z@Bq|qI{yjR56bjOk3FYeEM2rGekY_pO?74{))-t3 zaPOq;O^FTiF{UP~=*4;L6z`(6Y^y{ZpS8pxp%dner-uo>?jUvSlIileoJYBpTl*Do zg_T=}m9>}A*fqOPAxg{Kay_1E@V5#w&YsBwmlf2uN67Y19G}{#rL~7D z2!)Jpu$Fra4QPdX)+ib61~-ZOq278iq;smjwGFoPLyjX^=8tcJdSg3Tp>b$Jw5+ z%`50b^+P|ViTi+1)?6VWOcg7~fzBMHkKeO*2j=Jx4zq+ctnJ@kIVWD*15YEoyuSg^ z2EBsuhp31grR4q$1{0tWuzUR=4&lRdj5#Sms3%- zxAQjD`_5A?f4oDboFA1VFf(MIF${L z9AU>yb~pa&=l1bUm~&#Ly%^K)R+NS2^wN=IwVGlAFf~5q$XswVvy!3)v5jZQnT49l z*1wU6+aQp}C&~q`f-+%7Ww7KR4`wFRBs?%@3v~`pW@S|(9Dz%ThKRwUZ|giD;FudS zYe(k~v4HQrfa1#+KdU#QZlJbCE&Y%as;5%A;6IiGL$pm z_EWEuPqFz-T}X3x7)8_YluJ5V0Y}U?6ik4xyvE40HTlp}d&;d!+q+3SrW--yhg~oU zMetk7UcDl3S4wTDgeVwVZ*C|F7=Y(DK1Ke^oV?jw#l>h)B4neq4O-sNNPSSlRil@z znvO}Fa=|*U#y;QfC$uM;Ku8CCZ{k6webx@VEwmW?PoNAkDj`N6NzfFn6DASwl)Xv6 z0Z*|No78l@ilOu+w-}Hh%wV$+m8Dv~YQ9cdyn&HiwT8!z2V8>&Dt(yyOb0*Z z=5P~?=1O$s)^?-ucFn{x3L(l+*ewDjxeO~tp^`CuIq%(MDq?-`me%8q#(?s?RCbI% zbsQq`EzO2D$!vZUsHU}M6PcaNjB#qE5rHn!T z=DPkYBJl#xYCs-UQi57?!_Xx(+*d#OFu(r>eQ-y||3Itsc z-|4iEn!}}6SaR6=iaB#%qfMr4$-zyzoud+iu^*$4$J&n<=~lBp{KR%C@QaBfHsWgE zSXjk^bdqc0B{x`-y20V@%%gmmopm?F)~4aR)1ox++5lXv-E-3HkCmy8rz;-*>Q*rvHU%@odb=t^_OK2 zO|ut(?e}J?2>9RipZ}8vo|v_xk%`g&R?sME{R3aJ#fmS91_BvG0B62X?iim7Sg53t zD?VS!$75b*+FPS%j~*=jT>t=yaS5`^ZSYO!>B*7VnT3&T@4#TZa(mkYaPH{4;xIj(EDx^67;nr$! z8d-dgT^pQtFlL#sJwun+Zf+~vfK+PG-jB}cFu4i0NWuo^h8mc$wXj~YpOp0S&{$la znB_KMPxc7FuOwMUe%J#>hnS|*to0msU6Y`*X1`4)s2(Xm%Qfwi-;<8ht8XIG2^8m0 zb5ZWY3l5xQ5B_u}CF&f7BQC3~S{d!(Yf2i?Ao7=s97E%a+>_iW4!nm#7^*oXzH=A- zaKS+G`DuqvyGJ0_X5^#PH=!@rM+tQzO)=77!XNy-mF==LjX_epA8no9iN@r9z?9YP zPC*SW7K~Hh|20lm;7o&4SfPth^WA=S0!GMZ;7`?0J!i`~W>42^oqu6x(7b-_mT2v- zb$vx#5N4$ucNG{`>O^-Xd^DYIUmP?R?qk+O%{X)u+?ssm&PjK}iMR8Us;nA*jQn3M5aIR11X~ibKPh!td@0xNA(vq21p`WL|^n~0=`_M2- z8JgP>vibSzCUY`g^+{&D9nKIAl91st8sJ#ph;L_lYU%i zy<>SVFhZ@YBdMJ(^@5nTf{zxqqVh;ZqdGr^6WfnP92^+r=%W1SE;B__uCG|s6)-0r zkkj3Y^rA@8MKzlb1*@&*yj{vlidO`=Pt%I7@RPRqTD|$WDUv3WTAaVeUMBuk#zCOi znvBeUg08ko7r0{o@Dl9%>pi<$NXpn=w2f=-I8_Os6UZuA(S8U;6rprE+u*ti?>alg zjZNqwd;rWJ+ktbpg=({fDzXjzY%sw@lV+jY?j?R*?5zlq^$B`LR1EW_h@$%dOaU*a z9=R6Cet02?p_B4F^Iv7_*MOeH-oFCH`B?z(MvBKKvxo1FD~h9!kN)-v_M5r(8BT(i zHE-glW1=s>`U#)HRqe|U7OY-F+~xnp+FyUwz5LsraDvOi-QC?Cg1fs1XW{NH3)djQ z-95MmcZWc54esvE-uHf=drm*ydz?K+|G*!>_|&R;*Q`0`D~MztY#gQx4m!!i6n@08 z)+Jn5(fPSH0vEyO2(6Tn$ZaU>Gm%l2sgH0s1P=zvcPPPYNLw$69;zFkSSGMp938Y+ z`H=nI>mAa~%Q)<)2&A3E5BbPkuYC2{?W`U7`EbOrF8Ir-?1AtL1Tf;E4jsprDB(gl zQm2`Io9d7!$P*b|L`Yb89Jw<}B!3=I5xABM^8eejXR&h~1^uzpO#GuU@qdhD|4@Jx zTy6fhha*dQOriIqtg^XE32qyFZ;S2h6H#)1%m=vZ2Qdo;im0*Hf)f@+5rwVtWlb~^ zDu-VHky$2YA8wYZxf9#|_;}j$?du)vCU!dj8pNi=Ft?eq%;nO&p9X$Ai1T}JXATw8P&*PVy?zJb@d7^>{!M(*4lAo@6BpeyysOD#@roap=~r5JQ0!3;CJe+}Tn%Qacuy3* z3d|4T8wr3C?R%P9`;7d1z*!``K#4#YLew3;yjOp4o8#7U&Q`A>@w&TtF7`B9Alt}p z=e^*)=h@KnilNX6*g>BFXiTRrejG17Td^8gp4=EC;?%0e+W4Gq#pfwdwruY2WPEie zSC*>_;@sB)rJ?=APUHxUotU_pVyrn#CnFx7*0t_>6}tr>G(AsF^EMW*tA6ub7^e{M zj?AMe;lr78Q&XM8u^S2V>F6k1nvW1ey?fl(O7k(8Dtlz1lN2mwdrT{?;ggs_pYC@k zPG9r@nu#|iv0AU_C&0b)LID0{8-pU1Wfq1I?zz$r@5|OtL8sLN1coS6?x={D!pC5(Y6H5gzV*V9c#=hCV$( ztn?DClN;GQCJ9t}8RKRmjnt%0R=rW6(Ax}~Xc?Y%%*1cz{{aKb0zznQYP$TKq3O&c zaNO*Dx%*mei&xGDC&kRJBHWP!NZnngc_^f~A*I>oxRJIDp(YKG1q3(NeE)MW`8Ek) zUFClyRO>0?&RZ1M8^r7Sh>^CIeKV2WK?OM^AwqCzP8f7bOh6_x&RsnTZ0t#(*SJ5gV`2<4Eul1oZ1O87Yh=n*mb~Rg z%QLT#^BU^16zVAiy_Hl>M2#af#Us4t+DE>MPCC7|4 zOqURCI=N{jkS?Bh1E%J8(~Vbz7Fp%4P~{GgA7=F&9Z-Q{8{iNM7|&+lFZeTzbbUy& zA-$r!Gu;hx`ZOuw0?}~#6FV$zN~^?=aQ>cM3F!&dIq0`A1^**V&$O3|*qy<|bknaf z7SADi*KKLe8WiaKV3Y)xZ_zv*FKO7x{sefd#xsFK`ux-x^7je>gRwyepL1xQcG2Wy z#iDU~PZ}xGOf`SsIHiK)K$X2S&~Xo$RX&htNo1o#KGG z>$WztkCVvxA7@_n4{!PZh$Z%M68%?#W3sZmBG?C396Bm0JSRN6^Ay#jC!^;(_TCo} za+JOvT^a;>ZMOusm^V6sG>;4Dhl1#uFZ?D*SvM0de>(4;_pjl<5DbN|B`b*I(-1^O zBwpu56dT8zM|i2vE@{C76G1JuYwpl!Rh3AjnKiEaZSISf6to1R!j-cTH z%EUH$64ItMFptD1sapkFL1FSDzl$gRf1|sjhh)7Y%#x!I%|_eL<{2zC^T-RCv2uo3 zO{Wc8&={vh_sb9o@&;yv-D34TIi_WqHCgQIC}bGrC~0d+mRY*%GRaKYBvA^|LfHS7 zJ*=_nK-={&K>Tw~%X|fXVX!wRNY-j~3SQ*iBEBTzDSlpgpm#c^~6y5yW=G}Pj^iKJ4s$l-(sUrBVzk{@?nVk#J9QdD0NRh^?Kbkv%zu~pRh~v*j zG8^qOS?E}H>5LS+HL1_GZIeYcg3P4@y~X&490Dl@ZM&misdF)_@~I<{l4wi-1&GOq zDf6yBCc^SwHksZ|#!~%5yS0UK+O0=K#wxx(%bcA(zw&o&oS*MI9e1Cvf0~Ze1Uj2%$J&ffBIg%Ck_L) zU2%1`%r|Y`9_0WVe^W#ZcJzc;Avy1%!NGdjX>P#9ng#aDl%35CU2Z|j8VsrzgVQZ@ zvbgKHDx+7(i%*X>V}aGGi7qECoj5AH0BAcq?+k+J4v1MOq9_?0Y`NwD>)>+{<#LC0 z2+aVQRSxjNvi^ei5Nj3%IcaRi+lA1!Nr(89QrNpXsjx{v_V>EqZMY02W;Lr0f-n69 zf`KJjNr~}O|CB6itGCJ{-VAgw!?#WVgSe~>2~%SF>bp=J4)vMz5vddn;t6z-WfuQV z1|$6dflHH|Rx<_%Gg-<^;W2VF{O zyX+j3!(2`(tWiylsk_pbDg$hd`X|eBV=yLf^ZPOG5ca5KP?A=y2G9kC*IGnk5>O^# z$$Z;@wA0TR$Mqx8VDh;5F1p(6aLb6QG&>4OA?=%LC60X7!HF$y@k~QYGHxYy3tH5P z+GF^zGAbQ+vWSXIk(L}236l|OVeRURf74 z4i7u*2QGd1=C;ERiMFmm>5WSp1r~$yX(2YsFJ^bkBL;>=ur)Y`tJLZpzRBQmR1#*l zdKN3?{1M@Kt5NBB-MuPrZ6P>>4G2-+$>Y*=GzDu2pSepnk{m!AniY5y>I)GMoE3ha ztEUBT1h5vD`n}83vFRGVtX)G)kvKj%AzGJk2K*sH#FbPFKEegb7^c#4uP{O>7ovLc zm!v=Fr=!4r#a4vA=^50|qSGr#{}k#`!in$+%n6jwwC@fh*5m&+ClPl&9<)# zKjSqTx7KQV2qW?+`O^7CLKZ|}@|M{GG3XT(&_7nFdA#--es%xxaO13##Xotz>8im0{w=Fd#*6nl5 z?oP2VgVxTv>;~)03+Ko4%j}%O$MZ|muw*=q34g?e-4Ls=sJFl>Q{3~KoKW=ooq<2o5|_)89wvy2$+ZR1iu&#b zBsW$+z+o862NdbvBa$wGRPNnEH01neh&2_Wfbbc-)QdRFFE%v;y%C6pJ5VlJ{uo1t z%T>@mqa$b~3#LCcqg1KP9XU2T0|EzeC^CKLCg+87aH)0YH}t*B^O;8yUm)^bz_7RKftO#{{U=&_p2j3X zD9pw+)(o;r|Bk-!eS<~M@BCj1S$MRJFMOlFB84__7{2`ylz?GeUzPNbZ1_EFEI z*f2c&5bI?;R$KWz+M+cN-x}d9cPRd}g;dC_9V?Me2v6a!lLv42c9TwAFA1RDBso?^ z8)9L-P40Cs==H9^Dym)nSk!Zk07JqIt3W{16lAOkd9;o--{>R4k7Aey!0+TyXVq$Z z=q)a>%k2NUdbmjMd;eqhz_g{v`HuQN>ChCX!u=+nT69{mKBk42muOGRkXpIaKQTdY zD|2l2aGY#wf01rYrQ0Uy&f&qhGa?19?b4F`E8rRK7xe1r9omHUP1T$@6n3Z!h6Ny!@_}v^iOgk&%Zg+OA#b6FN}bM=HI<11@5!2 zA8+42Zz6j`Nb+O1X7Bbohh@q?<>9w>em%OTniScCO%3&%=(PF}{ZPvbC})Y3kb`!_ zVz9C@mTM;2h418^RI<=aN7n{>vVs9WIO&ywzFoP_`lbsaJyq^Uc+n?tp*Cq?K_Nqw zj5IE*a%87tK;i*;g0|z=*fgQ+D%N~3u!#Ncpv+Q;UZA9 zVN>)3T6OMc_V6R@Lf#1o7T4$SfIWn1u4uRl+NNtVo; z@&y3VVXy6KkLLw6e`OJ9hAa%PxYG7ypA)u_s<jyGcb!PE^b4VXVsZkFwZke^V-|eRCd&{I08LF<- zybfj$nnF-6-HU`_!j9dE_c$Gg81OaQs-2@`;2tYVzxi!^3PG+K>fjPY}MrZh<@7+FQ%oFNuPqF~h1-xzw-z+(^yaW~W;hl!ep?jnEQd)2^KzzT}LM z5PeebE!2M_>iW*N7fFXHkIq~crGNr3f0mF)D3$IF_kBXN;QP+$fWa2h0B2ki!E>7V z(?sMgdYOu!sHtzWpmg4h<=10bAbs{FbxJVpB0Fy;*{WF{+E*PPuN%f|dy<|KA}H@a zkG4s#0yZ%|@Tpg!HN!q2zlXV@7$h5v4=C}l=qYG}Ym924! z?fy_VapR``H2@LWWWA#1#Gi~7e=R`~w;dQXJccFF6Hhfu;}m%`MK}ij_ZbOA;t}GP z7pT9aDNGFvHqDRqyZ&*Z`+tvz{f|r7|60TU|KKB4*^lLm{$|I=?HdS5pUVbAYsF`a zBiw_9Zup%YRT^13yuygLOms9lPnD=22L3HTc3VNdjgy5!P{q}3o5^v1FqH0cb>*{i zJ27V(PxFSr2G7RpSsIhj#;?zry=EY`;`YK+n>pIUsNy<3>J{0iAYI3C$ztU@nH0OE zERxsd-Eo(JcFjvW&#{y`@?aKx9riQ4w$r1<(?kn~_f{g);giOzN@e;nOQR(&bH1ij z6YlSs%Zy#^Cj;|(09FwcDHt{}BKnnV4l^F{bH?DL@sdB-yv-4hha+Ldu2c2;k`i>H zQNyuDLdGZ%$QI$Srn4+-LF&0@BQIHW9ij~hjse^wP(O(D@ej>mU=eBlWO&Xf7n65w z1K|`^c~b792>MB4Z&^YhZ_SI;jA1Bw*bX%KLDhdOVz#iMdc_1L9dfln(ce(WJ)1!& zbMR3q(zmExo)mpFM+i#T?hul#iGaS%>~p@>f=#vb3E+hO#EcH0!PEh)_8 zbl1TwGb^CEt7D`7POE42#LxXr-h6Nkr&?%KbPw@*oSXG&z*ol$EkSd$`x6m|*Yzt7 z#0N&N4b{*$f(58Iayuv*x9^MxQv?L^v&13lBSsm4Q9P@nWYSsd8}9 ze^Oq1DyH#SEA@{ctS*+nIltk%RRO5jETWIjv);;+H^?CfyeC?E_$JD3xA3dR+zUun z6qj0yRc|*H_dh=*MtR4U7Q=C4c@edxRmI8tb_LRrlwB@RDOxPFbg;hRA(xOi+z$NG zWXOpBaT}smn%A6m*Vh%@SE#oQ16!JBI0kq5n{t~%@LaGWgS6nIm;R-{hZ2hAE#~=9 zAmp+l5?JF%N+7prEyXdW={71WqNcW6(J4R2QTTd;=K^KmNBW9`QU$WXC^%G{=9*4< zgUO1YQwJck{s>eMkyzj4zl2=%6JAp_e{DBA!$Q+Z$XhcBW`S`vRAkLd;6z`KU+4eU~&9ex60KAai)F7vu; z>Y4w1=<#vNzWMXb4riZdQGDESdj8QRhB%|SJOhy-eG*_VmNX-!deCeRJKQk6#jmOq zC#9pbq8`(C&*v-PvMuvl{Tw)36kWOT+jH@EzS9jpnrf$oU@`E!+}$-x5tuu=~t?rgMD@^^R=A>LtK1AX-v zdQrJ$CZUe=;fM_6nNSn{aYxV>TL~YJ#2&>wl{TAn0D%fetgqCkH5fSVKtfOfN2=fr z>%*|W&ZO!jU(qZ3@H;RQ9l4hceUz5FgjC_OPb2fgry&)a^_M+@IhbZalY8CR*@>~l zd@ac0O>tm~fVLQk1!OK0QE$dgx1iWt#IOz62Fn)h4mXDZ!mLJF2iv`zd-O35)^an8u#}+@NqU8Q z54!{+dM6Qv=w)K}4i#bk^J#)(bdAFO;(&n4G1$0_#N3@coO$1>O zo)WMwsFPVRL=E#n0C=}=rFHmU51EVnF`6Ib6AG6LN^f{6h8#UlNEmJ!>Hy{ot#vF&diPQ!d2{qf15)3TjxhtB9`z9+1K! z+mv1}W|^iXi@{abj**QK4Ng#?V5is=iI|dDRC)%Wo49tax4fvrrNCd~BxyZZ+Ftc{ zlH4n)nqGN$O$27LdpJ*gE=FS74Vvn%bxq-Su0PxpT|Ij>_W|TsrNL4jEz45#x;+a+ zP?~zdrDOG}l5p#y7B?uxi;f|5cHM(T;`!>s^N`ghc(41dR?+Iop^NA{S;$_02#^0U9 zpCVpF)UELO!;W&u*oTh*CHN8)1~c6Aj2s+ze_j9tM*^3&$f#>JgnG(4t?hhef50&E z6{8b7CavOd_n+3O&}n>b^uH84(p6C|ry$klU?un9*&P%hLOko%=o;kCQuo&$qW=U!W=gIDKW7DL@BV zK4zEZlQaz5sj}t4x;*c$0gko$`eiF4>x}LyrLQevQ007T03md5ELqY1e z8sJ*2-w>h;K$&{^8H^tV*EY>ifF{tevEMb^@ZE+?6VmqpOANeFVa=ATlei8WOBa=E z#jA&_;>~Db<4(U?6D)BZ{57jOEmmWd9v|mrnu|cUS0A)hOyYlXZML`&_uemqox(!e zCa|Dj344!&dZfcPX!xU_T_Bz%G7P|~-X@5i9YB8kz1&_$r>9z@r2>9LZEgq~4edH4 z@4cH5H4%_y?_$5^=-IQ4VFxdBbYcw&jCLmug#{sI5IrKWi5jxy7Ogz%=tB?8#-p5R zJNcid3)bLK|9GltmfFWD7UP}5$p`Iu==H!m>PxVQ0=k^ljnla}S~E1``!Y+<`GZj* zV0fp-=3N?FGO&`Ov``_KV1J;>1^O%q#Z8L3U=1+AQC3rSUN;;UCr8Z9i&fB%m$@K}Hcm}|6yc1#0#LTl46sRS*3oVXXGJ+yDf@?z`8r=5W7_9_#&9?U z%dZZ=w!v`x?tiH?34nl-4*h9^LMm}w;T(OExwZbpBjG+cbzw=S9-JOUPHK3Ow1xIG zut+Y-$eR%Ui`m!f(KjFT`w|z^X~soU0-tg5QS*R^L|*jg-^9sy#|+K5k4c;FA5Z*$ z6IK1slK-z)#jO9J0VnAcf>l5c-KL&)F%4Q%?$w~O%zD7Q^M+S=z>{I)uwTJIU*10Pq@ zOo-7G$EAjiCPA0^5^xOOqfY!mtI}W?c;83uoxZL@cssxtfL+6|dn5h_cJ@~Hc%vYt=kyp%g7n^bLS4K^HpJB+Y` zQyEPwNL-6^YJJ~|5YA>3Mc5myb)1~CreDj12e&1`6LWTOCr5opJ7^Ovqg&&l<7Y+f zV2kO3f9?yyVQvHT17%FvMXX0wb5{X>??NAaeuAUp`=#mrP@Ot@{n8amxwq%b5w`o3 z$QcWHYVBmaT5mo_Z}10Ci}UV?Y<|e&g|A?ic?gE^e-U%WU1J&UKjeu2kH~-@S2{?jK8>BBtdYR`6GfPiZ?1RN@hE%g&k=`_3O`FAN zP622Ur;G@*dj{Y84Gv6nXv_smwdT1lB4Wu<04noJ8>aPxE@qe+Y}!J8Az4_cY& zkA78a)C6~Ao9O*CM1Bc2Y3s-)-tXVAbj*}C?RPB34w9H*bjD#b9svn!vTZM?G87j{ zlQ-A18W<_uaE%drL#;zyfFTGZY)rz9K<)DuQ~XMgY?rSY+!`7Vz>Q4 z*|(1?lA2Y^P}=|YS~xJNkW`oKfbMqda9hmzK zHkR8HY=TH!Jc?FDK{uy2)w2AO$>5e2gmvmVu?bN^drpNr_qds&(o5PW$VJ6fqB=6C zuEFj&XtmhQ8WbTh$4m6!3=Vz+!GR0&awxOV3q{sI%T4$}?AU3#H+g2$AhMaS7;{wn z8P|G54B8~gdkuj9Y(y#IHa zp^BZO%};rXkX&^N2+uDvH2Ksjp2B$E7=Ph2Ggb^SU{NDvE+!>O2Hh}7pSE3!k~{0! zEGE;^USIcz6hB#8qAe?M|L~nk=n`-d+Z|jVJ_{oP+m9mK?oVwB4{mzxxc1VdtPw*W zlY&IC61`Mj>Vko~Q}CzG5))6WHGnxeJR7?MEQ1OAHs=t)#I+5OBuYgp$NmuJZv5b} z{t)*t&O|O)AWMqTP?Ur$;h>&&E!C>b4XKBS5m?is+sd1vO$mWtgw34B@HJ!|@zUUA zYA`%;5#)0cy8M7>dP4D|m|-9gaAeLoe3lJ4`a-#;)Z#Si?2DM~3Ha9V2OAbcGgfA9 zXEUC!MVsA>)?6op-%E4|uDaN&8l~ya!OlCk{WatIbZxYH&}3*D?YtvwDu>;XZSPL+ zUo69(uf^8x+T1&KW89eF(w4Os{xv}>{b%&UUt~oID0|prH>R}KJK}m3e`oIQo&znn z1%*8^+W2OU;7}i(ft~-u z&cNKw#QgCN7dI#g38??)!a(1AIVZp!TL{j;=-}|r{-3=+hkp)!g8EyZ;2Wn1v;TN! zNc;Hvf7b>7&Cf-RljXnuPyavSK`hx{VRK$!-uLvxAo>hiyIGNAPULpVmR<04bcf!> zs7mh9VW(QtTs)1J&r3ZZiVVh4KqFrWY^_m`y-^QS?kW|{z>W(x*WGa9M(2H|_gUE6 z%lt^ z5at9l$7_2T2Znf`31vpwX1LlhH5{FS4n6jm0M1kO>9HZopt85j$kS8XdWtQY(UJqEd7*)Zy+UtOJ^3NW#Qewg?8A9%rz7R9G&0H0_QE~n z#SjxTATfUia{dWqs`A7M{nV|(<)|GZ)So!~bUQeO*a|lv?~P{h)PA8{rOVQ{mbmEe z{F5V6JCONT={;pZ*V_&NCRRB?g;>MCg605GQG!Y{K-!^k?0(4_;i@Cs{Z9dfvSxZZ%)M26K*afGc2 zp$&~OHH6BEJl~1YNRJ}}n|{`RYnZU5Jvc$5 z2Jp4zZOYdvqS%D1gns!JXD!(37k~tLF4+*rx4K62=vt(yBHlx_+1nt_12uG2Akx|} zgknX3G7ULH^^^>xwNyGRlz6Xxb|bEN{jB{=kYJCp=qI|nE|_#AI9RSPCr8f5UFCYA z2R(N)-y^I45jppPP~!|4C6+NH7O#HXV}nTY4$uaRR6E>SK&*DXTow?Dj!=g0gG=f` zUURLATC9ie?oTPWE?e!nm-?gfd;Wx*(C=~Lv?l)~EX*JHOs(OppLA|=IVAbT3WiV9{FC3KdOa_%+cm((x|PgJvv{EW+{$Z z#IUN=!#UAtKU#?iI-13fwng+)<|#tjT5A@4&HVQfN7f}dqO%eAGAC6uyF}@|QmMJ> z=keNHFD}=Zy>SDWNpZ}H7JZP&E`I(UdH6mf$lCa!T+;rd5&7S|82nc-{y9YJ8#lg4+s#BcSBIu@r{o&Il6ZctxwnXvx=+KbiYgEbo?^N5mg&E@Hq<;S>L zZ$PSh>Fc$q%UUS{t=5o+wd7Nypacy2EJUWj0oKe59-uloQttHS#Z zeZ;hnMx5Z581E!F+vm#wqaz8_X zwgG;AS|wz1l09ne-*J?+s*S%b$F-?UsF&CX;XPF(rfPqt~5Q~!ld5guhqA2 z?OAiVvtFeOpFzq!dFn(}!03a==q{0qSxBiFhZpoK$)AvO;Vz#v!x0DTJ%1)p=bySKp@muy=j&(#uPrcUNGq%#DA`tHFJe zS{ZpG@4+ee4LRu?WGGsJbvH$S-mnrO0hED}NfoG}v}KSgg-9=8u4+iAzA>4E8BIwB za>dj%;8A%{?(;}o(bG_u1?w;vOu^B5>>ZMf$3|yivENVG*3eSVBvE!LBPaDbWimwTQisLVhostm8f07~A4{z( z;GwNE6`wYSH}R6luJynO9ThYk!IglIp5rVRB(x>aZBa3~OMfD#d%s2i>^`~eyv~0S zFJxFyo7=G&Z2U$@zb3N(r6T1fL-o<^h2jVyK88Kl82oZRFuXK<6J4QmD zr%5?Gw!ocR(4_sWaI-zv(_)$^w)d?Ro zjMoAWg4f^=B-dmfIgczaA-{u=zRO;y{;{}l{v-Mj{s`$a{(|Z^@Pe!P^tYXW+VUU> z`eT`K{Nq#XzsZuRtBL-f?v5-C;0N6h+s_V+93Tq&IaH>sR815$<5P8jPIzgVSY-gF zjdhqQOz;Q<8ye)w^2Aw%+rqNUsWFz&CXej_jleIz!?3p$zXPUH-}7-(qeC7`ZX@%v zztgdMUEjLjUT-l2i0zmm^2C3oFE8eD- z%FN zNa3QYsR^q~)6H6ulCi$wS6C`kCp{ULlAW}|%A-zIWlt4Nm2&VsKm``v(MWX62oRbU zd$bK*ea4+_Nq|98Ty0zMGif>YFIq}7)luZ7!cuv0VHb8DWqC`WlZu83z;9}{RyTz{ z&5uufJ~yRZdtg&16BhaiJ9C#dDV{whZ%}pIgdVl$Rf{Z_5CNbb#Ytdk>VW(f-#?~& ztW6tyVLd~>DO^dW={2f{Q5VP*X=$$2sK+hg#R-R88?jYrVFtM)&q_V8<1|itGu)}> zbu94c^m9x}p^TXbXPKYQ-EIV9YsmbwAU}QY=aNr&K>%G1zc2Z1l^HlLxf6+fi=_<| z*(o~$q)lHd0^Dp&sBiJlS>`%|`IbkN?3093OKyG|(Nv9y$E?xhLa39iT-Z&83;lt^a17;}C9-=Nr zLg&2$J`9pLztHCqs7FRZ#@+9VW~C#X-l=c@+_;dVMiFqw%UOMZFXR<&V7Z4^O1gfU zlX~V!s?bj4_(5@Q_nWxb32ePv_kI2x#v&Cg{_Pe&DX&_~%xsU{7 z(Xrb{F``?%l++bszX&phE!*(f#^gN>cG+5|$8WM&eH9Z4#bZWPUrjoo`xuN+fR=g! zMMd-^6^_2E*x?P1xE2qC=&sc%I2^hIrE(s>ZL$W~R$sKs<(ON9SP$T#_=1F~CQ-T$ zE+L`ty1T@H%qN-Lie~2y+v-j>{M`yF`8z6Yx?JKQv5tsl?#C4fJF<&*7u&VN{^wme z#n2X8UIzJ${m5~qZE(9c5|j}uc8mhCQ@ySE?R}vFMe~P|_=YeoK@~2PJWcm%5;D`%mfcavm72#e zQvr~MjjQeMV*Q#A=~TyfUL?`7%O2tV;VpKU?|d@A;o+S4IK4hzxQ-A%bLOX6K>quE zUgngP&SPM<+YIA|_3ayM&oi`5>gLTl$kvUp_kzEFi>GDvj9$aL-h(*m)+Kd7)cN8C z@oh_u0aG2>?Fl@6gdG{!0_d^7dh{2jyZjA$ZJx;KBUZ z>vOwL-~pJioZLSD@JL);3wg||v)kg6MxD|R*zs-lql;N`=X$c&7q9A`SzI!R;oE0K z%xbPbc7MB@-083NM=bCp9i-x+$U&>3z~OBBg-vQqoYBq}-N#y5e=2;YtXz zrF_M2nhYp|vI%rkaI(@y#rnMQ}rdgeRm`+dWL<+S{}@V8{M zE>m|{ZGK6hn~?n+dseCajSD#r#1%8NfA=wek=iw=y8Q4yKVBx5EzZ1 z_?-A47i%u8+95QHZeP+b^$yEfbE4E9;S<-Hqx&-xAj_T9vA$@8sF;?%IwE7O0QxThf?u5z4g*E?xs^8tuF{WK#)U_@Nea0$t%GIJtL}1eQ z*vwVw0aVcn*J-;lIcMMV&8c6CpOR`cQyyiY4}Jd|xm!q_^M~@IRI~mcX@~!&KVDr; zg8RQ;{{MHb`3u!*ERE6^$i})R*DE9Fr#xGrx`-+sM1H8o=WfPt8O+>iJ>!KbImYh+ zOum+j<$-34R<{Gt{z+rb7L=&qvZ}1stZW|zb9aLKC(iFL$BX-)iZ?%U!yRphODQhn z46^LBUHV*H9mUqCTD?g4K)8)8PJ7JrRsB|1Gakz&J9%&uX78&EeS>sHdmCxG>FFVd zF3nob=}&zuLOvGQ+DoYSp&w2_bBSj*z>qa7b*mq-o-FGsC$A0ZYT9`3n1xiJ;yE-e zPi!TuMU%4iuOd8jA}uGrS^>>IN6@96N~n1wEgr4`$I^UmD?&>d+MG@>a)?>?DxPm7wc^l@@a}Z$H#ZbS%>?oH5v!9u6>7734aMOcb0dA* z5s*8?hS>kBU9M<7Yz)qHIy*%ca4ne=Q0>4LIsJ^EdMTV)v`jX0gO_$26kE|!%vt6I zKIlbawTUp0b7Obn{N0wlUty$b7<$iKsTvceY1=(|dIi|8z z?s>^5OMmW?LIXp`vRs8EUDFV(49A8`yO)0DR zz2{=P;fJ^(SFi6^-e+i!J9lzF5!Pos)VLgBLtoJR5u=2Jgsum}O0ObR^R7_`^MZ#%-EjoE_?heKYrr$ zqfq|)J5HInxT&cyi6F_GUukQ4OjgX2XXcgM^f$@L-A8gLV%tH^z8kePMAIDOt{DHj z?q=!M%R9@CtioME`>iuFv2O1N(k5<6fEpMY&*&2g)Dz)eX>8P}AkkB0vu{`LqG^Q> z<*?|b!XC&av>mzvl5hJ>V6B{M1MGk0zy8j7u3E3xBttFK%p}_SG zk7vSw4kvWis?KJw$w_B~<+f1cheYC{1!jGUqhYgbdg}+ED>?Ne)rx>qlJZ9qQ-kX! zlPvGUaaRz|k&7%kJfk6>MN-Q;F|FqWxlJ=MoxYeAt?tB5Ckf{~^Bdu`D}|kdF6ZV; z36zB)%McBSt$m%fxNM(;&1`=Ra?Qz{@XtqbnOX-mmf7X}$g}D2>Lal#Ygyn?gPpRa zXJQ$NxUS*=IA!JL#a6(}9+R3uU^muEXfvfGGjd62{AgLwwFX2y&A)ttM#A@OQH6`$ z2?;nf+I+@Im>xo=ECs64C1dmE-}}e8o2P z#{_4c+;k0cid-)Xa^8+78=ZF5;$;+I!I4CT_l|_U7CXLL`6Ejd!e2TIAgcT2U>J$u4qGQD* z&^u>Z(AhAh*UKBc?ZmqSCE~8^%)Zk&rH{>ewe&SU^mM%Qhq+37%v+e$Ya;!5YpIp3 zO~j3FNti}r%UZtxj`)(x%<6)Sdx?JaLG=W+gA!)`GkIGg+p9JA0dSa4oiQ)x0XC@C z@*HCzf6?R%0Q{8ols%SwEx)9qnvfawnZW6U3!+Py`wlhGVuichF1SM7rO91$8n1#_ zr3de(Ca8xNm5ErecOm}V3S0gL5=zR|rTUy@H)Nmbl5KFr@QZv$zZj&dx}NtR9X6Kg zE>|u{Y~-zhat}7lci6IXAA%!%!+mSGrnI|!n95fP4ErfNGEtH)zUCNh4&{N~7vwx9 z0pS%>2R!Y@S2qlzE-AHIRveo)>?62ah#dc@yodXiIkXeF7#YK>rkX+8hnu@e<gp=*?&3Jg%RvT)EDCp9u=|Yq3bD7jzU{Xb6zs!;`3>oU{tWLLaziC{*lX zuD|Vmso7*>+Mhb48YSJ7L-(-<7Zj!17CSZxNzaCx=f;R?f|F77^|3utU_R4=u#Qv*+ z$d%PlH zqs-gl)`3J3wZ|~cJwL4g<(u+XiN%Y)T;+#=>C>;o`!$vEJ|7 ztlTYDeikl9pMmP7(@0HH7f%cINCNxI`_((J_BQRu&6f6Fcpm~!Q1W};ykkbs61>2c zhOr~U?^vsD0(VEIU_NT8!}GQd0v5UNcy$4s_Ze=p@9LiSvz`m>z1AyJeevg#y!0S; zq_s%$WXNMPS}iu_ut$K57O_W|B%ifovkC-O1ypAl1uUbg5E`-basW&{J4_5=woHn- zcs3~&hHg6AZ+7g7x!iNOtRLuAqunXI0`5U{hQz7S*oTt4&(Ye)5Smqoggk5layr)n zatQgVE$eZFWMjj{l{LeJ_gnbIQvp=a7XZ7=&x*bhKkT+KrQ;m}L#R!iDMtLlZ!F)? z*wvjzLhM^|V7#Ps$?~4@SRC1Y(p3a!WZ~{9PJrOvM?j{2@3Y{-faZZ)zzt zfX=}Gn*%vZZR&46jKM7Pp-UkU2%aArpicE|xS=7J0;T~NF9l3akpQm@IChnQ7}Vw zR!kobJYI%2%FkVp_v0wIMm0kxedXSSItK(hXS`TfudJ3GZTSV})mV9%4c)ewdH{`D=aVI);}4?X06VI4v3_h`L-mdLFVL?v zY46>+6f9S!#cDqNVs7TIIFrIQl5%%5FZO(H`W^3(Nm32s$c|6wkp}H(e5X-Gif2pt z20Y$sl|wBkMA=wo&2j~Gv~?f<_AN$^jr4#%hr>=LS>S;|We1T9W7wXl7$TOPdV-Nr z4DSfw@MIbvoG&FY4-zZC@Yl?gB9uLUbX)-ChOvjpg*|Vl%Qq{T%`XJ|F2+V-cheFb z0sGizrE87V&M~gk`>yCX()HD$Up~|=utSqAuQu#*+g#kF{UI3$DphGfKLa32WYQj zF6oE--$Lh7aZbQ7PLYO}&%gJs@mT5l>0Ri#7~e%3CQ%{tS+gWxAq9E+f=& ztqMhQZtte79$<>zb@v}s@+0SBWeM2d_`hg-3)sq*WKFlqWoBmPGBYzXGjB69Gc%T% znVG4~%v@$JGc%R#+2`DDU1{dsR*&ZOmX?+!+bQj}^2^AK_#@)oegBQ)?cjyk1_Fcn z1>F=M@Yok6qO4fJ@)e3wlXTwEhL6bWr!*E-v+3Y`n?|HB4e9_>1!>Wd41qdYg*Jl&Ou|Kfy_)>%dt?t8zbqXKAQ%LIO z%Cbl}Ef?h_2Co!nr*NC2&EMeohY*P2Wde*L~tJr3~uTLo}pqruk>+~VK<%d*lU z|8_p2iK&IHg|mr_iLIHlxumVV%U`L9CIFlNGIGf(x=ssXsJvDaqey}NK@0Jih_gyV zL0;!_g93uC$;i8F2_FB%AiqR*^& zRRblA?N1v^olmt}UpS(+F-t6cCmge}-Kv{2@D|tQCbS;7^=t}FTSF#jJ1?>uP2C4> zaQmn?tRmk`?7B$MMSCw&fMtqK`~WIh=tPVBoLR;z+8Np!6*Z`p(#4{ogN_OLenSXZ zCHt$kgCo7;uxnDi+H7Oj8L(dD#W~+Y2TV<-d=0c??H&l_lfqnPiyP1?N~am>bPv4ajDs4~aN~?G*1+&6?3JXRTQKsL{gt_5cgsSr08F^A?8Pkn z>%u?GFgG-v>KDwf1%^%(Of^2S;Ed`&PjB%C6Dx z6a@bX01VRjF<$+cd`svsc&@Zs)D{M1@nMtAtnUycreiJ&A;2qSnwsf@G(}b?olFV^ z0moEvYS*BXhIsUo$!Q$&L1QTxOF8!(Pr~9dRhYNOYivkgXh>%-hwG=eh2+BneGI+# zbZ##r3E`cOg${bqcPk;mRrf^VTvBt$%$J|;w;pkUa&Uj@)2EXXgn1Sn;JH-TOk`#6 zrW$wYnLfd{(OwS~G(`18BW0v%R!mB`leQ9)qp!Zj+9YB4BQ+;FE;Da=2-7ZmKEd1H zO?$7-48iVjY{T~i5_D@u`Gk1#b6)h4KqQxh1Dgc5D0wbpoPT6?-#&2+iBzcl9b!y! zwu7{lfH>J*rq4|`S}vBSe+3v!|c3!{O z_bNmrqA6O$+U=wg@#rSrjq4EZIGv`se#%QkjNZXWCjlC|od%FJqP)7ed^TFbhx9}C zLIq@_f2RJ2=SILb3E8RgByYm*nKKzE%+k+6L&%pWb&G`GAr#zg3mX0DD_H@v*aEWM za{L22=UWheiSBJdW_WafG}8lpd;hbhN8sP3S<+V4#Kz9iL&?P6(ZmT@GvvRUoW{g3 zLiY=xiX2(7WQg@in>SmQSAPd3+ks=tl$TgJ4?U+kv_!}66^>BsTeApdXJC#yx_~!` z2(MFYLGDnf5-m4QY%f3tM#q<^PJWsaWot%saXOl0J`TDJ#KxqSA0mpRrQ8DhPLg9t zYBk&vy#`B8e;AkyudZ&nPh$QF* z)nP~KX;GsU4uI(^4S2g(`2&U zeK+MWtNV&`M*a0}dHL!KIV1J;C`{#J?9~{a*SeEca)*91dw*B2*H!z2x%iqbFXft? zLPDnRj<};FxLpA)#mZ)so(SuSnld6t<7Y_2Z*{2r+hs=~!ul3PR7ANAS*ZKkG5foA z=Pp{!{JRDL`dk`_#6%EYCz}2IUJYN1^-VV${wD4(1RNo%0r`(pjwjg^ZY2D$N|>{A z2)aR$cU+!x%Mf4~F6O113P)O{{Z0N-c#@L8VPa#EqAlBk8Sy0VuT90oPn#y7VRHdV zDHz;swS()GRXY`-4l?nww?|#NuvW$P%-ytSZLv7myBnypr%Y7Y>1uZ-Evyn|GaDJO z&xhsFMHnXxiaTi1gvoyIgAQ_JTYyYAPDOr1iBD##>~4SJi5x?ImMXenG|5GqO&6sK zM8spo6*?E_%ou7>Om*5CNl!{W&)kwrM&x^l64?p!y})#i;kR!$Y57aWF9VB9fwDC!XwOogg0V}wv`OG{^q*sG) zC@P@{3HgRB<`I-Qmzq*I+zSh3TaL5R5&+? z*X=3^%i3kkl04~BRcHUv zsp>bQWBwhx_7nSdvzjYhNb1FSW6ao}53{b5%uu?plHKH3=u{ZU*UtMx=NVN?12MB0 z8)Ul~s9{8mjK);ii>TfAD=Dte!THpmrp0xV&M*BX0W6*_MfT}{4?lO-du5A?woR&( zIYxiMZ`d7P@x2T|a&?x{U;_%>_IjBC)R;?9yry{&9pjk>$LmLZPBR!L;%!2qf~4-5 zMAd82*|0&1tn19nzb3*`%9=ydjnYU;U|2;;S4#Fv=KZ1oH~jD*j-x6zhxp++@ryqc2E#1cZstyqaFVHaMc%$g7SIn|^5 zJ=2DDha7527%y*fBbcciQu4X)wd$w8MXkbZjQs59Gobts)y+J5=)UUO=Z@8|y%-V3 zQ+6MW*LtV`;p93+EmLoRYG%GiAzy@#R|U49^Q4=J);L!C3ee>f5ma>Rv~)vL)cEs7CsFoSyhPwv zJ(^9Z6ld-8Fpy8seQtU_17bv0M!q*;;Oq@|TNCmx9g@uO;_iCdU^bKUdw+lYCV;d6 zTNt`9O9QNk*x``KmrP3mQk_&h0)ry>?oZ{~v0X2N_)WXDZ&AWDvOXzioyq_L1wH=CBE$9k$*PX_sLBu_&NNOaEX_>B z`!YI&A9`|+{2nhEX{H;MNvle`px3$C$)+=1UiK8LZEBuh_PvDh=J8y7j8m7Gt;RmccOVS2# zU}hXO;Q1N#rGuYP6gTp;m+$g&u-KWz;RJHZ2-QpU1bwZ{+4^YZye!CCab1e=TARg3s0rVYM~xcCs01ckG@v<*qExh>|F6x- z89a1%3UKx#|4Z@Nza3?fv9JLiz>NQovsX;K;NQL4KMN}lTP!RsOTvzeTs62|D2dD9 zVT2TS@}p!r3uDfwL%G3ylDdUc31PTIbl()_wC{-B%?;c?(?2t}z3jUEw)np|&l;?_ z4fH-1Q+s>;zOBa?>+Oc3827RFDDnZ^NnEVzVoA{Qh;Pc?C*#B58~0*Lk@(KoV6DN3 z{UBORjm+QB-6LQqdh?w$GJwZ}FaGfwp8rcH2E-&a1{U)&&e#}$hIY2_^LVTjmD*&zh?aM53e z2A)WT_@?8+h0dnPrYIU?nH8MF&{EDC)XfzT({_|z5c{3n!VD0YFIOS=bR*mS9@_kP znIvKq+0Xo;hE(if7(iT@X4#W>&B6?4n0oXG?|_U-ZG6Fu^t%hQVL21CyFluBL3QK;0W~eNt&Sm3ZKr21xvYPuP5UjJ% zZeNwMpR3XAsoa(T9+C&D7sSwX_vS!v>Gd&&O?2`C=O9U#Ioo>qqSqvdN&6{I4WU!2 z!#SJKFMv(u4BY({$M@#J!@WDCkQmEl*I_q>+@p;%hXp6m(~*2f5*ts}lXLWAg#!yD ze_x7SwODPTZi#h}DPjaRU4Y|$P$;N3=@eJROH7MAu@EBS+r~+cNkA6dgvACS!xuUD zjNchT8IL~NFZ0hNp1Shb!us*0;gFi?aF3Z{ocT5`oS@ql)~%1&XwYHSTZqr$n`~E5 z#fDouQnYKku5F(EM#={5kNaLtwpQFLeS<0-8g#=G?X>a?DBHICYZ5H_w91T7Pf}G) z0{y=TCC1fM4*qo-()gAkQ5pKa{n&*1v{=Yp2w_dKv>u{(H%5rVRAx>VFJq!U4Vq=* zkdg|Fd|0vN2Iz?3h@m~*^|&C*)d`fWx&17adQ9>W^-^6+-ERZqQ+=11DY-W*D=}P_ zu%UK$qET2_y@QYZb5;Cn=E@`E6?V|#wA=u=pj@mB?hG9H$@Uu^!yL|*!?sDA$~#9^ zjzkUsu^W$v;5$#2B>HU@|OPG!111{n0BjMM@{1{KrLtp* zQg59jUv$X^9@lrnC>V~)mLh&0&pZ5zL)2WAaVqf24I^K6h?nNsmICsE%AGpvE5;KF zmkLj>;p~uba10ebz+rT#FgPjlXOIh)Zy+%sF$368(LJC}bE*K-mJWq$NyM=26&4Vc zQGt00%;c)zqzIkJCA3z)E5fw(%a|=b)MV4N^^2|3oq{oJdnfCMXH6Znf1?i0w$wuz zxUfTXE%%UyZS4_WsXpXo-1ztkh|7or{sBd>Eo&~)BbATfO6ffrpl5zL_?y%=GCY;f zm4Q!<5)JEZS6$9$R;LHqp9@Bpu~vim=2h#)p+oRYG(Xef!{MpjT`h)b6!? zZ=mv6-U`=%Ag929zCeSqou3Bg*NlB+L1=v=aKnLSaC9&^?9WL%%;5Bpe0JBOeNo{0 z=-x{^XMuLu-rCo?L02%o=GR7j@^HR%)W5)V_4-UY_i901hPEM3p|+t;BmJJS4xj$+ z0NO8L0Fw@M-jMxEwZ*@^%Gg^OIsIo=nZHL?kQP?{pH`Vv5AQ5dtdU&Fbz|ic^&j|> z+T*K1BxAO*f4(|aN_M(Z-~H;f`WoU5b9SXG_X=IG8R$>E z!%xpU{!346Iex@ukaSAa$M4d~)3G9JF!`V;479|xM>EI4jBVn89)x`$3a!3AX5i9lanwECN5_d4-X`6ioS=BZpm_e?yR@^FVAZp{bl7NplaAh{nX&ell%4}E;z>8zWuuPJO zRcn{atTheAurX@u?`C8*eGX)~5R1dC`$uj-G!fGzRu$$&_~17+(4JA(jl``jg>~Fs zO3vJ3tikdUMfGX$*&l;K>1GaKS>bJ|m~IsPPwSDve{^v=*5C1L@HApkVmD{fr**$5BU@ezy?_vH5I#hE^nrmW5k|~>pSJXcCgWx%chq{$D_Ihqjf-hq#IYU>GI(D zEFqSP^&T>WVB?(j!f-P2Ft>U?*t){V#}xT3(VtJ(;SUjes>gI0-V8ssoM>Z+q1;w{ z+C|k+oPclqi0fQx#uP~Ue)(4?4~uWBvNu#ZQA}=Ob|NKC&Yfuk#(J=^yrgGN>Y^WY zdelr3+bXL0Na@pAU+UeBostL$W|CP4_sSVI`;dJHcHbQyH1koH zbM|N-uc@em*^@joy}!wMBUajlX-HGTg+|uvVNuE&?$)nz&{{mK>+y{j)ypJ^cD$ZH z=9O2hvVZ%yZReG(>@T;q^Vu>2;XbuuegyM)0L~oG>I#jFxx=g9S@i@WJGE;9D@D(gOWcY*N${lWb z0Ium&oh9kIf_=9FAH!QUC=QW?c~ zdW{TSJ-@+$b4t@&Rv5e2hEtX4Szt&#dBQ$qd>0(>F5$OaNj#CqMrY`Xn+as3HnjHp zRfqBPDLSwv0?@zw>iw0N57mJ0eN(CIZ9 z?rgBNRvkG$(DrX;Et;&%jkF;=0GG=a8dE89aAC}N^@CVfuw~Y&M4M8UV>cIyM_) zcJ;1#i4!aCfb)lKYVU=9*{+6br^bMTOsXYE&WR(OZwWPPR&Vgowqb{uFagT1&w|%t zI+w1{FWPk)5b3t_2F!r2OS6t-IyhTI7}s#x)=CH116r zjqHskA_M5;H0wwu+1Ld#8tq0h2y?}KGf2{IS+pu0yzVyj&J-&`#p^+gfRn9pbgE7K zXejB{ffNc>()2p_(zKj8hSA^yuW+adw*%W81!sr4$lTFb`acljJlUx%S%a~)JDC=L zYS}srZ1~f4^-ABgrSFVv_(NpfgqF_PPEIcJ5B}y%P8a11YOWQftyx2VXSZB_o;7;@jRhO_M^?0k`E&P(YBlq~D z07euef(~7m*wgAqxk>t7V$N1E z*F5f6v7oB}M}$4n7MWM;9&^q}G!BJVZ;{?Ju#9Yt0vi!7a;@OKfN1XPT-~wh9Bl#8 zT$#BH3ta}{Ce>*;`CUWKxE0)CbLg$sx})tXLyLUUiyShq<~`~hUO{PO4!LK?F;;rG3w`QVAL*hbQ7wrC(~;y*2YUXTmmS0q2TcfJK9V0))sBL&4Ff6VR} z1@kjLbL^sk=MsCb?KB3@V0mweyjY9Za#&tGSxZ4>@x*e3nGvrP=V zlmDjNA_87yzl*m?e*5z=Sb3ZOT1gJoZRm=F|0XLP>l|3xos$f(#7RJODcyaV$N1j0p&r`988`)E zi75C`VaajOvAO>m5UP%4%ldQe8hbz-Q_sr1YqzH9^haJN6z4Ji{+yM&k(Lc=Tw%-ukAXxnSYZOlcxhbUdb?o7WLM6Jw?+coxmV z1)MSQ6g)xkiQec$Gd}P{6fZnNa<^bSo1&&2((|Xt>6c7G`0ijt2tOm^?dFz(y`yT# zSeCVP!!&Aa8N5l-U;fyV|K4vOa=*UWFij)r8eph(PX*}R;t$}S`-Hx5T(M7%y!Zq7 z`XS()w(!{|U%VF?Mn2L2@E;BXxbMmqF6-f*T-BGDiZdlkx+JIVO&xZ?sF);Eh)~yP zOsed@s_joxY`dZ*oP$$Y<|S>5hm@jQ8zH`QH%O13E96^O;EUVz6&THYM>I>saxGq> z>x+Z*XpsNwg7RpX0p4eTcY2vDQ2_^ZGzX&s3)F2ZU)!DSznnmvUym2(f%!6>`2WfY z^!?v;)i{|L{a>BV{_P^ue+{fGDl7-EF)sO7y?1`MUS=mUfLgV z{Jp#I(Y=0s>)|3cO~-59UyziD5&4gj7d1YoXAv!^Uzndr4`jk1(C@=UH#CS);NEm1 z!=1gF?s2&K{;_|?{slD()OK-u&T}*Tsp*1JhRecD+-rS1st`dj&6Kw$#G=aTdt8&t zVQnb)&;2X1H=gV{GQ_~4PiTJo=4HCO<$e*G_#0B)(tX@OQE_RrQvEcZIW%o0OIu zvQ76&OxFsQO*XjHUp51-mI0*`Y2>prRvz?ck1Y7&K7H{j z+ItYlm*M#?&k-R8r&VI?UC5Wa-GQC%*W$`8CL9-e2igUs+ewVV3?AqV$oMD{ZveZv z9&d34#oSLc0W?)Gc?Rj;#YP|S`kV%PJwYUxK*uJz%?=|R)@7HelrfQSITqkGcA$$c zTCr!$jcAZz9rD^@F^XbAy)Cj*Cgz|=GmQt`7ERsb+Y=D1n7=%ZBHq@mR0H`^;4MA6bbCRD2J^mQl+GSALbP91@o7fXvJu9f>gZ{NATPC8If7k1{x`<$ol9= zFUr;l{=YNUUi(AQ+JK(Ysec(H5%|BM?|+Ac;h&V8$^9k72A683QOzgTvJC3MZwywc3nrF53LDN!xdHExJe`M0)epn{vM{?HMBQz}nUHX)>MDY}&2+ z?(8Wp_X}kX5=)@3{HZI*uVhyce#@ckocnHm$RPOu0t#L77Y9mdMwlYmWxYGEDieeP zUi4IBDt|E@Voo?Chl>}9A za>^hdV+4x{1PI&*`42fnC`mD>>uugVd6%Ds*;p_~Z~;0sITec~8@Mi#fjcC0*1NP} zRwQ*sVFeuGfp-SEKMcFmc8JDX?X|z4Os5?kP+Er-2QL`2AjO?tS(Lvvg7)WZF&B2nK@eZ&4CIJt}Lq{u%pMn4u+ zjT1MNA&RIlnuw}aYsotBSYpPi7v|_zXEvCoMV54iRvxRU%LaLNRF*F`vq-a}E&bBf zV&_?&$Fnxp(QZB5c{~pRsU+VCLh_Ea{qU=8D z62qAA$<`n~YCAPUyDArkRp9fl9S{9AiJterZU3RZhhh!Vk1NK3wY07hhCEFTvAPl@Sx0nYI1& z)zzc))t=9nJNhrE>!ACNzB^MTCaiZksiKX`atJ>Oj>24Cq&1s1t8OD(O!c&rw+dzW zY2Yh(eO7Q)FTjn^A^RRbZ~d^mG_|_}2VK5;7m>|JNUYgC2#-9w$ z%m6xZ4A)J-b~ zS>QdEXNF+9&m`zBXGsGKl~q7f*|Nzn2idZbeKe%FI~D1B%h_a%eMa2WVd=R00 zuYQLwm1!oq?uId-az5UHsGmcw7~Uz{k|;U)F1V6IQ4ycCK0GOfjgQP=B9H65gt@k2 zqP@K1SEqVc({=mz;I7l=(495SFTBd%yaVX*bVg#x4C)APm@OL$c#L>t-!&x4iyu*P z)>a7HJkeLsZILv@htBI>KPUnd-Zr%*9qLbZtgMlYFIU+r&E+dUVuScDfx_~fcvF>1 z76qv?p2_wZcNtY0W1H_I)&2RjeMMlfTafM+rY?8AJ8f_LJ7||ej1Sk>HL!NLYghJ; zQO`}z-fP1z27B6qF^u}5>CMS_P|q|X+O2m{04vqg*S zO*$;gYeIIPFn?_dpM`3ro`ICP{^uxT`lnd}b_fBQrIM!229=OV^DeMv%l7uv%VyDi zy>F2Mq>2fpE?D(N)?=4K*GoM+1d0T~5_3LF0P#h5RG^ZiP*89otTUSMuE!;f7*`8LcFOrzZW}fe-jT(i?!PJz z<_q;g03;HN$RmmSoP8{~R}g~b5N)8WEH+|Ww3I2TXf#~CtQe(E&||bsqW7WWCejGa z?~zVylZphBnD&<;Z|%BLsXPux!UWFDOKZ z9%yyYS*Z;uvZ%Vy4w+#WP)HU4u)3*FTKa#^!>X#1E;yrZqQPyqlFg}F7Y1X2l&h;f z&AW={DXy4gXF$T-`w!q+<;cFK4m5bGG1{z{Kq7kZ1d1>?5_hiIh<^{z+OG3rU$CGx zv7{-6qvVlNfNJXFN(hp>Zr=(!sS42YF}f(F)Szi-VDP{+Z_smSC`-X83?G)GkU-8b zK;~pi|ER(BTFnE=Y&*A#R_r$iydq+Bn}T@g3>N#1)b;_==8lrCc~ z)=Kmcl} zrpNCcjBx7yQfm!tRv zJ^Z+53=>4K!Cmp6+@g=Ca<%oB{+!vQsMl%l7G*kI9b(8CZUDWV@1qTfR&)OHq!C0V z=*JIVc-%m=yR^Jc&gzn>RM6DWv+akS-N-O_Pf+zJ(RB8MI~H2LfrsiST?d)#WDoMb zh}j)jMzip!O3=MPRL)}*cMruRmoC#FL~Gbq`~!$~{)tN6Pv6Egwa)zq6jhj%tjn$H z498ZTXs@-`<3rkyNgT>qLy4pl8YxV)qzg)Ndm7g)l5HwHC5iqM0_ACA zz4qkErjaKKGD7$w^F!;P!f3@P!{5&GMG=dm&9Zf z(I$Ish3FtT6r7>3pdbn$m2vc@#&b#$RWuMH0wE`df}_x4N&zDury)onKhA)Z{>kOtQ4zOfb86dyGBsA+Y*5&UJnFur)WqXHw&CI2}Bfs#UNfRj@* zkU$(!#2i_?Trbwy3?+uEkS}s;j&F`{rs5J_onDre3dE{HDhJ<24j^l?oDQ4{Zn>XH zu0upr_P!CkD2B%ft3nk+!yC%8ce1m00;9j@cO$tyAK+gw*^po-PV|_tQkO_QRL~o< zO@F3(b8ps85R4b3%U2YcTmE2CP2YHW)T>v&Sb1L+T&hZ70Ra-If8ke-t|zS@ZXZ>k@t6;i2&CHW2;^Gkz9-KoY+p#< zYpQPet`aQmF>#yDbcLZFF9P!pv&J@;ek2L#_U})dXET^TaW^vC0TYnFIi)cL5d?LT zOqN)zb`?Nzf~v)b1QTQ;J=xp&b7Rgn=UyW$znZdbbt%tOZd$UP_N%(nhN|zbedd;2 z^y2hM4`b%HC*&|)70Wj(;X5UGq)-E$s*xNvAv0aX--%F}e;5`!#zHCoz@ct4(Bd>H zLpY4Z9;&{bX0$86`8vst1Pg1VqYQv0SyQkGAJDJ>1Sd@vQJGgUt2My?jPcI`d;jp} zk*w&*3bnQSvA&cDxdjK;ri^EWsKX6+9j1w~6?Vq>6M`V?n+`RYbT+ZaIH?QWQ6%O$ zQ$__W&i9zstsn96%_+)0S)Mi`~%Q86o-X*pz1B)L~n z%9jHoon)NGbyM!*8|x;olip_0RG_Vy#y}IMOT}QQ%FsC7)~u2bGAvJNmfFXa_n5?! z*+`RrSz){e)kPn1D5D#Z*oRY!5DDK|P{@w=uUVeMJ@PcE1@6pCF142Kd&c@B;G3E$ zPdLGATf<18CFzApJ=3(yZ0I@I$;HU3CT0Tcq;TNt*K1U zMwL}&-Bqdr&EdnR-i2#|3&x;>3h2LEOEXH|qX#4>=sk=iR4DwyP zx>tX@@I6Dkmxqyu6ccX+2=MJj^J#;5AA`qeTwEzMApy|(-@ z0&tKOBOrG25vRe+*#(J^klk4xpC>s-Mz&wP|GW|W6Xno_E<+ydU;BGwbr}~dgrQJI_tuqel7T$|{Y2_)yi( zjd!)!2unwlXXdd|dAN=C-G2u|x^}n}tBR0v+9Fjj)Zjax=*K8n;YS2$dg$|1Hp$pCp8GE+xG(m1Ct8S-8P(Y(gc3FSc`*tk|f7LhTM)h^IDfOKv5SM~q@pO#`D+bqAep6}R4GzqAEYlC zCDcYGz|}R;ACpw`nAA4vkCSB=Vr-KajR?S~K|%$G&&V z&rEc)SbV?one#)ul%+nbbtUUnwt7PzmJUflvMFuL5;ZGn(UqE65ZQe~{bk?Vjw88B zfr|p)zf_d{KP?Ju|J-4p$pNz~KEPdDi>o53^{C3qL}2u|x>`FW8rHMLq6LvrNQgel zOa@syH&@ULW_F{1eN%osf8k4VXh}mvfel=6o}Ns1I`lruWWL)!YQ6eGnF5(HW}o-u z1$A|H^@C%5((Bv%gFUw_AGw3xeLMb9dHxa4TyCR1EB^JAJ@@+V%gUzeQq4q(4IdH@7?N!r#sjGwKB}o4Ur3&&M91DytIPA(QXrC5$ z8EVQjhhVr+rl}|hW*bnAx$9gD=LHhk?4F$butw4;T`cIf<6^PyoP_BLZ+Asx+P;y+ z_FyW3{Hcr|5DXrGOaV1>=OOjIui)`s_b1BPJICgHE`}!krX?+InG_vYS9NmJjy8|g z5@SphG~JF8)Q=au;q#gynT6sU8=P(h1@zz?i?KGLJglS$hfbpvU3UBQv-a+zwos#R zKEv$Mxc*qYrf*p4P|^EJYjmDI*`;F&DuOlqhXkaPkw&Y(N#Od53z1ik7aj1}QFR73 zAe#g~%{K{QHIG}X{h>sdY*ig*hapSi_5}LzKrARO?e5I%AXP5L^xNm_@^=ci?HI)rqj9My{osfK~L{M4Jh*^?mTyB@yUYG4|ha)q!+g}xEkeq+aDG=PF z@XcF=bcs-p7AKC4f&Ab`Hl0T)-rYHF_0nvnes8_J2I!w zk>7)Dwig^|_Od@`5M+itjo1{+4Zy^(bNNbmFTH%H=tP+>m6toK5GZ0Vrh&4U@@mne zfi7*c>wyP7O;wgB$B>zoA(yO)%47E3^>{VqofLVET4g7r$C% zqdi#%yAExvL&gvbV^MjG;G9EFq6pUhk#;4KhGwz4^M)LFQV8O4vh)vV_{@VoR$Y7}y=P{z*;je^JAYZ+-KBP}8+Fr}atCOF8rgZRsvhCnIawmU6+g{FpK6R?X0m zkwD;X6O`U!q1t5qr>{V-?PG3~Gh|sf+ip5ZF7f=Q*-`yIcKz zO5`3q1KPL=a^-|B5HxD1&=q9aB*aZV`hnCMhEA&61`O6FFj7B7uPe2L=MKUl=ML8i z69qw7Q*;mI3Un}t@Pm9vW>5#HHfonl$(s{FgJ6iHjG&<_Ynm)?k4G@3Q&Qy3(T~tw( z>5gsqW({teFmuKtOps{W%qx5&T6xjGnF)ChlGuB%QlVaKsKTEvHPWViUv)Cn8Rmu1^;znTSEXF}Q-xMl zcTJFS61E+I3QLiQ!+yhm*(lCAnq!dF%m}SNgOEc#)gXhU(*%d(1tFPm(p1fi-AA<6 z_L^xZoXjyD3V3g$qZsNlI8#}=Mv{ehjncv&b(|gIs=;|iWJed!#U6~EDMty_8`LB< z#D}QK2VH-^~X@3(YyOJ6LX46hI>?_fbGR^|Zns zj4daKb1QAj&ckloL$xb-jM`@rH#n%%OBFHP?3a6OtZDqcrhCFB$|izq4cs@PyzPqi z^>9j!A`ISX=vchP^6*R+gkO%$Ko(vf`8gZwOm>{CQT~`;R5-M3zgfxS+)01K^A?S# zn}@YvkpYtxFNeg6;-x@ig!_JnX-0(757nPWA;@G5IOkx2)A(5@RzWFAg?!4*WgVET z?D=$*SU`SVT{`!I_i;(X3W$V&UiOC<>!o+&VR;7i)4*8iIC<#{sn-j384?}vGVmuM zH6M~CadnFlO1WXFq|yX@lRoV*f0gVyee~}jU);|4Au{&(2rQOnj;qxcim;X8r&^;+ zHe&VcQ~EA@)K@XB-PMfZy=eC|8FGAYo3pdf{j0Ml?c{8Qrw`-(K>e7f-Q(=>A!U_~ zyTq1`VE?QefXyrJ(G$F^?*aBP$TFE6GPf8@^kMBvfmvoJ-*;Z7L|bWAK6hsKcNA}P zxb);0NY%IhoQH<KGB3*z(K;gevlPC8Usluu8x)5Ge_a zzmdBC3#ncLWVCXG*)X9=E{QUw3YHU%$D1rpvqSD}PNxrGlNS9iGSI=udnZkV4S3F04^vv?_6!3#{$Bb{>5fn0)SB=Gaye0Eao<5S9@y@7h z0YN+M-DD%XuAll|3Tgb6$2%B-DxoI|=;HM2&CC zllwJT3gyurhRoO$JWw{vNh+A2(h&E288J~A{--njh17r6buBkY5zwvCbU8rJjhBVL zlDU@>>>rmLhK&q+;{GDTfV;|p2G7kyV+~nZr-D`#ORTC839-_MzbGiDcp1O^x=Q|g zJ2FXR{Bamx&d(fHizBE}KUH6PAt$L2?dPWT=URK?hDr6uIA8bwqU{{NE8mxH-?44m zww;x9Y&+@LNyqBA<8*A>wr$(!pkup}yLzAfoac`F;@lT!>_1_RvF5MpTXWW@@ETs% zbickNKREj2+}Tf=Z>m+C?-%#(QGLzQZ}UFzma(=bs4Qo=*nJRQTc)0?5yp9k`h33 zT^_RWp!ct1nC4WK|K|CYQrju>;|*Pv1^^HReEvLy)0Y>8wJHzZo$puhdrlm1f^-~H z=DAuqkepM4V|}r*%;r2T@CYnYmj-@dJ1xV=N%aKQyfljoo_d(~>TIjE`V+3@H+ov^ z=c-x&l~wh8=~KrfetOph^*Wu)QnSg~9_$O>rJLs5d+QX6nD8`C3$@LSY`JFD%3bh4 z=LJMQ!0TAvlNM`CM^g9fjA>1hZn21o=IA!_-GzLaluT7@w>2Y9DgpN78}^ndH69#iI+#68L| z>fi9zJHuFNC~2x3wiPIC0&d_fXMA_B`<-L8*i<&`Q?VD|f7|jIx$qoWf@zo3E%3Xf zQi9BnEBYh(ynWP3WY@FGPd{we^=ZXYr3@gu zVw-AwNOX1P4sl{s6oyS9UrQ3))<+kV)p*E)*_V9o)%(?G*OFd#j9T0^^QQL%tM)_u zt)D`O+gT@R68RDKi0=W%R6izz`&BMbF0J+GwL^{WnM2r9;Meq7Hr0f>zhI{c`NoYR zY_QfuufwN$JY|@6!14In=Rid?3=1$t>k^_|iX0E4qVLE)a;1Gncdlb zgb=23pJm4L$D^|ax70pUpfl8ylQT2<>->&&9TJoV;?;QxTZmBXkyGW3J#CqF4Wv;86Fp3Co+Xt8k8|YD)ZF#l-Iyzd!SZ z-wV!zn?NP4{9|t=*1tnpg{tTB^NQHMh`=4BqG%Wk2>6o)M4^|)YCDTM7uz0W3K9}j z-`F(*^V-w6CNg&d{Q#~UKcE2);jT1PKNUn|?BJf3HQ#mQGyR(J=rQ$teY@`V3APLz z!EGklXS%S*nPqy_eZRs6`(ARn;|5IFamRY(43D?$>-34?L2k>H<1pkl}gu zUJU$mqfx4k{D}H@OYBOdH%0^xS+rxU${DvkH&!siRH>7^%6pFjn4d6U9#`P=^l9I8 zZb6xRr+f?N|*dw{;r zT!-E*>VPVFDy{KPSEq`BEJI8fM;ofq(D`x7DJ6Q!)T7U<@`e~K>tKve8T#kAN*Q}> zkR#(S7b>ZK!O=9cjGS@{$m$>n)t|9`$GBpkhefVU7;2G2Ig`Pw$RxV@SYq*`1LfWz zSus+ZvyoYpE6iJ7vsF>kF)J@z;N=jz)HE$$E7io9r`AbQ(`abRT|jTIROR*DY@&0~ zQ?ZSbt1&z*S(dAxxB5ju7U%_j0>B^`%3_-DAz-$Yyx|qtbIi7^l##>?2);dOS)SS@ zAqPQHBpr$NX@=BCMpG^5d>CBgQ}I9@;&u-j24!^@RqV`g@E8FnDuhv{TCy=akB}L^rD0)k zGM32T8QKgXh7I0>QSaWfB=dqb)j%IOvrzsSlj|ps%4V!(U4o@sa=C8_)bn9cZ6)e?-928xpHSoYqOAg!1 z(#po)U!cLPAw98CE0P=OwV#KSFi5Oldk=)=pL>T*+N1O@W`Q>@0 zJH8bW?&~Lb@GiluP|W8Vi5sGu(xjV>JK~$JdS2CW)1GN55v;_ldukKNHYsT7>F)jN z)n6O~(^3do8Q=iZaO`wmxi38}luDy?+!0rz2gNP^K^6D8h3A$m*k96v_N%wBp@+zX z@v=Eg%m#5`fLVgll;}xFmG+@QUwTAPouFwd|cA)n%Q!qB({F#=#{HPN92u_7H&l-DZh z%`*U2bKgV!_rZNr3LSS!jVDYL9Dan@WgSQzQf;7Q9Ql`*#lHfdK#lV?LfW$BNyH6V z!$)p?=~<@>s=B)FkYAs`@0@H4NXVa7+rIs(qN2olxF^+8tUbQzfmd`0(4WINcBn4< zk~tAx^aH`p1Ry}C=Tlm$k5h6a{@a#X8vXnde?N1Z*Pn1}(CdTnqeMJ3d<@~Oj_=9S z$H87NzjJm7W{c=i@-Plw0!Zo})x`5@+xV5f!rObazqpLe-|l$3)R?u(1yy8MMYvyH zYlKTCDfJO;*ztgSmui_}Juarg7xL7|rogOp`uUkhu~l1bTY7l;U)L%SkH~~yfkLDI z#~wkfe|Kzug!b1XXjRWX!&a(kcMp`I0VG5CH1*mio^-Xo>2olwGCBAjlvAgeX2U7K znkwLr()=G3(EfS`0VfN9J*ZOAIg{04XGZ5P=hWxdY@rWO;aRfdgZNqw+(V}?ofGxH za`2-o4X9oL@08PHR^*ix^eJj%8*6d{OskrR1MhdjNv9ds#Ng}M2Oqo*grQ;XDRPU5 zi5W?cl==P{R+{8B3Ts9gYE1MH#3(Mu_X#l^>@XE7yjC;Nn2B5>)?S+MrJmSX#bnX z{=1{A4#C&!#Avk&6dPrEvY5Kq7e`{zWlR)j(4>LLw#Z`N9X|Ol&L>5`IT?|k%xx+{ zWWYU>j_T-_X$ooUcqF;T!Ue3G(-0#%D?h;BI2ccv9fEt{H-g$7(^^QcxF5xZ%raP+ z?)8@C`vv7XW};iL8mKgJVU5J+oiz@OfA7 z^DdcVd_6865X++M%6?L1Cgj<04YF-^tPkU1K;~z2Lnp|-{z#sJa!`?kYlb1DiFK8Z z=Qbup>iGVsClqFZ&3XvoLj_MT{Se>ddN%MtecnzV6-?!gsf5dGIRNOsoS_G2ge$2h)eUgamssaz!QPkYfPwqJ=%{5-Z*A}oV0AA; zB6x>66D?FHSV~^^(r(!{`)XTm>dkh9_y*l}nmz8JR6S^K+Q&HL7rWR`s-JVDupP{K zHDu{_Io*5rTi`O}+tL&4$t!T(UBryNAYEUDJ7}#85Gx`GlZ|JJ}Ms> ziC0hcI7(;}X-T99106FQ7Bdxi4f1Yyo=C4mNoh&0$3jJI@C&*MU}4&CqJd;&^FuDS z*X8Z*50G!hp@ync=38Ht)m1J%wCEqwMkij4d^MAW5&`uY>iV+_6V_#OUU@(Bjn&Ub z`v;X4ZC?B#L~Cxd?+lQ@!8E~ixw*Mb zC%=4b)U&=%h#)<}JXn5CMMO&){j5@nhGv#>SUcfT;au1+I~*CY5(9d16js2h3`r@Z z?2o*L#lACIy2n3{KT@Xu%&it@leQ-N%(;l&$WmgO2 z(`1QJ(6K#avqzc8H+f$|pa^koj=3JHt`vr{-y7;4euZQlp1EAQKAKvKVuC!SazC0i zv{+IycQ^$nifRk=DsJC`N+^nj>`(KHxIT8(iWS}D}`OlTIzY|ygn|b8pyAX*d zLzjg^$L*z1>^M!{TyOvOrFz*)aZ$Z2h#G?^azCj2!aL3(`@xX;@vCJCu&#dp+Vz|$sz#HZ5EbC=d$e47E(li*;DCA`a#9r zO_8y_3g#ACCE?+%lLEn#q-p)HP+%;7>Z8t&q|?4oJ?3^TqlW(U@ZGpcV+peg1sn^w zh@ULvN%^T#dpSK-sQHijEdNqp1yFtSR&8%%Z-~uZzxsP!pa||@mcrX6k`Ky-5k&hd zp)_QiM0Zq%0_nf+eTNWzmWJXz~8tc^3CvaCtx^Li3vB?b6_Ky42Yu8ARH0C)s47ufcg=v=sDW52d zS}Hk*WtnoL2q9`AB>$!~uupBY@iUHsbe|ppY{FHfI{c-@KI zv>}h50|Aa1DOae{`LPhvg}F=0ML(iq+PU%Q!10cZOn1>hPpPvBl42fUHg=ak!hRv^ zAPNq0_CEG+Zr(QP8+fV@W%C{H67~ur(8!tg0mcfdEqf4N7SQt+=rKKimZt=>a8-!2 zM{}4Xvh`~& z8`GY=DWbvK=nZf6UbAAWZjCTxB)Dy~Q#W3^cwpIjYE(Pkk=uB3^V;q?NV#u!d26kA z-5>9Lf!Xrlc9`V9fVa!s$#-;fc)Y7__Mb%a=4{f>d%RmZ_p%#4Z(U;P!d|Zu$dS0^ z3ff;x-cit7*Av+M+CCiH-5>}~)2v^=aGHDprPNqBBP`_Cp z5prm;<@STX<9%crql_}eYI>hYQa-3Y1Y~@To-eFYuAp&b=7Qy|<0(KPVH)a58~V>O zC*ZC&?M{9P+ro{Yjrj1wB11#Aa)}sq;c(R#zt!{Kc7UVwlR5!6EyZEr*j#m~B}@40 zzjjfc{^nQ?o2QSgSM7loxhVXw2{tsgi#yLN<~iDd3-cI@(;AAYtm z%#Q%{t8Y7j%1R}rR%Ip{E|Z)-D*3L$YIKT=#3eJ~g?MRtxk=@?@;P*_gN^+Ck6`O; zC05i6&R-|*yqBw$$63HsV7}@#Bg|Kp6zRDLjKf$gJ`jx0A{aQ*sC^}?@#$X*PXT7i zjJo1EbXX(u5wn|B^$op132#7FzDVNA*TlzeIY_7Uo1nxHqrpGgXz)#Plg*6dO|61C z%AQu?eaN7feJ5oH-S?g+7p8jBydZN)*1PYrJ`aV*k6R#24Y~{or3K&rc~o?+1XrBFR5jt^S=Kn*HPH3dCPj5xC`! zqQc6+F|aFADe^z85PG4-@;6D!sWk$7#k?{k;Iv%5UElItJa~IYa_6sv@DrLZD9b6} zM246=(lq91YNPci%gfC7<92!blVT*a#DUF;>`-AEH`AE0uVPH`6jyzI*;^O=iCJDo zUX^aKdf_d*0uhFaODy4Jj9TZfU`XJQ!w@lud-N`T8zeK}1DWo5Sm3&Lj~ zYB}qDWbw&kEo3WUYe6`-$kZ?`M;NEDrEEw?x-16&U zJQ{@lnIn&+P#P2cG1G*(6%$eLA4jac*l2{4`|OXMBZ;l2ka6ZeA}!-mTjYC~w5-4` zQ8fWtWo=sp38*&fG9B@GykE08ZyjA)ZewUVLh&#|TBHn}h2V^7Xp(cU^pa-z9esMe z4ZsvSWEF)lLF7`ykf1kicL+K5!}80ViV{`%9v5Z6nq4fB7WzaTe$&TJixUy;Mh7F+ zw(cwxe$4464R1`hQst9J3dFE--HMJWr_M*FKNUon>X5kGU7lx7_IxxmQncCThAP1L z<_H$DO6|)QkxG#jSu-_!GX4eI8z_9p3NJoptRWE)%o?Y}$h}`R5kQO@k~RlNC65HA=dIuTYp?Y?vXSHp%Tfm8DuE_V5=)e-!(!0G!jgPkaKgWheT zwEo4xpEX{f?<#n4#7o=$Lre1@8u#^cYm@&XAwQi#A%FvG6z4yuxPPaQ{$6ulvujs{ z5dR8sDXxS5xYXHbQO9Qk7V-(jMBI3~#$94#dtYkT?P@f8nEid{5HpE= z$Zo;C*Wd(HmU%(zz;C`qgMtSbUC70z+XE`^NIn=6voT4G#l;~30kh0zB4g302hfRQ zm^2rhM*io3JV?8c}^eIwww_sfZx)PVI7y&fabuH=x+*4T0Aus`9`}E+l zsL*^OUg?!xl(Et=V}5JDP{~oS98gS`QfBVd0jtVF+pfqQ2lwoDfXOwY7zY9_aozq&`WG^>tGtGWuN}`H z)~^Yz45Xoa;Fk&Ehb`geZB4eV(Uq^!g>=!j?M1ehN!DI#0cEKT%DJlf3peb`?C@eP zUjba0C8j53#&n5oWzQ0W*O>f(gAv*`W4^9Jys|xIh5AU|MYYKT#3FM?zs@Q}t{7H- zPt?P8%W{T#>a&}0nV*0rx*bL)e@H&yEm4BdyCRJN{ELVds8quO`}QSU0FA%W+MPUO z7@6_o#uG#7jQG!7w3OmP2i@qsCZ8&|L`ji+U7V4XTUBb@R+amF%tym-8k`BSIjS>95J`a_|z9gP4R z!>Sx&Wvkb8uPthma)yVBWcb9*EF1zoxqk7c{*!dD@WN{W&TGu0bOqOu7-MN0^zlp_B{k{o}wQQt5K?H`*H_T^d zre9 z*=9VyE#(GiGIW9nGJMWH+xB>IX1XGhEWL}3VAnZ!;RKW!CiL)5iE)i>pRj)Gxg_dD zPSb+`fcktEgMjTVX`rMABA8seNRt-_%`r-_HI#&d4N2tz2@yj6WAJKNL>Xss_q&YC zGIjjYH?qCpBD;XApD4YpQ0udH>@!wP%}a5*Hen6=z35ZXMyT`P^OBa-+>$wG5}5?o z#|ZxFo!w7d3RpR%+%Xa0<&X$5g+12bW;3k1!!B}%4Sh2R0_(08hRnE%X3vpHERs7} z$Xc+BC?!hx5%fCD@PUS&!_ zrXy@O5ZHN9Hm8XAbT8JlpeS#{(U0k5p?F5i`s}Pw!hu~tHtpkq6mOUjCd0*~V%CF= z7bPey+cwJ1Uyo^$=M1ZvP}#eE{V^c0nw;82yG7GNfoH0MFHMddQ`Rd{AHdgAzQ_4B z;M)IUU!QLjCgVin_G#!D?4v8Sf+)B&4?f~sX2mHwH#kwb82;w4p3kvnC`i}@fQYgR z7Lsv&{nEU#E{UA4GBJ$;*AuO8%%|vC$O}>C<}WTQ-QwlEj8O z&ZbZ+xy6OjLLY1cqvau_o+S=7JfV$+1OfN#mm}1L12<_%%{TyV{Pbsozk{%n(U%l| zViKzVoTmOAJuF%lF17d-!tb}{c2nOVU-ya7b ztghV=YA@8;X&7b)4T33=kOvEW9H1Y07(>rzP|L`Qzew+z%uL|qKp*3xfd~QXq4bbYfju_zGZCbN#Psj;w>m2C#z6b7#sO$0jGk+e7xjuzJiDmV-e4XI5XsI{R3pY{wb%FK@8YGxd4x6Tjt0vDS97Q*{rf*CF=p@pe( zFzA~Dz*UlBt5hyh9TFwWVOEyHEe@bHW9}1XEuE8f_{Cy{{`2;G1oKQdg#J$9oG|({ z=%|H6D!gcnHG$G$sH$mdLBKUN>$pc3r(=L3?XHI`l&!Z&O%r{8K5&l+C8)FbW)JQD z<&1G7(p6Ux&(PaDde14RvDVL;L=_fxF2~m5%#$(3zff_oMA!L zEoZs|@0ayS-1kl;DQm4k6C4nhK|wa)+---O3q-@0n?5Bf!@wx@MmQ$N(YnyC zSB|+|kzI+>#R6A4U~9QQ`_RDt(#&c!H+MCgnwXk4*!KODqe*!cx7);dOy!+p`&T%< zxzVkEll?hmz=LH+JEOQQ=~mner*6?b-M(hiCgzAi1(Zbdo$1y`!RtKOhGA*|1Y-Jz zs=pUc;(Lq`S z!X;ppeBZG*rjPu%gXdqA+aslesY=EZ3@t7aZb?v{1InzFN=HJB`Mcje3}%A z*&Dns9OsZNycPk~{x;|pQ1o(^ZCI9~arFrfJlC^hihNE^0klyY_743pL0D(zy7!8WYC=#6bTg@-6 zh~FfTd)k9B%}RPAOo*LApM{h7Fz|_&N}Y7+qz^>ij|PJlnE3N+-WKhP)Lh0rLUi;f zoJ9w^j%hpPQFx&(>!s`$VcGI(JOjqX4+M?(gN30`?h8NClmlU-sx91pUe+w9E34S4 zr#G4%eA+siLle=s3V|-A9AhQRDph9ufc)ceQBOf=HUmr7!9V74vHd%jwD~_-bo&j6 zIAqu&h6L1JN=1G`uebVipkr*pp|+?l4k{fS>$p*~Sf!!Or{sZHGV3B;y&vw|~gIYklz}u)JqZpF?nAsl1StfErxrp@4ks zz#G!~9ViEB!J*Na7+&j78Q58n0}{B4D#g~|8hTLkp5fcRZs2OTR~H7!3vd10FmkdN zoQs}&@z5E;vuZHaDy6lkrKJJ6gpIp>%tXkn+xp1PH-%a9#l1yiY0!w}+^xo+OQSYg zE@ZME8M2BQdwBJ@#QiF$_hf6+cUA7PhxM9s%hVmUKqfxP@|e$p|=HNMFhxZ4|52gl8(c=LrT^fNZWdg@tNVZtl z-`{1jz{lpZzN?|~foZE;gi$LqiUcSY{6ITdLGypmBOx$2`8@n3i0}KT!~qNe4Nb7v z8YxCR3+tVpv?F(pP56w$+KQRO)cApt0RAc4=4B)E{Nkm1k z(PvI67(D6V;qSwZlf)5tCMZ8;KZaGwft7#8hfKNVfb$mN(f~4grQ!y&cw2VPWP8dA zkf=>b)-vpq{G2Z~nZLG5H*Q=ep{0g_f$)NDbgrv=%6Cie_2j|c{j|#?yu1_gl!L1(d#_*L8cl~S`WnAdQloma4p)7g zRet8YvGQSPistF^%CmfWSEz1n>Evw2DvS8Vv??-J;S^G9kyNc5m<)VA|JOe91r7K) z2Cz&O{>L))->e?8{W~1BX@>_u7mVlCH@7Bc$u-o@nfWB2bM`hJjTU=o4jddNN+*6R z*)w)bT1edgtWQNd-HTxl!UaToAoWln1!41j?u3CwtY6E_yan=c%)5B}-tN~gKYh!M z$r0k_osj4k;TX$87#sB!;GgK?<0VA$#ZI{Ys%mN~K&hpNP&XXxrAes%dg1P*yoeV` z{tfx;jq2lw_f-PxLWw7gPqtjj=hC9VKn}Gf*CQ8^?w97x5X6qGKHLg2_iz>p3GS1dyqVmZKF9JX z)Ct=0#0FaTQ5ptNm#wZ%L^dDRZT9_>=xq*gA~7bFmCU*& z$SN};meMK1X~PYfM_DRTG`&p_m!!nWy#iT?l3E;u_<*Iw)y@+S&}K4(hw@bL-lzy+ z!CKp=PZtGOf;JN;3Rio9=nE0#hQ-~pWX>G3yzFt7=ZvXpe@cI*WjPvn4oDYH zAiajCrzAlq#l;k*o9M{@q0~BoK*ED5{&_;ysA51`63wo1P8&D4mOQBinWNs5*~*rg z);s|#YsZ2(wP6h=zk-VQ5k*6giZ-Ujfl!kXh%i{8-wH-0SFYfvtXH<+A80 zzgiPIp-rNTy4}Kku{6Iwot|fN-#0p%WOFaxKJIXXBzj2ZBbrv9bU6m-33-4_cBVI9 zxZ-V^aq$EzyjI$k-)c3yVOaPbKwNd&mAA91xF#zA@1!7w2@l&-8Cws1qr28h8`tss ztMv?YuthWjYWnb>)AZjttV$p*1fK($u-L6Rc@jkGGn|Z$zBG99Ro%l{d()*T#rmn5 zikdBeLcA1Nn^UIcq>gISF7JjZ_KBWLA3x`=(DP;2Qqi*OshjU3)jJ(}+J z{Q&#Kd`5ze9-r^PPdn!L)G$&Eb$?9#=IW%2A%yO+89B~eO^3QSCAdSJCgXj9{^|y(xId;KnR0&Q7O4}fi`Lui)gSswLHW;r#u>M zDY1Iof)!@^gcD<3kds(OI^%{g&^pK^?1<`_j>xMxwZ%dY*nB62+V9|nC*qh_a^d#2 z)ZPky^md1`YcwKZ0N=iQ%*;S~x?BU0`0j{735p+MnsG~497+!;OR&#Nh>MQ|#mOSe zvW+MFkO0KBivuh(>cAys4c*Xszbi#5MVr#66!7-d%3&*D4AL)7XhsFk@=|Ckjgs&4 zk2au-vdMGHM4|RM;7MUh2GGhz#`5nQ(L`_g1 z(wb?Rp&GLVI>y0b;H0vS7WR(S;LPkcE^3cQ-hN(PI41AIMH_6~qa{m|NKvxccn?FT zm(j(hVGB}9N9o5n??VK2QgXrP%6HUM9~`)rBiN$J_PF{%_ASt<$PvL+UygrP;0avt ze%AyVrGmkRNM1rMkoZDq77MK}qA9CiR{-U^_c16SRySIX|2xXtf`Rcb4RU5oLF`nC1yGAFAc;FGe^x)5WyicQNghD^ty;-rgnE>7OIqeYZY?CL>$NXKs z`-h9_Gl;w*T$%#G?>$IwlbdWk-5_`s0---0cc856M|=1no^QRiz{MW7zFxa*;8eC* zn^s-EBm8NW{eNivv;eA_?jIwEu>Jj_tOTYjRn^e-+Z!@>8>~vdMSmkzC%AHY_{|E4 z^FhGQBPW;WLvqd_JdORuo|=m44TokR{s9CKLtW)YS{G5i^%~B0I!|>~HFh^HH7^nQ zy+81MQp85ahDSm=xwcq|K85NxYvaNrSlA{clnW7pPha)kSemryJJI5+xIBCUIL}-R z=KtzGvPy-L5=amPI8-Tk_^yNW)&|4PeF4-?1#YEe^Mrp^1kN=J|q& zz8Xde`-t`;eud5uwFEs~mW-c$gJgWw=w1tg<)qaNmIKx4w_KlCHy552`(55_Fg2nF zYEHzClx{+7)Zk~$YX693W{+~rZ!;u$p1h56d@t1P`ReiL%4LM7U%dmLL2*TP0GP93 zJ<7niP#xRA8IolNkWWU01LN`1@SKOrnzFp^8Pb>h^@3Vj;YcK_x*blUSFuqFYt-kB z5_)sV0~I$zdCZUcj%lW25-mIV#VBg|+V$?*ICkDxQ)tXgQrUOLCyFVD3<8)S9q&EiwC`EM0N{Y_vF0((WoLI{~wd z9dh3~p)Y2=*{jw^uaH-H%I%wCcpY$l)h#o+LTC69j=UP7RrPpbbinaNaEIM=H&k#$ zq#Cg&I4wb2l{)!r*|ye%A6O_m&9W6~jmeV_M#^GK(a}#cg6r2MYNauH*FX;22KR9N z)>+BAT>j|t%8*^A)eMb+ZWX1#SfP;-g)C=x<7FkVjAIW=iBwu3b4tR@pxsjbLJ-#> zo*n?R5sI#?-bbTNF6|g93d3_547--lQ{XIUEgiflYn=0AAlDt`OG7y2u$cn1|_;((9copFHQ0+jNSzBhp{q45(GciOXdcVXWFOcj1!Tg>uoxll%0MQLJKOM zCW^$TFg1OioY~)k%mq(VDQTc(g~u{eH?m^+9>mGU#BjnyuSt{&tM?StGsMz)fgerj z3|i(V)X}oXUv4YIG7*Mr0ikCIem9<2jtC7ZbgyuA$C~`tUU#IZ0X40*bK$?yLNm3fYYReqs$%!H^Q6nyW6#i-BQyry$n z`PkMuAG5nJvRK|EG`QXkN@T+i;Zdz|&xsk@Ic35u#6(23bJZP1z09IqTw6{5*#58H zUWY-6bpZIqi2ILUjQ?f?^>>Ete@0L`aVssmbBeIL+Bw9{x*c8XFvOHfKN5X}zNOTm#T> zi#Qf$$hlK7NGk`n*w@r`;dWb){6IPgP}LVLB}{v zS!oV1fL2{zvW2I+LGJ_TFK4B^n7;L+k$L;7i%}Lz=fptyl=j7YUZxA-MQPeFY=< z3oVH7x{J@TDxR3J7Tbu>3VMd51VEO@L3G$kohPE5l$UUp7Kb%Nlp0svAw^;;8yk z=+lV1grR$9)xx#F+7DNLE*pTahUfAr)RyFQ)E;8u2DM_rch9*Z+sZb*wYryG!YEh_ z#2~}#?!HHaUr|Onr*N{h?2Q_%Eu#bL-MjQ6QmEz6Ev%**zJ02M8RG@vI>K+s%#8p?DG!Dq| z6d~vS3FE$eYk`jOMT;^8L&J4LK;xuEL}x8hOvqw60!(ENecql4ip6%mCaWL4>bfP| z64d2;^g{r(YhVgRw@9p~wS5JOYI~(&mS{$r;cuJX^Vb%u`E^>>()5gd>Ln6?Y4GM-ehDs572&(H; zKNv!Cexpdr{DjY*v{ig?G*tfarci&;_skYrs}UhuEu*) zK`qNJta(ces2z{@#hN@VxtA@RqCYG-c!1E5p0wf#@p|PBk2}hf7+tLUCqmd-mmg0e zO6gSxI9|YAgopI~qiTDhPbn!>&^OoNEVzfpUpj!mkW$<#?CRliz&i^N7(yOdK}(;H z+Ir2t8&ii-JD@Snp)|=1wC;U14v9ebJz}p0D-xg<@+vN(BxUkcYhrq~eg!2~_*#Gd zfU)PFF1W-1+8k(WG>XtgbC2NX&qgd2m#Am+=GiVeyWc`EdBK6#tiLoq;ZcehWb3W0 zV?cp>w)Nkk^nr%JKXXX+#&JpNXg~g42=wg?n-e^Cla+-FDUsW3crc(D_5d6nGX|Y*}s;C zv!$<5y0~Ywa5itGK+qcz-U^J-TX`%v<}FD146iN-N*bPn4_XP}1{=iO6dcLevPJXpC^fE%_6-@C>O$a>%DWbO3V(59{g#x*L^korSqk>);Bq%LrhYN{6pf(gMQ|dPBOH zPawCg`;tnAJp9tF_UrN^HrdL<#=bkAEC|L^VB?&6>$yq$9wfzDn?vs05-&8N6*9?o!0kQj&{>pE04IpEoMFuGh(EGgVeQmn+a7EU{shF37!9i<&p zzw?kOh)mTeXtnHAoa$_hoh`hWZLargxmUp_vh_)z-QL?2fBmxA15;ZO(pp|EtaYJ zH{UJEmZ7{a{MfTQ2NRrc{?s)&rD2oP3OS5iBEZiI$8mIy!j|L(zw7%uN?sW74mFN> zM3|qVW>F^FIgkpH@jP|#mu?j4QConQC{JC`w&t6FaJP~6^|kePyEJdvy^do?hAEYz z1O8d{enXzEL%d$Qrr}#0NuU?VKl^}G^{|Ezn8=L=h0Z^oedmS8AI~hEL*&-ys@t&~ z^qZNQVOpFIbqKnFcrs@oot8 z86=SdklO}oxLLi6X-C%*#s^9^c8t0HS#PEdriF|`9_F->} z(eFAsCs**5YJ%1bgTDt~q=c}N4gQhY{s=?0R`@C|EolqJ+bX4vF2hWIgp@5D`xXJ0 zXTpUKl5LW>fluie0kkwUq?c6hn*sr*M*~``oeEOW!mpGN~bEM zcYFLtt)H7wX0;$q#ARnKhi2wQ)<{QK57#9W90j}>xCTZ|f9yeAWih)*jcsS{3joE%wi;=I^lBAJzQ7%>MDg&adssm~w5+ z-$;?ARDUkl{mEETwCe-_p@=0yKxP5hlj4w(^&Sy)!s=PZCfm`(GZ2e7aVaF^2ZDSZ z&~x=Fkh^|usj+h3S%cx?*(dLZ{FLp(6yC0Sl_!i!dIFao-FSF!F^(Jb%1-+W2<@K> z-avxi?cCMG(;wmd(|$d+|7pL-VyD-0j|Q{BF}G{uMkw53#6pCzXJf!5W1SwM>tr%> z(CX`B66x%3cUXGKqWF6Yh?JR%K8#Qo#uFFE32H@%+pzHDS$WhLLZv{@<02iXk*~5Y z=c#GK@;?8$By;~Dkb4SYYs7}gC(^EjQx^9#CG$ZVd7cvi&qH<}GUhaeqy*S5_#zML zBiHXVL(dUqaGip)nFj;2{rl8=c98wOE7^jR3H|gS&6h4vUw@N{)V|%wE+Ach9|lX9 zl5Zj_uR7C?qiie7EwNHju^Dc3;R~e#mw&#?l$=G3D48IOfbESgSt;6Ui#ygdmUE7z z6f+D@V;F0*u&Pp4BX8HLr%-W9i!RYlvrSl) zexqh|0?nn-y}xy8xgpfI&!MbCw857x*!=(t_acdGe;C&w0hwnB6Gn_QOK zy?CmYnxAQA{UpTw|xb#|%x@jY8W<|MjKMUk* z4FPBU3sd}CvE#mnNY@?_$j_0l6xv0dJ+ zinT2mxi|B0u$;D{yzU+Q?3rZw}sqN_4LiVuFe)jHUS zl~j)O!lAd2Xy6CA6WKD(Ec(%0VqDA@)HP-840j}YBgsB8+fim{pHM|QxwjG5{UCIw z0_Xq~5q}4<2ySK^`Lp^CP68~BKy&^mM5at8ji>}T4nUG_%fIMM+xE0=+nBc9)0}GC=Co~l z+O~~q+qP{@^Yz*1+axtr4{Ro%3PV>FR?P!R7-P7Gx9u4tH!6L7g3Jh zbE;TanQ;!2ov(nK<9--&J99p>lfSn)BP}{u+MdiB7K`46E>Z3gJ-W_z27b@KBzi;K zKGR#nuMkXm+n+vU;=S@uJ!?kKhWTtEa1(3^99z7}`E+hxG&vJ)uw`Kd%{@})vk%*6 zWVJwC{<|Wg=E}jt+NU6i{;eSKefjdmz{ZNf(#*iflEK^nU~lMPX2qay<792%W&m(- zv@~J>I9M|={NEjz{!_Ru8QN7v9XqH?gwVkOYe7&$ifT%*E^$}}0|ko8@GA(>*ItZX z_S7}fcp2lPF)#_2a;*xd&8Aixr<_C0kdCm51+{7O2F(h!viX0#G^&+Zy-mi+P%1J# zZo55oK8}54dmOA?X0>p=>|~mJNvKt4EDs}v0I4zUivoWp-ZoUH=0-Y_fg2zZiM6H1 zs{`Fu;l+|zjuq50@RD}zz9=P-!EaFJXADa9+Rob+q{Y32u6KS|j;%-h0XL7D!7OkD zL_<6$BJjjt8TA~xp3=Plsvw@D^UK^$=^g{&5YNjzQ}%N@MuN2w&*%Baj5PSRmlB>C zC#41Ut$mZdVKzi{pQ+q1J&ucxbao1|Yn$ez1p+UX7~T>(_dkE}PIfykdPR3XLR5SY z>$p>Xr+=K0{{!p#`6c+jK90114%Gh|)c!S5^>dxqitEoQTBkW(5jQS@$=)NI?w_l5 z{WXXM;XWTpFk(q5VOXRynAYyj`*zGn-mmsbrqNqbD5s;;(DSqyj~V756O_iGMn6wq zkIcOP9H1C{o=!VaC@kb=)kK9!e2l(My$&0BXYzJzFQ-;kMuv%ca%9wSjzWxls%2u^ z6Cb1*efG!B#yu6cC>@MYHyIEyO4Yp?j;NZ5P*04!&tuy!NX5Cy+eI()doyUqos@HY zU~?+KI$$qz>FaT1#aKdlmwwlTb&+$_4A%vC6Dx!{U9C=;s1<{fF!*oP7MXg?OaRC=9`>xR-~ z_R2o!8M?~mootZPhlkTOStFsJK0shko7Akl8_ks@u~u+hggZ)lvGC*&25%Hz#mp{FH35d0md!o~tR3)3qMS1SdGQ62u;jIgLoyWEeF zM(OVE8X7o`#tWaUxg=aOTiq+n5-2B<6Ig-91y6>dNok7%f}u%ejU$ZFsJO(cqOl~W zIICa;fCQHX;=o#=vA{QAI4cdYmN!+06Bp+6fV{I#}heZdK(cUS!vT92YN_V(3jF^23 zEAlvZWbNIu2^%~usKYG}}CmwqJ_UEgqlQdnnepeOs>;uiKakY}WA_vt|_4Hyo@>S)r0~ zUl4VEG2=wIum!~O?EhQ>r+5^Ftb`S4Vc_E2)#q-h;%r{+m$BD#vW*U3-s`;B;>UCt z@&fk!z;xT|+~4xXydCx$>;a|6h( zB(k66cAXIAYU$!}-4G>f@!@vu5k+so#Dl;rTa{-ysHVka+au?pT@|I{$_CnNmy-f@Krk{tLZ?ZsWxdf!n=1z znqV4rwxIW2pc<98B==pQ#U@vjM=sGVv%6nmtKVzCWJuhYvv4EpvQa@qpKMk+>@mE?yoN&GzD)g5x4B!5) zU9-qPL|^jy=0*mNl7>dsj%LPYM)nT>!C(o;9;m8l!9F52nMul&fgnajmKCP)sb(_~ zbku4p^-2w4TUm0!%vNawq!qtjIxjz;G?9LOx!(8DH`f^+HryqM1g@-l-ZmSD6MTmo zEe;>gFMDQRBwx({CX8&UL!v?{(h-o$JEl}=G7&PehyEl&jVcp?p_Wvaq*8zwtPMU! zR%U#NeZD+ECoWz@uYSqbq`;)>Ga2^S(St!0cR|n-TGrqeZ52xKo^D4w^7<(bSG7cE z_)DjEox(|B5*G#MnT-HchnkVf!@-Tvj_R_OEl%rsnylMn!?W4p6JBtR#4PpEiiMFr zKE}ZYUK4!vK_2gMtS)2xDr5Y~a1UFS+vdheu7~wz`KF?z!>oH|rlPgxrYysD^)Uzj z`BRxW+ckfJ%Ws#V)$0U%xt=PWQ^GnXi~O+fKHhckoXLmItsT~b4sG%56LkukHsm&^ zxDoOTwk=rugU_uG$gQ!ay$Gbxhrc_KVY^@Sx!B#GmSgqV32Z!uE$r7Py>Qj+{4G5@e<_;=wi><-cQt2;!wiS?2 z=PSIVLCN<}fCl#H&}}C^A&tCoWlLV&MV5eu6<&%Uy*t@+c)em)8>m1&AHk*kadG|TLwP8?6;JXYk9WW7AL&(}Q#X+sO>Z+lr$Y9s zSsDMy;wckxUXnk1oV3k+H_a(g`1F3fUl`-|+NC~HWDr`;qI;JhY(*D*2Ctpm_wy@6}z9;8MSu?edA4Z5zm$hbUncw>iA*$Y>2gy0wz4!P; zVGEg3tzwFAb2NS)M_NlaY5qwkSsd1|fW)t&OVSCUooBCDzN;*&v*1PP=qsIV- zrtYc5FTU=n!f!KL=XJn7Ozf~;EfM`c1N#*m+@nO7lIAXU&-Sb=%BD!}fr zw&O!cmO%>tGzG5SoDGGaHqsw`hOp>6c*;=b(0|cHm%#VE9!gQ&kD{-n@wQzBuC3O?vsbt>yF+AnuomxRAw)_4~cxg z!t-kDJmUIp$v)o zQ^+mkV=Ft?u^DkF@3zhkZ^|?lYK$zPNvEdyrLQBVT8_&!Vy4Q-P7hzC!Yyhzc%uyf z+{J!d=-ZrIOjezSB8aCJp}Q-dqd{2cVGnTib(9yu;r9$}8~)RVPCfQzPlUdzhw0+#6`nWLxU5%=Myn!R&;IfFDu;Agj|HHbgnj^ zGMJn76kDhJIk$cik<-h8{S78P!iLI{sS&+%+*M@TBZ7ePHRKvKFq_Fc=Za>)25rOe zRd+kOOYrUAuGLuOpkw<_ZIbo3iBr`7t+>0gF>?JQMe<*xoxfHVvNW-=H*++#`af{z z-)N^n?Oger5z+^ry_`8d>x+H1Js`j41LF0M z48rM5M=T`~W6sBAMO$eYDKD$;#aWp$wHV6vI~P)z=-ZK)pgVc6WUH{vF4VQEp><+WNYH7foEY95e0qz9+l(B{#+0>gqZv7#uoi3K-ozN zcxJHa#Q=?&+SU?eipGhl%-OU2AGJox(^$?V8{KZjW%l$%B?zl6_jWcxA4$ggocqfT znjYE1~7SVDLh-4HqJOL1SY93ht4@*LFo>BVPiN zw3m}e;Pta$2W`dsRJD1WaI3 z&&n0LRfeBMM8;muQAg(eJ`0Clyg@nO=@!YC#Ki9TsO{oMzjU&k;x^i)Z;s>-TJwpq zg+NL;h?T*W)XD#H4&5E^8i2h57l~$`5V>@ZvO%VOP8Xw`f`sO@F0{GdH*!vNMtb~jH%P_BUwpcIPTEz?Ok+2Rd%?qtl)iQ6$*1`%L^(IQ=U*$AKU_&tkp-ugM(sk`HEsi z5+)pezq^?4*d^=JdcNG@u87#c zcfxf9m%93g2c_q3Q*Z3$W)&6}g-yTVR2rLOjjAwh5L6J7t1{~J;PR>3HibR-E>y zMYCW0F_VW0KNog*{O`r^U+*;)xCxB&^{Q2Rnp8cTE~!VB2+g%?qBolLA=T~q1)LJm zis?1WW^Ry!g34dG6uU&bW#H4%!aGr%cn^*>mVk^+?!Nf+I^@R=A=BB4xkWf5yt_OI zr2mFvDFqG4&R}1@Sit?AQOEs{6zF#|6C(#lNo!-9|E1k5lvh8yHdqk$3d587vO=4k z=0^`Pmk`FV_T_{|t}m2;%1W5QdqJC3gbblH>?ge@yuxzNF6Cz(?^^h%6uB6E#b3-s zHZu2F(%Eb~-0-+CcstbVdWHFkF^PpC(^c3OHLT;c%6g&(EIHQlo@L2S7bCH4v1V=O z@_IZt%hk2D+<=nOolpK$Xnn1zT3V?z?u9nkTJ*_`eYPVoc33FsZb6?WhBOAS!`@Te zzVduAbIYv4(2l{j6rsuld%#j|f(-=7!Uc@NK~#8p?5no2uCTUpU>UN`kKP_eCfn=Q zw)D4neIcjdAd6s{d$*DIpfg4%y-tGzFT%zz-nZI?6mfx{Tp*eH!0Pyw857%$Ep??c z=-`KlZH-4#D*`!t3Nryv`YFq#&1YY|*Sf~OroC>xKzZJ;6MqR7bt&nZx&0cup{d}) z%d=Uo=BCpt8bs6(&PBJ2LeC<@(P5JHk(Yb}j8TqCF2yn4TFl;*jNFlh>0Vmi#z)_m zVGz>MCN{06$|Ve>>FrYu3iZ|{YX>q)p|_slL_z?$8ZaqdW4~+w*|0B#jj%3JrKYe* zTf6keOiScO>A|~yB_-P{1bd5@)&Vh8e)L3rJ^lWKX}-HBqR}&&9N)#L;@UJ&M5RPo*%U;3 zy-r-CFCj#e!|jg_NvTc1-DsnUf{4Rp8EU2uRTCpikjKO9})EH8Xo(Hx@H3%{wc}Zmw)DaO;;@oqIEyHHVo@}yW1wDRB~Et(Vn#6igC zCWep1*WCEl~S7ji@MAyuKxdxE)QibqE;lH~6 zGTELKd?VXGLDs~l^G87%6b$VP6cp4KZVhFHPqpyBAEKY{{;ROtUr%af!G-( zEN@@m6f--U+9G4e9JytUZ+KsLFFV^_I@|u-R&9QKQRuFMYw9T82J55%HJL=UwMu-<1P&UmNv;psCWn)g|`opsyuv|gjnqA0&Ww}JyBQzgo9Em5T9`+;&_vPZTW}d$t zt_g3xZxtDH#^n>i1V2&AI zr%WiT7)XjRd(=c!RfvL^e?d>qVR%TdRdkUC4;p6oIVoz3E=z37!6ab4_w!;E4b#kk z;_LXc<|DK}oH9pQ93%o`k)!IuqDduQf01G0^J)*AY&Bzog>QR}P@Nb#y6$$Zu&v z`6K0kvurN9P>I_HF$S16#n!Nf9o!VL4A*y^5MTsK{B=6rZ8HICVAhj}pM0iO}BkuS{# zla6-}YyJY~o=?j<3oh+}Z7_ws)VKo$+u^PNhj$xm@j$sXi^9UAsG%eC-hid-YTug| z*fa+>Z8;L7>77@H-5R=oT={;4YZP^PEs~TYhRCs+#2LGlZT+qV!XO=^)5to54?I$N zgbQ0Aki%#jwbLcAiM}Y{lRk&%q&KA+a~4jtu$M6gQm7 z$C+f;+inxF#N8cyU0~W{@-z~-Z2X4je3yi0^dOJtJY(fTZiAQW6p)P=i@UwWQ9Suq zZAwKS?PAAIG2i>!=sM+pE$08sl4AP@>uPX`IN3WJ{l`s2D^al% zDgo2};!&iLyRD_4_0Z%!)w2=)_!Pc^~{iPHTOlzVq%~%G0A)=WNMRbgh`Oo1oQ^_Xq4|F9&g}L^ z9SlT`d|@LC>5jcHU5VRz&PrjgH5Yxr3!u-H72j^PUxLGk%RLInH?&0oH(SajzrQRy zsE({2n#5?|aCsC1z>Py51niiFqe-N>XYG(|7i&GU*2?u#8l@7#xQOHFQc^uCYM!?5 z0kNWnB?u+&FS01o@_3ZxhO6yS@Qpa}S2%^~7^|%9H0q-hB9M9II>tmFPU(I#HP3^| z+Oo*EN=yx~lj52vWC*WQfm66G$Zw&E+;qKK3sJZ8(E+22LM&HknX>&9nJovWCb%$R zbED9C>8P*afWKCG7ysC+i3J_Ho{C|S@=8Z=l&cOXL&{Te1|J&nLM95?he6M?TY{%` z3+n9KQi^tc#Bbg5vT(JE1{NfV7!MtF<95MBO1FZ<17!&>8?z{Rp$#JYz!h&o$;6AI zcH!@hQDEqQljcF8oK-fJCzzdZ&EwMTA8-l9g{SE{M);8dvH+LIKY$l@Nn!5t+n)00 zVkbngsL<8cw-+9)vteKCx4O4#L5&?wj`rE)NR+wQ?Gt7GYf z^=3-6Nb0)rcG&A^q_updTkyL2%p3XPg^6vgB?^IyHV(q=A_~J-nl$QH_?LSmuGy|7 z#&wlqe(5i`0^1^fO(5D3Q6lwd4AP{z7v#uGqy4D>$bVAH8JjbOkzHwWY z#}t53Q;p6@8x)$awnplxi0V!?Kq2x?|NPG4@{J(8lqOQ9euh)lxN-VJ)qPduhF!A_ zhz|HXm*YwUT)wYEc&9?za~u6>HkL4yd^82-xlgl))%VB1 zX0Kzb`7;B6n+2OFelmn*Bqh|1WaH#TaP2U(!9zce;sEivQmD$@D*P#}(^_vpLN*~3 z($Cje>%8YzlO!QH==ihug-CK!S%>t=&0=PHBxD+U`#pTB=b6STG=zEONLgj4VC6$H zpus14!nUibRD%|nBNIYff1TQt)RdRNCU%M>YCL#(r6($$qA&kLV}PFM6sguxb)m*D z(D6_ooZ-DOZ6^83etZc-vxSL3{k5j?4Mysl<)!wzH+s#=1LAijxmFsQ=8Vd%`%p1_ zxVvjx+cu+i)t)vZPlW*r_}h*Zmx5b*|4L&&h?XEBxYaBgXaRU>O-`6K$11B+8`W?l#?@PI6EQy} zb*{JVfc%r`P6~D)1NSb$zU##X{FDq9`vhlN>e({irNaf+VV1zh^S=6*)hl?Q939U$ zcIGte025ZW)r2rE8H3f! zHX>IJ=Ktq5xkG|N?i7-AYJt=F!0U07xm__MYsFvl7 zpF>1AWUm9KX?V&@`WS{oGO55Ko+o2G1tXc|SYUi>_|!eDmX)b{YATtDWr4qxx~q-T z)hgnc;=oCHmc$o~Y=l69vKckq(A5^xO|1?G`W&uorj<;pXme+y5A@;{I|8pmtrQtt z%QiYA}bH?|iR(jg8y-r{MOlacB}hM!Phb14zH%TGFin_!EPz}Wy4 z1V&32ys={A<0MWVXdoO*(}YgJ;RTC}KNE!;2{VGe3hAVC*TP<(l)b6}%mRQ< zej^V?^ZOyMSYE?P8W}di7?7ms_<;e$?n1DfM7B;c;YR@51U`c%QY=$+=s;& ze}tBRu+Wdq^gx`S0u5IwW_NxH45wOG823z#k%18wp-{Xhw>!g;u>(d9cC1dt=biH{ zAoj2&7Bk@F4I~0e@U2qgN1Ni=uq;hvxGv=;(?q?=lIjac65%kd4q4SGCy+rSdeiPf z)*HG*R5qtj>4M=39g|%B4q;xgybt7$xT*MV~k?@rqJo zOXS`&%rzBo14k_-?2KEEc9=67mi79X6}TLp58jCoA$NVlYdagc1*^TM{*>&-eRBCAr- z-CI;|Gq%#*57S?C4X>18YoqK)Lpc1+9UKolz*|uLYX|0(N^g|mEvV?(pNfD^L+F<{ zqUiC4mXKiKjT?(Qh3dLrZ=)fQ(wr%9?*XpGJ>>Y*JGNh=X-SabBp2@(3^HJOJ0o^; zK*-fOw1piQ_u723p7CD?-xlz?w1#aEg~+f@&WI6zAkQwgFe9kL+PS%nWt5HA#hHx& zYAI7udd#x?euliP59^%mL^Ze#c~*~)W_|`aQ8fLXx6}m@a6}E0?RK;RLKo`61ai_J zSeJ0E&}#b$Ca(sm-d!t0Fhe`ezE*%lL0UjD`{`ztjUxOZ!>tgOOBiM#Q3&MKCGWD2 zY@a5oBDX(5lt?HaeQg+%Y%)X_9UR?LzfKd;%~x4KW|iWMr`?I%R)EHnlt;F~yz&k) zl(QX@_7CoHLc7ipTvm;t+%dRb?hzOae+uAlq3OzNiI9c1gg%VVA?8QbeY)ae=h7{2 z@FL83WuboyskCSBDl}o4_KYd%`({Qu+6*80?-Dd*kcwYTKQ;RG-)eN>|IZp-!p73j z$o}6@JySte8k7kwp{aOR*}9ywT7tO9+>a4If~_3& z9s;t?kSPy_RBYpobka?MY??3POC&N*IwQohg)uE^>{hi(6Q{va0v7Yly%O^(gEwZx zm*kjr-;7kvGHS++bn*v+2zv?DqopuPHHS{!tm|Qskyal0SCQl@*)2GC@n*|M*0_kU zB5e!;mZAu!i0&{3D&hlXr(I{0u;}V}mV~4Aaw`-k%Ga@YLP*#l!I;XFNf3TOz4Per z2^oKN=)}%$D-Vk3Taw~OqVw%C#k}tF>NeQekk_655ay8FVDc2%9K|HS=v8-r_^YG) zBW!B#>n9}(zW&|aljEP#+Q!V<@jnDs){*}_9>do}N2`NTP52w5`aXPJiW%)Hhl;7D zzy>UWG%~2@+|h5fzAYaw;+;k|pETtO^i^?S^*HEip>p|b>}+4zW zcgoRXidJ70o#|NbEq@QO|PLlgm89IgF5M4)pW&Wyu!g zk>c~F))C<}!Q}S+Yf}5k#q7X1;*A=q6h63K!7eh~=Fnx`_!#GoLQvQr->{buj2Y8K zVGwfSzgK(Df8>^;Lc0uSOI6&ZUO;XKat-u+Fw)T?*J4Vg`+y1$+)r2_*lRRif1v@3 zWdwyS3;5HxGeWtGydCMGdyArV`V%kOvV5Bf5G9Wle%>}*02LJ_b5Ic#M_bDg7*cau zd<_@_M81_^KfZaT4fQ@@ph2@2Sw3qu;PDb9?qcgA8H?$rIeQr8{j#dm$Yi3lA2fQ} zLGD`n#cS+p1&9)l?pol?+F7Pw|Jix>i~}q1#lNW<%YZ%h0CFgjiARJNcW0Q-6#p9& z>tNk-=^ZNU=I#}F`z|s0&=5z`wB6jcb8Ce>NS{hk>rc?dLJXW>%Jh6_(2WurV`|HLVO#zIR&NQD;NmD^nGt!@#1i>I! zo=8VJg%z;UJ=Aq0X>t}J(ESOW;_G{Zi8Is2&eqQ^T0Ab6>&~k-1-wCABh=x_T6NT9 zL=Fq>%PkW1=P7A|A4&?cPc`S6T5?q@$o37C+_J~Mt9s!Z_%ZUM zRc8)Cmi~7-ksE4dIhQ!hVxsoLNtVMO)UQ44lubdfNLZ~m6mX}R7ul4sNZ73VBjJtJ4T|TwQ>~X3D`0n#$-lneH(AbOLn(J1ub8P+~aqCiGnShrOkqumFT8 z7$a#8rWe2w5CBl$;98hqCCFfsf=4KMFl~can#a31<3a~gyLrGjj8Oc{02IV$faKb&kx%d(bM<)Eude|8l;jMGzln3)`e) zL)&1NTG>?j%P2^M4>HUcT3#=#x&%vY5W7}=U z_*En-8pQ^=NE+?k>o~?1&3gWx(4lOEcFcw$JFG&)fk%6Dw%z`bkm=3+ zG|j=TbKUpKhG_oRHdt?SDQZX2L)mH}!J~!`uqYQ{u;m3G&a>07ygoYOg@P>({LPSV zaO~ZAx;cXRQHjFv44uT&q`#GT1ZRmr0*)gU5|G~is*FZ#kkVK8dDH{)Zv*@POjZ6R z9FpJvqbgNom1h;u_^R|`kyKOyG)r@f&1eFMiKjk0<|!BDMU64m>I>ieVzg39-x}Ps zJ?^d0G76X&ir8KG6b`+3;dy$cx}$L~hQoFT>q{>IpU#Oq^6`678*Ld8-brVRcET=H;(-b5@b#NUGt*ZO!tGNLxfwo0qH*W@l zJ#Kf8gnqCvq#4LI$yoK(>>#ly^ssJW5khcON4~Tnm5dVRq4)s6&{BagwhG1QJ*~m4 z$L`ZJdcGI9I<|4^rN7h7Zp^P!X0h*P`sTw`^Rh(73FbxVDtTsXcX|%OI!ND}?8F(% z_WH}{PAd1Qho1c$>eVbNBL7(I&Vd0CHFv8XTC5ak$l}`PjZ1BS#8*%;BQmr!uz$HV&9%vJh{=Ixk0$aoi zC(70yjNsz;+hfC-PR3bQoHXn(Lyq?TKF+}2ybo&qi=%}?M2K%eI0x}Tq`u#R8N{(m zV6Eaay|5kSYIn3oe(0AtP2jA@c)p%cx7-U6nl2p^5VYQYl zp~^SG3opJ4aJjNB$At^pcTj-@DVP`zH3u(w>`Ml;VAbAX5&FC@=%CsD=c2SuOL7g3 z$?}bZej?%^Hv1XBiE4-o)3R=J+m-pz{vD8sT0vAp#8ZZOo|4B-f+%#h*W?9tc0bA%Z!tlg0tIlqe}G zd@@vuLd2i+ni zF8lM^3<>fiRj^{w$0|2U6coqNmn?hEw$N0jrYZ^?|8d|$lhA&yhE)9`QjFp_0m4g5 zP**8GkLqXbWB4!OOG3^9d$!d+lqC3+W@^UfG3xz{ju_%F)t2e_kJ*!E<1KeU7j8!O zqpH#x1?th=z`m9AHse*81wj-E@xhV9t!A zXrkQKu-bMot?BIs!)iva>cyZQa-;OQ>)kq_F4e{P4L@Ss#yo8hTZ2 zD{Q<(cO4{us$-$I57dHJjtA>anIGF|MPAJk%#7g9oQTfAua!%@SZW?}8!EYUS?m)` z9lx8NnI|PSHLO`!u+eYYR#jv&JtLnUQo6L*>}RR^F8tv7_V1n2TJQa}{S#x*fBNlRG<`X2&a;EsWcUr`2*wW6dj(7D2Uzf|lkL z;L~DABvXw$Pgw`oiBS4Imeiq+Zu{G}Rz20I3dHEL12*u}Q4@#GLqI^V_j2>*bNDgA z^O*5cX>ETg;<5?)#jdWW`?nr$^uCC|&|uV)E|(VcpaDsLsGq>ON1{1@h+Co`DoG7d^UK zgC`i13mkt4#xY~4+hx$%f^I?a65J@r9W0IW!}i)kb$@$}k|6IwZq;%Db3B@}J8D2+ zv1X}qiJUguRWOjLWCi_cIV?F9rmSV`Y6>CvAU9y956a2Qjgd|=^C9!i$zel_^`w?7 zDm~-!zTm(u)c22@7s9+2%HAy?lzf#L%+?(Io6 zetiCb*ZOrVZqCbuodU9vk%=EA;rI%7A2LnGgkQK!jgMRAPGsnSo+?(Bf;xRw9qM5( zTsbMYP<#ZiV5VQXrg|uLAbc{4p0hTjCh%!Bov?$#x^ob)#=K|yTvgaov0Z#$KN4id zciOo&)B~f>L#$TC)R=B_c^JU1OfqwT;2`+kjQh|CMB>E-Ak$j=V=S3;b0WKfb?_)X zz<5t|cPe+h_-M;P0d0S&d!Y%Jl|P#XgiHZ6HzT_ZkXQO#+kHi?S&<70nW4`0-OZH> zqo;_Be;X5n7(h`POWemHH=_VTvF@(bCh$xS`;I7W^kX>;<#`gesM9uS68%7QLbcKk zlg&)ul^1_+Q!DJlph9RiAD3`}<9vG}fRS~;!Prmr-S4>F{JmDxt<3dk29?RY z!GhEpP${HA?TB~&)oO$VIVsc*RJdtM7K%@}iI5i49ibN{=a8rz&7D6nM0^Vzs;tiy zxz{`glcXHkovK$eCz+%iwbfrYzwSvY;9kEyEkXrMH@sRXVljT2z?XwKgM1);7%QY( z3t0|x_uMd_1`n2!7c1hcXGj z1vno$dZKOP+VM{y+`mW$$nLC-BCx$;2RQWq!R48|#zb=O|3l0(cax0F9)7FpTzptX zl0h-SF>F_IXhV|0FyVsK2<3&i4U%(7@;%Ty1PS$-Nm%=+2r6o75?MP(kC-&TTlNEs zUGM9)X&mB~4RT!E)r&Iel=mxgjy%e{GM4%3ZlmJ1B7abp|k>5km*r`1FVEIp;iNvh_z|wBCADA zxq9Vt5~11x)JV=SG^H2MD)relWL6Pik3Xzdj}vC_#Os4>@XCO0p{5gHFWeSyU&L__XeE=VeO| zOCL(D)%fJ^J?H64F^k1i4NC1)#phLJi^)}ARFq5KNhk0d5rTTGlP{vu(~ z0MCqm3P%3v9Vml^9ZG|V&kolyO&VLh6u%vxI1?-sQhbLm@>s6+uw7eqPR%D0N*5Ql zG<8nhN6x&H`oCG&=CyLLNL|!nlWn&|)GkzL%dD-M+iE?+(rxJauQv2bV-@s{Vv#+f zM<{K}4XFR{gx@`-?ex8t#n|k9Vh_Lk**?0%G~lAeJMp9&PJy*)a}63nQ2T^D5dGs7 zY`2KkJMFp-LtxT1yPtu{yMJd9s|#?g74fL`N*_&C$EV;AiRRNyY49GRIPeOc7x9Nh z4Eq){g885d%V=zKY4?ifCG`F0ANiyY{XaHI1m!*cts?^1Mu|R5D?$<5d-!#~>c(@^ ze#{wYp8K=wOLE|`%@XOPlSMRU9qT6q7)3N%%mPi@*lDn=7LC#K&R5C-^#p_EZLnwA z|Mq?9RzICreMY;B{?_+J@n75>4eZ@)9c}(m>hOQ#Qv1)cLJn?LpYaiUGXr5u8v_dw zGh5UD1<)d+gyevXNTMH8Qwd7HZNm(W9=dadXo*#+QP5#q?RCmHIh_r8RDshPwqFne zC6ojDD(l=>ZpCju79R&GepzTESqIXkekQi7L0zcnCR&CUMz@4v3+x<(0?82H5`$TeECdEAvWeSqlpO zjFT%Y^kE?f`Q%-qMj-*z6~A+eby-0%LEy=IbM;X{9k!JvnRNfvcQ*YV?%?{9E8c(W zNBjQY^X>l-_}{dZHgZz{nEeL>7buQOeR?hVnr59Xc^;|?%@JZ&!mV-4TV&IFOF*W zTgFKuy`JMk30VybgVm#1r zKRF@#X_5TT7*qEDH#fwMtc~mejyC^cOJsBn!dD@rppR`%YJ7k5dulZG7=`1*g@BH= z^O3cuhhK*u$9c1wcz$6A1&jraBuq$|!Hl{W>loeGUN_cg4=P2> zAK?1`n3GkNR54M%@I=v(t}`e~bybWKQbq!3UnR;8zneC?5wRB@p`aY-t3{J|I0kSqM~^WkN>MCF#a%90a4%K6OI)4$T~_#_P^RDE(c zZuKW282)zS^8ELt5(YS!83>u!8~wjMeo-Btgh30OG_$jwz zdLNP5Xrn@8v4xSZqPTm9tZCseuf|bNDDY7!nl>82EB|rmJ^EzF}JC?*iaY- zRnoB4)e7BI?s1f0KTDH)8t-!M88^_V=+=MMgR2f@JZA7=ojkw(Z8sjZtOgW|88dkP3*T-(@9uk4ol}3zp8UTM