From 09136f611aadbde6b3ba35df7708a1ad9e4796f0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonatan=20M=C3=A4nnchen?= Date: Thu, 7 Sep 2023 17:39:28 +0200 Subject: [PATCH] Refactor Library - ErlEF Stipend Implementation (#221) --- .credo.exs | 216 ++++ .env | 2 + .formatter.exs | 10 + .github/CODE_OF_CONDUCT.md | 132 +++ .github/CONTRIBUTING.md | 156 +++ .github/FUNDING.yml | 1 + .github/ISSUE_TEMPLATE/BUG.yml | 58 ++ .github/ISSUE_TEMPLATE/FEATURE.yml | 11 + .github/PULL_REQUEST_TEMPLATE.md | 5 + .github/PULL_REQUEST_TEMPLATE/FIX.md | 10 + .github/PULL_REQUEST_TEMPLATE/IMPROVEMENT.md | 9 + .github/PULL_REQUEST_TEMPLATE/NEW_FEATURE.md | 9 + .github/dependabot.yml | 7 + .github/workflows/branch_main.yml | 34 + .github/workflows/part_docs.yml | 77 ++ .github/workflows/part_release.yml | 56 ++ .github/workflows/part_test.yml | 347 +++++++ .github/workflows/part_tool_versioning.yml | 42 + .github/workflows/pr.yml | 35 + .github/workflows/tag-beta.yml | 31 + .github/workflows/tag-stable.yml | 32 + .github/workflows/test.yml | 136 --- .gitignore | 45 +- .tool-versions | 4 +- LICENSE | 202 ++++ Makefile | 26 - README.md | 288 +++--- conformance/HOWTO.md | 111 +++ conformance/Makefile | 24 - conformance/README.md | 1 - conformance/config/sys.config | 16 - conformance/config/vm.args | 4 - conformance/priv/readme.txt | 61 -- conformance/priv/ssl/server.crt | 17 - conformance/priv/ssl/server.key | 15 - conformance/priv/static/index.html | 88 -- conformance/priv/static/oid_logo.png | Bin 17881 -> 0 bytes conformance/rebar.config | 24 - conformance/rebar3 | 1 - conformance/src/conformance.app.src | 16 - conformance/src/conformance.erl | 711 ------------- conformance/src/conformance_app.erl | 79 -- conformance/src/conformance_http.erl | 47 - conformance/src/conformance_oidc_client.erl | 23 - conformance/src/conformance_sup.erl | 12 - conformance/test.exs | 188 ++++ conformance/utils/run_tests.sh | 18 - elvis.config | 28 + erlang_ls.config | 3 + include/oidcc.hrl | 9 + include/oidcc_client_context.hrl | 12 + include/oidcc_provider_configuration.hrl | 100 ++ include/oidcc_token.hrl | 15 + include/oidcc_token_introspection.hrl | 13 + lib/oidcc.ex | 350 +++++++ lib/oidcc/authorization.ex | 43 + lib/oidcc/client_context.ex | 119 +++ lib/oidcc/provider_configuration.ex | 129 +++ lib/oidcc/provider_configuration/worker.ex | 139 +++ lib/oidcc/token.ex | 284 ++++++ lib/oidcc/token/access.ex | 17 + lib/oidcc/token/id.ex | 17 + lib/oidcc/token/refresh.ex | 16 + lib/oidcc/token_introspection.ex | 69 ++ lib/oidcc/userinfo.ex | 63 ++ lib/record_struct.ex | 51 + mix.exs | 79 ++ priv/test/fixtures/SECRET_NOTE.md | 5 + priv/test/fixtures/example-metadata.json | 89 ++ priv/test/fixtures/google-jwks.json | 20 + priv/test/fixtures/google-metadata.json | 58 ++ priv/test/fixtures/jwk.pem | 28 + .../fixtures/zitadel-client-credentials.json | 4 + priv/test/fixtures/zitadel-jwt-profile.json | 1 + rebar.config | 84 +- rebar.config.script | 16 + rebar.lock | 38 - rebar3 | Bin 944741 -> 0 bytes src/oidcc.app.src | 23 +- src/oidcc.erl | 750 ++++++-------- src/oidcc_app.erl | 12 - src/oidcc_authorization.erl | 127 +++ src/oidcc_client.erl | 156 --- src/oidcc_client_context.erl | 127 +++ src/oidcc_http_cache.erl | 138 --- src/oidcc_http_util.erl | 278 +++--- src/oidcc_jwt_util.erl | 140 +++ src/oidcc_openid_provider.erl | 467 --------- src/oidcc_openid_provider_mgr.erl | 223 ----- src/oidcc_openid_provider_sup.erl | 20 - src/oidcc_provider_configuration.erl | 666 +++++++++++++ src/oidcc_provider_configuration_worker.erl | 278 ++++++ src/oidcc_scope.erl | 65 ++ src/oidcc_session.erl | 180 ---- src/oidcc_session_mgr.erl | 163 --- src/oidcc_session_sup.erl | 27 - src/oidcc_sup.erl | 49 - src/oidcc_token.erl | 943 +++++++++++++----- src/oidcc_token_introspection.erl | 129 +++ src/oidcc_userinfo.erl | 267 +++++ test/GeoTrust_Primary_CA.pem | 21 - test/oidc_SUITE.erl | 115 --- test/oidcc/authorization_test.exs | 29 + test/oidcc/client_context_test.exs | 56 ++ .../provider_configuration/worker_test.exs | 72 ++ test/oidcc/provider_configuration_test.exs | 32 + test/oidcc/token/access_test.exs | 7 + test/oidcc/token/id_test.exs | 7 + test/oidcc/token/refresh_test.exs | 7 + test/oidcc/token_introspection_test.exs | 62 ++ test/oidcc/token_test.exs | 227 +++++ test/oidcc/userinfo_test.exs | 58 ++ test/oidcc_SUITE.erl | 192 ++++ test/oidcc_authorization_test.erl | 82 ++ test/oidcc_client_context_SUITE.erl | 39 + test/oidcc_client_context_test.erl | 14 + test/oidcc_client_one.erl | 9 - test/oidcc_client_test.erl | 42 - test/oidcc_client_two.erl | 9 - test/oidcc_http_cache_test.erl | 131 --- test/oidcc_http_util_test.erl | 114 --- test/oidcc_openid_provider_mgr_test.erl | 179 ---- test/oidcc_openid_provider_test.erl | 238 ----- test/oidcc_provider_configuration_SUITE.erl | 110 ++ test/oidcc_provider_configuration_test.erl | 560 +++++++++++ ...cc_provider_configuration_worker_SUITE.erl | 202 ++++ ...dcc_provider_configuration_worker_test.erl | 9 + test/oidcc_session_mgr_test.erl | 78 -- test/oidcc_session_test.erl | 86 -- test/oidcc_test.erl | 265 ----- test/oidcc_test.exs | 182 ++++ test/oidcc_token_SUITE.erl | 114 +++ test/oidcc_token_introspection_test.erl | 50 + test/oidcc_token_test.erl | 462 ++++----- test/oidcc_userinfo_test.erl | 180 ++++ test/test_helper.exs | 1 + test/test_util.erl | 41 - 137 files changed, 9265 insertions(+), 5381 deletions(-) create mode 100644 .credo.exs create mode 100644 .env create mode 100644 .formatter.exs create mode 100644 .github/CODE_OF_CONDUCT.md create mode 100644 .github/CONTRIBUTING.md create mode 100644 .github/FUNDING.yml create mode 100644 .github/ISSUE_TEMPLATE/BUG.yml create mode 100644 .github/ISSUE_TEMPLATE/FEATURE.yml create mode 100644 .github/PULL_REQUEST_TEMPLATE.md create mode 100644 .github/PULL_REQUEST_TEMPLATE/FIX.md create mode 100644 .github/PULL_REQUEST_TEMPLATE/IMPROVEMENT.md create mode 100644 .github/PULL_REQUEST_TEMPLATE/NEW_FEATURE.md create mode 100644 .github/dependabot.yml create mode 100644 .github/workflows/branch_main.yml create mode 100644 .github/workflows/part_docs.yml create mode 100644 .github/workflows/part_release.yml create mode 100644 .github/workflows/part_test.yml create mode 100644 .github/workflows/part_tool_versioning.yml create mode 100644 .github/workflows/pr.yml create mode 100644 .github/workflows/tag-beta.yml create mode 100644 .github/workflows/tag-stable.yml delete mode 100644 .github/workflows/test.yml create mode 100644 LICENSE delete mode 100644 Makefile create mode 100644 conformance/HOWTO.md delete mode 100644 conformance/Makefile delete mode 100644 conformance/README.md delete mode 100644 conformance/config/sys.config delete mode 100644 conformance/config/vm.args delete mode 100644 conformance/priv/readme.txt delete mode 100644 conformance/priv/ssl/server.crt delete mode 100644 conformance/priv/ssl/server.key delete mode 100644 conformance/priv/static/index.html delete mode 100644 conformance/priv/static/oid_logo.png delete mode 100644 conformance/rebar.config delete mode 120000 conformance/rebar3 delete mode 100644 conformance/src/conformance.app.src delete mode 100644 conformance/src/conformance.erl delete mode 100644 conformance/src/conformance_app.erl delete mode 100644 conformance/src/conformance_http.erl delete mode 100644 conformance/src/conformance_oidc_client.erl delete mode 100644 conformance/src/conformance_sup.erl create mode 100755 conformance/test.exs delete mode 100755 conformance/utils/run_tests.sh create mode 100644 elvis.config create mode 100644 erlang_ls.config create mode 100644 include/oidcc.hrl create mode 100644 include/oidcc_client_context.hrl create mode 100644 include/oidcc_provider_configuration.hrl create mode 100644 include/oidcc_token.hrl create mode 100644 include/oidcc_token_introspection.hrl create mode 100644 lib/oidcc.ex create mode 100644 lib/oidcc/authorization.ex create mode 100644 lib/oidcc/client_context.ex create mode 100644 lib/oidcc/provider_configuration.ex create mode 100644 lib/oidcc/provider_configuration/worker.ex create mode 100644 lib/oidcc/token.ex create mode 100644 lib/oidcc/token/access.ex create mode 100644 lib/oidcc/token/id.ex create mode 100644 lib/oidcc/token/refresh.ex create mode 100644 lib/oidcc/token_introspection.ex create mode 100644 lib/oidcc/userinfo.ex create mode 100644 lib/record_struct.ex create mode 100644 mix.exs create mode 100644 priv/test/fixtures/SECRET_NOTE.md create mode 100644 priv/test/fixtures/example-metadata.json create mode 100644 priv/test/fixtures/google-jwks.json create mode 100644 priv/test/fixtures/google-metadata.json create mode 100644 priv/test/fixtures/jwk.pem create mode 100644 priv/test/fixtures/zitadel-client-credentials.json create mode 100644 priv/test/fixtures/zitadel-jwt-profile.json create mode 100644 rebar.config.script delete mode 100644 rebar.lock delete mode 100755 rebar3 delete mode 100644 src/oidcc_app.erl create mode 100644 src/oidcc_authorization.erl delete mode 100644 src/oidcc_client.erl create mode 100644 src/oidcc_client_context.erl delete mode 100644 src/oidcc_http_cache.erl create mode 100644 src/oidcc_jwt_util.erl delete mode 100644 src/oidcc_openid_provider.erl delete mode 100644 src/oidcc_openid_provider_mgr.erl delete mode 100644 src/oidcc_openid_provider_sup.erl create mode 100644 src/oidcc_provider_configuration.erl create mode 100644 src/oidcc_provider_configuration_worker.erl create mode 100644 src/oidcc_scope.erl delete mode 100644 src/oidcc_session.erl delete mode 100644 src/oidcc_session_mgr.erl delete mode 100644 src/oidcc_session_sup.erl delete mode 100644 src/oidcc_sup.erl create mode 100644 src/oidcc_token_introspection.erl create mode 100644 src/oidcc_userinfo.erl delete mode 100644 test/GeoTrust_Primary_CA.pem delete mode 100644 test/oidc_SUITE.erl create mode 100644 test/oidcc/authorization_test.exs create mode 100644 test/oidcc/client_context_test.exs create mode 100644 test/oidcc/provider_configuration/worker_test.exs create mode 100644 test/oidcc/provider_configuration_test.exs create mode 100644 test/oidcc/token/access_test.exs create mode 100644 test/oidcc/token/id_test.exs create mode 100644 test/oidcc/token/refresh_test.exs create mode 100644 test/oidcc/token_introspection_test.exs create mode 100644 test/oidcc/token_test.exs create mode 100644 test/oidcc/userinfo_test.exs create mode 100644 test/oidcc_SUITE.erl create mode 100644 test/oidcc_authorization_test.erl create mode 100644 test/oidcc_client_context_SUITE.erl create mode 100644 test/oidcc_client_context_test.erl delete mode 100644 test/oidcc_client_one.erl delete mode 100644 test/oidcc_client_test.erl delete mode 100644 test/oidcc_client_two.erl delete mode 100644 test/oidcc_http_cache_test.erl delete mode 100644 test/oidcc_http_util_test.erl delete mode 100644 test/oidcc_openid_provider_mgr_test.erl delete mode 100644 test/oidcc_openid_provider_test.erl create mode 100644 test/oidcc_provider_configuration_SUITE.erl create mode 100644 test/oidcc_provider_configuration_test.erl create mode 100644 test/oidcc_provider_configuration_worker_SUITE.erl create mode 100644 test/oidcc_provider_configuration_worker_test.erl delete mode 100644 test/oidcc_session_mgr_test.erl delete mode 100644 test/oidcc_session_test.erl delete mode 100644 test/oidcc_test.erl create mode 100644 test/oidcc_test.exs create mode 100644 test/oidcc_token_SUITE.erl create mode 100644 test/oidcc_token_introspection_test.erl create mode 100644 test/oidcc_userinfo_test.erl create mode 100644 test/test_helper.exs delete mode 100644 test/test_util.erl diff --git a/.credo.exs b/.credo.exs new file mode 100644 index 0000000..e10d3d3 --- /dev/null +++ b/.credo.exs @@ -0,0 +1,216 @@ +# This file contains the configuration for Credo and you are probably reading +# this after creating it with `mix credo.gen.config`. +# +# If you find anything wrong or unclear in this file, please report an +# issue on GitHub: https://github.com/rrrene/credo/issues +# +%{ + # + # You can have as many configs as you like in the `configs:` field. + configs: [ + %{ + # + # Run any config using `mix credo -C `. If no config name is given + # "default" is used. + # + name: "default", + # + # These are the files included in the analysis: + files: %{ + # + # You can give explicit globs or simply directories. + # In the latter case `**/*.{ex,exs}` will be used. + # + included: [ + "lib/", + "src/", + "test/" + ], + excluded: [~r"/_build/", ~r"/deps/"] + }, + # + # Load and configure plugins here: + # + plugins: [], + # + # If you create your own checks, you must specify the source files for + # them here, so they can be loaded by Credo before running the analysis. + # + requires: [], + # + # If you want to enforce a style guide and need a more traditional linting + # experience, you can change `strict` to `true` below: + # + strict: true, + # + # To modify the timeout for parsing files, change this value: + # + parse_timeout: 5000, + # + # If you want to use uncolored output by default, you can change `color` + # to `false` below: + # + color: true, + # + # You can customize the parameters of any check by adding a second element + # to the tuple. + # + # To disable a check put `false` as second element: + # + # {Credo.Check.Design.DuplicatedCode, false} + # + checks: %{ + enabled: [ + # + ## Consistency Checks + # + {Credo.Check.Consistency.ExceptionNames, []}, + {Credo.Check.Consistency.LineEndings, []}, + {Credo.Check.Consistency.ParameterPatternMatching, []}, + {Credo.Check.Consistency.SpaceAroundOperators, []}, + {Credo.Check.Consistency.SpaceInParentheses, []}, + {Credo.Check.Consistency.TabsOrSpaces, []}, + + # + ## Design Checks + # + # You can customize the priority of any check + # Priority values are: `low, normal, high, higher` + # + {Credo.Check.Design.AliasUsage, + [priority: :low, if_nested_deeper_than: 2, if_called_more_often_than: 0]}, + # You can also customize the exit_status of each check. + # If you don't want TODO comments to cause `mix credo` to fail, just + # set this value to 0 (zero). + # + {Credo.Check.Design.TagTODO, [exit_status: 2]}, + {Credo.Check.Design.TagFIXME, []}, + + # + ## Readability Checks + # + {Credo.Check.Readability.AliasOrder, []}, + {Credo.Check.Readability.FunctionNames, []}, + {Credo.Check.Readability.LargeNumbers, []}, + {Credo.Check.Readability.MaxLineLength, [priority: :low, max_length: 120]}, + {Credo.Check.Readability.ModuleAttributeNames, []}, + {Credo.Check.Readability.ModuleDoc, []}, + {Credo.Check.Readability.ModuleNames, []}, + {Credo.Check.Readability.ParenthesesInCondition, []}, + {Credo.Check.Readability.ParenthesesOnZeroArityDefs, []}, + {Credo.Check.Readability.PipeIntoAnonymousFunctions, []}, + {Credo.Check.Readability.PredicateFunctionNames, []}, + {Credo.Check.Readability.PreferImplicitTry, []}, + {Credo.Check.Readability.RedundantBlankLines, []}, + {Credo.Check.Readability.Semicolons, []}, + {Credo.Check.Readability.SpaceAfterCommas, []}, + {Credo.Check.Readability.StringSigils, []}, + {Credo.Check.Readability.TrailingBlankLine, []}, + {Credo.Check.Readability.TrailingWhiteSpace, []}, + {Credo.Check.Readability.UnnecessaryAliasExpansion, []}, + {Credo.Check.Readability.VariableNames, []}, + {Credo.Check.Readability.WithSingleClause, []}, + + # + ## Refactoring Opportunities + # + {Credo.Check.Refactor.Apply, []}, + {Credo.Check.Refactor.CondStatements, []}, + {Credo.Check.Refactor.CyclomaticComplexity, []}, + {Credo.Check.Refactor.FunctionArity, []}, + {Credo.Check.Refactor.LongQuoteBlocks, []}, + {Credo.Check.Refactor.MatchInCondition, []}, + {Credo.Check.Refactor.MapJoin, []}, + {Credo.Check.Refactor.NegatedConditionsInUnless, []}, + {Credo.Check.Refactor.NegatedConditionsWithElse, []}, + {Credo.Check.Refactor.Nesting, []}, + {Credo.Check.Refactor.UnlessWithElse, []}, + {Credo.Check.Refactor.WithClauses, []}, + {Credo.Check.Refactor.FilterCount, []}, + {Credo.Check.Refactor.FilterFilter, []}, + {Credo.Check.Refactor.RejectReject, []}, + {Credo.Check.Refactor.RedundantWithClauseResult, []}, + + # + ## Warnings + # + {Credo.Check.Warning.ApplicationConfigInModuleAttribute, []}, + {Credo.Check.Warning.BoolOperationOnSameValues, []}, + {Credo.Check.Warning.Dbg, []}, + {Credo.Check.Warning.ExpensiveEmptyEnumCheck, []}, + {Credo.Check.Warning.IExPry, []}, + {Credo.Check.Warning.IoInspect, []}, + {Credo.Check.Warning.MissedMetadataKeyInLoggerConfig, []}, + {Credo.Check.Warning.OperationOnSameValues, []}, + {Credo.Check.Warning.OperationWithConstantResult, []}, + {Credo.Check.Warning.RaiseInsideRescue, []}, + {Credo.Check.Warning.SpecWithStruct, []}, + {Credo.Check.Warning.WrongTestFileExtension, []}, + {Credo.Check.Warning.UnusedEnumOperation, []}, + {Credo.Check.Warning.UnusedFileOperation, []}, + {Credo.Check.Warning.UnusedKeywordOperation, []}, + {Credo.Check.Warning.UnusedListOperation, []}, + {Credo.Check.Warning.UnusedPathOperation, []}, + {Credo.Check.Warning.UnusedRegexOperation, []}, + {Credo.Check.Warning.UnusedStringOperation, []}, + {Credo.Check.Warning.UnusedTupleOperation, []}, + {Credo.Check.Warning.UnsafeExec, []}, + + # + # Controversial and experimental checks (opt-in, just move the check to `:enabled` + # and be sure to use `mix credo --strict` to see low priority checks) + # + {Credo.Check.Readability.Specs, []} + ], + disabled: [ + # + # Checks scheduled for next check update (opt-in for now, just replace `false` with `[]`) + + # + # Controversial and experimental checks (opt-in, just move the check to `:enabled` + # and be sure to use `mix credo --strict` to see low priority checks) + # + {Credo.Check.Consistency.MultiAliasImportRequireUse, []}, + {Credo.Check.Consistency.UnusedVariableNames, []}, + {Credo.Check.Design.DuplicatedCode, []}, + {Credo.Check.Design.SkipTestWithoutComment, []}, + {Credo.Check.Readability.AliasAs, []}, + {Credo.Check.Readability.BlockPipe, []}, + {Credo.Check.Readability.ImplTrue, []}, + {Credo.Check.Readability.MultiAlias, []}, + {Credo.Check.Readability.NestedFunctionCalls, []}, + {Credo.Check.Readability.OneArityFunctionInPipe, []}, + {Credo.Check.Readability.SeparateAliasRequire, []}, + {Credo.Check.Readability.SingleFunctionToBlockPipe, []}, + {Credo.Check.Readability.SinglePipe, []}, + {Credo.Check.Readability.StrictModuleLayout, []}, + {Credo.Check.Readability.WithCustomTaggedTuple, []}, + {Credo.Check.Readability.OnePipePerLine, []}, + {Credo.Check.Refactor.ABCSize, []}, + {Credo.Check.Refactor.AppendSingleItem, []}, + {Credo.Check.Refactor.DoubleBooleanNegation, []}, + {Credo.Check.Refactor.FilterReject, []}, + {Credo.Check.Refactor.IoPuts, []}, + {Credo.Check.Refactor.MapMap, []}, + {Credo.Check.Refactor.ModuleDependencies, []}, + {Credo.Check.Refactor.NegatedIsNil, []}, + {Credo.Check.Refactor.PassAsyncInTestCases, []}, + {Credo.Check.Refactor.PipeChainStart, []}, + {Credo.Check.Refactor.RejectFilter, []}, + {Credo.Check.Refactor.VariableRebinding, []}, + {Credo.Check.Warning.LazyLogging, []}, + {Credo.Check.Warning.LeakyEnvironment, []}, + {Credo.Check.Warning.MapGetUnsafePass, []}, + {Credo.Check.Warning.MixEnv, []}, + {Credo.Check.Warning.UnsafeToAtom, []} + + # {Credo.Check.Refactor.MapInto, []}, + + # + # Custom checks can be created using `mix credo.gen.check`. + # + ] + } + } + ] +} diff --git a/.env b/.env new file mode 100644 index 0000000..d14fe26 --- /dev/null +++ b/.env @@ -0,0 +1,2 @@ +# Required for rebar3_format / new language features +ERL_AFLAGS="-enable-feature all" diff --git a/.formatter.exs b/.formatter.exs new file mode 100644 index 0000000..9ecf1cd --- /dev/null +++ b/.formatter.exs @@ -0,0 +1,10 @@ +[ + inputs: [ + "lib/**/*.ex", + "test/**/*.exs", + "conformance/**/*.{ex,exs}", + ".formatter.exs", + ".credo.exs", + "mix.exs" + ] +] diff --git a/.github/CODE_OF_CONDUCT.md b/.github/CODE_OF_CONDUCT.md new file mode 100644 index 0000000..ca616cb --- /dev/null +++ b/.github/CODE_OF_CONDUCT.md @@ -0,0 +1,132 @@ +# Contributor Covenant Code of Conduct + +## Our Pledge + +We as members, contributors, and leaders pledge to make participation in our +community a harassment-free experience for everyone, regardless of age, body +size, visible or invisible disability, ethnicity, sex characteristics, gender +identity and expression, level of experience, education, socio-economic status, +nationality, personal appearance, race, caste, color, religion, or sexual +identity and orientation. + +We pledge to act and interact in ways that contribute to an open, welcoming, +diverse, inclusive, and healthy community. + +## Our Standards + +Examples of behavior that contributes to a positive environment for our +community include: + +- Demonstrating empathy and kindness toward other people +- Being respectful of differing opinions, viewpoints, and experiences +- Giving and gracefully accepting constructive feedback +- Accepting responsibility and apologizing to those affected by our mistakes, + and learning from the experience +- Focusing on what is best not just for us as individuals, but for the overall + community + +Examples of unacceptable behavior include: + +- The use of sexualized language or imagery, and sexual attention or advances of + any kind +- Trolling, insulting or derogatory comments, and personal or political attacks +- Public or private harassment +- Publishing others' private information, such as a physical or email address, + without their explicit permission +- Other conduct which could reasonably be considered inappropriate in a + professional setting + +## Enforcement Responsibilities + +Community leaders are responsible for clarifying and enforcing our standards of +acceptable behavior and will take appropriate and fair corrective action in +response to any behavior that they deem inappropriate, threatening, offensive, +or harmful. + +Community leaders have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are +not aligned to this Code of Conduct, and will communicate reasons for moderation +decisions when appropriate. + +## Scope + +This Code of Conduct applies within all community spaces, and also applies when +an individual is officially representing the community in public spaces. +Examples of representing our community include using an official e-mail address, +posting via an official social media account, or acting as an appointed +representative at an online or offline event. + +## Enforcement + +Instances of abusive, harassing, or otherwise unacceptable behavior may be +reported to the community leaders responsible for enforcement at +jonatan.maennchen@erlef.org. +All complaints will be reviewed and investigated promptly and fairly. + +All community leaders are obligated to respect the privacy and security of the +reporter of any incident. + +## Enforcement Guidelines + +Community leaders will follow these Community Impact Guidelines in determining +the consequences for any action they deem in violation of this Code of Conduct: + +### 1. Correction + +**Community Impact**: Use of inappropriate language or other behavior deemed +unprofessional or unwelcome in the community. + +**Consequence**: A private, written warning from community leaders, providing +clarity around the nature of the violation and an explanation of why the +behavior was inappropriate. A public apology may be requested. + +### 2. Warning + +**Community Impact**: A violation through a single incident or series of +actions. + +**Consequence**: A warning with consequences for continued behavior. No +interaction with the people involved, including unsolicited interaction with +those enforcing the Code of Conduct, for a specified period of time. This +includes avoiding interactions in community spaces as well as external channels +like social media. Violating these terms may lead to a temporary or permanent +ban. + +### 3. Temporary Ban + +**Community Impact**: A serious violation of community standards, including +sustained inappropriate behavior. + +**Consequence**: A temporary ban from any sort of interaction or public +communication with the community for a specified period of time. No public or +private interaction with the people involved, including unsolicited interaction +with those enforcing the Code of Conduct, is allowed during this period. +Violating these terms may lead to a permanent ban. + +### 4. Permanent Ban + +**Community Impact**: Demonstrating a pattern of violation of community +standards, including sustained inappropriate behavior, harassment of an +individual, or aggression toward or disparagement of classes of individuals. + +**Consequence**: A permanent ban from any sort of public interaction within the +community. + +## Attribution + +This Code of Conduct is adapted from the [Contributor Covenant][homepage], +version 2.1, available at +[https://www.contributor-covenant.org/version/2/1/code_of_conduct.html][v2.1]. + +Community Impact Guidelines were inspired by +[Mozilla's code of conduct enforcement ladder][mozilla coc]. + +For answers to common questions about this code of conduct, see the FAQ at +[https://www.contributor-covenant.org/faq][faq]. Translations are available at +[https://www.contributor-covenant.org/translations][translations]. + +[homepage]: https://www.contributor-covenant.org +[v2.1]: https://www.contributor-covenant.org/version/2/1/code_of_conduct.html +[mozilla coc]: https://github.com/mozilla/diversity +[faq]: https://www.contributor-covenant.org/faq +[translations]: https://www.contributor-covenant.org/translations diff --git a/.github/CONTRIBUTING.md b/.github/CONTRIBUTING.md new file mode 100644 index 0000000..8bdb27a --- /dev/null +++ b/.github/CONTRIBUTING.md @@ -0,0 +1,156 @@ +# Contributing to `oidcc` + +## Welcome! + +We look forward to your contributions! Here are some examples how you can +contribute: + +- [Report a bug](https://github.com/Erlang-Openid/oidcc/issues/new?labels=bug&template=BUG.md) +- [Propose a new feature](https://github.com/Erlang-Openid/oidcc/issues/new?labels=enhancement&template=FEATURE.md) +- [Send a pull request](https://github.com/Erlang-Openid/oidcc/pulls) + +## We have a Code of Conduct + +Please note that this project is released with a +[Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this +project you agree to abide by its terms. + +## Any contributions you make will be under the Apache 2.0 License + +When you submit code changes, your submissions are understood to be under the +same [Apache 2.0](https://github.com/Erlang-Openid/oidcc/blob/main/LICENSE) +that covers the project. By contributing to this project, you agree that your +contributions will be licensed under its Apache 2.0 License. + +## Write bug reports with detail, background, and sample code + +In your bug report, please provide the following: + +- A quick summary and/or background +- Steps to reproduce + - Be specific! + - Give sample code if you can. +- What you expected would happen +- What actually happens +- Notes (possibly including why you think this might be happening, or stuff you +- tried that didn't work) + +Please do not report a bug for a version of `oidcc` that is no longer +supported (`< 1.0.0`). Please do not report a bug if you are using a version of +Erlang or Elixir that is not supported by the version of `oidcc` you are using. + +Please post code and output as text +([using proper markup](https://guides.github.com/features/mastering-markdown/)). +Do not post screenshots of code or output. + +## Workflow for Pull Requests + +1. Fork the repository. +2. Create your branch from `main` if you plan to implement new functionality or + change existing code significantly; create your branch from the oldest branch + that is affected by the bug if you plan to fix a bug. +3. Implement your change and add tests for it. +4. Ensure the test suite passes. +5. Ensure the code complies with our coding guidelines (see below). +6. Send that pull request! + +Please make sure you have +[set up your user name and email address](https://git-scm.com/book/en/v2/Getting-Started-First-Time-Git-Setup) +for use with Git. Strings such as `silly nick name ` look really +stupid in the commit history of a project. + +We encourage you to +[sign your Git commits with your GPG key](https://docs.github.com/en/github/authenticating-to-github/signing-commits). + +Pull requests for new features must be based on the `main` branch. + +We are trying to keep backwards compatibility breaks in `oidcc` to a +minimum. Please take this into account when proposing changes. + +Due to time constraints, we are not always able to respond as quickly as we +would like. Please do not take delays personal and feel free to remind us if you +feel that we forgot to respond. + +## Dual Language Support + +This project contains both Erlang Code and Elixir Bindings and uses both +`rebar3` (Erlang) and `mix` (Elixir) package / build managers. + +This is to ensure, that the library can be used from Erlang without needing +Elixir and from Elixir with a nice interface. + +Because of this, some tasks (like tests; see below) need to be called for both +managers. Special consideration is required to change dependencies since they +need to be patched for both managers and need to be kept in sync. + +## Coding Guidelines + +This project comes with configured linters (located in `rebar.config` and +`.credo.exs` in the repository) that you can use to perform various checks: + +```bash +$ rebar3 lint # Elvis Linter (Erlang Code) +$ rebar3 hank # Dead Code Checker (Erlang Code) +$ mix credo # Credo Linter (Elixir Bindings) +``` + +This project comes with configuration (located in `rebar.config` and +`.formatter.exs` in the repository) that you can use to (re)format your +source code for compliance with this project's coding guidelines: + +```bash +$ rebar3 fmt # Erlang Code +$ mix format # Elixir Bindings +``` + +This project uses `dialyzer` to perform static code checking. Run it to make +sure that your code is valid: + +```bash +$ rebar3 dialyzer # Erlang Code +$ mix dialyzer # Elixir Bindings +``` + +Please understand that we will not accept a pull request when its changes +violate this project's coding guidelines. + +## Using `oidcc` from a Git checkout + +The following commands can be used to perform the initial checkout of +`oidcc`: + +```bash +$ git clone git@github.com:Erlang-Openid/oidcc.git + +$ cd oidcc +``` + +Install `oidcc`'s dependencies using [rebar3](https://rebar3.org/) and +[mix](https://hexdocs.pm/mix/Mix.html): + +```bash +$ rebar3 get-deps # Erlang Code +$ mix deps # Elixir Bindings +``` + +## Running `oidcc`'s test suite + +After following the steps shown above, `oidcc`'s test suite is run like +this: + +```bash +$ rebar3 eunit # Erlang Code Unit Tests +$ rebar3 ct # Erlang Code Integration Tests +$ mix test # Elixir Bindings Tests +``` + +## Generating `oidcc` Documentation + +To generate the documentation for the library, run: + +```bash +$ mix docs +``` + + + diff --git a/.github/FUNDING.yml b/.github/FUNDING.yml new file mode 100644 index 0000000..7fb8bd6 --- /dev/null +++ b/.github/FUNDING.yml @@ -0,0 +1 @@ +custom: https://members.erlef.org/join-us diff --git a/.github/ISSUE_TEMPLATE/BUG.yml b/.github/ISSUE_TEMPLATE/BUG.yml new file mode 100644 index 0000000..e21deb0 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/BUG.yml @@ -0,0 +1,58 @@ +name: 🐞 Bug Report +description: Something is broken? +labels: ["bug"] +body: + - type: markdown + attributes: + value: | + - Create a discussion instead if you are looking for support: + https://github.com/Erlang-Openid/oidcc/discussions + - type: input + id: version + attributes: + label: oidcc version + placeholder: x.y.z + validations: + required: true + - type: input + id: erlang-version + attributes: + label: Erlang version + placeholder: x.y.z + validations: + required: true + - type: input + id: elixir-version + attributes: + label: Elixir version + placeholder: x.y.z + validations: + required: true + - type: textarea + id: summary + attributes: + label: Summary + description: Provide a summary describing the problem you are experiencing. + validations: + required: true + - type: textarea + id: current-behaviour + attributes: + label: Current behavior + description: What is the current (buggy) behavior? + validations: + required: true + - type: textarea + id: reproduction + attributes: + label: How to reproduce + description: Provide steps to reproduce the bug. + validations: + required: true + - type: textarea + id: expected-behaviour + attributes: + label: Expected behavior + description: What was the expected (correct) behavior? + validations: + required: true diff --git a/.github/ISSUE_TEMPLATE/FEATURE.yml b/.github/ISSUE_TEMPLATE/FEATURE.yml new file mode 100644 index 0000000..e5dec63 --- /dev/null +++ b/.github/ISSUE_TEMPLATE/FEATURE.yml @@ -0,0 +1,11 @@ +name: 🎉 Feature Request +description: You have a neat idea that should be implemented? +labels: ["enhancement"] +body: + - type: textarea + id: description + attributes: + label: Description + description: Provide a summary of the feature you would like to see implemented. + validations: + required: true diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..e97514b --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,5 @@ +Please go the the `Preview` tab and select the appropriate sub-template: + +- [🐞 Bug Fix](?expand=1&template=FIX.md) +- [⚙ Improvement](?expand=1&template=IMPROVEMENT.md) +- [🎉 New Feature](?expand=1&template=NEW_FEATURE.md) diff --git a/.github/PULL_REQUEST_TEMPLATE/FIX.md b/.github/PULL_REQUEST_TEMPLATE/FIX.md new file mode 100644 index 0000000..379b2cd --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/FIX.md @@ -0,0 +1,10 @@ + + + diff --git a/.github/PULL_REQUEST_TEMPLATE/IMPROVEMENT.md b/.github/PULL_REQUEST_TEMPLATE/IMPROVEMENT.md new file mode 100644 index 0000000..f158659 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/IMPROVEMENT.md @@ -0,0 +1,9 @@ + + + diff --git a/.github/PULL_REQUEST_TEMPLATE/NEW_FEATURE.md b/.github/PULL_REQUEST_TEMPLATE/NEW_FEATURE.md new file mode 100644 index 0000000..5cdb6ac --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE/NEW_FEATURE.md @@ -0,0 +1,9 @@ + + + diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..65dedd3 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,7 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: "/" + schedule: + interval: daily + open-pull-requests-limit: 10 diff --git a/.github/workflows/branch_main.yml b/.github/workflows/branch_main.yml new file mode 100644 index 0000000..a95fda2 --- /dev/null +++ b/.github/workflows/branch_main.yml @@ -0,0 +1,34 @@ +on: + push: + branches: + - "main" + +name: "Main Branch" + +jobs: + detectToolVersions: + name: "Detect Tool Versions" + + uses: ./.github/workflows/part_tool_versioning.yml + + test: + name: "Test" + + needs: ["detectToolVersions"] + + uses: ./.github/workflows/part_test.yml + with: + otpVersion: "${{ needs.detectToolVersions.outputs.otpVersion }}" + rebarVersion: "${{ needs.detectToolVersions.outputs.rebarVersion }}" + elixirVersion: "${{ needs.detectToolVersions.outputs.elixirVersion }}" + + docs: + name: "Docs" + + needs: ["detectToolVersions"] + + uses: ./.github/workflows/part_docs.yml + with: + otpVersion: "${{ needs.detectToolVersions.outputs.otpVersion }}" + rebarVersion: "${{ needs.detectToolVersions.outputs.rebarVersion }}" + elixirVersion: "${{ needs.detectToolVersions.outputs.elixirVersion }}" diff --git a/.github/workflows/part_docs.yml b/.github/workflows/part_docs.yml new file mode 100644 index 0000000..ff6ac9a --- /dev/null +++ b/.github/workflows/part_docs.yml @@ -0,0 +1,77 @@ +on: + workflow_call: + inputs: + otpVersion: + required: true + type: string + rebarVersion: + required: true + type: string + elixirVersion: + required: true + type: string + releaseName: + required: false + type: string + +name: "Documentation" + +jobs: + generate: + name: "Generate" + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-elixir@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + elixir-version: ${{ inputs.elixirVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: docs-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ steps.setupBEAM.outputs.elixir-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + docs-build-{{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ steps.setupBEAM.outputs.elixir-version }}- + - uses: actions/cache@v3 + with: + path: deps + key: docs-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ steps.setupBEAM.outputs.elixir-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + docs-bdepsuild-{{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ steps.setupBEAM.outputs.elixir-version }}- + - run: mix deps.get + - run: mix docs + - uses: actions/upload-artifact@v3 + with: + name: docs + path: doc + + upload: + name: "Upload" + + runs-on: ubuntu-latest + + if: ${{ inputs.releaseName }} + + needs: ["generate"] + + permissions: + contents: write + + steps: + - uses: actions/checkout@v3 + - uses: actions/download-artifact@v3 + with: + name: docs + path: docs + - run: | + tar -czvf docs.tar.gz docs + - name: Upload + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + gh release upload --clobber "${{ inputs.releaseName }}" \ + docs.tar.gz diff --git a/.github/workflows/part_release.yml b/.github/workflows/part_release.yml new file mode 100644 index 0000000..7b2147d --- /dev/null +++ b/.github/workflows/part_release.yml @@ -0,0 +1,56 @@ +on: + workflow_call: + inputs: + releaseName: + required: true + type: string + stable: + required: false + type: boolean + default: false + +name: "Release" + +jobs: + create_prerelease: + name: Create Prerelease + + if: ${{ !inputs.stable }} + + runs-on: ubuntu-latest + + permissions: + contents: write + + steps: + - name: Create draft prerelease + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + gh release create \ + --repo ${{ github.repository }} \ + --title ${{ inputs.releaseName }} \ + --prerelease \ + --generate-notes \ + ${{ inputs.releaseName }} + + create_stable: + name: Create Stable + + if: ${{ inputs.stable }} + + runs-on: ubuntu-latest + + permissions: + contents: write + + steps: + - name: Create draft release + env: + GITHUB_TOKEN: ${{ github.token }} + run: | + gh release create \ + --repo ${{ github.repository }} \ + --title ${{ inputs.releaseName }} \ + --generate-notes \ + ${{ inputs.releaseName }} diff --git a/.github/workflows/part_test.yml b/.github/workflows/part_test.yml new file mode 100644 index 0000000..894d304 --- /dev/null +++ b/.github/workflows/part_test.yml @@ -0,0 +1,347 @@ +on: + workflow_call: + inputs: + otpVersion: + required: true + type: string + rebarVersion: + required: true + type: string + elixirVersion: + required: true + type: string + +name: "Test" + +env: + ERL_AFLAGS: "-enable-feature all" + +jobs: + rebar_format: + name: Check Rebar Formatting + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: rebar_format-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + rebar_format-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: rebar3 fmt --check + + mix_format: + name: Check Mix Formatting + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + elixir-version: ${{ inputs.elixirVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: mix_format-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + mix_format-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - uses: actions/cache@v3 + with: + path: deps + key: mix_format-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + mix_format-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: mix deps.get + - run: mix format --check-formatted + + eunit: + name: Run EUnit + + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + include: + - otp: "${{ inputs.otpVersion }}" + - otp: "master" + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ matrix.otp }} + rebar3-version: ${{ inputs.rebarVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: eunit-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + eunit-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: rebar3 eunit --cover + - uses: actions/upload-artifact@v3 + with: + name: eunit-coverage + path: _build/test/cover/eunit.coverdata + + conformance: + name: Run Conformance Tests + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: ct-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + ct-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: rebar3 ct --cover + - uses: actions/upload-artifact@v3 + with: + name: ct-coverage + path: _build/test/cover/ct.coverdata + + mix_test: + name: Run Mix Tests + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + elixir-version: ${{ inputs.elixirVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: mix_test-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + mix_test-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - uses: actions/cache@v3 + with: + path: deps + key: mix_test-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + mix_test-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: mix deps.get + - run: mix test --cover --export-coverage mix_test + - uses: actions/upload-artifact@v3 + with: + name: mix_test-coverage + path: cover/mix_test.coverdata + + coverage: + name: Process Test Coverage + + runs-on: ubuntu-latest + + needs: ["eunit", "conformance", "mix_test"] + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: cover-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + cover-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - uses: actions/download-artifact@v3 + with: + name: ct-coverage + path: _build/test/cover/ + - uses: actions/download-artifact@v3 + with: + name: eunit-coverage + path: _build/test/cover/ + - uses: actions/download-artifact@v3 + with: + name: mix_test-coverage + path: _build/test/cover/ + - run: rebar3 cover + - uses: actions/upload-artifact@v3 + with: + name: coverage-report + path: _build/test/cover/ + + coveralls: + name: Send Coverage to coveralls.io + + runs-on: ubuntu-latest + + needs: ["eunit", "conformance", "mix_test"] + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: cover-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + cover-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - uses: actions/download-artifact@v3 + with: + name: ct-coverage + path: _build/test/cover/ + - uses: actions/download-artifact@v3 + with: + name: eunit-coverage + path: _build/test/cover/ + - uses: actions/download-artifact@v3 + with: + name: mix_test-coverage + path: _build/test/cover/ + - uses: actions/upload-artifact@v3 + with: + name: coverage-report + path: _build/test/cover/ + - run: rebar3 as test coveralls send + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + lint: + name: Lint + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: lint-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + lint-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: rebar3 lint + + credo: + name: Run Credo + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + elixir-version: ${{ inputs.elixirVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: credo-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + credo-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - uses: actions/cache@v3 + with: + path: deps + key: credo-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + credo-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: mix deps.get + - run: mix credo + + dialyxir: + name: Run Dialyxir + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + elixir-version: ${{ inputs.elixirVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: dialyxir-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + dialyxir-build-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - uses: actions/cache@v3 + with: + path: deps + key: dialyxir-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + dialyxir-deps-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: mix deps.get + - run: mix dialyzer + + dialyzer: + name: Dialyzer + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: dialyzer-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + dialyzer-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: rebar3 dialyzer + + hank: + name: Hank + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + - uses: erlef/setup-beam@v1 + id: setupBEAM + with: + otp-version: ${{ inputs.otpVersion }} + rebar3-version: ${{ inputs.rebarVersion }} + - uses: actions/cache@v3 + with: + path: _build + key: hank-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}-${{ hashFiles('rebar.lock') }} + restore-keys: | + hank-${{ runner.os }}-${{ steps.setupBEAM.outputs.otp-version }}- + - run: rebar3 hank diff --git a/.github/workflows/part_tool_versioning.yml b/.github/workflows/part_tool_versioning.yml new file mode 100644 index 0000000..59150b3 --- /dev/null +++ b/.github/workflows/part_tool_versioning.yml @@ -0,0 +1,42 @@ +on: + workflow_call: + outputs: + otpVersion: + description: "The .tool-versions OTP version" + value: "${{ jobs.detectToolVersions.outputs.otpVersion }}" + rebarVersion: + description: "The .tool-versions Rebar version" + value: "${{ jobs.detectToolVersions.outputs.rebarVersion }}" + elixirVersion: + description: "The .tool-versions Elixir version" + value: "${{ jobs.detectToolVersions.outputs.elixirVersion }}" + +name: "Detect Tool Versions" + +jobs: + detectToolVersions: + name: "Detect Tool Versions" + + runs-on: ubuntu-latest + + outputs: + otpVersion: "${{ env.OTP_VERSION }}" + rebarVersion: "${{ env.REBAR_VERSION }}" + elixirVersion: "${{ env.ELIXIR_VERSION }}" + + steps: + - uses: actions/checkout@v3 + - name: "Read .tool-versions" + id: toolVersions + run: | + OTP_VERSION="$(cat .tool-versions | grep erlang | cut -d' ' -f2-)" + echo OTP: $OTP_VERSION + echo "OTP_VERSION=${OTP_VERSION}" >> $GITHUB_ENV + + REBAR_VERSION="$(cat .tool-versions | grep rebar | cut -d' ' -f2-)" + echo Rebar: $REBAR_VERSION + echo "REBAR_VERSION=${REBAR_VERSION}" >> $GITHUB_ENV + + ELIXIR_VERSION="$(cat .tool-versions | grep elixir | cut -d' ' -f2-)" + echo Rebar: $ELIXIR_VERSION + echo "ELIXIR_VERSION=${ELIXIR_VERSION}" >> $GITHUB_ENV diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml new file mode 100644 index 0000000..a3bad32 --- /dev/null +++ b/.github/workflows/pr.yml @@ -0,0 +1,35 @@ +on: + pull_request: + branches: + - "*" + workflow_dispatch: {} + +name: "Pull Request" + +jobs: + detectToolVersions: + name: "Detect Tool Versions" + + uses: ./.github/workflows/part_tool_versioning.yml + + test: + name: "Test" + + needs: ["detectToolVersions"] + + uses: ./.github/workflows/part_test.yml + with: + otpVersion: "${{ needs.detectToolVersions.outputs.otpVersion }}" + rebarVersion: "${{ needs.detectToolVersions.outputs.rebarVersion }}" + elixirVersion: "${{ needs.detectToolVersions.outputs.elixirVersion }}" + + docs: + name: "Docs" + + needs: ["detectToolVersions"] + + uses: ./.github/workflows/part_docs.yml + with: + otpVersion: "${{ needs.detectToolVersions.outputs.otpVersion }}" + rebarVersion: "${{ needs.detectToolVersions.outputs.rebarVersion }}" + elixirVersion: "${{ needs.detectToolVersions.outputs.elixirVersion }}" diff --git a/.github/workflows/tag-beta.yml b/.github/workflows/tag-beta.yml new file mode 100644 index 0000000..8b23575 --- /dev/null +++ b/.github/workflows/tag-beta.yml @@ -0,0 +1,31 @@ +on: + push: + tags: + - "v[0-9]+.[0-9]+.[0-9]+-beta.[0-9]+" + +name: "Beta Tag" + +jobs: + detectToolVersions: + name: "Detect Tool Versions" + + uses: ./.github/workflows/part_tool_versioning.yml + + release: + name: "Release" + + uses: ./.github/workflows/part_release.yml + with: + releaseName: "${{ github.ref_name }}" + + docs: + name: "Docs" + + needs: ["release", "detectToolVersions"] + + uses: ./.github/workflows/part_docs.yml + with: + otpVersion: "${{ needs.detectToolVersions.outputs.otpVersion }}" + rebarVersion: "${{ needs.detectToolVersions.outputs.rebarVersion }}" + elixirVersion: "${{ needs.detectToolVersions.outputs.elixirVersion }}" + releaseName: "${{ github.ref_name }}" diff --git a/.github/workflows/tag-stable.yml b/.github/workflows/tag-stable.yml new file mode 100644 index 0000000..f4beb93 --- /dev/null +++ b/.github/workflows/tag-stable.yml @@ -0,0 +1,32 @@ +on: + push: + tags: + - "v[0-9]+.[0-9]+.[0-9]+" + +name: "Stable Tag" + +jobs: + detectToolVersions: + name: "Detect Tool Versions" + + uses: ./.github/workflows/part_tool_versioning.yml + + release: + name: "Release" + + uses: ./.github/workflows/part_release.yml + with: + releaseName: "${{ github.ref_name }}" + stable: true + + docs: + name: "Docs" + + needs: ["release", "detectToolVersions"] + + uses: ./.github/workflows/part_docs.yml + with: + otpVersion: "${{ needs.detectToolVersions.outputs.otpVersion }}" + rebarVersion: "${{ needs.detectToolVersions.outputs.rebarVersion }}" + elixirVersion: "${{ needs.detectToolVersions.outputs.elixirVersion }}" + releaseName: "${{ github.ref_name }}" diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index b70c6bb..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,136 +0,0 @@ -name: Test - -on: - pull_request: - branches: - - '*' - push: - branches: - - 'master' - tags: - - 'v*' - -# Secrets: -# * CACHE_VERSION - Set to `date +%s`, set new when the cache should be busted - -env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - -jobs: - format: - name: "Format" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: erlef/setup-beam@v1 - with: - otp-version: 24.1 - rebar3-version: 3.15.2 - - uses: actions/cache@v2 - name: Cache - with: - path: | - _build - key: build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-24.1-${{ hashFiles(format('rebar.lock')) }}-1 - restore-keys: | - build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-24.1-1- - - name: Elvis - run: rebar3 format --verify - - lint: - name: "Elvis" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: erlef/setup-beam@v1 - with: - otp-version: 24.1 - rebar3-version: 3.15.2 - - uses: actions/cache@v2 - name: Cache - with: - path: | - _build - key: build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-24.1-${{ hashFiles(format('rebar.lock')) }}-1 - restore-keys: | - build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-24.1-1- - - name: Elvis - run: rebar3 lint - - dialyzer: - name: "Dialyzer" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: erlef/setup-beam@v1 - with: - otp-version: 24.1 - rebar3-version: 3.15.2 - - uses: actions/cache@v2 - name: Cache - with: - path: | - _build - key: build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-24.1-${{ hashFiles(format('rebar.lock')) }}-1 - restore-keys: | - build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-24.1-1- - - name: Dialyzer - run: rebar3 dialyzer - - eunit: - name: EUnit on OTP ${{ matrix.otp_version }} and ${{ matrix.os }} - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - otp_version: ["24.1", "23.3.1", "22.3.4.9", "21.3.8.17"] - os: [ubuntu-latest] - env: - OTP_VERSION: ${{ matrix.otp_version }} - steps: - - uses: actions/checkout@v2 - - uses: erlef/setup-beam@v1 - with: - otp-version: ${{ matrix.otp_version }} - rebar3-version: 3.15.2 - - uses: actions/cache@v2 - name: Cache - with: - path: | - _build - key: build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-${{ matrix.otp_version }}-${{ hashFiles(format('rebar.lock')) }}-1 - restore-keys: | - build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-${{ matrix.otp_version }}-1- - - name: Compile - run: rebar3 compile - - name: EUnit - run: rebar3 eunit --cover - - ct: - name: CT on OTP ${{ matrix.otp_version }} and ${{ matrix.os }} - runs-on: ${{ matrix.os }} - strategy: - fail-fast: false - matrix: - otp_version: ["24.1", "23.3.1", "22.3.4.9", "21.3.8.17"] - os: [ubuntu-latest] - env: - OTP_VERSION: ${{ matrix.otp_version }} - steps: - - uses: actions/checkout@v2 - - uses: erlef/setup-beam@v1 - with: - otp-version: ${{ matrix.otp_version }} - rebar3-version: 3.15.2 - - uses: actions/cache@v2 - name: Cache - with: - path: | - _build - key: build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-${{ matrix.otp_version }}-${{ hashFiles(format('rebar.lock')) }}-1 - restore-keys: | - build-${{ secrets.CACHE_VERSION }}-${{ runner.os }}-build-${{ matrix.otp_version }}-1- - - name: Compile - run: rebar3 compile - - name: Common Test - run: rebar3 ct --cover diff --git a/.gitignore b/.gitignore index ebf8079..13bfa23 100644 --- a/.gitignore +++ b/.gitignore @@ -1,19 +1,40 @@ -*.d +# The directory Mix & Rebar will write compiled artifacts to. +/_build/ +*.beam + +# If you run "mix test --cover" / "rebar3 eunit" / "rebar3 ct", coverage assets end up here. +/cover/ +*.coverdata + +# The directory Mix downloads your dependencies sources to. +/deps/ + +# Where 3rd-party dependencies like ExDoc output generated docs. +/doc/ + +# Ignore .fetch files in case you like to edit your project deps locally. +/.fetch + +# If the VM or Rebar3 crashes, it generates a dump, let's ignore it too. +erl_crash.dump +rebar3.crashdump + +# Also ignore archive artifacts (built via "mix archive.build"). +*.ez + +# Ignore package tarball (built via "mix hex.build"). +oidcc-*.tar + +# Ignore Package Lock Files (not relevant for library) +mix.lock +rebar.lock + +# Other Rebar Files ebin/ log/ relx -deps/ _rel/ -_build/ -doc/ -.erlang.mk/ -.tts.plt elvis xrefr -cover/ -*.coverdata -test/ct.cover.spec -*.beam *~ -*# -conformance/rebar.lock +*# \ No newline at end of file diff --git a/.tool-versions b/.tool-versions index e84d3e1..34e95a5 100644 --- a/.tool-versions +++ b/.tool-versions @@ -1 +1,3 @@ -erlang 24.1.1 +erlang 26.0.2 +rebar 3.22.1 +elixir 1.15.5 diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..6e78ee3 --- /dev/null +++ b/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright 2023 Jonatan Männchen / Erlang Ecosystem Foundation + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. \ No newline at end of file diff --git a/Makefile b/Makefile deleted file mode 100644 index a893325..0000000 --- a/Makefile +++ /dev/null @@ -1,26 +0,0 @@ -REBAR = $(shell pwd)/rebar3 -APP=oidcc - -.PHONY: all ct test clean elvis compile basic_client - -all: compile - -clean: - $(REBAR) clean - -eunit: - $(REBAR) do eunit -v, cover -v - cp _build/test/cover/eunit.coverdata . - -ct: - $(REBAR) do ct -v, cover -v - cp _build/test/cover/ct.coverdata . - -tests: - $(REBAR) do lint, eunit, ct, cover -v - -elvis: - $(REBAR) lint - -compile: - $(REBAR) compile diff --git a/README.md b/README.md index 5f3eb84..99fd267 100644 --- a/README.md +++ b/README.md @@ -1,132 +1,194 @@ # oidcc -[![Test](https://github.com/Erlang-OpenID/oidcc/actions/workflows/test.yml/badge.svg)](https://github.com/Erlang-OpenID/oidcc/actions/workflows/test.yml) +[![Main Branch](https://github.com/Erlang-Openid/oidcc/actions/workflows/branch_main.yml/badge.svg?branch=main)](https://github.com/Erlang-Openid/oidcc/actions/workflows/branch_main.yml) [![Module Version](https://img.shields.io/hexpm/v/oidcc.svg)](https://hex.pm/packages/oidcc) [![Total Download](https://img.shields.io/hexpm/dt/oidcc.svg)](https://hex.pm/packages/oidcc) -[![License](https://img.shields.io/hexpm/l/oidcc.svg)](https://github.com/Erlang-OpenID/oidcc/blob/master/LICENSE) +[![License](https://img.shields.io/hexpm/l/oidcc.svg)](https://github.com/Erlang-OpenID/oidcc/blob/main/LICENSE) [![Last Updated](https://img.shields.io/github/last-commit/Erlang-OpenID/oidcc.svg)](https://github.com/Erlang-OpenID/oidcc/commits/master) +[![Coverage Status](https://coveralls.io/repos/github/Erlang-Openid/oidcc/badge.svg?branch=main)](https://coveralls.io/github/Erlang-Openid/oidcc?branch=main) OpenID Connect client library for Erlang. -OpenID Certified by Bas Wegh at SCC/KIT for the basic and configuration profile of the OpenID Connect protocol. -oidcc can be used to enable Erlang applications to rely on an OpenID Connect Provider -for authentication and authorization purposes. + + -## Usage -### Setup an OpenID Connect Provider -First an OpenID Connect Provider needs to be added, using -`oidcc:add_openid_provider/2` or `oidcc:add_openid_provider/3`. -The parameter are: -* Issuer or ConfigEndpoint: The url of the issuer or its configuration endpoint. - Oidcc will figure out what it is and generate the needed configuration url. - This url is used to receive the configuration and set up the client, no - configuration needs to be done. -* LocalEndpoint: The local URL where the user will be redirected back to once - logged in at the OpenID Connect provider, this MUST be the same as the path that - is handled by an http-handler for your web-server (see [oidcc_cowboy](https://github.com/indigo-dc/oidcc_cowboy) ). -* Additional configuration, using a map. possible configurations are: - * `name`: a name for the provider, just some text (no functional usage) - * `description`: a longer descriptive text (no functional usage) - * `client_id`: the client id, if this is not given oidcc tries to dynamically register - * `client_secret`: the client secret which has been generated during manual registration - * `request_scopes`: the scopes to request by default when using this provider - * `registration_params`: a map of parameter to use during the dynamic registration. - * `static_extend_url`: a map used to create key/values in the redirection url - - -### Login Users -It is highly encouraged to implement the `oidcc_client` behaviour, which expects two methods in your module: - - `login_succeeded/1`: Called when the login succeeded with the Token received - - `login_failed/2`: Called when the login failed with Error and Description - -List of web-server modules that support the `oidcc_client` behaviour: - * [oidcc_cowboy](https://github.com/indigo-dc/oidcc_cowboy) for cowboy - -if you implemented an plugin/module for another web-server please let me know, so I can add it to the list above. - - -### Your application code -This is a short description of the [basic_client example](https://github.com/indigo-dc/oidcc_cowboy/blob/master/example/basic_client) -First add an openid connect provider: -``` -ConfigEndpoint = <<"https://some-provider.com">>, -LocalEndpoint = <<"http://localhost:8080/oidc">>, -Config = #{ - id => <<"someprovider">>, - client_id => <<"1234">>, - client_secret => <<"secret">> - }, -oidcc:add_openid_provider(ConfigEndpoint, LocalEndpoint, Config), -``` +The refactoring for `v3` and the certification is funded as an +[Erlang Ecosystem Foundation](https://erlef.org/) stipend entered by the +[Security Working Group](https://erlef.org/wg/security). + +## Setup + +### Erlang -Second register your `oidcc_client` module: +**directly** + +```erlang +{ok, Pid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://accounts.google.com">>, + name => {local, google_config_provider} + }). ``` -oidcc_client:register(my_client) + +**via `supervisor`** + +```erlang +-behaviour(supervisor). + +%% ... + +init(_Args) -> + SupFlags = #{strategy => one_for_one}, + ChildSpecs = [#{id => oidcc_provider_configuration_worker, + start => {oidcc_provider_configuration_worker, start_link, [ + #{issuer => "https://accounts.google.com", + name => {local, myapp_oidcc_config_provider}} + ]}, + shutdown => brutal_kill}], + {ok, {SupFlags, ChildSpecs}}. ``` -Third start the web-server (in this example cowboy). -It is important, that you specify the correct path for the oidcc-server-module (oidcc_cowboy here). -In this example it is at '/oidc', that is why the LocalEndpoint above has the trailing /oidc. +### Elixir + +**directly** + +```elixir +{:ok, _pid} = + Oidcc.ProviderConfiguration.Worker.start_link(%{ + issuer: "https://accounts.google.com/", + name: Myapp.OidccConfigProvider +}) ``` -Dispatch = cowboy_router:compile( [{'_', - [ - {"/", my_http, []}, - {"/oidc", oidcc_cowboy, []} - ]}]), -{ok, _} = cowboy:start_http( http_handler - , 100 - , [ {port, 8080} ] - , [{env, [{dispatch, Dispatch}]}] - ), + +**via `Supervisor`** + +```elixir +Supervisor.init([ + {Oidcc.ProviderConfiguration.Worker, %{ + issuer: "https://accounts.google.com", + name: Myapp.OidccConfigProvider + }} +], strategy: :one_for_one) ``` -Your `oidcc_client` implementation is just a module with two functions: +## Usage + +### Companion libraries + +`oidcc` offers integrations for various libraries: + + + + + +### Erlang + +```erlang +%% Create redirect URI for authorization +{ok, RedirectUri} = + oidcc:create_redirect_url(myapp_oidcc_config_provider, + <<"client_id">>, + <<"client_secret">> + #{redirect_uri: <<"https://example.com/callback"}), + +%% Redirect user to `RedirectUri` + +%% Retrieve `code` query / form param from redirect back + +%% Exchange code for token +{ok, Token} = + oidcc:retrieve_token(AuthCode, + myapp_oidcc_config_provider, + <<"client_id">>, + <<"client_secret">>, + #{redirect_uri => <<"https://example.com/callback">>}), + +%% Load userinfo for token +{ok, Claims} = + oidcc:retrieve_userinfo(Token, + myapp_oidcc_config_provider, + <<"client_id">>, + <<"client_secret">>, + #{}), + +%% Load introspection for access token +{ok, Introspection} = + oidcc:introspect_token(Token, + myapp_oidcc_config_provider, + <<"client_id">>, + <<"client_secret">>, + #{}), + +%% Refresh token when it expires +{ok, RefreshedToken} = + oidcc:refresh_token(Token, + myapp_oidcc_config_provider, + <<"client_id">>, + <<"client_secret">>, + #{}). ``` --module(my_client) --behaviour(oidcc_client). - --export([login_succeeded/1]). --export([login_failed/2]). - -login_succeeded(Token) -> - io:format("~n~n**************************~nthe user logged in with~n ~p~n", [Token]), - % create e.g. a session and store it't id in a session to look it up on further usage - SessionId = <<"123">>, - CookieName = <<"MyClientSession">>, - CookieData = SessionId, - Path = <<"/">>, - Updates = [ - {redirect, Path}, - {cookie, CookieName, CookieData, [{max_age, 30}]} - ], - {ok, Updates}. - - -login_failed(Error, Desc) -> - io:format("~n~n***********************~nlogin failed with~n ~p:~p~n", [Error, Desc]), - Path = <<"/">>, - Updates = [{redirect, Path}], - {ok, Updates}. + +for more details, see https://hexdocs.pm/expo/oidcc.html + +### Elixir + +```elixir +# Create redirect URI for authorization +{:ok, redirect_uri} = + Oidcc.create_redirect_url( + Myapp.OidccConfigProvider, + "client_id", + "client_secret", + %{redirect_uri: "https://example.com/callback"} + ) + +# Redirect user to `redirect_uri` + +# Retrieve `code` query / form param from redirect back + +# Exchange code for token +{:ok, token} = Oidcc.retrieve_token( + auth_code, + Myapp.OidccConfigProvider, + "client_id", + "client_secret", + %{redirect_uri: "https://example.com/callback"} +) + +# Load userinfo for token +{:ok, Claims} = Oidcc.retrieve_userinfo( + token, + Myapp.OidccConfigProvider, + "client_id", + "client_secret", + %{expected_subject: "sub"} +) + +# Load introspection for access token +{:ok, introspection} = Oidcc.introspect_token( + token, + Myapp.OidccConfigProvider, + "client_id", + "client_secret" +) + +# Refresh token when it expires +{:ok, refreshed_token} = Oidcc.refresh_token( + token, + Myapp.OidccConfigProvider, + "client_id", + "client_secret" +) ``` -The possible updates depend on the web-module in use. -For oidcc_cowboy these are: -* {redirect, Path} : redirect the browser to the new path/url -* {cookie, Name, Data, Options} : create or delete a cookie - -## Configuration -The oidcc library has some knobs to adjust the behaviour. The default behaviour is -as secure as possible while still being completely standard compliant. - -| Key | Description | Allowed Values (Default) | -| --- | ---- | ---- | -| http_request_timeout | The time an http request may take until it is cancelled, in seconds | integer (300) | -| http_cache_duration | The duration in seconds to keep http results in cache, this is to reduce the load at the IdPs at request spikes coming from the same source. Only UserInfo and TokenIntrospection are cached, if enabled. This is especially useful for e.g. REST interfaces | integer, atom none (none) | -| http_cache_clean | The time in seconds after which the cleaning of the cache will be triggered (trigger happens only on writes) | integer (60) | -| provider_max_tries | The number of tries to perform http request to a provider for setup before giving up | integer (5) | -| scopes | The scope to request at the OpenID Connect provider | list of scopes ([openid]) | -| session_timeout | The time to keep a login session alive in ms | integer (30000) | -| support_none_algorithm | Wether the none algorithm should be supported. Oidcc allows the none algorithm only on direct communication with the provider. It is part of the OpenID Connect specification. The developer encourages to set this to 'false' | boolean (true) | - -All these settings need to be set in the environment of oidcc. diff --git a/conformance/HOWTO.md b/conformance/HOWTO.md new file mode 100644 index 0000000..d27e644 --- /dev/null +++ b/conformance/HOWTO.md @@ -0,0 +1,111 @@ +# Conformance Testing + +## Setup + +- Register on https://www.certification.openid.net/ +- Create Testplan https://www.certification.openid.net/schedule-test.html + +## Conformance Profiles to Test + +### OpenID Connect Core: Basic Certification Profile Relying Party Tests + +- **Relevant for Certification: Yes** +- Id: `oidcc-client-basic-certification-test-plan` +- Request Type: `plain_http_request` +- Client Registration Type: `static_client` +- Config + +```json +{ + "alias": "test", + "description": "test", + "client": { + "client_id": "client_id", + "client_secret": "client_secret", + "redirect_uri": "http://localhost:4000/callback" + } +} +``` + +### OpenID Connect Core Client Tests: Comprehensive client test + +- **Relevant for Certification: No** +- Expected Failures + - `oidcc-client-test-discovery-webfinger-acct` - WebFinger is not supported + - `oidcc-client-test-discovery-webfinger-url` - Webfinger is not supported +- Id: `oidcc-client-test-plan` +- Client Authentication Type: `client_secret_post` +- Request Type: `plain_http_request` +- Response Type: `code` +- Client Registration Type: `static_client` +- Response Mode: `default` +- Config + +```json +{ + "alias": "test", + "description": "test", + "client": { + "client_id": "client_id", + "client_secret": "client_secret", + "redirect_uri": "http://localhost:4000/callback" + } +} +``` + +### OpenID Connect Core Client Refresh Token Profile Tests: Relying party refresh token tests + +- **Relevant for Certification: No** +- Id: `oidcc-client-refreshtoken-test-plan` +- Client Authentication Type: `client_secret_basic` +- Request Type: `plain_http_request` +- Response Type: `code` +- Client Registration Type: `static_client` +- Response Mode: `form_post` +- Config + +```json +{ + "alias": "test", + "description": "test", + "client": { + "client_id": "client_id", + "client_secret": "client_secret", + "redirect_uri": "http://localhost:4000/callback" + } +} +``` + +### OpenID Connect Core: Form Post Basic Certification Profile Relying Party Tests + +- **Relevant for Certification: Yes** +- Id: `oidcc-client-formpost-basic-certification-test-plan` +- Request Type: `plain_http_request` +- Client Registration Type: `static_client` +- Config + +```json +{ + "alias": "test", + "description": "test", + "client": { + "client_id": "client_id", + "client_secret": "client_secret", + "redirect_uri": "http://localhost:4000/callback" + } +} +``` + +## How to Execute + +- Open Plan / Specific Test +- Start `./test.exs` +- Open http://localhost:4000/authorize in your Browser +- (for refresh profiles) Click Refresh Link +- Test should pass + +## How to Submit Certification + +- Execute all `Relevant for Certification` profiles +- All results must be passed (green) or skipped (orange) +- Follow steps here: https://openid.net/certification/connect_rp_submission/ diff --git a/conformance/Makefile b/conformance/Makefile deleted file mode 100644 index e345791..0000000 --- a/conformance/Makefile +++ /dev/null @@ -1,24 +0,0 @@ -REBAR = $(shell pwd)/rebar3 -APP=oidcc - -.PHONY: all ct test clean elvis compile conformance_test - -all: compile - -clean: - $(REBAR) clean - rm -f rebar.lock - rm -rf _build - -compile: - $(REBAR) compile - -run: - $(REBAR) run - - -conformance_test: - # ensure the configured versions are used by upgrading - $(REBAR) upgrade - $(REBAR) release - ./utils/run_tests.sh diff --git a/conformance/README.md b/conformance/README.md deleted file mode 100644 index b91a1e7..0000000 --- a/conformance/README.md +++ /dev/null @@ -1 +0,0 @@ -# Conformance testing of the oidcc library diff --git a/conformance/config/sys.config b/conformance/config/sys.config deleted file mode 100644 index 5a86ef2..0000000 --- a/conformance/config/sys.config +++ /dev/null @@ -1,16 +0,0 @@ -[ -{kernel,[{start_timer,true}]}, -{lager, [ - {log_root, "./log/"}, - {handlers, [ - {lager_console_backend, info}, - {lager_file_backend, [{file, "info.log"}, {level, info}]} - ]} - ]}, -{oidcc, [ - {cacertfile, "/etc/ssl/certs/ca-certificates.crt"}, - {cert_depth, 5}, - {provider_max_tries, 1}, - {retrieve_userinfo, true} - ] } -]. diff --git a/conformance/config/vm.args b/conformance/config/vm.args deleted file mode 100644 index 5de47e8..0000000 --- a/conformance/config/vm.args +++ /dev/null @@ -1,4 +0,0 @@ --name conformance@127.0.0.1 --mode embedded --smp enable --setcookie conformance diff --git a/conformance/priv/readme.txt b/conformance/priv/readme.txt deleted file mode 100644 index a9cf23b..0000000 --- a/conformance/priv/readme.txt +++ /dev/null @@ -1,61 +0,0 @@ -This README describes how to reproduce and verify the conformance test -results of oidcc as an RP. - -# Getting the Source -The following lines clone the git repository, there is no need to checkout a certain version -of the library as the versions are configured in 'oidcc/conformance/rebar.conf'. -``` -git clone https://github.com/indigo-dc/oidcc.git -cd oidcc -``` - -# Running the tests -It will create the directory '/tmp/oidcc_rp_conformance' and put the logs -of oidcc and of the openid.net test-server in the sub directories according -to the profile. - -## Running manually -The following lines will start the oidcc test-server and provide links to you -for each test -``` -cd conformance -make run -``` -Now point the browser to the [oidcc test server](https://localhost:8080). By selecting -a link a test will be started and the logs created and the progress can be watched in the -terminal. - -## Running in Batch Mode -The following lines will run all tests in batch. -``` -cd conformance -make conformance_test -``` - - -# Verifying the Results -Each test is saved in its own '*.log' file called after its official test name. -All logfiles start with the name and start date, like - 'starting test <<"rp-response_type-code">> at <<"Mon, 30 Jan 2017 07:35:08 GMT">>' -The unusual output of the testname, surrounded by << and >> is caused by the -programming language (it is Erlang, using binary). - -Every time a dynamic registration is started and the result shown in the log. -After registration an authentication request is triggered, and its result is shown as -one of the two lines - - User logged in .... - - User not logged in .... -On succesful login the decoded and validated token information is shown, if an error -occured the reason is logged. -The last line logs what the author thinks the logged information results in - either -passed or failed. - -## In depth checks -The differentiation between passing and failing is done in the file - 'oidcc/conformance/src/conformance.erl'. - -Each test has a two functions being called: -- test_: starting the test (might be shared between mutliple tests) -- check_: validating the result -All functions are documented with their desired behaviour. If the check_* function -returns 'true' the test is marked as passed. diff --git a/conformance/priv/ssl/server.crt b/conformance/priv/ssl/server.crt deleted file mode 100644 index e7f956a..0000000 --- a/conformance/priv/ssl/server.crt +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN CERTIFICATE----- -MIICpTCCAg6gAwIBAgIJAOvpU0y2e5J5MA0GCSqGSIb3DQEBBQUAMFUxCzAJBgNV -BAYTAlVTMQ4wDAYDVQQIDAVUZXhhczETMBEGA1UECgwKTmluZSBOaW5lczEPMA0G -A1UECwwGQ293Ym95MRAwDgYDVQQDDAdST09UIENBMB4XDTEzMDIyODA1MjMzNFoX -DTMzMDIyMzA1MjMzNFowVzELMAkGA1UEBhMCVVMxDjAMBgNVBAgMBVRleGFzMRMw -EQYDVQQKDApOaW5lIE5pbmVzMQ8wDQYDVQQLDAZDb3dib3kxEjAQBgNVBAMMCWxv -Y2FsaG9zdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzbW1GjECzHUc/WST -qLiAGqjCNccR5saVS+yoz2SPRhpoyf0/qBrX5BY0tzmgozoTiRfE4wCiVD99Cc+D -rp/FM49r4EpZdocIovprmOmv/gwkoj95zaA6PKNn1OdmDp2hwJsX2Zm3kpbGUZTx -jDkkccmgUb4EjL7qNHq7saQtivUCAwEAAaN7MHkwCQYDVR0TBAIwADAsBglghkgB -hvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYE -FB6jTEIWI8T1ckORA4GezbyYxtbvMB8GA1UdIwQYMBaAFEp9nwoXaOUsEOY0voi4 -S4ZjSl1vMA0GCSqGSIb3DQEBBQUAA4GBACMboVQjrx8u/fk3gl/sR0tbA0Wf/NcS -2Dzsy2czndgVUAG4Sqb+hfgn0dqAyUKghRrj3JDcYxYksGPIklDfPzZb7yJ39l16 -6x5ZiIzhp8CAVdPvRxRznw5rZwaXesryXu1jVSZxTr3MYZdkG6KaAM0t90+YlGLZ -UG8fAicx0Bf+ ------END CERTIFICATE----- \ No newline at end of file diff --git a/conformance/priv/ssl/server.key b/conformance/priv/ssl/server.key deleted file mode 100644 index bd14e9a..0000000 --- a/conformance/priv/ssl/server.key +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQDNtbUaMQLMdRz9ZJOouIAaqMI1xxHmxpVL7KjPZI9GGmjJ/T+o -GtfkFjS3OaCjOhOJF8TjAKJUP30Jz4Oun8Uzj2vgSll2hwii+muY6a/+DCSiP3nN -oDo8o2fU52YOnaHAmxfZmbeSlsZRlPGMOSRxyaBRvgSMvuo0eruxpC2K9QIDAQAB -AoGAaD85c/h6bpq7Aj7CBbLaWKhFI3OqwsTITB22vsM7SE+B4zsP02UnG1OVi3UM -zytTUxpUkKV1njQ+bYZYOVqGWF4Up8tTqUglHn0FTPok1AIemELWtz3sXvdSHC1T -lqvFBAZ9kibn13qGyVOiyCFaMwfOM/05RvV7p3jfUMTWnNECQQDs7yCJZ8Ol8MyH -TGZzvkjoN2zg1KwmTbSD1hkP6QAJtPdRuqFbjlEru0/PefgOXsWLRIa3/3v0qw2G -xGkV6AXTAkEA3kNbFisqUydjPnZIYv/P6SvPdUimHJEjXbAbfNfzS9dzszrOVJd2 -XqGH7z5yzjoH3IyaIMW8GnubVzGDSjrHFwJAKSU5vELlygpwKkrNO+pelN0TLlQg -dSJnZ8GlZorq88SWcn37iX/EftivenNO7YftvEqxLoDSkOGnnrC7Iw/A+wJBAIEe -L/QY72WPJCBNJpAce/PA96vyoE1II3txqwZDjZspdpVQPDz4IFOpEwbxCFC1dYuy -Qnd3Z2cbF4r3wIWGz9ECQQCJGNhUNtY+Om1ELdqPcquxE2VRV/pucnvJSTKwyo2C -Rvm6H7kFDwPDuN23YnTOlTiho0zzCkclcIukhIVJ+dKz ------END RSA PRIVATE KEY----- \ No newline at end of file diff --git a/conformance/priv/static/index.html b/conformance/priv/static/index.html deleted file mode 100644 index d078cb3..0000000 --- a/conformance/priv/static/index.html +++ /dev/null @@ -1,88 +0,0 @@ - - - -

RP Conformance testing of oidcc

- - -

Mandatory Code Tests

- List of OIDC RP library tests for profile: "code" -

Response Type and Response Mode

- - -

scope Request Parameter

- - -

nonce Request Parameter

- - -

Client Authentication

- - -

ID Token

- -

UserInfo Endpoint

- -

Mandatory Configuration Tests (only those missing above)

- List of OIDC RP library tests for profile: "configuration" -

Discovery

- - -

Key Rotation

- - - - - - - - - - - - - - - - - - - - - diff --git a/conformance/priv/static/oid_logo.png b/conformance/priv/static/oid_logo.png deleted file mode 100644 index f226aa8c069b0978c5bf9f7d73bc081d0d4278b1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 17881 zcmXtgWmsEXur*GB;_k(ZLvb%&C=S7$;_fb`xVIGdVkJOvcc-`%hv05OLa@Nid++!C zNS=Lmo}8IIXU@#pYn>!kLroDIlL8X~0Rda-lbjX;0wM=|oc9I|{*IF?kB@-x4navy zTE{Q8D3vbjCM4>7h0JpE)rzlx=7Uh)jbByis^R$fD??EIwqZMEy1HfCjwkdmBK+ zr$JrNiwh;+!-u{SXvp2ozZzgZ5a3vC2w>_mRmac($VIU2c)xZ4C3L%bvK8hVZi25blpTL~p>0T+!MISMq?fh)mEMNVSOXwWZAu4!J(kPgLA}oN+XJaz z#n7z9L;n1Dd%C`mAb`;+y_7v?N1*XyNa(9Ai3YHN4EckkAzDK`eKR`fs_Ux99JZh` zFSOFle@WSM`oGC-v)Gf>ZDD<^1j0l z8_7`V=P;|_qbe#d;MCcFQ~G~0^Iy~d8?}bw6IV`IsynvW&HftFDuP%v+09z6FtF)X z_d395;`+Q!yDD>fv*g`r50;nGX$HoZZN-a`}|w8cW)Hps0+V4kKY9Z$keqgj`2I(e{F#6AV0 zALV}ksFiYqN~i&-+F^tH4S1Io0rgc#M~bcyev*kSPX`vz!;`ZGf?5K;Kf+oCEP*G1fY#Sw0w-hAN=N35C;85wX3 zHLb0Yzpe5APCa%vP~XcQs~vveqMogz8uI`V{V!O}@B1lqvE)i-LqUv5z$?T5=DI(9 z_I%D*K&=p2zTv(I{4Y5yhs+l^CY6{AwKJpA#$KBPRCY)>b-Crf2vC<$@UvB%b!|m_ zZzq>|T|24x2LD7zcOgXI9jaj@Mb=`O!q1>jtg;HOfalIQA+SAQk$^cSMOQpJGqQ2G z_LoJZKGY{L3;wM)x@l3UfS$BM>30Id)}?{}c}`FZOh1r2R{~tc=cLk(n)XD1A&kH-5DB0QuNCj!bW3~-34etsNJ}q%biu#J z3IkMmmcxdV7xQG^CKf(nSP85l{$9SuSC89@-->ZBQ?t~8*jll6P9y$x=)YU%qv(Ub zNYT=%b6>>#E&yWR8%bY}zZ|pXHuGzhNn|e7Ee-?q0RXYs&r?86bD|J5#{x6r`~Lt= zAw|pW^-fGoKa@v4GD5ta~W;o-d0TiBrgAXWgz><_2}cI(T%6cYQugE@jhs^8ZJBic#>K2qTu zU>Srjq9k;f5>pv2l+4+iVuwdPCYZM~dt*EPd={=E{9Yd6(S_rO3(n{=y=-@BS)9LCC$Pbdp7-eTw_rM%drx{&gg={D(=u98?M@1~`^T1o6}2&2U;fFjYNO7bdD ztS}lYOX=1u8I=Pw5NlAmPz7}+|1fJ;DRo@+JWOx-n$HCJv89psD~l4)?=*caj%~?~ zE_=!YZ@#1FM#;xCUO0uACS!!@S=fLpE>@1sEkS|`3rXMXo#=NxwpKD(#WojZG@n2y z&-7sJUhiHbUc|+zbWo2zdM6U)GyP+)OE&5vbJe*?Ey9$6Q?F%7ayEb_+;_m= z8gEF0eg;O$?kb5sysR*T%EYnT%lpuqQT-&{vVb&*%|lPd?eoj=CYVnB{M}~56k{dJ zF<>>%N{%_NMjH`G%sOzM}K?-Q8?M4YsBSpan>v z;Wy`>#*jKLe53}e%K3nHsE@sm^aHb`b8zzSs>#szH0f_7ed=^(OOJu9^KvEr3@G zA3*T8n6utzzF4P}X&@_Z+NKZkQtT)T0HVC*W4<^&NZr13X82auS!kBZ$e{@L!Vt`B zvT_QMtOn-skh{@=b@2Vs+%QNMXELWPmZBEi`7wC;oO#`8z%EXAO&DUlX)oHnO(=-e zwHWMAP^-i%trJ52Lxj+8iG`tcpZs0iEoVno`(E%b60;Y|5PQ^-xd$Kr?k^XHavc=6 zQ#&f!B8u_69*@-dw4gR{-6j0kmd{~&%e<8uCKNNu1n{f?3t{6~65m{g#TZB1ztIDp zP zRcTf;hxZ#9o3a4)Q%FFbbVHog&f6_jeyqx_URtZ-?J12ZHXKW&v$2#ZZC={F$e+$O zSm2Ic>P+OOp|O76El8%ihh!DjYqJINis#oG-o!O4F)&N7dg_{P<6aVi`rzs~ZN%*( ze@h=y9XDqjuA_}jSuv2C=(`Z`!~nEMNtBKk8lQ!+`LwLEQZB!z9_HA-aY3gL5j9yG z2acdpJMkl4aHDV3AAI6DTduQ`62#n?IfcBaa6H0@d#zEbD-DM&D6F-+<-cIvS(38V zE?Oo{*aH4QzZ%ufUa~3JF>YrC_dfAT4V~6zF>iiqK?+5AMiBJ;XSrXP+;sZAF(=HZ z_Ul=7X7jD%Pn&nkVGre*E2NynwTRcM+bcJD4~E5gD<>fOH*lS03Sl9!9JK#*0cNXW6RnGdJw$D1(SKo z^icRMB2?QKqOH8!Q`1|pS0H2@08?$T{GLVvy?uV)Ea*XSHW;xXJu!RYjw7h`DlQn; ztPfj8ekKRoJM{t|`C2T__eHk^GLuiomsRcykff4C&TGsE-Dnai?^WZ>(YoK>v*WKA z!@BIzs{1&y0SlF3BeA3E@J@*lL7e$d{9@P*JHbH$1UOwUZJi;vEW2;(}*-cm{v$6-{M z4WsQITH5Sd_XhHw2Y*pH8_3SeIyRq&xL#9N_f4?pR|aiz(z|Lcw4gUQTD}iQN#%K{ z9$nRr8wn?Rd`B@kdeu0Ahw@|vd}OEhprI3IOm|JG`D1@Kg8{K4;6mXp`jbCxxjHQq z2^i#c8tf$U1S+UlF`O(k_LbuDQw@S(BdoT?DW+RJH zpm0^K1T9}9UKWo*X=Uy5Z{7#-wa!19Ep6rzt5jMep^HOKS-jmFEj6Io(2D{~UE7@?t(``f@DJc#>)y6@;dd^Bci)z%WNR40#Jj z=4A%YZ_~h07Sc5@u8@2*P<4Xf(0as8E$coTXlzcdG!)^+Kw{Wr4MjY;y*Ge>y5{jX(IWT{FPrYsGQ#lA{?3E5nytXugP zgKKUr9+h^rkomM%MVC9mGk-FVz;_)2_F1(y1)UV%FxdPe;s z2F}S0qg{L{=e2l7+v3Z#;eT7MmCkKQlZ^gCe$QFOfV*oPFH-Z0g9SA9d0LqKmQxEU z1BiRpy%{FaheH~Is@ams+bB-6tAcN}k1KH0F~xrp^E>~RYLTj4{L{VJ_ZIxz%MBMO z8Ti#=b-?QDNX5y1Z=l>B1z!T%_AS8{@s0bO-K}b-z4nkk&LjpH!ozy0e&<^2DRj|-uTE;DAC}ER zQQ*|toTrS^$4DlI123mG$Y4iz6LS@m6Y3`EunnZn_O)}aEE^_Xjen>~!<*R`+>7K> z-|%MqQ#vhS?WQ$QLG#Z%q%DZ*MBn3i%_c|y8}#&f{zwY*wsn(;EPcm6aol)R!8e3u zLTo-3hPkAoIXqt>D|FM|JS^2q!jE)ar@Wq*Tw6u@ZaY@}U8cJ+hLrIXzb3K1ao{{kO9* zSx3W9eo|nyzR37S#>w^GmjV3Uv}Oq-{KR-7A}BY;xC(e!d1A>V3 z$Vo*v=*;SqUXI2fhl50Y7OE(msn=M0d)EQ}!aQuK>p+lNO=<4lv3d6BVO`Qj1gRFO zZo_iEwd){NAHZz3t#{foJ>swffo~xs^C8$!yrK8Ahl>Xp<RiH)4Oty(5PjEnzvZZa~N?6@= zcF}?(JGv|s-0?N=EtkyuyxnUa;|F>aD^G^#J*4&Tsp>gWA8V(IE~Z7~JP*xOCM?4r zAJR@2X5uWCW4#wGx|>b(%eyE%&mM1u%)`$pPO?XjGjV}zRa_&W@xqnkwc3sMk{HiS z)`uN$Jvm-iQl4c50l4O~TduSomo6%wjpH%&Hn|HDFmBQaQUXzOgs;69>98(i@vJ9= zS)^RG7gz*_2mw~fY%*K#7VSu=+IeWvVreScHpf{MupRZ^z`J(0OG_XVxTkjZDR%i5 zcB2D<>Ocm70dDY)&#Ple!~bCI9e(p=OR*C;IZH)s#a`QFB@&KB2K4uw>a4Ao4Sc>mC{X7Z_>zk3)C$zSYFAge3S67nM9Ku)5U!=Xzyy<)hnLjEJ?*%(8 zo^tcd^IhjfX9eA0tWwswC22m~nZNMYe;m}5C^`*Q6Xc}%5sK4+V zZO{brwI^{6nVWUTgUZt=4aYZD6AWUU=-Jq`T|lSviAXEH3se!^6^j?C8{xd+AfW^# zLSv^Mj#%0<=e*9W_0wKE1pV{4A=n9D;{cPmM05*Ii@1KS?BL(Z_2I zRJPTjO^OLpPd(PdcKkgNaBiZd82DW}{A2w}AJJS&?iJ*tI%K*zlPHm$TA{b;pV;B= z*1UkuY34EgKeT0MM}g#$o+59Tv^TpS=?@Bkufn^&{{q=J)vX(66896V5^5O+-jlKL zIIk5pxdB>F18ax9k+yuKd;h+}c0}J8Dm#J_Cpj=g%WL&1eoXD9kauj4`kS##h5Uk_ zBORZK){TCnK2)faj7(>is^+vVLvBXWqDbC2-;1xNzh zT~`xRbq)z&8RVZeeZ(!Y{&YC(doF_XNyMJmYk6$7u{ z9p<)JnlR|}R3Twk{?%*6#}YMGb}Hr~QcSEhv&Ra|nZc|Q&0lgmw;{0~NpYu`bml*s zL6F_8YmOWBQR_9`WDfMOlV$q$V2*h>6IY=7HOdhDz!pJ@yUsX(4CE`13dQ1?_eeB6p_5jIk z+$b|guZwixcEV4o9kdXUPPQ-fdx}3qGJVLsp*3!|UunRVKW$zf^kHUAD7o&Jm28sZ z&j%oW>$eMxc7`v6#e-0Ry&_rD4-1y|V4ahAFs|j=DaRXo`>B|54}|XD!07Bd|2Xi{ zz#$H}7~Zx~e!n)CcVHABDJ8Ex3?Z`-v2^^%Z@Ol|K+F;7sM~(5spWSUpDtbR#8s*E zhrXHi3A?nhu-T5pUi!rv5Yw*P^Zl>Yu;D~<(=x@RgU-u2NB^(G_eR69g@gLpM)$%;{2(Kz3%iBA=Ug?ZJJlX%dtyWoAV-9YA^e7IAt3`=YQ`^N&38!;uc1~ zUu0&(W-Vd?HK?kN)L;q#wU_1DuXkt(B!Mj*DUoE|8qeAW*f_q)zM8(>>Q-1Gm8&x) z`q9++hS;{k;m+q`Ku>RWNK;7h4(~sqm$hV!iI~dwF#Xe7NK`6^XV!31{UbZ{av`B* z_t-%meT@ks@K4}it=8F_Btd3?Vu<6+rz2)G&~476`*8h|G=7vjQkE(mP13ZHK+M5x zY;C@MAn3`VSK5hX3OFN-yB2T%gfzby=B)Zma6hoo^Wb^X_bXUs^wRk4uM&&C(GCH;(bsm? z1iC-0x4$RIUMRrdK08w&HNOHTiuLL&yXQt))fa*NPhsRIW!u_3kY^d@`456tfr4G> z?KXAjIf+y)$Yw-yRDh=o^EEW7au3*>=69>yufk!RhIh*m)az}*3F0n;W5yfRx32zM zXwhm`QxGAmejsbuox@hLL5V1Z(EyT|xDFsxQSPEj@-Xj8^$;9MJ|NW}gcy&5MS(ps zSDAx&dx|dLpp$Kjqeq)$@gx8!{~?x{yv?`F?7k~pSn!Q=&sp?-8==|R&D$OP+mF1N z)l7S^bA&(ra4Y)#7=ELW3IiuyNwwLS+CRwDbbiPC8*ct^A$2Dc91dt2j zJyU|s?CxYi5$6oL*qjDVS_Jr(c%&QN(+mN@>}gTj5}d114@}V!O z)XV7>4EE<LI>v#O1pYrNb?sTUWZX5KFFP!!G;}R_tGf{sX(LWa*oiJ9vKS@qT=wTHb#G7v zR(_co^O5t_SVjxv`Vp+yDtZy_5lSx`TStK76A5ZZi;0EnO6 z_%HKXrs4>{hGBG`{Dj&#X>=f*s<AFME+$UMCS< z@1h4zD3*{l^iQAQMjF=-Q$*?S`z=6%+?M)el=|jt;%NT=+B3RN`Fm?T<6Y_zhn1ZAz z+hZ09)~p^WF2dK&mJo5q5`our#DFf){8uSMFh!4BSbr0|sg(jBb@3l0-OH(QMK#e+ zR!K-QJR@T|flH@dls6LVE9X9kfNdrREv^ze%xd}%I)kW|L-L}PbH|djmeK2fuifdP zf03@`-sSIYSVo%9s_h>6bO@PiZ(WAj(CVfRFSt!N0!`mMCjmpG0h@5D)AR#8Z>CqA zC>F)_B9hHgRBz3dBpbp3=l{t`fOlgF@*DCNaPlhY|YFe-?hT;nIR@yaZniO=IyUo|r&8pGxudQk0!p zUZKD9aPCk>1zVt?csjgj@<13T-%_yUL&@&m`Qy(0r-X)b9LLtfH}}18;^-wgMjStW zh0MQYq)cKrN5k`EizZ-0v9QpuEX{Y=DjeN}fZ_Z+W>kpEg%Un~6`;|rq$IY{*feiU@n*!cg?0&K>P3Y>DkDxB7cUbRyAS?;eE z4lQ#U^3zu{b@t%@+J{;?=1DG}LPUW9u`%NEax|okwKs*`XCn+3y?DP!FHnMUM~P3l zH=AxENPf!`E9#dNj~R*c;6FXp~2hB6HL>w4*p?;lr~He6Tt<1pAdvZS{&9qI3B_3V9uQzvC#CxPvna)NQAWss4( zeA@0%gjUZ1?sEs#9(ewcmt|DeQbbXU`Ald@4f)O{4g4n$U(3b~wD;s*z-3lDUd%a7 zNOkRh61;~ZT+M>Z!zAp8|4)+-1FHErsQs_jZ`UaKztTQgi9tU+ts3<&^qar`?-{o1 z7z5k?Pt`BPcKlD>kCSDu{ZBQu_b2;AE$GIVEZY{>q>lCweW zUgFoLH%Vn&*y}fY@fDrh<+agz2ReFD)>G`;o>ifL$^WvrKBWHV z_avsY>*e*dbXG>Ti1V^bSpB_$1cyR@8_`?`-B?uTtU*uf`i3JA`19Fz*WAZiPpQAB z7-zPw*-oi+Gk{9#!dSZw#P4mzGju|rt>+Vs?~5HX&=l%zE7TD`Xv6=j;lROdT*srD&~xv0CVw7>`i7|40d z6E^JtXy`;Hj$Fvex#V!QP&2=w*x4OsVvRLCtWK{>`O)^*7E#mK8%p{*J5i*p)BdAm zTApq0`iF8b>zHqfKSRNMJB2^BIu+oo#jUI;-P^AG^WpVi@S%3zCn||wGqq20^sasi z`gfgmAS{r+m6j>@Y3r)UzpjBXgLV6XVdY28%abi^*uu>L<)F9v`xC-Mad1wuNX9m824F)3{sc`h&J6BF*J-#jXC}N3s4g7F`WVy4`tVncvCWNCA!~x zBXQzVsL5hM+0s4?2fRD{+k-bxU=orc;_9UF0K=d7nu1&2H-!7b`H1s_!iO;yIa#N9 z5U1F4yhGWqX!taA`g}pYJ#a%wwjaBm<@1{b4NUg5lqRN7BZ6r);qMmS6oqbmp(LaKCR#~nYKYdaS1R9lIg1J%ZU|3+O~R_`h0 z5L+QWlaum|WORC+p2=F`7C6 z{c6r+@bkhuJOL1WBo@=8%y1l?vgggwV5h+K!7rTsrgp%uOLT0C&s&5GC2dS087fqX zm`mzFtEY{;oKJHf^xn7zg-+S0P}KB9MTq)vcjUTZ?ESbE+$9DVR}U(HuK!?ygoQ~u z|6aa}L$^?Tw!cazsBqb#ptg4ng0m6c4KSC+_M_1xDJ-gAG6I&$sopNhw$V zxe4?ZYNMO$u6R)Ghn=7eru**S{3nHaLI! zE6(d(dLm1p2WHF@z~l)Hov=82k0O;ys21jr8Q)Gd!G7U6CYz@xuy$rTLp7yU=#oI7{%o@wmy@pyi#qjYaoPRV>^(=_0NUUP_}&u1O(7;zxGwp9N3Zk!C$B z)W;>8IxD{|nZobz+B z-2E6PU?2Q@0S+Yjc^rtR*u9ftOc$%&G$BhMK}Rd==lQqz*7bmMf(iQ5fy6c&6tiTh zJU`aBR7gG?gf3ywr%UqbL#-ZKjc_&TdRTNR_nzI+{jdIp*%b#vC#S6|i4H}6ak875 zlGxP$uDpW3CRl;w3Mw7vC6tuAlKF8WvWMHPY?woH<_kGVJ|@lUF~mzvBzcNFV@~9p z{>!|e{>{4%`#Z@;-_5v-7bMv0Gu3(r*73TZp3z(bCSn>Ud^U&KED3R**Xdl5{|4Y zcW}d&TrW1YCdE5`XVilwVn6?7zs*(XtiwA9bl>|;t-N9X`_Ve@{bGjsg}wnOGir$} z>ZhJuN;N6{Da{8>|0CM+ok@*5B!%)4H?Yy8lVij;tAHs!uC2{mTs7!`){VA6TgSE@X|0t6O`Wzm;)&A>iw zNAnZLvKC2_?wiQlOPHvqnZK0h>kH29(MxZU(x)B2&*!6u5^2Mdf7T|lZ98M(#>bVD z_k9c%Nyhe}46cDFx0K2T5WFh1|q&FekEkFL4xr3>W>XulZv8gMV1I6t#`q? zE}T!9@6M_441KfGn0R~%BNi<;8@x(>{gFsgbXVG+LlN;r!>+?-XaGDK@GVxv)rnuY zZ@a$`$oxm4+)B0FGRArL3%3Zp2hORXWuQwCi9B%Z?KNbH-UMc~Z;gnAEV%ya=+W4v z8a_RS%$Pnx*Fh6&Sqg%AsBZ!`U2d0)>d&?tLY{I2m-(-Tp+!utv-Xt_IIHoOZ|m}% z<)*TYNdE1=$-nl!cex$yD()JOk@emGIlPtltyx01%#huc%zpO|ne6!KO~4+_Em$IP zpIm>q7>c55s{$IED2yre9GP|9l=dRmY5M{r(TC!l_TP20}4sWX6Fg{Jf`XVyhzd?}lPvxmF!A*jY`?FOK0&F*S>E9>4uf(amiOTP1ovu*x zyDo6EI<~nTp}M}^R}Y`>gth+3{sMEC7=Fj0?_Z}b*u9r}b~45odgV{ZUP0#I}%{jyK5*C#dwiK6Z zer&Z}ecJUSqPS>rbo!D>{?m0wCT#r`nC8ov=x1yy1(IKfawc_MinyI^ng2P)_L}Pa zS)nLVFf~vheRvyh(6LKR)pM-ca;0y zvgoeN%Bkg(ZUHrvUo5}=4B8sio$Mb1eBoVPh`K48ZS^u&qNhagsxUE!>q3Ghg-UgoPWRVEYktlvRx`$l8<#R%~AHAZnhVg z7W`cD9b6SNc?-IoFb7#cI#aF%E#6(8(LI{=#O)S53M7R-lTLaF+w;wDLQhA((F!ux zP`+h@>Yx_H55zUdEo2El0h)3{2ZR(7cgfyqt4Q40n!{L+zQg{@lOo?x)N1}F`s&^) zPsOaRm+6_{7WzC^c!uFutz`O#6J1O4SC^#O_GRbz_;XhnFW4>wPmiU^v8Jmc|1I`A zTV`9xOuJ^<&ywieo3^i%2~BUKd_~)MB9;?9s3ecp8};V80qfp~DERNb)ieMZkKf&F z`Qk@f2}%(OjVL*ISBPh?8hOSMn@+ad0HaaChQf-3ul;_GWW8dp65PK#7w9La$Jg;6 z#iWL=DqmTsdT>{QaI}*{j`ce$HUS`40`4S{XaPHpGQCjGVxb-lU6W!#d3mJz7oxJM zCww{4+n$%?|6bD1#Pyq;r0zjLH?Z1)%TtW?#qFiEV7}=d3+yvP9CIT30iPJh>1E+o z+HYyVHJw&f9oAz;DJ4ke!RU|F&&JLod^K3cZ?v)uiqPcZWsAqa9;Z&00$vi=e`K=W zxO>k1`unAHS#c`l`jlw_(6i%U0+7{-IC8_rD5VLLA$0{wFXe0cw;3dV$`c#BORcmP zx`*$6n${P0$sc@AqoqYv@?L{(jFLwwp9;BMDSXpp8ZP}7#)VGaqXzFN-`(3Lvio8p z^6f5)zsZy6KkMm1_Tn0Q`p0V}uAXrGX$3!r^>p)*?$OsY9u&-1wRT3oPw97MZ=lrR zS_Ep8a4l;Z&ayon7(F==dAeZKa{|y0ixY*XJWA}G@*mQbZ|CQT>1Njuf|(H)dX3h1 zdDQ$<$aY2-UmU0=cg3{g8gs7U4WxJNA3kZnQKLY?fsFsDkkIv%-ZT~~ z_s>f|V^CWT2s;|u*B(8y^760FuM);9apJ$=yv0&c+&X1JRGN53Q4zf%H2IG_gP#5t z3W~Vc%nC_7ke_V!F8Cq0`6`eEF?BJsNlsV4*W@(z6v0j-Rm?%;=9aAC5^-l`M%*4x zXUCR_+@Y%1Dl?l%A|kdfk-Q`sIMzvj4~GKiQtN-HyM*?Ai9q$5*ayyI`J1E8plbs3 z4r%A&^wbH$Q-M-qNwK1AqCPvVPg#~t-xmC>UN|qY_LF*Hr7z7rj>+FP9M0Nva1}Hrh4|p?ryPHX*z|TRRZ(^mQ=R zaWx6<#J#E7h{+9N4pS|rZDT1tWv5$PwI2FZ#RCxbd6TpmeP^qUeAQW}agwigVA{%k ziM)?>%%!Zx?SQX)z(WwxmVUOkJ1EG(v`UK+hlMiN`6|n%RV^zi$qLxG-yURda{7 ztE~_&J0YE6*INF1yVo>Q2_T3yA%_tSMjn}fK(0^|hn}hHl^;=Hd%T{=uf}bE+8De*D7w`C?&+e{z2nA{-_K1an=6 z^&B@$8UB-ak&jX^HYO~uFtGkCAYI@?G#2Rw7E+l~Q=BgJ@Rog_c;`sp^-O@vxZDj%P~w2XZ;wM#z4~i~cSQ*Bx5+6j^11rN+WRod zF|lPY=N+bU&iNRlEKSFZrpsWg!Tgw(9SaX@uEsmehr;WVka%cnqHVZJ;xK#m&(fbs z0T9+=k897lY0M{q*X$DgQp@mn*^(Fr9e){*zq*#3vvnf;Ju&H~;5&c`gG!Vw-={5H z5wLR}jC=23meIhp%9^FBA4bq7&O3jsaCcFA2cnc>`ufLa7YtH3Y?0!B*^oWTeYoE) zVJVP56yvfuSwHMuO?30)9+A2Uxc$SOdj1pNuc@lMpFc)Vpa*voV`1q=eBT>&kj1=Q z+}g~tNf|R$#6M0c@0|c{q@TD>yUzEo+N7PC70&83x|OIlH85l&G(r4JJd3R{%K6b$ zse$pFO3loGJ3_es4c5)|zD`<2&^9mbYUm(JPv!>|q3Rh%aD^ckgo(b<7}rC48@H{kGa_vN;` z*l$v*sqIs7oYQKQ_`OA>zX^nnqzw9~&3u?vpZFy_>bh*UZIzkQuj@?eL1k}`k8)hQ z3vK3DMb>r<(gC-D^w&{eDKp_Q#On3-gCz>6s!xed+qhW^G&VF{`tR=#{{110#JKeR zruP}2o zJn?%!4NTXByky$xR`FrqSTK|1;-dfEn;>~g0*i|ST%MMju|9~QbSRXRboewfYFyC( zr0-k0m7AfL_Oc||x6VmR(Iy^nPa_=izGq&^FW#`4AmKX1q}}S;hE(&<;lDk$Ylf_d zzj8OLXwqSW8N{y)M01?kj;jUow#oX4OA>>p)}>j9N^kb#uw|sHM3pC}_k}T;4-1r_ zpBJb&%);R{;J^juW{tw-SW4D+jhEVh7iqUx1S`l6!}Dl|ZJ6!dv%F9u(@}qc$-;M9 zyup7fQ_x*)AD_%du8=q1AeLBxqj2_`7RA{{4s=~hKyPVFJBRl#ydOSMD5Zk$E<5H( z9P%cy4OJUzU|mA9J&=J?bG1$iHahRR$Q#{NWiG8eJ%t1BT$tbphaa6dYUA$r0DC?xo)5N+2mh z8S1fDylj-2UQEZRS=pJoV@_huF^SnnFjLKPMN^p;Tve^BZbFrIKD$$wove8l)=xTY6CH2vEenmy%q>XCxDJ|Bo_&%0FFGzv$ z_2j$QwB0_0LuZcaPw=j9L$i44cV1taQ*?KtrC(V;W3hKQBZZH`{iGe8?Rfp>7i28# z4yaA1Q!`o&%ar`AZ+zq;UZjmU3gY=n@>9*3GxUDDuBcce_mru9Ss>AJze%9*623|c zI(rx3<~w@NkaCPIzxuK<$f_naRX%p2GB0u(+nf*nd6^*fL+ty398*pR>!b#TYJ*7r zQid!cdZdlc^}**If0N)L{6Tfjk<+UKVK~{Pn}&d2)B_#AeZBGg&6d}|MVTW6T%8y& z8pzz|Y)TxnGXWVe(K`%kRx-a}7|&KsuWNm-zM|IiXNcxPa`m(znaH7GMY|Tg`~(rV z@TcU(aka%1S-2CQ4|MtVa%Klv*8q9ZSeAbG8B-uT762GdlrfT1T>hvf8mw^hR6O4F zE{1jQi+>rAb+n%TR!_84t<`^s?rc5Dw>g$=`$Ct;M|0RJa1|H$0bu>}-=INERE9T_KbJr|2Qg`(z&<3@|ARNk-DGUMpO)UqP^?P_dC zjn>><&9s-$5Sj%McqKZ@g`f<=)B*%O05(_sdD@5Kgp1B-c@5!?Z@E(^DCd;(vu`C1 zTihqyI8qCF;ZQVR{HMnvD4DEWwJx+!k6R`l&cp>-^Rf66_o}U+f zoH~4{ib^$MRGH5^j#Z@T=wz;S{O(&ybZ&b(5vA{FXRGh7hmLAZte$`!?vJ&Za6fs< zr8usiLTNJV!PuQQ3pe3or}x_3!&~Q0p%n1V_4Ym8Tdg=3GVsy^x#_E24EvU=RJb?d3`IESP0@lIg zeofXh)>gHi2H#~6q_g%~_vtSg9DVn}=@GQKqMk#v+drYSHTg|1A)Yx?(1X+hZ3RyS zHi2c0I<@Wi6VMsHP0g!kgISAY)bZz6%1X_h5(RXXfsF_0tj;Mg!1uB6>dL>7TyWoo$XFuU! zg8KiEE)zCGnI`sb^}c(;HOZyI+|2%*>jA6n*V1jS$<9P1V73~cE7ji|mFif(N*Q2! zvXcLyvm4) z{L5VvIv(vbAQ@4i*ppfD*(|YYMc+B!5pRr;jD5 ztgTG0*7j<@OHw*vlZFZa9EEeaCasya;)#$0h)T`Ir$aHCky~izkEx1e%ZtrTrO-`I zpA_j(oDyV5p}Cdo_hnom*80u#x4t29E7M(w*hZDVcRz=kC<;+7>$w9Q-==wtJ$TW) zBp7}_lnsSKMz=f0Zu9Q;Rex)}d5iZ(>77ET7C)a%;>a283VOo`oa6ffV|DpS87YKm zSKxx|ihS1f=!Kqj;7DYa6DU5G6#$P5TrhqL3-tAP9@A?$sDD+mebPR53Kh+R zQ+AK%VzbB{95#*)iPWvN_BqvO`C?;mVsGTEDHK8Rj>#e|BK`D>W~R-nZR@WKLwW0h z_AUA5cvfp!rEHyjL$3(h*XV-Mo*V7%A8~Ao#w;~<2!N!Yg6^X9pMsXmcjB8FekS!Q z<)lPQQn^?nL<_T&Gr4Y+ws#~X!g%%9a?S)-|}V<1nR>hc48U+8w0y@ zD_fc@fwZ4ptNXKAKI#pc7tNLI@y}A`qNBC4k@bw1%-z@L4#EtfD<|PJ0jc}+2mb{U zlhX@skLPwNxyyUonKlf+&(1w~ZVw8D^+w2h%3Q7-3k&vV* zk?Aid;iU5-=XG%8b#4ZXkPO&tIl6p&>nZdi0Fw}UCx1{p#&TuEmPBvgrt@Q0=FKs# z)C5h@Ym++t_Fldcp4GS(OFYsL?w$PX4N>h870mU8eS*3;bSd${x_sC~i9JLoGO%ar zO!cy~!Je|-W!$e5bSsZ`eR3sB0+VVYk?^yfdq2#@{cz5xI^!EL@RZpx>61J2bfNqZ zS8PWSHdj7s!L1{ct+abO{Q;Udy^7#B?TqYSiYHtI;|deX5`tcoz;EUmD|8h?gZDLT zFtL{*!QLD^Sci+DhQIe_^+Yh_8-x3CpV%zStoU{E^l0;j7OV1*QR+Hx(YK_`Yjk2F z!St@6#tL?}!6jsh9iONXx0$V|LU%B*r$XYP;u%58l~@^+?$=p0|3J#-J{%>&z$!yZe`Q8H@s17;cN2h_Pbe5J#Bgiqdw zkDoYX=ePzM@OBJ`w^Y3W2W?x#Dy20)8@O_^{RNoh+B*`Y>nsouP-Fi4UjQmPtAM;t zDXq{&42{ndb3ZU^D18^mvA%yS8~En=`;OAz)AENDcZ|?I;sCw(jD{=LZj<0C2*Nni z=Eb(axZl()C_teXQ)iePFogs(oUW7D=z0n2_IliJNn@kBb6C&l&m;S zhtOwxzm0wP@&4oCkHQa0^-eN0D4na$dg~3l*X`2f2e!BBkmMzQMGkIan%DmNW*V&% z+UdYSu>y69?J=V3h70Ny=EQC4Q>VHA39JND`)W#`ntL`ru9Y7r<_&{E7<^bHUb{D( zs$I0n@O~v6jJ=SIImBax~qtK0yhr!5GgdbBDTizAV8@xRQ zZ%#U=CL(@6EGL4zc2N|luF|FFqJ|X;9+$?%JN(qWPa*v`-&k}Qf2woNL&dmhlI~*n zC;v?Yue}ggX}*pfuV*UO|B6G9T zBrJ0d15XsJ@x7+3dv`#~yBc{RDm~@oLN=If5t++^7pWQ!bjTS`zi8>(kthTt7c_PT z37sha*YU;1@0@o1ArF-$5Fqk*;M2G$$-cZgUk#m_{x?Tgum6s@}ffy}Z zz1Q!8fyOu$T@k#+466nMQgXeA$LzgC!6|Wos17KS-lm^%j%_Mw?oJDAc~=2%Xip`t z=FaEZTJ~Y7Z^;n5H;KaNa|g~sBqb3`9eEnIhsddWjw~AEbuToEoF(3Bew|Qr=B-k~ z^J*{|vk$46w@5>S$P0BEg=BPe#|;Sc^S;iim64s~q<0iP6Gxim&Fd-^?>~#zYre?P z&SHa4joAxSf3uWYpz&(qdu(}EHZO$s=XmW}Y;aL9N)}kz1adQbc_>Zt#Zmy6Nrfx9k;^k)6?4h&U2=|@?DL@{Azx2 z;?gr=Q97k13P~yJGnTtrQOljz1ikYkx@M8yPj0i70WOTz;oTEQ=#Z}WA^Ny4GDXX~ z3V6#I_4u^?A|!bQxHznOBX_fK?o&=KH~4r@RoccuJdWHI@mE%e_-ipwgL!k2ym0e( z=9~@V1!?$iCAB0Jve?tgGewzQ(nXy(K^j-p$8-wsV3GyPpV!(=PQTIj75!($qw0A4 z6J>Ak+w11`DHIB2%e&%vwaS~MVD>MoYUQZ_QHG?+;F8FK zQ-bhl>i*4GuDmG)sW7=L#5Ph?r@DWUN8&q;%}88|S&;htx4f%>SDSd9!r)9o=X7^} zq`WBZdNu`8I#~kZt|2K?>VJ0$YI;_SJVaG8T?~RWJ{v<-au3Z;!zgH^!r8=I)UWD5 z-k4C1Rf^x^%L?xQAoSx4QHdi~T|mao5AFTc1#)`%%beHhGC2WA`!ETlefKq0ec~>, - fun test_rp_response_type_code/1, - fun check_rp_response_type_code/2, - code}, - {<<"rp-scope-userinfo-claims">>, - fun test_rp_scope_userinfo_claims/1, - fun check_rp_scope_userinfo_claims/2, - code}, - {<<"rp-nonce-invalid">>, - fun test_rp_nonce_invalid/1, - fun check_rp_nonce_invalid/2, - code}, - {<<"rp-token_endpoint-client_secret_basic">>, - fun test_rp_token_endpoint_basic/1, - fun check_rp_token_endpoint_basic/2, - code}, - {<<"rp-id_token-aud">> , - fun test_rp_id_token/1, - fun check_rp_id_token_aud/2, - code}, - {<<"rp-id_token-kid-absent-single-jwks">>, - fun test_rp_id_token/1, - fun check_rp_id_token_absent_single_jwks/2, - code}, - {<<"rp-id_token-sig-none">>, - fun test_rp_id_token/1, - fun check_rp_id_token_sig_none/2, - [code, configuration]}, - {<<"rp-id_token-issuer-mismatch">>, - fun test_rp_id_token/1, - fun check_rp_id_token_issuer_mismatch/2, - code}, - {<<"rp-id_token-kid-absent-multiple-jwks">>, - fun test_rp_id_token/1, - fun check_rp_id_token_kid_absent_multiple/2, - code}, - {<<"rp-id_token-bad-sig-rs256">>, - fun test_rp_id_token/1, - fun check_rp_id_token_bad_sig/2, - code}, - {<<"rp-id_token-iat">>, - fun test_rp_id_token/1, - fun check_rp_id_token_iat/2, - code}, - {<<"rp-id_token-sig-rs256">>, - fun test_rp_id_token/1, - fun check_rp_id_token_sig_rs256/2, - code}, - {<<"rp-id_token-sub">>, - fun test_rp_id_token/1, - fun check_rp_id_token_sub/2, - code}, - {<<"rp-userinfo-bad-sub-claim">>, - fun test_rp_user_info/1, - fun check_rp_user_info_bad_sub_claim/2, - code}, - %% been removed - %% {<<"rp-userinfo-bearer-body">>, - %% fun test_rp_user_info_bearer_body/1, - %% fun check_rp_user_info_bearer_body/2 }, - {<<"rp-userinfo-bearer-header">>, - fun test_rp_user_info/1, - fun check_rp_user_info_bearer_header/2, - code}, - - - %% mandatory configuration - {<<"rp-discovery-jwks_uri-keys">>, - fun test_rp_discovery_keys/0, - undefined, - configuration}, - {<<"rp-discovery-issuer-not-matching-config">>, - fun test_rp_discovery_not_matching/0, - undefined, - configuration}, - {<<"rp-discovery-openid-configuration">>, - fun test_rp_discovery/0, - undefined, - configuration}, - {<<"rp-key-rotation-op-sign-key-native">>, - fun test_rp_id_token/1, - fun check_rp_id_token_sig_rs256/2, - configuration}, - {<<"rp-key-rotation-op-sign-key">>, - fun test_rp_key_rotation/1, - fun check_rp_key_rotation/2, - configuration} - %% been removed - %% {<<"rp-userinfo-sig">>, - %% fun test_rp_userinfo_sig/1, - %% fun check_rp_userinfo_sig/2, - %% configuration} - ]). - -%% *** CODE - MANDATORY *** - -%% rp-response_type-code -%% Make an authentication request using the Authorization Code Flow. -test_rp_response_type_code(Req) -> - {ok, Id, _Pid} = dyn_reg_test(), - redirect_to_provider(Id, Req). - -%% An authentication response containing an authorization code. -check_rp_response_type_code(true, _) -> - true; -check_rp_response_type_code(_, _) -> - false. - - -%% rp-scope-userinfo-claims -%% Request claims using scope values. -test_rp_scope_userinfo_claims(Req) -> - Params = maps:from_list(get_conf(params, [])), - Scopes = case maps:get(<<"scp">>, Params, undefined) of - <<"profile">> -> [openid, profile]; - <<"email">> -> [openid, email]; - <<"address">> -> [openid, address]; - <<"phone">> -> [openid, phone]; - _ -> [openid, profile, email, address, phone] - end, - set_conf(scopes, Scopes), - log("requesting scopes ~p", [Scopes]), - {ok, Id, _Pid} = dyn_reg_test(#{scopes => Scopes}), - redirect_to_provider(Id, Req). - -%% A UserInfo Response containing the requested claims. -%% (following not applicable) -%% If no access token is issued (when using Implicit Flow with -%% response_type='id_token') the ID Token contains the requested claims. -check_rp_scope_userinfo_claims(true, #{user_info := UserInfo}) -> - ProfileList = [name, family_name, given_name, middle_name, - nickname, preferred_username, profile, picture, - website, gender, birthdate, zoneinfo, locale, - updated_at], - EmailList = [email, email_verified], - AddressList = [address], - PhoneList = [phone_number, phone_number_verified], - ProfileOk = check_scope(profile, ProfileList, UserInfo), - EmailOk = check_scope(email, EmailList, UserInfo), - AddressOk = check_scope(address, AddressList, UserInfo), - PhoneOk = check_scope(phone, PhoneList, UserInfo), - ProfileOk and EmailOk and AddressOk and PhoneOk; -check_rp_scope_userinfo_claims(_, _) -> - false. - - -check_scope(Scope, ScopeList, UserInfo) -> - Scopes = get_conf(scopes, []), - Contains = fun( Key, _, Bool) -> - case lists:member(Key, ScopeList) of - true -> true; - _ -> Bool - end - end, - case lists:member(Scope, Scopes) of - true -> - maps:fold(Contains, false, UserInfo); - _ -> - true - end. - - - -%% rp-nonce-invalid -%% Pass a 'nonce' value in the Authentication Request. -%% Verify the 'nonce' value returned in the ID Token. -test_rp_nonce_invalid(Req) -> - {ok, Id, _Pid} = dyn_reg_test(), - redirect_to_provider(Id, Req). - -%% Identify that the 'nonce' value in the ID Token is invalid and -%% reject the ID Token. -check_rp_nonce_invalid(false, {internal, {token_invalid, {error, wrong_nonce}}}) -> - true; -check_rp_nonce_invalid(_, _) -> - false. - -%% rp-token_endpoint-client_secret_basic -%% -%% Use the 'client_secret_basic' method to authenticate at the -%% Authorization Server when using the token endpoint. -test_rp_token_endpoint_basic(Req) -> - {ok, Id, _Pid} = dyn_reg_test(), - redirect_to_provider(Id, Req). - -%% A Token Response, containing an ID token. -check_rp_token_endpoint_basic(true, #{id := #{token := IdToken}}) - when is_binary(IdToken), byte_size(IdToken) > 5 -> - true; -check_rp_token_endpoint_basic(_, _) -> - false. - -%% rp-id_token-aud -%% -%% Request an ID token and compare its aud value -%% to the Relying Party's 'client_id'. -test_rp_id_token(Req) -> - {ok, Id, _Pid} = dyn_reg_test(), - redirect_to_provider(Id, Req). - -%% Identify that the 'aud' value is missing or doesn't match the 'client_id' -%% and reject the ID Token after doing ID Token validation. -check_rp_id_token_aud(false, - {internal, {token_invalid,{error,not_in_audience}}}) -> - true; -check_rp_id_token_aud(_, _) -> - false. - - -%% rp-id_token-kid-absent-single-jwks -%% -%% Request an ID token and verify its signature using the keys -%% provided by the Issuer. -%% -%% Use the single key published by the Issuer to verify the ID Tokens signature -%% and accept the ID Token after doing ID Token validation. -check_rp_id_token_absent_single_jwks(true, _TokenMap) -> - true; -check_rp_id_token_absent_single_jwks(_, _) -> - false. - -%% rp-id_token-sig-none -%% -%% Use Code Flow and retrieve an unsigned ID Token. -%% -%% Accept the ID Token after doing ID Token validation. -check_rp_id_token_sig_none(true, _TokenMap) -> - true; -check_rp_id_token_sig_none(_, _) -> - false. - -%% rp-id_token-issuer-mismatch -%% -%% Request an ID token and verify its 'iss' value. -%% -%% Identify the incorrect 'iss' value and reject the ID Token after doing ID Token validation. -check_rp_id_token_issuer_mismatch(false, {internal, {token_invalid, {error, {wrong_issuer, _, _}}}}) -> - true; -check_rp_id_token_issuer_mismatch(_, _) -> - false. - -%% rp-id_token-kid-absent-multiple-jwks -%% -%% Request an ID token and verify its signature using the keys provided by -%% the Issuer. -%% -%% dentify that the 'kid' value is missing from the JOSE header and that the -%% Issuer publishes multiple keys in its JWK Set document (referenced by -%% 'jwks_uri'). -%% The RP can do one of two things; -%% reject the ID Token since it can not by using the kid determined which -%% key to use to verify the signature. <- solution used here -%% -%% Or it can just test all possible keys and hit upon one that works, -%% which it will in this case. -check_rp_id_token_kid_absent_multiple(false, {internal, {token_invalid, {error, too_many_keys}}}) -> - true; -check_rp_id_token_kid_absent_multiple(_, _) -> - false. - -%% rp-id_token-bad-sig-rs256 -%% -%% Request an ID token and verify its signature using the keys provided by -%% the Issuer. -%% -%% Identify the invalid signature and reject the ID Token after doing -%% ID Token validation. -check_rp_id_token_bad_sig(false, {internal, {token_invalid, {error, invalid_signature}}}) -> - true; -check_rp_id_token_bad_sig(_, _) -> - false. - -%% rp-id_token-iat -%% -%% Request an ID token and verify its 'iat' value. -%% -%% dentify the missing 'iat' value and reject the ID Token after doing -%% ID Token validation. -check_rp_id_token_iat(false, {internal, {token_invalid, {error, {required_fields_missing, [iat]}}}}) -> - true; -check_rp_id_token_iat(_, _) -> - false. - - -%% rp-id_token-sig-rs256 -%% -%% Request an signed ID Token. Verify the signature on the ID Token using the -%% keys published by the Issuer. -%% -%% Accept the ID Token after doing ID Token validation. -check_rp_id_token_sig_rs256(true, #{ id := #{token := IdToken}} ) - when is_binary(IdToken), byte_size(IdToken) > 3 -> - case erljwt:pre_parse_jwt(IdToken) of - #{header := #{alg := Algo}} -> - log("signature algorithm used is: ~p~n",[Algo]), - Algo /= <<"none">>; - _ -> - false - end; -check_rp_id_token_sig_rs256(_, _) -> - false. - -%% rp-id_token-sub -%% -%%Request an ID token and verify it contains a sub value. -%% -%% Identify the missing 'sub' value and reject the ID Token. -check_rp_id_token_sub(false, {internal, {token_invalid, {error, {required_fields_missing, [sub]}}}}) -> - true; -check_rp_id_token_sub(_, _) -> - false. - -%% rp-userinfo-bad-sub-claim -%% -%% Make a UserInfo Request and verify the 'sub' value of the UserInfo Response -%% by comparing it with the ID Token's 'sub' value. -test_rp_user_info(Req) -> - {ok, Id, _Pid} = dyn_reg_test(), - redirect_to_provider(Id, Req). - -%% Identify the invalid 'sub' value and reject the UserInfo Response. -check_rp_user_info_bad_sub_claim(true, TokenMap) -> - %% ensure the error is due to invalid sub value - #{ user_info := UserInfo } = TokenMap, - length( maps:to_list(UserInfo) ) == 0; -check_rp_user_info_bad_sub_claim(_, _) -> - false. - - -%% rp-userinfo-bearer-header -%% -%% Pass the access token using the "Bearer" authentication scheme while doing -%% the UserInfo Request. -%% -%% A UserInfo Response. -check_rp_user_info_bearer_header(true, TokenMap) -> - #{ user_info := UserInfo } = TokenMap, - length( maps:to_list(UserInfo) ) /= 0; -check_rp_user_info_bearer_header(_, _) -> - false. - - - -%% ****** -%% *** CONFIGURATION - MANDATORY *** -%% ****** - -%% rp-discovery-jwks_uri-keys -%% -%% The Relying Party uses keys from the jwks_uri which has been obtained from -%% the OpenID Provider Metadata. -%% -%% Should be able to verify signed responses and/or encrypt requests using -%% obtained keys. -test_rp_discovery_keys() -> - {ok, _Id, Pid} = dyn_reg_test(), - {ok, Keys} = oidcc_openid_provider:update_and_get_keys(Pid), - KeysOk = length(Keys) > 0, - Ready = oidcc_openid_provider:is_ready(Pid), - KeysOk and Ready. - -%% rp-discovery-issuer-not-matching-config -%% -%% Retrieve OpenID Provider Configuration Information for OpenID Provider from -%% the .well-known/openid-configuration path. Verify that the issuer in the -%% provider configuration matches the one returned by WebFinger. -%% -%% Identify that the issuers are not matching and reject the provider -%% configuration. -test_rp_discovery_not_matching() -> - {error, Reason, Pid} = dyn_reg_test(), - {bad_issuer_config, _, _,_} = Reason, - not oidcc_openid_provider:is_ready(Pid). - -%% rp-discovery-openid-configuration -%% -%% Retrieve and use the OpenID Provider Configuration Information. -%% -%% Read and use the JSON object returned from the OpenID Connect Provider. -test_rp_discovery() -> - {ok, _Id, Pid} = dyn_reg_test(), - oidcc_openid_provider:is_ready(Pid). - - -%% rp-key-rotation-op-sign-key -%% -%% Request an ID Token and verify its signature. Make a new authentication and -%% retrieve another ID Token and verify its signature. -%% -%% Successfully verify both ID Token signatures, fetching the rotated signing -%% keys if the 'kid' claim in the JOSE header is unknown. -test_rp_key_rotation(Req) -> - {ok, Id, _Pid} = dyn_reg_test(), - set_conf(rotation_run, 1), - redirect_to_provider(Id, Req). - -check_rp_key_rotation(true, _TokenMap) -> - case get_conf(rotation_run) of - {ok, 1} -> - set_conf(rotation_run, 2), - {ok, Id} = get_conf(provider_id), - {in_progress, provider_url(Id)}; - {ok, 2} -> - true - end; -check_rp_key_rotation(_, _) -> - false. - -%% BEEN REMOVED -%% rp-userinfo-sig -%% -%% Request signed UserInfo. -%% -%% Successful signature verification of the UserInfo Response. -%% test_rp_userinfo_sig(Req) -> -%% {ok, Id, _Pid} = dyn_reg_test(), -%% redirect_to_provider(Id, Req). - -%% check_rp_userinfo_sig(true, _TokenMap) -> -%% false; -%% check_rp_userinfo_sig(_, _) -> -%% false. - - -%% *** DYNAMIC - MANDATORY *** - -%% *** CODE - OPTIONAL *** -%% *** CONFIGURATION - OPTIONAL *** -%% *** DYNAMIC - OPTIONAL *** - - - -%% ***************************************************************************** -%% functions to handle tests -%% - - -run_test(Id, Params, Req) -> - case lists:keyfind(Id, 1, ?TESTS) of - {Id, TestFun, CheckFun, Profile} -> - register_test(Id, Profile, Params), - case CheckFun of - undefined -> - {ok, Path} = handle_result(TestFun(), Id), - redirect_to(Path, Req); - _ -> - TestFun(Req) - end; - _ -> - lager:error("unknown or unimplemented test ~p",[Id]), - redirect_to(<<"/">>, Req) - end. - - - - -check_result(LoggedIn, TokenOrError) -> - {ok, Id} = get_test_id(), - case LoggedIn of - true -> - log("User logged in ~p~n", [TokenOrError]); - false -> - log("User not logged in ~p~n", [TokenOrError]) - end, - case lists:keyfind(Id, 1, ?TESTS) of - {Id, _, CheckFun, _} -> - handle_result(CheckFun(LoggedIn, TokenOrError), Id); - Other -> - handle_result(Other, Id) - end. - -handle_result({in_progress, Path}, _Id) -> - {ok, Path}; -handle_result(true, Id) -> - log_result("*** ~p passed ***~n", [Id]), - {ok, <<"/">>}; -handle_result(false, Id) -> - log_result("*** ~p FAILED ***~n", [Id]), - {ok, <<"/">>}; -handle_result(_Unknown, Id) -> - log_result("*** ~p FAILED (unknown) ***~n", [Id]), - {ok, <<"/">>}. - - - - -dyn_reg_test() -> - dyn_reg_test(#{}). - -dyn_reg_test(Options) -> - Scopes = maps:get(scopes, Options, undefined), - {ok, TestId} = get_test_id(), - Issuer = gen_issuer(TestId), - dyn_reg(Issuer, TestId, Scopes). - -dyn_reg(Issuer, Name, Scopes) -> - ProviderConf = #{ - name => Name, - description => <<"">>, - request_scopes => Scopes - }, - {ok, Id, Pid} = oidcc:add_openid_provider(Issuer, - <<"https://localhost:8080/oidc">>, - ProviderConf), - log("registration at ~p started with id ~p~n",[Issuer, Id]), - set_conf(provider_id, Id), - case wait_for_provider_to_be_ready(Pid) of - ok -> - {ok, Config} = oidcc:get_openid_provider_info(Pid), - #{meta_data := - #{client_id := ClientId, - client_secret := ClientSecret, - client_secret_expires_at := SecretExpire, - registration_access_token := RegAT - } - } = Config, - log("successfully registered ~p at: ~p~n",[Id, Issuer]), - log(" client id: ~p~n",[ClientId]), - log(" client secret: ~p~n",[ClientSecret]), - log(" secret expires: ~p~n",[SecretExpire]), - log(" reg access token: ~p~n~n~n",[RegAT]), - log(" complete config: ~p",[Config]), - - {ok, Id, Pid}; - {error, timeout} -> - log("the request timed out~n",[]), - {error, timeout, Pid}; - {error, Reason} -> - log("an error occured: ~p ~n",[Reason]), - {error, Reason, Pid} - end. - -gen_issuer(TestId) -> - Base = <<"https://rp.certification.openid.net:8080/">>, - Slash = <<"/">>, - RpId = get_rp_id(), - << Base/binary, RpId/binary, Slash/binary, TestId/binary >>. - - - - -wait_for_provider_to_be_ready(Pid) -> - wait_for_provider_to_be_ready(Pid, 100). - -wait_for_provider_to_be_ready(_Pid, 0) -> - {error, timeout}; -wait_for_provider_to_be_ready(Pid, Num) -> - Ready = oidcc_openid_provider:is_ready(Pid), - {ok, Error} = oidcc_openid_provider:get_error(Pid), - case {Ready, Error} of - {true, undefined} -> - ok; - {false, undefined} -> - timer:sleep(100), - wait_for_provider_to_be_ready(Pid, Num-1); - {false, Error} -> - {error, Error} - end. - - -start_debug() -> - ModuleList = ["oidcc_openid_provider"], - Options = [{time, 60000}, {msgs, 10000}], - redbug:start(ModuleList, Options). - -start_debug(ModuleList) -> - Options = [{time, 60000}, {msgs, 10000}], - redbug:start(ModuleList, Options). - -stop_debug() -> - redbug:stop(). - -redirect_to_provider(Id, Req) -> - redirect_to(provider_url(Id), Req). - -provider_url(Id) -> - Base = <<"/oidc?provider=">>, - << Base/binary, Id/binary >>. - - -redirect_to(Url, Req) -> - log("redirecting to ~p~n", [Url]), - Header = [{<<"location">>, Url}], - {ok, Req2} = cowboy_req:reply(302, Header, Req), - Req2. - - -register_test(Id, Profile, Params) -> - set_conf(test_id, Id), - set_conf(test_profile, Profile), - set_conf(params, Params), - CurrentTime = cowboy_clock:rfc1123(), - log("starting test ~p at ~p~n",[Id, CurrentTime]). - -get_test_id() -> - get_conf(test_id). - -get_test_profile() -> - get_conf(test_profile). - -get_rp_id() -> - get_conf(rp_id, <<"oidcc.temp.code">>). - -set_conf(Key, Value) -> - application:set_env(?MODULE, Key, Value). - -get_conf(Key) -> - application:get_env(?MODULE, Key). - -get_conf(Key, Default) -> - application:get_env(?MODULE, Key, Default). - - -log(Format, Args) -> - Msg = io_lib:format(Format, Args), - log(Msg). - - -log(Msg) -> - {ok, Profile} = get_test_profile(), - log_profile(Msg, Profile). - -log_profile(Msg, Profile) -> - {ok, TestId} = get_test_id(), - LogProfile = - fun(Prof, _) -> - {ok, LogDir} = get_profile_dir(Prof), - Ext = <<".log">>, - log_file(<< LogDir/binary, TestId/binary, Ext/binary >>, Msg), - ok - end, - ProfileList = - case is_list(Profile) of - true -> Profile; - false -> [Profile] - end, - lists:foldl(LogProfile, ok, ProfileList), - lager:info(Msg). - - -log_result(Format, Args) -> - Msg = io_lib:format(Format, Args), - download_log(), - log(Msg), - {ok, LogDir} = get_conf(log_dir), - Name = <<"summary.log">>, - log_file(<< LogDir/binary, Name/binary >>, Msg). - -log_file(FileName, Msg) -> - ok = file:write_file(FileName, Msg, [append]), - ok. - -download_log() -> - {ok, TestId} = get_test_id(), - {ok, Profile} = get_test_profile(), - RPId = get_rp_id(), - WgetParams = - case application:get_env(conformance, no_cert_check) of - {ok, true} -> - "-nv --no-check-certificate --check-certificate=quiet"; - _ -> - "-nv" - end, - Host = "https://rp.certification.openid.net:8080", - C= "cd ~s && wget ~s ~s/log/~s/~s.txt", - Download = - fun(Prof, _) -> - {ok, LogDir} = get_profile_dir(Prof), - Cmd = io_lib:format(C, [binary_to_list(LogDir), WgetParams, - Host, binary_to_list(RPId), - binary_to_list(TestId)]), - %% CmdMsg = io_lib:format("wget cmd: ~s~n",[Cmd]), - %% log_profile(CmdMsg, Prof), - Result = os:cmd(Cmd), - Msg = io_lib:format("download: ~p~n", [Result]), - log_profile(Msg, Prof) - end, - ProfileList = - case is_list(Profile) of - true -> Profile; - false -> [Profile] - end, - lists:foldl(Download, ok, ProfileList), - ok. - - -get_profile_dir(Profile) -> - case Profile of - code -> get_conf(code_dir); - configuration -> get_conf(conf_dir); - dynamic -> get_conf(dyn_dir) - end. diff --git a/conformance/src/conformance_app.erl b/conformance/src/conformance_app.erl deleted file mode 100644 index 2324613..0000000 --- a/conformance/src/conformance_app.erl +++ /dev/null @@ -1,79 +0,0 @@ --module(conformance_app). --behaviour(application). - --export([start/2]). --export([stop/1]). - -start(_, _) -> - conformance_oidc_client:init(), - PrivDir = code:priv_dir(conformance), - ok = init(), - ok = copy_readme(PrivDir), - Dispatch = cowboy_router:compile( [{'_', - [ - {"/", cowboy_static, - {priv_file, conformance, - "static/index.html"} - }, - {"/test/", conformance_http, []}, - {"/oidc", oidcc_cowboy, []}, - {"/oidc/return", oidcc_cowboy, []} - ]}]), - {ok, _} = cowboy:start_https( https_handler - , 100 - , [ - {port, 8080}, - {certfile, PrivDir ++ "/ssl/server.crt"}, - {keyfile, PrivDir ++ "/ssl/server.key"} - ] - , [{env, [{dispatch, Dispatch}]}] - ), - conformance_sup:start_link(). - -stop(_) -> - ok. - -init() -> - LDir = "/tmp/oidcc_rp_conformance/", - CDir = LDir ++ "code/", - CnfDir = LDir ++ "configuration/", - DDir = LDir ++ "dynamic/", - os:cmd("rm -rf " ++ LDir), - LogDir = list_to_binary(LDir), - CodeDir = list_to_binary(CDir), - ConfDir = list_to_binary(CnfDir), - DynDir = list_to_binary(DDir), - - ok = file:make_dir(LogDir), - ok = file:make_dir(CodeDir), - ok = file:make_dir(ConfDir), - ok = file:make_dir(DynDir), - conformance:set_conf(log_dir, LogDir), - conformance:set_conf(code_dir, CodeDir), - conformance:set_conf(conf_dir, ConfDir), - conformance:set_conf(dyn_dir, DynDir), - conformance:set_conf(rp_id, <<"oidcc.code">>), - lager:info("using log dir ~p",[LogDir]), - - Url = <<"https://rp.certification.openid.net:8080/">>, - {SSLResult, SSLMsg} = - case oidcc_http_util:sync_http(get, Url ,[]) of - {ok, #{status := 200}} -> {ok, "successful"}; - Error -> {error, Error} - end, - lager:info("checking ssl: ~p~n", [SSLMsg]), - - ClearLog = <<"https://rp.certification.openid.net:8080/clear/oidcc.code">>, - case SSLResult of - ok -> - lager:info("cleaning logs ..."), - oidcc_http_util:sync_http(get, ClearLog, []), - ok; - _ -> - SSLResult - end. - -copy_readme(PrivDir) -> - Target = binary_to_list(conformance:get_conf(log_dir,<<"">>))++"readme.txt", - {ok, _} = file:copy(PrivDir ++ "/readme.txt", Target), - ok. diff --git a/conformance/src/conformance_http.erl b/conformance/src/conformance_http.erl deleted file mode 100644 index b379683..0000000 --- a/conformance/src/conformance_http.erl +++ /dev/null @@ -1,47 +0,0 @@ --module(conformance_http). --behaviour(cowboy_http_handler). - --export([init/3]). --export([handle/2]). --export([terminate/3]). - --record(state, { - test_id = undefined, - params = [] - }). - - - -init(_, Req, _Opts) -> - extract_args(Req). - -handle(Req, #state{test_id = undefined } = State) -> - main_page(Req, State); -handle(Req, #state{test_id = TestId, params = Params } = State) -> - Req2 = conformance:run_test(TestId, Params, Req), - {ok, Req2, State}. - - -terminate(_Reason, _Req, _State) -> - ok. - -extract_args(Req) -> - {QsVals, Req2} = cowboy_req:qs_vals(Req), - TestId = case lists:keyfind(<<"id">>, 1, QsVals) of - {_, V} -> V; - _ -> undefined - end, - NewState = #state{ - test_id = TestId, - params = QsVals - }, - {ok, Req2, NewState}. - - -main_page(Req, State) -> - lager:error("no test id given, redirecting to main page"), - %% redirect to / - Path = <<"/">>, - Header = [{<<"location">>, Path}], - {ok, Req2} = cowboy_req:reply(302, Header, Req), - {ok, Req2, State}. diff --git a/conformance/src/conformance_oidc_client.erl b/conformance/src/conformance_oidc_client.erl deleted file mode 100644 index dac47c5..0000000 --- a/conformance/src/conformance_oidc_client.erl +++ /dev/null @@ -1,23 +0,0 @@ --module(conformance_oidc_client). --behaviour(oidcc_client). - --export([init/0]). --export([login_succeeded/1]). --export([login_failed/2]). - -init() -> - oidcc_client:register(?MODULE). - -login_succeeded(Token) -> - {ok, Path} = conformance:check_result(true, Token), - Updates = [ - {redirect, Path} - ], - {ok, Updates}. - - -login_failed(Error, Desc) -> - conformance:check_result(false, {Error, Desc}), - Path = <<"/">>, - Updates = [{redirect, Path}], - {ok, Updates}. diff --git a/conformance/src/conformance_sup.erl b/conformance/src/conformance_sup.erl deleted file mode 100644 index 509e025..0000000 --- a/conformance/src/conformance_sup.erl +++ /dev/null @@ -1,12 +0,0 @@ --module(conformance_sup). --behaviour(supervisor). - --export([start_link/0]). --export([init/1]). - -start_link() -> - supervisor:start_link({local, ?MODULE}, ?MODULE, []). - -init([]) -> - Procs = [], - {ok, {{one_for_one, 1, 5}, Procs}}. diff --git a/conformance/test.exs b/conformance/test.exs new file mode 100755 index 0000000..0b7bdcf --- /dev/null +++ b/conformance/test.exs @@ -0,0 +1,188 @@ +#!/usr/bin/env elixir +Mix.install( + [ + {:oidcc, path: ".."}, + {:plug_cowboy, "~> 2.5"}, + {:phoenix, "~> 1.7"}, + {:jason, "~> 1.4"} + ], + config: [ + conformance: [ + {Conformance.Endpoint, + [ + http: [ip: {127, 0, 0, 1}, port: 4000], + server: true, + secret_key_base: String.duplicate("a", 64), + debug_errors: true + ]} + ] + ] +) + +Application.ensure_all_started(:oidcc) +JOSE.unsecured_signing(true) + +defmodule Conformance.AuthController do + use Phoenix.Controller + + alias Oidcc.Token + + def authorize(conn, _params) do + nonce = 32 |> :crypto.strong_rand_bytes() |> Base.encode64() + + with {:ok, url} <- + Oidcc.create_redirect_url(:config_worker, "client_id", "client_secret", %{ + redirect_uri: "http://localhost:4000/callback", + nonce: nonce, + scopes: ["profile", "openid"], + response_type: "code" + }) do + conn + |> put_session(:nonce, nonce) + |> redirect(external: IO.iodata_to_binary(url)) + else + {:error, reason} -> error_response(conn, reason) + end + end + + def callback_form(conn, %{"code" => code}) do + # Redirect neccesary since session does not include nonce + # on cross origin post + redirect(conn, to: "/callback?code=" <> code) + end + + def callback(conn, %{"code" => code}) do + nonce = get_session(conn, :nonce) || :any + conn = put_session(conn, :nonce, nil) + + with {:ok, token} <- + Oidcc.retrieve_token( + code, + :config_worker, + "client_id", + "client_secret", + %{ + redirect_uri: "http://localhost:4000/callback", + nonce: nonce + } + ), + {:ok, userinfo} <- + Oidcc.retrieve_userinfo( + token, + :config_worker, + "client_id", + "client_secret", + %{} + ) do + maybe_refresh = + case token do + %Token{refresh: %Token.Refresh{token: token}, id: %Token.Id{claims: %{"sub" => sub}}} -> + refresh_url = + URI.to_string(%URI{ + scheme: nil, + userinfo: nil, + host: nil, + port: nil, + path: "/refresh", + query: URI.encode_query(%{token: token, expected_subject: sub}), + fragment: nil + }) + + """ + Refresh + """ + + %Token{} -> + nil + end + + conn + |> put_resp_header("content-type", "text/html") + |> send_resp(200, """ +
#{inspect(%{token: token, userinfo: userinfo}, pretty: true)}
+ #{maybe_refresh} + """) + else + {:error, reason} -> error_response(conn, reason) + end + end + + def refresh(conn, %{"token" => refresh_token, "expected_subject" => sub}) do + with {:ok, token} <- + Oidcc.refresh_token( + refresh_token, + :config_worker, + "client_id", + "client_secret", + sub + ), + {:ok, userinfo} <- + Oidcc.retrieve_userinfo( + token, + :config_worker, + "client_id", + "client_secret", + %{} + ) do + send_resp(conn, 200, inspect(%{token: token, userinfo: userinfo}, pretty: true)) + else + {:error, reason} -> error_response(conn, reason) + end + end + + defp error_response(conn, reason) do + send_resp(conn, 400, inspect(reason, pretty: true)) + end +end + +defmodule Conformance.Router do + use Phoenix.Router + + pipeline :browser do + plug(:accepts, ["html"]) + + plug(:fetch_session) + end + + scope "/", Conformance do + pipe_through(:browser) + + get("/authorize", AuthController, :authorize) + get("/callback", AuthController, :callback) + post("/callback", AuthController, :callback_form) + get("/refresh", AuthController, :refresh) + end +end + +defmodule Conformance.Endpoint do + use Phoenix.Endpoint, otp_app: :conformance + + plug(Plug.Parsers, + parsers: [:urlencoded, :multipart, :json], + pass: ["*/*"], + json_decoder: Phoenix.json_library() + ) + + plug(Plug.Head) + + plug(Plug.Session, + store: :cookie, + key: "_session", + signing_salt: "6MKm58UGfKFEgo8M1cx9GuTJX8Vy6nW3", + same_site: "Lax" + ) + + plug(Conformance.Router) +end + +{:ok, _} = + Supervisor.start_link( + [ + Conformance.Endpoint, + {Oidcc.ProviderConfiguration.Worker, + %{issuer: "https://www.certification.openid.net/test/a/test/", name: :config_worker}} + ], + strategy: :one_for_one + ) + +Process.sleep(:infinity) diff --git a/conformance/utils/run_tests.sh b/conformance/utils/run_tests.sh deleted file mode 100755 index a856976..0000000 --- a/conformance/utils/run_tests.sh +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/bash -BIN="./_build/default/rel/conformance/bin/conformance" -echo -n "starting application ... " -$BIN start -sleep 2 -echo "done" -TESTS="rp-response_type-code rp-scope-userinfo-claims&scp=all rp-scope-userinfo-claims&scp=profile rp-scope-userinfo-claims&scp=email rp-scope-userinfo-claims&scp=address rp-scope-userinfo-claims&scp=phone rp-nonce-invalid rp-token_endpoint-client_secret_basic rp-id_token-aud rp-id_token-kid-absent-single-jwks rp-id_token-sig-none rp-id_token-issuer-mismatch rp-id_token-kid-absent-multiple-jwks rp-id_token-bad-sig-rs256 rp-id_token-iat rp-id_token-sig-rs256 rp-id_token-sub rp-userinfo-bad-sub-claim rp-userinfo-bearer-header rp-discovery-jwks_uri-keys rp-discovery-issuer-not-matching-config rp-discovery-openid-configuration rp-key-rotation-op-sign-key rp-userinfo-sig" -HOST="https://localhost:8080/test/?id=" -echo -n "running tests " -for TEST in $TESTS -do - echo -n "." - curl -s -S --insecure -L "$HOST$TEST" > /dev/null - -done -echo " done" -$BIN stop -cat /tmp/oidcc_rp_conformance/summary.log diff --git a/elvis.config b/elvis.config new file mode 100644 index 0000000..24e2461 --- /dev/null +++ b/elvis.config @@ -0,0 +1,28 @@ +[{elvis, + [{config, + [#{dirs => ["src"], + filter => "*.erl", + ruleset => erl_files, + rules => + [%% Line length is the job of the formatter + {elvis_text_style, line_length, #{limit => 1_000}}, + %% We're exposing records + {elvis_style, private_data_types, #{apply_to => []}}, + %% jose does not declare types + {elvis_style, no_spec_with_records, #{ignore => [oidcc_jwt_util]}}, + %% Increase min complexity for repeating code + {elvis_style, dont_repeat_yourself, #{min_complexity => 20}}]}, + #{dirs => ["test"], + filter => "*.erl", + ruleset => erl_files, + rules => + [%% Line length is the job of the formatter + {elvis_text_style, line_length, #{limit => 1_000}}, + %% Tests are ok to repeat + {elvis_style, dont_repeat_yourself, #{min_complexity => 10_000}}]}, + #{dirs => ["."], + filter => "rebar.config", + ruleset => rebar_config}, + #{dirs => ["."], + filter => "elvis.config", + ruleset => elvis_project}]}]}]. diff --git a/erlang_ls.config b/erlang_ls.config new file mode 100644 index 0000000..4a7c828 --- /dev/null +++ b/erlang_ls.config @@ -0,0 +1,3 @@ +include_dirs: + - "include" + - "_build/default/lib" \ No newline at end of file diff --git a/include/oidcc.hrl b/include/oidcc.hrl new file mode 100644 index 0000000..016fb83 --- /dev/null +++ b/include/oidcc.hrl @@ -0,0 +1,9 @@ +-ifndef(OIDCC_HRL). + +-include("oidcc_provider_configuration.hrl"). +-include("oidcc_client_context.hrl"). +-include("oidcc_token.hrl"). + +-defined(OIDCC_HRL, 1). + +-endif. diff --git a/include/oidcc_client_context.hrl b/include/oidcc_client_context.hrl new file mode 100644 index 0000000..0e077ef --- /dev/null +++ b/include/oidcc_client_context.hrl @@ -0,0 +1,12 @@ +-ifndef(OIDCC_CLIENT_CONTEXT_HRL). + +-record(oidcc_client_context, { + provider_configuration :: oidcc_provider_configuration:t(), + jwks :: jose_jwk:key(), + client_id :: binary(), + client_secret :: binary() +}). + +-define(OIDCC_CLIENT_CONTEXT_HRL, 1). + +-endif. diff --git a/include/oidcc_provider_configuration.hrl b/include/oidcc_provider_configuration.hrl new file mode 100644 index 0000000..ee896af --- /dev/null +++ b/include/oidcc_provider_configuration.hrl @@ -0,0 +1,100 @@ +-ifndef(oidcc_provider_configuration_HRL). + +%% @see https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata +%% @see https://datatracker.ietf.org/doc/html/draft-jones-oauth-discovery-01#section-4.1 +-record(oidcc_provider_configuration, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + { + issuer :: uri_string:uri_string(), + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + authorization_endpoint :: uri_string:uri_string(), + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + token_endpoint = undefined :: uri_string:uri_string() | undefined, + %% OpenID Connect Discovery 1.0 + userinfo_endpoint = undefined :: uri_string:uri_string() | undefined, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + jwks_uri = undefined :: uri_string:uri_string() | undefined, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + registration_endpoint = undefined :: uri_string:uri_string() | undefined, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + scopes_supported :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + response_types_supported :: [binary()], + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + response_modes_supported :: [binary()], + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + grant_types_supported = [<<"authorization_code">>, <<"implicit">>] :: [binary()], + %% OpenID Connect Discovery 1.0 + acr_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + subject_types_supported :: [pairwise | public], + %% OpenID Connect Discovery 1.0 + id_token_signing_alg_values_supported :: [binary()], + %% OpenID Connect Discovery 1.0 + id_token_encryption_alg_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + id_token_encryption_enc_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + userinfo_signing_alg_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + userinfo_encryption_alg_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + userinfo_encryption_enc_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + request_object_signing_alg_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + request_object_encryption_alg_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + request_object_encryption_enc_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + token_endpoint_auth_methods_supported = [<<"client_secret_basic">>] :: [binary()], + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + token_endpoint_auth_signing_alg_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + display_values_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + claim_types_supported = [normal] :: [normal | aggregated | distributed], + %% OpenID Connect Discovery 1.0 + claims_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + service_documentation = undefined :: uri_string:uri_string() | undefined, + %% OpenID Connect Discovery 1.0 + claims_locales_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + ui_locales_supported = undefined :: [binary()] | undefined, + %% OpenID Connect Discovery 1.0 + claims_parameter_supported = false :: boolean(), + %% OpenID Connect Discovery 1.0 + request_parameter_supported = false :: boolean(), + %% OpenID Connect Discovery 1.0 + request_uri_parameter_supported = true :: boolean(), + %% OpenID Connect Discovery 1.0 + require_request_uri_registration = false :: boolean(), + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + op_policy_uri = undefined :: uri_string:uri_string() | undefined, + %% OpenID Connect Discovery 1.0 / OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + op_tos_uri = undefined :: uri_string:uri_string() | undefined, + %% OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + revocation_endpoint = undefined :: uri_string:uri_string() | undefined, + %% OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + revocation_endpoint_auth_methods_supported = [<<"client_secret_basic">>] :: [binary()], + %% OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + revocation_endpoint_auth_signing_alg_values_supported = undefined :: + [binary()] | undefined, + %% OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + introspection_endpoint = undefined :: uri_string:uri_string() | undefined, + %% OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + introspection_endpoint_auth_methods_supported = [<<"client_secret_basic">>] :: [binary()], + %% OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + introspection_endpoint_auth_signing_alg_values_supported = undefined :: + [binary()] | undefined, + %% OAuth 2.0 Discovery (draft-jones-oauth-discovery-01) + code_challenge_methods_supported = undefined :: [binary()] | undefined, + %% Unknown Fields + extra_fields = #{} :: #{binary() => term()} + } +). + +-define(oidcc_provider_configuration_HRL, 1). + +-endif. diff --git a/include/oidcc_token.hrl b/include/oidcc_token.hrl new file mode 100644 index 0000000..08ad0f1 --- /dev/null +++ b/include/oidcc_token.hrl @@ -0,0 +1,15 @@ +-ifndef(OIDCC_TOKEN_HRL). + +-record(oidcc_token_id, {token :: binary(), claims :: oidcc_jwt_util:claims()}). +-record(oidcc_token_access, {token :: binary(), expires = undefined :: pos_integer() | undefined}). +-record(oidcc_token_refresh, {token :: binary()}). +-record(oidcc_token, { + id :: oidcc_token:id() | none, + access :: oidcc_token:access() | none, + refresh :: oidcc_token:refresh() | none, + scope :: oidcc_scope:scopes() +}). + +-define(OIDCC_TOKEN_HRL, 1). + +-endif. diff --git a/include/oidcc_token_introspection.hrl b/include/oidcc_token_introspection.hrl new file mode 100644 index 0000000..3c1d9e5 --- /dev/null +++ b/include/oidcc_token_introspection.hrl @@ -0,0 +1,13 @@ +-ifndef(OIDCC_TOKEN_INTROSPECTION_HRL). + +-record(oidcc_token_introspection, { + active :: boolean(), + client_id :: binary(), + exp :: pos_integer(), + scope :: oidcc_scope:scopes(), + username :: binary() +}). + +-define(OIDCC_TOKEN_INTROSPECTION_HRL, 1). + +-endif. diff --git a/lib/oidcc.ex b/lib/oidcc.ex new file mode 100644 index 0000000..e46159c --- /dev/null +++ b/lib/oidcc.ex @@ -0,0 +1,350 @@ +defmodule Oidcc do + @moduledoc """ + OpenID Connect High Level Interface + + ## Setup + + {:ok, _pid} = + Oidcc.ProviderConfiguration.Worker.start_link(%{ + issuer: "https://accounts.google.com/", + name: MyApp.GoogleConfigProvider + }) + + or via a supervisor + + Supervisor.init([ + {Oidcc.ProviderConfiguration.Worker, %{issuer: "https://accounts.google.com/"}} + ], strategy: :one_for_one) + """ + + @doc """ + Create Auth Redirect URL + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/" + ...> }) + ...> + ...> {:ok, _redirect_uri} = + ...> Oidcc.create_redirect_url( + ...> pid, + ...> "client_id", + ...> "client_secret", + ...> %{redirect_uri: "https://my.server/return"} + ...> ) + + """ + @spec create_redirect_url( + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + opts :: :oidcc_authorization.opts() + ) :: + {:ok, :uri_string.uri_string()} + | {:error, :oidcc_client_context.error() | :oidcc_client_context.error()} + def create_redirect_url(provider_configuration_name, client_id, client_secret, opts), + do: :oidcc.create_redirect_url(provider_configuration_name, client_id, client_secret, opts) + + @doc """ + retrieve the token using the authcode received before and directly validate + the result. + + the authcode was sent to the local endpoint by the OpenId Connect provider, + using redirects + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> # Get auth_code fromm redirect + ...> auth_code = "auth_code" + ...> + ...> Oidcc.retrieve_token( + ...> auth_code, + ...> pid, + ...> "client_id", + ...> "client_secret", + ...> %{redirect_uri: "https://my.server/return"} + ...> ) + ...> # => {:ok, %Oidcc.Token{}} + + """ + @spec retrieve_token( + auth_code :: String.t(), + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + opts :: :oidcc_token.retrieve_opts() + ) :: + {:ok, Oidcc.Token.t()} | {:error, :oidcc_client_context.error() | :oidcc_token.error()} + def retrieve_token(auth_code, provider_configuration_name, client_id, client_secret, opts) do + with {:ok, token} <- + :oidcc.retrieve_token( + auth_code, + provider_configuration_name, + client_id, + client_secret, + opts + ) do + {:ok, Oidcc.Token.record_to_struct(token)} + end + end + + @doc """ + Refresh Token + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> # Get refresh_token fromm redirect + ...> refresh_token = "refresh_token" + ...> + ...> Oidcc.refresh_token( + ...> refresh_token, + ...> pid, + ...> "client_id", + ...> "client_secret", + ...> %{expected_subject: "sub_from_initial_id_token"} + ...> ) + ...> # => {:ok, %Oidcc.Token{}} + + """ + @spec refresh_token( + refresh_token :: String.t(), + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + opts :: :oidcc_token.refresh_opts() + ) :: {:ok, Oidcc.Token.t()} | {:error, :oidcc_token.error()} + @spec refresh_token( + token :: Oidcc.Token.t(), + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + opts :: :oidcc_token.refresh_opts_no_sub() + ) :: + {:ok, Oidcc.Token.t()} | {:error, :oidcc_client_context.error() | :oidcc_token.error()} + def refresh_token(token, provider_configuration_name, client_id, client_secret, opts) do + token = + case token do + %Oidcc.Token{} = token -> Oidcc.Token.struct_to_record(token) + token when is_binary(token) -> token + end + + with {:ok, token} <- + :oidcc.refresh_token( + token, + provider_configuration_name, + client_id, + client_secret, + opts + ) do + {:ok, Oidcc.Token.record_to_struct(token)} + end + end + + @doc """ + Introspect the given access token + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> Oidcc.introspect_token( + ...> "access_token", + ...> pid, + ...> "client_id", + ...> "client_secret" + ...> ) + ...> # => {:ok, %Oidcc.TokenIntrospection{}} + + """ + @spec introspect_token( + access_token :: String.t() | Oidcc.Token.t(), + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + opts :: :oidcc_token_introspection.opts() + ) :: + {:ok, Oidcc.TokenIntrospection.t()} + | {:error, :oidcc_client_context.error() | :oidcc_token_introspection.error()} + def introspect_token( + token, + provider_configuration_name, + client_id, + client_secret, + opts \\ %{} + ) do + token = + case token do + %Oidcc.Token{} = token -> Oidcc.Token.struct_to_record(token) + token when is_binary(token) -> token + end + + with {:ok, introspection} <- + :oidcc.introspect_token( + token, + provider_configuration_name, + client_id, + client_secret, + opts + ) do + {:ok, Oidcc.TokenIntrospection.record_to_struct(introspection)} + end + end + + @doc """ + Load userinfo for the given token + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> # Get access_token from Oidcc.Token.retrieve/3 + ...> access_token = "access_token" + ...> + ...> Oidcc.retrieve_userinfo( + ...> access_token, + ...> pid, + ...> "client_id", + ...> "client_secret", + ...> %{expected_subject: "sub"} + ...> ) + ...> # => {:ok, %{"sub" => "sub"}} + + """ + @spec retrieve_userinfo( + token :: Oidcc.Token.t(), + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + opts :: :oidcc_userinfo.retrieve_opts_no_sub() + ) :: {:ok, :oidcc_jwt_util.claims()} | {:error, :oidcc_userinfo.error()} + @spec retrieve_userinfo( + access_token :: String.t(), + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + opts :: :oidcc_userinfo.retrieve_opts() + ) :: + {:ok, :oidcc_jwt_util.claims()} + | {:error, :oidcc_client_context.error() | :oidcc_userinfo.error()} + def retrieve_userinfo(token, provider_configuration_name, client_id, client_secret, opts \\ %{}) do + token = + case token do + %Oidcc.Token{} = token -> Oidcc.Token.struct_to_record(token) + token when is_binary(token) -> token + end + + :oidcc.retrieve_userinfo(token, provider_configuration_name, client_id, client_secret, opts) + end + + @doc """ + Retrieve JSON Web Token (JWT) Profile Token + + https://datatracker.ietf.org/doc/html/rfc7523#section-4 + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://erlef-test-w4a8z2.zitadel.cloud" + ...> }) + ...> + ...> %{"key" => key, "keyId" => kid, "userId" => subject} = "JWT_PROFILE" + ...> |> System.fetch_env!() + ...> |> JOSE.decode() + ...> + ...> jwk = JOSE.JWK.from_pem(key) + ...> + ...> {:ok, %Oidcc.Token{}} = + ...> Oidcc.jwt_profile_token( + ...> subject, + ...> pid, + ...> "client_id", + ...> "client_secret", + ...> jwk, + ...> %{scope: ["urn:zitadel:iam:org:project:id:zitadel:aud"], kid: kid} + ...> ) + + """ + @spec jwt_profile_token( + subject :: String.t(), + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + jwk :: JOSE.JWK.t(), + opts :: :oidcc_token.jwt_profile_opts() + ) :: + {:ok, Oidcc.Token.t()} | {:error, :oidcc_client_context.error() | :oidcc_token.error()} + def jwt_profile_token(subject, provider_configuration_name, client_id, client_secret, jwk, opts) do + jwk = JOSE.JWK.to_record(jwk) + + with {:ok, token} <- + :oidcc.jwt_profile_token( + subject, + provider_configuration_name, + client_id, + client_secret, + jwk, + opts + ) do + {:ok, Oidcc.Token.record_to_struct(token)} + end + end + + @doc """ + Retrieve Client Credential Token + + See https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.4 + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://erlef-test-w4a8z2.zitadel.cloud" + ...> }) + ...> + ...> {:ok, %Oidcc.Token{}} = + ...> Oidcc.client_credentials_token( + ...> pid, + ...> System.fetch_env!("CLIENT_CREDENTIALS_CLIENT_ID"), + ...> System.fetch_env!("CLIENT_CREDENTIALS_CLIENT_SECRET"), + ...> %{scope: ["scope"]} + ...> ) + + """ + @spec client_credentials_token( + provider_configuration_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t(), + opts :: :oidcc_token.client_credentials_opts() + ) :: + {:ok, Oidcc.Token.t()} | {:error, :oidcc_client_context.error() | :oidcc_token.error()} + def client_credentials_token(provider_configuration_name, client_id, client_secret, opts) do + with {:ok, token} <- + :oidcc.client_credentials_token( + provider_configuration_name, + client_id, + client_secret, + opts + ) do + {:ok, Oidcc.Token.record_to_struct(token)} + end + end +end diff --git a/lib/oidcc/authorization.ex b/lib/oidcc/authorization.ex new file mode 100644 index 0000000..5f97d43 --- /dev/null +++ b/lib/oidcc/authorization.ex @@ -0,0 +1,43 @@ +defmodule Oidcc.Authorization do + @moduledoc """ + Functions to start an OpenID Connect Authorization + """ + + alias Oidcc.ClientContext + + @doc """ + Create Auth Redirect URL + + For a high level interface using `Oidcc.ProviderConfiguration.Worker` + see `Oidcc.create_redirect_url/4`. + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/" + ...> }) + ...> + ...> {:ok, client_context} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> "client_id", + ...> "client_secret" + ...> ) + ...> + ...> {:ok, _redirect_uri} = + ...> Oidcc.Authorization.create_redirect_url( + ...> client_context, + ...> %{redirect_uri: "https://my.server/return"} + ...> ) + """ + @spec create_redirect_url( + client_context :: ClientContext.t(), + opts :: :oidcc_authorization.opts() + ) :: {:ok, :uri_string.uri_string()} | {:error, :oidcc_authorization.error()} + def create_redirect_url(client_context, opts), + do: + client_context + |> ClientContext.struct_to_record() + |> :oidcc_authorization.create_redirect_url(opts) +end diff --git a/lib/oidcc/client_context.ex b/lib/oidcc/client_context.ex new file mode 100644 index 0000000..fea86bf --- /dev/null +++ b/lib/oidcc/client_context.ex @@ -0,0 +1,119 @@ +defmodule Oidcc.ClientContext do + @moduledoc """ + Client Configuration for authorization, token exchange and userinfo + + For most projects, it makes sense to use + `Oidcc.ProviderConfiguration.Worker` and the high-level + interface of `Oidcc`. In that case direct usage of this + module is not needed. + """ + + use Oidcc.RecordStruct, + internal_name: :context, + record_name: :oidcc_client_context, + hrl: "include/oidcc_client_context.hrl" + + alias Oidcc.ProviderConfiguration + + @type t() :: %__MODULE__{ + provider_configuration: ProviderConfiguration.t(), + jwks: JOSE.JWK.t(), + client_id: String.t(), + client_secret: String.t() + } + + @doc """ + Create Client Context from a `Oidcc.ProviderConfiguration.Worker` + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/", + ...> name: __MODULE__.GoogleConfigProvider + ...> }) + ...> + ...> {:ok, %Oidcc.ClientContext{}} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> __MODULE__.GoogleConfigProvider, + ...> "client_id", + ...> "client_Secret" + ...> ) + ...> + ...> {:ok, %Oidcc.ClientContext{}} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> "client_id", + ...> "client_Secret" + ...> ) + """ + @spec from_configuration_worker( + provider_name :: GenServer.name(), + client_id :: String.t(), + client_secret :: String.t() + ) :: {:ok, t()} | {:error, :oidcc_client_context.t()} + def from_configuration_worker(provider_name, client_id, client_secret) do + with {:ok, client_context} <- + :oidcc_client_context.from_configuration_worker( + provider_name, + client_id, + client_secret + ) do + {:ok, record_to_struct(client_context)} + end + end + + @doc """ + Create Client Context manually + + ## Examples + + iex> {:ok, {configuration, _expiry}} = + ...> Oidcc.ProviderConfiguration.load_configuration( + ...> "https://login.salesforce.com" + ...> ) + ...> + ...> {:ok, {jwks, _expiry}} = + ...> Oidcc.ProviderConfiguration.load_jwks( + ...> configuration.jwks_uri + ...> ) + ...> + ...> %Oidcc.ClientContext{} = + ...> Oidcc.ClientContext.from_manual( + ...> configuration, + ...> jwks, + ...> "client_id", + ...> "client_Secret" + ...> ) + """ + @spec from_manual( + configuration :: ProviderConfiguration.t(), + jwks :: JOSE.JWK.t(), + client_id :: String.t(), + client_secret :: String.t() + ) :: t() + def from_manual(configuration, jwks, client_id, client_secret) do + configuration = ProviderConfiguration.struct_to_record(configuration) + jwks = JOSE.JWK.to_record(jwks) + + configuration + |> :oidcc_client_context.from_manual(jwks, client_id, client_secret) + |> record_to_struct() + end + + @impl Oidcc.RecordStruct + def record_to_struct(record) do + record + |> super() + |> Map.update!(:provider_configuration, &ProviderConfiguration.record_to_struct/1) + |> Map.update!(:jwks, &JOSE.JWK.from_record/1) + end + + @impl Oidcc.RecordStruct + def struct_to_record(struct) do + struct + |> Map.update!(:provider_configuration, &ProviderConfiguration.struct_to_record/1) + |> Map.update!(:jwks, &JOSE.JWK.to_record/1) + |> super() + end +end diff --git a/lib/oidcc/provider_configuration.ex b/lib/oidcc/provider_configuration.ex new file mode 100644 index 0000000..252d086 --- /dev/null +++ b/lib/oidcc/provider_configuration.ex @@ -0,0 +1,129 @@ +defmodule Oidcc.ProviderConfiguration do + @moduledoc """ + Tooling to load and parse Openid Configuration + """ + + use Oidcc.RecordStruct, + internal_name: :configuration, + record_name: :oidcc_provider_configuration, + hrl: "include/oidcc_provider_configuration.hrl" + + @typedoc """ + Configuration Struct + + For details on the fields see: + * https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata + * https://datatracker.ietf.org/doc/html/draft-jones-oauth-discovery-01#section-4.1 + """ + @type t() :: %__MODULE__{ + issuer: :uri_string.uri_string(), + authorization_endpoint: :uri_string.uri_string(), + token_endpoint: :uri_string.uri_string() | :undefined, + userinfo_endpoint: :uri_string.uri_string() | :undefined, + jwks_uri: :uri_string.uri_string() | :undefined, + registration_endpoint: :uri_string.uri_string() | :undefined, + scopes_supported: [String.t()] | :undefined, + response_types_supported: [String.t()], + response_modes_supported: [String.t()], + grant_types_supported: [String.t()], + acr_values_supported: [String.t()] | :undefined, + subject_types_supported: [:pairwise | :public], + id_token_signing_alg_values_supported: [String.t()], + id_token_encryption_alg_values_supported: [String.t()] | :undefined, + id_token_encryption_enc_values_supported: [String.t()] | :undefined, + userinfo_signing_alg_values_supported: [String.t()] | :undefined, + userinfo_encryption_alg_values_supported: [String.t()] | :undefined, + userinfo_encryption_enc_values_supported: [String.t()] | :undefined, + request_object_signing_alg_values_supported: [String.t()] | :undefined, + request_object_encryption_alg_values_supported: [String.t()] | :undefined, + request_object_encryption_enc_values_supported: [String.t()] | :undefined, + token_endpoint_auth_methods_supported: [String.t()], + token_endpoint_auth_signing_alg_values_supported: [String.t()] | :undefined, + display_values_supported: [String.t()] | :undefined, + claim_types_supported: [:normal | :aggregated | :distributed], + claims_supported: [String.t()] | :undefined, + service_documentation: :uri_string.uri_string() | :undefined, + claims_locales_supported: [String.t()] | :undefined, + ui_locales_supported: [String.t()] | :undefined, + claims_parameter_supported: boolean(), + request_parameter_supported: boolean(), + request_uri_parameter_supported: boolean(), + require_request_uri_registration: boolean(), + op_policy_uri: :uri_string.uri_string() | :undefined, + op_tos_uri: :uri_string.uri_string() | :undefined, + revocation_endpoint: :uri_string.uri_string() | :undefined, + revocation_endpoint_auth_methods_supported: [String.t()], + revocation_endpoint_auth_signing_alg_values_supported: [String.t()] | :undefined, + introspection_endpoint: :uri_string.uri_string() | :undefined, + introspection_endpoint_auth_methods_supported: [String.t()], + introspection_endpoint_auth_signing_alg_values_supported: [String.t()] | :undefined, + code_challenge_methods_supported: [String.t()] | :undefined, + extra_fields: %{String.t() => term()} + } + + @doc """ + Load OpenID Configuration + + ## Examples + + iex> {:ok, { + ...> %ProviderConfiguration{issuer: "https://accounts.google.com"}, + ...> _expiry + ...> }} = Oidcc.ProviderConfiguration.load_configuration("https://accounts.google.com") + """ + @spec load_configuration( + issuer :: :uri_string.uri_string(), + opts :: :oidcc_provider_configuration.opts() + ) :: + {:ok, {configuration :: t(), expiry :: pos_integer()}} + | {:error, :oidcc_provider_configuration.error()} + def load_configuration(issuer, opts \\ %{}) do + with {:ok, {configuration, expiry}} <- + :oidcc_provider_configuration.load_configuration(issuer, opts) do + {:ok, {record_to_struct(configuration), expiry}} + end + end + + @doc """ + Load JWKs + + ## Examples + + iex> {:ok, {%JOSE.JWK{}, _expiry}} = + ...> Oidcc.ProviderConfiguration.load_jwks("https://www.googleapis.com/oauth2/v3/certs") + """ + @spec load_jwks( + jwks_uri :: :uri_string.uri_string(), + opts :: :oidcc_provider_configuration.opts() + ) :: + {:ok, {jwks :: JOSE.JWK.t(), expiry :: pos_integer()}} + | {:error, :oidcc_provider_configuration.error()} + def load_jwks(jwks_uri, opts \\ %{}) do + with {:ok, {jwks, expiry}} <- + :oidcc_provider_configuration.load_jwks(jwks_uri, opts) do + {:ok, {JOSE.JWK.from_record(jwks), expiry}} + end + end + + @doc """ + Decode JSON into OpenID configuration + + ## Examples + + iex> {:ok, {{~c"HTTP/1.1",200, ~c"OK"}, _headers, body}} = + ...> :httpc.request("https://accounts.google.com/.well-known/openid-configuration") + ...> + ...> decoded_json = body |> to_string() |> JOSE.decode() + ...> + ...> {:ok, %ProviderConfiguration{issuer: "https://accounts.google.com"}} = + ...> Oidcc.ProviderConfiguration.decode_configuration(decoded_json) + """ + @spec decode_configuration(configuration :: map()) :: + {:ok, t()} | {:error, :oidcc_provider_configuration.error()} + def decode_configuration(configuration) do + with {:ok, configuration} <- + :oidcc_provider_configuration.decode_configuration(configuration) do + {:ok, record_to_struct(configuration)} + end + end +end diff --git a/lib/oidcc/provider_configuration/worker.ex b/lib/oidcc/provider_configuration/worker.ex new file mode 100644 index 0000000..02efb0e --- /dev/null +++ b/lib/oidcc/provider_configuration/worker.ex @@ -0,0 +1,139 @@ +defmodule Oidcc.ProviderConfiguration.Worker do + @moduledoc """ + OIDC Config Provider Worker + + Loads and continuously refreshes the OIDC configuration and JWKs + + ## Usage in Supervisor + + ```elixir + Supervisor.init([ + {Oidcc.ProviderConfiguration.Worker, %{issuer: "https://accounts.google.com/"}} + ], strategy: :one_for_one) + ``` + """ + + alias Oidcc.ProviderConfiguration + + @typedoc """ + See `t:oidcc_provider_configuration_worker.opts/0` + """ + @type opts() :: %{ + optional(:name) => GenServer.name(), + required(:issuer) => :uri_string.uri_string(), + optional(:provider_configuration_opts) => :oidcc_provider_configuration.opts() + } + + @doc """ + Start Configuration Worker + + ## Examples + + iex> {:ok, _pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/", + ...> name: __MODULE__.GoogleConfigProvider + ...> }) + """ + @spec start_link(opts :: :oidcc_provider_configuration_worker.opts()) :: GenServer.on_start() + def start_link(opts) + + def start_link(%{name: name} = opts) when is_atom(name), + do: start_link(%{opts | name: {:local, name}}) + + def start_link(opts), do: :oidcc_provider_configuration_worker.start_link(opts) + + @spec child_spec(opts :: :oidcc_provider_configuration_worker.opts()) :: Supervisor.child_spec() + def child_spec(opts), + do: + Supervisor.child_spec( + %{ + id: __MODULE__, + start: {__MODULE__, :start_link, [opts]} + }, + [] + ) + + @doc """ + Get Configuration + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/" + ...> }) + ...> %Oidcc.ProviderConfiguration{issuer: "https://accounts.google.com"} = + ...> Oidcc.ProviderConfiguration.Worker.get_provider_configuration(pid) + """ + @spec get_provider_configuration(name :: GenServer.name()) :: ProviderConfiguration.t() + def get_provider_configuration(name), + do: + name + |> :oidcc_provider_configuration_worker.get_provider_configuration() + |> ProviderConfiguration.record_to_struct() + + @doc """ + Get Parsed Jwks + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/" + ...> }) + ...> %JOSE.JWK{} = + ...> Oidcc.ProviderConfiguration.Worker.get_jwks(pid) + """ + @spec get_jwks(name :: GenServer.name()) :: JOSE.JWK.t() + def get_jwks(name), + do: + name + |> :oidcc_provider_configuration_worker.get_jwks() + |> JOSE.JWK.from_record() + + @doc """ + Refresh Configuration + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/" + ...> }) + ...> :ok = Oidcc.ProviderConfiguration.Worker.refresh_configuration(pid) + """ + @spec refresh_configuration(name :: GenServer.name()) :: :ok + def refresh_configuration(name), + do: :oidcc_provider_configuration_worker.refresh_configuration(name) + + @doc """ + Refresh JWKs + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/" + ...> }) + ...> :ok = Oidcc.ProviderConfiguration.Worker.refresh_jwks(pid) + """ + @spec refresh_jwks(name :: GenServer.name()) :: :ok + def refresh_jwks(name), + do: :oidcc_provider_configuration_worker.refresh_jwks(name) + + @doc """ + Refresh JWKs if the provided `Kid` is not matching any currently loaded keys + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://accounts.google.com/" + ...> }) + ...> :ok = Oidcc.ProviderConfiguration.Worker.refresh_jwks_for_unknown_kid(pid, "kid") + """ + @spec refresh_jwks_for_unknown_kid(name :: GenServer.name(), kid :: String.t()) :: :ok + def refresh_jwks_for_unknown_kid(name, kid), + do: :oidcc_provider_configuration_worker.refresh_jwks_for_unknown_kid(name, kid) +end diff --git a/lib/oidcc/token.ex b/lib/oidcc/token.ex new file mode 100644 index 0000000..cfad972 --- /dev/null +++ b/lib/oidcc/token.ex @@ -0,0 +1,284 @@ +defmodule Oidcc.Token do + @moduledoc """ + Facilitate OpenID Code/Token Exchanges + """ + + use Oidcc.RecordStruct, + internal_name: :token, + record_name: :oidcc_token, + hrl: "include/oidcc_token.hrl" + + alias Oidcc.ClientContext + alias Oidcc.Token.Access + alias Oidcc.Token.Id + alias Oidcc.Token.Refresh + + @type t() :: %__MODULE__{ + id: Id.t() | none, + access: Access.t() | none, + refresh: Refresh.t() | none, + scope: :oidcc_scope.scopes() + } + + @doc """ + retrieve the token using the authcode received before and directly validate + the result. + + the authcode was sent to the local endpoint by the OpenId Connect provider, + using redirects + + For a high level interface using `Oidcc.ProviderConfiguration.Worker` + see `Oidcc.retrieve_token/5`. + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> {:ok, client_context} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> "client_id", + ...> "client_secret" + ...> ) + ...> + ...> # Get auth_code fromm redirect + ...> auth_code = "auth_code" + ...> + ...> Oidcc.Token.retrieve( + ...> auth_code, + ...> client_context, + ...> %{redirect_uri: "https://my.server/return"} + ...> ) + ...> # => {:ok, %Oidcc.Token{}} + + """ + @spec retrieve( + auth_code :: String.t(), + client_context :: ClientContext.t(), + opts :: :oidcc_token.retrieve_opts() + ) :: + {:ok, t()} | {:error, :oidcc_token.error()} + def retrieve(auth_code, client_context, opts) do + client_context = ClientContext.struct_to_record(client_context) + + with {:ok, token} <- :oidcc_token.retrieve(auth_code, client_context, opts) do + {:ok, record_to_struct(token)} + end + end + + @doc """ + Refresh Token + + For a high level interface using `Oidcc.ProviderConfiguration.Worker` + see `Oidcc.refresh_token/5`. + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> {:ok, client_context} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> "client_id", + ...> "client_secret" + ...> ) + ...> + ...> # Get refresh_token fromm redirect + ...> refresh_token = "refresh_token" + ...> + ...> Oidcc.Token.refresh( + ...> refresh_token, + ...> client_context, + ...> %{expected_subject: "sub"} + ...> ) + ...> # => {:ok, %Oidcc.Token{}} + + """ + @spec refresh( + refresh_token :: String.t(), + client_context :: ClientContext.t(), + opts :: :oidcc_token.refresh_opts() + ) :: {:ok, t()} | {:error, :oidcc_token.error()} + @spec refresh( + token :: t(), + client_context :: ClientContext.t(), + opts :: :oidcc_token.refresh_opts_no_sub() + ) :: {:ok, t()} | {:error, :oidcc_token.error()} + def refresh(token, client_context, opts) do + token = + case token do + token when is_binary(token) -> token + %__MODULE__{} = token -> struct_to_record(token) + end + + client_context = ClientContext.struct_to_record(client_context) + + with {:ok, token} <- :oidcc_token.refresh(token, client_context, opts) do + {:ok, record_to_struct(token)} + end + end + + @doc """ + Validate ID Token + + Usually the id token is validated using `retrieve/3`. + If you get the token passed from somewhere else, this function can validate it. + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> {:ok, client_context} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> "client_id", + ...> "client_secret" + ...> ) + ...> + ...> #Get IdToken from somewhere + ...> id_token = "id_token" + ...> + ...> Oidcc.Token.validate_id_token(id_token, client_context, :any) + ...> # => {:ok, %{"sub" => "sub", ... }} + + """ + @spec validate_id_token( + id_token :: String.t(), + client_context :: ClientContext.t(), + nonce :: String.t() | any + ) :: {:ok, :oidcc_jwt_util.claims()} | {:error, :oidcc_token.error()} + def validate_id_token(id_token, client_context, nonce), + do: + :oidcc_token.validate_id_token( + id_token, + ClientContext.struct_to_record(client_context), + nonce + ) + + @doc """ + Retrieve JSON Web Token (JWT) Profile Token + + See https://datatracker.ietf.org/doc/html/rfc7523#section-4 + + For a high level interface using `Oidcc.ProviderConfiguration.Worker` + see `Oidcc.jwt_profile_token/6`. + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://erlef-test-w4a8z2.zitadel.cloud" + ...> }) + ...> + ...> {:ok, client_context} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> "client_id", + ...> "client_secret" + ...> ) + ...> + ...> %{"key" => key, "keyId" => kid, "userId" => subject} = "JWT_PROFILE" + ...> |> System.fetch_env!() + ...> |> JOSE.decode() + ...> + ...> jwk = JOSE.JWK.from_pem(key) + ...> + ...> {:ok, %Oidcc.Token{}} = + ...> Oidcc.Token.jwt_profile( + ...> subject, + ...> client_context, + ...> jwk, + ...> %{scope: ["urn:zitadel:iam:org:project:id:zitadel:aud"], kid: kid} + ...> ) + + """ + @spec jwt_profile( + subject :: String.t(), + client_context :: ClientContext.t(), + jwk :: JOSE.JWK.t(), + opts :: :oidcc_token.jwt_profile_opts() + ) :: {:ok, t()} | {:error, :oidcc_token.error()} + def jwt_profile(subject, client_context, jwk, opts) do + jwk = JOSE.JWK.to_record(jwk) + client_context = ClientContext.struct_to_record(client_context) + + with {:ok, token} <- :oidcc_token.jwt_profile(subject, client_context, jwk, opts) do + {:ok, record_to_struct(token)} + end + end + + @doc """ + Retrieve Client Credential Token + + See https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.4 + + For a high level interface using `Oidcc.ProviderConfiguration.Worker` + see `Oidcc.client_credentials_token/4`. + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://erlef-test-w4a8z2.zitadel.cloud" + ...> }) + ...> + ...> {:ok, client_context} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> System.fetch_env!("CLIENT_CREDENTIALS_CLIENT_ID"), + ...> System.fetch_env!("CLIENT_CREDENTIALS_CLIENT_SECRET") + ...> ) + ...> + ...> {:ok, %Oidcc.Token{}} = + ...> Oidcc.Token.client_credentials( + ...> client_context, + ...> %{scope: ["scope"]} + ...> ) + + """ + @spec client_credentials( + client_context :: ClientContext.t(), + opts :: :oidcc_token.client_credentials_opts() + ) :: {:ok, t()} | {:error, :oidcc_token.error()} + def client_credentials(client_context, opts) do + client_context = ClientContext.struct_to_record(client_context) + + with {:ok, token} <- :oidcc_token.client_credentials(client_context, opts) do + {:ok, record_to_struct(token)} + end + end + + @impl Oidcc.RecordStruct + def record_to_struct(record) do + record + |> super() + |> update_if_not_none(:id, &Id.record_to_struct/1) + |> update_if_not_none(:access, &Access.record_to_struct/1) + |> update_if_not_none(:refresh, &Refresh.record_to_struct/1) + end + + @impl Oidcc.RecordStruct + def struct_to_record(struct) do + struct + |> update_if_not_none(:id, &Id.struct_to_record/1) + |> update_if_not_none(:access, &Access.struct_to_record/1) + |> update_if_not_none(:refresh, &Refresh.struct_to_record/1) + |> super() + end + + defp update_if_not_none(map, key, callback) do + Map.update!(map, key, fn + :none -> :none + other -> callback.(other) + end) + end +end diff --git a/lib/oidcc/token/access.ex b/lib/oidcc/token/access.ex new file mode 100644 index 0000000..a698076 --- /dev/null +++ b/lib/oidcc/token/access.ex @@ -0,0 +1,17 @@ +defmodule Oidcc.Token.Access do + @moduledoc """ + Access Token struct + """ + + use Oidcc.RecordStruct, + internal_name: :token, + record_name: :oidcc_token_access, + record_type_module: :oidcc_token, + record_type_name: :access, + hrl: "include/oidcc_token.hrl" + + @type t() :: %__MODULE__{ + token: String.t(), + expires: pos_integer() | :undefined + } +end diff --git a/lib/oidcc/token/id.ex b/lib/oidcc/token/id.ex new file mode 100644 index 0000000..3c3f5af --- /dev/null +++ b/lib/oidcc/token/id.ex @@ -0,0 +1,17 @@ +defmodule Oidcc.Token.Id do + @moduledoc """ + ID Token struct + """ + + use Oidcc.RecordStruct, + internal_name: :token, + record_name: :oidcc_token_id, + record_type_module: :oidcc_token, + record_type_name: :id, + hrl: "include/oidcc_token.hrl" + + @type t() :: %__MODULE__{ + token: String.t(), + claims: :oidcc_jwt_util.claims() + } +end diff --git a/lib/oidcc/token/refresh.ex b/lib/oidcc/token/refresh.ex new file mode 100644 index 0000000..5fb715e --- /dev/null +++ b/lib/oidcc/token/refresh.ex @@ -0,0 +1,16 @@ +defmodule Oidcc.Token.Refresh do + @moduledoc """ + Refresh Token struct + """ + + use Oidcc.RecordStruct, + internal_name: :token, + record_name: :oidcc_token_refresh, + record_type_module: :oidcc_token, + record_type_name: :refresh, + hrl: "include/oidcc_token.hrl" + + @type t() :: %__MODULE__{ + token: String.t() + } +end diff --git a/lib/oidcc/token_introspection.ex b/lib/oidcc/token_introspection.ex new file mode 100644 index 0000000..f8b5ce9 --- /dev/null +++ b/lib/oidcc/token_introspection.ex @@ -0,0 +1,69 @@ +defmodule Oidcc.TokenIntrospection do + @moduledoc """ + OAuth Token Introspection + + See https://datatracker.ietf.org/doc/html/rfc7662 + """ + + use Oidcc.RecordStruct, + internal_name: :introspection, + record_name: :oidcc_token_introspection, + hrl: "include/oidcc_token_introspection.hrl" + + alias Oidcc.ClientContext + alias Oidcc.Token + + @type t() :: %__MODULE__{ + active: boolean(), + client_id: binary(), + exp: pos_integer(), + scope: :oidcc_scope.scopes(), + username: binary() + } + + @doc """ + Introspect the given access token + + For a high level interface using `Oidcc.ProviderConfiguration.Worker` + see `Oidcc.introspect_token/5`. + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> {:ok, client_context} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> "client_id", + ...> "client_secret" + ...> ) + ...> + ...> Oidcc.TokenIntrospection.introspect( + ...> "access_token", + ...> client_context + ...> ) + ...> # => {:ok, %Oidcc.TokenIntrospection{}} + """ + @spec introspect( + token :: String.t() | Token.t(), + client_context :: ClientContext.t(), + opts :: :oidcc_token_introspection.opts() + ) :: {:ok, t()} | {:error, :oidcc_token_introspection.error()} + def introspect(token, client_context, opts \\ %{}) do + client_context = ClientContext.struct_to_record(client_context) + + token = + case token do + token when is_binary(token) -> token + %Token{} = token -> Token.struct_to_record(token) + end + + with {:ok, introspection} <- + :oidcc_token_introspection.introspect(token, client_context, opts) do + {:ok, record_to_struct(introspection)} + end + end +end diff --git a/lib/oidcc/userinfo.ex b/lib/oidcc/userinfo.ex new file mode 100644 index 0000000..cead486 --- /dev/null +++ b/lib/oidcc/userinfo.ex @@ -0,0 +1,63 @@ +defmodule Oidcc.Userinfo do + @moduledoc """ + OpenID Connect Userinfo + + See https://openid.net/specs/openid-connect-core-1_0.html#UserInfo + """ + + alias Oidcc.ClientContext + alias Oidcc.Token + + @doc """ + Load userinfo for the given token + + For a high level interface using `Oidcc.ProviderConfiguration.Worker` + see `Oidcc.retrieve_userinfo/5`. + + ## Examples + + iex> {:ok, pid} = + ...> Oidcc.ProviderConfiguration.Worker.start_link(%{ + ...> issuer: "https://login.yahoo.com" + ...> }) + ...> + ...> {:ok, client_context} = + ...> Oidcc.ClientContext.from_configuration_worker( + ...> pid, + ...> "client_id", + ...> "client_secret" + ...> ) + ...> + ...> # Get access_token from Oidcc.Token.retrieve/3 + ...> access_token = "access_token" + ...> + ...> Oidcc.Userinfo.retrieve( + ...> access_token, + ...> client_context, + ...> %{expected_subject: "sub"} + ...> ) + ...> # => {:ok, %{"sub" => "sub"}} + + """ + @spec retrieve( + access_token :: String.t(), + client_context :: ClientContext.t(), + opts :: :oidcc_userinfo.retrieve_opts() + ) :: {:ok, :oidcc_jwt_util.claims()} | {:error, :oidcc_userinfo.error()} + @spec retrieve( + token :: Token.t(), + client_context :: ClientContext.t(), + opts :: :oidcc_userinfo.retrieve_opts() + ) :: {:ok, :oidcc_jwt_util.claims()} | {:error, :oidcc_userinfo.error()} + def retrieve(token, client_context, opts) do + token = + case token do + token when is_binary(token) -> token + %Token{} = token -> Token.struct_to_record(token) + end + + client_context = ClientContext.struct_to_record(client_context) + + :oidcc_userinfo.retrieve(token, client_context, opts) + end +end diff --git a/lib/record_struct.ex b/lib/record_struct.ex new file mode 100644 index 0000000..fe6401e --- /dev/null +++ b/lib/record_struct.ex @@ -0,0 +1,51 @@ +defmodule Oidcc.RecordStruct do + @moduledoc false + + @callback record_to_struct(record :: tuple()) :: struct() + @callback struct_to_record(struct :: struct()) :: tuple() + + defmacro __using__(options) do + internal_name = Keyword.fetch!(options, :internal_name) + record_name = Keyword.fetch!(options, :record_name) + record_type_module = Keyword.get(options, :record_type_module, record_name) + record_type_name = Keyword.get(options, :record_type_name, :t) + hrl = Keyword.fetch!(options, :hrl) + + quote bind_quoted: [ + internal_name: internal_name, + record_name: record_name, + record_type_module: record_type_module, + record_type_name: record_type_name, + hrl: hrl, + behaviour: __MODULE__ + ] do + @behaviour behaviour + + require Record + + record = Record.extract(record_name, from: hrl) + keys = :lists.map(&elem(&1, 0), record) + vals = :lists.map(&{&1, [], nil}, keys) + pairs = :lists.zip(keys, vals) + + Record.defrecordp(internal_name, record_name, record) + + defstruct record + + @doc false + @impl behaviour + @spec record_to_struct(record :: unquote(record_type_module).unquote(record_type_name)()) :: + t() + def record_to_struct(record), do: struct!(__MODULE__, unquote(internal_name)(record)) + + @doc false + @impl behaviour + @spec struct_to_record(struct :: t()) :: + unquote(record_type_module).unquote(record_type_name)() + def struct_to_record(%__MODULE__{unquote_splicing(pairs)}), + do: {unquote(record_name), unquote_splicing(vals)} + + defoverridable record_to_struct: 1, struct_to_record: 1 + end + end +end diff --git a/mix.exs b/mix.exs new file mode 100644 index 0000000..d758621 --- /dev/null +++ b/mix.exs @@ -0,0 +1,79 @@ +defmodule Oidcc.Mixfile do + use Mix.Project + + {:ok, [{:application, :oidcc, props}]} = :file.consult(~c"src/oidcc.app.src") + @props Keyword.take(props, [:applications, :description, :env, :mod, :licenses, :vsn]) + + def project() do + [ + app: :oidcc, + version: to_string(@props[:vsn]), + elixir: "~> 1.15", + erlc_options: erlc_options(Mix.env()), + build_embedded: Mix.env() == :prod, + start_permanent: Mix.env() == :prod, + deps: deps(), + name: "Oidcc", + source_url: "https://github.com/Erlang-Openid/oidcc", + docs: &docs/0, + description: to_string(@props[:description]), + package: package(), + aliases: [docs: ["compile", &rebar3_doc_chunks/1, "docs"]], + test_coverage: [ignore_modules: [Oidcc.RecordStruct]] + ] + end + + def application() do + [extra_applications: [:inets, :ssl]] + end + + defp deps() do + [ + {:telemetry, "~> 1.2"}, + {:jose, "~> 1.11"}, + {:jsx, "~> 3.1"}, + {:mock, "~> 0.3.8", only: :test}, + {:ex_doc, "~> 0.29.4", only: :dev, runtime: false}, + {:credo, "~> 1.7", only: :dev, runtime: false}, + {:dialyxir, "~> 1.4", only: :dev, runtime: false} + ] + end + + defp erlc_options(:prod), do: [] + + defp erlc_options(_enc), + do: [:debug_info, :warn_unused_import, :warn_export_vars, :warnings_as_errors, :verbose] + + defp package() do + [ + maintainers: ["Jonatan Männchen"], + build_tools: ["rebar3", "mix"], + files: [ + "include", + "lib", + "LICENSE*", + "mix.exs", + "README*", + "rebar.config", + "src" + ], + licenses: Enum.map(@props[:licenses], &to_string/1), + links: %{"Github" => "https://github.com/Erlang-Openid/oidcc"} + ] + end + + defp docs do + {ref, 0} = System.cmd("git", ["rev-parse", "--verify", "--quiet", "HEAD"]) + + [ + source_ref: ref, + main: "Oidcc", + extras: ["README.md"], + groups_for_modules: [Erlang: [~r/oidcc/], "Elixir": [~r/Oidcc/]] + ] + end + + defp rebar3_doc_chunks(_args) do + {_out, 0} = System.cmd("rebar3", ["edoc"], into: IO.stream()) + end +end diff --git a/priv/test/fixtures/SECRET_NOTE.md b/priv/test/fixtures/SECRET_NOTE.md new file mode 100644 index 0000000..b501feb --- /dev/null +++ b/priv/test/fixtures/SECRET_NOTE.md @@ -0,0 +1,5 @@ +# Note about the Secrets in the Fixtures + +The secrets contained in this fixture directory were intentionally leaked. They +do not have any capabilities besides logging in and this makes development +simpler for contributors. \ No newline at end of file diff --git a/priv/test/fixtures/example-metadata.json b/priv/test/fixtures/example-metadata.json new file mode 100644 index 0000000..9b2e788 --- /dev/null +++ b/priv/test/fixtures/example-metadata.json @@ -0,0 +1,89 @@ +{ + "issuer": "https://my.provider", + "authorization_endpoint": "https://my.provider/auth", + "device_authorization_endpoint": "https://my.provider/device/code", + "token_endpoint": "https://my.provider/token", + "introspection_endpoint": "https://my.provider/introspection", + "userinfo_endpoint": "https://my.provider/userinfo", + "revocation_endpoint": "https://my.provider/revoke", + "jwks_uri": "https://my.provider/jwks", + "response_types_supported": [ + "code", + "token", + "id_token", + "code token", + "code id_token", + "token id_token", + "code token id_token", + "none" + ], + "subject_types_supported": ["public"], + "id_token_signing_alg_values_supported": ["none", "RS256"], + "scopes_supported": ["openid", "email", "profile"], + "token_endpoint_auth_methods_supported": [ + "client_secret_post", + "client_secret_basic", + "unsupporeted_auth" + ], + "claims_supported": [ + "aud", + "email", + "email_verified", + "exp", + "family_name", + "given_name", + "iat", + "iss", + "locale", + "name", + "picture", + "sub" + ], + "code_challenge_methods_supported": ["plain", "S256"], + "grant_types_supported": [ + "authorization_code", + "refresh_token", + "urn:ietf:params:oauth:grant-type:device_code", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ], + "userinfo_signing_alg_values_supported": [ + "none", + "RS256", + "RS384", + "RS512", + "PS256", + "PS384", + "PS512", + "ES256", + "ES256K", + "ES384", + "ES512", + "EdDSA" + ], + "userinfo_encryption_alg_values_supported": [ + "RSA1_5", + "RSA-OAEP", + "RSA-OAEP-256", + "RSA-OAEP-384", + "RSA-OAEP-512", + "ECDH-ES", + "ECDH-ES+A128KW", + "ECDH-ES+A192KW", + "ECDH-ES+A256KW", + "A128KW", + "A192KW", + "A256KW", + "A128GCMKW", + "A192GCMKW", + "A256GCMKW", + "dir" + ], + "userinfo_encryption_enc_values_supported": [ + "A128CBC-HS256", + "A192CBC-HS384", + "A256CBC-HS512", + "A128GCM", + "A192GCM", + "A256GCM" + ] +} diff --git a/priv/test/fixtures/google-jwks.json b/priv/test/fixtures/google-jwks.json new file mode 100644 index 0000000..436f72a --- /dev/null +++ b/priv/test/fixtures/google-jwks.json @@ -0,0 +1,20 @@ +{ + "keys": [ + { + "kty": "RSA", + "alg": "RS256", + "kid": "c7e1141059a19b218209bc5af7a81a720e39b500", + "e": "AQAB", + "n": "rHXjB-RvfTDtw7LEaEai8rl8vyi8q2cGNy78jAyBMAwZYQVcqlvkx5Xuw-_oEaWoYcAPBLTqD1FCz4LvawiXMu0QFAl_rgzzbjvp_CHcKVnYCTlKJF6wwfegkmdneJV5m0k6-_o7sqouNtSVQNF-gR2W3DKb88WB2_b9SNR24ZLf4j7kH_JGUo8mj4K0gc4F2ZtBrTxunWmKdrAqWx6hdQUoe1tJaff2VJQs5YtVNtGj1Iuh6y3q-Sfp4BdOmP9KYljmwAQ0HKRVkgClNkChZzpj23nQhFrtGNcZIyCsbSs5qMJsUZ3LygK-TZZ9ykx5CxyWXNPdry6trDFVosdbEQ", + "use": "sig" + }, + { + "kty": "RSA", + "e": "AQAB", + "alg": "RS256", + "kid": "838c06c62046c2d948affe137dd5310129f4d5d1", + "n": "hsYvCPtkUV7SIxwkOkJsJfhwV_CMdXU5i0UmY2QEs-Pa7v0-0y-s4EjEDtsQ8Yow6hc670JhkGBcMzhU4DtrqNGROXebyOse5FX0m0UvWo1qXqNTf28uBKB990mY42Icr8sGjtOw8ajyT9kufbmXi3eZKagKpG0TDGK90oBEfoGzCxoFT87F95liNth_GoyU5S8-G3OqIqLlQCwxkI5s-g2qvg_aooALfh1rhvx2wt4EJVMSrdnxtPQSPAtZBiw5SwCnVglc6OnalVNvAB2JArbqC9GAzzz9pApAk28SYg5a4hPiPyqwRv-4X1CXEK8bO5VesIeRX0oDf7UoM-pVAw", + "use": "sig" + } + ] +} diff --git a/priv/test/fixtures/google-metadata.json b/priv/test/fixtures/google-metadata.json new file mode 100644 index 0000000..8a7a5ea --- /dev/null +++ b/priv/test/fixtures/google-metadata.json @@ -0,0 +1,58 @@ +{ + "issuer": "https://accounts.google.com", + "authorization_endpoint": "https://accounts.google.com/o/oauth2/v2/auth", + "device_authorization_endpoint": "https://oauth2.googleapis.com/device/code", + "token_endpoint": "https://oauth2.googleapis.com/token", + "userinfo_endpoint": "https://openidconnect.googleapis.com/v1/userinfo", + "revocation_endpoint": "https://oauth2.googleapis.com/revoke", + "jwks_uri": "https://www.googleapis.com/oauth2/v3/certs", + "response_types_supported": [ + "code", + "token", + "id_token", + "code token", + "code id_token", + "token id_token", + "code token id_token", + "none" + ], + "subject_types_supported": [ + "public" + ], + "id_token_signing_alg_values_supported": [ + "RS256" + ], + "scopes_supported": [ + "openid", + "email", + "profile" + ], + "token_endpoint_auth_methods_supported": [ + "client_secret_post", + "client_secret_basic" + ], + "claims_supported": [ + "aud", + "email", + "email_verified", + "exp", + "family_name", + "given_name", + "iat", + "iss", + "locale", + "name", + "picture", + "sub" + ], + "code_challenge_methods_supported": [ + "plain", + "S256" + ], + "grant_types_supported": [ + "authorization_code", + "refresh_token", + "urn:ietf:params:oauth:grant-type:device_code", + "urn:ietf:params:oauth:grant-type:jwt-bearer" + ] +} diff --git a/priv/test/fixtures/jwk.pem b/priv/test/fixtures/jwk.pem new file mode 100644 index 0000000..26bce13 --- /dev/null +++ b/priv/test/fixtures/jwk.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCiATYxfeiE9k5M +A5ZFyf7p3hm2H4P+WKsDmbc7HMEgykRpnr1UD4g/vJExvdI/Inuwq8o4xyU8bcS6 +vdx+oIO+DlplQn3039qQNHTBos4N1GtEDz15sLR2X5imyXCnpQkj0w54EEJJKJp/ +tkTrOMV7Q5sXsoyqL5PxAjhDldNOSk379DYdGamZcYJhyDrdFwRQ+CCNaREnoi95 +fEROESwz6tdFd45Vp3zTkZzTQGNB4G68roIGRlYn3MaZwQwHES+QTxmsOZQmZ+WL +peLbPCaC6ai3IJR21laEyZ0lMZUihCP5LXjrzIkKsKFDxip7htbJLQhJt1r/oVHq +v9Qd0uyfAgMBAAECggEATm3WviQN3tzdL+impfex/KeE/AoK3SYw+IfA0JHNn6G8 +eAOc9ealF/IiupmCgQUhK3knZ9BlYvljPeKvre/oh6isM4x6rQN4bMqwYZP/PGvD +WEomgVS+MPZ70PcBnm+D2r+RKCf65y8MiNqFR/kOhevHWDQc7EEnVoy0D2gnyaTj +E8Zl3BjY/lbudOYhYLFdYenRlmq7o6IxY0LUUs+mPMa9ShpE1nqeq+af/86IM4mc +pyUPOn8ReMfDdIN4smfp8f0Sn1ec44i7e2tXY7F8zlXuTxRK0aj9jheIvzHCG/X3 +IeTIlpEPifv0L+h9FOlTj8NdxJXh9n7ZLHkn1DG2fQKBgQDF7pHprarGqCzONAQh +PezwKRU6sKfEbe1SK9eBPESwa3Xg5k6Yspb0a2i0Labn74NF42kKYhpY3/5wnbt8 +K91m8lmQE/dV0/HON0hGqJj3wjorOMZ+7+NUjJjHrA/5v4Qy19oRVoeRxrLsprv3 +lZuaM7oEyrcY84TV1po8X7eLJQKBgQDRiGAilDJRZ9azYZ93RcwjXwOf5IGrXlFO ++sznNECbpqhBMKrpHco9tetq/k+LReQkvVse6cxiLFDkve33oxJHkBW3+GlkFiaX +CjUjmDH7j+qTgkrqbbMjWV2UiMrn/1KGP8glm0BLEiWKE4kWYlTBY9biRQB80RYN +dD8epQNPcwKBgDwCrx6oVuTQTHVgc/gYLGRMMHGQ6ey2X4PQYxB9012h1yWO7jmB +vB7zCdXHGZmslqJz5n8Na2uSzjQavqNRMVlrFRiH1S+iiOe6/yDdMTO9IaHFHvmR +hd02m4O+eUGBfXVk2Gr1Tzk1gz4Y91iDdZ/1GuslAwp/msCyxiST6LQ5AoGBALOo +jE155j8YmuYKAZJiPWvirxfs9SX75BmlQAXKLs+HMWNcGF9zlJIfJvEBhzCyx7Cc +z8GM1BslRmMrWxxnLWhA6e5pR+xydboyHWgculapiofaQuQJFX1sxalzNQ+BQ8Aq +djGQkasMrzVaFMQloeiD857lbUqYeKEmmGxtLo5zAoGAMXohk0R158N2gZLMzio+ +GHrrGzig0BIlhg2lQKcExeCqdjVyEGKjt8Gtuy89g8rqz9sj7VX29KxJGxmtR0h7 +a0fluMsvxMWBFH6YRc8UXYSG8p4UU7MMAj3Prvzo5vrvO2EmHrIlLbmS/cbrcNyb +ybJ+TXTdi/42CXDIriJeTlc= +-----END PRIVATE KEY----- diff --git a/priv/test/fixtures/zitadel-client-credentials.json b/priv/test/fixtures/zitadel-client-credentials.json new file mode 100644 index 0000000..b6e894b --- /dev/null +++ b/priv/test/fixtures/zitadel-client-credentials.json @@ -0,0 +1,4 @@ +{ + "clientId": "Client Credential Test", + "clientSecret": "wb3poHlNp6fEvcspSnAwnfnkUET0LxbafbsL3kftJuVybcJkHRomGNNgcX3Hl3yf" +} \ No newline at end of file diff --git a/priv/test/fixtures/zitadel-jwt-profile.json b/priv/test/fixtures/zitadel-jwt-profile.json new file mode 100644 index 0000000..06d2b6e --- /dev/null +++ b/priv/test/fixtures/zitadel-jwt-profile.json @@ -0,0 +1 @@ +{"type":"serviceaccount","keyId":"231391598506688947","key":"-----BEGIN RSA PRIVATE KEY-----\nMIIEnwIBAAKCAQEAqs0iSW++JmevwUL+8PYMxNsMxjOB7VJ+0hL6gsAj8misVUrM\nU1dJp/POfvZw6Yj4WPmOOJ2tWD7O6ccOInD1+Ued4+RidgzRm1cqXYgeBspg7Bhz\n0lMYvdnq1XqlE/ZZJFonX3p55pWUuWe86/T5xqgXA3KUf6U1xHK2BxYnQ4mCPz86\n+steQhsiUUuNpzU/yuYJg7GxzvrJicHQtUhzFSlEL25x4hP9LIc16LI9QN3KQ1Eh\n2Lj/PQbptNtegfDZT7Ltry1olWRziPaX5apsv3dgACKMjEceXhpahvaCwVHbQqsY\ngoGpnRjwBEfPkG1Z0cRI8C29Si/tUubxKG3qpQIDAQABAoIBAQCoJJudWdECs85U\n3mRlyIOXg+FWeTxt6mmI20AcWZTJvfvxV1pArUyId76QRIGxlbKOvNYirC8LEYHW\nqKwkgbnUdolb4OiBOGtclnnRa//LRY4Wvpe+tSlFNPM2x68dMMZewBXEq6i3tAee\nYh6c1yTRSYamUTUZWAXPZ/IEle1/UJLfYlFmGia5nPyR7n8iID113ycHBxysHiSl\nuo7BYQu16eyXcNWJq1YZrHFl/jDriT8imtuIpzse+hVp2Xf1cshlr5RlwXzitHmC\nZpQSgbFAEkwMpNPAn72FT5Y4RjJ8R4q7HgZWJRNEJ8eNBMZcg9YstHldxaPkoXrB\nDRX3xxvBAoGBANG8Ja3YySUSvOU8VVnXNZRxfzCUTIT/8MOu5LF9RmTftcquNtjH\nHuryFrjDDE+2kM4B/COwmO2m0vA2uY4qBGWS8LOnTGcQVYaTA9F5naFBADnQm33D\nZ5z8Jge0FHwoEVc7AENWRcHR9Z9PuuRUGD4PLVA4SX8BZvrCBIbnPVXxAoGBANB6\nYahd/nFPAHGM5IRZ9XENPRG9UrmrgMG0uh1jyogbtV9NjooyG1fMWb2Gd7m4Te9d\nKswPNBqPt/V2JyvcSZSWCyUynj4hHsPLNZDOjRx/IT8h4uHku+mPlNUx9hCamduk\nwFhZNH/nYK0/HB/hmL1F8i61je8RMUqEcQv6Dlv1An8xJ+es1yJNjha3o2xdohLs\nt60Xtao5gcLsGhF/h9z3x3bUCgDQzdpxNkwdAZnhFOjbX5u4wasWCANoSWsz5qUh\nKU9Ay/UcMrfY0pwSfG51XMawxjOrRiECqhY/t/UVJE7sIufs4Et5IbxvmkAzQ4Jr\nCSOVqZuQKMP6AX8OHyRBAn8N2BKkG5nJ7HUbFUAXieHCoB5uDyRvL/Rc6KNzUC0i\n3LQun/fXNXybV/adn1BUBOkn/AfbhSbwnJqasj3nq7k3JL+YuMPJXGmuls/3zb+R\nJOAQUS+/0HCqEd7QSYENmTaeX1Jmi4Xw+GxzFL3JYDHEX+C1OVkzhvC/Agx/vxs1\nAoGASbPVbsDEdg2Zt80RHTTBlxw9+WQ9rx9g99AyfGhsxVpqtlr2qEUZ4SM9D1CR\ndYmBv6RT4jJy+vM8IigeEYpNJVlsLc+Ocp8wdvF1eLC6KJsWAPz8kd1I0V7mZBe6\namWuVErFxY9NQCQwrghx3Q+eE2No4ZDmL5kz2J9hqE3VSfg=\n-----END RSA PRIVATE KEY-----\n","userId":"231391584430604723"} \ No newline at end of file diff --git a/rebar.config b/rebar.config index 8a16ff1..d3905e6 100644 --- a/rebar.config +++ b/rebar.config @@ -1,49 +1,37 @@ -{minimum_otp_vsn, "21.3"}. - -{erl_opts, [debug_info]}. - -{deps, [ - {erljwt, "~> 2.0.7"}, - {hackney, "~> 1.18"} - ] -}. - -{plugins, [ - rebar3_lint, - rebar3_format, - rebar3_hex - ]}. - -{profiles, [ - {test, [ - {deps, [{meck, "0.9.2"}, {certifi, "2.7.0"}]}, - {cover_enabled, true} - ]} - ]}. - -{elvis, [ - % #{dirs => ["."], - % filter => "elvis.config", - % ruleset => elvis_config }, - #{dirs => ["src"], - filter => "*.erl", - ruleset => erl_files, - rules => [ - {elvis_style, invalid_dynamic_call, #{ignore => [oidcc_client]}}, - % TODO: Remove when https://github.com/inaka/elvis_core/issues/170 is fixed - {elvis_style, atom_naming_convention, disable}, - % TODO: Introduce state type - {elvis_style, state_record_and_type, disable} - ]}, - #{dirs => ["."], - filter => "Makefile", - ruleset => makefiles }, - #{dirs => ["."], - filter => "rebar.config", - ruleset => rebar_config } - ] }. - -{format, [ - {files, ["src/*.erl", "test/*.erl"]}, - {formatter , default_formatter} +{erl_opts, [warn_unused_import, warn_export_vars, verbose, report, debug_info]}. + +{minimum_otp_vsn, "26"}. + +{deps, [{telemetry, "~> 1.2"}, {jose, "~> 1.11"}, {meck, "~> 0.9.2"}]}. + +{project_plugins, [ + coveralls, + erlfmt, + rebar3_hank, + rebar3_lint ]}. + +{validate_app_modules, true}. + +{edoc_opts, [ + {doclet, edoc_doclet_chunks}, + {layout, edoc_layout_chunks}, + {preprocess, true}, + {dir, "_build/dev/lib/oidcc/doc"} +]}. + +{hank, [{ignore, [{"test/**/*_SUITE.erl", [unnecessary_function_arguments]}, "include/**/*.hrl"]}]}. + +{erlfmt, [write]}. + +{cover_enabled, true}. + +{cover_export_enabled, true}. + +{coveralls_coverdata, "_build/test/cover/*.coverdata"}. + +{coveralls_service_name, "github"}. + +{cover_opts, [verbose]}. + +{shell, [{apps, [oidcc]}]}. diff --git a/rebar.config.script b/rebar.config.script new file mode 100644 index 0000000..f01af06 --- /dev/null +++ b/rebar.config.script @@ -0,0 +1,16 @@ +case {os:getenv("GITHUB_ACTIONS"), os:getenv("GITHUB_TOKEN")} of + {"true", Token} when is_list(Token) -> + CONFIG1 = [{coveralls_repo_token, Token}, + {coveralls_service_job_id, os:getenv("GITHUB_RUN_ID")}, + {coveralls_commit_sha, os:getenv("GITHUB_SHA")}, + {coveralls_service_number, os:getenv("GITHUB_RUN_NUMBER")} | CONFIG], + case os:getenv("GITHUB_EVENT_NAME") =:= "pull_request" + andalso string:tokens(os:getenv("GITHUB_REF"), "/") of + [_, "pull", PRNO, _] -> + [{coveralls_service_pull_request, PRNO} | CONFIG1]; + _ -> + CONFIG1 + end; + _ -> + CONFIG +end. \ No newline at end of file diff --git a/rebar.lock b/rebar.lock deleted file mode 100644 index f43577a..0000000 --- a/rebar.lock +++ /dev/null @@ -1,38 +0,0 @@ -{"1.2.0", -[{<<"base64url">>,{pkg,<<"base64url">>,<<"1.0.1">>},1}, - {<<"certifi">>,{pkg,<<"certifi">>,<<"2.8.0">>},1}, - {<<"erljwt">>,{pkg,<<"erljwt">>,<<"2.0.7">>},0}, - {<<"hackney">>,{pkg,<<"hackney">>,<<"1.18.0">>},0}, - {<<"idna">>,{pkg,<<"idna">>,<<"6.1.1">>},1}, - {<<"jsone">>,{pkg,<<"jsone">>,<<"1.6.1">>},1}, - {<<"metrics">>,{pkg,<<"metrics">>,<<"1.0.1">>},1}, - {<<"mimerl">>,{pkg,<<"mimerl">>,<<"1.2.0">>},1}, - {<<"parse_trans">>,{pkg,<<"parse_trans">>,<<"3.3.1">>},1}, - {<<"ssl_verify_fun">>,{pkg,<<"ssl_verify_fun">>,<<"1.1.6">>},1}, - {<<"unicode_util_compat">>,{pkg,<<"unicode_util_compat">>,<<"0.7.0">>},1}]}. -[ -{pkg_hash,[ - {<<"base64url">>, <<"F8C7F2DA04CA9A5D0F5F50258F055E1D699F0E8BF4CFDB30B750865368403CF6">>}, - {<<"certifi">>, <<"D4FB0A6BB20B7C9C3643E22507E42F356AC090A1DCEA9AB99E27E0376D695EBA">>}, - {<<"erljwt">>, <<"15C76E9E17B3DB2A1AA105EBA0AB384BA09D5C5742376F074DFF39A0CC67578C">>}, - {<<"hackney">>, <<"C4443D960BB9FBA6D01161D01CD81173089686717D9490E5D3606644C48D121F">>}, - {<<"idna">>, <<"8A63070E9F7D0C62EB9D9FCB360A7DE382448200FBBD1B106CC96D3D8099DF8D">>}, - {<<"jsone">>, <<"7EA1098FE004C4127320FE0E3CF6A951B01F82039FEAA56C322DC7E34DD59762">>}, - {<<"metrics">>, <<"25F094DEA2CDA98213CECC3AEFF09E940299D950904393B2A29D191C346A8486">>}, - {<<"mimerl">>, <<"67E2D3F571088D5CFD3E550C383094B47159F3EEE8FFA08E64106CDF5E981BE3">>}, - {<<"parse_trans">>, <<"16328AB840CC09919BD10DAB29E431DA3AF9E9E7E7E6F0089DD5A2D2820011D8">>}, - {<<"ssl_verify_fun">>, <<"CF344F5692C82D2CD7554F5EC8FD961548D4FD09E7D22F5B62482E5AEAEBD4B0">>}, - {<<"unicode_util_compat">>, <<"BC84380C9AB48177092F43AC89E4DFA2C6D62B40B8BD132B1059ECC7232F9A78">>}]}, -{pkg_hash_ext,[ - {<<"base64url">>, <<"F9B3ADD4731A02A9B0410398B475B33E7566A695365237A6BDEE1BB447719F5C">>}, - {<<"certifi">>, <<"6AC7EFC1C6F8600B08D625292D4BBF584E14847CE1B6B5C44D983D273E1097EA">>}, - {<<"erljwt">>, <<"61266D3D3CB35B3EA341916CE73B0AEFE0FACE260B402729AE7426EB8D5293C3">>}, - {<<"hackney">>, <<"9AFCDA620704D720DB8C6A3123E9848D09C87586DC1C10479C42627B905B5C5E">>}, - {<<"idna">>, <<"92376EB7894412ED19AC475E4A86F7B413C1B9FBB5BD16DCCD57934157944CEA">>}, - {<<"jsone">>, <<"A6C1DF6081DF742068D2ED747A4FE8A7740C56421B53E02BC9D4907DD3502922">>}, - {<<"metrics">>, <<"69B09ADDDC4F74A40716AE54D140F93BEB0FB8978D8636EADED0C31B6F099F16">>}, - {<<"mimerl">>, <<"F278585650AA581986264638EBF698F8BB19DF297F66AD91B18910DFC6E19323">>}, - {<<"parse_trans">>, <<"07CD9577885F56362D414E8C4C4E6BDF10D43A8767ABB92D24CBE8B24C54888B">>}, - {<<"ssl_verify_fun">>, <<"BDB0D2471F453C88FF3908E7686F86F9BE327D065CC1EC16FA4540197EA04680">>}, - {<<"unicode_util_compat">>, <<"25EEE6D67DF61960CF6A794239566599B09E17E668D3700247BC498638152521">>}]} -]. diff --git a/rebar3 b/rebar3 deleted file mode 100755 index a83d554a5b3d899fd25f9d2a0903da673c363828..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 944741 zcmaI7Q;;r9(52fpcH6dg+qP{RZ`;Oh+qP}nwr$(?d~?o;IPqW1++@b8h^mWqlNt47 zk`U3mI62ZA0c`0_ZCwdXos1m;_RcV5WQ0nlMuv{egv@^#+5a;9cR)l)<7DLQLP#UX z2%{hk3Wf><1Ox>%4nv|$k^6*t@}C+51_HwWFB=)zxHvf*8e5psoBr>I|9}10(B9rg zLDp)J0j~R19V%CLLC=jg$|ZE6-xHR1EIcJ`qoF=|0P6eJNj%@QQK0m-xD?#jxkbF* zznRf@Cg5Ad6MS}&4)mCB{Y_d~dorzur~rx#B6dN(ZdeBN>K20Vs8E=Q5T6dkI~c5X zoGA8s|1H19580so=%5S0c4?+7h!V|~%7X3e_JPRXJl4UTS~+%38`xMf@M57kp+s%c zOk*SFm9x)GdSsxWN;;g)u^8R!$G?K*{r9e5r|QbAuqi{t$QQ6VKf#h&g4i?t8uoH; z=~A7Bq+h}7gK6g0d63VK=F|8A{68J?unnp$ zc)oJYn?IL<$RrG^4cWEnC7iFujS4d@HZoFDa;azNow}*zG#R4}n;PL#yQ4?9)K#Ef zmBf9g<|aNGaV%uxM~W$fD*d-K*U@mo#wmi;Go*jS$)%R<`l4w?&j~h$*rxo-*6r29 zwjIIOyGlX*6McTcqWvIRPNig0u2P!@Z6eXIRjqPqV}wRol~(+s<}_uCs`aXQd5iaN z5Y8|Rfa5|Hn@jhk4JG(IfxV+tA;VSt(zaTI5{dbEUAU|ZriV-pBwa!#kdh4JBs<4Ol zy72uiup`%&G8jl$rngsL9%J1?^-CpJhbyUBeww2CpF(A=5dMyeBzhxmXqKqRV-&G0 zPcQ1*D;?^>r1o&)fGTC|v&9_|J9S|{d#6{T7%Dvrhxv66m|M9B&C)%zKQxDn&7Kai zlYLc}os0gCP)y=E*bkcblH=%(+PC0 zR*n+VALt{JvaY0w3oFG~iL`uJ2^}6wbzdf#XcKjDRK_hPi~wf+ixuPaG{Zo`EYyG_~i)w1%d1gu#T8zv)z=!c(;uDQ&}L*jQ$1w;8(ca*g1> zeL0fb5X=Azrym*V)3kg%^(?+cxpyZ_?TvF$0*lLLStE7=PU|>EjF%XxR^AS|8Url8?S@zkU@^|%FM1_2O<>}0IkOnTTge=& zXneh2_x7JBajeE6Q=cb7{7v&?;l=!K`VC~7M5FYPR8t6HZl=HyceA+)yDfiJ zEKTZ~7+RE;k!z3n%mCI(W<}kYQIqTgk&=c5{P>bYNzD@6QN|kU#-1cN>=DhQ3mGSc>s^1>0q1w2U>_YI4D8&|2Pon_;~9w2Yb(twZJXLC91_!ukW7wI+;ueDVQF zi?hr_(u|4cQJIWUG>>SIr_=})<{;+awYuApnTakZ4_d0LR)!{2Q?l!1-6?(LkmE|i z9~upl;*r!zcc~JagmMy@SnP#U*F+~cX%_h`!)`Ql04TtIZK7lv`=vuo2S+l@ip6)j zt1ag$xfbHZ$RS-ynww@iUXmnHu7X)iO|aZu8yPrDP7*ia+-Ar6lkHGV&^#IaQiCUiXvwG|H$4tDhb%y~6RtrdFHvb)=%jDzWF z*NA$eE{f51%-BVYWenR`zn$1tUjJAvU$5HvsL|s=h;k12>ibnu;r-& zqx%d1MxK91FR_*E(ai;0kHBXdYSf<^2=ke#+KrRXw&xEXa{~8y*da%e7#u_YLiQpt z(hPap=pYDH=CB2hA{+5~W!iJ5m_FnfsC#~0Cxt(~y)3CExY*u4hcG1((f?%V(T6%w>n~aRF=*jO*+Pkh8#ouvD*x+ZiJ@ke zDe)XGQ4v=qhF{Vob%IbjcOPjonz&y}gLu$^aqeiB&iNw@R0bT4D070NfvO3aa7o$6 z9FuQmaKaMcy^UTezcs|RH(P)l(@|!}GAt_)AjkL?JZ8Zo%y?U8!E=Gj`oO1O3*%g) znOEJ$X>u{vj+Br*gD(nyh#dsXeumQHfGFw8$=$vLL@No-yA8`Zl zmW%zW6Bb?>V-`Co*hC-NEsjSsQA2$B=yO~$G(tUmNBlzThxZ?;SCS0J#{;z#esV`O zCBp=~R5Psx>kv)rFnIMqg9+lazn3T^9P@av6a!y#`E~smqnKAs=LQ@@vcx+giK)!l zRh6!GLRoZxrvN~JVJ>3e{wuN(q*rE_+dzyNTAdAfYn*bUNLjjN2)$(3CKU5QU(_{r zFFdSB68V}ey98>?kUz;L6>!7RJ8s1~LWSG?(|l2J-vjyDX}(k8;omnKQh#Al2$X}D zr#hAdYCz-t3~rTAXFM!?@!>?AW=YA-Ki07jw~sHgH3nFm9ae*qDLq9N$f^HYz|i!O z#=;DBv2CQ(K-oO=n1L+1f7gfxafwDC^^A1nPjiK0VR%S|A8^P9AiQdyjt=^tz+dYJ zIWO4}J2*V4o8UcEpsThXrM+w?cfZ@f$m*!G_E;4#UM?{o%!Ld6oEb-=0q znvMlK< z5SPdbTu}ysHj5`eFz+t2_NLBYVr4)V7gn^MY!V(C=k9v`*$)^R+{~{Vre`lafl*{& zJ%eP%kc(gpI?(%IH5WRe)iXPJIb=7{K!1`f-y&z(0lhcon`H&5M>bQ8nBP)KJ2u?- zjB589km_0RSzNyw17BzK1;d{CGi5G5gKx>+#$`Et+RCb7jytJB5}8Tf9e)rxUu~9k zBh?Ie(lDqku=D>=jvsU1nKPyIpB?H*yGhF2mcbTR53U< zjyge=cOxgTooJA0DCs1@ew}BM2bL3f$JumM9P_8*Raa!25E!5ozh3bLmei&y^ZsQE zwG~B4N1rh%xtVxEYch^{$0&(ytJWwXqEd1Pp?Lx%7K93=GnwnJn?244M7MX!W8Sg|f74s>^`35UmU8NJ>TAf=A5E}4c zVp2ZX)0kgjz>kC1j}R+zLJ#!w-j|4o-2Jq+4iCQZPn-mp#*o=^PbRp$F1^*Bn>hv& z8l|pdTxU-Mietr_4?=xADx|GvEa3?WC`Y0n%o zdNB+*pbKTT@hI+)T$Sb@#HC1vvuRN!Jp6?HAr4bINE8^!p%h1W^Khc#jY}(Dy!U1o7Ql zUibv&o}nfFidPWlm%&E+>vDuh5h&^$& zjAAZ2)*m<@8Qc_wea+=M-Y9F{>CFfsovUMckOA5Z(FpKW^&hLT)}2-6>*M$ zrs{0ujc)t>V&hw8Cw?{IGtj_bL#(PU4thPw(^y5Xa?84kzE~huJuq%kY*F&1&E(nWUUQD?Ht)e?uO4|2h zs>b&Y4%5XCwxZ6F-IsUcH4n(NtTP6<4=o4TFy0bRyJbVZ7?!VI)dRdW5~3Z`K?|f^ z=pF(HjBGbF=R%YBFKD5gI-(!QDc`-v!aXkvJ^2dx1bHQr=;7FT?yl3v(mDy*?@z$J za1xj##h0NtRQdx8nC~);ZxPV$=`11GVTq({(YOV!H}*FY6nm@1*C?MKdex187NT54 z?t$fJ&UlsPJ&M!G6VeBGO0!VIh~GocxbHt!s1K^2pPAEH!^7@1_lu%8P29`|iXJpziMS*mQ7pT`hR#cgjs zNRhUUQ~I*nPWrM0q1+0+K23f=ACll9qntWv^l#v-KGo*KOKWJL9{_E7$aQ*qE+LcIsfw9TWs6*^u z@!Z~kXP%YcbM6>%jc<1JpY_vSNLk?8QV0DvxYuCQ1Gnqd$lZgTJDe>q-|Bn)$^F`} zce^77_Os(w_wa?u+q(rx`rP-g?4QV4AA5p9qTl42BbnJW$)fW% zI+CTSZn0cm!k1ay_p!D&gC%v!EoLdp`AXuNfcn`ie;sPUo;lX(NCUKeW9xqe(evZS{= zTy}kSUw0~D9z63iu~mtkb(De#HF2mCYj^-K39KaGIk*cA4T`!bO1%gP%PPFMq?a=F zip2;yxDJvOLHj~do&`^`Qffay=O!KD6uVXN2-=Uvg^i8PsEsN3rJ5)#!{yLe83BN2 zGtG`TN<6fSW-w7^SVpso@&&=^@*xi4E=`my;bLPR&I-}>EFR7lv5%EpbslbVS)M{bVYVM9a5-Z}GVXF2$(Ia5T zWT6|3-n-h_!044jca>Dh0-=6mlPT9^{&tOm%ohyr zBX^^m6Y`=Idx4-YGt3UehaMV%ZTWS)KIezrjw93@f;SGkZ2cmWDl@tvuzBnz4~1sP z90K%GNI=CjJ$%P_o-W$0K!Rp>@7v z1IQ|wdzUU&Ay@^GB(}OB_+Ve*0+*7UDxr zVuiU+F{oD&`Td#9H&%lGF$`(0OF65cci)CA4cv1IE<2Nm%*o^ya@{eVA zcZ6^L?%zwd+*?d5h1+MYirw8SXE0I2e4-BQS*s(Lrkt%RISthw4xSPJ=TXZb=a-5U zTj$XIXFDx42Rhi43T~g11T)qw>!a`wdI`#iN8qZvEBD z@^AL&lf9mXpZ_`WB<$s5I{x?x+$F5g<6}1d64C-jhg$>@9s;d}*O+uxE;a8SZNmKiz>vGPQ^KhZI z)>y|+=1qrGXEk>FdyDaNY_-11V=2Kw%Jo~TRo|A_^0~*jL)Z0O-dRzG<}pEqDyX04 zvYWnB7P)6wL8Y78B(ZbDei$n6vMx%8Yp<|BQ`yq4?%E**$xpTjpnT>>3}f@kg)JR-q$AOV(ui z+kIrMTolLSQT`^RUJADBi|%FD$4*E3G`LUB)OM?|t z!qOx1L);)KT z3!E|A<1b;CjGb6g1G5X*zTxQ^tO(H~t_W&feRP=j2*1z~aK;!9OC;koxm5t_WpK@?#K<|j z8JM>4hwOxr@j12$gWM(d1jjdehX(n#9#?t|kxI(Cm%Az1_stsmqUv#JdIYDTSa9v( z2!#`@YkNvdi*H+t{`8c~tj+n~Zm5 zZlU<@QtkUMfFGt-UWMbwcF>pfAAxe-y}z_jMM3l)!K(On_1$Z{#d#CjfLBkL>)_yh z{>_&N0Ywg~$5t{AZ_%9!BR3A4Gdn4od`2X+p9+Ea&ZNnoXZ~ zs@ng&xyD=OqgZTaDxB&pwqMvk+Hp&GsZ|@v#DMzL*Gc!L{TMGXWF@)Sl^)w*_%ITg z(zw0C*KK6euP2DuA$T7%&s3{*lncj8vL9XPeEPacb)zsnigKT9G`4yT$?p8d@zh!9 zlp}C?|Lz^Z<7MEuolek3aozT8S`F{(Eac^5SNmjq-5Xu}MX@O)RokMvLE6Q54Uawm zzRx{4Jy1XJ8zR5Ay03E=;rW|`u05nyFWW_~hhZ0aeW1(W4`fy+fPo1`wHKfw5kz_h zu}y@I8WvbH2kI%r!vjM71dIa*N@3D3fe9+#zsP{#xQFGAF4hm02IrvwHmm?tya&#o zH0TT^06yj4UI%nCNUQ-TZOGXL=NH7^F9kJ#bBA6P3SWoBHmK$fiM^-02Ha_gcopm? zKyno-zo*OrCBBcD6{KvBFf$0=29>(+)dr%T55BR-we>I4UY`9N$#PXwn!F=6~7P)X^DW z2KayJ_5UaSA9NkZ_#e9d6a4xGldqW!2u0Xl7zz?v%*T?YOmK0H8B2&W5w`l;t;EI= zs?f$S_40moF0_|3rX$uGw7f&YF~M=vUM?eC!r#8i@1%?GR>Tfd7!Xw`x^E#7{|wZE zCGH(36T{GpFzR<`a_%rraDWPb9?E?;Hap87{?i|5wEX`2M($*=jMfD_Eu?~NIs$Jt zro>h02@hT8>orf0!F<#7N9L_@adk1r4DTdkgoM|i>nVY$1HT}fz}=?vnH=1mPUf?& z$$8=qJ8N-%?{dfyKa>^oVrSlt|qM}a04&(PHpWodnFLU2hp2w{ASzaeJ78iHmzA|Vm4}c3GR{cM8{%=#? zUI1Oq7Tr7>n+6ruT$;uigPmJmS(=+&g@&EooLz-pn;Ta9$W=+^oa>|?j`Mk8h><#tyyeS=ezyHK;eo7t_Qzp?&-;hUcgi13sB^S1Nc4;b|4 z_2>uulAcn)9s)D`A3jjfUI4HX*cjHIx!stk1e!3o`F`>DQvpGPyIzp-xDV|jRNx>i zEkY<29ek){AwdW!NvZ&7=BYU%1qKD0LGW-w0w9*e|9W&35M3r939x3M|1M(wgV2CU zyW>Z|Orr>vdFv$?fz@0cgnzN4G8Iqt)4is*@Du!L-PQm13uyXfIio-O6*v9@Kc`>& z{dwX4{k02}2_2x&*5tRNF&ZVA|qeET5QW=}>%*2DG2P}I*f z6!hE*%9HO-C@3l@F#I-L!->?p+V6N+M|Ii^IgB+jHu9_|HaOIYh(bSeIrlu?=nRR7 zi}&k;5*cO_kH!Kk`dbJ9&T+jUD>ra+J0gocm7sxQlgTmv!6i|cpghQk$Cj%asQA_w_K-RO&j7@v09KIQv@DHlDn@vC z!&kUat(u?$9`PH2V0o8KdQgd@5cj|j2B>?w$E-ytU2NO7x0Aj^&?NN_{A4d~+j$pxP#3g1?ej z&4QD>xhhNU`$)}c&A>tfbm)!$QOrE_60+liSw34#0?T4zlmYn(y#2f7!b5H_u@7@M z2xQ4?4Z0Ob&4RJ_gN5lS7l$w+F&+g@PtUY+-%?E?mp;oPd7L|v)R=LVFDnh7n^x!m zejXONIrmrL1PYM<1i)?p9&QArCPZrf@VY&29x!6UGv1K-x236oE*7$6ci%xEuzTKt z1|v33#TaLV+cQtaWQ8!pr9NTGR-$h)?~qI16)}5I$(cxA_lSFV7Ja0t?=_T_;a~mx zTBCx3ni9USA8VZu+vD(v<#Aw)fAL)i`^qPHel-IumagoPe+{Y30ugxB{~5@Bcl| zj#f=P%?Veh@P5}v-!UClr6#=D+4CZMhw*D|NEy@ zBwe^F$dfFqGZ~_02w>$S68$j2lEaonF^^gs>{p2UmD8 zTBpz}IX%xm>ZoyA9%1@FNiO0D%9Gw9W*i`QG>~qIOtl*G_z=_l84vn98s$K#$ zXoaHIAJ&g?EH`nSJZgx;Pp%LrVN$#5WRd@%Dh>QNY8_q;dgmao&B_B<>Z=VbDL zCRI#+d{t>Gb8%^iLygrHhaAX$9(Y}93_K&SPJZrH@39<$xeH+t7d70_aYxg$I1tl8J+nisOx0%r*%t$QBT1kyCj{6)6!aj$ zq_o>zNRMn{dMNFTCO;CA75dQalgc-lcqByW&jAV`LK}1_syfZDv7D>M<|Ob=Y7UQg zp_&YBOH9u10n7`zxo82reGmKVVcWnbLt8%?6WiKb!9O{*6tW-4m zV`MViG*f_uB->HiMvIa+5;le|2#YKhY=QZ6pq01d&!DQQjchU_mXLlK(ICJ;T8{6? zh(L8*Tdw>bLfXC(s#Nmq*SS@X&{Gma(QzU`=~M%^VVL>FfC2{;Jz1B5d#*!c8&0n3? z8uy~BFrQN@DzS+8k=_iw(@lqt7F>SqDb?Y^N)yNkg=*aS^sxbWAy@!1> z1=qbi8|m2fCeyDp_R?@+Y8zzE_uFUbkz&$Z*lI>q6O^NB5EdBDq5`HA>p25<@9#ER z@&2+)j^Q58BfA`m!jmQssH3`rHxOzp5>ikn)eJ7OnD>&$suRg^_8gJn3!}+ax`ihe zsljv!?Y2GBwvc@Yvq=ypDxfZTnBz!l*VkM7d9NbMup;Y%J4?5$rl020ankwAj7gzI zpRwNKZY8$qvJU(xLB3`km|{hWqY$VZ%KoUNz7fYGC~(@00IuB{%`SpdGV6l$kfszq zdKfIm{jj8^{(fW{@`WTa$%_o_MHZe<-s64Dxv1E36}p06D3BMZ8p5wnHhxRdT;jUM z%Ujz@6#1Ap^>0S-b{aFe8*`8W6O%6XjCcknKxOMU=FAOH&iZ1tIrEev=dhHKPNwc( z%hzzxYUJd#J4)u)R^txG^s~51&0Mpp=xg$ zSVP`9rqnTosa;1~NoeMgzn61A&h{>e`?@Ug*zeF#Gp9N?=8ojaYGrkz$+A#5Vdiat zH69uV^)=8C_0fF(c_3ipHCFIDhsO!&4ng_+)OBH9l3f89uQaO|!Ta)P82zcN52-&r-ysC3!m;a)@Dl8i<%OUcUF@f7IUP zwbq~wzJNtuapXG+&AEQ7>%+3_TRkRY#9LtE!$?|UO*myyhp+7!!DghxxV7pBBN{P# zzuo1r#m+c-cBm7zVHs#M>H!?RDy`k{`uHKG-tQIs8f~FMYtHh@(%?%|5&_<$e?HV6 zM$a~H>VjP)Ly?L%a%k`Mtg;rVEw z8KwPCOUp@^q@En>hr^4stAGrPZR(t^jQOP0MSi{2cjjdchbiy$@Mq+6t&gXH>wSC; z{W&_5=zYNQxa}B|SbF-~73m)BYN4Y7l$TC>Ga}47xrmS`X+rpIh%!vm+TLo~hh5$p zbwHB69pm{-goDi7WtN)5a@_@VtTn{&B_=;f6ttQq?_u@yb+KP7wenJ67vnd+Cok@+ zZO=p<8mkS5r%{79(eS2ag*z+ysO)HbbVV!w1hfoI1{)@0 zgt;fjAVq<#ifw)+R`FSPuX&}i*MiLsuNYrdJ#mTv#VgEo#Hqg|N$?p9?S!LpD}G&C z?~04cj3uLclmN7*T_=mj+K}6rfmuio=$-VP8<%==4)eyf`RD9xt4EmZUHiwpCWdZR zH(xH+XviN-2qu4cWh00?8ZB|f6aU(P^c}|Oa{Y|N&xW-Cm~9Kbjg@xc%FB$isxR5o zQ@Lrwu)wsW2s}ujGD^HGaY+!S*m-ivr`{7(3hkwLT)`>476+;;@e^}KA+%4tq15XY zcq5x3IEpxQ9y|7heZ;b6?LZG@{ekBSil!qQc0CCg)CJ9t{RNdOdE$X6t7&Akgc0!m z=N}v?kD!Vunr_g6_{E;Lx;Ac(iw9A2PgsXqcog`Qp!Cc!9%@Ky<~{EM@~e_>K{J3u7BMzp&|u@ogt@hJI;;`d9zL(=Ch)vVf3Jp?=l(A!p5Wn zp978ey<`~_`mp;iP2RurFW63;1dW};#I^m*&a+}PBx84&9lIuQOk$#<isa;Z z(a}4u6pM^{(FuvjbW~&i&4p(5_Qx3_uUXEXbaU*W^TPAcj%B8S%a^?$pB5u-$~oH+ z_#3Yf=(oLu7(N}?&tWa-(VEaI$B)-er`Tex;lgBY*kieGPh5pvci(o^S4+%2IsVy( zqNkM`;QGr6BT#(UEBEC8x-^w`P@1X=0qV!-+n@DJh3w?Vdto%^Rp)AS2%u$i5qh}6 z5k_N{{fv3Rr?f;r)uEhxKYO$7$EWco4R;^jPMj;-k8an|al3db>6Z?fcqlnjere+_ za7^dAjvnw1#?PA9x1!0XSdck2na^r+NRN?i?@%!s+f#;)-rcDGwH-dLHIYQD%_li^`u!Ij=IGoPVZW{gYIJq2V zc+X920SHmEdB@J0ez4XeOeaZ z6GCZ$xqpehEy9whU^VB&<|S;Lb-ypIC4>BMh(uc`lvD+oh1Ymm!Yodm;MfvQ^SK#q zjpxlizP{__p!Fa@ZR)T~Nm-fgPCubB%el|gdNIM~q;Ld%8pjU^`WOm4>j)HDzatVa z-4h#;PIw->p0*oRkVuepG&EXzkO;hEy<)f0DV}fd(d=;34h63+^w?OT_c~Vi<&c2#X@TlG@uDO*-HRK&Tu`-jINoc65?fkn(a+R2t&dJ|ZMRCbT$NZ7aUq{`1h&Q_hDDpKqfq@g^x zyyBG=&ed#-#Cq&eGu@90o%>6*<8aWwXB0`Jx6nd4laTtAWu8G(rH+%dX4>YO+th|W zwGPiij;@8}4y(Uu?-si;6Z&s1 zAo_B`SU+)xBPs)p?-+~gIdQatx1YP%sKn+PNsNYO#%SjEsijj(RwU+In9Y>MCa!2Z z6kX7Nv$hLeu<%fh`Lqm%C^85~rs<96RdMH)LNOl3!Y*6sg)X8h=S}@KUyTLdGoSSUg%W%gJre5_G<3HoRKcSqw=ADTU$7r+(F0O zB@eI#mUM5zd&0$McW}_q>x(u; z3A$}8OtUSVI5eJL2(6w06l6A&{<#K(BKH!iIjLvDz6FO%H3DC%t=+B=4!=z7vZgQU ze#Q>JoU#LXp{p1CErZ5rBN16W@zFePOS=^@|J*qLt|p$=n3NN)4+U+xepGHybTGe6 zNV;B^!|b6CVs98iQspgT+n@aGxG3cm+xD$SGiEs9p(K{n+34mv7RZ(3^5)ln)3Svh zwzi}nK6dWc4Ww}nY)}do#FweUoxzO8sm1BpdI4tzlRGZpehxv`|4ee5sV03BwYYd$a?}dRz<4+iI zYOY-fqKdv0cOA6O{1%VzT|`K5)j|CQX`j@D$hKtShwr~jtLyJH#!CpZCt28?~5XHe7tapk&zY_3n2Q6(1NPZ)yyx@&jfq zdck(yRz1AAG@;uQwc)n#O?T-2i>PG) zq1gSTnR+k`rWtB34A;!JiW2{;{|3`u0)7nC4-*+YcWfaW8s&M(DSeV&k&C3Z)2s~w zAHo7AlZk&q)vB%j7~`8r_CQT)Mo*Z7Tx3m*(daZ>>GrR~8iC#_+VtvB#QVi#Mwo3d zLSk@=_Psn*SL3kVd-6bIW~;5thi&`kp9Ip`L~WLV8to)2Lqs^wz6RX(ZdYI&U__%A z;^T&V;=J3R^}cod9HLpNMf=HL``Xzwjx+O zX33bK5q>cSMX#;ugR7szV%#ngBuBN_X9`cSd7`jbF_B|l*#Y}!M<&!(Pp4VZK4{bK z?sf<-l6h70l6A5y-2?%`q3l(;LYwv)19ig%j`l8(r|(#Zel8%?DG5l2W%K3=P{`<^ zdIl9dCy=JuhDX(vr)O{VraMEf7VhIZOBD#5tfzTsNI5m%G4XM#++)^=j!y%Lr-7-t zZa%oea0&dq|Et-V)OHT5Xv>u+;t+?aNc1B$mfHinW z5!8#d`R9KGxpMzZXrfgN7QG%v=rhl1l|nFaLc@ouhJO%KxL3i);H#_3A-37Mq@oC zZ2ec!I!9O}#eHHO4jHq6Wr-+P{?7fvX?3((@@(1QLD6yYG7VmT@Z2_loIlu7gzq!%dLX|X9otGx0`-fKDs#@-%}2s4R%AUopckhB<+#u>M{B+0>rUO5OW+oE!oJIRd82yieL|(K0UC(7rdk zM{byMMNX&6dk=s`xV9Tv=7QfTEl2QV4y%tP(uJ)};&=R0CdX3s9qvor=d(?JPh@4g zdFb|o4a;Fm;P%?7b)u|1h+cI*Q3KIyM$KLK--J*F(BkVC1yXEnZXN`-@a;j608*G( zb)5uFxX;(o^ypFDcA{t0zu6m^`587QTrp6`@rUw*cO*hqHBu0Dm%Y9|h-!b#mQ-7; z{ZpYM@>>=D6{a+^?3IgAu*_*)?ka92;;s5G&EuEu_d>KNNd!6pACmn$kfIdO)ZWX= z7~-z8(7!W7S6W_5Fm(MG#33QOX;8p1Y7m#GgT!|#nqoz&hB66{A=jmhK-(e zsYG@2Ih=yI<)YCChh5biyTx1a?&;(Pd14uP{cE@}flincWUdULUnM#5tDve!GF~srd9t@yi4<>Wg`bpg!szihw8)0 z=ZqrjDa7_)~MnVI@v@K&zh{r<=FfBy@Fzq?KvNvg7bm3n(B9jrLI#bqPu7qW0_wy~7jy9OR#%h3bDVXTn|{r|h;XGFo78=} z*Un1;T`#HvdXD>Ww>AP!2 z;w$Capc(u64!s6h6HvBH10nKoCg?#JfKvA{>Je^K#AXTr7_qMJl_HFQ!*=D2yBV4| zTAQ(nA!WW=C}9vjP&e#K!ATd%Iy@>2LKff$@ffdzF@0AUGSFg!pm$XX2O`kpN7<-C z?Jqgmjz6~VZ|)l^ys)+7Q;PCO;*tVD_C2O1P&6_kba8Q^Gx~m<&f3V4-qOfK&yv>B z$ll6D9}@ylDSuq? zU(N-1ypbsLH~q2zSQyzDo<6MK<|aIP9gjukr{e$r|G~fWV`>g)1dcW)0S|?7q8qgD zS`Cw}hA!b7)Vu12i%p*`R0UW8Y_+^j>82h5e@~#jC|0F~8u|XgfJu592;@!A)g%N| zf}2_x`YL7J-Cd9DUg<^-m)mHkg&^a~q9anv<(cVB+eGkesbmZAVG4$d;?5yqR;!a3WADc4QC4XuAjp&9qY+XpEHOT%wo4zVV!voyZsjyYBBs-r)* zI=LOny`sz%39mE1*fD|ZpfQ1=BG9PiRqdH3A~G;ih{dT%jdJta`4kDXs8RaSVXwds zL^SDMGfGJ>{}a6=pgNqy$=;KQd*I@W;|#7xKDhExn=}_=N1BUqR=HUWF(iQ=XHv&@ zn(PQTH--9i7o1YDx?cN$z0}@vcCdGQh8U}MVm?9(`*Y>5PR5@=Hldg)CHgk0>6vnt z@`DOdlJ9(|m(T<@2O0tDVcRP7>hGV*&I>hMN5?rqmC0=-=YHO+AIR*(DIEep`@)gecIV+NU4%e=J)3N$%I>5&hC8^&r4%Q31eDC4R5_6>l9rZ zVDwKM1jqQPea-0tF%lGKEOhLN%j9VVW`QzNJ6GEhxK!`b&Vz>E&L9fOA zJ!`!^HxHw7y>%6%lr!a+Q4pJwJuHJIgm%xZ4t&@?t39)pFm?V+5V!TQA#Pev9tpPM z^`cI{&N4y%%ZOaB^roz76&qu1$Rxr;SjSsqnQ&zEeP3}eo9Y=kZ{m3!BM|tavq1cX zN(f1b*Ha9}-B)AVP(=kGNkXQoJ+n;X&*;&55^y~V7C&br)c9;nW+5AvgdlS|`)%uY z`z#drAI2Yh(#KRYN+qG2iYd&bLcM*yhr3xc>+lWlt&x+ZG;wD z%*NV;Q1bEDZ~GvB-uFA4pY~Zi?U%E0aAY6^;D6^P<{$R|BT>NgBXPkBU;;2Qaxni$ zT>M`A&sXU0uw552|8WeFP^M#N4%F&M{cE@C8l`EjKLW35zo}XVuC8RLAlzfzRD0AV zqT=)N zs-1>=T}m~iZMr4#c)0&!iNTSgXh$jZoS$K6n+$u@?}P0U7iHTl=y__Z^10!pE<#9E$5#*apSn?iAdB{H*E@l7gk>0c!juYhnD*l%;DRI*5HZF56i- z(vZ~QQ3u`2*#{Pr-rP6ZWup?!!k-3A@!{doL{K)T4E4hVQr^_}K|x*J6-yarI0LuS zmsm0(F1(;<<~9Qs2=X%P8iW|yb{8?)@1B$6r+d+~b!a)?Nd}CZhe0V}!3+^|fI8K9 zYwkS7efW8fc4Zy?AU~a+W{{V9%Z%&6p0tKFNVDJDB3v0qqL)yQr*c?s9g4G~I@*9= z5dfvmor34mY7px_ge0fi`FZ|LVsLbF?|rg4a6-PPW*{CF2j_%R?j(m@<{i;>gU9EM z4$qyqz%*QVP=*By2FY$L7imV5vvb} z=vDQ276juq3^b@vCGfx&y`GQn&LdZ50I`eS@S;(eErG4Z>qP9GcdyfZa-?uH_G@f= z3T!^a@7VrtWuSgeF=1wo;)l<1P}@$woXKe>s0RAltM?Pve|h*9TvwU(u-+jCo)SpM znnjp5CV9DepVJ>VwVzNSnb&uK;^{amHl>c1`u0=HFuUTI`!vj z%cgX6`U~b;wy?B>a)bqpiIYGnZPRy`j3?rieeNGbJFLfs^X)ll&9sIG_JlcRZUnlJ zrChY)Zp|OmgtkBVW>w{+R&t+tmgm^=Lh1TLz zrzKsQynelf)q6F|9zn)^cS5moq#+(cv*yMVl@-I?&M(2aqIr>4KlXwY;LZ3d4>Vz7 z**#Zb)jB>Bi|kIhygfR7YP@PUh-R1o+9uzoBw)s&Q##iXM}|cAWCWqqyC6e~w7Axo zi~V6S0dQd-&|#{KgxKdmgJBjAd0!)Z*p{bkUcJ;H0YXY1IN#J1B!m%a=|jz%T#_;C zr7YFADvX5tai1$2RPpG@9T)_|b!M--L&P}*^#yU87z&;OP(6qj5jK7X>DeidHvSau zbscTvCELrsVIrC8%T!UUz%J@m3C8JgPbJvqWZLGs6`zXyW+ zkG`$ocWSc(9)nK?cBUWeikN;X{;xj!pG2H@g?g19WJq}XO~imoh%?{18UedRjyKZ^ zn^jfUC&?^vtRe`(iIFWF8vAW)6ZZp<{M>EIHvakMxBAt-p&+)e#Cjz*_lcE=rQ_QK z;Hq3QNQz#~>miRB^RJRhS-D;A>T>yJ`kkYGndyp@6N{mes1b7mY~%y z(1V2DHA?BX3d*1c*f&(J;I7U!EUQGT@oCVm5=s&K55*UI9ii~`&jrg~tp$PraM296 zJd^y9GpZ*w^dyTA#ixP3=6>BOeDJQA2Tb(4cz5_hDg)#Q(au%bVTu{#A2kE&^5_RR zJnBaCyJld4D#w9Zd&U{B1phMIN9BLqcE7I?`*G?|?Z)u8n)%;)t{?DU4Lb0XK?i;` z=)k~0Up@;)B*FEBZb6Y>w zDfnd2Y2e{*%OYcia>!UwV{El-xfeP~(#4C!fxKL?>eSR3ac`DNvJNl zi7eZzqGftHYfqU`zOMOTix-+f5^Q z%$Pps=a3k18JZ9aRm|EAt5CVd<;$Wlu(EEf-UIdI>mrg@u(~Vcwv(R`lI!nD zCp<^pf&ts-E~6U|gqG;j1KSp7_L}Y)I7fV2y5Fj#eQH20D=Rm1-{O%P!Sj~x4G8sg z58qZ8Bm;i>7+EUnE%L`SVmRby{n|Lba)5y(6zkn#e(zYWJkcg4ADm^Nk+hhP@7~El z=)(ctqKmyQR`*=5B+lD_aYww-FH?|O|FSmJ;SVqH#A}7eekb!Nx9K0e=DvU|F||cl z3J>@LuPuJkzqrh=^-l^Q`L2K5-}J9!WMFD-V`*bzX5>I9WoBjOXk_?z5EcDfi*inJT2s5S0fOR_#i1iEojpj(tnPTw27$Z#*1l@5l75|EDHyF-qIS>I zZ%5O-VY$v}EF5AYh@?|wHVW|t*x5X8oYzI6LHD^%6rF4?)-w=lMi@WCR~Ye=f6~0C z7Dxc<%t%Fk^-Y!ld@# zaolSvW__VWkGaaBz&u~3)*OmLPCZ_d*{b}tL}KsoaK{-~z+>P_cQH~vT$$@O!sC+> z^t-F1QPE<*6AWdS=UymCiC{GOPe@OBM0&!bv^;;vis5`qAI?(kaBktxL^t{OHRgYT zTG78p{C}(>f5-fI$+mstu%k@PS?2f&9Q=2?S zE{W1qSTs(Z+ZRUD9^zFb3)LZV}pztkcGa`658D=PLwC<6b zriyt_+pzw?Uorpo7(OVgdUNH`8WLf8^M3v8LXG`DV!ryrNyK^ZD?6V2Y#hzWrK{-- z3)c4Z61`8W7&MMNSvyWk^R2Jn2w?8=#D3a-wZfb6WjwCjQf#D~_=Oo)ZzDQ=K1-h| z6|QO($8qEY%R4MM45{O$G$y{;fg04_`x{B@6?_7+m&v9SMsM zf23s(n};vGPcEN8;Qk_et??xR0@%pwZEkEbyJ*qIm^*`8AEKNtU3pZ#~~lu;}WBW(4W zkA@fs5ed%|J^iP9Imnjbjxkgt=NHQJ1-$)+4o5ZLBQ((-3PWMmF4hgtVJg^DypNK} z3TuSD&I(AAc3vf>d^uG&1;Gp8C~?e>Q^C!(k%A$#$|iBI?^~kT!lPNPqnJQFk&*!s z&sE~f+Svxrp$!;#NU@yw6owrDh2LaKazrv~J7y(shIEwc-aSdo(CrsEb)xJn=Sk{5 z81NFdd__Qpde<-SdFXIV?ZgpDtFcs@e!;b(hM|XN%1ypl7Gh%MYpgT#13FOQs?UyB zRHN=%lN~~2jFex#oLi1~fe^uF+Z4R$$W+`Ie^o-`sfL}r&cnurWlS-}*DD_u@s4&( zG32?LApoPd^uruX5#O5Y#W|R#8EU|r$;sCcYPZ)Z52nc7Z$=ny+_I(NmuE3)nK=Elj5 zyB#0kp6iW=i9T26bWR*oPYHugbYV>MZ>0g_Om3f{@0hnt&l`GWMK-8BJO0j10SY=5 z@;R*`sYMZyS-Sa(qqIe`JAZo_=5-9FSTyT3?QHM+qtZZO{+m%w;TqE&R;lzD)dP~2 zV5sgM=r74ZR20%1j&GNGBHpiUEEo3DS>`A#A~VC+XWWBexEJNf7l<7a0E5%jgVjtbTRLFY-VM%~`UaHxr?V zcSlY6FL9M;J%Ki8IYYHf+3DqpVI?Am_uI61+g|e2P~2}RDx;3)#^8Y9=@^SZGf}L= zKTo!uMk4rVsG8KKwY1w4AuDAlg7-3bQ+-unGQHTVD0C$ncM#xr$dxhrcK_K2^92wm zwz5lR3X0ehFc?{uOe)Ob-T^)_A4UG&5RrD;)48M{{(%}J6Y{BxVYM^C z77`04&Iv+|WdT*b!&hhme8y*r$h(VmG<42%x%sPJ<{{8~Cy-%RwWCP88xDN&ZBUah z*1y6g)R7*07R^sqWj`dPoyU5lz`D$M?LkiIHzaawo_?`HL@){nGf?XFY5b5S`AU@R zH87OcWJuQhJ4T@!KM5F9C2w{`(2)WlCPR63*nGcOckKg=?o+BA{UxgR>iS5e5>&ph zqL6|Rw!u?3@yL|!V$z=y`fa7FOlIY4d)oM>V!UNO97FO4SD6=Thu@CN)ut&` zy$fwsqdf&q z7?D#wsgr)xT&*llm-6yzrvs2HTlJvczj9+29XYoEJn)w&%U&Ab+4#(9m+NSMXIFxL zg;>_eKI_`c(!OVyF%+MhWv7 z3icO*c{nqT3p>}dgjcb!Q3o+fQEzN=rOLiK8s6EZUGYQaj>c|rr+r9gy6u!*nkI(hEqu3@#s0?jY)IrBO=lTS zM*~GL3Z|p=*H>SoCxXeUac)~I%Qmuj(7U+kOhD9PvyZO?2xyv2&z&m98!jG@Uv+YR@$qC<`?%t-LDKYtGdd zTLbl=4&7a3K5ei91QqaAWcEuV9d-HsYVdx&1S0aA8CWBc>5&KGpPb}oBPi5|9GRCQ zV2R4`KjLin-=Xuq#Voxgu_hB4zPYZkw=f$g4uI81EMI&El#u7lJwuyz2$n?)p^wC- zfE#F!L%u!I$8f-QV4$83i|0Jz#h4b72*s+YL+ze54Acpj0lZDV~+ofSf0Nn9}eKzck-b;k?+S6LQ%%w!OHpw zR)&9ol^O6eSpPrX{_k+wyF+c`c}xaQp6~m7$z~Y%IyJ3?v70zpk3W`c_?;;ZM6Xl{ zb(aYyF&_2dHDzdgo@;xYMNU3^p4U)(UD0F&%dFEi=Eb;h@3#AaOMFf=NhJa{sCUQA z#37wWnFxvI1I><-d%{~P^v{El)$Ux+*XK<)7`P#rL>iTliwfz9m8jI)N2{)#scXjG! zwVm!V?788)F~K)hb}dt@aWHrXjz&QRj|L*s!2AXunlpkHo}KWVGOQbpVad*=EVn*pPCq2 zS9IkY@sFQ}$;#A>4%^!PAhsn|D>^DeK+nOeq>vIy-c|Yhs%W` zBQ*C~rkZTvbP+o_*7W0XqzJ^6im+N5HyomWGdSrxj&ZI6=FlcL6nfF#-I8RpuSG5< z4Qn1>+>Ow;^i+)g*;~4P5%&MiTi>3Dk@GFULm?cLP6WCMkt6Wh+OKemYD9blaGQ`fq-``f7qHaAVs}dRR@P<5mwd{F zD-F%Y?d)P=eLA6aLRG$<92~yuZU6;vWD|)@4V5`F)9E9OmKGwk1o&A0dh_U5({Gk{ zuEI6${Y&oCg^HVI3-2CQibfFhFeRFdYD|Zy3ATJR?vz9zI7)EMEOGG~o&L??adM+5 z7R)Bq0l*@^W(!*5UN>R_!|Q~U5%W(C>*VK1#lU+}DEfOLBMsgn$#2t_AL2pqqJJC@A_fqC&kH^iwXrd=G$Q;4JVHeyduKC)r^KL?;BUi2 zps28-N{YX|o$v=$Ss59BcUONd{`(&EPx9EOjt;L)!*weKn^}5&0Una#nYUefV>_!N z?H03oSS*!%D-M^Tu>g%v+(&_)00030{{R3W|KE9h&RivZ&7uobyK%AR4*NCs9NCoF zc`4I6+G;^Yh`9kq5R=Q{gZ&Nz5$5#UJ!O-4VgG86^^uzU+y!3+VMqeZnTksn+fA2T6QBR)zWkKsRIcmPI;S8 zl0bTt1l%7b(QjGe@SHCc5mb3467PRQ5={RoN&M5H4FXxFU?$42+pu>yp__?4}xKazR3#Q<+g zK5N}lN)m>ynYD}+st7=hN{fK^fn&V*K>n{vqU#G;YYuH?pzrwf7b=wYW*C#ZH@_O% z@X;*rBzc=yNVD7#YD3bJzhVTWpdDL2kZJGerwIG1gs^iQu*`e2ZjpI@=~p<$_h`HW@dvMW=$ zbb6GlAm08M=Ef@X;&Y&nX0Dh*Hb-yM5k>j&u(K&z%UT7nWhy}rF<$n)y~_t0&8jW1 zPFedLZ03|b4%34~QV-|c9kZ6eXYHX8_Z5e%A06I2_-_oq>Y5spsEY*83Kx%G>(ZRC z*8WTfp!55B^QImXMr=DIy*J%rwR)%?^z+hLOtX>Us~Q6eq~<#4W)&B{JhBwGzWX)OBi`*C?-@Nr zc}eaU5lic~jtkwUxz}BA`?(w5ZOYuv5J%=RBXJ=B>9lrPSh2K#hLrr-TZb-Hy%h=- zC)CQ|s9iXDXe6f)sW*|=9^5m;VgyvnpDfyhYKEEY7)7coB)&xKIdYcoViP;~OaU%Q z1^S7(xKJvR==$C{LzWUYv52eg$BFMbW7sp8P$zkX<@YD35O03Gxh6-(Jfshl)>k3Rb7(K#npDhcB4;wD;k3`TY8DO-lbR_ilfV2h#5x?J zcZ=UNF?@t^J6$BT8do^8v33rjv`UvLSsxE5^&MNmUY2)&m$lvBZp0vZ=2p8C3hQJz zG+Xutx(h4!VMZx8koykpIcRP0bV1Yq$Q5gQ7>XjvmQ5XczhPQbh)#})zliXwB~6WH zpNm}XvyNbWE7sqZ^k1{!@%feQfYq-JU*aM9fA&I^j*K|kWFmgY@s)4QnqN{tu>&LI z%M`nIk7+7yib8zEuIV9;xq~}6pR~6T*PPmyF@I6r&4=WY3|$v2|*EDxOBs-I+|YcX~?%wJ_RXpo4`pRr65Pq zT)mT4FiZdk*A`hNj80g{+=7=o!-Fpaq7gr!yU=)%c`fxwzJHD30$Dxkv}Z3cml%*4 z|ou-CJl(>NAB#&g#t z6!3Cp-}_yA(u4ZhUR;EG-|oyen^7kv<%UaKQ(RPBe-6N^xb8|?I%+u0-EBq)(Jm;K ze}6?lGLTo1u0KDW;&lwEy>IgFtXo|KMhc!`UAh7>w-?ny;@}P@jEDd%yLya^ z`t{227{r^VA<<*0PoLa^Lz^0h)zGFsM3sY;XVRVcwYM!(zq7PJgRPnIB1RVi;wpE| zizh9G^CsRb1b;}};WUX?_~OqVOz|oaqH@J8oZ4|JeZN52ASzMDq>L-+Q$SQ(GjAJ| zX3NE!Dkh5(R9WwU70IF4aok;oX8Dv4^fhEvMC8??*LJJ@2A5lY@DV#1pF)FgSdBvO z^sirByWG2LI^Q_Gxj9&_fOSn!scs=YntCz1j||xq302e86{_@pyksv%f@}~ikDf@H z{KQaj1n_h5XR+$NED!&3UiWQ*_XQTYQJx{bHtC01%?sv?Dko!Sn0Dee{E z$_pkrU@Ag$fR^Y=2c7q<-MOchWAG8ST5o3P@8I>39ahtDD3qc~t<^AvlFMV>w#YE&2NBWZiB zAQ_XRb8@A}Y>PulsL6T}9R%5n*Y@io9twrg;v`2B(^+xbe$1a!O`!d@hbQ2Xt#x2i zG%s*$J&%suX}tEBr;==-UVWL?R5oMCUl(JAuJ^o+2+XTc(>^m>UCh2P5G>o0^T#vl ze#!myv&ffpQXHbW#}cE2MJ71SBV0^1V*3R9fi#4k+D|W#cXtsjdWhL^SkDn~<;x)_|-MD@-L7X~(uW0qr zQ0P$KaLSk2%wpzM6A4=}BxX`}F09X~QAArlwz?EG?t|Av$iAy|I@!5i$a(3=W=W_m zPImcFnOMwQG}$z*HZgF8TXR>PvAh;UUhY*83zaCPK7z+4`BCwXj}GcPg@7K=5Nkye zP;UdF^cs$`>0)n>F64kiEOv?hQE>&NC*vBc87pv*nQ@@E4A_t* z7gipydW-b9c=!6d7y+xxLV_8X7AO(zXGl&)?7ld1;4dYc7-^hz>x(F1Hs*uNIldDm zdNyq=pPMLK2qdRvG4uCw6XkoX;1Vwkupd`FcmQcLkUCI z-+&Mb5lu!+K~V@-*xJ$R$6kq$m4UULy`jNxv2Z|$IN$61xb_bMy&?j?xdgD#GSRZp zvN5tUFn$la_*P_MeHNnrZ+@M>VdG*`YSioHSO2thtKkA{Uq|63)v#?wvsp zc0l204VaPm`NE8~eW2TL@U!YCnhkf%IGG^K^OCjDAIp8`bFO$m8^GUM!#mC?hpAgUK(C4YxGY=krMZqYAj4{ zS8n%0hlh78x`t!uPxi^jOH28Q+hbSy1QZdqNvd0lk-c_7T=Np$H+Zs}<{5G6!5>q_ z0BeJnkUnTxq}WEF^Mp;WcI^9&t`Cs<-8nB|z)z}$peX&SMZ5PkILrL&`C=K6 z@~pjg$p^d3gU!2YLq@wRACW%GA>kc}FJh>7Prdmf#r_KP(7*^P)~8=^$v$5CYe9&& zjEg>aFM_NkzY&d8gDa_&JbEa)PaT>stXF4fvwQ3 zJ?J~^>xTW}-1?8Le)_T_$EYF88*r}YdpS7dV>Z<8+s$!JmI`a49^vp{tdB;O&bnSJ zd*PhL)p-|R6T}g~EbqfBLxxA*>N@wTI+RZkuwQDi_vg%KKrCqqQbnKm4ynZ6cs0uc z>oYE!$Dy{GGgq>0ln^r49Us+VBC5pIE>&Kw1=iW;)H4+eovvgsXIm?Vp4cf{Q3rR) z@e96+|B~CqnwTantqvvf6_i=bnYP)MW%Jzu9=PM(mM$`n^WsU84U<^)*0Qlq$Qn=JMCUct#cmA5=8K;ke(1J#%W9u!#0O*#0 zjYL`z*>rM?io%#u^C^i(=$OEo?_M3bthhdC&2tw^D&42PDzaXEce`vuyW8=FU-l3tw2p{mmncT)!yv8 zBfWMrC^i*1is_L&KwY#rQlJV?S=BzZ;~rM*Z81K`gOe0`9B-f{0F#V@{}_}wo1$Kw zqJo(>*z_typ^*{ z>e6ooMSEw;Q@UOSKwM0TiM1KlZ=u^-y)8WP+Y#cnm;#)JH1-Ek@5_UKp8b=bu;|%6 z7yUaHgHw{FYakzjB>X`s%KMMT&X42{;Lsq7hAz54OO=XRKUqE2R==ftfP{uqP>}qC zfCD2f{r8D-BfoIYW(Al#m0H7GOaF4SLP|v5QxnP4#zl4)AG1vvx z3y!0U3?|3rsR^dA&cqtNJd`y{4I^HQMy+n64tm&noL$~O0zvi-I(|n6jehOTr7_>) zp+YJHx!PH~w4^PW|A-_%L&Yzz__No+&k|EV!hu4!ctcqBcP9~N`zOo^zm{{o5mrS% zs93hXRc^E~?_nL>sR);WyF4*=g7qK4mWu+U<+>msC6?@d{U(k$t&$15aq5zD6!Y^9 z5$8K}-&Y!65#TJo7>4$}DZB<-(Mt{2e0EO-IeH=r`%gsSM@Ry=axK{qW3$V}e^8n5 z`_F6tC%XB){i*-i_W!09^_#XN69e5-r(|Sc`N35gXnz#{cf90Z5t1loL*CUXskZ6r zUEw+NJqD2>$!kx~))p$R<9V0Wp#0fJ2o;k<74Ekq;C%kuqvpe3UZCG<+YnR^ zWU;LecS(20S`v4=H&xA%WIzV(`m%sL9NXF+bYSl4=b#{E9AOxb2Py#qPKosms;^dD zTGMCsO>hMB6{fcgyq~vphrr2^w2Pjj0KXgNRQzlVS2(Pdhz8ZUZns}L>WM{i6uS@q zQDdLu!?4d{`&c5dhMQMj5htrto?hfzHtjvHWG)U;x%ry5KMO8tX51t6pzP zH5_Ci8TF~C&JVpYy$TIN0229Vgy>Y_?8!(N=sz@FoF0vyg-7Y_QfE*O{^wNV^K>>^qHq@Nd71{ukbKogV z1l=QDKQo9s6>In+W7LGsi~zW6>s3Qc1?j`S14$5TBn=CWt7OES$y2hb!yH*kQQ{yt z!(X{3Ga^2~m35vMhl*<51bl77r#(?7%Z86cJW$DD@1P_C=IYBG-IS$t%RE84c|RV? z{TM?Qr5`p^U8MK|rZp~z=33mcNBdmmx?c$sp;ZKqxog?1Zr<^e2$6TgiT;%dl@jpi zX+(M6a5JYij>~rbTU?uR;I6t$yMiTrm=*>i;c$ak;&pCn{lvMnaIPytwVxm@ofm2?Y$d@^JsMFs5etIPmt zH9SnzF?8U(g+pLcmwGq7ofR-8jopj=`J+X#97^#)8xhvtyxrRYp+i zx1I#~r|9L6OKJY`)T2Dhv2`&YKsXG0-da=)=^=DPW2_T>W^A^0cB+8yxCB9OoBH6O zCyL@6YZ|SKxs>4JpcsXU+3^)<8zeOZCUaKIyDZjkpA5oF-`~TM4`)V)qUJvV* zC%PYkT+<-NEF5m$$(p|u7Ouj?1JG+~?bzNK0!z7ufzq<$?konR#c6JYTB9Yr^|16& zf=uD|fnnG*%B{+6%AX92f}nh-<+XMU25w?G=3#23v%G0$_{>CBpP0zv6BFtB(JS34 z)5ei~=u`g8ME>WR{%L~$sbjJ*uraXx-Z8%y|A*i1ueirG++r?;=fDX0!+~+&yKQQW zM(5S_^AC9kH{x0`ohl;csLtk2r}uFiTyUR|Gog$+l;bl|`~yELADtrK1L&ROLn!VT zqDb>KtjGu_6=U?)Tj^<=R_M%=1A5(A^nc}>IUL!!Bg3OjqfaxsSPJp~rQSrJ*>;C{Wv>VpnZ zF{5g4JAq;bM)J!J)^snfAd7rB-XIUaGfhAl(t$GDEI9UFhKH9#OnY~YU9Y)jJy0hr zi^d&Yfb8)5**kEKC^xB#ZZaur<%I7)08Q<^HrWeAW;PGp#cr!w>?B<9A@}98jOXrM z>GS0S$khJm-36YUgG$NITXk*CN+KccbH?Q>vJ&jEhxxh2QB#f@lfoO_j&vKKX4Ij3 zdLye8EUs38iRq4IqvJvgxfRcTDHihTt-e`vVyqeWRkNW|+R`~p2r=*-5&AnK(}7Qx z{T^#-I!Pt_N7TK|(->-;6oaQ|y>aFw`e?&ja!o zRso(Df%zf@T*8&joA@S|?&&j>+>m&^R175_yL?mV9NHaiyIL!b353ov%iH`vw@bzGtSs=n`YLaK^4R1T_iOTwcN zZBqn{twPf9gz~_Iw0^+2Pbd%mBNYKafFGp}rrrqee=s=He?n4OK03Ik3g3_vR94qY z*HZVlyP0|0| zum6`)7*Q)PYqAQRoaUF|6p!rn$^1%1x^vABA9NV51mt$n8Di*A-a2$n6uj7~jO8}V zIE1}+Nah{q0rCO$+bwgj+t01d;3B=$iv3FYv0vD$jr58ws zp!k>N0&C0rgkd8Py+oUa_VlC^y-zJ3`r&ikHT9$j>25e0uQNRu@zcPf^;t zJ%igDH{54{d?rb+*PkKAvph!~PGyH<@RX=>!h_~OsymzgmD_f$7Ss8Ks5rBb(L`gi zYWuH%QZQ5We9%&K;;n@DgBl@?e^N?n&>wK|mlgiyfRm@cJ_t9H<|~`Dz8-sBYdeaG zPf@1=T7aKB;~U~%`WtJl8Cy6yeQbg*X6`N(iPK-e_L^Fve%M8$X9e;`x&W}JRI9)P zUA-+qO@PjQOi8??AW54f9K>2|XJ1JcEbrXlcCN55GN8P`eBr^PB^1~exJ?w5uz>QF zGYj3Synh{wd{Ke!iyyj?e)~jOR8! z@=lux^Gx@NjE^Aw_3G#-R`F8d`*h$BrMR#L$x`{|ZKA4)rcw)F;c{^~%UN(-VXv$G zB8tJK^@LWgp~hBLI5n0uZApkeZ2|d)!7HryDCJaVO>aHNO*7E?fzmvI1>FM%Kl8@_BcJhC z1hW9w>Jxd69$`YXQ!lHR&)EC+G((X1vvx@MNx+iBthk;xz2zhn{LoyG+)1yeIH4W0!=;_Fcjw9TIc`3eKYE#w-jiVV zR_v0Us8|_PkF>wCgl(mU74FqOlY2OV)o16hZ5*~%>xW)X(-NzfTvMq?4&_%#cRD(1 z88s;!JA-I)W@;t!1Mftp6vS075`5`=q*aYotZmL6Mt=cDqXHb;fBum1X?Le8Qc?nt zZgzuH)Q{v6)z3+k-L?WTn{AT1i}4edUf?p&gVfmvu4PS)h#Q;Ld@quoAZoKHgzf-s z0Xf-pv^1BkyNg2+FLy4ZBSget9nNh1+v}1yOj%$3GV^#K)9FmZQu2buBdv_2j*vUy zTuJd>!vp{T0RR6003iS0B706NvYx~$-`6lm`Y%kwXGz?5U-7pzde{T5JbDgktWK2Z zx~oizyK77Ys*-4ZyrOtr@|L&^36G@PIhDbOQ(KtlvZEq5h@pE&8>WGYvRJr15YW-* z?LOh{tKtn~Z!2e>GvH7f5BGHx-Qz`wBHZ3qh`bRm!H!B=an|CZ1JqP7KZ^PKbkx$h z6=9T;VXa@`=IjF=uT^|za~fB=XEH9@W;m^0L>W0U5~h55gZ>lG(F&>16{szyT=Lw#W(=#iDHKKII8cfZ^ixMQM*`uR4k_*5 zA3nr7p&NK>z%W37F}Q>Byv)Iye8hBwZar#kLTiSqt9YQ9z@ zGBrCAm?9OQ1}72m1wdT{>m^VLAL@rUb=J`AQT@XUKu45O|0SlQ^YxMTVbaI614S1BhpW$@ny9&^{4N)ZYl^ zT-t%{SD^ScoR~@2D_!S*-zGztf5Sp;DA@jfsz~LsY)PgLwOs=|V zT;*fc*TRVOGeQaSsg%sK%!f8Fe)ess1ckXe6WD0UTN|Dzamx6w#Ebf-Me#H6(p@6p z(J2@xQVkYXN3RoJM&kL@w7j*S8L4#c6xvfKzBO`kx&p<~wS-gZ@~?wewgUyr|5||# z1Y!W2p&mLFWP?Gt^gtR)F=AGJ=a#cj=?WWW2=^=C{9-P~>Ba-IUI9@T+WQ_Y%br1Y z`wzhR%L@Mv;Uq$xh>1e{5`~TRQelotkPPiDwmDs<6l`WGmnNTe0tI2VYce}4^KFw+ zrs!jI^byxYeOmP!M;_d?&vwJvO6^hxIcT8SU<}YuWSb{@?{g1oARVH6Jnc@WHM3%l zV#4Yc4vlh#BaJwkv)BPwNEVTk+Y%-q^EP}_9pjnOqjiE=KugsUAj?OM$I<#jw&~TG zF}eK;)#F;bM+{06$=A1+jM z^vtwObPRM%e+&PmV`5@sdSZ+J9q;g0RBtvH`MB4?!8z@S0fqzAOX;rWb(B*O0>7uS z5qGfPp`AW#X4oPlC7_&K2im=wVnE-Cd6i`O?vAh)Yj;io^-GmTzgIcwQI_Q?;*h8N zAvXHbuAOxnEjd~hr+k1ErA6$y2d-gS zq`7LX4$9h(Nz%&J&kl~tyf1^e?A-SAZ`Gs=_7lSK*<4qtz@rA6W9s=Xk=hB0I!aT8 z1gk2iDTlhr)@0$!Gza`5QBavZleU6W%cU40&L|tyjmXPU(lW7~GQ^GO_?CHYyFiaH zYQ4~fnJ*3WIo8=w3AT+LktQ8gVp&>R%`k{%Pnn59qq}Tg7+5+Pt;Wn-fwk%SP*+mZ zgxeI1a&T6~Y*^KHa@d?n%uiFl&6eQnBwn+huft5t{l3e4K}5#t8A?L zVjloWzwJtIi27#Qw=^*4@|lsBu~m=&SOAJipeq$%vpsN{hMt_3YAPFt`4PLk3R$lt z-r8QEt>i^+|OsjL(X zny5CufTKVgiYV6=DtURRFKc>*41+D{CCHWs7(PP(G2)4$FsW^y*LWbH8P96Q;g|#1&TbGLxY@ z@%7?&U^TQS`O@uCA32@RKAoJM9uBWGJ}+^=8+|%tr81@m>!A`?QD8Zg;on5Qy;;j) zt6F+LD%7kV^F`s6^|%m(qg7+H7B=uO%QAMMQAPL`uG!I@sI)^e{|7Q_YO|hO&ru^f z{J|gqFC%|w{<9Xw*bekPnSL)jDJYxpccM-2vXL%sRRvR!%8H@lOy80biRTYcEQT6^ zA-lX%vBfwz7YX>9Nyp+g=}lO=(R_bDXyv~HU0BCw0k+t}8I(jb_RQprpO~Ef6Cg`` z2jmwo{sV&>`w0dW<$v2s0YiinG1PN2#HGTOu-4Z#v@oT6>ZRY^N!b(~?aWPG4RQHR zEle%#4J~k;3~?0=&7V~T%}mX4`RsJ<9Zc<>SdxUJouj4W(>)ZG_{9|YBesH8^C~h(zPoYF$37Cy=Px2YJ+I~!v zP2i4BQ0AXT^B@k0h`o7%#SXV-z*-mHyc2vKM);mO_nc*eHxiY|)!z|^5_q~PW9oERgkx9$&M)BukrOO<~34e1I56n*wH9!X{pPQ>|x()&06j;cgMlH1e zZP4(*L%4Lyo9luwJe72}Wgz1a%8Vr40{D8RXm4055>|)h?fW@tgmtM`_<+4DD|c|E zq0@bevV$CO{m4E6BXY_ek;>j7_zW~#fsifvg&53B;|r9Q96g9FY6O&9n|YTrP=|Zb zyn=-ZO>vVWK8&@(F0eQNal)%#cCQa)P=1BAhCDr?LEW5-oQj%ESL}!K&>||m|CUN4 zInU||ePr2cvZjRgusOCF#29`NLXWnJr@gX)Pk>w821En=P!>7KDu8pVXfIQtZ`MXV zWuG@}`IrQY)?ULTls03_nLSy@A@QqpFK~rW)rb)Z(&hH5W!$gV>+9^xgX!@z(lQ<9 zD0P>1JEcYpHAD*USFR+BGVV`d8p|4Hi@VLQOEdTCvcY+ ziE?5|@IKz?s`M5P+=`gW8wCuaGW=GyEh{l%xb_|(LmesgBcR}U`==~??Hsu5=iu`f z7f)U7^y%mF9cvIlEwZNDo8TqM1U7Bm-6?y~+hP9@q`~&bZQdV77bGGmpQWywwbkEr z5E0?OANZSh`|s(Fn17OX`KkE-a_hh2moWA|ltm_20p_7S)Lo*`U06cDTN12YAXRdhYl^54)k&;Od-Hs`736*C0!kP2XRHO0b9F zowRtpEFC#gO{AIH&+v+lpcpn%>Y!XFEwX_WfjwqXLwKZ0i6@mNmtm4(PzR&~*mDGs z=ICUPM~LZD70$pzv?~Zs58aRypHG}92{ShrLr`ESo!)3AysLq9n#gZ{cF%p$_|)vR zPd|;{n|{(EiP?yU11fcPC({Y&RQwN)G5>b^F#OjwJ;Oi9u}YRy(9P%F29vh)0zV z-S@Tg)1a9wCA2|cF*ZHvooE#_d7QJL4Zt|;I$_MsnB;@IEeL_*pWm?Zk6OL!IP3XyN<9lKWWWP7x zSRzwU79`wekjs?@aZ@PEpTk}L?LRa9e_ady_0oE2Vir}pxTLtRt6a)K=z#faImBiu zOVGP=@Q6h;c(Wd2Xr`GqYutd{_=>bZpbm|B@txkQXs1~XnRUq>P-dyY)DkY}Xo}bg zP_)-2EP}3qzJ8_ZEGsaB8SfVQXOFO*g$$KHtr?y~ImdzEP>NQtKMl;Nsd z1}Dri*2|*{M3;ZG0BNXosoNXbVCO_o(0dd=b#G+?DMDae|7zf%N67^srcU}mFWB^E z(U1htmSax*5@&Ac5>F{w2JWEDZ#Bz&R%pEGSm(_lCna0Z9M95$ozlK*Zt47@M|mUW z=es2tCZ}PzD;FFyW;tOJU5(w$;o}@7PYcGLGaI zbg_?6Drc#c4Jy0uk6@fekH4IK4k}o&+O0OtUN*g8=r*NJLd?v6Q?3H<%hIP%)#QB< zJDNU%dKPOn=P&b4KSeVCR{IFgzztW&!XWU~0L!i(G!!}V!V7BpIc|ybO!f;D-uR=; z81SH*R{cVChJyhIfrM)dQ+ehdGV41fAWfXxtQL{|Z84DqDCrP<2(guOUF?&O)S-4( zK5CCD?AMO;xzaiZhopM5Que2Vz9_E`hxQld3;Mgf09#HK!4>bTsURp(6vdNA6<6hq z!N(4*ysUY~sC?DPj0U3F5?*3EkUT8zfB2`fg#A1i%b|}YY0p4Z0Y&c_HswD^1gsm$ z|0+(UxX>pG)+Ki(XJTmUJlTz74*;k<2{x`-z3_rE-0n?L#hthPy}qqW{u{Mn+Ep0% zN*xsdOI`dS zf=mMXAFqdrQ)6AXha|eTbqi1iz7`?G#hDlE&?v-qzE&+C1e8P72#nBE)2}V9UP`?s zz62m?(^6t_Na>UHURR?QT&E=Zav(|XT%Co!E1`wkHFuBs2Dw{cXQGKXRmeuW2#Q5v zP1v2}ent2+q;8PEc7T-FYBs-*y_XO1^`&h1tFlT<^jGLAE?cqWvxd=rJQjc-$`IH| z5}ARgv2uL$i_%Uu8>>B#%BA}%a2#}4FXZ;pZYXnJP83m*pbJ%esFb#aX;T%RG6fw_ z7^r$M=Nsbl@|1-0uyb`&8`2hsElDd%ws-ZYJ{xSP2ZOG3(5&yV4$h7)I4i#XXv}_w z{z?zKE~}NRg6xBFHo~bYJemR!Ek-?h$VGZf5>R9=#8<4RIj?$o19LRX5D;`va|*F4 z;3y|wGu)Z1z@*K*jCZWCdT;1BLV`6NEfs@Qu|6dFsNd0-8~fCNum|;n^rJ{7*aeee z-Z-T4<2j0f#Ze(Xkyu>qG62e)s+ZQ6E{yWgQ5`(^p6joTfRH3$T_;mL<14oiuPvTs zeDPjSSpE2TTN}#$Grr= z0oKqmSyt=$TPi(_t{!Z~Rp%AsUbyr(1XDb`xZb!voj#J>9E8M?z-1Pxy~Qy97Lo*@ z4hAwFG(*S7Q-iCe_f*15LxTUxnn*rnQRj=!M(=WxBgJJVfGyi1Z7RNsFB8q9^~Sg( zjF71A%}%17vbX@gHhm(|aFM*1|ObQ*Ng87JUuq}$f8!#ADe@*2oW+^#Ht z)Uy#jGsprXv_XyGYQHnO^`zk!(YJ6~aS^n}%)Ovk=sk)7reJ>_MI1kMbs>eH#2kgC zr4*^;1*CrK>`>6~d;+-gd}8Xjznyv>N6+f(^labOhQDP`eHL{8n^NTe)6M^ilQi1; zxJd?CdG{h(wsm`A0whIILK8H>r}7q|*S!h8N>etw-Exl%i;XNG(o%al&rDq>hk{cC zjsuKBs9MY-j=H?bHlcDq-A)G?`I?qY;bE@*7!bg=#7ZYgDfmQ=*qd~3xRm8q0wy7BK+T7m z!n72kIqk3b9cRLUrxZ4!ptzQ+cWvc%su_wf`D+*LFhQj>Z4BXdr-_5I)tKDjH-1qH zr;y(JTCsjto02-oe`6~JKKusT%+~XIym~j^*4O=$v`Aw9g;QWIY1FQdm9Ij+rB1!* z^`~p*chq8!^@*Rt!K%`NRqysOFqf!o){ZwEiVd7WxW%MJQXko{SUfZ>NAI|VJ-PlD`NKa|pclVhhg zva)obHngWPu+g`t`PC{iShV=^R|4tdj&wQ0v~>KOQ0Ty~_GIQ#4=>h=p!HvT1UAmk zNY=T3fp~L}s<#{TP^&j)B^iI)<|yQ02z^z_GF$>T9ASNpb{TbmeQJ|=++TlG_vpmp zq;X*t{Plw#J$@VvyICZX5j2&8gNh;cWaT1(FGs!+0f{k0)T(o_z>uLF_@SKY!xr21 zfJi{zs}rZDyf1kiojOOA42dsM>-r2^QCD;G7H&|l$D0w;*xVQ!$N6q==tIftD1x9& z{aIUwLaCu_N+XD4zhIxgpn#m6N=ma@DMZ6$#|wkT<}C%8w-N`Co1ESnwah_P87HY7O}m^T2+OUN`%<@5gMD_IX2Oe`s_Inh*Ateo#HH<4jLq~{&>%O4x$_(>{`k97 z3w8|mTBo=zPMidDq?gwi`)UT03p#dQxOYP#HPOaWdTu<@rC1$o4{m3q$jf{eqCOzg zaB{9C@b4!MfQ+`x${Xoo`FYJ+*~jfx%~+J0ORy5^Om$BMVjQ;Kjzba(XM=y3niE1x zoKV2h2yi`ayA(MJi|PU`%aGK|coYV{8tGp}1BbkfQ2S zj2I@zE+cvoR$KLq#nw+)Z2pAB3cuyw@Pi*NALCtD6VzX6()SAk_%j;I{E>K&(UN>8 z9=Kvw4u*DChR>2i`i|dS?hWk?b?x*`a7FB_9c}1dJ=x&jC<(Nfg1pFgLZbQ`(_yA% zq@$x{WMF+p=%0)K`49X{OLB+M{tSubYg#6S3MuBB)`hxd*6466&MlRSQCIe~hPdzH867J(rJ4Z9Z z8sQFPgNNaGO3Qf@Rkk>%|9&4?=2PTL39n(OoyQty>a$9B@fAq~B50e4Ckua7f$#uv z_6yoa_$u*mo{(H!xuudfVDV@Awg=Q})*8vat09_;ATz#;Al2kke7hwtoDv}6 zW|k*g5OA1iNKq`tlG_U*44kb*SQh&0D?k8oQ9I<8b9n^?6csT-15(NDE{-W-4}x&ly|*HZ=phj2P}T3S z9f|V-e1vvF!h0mx#_^K8wk2(EE5}}!vK2z@q2MV8p2)(g?SEcT z+imQ7brh5l72tERu^SV;fRd(%A#`k%Fy>+XX^-OwXLw+$jO3)KytnM$(<}7`A9(+9 z)_X680>1(UHtIB#QA2g+?nR$sLp||eXfQ*FBvk;X-}0A46_7^CrpwN{9%&B0R=Qq% zd;8eYPd<5UZ14;Oev+J7L6u6$SgmA1;rMBpYvvp(?0z;<3lKda1CU@+7CTyzeMg_) z_cYZ|NDEDgj}Q-T+Vz8*uO?siB=fPwBsa0TguC_48C?d$ADHq zK7JizLecoqG?G>@o`!lEUkABWx4Od&g0MK_D6ZZOnt?Qm>62w(+Se@e@8$LQ9}z0Ln~8#Tt0nW14GNF|L9s7{EmWRR`w32 z4vx=(Q1;&(lc;}kN&0aYpnvTyzon%6wj}oi+uy;Pg_ebmmVt$i{`-O-GXw39;{UCW z`8)dqv2XcyB>Vz2*RJSZrUV&CLlDtq@X~l1@3I6t$KlBHJ0Y)mX-AcVwxazHxWsPd9^9R`)Q4D)xaOwD4*d{#R4m zSK~wZr4YV=O>f$Oz5jTdgd3Ma{)@0gGT|JZIg{f+gHE> z3V~nb@s={qiTt@URV8SqjS*q-0BJ#19bYV&9FpTmNkV|b97vQJppb4meikyc!$TRs z=YtJLOlD10v`p(?^VkDa#gBRRLx-dF1BH6x4`2V*m;byA{qDb|2k?F)$WJ|h(lx|2rS@SN!JFRS^$H$Q>squohP|b9oHAE2okAktN#;G4$%XVE_OC z|Nj60AphTQDFTJMXn=J@a?*EnCour)qz7eqe4laV?mZDSUiiZ`lf3HT~O+ld?|g&j%bVqid_8Byv*FiSiU27fdD zOk{4NHv267JonBqyy2n4DougM2NK36GS9TyVTj(%amc%1LqiA11$#`*A>IniiQ0g0 zN!ekO$U?QUPbAWQIZTU4XE=|Q&XaFwimf~eNw&KOh_^N$jKTD0gkTog)ePBG-C|Sh zxY7f(gYoJo&nWL^ZRBNK>RUJ|!V;3tt42+Ragn?vHFdVbHqV)S(O9Nmg4Y?fj*EZx zR{>z}@V!DAh-KCq&7ESj)@BLywW92F=WRWPDE4J3_X!b--&XbC`*Hle+rNpeBocSfN zn`{exKr79H-Q+YDvdD&r5iZYJV%LYr7jF4*ZU*NtsBdP=f+ueR+S%JoNvTd@Oyr8! z^PRi%qG7XH!srM@+9AOAtu9^Crv2^$a8tz4Y7vAhZiSSPi*gN1(!t>N%olK|LG2EL zf)O^T=5;`5HjaVDi5a$iJ`M3_qcB4K)9YJ5gO2ShQjIXwYicr7e zH;zq~iW0@}s=|z?deg|vTHxA~7QJs;s;Pxf>8?EX_-o>jl@_w05#G+}dcmox+8fyQ z>|fo zt&cu2>A6;axS=}x*mo|3@tGB#oF&vXw|X7IA}}cKF(i@1#W%`$UD!b}au&vPP5eyC z0qCjI93~hiZB%r<|7b?AGZDWgNUGNM}K|y#&3>_^UPJ*p0n@_z`k>VV*Gg)jq<3UG>owg;%(ITUdbNH4XQ=QsIJ8#q6ri zOjWoVqgvj38H*+y)OpAEGXt?h@vOSAV4ye>!tf`rS|b8AIm9V^UE!)tv&3YRq%L8V zwb~NQJ~4M-nDm{KFNmbJR(|dx+PML0n7c-{iU~N!B<;N;9-PLERxZ%7W(RH_atVQo zgrmtVmdU|D;6euHg*y?JoGx|;Z-+d$Bv}HC>hGwb=-=J%#ZzF-ALN*EW}(fInYA80 zRB&gXnG%(Scw z&kKdm2N;=uI`F^YHUA3QTdrNMwkCa`4Kji-5)F)b@Y%5)Uw9tfY8r?44QiSf#cVb3 zZ{kX%&84|Fq-f2i`AAF$@KTVB?=;djaYLXNh$S3R@DhGX>M8h=Ms!pN36K=1UYxN& z*0;t4wr?XPKGj~OT%XOynl^e%=N+}8vs%Fe7l|zPdKxqW^}3iC{yq8l$f$7yhH$G0 z?Ig9`XqW!nw!W*NmxMlHNDwt651FKV70>HjQhT>-Y#JbC zOHl)(8sx_S@yF$ds;vFl%#~zsr;c@3 z+H<*#a<$G-zXbP1pa_wr&^rRseIX<6H3!_P(G&7!d8JNZ5;DQPBu!F&%nRKtg)$(O zQ-wVOs=jy;H>~2Aa()wpZtPO^G4X+Mp=DcMd9!NM(S4dP24q3YbUgt^pyAFxkuAa9 z!be>O(XM;ilgv%9Q9h4+l1~@{_W}QHtp;sGa|rb0w9VBU`TMz}5;I7S(KmZz!_fT_-8!0O5lm-b)rG^@_la)^ z`fAI4TloRGN{y!l9ABX5SXt&LW{k*aJ zk%x6MM7*6IEsq*F+ z!X)1bKB{weV;RiU&~3cqbSqSWnm^Pwx7})}3CYO@Ty>{pzHZ!A52`HB~uU!iqvqlLeK z^H69kN_M7(3o@6`8iU>9s!@N+cwZOsJ&Xyka9QnaT6im3Yen}d+PWrSKjnSj>WIy@L%9>FeG5f-(zzsH0&b?maqOgjI|xeou6qr(rlFNE>Uk5?=?T{Dp5R9P zJG3KlhiZWxD2>ri)~(m-yx6B&*qGY*vjrgcN7(!!b_)rOBVng&X6>wtE9R#6oCnv< z!c^bwiSRxj`Uajqd^drh;S|*QgvI2)Io>}3;SWEPCt}V<%fiUO@NIYW=i-0GBmZjG zw62+3woqb-x8}3%c4B{Z_8c^R`Av*qg1};}1^pxuQ_8B>9#@uKb z@t1vtg|p}>L~-b7&W^LWu}GL$_JxXyN7ki|Mk*bj2EZ2a3=FvHj{lFlvjD3rOZGh$ z+}$;JAh=5iPH=a3cemg!!QI`0ySoKiyt82QG22He1 zS{#i7Jj1HS0DT-RVT%9#`itMrDydNmM9`}Thb}B6&xkax)pm+c`hK=*T5WR;yr`st zWB)me!X<*NLadEmqA;<1vTl>~sUSAtlfbH(t7s-mHmK#vIS;}Cw_qr@wf_zKL$(E_ z48ZCWYrQcT>^=_mWu|q+pcf~CSMYda8bukwwvJzl6UOmXBQ#?~XV9Sp+{F;$TsBu@ z`aOP(h6KrL1R`&7J21G`q_HZT&+s6R1DfHPqID%BYY}k6rI5X9F13>5lUlb^C<`-b z{!+60IUD=^zUjpH%y(g*pc#DDINnz{i1X$IX!sdqaBf$rYSnNpJl2wRXM&Yh4-AA- zARfmZcF<(^Q#jw9i4kEX&@-e{Ulc%bPpYkr_@u34bZ7)ktbZz*Z^Pdo$o)Ay>;MDA;PMt;q*iX6Q!28nu0`y zY1Zdub|>O>>U`sOAxb_UmRJIl1L7Zm>$~w;W-6&K7+A+~e-%T-yz#XOy{=+ZiBW4f z*0GmR?{{~VqLHA1`sSTK3L5^4X#*o%ACr#yde*@WyFSV%Dd~;KM9!aRdjG_G--zD% zS0ucTa8K#}_>p8dz=e`7)Vz+sN-@r@lo`2Ls*N;CPXZH z^~S2J1{GGu5pO!v|1}WndvcC4lz0M~N3sZjkg>JFTlKz&Yj^?nOvks8Xtr{Y%aR6S z`eS)d4|8qR`B_1q^e^Cehw~^ETyzAC3#p}N&kxtkO2{J|g&Nj~3bO(as*7UVs@`Sd z#HBi)n!mAHG5n$@_R00dii}=C&PjP3h$V^uaQx(Wt87)eqMNkEygZ5aBZmevZ5)v=moFb!QiLRebnAWQL1G)P9;x$}s6xzdWb z{j(b9QO4`6D+-Q&A{^r)oQ%9LX9ww1d?P3$)~|7N;&u~m9-^{kJw>G_rHiPAS0aY% zG+MZqGX}))Cy94`$YpBF1Mr@1=OfY}3#fRw%fFzLAE7F}Vi3m62c5|e7zeg?rd!`L z6f=JntLHMHbbGqKbVT#&Zb+cGOK0E0gNc&C1~J-WWr!s8i?y1ho>I6`rN26zMJIYt zbxin2XXa&Pe)e9bwPS-Z)`>V38*L0BDt~OyJKK1CVVjc|<5=bCS+!V}69Go`%F`_8 z+Ka@&j;+_b?scmDF%lYiRQ32KBPL51Fy~&i=N09$}X{};eZ%arsf{3ilDmQ zfZpDnVjq_1di=AQKcjvsq%tgne6Po5*`8D)W+pp8LG{iTtI~7Zk{`xIo$-CE5H&3em) zFsK_OMGGrUcxm|hb{>dhYdiy5$EVmAp?_=Y{cYFo#v|1O*(g+XLrrE^D`?@1kf^)Y z|ID1?r|179Q$^gH`- zcOeId(wY_7pnKx`=O!2r`xlt2#1x5(y*x};eYP)rSYueHq1dxYZ^36(aj!u%r4h); zfS-T4h__&C%2bPM7Sost>BJa{RD$` zMuS<>N~nf4(MtS6Z0!T4M?xA0U(~?l8(~vV{}~XrPC98uSo!OmCAY3%7z8|-LEH+o z8bb%=)ycs=u+j@Q>M-WoQNVY+F7I#9%_)(cUgk4oVi5KJ%GL8 zed?`dp7Je0FB|Ch($?q@QooE#cwS%5WO?eey%|Y`XG?H*nsbn65 zny@3ZKE!`jzsZJ3gFsiuQ|Ka{1D!LvPlyNSO@sR5qdaRy--voDhOPkoJX&P!3(w-< zgb!{znX_O}Or$$PPMSfTGf1k})^Aos21gPAAOWBdV&>)ffde4Z3`VD%%JW0tn89>7 zzqvir&=veJC{y34^hx4j6h#Jbc4dEV+x~czsFA(Esd5U4d^j*G7EXk5NBnJ@-7wh5 z_N#pt>aQzt56>*Rd473*r!ovcZm<(M!1Eu;(a4+Mb+o*1{e2k%Dh=}Y`3nrcx$W0f z%`1Fia~@VExVqseiP=jK^i&baY=%Lmvq9<+)0rk>EyMhufD^pzgHv zOO>f$Pz*l_8F(|Wm!ui#*HeNRTB2?PQKWme(8m_B5RW9! zcd?;8Ss)0;HH81qmI~DB>|id1eg@B#^Uhv1mgLbxcq{yqZAG=5X1Cr7u3(qSB%sw; zV7slgB1De?2iR?f24)922rQdv9Rpq5Rj&*^ia$LTZ07;ds3gqzGJ{sTfIsY$28%@B ztlj2?k$~^IelRq%nYAD(CIG5Ss3qZ1A=WG%6~a6M{n|zPmc|Q&>v>*6@?%~iA`?RP zcT0FJ|8C2mVf}Ag#*b!xU?lSYrez3zOBc|vep}jOrekDe_*Mk^{6^11#;?Qw_kY1Z zi*_1(YOEJhp-t8kKGOi^+3(TS#qePE&ufV*T8}(ldO5Y)Xn{iJkj_?WOz?|iTThGA zomvOMU3p`S8hd&I@Z)~$-AQakR3OF9GJFl`-)w9GtFCv3?Jzaz8)`{VRY|uKoH^yk z3RGS zw;CCmFoH{yrFLrFt7XdR3AfBfEIBZ5*OLrtyw5{(%CtqrRuzkN84!W5YeJ)SUS?bU zrIH?FYZB*C++(*Lb|a}t)6ldCME#xQzx-vT z1O(6auXNhqym*r{UVC1h$kbX8U>^V?2SSV>7poeQT{c)wMFGEiO8)5JOIv%3ds{ZWjS&assXAsH$=C6VCl zBngVfaiM+DpZBpzCvl*=1G~RB^obo&5q!Ib^T7F)_?>s`Cuj~Me_5Msn~ta_DfnU( zS-{!*7v+H&9=6_z!ZVBFE4TPnhU~i^5d8W*d`UZPQzM~Hz0q6T*Xj#{Haw+G03Sst z-&7Q@vA^q}O4-avI>2PZJpr#A-F(RimX=)AFKxB}HV|H|a^ig^(My%nS27rbpG`}q zps2hVij`QD3Ilx#NzY2i3K>UzCgV`g$N%6n$b|o1i7L^;Oh`y;Ky*cBtW3IzFRkdc ziMRE!o##9#J(gPEyiSkUaIrq^@Yph!KRnY~eYW$lreww7K(72Mb6F7s5-ag8tNv!Z zb0K1UvXZ_ZSIL);16-hRE++`@nA7>pTn6()tj?#ZBbkOyPjg9285m?C#!TDkpK149VeC5o=-h z8&TP!imJJ}>ly0>>?X5jJ&of4MhgAcN0*g)C-kAN@jONXaJ<+?w@KBbTE@cz@8(1! z1d33UG6ZGGslCZGusbq~tkD2K!}t$^*XcPu<}vs-wXHi>2zyTDCzmv0tPjmJu7rS9 z9=a*gFKvi?;IROA{t|9BtX5NJ^WM%aSVfvdN9}iJjUi|KEN&6JU4s0G5Xn*^rgpUj z8z+n5CFCy~QmC6StNa)M*sYk8P);OERBMcbudoHE&4V@pv0yi7E*oL@h?({tvSVrH z3Sv~n8f6m~!kCl(j399v#l1vo3I_hr?QL85QClMT6wkCOEP;`^rxq+qTir;vFrxHO z3)|2nHOq@-#s@r$I#0uRPO#(g*dX{ND5Es|XlFD{=)9f5Yiv-vc zKefISc~}D7h3POi|%z!{EN+NC<9c~902knK@>ksIKI2yN8Mi`z#BCp6_0MoC z^5^{fu~H3;g!?!C@miRf=~;hE{rrrzEVRE!b^d1fFTK{E>S;=1EORGtPSOi}v5?a8 zswj{MHwaYonUh(9CYzf%c`A+JwNALHR&xz%f4fF2X*>2F#&tM}pon+9xJ2F0{0t%p zPnoVcb3giKR~7Q$DSo`nsF35oWy zU|3tU{4whQV`o6&p(+8V9<=iLcw8{0TRQ?@y`>2GPj^K*nkii=H_{)2oBeOXDTyG7 z?AfpA*ZKj@jBeg#u8KFgN3r^VUGZ7EKY}T5l^2hp51le@2@8V{$oF&J!J)eav$rF4 zh=un{z%qZv%YZdr(WV|`1eJ1n)kn;7e)}#jP&Ijc1BTU4#MX66$-jeJ99mWSobyWB z>&sqN@q;h}CfONJ02|WL?($Otjz+`aF79c)q-GoKgw57*OZp)_lx+(>ewTsi2{^E` zoTrC?cx>J|F4x-SEW{eUE~U;4oqF0$n+u$yMO;%<;!QGQgrl>kKgx`?ZL*xLV|l}x zxg|)0M0$f^r^^%Vi47-bG(|ZS4{Z9QSb(016MfapUjpqRA4c26325+9woA*~9TM5T zFedw-fflATg6=Z+ohzR`h88X<*|56oF>%udc*G6)OsOIGS~P&-F*UWjjC4qiD%f5? zLqf1*^o*D1iWUSwR0$07_NVq!=4i){8p)NJHg(}IqF9DQxjxq2wT+aY9#BzX4ILCF zRu*b{VNtPn`fw@)#o{L0)lJY0Yl3@6OoYjP5z}u|vju*Wb>!>bf#;A6y4#+It|lFG z*uO-aYIa+2n8n60s^l_%D0#-%dbp1)M%$}-KL5o(d0l9|r6#mvuNuO4beBM40 z`?FW+abmsHRRB?%?eo`z`(|X!x>HQ6e(HPzP!Q^oQCH{JpPL78TPyS+{Rz z9+8l94>_Yn-r7!fIw;u;hYPgGu^iv-M$+xYDS{9#vvdwMnf24N8ABRzr}ynyhll9+ z5jC4}#HPlq3X2wI)>B|5Gre~_?A#StCsE?F!=1AWlp2QjNzu|ARJ(~I6bp;r-tf3o zX)GNc5P5H+4s|BAW=r|moiuMQL0J4c$8&)g4qHb%sGr`zgah8Yr(`*Q7&R>P1dQ1# z?X>8g=b}CM0DxHyVoTif__kb?1vCdsWNnd!ies?|F9LH)B>8B}(sbzPT;UqM!N=VH zD`;(>L2LO8TE!pXF+hB5=pW&#_#5Dfi_+rKV1G}aqsZ85Y1!iI>RIE9>pg!p)iQsk z-7gI+z|iAvo!K}YvvNJGb>{BOMSpMiIy*FEs&9VnMq_BdL zGj$_75_B#eN&=6gU^Ot%6y7d!NXmN(F26wzZ?>C$nECF6^(IFidi%B3*J@kY@siLe zORKlZ9xR5V6}irNW39BbQ1L)%-xHwi)nP$qff53y5Y08>D$zbyhO!mCiZ z>4f4eqwO3tO_t%W?1o0WL!{U_qrr7awA|`D^}>;p2}TPa(5!*Oo0CGe)n!uaQ;xkF z*P7O?c~l6ZC-|A8$5tR%)pm#q6LAL2@*(|vgS=Yaf=!>Yc-hSRt88&hq;lo4r=9~> z-h6RGvITl-%-FgGaKg^j=Lt~NRLG@<=xTUK9Ld9b)7dzr3@P`HoyA_NPAAwW8g*O# z>@ThMKNbN*#HYTzFBrlMx+AS?r7_QE{~35k9A25rw}@BP_y9x~3HHN`+xPmV;ebul zR5gM-mKlvh2`|%k7ngJd0J(wIG6J=0_P2KJMlVlJ6d(~RKbmKjy1iI*J2O3T&ka4A zoB5=Owp&16Y9r*olQdvXo}sIOfpk?03jZY4lO!fbED@Ce4=7{z1?f|7E)UOmYe0?% z|9x>?PBlHWSJxfbrSTTAj|S*KyB{mUg5t0P`>PI7IQ7JhlOirHEXkK0ZRcMwP7ugz za?pX2W^_a?Lj<#cc~$Gx1kzzFo|M8`meQ;{RVY_NR6cD%3z&YWfXot=eT$BQh~7MZ z-(YM0)LxUWJ6oV3SDL13Y#%#oW8i-$=An9IG++aN7gX?&+RVfvEbM;{i+u9gzm7Xk z!dW@YX)z#rEv8yzV;@Yvw==g?4ns|+`)aCy?g+*{)kFV zfA+_j7Y%EqucI1CC^DlyVx5Jx;JnGIXA0-?!o*Y$*ps|gTK5(phuYv%U5lwPibzDZ zh%0?RVtAa8*iyZ-=5c+CB#0_HWCs3bC)m+K(u+@$TOTy2h}TD61P-6d5B6ewVca?B z-EhvX_!o5&Vn8LLbocQ~cLIeO(k2uI(QJYCRc~BqQ87FTP>l7P{Bt(1j0z`Sr|A+4 zXVM7Z?7f%%+;h!ypHDR;g|UwgX1-PBSN z^mo~L$zSRxp^&hCvuE-z4IV%CO=kQjcWI`3<}Cg1^%q!a=$|LQ%*y|UEB=G*wIDxi z?46rh>u1(6g6lM>nkg6D4{Sn8*eBYwRBg^=kC=I?l{G_gJN%Q1w_^@wyqRtOdJK?w z&P)3o^cmeLV%ZivF)SYaxIX)1slp%pqy3@Td`0xrQk0^^;?6X!O$P|_aQ z00Ex}$+G$Kxc6w9(%-97(E@B4A@-Xu^w2gy@T|pM-#sL*yCL=;y6R30z90^kpG)6S zR}+WwPFArePlq5OFxCd5u^O)qSKVV@bA<5CxBI}}r}`jt3}Z`}558{RE&Qn$x+zb~ z=*t!R8pYrZ<(Ym2^H+7Mt!EQidw%)g6v0^68^gNHy(G8=65ah{Tx|7Q@`s&5(1#% z2O$Bja``s;zy<0$&F3o+qMm^e{`^Au5%Q`ACv+=EcaK}iFAoQL4w3wRwJzZI zLFkYFNpK`caXklo5j|@gJ*QulzmcH6f8)FI_b-zuBotXgJ$yMCerZ{0IT_hs>ac04 zXK$yj{$^|!uL_5w? zFD+zxlxN=+^-R@_ZQEFtE+tPxYdtKa2Ljir28SaimU>2TfL$<$7-heezi=wW>_HMx`5_M-an?lhYrB8`;(%{3b^*I%4f@h3ywt z8GCee693#R|6U)D$shw2d~q`lfCopsWlaZgguU=Bf^K?BG%FB-ld22Ot#17h>f6fJ zpbm(xgUxcWXJ&n-&=L%h7I`O*Zh1M)H*J35-C(BJ{BllSXz#cyQ{a7oF`K|xL6TU% z*8G^7f-(Bn2x0v>LRfx|5PE*tCE$Y@&3)E@R6bUdE-WK3)gRT>{=?7v>#n>1kC^6v zb*q0Ck9Z>Lp)tXBE`V2#7AwHm9}bgFh?YotYpoaJi$PH7LM(m?OdH}XIJg{XU;Hvr zKJCIxhCnGe&)U<(hEb)F+w7K-rSrDN{x^V;{N7EzHi9fQ-)f`I_I)Sw@-EO!(Aqq}MH6KV>2vs4&kZk~Rh zwZQ^`e)(jQBXFA}+wRcGVpFQK{lW3!B*#WxuhP%w&GiAUQE%d6JkN7TM*o+NfH4O z$@dk@EsnMK1}JO&3O=}SI@6!E8>ThnsP|NR$iP8}S?gda3r`YiFiW@fkbAQoOa}y5z1^+z(!Xg z)WdQ9=XY`xp!jBTj^r3e8Z@f!ULwdny-YM$r=UE75=-;A0%VCsj^PD^xYH~+!Y)D# zNl#SIi#Jv>3+4vD>l@=QLr2k#K!md)qwZdRDSoebaB|N7NLac5I&6H7U+YDCoJGF9 zb$DEN)OO#cC8{qmW3ae7_Bl;S+$x;S;fIeFX2J>)xW;ZZ=fQV(=>5tmraINxdT(O;y1ER`tiNtM)O?W4pQ*bxBr zq>}%jG*8Ulx!}x^E{~jRs1i`jl6Fc*{gE=6txrx;ZA33L*vds9lP%peS^LM2P^-zJ zo!Ha&8%EWF0`FgEdKFFR@L6_+K2gy(l!UufTLzSJVT`;Xo4xOgXjDreypY~j?8XbA zvbqw`vp8xslwx>v7GFqnk7S_77m^A3$ z`H8?QAtu2m@pYmoYGh_)tEWr*Rrco_I|+Xr`*X&Boss?n#{Vz5&p!iv=yi_le$&#G`&z;y!K3=# zfY-Vi8elqb-{jTAVR$??a*_MihWY(${^p05^Smb7b#f1T?M2Au=cH70uky}kJ9<#>9_Lf{SA;svMP0?a=9yF>4Vcn!p@ zDUwv1MX|_&R0&q;u)Pgu`Vep%H}AkR5sQTQaR*m9EpbY55Tnfb1v?i`BkW|#LZZs4rXAkvq)#UG6(EGtF`iLIyJ4bw zUm}62ENy}If(=l}jiiAZXI3PQ2IaSJ^+G4Dnkuat zl-xEs7xlBE`JB6g>bE-k^k(U9^lgAg7CjraDlQMgd!0|{Rwk4Oxk0tGs%*xBtDR0t z)A*QWr^fMx)=df`&{YS2pJEYvA)zEgX0(itJ$L?#CCo zYi-kgkEx~MlntB-*RwVdiUQ`j$>%eq6EXA5-qzR?HmjL}3BW9BQ^HOFgyW%TSC=8K}1V~hsw2qt7XPekb88qTe=zbxxvTF%HL{UDtk=%)r#`A&DG!2nMj2mF z5w*0EMl226uYiw!27JUb;D1P*!@o$vQb-LWpj&4JYtD19Q~e|0wSPZ1{!s!Ci3H7O zWMK4dV<%yAonOTRk>I~pi|IZe`XFW(bqhEr7GbUJ`AzNs<&fh%dZ{W9u6xyP6ks23 z #L*4{rb&d6ElWHl2JOFz+eVEG;H4y;b;_T=%04{WKNivXMa#DO)5d>EAOZP8WZ zT4ww7bKNWNKmdl^uwy#IuLvqC5NaDePNzaFU-4)bmg}JN#bDZNyI*>KyxY~yr5_6f zTWhY}=FLX0%XI);gNueHz^RZWCk`~-f|ZsMv~3|NuHms;b}rTk1=)#vWu_!O{3zq1Z=GREUzt6z!ZVS&WcZVcNxY#s$9gjnG zF;`H5vxW7S)KU*-HoV5I)O1Bxs13Mx8sbZ_;UseKw*u1^w5~|3&Wuce&<$Nf zIQbEWQp=l%M3IF0en(YkXpPNnWO8{ZCSf%`oz;@$Saf|XA{b7m&t@jmve)Ar?YwVF zaU?IK?<3e7;}eWbdfW5z4YNrXQ*KC0X?*K14aC^E!j)JFW%%~{)PM&LC7s>02_QZD zZ1l&{UubIV=2YdChE?u=c zmESauv-lus78`2loLIqx>6R@QJPKF`cpvhLg-Nk%a8 zj3`EhB##v*x0of7AGFBg`|%;VXdf7Gh&XJCwj&dKTbl7zRt9)q0u(^-T{*gCE8#gZ zG)b}T7O^qA;?aRSo;u!~!imlod=jsilGbn6`Rj;eOhGLSZZLkPdIA9HFjLdFLpqWaO;Uv*+uvDh}%}K6j`ZR836C9k3 z9eLp%lEdb5$a{hkFnB?P5`RvxF}tRbGky23i9gy0e1faW;yw$Q}t{{#?EZG zsUm*s-zEOE{-;F5r@{SBM6_Se_+4`${hvblKX42GAW^rJH`f?c2XzPKK`?&O(qeN) zuZG#gu(#Zk)HE7%c``H#)u5#!CE%V)m39=S1C4e7W_dB*bXTLfJPN-Ls`kJVOXNM%v^}?|Oc= zR8Z1%YRZi$GDgMP2?-Hra~{AH5Z1@~pB93p(lwCL8vBOQo_ zRbQn;H?%HQaxs5OIPJpD|L!ZU~z#Ic(eszpE;i z11kuRsjMPu6gA^Nxh$xNp{aThl?x#iQ9yR}N*T8KFo7xp3LPRj7LE(if|jvOF!12L z1>fYI1KDLjc4>o*%qd{s>5m*pz#vuz#}Az=oYByj++9xZP44@bKHkI$W%1Etwl~bT z;cjp15f4Gp!dZV-Ij(6y7Ht75q_a=Ev}b@m73jv%9W3JUxn+S8ZRMkejROT866wI8Q1LRR&w7q_VR)Ic`(_&RGv45K~`dHJ{4Z7 z!RxPt5v1Tuc-^SlSUriqmY^XcfU;nibaF;B#YMXw>XW(=G(R89#fX%nadKlRX(`Bq zpnxIX7G4V46@!HK8jCp1?zB8CA;SWxoX6@hfTB+V9$#+e44HpxmG6AdKZY&}_EARQ z_EpMLFk$_>ISBsj9jB<-hlVnsU%YtB}*_p%+Ha-2dpgz4f`XG&@MH3 zmCQMP^GZhMExMYoco%tgNr7i`8~)*zP#Ma%I4kMZ!hB`JFVjsAeusCx|EWX#O=joU zGk9!l?5v+Byuy6{ZN&eFZsQ+d9%HAem{0F;xQ<)#F0@>sfRE}0%IPuG6TEF&wYIc| zzB}I5A{M_B)KHHMWJ;(S&|HDiGLZ6R3O82S=L=*5Y4CWr#6ndOLjz#i7{r`AI($arS$DAQQxQcD53I zL>rc;cGk^6R@E?@q>%Dv7cUV3vk}$bVZ8G?=0@1iK$(+z^Y3r~htk-0* zCo$aO&clDOQjbK+Tgo>7FhnzP&}%Tq15 z5}Q9+=1El#Ib!z^nB(^Hc7qU_vMB})ioO*?j0ZFVpcz^W{t>Kt2iu%bj#e+Oc>--5 zSNm*X&r~vm+Xp&!q;?Q^b-*kGSrjX9=@8(fv};+UX*mnh*k?rWHh_=VlnC<d zpPc*`y)3sOY%S%C%CZd8T9;~^Do;}^$>q+Ao?^7l`rlaKjI~5HP6SXirnFis%UiK? zPo9lIK9U`09nB?_0Z)W$)}DUIC~po7#G@JR%%#?*FGU4%;8Wgt56O|oN9|O{4br5V z?!SgrCKWb(@ap#Z(d>lHwJ>|Z+-=VI+LGo;A$YZYcnmx)-S`gO4Nl_Oa)&5j(MLo!UMh(3TNXEw|M zTC1LkwJ*VzW5aamw3M79-vu6I^1zA?^(nj=H3u#nh7Jo%NH9I&pebWnv1rO_A;%{z zvVB4#bX<;;mc#X~mc<7?Ds7XHUuGWa^e6-&ZJcnZ(_TPxO(r8mvN0VYxd@4K9bd79&%{c#9bp%F2 z`SsARTY&w-^{inGj7 zz1eeh-_Zr$p`x<5@AIxt*ot&$L)t(t30EqNe}wc+vEo?H8f>FG17yYL#bO+jsVqP0 zjxzG%Lainf$XMPBggE4_dm#|yccCQMf@J|n0AK%5FitiA&k8Ys#59szQu4;ui4usL z;prCN$Zg_C>!P7@hh~(S$j@4fpIk`E(83{?`h5$Sm_^yAE`Fp)WJ}O+ytHe7qjK2e z&OnU)J#4LeXVaj?X<(>Sk_N=3NmM>#v|sTqw)iEXh0HXj8EZ87&fV2<^K- zI2D-9=hMWGcv=Go2F!LGf`Ska4(Z)vkvdNNgQ&h-!KoDX`!Is)Wkz_O7%IIS?@j+qquGBkWTxAM#Km zzX0-BeZ=2q+(9TN{G`CS+)rZ$59~Yqpp7==?*Z|iVu2>8QAXg`&m{j*Z0lRr zgh6Xgz8cYAPHZWQkyfBF8_c>%LrZ%%=MIXwoTH}lmORA+=pws6KdRQ*ip(h7W=%R` zeyW9StJdCF-jiTOZTmA@>K4~!rco~i~E1jk#AI?K*aV?Qc7MBf>MBk%mHPy~VI#^-6*K9md%&AU>x(X+hBW-&JXvUrZ zGl`R=WAJ+P2xdUPDOw`8nRe0huXpvbXWroM)I7yo8F zzeP)6z(2(2?B+|lVG<$kdy*u0kVvaGP`t(TiF*0Gjd&^#@067g%4E7Qy66)?4nm4F z-VW-{cvdhLmwR=9w|HlCBu?Hwms=<8QiyF(xFAH(vN@u!g}X(@YRolZOzusBeP8O< z2ErB*3#xF8xC=M;eunIszjB8~1D_Cz8@2jy0>{e5V2tfHdrDZ^Xmn0rl`AAS1_w*B zdr$*KmFLSi{GimAHa5(qOwLfx>GP>vZ&E2TQr?cB-68eHc}+8Aq67r}+;v|)DqKc{ zko;PRl1t35SjA%yG(kyoR#7h|lyB_H!=2Q_t<>`ZOtgk8*-AD6|je+>VHSNb#1 zW|R_F0HQA{1aJ%N-;}NI6Irb%j%n!=XcU%_N^O~Ap-xh{Nq&@ZXm(`NT-OCka`j7^ z#tbWY!b9bn!A4wQCe2rT-C};Xm}?Ump_L1ajDNc0pA}G2k{qVyn_ljHCV^^9y*Kt zWNqzUS?!ajmD#m$5f^(y-Ha#TUCzErWw*K}1#Nm6^DaJHT0Y$?=phK4iPSK)Ceiq# zZcIa$1DV{<$c$Ml!=7o-LU-8bUs^@#Zl^-5M0)W`9(fWgz12>A1*?4 z6TY0dbm~JRQaki2>wFcfLUj>ip)~=!H{%ZNiZg+E9UZtE4qYUQh_>~}hC@cv6atn# zpaJ+Q4^-zqiurXm#$0Am**dATJS9-jE993qt#5%^N&0%iSIt@6WT>_d<11ry3_Wfb z&sPGvH5os&xf)?>#h{MvFGH1afxz?YDN3@G37sm{pq_HTL;&?zQUjK7pv?Rw&>rqs z*ekbc9tf-S6-}IWH)LvkO$kXZYK2<^ zYmisF6%%Po2DI)CfQ7xrJnRvZ;Hnjx#t|odpMbS*f)DS^DHcJ+ILP4wQG*mkh2VC5 zwDvfxa~(F{mIh?;DmuBB4&=zd6mVKL<6~%Lo3h;V(yg@%K3yMtK_H}yP42iIn2wHmWSpKcHX46K8MKoJ)(EsgV(u zH1E#5awk(U-_mMF~TnpY8ZE`$H|=10YT7YDW1RpPFeSqyBfK4 zUNG?wX_>2wMt7^1?!u}Ew_Xje9%jH|(I3g8Kf<*fyZe~%Zdk@IsM%G(D1rH+5V1~w zSt%fan-=P=%q6^_XI738Omk^KN3nRCM%MKf9)~m_Sb$^H(Ig|>D39?T_RU>-4Yy+; zZQl6W*Y!fgW~ZC0t(gGv1^0a|urQEHAMy6OEX#$He+Z6Dg}AQ^C`<3F>+6r!p~PDb z(&xa~Lb;L}0r)iLr(V28oN+!oGIs>+5^#ixesxL|mx7!a0aUxbYpDmm;Kt>q4E;C< zLX_-|hx%P%PDb9#9w9#it)rp_b;&D?cN@%Lj0{L*)v=R$QU4au(*7Q_%yi5Q41WXd z_u;?rN`D60^cG3@u+OKaZ>m6&ed}ol7O6H73P3opX>eXvbsqaJhrC*A=UnmH zmM9VQH$6}hZWozq3_tKM_V7ydJKzLPkOmxQOf8;2k?Ggxm@EbYoPRmNo)08YmW{n} zZKG&kdkGr>Q++ZrbbHeyy4C4N0~w0u&bZ&b(g>T}7V5tdz~XCg%hg-7ij@2UJ$@wW zqWnYEJ<-I-R2Ql6YAQz(cvi3)1;Oe)YoW}%oBIeRgiMp#3y_fvk?>%9FPMz$@m^#H zl?W!V_eor!x6DKf#-IgOJu-c|jw1=TQJy%dV*UKy^C(4MM410H8{ zf{!R7AgzaDd*&jsQW5txO&~ayY-V*l(E+#vc8r?V*kE9?My5z);xR#?Fe-R{vlba` zzio-{2J{yNH9=)#;%)%gq9j}qior#s($x4@~TTd2sUyReBO=g(5 z*vmWhO^_CAtXxtmVdVtp8C3}UT94>@i7znN>H%-D5NdZK7g9~njaNcIwk-b08!+Ffi7dzLwA*mQ%>!b znNE?;%T^(JwJ1!lR#QqF{Y1ztsE?|gh9l@ZEA4MDPE1n(BW_b8E|aZC1m`>PHW~3{ zPG!edw7heH)`?k`ed(ywZ6c)A-gbTBe7AOk;e#`kDLKS*$AjG2Jl(IHrK1nz+5Ccy zT`>6ofJF2nK&myL$O9ehBh+CqNrvu(mdL(p+Hz%?0dOVWl9`&3p;3`K+kvZ5Q!l%( zcq&SL6^cY>jI-iQzv*Yw`ZIDJ^{Q7VRGf#(daDI0Z#sk$-kYW3fl_cFRt3W)WxhPg z4V`vgeOIF!s}tkXAu^0j{nDRabF1@fX3ymrvJTI<(fAHpa8>$2?N=I=bbo{^$FC@Z zM&Yrwu=%B;;Tz4qiM+#n)4T+Mga-L~{5OQ;8j|ITkR0)xjJeyb_L@ZQt|^csR#+&Py!@!CtK@7n0$ghW(=xzi zVQaltNJC+x-69;R)ras13rulkjK2tk0;7&%e81t1 z`{jx;5PmiFKrVxsFw-C8#VbL#D(re~a(%La+O?>Q>}cSGdQ0ExZK1tT$@{tGAqz0r zB`E6@Pa0IP7;ZAyhi*FwnQ7a^s+ZJZK#?Q%-ATA|w#kkJ~V$tzVWC@)^ zz`jGojmG6SjL6FYEq|2@p?NeG_t~~g#ZaeqUZ*o^MqB0=;ijVO}odBC1uP|m`(lUSm<~E=tc9Jg6O27@F>pUgE!A6?c zp{^0!&yw^C*5-~VT3fj{tck@4viFynWmL5v1YTCbu~e_?E)tLAF6<|&CS-JjFF$P0 zPfaWHLwD77R3jf(Aw0pNR9{>y^fd1)=bgwC7I5gv_Mqf9`=t(h#~M0Yy$@W2TH8aw zG6WwoNabEX_wBp>~RL&k>=pOD_*7T@9li>SsOi_!@m4`70ODKqy-u%XGw0vNV6C3Z1kCZIz;;STb zV-@@?tv!txrCv)L`}W11eI9PsMaTVT=Wf#iD~Y{9$0p6P-sSVT!4`M=9P?=J6NX!Y zqP;NdbnfhB8kJ)|G2<8&UcP*I6znZPh3@z-+n{8Th4|gIG9*&G6;KE&vw_EsmJU_EcKQ!f9<{e$Z%uYUQr|lOIe{Sir86A zR%p(7*d<><-Y!8*2^WAiYQPCl!@U;KHhmI}vk8;7O9=>(kD}iC0%gz+u?(}ej7HNu zpf-7CE~(Wv8=-r<1x}15z6cn@%HIDW?=8UUNVc_MoIsG^?(Q3RcXvo|+qk>CyAufR z1PMWcTOa`f1lJH8g1ZI%H<6i~Idf*tz5ltNJm0gQrh9c&cQxI$-dd|_$vuYudh@jB zjJAt6v?qi8D%*riw+&vwi!JwM!8Y2qOy!gkt?MmRgz% zWGcTHQ2i&CuK9&q)PB!-g#aULYh~zY_%mA-JOZaUgPKcEj-w&5xQHaNh=sMqyBrG} zVl|-ELqZfw3u~aG1+goTSjxiF2I%~a5@vjt&B#m%Apg!&1P^yG1KmLNyNS4!p_7N5 zEwMb%(F*8k@muI`1frky{>tQ?6~GF3SX|>~dq^nC@<6iwAph_Dr~Xd;S~(L;f>tIB zF;dg>e0+ut8&u`{%KKs>(yGW|Ae=MY%eu)z+d6uCj4 z68=_6T>;D zR26^|PHfzAG;Dr%i_GCR5k~1g#bBYtB_8QPEs|(6J$d6hdYuXUOI?$;?j$|x5<#k? zSi*5yCFlb6*?}+Is-4fXqt%R}D621gV!YShXPb(s2TFdac^YGS0qf1kv7v-7_(_!f zT}P;-N393`h1MzBuJxth$}^&reG!4C%2JjP=`@KuS>`ycfl6mdqOF96MQSM0+zDje z6%WO2>yXg4(&CS6SKZ6CRSSH|`vYj+;C{hKy2{DfXb5i@i{!p?+jH2ZeqclpQ-Am2 zN*AJFamplGs}>x-tR7wx>;51?h&DD)f`|F}I?Bypi?l}MP1A^Bh8@s)qkBNWMfxtT zWF_LA*>si!ngX*cFL`Y?3NWlPW^*T}qZSBX0!}Ga@CfjAx z=J3WPONfHGuf|`F`5q|eZYa~KCt_f!4m6k|naW*$b&-qzf@uxuT-I8&nwER8aeC$>~q8_>0sqKlL+cPM%Zw2Jsbf7xK6_ZYrDjGf$F$C&$lV z3Izyhc6CQb%DtE1o6Rgeq2{HXKtIUe*9n1oEAe-UdG_52>!_~N?2*4_29&xXN@V``~r zhG+tD{ub>?lJ)GOV_GfzItR5Pl0&@eXfV}qpKguMdBWk-?R=L%;;CASnUX0#@@myq z$-jl+804WUE}UWw zv8?xZ^ods9GR7XgS~-1wg-S#`(^-NL@-F_Amm!t%HGR8W`OfRH$o^06XvlKJ~t;i5X^Q= z-Lq|TN_)^{pt-ol-ubLyz$+v4P@Jc(IJ1B2;&0;LUVy+MB<;Bq*K~4b1xVrj=Z=79j~H> zQh)6@(4fJE^QZ49Ji=p;uw-GVYG(@s!S4?#3lbz{{eJeh$tc%v5y-w}Y20Y3QjC2)qS(xsbePS+#Zm0sQP;{j3q=HGav4fA9fdwIeI^_ zIpu6v-|+U>j;;@ks*-wB0X7eG*`<}&?+QC32GRwTN(w}fr2sJF{WdjWrM}=)b%>k2 z=EQ@cy<7NN;S+SN*Sr>&X4Wnn8)E{i$)#?=#=(y!b)dL1Zc11lUm8CVm#JyGhpSd&j=Kr{q-zh`||$i#0dX?chtpR&Aj%diO!kv8y+A;uAw|9gzj( z?)Hk(5dz;~#fd7zA^zE(H8;1DKW3jwHQCUT!2D-E$=nw9$d%{jQSIv;j{9R*MSG}w zH_x%lC|&2NWuFk^kNaV|G3?p-Ur4v8LbvFe_fGV=U& zT;L%byVQeR>gvaj9*>b9PvNNL)HgPM!HRy!Kxw7w9TCm))^?Yl1dO{s&wNEGh_RZ7 z?t~+^f@#gp@U1c&w?LF?Q;XT$ylRu{Gmb3Lb>by{7K0E{<%V9?md_YWh3>_$UI7vu zP@$ha*n3mxd8-Ss*w>wi>U5qR%xymbdU=lc<Ea`M_oz0hu=YuK$(Mom+t(V93! zeKM~I(Sn-DWHcdYA?l4db@S8(JUr_urtCs<{JkW21dQdmeoee(EkrRyct@?IFYWB) zmAN~+{CAKQ1n~beivE&C<5!{dFzy)_SnXL{Mk>PO&Xw0otW7l3Kk&gf0Bv8>F;XBu zMR;_7IF4YxmLyFoC`M)1VzUrr`muBn@#ZW8X59@vVJA!2E1foY{r-leOZRY%NVCDE zEKeVT@_xGaLSaGi@&aF?(^FB1o|OF%=kQl}6n`+2aA&gv@>_q&pQM5S%S zVApfygCN!Sp7%%^(u{GQQwSSWYOC__298EU39wT|9ewFmdp$TC<#H%o@9daYY^D1I zUHvH`DQT8C&d-TeSF!Bbu(FKJ39WX!G$3+ zs|lm6^pYTDFA*XxcY2A2#J`Jt`W^`Hu6g{P3>kcuSat#VIx)nBR>vvE#)~51!@hVG zj4asT`0Hm%b3Ea^G@=rEX>@8IRqbMAzNB7tI3S5cdEZj!j!1o&>j{u+$#+Vk?At+@ zq6~l2Nj}`troH3hv-K!8l$GAY4bGw{;-=O-kvcZaZ82Ale?&4R(?Fav_LoEzAk8NwioK9 z!tdzOP`xq+j-22lVV+rqK9$FwSVN30%F<4lcO_R6d{28l+mKm5wJ|cgi4%q4AXVA0 zJ@YJlBEAE&c6O`cnW0)Ae)ET}56ex&a&bIK5k*}4gyeN5P;Hr z2T%xv_P@%crKb5yXhk()X-#1T22tUkE}DBsDm!OFyCW08cj)3Bz!!?L6xsGJ{uQw(Wg1g1K`u%y@TN{ge}%E_b;pjuyze! zI(WY)$iI-@!l>t)$}>Dexq!AKxJ79n0l>bcsfJUaoL|i^O|T?-n;;&pv;Mr%p$G$~ z-`fRc(B4^*;RQj0*sTV2?p;f$W#5&~-d8;qQuR}cn+H;s6qtk8yE*U&%nhkGIsOYfq zh1ulu1m2Qh_Y}%Ptw)!1&UIi=e2b0fv73u!G1g{@tOT76W4noc?Qk9RG|+YsR@n!w z9ki|5ol0@S_6}h+@(oaB!38X@s`jn0qH12>Sue*&hnJ>Fee9DTIDr|~w}cmYO-Sg* z6q~z|hy-&3O*%%o%&hFgGXKMupA10qU-ISrDT?Z|1-Krh5=^ew&q5dnV|G>L+AEh_ z$VsyIJ)WlKk8qfM$tt{!j%Q5*)@dz*Ut|H54xdrahQ+#gYyy*#^z!%Nv9_E zx%^qw(B0hjjYeL?w`-ra9_2M=^TYKjUejMDxe70+EG=t}WkI&OW#47f=v{Ov8xSqb zJ+5JJX%Ll4`f~2^K3LcPnL+Z6`|~)yB;`G!c-Tb~WAXt72k5-%WZZC;BT{G5s-of< zR0}zS0*HOO-3jBw$9nBdu2uzaC|lzoXW)3E>-)sNR&?deHfO_vVU07w@Rp}E9$@j!P6whO|=j0eFg}90=u&0&> z%&237gM3-DxtB2BWl~=-#gMLxcWAxV+;BvKvW!Hskg%`Yo-T8M3Ss;#R?WP7KrNAK4W-Wu%pb!fG_H-;(jn)ZE|?mCb7(pOcMPuf`6TZ@bTe+(e>wLCDR4|Yq!iD* zlz;P7%(^Y_?EqwZv;Z1d@S==V=PD`u<`!oOw%lttL^2IODEV2eVC-BZKGp%wl)OjTZCCv~D6r;3NdsUF6jaJ0S0BW@qzoq?; z@TOU#LJYQ~ud;BvpmE0RI*)TMy=oyuu9eCN7?P05%HMY(C*F_bW1OkNIpE)mqXlnJ z>Rm2{|c7*d+Q$)wXLu_JOcu&YUdhd9b@+e@X%KIan?;pkacXXx#Pxg0Z z&D*lVyP0c+jy8wSxmq&UM*Sw%pT6+Enm9pv;gYb{tip)nJ9;*xg>%ykbAGK-Dw_`V z`SNRBlv06$QN&>w`BjieSJ>4g0}ZW~gQtn*G?jrd;-`<&XE8+a5iD4jPNI!tT1laX zQ_C*!+a9K_;ffABP!v<}TAoSkO|n=*$gkftoh>NNFV$A?qSzY*%ZS>h6L-=$z;^<_ zBW57P0H{aw0(@W|(ZPWFH!L_flmoyHAor67K!ggJJ3HI+Ffl#Yj~f~ryD|cum`p9K zfrchF7Pd^nj>hH|u69mL#y@AFOhAOAp@ru|U1mmOM`r-hZ+8O^Mf-6#J7XvNpSSx( z_#F$YTV3R&N>V@9*bZ3d7>p(qZ2Rl^hd;d{5Zvke+D#z1C5SKuZALIqpc4-h=1(6c z(|Azhi4JHBFD}%9taex89m_a{w(2+P84H)CMawRZT&>r~h zKIWi1ID^@P@qjUbes14>jNe)^26F`+0l}OAfZyH`I41d@bOLLjnT3qh|%u{>TGJsBK((fxc)l>SuJ*fn5!D6uC9vUYU zj)hPhfvkO;NW97Fy;%NC+D^n7e$!Px#J0&~ot2dmc04Gsb3v_`ZP7OU2!gV%>cR9C zc`*37ek$!RXz@C0XRP_^HuFnx@=UKOwW(ad;ChVQXddZjKdX4-TbZKWqbp;J5JEDCw$!Ffdw5se&F?u?28%B3YViKM=cY`l!~~ybx~ZnC zzuwLI42|T(Jw|`3oWm5=&Bd^=88;OZR(Pf%ikVJ-TBuRS)@aDt|MsarUT#|6&9j&- zl=D$!S#>rE+Ne<82QA44G_G5Kv?S&4V>=vJVq^HH>c}qRKPpQqzl@=(vOj~D!J@&7 zI2t-X^mSLmU&1bmSvXmk5gRf(G5$1?f<$`)(p|ov|E9XAu>8=LIGMQt+|2CXtOMA7 zCI3g-{JX(Fzn}*UZYo5V!3O>OZMRc4`&$Qf-+=3K38kejZ)x|9a*wBcbNAl(IWuVx z?gCcAP+P)n?U3~1=S(IO<+=ru{3b89%ro8(;t4jl*F>>FFg{nuxrw%WsXr(8Q67?{ zU}lUhNh5VY4gn04Pak)vuh+V`a-6xOb#r~$bZYDxvQ8M-|D*~D+W5V{r3K)2Y(M@0 zk!mp~#p!gJV$K?KL70neJL+b16AImsLD;vV*G*wSS?yXc5gQLm%lv(R&s76j?(+r| zx`rvuLGNs=(E*CPPz7>E4Fq@jY;e?Kx)N}pt+x?DaPZ=Gr&WCsZAwtLDhh%V!Q&c< z_)!s_k3zO7mG|$HD{a$)V}0zhBmEJjZJbuT5(&Fcx=wZ&q3vezhB;lK`s%dSuu29# zyAqAyxNg!z*G^@!&7{s7h9y9+i9KTNnrnIloT#edK-_8OYDQRpk-ZaR`Z;}gDnj@i zDlw9V#>R>V|BH(cgagt^=a;qtoX=SXHE&G~-n@p|@81Y*$}klw{erR=APyOIZuV@m z3kId_^RPdJB2dU(M^dTp#RgG;*P2+Vc1Xs`g4Sg3R~|7_*)>6TGXYN7UgOrpg#P9hYi>v(veXg;F%B@DPat4}pz3FFZhK;;EbZ^|P>&Wa5Z^vu&T!_+BN-NIimftaZU5`rCj5IXZGtpV-#Vq(<;`asgJyH>wF4NLmw)wc@=cMP zwnP6WbNeP2j8q=(%J$d-D)&>|dw--rmyL#gSZkz%d#=E4%xt+VN-#gc>|M)d#69sbnb4$D*OmCMkW?E{g>0&10NFT&i3gyu;R8 zU#*ZvuAw#+-KK%y?x6^t0whL9e#Q<6{W)TvN~!W)+HC^_raO1=o+I1qu+>Bkc7|Z@ z*m~ApXyw6nl!+vs7?7r|q36NAP;l*x^|>vi=#|{NCvvJ7>@M1}gO7aye5({vUy!Sc zI;b9IcoIawes;-jiEKe z)7XP;Lb%FWQy<}`fY33UY=xF)hgxu#UIsOYv1?$?vG>TU;jANR&y+bR`n>~Nm;%=J ztEhw+d=23$QcgY2V}jXH21F(c<&t*O;z%CawqD%V%jk#gJOoX{+OI9|>Rw9_=U)@@ z+8-o6_lb5&J$`o(VqZx^c|!;#fS)^qJfIR}uIni5~8nZIoaJ@Zw*hw93r4E%Yse}bZb&)>z%fJs2W7$6`l zHy}7SARyGw+Qjfd#x${T{FZdfgVBWH_Y8ZY3j9C5BLxfK;Y)&c-@YYi&-!pI4En;=o0jz{9@vQzsac1Ku4gf-S^dYYYQi5fJClXuE;;ANxwb- zNPuPfLF+q$+SfOJXkDLG-`G%}MIY#@|Ip?)G51dlPuTXnwD<~>!w+y#Tws}M@A$3= zl___^&S@5wjward!)nk=fkM(K6( z9OBM?TN&*@a;#d?O^ub`Itdy;}VPmT*28oq(_e?>8(t`K#1$|C+OZ zrVv6P{MVfQM<8KkXXp9_NWPK(>E`|pMaFAnhCL+@Twah}@i0v(iAS*Wytn#v_X*6r zbO{oLfK%yFj=YR{GJCD+XtHq$vBs+fW%pfL{u3!FB?0(F3H2x{o9-v_hzTm9Ghs`* z3LNz$AN09}p!BtU2MgZQl?f5fas*FFog@;nNf48F6)MNd;2tOmTIk~ViFfyc$0_%d zZ8}!fwQ9imp$_1`enk@x->*K1JYI*pC&{iQvzO@vMKbcT4FRnl>;t8Bj}=0)R!Z`m zQpVAJ5uGV>VLw;yA^}k&9OFsJrkP543el2;z)WHH2d#I^{+m)6Ims4xIG<;nyaPU@ zF2wHDvOoia*)}$AHJ{Y$yLK>DKS6x=6Gd=AZv^wNP~>(Fy(b5-K+;Ai!hKV2OeVc_ z6#UO9GX4Wa1^@wlfB^qo-(2rd&;JaD{I}pkG*>uRFqHql1s{Kf9e!z_0DX&vnLZ?* z{`McyQ7yvJQw+qwD{8g?iZ7Jjn$Gyf0P5|Tw^l5APwYPtV}y<%9=2D2y99sq&5`eD zFyPHR`9QFuXFgMqm9{QqFvdZ0H&WM#HRoL5H?dg#9HPR`%8H(X+%XThPocHG!SdyJ zv0VDzzPVsNyv_Qu&zZ z=8xJ=yC!N%Hlvy9*B0Fz-O;UlA;nhkl!!}7&kd@4-;<|B8tNy+nkK@9aSTPhU=TQ0 zo=}>2M%@;4JV@=O8fr5`8E!wloiHTO^r17}R_nc_wn6`dn~ zMA|FQ$@>GkEuGC2BU)yZyjvBuD%^C&v*xdK+T*(*of3sMaH@B}MA)Aepk|7!A+ z#Zd9^TO2=^Fe0MYc<@f-+D*VEdbK`-aZ@b8cI0sM2)mKn7NPxv=>>_+=YB?ktF z!I=|hu~$jk;RtaBv})F@5Y#+LiG@`exVc!FIapa)IDdgSLZH{ zX(;MumLn#biArx7C;n|9U@sV(;IvBT-X0BX=k*z@r|gvaC3K9eMfF)NHHQv*kFt}z z)#D>J*iTs8)AQ6`R%baUj9rRYv`Ykxk!-vC(G(-#bO!J5FTx)_&UdwT-bOM?Wqh%qg z-!%LM!u*aXl8r<6>vsE>HM>j-NM9+cWBIJQ{~dEoFk&)ccBuHbLPiD$E9`R9f)y)l z@r`+Qu2-0tg;JdKTk&s?`7YseW&+k*wC5=33ro};$XU+&9v`<_UM5x4z`oVb`83!U z`Lf;8Zdv-tAoH|;OH1EOK9Y&%cK+GhGG>f1V$0ndQgG_w&_;j4vO$z0zGKW<$*h|( zf0CYo5lMUDybnP*kLYcVb=@)}(a|P2@DmT$VL0cDH{xG##pzh#NrZ}u=nH_us;cP% zeJ&!M@-o!4h-gI7sosVl*N1!I@+LPB7?jj!exb3@)OwNRDGI=YoHptcDt>umvL-W~ zpbB0}9B!MbFV-|*5Wu!;H|{ehrN2`b-^x&i|F{BwGT)roA8P96bsSTR3^SrkDE`h0 z2My)f+)U50i{Y?um8-Fgrw}kH?2^zwI&?jBDh}yJmEK?z(-1dbK-6o9+d$3o>^OoF z+&oAspLMezDxn624MkvkL==YzGASP6UYTF>RM>WTAh&&|-+0JoaP5-grFqs~n{JxD z7~&fw_W5N5-IiSC|~txg?iM({bkO=Oo}O8(?X!S?DhMT7dxqHj#U)7PAu&w>X)o?Y-9MK3H76=cJaZGj{u_!%J@H-7n+6^9$ZI$iN0at+KpGS{OhA-T9x_+#@i3W>( zg>*zWs)pgiw|r5DBVuNx=eCruzWZj@0&9}zmDrxlyX-YjD(`id>6Zf(Uly(4KOxH} zDU{|8c`+V81Gj8IY=jN)jpD-N+JM(g=ievUEI32J{2aB*7Mn?n4~BsiV;(eSpM(8q z2*rG|-%4euM(Y`foq{ob=Lwv-?t}j4bQ&vIRESQ1*VCqMUJ#` z{t5=R8H|kIq;C!$|Nu#%BR?{j~9p>diqPd#vs_uuXmxdy+Chw>1UdVAF8dn&-;)u$3f=4_fX>)!l zzwHPq{i#=;9Qdoh`t8p>K+^+C|T+4wm?No-0eEytU%Lg|PkpZc9dq zfoBq#C(Rdf-3yHcmE8Xh!m8?%oHbYTsBqIKR$GJhAABS}fH_Xh-YRtV^TfPqID2!A zfhSmA-07(M91*8q51LLcn)yjf41eB7xdzl)qCr^kY#(SSHT zQBSyPl^fD*hU>dndV+%H$z7JJ&X*Mzqn`3R6R;~%7o@S(g*lcVV{2**P76p!$aa#o zJS{#WcL-@#SUppkEl6Lsy^8_&pd!OqNX+trlh^tpD+SQP-hj8+h+7(K*;w?pB?;^@ z=a#Q~{?ycHP$pil`-%$cwFicC`e1t{@dBj*{*H!nal!UlfndqK;rx-7yfq7%=zc}% z{=N(<9G|Yk+jftuw_)Z4k8gD>24O}reALou`?+y(Udhsmo*3(DJzZg1C0Hw)8i60l z?wAgMJL>PHM67s@sge7jk6MAy)eHnTia$aP;t^H8A^u7}&S7=Ydla4f?2pz);{TXw z0~>((eH{?_n+EqwD25;AlaJBRewIimss4(y557zfKFQ2%fNwM7AfWx0gpPxqP3u3^ z%-^Yq@07f#f+Ya@hg>2*JOph>a zSdY{QP0BQvHHV5$N`epojB)ai8b;uUDEP!pzVc!}_obGMV4g?vFd<4G({8@=Gw7(? z`NGFVW689h@L2tR*Y4>gL;r%DsY4vXG}IjI1|jxp8x2J175=hzQ&6d}R4cAS%on3| zhMJv4@8M77S|6B?=w3A_xf<@>NSrt{-mdHl$ z6*z9ZGL~lw8AE5!U{r|SW_eB>nwJ14%u~0#dVF=*51%jmxoj1(Hync(e*!moI>+Q0 zs?B$JQ3WXfwM9$wl>>!Gl%_BRN$6vTof;FQC=#<@@aIp9|7iIDdfUEF?{C?0d@`{W zv#aS^W24dU>2v2KwYv`j7+yhdJ4bsIRfQh|aKCCaL>Iw(By?gJ){M610mf{Y*)k))M-UJjZ z+bGcE`J3%l66YWo8BV6%i|#RW&FRw6h6q*w_d}7PW8(D}_j67=_6e?^uldE(1-m~% zvX)joz|aOt$mqUmzUFZx7&@m2Crle8$)o{C1ny|go@l1FNDT!%NHiS}7JVR|EBIm6 zrwNaeCepL|$AA$4t6vyET8$YAfbiYD4_e;B+R&Dn3_$W-@W2%|b~dyIb$eAtdq!bK zCIBldI~O|(fSZH!m-*hGl^$I2fVR#*J@bB*dYA#+EG*x{2!1pF`-S{p`!Ihe5|zB~ zDWWN)KUl|pSFKcFr_7rJuhsuniVOZNelE6OLVZ}1kl<$mbD~EF2L1=!?4p-;Z336%1< zk}C#~yjw+vxJ*ixByPEzKpHo1`rP9g9Js2g=JEMc=GZap3&uCC0(&7g2NWpBX}BVW z7cyy^QLmrCUI7DY^0|jE`0lZ<-ydm3JzIgO@Jbv}Kv#SwevY6=tzW$V@5P z@VJ{+id{u=aQ1#{r%aqo(xn*53bVMOlERajRd#PVoVo?*jslpRzWSjxqG>D`M9&mw zbwqRAnmu^!Cn8tk+B9N9l}5>%N9 z=jqFFH{FXk@#3;i?uUTj82M{R`_n7_4Vme&mt$C`L9w)4_|px7@C$Sksp6TZ@JNbi z?2GIK6MHbseE|ZNlb?BUS@z@kQN|cgW4nzR$xN%w+U?$SqH!C%%x9xWa#2|*$*M#O zi%@Z}#N@*v2)fLm0k)qCX3QR*XoZnD_{$G0alH_1xmp6q4~LEepWtARra`=>a}+VJ z$Zb>5n#1m}dLA%xo6)X^AvJ`8(bP$!Q@0s@A;3}9V024pv|#W41Yb&fuC*=$c; zKu>dV0#ZmWpm0plxCBlF4*dqK?5)3(B4ek}EQ*)ZwkJgA_zpEVw25!V9e^Bvlo9Q*kHfI((hX(#f9VDrmbNZ<||8ncqm? zK1vsITVmeV3{Lmj+L@ryDdo$4LodZ4m>gJ*@0-U__$Qr8*%VDnj}|yg?>UP`ThvVG z`>E<>6McdA;|$A93ax&H!X)v+ZpGY0+u5r*Bc^uHyDwdRJFGBscj|j@64jXKP^c(4 z-Q|=mt4{`>>Y^W6N@3i;g?;ln202zoNurj&1N^yS%`-Jg0X8pp8;vAJr)^Ve_aOrG zj@&pV#zw~2WAwnwz#<n0#bezUsRaI03zST z7hWl#wKdSz!kAdt*w6%M13ECYH6d03IspwGjm?RrZ9yW8v&#b>I(_q^X8hfI`lm-X zBpT;` zh7^HIdRjGwp{8KNp{84M7CoT~&%4^-6W0B$V9)u03pGDneA`>^Jr6!RJd1%Dg z8)47Q3Dk$UlnrEG2zl_K5olBC>IzGGO^D9Th6<%yt{L(evtO zoIdUQC&bDkT0sX%%@!C(Mp-%O+<|!w&WuqL?;d+G9rnS`@q55$B;glPJ31wZW|WM| zhXgm3Ime+3_0BI;2%A{f;kx5(6Rt0ipl4Q(tj{ z$SsND=Om0VZ6*)sS42f7>4Z!RrLfT* zC#5O1&POcU;fK*q=jk2n&S3K^N9t3+U%pzKA3|*JAiuNzV)YiW4<=h7#*n($@^<~) zXd9aV00960001EW-%lY|HLHdvbEhaX0rQP~;1U9~RGIbJ;N?J;blo9D(XBn?UL;9T z6*>77_V~_mN=yxW!3qw~j(jK2i@2`(j6C$3IMy7*1JZd@ui!RuEEs;i4^3`taUZsa1(^j_!&m*K zDf-gtvog}z z!2bzIPX57%f|(b<{hc9Mgw24q#ukReqJ|)0%Fx!3*aY}{*ac$?J7Q`DX$fLwhHv58 zIXM`lX@16Oc#KB$upS2lNnlDYM%EU_PJg_XnH|9Ty(YZ|&f`^DZ{_bmu$Ht}aV1S8C0sH{=$ruSB*=-JQ2FF} zWOriYy-+-~eV9Q%SXq5C5Qh{4>#eA@saOUglmNF~k*w!S?qsw9j31f&9eq}My9`HqUHXrVw)flrFCrzLO(b37vHy)}Ndm?`+ZU)k!DLnhPp za;0*8zhD6y^IaMVPu4|zUhSPkN}1>eq9@ICuHDxvIUc*7*XoKWd5k0rSRsJ5&sZTT z(C!M14F=|816k4BvNLpX(Pp|o@%N>9?%VH`Y;;8dgPw}VoNs$;P>5?!yVuXaQ+d7>&zV-5*!`?1knHDqwu#~ z1i=1_*9Q$Q)xX)X{tRAorL+UV&*h~Wxz*V-{XJFFC$;WhJMa#2!zJrY%^kFZYwL~^ z&fNMa4&@3ju_bj3tb}HACdO;v&+pJculHp4vM)v=480=}-Fg|m&fbY5Vyp$BS15(e z6Jj@?)hd{k*%j94Y4~W%?XjPIx##EEG$ppDeiAcXg07dV$L8O5x!hB9nCd>tCC*8EZeBIwe9pZkIFNA--!G zs89FXc!PHJK~{ctUsVEz_q{@8l2(APHLa{Aw0QI}Ng;E5m^CmntH>aQN5$`KwEU6n z$-eg2aDLxLJ6p&#kw1y9_m6_vgI2Bk3vkFN{WLUyN5fYY7gd!1VTJJ1CP7q@kzP(s zjPa-H`WTH+6=>}8Akz?w+S%B+*#4@ziVA;^+r*bac^>f1UPr9b2L?YgHoN}S2$f-eJaIA?3 zd7%TR<`Lva7km-Qd3!M0c{GZ(>|8BW$~>F;b}Tb=RYn-#t=KW)o&=9re&B%teL;AoO!@p@2)|G9W>k)i-$q z5o?cU zcAS)kIEPq2CED?xO;s=fM7f4!Q`;$lj|KktvcRX0_>)2QbnY>Z50LPUegCZ1G z;{D77-K!qu$>+O{$<7vyl@N+kc1Pq()e+%kG4Qu__}$DRn35r^q^>pacF5}#N{S(& z?H$h4`fSC%~u1H1{iNE5%o(d4DGTa!FZ7r!Gox=bqwC*Z`_iCc1|$WXe> zRl669cO@HRdEZ?Q({Xd%aZ>4%Xau26GtOR+lp$(jpj&gra?cC(N?yqFYwzj-*{#*U zI&u^j;y(P%9rE)W0P|;S72wyXfOgVl{HKu333w5(zw_YVGTHA;YRRQd8M6?jb*$*A z7KDSn`iQ-_`On5czDYO!xy6X)FoZ{Hmc&Yl?bX8kO_U}<@JyRRooUomfdHBQq#84_29M{Ud+t`0dU!&82IqXA!0{%s)2i0o?a)EbTI+6%9E@9^Hg%eY7U33`)iJL8?dR4nCsZVkpS= zBJ_0B3aa(6JE*%EfiHThD6x2L%ke}gqDJE2WezpW zUZDlvNT>P5_i%EHyL0ywsv>#)$3_ICL40ZNzTy~BRRBq+$NAo`$JVG0N`Gtx+<76f z#$WG^p(hZ*zIx!n4iFEvfOzo71T!R*Smz(P(DxT6P?BRN1rUE9hH%tvEj)qFcEoBx zWAlgLaAp?3hq+wgU&o+_j_+dguloPbn?a)C{HXXd6|Vx&+0D+;>gVDQ7c+o`<-rZ@ zo3}X&_ctc}PX2FyzQ5z))oY&u$L6<({pew5R^STDwnDJYHdMNP7upQ9TD{8p<%KN8 zhGB1PkweD-5NVgw7Mgk3+`5(~9`C`QRq!#(aCwhGjmc7P66^EA<`2p{eLAU9?A4gm zDoKsFIw?1wAPap)H4I19T4C!Lgb#3BT*}`XTXuHAX`{{d!cc?4n-=A+RHuHog4=T1 zxmLv`%{u5BlEW=NR+xQ^8m)Zky~f~oR-wOxne&=qw0ST=#7&N(Kc36()8XKCEMeL+ zfk^{}4QT2;X%95nW~on1UmeG}Kim<`usNR92@NxYckeEsFktBtH7bqj;gnb`z_L<* zP)hk)qBfuwsw7_aRr=prlz!woGyr=~e*SJ~uO+^9C74sf<>IdVlhvynW zPWEe|xMR%1%}nhKXj-mz3Y!W6NP^msq`9c=rcY611|WOtXlWTzv6i^iTBXKasj@N{ zV2b;9xyQ;st?2UIF7_r1KXMJNA8SSt|R3OMf!(yf)5_xcc3lg z$0Ct)8bxHUpr_hDq!IjeiBw(nmuO+arluB-HsAX7FBT}joF!Ir1lm}D`o8#gW&4|D zFE=wA3xI{~yT!``Gkz!kQ_cK~G=PWzJv@vo$dNn`_68olM9&Wx_(Mh~nUp%P{Of90 z1yh5l+o$OIo3S|MOpH<+71*Ng6(gM8Z8bym8{RS>1h5S?Pa{8@$5ulXQxyKfOT8m2~Ac_@%_Cv_|ItovEWX^!j-gM z^>vDLNa~+iTZS(6P&u!0sZK-t;jyj0XR7@G$H$p9{iRXj=r(V~0RkZMEKGDld9isM zjz#NZxUVLEroM>P87xEnVPMkNXLeO4S5McY2v?2U>jQ@DAfi1UW{YG1fzT2lIA{FP z4Q!&(C0-Z9@BcB2yYRpBiGGGNLO}bIPxNaqUjwvmEx8=EJed1tHpIP`OXY?R2RFyV5jg zq-fCIEVn1fFNPqfVrLMN=PSk?=7&5UIHmC$D}1_7Dc}FH)GK55ifchk6Jz}{x^Gr$ z1rd{qfUqwpgrcGOrMmDSB&jSzLQK>~#4FR@t$VsHzKXfA+U{lZ%!o@*FpY&%^%U#t zW|PlGQHzh=SaysCDKlQQyfg}utAp_b^wD(e!N{jI;rB4pP3pI*qGDyHYtopy8Imx= zGEzuqVIS|G&^bicH*>>EyWJcxCdNa@Ffh4!9f)?Yw`9zGbt<7h9?{&VR-n|6i#La3 zYP_6>*<#EPP%arI?SU`hlCrM-dhb&ns=3-c72@vJEV?b_cRtfjW<%I9%3=Lf=V-qW zM-BH3a?EvOIl7Inc3et!rSH-&vD8%}Qv@hbNZ17nsU^YCn0C@IS))#J&^#{(mUfMv zLdDv#DJm&3_9z|GfH%W;Y-5jWdl#ILPf9}?u2+r|EIS;j(`nhxbjwi^An;`UF=T&+ z2$=P|WM9Lc$VI>!0Lcuho=)Vx+*cR z<|DBV?BKD-{zLCjZ^6`|4a0=z>&dhEdS?2r?X#KOQ-g>(7QB%y(87ycIG#T$e!p1p zarNm`gTO-b$qt*)On$(byCBnK(amiBgdP+UR^^@W;d+hZl~^FF$R@+n3yo+a!Df-_ zOavWYMj)k*sv=m8yKf$1Izvn&L2Q0c^{v4OpfI)%%BZYokA1;2Z4Ze{FOez9zNjqI zuEYn8!1w(lsn>dDJIaqJwl*lNRA>@1$GDvyX)dJ0)M;lufmwbFR@#U!0|Add(k1-i zI+~rtCy?v7Of3P2Jt^77lILB`NJ~U$(&mePWS$bw#=Jv!iK`n&@FpTTMVNv+|yskKg}rUi^gS-pmTSq+e@WuGS_A9%RGln z1rQm)?BkK$1sIUwN*aX}4dSr*+tpU!uI3ziNmWjQ&zij{b4=Q1Fs-j?T;u1fIgpFq z-hu5XXU|X%ZN)CGFV(9HvbM4i8qb+O>b9_ITDE~ZJ$k9+3h(LTiIu0GDw56&_t^j? z1{&bI5i2p8g+AAdwFaFU-9uiFH;fKjBXn7iEgaekHDZ<8N9)ga+i?I>@cHSx5PpHU zyKI`JH;r)SIQZD250bGG2ukHZaKrWkPQ4YOxbY{_8U839i~T!T_j?%5U$O3o5NTm+ z_A8=-^ij6oHPP?nf2fte6IJVi2U)Qgt&**+3{`S>3WhzB<<^t^(+AW|#DH;TCMz(j zI-JtyOfQ0i2^o$JvH%K$!67U3!-Uy)9ObNT>|!(Qskrsze3eCB-LG3K0O zyn_UH(yWxYDHWK`(r~zq)JTa`ieI=AXJ)M{uwxmCk7vK(=J1e2VX@sX*?R7h-!{^- zHF0vJEnAC%Wcjx6Jvjo<(@)%@UwCxd`DDiz$pz#xQP~8+@@!OI;RNr~Ub!Dcz-$y7 zg<=g0TrLT->W;2Eiw=06oy7UF-Yzg7+Ibzrp|{qc{fbl|3C4F`&Uabm^4CvnoBJ)ODhWep?hv!eW!y|$vZ3!#Nrwvie}I$0%b78xfY zTf)!r&N65=biv)7c$SO9wG@*y%46~hoWkSw13ft4hU$88FAoGF85VY!KdKQ;0lUo@ zG#GHa8{9A7mjV?p%1#CLSv1UJEi+UTf9@wWV0fs4x1~l0!)Gx&cDe;!W1$EHvx@dC z*wM0HHA#KRavUi8Bwf6%n=QYIb=4y{Fc}*ycbP6%qqQ9KGDh~DjoJl;vDk2bHYBI# z7>%X{7N=3I=WVRDUu7Fq`~s@jVJ=(0NG5l`bGgB*_?0tLe?Ofg2|?z4bs)t+Ty)kr zxEEK2rR@v90+q8f1O<6KwFF2;yM^;HnLK5eQ)knq~;Rcc7`4860}-W6<1_%N`1Ni1&Aw^hizgP0`9cWeD|qSe!T^K?d1w`^64E96I6Iqa7vZ*ABS3&I!Jz_I`0ULjF9@$d{#D zxJeNo7rCEFt<|0@aUwRMj^pUC!5fw-uOjz+9$#G7LzPxSl#E)r95GQ6iZ*LbI(dj*HkN9$Yi>ppaO;Z_dej9$y>HwT zH7Hc|!W=CWq($#W=BSqGb(Qr5Os?$48P^9o;jRTE_F^Vw@k2`-rbze*J{`7Q(b;hXZ;iT-`h5())Uz|Pdo z+Di8))gA?XYX=8=16>QlpAQ@ybnT2x4J{1*vX?^hSfHEk$9XC!3ge%*{gJ}?x7|;} zKlfG$X}=c<2XH+6W&i+w9Nx11TzlyM@T>n0_fv43Jye%6>!)p4$=XpN3Y7$W!=qV* zD3(t-2M|5E&&{3K_2*c1UZrcj0P?A#SMxp#z9bV0+A+nEPm5Wz-I%3?m$5z@keI7G z##Sz)u5&>BGKpAK-x6ZJY^a!nqQ~uZ|}vGb$9z zwWB-@WHT&(;O<$*xzoaMDRS1OGm4@HLhbXGS!|_oImXZuWRxbhuyAKN5L3d#NG6Zd zvbgqunXU;Qw1H_w>{F$AB-vd0i0_z)C}WaM@G=O3giv6eg?+QZM_qw8gOiFY!Swya zRpf88)D%s!ZrZ5mdz5e;`E@V?L6kVcy}|#jgwmJVKr63-X8_dfA-N5fk}r>tWBq@H zdnwk!0B6%BF03qL5-4i~-ND;{MeSKu-*>Y(0<>8=Oa0g;b7NLPYat|~D9b{l>&(?) z83a$K+Ap*QraD^>;;b1Rj$-}jTm1yxN~!7zJ)gC>DLv^z``CJJmPlvekTr^1bJPo* z7x>jg3$u|a*d9d(9S z9>Bs2;UD!B#kqi$eIaM#7o#sq$^(Uc?gdmE9tRZt}sIdcd9) zR%0m5Vt~e!!?n3~Z)gFMe5k0>NrNNqw)duDnbd`noeBun1%|EKCwxjshu#eFHjA2* z{EA}(HrKe0Jy9+1HA@9)z4CViu=>rM8P_+iKqx5LUGy=asj!7r*1g$m7cuPG^=&tNnlNFBahs6!sDd0doZ$ZU;(aQG7fLz>&$W zS+GgzX9TVU=Y^CxIJtUGuLdCADZx@UU-yB$IYxK%;gECRx@4(ykSUJzL)on3D+cwy z%54inGxJ`C?XJT@1t0p@{R%9BOVooA{us!Jcp%c$k~IPuvworqSEq*k3M67=Vo4No z8HV?hrpJKCbp^FTew?1E92vMSwy@NNL1@(hbhY0%`cENdY_X`lmhTDS5nXZz-zt0yfyUOEzR8%k&;DW7;F!h>^# z$T7u3(+zE=AvYd(n2jNCZH}#V$EIEEkB-DZmf>@Bz_t-$OcqD(cnI z#kJelhEKz1u(mz_4sQ0p#xDN3M3qn%k&zYocAWVgIiPSb5^jc8HinNF`Cc)Gk%5VU z=`q6LJ0QO{*ce&V|AQz0ZfkyU!fgl<|4mWQ2XsTT$}SucM%%=>J0y*_IXk2=Ffhtdy|d&AYjfgjw7l~$c1wAwX!E|g!6)uk zE7dF?oAXh^>XauChXO1k`v1&jET>Qkvf*~ z2ozCF8v`d7sHlC0$JEvXIzZ;pX|up}0!^z(A^wJbt>+Ezz;K+j0tXw(-URUFDzxyk zX9gW>@and$%il+2Hk>{ zX|RFuE!t2@k>1pjp0da0OiRrlHjgih)gHF^o~fCSVkzuKq76$97h4N&;RuYb1r-gw zH_K{~j)Y)R&kfv)Vae8efiCl9BlijvyN1TLT9szm9d-d5@zXL90faLIXvN^?)SHgR z=deMPcjJv8H|7hv#Y~^9E_^w|3g36PnE{#J55}aV0V9=m-V_hR?&C_EL>#(u90%rC zk92JhAC($?joz8KSt=dIixE3nskh~~J`~O@12X7{2Xoq{(5F?%gzgT!1-Py z4Y9rqTy*R375bi7KF0UZ$}@oPF~GOtTWqE8D}Zl-FQTcHku|^RA5$scHx}R<#UKU{ z`8M}>f0}y_ge@c?N+;M1&|Nj60AphSO zMkqk{%xVMYi?%=VbC8o?znJu#nxNK8=DL!9$e#G@K6O3vj? zBFb{#t!D#vjC4sHX#c(-@Cf2;qCBzNZH!62<@@Qa1*44h^qET)HI- z=+YyGPCuE(=F7HrszAOD{ya{#8#O6zO45ZIG{-XdkS03&j#ky+Ey1HtS_k+5;?!Zb zu^u7|-@P_V@@?ErLBdS2iZ}jhHZ&~L<*dv#@3<})Uwz(i3B8UKp_zZ#;Kh%tyTh9s zMHYDMdoclBcDxGpav7~2AC78fIw8n`Mu_rFELT@U4m!8Y<%goiI8~J!Y6yu zomg+h{5l`rj67~>yDpWU?8&$66eCj*nYrR~yICWCHmvb!Tq{XL8*24%^RaASZq?MQ zQwK~fgvfze^mUX%K{*{~n88 z=KI#C!XDSbb(OgG-_H}|{>sY_w)h(Zb3C{*5A)PO*WmAA;8uj9rgoOPHg?uVhV~Cl zU5jtXVP#}xVg|6X{}E^kc+{m}VEMCN!?))DMwh>{5kpDlQ6Dd^4|7>oy`|?@yX9v* z>yQROw5o-udY+qA4dH51rnw+vo2sdl*AfbDh9hpTXcU6R(Vrr3>di3Pvd@9R*_QCg zc_Bis=!3u5ZBMZ7eCpRxGcQ-s$=zJaCi!CMP>L0Sw4}W|!1?x->`CQLAN@G3TBI9{ zOp>WQ$ZOV=y_+jke>gUR!8kVW8DHA1p2k&P<~!pPUZb&z6aG;xJ!V832wp-=^^tQs z95Rb|2h{jH`$~k@!AK-(+JxX(V*4ghaZiRcZ>FiM;)6)lIPJ!W8uy_!8*+~ZJqv6It z?r@Z*W!^_}mp{)xzALAi0MBrR${Bt6UAZlhDI|WKp|wpB=4tXYZzrr_9=REVHZ=o#&pN+bqi0@KYkk zD4ck+9WK!V#@zS`24(KBy&vX)LpZRLgA4?wxPsxVt`PfL#ZlWio=s*7)I}%Z=_kd{ zB|^9`m}Ig+aQTFa=yH(s;|S-WZQ)+T0h+(th|d7uy|0ePH^PMiKs@{f@(%^7f971n zcb`gF@PT-}rW`tOYwX1kunp(|zJ=dn?0quk_FNQvIjB*vi@6z1i^5XmY;B`Io^2(B%LrMn)+ z!yOHSBvwYuy#hw(nGNB(4rD5yMjkUOkMxPso9^knZG)#CV{7dAe$@9AhUM4jXgzec z0b8~ASNUSC28_*TWC6Jpf~SNPT_{M%?~u@%1Y@Yih1ZhEKQV|uxuu#Pgcx6P~q*=R2t^?v>c|KytaYVuW6X)lD^_6252A`egQ}50|6B; z2}%!KT3Gs+>*QnadHNEpMPgOrC-U&d7) zYO`UWmDTenUNGDliI0nX{RhLK{XmXl-;4t+7|_EnU?NoosNBD=2&8|6Pr;&Ke3Lm; zFg5-oAO69sk!SizZ~xCb{_y30zWCiVFfp(*{8+X#{@na8_x8Kx_ggZj7*_}vV)WAv z|GI!7%FJ7EC*u5TX96unaJ5(qTHOH61_EHTe=aUojhtC4;d~r!;wpemrp0 zWyv#js6j}s&0Hux&Jj>+660oi^aNU0NhT|y6p8Fv5Hq}k!{lo4_RAFmyW|M|XnmhG z!pFgMh9n9p&rG?_h6gBPw=%+XRoLD*pe{PBavs>x)4jZY-`sx61GEOg^udq1Oreky z-9BPT0D+LRqoyclx9WKe9iz^!%5WoCoQcU6JGqWyRhIL8Eb8YnLW!GFel+nh5C&Z= zt%l^!rOx#RX>RS>ohYBv^{(M9RuxUri$UkDcKzdRo%&1z{V@KmaOdbRQr@rVL`ch? z$zJKFg)gr!;k5j6%bb6qL-zIE0Nm&EBt;R4<|H6!fj8ACK|z#|Ohe||4vkGfv}O4) z6Q_rVh+*ya#*+U1!tO4s7Eq;*y&xB{n_Y@;e|lf#`i<%NYgAWUpgmFnqL` zu%w!aWoe3hX&ifdrxT3SE&?}%4O*yD7+jir?h+*g#8@xZPu(gKZEJM29y;OO0&*xM z86)S6<_W;BQg>*W2spXO#)J4rxM+f026gFCn+_I~tXBdKz@eYDQqJ0qOz6oP;(v-u z_Gg%@t{oCn<=CFc~pEtbeMjDz3zU{B;DtAmN|{9SwAC z4DB5l&;h95RxR+)O!e)o?G5z_r5z0Dev+>Ev+e1kJ0_>le0-^Luw6 zyrMVh@v2@q2G7>#Y;ldIN{YVs$MWpRd4ij0DS0y6U+|2HE|7!Y(F@hX=ShlezkqQ= zwvVo2p@j^=Y6b%2?qCzs&RvHRB@KvA5!PwuqLKn=vOA>sed;w^7-^5%TUjLisMp2V z6#>{mm)gyhvR3(HFmI=9y$FhMJWds?h_#2Qwk>a3_^cT(zT%_RW1Vy%zyr zyu1ji+b-*gkl%s=E87$y#o^;H`{I|r#O?;;-Urd0#)ml8<_tcfJ`@Sw;(0UHuM*H| zUbZ-US%;%%1IxoYD0sv;Et0$zCbf`{lp`OBamF|C_oiA}dBv7w*MqdWts?Stuk+|yF}pR$lt|C)yPL%bM; zSW?$U*XnPn13ylWzi(0hSrznaGM?cd##2b(o4~>YzL^2+0A?0e=5Lt|KQ;dsd;T40 zZ=GKk;KqP+4NIppg{z~AyhDe5ln7k~UMno)oI}`Jd?W+o zDO-994lnXt)b^H=SK%6LmUhMvPZH;9l&gXvjm2sp9AW|}_9y|$P`Z*C0>~|N{YyWn z+UV5uha$%6?G*l?-ggvF!r!`&)FX52=|Gb3QuA9S_&{6MRa-k-vp~sSg9P{ThW;vM zMdRYx^QwZNNzU;@{j}^h=rfi2<$o#n?~mNu9Cmagx*}x)qL&a?c>9gSz3k+(GSBz& zyj_;;twQ+bCGB zl#S_IYMA=DZS!S&Phg2am7?_`*}Hw0^(eSVXo)3#cXiVw5TaMD@@l)DEW-oxL*Bl3 zbLJE0$opg~7dw~vS9Zw(3h)K*88PLY)KD!DKkaGzL^ulhcL%22OJ~x;Z#w(O%hV=8 zhEt-XM_@$?P)P6}EN_ztb1dc%Pd9-cJ)(~J0d;@})M0)v{0sWw@30g5*|tgjVaQP6 z#jUN3%^yC5verN45};uG<@z5+jN!XJ01E@l!-t9CF|?BLTa%fEkFzt_?4K=tOH zy>8bCL}DYiW-aEDKic(jz18&&r1gL_4v+Y3KG4qeZiWwfaw)bJ-Uwe@YXb=)nmA?6FbYSL#E7e*fKhHB=ygtU zrngfhSr9GG7`F~VR=Yj3XN#YE zfL2g2RkX=n2Bu+Lo!igL>zx`4U;{8Tkv>|ll_Vl-TXN^Uc;>HhRE-tp6Al~v4OHX+ z(qF9jLH~xNzFz?cL3E0{Y(02R%QqY(MF1*7x@CUhfC9&F$4q1oJ^XoK_HmU>t9nw? zkd@_uXt>o56*(r?DJBagZgJxcoiYXK7l|#>o*${Baa7vQ zP|JO=#7*g#qdLj)bDtU%$Rz=GU{?x9Y@{>JB?M!ee+fH*L9`m3?8eeJ%Q}XZUB;4;e!TX={CRLMbB$ zItDfX%h%-|9G#-BRdV|!>=wga9AP@H8ENVN2&!o(aQ zo_Y%fu<6T%yA{~nxT!wMPj-u11lVZK9|Omb+{gfmz1Ar7clHgqvl|AP^zYDP?kgH@ zXI^!5BnZLQO{o=TD!(TsuyHM4;827&beuyINB}O^+B=Ipye~DlBTSol@#(IR0LmaQ z+)1evpNmq5E|~1Y>vDoV15v_y8*lDq@r5LXdJgAJ?Dc;10HmVLQ4=1p6^GkkBAm)C$RL6|15YX4pEegS{5 zf8q+iy)usfQrGalpacI{;Wk2H#eXL0SI%sS_W>??@k?$wpzIE0DDa}xZEN6=hoL`g z#4MF8z4PTKNua-W^q{Ad(j)ctgFV$f#I32a-W>ZB( z-f1UC5JA%&5Yw$5-86bqWLWSiW$YTfO4JdJ#LPNSAK>$4DwE(TZkI)cteR$w2G=Wi zz-YUt_sC&}f9s&A6=C6}u3Qrly?a{$ntsk?V(?*R<8kOQPhdmCLR)R))601_a3F~U z&;a3`b|HpQ$8fT-lR|^jxU&-QPdvK?u&jFXZy~ff zq+n2>9<@UhB*bKX)MkW5LHcotQ2zOI#UJUotN=CuGXvYh0+IQf+|HlP|Lozv!%#g_ zqt^hLWK``!4JFQNm6#7>#1jTh6Y(D=-vsIMo9U>SCvAoHXtBu4a$x2m-f7j!6`X|a`ZFHZH}}N@?_p zFdif~y_+On23^T1+s4)M9TCAOJ#7otMhL@&8n!R=Kysl&zfO|P*PCr2WJ|gfB)GKk>Yeq|vvwBowlyqxrV?@?9VT7LLeJR!ZXc3Kh(c zx~hQ3SgNn3)_-pPulN7EbG$V&#DmC%5GF_CcclcLoHCXf6ZELZ`VPauL}qLs17snk z$TgsaEQm7A2Bttybxfn*ej(l@*f}>NW~iq@J6gR1G84KFHteg#?ktkFB(@<6V>n87 z2!(z^j+;3&_arxwdw$or9V**kV_L9YNKWvpr8@FX9?`(ul8KzY{Fh3`O6WVBl9o^X>EzWOZN3+k;d9HJTvbF&p8l7 znXV?HNI-&_Bjsvp6GjmQ@FjE4&dit{aItStPbMQY;_N_5c(YMmI=hT2?rVr<l$f4(RDp@ODFT(XDV){rtX**DF^m`A z5y>0$78-wXgoH>y^;PPl*aVKo=rpsPX_LB6Q1$deW~vlC*R#N!9)&jH^|m;}kJc+K z&|iQqA|MtNz_(5f3 zNQUh|wS}7^kh($?{2>v-45r#l%*pVKb2M5H1IrzT@*VcLKR!`EO?%tDu1UQyPP5Ci z$PweM&CaNL5~KBu7)R!mVpi&~w1mcty|-bN7i6I?)a&RY2rOMmi{wqZ16bCLBJ~l- zo=ss@ZM(7+5oaiVPwp@SnEb>y_;BZS#z$*$Up0X7P=1gV2LzZg z6(kTC1Arbt`xw&*4FOJ#01ATr04YcaaAPXa2UizWq@t@IM%m*)!v!w!5>uhG5O)^o zS0`xD)&2@kFzQ7%tDh|Q_u zpipVKrf0!W85ffAL6|DrcZV5?UqAI#aex?l`H}JiyD>TS;Z!Z3Vf+QFW>jP(KVdM| z$IlcUJT)AMWbP)i4oWZK)I8OB1QN*Pp;pCc&=|0$+98$tnxE7rpJ@9BHraO0S@1m!m7|XoW(HaF%CInofT+ffuEV$l{(}#$gJpr^8Rk z8eM+PdO!;$iPzAc{^H_e0Zz7k;p~OgDifHt$!m(>{khJVm;0?7W-R6UDs2ZX|dJ;2`q7%2z8L+FL&z1t$$6@4QFw$kwv%Iel>Q6URk8y$Aru!HKgv+ zrS)eU3{(AkAC4;S;_%U7uy5v$FDU8;+wf{E3}U=bHhVN?*vbSEmh!Q!Jwg->ZpzCCYE^ z&%=7MLi=709^-?={*11+tnvPLNPUnX4lNRH~U`=bI6pV${-y+&GinQQ2v z?#wIaseHCbQa8D;ty;eMWFdOTvBqHq14H7mt18%3s%${>9z=E*23#0l5N zBxTzNgo_dx@dV4LLkV$;c&deL4>)qiB*gq|cElg>0+=LVz&rmrWeo)Wl%93p=j1Xbz zk~K_R)c5vJ^K5nh!Vx(U#ef%Tl5wIIQTWode$|`6~2t%l0fOcO2BFY z)8pSGV7GC80%2POz|&jk)j_$#yS;rwC>^BCs5M$*6-aBN0^o!A zT1Jum!I@>wX3Pcz(ft`6z({BFRn_r(9mB7o0d^Mj`VJ3&9*Y=$Em`>UZu~EM_=St5 z{27KMTTv!4dGI21UZis}4~Xo90HvfpFHqIA3s5?X7Dl@<_|8}T!k$FE$OHWNmY54+ z45DX&RoWgbYO8{Hv-g;;V2)&?K}M3W$O?osi&)3lJsi&tx|iX_u4|T$7*A;qEF>zA z*gdEzHXN+*jy_qDchz8nQ@}pSnI~k4h}XnQb^C5u-Md%0#?D!3P|D?VpY+`EZYVBZZ|6_Fl3J3Mofibqy z{TBBMU}fZBU}0baJO(>4{@naGpZYsw4wxJcPES`eJCgh1@71(@e6dEpk1VFUmg|A; z!cVlRlc_$Szt&Tk6nBqlX-cw2t#`h(&PpE(*(g4Wu;*Gwv%@T914Wj{9gKr@2%6G^T}*pY+bhVuXt!zV0adeR1Lw&w{kK<^uuBVNAt4#ApiWU*2Nusc7%! z!lXbiZ)m@?UKHO5ghf*?Y|45gz5!ize!{q{#oUJLqA92`fmL~x!_?!%Xs!9iF&zg#o%!-N^Qy+tjk5`xw{fvBotPEVTW=EgqI09Y4 z>%}!PHdLpmUKVk~VOON-;uWVV#L9PMwg7w^{}~do_wNKaVrod$+JKMbr$o-wITn!t z2H$|B3DEHQ0*N1j}Krkc0@#CC@Q(m%|_OKd)` zOXodl$Fl@j!}!O3DxJfW`^lKoFkm8SecwsMCc2h-`I2N> z!ipQUwl9kXU-o@xw3&@Ch~97+o{2!wYn2ZQuOY`F&ZbZyU}HfYX)Nq&braLz!yDmu zPFED)EpN|GLqjF&Z*|gD)C-e$kav_T0W!I!SgEkUPF~>OkJ8lNzrPLUN1j3^X%_Dw zD$b{*y+ymIkfA;SXb{~X$1=AGe0I-BcDzqc>_}3j00030{{R3W|KI=EEIQM?IY;-X zFBJJ`Rv$iy-`7M0V&$*(fNW$HrGYck^;4<-qBG#gaPO? zsD|5{dKVbG`jD0TT2WMJn5*ng z9RmPB_iYR*{_&Py<`?~N41Y?1`X*ENW5WG^@eaSUQkyMaaRAG{*(hq*7SWMailpV` z%d007+)Vb>VDv4v5nEYx#5%m%nj_HnesDNxa#=sfgp!=vpc_%WxVK$pD@iO84;*_yE#R`Iu^!x5uv}1s%E+mKjCfup#gO3x!G2V zzNt8P8{Iuq-EOj)>4h;?S-ftNFxrG&1z(Gq=bpHCWOvDHTWSSU0R`sTipE|Dn4Sue zQvpq@P!V??F7gP6uC4Jg&no1}YgI<#G@rr6Tew|sEzslUkN}8fi)0H034He-AAG|{{bhS=3w!%-VWr=P?~l>@Y4H9S zyT4b#{$YTc%cOSdRX%yYrmeRZ3pDH8EWq2`;odz_Gjy(X(@>8jV_kJirep6=(eY1# z@Xu;=a~e5qXPQk(wxnu!q+Wavv;<>({lh%IMRc4J$U#&G0$Zn9=7s29YbA z>5B*NpbVsz{G;rOH>M%Y;F11XG31?xErB@`sTn@_Ik-uO*^^;9E#2WV$_cNo8lzZp zZEiYJ?O|2KPn3J*$VtbG?$#YeAx8?%)jC>bWt8(QG}g=_6Xa{ldm7Iv%+Wnsg~2fW zszY5dkZgI}a?xc@f#2m@7@FirIK2=WoNZw>wkSxboqXHaYQ~~Wv^?AW>3TR{N4i2O zJKJ5Q>ha8r2;c{X_W*hD?{Js#r492lT!jTW;AH_3-QxKN9em&aHE#bAH-&=#b+3rA!pJcW#Gias^*Ehm62)(DOkgeaU?)n_9NO zm7`MOAZPn-UoiHWz+LgctXYt=aI>0GvaD9kB#n*m=sa7ZpeZ+?$F^Gj3(>Qj*(MGT z+{`@Ej3a;al-KAULg{E4^<~VlcawVLn4)QXpE@rOV^lu9af1(EumhMGO|6RN*({pO z-GhmTIxpAmUK?8q?6z>UGS2CN99F*Kv0{6RsuAc zQ(a7U2hUf8*EAv537bFvhW)dWEGf95Xgu?C+Q`zrNg}NAs3CA&TS$ActuU-7tzgea zWL_4CziB2v|4tWC0N?PR=mJ)CE4)t{jV+(Q7*I^qCdR6+{Eyz{KhTB5H@bK+61Hi*JMWmofV-OYo*-rk~;L&T!Pbl;PQ7N=yWA3i*BF8+?8G zs`j&z2a&wt?>5}OHbbR^NC?d=XOCPK~FE-@o|d^tf;Ol zBXVNSgvCF?X7}%o&$Rx1TkP=9_n9d)8u)j@|kN;vrruLH1xaZ(9Tt)XJ&dHN6 zAX2IR!`7Rr!&5BfLiOty-17KOTey?P$(mpYZLt1@82*ibC)vGBXyA?T*Zts58?%y; zH_RA$eMFRP01*cKewQ{?UG_Iz>%fMOPC>^5L$o|N1^M4u0#cbc|HEWh=(7`)fiD*y z3;xa$l7BVG-{U)AP%yp)O#RULv9qzZ`#K0e&aFUEkiOmVW9#O}p%?=LfQ^BJnURtG zPmNj*7RE=Vq5o!Ize8;~3*GD+3nfzs+bt9m((324Z;8Y%4t3Z=LqT_2KWd38Krg;H zRsV1`d=JvGGQoi) zS$(?IJIA|}B5et}#0?H6gDCub?U-?6?y9*vfkvew=qNjI{O~2=KtI9v5*>ItU&b(K z5od@y#~}*5bI+@@q6ZLDZo3=x|I>Y!^)w9e#Z0|*eEwsjYrjqtqNESk!j-y<2>H> z3)KW>t1cnUM?;8XQI{0fl2N&G93c=NF*@PqCyz_9z&Rilg~O77 z;*`N6;4D&ofiddJ7rt3EK~9oEj;LySBj#20J~BMM{poWdQwJwwsZq#?ZIJWYwHl#X zDO%L5%SCed_ChfSh}n=a&ZmHYk#P0wPYdoxxeR}kqgkav{4T135 z5{ZkPMnC!^h#vq9+VBA4?C&6k`x5m63ca9I(EH0L3QV>4e+RMnzX~i20NOWTA^hcz zzd-l_w?9Le8NkA#{$K3rcK|NQ_uWc-cY1~z)%AR6a@{3S^`*cXd@4UF21hKD(QezC zf4Sa^(6Jj*4c+QhWMlzcJgYAa%@@l>zDy_o~u2}SJ17s=T7W}iFEB$4oH%|Gsd3&r0CT`C8l{*OZzHaNa zc0r$W&BMPSE=;KLHQBWYlfK-ruRbqVp%*02D0XN9l0TAqr{Ez5%NmGaR1B4j&aBdD zbndgUZ=={Bze-1mrWV}P{9gmGAY&c+71-^arj%Rv?YT5Rp1M%^zX)K(e+9sR{pXTv zs+{t68nuOahM0xTa$L^486PLIUaX23y2B4?tlP*|C4i%rN%ThwKt8cg@PZ>Dx@|%7 z))PtvJ^d%+!G zcZ^BKp>9HU%fh|a04Ho-w|$KBw3)&HfW-mi@;LL&_&xub)QOQOgks?lBaA*dz&w3y zF5D$;ytGQTn#e6mDZEUYt_G8qeUJl&#{=|EfFF44 z1BeU0r@21InWR^2rkDC>;hjR_f5dR1z$rMJ+S`APRu&NZu}TI-!Tj^Gf~kemgM0in z`{=vy2rC1Ckp;lc#K`Rji?QwNE3JLJn#^n#jhwjQFA{NgfiU2_+jFq%&zlz$*=}NY8Ci(O z2smXZ0y8Sm5*X)o;l-Zm2$sc(eehS8Rox8>Z`90LTuPNBU^Q+Q-}J9z`y|d;j%XZ> z0r>%J=(8C^@MK5bWrD4{u|Y#!tfZj3AsxUB?lk5gar@|<-`-q~8&|>qEXrLK=bgJV!sOm6b zGrS@tj*uk1FQ-K5vEuSli^$(JM{sW=w1`12+RGi<7|=sq)`;N&EQCKkWebcmF>3K= zzjNoHn~?oNaIK|NS6p~SA#j+EX?JuQ;2=3@+@n|~Zm<$DW>tZ=1{n>7pZd~vS9-SK zThy-Jw!xj_HL)z8_}z6`ioK9m!g)9J!p~auAm~~pL;ZC zpbmmLh=Z!&5mklGZHvX}Za+>Fe5b890N>(&*7lDw2d;GXkJH=!VS0b% zw_ly6+xPjdQjF6gt|kK3(*(R_X|%QVbc=(`OflgcB&Ib3J_^WVTC0}IDifOZwNjd@ z#xBMpvlMgUwO|+MWX=+Ji^Q7Fc{RJ(bwVIgjYJ39=)TE*2iw5$R5^fACa9UGhiYzy z!0zBqE{9m4(iTJ?+pj{eL`&rf!OHNGV|It8YfJ>rs_gbM!(EEIjdnrIZ0Q9^o%Mvy z62BC2FHb3_TNXC9Sgb2kliwnvDQJ=vfz%h zl2X{8BT;7sHO%V-EfoM9i{b>vlpEGgRc@kdxH#e^yIHCgQ$@QkcL#?erApYl4Dhtd zu{cmo9eSDKP&IS4k~O5M^VsRe7zH1|O+TANc7Qdzg9W|GQ&I`NlN>J7zyKdOiX>rB zU>~P7;WOkC3xzX83!XFwIobpP+R(Muzle>8u`E zyzPO-n;uv^_s1DsGe54-sn+v~e^%iAe`eP|55E7r{1`_2OA-e#vHVQpkIny9H@~Cs z^34OUa8iUPR>iWk=)zoaaW94%Gy~!UQK(uBRs8sQRY>2-hLcg%Ti<-necwR))XzRb(A$rsm4FoKX}PUu;{ zRltHg%`pOnGpu<#GQFKk7TqlGHYS@omEGmMUQAr#5W&mcYHsS`V_=ka_0i5+7@gLo z+EfFDhU}zj>veMH*oajJjtf)E=)6+6uQ|ULzE&fXmk_^%H9{nk6Ueqbv+AxU#wja!U5fhhCEIWH=Z5 z-7Dc1*qTz0fsh_mlTVt@gDGuw!t`4L*kY(QGf|ne&@q&HHEM^ML*ouJ$fI*0C;O^g zWEbGzU_D?X1ZEm{mm)&W^PW{PzMaLGe^)EuI`_ysAt4L3^oQ%0Zpr5A& zUUmo+6cI|DAkp4Muf5z3)fAy%3lza6ikwpL3nZ)_A(AnN=v6W3TQGJvqtAr?wGooa zQL#WbQ7`UY9S$nY$pi4mW~)-Y^&1 zvU6Q=qj5-D+9%rCT_+8HrS3=^AE8M`(K2OqEf+i2S$4EXKWTg*{wK}v zw7}h;XE_>`bAM3wy0LR%2c4tV!vSi%*wuOWc0?|$UzWjYP0|aK-c+rQ$H13*!#`k~ zI5^64^#CMQw*mj8fjZ;~dO#OLJbMyDVI!9UUpHyIvW98gUTiS`D!DHl0m+FLRyf_%Jq|jqWEC(JD=S*#9HSzhf>JBh zH2A%JnnOyQ*)L7gqUS$XRd8noTRfpQv_X?+z$P8FW+0Izhpx6v&_dflHl>)`0P(RjE}t~JGpJS)#Y}9J4puo)ad;$c!K|jR zYC!-hh{E~YEL+e5mVIQ#QI;{TYlRv>EdG8$SojQC_1JDra#DD zN79sbxxi%xV%{uMir1Nw5QP}{eY;7fzK%J|Gg!-}9G;H&Rd14NrBXXG8PUse^v@Lr zoxqv9L)m622&1z)NAwa6n}TcXEa)c#R?p9Ul|MA)wULyU-CBdLf^Y$xu5c^`Mu97L z8wQO|7RZk|^Bs;PNHqp4-m7$8@w%-g4?eD>Wgh5T@`2eHzptc)%PV}Q^C+4^0USYe z7yRabXL3FUQULKcR>cuEH8yq7wIFckAYr^4(-vD1Vijw|a(WF@Agf6Ex<4A&tGcZqI)H zPE6GB)elTg5>y*}L=y3DWDv@E#fJ?KZYGEj4aceG7^5S$&YdfsxYs6jgyt1D?c3A2 z!9g(k=X!;q0^T8KuTil#y23Er%C`C#uGGuv`wy&#=zf&a_1%*`EsZ2xrN>)gdq4=?kcr z+|&N1n@H(cRCP~PHnw=uv%Y|6{#)XGJw^Xdb#EP4Rky8=OShDCcf+PbX^;--?v@5= zq(d47=|)pQyEuUAv`dD7S+%!z;IJ5_9*|=Ne2CN*lUM<{W4N%FE`05K|$^!jda9q^^ zV#&66-3XrXwwO3CqcNvCkj0Ad1s22CI?r9-O_(fQE?>+_PL)02D6tgzxVN+cyxRvH zh|v+jp&{Iej;n;Bi3_Z<1G`)BK6_HxH_&`7{J^*Uw8DTfM_ILdJ`>eOsDr9ACZAQf zXF);ipa&k-n!&GmN8ppJwHf~bsc@`}VVP3yrJQzJEj;fV`{aoqdxl*In;kTU&w$>@jHax?vJ7Wi+y z0)K=<+~lRvyFPVW!u6Wl?|BmZb%n68p%Ff>jm-;dZF60Hd_jfp2>HH%^=-rHt`73O z=70EU{sh+M&Lx}Wv%ybGG&BquGfN)aZCxZHrB;*;LlI1dsnFQ@n#LJC1&w8ep}o=R z*}Tde1CtTMPbO^H(nUKZNIZ{3-^n7eZS9MgS%tsUEzQl)Y)JP$meP4vbKJB!!S;Fq zdzj5ei_|`367d>WYfz8imaAmHK5`mKcS&F$La@A z09`^Xrf^5vb!7KX1x9osGbr;fbJ%N#&SJ}j*85y*pdRU6pF)D`r;aHNgOAk7`^g;U z8C$tn#~oO80os4V=09D~D&T4`205-30ve1a#e@Xj*43kG_({?DZHM2W8550DqIHV%M1cA^orD0AjI)fb#f?|EZzS9_@ehBkv;<;c+;+QzSSb6v=KXpivL-)jj ztfSTN5w*fd8-{#xcr{5@n{t#uqwR3AU^%X*GfxL^)Ri(Dls%Dy5bI8exo)Bvig3t zqjiD`Bc%8z@wJKP?rL$mU7JEVBxHuktosiezZ2+9rX-+D_K3gH_<>@=d@$jZA2`ng52)^LEU(&` zuE$nS=Z6hiz>4h1P(z&)aU)%~%7oJ($A>>U!LozvyNRmfRiPc{)@+fF*t$76#3=h1 znX3^oh}BBgt*V$USk~Gj)Sd$!`ix}>ASf|pzd#@AORW)_Co}mP%XlmTsTDY=S) z?BMpX$Iz!>CGHZeRT1)3%W-9`Rmj;V{}XP1+u=93?TBa15k^LWKAjSXmy*f(SGq%s5LyFiwF#ucGNXDgQ1@^uMI^;noZx}_R}?P%dT;o^nHtHWp)W|^yy{jlGZua4uJjdxYhrk zg65mr3Ua5m-d=Gl^7QraMFjq3?EZ%y<4^c~{}82nk>6ddz;C}y>%+a~ z-3R#WPf7~Ny#oR!lb~U}(40cU@&Z;IW!31tDG%YJ8CdK(r>CA| zrEZ&?5$wrm&m`fG;LR6|U83vtBdKbhD4{b~33a8goIH0M%xB}O$7%>-92=!Wza)n* z%Jdp;Fc+xPW`2u$sT?0@XEw5%Dh5Y&1!Fy)sMQ-1#@y^6?}wk#vt$O{D&j&P&1g!v z=GV)hl3I!EiTH&bEg^=(I%WAZeQXGg{>29$SHch6Ku>)S$sJn@#upXQ8ed{R%rAbO zp-@y^81*G5bEm8+i#rmv_bTP>2Bapsz0`jTzk(a7AHTlt@T8}C7MPhykg#vo3jY&+ zf7{_V_)UFSH8cNZXTjRWNiU-I$l73(VUh2J&IiAZy`iybg`%X+?nmSma8X)nNa9M1 z1DswWf=W@$#+X?`>k7?|xk#gi9^NxisM%u8Q_B1gaaWOSY<+(=O6eEw2$W&>FGssG0^tN+ZM>_Z3)1 zgIZ*`N9Ox(c)AFexW~QO<%CvzB`qM~L5Udj3&o`Vj#5^mbf`II%U6wA)JcSmd zOWnCi{Q-&$@C1dw#_!SZ658JY*63%X{MU**z}zqHa2K%8@XwC#fyA=f8k2@vz>`6w_PD9H0;HWv3 zY}grbI+yoO;;QE65}CjOc?P%h^ep90>ql9-#C9;CH@Kk&*zB1Srz)j3pdBh5(kKAM>A5UcKL-_%f1|1L~JHc=GBUlja0}xF^e)!IOgW3eSsp z4lab&$J^lg22ODp=$uzp&z=BiHETHSZ3@-FO&f?5VyS#cUt?zi7cFwbeS~!MEN9_d zj~`$zsxodr=uB9>&^Uw|2g>aH@pCr!0n&V*M=#dl4rcXuRIYTd~x z&NJ%q(LT}3=~HUU0TWut7$VQtb81Qn6t_$rby|{v2Qc`UI7TOE&aDwBrKoePWU=_yS8H^YE0NRgY zO`cHc0nz#b5M%#PWG;9t{0Xm=*l2% zgvFupLmHGL?@9-u&5p}>5TC~4IX={>g^${trNcvuxZwrRYhJinieLRlyrBD!JgDW2 z^zr{H0U=~<@xt=w3K1~(Dn$GjDB=1OaE}shoBx@I_!ApUCycBsqKl-cZj5LO`>xka zT`g`KVt>^)DpIsmeFJQ6P1tR1yFImS+qT_P+dQ>xJDELu zoJ@9}nap}-E$QXj?*}q@ld1V^6<|Hgc_Z(dhBN@YW~?HDVdJcE?G<=Qx=xf2XqpH; zxg_+LGdF5^Ao+J%Os>QIxdiwat&?U-?1!X;xFtfv-1tqU7AebY>tmsTf?{SxiT>M6 zzibB`c;Te2iv!#gNfGfvbg1{D=$>pSSP-q6SIGntj zP8Ir+dRYieApE}V)n3S*-P11sKUL`I+joM}XIi+wkWEi*Hq8fa85cM)!7(gvN@v?}^K#0%B;-2kOi6U)VO^WQyc%(t`p_QS+ zuIyj04FYvYrjWM6rHSGjC<>JoyyT#Nk;DQ-UFYGE8TC+sceKa8Q-8q;are8R`uI@l z8&O)li&@;g8*Fs(`Qh{F0zGZc=53tJA}p_)rMCF;wR|-Qpjld&(2`}GJHOO#%YRXR zx)nw&0F_=X+U|AeZ{sn3TNXfg0`c+D@GaKqjLrA1NaNJfwavR_;zPmG#by_fPTujmnY_N=Zu7Rcj1+F(`uiJ04X#u-RpahDh^Z1 zQQ4+s4<+4fp#L3FtKc)pU0`gRgtayfyRe3J(I$;D`{9v~t}$WZ(rPfhb>oi^blJ3+ zf}*~^v@rMP9UjB+I2t^Z=`vygsY)-w46D0E$46r(L3+h?mGk769|Qn(Y@+X(axsSz&fk>_Y4 z(q8T7?j7iZ$LRz?W+-yWNSRiMy02$M44dH|f`VcbdxFyNeG?;N$8Sd-jE1xYPBWS) zUfV0FIe8)@?>N|*yG58D>oZCTDYqMZ71@2le%u%EWRCv*D)HNzEE9U~Tw6U}(7g3X zA<1$(b%^j9DbR22ApehIp`DLxs?}@AgviOiE|rcZ3Z9Mu3Xyvh(hl6^A>{(TFpKR_Iz2;VOy{ z2Ar_Sk0AYM-s5C#-PXsk6{ki`r25=!M?c$)K3(OCba}_`1cXk9kNS(Qyw-=Df?FEM z*KrO12m?Mh%btqW5?Q5IpR~Z7^)-$CkpozXzq&nQ zYlgo4dAMmBP`sAMt#qX3MAoG)+b$Qv^aWDCRVxwkvy(JP^u5 z?2As)Y7LTb#Rstkc{$`6=N!VMhtF5OVfT=(ks#q=s51W+9`NPe9`K9$>4a((0j|N8 zaKx10%xUe&QqXE&haJq)i*rx+kpUf7x{Hyz+?YqPo%%0Ej^)nJm&Zc8nY3;asA8H} z=LWFI42@M_R%20|4pvbw8c9|Zr$kkEsDWV_!C3v7j}dW+VtRtM!fSN1ft51lL)zJ~ z*3^*n>;(*nJb)3HB2{Jm?Z?aynZ8IuJOlvTw z1qz4$P)QCF;3VfA3z?55Ff%ZwH z4(NZ5Q?)(KWtsVsv?QV#Wgv5G(egq)c;Z`zg1~-e0CrWuc@24W-@T_hylA2Qdl3x; zgbL~(@ktMR9C!5HkM|8$QBWY$0^AU2tBN_~UTfwC>|)g9X}+fe%=3;$52>M(++b~; zQtlaCSBJ5P`)_!r*GQ5gtXA%a4n)rpwOCg+D+mr=tSz?cj%l<$|2GS<^-$n%g~LLE zxN4N*aIHG7Be5=ade29v>|Q9|w>h02U)xk_7UmGqp{jQ75ZKV1hr0L~QIbBb_d?P? zN>Qmc1~OccsQ3~IcO^xt5tKSnsK6io$p~cDwJ~UL{BF19Ef`XY;{sDdzeci;cmJL^ zRe4vFe_EioQ&8$4iluWfe}cqM8{v=udqCihW&#M~P_MN2Bjt{@Ed6JP8}+*uB% z;5lC?NNzVq)`Zqhz_=5?w|-pf22Pr2$mDET$6#bJ{Sd#%u6ML2`@N}RxM*AE&L~kZ z=d}@`c^#5-?j{0bJL`b#dNcY=O_lMUn9;T?W9OnBXmgx`pN;e!~V zy1L16S3Ehk2^H#PWu6#V~t& z5_>J4MJ*OA-#E?K{=!9AbXR5Al$^nNpt8p;%Wnb>7R0de&a?X@1Ef6WPtG8+VdSD0 zE(MNIJ(*zF@D`^NB=mNJBvCw}N}#+>H$%NfbU^-1q+qEFAGVHdYH(aRgO#kIpxyZA zKOo*d)M|9CTzhD{zOS6Q2Z~&F{)lT35FG5?HCR}1TR!8g9+0>0A&5Xil26yO4jr)l zXIFCwa?hu8g<<>iX%0CcSk$EPo^y6Tr|fgp1Cf*{gIIj5_|^80`NY8)`f`KD$g>$% z;1XOrzxSKJ|$kG&c=!nAkv7j|h3E3QM#}@l!$No72WhfMyeHK9tsSn{*_NQ+Ji^ zd-?w2{u$Ac!hGxS3~yTT(;`eC79EIYyH^5Pjg^>T#vlt0RC$rmAqNaU*=yRco!?;54I?8U^5fz@ z2x0S8QqO^30qGvGRmapbQGpYo?fU{Nov4K(bds!|aCWzSY^NTc4N1f-+%dtqc3v7u zF4G2kngiY@7YSStg^owY*BbUXriTeCIb1imX)Q%|TpHsyf5`aXK*$RVD&w(Tb9&+B zn7FCXzmVFjxS4&(8H>poV(0ui2KPzSS@Lbp4JXtW3qQy)Av2bnuA|wcc|I7V z1ugtJtkVM;*xQZCYe+;%qqd{oSc{QCrt`b8kk?IK2F6h-*`^#xmE@adLZ)KZ4l>)* zYWh#Qq+${KTdB{&HsL59VJW4v8{mpU_0O1DJe!%O;g2vzYojZlK9rNpb84GfH5IH{ z=hf0_Ca~NNl4{hlwwC*l)oiJC9aw47B=l#q-OQ zd_ce(mFHb;8m=P)mmWe&+e?r9RxW*NGb7uw>tM-yRsyMQRh6}ut;X)ey8bis0!K>``0U3007jcHV3Gi*YYoDm<)qwmo2cpdUAl&K(Laz5480$Adi_Xw*IxhxD&kY& zZ}Jn*uW`N>`9S6Cq_QD}^C#L^xC7^i^k#L+;a{pU_g%xDUdPbWPfg4O71m>kMZmx%R%g~8vGFK#bqguOfsQwn|=Ct zPP_aF<>{?z%YoOi&Q=7UzsmN7J3^h=4{%p4`HiXXKPi4)nV>>qgE&Z0-;FbhI579i z5hOmHY-BBC|I0`yusA=ic8mDPts}d{rd+M+6^Qbr0HqQoIGQ!QSe-@1}jkRH* zCQEB@@SlR+*#JKifJ3UY^1XA+_mt~+yVKiIoz$hv0FUvEZP+GzNM8Lj3Vd47MwZL9 zPwrE2pY=AxZY(?9ew-L=rqd>kGS$`jsCup}>5KC#u&@|%t`~Hy@D6x~39D@E$;W@N za~e}eAM%y^g0DF8e(!Ua5z!#tcxYMw_uX|fAeRqeiJpU8;t+JH_TL~m7JPOExpGn6 z;UB)@C}49IQ{5sGRW@rGwbotjfhaZQ=SHfKS`n4{oR3FV&qE}#SBgQwMvgfqZDcD^ zK57#s9LC=}_L`0azZz^zD6IB_nWMvc5dcnHBFJ%|Yp`tmS4J?ATo$<`b7r)v!JUlYGE}AC=u|@v3et5se zv0lEsS14iRTF~pcHzC{sNJwU?G~r(J-06KjP`lNIbyfpq*^P;`)e~H+TWyPE+-Ch~ zAPrlt!B~d2hKbKI2E-hlyfmSKS=~xUTM-USqDnbm-$=Jg-voZ&6v_gWp2=3(kEies zND073EcsK^vof!+nK(1Z&V~x!>|o2WLbgxK^h*Un2sZru48Ch@ zr4X`Y)BGA(*ir+>9L%a{!vQ%erZvJ(N^Bv4V*O_@i=6dikc8u>mki* zDPmB2!|kX6WIN~C!Gp3fNs~e!5u2JmqFUeTrx%7D@7`g;56r+WCcAH9moZUN$Bkwf z_hpM$RpuGyacSw~8mIN?+Twao$PJi^do`2`^C~6KA4^gfFTlHohTw*nZ!972y8` zkRas(cvs_-j9=!}mU`s&D^fFVdE#FmV({_}-^0eXj1hZM&KD?;2@C-Nc(2b?g7rMLouRM112Ps`D6JXg<; zXYv{pOZCY9x@5@}g5^Buu!a{15rjR`6dUn+NuUn#AP}X{@!@0O-nztEQ|y840t5Q? z)pFX5oWW&3q*c)mB-UKX5H{#uyo#Tl3 z8Ns=EV#nhYH(O6yR+~5ijh9KrY0?ycPm^{A(s_OJE92b~$@V-xZVkbW>SZ#*J|L&$)@#{0a+Qe^I<4{Z@McHy6McQS|CrG4JIZhCj3CayX zG{vsJE7TrS^DZqW{aO|esbEq@CNNCLd^5s!gl;f;ODpSH3b$V)UkLb%IHGvIO_p9R zx_=*Ce-~dgBhT%!RMwOu;}x`kEm#gRv<%<_IgZu7xQQK5;N{%eoLwm8vkH!+=IZAr zv^4%2tO)^_jb!b2z=8u3v2T<5VbC~#bxC~3q zyj8vWef#@W!qn)YQ0bI;__muv4Fqrnom69LZD=eVE;>uzrlxAfhNWLZEto4yb&_O9 zGn8|T(c~E-E(99I2`&Ns#e$E7q9*TDC#+jqgv zie>ym8>%jVrd>5NjJ!5MHABp`Un;2(!BhSNF$EKRGHcwM&ac-F7N^;|MV+2tgp?wZ zy%eIh9R@i1gbV7a|4Z1Kf-v{i4`^h-8?$g$f7|4Qc#v=t#Hy+$lrBmj=ERo#S20!V z)&L8EcYcQbPe&#@b15`K&;(HhaF_}6m)Nn=L5vDSkX#Pze1VCTR%75pecAJ+`EA*31vCA8Gab)! z*!{GnnxUOtzVz1BFH5GDiq8Kg$0y+J*L$G)$VCn=3>wQjv!D`i zY~9#&P8aH-?R*^{=*`QGZ4e9SPQuZD=ZW}Rr}+5a$CUS-Bqco(#2;p_l)rD3#tv6j zS2D1IP8q7^L`I@@O~Omy=vK3FoLM=KQ|`!U3%i;$>M)|`2;6d^r6^?dFOl}uFx?2^ zv+d`{j#fE?9M&@#3d!v{3vDaa2$PEE%PNrve2Hs@qeOJ~BN+bilitijFIfz$?PU}N z5hIXXfjh|Z+F-J#t4@@}KVX&=n1NprDZ-%Nrfa92J(9>Lg(GwgoIRR~Tw@yva)NLl zO0J&r{Y`+*RpV!qdrkI$v7#2X`n7J~Fb6HEr>{Z&z!S^u;Ze8s%8l2g1mTmN*YVqZ z4Pacx3`p~iGZ4e0B0_YhwT50NU7%ZwD=@!K8Qd{j_^4N5fK~D@rJER=!l#^ID>JBQ zAWZ)*rOvp&UXbYfYIsnp?fDlMD0a{z$LAv8v-qs&q3NQpzmz5@81=f)DoH-!(|65==O8hqk%(Diq5&Cgl-j}8tg9#pG~3*&MR}I)K1z2`{yEYb8l|% z;31aONv}M~L4IYui!u|lBCi1S!lz#2&;U8t8=kOVF5Q6nMsQ8g)kLkt3~%f& zCH0E)-F6P`ZOC&szx%g#69|J|28}J+=kJDdUlF``nB!g^#|n+pl7Zzg#}q+A7@ ztjo8TR%=!KF*Jp`}%Txn7JiIL7VzqsVD!;&FaBLYQ>|{t0Kx6-e$uuSG zE-UqrNo}2OYnIj5pTR~#c>X%K0Sht1>wzs0^k0z45@XJ} z2{@Sy8|kJY?e~z}i#b8$h#p1mYh8)NE1Fy4+k$zppETZrJVEZ>^|KEur70K#YvcOdAf!rJhtqGjYv5WNah+~04oR412&`A`ajsPXqo-uzP`aXi~i~$m<>QG^=&ou^8!7W zk^J$YAT*7xqvM zujV%tfwvIZfoK1o=$T_CkJpJNSS$uccpQDin$=p(rS)gXi3(fcU>?!54uy#a`gH4; zmjU;I!=hcKk*a@PTbB#pn`}iM^1|wi7LRDABui$F(lBF}8>KZ^xjQ+*W;qQx65PN1 zlYPU!b$XrpNO&*!!bUw8`MKg65ogog7-1JlfI7!-^V>Zh)gsj>uKHgfN)B9foZCjr z^0%ZIhdn+da59$Q34$LB>vM7B$YVe*#e~ncZDFn0zyqAtGloIX!zKyS7t8h8yVZ&S zrw@-+ST#~7qF@af7REmi8ah5mR5~CqEY=J6$p7VBC4w zA#J%;o?wtZb>Tl%>9*F6b%>4eHM9m+#M0rv(ep<+TgGBm$VGj<@p&>^n>$7cc;hI0 zmEP;tqh`d(8IM)S#byHV*&9U-)a3P1Os`Y20IlbqeV9N}UC*2@}Z{bsx}pr^ch z`T0L!z(!s}3{43g!JMq+bG9to9F(?PZ8`;WXM^5QJD=c3%B_AJUFt z4D5USJ_c^6#Ma8%#?4mDn}H4?2+l`GeAmr7JqO9(50WpshkNgv^Rv(m6sT8rMsQ|$ z@W+v211-d)RY}KAnDvX}`jeuvB*2$=GUiBCm#it4&Jp)tdah243&W^^B7A;9_)?aX z(sv>vxEZ^UJfJG6+*#{FAhxluStwp{Lm)psSC`85;%W{0tp}Ym2GLMJE#fBzNVbbT# zt=Uj@0#Giali%j?10s%gS`qf|;~^EK@!p{Eleu=tYZvo@-+D{1ec4Yw%N!6w{1zV0 zmiqbLOx4_m=5@Yv#tbBN+Zf_{eQk^4q!Td`xN>rmOg zBSfp!PrOW`+4CGK#5Rd=NuLPk980^tg7#EG*gI7J7Bk#os7ChACzU{`>+TsAV?U~t zc0nuf>n(04!x3r!oF$=QM{r0!CTxLELH#De1GY8(8(6TI0JuT|%_zkMeiNngQ3TZE zr~<&KfNY`K+sj~fm^&e4P%b7&n$|L&600)MmCh!Tk$u8F{E*`>)u&+Lp$ug?CTLXI zuDK<0ooZoQaC`&qP*7yFQS~fz7EsBE z2qH4{G&A`|7OR$ZhH1{X)?^AkgVmZTF75B%?ms}R9B6<15ux4|aX|K#WsWv#<8=L@ zO7z92Wqn@$#}fc}6^i0H=ssRF8=nZ+ittf^lML=t_|vAbD-Ayhj=YsjM!O|m=W-0}s9veYwK z)ySubu>gh0VB>NNJC*BZaqXrFXGv~USf@hGBeQ@%@e-$qmXOh%$XjaGR zrT?pu7PScILg{NQohbKBF_T>RtNP<1sV3hbzKLOGzJts3J!hzCp#C}L;BANqJ_@bZ z?y{Tbz=0Ly-7A)#^D;1G5sry!$ATVzr_B!(iE6&Dn=If~LD~W;SFB`T@LOMJd z7W@)Ud2V%ha||PQ{8oHfz^o>ar=twheX&~Xn^XNLGd&(34xTX(~>BsBEYB7`i4{=0tE21+yw0GKU4o z)-A=j%LjWy(WT!P;wCG)3u1>&qw=3^m5B_e%p2PoA|GBZOmNKW*#vh6Y$MkwjAM-6 zn7Ol~vjU#p0#HuhI|S#npI+Bb6n{-0kOV68n+W5O53DB-iQ}V!upRE3dBv#DN*@<& z-0txx!Aju`I=5YObh(#3VIOgJ^EBMvCSQwU{Boju8Z5*+Btym3&EjECVIZvi|b1BhmTTmbhM)CA3oyR2^G^J3DkE@u=IJ+vO z@)oF6?jf1S2M;6|h;y(3@4#92ghP%Oe+T*AKuCLoH@JX^-7XvYrP0Zec50F|l;Kjq zJ*eBctX0m=WuT8^DAl48+qbOc0l@GDA8gEP@>v^G;61=$E;a%F+llXP^k3-tMBOW1 zg-T39Snm>HA$h1?T-YN-Gl%e?Vud6c#PDbOA&<*-_A5_m5 zK&I6hxVyk%@|fLXWJ47RWj9s8O{&#sYFj}WWPHAvO+-%{UyB*_y<6Pwa5jD1nR!db znJzlu3FNgXRLPdkz>sb|m1((8cyj{+K24IP+t5Y`%8=aFj1{XGjLzQD-zaa)fQBzC zo)z34rFJ%qY1 zYSUst50=qwl6)-_Wc3 zh-t=w9Sc93BmJC92+ssw1I%GS(PT}yC|K3j++`LA>q%eESszOAI*czm%6me;o`8E* z2t*kPrp^WmaR@5TYzPXiD=!-sX-r@jUDuMNmrFN!1LhUCHTxhO)Z9+X+P>Z|W-UtZ zq5R%yGvKemZOs(r0xFg2jR!UJjj^Psq9_eWNdmcCUuME7(OEts$Xp!qx`sWF`(Nl$Y zgJ)cn@C4AjcgR9)hVst5GD&zVCAjv6T*TzG>?8XaV0Igrcbp`DH+FSXBpp1FS049} z2{!$OX9V9ZST~SbXbW^>GS$mA_~7d~r+W*vRoDG@;TdGjL8D@wo;ivwtvfBZUshJ0 zk78<_YkfcnlSVI8jNasIB?HGBLcM1tsXv=CvR<*_JHtO>(3jdQiz)c#!K0hei8nw$${q_-hFI`s%#P4x_xUmGq66E=b1%1SD&3topO6gZ%^`Ar}{?pNKNZ z=I0G;0b&9K>gH_sKM6Y|pkF>{;?%=>zi38Gg=bCcGOescr0jmQAc64ye|<wT zlcBMTfw8@b>3;)*+1cBf{x|YZ3v4@k17`*~QZMzm~uzCO}9Es)`28j0QsTq6R|33hH83K(dy0ra#@`|Ahbd!2Ntc{+GzF zyWNFGhDL+N0RmE#0R=<*$%6tKgCS8#C?r>c{F$2va3CPupIl>8Cl^aIO9oRTOFM@D zn=o*2p*J!$w6#@LvfmIz+Ir-^%}$bG-51EGfQ=U+O5E*wtKdo_ftG$_5Foss?8 zovmeUXJ^L%#Q4yzUE!@Pg);#p2mzF?f`>z<4`}E&;cYBT*OoGAXvGulx(yHQzEqs3 z6I1+a{hX2H0j$Ctw(;bh8CQC#Eu0j{$9B=;JyZ8|!pHWHZ=y(kXP#&~D#@c1@1As%_zy7SXd)ysWJgXz7Akv#m#SlzzG=kXeDmfr>YxuvSMTNf;+-ZB*7fWlxA{ym1DdB#{-g{YL-OmU zChxnzNVoH4b)S17Z@tsHz=-^b&8skE4MR>8*zXXH@%Jx^YaWP_bEY&)`aj_+w3ZsK zrHK2&&^TrEmQh%lBk-y<>Iw2&mhqR=%!3FOqofn?cO*nI@XW==sOTyp5C$cofqhJ3 zZyIXBN>O^N(oaRc`nap}*`{A9!_I;DWpkx7wFhtJD0@$x z!8yQxL9#DWaS|$)5Gk84W<<{_GC1-J?ku3)OilptW0LN$BkWG7V1`nV6PM_JLVcyM zx4El_aq&jFCXJrTU<>rQ_8FDi3zJ5jACu2>BX$HD%InahDS;!q=n@VpKGIsx68L@! z(Lmv#Ws`g$v!>I~qmv_XP%NM#FpmgHPlQmhMmmBMaq%TMP9;OzSO55R!;sBEa)D-O zQ_DJW16`5M#d=&k>Qg=`c5&_Of@A^Mq!reQ$@u!{=?k7zjnB`vn9mtsaF#o2FuclUD?-U*M?mgTbxXw0fShHeR zSdBWO>v-K;*EDcQWYEPwF8UoT^;pg zO1q8Ft~P0R3+PFIUAp)(I;?LGHmD|*BDM0_ft{&70BIy>2dc}|A2vj5dJeDX8+fAn9&kWMfMadb_L(39{EL0!`tL{_#u9Y zKywE-@(l6JTR5*Qr0qlR-wEf14`0o+VY7@S&YBu8s*ZNx|2+eSX_OR*s6PwMFCZYq z|2+f$SZ7MyG5;`qA-vbs}_Ww#491 z4XBh_H}uO?deM2lqIsC2b>;R^XR{CA%lesyn&YM!mKv_<*X-wGFW+PDnd6b`&dQrx zj*;K0o4O~{`qQ0+I&cuq@EE3b;gk`g@^DcU7z4u+KfASEUT-)aTK-TX^uAd0doDv> zata}8UM41fa^k<317=coMtA+`l_pGXxH}ER8A?pFX8*9VqQX9Fb(o2z(Lf3Y+6?=N zI1@M4fNsM}!E!{s;nGG@q9YNHg_?qEX=I71d2=QPS-5U@E9L5ig|OoAAdUw&1`kGw zn`&jk|DmiVe0Y!#D%oi5s(v}aV;+phniw&{x($#+v%HrDl0l_{YbN@Wl9xygDHlnp z;)v-AqEqk{MW}$Of}o4^XF^X79_W^8;s{$p6(N_BqAY9dz#2=f#;`KM@ctlVfh4;Jl4v%CyMJ`artpGL z(WDb6!O#;)ao{QF;d(8hjd94Pye;>LEyD<%(GdU?CrC*;KopFma>PPqc?!7qB=8ae z#L(2pPdzAb(BP`H0i-ecF!~WHKUx(UVDsW|se%|tJCT@*gvkwLZ##b-wK+u!T7LXh z$UFyVWHh{F3R?EWdY(yOX3AA>i(O?SQ?CJ6xMELkFgeuawt>+$<{j@It4c3Y$rpI040s|7fk&} zo@hbZo`Mx}B_6;P%8X2`0}bT_l^mw1168F+sj!TJM2WPp5sw8dq@S29)gY`2(l5Mw zn5!z}fn6##0N(GDZ>i)oH3f&t#=DLbHk2JaFqYBxk4DE9jt9MZo);-#8VOrdg0?FV#Q(OF`&G9R%B zC}oj^H;v>7LRU1puSgi=MyySx6Hq!a94Hd2-m1{hf9ohsW|-SdJ4 zW*xO)a@s%$h}RKh7WsPX4&)7b+znd`kk;Wjvwjr;G>+&Gd5|~6)xrEOko1G-vr#Tc z(k?;1F5p+9m?u)^I|~1V47dZ3_MA@SBwj2y{ozHuIREf*{?Vfqdj4K1S@gRr8y0w1 zb*@%uI(k#}s#b9Q;>kVxviH^wcu~D(c!zebfOYPGJ6c9KTE;kXqnfOOpR8h=tU{lx zBAcuNpRD4VtiqnG`pJi$tYVt1LY}N5n!H3w*8xq}@u3wWU`yQ6AYmgGXBJH8hUyD$ zb%&w|y(6RKcp3i{(uuemN@>8HhDfvlbr|aWN)!C6aKnP0A|5FKnwl|(f{+A6MfEqc z0$~``q+-A+FEBWAdLc-|ACNzyzXM<&>q>-US%s!JPZ1iGBJv)+2@Wd4R%TiQ zBa68EJ#K7bGP&&Y9ouz==X+g+FncYc5sJL<(1Y%7&6BcZrndU;_z(AQd-roN1;(K# zz#07Y-rdH`#6oa;na`v6eM!;V`%FXjQhvzb?KR+$1XCC6zb228ibUzHg!-sL^IF zEnd@5=a%7f{C?f&L3PfX*RXG(Aoxb`AKk|b$$kHqsl29W+%#sD*bqx7Mf6Nyedc0) zUd0ovFB{3{&1kw3`@f>(SOI+6EWD1m!?otp`;3o_#jbxEIWpN8EH11q$K0%7r9Iw` zUQsg{)rcMT)VNq}{XS$>M@H3cY`PtJy)(2=HrJaO#|)cV3y2u2?iW`{2(>x}C}`#A zn3j0ByJ~6XKGbJNZB0a>jtu>yITeQ?u*MQl$3`KO34xPJ2wWuLL~PJnNpSV_yXFBb zaU%guzHXiI;!$Eo4r98hCxK%9SnKJ{loji|S=4-+0$;^%;x?5PkTfv$9trpqi!$Ua zT)G~1kpq(SY<28)%uJY%^{63XRMm>)$PrpdVXiz;YqFs$` zA_L+^t8EP6%!VASw7k~v2-FZCt8<7ORMb}5(^h(To*ug7^ZiTJaJ#NE6K1mZW--HL zGVNszRj)5wt@ls�kyy=2s)CNPV{7oF07wKXP&^Se7|5{l4sUY`YB(D1uht*{~4} zVmDyNPZ!l2d>5JSEDqa``T_}PvaaD0P52r7DlfIHy&21-De23gEFNms{V~yeE~`Z(rFL^k3B} zw?AFV*H43%$PVy)03$Xla!dxfQ99SQXlV6jXUFj-`(i5VMfzMAM^BS|vQE+#5k8sw zIm1bXZQfO3G(#da6svM@$vI1PfA@NzcwSu9|Zh*fUrM2v{`Za0j->tLOV?(8jz@9=1Dsa!W0bainhThy5J+-11E$qB@u0A?L zT(Tk}_pQTnM`g*|1U!wHmpqGJrnVp_(NST>3&F+?mEHY6Uwnn^Sfz5EH@U*9gEY)# zySit0&(~bqtK_akcNZo?v}~`{^(jm30Lt%V&wy>-f1xqsh?lgS0$n{hf1G@BU{eih zea!C?hICX!DBO#HASq(P+Hp{M_BDJOo<#H9v{pkM#j(gN0rl-?VKQ)m z0yT(ZQgqF9D|UA_9qR(TV+`6wbtM;g0+x4y-%&eB!0HRAh+7nvuwS##rQgl=uC4ny z&7XaduRYF*zj-!@Pm?R`-1I8e^qjAktm2HxWiV{Fky&p<@K)+vdNr243A55&UKc`b z5tNc)doIe4SJPM(qCXt;`P!~jZt|s5ztWu@>?utr-=5t*{@J4+TPS+Lf6N1{eMxh> zxa((*<>P!S<^7ZnMbL_AgBd_i@{AiIyqCySY3 zNSX8ZdA3LIT1#y0Ju(-+I9exeQE(;* z1~uNbo>#n`@qB4|#-4m7KJ$!RZ!5p{lO1wTv2yQIwiC@jp!&d1e*mUW+ERt_l>n~byB=|a@bFDIX($F}W#T1TOK2HWFw%W~IL78g!P@A}r|s>V*?dK}7^zVA39 z))I0`Hw(%yY98hN=Twx@x_uo>K8sX_GY}Ky{Tb$DR{#&3{1_8}soKB{%$s9u4@ar$ z=9#*c+Ux5%46L?V`5A*OB;OyMa@w||vD|YSYqhzKrA;2Sw?6tJitH^yAhU^DnuoJA zydqu(bQ7nkdVRA$qC5eZp73?@X=mWI+3qtVuSr6Ur~)TRLQZiMHYLv=cRqgxZmR4= zroZ4v&cIu8vT}#qw*o76I^O8$cAwpb`0#l?U-WflN|r#+9)q;36*%9Gs*|`gahZ)- ztKt~2h^66?Q@SUHl?;1jMF!rhBxdv{I@{|MYAJCj+>ihzHqWx{rHc&ba1DW*Tut(x zORLM$%ZW_NBkd!`Bd#nWn66m1S2KtV=WIC5tQVV&E9yuOi}mM-z|~vTvQOz}hs`81 zn~>s_7wrS@zSw69vg>rgK5S@~ESLxV-XYZWUTOHn-6Gz)Ip-KzBX;KR|5$;n>p@&<^U?0UGqzzpH|=193aFu7$vKM0JZ_qfS1V ztSmmY$Fxl1p1zw(D7mOHs^#i5c9Ukwp51TxuhDH0;Xksdo-3=E++U8KctdTT2F>_zy|VU)`!-9A zAn6Ul;o18)6YSJ=iX3cTpH7B+t`j%Pmp~!$v)}5A?qo&qjUAsvVY=~Oe0@Ld{_GB- zBc3`#Vjo>HVwajsJD~GoD=k za{6{VKkpn%ZIkUm%hKI3vu3+lglCa533*V-S#PAGgP&o*KXk{__L9e^Q+I#WtB^Sh=?4zZXj}pTfZc0=CVa z`U@}+wglvw^C@?88?Cc?$H|A>{Jhy$`TYf;8V zx;&ByqNW8g)N-v2J8$jt6F#WG@dX1Yg zF0M9%tB(bMAGUz0wl68O(*)CDAw`T`x)M%==lS*C%S*SRk#2tYS(VWe#GvCD8tS6obP=L? z@qX_9m1J5vE@!#mJ~BUyfrUISSB#ziu@E@R^`Dy_dGX0LwKQ4YHM6EXlv(C!$R+2n z!k#jzNN8l?w2w{}Im@xAWjU2IJ7yZsqp>-k03{Wi7NidGn1^vk zqfjXQ=73Bcs<5n=ihXU3%rnefB9otLWXPm{{`S14YipL+B(GDRx{zb!vU%vvL7%DT zlJ=YOo?D$DR^!Vk(z6M-qII_G(HhJ>C7@9Tv6>kyi7~hd2@U4Ghxh#mEi&YH6Gf6Y z@RlVOKEq?{KWKxT6DGUl5rwYq&TBc?cSKEKcI!0_r|mY77P#W|ARQ0ElzIp0Cl zLU!~9=>%KQNuJZ^NC9rp_PzVE)Uje&zidDezz}J1Kv@Z&wS|jZk4?7AM!J0^ zwR$5a@zO!IiOv+*8602@C2r>-J>DhYr(+$#xQ_5QGft_6gA#_6=Fp=iz2hw&96*(m zNt<(lmUE5`mms4-ZRv{M0~2Hy%P;$)djYk2f4xq&eSV~Di;Ql~`)JnrW>3Dlyy!@| z-?H4FMqQxeaHI*)(g z3{ChAhdUF}B^8V|jq?C&lo7fU{4PYHOEPa z1rVQk_AqaNgL;Tr0xX+o59DYFbAeo$Q!3l!leIDgDc`Y=GZ;}|(`zjXTJ)tA<`w$s z|5*zk$b?C&RL%~vESChK8l6Kx}u3XsN8Bte=79>TPYRqqA zbi*KqS4MfbegpIGNu0-Bm1~W}P!_T~GtS?(OqwPbggINkPWC?$t59G*@TukdIwH-8 zvXU~TTO3K9_QUVqrX;)K#aCpDg*4en%WJBMGMyQU8GVGfBYQX#dpH9+-psq^M{_!E zQ3|s{ed=I5U{Nq>j5#(m5HxBPx`Hga{VgD5ZQ*+;vaY6eNPkygQBm(hfUZg=TaZmV zsZVM3V{aVRPLnL*59d&(uO$Fc;eN;}g81?DW1OiMWuy6q;oiaKm5niSzRoGPJvg#O6)*dtY0k6LRxSW>zP`-327TF>egIJ1sBx`$4P&1clc& zg15xb*nJ`uz*bIk{ZK8xe=7*H{oPdHSN;)_al}MGRT#6RGUj6FOH(=qH893u*(W}| z%W0Q$=U2SFUucYWJt>KjnKnQE%T0@HQ$9|22P{!#z_6<&kD;0X%uASl)?g7}C2wA~ zA%MkKTTUgOi^TtkqoaG8+>kc} zM>kCC;*z>zn#ynCMP*lV_x7e+LJ4< zp>6+Sj>+7Um?eDSndfzEytII{aQrPaCqz6!cM++K+D6$G`{_Vp6y?cw%}a0Y&q!(t zaAbFkfMTKAcGwAuIoty6 zw#U3M>x>d|=bH7o`<;Lt&nPBN1wfla?INj|b(J+L_k#kTgg*RjWg`FJJRt=*3YLO1PIIYy5kzHHXxGC(vZNs zkZhykBC_!uDb+qs2izsxoc?1P&sh6|?eNAp-5m@3XMrj4aPkP645m%69|c%VbF%_u z6YoUO4dXLX5KF%F;{ z*FLdr7dmsf^-Qw0x_^&ok?zQ8?gYMhn|1EvBQs_TN`N~eGEnTpUb;G#Jf3@&x^1;+n;`$!q1Kyo#;2)ac~=S znQLCByzujyw(1DL+vt!^8ldwmD8N|3JI{eSVOt?qSM~mU4W^0rR3ZT-b;fDl}3L=9O;YEy5p} z$x4ch3-_MzHd6Ym&MvE_YkQ#GtjWYG`3*Ui47;v7Vr7(3)Q>~yXXze3-E;5WXL8Sg z=y3`iI|6t2IUa)bp(}@T6bwc}8-nOM#4yiJR4rNdElH|SD*vGlgK-lPNcL0PD$18@ zi{LfHvvc6>0)NRM&I{Py&78mRs|{_+Xt6_CBHD*bW>f3Sgzv<9^K-nW?P~?$+V0fG zxBJ!ei7?ecq&WcZ4RM3JWR`QxYHm0hTpw0%F++5GKJ0h8kQXxk(l_jTpM|z+XDOZ_(?M%P)08@E` z`W()JVgQu8g^X~r@I*QI}fcXjfQf%2N582~D&hP|^npEdWCzp>^$=*sA?FM9p(-O4Zn4uY z6am%K`lSl@66jH>EBk?A%CsxzTaS#%`f1jes}c@w@EXaKgp7Bi_{_z1s@A8+HX?8- z-$L9m9{Dm2{2?P!D)MlRS^fp|G0<({rga0;qx@Mug8g|ANDQ3;$}gVTw9@2eDg*Y3 z4g~c5U7hZ#taRB@i%bM1;Bg&<_KPGbC!G<*N28B77O|Xb<$mL7vm^wxwp)Gjq z;EzNcLzX_mQA>K2)zFq0z&gLBh`y#AYRk0u<&wf10#g&|@2^m2W2*`7_s&@HL!`H>n~>rL=So+@^s%{yYN0>SAq@X%rytQ{xO-=b})s^zDBUC z%)U;rQdWPv%FTt$zVBA;GYo;ebP)ZdK2`CDlGNQ^_afkpusgemyC5Tm0)E1Of2l+v zqmb4)2~F=o_iU(oHuequTBQ2m=!yOc>7N;p^ijlDuQFxU7x-2Rpc6x_{0s9}F!W_I z|HY_@VNWml@$FG%&W{f#Dq(&0(?Kq2D*zx9w*j_7E@~Z;>-VNV|N93Px(p8Ld4yuX z0t0N-#vPjgLe7iOkb<|2= zi~L*bcP|w5#^UKl*b|!#nJ5&VzXE6>N~xTBpY3ZI{`c) z#BYpZ6Ee`TUzg}Ww#{tMerjk|;E3DnqLBRj1aZWP_84t`*1rN+YZ&|XfzVLY>Gl1; zM|eiI!(@Kyj#&jcS^@e1zAHBQ3;bJbdmK+U@`dTWgam|oar8!*Lb>u z+b@1<#(o2f1fQi)Vm_t&`xf-CRVu*6 zXqC;yv1A|`k&%cR+P>RUqBd91seM`>l^4Iceut0wCcGLHnBLys(_JOdlxk8u=cH@9 z65B61B|rS3U9wP-)mRERunk_yHQRhx=Zv{srss7WyO=JWj$pP>%VQ?qSkI%mfpv1F4?3Z+I7x1dBz-rSPJVQ>&waVzsd1CcB3qS zC`hUZe4o+tp{#cHg6w=!6w_aH-4Q+t5rnGuI>REI93ytKStOtnuJU@NN=^Jb z?6>%OS}!hkVu%?dCU)cK-A)>-9y}u?5}M!+Xa^9*7>OZo)Jj6>3W0e=a>2v)%*?+O zSupGV%&#~&Uv-RNL_wG$e2D%B7AF=b<|a1RUx8_TrlTR)-j9>JJu7oQnMCWN*AukWb6EfMe5gquzZHDHkIv{FB1L*1 zX3R_@NVoL1i(HQB=`ul+lAK@xWQQj!8xTR&e{_$plbb76$?kI=L80JUkDTlRz&$6z zBc&WQOT!{16=ga2j+(OiRBi20{2mjKq3@#pmu44mx6sEkeS_ zjn}Ae*~Dw9CihoBao>Vgh#UMzie=h#@+!rHV9zA9Ke`Di#)e-qP0GoJlDlF5gcXqI zSv2^wAMmyzP|L!V$j`xETAmA<6y%oq%YA}x4AFjtqCWS;8=W>amP-zsiNMW0VIj(V zPhF1gMlozaf!wSV8MJ~l0ib=_@b_-~iT{BvYL1EF}hy9_DUPDRmQ= z!?B5Avv*S`03{)=Ie;LM=lJnd3%W?n97n1$%RC6urTpN)86LL1i}R*q6!S0whE42Z`s5e4dktnuP*hEu{hv_f5&vjuD(mjseIkHR*3QIVv+UV$0b)!Z)f+Px8!W3zw8_z+5 z1SRnKs3CsaKE(&M0NR6%-uCO$Nr+*{W$)rGT~o1K$s;&UttaQG)2Liyfc4}pI(w#Y zajO*tT2S?4+6n_z_8PExbBI|h{9EUNW4pRddYK3yFn!TL?XWn-tdAtc-8e5z>ae}N zQqqo}8Vj$cd0ST@jDbh1D~-A@kGZMDBZ*%d0Im{g>>dI`n#eec8(f81%Kld}l6JEnKIXiE^;V6w$+BJ-%= zkbnVBR}#9k%KL4?XH3@>E-kiPbMZ9@u!*ams3))k2WIDuYdZ-z?@4?=TtBKxmp8KW zW^%=Dhu{jx2T~cKdpH3M7L>irjpn|2SG#bV4_~VQaUfQqV=pIx6(%MuT>kJr&Y6N# z10AaSFS-vEy*#6M{oL?BNSs`e*@RNGDfu7Rxs#2p*eyL`sTCmdiiZ1?yDa>Rm@8XY5lE^&mHveqAI;2# z8?TZDvj<&h^_T;Qpsh3FdbrtWL@(hW&vXn&*vuX(*3Y^U7t+up~{3-9s28jA>xeIQFv*3ocor8BK;&N458 zKa+V)ta^e7vFclYaLb7p0tFQaZ&~;T6ts=nR%5m>xD67|AOa=Vp%D9a}P9> zUx$vyhK-3Nuy6^uTJJA{wy|rlMeH~mcO2wyaW2!T*Ir?O=Wnu7scp@Pk<<8%(+;=& z@yHE|ZAz8dC*L%~PQ;7cM!@~*OB^M9IPzPs6szwPrgZ6)7s+=yw-gB)WD-n{K^CyO zBjHM)3@ey3?i5sc5g@E$SK2H-u<=x<*~IN{@_w`zfWs2@y|yVq$iT5V!t1&7OfUo1 zHub)zU7SeJqui2CH*A=_(4NbS;+o^Fea|DWIrxkg3PVm2wZCe8 z&vT!rYoO8?Tn%b{muz=@yWh0?dCHJ+VK)hjUIMVMoe1B*vp>7pn9X!RJBh_P_*TIF zizAD^UJVUT!<>COMut>qRQAF8j$^4T9<_T_q|}Q~YtjnekQSbDC`Dq!9qI+yJDcGfKT-t7xOu@RfzbA22s%eG>mXLVRD&hIS}sOPP;L z4n>`@{wG=^+Xd?(ewJ|WRodrK7aL$jqZe<)hdjL{WS^7o6TsK`V*7fvc(=vanQr3P z-8SCUiPZcCLVgV!uVkrN+e^j%0OLe`BvP1op3vUP{rEXuuWH?mT(b5o60=v!^q8uP zfWjp>cV0Jq{8~5*dS8J0Y%=j^117;_9%{~;mI<1Iy2F4%rB2Q)E56fK_{zv9!6Yg$ z*_v>9kYo`@Y6<~m`>i_xMMPIU4r`h)3ELUdbA$foM!8m5+oEo2!F?tVM;y%fdy}m3 z;zi^tio_0Kz&O|zvT*2Nc_A1jSGMgZCmWL>^7V{+8?4O}9yLlOyjCg21BhY`wDK`4 z4!{G2*?SV&>6+p@m{Vo%bFpTk$Tfdl=E$_fDD@5|9=t}g#L`rE_L~>Erx70KoFkPj zP!lx=6c;RIup=AkCCp+sTI63kZEd~&2_8dE!+mYG|9yUBmxhb_lsE% zlJ1fE*FpBdZo4_UC+Tg%z}+MvTSpHxvMqBbl$*!KT!w9lE81~TXE0#w>!@4HD(=(}!k$TF-`08B}xU)8nj$UaQez+?c&bM9ZON$rx3#>0>CKOKN zGQBbeC6sG_vrrvc$2Gmb-y#W;+;0;|kPS=h?&}joqzgS`bor%`c*d<2rylC>M={=< zWgw1nNJ{>K<96`lrcO$s=-7Jjyj*o&EV`=Q{jR|dVTsH0bl#@-+=DQo{E+r=<(puM zC5-OKMz73LMlt)_7$$q}W%ndVJW%k@TJ7I`7XgNvTkNZeh~V?~bHguRsK)5$U{Uow z<_EsG_svK>dD&IBN9}p<+dKe#&)TEurO4e@1A3sE+%U7NnjUDguDNX72O75aW&KGM z@&LK^!tF2P5*EGFfR%wx%8DKJs8eqkfW>mLo_nqU#n*`Cpg9|&@e$|GP`Upze2U1q z!ST5$VnBTIwe<@;ZIhtb_|L{bIIIC0bAeBDgjf72FB z-&(x{8hqG(<)G@AJZ+wAp^fm{9TZKPY3w8Aq9SH^i?m=FO8Vy+9kP1LM>@n0rS~Li zUmG(wpHK*l3^#xoaBOC@St$4$5ufq+NN&rxBie^7)l;w37IQ6Pg^l1OYo~yyJR?aO zF2DImn&1S|2JxONBR{&Zavd)a<1Q5B%@BGlJ5gp7f=M zU*LVu#$)1mUEfhg*ol8XYoguWA$N%|athoKkCbLYl<2SF*VjH1=$g)cJPUcR_wrztiHR`5WWN-uHh|k>za7X>ZL@6o1~i$c;!I);mfHke$t|{h3%O z(eyqLg)R`6~|F!F&7n%*X`KYX?1 zlRCxsPJ3UPeV(5iuS{=wy+hET4k4`0YtKHI9{OWtCl_)5fo8c-6olr9MONptrc}t@ z8Dm(V6w&ZDBDS_uJgt%%3s9AA&IYMIvFZh>1|)X>aXC(2uBtS%QY~&3d;&houv7Rn z5T+WqyORmvp2pTViuf!@`ZQl>3{Drnfi;3S2EXCeMR$u;wzDqLqpT3*K}t48_;v; zX9w4it@DU;uS}i8CbX4!KSlX&*Ua!t3a6P@=!M!FX3BF<`f{2-{AYE{$MN3Se*2iv zG3;{wAcCvri-%8Yo!p1JK+UG@ld_-dK9^s(RENc-rO7{KeACt~i5DJXjyUmZ%*Ipz~#ka{6W_I!CY z$hmb(RTYHxA5wmaJbIA`7+#1 zWcdiY2vwn;G#&~9^g3~#nR3aMbT+C>06kjngN#s=p5HW02Cr#LwCpifoR(}hE|0$b ze5>Cr(Mo=qM^PG^IQNh-9=DwU+|>={u)K88{n39`x~6}lC*BZ!%~c2Qt;RgFOYvi_ z?volN=gVvULiv}KDz26%JIk+SJ&?R;mdgG6T3wjdXq?D|{J<8y>QYIC#6_mCabt>7 z&2`k3V*&WCT$-Dz_BW1u$^(8+E6H2;v?bnu7H3v73`mFJh;rNW1(WF~e&yvTe|&ce zy?L!mx4~+~e2{vrs_Z%~ADez5X8Y>C4pnvmYcAmmMw;+ib3 z2!fd$njZ)AV?v!+k8Z-}nxj_Lf1)~EDSx+Crn z<-aY0tE|~mGAlIGZ3aKH%(p$F)b$5grvNE8XEozcb#)pxFSs58@V4BRr|x$ zoKFp0*ot(mE}B)`vUQ7s`YW$*myvs#ppo$03$U}=Z7>JMXsZ~p57GVNj#@UMjpDVAsgrBd(_UoC0Vx~J1{fd0P24^p7Y5a%7GUmpo22DV5g*k0)c&o)BFYGf!_=+U$%e>k@t5oz44`wEWAteDPlepaI+|LBLK0lH`` zU0Dy^>1;JJ6SMR&-Lb{rLM~d$y%2l!d&C8b+zBtPf>Y7pGERUa@Y5;kEm;oEy>@5f zmGLG-V>Y14`qDF)<{oxCX9LpRLP5z5a!ibRDgC((2jBk;wEThg$7IjTP>~TIhzz6P%SP}kC|r)BHrviRvYqy0bXcOoo^ z-+Z4y&|#nW|2ssL5y-3!`-5Mmf&c*#{U=1_WUl96Vqk1wXl?TUV9fvT@gjzpHEzOylJRJ&6>y2 z0%zS5ppq22f7KgZoTB|IN{nt5{fgK&($D2jmkDF42S&b6^ZNuz8;E}~88Da#AOGla zw|q)A446|40Tp$!VsVgPHu!tO72QyUL5Tb1sHzr!YAOz#m1muG36?FSs>evoiR4ix zEyNyPlkjXF18+_&Qy430CV|XOeqO;=)Z1qD#}6``m94^|0FazRm2yYaQ`eQTL^DYN7rlK#oJq!*=5~#XQ315@@XHV(PxblI_&@LRzr6l`sD4Lt6Km`Lrq#ODtgJVdQOQI&=bNj8 zh)A_ulEPvRxsRty%u1shOFCUDEH$#05-$m{GsZn;S&bwX#mDU%Y8xGPW&tE94bBQvr{W)eg+q|Ql);?@%A ztms6xm@6z_lN5-pGAf`%RM?i;-$u3D<8(yaCamBNVd+cCi}$hUU@DhPgr>*b+x3;_ zG!ZH-Xh%&BK~yF~s<6|O=pZV*)MhgnWKv+hDiQ>W`$V3N7qcoTOMkkI6N>mryU9vV zL#}e-mNxrG*Me69h18RbV6tFl8t?L=zjIs(JHK z;t8$Xi-DGECo0zzV@P-_Y%vp~iw<%)%S=ro?!xMNa8$my5nK>3BlW4?0=K|BRka=1Mq@ff5IM~bOazcC`iGSWuG zDFyY4XQ?io|fOXWt*OSLpkVCO91**SZq2s45r%;=KUf z&M(+wNB1jPu7D?t*l)zF2bwL2wsovY`bV66vLxxCI*&Hzrs$Fp2+-(0 zY^OWcbUeHpg5PYd?yaJx$K5i0vKaX^_7Z)~GW-;6L%@?&D3G?K@=_X=qnaN-xe1JS z0z|$TVTOfhfl>qvLHeQV6w&oALb4cpFQ7Vlec*r4&aI*%=CK$^m}DVOiGQ-ac;Fch zh)q@ubM=hhKjIW!gW|--Zwzl}3P1P2+)vajDA)Sn<_h`VuOC0?;Jd!Dg~n#)D(Xn8crUsi zCWH?|jY3L|(wxM?mE;`QP_`SX>CTdRfA=~zI~TrmOEsQhW3p8_P6NJ7WkkMd`zVeC zxl!+*BOlDy6rU4U4IxJDAn2NiteK4LFkTL?7LTm?hg_M~OiM#{@WGl~3jCdF{lF&J zdr9(1j-gUi2}9Xjc+VxCSJXg?j4%e6rF;i8^V+SwerWPuw?Vj46$I;Ox7R$+LE z&^r+aZ*W+6FqB`z>n9oPU z0>YnWTJkaky4>qGd!n{$3!j_v!3F$jGNk^(#?aS+@P%+3UBI90K{y-7)YQ$jMz>S3 zIcl>HK65vL1lw4KRCKwO9@ZCweN`R9r{%ptz@Fnjfc~!NX&)ON2dlR?IQ8|{+gIbC z<(`N6BDXL6QZrkcN1gz!t4|eAfsbwf*6k~#@|6>9mYvtr{odM6wDnl|nJKB2avv6^ zrg`G-ko@>&&O~C%VI7T#^hKCu8UI4v9FL<~UwE9$&!IJ(_X#t6@6(stz)m zv#?%Iq?nlq&9uDD=jLmhYuoE4`DSyVGGsPZDHhblB3Y)=K*402d9{Q#xtHa#h_nGpGy{X6BkY}HL z-`jJs-gvsM;b#)xue-h+0D_WQEu|i>u+BwSo$IXE$-ZaejOk16mqeyimwo4F=MXh5 z!b}%~Q~S$XH+n8N!|U{sex z&L_*Y>r2_dqs3kV=o5fou|!U`}%0uU$V@b`bSG0j}kCS#ZmCfTiBj(w+d8czVZIXq_H zJ3FqGoM!|lG+B~6Z&%NsJ1alk#THCP zrq_ks$$6|#?uG=v^p)r~07>^Q20_tlp1Aa|R_%f{6>5@CZiLx0s806c?}?&0ftM zdN`Q&bXq})BQ94toFq%E)W&^@9 zY1xz{Dcb#GtO#ps44o)R`tgcu5{WZsNYWLH z4k{xw{ZG{9KmAM4YZ{V{wng$ZT!>@bW@dDU;_d3xI>3|`js&D8bSWgXX@M%vR7+7h z_Gps^RZ5SBggR5Bhv1?2&EsWqWq_&VW5Ri(c94DgUO*J;GuI;lZQA=eIjOqK@2+D_ ze?d9?vY_9LIrdb^v+9UXC=*qTnw6%J2Vheiag~}YwpDr(gA0-5k9H%7f3!GY`V zY1AaRj7S%ytM`+BN@?ATHCeJTng(O~JKwSR;meWT`h2RxW31oV5w`)T1D$Ebs&&?~*b2RgTHi!=j+b7LC@_nhNMjyqUmD{Zd&t6oC zODiFyWML@WlC8jf#pL}_QK44idGv_yA6A3W9LDAR=?2b>7hIB+{1?5;nv&$feTbSs z9A=6Z)lG^_Ht7<}o1R8uLs@!z_PRr;Ssqrtv`s?tS(I9+3%{gbB&$>A}WpHs}PL}--?_5vZ?dXY^dC!xwwTp)eM~|7Q4_a!y zmQAizI=J~F?`o%+TM$B;{$kc~W>4gyF9>149|cko6-0BWc;=iKaxyIfs-vtKctV|X zR%o0U2`c-mn3S=hh`xqyDW>#&uS%h4tkf=lTM{yz8^cMOVfs^}cL^Ecv(Q8R1xDv_9g5v^i#<_vALvZ<2MK6ZwWL4g5E+KP%dYn16`fX+ z1Q?1t$OVV}W(zAk>5O5iNS{G~w$Urd9$0_G93h6qV@j6NcGn7UEcTL1Q-gCaNea+$ zN93OGi)76RQE2{F-6IBZ@KS$*6GD-5%RM?lGa5*ikL2%y?EOKd-r#l@K?x_O!H+{E+*<@*M7IiF9{ah`KuV54X}8}5 zSxn%j*&YAz(a1u-VBmGaXHWaUp65+f+RaHwV|MOp?? zP1`1|BTm^!QPEfvB=%Wol?)J5MFe^^C?=T`0!~$-o%(2iwm`lEmem#2Gw2Kd2@dbm zKWfqr>piQ8HjBf8taMbtfk*)@E<-wHPt^SSL<4H}#V-5Y;D^y^`3)ik+*F2m>XAwd z@~H~6HGA4`n5u*D#(1-{I*RYO2A8)3{*~EN?RMLWx&vsyCX54$OWw7YvdcZZMVa3% zJii3Rwp*+pG&!a4=5X3%97|Q#w`D1!nqL6sVT;GhFGu_ZkkWBsTD1!e(IS7HPclX) zDh^MYv1MuahH5bqUVD8KpG8zO5Fl^LJj$sB6k-g31Db)X%fR-T(W?D3ib9p3bVA%3GD# zui2cofa;aYxZbNkOOf>z{?VOQvsi%E!dxC?c0)4v4X(ZeO$m*f;F%*)#g+H&A?N&! zD%{Is>~#+>7f#`)cHk{SF$|l5sGxFcC7ntt0NFdC1TEEkyHr=Agge`*AH7yMT!qJy zP85sOwJ@)CP+L*kuctJStL)^Tx1A5`sw)Orxp8)lOQ+Q?qOyvWTHPULV5O7t&srGJ zaXgXNUd4o>k7yBeePxMZFrSH4JU4pP=efu(_RB^7dbyyYV38}isoHT3>+ql^?cZ{% zVMRtpkPghuj&AK;Cn3s_>lyg<^1+8}@Rr8)o=YuW=f$o~~RZE~RK& zcV&V6`Ksr9n`|(e;J_<$yZ;?^nQyE$6Y}c=m~&Q}tZSis!34XGbAG{U5ZSAdleVOA z%PaC9D~#nAoOr(!lus<@)&jQBmYe5uSb5pMmbNO0f$%Uiner71t+LCh-Ha+&SP59)8dpuU!twD#1HiS4 zf@y2JV+NQUoUFDKFf&6fq9*8&&{(fUOlz+9WAk?L@&lM=f1dC2H$>BT)`50gaiND- ziICeWtciBlsqC5ec|mA!k^u^-HldlgX==hMu#PF9sdnY~+ z{I)lVcx)o2SSTM*QBNZox8-#sI;{NWdE9eUpu+~xE+fI=`(3fpVh)`z^i}vFkD5S6 z%l-NTkv@DnL8i}(eiA{CWHT+<16`we#UZnbEqHs(Li5m4sZq= zq6{Sa3ilmXa^T3v(4#?A$V+;!tpZBxK@$XGjMzLRQSz5C4>W`~cFSyLEfGdQ@~>cZ z=JWzzAWb~~l(edE938l5$L%3X$=3dRGMP5FT*~X9J#%)thpjkw6gG;6bEi5bmc9lp zn=}JsS@^b0gK50f%Mgy({;Y0fFNDc8A??m7)t~&>ZP(~$E2;E1z#SH`gEF+SD5x`? zChY^S3sr?DBnf427`ZF2^fm3@a1ih5Pkd*Qt0S$nh6>p1kEM0)1YW2qcC~WO?)zk; zn|PzhUU7wwp=Z=qRb9ly{O$xOiYlr{N`~Gk_!C4cd3teO#)LHh!N`}-_Dv9f)}22GfQh2lMLL>N_8GXX&ZCa7ph_uouqTmf;-CBLOR3K_ zT}TfI$RmwEH)nr_0$>r_!PlSLA4Ga;5Rh{?v;5~?=i|5KOWaQOCuv<&9Y!ZuS?H*N z1m+{cEtQ(s3 z(zlVSk1`M&*q)t|x&u0Del57-M@1{3QvNw?rCOrjwH{NOLwc;_uhe8L9TqPW6ttan z+G4fN9*R3VM#HA35?Gy3UlGNr;azA&aBZN-#owUa-sW$A58AvWBK3w#!eg@TboB`3 z0@=TQN2?j&1i!MRChOk;FCJbbey}9c#Q>+#i<7@dj6a7{euezo?t4b5%*Gk(zAZ=rLh}nujmUzkRh|iWstBnQ$&}QmX!s`K11+ z4JC__wj)glki>Rvh?a5Tv?20Id37##ur{-^gmCNnU{)7nuV!!!GzIb_AgDKf+7_bb zotQZdeZ>s!<}!2T;43^g3GNotYt9?YUVDTpCGQis41C0-LhzDptAd`$6)M}##TVLp z_&0*pGbDT0NRg4Iwr93Cr;)C{$v0E+c@osK$`v&O{Taq)F7cPIqhTNn(;E?MZZ&Sv zUOPYdi(7LqV8+$&<+QE9{T&1n;w&RvB5gOZO*gV^d1{8zdj6ZLyf@E)B;yY2lZ4%l z4IGvOKh`2Gwrx{?GdmHBS+8G7@hDQACwg9cZ%6vUhyaI3W#SbgqldkpFNihR8_4)< zDpdbA2A%OofAj|NSbg0F&;UIrEqd_^@D*0|Ko5=8gmaI!iyAOE)9dvgd&60yW>fLK z=V*|*$K@l!4P6Vm>B6r&F{|?RuhN_DtxTxjSr}cto|fLa2L9*xnuZlrPJj7M#|2HT zHynKe(WnPWId0YW1pPajM|LDq&7qhaC8RMn7>JB9*&4_hUg`bG>Mc7~H?0ZMcyIk4ZTuMMGbFj`6 zc)*559jUU^SlKd()OpjI8Eg83RICr#wpseNgW<{K-RE@rk;b(vc9$aNlR)EtZ2KV>z*%j3B;VZA!n)!V6v*o!OgMETiQF?u! zH@G6U#L9p5CYR26-Z)HI`pjX^q3aw6)TtWuI{w<7FkF1R`kwms zruVxT;|%@;9>C+`6XxvEp7<_nAxqq*bq|bibG5M35oJ}@hSPE3Bw6+Nj;T`k;{%n? z=W@q4=l6mPCyb@{Hsa*d=jes_#WZd2=L^!TSAFEG;vXJ)tM?Z}v>4&8ioCz>y!|%S z^f$`WitLve$YePx5c~A4BZh6}4B7B`|OzOSHGscuHH)ZaOZ%>-)%v*{t z&Y)7L*qG9x(mA_U17F;Jqqh&38|{s{p6OJbFthj>xrYnvzvoUKhCMWMiEtOmyzpZs zSk@QT>N|V)vmVvGx}j#>*XV1$C#XHMZ?@b8{m*b;8OCg{FPW6aa4%XPa{FuB{5x}b zu6Y7ayuP`Hy%TzTVJG<^FWl>OKAR``kMh5I7Jj$JgYSrW=kT~au?|{R_16mi^1Y2v zUpkZ1t%nCSy;q-^n*(1v;N@F;t&sDCo4NSP0JxX-A3u9(Xm-MNOfS8D|Ga>Ge>W$2 zD=Rr;jQokJgIN5H>aNhwd?cWc_$P+3?>ExWuUk`a_7Rul`u3?#xMOVc(tLiXG>1V3 zFk@2A31(WV*)U;xL}mqgW<_K{9`l|!(x=XxT=I*Z^PGE*-s_%c_n(!NYpy3|2&DODCzQ+L^ZqBr|1kDWL81g(yI|Y4ZQJH<+qP}nwvFA! zZriqP+t&2lGZQiAM$G*4T2Yk|^^lostxrK@5y{hp>p=uXJ~7G<;=qDJ%p5{k)d~n` zia8Pp^H_-^gY#A-2t?&GwY3VoQ3zsB)WK%vvJ_K$P4s;vDL&k6Expsej;=a_|VjtJV;zwyi@9mJ~DyBs^bYLROtL)P|I_gKu z8TvWceedsmdrquWna1d!tQ+yhF>Ajom|y>W!_K8l9e8Te!!R)8!au`TyOq(|!*K8D zEx&Edkh$mzjPASHsY8pg@Vm3AFMf(v?%W9mmDF~Ka0+9aJXYi)^OUf4PjuO8jr9@p zLD#OyrMGU=HI=@u{iC>C^s>7SG*DX>kx+%?XLT#~uwd(4@%H|gKEdBfzR$KXZ}f7# z{ZZoa&3yEAMOd`Mb=%}=KY0{+!Dvc7(X*Wjmfy@hk)TEENRj6tbRs zhuY7&UU^)w?$F|gkz|e8v1CYFPe*ZyRGZoLG#@?h^q>Sbf5_jyNH)dSRp}l?d^of?%Vs1ePx(9JVd=I z+3&B;84W*gklf6cxbw3nf6F;%Fhh=wE*>Mjo=%n6Gw)eW0 zjJni|K3P>hU!FmJR~Cfl`GXIZW>0Q@@%o>5rLM@j;B)K1WJ}z>xbCFi?{*fH`@KD@ zlQp<-e{dgkN60sf*T*pgn^m7)!^R^LV8sp`t}YdvWNO5>41XgCG!hu89BH$z;x0hF zzv`@07si*UK$)#W{p$SU{d$ems^<`uCeqf%FxXQxtCs#aDjSx2W{A}obJm9{NoiE4 z(l;kir~ff1^~9t;e5691fOJ~S788}t0yF&$G;EYTh28-xBy^U&~)?^3NkDXt2X_<_HEvV?D;qg%H3w4|*_fLSOhw~%TjlVv|dY|Sd5+g8Q?|JJi`A5cxa^9cl zDyQ|inv49+UOCzdQQ0-w*!9awRf_D=}QpD@whKoBMZzqN+AktagS;< z{7pT0NImf8fNeAO$b48wJ?P_>crz|<7w{A6q7D!Hj>9*s+8t`+mc?~f;<6vw9nr5} zw=B;U|A4JC?P^xFA&BtK4H>9z`8>4jMKX8s@(dkrKi_EX^M5LyF=|c=uUy~Fp6*xBPI%|xh)|7_;-RfNxRX@sQXEB z1_YHwqQ)&)iHAu^A!NWsXA@ic=#P*Z=OSK4xp^~_{w%qeVSxRgyUenHhnm=V_ss6K zq%&xE7T>X4Ce3;-tV}LrDvp#!wBOXT=5tieap`tTK0}yqjA_W9}|K#up z#ZesinAgaGb7?9Dtd}?aa7Kiu*CD?2@x0{|SRtUH;@0%k=r}yrQioCOp^KvSd&df2 zTV7wH# z#Q=FdccNUOrQ?a7jF{!|`}|t>99T)MHx9TIdDYkx2Jmst15RZ@4c6QsT*(i2xFvbj zxD$C`lPPz&Ci&&qlU@IL##~|CWS65-M{iQ~ld@%7Lp`2DDccD8(-`p~7KOxqMcuY@ zRf)Tq+u?rTTnyO>a~Qgk(mFko@Q9OwaisehgSr%boG~)>obqsTkI-EY^dSYv?Or5E z-5I7WA?Ci4JG#I|QfsaSrd$-9EoHC?Zc5%1gh!qR7D5bl)qD;>V3wJNVy#&PoV6tT z3u*q{u~8n$$umyp!!)1# zrE(hgBDhKdQ=kXfl!28-r4F;ZuVS%vERHnnGyN!svklQSNoJEk%#3YfaFdgV7~}ya z%xl9qb=szhjPTY>NhaAqsWWxM<@yVJ>}cM$hdaz@-DWhNL*^bKJV}(dKxXLCpvs1E z0q7tV>UBuWb4j84VK&N80UpgBiz(EB+Bb;xyH-GOi5CF@Q!+U& zF*yo~O<*w5m75$|7)vjYrZYuG8~LBa5gDCRFqK*uqnMkZm>b_(V!lqc4#x{N3~*8P zHprI@KwS}OhzB+Uh|bxA*aMv!;t0ZTl##cJ@md9#S8AtHMMX92mNh&IJwV=O*37wq z)nQ`!oB(E(&#_BY-z35mpHeGaPzUU08=XxkUSw6zsc}`+!dwh^?n1CD(#W6E(2WbV zaYRl85?Hiip57ZL-=9jFt6{jeievDJGpI6V&rPTQSs(lzT4#Y;p3&I96ICE(Irk7AJAAaf!V_K>wgv-LXV zm1;W=p;5LK7xF6vZ9+hYD94lf6RSB&By-Ph6-~kw+AgFP|Fb5{-vEgg(dupo-!D{{A^OF-uq$qWTL_#nabpTN{pK?+|+|o z_3tKmXLRclq*u)P04=cXlcf$c9C*eUid{Ce@7M+XS=5R_OefsaBuZi~Pk*4-@;EOE zuZeNOvIV+Dj%fnVx#)c_QA!!Qgpb!@8k15vV!=ai7rCf;L3A<1lVymfiqMI0huYOF zF);C+0U%#B0KRMt?Y)ZmN-zhi-jge?TZe#vfava(8WLou%q^6Z9CZl0pb@X`obxk^ z1iE(24$!qB_zjr_9v(^c?*p<^zMQeu-b7~wu)aXKdQe}P6C~%JKG(@Ubqew!4M|Ms z73mrO(jkjInpR_*W?{5*hLi!P`%W~Be;5=|$RG?{kcqi;y-A^``f~A)Fqpv>ru&Uj z`=6MJxuD!YxH7W}`@ix4<3&MJwh?SI=G%K{E!f%yNz+;8qbX--Pq;iJTVrlP0_&29 z5DL@3zyk9nuBK?69t$S+H2!{sw`trMmHm2*Y<_N3J>I3tpQychvh%9kN}+Ey_5lDr z(67|E(kcD?X4c=&%D!*U3U@Pr-;#+n|Cre(?ZP_HUeN*lnu5wzUaf|Y-Ae8!(3>KA zz+NjQ+LxzS8GC^7Bzt#YK3(8UbNl(-tiRuXmxw6c&x8JSA>o~w=3w~oc9#YIG2E?n zV}M5a4y}K)QhYlK>x}FHe7%tH49LlddjoYx1pY?bb>m7W3+ZvN{!aW|gI0EE2jWvU z(e@uR(6Jr_{lDHFs82fZg{oV6tgJk_qqLnsmCq>u9ntwIS5v}cJ(!!1-X4%wEu2ZD zkRBK7@6F#ejDB-Qp+0Fzx(26dhCgj?H9$UXdUvk%xlq4j>)+OX-^h|2+5!B$BH6Mq zTW9FuCIs-|mYbKton)c{rr>0jE=1ogf!9@Z@3ZbpE67En*}S5m_M@nTOk2x1O1F5s zWi`3{6U!qvuLIfnY#ZLS(O2bfXR|D!;Q1-xduACvX6MAZ2gSVrN|iQJO!w)q!-UXx zv@rg{2U-eFoZ{K8$nHO<&&2>nqg0L_B%^lTz~WwB!6&X#tKz_gg0pgw{0_t*n1O!~ zL-iw;;`g_r8|9-FEJ^crm4)FilWnOYd9pe=l{*-QqQhxuH7x=#-n~-31{X(TrIpP| z7MoL(8I|6G>`o!O#5CpM<(gX_`5bw(-s1NaQ^$#z)Y&W-!O{KdwdhoKHX-z%;i z?6VPFzOUDw(9q{A>LzR2b10^mDsz_xlOvG^j`| zyfcr=M)`Kz7MBnBjac98mptOF7q<^LZD&mHuQ~l)mCrQU4F(^){h1LXJQ}rAr6|=M-&LZc zKUX?>IC*!wN22qfBSm4=sPLDbmJZL6YFN$RPB}Nrzs$p&k)gO3e4j@Bjq?;Qx32Fv zt>*1S-@9!3#>;}Qk7M1nkIkW@VQK{@j|E39i9HwYe?Pv@BNzDiT<;)veHAOm9j?AP zX1>OEa&L{eu;0Wy;<+2R+b@GRJD=n3kG;`p;Beo!m$9W$#f=&-yJ=e6cI&)P-(Nq| zXz%=RBe~4jwRStI%DwJRyI(v^`w$rpj9g69m#CvhuelF zy70?Yiw@oNiswt?7}~WUT4jq9cX@}&o{;K6iu8((I3q=F!-hzFel4I5H=a3p`D~)X zV`AZ?*EU{f`49GK-{Mm}1l!$4TUD^wnVLdAvuS_ce`!GeKYa)gVQfgD>yhVBUZN&Q zu;f3j*h99S{0Zn#UWJG^$MGZRc;O&{g@+M;3_jCLFQviQkYtvh_5kOohJ*|)J&|PUfpL?Np5YM2vZogZul#k+D!rAO}o>gnv zt+)ByBupJ`+4w!;mLSE-z*2bi^XB8eINHZ;VWK@2L_2~5s(N4KMgMB z=>TcLanH&=`ZPjciMi$Tn$x#q+6cDf zYt7l1Q?G}1M-@_p?wcd8M}y5hoq{flWk#3gdn^09 zD~HpVb7cmY79z1=rxY?N2f+Q3_6mM(LI(`L{8!Em^N6XVCh`nMP-p3~DwF(&PJA zLbnHWiAwOLZQHzd@qA&X>2)to$2$;`1C0vaD`f(fP)?+4j3Pe|FOrfJi5gI2qn{w# zS%4(QNE!{LnMaqhZm~S_Zl+tJz+x&k*%P-R-5rbZB6}$ZC|GDal8;2^h7O#CjH0L@ z1$L0i56wWvdkF?M?m~3i=LksU2$z9JIGW{c61R+RRSPR@&gY&Mr8E<2U?K$t28#|S zU_{12vj-znP{HQ&9SR$>DP~6~j2XU*1WN{c1`Lae7w8d@rT&qY4DoFD`^qZAfyNlR zY44|kFKp%oAS5rr_V1toL?v-``J%$I=9()7Xtsu>;KHV=ekJXDT z?){f9GVQ|CuZCoI0=B3WHTgSnG7iT?B!2T3+0#6%3)BlxB0fy<_>%#2I35x1PpOu4 zX|}092i6N)1>lT`076450@#N3C-|x)pOPqE1yvTVV^oNLN|oCh0%94U&&0_aW>kU! zAvvEY1cPQ6KoTSs5vMH00R(5j*Q6Euu5z#9o*L=XF;j<*BH4?qz77abmBbJ#2>4%k zmI+1JK%_5eTDSpXr)uBZJuB^}WTs9=_|t$dwfZxVeK@2j4qKwq=+Qxd9IUDFs#RBm zT0)Y3oGB?z89F0uRwY0uQZHa@F2G9DZ4--D6maEGOs8~%3r8Io1md<)@_^V^zb+19 zJ^VQJZZGd{*JAA?U7cA!5XK0|&=qcr>XW}*tOF{E;P6sBALa^&HEMD-qIr#uwO`zT zYEU=iBP>RwT*C#9E2jCreE}A_78~cKqn^8e;hKAVVP~naT71nR>U`>$_FXG#_NG=g zD>n+kQjioh9C4VZI)`jSwP=YzgAGQ6XqR)Q=?0c!G*yQ z%~XxsbD#uwy0hy&c0Q@e;*i@Iwg8Fa8)CK}384}NAvBXST_b<&XfYv1u*sc20m?>( zGj?OLR(Fk}{On~YTX$CRPSl)6=_@y#8#K0eHJ zCo~YyiZ^df9!~cbfDvB4F$6MrxPgNpOSBUqVA4fTbZkE@#>gQwQ{;^KbLX8Lg%mMv^=g=te)?y zpq)vJm7k}Xv6($O`JT6p@%0ZqscWi_>4+AU3&w+@g9%w)mxvmlx5=rr`wzK?7Q>Yv z&+-+#catToliO!?x}o9zKuD(}o?c_OpS^T7JCQY54EU5Xgc()5m*!PjFY=$}WAo zdU&6EH@vM?N0-VB%ty;H|3*zqo=^^34P5x?4 zkJq5Q;?Ik$^{n;GOdXrMkQ8!L>C_6Q$>a~&0JAw|*@ZoyIVOm&kFU-ggIyp7eKoO zwLzx|&CIY!(?to(L%(>7&mR7XtX&%(!7YBKQo*y6+|#fH%RElkdm*Q{3(2}-e4ipq zi2#TYPoTpo_oty6AQa3@{pwbFk4$lrS=R<64_l`>&Yc1yN9FVnkOZ98tA?)EQ_ zULSb;&bJ-pZtQS2KHN@FoH+|G4k;!xTi=gya%%A2zNRY~ZYSG67`*MWc?He=!uamr zf$#gm*Edj(5B-~1H33mhQ`+DwV>XBFZ8n=^w!kep7bmWcdIxxW|28Su`_8ia);3{U z!Zt>D$9SiB2XMdrP%_@(|9dQ+$^{{n_?yzp@>||e{m)}@TRSHMr~k+in^N?oaYS)O z%-rB@!Qt939Y1aMcCGK^j?faI$o7H0kg-sJ7Fp)nX*!%n9KAZSws;9*;AOJ-lw#NTtzp=F(cdpltO%u|2u2%h3i&6Cg+ZAMnSqgZ1U4>dA#_M9})_UyR~ z*G&-!`y8iSXq8rg7V3#pi!fD!D@Gr18jAHps($L4l7VQDDN9O5W4BkmHuPsB z8i&*w{~eqRGgGgZj?X9|+LPpnGf3&zrdF&8lfsB(a_acwL9X2=uZW>bk$A7N#~NK} z5{e!**ojhOgfnt}Zs@|(8RGz}x`I+^HNcIrV(6k%-_CdFFg1Q&*C{CBn9dUFjY{^U z-lld&VyrhB6|66_kXp)lNGgp55<1d^=1Ha5IuuEgwt9LJOj1py7gPBvB1%2b!V_#{ z60^aBC$qa*4cbFS6-|L10=l0>sOOb!^!g#>@5Bxmx>Fmj4UvmRhVk8tHVE8IncX;q zOb0#;WS4Cn*q1G(35*>VGk{j`K`e+<%cO>Jq4n>i zj&;r*`)RBJUkmsM()#J~i|kzd)ZHZ+*@pHgcu8J%o#SX}k%Oy7q)p%>Sk17qkVni2 zC+7ig+@pfH6GaO$$1S+|Fl&ua9Dk?AKo7zF5TDyD;S|LRz;?I=8dnS8ub*ak&-2IW z@rmD-zE}3@-q~4zAa{&WE&3zQoVZ#1$w3eUbYWbRTND5KwnBcal&pB(C=pm$3+|Fz zlZMt(PPUciD}w{CxOlhRU~~p3a5*J;n4<1>b3$6COQ-d?a8l+<+g4eU#{!e$tNz@* zYW%;+G3C3qoO@m$?v;A4DU5GM{&2 zJAc_Tsf|V~ZM#&y`qt_3$Ds2fdC$G@V|nzo=a-kK%)t6QM}$_?TRq;EC$ZaKr&qQ= zPp9zL^&DzjVDh>+zcW6D3MSA^&DdtTZ+|0s(#-Jr7@dWC#zVH4yXs0mr}X?j?uSC> z_|@cUd>dZ3;x-?^t2r5h?Z7{Cq;{_t{`??|1;f^1lIcTRhk)+})#361!S{_A&|ij$ z?>TV5jOYxFmlCd)6jS)>OfdN{7hCohBUuyxlo-+(QKrbSoyQ*;3k_HD3)mv z4hK?@Ndb;{)~p&W8y*OPgdbTEYatZagu=)cQx8#|_sS$Aigf_YbMv;Jz2N%BQ1|${ z{n0h^;g!4d&{^yA@>VqRj7l!Dgpwg;@h_KYJd$!{ti9$u zuoUY!6qDZ}RjSP;xTT9tz;@U|ht>+a)w*gfUZ#xz{U}jG*h+4BejULEEs%Ax)H;1F znh@N|du6uWLMK%!Aah;7qIc-lbSbcc+RUW=uh~R$1v;}pI-?nniSV+8XmzcARfbH0 zXG%^1~ zID+ARSR8R$b&1R$(9%>6$Rvw;y?i?zC$PAc=+gj>W?rlQbK`7c%diyIr>}qZ({tjpqtKu7i_&ew;`(Dg1f*(!&OJ zKE+eZ;B{O8#k98bsuR#9b}&Fzts^Zu+S+$bKrTtaUjpd8(kOBEK(;W9sVh4GZ*d|Z zUdh3(B&!euB&)!O69jrQ3_y4ZR5fFJ0)xyr@gO*;kTL233pmF}FjFKv@fOOr;yr*W z7Mr$ml33(~9W8i#Kw~y;iG8w6hA7MqFewkhVz_m|cJXMQ-ZqmEhbbV|;QB(WQU(n) zpl+!S3Gq>=tz;9eyK!oYD8E0~1ip!6iid&NvDOBWc01ck;~z)`dSv4iEC$R2R&bTd z4xocjz>OQ!Eqe^0ZalO?hjfQTg9@x(HxyS)NHIpB4vV!ZZ8}Tp#1UJ;6$HP8S#|m- zJ~pf1=_h{)S68zril}exk&{P5s%!#lLq__z8ykXGLDE=5a;U0^jok6ZP6gSPEJ9<) z%u)dzI}t0mBfAHH!9u0DR?@mdE9cZKF2$-mVR|1vPzTb@n-uVD7#-p}FrZ67Icy*V`rGfs{{Qsm8*(cG#NS;I>^Xyj$KuU2f=E z!s&TAnwY~RI~~D-5wNEoGEP6w&rGH0OpJI9q5Kf!QY5^7W)!plCMZ-P+myPJ@9o`SfbrR|?OL|CQ^pS2p9DbI_HeeV_~H zMbUJ+`5GV@mpi!nY@dWLAh?}_Ap#G`v70?p&s5*or>YvQH{7+;l5La`h#4-iJFj|< z5`3H!Dd)mLqy&pD$j2`pVa?T*DfO50Y3fnk)WzGn)9dm!tG<3t+Eef5bbGG7KJO;) zI_>)@Wkoji#NqU=WW~?(>3r!>DQ*7kGfu&u|K;m2q}j$zmaohEVHldayLaeaJW%}S zHsqn6{FxUY8#I#GD=vFB+UuoTyL1@le4M*7E|qBKZFA%1S$y^;2+!wxGl@AZ>qZx* zz{l@CUv0+4FL-$Aa&SEtgGnam@puhr%r|tJ&~%w%jhz%u^0Shk-{t(kX+7$Eq884Z z!}?H%to<(n*Wp{FqIg$8F_?l(R~%+?RoD)f!t-?@S@ z3sA}Kduycj#-GXi6fGYuJ4qQAiDPA}iCw1|Sb|WGgY}S>+RoRcgP_Z&5i;GiobT7B zpX{!Mwk8Xb$L~0xo=%q=_W66ex4y+CJ@O8xor%r%Y97u=+ZWm!e%r2>`Hu$v(R=!y zB6?h}3)`EPCU#dG9dE0Bmn*kCkF(FsORp%suj98H-HZ)4!_T-iH4H2LXGXThqp+XP zQ~H^(xUY}*v5T9U&nx`Nv}d&Gdug+o@HKIbNjyX3OXN!q zuXLGz$d{1MBp;&BC|RZr)&aEtu(V9g);L{rc_;V=d}DNsd%k~Y7~bjs`|@`RVyTG- z1^`$E1puJ^pD%xBM*~|YQ@j5w7OY8G&-}Nu$?aN`$~=@V?GU$Y++U_HYjo>aA<67q z?25906!FqVx)W^J+Q^Z5{@2nmeXV17C#VFZDrkvlU~_9J%>X5&_pVPUx~S+a38Ri$ z-URP64~~x_g719XULW>Y&2@YC!Mt;`k+HTjnP4fQCLt2Y5t?^dKKl zSH2gHoFo}#{-`92_v7he{EdWER_hg)~+X7)`m_}pnxX?7_qtB3;LdeFU(5j zOf>kF2tYy8NK6`A3XlykO2VC8UomnC04g^pnvlP%`H3OQE-H6;W9l=&Q3O4;E>1xp zYNot`84#nRAcHJ!33qT4<4*C97ZH6h70#F88ml_9I@^ngA90G2KNlLP|CQV(H6tbi zVA1q)pDmG5tmc`*WIMPDM6Br zsSbUvDbTN5vJ`@gS9kETr1eKkJxb)Cj-$;y9!NG=7B!ZOoy>7S!;39 zH*QgiWvb0M8Qlddcf5t$M75jTb3}cS%cE@*%}AXU+4h{*KHU?QblH@f)nKoa{yYC_ zx%Y_~xv-rxD33;F{b@bBEZS)vmbSX?#-yuXDak(QtM^XVfRvOlKtJ`#jCaTLb{O&i zE_N9C3O?WW$cbOhs&5^)L*vVP#~5^0kFH{B4?<{D93Lf*Wp}lmt;S4rK=tMQu86zM zk>?k#u=@|UW4rs4=`rlhc(+lM8acg}9$&MgWw)=*@8K=i)y9^Wi}f?E9=0d{WiM{G zvbN*1WH+ap!Xombd#T=mi+91?OYc3u*6Fw;kPZjOCS!dyFNvnY^ zJGj#M7f-tpOBPa)vaRDSyFXYj$ETP0FR(B*6%7pPgMlGx8A-L=+ORVIJpf)*r6BY5 zU#J8w%qkizEXi;l6e?r@0*`ApZO&`6#{1gLM`zE=%V+LNcLTon<*073r6%)07(S;p zK5sa}1BsBin|!?)jW*qRLL!$+)wwG!$$hFO4Jx?{E5FL3^TMoLu!eH4SMtEM9*caek;6MFI&%?mZ^00 z6>K7#iZsoG@Q|!GUMfpg5zU&P2FC>yz2u|7znI)%q9so6zBG=x>&b=F3XGbGbdI2y34$>Kj+ig|5rnfEz zU)}6Y=BB#l<=Cy2EY#+{vxUL>q4Xuyi)3~E$Byr$&SA#qIagJKFp=6F_b@+5wd|yM z_P8!WfJYOadk2r&+x*0gtW`FwI_lOWGH88}U?qUwo(Qc-COP?*P}XoYR`-v39nCrn z>3P6;iKzWPXifuimo|DVTc1XFb7xPDR9bJyqY2#@y)fL1{TSfo%`*br*rx1i4oOV& zo;zSTH%@b36D9NIbUK9+<)4t?0X8s?ny|m0_J$yk1M0m^@z#;I)GQPNy^-jmp;xY} zrs^AG%+_-BEzmbngokysh|ZwX1hW%SpA2vi&cR`5ng)o5t2&IiVWqguQwL2RJQOG} ztuFr5KrOhf`RyA9-1!1X{o8`J?B65;+uApLr*kCoL*eeY&w~cs#Gmg3E#QB=>eBoE z_y+(03r_3n1_potOH6}^dUu9*C>V%bALBMl!MYULc4Hq2e*z-99`ab*vPd1aThz8xPEf;=lBh3 z0>%Jq7Z29T> z^ZVt%K%Q=wE*y;1OxM`FZQ(}(4@l|8#Q_ufm+{ko)O$UCur_~!edfCJ5A(6t+0gA? zfDE&2EYSmew>MUxK!G;Nug>b4E+K%s$KJU9dLiiOwe~fZe?beSm5#+ zIJ9jZZU0$_+3@=wc;Bfhnk`a(pU4}&9&YWZSNZ7ryNq3Qzt(R5e58hLNAS3b@5MeW zJygxSyCV1g=(I{oii1SrNrR2ePEP^AE0Ihs(a)_;h68|_apG5OK+9B_2M;D0xDHD#_*8h z=rA`*eeA8VphB(JEG=5Ctj$z3RbXv7oUNvG8_1$e-DIxmL@AX+qj^>><@>MVtR(qI zA~7({(efiqsKSs^OOqI1MT!}vOH;Ask?#xf$yBGneyB<_k}GVOFI09bcnKa~zoD*2 zIB5Y(n=X60FK4Z%(erG1`@?p$ULMY`zTDwq2VhXYZAu?YVdG=(@kh z_j!lDYuQ21y7>F*1WC#Mx;{oz&rJ0$PWH6@pFTXThvJ#zV_<{IB^TieTP&r9+X z+)kZZT-UGVN9#z93!nSxeQ@fY{#uW_r}g%@JZXpH=SnKdM|{M$Tzh!BF9iIL&s4+D z>q%|*w)f%A3SQ6i2DDvQSlrEA+AM}QPT&ms9JsjUg-1-1*u2nsxQHu)BwP}WM?8-- z9#LHUOd_#ypm#0~v0VH?v4}F04B8kHr(iCL9wGS{nL|I?w+#?IF1KR%EqMtTNLPIg9m))r3A|6$Fm zSXrZ}pma04;WH=GE@YIzYpw+lWhP(S27pOMTemcZD&`AF#p7R3UvF;ZxVo7#GjE{D zQ^u1~fk9bLii{Q_$)KPTix_$XNFX!Zhl70v2^97reCLBPFe=Pgn^}F)%HAL4a_+eG zI9+!&xOFVsSqp|kigRzQG-rKHAPSuTH1Q=yON17X8fgqM)JukTVUC5vCfe9?8`L2j z{hQGW#Ca9{&s83dvH-VpPNX&H2!qmYYPNea2PFx5L=hY(9Fhp8* z#ZCMNy3dq+HJC(dxjyMGQ>~mPbEa8?(xx98;H211^mi|7j)L(Xr5^~jStL`BMlr##lHgt;z$#i9 zQq^4tL!nDG_!yZ8mHru+H3^w`RR!(Qb3j`Quoh#$5QVtFLfT%GG0a0Y|6az(-R+Q| zd0$tySgd;6Rysz@qYg?*JhGNGFa;wPq6Xqw9GiSg%%&yDeJJ>Vjqp{txq%!X)l#IVQmOZqq6YCTu}|lMW6FyM-MrvAUauFW87ebk8X= z!>s(gVXN7eHpoCTQv+=&6bcVTMO61%EKoRB)LsCBf0@p4WuKBtKxG34AP2v_Q)D-n z^$pi++dRejK1kFZvmw3x6B>{TYvUZkUVX^2gF~c;F%#tDCIlMUgJG^A5Cd$uCcz+^ z9zZR?YDY9^=h))MWt@=Er6?GE%FS2G5`g+9w)6HD=j~^0QVafxnAtq zbb?|vF#vx4`rZjw{TBrlWfc?HEz|G*&bc+n<8 zcF)cHn`qwy%X#OX&Ba`z&%%4|y*0ZG?r<)zMu%f)Dk9#mFg`?)^YPHl>qE7>j>-OP zs%8cqx5M6~7p)F5F(DMCIzP>r>E8{lhD2s$spNZeKtSx0B~&;zshst%wF%-DfG2`S z8mLx~R1j@RRcgy`Au~x`#HA92>0zNBL)xURJBGxYy3$0#2%{xE#qMD60=caZ+$GJtcg-h~U^b zVMcMW&@zlkiU>r_f`J6Ns}iRUPy>BFA1nc+q zsW|T|eo6=^z~(AM)xC2vmuDdh+nkQ4L3gexwi#<@7t)tlKkvJxDqrg+Zldy@j|Urc zz9VwHO)uBKF-fflhtGQWyszi$PTJ2yvHWCcJZuhsk0-m2Tg*`V0dFR@Rx;P7>~gAw z)pWSoa6X6x9$ANmo?do18Qfn}BHwyGjEL#0HCJy>o=;8|f6%t>&zH4sbam_tTs(fB zkdJG4-DGiojQ7^GbjV-m$~(VJdN=BaEnkm5|H@@^HGaete65HdKfiRn_`2*a#y!0) zK|Tq-XE_bsz<+i+eZU*#t?>hihWyYya=o9F)9--uYz&63GIS){m~5;JB~aw||w@cv}T!DvV0#3`}a zGOhSr-$=6qhDFv&LS?Z{&!lY<21mMwFC|E}=nCT;1u z#c=O@9=EUCfS|TLc&%x}Q#nKwj?4CWyIUSS5bYlLduFb93@?u_5S^h`8OA@K6IF?3 z#`{m4r<^KmL0i$|Uc2Qu1;-s1wh6>eTjL8qK0EP-<3DwWH0#kS9^88BrM^7yTQeYr&SaxvN8cJc-x_;Q6UtgwQEPlz zas0SgL!k%MqxZNoj+XZH26fd^YE9Dxjc&4*V5(`fiLek1A+9-yOj$u5^vwE-FcSTZ zzz}4YX}JobN47ae`Swr#8o2W^7%0S4Grc2j7ARMIUE0MhVqQEw5e_2Z-+{@sng-Wl zRR!qJoT$y%sbbte1gLDphTs~EB5Bjhg82a0+ijyR83DWY7nf-Et9^4_qiyUsLOs20 zxD8F(wMiERoObXh1sd=gOh}!^+X%dek%XROfrQ>%7y8zI0Yn`Y?s&&l4Nqvf8<2%K z%V-#FArP~^!0H`>{waAO8ZZwO95h5IjR2ut5NqxfEm~&S1(e{EhBHJfd3NI$>tjzH zv0(Ax?Y+thJ2(69xFo&27)Q_Zm%8R{JAKPWDHj8fy^sPZ@nC}h;(!DGa=<|Th`j_W z;tf7HE*T&p27!UAkUG1}w?{_7ySHTor`Aes6#eWIUIy3j+eUZ5QTXbgz5C#3{B^GZ zL+~`d`v3Q%zZyMbNZ&U!Qy!_uu&KWL%%Sh`vV91deRXlG@v^vk26*@z4E@FUWcH&T z9UPJkB4#atMWD9*y~8RqGhP>jhhWaG*dkE~yy_@hhGLZ^b002f z-yc-j2)Hznu9O z=Kxv&Ecpea+YshVS6YA@-@;~r%x{?&0ND9!kNno>!)AFJGj%sWt1?~K1nKXx0@Y({ zkh=hA0^9(=2)!2P(PLAY&!$RdliSqN9RrJ)Ne%Oj8`3$H>*P#k{poe-^QSSG<72~k z2c=z0kFZ%EMpe%XH(6hp&-#QjjZvjOb@DrnE$J74N&I&F*^4kWLH@IoL+TtjvcUr_ zWWJ1e-Rn>DGjsD1=>HmQ>aS;Z+@myJ7dH0rm#6efHd0SwzdWzgyRNU5obq^y_ z*Vhr>r;aF|HjP+U_Igv)@7mB`^fsLw@`k!NCw*=hXNFFfSo1BYMz742hHc5yIYLVR zIrKMo0n2?4|GS}<${D*jQH#aL=OKs-vg5^%i+;VQl$atz^+=@J+34!T~9iy>ld?75pO|8PVjt*54?E58gBt~<&DpAR3o`m&z z&U(%1rfUQC`rxA|f&^#dd`*GlY{ZPt_od%|@=+PIP2c&te+CV2jlXo0qVh79=k|*m zZKHe#zvgEHJneL4qJKW;ckDKhSCew#Y`*TUM9|8^BUZtHtkb7Q09 zW7xL4YAUDeo%_+tcX(;Om@%a|_yS{l#9vifygfcCupIwr$(CxnkS4ZQFKovd=!XtMs(bVt(e+U%9TkbF>T5AhBy-%@&md?R&7EZrUQ_wWo)t(>PBIWO6%<5w%s_^YD<&oz`H`NgA>_x+3d z$A`=+S16B&NPx*lDK}7{w8&eDPmP3hxUsqF81eEK<80yzRWGom9pML>XwH(hsN$I%x8NwDB`Z~dMSfO;xwm4Dp2o__O_@Jpp znkA6|gS*HC=b#`mKYuh!Onls!-eFmowF;c7RX)jFM5$ZA^38N4IgviHBYlbc{?t>>NyAv|(R`5j9{7b}++7z8vuyQ@ z5+J2RUjH~QQkAHpCwxD21hy!?G+^2{QVQ7$bwMPYbgotdMb{^n(KbLcHah03NG4-% zrxC1rl!#cmP#9Sb;;rTGs7AC=8nA%b4N^uAs7UIU6gfeP1?b_Q;62m3d zx-W?4=94)KjmL)lmYj7r*Mf?)kJQ|R4xMu>6Fez5a<`(I&DhaD&aI;|<{@Hp{$$K>LVx%LkJBW=G65yP1J zP~(Dukahz30-5fZftSD90mLjdX_hcHb=1h11wKZW37^ptA8-Sc^mBco$)IM3pP_5O zP6~6od4(8u0_O;3d!GzSuFtywv-%)vOAC;ESPZKOKRT$oMlccuyZa`5XvH{o0#)ml zO;qBP7c%l$M3O8z%+zAW%oz*<22i+pra>rsf6Jg;yL5rICAL%lT(fjkwmgf_hWe&9 ztGrc`H=$T4;n61X5NhcVf)iVfK+EcyO6_$2cD@*pPHt&;O2>>8)E$}`=3I~9kzfB1 zGmD4W_5S)h)?;=y&HQ4<%pJl(6HP3cV??4&5fzG;kzL@PlOmLYZW6`ICexFK051an8g&4COJNv3hv% zL4I+l#o`}`k1veqh9x!cB#mAko6AsjBOjE)>gxJ>-8i9UtNrBmbHSUVMpO5e{YeXO z@4M({_Y2jWuBx{SQ&T5^by-(Epm{;J6dc0bRs+uZ8~!3)^HVg3-^6pH_d>o$9mgBF zVzAdXJJ%Qj-k+K6=y837y%zCQd8_^1G%BMAdLSB;cwSPH=YrnNO-WETmKb(yQr1(5t z;dHp*xA~hHF6zfg9oe%BJwDVyE7Y0OnBh?WYlb+RY{+()%3aqKTduQ3`biC?aacoI z!{fB1DyOe6JTJrG)K8V5SC}lE>@AZp7FXv%8!x>-mEQ_KY?OqRekC$fFp{Dctgp>a zs~p4mKtEvO&Y(S9C_8xhrfD5%I13jUohXwy$&N7@tsVQ$BZsBF8mBV78L7%l_bc(V ze4Kz^9&%La_KBA?magc0i}HA$#8~EfoPB7*>pn!q`xwtV(zxcH?7R>wweh+sc=ow{ zOELY53-i&2den4lKRp~K+}_j-cX99bzIlY~y5>w#pK*E)c;3ef;peI>3$gciqOH@ z_;E){Uk_|L-)!o989od$lI5toeGHioZ(Kb4%&ffb<*Y+PFuc9Pbh{s3TxYx9uYmY? zzLeC&3a0=1R+(`)>5u5l(Yk=3*@MI#=x6i$d!xn43!|i<3!rAC*gfMwF}e4vXKw*%H!o3U1QpxZ9}0{EQ4y6$RY331 zE9R(898=**>A%&v^CZAm3jb-eyHbBMwK3jQHzj#Yhdo^AD4?uUR(jGmDKhL={G4JI z1968bBT+$nkff+4bx>EX&XTP>D0{cvZgxh%IT=rG=<@6Ou`4{fvDgHM=>Pm*0+!&4 z{$t$<_*neFu(e@iD+CPsaEK(me=ddmsqG2XBkT951*s6L!eEw%!0bfvf1s;$(D6Pt%EuhjRiy5O>{t?@+bR& zUo#*b!umXMia-Vi{VWAwWiET}oLKNcThiz}Yl0C@e1I#}LsE6`fyrn@ap{C}4>_tQ zmmO+JppizgfI=o&Z)!;(0qT(YjRES{hSm=PFmuvS*ijuVux416T~M)bzJb_3h-63A)P?|SA!g^Yqa#$%-e{2# zU1;XE+plYZ#N_R81652$)YQ&RAyZ9)OCJP81EpUF9d&0nmB_F9(3dP9aa!xHYET=% zZvBbbj+v@1&8 zg{#^Eo;#be0#Uo3f(r<(;s%~Oz0<TI!Cs5x~QUEEZ<1S#-K54$gaHlGse^3`hPZF&^U8+RFOiyTorQes%>uEJ>{yvu zpT7(Io`#q5W@B&lN=XLWb_+3~n3gIJPMdF}81Sm*-Rf@i>8U*vhKVE{Y=JdjdMH#& zG-()v2n71uUiGh7Opi2yUnl{F5GZ=)*RZ+naP&j}y9 zm){)os}4u=L(90Q9&Js?Fb?q7Jli2Q9%qln582OK89rb3s?64!9c_gwMt4bNemJnm1OQ_cJ9L$n>bIBYMcFyq~q-k$}#+n$Nc-VT8Z7WLLeNu0&gb%{!HB(bfIS``7z8YN)5Jbn$ z&_h3p2_sFLH6#UsRZ!5VS6Vf-FgJe=QoB|>G^$^{si{`Ht&1rYpM1~ucngoi#u7|= z+j6+Ryndf*J>Ixtd5^(ezq;l6t`0N&utg~m>pK3TBPe>~bYZ@!Hztuc;)vJrAEs;Sfrj%Yk z-BUbNd`H%^vX-@f3$ypmSEVs5o|ER$$Q)yr7o9?x8awMI3Bq{Z=kr&@Q#xcYyanqy#@a$8T|DO61TI*38vxoqpz?X&J3?k9KGC0 z(drr%udRuWxn-}F%%VxUJG2}cZRSj}*E8R%ogdtIFvL9`jyNa1OL9!Oyj>a8+}aPj z=*yhty6V=zjd8?Wr;b;i@6eL5h@UMrlYCl?{1p>2%5k4QLDn3!>%&Z;3A2wRs9(GP zwqwV=VTLaGOustq*gC|)M4g-habFh~%ly;zfw*^9%@7_ZBJ&JRo8eX#SiT6fK52fi zHePKDtK7AJ3G0s)nK2#CW>Pkw9g#0(*}LQ@6|1i`bF)ns^mtfl;9;u_2{TgPE|+m( zbmsiL3`a^wd*-7f9mN7^Y>`43M;&pR>)ClSh{Wh~4JlYZakO=!E7gk<(V<~OaBZBh1SWUEG!Eg+#YQv`l2Dze?71`a5!*U60mL)RyCuNux9zp z8_G{YHBq`k?lqTUBf)qYydoPRl{TN`Sn(Dv983l=uriMI8M!{-oALP;_1PNstPu|{ zUMrY__9|j2$h?;;>BttM5jt|n)8E#in zaF|~UT*_20Hl*)8oB0T0>%dBGu;*58t82{KuT0o#JHGN6kE2; z6i1CPT9{B?yVEgknnsV-IzbgD=p~NCG8+?n>LrZN8r4e(!X2SZDkx;*Cz5H%v9J_a zTJqZ=7Sg~IJ}e|ksamz5O$+4_4jU;%_aRzRV`*?&m(*~FS}lbM%!P5@D_NG`o&h)6 zS)NDmhb}MjH=yoEJPJ2=j{m)85xEYZeUI?C6729$hU>jQgIX!E4)VneG$A=u>)JUY z?EYi%C|F%&eIC$K6ii&yjJ9`%TJLaytMO3V?yY>ScaNBiseeSC%%Z_((j9R4$-5#8 z=~?Ieci#^eCw%7W`9&)xB&v$uk$nc?cTnYu_kC*9G1kf&cW@cFtP%psqnJ3}6i@M{ zr{uec=^2@nhM0m6plK_`{kG2_oElA4p6MwnX7jneox1{8?_Q9Kd2B*c@W5E*;3#;+ zgP4JpLx_-wyLrNTa(hKfJFyosh3|pp*1p0(r~ds<&>_VXxof(=A6FMRJp4$Hyo#Vy z6^%q&dbx(CN^@>`eayj`vOcb_RfM)T#xDrH_dU9VM5|8(Qs#9rDK^mcN$r)c{Nso! z!2T@PHjSx^?HZ1d1>$8iPfaWf=#nR`>RIw@NS#-67&T$0X7D7ECE^q+K~vTM>S;jM zi8iD&;ri6#O18Bz7N%C1l?mv)rsW9@^sY7ZZWY4C5WC&+ zb8&Gd@PH%yugJhtevE(!iyI6a4|0R)f*?Ctx*-Zf5BbiT=V}VE)!zZG<_JC_go7CS z11-;ak<(o24Ocdf+*r|fo2Q5yy>UKLj+_uNz{dPlM#-)eo|i8mp1m+W2duFHp2 zh(g|7Kj-UGI~Ryko!ZS)?pRJwGY+)4fd^c?@m5?-$LIVtTIIOa)5{R}a?f`#)8g$@ z^$dt0Sj{ummU&S?aDG-`J<83hSwt=?{xOs9YGom62aZ}MYRD+2_HBPfZ(lPqn;>-m zogJb{Cs)`rcpi!qs>P2SwaQB;3)K;m8RXd4CFZDcPej&~jV~+@9H8w!ius2TDA)s@ zIJLcZCHsGwtl!?EC!Kx)F9~mqun9r#)pqZ>16?jkn01A?9Yq$0VwNx~l#xkDfC#W1*gFWhX&e{>-;K2}stv58NAFE(7i^;kY>&IY z23>#TQEk6oI|WPVJ3QhhFQ$b#YJ~mTUU27fwI;y&2J*>w%EqV2ZrAYvKj+%Su@ zS-0-1&^1(=N4uA+G5@7 zDp#vpUt2+~mD1DbNxl}vbrBkdBQLxOyCZj+hkat|dhT(^nxkBc( zsR7jS7%KpsFf8#&t!`zyB-%MR1KN>~Gk}m=$oqt)Z;jxUxlcL~pmEurA%WOl zU!xNWF|uhcr4A_+TBZx_ONul^OEUI#G5v9*^--P?`)%dG=qhJ@V=%{P!DGlazL{1Y z@|#OlM2;m`9E>*>M;?D!dUD-SG{*qfn+S#L5Ig7@P%u+2(BJ5}P_VJel(QwpSx&t0 zi2D9lX8{VXA*oa8PXVV2`spxMlIuqSr+t8q!I-q>lT^2i=(J{zeuD{Xt{ubY5gg4* zL7HZw`5S?OuI79b@bkmt5FbZarT&8qO+0Dnu$6lcP`f9ZJaSBsvZT@LSy0X zUOGyx9$%{82NF=26x?h-oZ@>{)E03-FCsJcFRT zvFKPN(Hpr@G39>^G;dCHRX(FSjd5L9TETB_(ot|-mO2SGBjXXNP(5x)x1WFx3Bsv_ z(0k&&j-P3Jo=Okpx)XEf)JQ6w5~67mW1)(Zl|Ak}0JPA@O~8k*DlNh}n11I@Xcx#3 zIyYGC=q*d_fL1bFE%KKQSTYPyizpQ@WDixXCUJ7a2r&3>;WSA%F!MfPDTK3x&Nb*7 zG>{wI-YIeRL9phXtwK5BAe>aj!vq(r}&X|_OW%qM4IMv z2WJ0VPQgYNk~LV~eQcmuIv2QLVs&tG;-{4SF|h6E z0nIeTPDtS%QfZ42B~6hKo|2~he+^~fJjN4`C=5eJQZ(c46o8bl#}J?w#9D3ArSSoG zc9ORd_fB+7dG;|TRC!pwhDza)^#G=hw8Jn!NK)N_F5los4fn`3|F;`(KnBUF_S@BV%y|B&8<@0L@L zRrPM93C^34m}3?kr`UYz&dDG)Ha*HUOXtIXq}$&iV*F3FcgLb>1uOlcSwCM!+2GpArnr(Em>#r#u7>=lJ( z2T#!%p{qvmqwfWQdKI=Wq>ckK2!5i4f@m3{E?sCmT%(U;L!U&wVkv33WoWmSGz!mD zWCe$Qa3mz1elL1O|6rNAO?LEHVEMSt9h75j7X& zea9yLZatYE`8y8q4Y@mmw1bDJlz?JWtFF=|E}fK~`4*Z<$;|%PPD1#+Z@qHkA@=$y zZ^Mh~&y&1ZU<#EULop|%TsO!ef@GXQ>?!$w$GO-UUGu%c<*aFvLw96r*4f*wiVH_42eFvKs`2SnE1LG z!s85W2YjuUU&3rm73+Q<(==sKCx=#XV zpM3lsf}4^n`idlyU|YGevQb&%(qP^4ab5j$$$Zhgyxc2d>AB!cxzeWHT%-B2%xaP6 zGMf`)LpBs|ySe?fE8{)KVfu5r^?1v{#F(u+S=a)sb8xGzUfP7-uJYkS5w+9$h&7c# zGM^%P8-I_BvHKUXbmacBohrE41cDNU#thb_T6LeMTvmH@9Ys2L(__?1-NXkL?*VVAhsY)Nz8=h$()k&UF0qWsBkd zF9Ci6_2d9vknhFE`bw{j$?Q6v?)Xo4(e6X;cT?J{6~3I#I-4bgm=uU;|Kx}A;=S@O z4SsnqDQ7Ez37h1P|RkURmioLVPvVi)xQQuOg}^m2NLy+H2NXWEMg)!@hk_WY$>Z zI1u9*R;5c|+IG>@c2Q=A))}QU#a{xxF$>~XgLaG^vy{D4W8acZsU;sk%mJ_Q>~NHz z?re5&#e4m5erMEN+N`KQW9xO-^5=6W&WoV@{fnS0l~1fNL{d*I0>UZ*qmSyNOKJhc zQ;j(M9DcBKkfrk0?+@&2b_m zI7q1Bs>)>cmgi&JiNNjys){H2TQS9`p(Zn0nCt^M;_FvmiQR`7ho@wUQSHL~Zi07j zNZoND^gWxf%UDQoh>%c!=DabI*!)CMS||-P+yEFcunH12t~4lDTEigYsGuv;?ky8i zG+CT%rm%o5wO(xm9b3XT4(Dr*o{hBu{5J^p;I$paH*Je$*O2yCPD^-q^zgk-@9hVY z%8d@6NcAqphmz)yPc+1R%B|2B@WP0jW`9mE$%hHm+YcDp@iXtVl4A(m9}YBQw(K`H zJ{zAcy4(H~AxueaXdJ3mO6az<|b+C%d9Ou8G{nidE7o-`ZH0eU^ z(hIBXEB;i-K&3y9pKYoWFitcIb$v%vI5hJE89|mQ&=)l1?^71hh{3)b#yb-=N0yD$ z-#Z%cibTx7b}YkARi#$abnEw%)$J65G;|N9(Ype%BT*kDFg|g@Xjl$Ev6k>Hnv-@~ z(5#r(>wOsa1Q4mHEGF))Bz`bGvGB0=4zM{8Qm-gP-|(oP1r#d$HB8!O=A4wNmy5|l zQ-FTcHfKh&;mRY&nN#KS1?fO(P3my5nc0x)D|pJYx0G1>s7U@Nx zPwHB8YpG7t!YiBZ$;owk)b1a~Sv%YESwGRe zlRw&cmp#ELK7ZIN27J7O$g{*Pi84ws(@}e^NJ7^sfHxVXz_x5Mx{Hq%TRT)wD24S&{veO>k#u7-D~xX2PunZTzJkA7Y|N^cnzT0VsTKHIG5e z^p%jt;aBa6q87i$F>8FQat!*>6Q^RxXULmI&-MJ=CP=P6ZTPy zR1WnCs}G<@(1^KZE(Sr3JsIUi<4b`-Io@#O6zsML`_G0HgK5M?dqc5uHNnM+eNfP3 z()SIA!Arsa)(-L^)-+ZX)r6xEn5hl^#lwV^>JFqZY%6k;$F2vAG{-haGIob~`hj{n zfXUIjZUhQ4ltr!1djjk%NDy7c^FThq(sN;LSIEgK{JKQ%7*hP4*Gfm+D+`}{j^Tvi zLPoES6tK=8L8woNXy<{n86Z?2Y&xPw#-RW@lje^O&>}y9%KZb@>1m3K@C4qsqBsY$ zv;nguDVPm^%&mxzL_D%17~?00jV`vch~UH?hwc#@2#drUgg|y$Kw{Tg$ZBx{*RV-$ zh3$KV`~Z|&;tM$8=jZY@g+>B|BLDb)(V>yNOo3ibLA>AmbA-;w8X@RSViPF}a}tOx z#N=t{Yr%g{oQRna1Dy!-Gx(}PzX8$7#sc%@_rT_|f|UaH$WN{XV*>Diz2|ylzR4H# z*hkfc!EFehG~?4mEv5Cd1Q;3y<^o{L$Uu%0fG~)&m2VMKO`4jFwSQ4if$5xNfOp+uL>mkC+~AX=hJ z>_X-^U0M_g7O5yv-LpzD8h@H_x4uv zfal7DS%*ThgHz@zWbr$i-^1L9Hg4A1RUKrn{Gcp40)|9NLi{|P>iLe2W_ z0%{^*(g$&4L%Nw`&zs4Q~GnwC`n#5f~4d zC%Hoas``LQGd5zz=xNHnfb#EzB!AYJsc@g21ZR5I(Uh43?DW{q@xYBZ7ZTrnAVeD= z{kum1&)qK2w?{4x{u3&3G}jSHeu83I7xHtVxql%=Q^NaI znG`P9)5dHr^GL92)aV$);}M<3dQSHuZ=R<|NQlOz1o<}`P1X<9FM9h5Hsf(&(1f*$t!9P8@gaxx z;qxw{8Q%6jB%Q^(NsRUA^D#?-w!_=&CNOd7`UqF2ZRTEJ^NcwQ&7JUkph=~TOKsiE z=yC#v=&I`4owHRD%R9!+aHmR8h9<|u`}Vz{YRLQUJx6;jlZU#(-99dfm|D^hNVF$p|c@{25;DWyaTOXq9{0X4_ap zK>s5A%nIfJ$3*A83g>!MtIc2xUlGOWDtyMu;hbl-z4OTdBOiH+Vhv1>9PElX{fDLrJ^b8OPpYYxhK@%2MnEe5TYY~04{akFDT T^C@1v& zD?zV$xGHD7;p?n?A2vZtN#L1Ull%K@RbL`cM($SVYuX*w^P!fwT+agn9?Di zx-ZKrh?~(gIS-pSA`8mUcp2BBq^h{5y{Eiqetu5YHRiBrR$}z>CQu|gI z3-iwKs)|gEOj&iMQ|X%}H!f?NJ|`AYE>JLC&#PY_~ z&Z9%<+lJEy6UK7a>+vC+-LD={uu_a%1(5nLJ33vz>H?8mI1y*)&^uV! zc#r1U>2$x|>Fh=Cx;|eVLgT%{J;5@ue7NLydCIBG^)$9%LMwf(9NYaB^|a}td8$c` z=5Zy>(eX`NlH$Yeauh_i6%=Hc;4!Zf z6&qfNWR|Z;x?1FJ7URf=i~o0YbPkSP_=;RBZhe&WRN*wxQGx5&FmY!aHsug9)O+Ye(7x$m@Jb3H}Bgm_4EVr9lk z4yF$n?_R%$Zw~b2wgS^U>2S42)6@HmAxpk>&?cmXVd|@5mWU3*-`_iQ>46cDhNp3nAN{z~I z1p|ZQ0ow5DR{%&F%lD)FkPxmp})w?z9(K-7F z+wUn+l=atal5QT?qJV-1;Hm7=h`pv@l#I+7%|&CdCNeN8j5zcwxM|-EW4JkrGLU)` zH^yDa3<|{(p6nN2QdWXRa>YOC!K2@=oDT+tyx%J*lSyiNs3rQOr{Cg;F**5(@UMC?0oTyPcDFQ1HXG-}N?DF(@hFbhv zkOv~@CSR~*TdwQY>}6GaVO8EKhTcHh!}nS5wl%bU%jVG#^!OVZuqa)`ey~ny->kS` zS$0A)^QhO2lr%_y`ln0Swy6w3C4>#hoMylXr(z`5CMK{GlvzJd3+mFhJ_4(m<20^j zikqi1JEU~WeFU1phzPu2y3M%;sA=Q^t43SL*&m(Nb|0>I(V3|^ zS7udxZ4^xsMz7L0i^+bo2Lm0PXw4m0E`^DK$wmfflX*dRlckSrm*#lgIDN}|^3gVo z(P2WC>-<0t`@Jd3)^n`4l}&^Kr<&#u^-n4iY zp<~9iAjiD4Mwj0h#rv1X*j#LxCPxm_82$S7blm=KWP7QV|C9wjv$Z_4k7=s3`}afb zb3~_eVTp5%HJww<%i=5!NWoN)sZ{gVPRKHw*|v;^hIh9cc4kC$o`sK>?fLzOs0(yjoo`w)m7 zwTF9t2sp664)!?cR>Ni7q!Yj|vWWm25svCl4^?Xw;rdqt7-3 zm))MPw*@BA-0w#Re_-Zu3W$Ers21FghE??x#=4ll9?=-LabDfNxA1=XAZY^Te|e+X z(0x}#-)$!A0zdUI+fr`;So?-|@Ui{-ZLzR}ICp7Uu!{45>SqGoO#4glzj%4r@Bcp& zO8|~@ChHFZ;N@rO`%ee}!=I(k%*I;J-tE6H^(txnAOO&L80#;uPMz0JC99E70(bQV zPORJUxl-9StqAzy*5u{AbUE7{)~2+Ln;7dm`3j2y1IrW52cTk$!pYGDl@#?G1QJM1 znatjNX?;U|`6Y#9@d@OnsroCc_lUQ%eZKBLw_lGkSACMJtSf+f+!$q5>dS^qwSfU_ z!M*OX#KfbBg32gz=aVo6ziK6v71TwQ*A&qa_it;^!%pdnME^-C#|lyW<6JL;#F+Xe z2R|rFyBG~Co>*vEI4E57!(;^yF94N~w1gvBpaG@UPeGR<2%)L|D=i2&Xte2Tm7YE# z^s6Gj{dZYnc)`Tjt183805@bA60q-s!8DVrElyu*Slr(kQYnUdQ~!+a&@$9ypl}jT z0l+sj>0gE@rrDkH0(&#{Tx3FSRLPzPoV7mAirGp zl~a%bvwQqe*w@gohnB%yFW~DQVxFCyk3L!18&;?e9n-zZxI!7*8sI?~r9}3UWwU$6c?E$WzO;ep%FrU$U-X;RS)?9jBBhh4hs(j`YM1F!SMa*?klZ8mU9Z zrh~=hv4-}h9j2rDGV~VgL+?3)_rMZ*0mbFyV!U3ERr2#nkrvQ3&T4B49KxI>fQS^s zfs!=9Jvw$046KoVim4{UCqL3(M$mAt*kd+mCX6-A^B}csQT2TXbYziV!S7+IgZSB@ zqixx+-z|^PdUQ`8u$)a*_L0DxI>y}@#3E24U0Jks=TI8U1`ZW%nw(87Gf(=H?H4On z!-d?}4F(nyb(7k`E}l>8nVa{) z*PV|>3K@w!-d@gtEu zezIow>w}@$*TI7IY#lofdlM#1&8mjoRy;<}u|3ZA*y4R>WRR)BqzFnhWo4r}^SLv* zHem z^5NLMIHZMG>ZD}DJ@Pgo>3rJMMdYIQ&gJS8<#{##Uh#hA*@{O?Xm6kmDsJ2i9oC?+ z_E^gaCYOS;oG&(x2)3e3^GPcc-X;d({x}TV4HxFdmhAdta?wrQSYj@`&NAe~Fyv&h ztW$1hqin2uN;a44zx#VJgDS=DKj}$GIapUU5v`$Q|v4qo*(7Vg_V*j zDckHFWX?Nq&lMg)dD)kZ4kh26-un%A>wd|sI-O5nt*hI#>T{mAg|%k)Q3*sj6FBWn z5A!%*9T5d6Q#;}gZ+P3DUwx&YAn$F?Iu~iH9Y-g%d*KSaDP$=jN$r>0SyJCM$0=Qp zXic7ec!jt=Ft@e<>NM{vhf5aWs?n^URbvL`_Dv!OW$WL%}T>oH;ouQsCa7=#( z1~+rGbK;(p!&ah!p8li|9()*c#Y+}R<*>(%q1_<`lv^>T+t$P-CQZ24?Q73B)i<$X zNF7U+>Y_Qu0WWH-a@QoZf96o1(a&3HHux2y;{zrodY{>m@9Z zS7(j>cTGOVJYLk{YE@wc*B?q^JuW#qMs~X*v@@$glcEZLcKtQRTjKdyf!>C~TFbFJ z5XO30J#{xym=Ne_-~uEVzX`>e^TNtKem^!W^F$l0pQxdMGpS_w5sd{LP zdwRMtJ@ElyJnc}AfHnmQ9m9NtH+eTkRLmPe%EWKQk%NT~L)`o@q01L?@@TZ4aq;Ls zjjme|rSz5ib@Q&d8E(lrhY!Rs#7T~hQR%5z!7`)Rhh1lTk>9Kxf-jExEwO@#7ZOXM$qj#cV&tid?<|`OXSyh zl90?%oBFAs1r`}v%8~OP+~81y76~a8Zx?9fget{l{~f6W!U>x0Bg}Ec9fATK76xySMb2G0F9?*Odm_d6J<ma}jUZX7NIYv6cco zSMsJc% zNK?j!&)4-=XJ1q6LsLnU09;s0p16a2I6jlmbu zen<$o7;!teUytw+uJnVAx;8+D7NZRvs+|gQ1sjVTiX_-t1jIvhoAmIRkt#KO;U@(z)wfe7FN zl_kf=O#-dI%VxYFEvtwM6*d3@5qa;*b!PqdAL3K5Jm*RWa{L2Q$kPzfMLo69Y_Nrx zDB}o&Fdu6uPu%@0lD7i73%%YFD2^Ftj*t_W+6T+lOrw=_YVpvAPv&=Wy5>d>!ORsK zfr6oXgOcbK4g6bP=^KQ5i^#M<2b6qGoKs+*W0hv?kqtmg=dk`Q9C5+vfC|%HG@xJi z89>!}Er`es{{D^8{zWqt^LK3+VCT5xsv(pDMquY-&`Sy(u*eO5{%}grptN!w8`T?I zfd`egE+ZMm2T_DurWGQM&^0#t^8qS7o3mTQKQZQi)WriQ`ThZ^ZMGU5P)8zD#xUAfqmFi0#p8CK`i^RMv!opBc1_GyY8OkNlP5av!yN*oh~ z4pf115FZ!$j$bRBzFsLZaqmJM8GDbur=SxC$TlklJMM_rd9FnG?YY-a@*QR|!N;L3 zIeU}77eEI*YO^bsvz6|O1+1XXO)tzX0KEYG6;RQNuxEdH(J$rLGmz3xJvRiu=>R2y z%3xkw@-5}E7yc(zy_jF&a5IZ^)cyAr`px-Jn^Cx+O-&;ZLR^Nfxc~_9OlCjK*y~uP zSJ6@8!7MtO`<*dPNNi@Hzw1x&O@cI5jRZG)vAur%$S!^%9zFd;O5qL^Pxb5vPN(4C z;dFLI5Ws`nw%h!gF$x&y9%t) z6pevSJocdxYn-aC7bWMIwB0r8L^yZzaeb>AHL2hIFtC>+OcgrdE;ba8xz~Mt%+?YN zO>Eotms96do%+tj|E6!c`mX!ed#}Crvsjs95RGDrgl$ov^As_LsrcYz@xe>x?L`mI z?KTrGzvFT~0G!XwnV;>}pUs)b4#PwWOQp$zhSoDUWYbTXf+*I$^F$QuHi2ZT*(EPf zPBzdW!uIs?9~|nO5ULS}+W5hL!AcJIKTLz22mCT2V)g}$S|*?)a)9y-e#35%k32!O zDhwtl18L*g1EMusHS~E>B3{Z+FoNXjm^i`U8BlK*(8T==g zoHrdwk&I*U!;>~ohr$N&{Ba91dzlShX<_#(ouUPf)yUdzV32bH&-}xY8Tp!Y`C^H> z5e7kwi|}1s;*~60*6s~n@s!@NBSHlSC?9sfpRU4RxQT`oM&os>HAuDn@z^s&u_?P^ z(FHFW7zJ_-;QGBF2!g~#y^xPk824`!T_sX-f)!NK%FHUz0%c6OA5`G_gK$rnsP%GF z`ZOZ;FNXc}vjf?&XXCCgZ;#8Pd;k%Cb6cajnOBg}m%ZtJ>;o!yu%qt#V5kQ6wG`5I zZLnKfIiaD4=!HXxUunzI(7L4{MQ)SF89&g5U_}P@PKKd_|-lSST zlHau=>PfZb95GdvF=mYZhr9N4p~rpc*LyYlFXXiW+R1&aYkj*}wXSW} zyhjlg+vv-DDTsl11OYC+!Tfvk_pPu#{Y8NO*MeF@9>gfX?tH?|$6@QZhZnt9#I2hg z2XC+QWC;2(m#jmow`~8}zT>;WqkZbo!q9G4Ems?DWKZA#EyFs;q_g!7S6U3?NP~8Z zL+YFs=j2&?#6aZ}SLn~Zi{@U<@!Kf3U!fZOWjuQD{ejs@oRc>`F-9NR+4)13ckH!{ zm3Spx{h#POdU!^z4S3&7DKz_ZF+Ic2Ond_~YHd?YeDD*n=T1TvM@S>F_xI$o&-Nc! z%lB|Kd84-l+SkF3Ja9eSDp&{YJ!}rVd^}!&Up!vSpS-tcPEKy;KYFI~!1YE!LfQ8c zMi1Ui*T)q@4ZNkWn#G}2DBs6BA|!ndUFL=x*P=siwcb{SUSu}sl9@~9T3Th>U2Kv~ zMYp}}70h-oox{yiZy&B5RCwnxq~7PRtPfYYlfRBP;{7x^uX{^h<21gP-rq;Ta$a^a zFI(NN^u&0t#;a00lULT6kD5@uZLtR{S!!a+l^POUDosf6UXd@+7NdM zfIj{{kEpsh=i~+65#xee*nsqiV0F&aFwpYAkpsi>jPu1VV}?oez(uvzpurROln_G0 zyS@L7KHqt(4+X&KkE(c{J~RGtn%Q0{fH-&GeS%Xx0;#e>!|4=J&E`FUzkQ{n__*VJ zWVrcRLn8OHcUL@W+jpb!zO0g!{$;tT(gM1rk#og5=2JiUCsI0yad}+quI&Vx24%+7 zv8>TT{HF=AJ-Uz5kR}5Q{*;8Ebznv|=qZ{;qF$|W`%r7g)}E6bYJg_`%dmn#&r1K$ z7-Pz8TA|ZOyI{*3-!!6S!;I0iKA}aXDqVzH1Un}XV0ZK`FX{HG*nk#&nxhZ+Pz+_=VCJU`+Myu4phJR!!UB|LarmCYv13q?r(yS zXQZ{iKWXrjORCDXu41w}?y@T0J3{JPx{~PTiuAq(%DvA%H=X$2UQ}*vu4`ZWzQ6ir zzRxyGk{*gKd;XL-ymIqb_`bg$G0aehV7%t6zuGc$-W1tQp?5RzHeFZv){Qp0$<$;& z->T{2`92nnljneupw76`Wqk7kH_qL?S5dUc5&=uIr02}>o~iF>$vN9U(#>c zEpmRc>v+QW=dsu^xiQEC`qwZoX`j5vcD0(>ibqYI#p9Fv2l6*2@3w9MyQSrGx;G5( zimf8Iv(5Ir=Tq*-%{RW!T7o$v4{gGQk;ka)#hia~CxFM22j(}8&&01*A7#C&Pzir& zqzoPjN3!?tIgI}A{{t_7KD!i#`w>zZe^{#I|6wQ8%uvtS(Zs~*e`M7ECaE?w#I||= z+NASdK%fH&Y3yi1>3uO;o2N)rq-ivlcIN7EYRPhS{o$x~*a#N+QRG8t{u{(4wqZ2S z$Eq+S8-`>dRw#h>4H^U@R$vSw%ok&vD?O%fFutw%lfZnuah-YHaXdY>aq4bvg)7v5 zHhmRChkrHe5i~2O4?jef7d42!Ofk4C!$f=l0RAi4p_Hevs4zUHJX>3NE6o+B5)F6T z!Nwy!LFQj*$q__IOwUHACZUO~1dFmRKNauCZK;LYS#AMr*glA`MrL9n5ibU}ha$>a z!niOE4dEmQ&_9Ve2U8+L2Q+Wbxy8jV2R946*hrs z%EKJRC$C5S49l2|ng=!IQ;Lv-TCerDN!nSDdei&HIpQO_?NRs0s2_zDqK3V8t55(b zMB(Ga5*v(zGswF2hrC``qOJa{LHv}2V?zVVSBGsZ_&34ZDXkX6Sf){GFKq?ACkI2? ztCQ&k0vZPvTx60PJopgvAXyNKQQR6N!v|q{wlTBVVxP%59hoH&$XAo;69SLNds5C2 zVaunT3?EWas3PsNgrIt|a&P^jhbVxc(=;E6qadg*u-{;D5hx0O-FxtMPaoqri0+YR z^OwOb)DMD+l>M?WRRq-~g718OO+l+DLxHNotFxk$eD1LT{>kTo)Z+A7E+;MBnEa)@ zM<;~}DywA)LQ1GIHysx$Ldx)WIWLt5Pvpw|rPjw+={_q1-Ul9yv3~fQxxy}#+-isJ2Fk|iQqZ+F zL($^sxKFZ=DDYz|t$_pT=-$ypKQlBk+YIB$QeAs@krupywzmSNbrGDk37pG?V0uaO zsb*!F*Ihj4QCIiQkPQch1xs~*s0rLk74xD0E%FaZO@PA75lw>tLitG!Vv( zVbAgE&7<*TU%(emr*=Y$c%R%;=zHa0Zi%%F3ysn7IEymOb7C<-dy`4U)6%-qDj_XsFgTN9hBA+~ z4*z#-!EF0dQ`K`z^PxP=6bAwgtVQW?BO0JeHdV4;vdATHMRKhfWza$WSBb@MmPIuG zzhHA{ZqzcifC!t#f1TV%Y{|bK!8WKP_SZP23B`Hm6lg^AU58o1@v~|#ZcAnM$~Uv! zBzX#OHI+#vSdCg0gk!~b$1~+^`qL!^8x%%l4-P%912SzXqN2p^{$_paFuDB}gq#Kl z4$nPxG#r}u^^~ID8QGiS?vrx0E_g!j{2a#w9%jV@4^2tVDXt@KGhQzC>%+w7(z&fF zUB_J&UpLc)Z{@xn4yoMeSQKjCKF>$T$2lm`-a5XSx^-s{P321OTDp3F!&yUgFL<{D zS_m~N1JLm6rVJ}TE`K{nwY>FTGeP8DS0SK4wbe=nV#sjlET6St| z*)QGnT~xMPc&~4fZB7mRS8EQttFf!%xfz4+*9YQCUl|Ddi!Zu(12*cz_^r6lyL2xO zA7BK11uOj)nM0_506r*k`(`(`A9!1#&mVd<1fQV)zc%WD-%r!{Lz*G`fvf!|(u|pf zv!1Jy?SG%9s^0dvL+INbyi#uU=rzvubiQbjqcUqAwTY>I3CX8p;k21p%fC1hsB8`s zZ0T~m+ZQrrn}vmbAvn*6AORBnt>BHN{S2WB7X;>~6DiV)g{e-BB~iJs*~yCFK`p30 zp&03eJ3P4p@5SHcPN#S-J$pVcJv**9&vcek-qe70tj?qwc?C$ZhiFHxRiSfLsGgpiSEO_p-0$`=<}!u)L8 zYZjLutD}0#XwM$dKItnZJmM+B%g||BO#C)e)?sU*r9wo@MP1~yE`qI3!k6X##X~*B zoJ~A1IgwmLlp&hge4rh_a1*CuP~K($YpMR62Ov6$^hA z&Agy;`^PUKpBTFNx3#k5(E1n%6?yoRU`^0yKAEur(;_6NnI;OpBou_ulY$TtKjr)z zmNdL1oxM2TN=cYa&Yl7u;*m5J1O=A&glVAQEKDitF1vUvTWC7l(p-mVc^9!)1B&o) zP&Gfk>J`*bD9A*ryTATxBGWavDMYh@#2M~R^U|q&1acgG$BOd+zz{^~5Ql^8t1gKj zCCL|WTpJVlZdLeC!7v0v`Wb(JTsMG?kOEL82qy=%tNU-{X3&DSuiqi0#^P}~qC4)O z0?_c-bt@QBljH?IXl@_Hm0?HrZy0JIG<*%0iqWeJ9_k+$R<|IG5bi_1M2H=2Ael7k zW<{WQF>&iElU*KWDYstkJ{t)i2?2>NNtBfu%5Io4@@)slVoEDlS12$EZM-Il3%%?k zBl5{vG=0fP>D{yKpR+$a z&dXPuDTA zJnU*sUsgpU&6BKMf4xov(>?-yeQZ)5n{Ne93@;H8@qFf-(6t9D-A#=eUxQ`LQgyi1 zV!r3n?H~xPEjc26Hg&i#x_EDwcAlGg^jddES91HiT?O=1wqK*4w|z|a#)Nr13`e|Y ziV3=7zH8sE#+WNKpRU&)JM_2Z)ZC(VJ|CvPvbOj;eP+f&M^x>+cQCip-XLw2Os8hL zO?+}--1LFDy?ourir9+E>5KrZd z=SHDEbFP*`p*XHz0u!(B2TT=M9~5@Fx@}a}n`~(C{!yxf(JH2^0YA3K(_{QtMH^GR z1Q%=5=u^coFe4KuDPaWKGe?5{4oR-9DfSY|D5uv~w{Gr{Ru)!h%>Od)abk2qa~=wb z=7~uo*BLRj-e43rqL>~veeaKRT{E7vDfuqL5942L^&KjdX&u*Uf%Ke-GwBDa|HP+w%1vR4APsPK6;+wf zncU#~oZre=hQ}(Qrd~gg^Zk~gZ+(2`-JQ7R8^o)?8npX5Uw!sr^5vfIZhOiBXeQ^h zD!W~5SrJsx4`p;cSLXDHt+04@5@hZ++j_l?Os#C(jE)bx5pFZT&3Y$EZ6g)|x|?h@ z7D8LRyYg=BvNC!;4i01_ve#F;4>n+@wwiD+ihDjj zZZKmerM=y(pWDJKAZ*h-%bQK##D}&tG{{R1a5{E&f-9O=Gg+Gl1$$w}f{ws>%e>wfi7InpB?!zcmHr%@|UsznTzuCb_S9?mMq1JDCR%ug*dIG-Qhs zP$d8hh(M#LjVz=pzns_WGOQDaEQ$5eH5MEbI}g)wvX*6{$IRey=MY?x0~wnc6U1XQ z&4pG*)0v}`dY8OPjV-GE(KaWwGR)!%K8)acbBl<9D8mQ$dp)>Ck%;vvr}sfVT;oyR z7lhPNOt7S2kTqkV9l<>Iu-IoIE3heDotRPr@OZ$rifplV$^HMjn&?XwgL6V)JA{gi zb+y1c!od711jGngt|fqc@WoR<_fV4s$7Dl;4g95bn{|{661gRH7LX&@f9iFra=ZfL z6XG3{@B>5Yu+a0Bh^e&dKzUSTKsf-<_a06Ne*$b7`|(pKV!AB{h2y}1&Seyfy6uRo z>yWm+h2II}cCR-=Zr9gCyADC{L?-4S75NKCCp7?r23BtV>8hBdA09iU_TVjOgUO73( zYEjk;eZnNehkWOx#p%{0&IRT$%Xsu3^M9wFzpY8Gw0!SfYJn}m%x`E2B&8^0ILqK7 zeEZnJ>u5L1?7{-I1tbjWS|mfvNnnBZa%aXSN}azvW8st_CSUMz^Fo#*IK1R0gmXjrS%gh z_Ohd8$J*NS$XOC++Cvf;AG8Dhy?J4f@|U4Vuo=8FnCRF(V2qv?Tejk?#Yum+lm2}Rkbq7*u6{ZKb92d;hcjP=uS6wi)LbF;7uwc zr75#FZ?9C+`CkTJmYU81Ww4Vh?Qh52?0nrH9A-SMFP?O+a+jLt!N**Bs~3`UI}HUX z+^eB_x~mZMbC84{_XCvuMvGU?=Qa3r*?PM_&j~DUk`&ZkF)ivHnLW~-*DYT zW_-6*3C7acO}k$j-yY|35b$4~Mj?$!_uD1DsN{itTV$fy1#hjnJuyA`*T=35p6llN+nSXAR?6T84$HhaJ>OcnjHv_% z`sgiWjbJX9ao!wl?F=p<0gj2Xib)?>r;f_s8>z(|$4Q=EZDXVuq!_K&VYTv1*7XlB z(=ak{%Un_FEIv0FX@agM;;@r5JgVZvdOf9JT^QJ{H09z*Y?9$Uz*=`0Y*JaU*G?pN z?G6*N<^`k=*_v+Xt(8r#x0@L**4956s)lN^#SUGQ$yP>~@zP{Rg=+5^%vzme0kvja zDuA_&&?Xc~V+h7aWHzD+q>WP@B^FA^p2g=0B_-1K6LSqpSYXGf0;k1@8NWKj=4_5k zczXPaPZ5B_P`%nmq!f483=5NJjf|;2-i6y73ixYZEh$Z17gtX!X7(|w^l>3Xr5x4w zngmPBqC9AJ0td?@cg%5`LDngKtRw-hTVlp>%8m^~!khCqG*@1j!AY?()}gG>Qce!iRykr_~>NAi@&O~Vd@fFVPW8vOHH(S_i>h$ z*>99frNWuz&GUtL_i?edrGrBfIUs{EV6Ya!a%anb^MF%15WpaAP^9T)^pDuy-(gcW zE}Tc%DdZCIYj=?~Ylb)9{i38*NWT4*jsJp?0{0G&HHzuQJ5rb)Znqb(^}>NS>5T_% zPo6+c!MKA7o{spY`6C+NHko|6n6!4ou|urPY=1CJKFVw>nJMYp!PfF?rm=u|IcZ!C z*R!5aSl+tG$kz-SJNOONH{3j{BJY^{wF!iRXwQG`yzyFbln&_?kk?N5<2y#{%)qUs z?doTFdbR7MF!Hu8KQKo-aqR%`CvpU&z_uN?2|HX)qHFlc4_+cr(YsK)K_&McZ02iu z6`dCZSv|QwM*3^%qOCJhPw;E&C++J}6P|@h5>h!PGeP57@pbTHU7ayBI(9}ly0t_g zWs)i!Owy+-6ESfmgMg19ryu(4g= zRYu4~r$_z223xa6p!YN|D8i{S4p6{KSnJyh|23MWdI*hZOfhc;SrnpPXk^SoJw=W; z7@{JKCC*p%AfCd}7JQw|R{|@>S?a1$5t@Xm5H(eFP79%r((Y_lTATuH2w~Ia7U9Ue0 zAR_m{TUxLagqp2O_D@MK8IfJao(G4InEU4Eb51flLgpjIE&P@v#se4S$+#m=$1!-7 z+HYo6T%UXG=vBTpzTIty&)FqW22!vAXi6Yj5TINXZ9|4CI~>b$k` z&Ug4Xf4#jz%4PF)9zTw$G03z;!}Yl2cYi*}(FOZAx;R}-%$WA9e@{$b@?X8r_5g(p zeL>qpZQ$D!bC8Ur$ z|0k3RORKM4?kD~+@fQ#f>3^t!?Ekk23Q~vugS(iud>?gTmX{L6<7j-0hb1T-gu{uV zf9z*AMnSyGxRU9w9>bEHH2OE*SjZ1dSO^-a6dLIdo{XfwV)LOnY|;9Baic|xR7=rC z7cJ~MuX-}?O1;_Y)zx)ZyiMAU-KRIs%*XX}kJ)s`%e-uC$-RDk&2fMBnTZa8-2Nv) z>~XazfSE;iRIMD{rd58n;t+a73!g5`8Z@x4yYx=5q*IM<KBSn)*|BOzT#X9Yei%2M!Z3 z97<-@rlB)oAECF|XU=G>WeSf=jUGzYk?d4HVM@Z`Od?q1o}cO>b|(s`h?Z0CB9&!j z#+l@TI>7RC!INpaXI<=^N@NbPPpkD)f#+yjZVuM zNc~$8n&X_S;Uwcj^qS(inRef)JGnb4DcU)k#^FNxJb+$5BN`yphqpV|#s{@%phZw2 z&oPb=ojQ?j(eO5vnGLUM~R+|x1{kczd%bvbk-|Ioz!_k$qZc~peu_BDrKdmmBTM+wi5sj^0j z*laV}SeEyB%8jaXw9~mXu4B`K$oDowl9!1L z%4iHY^CkvEfq+{&b^8+&?VYyxyD}cCkW>tyuOwsM8C3($|aFCsm{dRakJ+$vzF{Tv?%ffMOEje*YsUEP` zoY9I|#lYcN8(%=;zSGhr2enV5fSWaE*}_BS)n!g`gt);hd=p3#7RiurcBf0+!GLV~9@0-X6Du*KyLmEWST z;Z=kxwV@hqfm6dx+(BchjFM`udkiXGJ4A=%b5Tm2 zuG|DunqIa~FEkbK2M0gS=q_qqGax;(5G69EHy0d~o=p;5tvR8{W!>IWy=qVfEjVt0 zS*shddI$wIAj^YGKkr509j1?q{Y}Pxm6-+U$=1>k9b}9A;EWX(Bg1fFh`ClTKcydQ za~@Ewn7MH10nBvOZ|fT0m26W-*8@my5lCgFrRWthJlyA9#-j+|m_AGa zj05y;8ZBQa4acPl;*5GwhR zAK~Z^YQg2-cPx2o;wwvuH3gA2_$Sz-%K6q-A!-nRC=TyzqHFVho}oXYbPm!|N9r8V~=5_BbN2dkg+UjcTxLI@-MZA~|DkSwwuI5#v^5R#Z37e84*0 z%$OPN>`??@^&GZ351YxRkhN?4cmMPq>aI1FiaN98HTeT9(p5`%46&x>l~3_odRpMVEkvf}&CC#QpoZN~&{8@a0v&kBZAig>`HR^7v6fh?Ssk~w%0-eUI;58z_ zwT3)EUtf_GlDfR(qNilz*yi%9xpyzyUH9|RX7fI#t<6Q%DTmD72EPoTIP5I9(;q8d zX~hF{!*ht2kL3fOnAhdjU$oFJQw2P=R~eHGwltjKs1i4l6pe<=iPKRZo2c++m9Ugm zQ*>DvCI|p2px~ZATBk3O#~BFffHuy$$`U!pYWP-(FT%7iC5{*7w@ z2P#~ECw7I^ZdXGn?s82o#;+l;cXSF&L=pxi7p7(EH`+{##6 zi4NM@ps(>P9*O7fd@7G`Tt>(SChtD1%50_eTwj3?+M1`YNeIvdy7xqW(%PIF|Cznq zO&B1;8GXTc5MS6Nfn%Ar9G)=!REv>hw6SUETfI-H9_umoL6-}EH!obB=zLV?AIzz< zTyQO3NCvN!4x9MJQ-phg2T&diN7c!6VjgN&eu?b63cj=ZpEU&Nf>gZi{NpZWz7Yu9 z1a-qtyyBwVbZHs7B72Zs)^ST~mmXC`&*&hz$UQx`J;XJ#e=d@NfJgRt);`8lp5`<^ zNB)8P37_<_x%$m|t{pz=UT9X;i%wAd+PU+UofTXm8#(v~7 zZy+1qA(9u*2od>Bo@w8oKWEVkH@22R>K@q*mwL9BuC4s2w823 zCOe>AU@ds}lx9P6&W!p{QiDotEl_^&!9HJZqWB<&;r$D!Cf%#Y@dzz1mTaYf&4
@Az9wat+B_%FLZsNm>EAh%quW<$S*Aqux>*h4(;&hId9VBVb*YeWv}bxQ^&$?hvK4@4}= z1FO0WUb84%MV*{g+!Wk=f(zyWP^5&tK(?85EZ2FHgdhSNBXOutp^i>IU=S#8P2stN z6N~vqs@UB1M2l|LYMbQxDd7{$W7YYEQZnb&5=JPt27vd(>Ov4-IPd~>^f~KcK7S!? zgMJ$LM16BT;8!o?zEl1ST1ydwLBFI$KZl2iW*U+*#>qHPV|dB>icyeHnT~GGsbMJ6 ztFXgIZMn5zTg=Sc^->SHIfe^`+ENYCeh+nN;0WwoTK2i29;@eM z>*`c?Y|Riua+Iec@{^b3J#P8zFC=T0E@Z3*ECw9&Zd1h;>$K!_i;C>~PE7)v*Skl& zJO-%rz=ufU&!M&&XZ&*SnDQme;am> z6pf1Q)HM5`ZZyMfq4_S7ge&wk=k3OoiC<4lc?=!I-rx=WS?<42YJ~r>TlFPyEP|ke zlU2;!NaA{i&)PLjoZG=_`h7{oM{j4__HRSiU6UZ|WyuVxEq3+{;z!gp*IgsMZMwRD zX6G8|Z$o8`pj^BcubX%K26Yu{gdT(f%czlSB$BTV`Q$#DH=ho_a42^#4Rwd+u2A54 zWX=-$*(-tO@uM}874_GR#MTlDDr3IaQEkgN>c^IyjuE{@z9W+(@WGaiXQ z!r2!@8`!~mY=$TD%hnQ(%Rrlc$K;xn;sZSZ6kP*Z&Rv9j)n+4t1~QjXFG|w66dp-3 z!)9})y>{a8Md`Is)mwdv$9n^rpvuw5@#AWQZ?2&|c#Yxrp3ErmDgOk{=D@Z~f#mH( zL%j!!eTYTTRDgF0ddT{q_vX$!qx%0Rc) z=?VmTNWFXS`nOLg9QyWZvF!FKB%{2A(xVx?lDcCA*Pbv5ePda`PA1j9%HhQ82Ypff z#f_^FcsKKj?ekU}NY1FWp$naCnZ5GcfH}x-WrQunB-!nZJ_d@tO%@MJe@8Fl*-8_0a)uj*NKEwld=IM3E>U*xQUNx*G zlds<l-@riY(Sb92)A>QP7*c8kp0@$}w zL0`Ab3BQpZs4-X^B5+&atZ$zxAd&|}w> zWBywh@NE2>0biGfScAEdD@pQCG=rWcuL{#hY3grUjMwuUIiClCvkDnh<|l+#RqFRE z{NEz57#|+(Q9#^`(LD0PKGy20Ik<)2!|#M}E6^u)8w8`?;Bi~nncgL@gq?W-rf_0k z*Va~7H$nOEnq-nJdU;oo(RNkETRhi_kQYQY3W%rX>UfV}nEsaOrMTZ_wxlUl_*Yj~sZ<;5p3UX=m<>yH7Wm-4)o8A^JxJq-MffOR*V@ywhI{0j#r?2>~ z2F7@D+dV?%W)Jl{5Uc@X(!>pVK)9UTvCc2xIxqoDP*`iy{HN+fC&xf#K=t-V8O_w) zWs!ytX!HKL8;}9eD_Et>dq`^$GF+NqU4$#={#jM22(;FSK<%(XTE{TnNJ0aJM)A3! zg0;BTd0csjg67<(=BN(_`gUN=-l`{tg5bIA!0mQIl;K7?8W5!RL9ElOX;-W zf`su>et67hqI$3-eTf+0HLOa{_;p5Qxv@e|Q*m9D)7c~XGi8NFZMm_a9gr*Nsi6fP z|4_bv<^?|(%w%7C-u*h zw}w@jt*a0y@H^015x|{r-%orX5hWP-95O6j*i`Aq&B(v`05X?|XcgKat^oYv70-s_ zF@KBia&Km{r-L6JX1C`x=W%!G%oJOO(-e1-h}45*u;_5wzDdOpzJ;qgn9^RT*p*Vq z3qG-nmWcKPb)>aSIIGqfX@ipR8N*kgz?m=dZ`iV)0}vZ+BHlvV93zF1iKVEx_P_yG z1m?@zGFS4g?DC+0SzgXj)=eS*j$h3o3CW*MB!eq9uoc}L{*5VMq}OK1{f?`03;u`s za&o4%mrrx%Lu-2K z=6u#uCXAh!z>gQk7j3U9ELK2U)CcWu$WBD#Tz-ppBWLu|Kz$$kX6PQdMSA7k>jr&A z3$MjsBcczp6Y2wsV_Tv3-cIA1@{bxqW=>ceY}R4cP9zr1g~Xt7?q~Q~JNzG*mjErI zP?(E}(POaDlAV18TTz630|w}w$j=xEJ%8S^os7A*7(XW!q9qO^BW>U+sDbf7U7w?P zLz(=mjsfj#m}9z$l_0qozsgrK@m9%3H_y|6o3Vjr42?zIS{KJfOq7wchq z_}L7Re0cPRer`fu7#DN1r$Dm$Ga<6v_6iIXXxk7x_|p?%df+_ZcZP#CK-qBaEH5*D z+X(LLFOEABak#?1*f$RHY7o9)e@G4%XEk7siQeqc_UMoZ5m^mR!2Bau{-9k$X2r|P zK`i@6HpL2ZP4y08hiNMNz57KrNQ=1N_IrxT4wGbwmBwC^wU+pI_(4wBN34ZC3+?E={S z2^f5;rOQ7=sd{amqId$4!zxvz|y3KAj1FliM zLU%ktx6xmGdfkLFoc9TOyJFw*pE<6qHYQqq9cK3UhPuMvk)MgKxHqg?d+g;{1-8D) zH#d}8W9_RQ2zR&oJ_9_#mYJ&!LY)g3?5}sadz&K8f5P{wwX`el^|J{57+yR#jzIXK zyLYY~GoU*Wz4~GuJfR*Cojj3V1Z@!oK7ehX1HVyPV8TuhRq2C!cyaqMJ+()w;8;X? zlYe--O60wwUnTwwcNSjUqCQN5PI+kEglOt&FfV(bV>i`ze+2~og)}LBn2{}uw~`eN zUE{wESS5ECijLqtYHgQARP(8JlztPmctSkhWsVaf4$+YCm5VNXP9EFD=v6UhV0UnX`y>Og=f>Ls91!J z%1Li0x^K0nw{ftUMXhyL&yrc-m9lb?p)HSRSUOtH3fZV66o_%p%FdNyCM)^A{%f1Z zx^WGACR-(#{ybp4TFhyc&NE4Pb9|%FqO92>^5CimsKIepIZyUJm+VA#uQO>$T5PJ} zt~0Q;NV*O*_{G_D3dt86rS)Yov|?9nowSX2G|TsWbyy)jQ^V-lZmNAQHF43A`eG{g z6cgXKaZm~{&6;83?fiVuX3*l~ zJ3T*Ll%vDj@TRzQHgH(%t?+-Ej;y)jPj&FB{b(A26@&Yr;ItgRm<_7g^8UOM*5b;x zad*shF*n2I!#_&+Lp{ zhw*dBIeJut*l0}Tugu+;w4y|Lcx0-vpI%LE_h?AY|*nk_a`!4kxAlw+5>R;f@*s}^8!M9dUereVB`l3y zn={lJtQ96vGKQSi*yo0um7%<2Y_%n;rpiD?YmezbzqxrE>R*hI&pBL^)9jGRIU@$93r zcW}`0C1Vuxf~pA^^OBu|;y7WUv?Q>jLXL!aWWj}hjSY!^k^O~Z*I|NBr~mSmOak2e zA5W6fx#qCbPu`VKZcIU4@2DM8)S8gB@DyGvueBL+}u$KZehxLx&pI&@so-R6vS z5=y;TBbIYKKmp0yCGfO*-@DIha!Y|syyGBAQdCe%iLeR8YqCJ5Q(3?Ovs}cGm0bK; z>LxlNEJ8jDgdtWDfNd0_{xsz^vrc%*nNJvgzMS;wxqkmNJ<8y`=K5pqx1YHAHaZQ; zJt5xgh(~zDQ7v9SS(r6;G|5D*UV>9OR(6+GeCtfbX^@3H?mA?NC37r=fzvRqn5Qlq zgFzE)U0`y&5L_2>*Q&!4JikhtW6@YOwkIK#UkzAzjUZ2SbW@i(G-S%5Nh(t4;5gNU ze~>FPXiS|s0uNL8OUtcO|Mzs8gmOA1q3sxht3x<0k)pvt(KQL_``4;dy8P1k+eBjQ7h zDomGV%{;eUK7aokM?q>6hwYEyI&E^wn_eIzXlZ&P=Hk}Xp)*G$uHPzVdw=nhCtM{l zPexK(?Zfg0O3_7B73Y)Gi^sg|w_4bH97$-e33aDLcpRMiGe`P})%)w|3c1M%t<#t4 z<}31-*Uf4BJ?V$2&Rp+t+l|IeHzH@D#L>%yEFKce*CUp#N~o^Fe*0N0#I~@4PST>- z<;=&rAgy?OHOjL@qDxXhSkoYeZIEWlfH$G!z!E-?C#|f6?(@Rq!no z@R6N?n})0+a71+xyu7A)39hAlbhYRDU$ZRwVnMm~j)qmaj(NBEdw(kB3qSH;yBC0sw|L{JJF9{y%1LZh6EP;l+ z0??fKnDbYOpLbz?Xq$inh(BPV)r_5!jSBb*z?tZ?_+h)HOhGDKQg~T;l#|K8PJjKN znOe%!ZAe+YZ0;pDrXn{5@kGQT*+k*|$-D;P;!5|z_$bgQX$lyx1Vc+%x+$Tt3f;*q z!}hxv5qa+#bH+D26_LGwYd{HSGV zqtvM|zzfMO7tE(t$cGK+FAO@g=noJ>PXbRO9&8faa6^w?!)Q3wDOISVS70zw)XJCF zL$Xp+FkdvB{33^0JOg=LHb^-s2)^~hCRPBGQav8>2j8pwQqPnjnl7#gN7W#at*Vv@ zvQW|@kzs*5rxmi@Il;jT!d{8~}=KP&YVYOnn(2!l`}8TCW2O@Ei4U(mCOQFqzpX=q6a?M zBTN8YG|(SW8LfIJYdhzcsD`ks{$|*yHrue2Dnp*{gz@4|H+Nq<4YL>j( zfN_80S6glq1tJQm9J>M~|8)_T1vF1^JQUBk6>a&82QJcPrAk!Z*BI4O0oqal-EwZS z8H~WTfMiR4pyQ7N=8@vDAVZjSayc`74gHRb7hix@vt8=Y0P`)*lHzeVRovfLWzaXc zQGU?78G)n>;v+m5MU>*m{C3I(NAHPTa4pkkTA3P%I%07Fg^#!r)A@m@JTmDaQE1vp z^8KUw5#$d4Yt5Yw_9#U8ZqF!UbB9f!ZipLJzZzgK_>^mclK9C$@zz)7aTuBAU)6* zoI!m`=mmQPHrh#(nCs{mERgQ=Trm8o-Bzw3JLTQh`7r8PR9FN%@eL@*dqEw)F(j52 z0-;Mq^Z;c;pp#+mbox4>`u2 z={P@6e+f`<2M}`2Fs<#Qh5r7pH3TPP5IP`f_^E3SO8Yy8}WI;?K^ zT03xScv~oY`Ip_~+&Zm(piKOcgH~yp7&$Cp)<-{2H4X^PEer^Did!?hUm#&wwdS#* z4k(MJ4vN4`wI2qj?*^w+hH54uFqy^yfg1{-*-9~3!Nwg#tIk*%EE)^BV>oe@ z!2fj-OqimTSW-`{)M`jOU)ZI1#*z6ANHyr&!i!>o@7)5zk^hBlBm}R4b)bN z!KB+0MQ|&ClQMU%MqL`l(uuY0Av}rVwiEVcpR}S688OfuLFWEzBBH#)c17V|pgjQO z-H!~p`$zzk3AM|UIr9)gf3%w^kCZ~W9(sD{J9B{cxrJDToDNonje|G^E8`!c{%yG= zXT#5e*Z>OqR(6Tad1;s(8j@FL?G?590NNwSL3n=cw={m?a^VKuw4SFkV2$I+8M!)a zU)BY(#*|Dt)fB!uk)|`Fpzr#b;ltBG4W52XbbfBIk7}KHOz>x)>gCFGpEDU&{QdcO zJakq4{nW{nI%&LE(Q%i(tn2ijKc*);4{>LrCz0zZwC#yCsf?-bT;VnUn4=b!6|oOy zBZRqydDbM~G)vw!o{`5KPmGY(%nO0xn!-C#W7DJ?!$SNT>Fg4tUe@XFOFC(B#0-AI z25z_H2{xIo^b+3vY}!!SWS9qkhS3cMg6Nl?=BuY1Jm2Gi=1|?uEsub1B9qG7hcWFs z!;TsgPPm?l)0#W&y13?8**wz%xZ9rT59iV3sg%2)sYN7y?C zSrR0{mOL=MI^%sxg=*Nsx0{4pBDORme+gSJ z-j_4w^Yr(1F`}5feSbPr8-PJ||0flm%lF)QnhicJFb;)3y21T<&Oi|whsN-m_FUTS zdq=j{>p1tR+VlEz_~jT!X(^My=Q}93+ch=Iujl1PiO~JDvgw%M?DL2Xy|VB$%1i$| z#r8|ghV8k`{#aK2tD(Q{c~Wd``}?UMHExpj{4I>Z;|;c-*XrA4_;{(|Teka_w;&B zUswk!1Y3BLh$vXtQ39F{u@a#%Y$=3GC_7)^FE<)oh>(_fyYtgGi{?i6e>jQ9TH7l0 zel&aV|Bq&OGO=+rar`eMvBv)i&vnm_J=tEkOmPjy@*C=V--Q{D14uZ(!n3nT$L03C z(lYzPBPlwkRM=^5bzNr=`wz_=Y*Pp$vFSpvcW3E@%DWL9B19y9>1bjUekOnZp z1WyP(i8JOgZD(TYtT#qZ=jJ%ZhC_Ymb7WG^#i(;~QWMivm{a49SZ33Wxoop&bH}k@ zZ##5O3TmiRCyG|bKF*A}s;7f~0o992bn}IXg^AnTdw6YWEDX|_INhqqiQju{0>+|9 zC{vbcOdmcRbma>xa>`90qMdnE?TgHHsG>3U#973giPEPS#qT3XWR3z=fCiLTNgS>u zV-7d#O4@dOW*Zj=^Jr7Yo%=_y4q0wjTbT5d#&Jez_h~#86m`_1xl&`XJ?Z7=th1!H z{;JcpR~-*jjfG5H7)n9jJEbq)d-7>9>m6$v6uT8tq}b~oUtZq3^G@cZ^!j^xV6!tO zr!Ru%-+_cDD!lN*TtYQ)DKe8~7OJA81o*0uNn+P!N`;W};EG8p)EBZO{_&(CmAsSM z7IcBhK*9~A^?Wal`cnx7=l~I30VWzP7@}9M!(u75Mi54+7v{oV0uBY^3@3Ft3FPt? zROM+NFMN(HePbBeTeTc4|0gFaW;#LdgW?Rsys}JAYHWH5lMTm3rohn%4W3?_CKM@Y zU@UAvA!NWUgdmDB4S#wUUa>sb@H;tbt8|be%-KalJ;idee3V}H5z+)W-7MWhy%)PC zdtVqll%Cx?5&m=hVA{!%Kj@wFl}ygJSm25wK8&Kn-T@ulel&k{?;gV^Wm(&3*|@Z% ztp!xw-CG*LdjwCzbO5FF0KbictZFyw7$&PqNlxrAWl(xhqLfgnyCl|u_+qD5VsNEq zVpuBS7x(MRxRKF5n>CNxo)n#%Nwg*wO^ed-58Nb>!Kk?FMLJ7sEF4s>7ag^_k<&J1 z0FgIYvvQk`iWu;=Em{|DCA0Czi3bEmJf+CIZgU{U^CA8VFWQJ4xNUXPC>cWS-{C2t)AASyW7352&51bm$ zKq(z=Q=7}4XS+tYE}~Pdd!!wLLp@HI6S(pBvyqTBfO|bYd^uo${esw*z1GmF!qCI= zpBf>3X~eQq_40iKN9t2eij{UN2J@jvJTq!}jqDVCS>E`?P!G&_A!-WM0x-sM<_h?b zm4G!Jd1Xwd#k_|svLjen61rK}cY)Rt}r>*BJkE|G**Shy;`O%QGC zM+2VYGQd5Q?){Ewe{21_McaX58|@t zPxCu|)urZ8MhhmTcAGgtTZhOIa2+28@x4J|L}yPMgmc&47GwozkaN;t+o&Pl6Sz0gcA>MfIrRg2OAd-$pDGYg?u~Fa96pF{ zZ~#dyls^eBZf#Ej`i|fXnYXU9vY`+SAqp86S^AfKH=s7MBp!|6?TDUmWd}{uBkUXas&{$fPbTcZOT<3aS1Gh>jt7wf$}}B zH^(vcH$B7LpUzl%hxC!xRh*QM8~iNsbYdK7W+K z)m4rz8zTC53~7R!{lf7>?>w-^N@@QxDu}CirXdq3ov`V7HilOtlm$);BfbZgp#}1x zsi32Kax5xe`1df0DgcII(GP&ytoI@^$Aguput~G`C^lkyP}94c1mVNZW?%--1!_I@ zlnry&i=_a$JO{=pSQwr@)cOo0e`UzG)c$adq&2aSzoVd{q^7$g8!_S2V$=$M6D2}D zB;=jZi4+Z1gcH-dV=~>wf-E*hTP7;D0)iY1$f)^C=R~~e3IjI>!p05q!>d`qB^soW z98{bLl~?Gp(H$!CfMs`A{dYD21g#N?@74BTyPfm4 zNxR_Ufc`oclBu^-IPPGsjiNtgpfZ#2bFU`K7fYLO+qQ=u{EG?EJHwd8$H2^X%-9m2g@f5i(K-Qn14ZXDF+R#J`hwaHNeJ!RFNp%r3c zt@vz5FEB&YtWMwaD{C)a^EfN9I%bTer}-2uXu;w^CLgu;*YQGDZYH7va--e&8y*3^zgY+84$svE-DC%_hGpNP~NOr{ZP6zqfk@CczCURs_0KK=10N2UBq_#)6Nrz zgKxJ;(!o2IHDpR%3ZLDFIF_tVSRDG*FA7+qMi;EFEBG+=We&ZRN7MB-CGg^KxSTA3 zvo0rpMHIB+>HD`Db0uhHEk=h`|dg{>$leWlq64pqE8uh zdi{MKG41>HG^uoEmEW!J?4t9LcNN0Td#ujjsZD*ga@!Pk;de0TxhwlFtIqqR6J;yI z*HL>rFMiGUG}BD2{e2Xj^YW(QHP3JN;V8U6+za}Q>wVpB*QR$#kmY;)@8fix&;4wa zpt<{H>t%lXMz#CC9uPTGwE8eRJ{`^TzEg>~VZY2xkx}~W^9|WZH~m%1)b2z6x%$DN z@A>lE?fVsg9h%P98SuLMmlQDrXulcO(hWk%x24$|9r~%|4)a1Z>D&kv%8aB@K`4AA}u1-=TSA zd<63d=a6+1G9>6HNFTV|LA>&MWOj&dk@*o_Cn1iC9~j*sx}~>o=$`6b0yZnJ=$nT( zfAY5P8=v2~l_CD$|G}GpxjOfWLIwgt`+-eR|6d|5|0U1$?F}5A{#&J2XnNSAse4}M z24lFQOu3Nn>wA9q0TJa zi@bH&4G`EoM^r59B_AVsX0rA=WB&}^R2Gj>664sj{*`nu*ZiQ&8ahI$UEji1!J6I z4(B2oShB|~Rd03Ll1J}ioS0ihsAQj`50BFI(%SUVvWV&}eC#Wd;X?!OgV;$jGJa8? z6j#s~iPZy9U}!!ZYo*qq-&2Q*PF{*+j##zGz62_VS;H`;6UUpIgaPq;1(`gnptZB= zPM;dH0vH?BHOF0gEv71Kcxw%lk3lCrreVs7hJ<#k?a96a0| zzOF5tEzB=|3(lg8lQrxcXyu0`8VQ+(A$F0CUnLrof>h>gtz-G+G?h-kF>$dvHJ;|l z9*#q?@GPPY6JW$F0XH&#K4tPaM;x-v$8mpG!++}RRpc%+Z4Io9NrxWXRK>dw_8Xi5 zT1GJhPfw6Yd&%IPyhp}IJ1i*?uJI!X*8V~#m$Zfl+NV(=su!N`#u91Ij&B2tvg zY5iZ2fDL(&M!3%lo8irH@o%fX#M>E%8r zUg=!LB$pa25!YQ((r2WatG`TMEkuruuqAW=oaiet!OcBa@nzh#OX!v8F)!4s6m{?`{>{XoT4vR$^!-fZV zeN9}8$Lb_?Yh(*=mhI8!p!UM*nHmh%$OCU&s>qlj10g(`;Q~-)NlM6h3=n9NDO_!& zt%cIJ`e=W@H^N8VQ}UHArjP#gM|0BI*@U+ z&wq(tW)P>rREP}Y!IPoqnVe{ZEB9dX@gSNbfIUz{=ZK_t!?AAMMzS`b2n#~9wMF^m z)qv1d!jdR_gBBEt<|I!GbV|XzH|vy3Sg0FfDM_g1L6Ei?Zj6fsG5Qh*!;h#Dr--;! zd(GlSOOW|)Fw?~9dx=|@!YEWWIZUguFzNO&S7B1K}Z0X_y;u^DRd3xU$;{r1XHE>$si@bh=@$PS%UTXq;A z=xaNGDdNKkm3vOvC9%H+$5w13jw|T?`8K0g8Y{-}=s;?HGn18j?7f9$DTXg?tzW<< zN*mOazp)4Dx-wKPduSnvtTmf|2{rxgVho~LQLBcLT_@fn2UcR-w2cQ!t_nrByyNnB z4XOaEfe;YCg9XZl&;vdIeYR>E&ElAV2?{Bo(_RimFi<}UmTse8fSH5h z< z*(0jxVZ40;X40? z7jKO1SxTFhAGf!wgu_9XpJeMSEdrR*?phT?#4lT==QzEDFK>?)khSxtU!u+J z7W9-gLC!Y(yeM4!S3z+g+DVa)D@fV!aRZzbmNBX<)g)o2fdYj$S13rC2|Zq1_~`Or za^BeRKypQBeyW_%0*F~*THt(wAu!aoAu7H-%)fBWv(bKuT!;J;D<$02lnmQb9y2a8 zaevO?;Vj|NeG7iyQnX({G?mMN$(Tc&)UTD-m(YK)`i5~2Jw2~8zIiVK=VIK+1rC6@GFQHLK`VH zATK#$%T77T4GUea3H-y~(iLt3OoM#J@q8B>LD`7&srqwaeRrCe$!-J*P(Hb@yirYv z4a)4`W<>v{m1cem3lb>bgbTjaI$?2lj|Msj{)LICd248FAdrsJVn}HSfJk&V7|!Dv3W>ear#Fa z-o=;{VxkAs0hFYmh@2)i>|~;teg(SuJLxJ@ENmJ>{(g1FneV4~%t{5famQJLiokHJ z8g!z1S|hdXjmg#|+pF*nJC3uf|^(sLKRoyUD*D7)y;(uOXf?KD9!j!#ZA& zkVIh0AQDcmC+S+_5AM#v22Ws(dK;(=Rc2EwkX#RFw@@4Tt%;U$)o{KN&gd zoII1T%wFi3n-wTQ7OCZu10tz$>Mp#BmnMS@J8@I>K5y-FmQH@%sH7$pCw=lbnr@_dE;vXC-6N*5pN@0As9lqD=FqrFs;-_PP4j-tT8~cnQm<6zFBmxf zOy!P*$z=mpCceh})gk@qi^30#%!wFwPMlwIht_qs%_}e3HXlUm-VB+;jAEx9UV(36 zQGYm?*lQkxtmXU={IGaWGwxa2Bwp^9Rryi`jYIWM*ZP=z5ccPq zE;IW=w);h9S4Ll(y%bI?G4oB_*fGD4z3_$R8v4@jdtrSsnhkbGUz@%JVGV>{8@_;I zEwX!4)L(Om!SmwuL;lk1OEc<+#M0}zS-J5I-3}sJyWtBxW;|NE!4D$%&84((`pUsx2?R z@7Dy-0D?GO@2@X`qZw`j9o}V^+qcR%Z}jiv?u(tThp?z;=*6#HPyOvtZl!)Zp4s=W z=`F8=ZQr*b*keyj+ZTJB*X4J~`GXX|vo^x_!Ian2lc&CW_2)94-{YB?)t1*C>UL|h zo8Ief7{iA!`LCA!;s`sx2fdbLEsvAWsB~p7zSq%|?JeJ%Wix#K#-`i*d>c%R+}G9g zoA!fo8@thKPYSmNF!^@<3y<5*ebn!|k9&Dv5{YW-Y2pAUhpa(|h{N#BTvvj%Pt)g= zP5!4G#y;6cU@zO1``#STrXNIQ(JY$BvopShpboa-+31PtP+e^Zj>zhhIlr+ zIuy)*zB|`Pp*dd7zQ%*qUC+Ji1o(U#tEr-JFZvnY0e71h{GZ|+&qFSB=fvk3vI}pl zDtWAKf!fKFqOh+kwbsc#qw|FxyqL={;8I7Z&~gRa1cDJ(5$3mB9cr3sg~N5wPlHu~ zwTQJ3IO!3^vG&{GcZ=i&eO0lV^qui=At!vaxOE z9v*7bsuT;E8Jqs)4Ug}=`9ba}t-7}*&x{dse|-}pDr>5S=t#y{iMMe3{T8>)c>VOk zlL%9UD;!1Zb9*%CfWJkQ>G=4uD{6|@mug?&``lb?^VBz6akx#gndw>|68IfGY(1Cv zhJ3#sa(;BCoay?JcL<-m1uRijzj^KX4C)_8u0&_uQ9 zb6l@~hVh%vJOqqBKI(UUJtR0yPifxjcbyERSE)+-I(^_ooqreZ_c%fF`|M)|AZlra z@qhW=_J;9)e-$^Y>%KY<=kj3Wyx$_?Y-EEDCHj4z^RM4cjU#qCKm3cM0Ki{+-6LYK zcHGB3zIM%CsE_7$@xM09f8T=+e}66H?h}6hRF-{zi$==RfGgq(TqAM0l43*_@N|c{ zMbW{+n%q)Gf-_A{w0kDK7INEdY41tbB&4j2K>i8)A+WfH)73KLaJq11D#N1|CeK%X zane*^aCJV+i1UNOF%Li)CI4fbq;;C8?;)0^t?#3@s;KY9Sa)BrsF_Bl$a0(_Q`d1C zCz0p5|0ypo7)VHr9xsxS)LbjlIV_D+4tP73Nj z{`hi<$VP&R%_g9ox!Did2}a5YCHS{AH_17Sxj)caKV=4GQUSbBhBu>hqNOV>x^NZN zfKJC)B5G~Kieg@z8O&8V&nm`U+h}O6w7SG>vle$zRe}Q?X~^<`sKd;>|=J` z`rK<%2}jb^MYQlK(9G5mX|OU6*U!q`I9pRpPTrE-)=Y>juSs>RA=F4K>oyS6$JC#t zLMJCHi&jF*QZ?+pInzk|6FXT;%aGFu@$_UaNS_KfAZ1mZP7{OoX*SggaUjVG7l&bE z$v5$yYqPx4O~!*Fgg~38Rd9}p!&;&*wGA#TD^7G^O<0NyPpML5EFo9I zwo6AFc9D*9ZlZ5Xnb~Xbim4c3eSs>Fk-u|-*ZnHWO0gc@ zwT;&hHAbTvcx1||V>?oi%BSuxR}vxBC3&$ zk9He*QW)YhjN{lS86b}$gLd+c?uG13OS-*vop1uzpiNz|;6AnQE~^=iWJzZ{j*wi4 zvK!8cPVJjonU9w+Fl#@s1H|Bd?62xi>Kii5RlwwQ|2|i>gxRZq&e$p>|2Wm+Ylsu1 z6U30zy%VpArp!g(yx&8?prcX?T*>@r8(sxa$8%&z6F-T3HTCGt`gquiAI=Gw?5!iq zE(n7S$Nx334o8d$$r4Zp>D0CI&}ZtM#XBzST(2?avD52xl{ZnK1kEzzOMd{|%okD5 za3=+IuXm9^R76M#=%F@wQVn~znJBn3jCSCT>%^yhXI!q;sW9h{#oN%TO%z2>6jBnz z4yoUEq85ZsS|%L{d1D-|{maZvuqT9vYvy;7%;*8PD&Z(aa&tgdi~bzrUMme4Wu+8a z%%l4i-^Nkf1lP`E*jO%7VW^0%IVKE{a%6WjlL~!u?BZv_VuaH#!3Gf;5q28#MxE7`M+X_hj}MYp*?Cr;7$y8JBrr-qY#)oLtpx?L zPB@WWQ5700W~UBWr1|rBgz(c-(gC+M?9$<$8#9)rlqmXKc`P3>&N-+my0?MSLOac) zzVa7$ubgOWo2cnvPn&D-2b1KSo)<&iQwg!5C5V??qPbvNDAkw8cDV}r4;N0T6^|XX z1z<2Mb#Y{Es*qtYi&=-X$340Z*d3#dQd_O>+0~9w!;~^)iMnc5M346*)YYsT5?d75 zF$1pz-!q%#!dV2m1<^zV+j6xo)FR{~++6(&&t3*P2USFY(>N;z6HiW>@ta~41g zK9~BqYFr3GI4ST3y_E@18SHcTe*eG;bD5amyJ&B!BDQO}N2U3#0%vPbuO(B%aCGlM*g-D;3q>Jn0tT${$NF71fQ5sv+>&;_`n8%7^fpU*LS0knudnFs0QaB+G+h({d-4d!F(zdqDE z(fEEG6jU?nBFpO5dXQJqa=&GK-SFE^JfgjAX+1xsf68BDxwN}BzzG;=M=L7rxd8^YK7HQo-f@0+zAU}C%XjlZG;JGyaPD0Px9d^co}fn8 z*PEC~i%VODVoSpQiEQC4lmXxPX|-{QLrCo(HRj1r-z~C;w)}_YU|OgsHn%7VuOrrI zzOt6Nz{iA^UWQ-%+#s)^6&KfM6RvZ~Ov~5%0O9&8NvlWZyv-Ei3F}CtXMwnEH3z3J z!I=jc{-8?Jo(;Zd(K*i2vgofQC3`%xxYH@SAHwM#*M@GP7X4x9H}4_GsA?MX+|gh5 zUh8-7CfvMlV67f@gyTjgl&F6D(;1|!hka!Vd4lsLyvji$CNxg_i?Q2FoUoX3a8WwT z{q)QZuWf>+WWR@7nhP9olC{Zi@9Qb~>dRCV`R9-OM7z^sZ4*15eLouqE{$WJy4MVS z_mjm}m?J#j?WJWurP6fJ(zPMTmjmv#!C$Ho}h#c$t>@)T9S&6~kv0*~+Y z>lfcz$HkjRr=o|n5TvugQ8gzJ|n zH|g^uTNSc*lDF)YX+PJqkJ)YOtzHS&SITqMlfh+DKjJ9C5K2Km+oM1fz zffectG*$y0#^BDrh8lSeN?ep2<@m0mndE6m%G&5| z>}z>+K53iAB(pX#vngdWtF2k2N!h$CIq8yW#kVNlHRv&^se=;MDUnU0gUM3)kwQI@ zk@9*1_j~ZSk^`_%O=j#k=j~5DzrWM3zmGD%Ctjx;=&#Me@(PI3rMy$@S)zb}&awFZ z4rFYc$5T;Xsd>VW7uE@K(FrQcD62MPk+_QtXG8RIk+#G+5ut|N0j|Gnc_IC8U9(9UZ7ftCVVES{(f3#M#RDcyAFW;Ebq=3O%IBQ=Qh(#Ncavo4 zcA9=RKdw2)Tl~F%B($;kVgddpgI+GC_2&BX7Q5Mj@R3cmi3HY=Dc+1F=`P*IHph=j zA@}gW+MFN2JHRt+~w<38xlecpku+A_*Ph5_Z+m+Ka|DM{lp>!T2W* zRbrSc>O?$PCWI*mruhh`jH!u3opTylk{?-d`i2(yS#VdOF`K^@ygB#$#|&xm!I{S( z-P>&(f4h9n;8?n!vu5v;Ruh-Moe6Meq1X=BWKsxvX`T8TGt?JH2C0iFDC+q9v zS0iGqo?Xja0|yKHo-Lj`kK^6L1uUYL-?zbTa&3KM?~%!128G}E?O}Sp4Wy@A9J;Bg z8s4{w=Vf~PqHCs-2->7*|wt-{SV68V&pNE*oxCW?qO_~847 z3i#zeFs(&NyIi`!KtRwxZztvd=bPzh?PlO;qHknpV`FFQL~mek@1xXf+s6pkd5^9* zrPz+=x*7wT!5%Xo?<(+D3RRhQuE-Gtwe01Y6VEyv9aq&g%j|v8wYq&Oe-=7OUEoR@ zRfW94=0;I=pqSPRb{5GMR86jO(At8+aBj=8uFpU=1HlkaVq(N%du0E|x_wO|&W|BK z*gs-~b1@~TBF&f*%ak@|AQNd<(wGAKL*V?(6I#y?vewGp;abi$2Ff6kUP@=hyR-3u zu{)ziwqLb2Dq|k>T4gQ;#vRFFaqE^Vo9=?T#6PhuBam3Mh>SKCpR>(mbJF;{MilHf z@$V@+9JwE4Z4J{VM3fse_Fx>V5C_qU;k$(#aOWgpHAE0eOH^?bOcST!(^+A|siL;~ zmcn=)`uy`j(S|)j9H&3pS`w_+5hmuv+2{Wn80T@|xMoowfP3GD74}BA@A(>NQD1IX zpOBf{_M!ur1fq3U9-DVeRhOoZqv0Do!1 zXJ->fCk7Kk3tNVt%g)Baz*^tj#K8W)i4oe?8!FgM$L^-ya}J!h>7=q!+NC+{mjL6e zDSnWMdUav3RFZ?aQsW$eq@hR?ZY(Z*R)&L{U_#n{pAyHP@q2px|sNo*avqg zxF84UQl*S$(|ir};~iW%Yr-S~DebyZ6~n4r%plH0wrK=*IZN)~IpEk!GIeuYCyvag zbOJ9?KivrWXo=>jVTHkC=@ZVQQf$Lb+f}tp`zfoXcrxhHW$8~-F4$8iy-|e4QJm&e zWT>*$qULJdGq-v`dB=s`<+1T<@0TarJtnAFp}wWc$FBuv1SnAj3aB~T@Bk?3W$2p9 z4?R-gh=1qciY!Lqkz#p+3zZq>8BDwejJ0T3_IBY(RQ-%DqeT{|CLqcv?D3MjU}x0m z12SBuQmj=}=kT?^k`2%BWwWOF<->9yyZZYH3XqGAF|<7YF>Vx)G;q|;Py=8>i2q?Y z?>%u#+&7|7WOUR`%(bBnm0+Fu#CPWsJk<=vz>R&OiEfs+jZoTa}O5~7llTsj{W2Hq_ zH3Wnpni#w@fm0Y^<;WrwM$DCnjErF{gx2SKsj7?~TbR6#GAUbuGVudF?DQqiZkQ{M<=0poq-q|S! zZDlF>f*q)kgeHw|C-l+8N)!p&hTI?U|0y^9UK7wmS6+v@&{WUErWi+$SG!PdD8L`t zgxoJlw^~L=v7{2%6#IuC+K$8OLJ^~+C=|S`196nI-9wb62xcF9sTq3-f3Rpz8)CG4 zjGleBCD<`;;-hgIq8Hqy;+fBsj~ta}Q6N7mgGO|sIG`;&bu%;}IU^e2{itL&Ta1wS z8|)4{?u)wRl;958S;J% zNTCPTxX`VBk?gKI!al2zW{z6SjG};Z88eR2u?ST3obpb3cBFdc zhmXN_5&5%xk;kCLoBSO(Yd-yU!aH$%PRvUg2`T>d5PsdxXzN)t^~=bvH&f zSRV81?d*5z*Q}Rk(R;_u{`2kX>K=j@e?>O*ZTNoD$Gj2eQ&v1Kc8e<^KO>fBb_t?f zT>lKpghI2OcJr4qg6aWt? zx|`Fw^i1BJ7AMVAS=Eh=!+f5_y0b>>n9J&hGv6j#Srg6irjI+{;Sjqd#Jjp2?aqnj zd#M{u*T$`~+VQMGnjX&aQIwo{$8u}AmU9@H7PF2~yxO#RFj{BFN-?dtF67o6)(dxQ7U%+Xol zci#-2j$1$dnBS}OEbkDeh_SRhx4D^^ZUh!m_s$M7pWe6Wm6-U6x#tqGc=xf{+Vj58 zklULLuUK0j{im<@QGR~Mji;&C?hl2ft{X3Rsdig;wq=ar-D+K@>OHFL5unIzvB55~r1+=a1OcuV4Rj zs_KDyqrU!85%)ie;{SNR{$Hmmlm8g~-+IC(q1UpX5lQ6w6(+yFMmRrpYYqPm_;fOu za8=tYf)@Ic8Z*i7dX0{(MQcWso2A15Gc$2`i+Siz9@xRS`b51+sLW9weyKKdv_xG% zuk-P{Z6yHs?{r!d?I(m)Xk>`80a?Cfl)6fMz=Pj&%z%q^PNtE`tG{GPyAZ+-{O!){ z=O1-@!i}=D`oW&NrO<4?0QfWBLZ_mbuL&guJ~=*sLn25U3Lz;Hl-jdZ-6xp5i)u@x z@hriJvV$kX3l1+6g{Q^311h^umNrV6Z;<7)`s}k-DF<3N3MZU{*f|60%7fQz@_t&t z3GLL;&3{r3sQ$MI`;Q0oUo-rFjoLffnK_y`{TCp^Tf@U0RUDvR zzNR+YlGUXB=Zdu2I$Iz1OGePZs?yyYFp%)kfpdq4R62^7BshYTxTcuWG%= zE6^}@2oT{(MGn)QEC4-Iwz&PEZRGG?cM5}e{-qB`a z#-PNc@jQB>+jPyWbr)lT>|v;U%RfU(-4S#tTT^^iwAWx}JU5#D!Vn>PusIF(W5;at z=1URk+|kzl!Yg<7YPAi=Vv`P)zZgNQ6FhwT&eZBI!XZkb)hu=uDrrdPM$8M%ZN)m& z{8cHNk(o{u8{Wl(bSW@olj>(jEE9gRrFRy;e^>7T$m={RaA>pOOksPytJt*thh~>* zg)E3w^ADX~S#wJb0}N@btB|V zhBkMFa!70|F<2O7l2|)Rj#Te|VM@3EBH+(e9sF3TWhu5EwE0DIz+4zf8SI{GlBJIkLkuFv%Ez_RxmZn~2raWSqKO zgCu7w!xw35u}LFTF!gYWBWCm1i$a0tKH3$WUk1Un!7uWx1dOFaWz;L7Tn$P`6lQ@c zMUwkG{3+9&nhT93x<&x(qS9Kn{ywn+#>@5O)7dLXTqNq_;6sE^NhI$GCQzRLr0Qn< z>KL)#9c|qCB--zJYUu1cGySqY7uczfA3EV{SN9C*?3T=<3#pu{fo&3kV8+rc<G?=frZ|p#i_Hw#Z^38?+*q zqUcy}4nFe?e~&v*kqDEE^6L!PHqwA9wQhjAqOtp5@WR=_t5qrJfm78mABkR+GKMin zlP&_q)entb{4S|}cgg7qm6e)W$ZxNU9Ivz8+^OO+6E_QaWg#K@)L7i+TdQa1N7h3} zUGZ|byS0VTyPpN?%Dl!lyEV!|3@=@vr+Ud|P`_18yaQ;!Ab)Q;e!SoB8*jvEF45>pfj`z1jNiadvWYa9BI@2=6z!I+{mFRO5YEIt?r zs84kN{ZE%Q<(#E)^RDr;r9>8U?P_AqwN!E)FaNS6i8bQcC&?G|s(fu-oX8sRAevcQy7Dx?p~1CHU$#B!YkPEp_Hy%qTdbgk2pJ z$UIAJDV_7hQw5$;@=ni;U?utSS>!;}vQ9eJ>6&WBXWLc`ZK$-1W<+gP3iZ0Gj09$t zRL!&p&c<&5Xm;bb?4(<2JC{)6MTr25_F4w%b;gLlFuF^FYVlM}Su1N&o3jC%8utAsb&aZ_ z*c2N{{?pbhvcn3ku(hgvQONiyUFz5UFMQGO zY2d#_gEONqA)=r#E9cbeQ($zVop{@@o1S|Z-E&F%g1z)xy0ov}sewrIJe=X1Y=V$j z&jWFYTGU{)6e|kp(7CR|rYN_#WHpe0lRHK7pFLP%9ya53@qUXDb`Q-hO*9#0*Yxid zA;d2QE}+)gJ=WT`*w8UGHsU6VFYBAnUL&E1oAz1b_nZqqrTU8D2KPWfS8zvauDxMr zv4ul^RD`I-p83YD2{Zz0qq!ss8#+1$HyDzjw@nq|^fvTfI3$XWc3iM5dpV<~;nWU5 z$ZP5@L(Fw^v0>l>`z4OOit0cU${ z@(ESDXbstS0UW|NGYkRoe!Frjm~C$D@0z&v`og4^*ssVw)9y%v!?9tC@JePlBjRvA zc;)3R;Ii`5p$6K%YRCfV`|FRXEISic@U$JaVYwUOE%~QRa^b_oKkhYWCMTpl#J;2X zzZ}qgypB;nZqZ+N78)OU;toO-t)+=>{(VwBFM*IOL(qBhc4xTC2kqf=ao z)s`6$yx3tSc(Fomjqsd!mf|a?F&t_WOs=;bXun)%9HaH{p*j_qp~x_^bfMyP3p_7j zPSIvjuZ*ByxCOJ^SJXU;tPonD@nv}~RK@qx+i~{Yu{<3x2K!B`;aF6>OEG{zjAl@N`t_iF@NxdT z?#=}8G6e|afBJH2gxtKG`FR42a>+|qY>{i(iCyLC44+v=E&{X$<`5`x_lRJlUXYn> z9g|*=%e@{5z3cN_4+_oigm4g`u48V>e1WK%L-FR8>Vsf- zPulMk-jNV+!LY{WN;PgIUy8?xnBw@rSqXL_W3__`k`>$1ME2Tu)(OFKLw8UV%iK?S z5hyB*!XlblGx5}*^o)A<|4FzJini^38Z;Mk&s4fWiY2nrLjB79*;ue+o5ep1NVo#B z#z8Lq`;pr=gOVq0RCb+%29)9<5gOD198YACd9wgQD8YtSt|(FB?)S&ARQyn`^iYlf z!^8>-z<)Li_t8M$%f&p1ACkM~;xGkszd?RKWK45B>ww(H94rUL^LVKR)rtxNrcdOL zj(=~CL4zxx$+>ow*1z!p8Tf)#N5(rSHtRZ6nXi{6R!GdI zQzRyqpMJ`#3$s}IY$T6fOfn&upmvAmn8EHFOqIaRx&_i6LCAw@*BZfCTve2v9juI{)IHwW5Pb9|qw=D2}4NBJUAt?z%abxuKo z1YH(x+qP}nwr$(fwr$(CZQFKF+qQQ8-KX8yh>XmtjI5W6dZ@VPp6@7|p|?PFmCr|A zfAI`^s0?@3O=yiQNmLnqc?u8tVI8u+c^sd8g(gB^|1C@_ew}JPlHE;pU>+1)&?L81 zVcM-^T+Zh=&M}dJ3f&_w7cnV6gQ90O^6Ua!!i?U_aD?=DwM+Lrg1Vgo;D%^}vlKlZJr0&ZSnIzT)xwfEm--m4~ zRuA%ZE5^a}ll*{h58`zcrhTts;F~UN>fqgndM%FtjXvj#A$+C&JJKS^2X-#-ju$7N zI-cACvZ{o)oq@8jDOe-yM$g1eXg%7TN(`xRPS?~a<_ z^|bE2DI}@=w{=zh<5^Q~lPu+T^tbHGigvZV$hV2GmCoo(+t+47Zgg#vyk*x$D>h7_ z&*bZc24{=(5d4qrYE%q{ZyDh(z2R3EGsE|t-TjZh&cW+RC3GLZy6#(0$KUS~F&V#g z{|NAT{F(lzF}EQW0`<2f&2(3Z(Ks_hPX(qQXF3^rcB79b%yhedCr;glj>b{#<_4RU znSPAu_`i>J(re!%M(qLl#o&GGeoYA^5A(lJABMB{0-HF?C%YsPAE+qP3}DPPDKTd2R7apbKlCfJYd zv1KFPO7B`PQz*T6d49VkC*$Vw z*wrGc2)+s>C&hoFI*|U^Y(0pCoaMh4J_8!jmitybLzxz$Dhx)r4Eizt&UQgHiRCzj2bb+EteA3xp@{0Ndk{(;d ze*u;CM=!Z;0dbk}4x+AuhWY<88QA_yzRW2nQ+%mSDE?$@cGUtS*Y33SGeeABh>zbJ z$>#Nc%tiN~RA1=np6lxXf4M}F-DM|1h4xwc#lROR^2!tHJ6@pg_rN{t;d=qps)Y}y z?DKj|yt5zu9j=qd`!@HzL?s{WWAR02{l>oQi`?qO>c6Bv{#Mdk_0#OqBs~Wd z%H&V-R=8|zW@osDw$P}Vhj$bNtz{qhwZQ%i?h1Hnh>P*%G0U3eM|(rpx(DPm*e6KD zm*cksRV>IGUJvU=&UrW^r0|3W)3YDD$)|Am^CP1_oh zX_#$V;f%_efHv+R3IupCX8T)Y*F?F-q?b4Q_OKGS!0WFW;w(uI^z4&Kho!U=wdJx<%#)wsDgXxo8&^CHVi+qr!bl4B|d;M)#Z4jExg%t zE&<>A* zropr;Hq|oOS;{Ts7=mZ^)7-)EoVE)2%X#dyO?!z2)VNH>pM4qz3oegl+b6)SLTRvE z-dE5+`EhcZ7HMk^;LF&ul$+@BD7EtS<{f{_bOS1UxT>_Ph{#~sOwF6qZ~IhM7TL=B zsmp~(xAZ8ierb1(JJjvj~p83n*kD(G~g>Y#BXBEJub1tSIX=6$woLr*9BtiT89 zFP-4OtA9Jbt=jeiP7Te_`K}e!HB9?zSg14IWafHYI!QZfUGk4U0yFx&j&(4%FHDep z3XjY4_mk%D^iMIU^C*$2g}u~|Qgmdq&JK`W2ZxweUcM1)jDE^yy#tIFrZ6=}d~(&L z{w0O^B;$d$Z2H*JPv%aHp^VLBY(MEMGu4O5^nG<>}cP`hI8YbK>DFye@J-Zw1QtbzrM5 zDNpt6C2&o-HJpQt0WDw-HMO^-$f92^;dYN6`g9>LTJVEEQZ7Vk3FBw3>8oL~YVqiC zaX&FTP|#HBc)C0T`n_iPrSNlkHa}#~YR(_$uqt4;?B+YP{yfh=nOBC_ku249*Jyxm zFZ?;x>pd@s@>xa8NK#zg!X)?QN+KhT}XfZ&EJ?}mBw3Hd5tm& z>RxB;C>mv8uuU}(47DA8>n5hdUi6ch^x$w+n@eMV)cu!Q6r=3HbDPI6m$g<<9_zDb z_?Tk*n)A4=mTC%imArSK^pd7p>h?G!+orA|llA?#Yesdg*TZ1BUaw>G38<}n)NwS9 z(+AcCJC(h|H8Y#G`uZO)RPc1dKJN{rCd=)8;?VI}QBl=!<@u|OyF^vC@A@p-llm#? z`*p;_#jCX3`;#oY^HBn+^Hm(b>>RyNozER3=cR+N>T^h&eYA3nB!#7gZ&H)a`S%B* z?`Y#g7MOUOd)Aw9>8ZV$lt%W5GuUONk6TpokqUtaf9a^JH^#e<@-@zKTl@w)%X^<`TmG0Hm^Hy5~>w<43jmui3^a@TZJH z9&pzgrs4CJKuoTWCpVZ>`F0$h(ax?dz=&LKvy#us368n46%l6M>0Y3 zg)v0x(j$GO6LDr+v=v4T|M37wR5|>gv~Jkr7q>! zCp(p)?T{u5SY}ELIwFS>PjfCajz4`|N;4{f6Ukf344G}-&RnqPL2Qgw#whkAhj&WN zRA&9Enod$)q5sH+GdMvq`dZR+a{HtVK=I>;#!4twJtrwLqYd$ws!+PkN(Czus!p;( zK#=r0g^{H2bA1oTjFy2Y9b#1qRY;sb@M)ZMc67}8qAL?zNXtx2z0t;1O5)Z@#!9LS zN-j!`LX>MFSRxfx zvV{`FX~Py~@NNr8JwlYo6GshjFU&y{tDJm6d z6JfmQKft+ly#W!aG<_<$zQ2i8|emF7QTB5?AI!`#GR#y zRc&i}$ZF)T|H0I%GLg#_CML{Y{(iMNX8h)Zg=z$#hYx^%^~3TQFun~bLHHABz)=$* z1RA0S_gg^(xgGF^`?DfID%PVJ2>>a@3*rn56O{|VQ^rGG5&|<3LN6L3AN8A!hg>TF zc;!R92ty_h3UWZPI>5vZQF6e~I6!9ZLwQ54<^Qv@a&7y&wnMhr+%^iS#0s0Lhbc+}t6+uENgcHxh%q#%y2}pY*+dAUJ zjzMxD>N=1`&g1er;CU9Z(+M#42KAnW{j{S5IdFy=Fw_pOV8o`~L3c;1-%qf(Y-WUJR)pqKK87MQ!lDzDfDyt-AxJq|fP>6{m{LB-)*XB8j*RPo zBsWUQfr?vz+?kJdvCpzRglXab=MK^v#PoM=N1ko!|GE5`Jl)0em-ezodIJ`42 zU*aRxdrEC>JH~Cc{*+;)f$axq2X}b`3`G{IxIVhb1%l$|35Xp&z}`s~bgD3A%f84E=rL*>bB3^wO>q2TDkIIHO z9uvtSL>Lu`LdFRLtfgZK<3$X@8c}RSm25~`Nk}*$kaf#f>%9d2p!HrdIxuI(H&vPp2~hXD05L-YxyBSBK>;{+MD_V(QkAEp0B= z9a+t(jwg#AnkCk_dm+)$zL!Ov7ImEJWTy|OaohWJ<}L^Ab3=ukvT8!^w;HiJ7hDL+HnwQ2F1ZP%BTh z3pfc-U+`*D9n%KSwMw-mS}OXtHw#9cm1R{U4JW$qLY>~~*r;;^^Eb=-c}Nr4AH`+~ z<#Q>?C%We}$vVk(@x6kR09)OTO?_-`($L6lasZh@l0`$+3e~NEYL8h0EH#ux=R7jd zRPsYH`v$-o8A1ZL?xeig)>SGE0*lAh+B39=A>O6wGcD#~i^tBTk$=fQC*n%I8#ZXa z*hV^|pQ=H&0av z=(UWatw3ilmU01a=vSmFdfVD*F5_k@&k5P?W|!U4>CxWIpgy>rPJbBO&E6ZW(0;UT z2OzQ5=osP`r_mE7Ss#`fg=Auzp;sVup0t@n79ARESTL(4-(9A%S=!>#-pr*iTQ+l| z?=fX^`(M<#GozL-R-N~Bq;8jM!K25ZHXZIyp}V4=mRrnBr@7>!7qc$RF36n4wpg#a z)?R-Zd4s%3oM!JFhD1ktnX&NdP0(Isr`)n$Vp*WO&C;c5M)m?|E-hAc@)Qf=hHFb7 z8%ef!^GqCs#W?re5=@@lWyWoU_9ME5Qx$X@fNrf$wp zu{~w}grm-vVB$a?XD8b^y9yJehw&=019O?cv}ojdm-8A~33~}Gny^rDmXy9UmdM&* zkOM9*8_r6c(e5b@ndFFLN}9|D+lBuo&@{ZW+DctOUZ>kMnkG@Ulw0p4=YA}wcpJ%6 zcxU!JJXkJqZ5R(GEZH1dnyobFV716zNB@DLQr_HXXF%SG_z}?o`RMv&PN|15(c)&T za#m*w8yf7VdFc!LR+A!gwgk^X?j*HymTSgHUADz!F{A>K-r_OB0MJG>9(PZ1(cmiD zbE)28Xqh`YkohCIj>T>gB8JV1cLxtU;j2p)$b^;XDw8QW0cNu7EGIbBO1ChphbCy& z6Q`1{OJrd;>?cKLyBKOf7KcH38jXj@&TS6o0gDMEVmh8WEn;Jm=%Jif%Cd_W8a@X* zwNy1`U?UV-$YePQC}egM!=r?@Iu=r2fab9!DujFlD36khWp{z}B*>xH@*Q@Pc|2nX z7G)A>lnLL+q=JVw88famc9Q{1PHcw6zY{WsbqfQ^2jAvnHP& z2sW`{#;9Tx9g}I%I%!q~wvmG-)qf*itxoc;0Lwdq5pc2>NdVbl$b?SrP`Yd;m#8VI z)_m$BcP8g}gOMoX($h@wWIqvho(FZ{e7NJ$bNxe(0hQZd_h9OPm((F-h&z7Zoit|a zM+tJOnx6uh5Hm)Sn{ozlqLB%>^4LB8Du9(FqMjFon9CcGfGJlE}dzr z8~HC&IP^qI`ob11*g-DwH5Pb)u$} z2ESpL2+WzZznBlaM>&^I0D+I3(CHwWvCtuPLH1Yo@2_TXVXp)U=g`K&TtncHjYYLeo^m7Go195fPUD;oULF z7y}ae<+L3$)X=J!Haq+BFqBpgVvA=+?dr8wb--@9ZI{sM$S@Z2eEE5UsZ{gV#0#Z+gW;Ts#_)!uu~Y~Pn)Bn(ML>@VD4SeQo*U;ElY2J^ zXtSaj)nXgV5)UDp<(E`g9T5lx`-o`aUw*a#(S(SJpJJJOcJmV5l#^l;c{g<-!491j zX^6$4a`YB~e>GQ0G1}p%b%t+%0(cM7=o%u+5#@9Ee-jS2U;->JNRho#4jjAl3FfK1`p#1MthQ< zL!i)i7xnRsdrC-^$}+|Ql41I_N+Z)Vh1!QsY<92?T>(q(Zb9EuvrTv84I})jg%3#?(93&P3uyu)HNqpLGAPCfU3{f> z2f9^Ib@Vi~kOO6!$LQaK4_#(#hBBP)goD;QT(F8cb}0p$mf>~3erx9+8C*M3E}lCw zIia%^OVldqwaPA@JwxmSEK?0bc2Q9%mu762NZeO3Z}QLUVk|VSA`OZgYPKk7Te36Z zA`hhg2T$(Rfc@ODdYaIZ;`5tkWX*^M4SLtXj9p^4ase@inHa}*krl0^#B zMHnNrd?`&?!bj+5G~%uYluMZW0R8MiiugvBYtOmjFOf z%3wsC$*0>D57|eCVPR5Wj?{5{NvGQ}V$RL{r~*yRlkg@I&pPdD**ijfv7L63p3aCR z9ifj_6B{}RF^f5eA0}Qczjk4)Q5_t z4HmC`Bb1TgJPB=7KO|(f0jv6H<`%F_-Zi>{i@9Hh2aO!WE;}r5)U?1;Rtdvi1?Hqo z2(HHzv)QoXZm1*_`g#&0Y{H&&shE1FhUsE%g_2X20W6D^Ip&rHdq6Q@FSwU>$%4r*k+2(k5@ziKRtI>&mZ>h z_)v090L_Z4J>6x}Sp9mxy=L2h|oi z7u`i;+HBcpExId5x7x7HS^0L&+QFM}IgAGQvtb?Q5Z%H?_?AmH&0Y;9aTs~v`T)bd zhW-M$oXlx@i=wR)2iUd^-`- z!2Ly@f8$+jO9#R29-o5s-?VfZKLAER3Cs6VkNN~)+mWCDo_67X+=lNQ0pWXO_0^YM z7m-~D%JiN&;3lkw7VPPh#t~D%&xE`9#^R68=UZkB_U8-t=kwo}v+_pTWySsr8NdmK%o@8GU3 z(3&|^eso0HBAjgUgR-dwd5mhUtZaL339b(}Sv}yvLWf5>`AX?NdIM{~-a74EiT4oe z(ME=6#tPAW_Q1{m-im?C@m?wB-ecsA2!lNeo#n?{quZiYul62&`>y9~(u0yLw`%IW zbO@YKoG6iATAv;FD%ScdeJBhfve$)&NUz}=ZRgJFb(uiU+S0k^c7Ms}?&TbtCII%n z3aj1s5aO@@(inQDt}l9=19GQcK&?d+N}bi0Hr!l1-P4mg@!yv6y+OQ%a_T7L@yoY= z&CQn=lfDJDID%{#MIOv}q3+ow6jgg)1mTD}rYKdJ7 zP#|y{?PI8f+V4e0-4;>^AK4O|+(p{Cj8a+=zLHh6wzHc|myUsCvjt5MBQe$@QTs&C zKD+eAt#Mc+_@FP=SuVaohQ$qaSs(1YmUFCl#a(e5R(ehGQD_(J{&U=H^KnS0;nPa> zmx9zRC%YqOaGl?MlYoQXo9T3$euOD;u*>KhYzVYT7I6A&eIoMF)=w~bYSUT)xZyr| zy2m3qviIZ;r*|lM@8K}eRH>J-r1{ zVDwCkW)KU?KwPsdX)`)5Mn~bVx4aU!OVZ&H(WMVM=-Idr6Oknkz?%TEyxNterQmaY z@wK<3?*5cZcgOteW}UVMb+y6y@~wpPovclJgN|j~hTe0^$VOLr<3cs_C zyt}dynyLx>BcmvK|K~5O?(Qe*Z3X>dP185ff`36-azURB!_!?F=EoG6FgYqAJIZk* z*d#sct4dG@JWKnBDbPi?y*&bdvA}QD5Wa{~ow$-;$dU0Dcg?-upEqF;kwy76ysGlE z1>0By&F@e>!vr_&opGEW27}x3oGV1Fw|33U_CK48qeKmkZ}E!jujP2>I#KZA16E&a zaDFgQt%fV#WOTk$%L%Eo>pL{%RlqNY8WesO7K{30U*DU^LJH4;1TI13^SgXXb!?#< z)}c1f0@0$7)C+UI*vNfmE!^RfV_SQi-cX)x!nfRx_gu3WG4>f6(i?aX_H3Pq*(oBTddxS zq;>qNicA1M%IZ0U<$0KZ!g*o&jI*r(+9~aHb-gC57P?RG$_(|PUV8ROcY}Ox6MPWY z$sH>``nSXVsOk6&k_}6j4x5MKh^BvGvD5lTi0a*Wi1DNF< zfP^3A(%ulP_?>0;Vf)nB{PJxJ7^rKHcFd~UC}uZ5Pk|RB)|XoqLOlW$ zlUw(jxd@JLQR~E9F~(NMHTg-vRrazyKHFv&IeC76@6wWeEXAVG4hV|$h>CE2WNnnH ztZa=$iOFe~`LUH=#88C*0Y9L(3wkd3aekNrTaX)msa>wgF7`R{zGM%7&+m+b2VI}q z+TZA#wyx%?QT)nM+`r=6NQwf=4O2Wnks&h}byNF3m96x{!G7WYqnZ}GdJw2wZ~aCy za|BJKC+LO>28B)#NSk6L=12%xVoWiBF_Ueo%16;yDvD_(vuab7oJAChCMTmwa#tjm z$cpxTI(Xvk-QIp*`eej?{;B=kyuI8G5?wJ*pw);+o&sGZZ(5HB;fpPre>O+X6`rKQ z(S$53rU{TAS2B184Mx{^<4g#k3|663;-L8&486l@1kL9V!Y~yNhlqwYjX=3`>tR7u zQzJvBL@}4hnj;Zlh#Ckw|1i-lADl>?#njTz+AohYF1_eRv21)GBJILV6=Fevc zVGn>H^cEb#uZi4SAAy1o&Nl2ETCReIoaw|}EMQ2mk|Y>cyVlyQ$ZM^f0XK{dvOa~~)-XMs^$2xgUhLo^jqQ(*f$^+l1BQUbm01uaGAzmsG z^akdFtCLR~Tr93WM_37fN{~H62-Xk70q_ORARPe_Hiej|KWo(3EEb;EM|Wo{Pm$|i zbm#}J6cJ7-CUwZc4lbFH*oT%7KuaaFmQ4fi-SB1MnjYnzEquiRm};5;AuxMC$evJ=2tj%yiWMYB#1uKg9Tg-Y z!jw)D$ASt)=)RSipZ9cVq=8_86Waaq)Qp_#yFkgWB?!QdcgEDf8pxCbDVqYJoHZai zr}`U|o`h2@JzQr>mrreE$qZorpH16zG6?WH_9@yK>ENZ2mK8nJe_F80{;-xe{fBTjKLSoD;mYlGM%)XVQFN8LRO0< ziw&|JliCsxC9c3=?1=XTq6F8#;@HV=Su)w~^QfT}t)79TG&X7Wu`+ORA-$o8V*t$d zH+w*3C^Rx_LF|ABDFmJYK+!riusA+l38KM-d_ZABNXtSbOfVS~EYs3LE2Iz{_V_#; zg_T7yB^dgN(3*$iMFUAN_I2^4vv^5C5iKR8$=NCD0aMLL0^gUWZ4Bh_Zd8R zaRBSe868m(D^@l@*~pS|CgxS3WoXXC5HwCD_Pq_L0X7zD&P(HgLV)1hCVB9^@fUv6 zsf$L(NiwzOXAq2=_-PZP#Fqz3?7~YJNgTND(gDECYFT%1IvNJdKEN!|qN<104BqmI z|Go=RQ8lgCl0nHy#=hqI|)-zzi7V$90LktMe4J@HGPLwriK=y*h zxyi)`38yUg&tqvAQKg%}L&w`2Ncj2>tQ3-iSa%?wl3_OHH%znv@Wq*etc2Z)>GGQz zSjIS=*;M6FBcw(py#;3A2n3IWe#%T*VGxWg<qOR+5 zKKV9C@7CN~-p5VoO@9)T@DcP_Wgna3y+onc#ya_nV#`Uwd}Ne*v36F~BLA)(VpQ#5 zk+Xex_S1B24Rd9z-rhNJS;@5N3wDTRLSqw*td|OY?Gt6n4(GMuTB`4W=53|c3KM(0}&tCR`*RXarfBb6gg9Zucbd^L%~ zw>r!yF(1y8H`XOaB6T~F%vYk!XHTk-2f+`$pIS!Q^nYIq9%mE*=cxZwgk;jh=!eI5nTkt|K0g%Vr9474J@pp_u527A+0ZykfMMc~rxMfk!MeL(!(}j;_ zM&;WV@8qe%cPpdP8o;(Z@!BAqk$XIl_3kSv{3`TJT~Q%D})U#O?VN96|(2 zxkw@RU?~NFt zrwa!(GayHR1cT>kIQ1~B$)X_+Au{|@=NTB|=2#EKM4X1dNSOKPr)j8&AaRm2Brtx) zqK1BVq2&=~(f<(txHrD*du3vYD|TyO;2}n7e)&~Gmy{w3@jbx%D{G*<<@vjKRKbIF zeR)aweulDk{OBf{?9s_`3y!udPImQbb7eQTP5P+2IeA9^kz$CD_tnzT^Sd|Mkjxbghx4wz-m{%j7hM4#P*Zc**ouHoK5!_DY^ z3rgOTIY@NqV-NnaXLS%J&Wl!eoS53mKkJ8nn)_RAEa}{MQafY}JMgt_u*oTXToxsz zWYmi<3l-PMHQuGTc7v+AlH@ZrSt;vot(_XL`y%n4R?c#^;4j?YZ@Bhpt~vw1MT6Z} zdDwW?RM)D$972@G_Kn#+P@FJn+jon)y5pU+w{ehOUbuTHD{+HPeH)qoxyRYh`sDK= zw9#X=cN$Uls;{*Y`~CA)(Ry^}DJ(QE551xrq{kLSb-p!-VQQ||26?OZ;`L*5{%D@c zpBu5qfyd=+ZhHJ9ZWqU*jNe1=@Xm&%>0O@1iD0DalP{3m@&rJusUvPbgX~2L=KRZJ zh_mzDe0hhV-?n)+pdD7Cht9?4x%>IA6m7<5clWuEp`O(-bKmM-+ur;&v5|I~9=C*@)V;-TJ>wf*m!)vN#L;$RQ(vcFlpUjM;+1x!rD#0po4)KSS)S++k(Y%Q|&`?u}x+< zJBy=W{4&Ljm(-U7cJpVwO}JT~1NLrF%G#>7U48@ECPkA|;|e!>)e*`!+muTi;5mGr zNO`4=icSHqu#dzp;DA}ig_T3&_J*djoK=#+p-WGVbk1y^^_a*y>s&4ZrsLj9B?Dj_ANQp0NzD$F&{{kR! z*~H=(CtK5wHtrjz@SM$Y`8Sf*HWiG#<8y^s%bxUh8_3vZ-}U}H4OizR6k&PyN*)B- zt#U;ZcP`;3Xf?_+#hIJlEpAS2FVyUm(r2Ew7kJ`Pq#Gy{X^)$1NAGce? z#>at0RDG$zv*y8_jQPEPJ4l)qOETFP8*&^?mo|z>%VVP#v0?wqC?28*q?g;ZmZW6z zZC zDr|V5o-p>EnYnnU&Rl2jXS6tv*xtf|lUOlz>jwD|%Kt$bL!#1YYrj`^#%diVU79C; z!qC(SX4NO7Qhi&$&ceT@ZP}82ScLIxO3Hm{qwSjdIiopZGeME3x$RhI!5%6>_oq5kxBg>KH+U%sg;)}w?p^LqgrIc*gp^olmx5xcYm$Go%;9E}jp}g8h zvsAJxJ}rlKI_CbF<`$i<7bh2)?Y40>MP0hn-+?x=#Bx<$Hx-{bRkKmVXXezSrPOIY zImU>Y`{ZMHEnn?M>Du>7`k;)FGlxJ1P-D?{*QQ$DsoO3CDE*Afr=GJ87v|5^v<8~T z&ZpFp6Y3Ncdaj?N&NYUUW6PDEoCxZQ&5U`gt+FMbQj33BWOL||%gG2Ed<)FcBkqu| zmU-3*5BS_H5$+?GRXdW+%#*x13~xTfcsG%trkA&L#gB6RL7_IpK7Y2`;{$B%AcumXYB}NWh09dek{ZWklCZ<+6x(8Uh4)sy_g>QQF&e7|Dvb&XsHqFw(sZ}--H zhu|C6PhCT`k8vnviE5u3Xj+!PqTzI}o_T?gFtA;SLYsdA=5Dlwne@ea^SHI`oqff$ z)z4krH!QYd5ajeK;t*127q7_d5Q*$<^1yXZjtF zc=}pTZ_O?Yuh~9g=~wr8&vX{U*lUh1K35;RXzJc!c4%eUnlV$!+3`$w%j^}I#y(Qb zTpmVZ>9#Fiz$N>_X?c+Z{JhDAdwXbK>6Yc|lSg&MZRwJeWXG?hC6bbCY`#>pFW)dG zpjMUcM37o6Yr9mks;lm?L2MfHEcCdyX?0&zzLrK8L{$t-tSfw5j9F7NQ~-r_&h*ar z)-+x*o5dtV!WX!xj=3|U?+b4bk+&hRBIAuQFnTSe1d){#kDWG|*DP;0@np8EsiVF- zoM?!|dGq(?JxJz8);TIb?s1J-o$1_AJV2UkLujY$DDCGDZgYw6|7hAyxl(p4$NX)P zJooimP-m1s#*@nKswTC``xrPGkMF6~!iQTy8NKA#%9!=R4)R+Ut)yZnpAm`U^hS$@~Fws8r>pME`kL%wITa(w*YMd(@|P%)yN zv->7uR_xjONICJ6#d^hzdQdLCO!>Ad>G6HqBzv4xCJD)%W5Nza`m_Tvvp}*|d&z{4 zmpM77d-Z#J>fmqc^tHRsL?(pxM87>fs@>^;_xm{x=J?V`YwUdpe@e2MdW-gI$9PBh zj*U(a=;+Wl{atm^b^D9Q0-P5&^=Z&fa*XNrlOupSLNKI}TTJ;^AgUsEru@C=>15uT zoa3VFR@~;-TkdjtBX?BppxU-=ly27vgA8&UT&&KaBuv~a*ObOBev3WnzBE(xq$Skp z#2tne!VD{u!WsOc62nf3C*7xWGY?%~7^`>>0TL>%ngMAVc3xo{1%ZS;eo4IV#1(bx zW>nA7<90z-7<8y}ZToG5Q+>3yOBXkZ_ri6H&tU58rjuUn;c@oQOYYd~Q#pmI))7fK zOWss=z^sRuSDvf%W_7_!v-g>aM@~=m;=67~cLuMtTR6e2#%9aF!3nv0-}a0=ghm6d z>8OThh`Swkrq2TCM*<){i!|OyBF> zeX_})U2$l)g{yC$He?e=emiG$4U)@yKD^tj4K-)N9o6E_z4$#82f}Z&zXQjb&tuJr zoNV}#fT?I(c)}|aK*i{%+>U3dP*phpDD0QbU*lKwy8T~qdmIa zN~SGIrONZ_+Z~5ZQ*vJEBH~-PmJYC!^S@3iyIgq;eoY14-AtC|{G5#U^Vz9b$~)o1 z%tdwe(H*q{C3dkueZ1=F-Cj!wOneb_b=>O8Q>h-DEKU8{$)(k9+i@8xu#Lhu)hJEp zb@!!AWM~|FXwmb#ZRqhCeU2pO|H}EiHrKrrKbe4sMyEELk={bVTD-8B#`-a1QThHf z?~fN;{dVD+iw1=on8n84+uP&*Q6jx}%6TGR(b(JZZ)OQrW8k^0mfNpayyPQ7ePk$zwG<==U zFs9pEc^$h#>Rw=#fLtWv?e37iY$ZUB46kw5r#wBa^$Ga>{ny0%pNZgikMp`5$vm~v zW=MIM!>DysWCQc6s2R-%MR>NTdDfd{vINAwbwtK?iX_$y%N%A^l%)+*r6;D!6I=b6 zt@grJWo4_qvQ2TKH6&5+`wOJ%fqa0(Ea$p`s8x7>2hZA+8+`Y=RQBGrU#FRJ_a-0E zMmak$nqLm~lVjI}M=pwFMImW4D|!qNoo^^E%By_rI44wXG}iqF?j6HD%vqzBc?gaJ zlgS*}MYCL$(OhA_xlMxrkp9k{kg~aS%UofXvBK3{rg?42D9qvysOv1x5 zSl0NrSoNg2kt$!3q<0Xw#%_)}Tu>Dm(R(yud+q_3cj)CEX6=xWKBAyFYvA*Txo<+oBbg>M9PB-gU> zbZ8%oItpqjq-63;cxDLBuXID<8+*oZUj&JO^((gEcB*8{rZV13UN$X4Wp zdXZw?=x{nkACba4_17PLptQOXV14F+V`~x}J>-2Q4CAeWzEA?>#$PVFB)wOB91@*A zMEa*t9q4YuPL46>c?@p^8ZhkOQysoxBVUPH!RMDF;dSj0Jg3k2$TvbX#zYJG>HAze z4LA671! z>+{MyUu~Fk#+Y688ESE0R4Up)mg5chj$aE&_H{d&A!6|pL zrs1K7J?g{MI|~r5bdIZ*jLa!lAzL0Iq~<~4Rf89br%LO!k_Oj#){Xg$7l1FS;ZVd2 z+0k~+K$=RNh|Y){5L%5y0BQhG0@a+?fyx6DVQWR}JtS;UcdX<#x8T*(`BopLaFL-0hq8dqfAkq5@yhKyPUw zcC}e7=b`)p4_K2J-xzE26}fDebbaErp8&V;f9=a(`D~C;nj^#P52C}f5Td)`$R$TL z>oT9xdr8nmZCB!z^b>gk*=mz|>x*N9V!M2AK`$#=Hk5zp6p94^c$G>8HX2$CxD z&fLC5`Yy>obomEvKPCXzo>(UAZ$yl?*Fy_DlXknZP4Dwm@m8^7nf#PV zCq<9$ei?GS`~wgZqp~oL^cg2aUYmQ|1g(yp*K%Bc?;WJB@YXQ1IhywZN3US94xdL*%CG{JP6p2^FzGlZY^AilddA$?6G&NCIH7uAB~XwSS4Zf*=m4VBW5fk64s=mBp|$oj4)N+$^H7{ zlt;?*or>@!F0`k1bc*5CrRo&n_B0X z+WCfsD=3fLXC|=}o+1R9gYt~L$v#MG9WJ5~1=ErUdza)l9@pAkL-(n(pYv^zNIH;pLf<;rfsO;?@%(IactiL^3}$nhoq@c@nZOX z`O@Wg&0(LVao)}ZtV*%M{}_GpBezA56PT4)o^8ZdvA#__Ve0Tol+|NJxoM8SYzofy z)GqyV3F)`hbigZq_x4+R>Y>=?zn8!9uKy(b7pa6dFg*xn_uRkSuVlza z&qqMY-&EQ*D}`wdJIMygvi)c$iD9?q;(4_Rg)HK{4;vM)xpPNg=B}WS^Kb5lM_EAy>q-U&FGZ_q{oyjwd7@vzV@)XopD1 zC^9UdcO_B9&Fj8?r*Jc~+}9me!S!|H;OpIMaK>=$jq3c%Q(!{xrNg`iRu*qAi&v-x z+SCB|Xwqyi*N;3}x-Mhht85o;FO!k|`@&bR?#YKF5=x-wD}>HUBgb?CMHPoevqs(6 zm2SeoR+~!DugKHuBler$*oB^9E|+!-sA)KpK7Ap4-lZ^woUp$$zz;bJ35cwhz1Ic| zOzsuWLQfo_rD+2hY3#J($A|GuLmKdDMT00mKGvAvG{#^`QQ?-b;aS7PXmeOZUU%0Z z7uYFJ0~HVCHf&ZATGh;{oeh+E_S(S~d>iz`N=4yCF^dzrMcs_{*aZ!0wG>3pMx6^g z_r3W~CzXH@F^!U{7TS#c(&%Sf=Ai)w$yvSr_wB=zmFSxJ>2%xF$D&J{CL{oul$5T_db;u?3PExk7Uwx7CE%y#Q~*3YpNj7~L&2{@mY(z$AMY~Ah_ zT0OgcmPM4}77NdgeWCMJ~r`L!SQGING%nla-e0Bayyl#n|Uh12=}&iIm6 z*0J0;H@x>>VkFm@gu@Ifiq&kyac&ieIB(*PBhY6G73HcBm8(02ts(Bg*`C)j4ON;@ zBc-c5`*#n()rvGKEI$)d{SZ_zCD^*F9|j32IEOiQ7?wvz$0TkKcJxLxK0@dpo`(kP z+AFS1YxreTe8`8yfC$pajWPYF#&3Wdx!X6dC&etG+=KAEO?f_N`~zcw)ufpD%`6uU zFNoC*NwB*_$6X=Aj&&w}RXH@qh(tz)kjHcNYin&-*>rY|WqOTebd6=`+YQHCgQw7J z|FS6O<$KeqZq{M=!y)d4?kt97N3`&t@t~o|8)rnZ7yi=IT~ij1nx z(7K+vSf!Yfr{tigY;Xz6r2xya0MoJn?XtiC*}cA$ES|vKp|(KccQgteD`6umVSTIb z?TWr>4WzwxqBb{aCFxzcCRZ=ItEdvM53!^ln+$WB~4A2NeeGWQ5nN5`b2 zbHb&_^#mQmRtj)y(=OkevLO!=a5(ypBzH&P@wxnMMo-DK z<)C&o-*|f;-YEPm5ytl5Eh=p4g~`{BAdh6wY`)NVqE*&-5)zvrS${hImda&?hh;>t zWAA<1&4q)5{l`CobKjQ~K|9C0<#B?;RO1wb%mvBUWb7S-RIR=ra0IVaQ%OUsdc&?Gxu$R;$9wb;*-;o!z> z>&gv#MemQB+lra=B;3!v1$fZ0hbms41v5M&00%Be5_{tOQ~mUY@a>KNua z7vSxO$y^lrFnwy;>1Fm$grGWfvZ@Td<3B|c+qQZ6q(ELs<_6fG;x%-`Rri=XOFcYC zdET2R(?U&qhphihur!zC7dre*K>5M>fhrxfPh!GZDOyE6*OYy1&HP6Qk0b?4VD7GA zZZmepn0$4MHNS$jTm%P*`b=_wWU4icx5P=96K(#)KB|DsVw{*u;ROi8Jb9MJCScO< zjc%lIW3BM=Sx;s+=IP;PI7#+jc<1;9c^llSVTHhGO_!9~jlf!aW1Ns1{w3!A_U6kT z^kslkUCYeh>bfM8IF9sog~HY-jZGT$&6QL+_l}afB%?SMwp*=;jjHU8D$15Go6E`n zRzbBtXU^}!kkj88Mc%&b-5Uefd#R*{i0BE?1wgwup+Ms8`j8=_QfIFrQq(>k=ivR_ zRVGqDhsZEq8lvurl&8}2Vct!s;C}+ZM;kb---+ctBmYSx`=-!g(0k*acn(SOez!1J8cc|EAmmU_xxwhFZ zc%|iQ^Y4xK+!UNN1hcztH^|O9CfwO#^50g$?q4oAruujy38rkNeyU#sUs)KSwrlR? zCb|YEuL*6p|9Z{5<{I4fS|44D&j0(E@9SYIfyTV}{xE=^koA|J_j>AE(%+e1z5z%6 z@gQW)Uk5$LxU-0Dbd+Dn@Y`SFzdjT+OFz#~FOhP6Q=xUC-(5~Kt z>EA0{(?2Hqf7506sT{C<3=jX#gMELGrhi{Qp2NNI=ehX{TzW54_xf%NV7*BdAvJzg z^~GS8f7ln%@VabTiF;N2RKI;@mLCABPB}~G=a`Nu^M(TRvSy`4WcB|2@?rVo?Ztw* z%Ko~)hoHU{SAJFJEYwIwO1E~pHb;X_F@fz&&C??TUn8kG`PWv1Q_8EgCuE>|gD+8hdeAzfIM-0HK|fd|!v--#;*%r}9d z7A-eXNPQTiFb9>R&P*A|+sPOogp{8Ixpkarz7yNyyd!6tf2Ox-=Pn%X{+IYWEuuYJ zZv40lcLMFcC3`a^GR+EEeQMPD@H3`GS)}Mfy}xES}W6)WW58jICsqC z)^z>XJ1+g=@zuHze$w%GoE=H8D(kw6>#HA6+qIMHE9CSgyxbjHWBZ%f!Q)B}jdiLU zboJPTpUAu`^o1I)sD4S;jA-g|&&d*8f)I3%XFKBVEt)1&b*+ECR!y#nmwW6gcZW{8 zmfOZ#8AJOqacsMQkijoBX|XfsJBF}*E&2h!lE&C-v(b-@&UDSVM5b|n#{97fTp{_V z8iWS!>;EAH%XOxm2%FHQG5oLc7pqr-`DBnOL69 z3mZqy`4#KLu_w(ur+~uwuk+{o_e@JoB-w=r;bS}ct<*ly27mBNlI;U|R=DsYFO@R@ ze#pA$tMwD+8<^i~8PjT~sy@y?$g`_t4OXyf&oGc4r$ODbAb(K!V;y#1!qGB#$osahcQm=)(Jx9&Lgvbx%z z@$>7}HSM%>`)1X>*kt;VC~Jvr0%<0AmLHPVQ(MXEEQQlxXkB#;f>4WWPa z!#A5lleB*}rQfrq-?gPTGcAV%g?V6s2)HRk$p=C+nFW?F;3a{W@7EaZ5@-0f3M7)c zXM8ErV-;34*|t9qD~?VO5NsWlbYXk`uy_+rGo085_VUEJ5qJsCOmBkIc_(E&F=utv z2P=-8y;6a@*&$fU+?UNX*-Z?z#E%l3PO+ahO9eg-pvEBoRI;-SKIbUHqdI%@J3?!3 z=KK^dS&~Jt5@v#W%6m_ALgs7a@5cf*1AWPTg7bwk0%Nl)y-WlY&9jl%=)#gR76)nyBWg^h? zp6|$(bL!YRg7Tkw=N3xo7ba>85yf?~KLhv;pR0Ho2eY`&;EX5CrU+Jc$$pwewMNfW zLSg=tY)HCkReMF2&Y5-Z9aOK-n{Fjn8U4aXGv>*RhhT^nqi$?pIt$lQdEIyQ{jGo1 zu1JW18T2ss`V?Qc$vx&dIL+E|>fC|E?iCFF&6vR{^MW)F{o5N%V1NEOmBe+cE%y?) z>WtL7KT8=>acT!nPtJ*s0m!?g)v4GoCEqzNi77H~8RQNaXhz$8W%`JzW~~DIza;!~ z$5HRsT2xSXx0_Qe^YdE<-c99I!K4Ml3EdZ;dD#7EJb2l8SgE9fW+td}NiMJYkR|ihCA4 zE7dw`*aF#rfPZe);oWxf)LIs73){mB)w2(U*n3XBj!hNj5WUc?^aJXI9SkQ!#N|T^ z?e7>thN4txY0#BxINYtkHs_#lUrx7tfmmuMix`R;%_!aW1KRutT$uZe@~K|bo)urS zZY!7*@y6;iWee&HFTG^eAry5OB6^TOu>`d>gOqCuVghjxH+RW3j5X;5QGkj69~d$q ztm|VY^_K=(3|)?&)cod3iA_JLFL7|9gX(iSOa(QtueiL;z8ywg2_eRGb92qBIpp4A zL;H(VTKC&5g$3{-weWl9ZeIQA(aFuDgt!^EyAk_VFEn%MO&9n=^VL0lMvKIf&!iT$ zG!u29Zs_KcTrz~W?#${%z`?1UHbT^EpBb0y>u=SZiW6>~;@k`r_}N*nI;=vXyLE(c zE5Rqz#P#C&j2L8oeI_?eJBP2zrU_Zcv*QTFw1hua%9|Eeh2xWNj_D@~MTT$X5ZoDF z;tNS_E5oA_YRC1y?v(Q*rhlH=HGucfGbFbqN{FUCvLy-Ps*XOvOoUWwGavNj7VawU zsA*k9A1we9^F)eChFf9rEJW4rArugA4N=hu-*MaIO&7Jq7i-zn!)fbyw4}ZiMIzW) zh!FDky%J_PEsgtvsO~1hRjD8jkD$@gRkj>^cXZL&k3ZYKV;7&liVo8b2k?sthp236 zJ(+chqItKy3lKx#TP>f2zwuGB-_Tyn#T3no?~VmO36z@VSDZTw8Hed~#m0-XKH(5i zi)zliEy}QVqwaA(0`KKl4hpYcmnpM`qi)ECpQ1E7gBf(B_y$Lgw((g@gzH_})L1la^X8qj-?og|j<_yJ5TquR2M>^+Ni2An`1=g}+b@wS~)c_6^(+ zu=uzCrBvhpTKT>_9-1&}d59CtD@N-if#8|+HKWB7;TmPN52*KBW(V=)o_7IVkJjcp z!O{x{===qC_~Njpvn3MzJp*(;#qeog^*My4E@73`(^XDZ{uV}T<23&3PdxvouSLS) zG9@n(Zbydhfz<>hZxn8aE^=^|5^V=R4=7)@|FTcj@e9JQT9aS3pybwbnV^3!Z*1QMQKCxFrn25)^=H{POP`kqM53e z_*G4rTF@hj+MLF2on`EFNh0o3u&%9EaA~DalNs~h*QQ$|GaXvMML0dDdi5i=&BL~4 zNE?Db?j^ogm)dPSH0UkE8#*Vq;GLRt|L(5F>33&_UTuMDuTAN9uYstwvvfAp$1qr> zbg#H|M>HscFZIFyi9Y|J3^2S-m3(p}9rTPk@$oFd?n@0Z8Kj3Z_EmP9G z(?6slzu#K6mDG2v#wl72Ts=^Y?!`^FwN+NFp3Ek?R<&bOd3x!)xQ`qC$@`TFLQdbA z4x;-vB1R4F)>ZWAQq+2c~+}v?@zH5u}oj;rsSjh$Cvk^e z`vLCv{LsR?O${S2?HK%qyF$i}&%17ltG@qp{@R?@2Hc+Nh*jhePg>XFRZkoZ5P(EV@W? z+rId2SPCLhav#S}OztcrTdX6-?P^-tn_S?&^NvD=(FBvWSx1f$e8eHKNFiwNytxQo z$8CDyE%wJcK0)@=s0Mn9QFxBWg_m1BhL58L3E!gcV^OH|2dYTvdSwctiPqo2 zMEY^xkf*;aT5{*6sHp_Va@|zk1QCJW22f&Z?Un8aP=u@d`bx_TT}J3)7)3&orZlGO zavSOJR<@knD86+5HxdAn7-#=Xs$<9t(q~~+=>BBLs^ieDi<5O(^`8l-k*HdXb0=3$ ztEO1;57hMjQutUI8dIAn^V9ZHs1EY?7cfVqxMl% zmhP_iH*K%n+YjH6>Kk9_?Yy?T_kWO9A$S)?VpxMnLKNK)hu{= z{o~|w9)01^htj2&c$a~H%wVg1F?Q#pa2hb@x#@RDuKIt^Ei{T=Ka%bo{|NOrf_(N< zhSQI~K88E^7D4e_!FfZ$gQ(j=yw{j*=6z840uT3Kh>T!QE6^>{;$>M?{bdQ`rNpiF2rLv6ASPyQ>3!zCr=XlS6QQ#J9U`gXYce6EfNw zh76|21kViorDT7>aN(BT7>w<{{sp$CXR`UR^7HJxYOiFriZ-Ulc7Cl&(VUIJSn{~F zE&=*umAqh;(oYPcR|eM45dF!W_U2r5N3L~Msj(+_H_fAt=-~Sn!*yLkcOUJaKSp9t ztB_cld%Um_zb!EPfEiCpr=fq8#MgLH27AFcj}Fwcn^J3S6a{S~L_+dA7Isc=fh@5; z?3}%&u+DENP+vOV67nB-X>Hz=q;1|}aP<7mLwSGHhsT~JrKPPpA+bT z&U2^aO0vj5)>`TmpkEhQ5!!maXJ8557T5L-n;x8dmq*cpyV#!bV{8%>YDtBIT-(}8 zJu&px9sTf{$awJO3x3%`a9R$a3W_*A(QhLB`~3|0*^{b=jmO78ykOUGp!u3(sh2V1 z(Qu*pT4L#k3TSvnE&f0@522DX+h9)G<@Xcsl#%o3jV{Oe}^ ztyOkoZwLQsG$73g~<=+uU`&_b~IgwHMN0ElqJy+MMF*KHzwmqGEsdOyFn7}8I38etbK`T-mtE`?`vHr2i6nOyh5TXj ziNf^M)d(ThD>j}VdY`55_RkEpJ74JN1L@ij?cS+7^7+qI)TC#iF&~fv8iE`1LxJyV zN^wv1ItIbVbcsl?m)a&mgsd2Z;8|k)hu33x(f`!YW3Mj^z13dr#xlhC@cXH8w9IBW z>#3laIzWsiC4O6buPaQHjXGIA_?qyBJ4xPT2Brv_#HQ1LvvZ}KU@M|F&|MOCiLq2Y zc*5sCSi2IQ1*Gxmm793+5ur9{3Uh9=#J6@K9YPlE-3hnwjmwo!BxU0TH(-+J92)A4 zjbT)@GlcMNhk6$?`?w<-u`GJ3^TQfMV!u{k!yYET90xS7_qq4M9$NnRzJzN_o32vu z^&Yz9)SzO-zNT&kY&+rR4VZ-QQ`=gqXy{$HBOD{KU(@X;aG2FKc_0@yq;WBp`=bQG; zW$r)O^6?JoNUP&3Fhi)j${d%AiW_q3ne_C0)F$D3zre~TQmm1jT~GZ_A3%y%rD)}F z#1K-Kjj%Y=kbBsJR#?S*v%yadTd$nzEXFUtIXWukXadsziQqf6KjBm44l$fBLlhO( ze?c`NMh%A@teb@COC2 zx<_!hgq`=C(|311YPrGuiJ^*jDvwxEDnX@Vt&wS`?bt=gA@XTOJif1Rn%^&9=G7eS zET+--SkY6uI*8ZcQb1aP}@QB1#UzGl~ zAbc+MU_T8Nc2DjT2N5nQuY_-U~M`v!@Jw;IsdWn+OQo9ct$ftqx9^*2Yct zjed5=?L>QJzq%WoVW`;UTc$!b3&WK8zU=X!X#CP-4Swv6*Aym@TqrOy)_l4Npd`c7 zNk)XDtPq#NBSsm+kR%Di_RO{^-)Fksx&`?490aP4xfIB?-7hPg=})WwPGo*y<_Oh0 z({Ctow)=3iG$d0=b`ipS^-?1k(@%EsrS%C2O%+I5WqDw1TjpoA=K1_{$2jvJ$IC2mKKsuJ<^6z z;>2kDFoA#g)T$OcV1KbA?}{u_Rkho*r_!ol4*HRQU0b58eMRE;yg@xNAp;7nZ;)gF z{pg)44LkoG{4I~Xbw2Tc+?Y_Iz$vICG!lb%`H#`SB#d37o_I_(|2w`^VzPpyR)^b` zL2!X&L9nDGfI=C?QWRc^n{A70xYP9eP(aUG=r_I%=hYM>2S<@_EsR10g<+HWm%H~9 z=$*Wzv$jBC8ZRInjpZ6C8n0tq*z4=pww|J2DXkYtbLa;{KEgq#SJCMz6Q{FMqoP<$ z{j+wnFqqKixe@R2j&vGS$h3QDi9Y4_g%~(2G#VFG#@pBvQmt`e6BdPuDDiA-nBTRk zzb)I%0%tLC+1k~3(~h<|6DxXCz2@YMo7g&cUjbYp%bIOLTn$?faz>HS(Z$Jaik*3W zMcYL|eHdu`;mU_H0uRPSCApusk+G$^vCAiew(@eGUe?KM%wP20(=~kK&BfkFdn5Qf z6ze>tsJo_JS~O)rc<~8->aFac{6k`P{~YrQ{JDtlp>kIYdQ z?wF_*sTwzNixNI4Rxz0_2=z`ezS}M_(H7Z`b_ffqUy2!B`9Dxtch15Lr1bjw`ExUB zU%#rLH`oY?91_g^S@+VKtTI8T))KBbRmKS0_Bw#Fl@s+e3QL+R-ug$}f^qOI@HRhJ zJeihU9?M=_XkdIFX4lIKYJj^nKEMu(t(NALaH(NP5#mbj&4p4nCSqI@D`(2vNzS`) zCl@OOKVy8$nbIV3?8<`r+9Ioy4(VJeG!hj*PmxY-lrF32k+QZVYG*kL#uX3XYdHMi zoS=oK5l>pWcF!iQ;}n@626V%;^o`U-(|FSoC(T5(Rz^t;dP~$?3ZE-d2`ed$5D}e8 zoGK%j?PRgKFhVXfoUU7oxF?miyzmEs4{R=N1CfPvVL{*|5^048I-lUf6&RQ-Z zA*8*-Nj(y5&fp1Jgr3i+X3GQ;(%v6rJQlPk?Jg^lMsU_7co87}n6hv8%BbJA^zE6N zF8AbL8adQ9G>FAKIiwCWQbu6^*JEJvex+t%Z8t|3E8qAU8lA0=i-fW;()&W|?kw52RjibO5lQGis z^shD06Krqxz(?mFZCpu^x4VB65H3~+U#833`AYm+Q~Ki2++ka!mMT*K<3#P9#!h{( zC8Ge?9#^>ej~KSFYaCR-BAD!M2O%ueUezdRLx}fPD_eGgQ=(@W2mZhNdAr2uDAv6s)+S2;>JD1L`EFbTO0?I zrI)%oL>%1SKuh}Qr0goVR(Kp}Us6tLC*W)p;S?6nUl|~Mu}6c(xQO1+r9Z3?@&=K< z1-9=~+;&S7-&;OuieuABN=B0~Lz9sLe}*eki$D~TZriFsY`9M@Z%nz_YnK8=bO zZqL3cjx>u~oI%nfg$3`sPIxmoT5XT`#7#VM_YOFEKQoWaS+ zoJ!AR{Mip%`bnkdtAyx*`949fP z2fJ0LlvO8k!;&RoaF*_qRGvsQL#)@eJGW$ERl;;&W}S?!wxrMb?~5fxfE9rwvacR{ zh)7L3rf5yNS)TUrloT1rV%;Z@TOUcKjET+i95y9aS+^g%MQrvbl0AWXF(vH=G~E#9 zC6sxgp^0)c5^{t`pzs0ROtf=q~7n^TZEhaO`PT6bMBt$y1KUJx;wKE^1*^G>FJFG8`mWY7@I`tV~wZgk?3 z;JGTe`Ib~H6WPPdZoW_DVmbg zYCwLz;Ap7Sv8rH5h5ePERDNhPacD7d82;oMqd>EvS!AED*q^FTI!^tr$o%eRB_;1a z)2K_~;AVn5v@=tU-o?*j7GioIWVfyPdl5V1J!ImBHTAeloQ&ok`p8WbJ?9F(VJWcl z8QuW0jcvja1F(%bMJqP%fd8Zam_8dOEPqoG-Ax}^yr#LR^W?yK+W*=x8v&X7RLF~jZ%r)CShaD9*>szuiCPMG8Wo)T?I;$ zwmG3tgRTXwneYEF6$@fLGK^{t<2Q`#ifnOl=I8)h>ZettDN0k8R#LR@dUytL@`o6PsjA8*~;ET#3D z$tTV^ib?UJ=WPYxuE%5ezZYh{y3;RADx1%y=&nJ86!`Td6tTY@5s|mBQ%jfI?`iU= zDTWm~QWiQEYS5^;H$A6`WZkoVzp1n075~W#TP@kXwLA&w%ZcUFl<6J2H*kQQg^`xU zEV>j$4-)9WOXz4@th>L8vB7}6GMBtAsz7G>CdxkY79R6zsqxE+d*tmG_FqZAt2941 z_de`yw91_soTE-@681l^zk(DExPja)2FbzS;}N1n0A+M=>hnkGfIHjl*RW*9gJ0f` zU5x(LOb_UciDZ8&5=xCUwotVWQ;|jzsaGVWD#OrU(I(U(k9raD3^u}s(g?>JMW(gA z)9VVsCo{$LM?>NM+}LjyzXTe8&H%;l8rlY_Ng+JrP%N0t4AdPr%~WYkdG}lAJ#rMm23DLI(_qEyu4OfOOw?lxEviP zJUEdVihIs=?E4<&aAna5#Cz^IgbE?q8+^sq?gBo8;(9qsmT#PA_M^A5r~%!Q%5SA| zqe0!HkM~6pHAVz&4H|vQmeBvbcZpM&2W`OO2uz}sm}$rzX4fgx zWI0W`Tm6b(BrwiUKmULxGTV`ZPy{<#LO?*ieV&s2&jm^Ismy)ekeC1|fHXiBpb5|h z=m6{hjsO?HH^6s5C?FgV2S@=F0*V3YfDAw`ARkZ)XaF<1%39tfK1N;W; z0rmlxfGfZ?;1=)zcmg5-k$}iR0w58P6i5c71+oI!fE++BARkZ=C<&ASssh!4W&@e_3Niy( zf*e4OAZL&Z$Q9%P`Udg^1%iS=VW2cn3MdIw0Lla9fGR=tphi$Ls0Gvt>H>9xdO*FP zQP3D@7Bmmq0&RniK_{Rm&^zb@3;~7$!-EmP=wK``HkbfR1SSJhf~moDV0thEm8!Q6W1)GA+z_wsJushfX>F@>3^)Ot0!{^|gY&@o z;6iW-xC~qct_IftbODACa;!E^4wkI0?v9R@uB@I;u6C@hmS(1|oc~)Go4JGSEm$oq ztxVnR-B|6xW~~3i?eNvr{C`vyOIQ2PpZ$OGAuzX)3YJ5E5}m_*aw2>_{UkH@09#nP ze*Ish5dXW%@*h%!uXku17A7X%y9Z|{=Q^0S1O5Hz(8CwRu+q<#8Ndo@Ur+@>gk{Ea ziS%uTH~2YwB7&bE6fvleH0{YAsrIEn|Ba%m+g31`wMphh~s8~ntP4+>bU4kyXV}gTA zE527W>E_~vhoJJ18Obi8C=1d99CY%~W<+Mu3QN!A-~r@HY+f|opIiI3Kz0893&k|3(7 z$xVeg(#_)P8+Ngl|F=N@>FN65AM{tyE1w~ffsi<@Eu?5^LYWJ~6AbSA)IU8xvoXVs zy_h`r|4n6evCqS#VHHeM&Kf-; z?&aeO`?!j5tUJ7*{faAhoR_>cZP*mqx7@0B(vo7EmuOf&x1s1kl+>i0(c)^=r0?xH z>n6MhDY-?&m!qv&Df z^fPAqZYJh$S%b7?j;|?&Vb|Q=7p2p*JZ?W%BL!$)2hUV*)&T-vu=ffgSyUyXgR#Z6 z)pgy(cgNW!c43EwZ&QY%=5@?m>HYdGeFt56N!@&9$Lqkw52-C)$G;+f7(`FM6Cwqv zSdo@TW0;CT=onf3|3^4{*QtPOmo5Hy;Z~u!El1Pg;;b za`45)v@HJ|i@T|;z|o$-nnbPto7%~Pq?{;r@XxqT1%jwICVT!29xv{V>z^os*)Db4 zz^1w+mPWMyb3*G8;eYj~hk&SOhkzjYzfWji|2v}<>v-#69sg9}fD9d93j_#m$f4sP zzyP2k1p=4~$te+7@Fh6J*r+Lx3RmjFBfCm)(kk?vYuv@F-Ni?K=cknUKsM;>(IZ-fBP)e1LnF(poQN(T7 zE^q6wWsV*lZQqO$DAjbba5F0^O%#`(fkSWUOk?M9Zy7bQHegf|=n8ZJ@@ACkkMKn0 zV5HeFMeB^E*W8${$X6fIMk&R}@s`SHfO*)=lGd$8#C0pS`*pVZgGU|fJE*XeW(jfeXq0S(?lo^13^>%IuqhGj2lAZ&B)swie5QT){uCVj*+;h5 zzt>Tv7e160OpFTa_WDx(s)VqV5C)~(s`K$*s;=tqVt1?WPTH*KnYZYxoP(#WM#~if zW9ZS*Kf{_6p~imW>crF!22(3UcK@)H$XF!0i=VKOS2S1GK9WHkG;c6ard_8|e3hiJyrUk@+3}>YXro34e2b*9tfSj|d}gz~$U1)bujmasr2kT%pcx^|T`;{4 zq_JJXsGWP2(s<=@C~2lBx*?{7+OU+bo*z*Ug zBC!$dPTgn@8)iorS=+jB*a58U42lZbst6;A?9 z!KljOqPbulkm~}^My07I_TILVN1D?mv_eM*BuA(lpjaG>Gm;Z3F#RE-*zpL|kY5gz zq(lz_Bxw+Bc`zh?nk_?6N+B>yXfTQNEBy=*nXsZDO=NNy8H{*OAI`*WCn=oXDa zbE7JV=jLl2Vm@0rRa--X`^ zM<>B26YM)l8CXfN+tlrv@_onXCLQ0~rKiX@Qzga-^^UiJZt@By@{T$;Wj`#Wri36U zrG_&LKSca1A(TCWBZrxXrg30fMlKV zQuSitvW@MS*z{uVnphYSK$-+};%3~CPPP7>ZG( zTMFN1vC#%EVhPFS&$MF989sh383_*^p>3s5!E%^}=y8dJDAfbW0avIfG}sQCcp^d- z`!f*VCdJ`5#>0chA_-h>{nLLKoBMZXY5U4*Z+R(jc4 zT^IUt%{cM>3mZ;CfOyrQ2nZ&GARV1-c5i3^S~C;_Ff6Ak^2f=A7I2&3n=Q7;Bmz}1 z@VnTHGDN=6%w&mfEdO969=I#zikM2g6p7%CctD6uBS@`bGhyN;7&#*QBNV?rjZmdH z2#()IE{O`oRacQO0XJyDHCXX$3Py#5P!8U-i3=f&7CE0lF8&abl>m&sI2$LNWJQ{! zC$0FXOc68vC>twgFsJyc4TXq|w1rq0mAkpF5W(`uk4`3>gczOm@{W!g1KRzw6sVLt zH+uq=c>%=cS?gO(UQCo8F8Z-#FEirQV6{KalwtBt5Pkf1`| zi>QKMyHXUi1d2Rg1LY`7%-nLnnZ|15jEsrH^@MntVzEaMP5e@PNM6jjVH#5c6>V!z z(BGg}7*Z!e5-lH5UYCr2Th6h88z;dCXJ;jlVw>3YMm>JEz$HV=r5mKp+M@{YPD7IU zju{S)4+k5BX$;YuWwJ68fUs9EG(w&<1$r{R9rj15UVmNYikDo`XnKN~myslm+y{jI zz!rmL*TRI&kjeU7Ovn{m@TpM_bMN+-2eo4D(J44? z7r0^sqhf_%ZJ0FF?tuRyabO*7WPCxCEk0btWbS#f-KEuBK{IwdIGVh3QOws0x zIc2yDGFw>y0^1Ba;E4^lyDE~d+D6t45DeS7A~BH&grv_C+LYE-P!k@*!|S^XsBedo z4A<8RCODjhTY-$x&HqKJG7S^sI)@c=aZSBesy4i1>PQ~)-aQW%g^6XQ=Tx7aQ4Q|R75Y{9#HJ? ziGuJ+fd+x-d6En%Hlh>kV{ab=Y!D}W0lgVw%TUd@N!%D;fomof4VWH`uu0;hm-t>0 z&`~W)QY3$y2X2!!9?_-^#!}V4>Q~OXXiRTS2YDkry7o^!-ws2uNGeGQ6OIXMq-UjB zFlR7@a_awLICdYh_JP(+pBsY0X^0n1IwOITae>2qXQn732I#^_5>&^+yRv6r-b@be z5pogE6O3Q3(KzowQQ~niIZ&qFjtLN>O_|Z(M&a_qm&U?H}|;E;K%Ve)D2_LGoA(J3*)O^`{d^ zP9x~wJljP(I3*PsM3(sd;q`$|n?06~vumL+v5z4<91*+U5FYEfM|Z=u$R9n19LD{l zOw9nK{Dh(Gqn>@DrtGtrZ3g-Hx3(l=lW;r7l;`*|ujyNGBm}i@JZG7(dF4ai7F!ap#6DB1Kez6TvfB zT1Tx#y8OF7{AhQ6q-j`gyqBW(^1Nn#z9sysnwD$uZ*O+79c3G>zQ25gh()TrX?B|4 zSV5?vr7R;1_g$()=TP)|jaQ?Sj_zkFXSn=#qpN~XDw=(_QTo?&vVU`Lbf$wr$(CZQHi(tk|}_V%xT@le2NE z_OAcx@0#5;yK7$c#oJ@de#Sef+j%_s>^$Ep2~)70-+kK~cTc3paAV82AU}vY7zT|i zO#VJ+Ok#$9x9*l~MLzwl#_h5i^dF%miHYz2r+MMMEkrcj(xu_H^Bzj;!+GPRZU3zU zCcJhpB$)0nj5=VVJ1_I0H+8UhMVUdEj0)rZnQ{I&XKE;|p;VIS)s=moG_q_o#Cvw2 zm5G&;^Bud!woDi~vZ5b-=&bTt$TG&&gM~7AAE{4#_d#A8a_7~kYv}$tT4R=jlVQ}L zzQbXMvsTvc5HI7WtQox#9gk#Hx!TBDtp=~}-cnsrWPW%W5s@@Itl;*95;_96Rh3bv z_DHhtGNA3`7Xr4T0qwqz?E>HMfzP$LF#^ zqmes81-*MI4H1#hA@3!#vpPx22!&rZ5AFV6dK&cskB-v=@$3 z>aN=4+o!N2#^16EUlZKgmL?9==cgaJDY|9v&OmLq=h5y#jXd6#39mTccGg>;nzOc@ zShN33#`_F9mf!2oNkv^p^=>LPWA=$q2_fpi+P?+qaWPy0NH8fZJQ;gl29fn8?k|Ae zCyu6N2l`s;GM-jEse|iYX2TWnJgsBmPMhRHZM6;fKE%U5Ni#RasNsH55s$qbsu&LK z2JpKsxvE@zU4@=nH`q=lTyJHdntW62JE^ER4}D2VpEv3*zYkX3!CF#v>gvpLaSvWE z59mMH`u?HRV7-=d?AYDwr1vhn`H&{ntZvz6%WQmnxKu4+=#TZ%iEF)S!S#OJ-g-GL6vdV8 zCil#LTyvG^=;F~k%&K?fRJBdpB=$Yvl_s6t8uQjlnNQGQYAxFN=x40}w=}&<_v*IR z(CmH84a`v?qUuJ-Fz;GOnMXr&!e4CNQ660E=j;G&KB)Yh=pa}>wE0$hE|zdlVAw%= zRj^k}bzx%VPk8M29w)hsWoQ3diU{IvyVBpcH4cLMG}FI%*JRXs1YhdHoZ)OS9&Id{ zX4n8lt^-xL%y`@Mm3qj1xmm6Xy`GMS*r>>Sc!)ije3#Kl_we{AYp~e@+r)HiH;uh4 zTs5_)en0pKsBMmR21{ucOfvFbUl=Zrkm(7uw4uG~EUS=z?#OnwSbx3Ob#e8*89-kC z>@cZ*pw>NoKP{#8UTc<((qN?6Dcnh4ziZaj*<<`#Hk8*MDR8oFjv3)dF61RA(Ij;q zN%sL%e-N|1jj6A$74_XSr{8t?JZ`e;&WQTRzMZ(eVjA|md^osnj@HDweEEDXU9_%L z3C8w(zs2eM{;Ia7)mrX;`sv3DtI^dpaeSn@#!HfWYEdAAYpHdU-bH@?*`B*TW%(x) z89vfW;#-^NdE#j9KBC$tw;l67q){8ozF2h!Qu1@xQ@0VTyJ_9}wpLnJVY~Ht$P+eI zjl}xY%cr*aIRjQDIA_CI=F+2WI{dtC{SMjo*J4gBB^mEmA+!dl#<&PYANP1&YP=u?^G1=h^3%1FRO{qm$Kh>Q10&|b=@=r zN-r6=QJym<*-bB>+fhr@ZHMq^Dz@6==7W=J_iHRRTHPBEUklP4kCI*D5tUG<%UHI@ z`u+Zi!1s;7TQ2dQ<5l|>UYHMJ3R4k@<;kee%L7=|rz8Pwa2jkAsMn ze-)m?&W%)<_cfH~BI>MCTW@*__T#9Dt|;5+Y8whA8y(RnTlhMjM>8MI6H_9}C_QMiY6*}LS-5W{3XO~n|GWN5Dr zc?t)RKWTYud%DjXPked_u5U1_s0%rXzH#QcHu-ehG}iBwKM(f{#wHa#qiM$=xf-^; zcgiWA%QtNs=8<7(&pkJ3Wh0WBCJ3K#@VYsvbRJGOUaeQN-OEpv~{7psGn|9VT!c%OCj+k=ADrogQ%7ABvLLNf)sez{ zV>Pl7HvLqyzNpgWaBh*>d3qLg$Lh+8lY@}i&GM3Xg?A4-M7fkY41Tbg*}}!6 z_XWC_Jy^KEZT~*~;e$HGRLQ;^clCX88)?lS^i8j?@NexXy2!0}(33P}AGo^eg)TL5 zHTHO#QP!+UYV>4Fqy?H|EXwmeeO%t$X`yTmr%~WCi z4wl+K+?h1yh??RYZU4@)x_hgol#}-+b>lGHU$ld(5T^<3Vcq1S=d!ELkk#$Srd@8Z zYlJ$Lli^^ZvqYW3c;tS@ak?dW$*ZG+lIE&|{oN}0K&Pmb&_?5S zYykdx)^+c?v4e5jSNrv`5`58S+&d-v%2CYuVQ|n-v}UT~#9WGr44aWU0mLQ2|5SWCYpa=JPSUxOc3 zWd`ZSgx%b)X~1O^w`8gAh>-b&JGcPnEbzZ!0?oR3^jKGx76kf}TA*8dab8+lb5 zToaW=PG;`<&v@E(;04-96RDoMZnSwu+scWjRasU5*pf1+N%?vEpDy^=@!b~*(RnEt z9xarSCUSk%&$@s8eHT8lXFjr4&z>`@3i6LHnCycm{sXf1Dj!L_c7Ccq2JuH4)$Z-6 zcTP1Sjy3dN&mppHO!Ym&4Zo#Q-;@4%Qr!sp%23dh zs}?SM3h6Yb-09;2`!}_~Y~f@^W*Pze~7zXImGW58aCR)hd#nj z&Dyr_%Q$I-dwxs5dSpz+dU4>_b+U-`{M34WYfE;f!S(|;ZT+To`qphdAcsNqJ1#m6 zvk@7mO`f79G#YOIpv%#O74=9-PW$03szUGdqr;jSQ@MOwSr81PBsm~`CNWLe-)j>Y zRJKKTgxrNReS+F(ew|=&Au7+bu6?}zyC!r%>%F}pEG%0B;F?a>&~51Ujb#5j+z#Jw zA<#nescQew!1`2DJEEMDFT_y@d=U-L72S=Jw?_CXM0+*-8F21{V}|&o5ql$zluHX^ z-=p~*V06X$sQ6(cB8t@N%-QHs+odu+;YX41N4A3dcP}q3!!x#lf<4lK8zLb-njiZ& z)`ey1yww~7TYFY7Um7k29P&9gj{;rNz?&hW6J`^6;0Nn;mpubgpHpvMUYt;79WZ*F zi7=kb%@cU&nvdvrcHs#jE#r%%7~_`|J;tN!qKeq^mBk5-{tAkCfiZ{*dL3HwapMIA z#vR6}kF8WLn$cKpSTz^1k}3Xq{EzRgB42J=kCc-r(eUm9&preK08|OV!bHsDi8R~N zA1{@71Ut_llU``JxH{0py1<0GLVR@2##C&3+qsJ{;(hVWcX6SRi#HHe3|8BV`*h-Y65@S+wGS_F@lh-q*B$qf{mt2qsFe4}&kP`~$)Q3DE zK>`j(X(ncA{>{=<^l3x0uN4`tAg8i-(1}*^Itdr?!w%zLP{xV$}Q>hJ7dcg5oIUx&861?W1S+%kv}S^T4#jxJxN(j%ir>R z4%DzAD}ArN`-Y-;@oQ8ps5d>s5xc{=w23`LuIIjep5QJl1LJ+l?n_9m0=sBdhnC3f ztQ;J-$y*J`RW_#RSb84khP=cHU=aZyB)`V+>Zoe6f>~xWZ>CS1w@#4<(x_Pv6 zyBYG6cJSg&*j-F3Ypi+Bve+T4NY7A3r|iG4HU(Q>n!h|Y=ndR(m+4FVQ3ed#jhy-Y zx2#tSB*Y?Ba2t5YwG{hrk>A{~j3@4kyRS0=Pj_5^U(>nAP2L;{w0ZGLx{`79UVR)P zv_!cWJ$$e@x?#9sT_Lt~zdWO{_qT=xYgH2)Qm^`-hPO0z7P@q#s5*2ONFWN|;R@+- zhv0mk)n7MJ-+$kCr?DnJ4`sn#M+Q)62uY7VRHUhyh}<4~vMTHr3C+oQ-z8|k7dU?s zcM5eHX}6>|ev0UKhB5WoQ;kKWI;(VI1;T8@>8jA=jXFqrv3J+HfsNcnnBOG}&D2=T z)UbfPDbEj7JUQGg207d{t<-cyxqo6jeP^70GgF$^=+Bv*Ht3RHxhif0s4WO1azE|N zH){gdZE;>Mk1G`OmHwb++DX08zkLlFK70<>H|0`kRvpy``|lV>0yJ!_7KR*jns~X0 z7mQ6RHbTF6IO{qmOGtdL|FtLpi~IJDpW#*>bA0#a8n6|W zt1d7;;YJtk*s19*Z|ayzxwoWZZ%>Ag@EN7@G3|;bx}9~|h!f8I)*sC{eMAG}(A>g< zqt2{l6bY2 z6#gT#1**r)`%{SEcXLTCD*FIq=g8lL!m~IZ=*b6r1^kK@M-`_ww6Y~PLUaPk24nq{ z$KpAY;WyXMFRsbd2D2xaABcir$jnS{F$0s}67Y>j1S6^6ytj4)SN(n~I`kKV&8W&8 zW@w2i)W9M`(B#pMtazrjqI}sqj_wNZg8%xL6F4ouI`jih*Z=VMT-ueby13x{C$+|W zXK>;zwWahu%4Q_N=L^BEb@a#OAobU}(>nwPRm(}s{&|M09oO|Bx(_M*O9#eFM|kgc zbi;RbSF=0nG7H-`Ea`!7#=*C~4A7}SjKOii|_&X+8tc^H_=i4U&*Q7p$|Nrc1K=wX&t0-k#k35h(UKc=-KMV5|E*u=5N5ht@Y? z^Q&mkhJ&$^&v%4lg49T%8OQLK2UvQVXcgkU*+ukeDLZ{EiPS{lF!X`h92J*@$?oi+ zx?3fGni&ty044P~r*zDT#SJyybhV+L2u>h(CF7mi{(h<+t zc)*r{AI`fgU@~TZPQ{MHDH)U5aNyQY#cnf^VA42d#WpJ>W+sx=Yn7Wv>kt&~03sEF zD7VUiF2j@qMfzZuUAv_xvtmm}YLz|)pQA)US|#f$V-ZS<$lmXj)wq;GS{42dxOxlE z{wJFUlIEB@IN2u4d?))2b&#tO?`t9ag?{yhzD@=msouujo~NG4s> zKx%Q~+k%UX-oNR4=8Yp3#18ZxYb8w0BYHA?4*4B`b5+9{uPAOmNJ+vyE@?@8yr# zgc{@g;JEZ(()_HZ#VeN^20G78INp;Sf@z~LMEVdj^}l&cde~0W)_v1um>#B zyff*^3C-WrSXsoT5DG~s=U4z?#gMjEBgVOKWA{#P=PaFdpxGFI01u1sBNCwo!9Zz7 zAZdSN58Vwjr;N8a&@-|x?v}a6l@06HnGkyh;+GC+Rn0;b^U}#n@oL?R&Y-(w^0&t= zmlgA?%B;jq>Z%Rc{pZXm#0$$t-;^vd=*=^>3MV>^Tlv;%;->(cVv>9QvR zPa&?H&biWTK4Zu)HuXrPTB0_b0$)x=<`~4=I~cT>j9$4mn{JBHA+DiVnUOb!sNhV{ z{$r@&O~k>8r5&R^O#wVH2{^yfA-*RTxoZ6o>xgfsBLkgq(twr}Oi@Tyy=^ht;aPXd9s8g)O znhsn2<;k39RRFMP+8{Jc2Dr0OZD5-3vD${aWLS`P)=^xlD;hMvZk5+%cx|_``|z4q zOd%iXO*ls3XB+17I-W!u%4|d%!WihqI8)a2;Hhx?Z65UyHoq~-UKs_tyOC;+W{S>w z2>K5ly&+fj6=j_N@NmJHp_z`ZK~c?v!gPv**4G%Ljaa-@6l{ zpMkmerxeECCx7TQxcL6hDLy~Zfh@EY^QCZccw}Dq$)_VeuC((u+n#dgg-J<3+` z=tJPXCU0PF>RHgtVY|oI(IOFmvp84UtYC3*x{m%nMMW^6C&hz;EidSTthh*xa zU5UUt%CUK#%QFeEHfA!>@|Q$Gd@SiElZL?p;1db3QHPj+$SC^Tkx_K0>XkGJD)I`n z1max~@SUUW*P2Kz7PJI4+eNRWrGlM@p$}!ba2dGbf9fK)OrwSLVf-uK^R2aCEm@so za1Z`H_9@`kT>Cm1)zo`-{}aYN6eW1k_95z5UyeZ2mO|5x;-DSYJrpTOi;WUGH?vp^ z;+3DGDPv!ptw0T|aY%LsxY$FW#5JPDKE=lE zAB|GeziJvxX@uF6E9k62>?;Jrhk8IWI7;8e5(`nBJR=aGwzF%Z*8WgT zl8alQ%${i46(GJVgruq5MAIH}z1&Ob>x42iwyJ+c&+TF9rP^0~GVv@dR^b|i9(Rb# zNAfhCiUYLb#f;wgy}F2Qbb?xzG2Cc<2~d@|NI#H0ovhX~AMBLK)Rx|L2=jEtGscY) zZFhK&KvM3RaL##3w?{sz5sV7M-sPygZwcp)|H+!h#~RC-qW^jNoic6Z%`cMzuaSyh zGG5upaB7q)uQ1x6U*gKQw8D_9MVlvPWMWuHgkRZG zd2Z{w_qNWPk-;R7{Joppf@^S<8kqan-#k`+?iFPD*2h7{3tR26H3Kzl{o?K>JvQ@= zrUOtfY}t^zf9R8sWb^yAIjhR-E%yQ8yIDb>$@#M7^Ev8oe)o5zZ5@A2rv$q1k3i*yA|A}Hd>N?rl+5QK<*rZ~uhNy~? zGe#5#CZ*m?#PkLOdH!Y`d|EsKu=2;0#&MicY;{NOO{H@G??=lRZr{$$_FOx1jv<(6gs=e&!B|L zl?eVZQ49PvKV7p*kBR%|Oa(Hnbbk9c$tqd_ADmnxLm_|Be3Ic-3SCCdS%}5PIAT@| zIcSMNF*~7ZFcGO-+9Fd)EA?S*CH~vvZ*Oc(QinAXq}QuJ_hhkEvQ~*)MZ$rEc{57M z?yr23ix)=c58|{TaAJ^i=h!=6t{DbrNEm)GrW0UDX)BBsP3q&|>y`Dcw9=*+Sbi}>p?mfT3zk9ji?GvW zQ)lq?1{st*1RS~RSlw|XLLNhF#97F22 z2l~V0WPo7?u|=fQh(YuV2Bb}O1_NnP=ELpF(+63-Dc}V8sTpR=oLZp#70e-xPIef1FL6{7_QYShM9ua&n?VQ?qLy`}r0Cc-U8f_bv)@6sBX ze&1WkuD67f6%3^J3Sv(Y1{CcIJ|A)zzfYrT- zi9O+Zk@{o{smMC!1UfQN3rPzymS-Dr|8$kQ6%Bs)IU+UamN>P4fF}4^NF`n9&q=1<}_hM)djqIZ6#)m?Yn zSaIf&OaMl~JiHNaGv!!^c@h%Dtflg>KV&e%@tRqujg3fU>g`p=Dt4`ytS(CN+OI2R zw0(GnEiG6Uui9)Az9auXAShudFBn}G&}}0YV{{sjM)3jT^@`D&j*tg=3Z&-Db6B;Y z6^zV~#4<$wiGnefO-3Y@qkeS!861eHaH|x^G7t_6LLq*=#tQwuM+rpZDrAbk$X`gz zn-xgqD2xKWad<$e@pJJtzFNYNDB2h}!E*66A6!T0#8DWlI5Ok*(d8z#v-5UpOfNy~ zI*Vyjizr5IY-2$pPv)eh2?z2Q&nZZ|ZCkT%*xH|Z7mkm;=UGQec=odFBsQKlXskw1z|ON?^mPsv zQ+#9CDkspJ#G`#zncLZ01`9rfXEh5yuCKM+^2;*Jx>C@4%9oA{xe4wq50lE`gQ8C2 z)fcF}Jqr@5yVo*#>Z=$k%d0Fu!EHr;d+m8o_FvBJd@3tqYo~+@cU^2B!9r{#hn8Os z{DJoL;dUA+GSG3tjx0u5-8hBdTE}m}{$ly`WMU6los*^ZE;5mVmiXg7^~~ec_BwMl zI-(ufPNK~TJ6uYMZ5G2Hs)3c)e1q_p)xWBIJedwup8 z>wD6W@ax-R#j_ocLFvVdkhJdWBY`74((yaPkT&M^;rforE_m^8h z^QTeY6xZOLYxCh>*2877H1&WUOz)w(VT1DulG9kQAC8 zO=h{zTd)7}*NSg5lJ}W^&Gzsfq0Y`$^=UptX}%u?#~62e8L%9e&0j<$WuSB#c=Y2k=Upfd(s+BS`n;8k&gizA zGE;7uWB;tsOdXQx=&Wcj0LeDN|MTY2Q>x20L*stpWy_T^=K*`^`;^zYQ}JA|4<&Ym zOxE)Cq;&E*RXnh-Na$+3>pY|-D^FjfX|U>@vz0A!f6(T36>`ZafCaOJ{Jek+i~Co^ zdp%%Gy%{z})MiF|6n?`u=^^J0cBu{5rEy)wx!skBiD3z>?|d%wNq>)7$`ocheZcX{ zEQLg%Epyg$(n8Id5%~F%XWxcEy{0Lm8vb~k_#pPi6eD|FBX7mvlz@gR!-rn>vlrF!;`{BH;9zw&j=K0ol z)`1GbcwgaS7%x-zeHRhIUtlm(Ifz_$QI;bXT?K-Q#m;bioZn zYZkp;y_SR!zFJQR9m(v^;;P=Z#DXj1sA)~*-o@m z%;zHC6gXPutJfB#%Qn&BwU;`LGiUgsV-3Ds((b)Vc}f;}b&=qut-{i|*Fbvw`{q}u zc=YzVIshen+smutT;Pxv-SARhG?&qA{c|c;`h{JePH$b-Cp*~@VY=))?LJs1=^g%> z+I!`+toP^>F_4gl_Oj)%*hPd)X@{3r3G(yx7HB69oHTQH8jc=?F@=t9*dZhcemG1| zh<*?K932yF42qaAu`UIEGVG%V3*;O4e-`N&NTVjPfdK)9LHuWt&VLj${%4qL=wzmA zqHk{Xb8&R~k0>`=S=$Op8L69b-NrP9M#|LnUDV&YMN=Zx#Z(5(pyE`}0*c=emoq0EE0Ki|yssYSs0o9~`_O1hpf{VlRQM#0@}C7g1wQ#x5VM@6Xs61cpuT%iX40$3`6N}T6iW{+)PG>g$;zQr!jFI1ohcXU3lso` zoq6L&&{cmdbdqX`a^jS`D)Rsow^Zq0q3#NZ1Ha z$X-0qIUSl2AqVVRw+^yYW!yq?NoRXR8k==qa2Ai zLHpMf^t0{5jeLLUd-t|I#M_yd)%LYY)Wh<%QtfD6Int$U^yz)x6*vm7oTpjBWBF+dh3LioIDu*=}zr?HQ|W@?>XhC zFBXsFSJsDbt)$}6)GjtlzOE~EUh-V53}Y6y{(T4{&m81m&@dTNfo<|=5$GUT{2N}0 z^W)Kr_IOVm_qr6UswCk4P8m)~5egg(`**uU8aPQ5_s zCQ()JTaxu0)tgpOJ@6f+^rmmS2@nWA?7Xc#x)cqrm{jVpv8ux2V{FN7y+c8js2aSy zwLMUvmLgsAp;mC*t#_1d2sMM-7xYMKoacka7Y)9mAy1%4DjZKXDx4n8#vw!4e|z@U z!9(-Jmi{9ST%?qu8r+GTLfF&vf85+3q!>^lhYafy)63L!xm@;Byq`ywKWpB34_KQ+ zc~*AJp}n4m&objj^8z20qAIAr0MEfGx)wBA*g~kkWo4Jzbi*D*Wx5ouuOg$KJ4{z< zmsoM!Pi)v8^*U`QaT$Af`M}pRs`IcN9A+{=ukwdA#-D7oRrRf~$9E^_(gm8~r5S9A zemlEx_0-uM9NQGJ%rspWPI@w?=UggaI7F!14m=_g29$@_CkZ2;b1peoUP7c-R-W)# zv{rHjpAoU0CB5L2XC&Q6qy^q9$RGaAGjB~3D~h9pwvv$&nkT?2&Crrd3`j?8C}m`$ zIu6d$h$G^M#z|PTl0!zYXXauRLIk5vg$yvJfWT>Rl2c4{gvrdA;7>|u6F8H{J z4m^BXMgN3_J>g)xHe3bP{Wp;^7zZKAPR{~Vfs4cK=wdOyXQ^fEezCcyDReTluT;3n zlYFClb&bA0fBI1niKfN%`8Xlj5#h>{FWTMiM*8q@>KRXNLjkVw?@Bl4>v@n>ns>8BS0>E2KOaxx#gi!l zNB7b3np)D+oVP0iW=_97aZBiVrt3k*gS9JmOBVNUqEp1wj5-ESq?136dq3Fw|Ei1h zpW%X}0ssLu!TtBM**(ScxN z`MwF~JRc@x_lX{AK6roWsWe}6*oG$E?p%Z-1^sZo&K|oLUX>xSF+z&c}j z_SZb!tAF%Jfqs4u15?{@)o3`G)j3eoWRp;x5WAt16Iw5dgG!Cs1lGHU1gR4wjJqZTy%v@5$GEaHGqO}3RYS0wjRaGsiu*s1lR3&U> z7P58x{bE?9)&w1no!pRNsn!!dE@53cwPSY`Lq#|^1P5IdR3PC%qL=}=Rq{P|MZI8f zCj*@pRYk_ZT%4{VQM6(sj*%sfa@0$_6uI^&sic+6dT$)Qyb0+A@RX~LA#7N=2v$3p8PygDoR!~1AhUUV__JA=TP|1RI35j zt{anLJkpWuRpFiN_&x$-{2fw&dW%58vO`AjfD;Kl!gC~lhYi1?jKiVBS9TdSMF z6GIR8hMEe(xEEY#w0nBF}fuTmOmvfqk;i!ry%&(45FV5KVRbv$%2TTie4d= zXd%gR3zGkq1_ddl#>Ed{OAMr}C)t~l;Ew?(`KujHNe6f*MTA#f12qBLy@@g399>hd z^@3m7=#|5??3JN@>BAvYR}4uIh7z)$Vobghve{J4--677uF@<%t`;F;kuPE>kA{ee zjp3Z%gnPWk35cKp$7m^V!Xpj<`l#{C`A;;}HXaN#8yIv#fIt)GSPHnbkV9Lc`J&Wk zhLsO|srqj*M}9K_JW%seWeB`zEIb}Lf=CwKU4-C8J3A|%y3kq3fQSR}`Y0CNQ+V*K zYkccKviOuN$2Y_Rswe!F@6jUbIO53;gw6`CGvG;Da~d<++fh;c-|Tjskb{`~CXti0 zV9XVKlV=9ML1+VetAq>S^woIG?(G)3r0G`H@GJSb?S2agz@;#fmDOgEQHA%_5{WA1 zQxnKQJqWXfBLRbr72vbd)p==#&Qw2;1>VNZ@T>reL%`7++Vn^3Saf=666$e0d|0aWmPP4W&y|UQ7}|3m!?N5mK6cKK21~^^;%S!Y zwG>EQ=*IXeU39NH(;RuGA$D7&XN;r^byV^~fH5HKZF+uE(z8y(;e$H_P!X{AU$gR# zB#$YB-+)#Tx_6l+ot>~2*B}}})azMue#tl0K*>@a!hOh%z#@P9#O2&xb3Kt8oS$Fj z{2WTDN={DA;l7~#eBFM=UAujSeeU$U@5-Ej8~=DLsj=E>t$Yf*ZaVhrhAqLsd0A~M zySmMv{>)s!tJWHJDbqN^mUkO zxE4R`m&9Dw6@x9+?dJOGiypC!(h>7D+VFbc4ZOTfyu*x5EtYv0$-T*5eWX3gzMW}l zG1?bu5OF*!XcOucXzWU<2A8ZOStEJZL$GDi z8QpQx5g>&aHRAh`tGN zF@doUEQlL}-nT01#Fi^X48oTV0W<=IMHl@-CHUM$PsDhu#A7chy3Sn}6@U7$#W~gZ z!3!gY-TF9EhW^DI{Rk6Fk{>nl48?aC*a3svwxaEzLrsI>QD+xt{W>-8)wJ$y-+Hxh zG@8>FceBOeqB-_ZL+jnrWB1D3X?XTHPK^nxJ-+Pa_4dV@`5gP{dEGvj9i2G6;M30- zE7h&>-j_o-vh`Kl{*0+y)j|8U?__bEe7fD#?wf=%jqCH4Ypdm9ae6+&`rP7M@w~gu z^L>=Dt@SZ}<($h?%Q{>KXC4OQ98ge&e7On`!q)Cwkou!gbGPBXFP<*0vwi4fBgcW(S@tJ(a*h`mAY_ zOek>TBmjd1KQ59`knTet%PIy%R5~ccs3b<`)3v;H^D!=#sJnga zowNPU)$`mo?r7O!V+rE7x5lB_(nyl)h6JPr160~vI*B4brYzrE1NlXlkeI|9pAr~Q zdhko>Aa*4V<8fTyArG}oOk##yT?k)Xq(C@)MVLG-32C*a7~5VMP#`1_cMvB4W>^p> zH6kygBte8|^sDF=el~+|77qDdG%l|ojvM|Nc2qzqfpAF)qzpy8E*OdVNcJdXb4$c2C~aXJ&FK%DQVGIdbgVkKPiE6&%rPvtsh?d$6bIJ z?7ka6ablcV&joauuZ%1TnGm^=lAxcvJ<4;?@4^Cn)ft@?3?8hqN4o2UBE zl$m{`C#GM6JJb#?exoiU)U$6KAM8wSB{4HbBGv{zikXmQ#5jrt6KWezfS*!4DA1P9-tJ{l5Q}Vm z0|%m>Nu9{9%IdhfSh88t_{fxCxf1A#vVUyyts3+VJra#d&Z9v^04dihkYpR4a#{2~ zAM%vkp`QAd;bAz42b*SuLn75-h>~+%!*AUn;tS$nFaOY%y||LzNdqve@CFP8=AtPJ z15bs^CESA$H7#9ReK$G?s6W4%R#6hA(P}f;R1_yHDp{cBc1~QX`|J%4(%D{z-;Ef% zG}|v3rp_`Tp?u&)>Q1fF%WT^8&%Y!THzg8#G+H=aO|LkO%*yFnk$?NeyW;DH1M4kJ z(_e7SYhxGVtVnm|OTAeY>(JOa#~52nT(O*%G8ia}VE^$t_3&s&T4492o9hszpp{*r zmXGLJh`Ou#U^A_Ooe2D%& z_2hXK-ILp<=EUv$w}$3-uL<#rHCLhUsg*Q|awiWD+9G!s3Ow8=Kz*Ap9r&Q2qHUko zhy7{G?OT*GnOoYM178(#JR%}!)9uDMtbINn+Z9AXS@?0Fn+MBm8!yxj&Da5vBl1Gj z0%W=l0#B8N##U=-CFz#J-n*69Nh1bA!dQ58YCaDkQqqkCa+q&vOb*GPG^k6S9PcDi zO^l43IgEjx97LnDO9IM$F^P(Bku$Fp-qz%Wg_cSHk62ikR)*ZeKBjU#Q!elix(ct_ zZ*dqA#XWEAaa=OV;=bmKXac=c-^1SWE(=G(ugcTUD~KTC&Mb_Jer?+=ZU-w5=Pjh; z(NlJgHwr6{Hy~xh25E2Xp^H{eQa+l(f>{aXOBc`*E#K17-EFHes$L`yDB2wz3l+&Nqo`wzlge zAamLuGJCd|OOd_2Jr;&0e9z~OjhQqB<0ljuMV2Q+4+tLQn?f~txP_|oRZf`NvaDaZ zzjy!og8omfE_FxR9{$nk%AcR@82?+VbJrDe*V|DZE6nA_?!VF|`tNo3#lvLUp4g!u!CHp|U1NCcm*D4BsYO3ut-?Gn1) z6H?@*_)u~Js^b^>PlV>AVg#-}5-fkbkj`2yXsRe1MB3xz5i@v9r~(P&$uw14Qd7}S zt#Bz%E*(4t-+kG!p1T%U?BtU;fsUg~By#`YY4Tf`Z5?R~GzdvXpeZf6l1~~0_b<-X zQ?~{Aq^o!(RE9+bfJnftG7LB-^#4lsk>}Tz0BXZmDG0S5BECpIjSme7O$~VFLCR_n z)e?{>FwG7sQ|O;}nIcZ(^4=P`hcp-_4~9Q>`uZv0;+|7LyLznM&z#e3 zp^LFc?9tbKhVX?q>w09H-_Rl#{jjWep%bTi;GY-v`!{)zkO#dNWvdQ6zoENlAF&(o z$lEbHPBvIseCL;56e5nF8;C(L-3V=;&^t`;uN)Ilo`@DyebdD!g7I;rNtzb*lRQ?S zDGNIaF{R(cMh!k9drRIU++>6}3RK{cy?2m67FH_1_?iS7nl?8g@?=$#Xhh&aAtB?t z>wxn@h2`|~EDI1QSY(PFCv-Z0hQ&TRINwI&IrwJ9Camg%V)oxJD*%Vg4N?bw9IjVP%rcpVL!a zwIbZn)N@myUH(PPf)BWmrW1$t4Nn#KpWC5AAglf9IY|+w13k-soOXBM2m3Eh$l$PI z2V&IzkQ=?yt@~%4CzG^08ekP?D-`(FtQ-74NdCepfpAO33(yPAm*EKFM-XD*@ zoLyR&93xf4n<{8TqkiUp2G-VP98h3GCPUQRfzg&gf*uI18mRf!fIroi2bv;zbj}db z@vMUTMBKu0_23ZP@+@K<^yTg2B{-~HnEeQVA|CAOPZEjTf+bs-g|id}p??8MwiAlB z!GN!uH(2{6>mQ#RSO1}~z}!PMZ>Ag;)~|C3GwnmRJ~pU@9QY^OK%c3tT5nrR4m7e; zbfWUhNKp^jthvMp%$L?ZGXf?&*a$O!eCIR-+O|Bd4JBjKYC0evT%hH_AyeNgGhQh} ziuWf@{9`-x<`aTCmWj_{X<7<(3c6;R{=VxO7t@=Iy^1w^9T0adf$}S`m9G;onFuBb z^p>5YF4FkPuW*@z?cjtm>ro=k0*+OTTTBq$*AU&bR?3!oUrTZLlxBW8`PPZ!_ME@{ zpId?PTgdl}HfU(1r|(+b5SDLEVWKQ+*v?AoS880APaK6PsjMuzYp|i|_!%+F@GSa> zZqg-~caI{e`ZF7sW@*v1W>5F!0)K5LmhWu0WCO(0uhI3;3@u&%L9^aGYq* z&!!R?4ogqxVLi~;LgQN=P!-MSLo*iwJj{d zZ2diS924>g*aT^U({gnvW-LFxCrOhjp|ppq#H39oaIFyDrbsKWm@AQ%?}~>et`MCJ zsID+MjMJA9kz!3|=}5r~-|wOaNjinHOPY-D(&*!aIBL;auYEZ zQ(P?m9s*VtE8fF1PqW~<+g%Za+`J*Dq{_is`B#J2S5- z1W+VjD~^c3E=!r?fYn(hysi$GTYTK^dH{n!lz zVC}TFI?jZQ964#HdwfVy#S`y=j- z+$6pbd{N=`QSwA6TkYbo-RkoM#_rb~nBFjcz<==M4AAe|?%VDuz6^a=jG;W*{@3oO z*%@bJ?#K0Y@@HDb`=7cWT}$KtPy~vUG|h07G5AbPY!ht~?MoC;C>KbQ%bi`9jgSLb zWG0QV6WQ{_3!4xdQq#94uP!Dzm@_3s!qx)vD58ssqHLtfuqYPSYejMg70v>iw&=X$ z(B9$#0$vtTQBj0vCS^8J!SWEiKEAyG?>*mHKhBA>t3U2LSC;hfPnXxs#W|2bo&LMF z%UrGI`Z19eM5(C9+6krD(#|%XMD!9oC1$6sGWpI%rzu2&GNeh3OLTuxIwMRZ*dW&pClNSZ^Z zCVY+cpf~~?2`&n?*bL*^+Vfkr(wnR3OdDhvp@8aeJj)#<^gTgyAogK$%5tAr{2OP@1%IA+~r zbKcVwOj^v87q)Y&?{6(LMzgv|lMm2VLYwnyzsdl=>#9wT))*0f&Vp3V&` zp7{t(sW^xvcV$Hj8D);Vv+k+biQ zb|mKKMUOUQW;8kPEN)+}bGP}L5BAqb)mAD%Lv3=}H@&+)4!o`r>FIA}5o>tAj&Q$z zI5CIfs?J?^fN)!lo*Iv3C#G_4Z1_1`)G`AQGLecO~;fTM;M0I~r z!VCvtZh`CGdRoru|7$Xc4P?Ln*){+v{Un3`=kEA_QwANF|G!a4*G}KiQs310{~d{{ zlyt2&gfaL5NaV%Zru(R1e+DckSm0@8%!JkkA|x}djq{@0nWV83a5qv9kw%`ZN_<~R zYVS%if*=-1Zbn(Gm5##ms*!E6=Lcco{xm@@hVr67gYAQdU?Ba4nzk7(zx89WpTEB9 zxSqLwzw*j;jg2k=3Ny+bhvQ>D;d=)I+C>rc+`LMbFw+>$A7ELOC!-#`aG<{AYlQSuI4YIfFfv z7N9-WH$$AZ^4MHnw&X;jU!Z40LRsYO2^0cFU1l5X2X1MY<3|XkSUD21ugx>W&h;a| zZuCZULJeTjfiZgm9S$-)yigzxvNB>GsHaGH7*O!#6b_1F6)$M{wtEuiN=Dc%@O0+l z1DI;DJ=!SFk;60pwT2$?q}#=XOM5Iw{#Jo=GzszyKB-zE#@RjpWj9l|D|e`c`$DLb zeYjVa1^MR|)-Pd*%F#P2 z8#I-c%PBUo21D)>T^;VDMbCEG(P#e#dPW!^b;WG6TR*{-rm=c!mFI?(KUjW=F~6cF|`O>lVFsI&gAS9Z5Fw6!rm3ZYZ6N z)~%vt*igmNTw!Ny^*9a`0bAr7zBX9WM`gEt5i-A?zMhwLU4LqwYpAb#Gun5405*HO z6l3wc8vvOY99|EfIrJv7Grk{7DSM!Zk5eqZy7K^))Sjz?ozi+$tdXymll6+s8Tt!s z&yU%gK6+W5i|@|YgUMb**%|WvKovnZ9s2|wwj;lA{ z=*D)QPL10fsHSYph|E014B})%Ji`xP^r>LIJO4GHRo>J-7JmZz`lmsBJP;ymqOA+=4Ct&X8_o!k#E) zGWi z1(I(%{W|M@i`n$5tHV$c7zjrdFFcBm%YwuO1V{oZv&B-7jTl8;230*-640vduY7DI z*dUp2V`U-MQYW*P~)Znt=rL^0zHY@82XponeFu zBXsDrV#&6@0llSEhWAqP7>Wgi(w^oXz0ygP6*j#gnD)Dntq%0|^~_-fEiuh=?T0CV4ziJrKL{VV6l1D6$dd$@ zEgi7U@B}AYk`+qRTYq_)nyzPOyT+sV(<=K|5GrSN8+~KEJV!-`8ciRq5t7Sok(yB|5Axnf3E{?(VxIMQyU2dAsjE~JR@GyKsz`&I@4_<6o>zyB> z??B}CRpV!B%ckkUUT6DydPJ_t$-3@_d7RDp@y#1YSETn_0C;rQWhl=tRI&Dz>YI)7 z)Doy?n_BVsfot1zj)J}DeMTqt@cc!1-hR2_dX_Qf$%L03Wu|cX7mrx=Q62E_G@l3{ zuu>cQ1pf*GuObgGe5R5S2CV6-zIy7N2Nh5)~vr{1tk{dcshJ7LV%-&!?p zjh&_=kfqDNczjPxXl}*(XO3LwW$!9v1F-LZuAW6}PiZajbv@`@F77nl_68JFK@V!Y zZJ%mtuK3Qm(>|^352xEg0lHY7XCUtYUHlKLy_0Z9^!MSMR?||Yo+c_<9rbsM(O0jW zR=J7~kGFaMZN-ViI$YUU-q%-Z(@_4h9g1kL4%2vFGlSQw=atu7m8H+;4cqFxgq))M=1C=;XJ2UKl&!p*I*`9DKp#_6V|{v7qn&ZR?2u z-o@zplNJ8{Y(D?zQtx1FWvuV`pQT>e(+WidC#S1x#KwGL`?4unbZVX({?GizIyaTC zpW?VXf!RdCu-w4YmCL$~=hoKM)g$SgM7*kS`Rwj6@vl;8B|K7aL#aUtsj#pjK?4RP zcj2(N*kCYt5*DEp;pd9$i}9+RYVdRcmiTFHsY;LYzm9^9hj5j z-~>}Weq+iOoe0PJ*Av%}V3%T=2joFPi^o{<%FvA1MXJ^NZ(=c#z{{Ke*!Py1gHFUo z{++O8gj*VJZ{V#yBSDxpQyp}Iflk;goNP=wjsh<2a{#uh>^~pyD>H?{j*KS5NVI<$ zcMF(6iH|2@Q$V56dvp8CRR9c$84a8eRljNgH};3z+yM`vmvU4QXW&;SG;X&t4sagv z?(uJV)8#!zSr(JCvA?{U%J>vPJVt?Wa05WF$iSuXCIz8@G%k}cnmraK2`(DMz|1%O zv>?V9R^?5I9t^XmDpy8l9~Jw$8pg`Cma!p_>R7PpRE*kX=O)CLDgQ^hSqzdc40ntr zBy0*BzrB|Y7aDT@ zwE~A=Fwh%D6)*~a| z$s9Onc$IYU(0C!l)@&-`Tn-Lyxs4O&*kiL^yiO}tJOi3qZ(&H=$V}lQt*nEWLh|;mv%Zp0&F#bd zE*6h21WbBYZ;lsmcW8TDydT>)Qnz0d&8(}`$=LT+sn@*b$Df_{k;N4b*>=mQVv|BA zsOxn^SZftq=Cz2@NT~y=hdYc2%Ni>bU~>Il!la3`TN0q&>OPcndVlxh=dPwAYfz3Ias;Y^o^ z{5}ce`6XGQe3g?Sk6rpok5I|A7;Yp#7l+aQtwKHWEJ+O{i8O_zv%dGm^zd#nskX=YF+C}0Xh`k6v1>K`crvq?I10BNxSG10 z9Gh(B7Mr&Adbqi{TYt4o?R z8L!^5!+wa*Ci);LIiMI){C_aw`3EzKPEJ z_qqgeR_FopA@o7;ZT7o9=)a3q-8gXwDL)Mz!%ynQ{~sGVXUG5Sxi(jrI5bQ8o3X`& z@%Od{0@H9EY1cV%2+0KpD#gHN%PZx9AwMiE8Ux2BVnSr!EGmU_I$;SAhg?=GzFZ_W z6B27qXy&ycdi3usLvy0A91ar~DkP7dB+DY)5pvC>8hqCp))O>FWn?p$1v{@NS(!xo zb4w@@0lJO)1}-4H2{m?^2vtU*kUtt}5J@3w3Todh;-MA}OM452pPH}W73W&?1tkgB z9!L@j_Jm0@~PcJ4m z`Dy8w_J8;__ujkb<&Qko%g?;ty|Ky%I&|r?I5j3%2UXz)8uH61BKl28_C)ptR|gFf z0D}qkGo;*HPj!pd7g#aK6^EkU@F{=di3xVwksLU-$mgN-N)+PsHj^ujovD<~cCn$`w2@0{!C9k59qW0|G0J5~rF(c?IyrH0vaMIJBGS zx9kQ}AG7skH>-y>O|j*MwJRM%un~mh$E1=P+`!RgDPl+q*N{Ou&(f;NjFdp}jYM#z zn=t+H=42f9!^ZR$7F?pWKPFh~&E#ZCs5iuEOHD~U`IzNancztwM`tA z3L^R8Fg+rxw96?-l-aW z{QXu2b;ZRC46z_84f$r>BjhPnpG_P$d(i-tK-^}A$)Lz4bDgCUIRhVUEnNSyuEB%1 z$vaiB*!ZLSy!fS!-E%<_a;8eB%gbWt@rZ14G5@;M3;_7hv*_w>IubhZyaSv}2VNEu zZEZg(p%A2eS|7(3%VOz#dWrx;QK2(rRutBujelpKtS04$B;I(b@-1K>_4$v z74{C!56(2uO?rBIb|3~SS40OdQHv2ThadS$-ARj$gY#KP1myIz%-P)R{6#F}tbEM$ zw7IlR6y%Kb+5EgsBzWR!{(YSMq^M>w?7v_c1bU?iOdt(RME%o2r2a_2MZq9k!A*c1w~->2Ec$!!u64g5E2CPIKm1v!u?_fW`rH> z5||7dG;yc`s+a>>gB&7oXQRjjE>D3TH@O?50WLSyKuF?KXDnekaoV`*U6kg`FE-}njoo2nz)$+?;bp{IvltZ`p39H9c>6 zP|q12iR;~A*y`r<+w&tt?f|~VTJoMognI*@$RJHpf9sS&Ir7LbPUV1EqwnHhI@CKR zQ9&NMS6&|hG=gFAanx@fUUXNeyF4G$B5HLA{3B`?pB&OVjlzEeL9^(t04EYY_?n_z zZ+nhQu_$qxh(Xm_VqS0g8&u6=*5&Gc@a*hjjgz?2sShYsZ|FO|i6?98PL>VUX>Et- zrhczgJfpTecr5Y%erm=!K9jV%{c7Vntqosx+KT+X&i&jv(zTjm2FxF$yZZWWy@d`j z*FN9%HKF&%LcCAID64gPEP-^v01y`%&q-O2--h|ja-ELvok`z$WjhbLt<+gA#l*{1 zce0Btd#)%tDL!9T!GWQtn~t{KQ*&wLKC-hi8cB&yC(@TQW0R|c(OY!98H%JnZ~2Qj z&M8wDTracTh(95$A-?m?qqPXQanBCWNUtYJ7qUi22)C0$>Ezgzh@>hs(5Z1 zMW;)grt7NrN=WW&X9sq@I+Jc`udIL3GHUCsa~7d*Yf#4TEY-NZa2zg=ImuqR^RfQs zs<3&DWkTJGYmjW6ud(e0IJ)gkeJ1cRtI+MVb4pdX%Jv&JG!{0&HeGjHdGt6IJ>_dN z_h=`ry9Ju6hexe!Ruqj)xr~Jv-(HJPZt+gI***tEJIZ2AJIqphdK^r19{ouzsPQdM z6K_Fr%k`{p;9Pnuf3-0`I_$C#Pk(kzI(`VLiB)T+w|mZo-e=YUFQ@tXG_BT}C4a=e zbC9l+p6Tgv^4zV!N~dWYa9(GhO5CD9USn|H(GN#{`EHaI8j2cG@1WGk?6`o~_*_6d zEBDB;&AP~UXQ;p2-;VlZ$4i^Yt=k;=;l1I2NDsipkdli0YuwHPl{oq@yf>3=T1)sv z1D8tOt_r=&p!sWc_30dUbAdL8S`U*rkEi;@{Qb#~PAdo(M_xreV^zrb{_upfCZ8JVEi=kNo7 zOZmS6;PB0iBKT(E!fJi&<(VeIH1DKFCncvTrTsewl4um`1=iOH_{L3Y35_6Tm)?xa z+$nqenMLr+NR~j+Qq|$;#81FW-Iz2BjgkI>fI+ZT@zo#{(>xs{=Fgzx|_5QrMsvQ zIWh7x(JHdcb2^MR+(l9uFcZfe`Pl(ZJgs(9K~=n}yR%u(r>A1g(cy`GWg>Gpk`42je%%4;JE6g1O$W<`9G;)KjcJRC;k7}k~yh*x?wLRue`(*o`+ZS zK2gX+K~u!L4~31!NAL6K5shF_K*K;_<=m-ZO%NrB;zlQ=v2D$!q;xM7*XVahum911 zUj?yl+2W)0=5GdHufJ?IzQ26F{PueHeqXu5f9G~(sYf=uQ-9ucoZ)=lywAzB=`kci za`(;W==k3CxvtiZ4}019E4;>gcsw!j6kdPHHlA}tmV(n_?!MX{!>weC+ko{*1yxyo zX#>}i-F)P7;jmzldYJ;KhGRd+#aYyFX}Snd(ro;bBl#ysqe62!ncSmOFM284p`aTB zmM)6z47UbZ*Fr7Fv_*KLT3zQeP5WvQzd8Mqrs}+zYdJyNMsxeFIPw9?CZQ0!pSVMr zmRr(zqKZan5?n({AhsLLqw8pm)sB0_%C&3{M>eF8LA0&jN;Sr%UD~;9yLQQ=;%Z3C zea+921tL|Gh_r$`woHw8NimWg8Awikb5&(vr=K z#XtVs!HYbdY3k9UoAwoQO$AHbM{>F|8dj@}uiWuaDNGmFF0C!|&3lm=PIY@qG3Cj| z6S$Sj+8z6X)@p`h^4O2d@+T_iY&7iK>gMC#EzXTcIJT5JI5tgH<9B`l(sjD1P0wwC zEli?4;~7d<9-PIH3>oJs741e1<>poU&`u9W_#D+rh%AdX&GHn}P*YZl-B#zHd1n>1 zMER29KvO4_xIfO^u|=8OQ6uar2d=ZWCDLO=kP{~aESr!DvQxD2w6W88$$X=V<3rps z$%jk{^9r?O&E-;Nq&mS6-CETPC|E=JQlCwQ1^rUIE90*J?h7mt z9Hm)XQz_}rQc@4QD`t8jv0N;C*`)lLFmknC+$f&?5oVH6B0MBW#4luyy^$(aD!wz0C=Qc2IJ+pG)gK!Nt{`9CvXWs{ zmVAysPx3*gL;iVu3t@@SnVb)K&)LPaBLs}iZ=!og2uL1^)wdMAnCoTdRYi4 zYNAB_s=XE)=(tz>5s9~O6AsyUmXl_sNky&6M`~^Q>2f<&Em8);4pD@!Y9o6v<8mBJ z(1BhV;g1l3=JG{*RdcWd&P9lPZU704hq#->>uz(1QD)*3X{L?Y+Q@+9@=a7XUUGu< z#2uZAde1KI;$5khvmkni4VAD{02~Y^^$Thg^6K+%VIxE~Hz*WIu`Y0`T8;*gk^Vf*>D9^DwA0Shqmr20 z`uJ6N5)W{#7D<_6%!gzw%eRtejT`g@p|zlKJB^9D@2*Gd#Sp`+p>bsinBV*?1lR*Y zihLd(D}@ASsGpCcjchy0@grzb-+;o_Xd&BwsAJhS+$J03dg_I3*b%4E)Zx3}ePr&p ziQ?IWr*l4$3m{nQC8aOAe`&-+RK){$=fD}sp9Aw!aM!*V$<16U7Mw}x2y0+9nVKr` zCik}WO#XevN~HhGt-siVVsh}Y^&kLAU~U^xVLfD?b%Cc$nd z3;hF)5NeH$t+f!Y_*XebwV+;_Ss+lddI8R3S$@MN_4kD!qHbu^NysrlGwb_AJ^IL5 zOt@76)6*{4a`?p#&$RxOG5u6^@nXzaWm8c1UsKMkXp@0Ta7q{qx$*5etF%S$!(RAz zg*8|hwQndxvp`y|tKy3xRwpsO!)?g)J+Fn4vo$@O4aOxQxW^HqR|{Tju>Eq35!~tV zaHJW6#p#RS_wdN4HY=iYcW>zxW7WOA%7^us>@IJnjyLFeF;Nq_BBJ=A%lN;-v0&dh zF~X}GwLUs?-rjmnnbn0Q{L?P5fklxt1}N#%PZ+Vq)0Y=$m)utxSTG&x zj=zsf4o<^zkK6I&Czn98Upcu(#{v_=(wurtY{MC{ihqoA$|z;gRn{CP>E{H+@ft_) zjp@@I$(WNAp?R&b%6tBush;qvQ!(Q$5FcxWzrqeS5~Ryq>-Yb?ofBbvtH*ei%|rhN z^n6P$eE*C75XSxtG2to8Vg{fQ++jLaM<2O6UZJF*Pqi(mO=mg+YCBD)c>{ybk2mid zW6~Vy=eaDVvrCpn!%6NpLLVCY6D!VohCdVw$0*C7b+2>rFqW19DBXF)3h7lu^>Lm7 zMH1@}qoZk#TI?T=7VYUA)O7lsw8}>22bHU4en2iWY47RZQaq^(j$Ezt8WGW=cCIi{ z#6My)P=RoMCQQ#Dzbmui3)#23mU~(CjpP(CaSECyO81&?yq%o$MC0oC6H^_lamwJ4 zxqW&+ePAlHCsWWoTV!Jj%D;}RxB~-A(T#sMPJ&jX;;Iy0mV#D>@4}*c8^wbrD!(%G zM9Da??`IBDXm`8w35KKcwAPIbi~BxSl)BmmjK&)FC6<@%a>s^&EmAW<&-m<<`)gR5 zlFDx?EPg9a^{$yP*~ZkBy4zu;bgToQBx$3`b(m?Z4NZrZE?BKC`&p(sEld)M8BOZN zVHBASU%Z5+BYDI8vfZZH;+L2VI{I7C$t59#W1?QYP@b0a)*90YB&B}V?5%9%!>D{Q zVnPkj5MoiMA!Wx?M#EV~$E$~ioLhhpiwN;S9eHW&8_18LD0y6n*5;X3=+qY;%oRzP z84$K5Kj*G;e4ZaBq_lCuWxGAk(NVx^yzB{?!Nz2utB{uN>_%RX=SpdU&q(X&Q4@8b zu;019MovWFY804L91XPNFLb>-h-PHBhblvu9q9ATh+kvxUc@vW@HAZMe7sX(l#$%0lgche04Vjf(6FVY9KojJWOM z+wr3Cme_mu>INTNA*{EBBEo*#Ik}&Jf`&E`+%zMZpJ$^{Uyxp6NSC-Bp%(*^Ndv_U z4^T8V^Ed99S=ikM7928X44hq;%?l<4RrV-mOc+lq%CJCgmlW1Kcuat}b*LGQ-l;-(ZCZa!A*R4M@OHULVMp z!+zWk2NegWQ)iQngLIoE4ZQ_HCPEX%C$j941hXYWBWIaCeVwGLC4C*G3R3#gLjy5g z!+&{0+8VuzR57#ov391Wf2+g(85f)}*1*1`A5b!=|MEUfh}&kzs^bj0?WVFhq!*`= zkpsB5bbDh-yGo#M+W>438q@!>g+LDAg-)<zEgbw|s3_iJ_4 z*bLO`4s8mRU^oM=kC~|%czi}jOtU*IbRr>4iGUX~fAOe2bbG@A`QXcy6$r=98~n8E^`@-0>=0J& z&{1lntSgm9()!~Eu7?a92}DQw z4@8d{SQ$tYs@A(3IW@D@D?Gp_M%QG}!9abFH5YISrtIvV>NdJ+dl;RVZ^Jhr`m6CV z{dcZxPE^KB!|xC*=FAx*knZ-G5*blPU_N&4G4OZBzKQRz>3floQ*ZyQEBh~ z{)B$QA1&WGK!=Rz<2_Aj?}Gg&YwmT-xmGTkv|B0V1U!|4BV1-34o>nQS-3P)r~(|N z=Wb*RN@9GsBh=o%lZShGq6bG0dpMy9H7;gLIE;o#wZ{~yt|T&roS0q+>D=q0l(oB8 zzEU4pC08$>z(uFpairg1=kT*gCT)U|`3n%2EtmJ$fcYhLKPbOecJt(Fpg$rCtr$AF=5jlJJhTFw<@Cw1V3vqH=x4DcA#M>4v1YCkQmU` z1V3b;Y9c-G-X$;|xLqueZ5TanU|UcInO_q+IV`<7Y?BzkN$vicOKM@uICtbJypIEW!r5%^QZc)e7SoPR#Spc`*S4;?~kEk#*Em}b$Y-HhLN|{9)2d$ zb#QHLWR`i19J7$YG*+oTRs;mo3ZO;c4Faou*dz0CVc#C(_4ezd#sI-hYZ^Fr5a$Lu z*f+mgHz4?yW@7 zO?wz;)X;<3p!g-K|GN)ho3F^=WAak~HfBsPHouh4lAcU%IWNOrDpimGjRX6Y{WA(% z^9X=@;PW>7+oU{e<|YN%WmBQSc)Web(m3FU*Q^&1AwK@#)Re)*xc8v`+*wJMT0_32 z7$bDh2q|5?X={$C_d%w9UU~`{dt>r%PjHdYiJS@n)>fEAU^4%JT zeJ8l|yyW-yaM0$kxg5}Ivk+C9$%%2hQA{bqe9vR!;P%gn2K&Ck$JmU_k-~gOOpebJ zX4@*f@V|aAu(YBVf1at|;w0W?6^~tUo_GrLM7Ho1+?X2Gb$~i5xM+F7A7oWJ%}8AE z+`VU-4zYXeL9V$%IO!su=D_Z}vyT3YcypeeeS^1Kc$?wtfz{vvqU{bR39WX`jVhkO zZV_HaOXy&fCnVY4jH++MW4sElSNv_foOWO~Rtj?(_zn4G`}zST%nOzHB`N5IE&qiZ z?CUAv1-s%Enw5^cqxjt26wBc+>*Pr<1o6Jbmr{|D3-2iXP3U1*Q^kw!1w~~q0Cm{VH zmEnWTE9B)v&~3khMLM(fiTr?LPT_rU2K8$JHaPtiZV4Aj`6}`aQ~0x--a@~sG&lM{ zSg7|i>v)6l?Km%$V9$q<(#L2}p!`PnPmShn@)I>w(c=nV%MAx??E8xOZ9?73FM4^( zPivVE(Y+o)wPV=*BA!2vCK8=2iY)W@>bLWqoPqVsLRixPL(*H*;BOaNbHPrI28n#y zCo>(A-?o0fWduIfvndEsQhr`*fXG73hi`4ckL^|RuYWf?vf-)G0dAauJ)QmEddH?J zL!JBgF!p**?=1l@#2jCRH~cc;s=c=oWYjwTJ~fjRAF{x&J@1_`cQB*hUMijIlI5?w z_xsA}O1>frpCWs{f*MkC8XrvrIzwGG(y%QovPKFeO;n1F z*6T!{swi)2@@t0er;eIa;rCrLbBu62%s*C;Y$1@{SWc~tCZSWP&!3?)ssD6YOFsC2 z^o;LsCv{Uj9Fde9mB-!XfBtwYeo^Q`2Y7bj_UViZ{RzlN>Aw;5Fo^3a!AGuOTT<0*=p94HIIj~1yldJ?MMa;5&U}<>biC=8EAUKJ z74LZ20*}-k@2Wly4?Emz;$l%@-G9`NG_RJg*Fp6$cI3zeTM{&KU0E9O?i95QFV;Gm z*NCG|1@Z1{TN$TCcL_$#+s3=L@plWNh3Wj?ZCMhILte%WZgg!E4OyzxV~8OKJqRC> zp?khn2_JSGUwAk4m?7Vf5_biAFDrh&rwkvqN(uOgBRxPL6Cr!P4GAAc9AECcx_ofo znu>P}|0HN+yA##oy*3=St3i=f-pq%XBN{|9smEj&;xMYEik1X_H3bM8mkS@!0J0_S z8tl$DV>QXWbf3!Iy7!^$c5g2J?Hi=n@p2IcTY z78QiNapWi99>s-e*%wQGH}%WqiY!V9eTs8eScsCTfK296kIl5DmexeNgI_sZRyKDX zrrJzjnm%Hf5F7SBbHW9Tps%Y38dua_OcWm?hDqVazjpCs`s(z>9>I2>57h3g*a{l? zgpPio#lOP;I9UoGtESv5iwwV151w(Yq@AGxab>~{a;S$sHD%RM&zJANg1RkVP2Wq4 zEGym0{c`?!T8q?E;lX4%ciela#=D>*f=_V%JbNH>QtpM~J_0bA!!WGU*=O}7^+gsn zgqDPrO7hf%tC*8;4GGjK z~3$5O(TvLMk|dl8mz3FgzUWWvj-SDjq8& z&5FP=7CH*JtfQ1#UTPr+X*10iCqqg!sv@<}re97dyY*+?rHbyFZgF(%QD8IhsH|b4 zF)m?RZvzT^{{h`dgk2(C1fXAPnE?*vQQHuO4wa1BAME!D2n+|&Za`8>K7%SxN)XEF9b=S8yZKFZLbAc|{fIvm} zJw;omzfjxg347`I_V9YW>iXbdk*pv%;yj@V*&LpgTy%;esf5(bw;{yHP=BpJbkK}o zRkxpQDf+K{&+oxC+NVv?6-?2@TcvmoI6vl{?>2k1S~oiFwRh3frRG;s6Hh-)2awC# zLa)S?iDClAY-(_b6o&+kB*$$PJB8||(R_PJL zVlBz7x#BCw78VvX6DCwQ%BIP`6|>jdLLMNOBQ|3{3bHMQ;DEfWPd=vXeo~4LY>hrG zZWKC~cFGw6^ol%2+)}**iR>b_qVoV7@s>*}Q8ZCkw8*WE2~ex0${3P4M#*n%ZQBG} z{J}FClW_0fj1OQb*vGq^Fl8b$pFl1uC8VNa#tkc#Z|N>J!s9L;DXaX{BejE=$wYa@72Y;diA;U<8`m$F|Uq%<2FgGw4v z)dP!7nPo9os>4uFr9p1NC;CA~8&qo4g&gsH;YV1f^iiv;g?BRRaJTg30Dv2<5~Mq; zHx7fSungal5SZQK@_35-9p0g4IOFUZ1e*2+MgA(8mC89tS3>Tt{Q-C8B9O*6ct0I} z3hjGBreWMG0cWip)JNs)D*yL`kmSVycP4_dm`37cvh*O}lw3WJIrE5TYhIkr9wsHt z1#-?e06AQ)&5(hvI6Zt2U?pYbL+$wL)5s{+z%nvsE|CdN>ZX<|?Fdy_=w()R&{UK5 z_t}@7-BMJRzJ{+jT|Bek0($B8$DoqWw*-9ECj2?xD^3V8ZZsnzWxzoUQbxgfJ=12C zeCOlHQpQ`iP7ED@!D5*ZzgcSRgW;NbIfZ&Dn?s5wyNzXN9{&Zgl%k63gX6z$9WJh3 zDRf$z;eTRQPZ@W>sf-F`7UFLTd~sOnV8za=2lMd<)sU)EXvTcqJ;=a;%OEUA%mN@k zcpO{`S}r+#gA@CDa0n;Ujt5K`8*TTynb|Ie!p0I{-)ioaO4B-xF+4H`B8JsLYgNn~ z9_<92ulI%CbPpC(?Mf>zF&vf`BBXAqOf0K|2uYz>*- z(iV0PJu_DI!Vd1>YuPeEmpJ90N-pBzHQ&<=nwHy=%+nL+q6sTVCyUIST_&R3k)^nL zIoN+y3g;&%0=E!h;!d9OJtP<7pmRwQb4nUZ9(}!Y&$L^y$qM+UN(=$j1)6g77jLYZ?IPb{xNXw)w zLob788OiZb7Q z?ofOOkMTB&F9a8jx8CU+4mTwCbx$aCN$WE@$B=95z55E6N2gByCv{-`f_EX@}7?w9HwK(XmwLp2LbfA{gx z4I6(lMsO4R{2+(;c6_Q85Ct&#m_oIWDXa&Ka87qqE!qm+fi3i)%F&-&;@9_-wYW-yny<1K91S~K>5Y0MZ?Qy&6!kbSo z`Jhbs84R0oao6z;oERUu%n!n1!${EgCe5IMR*#2&F=rPL>>vEriTdi0sg`WUrjJg& zu}H$0wyAb@&@t(A~9aEFmCP|Xug<4NQti>onOQJtjq7AM<*O0|H z+!*!v(7Epr5pD5o?YQRw#(x5Gt})QM_YUI!1VYM&8^|{9cV2W z!@AV?n7URZ29-218tYi{h0Jhsu{(k49bMbJUND@>hJJYRp@+Wy?eDNax;Bf^3o2TR zll8;jitt7LMwED5nu`PpWPRYR33+yF;nDW8IniNS(bW;rg&m_1zRpn<0BV~$ho zSs>4M>TPVftE;3dRHjk7DD@3bDfy(!E@RFnKr{8sWIOFT)s{QTR^eN z54RN5GyZU@NBx&=J&-OfgPap# z*rTj-&nfqfVW4*^PP%}FXI?|sy#qmlar-O=aC-_Tpuu`==wxr*NtCxNST zt0ua_mqxT_(2j}lq-X33M_0pjSi_=FHU(%uoQST`!HJWL0wVgShA!0BcI|;;CU@ORAWh+Fl+sI&56Jj)WBJVq?|A!=sc|9<63ht>OARjaBOi z55`JjRk-Px<$cp(Hq`(l`i!*-th#LX4i7uWn@ii5YTz-QpzaZY9Y&KA4LL_aT)on% zUg77^^M6RZH7ol96rT7=U3o+`C89ZJnK!$)6B)+z8Hv~h$3fUl5Lh%$_jEE}+cd{Q zdh7_AmUjHbe;MyFnQZyg&py_(;{36 zkp-Sy2x8&SqtheLH8m(l+Iyc|3Rq-mT&aAgz*+{7G2-`BsRgpH;N>>$W zwx3#vfNt`OL<+(CO|NhG^=@4eb~cmXH7=z8TU_pIZCiNkGa6A4pVctR8yA9V&1}N3 z-H$8?UF0hxg7?_gqXl|{hTyfuu>UoSZ!&uyvaW%6;|RfLYgYQ`=bPU*gKhE*^t}hc zZ=1H#pc3h&+nE{m%KiI9P}ht3x9L@1S%}OKJH>KEbN@#4%?=uE48ypMnVU7at1f|dt}M?cHsuDib&J55W@8!{X^YU9 zW|J9~(j8iXkz-RrVnuQmlkixXP*Rpk)!~B$X)KOh{S%T|84;~65v{4PMt7HE1zK?T ziwjYAHt^vF{GC`@E`2kdmgg9}Cgp+cLO#@HEXebvMiPYmj)`51(g9yN*7GD`t0{aR zZwJ;7-g8q7albpbL$e*&%yGXC>Q`QwnLXSrPfY2~JO#B~-zLS~t?1Uik`6b_^~n4? zOXs_D+vYB9UkPT!4DZ3T6VAB?PRkFJLF!<%>UKcVj{_n2L8e6tRh~4*$Yr&DCr<b0oNUgaWPz6+rdLGdRUN zbw_vjxi$J;(!{Zi;tgcaTN5lFUL1HOW96!f#?v|(wk%k=wBRa)wG?Qr(FnZDTsz6D z?T}d~Ua%Qb-U9E|$U#^R#jPKh8w#!ukeS?$RPeyTn?2#sD)<}kS>O@#qdGzr;?IX> zg?)j~EhaK#UCWA*4|{7&j%?2uT)*F9xfjZBL%u%e;fbW8+9RRufa#wY;(=X*YGg$j z&k#1^2_O0V)3J_6^t>bdUv#}guxP=uwYzNFwr$(CZQHijUbb!9wr%ZY+y6fIwC;Ox zBPyyHbxj&bH0Dg##?ANcIys=)D_E@e131`eY>7nBH< z$y-2Ursrni2qtrn?IPM&JC5rEUD28FLDOs<>jb{MqZrb;l``p0?^xib|b|%xzc`sBqR?(0j*d!FE^K==97Ci{~;Yz>&96c1sL=HXQ|Hr}Lv7c3% zhP2>s=E|1st9uAP5=e$i_{^Er$^xStU&e*{Kfluf_4eqOrU88DO(k4Pk})RjiPHeD zOrJ?4`9nU%k$;fY`Z1^VFZar!FOe-l{spKK!VPzL_Bx-;{M(VuM-tIi=sj)#& z41Lc27Z)`?0wU8GXG*cW|hm($1SiIq$dR%rf9HzOR1& zr_1G|3GRckvbvYm6}ZEANYaEPx{#=8YJ!Qo5lbRqvaWlqL?8)4 zzehj4?etT&>pYiHlWENGDZ0m3 zS1pxw%lKImC056zm2tNyIXCGcwtG~>8|W1JLj>9>Fmp#kkI7M==m!Xn-&kR|X zK!z$GlI1`YvYhFnW^h^*B<0w-zGydN?#fe-W#a1nTbw((vIjUjG&mb{S}#Gi`EF9g zw3JDobF+;eZWvSdmd5Nwh~C)a9j*$wU^a%vo)HMuw@b5v*$a#8!Rl~Ns(PU*iknW+ zi1M2%X_sueIYFc7U1~G&G-`p!;c1ei3Ef=$l3|PFPV+EUO>6_2B+00DYy2wB_frYO zH*n&L6w{n?P1dMKD`r??=p254r zUSIMtB9PrGXT=9$E|!X8%DMK%hpp_je`3JTzhdN2(@u->)KP&2??sDM#2k2|M3& ztgVh5EB#!TrdV)Dc~+}d6O|5VN1B|68luDU?iv+hnadoOp5xY0y^4%vFE=h!Q*V*z zh-|z)1#+*qpb7IbGd6RwN>UH*#-M==bZ|w%9^}kU<)Q`@pC0#_1}EcqT~lwca0!_- zyQ1@aiybjx3|2;V#dWV2^C+;hiW;_1mCMBgeh@aA>C<&)H>XC0P_7lcV zZ{Nov{XR>J2(70hNsGwR>;8qeg!E5VOj{~c)4&vHrBJnY!EBj_49%MH4st}YcGlF4 zMh_zU&?}oA$!19h?fMma+NG`HYzhbduKnGHfzECB+*Q2Kr`vcl3X|{lg^x;dMGb|r zc9)E;XvXFb)e^2j6I^_ujJr$1d0gK(3-P*-xp>BA6qE1pmAsEPnTZ!DlkWv%QPR23 z?A4r4mp~Fk?woec90J#?<~HuFk6}mBlY|$Oo|ccdnsdjRSuv~xYJ#t0-v~K}z82yz z#G6k=7G2KbM(RN&F!Y#Zolr2)c39D){$4M%PHNzDXTbB?^v`75ZK-7aPv^>e<@g7- z(RJW6`|w9D(kj8HScBf)tk?HmLoc^M&p_KPXxdu;$CjG8@L43}th?B-G05GH$0_(w zNaLzWcQXsO_BN+lH|fsS#ve0XnYN7$3FO?Btqlvtc+!g;+3DT0kv6jQ9!i#a`?;Iy zF)+nJ`MU<^?($Fz{_XOZ4>xOb_S70@zvJ(_GC9Mh$A9|Z7&sPh&TU3uthm7T=W@dv z--(UfaNEbrw}UawnEOs=ih4$ZQ`3jP^muL3&DZo5e$?(x{}uj#Bth5D@fN(m9_sw- zDb^|Zq%iQrejn2(`rZ$Gs@mXwUn^H%2w2|!m!+uEtUVYT7}|Rckx^ySuR%U?q(?DU zW`j@8u@696_a<`=zs{+<*>CO%A~9)40aLId^;C>tn5oHKadQy49BW+^z9>7511Xq}^s2CM)XNU|h&W_GU+;rqSw%COqe0a-UuX`3&i{TyfkX8wHV--+! z3YjQ%adqqDs&l*FU!xm@xa*L)T~oUsc*(doi78`6V7K&mWFF{m(^69xrODN9$41)q zeiKPJXh-fehCzZ~=dON)>4k?mu048oS9`XF&A?BK0S% zH<%#qyW?=RYl>+PXuqLLu$}w~S+Tq_wKuRIE($rmq(f9U`rr=ckLK z-1Buu$|bBfX=cVci>-*ViB%`F)acGIur!U*L`#%YWY>jciwVt6j4Tn5+L<+7HN-ZD zw^$#!NuVbumia>{LD> zzIbd%fmKFyi zN#ty(JDBO(IE~iYpg*fdbY|Jp7o|WTf3A$HFnSC8e*1p13XL*4XrKIyTsaDOs73;h zPPus09F~-nT_wdGwfFVz9KrSTjkLMk@88aejJBl(%VURBozI!>U5vf~KJGWH&XD1B6QY=WJ%J^OI9n>hgt5kl4Ysy9GL7^dD61DISctw#F z%6yYdEH!`=R0J1p5|EFxIsyD&(D5OitzQ7Ed@{y@k97IMQl20sc2T9xsZ%OuDmFgc z8`NV%Lu8Z>Qd|$N3IhiXc-aA;DsH6D7xN)rRDp0nAk|C^&`hj|M^AIyQh~LeFrW*E zy&oXBPbAFa2+RkE;6>;1sWb{Mk$L!(tOtthZ(`rizV&XntoX{5Ujs_mtxne5-2^SCZ|8^Qi*!7Edil8c6!OuzKjg#mf5yhI1kaKi_?$fo-ARHfl(Qi>A*ux?j{pok%13i9e z2Jk{c@ulnK-|-K>Q6knz_-Qw~-RW*l3^g64rm6IKpxTx6zew}0buPX7} zfvybh<=6q<7pSMRMoo7B{9%|X^_X^Wbx2Agx&{^cm(-}RQ98w3>~JT!hrB0U-py8@ z;?$Xp`t_!R%_lCwx6dd1hnK=s;Kx|96R}Y%3DGFyiB=`)Aa(FJl0G1sv#~gY$Cd&a+ z%Y?`TuoRwOvx4?m8#PtofR)ODlV}8uXD|Jvr5ONz8(bC_=&hg0j&_sl;Z_FUADDet zZqvlOV8tH6q8HZi@U;`rdX|$NXkWx&;@&`FGL+-c@`S%FZJd;zh~}Nvi>}cu@`Nsl zR`IGMF&rrO<({c}Jy}t8$!MvH%ja#m5sHbae=6?{A|%sB#F|HFgnYo#dI)KT#KpnZZNf7 z``$W1$j;f3lD%g@aM<~`C9FC?LBhC>}f>VhaQMa*cTcas!VdS4)A~ z!QfIQ#MURKUwE_Uf-0Ci+*fwPHl)NkJ81Hz7&_QZot(-FVNFQ8>yAsHI3+0U=V5xgzW1HKZ71;$z zM0(4Lf&7X9inRiS{7TjD3)KHf32O`Pz}C^E*_zp~`>)7aQEp{g?#@6 zIVsY@|5_OrPxlDn@`#3tF!9nJqtJ1Qsau;OPxo;7#D=4=OBc>05t2P~XK4oNJrnNC zKdq3dytagB6SDQU>Dpp$=FPG%C?zDR7+B_xI=&C+N^9VPa3Fx}A4XQV!(74Vudq#( zXTC2^gYOD?zFSc4Ec2tn&fXt(gmK{bPLO0s@zj4J?UmuFxst}6WbQ35xq7Ikzu4cV zZKunvN|{rxl`A`bRP*u2z-C=>mf_J)n8R}5@Z~>-bg3OjNxUK0iW~6b{oVR|88Le{wcu zDbkwl2D}`4(FpwgTXt;3U~ZI1q$$%m;LRiJ&YEginRYHWSAKrD{U;`StN>afRY=Wg zjk=cuqf;LwxH~g(%HwXtGJ`&>d{1=5x)(v?7q`{3=M6b8(WVYLj0lD=j8VynbB#?o zgiJLgS4hW~Q3kZBm6IcAs;wpury5@Ua>3voRzC)yil1OI>h3Z#fnkWy)rpmUyp6;6 zZ+|R!bg$-4xot|7m+0}No=mNYQHha|Xg^h*x+cb0R$`)hnLxQ}RSCN^@@EhMVp#MwFRw~I3*+P z7Ok2RwFWEeYinI=?J8foIoQ{p3+J}-+wBQavEHA)KEJg0nT)1A=Q&=^(FYZ)_B4Xh zb0`kQp>ZYr*pYjIhgpAs#JHKW6Sewn&&aFSz#Dr zf#N=R>cvG+%}Fq4zJ7;=_)}gt6UwphwdYuO9kcB?>-?sUSVPXHBdRk0T97E&zlQ=x zxM=|=P-clGfKmi$(|2*f>KnZ_V5|t7FBeb|M*OvtivptiSm{F{myIkCItzfmu-NJ( zBv5hMrA&JmWBR>n8aX)ZzTDh)i;J>~_C^8=`n%mnaI`x{_K$3F=r-F5cBJN&E9mFp z-apPC2SU7~zl3**K{T*8whNq==dCn7aDSf+ZsdZYs$#2Jx7u@JRWwmm-DV%jq=mg6 zJ885&>S$m=ab*R-uikm(;483KvsRvqO1%A0puu#rX<)-m!UlxF@hP-A>7_jhPyo2U z`ma64`{B0I3t}+y^$O*!zM~@%|{_PbdLKfCP;jw;e$?3FO%u(-1s}kTMA& zdJ2jBq?RNS3$C=3zvw;gdBFJ#%k%yr<-afotLM@;0KCC85pYOSZl zKt?4(77ENTD?d6UVUFe}mJkUgm#{lv zb~QJ$=mG9Fs=yq8L^e;2#dbS#_+<>E1NuZFW+Z>`QUm(S+)IE9T_qEWRfJcxu7>;D2nErb)y zPoWkGm{a>ln^Fv$j;RLZv^o_c8)1Ri$qwCst&#UoGg&1AotjplxV84t$f`fg2=ta6 z`B-z5WHFCArK%og9z;$dCxs21j+n-X4k%!oE;XarpfaSSSZ!z#tC(|?nLt6$+K@z4 zQE9wm6G_{rScP8{=C}>WljL&WmnIV>l}Dp-kO5_2XrZv|C@6251`!K(WgbQ~1Rb^= zm^9ig!=TsF%qYnmd3l0=t%-&^19c4=MI$=y2+Vqb@r*D3_CsW^97XRmG0r6S&Ci<; zg@yEoH3uv$3E#Emr#4@rYGwvcIA~}K-3Y3e^1_8~CSA|+utPa(J#E>@?OK9KeBO)h zSBwk3a5Bmxga^i-Oa_irge+|$C5MmZGjs>PKn!bN`}vR|2D)qwyt=cZE#v9)H$LsM zKopUJ(|+|R)rg|oqJV^2EQ~m+2{g5+Nzp7RtO9EFbi^DwM6_#bfErOv$7ngSTpwyK z97bvcsGVD(hU*RdZ0(fijQO+C1GTjNoml)V*(B0+$z9n*h*Cv(?9X_`{>uCutm}aF zoAEtZ+x}gvTjelrWPy)a`O68Y>JinSd8)2vGLMmrRX;RZ5+Rg2eiAJs34-)MP^QC< zBG(1Nh(8E1b}f+l_lPKf$+ZYVKHRK;0KJ=H9Ns~-n1Rx4nT%8?25}f^7QrrpF`1&P z3Bj!l+e*4?GlJBCVr#HhAON50d8h=!CK2={s{zwfhf(;MUo#X1ZWyh{LN*#@)hA9l zqMJ?*xI=?Qn_3~Ykw)syL?HNxu1FVA&~)FOyS!F0-vqB0M<=nd8RKFK#j#?J^Q3)SNvYN^!J!1Gd?>nOJ(3MW$`;>bg-cg5~STVAavV1bzj7d(Bt zTDV3PNTV5n>LUCnFtCU3hA<(u>54!^2-iS)G|ft&+P?tYE6yGIhf=}vIi{AN4lVf> zX)EzT&=1J?Qfb#>j8aFm#wpZUj05BSXWExDUPWoWEr%j7^@nU&)Y5rI=J}PK!-R>F zW*}sEBhZlL;r&}6lUB$Y-i4^o43XE`h3zi|<~7h)4Qcq|(-chb$!M${3v%sxsh zgu@3z6BOb7aC_=PS<{ZhS%@Slvk>lqfA&=AA%n>8=d-=j)y{?#+`loFW%s~I&zlsD zyzxlqYeCo>yZz5A>GO zyRxuLSRM{w_qDgu>$xM|@`DYoDw<-?h|z@CFb z`k)}wEYgm}&VS93`c%RLtL|6)4{PNQ!$!Azw#V<`CBG^e^|`k9Et{!{!JbJt9TGHp zm5k15l@$hR_942-2InOPcygq>n0QqZZi8DW@jZ3`HdoYBVeUi&=w~^W;e}2ym?sbS zCm+lbliW-V!#OzYz+k(Zc(N)DdD>k2FqYA`!l!aUQ4jKoxZzHaP&q|J*{&xm)CYp1 zY+9nWF_!VGFbLYXL8vwZq5^lTf7P3<6SnQ}6*hrP9gu762#&PFF!j^6zG05t1n_{4 z1w(jLQY!^mMF% z0mrq&r>F=!M`0@#unX6AVnJDhV5bVuHpS-Q@KFx(-2Ow5Kp4}QLTqZueCGzDmqu>+ zrjDMz4bvI6x)%8B3(=>LY89{oR9&QJR0FtbNZ$~b>Ixjt!raejP{mzzJLH+WvHs!^ z0b)a}xe27hnD0={e%qJo7MoOJABY5>qp}R5 zi4K{}kuUR9X3&I552u4Y1F#dWZzz^@XRo>KN)8C>zBAEC2Saj5sHxm7>W_V$NhQ4% z@CP87JrHR^A-T!K2TfFw5H~!f9jXj18Kp32u%Re=pVl9PD!*J^5z%L@8ZehfgG-~g zzT4p3kTnpL-QfcH&VdGkyq13$6Ar1;&Wydlk?$xL>iZ6J6FN{?>^faNTzdifTILBG_vHsFQIDz%KI%@|uu^=W+|Zf$C;OWic$GdZf%%XW0mf^h*Pdt)BkpSxTFCC7 ze{-F|kvj;L1!Z2(*$ilhg^o6WcQSWx)7_E}atq98Xajp5LU}^R7w3*7@W_#~US8@# z^n`4e=M8v#r4h%axx1nBV@Y2tOU4ksG(0`3PqQMw7#<(xXJ~``Q4iUOne*I8ozV|Z zpI%%Y$mxj5r#LH@mbdp=1D~rRBl0)MV6U3|sQ%hQ_%QOnUS48`kR3wd{t2=xCUU#yVU$I*&xOpWj z8=dH8YsbDnv&FIcxfFWun*}xM)Sy|*((XK02fYz^=(36fVP)p_qrcjhI&L0zcRfd& zSAgEsX*`ko_gK1IHIq1<{x;#}r!Wne{?i|&+uJ<8j%7nt&}YyaMk`HFd*8JYBSYJO z*#))}yXpGo*R#B;8E(!h;lX3Ib@5Iuo%HZm->y5;@lf7jYAxvr*luM>r1e`Dp?Mrp z^5{=EDlAsfX0b2(%Y*5}vfp{G9xjJ6S;g3EN#1{3uCckU5TBQB%@3(E`#R$~vbwz+ zZbVi?HbY{z`oHKfWi{;HG%H`^`Jeg%zq&?`?5g$ytqt$Z^x% z-gG_=r+u4^=wCHn7T*pJJ70fCH>S4LN#&~ddRfklY8$e{pI&8g6P z`(OLlm`^5dZlL=6xo_})YV8gE_IP;9E*`(7pc9v^<$kcd39JPab3YOxRl4lJC~NUc zbo|{qe6DXami_+RVQ1W8rVSn1$?_lf<#sdFJ{b6Vr~I2!`h&_^WtNxgOJ!#ib)ZLTPb55n_fiu>_nJvCii43+1@;JxNlUf$C0i`7=xOCotsO?+i2;nh#Z z<5!u{Way1qI5oF&7j;4|(u&>1f@@X~Zo9t6AEMV4dI)Yc( z-F@Ywr|Z_~Nq$+E_shDPugmN(wyxXS75|5U>&Zsq){g(HcDMIk>I9ccyUO{d)AQ&Dz5 z>j*lkvFU3pE!0KxE)3MRS7*7d=_Wej!LCOf&*sB+zk*VK)EpmDsnEOMX4QmXeNp0rKSzS-Y zU8enVYriK$BuqOoD|PSNsZNYAPyKZCs^Ay zmxbY8?B|S=TkY4U`%vU%_SSo(FK=t4YAtBLxTI@U=f(f(*?F@GZc98F@8iaBOP*#+ zdQG+2o6q;V91Z$+MHsouRd=+V=S+RqBUR(=K{x;A_ae9M=J5ir_P^WKgFkAH;M(wN3NY1gS#|4!5h2wBg+TxpmPxq2C%-f zQjlQ%=Eyf-zXd{&HWG|W5MP$}nZf!1&Y=4kWDzHbS5#YqMvosuULHNy0AOC1y0HLY zh_H+pJ0Xu7pjBia@cOuYY*^=1^l6{w)bU)vX#^jTTzSa3+q>$=x1&&V*$3`^YkVGj zqz}1&zm_?w*MIk!^pBi%z3V=jh)2)OvPbTQ$!+_0`mPUh#i4<4CC|%A#tRG|EyriL+@utxa^+i8+w2P{}XbK_20e5 zI@9Lq5n|3y_dCK3u0HL8?lpH#?qm6+7*fBHbNRg=1b)RBN{@Pe&=1Dg{7GD@?a2>* zfBgSvK&>RjQ$k-av30Ta0_CgZ4=jB!P2qR&~bRNnve_4&H)rmL=V z*K(@yMLYE$eg)5)g}V8|qEEI-XG*xQ&FY5PFWM|4wd@6(#XaMLYX+%_P2V~E-ZOJ# zv~G3V>VcY-pVcpe43l5qxoKi>uEbN{y^PKE4%q;W1hLt=crq`dkqt%Xg!3pbEVM@#&)-}kac#M zx@B~E*0{s}649*2`?kpHb!n1)cj(GAq@wH9xPGGRm0;Us+d1(5rb8%3e)+<_7TdhL zi%+mB@4l!dC$+#LB*MsRX1Da`aZ#_M$F&)?wNjl(11{)*Gb^be-n^Vzj2hjt~# zjSPd8%agSs`g!_&Q&vt=S#;%{hEBIj_}SyL<>dRMoP~x7Ny_vy2hpg6hbOWL`jA*9#RB=d~JRQ@0EQ7sk=ja!%_y=W=C3rdionQuQ4;j7PdV{(>$t zTx6TJoh3V^-pi@B6}9X7Tp-`AaAz^HGHt(H;_-XSq`N)aT`zG+)qcNK;klcs2M(J_ zx^P`HE4*B@iI~?8q+(^U?(deP+G-ZlBFkG^$t8IV@i!Ts*76{%TvvPfH|;5)(mX(9 zC(HJy*S|;;&olz@;w?Z)2CToyWGZiiGB$4 z=ksOxn;*|76?rLK-aFydn4i$mMgv#CU^XP!Goy_dX6A6Iy%-G9{Ym%gz2ChQ-%zYu=`y9b~z0!I7~<=>bs0ALF! zn}bs4fii`eEui`4L4QDW2f%(10Cw_;--O8b5g>RA(4WG77$AfU319*kAi`e_7(@c_ zzc2xa3^`dAxq2R$MJNhAU#_k%F+5Pe{p4A@KtaK=L@8Bj|F!KQ=X6JVJM!O@10 zG{CA1VXH%ZG~luG5uyx`Z33Crp+EC+s0{dV0)ibds17Jp1X*!{j~tNX1~lKG=mt>R zp??1<`()c;w+C?B!Jl^kc!S0saQyx8cgR|IK)mzF`U7F>7+D8Z>p1#DXm8#&p|bU~ ztwZb$z#l|ovuEKy>#$wM1TUj}7$E~32;l}Ka6=S0fklomV#Y9|g}~%SI7D2GfaHc) zrN&@#W0)M+=!Z&Q80h;>I)U%)aBD|k+YzDdkkJmzb_2E=G29Ix(vIkUVO@^!esQMl z=+qAUc!NW4plXMRJW={as8ZFVM;<`(N0>a(r+3sm@#uFWBnDqVfycAd$U=d1v%NqU{j~ z_z{Fg=@Cf8!yJgjMxnwoDECC7#ZfGYgiIqUjIt(?9fx&?$PF6DQL04xC=s!R3f1T& zY|%!FL{cMk4cb?zpCTO`1aMKpg-SSx;-W3>1hvur(e@*_j`}=E@e@e$6>y%4x<<<( ze&RFboGpcD%VC>|^zX_5pi1&y(I3hXu*D2eWd$gbicf^G`HU=aS0Tv)=gE>ul+k|^ z@0j>*t zRpd-vQfC)DJ4MpYp;qQqJH^({^<9GP7HL1??3Q%B1mw>+zeVVa%bx!1Hul;OU{9Gn zu)c@+D7Plpl+?i_y}QUV3I46 zjf-#!mQGPV5OYeKO>{76LuC;2CrX>v>X5FD1HD&lQ?*SPbqJ?U@;*3g62eakH%h5Z zT6yZ^rjnb+c2m_&{0qZw(%T8}htLNVy-97x=P0Y{%<|OA6swv|3j7tlcdFV>3Vu`N z9ToT$v$l_DvXOfBjuRZy-1xGMVPMU_&LsugmTM;HGnzO$9k7mc0e zR>Pu>k~(Otht@yoziH&o;P_*WzqkB^Qy-ZBoAYzgUi@76PjYklKW*X7ENx8f3~m4G zBmK`7{y!MM9(OZ$x7Feamr-zPQL+t{;=pf5HZo6(bk`&c8&>Hpi3a$lE@t&nU-RA$=i3;0JUIXamRwxvp7e*(FaUrmj?OMz$qd0qDM9vx3~IvN8PtSB0^-wi z)Z%qc`!HK;nhZ}>>;_xjv(2y@M$;q}-j7=)QbZP)HD_VCN`f)bz`~L&!IgRG_qabL zDX_(7W&=hE#>dm=H5IB&UHqq1B^M`5}6=-Lx2MVR}&1d;4|~V8NDC(^$Cxk*mUC$ zsAzaEJyrI*q0>M0h55P_eCKhMc$N6UE1at<->^{|QnW&8+?yw;hx(KVPL*$`AM7PP^>DL;Q(3X*PwZ=J(Ry47(HiN5!cu^M zTX(_feFX#SNXukgRAwe0beJ)-8stcJqa_hJn>l9_BlwAP+%jIWk0yIFM(eWCdXeau zj<_v1jt2+$j!JCfi#t9r{D~6DiOglJS>TsGUi+m6Xh!A<0qskF9#Is$En>{yGS}{E z>uAg`(&G0N=2&1|?fY4Smz^g2q2a2sb-Xaktu9Mv??4z}!vS@#r_^aGYeUGMFZ!{czjxU$-l8kZ7oh0uT|XA@;aK_9PiWAMPt2Qryu*Lv3Zrm{Jr(n*LfP=UrAY;^w=-= z^ zl@NTB{)Kiw`2S@QZ{gzN@Lxu`s;>;PIY!^5_9mXbo_9(eW=%6yQV1FavdVUJ07RoE z_!&?}$u+LS{4TD$Iv-P7!E{UqMps>XG(|h5G@2=u1xp4dVV0dU6U)MxOH>vXuJZuD z$*jnZcL~)mt)uKoNHK>y+UD$ymMp(&k#KsL+ z>C6tnRFIxYW^fG2SS7t3{57J9*fJPT5Xc2)MrK^6FOT}zs2FTxToO%v$jnpj0`fVAdghe8TJ`8t` z%IO3#n?A zGg^l14rrd|mi%avJW;DMA`^N|7?ykuXaUE_d_JyaaR>m@ae+>WZeh%o^uky;9+XQ5 zfhsg5GYFe`DN186Y1>`Bd1nlbLRHVC;6d*t_+Sg>6d&e&)go zC#BLFRbN?0Z4PkrkSv@?Wkh{kF%w8c9=by8*|O}Em6kR|3rB7D{**o_lmu?rNbP_8 zFY#{S$NTt2q}AQ*rIh(UUP?L-ZTGKzakP@l)28vsy53!;51ppYGmF&RyOTd$m{Xv* zN3|PQik@KFTznF*Yd(2T7T;43dC+Vy{9YU`{ztX)OVp!sub@;_b17r5+ugVDa90(Y zowv}WWj$7R7isFJ-71H)}JM^#g#(0 zs0za)=td7nBh|>G-4lUe7i&r8a=KW1?DgEuj4nCe3En)6OW7N)k(_;Icd;|x*4LNz zx*SVd?Nt}^-{r)%m&^PHoVUtzJk(0y#>K57$8alH=g=maBFnqjU_cfwPY(qb>mv7hKE3vVmB|5lKEn)8hC;XOzvgv+`Vsc^3#LO{ru1Jz4q6->K zV_l>JOOpj;7zi5tR`x;TpBR!#6CAR}D!4-5)oV3w)NLVNN%4?l>tr-@yZzu8T^Pq4 zV$E$2MoGFR-FS?j6UQ%Ln*6rnf0}VEWd__NpLi9={rNysAK!zYmUx_UrAribYqPi% zkz1eoSQJ)Y(87v56AP}FdRZ{bKiQ2$cfHV3n(LNA?FhSSyiX0zodrq@^B>a8;x zSbdk&wpfAHn$DfKVI;%{(m;(|FRfW_5X3#F!FXbE_Vi7rmyj8RD+r-PT=mX z2!>LELaERXV#bHQw`{wvcW)Zq)i*JcN<$$;gh`Q_8Xy#pWkZq^FpNn+@D-|4z=we0 z4T7-pDDLGMuyQ(X4lwa$BC>qgAAKJ`{r1@RrhS`C#~yP4-s;G_*?7Auvi+a{%oqXk zS&xUAf;TP9>UCPH_(A)Mu4^nx8ueE`oKcIe+HkA%*;#7So1`5Cs6Q(iR|pi`OQWs|YtRW?dmCM-M*1Sczw?3)Ox)ygub}ZqbHw3zr?Ck2| zJ@6qrX;py(e3O?!0z+?6648iwf^~+WsFh<-hADB5>TyPmK!!MO(C)P`$qT68Q3Eh8rV{og$z^bwib@(o^o$5QY?n6YX%q3nVCRjQpWU7wf5EOGrQtmy9|= z<)3hL$0&f%Foj|cBVD?wan=7g5|Aw#scWhHA&Me7g6O1#+Yw`v8YR6)u~8&SfLjD9 z?xjSx50+V-X&mf=G6p9Fox(vIs=XFRf=j}gz{|IGK4Z>AB0pkyq8uYJ+r~8ywT5C& z@zB5FB9NviAu&aeo|GWF0>Mra{d=4V{Lm(mXu(4fHLd9$g?dBu*9d_SrUOs_QgeY9 zQvqdoy2D)4P!WQWy~k7}t&M1*2Sb6u=%ziOIvfyLKqG+81Fj@pz+xaGJwO1tdb5NE znLuuMmxeLWp-?eISEM+f1W~JzTS??>_B}D@I6;Gzwmdly2Uff}fJx3Lt&<#5x@r(4 z)6!DJtMo=z3#<08IBT+yOEk_^pdp0>5eWCxES(ppS2P>0trvg9TLcS2pvaeq#+=x% zu^>@Q88JLD0%8y62+cD?3+LsG_Jt3A;al#4)%HrR{kk@KH|L$v@?n!U71_ubuXfex z+La+7x%E=+?CQPhwXavkhZ~|MH<#|XS<|}>8!N{Yj&Ds%9j!;vtKL?F=eORRc(_^% zXsn+5mBL)Zj>l{0Eyy_(K;KXA85e-BTA|#b7#wPv768uBF>!y7(@BM`h;GA3~`8$4vt}kv1wh)Y704 zS6_Pzh=3ctraYQ%rIV255q=@85W9?_{=QygUGeUsCaab!CdO2X>9QcTrOD*0Z9Zn@ z`Y5*ZKXPHsQ$cD}iVQ`S0>wQ`^N*N|x63k-CJOVF)*lQKBH%TJXs%SH6`TvcsmwU8 z%|5e{D`7G%_F|AFSfn`6e=Q~`moeCQFoNySVxqkG<6YtZjds}#4aS8DKJ;-&tS%tV zsL+Zl7yWv!^h@rKg!|Ze3RudR3++S`Eh5Duea6rHGO`~o$F)y7_Hyy z>Gyrw#2;t-Ww<5y9J#v$@9(Ai?K!&ph{5h}cQZ$;u_x5T1 ze8WiW<7=HO-rdhXNPm>}$b^4@f2#gy`&Ic{qy_N*t&_DQBEjzdF_d7K|1Ub4gOUD! zUct`)lUb8BKK+%)Qr0|7ystb4Q|kIbfFO>CNk$!Fr?Hcu8yOP-fI<@h1nKp+1{+D9 z7~GJe`XLGJ|FF>t4=}Poe860jUALYGm&)dCuxZQHhOciFb9%eHOXwr$(CZCkhhdq;2Z*4nekm4g!*8H2OWw+(!%-PkZ;P0x0e z>G;p7V@e*;KuZpUD916@_ZJ}CCW=NENC%k;#+vtqYO>ftwV{M6r`NOc9oSSPPaEo$ z$pDj$YHF?-)wZQI%k}J1@2ZPGZ(!Cn?>Ct&=^|B~M-6CcIy^~M{#H_>NwJK^l$gT3 zRl7HWkhHRB45}}njf^bLFfgz2n4*N3R1I^^%pK*|G%m7JH^>O*ED9%5C^oh$(ja0_ zpU4^;<>>_-dybgBdX6H!7q~8^(XhcC_Zj^yqGQ)wU3R`z?@&)t3BN*lZ`l$@9 zw-P4GWp4NV!~ zXr9?co*9WcdGe*}DEbd46WJXUkdp7@GPg5yJhbvSDQNFNlRi0=kZ77YINc&NzZB=7 z%%I{80nK&n#%0oWP)~XWb{gz8q0Nf8r%V(lU!9H&GIa`v8(J7~)o#r$TvGL}-HP*k z6f*qqTi~fT;1KH3v;I9s7lytoGtH>>#K~~wWKiF?W;Tnv{jbUVN0IpKplCUsV*@H7 z!8QAUY#n7$!zfPpGtJuMSvXu8F~+Dy8z5<1WM1IbS>*>&4BlO^#l ze}zAO_2eO>aOr~^T6W+o>afvI=l*@%^_^!Dg;2Sr4jKWVbxp-8D0Y)iK{!AdOF^r7 z2Hw*}g!kQlPiI$hUno#76k;jxw(*y`n{*E!Ss&8V$}PWj{k(2C4)_L8 z?2(JG40@!r^B3<{(cUOXZ1PdN3kpz0;T7a_>taahtlrt$ElV1XJ zS#zN#3DY83RqP=wvx?)AKnu{z#x8;h2&{bv(1M^t_YD`Ye)&*A$Iug6)$6|=0)aFc z!|F+E0VQ}{fPbmmSRpQ9qvXm4cHl#5K#>6j(1yrB8!RrQgq=Ko)HykAFfWXzp7W{) z2hajiZ7zCOBldM)spncJ&rsx2-Y&3B-xj|uF2?ZtpL|Z|iqcIB3NNwK>~~%d+12m>SC?@kyk6^Qoug=G8n)^ zqJhAgJP6{|KE{eJttmC{nd($@->YsbAM4zBDpBn@fVw5Aa*U{zRCz)Pp4NiY+Rv~d zueubAkPR4G99Js``GHP|d+$30YU_dY3zF-A_mm=`Zs*ASiCWqKm#+CrzEnw?+cY_#6 zSBO<|1o1C-NXk_R6y(WaGs-l9YSI5+EtTZ0N(#+LlTl+8yt<`503yhS0J~*8bGcz2O^=>Jg@YBE|C$q7Yi>*hL$C_B7>ga zI0k@peg{+s?BNCMwWzuGB5%oZx8Y)J$!>1T!pJ%XEN1P2Rqe5Gx5;-QiiKt-4@ROy)vH*dwA zHxgw6WWHkqeRxG>Oj=9zex<<5uUAqC=^sMxXHS+AW_QY>!-i0~#_*=mQ zimY#SJ^t}XX2c;hLgq#S8YI&%H|z}uAbuqFcjCwt*P(Hiks{jp?mHp#8SY;|n9a)W z3~biFA?P38AW_gwfHyUupHZ!*HoWHx17;QMd?39IG1Q9BLDh+_HL7Z3Tm&m*D{WBh z+_DF93+?Wjg*OoXGB(h-`oO=UE@~G}tAP{JUHqEpSMcD0--K_(C%dr8x=Q6GAWc3{ zv&p8gL~BbJZK7+5WboZz00wf9Etp@edVMyZhW63J_20ar zYl{KT0lmw2O&n0MP?)_Dq?-u;k|4>}(A42XAtKe>Bg6_;3t4`6<5q%8G_N0hR~9lG~;6Ex##{Quoo;Xu|PtdDQ5E| z1|&>~9m)fiQz8g+p2wX&QqquP4A*CIy(4rRF2}=~NYqu=SvB9|wA|0z_*hZOeZE2L z4+g<Vn{&IVw%pfM$yBY@ zh3h64w&~Qe(Hiy5lc)p0HI5m)u)#If#r$}_6BuwpAZoE>CG!#3!^XLFO+3PdlV%PP zC8#$TB*zW;gbw*c4k33TL{HM8)y0J9Z`KDJ{3gK5aA42%=8@#dLWK#{0rC_MYaZfu zk<6aKk)PnoPI24BVlt^X7zU(fH|TQ{rZgi=x+SM(tCL-+%NFJN%7~bhX4FZ+M?4K> zD@t4j8Ffmp73p{Oy>QiiODD^5wa9I>XrCSmHIRnNYR>P(dQGE0&y;@5ud zb&2&R{1G7ysTPop4r*Iy!xGA^*O&3-CTVP%0{Mv>R}TM zqu)OT?^;BF@OdFss~hdM|JeZhf!c=f^{4V(uPoavBM+0#-lMP7tUG{|?E^rfJbl9z zLX{a@z0G?Uduq@JcX5OC1f4Qq(?h+2wClvI>s39j<&x`zenGyYego;+^8wQBBi|D| zg>;+q0D^iUi5cJ%_&|xus|T4zbfWPxLA7q}cu!4zXodV;Q2j}X&D|Z}%8Usw zogdQ5{)+6U@X8@lBScO6D9{&|;dWjBCha#oDbNlNu@gPjBfYZjKWN@8aL@|s6<$jP zmHKLB>pi%m;k?;HH!hUnq6hnPI!s{EgRxdvM<1nk`l1E2*0I+`+9jE0CkgOS4;|1= zp$?U>1AQB*SN#yF46g^jD3PuQCr)raFY7}IMSJd`&XzlApzm~N>}^bTR)}^XkAiKE zQDU&TOWNuI-bw+pdox!01aM`EQ}M<~z)D!ak0!gtNmQ0YS4 z84!I{(HXBZEXH=l(qK>-56Ko#7$=v#$80KCh&r0= zwAf$!4~CVE#(vS%rqDRNUKmGjY(n(6_^V>^wgmDsLmw035z!6UQ|(X>dLWc0PJ#3) zL*J+k0JHocJK9^gD0E8hnMN1Z{eAUb>RrtL-+px5r0U&Vza9U`Ft`oUwm}BeLZ@tk zihpAV9QU`t71-(??B@N$>qqV59! z-GS(#R!2k`oP+Ewy}!+1H~;b;_z|l^qVo%Wy=|MK$b|U@!2Iy>_Z3(J{}9lBaX1Xs zzxn*|W21h@l<@H@S_XYS;Y;!YO6Wzk!pV9HOvKkc;Ll(D8am z{YB*9-(T(+=>8HO@CnlMR@*dzggINFIC>H$-8=WK-0tw?LWh80+h2a8zk3;$3*}{U z{&9>bFrt)Wqsra)p^wV7fbptfzh&Y4wU;8$7o%NkOj!^JIw0xOZ|w52@JT|utC*FPPu-)7nUjsJV{T?AdM82JEAmsI+1 z`n+9U)hfw7A`vTT94m>xRY8>|2_Mo0Oa2BdsaJi}_mAiMXwbI<>@O|OT&xz$zKA*y&k^h?NM+3bmYEov->UXW$!qM z!KW=P2Lb#37hG3Vz~wG98)zL--g|f@1Yy@{H`H$+5aPsUjdxS-%DiiSSLUndrwY|= z-`9zZI!cpX9J_%p`I<)EOPkOdzQ-Fr;13`VwXYRmPMIqQLG5W*!Yw*>a>V#6=P>aa zC&3~)BsY8{eSa0IFA7-o8EFYaZ)n}WYG7932kh@&0yCSx%LQ};6$}!5fP3$eMf@n# zsR=rPi1@Bt%0K*D0ZS+qe3(sH=!JOU3X2Ii(~~LoMZSWK8v^*~&9npMhDZ4t<@!Ny zMEF@4|ApeA&JY*F1rKI7S@H#yafACt|34?7DzvilG8SLxemy)C3`|7+0YO;fus_u_~LUrvQ(!x}) zB{sb5q5z4$Koy_e&@h)?X0qNz9xmFFTX_pNCoyT;lEc>mTMXRUi83&vDFpkN zKm227CUG>Hc-d-^niK|i(+U>GPZ5fT;+Wk~i|q{F`@JP5CLiRO-C&FEII%uxyyiW6 z#!WaVkdoTQq;%tDXhmLenrTiNV$=dueobm=PnA)+;N=KKyPDLf^ODYz#g$ARz$Mjj zM;RU!medg{6LYvOM>4}sI%3cI4gTk1+$F6ji!zwiAd4&%PEy@LXbTlA5u-b%I>qX~ zsS3dAxcc4S0+*W+&oNP|fyBA)W4SG(haL+!~ zPu?LHVL9)<_Mq22B`wJ<8t)!{LgV^qN;Ha203JWn8B+k`3{q8c&$OsEd`O<>Vo>ob z7v?T`MN#@!CHRtaoZ3fZZ?n0EAEv(`=N555BD-c~MJe+haXFxr^3vjeD?rE1fz6o( z7yZyAn)NYR{n?GCmz#4s1Zary?x~i{T56X+zA5T@G#v z4QxWLR|GvJ&9gzIgA*doe~h)njkyT@R0lmJ%)3Ci!wD5&J$c{g33&Yi86E>&1W9|_ z>aKP|nI=Jp?Y9W}WayNJJwbJZzxAiug(|ks0-F_>G$F4j!&+W!&OEkBF`k<=VN1^j zQkG;xKgAnHB+uh9OoJ!pFFy%op7TeP=SJ~?EdsTn!w+5ro?jdqKS7#93r2!hBQJkU z;z&daNFoF(GqGz%bKQ3U(xFnppr~N22BA5hIEOP;grt))FhfwZ3A=6UV@`wEm;0~6 zhOdy9yM*@yoyaO;!%Q^jD!OBTy*zg0GiAVynCRnx!5cb+wJFoDT#D+FH^d$Bhw=~= zGC`F4$0hlHC@1F%S|Sh!h{_l@NFJxF*8119tuF4h>cGSx5VIDPPE6*>0lNO};)^zw zRnSSQOs+(%E_ww&96-CkBYOsaLSc*@=1u6zOyy*y0(Ff(I|^JjU5S!5rsU z9&NuT-+psz{X*V)JK(=x$)Z=}t2S#h}`Vts9?}fapkGpq!Q}5$=o;C9U zj+$l012$qk^fvH{vG1UN#3;SYo@_%Kp&IEN=y@}Tm&3p8Ue+S!Yp+i8h<&b>+63xXVb?zYz1IDX$P!h@`05f@1`@WInJ{c-fO8j%BR!1#sJH~!M!a#lwGaEV~BF(<%f+@nw1owION4B{kgGHuE&T~g`uxs zFmpo5)H=a>H>l$KDoe9R7%7&&OW7$5vTK{GC#JAKYbmC;ojcG zQfig?T4ioCL{Zym+@IuG>42v5P|LIL_I3Z``68Wm%x}`;y%pfvMRy&0)o%P<-Kra{ z_0jIdP(K>fbJ;_)o9aSX{h=t9OIxz~vbSOtXuQ61$Br5~k%jTBP)2+4{linEL3Mn-G z+7=IP$Hz|B`#ka19nHJ>IjW;f>ui1c54n(-wIo;fd?}O4hUdP+Vo*J8OtAQ9lx4dX z^ZVp8cFwtdp_A^?FfjM(mNX@F53=vAvExa#T#W74lt$}tg3b-I-6gf!z-0z4Bl#8R zB_7=G-d0LPZi=nWRvJpX!?A0}f?h1EOyvjev+mb4uJCH1sa9#ju2z?e&MIDBsA`tX zC-8OblSYk!S<*wPqZ2>(>m%0WOhUL@VSkhtV%UlQ`g{^BEc!SPZ^@ardk-|td|79sKuQ4K8|bHZ_H9&f*kvg zs1ZiKWXES2%}74q?=`HmM$}1;>s7|6#qT-hAB;_<31)ya`wzT1M%i81Zj4fA4<^}N za!u7#56`;q{M-DRs8C=oW_WKgR_W5)MuHIw`e&o88CQLtID0H9Pf9}%@R4#l67Fml zj-5Qtrcd`{_cTtG@9Z4$J&nW2X&9ss@%l)LH zrm5)~hBla(q^geLJdFZ9TcWU9{QUqk`Mm zP*m})dy(vXwi7+qY`nMbaI2%X)DRxl2bC(0`nFVA^p%3sDZ}vcH*9Q$vIN=uZg@Ed zS{o*v9*>-OM!r7tc&>NOll0eyDI}nJK>rfE{>r^~H>4&I5Q<8mi$REBQ1TE)A(KIp z^%F@5<;&Bo1z7~>*g+KwrPpbfp{hdELWc$o4j}Gh@2A;mbC71C%|M_BR}RQLFx`Z) zwqeH%0j~Lh9|&?Fj_w;v+kxSQE7_Cb#YVeP<%CUhfS(>3UJV_)vH9T953st?>H4ef zx7q{y0QW{_-i5kR??kok;kuFU1o98(9-4lE@`cYHIKF{<;pz>d-_yUbe<9oStKC_6 zLGKQ?LW=W*qu&$m39HFg?JOlQfP=D@v&*vKr%BkjNMluS>TiSQ~?{%VmtCA2DzW#Uvaak#GvnB;t>g zE(q1cUmnr5lev(1WibW`T4D-z`4Tze~lP4>f_JbEC2vwCjUPp#=mBvoq>_1 zf!Y7LW|P!(tgu&;PnL^|q%v0V94M4hj5FCxCc~vOnU2@OX+4c2ex$4>6S9Y54(G#g z{xpqYW(ZTMVr@zS{N8@`mVAFPoyfNfcl7xFgHls;4EpS^os&E% zX`_&?7Fdz8_*kLMbOOvOTs`JqTmdqH+O184p+d}1t9ndYtgaM@{8wZ7VXucqx_ntk zl(t;cxuZhaQtUNJQyEqGI;SZ>3`@{N3$?1uWSc_yd7?p2Ns_8uT?(eQ7TNSqH3q28 zrtTa|8AWT}30kx!Ws)luMVXlEa1~*%POSa&|R_F9X| z(kH8@M(Z@<{G&F#T*uk$VOj>0b@amLk zo+|C%4cj&X*gaRnoO?8uW>?z{OQxhH6BVk|?i6WE^|xsgJ8dk<*>R-}YNNHrWND%;7qzW(^i+9HG9@90*3=9T`r zv2@Tq{H3X>pDi^`GYRH2XcKJ0G48G9)D{2!CV&$ZXp+Gd7j!XcEAJ7y)Z7)gB~;#1 z$)|rcV{Y9z)s*!q)L+!Zwh{0euA*0CNH>>4&^M7LTd%DDIX5kq*=POzRU2O=timmF z!)O^ZPsNa9TPC61nyPj2tdl2=5@EX59ej~(rw1wLQ~FGEzpvA*T-G=J)~({I_tAax zw{s$Zr$tz}alH_Ur)|DvmRL4DuyLB1(~McMJ$R~EPo8eryjZJ%wbK7$Y#%PkbGGj1 zu#wFM&+U#}?Z6s|kGizf4<^@lS}UJI+&(ew+=aECcI?j`8nov}b9}W__^pRP$^O~= zBs5Pj9f4VkeW)r-N`<;HV#KE@Pj+vl7F+XnA`=j&es{Q;>{IS??PCGAZtuv%qS3q^>c@H%aqUnZa{~RCex3PFW%X%lLYI3RnUC zM4AiE+EgvSC`RyIKOEcd!dOClvo^lkOK4t|b}uzrrq+FSsbMQ;66Go#aJ~xKDmiaZ zXgs=38Fm6y8e_BCXzReH>R8xuW76T-*C4%Kl68y zYIO_dly=k5r8-iE=Z^_Voj#W2G}E9J(PlwRpR*n(1wG1X|D3bjfwjFNxB}F=xxZ-7 zZP$-|-@U6*x^mj0-%_9L1ij$B-rBMgTcaJc;NQ)-!*MZQWk2ZXkhulZqZ84NzNEEN zoXAPd@_P?anOousUWFN~$K;0TR`vfd-H&qU)$Kvp$v;NxCgcKp>j%=n;?lK{U9FH5 zJhUd3PdYcmnv9egNo#e*>ppv$D~#;G-YVQO0%N64({cHeh&mY1-8;UuBs6Mbn89%m1(`>CvNlWUK1f(eBFYK(o%m6B9$S@BJ^* zI^->CZ~6%EBcWRO!F=Oovxcus6-8!wzZwY4foI)kqT{FDcu~IPnRxt%_QTNT&Ianj zqN=|1H-#0}+X(gxV5YC_`F)0Vpm4A8C+EWpw>RK+Hoh+?X6%O}qSQmAoOnKYq5vf_ zkSe%Ho{E(8D*+?NY1}vQ%W#bzcToBw=2KR*H*DFAzh;R~k-s;bjFd()u#NfW zmXhU=XVDHSS;s&PYFWoX4yw9gd{UvQ-;|5!7fF1Ugpp9^E?lSlS9Deb(~0tFJCXn3 zng1Z|DRip!JdTC3_*;>TiWH30-szj31ML^z>y5sRm}lbR2ZfjA<@e0f0;RCGVOfrg z{|VCh3i%d-&w_#Q{XRAbMGLgnzGa^gN-+tWTQFBhM1Pix$Tx-<$t5zMhzRioXGtGD zcMd`~R8IOsi;SXZ-IZs_Sm!AJAU{b%Kj4wngyC~$>cv}$(zK;6*BibiD(L%?g$pAR zeDIAS`T%YZou}_hje)#BO2R4o#V!`YRHRPm-MuX7SOVluI(j}k>`A~_#HD5t;}u<0 zY+#EYuKXTX@SuE{<&=MV-xNTWCIQH)J4%F$sGp*5XW4H%Rsx@xh~3ZZ7kLA`@6+!= zUoIn_B9=y@ja=A1{1zD}cuYSaAf|fJpQ7z1h{%IS^o_(<3Gpz_kpL-_$c4E9+2LOn zWT^s(gePXWJunKQuh6RyqNo42zAafB^u?L=G5_J+tkgLxwt!3XHNg6CwJG$A{lJI5 zU~cFhX67EBo#(XGaF26GuIEdjnQx}*)1#jei~pEUBWk!a7sS7bS|qR^LGrf|Y!+^N zzxZuGX8;s%VFcADM?8#mVE=u~Tkz}vfJ#4Mm{BAt$eO3ob9b=={m4(j7~cg-&2$@A zutVouejAjy!OJ^txEZ!Wc-x zeW{q3L4FKmV|A@dz;$#pWBo40cukVH4wATkwJr?A-~^9AL}YV{#IF?f9+Ie7Qa_lA za9&a}f)rz;76x6)#W68M`~ndej%lA6sxHk))@zoER4x!pmx!&Ua1D+qMEC&WW3vaI zjID^>;&LG1=G6j1&+hl6oLJtNWQc*VSxu|~;%)tyXmCx8hYBkKFF1%tc`8)oy9XpT z3O4|jA;rXaE6nn^)%^D_*}PMT402j%B0?G)h_7yC(ggU2YvbS?h4XT&4Z z21jd5BJg6Dm?3Zuj*X{?nqj&(o5T-|S;l=p6yd=`+UKRkD{V8_ji0+*<+QBfICNXTN8Tc?F1KjFAUVBMnStvFssaG8lt za?CSX7n)$E`xPwI4bR{gpaaF`$3TX{-m9L52F&ibpks{lT}8WQu9(=|QO!Bx zM&KyI6+h|_W!m#Zj;B;p7dGBN{eh3ij)}t&I3gofBRs*-cT#?STP> zUlK`OCdOLmgI|PNV`_Y1aC$Kk5jI`=!JM^crpkH60pO&IiD1gp z#IKBr33i_B-upgD;(2Yv*~2yn?PWfgAzR!DE}nB0SCjWv=LcE@t?L0Ek&?jycp&*c z?9CGZglz5?Bi>WDH3tBbIH{ z2zFsJTZu7i$rC(wp&*LxF-Eqa2sja4V8hf{=3F|B)5#ARZD)2lS2m-YS%vJq%1(Og z)=Za)>j|$W<3-!eVE&)Af4wpE2LOSDn5lyUVyT4$ioZ|C1 zy~FyBazu*z!;B7>L|rl%)10B^DlmOxz1K)Co1|AR)CP616?DpdDn>`Rer|YpscaV0 z!EILpUVVgg+~+BrL)>)#>D4MM0o)L)rp2{0_;i7y>!4|nl<*-Z_>yk)IgfK5L5IzL zoQ`gNn6&jE;JWMTpn~v$kND1r$PLo&TR*Yq_Q2z4&tuG<*I|M8pbZ5*_2A$m4^?es zfOXOy)|7*#FSvE@qi-Pjunmum9IGH!TH766ZD%;yb{KT@AwKfbTLh1}0H|itud?S4 zerFq>gPnI<0G{7aqkSVFiO|t_q^NCXH52}dI&=}FuFWA!WVVrV`gOA0Awfa21oa&4Lpw#@i*x{EK*#_+= zBr&PF4`|A-Q{oRy>aeYdwvPZmGO+#3rkUY(mqVTBu@@N+y_q9!_>~h;{B$2VEWWXK zPQ=?Qku2oBGTLAldhr9jN3WF1^{dd)K^sui8#5Yj9uAYc7 z^voyAu8x;!tevv?+7-4v&F}5<-T7KWZ2#2rRR8a!{^v)nHXoly)^Ap#Ufq0bOJ@sM z;k;jgBX+!de#G}`@h>#Q6U1NWczWIgU*d=5Mb@-?Y)ghi_P3~Ai9GoVyca1kLZKdjdDvHmezZwI#sIN&OnoysZMNxE_zZl!C7%~ z+;!~*M8MN^ym93E%Tt)Mk^)hAs8V03LijIOd#fSny_He$0lL2(DJ%2LqVpl_mc3@K z|4Yd&bNz|GnYx;}ef{+EZG2q&z)AyOrH(|<7=y8jcWdvh9=z=T$;hMkL)2hV9}n?{ z#nq+Bs2B({woD#g?g^P+l*W`l=I(%vm(|jU z*xcycw6FPdZaoY7Ws==Iah+ZEM`JxF6Q~)6rIePbd3ZDPQn{Yu*ux$Iet069wLL;m zQf^pK(sdXxLPw$4iB=(nupx>tIX~|36;GrC>Jpy75Pe0BctJ|*4TVUu_l3Z?wZP~^@`rGp`@aa>(N{#TP z-V@HOopxLvMxjfLK$9E>?oMI=kD$$jIm?dzG4eF^nltE%W9C!7Vkvln9El_`(qt-; z!rae3PmFpcey9`G^tT6MsA)+KB|XGSy;qoN8*y$8VV+5eY9u`*b{{#ydl)lJ)Bp<@ zcMEt*{mJts0h8|wu9DqBwn2&)$JvVHyeS<1A)dhU=N3PhiEne1v^S7cC$`5IJ7SES z0^KqKc(vDZmp-U*w$D9jv($05!=V|)n9reU@iMCB}$ zY!{*et+Eitb6n(K zbyV2wRMeB+FvlyKK z63MyVg`ysGTzDZ9$!V3~Udw@K(W^^7Exx9$xlV2K(ZWf(c|q;QEb|LlZF2j>fprhJ zT&wC@gF`aiOQ6#hCWt}z+)(4#pxN8#B7uc6LNtk-JJBqkc2>;1lx+4-wv3GWbr<;KF54NlLhpI;46@p7TOq{ZDG)Cwkl&zB)zkbZ0|> z6>5AUN7#EOo29n24KN~derLPu6RkC8D956uCInoy;p+JS1+IVQJ0A*!&vEFfrBcd~ zyYD;@`CHBbSi>{V0J4r?m-Ex*X)2@0($5XVSQiJQTpM|PJjiwx?}ydUmFoIS^)ZSS zijq-1W8_InQf$fN%DDXl+sHu+EgzT+m@FelCkfTC#a99TP|9Fo@O&E=+h3HnQQ++_!G_^cS2 z;#jNNS^LoacU~^gH?}C7HU3GXB07MjH>wxO0x)t5^jOrs(2k`!Xy? zEKNFAO`}(#D!;bd3_4jxGR(JmvU{w!x!N(x}vv2oYu;?2J4MLa( zsRxX?SHCEzF-kq>%wOU&SyZ+E(5#8@S|Ahez=p=WjTanR>~u~R>jc~ktAZm8Pq`i+ zS6x9gQ0lBU{^b&8`C${)17slpbXlwjmZt0n)B+q;`8T3TUhvtxDER#xS##oVIanj! z@w*&MV zd8?l{sg?lUW3Gs9=zSO5p*!vhe{E>;(Q{q@(_KOro~~3VmpiUz+N#0LPXe5fChr+= zWzLFzd?;bPnUG;@okgJZ6$E?zpu3@Xn>4YTq1xn7jms=%()XTtpt#RfAs{cpknxP} zhXUU-EWHa>KJm~}s~A-KKb0s;VDJ%>SOPCNMe=|}nE@IV$~cd6OqhHzo8cUHU=L&B zr$)s}jl}c6&F_Wdf0`3uh;v2BIgIe5b4Sl91l&`Ozcm?qbtEC`hASi}h;NujR)LN* z`rp&D;nHG`c0?I*9ICHwtIxE_GSy5n-&}jc5*OM@4@R+Sq{;%j^k$0Br znWp9?xEF|K1=3E1(tMlGyIO~iF4_w@}ESz^)#Pv9!-%0ydHO+@ya&wg6+AZ=6+DZ;^lYH&T&B8Om z@{^=ywHe4n^Fxtw;*&IsD=52Ws_%#6lh;a_)~%rdlzZ);~!# z`yU%5ME$xIeQy)h3VtaO{tUh1Z0r5r7j{bQj-$B)OBeSoQL<%U<>Zv7?|P<-mYU6& z{46a#VjCKQ$YHo#`d0iTwxKf#=TJ$;E?J^9SY{g%(PLY|tn&B%#v@Y6hy zao9c(UrVpCkyttapSus9w}<5*=b6Fhn-N~qoJ8uY56qbM2){k!oL~>to-*zBe|g|N zT6|>$?V?0}VNc0~%Iqvj`oWpPbTIq!WS;y?cYIfupHl465DBnm0Ezw zl+Vj|&@91#Vki{cKo4x5$BL!yXXrzyz4yyZ5dC7pmL^!}$G}&TMRvj3mU44ShM~5v! zC)!}j%E8ZL9-YUO$efqXlrgJgah$w;bQFrxLL=qTj^eE8yvf2YA+FZQ5o&P^OP_X1 zIWO`;W54%jA(U)$h9@)qgN*Nhe7d>-Efm5((Wc6Xn$*!pgwN^nGS@jwgwM@Bj7vOn z%izJdK-V-Db6^v4hE|$Na7`5H_0Y|>sA!gNAJh_&y)NsXvOzhk$erDoq_qIdrR0iV z)u&p?qs~fb-GT!Y7t08cSwB`9_hcH<6ltB&FMYdW-xWTyd>H3cm@>ntZ*~Mhks-Lj z6X^wrI2}cNjg&bvXkWP57f!~tD;NxksxLGApMxY4AXm1 ztS(?(l8R+$)1Acs?i|TJUuo!yZ4J;wIM~}XD&g!e9C>vRxX*Mh*%m(c9&n1C&vm*_ zYF8PdI4~YWF$`4iMHb~Xar%mpmRVE!80XS1+5Nd5FT2EnRUu8`%TT1$Cp|P z-S8e?ilVG54-FKAUEj32RHKM?YC+Use&KhgfM$B-xi_@QDuwQZy`t~OaHkW>g*jiK zx!C=k-*~IE(vDXrqG?zo0~vll0lS?>N3pdOTT0(3sHs?EWBjw6iXRtLv^>I}E?c9c z%0`YoCA?QBr3HP=g>cN2zDS2a3w>;*ID$T!$X^Y83iRGYJ1`N6gA1O zkM^W?f6tQ;ts2aegp!i)hGEji<*G05+e~hbw?_UiZ$8J}_nFrm#~aSm?dx|;P`#gO zG_suw@pymY+i^0g9kuYv$W(^GiFg&MqE~koVc3jZnm2LiYoXo0h~yauxW9jk;9=|# z05*&hSWzgePsYGm7ykbE!^Kq9#IMLd_mQz7Tv&28l!$3g^3V0hH?uBqm91i{XFY=r zwbqDf!Y_M>-#xROJ-@77Dj$TbO-AFCw@NyLtq(6PP+1?1fhD&s!jUx351J>#dZfRm z$bhw@*CO>VmqpG=ZGKHC6<04Wq(E6X<~M~CXC84B3ZBR`u|LRI)~6%7o^>%B4Y0);4R80PUV!5FC(o>52RQ1hi> zwjfO7#y=~MjUpPP)z7NuP{o(iVC!0i(PGI>`At>e!)E8^L0zvj3Q4dSMb(vOWQx5W zUx+%g-8dF`!$>^SF9c}j%L$wftzsME(_L=W zyHbvoNP2EOL-F3M3qBi`b+1@Wx^g5p;^IeRJ}^X~_ZkIJ9*+i%RWBFs+-kKtjTg9f z6}kdS&wt%NYBipzGE{E!3Oz10p7~V&5LB>ZFLO7Ea7A3;=2woAH#IL)Opentu)j;FC7m0BRdIDc}`&YGAcEgbWEs`5Ns}bV9%+z&{ z>wZ;wnW&!Db7wy#iZ>Pg>qMpaT0-PKzUVt0k+e}IL5?fhF&y!fE*YRu)K0Nb4x!6+ zs78%&-ZY0>jjf5GS?82NTzWo+@ft;vU0ia?;jpqlDPugtrxp%6bJD-gNtAsmo_guT zolwflhc9vhmROtnd)qw*)L(tMinHKk_-?7m@OclB0c z_guoxT8YtW!GZGA^M9F?uM{{+008Pv9=R5!_IsIsJXg`(>pqLS{5$>XLw zKbG~5$E3Tt^p32_vpwP%r@c5q-c3m~<_m*td!)>EUcuH=U+&~tgK4|my_;=wKzkVU zWt>fFsl15&B)cIXk|jPbt#aK&=pvpBC`y1c~ml zCYaQl_0$30$bvy^q-rkO*JF9NfD;>Gr1(I$nUQj10PQLS&dkWcU>Nl3K~!BwgG1Vg zo$+Bw3K0vsGBW3RAyVM|1Ku`s%zoCP!M;`$RNI-8 z@&t9KYO&N*(R-^4s3R+m^c;~@thZ;eD6rm*8OctH;asIJ9@O2O2zax{_+T3+06mQ} zS<;q4eX4I0!mtUK27xjd`9C+$)cpf^WBiL9%17zq7CakcppYU{MD3ysKP@R z&?tg=M9wi~&KZ+Q1T3h*8X}<21jKgo&aFCYxulh@%M}X3%QZ_h9OfnZQHhO+qRudCQc@{ZF6GVwyif#CV&3#JKB5KuIlcp)hAE)N!L@W*LB@i ziotMm!68&ZacFRUkuUR^FIFjhkhi@1{3C@!56%ubX2$3(zuniaIvxL%uk%$TG1srd zXK_WFG}SdJER8%PWi@0@tI~KAaQHImLXL}osuNTvktz8K!zYFlB&(<;!PyX&7u;DF zZ!OYD1Gf?C@p0Lc^A#njIYIW32VIJE7}H3DdLk*qw^5NM{D#)I*kB((UKxEElvy3{ z(ICfW;sGm4#4t~`FpGCs618Jt&zh$h51BSz2>I?<+n?NXj8RXeCnRd}RdbcJ z7gH4xkuvg=GS*yGK!exs6a3N#$|R@(&xF;1Y>uj#)OQ&DbOQRZMp9M0J(@E|Mjpl08(MHv3j6-VFZlsTH%rJtJ$UcXTdF4#0;Q3alW zJYM-k-`2*PBN&G1zGtsG8O-5SpQOFA&Dz1@B_g8lxcUKHDWdh|GLH2~vY@4tPd~6nhPM`(Av{%zS9^J#dKqrig=~cWcw1bDoWV zjNfxTnDC%Ga*TC;Azr(?6g-;J4!Z5w8S@Y)WMSO^cLbk;H~6A2n=h56;3H%Iuz@24ivVwK){X5hO9ivHUaz<8k~xMlf- zB=|OY_2jd`{)Zm#iS-XV-i3|8i*)dAdj7NYtodm~omtNPL^xuz!GURzEwwED=$Zp( zW#bRIH=t+XO>y-ayen>!51&>cIy8}!XqNS#xvzr!C-+G2+1==CQ%qoR?D?Kz)4QCx z^BI*OSs51doxVGd^TZK3rv$=`AayjRV3wezQdRcX{QXIsL6yY_BIUlQWU>0jLFiyC z>Lus*hNVegr>W{l?xquE%~#HxpsqzOb&tTU#F}k?j;6l;oadmX`Qi;h*N%meN7c;v z2_*!)SEKRZMCdO7FRJKYLUz}StzFBVxLm`P0E4BOOn2hn=b*4A5r!u+zjmT91717# zTjFkR$ZyC;4RbB5DeXTz?6(#LZ)iJ}&pDY3>m2J$)$6*mQ38#fm0YeSnzoZ@F?B5Y zcjhx6^^ZqlL*o#;Rh*8uJXa;UYQ8^w)5_9rQ*TFh@B%IG-{W*&*0t+Vv~1uxs)3e^k@m~}!N65iG`(r5kDt#m;2?~?NPzCX z`stPzP#$=l^{a@sJsFh%ly|15HBVtwl&z{8Wvj*IeH9s__CZxuC#5|BdVF;C)kJ>iSHf z;Cq-hNbGookkLMMo9fQy>FTaqC3$@;T2&?UGD?3dVKdVr6=$eljH{XMuhu3~-ILV* zww)?`KI*VE+U-q2W@NklBwp-eEv)Y=8*P3vfBI}6?QQv3g4n6BUP_TNlsNPB54r(V zK~0^EbE2chuqS(8pjFjjsU%>uwj?0%$Vb&cORPw}~8v51Sp8|!5%Epdy5mFPtd{xBR&+-1W9JwE_t-P#4;!)E{q|hZ z={&J7Y-kRiIMq`NeZSuu@8uzW){$Rix)C5C*eI)Uegvpa5glCYXdU;QD4n|Ux4)Ta zW@@xJI`D7%)=6#i+mNjDjqPdKD04fyX%VdL$?EX$Qd1H*tjR$S>~fn6wC~HrPRfgT zDlGeWf3(6}*U^3Ld;bdApMYGcd(3n$^iAdxKlN zKV_C1&6s53e>`E5n=M&~TXZc=GWO9>`>BGl;p#%NXPCAP*K-HvS-ofm>qJx6Uzi*) zj?7v)7n-tjbJnstRK`?V12IHW>+xKP&(|*zvZ1wyoM_C5f4+gJ*a~5EM(MfnKMS!k z#~XvY@C~}%;*T=%-@0HE0A&o;gR^8A`&dqxIJf?qGQ0l}wfI@K)GgwCJ$ZzQKVAhp zf>9r4(5+6s)pVP`nJmJwfm`gp&B}CLAOPJyhMxf6zxOxXV#hPypj$w!Mf#4Z1hd>N zH7R!K?YnlwIscDC58i4JyY%#%DdLq=>>*c{3Q7ilv4Vf9&79QW0y9BvEW~H zQ68RevxWV#UoAzP z3I*ft{q%}npZ+}!^9+OyP9~PoqA0DYzJK3y7lr>bkzeGvH z1Kk$GV(tMSM~QO&_@%?s0=5L>zpP%67XkDDsg-~dX>4zD)NBzcA&fWgc%9&b#*moe z!tCyYIfHn!ji`*$lhgR`?-4qNsqsl4GF8OUbn{{C>Xq*w6Xf@Ijheq)iaJ&x@f(-y zU8v1M`fnxgxprjC6cnnGhw|_l35t%%FRwbjtxMm!+nzK=^yugzQuK}tLR9zCf-)5H zu?!2Wq7&hsLRCv~TzVY>))bD<6`wkVZ+q9Az}#!kfZp9)%idEw@)ckWPxF+@E_CtV zRKMM*2H6xl)K}?df-GJ_C1FjS4fLNr`n9d^b-u_~A{SIb`D3jWM4RZaQU%aThm$Kh zXA|0!)1}X~&rbj`yyc@mUgL0UWdw5NM=d`C+YXBcUkva5nhT7&n}#X@!*slTCn{(K zQ1{U31F&i1dvB0V{T^3H2J%g{1MT8WKu~E#XT?@gmt3b!(?!Nh)G!86+n|{ik6gs4 z{@T&v^$VU0!4xoC7w=yCuH*`6M{>mRyeFj#wd(ie;Ms;+sSQGWEsvZ}X^B`(y_dZN zgh!ftL8e0(#tiXpD^kn?UbcO4qV{|Jv(9XKb$JGWjlF( zl&yCA*@mOf0Ww$fGo7rizjde0-0wZ&gS=T92D|Qs9&WOaQz5?}A5Zc1w*@MA-D+80 zu3~&7acl#+4`WR0r*#2K3BfD5fjEfqU;ad$%MfYk<``C$4NP(!fh44{GqeM+TuEq2 zZ^e<_@)!v!g~);xB+EzojUj9a5{(gdB%9-yW}McPALGIc;+@iw*RLg_Bn7H3h;tvbff$+awkXJ{V$6xjJ#o^oca*qetJmynSrxPITPMyR-L$+?^IY zz5WCe9P2&Q*SkadP9!|-y$c9XMPgRrBS{j^#A2j~JRK5CB%d;gE5{I4roW0R%+!GaL5*N@{=DC|7Gs2XnLkniRF|{ZL0UR(;5ROp0R@wDse# z$YVp$FvhV&LP2K2SfIcrNMQ*HQjOiM;r7y2=Jn7FBn)iwf0l?Dr;$YR;Uf&{G~bh& zdkkuut!sNuGK*GAdki*c?Q2(UeFz^)c5elnidy8h5Jzucv}XBczrFJ^w!a$g|K(f@ z?AG)e>^3-Tb}rnc2pDd=6@n{ikzycvet%ZlguQ%>998A^f#M698r@XEKa4T0dOs=b zD@Sl{ht1KlB3GPxKKEo7Uv;#-|)uRZ{Y;fzt0_&8LFKba*p&rbeyfkDI42CkLe?U7v z3-nyZJhI*Lw!P|ME(v8Y@xFujFTjpQDlex=rAm7#1eKb+?yC!`566I`{&Cf3ZwUEt zx;S^8-H36p?NuJzeTBPK2oj+;4Xu^2RVy{ik|*W|Eu}pa=0RTfcar?Wz|SHg|NiI4 zp_#>icBQ9iYED@y`&J;)a4-Iz-ZV%Pt%uX1+>cW{49Z`2^1Hd-~#Ma zAe@MS@ZN7XQd?O@f^0n0sWsNF!wK4uj6J5dJV6U`x!wcGL^|JNvkRY|qcdBZ3Y*QA zPWjEV>|u?ruot5GT-b#)n+1K+;TmFqlj6KQ0RC!Zer=q^SI$|?V>Dbi{>RHopRFWe z2F}P-R=%g3p>b^k4sxpEEL+IYXRe{n^I=fjY(2-rF4zJ2r2RH&bqv3#urDQAOO++j zks^<_q^X0LSF=z`UZl8@iAjE4kH4R$Lpj4Nh3?3Hl4hUpT+L#R|DuH(@g=|(vDP$ zU$4c%fbaT@(b_QP!>OU8T{+v1S!Lg7=HTMPT3XK7Vx6?agvavqR}NV%Eg##Vm(r_W zfpmT6?3X7ppf}$>bLJ_t6x^8JZib^eQ>tdYAcGGsu|hkx)LQ&A6}eH0mh+2(*X%7e ze^*DQT^;jT-1Ao_y@^&084>|U3&Tzed2xwXWoZT03QQ_;1CPH%&0C1Z3HX?t{QKuC*+zs-8*3$FGQV;Jp-(qD%-Jw}VeCRNDkyrA-SH{nW#2|ua+|P&K zLHnIPRCgbZv%AH(8!6~@vbck@bxY?Iy)e}X-%w&ooDC!py)@Z=#o2yrp?|8f3&Y`k zv_8%_N>>TVwYsc}+IxacJLCIO3Y2pe_q2epR|sRJR<5F!(!go=N+Ew0L${-G3)u_? z&RZp@f&z;e$8ykH3X_ZuiQuqv!9#~v%+I-4B#hMmRuRJ`jle?5iKR9+!}zU5+#E9< z9KD`B6FhH+HEn&x68g_*j75jOu{sdcwl(#)v&%+|@$9sN)rH8$^arO}cT&^4`WO3x zUBsu@C!H<2;C=-6jUp?Z?gb!3LYFHin#dK|%ptiY!J#dq#n_`r!f_7(LFFj)?V;7aUg>DkmTmgT z#^abxKbBkr7ktkWyQ9*gS2BM$42K;)glP^72OmhXQ6W^O&^aU!)A)8DfvbG{sR~RY zMtP`37xde$>#@j*aKj+%O-jp@+JL(c~FRDs2#CiIm=muwKlz$ z_|j7tq_P~~64FBm$4;V^!%B?gN==EQPsDe`{LhiMT)(7H;(hQg;liHi_79oB=}pAyuUPBd?%EZal!U zC{_@(O-!fiVrRHOB&QREHu^ALWWelj+UWdk1*knI-dKYv3P3M|?XjQ(WH#JwSQr)4 zc2Ah#=#QV*lv9O7X~;LG7>L`_px0oa*Hnb*lG4~b{_oNGu@Plbe#W7!TvZ+ES6$e( z9p!+DUXx2u7+aHwPX9oobEMvUwh>iNz3PQtvvj7TP*h%yj=s%0zT$(fof389-i%z0 zWRE9!p>+_s`{7LOQGfhqP&MzKy#u@pyYKr&rhEE!Q~tX1vv1u`bs=UoAQ%O~*X6@V zcjBesnr}eHn9Vmne5KaBbw5JxO~>~1buBxahL|mITN&Xob4>N>(LQ*x7;ow6hrYaf zFf5yo&CVSA);QW-w<@g;+l}h_$=Lg~9`__hsXFhqFSVkTy^cACX15?oVc} z$0TJFX3u;vSZJyn)7Z`Q+tb)#ezuecg*`FOi);ZI)S5w`ZOl6~-DmBJ$cu_?D*`5U zC7jV3AkcDZ<0_}gn!5X14~o76yVq^lRju}Y$gOFzOZ z`VMSuU!aK|UOwFi#;J2F&!kJU0jvWTE!T|qtFs~Zm88)6*P6m$OtOC>G80yn-l4Oc z+aelbAr$hgdFP+SE{-?$%pgwY4gKs|p(U!yE&g#2?@em;bp`2$9F^rwYVy`a8Ask4 zwawp)>LJmPiD%n;P6ZNr2%IhLhl|r`o9ji7>!diFZE^f)W{5XNh*p4L8OQM!>X%uywkl> zGC!X5St+>>I_q4;FYcbzC)Us>0R?(ZYWCmhb6Rvo^O9WpoZEE7)16v*5`@QYUxrT^ zfOk6Itr3+6VAK}{?JZt&=a*#lb}uG|9XeV`guf~~iJK+!&28XJ@$^)!S&Q&k@A#<_ ztbeMrwC-V@7uct+yf7njBO7zUZYX&f97%ZN;yhx&J1I!Krd^ui$cI!(;>@>VS5@I1 zOBsjqwY7y1R7m{N$TlaTtIyLQ?2%CmIQ67D*Fed1ZfK)(>@@*c;rwPqN zGk*PxhCby3aq-DpgVSbAhFctYp7d#*sEzgk`&A!tq;f+>h6y{eM22E>^zpMBcj`%f zvT+Mqw5NJh(6bDsz>U;mXJ#WUn9!Q3>(4P37xfd(h7pUT#=3euz&wC!_7DqzWoG4D4v!m!zxN+J2lWCM^oihKp;=fO z^cfvbcx8fq=iVk&!||6Bvm*Bws6sE$&4ap3UBgFQIZqo_``mk339r+Fr``IvlQQMH zvY0&=g;}yjX@D|ZrhhZpt%te2c>RRNra5P3KU9d$$3MjR0xLr-it17xoiO)s}7#_Qinx;NA8`8yHr~}h8)sa5Vje!P1had|A!DdHXD`j z;q1&f7e5gnt>}^&#wojcc5i+KR#=OwtjKnNn)v$R_BMQ&)+4oiPT0}oCGz5&SqrPG zudxVj&Z!}MU$jW^sg#2w5E~G+2-ocy;y-X92R)m2(hONBkHr6*8+P83tA%(2ZeCR* zHi2*2nvqPG$Xg;_wPuKP30KnJ}qF>Z>@5p-j7ZuLS*y+f!;*eEqSwK%CRR z@xmVHDotGwvABKCV9yPRp>=RLy7T<`IzWw;N;&V)4QhkI$}oy0&e#J(%*cVgIdWGu z`y_uC_-j(eEpw4ijFy&pOS1&RPt5NpYd54DX89G-M zQVj}tsuP(+d1qIM2hNl@tCL*kl(JmEz%chON|Jm@9zI++_`x!a6N86wm7nFAs~hWI zPv9`}k}-A<09S z(70mZmA)}a+g=x|79S=3zm&yOW96{n6snI3%lk!aI)em^?~(K9dMBg%CaRAP%lk)c zIsr=hokIY*RNmZYsJJ2&)jC2(?ZH)RHnIkc=Kb2mlxPQDFE@R0l&0JAVfprnRCyV zNGSEv7&bHZ13ES%C z<%7c5lJMr`Vi|e4W}PcincKa!f9qB}zCHN-5g(acox&fo?a(~Gn)aIa-^|*Ffg6LQO{!WjiNa-2Y7lA43q|3P}Pu}XiLeQ%GgVdqRUR2~-%VNt>lwP%y&WoO|l7MR$AItR%^M?>SF%HsuU&NQt=alg^XSI(Jy#8&9gxxsiDn-H{F9u>+=R-Euq zjSG~!j7;c5#u^kV#5f*7cYl(E3K^55yn6IVqPnYJq#ETJA1R9Lyc+9EQTk`jt)&$d zZTS!`a~j{I!?kBMgpsD7QEu`CO8Hb%g5g&Ma>qudzUpwAZF{mXxus9Id+dy0-&9tN zO>#gX^Q07~GL31F&RSPA=?W-~skXc7Ojqig{)mKX-161Svv#auvM5wtGYzvb$kmO> zWBbs^|KXhaK0aoTMg-td+_*~mP*~n}sG@8yCogAfnfhzxJZDoD_*LELKs7aXD|j}T z>_XC~jhNHL%RGC0&YRW!8xLgH)>TLI@Tj|;ElQ&u#j7xE_p%8XiK?^BD)V1P7y0t8JYp12D_Q5j`|7Zcp_pQXcysUxfczC(AKQ zkV_JG8AC~ue2^wz7pshnx1-RNf_)2XPU3LM%qBh^J3Zn%C)1SX?2y0t^9xDrMhL4L zs)z`M#E5PPxDPBcLM$D^nhDoJh{p_Mpeg~@yB>}UsSk!j3)GxQlsP#BjKL`sd_|PI z8#+Y^-m%}}uAgEJ=C+Sx4S}}+;i3RIPMDNU6gNAJbq*omENpTPoPQ2}cM$Y!6bNnr z2`{983y#zYEN-ZQi@===7?|>ajBQU%Za9MraS_=Wm|=MJ&V6cB{S^XdJ`96S2zNtS z1k=X}RHFc~%?RFMP-iQ+%L(yj^rar*@*XK5M)Dqu;}F_zxb=HqhIwlD|8!)n0o|~D z|D=@J2>=0+{QvsE9_B8t){YMU&D6=(a&%K2ZCLdo_dWI*PpR$u{OJV$*c*vRMPDu3 zN3fuz`-q@|kpQO`8yKl2(Y0n*WNb293vA@{WaQ@%GVt&rrGX-UTCEqGOT6P>I?7JF zZ@Iq~>iGG~c6qyAcAiq~eGKwu8(LU-d0Bfi*4GnX@C7ywAFn5_v9AJKdtLmhW-&j@ zW>34&87NhXM$9IrN-1I*Qy9@}G>Xd8TqJC^aG*8li?S!oX)^M)88X7V)f+-cCCJ$m zsnudr3t|LPv6;tQXQbVq%_fdpQsJA-j%iCC(3tJLX|EDp-Cm|UCmMNFniN-m%0i5v(3%9Zh7YiiJ|(!yZsU*EhiwaZ4&DPJ zq{BKiV^>ThTNghJ%b1|LLshBFU`py#4)aN3%}cT##~1*kR>)ANOk=VlLDXjeS40VB zQJ*-qs*Pw@ZDq1E;q!`JFD)AnW zs$_#PA>vICU7wO5&KU)VG)5$BOWXBNB`)5?t?Y^YmTor&)s^)v__i4r#EK?$Ze-O% z;!`!p&+MKbRyMB*_gQS#nEwExE;vGq+pS87Ar36ZoaT~671g_g?nq}e_8}6g5fcjgC3AMSpy-#8fshDxq^!7na>%JfJ zDM4X~(=myOv3#thY`B`ogv0x1J+09?O2{m@-8_;f>`v_OZU?Wsc07lOMRV0QPkTfz zYCfb|o@6j!z`?%j9J?2wyHl4~6`^Ns^3>&^kLG^$A$OANq+QSInJ=E9UXz}TVp*H` zJR*z1fUX{)qd6H~Rym^>BjH#~%cZz^Ak@T%M@k8B;Ws~~d}h!T%g&Tdt>q*tyUgO1 zF|8GG#`($B?N`C=C+p6+2M(#*#CKC?K%>F(cF?X|jpQUB87c2tZQQh-C5&k3&U(Ht zZl>*%UKOUYFYF-`!I08mcV~;!ii>g{#kWGlg4_G{fq}UPg!Am38Pwrr=CQQz`y8%$ z>hvc5HQ`0ANq?8htcQYrRj}EGTl+bZ>)>VAdAM!=Y4Mos0)D*>Pj6)^0%d<;U?!(A zkx{5zsY7jLN_+Af9T3OLpWjsGyWhigHQbfv!TBsM8L0R&@rK(}W^{%dBysv!qYENC zZ27(Q^fs4ummvwGnmJ%wNQGlqZ6n`s@=6rdL{)zvWg9)(l5VI?J#OLVJc%TAZ!ra0Jw7djOYUuT%-LD)_v_|2z67)Bs@V z@n*8eo~JS>@YH;;NWwfF59-`05ck)NRenFd=szNUsq*Zi)?Pd-oeH$|LlKrYzco6@3zIP9vEhYy93i@V+=4V81RM?C8qmlX(ktnU1+FAa|6>)u6SThp&I3=jC z4>=I7+JC* zAOw(@y%6SdyH3z(8;Ow%^vi7Q)&dpDq>nW(#9+P?H)*u+zKK%139bG)mEM8!nXTHI zgQTs-K8#X(V;X}en!v=Eic&imTJ1$iJonZppEA*;(6Eg}>So51E2*-CMmI_%jaC>L zgono3z1I1N>2b(?kZXKMi${H{53PRaX5mkQV?fMTOf?8AzJa1cE;)U@s9HwSCxEe>*LL^8D6MC8K#JF&pf4WgpUl( z&G4!8q0qdrH1khktUX!9nOSqg?LiKR+Tt9dF#x(oI z(B#}4OL6PZu-r&V6qz2lc7cR&ITtC#mWVsJK>j@j2zTZi-{FFt$J~v*1i=J#0VC8z zi1OQu-X{nS-Tsa6m3&!{*I{%djd2s5@p<$e6y19%ZSvKx@sfB`c>`)2B@LJo^x=J# zY<7?R>c2exjWH}n);}h})QAxSxang9rjK@@UYw4!YaN6gYb9wEM-l%q7my)Xt^~*H zwv>jgY;fljx35UUS4>-X;wRe20D^|z*+@1o)dsD<;^L-ht{3GavswlV{jYVH^|v;v zLnVit4yw^AzJhzBFpfziFI~dFYMc;BGQZ|$r9k|yKnP!!ta}0X*xPWy@%jL3SoL$_ zZ9d2)wtCwbfC1DJgDwpQtt-SR(~zB#(7Nv*1R{`NC2u-CI^Q0)AZ#-;*6gJ_Zueg@ zh;6fY1(3dHs#WK~NZave0%Fh7_n1iQxBLMZiJ%5N;bW>XcEIk|TSYq%r^c|a++qkm z#}UZhoyby@{KXJy%nxLJ8OpQ9zTkao4J?*RT0j15PLtV4G`s_9t|3*Ya%S+^4Qj9F z-O@dzvps?5`2aBlQ7i-y*T}@0giuN%NXZK~sgu3*tWdJqe&*FDQ$EN|GlW)dZZ5_6 z3yRt|rz{JbPD5FVW?-*!pBA#cb%g1HaG?KA~}EyF)skgVt~Tvv*vJ$U=Z6MK6K0Y46^LhwV=~5xl@tYB_a`cE(d74 zf`^~f-BN!Wo1mr|{y0uRKMMkcr1eE)uMwa5?*VdF@z1gx@PzEQ{6K;Wo=?`i9HD$1 z*cD1tm&Mx1S^g{>ALe$?v$617f2#rCa3nmWkbU0=Jinh|d97bgq)a8AKxBW0H zB%lftpWW&_<1AR*P>`I1{rf!l!`4r6QHy`v#NZ{oha{FV&uXQ&p81POTyp`GK@<5%6+?R{`*+rP=%sv3Y52yC z9PM&@8ov8>76%OaThb)WvJ)-)b~L=`qjVO5x-p<@sHx@7w!)Q z8?3h*oN8bUpKR`o< z{KaSp9`MB~J?YP^Q856`&^wD1Cgt=r3#mcR`^`-EWRKi~*H&|Y!*nskx z5o-R(3U~OJ_lIdxq9~9BZ%{_%qBQggt_Hk}cV~2fKaR{>q52`GNoEr^_td0UCN9rZ z)og(FUkWBeps6~blQhSLG$ikFYHLiuqydi74@L_749*DO-a9geq~&Cg@A!ae)%ol1 z-^{-lh3sO6;z#P#|47Abb`A+iA2QSahK^mv-~qcIfP*A_g0q|}B4<2LeBmY5ae~|w zV-CZ*CGToGFUM^FD-Bnk7_f6T?jo&sjy1U_T3#M}GwNar!+SQx{}8b9kzj#gJ4R&C z=NrK1?;1IOi5K0+GtPq*uM)OVyhQiK$q6OC_7lesRoAjydmC zI*VMQtExzqG-cF&>pQxp4*1(jj6{Cbo@#{YTefYyA;@~u=}UIwxfOL^yg|( z=d6eQo0fEOP1xBPI7NFR z%IoP_?a83%8j{!m8;sp$^EyG0Bg9CUbEDJ3T@vt8`xK`S2W|i-m4HjBj#ISRS=I(rEq z;CK@95DS&3!;c0Vl)--Vo`jcxH#K7zq@yR zhg-9#_!ZR&`C-BraC%;5!>92$OkoTxjluT)0;O@_{Le5r{Y(5>RiYB|Gx8H+>0a(T zH4&Pr3-M%l_5#r6!W6iNaPmD3`3Skw{|QVuH9Oh=+0B~H$}+AAN_^)Aqrt>BbcHTQ z>bLWj_x!;R=+#(cMEX({{4$OF_Ydj|pQJadIPcPfLGU!w@PL!8pFJA=29vxWl-+3d zB#-!^BO73NLKGk<{hhyA@djG{`rovf8ckR&H1*wGV+^j)82Bq1n^M{6PSV>68m!Eu zA}Fp%8Tvwt78g{6y~dl65KbjAEmrXdj;Kg2E6nS{C;z9vDcUFau?tgd=!;8Bt4q~v zPhWZKp|uvXF8~3;S=W=#XU~5xk9n++Y^J4kMFJ|LG*aSMS5m*3WnvUeOiJKZ96`Q` zLj`scl>ga4Tq?~?8PkOdK%chZ)P#upgu^q7UAVz*ROV|F@FLFtQxh)96?Y%Tk=7s! zpbTxLF24$3uc}O)x;3A(gvtC$;}B##XtU&^fW^_|4r(O$^uS+L7Iw9GPhGyGXd+O% zUN~1fDqqFcRkl;A1`Dq5>}qXw95a&kVE%-Jdl#wKlG2f=S5AT&zfn@^P;?Rs8OqOz z{Y21+(kGmxz`XA={Syin%bvY!ZXUIdIi!N1nh|m`1CX!fglJ&9kg6JzkZHJMT{(12 zYx6=3Xp6h7%ZDi}mN3{?))b8?3E$`;PW4CM8oA@eYL*m!Bq}r>huhd3yEXn(b6Im0 zMiS8L4kDI}Ji}?ubisI+*sycql01kQS(TJb7J9`d{6r_+5S2ehq|e+tJCQ0Z^$}U@ zTY4MjgD)l@<&a#R(EQ}^`oW>4Ul$?@K2142=eC-1Q3}~>IDIPKazREI(pRG(j>^Yd zP&k$^)rqRndHlhtrES6!u{)R#3ZnyLJ%It?Z@rI*MV==`HKGY;qcJCI2JCTEB@|7D z-IAoh*kG(utZ)H}fccKg2HN~tfJB`mcy`olF}IpzK-nNc9rM(3_p5(T*zo`h=@(iv zmGWf1Bbpj~D{3&0-eln5z}#{_6!Vf;EkGVA21VHYvu%z9-Yg;|VoiuRLkt-<3;rMG z2QET2V7U>5uAv{Kn_ze4UNSP@p`?+;Nw__^Hc{`N7&D&Ad>klJ=m9Q` zNy2cZI1wz#{*hKGDeg!MIg$mLu-#0S_yUR^ui1YD zC-a+BLWH-K`Pb)Rjc&4&jXFm4fKT|=-3W`&m{72q1epY>t+2VU!4(*m9@2=%1DnhO zLCK|~mSiM)iedk(mGk^d>QtWp6nFZoXUnWPa+ikXrpyH83~y`$ODR>Ud^Ro{B8;ku zTKWedG1fR?q%;Rp6W&X29cJr z8f(X-{pDoHe$iXUlO4J_uD8@fge@@T2}@JyM;MPYXlOd8p5)fFb2wZ;0pD7;e80Nv zA9oU1AS0{;UIW~6&iv^P@g=gPQ?8?3wc)N3!^EMRkZ)k8mC~=8>{C}*{lqX)XCQ8E zMK8lH8?dFB4ETt8(6v>*uvQMxoa3RIz>3_9_}x1mN4sdn1~ihg)8YDye5Y?!p7k4Y zv+|8&`LifxP3E^Qj1Rb6EVyc0(HpN_jP_tYum7}8Dzh~RJ=;b$Q&W71!4oDOS9M*6 zvVOupPG;Mwzt!YKQ>b-lOmP|`M}KfJ94yv>9+trQKFZuVcA+kGa1icnxF`(ok|1lp z(3YT#VsBFYS`28@xq+j^|GEIrHaJ%!e!yg71JBwXy3xsM^}NG*0T*+=!Xk`> zp#gBTnxJETN3%c*y`tuelm-b=aaT=qB&=ApT&(omFeZDq*2>ILox!iA5w#dW8r{pk zqRUYL3oG{g1}k1=D&>ILfLdt+f{=lxj5Ie8&I-zeQq!g0XDJ|1p3@aF2PKyh2!mFc z+w406LX`{eyWkZv&Ib?_c)<8zrt3lV^ib-7+ee_d#c}*9=QoFe=JX8WfyIc;bSHqa zQ*OEeN^$~a>hC$=XG%n*;DN?a+@=ubxUEu&r#TBWT1KeKfvi8NB~Du0BH#YRGWC&@ z5d!&L02@RE(kTOMY!*SfA1GV~)E*)LG+}HcCn3yI?$4JI?kAwu)0gp~sO2%> z()N-1UBck0IVV|v71HhN^}s=WW@-e}A1z^{P{ zu=mRAl;rWSwQ^`!A9K$X)B(`o*C6xSL^xk*g-=@T>UGS49S_MN&%%67#JR$A1fo*Da0;BVG14KmP!ubWpmWGfN5mSLYP1b78;BYw zK`8|_BF8Ub2<0NqFz+Z~Cm~9oqG6fp1z_O*;3DXA)Pu!A-a|Fj`E|jSU^L1wyO9lkWP{9?!Ll@Hw^3PBSlO5Vgfp5_^!X~F zG}f^v)m{AQ-ffVq%LG$F1ag*g=dQ-$*Zp!+&Con(=T< zQN(r=#T+%~6#Hs`YJu7n!d$6v^3n1sWc#ZNv8nStV#d#n`$MDsc$dIIZD!M9_M<^) ztBgvZh@^fol~OxN1G%vKU6u~eYM`(fXLYm>>uuRFSjY|M)^${b{WHW=lI%@h-17j@ zu@$oQ5qyNhU=YKYjdf(2v^mrn6Qsl3<8ce!Ivf~-g#X*UDC{GV>`l?Y^=HdUi}3YT z0NA?jp3}};u4%6nOyW|wx;d}oO1Nlx=uG^H<;=Vpt$4Cu^b zVTz9f=LTGZlL4ie25&$PE!wiL?ItR;d8a@x!3ADs*qFmdr)FN&`RzailhnCj@g-^k zh$rM|rs;;IT(~DVQPNw{)B(UJHc_L4-H`_kOpL`|Y*VmQ6fItf@8s^8iuY1p?bHe( zlH|j`@5=MNu=q|?c<-5J3%sbNny3lDT&ah@jB}4GP*LF@;i5hU_;M!12J}Rj*H7P9O!VXDYIPl%gd0wYqU+(I;knvhO`s|lc4@DAq~&y=MD>==fxjYpPB z2?)5+{`{LMO}}~*i`pC@jXn_aiU|UCOg@o}l8(=gAhzYZoz+A`&0sXfqKeB;A8UK& zk#+aek@QQ<0XU-Q>t1GLxWos>#_y)?N(ok%eyS-dc)qE#jgr_XioTNRN$uS8-%T3m z`8oq4mCNWv<|hX(dpZfAp|%?>|1cGo(3MzutlHmjHtL8(-wmUFDJ@=i3(^_J=xuWy z3?kgFM^zTZRW6FB)%M}J(#QHtVBt|FR`^VBWh6IJ_SGZwslU`Csz0jpNx)mI zgqd?ip^>^f8mZdv`yqJAY}(oI6C7SW%P$<)`7)XKq4ow3liP8-u72{gxOBOCb7}1) zx>k^PmX!svQ8ou>v3TIU5jDG3hP&PV_y8X?*jJ-vw8`-_$L!-dxBCyBFE5k1o9#jz zzWmHX|1I0fl`k7Zt>#+R@4iFRwF(95{`rV1Y6-wcC%%#@=EX$)$9y4?vhWI=i`L(E}hyV zmrk4=*wU<%Bq6n#?}v|Mr<4%uPnVgiu!D)3AYFFWO7DsttDbGo{%!{vtvIFI^ry1? zk!TNMIcl39@x|t>q%7*M=r6wL@8pRyyV`T+qqCCv&r|r=BsWXw_}3bLCEtcX&+S-x!^qr$X65ANi< zP!H;>kq!D`d2e7*${{uVsDjtOYCm{^@#1#|7>C}3JE>jtNai;;K?2iQd>HusVTD~E zyfBW}2tPOdVa4vqQG_TxkVf=F7Y5=ewSf#_??i39A|8sh7!hM_TychuF>rZlS@Cj; z($m%7D2Wdx_|a3c7qW(ACz5&*W9f(@3~x2Uiqhxnp@xbp5D^kzo(j_4W_u`!pVBCa z>g`HBgMMt9a{J^-hK@C^C5(q3>+$!4qTmr@Zp=Z31uHp*_fxiFzxTMHAoGlsmp0yz z#}TfF*AYvy6JpqF>kAIHS7j<3AA`J1JxDA!C~dtwcd$m!TY-@hZNQao3lr(ZNmxJ zV~a9y=_-^Ijs~kWUDV}+TXsc8jUf3yvmYLnP^QW{1Uc$@j(I4j`Ls=KnJVj0JR{R` z7nAU~9~3!?d*<)CuJ`AN^Cc}4Xq>@_$gnq4OU`v@Yg(~&GY%U#GXc?* z36Y@mN$F@?qPjQsEmp)0CYzeSL}sEX?I91$U&M}3WF{i)k(bZZW`m1BX1YO4R6J9d zYn*HIk@mi(AZe3P0N8k({YR7L%?J-W8okd^p9Pa04v$~8Rb`+r55`HQ;a@%0{ELW6 z4VUSl(^ZoYW<@mQm8-|%EpwC|o_#re*nG@9nVW=I6NzK6rLC?mO41uPDf~N-6D!oF zo^m;{f?uB*^BrAG-2XP$bAL`L$cnE5bfy->syW)@Gw?`UgWrX zp}?3MdvFI2LC4p*p5UFr{PgG}W7lVe9zZPJtD zW2eYpwS{fTQfgJvrfJEjJi%&}+1%Ld*hJrivn6kd?4Yp}7F~?^CPD%h(Y2;>MS(SB za549%383 z+Sk3~x{GR6>ZII8u?zPLTQR}s;D<}v80~hf+mx^+=cA2uY~574Ceu13Kl;;F%dLz@ zSUOsGWc+5~k;Se1Z!DcL#p#IKBSV`qb*%Ad$gx?QRBask2+E_olRt-$E?#YP;xO4U zyHiw`YGtDNp0iCsm(K1NEgbq;@2&nV%S-w5M=!}Q-fn#5h-(%8DTw*sy>2oajzbTd;nt`dQ7n$lQx3p0N8@|p z=ZzLriDFppMEDVKH1Y$#hP-B~j^m_cS`OE>X;rcTQlor*Y>$5VLTv~0Qy6#VTI=$5 zUIM4N^Ro0<7^<0*X<(N{2WxV5SIQ>a`9H19qqlKfHZbs4$&$&|eUrszXM$xJ!F|nqt?4=PNM1k;*@iS?V6GXw9WdJ?6-n*(`r!6Hkyg9VVs}?8J1ZEN6xS? z*gha>5PMv^lx3bnfO1b=dn!knr8mfWcD*k}t0j!S_OX~@hXpD35&QBdcFvY52} zRik7t>B^_1xMF2*S%gpw4)+vUSRyczp+_5{LK%5{xx=>nyT6O3rVt$E3uADc#QnvN zM(dT%e;7bSeHN=+%Uom8FLUEaaE~sdF7w%`i47!WK-2sQQp^2zv;N{?qrYWbHR67B zXL>aa8Py<>B5K*gb|haea_wpUM`zTA+=}ZMx=7IiZTQhx!`v)i|4nkSUW& z&ME|6H(==I!rBg{qL~-|jqQkI)dFWkS|g=Xq1UA%trH?K7|_??#q9uYJYt~bxkfY) zb5Mo{ZitP{9)(zCl{?;X30&@@Qr?OOs@PFRC$N{DvkFMbL$Jw5bTh2icYmGMO$lFg zsPnhAvZ6sN*%N*gQUJ%D^%{9FC_(Xa&0uzihx%slR@U9nOug+bp%Z+kUtR>7s&dBs z8@gVMuSBIw0AAooM;sy16U570yNxcaoD$*+=1jeMf1OkGRCd7 zNMfJs-7CV&TJqs~l`LItn?_Ic2iLD$pw(UB#0Hdev-SJUfP7mYW})|F3=d3XGxO?&PFgYCtu|U>K@!~W2rsaAx{`uVBz1{upBgAi(GI2#<)YQRi?rpnB ziHcO^G((p%4dA>~pHNsaF(%9vJ15BlWy;K9-pg{libyQMC`;@# z=W3J)HH9_XIVR4oP7C%%B6*OQE$f$98MC3pc{PM8Nv2Z1pLxgl7NlgN=26a`qn`gs z1#`~MDpcKeHRpZXu~xUEVzwshTiycI)8@BQElaJdL0G!t(bm$Jn1hC z4JO|_eaZ@>*L;?ps72asec#n~#N^m*^!x_*cm-EtU-WF@zuPK!)Olaw-|)Q4j&!)m z=6uhu#QI(xu<^Oy?XBmc!F?M%TKet|W-sUZB>Y@-%?Eeynz^m~Jgtju$?-yOO=aW` zbeL({*A!luUtsO-Bq9*n6lFWd+s=z6kcd1d8ZZjNB@!QEaL5jiayaIACue$f(x<+$P!`8|K}zlwDyvzrW+4|ximv&$^6 zYq#zPrrR)wiXolsuT8=7WSA69pj<>(5C|jshLcYLi7VsLqWRM zNL2}V1+C9ATa$%EhlO#|h7d2Jcsc@q&_5_8P#Oz=s0#wU4XwH3=epXHr7$oPvZ&AR z1fPRqklM0<|BzLYoE8}uJvuMXDkaZ`Mh>tR&TKa3s+fKUP#8fQz9Vvz{y8 z%9Jk3Gcp9tnLc(N$4C>8x`@*z0>yPMozfoH^KYLBVT4VRGB?`yWQZ4dQ*@XMN~b(} zbYB+Flrm4P7^FBK(P1RAEMiq`rk}$z)tMYOaWzz4S4A(^T?9=bh0#loBZA&A z21M4!7#W8R7M!D)(gtg}GU7I_r2$h_e=rozA4RuzNvMDz3m+;l#>9p~T#Nz;~m^Jst2|!4Yg6aiq9?o60ofd#X<=K*e69GKZG?WUX5a#Q;}z4a#IYT z5CaH68|rqG{BXem$vCWX5g#*Cys__D0;GYjhdtN_0~h*9iR=fYHa?6LK;*}8EE}-H zZEWcFK$bpT?9j~&giF6DR&LRIg8d@EGl#BY_^)j}u9=w#55&`1ef6Z80?*{lR0M89 z2q+6AKCvD=z#;nmdUGR4%8CVd9GJ3o!HK4{Mzn8F@jNh9BLGMjggk+=GekjdI13he z(7)RKtTj(#US=TSDggv)*eh2^LKTBXV{bJYy~`hia~An%I$!}&DN-5AuIBo1&Hf%x zNR^Ea#4>f;!%~EOWbq@g3xYiCtcoM1<#Ogl)4TKTn3wuiKw3PFG|hL6_EriWozw)J zRz%6@1{~CanbDc2DT2u~!I@~!iymfjgzXvz%>ctOVN{-L_!u_Fy-5!3sE-kayhrS6-S2dv`kFpxs|6oHVl-i{>nN-;C`$0OXAgDBCATQ!=W--;49SLwia5?_SVfaRL!Hbb5`2Gv2$|Z zxmgmPZiKlfj#!P0h9Tyg4c1S%d2E8#8xR2@7V4^)pVV6(z|}eTm0aP4L3T|KM?FFC za9=|v!4vSLA-JI8^n;D73hnUH51&&vk(RuvtZq^!HG2wYA2DQ=P48jEepq*crF9T4 zuLFvlx}~kWKwP+Y(h`gx*%%*)2d6lS)^USN)Y3h;M2|XgU$;0otMA=`VGmHv;{$gC z?rvP(+MFY@-n$#2>bbG#v8CVx?vya<&4hi1jbz&3V5=hhx*kxgzi!P^pr#CMYq&~>t?w&b$?-ugIMBpiK&m179P3h z19M}_TG8<@6=po$@EPL)SKpiV`nxi>uQ79NMfEeSEAq{SNp|oOF{E~JK;h&1*T23F zeZO_EU{qLG_cH1S#VmFbQ%lGx(_qFgGMVEweBPs0=o;fk~D01+Y zn&Y=apTI?Pv-_^));~Ui+oHDP*n@ot=Bt9eW)q{ZO-0b}w9J`v;eH8*e^ zgx4$?lCL#qRKfxWPMKb3m@Ky0rYsu3hzc6hz@b?;ObL_OjVH8>F_EkY?eXYClR~_> zrB!2|wei}+PH=ImuqB?Jk`tl&wQ>5_4@#`HdQ2Kk)ANe?Qk~b;`+Yu8Ci12naOM=7 z3H|jNeR^ND_C>&Ps9Hy;^yLW}-{$y*F6ZlM0R3gs`_0MmG4VprmG5b}P;mpjrDf-g z)9o#WhQ z=k6AKYNhsSz43W>+3x3g#BJH{4%U2;k?pa)ECn&$YSaz9pO&&KTot$l;dBA>1M4lt>&X5|{kHMGo0mZl2$kguSxWKDwAq0T+t8|It8HaXiUucJS=)N`UQBR^{b zY*Fy9$A##}k0w<32ljvd%QIpJ&^6%z0ASDo0O0-CO32y3(a^x!`ai``kh+I6&QSV| z>y){qO|p6U2pSl6%UQh%6Pm4r(P2G9lgXG7Epc6d{c7Qyv=o*XGt;C2F}<+s@8>KJ zp$3dF{evvV=`!9p)rED;)Gg6P-Ol|s!8OmBW(i{g1xiK(Dw~qilYU0d=w@Qg z@r{cRa=K%3bX&6uG~tusKW2rR)}@NfL~|M2;y8*JmRRX!?Y2B!)aqo(v-r3qiNkcvx2-z0#HBYl7nU+;WjF~5^9w3u+ zidFHfdkN<@wa>g;p(zJAYA#kZT!ywbTlw-8YCn)cHDfLNiRQrz;xd|232Nl@>| zX68%q4dq~X2x;smv&g_mf%%vrsfXzff)m;XF|H&YyYh0)N`Ec&^)5)?N#$W$43W{5 zUixer<8zf3956Hl%Bv)!4g$cPTn2 zkjdk=^_X#4gVy71pe@Ju>%ts5(~H9!`a4MOs*FQfFguo&`0lV$tY(hi)0B2m7+}>2 zhJcDry2esmcWNMyPI8%422`XOuX)lPXI! z_9^}bs3}U>!J!PH(;hI>~+Delv8K2H! zAX1vQxYWn3%Jh7km=!CcElsADWrEQ6G<=+tMqI+Rq&hk_$mwHjE%rAWq5R4(Xq?XQru`zASc9;{hKtqv~MesHo9FtJk+-URlU>( zDEk!MR_=qPK*uVu(<(dAI)Eb66%O(GY_%QQNkk!|k*_G=2 z5MLe^sN!m{cdltGyoha&encO}gb~t|(WYwnbij_IZ+{5ln*6l2fb?f_fn9$%^0t}_ zE;@A?;1PXCqzY44EED$_$Bk&(TY=sUO8#&O@GEfo20Vn-y!zSgz0q;URCv87JWJUu zS>yi0wd!Sf_AnJkS7ZNx3B7WHIbKWKKBx;i(Z6jPFhnxupa}L5BGmeI&7Z>pKL-p5 zPW$gY(%0fJpkg%ungw|%rJZ%k_)VSCD|uSasvCBi8kk>WH^KOshnlmeIl>rjpjk#D zURdP1Omc+_^mDl|S6x63eB7F^E*dS**IB@-XJ@`(zBk=tUC`^TiQOzjZJVio)a9?= z30xEcyoUxnFOy;o36Dj6lSv(J-9L!jm37f z<%j(BB+E}m@EMs;?AL1HmoLa#rZsPbcsd41r{&zcC%vAXhtjlPBea>2ATwnlKxe|A zoomF>fe$-seHkA+Sv@;pw2W}Rw^cW8PtR2A7Fd<#LT#`T<|76>kiNkk7mbIEa1oUx zqJV8gj9i*U%*{N`vI_AtRLeAFBesvb_^4w&I{%?31v#*RoWpZeRQj&k3dgk1cSU@7 z4MubdDp^WwXBuc=MnwU<{((7D3{(-!8jI9MZ zCjB?gWjYwVOpRAw(kg!*Zjtw=r)~@dHM#com2y2`3Y{j;XUuTD0QfeNryHxRGXHd( z45WEn&0}*gB0O0t!4S10AzTGFhC*7aO7+dMK~cMkv5BQyN}s{JD+H;4&loESMbt>Z z?NQ)g5Nyb9-6FFp-H|D#Gj_?pU)mw=fTr|dbMt<~f?@Rd3dsXe zNX5J$!y1}@*(1hRSml>#MBjo^ypvous3G>uFNQpA0#B7aN)z9csJpi%9J0Z%HTAWj zxj2d6QAErmTIQlM7gqf=fZKiX)@7OSvA~}u1bArMo1zU1$Ju~v5te9S3Yc3v1@wi4 z`Oc8lMVWGY$zt`ua&_P~*1;L8lrUxQj*WE^+Z&loBN~{EP09)T&d;4AcOE+ELPVCx-hC&Z zt(-Z?tZ#-_v<(21?{x=njv8-P=6dNdTeIqgNovEg2?qW{Wgvp1 z3)1YwztIi<(w8u3TNITKicbDkPXZZj{ZGwisSS8P)WBNk(G}u@lIH~ub!`zVlA+BX z1GV6|A_)hUikJbklE1{2(<)|zuE};Qp*9*7%bF*Y>^+hx_8mr&k)+H%yNzl8rZlyO z-2RVQ`>OydLf_1wiX@M= zvGD$OP~No?5mo}OEjOoDX7m|Djq*r4xq#x55byd#sz!8ZJMYrRzuts1hjaIb6pPt&c8+xPybCy9;$gqwc%`5_-(}N|Es)r+voOM8B`wVf?~~qJjDQg^A!(Qr#dfMDz-zJ}rQ}`qmo2>j^n@8}uj^|1}Xrg)yRvlg9R*c-=cjS)jK zWNb&CBUc%UnJ^}xHW2-gk$jOcKt6M%il#;feUKR8jGd3{1wF1%`6mXx`&~bJKVepO zc+gCK)QN3uY~V!ppV;KqGOYFIke5^cF)oG8doSrCU6*f^sEDW$Da1^@OXk0~VIva+>7Zj?nxW3^xOW{w z5w8VR3fyoKlyMeES*?7dyQi=IY0gNZT0mklv1)`T^`8L4MM|)$-)F84wd3UQaO`N( zx#|!UK}eK6EBOryp)RU>nk?ioNCs8e_6SI!_1+TNo8Xm?q0V~4A9d0e?kF9u@MWLA zqrwm1+`b?Uv4p}stADBVnU4B-2_vUAlUUJBfz7p-DkT{D&@G%^CO>Z(cqu=ON8H_ z=S2n�>gNKPLhPJS8}=HC&kYZ&@7f)C;qDSIO}hoi~bR>0xkgdy4Ku6ZYBJaqNEK z6CAr68;s0;=){ftq7eu7bjscMaP7{r(%^7VQ{m)7VW3%Sm~gAH1;S`U#F`S^RrjHC ztF3L^yHe=d=(6%Ro&X94Lqn<91w26Mb8!WW3EdFH!^eYaSft#9vi=uIBnffCVCFHr z`g_vug2T%Q=G>CZhR*aH$6Q?c43OHPDe@DX!#T~gB2UmuN z4qzql0=Gst^g`kuzo0-0{=TuxTYQ6z-iWI6gxhaHaCC#{UMTazb|Ab~;`t#=cVG+L zD_2%U>hOC)h-dqzx8W>=TAbgBUBh2^^9Zs0(pW87M9Jt!E^N*>#59K~7h94L--I`$v$GXGl z(KU=3z7qlk)O4sk$eHq3j16+W96O zqM%?W*3iJQ)m>#@E!cXExxH!L(h4^(bV#iK-UZD+8d$OB-g#11OU1FyK2FT=g@tFgAez!Ec(_9vHk>!Jd}D9B!8y@}7e`HHe5h z54UcLr|_4kdW-VwN`wM(+HE6zg>!I^pA75A+PCO$9z*f*&YQaxfpZ4=uU%LNsF7zj zSkvX96g5zo}=8hbTBRfO?EMR(?b-fc= zHZF!*G85zWc=!S`Z6XHkYSDKLrZDxHV}YJ|``&+9d4#i!LC?4nhT!>EK$n3|=J+7y zTo6}u+@RdKe;NJGc71Cv=ibngf0BEkB)&6*lK>LQRlapjfkzkYhhMf4c1%iC(05uc zjoSOM0=LmZp*(9lgRttBxx()4_Jpik8gTOouFz;-g3H)DAH-kNa^#~n287`QghKi> z4nJZ(P4?_|t!{nM6u)c~y+@nqcZOHz>3b5Y3135F{zY~Bo!r#|&j91;fcyF%_C111 z|L{`y`Zs+7GR2qVjQgG5DFJjr%*Or;!)F57ffFr_RZ9BJ$M|IaLHwEo;xNhhW+(I& z@B9Wl0!A_A-y_HS0jmnlyyYtxGIT%_eJ3A@>)}zKviw~Z{7cOj9o9}s z>$_|Y%{PEFG~2UV1~QnK=inOo%8?k4A3X7St`#R%4>ZUrola|XN^S3#gMc5ejX$;% zgfO@+Z~xh@dGr$zNNC;-(;3?mrdN+UX((|gwTbU*kuKn$;du(=3=M4jK$I$SZI{Rdl{6k6TE7S1l8BcB0P2JNshuY8yCG`3G zAUuzOXNBF4h0g7Fd|a$yJM}0x@jcC_eGYE<#J*zfMzEY;yoA0&pWjmlJ0NE(0`EI} zCxMhd@UcI?&9`4(KyiwPGRg?ruoqYW1u4BCbNruzUB{`!001O;0fZq@2N4ko3{2BF zgY*Cc6(eo_K2XHDUI>T?BA|UE2Xy9PglH)UM21}^%L2d$c?boxl`Rz=0mFxYA;tK^ocPCR@%Y1T-FraNPzn$JF~s;ouP&0f1SCn{Q)2k1 zgrg*!{6j=iDv<>IrvxlXNeT<5y&})CJHUCi#|3Ya7_>!fEve3;<#|jnUL*!c@Nr&lckQUJ*a;CJ>^e-(Rt87S~ zXZ8z0oG`-QFk^jbwh&xyyaIMY?k+j3(VJw@Utt8Y(}8kH!^V(qd4O_h!o~!q&u7plRk{g=h2=K@A1}K& z!x&7Ik4D!z9Fp!ZC9JRPJLq@wQj)9Aw_Z&a$Zg1qU5_4-fd@oU9=5l1#>_yl}&E;e#? z?>Wxd|CP>pFhWU>ZyeI)n(a}1T@TWkhHP&yB=k@xSNr8CVk~nEJYPA>{gQ3AoCI^p zn#`B8bl&$R49tY4r*go_I~qJ0AHJU!?!X-6RZodiueE)AzZq*MVsslRM_fFV?KD?( zxRigSxs3-@YaJp|h(U*bq$MIT&-FL=I(x~-?tKromia98iqO)M!PlE&zO|pV0?yp5 z{900}?J^BEK8i;5H!HweLeh~@MAy1p(y^iOTauV-%b}NPHZ5%G{>^cn?+FGcJ2qsR z{bSwLZ2ZX5EG#N~&V9AZ)^p(?vb~#+8BFnFqHRjmeQNh9HT;?}T!<}DMCPqD_i!aB zb#s$f|MC~$ppx#{Ib14wzKF+L&F$7WdW@YRx3;@VOW8P3V)wC^*rH@x@z_W*6=+*h z;?{c==HbMnH}u{_nYP?RWh;G;t%!+XbV%dyy$%VAs>&3COYuAP@$B%i9Isn8pwVn# zQ1G;!oa);O35~q>X|Bl?OODn~Drn{~>(aV>5%IKD_vp>JMRl_r#&emR!P|39r{4Ks zH+S~B$!#Pny2?Vu=$d8fD>5}-<=6?tTkx%>v9ivsnKE+`-BDlm*-O4`DlPuDDJ>1m z*o^2LX1O1k-+DeN+CSVSaHoF*9j%IZ@kAHdCS$O-Wc+X2V8zwrlee>)ArL_xLDYn zTT9fvl#rbJo+O9rRaKf*94bYQr%{J}Io7Z}FO0~GZysA&+ATF)M}&KrHi$WgR?wv_ z+jkbJT@!HGvoW>KI%)MA$LC#+n@c_5b4$v#br${|+A?W-jInJGw++bQCv-g?Tu!_= z@-?R?+Bfvlv^)(TYj?oLB+SD6P*z6|Tjp-X*spEl-?Za(KXlxM7dRO>H4!??gdNz& zB42~|^YFJ`2V3d1b_ZLvL-;^1`D!n)l|#+3$)oB|KCLYK;N4Rxx1C<-Z2$*d=(aAq z8Ra-BbH%U7U-9dSG^6@}E}=!y3DNaClXD3A*_c5#8tiNl-a#t(qs(?rO-5OirREy#-jN=uUko3qTlhR(Yfkw( zs`4@dbDA@!x;Pgm_jP^Td}bS+=3pK#uY;fJK2Q#Am1)`eZj`!0v$FeeTGdXNn4%1R zHV9i@q9ToquyZFxiJ*|FI0A#zrzY^RC`$c!dlwXo+dRH1X>VE_W!FMNn*Fv{xZ4NJN~-K9uTREg4rSqwjA=v?rfN&3qRb1@@s)cr`$h5e_RdatTYVJD1;J@zL# zP?bhX-XcjeTasddV|+ka;=WZsn~0rpUbZ;0$S%Fbkd!MFjeMq5uAhN|?q^teA@Z3l zgsK6WQ3Q@bi?lE*%J$E&@^ns4=jcES+LhNVxaR!BeNct_+p~vEYG6_-V^`Wf;apM3v@rQwfhJruq&e7fVkLU!WX&2Zf^`Xb%*cih{4qHJg5Phbz&$wOX@ z%@k#R-uv}<IN;j`_|35f@O|Mcv*<0lI3Sum zA>~2K>5Hf3uzmi>d&ijB;Ba$l_VjFrq)N7P5qjiZyFQJM)mqwYVMxX$fM2L4Ndnzb z5-lVwg;@@Yovq}fF|lGsCw=P7P|2-(^*7!ryf2!ktE)}sO!tJJLe2Vg%r-H0l8BthTdH0S} zPB@uT1}?c2O9fna@e6+9y*sQbVwITNrI;FbH<)uqsognE4eY{2$BIEca+r!LP~Z#$ zzx<&yUy3~AFXuv*^t0`A*BCr=Mb$_t+M!N6B5U1c=P%f*Lk0k)nXl#g_3S)N__XsdRavM`SF)UU2{$>ESYvyUy6`3g8zS zL-MphW+BsrnAT>VY#(QD86fB)EBZsW;aRa%Xde^d*qfy>S8h)p{kPEUcfI$e{r9D` z@#VGY?n%@vNl4k{hvt!rMeXx4bc+8Lpp$($g(w!z#zi@0h!$263fQu*hBjbWBU+%> z5Ic1SV-94@$nTc>lPuhG$53!@z?5u9I^e&}918j#7xdrPuAEc6F+VR5*YX7dFr}C| zE7RLblzObdvWeq4CVL&e$;1#e=^GSq71GNdrjIJ9E&om)4MHQjgt5oA<;R>2Awk+R zVn(+M)0(;vl3~L}(Z-E>%a-J2OBf5J(I)Nf@Ygj{u1@)*P5Y~~%eg}JqOqc;ZJa%~ z`%t5pibh#TkeP9C?40Gv(Nhd2fH^e_Yp5D2_Gg2V)X|CLg47l>!m^cOzz&@ipukF! zKuA4_7;j<6r!(*0t5A~+u#$4z-o<9;k**CwI5^MdHjco-)?Zm^q zw*(z*V7G!H%Yyojr8k2(9cTcHgB!C2$c!>z85(0IFO03X4;v~-tI0Cfox^2RX9kgi z?l8)dc58S$0aly@x0+8=sxf;^ND@X9n06$o?3V_U3fW|EOGv~##Th%-B*A9>jTam8 zr{|;`MkPUNz;@dMkA(*IrD{OZm>d(SQ)4oyrL`zc#g>9?Z%sdYY#``TCQ22B5o0zi z3lGaTOA)T0Fqw5t&HN`(R866-54oz;+c#nyZ2~}y`vj7{3mdLtNxuWMn&`@PlJa8T zUBz0R*06s+XF`9ZnC4kNA(Sd^9PY_Z>S`kj)FOqw!2ZhnE)#n`&ph7|Ou_fXU{}aLkJJmzgLYPS)Ezh=llxnewI- z*Kz2`c3uWEW>f%z54vBhvjXkzTy$`v0MU*c@vejs(Jp`R5FsU6sj_xfHVhY5D2&WK z86%B=ys;7$-$YiNt`7iHO$v-kmQr9TGcYgiSRV^D+&M?ByiPbJc)TjfU(hK15BWDG zO9Fp%vUs%B!Q(kfmmrZEf7@VQ$pAlmp18a`iFB&hl2ME}V+?)2qp{gqYIHDYf1|M+ zD8CL~9+hED3P9KRMFvl(F2$REhdQQcYN%3gaob<1((OR0eO@uwDYT+?MH=>?9qSW! za9KxG@`tz*UbYa|k2uEbq7Inj#sRaD{*?lEkvLT9D!`2dgn&f;=mrA;@mvDqc?`H= zjyCmMRDC!x4VVg2(<7>f;LyOjnzz5Tx&n9vR&m3C-<6@Xnx&sY_s;v4v8rpL}i0srrBf|QtlU7y%GJ1P$@^u`L*0MmE&2bV( z@;0-Qt2d|;;Z^%25F&e_>rpKW*zx0)apPkIIyCW1z2yk@Q0~R#DM5A6uSo#9I^^*e zafAv~LYnazs84ZVSXaz1a*0FFq|=VNkK5B@>rIA|Mfb4uM^E%mPy9zLNE(GX5%`R8 z;|i^S$*?d7_ZXTqaKdf6)q^6BWlNp|9=-dPX!cM9gaVf2^W5wnmhbzqswC+1K$zu9c0$G4|8gc*& zjJ-{Y!Z9}yqvhblj(hsTH8`O1%l*8Qh1l9oXP)6zb`>~6=E%CL_w_mk&-zig(hY?g zCCR~t|Mswa6wqYzVtV%tF;l4PFKJcL=n@e#LLydg1q{~t=qF_%7EnW6)Qip<82mvv zT`+~mmlTmOt^}j>JpsVBgQXB+5W|aRsG{nmqev5|lT12-_>=kbQdB`HVStt*ftp!l zy%e1bg;}A%f>iWKU~X>g@)$Eb1*3xwTEB>E+A^3fWQL9PqV+(_LZtm|Qxx)9 zEz0CI#;CRz81X2B;(8qn*VgPl4_l+C3%8KQLM&)Yz^s5stvU2h)ze78+P(KNMTxeK zg;XZ#b7iu;SGk=QMFm;)Q8-YB9mS!F4}+HA{t%g@1*$YdKS8B+1M9A5DmWz)vU~G$ zyU(~mz}{iH^T#(XEkKaRXB@v#ha${!qaBh^GQ)E*_rY<)JqoQor_}*(-s(btcNw$~ zmFCO>`V>O7?M+z%w3!BbPq;It*;l##1Kbpl_aS00>S{*YbVi@f7F_Djvow%zUQIVc z!C8TJX&|DG=asGT_k`-jEbhtP4(eYH?N^1F?-af_%Tjm`sep7`>R;UBKyWt3;6=X0=mK&z zz>g>>i(AK@r4X(+=h%6KRM><&gX3Q}K^RI9mb4^PK^+SEH8e4EktmjMn%B-&PJ>K_ zjht1IOEZ7d4u*qesE;Qw;=I?C)2yDMLWd~clHP`eLBq*u-#(YAhVQJWdb$9yReR0iqYefR}O=jNe4fxFx|@Fcr%gT)?a3TPvOc4D1`|JEuA13 zki&EYCtlD4na@qX%oYr`qFo8nv=hrxQFvAg+cvKh^g(Je&&WoC0YAFti?jrwm7|KO z7#L26LpflRk2%Z_s6j@O4uwi6(qpI}qD+EIbbY}b*VdbSKiv#`Vq2&6fCE%yO?~D= zPUf18eCCHw_RNL6dHMUgtup)&-^_U9v_QLpruSqf#`a(9zznsPX7l<_?nF=aaEad} zjb^K0orxE2{e2qXFYF+3OqJQIsYbnSclx7Um9^K{jkO$$@1&i>G|k~=L`xJ4CI9N1 z_vjNh(G|DAgVZKgU3Xp<_w?y_Bdlo6K9bN4AF`whPE^1kV@(+$t7a2l?xcPAg{&l= zYXk)ka(dk;-gSoq?iZB^V}0(eLPR{PUCv3;keW!np11fS;8g6(PXzCn0F3RM$pbQ# z{B97=Jt@JqiuU&kaiYCL?RIAEnJlKfTh@kW)R?1-?Ic?~x0S;3H?~&+{`>SYO6eKDr8L3rIXkCE!}8N@AyF znRx6HFH*)mSZ4C5Rm4SmbavpABQ{GT3J(r0Pj?g#b2>iU=Da19v7wVADdz_ZHjfSn&HDbF3r@I?J-Q6?g6w>s(Adr-=12Ydczas!dSv$JX@uRFm@C#^qylx{F z*Fl^opl-OMV`XN*0ZoHN@{Lmk2Fq}1zKtxb;#>vOc{!?!(^8Uq3R$QWjM6EL++*X+ zq0T90zmPReLad|`_cI*ScHwUYwX(94DR4v+i%Am1eE@KF zOdG0hmVV)8Z`w8hrgjdC4H?U19vEdqX^xjm-#EzKR*he2WnI@U0d1UXysD~Q9m=~6DtPh!EZu6j)CtiV?ZtET1h&svsdA@oXhq8tGZCW~@`Ua_!6aUdDB=kyaZeFR z?}cTr8%%3527HGndf4i}(vv={+doicuiN&neK_c;rqV|V|q0~ui49W`yg7sVEjKy zM0_VEf>N>SvKW0wCWJ8_$}PTG$r0m-Zf`}vEJHqU`F+rlUul2ehRc}zVEp^TJCscW z2MV}xI|X6;FN-^{VE9cAZ$0+FPy7GQkd>!L6u1pz`v<8BWJd}F00#nq0{Nv5)cV|HY$!&PPqw%2zvOogA z*y!wFF#UJ^WlpqIp;SRZ{49!YmXO?Wkzcv%Pwf2r^+@m4WW{XEZ`oyY8`DV_Kiy;z zVu|eMav|(K&bY(-`H=#I*+kzFoq@o{QH~Oa&FX- zu|U9NTjqZ%h;Dbv32uboKQRe!3FhMbf_$@6$1P-Yo6f_=;GXSdbK3;p__MniY`^{f z+Z9TIw^v?9AKRJSu-?{aobV+%1cmC#ith#OwoZg6!cORA*?pygu_!MRFmp@V>Q9{B zIJzPO8&Q2L?{7XB%Wq^eRQTImRG1J)6{#L6MHmcMlX}KL>->J!jAsrGhU|H>(baiX z>@b(ZY4>xpxx@Lg{j;4#aRTPl-U7LPuj~g zx~rnaQ?En;-Q4<-opO@h{VJLCl-V>w={!@fi>fax^=qmU$5;i>Sk*84m(L~bVT=`XX1W*gbR}#|FnSk;V%}nQzNCPELJ;B40 z1b>YecLd)mn&_ktZSWE^c8p~m&$Gujcuf$8ZVen_?S?Gpy0L#qs+5$Sw^pr=vPyIk zAkH?##F>`nsI))Z|@=s@9Zil6;vrO||Z`G`;Iq@nEvMd9?#OZd=K48~?-2Rl_GS>E+`e zS4q0kZ_aYRKCCL6P-pqX*Ao`o{k=PRa?y#Dhw((jnk4mlD`bi~sk9#T)MR__u3A%$4rV&Na zi@%F8I!}D>&8rr+D3cmEjfqJQHj(?xlqtr-H<{WiHUD5C7oIz#f0XWZM#G!NvAk!o zXdKt06!#U9tO$J8tDjk}_e&ywM#CC!jUarZ_gmXzrgW?vGQe6P!lJ4TEmx>w7yl-6 zWSikm&&A{|vI%uHo}yZKlFYiUVB|OdVK8aBrg=8b#QXBA7H{AvCr_b_b>AMoQ%u=M zQry&OeduPP%^?|8rVeDzaf@IJu#!8E;=EVz+JE#)4$cvwgJy=#6~Tv2ID;m+mpo(` zl@ii_8>A@>XH-rzK3kyC8FdDasHkRRwsZZ7uAQ#TNnr(C(rkV5bD8<}HPp3`(2!&< z9C))XKDI>i#9tX7AihspY8HCZD&vO@siQ*3hkJj~Z;kNb@FOy6Kk9bpY~ zqSm-7{P89;BB;40Db4e729{+)-7UP&@0PhqVs5M*T&tN3i zW|^K1p~G;a=2P^4!6YT3HHJS6PfYos5f5-P^vGIM9ogu=a>tz+VRN4-^e>tlcNm-? zq@$5FVnZuPGnOQAR>UW?t|PON$R9~r-UqGNYHM5{wHA3#*zvz6yh`-=dpYb#!H4BZ zuymaC)Y&OADVGeZf;x|H&X>8864J$-P*Eg#3u#~6Mw^Z2oKZtkjjOqpEpT-U|n@~fqRa)u<>sh(~mM5vBuO^4uo<5qc%}`mCS28m;a#$xeP{-W=+nmmi zj96Q0brT_8Xs|^9Fv{5z2^{pM80PGfV8c1PbrWrl=SRL+<{lbVFV3=ht_^<*?(wWE z4RN_SPv5>;9>NpcN_)F^dlV}qqPM`lPsBfKW-o9v<=T8d;u2||F}FKya+!Kp)Pd`o zKErcyqSadps$So~ToGdA{dIrN=l6RR{W&RbA`k9@msO-X8_>WbWWCjry9u`q;J=+3 zuK^FUdT;`jy5zotH5a=Qn5I z-!$UpsXscOEMrr?+;$lo93_3Y=4^1exilgssLl8Q*xAC!sJW#OaN%{fllL~SI~&+P zjuMaY`gQ8#UxsV%w}T_oO4lw0ZJy-GwLktq4gjO?LLe#!fI%?}LeMV-BH|QaANOm^ z>*H@81LJZOV3i`Rf-ggG4BhO}d}4ot z{Del?L(>iM@7j$QK|3KcK*H7|U8Tp3a3KGwN83`5SUhJ8+-}s-zvY zGXm*=XWM^sK(<`sxkS~XnX+_tF5O-0Xc=p%I9*w;c`LdZQ@2~yj`?z6nZTt$t1@{f{K@@|I(yJ}OWa*dCx4@i$=R=4*UH_mP`7;rWcKgE zf&K#onIKSnSDLlueb!jqKa)8h*v31{YuS#w%gY5PHK?-?0RT(OEGE}E>^KN7s5(u7 z%Dzug4+Q@+Yqh>jYC0|8cc|t{3LPI`-}7AFJ|61~gW1dcJpWcM$`P#s;?S?1aarE`dc8mH?g2B_$+XLu_1DYe8 z3>IYT&`B@faXBpuxD1cy#gNxV-Ki=~{n?^oAozyo+7XXD6OcA1>^B9FPDT4a5Vk0h)u4OOQ zl-&pXMWDpp&3N-?XcB0+y(m*Eq*tL&4*czsSYSEp!I?ymJ+g{<6nE%znqjyV7Pj#vY-!>Q%;2rd~D{wsn>)k8bSVg-#194|- z9L*&7pEw-#%Hy1p5Wk?TQ`19=y`dN2Y>d{`oMwx_Qz-MD7BTer@2i`)RA4=u z$*@cwyQ)-HvHV_CvxWMLkJc|I>*r0DccvI7YF$gzNPn9bcmC|Lg+(yUov}AP7Mf^4 z?&D=GQ| z$UrAcP8F>q`G@rKvV9r)1owF?d%!;{#^E+5?cvEHMBHiU8{hdKj1j0qzk@nxOpz!A zGV5H{OGdC2AB!S7?rNLEF3%CmB@-o@PG8*Hmh^n+X*22K(=1cJBYV~=h<28obr63( zR+YoQFDe3W+CG?EN7;HH4;fP{b?CRzp9UmcNc#xOL*&~4D$af*lgU^v&VGC4-b)5= z-BIfa{P7H7xEFdUHw`EM-T3RZL4vb9VzjKBN3K&KNy6mg8>v3N%h}1a{|!{)RgW<6 z`=c7!VIh#2^U;3x)zk zL|8X%?AEwutao{N3`_+Tj;s(b?f?S=W0^uNDr#k80p1WODoSfkZBwzb{%)S4bybtv zx|6}_ar$-eZTs+%GxZNY(W7VP>Za=>Oe7j(Q(al1t(~E+E2U6DpoG>!O zpq@V)&Z{UQy-g{qej;4Y2E4=IW>O&q8~=tFAvTp zTJpUwRvLqLBN-=1i8S9*H;;cXu#d5xytV`<>}>UKzMLdb4>}}fcEG9myzyq4WjB4T z&|&u%)E}W`l#IxoxE_+)0t`{5o^So^fDi_dVzK9$Dox0k>6k} zrw`9XoQ4(@*id54+Wl=+y&^mKD8SfoA&rFR+wtoaq3;adglIMjLb^$Kk6QM+)kqqo z*i!1=3Vo5$i3%t-Y~9R+HT)OyBAL_1&!PvG5Vef-oYFT@_zcD5#5l-BC8&iGRt)hW z4K@)XQzzgf9LLx`3%87?5$5{g?D#Qcjqhv)6o+tQl)TlWpp^}PRbNbw{Upl4NNC{! z3@v$3deDh@ls1xmN!I1MRuWKYk*mhaOnUri(uL_TOmW_zUAQRP?|k|Jp&oZ17_?~G z(qSTl)hB0bKE_SU)S^%)^r4Yrll^hQ_?{doiVDk$8U+eq3}SdNSWcFvfdu!gF6SX8 z)Z;HfQltn=Xo*&j^3j9&c4%h(LYfik;)H#YFcxERAgYL7F>zI1fYv3YRxQu>{tzZKeP0| z(qxH_C8RiVQ1bc?w*<4H-jxC=l-d`{~?_w3_ zu4iWWMp2-5uzgCoai0$Q^}Lp@stF6o+SjxKI=uZCn$2 zQz?V!Wiu!fd2RJuwcbqEh(VK$j*PD9u`ts{Rzub7dA>A|{aN;petUtZ$rRDx!MEIJ zc_h>sD1vo_4|qASr^^;uudzwR+Y~uSI44`V5DfghB{kY?0(qtf;F}%|tdiCf#Iibq zlut1#2mUI6(#Kgdk!van#FZ-gmEkaFUT*CK6&j7~b7!9koDS5Up!!0}Y^Q;N7tZ8YdwN)G;0Dij5nE}TA1g!g%i>ofG?Y8SW^@!+6!$tsNq4t^);Rp1tG(;Lr>6$ zI#oMm@TN+%2??~QMK!++>zJ3XQGuI9nt}G8o}U*%VpA4R+D))3c3`)chM<0EN7gU2 zre+ffvgjwyD70W190#E3g^w!iNZ*y|l06@@!-nLwnIOYBbxbk9i0q=jM5 z(ujy<@<{-nE3B8#$Q5|qqN2!xlXX_=tPFJ=y*%ICTN@}VxagqeKvya#E@}^_%Vjbv z$&n7s7dxa}s>Cd?=f0U#jy3)(UJ5S-D55EQuT+36%;~_UC0l|x0kZ-JRyq0vTw>^V zyfRG8^6}wlMov``lX+EE;2ifHqI~kfdd?S3T7K)4Z8o$tN!?MtsSv@Fdvvq@BTZmw z0%)<^f&w@e8#2FrivEWw>IX@EU1}B(8<)i)7%=*#2#&i0DK5q|@Cn(x`ERzr8Ur$= z^Tn?Dpyv}kzu`czN#s&(;KlH1`w5BL#up_(@L-7+ln60i&jQ`|$4}16QGWNqNtC8K zE~ZO~>EE||4>(PaphM-(nkUC?>;$=oN(LDgCLp<3Wy)=wgsYhsXq<07wxvg zU(a}V67EyFKkdw%u`nLCcxFif&))+m^`acVzXE7xVIBqO0l0c@Ua{UE(%!XHVuFo6 z0}+1L6Igl9z!sr*&KhPnbzp1GPhl5+XG(3&1K5;R$;cobCt$z<3!*GWBA6+E{#QH; z!C(26dB?c}r^WI_@h0taBP!*O+5TYRiw%HN|R)6CB<`a+({bT@4 zQ@5o*X4*0jUJcj)6~`{{dIDUqOK+?#h&J`9p8V)CV_1i$STnf3J;&d6(b$YlLr9WM zT5f$l?y6rLdxY-j&ciJBW7qo_Os#}F(#sqJ^xQ!{L7ZR<;=pT`_3m8#Mbq;HKub8M z;<}}lmtt7?D)U&tF9mD+Rt{~RbLvUGpbQs4N(0La<^>8CM384%+IrhqcH6${aN2F5 zAoRVy3N_i__RQUC0%({W{jgfA0+cR1BE}BTYB#$S^EwBw5KgcwaTDJC&<2%Gf*ep~ zJG<2hS-Jz z>_UiE&D6W@DuYwc%Rv_~fTM7j+_%e-wIhinq!W-Sy){A&gxGMpp6a6>Z}#h>o^M!I zN5*T@!a8Mv40{4@^PvUegMEHQIzxyUXT-9|Z-TS23=#qr#VF(#ftl0M9c1PQs>Z`K z{yI+8647FJX6ja^3EQ^QZ`_i1p4=N9Yv>2%f;ONIc=qRjVwD9RGyGi(g|r4;RG{1% z5>N?SoHk!R0X~QehfOU&N_U>Zbq*247AVMW(i!6gIopb_?;pD@5Xvo)114-vOhNtg zyfHovYDe6*+m>M0Gqd>~1IUm$bb-j*hC$i0d5}PEgVDX(WmA_aQh}iSWec*h(I23} zqFGZ!t1k}jF$=63z}V5Y4-L)90RC*ywgc3;<>I5~k$5kF$muA;y={b%HS!8g6mEVR=9baXMP6sKyVi=`U7q;I3a>E=wGbitM zqj-fMI2=>mLil~nCi2*&--X9<%~+xil6?0rqkCW+hCHRCZ$_GG7yGnTU*qU-fu&WG z4Ki@QV2~?B1t23LdP}9IOXxfB;gdqqM8Clq`w|pN{MuY!EhdR6y*6 zxU0YvfF$adRqcUsT6}{>dDbM0fZ+6bcs6!Z9~UXqhu;V#h8Qb#$^@Ra<|y%)lG#

44-BIrJN~vmO-ZZ&{vO^10kUU_L{7PY=bdU4 z=|=Xu)kKONNJ;>%4jAcgjGr~OsNa3S6djTZOA(x5o?s4{Ge*XV#vIo`_@)uR?Whk$ z##)TSB5@)~2-;%|cB7$5nA3OX2_PTL6ftM$aYCwNfpUc}%#d<_FhGY3+zRfMGbOlT z0g($+5jkb#F^Zoi4cb){(u1%fi@+UCLu@p_D5&sf&FXj3p8y->Q$^mkRCj_LU=_g( zJwf(FtbPkN1+ESWy3~-~8N682R=!-oRk0s#nt0A#GO z`i$`b4?Aph!$!|p>+M0nY%eB_)$G02zU*0~w4=bQ@6-Fz^(j7cjqEG4MY}Y$nk5gVFar`f0 zTWL8rxxPP>?7h8(#hNVt3LZtb*2PZE-p6J!!Ea@b#`zb$1#|BRJPvF)-jFFZ|%6(=p!++ z^^jc0Un+eMd!1=+vz=crdHk!M=3YZPk479Cn@p5oVV@4pvu{6Ay?!9L|fh zei_x*tAMwt&5zJtz1OMd5MugoU!|j>C^iauuASo+f^Dx3!%-+7w{xelI@T|u0$Dj3 zroMEyW`+|pKXn(6i_9cQdMiwTDgoY^uEzoW*fTjFpTlj0p54|_2miv|VrgPe*$dM( zVD{6<<#;G>sh9UHjhP?ENq@G(YQ-t)84>rmg7y?k?#rXd*J!V)?$?j__P}P7cn6VH z`)lwIr4L`n!_2~~J?G2P`|1k?pj6t|b@mX^fq{M_K)QcCs(a zwbRAs<@qUM@r-|c^ZWZ=BW`h|cBZv7D#q_bmo{5ZZ|C(d|7NDs2`;K|)FeWU*XQ;2 z7~gcqPta!({X`%9j>GrgqzE}COQqRjOc7b~XFu<5=h2asswXo)mM+WLQBbconUBlX zi)S?$1UawUPqiOs*CT?nt)IK`eW%$Yw(F11m$y*<6xQkT+V`ld^+Y1S%TA)EuqJ^F!8(%*0zh42G&h#m!9Rx5u1z` z_MW9prL4P&*05yUtqV6DN&ff!rwf}|8XUIciwZ4SNW}a!%p!s%-p`GulQbW$y$@>D zZZlz*rN3^P3vye&8?fw|j$&i@eG7}L&9;MgV_f&Qsz#UCfHv2spgyb=rL)ane$sH7A3~t*YASs1IakOL3X$b=;kdzV@o* z>T^zHwQ2vwCYlak-Ewo?sQlDEVz$>bbZTkcxc$P)m$hQK=xuv`R-5YLvNl*M%THSR z`0>trT+gHw*6|F!FAMPWe14{FjAVHfwe-3zum7sO{yr@6yLx|nMdXw7Y9xIn6{Up{+pR4cTI%1CbmU)Hv*zTEsxhuw?Xbqv znx!*HYn)saQ#H_1=dWr6W*ZkbEs*Yus4nUd_4Wy`*y`=*sJf`=av-_lf5n z#5W-@B{1n5;~V80$TiM0lxvu6oNbtGI$49g6n$2Cc6mnm!1#cDhWTLopnleQX1}~y zLtNu;@JlhDATyB?E~c5FgHH*SEGnK~P`AiFj3<*wB27C?g(*2(V5v~1N;;NsD)FpP zuuN2ypf1TOUS80w5WJU~UO<_kuTZR7q6;amPmWJiOk1LTlE5vFS(sk1S-?2^w~Xr? z*DStHeU)^b)Ju(*e4U0LA1g6dd?OhrIaV@O@{`z0&r8Wm%1fJ*n46HB#Mb%0=9bwS(AK{I9=U58 zj(Mrx3p8PkwiXpSIV>Xut|p0{Jl!H&g>-*bTC}ebCP>q|E_fvr!bB%hX$ca|CnA|- z6k%(!hAq}%0&trJawxRS6*P7}i6H~9PZ!9;KRe4r_OQQc!N-m64cCTU1j_re*mY&k19lROR-JccS)JDk?`^d8l(oSicBKb(9gEpS++c_?K#A5f;%=Z0HgjC( zAC59xLKV@TQP-UI8{L#IZ(1#0bO4YSiy37)nkPL1$+RZKnDTEDVFrm7otg0Jo`+2h zXF6tRbmvW$f_=NtRLGx8m(FANd@?<#PlHL1fI($FS?NxfCQG`Hro)|WYT8`LU|zZi zvu)XcGnsW}&4YdMXAE^n#7K-TZ+gw!G=9LGM~CS|I;gkoqN1*j0=@Cguth82scgZN zjL)#K*L?t^QZnPWF!DWyOmJ8s7jdriI)(%Nze&DvQc1H$eFQ?*K??CPlp^b7Obk_J zY4HeZ=@*~d`aT*XGiQiTB~Cqf@q+IIf{79~0kU-2`>Hxsj`Z-u1a^f`G*-H#iP8ZX zE#|*u?kY=O6>r7R7zEK2??1+GVeA3@|5r@~rR_Plm9)!Z45<6@$i+`g+Nkc*miV4=I>4#t6-Z znG%VjZvmU;cs(C8Uts2?l33yen)EA@R(4Er9l;ZU9NhZUeQs!IhO_&C&TT!T&c?J& zx@@n54QM)BwN1J7elYrUq&8(7vtgBdFg0F}9HW)x+-^Zn{KW6tGiTQ+X*zFt&K#(` zIovFq$52R&EbS;KoYD~8%R=_@2t~fQMFL@n2o(deoQS&$K-dN=>k=zZF&qwYEuL9q zYq+q;-kr%GQL2DhChI^0rJ+vaM6edfSAymdr(h-q3ytb&*Mz^Yq8Pxq4WpB`0u>mWy2cJ!~p zQXE0^vkx>GiX#b&!nLKP+6E-++ra!xQA|M!H(h`zUEC#;%XjGl$Hd|E@9v1 zqP6TelWJ$)@A`MdGIv*y;9JjeU-l@{!_EAs&IMg{;63>}J$g=+t*`uBuyXqP=cL7D zeZR67seS{{luO3)DG!jp|H>5TB37bfOii_h^uv-jtfCF9pNQ3>Pyz-Y_dmG|7wN!I z@ba`SieDhwG;BG<%(|-PipNZDT(oZOd52OR&}`ArqX^68HKdWJogTm z!f2*WRGr1N`p`Xy5+1dybm84)6>14ZVG~+)=~X+zt&iCQung%%Wq|kQ&+Ar+ty=}* zT^XoYAVMl=6$sc6S~rAjSYVN6=p=bbqp;6&ZDf=sQUCK$mFkJUq}kJ^?ED&^rJ z6zlTTdV=T;fmDVb@$`$FXoL0)%Cl<0ySp$kzu*Q1r(NZTj;qRkX_L6G_^FEWa2@SP zy|yh}=>=WoU2Tx+H1cW*=VBjbT`zL&3m&~z{EJ+Ph&@4C?B!9!%R{edQe5qoemRr>T$$LS& z5_w23c2AIFI;Y?8q^=&w*HGGxlpi7%Wz!Gh!o4M+HlUm|!e&@mD{g94<>eKPP={Q> zDrC=VNs$u-=^i!0RzSY|FoqOZFNAOVT+xG;BTG7G(J|pG^SQ4C4D?3#% z(=(3tX6qjGiKQW$BCup=V|=7nI`49v-}?3lJ=Di!{Hj)f-nN*9!pgeJ0Ki{(1F$(XJ}V5SBefbE6&I*7hcO%`?hISS-_?+S**rxw$MRQ_tlZvPi4! zp8eA*pbgJGynZh(IGU~dMxTN-!v<`HEb0nO46QCJq=df`dkaDuAn1}N*C))OE8^Lv zcG3k6DV4r}HnbCX#>@A`E9~H^g_wk&=L@*CYeY3Qx+IOh#xK8q0OxO5_09XM+<0qv z2h`}ZNTH`4r*%nqidD`%Fe^dPx;(Cv4C)f*ahxf#A zKilxaIa-f+9Dh!{fu7-_amjId4YWl|*NMR$Ahas`g!gQ&^LQ4(l!$s3qrf$Y6S;K; z+C#_)>0JK>?eC^VgD|HfF|m>%2v)gb=o5UxQ=2v!LP!o~97qT~Ybe>y2XLJUelEsC z?<8;4s3xfQ0_w{76FkogT>@M_>xBOxxZ6n5gol9}eC%s}U7e~NRZ`!cUl~ZN{E0kr z&D}-A29^?(-_;dDpt_zM-bgg~GJW>scHi?&?jHApv_ss)+fE)qK_^9Ptu{qO;)sPn z->**)jXqkXXMS3(@_tn_-G)*!~7IRAY<*b_g@X;F>7(BlE35 zqQw9UnSP(PQxoi2Zon5ha}1d!4$5z^?*5Bu!!C?Hu0)@gKi_$0@Po`(-V|~vf9dF| zH)a`RM8y>H;w>o>kc$u&O+lK|%3}N+?65OjAjMaHgV&;AK^1KS zxxS!~+pR*a>4ZzfpX4yqUwW3XjGEb6ci0UmY(55;Hl^nQ8B!5Zpn6&YBoiv z$J`Lgcw4Bc@@Iif*Q~npWSLEyRk!PE#-LiQEKjSt`HRD(9)F^tRU)H>6W3WKtzH(s zw&D)39M)sjrchy|HlaASERp6=?Oi>n3HnPx+xhErbnd=ZlN%X;;5`vEFL^|ffn{vw zUJ1{IkA}(IN6L z-7|79vmHr8%|s7mfDnW*lV+qS3*W$aB-7CkZu*Ej*Q8-xb7sV>JT%0+og-j@QXum| z*A3)D5sYfRNm|=4Y!ixbR-BZf`9(kmbs`tm{@JA<2>vjkPocnT*DSls*%vITF7X!% zr|2f9&@Qc7De=Z38ZIr$cPS0YQ`z;*66)nA=MjtJ2^wiq@XeH+UgTh!BN$rh!0^?r zKoII%vGR*AXhN$yL3QqsU;jH6HA8y7?dm!hzynD>EB>|!<}qNX2IPUFG^>12#6N@J z(nw7>r`*e0mtVSKIBQ1hir!gP;MJfBgOlkaUE!gee){zPtD5oqhd0@_@k}>JNPaqQ19xXUMJ-1U*7(%$cJ-?X03YM+Y$=D z03f~ARaPKbpj$`SK1B$YPJThQI!?E5){mJ!NLP6Mv@LzL!cP;Bu1G6H{S#oewL!g( zu^BL-CFo}o484f^s$xI*G^)qEfu$!5Un9-$)7CAGSv{9~$e|0UhpHoG*{u;181}+X z96?`T0!yGbnq<4yTY3-_j|vy{xiY*Vi*b&2_JaEninj5;j-9N3?|=JH1#Vm`QW*E$1%t(N7?--3P zWX39%Q}2UTBzVeVcq$ae!3vvUtrgM@Y*Z8v?bif*;t;SHI)A;tLUi24&u%)H?iA|HpUG3RwC{(fGE9NopC_BY>A;zO-=T-Tw};4{tWBHb4( z-KXcm8J8q0rH`KDH^dtG%7akq@U~!pcuS+mYXgK)19cc|h;)lOvGcK!GOTnZfT}<# zic$D<2`b~*3|a%j^{8nNlj-a=n5OGk;@O(g1R?y_{HH~OtHLYM8((DsPafLCEEKoK zl-Y=vLUr2H>EY6@o!@Ip(PZH~{nzP_?;ZO=!j)Zj!_AN%Cr{PMeZ%Qi zuHT&9X2t7qCE#BJvgg>t^;G2-UKs07S{jYI+v85#&rBz(&z{%K*V!@q&iBYj+syap z27k`hb8oKZ(*PjV=VSPjoAUWdh9IT2XXooU#)RL?Wb3I)Ty42$?gbOD)3N4x_FiDu z^V!q)+FE#eZJi;kkcdx1xjho#FUZ5;4|mLC5{Q)c5sr`2LXa@bNX)=Vf$1T-9gm*>*O2 zlD5tD34Y@?iqXUJzHwR6;P+X_|GmD`+Slq~alCrUeqHV7xQNK7>C$xe4EghUp~bDM z(PXNnqxQTNrS|<)=lhFuf%QN!5*klq zoPmB5jb;||{qFtja^fR%9=BBcWVP^58lsO)tZVg5{)hmf#C;5II#s9u^{2**3oRMvjsAiB z4_PcG(N22G;n!H78D|e0PK-k4SumeTjy83nRgq|K^P0)ZK`UHg-S^7u zb!wux3$EJdSO{`sFi{mRGak|>`q5kwY`HYLD?7XN9#&sV88@{?S}txPr{WfJ)A5hq z^>!f*rX25a(Ica$|5CP;}PSuX72`na!E3DP8*#)&<`4z&H^ za6>8kcyT@)aeDp1mySOK zUp&VCf}vQZ$;f2xf0=V1A_3BOp>5u~#Eag0+{{x_UgXN@L`mA7V9$81CCE|+9078>P z3a4~MHBHye53yAs>a@WGZy<(xnya4a2-R4ZAFyEEQOQ1M+<_AUu(zoE zNijHn3d9?AY^~r1znPcXeAvpy21{iwHhJn_f}6y&03jCCx2na2U^S{$sF#T;>rOpU zX4?U6$nPZ(^f6KH#L`C<7+^{wEkQL%nXq6W&45utFH6r^`&kNjQY9Dzvs*prE?s-o{7!{1GlXNN#!jBK=&%S?kJ2Fw=810*xo zfheFQxzl9{VUnO)AfgJ47RHknPc&o~SOGj$7lM|CB&n+OMhjEnAeuqZ|GLZ)m6l^1 z#P(IrSw2xbAog3B6cJ-p?VHi@Y> z#lf$2;@946*O(3{Y}X4@zd`v0y(0zJLc>O&1#Sn*0=2E^x?S4HgEM(wML(%USp^9= z56+9T0;@w;uOLOw2DAy?rgZ)>!Rad=QstnSQDOIBO`9-=>p#`zd${X?ilo~oK<2tU zh8W>n!VKkuqnBOteyKOkA9vrqg?2Sw%J%kp9|F*ScXs&vJZHRvei3iV8^LpSCrH1W z_L?6W+EkEQj+B-iBp|D=I?YWCHR?p;?bTK~EF#hXutiliy4qY`Twl;s%*hBLHdQV1 zO~;l&{a%wHGaqdqH_m!EZy%qvtHY^Im|ebvr%N3# zUA-Bd&jV&VE|)$XH7}2wd2Lq@e;#&T#CCoqnbqmOUMz;NuiI^NI6r12dC7Ty%;a3@ z&3-w00%qy6*>kzvi;ki`MsM1Bl(MMtw=;iE7J6p#@Wt#*YWR0`nt#2@<};tpKLx+` z8HKbernt_NpDnUTdYw5vdSn**I1^lziJNC4EF3(ddnQ`42+L%a6)pKjClWo<|4+Lk z@C6sH>Yq$5(EiGq!LtvU4?Y{4d#bR^RZ#6-`y^ zT2~cS;HGUuK_x7fgoVN)jVvK?MM;XKcR(R@2p?o6oK)OEP9Tk0`Wv#5&VW5-&&;50 z*-ion%rpfAZ2HX9g!yc+^Bj=oGuyV)cH{kld3mGUV$8|#&DT*Sr;>AVlg+jK5yw+c zizf9AI34c&czGKO6C&CsfC;I6T<*#6=1r?xb{tVGlIOiz?uuMqj$FTe=pBnJ>C~-x zi&2RTSKBVfJYCa&bL3Qfw2aXv<-cKV|7AEx!*bzLw|`>!bZ%X7$=W$t61oF5oBGgu zqvGDdLj2-}*^_as-QTXAWAqwwfuC&dzSXqs*zn7I;qlMWXr)-o^@+r2W+A&)rF(~G z%X!kZHi86mU3^lZ^Au)RWtnH%6}5_K71!C?)$+x1r>s|D)AGCb_N-(iV-o$bcO73I zagIz&QmB;ojd#U7h03wx!?I!1 zLc-yZXT>S&YW7Lp!1jHIcGgPOwpQ*1cn?dIM_(%UR{3M@lv*Sbl5}0|(OzYtbENE# z>YI$n0yUczG7f8r^2+Teex2@&+Hq&%L~TF-Uq{V|$hB_SRL!#7kOGuWq@L+Gzf zoqr%6))g8rl}@t4*ZI(=hc_qY@My@4j-=)D3b9&M+nE3}tOg=g2p&~3-44xder((6 z-^KsdRrR*2(F3^7%9ru9-6x5VNwbdEyn8W7WzfAZVDt&^F${<~o0P{tN-RU1E7>l< z=}&UNp>PRVJ^wL1BeOYBSsux&N~GM9{4t2Zjxtj+Oe<&vSD@0U${vms9a6H1q}(og zr0WAVSKzAL%^nRacEwX#Lo7{NSujV7fN?kA91T$5;%}Kt92?^6FozyWn&uEQRH~j@ zpQheUEOq6IIJvdBsy?1dF-xb%2VDfkXgA1wnxDxJ7rbjW*%8-Da01r?t%^4IHR^Jq zA+KQ$$We=d%ig-x>sJ20h4z*Dhrj7^M@;ocn=HAxX8;#hSvDsv*rNmG1|?HHgbgxOXMNl>mOHz)=nPPWD0e0zQ$)bOaxnA?` z*sFQDIB^uLtag@>E0U*Q_J-gWFE~!p9Z1`5;c{)h+^-RAW+lvf(Q8YLB$}?VR8`iX zs}&C&o-gkQbOzM#dr{KM;S?6N6SPk2)Z-^89-0m23nHT&(?II0gzR8gTIalLLXP%p^-6I6v%bQngJ_;3l*Ub^6 z|3A9UDL9m<&-Srx+qP}nC$??dHcxEZwrwXTww+Ao-tT2@&8_OUUAwERyLLaU^Og3BgM*SJN5Ou5b0aT*Ffu*Wtemzm!(dP zLEZi_I{2`!I6k+A^F-g~h#DS-H*o5IqD|whBUVFM9VjQw#4)RPxHDSo`gd+*JK(@< z(LO;=j58_AeXZd+;~d2>i@5c#ycl#Em1kucUDM1;S#gmpgqF-*Z>@{Vtg{1k5wvyS z`DGBVbIsWG--x2AA>Yh2zKo4$-Z&BV));NoY*Q1K8lK@s;GR{#ePKB*te(EtT8QuJ zxAeL4)dB^yCNO$cIPGi4;4$kJ6=L7ax{c0hZmjkDZurA)!jPZkZkDU%z*)nVBzEFE z{3gF8f0HC-ye+{(Gut?*1#f~c%BPq_4{@`{ z59}PFAfvSYcxc_*p!rtxASAFD&19YZ(CMQ4RE%}Y79BYo-Xsw~;4YG!!=kK4JxGiV z-lBVM7T{!z`&p1ke*m*>zn^XDbTI@6CfX!TrgGq}RR5yMEtB;;E9h?UZ3g87(?zSx znIxPV9F1fLRvdO6Ny+GeE!TWYcpmclz}7hBsH|{42&D*3cn@nOOyEf1uIpDcT)E@1 z>(mfvFK}c{ar9ij8S|r_IQ$$J8=w?G`yd0tr`+X*n@gAmX)^iEKnwOBfFoVL8NkP? zv{@-+#Gx7uGIkg_L!mt81s7-OI6D_Gn-S#M-%e65REnH6`VxS25|XX8jaE{*8DgI# zoG6=^T2yc7&t@a3!;1oC}M=JBt8I?tQrqsaxDJ zs<&J_9EO!fcNyAs$zkzUG#iW# zSjnA9o)hkxx4^fPxFt4nBxGq-YRlXZ2d1K3#)!m3ctk|e4%?X$c~WkG zIfVT;A@aBQs82KTBkYjA_)T0ez=#ZOXW`39OxJT96~kZY=>tPHjtAxp4xM{p7C^3B zh|P*^&ZN;ax&i9K^tAOA^G9)l$@!W`$YzBKr~ zl|z?s9}hcve7YA%Esj1GK4KRX9J9jBUjri$YVq`#fRF&tFY6Tc!qjr**55itSPgzw zqbO;%- z!w-;JVNCerXfa`l5wO$EWuq|9%OT)q6J{9<#LQ{@C@%&u6|D-cdLrICh3`;R)F5*p3v%Df!FbJy`hsd>x1oD`M_BPk#0 zoVOF>f>B0KsKV|3vs;!CFR{iFnH;lQCZs0GSwnC6IeEUYJKb}r5zrsfk($f&Iq3%< z;1Li70;da)t~jupgltyB%hlIlY>R=M56bnrBObQ6@sSIj$d&D}x^ePG;1NJHN?jH> zjaz0zh!6NYhwc<1$w8GNxPtjsoM?0v2DoJ0I(~DykbluhZMN&ROAW$-dIBhN#NgMs zOeNVqGi&t*hjVLmpO^FX3I@(oIGZ{Qa8L9iav0)7izEAEn4fse*Nd+{icXn4-Y{W{ zwGP#7ZfkA$k+>nToF2}*{QhYYi!s@%F39P=h@r9IS^o)O`D92zf@t+z{8w#|1M$_jR>T5r|nkMcC4< z%}{~IWZ-%07Hy^Y?&uOL4wAFYj$DHzI7Y<07YEhjDzf@y?BDf={u>e|2ZIq;N-PeH z&x@BmSq77E0?@`@yzE&??HRRI&>`OM2OUHP9!o9A31-JtXJ=l92J!-IXob{?#&>EKSC)gBaIOE$o22IW%kxB#@V=f~V%5WqQ=)z%&|2krfI%qFM zLamT7?8z!G)(8o!ik7~|d18JN}KR+0P9Q3!BC4JCg zuS){tHAneMIX9`i4zD12H4iBk<{&xk7pm3_6>ZiYY>sZ2TxnP|^OOW_kxE=s9HWon zvX0!vAz+pSLy5{-72f@)dKyP}<4w{;%cn^3iOdLxG*-4we*dV{ZwZM|UO!Uc^HTgB z%>}D0PUu*Fse?VA&3d8Q*g%NEkh|ESyiwkr8P`T?YPcEm2q)5A_Fk_4CU)IP+TaM# zf_uRJWlDDsi}dZ}l4|Vv*rn@e_<1ubH=5e%OT@yBM?XL4C_AH{@0vRxj$Yf}Lo>g$ zLuhIa-wKXzC|O>Po{%@_qdN|Ce=-^gi zl2`n_sChMtgUNh?F(UYoY%=t1v7iyag5r;Ds}a-OqB**VCFGT^afpgrc~cZfk*zTsB*q=gx8P` z&aW!-a<$Ua;^;fD2w$U+Q~Kmnc88Oo(-(qwTI~$m%Ivpb8h;L*a9eaI+s{$&Zzk82(7;}OY_CBBwFM{ve zb$5XAkAU$aN(aB~0OR}8su4S-C9Jj+ACKzcH{#TlyB|w{3wuGRrdO(_KH`FPlyFMj>K#V^a-ZOUK)-9&8>-S~%9U&79w8@wwW8H^rR4s)YEVGq$% zCLc&*u*bQG1!sVV&`fIEItsh<4r8?QuLC)A(2PZdP6>$b@4@1Pq#kQSyJHp|Iy2Evm_L&9bg^2P?~;=bq}?jD}Phe z^mokyO!H&bd_wGx{b@~6#BV=^Mt-O3{|SLJ?f-EZ9&Hw}7vg{c?*EbX{VFiLyK$zr z@e?YfBTh}wbMCqM3~nKvfA6}-f24%T|4`Bn;mQS8(u2j+YotK6xb2jpvlW;0jTb}b z$v+%Q|4iuN2A_ZDGV+!*Z>LhycLH7UV>b4lB*8fBE2W{LbbOqcH7R+|-pQEXHI2Rr zUv|rxE3FpSpm3h5H9Ir<>VL!f>j^X%b~h*^@$(<-mztMK@+j(0YN@(6L3n`x1ymyS z!~`}8f-aJJHIEfaCG;d+8&Ky(YZr-FVV)8U(1b9s7^tYZ5{=;!-l3$z0^3U7ut*hS z^@yibjM&v6UKR#7u-jm=pQl{M$<~+e$H(>Obq=?isahgQ2#Ms%lyxzp_2|^!4AeV< z+rwf-KkxzMbXk(iF>9#qldhz_Lzzz%Q@X%o=Yg6jQw42y)9WEG#s`wiLF?Ff?1iL{ zS=5ntNO!y#7vxV5IOy;b4uLtCA~S?WeZf&B{FyKW{1F;$3@d4O!bXWqe0(cmqr!Ai z=r;{RhbY8XjRi>r$75D)lG^~FAE-MVdcvIIsZ_|PpL&K}6$9O~g|X2@@)JL%&^Xj{ zYwGA2!mhye%A(##%}@k4+PB*di;yixkZkIIEwK!%+VXAw83E2TYl*X9gt^{ly&t22 zCV<$W)<`RpG)uh-eUyPeVt~D5d$PfA+AR=9y9g`A+GWBaEF03?AYICRsz!AtRp17? zm7e*>c97p;!QQEm9xYIBO^{tmSXcYRIP_Gk#fx39e}6D7E+D0wOf429W~a!fMjyJ< zWO$H{yXXz@!fpIlCH z&TtA#hktA)t|-nl5&ir>H%_}nyqWL1dRhW!d=IcGdO~)^JG@A_#3Od4KV3}^L4J6L z>>8(XU%3ui=dd(hEh8trR{IlAn0yFpQ8%I09Exe9&I=OhXzaHfv~})URTnLFtb8nu zxSAL

_dfWZeBw^YI{yIEz-@WGexlPny$3_`{U2XDt1F`xsG;d{ zYJ3%tI62tYN?O!Aa58Tv$S!c<&UESEJDN(URb%daSD)X|Tk-iH43tHL_gc}Pry|xa zAHw8o+%ouFXEfSAC$neDEs()}&JoW!U%frm+;0l`!Hc)+E;87NE2%Fto~r$0FT8^= z8#S-0eMLUuhiJmX%BSJS^yz0@w1>)D5WtqF5lM;{BC~VNJL%Sey~Kj`<~P!h}|5s4n2H$lAeJp!o?t~wxM}OPu{I#ARhN3ZrEQ*(qSi#ug8d8|*rUk#nDS6| z%f9hK4|})%ZvIoKJBy3+*bY`$rJOd=k!>I@CpX480je2dnL~qpL^JH^D>+gLbIGTQ z0&DfhiT=Yd$9e@D)+5m;-7nm)&aaQbiUpNvVQSmDc>yL!(T2?=1!HM_1SpA5kGxX0 zf$@(So0D0H8a3w$1Djs0;>jtjR`a?BiP=Ty?%6{T#1WTKfE*<{CJdLRreX3!a)VqF zDYzz{rECJ9UZruO7U?2Jeu^pQW&y%4F6S}y@{{Q5#UuEWAY~tDGiHiHUhB1&MPr3n zA;*NNyxG&KB|&vfkNo7}o!s2fBex~35nB#XWy3L#-*Vv%6xo_N3vPuHh)pHtp`r0& z_0^d^hF(4@-JMP=f$wZ$6u6cYx9bg>;`*Wkv##w;alYz;H-h}jYK6Zt`mfSKYxTy* zGl#`f3)_wK5qNBN$7M?00I$2z&*I~-BmZB#x# ziZZ5p-8dZm&h{ag49Hu3xIBBHx54Xsz&i*~5Bh{6LP#XSP*wh{c_Gbt0WuT-m{STM zS^CV@Ay*1;%XQe6d1&YQ@JoYyYw&i0%uW4>98fuPaNG7ko_i$Ofs6KNp8Gu7fxfT2 zFnuTX*ge7Gw-`MEcKe(>!qiP-f3m}8IFNbgVNde#-wg@C3>ZT7QAYG>=!Q+&aFQ56 zl^sw`_q3*lXqF7a=cc>-PZb5v*dxxXeqS$YpK7oG1TOA;NV*LhgR92|4Q>rI)K`X|o#FtT0qAW8fWRGg@ z2Xe{;X-yBK!cSxI%)<`n@Opx{?a^xn%GsYx$*TS5aI&qLK}c7B*zYtF6`V>3unc zmN#GF%OqdH+%D-PwxnC7Lq+Nc%1E?v?;6s~DMPBML{b&2BBY8tmAY-cPMt>We01Th zfm?aMB1OArOM$XP%qgU)wYH{>Ixx+`I!v`2zrvyeP8EzR3Q`#?>`vJ#t) zgYvLaG0))B{n>!~&~zuVZN6cuYfM<9ZTXhMeIzMV^%ldmno`o4_i{|~{qmi5zV_<; zd>PXO3baxC-CEJb(a7^z>ypNNmW28MYVA2&w8t=HhJgy;n2Gbi(@4sT`Fgea>{HDN zDlavHR^&n5sl3zz#k(ob#IiSO3caaoahWYm7PVPqc)!fa1MQ-)igIBasAg5DP<`Mj zgOI^NoPOSdK2w5zy0wgmvR(}eZ(0RqyRr%W;9Obwk*8`L4OOEVIM-F4YDM;)W3g25 z&O`gWL`_v-<@!`IVS5V8vA^mh;hH8kue1q)$5C{K=AE$(q@v#XKI#ig1yZT;_<7^C zxl5Pe?|hyEvW*z!Reni~D18{9^oephI}EW@kwhPD@%?pCmK}x@bp~!SHkVTp$rJ^8 zrS3@aZFwK_-PEN$b0AGD>x)5_r zjxLFe*B~+lNtDfsNPSFJh1~L{dcg=vtJtBNDZYN*o2xM@6hK+;Pbxaq;?Ht1!O=0U z#ZdNa>4GjPd+Ln-qnxBQi;gR$i4Ki$PcWAkyyZ&t#*mv0AK{=;3-Bu`jg1*dE zllbBee8x8q3MH-TNEIa{-Z2gl;X#7pG}R!vYg+TZ2wxvLeu5kKD|C5fM}W!-^?u@M zLYrhu8~_Y3;gEHZhWXXq8I8;kXqQClZ%BpwKI_(zT4MwmfjZh47m}m7T{|hhdZVwd zeu5b-ut^y~M~WDiRiwBg3`S=ngA$!%$gWb0V%M)>vJMo6A_ws!#EUV=?l2+-Ta18g zBM%?h^w$v%#?SOu`rOzmgU)Q(4fhQmn)Ibw92Bwz7-AjDEG8T}LUTk`>ZuR@y$mI> zf;Kt}kg#8bOV|=}M#VRvAT?Ss3UV=*NrePrtq7XP!&^?U#X_M8s|1bImjngL?ba=( zxFDg9ZqaA_`H{451nzGJ4a{=#w0DvRWqE-fcbj92g=YJ;J$q>mgMY}8)5Rjm zwyd=Fa`5Z3cW%SCvH8+ZVe!w;VH;EVKI_@}_4pCk#W&JXZCVOxbriV~V{Bquo<+@G zL^r2SaX4M%pQT z|AAS#bRPT?TH6w*9JMZ`+ZREPr%S|fklBRHnl@+%fAFYd(2$;{fGcb?Fosn^JOGw# z+>Ms}SOcV{)Zjs)pBFJZ5veMN!(%SII_1$H2K|Fl565MY6^@+nN~rO+6`M~sWJ8u| zG~*Z4#hb{pfzB4UXldBOyeHshJH%yLhapkR2D?JF=8^2SrQhhYQ&EAHrpgO=_z=Nu zt!!v2q@=4*C^D~+r5_d0gK)~pXGhEuhd*E#;vrMQV*Zlla*T+55Wa1frQe2-|1u({ z59W-(J&avhuP1WJ_`tz~lOi~aT7`_qwP&EKj5Eb(mIrb=oX+#O$`!lT@#ejV1w$Fe z=txojkd<(R1T(c;EnLwTbnMJx5Gl5iL#lzq$F*-HXavE>z=A$Fx*%~sDo^RdW;l)^4_IWpF_~{0MZ%l+2`6bOP_}qiOU=-)ov|( zU)E2j5Y!_B_iotl32+Lu9KxqpRThh^8m2#44z7a!*2OIFlq*mhuaXmK8B)}tQ8x*A z3Z@@1n>HaMw*y03xJMUC7%Ox#If}X{$|O(+5rz}1eE9@w+8cY~|2$fH-CKA1s`&G)TtOYT^QXi_(jMG$}-aON5 z5Y3f%g$CWyj$`}>rt>adx7{a!!|H55Eh|hG_5Elj9!YHivfeZ(*}+mb$l7*k9yUqV7_4zb`2Rh~QoU1lX6+gunv?q2_4l;2 z1lci$xemS7eUE5^A3^aTs9Vvk46A!wo~RTmlnjrIsRh zQxUGgl1@e{<08-WF>Xe{5zJ!Ob8R>;{ZU=|LwSzpTj<)Q!@2X9VGXw1RokN*5sK7i zn*8>KOm#CW;el?+6&oq<#I;VbS~+lA#6_f9-1{%o(!0ZuePfl2R-H|qW|UUkJ5RNx z4$(@q{$@G&Y1J$<;G>Q}Dai&ZOxV(Cvq0S2mg=dXP#kn>30|Jtt2d9o9564{JZC>s zoduX@>8ukJuh6MZpvmvvu30zGxy}GrQcs~e# z+})Zva!8+2eUsnq6DMw9bFj{0RT8f{fvN^gfVZ7KzG;EXZ$3TZb&}^mzP+V zJ9`wlFc^0k+Vx@Jwy-_ObMR~~3|hALRT`+DlF!)7B>da&H-;V( z2@Cr8H-5`!I=p|3*?%4OL{OFc^v2B9h0*RSR|mWVx;k(&3#!vPunD~I^bp7kQ7GHj zyZ3Oy+LLli5A}@T0{D|Ss|Ryn2K@6&OQ%^QX21g4d3l?};?KGb1My1k@b?=&2@8B> z+rv+K9Sp<`o;Tgod-|31bERL219|0i`g)Hahy_1+_HyH2S3$jy#0L9%_a9bSec|?Z zQ7$RZfxc;TdohP*LBA~`{QlIL={JGCx_N)MjINwc9v7E|ljt~_w&IrXZYbKM-rj{H zJP0#qbw12=CJJE4F^3YXr6{ap;esi28V90j@y#tN>zp>-LWV!&a7%SrDEJU-n?-63RP$y>KiPEV_v z(oRBG9ZuA2wnkv0CNVK4%i78Ir_oYLj@T*m+#>p8SYUU+sdn^ITFf|yC|Y5r;=A3z z&$^uR6dB{pzi*MsXIjk?hT`=tI=f1{{twQwnpr=TlKRxFRlsPxJyNVBXGR4@i02x|5XTMh1GJre^MqMHrYq47cloP$e#L(` zlJ`b|-SGD~Odp<@KcFR#@>hTz1)obNqjH;sUazy4gDoD2Kkb;?7InE#BeCO}-+*x8 zuTcm+2`}%t-19DuR7!}k3qzQ#o<^e%`J;rV!d>KYo!LJEM?Nywg}rqL4w($h2cK3! zUrKdx2!HSx{ere->*5s8T}x+b;vVc6D}SGv{FI*H+0N_LZc6M8c-@k@1Z+<^dZZoq zbG3IN(syy%&!mF&jh+Z(0%^_fLVps@rf$sx>_fd+l%Tipjhy@7 z(mM!OT9w%qFL~inU6)SlSnvEW!yDnfu63Q?pbq2=6~v)@1D=ob{RpwvEFH`8^!=_wf8aC; z(7O}-PgMDeA`rF9v}L1?&vDOEue8hRKR~hFB6?u*FIS(r(IJ;2#F_Ui9XYo^G@rGi zq7EeR#MGXd`F^%4J3GI#W4~ggPt_b(hlOpU1zv_3E|_Qb{#1glZi)RH-cNkzF;=tt z8?dwu4qWdvhSLw*Fsoj55RKj}z>xm$`RN}p2?~@A?Yq#kuuUs6Dfg9O0^MLS9hY}@ zozNA3Q*)1!RP6b-maJkwV6rcsrZ=r#ge&W5@pq>tUqmgTP37HoEk5`wZyVufbdb8J z=4m2a;&JJ@#EsC6Vl3%Q?RWHZiHSB}^87FXn1i zJ&F6|pVqO;mZ!Dw1f{Kd3(YZUlXk8BOKBAb9c+Z}Is>#_K^)gnSr zUMJv|oA`C*V8#_5IzPIZ*vB^Us|6{}KQ~P>KfY0Fb6dLwN6pjh=A6|(TnHa=E^hqyZ->9@nJK~!~PxQYl z^m(wB-E&N5xuTn8N2T+I8^@5eN#Bf3YSn%slSO_IHZ3dozsonmn|V(k%`)$u^D9utbXXNu*O+5uB3tr|eD``#Er;OGs?_H^qy~tNu)w}s7 z3vnS!*#tgnlSQSR*XCd0sjxa9)XlyMlc6KkOYeZRNq<)i;#TzXk2Y{he_Gj_Yg)cL znq;1(AGycTE!JOunaIBhmK+ru85DJt92Y>3aFAwH)&(@E^AJ~cDv72*H40B?TCK8t zDIGUAQv>}BO;bQYS(TL{3fe$X^9v$W8bQPQWOySHiGUFTXVG(Tv_OQy<&{|q4eW9s z;6jV{(g=Fa_LCg1o#`y*Bm)dGe}nW^3Npnh^|r`?+yUu%J@vM#4~4Gs)19dykBr%Z z^y=FTD0O9bC3gxl-sB$Ukj{Y|iY*kn4;@sxLD6!mVR9!A*~kf$0}EKSCYWI-!82w# zUu?HUB1-02N}rUf(Ob;>b#CXZOq(BymWQC{kiUemu-~B;s5N*_xn*cFxm6woa#S2? zxD+^7AN`#KcjL<@55$$yQ>8szJ6|RWD;CneA1f6-F5V(0s}%=H-A^&hjp_Xd*B9_e zS~y`P5R>oTBRjf?XkOo&tGc${ZD@2g4zv&7m$m{{Z@DqugD3d3IP)9QqXgS*PZyRa zxtY(~5nZmt`07FQ%VDp)6hDJD0)32T58bkl zvcutGZ|z3O+KnkP@01P6*>qpzlYS?qitfasd5Is{ZcI$Zvszi2YKi3a(Oi>MW7sKs z%T!saG?P;dipx{j&Sbj!E^3U*Opb@Vd?}g*vS^DO)yb3)*+ttlQsr6^%%{bo zvyn6L<5`-txZ{>*(U6)}DbcfJ!QE>hx(u1j>nAS|9{H4qfSoctid2oSKc;hkt$nlV9Z7y!86!TIsw<*{C>O8@?b$_NB9h;5~fhCI1}p z@~{R_o3^+z5kpiw-7j z9}>GCvsIFalwe$!my)2YPhz@<mhe3%4k9a=ai;PocyQ0AP+W1 zfJrp?+ea*DEbNvYs>=awR>u6S`Xb>5AN5m_KCPz2fX7mKO6T3{y*jAoHMAqSR?>|E?fYB|Ngc8 zuSo(IXA5hm|C_$jgtkW+&Dfc*YT~74ow7s=c89yX#|SP$>=craXlsTKc9#&M9uf{+ zwsa+-)w-f%rY1BTB}C(+CK=&qN5RC#o+0b$C_3019j>|OyyJ8Tzp)Oy8u}fboF;uf zqG~Ua*yeOl^4;2HZZsq;mr5zOJkIU?`TnW>QGcmwaeiUrz>)q7A-d_-a^hy^%#pq8 z#DTNkp2?LwcMzdX$Cn^q>~dmHl_XMuBwza2buD*xoLoa`&XJT*@LwZSem{y`ut5q*F=2D`^lIn zM`}R2%iVyAIXlM*7SD&aR77c-9Dq_OOew>ishDu0=(H_DMhW!OvcZ`nVMTS-osBa= z&4sSi#Oc_Vg8>cP2-&io)y%e0Wx1&;bg^9KJCpQbnrV2msm8n0`Y5~vN( z8dSDW^48dpqPhX|2|}FKoYLM%QWmzd(gTFBfN-hZfVDPSNtI3`d4|f!x0AUX*BU49jrP(Q5`7=){ zW~DkcgYw9%cD2+3MT`m@c^q7&LzbXCnR`lE*;ETlA#jSrikd;H6L+FgBP%*v*}Lxf zo|zqU61=ETw-?vvtE@lzk7Au0ZeqlZH#s_ASKM60DIqTsO{MHuwl`5?x8^`ZiE^W1 zOG9nf1%JUgmJXA%mHlm(CGu6wHK&R}RUUitp0!F=?8;=Rzk?iogsZi=-Q0-^(@m<1 zkdZq&+MeIh6!9sLLJ{EMOG}QI7Pdk#HK4a5t5UH5#Y@Y%*IQEAynMTPZy?N)Dh3%} z)J~1M2H)NAMo#o;Ox=U%%e4ua3_YJ?McX?42yc>>-vXL~*) zjA=B;rE%^dnDYkNjuY;VhwAI#2F1eqa+oJAsSGF4(4;A~w^N{#fp=9=245qn=)1z7K=C5_F_m<_2x==`qaD-{fApzM0@{Jdcy$k+ z8^8{93~P>k(*MbG&NQkPbWTX(r&PT)^d)F0q2E2RtVCq80`i! zMjwbR7q@5KW;MT8l5MEAKr{~&U6yrcw4%EMbgGx;X@#RV-mWw~ilFTsBF#0N6IufS z>FdVgkQQtMqX#lTj)5>oo2I*{Por&|qWPPH(L^p{Wf&2V3jEE=3!^19z=#BatmhBG zhnzT+3Tud{Kq~gh5kcx_Z|*@AKWvZwz{8E^@m}O3c*f4WZ69hnXM%e zgpftZ|8=lPo&d3>30#?@Qs%qDKZ9f6>T?-POO~;}WrgLCD_^zGMO9?T%7lhd0t(Xb zlBOmq;@VT-vK`T$Vgz`P)t?q+-z-Ts(9JiVAHU|@VU?S(R`0e6wL&0<4GFX|79 z@2!T!Nk}{$)d}dih#;fe>7tFblz(tO4M3fKz?OYCkOrj!ByNS(hA!|pkBv0DV#dH{ z%*QswM@+wOKRcYVB#pJK@`FMIXwo!GIW4EA1yINy_So-R1g6TKo3pi-``WdagZ7hR z>3r1M??|;FSRd9im?Hyb6{u(Zhq0vPKy~8a*@efi7)XLf7{GTRjYKHFc1R*4PXb&W zW{PtJi7%T9G2f-YA)wGVtjGEz&LjDLiil?1j|&FXA@VODo(ma7jF^ESBxkxUhBs=k z>J*LFS3Z~gh7-;TrU{S)G!cbIQYvZ;+i`)356(1CQvjG%0lDr3(T&-B6XKt@qxLNh zy8`o^D#3avWYC7CKx=0TzH{&=9NR?TZXyl#bR&&5qg@^vvV9a})O6Muo1*cwJ98hD zq6T5A8D%`5d}57x$Qfu$Ia^*OB~Fy~*ksq4I-=G;S(puNV63g`qFL|@Nj?FofqxuU zlm(OQot|?`czpIv(aC7wy`gwGs75Du+br5g^nP!8kf^`OZOW%L`M@^jho z7QoYuD8vEF(o-%pI^s6XgA>I?hZq8|{g+IhNd&xLP=iqtwUiVEv)2OJfIIJv*Lz-Y6}5x<6Hs3OX6Mk* zWvz?a-}O$VkWi1vY@uzfal!krt!nt2W`ej85K-ivuh^v`k)m5{wW{7!!!u7XGaRu{Fv zEL;Xzr>2HC$T>Yk^JwTE1<^Nv!wrP8`iJ3C0^-`5+$zC+(7Nf?bV~z=7<>^O=8f^( z48n!Jm3?%Gfalwu<`y=Nvs+jo&t|mOIvNHO$QmY8B7jTaF8Grut1BlYA3$p^CSJij zte2(*ubO7uvNs$LHPoICzB?s=E|&8uxF%riD}?lC0wz$;W&RnGi!R) z>j|hZ>*tE@M-60;G9LtPam+o!@%}uYRmwI1<_{XskMeaa9)h;j0iknxtGh;mhFv7g z^ksLTWh*Z6MmS%4EjjJ=_+9;l2y@IV)6a=?of zE`UrpfsC4vjiTx#wxu8z!pLht@EjgFf%!gBh42O-?2x#yvfRHQ>X%6baA`tg?`<}& za{@vBX8;@=^%28^s-s)r_2;pNMP3Nh*C2R?a|mZ`QYNSi0q#;H0k;Z5paqFYg8~rA z7>o))kFbIr-Xu?HMz~E`I}S(%D@^62-B*s z@qhX#!HS`FQ7T^Odno4!8x5iGQH=z7fUI(B{&3T9ZA_12mdT!$-;a@!JP?amr^{0SUZ&VK}+6B;|7sMD+BB!SeyU)@`lvm z*4r~1nzzOB4BO>_=031|Li`9*Hw^p?VF8puaVL;y-5_+KC2`zy-eaKzRui}C7QjK= z*jv|7_GZRA@2)gp9w45GHjZ)|+~kCArGc*$qCQO+Pn6J)W-vf`ivaJbP@V?>O0^y! z(Ee`$>8ZGI=^2$euV4RrO5 zJgVb--Q8kO_B0d0nIM8f6b<8)FihC40t2i&aKu7rxxq)YF`{K3M4LuSPWsdBYH8=3 zuaqz*tvBF}OcJWGvUI@ow{X}-~444zgRXrDgMH;$-c?5SJ94H z(-i!PJe3u7{)5=v9^O+PPS$eGDcVzzE-cElPlPWP`8rSJDXmDu73IBYxX5kbyzX!w zP+vKw-pwX^H4?eB5R^^UCT82eaZMex^H9{2Nrj9{ z)M@rEd2k}%z>Cjp5$=y|-1IK2QC4-)*NX3ssgW7RPbK+&M$77s;RSX6CvG`U zl?fkwExl|``{Cr(b`&<%b@-R@_blF}Ue_;mXNmt7KL5n&2BfE6@#84tqg3t$|Dp@w zv~!r^XDg%RXYD1a_L^V&>l6R`bzk8n4U6vk)@rxc-NM0su(rjU_kCX+R{gK<_Ng!P z+gvMO+uPxZZPs_*%CRh({Cl* zM^20JM`uyjLl(HJ?)Hzv)nsqm*Cn|_j7R>)&lY}e`MKX^uCU%C|JOc?E%eE4@3-^L z*m%;!B0RqVkE7wF9a|3zf6Hg9r}_={%a+UiA^hvS^vz$}J+?2sN%rfHOD}rgmo&Fe zHt)y0T0`gQ7UC~@^`5Wi$xC$k=b!LxmG`h0zt@}(c=H(GleC(S_ka7Ha8@tZ-mP!q zwSRs0p|djLzMbEFj>o0H;Cq=LOcy?8g5OZ-dw^eJ zkn3MIK7`!2Y+9W)4yML!c>J+EIdjaCzpzX=)aunXUlj7K zFR@LPYQNN59mT0B=@{wI*9jV*&h+D*FW0bGP|O)0dD1?RAgeJRbt-SF7i5LB)((0=DE8ZfojLoa}?3h3Gc(wxb9SR{M`BZ6M+NV%Ky*L;r;tz_wDXp;^$y* zUfR!-hu7)o-m1TWd-UyOCj0fFRgbghF(Itg&29~U{bOO5fBw-f&DY2I!Ot#BvgXR$ zeg9=g;+HjTtDo}l5~ut9@7hoAZs%qa4_E37@SHS75%5fDwAqjR^3#l}UCb7^HNxsh zNIUuBprc*4CTw#S)*jL}T)7RAZt|#Ya0`Te+$Xd%q%-A%$BmnPdb@vnJZGC#jmFWVQ;O zs)Q419EpUk#a|Y^ip2OP8Kh!WrI;lOn|Rwqp#?UJ&L-gv%B#eVV!m?a4eH@yp9Ozs z0VxUMg|_4rCMDet;dkycx$6t<=*{6~hb(>B}V1~6h2j;L!FMme#;Xeh6Ea_oXVMp`8 zL^<-s5QB)3DB$r&dk$=>t}zm)GYD3BSP`Q$$1fYfnsrFhfk7!vGBy~5VGN;*g?$w% z$uyYYL(E~B<%4?Po>M7nf)bJGjC_n!5pv@}i*qd1fk*h^K^Ed<#v0iXq!pqnq}VD( zL4PTtKS-+YPC*@JcmD{0s32d+7d3soK{6!Y&2>0(!b!oHpNWv6%$!j#?A?WXk))_8 z(`~4NO(RK#_Zlqpb+}ShWkTFYwGO8JC2;FwTZ58SCUB%h4%*8C^$jJ#Dw0`IRi=RN z?Aa7W$FG!eUH-sfrQG3{1@svWu68 zDsWVl2LVRPm$wAG@0b#SmuXFvV6WB!`^C$RApKs!E&R&HP;DJ1BvEpTkWT| zVmTluxTJ?Ay?Lbz62_HDETA`!=e+J-i!SjFt)tc!+-b8>$QDOdypgp`9?7U8hl7?0 ztl^@_sL;JgoubXcA$=nEyrqTEY3Dg*J#oZ;$ zUMnKtUJ#*t#xEC~NqC{0D@_YHLri$hE^(bPP{g|*%E`(tV+jl}pu_=MV5E((B)nyL ztn2g~QT)Xw#+hR4E;Ow{!wW+uh2;0j+}Z^!8fY} zCafZ-k#MKJU~a+6=rIn!7w(~H*Qx8+2?_&}Lmi9s(}NQ9_|L}ZMdGNY%AFWC@drv84hncV;aH5(Hmb8p5k zhy?24HdDID?<=G7W8ELnrFgc2z|2@HJ)@QPuOi{u%Cf?~Mvkq9?8JQ(s2t`=H*X(x$c{4cfrVPgISn!~6&QLBxli>jj)mR+jSGUn=dy{kDpS(`gq zgI}N#OJu8#EX6Kv1&gf+w?ID71|GU9kx3X?2vx5H54&PtT&<8~EGLpFDFNhIn-WG+ z*^G0W0T+wG78$2UQ%Kw~1u{$Odf*jl~(}y(Z zycI~7B)WwF@lJnSuV3FrFfD*4t!uIYJ`(`lW;s%pIYv86m2PlOC()nMuN?F*TZ}mf zR=Y1fj5*=~yZvE3y93p`ZlgJH)ij`SKJ+;Vo2EkI%D-Q}%kg4V&APwog7ZCwl*&Z4 z8>ayS^E65UJZ4(^1Nug82siZ7=S(mr>A#SyJ|SMwk0bt-UFc>Qtc*P{q?$;NbkwN2 z=X-X#+6$prE%+C@V09!T0Xs(Yxzd>x8nZUFf&;1<2x2!olYHmw9;53AFk-!bjxgeVf{_r5e4x%m0w=+ptjAoo1c0fPNO`)hjFb%Chk2Ma*swRc_{rX#wc~vsa zL0X$Ug@s}C9mz+Q4WzJ=Wz?=CIN|FBHvjqxRmq|55p#k{FVl+^cb#KY^K;ST&8x{f zD$$kru>W3{LPWAVdmcJiRPaD|Od-H;FP^smCft+uX>O`N67r4P?5k+P4&>o#LL_{`vM7D-ZoFvQvx}3omRcM=DVldqr^0yqT72G_0Sp?=j zSEtO((6ols35(z!sIim|T)YTe&AyN}dmmm+fln)PYJUZ`aNlve3 zy6X1FlxN5+EYF_r#x}>KN6nviWBcW!*9$DoOTOZ(nWdBEgbf}=W?Pxstd#hVd zefx!cwz)DVFUD0NABJi24_6wO#U4A~uR|V?}20Q(L1I38^J&)!0#fotHn7+@pl%0ITfF+-? z(9A8xfRAJTyJmb|cAd3*qr14O+rtF=R>s{V1pJ=bm&up3ZB^R4fgpK@uai_##aBhd zo(wwDB>e-MZ-CrY(5cPsrn}2M63@rkta_hUfyecR;p^@vGpf&v)Xczchy(w}Y7J#P z;nj85?eeW+C!xX1qeCC}Rm+hd=8HyN?|a1P-d@k5(`mxoc5CA|pyrQDVaV>YOVvZ> zS5S&zE+A$$+hHs3J+(U^tKxKty`k=Ar{3Z5NN}UE{L_-(;oAQzYRAQ&?KK3_`;#N* zDd21q{w}We^0v45n zay_kTR`HkDMVVqo=>*iwD?^V$jrVT4e%dGC{pG5s8L3=&&0)=_dEKFLb}7&Gvb*{b zqUXmvHy@Zyeyz~PI(iqjR0u)GWwY&OgRW;&uZLN|vW8gxR&RZ-c26)EV+eG-SEm(u}tbHGpZDrI$6E$r-*$6LS+{0%4vz>*z&zh(M`Wz zN6MAmk?;(P*R13E!*E?a5$Ucq@+DFG8=Px;0g=BQT6~uflnKQdH0!OyxcNJ|fWO#L>m0q>O3HOcX!z&xLjriqI^xIP6iyU)D0ybBxv>Vy`v zXMWy0v#Z)Z{5iHvg{QgAJ^c0ctzp52z?*EYm+J}Kv^(Fw!uH4KqIGNZov(Vem&-w6 z3Cs5SpBv{OTb-A>tz3J<)0MjJyoT$ZdwF99IU8Pfr4B<;0R)i=dDx#JbIo2_p4MYG z`CkvmWfzDyHwL@)jgMDjZGww$+flEabegojZa`z-QId*5mn*AQ&ZpwG~Eg*P;e5x%`%dFFAe(iu>lfudnKDW>XDg zXX88S&nq79e(4{TggoxP4peM81o>D#uGP<;JZOiEp(2HIZEW2eBBX}Z^vhG|bqyU# z^lGy?&ktcTrFAOytyz9ImmALf+qP(ryR!6tg-Q;MUUlYZI5iJ?h3iEdr=uc0x9YN> zJ<|`RgT9763$@-7JsJ+0F!YRu50~;yyX7mek8HNBFtE=Q`Ji4c_4^l$%aiJ)>-lx; zG6tqbVG?9j%D=MkgN-Vh3*DVvJZe>-=T>kG3O$SJv;Z*b#g|^C7Lpb6MhEKICpxKf z7+EsE-by?yYW3*to^Vn{-28{;l`@_xep|-L6mCp1F3X&BG-@sq?6;)6Yjha^==PKj z>)~?Oe*H^Z@ct1wn66HD@O;)OHW$tf0|`{Qn$hV}e&YC$)de1ePC%+^g&LE0iQ5#( zbG)iMPvn|T__r$tkk-^Iv=?$Y7ctx(pc7=7)R8yXyto77=Q^*e8>kV{Au5 zTs^A+TINtqL9cb%lL?!dZv`SHFtK#f(%+KjXo?bNn=2&JB6LZR-O0Pw%{{#xBBdAN zGA;3qxKm~pRdvTRt!JF?jlXMVFhrR4CX!CmcAYo_ zfe{Z^s=)Ft;XV~wdRp5`MW0P-oEB|tZ{QS#;1V~=i+BkUOe}2*b!uA1k^Pgwc!uJ1 zm&JNfN#JHBqe?QpC+>mY+NR?X`5+ld>ft@ z)3ooz4qUOf)pFniA%HMx-bt!6!SQC~ciLvg%Q#|*25XM5(U0(>)CXVTC}~FC9w+#H zP$xn)b~m5(8&rOA_GF{3Wj2h-2SP0~^{v~pP5tQs7BA7@y#NvJF%kxX#u;TzUDvWl zS$ScPjBLw>YO6Aj9@YYY;c3`<#Zg%C>(*l6ShjOs$!aS~!OR^Ddsq1Yw!3aC6NcrZ zRsc&`Yn32gm6VQi+yK=10M8OjqoKVH*@H5%R}nJTOXy zpYHBw-rMOb-`QlnJK3E~2o#-eB@u@o@5W(g&yT%I4<>D$H_|m)9pnqTqCUgbP3L#p zNm}ZyAuGRO@}D($^Yne(xFVxlH2pgKU=2)nx3ZL?2)Ph4T9hl0jtnL)Yw7Mb(zKkI zAbgUcd-UkrI6fnO)5vEd4Z{NUo@_*2A#Oh-spF;F>Dr9!p~9FaG8WDwK=MamKm640 z|C=S^FUwikW35}+yo_^jbjEGyTG$$!gJ%<15^J{0ZFbsilQv@P7T3y|xHe_DgSm*O zK|?OZqj@jB8D_#}6Av5?whTK_SPr&QYsE^OWmKE85pdEExEeEeU~$|4JjY2MW*s+k zFgi(1(jxzWO^F?uWKF;x=&@vsoI7(-pL?;}o(_|>DrU(Uz;3Z#_}Rv4&&~_js1oFaGi+aw8&BmA7BRTmOt78I5p_(-WofP#)HDGvEhax~ z5|=?w04tDL|1y%K2SjNru={_%#^Y0e~CF!&XAK)f9RNYyft(RzKG0l!Wnim1(Tc+$%;Jk zl07t0wa@vW$?>6S5z|g?LWdJGO5R6qYlypcz!O8HCzCa3Z0!!=%$soyl`U9{V}JW8 zZ3&Z=Kk%Jc>!kXiTbN^K!$v{t+{FYv{q8<-2Uc1N$R_K9P3aQydc-jH0BYAo#0HO+ zJQdSlr+?><-1x(_e1qQ{a|_$;feQTj%@@SK zg(j$p-GjRnKoNQr>$rvADs7q7bCc{Od)?HF#R_Q|f0g93&g~&2w4gg}7HPu30v7Wc zxKl9dA(h8>Z2hG%@j4g@M%N{8ThFmMdV|wOPFNLK=P(duW-!TT%t8 zkIz9x()EYLhvlz{gqbTdIx4kU7Vm9n!7rF(`zOM!E(KNLV-n*}y$k)T$nq)Pc zHy(W%Ce3p!kIjD6<{#uE=Jr1zkqG!CR+k;`3w21MSHUaL4As1 zzD+@8bdd)@g+dB>D)z;J%}-<}g``FD1;VF9PH)L=k)bjVz9^pE6reqb8v7`Vjn+G2 zX>5@s4_pm-_TYb!3l{B`8zfnXCJTZHBNF@E-PFaDE0Bwp=p6vPS`EldCMD2Fc4EXM z`m1#qGj7+X6Jwhs?Es{*;!!3N-Wdc=yReX{EjJf+JGy9T$sA+?j+{$*65aw9OQ3w_%vyc1R-HhyQW0 z_$^Dysc@pMsr+9&Ifj>kSI9Fdk^%q3l=PSic_crghBn+n!)oD1QJo9b#|frG#1r{Y zDL>~*#cx?JtY-xcx<^r;ar_&pB7vfoybA&swBYw1pa|$JeOj5GsP{hv)BHIrTqv(x z;Ijt%3UkI2`N3TXCv15#xUUW0nK|QhpEj{0uE^ZBQOxD=K=}xi@3ViW+X+{WBO4eW zB7-`QlkM^Qi<#9W^Me#fN%Dxpnh?l=)q=8EarW9E-kXR5l!pI6F=cr`vGzdLm*QP} zGcc)x@49UFLM+|7#2K@E`c7;aspHp&6 zxe)bWmJsN9M+~|kyx6ne%!evmv2v}83bc8VBz=J)0`!UF1c|(`ffPaaA$@=Zx+(e@ z!GIE)K&QvyV79Piai|bMu*bt=;Xsc&Yi46o^oMCDmp%XBs~y!=I1!RBqn8?lEsF{c zLL@_lG?=$SF&wtkN3RX;?YGPi+2{edcL(}9VSX+<-!#$7aleu?v@b$8vlPlbaviPt zDcO7}*+3}^9Gmw;$CT$O7e_@`GsMsQG0^F*$Ug0eRn!iYC+Vy~M)7gK`wKxOZtC|v zlF^yf@%s0P*ZPA(U=YkH$pzti6$d*aKCZYcD`;Us(C^Wo_r)tA6It`YC>{s9Efj`1 zwNPu#<;?)utvONa5Z-fC>nfEneZwwawVk7gvi=Z7dEpRvkxh?n<2`tKb zwadOwT2D$6$6QV;PZ)-M%nAK9B^_1H`DY4Iaaa)8kFGikJmwiZ__v`1n9b#0++y65 z1hrvtRQU>*Hszl`1#7AkV0cjN80vkd&^5S^=%dA+r@NMfsXYhDOQY zkB~5~v~snMbj~!#lfP{#$XFrJPzZzc^oR?TDlM9l3Z|yCzMg0$qYHDSA^EvypY(yG z6XiRuKJIMIWS+~Kxnjf?_ejl>vfPa(SJ7{Qcom)+fK`5LYqo&++WYh&@c17N0iQqY_ME!;zLHmkGyb)Log~icK4=fM;#@pgSOul$jZvL4 zbe7avROb1iuX3vh6<#rjl^sY?_S3Uwpp}%aefW2E+|In$S zCopQy`4-jyPa;-OB}WmiTw9DwClAVpoHkg;=(Mn5{bU!4sw6zUFoGjf8Z$U8yHA@h0Mp{SeLg3+l0$u5avfc@i=vF2I;2VEi zkA*y<3y^vCLT|ASgasEQ92LF7XQ6cNA6UC0)9KCw)HZ)DrJ}E0VZ_&_nZ8n{xNOf!W>07O;HBG^6iWM7Ip6n0@Bg}9G`b}J0EaY7=Z}l5 zhKe({ZxwwX5F(k7{tnK{%Q@CHWmozV&1#WTU_-r(?j{*Y8RwNu8UiKz~v zdHIlM<15tJjp$!81KqkKbHJMyZeHOjk)jvA%5xOHWyzt{!T!G2!~DBIF9TlvQPKH zNk{lZ_@4{LVZGcBh`d)nw{=TL1H?y1vmcV{B9>!gT198#k!5F;$%-ONZOHcdWpQ(A z4uDc(`c5_N+_|uFocgQe(G!WKH?^buj#0|cr8}}8;OxDi%=E?4GdaIfr9!Ir{KCL? z2Cx92<8+Pi{j*vC_zFut0FyuPXCL&t^f(~sw+Hcw^X8j%7}{dIfX}ximsg8!d->;u zERLqocdCuAytn_(&2;$;*=_t)n1tdpy{s$C>jr!vdq=#59oiX zu{2@T)J`x2SS>@FqD&#@GU}!mu&WGVA-Im;iiV~%)3PeauphA8z$}b_!kSrx$$fEu zQ4;Hm3p_+6zYB>^XhH>BRjjS{?9$!Y)ey8^8cgZz{GIy(m9(zu(r8*e+px^{dwIS2 zd-o$qMLEH@C!Y*I=p*djFiK>rJY3UleG)=?O~IXNz0}H^?C` z#o`XD&43+xg8=XoSSA?(Sfp5wCYBgUpVwrWrE*rV^l(Zax?2^gk-pYvObf8UCim1u zZh3a!&WD1@wG7%Lx$_L`cmLA7sa&a^Y~{-1BxcPwJ7JawDZ8o4Dpt={Kbfh7MxV59 zZjo!;XHC)HewU2ak8aOax$gZF3KjtE!$u6@rKtlqXb_x@bnR+Mpx8Es6cIGlX91%Qkg@izR z7{T_5Ebj@2S~DQ_i~zurbwxwPPo)Pml4%wKIEo_3hl#6LD%1X=E*c@lo78%TILaX> z{EKa3KY%*bi81Ho8cxZWitbR*iXc`(V_=Bp33lUn6LZ2ZQh0mJRU4KdkQ~cz1>_AT zyutoRp+XRk@!(~tA^_M3Wh_U_CS^X+RzJ(;>6Tu?r|V64)RWi`e$|SVZZREFl|`%C zEmQ`tP~Cu{ThOLlXAnqUsu`8o3Pid8_S8Y1nb&foHHf7O)YWk?Oy6GG|M*mV;uA*idSq z`1ggOB73V|3MM0~geX);9aLJ7z-#A-@JvEXCF|T-n94%s;y?Gx_7~Mt8`jV{r_`aP zC?8B_;2xgxE#EohWm$j7U!WJ1cfq*x`C#n%#gVOC=8*=m=VStVEfljFo!j#?R(#w@ z;xD5uxYE|PvbQtGhMuZ+L}%a>si`de`ELH)GDBxWQ@hvSe_(#a)lHXtw}9>!q=^o| zDeWx#qe6{7C(m#%Fm~WztH5C3g+4|7fB?>G&ug%|3w`6iKL%_KbfbhYsRdP z{MzJEVQAuIrRQ<_hne3E(BrDtv(bWhD13Ss;~6=k8X$Ojmr#Fx4ICS@sez$rm(5^N zP&+D_A^%RWvJpC>T054p7awWnjz*$$mawp)cz#Ws>y2`Lz_dCt04!dlrw!pl9)QQ(Jj^vaZXJ8j}~^@H8$dPEk_^|mo{Zce2wT@mL(e*P4d!nemsjj=D|%=&}h^MBb9xQyxuNaO+KN}onvM=>;mx%Z82NW1&hYf?XvOyLGPBH#0!g5Ef@WQG+8cet%GD85 znQs$xYcTzAm(lJAq`t2;*!2IvbQuo4ai0cczH2sQfqZ+(X);;_l@W@v1P%z}`Zn}-c=6M)dzCO43^|f+Sn9HWf z(&pJt7`FNA4P|8uGPb+fyfrpLqRcS&bc&VaoCkEi9|ZHxrR`m6Gr7I(9Dht2FBPRh z^o&2pB)Ady+kPh$3a(zaKdqcdjKyhsFP~xB)d;BK3w(Fw{_yGX_-@?m|M;D{@1Bc0 zd^yuT4gPZPk|GGKKVOIu(WKS{* z1bqF$pXqTq9MhqE-p1K_{Wd%+)2zmAn{#F3=IFXXH|;Z&WFNJ^=;AJYw|`}n5SO3Q z)#WPM;`odtlr;EpG`qOt45-@PI;&~NJoR%Yy^=F;yQ5)z<$b#;=0uQp+KG#2Xrs*M zvDeCJc763!gm{@e@81YX(Yni~ z$Zx{lgxL68#_SfEI=vgCHSjS1t~-0!Mmm|<2La%T*^AX0wXO7{jtOX5!n?Fo6m)>i zly{*sdLbE>oitXsnC%oK!Wj<`Yf*06BKx76i{$q({Ox{wp@?!T0=cxCek zG2v;tco&GX!V1Y4{CdK@$6Eu`cxG*gYU8zBc>F>;Dm}Y~dbuSUcC=V>$R1>yZ#r|T zJ@R?uT9WRoKx7TbZx06XR#2oVq|9)NXHGdfJL&S1%+@{pCh%yKKZOWzy0M;U=W=!!653$@6^`}b+u?q9NFFD{zJ-P9FF`H? z`PN#Vw@1KHIrR6y9|bo3_?@Rm?_eSIHUujfe4n@XCQXJ;5e>Q*-9`6RF#2qG4OR4A z_CaQX;$4`jzcczUqzN?pOsS&gW#naS>nU>{AEnjBnEtTW z(z(p9)AuA8PJCGf*iR0XZMD?&)!F0RpWGB|x~>Iq*>_Lfh?VBM+z1YNex1>=cM7A4 z4Iw%9D`7zl5o1UM!#E`Z6&ta|20=3+mkqK>1z`?=yA(o2ACPMS!5)}k#&@V2gGj&I8#um~VK)AA-;rV@#wEO7f#W5V z7xEv8kkW<^NEeC_iIU^R!x9iFjwr&{WXWPlSS-I|iAbgCq{*bs*sx{ui04u+jLWLtQCUK4ry~it|$SgCW3Dy zf>to0E)wCh5TT+FU(_K`Fr5AX{ci~^;TrMr10E2NC-eUk#`QnwprM(u<$tMYW3{YY zan;i_-cxHVM;L$W!-Q9-{w4y}){3GTMkw)0v&91;1Ig~e)oz`PN6|(}&It=ga&L+# zv!ZGZt=Y(~pPemXo#$Vgf-9k9gXdo=v@H8Gm-9Z5|IYk#+Eqt3Hk)Yd9A8}ddfRj7 z?-Ag3kT#_W2~ssR5!5UDX|4GL1~M=Q64Z~1kM6;yI}w{oG4&p-J8|5I>fM`B2k!D7 zCDYoSioTQkF>718eu;`9g9;b$!Bwv7Y(G%bLBFEY%ApP}%#mLBT(fu9KdEct>JEIT`D(IBgc}n+D)oEe)dM?Nx7rLA%)0WIfC>zKAk3I zL&v3qMcwrsp-p8fp<|^?tGXkxZne_8MXjPmqv^<=BE3${>!^a?aON%Rgk@z>&3t;r zCY8F)i%++_lh1Ivy#u<9rhwXY{5S2br@v;*kIM(wQ-~v{DnsfYn2jvmbfpy+`;JOQ ziz#)EgH^4HL>qef6<=lVpR_6t$f;D6^GbSgmCkt;CrVk~ZLi*yGV6Dd7H(dcusBrm zHY6qw%|trQ@q}oRR-GxiH0O6fcQ!1r)F>sCxl6}Kv4I=x5q&+<6Ef?Alqjgq?h?r6H}RdjOcnAo4ILPJr=r#t?I3Fc$Wak0!_Xucd-sSK zQJWPcTi7Lq&XG;uK||L^R9#8nP%+DKdijNOzQtyRFsupr)E)9>H5wZ79g|u5_zI$O z+A(xc1v~NbenfFjP6w7QpWi~iY3yl7VDMC3&Z=JJFp`+^@T&lskYLF$J>I`bU=*l- zk2Z!)Yq{H2MZ+j;ja-*hInbWO+{ZA&#L6AeXc+74Z)_ZlDNyKAnaLDyZ8zw&jO^Lv z8bf!CT>hiK=}yJh67SPH!bF~>G=|O~KF`m}5DcE*hY65fb1cuA#R%B5*o@=`64DBT z^}v>jcKEs%X;qS(DrOo#?d%=i7QIE(?QqXxt~k3}A~%G5(W?VF;Ze0MVq{O>T349U zLg}07sBaLnW!BhIg0<|Bs7Svl&UcPd2b`PlV&NGA@-cY@fdSKN;0+YXiX@W8n&Y16wyrq>(p=9RVT6|(^|y5>Tc?Ra&9h3>k~(13^ww% zD?jqCdUm-Q--OEo(c%r<;2^C<{E|0r-*x;ddmLztdS6@ndmWrZAMa#Uoko*!fhAvME;OLbQBU;0769|1iIhb!UJnAb*U9ELKE9rC7 zsP!oZ7vrUtlB)N3(byJQZ2yf!3)o3Wp)b}O_nr_gSXL2IxCV_Ln69L0Os*p_BPwe@~-0# z1P#O2tf&w9tvyzmj%JmHn?sA!(i&Gyqz7gsfr+B$%nA88%`f63Fc>;A zty7teqh=)(x!X^XCjf=Usw9r&PUBu9cO7GwezV?WS`8T8gnl3AbqG~fs8{Rlyd)LF zNY5`eqlTc9*mABVg4iKOBSDvMDZR~jwoh{0)wf9nWYeCanA|xr%|CK6O-ClFqngTK zlH%#uA{OEpO3N~kx4itn@XyiD>Yv|=sSr&i6(y=8@i?dn-b8ky2mV-wiP9QhzSQH5 z9u^h2C9*hUp4JPS$y#ku2=uU_`NcK!Il(=sI$X~b#me zf1{znD+?;&XNd!wHh!Ki2$L)QliE9=^blT>lKgkFntL_&XbQ)JDp(`Bg`&9MRPE8) zNC!Rk@kL`diKOj`(ibBkzx2rSTpyU$4=|}lEvJvQ5Sz}Bp$2e z!5jLC($e4(fL4z%*q4o~oU9^Y)h-ZMLr-u=NdqPI8cDp05dlu>M^_D6J_dQ2hNY3# zj+fRhca;8)A4=Arm|j&`P|m34z0wkqhk5BLwIhVqAsW9f!h;~na^V>^2I=%6p;k@1 zWrou$6=qIyI2Iw-Pl0QEl&<9CmZjo7!v5j!lxvTlRtCcm(IUyD35dB=E1wTvqOE0l zjj@rxa$IC1DHrfgZ|5oc^jka1E+`S7esXT`Ubq?kB!}ufL6T*~=%az5E|kaV>uhkA zNBa}OA9+(6%;V@Oop#4ofRZrxAyiN*Fae;VhQ^z zulfujTyiHfekj>0z?n@wEotn}em$~OiD?r-AKaJ$h(~-YI8sKss=wF>mX41kQ1V#4 z7(B@tfEdXj`paEW$}9o#Um!J)d9i|B_~*<==ty0GO2u?UhlPtsjs66=A@E&-&lgSP zcJNqK`MPxk2RlT0RbgmcD@OrhS;e2A3v2s(sOIg>a289_+oV5hNE-k?EWDtly3+DL z?N&2D4@Q~nX%ex(tHX&zu_7?jWJqb_K3_b)nBnMKTSn9sA}X}z3-`(jwbT~oD&rco z)R-}2ZY0HokG59$ru#yIuxPF^Q$M6)Aq{u(&>x9?^b8yoB2zaibu9Ptg&S>$7|pOwaWlP(ogkKNUl*jk(29%7PWXfccyFYI_{i%tzimit2x*4&d<^oK zxH%FM5gWjxm@IT3A!ea&AL=`PA|yEMod5Er{7nSZ#g`XRgk3Uq+nRK=v6lgF4l}*w z=ncp15>qL(C%(H~4!~XM=K~@2OP?f?_uOJOr~=dm7Cl0{-XU``A5Vsgs}?A@72#8J zL66LC5ZSN3$;Yn`EyteiiH~DOmz2u_A_=Weg@)N62dOx!4G{jZQsiHcZ9Ha zccWhUqqYg9*}9@O(1qp$!iHjhEmrcn(K{g4iQc6nUgE7Vt2=Ah63TfQci~?ib?vxO zj%_kvW!6JG>%^9FKE9k>6a_Q0^m~A{8^8VUZi936dpOAe1tZ|(4#{&d_`V9*DPzaZg z>5s(Dh|a1`xa*)gM7Jov>WQN^AVa;KPPd=c8$eHng-=7*zj}W1RSFE0A%@%fah+D{P(CJth$O{4vWZgr75tNTR#Y)5d~E z9vi3@$BI4S=~d?lBFA49J$-Sm#p?wx9(S9t5fvpMG1OU;bD>iryo@TF=}T_@n)D)-y$XNF$?3nO)qq z2$9a0jfg};2G{6wAk$4WXcb*s&oRs}mm%lwck@69+MR@tbHOo#Puw}OMEMb&PoKeK zgdk-sOg-xu4n``agpWg^)dAt$0=zfH`xS_<@|}YC-e1P?g{Z)g7v6wg>`He0lp{73w^3eH~~8n1U97j#S-7wLSNq-ygly2?54 zD!oC4=7{tbD0W}p{FSaDzz47Wl)4qsAgB=D&;l;Og&awVzA~?k42+rv)~vtg{;Gq0 z87h5Oz{liQ0s2Do8(dILPU^fzAd%jJtQH{ISmjJgbBh{Sz~ARcgz{_WQoLF4jG70= zYt$a|RGT6bAoBj)fAuG>23FkOGTqOhDHG}Z0rW{E4QBcP9V#WfF{_3NY>&wW^!gKM z%ZDJ8;rxJvE!>LEf3G7~?&7_0Ua`EsvHU>zCVIhM|20l{gT69_UZoX~sUFKumBWJe z&ZHDLQx1N)U9)_ED~`C!RH(4+c07CK~`PYKYsIpHSQ-CB~Ji@ zOz3x!cJFTKmJ`2c1>PQ!e<2_r6`6-^p;U;|6=Y}X_dg^xBdUte?@x3D359BzA9*!I zsNtdOWL2N!UBrjSVEYfzK0Q^1g)}O<(S72@>$7G>o$7#p+z=Sf57rS_#x2MaCI8`g z)UFSH8uy*pD?T^?S@J7-`?ZQYobE0BOOi?CoNe2qS@Ns%wpa0>R}qyZGxAT-;gU9k z4?Y7g4EJx>OH{m$8`buk^3i~s$hk}VPqCx?8SWdmpXR-NjJTy+;H){HVTTpWIRgNA z@DJ>g_4MUsUd=2Np5PIz-n-!1n*%-ockn@xAOJM@7JuPQur03KLCQE&#UnfPBRN#B z80ifeTij3d1LgUzECn+~69a%3V^eOa`I6w+^@Bu#z_%&SX2{jUWw^mO?kE0M_qf{> zOvkUl7}e@Si7D2^InkQE`3=Q#f$!NTp$~lIR@CS_Mh;Gz_rS6W&xGE}sdV&b<;Wpq z-yiF1&tivfSGYQl5IsN$)WO&P?@+fzZ_tYFY@g4Uemy_f)ZYflFUYIU|8~_ZRfl#| zT|@tCXqfiHiZY%yX#$s;ROlT@7Xpse%H`5ty4!Q8 zwrc`q2TmGJWjMROT(w>LdNf9Gz3KlV0(3VpJSR>*JfZ< z(tXENW8bLn?qqAqR(L)ySj)DD;NMh%J&0bghIKPN103{~fmrZ%wQK+k;t3px zm#pC3UZw*exuy_xdafXB~6xyWyc>gRqO{5?)nkn4b$p$j4_l+hf9YtfSn}Jjj{o10vDYvnDj6(`D zC$Ks>Days!?ol10>UD>-FC>C=mB@$y7khA}R5oRkQB)JfI-K7mXo1yBzinh0F=69chNR`~!BS}-LA=(v^ z4;c>p_=j(+$TBus*Tv=G5T20G>=p)aMkMMoD$L|`iG(#;%;L+NP)|QgcQE}EC!$Lhhn{seHs3|e#f!QYM4!8$^Y*#@GoQS zm4*#%wVW6~pr;+deidpYycpXgUw?6{D@Nb+rrmJz`9}8!J6AFo;f|IXZU;I)umT{T z_YPEz0K$1B=W&queeETOGvukFl_<@Ry&7Q-)F?%v-K&`@4-T7FS=LXjq#`4q>YOh< zz0H1Z*W(Fy1lg|2_pMIt1cII#I}umohI#&fqvdrMdfktjA8kAY-fAx*Z(_>a?02oL zhc_0BB?@iM5N%Fpu>muZ@8;Y#f^^s_ss7Tnw)O(=OOgIN7PUGH6g(eI=Lwoqq>3kE zY7R2m#-FbVbVWyuyUfYd-tC+jSw)xx@ zHs792Rbka*4mvm`$l;!`ofXvp#baKZ{%&(xzp$U_Toj9k%+2Xf#67A^BT51`0dM=a zel}Hvx(qY<9d}{@4)2HfOP2f#dgs?YOylXG2IcG6=6BgE#6NFRo)C#mO)WHRgn2u4 zsfC&M(?2KYHuSSuBLpC6#C?!dqBHdUK3IJSTEVP+oBO_0mSuc|u*w0*^+3-7kkdn~ z&aDF-%6X}o<#iy_LNiGaXJu$dK0vC8cOY`3ExbVD)wT*uRhoVQ6{i6Ks{cW|*y{BeW+>%6vD z&M$em(K#o$f!;3yw+UW3=XvFkq>nLdELSn*w)d6<7YX~CVc zf#{GV$WYUOAbQQ@@Ri}!IXev=i!go;`aEy1cQabruBS1(8(srvc#2JeQT#f_K6`%O z!6x_juvZ!n-qgz%6s)2ex_SNl()LxN>g3b*DplS2KBGB&Hh+U@q(JWqiF#;~Y1+XK z6Hlb4y$;Yl^ng6UuB~>`9%M`}_wNX$!dU)$>4Ay<*#jSt3$)}kZt#|H7!%?T_I!}C z^DUAv$D0Iuhp|V#ORz_c^^A@tT+j3?JH`fB8Wy&(%#+pG_Z>WsuT8MH|8B|&6N82M z&esKvSZyZv8(9JE!2x!i8B+Y}@w4wr$&)*tTsu`C{9)GqG*kPX0N6 zopZ6z&Awf$YSmly*1G8G?xz7L)^RT~haDRuANN~qe)TIC&l@GLpC~rIZmy~P_16gr zx|iclYlOv<;G9B++WGvYbi%dzY5fON<20_kH-(e66UfU}m0*T)U4UK63K!0iNOuD`zQ*V+jwo!dv1248?1Lv+5SyRk%Y2Ui0Qm|$Jw4D4K81m}6rQ7Y@&GmD4oq=aW7B!Nf zna@m@(4LPSLcx(Fbe#vllGi3UGi65;WsqjIN#IivFO0)7rF99TCl#B3LB&Jgi#No6 zMp%<;kEu1}ToQ7R<2R(?5{Hc=HN<&K#U?Er{(ejSjM5=tJ>;_y%2nWvDN=00`@$=3 zB8e%@u^_&ZN-{@SkCIvxgqSsS=D-siovmj{GM&3y6sDNx$&~MQhNjJ5ICbVqnl5lU z^X~AcD~dYh(Gp9WckIZn$(ua2)DrxW*(udNCGW`i4)GPCIRo#Ax-R)RQ+!wVjLj|m z$xAzZdBm>HZ$0zTB!h7b-juKY6}Yl_4#^eY6+p*)g)`P&v>NYZ*pfnm#u-ZOhh*d{q0 zN;`)BCOImK{!L^&&cJl|!x_%d_5VAj<8XZ?p$NZz1!Mg;$MlcA{r@_q|3EGFs4G4@ zOWJ4KbXxWE_>hK(FmC=Kh*}P%aY?Tll8^zfi6Q;ot9&`ml?(X`TOK#D2*wbwlF>PL z=_MHs%Ojy2LsLyIMkBEsR%)}{X6%#Tl94>XpU1nqD%=SZ)b^maeYj7#zO`4SyzR9qp{5_(1 zNRm5Nh{>5o!{yGL9L?^+d%?^6SM1J6f;nsBO_14eATum2{Pm_|Y;<92&jV-;T1WEtu zqLm$O;DqXOFE%z)7OxmFau8q^kuZCA>Y@68EL3bccD7zmg*QpGpt?c5oQTk%Hd|rP zV##&Byz?I6Bxb~?HB3RtP~j;aN~#y(N}8k?Jt}Zg&Hxppl7$$?(&sv$N_c2t&XEy5 zsJfHERqB&mrN%|0DY~E2;JZ0Au`e|)KMZ=lG!nR%`<;{Zt4yB4sojJNDCwXaIJ7j; z_*0ctCFvNcVp1n53B{GqlOdIQb-i@; z^r4>Ypj-f8OaWb<&Rm&(ntQosZKAoc!&I2xTn#2|$EaOVa&^YIL1aIkoyr7g4&@Ol zJ90fe-zczY72U9l3bl)JZDH9AEEx%UaTBQW(C%4dYQ>$}3O;G}<~q?}92l z=Mu&cM|jPGIgHA*$fkH237@XBrp}8R-8w*XnSt3qvlOg55BFLx#hS89lvWe%t5~Rx zjAt!FddZ$)BC$)jZVm50d^xpS(q`{ry=T44W)(UI)%7lqGk;%ebrzoEaIC-L9jH{_ zbP^WnI?o;XvAUKQ=5M%lva|+r8*x)5%G#)GLhy{RcnXX`lk25kx*G z%C%D5?2jXpunbT=L5?0GF`#~^q+NgprA5Am!St!h@F29*DL~$fs(?+#;EVOqZ5x5j~su;%ScsSgXLTp8X-!hzXefOPs_gWdR|m7`FbchtL~gU+_X|Zz@@>g zQ5w!YA52d}6T3OGy?nShYHltvR&|w8Kufm+G#sinlfCu#En6D6f2-j?Bs{n{7VF_W zVcyc%)h$+Y4o{eppB&Vc%D|VDm&6$)Wsc|5EhSqL+P(Idpq1GwG0y6oaN2uQ)&^cJIDRLG-&87eg8W^=R(RfWjFEG>u4gU&IRwp+29Ys^26sPn z22q`mK}d9uKjJA26p?cXuv)Jk7!dK5VUPpt(>b!y#)OJRC>vpdQD&7xITWu|T|+aH z3y!AnqRmrbDi=f5GuAm*LXB`u|6$84T&i{Se9Qn_S6EG`2`L|9agbrv8cHCXv}UE& zgriHh#EN=jWspr;@ZMC6FjiO=ft5v=*?O4^+;!b6TNp}^eSx&P@I}o$zJ;3C6A}lL zVX7wNfDpv*U;`kSQyaBb=?TwCd1Q3sH!}^xx&cu&0-1sF4dBS(O*rwSTz`r-^{u?e z@-N~marScF!s|Y)QWR^tVtuFqO&ktBZx}v>`veTZ*S^aaZ+p45Jlhb2&}1N&qy|Mi z6|SWi;w=puSnaRvyE%E}!Pd4S6s3(QI;>Arhex)dSYij|(vJ3CaFdat=77pn*LT=R zr$Uspe`}udCYq`D`BlA@9L|lYc%}(>r?rrVVZ`0xOo$asOU=Z1LTw*N*S>}8fr$K_ zvXA!qy@VcAcy|^}Et*@v2cwfsAs#9nj6k+SwCiX<^uR-%i(JV^$lNPx7u%ATU%df? zT>iWfAnvrU+B0QtTl+gUtLpC7;&OE)=HhP_O9we>gGaO22pyHUS{H&Obh=?C1Orr! zjo9o=!GM<477ckgEr>_kG%Z5w5PjGBN*u{3R;rDyUrYn(-W4>43rM-?kJYGvI^9AiQBOalkSaTg%s$D;`J`#5sI|t+i;xe!xQYp(#KROO#$vV9L}&Gpd|mK@(Al7<}6eeUo0=U zGlGH_cuwCoSO8t@hb3uh3%fD*_Sg0m&KED>D5HjMN7eD|dxh3AT^u||;v zDLvOs(5p<^dAy!GOTqD@Eoz|{^SiTbT$yH5BNw(i-coV%ISBDo0r5P9`*j+?RZc^; z(Zh)j4|jk$?)Nb2i}CkBbVU$Hb$}RBknnJf{c3TRe>5;BvLeAqGQtITCuo=Ql-D>l z^-gpvTpB#l@&nRESeFKWxCQ~*S};&DJ|w7@Fh4;Vd*Hl)z{$qI zWN0C}pPxGfWbF0+A!2=8<>gNc6-(r`Twv}pkU0qYE|G2HK zV%9Qe8UHahOFOHd9GQq_woiZ4=NR>28yFS!$obj|Gji;{T$`||60+EPO5yQE+gyRm zo-tyG+sFIyJBlGk8V@x#V>^sz6xcQC5Cx`mX0^V*LO0e&g zdfUAz7sxODiof0R)`skhFgog?BmL?dEAQY#=1nk~q~izGn|83Uc|!K-8;cRF6pL}! z*?x`r64G~DJYbDyjG&Q>6&}&L-d;Ue(#r1 z^vtH)roS(!_cpxFDVMhde?8CO(Em)G)#`npRhewI9dCZm zIy1*~a6U?J%VZx;+RO)+Jbm)EhICTdA7`tyjP!9%?esSX-;R*D^*6az4W+=^;WzL>=^Ck%tB4t(4w$M(L)c6>Lx zXW250CJn@N@j>k@R^b-1uV00%y-xWhx1IX#cYqD~Ewb!mgM_a}D z{pvi7_PhM`KjM-u#kQ`~5d=SX$H67NUNS<@U5tK{jpwnJ;W#(Fo%f%mB#7^i#g291 zDT-Xk??~tmd2iO&gQS^Uzo*hD_DelPKF2qHJ-M6?&!a2*rNV{vV&=G?6L!DnwGq3n zxa5e(rBUBp2Vlrz+mV#~8XlIf*$2vGPa58V>Czb?aHxZU-#f1jXb1wDQ@Flhu!x+ z_g{`Ov6E09N_>O_i3pPjf1VBRp^#k*txo3J-Kbeq!#!VU9e^v30*8i*Goi(JLah6h5-%_iyA}6TY zlR5mT6JCdrYD9>K9E5DGu|nhniKan-MN*3!eiKUzsY*$_X7qtPAl$y9B7_r=dgI@6 z)pqV=LnY}|t`uNBmO)^>gfCe=<(YNQR40nYIpyBJ2bCK&YL+dV;cRA< zFT)&JM(ru#$j<1ZLGGq>RwHk1ZEGz(ZT75LPC035F~}F-dL9KS=`LBbW-3+n?z@K= zRjYC6RyE_L8K)@IPjjE6#8~D`VPr98UY1=45y^FLLdXt#7Mq!y%Qmh$<^--#FK?}h zS#4|FT|ZA@NLPnWRz4|J>$+}ImIoT&H3(;BdzPQK%~xm?UZK?)Hfq(j)hp;-V^?y^ ztx;i&v9U`TVP4U4Gha!a`c^9%wmmvF&r`FVK-<**i&byrCe$j{&N<`I(yu$paWmMV zML$;PH7mx2!n{w&P2J%xSvBWqwEm&Kg38PBtX;5V)#8m&?k?6EbTK;Aoue63EL5pl z!O_bTXv%_-nVnZvD*d(z@jcT?2uVeNQcPx<%Y*t`x)lc8|8qJ7pd^OKcW02JA% z%f~Mog{zJyJz_~F<& zU6k%ILUUGsLA2E2Z`BI-=7eQzQRHgHyrF;+Bau2`iaAZ9m9K-$B&_9NvuRVia-B2L zF3ccu)-+2+jNpRX_7`(fgA-Dwlb5hcId;N^=v$`6>b=1qFRVC0H#2wDIFzlIsB9i@ zbqj>;^g2}$c9w(f@YVvRh4W8CiRhA8G|Qad+AF zyL9D-Za~~1d4@Jg`0p+`?qR={*)&#y6pV}Dm34qY=^3L(%n@gKMls(GLZ<%~CM5ek zupHtMf|h^jUOdA-ag`a3Olm|bH`C%O%J}MqilfJERW>4RZx;41H;1wp< z1{$Vaa-hy0@9R8llo={{Zx$69LFxv&11zD4T;HW*)YQSQb8HqTnmLeTl+>xoDz|7K zh8vmXh;VNjT4#TII#EW`B44DG=ONP+vV<9qX9?xO{uHs44>yGhv}8+ls#)JLL1waPtzrzzX4K2VZwMyV-{}<{yqc zO5MZWBr12#&sESQJ-UfrKK^?(Pe-GhcFh+V`VtK7;+U*cHm#O(KawKUtaM%kx8&+M z<+w+)6lt@vmi=v0uKC<-x19lS(88IgX~Wk_lKt71A@4roVm2AJ)u{h)GjlU^UAdVC z$G4W&FJ1nYDnK|TrrTIpsa&+b&Mfl4gJPzY{;oY-F7AvwJTlm=a>QXxN37BT@-k2o z>u}yGkG)1yF7k5ARF0rh$9?H|=$xmPZ2%dBSS}fqgIlk$!4%~dq^d|(pT0@#9O)Db zf-4-xN-OJe90{#S+~h&V5=R#!)>b;jijlZ=gIf97TQ9}znPaZoQmFbaA<|fDEf5<@ zXQ8VXq#-awsWOvF&ae}Q`+Izk>} zLxhdWv1t@-Y58aLhsg3bRw`q{1>*tdPidJ;$RdSC-afQ!IRpD2I;|uj9Fy-Qd+iij z?13Lq*2f<Hol$>gWxq#*R0q(qsFPC?EMCAaJRt{)7IvqQ%@~+$+YoBjNf;c>fNfNlP zGdsde6q-3pC7%HCh!jkX`uXj+%mvN%)mwV;Rn(o_!?q!kRV~)U!p2Ml+AbtT-60Bl zGmpdL_x0OnXxZ=qY05dYE3UZ)>J9F)rpAlDNKX83Z=BV@K4pL3Y1#C*64;FyRMxhk zeX96?;2P(EF1${7SWX!nY#JO`l)HwRBqcGfWI~(+<*4VP8RelI7^U7!vL#NjA6YgA z3+jbgmvkywz)pDEO;bupdfh>V1bJ{q0ptmW!M^P61nyhH)klIRWHjdptjpr3gM#^B z8taG8QQ#@jqoF0b$>ZD9?nAl%=O_B>2a^S`w9Vj2>%imCEPuMGu}L383fU%7J!pOt zNRky4EStGiMiq;*!1qe1CPTMeJ1|+@8^o#$g0k=Z8)61sa%H_FkSJ$@WH>3-%|p%{ zBtg*_3HrLHxrDe)557+3n_DI|JCDV zH0iw&ly)NC>88CX&w-|t8y6IQu9&Hq;&<0YeiVQl`~nH>Fma5IfQw z;dgZ9!AbJ`HS0cb$}C3Ex}yhlOi;eNYQ7za6Y||nIIpMbd?)R_O*Kc`i~7|^(mU1Y zQW0{RL{3d6vHm7nF=nRJ#A)DmlU?h18A5)a9)cFR=wjjq?8~&@5>T`V(0HMD5Wj}i zZtn|vQ0iMkTx+RN?bQsfVY%oV4(XTvgIWvooW9nVD&+`|FIy)AEc|^7Vbxr9&~34* zEJAirL9N1Im#0R+#_hDGJb|g#`}eg8h35)SwCiajfp>uHC?kdYVy?LZt_&#Y9P~x+)Rod`Sl8kh8=_pjDn8Ocs=heBgWFqsi z4m)NZfWRg5P0b^rCk^Rd*$^$#W^O{4A?iM^`J{gkLd?8<5ybF=!`9MmqDU|EO%lwv zVScs3uu7&xNutB}AduR&rR*JCnX8? z(Ig?3f_j7M;wediGxRISd;12?52eZyE1wzcyS;xZx;p_Ya$`D*T|Z*FR>({?d~rm| z;Wi=h@k7mt-?>ww2ec%uzNYSiTjm~u?;t6@rq94E>IWPi)Sp@GI#nr)%T$mo()t7a znmk!(5FWx`*j?JOc(7h&M5RjY7bJ1eV6p!@6aQw2lTbjKCa=l!XM8Uadyas_Q3)qG z|GR|>kFrqC|H7OR7gNo@5@qs?=pGokQNXcG*~Ed8q+bmRZkFd!+%oHw-hO zFjdG^uGC;~8tF^#_KWgvi-G=J+@WcDb`IJK;Zz*e_Xd%?nPjhA2ZWKJqijcKY3BoB`EA*0{>p z%76>R>U89FBycGLh*{^KpqZ@INTW9eemP~!SwEpVKyddU$vYGml-#W3ZFn_*)ooZ% zr1wCwjl}I^5s|_=ZHm;e2=Lzt{o)4^r#*`(Pj7C>gF0&IA(BaINM#hS^bdPYNRVc; zriO?V+u1xa$i`3lU1*oPT-+j~^mvz|n0mGtEEvPrqcGVM>%1$uK8%59MF1eQur$Ft zZkQM;;RGBVAeekf^yM(5lR7@?CpuLcp4n#6?TrC*ekut7gk(DPRU#JJ5hSNO|@7GBtQ`+;Md)`eTsynSj?`oIex30NEj%1oRn zq3R*1n-vp+WApjJ zk@rNhPF)YqpVS&patChcak(7{Wv9}H^PN4go1>vNAp%YyYAuEMORrXDEbUI^E$q(C zniRj9QkOT@wL2>9*-b$!3@5S_IG75&#suld1OdGvh$>{Wh8nlsFV7S8u4#!d3JrE5 z`u>Svrh<`=zom1p6TKl43%#B&R*6i>8{c6hIp68TUfgK-Q5r>7)fPUz`YRsxDjxbP z_~)o^P38pJc1G9gDJ38H3gFOr$eO;Y5Png8TBiXKfL7?is&-?Ry~i62+Y~3A1l9;m zc%xQ%Q|Y`Z)ye_@Qs}!$2-U`jlot4mC<7zdV^W34U3G@WU}5MaHSy-piOB z&(N6Vb_@H-RqH@?AOrjY<4U<5?0LiPX`OyNaP!;pbJ_%G_h9RX_3qw8$Nr6s4Eq{_z3n}aaUC7mao0W2yK`c0 z4(WZl{2Exyd9SpLo8cc_g{Qo1%6arHWA55)^o~`*!I{@L_JDuThg0sG-vJHMFPyFe=Wq^65I%H+7SYy?{p89yYq)<;4_#;eY$oc5lF`>-AIo@!u0xiJR3lo*jk!@*Y*VDle-EG2Q`c zg4$Hzz7}HrAe@zHykPkFQv6H(Da;QXlg99qfN9`+Sl0gl{Su^j`M?M!D5rr-I|lIi zX8-FA^_xFJ6Nu#3D1QhYog@bRz_2{pcRA57-CTr*2vv%FQ5>mIn;|q@5;wD_8I50b zXeUp5^x%G_fX)H<59YTYBe#X_;BLr>-q%ln;pj@;!2{A46VqA4Z!yVpDY2yYKN*r~ z@sj$KpD_D15s*KV6W;BM8E-2o%xV2%n>|Arfj&Jz$ohM;oniI6r-O?t95D<}v?V=I zB@D0Xk4%`K@IgDzSnom5KkzxEVm;z+4?b0#Sf9BhBaOr)8(QyZbIAa#gVL%`B&R<$Yz{ zs#=gUIH^h~q_Icj*hMXWUXvtxKG=%w{@OE*&==N@WdbQNyH7g=Z`#u^?{DRwoU14? z%-XxgHPPE#BcyZPt~b52L@CNd7x1+~eYSZgt!A~-r&;V~q;=5BI%V1@qHQC_n|&K* z+SH&cGpQ<}Xkq#^qi!imIK-U3mM&y~7`Mk<2vHIvyvkb9XtU+#x25BhIaKUFo>ikXWzXKe_m?tpma3c!ZA-a|^ zn3R?Eu$`dY41$Ho)Kvp4P1M4b6E6GkdN=#m6K6s0a9ry#vE*$W&_N8iVTP`=U3cvZ z)G7xVj{GSKM-?xHA&JgR^yA<>DnTk2Ce4D&lCi$~wvU~Y)Qbgg80J0P0#$pufB4sS ziKIsa^vq`3Q^D`iE9=!7!UEKkr>tT;u=%}<#VCF|nO0 zCKoL0Me<6(V5tyhbo_Flzc~*(x~&UIvrc9$h`3+5)3T1n_5?Z2eKBCqTd8X*vtzCN z(ks-E2U&K5(lAC?H9#X~G$1SKq8H$qrTr5zx~~z!+rr^0u&^V)up+6IV=W?|(9*i9 zB{5`9LHvPp{~0e$x@-bSob>&}`fSJwk2x$RRZ|bsF2UU%q(+20ekI^23$&kb{bJZV zVh=0-vjm9(I2tx}Tl*8}zB;VUQ-ln!h*JpU;hDE*LTda;FEV(io0NEJNH#}K>N!M- zUo4U}$C0cKCEke$--=>e5A7n+23>oj;qM-Za0vIQaMxyt8M(cLuvU5YFI*-F4ljQ- ztemt8c20@sS?=QQH(D1LxQHF`oEY|)mln&tN0VYdK$%;lBIlZ~U{-ottXd`x-ISvZ zGNgF>=cf=fa!WOkL?TL77_uE9YjY zU}tulqRQb9TanPe0!eWmGETi0tvXxSfSzIoGSqV2S#-yLh0Ghu`*ET>Z;CoIw|mk7 zy0Q@jXodD+n8uG@z$f%A#3jT&$?FcFUp-!N?ewh2+qek)%33CoFBC_>Z0ly$=M8-y zq4bp&_T3;eA@CZzsS-j7ts0ESu+VxYBe`qTzMLF(JwQn03JxooeXpDoM!9Aq*tAKj z8ZdNLjH9DFP)Z^bK1t*XJXQ{iRDU(3bVR%veX&O+c2DE@DCi7CpD|?DYu+As_?TO2 z{&fd&$qn^!U9u?LMa5H_0=vC08zfzrCC0CVY}Y>NdFRD{*CEx0PwMb`jo!2HdKN?) zLnJZ3kqJ*BtQ3c6R~CFz4%c(vx-tH3nPNZa34<}m`bT`zStvy6wVzV2IHcnbTBh*b znjx*A9z^{>E65Ocmkp?M3rv4hsj$Z)TQZm55q6<)L{=53{+8NEn=$H*(urG2tAbH) zu-EbvW*HQW{Z5B(fmpZ-6u;KlJx4U_SGkp}wlz+n=qx0?{pTXAG-w#Wq5SMs#p_=Q zaZhoPk~$O*Z8gHs3>9b?2uwi-^EzOE!g^D|lc^hAw6gAInBj?paYv=r*o;8PBYkbw z&9met%*cRi;)Tjo*ul?K_{*L8_Lr%!LRb2?1u8*Fse8Q84?7qH$zYITsQoj-)CJZ^ zz&Qx2M~sPvX%8iS4Dw%wW`fDjXkn;7p4c?eZ$)OK%s8HG*;^3RODbR|kRvh6JW7g# z7^v;yRBf`xo}L)YXzr=RI~bj7&daoF{mgoM%mI5Il<1)tc_uX8bSCad6O+)Nkpm|< zGJvRt^s^li&4EW$dez-t<}TbnA;7(rb#Gz7y`_C%k?-Dp=VA}d)Q%?>8iMI^grPdD?{ZNFH(frgKEq;65Uu|bq0x=M{*}7a3y|G!hSJzO zlZ(5s!uS!D!GP90e6yI=c%z!blim}(rtWAh&g4V2;MZU8Gyb@dj^{J4smA=J zHge;X>O?U!li>@~`6Bm)Ub6G|I#2nBDoXmJHcUu=?6JvB7tQ-TG^LOdF)X(deA`QgW&K&MhJN4sm`i6EE_dhN#j_J(xn*@Q+ z(s3t96b8GA%JxpjZO`-L1`hidF>REr7T1wcZC&LJLFd}VQV)1vU<5k`{i4RD)&WTEnAhjv)roB zpXM~Lr6cyx-k$v-omR-}tNvKM!UOOTHvMtG)<0f7Y?t1b^eZ)6GF&~IxQU(b54s1T z{Ob={FeLl?I3qR8&-deWO0}2^uirV3)PO=p2mqxyo<`k(VPEm`rUPSy95fE%~D4yO*cd&g}~kLin*+sfK2+_&2JrfBRi06Qpm zM<;xzuBWk_mzeS1A3(N;Ua^VcIs`#%EFAuUC(#(=dkm2e-zvb_P3X&M>S%MgujfV- z&VAD9a5&CeX9BwB#yVYdX}hz{?c&%N=ekpz_Hn(AVeqOi7W&0I4kwMvlRk8++-1;+ zK>9|LgSpDVzBisZ<0K0B-VbN5SU_-r`me=azX2B6-;i7;tXBoM2@#^j@Nm@ zsF_ceA=B?O_o7qno%h08hju_kT3E(`#mwvuN3ZQeS$2Prb*ydSrP;gH*1G~{mKUb2 zc=?}K>sHRKDSMhM`N+8ZON08%Rc|F3HyyCXa^r__W`YSU_338E)F>>vE4ImrH`VDX zN4b>7^6b%O*b}GcZb=9H38~Pto1KkppBoL#5}pM`M@%^}kDOtq{H~E(>tuDTlHLV+ zM%Emp`9oD7sBbLcR<^r<~oT? zjN(I^VPO%0z5`||-B3#l_A@Q+tW!co){mh}{#t<0x$f3O*0V4e-h14ij1EZ5xb+|1 z?L8b;)2Hwf8{e$^IRerAaP20n@{2@(P6fckX32WBF<@{D9Ra#cZ5|+7yM1e78EIC! zE3sMZ%4b)`%Q>&h=kE%g?tVg-NK}z*X(8h1Gn=k2*~Tm>xwuc;ms*)Va_DfhuN%Fu z?L0`DVY-~|dFdcGqqE`g!<<%Zt2ox#Iqn?}295!fO84v9S}}5V#g@-Cn(xwgcf&rB z(4+F$OuQWD5`u5cvQsPQv0ccSX}hd7w{zJ_$t|Bfp9;NEcyh%K)I!m|0WC>p$`of34@R2xo0vXHeGG>* ztV=RAo~I%CHwn&|sgkUv1Z_D5#2C`NOl%^`A?aIUHnGhit_1}kk=6u%FEQX%@z0OhYGK?rJzh7RFJ3R(FQg^iZg#Aq)z2;O+ODld zFDuHZ%+iV~y|M|RLQ)Lb;S`08l29Xs!pHVPa?)Y*G>sJsOjywqgHYtisO0J5L+_U%Lg0H zN!*sO4iV@juuc~h)+f_uLXQ;WNx(uVTZD)(!-W}9ji;+IB~q~@E6n2tOMv(yOER-1 zh*Q(kpbMRe@PKVV(hZ_!!%{JEup}ax8IK^7z$*BPNJ%-0Bn~Q4r9gBBM`+F@dFXKQ z;HHr1xQ3vs1X(5=s)!{7#?uHJ;lhO|X?5I_lA$Mx!_r~kO$Aj2tS2WPjMqsjB?lW# zcEA-ELUD570^1>F2h1V@w?Ro_Nfi~G4RVx|Ca$+I9MVHtOiFN>+MAO%`~#N5a)R+w z!K_(wA>pbTg}w$;;U)>)M~0&&%_}KDhltBc@szkbul*AF8gKehqfBl>>X;HFC(?T zr3KuFR9^#rVfhmFM-xFpl61bvWcYgX-OJL+I&y0=3vNhr)6`sb-YPm<;zyKupXjB@ z-J3J-yNVje&5W2>5f!+AgZd)_=p9pmXsSHBU#)*`Kq^)lj9J_P_{0ntm7Yl~!Azw# z<3Oa44+R9bHqumZx1=4bL;w;p8oJe8#eNi)u>0 zL8}(4U#7d4t4~#gn95dX;TRfqXSH~a+|}W=JS3f)E~EGrICfi*z&QcK_mF7>i033a={}^-9)L zPz1tEcDEQh8jLk?f}cgh=4AU7l);@a6(MPmgBw#tO%42@lpxmf$tO|0M7PW(x=q1k zLwti+?Y|9k5jC}KA)yP>nYso~iWo9u_!ObQftF&fr4OPFypAkp-t6S61l+XzcdBF6 zXhdoI{J^^aL8Lgd3{u31a6HO}keV3=1B%)!6$A3r|Cg7Z8TxTsRQ8VTt|a5{3lILA zLo?hy+qw_DSzx)a)e$QVths*eD{ADw1I^$qi2kU+h@ty99xaH_%G2w#SsJ-w-ZX=E zbS?3%)@q8J1?cbQCKx&KLsDT&R9ZUz1p}9&3K*qPx>Fj|)pBT@e^DEN(INS)?y!Ny zX;Z)}hp~M&3=A??Sy{BIiAzmE{IE6B7G`i><5nNQL&dBlb_9(*!O*J1G}th-1(=Nf zk{bqT3iy}mSaGQQV#BK|Lu7-P3W_9*Fwuj3BQu6V%^MUiY*r|N=Z=w5Z9=ltqM0rG z4M2JP7Rws*(6DrC!s05By{MAnfGmjAF@;}iPKC?%ClM|;hsoBsicsrZb@87O1Il(G zBsK)bvU^QEX7W0o}#&u>wh*^dtM=KDtvOH8sfJkNi#YG`FI>z<#Lws}NlWBioRjz8zjh_-1ARnt-&fE?{fy-=lz*40F{c zG%dVb`|C(bY#Zl*X<}qV6ND_4rkEmRuDsOCVkJ=*#A>jD_9pYEHS;C*Lfv3@e>vEzlGEmj@a=4f<>FF0uVXhKpI&YYNa2UH$9ob8U?7yLbE623BLVyjp}DCv-01 z$>W2gP;Fr;Al(v!U`7)hgp3C@dFTYNwWEvP?G>>yte@QCgG#peV(f)k-&Re*i>B5( zVYPZ-c$x)XY76IRXES~k;0T02S;HhDe0zAoG`e%DBu*N}R~df-#TtIPh7u{6i*^R- zJZNGTg*3y@gv{+5YfJ7fBY@TX1>c4W0|CAXylh%(^aan%5&@&S)E{HCky=prP-yCVjZ`$Bo5e|#9p}^n%@QH88^=z@z+%h%vDyC~mt6xp6m<3TiotmzayXP(Up`jBZYLy4X zZ3*k#jLR-rvnhKmSwOBJ>^(0veo3S4H`^~15v8gMeV|Wong2VFeAms)6Q67s^KGG# zzSbE9KNHu1B<5LZfD15E3Q{;Y6VMUu0bB>%@)3>yy~`T)S1U~QLzitYwt37n1`yiC zvq+CxD}{FkojwHV;ZXJL3YT+q@D8L(#Y0s6m>EpG_KPyu;oQ+s57($)Oi$`9A20e| z>$x|cf)D&o*#ozKrsM5S!6Z~m&gAQG_lMJ~|8$a%%kiq+M1uO^rH@;ztUi2i*zLD) zk?Uf$fN7qZZm;Uec&QpiP_BL=vywiJLPQUO5_8dHOb6|qvH8r{ke^7}&C*e)^A0NS z;sY3_r;A4#AKk=;v%X6dpNmH)pWW<%)xGW<%Mgufp4UYvA4+#z-!XyTkF$RSUcHLMiDdW*Kk zWr2Of?-Od_$BP26wPA@Q_XWXfc*a+!+jY{>{V-3Wzebe3<#Oo_xPQ1XuGRk%uKM5( zTj?diM!;pt=I06W5{g@r36byZ|J3d*JsPFweT*T%%=|X%xXz;C!|y4qR`X$aY`+!< z&wY*At9g5}BWSmIVaLah#_MKR-f+2KCs^M{l=T@?d{b+drTR##iA~mdIQ#K_`NyNw zU*ptPVs@H+3|l>VpZPpAdhoi5Tb?n)O`xy#FuPwLI<3W*$o6@7r3veK9@Hg40A!v2 zoHVpcBy+y?D`(aE-qo*Y6(}7B7~iLT=T})3o=uOeWU^KKNH@6{~SIg znE$MHPp^%~7T^>r+jZaHhrCVlXZ9-o^e0r_{1`3KqU0utTXx*rChy#RK3t%?b~zPY z1c`gc)y8(W|C|mK^PD(US-sGkUZ#~kze3mozCW{=li>7eTVh$*X87ON(+Gb0)BO0K za<6_yHeyZSZFBxbjYs-Wo#f%P8)%Toeb^yPz|L1b{s82HZ#0+V+Id$CAAoelFS=K& zYtaI@oO>KJ`H!Eiqk5LXnsiUtPhE#XH$^v`JvbEtrfWePl-X}aQ@8*tiE=aya=1|m z(*&#{l%~XFNl>&-DrcLW7{H;^B`X_xJI{AFF1A=C;O-LGaIzvOSfb2P3N-wma^lQd zNO%b-k*GXH5`&poNXG~isIP9kW!=G$bH>K@R4x;Pc~hIwcDeDW_XJNIe`+e%wT>z) zmW$rC!HrBK6+|70)1^YmkFx9%6QziM7b^{=|C<8O{p814*zOriFo2#7C6mR#E5+t1 zjA%PlWNP?Ll{+5HbUoLi(8&QB#x$of1VTrGf17~jr6lD(C%mw8Ohg@KoH2$RTkV&G zLEG!Gh8Lr}@so)laP@X7-AXMP5tDF?jU6#ye~r0$=uErmsGg~&cYmA(PQdqosOxjf zr;?lI_Q(87d5b&l%F3X3Tjr%U+iP!$+iRxl4m9_5Imu4NEn90$MW=iA+j%L-m_3$V zn?l!Z=jM~D0DkjJ^hA18ZieT>(PLwD`5j*0<45T7wYh!8#{&@Ql!o7Z6XfUfl-oct z#J=c(&=|0-|i=W}o0ufFh*hZFUK z2&14*dO_MLwe^KpdVk5jDqUd=t8PQY*fY`zT-jIpy$juiZ`X%&XL>oJ+J^pNk7qkT zY};?M8n@v9aXqBlhV!z&ai`ZsuoDS!3xqo$%n?n7+dt@z8n=fkcL3W1L(s4M%FzSi z2kwWy6UQGnv#b0{n%kH3iWqB*HTsp~eVFq?|&IrEOFw`0jl)VLDODVXxQE!=h+7G`G4Z_1JH z0se04H#~9DET*8q+p5ui*Pxs?LC3)R88GKdQX-5*>z;G*9|mQLf#ew8+iT^mxdbxP zvbjD0kMGaiod=#qpU#(A@eWM#noIms?$s0DrZmIV9Y)xNjD~UZ?P;_sBT4q~oUHm7 zjeaIwri0~V-8Utw(kx^2d1r0RAVOw+($AvetfkbG$xfC(j{Y2bx4DyPu#8il!)c+yu8-fIZwk6B9ZQHhO+qP}nMwe~d zwrzFU*6(<;nK$txW_R~@kr^iyuQ)m{K0J?00K8olm3AtKbBX;}vdlJte|RF&6y?Dh`$f!1Q>Byr5d>0MSZ+y~ z`67*wFkE(*qeAZ-QTRB}7NXQR4EHalu?!o^Tj(TVB>h84_bi^uyL&0=tMq&4R_7nS zM*r$D1eu9;qMCw-q0&kE>m#GqwkLuwz<#OvUN)(|uH1!4d@bg*B?l>Ue+++EVPAh1 zNJ#3Ym=JFAa%dMqntEHBRu$wWVpg|U{F1H2Q!=Uym=F5<~pNHqyyt#?uohBBnSgI=JC$?-a==>@YUD5f|q9kY@x4M z0(eyeyUP7~&T2`<r!R|1G;M3($uIm=EYDs5gLN^wlQ{e+4 z8M`|3xDeh&bIzxga9539w`X*?zjU#ja87Qg(*x%4qw-X5k=yR4T0QXoWDi@Xb@noT zLeYMX{@wlGBbs@A&IeD}_C3#V%0_-~-}c`>cjNIl@F?N%zgWCYE*5)j*6CP!Z$oJ( zyuPn_8X4`sZQ#e7@+q!sm%Ya{z7KQU{xp8hkB`FGb^fotubU=Y*wN~GeeR#vQ?m3s zUi~6?n+d!IsA7Yhi+Omp>(Zr0t-m(~bFQ`=@Ododra?;>EY}%Nfvk*=r&q_!WsXlP zWu1B5MCAHBjFP~^icE?5tF&`)gDj`K>1)R%8K1A2#`{k|IwDI(OT%vaw=XEjTdN%{ zO=V5g|KhH|V&P$;ETsd@PI8p~%RaAZbQ@}c9B{B^tg(rIQw{$XIk;wM%>try3`VK$$g<=1kSt%$>UzvwvIsFmlZ zZ5AndEV`uUUG;bJ@IGwOy^@$2e8$e_b-8(wK76{Q-@EzPKkw4JteNuGKlibF$lcJL zD7q%ko1uZ6J|fqf{yIF~=ur3HXgs^i$}@iaZMT`Gqx&i)|4>2H=YD+R?{hzToT1nE zxSA)%-+OFe@B5l;&7bM>wOPykZrUvMMaQb!Ui|UvczOf#dtV$3KJ(lCC_DLEqWFzB zgflPemFgeo`P#(y728muPfHu!Vier2W`m|Z@_Y#9nB1;89i=TIx=qDLWQXiMf@_q% zPQmug@BE4W-!RDXRhe%74+ec8|9>#(`G3J6jyP(5&qmi4@7~5ycGH|&PGcOsrO{fi z>s70q^w4IU@k4x0mO`bNLvI)EnDy1~Ems%6Ebv1OZ=%h=5=UlXF`EnU4S!^|#$_?`!s+_oJEn%L|@gGd#coE*>ry z%dwvq0)QPVznlFS~xJ;|#~mFszVD;VI_Of$WqkNM)+IST)(Oj7Ltpds$A)GuNCFG+l+#Ayq>} z0a8&hA~{xlh|xd=S)3;579rcz;9R0oq`6wgdaGsl^!dkc3flB}_oXIRMHP~jTYGVG zP@t6z8~1HT*3EK-2zfJz5{2w)s_aS;VCxk`!*h^hcOY8c-u@`BYUb4}UQfzkrEuGMTU4rDpwSt&GEOi4J;ZKZc&G3 znnn^GNZH@qq`)656|6m1U_YGQe-%RV$8}E8LkRnZ6s~+R71XOwJsOYE+n${?qqPu8 zq|WJKgo9F*`JQ%AlaiU*rpcZ5`x;G1)?t#E&Zz#b{Ks}5m(3q+k=o`ps0i^$vc2;Z ze?J!;rBJw9`;> zFoP&}BMsVIg5adu?WS7iV0n{7da!!VigX+sdgI(zfz0OhVR3fl>3=Oy`Ix z*?!)V6k}60uM`?yq;VQ92^cX;@5z-|M2F0*l*N|DxC-;5r-Fb0avW}oZwPnR*)%i= zEl3Cw2bAqo45B3VoB1);Us4x2TZvLfwQKc(<}J6zg!j2_h4nGFXZLBxyG_}d$b(-9A>|Zuc7l(yI*@qc0YXj zf9;3&b^V0l^nHWY4z_IT`5g|r%kjLAw7Kc$`26&qR=q4hANmA4?qlVB+Iqbm*691+ z9fh_W^1tGF-|FCY-0dpQnWN)jZdVaqES9O%s_db4~MmX+2 zD#s9@O_&&pG4pmwDG%t9e=MW8#$Pd$S$H4RRrrD-N95FDJRRT06Ypz8-g|IDm3s+GjTFGRCbu}iNWt!N| zF+}9@8g4FaSXq9%hxsflxv)x;uF$NMcQnQ6b{5@@i!0B^B;8c})*k)D7c1G?6}J{z z-p&6m{!umm{frl+|3+#2xuwKg`&-YGU(_|v@BOm9N&H+laew!=ruW9Q_IlhTBu>(( zw%zGuVDd9wI~?!kEPhGN-}SS6fWF&HFstMJe%&kYXS}oZaC*|C?lmXV$;8_}@$NhP=N3W;fes*#K9FFf{ zGjD$t5BT3O z<+wfoZ-xi}u#W`*@NXmtz{%9e(23sE$kLAfKTmyQdpk4B|Fa8}s|oFbqMB8EQR%XG zQT!*#YCKw;6t}7lb;xB*@glt(?lFQ<`T_-n)&z&EwGmfBRu9jnD zP%RT5qPVzwh+`OTt|~~Jm(QQ*&YSj0j=$yAH|;n6Rh5KHH&>i5oc1Tpb zCk!ZX$E%f;WQZ{3Ee?$8r!IpR2uZ~^5+Ftgvs@{mT$)^!Szx$O&4=|qA;UE zQ}ZNbAhnYwy+|{aYE6)~X5;WcMqR{>298Gsu)4CPm<u%Zfxz?JzjVv(~@LHlQqwKO?)`K6(nCS808iWNfReS6qhCjtOc?9 zS6o}_`)xsk5>VAT!@Xww<`z#|;hM}Pt(BYRa-c|wBVFv2Fk|Y}fj%Upfoe5ij4$K} zDKKCO$xC6t`?nlORP&K%?k-;GFD)X3znFytt!H*6JBg{%vlk=gSxi5PtjkKJq%#=rj zO|D9)uAr`<8heKs5&ED26<9b>lzio1to)%r0e5ejZigd!g;@Hh2hG3GPN|6=KIYrDC-;q{y zt&Xh(N7_ai;MTytJ=#VQUkQ*1MgpLk3l(RR674{8rHSR~5BzpuH52jqHXN_fdZ3smnN6_0GzC9oa zvi)Pw1Ob`3C=_WUu|Akst{{43pvl;l_NYWQDXpBcHm3NI)$)hkZ#m1yS2i&U%HR{p zAliCEk|Xnlt2LqyJZKwHZXBO~YXU9MyyQxxDmPc45Rx+~MS7}Rwl#f%Oz(vhpdKMu z7!4L2Y5?gjEN#j_0R*^92Q1li(JOmp z9n5cVFC_oiD4N1UPHjQNp$A3>-D(4A=y_uQ!$i-3^dJfr0SpQVDl7)zjf5ctnWHWC zsHa|<%?Ep%wnMf zV1SfXC`ja_jt!++c448CLhxfy>8S$}oiR7XhGE;K!-mi`hIl1VLTN=gOmi8a_YOu} zm8q!CnZbjO8&{+V`elHx1(NL8NfbQ%XqHjp%K;-tm}p5@L~=W^O0U4B_+&w0MSI$m zDhsSz2HcCva-%AOB6&`clsRw0v71w#uuX}0BbO7BErPau=9SBYN|DWN!h8LeZY#i(w((}+f%~?EL$>hRY-;wjL<==>8e?(pkA?Agw(gma zB|Uk0;HwcjcP<;YSZ8maIdaV$GDTSVAzikYt)82Aob4u@m4l}Sw!n&c;%0xk&iETp1ZcSJNZEqykzeh|1hAU%ve})R z>FKCVD+C4nK3u~T(|MI4_uY40$MQgne_N9NsTa}|a*0~}31rNuwJRVA&; zf-vJMRHC~7q_|MD1}G@tscv3Rh`K=y8n6x}B@M`C4T+?{asQqQb)YND zm9RdS6NID?x6uh0<(-V;VTDQyDmmJqu__K$pdUB|M0eURLf06*8qR|fGRXp#JTPJ2 z=g(Cq%^&{N%5ivrXg~suu@_}$idKIAn&}rvoA_b3}i1JekuVK}8hMi0pW#AUa_`#s|iOIS{W%}HyY^}m1)BSs;nTtPq(j4=u01QIB= z%mfY+sNmDUAgA6=9A8-hxk?L8xPQVQ>Xm_HnH`pxg;fa*SS z-)dX1GpJprAq>cV!n6^=Ww1TIk-Fjr-R=`+E(<{Z^^&<|IT3zR(;`jMn}Z8zidHo? zDG0KPa;{T|CRy~iTg5G4$)TvD`<8T$K5l-}T@0_7o;>@46W+CZ4-@#jVTM!en*-5| z&AD##eQRaO>n@S2UHTGL6w-}FPi;`fimMBbNJDgY{15uGJh*2nKXabtL3e$QMm-NJLVNvM(ZTIVH76Z1Q zZ(q0?(ABHDSWthBrF$XUey|%9`pPov!K1MWUxKQuWWRi)HawGUxk9V4#xr7n9BhyQ z+B}G{AEb9-@hf0vU>6qN5hDjw$h+|@MN>HiCXK&XBp&jfWvLV!g94e@(A1fU7)SAE|D|JWhmS#-=s0A<0W&^z!?nYQ=bE397|38OA0Y$G8>S;`b*`(VMm}Y;L&HZ&@!FW2_5sEQbRCBvqbtwR7ACKu?>pyG=b3@(TXn@1C4eq_nS`r0xJ$|Xbn z-8Pl6T{fe?N4vJ)OTx58n{m=lN{~Exa!6lbY&luNknyv3^#n~jf+mF|)b8Gn4 zYilZxg6m!!I=?UZ_u@!8$(gSFZF{@J<4?mc^KWYOoXy7y+!_9^?DN;bm#*oI{*GQN zm!5aMtu=d5yk}4I={HZygWQ|g z)2U@`f3L%$sW#0qoMsieb@rpn9$NUH>JoRZS9n(RPd&b#yZR=-tNU+S^S0bvyK8Qz z-}ktaC;Hcxt4-FOe2aI<@7{1ct+jb_7u1^eGk0Hc?05LvH=~&`WhmMuvNiaxv*?wx zvOd4o-u=J$b3N)$_mJxM#qPUae_J*=`=IUoK5LHZc)w;>%`Km{t*PyLJ+IQcxbt;g zKNfPywW`eg_1*_J)<%7Xb39+=^YM8a9!1V7ZPMQ}$)oW(4D7CO3}?UY+kd-H3_N!4 zI3GhMhCY8~eU7q~R$9GoD|7RIrl8xx^gisq&J*AF_*^DkUV`1z)_NZF{XZ z&Z{rd{<#Y>y!2B)Tm1QWZezEgBmQRT|Bm^qcIz@Yb-r!)+^FZ{Xy zbH3flzs19=#BQ@xU9z{%KUVd5z6{KC?5W{b?)CgO-P(CRB>R8d=7VEp)3>>=#B<-h zw`LWQUia~8Yu$Z~e};FB)pcF@SuJ(8*~Ztxq%}X$cb=fleoP-ehUd@vo?gEUmWVsg z*?pUM3_Z8z%T8|ioMr2Ge@$fjcf1W$nE(2C^1aUkJw+T881g7FUGf@RwmYaVumFKnsw9>D%O(e_<{q$dMmx^y0d!Dd$tlC|oKt z@(>u~I6iglpYWf-`7yLxKi}uT%ELYxhh9n8)8wfDVJAt&mqvu{eG;-ryu1#DlyR;C zFFC?y4{D)(8QYQIVH41>rZQ9OrmkeMiZ~ENWqO5Ni|w=`qB;d6^adoValHR*c;6>GYmFg67>ifPSt!O~f^x z?e@4CB@LhDpRWGBCO)e|-*&Yue~Kl~ic{a+{JqZe>==r(ZA#qugj0P>2Nr8P4|2yc>Nma+2irD8!HyS(Qh|dtsK47=X2;jeJ$hP<+v?M z<2^W^c}36lApSZ*j-0J{GLO%HzghLC{k~&P#;A@%j}{%oA(}%ahm32~p+UJC`Fv=jh?YG(VpP?xqC@sEl6pwRNB|e*=-AXQ zje};7=ufpv_S56h=27RNarNd%2{QKk|Hueppb?Yo|0IO3efj!!z>646*jcoYkrWWUyP8_ z;P@K)Ch3HhNw{Q zgMP{MW)I>tel0`k5ToS93JvY_wTJce#iND2ZYwC~lM1Y~g&T!h#k#R0-A80FSvLXt zD@K~RR@>Y!VMB@SZNy0spN~r`jP_frpS_uZ5$qTiQ&$ldg!(>*8aBqpa2FV_mhf-p zZ!4`L`GQ2!|T& zCK3N^fPaLqGqz73AERfxtjy9Udp7T2FXK+enb?W!3J>?BU3V( zUoB7ei0d0WdDd@y#44(()F(4Z5&I??Fxv{yLCBst!4AO&s{cTfc^3>zJ&w3?7I!W% zXR9`11U5%>nj~TzA~F|q!$`yA3c0RO>N=wlpAXaE>Ib-;AW#;R+f;!w7FwsTp9u#2 z6+|K`lu3{$A+k)2jEK-&ER2Os;%Ia64k0$Z`AwHhNJChgGs=NnvfAi@g8EQc|winXRc`9Xe?~ zLWapQNyG?M(7KI65#63WzTIQsI&)+Tm$tc;Y$Q?wIAKoS){JvtWJ}45eR(^lG84H^ zpT!&*q6Cz+QxQrG;M4=cEdTZtcOJ0&@4g{QS&=6J(lv|)mS^wy z*;xV~pM669uv2nBU9fH%57WBo(5_YLo6aQ+-`E9|46G$O| ze7PcX`iBqz|COpn0-Dy+-=JwHS!>$Dw(0LfwFP1SL1j-GTrGi@? zII$NFki-a97IoNi(!W)qK7doQ(uHOuT}!z-=!-8d(I68EiKR(^Q%<1SJ6|w|D7JFB z&RQgL5bc+5L>vi)%YgtJqE8IPf__|6vTeu|s)hQt98Ox;h8>vN+jP5;V7fj9>nsEm zGD)c7NLmnR3l|~wzlmCUV&aJ!V^fDb2<>Vh8zWPVW5iNS7$<9{8?t+%?F0b(7-a_$ z>+}?qWM)9fg91#!uBDlLSK}NYpoPW}WYp5(*?yH^_pD zAfWC8i71ykj6QYIplQ^c)9AzyFwX^Cy(k(KqVr%u3z_pkWEP-`B(lN?eaDcHh3TcO zke!czsAVrEU20*3(gY;d4E@lOw946!b3m19nGL8-HEM&_6K8n{9o*8YWGn}S3&Jy5 zByjqx_QL?8p=nlHd|)S$LcBtzE4+t5U-5gyho8KMV-j=$=CIiHLq(eZ#Rf~ze;O51 z_|EMEfJu;tfsB||kp(o4GC_l4Tw4P(Exz0`7JbI<+<@hedw@LvpKLAZCUZ1?b&N3yyEAus`Ti z>FdmyucF24=zR=t`R9C9@4iM-_g3tt{5G0-7$45NSZ^n|twHBfqei5qJ6}hB?nd^0 zx^AvUVzDRrcwR6!UQVOwUKa-Qt2ck;uA5c}(SJ@Xl~_~)*t^#>{q{RzKXLQy$!vO( z+0U2BN;*h7#XmpVI-={wywvKd@`m*G-@Mhs`8u7`Fxm1uK331=^;YM;|H`X(`SlX} zT{>m9JjJKS-#v3eukv&lEd|Z-IzOCoiACc-=6$&;u1crP6sU*axblY+c}uzR?r?Jc zuEgh8|NU~?@ONYFZup`;7*u6)c^&G>e^u#bY@Fk2ce?%8m{oI)>z?U4R#~T;?RF+I z7sTm5k^7KM|NF7?k(kVjZojAFzs98X8a*Sh871+#+05*Yxvh@ z$d>&Da}gJM4vme5aouV8T2pk(|5>Gp3A=gUm`01jKsb*X#<;dsRe>u>pvuRf`Myr8 z-Cu8_*$zBiU}7Vpm}ZB;WEgU3MB_|trru6nnY6jAgI-h*!=H>E*AH@j3ArRm4OLWn z$|^<=W%lhSRt!uL)4Cf65EIZKA!Mzd+$w;stlq(iq(t2!!clFN%8OW2#l%_^$J=ci zDKM`ON%)SuGOs3DbWx9A{?GSNghNAPwEbuh7V(rO(|RUh{EaXD4QMTGEa*21zIt@wJ@HODW^?7e^F9$LJT~jc zR%H0C^13R$mjm|_5BIx~`z|E$w!eSVMK11!*6n+Euj-s<=W(&*YksQN{S;pl-K)2I zORw!l^!q*a!(CQ{9X-u154-1max`eo&Me;o`UC5W1u=9rjbn7cEl0bbsvAv_JwmZ!aqWP*yDlF7v>-K zdIbE&;fD-=p!~+-_o^5XI`akp-*Q-W?CSuAQaNLU6o8FWiOYTiy1?lb7KuicG|{P~`GJ+G zn6m85dz_u4Og=NKINaNL-mcHsHh)0<7jA!{KEJxY>+m0BHl`*M&F!8ozq*`E#Kc6z zzKEDfn%r)O^MEntCr=tqH@j+2&Wrmezmt29O6!XkmD)VY6sHq#_-ik-PObbIR`n?| zXL|Lz6si$1`;KJ`Hm|a(6QK?5w%g6;umYI3HwF0QRAf=bP^dEd`bm0qz5nssK*vIw@=NExizu{sKKE!CJ~ z&2TAPDpe+qt57jo9&}t*T&j{LR;)1XT&oU)OYPXTpP_731?>Gs>DobRR4rKzK$Myl zn;tVal!^uxfCekMGDe=!q;x2!zyB!ps2|WYK%G(_JD)U8{#uTx)xt$Nl{{2N=}xmwvcrM{zyZ#a?4FtqfNZ%kXq1#gjAlJ=&dJmu3OHTkSKp56>3>=v9uk>E(ve# z!(}gMM^1xTmy}NJ>Ts$^u&hI`9^9oAPVj(hj=au@=vc;u_?zWcbZ$?M4X_E3W@i0N z<&k*6y(lYn2t+Bq-aCiebo-_w`+_@jt$M{B*xI7}B6DL0$+iY%r%_9;99wvLl|VdSC=aNuGFMYpj2Zn(&+jEiKY~*q!`ttNm$@Z0eCUNnp9&qQkq^EDGS$9TSnKpGMWu zKe=I50Qzt4@#3OzXPO2Z9;Roq_!~TI@_oLBq4}WTS(qMW`x`u*;Hp1T9lCX_>Bs+% znsWTtk?SY_fo7RP_{$S4M$|zW*wRX2cm)~u>)*%aBaGd8^EU)6&X5?4!f{ArDPE~{ zMmfSz&gwFIs_NpfS>RZ30aCYDGq1tmd>3L;#xxbQ?}V9v7B z5-?dn?ucHY?@8IlX4d=UPpUwP9CS}uef~IzO=E(de4kxsZ7Mfya6ELAG z?PDI*p^(u8@w0Nq9TN%g;2iVqCv)4S6C=U3hmI}C$(Z8ZB636-jJb>L>9g8QM3e}Q zJ(p}u5ue>4e?n{pU_p)bn0l8W&14!q125;(`!$~p7N_1j{OqW zI28oW_BrV@jyFLR2riA+MNm3+Jz(Ke0v_lzZt}mT(G1~C@=WVTVx#~;(SM9%A^t#9 z>Rqzt1r;FxWc;G6TZ3{BLs2L=IP?YBBngv|fso;L->j4$Jmau+_r_|Ac;pL|jQK)$ zHhO$AE|FtW(Zs)zh;;9Z`7kN$OB}+|rO2XKaCsPGPqnhuURDINKR;PsRy@Q!|ApK2 z+4U&palb>8V@a{c=}uMdb*~3Zku?Ne5=0W%gG=V~4FPcprt4?BBUp#>TD)RR?wly1 zOuoQeM8!!c^d-?QyfQfi9Ne$Sd+f`mgh_mu+`r^ zqcZT%@`MoEZ`@v=Rm27Pa-_Y9mbBQK1f3-)XT3E}X&Vq@O~zRfDxtI`hqMWYwC0wS z(Hi|v21+*G#B)-?CMnv~V=9DAG_=L%tiC1>Z)S+J0FNlaB>`uR#+fG~sm3MxY#B1i zcME~BRBTkoCJWw#*eHrk+SycWl;#$5vl^R#y9U{)WkgyWji?wI4?rW|Y6jV;B%MIJ zCfTTtO_trHY!u{{UA0Cw$#n~RvNoU40<9|nd&Nb9R&E}AlNoK{Q|11CG23(kssUwqagsq3NwN8tcVua0|!kW}Lk-KhK zofrBtw`^Pd)z-*K1JF#LE6?E+6cR3y}xUtPf{woPT08VIGkWkcHEg+rpd5; z4dS8&j~Ui^1Mc8ZyZG&8tzwJnojc8ZJj1fXcH4HTTlSYYH(d3x-ii+fOUA!_bdjow z!>6Geyn#anL78=2TxP}7b_Ee%nd#X|0v3HS_qLv+*;AQj(u!u!6MrC!$ceCl#sgGT z2i-X0n2GuAjZN2Q0VX8|Lb=sZIU~ruhf;z*key&)>l^EH38$I-933kouXF=t7=rZ3 zAb=Exp`?^&8@=vHom|*e3^AwH}+Vr z*svGbv$$2b7%%d*e3Jb7I5BXr_qL?7LArA5xAW>?gDBue6Yj~5llrR@wn6*>zS~q8 zUaBGZHmkGIb{s`+rXg(dLC}w;nMg)H0%aF4Zm($0f(ekE2vsje&_n1>1nk}P-_jyYSTS-U{z7D~y}MEV<#54o6|!YB&!5i{&<#)~{2Tot4}I@EsUjPhBZZrOUs+@TV>jBgE4|M|2tW z+38&+Lu7FPmhk+xm6m8RO$j4JWYPln!CiodVj5)8+BCTN=F0=YR#7q!MWvIhhDV$j z{!iejy~2w{#`JPryR>c^QMk7XaT1e}6quJ;fVH%Zb1E;639Ldid%g01Ltmmz>jXM4Q)uPak33WwyA;EXJqxiPXaxA0aUOb* z9^SYGevlr-N#P>heZKLN4=3EYy>ZeP$@i2#zjILmZH zUXVDe_M38L6CGYpI^ZbJlV;r|$aNP(+cW@lB%QlgyQ=^S@fPdI)FU9I*#ouZR^Gd)kz_u(L{Xl zkQ8IcR`OmiXF3FSpb@S?FW=oo!5uT_=qTU0>gjVq!L^}|Kcc4dTvB9xmVUI{-d>||EyzCDxCkLG04oFE`QE^nez2ZaQ1PD~RX{R3op{lYU3Nn3X zNV-wy6+&(bpL)n#)4sFjfN369<-F6#h*PU@=S30~LuR(J>z(B8Dh?0asYw9nfmQqI zGN9qzYfAbe<1qhX&Wn?UTyT>(;#7L0fhlrjQci8WVL;X795|nY>%~pv;JY43=jC6pL%}p0G@3z zJdkl;&^_?$H9^3XLhyNCc{hBa*RU%;4w0KexvU;~z#nw*eDGY(`F9Gb(-7(+uFOmG z-mc@aUaa@XAb%j3do^ql=T7=HR;yk^6ZhB)-6E;A@xMMY?UdIa=h&-Pt14c>$0}>( zUtpJMnhw%h3~K{a#FYHbccA@NP(Uw;zbvIE&!~nE(4hWT`zQ=h{T?(Jty6Cu!Sq1J zShXpA7({&{K8WjXN$=8qh-mmy!H3XWq~l3@1A2{bZF?^*iJ&eG=m$#Dekc2q3Gduj zEbGR}52?Jj`&0Eoh?NUDYe^%M5ZJnt<*{DbRJf-kG>9}*#nM&TI=G3qW+I+E1C+v zs^z^ORx7P4zR#j7eX$Ah2spF_pOHGGcARgUMY||)e*t&om1*FfpEsi)`CRW@1&TrT zzv!g+T-ndcI_=T@5nlv+8!$ow68ES*1_o{&H3e>86(7I@^-^g58gsq=o$|@Sa-L|n zYy{)?n&9-0NT5$d0V+Q_mR_gonn3UEIc5g+MGn5v416zhm zR1u6$XRw310L@Kc%m0k6{yYhi?)~+epzkELr<06QA`Ua0UetlAd*6W+|!jM`{L?!?sw$5!{-w z?AmPRhu)Nx>sl!N7M;g)+zhwf)CaXCFT1u``Voso8PkaSSs7>}AZjD@@()*sB~gG& z;yq$@$oEK(Kcehq7~TY)rRBmypc~pc+0(#x;yI%PyWl55RpB{sRbzm`QMprB=m=B> zoLy6VkUu_C&Fw2DAI5dG>^nmwzc+qbj22V*IIANdW=O#7U` zq0=~+qS&dHf57*Wn_K;(>fsK{1A(_<`@VFUD6{+8>5I>kCH*)gynh~O{`?E{pBBwD zcNOF_fW;~TB3bYRvS*?40_jwUAS5ZEup|Q^fKu~fvkh9*ieES`C>+jX~)x6uQ4d>ZuF6=;oI|2jT`8S9)Eads>B=ga9Q?sevEs|rji*O$%8n>9?YS;PL)`A7xUj?h*`r~w`DeJXV)w^~pIqnwiNd2R=i z)7JG*Zc0nulyo=Lk*!)d`a6_*;f=ifMXgMkTB~c_5$cjHXlU!$A{GCJN-tTdF;ci9 zDC165Sz5Ht*@}niSU;fCL|Bf-dmE4c%*HAWf9o5!R`9|*qdjPIS(ym(*y=X^v4-35 zEWXlqC9Mc6cM_B;oBFX=D?(eoVd<>2DVfefj|HuEDP4%R3&i4Un`FO@vNbkXuPgNo zkCr?#bW+0UtU+;XRj_>CDq0qdXfiqdTedTm_*`qF%HIo}$=Pp%Vq|W^=9lIQ-eN0V zd&*RIvfu>#GBq3P@=24)6sG+wuiD1G4b}b5H-RTN5q^Gy`c#EsHKK=*KetT?Jq#Z2 zxU8_BLc{Mm3VCy{xMLo!c$yO^rg^bOFKlGQ%M!(Kdn<1vZxiJnz0UE@7Ce}^{wC({ z*tAr1E)W{no7lT&cGzq)o^@Fl5uVN_DzHNx*0vF<8*SG?U}1uo(xYIdU|UDwux<-+ zS1Tni1!x%;(w5>|r2NnmBCVKS*HzLG3CC1z8C!j`h8!~tf%oO|e6!@nP5ka5HSPkc z5-uH7N3SSVu3dZn4)+|OA?Qx<%Uk+wGLZ<}jKSL~jjpYEPTgcxZ02kUF>(t%M5ez? zl0r#N>Lx6My{DGYb&b{wzWbkx7pLNxpQ9DchGsUlfxONv`4#5v_=?>ot@s@^Ar3dY z%~$!kETU$U@M`0q1vewL-MlM{_z&7)4h0y8(Ba}F(sPPrZPl*n-GPp|Po>M-p-we} z+%L|rB1Mx6SI8wL&zsL;s)sfjPn(!{q zpeIEAcu{KbhaW0@m0sivA~#^lYac@EJwuGTKlo}J$= zIk+j9<{xf^o?}u&4Sh@vcLa$Y4Z=rrYw7=DY3p>_&Yqsvaq#W%1~Y2x)!hSET!cr;1X`WuBZ%Z(nZ!dtdz=0JEu{d=;*Ne4!r$rd6yk?+2$H!N>z8k8h^c- zW3=h{TJm1KbR>60KU_$$iw<{qe~xSyFhnjt0-R$|0~^cPPJ4;I29I}??$D-`?ylOY zKHWLPOhKj=;Ep^@YD0*J3ectOI*w7dUX%wFGi=uQdp@)#kOisKjCI2Qmja-b9A(kbc)Cpi-!}W=ja74 zVNleRA?WgIr}=y#D4AI|M|Fh>+EPk3Xm{pl4l!+G_9z|sN(Ohiir39LRG)|%Ec_Dk zdwIHGe&I}-k?JIE38#GiJ)zMNHwKTo0n2Sf=c|5xWQQ~_cTtUmyeLh71^HC_ThLj7 zv-QJt^H6v{m=jt>Aa5eUs>mX=m^H+-;c*Q7@R<6MRyIIV;hl4bf$Xb;P<=n1S<$`$6ARbyLKjI` z6ATB4F+^zl8Xux30wYjej_z4gvn5T2UK1Z2FMnrX@V+!j;{7@U)2{iP1iaHn!gyfb zfCf*d43Rg{_utTL4Wxo+fw1cnv*Iod;X4zkK#?c$dMipxiVEtA8&OHY0fhviHpU}_ zLJ_1iq+?8}VXtJMUg0R9ykld3cnx|gLVz-ul3_|=PQS2JN|W2Z|Do#~f&~k< zHGOQ`wr$(CZQHhO+qPN9b{*TcyE@*R+>YDB9PNxf$rV4o#a!^C2?n&l9T4>?kBjw7 zF|`BK{N+>pTZmL~k&hHj>;ab34?w#z=c_Q34E!~(*Y|YW!ZeHbH`Le=G*ph)jeB%fV{kWJPs4R#+*o9vOMuA#^D4dJ7tCheqOE{o0~u zq*uzCTUNbg%0Mo8b*XUl@dLj$$>AX_^%H;I0XtUE&PgW!QrxcuUSh`Itn!t}M(CF$ zFe01^Rp9GY>g^MMA203HJ%ECA5}CIi4? z0EGc~8jyOA!vK687%qT#55xobHo$TZbspj&7(fB~4Zvdnod6hx0Dc^_4tPy~^A6$- zy8^x{n2Z2x8Axy*rv-pk(0d+`2eK>3ZVz)F_z7fN(4PTi>Rb-+(6rLJw?d z5QYJH8mvCJ(|}L|YzL@%klTRv4de<~n3+2n zI#~Q~M9JC)TN5>J;`vZ6OR}C8P-*8H`GwMgtQn zX(Ks$^(a!-Qf$u^2WINU<)vArg_^7z(QO6hPSQkArB|o5@V8$uN!bb4q1;Ktf$-)Mu5-4A+(K^%~R54a>|X ztFkIDD&@)ylg5hU%Ct$k@(S?k&XnBJV6PFGN|UkD2dhz=`t(RK^j6VcSd?*kVRq(R z)~xv8utKM@gQ`^3;(|Kr%Xci5q_A$4;*fSLSW021wYtw|( z0=WUzC03yqNx#U1t^>JVddD26j2X5=EBtE$W`aIEjS|uB0e4Q_GAKvQChTLBw!(JY7fk3oAj{BJKrQ`kgJG&yajoSI0h*sp=Kf*JM$tZU~Nlt2+Lb zE|RUs>3=a7Zs8I4g!h76S7jFgZtpeCahui!i`-PI!@=$>2RP*;To+`i3hfKl49`iC z^c&Gm5dBxXI^gfoYpZE@)Fe;p+eA%8A1Em}$Q|KE2{qZb9yUhi=9h6v<_P7ogh?3u z$P>O;{fS+`b%P+{g&~P9+qC;C2qODoqk%FX5ht`pnIa#mS7Fyr@?7EB&Pcw7M|@da z@mZrD6HvwT9vzcHC3|^7D_{e7pG(!#JY;CDKq2_|8_7wKmb(Nk6H|IYG&Q(L^p6|Y zhWH@P5p0Ur<&&J=sb58x25jvei{p+27#AvOt($9;(f0?a{pvXP2n$^katDg#?v;G{`?tyV(e~?xRF2KKs zWZe%R9zcxZhXMjsKo($0MkrQjE!SxQm|;*ZVj!p}2w(=!u;WG@(BX-%F+40|jvCMa znjsmqk&ZA1V1DW|Fb%jodf33iR1U{zR|g=)KX??;VucDL2LwWrja&nC^zO()zY2GH z7br?PCXH><@(ir<RaM!RXYyy(z$3-){P4ttInQl>ohK-bv3sCFg<9T4y@?esFwl3?u zldxE3jWHh{!2J!F(@-3c71~Gfmce;J{3|0~bv^q528+@)y zur2HT%-~BrPFD6B48yVyo*{QVNcKq(UH)NKW)FyI#t7SM2+zJRo@G=d%XpdnbWirP zxzU^m?Mo(5mgP`Z+4l)k%j_Po;u7)xnK9d#gY79z;D>eycy8hq48EfMvdj|YnQ2It zDR1b}b9sxeDChXcy6B$UEZ^jQ6DwnyZ*Udyr8~?wWy8`JSM~)ltUGcgr}zbUlU#SGHWzlax1K5+5eM2RZQ6`&KWaMnvrGoi;hNvHjPV|H%7p@4@}S-;=@T zy3ct|Rl#lzL}jaugc^gO*Kz$@GRK_(Z%O`mE63c~&X|S|1j+cN zu>1k0F(a`2AtiHX)N6g{V`b_IZdJIdeO9d+jECR5PJ~vP))Ow5iM4Bwb;z|Z6ZWM) z!T+=5<$FH(jGrMz$$*XlgTOSiI?^w+u0{~ z{dYEe?sudc_fEB@VD|h?&l?G$uTdEP7T;&~TmR=fYWyz|j_2w%zKHA3o#DR&+uGhc z7`+Z({HNwT<-+uS)Nka|xZd~RgS&a&?|+I`}^)&FXwP~enxfm-?oq0$#ym0Hy@_;Pv=g>U-WPN9_@bc+o{Ibxbe1izTbwr zfnV`E?aZQoL!6bD_vB_Yx02_44tbA!Ne~8!-$LmOi|5HfLIeqEVxSZah1RLBkYAv| zLx_hI_cQKD35iWYMGFbeghV+gF@};H6f)2chEf=4ry-n!)D!X=iv*7P|8vr5elkfl zMF0Tszy<)o{O^;F)Bj948lDc=Yo5EKK_l7-()67P6p35{L0oAlk_sgxN-U+vq-P}+ z!K<_gAZa8L2+;HZib?PjNsA3}y4*`H2et4Mjfa^XOBzjAEpg;=IU|-h+;M+0+xUz* zb4TQ~&5ugltlJ|$y}RK_OuiE_txp{LUwe1m{cp7`*ll(04V6Iu2Fjm8RfB&0XF;6eA)S>;Q^CDc}?%a$;cGG0hYlp5L7#YIIiK# zlq)hr6el~(HUy|52*}8rAjnMgDU5by#*~eP%C+X6A}>bfng+__DBA4oA~elNUNAZ6 zz-xaM&2(W(%tdA=S~HGT++4WA*d>q=i;ud;NnpfqTUkqv!E8oWtHPhjT9EM5PMN|m zTQwIeH`4&QS^p*)T5HjbR^l$5Fgf~nw(DmIKHNRD+V7AR^*2M$E{v zgxMNHwDU5{i~|RjytqZ_1H)KVMxmwjSd*9>%%$A4mQVh?2-DCMKG6rvoa|RCFl%Wf zmyX0~)90dn9U{#7jHs+iYeYm~z7+jA`X*fZz(Y4oB(X_56qn5Tjpg$Rj+ShwrptU5 zG0+;$GPvXlOQysufeqZ+BwY_I6(vn0eJdWlS`K@6>=8{ zX+-&AX$u7|t&-+w0teNE(O3THKKh&VGY90<8#W9$m;a3ZEb*Wv;Z{>Pm_`Eb4Zv*RvnS-z$Yz{@&bVTiAG5cf5E*;o#^Bs^{^x8 zLviSm;EZ;ehDadC4-zM={E6lWd2_Osl(NIt0J1F7K<$4x$73M5NI-j+c0wwfCFTc>ME+o% zfpi0^JdLQeBbOy630qNWnsy0VmxE=b6g{|R(B8!{KoNv~&|gvqe76glCX@yOgJ(Ix zmOE1%`p5AO3TlvBrDz&==S8I%Xl$W*x-q99pF0!LPMBa=G{r(gPK?;LLN4y;eQJnm zIL2X#WYG&s5EBSTO%u?Svo|Ny4=f!0EZW60Dt=H=>c`#%7HATt1j2Zqy7^=T$j|`$ zMhRw^3Igp`hC<%H#Xg{Fn#G`CE(?8IZM$cO^f@VO3${WuNK^||+NMcILs$eBZ(B4? z*iKZ1bvy9ZFtAY^N^rl}V14UEwmqzX%Ld15P>vX}#hX35mT|2;tia3ZvDLtJwbRqG z7CiAw8Yg1WLfO^ND@DmM>hq`Z^Gr+Wa5BwPNF7Sbt|-11=>X{tJg1q2%gJ5nX)U6; zS&PNzPG9yH)3xizou`3pyXYqYYwCXni)3#`)gT(rf-i6PMd?mnL0hz&F5^7Ud8@>2 zttg<9+?dF%Z2?NDOeUnzA*y`9o)ZE;FE}rF+cn{0I4qfJesTq0v`xT5YeT=FGo?ab zBDrC72qki!&2kFC^J2Fe1)StJ&xT22EXQTQfSI@fwS1d~39_k>fwf*iFr-cMxLFm= zNU|S3debs*+P^0YAJA?$boxmMXKwQAAS&ZRsH6 zKk4q=%O z6{qhh;NlO~JW$$svBJa^^F%I7JFXL#%!lVyPReO9#eJ|2nTpr0zW zMZ|a928I*ATCnaNNI01B|2VK%B`QV<6^*TnzTUV=aYZD>6_(%zrBq-%?2yQMxJygk z;#ua9Lq?N0tia^R9>hGHclxr)-Gb#>ATP(zWHKbTjC0tmp-opoj%WXiP6O4pffPta zlT@BkM#~J9_Znc%PU%112y0)5t3XX?YblAO8M4eda(|Tyo=yvN)7Gai+S!-l?0tM0 zGOh@;5z3Gp2;AH(;RYdTlt%cvUW62J9lGHRXpX3g{7FiedpHUab+VaDPPS27 zUrNC$xTVNy;MOYLtXNTAB|Xaz@cUBXCobqM*tOLS3Y)iyyv~2{biDY?R69q}N;`Bj zo!NfkC(kBZ^5_B+U^CtiaW=k>p)+F94dE4~q35O_9D)a$4RsX;r1gPQo;CT_aK_+; zx8@r@eOCA}ssSjrZcJn7!mEz^&Znx+pJZG3)n?4P(4V+dF^4XuG*boa?GkW4%C#5d0%StTj`j9ctG zpl|#*zw(J%c+!Wn247MVA-rlC+R7Ir>jWx%r19<*=`+FAZx!sJKI?yYV?PiLNiQ0!UO9k!riM>tF~ zT6JLN-5<2DqT!rrAB{P~%o%!LjUoH~q?h{d2P9yc!4-RkrFLxe(V1bedn@%>TN6oN zN|=uv6vLmr_O1U8C-mQ5Z$qz~pFL7PC7nO2hXewj;_dbxYF{3|^nYFU+jevAI9eQ` zNAGHPm)wL)$M?Q&(cbE8iRD4&+Z-)?=H{0w~eAMbJ;cYeO-WzWI%{~kwn#`A7yy)RwV^Y(x5hr`L% z|D&a&-|+htQGHqL4x9VG23jvzlk0V1_?_JU(&~D8yyM?!r`2V1-zh$9_~*JGbsoO% zww}sQK*MjT-j`pIhC_+ENi=`_oc_JK7SH>7SLtxLM|L@+{mb!o6YtLVcsI54=hN@^DQYl(i;K;F zf9BAi8rq<+HQk_lO#kOPCj?r2M^(>?~6J^)FGSllx ztoff_cmH|M{nu3R-?!~Ge!TL4q!EirhUalbW&Fm#lyl>J*lYSUMZX-l@H|<{Eo(l@ zOEii}XAyR0NMhDO&sCN>D;ryzwob7uzlJFV4aJ=7d?uny7Z)nlM@iNpJ_cn5{CH=m zZvk=s{CE}egU(rj7fFwO-N|0e4RexeuhIkJivcERvryUC2k zp0HW^GQz|tQs;Y2el=f0TDPF++z7Ic6aI2wJ@y%&Is4_ABahoVitFMrxnktEv|@Ok zH!1UTc%i)-2x72-7^tPv*ofSG?d))r+r-$hJou=a_l5Rd zs~wNu6`dJtbatKX8+r z=5@jyiaPY}k%kW0D|Gkh-~&F#eh-b92uDS9XmBU1WYVepG&C(3Rp3m7+NKA~CFiYQ z;Q!PnN|I8zLcsw55TF472>!b^;rwsKgo~w(^Z!T`YQ8qhCz$@e^|!OPq;kHe(n1gj zty4ng)4%j zUFmikw)|Weg{D125@<5C?ElDAb56;nU+L^XS#Wv_FiT3Rx7x_9spzr02(O@QV=&Ng z7i7N2?93^tih9;}&*Y!8%52)h4zM2SJOFq%avM%wVLIl{KICi!Pn@i`I+GX12uxy8+j! zvY9R6Y7pCU<%|*6Q)F0H(vv=Ys<{V{JSp|pNaW`q+To|*Mf zNXT`RAma*$KU9DnkEs7wuNX4wA6T1$L3fm^8-*d~VkdB_9dKA6_F+vEGJ=Bc03IQA zffW3=zT#M~7Y3SfRz14#0ws+>!XvdH`&wX_(fb*QYXz-2kxx?)Cq%rnw99NJD@$dP@H0xvaTSQd7Yys(y$LJ-L$FfL;h z@gMgo1f#leMix#Te(+T2Zr#WaO)pN=!YsN2grHOeMLII*O(DiU@VxDTS=iQxd6*Tt zNu=|ys6o~_?TDL33kU($@J!YmyP>HnyX~t@cs3X!5<=mMH%I5Wou?xOy`G=nR@sb$ zwB=_N6k0r#f+(>=LfmW=)uYba4~zvQlN06xOq&N)E<@Ed@kz{rxi_bo4Q1-Q(kPZ_Y8hZp2L#6SQ> z!A3IWugsi3nnBws|2cDIzH@y4)w|4O-)yek>}9V`avtw_;Liz=hrIrNpc67YUp-$w z`dB-kx$^9*p|re6n%%S|oUzRl*&wtJt6B5ap#&&TX3xOyM`@6EGve69D_aqJv>c)zFPLSJ3o?MRcy zEkpea&(o2i(!@gcwx5T1a(*4HZxiXwglCy=cQ(E)$5&c%mzP8T=@b74snO72e-D$* zG}-g~)#)GQgUl@0%@e=-!JE)qUj_etyNAQff1?xohlOnw`&`Icx>~(_^0)o{5tzUd z@1yOVmlk-&#Y8J!h5WKNo&|n&+GZQ%YkmBYr8>9|)sS$S9C{300sV+B@5=Bl1D%fk zwYJNfff2ZC#rX4OSY@eume#6k$>ik2d!`%wK1{PQIEGryLbE}ej-5%8DJ zMW#=dwKQxI+zG(q0@9hJI%_khbq4U{o5s(*Bie24$>S9gg(}HCit6OF4fctKrymR_ zFa5rfANF|A*U{i+N) zr&9mVYH>ZI6W-Q%YZwr^*IAxcyHN>waDO|@=1!}xHTAq5m!rS%)Bq>+$}Z9Zpj%@7;8}oVobDj6a|6f#^^} z>xI7gzju?)%yKyT?Uws(sqy+=$J0g8>Azjp8{*dDD{ZV}BE-V@)OiFiGA&Z;6F|{~r*qy>vP$tdo#@4#`dk%ZyOj#X00 z9RrGtD;N-wes1dy;wTV8p(3S27tzn;4}L5$S<&u=N*M5T6L{E>#BU=@xOSEM4_+=& zmx@d)lti_mACi3LBdxKwgFuD^?Z}?c zL1{=}PyWPg3>{I7aaa*MLx%u{1Yr@r**)5jz$>(ma|!g|YzW}aq;+qMEujomj3YwU zz;a?=7(O|u4j2V%KjkxUVSYv!h7M{o2Awz<1mxucVBl!XE#moO#MOZUzQ8td4PpSB zKd4VSBFK>N5H5Bh$A?xj$dMJYh^r$6Y=3#!a1#KVsU4|vE%U6)s4ZZ(CxKh6s6DvA zK$UUmW@3k_ym7!L4;`kCIczTChtmc*c=RyCb#FMXAV&@Lg>m4n;)T)L`9{Oy%GW*c z?hFnA;uDw>20{nKMH9tf7aWbO4++ zk?Ad*Kyoo{h%u?Hkyu&~A5{p3;ua5*J4jav*uE{p4fvD5?*AegiVwqanpH{0@2wsu z7*7Q%7`L3LAn_)HPiJkoh_s5VH|}MJR~~wW45p<5(_rKL8SKL>#a{sTwrr;JXN!GL z((8+v+rRE5$wItWQ8%Qo%@%P2E(FKZ6j1g>1i6PoU?spfhwy@I&P0hemXc`%OOjqT zFl(k*g@_C=ZOSxyPf|gyWf$%%W6D~CB1>X0Hfsh&MllFtmm1&4-v5qB6}(AgQ=_+T zDlc1VC=;ho4?}kmy%;983{eY7k$PC1eFZfrJpsf41wktTEec2qNJ3^PHbRS#p1(wL zkOEpI-&+RBNed7sF~|vkg|>Um)sp4*Q%<$kR`?NnpC071x_{r@^fT*z{5G>(?9}xh%?o1xL1~12 z$;VuO%y;gd>b~f;{&l$RrQiKoWZ;g){{0~Jaj&TSb)T}&T1_vgj(g1h$EJJRk>=i7 ztKzC(XQy{;-7aCOcrC+e;+5kLd0|FRpXfjHd+mPpeRQk)tNxMP%}nObRYLQUDoqbjBQ`%V+hwD#wJ!^^?n>-5*-rp*31t063n=sH;P3>xIdtT3<`yJH{ z8Il#>QV-4J(xq!~`%ZZizl7JNf4G!xzukyUQWfW)eD~bRE`~$BGY9ra@M2ctDCZJsh@u$nn z5-aOL2J^mtuxTY0HrbxA(-f|eX^K2G8~QfURtBp;CW)=2Es9Ng?jXQZvA3eBJ^&ca zDB^-~Iz|kV*_6##4<@g~^Ws03?%Y968jg{Q+3j$tTB{R$3qZ}G`YJRGXUm#J#N*5R zql&mMQg+ZGF4_cQGPZ$|Rvbgq=Fxl4-6aj&d1Ec+QAoB9PBlebCZGO{1lH0%3AAD7 zHElhA4@247Y_*|s^R;$;3cSt!YF6`AUR(!zQ*M6bUcDV1-CXp%ggUp?QpkQgps8lA zKAw-RrQ`JYg={+foVjlH+s$iiQnh_9gA&-!G>x!b@9O<9Wb-w7v%2>;to!nLI47*FxV-;-_}5>|4k&$?ckI|1 zRELl~llmZv6WaXPW(&oR%KWs~3+d5dcG`)^JAb6dBz`(?|h9rtta z%l1#o!IiEFzv)?kzMwro8Ft7|!om=C+!OYj|8_nx+sRl9Xra)|3^H{XM{ z-4=CT{AyJT7$qg3`wCcgla>vqRo&~UwzVi*T}PmH`|1mKZDefjP?;KU>flSo32+na^A>%GB8R-5j*f3=t(a_3uz*GU_(qEnF!z4mwwAW|AUJ8tS+ zup9f#x(g4|NwBkaq$X`ab@drwTJ1@4Qw2EGtk<>`%k|p1wJKHXRnz6L7a_dTw~Sqn5a|-# zhkv@R>&rmm?+8``+}6q&V8CwD%RMnLHLE1fk5yRFrCHeUC( zY*G-B+tf2pa@sQVZ^NCF%076Hou^%{Zm-|>Ue5lBvK}5rUDIsG1sSPj-%3GW@7p|M z!}a%Au>`9VTP9|rnBbVDq_GWQaj`F_%y+Yeh22|iw!1XzKcZL~mrc;TZnJta>u%?U z2-e1@LQyGiZJg89b+sOe-TDjLe*6KqP}!>ejMxGNRF`N=OszL{&z_{vu?V+?xJ$~2 z{9w52^p&<|1>)7?=G%Y0M0NF1>%odx@70pri@phIl;l^aRLq2kgmNfhTf5nX2m_53 z+aX4&N+dh6-p`wIC0Gv3?J!*E#sH)QB4XProEso)03_;Mv{A>oCm0&Zwbq-4{+Ac2 z^>_zM&zAji=9^my<;fX^A*xs1894UBN?!-r<*L0zF{NxG}FA;OeyWpVK z%P#j>FF`w>$}C5q>ewr`6*U4@XbKE*Bt2x{^%DrHvEjZ4(x;5ARiRl5c z;RTla$}Q_Ag97tCuhh={U@?Z90|OdSdKszJ2A?r-{M%iCuNxQmL_@(@>kOVr*}CiI znh%vB*LFmO5|AOuVz_pN3`_*kkf~$emCH_-90$UyjXIqbaJIe2toP*YSp_CwT}Fw_ z!a(xKX=olktmmae2Pz@hoYD)DO{>sZ8=9Rfz;fP`dV5}V`^AbYE@lt!7C+LU93s_( zJ+`jHdR7*`(eOT-f0f#d#fZrd|9-V{YOGy#@!Svm{qGyp47J>KUs`W3aN_PyTc<5p z(tK$pZV9kWE7l^GnsvJs0PM73RT-bjWyP+Y@*XXX1oYz}pq~hvwT?V+S#)G-3A%_9 zK|C#W9cegb^%91FeB4APJ^0tlXG1ekeoUSSjEG`rhG*Y)KYfgwwku2#8UqHLhpV?Y z&|vC{WI)W+b7%>AMC6l9lF`0_Vf)xp`9U#oXrM%3q2`o6{edRU6)lX~rVFRp zI9i)^7rki{K?qz^yob(LWoqfgS&BfF$7y%Q=ER7|pO$LYT)Vv+N|-0N zUCvZGO_y(^_QHbJol03LE=Is>RUM+OkBS@*y^h3^c_WyoE$6ZY^`dpv3$SdG2C zw#E}>ia69fFvlfxuyr`pyn#^;JLcap&BliQ24uf-X~twRj;|Qy$!EKQTV^IKypb;% ztg3KbW6<{`@-e76EE(VAc$7S*xsURHr>sHW>*5Z~!`Y~oYg!n+un(peG_YIUh~_7m zc>1oHw&3C5?#Q-e$Bw(Bm48e+lWkpn$8X?JU0Likzs|dwWF#K{hme-MpjG8Lp4`Fn zX=eG-(T$;()K2?KO7_FBWT`M8^mOL}{h4h~n%1kW%htC&a?u=1C$qJ-<|wQ=eR_Fx z!n3`brC;%#N+4pK5+43%pRxkItiF-6Pve!!&`dm8oK5A>ZSDY`b~1aMZn-Gn7A6(* z{B_R9k=gU1yg=NCG8&++?3-m|7gEHHZI@B+pJzv&aFH(Pw#PXTOsxJoVK=U%@4<11ndvrK=JSwsGpUNcCvw zo@`?)SaaDuNG2^ZY{}$}@X6UzJgL`~o+#FyAhi6^eY>T{_j0uH#4ja*qlg)|~p2vF4(H1V#A8l{zXl&&1MsGe{)X2fnBmOMoHRj(4?48OBV zTrC*;yOi08+(3GDTiBnx9;an~{NQ>WI*T53Q!_pzaZqlC+Ibz(lfh3wa~3@*$DKUv zQ#!RGSDcFdrmcdRC=2Cp8je0J&vk>uFFg&s;+C^%6kVE$BgRB4WSr{J_e2|PZ6WjlSjvT^bXu*`ckKsnYF+8+@P`6@^6#v?=OZkzEFwk z`G7(U7-Nk}fB(QMfB3Pw>e!$qgE1cwGnd{fE0asIVdc(Pr2XLYgw)~eGFi?%x4$dJ zby-I@p*JcMWM-)%N4NZA*ynQk^@mgy{-AFhJCo{VM{7uGua-}FspZyU5QOnMf5}De z&Y4m<6vEk>76n{GO)YYs(?IUZ313SqnHf8`B~d8%+h!h>QPy$*hd5Mdv@OF3xwBa| zN@AEw=|rt_+86{Pal+HzcLa>#ZEUwRtm~z`{7vfvUrqJ!jH9PTIw694UHQ|y(G%#z zP&sy6JuvE122-8RWOyQX;y0ov>(n;4S@ct14KU+1LN`=EPj~K(+IBico7X)&^C^$> z&o5UmV0YEY^|7F`!B@Hqt7`a`K;VTJxk9S4`lGNu=s1P2s{aQ7QL@f&SG;Ep;=U?g z)~h)p+gfa2I0L(pTEUstsM+Bqz>xH$^#a}?1336?4o>boTmkgK0$CiDFdDH#t)#&d z!kgZxJ{e*_6--Qpv32AZ+(atX^nlD4xYQwJZ$L`qO4i^g+k?SElHv*hB}qA)_ysM8 z%b4T!cATjlhTN~D)o#z#Br4JUIP`E26tsj6j>{66E0y2PL^Opy1Wu zLi6eLag%`1fXXOi>k47;L_yME8D~Ok-Z{aQ#^@Fqf1bcyjz3Y_9Sxwu*;KE}!5OmF znKXSah{tFx1fj%H67^gwggLzY34J~gQTxM-V=yivIVOyB)`0Ync&h1)^oL_8U>#q9 zM1|8kP=S=;SS5SK5r0WHPz0lV;G`!j@I!o(=nKwno4mH{i0-4FN;2|L>$RmL(CQx5M=-d>cfM7@5F{2j-4f$raR>6J5AK0yC z$DI5X80EOtZZrkkOdpo0gUJ%BWH1~d2V4#nL0GxcbGkA~Q|gj`YZ)X&V*v%{J?X`3 z;Qo5{pe;g9IJ*=$uqI6Z_FKtlvP$!RWXcsA^f?gAjwk7KLB>0P*=P2ak ztj8=0QElT7^Qn(?C0&M%@S8;Q8o@f~np7?)wSXaMZC|)5FK&Z-(i@+UBdOidZbd@t zI&&lyhYzd`oyrV~Og}J^{GplQDQ9R-yedbwKD8OUk|vR*y57lQimNh$8uFI^{8*LB zweuEOMSL@ZuV^^#W4Vdl%N;6c9gXVc9)M4nQcsX_8v2Y@(+|)+{-I8MGW-GW=yBiU zC)r!jU#3+7j|$cg7R8HQvj?0hTZ~BE()F*=( zkhLa3nAdRxqRcyaS#PiC`v|zear_s#vt%P0CfOKApl{jrC9) z7BW+n##RqF-DELM#Vw&;x=h7$MPx3`&S-7Kd;?I(qG(AyRgrCoP4ET>MPtXGqr|q+N=}cp$w-;Iwjt(La%Sk79C{tEDwGocY$k!2)ccuEX^S> z9sbxMO@z{4I;mgY&|d26l6rK-9RBcvwxOM2BPYzkLE6hxd#bDNh;PoX*M*lguuVQA ze?a27aqspV$`Ie_gsGUT`0fHu>cm7XO1&4aYrA?*lD6NVf%+QyD&H-Qt9H(wH|dN8 zQEz_);yjSE{)^qlTP%#f{UtA>z!heM-uPly>IU7Am;6%nDCfZr+^#6q`oTXqFg*4C zfo09A(k1)#hNqrq8H@aCsQ0PiGu}w$tK)g|{Dkr#bGrejL2n$z*zB^! zP_abl!cWK_B=dKgqDFqiP08r_N~oC){h>$d`z;yH560Jgr7~s_GN^;47{1^)f2&cy zy8!;mC(h2HyqrURKhks^H21mYKQ6C5Tt`!Sq;_Fpzq>CsUXO-)c-%C-dDTbu3yyvB zp3zZFi?!?k(b0)t;Ug^J6Qjxnn-&<88X>y*1?6gWS(qLmSvE)#>L%yMAb!%mQ})Ro zgzN`Ba5EbCgQKQXc<@@30?nNey~IZho2EnuAn9=bLVERu2HJUPZb>%vJoWz*Tz-FT zG$DOZM=||B&5~oLw71fIkw8a7Um=W#E|z%iK|#WCKtzO6A}T5r6C#4dMu9IASD_0_ z(^fAus4F}Q2$rM0jCn77cUPiXi&Ry5>Z`u}nLm?ct^E3Zxj$#vcfWlfXGqAKLC@JG zSLuAowBKg?4%F2^eDYE4$f0vCz)m)p&Zl(Pa+BGVeL{2H=~FQaYFmI`NhTnA)~%Jl zs-WVhwA|^Os{-ku`P5hpM^{ii`S9{T4zcF*2sCfSgIk)-nvy@WZmOaTdR@>OC)sun zoCV#Hnmx!zie4F`^s{SR=%%%O^r-UXHy7s;U^ElDXJ57^JOtzZc)0^&2a{VEK>F9* z(p4nMwR-0`w|Li##*b#Go(TSMoQ0>Z8A~ofx${kNO9R|nZ@>REfT68F-}rdLn+wOxS1!AXpQOSTM!TEVB86p=Vdh>4~BlIiSq10@Y^DL(%9K$O}=A!w`Gg zks(WjEp$QITi0%antNj^X$>)jdlwJ zpl~SOYZJWL14rklJOCw)h4XAmV^8it9qkM7Y2I%JxHyK7qL*=T6>LAn*i1i*sja5F z68Lcgm0|Z(H@vtxkj|j?3qyN>iONd1(5 z5)B79n2XMz)IO=bs|GgrRBqVs5Br`)!LLsH=p)OpQ~ISFMp>Ah>pY#idd|$=VlG9S z|DEBp23l%yoY)@7(7B~E@@95dOoiE6dc2`T;|~pj+D{ZU0E{W%f*o|N8kJAI_UoeD zt{c9`tMG1fOgVTRQu`bdC|C5DDC64Lf$-4G_9hD`NAA^fPlU%-FmWSbLJ#B)oyBZG z@H{||+65=pUo^XCR&J7I``biE+{}rL)`V!*q0cPBb?hSrDbW05L|^|VMl7lJ*L9r1 zqW%q7=YbMptQqAOd;A9xj<1^sVv5!;?f@RhiIQNOmoA;wlfeVxWW64R3f>W8`=DRt z%dkK{Y`>oC9WLQZXA~b$B=EyiLNSx}xWc&;et2Lw>bIAOzL)K=k>Aw71)}WOt*dHw~f@J1x1H7Sf9N`==*+@)%f_~C+qTV$Z6_7mwr$%^Dz=k~ZQEbmb^dWK zx=(jsJ!8B#`*Oeg*=x=PxJCDe&R7lpB!sykZ^g%lI4C8Ate|)BJmGITP3Ya1<34VgGFF22z=T7DsY9on`cWyfurHRAoVvzNimI| zINu4{4`m0wq5h&P#lj%VxjyugAni9sEl42k7|Ux}mHg25Wsc6aP44EF+U)fW`z-#= z^6aly8jIlW!2?>Ayh1o~jzE3yo^F)QWtkp5;1`Zb06oE5KgXYyVVxtu^HUmPF-{t{HcKJ-bN)b#dVZDW7k%F8?Ux& zy~ZnEJ@xZbfaQ>*hw;x`Wu3N9s*AnZF;l`weXR5yp{R|Xm`!fsGjJw){kOJ0C)0R( z31GfPm#|jXLERqMg<`O4M-Tp4V<^lmXu%CmvPL3m`*de7#=X8B@SLDp52z4K#+6|u ze9hPDN%t<^o(NaMQ+9rUo_pj+25=UM{elqcfPMz8XTJkZJ#TGb>Tw90IqN}q|Le_P zQvPaywi_kXNqEvpo*J+&5c&j}{qRn`4*&K~f}Ib13f$0XR{$qxPxZ~sBstF^1-=if z+Hl5Ra%LYOp20uav#mh$O>RhPlKEY#UdX%-q@N16KrQ+(Kl$ zI^DTm>TuWkWMGtH+mv4P-1CtB78j1%Bd}qW#{DxbZE} zIoyHWc-8zQz+U*XI^M{I2=8}RKH#e-0wZr$#)2Yk4XTO{?56MavEqUUKoRT1*GdEUgdivtMO#o4#vhLPXm=Alq>!7BT@DsL>2BDZ>>l;DZbc!+R+g$ zrcLmdEZDHk))P*xPc?D~;8X0i7xwZP_m(@HrJvP88=6EQH~I-q8k@9VYDb*Jc~HNC z=dOvz6TOm4`#p0dJbpyUh3>eKd_>h*Qu{~UQ$}{#lp-D!A2RZw0JhP6;GWEnAm$vx z0o*bB?uZg8J7IMhUeKyPEUG}gpzR<4mVlp8q$OrAjYxbTAMl|W@mGF`VC61Qm~Otc z?DKc;W`syfMgRJ}URl#!4Pz#%KQQIr{>kEF*98{E}5T5W)Gmz{z$EG z#!^4V03$2&v2RwLe!}|rhV9@vn}nxBDs=#Dzn(n|;>8pp(=+r2v|&%&{z}mYw=DQP zrOD-nush$#TX63y74$R9MF zlj&J);R^$uWlFtc*A(5><Tuzb>8{dz^! zW(0p#2wIL}yyg+G+z{={4pxj#)Nq2%AQU^7eR>)iVwt>>&gDOOI- zqiFWK2xS?`Lf<#T)Z|V~@|LMGen+rq`D@@n@a)hv;|X8vSt@UD?BMf}bm2F_Tv_%% zgck)G@9QCneYs1JSWP-gj|SzFE25D`r*(&$VttTx_Hd%5dH2t2k~9Z{7|(Z!Sggc> z)nWP!7nI1!kIo)tCOJw9J5-gAex&yAYy({FlCD}@FJ>4oIx0OBC|ItwZgCVClBSBh z<1^gIgi`lR6yh9!uwmqb@wjWraya@rvqw-xcnLtbqp%aTI|y*UP)Q=n9D1!7!gZKN zT2kRaeDAz5o#h)UkPfX6)h>(|X?NgACW0?HI6#d}VjBnr8f6r9F2NVfA#IVm77K#? zRV5&rUZhD_Evx+J4`q~i6;jvm_%&(+E?jY-%+bIZDbq$;hSG5$pgS9%rKSX*J0w?h z4uv4Y^&z*?0mXY>4;Z6Vwp*|bLpd_kRB3uO@N6t&4(C$p>n7IpqV!N7suA7dzC7x3Pm-MES z4}xXLYs$`m<(Y_e2W99zff|QpC>0Bo#Xv^ZRMk_uElxpZ2{6f%VMiCo4Jl3@1>)}D zf};1&lz=&Abgq$LC`N<)WKA;~=+-Du6Q;CGmQw!8sT_+Pb(|;@Gd5U1pjyHw-6MjJ z!GSU-LAM)@wG!6NWP!|QOxGvdq85!a!Z>)~KqN#z;wx=PPWI_xY{wPVdgNU)5@_RY z7$;K58Aw3mN0R0rKEIAWv$m7ACV$@<;InHK=~LAmJZYj$h=%LxIz5~CEuvz}LzZ3O zke;CW9wf~+Ok<+5SzU^|H~P0W$x;k}NkzKR*ireDn`Bvrlmps4b1wfk@_o?K=2l$w z7gYM(d2M8hq%)CaG9E$~eStR$`d%nqk5Z(xsm}yPkVRLnfFs1~1HrZ$`r7z!_vr-X zZljp(%IMtSL))%|JW(4;(Y}S&eS+!A1t{+n@~z12w2EMwh6Tjmu7y}P>w?d(Uztms zT|aUcw^~q=su%G$sBy6rc&{ox99Uma5+f?4OyIaq6`M`eQg_Mwon9mHQtB&Y0qo}D zTxsC59$*E%=I9@R^Alyje}y^IT1LDb$jgjlLoKl+;c1$SSJFY+(3?0i3#g~UKLTz% z$jgBFp`U!C_QBGUJe^ZjFGz;jjDO+Ebd@e>EVx`y&yNITm8vk{gJBGq$SOQ z-4`?FYD64TA8HW4*D|yeJ(eE%z3WFq+EF>$W+h-QbfHM`%o?HVYn)SRacN2{3ta-9 z=&I!l&IikpiI#5Ww1tyw80!nWkA`9|lh1FIhHNi5GJ#`u_r0XDy1LPKiCP=Q30jRe zWHr)IyEJleChPlQ?+O?o*1R$xeiQLhMqF_Yvuo@5t*txQCbA|2a$OGqQ`&~e<0`;X zxQ+Z)2_L3B%ekJH>^CprFqy#~g^HW4_(_YvK_Ni0VC_L_L(P5>@KR**BCO~DbAZH| zp$db1emc&n+J<_pilZhj9FF074u;te6!R@Zfee@jGJPDVth4uQ>J{enHB>CkhCh_! zjN=#MZFAK1s31p3bSoxDAP--tWw9Q0;hAvnfNkWRQSos=QW)R~f8IK#SwI+2sDzIv zVp-CnOyQajK%i7|IYABwmGd4%))c-)7-{5P=_qhBWzNBm_p;uW#NChkD{X;CNDvvo zU-fFt0E8juV>$t~1UAhO;ye!J{GP$JAsw%7455htHr2_W9{p~BH1LDo8r*QSbmpc# zEyTTn9(VrBm;%a!=(pT%?44mjz7pZ=kOWse#~UB6(x{>dd#c2nXFpMCyc!=QhyWBG zrVW-;t#CH^39Ta(1?zYMcwLHDG{ZLSWxy24(r{tdz$l|2eyv=(y_td#t@9u9IL7UR zC{#H{lbbW#;*SiDc9aq;W>*eM8UeU12;r1u<081lqMRD8I1hHU3|*{jyc$YH<)F#2 z7b3T+w8gEf#$G3avSU8FB{9PZEkrBKpb9sKX-zR;*+T^r7YtI}N@s=iI9B3~t&yE(^>-XDajAb5z#6$V_{3 z1juk=s2+o~(`{I~d)ijy0Q`Z6En^RT!L+$=xUpD65Br>b&(J#`V-LTaeTku45OT}0 zP3TVsu)asSMom{xCbUlmnlRb-`|f|meXhZ~;*Nf@F#9S8?QFC4*?>kd+Izr47fQ|@qHGj^J*entJvuupHotQIP9uvn7dswp$ z8%5WfU)NfqfVbEk4__!${;2n;Db=XuiX=eHSq@HsBPiXn2}*!ra2+x}X5CuEb_=O^ z5o;jwb~po$o>`AV+@xta#gY$Q(S|KAtel?W^yy4~7m{q6(6@cel#2;x?wjyGE1^;i zPu*B8LVx?xoD_QRG^@r>5ls5DO4~>i{F27$h_2Fdd)IA@30fLi7U)iqHqb26{Fg{| zKM6Q>@Y`H$$e-XM)8-(I81MQdXXHVC*scN;oF#LYg(7z!1-l9R3>U9Ti>-m}s)KF( zLbLpc%whOLq(*UhQu(W+uz`JIf(}DEMn2Z1bC(TuJM~P)mNCvVQ*r46wdCT>bN_fG zA%7b^LP;^ptX9PGsEF7avUX$FJgvXaGC=+X{m{?!|Pdxti z1|s!(Kgm)0j3wyJcD&0JwA6dSMhEAm;>H{Whxo7gYen#j>x)a}5Rigs~-sy5M6 zhu|)ZkCH_lqa2~DV1_vC_cu>dGC+3GO|*?rIcMchZARFkO@vqR`!^LJj}_xR^ipo0 zZof-HZx9gt+lRUL3HTZK%8KUf_F}X4Y$)%KU93|5fR~-)Y=i!}Lrptn9cPWkJM36s zeK$tXH^k+2)TNNdt<958WBK~2W3qnX5ABOBIiOnk^l?{vzFO(ukeJUeo;~fWEzl^M z{a8|%zuohBfchGX(*jq2vZ98g}mEU`Wc)( zS*$4tK5_@eEF0qk53hSBgmXBYw{OUDezYQUHx6#mbH_Oiof`m(NwB0vU2-x zeaYyICec@iMSkHZ^ta(4Cn8RM@2UW>kqw?eF^GY41Rb0U+|NhjDjxyHFi3xTJKJ#ac<+R#i8Fi z#zk9Evas#&>UmUvf>=JMw(j+N_duIfasHm|>T}X^aGdUEidsKb?7Et4?y`Kvk$c1* z1fF4lBw5Kd^SASo-l?00j%nH{*D+eHt(%AarTv0v;dm{Zh7kv~zmD)$M+sRrF0wtn z-~5ZS()v?o{z=N-+NbhC3C|Q=cS^uD_z3;s>D7wm=d?E_RWW3qL&>%hR=dQm&wPv~ z|JbzJMbu2Yw)V{ORXx{2x0UgBz#HSPuBZF!t#>_4byF682R6RtyZqe3f~!QJnyNX* z##Ills?FzPWq=w11SYL&cB-46ogue{=}!AGnZ;`ZRlYDe>0tX(OzpK^Rh*t(Vgs>6 zXW8Fz--{GIa_DMa`qmug_WT~ZiO6i(Xup~3r`+YEjgoZMORrjOyQJ=U405K+0Wi5Rk55H20AlFZ?(BI!TUBea)XkdR4>_AYX0dD>ETn)X3!4Xv=XgK8iT|9 z>W6Hj3!bgP^#XlnzQeU={bH=InAoC}bkl6NSSXcE%`)6B)Q8iKeL`lsEB_*`U%KI3 zB~Q;Qb3Au+6E;bkhe4yO<>)nWiH~K& z)+4d14v=vd?^MMPmD_8@dK_l1?F`$F?v~kY(vIkbkhj;H97V5RU)<$8p4L^-banOu z6;CW3niyJKEur1%hv8c32G}=zW~>8#{*RHEWgDi$T6RxzyL#Ooxs|tynNut`yK%Wn z%aq3AQ`vU{7f&;hxj*A`y)RexM+NXBI+(p2OuI&lj~QB?54Wx=;y%bzC?>%@>jbRh zDFQqE=(&!Bb(R^)X!y$UcKdcB#Dp5%;~#C%1Dwu+hhdt;3IyGsUBh20IXwwNf{$3=~AJma^%qqj&;aGA#< zJjJKUjlYqc!!js`w}?(a?`_c^2UL%IatKH{KS?-K4m;;Io$%*wFb$5NnK^aEzrHa$ zg{L8n5vY{R^yk)K5Q9Qvd5Uv`E_~2KiP(~j>_*iUkOKc za~_|4LH_lj`vHCQqI1{NMiRrnL4@Tu()s7FMVhU$TnYKI54lx-?+ovnB>g+>TMxsVpyd#(iNaE!2)TVLA%@|{Qf=)eOH1&JW_x|WiBHfvW!{BoOrL;|!*K_cr#_XJmRB>(wMa?E)V?{#N*V+RcWIgEP4)$eh-PeED`>N%nP@P!L}~ zCOkt=Fa4)9}hS{UZk#O2~$T9mAYUzt@0 zJYwGLvqj`{?-QC_I;Sgl#B+!tAiyNVyl?WXZEU`LRY2H?WMU24#r{(HC@`Eunz`~6 z&f6IX#L>DgeqOQ+?(r27>Ch@vkv8v@Q=8Jy>vc+)WF_O0yS#q97vvVgsd$1#cv7|= z3JUURne-gk04iM>vuRsVc)fdqNnWNQhpkj;!g_9E5xcC7-us**85iEUU|KGBQiyZS>5VdKhgc3AiF&8FXWg_#YcQP1tOeI4}`HWQ>Lrt$!OTE^`whcmO0 z&?K?oZtr6PD>?+Lug5wH7oW>F&$cPPztaNnnFxZWKK7OdWcnWaO4@lMn`^m^(=Yzh zNciT+Mtky`pw!&5rI`<3H84cTEAZ=@?q4h{_fRcJt&=srCqzWG>7U&=hwtFz-Ih(G0;cX69y@ z922$uJY~z~3wT{kYj`}cuO!KlvPM#7ikqXN-;;lfQ2-CegC!Fc5eJf`gd{MbD72Ug zL=q*M0&7X7C4e%^C8s1?9C25YEFYnJO6w>0Nx{EmFD1Pa1rlHZ0h?HYn9sv(2=Q7X zp3Fnj^`mr&A_6r8?ieEa_5(u%qH+bp!hv#PL8}_^cns2I!0Ye9I`<=j2*KlM!Ywqw z85=;Hwx>UInoMz!5}v@Ip-zz}J7{DGX|jhx$+j@KJ?K z{RXZZr0;-j-xvH%NYF3p0T#ax%@-=;0bXASu_KKCr&OYanS3dOqmW`LrL7p>O3+&J zx{~x-5%Mpv3zBPLa3w9i@b;OM%sCfNo>U)Ijtp#e97fGM3z|c zIY(FSO+lp#=2vFff{RxMLE)Gs#!MNdB?7$sm8i|*@I>$dynvx6}X-RrK&qmsMmbuKYgSy|G8~dAq`LXyDB?;iOHGe zg%Iz;?9xA1yUj+b%rD^9JA%9cXAfZa0=T*X0xWQ}(SA)V$U`F(IS6+w_}~HLcM-t` zP@RXgEt2*L(1!$FveJ?eT@oE>m`IZ7aowWtzP1Pd|AG1W$5$5^|2L`sPbBz%_qm&! zxtRR7Em_^)cIgGZ{q}PB<(L65o386bX6O{yRMt&+L?yqdM45o3je{aW$)nDl-puHD z(CpCLO}1SUOHnK1Z(H&~U0+awTPUX{i)FUVql^?|rN@b*wmD2u7N+K+(^^@uV7JZY zdTYbWc9k!k^K|pk`|m3v|JM7~#y`K??M4Pg41956{aeWUexMsF=o42MX$HNFC4-~1 zMr9gK!&1Wh7Y!CUYcUvJcO{pql`ZJM=z*z;?rKcS)gTSNCQp9)FMb;$E%qt2MYd_D zk)^-yN?ML3ruJ-+KDU=BO>C|jOEc$A+9MaEqjzHP1@sFCQ%cn zYI>s>RhDUJ`PvD8O{~;p5v^skIBL<+WE4+R0&0$~&AOCRnk1ytXq)a83I$l^>6%>QY^_y&D7-gfAtiY%9N2DOB@#^O?5BRqN~*kVZuwR z!it+)vBMKBr#!&vM}d||z^Rol27`MiF`I@aqRUT~M-SCB^X_rK3K_-@>6o98v0hHZ zzPX4e!X~LQ7_2ZkpBEjW>5S+grt!8#lCcL*x!uET}}TZ2@$UVfyi1~0M>;!7({^)9Jp9Z>KNRPmwzqiRXuSg zj)Ihn1b+YqaL=Uh>JHOOkYlS!j3!t}Qy@`hsxgw57~)unblGg9NWe3f-6k;;dj!#Y z^ojlFpxxZD5gBU1N>D&}fe;_jF@PV8SXdLOzWPJxvo4M~b?OP7K@y1U%*n{x65FCR zIzFJr<$g{7bVDN;>c+PLqGX`eM0W|Fxon}e9$f46!Q_i$wU^*Xb;`JVdpTR^MzhR+ zLoeFXq%Q6<(Zw~#`>~0~aC?zE@KWOHcPD4Zx0eRx*49B?k2N-Door?`CboX7T@QF&n2%x-PDr8&waapM9s0J;9O`Hkv$in(Y) zyjZfh7(<~@m>!h(t&mDnJ0gyqCFj3K<4{~}wyVt$%iy9wtd(b zbM5N_i#+Rx5K;`^;3W|w7?GChb7g=SUB=V23bSgL&+%?Pv~98(+F-rE-6D@XIp04@ zOI6>`==b&gN4wl}J3!Hn!d-*m&;1Lg`>d{4B>u<5RC?0(oE|;9F5kkl%vJxm|BC}c z45z$b={<|+Rqm($A!8W={`bC)O`BgC!}EA(yn^KiCZ=C9jX%j)EZ>RZoch0PeIfWV#kP^!)G802!_ zkZkqE-L~)*rNGy?)qJ8gr_8dY~%Y$G(sMA=&GRqhqV3&V?j zTWU|Zoe5|2Ym=TW=jPCj>BoAn4$c1md^P)Q$^dZwnSFm#|9>Pp=KmnM|4pLfqxt5K zDw(FyZB~uMu;>OmEgw8g4F>|9;F!~57XuZz7ch}K&a=@LRM%pP>x6>BGAn=cbkyLS zJTY>Vvvri=jcD%9!kTH4zCLH+KbPOItFeu8&D8wuv!V8Uv3C6>Qkpu3kZ9xv?f-wCt%17{l!j=W;2kuAK3>GgMWF>0z@JU;%89Jkf`o+)W6wq2WD#jhD%#}evnmcsIME_N69=Bms|VE|N45-l6rXb&oN z^Z4J&D5hOVamyTww7=v|@=Z*6a_G$wQEMD5B(*8JjmD;+F~aVh~ZNm>@chN+&VF*BD4OspK-T1SW> zS!V;8i9X!>#ViK2A1q?EWm%Ip%2G`43Jj8IroyEO6)I>j$fh-e4kvhK=m+dI<7fl> z#32L9ORO>yqg2(0EzJ=K zR^mFR@x3JMCfICZTC9y2FHg0^IeTu~)D%29Y{AwW|0%c_Ml$6=Q^|U+>QoSOBFE)n z(xJeM$gUyhauPK0heX(%5CfX@#81ZB`+}Sbbp)uwWnRw2lrEpe0#jz4dCbOH%3+mf z-Z5@qbOwLOWF$^XG8%|yN*>>?)l2}jOQ6XSm1zmVagRw5QfK2n{z5<3O4ZEPgUfyG z@LW{*!DEB7IEt3qb;Is{{LaidtC8;>to8M_-k+MHV^=>p@_E^oU9BofT*s zSm#W!j76>0-i&I=ZTYuG9A5A?)89>6nVQweVt4Vya;pq?0X9;ifUt1@2k~fu1_G}2br3GxCDlkAbLBb6KXXZ0#6lb3U_WzRx-eN_crzy-Ei7Le zy{o9m%f_%iII2%T=CD0D1_UQlrav-&*+E>>2AZVh8`ntc2UpLbV$$ippo|vi+OTL` zg-VZe`N$l`BqMRJU>=Z~(jXUoLWkA+)mXT|Cq7v32Kmrz$u02`2)LuAQD3=YINFh4H z9Ru8*bRl>bN6Kp$t%wfklf_Wq#sv2chq&Zz$bQA31L{F`-M(ZAN22o;b&LLRFVxh3HfEx3=@^3t{G zWgJ&HS#R$!%AyF%G3S-1;)09)~wx4S37 zrqRCp_cd}TZQ$TCWuri&GqH6P!G#zosb6_L|1aYzuuWc`Jp-^AXF5?R*NXz2RYm_($ zOxPQP3?52ZI0PlBl1Vzf5~4Bzy959oIr19jFu9O zYa+VBd#7mpkVgh#-8xHxh`kEPC!(7Gtd#b(2mi9H?QMwAU(GN zxjmeQH8qjv>WkOyWfu`TH~6OxhUt12hHhX>XY!ceK2G$WRAfFFr1|m}M4fT(rG&qr zB{=V%MZ_NXZgtHXi8GoZ+4nB6N7#-n6~SqJzu9M?@{r|NU3;3_cEW03+3RHAabU1< zqP~$*qLxx{FrG+Hsav@_Q4OTXso-9g~Z7*fs=4TR-#*z(U!n$KJW#AFSh zR3&FgN`6ct6w+zY&GFHNd~l#bsA(IgXvB7G?#Ypks?L(L!@Z<%lVZ>ceVeV}FMoXm z%Om>*4?AJdqM*IGfNmt=!K?u1z22UNletBBsX6*;*MPxmtaN9S#Eh@H3xnLI?|-SW zGQnVUBmZFxA3o^pP02KD?MlwR%hr0WmiFsmo{>eNUDvb3{?}#KAouDKGy@A`p{5y9 z3p|HwAykd96avK3ZrsQW)d%xkdB7fkVWn$qf`Lm(l!DvNi@NR49zj{~cY`TE0kuOJ z#a3YBcnBrC-vu~Q6Dnnh$su~x0ov@XHldq9A@iX9kf&+QuEGodAg?diya!kuy}P~Aa!V!iI%zKpCF9jVLCq1n4@^E&UwZF~zoVNE%DA$T}o=%&Gd z45J(L)EouW)%|&N!g$Q~jv2Tv^i@IAaoX5DXpG5Y3;WbvIT$DQ@z6Sc!<}e4{uTTg zw2B}#JAl5i+xU~~W}|z5wm2nq%!;9FqTA<4@&kwme`xz|&v@`XaU@Q37^*}b=BPUm zuMx6P4ixPVuKZgM#s{+MEYaGlrfrf`!Ez6?AED`vq%ZOv1tWOv@J;mNN1+K5&IuwI zs%<2JTH!$tO1I!BVS`#1@BcS3*$6l6ve#GbESvVMhoI7 zK(whxF@_N4uV2bj^DAKyzxZN9?F*zCq}QPFtH>&@;m#0!7Ky@`Z$b}t?U3rV=r^DL zw838dd-NxAB!7@l^x|E`$c?0%SUKQO3MU1Mhq1!mx=-%jE1)IpIX=?lzTlb(&f?%x z`d(=S%ZE5(Y$SO=YqLuRk0o9KIsa~Es0J`1v!nta9PT5A`6q`hxUHOTLrSl-fu zF&H^d<&1|TIb8jwHPy9x z)&%Cjm*a?rsU&Y&+U-YOBRPNGj7Wi>vE@zegg>IZe=mmlWVK;Xj>-DC}3=@D6(JjO-xM zsWsdLf~kJ(y{FdMD+@akFirj-bUoA_ZJk1p7tuvPg`k&O#W&5b+ml<_EB=Agl5LTE zv=qwR*{B8s)P&U>gis}a5uC{V{1z?Rz^5*x2c8hAE8k6Vhc*1EY`3w8z{SS1-?NZQ zjUoM%VPNx>CR*Sa4$v45`KygSQ0@yxADJTx1F4(?sf4Z%4hfFCYkg#URFaN8{-l0s zZ*T}-n#P2nqTpdw&sF_OsREED=s#$h`BGQO=5|82#X7jITgHO5{JLkQb@Mpe1W!tv z>@8fUey@O*bylH~M9ZDP(9LqdoU*d@?ZDi3=hkAvN9VAB`;o*w15ms>ak~xw4@mnz zw)Ka+mB(OBkUBE@mVfETeee@=cEsI_;{JoE7s&Gomw1mB3ZPvAqtyd!?YVK~0*1jR@HKJo;oeiX7a^G8`tJv-&aDBr zm%pk*qS&Bc)RQ~b_zv=nf?0>2t)KbNw2{WaoQ)va{KPl6u0r?)<{fNoU&x2$C;HI> zzy?bs^8wc*Y;;$ffNa{1>-MMUkbZ9ff1SS3zqK&pxGxc{v9J-A{N)xYJhxb?fweB} z1~$EEi5KdlH^7%L^z9b!!w(Y5>W&a&69~gSV8p*@-q`H$YiHntpD5(Dc7y}u7AplH zn)7q7`?XHB^L2WW4VVd$L5|D08z40K)S+SWZ(76oU7&y5&GmB`6XzYPr}s_KbigRhu_KlJ;GqPD}35F3doOm+YOLF_+*S;h_81yy6kJe@0&V8U-uhTGSY?A zG9VGc41Lq$**P8jN!8%}4zfKR)f%kHudWa5D|MRLH6PA`at#~?UJ0f zdmVHRhxRRHGLE$m7Q!FEb{^F^p4i;iI-ihnUIo>=-*25YnI(gkdlpAqOpjPhA==j5 z$8vd-=6JSG34-;Fht_xh_QJ=PR_~L&QLyNZ9y|m@-MMvNZJhqK>mMNg z4o1lF@t61_B6NLYJ#D&7 zkPT0os!N&@G}DNY!~D*Oo~sBJZOr(+zjgKZ4MXFPeeL~^;D2IZxvAbtXp#hD7M{|W z0v=>Ad6=LyTZq#jV^LB-vA+#rp{P(CQ&W8drWm@px~GB|4<4YbRb+zne=(gx=Y&3J z5@E$fr;tQO5Frv4R09JG^Ql6YJK;pG2HVl3`qxcXzAyQlZuWi4yU*2oV}(r^V}(in zivZY3ctj^mo%flRj3k*e7Ue>9TiHS`Z@GpRlz(H3@GKvL(Jz;R!7o!nZ&nD%NELPk zB*?i62uqALg%cHhD-4=fwWA(XDwJmx-o_ATEN(Hg&8ZLK;4o5vsrqy8`&OkR`B=f_ z&t^VeLp4_lM(+uIVT0jT)t=`@Gs7-dj(0I5yWnxRTzm6KS{E%L_ z_s&kdAv@7eSheLD(Os}aIhl|yBkZ)fJLw{>%y{s==({M1DLh@Me}6VVwmoj;deX{9 zV~`2T^fbSK@KSOT?o(3au{&698khGNr{_heh7yyKLn6q< zX>Be2ZG1a}J_n_+uJ&1?#n)sw%%@AmVN`4nrWr)Z zGvGJzC32n#lrL3}-#l^5B$}eq_Fk;E)>s$29;WS>#D*D@O?}*?Y1|?nCZWFM>%;rl zxG>B*$JRIJ<8kAh?LONb=Vl3q3UR8lZQdi2_cFxYdN0c|o^o;C#w5-#V|;Y7%btwQ zh4|-sd2oLC|?R${LGs8Z3XGdoSGwKB#F5 zK6ED5>1dlK@@sT(9TfWAH%{F!wU+q&RyqKFx@EAl*=eG7m3T?O6KR$r$h!1ULH3z1 zysWHN9EWPR%uWtJxV3cLUTf?3dyC*_uR%>55ZNtX9^JzLc+PIJiCs?iQ$BU;`@Cfx z>zlIjcH)m1wcbgju z4KkXL$8FYXD^_6Kc&lzPfS#2{$d7WKT7TRba}~~&r@yC%=HDfExR74afP0T)3x(U- zXnoyaT%3fxTqW$&^YpuaeP03lK)xPo81Vnx-anw|2J&LP1fb zxiV5aF~)4!mV_~sHz24nYC5t!bJA}1A1|8Th|{TEYFI{p%(xE=*io(Hk(ZT&$26xl z%lT!UNI|b$k0QNPY2{QJgI?Nb9Vu75ALOY*eVFiXA)reqlT=+o601EXW2$QB1l~OD zT+O3)GI8;X2K%y7qZvj~okGFXSASQ`I9HeYnT)zLk8F%~Q*}s2-vY{~8O|wHtTOqV zCyv}9#mqXeR)0on0Pxj^XS!5h5}|{fs6eY>4Pa5v91Mv_J~ri^YAT+VMp6o7-5QtP=e*jzy5uW4|8b5aiLw%B$1uF6L`hC3KESE5GxvN2J2} zycWLpkWeaf8nJ278%scs%Wwt?o)S}kf`Os3?*b2nQ!!!vzD7NBch^(Y@Y%8II<&}l zuDZ*4r;-jf{$U%dsj#QP{`@$uak^k(`Ax-Lm!rK>=J5x$*HhkRyFRzb3}` zO;u&h3H|N%zK*p|pRdk5o7*Tptr(pOO}s#=1wy1r4h}Mw2 zCTJN60XcveWu;$R6OtJT9@mf*ikN^y7$kxiIY|hZW5e5%nx6!&a_#bG-!5a_em%%*E0ML7wtLQIBCWN8F z|9Xt&ABeGik5A&AfVKiLGVvr%M#%@{AISexLfBCX{|1E#1jI!S1Vr-xiac0YxfnQ^ zIXk#InV9`YaU7BXtBb19)z6w4f=5z}N)ZuoAa%e>h5T2>V+}Zjs22&?KniLCXdz*k zEFem|#?tCC*xKN*xWIR9^QQjN*rwI~waa&HN3Z((YN)HVR>#}MyIbIWzRgYV*4>-} zNy+`~3&A;W_sxIzZPtBOdLgH20%pY0+0SUF=8uwinTRlfIu+W@8j!&y)Y|1Xv3CIC zdlra-{_#tfC{Lw;u7!gFWsgtv-*&m7oN{Q+s8Il&v!4!^1VoezutqY z=4Axy?H#>Y{}uxR#`bG9vgEul4K{x{xG%kf5O>enoPq)y2w~eQEx(JvGbb$>QtiF0 zRPXtdV((op8J}V?&UFX9Q1ne9A5@M9@mF!|-SOa#Clu?SyHt)~7m+Iy81P3XuVO|e zGUvj_0X2YU0jLmfYZ2KkgZkko6FaRsgL8T%`bhgXvq1=0IBC;^L=rG-Vc92v6d|(y zSTlt;121a^4{Ul-k3cuuGt&4(^X8Y~tYuBo;^E`Ng1o-vZ*Nb`DpxS^ST?3uz({UZ zuzqXBIME$O{N_1Sr?0*|KVj43j=8+jyNZ*dH$EZ+R?v(U;#+^ahz~!ZP;8tTpMBgt z_|~&MV}S@T-hxg&0*7JNZ^-VATgQ$boQd4aFff1;Y6YfSijhM8*buL1Pn8g1dHn=# zkxlj%K{}Q21A%-1q_l!Q>YxH19DJhk)jo@Qf4s&N1I)Y(EIh+M=`{e|u(4qB5Gu^2 z$F1q(Q}fXfEe0%h*%d)CAs+m2&}|^k9+Bg%(M;Ns@=Lx@I95Od^$PM&-|#xgWP>BD z4}*STL^ha~Ht`of?75LtBpCht{E+kl}g1i+fyj)D=-w{l@X_F z@Fx_5`EyioWiXT@WD3rM30`&=YV*q#D(fx+O0C+w=1k`327{q@=Cs($scNZQ87>@q zD)JG&>vHB;jvdW$s!S0b_@T3yj#Bzp?xN)8w`0fh!NUzHX8%*i`M(k_?mePSW^ZKw z3{484`)Y}VvqG>|v#DB@ru7$_oDLH<&k zv`)}D>gxle;p&47Kk0z#Ug?2Fl|@#A{2f|LqzgQ&vx(`1jIkfL&>R&z$J+GEVg>E) z95dv_0sn$7X;yKR!ywbd7l&|R7@sXTIN+w2W!_N!MHgsn(xIZ655jN3iODlV-zq@3F-C#05E1gp2VGv9iXU58ut<>Kg+OxD zDIq%ANGnd+u|&UxZZJBFPT}8WvWGyielgk(DAyy~QSybgPLt$WZ%GNg1Me;Xv9Wsj z$ukL05}rK$)gFdTW=J1A6pAh7q=CbbpSXVQHdU57+ZWf#{Jg}RTakr$Fjt$s$EM-R*ay8xN7k* zxOA9fPTp|P=)oj|HJCn09E6eAKMeFZY;y8{v2_kXq5w;mZriqP+qP}nwr$()+vaWC zwr$&-`(|eIX8v78R8+1r^VB(CY;wwCXeu_KaRbsg0R}ZYQh`Gz>YRsy6_QPc;zAk- z;l0KJ13^{+W3dKxs*sx^ScFKjp%7Uz6N6`r)DIR0v`?Wo(BQtOEEXE0ODu-7Y6*^~ zC4dBDAVdwQy~8!Hhje@xB`kv|qyh$LN)%;ZbFs07jTWHn5=8>ufpj4(X;Kl%HHy*} zK$0(6zl@`r6-<3B>9iI#$cIl-DwkF%=jc^XSvg^U?W|GrI!Ap(1&~xH_NhifOyUS6 z#0-=zoOr=KqZzX~1h^B6W{k#yS4ntqN+2^3s)%$-Et7I`O-kfc5m}NAU!_4KrWFx_ zM&%Nd6;L3VgQ-!32pRGd1+l^(jVy|M6%4#|a!3kb;0(wVG*BW)kQ>v$ES-u#$SDUj zMKg|=3K`~9xdIoQ6PXlFVDJ$b9E_T!ZUlhx2*5c4Facmz(jGDHoDOiH0#G1Bus|lG zsZyQ5sL6zsPI2MlLb3@dqj==G?mc^DP!>>py&SxhDTEf<01Bx;(v_A0M(6Yd%18;M z(DhP4jdth^R5W{eKR}J7fa{F`IFbT4*Fa(6pj*~}q{dS?>4gU{8W7cvNP~iJ3j>mo zWdmvf5CnN}RGW&55S3uj19OxQ3@0y!ul)>X6a;cW6MzIhGRKkv??eeyFeTsxT?`6l zw@M;ja{l+ANT@k^B@$vlnN&ejP}YI$7HAnL{!RT%Z`r^CZ`srZmU}So_0eTvvkO9$ zTzzbFT8;$`O0S7+7At5HrvN*vgP4#75P$%IHyzub1nr`RHSn(2t3M9t(be3!+VaQAXGTgsElkZ10w4fHL(Js-R8PsiOd=x zDnMqohcqyJZ+C%=z;JvxDR)9sA)yiI{N)@F2MCmo@tSWIHiP2Cnib@ZI3&=tB*jfG z0x_+HCTC3AFw;%vr6I)8Ywfhvakd0{=Kx*ph#sa$dYb-S zp1*kZBrcTb_Yf89UKlwG9#0Seyqt5>dkpbC{2y|@#ddxuZq=%di z@USAu<3rnmp|x!j>zV9}q7`GzT-*Qvk%uc@ZIT@fB(-2P#zM#lqECvaSHYWqt9 z6t~ubQnH8aTN?nxFp85=Y{O8MU}r};#|?3%X2plI_UH|N^?t8|$qGMn1qC#nOlLb5 zK%9?QAiU60fm1;BSu2`);41NPaa;#gE1tSAT>)v6j

7ZPb3-y%;oUK=2g-wYxDP z%MiFCQ~)Jso&1N&(5rgdXK!Q|6i5qDYZ{c84kjO%`m?u0E%0bxR|R$a#Xy#TPF=7s zUz~O&O*tB(8KN1BwznwpuWR7Gg?^| zycXwuXhKSzopImCYq)-m1r25D*^ERv)e@aS$!OIYl(aUuwDxLev#W=tr-l}KppLKj z2FJUE_26j_Y;1Z?czjpA``q1*X1KolcS}WZB!g>r03N_as6jy(;Tx<3)~6d3q)z>) z4J*+HNQPxM#3?9;J$(-PAT1~dd*IdrJt)Qu$zY4LL*)Xhqvh}F5ZL>7fcu-6MwS^3 zvW$6ATK|1Oz6~1-;s)Lj88?+B0)3I>O0aq_OvPY&s^naYuumJy1h>2Zd?0mf0-t1e zZ}pK99uRFZaR1;P4h+&5F|WLYN8X-3_*9IZkR3?o+s6UubHlg~kQazdD})`7UmMN& z06T}`WiyQB@^rx#8Ekk`sX8k|(YQvKSkPhT`BS~Tv zgFV@@)JbAYzeo$y{Pfx(AP9GFfSZ_&WHw7li@o+$N4G1hOnkRJY(-qJb-&r0_rKfV zT@eHC=0gWnIu%~v6TInhy#_^v zfFrQ82Lg0ysHk-oEa3vUN;I7#!mAM@U}!?6!VGk%ltX;!a`umXX&=ya$AkjW!lYg- z2?!*@)8b_8kbz zW}W!axX1*4wVA_@dnY_*nS{{;FJ%$Gq8#~PlQh#Z;faLH+fWwKlc9H+c0a0;Pm}jH ze@79&j+}f*%d{>0Q*&{Kbg{J>nVIlsQj@&l#+n8_RYWh^$TNLpLv!&E+g!x&OQMHo z#Ewql3r9W8HlVteB5l21u=a04&iG%v5Ea5zb>S@PNo|Nqk(=P>sZ`fo7)tS(@^R19 zE;eFRU+X-a!f>@2@o`DYc*U?q8FvT{)$IQ79<2sz_u(W?Nw#k!XO*9L@0jez-+ufKa{4O^ z`Q!55zt=wA7GEo&!_*JubgI8s+`TWa?;}@zU677p>Ds$&dY&DR2j$%8pYV$CWW(L{ zu7mt>G*bK;?KdMK@cuZ?cZ(@S7yF|4SDbU4KZos_UWRu!eaWMEaaHv4O9U!QxqPG5j}+-@6jPOyZkRoj`!HBu#>m)+}&v!&-``n*WGmn z8lz4Aw%2cSo;IA;l1@6(@*dWo^Z38V6PPbMorK>du;lz}kKeVlq~1&i@~Nx#+8S@u z_m&ffla~{EK4r)0#;06C(7PnAytF^6@LvxLrLVtk#&Uld9B{^U8uoX^W5K+YfnF=Bw`$b+H(pm# z&8#yLUzEEU^F8)Yy+GRg_0T`7{2_fVBXd4vSB=z`ev!cz=F^w4^$5%?kk0OO7~P?@ z4c(Nt^*O@MB_utWwN|QGRrf)4KL{C5x+^N~wAp0rpXaqoJ2iQ6Ka}TLVRF4$rElAf z;qG+_e7Mds&ujAaKOU*ORl{+@iL$v_(=TL$FZT)Xpz*v zTW?2r{AxVO5}wuZXSlO4(VtW1bC#Z7@juajJDRKWa&kyLziir| zpS^aM-C}?DFOHV`B3;Zjy!rASR=+yT{5>tI?cVNbW@@)k*!rNaQLVFl9<|%K=<#~) z8!yh>1oHl~JFolG;$Xe}VsGYh{lnz0Q(!kiNWaNU>-RBTn#o-R-_@{(KDpS-o$lo@ zV~tPSjQ!JjH&1S7=k;1}2g3dAx=cQja&^{hS!;{VwwlBHs5e_ud?JhOC-tkmJvQi% z^D^^ejO>z5ZvS)rkF*l!N|~I$!rQCHZoV56^R`%5J*n|x^;nt=uFr$qbR0uJ{wiWb z?t5l)Ts5mBP1Bq5?D~vN?M7nX;{SQrnf(v%=JRG?dwD-vn`$Ftua(Zc<#G=5@T>E< zIsCes&*8YpQ}2ho*G^o^R})z_T$|5g!q+*yzsFnH zs_1yw8b|FqC`#7kSaR4O>S?_G{p@(Er!Jk+bn7WywQ-b#TLr_NFfA6?->gd@h%Q~7Vj?7~Q8qAslWh6;}$l~t_G{zRRuhvRLo4{7U**~nlV zrgg+c7KUlfk^?kk+_*9(jWew2G-5aMA7&JIs>Y3Nk>fWd%!DUxtY{7)BAJY_oG{bV zJ_A}+9q%r0V(^-XndebuA0gGDWm3wal{A%B{RrsKA+*X!HwvtZ@LWZI&K7_Khv}Ia z$5_&Ua$x3c_G`CMLysE5Oe-}H9XmY5Z!LqKH;k99`&cx(r z+c3Mu^@mO@20k=p?W7BX9tlgsWw5pX>0D%@*6Q-y3~E{zT0H3iB{$~vhVx6ax6VkI=zWy=x`aA(4(!^$sqw$Y-e&SI=$+AP*=c=QiUWp@kI%7h_-gD@ruuW8|G1yw zVoI^*GW#^%|F-mk40=iy8!UHB<*ywzv72mI?qIBQ@3VV6)UtAO@wmD zmogCJq*91QTE8bq)32m)&wwWgdr=SMRxQSh)qo~%0Bqt>*cT3wf5+=LB%jeY%Mq`Ck4<-g z%Fy|11jszjg3Gdvs@4 zBNI!f|6ZrpsKMGGuj2MTcCNXPkeTluCnx9_0aIHhOCJg-gZLf=lcccOL8xj+;cU7~ z(mCFAHRS?mtBY}A&0(O_P^|_bRmQj`uRL(NZfGe$=XSuNx#EjbXD?W7uPC(`VrQ?| z8vVNW2z1nBsa%)j@BV)G^5@;|bll{DMLjgoUR&R4W^cQIi_Z6!Qdo&*R+1f<*$7OI zFtvviWil#HV{kH8GG*180(;)$(6f1QFDx^rGftJn9Ni6cvE<2(vUKk{oThfM=Mn;~ zf!T{?I;#rc3?)>)G(|C%mB+LVoZTa)W^WEdsVuU{z%yb^pYiFcrpnNys~u=A^ZO$k ziysV9&F`N?WN=#xl=!(1#9WRGro_Udm@POm7mp+bTRE+bnYQQDR(xmGQh`Qgjlnv+ zqbQF60JX6ar!64e_zmJjnnNpTk!9aMl^?8E|LIJc2ulIkZfIIa0AG7g<^|Sz-9w-U73Z@-(W9nL3`u zxttx~cEo+5Hm#zAe|L-=y-useU_{ZLVl`XfATT|0a;*(3T1p`nqWP%u!wIATr6KT$ zb_=y4(R@_wu_YMlpioZ|FLTf250WauOCbT-Y%^YKAXIcO6geuqX+cNh_%7;^Qp85xn>8zAB# z(-N_#nS#O1W8}br0&&P@BI|i%5ls=EEnmz%ODqw9qy~8^?J&#U)lYu@-CrRfFNiqG zqk``-2$Qwf;2N|4O%xZxU^NsIFsz0n2CC>!Sr)&XC(c{o|APEs&ae7gy(nXkkf^Y@ z@*|g+*HES_SVuA6B&TeiQ}*$Wt(*IOtD9?D+APx4#R|M_1dIkv{DcNf4k6sU2B4v7 zlW^>=z(TE24X~h;XEto+&)9*y$I_>-vv5lLi0(Q0EqePFZP6MbBUZ3(BoH|qW$>3m zs;PAH%Tx$l|B@cP3zbFtWRxRH8*|G-9!zvYTepHYM5s*|sotHjag8Xx3!j+~2h9Nl zln70GYU~H<3dtcH<^U<4Mbz)z*e4~th{T>_i>?hs+X>Cx08q=kp%l+D>+6A;UBk35 z=tSZp#YUvFLi z-1d&XY<<|-kouhx3NGZTTi0Z)AA;!AL&F9Y1I)4&N~c-*qzN2jkKXQplYWky!EQH3Y+z9CjQW0 z!<2_h;b7u3H>RtT8Myql%k}2I=XFYB__epa$yVLtNgBWA$MA72JX{Tz z&wXF2=*zlp$9*)&6kfNd-0dne_!3$?q;LiDNo$@@-F`Ql8*6ZPr^oT~uNnTi+xN*t zczK<^SN)au#OG>Wr%U0@)Iwg|j{7T}zu|4#*(E=R#`jsuo6&5{yCU7ky)AyuWoFll z-fBO6?|8e^Z`Y?wLCCJ_jko)z)>(azlt9YAo9VK}W*3*~e=d*cy zsD1Z`TG2&teyZQ`#3Vnu@;rD2^Q`MP>bIZg1xQQ3#0%FW@nfy?3REAF0ARrq;CWpe zTQ;lVHd`K1Rxn+t(48$gw$^E71*&?G`sU%%pWr`<|o66rpDSzI;B+u z=U5lC49p_60tM3!#9-*r3_NKpV#~LK?1pAbl4Y4Nip3})$QfF|8(=Pl8+1lBRaZdOu{%mkr`7)=8Se`7t zWc1Gd8C{1At3s@cQ`%jnl|73)R2luvl=UIKbGaoZHb?5V=4rSNRupiC_ zG6uCyXZttXw2iLE^*i|yc>MPp`Ko`CbA(Oj+u!8M$joznv90*{yE>eW$9rgd9<}$c z`OZ#to~4(*(7JrB_u}YVd+o>YXXJ^8+Tvq#I?7eKGIn~?TD<(8p4(B@TRm5Nc?4D&;SWSy(-X!OaQ?` z_>~CotI>#5gXS(kot)XZs!c!<->>G__c@iQm7-&XYef-Fq;@yOmZakzPxXzuL>l#H zYM7LBI_^xmouJ%weHnL;r0jT5)cGEhw%-= z&{CVlKGZ@pEh7VVt0&dGS_6yp>Y%M(aM1RQx^K>N6LXgxW!7AkVRA2V5MnPobh82> zvf2}oZdnigak|$Ln^^gf-g1Q(x?!o2BlqY?0P7`E8Renf5BH#z3AVJoQafCQqj$!0U zOv)sDnaSm%jrb+kEktaTYNo^9TvQ7C*)^Po%ONk96R&A>rvv?t{C_rS?rcd?XCt2EE@G2DsWD2*BC51v6FGJ{iCAelw3rHCXKt9hYcHWg4khsFv2}m+ zKtAy1D0JC|f;O!a(_SKQoj)o?MOZBa6;cx01pll>`!d6%P)SibR*+1pbrgSC?@&~9 zDHNE=Cr&D)5rO_lXC-q!)=Q(QwTl+!9HKHSE7**6Z4^oRX{wQ?M@f-!D!{Z&Y1YyF zy%s)wkmymMk^Zuvh_8(>Z;!5!@v9B_p%;7lMK#HLj)L-Eqn}^_hRi(eF8V_x`5ZZ> zb2m}^_*y7_1FV`)A}D3oE`G#(az$`pJ{{^el+Rj+it;HX^25V=ahTA~L4$vSK7~y{ zhx~3W+6WP;iKh;ts?W(}@0A);5rtmL1ge5C^xSSv+6?;LD)U_9Gy3-c)-UnkP@6JS z<7vViFhd|R5}5AZ+h8>qN+CWPEEvX-F>QA83s&*OO9zx7S&&S#F`JAokfp)m;5b1# zbl@;R9P#C@ZEdKOAW;NQ+OH40T}J2RAcP7azA!*tKv7I9^!N-YX$F!s=^(j-gb@Qt zDyV0IPEt$(lmjoUYeKL^E=4q}FJ~;%qf}k5U=t@keKWGqNb$h2GE!Y|i;97|=}<1} z4|N4vAE&zUG1i!Rh6ilL5`gxMipki-5UPeA$i5V^`hZ`})S>EME4E4vs>YhejUm+n zC2%V1lTfH92!xb6o;4~Jsaz!!ZU|z67=``31O>#cLv-=wYdTgSxj)?xuwH0Kjn1_N zY6z9eMT9|f{?^sSMBbfDRMlxT-#{Sojgi&_ZoD~Ne6TdYKR-Z>ME&2Lb4=Q9kiiSs;_be z3MCW+rZr8MPE)Cr;8sIA_yFWl(`$Rd0I?2Mv`Aor%_0)21tmQ;bV=9*OQ7X12SNDG z8Bh%!31JYN#|wiNJNV#<$DY*&i9%ekc63_cJm_#>)Itxu7GBtg)Q8B{prpV9MkSR9 zK{bugJ3in6Op)FUi9K&d&<^d0Gz4Ln7!qrG0ZQm4YH{M&L?luW%?{$5z1*YO8G&7$ zLu}Cf75C|yCPipPITRJJOYjCumF9$!GI^uG2fq+2!?^(!l`BYz5sHen6xE1`RPySW z9Le5~$z8y&Z3jztIn&Z7i2_yVyQ|&Bqz9OLofb-4uw`|iR<9gr+qqaf-AJ8Sp@{u- zYnweywgbbK+h<3qWWwcL*^h?Jq_7KhN&ydfeHIkC*^Q%T39GMN1^l9>+2=Ngd*9`| z(E}RRCK1k#yXujx-ft~5pytwlF;_znm>KymfJ2vC2Cnfk zyvR;DI&mB}x-Dq*4=pGTcO|#A@JK4pO%OL6cd!Fi+YqlqQ|EaNW{{T~_-D!{GtQtj z$mEM`vM;yoS0_FovNb|TNFMhx_iu<7yaN3cE(8Y*;O9xGAH-Vx-UXbf53yix(ZDB- zQTMEccwg#ypqukNCKR7c7w&|*C_19Luwz=(vMsN2hMk7|+>+b4>=rP5zw-b=SF;B6 zQxKC(Ea2+(QGo!#=mTuV>370mfV0Qb#-Q=skT1$EVMbNLuilvdXcq&>JN!Dt8>)qI zr@z%wPxedcb@-jNc4)4P1A#Ye5k)n8yL5t*+qAp-oIAl8cA`%{G|*X(6Z#QQY%3Vk zx}+@H_!7adZ6o<_M>{I4{B8eQgDU4EUHG zGJHV!Z15s)&4AvKI-&pBf(1EM10VaI;KnQ4#1n2bIK_ve4 zCu*pgYH$)3;&p``&AFttDOnim0j0yYHTy#QXT5dn}200{spBj>XI z$QytH<%Eex~4^+%4W^dGaHJH}n9X)do7R8tiW$((qGwvaFfY22)ehaP1PjYQ=V8Q{cGemaWW=D8CyM=X7uOvA{cC_^jTDGQTez z4j2v>@D%y5b2xEY_P8Zqu}lxN#b4o`@bOo`Yj*>Wxqfu6H;iNNxWx|VSAh3`kIZ-e+EB)&ZeL$s`vgH?XkYxNK#&3=8J)f@N zXZkwQ$I~75Gkh|}Ki4`+_{Z}8GFQ{S$C<>vaGpKf;^xoZZg7TV4d>c_J!Ze&exFS* z^3!PYzkoj<*wfL%gyC!J`)<7+4o$h2*OAobX*oZrZ}Q=IS=G`+KkN5CPDs;7>yq~p z;n_^_T>mUvzb>G5(#?uDjxRzKmM-f8TlJ z|1~(BL|%`V_Ivo?mq~k}owVb6Jp1jk^Lwwm#G}Z8o&I@! zR`~j^T<8_Q#*gctg zhLlc(x_z@GnZf6kg6Bxc3$Pu0h^RKz*SL$S4L{g+YxVI{x31zF2e zGuoK>2IGUiQqDY{Vm8DS##d|Fq>?F5!V&qMfY{`>)9Am|_>!coqx}}aR}&iR!&QU1 zkGY)zrM-JkEG=zAlP^O$u*ZZ5hTqDO!#a}A)9lX%KmO!FmEV>+Ix>4S476sPZxLnv z?#xGUc~|ZiV6zZ|60pn5mI=Z^pBqLwAs#o&@6+9V#yNb;_f_Kz|1j= z&C~q-l*hK83Fl`&e*j(Q>v*)K9iM3Y`}C$g{k_|hS@(0iyhENngY!M8BW^(Eatq9A zZ+x@Yy<6k?{xpc5@740h`}g83@-kmXc6wXGhxy`tqxo&?>-+a}$XdVB<7;7VtgN#W zzUv{DTwAZ}=O;4G9sCpt7C2q)=a3$`w>yhdm??Ls!)hUceqDS&4%_lnJh|nochXj3$^nt=NhexnBq3THT0j6EdPsUHk zPfCx3KJoHMwNb)PPLH@Qxh}Dnh#=j6a)>-Yc3n=_I3klcU+ z0IXKzkssrsmDZRD0XTGp~%RfPo_s zG}6S{8fqeWttHe$9;4DrYO%?a^$7(gT!)o(2`yfe5&jTR+6X~FTCOF)7S53Y0?7(z zzeu0wabtm3miT-t`R>l=INxMC|Nd?{-%2cUb#|u|F>zySW8GLlxT`3p+|Wf8X(b@#qJ`?_);j54t3l~QTmz2JK0Tx+rU^#%FB+Om5Qi|lv(fu)4`-e$X z>9a}a-^#`TMS}w8Z3&odl>I1sD=ma%5#9ij7&=b$@<8h>@)%Ihembf>?Sc}GJzX6neS)tI5u_a#W6~M z5n0N8^uS*b$F5Fp7}x^)*1AhrzH9LxFlUrsG~msS}i z9h^#Dl%HF0LjWX8-6OX_p=8)3D*Y-&lL;!yqF%8pc6Zz);yMN~$RB z+!Nm(85>k@jnX9IGXzAjOg%1!L>Mbj6^Ldw^&YS%F_fZ@X{zt9ZGInyXW&jj^%ACh z)Ds)*LKp`LwowAk{yFaiTkd_11pdZHk-;W-Qx-O;VtpRcl~3bz+Jux@@{mRfuZd7n z|A2&>o&sD0(Z9h$NmGmoau26baRTx#mF&VcMk@n(IY+Sq5Rgg*lf>>1?O_b2k`dJ? zITrn#xiZ&gNtx6577gQLO4Ixonk62wCde^W$)7#-hgcX>D-(~_&}BwivM|erfD~r4 zaXP3Q#--X|I|s5?1I0ql#oD1uLAKDkUQ><0}*kkS>D*M5D2anW-#R zCo@680rv#qvNjhA)oF9!=?of6S0oxF<=O(48Z~Xsej+$_EsqRR-_SgJ;|#}~J{r>H zzW{eI!E2O^zN_QSzN@sZIgw%}A!1~D2Z4=q0}ukLNJS#dkcxD%EeI;dQwbmyjR%UQ zl@%m&3#chI%w%TLEE55tDO2@tiUXWh;aM3f$w5xyS^Y4NWsQ{#Ig=Z0ipx4|%D_Ye zKoBiJ>9Ch+gQhLcnJg128^uFSOSd+*+$1L=-JDPp#K@Z#DcJy(7AfTgihJXr@FX+A zVW$rThwbxhbopZMCA`%-dYG0yObb5CIha_ZMQm}Jwm8h@<7YT0P{^@5fKTxf#ERNO zjTGfR!1(n}#u;vVr38p*1#nnAsj3Qrf%=jc!x<8f#X?4ZsA~wC0(T4i>W;YI(ZIN3 zOeNAGg^8|S*&^yOhHQ_rcb$!Y3+BOo5O&dydC~$u$Mk|INb>e9RS@89VxVlQ!E9_` z>K*U$+}aSd`23{?X)4+CZ2>IXawkW~#1Sqz35`=ky6*Np;F|MW@y z!qo$a$S4KMMuDrnZ1<6g24+qg)+E~|sgzwyj`t`fxR_Bo@_?iYFFqoHiWl1ATkjHN zN|av|))i#aZ0Kqk%d1hwf=iKjhe}ayoTO5LCyUing(x@i^C99AC(x4{5#t3S`sE`N-?61~nj~qd!M=BoR3(ss+ zZzazn7SD*m38I#ahDK}1tkE_0H^ap$e@$LM1R4bjPtr;@3bQ5crO83u1yT$4AhJdW zlDKuy6K*!4N+AL%W5=$ZuqTSz3~R5t$!QqqCD7E4!CH-E=3!@`abTTx9T8rk4AEnw zfhCeL%7F&;H&(Z(;JhS(4Rku-AVrW+x+R=Cs}c>o6iOtv5{_|6k>k6Ulpz@*z@pe} zSI!1>8*n+koNn?*t<_AG_h=fqBl%RW}bxY6DlXlC21YHzq`xzPudL@aqJ&|X8D^UxS6GFW*3J5jvGg`n zz}PYzUvbGf&Fn=#e zOFDGlxhT;@2n_T7D#3j$kUqb`SW?li=G-+DXmYc_7;aLcVudEpMA>|G1v-~Go29v{ zfCwkd7iJbV+zhdQT-hu5o)j`KdI(Iz#xg*VfQ9U6mS6VEZqylB0t;>48#9YPnFLw{ zT*wzXcIo@0polCz0OgVkbA)I#`D zR*6_N;r(+~{uC>#nV#fhvNyId1IzGRw(-+SMtel9wWgSrbbAX|tHogxYp%}?0Of*{ zhF~MBPJ7mj73*2m4wud2<%2)wQ0c{&lOA2?gZcTK-_h|x@Hie!%+ESM==|PRtI^l9=01$)uj%x< zUQG{&E1b7AyFd7)(!1{$r>M)q=f(NBGX=NDKOR;m2i)Pa^qFp6gC|qT!Mypg*i#c( z%d5a~q`Z17mHqN(c{>da zuOUXeC2vsUx@y^OKcw#+KM%J@c76TrpQ`v;AIJA2YDsh_v(Vd(*Rzn~Jo@~nluf>t zr|I0^H`*kx!IoI1?f&?{&kPn zxGG-HQKzqQ>YMlD`)bMT9gp$n=e)+3&fe;+qxa`adLuP6xG`-cfI(y+=2M-`^S`W?)*o4&)eU)7qpU^ZikOAvdzWTt5DBfm7H&j z?b#Wd{QHG$@>?(B2UQYhx6>Q?7e05x%5XgIkF6kjcvjxGv-YhjXLwtxjG5mT^0cJC zKM9}veFJrNoxiJ+*q?R1en0Ho@USbl>*Bo1*4uu!mzS+7GZwk|F6Z;^t+V<)Rx?p6 zRXR7nd|y>wyNMe$sJEw!<;XGcem_?Yb>(rG$6l`)Kf~a^u2rtL)WYgF&+*(Xmv_X` z$yE7ox4v~>r>)_BN`8)&?jHSF3-R%_P1C(+H0=&|fmcPi(5skXy&JbVALp0ZH1NB> zHh-HuWXG>IsC~=5biggX?@d?nA1)rK)AOwDwHu253^ta(B*>?$aQgkMr-N5v0xnE&?EE`66U}OxqMjGLt3wLR-O_V6NlLtRbEN5e$Nbh-QE7Jf2_OwOVZmF z0X$;|lyMgP${ElIB_1Q&bWV}}8^ z+h>505KI`qyDE-J6-|zwj-LKU&z}Hh1_5%hvyvu%7ZHjB+!yXaZ{{#HI8I>hHc6Ne zNv3l*T!nkF?kKx058p!Q*&;lAwQmok*!7o0Fr9D36{yWQj|< zKwL#935rXsNyVohCJ$da`@s*|=+SMeC~f_V-z)weP=&OeSEUXOc(-&`rx%aHjBeGY z0q8`U?T%9yo#|Ry^{tQ9W$%2c^lEWXNXVgX@#~C@7VqCI@AkaBbf<%}@lP{*-bWrh zj<12t1m3%G>-RFp7WD#1OmcfUU3tDdY9^E+~bG!G4L;sCi zTrTf}?}rfZ&-eZ5%ipiXWNWeRdh3&`sLpKkuIIPF3FA?IeZAlF7((~?C*AcrzrCJT z{(1+P&(3c0pO4~S%C5W4kZ#>P{=T34HxmIZk?l7dz;p6%(;-U^T=RXKoZ!d$2=PNk z4;;GDWJgfE_~?36bYpC~;baHY+F@k}V!MAK@~E5lI6Uz5L(zA05_x3_dqxUhCBh__e?nblaAm$@O6E^LHK>t_waXCT~KxXmv;z$ z5Ou@x2cvg~Z;)RoI}!OK*$qLzxc0;RBiwh)Z<<}O{Ne70=y&q>dS5(z0q_UE1N4XL zcU5l;d_nqygKw~3WPaGakMcB(qTl@gErTW!DMa`{0RR{v008`tLF^Xx_SXMb0#&zm zz+Oh(SxznOZd}#0Jbp{%u$Fej>1`Hcij2gqrKOaEKtQEt0o9UDTWK}Yq*hBpK4UOR za&usAhD-(%v(=-u^Jp#!1W3kL7-%95u+HJj01UgcvE&}g1QMo<&+F9cgqk~t$!p(n zp5=VyKJ_`hvU1-ptKz~CTU$WC>MmmM^kf~(z%#-q`>UcHRg2o_)4>-R?lO~qWxP|g~& zMv59r1PR88LMq`H@*-l&H8LYH;FP5h+A_*MZdBaC0C^Q-NVdkM-22Ly@8kICigurG8?nrgnZ9XC}2qO5(?=0j9fvJz&1fvMj zZwV+we$4k=k(06__=152lOX31UR>UmTn-lzst}0f>20TjpCX;fAbkRZ!Gn$$dwKC! z$o*i>P*-t-oFY4C!a-}{ByN<9;NN+(&#v z9{oWPsjmoI+UgB-9jR8M9PVjAY_SIaYvlx_4$-uayN4jVIQu1Zh-#9mnx(|)DxhHJ28is#*D`t3 zK^3WquQYeT{g?to+~5X)n}GEV)JW+1>RP2n19kD~2^R1*_iDt-HD<#WPiy#LH?*o; zqTsOq4pB`h(3+4E86iDxDOI_oJ>3FS&QMJYieK&X{GFnjU!=pDm2LXVeSH(OA!iL! z>`4y}qdNz4h=<^M`_uj5;fOR%tb^fxp$*?-gic>1Z6G;EV3CcWNBm$!+R*M1K0Upu zIYSqcL8&6S1M#*e6Ri2x(@zm<10b>g7KB@y1U&!C#;&2O7UMBc z^rxy9rXh!UmKHn-TbM>2u%U|J1*&IZWr*IaeR!xBXoIe2Wcm8QnksULKKY%L=5Gm%l51wr>;dUs-{|T(*Lx|= zUl+nfE4TIirJx%Q%Qd9Tx=@Ts56upQL^J7+S)j&Is?u}+z$&zYd9On? zMeZylL7nT6&3Xd2_DYOq-5?Px>e+DxS=c`51bka#-@L%04$L%b0=N|OT9h`eG-uRi zpvm_0r8BU|V5W3nd;?8rh**)Q0S;slY>U7WO*_%NOMuH#q)ArS`u`St+Q}9G;inBLo7|_3w0vM3B*XTX-9I_SLjcTQ`Nw(kYt29UhafP?#crr}gjNqeq_XCe+FN7o3`&Wa`I`xt#Ogg2H%c0$VZGxC)1qr- zuI(tpPnaFjvDV3fqfDxQw?J20z+Pja+XH_dMABw}my925`RjjMN7?x(x%1nb&I3zh zU1!vbw&Q=Sc86M%@)o!r4?oHBt#J4s6Hd+5yRdA#51ZKiAMfbty{`P#FrbYVetM2+(e@C<1-DFeAYUh-xrUBc=?^f0uM~%7GTJxDnU;CTIo)bUj zg!(=lUbx?SJtbJ4Ufl}ypZN3mI}guidQXhR>u_4p!>$Jw9fUH0K1<=tM~a60{bIh%pC`)AvE z8h=xq?W)SwujVK5e6>Tmy`%GVhuHVhrniFY)V71%Yx_z&e=F_VWwwS~UOsn;?|^)8 zG-*zRRm^jD0ObbT=&AS{nwR3FdoaN|);E&zH+5v)NyAN;?t0pcwaw31J*g-*>i{Ne ztmG_A7INzP_;0nJ+amOpYW!hPKS zm^c%pNsjOWBfJ5M3f@e2t_B28KD;3!RB2Pg=nrRKS`=LUX+omLF|WUd0xNk%@EdM# zK)?sU!o-jT4`;Oq^|#x8dwVYO@5oM?l1Fiae;aUDZ~yhTY3GHkKs3~oF^N(?j8BNt_~Ob zyQ|=}dIz0`ANu4;$>!!iM@?HybUcm*ucN(r-+J2(#n|k+KC%Xr(ENT5%jf64+x0JX z>9Ql)>^L=^SEX;@SUY_7?fw+^gi{_wqWsP`razyn=2MK99=On_ z4Y=I(5xE|WwL_|HSgQx59+b6%lmCmYa|+TV?3Q)gwrzXbwr$(|dfK*ao71*!+xE2W zKJ%Y_ZuUO=uI?(LBHlM@t$Z@m5%l-|aT|E6F}9l_p?*lGYCwI`D za1nRbZ;GA3+TqoGEcII|`8~EC0>2NNgej)~spgRJnv{rw0|9~kvjLF)uWAke;AmoC zWNPFHFmwLD{9cKgo-LXhT2G@}OQ%lD@%7BYhVs;$782Q&{JNMe^z>C~UJ~OimT*BRQ+N7MXu# zKc_M+#t^b*c}1GP1=ZglV$C6?OXq8?VR#Z5wHyWO)9B*ybe600&8!lY8t5fCz8hj^ zv7Tv5t1z>}FjV;*Vr5#0tt!n{zd;-MkIu-dDrx^68*%A{{KPc$ zMdJ^6IRqPV{TlbrWZSn2105FQvDi|{${hzf@+YaN8CUu!t%#OXUkL|f9c${Gl{!Uu zIay$%a#GH<{oo5WT&4f z^5zK7P1m0>&=de7PbG1f5zYq;f|IkHST~82Tx5FA;1j4rJdk1OPK>Wbfg(6Z<~O8L zQ0d;`L=YN5VugC$vn?pLs12HMBBoS7I)z7t0wl1R>HST$1wj%h_locmN`l=6Bd_3-8Q6 z@EVz5ufA)0(&xRn3V4atxc_M3<{mENHAot*dZ_E`6FCXl7Shq#ND^h)?bnQP6CE4F+DeZQLIZ9AY>+{FHGbl$| z?&aBk80;s&{QV#zZ4K-D( zn#$If4P1@UI`*?J7Cx?6+1_?}02Mw+?x#ekQvP#tv@*q8P4cG|4MKHc!6gaX8Fsur zsm%P>sy^!A_g2KB1B=~9ESQG6+BAmx^yOLZ*0TPC5@qARZn5{6G`HNICtu6Q#fR37 zT#t|3Mem1&mB~L6Vc(of*z3L5eYkf#LUk{F>#rI~Wu>*=jn0#>aus*$A8Ab@t*1RQ zYTX=xH95TZACSNFeLg?i@p2#4%-vS7 za6wIK?QB<`Ywq3=P1;5{Pig}&BrPqQ^>1RQ_wJ@x8f{E)R3QToxWyEy?YLpkWUM|{ z(9((p5Y?!yOPZu~qspxa?)NHVRF%}gi;Ja~EBV~q;M5Ihm>1T)PPT4xA98MH^tQ_o z{3>D&rPE&Ep8X00+`6(3UwfVKT9Y&{BqyXVPO#>qv#r;(?LGB2mgH#P&bD>>l8YO( z^kmAMGp$}nmvoicDfmt}$8oV;Rauv!N1J?*!k8AOsr#AW)i_IHa_%?9>hiI*XR?$e z?oITU8)RWYib|PM8lr)g6iQV(YP5mbb7U1vu}DqJRl=D~paHJR%g}@9-Sx|wL`5Yd zaEmimRtla=zpS-UE3!3KFSD-*msPlkj#TLR%%VLC=UI5tSXiiOljxXkEh(gQs6SLG z1QMRC%#~Ngy^B;*Q&mEg1)!1yL&+IW3Oi6}9Q-WmhB@R%R*!bggyeVr5TN zv+8z*=YADpQ`=}uX02QGl$Z`o9l5fP1N270v>y<%_zcZeV;^$CG!7zXLDux^h#0vN zDOD%$q%(%*uUNK&@P=z0`S8z1$cr_-;)8_~r$&p?=D@j!h$*kritW*#NU@(Ltij1g zoC*=|*(wW(BfcfiCLbiyYv*{T2ut0-`6pRmkyEqZ4`I+@xGeCFfevc9C3p+MU<3@r z(P>tdlJi-dL&2rCcA`WpjQL-srf=R1UV68mIsB3!iXC^$KJ9Rz8k{m9gl%;TfVrl2 z-5NkN6cPkck#V3fJu|42qvnET2dUE2)zD5W1qjNh;K^s-PiLW;^)$3Pjr=e-m|fXz@VDqQKI-;CK}HH7=uQM0fnfi#e01u$>y)YwoYX2% z%8&ylj36Pw<>}%gag_v2;J+Zqj$)!xVB&r$!-k-Z8R+4}L4xBzvs!8S34(|D!;USH z+JkVz%q5`N*UgYZ{ykH~`-f%=uh#-hw# zZdVs`wr$m#V#AGrSp#dw9DbTC8%!^W%D4fz65F8~FJv&qN9wZYegURVL9 zx1%=3149vI7-dWDJUfV}3Crv<*=XzPnrvQd0Fb z@y~7|sBUshp}KpqCl_B2-O`e94~4P-Xu7|3EvdhML%bJwRpG5YwzL+cCuk;&-20gVf2uSjYwc*2JYO%(}n;9 z4MZkQ4vpsK*lp0!t9DtQ%n61+H85^b6NC#UcA1D~g#>RFwQCXPrS4P~)GC}QuUJ#1 zwH5MuI&2Rv<6JCqna~=!P1QhjotiS1+{S|OH?#H`(M!KfB_Z_Q(L{%3kS4T;BSO^h#k+aB`QO;7?i zUehKl$nzqSGp8kJp;x5RoU^}`Zn~l)mXn0b3iI=5haU+n>Fky>6Jt8!6sUL~h^|xO z@MK?nl+MljvSF6)r+FPcL#|OEgE(-N6EiYq+{!DRKH|#WyG}ojo&W@fL6Su$u7&Rh zPVeBK$xnvWuujm`Mv5L2c;C}Z&Ii6AiwuMUHIR8`n5iEliUBHuC>nu~gZA)`nI;Hcn5)-TEX>%NyOsjf=X&TX2s4L0cPc zTwNF(q#ZOoSvZrw{WZe%n^9l^tulD0o?R$ z84x1OZrdZ!K%V0AWMb@cA%AEc8oM3E3@NmYlnCg49Mk5Cn%tCNdSak!`L$eHpLEaf zPZIjx_D|k;wN)lupkK#lm_JqN$>&_J9Y2qHR^H4W)2%#+<+!>`B<;@?+o9>hMRa*C;v~v9L&OPU%=RGnK`-@YSoF z1mgrn#T01QQ!nDgq1y{zRf#y0)t+Zy6;BNjNigFz{&}%| zX10}0x!2us?_i$b?zHpO#B8#+{iAvC7ymbK#^-VtVe6IGm2b~;k&Z(5vgh$*uZ0_U zSs^CF>KC#LC1aQV%g*rM-JiP~>t}wIoOJ#7&s6@-hEJn`mxW-!>Bg3TpZm-3v;zYk z@7CMa4(d(sz51#{+O^!x`((iSRLd8vTJI~>!}*`fafto?gL}W4E}f5Y(A|UZXY5h@ zKwQ4toKpgU&h3YhFv(x%#NDRxcw}K?O3u-El(X>`<7wkAN3=&(WFjL{shUF+9?q$< zNiIjcZ`>KgjEQMubZ-zDq`PEki=UGh6but)ExP#*^WT>v@Zgku=~ zM+W{!{lNL(eq$UQ0sl|`(E67bJL=jyh##Q`C4=u6Z|Rc7yYNlwMv>8$BmePi51gG`z+*B~ZGY3+>vMDE<*>^j9~Ou2aM~8rD+l)+ z_mn38+bJ9CnDe@6md#w*oW+0&J;bAktdzBp+=(Gc#_JyQ0&a0COL(4Y8C}L>Q7|;4 zIb){@7_CSXQIO`>jg?i!qIY>R37coVZqu7bI<%Uh`SFOPoB$7TJ$ z_zdI6dXLQ&!o;2FQ$cL3NgR=`E^oHnoAJ_RNhRJ5h9^de0c(xn1uAv$eRaV{!>TQ| zdt9u&@x}R==5v$~-BzSF$#A=YMl-lG(lG1y-V_>Wi{b^E7Ki$k;3I|!&(>e)w3S4T z!_HPURm5r__(Z-GNirExxsqTS2`A)>k_+8#Ac~1C9?djBN3|Y$>SJ4CC+DO%8hTTelJ>6lJ|KtEblHr?(^r5A!W`Nd8_kRY zhH_mxJM0?(TmLd$X}5C+msHK7NsM%Ty|htV$4fM7EN;)`Shtw(Af$~Bt37dUbNg?} z_e?3qs>D{T!={Bwvn0{L!GW;mP^DyfX`v?guYYzRn$m7k691uPaT8?V;#v-zn0%Nf z9JAfZ$W0CWd6F!W-o}tVk67M<)<14fch3qLxL?W4^bP#VQi%T6clV2`gnK^w$QGrL)H_98YXa_f#X-+qwpa8*e5wcQp;oVmNvy7377p}wQlBO`l+ZNQ;S+>$fZk{Zi)6eMyk zx=!-Fg8dBi+tXmv!*FG1n>{DyLTXU&nh0(N86XqGK?5f)ANw4{k#W{U^gkvcI`_Ag z`IozfNd!y)o-H;_J2e+(8^}nsHX|l9n)iT%L`O!9b&?<}R4G}f*k=aXh8kkLi~L9| z?|;n=3(hBGAbB|N*?SU9UJNVu(7{mYnS^KA5P!K`O3kJeBn+2XBlH(f5)t|#1gE1X zRKKPmh8-|2ME?l3P}(0U4r>P#v?B5X9m6(}Q>^s#SKGfsHZ2Q4EN*gU6O4^(zwvTTM|C_kpdM)t2?Ev*{G&zCjg*tF?^A5KD&H6PXydmv8r6#(xEz3SXq>_* z!#3zLl})F{!3K5Or4q+kD_#hum}TR7*|OMc+?>G9IslrLcf-~q;(8O}kjGX_M{q?w zt=cYbqJg|ZGO2HXp1!ZiEdio_2L{EEu)xj`-G>Ilx==>Ry=l9aicKeY?o*G38cfDY ze1i{b!>AyqZv#QEd89+)MMbiCjsXf6PDs%W6jmD8x~6`os%`+mrYz(cNG9aE2FIpk zz}iW(lfDU4Q*I94En(Zaw_4o9)IpWhOSQ#^$gsz}^LKu@h6kd#$fKo!$;ql!G5X0( zL=r|bZl-!px*}JAe2Ze0jrre0R-Np7RYV8g4H=@vvz_n-O~gt?RYhD;ZrdB0xTKX; zvXDY1;1w0fAR=;O;ur>S>!5hSj;o-%ZKfRp%8y`s6wKsc!?aXR zv;e!}+18ZDJIg%y{QTMkz}rCaVr$stOLIKJzYWwOM#THGa8x{1+`q6S!jQ<5wIu&a zBv81e---@vIzHb4jdFBo4>X8)h@71ebnxLA7eH8WiKxW#B_48S*Do}PsD)tZ#p>g$ zWaGj)Ou{aTVCt00`D{gBUQ&4%!Id_;0U^Iv{M+CGYBQjM9o;Bs`eo{iFQCtz^a(5c zOYr&v`jiQ*cyR|g#R@ewL!~c3d_Xk|{cg+)fBzC~^IpUzlh=-Myy041#Kv{ zWD~pSKjy_TR8y;~!qj8S{!O(ei~!w(pxq%15(D41A7AVkREUcmo#5L)@3SWSm0tx5 zfOk!B($UC{uHd7=wpns@Rwb2i2Y@B=YzU7O_O$8P38x4;fM75V9>lFj5rzySK3HmI z?x7TtbWsbEa}mM8pnr+v|D2UY;2IuKR33=CvysSc9-tIb1WCe+PQ*>%EpI!RwA7kj zR1p)zjE))g#~v0qNuAC!Gi7pnf;7#a7KcFeL-XzZgGP?fT!q=>DU5;?Dq+^Rfl@2< zj>uG_E3~lE0|ThZnTOF)RTflXGiZd_VBV9<5rYBEQhBbC$3~ed3v7Q%waX(?z036F zuSh5%B7Mz-3F{OHC-9w}hT}(17LvK@qhtdC#|`>uPZdbvEpy1fR#7XR6-LI2by5F1 zRb%Ok-BTOF>K!%dK~z;e$;k5s79pMxn7N>m*s3ZiSHP_oZLpjL_+?syQ2_FqI30}` zZS%?=^9`L2QDE-QTo7P3pR798FM+}T9L}?1-~=QDF*%n;k)7j1-Cxsf11wp2q5J@KjGVcN!+%E1Cji8+P^hW+5g0?Bf+#WE8B=NS#%g360-gn?7` z3w544V)Tql$cRRxxD|@&XNy#=zb21qR~Qvg=tD1>^vpY-tKRNyy4MBng%HGddPoNP zY`XQVt2v!}_$)Ub0h-PRuCYBz-%%GSM!B{WFBrouWx;Q)f?*G1h`K!u>!{uGKn0n` zB^V2oXg~oj^Z*~^qbLcZ#H5OB*!b(Ad=IU~VxI%*s7R0_O$vF86ro*{yo#5G`v^ss zDu5T}=$@q=>WDeayIy){xF`zYjjJsQ!~-we)hdGyCejXKvFFUu7qOC#igD-`HZW%@GQ! z^P)D$zdVz%KMeOBK)rJB;K0|=3Ik4c1-~6Pd#l&zH{1lP)eBcmjwq6mUhg>7SQO?6 zlLleI-S7G4wxMDWBIbCjU#PfZ>xL9+1(nW zirN5IrYu%|X)?aFe_MqXb=`TA+7Y#v$a@!uZ_GJU)?YMx3#)dQ724iM^}ZGX*L&m_ zBG=%S{FdFaJB!r{Ke>S|A=8^P@8|~AZg12>?`VSzon3IFHJnTJJ=+LrE^M({XSF5! zW-h%$k1kJ?I5Pt#iTjKV7T^NoI|gR=G_TO11}5CJuV9Bh0WS9?frKWn4^urb{4=*Q zXwLgZvi2E&5-eVoLbI}yg3v#q1|QIWn7qUHVd)^y-@-C>9;V{Zz2o;EvXds!KamC( zvy)iSbuD})o#cBqUoA^Tzg&Q{FBfvw&(F^@&aJ3j@_L_A>V7hASHpfjH3)U0G8A$% zzt?`$%fAurf6gXmMV@-wzlz*?zxH#8POde_lK z{Qo@kxP5G1nY0>g_W(X-uUK32wtBe6-YxQVd0B*-D8nPDS?X_oM963hjTW{MaC|z zk04iu9J-UqlWLXNoL)(1df2`29XR zF_#vSf|o|Au_N=wW59B3>@3;vZ^!P&LfEaI9|Z`_ZS@btMD@Wb$_|bQ-(OMTX?H(v-%KV2K5V@2 zHg{jOJ`x0cHFxgjdBS$>x}CoLYM#JzZQAdx7ki1X&uRTu9>1y_y53p^wtUZ)PSy^- z6n4h-z3T22>fad|C3ibqzIwk;2Gd%65C0^XdB(b#yY7PM74g9?| z?*exi<#9x{AK|&P--_sT!d4`NM{B^r}OL)-vs&H$tS9{ny;BeSG=oi-;@q_Lc`~&_2_Jj6=^+W1Q=;u$kmv{Kn z*E{@!FTT&dZ-^C^HRv_?$B4d*rwj52$dB-cwdIy@pXU|6E7;*+_0Dc9XtVxZD-Z(q zf6{;AkSD#j|3Xkq|AnC7|F6R@z|p|S(ec0b_?lh-)YXi6uUV1ura)IR^u z`1)u3KqV=X=iNjJm>CL)xx~4haHTyiWfBO`96d0+@ zYlcVu#v837vnjWX@Ff0g{VP!PnscM+fSYIX=XXGXQLyR;Wj(8{zU}#7+B2T#>*p*QA=`6zJoW-M)6T0)^(7k4u~NTN1!(~RT6YMtIkFGj)kQFUp!zS!V2 ztv%Ns@)c?72l($HYy1Yw9QG#atH#qZ{_2=9#r=Zpw^OPb1+SP|(*(o~Rzg>g79Mgm z{;6oQTeXbTe;6d4i_uaaor1GaX*t=#R69-8(J|mljnMe0g7vop(pS&fyxTZlu2;Ib za&2}sWS+EzfP>(O;K=DRjc~01=I7{3Zx|V%8+@GL`hGfeF#Ti!7W7 zjNGb>h8w1E>al0bhZ(!wBpY89G;4Qdy$OqodvgXvGD96yuMGd zK=)n4nsGTt$+KOVqbWv5tU{!f_zZjX!4FUJ$?P&vE;47BadJIEL%ik z=QjP=sF>94rXDczJtkSPr&-zNIXeSP@a#N`Zv&|NvO)|K#^@BH$t0pMx!6P?{( z)orzj23x~cxfdYq358yDsyN5!pWlY`<&YLHljuQ*&DtG4Di1o?c4;pVr-#sM@B~$P z846H~tKK*z0_CxrU>Yi;@rru8 z&TZYHE3qvDsd*6OP|0!FYX_2Wg@p+NX2_q=qrp+;Gvt}gbON7hJ9v-oW;%r7HbK5X z#=LhoO48i7d+9KmLbrFBLT^}vZDhOk&H|*LaDd%|0I@cTf?W0smP;es7&e$Y(9o^G zj8XT+%5lx_tAj~y^}+VrLSG5z>*HT^UDvL7EzNj>2Boxx{%#{sJR!1%qL5!1cFyvg z=tD>9TJIxhYXUjs*-C^HBGy`uz5rASp+|RfxR32am$frCNLj#ltx-%Xnj?6qGCF(a z0H4MO(As@RHA&cq?>}&EL+Ben7~Dl13z}_QFtBYiV!Kz!^(SieD_0v*!YKsM`=1pO zP1+v-dS58yvo_a;51sq;K~<{#trRER;Vy$bmVwe+6%&_$_r&Q%%RxXy*7==~@kBjV zSnDN~+w6&Fiy*>?mE3onnx_@4VoJ#k&EZ8I2{AEA(@FW*WUUz>_+m7y_O!!Mfvg#< zP|^y2A5}PD(DKpOp+VvSKM9A01u-wFOmGu}3b1XM(&AYjpo}?K308~tNeSwi?{N#- z0I?Zdb5%lo?X}~*vxVuC={BiW2jaiyQ|)Px=j@$jKf_*U5qflJ+3k4(*+I-@3ftJD zF++y~3(}QhLZ@k_DNjI8{6OUU=bfC3AL7ATXa}fQ1AR1jOW_^4>)Pyz`|H7@zv9ms zfdOnmg4UAE}0>RsTS|jH{~NdRKXaw)VAQ`upVsXn?5x;?^vbWs8crRU+cRsETYGVC1-M>*pOC7GJmb#YkVkc?b&d zp@M=6^#KXphSjR(2%B!JJLsUzX@*;KhNUYJN$nc}4OYDR+b0EH=By1lH_}6Zc7=sD zmnuFMiBdP-haZ0rA=#c$a#>7hTj@ip=@#fE*0>fJ8$}zSfm?uY{)$1kwRx&6457fh zEzMLGUIn)W9{%OO=E-_MA$Zw>vJY9s~JoZ|rR(NX%e(%Pj z>R#!??JvP-cC_( zY>z|Q9Xjrpwsze`kkk(aP~SRI$(_1 zBM=Hy&EJ|Hb!Rt1I2;@zr zIA|CG4F1np@8i~&0HQ9v&+&_a?`zViyj!K(&vzrwj^CA^daA$!;evx3ztZES#rMY> z!R|3=vqc_bht2wan#SjC&okrp(}WFX&+|<0<>oy#-;d;$-~M!K(kZMTmyPmB@AcCrY{-NS~C#Z2BhSL55lda9Z0{Jn$T8@vIx*Jb}Ngc&~p z*ZWZgKHsaJ-n5>dlJni}-$(HD``g*E$<^-X)-rYP+hwixd7MA}%cJ@~`{#u`Jx~25 zy|RukK5t{Qtu1<2yq*ffd9(cQFB7d3O%h*e96mo+5mt|TInNfcY6#r=?YC>c9CQE; zj`#S*KTpmlRTg|MSvl?6eu9a}wq9B{o27sek{m9aB>Nkw_awbW;7fS{3D$7iiD3lp+WXBahMCR_SU zUd>VI)=y*VDdENaXE76DsN7saKe&j|{|ufmt*!EEpj{_y*Y|mu4{^(7ukvsP+M0=$ zn?Rw@;e+p%c7v^WB5TJe+(W<_)HUn^V%Ycupi ziC|>ru|(T~J4v#1sN1N>b0b-RkJ4r z!Rq72HndN}ig$!!UU#rK%e-bW1`%nqzfpya%DW{-!BY{j=wVU4?2#t{JR$V3EtA*$ z{ZF5NwT*)(wpP)3eMC*d9aYo)5wIbVLGS6B2164@?gP(#*p0w9c#r)lUt3rH-oRL) z#EL5cmMun}?O_;dCFFLj2eEHhuPU5jo~Z}SOV;bZ}8k+OWh#v zpP}v7&GB5W9Wk1SIMpO>6e4<2a#|@|D{?+E$(4Bhh6uO>ov}Zrxa~2~@lFjvvhh+Z zVt_;vuQC05CuhnxuyqB51gm@Od#!seXGSjB9?95vKk^^(*u=vl;CrSwZZ0tb;I z1YBRp62neEu>V~r4YR)Osr<)zE&a>fCive*MMonO8zT#||I$jMH9y=?S9AU|E3O7H zV0)QPWd$HB>}zV0)B`6)5mE&MA&}gFNu`do2&SU(xgQB-3!)^(r?yDBQObarJ><)E z6j(`h+HIJ1+9mP(juF-g935qU=Qf@`Ue8Nlu~8= zu&{NU_T_GTeMK%j!-^^C>*zX-u%@VTCGq8E04n<lsf;BsZ+9GsNwVC{GtzYI$Jx?m6K@dKGUx6#GuX8XEnaLe zB~pR&G;ecvvIynt6~m|*-u>ex4JF3&<11K}B`hJrmFXG3E2k(^CNN!Qs1KGZ?bOPE z>Q;n%w5wWHs!F8k$rN$?DYK>74QSMZ(vK+R%d9i*0vA(UCe(zQ0W4}YoapgmsyQnW zvIQH8b=s3lcz@I@c zyV?|K@N3gl=1e!JS2mo}m$J!Kh;$s4VZGP1vnrG2A!ujFqSd)_CXQ*fD|D;gefz7J zwWwk&U@B}Wc#gwE{0$Ki|H{{E*SgEdQ)IbTE_0M=f=sSVasC7UiF5L)L-J;ls{%5i z;;jF`o{X22-Y2QZH>W0EhiYoqs{&HDoN1fKR`*1kHSKb!(49jN{KTk^?3#GiRhKhD z$tBk-7*KRwa#NbUoeGQ7SW{@g0w*!ORL+w5^#3S8Qov+rPg6tSGSvE;dv)vnrqLQ2 zG$wYo<`}_To#Yx49Sm>vkR%zQm2X$oJF86pfeAXC2nS_iEDC$P=!5l}Z@TY_#l1uEG?Jlua(ik-Pcp^&M;5U7s7_Sx>p)f=i%PpE!ZR@>JPa zZ4ofi?Zbc6kPH6)xI^q_yxX?;62r6UslIJo77tGt^K1`VtHuZ0wTM9ssD9m!~tf8PHJhPE+ z*3eRVnhL$uxvg<|b0gu^;hD)|w1PK@Q9T3Ap*z79x$yMskx}ICyT<4fyhwvxx2VJ= zr$8H2&lL0g;$+1V(20Xj5{Z4z@(~!?AHg9Ccc2X{g1tb8db34lk5&uuOI!*TdpUd@ z6-Kb!42#Br2sf3O2{_PBaSxJS1m9&;n>(*{2{2bz+T^wk=xey&IQ|vxir#n9hkFwH zYw9e%VvXnOSBJ;PDWk1#cTK9t07*`0#SE5`%~;bIPw{34jRr#?yyhA&GW*-;5Itm} zQtqDf%>*;ObC9>|Td397Y`j(c@nrU z(WSNI|FS$s#8N_aH-HOPOVl>djbv=MPddz6OSICY)4)a-V2>3*8da!}THnI+w}D|w zG0gmqpnxji;rq#W@g9WyO;PN#c+C}PG|!;ihIqtvH_+>99vkgJGHMb-8AoMP24Mbn zuPdi91UTZNr7*zKz$k1z+RAr=t~^2M$Un;Gz77D+m94kI=A19L;1{bM&sp~DI8-~F z>y6p~T)Hhnui2D6V6Tz>Pa&`DJzY~PL}zU~Cie)NMcph&U)%%g32>_#(l?80EFCBY zq#WhMK|wXb09h;B=CB5CLq*bB_y%?wJs(+>^Gx*+dQi8?5*s4P-BRiut z*V~bv3S^8E;-s+s{Mb5~t1oe1Q5<$}+o85{D6f~{VTZD&FAXA$P@M3tCk8#lf)An} z2&-;*&6`JpQVW>KqcYq(0+bXYArYnv3aceK%}X4^tTD5e;Yn7PvhkL_vM<{r{yvUM zK+&8q>XZNPfT`;2E_PdyYcoo~lf?9}LBANE&h74shqICe;q~kil9Z zHWKeicCDmGJzi~=P{)Lb~A^^nzS(csBrR_kE(n;iO##m~O zLn!_IT>(fdW}xHa+`a7#AlmXxllc&`q7HYiMR(%cUkw0O)I~P(3hz-qxD4?81EB-G zMx1sHw81YMwh8xJq(m|%N3$K0w&uRA>@LN%}^Ezmy4UQfggNk28+LlP+Sae+wNkqcHAk^bvILcIhONsb&$)c_4Mu5F<%GFQgcF}?t$)*1v%7h=Mv{*|RFF~@}(E9+Uxj6s+@N$CpFa7#$ zL}!k%^?734?ks$!O##A&`M)7HJWA8ZoPi7FBkLl*`@68~tNP|9`iIX|HXv_gmHc-( zfM3OWzxuAlq&R~UiIfvxQ|v`6JEt%$2xG*N4_?H9+|(ujhAp*=$L11}+Q$S?F_F+> zI49cshc^!Dr+duvZYP_r|N6STvi1>#1d+{6=ERTQd>HtEe({G>ad}7J6FbzCopU^f z&ApX~BL?&dS(=j0Adtc&Isiifb>aXOg5g_(aDq_0bfQrbd?9!7197P%SM!}MeAGQt zc@By!^qti85mMM?`xGyP>3L#p#u0xJuFnueflpek2@E9}@#CE`Q@I5vWnYd;xf9cQ z5Dsr5-|G8Cl#Fj;LG{T>W&@plh36uQszFnFc&Ep$eTI*_thoz{H1X~C?}H)@5);_q@r$u8 zVTVjTgNOg_nt>U|?&lkTS%2o=^ zBUV_|swWmxl2+3tZQR>jz!gxeESMB>QmWcyxiN57}GPel~y<(n^zU0VORQ22_0l(xA zIJhs)i=dczW1B&AdPd8zdsT2+lB1_^HfSBTI>J60Uu2*MX$PU@{nwQk9-B0R-Kq7$ z`gO^LYv;h>^0G!Om#&0XxZn$G;eUFpX902QZ=v>Ho%VJxgOsRC^c2ktIow6|yqX); zSaxL|C4lH$=$_|lg-xPXFxyVylNq72&bp>XNlTXp2{UCavNUvwR6B|pK=q4-MD-)|^hsIIqiN|0{wkn|p= z93mh)6m4)Fk6?iaL7pKPx=IEFX=yPZGryFAE1>~~(6uYtQ>3_cK_xdE{^ zKLP;W!*h3dUcXmF5B(^h@`zK!07mz3s4%!&-k|c={JbyCEuk^;XJUi_!ik`|^CyiT zDiRN*o3UGBgfqhO$5E$e(geMqlLZT*GcB-riLXmaA~rbT)v(=>v)p-$nTuJqr_;vw zbyLTa!m%gYaE;@7D2w1VWc$-LtwW1~Rk)4^3S?bQi*W4^JkGd@O*PFP0mj_~$ny6C zn`mEzC=2A&?(Yy~pd8S-Iww6}n~D(U@3K@!UDDHp50VFcD9vA_mnK`nC-MZw8UZAn z^nPT3Wet>C7K4`=H-U)8JQyo)tfgH@rSEID#t+;Ls@~!5P(iAbL&898?u`?@i65M`uVBT zGb`~DqhkW-?gQuJr`KGhv`jt^3HR)WTifm!&laPSrEkfCfxTH?=uph+|_ z`BWLfRIMR(#(W-#xV$gCHHp3N;-}h0*C)*rA%hS2r-4w@_L2F*hv!h3Nj6*&j~Cyi zfZjWep+5MOLof76udXLB6DE>WZ|4+0>4Bk4^gi(O`Yi$+o^6pS?FV0k*czcR_r&RT~(Xy@7TudXvr%Lvh7S#8t zM?< z92}ORPY*nkP63BGv&Mdp1RihwAi0jHr)@bF#1C%?=4X!a-)>2A&mXrh#(0*A zSNQ^%ExogOgd>`#hmkKm6!?UeiKj+>43C~$VNyoL|9Rb39uF4kx9*t7R#@H$700-N z!~Ntq1(yQHxJ&tXTomS7nb4_OJ-?^)P>M5w3GxUu;m^mn?q_%GUHZZBI;mXK3$;uA zAoI0yS2~*S_W8rshG`Z&7XEiO`&;E7sq574r^5KtUUbG(#@C+D97b5H?#JG|{kO{5 zzpebaC$+uze*ZQ}KR-FiZi=c}7-0smY`R8hijiW0D55uQ3vA&LL{f>OkYE8BE$9Am z^0%36`D8*^f%%}^LH@ug_*x4=!mR*EiY$M;aC2Fgz8lqgDr;vd z9%jC_y{^4Z4Y4S~j5Jw|p@r3J3>)y**@EE;bDPjue3692k|kY`olQT1TJlw7H)gr( zO~0uZd}rc_UuXr#7#HFwT>XTpBwtcT^zIxTj!+~IJODx&FRg{>v9!(8I^Yd3Kk;fV z7XdP%zL7J7scUmF4XTTYIcvH6?bF2Y^|LTV^i{jR*C}%BZa=me_${Ag`_vb!vU1SH zZD*HpUHp1C$u?SuNyWjpuhZ%bo`?g(bhN{c~zi!qh#;rr&ad6=FsCZu`JMG3h|yd zEx%UPYjlz}#g4Gu{(CC+>dTHRp%ml;7=FZPdZ^ES_x))5&tIJ>p2q9cFi5YQSBhGV zm81Fc(1o3bq30{^R(SBkQCwgAg;9KMyzDH6Vx8*4uSc0 zOMKf74!Ne!Tby2)hqyM551LOGEu*}r%A}i-M;7Ik2~D>&?)jHFmCii<*5ArWB}>dG z#^5<2kXAqEhqnk16)Yl{Cgo1oTLud&y8-8u-Al9l{K&pdSMyoxfzN*FN?L7@|2PNBb?*=)wF)eeP$-TRYRc#yI~|SfDApv@@wj%`ZxwJ3Y&Y{ zLzOaE`z4D(x9pknU(tE3!O&=(J9_r{0WTGvSNrQw^7VsMg))%i(aC*OK5V*$hF!n~ zg>JK(BWcZ5HBA@y%l(?05;*Jh-8r2e=EwWha6|-(?m?GJQOgt)r>JHzYx2dF*R8e* zkfV%AI}W&P(fP>?^GIVivscyi@&?yqt?kElm6`P4v!@NyB`p%Vt!>XF?JQ-V&$`w* zp4Lyw>!0iKs>I>SWympanIVeLWWRHA&x>Y%cfSq0Hm7A<*UhUXxbU+t;{7k^o%D}! z+sYO(+Nta)`I$!zw(5k%S$1az;;(7&^5$k^LTNtA!Th?Lv!DYpFOqX)X~s3WV#aaaI|1S&-{};QC*l!}Gl)%L?v6H~gfUSm-!ons+)8LO|Arcj z?m8jJzLbMfC*?#DjJ3;gMTd*9@(R0^1Ld*_kPrpm=UqO=aLQmwtqc;xXApuQ@SnaA zzE}Gj!1tuiFGXA9zGZ`$&Nc`xC2*aBXwK|}R^vX>38N&ubwG$$ED2!7x|k9E8tYg> zxHw)pX589a!0Lt;F43&@1VxVtM+83dK_N(W@xq63WOA1_l!b z41|%gZ@vjz$cIxAf=t?jh2jf?Bp?xX;d7Z0pm)J#tR(+49TRheV4y|%9r4qMnu=yb zojxcin6pDg6j?Z0OAC=3h6$x92!crwLkzv)1RzR=spHhCr%M|&)S+sl932S2(9#++ z4dz1x45j&oKGfPYeh~tOiV8yn;{>3Q5V|u5AP*8t^I?n1gG`$(#1UtNFr)P|GxWVz z>c5#lwZ;v_>i>AaHP9)h_2{1qif~&${4DU7=-OlENu$MLP9kDEKy*J|Uj+s@7}Mh1 z3+weVx98SwIBG=J#cy^am&7QZ8k|A3D_gqFu9xe$hIX$#s}!IPd1}l=Z>z^D!B6lX zKHY~pmn0A&{)I2cwT!A4BDPSaRKSj}hsmbY2b35B(+P!|(P^);>JhVAc-dN5`fMcQ z`PmkhK_zcNDV$M$B)v$~TRo~<+u6QRwVg_yzTW9+`Fj*U{Js9xUtSD;d3QbwAhb4D zo-Mb=_LLo~SP^gw$t+|~0G`E+@o{0%k7f!ff?5fb&JTSGppy%}3`|rDnd(2)i=^(4 z+Y6=+Y_5qL2AdLW`?g!k8kFm=S($CM#4uHfDB@T+Y3o#1Du}eM*`nF3<4iKCR zq3o|G0R4(?4&Idu5924c%i#{F>(AE<;SL_s2Tl)1+6R&vz^D&48Nh+>k5MQHS_+bs z2c-?Tl!wL~;%p8ivuE0h`d1Ka6MQWWxQ!m<-heqO7~FtcIw(}1bJ98ly+b?7_9*mhEwzX0|>p3w>J7uqPdIIbNt~b6#%Z zwz|+?VqpfZS-VJoW-(Nnz^6K&&ScL?U2SH2bMM2UbBon&3u!1Nx|E4byo#A(0ES5Bd_AJr0`X4lBOya*>z^#enpogGXZ(Y zRzZloD$B~!3(UaU}h zT2x#`+sy$C1`sVeRUUz$3+^LP`osZQheS9kQGFO$J?Z3V#*4Q{#K4)JpGG~zfoLGf z$SgrFI}el1U;P=S7w^ar;h{NPjgx2`0U5m~PEAe~PaSQb7r&3;jez)$<(iZ$Xb}Zq z0@A@uenKHU|p~WgBdEjQ?|Vr|>YuutK=K*gK#%7Y6Zh+kwyn`-cRrtdIiI zSR1%e3qm*AJ~RIQ#lXMJLUAIF{v2XR4q=SfQ6TyqAm2Gf*@UkLVw8&?Ud)IA=2a+S zR2;r=WJdNxl7E$++~nwM#-?t^A(093!>dWy4yX;E&h|&UNoZgtnl_;%f5&Amt!&te|2tDZXI`@>y7IN=((%9I3nJiN;bh?1o@n?= zbo8L)TLGTjgK|%7U@YJ0#L3lut^&$!oV(g;czS7Y$!DyrET3&GGP~05rffXC+g987 zqUe&fL!UWmfzwuf`|lw2S5(J} z>TzQCpiHf9xOJj`umoizqQL|A4VVTym~3RzXxEffMK*0+ar>(;4&M{S7zuow5@ZpO zd8-7ytbu*>VIsX>44R?S?ckk$7ycCR>3O{Tb%zIbHn%U(vfT44TIR-=a$R1{xoBwddr(tIF+kHyu^*~r zV|G`Cf}N-=ZJz4YZi*0xt#4PQU1ToMteq-WQRrf@fr2d|n`%#QP7le`w0H(9>?$E} zDxgTrNY|ACHerFqsd8R#rewqT)5-)kReCygE`w`z6E?)eKD$1LqWR*BlgsJ-LBs-zJM6D?T%GDo@6ewt_AtX_MwuG>7sOdDT@$kwSmZNsk%GMI9?8S+^_e>=|_% zUrXo9OT(MUQk^P>q9Eu|@PRB?$2-==SO1YT-BYH_l1W)$0UkrKE|WlS7~8aWX;+^_ zzt~bGa~zv<4o{>6J~DKy)y^18@{k6bsGZcB-f*4X^&tz1e3Jy+Hi}s&8aN=hL!)YQ zG-bY`F{T*^x!GQ8b>P5T zOd2Frd{v18e&{^jBoUI4K5mR8(hRE~dCu0x%|PO>-w2&jCUW-VB+B4sEtR*D=;Lh) zl|cl7|E=+y0cortvGzeH9h7gGd`X;@K?iZksHyBIyNXsT1GkF>ggv%ci%36o_h0sq zIrUXO#Fxi2pk*;m5hjv4+8g>hU}UcTQB78F@Ifs6<)DkqxQE>b;!VH~wAChqnp^LX zip@@L6{0hy#&{_LPt*!@Z_`oARtWL9n%&gW~PxsfU?e4jseJP{^;omqFzA4)HAD`qOnKXYuKJeR_NZ^4K0sR5c0 zK$bOXjMF1{9xBCr7e1BC)L1wSvuetJ$aGkPm#G#S%bS;9$Qn5d@z%=i1fN(gNE;o$ zwcI-_x1J@v1t)A`zgGmMazu7B<(7`VIakF$H_0OxjmAZIQ_MHnOCQab5Lv~NpwS@p z1N4$+mdh#e2jb5l(^b|}DK(6f+2-y3tqH4;ymg9T`7JuXNnW}o%93DQwIXP{5tObx zr}@P4>5IZDMY@45#bGK^GlHj&Ovaf~5=2f8O$Zeu)sAwj-{ZTb8XX@TC1U#3plSH| zEE7U|m`f1p#>coB{T(EXNxu zu1&K9ZEL;{EB|6PE{?ZnBnoVjhJeXDRkD++oYEAhxzXJvKSrzvb#K!@RE@;PvvCR2 zB{Oyxl(oe`S?Oc3+ON<7o4H7f0fyal7?lYHFA^X1iu<+GJg~DE!LJR>%H9y=N@cH? zI})STl_cbN<gljL<^PK!i| zMM55owV+Z=TRWa@X@ljjJrrw=|QMtIX5SE(SmUOoj?E2*ZUq_YKBi zXqD)oZ(x8uQEphp=O?4z3P6fGw<4alC2m8`dG8 z{em=VpE6AnL|pw%u+>>dQaLO}Xjc)P87_eaOxXf0YGpF>76?1~W`RrE4Xq;;u?3n! zIg|X9)H~idnS=y%J^z@&FX39C=Z``UAfGPxmIYcx_U&gfU1$C!H15cXbI~e9k8sWH zU>R`187FXXr-JE%Mn5vkPP7UAo_q$>!UOhg1@6lW@2? zDCI!+Jk6VS$+YTYyYNl%ht7?=8@mL{dOh&kAEQHT)fs{n7pvtg&IXyaFSje&KI0uH z1I{r+o}7T%hU@ql@QgK3>@yeGe+^v!nE=CupY#RelAi7S7NtNiM&V`OIatA4d;oC} z^;c2eA!vh+H)2RmrB?Mh-vH-=^MxUWaZOy<*PVy>)D4SgNLI9TS)xVX0h>w;bY0p! zijFHYH;h!WVvN&3A0{)IP$x_Kuy zE!>Fu@OBbi!-2w5)1U_z7a8T4b-Dz#WOS%v7Z8 zE?IX`d%S@1KzmwjqXOh<2hW$ajIb``OW?n6&I=Eze3rF{wtwL;Za0Aw9vD;=EvF#h zBK1cXVL;gQ-{AsH_|#RMYk@K;xIXd&q78_s#tUab{@svQ2R=vd+2X6+hf1nqUh)oA zI_kgNMPsB$?il#N;h)Rk$4UIFQ4dV1J!2RqY$do7vcJEME;g=>2oq5yHNhAl(n&)~ z@RpU9-S39biw_$s!|2%2ZIiidY?c{0RQl~FjWs-BGy^}uhmY}|;so)`$XLZZQgW!? z0v1pwHG5SY(2m=&t4-k6hu;l>BB3DnpdapL&bDU)>VP{`)xHX8x8J;9iB0Vv@Q~)LGz(fsw7k<7uTC+2Z z)lUn_FZLHosexrez+*z(8TeD`p!F1ntr9J8i581>$#9tmm3$_|=wTf}5sItS9sI#1 zy;q@6J^V-P>rN{MIh<%SAUyv-%^YP*iJ#ZDmaNrDPTC;zfSxxzT%S8e(u;C9`zVQB zH?+T@0H9gFDZ54Of=RtfZsO2FL2y%~Bq$~~DBH2)brK|K!+)2@s`ezv*NBnBZhhsr z;JN9ojiMOWLHeUvB&M$s`IHy_t7esLFvWq(3$bMo-S}QGN@rGgCDHUbVqa)YyOs}( z{J0sSoVu?@JaY*>ga_%;gJD=V-LGZzu*jhm()|adQ>0ffhQSJGn;O{)XB*tz@prXb zqYo3Sc9#an8k;LiH@xaL$lwY&vPyzu)b3rN0;H1;#Re{4u13u`%11AwD}EIl^vp}L z_L0cy;iual&`zFkgK?=+eZfecO9ic?W_Z~&#=<~<#c4$4SaQq~sB;Wcqt(Js4;4_s z@H`CCM>A>X(tJ>X;W?mR5^QDH*VIBPYyJUz_Xzw>ljbE+fPLyYtW^RgqAP~u~J=<5?YD0>blTgAbd z$ox;EB{O~@7BgKs^}FyRMY`OhS?*HA4PmQS@u`zn*X~}bA2c6ym83qF_NSBfy$9_Z z5W&f3G%Yq-qz?kk;l3W}?LqtS(S*)Ds^GM@EwbY_oA$jb`i~`gvCim9{*d+;9J)`I z)XLwvlly4eNl}8GDARU&g1M7SE$!DT+Ba7paDr zR60(U=GSI(po0#eg-Rw{{HQsPk4uJp!M=0czSCh(BOP#>XKPc!VA)U zLyuRA1l=3p>POq|31OvtSDUNP_XV{Pex#F)oN?IOP%zQzmU4=hk(|OKxB{rg`(AuxUebGm5Ix~h^%BPW z)9sYed)tJB{sn6o^}|u2iO3dSJCNRy* zR`|Z!Mq|scv2ktQtM6MTe4t!uep8!Qfs$D62r2MwPLMQ%mK18}Q@>q#U!Nl>p7}da zh?OaBmk*sp@=el#-X_*Wv@mA*;BC&?sxE$_D6*>Le(0a-hgk9HD-nbIn6Xk-u5?qt z0AfpWMBo7ocF&){*EH))lcyEKI$-UCUv!Je4e zj@M5^^Ht4uHTBzDsFv^S{bl$M=Efo4(&Ozyo-gry7rY+q*Xw2xo6id!`UpHV{q*MR z419x8i|zMf>DzMY``r-P_eBezcj4W~itDw86T8nT8QrJ;mEPv-Q<_ZAIzzJNl9SDL ztWWm)RA{hgibwbB?(q-r$5_0ckHSMA|1n?fE+a>!r^lz)v9B+F_*dsQbh#p5RS6dC ztcEjdme|Pxs5600VPvVSkTZpjfSO{U>#S{iH0db-k8GrKRCd1H{KF&1J9ihqULoB= z$|=b^R+nJST+3<4BhS0%Bm5cs8QvV;TuMA$v%YxXck#o?oc{bcU z%2kO(dyH*9_L*sWChdo2TH-hSe;vj&IJ*a({bv3BPyhf3|HlA_)qm^2g}28(O4@m9 zsdqK0>6#yR#o?MBj>n~vy>ubwQoUr)F`;UHSV?JxEke=o{g28YBr1weSZ2|hUD3O7_-*i43Jk?omDPwjD#+2HkIz6v8N@Vf8zcV31#Bks_J35ve zmA~?%D=4T@9VpS6Gh>_tg(W_F<=}!p0Sh}fn54t(C3}TH& zx_C-Ihz{Lb4OMT&cxFyLv;~1vWuZMFiqx@RCrsa8xD;imsLYaw^(VgXmfV^^MW5VX zT-iiuuCaS5zY?+^$RH3mVmQ&=UfRHwIR7qQo*t+UegK5OpGeZ3ISJEfzteUWS4q-Ljo649hKN5K|LH4`P15mSB zTX}VLpVFBKx^Ya(iKB&i*~j735yJ-@DX2z$cX3GKgS??mw8*jKLUXN1h)(;dJ8~Yb zM<;Q;AP3>C{N0aJSWO!A$-kh52wk@!Vsws`S#_Q8FhPY(h;n`tz6SgY0b$MAAa1QD zVX5GHW0P9*k-DRD(_asG5`G!U8Y1!8e==~Urq%CK~9QzVLTB)ha+ zTUH((fjq5Z(mxDO@=?m9UF3!x=1oRm7OT`_^wjJ@jGur;hzQN$tKp<3k{4_f>T$s% z3TcIe*n>n?igfvPtf^)VVMtqg;*gs2)Q>ad=Cg{FFi;3lr$X@qp~fxn1|U)&G)4IX zRdjfZ@wMD#GQY9V@NDvUkf_Ub6!qS)v^A+HeXjcTCSX&8I4=_KC}JQ}MTFY0$A3Tz zAc1i*2xk;F$YxcRQr)G`K# zX?vjYfnkS>$JfjX;F;tGg4$VrUWk3wQ(IPoiS!2G*PzSgW_=#erZ(%D8tj#IK*X1R zN^+?%kVe6t62kzr$GsnGiuj?Ip{V*vGeqw62lzsNco3E?lVjo$;Sr7iabPqtqnrNi zQAYqKj*52%fp22C7?@%Mx`jFn`Y(*0*STteS0Y-a=f-zJyK+1b#M7{}f{&Wb7RD{A zb5-h5;uPuY)v`$}GHDI0BF+(Gr<>7J%sVwh{xb!=(yj?Lt-{g*@>-T;wi@7J48RO4 zMhQuVVz$cJ69I7z0?whp?MYoZa&v3@8jb#h16he1`~$!zT4>$DENxl^J4%H;pGg$95{>?F+ zW`rkDV^c6k2;t=pb>AnBv5brY3L{xOh(bdoAFkXl`>sGc2RURWLOUmkOI!dNsSn6> zyjS_y5Ur0_3~@?zD#ZyIA1w_O&0M##PNjEAQanJJSYlTGFAq(K2GwF%N)4c?r5~o~ zjsmQK31qFJOoLQC?3koqQ(tBS3}?8Ty6V3%%Tfg6gx-#U5eSVb$kitVG1yhTnOW!;Zxh(nKP%yjlP~? z&b|(vUXAL^pb}s(aF$-cMIs^2UW$02nPII7{XbYE*GDM@u7hle2H`a+ZzjwgF!!%KH$pxJh8#N zUj|gGuY-oCf;ET@jR|mAEr`qyoswpa5SH%z#=tMK#~=7P%#MWBS5L?_hA07_Ba z0yI(p0b_MY-|*F1lBvq|U32vsf1RXS`%TrfELax|(}KsW^v7wFj}@{+b=Kf}pRk)N^XwS98L~v$tH1loNSwSIw2GiEs_H5BOA#cq~9L59bAF{-S(v{m$Lt?b!+CvLS25w9r52*AD5%F%I5qK@?_nu5TV! zzW}?#_{$_NHQl;WEA%{{e9*Fh@$ye>0%vjYTS8d{pJ`{@*X*UWWZ_uWj2 z&+N18Yw*4A$JOI9Ur3Da?PuQ#U)#+T@)!63UT61DP+>v60V zoX!U8R~Mz((soXA_oHZ`*XQ~j*SB(=+rk~5*GKePM~n6;)`8rK4xf>?Z8Bua$9L_` zKy(XT5BtM}OU~uCZI}H0c5!6U7aJZ-X_tG386C5a?@#z1h@N%FhkR(4lxz)MmXA#mtyPz`FZB(v zif%^tJiw6*cpioU-S(-Tt*)cP zpUbDB(24u&RZQ&;gEeH95x6W0?j5zSX*ZmL1>dvx<7YnQW^Pqu>_4x|kMd77HwN%s zA3nr2`*C{vH$9%m>2EojOHfz$%W^+n`y*nK*G*ntPoqgUx?PT+a&}*)wN;;&;m>N@ zv>tERYQB1GobkR-{`)&!?L5XkuE!fjWK{Rr?a#qC-cJQI1wUJkNB6TOJ+XMwJimyW zvkcpw?*=x?n(m$|_Y1f7=N^6@*X|39CI&>(C%2Nh0_-Tx2kaYx(b5avf@aRBzlG83 zBVZwqLz+TlUyWFU){oj13QmO~YFM0STP7h>^V80n!8><642A~8bb|kUSw}%}(MyZh zM}c>AFxcO#rjJ=}a=NT6!2#_FOo&^V(nm`Qiit584HQVc6T~w zz|U~G#0Q>-eho(tD;Seps4S>5gJKj9EiKx8j2vM5%NcO!uUxr*8wZD zgX&1SeM|g`GC@ho5q@XlK}gZ)9_|9MVnA!Bk8P*qM>aSTQ54aZA)R<^*OH|L(Zdc_ zpCE#1=G5~Lq(ssBL|mJxiUSX5%b(t8`FHlz$Zd#X4?8Bmh{#tivqa4=-!;EdY`zaM z)xi8=h@Y*zJ@U`V>$6bm);(d)w&GKfwpr%a+ezjv=MC@6_|MOTyz~-Q=c~2jBj0%e z_}_Bd?{!=)({0|tE3db)mW;nYCbUZ4@1yNzSbsL}#*9N<)V@}3+`eOqx<8)+r}eHp z9`DTbbmqT?Bxhd7Vq*qLXR_YiDvPJb9|!=Rk?n^yU4Drb4)JIIqdM!avj% z-)N<@Wl)>qU?*GYWpTXP#HtS5=(RZ%)J~1GhhiIqbt2M^>PYy&V(a4>m2rx-hj;pD zqqs(RA%0-eg|oMIF|)A!f4aRoygiB<=1$kv z;WO@9t(zw?fxmGASAWi-W5ywn1pe*)2@*aE(9k;C)sbTdWQz86wWk~4x&o&8$f~4N z*|J7aK$4+Zu~ufz0n3HS5o=XyBW^8_}2pGYuA?BSiq1&dK%lu)l2uy ze_Y--U6-)78*}6Ik&E5tH!@vsu`Y}-IVKpU9pS6GQ&&a zRpXu~fymV<)51;?(wOP7R%SEHuq81T7MM!omYs9OSJ0%*8i8)bpe~nROqoP^)i|r< zV$X&J4KGuxA$64E?1>X4L2k_9TSC@_0(eCsq_FU87okL}@`4Y7odbkXr3&|hGj)Ny zliU2ou-zMjdA($VIarikuC(Du0r5yFkwRow{h)}EADEXyZD*_YSkGJSyLX`9j44MF zNbf_;JEqdw%Jghb2cA&|MJF|dZ1vf7#gBeU(x525S9G&7D&V(vYf~H4-LnMv8Yu=K z==$4;7@l_^F@)&L)yERGyTQU$#!(@ie3TrdV2<4{Pj2DXl(%x9Cg}Z5Yy8v}841>Sk9`DGP+SMOFYkHC>IxQbUo-RGqO=ql z$dK`Z-!tpH>W@KFZu0xD=|-TE15+bYQ>fYa;Ko-`{YGzVOdjgBhCnFyXCdRYaQix? zA9MEv4qT`T=!4q;V(hoWC|)-$(dZrGGUV&{_&?u9D=E_gq#c9AA>#Dp8<0F#QPA4F z{`B_X|8(xnf!%%aS1NUoG82c2yGAfNIxYk3Bq8RQbr9et zo~lTR55oTknD!dTiZ2%>UhXVdt*i~qj&%Fpg?Qsfu_)-Hqt<#&l{r5mfddBy;m2kU zX|Wr%I?FO~KL)q%v=8j5N&e)lR; z95LRUm>)|-eXPPT_-WcBurR0sU`Wi;TrC$e7Yh<)#se@vO?gx4jNGF^3)R>Vo>d46 zKLnsR)-7NWs5=r;L%XP7BtD&vsv*Emu>l*t+(8>FDL*qZ5{!cu3viS`C3}eSxf0-p z9)K<$h4dVpF{JkL$w&_QR7I+W5oBrTL%BETFfd3djIEZTA1YEh54F`sRUnf2}D{+X8j7+;z}$r_J>Opu4<%P;$3BUa1hVEY`?a(9PLgI9UQZ z&KsaPilP#%aHzNzOuM|UB>I5?L5)N|uC-h`4|(4rMcu$5MSY;^U@(1Lfm)Tyu!&N& zL6Aj2bqEVnvr-u;rCum@3%~rhx%yT)eJ+)s`-Af`xeF7I5 z)jXUPsX#6Oz%qk>?~Jfxc>z|U8uY+LW2}6Me3WOmwNaw-z!f3iBjrlPtOwviW9`_B zXAft=0u*f%Mq?=hCTMA@RuK5vfwVyd$x?$r--=)rUt>63K8RCQ9c&7O>B6A6PDy)O zfU*l`tO(Lk;TR5W-7%g}#A905-a}Y>xX%fcnF(J%7**9ZqJsTm^>zav8v?>1z_nhk z6G;We|EN4{RX8)_QbN2m#TrVyGaEI%4-w%bPeCxtFqJCsxIs2jciIlO5U3f`a?dr6 zMrN8R24JAtCQV7d$9veuuM5Qy>`zP>B@U)G#U;P0d`-B1Ag%z_rD~WyfV#y6%EpO? zMQ04El^j>!29Y6^1kAHO4ZbizVGON9^d>AYEk4ZR;~3JT7hf`PA#4)%d#%4cwya&xO(_FEyws6bCo7n zl`MN6K`8+_zgkKwTC&yzg^7KmgRwv@Hb6%&LtREA6|bS$B5X%{tQmX#ESy%;GuCvu z^{tD27Qm}%sb*|xX}QS1oJ+A8`aJAwYNfDvDwt~?gE+N6Ew+h%Djg~Kg-^$rw>v;l zHsrt+uG{Sifm4LX+-wr%mO^il@k$AK86=78FH(pE!) zV%<0ZAF42KRd@flTOhPu(~G}dq=i0Ce6QBPIsVwi%+d$;ts*iownV$E?pYhp94#~} z9S*lM<5M0+WN#-X3(jcSmlg&4*UY1$5U$qs?cz3^}w_K`!+;`i37F=#F^>l8&WzgUiHmLL*IL2P4 z|E<@1Swz47QaSlJt>}Q`xgTFEpI#gE=H)tY{26BRRFA=hN0{i%Mw9 zP5brU?9ZRh2`&j3G-9%OOrh8-mPdz)IP!^MreSBC?v^n%+sv#?Vt+fy*a7F|{^PJD zPq1#8y$tsVhZ>7B^YF$-&2{NyFY=QxjqqV=Su?{nYcIL>S0#Wq9sGn@Cl13&ODv)U zJs!oey40ruFhq;{5+OvCp64yJ{_tK@|X?TFh648{G+DYl+>20vJcVB$0|7|ooS zOh_U@*|8yU(qxLDHncG@u|bB2+LmUIzWV%&dsaU7R&&vdhrO%9NTu8!2%HHvJD!ho z4?IU^OZD+{bhw^jHeC*}rr7y%F@AZP&|aySy|fxvshP zJE|0D*qR(H?ycY5?fK;?yfEXkqj*W_yW+n7y)6O9vj8V-^ zGN;iDWyO#BtAK~aKX6Lgh-xE5bjtb&=?or`r;x~>U=9_XXOSqN;Y>DO0JI)?Et(^m zBLF@t;7pe;k|Pv43w$czjKTBkEeM?>I>q3O=??iLMmC3R4t6DgH9yC`9+Pj5P*#d6 zA`f0Jrh-?;{{Of8awYyV5r75&2ton?_%#my_hLzVM^`-qYYT(_Jb}R4V=p0gFJx7D z)=zVs9lo;Nt<@*6$6P5<{|w1Gx>8dCVrAsWTS}UYadJhFWU))c2ys>sK(aUkghB>G zLyk!!o9cs&NaNG|kec*^Xs-zQ>aRU?+ zkMC9v$3NyGB|qd#(&Ipg>m7kB|={fjJ}A3C%_#qo^tR6OiD-8>I*NAZQUoX26Q&e1W*77 zoh8DEiT66hFV`YrNREJ?_31OGb78<1Col&3D+`Bf^+QE~iX8&XlBGqNE+i>qA@!c` zq*WfDG7Sjj94MB0yl+B~u3$(jigQQzSWB=wNbU?`C5;@WW==9OVuuZeCX%o#X*j8E zk$iy3;eu$9E#J9BZqORakGMNp=#bj>76hvBAsL`tbc1^8KN_1?3ugs;oZnyAbE3=q z-g{_dQ;d-?e!qOk_i+45t-KPB{#P8}H5f%fM=Uc3RmZ|OI(wv}cxqb0<}IX*gk*8~q#Btok%ftT_>#6YgKkobu$nnZ$ixvTpCF*^_=f!P zrIa>)$E$+)D@e?JXhz$%lGxz2iP*bdiNW`CC`V2Ti32QsPZkNP)ibbt44)IQ0t~#&TAbmvI@qnF& zcGU;|MHNKTl$YfA27FNt{fq`;~}|k@Aanw zL=W|8&#(g2M)Nar%lp|YLto@yvU>#J*4TtLrPi2fQ1EGbtr(wEhjf!QUmZarj zv(<(ufCMd-LX~!6cO?;S&^9XXbE0uiZmF}?24SNW3?A+O2a?J4&*k8=&A|EK+WBHD zT&W(2P&XkdKgm5NGM+&ll)sCi5pzINwm%KgB4yi3TBMkhPz#bv#Z;~InDMW-EiVuA z(P3{F)YX8H1kve^;F zGTM5d$GcQ-CH>eFa6$K>8v?lZp!yJ z!P1G|iQ~`qgav&^JhPC54^N2uMzq}V4#n$j@|fo+=|NEhv~v{gdijdA3?VTjxJso2 z%;RtnYVj-aqslh;@A<`*MxN1>%w)LnjKj+gb}U2Bv>+6X_fvaTAB(0~=5eHCyf8-{ zm1;m7%!cG`)(=)yQ(375R858srs^#iyz8dksWYNA%+^wajeH{QU`~Wj2D`DPH=2rL z`0~#J9i-$qW3J%+4%2-z^!aiuq%?n?y8`kqi@--F3~#dV<8(wv_6i zz-MtGZzOVe{4|uEojD!V@Ghu)L|7dR&B*z*p1*d%YqNbS{209J+b~rO0{k`2i(83GHJ7J}pk-J%aiiEDwEquwW?fOxZlh~UGFFy%W zmUxIPksMFgK41Z#R{qTPDJ*@H{t=1^jrsX_Bse~>2@iP|a*Jkj!h57e+5FDekq;%HVaWW^bf>JNc}+rkeRUH~-bH@~sVB%imYP(Y8H4f=!$CntavoLfiKB zczS9++n{5+K3-{Vp6Dv1Bgo+Mhsmx#XPR{}RlkN_MvT$3 zi9Cecx`jkqI%kX{H_9%?ef&Aj$?I_oqVr+&w70nTbKMK(@o%p+f83uz<-&vBwbba&__ow42Z1cs)%8{&qau zmlAV$(5rqOuVevq_eOi`gSv?VzOQh)eEwwnfW-DPyUjMe9X$S>Y?BA@ss-%DF;K8` zy07j!DXeV4IX&X_RcG$FyslU5sk!cHp6;-{yiJ@B4}Ru#cL+o~l_BnYjYM()=<~dv zE_P49Z?gP-_A64?PWjhc4hS^lLNy$`nvYA`2J>=dx4VPCk0;*hZhd+ldK8@V;KbGp$zoU#Jgs4c7NHKFdwm`m(WbYDh{~bI33lN*RI?lp^ z)u)E&cdBlzG}aGmc;x~rR|g7YP(ZQqq{CcG6ynE6gh|9#PbyqBO+lT=Kg!HZ22)zH zGm<-oXW|)Jh3ECS4@SZz)m-+D&R@i8BeX)$sw679nGi&@>6%G)E>u@`Wk`*PG73?A zB7}g`Pi>0fma`lG#U{7nEXz$$duAiX_Y!0{7;n0RrqqJz0Jfw{N+qSA8rsZ5JV8un z&5W?($|RHOD$*uly2~g!LS7-HTS$j;6-j0)5;b-B#ffLO81F^?r|UOH@bB`G#q=I^ z*5Ct(0hFW5k$iGvH7cq@S@E2dSG^F(5-I5#wn}MfcUiPwnzG8omGBxPG%X#X$3&i) z)Db|MjrSfxgpZf~0L)fen3DJr7Hp+zSRw@NjtrnuO&$^!a(+2D( zpx-dXAm|D#h3&Yhp~aj$#+TjEEXX3&71lgBl3`a7T?Axae6%8J5Neyz!rVvL;og1R^b^hvl1s;ZIHz3%DFiPNp!>WNahV>sEbjiF-xUO#Ritw=N?4NSmIT;aM;aecz9^v%Tj z0-r%)z&P^TSm)sl)6_&9U=na)5y;}THdRsA(2B%m1Xb|!SdUnknvXsJ%MNHEv+aWb z+mojuT(mV^N08A@myg;^10{p*j0rQc2}U`?Ndfy(zODZ~;AI3qE%HkanFx$<_LM@i z%I1R`5Eju9r60V~%#OKU-(DwVr(uuUhPP$6MYm;TFN;j_Ic9W9!;;8&`RnA88*X1DOiJ9^d9EXM}@CykB8{8+1bl?k}#5 z2QMMK%VF8?-XfRaX7}YjQC0sMr6ihXGseqHUJgwyh3;osPguIKtx#8DV_GkdOkfQP z{5enOMT?cssu8WfeTMY9ZkM}EtXu~D7%p5aOe{QPtsI4iy9iAs3p9$tUOw^-`2|Zi;{`M6fWv`|NeDz^LyU#Whp@G^ZL zB2rIIG!aZ71LI$v5cJiFj<1^jZV8k4D-~t%i(8sNip;OGbvo{1;PIy%Yb-sfs?FUs zXEv|b)Kp64mf+(g^}E-FtkuK#Tym?k%V)0p`8YSn1zpzD?wzKL9WULp`(>^4p^Bjy z>d5>S_j|~Y@fNpVx+ zPr=xt!a~WDsrN6wl-gpNbE_w?&WiwowY~qmN0uv1K_q|%0^0uv9pnD5JIViT;%LA+ zqO76qtR$7_9kEsYv9mSN)B!QU(MqI?c{8{BJUGIBgkO?PFuUGNrL#&|nS|grgZeEf z%&ds5(6}5!6u5--3x>#)n+`77Dv5}Inm>v04ZbAVTvD4KrB{l)M?pJClII$Z$ED?E z$K$r+Z0BWnR&8l;#6H-NewkzSt5{x3T?VPs3`|JXV!}9F0U&8)G=pZ2Orps~QVTa}=kYR66i^W$NLS3nRuEYXlj3&o zd+c8gvKE36}*{=H8?F&NY2~p zTzPg7+Cpy7G{T1!!znM(xX3S@z;Z}&k~@*c&u2B)>%f3U2%bg?4}ZknfGejGazuf8 zp^2+S;`_fH@ex*VrI4V7f9T6;6MO-|szHpTRgK&(&@#?iv{NK}d$NQnERA4)XuI+4 z%%L%zXfKUl3VG$l%?E`$Rnum>bIIOpF+$hXcE_Em>nt4Pc!Em_gmn3ct8>lNdo#q$ z)52`4B&v5wKv>f-+aBFv9mK4&a!sOyn6y^h`KH<(#d(-FR@_O>lu5)>HP+0`oBv+( zHp*{VGX6PZ?=&_AgUXK*B3;wrD#mARyj*8@ z|Ff&?U}5KpHoh7`TfRG~y^Mm|HX~NM1j6hBgsQS#dXwou=23BZx;YU-Er5|gvD`kJ zoiUZ@lxl*LFgwW674O}UvL&XkS~sN1FQd;<9}`)unG&36j$Th{R%uoZ1)~%0Xy%2p zw{5OOm9*eipE@DrHf~&HM%&7*(=s!ZUd1OH7kkn!9*vO3A7b(VG?-og;A_%?e}FY( zJ8*i8A5;QGtByEC+}nYtB}omLI4wb%Ql)I3uRNTfs!yj9*vJ{zrb%FCB2`bdynbwB zI|`IFNQz?<1)m=yrKw_DjXsn8Lomx}78E`qwn1Ag+CMa&+kYmLwtTc1xk$nS8wwi) zNzSWYQZ3jHRv7(nYJuRSI=llR+nD-5OrD4Wfbq!ImyKD_I1w9iKelz*(ia_$2wXlb zWa%%R)ewQ%u_`qN^9G@cQz5N4r#SQ;FNu#5?8-*}par^6#we!V+7i&?!7%r}nJE>! zo0{g;h*IgXW(mxGVA_K-vq7Y^V5bzA)P^UEa-@1Hb5b&&RoHb_V9_rWT<{wdB3$#y zAbl%3mAFP-!3F*BYHwe+a$#S{EB0N}fzIegd2{lD>4`fVyEs)wv(-~KQZ{IV=3)Ef zPRYuclL&E|>T<8F5z`YEJRlZyVHf;+>K8_|S1`5WIImLJI(V;<4lv<(Eh%8t|JS*<~6%e=@bVu?B{UhOOd{7F$sEb8A_@mGm zX_|%OGWQa;`jj9JiwGB(NMMDKL_*AhaD?1)WlL8XnSQ8}spb}fjZ04pnQ?t-F6BWhim;5BFY#XE9KZhu?C4l6H8xiuS2&9xRVRNY4lp)b#s`Gk=GOEG)( z3J#ZhoN{BOZX*<-C0D2W!q&s!Dva=(@v;Cw%g+&w#bH{J$C=-9r{`_%PB`~o$J;>P zDjYrFR_Af}`^2oFm4^X+8Q*5zB_Ona*Z11P+0{)^>O0r@|9?O8tNcPVf8t%-1BU&w`x z=0}JNZfmY}J6(Qm9x@uum)#0Xs=jDH?}-!bUmkKi7ScjDH;eGWZd0R7P5OKOv3~Za z$yF~Fk2>!8YFYf(^g6vn25WtXNiX_-<~Bk~BA2s8d^Rq>`{=ND4Oo4@9fs)SKC^<)KEN=bicKz)-^!p0od5l90@PESg0nVVzs6cQ1zMp3gIEZ(tx8H37{Ll&?HvZS1X@PXmWn;*mn@PL5lDpFqAK z0eG6uz_*6j$v_LgBXr$y0ka4bKS+G(o)8CEL zB&6g7R(1ptU%ZN${6-zD9ut8I{TfKW3mi)x6P8k4i`P|RICu-d?BC4z9xM9w4fcct zkEaJrc``1DquS@aGC#Z2)Tq$e$h>KQ|4sJS|J|!{-H>yK>0myX3sk0*Y0NxHrs=3` z_S^U1&cb2dFM#_l!{?^1ZcLgU*WSCz*=Ft~%OdNYX0^}qhenLI#sAM&NKlT?-nWd? z&_hG+O4%(Qf_*RM&$!7ts<8qBU%*eB1xE}IW22$bi~^3j@9UzD${vrO+w&E}nFIRd zSu84UAK^APu9tP;_h`W@qRt+}+s8kFR9wGZJ8Tf+Q^zpS{awXE?^tohY{}#KuTAl^ zCA25gO(Bg%`OYZ!C6@DyC)>`rT#>ff{*OO>dmlYNA3u9OE|zD_sRA+xQD-XFb`u7@lEIGRAy!&WW~nlDI{V$SlTM zLH?vejW=3B^3_WXg}Wq;*$ux{w*AF7Oo9r0V}QhBNL{M460DCIS&53;{TUc&m?MXu zV>tQ~m?7O_h^3FG$!QsoEmxQNFGM$h^yJGqB7ni=MQ2Zm?uFqGPO!NMC?p2UTe2mb zSp55N*@^;dvoI>fKx$#dOgpT}_thkWf@nTt!ddug3}|xZtJQ4<4|*CWj!rO%_C1PV zL{{jKMB9@B-R~ao#Sg@QPf+eCfg@p$NTrgAtHdV8C~xNb`=jj{49wCGh<%B1?wkv@ z;j)j-LNhH@uUJ@9rlSxv8rMwru0vNdWL1ZX4WUdxZ_W5(hJT0K1L0AI7(Z34F;-Em#|PMx3eV{TIQF*GUaPS!xRODt%e}LsN{tHBbJt>kZe){v6}Yf zQ&uy!D6`|J!(|>;oI#ov31ep=t;vMAnm`QIfHYlz&C9OQy@AU82c?$?A!1>uaK3=b zKcFnQw&nO_4O1-3glPhMSN@Rpn>Q{UFbVPniF)I}U%A5N+o31zq80&=R{gC1h9&5-+FD#Sf)5AL=R2n4|Mvm2E= z0ztq9A)}o@RxCG7bNUqoy?+-HnTf0Zi5dutX6nvk2SwWwl{*-~iW;PtR|?gvN*F9# z#+PI$aU@CM8Ux$^ItKDI6^9kVl4BW#lYtJA0A?#~4(|u4hY{P1qHkY6lW_kv2m(y_ zgv2R|+35j=2L_E?+XFo;VVTK=q?BpC3c2~gWaZt2j$?HyJiX+LN}(Q&0?G7)_3brd z0EArk221pdwFiE%_FjfifBsdA;C_lQkrn@>5BCi`w!quUE^lPhH~F-P;TQ3JhMV}z znvGLJ9nA?ECS)J*PQ~a=td4hBmVDGDzD=xRVsKA}G#z_7lCQ^6rU3?@fF|m8w%4(2 zct^jjfH&XwcFwxm-sB9$5#-hf?AWb=HD&Y!-IvvxL#AE_o?I120Mi|~USkt!(Lx)m z(YT}e*Zy~3P(pigsEJh9p7uYq*=2`dx7+2Qe-^`I*5Kj+T)=-ZGkyMLLt)f|Y~_6^ z%AkXD!&%zvd6x#%A`OF=dp);-O|SZ0=7zxp#(tRNhW}wkXVwIRrd8nlz5D2a`|@cp zYTwo2YQ(K?)7IW$EBKEwNnV?tjaf-{RNAefL>;~&w@mLc8M~M}+KDcR2lq?q8oXHe z2zQymYd>?cB8E|`Q%}wCc&4RaWLX&(dm-gp(T9|Vz71V0SKCj-(LhV}yMk{>g#+T= z1-6XePoB#kxz=r0dLP}cnD=RbmFV_dD7}Vtq05p6SKZr3Aw!z`n1R#Zxt-XL8b^|O zzn3kQ2DUGhR={}{Nl{!@4uL&vv+vrXhgaI|H6q~0#Il}jo`XKNw(F(bYpvaX!oWbb z>p@?Cs{SpfskNcoMfcEia41q>GDjc^ioVN}F-O{)f`;p2*>3Ek#;33IYdvGL-_|pG z?RjAnPhmFu$K35A&WA)xf^K3hx zg1=C`;z&kkw#n@m@jwYb_gi!OEiGOn!fe?#-kl6eh&VL1IBu8;360ETbR%fSVgeUr z%!&WRH@-ryL;Nd*)9w_@m7<6gQ<5=FwB`$&!Cjf*J?g);yxZq-4Z_X101^DNMBrdS zNx1NZs%KDaEoe=ndT4<&!@weq2$&|n-NzFx*atTW(1S2|cY!``dDXx3DGQd^rd3tL z&3@`I8EwV_epr$~cx>r-=RPa3@iUjMPwvRoS>5}Xy4kJ!v9Q$N-tS4;Z5+y+5(XG` zTiQKD^nJuuvt>43SIhS))-tE!_Po=oe_pTXG#2K{Kq5{2F6YW{EBzJ|?5s6+-RJ$c zB6^kqrC%@C4%yvze+xgaVHY!h|LmS!r$gy0uw1<;f$rq|+3f;63^tWVObG^i8qRznj%7VB4jcOolXGpZz1a%(aKN+}hn5!BKH zCS^^Me3J0gyo(0S;X@hA)$~H{M~+Lc&rOHLt*&09y&tR?mx9}~tNv=nPJMErEF@*r zMMjCFh!R=0(&%7AF{)fsq$_bWa};kX5}8=b@IS+NO4NhCHM*;hD(Vn8WD>9SFEb0) zBq@7}eMe%d3d&nLa#S1L$=@bhqD`|irpX{n=vw${c+&KEapXyF$XRO6iFlmi#hUDJ zG1L^&SSj<4q3n2aQdbe#k~$NV8JLHyWQoSKl@V}`?GN2Z5Wv>5_(`a&*^<%R30|C; zs$}dWRazhQ)y0Jy^~IEp#!}-(gpJ2cS-HjdfyU0%piPvOe2CIVT4a^ZB1&q+(D!c} zlEeqP>KV#aFVy zh(_j>Qpl{FYUkYP>4VIfof1&QHE1B3E{#Dh`BE>a}6r_yV zga*TI!mTEN4b|B)y1u-GQMT1kgreW>-+bNwZOEj9ON-yHFWxmXDPdU18P*jv z5t1Q@pJ#e6aqY3>Cn{ih!qT4RVIxs9i15#$M3URe>~SB+ZuYDo{ORl-fYqvYY}+j= zaTxEN|K-gc5+aMch&a#laD`FI2mkbBCz|!!?2c4Ta$Wr|`9>P!$PNm~Dkr}3*;leY z{%Y9HQ}HNTo$=og>@(<Qy$4WQmO&wJ=_BcW&5*xK?lDe*Be}n> z0KzM*_N^%bQ5!%2Z%3pH$x`MQu6{S|BWa@Ye?rw=`Fm^)^OG{y8+`$!xrT?bgS4YE zs!W>IcIUes$X@y~pk6ff+@mdAdvmOa`4L63_F?!HLbl+2>8d;$@(+c6a3EDJ@L4hO zdbw6{pi_|j)pl#j5nKEu_q!&t7#YVUu-f+If{tIYRY6i1gT+lacqK74&{>%EX~M1T z7(R{;1nn@4YS3Qy!&NbVV*@e%($vcS|Qb34+H(2DwS2GN8- zQ?tTkr}it;G(<0yxA1a=pH@CluAe2=F2RFn$h)jypMlHh5X`L5x-BySWDS_2MTBtA zM{|L%(0Q;Npsj$`?Pj|&4Q4rci?wiD*mr?5pgN84rAYd+>eJzptux}@J79M75dqSR zc*X**-1wBu93Ba5gK7y65LkX_j|J&2@H{w+J}|=FvJD==e=N5_c6PS@gb*z{7oR}x z+YIA#Ab2`b27ZX3_|;eFqhp604>89?hi|UvMF3+U1%>yQ4LRAYkp(+}wc3{# zhWnWo|E2VOuX!~|nUDu{f6U)F8%#nwe9AIC^kYfkT0fge;L*BEW}D z&!^#VvD)E_$2qsMk9AqDM5EvX4v&~!IV2;Id2ouC`_BTCaa^XsD{`6Y7(>c#cz8u$ z0zEB`)g8_;f~Gk*BX}Dn*jaeVboeixfvddVJsgJ073ZdK-f;Pr1G)^Ftth zCyRJ56!K1Isif(vvo>+HNbf%nrV1+U-)TGwpNBPQfA9lLidSj)z7JRK|CG%ws=})U z9IKy=CeMA3&Ndkz|LqV!(dSwH06bXm9NzK+1~;!IxF-(-W=Lxl*Ls|f3xam~zAt9g zB2^!1YA$=XU3UD(zJDvo=W_aWk^?5iPxs=@YeYzQbz$dl2 z+IE^*oV;HQ_)OobwdCow^nEJqb$jjfeLWt+nJM1TTRP?f96xljZaW#+zDNGn>?EXoC>KSi!LxU}*M5}BC20ICaA`7i zSO_tATYt4Ctu6Yj9m++2cQf&QP2~H2KTi>CoqPQyzeH)Zv4#lf1T6e~e)h1;`9I)T z_?cKKS#9hEJdE)Xv{q}iI$abTz<>0<`d-3jpu%kzan(T^69+h_+@u^u)OrloL6AS zi~UyUKvwV_Z{z%z6K>PCIqyamd7s+In4!L#y^>Cx-8BA1WiBh11e|kP@gmTB+re{L z`_mcLO3Ux4?`apxnNMUT<4Q|(hPoqH+&(C$%Yi|5Xr+}fcofB2&4Y9oP}{BKZA#kA z%m>GQGT5!&PG99{g;P>pGZUQ^GDF8rZ80t!k#D=ny`VDB5u>WL|Qj27v zi%Q;V&j^3cYJ<@lCEZEIEZOwcIZi$fp$X7d_T4fyTQ1wf1r5{iq=bC&B2bLt-ya|1 zSBpf$-0UL|A;yzA9d>xs{Or+uy3l^0!7kDMA%HZ!{+K1GGHnn7(HpceUZev(xx2Ub||{#m{;>e=%SC%{~^5_Y~-I;XzTW-}bVsVtKVv zrqH76{o`7DlQWdYyX1R0zJ`J~vW4xjd-WAx1mVGd!(~f6lLAcA zcEA?vm*s?qVGTK_>m$Kv~+|QIFQ{`2d)Cb8Q?hm--HG) z^QOlu=b3K%5$V*%mC)SN}kS9h11H5t!>$MSv|t8 z>J%KQ{`hwZtbEP2b-|zTwQ_dIk{E3lsgVHMhLg~#0Yf0`H*yb}+&of*ljxLQ=knIi zxZtUo(>KGcJ^T1zhxU_tQEjf8RNe*c8A9A*lSYp7y7uVnl4I~S16$!0>!ms#qlxFQ zQi1k!)yWz06&>svZvC3;E+Oa_Y<&}{T{iHI_nrmMIXCK^o>ZM1jIFH8Ywh!veV7Kg z_b`&>&L!-?{6-W6&l%+z9o%?pxOV>;D_W`}lL6_TQ?}VOVO$>I7=#Il0U-RlA;T^u zrz-uSntCw`#|gG-m~f8l&Z?e;Cv5B*Oz5H};A-KuwSTu**2A;$aU_MxJWtjGr*XWR z%J!}55Zf}vmVE{cZ)!b z(07g{I?6k*&DuhZx^+lbzlHa#z)SEzUFDZJB*g58|5;rVhr zX}piHNPP=ACh8OFvH^Jl9ajK3A`C1`bgSgx7Kk;T>N{WB&kxB{CWmGM2gcKCgds?^ z2l}h^dnHAaa7vz^HWz4S^KOcbIXuy6C>NLa1EUfYv!a%p?-S`Kp6#GLd>V4;rfxbU zI4HU!-;)I>;{#&=>%aggndcak)u zz-(iOX@K!))o>97;!{)vLcQp9DkT~%UDo!I(plJ*i{IfEV>AeW!RL%hOUMwiM%+Rx zoZDOy87dlz!JM`q^lv${3I6u(g;9qv)Od_{1){tL7g1)bL{*JWY&d(C=71Wyv?jl{ z1z>{=9z#&abQTkmKpZ2B{EB`yC%#k_hT%xGP(gDR0WLFSK?YQZPa54Oj!CA`M0xB` zeayJ-tM07Rl+2n(*Mwb$ zMbQOG2)H;tm=Kys^A&qjzo3V&oW(n`H1Rwd{rRilD7V1Rl zZ5VM2uk@-u1ACMyjh0rAs|sKnHEy7bLZp-}60e{poCe`j#7n-!RR`)lS*J7}X*4@m zg)-9~M^>3i{2EprVt1G~9Pa_cNCD}iO=hdunU7YDvL6f_HLFW0MG30QEt11KH)*KY zt!}od?O!oW^K9R=PX_vhx61FaUh{Rvl!;~XQO^iPqM;Ku&Dlft2u zk7GIhTut3$whKr;1(NQ}xF|GoP-MJ0Lxmv+H!4LGQj8oTE7-l~F*oiHSkbI`-rBJf zMJi7Y+Q34Mt2!M;e=!qkUGO7*z8(|LKnVbT5OcsW-ldUKQwi29N;QN zX3D6i6!HKju;Z!_N_D%jZxIH0C`I)wr;z`YHqo|DyV6HU@F;ZnRnj8{s)t*;dr5eV zo~Oq~juLl1iM)(iJLHTUBWot}k`=-$+oC9`UCZ{GwI@GW3l7`N^PW)s?yk$I9gK(22_a)}-TRzDYif zt|ND$qU!74hj=ym)Kk20m|w6B`DuXbuT1zQO^BnQm3H%HUVibPLohP!RJTVC7X?U> z{t_4d{t9%c{uy-8Vj?bbFs&=lq#CMMqibX(Im4c2^;aCL2EC}}PE)ivgF{1%#`p4G ze@ZVK1L4!I#6C$9A5@pqQK`d<9GBProq)kxTS)?~G9mHkM`C~z#g`nOZrhxX^(n+t zB~I7PYil8AyIC5Qb{=JZUuVbGv#DNFC7~t)I(P29SdZXWhW{ktgZ z)|d~+9Dk;){Ll)o6e=}Glj|7`Wj^oSoxb*!Yk-sKts5;~H+$1Lh}nX*U9p1g0JTUZ zvOZ!H1F2|XBh<(E3VSNxFv*@soU>-*&q_bgiQ>azlWA{bXKw3@~lFd+sngqm>SUC7+6;15=O*bP1Pr}*QTJi`(N)8(oVoD;ZAZ|CcOI!8SI z`n<~fG3*ssy#8Z4+Wx*g)WB?IGC#PB>qtWxP!Oj|X|GM3b`Ss?rpjS+T=7fJGGCet z8*RbS2xR>YkqH?5+e1;41+%rg^MU2_64`?%&aY6g*pvYr@`uWnf^|x;DaMU8N%4<4 z++Fuij{l{^ifT!;(+~U29>dKo_pnEZFGm6nHF~{un>Cg@KRcY%df9AdrPLKMAh5j! zr*adEmH>6ihZul_o79AAKEb*5PQr<&pe=xm^oFmtCvmenet<|3n-@mz0+(NQVz-@s z?1R=iwz>$jMI)RmgB=q!NZm(J(Qb;n0+&SmD!FJpB$lgmUB#@M5pfNA9r4K&>E;~= zpA|}q5~GM~kJHLj^_lW(o%I0%Heb z*c0ab+qrmL5YFV5r1dzrIkVwx9ZK+i$X+_zt$fZQ}-2tj_6x36-MoC)k`n?H`8PXi>iBmuLHZ?g5Q^ADXw=z| z9UM02PR&QXfl9W}P5J!Jo1dB5l6D*J90qN#pdg1)Ob;7E6kuCFNq`6Esbno|$%t5aco|_e(7xDK5KVH2zJM=fpIOgSR%lKAhd~89l zQ7*0WAf(&eEYH~I`KfknqdV7}-c=LM)PNyAiU(S0t}KV+K>sl854ysvjG^``nMHHL zcUqW6bMl+-9k8^$Ru7tszL;z|zS0W%J7o)$>?*C(K08jnl^xnU8P}-VX^cFyj;AHf zdqZmS%hCSXIdp-^Lc#ch^$7i!7`{}}Tw$y!;yaPr;YM}+ez(Wsc$Wp42b@P=ypj+0 z#GMfIOhMZ=ZBSnHiYq&NWI`$~6BJLfBa+8?IE(md)@^^{P+Y*1{u zXQLv-SHE|r?%_<;6~>uSOwwrXfZnbBj06AzmOZoz+ejXfaqL#^$em&Ff_q%HBERR2 zj6hSsPbhAom@Qw_o=8^t&HXjqpjXK_{Y!wvIUxn68?%80sVPu0Cu9HYaPl6Tdd#NL znNY<5M@LY|Q_SOaiV~ZF>WVC?0&E(0i!QuG4D%~79p1P(8+aPkoyy6yX(xpLwb6)w7+M*Le1-d47F6l2WDxM zrmhCXvv%Ad*^{5-{?mJS_TNnorHlysU3SY#A)zOHzpIWxEawdW@DI zm))$fZu$zJnwZj*adD6NK>4rHmVirD1J*`x))_dW4j`H;YN=&r6kZ01M*kT zj4_sNoF=;7XykpT161F^Zl9S?pUe9_*Rw;&vb_Iit;E_uW%sN zBKi$Mu#`ly*9-jy3P|5p+Ee>(PfWodXy6@^FKdY_`1xH4J;X=uw=dpT@IqMg`jx!1 z+aW~%Ve9#-*tNjl^eW5UMvT=*?_Z&whKZ~24d@{V!&f8nD(F2(f{9@W1i~EwKp#@O z>Y5Rh)YWpwu3vI7M2LcuVG(agp3rp|6t8A#%bQQh(%?*i5s(MtZI*Bb9YgcEGbWFnf5>7yw^>!O$=Dsmt$WLJ6mebeB+ zs&6Sa#D^C`M7K*~5?ku49pV6ml8IcHd7r}cv1l6PE-)(xBXVznl(GZeS4J6>^ecFp zMLCTX9vcEtu(>KzRKlFn<_@?*M9S+&%D6Nhtc5RtXog%zJ*;EV2&{xd7@5 z`r!1|vd*0znX;diew?c@oDU=jKZ#2;p%2E|=)t)HR0F~8ApzBu$orw}*k(5@I6nT_ zT6vD2>M_BP6!U?=jcaKVc5JmVVhS~r&J{{~Q^A*y@JB9isY2$RltcAyO2a#=v4-KQ z594JM^mj?-qzum_-n#s;b&a4;P>JK;YNi@%=OPHU$w&fs1|1nGG5p0*o zvspqwCHk9&APDdojS@@%kUp9VJ7r{>fhE>WV5z}P6O z?F&tFwL_@VUNEA6Z}hrEyBC_`o7(pKsit~i9KVo2=?ziRF}7=fsBgk2xjANoLOdtK zpGSkKI*H(wx&|qe2M5QX(H~0VJmG#w#p|}6ds5@P1<$y{N+o5`S--GXpC^}@)4e5$ z0nVSCiYbTqJ)v~3h@V~Fn1IXjNJO5ceB)^CI|9Q`A6*iTPa>o-_mDSG#&MEar8ApD>3W$9zh#F+MW_*y0 z($NW#*-w?>-Wwb)Ak8p91()C7U%lALUVTLk9qvk>$|4%+X@km^8xe&usd9f< zam&Yx&yCMO?HL^Gxfk)?jh2_~91#q5HwYE+@=}$%Ay>FZ(53Tyc~g1uU(aqhJV3Gk zTTgScP66xcAYD2|bMg-jN5OOq^%Gj(F8sPJjoF-1X$dpEQEkPmY=4{0y0c7m;Es_O zV2b)6l~nk>#ry+#=_pe91p5m4SCOoN*>s|8fAAsdRC&A3@y28F06zSB4&y$=oZ+J} z6(U5tlNot40H@%zHX9(S{~;H6YhU(-zqo5Vw}!1U&zbi-aWqs4{i{sw=qUZn1lZ>H zXn^3+QNXI?V~<93oQR;V3CT?0jz+fhKt$=NtvZ<(i#*Hf3mJ{N~)>&#W>{nWPn;P!T4lA zm>#&0eYgqr7vWcdX3Yd0BMU4F*BHNF?o$KBfZ2%bA_>8Q2QmE z@o;sf3}}MzX`Q6IO9H_1_jOFV316gAuek_y)C^sn!2@)|={tk=jO)+Ts-W2zT!Zl- ze3(oG>?*}VyHV@k6n$y3;m*2+XMx|Po4zVxe@#K%tOW9@pE2zjMuP%4z4w0a*1(b^E^7e4_&4;8>&d9604_|I83?-F_3I{(HejqFlI`!$ z*)qG9tr!yTd!gM6r32qM^%VII?As6OvuV*$cy)u{{kSoIG|bT3qvn2pQ$+WaoB(`| zxdI|=`V3ary(+)#&z7z{xD^`r*w?qDKKulx-l_PxRA1zwT*C-hf9%K822?Tw5W6QJ zDgAj^Wf9h1sj8hEFdzA!68s4IvlCvw7!4JMW_jkHl&bro*I72lOBkK4X2-Q-0?@^8 zl!g(Q3W|WZQwu3#e>e^2j6QQB-hW1r2K?z){oruJg62#N7xl#ent`Lh-oQvqcLH_M zuf<=HBao!mX3NMtBvDrw2LK`Y$qbuRFBajMywIF%)dAhU>7%3SdLO09T_}=Nvg;G{ z7VgfL*{k`^>@Avfi_S%T;OB!wZ(tv29NUoAaSf*(45P-vZT*TOt`GzJI@4Sm>G%#I zhM#~Cbz;%b3XZ?j_H_tuHSTzG6>JUgF0Iu;bX9I3cUyr9pa2+MFN|?EM>Bq#SI32_ zR1zMJEgLxph*EVkZuOLtbi7i{UuCk*m_EKPVLkYlZM#q9b!zeRU*cqzY)s3l_Si|` zpRA;P=m?tOz?VG0d%xVv{HUmXq@l!!NsHhL%!-C9?+9v2e=~7_?##fIDZNT>4xoW8e_gNAvFSq{p}Q7dae>PaoWR7m_<-s9o&??4nxl z5u((V&Lq;LJ1l`k8)o&%oXjKs;+RHqM;&Q_eMVXY%@pGL$GX!=d~?{APR3bTNe^4i zC##n7xw|re17d5_e~fkJg7Z7X^0PJ252`4$L8K3cMQW*sE8G_>9L$!=MHBpCVGZ~L zlkavY<3+CHtB1fwwRs%tWRYVTja=qzLN|d~LnQfL_?>_;#zZanAvZzB0m_^O&Kc~vuRlNfV74-9TvV4l{w~f z9AUmg@*MN2dIx{`O`aL7&A<~&z6bPt0ZW@J;qv*8dy*?ce~weRPX*wuz;quVollFcN8S@{&1r3pDTKhrIVR|@ncu`r zzqwVrcV^E1221t6P;d z&p1sr_ylr!A{8yfVAQ{<3nzAz&?NChwG-nV1-PX;OXLr zOr7BK5_J%@v(S_v0_~OME#A#bp3hJN=25J}Y^dG-C4xK!fXWAhG9cZNkm_?3Ben)+ zjYWjpfvRh3epHk0nl_N;6@2(x@zu~s= z9bCF<8~n>aq;FPwN8d>*8(f2)!|iV?w~S6Ww_O%hnC@wr`N-SVR%S`*yI33+!IjT;Q$_A$@=ihW?!^gje(7EOC_rB!Mfx3U3B^G2 zV%0YSx=^uG0U~~>AQ(^>@(uR)7WT^zZh?XdMLVF~birMNeXRbEyb~&e)Gd7(EDzkfx+C4hMDKO*DqgUo2vY?Qt&DUwoPwIz^29PNPII zNcegK+So(lj-xE^9NhkbTQEpb6ysZR5mo^Rr(((h#|Hm-X)8xv?eY^OoHYC~29tz& zVZsh;o=_N!xA%sEn`sOxrPm!13ObM5tt)sD?CgoWVYHP^APGmuB*u%txAet}&Cr|- zqL~)8U}ukuVWaoHnJ>MP)3?$XVxtqIBLoB$cfxRCPBEt+&PC!J?lWr{sgFCmlv7Pj zsrKL=Pl&)dL5W!?r*^4pJS}P9Dwrc%ggA3$W54OV0*)dksZ}!cct{-@F~6p|CPLtq z7IJzahrqPwiGt1}wYp=q;P6PpGnAmag8%`kC2n}M-UDnW3(etbFajj~?KCC3H7 zIh!Y+bo*}%eJ$z9dl;d(wi!Prq(S3wZ)gFoD@WGR@9B8cB9Lga4T~qx7U*G?>#Hve zcr?ffuN5$&4(VSAhxMJptNqbz<}l`j2CJ`zzKCE~6;3K@wP_GZ5J`Z_?O^NjOe81= zZ>6I{=#>>y>c2~pU&dEQm8{(tDtY{!e=gNa@cgtE{=F2q=25wzYS!f@Raq&8O|s53 zv-`FZT|T8(-n>8#I)`=H3+vc0=VHECg~n$a9v53m?gv9vb2R5<}qXl`pn&2^H7?L(qjC+Rj8k{Op_<#61hagdcMcba!ecHBd+qP}n zwr$(CZQHhO+xmU);77bSc(baAimX{iX71c;#liA`?!VLoxC%r@xRsgmCk8_I5}rR0 z8IR(`(ewbu{p0Ctli!iIpjxPmIzU+0j6MdG^NbF;Iqx6B!2tz(;P!QU5_3y6E9Lix zvB)q50)DD_Kt|uc<%Q(kfthpR*Z9zFEOGP@z=h`j5HaP+=V#U}hq78(FU&mEPe*V- zCkEEveZ;q^vv`*_Aa@z5esW^s`bQ69o+bi}50xf?_fT3I3y0?Z5;r37eK*$uWA4Na zU;s@mT@I5C|dO({g zoqCYx>-+%bM;dZ0GwZ02a>$R6R?Kga{ckFv(fI2%R)L#U(VL#kMw3v6UeG|gq`M&$ zuMoi=(k{N*W!zISE1YIvHSb+4$-IgeasV6)x{5@A5RDPceJoc2z>XA>{jXGsv!1sf zb?TrkrAq?6ftM2cR9oG0b#c<2)%4q!96z6V7&rlr&1v%DwcYI^8ZnFNy@M%@Q# zH^60R=$6J^l5PXs2Eir;0YP)e{*$hVkR{8IiXRqMol#!Nu;8Wk-r>02WH! zYEX`URfH<5CDiI2oJRSpYwZ)9M*gdMZHN%%W;^ud9$tsQ-P0~{;3n}958w){{RHC9 zpX<X%{V+3l{?DT0{&~}FJ$Uy=r)VTk5X3R!(#Gnh|M}Ym+*az zJ}eY_sBjwq7thfp(r=9izYD1Jw!(m|3H;OZG+FzG`|FP4 zc#1Ir3s81QSu^bS#N2_uZEmJadrh)|u+gPv?R?#j^N#*u z!IY|CqYKP}`MRIv)&0u?9i0$305$)&NCLA2=LnzM-L7iLeg9?Vml}BagjBDBP=6?8 zq!CqH&7>6PI#7cMs1kr9F9ZDCF7H8EX@-@Fwi`7YA?VRyvuUiw(gZ5rN4wvHB8XG#nrztq-2#bPn#{!!IYX=l65!MPn$cSGJV21|B zz^f@exP)7bU`DK!X%TaC9b47&nvr{LQ8 zLy&v%f{)ntqgZ6jtFi$W{HhX)4{SVVR)WE~tQ(pkSDJT((YPs3ZBsPgHec9~J>F8s ziY!OB<3FsyaBmFng8^>#_=6lY*&}D7grUzIZi~CK=k3*zb)P6MlA`3k+W|dxkJwIW zwDv?Dhs}|%2HZ-zpA45&Sptxmn&^^RwO5eH8bwVyC(vSa4zXos=M~Ta*mWidjT`QL zGpGd9uAw)jb#!mN@Qf%v%Q}VobKJJU4Yf9ofo3aFa*2l|WJU3e(;) z63sa1W9t!gh;_QMxz__aS2)C!=PK4e_5z#_`{lfEY>)G0vVYN`x_%k>+e^HLS*d}Jv(XF?$#83l8)h^y)A9Nr+2?BE8#KG)GEGsEQZ)>BW*uH-S>;^ z%ptzj?RDmxh?%{YZSz#M_}eG~$I(9MbjAa}GR~znSD@h-<;hBbQ@9uN&ypngCvYz& zdEzZD?m_pElO+kGDyQ#sKdQp(8=oD?!AE?!=?dP|y_VZJu3ZW{wv9Z&E#?+C)*hZ8TZk+UMCKod* z)SrVAQ*0lRmSWO6oQ5MWNpz%_ZablFZ%qu;oEM6RwU4lc#t)3`ZnAK?eDKM>aqB+$ znR@7K@P4@7d9Ql$T3Pp4UJvXB)QO@wPK|hC)9>z9ji#Ydc9Q@HHv&+X)~eG;K}3{- zMZUL+J!8KO`w7yfJkSz)%n8-bCth~iAGOPT#e}|ZFY6)!A~EU|cWe_81eaEWka0*9 z!msNNPPL&;E0{sDz||&FDV(QTo<+g99nzfs6L*WapWO_by>~0thsLDEL^y^*;cZw7 z-rm_(n5#IvK~Q2XSQ_U~&lI=LJuRz65U-b$1lB(X#D*x*R-ay-IwJ%P#FQ;NDHP{0 zcQ*_o-sJ-y*a;X1{#Cg)ev?{)xD7 zFIOhFf0mStr%u@BZye~k{1S=t6u)W|@NOh753v5(DDErbkLbxRC zUh#wmFZj73r;no&npT%JRj1#vOpD7sqdSQV?AVeL7z6Thfja8$Tus4Q#mxuPD6X0m z3YcwNidG^9az8NfP_WO?!4Ard6q*e;x*SkasT^Tv5cQ;s!a)>1P|Glc4SiR-Vdq$A zZaC<#w*@66!JmUZ8_XVBaJpkW5Iw!z(Caa&U&I>-ZU$${_0LG?j2uZUe?w$R%qV)O zr;JrpIzrLJ-YyN;LsNJ_v5|A;VgfG?Dq57fHL$K}bHRdv+UN>63 z9cl(aLvQL_qv4rG-RA*avoP~t2UJeDkE=K-eLcGAxUq@9A8D(`^^7KZoFHi^5eB|@ zoQ4l~s*uk{OKUh644=BnJFv;${KzDkNh|uA7Qhm9JjiO85edEh61C6@GoZ_!ZFT!P zW9TkO$CY|^%XkH}+5u0itvU@mG&A=#CPx#yh|1b)gEej`b&i;-cQ?JBz&H9+2iVG) zAF6GaBdKL$e>YR^a15Wg0zc?2&Oj+%4k$B&?C|RG^KS+Q)%=;zeCQ$^;*%uEETkt? z+cJ&z9#l<8>&20O=q)NKC_RxJ%)@kEA~-9uqejtbL;6}&?>hC)diuPNx7}v;9cyd< z4ohk$sCo6&pFe-4zwu)E zvx4zNz~H@n)Z|aK|Aa;_E7P zX0xUI>z&#Wv%IZe#9#I!F}1_q+VHnFk_)66a+rrnp-|y_H0IXs-yECS5|Z$|6e*AS z-238I5qz^-?%`x}fm7@S-9%5bEkFA%es&kKf+H*i-|FM$(8y(2>*LYycQlclbfu}p zjBR~J=R2SMnmBSiwANe%wSCO;P;{gLsgo?BA_T>_M254Vbgtpd#-RiWPeY6C;FB2b101A~%$DOr{gZ(7o1?YrOyqV0zT)@<@~ z&TRkWzR+ejVwWP~!#H9nbX>ya$kNg>t^(f!fihL8lxfqMU-nVG0OC@(*_vZJ6d78egNRpT>grzJSq&uvCOtYXxeh#hA)B9OJgb?5Ow0W8y}7d+ty0E8X^Ok zKSmZZ^r=dJlk21s!n8)SeS5_$sx#BI{EoPxVBLbi34EK$xJ+`9HM*i(7ceYL$Yi59 z9U3=Tmy084YD~oXO!S#aXp9PbS~JgVoPRBdQ7ifQB%Csn!yam)sSJ6`daU}UV~*MN zEHd4|BhiwYmWpw6D;?eSo}KD}8B%;^G!y1cfOJsPe7&Wk7C^wMit^IjbJK3>t;Dl@ zN8g#rrpffwCQcZkC)ZZPFxUK`L_0S{J#ptzbF;3f_&u|&>JU5RIEq40>7ZIm%cecQ zh_ONfQjTI?n}|fAAoZY5vL?5kz)@Oy-bhC};>^NGAyyIz<>$s0gW_SV%0H65`X}G8 z8}9~RXRs<56r7@ALQ#CBS~%xAcl124(sngaV|N&%vzEl+Qs6Xw(Q`kYxo+nkT{OKy zcIHBfP$aR_6RuveaHw60ux8{evhUd8>~J9U6D~s0a?uv!vEA*EqFnxxS5ES5W8%fs ziAP;FbI0tU?#0dS_u)E>srJ&`h)7GIjJZ@NsjxOFfgD%T?VUVs&E}pWVgGK1Q8UkX zG7ZgucG5)Tx;7kVG92GTbg_=|-d-lQep*UXpmq_Fu~vBOeE9m_p)*oe{@{v0&aC^;ZjM%IVzAvz91R4=)b2Qrmd|rDano?r>#houlpV2G zU5;#@Y=$kWCs4}BK5zKtqaIPXOU$sR4o+3i(5cdwE2=I%b}#Izj%^#=cD$#daz#xp zR>KrA*^G1iA;W-6Im>8w?UH&Q&gxUApM9m zkCQ)(w-kK6vTN9)sI$VFWEkX^a>XIR$qu+8U1fRw8Ws%)D9_XcA_rbJMV1A!1s$Y_ zleRwV@bQ2j@VIZr_Y!KBGbn4|Q*sg6(`~-9^U=)P%uU2K!=Y~&@!j&yM^%FnRfCP8 z{=P`wX7HocRgS&C{5GP8l6Yuoa%~E|ik+=TTLI$z3(6led9FX|5RE#Uz~xr zYknF)TM1}c9%^6L$v|Q`kzQJ*C~Y&|SEW`t-3|^~iF7{UlvUEIh?%puBEeTVd_5<-bg+1#Bc%&X4b;uzQNiynNK4!SK^h@EGGv zPw$vqbLv(FZOHtTxSwH6vK@phApm=SRQ;ap)|e@#rqPpaUM_EM<@1mcpOc8 zw?A9zzX9p5U*Y3lh-6x?H29hGO!&S}k)CWsqqTvUd`e1d8>8M6+g`j6B#ecDk;HH< zP;I&JwYjbg?L<5y*`H9cWu|4fO70j%nQbkjoVAfT0IXxXncBonyhNI+G8S{R9*C$k zHXTpmog|#^Se4oljA%GcDQk@q^dxzTL4tR~Q?Yw--dYbG<=*VLY5-G{6*PP&Bf>L_ zLE9ujSAQm(%$hehJB7Xj*HCbq+^|m7ZhYFA^G>YLNuRA#L>b_0fGTM;%UG>v6ToS` z*0MYZ_<6??^Ry}K?9Dc%$;I?DJpLAMOHwbs@4j^PhX#=>Hl{&buxQ*8td-MPYYB4H zYb?`pIPUasO983}6k87Wmud1uYNDz-v`mW}o<>G!?riY${Wqegpdd45saNptP?9-a zVHvLO``fiNa(M6?cN`fRD?8m4)tfkeoFKg}RX>57WITinI>VN+Gb9n9`iaO>*<|QH zs(^mBZR%cBFTIdFXoScQz6PIsZi+-bp^4_QQxZo$B}Q-25-ML`urG8z%CS3F*q(4c z$e**rx@z=q(%NacBiCtA8B9WFP;b6sx)42n9{(Qj{22TUZZmWZv1`bFpdSQzHC+tl z3GQ@f^-ZRM-JFQoEN=IvvP~=+aAGvA&^_~7VGUE4R`nf73t2G@E6934IatbhfEgS^ zdcheSTYCL9IG)ss{-8IBW~N~F*1$eNSKq_;d;~e&U=%7xUz^a z^8h;X$hNab&x?4tX?3PDZ3)$ezZt-wc*nkS%r-@z$DvqeFx3qNR_4=P1vX$LN*Fn8 zBplbf3kOsHIh?Km8j#j_+u>D@yW!dM_X)w(;L^W_&eOPy4ZdeOQh|0P@YSi>aQkId zZ?Y2tUcZ}~o+>iU1T3g-{;-wxxJ%@bomhPuzYW$u0hU6~I~JY^|Hw^vxT@=3=|Rd} zcxCKfa1YWC99#=Al~-g)!ov*jAB{SC5^qSLxCafz90ZZvyzGylnW-v`pB;IKkQf2r z!KXmcJgFHj8a6kOxUAObpw0m~VW7Cd8R?ilzg}lpQCLuzS`7<1J2acYZ-@!2-%2>n z!_00QHps(DPM;nPn)F`K7a(9@fJTo7&wo1*%i<4x4^u#d_gzOizB{{Z@u;uwf0kc5 zDyv}DDF{!_qy_hZr*Un;D+@h&?27O^9sew5qQK4WW8dF?-(IqJzQ<{BY zu^a;_%6QU!uCcsBsoSFGc*uRxXDLu34-zkseBUBJd2+mbM5!yef4uD6BDpzJQ?R-S zkzCm#@wp3m)H=VBoJN^dV&uB?kvvDK)}r+}u2U$xIFc;VB3OASd7iYKNhy7KX1n-S z-nIOcBE(ayJ3m)Zw%kma^EuWMpI2UcDURrkT5~ik5E`J42TtGU@**p8KMsithN_F zrl^hzUt&EjQCAhWGx-+UhPuYE!O#yV`F4BDStHqb!@9%jETCDVdp2_*#QT)ZYH^(Ly_ zyZRhw^oSy1Nq=l1;z+-%;9Lb75h7d1V&)@Tv5TOI2{x0@jrQ#AK%07V8pA)Ygpw^|Aiiy(#;F2iDvtwyu#lgBs-5@A`XHA?o zu_9={^+uT_68BtlNQ8Dycck1K^-i#;9)~`v{!!)n(Y#1GMy8cX%>K*WZt|Dfb8J|r zOp!d2k?59vqw?uIL(_J2=k^5FV_)k~`5WgyWpau!j(^0eSU93nmU17W(x+i8Sz)M|FSg?%MP{ZBbLF%L<%%-hr^9(dNGdL zIk>Npj*&X&hFwGYa~07{UU_gzaZ#|xC}l}hkHU}Y#2e>J0p)kV)zlX+-o*PN#?tfh zTfZ`6N&awfTimR$|5fAO6u-<6k=xyGdkc$}2O34(yi=#-*@MGYy%%dCN5RsI_M*1y z&o3zRmr(|96RWv)Cab>vBSv;-%YYM|67JTbU76@qKLouvE?3_8wXK*s6wh&<#J=Tj z6i?50>+)BqMX|Gs2(DHanw1YFNqtOB~3_ zS!2t^!o5hnhAQ?#b7}?wlS%m*+L>(LFJH%|l}HUdQ!#lHW%vvE#45%pfK z<#;TJMV)fNKX0WV%05m$b5y34dmNi?qCZgMJ5jpb)s(SVGl5B^h#Aing-pL&jsQ0R zKP5;YX=!a8^SDyER45K=P$!iHOz-fYYE5H)ie{sEfqL)icw9m`u))Gab9Oe6eVl-N zkt7GcFzhj-Ql9Iy;~2~Nko*)W(!`T72x@sxZ2@n=wP_SSOmOJojj2C8k>uPVU5%#2 zEBIW%E$7WUkb)R&2>imsQl^izl{x(Jvw`H%=xn~4M{DT$!0nvbNExD-Mdxl3r=T|G z1P}n7A-(E3eM2~)vPIJT-x@V+EhBO}HDx?A?E>Yyi_T@#DuwhE9LFzuVY;Sw(=h=a zL?WDdg}VstDC0H^>}io1CRjK;Cuk?R32&))7*q8YZmwn05(cv@)Q)+?{dTA`d2S~O zV3V{*Hr8ncvZH&V7P*JyLK8v*t(wEFKig1e4LMaKYwtF!3e3qxCM$rW3nLLH*fyY@ z))zNA>Dg-f44pdJ*$T}Jlr*Vq#m60{FJ&7?Uu#SC(38|`70maB0`Bh3q;>r)3^g(| z;xa525aMZ$`p16Y^;%`RUm5Qi;w2!m2oXnTY=Abxl_$jmaNGfwMHvU(W#-S1!+I|6 z!&-IJ7=iRY^I7OZcmjt82w+bUFrG%`@%z$;ohO z&D9=KQ);`sgcO)tp38bZgbVye&= zQ4;fTTXe_?U6c_fLv^KG096?ZQPwAm-3-~xk|JQpGJ^`N++`a*!*$H~Q)`l*;10&b z_*)asY{|+8BcI@WLEZMpl(zG7FLX;idqBn%1&48+BW;Vr>5t+LIh8u~5kg|3Pl;yIFW5#UzK4mtqofVHf!qTgIk8fF$=tAgQjV5bSQHY3B5 z_?af3gTVssDlQ)1VH?2h&Z?;l&%fdm%2H1wcp@nl=h@qpT(Krg6U8=WY9~&wYxmLc zE;(0-BY*O9B`jkm7hdimiXXEHk1xN%_o)a>4WUKRTs1QIp%XHM@r#0Y0|(vpVz@;YRLpp5{Un0ojYQdsJO&~ErD?jmv67KlO*eX z4FjR;0QE9@`-uzBqm}o6J&BICn+ChEk&%0?HTavr?){L4?_SisbwReEq_IV|mg+F~ z)<}XH(WriNY#P?R(ewus5uFgN+Cae23?1_<0gHM<5mF<5(!b^a!B?RCv0}{$RMc5K zM0Ua{TMd=U7dj#~y(7C|_EjZ#H70F^1Yd3@U7at_^-=HBo0P;VoG5};*W$|rPtt9P z6`u&a#_q#9-Tt?Q(u7>rSgWKyOUL7Glv7e&LnEj~ z5&{Oe|Ki`y-#za_riC=Sefo;nE1(%zc6~s8girA;#_s@ehNQynS7iNm@6E&mbCUN$ zj?2g=e;Ob2U=}BzXEWeR6w5+9y-$b^2Qum7;7Eg?akjG zeUjz{`3(!Wq41rMc>EyrT82*{8{yrf6E4pn?(YH}m{R0bNU1YG>u%E`D zH^cTDkb1?}g5O&00SNcreMHs2w# zCpb*bf2jP$_ZtLm<=XjPV|U#^FN1oM96D(-hdjWyAUc1NcMV{-Lyo4|`VUOZ{oX)dMJ4aCEH_H=eU-9e6r7R!lAeOA!jZ6uy9 z-TP+;t{F*VbW#Qwuqk1lTb_mr`n9Qx+5z3U0qk!Nsw&{ zB@{_TJs?IsKmv3D?<>j=`1`;_Z-dTXa~s&yJN$csVOn+$x!Ovf>^H)pKCs4`Y*q`1 z9LN6G&3}u|O~Jxopwr?o-1?kYCvxCnT5a8u+2x3Ii9Pq)qzbMLVj>TnmzU7zJk&UB z%)t~Y{lrTT0!rGbj_lI=chI5c-{e|!K>#ly(MhkBY8Ad+d}@4bo$d5abOQutySeqB z6RcJcYDg<+FLB`|gY%DA^)1iKI}W_2V9h15`GF+g;ns-2BP6^VII^lU1 ziF)OpFUC-bY8Xw|+`EArXfXJ<3Kew29f9T>F8^lgAa-N=_)4vZvD{>V z^f}Yb?wD>4GVk?783XMK=I4x1PbbE@=!ydp4~f%+5BHcCV1E+khX`d^5F zrMwIAO3L7M^x(6UrD*o$1UHfU;#i$osEN(!{y{Vy74tQE&K7zO?_>C2xXclVXV|NW z3LL-FTR{GF!>oky*-zd3W=O+Cr=EF$-0`i;LHPt)ttz7H5i1bbEvHi5i9+*Tf;YGUrHK6F3mecgb@YKVXpWy8xw;w!C(I9 z`w%Jk<^-y9o+&4#8AN}+c?0$hT)7!M`ZcY`gq1MLO1n<|@J(Dut&r1Q+vc5b`q)R1 zo2;wIJ20!xa5bvy9O^QL_LQ9Ns@fH`Bn-JghF<)nAS`g;q%Q?mv3oNbM@B;0a+oES z>{AX*=f#{R{f{96iddFTfD?|>XQxP?m@5pgTQ;4u%`K$?i)G_5cK+T4?v3*KW=PVe3`kv$HUh2PZ%2diIr1@{YCo zHAYd-Tkx!S4xIChg;57`Ii~NuulE@gLgzfk_x8Hi`Pa-0+s#yYx3LRJWCjj8|Ki-| z6KuE@V7R5XDoty07eUb4?v1U@#ZC(5_B5N37VVv9uQw+CN|30^bAJBe|3mk<1>xnA zEww{)avo8!`6=d_CI|6tW~+pa-+Rq%v{`i5QHozma$PI}OXnrdJckz2D^s^g@LHq$ z!M)o3V%f~|A-v(UZ2mC=xB(M;^&x}yV)ofR`}{S|jQ+ug>iuWZ@D;@WCmk~2Q8&hJ zRo^@r+uFI6@g7BV zLhS$#+5I85bKwV_*3$1R1W$w}Q6x9IJEot|3kTuTW_Js4boxMVloQN2{En>e2U;B);Oy*{Mk+JA(I>`u6}?jej;*VgTZN`p z_a8SzoXNi*5K$gTmK-hKQrt|RKo~$O9_Vkf)rIln4Mldtz#mD1-@X1Tf6N``A4MN( z@l*KV6I($)ZkksV+I!T?u3Sw_oVfcRfWUS>B>x`@RP2%aA?^dEccdw1jp2$d=@667 z%{UhA`Bw=pR@8lok0=$!@A~!3nmZNRBi(bQ6GX4*aL`9izc}~FzQ(ZKlR@XGA6dD) zFIFHL7)$QbI~=fY8&)@XlA0j2S1fB}w47-|Pn;d@iJH?(yog|$;I zrk^DKK41bf`9a&~4BN){M@g|M2J*!z^AAPtTH`BOo)aK49Pdf|CN@p!9vl{(0>|5F zde;(0*CnV5v@e*GT^lBuoE>cFhAzxL5PH#F5YGu}2VC+W+mKB;q)j&lnEY1{yC1nT zueX=xX1d#R<As7F$P*jMZo3WwBO%VE%hqNf}I0!30^__3w5~rx{_{V!I?`s3sg3vAL}#wqBHa zk&;D(vLOPXC@tmwVsm(O{&EvFLZ7(S?6fL{K2lX{ivnVqL`7-qUbkEdz`0`92Z_&m zh{#MDLxRKg*vs|L*2mUQ_eakQW508eFk0R&t4)#kbP7fw7UuU&uJp7NQL}3Q+S^h# zI=B4vP2)q8^)}TdI@?cGiabF%;_0p8J-J*SJX=udKIRI9M*D+YbzsM(C*ClkzGRTx z>Xh3V?KDfG0>@bpYPE9sIA~J_xxa#4)uObH$eap=eRsY;LQ^?F6nqzWlq?>VQw!g! zfW+29-5&zzTF^onr&%wE#QdzD)6m{~s8y6{ zEs{%wqfhUETP&*QKg40mqi+GEGCw^Q%AfiscRL$z5~`kb$Uii4MJQ}Zr6Wu2cSp#sZH||B;o3ph3FngxR~;1SD#3i+P(}G%8~5hX;hd`=dLzvKB9`d&x-lz zS}JamA@Ctrp4`V80WPKEq?mi1jIJSzd6*#`Gb6=4H04+rbD&D1Z2GX}XTs$fNZB`( zpCTMSPzqH_<8KAp^qpoab*a{W`{}BO*zf+HP!04Nuwn(YBJ)jG95{ai3s;Uzl4ue* z1wp%EpRUi$ zud$iIO3!I!nm0$#O=~T#zM&?5z+-r>lVDshE37UyX`$T3hn9r zW^Qbvh+YGN0osrwNw+%?a09VMq_bwU9sG#W6b6YFO5Er{?EFDOX0@pdzu(yWi#)ZZ4v*Cbb_2+#URR%1GI2PSlZ9)J;7vE`(;@?9oldEzomn`cbQpKe znxJsg2cy{|aYu>dow9pD;s)|$O|E%E5LMF>WejFU?g`3h#`ETl#7UBR`-YjNDs$^i zdiW(nTdQvz*>s;8(2gl8_X4yZLL4|z{5k}khKSS-d9LvSf$WQ=4rYsa!dc1(MRRN* z$OMSud+^SF*?0-+#YJ1Q<=!{KSs>ICZxg_K_*Uac96B-Z8Fs+c=s^}VIezY)Gk`jD zfR0z?j= zPxj+mbq~Oa8~*k#QT$&MN06!Xk4W~8SJjHu+qj?nN8V<{Cbr{S4G->#6asA@!h3xa zM~|uYy%dM1>t1D>fC0C$<6M@+B`)J%<|hGi))eDRs6oRi6F>&z*EO*P7EtnS!U3~_ zN9pNfKpaQdYi?NMUIF$oQT+)i6KAwWEh?jPO(XJcB*1$+iq|_+hmO*1JC~ffo6LzG z=7`x{n$WaHEC2bXM83@gc#kc~V_Om$)Bc;DV+ZJ{`Qq@~-XM2l;;3C${6}SUPd!%? z|K!FP^iXy>$AWleh%990Ku5M(lkCL>229b`YnJiVa%2RQMEDLJu_I(Mk81M`HJW>Y zEzMH3*{T)N=NK&Qbp}i5l^MNy6w%b4(S;F)k%iHJ*@~s!DH((Xiz}4(}gA>X~(!)&T0+`f9Esi?MFc|N}uq_ND*TNOqTv02^fN*0h ziX)e5_BUk=7?q^F1M9$CV-h@P=$)CB4c!lIBMZ?}jG=e>1J`lMQ|HWeA8F%Ujal|3qOx!I_p|6HX}_Cnb287b_g9C z%2uhTJ+R4LKTd3=MN871^;v&zjJ~3*_DuZ1B;R08oc-R*TOm=^vOm_D*pI1aMcJ8t z-KocJdyPQN8FmwWtx)qMN+(&;{njsjp=s7(ImfXa8|G@?gQRFaM54mt9xVq~K8C*3 zWi@x-;PS6ol%!y8qLf`4_G~fzioBl($sjjQiDKKxl>%>DcuUBi-}XMvgD61Z;*wu- zJhUaiKecot*l%!guQpw4cim5i;;x_BaaDO!Q&(FmEU)eIh+5lW zkz#LDO6^C}h-PJTIgd?e3tpYFX^v4}=CD!bKYtQ965Xbv%+rr3ZR{1#{6$aHV zlrGyBk>Q}PzG^?wrZYkB=7cY@=3(Hha2U+JLsHw^JdzNOysmrcAHn|4I=Rl^x~eh~ zD)HLBXt&e8JU)Ojc}}F57)jp2(8|^(*KlDYVcOrf;7OJ8u8Ucxw0YXNmKu@ndhY5m zXQ!k=z?<2$E_^8*hH01dWIU2IKb*B|zk*P)@>F!H; zcH{D~QrU&o4eg&r;xC=7_+BM*FDhZibN9I)?RF)lVjX$g8jFP!3-5Kb;D8Z>#*wrx zb9mXQ?4D*qU2scJ`TW9r6+~X5s`%nsZmHzxRM9 zL9+4~s%_UiihOMMoazMrGOJJiR`#M1RO4eF3v;{Kvu(2bJPV|gbfPKG+=Pv`)=+RX zE#oa^WkO=&Jlay-an;l6aS-2Z09{>bV`-~FHMqp{#*O!L+3YJr{wYke!BhEU^UziE zGKrzp_wzUuK03a>yRj{ivQn+lxzTg1(UNwR12q%qp9HclJ$Vm43FBFE*pajpE(N6uigYqm%khe>1a z^aC5nh1Ro3h6ug#q?t(lcj@$DS}&U;I?0`gY8NeFb?AXJ$c0SgM#|t3I!U(2wCu4@ zFv{%X!khlP$sg{BJn#4FD5F&GgRTiy$82HRAKu12$c38}7u4w3uRAT#9*$!ws#ZA%8I|)w7G4Ix}~Hq%C0S&>d{W8){lB19!!mkQzOJ?|jl0+Hd#I zt`2a#M0qmvB*BaF-@m?UMlg*W=Ms&*N@g&v#3x!hP_{G{8md~2*|{|z+Cc+2xkoju z6Azk<5N%j0YjkolF->Ory$EH0g;bkZ*HcaCPl+bDJzsA(bmV!|4p>Z03Y#DowULai z8>$}E(;tu+4HBu77^=@FSlN+gr)DMzjolX#rkP{9FHnKm9Z;f)*{P`->DL=f#S=q- zq1$A|Vj512jfyq{N!72<`&*8I-7$Av&`{%z#AhQ0k|p@lhAdzu8c8@Boxb!K)fy5O zpAdd&i_H9xMHF;kPh)+dc=VNL!Ez*Cn5(=PYPg%b@`H0J5G@$oLZ3c_D=WWzEO=+7 ze5@W-Addx*Oz&~HyDE}6Qez=9d#Q%X&gpP}%7{?J_^>)EU8xYh>=v)@p7wjNWtorT zw>ay>zBlIjREYh3d+?;WtCxGT@T@4V(d@VyiQcLEntVS9QTC?WAx14EOpMRv*W+yetwjB^pKFD{Rtmy?gfUNvqs= zBoeEl-^r@c-+nAaW&iF*79PA}0Br7o%>>vHc;dfar z;^Ko5?GeTc#`zi2qVWgEw}?@qNeIWmh~kS8uNh*##Y*Dg#FZJMr->QIxfyb+i6_S$ z9o`H|E64K73o6I!-vg;hEyu#w`+15jCrA}0TH+ZUV$?@jl5mVt%kw?QejS3`6R=53 z$0i&yvPqbavB`^6Cukfpw+Wn&(HvsC@urUw+y`iTBSLbwayoI-r%@<95EhWg{(GIs(F=(0xozThDX_o0S{%*FmI z(*?qq^i`An)1U`E8RS;`2f0uG6*9S(zINcG7Cd|pLKV;=?;mro@GCfTpYbYy#vaBh z@P;1Br5~UzthX-F$z@bQ@NxB|A=|AIwaOWcTfQMY0HJ+jfV z(Nfce?!5En4}Y-@AD*^$O%2XN3ymi5DZ8nrl@wZALBp_u*}pXz>iz zL~UDRQtj$RjA!Tw)6;S)oPmFXmEHWWq_-~NpXcIQK+ zta73<$D8&Gs(Fliit*NEilk@=Yn_IU^w##1ey5HC&9Re4A{c}?kk}NA;tTdck>Nk? ze)OSkD`HU~S)B+q*|iNBx8gmDH*^+!@Y4X#F|zXco{JBD2c(Fo^JJr z#0zWjH`8O{%qqr(aiLMW6|KEWi`EX}Zp`P2L9x1HL7J`ds!Oq1q{!k)ZDb@mV#wjv z++zD_z4Ft^O^SF|^!$pB?RtQlT9gcLx2As@}h;L_;YDeD6C&Wt;d;z=o%mbMaXBspgG zKBMi5J>Dx?a!JJGOX!K;!+oqax0 z9lmnrlpUiorKD3bY;B8%&|{EBNF*VH!LO1Gimhmr+ExYCO{SvJ|SNl)5SMzWYPcy_1G#rG}m&=R$k@Y$*DjPff(T z;1I+8L=*afoFm!h%t_<>(U`{bLzm|1c*_1&#V=H+EHGf8L|h|jKo>-gxb9so{ zHp`vI>B3k0g$G}DjeO4JTD%fgHM8+V@KqqTIE*QtQVKpEAoNYF#sKwlAnKH<4l(jL z2l=2+Rc3-=JRQnlK1gA>rD3r_IJEQP4CCZH;W02qKAsi-f*^n^5v$E9q?6Go{LBT( z4A)^7i^}r_rL4NTG0(~HAcF-twWTA3C8jQmb^V6@2J@!Wi*TmaH-P)bzfDjZ=5srC zNAg!KmBFqQ%cs}8+evW&Q>x_gbZO&k2}UoM^&AF#EJXLYe^Y($FZ-!LZz7rc+d?}P z*4tQ}lPh0@s-wRO)~0<}EryP#GOOff!oGARRy^5wm>Z%OaWj)P-JI)zL`}%@nUMGn zvD$#+9w$_-@`T-n%GKuKA12JKyyY%$pwrSVcuAOXo+CEq$3UdKH#J_VWeeM7ee_JxxLf!so+Kaa#)qP-lnUgBt4!<1X)+*%A-WRHa|-!|h*zwy#pc?TP8 zni|qajbqhcb)q$lJE!9^Mao+@paNauz_u8=@O))N_)`qneoaSUdL4Zabe?DpBnaB5 zjFpO_3v6w0;z|kGN_ChQE{vV4w7PR`-U!iOmLmQ}Q4GhSV%_fHR)!foGWd5H|9+ zHvVx6?{WqG#Oc7H$|$YtC8uZM73~x*G1A~6XDM!L@rYz^)Sv6Osp8&PzzkfpBfNX(C(Y$yU_98$TWcW^jc2`TuDE*xXJGTt34#g$4P)|_M zr2KrdSc$UWf?6TQ(46!^Y9opp!n6<}Go$Z|&J~9Pfv_)N;V%A!4w{+G%A+nCS-{nU zVKXao@auCmOE$dP|N30a8`Z)V)Llnqjl`XKA@$V3?;f>}f4S^a@~ijO*i7lcRIP0A zElW>d!W_JUK%uB)U)!}Cd5%J}pV-S0c97lLNJkX3P&hRpMnrt`E*An!|8wwWx^jl}XqdK&lnAE#+jsmO@9mR9u_# zFb~p}SxNtouXBnKC0Mxi*tTukwr$(CZQI^s+qSXCwr$Vceg2!=8E3LyrT+W22t8ysA%y*Uu!1Bf!WBxPah67?DiHQ7i*a+3uxz3YbM`T58K7gkNO z7`DOICpSPJC+E>Yb?J6cX*$TP7&K*FX22JvfL!!r z$4M=Sb2F}Nc@=lVA*FKREUEgF&w92c14Ltfk)#8_c+!G;d?;|=(4&}GhA$n5 zHcS?_b)$!Z6v-x-ALTW#c-^=bVGOuHcR)GJJcTu|cv~VS5wgzrW2-)_^NW3KqMkQ) zaH7Bgyk5t8^xu>I0zQlpfrc)X4!1)Ak@%$y#(vC(fdW+y0-#{LE+h4C25qMDsK=lT z&VGnJyBb^@$|yD(Vkoo!RY~pJKK+H90K?l4B_-G*fzT?o(6?{axoyaY zVlA`wWCjTi-?+yg^T+zVRLqXP`(nlG!o2B3@^q;gsZ$o+@5*FC2)}H(yL83tI-d2) z)h$peAmD<0nK9U9N|&<$a=-(KkwCX}fT1u;6%xhd{`Pq?A`uioByK?TJ7NU?TN~Dl z?IC~`3Q<$W#BuQn(hP06AX-Vo&i|qT6^%yJ&tBw@h=v6u4z5-rlKp@jUoyZ9Gr$fR ztpjpx)@^`sJyjBs7d@;A1MGj%z<8$zy_0Ran7A%GhHXow2*fNg>gF*7_(+R~4gUCS zAO|&Yh;X&XDty;Y?=ftwd1nV$w>Tu8Fh#7w>q0y!4m)BelPoN*CT&bun~ zaacYc$waf=g>!{m-deI7LkFXm_{^uRxXAqHl`f-Crz}2nv!gb8*=jDoVN#QitL;B zIw=3;34>&T8(85958TSjoVOKsbO*?|&F#@vtWR*6E*dB;Rs&~cQFBSOj0BZYe}Iaj z9kxSMK39}7bdxl)Ag%n|Ag%a1p;=qdTAf+kWT-{iMMQL9mGa##-3L@qo7U1@LJMz) zo6OZj4#uLCth184ikyb0G5TVn`CC`xlNs>VT-C!+lE@KRNL1(VO;U4?O^C=`A8PFy z+Nq}S$}&#IxFRxwz%7r%LKndF6Wt(=*DjRyxo!~tneGe5wz?QW4N;SYnQO1M+UfQ9 z*|kcpWt;p0*q>se&DXs{Sx+lP-stf^PewRlaAvOu3_6qKLs~6~cJ?g+u1frbd@T&T z!q6&SEm7nxD*uoposc`Wc$?rJf7Ud)4}8cqJC(0Sza7@0-v3@d!eV7E?Lq?Sad0Q9 zwRvCR(YPCK<0|@59NRM<&j{9@#tBePV2F)h& zZucBxr_3#S3X z)U`Hv;jB`V+wA6f?Vp#ODDPDf-?YEJEYPgQA&2bwd&_t(paQ1!bAJacn!mgroacoG zalZ(>>z&vt8J2xO@ZOJ==I{sS$mO}>OHt?hUD*6hFqBs%J7Uu@Sd6TTV-jC&jshl> z35bXk0A&rzTjQympMVeP6u$g`?xDInn&;w|1hI1_-6wJo?{Ur0U^6hp7pILq9(N#g z?=PMoL@%$(<2B*_CVAN#GL*MaPQ3i2^(5gC%yzBzK^D`uH8?j2=aI&o@tp7nuEUtJ zGo^Tb8r%|{pi>|Dq6cg$BVCO82&@d1|O2KM3Y$B1SXJ-U@Q?Hkz%ND=!4)Hz|` zjt5YJ;#+jy7qsdP*x>jmt0%Valwp0LZat*?Bt#EL^a=s@MLz2b!?geuU#X>%tzzpDe5m zYy5QWeb#%Q?HBh^Y&>uLjTgbqY*kzQ>A$V;gM1k^*F%~c5&Oc0*S3Y%w0}z_?(HK_ zH&t!NcwP{juftp2L(=*39EWtEIq|26e7B7IKz32yc5_k(eA3=ZxlvxbRR|aK1V}+%{&?p8MdC1-$B^VJ%d1)V z>V1Euc+vN{LJ^lJQ|1;a6QNOIg1rYGQxO{PuRt zh{(q(xBV1pdQ(>^uUPY6DZ8g{_#*fvdSdw1G0c~*lYjF*Q@(;(nx`){XZv8zpU9*? zw^^_Nm!Ko09F~Q6&LuZ%>KQnIevr2Xt%@s#p+-ZN%y9zCiq7acCP_= zhlyzCLcAvF4paUjc`&jvQ~iO$zPiLm`oTE$FVgs_*oX+lBjy(n=^OlsNye?m6Q}uw z6draLFf5xV2=IUy?sIwUt6by!rn1ci4&dN0E{k9b8dm%By2`;X+WCX&OF+T{YW-UR z`D)$_iFg59H(%yoTPm06)ouT!pVSK&8a392_X)hh2YdayG1Mp8-KR>sJ~HliMQyRo zhyZ5+Y`9(igC{&pqN`D69}4E>0Ahk{)`zBhx(cI9?)1Jpk0mt3Jl^1c+IeR51@{c4 z$}&LAtZYTmp7)Q~WRgzu3s{ zZ?3wzhO#7j@4i@jFbFVUgAt1cSYil~!2qnTs3HP(ngk?L3W%`!Do`y!kzW;oS;gP# zXricEU7Cp6wKY{hRMg=xinXbanSPU3zn}L!^V>(98}D7t$2?~98(tX;!0?VTL%&tV zl{r+WjL$zFuV)M6B(*I1A$THZf+QjW0RaMMR7Do*fTm@JwO?zplNp-}XNmL z{wQ{np>#*4Vcdl(WnD@sk6%-%k7r*`9z!D#qY@lorOzcxszWmf3Hwl@mGHK+pxwmd z)G`l(Qs^YJ<@j+CnO{I+qQfm#8~P}=Ut4_LQ~YDrug0uOEp+XMVXuu|L1P=lW;v_z)fsJR8NFq41R$T5*G0VX_D~W|U!#0#=|( za!fM=R}4o`m&g_qL09zaRqE3uU8EPVeif1%@+8>d-Ez{(q-aGHzW@_N z4>}8R8^*8114*z<(>8m+H=C&FL#DSfq!l3Xi&GtT;GBep{bO5S3rw^X9Y=6ZOT!Wi zP0Oilu>lv>Gy5XLI%AXm03Y=f_2}J~Q246wB4^1V7J+UFLhnh}ch~2#l_q>pp95}a zMD$z3Du)ld5x%u^WQUyvjyA%Cju5(2HG$T2q(ajdSEb(52l&W#hD5i?RTh!jC~MC@V_7; z+eA;ty&3Q18C>xvO^&AFW@7I%x{)_9yqFyG z4uiR+yF zALG;et=Eq6h_Ve#rZqGTK6>^}Bu!EJIate1M+p^G#>eNx=I*5sS-aXtm7h1yjqFFp zS!nbr@Fzd|;w40Gy7Om-Y)999Zm2oUC^>GlhBsJx_jHZzn6``lHv3$EyZ+^xD{!iN z(~yx^j^6#7*Vyi!@TRd?Z0-QnctiQ1(L6u0Gvoa0=lwY3`xdzOjSh#m`$$x9Xeyjo znK|y(E%vz&!?e5VYQSdJe7|}b-p-@C>wGV{WzN_^3)6qwj30WAXei|%Og$;su~0dE zH7rLRgv2Cs=S{;J%c{4HgN&Vi-QLMsZZnge^^?xhtb_Y)6ol_%-uiLek#nDI23;ul zqim+n_B~RH&u??|qOr|?O+Y*RG7WlWr4-L2(|P*qY3y$ryL0YUtB1bcgpQ8cnR%vl zHfCGJmh-9)|F4p6vhFQCiS&=s4a_QtPaL+b`hGb*zteHLT0B_(&?eX?Sa+61mYKJb zdn!-MCg;@EYS}GhB@)r+=5Y4kLvoq%h09F}=8mrOl}l$9{<#y~8(jM;dTk=mR8{Z% zvYHN^=4CHC<;}{c66K-KJ8N+nSDt})V|7>M>B_AVTiI#O%@k4n-E(mpkp)S={UH>h`w*s!q z#P#SjTIP{>I=(6{L^hJ%_*MJAr)X{^tGi@#oW-8b7j~5v()Mo-pUc>l^*bf%(CYjT zMexmDApfwdoUavfYxc9!n%dkSs@A!pD=tIDe@>NLu8`!?OSQlMdi4&{6U(*HNgO{E zo`>J~*TUPsVsz-Kx4%Xi|8Os?Q-uc%u5zAAKgQ?CcC9%}`exoNJs_=To@u*>%wn#( z+jlWEA7}?gXGb3zWKSNHS7i?mZQQzefM46}Uaj?b?e-)6NuKMYjMl5>u=vPiK5Tg_ zy;L^M1XaadH$u?iIEq?ysoHOQj3OC@UVYZ)oy+tiO#WFR{?>?99-}c^b_yre2fa^a zE0I^<_32!;c@96x_&737P5+k3cXn-z=BZ=S!!P;Z|95FtSl-J&$udHg~*Y)A^{aYxJh<@~l|G{8+#CmDG2Z;!GlC5R@#IBk!Z9yvwgydQH6ihz%63b=dYVaeZf zFkyxqJq?0jm1JCaf83zC5!w_-s zKNupsWF}afCgsA)rzTFmt4M}hge*K;qagL$qj*mVW$>+?n@5yS>dU*rYyT8^b+`fu zIx-AwfKrX=T%-*#B3iE05RK5;=G@Y4P^eIvGQGF*v?v26gB4P}i0HS-)TvRc0Os7^ zw?j@Tw2=9h*Xhyd;F2m-qAPmBsS(%O)ZTPytQ@xx5i@MFBUJfkIYmRo#3)Mvts){q zjXt)*gu;K+kPM4R6ho(tQv$a}&H2p@62k2M*D!j^Blbg`I(u>9R%3y9 z{PxSDu%i2~Jpe5gI(1d6RxhR(?zJHF?Nv+?$;+72?S7q;bv7&&DcBC0>Cx|GjYiTG z?BZet1eWg6O*)G$%H0TOZ1+y#^Xu^sbKbFy%YmN@0JlJ2 z`-$g4vIdOjf%1aU_ed>(>jb$yfOi64_lVy>TnW(Kg1r&~0WOAa>cLrpMil^L3n*EF zeGT;2;IoDR9T;$+!ut&!IGTfq3s_Nv$vLpNh8*v}DMIPyVZ8+CIq>8HkoS2w@WBK* zVL}ZVfT#>fbb$UC(8PrE527+a{(!6wnzX~!hFkt8yw5%W(~kM?-3q|WhHx^#ANSqb zk#B;!3^92C;0J~4f$+lm1Tmk&lJ`;0;LZCr9jKl{`5XvP1_bw*-+=N0J_`_e0KEJ4 z?x@$`pacjd0Hg<0_Ml6@FVQoKexUz5H$OWU1QiYi0KkI)0D$+u<>pOH9i0E?ia%G~ z-vMPAcekhKXs2t7EPFE;fuMc@Hv!?MF?|=3j4lvi9;4`Q4FCMpv0XAv#}%Hpw`4+v zn8JiXs=@Ucno51F%5qlSl&>Oh(vmolBWI=)Ri)8h zacwMxqo(}vs0*jnxF@EOK_he%Ln22}cO)`q z0&LNV^1R70?QXtak5lCK?q$MjEZ2LklK(rnHYYA+IQZCjW3klA0DfeYA-1B(mod5ad|7 zc=YCFYQWI`Eh|^_ZJW7Hk6kMePd)aaN|GBbJkm+yOHoQyv{8tI6^xS;mY?GMUJ#L* zof1K3JYo!%go8br^dhQ+Ymaq7noL!?Nz`=`!V6<#?A*GQs*;k4o_bdl#*U*2VW=Ki z1RzJH2&fcm+=&j>pX#dQTFX}pHkvOft~O$xXjVk~DzyV*L4@AIt%U*~8UUJ)!i*{v zGm5m}B0bgEJo2ZCDxd)CFwhAe0Rm>b6O#xka{5z$R6cEwWx?xN#+mHwF~y;E=a4hZ zQ34mm2#PK)2}94B2^q&En%?h7#6E%o$#q!bp~XTP?oKZ*jfvW{IRcrK%Zv-?XU{BAV$Ksp@j=_~i#5rZSa6|DiifxZJ@|o0-M;ZWsqQ^V-saKK zXOXmbhWu_oy8DO@?B0kZ2Kq@ z)01X>D&0+#ZZH6#K=q!kLu7>Z*h5U$nn(#iA!2zNCueI23rN4ns^6>jiIo7qxKW|Z zxH%F3uqxq##li=cn`GjV-V|C#^!f;k*0iKi*X}?YGf%S;5Op9OV1VdK@A(;+89jr# z<}_)l4dZQXwMqKN_DBv%%jz^W(zF${@)zu15{Xrfza^W!w| z+{3QUwlHIDj6r>|h?p3N6SxQ8GIS`>VkOW58K3}xLsAwXYSd^Sa{o}A;_;|UmFvR6(Dut;(lfc7Yh!?pX_fgx;p4{i52?V8u_>Ze0G z>oahHe=OMm7GfI#_10MB-d_idwnS9nkM~GZIBv=^aEaEPX|JfTKn(={s3vuV!59)g zp~^uFCu`&?w8Uvv*~F*^1gLp)So;B57cm5yUZ*&?g*7Djbq><+f!?}P@ zQVa`*mvirDS#F#eR&j2v&@+k*^rvXU`f&4LC{&2p;K~VMr5*HU+y~?gv?#zS&>;x# z8D-;#A2)u4Zd?f!*rDm3YgGqn9&T+xvB-=i{5pQ|B26&(-K7SlYI23-Gx*d6ZQjtU z1EgwmJ+=MYn(Nu8Do`{-epw$&ez{TY>Wfy&H)Up=Hd9KIy^1LFiBW+~y56y}z9!`@ z>xU{}mo4uk{<2~DNnky8(%iXS3+!oMZz{M6Ci?p_2Jb=zcCH8>@zy{*v`xEVnOK$W zz+pGO+1_Vfc9N6D80Vk2`tOigsQZ4a&$0h|s6UtEclE(vCYPTH{cZYWUw4IB6Gu9` z!&dKm_6&UxzBmUTv;8}KId%N{({*=E zEx+qm&(7Gp>S}R0@ts^^VIe}V@vF0cJPX~1|66Y1bpox0`@8C~%F7AgSMp2ANUXoU z{rplU+~?!@JGT3XQ^n!-Xxuc02SFiUd#;`MdlB6;7U%xSwXR$?TQ})@fcSosx;i#l zc+mVWcLU13~UHO9Z=^b-9E*Y|EwViz-4dV4|V=_CF= z$My2i#^d7nmgM|sJ=eD7bFeIIza{Sfbc~FuQiev%nqU9wRHf_u_ZF>d&cvT()B4`p z7jmPAs=-_4qXS~x{;;PtW{*=_?5+CyrvAI}1$tr4 z53kE2{~sH#`NvTcci%@jpnl&60~e7%c~fY#viUF7QKVB!;L6geM8-FfR)7%C8Cx=` z+pP}Astx!?U1&dDVh7D2`VGR#WrRxT<*-3Cb?KzJEtJ6H;R++w=;EXW#kZT~u;jZ? z=~{Ly9SS87nXy9@`Cjk+T9iO+$*o>H4JOkFt4ge;uwyFTn#x8!*2;5X)fL}DvmeBB zY3fK1)QlMQz*v|rs*ep)XluY8Xa1l%20fYg(dyi0A@gVESeJ6j`t%aXR! zx$ldwJlnZ$XPo%2gHZQDZ8&|&bX|^)_mcU6Tz#2lv^cdJUy?h#qMNPHKmFLBd08Ll z*(KRtX{$GUuj>=T!y_HLt0y=3Cvy0lckj`s_!{?vPqCX9w`(q&_IUmk`&S+CZf$zK zhD5z?mrsB5^&@`2O&(^KXRF9hdU@V18>Q8q<)0{j3(Do%YX!UMm7)7;UUcSns@9@8 zb)x>|UeXVty5YbbA)+~AsvL1^$70{Owu0FA*t#+82Xf!Yw*I+SuixN&$aey72NAcz zKkpIn`muIG$L{ca=y$^Lhmqd^{4n^V$nT9kuzN9ggS78I?6qB^KH&db!d@f=#&1FZ z0Bpek01*HGB&@!Rld0+d=-3i9SR0fv)SVtpZ}-@_t8F|CY~wm#^TB*ybDu8^AWWN> zcgcQ~V2XsCxi;&j7thzVP3C#Afgk}|m5_?8{#F7Az$CSltiJLJAt;vS1P})cAxlD9 zLeUZkA`6tPB(bNN9jqKGrIO*lkG;N+Gwk-go=vZ2)1PvnqNaWNy4=?lmM4ReD5Afy zMdeTn3Ry*BB!(^`CZvfm8DT{Xm8DregY(=fnv6-AjKYywlL0JDmO=TrsmBud{UvQ3 zCb}`_*Vl@$gNnoz{HjOc6ymVttf!(T+nTZxei6$_* z?3re&$?I&Uu1f6FFxl+nGbq}%qo%?OI+e2-Rmf16)5k_rsT$dNOw6dnc*|NEq_xe| zS&>M#v@w>&DS+3VIZ@Pzs@5yuNxVkEOR||(JQHriNhECboFyYNs;fi|9xSOU54~oP0RX;cO7fVDq{z+T zKH&XKP&pupWn$^5QATS0n$RjA_V8;C^)y=bAn9!)1tm6u{SgDMD2*g)1q?`x!JQzJ zPz^~0AtAgJ>P!jgNaqQmx;rgEvCbqJ2Td26f|XhkWV9kmtVJT-oAL03Rf({n5QXrX zkZS!Ihz)bQq!4OBkUaz;6xs3jP(-@+%X18A)P>h-R^Zs;jD(U>B=iigLvhP1Xpm1Xpm?HbmP47!@LQ5e)9YmtzRrB#|&r zL4fYo0ZNfpB`JXY2^PA<@I^I+154mf-l3*b#hx|P&6%GZqaO$JpcuBf7p@V@B3Yp; z<(6f*RFNldY(j9~cmQ>fN1;m(C&8}L8JUJw(IJrjO;@M@Cd?HP^>Z=tGsK_%l)1C2 z^HnkMJ#PpJ1OVSME}8erAs}VkGz2>YK{7i8i34P=$i4D3!SdEx{Y0=gJNh@$myI7EK9QII0=WI#xZ_VAKqyr%$)A^@ znI9wr9pBN|QA*K>pX%Rg2lo`b9m)})5{;gPg*-_bfTDxCr6{wo!+OSxPM~^N)HC3q zSky&a>JR^_W+hkaMeu`VQ{<=P;A4Q6`4i~lVAevuCuttcjS&OGXz=gqQiCjG>fV!FuHFt@`hZg|$7hHKP7maf zbGKRWyB(5mbpTl=FPJ>TXAFNOz6_(fIG=wjbMrL$4Wd3#F6ZqJjz7y9#=oNz{suh$ zRXF_fR9VoTwK}3K#nqAaMGQJ8-|-R0d}NbB&LQ(G*0B4Ggk?xszbC!B)A?b+dgdxq zo{DUdKW#sF^+v4=KkI87q2YHpJP~YH6CIzklkf^uyxQ+aPkrn6-{>~%6wr}fZT`}W zb5C+|xb(bqdDRR5_k$I-eT9j<8u__ezHJA3;yPEvn%sh2FFVbhubR3Wd^hXOV^Zom zlV=`xPWz#%&%3x!WcKgMyMvv0za7`)%&uRB^9bRosvz+lPJbF5x^F_wPsyVp%PX=lya_RhYxy*a+YO}R; zAJrb7?oFH;@J@E}!6F>0?}bgKw7r*Z8V|3a)uOXdL=97_36@}>u31g7v!%r>Z3V^{ zH-3ebRtpI$mMtn*fv=WFN6%3F8RVQV2_%hB*)t1IlB|fj5O-k{*-D4d_79$Nk|a>6 zX(m!OAylk(NV8s|i@Z^Mg{_LJL&r`nNNh?erIQqNS9eHX4W&Cj`#9 z1B2!82S%w6Gni`hi1Nb_&!{gknznA)l+_=yUw*i8t~b_LSI(!@8Wh%^3Qyd32wJHgb?HI+`nve)U*+qq58V|1S} zZSY!^>96x#m5Gue=C~AlyYEKpO7r8hmTVw=$ECk5^x!+XZN_ufr_p8fR1kH1ueU?@ zwN*XnLz(;*=yG3}6dGtK>_Osph(xvo#pNGWAJACfW&r8@%T}O&dFUP+pNnh*x z!+-auw}X4&+4_{7zU@v1$e!_*x+(?XC2dRazGJ~3lYt(0j(fWM;SZtTiS!PDeJJ^p z>h{F%4gGNV1M|n_56bSAeQ5cU^GD|PPamV-NWYl;X!IxIPsZ*{eK_%tgm?JpIDg;g{QGcuzm68cks&YJjFZXn_z`)WIT97> z$dDp`v23`Rm)$y+^(Z!DE4}ww%W7D%Vg(v-`$|8Y^|&b(8~c`D(6Cw;Up}pD%dj}G zhei4Oxl~)Oonqz>b1$7Y>{>K$F)_~@coVXpKR{bAmrcLoZ(1t{a{3AvpK=ANKf9>^ zoXpIrXBTMMe#Yt6wqE+#GpxR#E$We5xCTAg47pCqbzQf_%022VYTKk$)ue5fs|JUy z;zSre=50IXx>Rd>Hf-3jWx4tnK<~4Jy`{U9bN0f65S_d_mD{<4=#m$e&ZyH*b0qBf ztXtBFRIbOeWj~(a_7d!8EqjV{Ub1HK=Iw$<24-bFZ#*sw)T=;L)a|EkkILk8NUTWu zvn$-=H*)L=xPiO#-+i7t6kfRH=&e?%Zle$`L_L`@tLoR2Q8dKaY(Zkx_6v@vhpa9qW;ziPH=gcISN z8i{|ko9EVc^);V=nQYsG8HSb{z%NL3=Ce@m*k`SU8!)(U32(kWJ~_L7ivB?32!Qo6u~-npW2a4qT<`nhiQ6D%R$Up3_`*RY!MON}h9ec3xMSeb3r#z>O3HBg4cfKlX3q8ER{#OSF>}^t2I6Fn zEgj@%opVcyfOsg;%67IoeKSm=Q!HTd@e^VYq`02RLG5tBBRo;2p<&bMQnTIcAxX_X zNQ(y9B$%dHd6es->%Mt?Xp!m^c`%$%udv#iNe6~f=ATD9&1qG(gD6&6v<{-(lfVe8 zG;qFs1ci4bNco1N5m@_{jUTfgy1DJl9nl>36$~v>4-uB3VIps=z?*)C_6DdfPB~V{aHv`&S-I=K1UtOcD>iDc8y^yHQ2~ zbl_Deb`Qt#=R*RzW+UW@uNqOuf)kh-cg>d-axX?M`;;VSqqDza#IUCUdzWbH^P-kr z*>zFZA!l{GyMJ}WvO_JjTg0ItdTgdCixwr&k!`g9M}m$$p-=>|Ob}7&5wk7ew1bAt zN`F3M>{e{GLfsm@vvmg}wZwxTMSZQ@DB4(6U_yY2;uYFrZ%s=li$kE!Q+8L_Z+M9% zkM>^9P8~gV#Em#&Qh#-~svb7tfG)!YU}RlP_ZV{~IIVEkQ4mbcFy%Q|u4$!rz6cI0 z`1tV8nEMjXYRSKdz0bHb>R4cE_Mrb}->r&hePP_3aaZ6Vo7NPCjv{%PlM(wDmQcM&RHMa&%FmJPOu{&C~|PLo+5`)|(*7VU{S_lyr=A8p^P ze?V8u7B#py{6Wl&n@)N=Y;}A!_b%n$?7-LTSIxg5rjO3}D@!--yY_(_t`Jj}K6r+o*>#Y#;`?48eDbV;Ss1<+3 znr6ykkKbMkF7d9d@1Ixkx1o1e+!kr`@`WSac|C5QcSN_4j>=jgoY?MbL-kzI(9&Qa zIHX9&ryh~PFA(O6JcM69d6HthFFwNa!X4&z?eu9t<+dXk3o6L5q}2KX5;E7c1^)E# z8R3Uwp40?>_OKa7)4vJF6O_4pWWG>O4QI@>Q_`JyT9Ukm6JaF=>HV`y&p_l&MDS!V z6$o;#FnCfDYE+33)Wf!wMj@zXS&)`oHqS6|q{UIJ%So^msCpNeU+B7>EC!D2X{jM; z4W)FLYVs=|@SI;XniLwCLs?pBL)nsx2bXh4cU8rlwx&mSm&JOVMX;0bdwrZ_V(NZ2s^ ze3jBN5F1_Q3Ob1i8(=iEV9AhatuIOisUMLzEiS0%@k~yb9KwXm0C>x!Z59!2%Y0;3 z+=L8m!z*m*EQXMj^g z(}A1nftCPm4tsI68Jo{gk&r)TZZdS^I)neZl?W);32JSQ)!i=0BIN~u`)zUBsZBNw z9HC|E3%# zMcNZACkRR}lIVU+@q7XZC;_sgH+Ch86F9g}QVFEmgaL`uX%^q&Np!^*&lonLXVb%5 zc$+*UMA#ifmZCX2z$?ibdDE0w3;=KfL!|)hlxb`THa3>TXlE9wP9m*W+n_eBcqF21 zz{kXoN}+&9+Kh|soYDH2n@AIH>?DPB26Q>8U{n0_vxu00Cvh!?>Ng^otQEL`H!I9T zL*@}?OA}53Q`0th3%SuxJMpV*vj+eTi%mqB;Gi(tsw@!|Y3&8p1?-t+TpIi}2^MeW znH0`T59d&M99oHL)!#0Sm9XJYfm|nK5K_TSP#3UN2rnS+R1LrZb(IKI6D1r6G*G%Z z7W_i-yM@(+48j%ki+#Z9mglgBZr>e)#-k3o@+;smki0UOY^*-Ox)rc{rfB~K2r?6E z7H;&S`KveSXpMW(2|Rn&(u`D&BJ73%5^t<2C98es#%OHnoCfHHyw}4@mv;rBD(`dv z?C@boJto{rqOB?6j)LlR65*ErRpHiWQ`^rVdb6Lg+Wd0SJbZ&aP|->IzzdNAV;uyy zJG}p0ASCuCI36ch0KT6)1Pls7J9y8*L04FW+=7=#03Uc6%p=GIHZl_oaq^6T#(;N# zfl{q|2N^&Mrv~HHI6@!gzz4`TMifL2P*yh^Hg40t%`8WD!wI{z6U7$x#)s6%IR39r z8()GHLGn;wcd5$y7g`+`b{zx`e{{b=BTb2V6b;a*s} zbK)NVIA;&fL2W#ADFUzrTJaxJ8U+~oYJ!$r=mn$Mvzw@)L8ZhfSFQR!Ms-?KGbI#K znlD&meI+(^j8bih{Ot$kMcyGeJ%*+6PSVbySE8OaZE#3{jtJ>*$rDI_IRG+>kBeiL zl5>xNNBPXoP1@mYihDGYblq`}*{~wXuT@mLguGa)c)pHDA8k z;Ou}WVMRZ@{gw;UEe_$Zf&nsNwV0xPQ;3J4h%h}QNux4>e53t^gdU(BdVnX4!5t<2 z5ZEb($vDJoN6)D1;*MC}I35oq&pVNEs(wGrHThB9awteQqN04f)+ON$tzuID6SW z=G_jj!U?T`Y~i-_PMpMq#eKEL)#?%yIAP!=J`+486;6MO-!?)0Y9e;23B6H6uo$d4 z*{regCY>lZP4<>c*G^m)#u!hwqpCX{O<)hz2#BhfEQD^Y#<>W%;o+EtZWCw=hJLVL zk>2PB<6@T$T4Gasv}7}b<{EkOWojb3SmmbqvX(E({bg;{o>|0gE#ro9pp)tO^GNk6 zj$$7PK5nasH+1)$`6BO?x+#}v*YpvTRtNz_mvzSVf^+JGzQO7a_y^y&#aYmEcTjWj zbazVV{NZ$es)uJE0QkqiF|#~?5PWg}tapY(I}1jh&4pjV&ff~8pKPorlvc14Ui%N> zkl~P3 zkP!vdBh*W!=7qJk6};})HHKV4?K+#^vpujqoa22gtoN4tMt8`q=F4sBgRInkF;ByfimZzz%o*{3cv6*`vaG3(_0EMI;Dz0Vuf67 zT=t-CD&vG3R^LA}BWNCMXf0B2J#ivsZ2n;Rs}aHM90|+w+;_vNrgN>q(GTteaW34LphVaNXP6@X0^FBr?nHS~ntd!hxjNhhycyvJ!M z{cFqip5F6URM?%lBgYJ~42rrg+j|uo=L5TZt@mMG&MFlO03Y+1ppw&AXHGK=zd}Yi zr#=vMlXsWt5ZqYP_yXbTo03GM#a6V9HWQpf!bX0OM|4&{q`Wpa!Jmv`zBlV>crmO# zTJjfLf}|8-iJy-VSp9`S^xKPY!yGwwYHQaK!`~{^)mosFx;oGh6OW1!cMgqB+}5is zp!seHV$2ffi+|4FWn8Jy)hpta32>x>UG^80zllP)kC6d}$TPOYT6+=B)8A3T;YS_0 zXCf&%cvc(d3%0B)^3d%#9D4C>|A&aeZ@mp3uX`JMkze7nse^oi5BRzKXN81!*kAoJ z{A{h(i_W?@MIfg4yEz^?Wj~PpWZV6!SnEb^VxT|XGZWnsdzQ6Irzs_4tH4_=oq(vB19qKm=wA2x$TR^izX`bawx&~ z{yX#_deivVpiRMNKzj}~_>{K?>sPMW*UNSzI%IA;>6oMuBT9;Az%c4K;hVSG33w|0 z=IN>j5UdY9;sm|-{2Fx6I9*+RR4!44=tKyLUV)M;O*Zx zB6j;n9g~w@i!qiwz7lEfO+C+2K$-h=e3*xir?CsY$XB&~{on9Pj)td>jP6_hxt!~* zMMhRbcQ*zqSCN>kq*A&R*@RMeqbRf#)uPcLeOfYKQ^}>AGb@ z@mC(RvytB|f8X3Gd;Z*_?~QZb=_k!;&S@UUFmssdRxc1^-?q-HAy{KeFw*v*j+DD|Trek0YQ*{!m$ZtA!!zj*Bdu8| zk}#m@sWZBhqTH1Es8k_<^!p5r(m1;DB?-6_o%)K7GkvKwQJU4^Wx>gX%mVZAvR_z6 zz}VaXW}UPCGGtCJXd;Oah@_3iy`_{Al#A*nLThg{AT@f9=N#{aF&Mn2t}fzW2?6MJSVa z5^O04k{X6gdpki^T8RuH4Fv76purRiJ8{+Xg3aO0e$c!$80_B}Gdjw;AB3ry8w?jqn$2JjN z$q0-@0$$OLl3xba0sh+^I+cC6Kr5MX@;*5_F(%WAP8L65hmFdi{t;!>+q|NcDA~OT z1kR&Gml<-Ps<93L#M1*N_{u%906CZu>yap>GaJbm(q9WxR&c%npj;zRE0;i7N?>F; zKMH$u)b?6PWta^^!3md?d_7<4uI?*6K_>9`&&C)#c{B&;Acz=M*ehur=vp+qV1Iwr$(CZQHi{ z*tTukwmCiX&&!>NJMR@0^{^v$Rj&Lp>8DIG&(iP0&nWVEEeTX>skEQU^naxr-ALHE zGAMxS;w&tK-4j0P+Z4ltTV8qk{uGov6R`^#mH7N*{ z6N~=#XH;|2BD?v zN%L9EOV6=lHQWIsS0RR-Fep0UkiCGDtM94~RK7q_!2dEO@$=0Fx7B0?h0Y0JU;hQW z2J73)mrV2Wo|Jm)AoTe!_Le)!0{wIBA9~bdf|mR%nn}Bc+A`4?h7H z*Wgm1WeHA9?^`quk6_`p%erDwXjQPnnZoVsuJ#w8$NK6WZU+b;9s>qvi1P{e{Os_}ly6N3gT!c^eJ&kw#m5zk1Yi{9{0#62GsTJwH` zxN?d^@wfhi&twHYu>}Q62LvI_O2JXx7A1AIk?%bC_e8lQ?#y(%K_^fP$=wfmLwbPJ z-2g8$a>@gd1cLhYFUSr>8{2NrCS$Dte=LQ7fK&<)c!uR?3x)xe8TeH;B6PpdEg{xY z1?&e|a@vuWbSZ>q>rGJ2O5syU2`XEVm-mJRGoo}QgI}NXLmto5+FT^`Ri8lHO03>% z6v8X%2mZwB0ztq76s*WTr84%_lmNN3Y6zA-;7XUIoWV+;TJe5&JS#PV5Lh)6?wTL` z4Uzd$CG-rL->n}A0}&rD+jTN!exnMpdjkjNnAH56bqfbW1} zDtLDo)r%o7p=1>kZffC{z9N^cfeqjd)9(lN%{em#pqtkx-tFFmvqJsn3%Lc}jBLSr z7Hp=9h9WsYka!0qxuZ25z>sT;v@gihqh&FTCa8CB^>dZY0O{>*AS0r`3+LcB@{s(b zwC<9fNhsV8#5ddmev4+W7!Y54Es+d>>ToI=;K_}gEs4Jq8#3i%WPZp09Y^qkHg#Nw zl&sBGCOZSA*uBy(-mXc*O9tOkN7fW~Z@bY2xw*`QQQr2%+^p^|P|L9FQ=?0OlPRu% zNAd~bs%GL$yiwE(&X00QKaUceC>dVzvZ-QiL~Ed~K>XXMevVU$y%eB-u!YggcH< zUFx;=W zc{@dD>ROTqe2^gWvxjv^yjcnA-EsH7UD-$XDf$-(9+>lXByzk7e1x~pLp7+U4E^8I z4;CqDNZs(`M^j=j)}*YVOHcH-Wxg87PUhLkw_%xqR~K=ikRd zvEOZA;b`P&@EZIkCmoE;oeuqZvvgp&T)XcG3HK)EZztf?*j{AXl8sa34No~_9U5vX zEjIe99CC!qs`G%smG(a3?E$%cSkj`_-Z{I_BPIzbzyhH*ixyh zsd+f{9h6Q7Qx6wMcOx&F^0K&e=zIPae>n!&Tf|z!rVPK3x*=xmzgSK6TNd z7dhgec~@(VK`VWzkILon(kSt|4Ir+64?!OOsZE!Y$M7mN;F|B#enmH`zLBi{?&5km z$4=%To6k$?u}#NKH1%*^S(pT;uEY_Q_?FdtQlDJmZ0AyYcVplE(LY#+QrOBAgR_nF zLG4Vm#i(`UY?|ws1DyTdV|lv;~c=2Ngsy4Ip;4yf_;2Xh{GM}3#W&%I?a?wn&)o?jIZA9!$wZLOL_gYfp6U`Qf z8m+6aH5$a@*Cm5J=+sEDIPd6nI#}yNeciJ8>OG--3TgIyiEh&4cwZ!row zf-6_sBz1FmebIVc@+E_RUM{2>w|nNPRzib0t1GeI)J3NM?w$4a(r9(kZ`;0eq8mCg@gTcQ2^#iFBWN9#aw2Udll~)KH$rM~a za;Qqfr;~5hY5Vu44X(AfYHaiJ>Z{7JHH4jvaMWC(mHyl80a^61dt{$k1eojdjmmkXUKg z`uu_p!}(ZI-A2TRf)4aaOig3XbJ})3ZfTrpGo4oJk;DvTwptay)n z{XXVz$mg1$HIhpEt>SDoE2A}3%epqcHR@}K4u*;L1lS8SZyw@1DbLwxr%nv#gNPCr zpOrJMuh-=0ocySlTIpcXlV4uZQzQ%z4!J=D#Gk0s9=;^%c9E5%2luxp^t)#m`C3tHBshyP0GM{xcLAV~5<@dRPZLJ5xM<#fNkf@(=obO#NfsDf62>7Kxw6p1KT6c%41Bos7(jY*KGar_D)-| z$FCUMr3YW0*43{%ukP%EZS-Z! zQ0M7H5>Cx?T`ArPgSIzckD7pP_1A+yBSdGyC2-}9N6!+h6qka=(|iF#3-zZ_|M$mI z18h(vIjU<@j`qXHVNUv!4=njt^oKLfP2;wOiiq_m;U=7pX4ivOfmy_06lAKcRtQrj z86!M)o>whryUkN~V8#KcLxdS9A@VObij$J-;Z|EP++dH)t^Qi;_Wg&eLXO*$C(ru6 z=Xxd!Z^j~RS*hR6!9F`n+2GulS~Iov|PQfo=@K$L+i|WYTxVhX0hA6%ipx_YAzq@#vX6mkCUl% zsC~@S%1x72oJdbypEms?pxTGBd8VHlT{9Es{cjPn+wHkmmwHko?#|p^d`APnyA2NT zRq6d4FC}bFChl*H&V8?~pRYi~E)gff<^olmj6kFK%D5HmCqy&r_r z)saz-D}T4gmn`Twy9@_E&z3`1W2d8)VHTE0o?aMqCRQo!$l8?LNA)eml!Uo?2V;xm zxZy^c1=rTJ?Kny+qot#rtE5%|1=r*0yVLc=j8CUbw7iTu_R7MtaeUCzjwuG;t>O2{ zQC~ABx~4Atrow`l40~T_W*G!Qw?ZThbg+4#-{723F zq`{+R^@amRd2Wz#vksuabf2>xq-i+S^dmHdN)X9H&ULnE^Zkcr5!~2kF#AmZ7HPjt zWeM2dwZE~?_q&cl!0{@TA^TK$rJvydatd4DJK-mk0hS@J%oc$Wc8?|t`JfgtUGQ}~}ngJ+6b zcSp!vV(x_9z2Uv1*WP_g48k<1n+cZ2axiI zsRMzDSz{DD-i@Sx`wc@txxhz4z54@~^@|?a(czgHZTfiiO9vCKIVc!X=mQ*B8b+;- zQQiQd9J1%f-S##;^hv~mW_#d$`5qww8nmgKf_)~tncJ1H>u1ZoEhJalS8Fx`ajIS$ zP&gUuecK|^8igJsNh@VmSc^|{$>)74#=f0{<2qsJWABt*w9oyB3Rya9u~UpnS^8ct z@i~L?VvqS-W+>3#nndV;Dguw}4_OE%)ir`px9IlqKhWKG^7-PU-#I(jkp+b zKKx|rNq-`(XG+ABa&J<~u!zYwk_V}8%E**HJcVS+@d%&PS7oe9?=WRama8#qZQ4Sw zm0>dl7i#3n*qLr@3g4I}VE{)TmOeOzc*364pKU11WR~7I<#B?PG;GYImSH7Ln>2dF z0G1+Ct%aE7BS(71~V~&Fr z_oV=k8DUzWj}m)QNP!ZARwzONMk6XUr`QBTBlbt0S~KKePO}NlMp$dk^NW(l!a*%Byw{m#ooRD&4Za(AF zKZQW89IadEcAoqRmZb=dRF6{rg6cW>LsD~`B1AHwp<1!>D*vkZOK4qXU1nX!qUx&R zs^qGOSxu9&It8jEWKFWf$04zdbjl9sWBBja{Q88SVCM_v%$4}h zyV2hR4J{1fTb%WK2cv}tV;mONNzA36rEpNb?(3)Lj-EzC?ZLj}K1|)(R~) zK3bA)H|tLX&vie_Kv%8uFd0l`+j-whqJ#2eE+N+8K-ZH!Qs(AJ1-2L~z{$XWv~vAd z_9eTCo7(Q;qKKlp-LaJLmlbMxlWFCxw?9W!ATe~^+P2w*#R=#1{{cdBGUK2T{+(X_ zAJ>fYUrmp8|3fsZ`dMSE;rgAr)!&l3I=*l?_`Yg-VcV!XDs;81H#kNlm1;;@CbWE& zla0RUBuZK5dATm2U@0iB3AQFkZ(@LNYu3wyDN6Y<1XC?lQDJSXk84(6#hHT?$c9Hy zieQ=K1Ma%D7oX4-=RS46`t0K8y?X4rx$SQDTtZJnpx&OHS^j!^`Oc~ar*A_L&fAnn zv>{Gn9WscRHAknCYY5@5qAZVbB!yzl{w4iG*v@@+(^fd73XJnnE;PR_!IKkfmaM*o zF|l56G5 zM?&nWk!rS5(Hi7wWHmJ|U%LFQ<3mkpjfUhx2V<(Dk*29UT~QWgx|p+w2!xfq7GAZs z69G0qdnlVnm>uwJxNUA4!yh+d>quI>arJl&?rGxm2yVK2Cw2m?wJ;D-M$$05NV6kF zM8&Vts{;|wqyewGt5MUX;Yk#zB|voi6b*yS)9ETH9D4Z9H)=XU=&0v=Amo&9!31_P zM&OgG!B@6~aocYW+tL11RhBh0W#ERlz$cm$doctN5|#zTqfgT2T^jf?L{+$tJYlt}i0{*s+3q99zoBoH>)lAXEnXIrdU$;!%2Nf{qATlXcWO3;4-GGz~)j6cHTAstj}y zD`cPn8EhOB4h|m48unsEx~j42D1inVXUrUQC4ljSQQ`iSq)CqotU37*{AK&8y=_31 z6mDSMRjaol)O>$DfU5EEeKCZu`o!IZ@7{nK?j0QZ2AQPzeM#%KNN0p9(^%S}(%R-O z5D7%or4UyXQwQer_9_MlCH+CCuw=CXiYvk7SaLtA$~JD-E-Ic|{|)D$xh*a3_u>h1haKh9 z(L9p=1|{~V%GBUF1{kx@71qQHrKiSk(Ey!rrnMRK%?$%yMx0oxYM_97BTZS!$ZqYM zwQ=UlylUGKtu1m6*+K%`H`t5OAdJPqlf01P3z_L^VqGAeNyxDxSzP>$&zK2z2SS>o9eQA zSkQydaVkPr*qgytIeSWy%XTkSu#C&j+8q3S`l`;<>h$II@Oikz*C}Uz_8qPeveR8> zS9*B6&Oo~U*I)1Ub!@i2Hs5Ny^>!zxl9dzp`_qq&-y-ApdR+YhjQp$F^A__^^Y?Z( zr&G!CY?H4`gQFe8kHyXFE=G^=IwQNoA0^*Y7w6& z=Y7z}+CMo#?Q3>>%faI9;x27omZ!ZlzsKdJ9pq|bj_JPX^bst2otW|h*OdYy?v&Aa zz}P+c0`>RX;`)e7?s|B{YE$Y{)Eq#feDK~u2A`>l9@OD4?6hN=xe(?VXFa44ZWB=X zy`QISHYR4olQCF-*{;qi3mmS(B2&>=bIEe!MM-3SDjENJL)!_=ag|`PTUdcf5+$Pvthlfn$l=NwClj$EimzXKe;1{Fcv<2v zh3Nd5A%yE$@;Kpw4;tiA-HsRYbCYo$=DUM?vy78(vG!-#)8?UnSS+#FhZaxo#>f?| zPMhbqRc9<+F43WyEFJ6ZTmQpa=) z;zVg~(sJ645-)Gwwi}<<=hc9p>CT4zWy_!QrS6IQ)@tW#XOr#lG)AjubA*22{H6zXcU^yb zYn;9YE7YJy%dngnk~o#2)TpwMoP(xXgWc$CF|!cMRAE6LIaM>;jge;02T~-0hO_NS zBCU|?M0x;=t-eCjV+LFn*>WM0lo1noagTw=D8pR3IZ~N8MLe#c$(B%riQQ5d)960i zK_`zHlsGGvRI#G#NYg+?(ayI!0g;e(c9KoYO5YtNVOh)ksev* zOq%uYU+k%@C+UDP){_#6XRF1LDN`F=<=lfNle5w0Y$*Ax&MdWfP!4vAtN4KdbU?vt zrz@h-S{Q3Q>b;aznq2o(VHlpWkO(QYxR`BXtnzA3WKvm^iWYi4kD6kzWqXF4F#d}J z)&W(Xj%qWHT8^x-P96#3P@E^wa)pQ)NHS2+O$3}s9f^2PPn8CXqEEtVD5f2tLnM`I ztUpQre1)DM!`&bqn!t00NDT6<$a;eaDWJeeji?qc9-f_e6-~}4E^cb{hv+gbp&MZB)VH{g zmtkg38W`&PS|=0;Gh&-k)KStXUGnofs>Z)n(inc4C+ZAN<4Tn1LWnjTRp6xr`&j4- zaqff#WW7sVh1_Nb9@|RTwSP3c$x^o*3;%9REOMJXp_Nu`D~gpaKuzA1&IQW12@rHX zn*hwjPJBwZBgn8$4oWhNv=1%ugCv+F72QYvj==1ZH2aH^CryZgAg~|b2R{O{UCyyU zo0SkM@djeen-WKnuCeRL$T*AcaSYm4fx<++XXs?Ie}$yM+oDV!4uXVV9*o8224#XG z-xUE+zEO_Mp4x)$Jk^{C74P1Vja>4HSTeS2O@t^sn_4+CsGawL6&ML_9(g~VF^>Wn z@=ncBSs|X^Lz$w${g1UTroJU$SBioGX5d@C4jO7DiTYp8kVu>w+5#eXns^u}i=ZVY zkVriFr?G7Tvi0r3bQ;0tjHd{PNH1}sYk)?ou)lkA7or9p3r`X6M}0*fl5xi|f-=0) z@UTXYleJIf0XkXgz9G{9SAPpC86gR>+7-Hn9-2K!Np!^~lNKkr!v#JeFfj{! z%gG7jFAUs3_XCTCADondB~>(~xhQ1(V!j=Efdkh6DqI$Nw~OUlrHaJ`D5VpF1og>4jUh!c2w-q zrU_wC9K6l5S;OqWBRMe!K-npKC-%8&#{MqOe+G0wJspE$)D&TSxXx`b4voKBj_RJ? zMJJi16qP+6O8*K^pE_jIyNsZvG&{>IFIA)Af2;^|80$({CJW5l7CGo@>AUH^gel} zGX3NA@W{rS;o(}-e(wJK(}}mM{SilZFoBg9cJuc6aVWO?DYD+zcV-2TReST$`@H4SI<5CJhp5K2fx#NekyUGL$ zOe@Wk6m8~mS-E0vr6mjPghU~8aiW?&(S*mu6p_I!9jkl6?ds*i9xpBWEpJcY{Zz2J+gtGwkEDBMQH$05lkqmi_02w zWEkAMOB7`L=Z*c7mtBY1^AtOGCxUrRe9JZ^rg@%u^qWtJ`q5`RHbw(RqiG>wA0- zZL`YfNU8PuQXey_^(y1t?3UwKYO?xW(EBj;q7xS)d&}$o_Ale&#kZEzb99|9w&X=u z+nq_%`8C=7qOV(z*U49Idhrohi_`Xc+tc*r?P53Q`!3c6f2&Td-E#4(A#F#MmnU_7 zr_aaRd7tl7x7O?Tu&{`D!))%3{uOwKzrtS;7W6fJjz>CLhWsr7(9cF)S5EA~Leo#$o%cekZ! z$`9~AuV2NkZM^2_007CP001QaO~^2DGIF%Acee2SpJrFZ9e6CHFjztf#f*8ESO&D+n@T(6n;yjPCj-|J}5s7UG3z(G`% zQ}N2GCgE0QV_ zrS*bhBRJ(j<b$ z%?YYV6xSsgv7-M`mw1DHsm>&s6B47q&k5@E?dP<(Q9PW(KqdyN_%Psx{idW+5@d%G zT5>3F!VQy)rS9H7lHx6W1ZN97p05y5Ls$oBNCt!yV&uYyG2E)E9h8`MjU)#ZO{k&q z_+Y>TK--id{#!Nb@hB?@5mcFNF8AWpf2x*RnKdENW0p3P)hkIoK68cXx07Ss!wjp7 ziPB@)PF?1S>gAQ86;sjrt5TJ@Gg#5lOvT1hKdwUE8#vNiScQYmn~*yHT4`1OvuYLTcYlHfrzgY0Xr;mBz$ zWFbkaYLTcaT3bYjuxgH(1!KMwibFfevJI_{CUpzS%oTuS9vYPBrR}wle2G+p5m4gT zNgZGCf;Byzw2%^849{gWawN{pt5N}3U!q32r5V{(vO?+P>q4@Yr3VrfwrK@DQ_^q+ z*9GTqM2aJc(7T>tJ5nMB)MO(|tf$L@*~!TeVOkt#1wnq=sK+q;CB%ajdrXw1!n0BF zT&uoMZ88N%TQ`UriGe6l*CN4!15Mh`zA1;)>=V4lSjdun9>@joHx`!A04QrvG_Q6> z3lLc;UWja?tTO3th`1n0i;f*Ol5`^KrVPszv1;tHr9iNo%WbhIS;G*D5ED#Ibq?xn z-LV5K!tzp(9+1Qm5K~5)!&p$X6Ax^K;-0@?hQ7vy-1PGNgCh}gKp$mM)u+BNjz;>I z5JQHNdnANr9VeX9Mj<+e*V8tp3H-^wv`V}e35JEEC(cqNM*-}bqS%-|xwL_S(Uge_ zbpJBs!;)d*hBi`STql-2&Wx+Um~n-etx+iP>xFWO zUnlBRNR@d#C^ECYNjcFa>pTWV!(FLd$(j{#DCwlDqOb0m0+cHeWd7?|}<^F>5?^#F+NN#;(!<1Sol&dde zs!|WxxStc^ap1C+l7dB|@lJ{w<>rI?bHlP0xb7_cdoLhx>R(lceZGmbN2FV>iAlxd zrPp@2c295~ImAJ9RR{0^eSgU9G;V0!Y~0}5BNZ~uVWkEUAhi6)sqs^HGc!=S2c_Q_ zE@Id8F`dnPNzXNpYZLle9e>QNMW+C1E^mN0%^?%`I-iZnZ2byFRdnBnh;#y>Mm0L1n_YPeYv&F$9mz zv7|r>0j&^{2LO+(#d~xl3O)(TVjS!e#WBI$uF9np_UI$-nm<6 zvR03A-u}+^_1+^e0{o00o$=eR@eJtqD7i|-r>XsI5Ktvg8UvFY)~9DLr?(`<6eKav zCP2i(B3uI$fy?8D?i5aoR8 zE;hz!ps$n~w~wMgId>sZ(+kBwueyOo(CCU(V=MkRCxmJ=j*2=uqtemTKl~M1F6*>G!hJE zi42TZ&zp=FnS{p$KO8IRMtz0t53bEY`&rDLm--@z!B?kz7Sw?|R1`d{MD&b~;$fqb z@@11#(%=x!5N_ndt$$OTi)qJF-(NDoKNS|x)fmVoVUkEsuh%k-@?g^#+=Ig?VA-|C zepF1)Z>I+t@4U>~Dk$l%+C(E|EcBkOfuvrc9;KhONc?olRR;CVZamn+A86#GquCRs zV4sYi(~42@&sgMJsD=%e)BM8etmFrgG46C!o0bb~aBj^F-f!RuC)$nd8$Ka9XUjq~ z8k!14{6^VDPon1vMO*6+xAYazUIVqG0o2RiK!Xyxi3T~y&I(ghUkPG!axmWJt$vaf zC%CtEw@LZUpOLSmtpfyW5EKlwY1lu_(0cZy+CDY3gMWqW@)C%51)xuUzJ`cr0Acqx zh2@KX@0-)NctUc25($GB3N`*3b;RDfX@U%SVX~gVw;+BtrMqF0Mykhg$6!8G9#cj= zPZ;3j?;ZnK)kG7uIU9N9>qSNj7nI}*w54@i-~$XO>TXf~9C@_p?E#F@p)xD(Om*Psp%+(9L-2J9!r96x ze+eu2oD1AVMSq|2JVm}5a~9}gAZ)@Ji3t;P7i)IkP&RHkc<-eUt|U6s1Yqk%CGk-Q=mN)dEaGp+D9TBl?87z;C(`Cez86=2B*p+Yjc`S^kc^cHRV< zQkaaq1`V~c{=Tq=qr%V>x8>q&y#$q(AjwiG-)hDB#&P3BDv@~6vpB(hSbev$$zhv4H`jJ9vReTGu(#nx` z$fx4#wA;!JI@*qqAPuSx)}pn`q)|^64AlbHmXnw^I485Tva9%Z8&aS3A~o7 zWV3@M)a!ELYBeRe1PdwF6$`+?mk(;B^6TP_Sn#?QMdVH`N8Z#A5Ydn(QWs<)#d5i3 z)6^u;GckymWUuBPthBsO&(Rjc<^@xR0b^Dzmq|A@Jp|n^l~euwY#L@uW&x`Id3G5n zmuwHobc+hqc~ywwB%Q@Knkq~OVbT(h5gN8(45`;exgn~U2 zN^b<^_ zH8jtqN{b6?sHnKf=H8uaU8uq{Wh^DtCfpPcgliDql_uY`U z2MEN9%=V@lOEIjofzwn7QQN;7fPFdQiL=C2hg{A3i1Y4lm|esqfh;=-0B)CEm#{l7 zYceA>;32sR%OJyEbH>vRIchTIw~#nd=j!TcWriydvaAV4kZUj#yciw*=@YcPo0QBB z)D;ap1lOab$$IAVJ-gh3nw-_61l3${WKV*TRJ#M0Aqxk{iOQMPXUGuj0Dv~W2E=)n zD4lfJUKM!H*t~M!MS~&ZO_-|IPmtA39?0%>?*x@Tje2X6uc+F_op#hlAvCd;9mCgy z-A;)PsnS~)tn|cnPI;zzr@E#0 zxx5El9~y9rkdSV|f^&Qg)Z&84zMWd7{8{CgK(8JkuSxVrw}ze%nUV(r8)g^}PtLq2c2oFz9PoyGYa;0aBWCfy5w zSNCZKd|Ijpx^X(w(zj~3uk#SD=pC8gf5&ze=itmZUG+>MaYP}vZjtc_ia3oo5p`G9 zM(V+BrLGit>T}xE`)`WMN5Q2+WVcE=J<9L|4-aPC*rFzGh9#I3tbV#5zeoLyi)R7&Fqyl3ShQ%QR*pyJzkKvxEMD{(~Jg*kH&&-3VxAvggF4PY7K4 ztC!%;m1^7<>}GuT#IV<+{vP_}tNso91yB_LwiCfJRcFDTI=M&Lhh;EU)?Ebqg+Uz$ zh;A6eq)(@+5DGgS`h`TD7myduavs}lIw;!z?OvY?&-7(At#BN~2dX3-94daWe-W8L(*v&0;svDDG-D*$bgpk;lqMf9kECAmMV?0Q#k-mxr}x*db=R+VGL5I-?x&s4+S=U; zc2FgH?zPhMj34W+HoLxrv&JvHX)o)6_u?(**7tA6Zwe%;3HoXG=4l)p@7!gtXx``d z?5-#E?=;}0;%eTOk9~K0h56|4@U85YN{gG=G5Mdt^Q)Fqz4D9KPQICM^IhalJs+EA zc)Q~tMwTj%8KG6b=F6B%6}hh-WnN327f0_&E<1QD%+}jRJ~!8%r~A{eG`@$kQPdWh z+FD*;!vj6IO+U0lwDJg}>)~2lNci5TqsCS=m~OxJ=PS8GE8oV}{cMzbo~ukJ^Y5&z zT*)Tg?R!V57b~rub@FMhyRv1k$lnV4`$3nldf?7U*-j+IGncS`^|19 zQQeEOuY-}z>$o0bo}LDR-iNQ=qnGY>n;)@N)0sSX(?K)%9D2RYI?Iy?j(@|i_G`Q7 zi`RFi>shMVRxsbE{SpOiUFu7Uec*e*Pqt_ex1A6|HCMhIRL&M>N&(BpeYqe1)a^N_*w-dD<*xPot>g%tEAaK1kU)O}wdw5=-=jG|vp6;*t&01?6 z&#D*g?f%Ql++62or->M|)w_sVsRuo(uc@c85WU~m0EAxCbGwv9I{346r$%D;Bq2~5XZ zg{OL%9v^Ir$;U;n%zEB$&jG;Xs620;^93&W6Syp4T9Y*#rl4@MQ`gZte4pd&wN{$g@$*?d z!anBvIZ`q?7n6J9asLMYH2Zy)xt+A?-PqXs4gH+oP9yihOkc9M24qp@4#wM?0dh9N zW&1dJ!~G{as^y5nFTl9>?eX39{uBRxe@l|QtWi`@Ms61xuF2H_6^I2AS;O(>bXI%H z7g9>$HB}o%DjAqNZf>ME*GH#bY~5OEsOqCym?@hr_u$LZ%VQV-7n%qe6c}LVDdeqW zq!o~~^c3htnGqNixEs62^2pqi^iHzudc1BjxZHvf=%5I3rXHu_7rLkLO57NMrSTRA zuT*_Q&(%1`pBSRj;Z8V8HkZA%S{Y|6yGFPNkC--9Xt*BBGwnWo$qH7sN7OBA;wqFo zA|fiJd5{%+X^bdziazR^(=3$UKQVO9V7-IP2-NsjT9@GG}BhdbL`+5Ls_r^!* zyvnF)GxT9Zs>}Q7Xek|h4#oRVmlL(IHp+p(;E~?|BD&hBh3Oox{+~TT4yt`o)SG`U zt^z#RwLnqk{;;t5XmUh;1Wp)Xgb+w*NN0YcAX?`laIQLJjjI9Zvq4)JL-o#9XRPk*@%$H|#XZxQB5GsdE3wGcZlrKj&l}A*%D19Wjv=!7KB) z&gk1Rv=4LL$^u#CnRxkF8`8R!MKnv|TH|7yV{+5Va>CeWrkVmke23IMUw)&(Y_ItL zsnquy`UzS63!iS|1OUMQuS&g(t%dXdaY_WMYdB-8WU97Lthk7*Qnn|vdqs*@4MgBT z)*%C#kjH8S0YgsHPAY1s5=jY?ngkR>f+g04`hUMOz=iczcpH6W+ z4oJ;zW+#Q6r+H+&|9D9?;G}0{BQJOReShlicrP#e1oU+n2@M9R!L78sf&*0{L4fe) z>A8$BEjyQV{JCC|3dvN>&vPs}aaFB6)(Od0a^Y%FAy;xbkx*_8b)ra`EWw7bInJ?Z zXQUvX$U!PopZWWCtE9}>EYZ5?V)-K>=oDf}53la(R-+TH`e!*bdfd^Ytg}s%E+HCM zwk35Y+3{SuglN}1r9tbmc$Hq>sTAgfP z!|{SJpGQ&jqKBJ=;U#^eu0$H6QtW&ka`r{D;5@7hiaw~f7Dd_?T$y~9^FInqjZsCc645eK ztD>#zqV4#A_BSPiMouOH-T#`?UX3$PBmC12PHr!!*Kh&D$NlN#o4hyH2bf;T;17~Ln%&cqwokCbSp=H zgkdR|*_n)ZhtPrR(gasdA~w;?xh4m!o9w^bcW?CBESIXkg4Sa$k;at(_G2?kQ9m&X zHSy3L#Z)Nn6SOf~8!WmMCY4?i0FaqtZ426SDvil%HSE+Pw?&wq_ z^Q2;xMQ{&opn@RcA+V2R`ED{$xpHkZZhYig1U*b;jO&)|qtnvt7MNYm z(A*?buR)bZ8)2<>?ao@C!lh@NxOe4B6E2c4b+89vTaEfujc!{KpP?+epBd7LB}p9> z@r%gI4=7Mf(9{}w$zvrOUrObj**wjbWZU5~bFJLmn;zcc=t%YPLFnIxcSR(~L%m~( z#;{ZQNvM`CDB6a2mX7`b0&PTEGtFc$CP&n85blpeZR}p<6enx}jJ3=M3q4*9@i{Ol z6BNz^f<10*_nF&8oeGVNa46b7FBrnM(P=v5;U7sR7t%3YD$U9@@0fqIpcW>t$5-}O zDxNCt;GUpK3{PdvYKw0YG4wOS>|2YJWmhe|(q;(Lm}6FmB}dc*vVEFQh^0we#lgl! zx4Xb6T@WQ%a~(u5BZ9yw!V)5x7w!TW`OYG)f6=p#Wt`x9_pTe1+;B+x zM1ZmBtp;phKk0k(0umBylG-MoiX_S7*=;DUaYp%ly-MKa>Cr-Jm7wL! zuXInyRmJJARh+12^#5+^mE1>c7*;EXF30!UkQHu+lt;OX_6;adXtx+=(rZeu6M{>1Qd{&Ed58u=PRf+;(9hA4uM?<>pR5Mv+|*Mt+b?%sTo0TUg)N<)wNOTm~o!mk-U&4ur5 z);E~(jPHLNzZae0MuD)D%65x^vjd}k@JNuKd8ZWP;botuW=rn)Tag;^&90Vm`wuGr32XK`^T$r=1aTz zX?P@!e?QO8B~sVBe(u%n>-M549wLlw6vDwkl;Vd~Sr_X!vz)eGR0g66H$q;K9kL{~ z9EuU|8i8vNM-x&r6$9!LXD@QenX5`e(4sG>=*%NA)HCK{(k-?pi*`x%4)ntSXI|Ao zQQu@tY)zgT*N;8PatcZVe2kos7Y}aToc}Ov+vK3Hst_<(I7&#Mtczq1S=2{Rv@IQds3(TDzl7(<}ewqG(!GVEBNH!V+@I{?5I*IF46p{%lwC-fHwT7l0$l#)wL|w)?#%Q@pr&$}QqM=YBX)ksejKdv|hC z4pU3;;IV%|s7;36&ntNJTFaNh*UllRIlwhTRrSe>w-5e_DNNn0xZSiMc1%a!)hl`k zjPf+i-2*+aI^)!4@qEW?t5W^SU9LPODVkFLLOKe%d_(MxS|bRMob` z)RM-<*n+b+jr|3KGEN~F`;QFH3|<~}oaLC6-CWR*1c9udcvUSwS`45E&ENXcHX4g1uHjrRMjtFAkOktMzdQVu{Z zN8;tpI5;I11PppdIFkR(dLNt-V#=- zl39wqQ&;l1a-i#N+pnjL)2P$$GgJ*2g^0P7d&frUmD9iEZVC3&^U~+t&4W6L=SMz_ z)droVPKw2O4?`;y&{bNi!?;(BcrX);s1;SjqojR68!7W)&qE~)f-V%>;t$S8Ye7H@ z=Ukf&U79l^h}x1~KPlm77V*aC-7tex6R^O2OmU$dR=coF)j86C_=C&NNzJ2y7WnYe_H02E%#UFk?X(w-z&3fQ1Eyj%HJlG%-i z70gGiUqi;-586RX1A5$78i2{12GyMQNxgkt8*GFQ&tNT6^|^_HCzT{HKeA-v5@{$3 zm&79JOfB8>aKS)rUbCs6ZGYRQfkw1CIID2J9jI4r(s~={5z~C_Lz*Ch{)8EC?*`2J z9niIDpb1DO%2IA#(ID`%(>Bbm1SRM-sMTea;X~ay)8BlxBq_;wSCPLjm5N^!i*TIj zbdWlgcX3@cf4jskElu2!`zC2MhUx~#{63`pHy}->Vp?vR<-9tr#_Xa-T?mXy zb^B_Q*;X+~LGvrVd$-R`aVQ7=vJyb8>aVu(>#urRLB(YPwC6)-0y`CixFH@W2b{J> zDk}vAGQ6AkO#)S=E5$V-pqjo#OJmv+DNJNTu*g{Pv8_Zcy44P=TuZ2KkedjVVzf2^voZT==tC^mKpqQ0+XkG%$0hE2U_mRZ{bTjqw6r5J#dcb^_FQL~0=% zcC=H-;p60faU9DL+8N|mJi_BEHE|m+Iwz#aKdR?!Q6oiGd07L*LyeP9_R)!i6-k^2 zydhcL?`2McvBHwT7=OlW-wfmqSEb*yRbH#c_sWq|jEv}hmYF{3{0fGjW|a8EQ{WT_ zmG=j)$Pc=H<#UqWC@hKJHC0d@o+)3*L5&HjN8Ne$r4I<9$xsv4Z$_deyo9r=UsH#w z^t`fBt3ym~t<1fR4jHkUN+6m>s4@?nPt#(&%@2{?QaCWEZv=nixr+VF;Oq*)_R)>y zo_^JH-mR|Nw(pT$ltfxXd)f-(={mOqirnP42zN|f(w?)CRrATfLI935fl%oa6kFsp zf&R8@G!KihUtmjM&@^M^iY`j+=1)?ikArkeeEB z;5uc4r=);%)wV1eviayn}^G9&3`}4q! zS9%=5JRSV?VEUWfXAK4v!9anRgySuaxJko-|JidxC3eHa6|YO2sgcq*}o4 zDzRvMaPBCcJwqs{D{T&B2yXP=N5hLl)HGjI;j6y{MHYfOX6)Jem^{$m$pd6StW=cy z1<7dx)R%{)FE{_^8Rof`6yeK0n489Pkx||o^qKZT%Y{kY8ed$O443Q*a-gsC=;L3> zkeLt0;Ua#0iN@#vg8m^*QA_G8qPc8@mA z(RH^}UlB_epYcpd^Zn5yhqtuulsC&NzfQN1Z7vW!oAZZ8L`4UT6Fim7JrbW!2(40mQPf;_&I z(jjHFz6Uy%j`V%16i(f}J?}tD1seI}nJvgH_+RRD=4klu0Yh58D;~4E3@L}$=`iXA zl;qG^FJ*z032^pPX*SZ?UB5sb)wRo(Uga+RHGh5UAZk)~N~L>ndY7kBf?W_ohZ$P# z7XqQ%(6d&I0^N`Jv(zFpk0*hrPJt&*`0tj19h)$pQspNJ-KR-jly4fe_%lNsPtbx} zzq8k`KVe4QQ23RHU*5{OFX&La>O6zGUupZFfByI!*RS^7)3E&lr)%MQTsiaIh~&PB z(U9PH5}JMa*)a9R79QiMQfu~>8k2h`wzz9de`gEN79!&W>GTdoGSmH7#wXzp0_Kuk z8TN+v2D`k7%8^|qlFZ}7cV8oV6NmAD&YMDgE|GeG3-zK3<;vecklzy2B6x6K7G8tz zLbdqd=8bx>=t8mR`c0ogeQy0C;(iXG=tA}S6ZV48yuVO}m7K25W#)|PvoJ5~dR}qA z9s0Z-vi|Yyf@ALayCQN;x8w!@le!)d@gAd`syi5*jUbdSsZ^7jk}aQpT1a%r_&Qg^?3c(4?xWTBWz96NION{+UEWzh-}ip) z6hsIt`|Q-08GM?kN2F&E_BneizmC_N^rh5x{;5ZKtrfqMesj3#ehqcH$6-w@4Dy@! zW#M+XWNu+cmT$;)>|@_(DfN35={J(x%^I6EuX{rYd6T$msp0%|@{K`mo67<~nKaa!Ns_trts;@J2e@|dRfWrxB&>$^p z&=5d`<@AJ5M9r5YRxVTl*M-)h!ZbEFC?KjgEQT#A_P}hM3)QM6Eq!fG~%_>tXsr+N00SDG|?$kg;?GxF(uwq zsGAZlnGroK$;4fO5Mi3dqx74XvlU8de3+WjazX$(t%y>aaf7U=-ubtDf5hgfsCisK z&xl8=m6wtd*RS$lJ^!AcI}^N6gmn+tsd6E&ipz4VnF3nq1Pc|VlH4SzUzOT^youD| zC8qqYPm{ELi!{Kv{_&A@unq}{zjU4xs9}}bGRHLaNlw_e;jlJjGf^4w@7s)p}p7u>cui%-N;jmLdu<(w8=kYLVyB9{Y|aD%bX z+eXJ45Ty#9?%gzxvSUnZ(`Z+y4WYuJX!L{y`VM-pYDB=WM{P<3ZuN`$Yxg}kwA|mn z+Sh-}PPV@%SG`kpOMm7m^?WamR|nycO$roR7a>Xm#H(`eC#$e!+V&|&B6lCRj|1UF z4-&h);Q0U~1ZUC~N^(O`di0e)LMX;R!5czR^p#6;gOH>PE-72oli3F5_>L;~6WrdF zh1H<~Cv{y9q7%x@xR|mO#J7_-H~(-6XZQI`~6*g3_p9S>u2~17N`$ z+9k9CT_$7H&15f)X9-Nz{6VQxZ;4E+{^u474q~gc>V4z_Ut3H4f20792v2Pk8z+=M z25r55mVvl=tm>17~jv&YXk@V2{N(*HZ#Xi2cuptnV$1He}=hk4J%mo9MVn$of>i=_*FV51J1{&7ufG!-2t@ooOdMM z+`aO%j|DjQ!X7cWd98=rPc2=oJ;1h0lkR~z$E%mtXxV?ZM1c2M7U}`O{sPEyo{I8; z0|Y|Wf$qurVfz69u>lA|@BxG%^Z`Q<_2KZr1Hu9XK*|BYL)d}PMft^$poi@e7&=Mx zr!$Z5s5l6sWhV{|#Al5^8tTm138G`eRBEWLgHc}ef5=cB>47GvfS9XmM(+gAJ3lN} zik-|ToVj9%oHD50Lgj0$=LW2paf!xv*EfYpw{m0 zbh*d84Ym0)(6VEMX^xy#p6pel<_!xt7>|lqcxiYrpg+jt=e>I2OxF){r(u<=r*i~8 z@2`)D3S`eKaNvW&jc@V}6mNU9T?QnJhzjBViC@?2y!%1V(H)KnB?+FFg1WCiBL)qI zSn3}fSf@vHYgMGL{vnI;eu{{~G&y2yDl)z&D>dy$SqaRBB?Y?z7zNk}+6deT*a+?j zVAzkO7n9Ul>?!6YN>?oPq3B<3PD5Hp!=wYeG6~hW*sVbaH}ML(D4(Mzb(x@%qq6aY z^cnD{$n(1oOc4u!WvD_0Z@6C%XxQkMt}-jXX$4{dqwFczOm0l(>zns5aJi|m>2Xj%0P0K`jn#X;`)>+QAw)&%G zqXI6)u^LoU&=5k$RN1vsIj1`56=>6DxKra^hS%17Sb>uZ=ex2`~VZ!q4)?nXNaYveD z8V&&$YxC0+6vp2PhmgZOZFR^h!IGZ_B#?^mL*r#EV-SBj?Q z&i&4X>hgFu0?@y6oNCKYLai?yx3i4*bWjFQy*7?-H~X3R-Q(sW;t3d6WLARWgZ9dL z%f&Y;w@~ZO!K-5_6E>DzUY%_#uFvFV&Zei*{fpn)$a*AYWOkrhfe`l*Hu}I zYi#>esVzM%%EV4LYk}ss(WvU~NRt*Nmba_X{oLH6@}IM2?xXeDsQ3>XYYP3v=qPWGbd|=YL^=F^4a6y$t(7<8h z<6+0GS%yl5gZbAzXyaJ@BjsS0qn7ra>#VA~Hq30ds=`aLz)siqWry)}Yxb=dU6Gz` z(dyB$V~kA<`yJWob8YnVIGh2m7uuZpB4DTLUm5KeDjyEVkLY+^nyY=3wU;Ni2(KyS zR(sUdUD#gwXm$=K`?YBd+j=gC+b(NrLd4J%yXjV+$qf19!Z2>(U0v)!EJF$v5TN*dEJF?x)G&RSWIK8#bAWF?83;{YUcR z_d!G1Ah2r<4_dF`v1ZM!8*6HbHy-xeC!E>^XHQk9c6Q6#iKBZ$m*gJidK*t!>xsPW z+v1hg+Z==~cKhv^fU-i(7OUt*6y&_GBjO%j=*`PXA00-CV~_HZs_Fd&3q?2n`#o&y zT8n{CA~2+;Z7SRMt~s=pp6jWYw8>{`)0DC1`E}j5r>}wDhwHJ3H6%iQhZL-9pTRSur#_*wS3+)O5` z`-n_O9cty!*qg4*Zg@_Ug>$%L=YGmb3k{z8oTdAmdAZ-|NVDV1hv7zEtDlpd%8uYh zl(16GOjsMQxpG`~}D*fmvDd(4#` zyV^fmt~}d4EsrF(V6QM)`mQXtPBz!L@07AK*zSi58=#~VA=GVH=x93`mRp*Ot`qwu zgP%TEyBuF}f{w;6kK2eJ`po3-+?XeSE_(NpsTlq_KX#2!g1!t})Mptl(M`Bpt4x!h zy&7_eS02YbNYrQZZ^>NzFIh4Yy;`kG(xw*wIMuXF6uH6(nl>D7JHlBZ53}||oojJ} zw`3hyM2utA0DWeR%c2cYXqEq;_2{nsb%22lfz(#Ta4a0XcN-!BPFKEVTiuzBWd=4 z5|ZIa(2pbXy&~p#Z3fLhevB1;CJ)7VGKY;k6@F6h)&`nU!$m;K_Bekoc60ZC$Za84 zHC|1-vJ|Y@sJXDb(@d)Ib&Sh2hNsrEtD6t$FC;Z2ySI*dow3l!dyWtmDX^cuI3f6z zkVr*Ni~lpoo5Mz?+M}nRvyb0Hrk@yp9u+k`O$D8;r$dIH00?jpm6(={n23@ZnUt80 zFf5kBp)MlmQ$I>;cV-1mRUJJwp)+vu*81!8=zrhy;AAKN<)ozM zpy6gFWGBXF#E2LrHZqRaBjM30kpN*KcDHacaM18_LMe-qq^l*KjeEx|DJ~^JV=yf# zCN{z_DK?#Nz?ek3@ z-qO}Q7h*K>`PGG$qvk)8lW`iDYC5v24VprFlYq<45Xvc)hTfYo_A;p@uYhvmGH^PB zZ*;h382JpOZPRIKQC9R!jmGHF%j!KS#Uq)h|1g@~nzzJs$;&e2#OxBS@?l&2_Huv2 zsjV$(MFwG?e#q(_DhyAQ&gq>$oC+vN=r;8XmN~oOEWI#xm*`)<;LzRtQaX-j)@{0} z7Kx@PYJdekO_FkAz1`mo47@S9k z6eIM6f)TmHe<+895&Q2CecsayAwqOfoe3fyK)gr=WXw`z4a~@6T*20@}E>GMPqMvg%~!LP!y>!2#_Nv{Gr4{X{vZ~Q$CT(?kPM|IZ1zz_P@aKR7oxUitz&|pUi>%w+N z4DZyqU}HxS?>yhUv7!;}5M=rt?P+EPLEZlTV9^dw-Z^~z(FvD!`$ID@>;_CToOx%` z1!_CIc@Nu#nY!QYhPxB%I}&6+rLK{&o#TI^I*yNU3`Tl-*LDuhPtH`3&3bxzXFvu#`2|ZwLj`XE1r2Xc zO9^jDO92KcQ(aRCGXVu(4O2-=1qLlg1xrH-N;Y8w2MBnXr1ZqZI3<4MyqV<0xun#+ zWUTc>Jk4cfyRz(^FGsQ#6ti(^6;P8lc6~{QKE?iILB8 z+WDyZ001TZ(lEo+(Lqh1=pe}<=_u|XAlT>{+1eQCW|j0%_3ZReT=evB;PukX`)cs; z^ziC})V1=%)Wi7G=JiT|6Xg;C3W2qh(&+U}021ej07pOoK><}wNc6#70Z-B)eW0MC zKpD}~f?(GZMyQ2y#^0W<(pmF@MxI7!)w%R`LW=d^?3Z2%te;DL$P z1JDyD&4T^wiBEw(1BXpRL)n&Lpka|Cs_? zdR)~SgX(af=y-sBB+fka+?_VpdQmP?E9LQxR&=mNja@vprN(F^5m#{@vEKjp6IEBt z^*fy-=O6oR>MBl^i0aws2%TAIvh4x6sPuCyh2Nz^%?JK@L>kKXJ-DZ)pa4>|mFdXW zGodG;uSY{U18k4>2!fU|aAL*mIr63ctsgVnJo!+rjt810UXC7aoc>-ctY=IPgH>0Q zo;Q3@#RAI`-?%}7h!gJ$OGK%qv%nAxwuOUTQr z+*`&(OWQ2g%hgM!iJRparLW|rU~VE4!8138ga+DsIo|>hY0puD= zu3q8?oc!mY&Xb%nh!^ z!V4IP88FQ5Y()Ei(G;YmVFCpY%-xU|=%&*;WJdlJF~bH6hy$63ao{8%EP!Dp_&-Td zf|vR-1e(n3IQBX|Wjn^s>?pQZ)xZN(nD_{vq2gN$qXVo70r1sG{vF5~AW1TDiH4V4 z6B1u43nE~R?8+;92_vw}h|6(MU@qch&oLFnvTKJtH8vHB8D$SQWiRG$hL(s*#K@wT zUsjVgVV92KbiDVG8136E~WN+6UC3Dg(Edr5r*-jn=t8j{;sW2Kr0T_3xFtX)Wx4sNW5; zdj&8sYT9xx<_f-&7WZ!{=_TS45+(|6KB?6mH5!PCRc`2u0b~gjLP&%B zZkXo`pA}}2KB&KEIz`4@D|IotRcsIVYm`4crxo@%9T?M=tSM;;j|D)U<_6dXi7JBRH*oY zHZXfc2uJG?et(LoiQE6y&2jDs@;cQa9)%w3VgtN9ZV&rmcW(+(#2*az+5!rw*!;IY z9X6vLiic#h>Md`xG*O)_FkWMgi=WnI@Y?ay+2QN=kZ1{T!V;)YjP(%TsSfEyuZR>> zAnFODnZ@42k5Bq8tb~d+!@!x5Y@}H(x%Huw-3!!>tvzh!PQlE zSFgvT((U^gUI#}a)$_)Qduqx^EnFN8%!>}MuG+iK(%CG6T(aYn*=nn?H-9B6y7B!HpJEHr9V!tvJE-EA=@PNs#Ey^w4tNJ&UYs7M)R z76fG>niy~m#OQy(ZL)_7(39W|1L!A?!tyFY7)KuaFonr77_F3q5G91wML-rwSp3`l znH{ts$i&4FlKME*&7q1$X2%9X5)Go@@FaNr*c9yelnDr79&cj#lL+dGeg$!eUxy7; zR&zMy5y`&EVUwKqMhANUqAx_0MuYdk{!)LkE*H?sEiLqP`sP%!o=H{u78`P^w7D>{ zkK5eB$+9;X^_PgAm^h^xPHF>_&RVIh+}{IMymtrUqSAa^M;{$Qi&DlSTUmE4s{BiW zRz4H|A|r6Ebj<#)N_TSp+IcJtB)1P=e%j(jH~)eCDqQ=~!g^`3{dt*7FD1p<>NQe7 zFN9Y8wLYz9Fa4;krp2wWIW(o&$$cz^{+ccfA1&GF;b6G?UV$U=eM$ZnQ|kidizdr& zhsgnX&EXz0Q<@?`TUTMTq+rmHEj2tNd0LlNh<(bU%Sm0Z!VjjvN=%WgYk(unvRR9gn; zKmH8PuKQLy*U#DEr$D|oDMR3>3~pua^`GF4A9f_D?(Y7Ukw=#rli3pqgDqk1LRDS3QMjW2WN#6`Kps9 zfx(t)iR?B~3FFCd1BZT!CC7J-X-HO!M3)}3W|^bO7-CtCXXj{*zfca+nre;+kEl?~ z1<94imx?l(#;K3V<0&;YEdyGB1)9{GH5(N6rx(jxZiPxTBBT{BQaw3{lJyeJIgj2m zs3nhyD;?)S!FB~!_9~91W7!b#oYEjG?qG2VBHc|qIG)7)#yhd0-2lS#a;s#5dm~<+p!&YGl;Z& znuki)9eE-u>?@#ke!MLT)qpc4o-Usg4&x?38X54xFv>JalF247>?z9l7GcKqc{y6Vf0mC1+Z%uq^+;*!&>}#~shc_hteQMq# zm-cJbnVjZ8<|X10T&tZ9t4p_XM)D60{R&d1l^VAr)~bzY3I|&MqEevejY&$MPL&j{ zHc%HPJ)N3Pl1w%~`t-1^l^uJhH`n#94IURW@))XM`=jYs;%)*7BaF1d{9ei8P{^`s zqKyEl(KLctWUwJ%o%Hy;P$dj%u3Gurd{``jQ+%*F5hl{Wd2><%q)W(E=oH}|VLds> z%i5{?Jh?&mmX80nid>0GSwPjzy!^Oi%cQR-xQ_A+a1XQ|f-t+8Xi0l=Eisc$vn*s_ z4R06O6JM!P1}c>#8T=u_PoiRh=?@xgR{d^IRC30c1J-L~plAlLH1Xil%@j|&g#A92 zPnao;uF#F=-4!$&JsS?+I;#}Oab|Zjx+1U>0J&To>GF7Rtj9&*&TE zh%D@M!K--Y6&OpEijD)Fv% z;YD}JfL_{8t}KSSO65i-^EGUn^EYT|49&^@WS_OuC~F^^uE8=!iv3nf3;5=MsIf@ODzoK zV~Or-OJOr$?5 zWVeZMQMaBtQ)@q)Pkh0am&xRYwU-!ttM)*w3jQ+t)m1H4r(qW5iJ13ULqw` z@9%GJpn(z_PaqU!1h`@{!2IU_D5hG&S-Q4molF26OHM+BUKsgjI#^0?0|skqnee^d zBn`EQxKp6WaXV>-5{lWSUc-}D;GvTUZUtd+n{-&2vON>ikK{AqCz0em5vCG*7mMdB z{gpTbEZ)>|p-pn(KX*|UJU*K^}~AP3Y2lh^N9uJ3c3nU25-1vuBc!*YVriE~`A2;wmya5Xs5} z_HqiMEfK~)=eoQzz&9B|DGyoup6J?`Js#$H)_I2qo23ddQrr%AV2Uk+48L|-&q>v6 zu05dF#$@EubpE?u6a`hlVB#qk4j^U_K4lgAR~oWi6mxT3&Z!O{(Id+WTugBXd>IcvPlhaZfwj{L`*#uKlKzFPJ=AY8lQuh=CG z(wE4ykLEUY{k8@LaRpa4Jh|Jiw6p9$m=i(Ufp_fNE~t5_QTVm9I-FBl$WTWiSTI<( zvBF^l0Hn2u(pLi5b$MOCfllWTG^1P?f@h!cXWj2!-H=B?vwlDT9FhCRQ8?AAXuDPr zNa}UyvA`CY&VpO`>!by4)r~4{lo6RWhaFYE3p$3d-H#c z*Pt(%-tqAWG0vhoSZKrXwX#W%`kr`GL@k_RZOA1(s>=qR`sq1_h!VJqFyFse!^KFb z+I#T&Ld>~OG090M^DOTXNa|z^oqFm*k1!F&hQq{$YsTM18FBv_%8^VNl1e6_!Niq7 zaK4&*{+-^O57xUlU73gZwvJdJZly@!&p@6M(L6#CIiXrENccP~wDmt^xu>APa6|4K zD9Vmg+WI3!C+UcRea$$7~ zQ@i2MWZ#+bN0Av`m|sLBMUDrxM$VxZ15Kpi zAl;t;#Vj?Rt!YS4riJ8;had!s6HDWbnRCz6!@%R%uOr^Q*VBh*$I!&ONB?Y=Pb}Kq zi`Nblzn8s96fL=7vG4{%+<-)zfJxrv*V1u^nkQ`FqY;|&yJfVMVV!GnY1;Z+4PVfB zf=RwQpf{T4@AJ^QYrEhOxWtEfC~nWK!arrngGg>F#7{hcg$OntVGPojk(2V)60O@(7gpL%>(_>*&{t=!n*zKr-XngUAwRs4M`7_DOl7l3zhn7r7P_JLl#Suc2p9q!j$Be!P6vi zTufg^6R6RlxvNf=$MOu4ReYM*7nmd4ZUrWHGT$;I%*@fNtN#SpY=tQ*>cf&@;S)GvR|u9i<6M3^Z$ET;{Ag#Nx%*HSxpw4`w@Pgu zGTNj}M;xRH+tcMBKpp(qC6_sH#h$vH-{SYkgDSm0h|VBh&Blod-yo~!pQ@hMj%ya< z>YzC-TB4M+ht|qX?|v^#HPs2>7#U=-aO?QgY=D=OYNo#|gM<^g534ee!`{)ojst%v zC(MST^#VlI34j#|t|UoH$HE5xHl>sQKZeWbtJ=}Rc&+Uog?HP6mwH|0U z?NpxZR)jkT#akOerM8at%A)gJGYqr_)e@|X0_G$9XDi^+6`+< zJ78~0-5*?Bth|YY(|)v_3t7Nww>FT^zJDXkrktvlEqc;7f4dvMo{2L{+|LM|6EcK> z^uGXcK)$lJBbW5GWkoRVg*kKfO#~dAOX*X(Y+X#ONCw_%cl<@6X=a)m7VhNTK(wMuTJeNm7V zMJ(Smkc63s{hZlY?RG|`Kpw87%ePgVc43^3)iw zSiwhyc9k}?&aE_dmXSCg9UK*-xiH|&)6iENdpG2KF%ry# zOJ-;4cM02D(@I?_O5`Ga2ryI4|AD{-a0^}*K; zG@0tTe93Ur#^v9lSJQWwZ?;|{!&s}o3vcg+Ywsp&a2x-s1M401448uyjgE^H;j0%W zYiHkFbR-0h6z`eK!zKlYr2;VNtoZH6*SSA@CP*uS%j63OZ*%ps^#;#sj`q#5^;V|( zttP^Pok*UYu(P@+af|$VowpJz{Vb?(aNq(9DQWlVDNjwj5#2T|*#_ndquC1G?PKn9 z&|tmi1N^~rt=!vNVf)GY6po7=@X=#iksH^8+h&DG)CCF2>bb00iJ*1$Mupe^scZy; z5V8j5Z5QTz(Z>9~V3U3UC$<4s54W%r&@}6@j5|)Dl)!cyiYQWi780!qSpSbBT8H~@ zkoeN+jkQ<@n7Hm!1+Py1B@5PM%?&DV1!(K$8yqjX>H2!}ep-#k&; zJzt;nFCa%;dyj~+vAnyX^}DB}Ilw&GFFa?np7bAHI2pJPr$nb>eJ!CtPlf*7Uzl7> zvwAQfc5FAZp>#5DT%~k4uye9tUmVw;!acc=XC6#?rihvuu^?_Dz>lOrT(TdYxdUvd zb?@hXQ>H*qCp#oR);zQBxw&3mGXHhmT71 z7ChhXFr0Y3IC-o<46I;RUi3%b%+{70?+#|ntUB)^QkhSyJ@jxBwkM~{eLJn;zIO=A z@@K_ys+5mCQLJC=-`zM57FFrACA_yIV((u`m*H`$fvE@Isv{3 z)VIF}d$_;rxX!e+U(H=VubeYqKL)$D0LZL6EC9XFB52_x|f%k!Cm)P{i|KYhEX$?r6c^F{vv&wyfIt&aQ1;(*KjEA$?Lgc5s0-jKr`p zlrlB%tUL^N8U37BKQ^ZIy{BR{+G>RNw=G!$wF!q#Mtn323# zJLsY!+uglgP7PPn*UMk*X?OQ1PQ`RG`22a%_$+v#q!7^GY*{*y1ON50iCEo_rB&&G>6Xu~cTrZeRxO_n(3mewKc(b>MeN0BTpT=1 zAl7VV;4*qrg=B2gIXquoF|c*_8SEpRcDFvjPrVuc(8}Gd`QmZ$%vG$P`oUMP~=2fid3ah^Tv)uKx!j0smE9s{?r5|wz3 zhHRm=-9!19In>weF8_(EQU;kF7mI%oltz*?pyMEbza)wzd(0*2w9eJ)(oSQ6v% zty27EuI)GomE3hDXCawY4uB+O)g(WS(e}fT(XixLB`?jW_4|P592Ikn=FTu$_5m$5 z-cOOTC_*}c9%I;UCa;xsN{}5u z&!IANS(xbLKwP<8$qYkEnn{VC!-^bfmVr@DpdPJ(uUhWhltrpYk^aN%%tf3y(x4$S zf$qc+l1Ngo)sA5dsIIK zFKoF=+L~<=te;|XacZ$IW6}q)2Ij5^^j3!&kqB`7bN)?i)SD6EM#||yepW%4f1v$^mhR|!azP3oaCMbUZC+j2IV2zCr0T3o72#( zVg#!l#*74IRwRp)IAT_4&ROtI8`c*SP@o-l$ex2vI5Ji^jA{V^YTT$8n*mPAq199$ zdmF~8F~Z4##MIz)TCBDmEye)?-2lo~B;;Qrf&m)7kYzUzg#+rUVIIE7r#V>4eXb;t zi=S?hrQQE@1pr5k!tDP{aH4+*pnt{ykb|j_p#!6-k);je|GCw-b8yiI*cuxG^#9u% z_&<(#u{!MkcEpp_J5!pTH}0*hK{+JWPX1i!1_FbE9}%AX(b>!g+ZyYnT~E>ar7e9) zIEQ3V_A3O4I=3t>jRL`%0-g|8Bpt(!np!l&PgFZWnPSk~Kv@JdNeDt&rnZSi(Tpcs z+V$jY+jZCbG~0Fe;UT-Zjs;OzCon<=78A{C7M%#{9ZEPZ08Jd~6`i4q&5@Y<4AH)z z$m&~hj6tSAA_To%>j+#t8k#0RAJwRE9w{H%-Y4f20t9f+g3GvRvRu;~3@#Z-C5Ls3 zgeI;&c9s;U6AOF*#$Fa?7!CW;48cNjCz4GC%~z#PIl4S9lc;|mhtdMA9#_2UMzy@TVdfOi#7!Jr2*04f3lWqTde5*+?qxQ!b!e34?s=tY1DmphyCZ z6$taQKQC`Uf*hM83S8T*N*8W3TB{=5t_)H)xpNeofx|j*( zM8aaJw2|Y*3dXchq2_id1VfKb#%?O!MAL_p?Bi+wUf$OMNKuY#uTH`z*9dXe$nHBwv z;;#fhUCAvgU+1GhTFO-3#{pJI@ipCvp{4BYX!-9IdEAen9r41`{OWpbF7y>>tKh)j zrlrm%!GT)G<4O2V6sAv1m5}-lxLnW`|hE}q3m05(a+~%BvQB&d0%%#(>j^Wz?rz_9M0`jQA!4Z=>U>x9&A}ki>+4JN0;s3 zZPqGQ)Ge*O=e?<(n#y^DjxhvOzO=zp2i7xjtgPt#R)Y%wuZ&_JoGytHWrD%Bl0cH( z=<560lvfIaVZBwh)JVAi#^gdcTGoa6B#p(O5rZ=GK{t6ycPuLK7La#WPD4;Fx22 z2l#x7(k|gdEiG>~W<>ryO0>`0b;EcA@Vvrw{Vrv8M^>_!d7NW5awnSDwbVrs92{375C>_ll#2v=EbNxQWTV1 zGj4LTGK^hJJN0_NX8$%82}Lrk2fNG0kX6EqK#_npR5AaJpvJ+3gZ2p@SHdQr*gOj5 z)=DlG4^BpHTbOv$F*MaePc#-tla;{8+!u@EmNT3SMF5GW27)ty%macXf-nG$11f#G zX#=`buR=~V81@8`R`2R(AG=3{fUCbkyPRgZa_VEE_2D8KJir6SvV4R8o>%|G>eHN@ zfrx4}f&dKWf{ry`-6`BD038XMDtO797L_)k^BHf-Xh(k%MFMjfG_VT{H6Z`VEu_1) z=~Il{G<}M88vwC7UNu{9c`GnG`f+9Qw)%70nY?JKK)`;t)T|-H(t=lZG2(!iQ#CJM zxROGayfLD~|8%(;oUH$N^6C6m2fm&AGs*4vK=zV;T&}T+J7K%x{hZ11rlSYDmm+tcyXJhGH~6uTwhurs^4sr8n4VElRuMxuGEVdrkXW zZMJID%X*;g#r!Dd=UmY2n4q0ZP0&Pxq8IgLG_^*M@ckR`^!25m)8=8}-&mTpny^Dr z%&j4j%lKJx1nB2v%+2&*`ZJ}md9$r%72>lWtMj}5+cflJ_#u8$14TJz7x#Uo;DCO> z8K5Jra5K8;yPnqjdKJRX z8m5woF6@eD%DD5kLs^b$OV{s;;pOdkoF#e*CJ?vLd8lx>>7!F`YvemSWADzG{rU>E zBd`8*9}VyAxq99G1L56}_n!QLxPw5LyZW?a2%lZQe~B3T-NWVcA$gvR>EcvlQ;uw` zZ4C46aO(V#+PrE-xYg@5;!<^dtD;Bcv*>(m=kr;MP_1C?@ojjO(_CHsa|F_QQ`+k7 z;xP&7`ylhg8mp#TzrEenYV7bnA~$hO9Qsn#Iap)5s>=+xBku+Z`i}bcIs#NO@h=94hsI;Oeu!S3@a81bUBk7 zk9Or3OA=mngrYeF*33`Y_@{-j@f}_{!pKH$RV1gVHx&3B3s`OzFEghg=j@}%I;i|I zl;htq1L>2cy58Zk&5QxXLM-x9KoYwI)5HUmwVFVdl94@4863<>S{q#YfpuIaSS?CC znebi9*aVC1BR7skn~)gXonGG2bnCQ}r&`$#UC8-vjBrvwKGcuq=#cHOkr^jNN1^H1 zzgGsX=>93DnhkdCLKc<*c_Jxte#wC03Wu)F=2iH2j=za?T(Y^{h&uT);AiHeIB_x< z`gR}wQ&G|uGbL1c_@R)k+f#Qr&}s4z&X0L-cH4$N{@Uca;=dIgjmT?8)?!k-6XzT* zlv3lvdO66>+quij+GV2j+vgwuvpYW~^6T{8*k?%$|5oS6;C8+F+|y-No6Ayq{2;ak zFYUAc{L-3LAa}DrHoMVttX|=*vwOdo^t$!sMR4OaG^(=I_!)A@6N-gU#%pdfobL_$ z*0jWae9HufJ4%+aaopa7Azf0Qs5E|;*gPTFgjq`@B|-cM;DErLnkAW%xJynuPScQ~ zBeN367>B3z3u26DJkj~+;D@*R2jV}K7xN$?1TfscS!JaEukv!XGj}jF`7Z!au?Dmg z>M=&ncrFKPK6Rq3jCS62QqTg*MhUJWQkqRs6P;=0SW3xwQ#J=~qVz8$aA9@iiD$0| zut=H95sJJ61S+U8<-K!bH8kNnzW{=#Z~=GM1mO$!e<~}6@pLPl_vPpNWB23hMgD}4 z+eQQ-MCn)LWW)$scp{{68cmp?re#;(G7ng%zC}x?w|wX(!Q(0{0%qw+cbC*VxIXLc zL6A_B${rrcDt!P#Sl%d?4#S78-^6N>!<%Z4-*33L_A-o}%v9WA=l}&GQkAV953qko z+ANS;%xj;}H6e&@hMJfchng~;P~JXqaJ=cPUxh+!TL2|HF7fEa(>pso=80*@A-|Gv z*nYIs5n?XfSF;$FYh2Ew^1ixt%KUN@bA|Jvo{GU)G&GjnqhwXP0N#y60|BuS!UkSX^+=-`Jy?Rr z52$L18h}iQ_{^8u*n!~~{c*1qg&Myc|Cb8hLQp#DVs<@8bF<|?e{Qx5SVZ1~Bakdh zXofFLcdjUEGX0? zwQCH}5mIeopt`>SLWXL)7U;zaOCAj6&%$ru4KM-)>EyuL1M4g#z|zp7Q`*;pGEjmq zICGU~Z`&~F?pUGZC?mE~;EbI`cXI6W$gcHFi}akePlw@N=T5gNbuU4`S&^mcK*^09 ztSh_BQ`S6M1x`RL7^V(a#(r1iLKRh_Q*Pvdla2}*&=hO5YDyX)s|?AfqHV?=W(8p} zV6#cqOg01#Zmg%1W&Wjx6J?nhm6lxRsWZ)(ZBePW+jTOH^hh@ zZ$Y_AJvIdV4#%=5V_|sTryTtTI`~pao7bo*B;-?kI83A}B89^;t)e9siPW!u?80)z z!l>C^Y9qgXr3oL%4i9cF5OGetDZB-bDIT@sOb4^OCGzI109N<0t4_X>9?~KqoUVkk zVFQfpIyu!7JmnV<&C%M?)Kb_iV^=_kj<78AfCW?L5gjjdW$y4P=SgD|@~feo1*)28 zGBG+0D~YO^1jWk8oJZl#l$9s(If~-&MwL`YdH%^^b&5-o+&idq=FudAr7icsiwy7H z2DNp-C3$$>o{I{}BTXPj`T(>Q)x!K;6^FR_919P>{FxT+6{$RyrgpMdDYZmQpqVwh z6bYPhx_TCq3>f@_9FrgeL?PKgSw2VexrZ24sg^a4&>`CtLikyJ{__BO3k~Pz95wPC zm^1WXH~|y95%B>z32>HaKx2?5L8-SlIEo)Fyx2UCPh0K zIZ1lmZ|tnI;feJdAWrJNxjw5zlCvF@exbZKBnxG(OVzOs#ngxpzaUpfs_I|S=HR*$ zKDsROWRvK$n1b;RvB?5`GNCd4r+G2?*bV~0=^}ZCXvXxc}Wfu*C;_p>VTjYZ{7UO*L>!VU6 z-}|NT6fNe{r+@RSp_`4mNYkfoGU@7PF*UYivLzMo&>^4q2_srDs!2SDx5fK6MIg)) zQ>lhngq758T{ES{YU1Y4!n$sGlY2C8!3@S-6-R_I{zKf>Kz!=GneF}Yo6_k0>R`)~ zD%7l+f&F zf!-=;oMS@sSzoge$)QWKEE$m@Q>0S^n35xiMxE3ok0_waOBdnlKujr(toKaP{nKuAQurD?Kxm1G zOA1YjEes|o=?6CH2LfNJDj=D88=Vi{NcAtj&;hzEiIjr)Ej&u$o{I20l^d&+{_qYW znQr~$E8H-{$5rhaMjUWN4tPTKkQw;+`2nlO{6j|-JCaEpi^d8ht)r=TSi$5ag4*9f zVVESHW9P_@BjtkE_R7i$vq>+bssKjyk?M#T>N^Trm$#o3MW^P5oT^HR2a;E%Zio}y zMovC~yROukd$t~TU94mK|`^AmK>Fub*Tt-IDo?D$H0q*0+23%vkZs(hNTw|B* z7x9m5P^#l@jGrgw;mXt>{_X<j=_SF7Ny8LQUD3_Nj8*Rz_pvX48TCkL3I1!(!P_Ky?nk4{u=2e>XHV@oUsdcM z{YJYb$-#;@Mt!&O&yyexn=Ju1Pt(hZn?EfvoxcIpT5)&V<#T;X#n~F0mz~ASw zBsn}Dms1!u2b+hK4h*?Jb!VNG<|VQZ$KDh$vE_Tk`m!rj<3JBHD>x+ z$D`&3XNBqtx9NCpCaym-q@}e4zf@-19sf3OpT6fLIY{csb$_jdB{pV!iYrI8d5@es zBSz~lcACYWT;6TUj$)dV2|6AXP}^=iH(Jud=2-sjupU-m&E5PyJf}2+`!0Emp1Ant zmpl$S+4*Gi7!}R6?Rj-P-Eh3U9+1}w(?gcEfa!h*TpZVrwAJ%(+{h}}`jnSH9_*u= zGOynXtT(Z8dH$_fZoKV!yqprBtjfK%$M-a|_qS%~SY`~?5yiuM=u5EdCj2xQ41a1S zN7d8!C^WIAihUxxeL!UVcwe8K1YIrBV2to|JpDes6K$70X~tyhMboSOk=*Ht$&KaX zH+nJFt{_a0=d*BMuyyOHa{=YpIKA3{ESAwdrRgSHZI^xc(WhfZUo677MzahjObaR~R%Uh-d5!b8}SeX6-9?UcqjO?l) zzQ1q7m&Lmm=-tw{91PrWhe(M4xwEFpGNBD=?08dMX&K^(dHcX&m?5kMuJxwHZAk0Y z639$6SfHa>uxgI@ichb{o0ahScb$03v%bu2~xLr zROxSNSI~NNjLA|^^sBxA(Z$t|!`gHJsv#+woHajUlM7u{K=xQ>x8dQPVf{xnvl6>P zQ}u|W89k+PVPWj*vv+%g$^MYY_U7Q7bbWTH0zX&H^?-WA+m|(_!$fWu_LZaA>e#kc zCC*Q?Q`qx2_m;c)a;SIBR)kM` z$`A6O#Na&k!FKre2RiMo=avvfLif0y2~WE4?=d=-R5~KqapEJzhBQ3kh9jbegenrs z_{4FmdmjfF?&K^9c}nv*mxhokO7{g(4{1T}$ShF-sTuOqc*JG8^weIR?X58Ru=vu>Wb1m*79;{ z(>xMX!L+zxC0%9{T0~^y@+`pX!Ff{}UQ*)V?;Rv^?o7uC51twXE)inh>aP4EM*?v< zOCteF(bp`>;`8)2;)#x$b9r&pMVSGuxOP-`a(XRh2e$7Q?GRX!Hr9+Jg-Mc?BvERk z`5eSAMgctd;>7+_(mDwdww1=MX7|dC9-s)GB7^IFsjcPAa-DPDHD>=UgY>LNMiqjV4DCI zcT5tn2viFzJmk7VD2VGj6BkF|_N1|Jk&;9a5|VEbz?;4bddgHn2obWY1hSTy3Q z-xh)gV?A%WbAqRKxpTKmJ4XXw1%I|j0FbAvLz^6;O+^~ zO`erhv3(zXWGlkp)eiPB9@V@4NmE;0VXtbYUpL3B30#fQX;6Y6)tyh zFK1Y3IDTMsQnFA6VT?cwmRo^7P9c>MbNy==2o5MjsWQY6l)v^7pvhFwA6E9@DuWl| zvLVH4(r=wD*HG?d$;atf%=1E^nu=PswI!VuUp2SMWs_qM`NA-{I_xHf;mac3F%4fL zr!DJr!CRiLcgVpv&x2c50#yK=WGA{&*6xldfX%*^{OwJte(A%+K19ODW5b8)(Ym!R z=96P$IAK2HGta-UE%b@O$#5Xr@L)Ir5G4LGepx~YndXs4#T+ZqyVE35t0PIk$(s(J z3?Bf#k=IDKnGr}o8h{tMV)FDV5IxPkzDAJ#Jv@Oi&h;($^DbP|(ulz~bf!K+)4+)F z+XRVV_3j=%2jTE%3TT@~kin_4t?{IFPTgf~%P|Ad$cg19<_SK3g#VWp#AXgC>ir!o zZ+Y3N)Gg(#@1^AA_>lL_h^@H~Yp2b@NN6r!+tTM~v*i0ve(u*3)gDiA3q^3tnojuDj=R z;7kSQdz$g7z}IOdCWPSkesk|#dM?3sPp-#%aQ`ZW>qYLW_if?!L9Zu=K-;s~ZEef< z@k}S-w#Vx0ss?|%seFCI^Q^DTj?8trXF6SHA^exy$Nh;4Z_Un)_ru0lxM%0NGk#{x zSJ(4|>oPB=t{jnvEC6S`+)cD149ivzUspZH`|hhzUkC4_>GVSs ztB>NS|1}JxH3K{m%FJh~Zpp?}XxT}NFK?0>)-M>==ADb1ZK+*O&fn&zu&o9e%VduP zk3#3qZ;jTG--RivlLwp3p@!rrN`+QN47h~Bm&%hShR=PZ@hL%CAc4}-BwT#)eR#l$ z;WX>6wZ$qS;m!NP^rWFrT@@1^ZmNr+gDckC9KB&HKu8d&%2-}#L;G1dSub_pcYIV< zEZM09C-v|3U7Fj@7&JH(IiJ1)M3;XD^6Swl8i>yhPlo(JCYLk`vxGMN!!^uSQ+1=< zWZv}!yc42s1Si+0bF?nKeL>qx0XGZDgjYP?hvrvfp|;y$HvG<9R^QqSO2X~^>G&9_i?sK(KBibdz_bz^Ai+gU)&C$nTh`UC?F~-sOYaQbm+Jzj~h!l{dJ1H`cEl;H=M%-Q+pw{m;VveWj6D_^)X9Ap-&7|G$h^8&lW+s@s~LPN-@) zx#Mz)?Utpotkm8jrE)U$mKjZQn`lL{u;j1H@cM+$TlvarM)+VsE}6Qi!>o)#0I;8 zbJ3#Dc?uFZ8Hy>-exzK)r9d-zBDabbn(Z4DkW25Wl^~$C2nMYLKd=NI4*rOI)QM zwd*K z>+I%0fgSqCDJ?&g-wScE8EwGcVcXoD^Bd}uP`OK;OT>c|O+5gpIi6{>>joRvfb~PI ztFB8?{EKJApi&&ITWuGogV{_Kn!R@{peS7hu%1bYtYp?Gm6CiY9*HH%eLMY5fQ}ck zrYxh#@#szLvcj4g@`^P{M@{TI6=M{mf5&Bt(AyyN6UFrlL&U>bn`j2aUClWrg}Et3 zLU74oJb{dIqdlmNN!>Mx+ALymIyR+I2SAo~iOoXaqtK6L=*$*Sm@v1aq)@;fR6_@) zcA$8n<{lNJ38W23W|GZ%+v z>>!oWE5{s?j-9u@rXH6r0mcjai^>bEcWsPqBiC}%}Ziyl87lK9h$sD zW5h^9A^d|*D1$dNYp^gYQy>6#(Ov+(Bu5f^WSE8#LBUF$(g*<*7SC6OxmhJSN8_;= zCRnO;be;|7x1VH@r0`}v33;@yE=HJ|P8U6IaCFv>pBgvV=SZ>|#npoiUFVFm1j3HG zoe4C?C8;TbXb%EugmevttRObXVhj=lh%sw3fqkV`f<^u#JtW(b6G?R_qbyn6!or$i z4*>b1OCJYb)QK>Ql1WDF`^^As>XtqpSj;!a(!MrdH_hizzy7({wLW2%SuY2*hB|L>Mm9ojFLCS4{cHw+Aj?}gWA3xgDSRt zWFlkQEdc?^Vg%0AlKG)aGf+rTgcXBQJBo!$*q`2iTTvmcKS8!$)ocn#6UOgQ=gJKv ztO|e)lmJt?uh}P$9b35~WeF&WLd6@>UU+e%)b?0R)?#KZO>2v#MYxSiSGMCKm{6=~ zflp0%q7A}4}%-Nwy+q(SY*jxQtN6gT!@+?g; zi{Zct?j+o5ceediY0aYM<*l|UNh!$p)afW0xZilo(8IIH&e#4^`H}q~-}5ZyEBBh{ zx^igrlOZP#{>L^;v;J-#5;3Rjr>_1gvw6}=o{!F%akJ}hxMW7BJmAain*VjSds+4^ zwNqlc)2^lc(@4H!+Z=`FQBlA_{ZK-?m4x(@l@A=aJ@T>@DXmC^L^=; zd5!mG>!s)74ry&iKnVP9x69j(vp(a~DgVW1n%-ikv-=5W&El%F`M0-*;c~I{8DzDd zqeZmS&4{+{EdkBz(2IEgJ~ZLoR@rteeOsHy*URv(-j?grP|Edpa5&}W3*7A6=(%(A?gL}A@AF9V7|GWy|LVQ^G=JCa*$OFt`(mvb{I&KZVky3_cc=N^ zkto<5h3nmd^HMRdOzniHg0ITFw~0 z5IT)Mw27KK32yEE5nXag7G>i^YMGc*gkOYO4-%FBv7`UJ>Q2!N^%GxomS+t$LF@o$ z1CJEKkaG0D_-s8=`W$f#kI&gs!M>*+my5&w>)3h*riK$T_!a~G(=)_Ccv-!)+&1k(I_cTG03Y^8YwN=$l>gv=Bb@wO{ z$jxko$(S&nM##4MW1z8vP+bLMi=11;!$xB1&u>&YUDbQb=fnyc3UCEiaY@ZWoXZCK zI5+WE^I}wF;@95$7OlGO^Gi`)d`I*rji5!d2w2kf{213*!fB5WNFez!1_Q3FF&nwT z1*#gUQ)fSYer4CKU#CLkd^VjWEgztY6Wf)WdGG9#t=5A4)DLQs5*rECyx&3^^qy(d zE9dg9sRUWvrca*`&&LuT!Y6yU=Dw`1qi=%yJBhQ|wN~B^TuS%f`}1_kV5#JI$^fJI!aR zJ6$ifZvpN--_wh^Pn>!=%zL!CJ-k23FW#$&k{Hp8dfZ&EgCngn47&6907NfvNJPCy zq+9)R?Oykb_M+&uAXs}2h5<7`|M6M`?O!gP5d1bAUVD0*zGycVn*kd>$kqc6FU%fD z#(~~}$a=_+x}YyN>YI^CJ2Xl=M!gu{K#e^gFG0P))dS~OU_L+2J$g4*A3WPZg?+&T ze7E;mI$rTF#Q#+H?Mo-G!Z1KUQwaaVA~HKe<3EPxrvJ5wtXSi}C4M&BKVN@QcH>c; z*LvapjFeigm_AIDI>@}7Dq=68WV)$Hj@3RPiA49DTAelwO^lBeDp~yTN^7m4Zglu* z?Re>F`#CJO!C|W+j3Kg9Ef%I`?4QQ3Uj8zkwRfE1eCh1H_3rhgbj7Istt*QJ4VoN@ zQKf^Vr6PgU;S@k5Gu@zhn#@n!zKnXm!s&@S%yf+SPMV|ux5`SaW%cwS#*L@J7`YS1 zMP7m*14MZH^u~7x!&9zxn%L%1UObEowniH&o;ym*8Io=>N6GOTSTLIh-lr!D?8}8> zhBF*ix{MnZ5k(hLT&BYqqEyz-%#2}%_s}$R(ieCuDI_Pv7)eZBRg4z>3Tj9};(qZd zT-&8p`!2a7aic^n$+qWX-?gbP5ek6 zq$(Wp6+d2j1xUOF6;Xww<_mb z(7^T}!5vy6$Z&j;_ml_TiL8 zAWBt)Qa;(wu=}_Dr{rU*kguf9nd(4XY)s-8jQ9Q^h|Tv?y>d7t83@bN`d6b9zI#+mPC#4^c#Vs^~ z#pBD+^LZv2X0NBsBzE7?G1{q;(kgNYk5U&lH3pJ@Brzi?7>|G7yUyjSK#|n*X@?uk z$Hky-@k`~eTlIwE5usM@`d#NeTBc{9ybiBJY$o`Gd++Q^8Y3)OMZ zL82m1;OSARjw83o#2lY&$V#i{FPboyq)(Aq&v4pj;jm-W6Ov?9zUd{LQ2ZlBaiKTj z0l7l@S2f=#&G4%qlxS&tMaM}&b3`f{VREJVRe<4Ao&f?f<-tTF``1HVL&XQD{KyTb zzR7x-NX zsm(caX2VgGv+Zh&E=Y?|>Q$Qr%Lgt`97=EeHj|Nnje~EOrOr$B$;~0l!sh^~EFOB0 z@0Wni63=I~!^7Hm0tg*8tdc4N4z~^_IRlRv`aaE^FsXs2*uT;Ln@TR z@WX@51o>Ik%jM0bL%3jZWaMy~3au`n^T4v*3zHU3CB>-FP;(Y<()hi~jFm2oZ0M9& zlEX~5US@xBAQ-XIAF=g`F0A<9W5ITY4mB7)f zc{5iVfC1NMF+=;a~dZEG)16h6S*s#4H!dfw}*u;5x=%LqH_T7yMk(C zAz3ymX#YrvLRrLvF`0EJMPMIrz!uA*lO{X@KGSi3%j98ISEl^_h=$TOEEmBe9w8qO zBLYxD&JD}DJ)${P;ojIe*?Ici>yuw6_1e|NM;=x}Bd%Kp`W4a+LMXP2HRt5$oLGy5 zH@Mawo^n0MjPiTG7PLvSz8Q_s-x+N`q+)^}vAUJRRv>B2HrYnIGm&D%CS5c8^KYJb7%o5+LS9)!$@V5AVmK!$;_>vBeL z*|)%wfP&b(Dncl&1nPRgsiX%J{i|?d-r%M=P^o?mS|_^kD%O;+;#-8AKpr--5gdvO z9#U=^`8;#=mdRBs%~{bdT>)@nebt&Us(5bbK9apQKKnUyywtP8IMf-T%Q5 z^rNRhr{xHzh^> zbG_~-VKtm8Z`*usY6wSohVox_FcLGXD;pbM(p$Wozb=ML1v?6xXfI_m$D7EVAKf=R zd}cCWyGv;xZ`)tir76l4N+vospercOFT>7sPuv`|DcC*p=yds``(9O88;3A^Z8~@K>i^ z`pZGa!Qe-&?!=ms0Zuv3yT4Prw}ty*pttAq&i7+(PcNG9QGH@1L<oU=P_Z$o9jtwDWl${R_uiyPPxxb`X~Obg16~qp$202dmpNX!$ePpV|9z^Rj`wx z_DlPNE8P1)2#x$_+S}(9^Luk6txAfu&f;?`^_wX)Ja`E4^?K=qO#BP5#s40!UACM@sLJU1gQHn3ZMeW&hhK{xj<9D~8^G-3z_aP*F3F zI5=<3J{O$O0ve0BlV&%9U0dt@IA_!FT668>qO)b7dlP;P+q$i6<6$V^{%7ECrLDD= z^VuhJiSyp;+X4BFrrSMQzhXE7`?_;qh4*!+q zNSr)kUQEZ91!m2pHk?Rzp8_dKC^t%B`ju`vo)5Kr zSa{|cGO&k?NOU~~SvAOyh5a}-V58Q`VeV98w0TNOGxCpCz8x7u_3hp$8EEO;jblM@j+FlAxTn93Gj=F4n#HwrJwb5 zTG6kChuG}w>29bvtQaxBP289&@al(_{x+FT)s9D%Kwud(4=o1))Q&CJvZfBO^_i+j z9DRwj42$PMFL~MVk4q^i#p%SrhFr?u6fh#Pw!YWQ+L%r_d08o}J zL!*QmszI)1S2VoXntid_6v=jMq*X=FVeM~1B5I}pSv4Y6q|l&}GW%akg5=uAVSM0@ zR1u=s(E5m>s2U|+_IL*LIiNZ3%lPBO12?Zx4{~CG4pex_fh)}7;bY$x7h& zr#i@v%g9k`2(N!n8V5%HrE$lFN|D|k2l`~Y66%mN?%j59>rQXq@pBIM@;(j98y2rA~jXd$yn%}vR)nY z(VIPV4QV>f4{TnztM4H)zZu~#4w^9Wd!vCO5(tWY+8u@l5eB|8PcU_CPN<-eN@18G zD)dVoxwje~V2sE^H)*G`T)EygB^^Sf$av39MAEY~ikJ<_hd4+j2OJqZDn-6Ry)wy5 zBM`6Vk5(0I@(xIOGlvi)(a;t}d5n`>A-j8*ihBgQs)Tq)W@DZydE2pzjy`^2KdbO{ zCt|wW>BPOeu)Oy_6^Pxg=8n}lc1aOVA&X1f8ECZYNC=vtLo$;xYV~!+{h2qfzEQee zgmXEC3o@c^BVk66Hh6SY7YL~*aS1qePHBzc6^8Ife|dOBby3QTJqIu_p-Vji8m)mB z|NX_A@os(C8QmXx9mkK9ym#I|zMD&p7-? zC~9G&f!8YX2vt?0hSn<&nAhTcRWSifE5#1(5AV+;?ZllqI{q^O%R#zO=?ba`qNr#! zhrdjyRdRKv@AYNQfhIn=sn@rDhTDO-CZSFPxVf+OC({3u>KDoK^ z^(WeqxL{9CboTgXOdb+cfqwy||2ak+$TyE@8RnZl`KJZ(T*1TM*3pi{{F8l2lD$8G z_4^`F#2aCqTaf(R%mX6uI1RU~F zb#QdsB(CDdUsVU~lh55?I{Su#Y6d6~*}4Udzx-t?5h3zP1SRzhkLlw?$Wdt zd9>llvuO_RvP(9~_Hg(TJDS&y71=-Q6@FxpQW4w=;zo#sTKS#7Qz){}Pnm5mIVOK_1oavYrM?b{rPbS|~0T9DHoH~=mn0xbHx zb)M{MP&eAXOGg*wk>#P4KtgyF)YLW09itdL6b+a{^pi0X`(Y-lVbUDk=-O-Hnl$Zo&dFwMMn6#yDj8w>kUx!& zP*LS&;=gyfYqsN+=|I3H9j%k8qr=$Sbuu}NsRwX)S68wZ(2Sz{n&C^?$Tbi5HUg;S z7*^=^HV!q7ccJGWFRo<5)@Z^sMQM#6P6FqZwRyKnt?hDaj>NQSx9Vy4^sN0oThc3= z+3nj~Br>d%-q-lN2;_*4jPtRBf;BCG^MPP#g{X!^XraV4HK9eAF*bxWgMwXDyMrQK!<7*1a;W1Hb~)<TAuor2V9x{?yxV^Y+UIm zf|~iq1BRRp{Idr$W3KNuI+$!3ix{yk92Nn&(XO53{UG%y?KW-j*wlpsV>T}NN_p%f zuo1fO%|O3A497Db$-T?Tm;YTS3C)U0btdd#mqJ0)=yO--iuZXskik2-^ck-HT9?O) zzQJ8!J7!S)Q9#L)DL7V29gifYn}3sCpuviz?5zC;QC}q`9eOYKVL%#uh;ZAoWIsvL zEy@^4|Kvu>vQhL%aX@L1#8pE!z^5iAd&O5xDe6nKSTQuP7#~EM;O?h_#=#2#LZfiA zAY({A9YGkt$4U*oF-kc77)f78(CG{+b^P?HNVKD7Emrsnu*C&h~GQde3@!Ft*t@hnQc`v5a})7(JdWDPmhYG2?jbLHa6GM?qmO4!c*e(mh7=5E-RUw!p7zg0lP z$MHBb+CHJbYYp}Fx?qeIJKl8}>!nJ~+4XVq#o(+8IB%Z9S}9YSiSocwc4|gLXdGOuSbf z*ZShRjdpS@aXDBOJkI$y59j0}xOOeRK2}d2lnQ3txb}42T3u}AHu@&klQ`Ws;ys$lM%V`F)pYfuXCw_RQY#NR9IWKn-V z=J-DKY;d;K`q-;ofBbapFK3F+g1^^?-nx7L&COxC{g|D#+3o(`)RnyX_}KT&{ZYH* z&q;a9-0+S{gNfRuOpak`v-%w~kQ_6Jb{ zdDXF(L-S&AU3_5Ymt1^c;m2HjVB|ktc%b8N<$*52-Jl^k{K!ildz#A#zmlokwPFc9 zE}qK@a%FBh78`L@gO8ugqbGHs*811~?QD)16F1?PJBaJLydTF}#qNQ0GYY*78&x|q z?j&)OM8y`4NM9*%6Owe7;s3iJ3R&}GaMbekLhs`-t@=a;k;m*lAc(JyQUMIB47mT5 z&dkrqN1&#<&RIA?4CW%lXn3$;hr+_%E^9H3B-M0pYcHTOvxx6KRMf;MuNrnzV z27ZtwP*qs<&XW1(xr{MSc6b08+jm0+q@l!+2_H@w|)2Uq>YkjMYB#C^j zn4~~n-Pu}o(VFG}SGj9TZ>45}*JpX$!U&1+O2{51k}~#_|z4rEAd&&6;m@M z+1bJBF5X$YGepCx*Q_+u(L|Tsd7v+_)Hkd|*Xy&%^vU}K>ByFQ?L+AbJ2Cgld}d3> zabkOXr*Toal}qdGLK_^8`$0qfrNrPSCh^COq2XlmGIP61v-B19y7wxVm!rA!@NVD& z45QV>_Iqkembu&GUY2uxre+JdO2@J7w!Jj~H7812*_hqe=$Y3wi|pstYdOCDR=DiS zP6^CcRxb4$X-uQBkV`4xULLeUNZE|Mf}iG4#JLQ|T^`v>`p-si0X*pmOd{8K!f= zlNkVP0jwDWY@zh2L=&jB@JgO#JbW|(FH|00f;>cYAtY0Hi5v>~DMt|j?2tT=bm5g5 z*cIPOA?BR286(D9#R%UQ>VLitI4aKvz5R-I<$mpd`2U^u$Ii;x^cT7CAGifeJLHu= zJ(b#$p4JmR^W(BuU24bXR%7)LY@iKXQ<&h2A&}YQ9#uo@mD=?hYjW#J`}1yMkR^%p z*8ssXVW#(mTu@U+B@0P$aZN>j(B#toGU6oJ2~O+&CB;nMIh5Mqsh?*>8SLwhy*HZ= z9Ube9PFEc&K@zFdS`B(nKp%~c2oBZ!5X~P{%s7n&=#{(~bB^Rwqfi<7Yix$;Um6O{ z4c9@%!&c2jda2F)w9&+gbM(NeYbO#JZG5E66PfceY+u#9q+qnb&$7m2k5xtC~iJ5|;U4FO8ak{GDWL-Qben@mqH*euN(ii|HUDyys=sq*<2~wxCB_icGE_%R4hyW3X^$ zW>uf5f6{CE^zyokFt4A%PX{NWFtk&okuGl*duJhH{h(vk@4hn4`}$6gbR>z9n^gGW3J;%30t zcSx#Dpx%xpqPZla`H|@-H-@qbXUoPR;@rYPD$$MTXQimgyRSJk;@XobmM`D~honHN zML`~0X6YJaluCF%M99r7!{y zmj6$|4B-wA^p4m7Z~+W0iX4IiT0;2z93;+X91vuomo5lze4C7DlGgWrc+dsSA|5&R zmL8fKVPwz*n*nHDB1CIobH^-keFBS69GXDqB7m84kMtvq7mzl;NLQSI-f7qpj{0Lg zA)*_G$10*_-`gRbE75&mp1~cGYd__LJ~0`YLSCE%m_m7QwhsnXAN<%TA}Pc@EsDf7 zK*KNS$9^^{w2U?#lbX1J0Fpc*mIKi&+>R9+f%md{-`Emg7QhN%LZjf&mst`7VuxNzUIR9$+6ri4A0mDZ3GjWx zUPvLr6c86>U>{_+vhM;a2e}eI|0qlCAS^oW7K^O7Ws4IKhO{w>%|3uo#^2+@EvUoF zlDk`MVgcRFVJnXZ1PBI+k1dV>fi(;oWTA8TS_e|>j1BXKtvl;2uOoKPsW$fvNzCso z8BduC$Hdi>O63Xo8KoAm9Q(u(XyHQbda(pY$ixGoDE>?lr>~SD`#PIvdgjsob<*C0 zaY2($V3G%Be*89+e;w@`V$^CG++s)Oj#$$?caCCt!F+Og#A(ojHGGd?RH&qLEyJ+e zfqtu*$y6>EF=R^Ljrt*U)8lyKHtnBV_#M`esyPd{E1RT^)5Sl*foe-#*hKC8o1ANJ zF15S$bnKhAkeQsVjj!*wj_1S`%#Q=x=fs+?pVj*jW$o7KjZ~k9fh*b+LSS#f-Y6NY zi~XGMX}=%ygGf=HPajP$C-t9jyJ7j@<6`{{G~#l`#U{T|dcceC|m zM%S#2SJkDax95BMM$?OM2K#+rQ?j=r=i|K4RS|sIx7u}XiLwh1$&o%sIl!g%}aOmZxJE zCV<7K=4pJi^X@lFvAsnjA*X#-64p*@3+rNKGAo%?lEB{Td2E4LW85#*)2Xuf`4E=u zRku(m>f%bfY4a3tx(9a!7+6w;F`DNveT$)zcz!-ZRR0~2PI4+Dp=_A0a81gp&kvCz z+n+ro#==Bk%A}k=Rf-^7nsx5;GBKD6*&=7*UCz_2F5+F4NIjH?ezK*{Zl#kg zXFe~RFfiK=$l5NFW}1={lZN{IdwI`W>mp@qpQ!c2!0Uc2ITEaMy_+{>+I;t z5`O0u=i2vbHG0_?+~x#ho2U8FX<~cZ7jEhWmg#D9;WZ|V<;tt(&NMJIrpL{EejnC3 z-Wv7CMFO{j-Gh1GheCQ9XY*_BZbCQP&C2L#T{K6n>#o1C)HJvE^2#cU1cOKYx6t~ZJEF3=7yL!KDuCP-d#I+~VV`BhtVQY%pe#lUBi1vLjt8=ycz zNU!@T=o#WB`GFbsRlxjXTK$HY2LKe20kw^_2D5p@?#MU3OIDs+e>(gDvIGKkS8fFHjY&$A?Gy_lc78$5TO5!P$I5g z)C!?GE2qD);~z^(vf+GdfLf#3d`_H@2n{hdQ^$CZpOlX3IEu;&cG?0}#-9c*rx#CE za6i>!s8z2)(_XlTj*L^FNu@eWj`FV#iPxg6F+*_{azxkQmmPzstEWNLl>kiMPE5q^ zN?t$(vgFC?$Xb9IPLp$({!FXEE+ZQvFD5CHUwby{MV|~SGD1@xAD2=YM~46lV#hn9 zpvf?9k_TzRt1O0|{e!e2z#wRR13OonLb!}LRn)&SWJpvJzOhb0nb)d^6xfE2d&(~(bdM0q9>{o`xuzt8uF$68FSohW?n!M6V=V}b>9q@qe}nqS|7BO(OmIkWW`msbE6(5MGwq2K7j!!8EJqyvJc zZ-B`cNvE4+oCz?AChU-9%mUTT(LTXU7`{(ZqeGQ`Fnf$iAc-b4$plD7^&=DzeZ2tl z8V4&YEtp`@XpV{)uFzA}sDqxmaRY3f8GBu1hj%1@qmh5&(+8ph|DKskJ*y32bg(zG zoMoLKzY#FO0(n8)=_;N_p6DY^f=k?Kh?)*$rWGODKTkzO*owa~uNCgHsYl!(;}Vov zG;YwHpe^S~wQyU|Ajzj8Ss7y;B505~k8|iR@spLpGZrXe4@{bjaCXh3jV8mY6M|PB z?r?ySK>+5dL+%_sbv08#yS;E+@$<`>R?tOVe*rMN1iI3)$7q~K)`SsvkPg+saZ2@e z+?NIICh*#ZvcyEtpXlT6j`<-vQ_WV{G+~`}3Hrf;jvE5R0c~)F8>0;X(ih=ks`J-M z3Q%CG!PKDqtBcji6e!JD1hJ+ny{JbqViqI;5dyP~Tz^wU;n!(g zLP|ht$}CAbqxi}C_yMRPcN9Qoii@jH&O+HV@dG(Bw7~*_uEF}WD{0|+^b*ysM{{19 z2=?ayaW?Yco}Nql8iVVPNz|0y(G#N)n8k}$Z&(0q5eABSm&>R_r)m6Meba7%D22SN zM;jF%Z--QxwBJnPS0Jo#AuJFo8oiQfBX%8E0ucmT{(>tTxgin%Yi3b*ubB&?6>zX- zT_eN03;~RpdR=$te{nD}kZ!@o%h**E>Cwe1cs_jUJ|yIfoBEgdOK#( z4b+nL7}e}PJWSkWsK~!%c_L%fd1X2|oR_u@-8x{{7t`9@6f@dN?#{qCEBZeFPx1co zJ$q)j{lxI&UH2;Qb+1)hc8+1Gt$axNX$4hgut)XhxbSJ_Yw!Dz{NV7cI~^ET_xlr< zRc^uQ71b0gw3XN0!Q=A?7yHAGtbytCvu4GjGnHBE+Q;yp_6Ki|sqe}*GOoA7U3lhA zk5|{(reyAOui}o~4`UBwJ?A{@63^<>+u~8n%SjKW&d)Qg@2q2Z$r+xNo7FxVj@@XPm{mfQ7__jNL( z>1*Lu=XO`4^Ik3Gv1v^AKdKk>l_^I{-iz1M{0L6m&yR?gm~Jo85m;UukC($r&yZ~m zQ?KWl=L~F1&sL9j9V|;{toNmJ*OKMS^<?X_hPs*n)tA{D$hh@Eu_+}$`>c%&TjhNM2KIN9pjl`LY!J9dlxfu3&lnf@Ndx1(U z=kABW^^Qbu)D^3<9dF6q^>TXyztAIka|QpvO5>DY15Wm^05p171I^ zHb0Svm)C$F2T%uQ?dxy;MLH&2CUTOev8SqMfp;+RlEWd01p=dKMnwp8P<$d>S#cmY z`;nzxKT8;Wwu~ZIyJKJTFoy|A>U@1A60+jNSD$aO{>MYzI+Swdb$Cx6 zbo{+fK8>#9VYl3qMqAsS{@NLCi`fygd;k5ws&K;DyzT9C8CLYg=_5x=^rkxPYl@Qf zGRyq}pX+V2y;bFLhg;Xo+3GLxBKxs-`RJAA=w7g zE${ejWdWBbWn-t`%g*OnxAnW`YztoNBs4izFP4lV>#cmGoRarmns~>8!|#hN47d$4 z)DEq6x3~@1b)TjSskVR14R$;10BFA{od4|(%)!{oSl{tKz*kDz zQdr6;J&cW$*S9MZ*T8=%ZQ|cm8#{~iHkjgyKa*1$G6Mw2>{qwagZ;PC@1`#sq%oO? za0BocSH)OBH`IbqB?a?Yc$lL3l&zpqV9g1J6D$m(;fdu9qhYr@IV~-{=$#WBue*2N zjx!x+HXSRu!6N|l_O2`LzmDFaIROAn>(w3OPG9hKgynI<@#jjzNyJkgABm#!)lv%1 zyGkMed5FwAAZwXqge8=ago^3`iQb*)3B^~OxMm(9fpQ6EB~Yo!OawU?%kt`EPlSU| z1|^_W9vj7}2&*9C<3=SNUkW=L$cwn1Ki2Gm)* znoW*-^{WTMJc{TvzhD<@hcwLy_q@2G8OO9Otd@+k2y_YSHFR7llhUeg?IdT0GqdCX zS+umFL%UoJ%0O`$Io-QwnB`}9;Wj^9^e412USz4akdoYwn<$YgvbhkQh@1cgyJ;}vX zEA?irG|n>0MlzFHYS3Ci#97QiDAxg}1|X>zGvXgZ&}t*4kvE5Cti-f^IU4t!c0mF< zLFM$47Z1+^kp@Uvgp>_pEOJrjC%_dnpyS8e<(27-J-@6fOAcf!+4-qqkMI;zIHb|r zz9zFr;fz2cyQYV+2udOGi*5+`m|3BI03@!Gz>jaLL_%PWjw9y>Xu%V)r@iAB|LX>8 zijIIxUk-ig~f^LyT7ry&^^@#qF1H@JeR3jnyLm~i~LnTI{Q|#ckh8>?6AfY za?_VV@yqtep?#!Xw2ib);F|pU>_`4D!1sTN1&3TZL8knzH88)m2KT?4n}2JK^MAzs zD%nb538Un0b!*!E;sF^EECo>|>dWu0A(SMf?&1omQ~HbZ@R#d0x32&7Z(VbAy7Fxd zf)N=cN?NZs+4%YSHI-`wF8Y{PfMpI_@b`lcgpw?yEesEnl~T!j4V^QI#a zDB@C3ickv_)l{Sq_vPbL55oi^=`fNw?>U6BePO_wBk&5|Xz&gB&(j4`f+uC_z$7^$ z)dMC>)Nzd&+h7JA+E&Rc{5C|FmT${`)aZaU~Iv@*N+^5AmXNF)%ru(9h2s^N8Q8y@)M?sQ_M`+|9*`eZ4@gE?}YSsIgg_BQJA_QIcR1VP8bycP?-y zNKGG3yElG$Uj0&QHxy%DFfc>FGHn)RUK30uBV({nBxGxBXsJEEUujW2Ir=&WQU7V0 zKGbr3=(YL!(D8|4+jG00MF$`U!|(K9(Db~mT_UHlexK=>^Cjf#3o0vHbYk+bydHO=K+dtm<2(69iaj$s z`?XC9${G>M^fR;pWXGY-JM>~FLzB}egoQT?B-9p}q)0#j+Xx_pxd%mw)OVSgChE+N zi)`eM&Xf!az=w_1gK}^{T|6iMQp>`7k&~Z5LZ4mrWVp6>Sy`B*XwW0D+PmPHfm)ckye^cZAk+I;0yepdm0x!P~c+-006z;yB^+uUuW!W9i09z zjz*aJG4UfxTP+@HCTgJM`$N;4UM4?+u(B2KIiD>}BPR`6V^+h#I6vc2- z^C*e=a18Q%3k=@EX7LKdW(>t%IZbKBXfwkD(@K$z({S+{D#L~;UhWa@6V{uakL!=E zkLym`8Ei&(3l@GglfNj@8Eg{iDWV96hyi#FbyP|o#GKd!q?*FzWuP;hqr{`HnyJ#1ZW%g;&yaSR{;%vQ1A@7EjLR0-W5Rx zI<*wAU;gK>nt{_ETQ8bQ|1jOFaX)l_1Ofn18W3IDTa;1c9}0$No9l5;zp z0Wesh>^`VO3enI&WWyS*iUr}(!+S8^O)@eezkK84J9h*c0+qljX(av-@;wDJm^_2B zxI47I_XV*u#+&IjJH@K$ z8foCjFF*&!H;>9FKq{UV^mP2_X70qQSq&^@5fa>-gV7z&q0&el!%p@Sc}lBwOq?3Xl=DG0fJXQS zV{34qiH3SOK;JbMzjJ7(9?qf)D3}KX)(MT4LT-l;3<{^Eva5$J3>R2fHn~Se0YV2? zGCI|#j%GLDpIKwl0^5UPLppjzu>{-o^v@_W*l$%5Tgx7_P=VY;72NCKz^3q2xup^$ z%^1N5+*FW)9#S!_YpZ;KD7cv*>|C89yeI)Lx^5m<#mZd;jDILfV6;r3+(c@P1G^|g z9SSOR?%Iz(_5p6q&&l$wAPvhBDPXRq2B5~jFFDKfDuRm2ZY^5ls?S+*D_?=bF^q|! zlW^KtT3@`vGG?jf>Kcrs&O0u$Na4O}YmV$tB=QtXH-CT|;~ z%(#q#xdpdSB4p@Uy6M%Ew!t|*?bt36Tm{y$$C26sLSPt!FwF|i-YOr2$UKmNDgY1~ zAQ2v%9uS&S`tnmowepJV+)iUjDzA_I1ewxu25uGF#`!t3byla9qj5OGG@g zZk5df>hA1|na_fu!RZU|THZ$S&?)$-hqRAGYO|xUIg9W^a~47tj%r8`{6)jFB*^39 zQxcrQOg4WiEV7XB#1)}kujltVwed%w6idt}ODPlgSGSz#^i!LHz1qZj3bCZ9q;#f? z@A2!33r0{kZERbK5QnnaGfcYtz!3GjTF~t>{p6xOb%6$S9d0(iQ&-9hmy{VA`(w z;+xfSw_9wR>ix(cYWtZcIJ3=3#d;J@i*1I{QogdIdpXZ>mwwcn+d9I2DB3FoOr>c0 znDM`Ht zZ>rafgzfKbEhtK&YW~&c^(a4n9YmG6=~}X#n8lgaK2~p3!Ny|m@sZS9@b$s6&?H-D zJ^06%NO8kVB@01E%~{nwm22bc*<${_RpfbB?fd0EbqAhmL9)%&U@DTWm!{$K6*=W8 z6O-j|q9=d%Hg==!rsmsw`+eklZ6j7D%*)y8wEV2iU1}Q{rP91(3!TX8neYc#1NzUsW{qcC1Zpqra_F$%Z9sFV1 z!&3~S>DaZN-F(|$@FhM|%kK5GnwOgO^Sbn5xX!_Vp_1La-h&^4?OYuykcRixV)Kb)yEQYj1am5pKdebAfyiz#jJ$XNM&6Nyrvgr_emj{OTv6s<@|oK*AUU0_ z$;P4vYPomwmGQ(y0!#MXncWv^?jMr;dO5VZ*aHfydmYGGjPFDx|Cw z7CQ+EQD_5v`E0(BiIU>lZ5UMU>iJe?_*gqq!c9CAG9He(3x+iwsP@bynLys)<>|J& ze}B+C?clZH&ed)>b}70c?x-1BuX>r6(mrk6bKT>&sT;)@qO00{j&MiGkab&vixWD(E`Tmz1rs89%i2v^_ z=Jr3&Vs^IwNBNYkWcj=GLF;C0yky{_?G&mqU_>x`7h4;mi4~Fj>#slsx(>uc2iM8j zIB{uc()QuE&I`NPMoeMdL{BJJCyeAfE5ToICodQV*4&wt_LqDP1DBbEXZF3UevY#- zGS63vV=VP!s@-(j^@jCjb1ND=0&sQ$eo^VV5~d{y7{J8d$dq7PU$iQ!pK9NjJP%n2 zUu;4Q3K}aG$b)qMil2vh8VbZd$K-^~C7Dk`Cn3>n5WEP%;T}-pxubFaP&o>A$I=0k zpcTxFL0p4fA?}d|^6lzh(`(;7gt!>3Se2|@(K|8C;ek58leh=Y+hqag!W8(Lvt9Dw zog40oJs*Ovh<(wX7(pJ8xFHWw8WV(d(zFURSuj1HUZE5V_8)(~dNec$YP+OyeFS3= zlKz5KF++GFD|DD|B29A!K9S)vAf{0h+_VZ~#`1pcg%W~&0e_^?{h$w8U= zTnvcd`1h5YyFwTkK;gjT8#~50daGivVvMj*;IQEYwpih~;TYlDX*J-Hgf$!+UL$6|DL<5gi zUeA{(g0_<3=Uj<&NfMUr_HG)Ga^+NT%mts!YG@0heW=C>(b6UTNk&nRj9^wu2tO55EK)18*J_FPD3meK+c!&-t>f-;b$fVTv=X=H^;2mLe9jhL z+3P_sXhVb5WhGenI#s;gI?=}1;Jfx4{-IZ6PL?f57qARf=xN%?uUYiTH^QSW>Ji%s zZfX|P3BNmhTgtXL((J*S72L1)zf`Y41t|@M-<&Kn-v42fPv}(&sw<>Q|mcPQ^5f$$Aymd zI5kJkj{I$w*T7jql@IXD)|&zSih)_BbkiTptpjFThMiIN9My-8jHPf3>yC_xl?!Ye zYE}CYjzjlOy26w!5z|Hur{S#%#YIr+)E5b#&;#ZBrG#V7S1vyTn59Fw+yKog*oZxE zg$ju6@BoQQwnQ_SW#PWqQMp0Fv8>zj5k$P@{6re?M>}{$e=7(?N z$x?@QHpht^vRz=U8U>v_mC{4;il9dhvYjS*bP@>}%5L2eU)BCz$tqhPCZ?7J1H4mM zLqM$K>&&YgRK#-*-7{e2b!I}W8o~~yErh+6P$KupUu&-X!y{kCiAcIoR2zk% z`#72oQW{16pW_9rO7&66eR9db@K%K4lq|>GXPWGezA+1?&5-R(EMPktR6E-Ek%cn_ zT%%lOR#2nd&6|vTlB?<{Kh%dwBt&p`sugrh8KG{$w0}q{EfdG5#sVc9h?w!vXdp$%9R^Y6!bZC36|)7tc<%l?s_- z5Lfx^mj_O@Byln6y|PiE{DW8Xw$&|2G&rm7*dKs0oD?tsdLlgG)ub|~$Xy}?GmBRF zk`{c7HKLzUzyl=V28+i{Vhb?uv%|`*>imQDC55JaEI#Rv?$p6S`* zh{PA{CXHaOtG<^c-7A#3IEa^7ezz3Z_3*5TQW`9kO@W-v26hnsR~I)JQcE&@*z5Z zjVWZ<;E$7#v_kolhk7r0E=cOD=mynHxKg$$y9UJUXimFj&`)Ni6(7FK~G&(?JybTi$y8YL}m845L#MVbtXZ|Tv8($ z^N9(h5>0u3Y>*}$E@6Bz>aCg3VQ*u6SOe&eE2W5D(@+X##F8~yO9g1k-#631Cv?*# zK+En9=_!##Yjwe)P+?s2_qsDfR_{y2B|L0qf)(=%jU*s7w8y$$G;EkjqR^9MSQ^&R- zsLThw;RmP?R(aqiyJyROPv(d@S54BIH{kStn_WnI6`$Po&K7`7M54Xv+|C7;I4oA< zWi+`h;fkIBm2+)r!F_#y%D^1g76e&7mryqemb3<3R$z~q4sBPG9OXPaD?ZWc+^y-o z?S`Zd1pTVsFb83Q*96~UQI6ep$X`(blHzyHD zks}L+!--hOmV(y7*M`DOiGg+|4WSsHO%u9gm#8_^fwV0(NWGKW%Infbbvg7TnIlVY z=WT9>%!AYAV06*B)Y$xQEP-68y|n(yuXf=O>FC<5OKdJ5-1bG3$l5Bs^#f|=j+|Uj zzWVjwb}1AyHNLg9F56*meaD3y_EPVsv{P+yP&)(>`SMH zU4=61z~R^0FvJgY-ql2BrU5d4YlzT! zGJ-TC1H|vbkYFe&E59iCd(p_e;PL}(Yw368(5V}(Zr2|`BjBRmmtbcSSX_5h>87P@ z^(ErKux+j0QXVf!VzeRx`&aTlr~(s0z)WoQ<^V4k_|^UE;0jS`=YyiEc>rdy8e)~h zY#XFcWt_*~mu!40PGX?mGQlgk1XF1_a1J7~HN944wW4lzMUeWwbzNuH8Sqn(ti;sV z4c$a5X#4`m1-K~|Xpp%q$j{m@=4~FL%?2buJV!}5wvh+|<#OE*R`68CE%jVR(>ufZ zxo{T0z3)1912S>kQAo0MSsV$dQ@l|j935vtX7J-Z+>)>@B?Z~bP6pN{fw>LGxiz3x z5L>6V?gDVtB*s9;^rF?@lu_^<-@XgP+8mRn(Z%nD$Ao)QF&_@piZWmmGLC_I(-l8KUau#u2c|{HWffYl z9bd22?*oU+2EjU)TtA0I0wGBSxx&H}KuVWHueBgRNBSOf=~9^UBQnjQKi;|@aWVK; zdn0wPue@Vunrme|V+T$ycPcM~6&nchg;3Sxyy^eoVS-AskI439d-=bM)DJ8-MJM2DMP z44kgR9;RmR7oxE<(O7YV*L3o0(U@Ft->Rw2uT(sOb!@WPk87t)K|ft1dX(4R1Pckg zv*77aw*=^X$Y%xY@zm9D4Ye8wR1+tP_be^KP&P;-=S;&he~VZQZn%B2F>Hga+g=P~ zT|f(Le+XU_pZ*Eie)O5WurP^f2<8WJelhr2y8iyZHUmxg27`djC1mmh^< z+({UZ1g3>US8YLU>&-hj?6+u9rXKVHwGCZXuoTzEttSj2+y8S_5P=n@!`knf7vWN7 zUO~`@CJMG>*HZ`|nx~glyoN!x3Wx}_ALEytcPdZT(MT$-*^~r^LHujqb(y&`N(PG| z84*`^S(dTD+KPkiR`j}tN`sEZVcK3Y>}&pN=(`EFe2D;B5h}I-nK9@)7^sE}ARW6w zJXZ+{l?L{S0=AhyOt*P&hF{=y&w&6MO{Z0^!CD z*YzC!?gb;wh~N9YlA@}e0>7$H$L()|c2QroeC~tAMH_KVS@xb-eWeYtio9yR8Ya8@ z=?g+veRfxra{L2Ysydp(6|h*U;V|UK4N54gKZs9AqVY(^Bn5hD?)62g9lA!(^~I^A z@Pi|0oEns4%GbR*&xliJntx(`N^Z^c#ztXJ@A`DrRaNH@`tL_spQh(qTK@z18H+6z z|2bU$`rz2Gf^d_OHGLDaj#@|ZA)=q6kc7cjLl866?az45p7WPFPkGWaeO-lBa# zR0&{*tdcA9RCoUJ*+XjXvWPTc&SC8ElPQWyC?ztKXVXTWq+l;O;yHehhnPP2{HI;lQQt&T(yvBLjGzCqe$5~hVKb>8$5On-2+{nUstNJ zl2XMrzJL01n&C|NiMIZkrgc%4VF*Duk-JRoqogl-RKRI+POA_fuPFeEbH?zGz;BVN*k-dgV zws2Q3HSIrJNlmT}Pu2fS%yXI)GQfx2%Mmkoceb?2uGH#Gh~D+o0BRR#jA* z)#EQu_m*W#$Gy<2p0iJ2PTgoVY2Hl+=S>DNTJA$2mnhU|b;NIy2IO4i;M0<<_o{j) zOj&H%hqMbbtQa0mN;A9T?+sqis~>7f=m?Uq(ClUGF`#X-p*;gH4(bdUz*Bz zMiJ=Jt$Xm-bP1o#3@f-a=c@mHGERS17(av3Jl(#%`=$ld{Vp~!x6CmU-62|eVYcAo zA2A0{Jrt8s4_Jq;@Ux0=n`?-i?nC{&VTf&kQ(6bZK83Ew0RA9PwnONI{^H3jkwNu} zu%BJ}z9H@s5qwRT;Xa(E;WQaF?~VF+0tY+e+*(HvkPIBXWC$u;#3>-lUv{ri9mso0 zZ*8qFo7uRCl>}xy3)EylFD1!%VEfGx$5g|NfPH}Wx2F^uAhzLG*>Al7xMn85il3R& zLPcLmAwCk*Mc#fNAD=0Z<&j$juk+yciT5h2YkVAu@yiY!4eRHDS!FHzB`aTQ5{%Yn zhP;U~1@5DN+iPte_Xv_(1#QL3+{N1WHbpJ$+me_)HGP+t=q$hP2#$~hd&5{Sy5#op zzkeI{`S|_h5)S|BiJ%aB={{^ptgv_AfGlXjs9^`o`fk5T(>H4oj#Tv>n8&R(E}auz z9o?8AR&@~;;R!#XZ++MUM^l4FPxuZQgS}nOOt{R(#UEAMej_Ixa}~`Bn13?p>Yr%C zExW~U%v;dCzh%jSX%l9te6}M&d>}JX4pnaxEiSbBzQO+az{`-ap z0QmXIRs~m56n~jH0Cj_h1PkaE4#+^n5ei4BfETz^mydIfBp`->;umbJ?u34BIFIP4 zH&9<`rs_}`)R9vcwjx^vNd9Bhrb2b$N{Y^Nkn_X-2u?zSlk^#G30w8OvLfHlpO^d$Ri%^^OX zJs%WFkVW=q)%L>aeP~8RGowL2&7YpUNl>9g-o*kYA-hV3bnV>wLyfK;K zpG|^dlQ!%2IMzS%1>f-ac7O!YLlj31LUuvhygwM?;Z}iC!<1&2bz=0UiwQ^=f&Un? z?vOw~s1GrYbC@IaDk8%SB-}~Y$uOvl1;~zN8KFvM_7*e14x>^GrZLkU(AdEUjWNbR z*L5ghOU%Xe*^BH*X+x3`GgClcCa4rW_^H`rVN)>EBlGsy%-YNdldDS7Bt?#q@JIpL zVMZk)+6|1BfgF(HD*ZmC=>LeA{J|>)XfKJ^`Z0Q8ARY5+b0%bM@sF)YCnMFzqe+rsYaijM(?#c#`sOb-Ise?GC08unXpM-5L zLb~WQH=^L%QJ-~{By9ikJ-dK-p!_bb1$x|SSaj8-ZV!LjqGw>_(z8i9UikM#eN?V=2DFw(i?RKQ}m=EZP)HCDLP z`s^Z;j`+uM)G2(cQn&`Mx#$^o{6if63~?=qVc?_CX1vVbH=))RTf2=pMwlx}=IGCv z=DOczuLbr-Pdcah#+Rm@V2n|w)fRgb(>D9?Ied(Yb**%3xd&&Y28Wml8|disSWxJD z1Z5tATCZflGYcyJl><4j1+&$g-GYfYTT|E`-3(fNznj+SstiyyB>(m2U-s^5ce^zM zRXVch$D=&VWA#%uA2J6CZ^r`fIU*-w%&U1@hGhP-HSCxRx+KC3gh}xKk=J z=Q=ImMN89h3Q+}A;Ftd|zTPoNl(0#+ZQI^$+qP}nwr%aUZSJ;h+qP}nx92-IZrquO zIe#iD>UTxHRhhZg;|&eHD9muPn83y^a}zy@BCiY>!D~*8XW^y2FiroKQWb{iE~btQ z${zMXS=`fch=+}Ny%W+3)+)e<-u~Lz4cyz?logh8K!m+n1yp8fzXFPRYs@_KY4j`1 zlb69;N_f%Ng9Lxh_GK>m7bVU5>L4USQN^6qWMQIZZzy_xTGZ5F3g#iw=3rR0MdKC| zbAB`u-sLVSA(Ta+t7wz9EIDCS=>9k5Me&xAPJ2e7QHFR#Ua~GaqM;yZ*>V~zv*C?8 zeXZD-(k5COcC{Nvg5nRX8GLi0xn8wM5?UdM$+id)OvAuYa=rFn6r2jz9?N`M^C0;lnA*>)@ z*8@yE1h}crsP;kc24Ha4YVYUd<`QB9dD*hgDoVPsjLa1?VRKFR93KKVB;tw=qi1=; zFnCz9quR_=d^d^0x<^wl>=*4Z7t{RP z^Dej)i*=0}zO&-Psq{vn2ns!habL(M{fO=TmiNneuo>8JIq1C7bh4BzlZ`ok=hsM! z*sm)iF97DSlUy^iW-fYUs$}Rj2YI_8QzFky&_c`_p zTJ!TGS^)mE3oeJ7wHGLUSd4^DV!2S1u;d1mPpF;ck4C z(GLX-52y?v$H&6g!l%Ob!iU^r*hUHia|B8VpX8ftA!MBXH{`hv?1JxECvC0g(@(%~Ik2{3|kkck$g67^eU^msDR%=%cBIeDCxJCV#^A7NUiN=_c z=5eQSw?ZU$#g9qP4)H@NDpY3BYg2i|9ljl5%_(@KM-iWEuEb{sNtgP)F}A9|;c;#d zoclZVPYEXy4xv?U1h)A(#CFc4)$mPvQE9WV8Iy17Xbb5b+d&hE8>uhz0Sky5;T`h< zS$J0kafsF_a;fR^Cd~kp zY4A~ME!SBzfn`OxH(=-qajd?DzmBcMUI$9qDwQ0oaubV@w9j6Y{$CxP(eu=%g)B9X&$%0utKQm% z{0xSQlgo_b$J5;F7I#>;M6({JOl||Io>N3Mt(UF#VV_lu{JS)v$A}%XTssa*B5M4a zy~pRj1QIcc)7pCUjo%|ULtbLtwhx@n3+Ff@u5MyBS~oUV9ru@#`Y$ zuijr@E$4J|KKWb+1yWSir(D}U*@j$@$mBXHJiU3(BE6gqP)UAX$Bb7P-*Y*4v^yRD zEpIA{w8RN@uAKQaxEnY-GJ#_dySb#*;V9Fet*QRt3n8t#!0YtQa&zpPC&{aL_vYSJjjuJP)W8h3L5$H#A?wg6+Ob(YzJHe+& z3m+N|j*omtA4_3NM@O;eN%u(X!X=%vM|QonOtig&tVgvxuZQf|Lu%qWxvm`V{pEJ& zY5lv`C#gj0YBn_4l>+uft1|bnyXU6O2HD?eyv^tt-N{9}oFgoaUJ#z07NPG%y`%(+ zO%B~2525Q6NIno#tZuw>uhYIae;=HbZg-BUv#-5;p3@^MBCL%nWO!POl_`_!wyF3U zw=PKQrozgLy1j;r7q3o6^X0>>WEmcMy7PR7&(v#B1tvkdux{5U*KEE?k5lt222S>c zRsx$sJ>K=7!~1=^Y@AfL40osVvPu#KK9q7=?8pO@IW{R-^Au7yuEwm3He=hUk*JWT zap||OikHxy?D~h%O zOD)~k$M5%oqny5)8W4xg^P!gYR2!PC^#h%w=gU*Xa_t+A87|JsRa_$SmbZc}ogQzM zHTFus+;nKKSZS%%6IQ2}7(mLS8ZWP;tf@>~%%j))@3!3=I4#gwzMR#fo2BbvRF7V~ zu{jo{WtP{*G&YMtO0$;G)D>$CM|uMrhqFGGhnXH5Hyb^dgUPIBnSk#WqIYNNRXab* zFM02H%e}>A72t9BmooCV5kLDxJ>R|Eg-BfsXJp?)!r|4H zuj-1g316Wd67Bkhsh95~_;1-)yDm3xj*HLG?xqV`4Kos3S6zC(61Vv~14J=jj*t5O z9|a&kZhWre)ZTxp%^tWMMc}w6Dq^{KeDZ0p4~sMbUQtFhCnq=8xbz>Nw^KWnrBsnV z)edW%YU*!Kl`(qOUt&+6k%3YbzBgMXw>od}D<>hrYcO!RXbY`2Q(6R!T4Hn$m<=R1 z=CH~1EH4$0d7p$WB5;@Q=YvmcU95W6SqiAvu4gvawL>NCxT6%j-=4D%8V%zmxYp$r z6{Q!q)E=AvJV$1gGhJ3jJaxAjV0k}GYOcE+FffaJEU4jRpJb5v9PG}1?kr%~*cDJ! z>dg)VkzFzs;kP8d?JMqkM_J@t@q8(F8f&$UI(8j*TA!0Z@O%ZeaA*)WZSoyfGR}cvDTN(_CMn{n%PoBI8kk7?tE8Fwu+bR zBjKgxdhIMfhyOq+iih8e2MS9-2Ni)Z+b6P zM>tjR zVUtAn)wP7(KN7cIhtUCVmU#`qJ)q7Zw<`Q45PnyBFKtISwjOqPMBL4O!K*_zbwVH` zoDq4qC$QpVJ!>?whtmpJ;io!eqXFXb9LX6_BwTD#3b?je)m(z<(sFQxbTW z8`2)@CcX3i7RcG1f(DP+^{f@h-SlYu-rb-5US7EioM7Z>_wF)#-lAiAkh@9l3j;`z zd_m-6P8V8218!frOn~+rwu%vT0VL7V{SXInhlK*V3Ao`OS@wd$U?&gkDhz^Oz%Yf~ zS<+*_26vnZg#G0500)>RtnSaj zf#YKx!rN<-ay9{4mfWm~vAzK%g95P>5Hkx2FDr#eE=DGx0_mx=5ygRUch1)`!RnvH*EVWdytwFGFEPKLdGd1B{Gjd=%43FdSYfPh|eA7f2YWb4M;y1V!1yO zk!|dgh|$PzpMIRZR!q=;#$%?$my3!$do=~_g$_n`Zysbk;$KbES}k2P@&+7|yPkee zBy^=N(n*u{_0^;yw+#;dO!Olv4isS#uB6;9W|PtN%#F3n#GakYB|8(Nl!+&uy$&9< zm@j&+QHBv3w*V_xqIXWWpo_N7C9D_SQ%uYS1)j1>3$^ph^LwbKsY>RvI~AuLG~JBt zw-*`U5O+UR&VBE1+uZs35D5YJ_Zits3TsQhL(lyQor9ihTHoe|&x3wGool{^wLiJ{ zP;j9rJXuVtl5>83%1NW%xeBtC=vbqk4VJ9oI0G?8N*X+w1G2_sb%|?bmo1m@*0h-; zvSwxtPOBc5v6q6bh#$zAGqfgtrfRhpYp|C!m!_^*TBFy-Kl(5AAFE&1h+c6#<2lB1 zb!MxI%~3RFbPZ~&P|XQdhIVyLmqN|)K7Fipc&o9aU~2?k#3C`Ju#Tcv3gC->+6rt- z$sC0!7ond-b;YCK@$C+Sm`Bmy^7&DM-wWtbVhH8=m?26+6tqP9ag3J{Qk z61zj>1g7rNyh0EJszUq*ObcM(!=MoU?GsEwpc#bFgV2L444xA#$U{!}>(CEEAeBb` ziGK*m6s*y&ZO~oIuTFgkJrSHNn59poUf6QVLn(4HOVNmjnh#uxaV0{fz^fUOQuv1) z*5_}xux;z7_8pI zJdd<&jL`~?eHr2jaUo$HZePuApzyL}{YqKdGR(w8J#k`S^A*&Kq;_Jc8EBm|2x<`l?=tPPC&VazAX*X^CS2Cd^^pxVT$=mkZghb%UD#Yw~&V zo8dpFq(sOvvaEiT!?T5o2wm=1i}cIR3O}>F&si}e1KMc9c`)POn~QUqXSpIU&$l3z z+tK7BBtf$Z^-HaKzlV||Vap#%R$++f=9e+=AqmVmSLc~X=e4wVy4x>WVwS0g z@o?icBdoVIG1S|@c&)I$Sel+q|FU9Z=pjef$mnN+V_Q5q&$D0nkRXmyU_I?B<|pVI z{k#*|=3MvfWs?q{+WpaAj%N=i&(b7C9M$OCuY2~}QXE5Rqb~z z@U+P%FqJUwdtAtL*;`*E8O+)D=?^S8Zvnl<3FjJ0Ed3$Ey; z|E}~bh9^um0H)V0;V|Fp-AsnFFdw3aH<``^lHb=Ci6mgrcn*kbu~k+`+}fiNk7>jWW7^zJT)X_unxcRx*jO0+N)#I|R(?EB zu<~1ksQ=wCHnDk=TaXsmss!{0Qp@%qU)xa#kj1B&^|It7L)yBJ%Rnyis$Dc|7c`P^ zTu-J~&f0On=h{!yu4HsHy+3z4DmmFM%oqVXQG}NJUPfW#>U1M6>e!Ptvvr<`c}_h* z7ZgzWNPnH-l6}&7C2Zc^1wO0#{dD2UeqhooNu=}KGq+pGJ*mOnW?j|O&UsVr%crV| zHrC1cE@N>!tCOWIEB)z~Gi%!k{mq+%oe*O3bCDaOp-mK`H2~ex5fJV|UG(oDvh0#e zEAuL&K@l2Kf?RZ^j9(YH+H|(~2K(>$XmeU?F~k3hssFE$(9Q;q|5+{muUdwzhVAF3 z7K2;lo@8tq(iX%aq5V%pf0~c@NX!93u&|b0$FZ@Cs%w6GYgZKi zL1N&M;V!dQ+v==JN`r~8e%gC23OqIZU9m?v6_M~1S>^fJ zk!0teDWupL%mO7_GdaNbWE&Hk|NIA0?<(nS6DdNnWI7>U1i`oApvHgZuu%qLZm=!j zgRL7xNDWqd3KhNHc#C^(;Xxsg+$XA0rNAxaZ!#E;bxI zg)1L)IZm+Mwq0y-)R1^w)vVZ@%cCSO*?G@Ez@$kdOxxoRsA<;&$Q1!DsNM_I_>o?KYM#ZUBGtLJ6z~J z&qGT#P9@)s$Ee#Mj@QvxZ;D$1c+$~5Kb~_ABx_%5qa#Wrb*XwAp5L*s2e%0y6+@RL zIx<2s5j89eGnP7`<_ZS{n|;4JLdxy4FXmh03@0M!*zc^_1k zJqO9W1SFweHxNz{F^{FFUC6;)zMt&(B2pBuC6efiVVe#cwMUpwW%9BuY&kkUGb8hGacVv9gS!z9rH)+8B;i8RKC2#${|}HsvT6e(`&U6d`m2-tUr}`zTWdQbtN&AORQ=>p zR&aK@+%~U(z`a_?@PTOUF@XV7?uGJ(sL6Hl5fPFNm>=0~(bcb4d0xQz#-)V_R2!QJ zkgd$f*b{=;Wi*lHDD zx@SIodv3OT+>B&&Xaj|1lhl%ID3zK~2_QIQ@Wn|99HxB7&{H^l$`O!&1*qt5p>R_M zWpj>**U;kFd-_FaTF0Ok3%{r@w47_h1fZ#aQc`Qtcn2ZB;ilJV?*mo*8o-4GRD~o# z$RrAk4?yCPlTJY?%`Nw|vWr9IcGgR302xb!Tf!7W_3mh>4@C6B?3!ux|51W~)=AN$ zW2j4K>gfw*rTa^R4aUHQz4rS`9INN*Stef@_~D=09X$^A6X>cMcP1-&XMe}Fr)8Gk z68upU)?=c3EyBf`_{;t`@+!gouNQ)DlEC@GLlO-VI)M-?Nxy!SyorKh0jIF)-@aSH zNb`e#aeC&_OD&o}WF|b=_OiOFAVW^0_SF{ZNhlnLWQ&833;dm?@45N|5! zLEz20#(T!;A(R2s+=cS0f_?IWMAX&HKt%j4lf2l253E}?&I$0h}!u_8y2qIM(> zVvK`}z>zp3kvCVz4`HSR;XXRMB{h)c`pdzDL&a|lX7u+j03y8y=8!6NCkIauh)Iet zT_-BWNesyvzQ5tvTMUXjsrvYSzOZRV7Og+N7K%lMZ#orM|GPI16eOr70u>61BnS!? zN@UpqDJ~?*_+Vi^yR`O?4|{5*OS-o$`9#VsaT;&9ylNV+gnWXG_KCDcf7`rvCKSok zqg?1dgO93^$0b(#(4)uZq6@d^3RQcw_b4V|CHGCara85h81)DwyB`v=Y0?}6&v0B#i+a+EA!_0e0=-0 zHXM6b@06*F>eS=P^4%$mbDO=MPJS}vX{TLfOA6(AlhZT4c+~N{M2fNvJ;U?TCFkYZ z$=J&Kwn*j0D}HF0kpto9u=$j|XutK`fJYX>;_cUB>nTu~mp37?6Rteb&>^z*~KH z`DiBhDk)bwA0CO<4FBQUl3N3Fjpr0kHdA6}!Mjkw z&2Te<`B3@DC7NzloNLi(5lf+j0y(`G5Es*^p$_6a9{3#y1>*QH8XXeRw!`c{)kU;+ zGhA)Gf^%zHJ+(6yS#I1~2hqHm1nY#dLm7s2a*@)CHXs0wcV6k+*yZC>Gz(;NALMhD zU3)c@=)67snHEYO4)hs%fn_Q!SdW%U55j?x4%%bU7{kh3;t?JA)_CEyv4> z^`$KJWT|mtgcWzjH~(vUm(xtm^oMum1f#z2hh=6cAgGXxS9(i6H))6ItHvn5kBZ4} zwB_m=pEUI4`{PP#rliy5^(>?R3JcS>oBrBz%gv2P*B^PO z_$iUqH*xFe4SYRRackLmJQo@A`9IPne1tL3L4O+}lfNdK|NUsUH~#;+A}UtaC@Ls9 zYg}7fYqlF3*?(;i9oDNOGF;8_#j!w2(9AswxeW)Mxwg_%EX>S?)3KtUHt50(trz=>n%abEb`%izZ3H8YkDJ8D((=d|RK&$eZN!UH821yxADdJ9D=)~= zrQ{4UOjJ4rjGspth;^90rZVCY5*WtlnG0tXLUmx2B8EhkXsj4SY#q(I(&jwm6FCj9 zLb8&EcP7I%JIc)i({g28n03oF;!ww9k|iP9!|^@Kb?B8jvC0dY@cC^8k(DB7mMYsw zgb)`~fVgHDe)Eu;#2dB4L$TN~+U^67lQ8ARGcY5m1jmyc8PlU2BKt9DLW4?|gdwL7 zIn&ZceLDb=0d$eHR#C}^h%ZLc#8C9a@FSn}1I1wE@@=Ji@gf;Q-3k$`@&NkcvWD7# zF6hTj8fuBn?{FvArGiE^&-=2v?&<3>d8m7QK-b%VmcQUMO}K+z@fV`&ij=f*gE$C@ zBtYqfXqzxE5ZBCI+JShZB)U9#)=3DK)xtDB5&F&H92vZEL{(=DT`AT$fF%gF(Y>eG zY^l};R_ekCyxutBLV#82#G_6|3HT=NU`$5bdIwmxUqJ8wx{q(?yr2?TjSifrjpRih z%a=yg9Q@gK!@AY2MouK+HXdg@w1@;~k^u3@fya+jkMa_yn|4flL|accb#G361f#}z zMT&W3RPhivJYnyq9%b6YR8FCof*{7(4>IvyrL~4r2G9;l_Bg<|ykQ?@N-V5F(P$6l z;rATTBFaMtE0I^xom1!OScJi&ZID&k6f;5<+SOK0SF@%f%8EL6MPq|3~OXx-Yo0jQ0cF1>QR zWZcMEh!2l;d(Jw1MdNJ#LS=thJ?44FakUtxRNGdB6zrI04U zqDM(AR9#6@br3>40&#Y99&sTomU6O_1ym!NisEjEy?84@vbg=)TGU2(>BoY9G5&|Q z6ZN*Z5vd_l)0q4ur@F`>ZJ`;U)dVawnZu5EjRpMcFu{dp(6 zY5c^4SPZV8<5+d#$Jt}34_V<8U9Mbm4n`W6dR^O-=1XP&^T#p|*7vehrRIy}YeO|o z#}0=oqu0^kILm+m4drS18OZL31ITZ0OEwUE}Zc~K@lH8zz*i@y6+FG%+Pf>DzirO?^(ey0qdBese!Mb>{^>oj@ zGtGAM;@k7`^Wl@J)9G!3Iv{<5m2pv1DOYvRB&`}{fWab{>=kHQHXp9RPB|&ykeCIh zem!T{1jnK*N}l4Kqk5`4K3IYu-Xxj1fiFza|eAW8N- zg~o3(EoEww(yvbvOIl0`S=0wHJgDe+`3}E|4Jr9d3gGfkMMNT+&Ap7GT|Be8ZF;6; zv2ju?d6r+6c)J2*UV?*?EU~Td^j)*2U^uYMzxpo^4qg~l=Du^!uLJ&WR^C?^xPbZif$o`*@#Yt%{{I~^BdCHuK zd5M+V`pgt3^G&_tF(xC2>amr_#{EadNy7M)@Z+XXMF&YxkQm`10#4H5aZ&`M_OHA9 z_r;aEB$zSB7#5cH8eWBc%91hA>4UwkX-Kj{tcp^@3y(AIxr)3YO^&u6%!k{%WtEgK zNwGIFBSK{mt&AwJg0hlFM3TLn)If5qEciK?X0MF=zzXWT%SjAr7}&<@d>x;5T;20l z5xeKVe8JHUhAMJ9R9?mS4{I!eucC+O_h&2>*!AN51QZA})>f(-+!lms(*EBPJD4GG zxf_geZTD#$A%=g(iZI6J&C!zTrfHis29%7$JAfEFfeM2W8Rm5}2pVQFpLZgy30tsGPUmB^hT!^HmNo~Lwg)&QBFPaWBb^=ADJn{^n2B{b z0a5DKNUpMEonw)-vJ#%#WRv*ibF_pCmeT#@bWxg_nHiAu6VYNLSMNDsk2H8T&PrM% zUy0LhWepPGz^z;>TH$#Ob_C~-3Utl)!=PJ)gYErEiFN(Jg>T1oeG!b5HUxWp|PLqrhSug5o&XI&A*t!9Yw{&C3Ih z-YX>c@!JmaGtZrKR42AOi%A2|6IVQ-IIzJ{ksvlR)r7A`@W+lVUpv9VDX?`(fmi|23Ap1Z@!6w$G|Z@|+noI(pj$h1V{27M_%o#o|97WKKR zJ7{K$|AR+70=(GHBw)Z-a78K!`AzYHD&5PwcJS9^0s!L;z{Zi4U%dc=;OaCVjTR;j zzjXC#8N8m4X<@BHh&7DdV%0K+U-Ir-^6lg3vqCb?u?lz;5ooD8?5uiJYpzdSJ1AIK zxU3idR|M>D+RPOn#KR(Z0k%$^?P?pG0t0oRC>EgDS;I);jicJu}s zUUAYH%@TN8^*iz+!13U=a7IA?7g*B=tr9xk8}->0xK#>+KM9yCJuCm#O066Re(dO- zuAge{S(XQ-o+X~G|In{Ra+%#IW^WJQPj0_n-uH&vUK6%b2wr`{q6|8>F&bEd&mBhx zM;j@cD3TzDz)|3c6p25aT!kHZ&%%t}_!9Jt?3jg1co%1Zd9TT1?wBs$yJiVV7w{5p z0~q!a@Jd0LFT0!JG1{J@lc$cOBY>++USA5ZdnJoNuORdQkjAdTOaYDw4$yKL1RKhK z@aE5(%qz@XC7m|egdJLH8ZO8NApH!f#D2g6Q=@cA=#OeyirJe1Xl)s@U||mVY&i;# zu^=%)5iXlOYGGcHk2%_1!J-U3A;Lf52vq@KlM#XjFpX5}`X1Ia2+9skA)CH?s3{xJ z;|!fQkhS0yS_O-7&VM2}TMGFMB(#gizrmb+kg4#R|VYlr3qId<*B_V|-zs9Us za|3=-s`x5&!GmirEiB8Oa2jwClI?C*!uDi)R8CR8>1m8%i#tE%EqlLp!=MLNyYLFR zCuy};iu|}^VFoQLGfi>Ewc%;HA=T4dX!e306vqdzy~EwndE@8HdE+$(Awred9qKCWrH~~OOypuRC>07^cdS^noNe^zly|Q0dz~G zrx2|bbG%4NZ$U)xP|~g4dmuN8;Ld0>h4hdVK_C|akLfXjV0VxGz{L>d+a-wPO+ndG zYJA!Jexjs?Qf%!3me*dEgc@0Y>S}t3eTe*dqDfGv)H$b#y?G|9KU0;M`B3xaQ1eil zaCflU1t&+nB&PtlUB=v)?MRZQh*$P-r}lAajTeGWwks2sjnFN?8{VgYrhY}Vx3@?o zD;B8Yg*qnHAt^0y>W546;214XP(!I#DC-)`aza%8^_b)jXJcj#Cdhp=1(vW?|D5fE zcIXx*pA?PEqUE>Lp$8Hd=43EE=FjkT*&ODCYVzY<=VdKPqAf}g7ceoE$YHi&#mfKX zmT05(y49A7mH>mE)^ZBgJV7ognrfq&mqMdx0B;!@R3l&G#PE6=%+FF%0TY1n`D>m1 zX~g8zg-lZ@$!DoG;E_f@qTj7;+QkQgXD^iegQk<8U!nhnsZQ3`=q4aqwJ<<57ml2~ z1o5<~o8QL{kFT=_vP@D5o~Me5ki*2O=<~061jXxyWR=#wJj(YDgNRgoHOg zI)~6^0K9-k{0Y>EQoRwy8~BySzbDFYAYIm`8~sH~iwSZJu5t zqPDH4z7|Mx)jhPD$>{~6D%W{13$qiGZ(4>wOW zW0X3V;UFdbK4org3}&6}@6!;(i@i%=n|FcCim!f_tldYLP;||b1=Ew$cu~~Se7C&` zp{m@>^!)B&GV8p4)+j_(BM4}7aWDhmIO8qfeDG^tBsC(CB2A1Ou(2~rT+t*kL@y6dsa6;TutEAr zPanZB!sk982n3_u)@WY>puIZ`9JIXrmHzB8lg%_zc{2>(kPGBmF>gUWkyAV)&t!vl zfK53-R=5b!FTtpw8x>K=saEQlCoSt@F(Y0B|Nh~Bd9xg0fxzBsp;< zg);`YG+TCkgzg^yPb+~h8DE2kQs8?!C;x96vW37YUW2%PxIQ;JetAHHNWE5FH-E8K z*>dFO`qOrYe%5n{RI$}#!?|Sxztf#%#<^yJ)|T2+&s=(tkG%<7Gs&w0J>S$pq}#@S z`sYCcsqPrmQPdb~^wh`LX0selIlw~n78=KH=LR|4iE@E^^bVxG<_c-NF3P7Ij zy)hAeFd*96=uAJx6_UoYrhlPfJ&8IiTqE_-7Tt7LV$Ie=|H)h4f+@pjF?sB~E( zdg*N#`A5g}!jRNWolx)w&-fNF zr*UEj%ht_a`;l0n$TYt4Ro$LE}$XCUqU6oxU#lby~chJ{h*YmsU==ppZb3xXq^SXPE%kV?y=h<<( z9PY;4hP@M0Nnuj+lkj$`r1c>99en#G=G$0+{xex$)^+)}qbm2x*QsxjC%5x;{;@AG zYco^I?PHAbq$`%1+g>f@b=pDdt8hO8>m(%)*>1W*70>4(-AE~Q>9VI!PvLztK<(U+ z3*N;z_b0S{bHUBed!xtNr3r6bGP(AqrRU1swx6%&o7nFsr@!&&wA&&Xo-d>4a8>L2 zI5dV=e3^$)Ndkx6_rB?sW?2dy{yE3zW^Uta%&oHHXUoOb>SV8FA;8S8+k~(!5ovQ%kdH1$p~Y_J+XZivYKP6_0d~fF ztH1l@(x|RDrkpC*{XQnN=jrGio^Sg-FK7r_DUt^&x^#kMm{s-vXJ}mJz9;{cd1>)UGN}>(ryz;i2Lv>#tR`9CmZM}tEo3q z3`i#Qvv$MzGbY>VLV82fE^Fo;jfNbsNe{LtU*ynb+rg}w_DV2gr)^&iSm#Wqb)#yA zlSZ@^rot|(Xo|?^#wF9Ow<(UJbi46}w5Ju5`$+~9^*@C*v<9MH?hRvnOG#oUiD`4+ z5;I{?PO=}T_V6vsC5nrB;hCjutL6Wl1ZVvSOPO zzuUc;{}cPsA=3YBEUXa$OUoFKmXxkmUbt(mRJB!H43PXX!@9X8noW!m9!LiGQw;(W zq@AuTGyvh^hbKsk8&Nz!Z#Z3#AeL%=Yv+*U9USyoh$O z)p-)Ia^WcF?pWV`v*CrV<#J_HO3wB1l(Rn|g=H65(?3IN*x@MG<#^nFP6@m{4aJee|yzp@^lBV0at_THyU$aP&dokjOIalPV}vl9^9o(*oF{(8vAohW7(uyPk9#t0RD@5-HOJJ7Cw zXSikmW_RPx?JnCLy&HNb_GK6RPUscD7yAbTZ#eXpZ{O_J>6Zdw{08*}%^j@SQ+kE@ zM)k$Y9lF_nxdZh^`~ma};Oq12{|TT=t|ciIChsFTkQzkt3Rh0hGo<>XmJrm_KXM2C z3c(wZI|zO^(E9U(s2cJ{_upG)I0Q6{FTel*gP{MHmYJ)GqmzZ5?SD2Zij@B|cKOXS z;@Ud1oiJgm;|;U6nj>^^lj@LP+>*WuQnl=u7gSzc8=153eeaj<>lkp(B%3P$e{_ajNn#M-FsTBVR782nB$6QVaHvFKN6|wDq0l%4c@QTK z+9Lf8q+O3{B>r)Rgj9>EEzKe;^?t_RIkPOkxM(A}lLLczDuMrcKrSDSGAdhHkYR2sGq>D z=<(D5^PZ3ha&@ZZ0ATo1+!YLQ?iyS2L|42}{sf?~72(e$3Fn)!0!I4q^!f;v*PLR8 z^cYL;Yt$GloIQekOb*d9t|!bgsw<^SUrX&(aEZEjf;$8MHo$b$n#Oz;6kKA;CpHiF z9ORy`p}n33t>%&@e#|?MqWsE^{X3ozdMfO$&ef2;prj_)JOz+jchg(h zK2~jawtybSrHt~69+quRx^V>W}UY}lyU;>RBw>Fl&(?|8Qdz*?jjc- zuHbP&z8uZfXYicKq572=@zkg|1@HaG{}H^<5s&*Gd+vUaSBXa^ zHP9+Ti}OJ!({lR(X`tyLH_ONIc69$j`nd2QlBNrpuLujx)YBB_V2*FNld9oD^o32A zIRK|n42y3HFURvi+Gpii#fD3&XKHYSb~4wh@P%}D^RRnIF3abA`Cvf{jE#H#Y1WKx z(w1B0-Js;<<74EN>!aAt*Dv75g|zL!b->Z#d**Hdc86wRD9;^~t&_aWZn<#xoc^Lq zTs<8tjq{kbINri=`8&4Y6ZF4V4d91*9yt^MfTZ6pJMRD1Xm@usG5t@;$kKpzMqWwJ zxf@+>x(uij)1RaQMv^n4HUdoPqepw~8_?e-05sOX+^9E^SRP=VVdsbNxEF^^4_+iD zIkbL>o1JxbVwEA_v932xOq%7!oKJk^?>JkV%8_YVlWE^-{@6;V(n3hMUOw5JJ886rBYR)Ej?tfNIqx^78g^s9Hjb2u?`JOMzHL zx|(yJ7wg+p=UzvKvb+7mtW$>%#iO-x(AWf1x z`Vh2>t_~q=?U+yi|-t!|=Z5B;HEBfhRYG!UliT z$H4|HmWYsP4IeI~$a>xyo~(JZeE&+}kX8ZY)Htt122m^&gk{yYGJAR~hO>FVzZtwp z66ph=E6qG613)Fh78cyAdxg+@p?G3K$Z2_ILm5%n!%=t2{r`uqci zSPMEUIoS|kEkkF}pb}WoOePQtUr3I8nJzU*NEk^>LGmc4uOh*e3}(cX^o8;d3sRL8 zrH(VO!Q5oaT6gf^umY|h$0Ey<(Q0<~kRwYEdjZ60eA6i{d>Bw92meKo`cwp?P2(66 z!bC!^)3t>T+HW(1p!&y?G%7(_&oEFRIU-LJYb8D;tJ*WQa+gV6SuPv`J;%U=A~n?e zd1>bI{Mdp-8;}(zWMul3gX=kZNmF%#uB>H7uB$V+w0uH`3g`jZf-*;l#C2|C%7_Gp ztQ!zJqo?HEw^{PiRJ&Lt6sP!{Hoph`x@*y%Yg&;Pf{GntOviI4igIikq9Dms@8rWv zuw@{q`K2kW1iUI2GZB1hA&IkZF*4rXy}%lHPL_x-y8#a+YfT7~Y>%gKDWjqtiy8S~ z!i>}`5A)mA*H7(L5Ezoj$;W9#5z{2+EBgG36I((KNexv*2Ud~)@M*}aDqzB~x22?| zq@||CVjsc<|ByHR<-z0kX)`O)%<|`xC$0_kQZtI zqer$oZQTn@B&Y4E@SHkDS4~dyMIKS%EO?>PwL{dV>AoDfSwsUqIg$ z!rl<2rgkQmEIFMYr+-HqG7HyK=42j?4?GaouozkR9K9A9iJ>$x`T`?$bu`$k_uWVD0Y(42N{dWj(n0oobFRnk26TQPoyweD@Sb%R&q=@Y+0TRl-HVD2ouJG@@YR8LJbZ|EUr?G zPy*Fx*^gPus*WV?fT0iz5tKdE@pMu>SVF3cwHL@sa$IGD^qj6FuT+}DtC3%&OW)dLUpbU- zItGgJ-MF+Y474r+@tLP&Niz?u8Sfdm-PKRf&Ne7&nkRXZS(NxZZH#HqB5#$?m(yzC zkC^$?59%L#o@;`#F(T>p+fN4=^_G2vO1wrz5lF#VrV7hPh79d^5GY0;!%IbhbO`Qa zh=)?8`1zK|K`}-3tnp7>?CO&$@&+T9dfO6iN1t#ao^* zH_sz~$jj1T;wBVPy}0*R$0rvQj1a&!Qjtv!PqbHVkpZ%79NMQaEhxEH zuX0x9v?!iD#hz@pfs*Nnp3Za})kuLJuaOD)uMPB^q1Za&= zwTLf;x?|L}E2WM9w-w5_=e~O`70O z?R00XRHR0FR7tzEuWalRtsg=>tsSb24+M082@L3FS8lU@KW}ay#;|p0&gX>978wtf zPa!KRAsuq!!tRSuK1RC%TBLX~h5=C;igaNFWlbKaZ@_I(FCSEV)QP0rQdrUrXp&EZ z6)GK!9|Uyhwg}&Mk#y8$6%fWDIb;vBXLFkQY8~Wo|9ZeD;i`F zDSPT~fQVk28omUwb%+QRL*BZax2rW~E zTv^}L0*;5cQUTYs+w5Ku25nNC5GtJ~7t2G2PI7k%8Hg27ypu zTsx;6p%IB9`wa1HaIhm#$}+V)p_%NWnwgc|-gEpJyFHqHdA>vZ^lCV&CuUvi0`bh~ z&Rckz+=oe9ir%fV8x3-nreFf3NQ_LX!3?#(vUP}FKS0(pKpl2iFs>ay5DkJh;foa- zjG%M2^7+VO+FG$D$#XnEq!WTkmkd^3dkh4Eg)T}j3!l@Baz@Qr+5cIiC-+ik3dI1OPb2kdb;}%))Flny#H2$HcM2u}_`6 z0(CwB>MxCrfHm_$<~1zZ0VVY?nOLM~?YzuRiH)yD-b!QJ?P+2uUUdDeDjq1NO#l;4 z1v=8Yf_^v}5m(WT$7W6i#%lELE;T$8C{tAKn17pJj=|qS5em1=wS;~)e^9Zx z1FnPgl(wt9*we@HNF+!s()Fj)=ua0hVHO8REFZS>87Ew$7k|yx5r3r2wN+61{ zmUQdBH-5FZ0T2RD1YHcuCd87VKMCy!ZNd7w8J^)2R@8H8Q@l=v8b@%iwv zSozVo7P>_GSQ2eETtBgY1c1^+5_znEexkS-%$XXbT&IILP!bR+91JfKCnVrfkd8#$ zIu$j_@GhYWqL;Q|BpC(gL&7>PXEFci_j!tr^S7dIx4!oTm>6A7(EIfeB)msYeA^DX zSE_4Q`%ru0%Ry!n4zBZlrV*RyMl76HMEeqY375$hoWy~>i$niHgZ>`ms_dr;(Nwk< zSIkEzbQ<#b9_W&r*Dz1L0sN)pzI=t3F?b7%wAXakhz=)YkQ>|J${pgH!rm)t1+7CJ z;qFXQR|1Q5b-vd*%e+DWute$C>mu+l$Xmzo&*1&l?{qYV4GQblIqvpbz9sxNuRO&r zS-(ru#K2;R0Fy}o{;pmyw7>hjD&6i>l2?os;inrX)H}ba98Pf#G&Xnl9L=uK$}T*C zGaQe<6kqc;EDgMBBs?U0iWP__Q4Ifxa#PR7%L#%zu45GZ{0)2%;MS|qVS(gBx&AhP zj?k+}y3ZcNH5bqq+|zNr!vX!>g2Fqy4ZnA=Z%v@IF_u_Vc3U0B-dtY^-Br{fvOg;SrG~}^$9i|_ z&pwmDl#rCLlsWxKya1B=yG>A-)P`#q+z^(`iGp_r7~D9PfQbU`HU{nx)X*|U9E|r0 z49_x#ZW=F_P!ztrgNm6IjCwX;-OK|u8!%su z(C?Gzu)!-P=bhPmH~pQ7dm42>Q{a#wn7zoARD!Y}Qudmv^Z_@67pB}E^)JRld-#)z zo1%_W)kbVDbRVK14$~{7R3Xf%hUl=>fS3Wa(zrnlmkNlTC(t51{pKTST(gf~E!6k* z8ROEMBMjevM|(M`6ZbvQc3fL&sY^rm5~gC9d4^v{*&0I@91@{%40%iMAW6sv)18u2 z5lr6cAK9Z}8Q6TPwwkk(@<_dAHUX1DK4iO^eisLMU8B+Nb|*V{u^2vjMM7~o+4H}n zDMVy-FK>`3+j~Dom&1)!cd_pZBU-R~TaSAh&}T5x?ho7hW4V)3XKp_qQ|FWuk4y)_ zufL5wct7vYce?1@Yuy)Z9ay$j>`P`}JGZTIZ@YdvT7U3zH=cf_-8XuTwJC6yWU+RB zFB%u~5&!;S>$L_*!I}2FO0NLV_1Vga0?pxkZI#~rlf`lGxcCs8gZ=%SIstFXCg=9K z^qCsd>eQ?8w!Ax+tKwBR@_QNShF7iWdac{w^GNT?oU8ervGYaA{SNc^`m~I-xTEI! zI!3iCTuQ?3vC+PHDT=Gp_9;CJnm=9R^?q6>i}5PMu{!tSzU%rYq=eh`JUwuzxV4z0 z$CKyfa>n!3)_d#oT|x!@QFx~IJ(GpCt991f({)>5k;eg-V-fv(ok6G9%lfqBcja|( zqha)0RYZHHJay~tHWRD-s#JFor02eu&GEbI)@f#$^6~Qf6qVQgS=MDKi8fc4_2)cr z_)4@y8;MF|CHLbynqbz;X7IZ^RMuBc+wRNo^0qcN43szh`O{x_=jmr9?`yeum8bnn z?r?LtOICNx*SapvV& zm*-=0a2>bG_mkOlcfGY^_WF15>1D?2t?FxD%i7{1>vmVRl5_?CJJ(T@_mlt7pvTjD zvd|fml=|bPFn94Z*tH~E8_C^cvJ|&6t44hm(mPPr8r}W;sRl|G2h-hjccP+q@_pDf zM%VYV4xg6Y*Xn+k$LDz^mr$#di{o*m>-m~e8|63cXY;$@u-)b7TVyy^^!GgK1P)9` z?R^}Rr0ZAry7ZMh-%HN<`qYN0Dhlk(tH(bh(^1j)%Jhz~x>Ie7H~b$@6qxNr$F$Dm zRn1h+^Jr%48;FZ`z9 zUa(pPrgqTM*q+2}mI-QZNOJ&oZW9bFjR6OR*1(a1J7uDzK53$`K2T-ASl0N9B6oIB z(e~XtYZi9yHzL}PxM+zl;Y0H8(K1m2vu&Lhlc9izY8;X$0>bBj2&v67ca5%-hK|R< zWN74eDJ#xJKJ){sP^LTpi0|qRz``}H9Z*QUDzgp`V#2!y|+AmNhga}bi zw#)BzN7GKz6s$F~>35;PMq`k+1M#KQ@OKZQ9{wgObO_7mlOuCJ2~u(fJQzpDkKdlz zcc{^?v(da@PIg%}&t^%=h*Cm08r@aQDA!c9-?LgVpEpf~Ji9tr!T{qq{enq^J3dXp zXI&CPB*sTvy*fjXNQNM1Xwj~*8}+bh9>uR06VRXMUjuaCmv;H-8t98 z@zx5F@8#s2EibQqFx_2mp7i8|N0-SYyejoZ+bmIUW4IpQ;bRFEmm2){qqObZ$eFLk z?)~st#Y7*w+S|}Z80W9M{lXv6|I5J@36&9FGQjrNqY{G`E^m`=l#%dzI=UOH7do(z zx5zJxub%GcBfo6jUHp%+ldrrw5(F+Hjv-+PBhm;La!9~;DqsIB?~5NENG~ozM=Ji_ zKlC*G#RP;?QFW%`kx%DRT2kicJbT%lc5DuZ2eZ~zCya)Z+8WyaaH|%UcdAtf0~#d- zb;~tn$|Y7S7t)pq%@(z}^U5_aY}dElHPriPbyip~zR+c{CAy5{xN=M3(za?uiJDX( zd%?5nWi1Vq)?i2!fwCwrR-Yt+#&MiD25YMro}`uRm<7&#jF{5y9xZ{xo4bF4;j4R} z2td<)3X9{sC<5OD;xPvf_C5{~u5Ec=6;w2) zZGhRiXw1lR=x)U&lvO8%^Up8$vNEaW{-QMUY_ocn)urbX{Qn$9s(7ybH6jB5)c;pK z$NZm0k^c$O-Tzk?R0G-_d8KvMdC}B$lOjoW^O4+SvlvAjj{ zbcVQCCMh1gq??*f5=adZ6p$zIk+aYowdYX7i*ew* zXZOozu#MBIuI06FP1Eb9>llYm$ZG$4QP z#DTGfpil1}geH+4AAA(|&J{E;AQ-M-i1htLz)w8idet97(0~et*zT#5TVnSkaL?wZ zaXM^dV;%6@AuO05DAhgNfiq|EPFLUJ#S@#B4E0&mJMO8KjOHF1E^6xH;WGr_0woY) zON20}BrtG~P}5oS2lxJ8fY+0b>i{190LJ3kzhdp_7tbx=pKk*A*kT!TSWSD`YF<5I zWcUo|5BYJUf7rBf`f?B-*uHk)p-&M5gzB7!P1s}{3uulVH)sy3-TQA|KaP292*%%m zD#@Zk67htOUOfWYxE!)^K*0g=TLFSKqL{kb;sMV$CA)9tOuMDv332z zSj-XEB<($DY}0562&G^=HhFes<4k<}m&hiA;DM|m8#{Lp>5}yS4DkEuj}^o%8O>jc z#L4>?+5!hVkHhsAEFPW&1;zb2owPW6eq9Ih!Z$kNMcT%Vw&dqe;E3DtBXaX410mJ* z*+le_?AOJ`3Ht1Z zTtyJh2oaRSyj{tmpvkFe!$h*r{%1fm7h=1)dE z05$mK*|%5m@hOOtp5d(0U`f}5X{DaI4}wtQc$ASV4q4^-Hp=ltC@7ezSH1c0dMHMUtE>nnK^`ZruQKJy{lZzMcQG1Y%K;K{@ygBVOse7gPmx=2rDn}z=LTBXlMo4wq0v> z!N^@PD&?v^QTfSL{{&{{NrqY%9(xmP$T3urA+GUa+o2`G#*m@RSRGj^k+7w~l# ztq&<$QJ;qgqzt-7*>MDGTuj_$LfNGv|CDl>u|qfBNXR4=EW71t(mH*B@>z^(c^|Oi zAPc5DTX}*YwUoX@_5N&974d~rpl14T#jKu@U}!~a2j2B z3J7kWEds7&%EJ?3AqHoR7T%!YPc#v}R(oeAxT1HTwzn?qr$o=VUxFvge zyLyUb37nF~dKMBVESdyz9I%!EMN;dF@-BxT5fF)2rW`dUMRNTX4Lx+xYf zwP(pdcg*mG4B{W9(|~-?Ta2QVhuRbYAPccT3FDS=0)^wtovHZt2De4M?Ics zX#QvF{LgsJGe43k12=GNU=ucPJ~1|2DjOek6Zo1#a%TRgKrL8l8@bp5#-yRAe`D~i zocxc+lP}UYPJdS1p&6JRZ&)7i2v0O{u$6y2mcTfSl92v^Vs1VdpgQZZ5pzxnwvZFZ z2~?E!sB(PhQ6XW(LR1^2xbc6$L$DNB9qD1h7$yHLrq zH8c7_21ram@|?<&kf_zU!Tt}rC%tgIkUWPs(K~QT27Fe!s^}Tg@_ugeY+_TPd$|^{Usy=RASSH9#b7cncO^jFqog@ba-u9Xi43Gpen0>i z7>q_iz~&--W{oqivJY)I42g4Z0ZO>k;#0T4Y?Gm=GJ-W?vWXtKhc^N~yra2F_aa0A z{2PNb86id? zs{>j@I2%B6?tkO|ncHn*Q z#OQ&hWElN)1KHGETyUFaATwpjeRd)kky=9(9f{G?RwUAcW0jB!Oa5#yfy_j91`I<# zw@-Vh75hX|c~2-^p7IBSN-%1({>@YI%pql(cesjlP}7$CP39 z6m)`h1?&`H^c4e3q<#$m4?!efqJgFCorM@^B^P%c`f5m}q=9-+7%R2~mSeR1=O0Nc zehVv=R#wWJlu4K%#rgB|Owp1cw(5NrFket@tr&0r6D@;@&rUQ;dI1?2C0KytK%{gK ztK!2ag@365<*>p@9^|eXI6?ydD&oWq9>A_!%lFF(Kv+Pxfnu;4SHh*jl4m{BGl34^ zPEv5uny^`@Ns(jn7YAVDq&g540Tq}l@FLZcV4e%aDcD5no;)lOq2RWc=~qCcJ`5^M zyBQW0{rOPsT4QrV*)%)bOAiQ{_1SSdfs*NGotaSVaE)y^mr?LR39>P?E-vPqGac}P zESL&N1(1Pes)apSQ|br{0!@=9O@9Ga=T1}LzPn*%f!1As*0YIu$|9E`f|+0isrqXV zh8TGm^+(nSs*lPA_xT&;+FF8J1@2n@ zgFj2;vgm6AXXKYjK~BP@L9Ek)xdns7&JvM}2{(ce%f_2STH2;(0w$K=J4B4VxZc~7 zZfkiel3KxhX5B--2E*ZTA6*8}00G5F!wCb70F#Jwrz#=Ufk=WxCRv+Hp)^GC~s4x0hNCax|3SdjR@&FfF7b*tJ&&vov71buMldq>cL zEK0Ex`HM>O>Q6VKe>+CtK@UrnUVqVsK$WWnKUMQ>vfy^Xvhhfh3t zPnZJArx^!*gd}!jnPa?8H3O`z)O5ELL;PVtciYVS{mY6B;Qf$m57{(rk5pQcKaw~l06Xy|} za8kZWwa@TJqGPuak9o<7oFMB6ge&C25wKFPH&=dCyZJ{@{H?#MF_YvPN)J({jo_eX zD9)^Gi}3jFb(pBw@acYRQQbrV<^TeVO@g%oVj?G5sZ8;@r3r0~Q7C;dJ=p^UxRz{9*> z^tV))o4wKT$$lDmZCdp}l6_&5^>s9U27$BwrKNRrJiM}P*4<_>oV?W0)=IAGd{Q|i z@uqQEeq6DPjgp$+Ho^BbIPg3wlX6BNGV!WM>kmc%D`Ov!8d@QMDEhq`FYAsoGl@>>T~5ucJWWaPg)QEFP8B#mjxI`puE5TC#l`ZuUmtI9J=*GWbhUOlX_oo?`g5f=XIIF& zW{=bAHr%9by!7^LEaCe4jTUD@dQ^#~uAQkcgSFIMNY=qKx^lQapWf&)p5K}5X(+{kf1>Fc;$W?9)yy|*`0Jf~$= zQSI@#blin$<$kIia?oS>6$u7OD-D&>G!`IEGGh26@6!~14l3isd3{X?X0}T#%}y z+BmxioB`MkN;RJGo@Sn=$^KOyM$OP)9rsq{#r+qi(&m$Q+B@Yb$)n+I{@%SD zyd^uaG5g92#a07_;|@-BF{N;eU2~mgrE%zUYNKdyzL~1}=ccQ@^0imSx9Me|lgMOd zGg7MKB+@<^t5Y#EycBHwptRlDeB_GU_W{-2j`{Q{h$2LE#38POU=FX+i_>CvgB#4mZ@*a zXj3IV%USN|iSNY}PEHlRJH3~Q?RN!>bt^;8PEH%~mapx3u%RyZ9f8GV`l8clCx<8O zNS4}1_R0H3XC;k}cKUVu?{XA+L~2UZC9fI#!(C2lw4f%W&iU_4=Hy(YD)&HEo95?x zalJtzDAE|Yr)C}xV*B5c-x{#dm#%eP)Qw#O4^3;_$ZPGoFX~p2W^qRgKUzc{{>*^W z!w;KGBijVw-VH>>om|4ZW5wN3hf#5F+>I28wzU%V%$TD$o0|CR`z|iogQf-C?bLgY zemQa37--P?UnuJOQ+tPlE5>hnGH91m=Zr-~JX4c4-$q%=# zRKMBH^Zs2wZ<`+ZlKqeudYt*NHZ?62e9*2Y<%?7E55%ivVnRM6bcT%+FK z0TX#|SxG)~a_nc}uQ~ptux4_Q;{rml&__7{Dj_gqA)+}7V-aLIkV=83a@gcN%5r$- z0y8u4j411|Fzs^SwmGh*KU!glIYuW=4S&_V&bh5KStlNk|7uZ;Ir3(7uAp2|jX9Sm z%uD``IlL!ePxxy=&^ZEU^lwCLzR@{5XNYXk)HzgVWUs*50{r=@JdjURuTWk-(>c>K zk|)N6!b08#JH#vB|2gR+(u{b+{*NC187r( zp~OgADMM&)3fh+7Qt|4iyyCc!CW7QwB8sATLGxRzk>Z!4{r)t^8`s{)!LHYBLv2zE zfcvCYENkCp_KgQ5fIVBY{1 zP_z69G`%tcMXyNkI9a5)J^~IukPZZ@695BHA%@#X0Y7RX=rWQh3>cU&q9}Cup%`NH zhaf}<1B3s$rLxGs!r)ouf=l`cbQ=-C&AE5r-%G(|sF@RU2Pl~ZZ*hOL4;}Jh^50Ad zvNmRY8;gF=)qa*Tz$oT>fdinCJ(L4jJhIMV2_)AhC^0lraCSIfT>zB6>4BBBi#pe$ zmNCA%A@J}*(02qJaCHw3!FL?~I=lyG!0dhD^AnutAl(2IXMG0YBN^_Lmad7?)-syH zt9p9%$a?pB{xw=x8%MC;zxCw>0y0$svp|!ytAE;9?c8}$cf*Q;huS?uEgEdO4pvOG zy%iE&%ED8LnuydnLQE0r)TP6QsSQA7aH%4?&p6iJj$dPLgonLHI7CBs+2|2&%AsR- z-E2N5lM{{?*T>5l6*xR;wYs@GL^-(`zn_kX<7<#^M5cvXHNcro8dz0pqt1#oaf$#j zbSxVDLBMBg9T86^H~;BU-hW^A2vLE5g5?WeFiUGBg<3P6!$F=&WVmR|NLE^9v_gM= z))zKyi5tB7CuERSAM!2D?&XX59}Y48M@r9V2Q~wucA?_TNPf2s&92rfMsxC52W}Tvwyf-2XLkO= zalRive>T->d8bu&wK!d?Obh?&9!ULu`_H>p_&f$W7U2I|#?H+8J?e;TT|9Okq>xE{ zz6Y(~U2@x%b(~~G`T2IguI^qz=jgziZOwXr{niZaRey7CKTD0ZH}?4$%$dCdeBS~>a(@BcM)T*^=;xW~>Ay9BuM1hH*O+0ocCqaL zU(^tvVg0g!|DaRVu>U_5i2r@B=(#ffuL^{kkG--Qs-NAR?Q8E$?|q}45U>BSiQAAE z>qM_HFf;!k5dzQ&kwCtQxe1?M;*9O?f2OWeBhDg};uvWv^OaW$bnAdidU=HUBX!Cc z&e)p8@S?(faj^`;8YNE278S8MpD!e&d-$^3>4}~NNa^8 zR*fa)8BC?4Mw@av#49JtN~FZF0kZ!>qcg{+X7(YB8{(?17|yT7+=8q&JPFERv&t<2 z;;hMUOcI0_&g2Ep<*Fo%`2UXE_&Xy51Whth^u)-LUurh!& zq(qW+qxS5850@cgtAr#aV}^4gsmGWKv^n8^-SHDaL>MDks!oi(WF;u~PnnmPB%sjyT2uz{2MwVBJD(9*<;L20RRg-Uj0!rwaGHJ3r7s&w*6 z%J9XzRRnK!B^w_{RCSu6m8V>pQ-uOgk=#4C@`SuZHfTB$Xg4@&WkvTAx4V}mJOD9K z$$PeFp|ZyTyYdPCjVu{dBnc6-)oUmhd`FCb* zCYTH3yy)@6%|e8%VDP{eq&@SXr4^+Yk!53(5mfn(&q~CTNt57Sh}~$vt;?XeCfg&e z#eyscP?rxy;&TCBnAIbko@3R!{6kCdo$$B2Lhjclolnn7Pdn} z7Xv&EOug6+0tXawZ;jJM&_L-gnN#S_#xM__79TjM9kw#)*6z_eG$x0tYJvi$V8WRT z3j&0#;;ROw?b(MmSd50sNgEVz8J?>IVn(P3&6TDH2F9WQaj3Q7!JG@7G4Gyx93njl z8&QpqsGS!}#a{&KtI7`t-yw@ID_NXngvvR(Zt3pn@l*Nq=^@a!|A?<8^IYZFkiuLG z^58z9fRpUq&+FC((4mYNF>dfwZ;!GXczjQo24SfN%z`*obR;RhJ+`pEHRw4HHS8%# z5>SJvffwU*6Mpzp9p<)-eiw06wu>T%8wawik`+Q9V^!(_HO%A}m$S1^fR6j*q76$n z1OA^zjib<#&P@4sU=V}dw;;Bsz7OH`UrYT9ank1^50VyH{V%=Ne?ex0&Jq0mX!l0@5u78g&8y!;2w(}0K$4bzRpxJ@x zexQl}kaFSO66w^AWAs3%ku1KgiSF*5#3=R=aadH}q*p<~tcZe zQzTg$`Yh(K6`#AL!A~m@PD`KjeNC%Plo?kUqs46xAx!3)cH%tQpQum{F+bM1T)? zpKe>722OW_CUs#~PYz4in2^q9Y$m9$HcR}FvNToCP!Q*tB4=T5O>3KbsolI8STjGI zkmd#0NgGRCXVq(SdB2YjL`}N4IsH*wqvODc-R;A6`K5Bde=*VZy=)>=`L%uQ6#mDm4F8~Xi^lz%T?5bcA^4tusQS%h+r{G5*s$Dt zwmhy#!!vVJ-u_+5)$@K!yj!kmPb=hyQipXpGDLq}w^L}tz zyQ*~&k#+8Se=qWL_qy@olIv@}T-d?eOw*3$6|qq^Dz3%RfAwO{s1>TIAn0fdA(h=7 z_IB#+@5ZY70IMOj)k&GLq_^EjBNWdgktHy%91m1wkCgLvE-Nf^h}BbLemJIvdxhEM8;S8faB&rL)$7T1*5PS;^AQ^K^M`3eh5LBtv-yTr zio5X@ct`dXi~aSQwPJ;vxy9}HG2~RSfQ8&=P3!LHkHzP`UzAqsUHbSO0jneBTD$SE zM3<}g`FY|dx@pV9j#;PUS9s{9cH}l&f|p_E^LIVm2j6?p@!>nLVSWf4xtT7XpH|W< zy7NQLut#%ah{iy;G!BwcGA$`;$eH0X?P&_!6menNO0Sh+Gwo_hhHO|U9i5PYOFBTD zfl@?|VVeGd@?>F3*OccG_(A;ydMY)YmT~qAuR(G7fBmcCydYFm|BFr>Qv(2C{Z9#s z|Ib8Xtq$ppHPW%>X<}9FK0R55%`eC*4v8>kj01g5jEzM$8cdYV-yT6NWu+BCO~ENH z$T5fmmCO%4V{gN*MIItAS&)5jyYt*5CbwByM|1ZOi{#m}hW5Gpm!&ZgS>e~$V%mGe zx5u(KeJf#BeFF!A*0aS|fB1}=;^Gs)KNZW5Z~xSs$dyP*GL@n{vhs9$s!y6#+e~Rl zss$C(kz(xWR60U)qWIBZzfsf9;Wjv=rF)p#Sfur%;n*ynDXtQjqPSv%LxW112=Y%AD#Wk^ zJJ(*ys1}>Gt3NB zfKbME0_~n_u`rnMsKSvkWr{?pMADTxMb!V2h;&UL+XW&R0>tycnnS~Jtg=J7g5xMw zdFO!$qJ)zU)VsKa(O0r^6eWO|?vO;k~rTJBvG^rZJ65&RjsI3KVo!V(nk(wY^ zOLNpQBtbcLC8H=ro0N^_$h5LNf!P`^MVq+qy44J70?ctLn2X^s)tRzqSv*4#BUPeQ zK_gEbwQPlZ;L)b#bFh88wlLU$F$<3dL?Va)jnP0mu>U>5k~PgB8Lm*+JRa9=2@859 zvKU(!MWxn}cL@FgL{kn)Bw>qM|6*>wv0CAoTT zlf1h{BVKV*C)sX7cg>fajs_aqg>>Z1dpj)40w?96)xK~!n%0C2{V4QLPw^q$WA z9!?A%iVKB4JOARG!7P{7+Egpl6dL?6^z<3Gs7)&rJhoyXnrJTo~k=h7<7ljBTuqnIB zxj}7!gR02CS-R%DW@+QOYKwY`At<=sZt<~v*Lu&uVr$s9+R}<^(|Ric6o*MNoI!`4 z$owY)B#1|L+4<13=_$JA28kNTLu~7&ho~SdTYUZ^f|DUV)BafnPP!9k6Ng~`LV(Nw z>4ZgIT0UB5ROnRNiXH)*9{E&=Gc=SpKPwn7LJVmOR;=E9+)+PRe@SRm{w&LLJzjgj zG&uU;H`oMx(n5Q5M0QOb%V!P+z1DKtJn=hItC-5T;C}^ zA#S`vqV(Ag;`f5H#9su23#JO!(7YNrL_kB|NkKMQOw`4s9-}x;KNLO&?B%{dCTQqj zLncTh`n&HQ8xqv$4DgbkUu4TB2&rW1UXlww4Ka?>p(!;eJuk?e2i)P&q)!3fTf44I zNKJ?=(!iSw23F9Q*Ti403}xOKkSVm`-I*Rii&dzeNPkXS%7}@_x4t^ef2B^V(`a;@ znX-sTXw^1uZn5UR+jmF4Aq$id5WBk3iP$6zhj3jX*wpG;J`Rs`0j6?-!XFy2J$Y`G zhqnwa@@B}?Ef8V!RB?$To*UE(yL45Zd@Y?yootoAhiU4_$;#^d7n4U;`ZflaoEmDw z>$_%AMyX?JgL|M8fF5gTh=(^0;L}CDv>{zz3>kbN+{>HS!Mmt}`(ItdKzg0E2DOa_ zemZOjdw%TwJJ1f?92++9ZMrc`3KF9MXV6yuLeJ=CRRa;I7ElaPfrBy@CWNBY1Rs>k z0&?SW`8vb=RWN9d&$oG#OlvBtDRa2uziaglz*ty}Y4zHt z5vH8_fv!QPcfuGNMJ+xgu^`0ie}T)c&efdlL(YR@SHjI2!}Y+*N(USQ8s$31P@G_? zV#RT?_aO+Z(d85 z;c|7Oo;mu`A!c1R5UxOn`mEKCftn?E{1wRX%qPMm%_vgx%Bhf{O2pnU;!`}m(kf{p z4qUSJsKWx?v2X8?uqz@X8+27yASyaPjh(V6)+8vgpvgxM$f(K*`Kl1Dk?iy5Z|{>} zuEOluLZ zoyn;|moaelit=3%mgDuU!hvI$czRm_FMZAP2ntpy%bAFmH3DG;3^4L%U*9#LEdL4A zAYV%#@*iQxYE7|a8zDbSR)X04 zb3##EKKcg&>D35Wqg3J;0HjAYK!gvP)b?nR=r_sXP|2 zX~MeUT?7*g@!Ifx8D4M625{Jj2XjffEFv=lYhGQnp7_0LziDf1%-Pb^)H_6W24;Nd z-ddFmFQpBPF=H9wTVV(aMi`622r^foD8D)uIu+(nb>Rq0 zIjzCch81=RF1H)9v3XKKwjL%~cGSKw?aXDRY77R$Gfg9!7TANmY}OV*46)fXNUpyx zP~S+N7nD#W?q4!Z*F>sJU<@*NYch9lMZv4?$fkydm&pJt|EaRM8n>?Mrk8jZ<+|u0 z|2a~e+KTRu_Er@ifS@d)b?qKnNffgE!~E|#t_OU!*qdr0hjr^6D}^k1TN^~`7?hcQ z`^u5l@}`%?jT9&q0{DI2<9i7&+3FM>lgeD`O|SSHZ^$QACgt)JTzh(=MAkTQhe5GO zvl%Okx^QP!^6g1rO8qTDsG9q?W6P~?695n%8$H*fl(0kBHzN{<`XTcF2Ki z+#bD#S}?(SNm2oRj#LU48`LWWc@AueoY(iLXvt4}r?sL4r$feKr$qf!K?|HF+ka-| zl=m#@P9UN&=VAy%lN znm`*OxYeD52Q92Yd#vTUM1yvj`YHk^-e$YEcN@tpm-tUJ&@QlQX#5wBxV?pR0?I(E zl3$!kEM2OugPcGeG5vhMUfp4%RLhz`ow@ml{w<1iScEPFp@WAUknZF==Cp$bW2OSZ zE4G;Y?nhg(h8dT^D;YCgX(U@={ObQUN0DFsK99Wi@VCHj7T2_z5U`}(y<)C~a{nAg zy1QIG3J&Dm-`#!dMsHL3*$Vt_3&Y`V3)}vK_1S@aa#J|Rp>&?$LHdLSGrQ8=8vZz} z8XSU3)=~pIQ9TCUy5donP=%18>rxF7h2PhH?%1$ZOAEcWvb1+uT>B2#hDn1l!n=R_ z@d|;go;>F0}L%+T{eLnLBwM9pr;Y z1EiVW<8yBKFmX{f{ZmZk-gW$tpDfL97$d3Y@NUElpXhMlAYco0nWNy|B$l7fChfh! zvsKb@*@=j1>P0>yet+wp>yu>uGiW%6A*=Tf0{R2RCGO^d*qv@W;KAiZUHxj}FajJu zjkKMTf=8`l`I+CYHx+A#zihd?Bm=yQjUTmMdX-vczX16OU5{=q+NDpJO^})1)9XUF z+5M)6XdQSMXnC#s=h`rX0w^EFz+)BELLig$4CFHcivz$%`$+CXUjfK-r#?I~G!?zu z=a6XK*{rW{Kv!8WUc5d%Oh0l3%|t{ zI_Yjs3t?u3$2~9*>RqAu$lhWOQW{T)gtU)T@1a!M;8F^nBZ5XVF`n2!#?F{tv664{ zHY13uZZR-FVk~Fn=TmpoDZIrcYhRAvTqc75${7USW+d~!pzm9fY5hJI=0MtB#?KIa zIe{uDKaOKu>o7 z`YbTG1G|w^2DT-GPacA8R_nL&Uf;rRwks@+qJzKRxRg&oXu3i85I;q9Sh%{iCp{(_x2Dkz0CpC2-gnTG zuUHc(JtkFXE3OD-egS?v^szvN6f`F|%W033ZLtt_H;}pO0ag^#!;ZEfodzekgM=ktfvEO1R zK7QfL<}E{;$NJQPy(f0Nm}|^858deN0-^b*D%Z_T0}<3b^)7My7h_hm=^ z6N#5ot?U0iZ#ovq(XJhJPq?Z@xN&{t8+^V&Xq2WMSy6b0&5@SUo6=JOpX=i0BVU@m zL--Rq)@N7Y^TghFtY4pLuqEdGdGijnwOD!=tKr%jPU4NTU@218UC8$DlaX!>-{SHH z@|*n>1jxUUs<`nC`0G5J$R~4{@v={-itJ~@8$qs--?k6={>^}A;gfN$t#%>ign%bw zCi3+Fj;DlP=w2b04|rx0Y)b>SJw>kc@8pk;-w8yntb?OB*IL_bDQ*A4Q7rmFy*K98 zOKnK{t?yXN(f6wx5BVz-i|*VXy)&bEx87934{+?$O7C|IH(9&9+B=(~J5JcwllNEj zy|&fV(pM61kBYwS=pXq1I~kRo;;xJ`f;Q~AN=;E<9uK~~gLaLZy#cqY; z=Sj9v?nCzb6T99{O-;=?R?Gnl&PaG!LK%^adL)i`vY?4*ap8R7jcjsAH>wKPdla(_ z$3)RI(PXBQNt$uPjz05cAf_ePl4YVa-n(}hj(S&IRFeI=n-W}!X26=%=w%su+lfVm za@8I2lHjA9JZYhCl4P{D|0GkW%)1Lj`kQEl@FTop`7P&*0;zsUlB9pSj`H0osj}o@ zEyKY5M!DfEySxaYT|tB>opA0E`!2WfH&^0|#vfMnFS+vm_%)7c0n-C+>^Ed%mn*0W zjZsczgEWm0ntoR{u8c$}xE1g43X6Wvg0L~GjI?}JwhyoNccRTtvS z%H(DpIJ0TBU!6NUsXw;iv5PeDSoloWT;W^Y5EaRZ4^;3lDZu8^PaRY%&fgjAt^b|Xu=2|WC+UQJp}I?l=x z;Up6Vw`4|{u6t>9ZP7~DrdqX6GU1BpGj;N!6dPRwMOs8F+KN~w%33J&^2s53H+ma8 zTUJ&hyV)X&$v1=iwr(&sGB}FeCNof9fg>tAQ)PT?245{2-`*qEKQ{Y*pC3o#0Rdax z`*N?d_|S`(2;s zQwKao$uc?foue3E@iD}FX1Ymi%_t4OImtj0?n# zi~KEWXF0i+R>Q1pGYtPY(ePo<>{igIWo|9%+>p47WiBkw@U6?4c^Fxu?{))5)N00b zur?Ht(DcReS<1_wGvqD_xtPlTo|qH2$@Aw zfN}~U=}t$$^f_z=YV5B^xgtW7U{)EmdExHCZ-Tkxp31mrVe)*E_K@s$GW0k{mtw^- z*{y>`M4rq6s-ytAS&F#po`j(c&&9xnk4EVnzI!!Uc;mCx;=y98A_p4>s9II1syglRh59=2{9T;=^2%eAc{km{xbvp+0PVFW?A*b(j>@Jn zNmoLZLItSnGfl!V9r^KnklNH}<&^PC)a$0A{_N$`mM!OiPm|!@*2-S1!*k`KN}tzG zmE;=6)^nc%lIe?|rM#|d(Q;Wiy+CYl8K=!a6G&@cy0PLP7-3yZt;lnrs|p?ub-L9i zo32qugPbXO>PoJ)Ti^wG$LT6h)e>Fr1Hr)7r3&MZifZ?nmz7$K zdzrDO^zOO7_!FpTAG7mo(-^z#c1=c2ZKm5*)S-ihq%=e{8*sW#buI2o)yyS8%pHLh z#@c)?ivi&2jTe`}K5M47=qEx%Kb_=aa2z-^Klqpb7Nwh4M;wDXeJah`{O?&9mCxkZ6IgfrsgZ;_n< zaKid0OfIz8g(EIgy^chlIoyu@&LiNm>9dzt56#T@Jamw6oC#L zFsSw@F@1kIAXVgn&GO*r1bMXsChS46@*!)4m^c0Oc3s^-dZ8-bJj1RA zy9T?4ya&GqV{UP{_CPm-v}S=G3~0PS0`(bS{9kq~HNS!XJLX3esY+?^n?}m>i{#+^ z@9iiD3tO}Q8tGNBGRG0Y$z5w3xn|9jcA=M`pE649;+te`i*8#V6k98jsfVxaQ$>W< zrSr@*PVCxpe5tWOBxDQ7C#ohIHI$09d8lS(72yvrMj2Ft`6Bp|XAB59O;whcN62p5 zSR9}i1pj9Ld7HZV*=$Si3eC9&^^<{xh38{c_bR~$zyJeiTH$zCUmp7>GEzqdq|{;n zDlr_~mBou*+GAVCsf+s6`-55;JGKJwIg4K_+OlMJym*HAN^{wysbv|a>^ zY%tZbnVjJzg`6cM>8SDe2uc4~qu20N}pJ zZ_w3U5d#=CoC;JO(x|KmYj*k<)rf;okuv}h3n0!(NFm`kFORxS0fElRNI~Jah-T>b z#K^f5omUS=?^I||-ZlI&c`MjVZQneJE=fjo8=z+B2gj&!3ueI!uH2>}-W;@_%9J?( zGOl+GL9~^MtG+p|FI%1<3`QrUc0-4#`lEVzf;~%cE(FO(^<2&*5gF|fNe`Z^;hw!2 zw+~t**uHeSr5~inXq;&Y@T}VZ3R4{uFTpDi91A#V`=|;T=oYgi89^ncLg8s;a1;;$ z1nh;w8}sUxNOgw`wF9$uOb8-=$PpnN3WNcB%S1YwL_qmTHfl=*@)yG3jWNDI9;};n zezf&Z3n=wC=^}{;mWcpScyq!cFIwo`KEO^m9x0K6lHsxjn-#gKO`HvN;zoT?xDrcL z!M*$+q_0bf)NxTrT{L1wR!N-Y##bc&f+;47C_^N+S-xI6n!QaFm{GpZqHn;ixjv^@$WK2pl>tu~Yx8RQlPs z6yFfUcmPCk5^)mYAi{nmNVPNVWW2k#3$FVoSQR&!*N*ym62gWmW4~R#hXGfy8WflnAYmJ5EOAA_}S3q4Y+LF-6eDu@>?64}H=9coTeaXssxAIZ@lHNbW{$1?s9}kCK zQyov}ykDJ1a?G?8$y0vRnNHNyx+Q{jCk`^rc*gkC6|F92;qbGn>`m$~b!v zGW?*rx_X^zMfK{ZM)~UJ<3rbqE}}sQbz$qq`{agu`=!a|%^YDWy*^>JEkXZ<{jPfe*)T^c*Zo@&gubk7^gtl?TVmp;`F`G?%{Lf#H zgjf@1(9*OCWz&^N_pmZks54EUNsF=6`QT6a3Hx%Ul=8RG{Dxx`tt?4GC7kp``sFM{ zaCt<9W;SjuD*UQLF;T0tK-m(c$wjNeV##&Pi9_f{Ec~I#v;hZ(tRkyNCg1)vFp-ip zt2#IH6{|PF=5nre<@HL~WXnPUyEe_r!$@MR?-*7UoMuIOwt@c3GCoBL*uHm(6)b^? zBkFe&b37Rp>}m8Yv{H44h~{O7V&xP>8&WS)S)NeVgrw=@hNTqiAwXtgGKT^9_*k-YGqPhN%<>Sqkoqa^nW^aw-9~BzjXSaNscMA%6`GGk@|t zn2|W)RoWu#g3SBkw(a9@>Eg6$nB;R-O3gxkltnMu!fFw1#U*c!r0$Q{+ z8TWY+IY^w03g4Rw)gjbFQD=Cu#IT4%o4laKQDj|#eA>EIN{dAjDvacdf(IB$SCZZ6 zigtIqYXm9B65&1Sq4yS~1XWTH^HOyMRfB8ICI$LA@!S65G)_ZaeVXI=5@)n4$v2-9 z41uowa2b+iI$}DT%8xv+UfEG3EnacYo}pEK(jAOV@$N*cDA;J&96n3*pYDtr4&o=l z5~M%dOVsoCDfuw#lj2gKSHtB^vP*zLX5(@4^k5+&!{-1nbr;cSoM*x3NfXdTs-+N* zvq19$$@A($VX8E!xZVZ%((;q}0XZp)9*audraCC=1ujj*Txa(g&2xfmUOmyJxXlG> zAPoY@Bg}Z&S0)-I+9?eue+*OJS(miC&b=DLp4@7FetkW+o42$qKT&N~ciJDcEEl)h zFSIO-JVtXSbJRtrFjlG}J%m4I@*#z4ba|Mt z^|H=3Jy%i|d{RxA1zOI*JIlluONH%M+@&sQfDx)WEhJls@FFi?f`fqGJreKddp#hJxp^ znI7%O8H9+8!|V3&=B&TTjI({DS?SMB(uyk?`oFcp@Qy{2tvUB|W*=J(LgWtwm4Z#8 zF8X;3(|;=A&&&VK09fQA&i7k(FeD*gzm+`y%q24m-r^*!7oMUR*+Sx zY3Er&rAE(NnkBp^9t6;3Rb_ncdX~wiG>0jTh%}Z$RfMJB0jfmfc zUaYP_mAZGaY8=|&4jMaI=P9a_pGD~}fGDNOrGkOVnOOg9;Vk!Wj)#J3EvdLF$**e@ z04#|MQ;_wOdwA6km{|X6$v%8oTJXxZ1V8R8c1xg-Dpg)s#W{hNa15O~p|r+BXd&_< zObT6UshfZ)4~b)sRu*ra#>8zg#pDg4x--LFz!aw7v%R2$mT8p%U-FU%`1g-7+Wh)R z7<#`Gce=t&2O<%&MuaXC{2!MWlon6N%t-@WZzl@mO~ac{uJ}D^*c?(s{7i4CKm5RR zrxwzP*yb|$RMMUh+Buf|}&ZjC7hFX1OVHiVVeW|K%QJGS# z)aNlGiGG4BP=xFs#QXA0y89!4*%)bN-g5zYJ<{@K5~^==SoYKoD{4PrB)k7Q+1}J zfr6LL)KBW&b-1J>Ns8jZGY|%Dc?q?SNg(T$b11D~w7rHpJ^q^pRG%-wgxU~;O5TC8 z^1gpd^Z!Oge4_hn!f%&U^|Q?rXahxN!-W%9@Kz;F^#n;&g^(;F+pCZ@mxU&pA-hwm zS`v6Ht=Zg?EGJstu!5^0&s!K~u?Tl9AET|F_;6pbdsD`tWXH;oBc562RT7*uv#X*X zC{V|^QgwirMQG@%Yz<%_Six5WDV$`?nVbj#aO0ynqQVOL z)e4&xwa!#G+KYMqtrB0A5i1W0R+5JhDSKhCr)CZs!N#{_EYesZh;NWaPqAt3W z%nC^9f#sq+n0EZ|TyU9;F-^iI_IfE0dU#D-UYK~m_?~k7+os15x9eTjHphi^Bm~;%@}VE^_EJah z&OunuE414l1??`dA)oO`1@wGXb|gOE{VbJ$oohjMCIf-7&^3b%%$G zmjwY3Q;)4j{bGzEcYq;XFB~tr0^9inxlx^|IJcx}aiOZx0#VeZeG2QX-ritKefqN} zduVSLu;V{|HbeGS^F8(Dg{~r-J7uT58eQ(A$GTLDFZGmJ%BE7!ig9|-3bK5k3DkOb z1+|fLxKS1Dm1^?P;4X@@FjyWp8X}^mJ=h-1N)V+z!w9J-4ku!bT|#6`-D@e->4A9t zA&*(GQ9x!kySUeYZNbW_kHyk0O=|}Z2CWF(J~@eFY$L`Rt<<1cd;V=8kJ6xyS z*D2s81KWj@!Nf51tltq!CuTktCl~_ySY5hP4f|d71RQ&W8_b55(qU%6E@?c*-_J;K7 z;YlI(YF&Dl54agtgVC{bt$HFHXK|XQYaTkjwPVLMLsPut1G0bDaPiIBk+NaGYS=>X zg6CS$4=9yD0WmYI4n^V#tgZ3!a&E?h$_OmbD`ZSvpZkIU0V`^<_P38vq>zzWrCuGr z0<^J~H%&Vi`HRrzh{~lc$}S=|$-sjhs-5Bw+EE{$Y=a?ofDq9pnb5C4v3~%N%;|lY z=U@?Za=Lp9W&*weA69aUc1=OEqK-3cC=h|wrzK$kr--F;0GpI%vo3hRHJzz&8RK>m z?docz<~}z@%oSakftHXsT{rREJ1wxv$&~4}0lod1>;{dpHr&R3-oR*Y(wi)ItH7x? z^oEDks^#P(Zr~a4r;xE1jqq-^$-hMyi_DH0UT9c1b#ERWqu;8JyIjm`0RxY~i2^XL zl!Zy(zV_9|H0Rieqn(@l+SnTAf@Kp;M>Y5#&S0|sG&&S@M^y+aI5j+oxA?3nj+la7RPaa1*e6_|^zDu78sTkfuWugX$Y=z! zfMc5QF5m-ShUxYIgB__(xy(0l9j?hQ)jV-M$51D zf3oq1I6uVo@%anth!cfiv`nK8mZjaF(=Pdu*8sO-_3y=lC&OdJ7bnQe@q4n~Pm`pr z63)XX%42jS9$t@>V?}rUQ7{r*Wi-*CJZYxk*=cezmmlf!6biy;XGxz?HjxAMZsF0*73HYqo06Lx zeJ&+;$-Q&Q&8`2C7Q#g2kphwMLGqBD{+F9oq_ySvuYjkr&P;%+nXeSOW8@wVzgOt$ zjFSs59(}}s33U}RO?c)cKP!hkKTw|IsNvwx9)Y|YA;sYh+i6u9bksh%{vg%iNeO~) zp%BgyJs8v{X>b?DUTuXK>T^Pv(A)z-zsQ+$mM!A91BHCA9<6*H#Gpx?>Ml=K8l3F- z*)D2u7f*AK!}>SnCG{n$w)A?x;yX0OxOhSbhq+$IWnQ$D9=E_F(OU#T2O2F2oYB}5JJuD8J;cML6oYSbfA>X0D&T;D@vOy7D?w^kKs5y`8*Z!n znEl|w=0uGuE&YXd2sK;>nzfnsGZhIAXq??Nn@wuhF>ElxBNs@ue;x#XB^X|z|0Qfs z?Aj@>)~gm2cVvaysul*=u*_rrP5)7|8$)(AFvf{C{-Ev1#s(0&+)g!DB;_Tp9V(zt zs%F|IgNC-jP1_}l%W(YzulQH@#PsfigjaX&E`O2^|Cq17^`I}a`2>EK^1DrtY_v*_ zm|ef$)Ap9UO9}I-^34JPTEEH6Y282w+uOk)d}qtU0LKsC(sEB;tiYC1?|~Skk1nhv zMQg=k>^5cbJT9$p51tRe_`~1t15ulAxBX#MH_;a1M4i&QTt9TdT+jx5lGo7a zvE9;ozZl04;NUM7bLjH|-F-#k5`3XGEhjz*+T*XsRhn0Ng5BS*VQ$H3&YGY;H)5Vo zdz|~gsg`-dK|V!-{1js?4yh*FyGsSaY_1-`vpCz_SA0)!{3Jsq=dku<5I)e#9oNp? z5I%79-zo(BfH674Cpq>$_esc?z4^jq>jP=%0KcTyp#0#uK2ww!SBnV zJf9^K`kXj~@dx_t487f8BM80Sn3Z{MD81b12e&8sy*7gU44@3&0PN4y0Nmm4f5yUw z8BF1uje3nFzL96`#<@e?dgtu=J`<3og9F~3ATzDVj(s|2{e=Jdj-1#AJ%HBlOxpF$ zHuOS|N+rXvQi}48e&|6s*wKE*!_WgcK!^Osk6wRAYJMWMgifywQ4EoL*gZE{aRVQH z`Fu`?`02n3WAhpIhPUialW&|+5;EG}Idk!&1-btL{13gL>Zu;JhVN@uGJ!)?>`^98 zx>jpGUSya&_Z#>|iG(S`Y{HW2ktv;;EJc?rCHQ2ewyuLHLgEgg;h=#8nM~_a-{G<{ zL-nge>v249;*Rz8nK|H@IdSKI@a8{p>^`~Ax!Gi6VC^2;`%RW^y`SX#d`9vibv?}^ zLJZw8FeXR3dlVLgo-@~l?6E{M;u>knVxN?aMel9gg>4?V=O+CGR@c28-}AjO*&Jhb za7K-8K}hG8JxRaVvn3jtQ_nxiplU!cq}%6=cyue6J0{vY#o=D)RvX^QTu%o(y>kl)JUE2YYJ-sEKrJ-n1KU>n9-UNKX6Z&)sHdeox>=qRNHS)^2rusI0>3@vwS%5 zSZY7lP`WrP>O$s(QHC7906q_^ADEK-U^>qu;Y1pDMk6WFJy;&UU&z_3-y-V}Q-Cww zh~(&jvB1eetE`bMvdok*MBU7L{}czAA?1AVNLg-~{4S6q_Pxx>En!-{N;b!WCC5L$ ze1LyNF?WvOy*t2R{&}`DObm0Fpkl6+v0-MjR~hy0Z)rUd)=eHB%u9bp-)p?k z$93sUw_BKY;K%*)-j!EYOCtl5=+>D5qWd_b)Baq?#YD2NtjCbl*?n23!MwR;ewDLC ztP3-gGxI*Zl|^+&+yzP-E&cTAaaE6|jUMkzn!Edi_Svl&oI$OtNy(SNzn?^&4NL?2 zj6iFnZ7?3)rkQP13nS9jsbl-6PkcI3E4d*z-*orqr?8L+F*_L_yB^i~Z~5ZtQIx3|Gr^pqzZzIn-5FTe6r2yc@AVU2XlN_3c2(Sm1MZz}l$`W4*S5uFp9?j% zY-k=F;4Bm+{ItkaJx%gAt~sOB#G~hci0xxeSpF6EkQnW|hG>n$2g8!r)u!vzmkgu< zv+*kzC+HPhO?{&+i$~k)Chkj*qJi+^owkB8;>MdOP4dp!FOj)N&t%<)Ce|nNCPD#K zt;)cP>z>Y}S#GmgN|Qc2i`WmZ?%v!Tjk3a zInYoU|F~{jGW%hwbsY>2wYOpNWe34tMB&hYP>fHcnV81+S4i9Uu7$<$wY=JqO4t4R zoGLfyONXqJ8_k>CP@F+36Lfah32%l0`_z>}@lAjuBi2d~mH!@d4^1XmW+L;kI+&^E zgl8+s_U2(BhfXc-w}<4+^>9ru{U=}ZKXS0kJ!FWqysZ^F0MWeuV~J6;pcx5#{-=Y8n+{8cr)&*m6!JjUlF*~#|4 z$_L+thP&0!?s9Pcn%NcERL$)}#;tfq#l=krXH6m2Bzkwa71^VYU8&lrDdb=G2=<$9Hv?p&P@B0 zN6(C(hi9RMDTsag?g5fh&>0xiGZ))Cvo#I1 zCsr0QE_&0-yL9NIiOswqdDm|vyyqbk$LE@{EPhmPuS2S)e}~MB{=x2|kK@nuiu_>! z$S7(Xq1<7xusIi$Fta=aln5dP673%;d7=aY$_O#3c&Ks(BuP;kNf8SQVDFfQS;;26 zqdY<7pa=y>Dv=I(%=PH;IlLxxl{{~A{t97m1=b1yF?n3BnDaRaCn(lDsZ(wzP}cm) zGR)?D7bkFD040XNe0?}HeMr?jcrbkkuRjbJT|zhh0$XL^T_9SI2*bVV7~sUeM9@h~0sevjDAmu(m?zo5A?IVr~$w`oxCkB*gtBve458kqyNg5V$17`zt{~%`M6gr7!<7h4Vg7uLd<$prkCJ<*Q0n z^0Bb+xO7OVRg4SzFG()7m}`~G%|kS!@;`&?I2Tv+G$gkuQmb6G9RLdcDEH5&dtP(y zd|h*%@Oh2INIw!NCu8H`zCX&J3G)lS@(GIPr|=bPlsA}wL}Zv;7|bfVj4@4G_$p9O zfjCW2sb4f1DzGzC+TNWs7vR#MGiyqO&YcN%tJgW}8Pv3wX<2O16f@~ho`Tr>&qt}G z>DiT<{ay$@SE)`XTmM-1F%0}k*AhpKn59RnQmg|i5UG@(#B>=eS@58A)|^Ow%CkLU zacob?R4Nvf4p_UZ)Kq_!47uZk<{gh8`MNz%UZjcU{}*dY_y@vZ@ijY=P=m1m zr-cbS+E*B_EP?w}fsSl%iH|HnKs6Bb?}<)8a7NzfdL6>wnl~bRA{z0ESaJ0*E_Uzu zo(c7`t!Xy#1B$Wp-gdyEnq1a6LL}n9s`!QBSJuRL2Kn8R%8O|`Z6nD3d17Bdw^R_Y z5@^8|Y|o9NXU>pdtVkJte!WW+06O>2&Vcop4>(y&xkqsl|mry)41o)848iupw&*`n0X zmc&HXsi}jbt>fm0Xc6AV@U=uM-j+3CR(oNQ->QAbzZZclVU;_&S9kD`)B&_%%xl4nDo+$qA1#m8+ z%qb0(02C1k^HLC|`_(gx?yXWH@2L`$!-v1r&3>p_8|O5SDC=IQ z5wqA^IxF0lc`jj;TSpuMs&gubx3*8^kvCO|LDDfkCKnsq^FdIXoifi~~#w z@_y9Mo_K`*Gl7v@sSPplVFO#V2e#9*4-(zA0MFS{A>x0GnFZmt^ts!5-|#8(rZI4J?SDf^_b$ld%=_%&oU^vB`Bnn5;*&1yYGd0QVNv?(3Hy zfxVQ;ozEjHFpk3lJhq!0XDZZt~igGZIFhsMn~_)Qb(`Gk%6ZaRuAjw z>E+$luh?sB-h*M^`ADnE6Z~hVZ>6`Nq|yhs6?cprq1nt(4_fq}46N7T@#DYrw%f6u z-QIZkP@BBJHA7(^BmKnNl#-W|lM^&SZ(8=7u<2lr^uwB3pqc(70}g%O%1CEo>H6*l z%;MouhaeiSWMHBG1fBPT%x-H_6E;~AtttD&0f+Nog1}*&Z7YVdpvLuwiN5}0`n;9@ z#bs*~ekVN}ms8)gFV*ob=s>7+ui6l0k`v|pVtXz7^7?P}Z5mMFlz~5tB?B~NN7+;+ zB*b4cu@#OhSYH6s8j8x0B>rFcS~Ib}nNm7!q@EXHMOCNx4?|TL5dS zeQrcoZ04f!+NcTApL7WTv7xNG>PMrHz7r$ARHd3McchW&6T|eQfxzUbWBHk%1HUq4 zIlTU@+s&*kc2=7|n6w>^tuQcfqh5iEn10Hu(XKu_oi~j#W5Gwh+tb;;P4}h7x0UX9U&YWr9v^)ZnReRzPR1+f&)Jfv>ut;`L1Vjr=E|ck9c34U#MMj zsb|3Lf-;&#%Z^D1`9DDaojMK95nliIi#CZf{C_ku&W`_&Y6{Z0@WozAUw)0MJ`f;} z;)R-yHce0v?+uC~4qlbO$yIm2>7UYf>=BP(aS=9_5GO_g1{47Lr!ADX0oO$O2Lff? zux2a8Mq*>uwu3fv9{NbD`zrOTH@9wvlXxS+sQvA$3Nw4c(|vowJ*MH~9orKKFcTi` zs@)~kQ^}4X&j$+v1aE$Py4#6UqnhJrIUpHT6st!mH9*KM(U(e78_;rBuS-J+j)Jfr4$C}Rc{t_fXAR)C7+ z$Wj2cVSPfDD>IA66j!mL-R7++lloD+2LF&MIW|8PVI`N*(2Y0`-BH==}7ZK7yv z^4qvuou+wP%eexMk^@|5so!7lPG8{MmKtRu@vM`}=|aV*0>gYHqR2^rH*VsD{+2d{ zX#KgkF?kat-F{O)|Fm|jWUEP&5`~%81UxWN5dUw)fo4q_4fm|ZU#+dLqy0YUdTP!b z8Ci}Yi4oMaz7FFOb^D1SFRg7#>3<)o5Mqh8jBWJf`ZmtvM~3Mpkz?)#%H0uhCig=T z3ve_E>0f6K!BB6#(-!FT4rNp53n8>`o89syX*1lIz6y1kqkx>`G-xHvVHPI3wMp`{ z|JuC7JEt^psyJ-x4^_>#k|d?>{Gev21jK7((WtCd0~hhKZd1W8Cg{^#1uxUGq|qDD zxk4q~NX!OSW27m@CLz@-KB#P`tJ`H8cBP9%N>tV>Mr*xPXD(ftz!OHxwAmf*%;w)BlX^pf0{>vu)+ISag6o+)Rs7Y`lle$jQ1i+CxE-le6El?Fc z9#5m%vbLqunryp;vQYTD_%+IwAWHV{Oj}okhkAV2rJh@3Z0n}3O&?;1KI@0)X1HbnOj1YRJ1kOA0Cl8h5}hHTwn^&KD|`xK=~1(qC6GO}hnhG6AJL#i zbBUh!ufkmnt-h&h@8dms=bw#|lMx?s+s5`{t@_cTX!2;E^N`y^@oh-I+GFyfhyUfz7*7 z#8o=REb4Yg@Fh{mQpb>H!A1v-;a}qM@V>&q#y}T+qTRc^8pnc&KJP(n$P6+yiBek% zV%^`Y=EbU7U30gr`qMFyVcKOqwVmN=@q9VVT!zm7g#$o^Yz+a z4ebkfxa}QWpszsZf4c?h^%_ONQiHA%+RR_`NpVCLvo!w>0TYz*rZs zsf1ND`Lb&T;E#5vU>6!j=Qb-$7ut~;``N0$Hl*Fv{jJ5X%RZC4g4-ejznf~+gKFxs znO=@qy2NF1xig1)g$gUybOWlUg+l7Qp~1@EEEX{}FyPW5u0aSXn--J@3|-QcbtoOI z1{>eAX^4(6tq?JKRhbsed~{gh_f@Kfz`Dqee`BiaRZ{snfh77)jghcZNWIVXsKacZ z>4BoX=cd#&&a<-;>{_BtVYcAwvGIwbsS+VmaH#9N@74DFS~asK(T>lXS%RtTvbXPb zVrt;PW}M-RfMF~E24jkl=s$;0=#Up_Y(nC~pmgZ>jLK?smY-@$NNC;tCY#>g>*ozerlSN2`-I>Qu*3izjsi~YM<88q# zuoW7%Jl7Y==bUr(tz{EmS|-AltkPvZQ8l687eZ*^_+xG14P_*?1YXU)ud&&XUnrU9 z@+AO)X>XKQN5!`EVF%kHTZGB3Otm1}_>B~LB{lth{wLV_kU|k__7Cv{i=APzTA}8u zVO{d_1Zu0E7Y{%tf-il4gxlY)>AgPsnqf6Jf327M#P} z1uUZ%L>mht{VCcp6YNWdacMhDw>Nwl+Rx^ZY{+U|OXd}rt}B6Zjq(6VZN4B>j8W?5*_21+K4iy)EY~5@1wWMr{g8hlfB9}Vm0<-s9PY8PNJ`q z+ZRpRz8Z!919d=(zvwl3sfKMSEg|wHQ}O+{b}sTaA@bKL^tuqQbwuj1kFo1{#^4o8 zMsO?0hC;6&h;3yfq@UfO(2*@{4Api6lH|sQB=KmkpCLDj3>j_65Hyj|rs#8+Kh`vV zQ^>B(rQXdA>ieYnn+GCW*)33it3q$t!tQ|jTN_f%quWHDZDF@H=jCnPERD=l=~`lidw0?^5Vpda48gBQkeJGd_%W^UNaUb#=YGl1OHvU4!_d^R}7n zs6tcv30rh9?OGxqy?%^)i3N+&@Ist<`#icGt>QYEmFZ+i~giJ1u4l6up zn8JEN2I&sJr{Q?9L=Q*qqMEWXwhyu#Xou)=kM=|44v3uC!uAuUr$p*W8?Gnq$1K@a zNxc9pNeN~VLuL5+wqMYg*%0MCx>NLQh2})G?`g*Up7Y>7;L!nCFoIJd-^)sZ+LG-C zE6OA+APFZGItkY4QI1l`3o1E$j7Sbi3vztd-1v$5crm043g*$l*(sIyZMqa=2ZZ1E zdNdBLyJ1op)^`Z#z#%-E5Icmg!!vMp2*>O)kM4#;%OwdM#&ortRfyIpP>mQqun#~^ zrJ)YP(lytkd!S?tu2p;4A?aEln*wQ@@=4ovi%r4L0d`PZ#qLw+eIRfKoS#BjuEgL? z_#0#g6?(7@Y884Y#-<3)cHzMk*KQWi`#pLUl-vRf9tfE-4xqTC&T03;ffd^cd$g+t zNrxfvFeE>y-NqhL=!5gz_iE6Deld1fHfT9^4aOAu5Q5hM&OCsTYwOY;fzda!n%2o4 zR_Mc+tMlpWu%jtEL^H3=^X=;wn}6iIkw;;-$oC^29f51tAZw56=gj(Hc0ns$iPOxl zlL1mM_LCOAt+Ix!7Hf!DvmMfaw8uPp1Ek!6Uh;Togg2i3B*7Dc&v^7k(C+`~W=}Mo zMyDg4BM|U}RMDe?dwFyeseof^TGc?!rjZ8o*7x|!r+LH@r)wBQ%HRpoI>Md=@A$Sy z$6!W3UY`urKtTj8;PDubCb%`mjVvdwEU=q|27vq>3G#~o`6-1y)x};w?i?5N;JDzm z&zbBQn?0@2r|0?Had29V9j6ytMmznM9I$j-7f0h#iPj~gvjz*FnWwJLqJbRusq1kg zyHqqf9vkI}C?B(U*5EE_O|kDH4W7jUNiW5+d3t%XpqImEeYwvyQ0%B6lhUNkudrj# zFx112TOvDwK8b*2-%`IDp^UP)zs4oC9r5U`l6Iqb9l$3)z9--yvbqcg2Ts`3EW>;EE)Ve(AC<<++X;{R9rRA0yIZq9N=6NdNYL+vN+~4hXqd+%JR0Lxf*WI; zWaT9x-grrfG+z=tc}eiZB_SdJP?^YTfJyMqIDSQ_JcQ*L#^_DY5hi9!(u? z<#e^x0d_4&(aQ?`;agGi24wcLmlXPnN7GQZ4?#TbC=(2!nU%eK7CTrm&YT;Fd zzUtQ_vg>u!UyQvLYpB6QX9)(p##@A^JdvGF;e^Nl1yek5E`dTd(Wlq_8xIF*923bR z!e3J8Nr33lEOx9B{Zz5|t3cbqiTZLM`zfmCW8`#7T*G_W$Hp$h!gc&(Ya9N|K}!c+ z{W#hY!_1%+fSmEetvX#zIIeZf36q`XdA7V4as09wW8zgez?HZA9u5# zz*YYjHj(pl$+CEOOAC;=cQGV>(k$*9g_RcoRcQvQvKUZ5MQNZ-dDMNdH9*&iUp`z> z9X@dH0-!_eT|)x*t|5TK=PCA)1nwgVoO%Q=HPk1PB;nC&-Gd=DW(*CV6TgL8qNZo7 z`2?!@U9lQ#?~`lcTsXGavKfya+!I#ldmcR`p6`2fN<2UC=>6jPp+_GO&yPI%pm=_a zjvx+zpP^HU=f8XOFuK}Ki28Y`R6-}ug!yR0DUYBLzmY%WpGd!GI+18cM7FPAG%}8d zea7*LWE`I?WE^7oCpQH#GQSwM~bX-1*H z#xhAo&NNYxM`x*skp7$VsmK{gMSkm3kuyy+;>coDq~_71J{76(aHa`jp9BC~0Qy@g zEcybsj&M?0%44tdL}sDwCrRrJ`vYu0vrGW_*>dsuJ03f4A)G9+vsn0h#6YCfe|q#W zgzg>;{UJ0n!(UhV3t@ib8>8pZ$AvTg-Nbh$HunqEYxjR2~oWXoOoaZX`Gv6PI?8RNt0l1WY6n zm_UO~_Esw%E8>*FfW)VWR(`A2=K0PBDf(j#^krc#+t2=~&@XwyRp>vZ=Htjty`+m@ zN3~wn&pN}`|5aVz3sU_YEAzwke*gdg|Nos-eOOdg8o!r2z&R5aF3cbz9}W)U9Pz>+ zjL0Hz6%mhFnqc{nk-(534Abx->T0gq>Y6=fPnMHkl`Lubv80u>kDHs;Zl>niy1My^ zS@vNnm6e*Z@0oju`?P=bJk9gGbKmnj@B4c{&U;R&MQfCTz4EC=BKp{mo(YOFd%Pk# z73TG76(+63sud<{nOT~Bv}P&Qq)M$s@}o7O3X0E_?ldFjFJ?4s@!QY4>Zf2D8X*QC@}!o z6{j*vvPsdcQjE=K(mRzW1Woo1CTB${= zl!6z@hoFq}U?!O}bYsmNWzir(KYBLQwg@zfW|bnXe)L?Z4Mp}6NF|!7g41~Aqd?Qy zS3V=63$g6~6NBU0Uvs?3fd5ZU-~1FBIZhJMXMW^|w%6N4bSYK-++y}>=CKmg{dt(p zrb*U7U*k=hMbb(Jq;5q=`i0B)a z{4M0Q@m>WvMD%T#qU4+8@BC;Jj1>{lcLgSwY5{{65Ev*Ty6%#{m-6HvMD%^Od7U??z1`I;}DropFmhgP*3UVUFJ9yJfxmH z)KCCSq5~=mhW0vwb*d0QY7G?a2w_FX=ro}&6+vJuI*=Y1>(*uNJW=jbs@{>c&yJ;mc5L zs_2MfhW&Iyi&l)H;FPw6D(6Lq6;|xbwgy(wuwtY4N?_FoR?)C}HL!}|e%k`8zT9tn zU=_>#b_7=axZlpeD$bAo0y8(qDLUeF?W!G0jZ+h$+yv2);8N`@>BKOn5^2>WQ+~4A zzqibGz0Cdv$u89?K&mw|d;1_n%-mf{y6;TA!34AP)t0p@*(=y2$$B07jBS@aDX zQbosLhzdLNU?+9Bs!CxtWu#;^4N`~TZmWiso>%7$NHtB-lp?7Z^^uB-QH&(PGa)*L zKrPD^g(t7rlp>R)XQF1QgIRyl{OC;x@p}l7K3vU^MoJcGkm|(U7T)+hfmS=i6q{y& zuDoetSHVD(k)@_FqM`mpz_S2&GFcJDsIL@ayDmDi{2Jg30e6Kc$0b21Y4nu}f*{K9 zN9(+x2Mq@`9Rzj-6aO*^W_DZ;1qtGM7}vu=A`JFcgH5!-w~qnuXV4P_{m1k~j?4VZ ze3L*1aGM^y$3DftpJL!lHTb4+oYfX%u*o#|x(xXbGvL`=9|cm#vHL(KaUQ0Za2uvi zG4N00I?Lff1Luri=smT}H1xB=;9F^^rOKc`Vu&@%pjUGn4dhV+?lb6(h8&sr$O&-RX z#j%B))5Z72ps+Qo;Jbk1J!cuf$5%I&>hXi-x2%7BV%~)PPGxUaUCF@{2Z}={P7&OT z*KCL-+s3Z`)0y|4tSElN{s*PxPRoZ|kG08L5|6w*|LWN@xx!j;pIdc?JANF0n5-=5 zNWMA0W673-SCV3%T~Znyyn6S(gU%H%Dc$Q5eV3m)F?`_@W$~R`i}x(}aIG?P>*Rwg zvHDSP_-iZAK7R6dMPnxBZoE|gk+6UA=B)B*srPhl*;e~>)#$jTY0WPzqV9Vpd*-E# zZ(HH(&`K6hN!t|p*4br?$N3J$mhbv3YNI_YIQy}L%?ZP%I@h7J8K>rMxM2+$T-JY1 z$C+;H{yp?e-0_^2kN!4r(D7++)$cyiI&NFau|2P^Ieqz@>l^Q)|8`xEc-`GNxqrlc zxvxFB>D+sD;dlOVBBE{3SJMv>@xpfDl}#_+Vux2>!FskE)Z}0E+t}mZbDiC#d0c0A zZH_(&(6b zq+HP7rx!rV_)M+?d5F)}b0B%#W(CM}p4%V!ys~_jf;?cD=TbgP>|Tr!dhgCej`FqSZpu%G54Lo*KRvRhrjUBz9TDpS_7bxX zZFc(_s_Q+oh0yFYS6WtDMgXn%HUikd%z`V0SWkUfgLmc}PgzBMowvHy?JM*8>MPt0 z4a``qtQ0I&fYw%*msM4JD$5$`n|u}Sz+UxiAt!xSeVseq*W~fIed%-ReY4Yj?(&(w z%$`qKc~f<5Wjat+rUQo#r#JX2dKmJ48$-3HqPD5>=R91$iKT|Qhv*f}7KZ*B2V||Q zWlarkUz*!j%Z7P$`6KLYZd)>u-KLiH8;<0KzvB!Ge)zdftHq2*SD>VjkR#;-+wU%1 zQj#O@%@<3cBieXxxG9;a!%^vCzCsoFn#gn zm~w7&6S(&+o+v*sSTv8#6Z`J?~I3RzaCyt97A&7H@VChlmvd&013qo*8xW_R|% zBVW$V|9sr?%E7d)-`giEukZ3sPce11AMIZC!GKS@LfXr#zlRG_?Quh<9YXK#8ps|t zSW!3)XW%UC!ozS5&cpe*02kpgcr2cTOK>TE08hbF@q>5W?nM)Ru$H)@$1X)R*CeM;J4x&Xb$u7P(FCkc*^?d`rHgK{SFYG>TftzsX5*iu^z> zlS|Z0gUJb+KojWzno5Vzp>!B^(L!28$IuCM5`BP9r8DS5^kG^_%V`yzMQdms_0VS8 zLKo1bbQxVvH_}$Rm%dH+(WCSLJx*Vy?Q|R6L;p^X(Zlov-AZ@S9rP{wF+D}k(MzKoaWny7+Uv+e8Y;!JRWnpc6SKD(NRhn1pw5;Q{kJD1iI0+CMWJtgfQ6d3OAkeX6 z%pF4r;jXl$mfUemExKEF%w-6dnPGP>WSC)Rn%Ny7#qQHSP^p@IruH9Lp7xoSeO`8J zcWa-f_V=A`*>XrWRdJtlzWe>tqt8BnG?RJ7Tv$5w^r`6Vd?urRmdPmRCIV;G4jO~V z^}_Mc528lP>4!Pb4Wlq0I2%q7I{9^Hi$J^;_|Q4udE;%@i=3cq_thvE zIJvg%0pAT9cFYSZub?PkQB-o`l5ZrI+y$+tZ_ikzP4lVd_Birii& zoRSuJUV;Ex;;DC8s9$U z2R*mxx11?E^1C|-rRJI)z>Ub7oyU9{vdJMXU5dLg>51?NMIA)#`Kg4qk-kk5!tgR4 z4f;sa)}XI#pBj0`bGlA1;`9{CIN*;&7<8SW<4o)v8?5JS7Dny~3rR}O9ZQ}WT%IIG z;AkHF)@b^JUNkv$UVv=Kdk93=3CH07PP8`NTyvW1jV_|+NBstskL&j)=o~;nJ9Kg_ zXLZoY*{jg*K!UyM+0At_&}ofQA@+XY*v++)L~gk4QA}+Rq8jWDOlBKlFDI3nu=~ho z#2ntSF1dGA1P++BU_!6$b|$)hYv4Ju(8f>{sH{SJ&}$MQQj7A~X^BC9N z@KVYkxutx@)}5f|coV~tK>09yCsQO34aCbQJtCwwLf)N9?r?hB9(YksA{9|xjeg*E zDd-9B{at%&)q&p#lrl`qCO`b9Jf;Gt>u)$i@PyrJ4bQ^%NbN0H1;0(FCZ)hsk^zft zs;S-viaKzqs#tR^Km$a-YdRv0NCOGtIeUh=n6{+Jk?0;(sVaEj`w^9|dck*lDi!Cr z^c|hXlFXjKXPEgs3Tzh%)yLzAcWCP+h;VpkNRHLmvS}U^An@TlB!$WWClw>kB zlKh~^QLCBSeWgS}vbNB8vdz}slma|{Sg zNL!6O=c2X1-z>;(D(fk=f27!DBY<_D@Ap-N%4Ux5<$6B;;?$l%6eHQU2I0i2W6OSm zT;{8AzU+D!O~W^e0=?x3G31-B*J|29OE_UOaQjh1dNiNj^3KJG8q!$k4}zwn5=~yt zrVWR^<@WO%&9H$&Q#b7ZA+^_?snoK5UzU-eG)1yX@{l#VtsIia?J*ihgWh`2-|S7K zOd5cWg-#cF#X4?ONH`6N8ym-X7Xk=#dYEi7eUT!v15SZn@^O0`{<<@UJfS`iI&V&- z2~KG^omNFVK;NZ@1~O|cH=xE?Xd+*G=y%)iaxl{&TdD9cJ##clISMf4JU5!abZB6h zQSKQ@d1CC!VI>EiARcQG^)NdK$8bYQiH_&5+Fn{~Y4=Po_=KomSr~;dC2ltSJ~g6n zf^H$&f`4&KlWgTNC;z5XeGs@gH0aP#*D%vnY$Bmb3C5{EQe1M9WLQcsC|@+C#+w5_a>9Mrdu(hv_WC4Q+<@uW z6GAR?2kAFCJW!9GN;)m+Z4VG(=~sAhtmRNHXgi=hVIqKX;Td`EB+o^xd6Kc;PKRNb zU2E|$^vFk{K?fwb+unlcka}vXIP!*ar6)N$nrN~?6zT*{&(alnI=XE)pFV1R80owThLaD8Fn z%*czD=uIAAc5kbYTvJ!lTw*w9A3iDLBwZ+rOWSewxU3NB7!$)$*0);|a*<4W&K{y2 zSqe&(9ic~#RbYFiTFIU~IaAr?(j!MD=vZaX_V&>9Y~l0M*tyYSaVNz|Yvad3dH%F=?$P*);+g};22N3U|-B$Tg2izr-w;WHt-d4G8 z8%-@gT2VdUZsil#g=2#rUCTG588IqxFzO29B9utE{s3zy3eiL3)Iz^axq_GJ%1BpF zU2v>2PFoJKwf9{EAG(^{^kYa>2BB0*hQ=%(e*9fO0fg(b2MRsR297~6IhE5n~n+fUh(50xrAKS;M@ZdAfG z2(a7O;Ysf*bkpQY*Yy0*(G&1aPVKFvzs|v77t!6g}3n#XEGxoXqI4nb$KGGpyTLY;sf2DAl-{Ew1W{MNkXS*wS()W3k1-N?D0l zvc*qL<^25L8dBrLjR-IXD{o|@0_f^x; zO?^StjU|JzqHZYt2ic!ztgD}0`KfX##hsP7mlE71HNm@_0CT2eDPPvl8sS-1u(Hfh zzKPF2p(@|Tm$Sux)|Kxjb&?)`sb)mcTF#U$)hOVauT~#qLZ7kz^S?Fy-<0pItCH&v z))o2Xdi>=ROyPz2n`}`lWE5VUGBfeF;8LwR6}(-+h^ zaTC+_;;*6Yv$SczionL-ZQNpldy`j&(laqPAY*@3;d>{oDgse1S;j2F5%W?$b4fq1 zFU@9+rMh7(F{5lPn}(&`3NF+6>Sf)`ES0i&tm4tc<4t(9mMz07;W7iG=&$}I{;GQA zf5`o;WPv~{1HLz3{f2U;&I%B=S2e{y(WCw?gj?hmOS=nb`|{>@*7AxWPb+#=|Js-_ zwL^6a+AyO~w}{vNy!kzNuhqpq{d{Kp2PTo`X6XZ@S*g&?h{LQ~m*-oc(0?J-iWZ!( z?*h1}WOj)m8VS%-XBECb=C{HN1*lR^ z{8lEvfeOr|*Jh>HE*bK)Lb@{OI!it~Z7p9;HM^74t!BPvzZuJBvj)0EKs zZkYP-a6oYd{=W6XX{$U-&Q#gQW;KO+YDwV-AnFOw-4^qE;P@&WZ(3K%V^wjd!f%iH z93GD%S?`z^Wj0x@Ch2;Lp{%1^nlfn^`2Y~+w>^o{@jWM%=*c^-bJRU7P z*5<_n>=ZMQ0rwjZ8RGsK%M|xj1tM3UG*KsL=%ocC1CGa4T^vtK-$?H@eFYudG^jjF zNgp?%_I=lop16ke#5SpZE$RJ}x=GEI&>oazsxf-6jm!c5KwTW8z|Y70AsBQD1|6@8 z6Y%K*eE$$!Fr)AjF+cf?&i5+(!I(b`v?ZWDR23(|@nHb=Dg5Mp;$hq#!EL|7AFhZ; zaI>D#`wD*~=BJWp^xg$fKL+Yk_lX4vc^pC(AmnC+FFYU?L9+%Jbr>@~JYbO^C<%tp#H-`LZ*I#S@EX z6#m$RcwD~I9V6=T3GpPs7w5#2#-hTXfbW)!8XJQIg+Dnbo@U0RZc!*|&~6#hmq-2g z)M4>#IjiueC-o{JQCE8GTBK*{;!((Y7DqI^$D#7GQ2DuJxOQ~JC+1IZlOMqA^D%!C z2+yI~&rl!@RP$40^GFnvyR6`xDb9lGg_u7Ls^>v(U({1;#|u0)tEmAu4lpZwRzDnPNBx;#Oq~(y?$K0fvSCeA_w=EYjfg_8k!VA z-WW5*YYK1F#j6Gu3%s0<`5EweaYf;FU91}TU)If)rNtUSSLZ~FY3Jre(-773D^{(9 zj(W;qs_f-wlKFRTG3GB|K6GedVze-oYG~lb0y7t>Ng7zHj2zqp3z~It-bnZxGN5OX zp|>f#H7}gHEyH*`0Vym%v7s+2W5l;uFy(3TPMbBV-u%wK}xFTsHw za4IhtdhNJaFCQ0fE#@yLz61Iz@>DbK7HiBvwnCq(cCK85ch(MxJ~IxA&|oJ;pl~RE%p3S@#QZ!yn=!ZH znwOFM7tt834Yy^LtSL%oOqk#{2?g+mQW}Iq}|(?Dx_Yo3E4Xjwzdg2dY`1UW$1aR87SH{q2E3 zQ(*arvK-&NWE1}go4EK;)5Ql0|6r(tN(yp4)zF8AVDsS)6kK=#kUpsh&_`fLTl-IA z{w9RB&>?;{h2Juo0~T!{2Jr5k(De)Pa|WlzJfuAy3zhr@!oU<&|1l_*Ire%U0v*di z$n|f*>gS+;OjY>DF^|Cg0<8NhIZnkd6#mySAJ8MT_yt-|L7IsjR9iPJ1-qUHb{m-Q z2Vv`HGu9RHtE=Ld3jd{bRXr(wt?*w_Pr6#ha;x=#x+&K}2>W%+FOpmFq4*sapI}G( zgjH#EJBY)00lHFQTvqre9faxf+N}7k+~DN)yQP|ye}yg&s^WJf_BU6>rwacKegg5g zVEgYC{;5lwvfMO&dtnybXhDL;d!feLNmBeS=I`J)75{9Qj{BrFIzOcFzlr&~Fx-cO zevh9>mevRCCxG2e9-v*AOn)!gh4F*t4{74aLH`HJ1T84j&w~(Xm!#PxYB2=>B0Rkh zr`>a0#Ow?4M^@D$YDZ{8Xf^A9A@=Kkf$^U!Je~vmD&k>jw;=^S|2((Mr%UF{d2NGf zk)dstIu9r8jAe;0 zs^U)y{}Xk>Iq{XDz4dR0c*dUw65)DYK;IWs-`+8W{$jEG%X5DE$VS|aIn`7RwK>~c~R@+{g?LqZ1k zngZXgA#MaDUJZ$dMK}-<;QuQ>PI-$ngZOp{=7|~pRSjbpMnu??^xxE{2m2PCp&9#N zJX4MEo+atzydry2+@iA!;&Bm#g%=T|O!O!N-SzoCEsr^Kh$YHMQ5^VlM27Yb@KfyJ zrz9c5WU}i^dPBaTaaXwY;XJQC?0JHOF<%M+Zv>Blu8)}v?Gp%+rBkxsL_q|x=1O`q zg!rdx(ffP)u7K1T+E=a84?^6MACIS<`Os_u@xOs$UdmbE&Gz)G+6(Z00PhIi^Y9LP zNx($_{+L@6;1GA1Ow6R%|2SxPGL_$tV%JZEV!g2Gv1mpH8!ZG~rxTrgb%iz{FH9w3t5 z1$PcjJ8htRnD}lSK^Y=*ykg%XdR{`eLm+5d4D+_D<0B;L-B_?fWL5>jz8OBfo5pDh znmr7L$^uIvl6pTP={?Z&Rv72e0^b*27}l5cUg(pKIm<|f?%&*?Ltj~4(&>o)N)uBD z5cTOdh&&ZIK>|N2gzr-^hLx5f;wYR zQ=OIe9nRzSG-rh!I4dl=0?NX*zCBPS&f_s>dC=C}lmi~DfGZ0^aUBXX!mjgdZi<^+ zej+zH6O(K9n0&H|VC6|z@frJ0=V`3I%D&5a%A!v-Pv}4e;;QCJUA~`gp3>#}ndTW? zL|QHBET}7??z7FU06Zt@Yyj>CU`_KX0G^k04gmMS<}ak3=e>G zDIMqlQg$8y4d#wP09$mer1yjJUQoW6cGiM&t>-(TKO|L78Q=-~43N*uk53Wybc`NA zSX5c`B}wOlQ43^xITynVFx98RdBsHGD>}Fyq%Iu>q*o<<2>3HmwO;F7wJf@>*x5|d z&L+5ZQ@dLMcmw4F0DG4C?3fP}pek@SA^2xIuiJB+^%h+pb2fQpy(C=-SG}w%MkLT> zZsBNO*AG>DyTzT?p!w@L+(jBUvkF1CNX20X)uO$r-T)P`=Nek*Rv0csoG;E-xq{zS z2z!gZS?p|tup1!kh7M&~)Q5e)sqk+RE9PwQ%G`LUmv(x2MAzxJ47ADBP!iE|C8maN zC~@Aj=*Cj@yQ#!kXVJ~2>i2C)TVd6CFz`DCAr}rC2wj#S;fLb|)AvIjZIQGMNb`a8 zE|4UB7=9XIUWek9MSD-ur9gWSXzv?d2ZGll;3e<^QZ*o$ZBgr!I7#qR?%#=(ZvOn|x~am7Qi^+4H4#nIzt6XGc(p$FB)Oq$Y5~$l4vn zO?IpExxK{MZnrs~S@bjbVop%(N5Z1a6G;fM64kC&Sadu5-@H!kCt=e3fsO}HlqE#6 zcCrXT=7WIy#AuPr-)s-?xuV*YrK0X1lRdc?*$zpc8igd?2_vY|`h}#cV6COF)|VB| zS00{VFRMj8RX*)U!0~AqTGD4wdFw=3pjv_?T<|DnR-@?FBS%}D?+}RPS{hOqDJ+xp zS(y8V~}7?b_4wercrtGJi;cULL^MO`Mf)3zKwymy|ROB5XfH0l6?mq zMusi=J!Da)`LCpFVVWmknjeNbKYDK5*OpwNHq{>oIX`*!lQHLKFGIOSe-idnUUz6< z(Vx@KZzy`dd8*(gsuIp`2(0U!U!lY=7X1YV0R688uG+^WeNhRiY@;{C7fmX>q&DIf z9#)1_87=9{fQ-Zo)nr)Cr7Mg}e~UZ6Ba2=c6Q_q;^!K#08>{a&tH+()*wnm8x;^jILh?8*K4MQx)I)l2q*)3Pf0fe>3IzQWHy{;TGXjCd>dvu(gc*G?_`Nk z?6!btErx}rO_lUrFkyCgRsk|i&;9TS&?pnKSVKX zfUrQ`3hu997)kLGqT8QHHPMZ9x!OMCK=}x{cXW!EnjVn%f@udQd9T22&>`!E>xp9e zF?B;=)GNh{gX$m=Bzf;dl9#rl zLY&~%N0MGUGRba+L5}1AO)^1~?8&k(=HdH31RGca$^=j*@C$q)5)o`+VQgVoW=B_f zRQ&8P@q^OvnR4dk#<^^``#?NDzS}#t-y*43hLq;KTg~iZ)%T7?boX5UdBm zLAg}fg`6riuVX5Blpsrn^O(h=A}?&Qn517Lml`Gg1_;My3zU-OTN-bLELi0`u-t%U zxIQFp#N7Ar{Xx1nFke0|7xpF$|Jy#XSs9`nR0m7?gJJ+)Ju=F_l%=RK+_*V zjYj7uEPtHZZHd_nw}9Kv@bK{_%Qfshz<$v%b39bA_W}D=!Q56?+{LA4W9!`n}MNUR~cf5^}TNb>XJ@fbf8$H^EU5wSO` z5}TputQe)fs+}VYWGEm#4CK&k=fH$yHu!%5ShZyPVDVEdRwG#ffM3A|wQ*jj_7}+< z6`!zqEp({^w?o>`krj}k=NOzLEmkktpFp__l!tY}Ndd<-I2p+bf%7$RMs~qT1Eh{*F(wPh_eH$2tP`BY|Jcv zq{WU@p~Q-@nVbruG5V_nU#H>gC{U<0Zjh`LT)zkC=p;XeWLDhB8^TQ#2WsILe?A_46N*_1b z87iQnA(bd+1G!1E{qu^V78E!W3P^T$eZm8xhSv?+r&h|sYRT(SW)M8^VutYiaC zk2kKp$72TqG7h0O6$s;ipp0~uWK7A1h&a2a-uopx2(nF#@$qDqX>?f>glC!8arg3O zavvTzV2kHY(wP>`*O@jaQtW5wFsu{&Lb(dKPXaaT~-@-5G zuxE0gZnS?PA=!R8T4*?5AfiQPbfIKJv4)2=E^6Tuh=@k?QJP;&TBE&c$OIJ~7eg%p zZihf-X0ZwQtnT={M6wF7=nacp+NrPXrP@4}LW|f8=9fv922u(9I#EaZ*@%r&FsX#h z16ugy9WqxzscRtjIV3}COqgGu+di+5Y#7+|1)D2%ybU+;HX;{qa7MHrm>ilPZ;kP* zNSm;C8`7&(*y_>Mk_j;B53#N>NAOxmS`9&bc=pfWeXV3Qz}OcUe@^jhbx)b%f72af zivJaFg6`ojfod3_ZbILKvf8fqqS^2E-r0P2y;Ws@>B^#R4;FQMu&Db37Jp6hYl8w8 zt&72_--D*U6HS;{+UPahjTCLB%J<+vo8n}6OfY; z#vsCJlwF_ZH;_s^zCIM?+B-DBms;!wb#qS8J4DNfiTn#Kb|X>(!~-D9O(}jeLBi>C zLUbS;JOntMm)6On@87da-<;$(s&KyrnFcNlTy9PADL8O|OGI-~eHV-G!APg2>JvS6 zx1oxK_REwczeTb8k7T33?jW$ct-H%%nA;^A4M-G_sVP29g%>jJ4lf>!Wp=FlHa4&xTlMmBgV}4;=G21Ipm+7;`imu3@9S$V$+~a z$K-uUey?KEf})UjU5HDeySB_4H!)j(ZR;hN2}TZE2sHP z*k`u6Q_4yjHW-gW zV?76ykSYPG=BD`koSS>>BI?Y_j>qDc#`ygxAxf4L!0NK>>S{c3IDf!m_q!ql0`)J9 z>{aez<|>z+s4S`oPXhAgXh{|ni&=bLo1&VR<)fx1TI>O1vAOW${3M^FEVdwb!BLv! zfI9miPU(<01+<5H3ST$P$*dtyHikT<-H@ktG306OhFk4KlL{aefHA%hLF6eRm*U{G&N#HysSu;MX@wo~^gY&dx=KxrP zsC*{PSK|b;+VdT^N!?HV|Nkmr=c@S1)Aum!Jav5s#;aZ7YjpJw37xR#n1p>+vh%S{ zE!KH1&DUU^HJ-1iRo{An{+|U~vlsFChWL5OE(CEM;_ij)B?0tVE7?VW)&u%tci(x@ zVlPQ{F(8Kl@-iSVSnL(aCIFHFN3;h=au&DUdFSl{tq3gIP0pl?ZByr(N3S+k*euy)pg#g8d^^RrfIdOe z{GCK49=|3Ls;x=536W?NBq16}_XhsH#ojS|w(wjR?=>TtzG1sXyp4yvMV6p7-;`7Ty%H> z-#D*bWwB2ryAm@;!LHlj^}k!}Q%Ti+rw*H+rTOR3W4i}XwiC^bJP)s{O)PDf>?#HP zUjP6A|Nos>d00)```^1s8>M6jNfKI;M1z#BG_aI0B2zS48l473e6QIyCDA0wmFW_? zl6fi_G9_fF$dDm4k@;S~wL0&)XYgg#TyiwA(X{Pg4+V&Z5#GAg;F*0(MtF>vGh^n4CylGvU>4MQZ zn)7+n`ZP@=Do&(g!yxlU)z&&XPO7SEX{PaNI$Fnvs_6|?RU4|OO0Cp%%o}u!bX?U` zRom)Nca2u&^~~-2G))8Q!HatMkY>72?zSmSvm+HJQSsv-^G`~*i+*w2k-GgTb^FQ6 zyot8gGfFmrqdy!PK}+?^lrEr9rBI{bfvZ!fP_&@X1YL_l8=f;=4|K-cN$fjFct^15 zLSewke})v@z)yDyW3XY|1ayX;61}&?Cz9|!;8RhT=>sSRLLaOttiX>Ag{`EIc3^K$ z;Q-nY3P*{5XW+vqTqON<1J3l}5`CnkuDe7Z4LWiq6tjVoU)moknJ<0t!R+Ts#vvNY5Qt{dc2Ph7LepvD@wq`t`4M%}1^kZPp^pn4|pYd}P=Ot|};FNRSms8Gfk%V8C zjAt>tm({%rHcY?9Dfj6O$yk+g$~|}+>fWKa3;IKfa^RJmaxYX-JOTetDV~ANONv*( z6}k%esRhpF_XDS#>-WGvQhef+>+lP_i}7!qa^3zdx8dnCUQOO)p6+K}Lo!ybV8is* z!09^Tb(G`AcU1c1J1ggxSHvHt8*%@xnP#rAHfqhi~$>_d2q@# zJp#BB_wO2S-jhzi+4>j?oaH&i8nNW$bI;mu0i3NDmLnB8kgeVRoHD;!0yhSowatiA z#vv9nI)e?{1MQ*jEZ^$_Z%YCDuQ~PzP*(%MbILr&xQbhJ7+b5%2R$qBL$kLnWL1@z0%euX|9 zbQW7%NOU*QS^U+M=&qm_!25Bxb8cZCjX zgFnN`&ua?Z5%g1>Jl`txA)ue2rH(`&1nt}pbFI)Vz&;D+UeSI8`bJKEHdN?6z>f&) zM&YMB=qq7eHR~QEik(ZTAK_4J#!j!`NIlzj)8C$oYu);Ga!gixtDZ5MF|D?~o;lky zOTBb-l80tVr-}!~W;r>r=H_Oh9wX~J{%FYD*QBvBd)tX_W%DZ*e0o)}Ai+TGe7KWN z-vqr=W~WzczUYy8!Xe2x^_JVSAjf-s1`Mk`|Mb0OTHn^AdhP$(VoR&WoTRiD&ld$( zwDAhD$Q$2kS5(Lp_cgc1=G`|fnmJT8=z;2di}T-AuBCJsRkQ!-xnf)Omb!hby;hV7 zN%p$as=6i}FL^aKFzt%w#TB+0?azCE@v@sNOPM;%Cdt&?-l;y)Xh{*)32=$fJzKB6 z)vl%eZO@`K{fKEtPXBQ6xLmui>ZN}EgVf#~tfuMyl{C-!fNN~qciSGt{qti-d#8!% zlhq=-?u?6xP+Qc+$3MaS*rI%E*EfAbZd9DBn(1(^{LK7ghmYre$tzmsF|gCz-s*ij z4cNXm@LYGd`TJ7$uPtp~_AEI%`;OtYu&#^`sewsT?%duE`mEE;u;(&vYCIsv&d>G3|%>D>LhJ{vp z!Ob=(JN*?*bxj8Ua$a)rz*Xc7xsMa|S4t;BREnonE!U~2l{t6r7Ja4VR=cxjLrA<% zOk913*Xe=4bt*fx<%d{;g$-Y&_aB4puGI_KH(xs0@@9TSdy!n9E%SFW35@Vw+P2_s z)ZfMgd%3J+Yx-Uoa?BiMcX@8|6mgRocih`Tp14qnJ!rVkt>h9OSyv4lydu(UXZZ5y z8~pTA-d>eQ?IdT*^gzc$Za5Js>blEbOSI%}qiyo_ro8Pxy|R-X)@|QdT;?R%+&>*J zSU*y~IN!mk#&SBnKZ>oO_rY@*+kKe68G)aQqQe1ov+l9@#>a1R06xt#G*;cXAGQ%L zR1+OtvjMm5zCqvSx2|%ZD@C_~eMI3p{&C6drBYn6cYJH%XA3p|xvjzY!ByVfNzq(u zbQAm*%h$drSH-K!-=K4Ic2yf0dC^LdxR4{igQZpK)-x5YxKiyoSi|FJ@3R)AZf2cX z^LWE=QmScmd_2Jgp&9<(!^W*`{d%xo-?055FVoFQ&#?p*Q4z!Tk?mg7T6Zv%`W>9i zBN^fO)e+czulGM~3O`_15d`WI2lXaG zr}dDPq@hQ3dVDAujHEH4e|Mt!&E`2%8UuHG<+%7hmcOXWg3yGCyS1`hjw@};b0fIb zt=f0ceXlA22afGP$8b5iOo$Qss0AHJ-bINTkX_)R3_&K+HqL){} zqeln*TV+R!+viT@WTVG{YN?((2lQn{I*SA;Ex0?Ab4wnT|l8wV5`Rbb%r+*>sAcHpO(rA}+P` z$HF$b^qoS$cO!*uk#0b8H@cmC_MUo&kf1Z~TqSp)LOah+a#s8W%-zW#(?Z_VVg$1s z@0l0w%Dd2Lw^IT7uTI;E$K2aU)~E03H!zvmSkLr77Z3$vg$dlzz`f=7OaZ?NMm#t? zF&sX7&bEWj-1__keg%TTf2(z}L|v`DKh~}_JWvPCj9#$Xy|n#_%h@rJ1Z;NT4Et8g zLz;`xnz2e<{)?4fz=opr~MxoBS|Pxsz1b)L6t+;XO!~wJmezlDFo4vK`DRvv=s+ zhLhT!^qI$k-V^(hQc7<5&DNqz>F{xDbU!&Za^|S_fzUJiwl(GLzF z3CE0qYNV93IvBgCG_X+C>?TGRfD-Psk}?MlCRT3Wln3Ki`p1+&p|CnG`6?JN`u3gLZtT<|Nns5moV zCPB^uY@sF8-2*hK;Rk>G-W+p}|FIeAkA{XHc=*@`M3D%vuyLA`u&LnMqafa9V-VCZ z1Uu#^`*uRQFWL$Oj%&n9$0fInhdmyIhQ35|AD_(wF9IGG_y+JEu>o!0KXVY*Ex8`T zV~C03-$6`>oOgA-16RA(o1AGQvFot3?cnCp zg-+-~0Yxifxj@z&{i}qw0>rqeUoIXc&Xv&XtdR4UqdenNPVPXtd=Ql|`rOD;ur1-D zQ+m&!?EKVI=yEZaQhXm_ea29aO^}wp^j5O#ARc3qP0);8{#CdPV_55ONFyBUNXP@j zRV*(9241Y0Uj9`~$bBT-z=KzjQ+15qBqb|MN{aU? z%v6aRIfO1FuaScH5V4d3eHP?TkUz9jlwQQ>2!k+EpHpB(i5|kwFX9wzM6nTroKtm1 zl?X2wV%pbm$mCSaq@PB59|B_1fI}V_G-ndeq!^Bn9xU4b>QL3Hr$bkb!Vw{5lxt3r z9#>Kr0Y@@D7~Gl=Z-R>@#~aRrB{m#a2Nusi81;*6c`#%(!FMowb@di|HBaVYKDkcY~g+X^XSff^Q&3|o9k!&efj3Z z&FSvQBZ036lHHB%V8?4m#zt(*qZ{J>$t&Xi!ocfSZ}-oO(ANz4o70Pkoc1=Kr>DK& zH94m^7`N|go26=qo&gTFue!D0P8Z#=lr+#(C$*~qHu^G9cAeR3Y?hf^~I(`>=6Z?Tdz?#kSuvuZK zwPAXhX4r%!uXcl&$T%XT37lxJAWuPba%NEZfp`JyNT2ls!4XBFy#)m_lurQ7o)S*M zYc2ed_GL26gAj7flgwmFDIeV*cm{$A0ucjC<4^x#U_cjhxPzmER(6aupJPBxO9Z z=WUO=5p#YD6gMAc;gbLph}tj5I4`k2k}lh7#J<|ExQG#362CNSOxDPlC1lsYsMN7j z?AKtzOu2(|n{*XLZj!E!GrK2LT==CBHl4Z04eIcgn zaop#`B#uLH!>^1jom9mUf&N24lku_o{K;5CLB2k%t5KxYEvpmGJ+2vVWP6Qir7Pfd z%Ot|_3VpM6bJdECkhPmtvrpH{x1Q&t0 z1}?NnCPTZYQdp=FJ!kzRYLa_feT2qGKip8F1;>V6*u> zf4h>7tk~9I(+xReOScH%ydFiN#XKd@eZ$X}nIOvzJr$=0Le#adNQDnOR6LivZrAt( zXHXq1PV#SpD)WQ+f=>vWseML@pKw6ApeS|z4 zYdI**eTE)dOgnH9-xJq-hXOQAA{5;GmIYjRzzos%N;qbW1ivFC(TCHDhBGg;7JGT8 zBUa9-qXIh;Sd9pdMW})52}He6E-{r?NDIN5Cl>_LKRhgtgxs&Ari>)6E5~I5Q^1fn z>8yjsS^VhfpK|{r=icG4%vJFtSz`cmw!j*p&iF3RN@Gbn>s&c{-mw^o{!+ZA@?5So za1R#n2C-Qo8?Ih`h3OPq)I?j;DX}yHKTVL2C1O^wcuLVvLIvORZ78h9iZIzaj{*1# z4E^tU6G&+7!62tr=tRjR6JB<27(c)1r*g`OaE%>77fg$dDIR+X!dOl>d)K-nYduPE zwLxBAcC|rDr;b<47D`BTBU3f`=Wb=725__)M24N^t0D5|M(BF)9{I*7k#Z4WEl}oa zN*JCs2YfubEFAZzAEEx;xzvR6Qh7LIKiU;Na4n$XFvsaw zd+$bz6}Efi&wJ5do-`lg#^_}}shhEh$?iXVoZ#C$9nz@AD@{y;>8W7+!4#pakEvo# zK;S}eQBb!_$q7*x5Eob2BxDYT;(GZxyEd{yUeTlDWdzX=N3f| z&9-0I<50!U`~Y0c;JmTNpd?ltkt3d4;HX_|(Hhwa>dW8U7-tf2U_zWQ z!)9o7I>sQ#6~F*~QAIiXAP_x)8Cm31{BC&kV?PWGG)q6Mdg#=LEF^`^#s5VpNv50SaP}5SL7_49gr#K<@~pW%9x5T)PDXSe7FBHB9kR z)?)95fHo&2nx?~9AA1uTSVid8q%cyPZWnFe4g0$Ej?| zTM>7s9!kMq1S05Im||ocu;7zXFr#&h^Nxnf#@!&P6(jT}(a-jKmv<+Acth(-7Vy>G zsoV~zc`F=E&8Db6{!B`jOo<~}Ty3bWO=Hi4$6w6q1ZGIeP%bQjn$~TE+Qdz)ag{PXqul7nE?Smj8~Dx} z`XIR1a?)1;56AmUEYn(t=)Lb4x*?mSoIXQqR2=j-V;&WH0n0k57DZ2?L$ShLZ5^NP zuh;JoLyxRX+bXU?kkOmL+4b!(Fs%wyW}}XsFp3TjNnv@`?jw^@CG`DY3rWwiTaZvC zqtp6$`sr160<4IRnfoyvj!XihrOexyWLac>Yy-`n;ArNS&>YsRX+47J=mSq$S1q~)`VKz}2@7I#ACSpg zv6TsQva*RonyQX5 zpO;HAh0lCz_vl^0c6F!EhrU_^B4GF)GX&GnAuCBe0dKO=*g8Hp{ zPYIhKStpkD@5<3X83Ib-BI3ZreA{m^3k8{~M7=JZGoMNnh&toTC{!`gW(G5W>MR+m z{AwDv`T9Hj1-`=^0PTliL~^w=O=cz%v_*0VgL%8>9gn0wVT=5Bwo4($Zhuhv9e@36 zKw=fmaa8~}kzEUyg{-Db?VbJN_IDU|yNFC_k(1=yldODA$ryHSR9itvAQ76yS#HL9 z!|R%cER$^>j*dAnewl#XP_%0&_nh>Gn)mP{u!LwhRQ{? zS@53J<`$%=MUr$y~p!k`^>FjW}DfK3vASTMZLDZ^quNS3`xQWJNQd^)L1W$-YM{Gn14@G zYQtzg`faN!=%U|6Rk7is`CjMQQ{D{Tsb5vIgFJq;@w0ljlor+F{cY?k?8&8kbSmv&&EIyBK0M=akMo2x(BZ)67}}lkRU`i=xn%2$Sh^ zO-7c{>AR|5F8G$@aB;ds$ z%6Yl9nTk*Jp$+1tE|=@Me3>4knuG5<%5R+d?Dt>9OQb2dY9|tGOi02mmDI}RcIptu{fbmvaYZw+)ZWqtyEd&P zDq@1&7Q^~PhsDB))@q-XsNFEPYIDo?3zmCDBUYFHX|jcc_6*BJbS{k8^6()Q`jLY5 z%s$_VG5;4(=uj7^cJQ-L%?70yKE+0n_55@S6qUrZFO+%|C^`{xXD8549>5dr!$QZ` z4$X<6Ii1$u7>IbyMDAKwNW)SO(g|@xQv&Q}FDS6fOFXD!&bplQb2 zx-v#$Q{v-gFe0n0Orq!j?{q?K>b+NlMnEO^&L-nuk^m{L*yoHtq&HHqtzV=_Z&&*| zHDO&yfrH)|d^&e@MIm7ZJk^vnmMeKS8ZAY-Kf`-_-wDfc6`uj2-8h9?=T;1?!oVhG z`Ll~tF$2uY?Nsa3EBpK^(FY7ijAe0_Ym8ajD}aWZT*ftLZ6Tt{foEH1>j^qUwU)dXy>LEd9{b9 zH@F@=%-RwxU*8WOezLP%u5D7NiSOnEZ^iySv-hT;0`$KA>YaPcUG3iQG$ov*ruN!q zEX1Fd9+|hWE7Rjfpm{GEr&8hW?X{E=YN;DyL&9Lylrx^ch0z&M+G=ARo{r8f(~E;q zT47H*Xjtsv)ZLCA%GWEmkxZaHo@QQ8UOB?8NZ4fF9?TIKp2lxW&+p-PUbA0v2$Y{$ zzM5|kcKi3%ADgumYUwIlG~LgPeG+> z4+;b%1q}oQ=!yvBXli8W$ndu+U)Ipd^qYmX>5!_f-3B|F4}#xNa0bXS_87PtTEzx! zxT&dA-f)0v3s#Cy9Mw2EaUwQV(b$CVD?Qm-y>7__5*&*`M&UFc@1rt<0g_dUKbjy( zRcS+eu*w)ZWAc!ZVe>uYEm_HJg-()AFJv(r>PZ0Xx9)YrqnV)AhB15A?;ljSZVw5j zScm$kk#O|Fc24*+F8G+zI!opiC!82WeI{>nP9^r=7=8$QMkLl57?s~We zM+P%w2F#t0UK;W+(2w+bFnpI|9>u|{I96PdWW+>J%{@AO~2(1>*! zm5vkhn)(Spwsw3sWDl)-84nhV(OEgoMN?1x7-Gmu@s|iJ;&6C~2A7 z;4moBG0}K%)q>G7xMo|`H$v@Vps8lVgym7Mj}xyFAHTTJoiDMEC-Ga=y3#UnK*s8+ zji=;Rj|d`y{ar(UuVZM2l41c7%G<3H1>e7ysN-9l8q4*&lszZ%r*DDvou4Esw0xbV z)h`;+lD<)Jub_uU0fWkiI}*AW)9&uyZK8t&Mmx*A9~`sAMe*dunUxj81`o_?v`km` zX=QDTo$kH-d2_l=#&cGe<4)qKDBPBCMV9T*v*to8J*%wldpAAz8R}C!; z*=ABS2ZB6W`6Q1JR|2Ntm)NWK*O{zG`|qsxJ$XQZl(T*SH{gqYDYgtNv|kviGbsB$2ll7~!xqwcoTc(G<_;`9O>E zW^i-^wZe+Feb7Ft(E=B0XtuBlMc#%r4esi;{Xob_bb&fAvwA?DEggyB(cemctjes3#FlVBSm4zZ$8WXIw70q8zERT|ns%}(+h)bY_kcA={ z7U-|RAw4v&bi)1}GLuaT2Q(d4vc= zt(TNe4zL-cCsHPZmwC(Fr`0`~%e0^gx~LjM)@Ba*^=NamYbX^&OxW*l<*5sC1$EDo zYypGqyoE!h%+TCisa9!UIPeF_5l7%u_ys->CIpWf`gBPa#6ILd5$$&#p&WO6gV@a2 zFo1_7OmS5e3hD@9A+?Vp{5&^*cZlfEYF5mybbGm9uQ^lis*1h+EnCEe=nZNE#A62_ zvVS8c{r^ZK^u~6!-z?0?qWWO`36Vr^e20jgQD1Z8N_FTMlbaFhE_+g4yjVK1hDoA} zvP}$bIrSYj9Vz81jbfXcqR|&3sJf(poqMIn3?m_aA@XgR_$?agf%})dRHfZF7KEWL z#o+%{i7Y8GRDfP#K-K^v`KQ$x+W?Xo{eP;lLQaZKj((gLFx_TmK~VvQUTRWWYI1Bw zTJ=_TQciYaQc6{Ffq!!I?T4J6hN~|DVOVDD+tlFv4}6(1=d= zy@$*n0Zgp!T20&mm(3;I_@FeH?rDd@jin0oPRi5s=4?zkvf$@>e6tAn(J=N32@&Zp zNbR`k2dy#5@9}S9b3?{hqD;C)EA?j%l?M7iJr;2gYa`x|?Nn{6j)=dZoQ2(Ay=OW{ zg%fS4MIKI2MC#o63N0GfvnnavM>D*$TFg{bLiTAwh!1f{hrWDn2G&&x?ntDbVK4

@Y;ThMiz46zDnP+ec2`<{-(-YHsQ)lz;f0BL6P+TwJaMu zlm7^g3KKAafZ%vSgCP`_>!TBl!TW2s%Iyxxy79XSY67~JXit}HkzX9w6v6;pLvmfL zrgS$gWt7g!ey>Khh?AXAcjg0{Mic5bR^F}qwc7+4@Q3U{6ev|Bk*Y0Ris9`z@@Cu{ zPNu3PE&XnEjxg|2av$dSa>0W*(oDYIz%l#e*VFwa%%d67E)32k`MmI)dBD-TLW#VE z&)vUGG<`&AJ4gU<1qR@b>i@;vfA?~m*a?^cLL{+A-(dLGuav(~Um&+O2+7mH`Y`#` z0zdWO;WbVxL%1-Hb%Jt(@2TXHv?qnlT<4m(Cm zW+JScuSh&Q;E~XK4+rqSi^;{*6^JwnRK<7uJfIHQhQscVjq)SqFol^$^FI|$RBV`1 zZZ&~ww#yK>nme?VVYhLg;6A|4ysZpBn~_93obF93t+z5KiAEYqz#95WMCFi0?vf>> zMiCV)tgmsxO&Zo>LE#6;6SieS?;MYw(7M|S4n@Zx`N1{;8pR$l>$T7teuiTvX=pS#XN)$DW9N;>vkfgD>^USLdpi zzahyY^LFDf0C#Hu`o|FVhr2)K_MhBEOaJi*@W;%4qiBV7oL{)5urO+o!chIJID=cL z{K@SNCw#GyF>^cx4I6>}N&(xoYJGy}ktPX|Bzr|SO+PV&xk~%Qwhx)5`dbR3psRo$ za4+TM;Qh6jz<>Ebj4yYn`~f4C03ra;|Cl4}tzFD4Z2!dJe`^KPlM}Ra98utr=$M7%H2z?$5lV?D zk^7O-DAGz*Us+k%(4DW)%I_Oo&}K<3A6k3Q1BE~cRdrwlfz+Tem@8FlRsGj+^c7UT z1sCc-iqzp_{>`R-ZR3$W0M^J3aPWVW`oGrtpZLTlzRnhqI6~aA_Xp>}xkR!FEwQMZ zuoCJb;=aQ=m|9<0#}N;9tb`C7B`qhu?|g3gHHTsYI!bfqsY0AVOUrpN)>{REh`iv? zKrSn)x5Y5xX)^!H1Y;muhwDbUwNmI5Lu`3WlYaj=C7V^Z=XkqHiCMcu2;X)9f-$UR zKFJ`5Lb+b%;Xlu!=pVJDN=gClw+$z&g))O{>~*#E9PViPN>i-gm4tF6smzao z#pPg5(Z;9V~`R)Hc>sHRAry&uYKNvW z`tJ&mNh$R$f;=$Lm9>hAwqDSEl*_U-meRrr3+c44R~-olNF`Wk?0lrdkEaWBOYtMg z7%t&wt`+XV9lExc-<;D(jlEgcUz~}Of2ps)1tIiU+0a}&HL7h?T$rlB=tu*`MEgB? z2xLuRIn$QA4xQ0@nbhtM9}2e%+s(2&{I-YU_~Zv6uTU?d-KFpN)Sswh#0id;vwv>~HbWXD7*_SXw6Nk6$RLbRSqjoZO57U-Uy2G)ii9Z%B8Bfe0o z=s~p@7`$&D=D!U4LN3&YUWsHa>nCdhegNnGJdT42>{BavFls(J?&SzeUv%GxC1vqg z3KI@EF2RBSyUzeA_IQCP8q^43FVYvhCNS}IH0dEx#V3G0+nP4T%oWqx8ADRs#!;cd zK2y(X&gLF>k#E6f9K1as)23yQNQ?WbSBftswLtARy}eFYC#(t%m+Pojm{EOf?JNNz z<6Ay{$i-Bz2hEZ)92@dWe2mjUMXg-NU1easU(sxQ1z44{O zQ4^+AA{$A$9NTTbmQSO43t#MieYk6vedG% zGn3L2u~mR72vA1>g@dg9%@((Vf$;&$j=M@A3vO zP0&;Fg06f1XzT;)kVS>5qKZ!-cT|EXf4O#o0mpV&qZW(s`}{mtF<8hasigRz{FDylXF~_iJf2zTgr$$6 z6SyU`N+Qai^$c>%RtxT{vg)Ml5hg|71X0!%OeZWv37SHDQEcY!P0zxGt%$o)9(Q-= zFz;zc)w?A=usShHfhbBcCq&1loM*BvEZ9fM4%$4Gk(lOTuud8HQ~Ha(C+wt7@f{Qi749jG|E$ zHGiHbxG;V^W`%EwUy*y(@ussl9ZzC~l+*{+dt;AS3zpDqfaeT|@6%t?m|}O}MOw$L zIwak!?J7L}8qi0>clt6uABHi(96BU&r@>1*%p3UF@a*0-*b7_JlJtO#twmFoG-!<7 z)d7keXd|Z3H2VUURlcJjd@0C=ga8#if4bm(nT%K)32bR-5W34GNF!t7jo^n^&R_UE z9ykEFc0})L3uFv|Q#9&p-<>;R2q1;A(*T54?7ccCNwv2%z7vUT7dk#E5 z0q3s&nnhpDr3i8WW}pek3jc_eom~F+R$hXv6+rnRHy`Mrk$u1=Hr2r<@HW32i{fel z`M|siFj2uginIhL>eGvirh0+BF<3V%1dH!}T75yL0j}P9y;%`=PHdf= z#yG9H4b9Tcr@P-ie`Jhl-38JC1(4+2Gy5F z)#6o49>H+5x!Eeb(h@9GLkevcpr-*_F<4=06M5KD)5;Y^BEZ}Bh2|TtvJ9n>`E(Y- zYz^|ZGo<|vlHS!(sqmEggXTEr$OR63dVVSdQSo3m`5wMt~S%ZTNqR z)2ui}tNuTr;+2Np#{o3FN2r+}j-BIpdpK@Y&x+8dU-mp{{xD^(lU**Jdw}m3(!f~n2!h)j)=e4Bo4z0c3%ROlo|qlq1ycSwca3w0%uO(*yN@8 z1LO7Z!YwJKzJuc1EFb|JI+{cObHXaw=h|H_!Y4XmNxtu3lU4@MZ`3_UMUF_B-b>hp zt`N&mTtpP;#8<@-f(Yd}JscPc%$4lr8$A3H=QEAgQ z#C!e_o1d}%cuNT{{}RrioI>IESAFZ0uQSsDbj=N*e{^J58+t=WGp7Z*KkookORFIi zo0@cV+K0->#-5+o(xCd>p>hCyr?vA6OIeepH|AFT|GxE~C6I0j2hchXpjbfxJnBz| zU@$eZux0r3=}%GU6E7lIoW5yQP>>2*PeR_KJ`G#ztCWEkJ>I10<>I!KCma@KoFMO8 z2(IE>tNn9vD7~J8Y>bK)7ZBE8G}8zpL%?2Fer_h0`B!XP%js9RAAVW6OqbttmDa?c z@`dtvB?w_lSJlm7RMEDOI+N(ENkeFBc~?}rf3Y|{5^^wk!A+9xMA?N3Q?GgM+&iVS z-w{*kriPUJSOhp<$M6#L%eV^sRYi01C!j%qm#K{aaE1DR%g)Hu(56z|i#PG=b7ylk z%A$FUX*jNd=|p6TOALW3p_ZxN+KNStg6w2GFSJsHn){4Uj4~@uQj9Dg70*415&$83 zF0z*v?%#cSKE3^V^n9*goqVci_TIU4T6FQdfsdiUo|7Uw8e*OH9kszggo%)#B&6^Y zoAAN$Ww>*o$?n#am~gox8ODk!7?1opxl@MVPUcZpMxj;}Cr>rlSzsoR2J7?thuFX1 zTlu(?hT`Gj1j-!--J_m`%RtL@!qH;Th5e$`NSlt3HT0?s(V~ zm`*rlj1FsPs-Qd^W^j52p#j;jqfm%Z&0eiUcYh5!1ru*NCQ`tcjz@i{6vkgdZAn_a*tbogydqY0!e|g~L)tKQ(@tSm2{J#!`$#M@M~@$vo|R ze@cLMrYA^-0zIMl+K1Rpnlm7s6w*~|9M-cD3cB*9fuMbTf~_VxAOs#>M~g+D1$lA1 z_LG<%=G%Z~xXc=uT#`Q-JyGV3ofTf9A7<}lf6(-CZ6YcsNOyQ!_-{WYBeC-!#mPxo zN^+-s@XJwALikvdIdJdd7Xcan@tqG!awv5`S3MmVD=qz#Be7RIj4C2UJ_mW&b2i~o)sFHR2iPAa9Lj0q(KuFO>|&Ieo+M6NUm2GEnuQhAR$ z^d3}56ye=pWCf_4@qt5vGl=n1AMYqtP4Jbbm$_FM0a64l<$WRlT%T^-{yBe%5KQ0> zFhwKGzY;|+vDet1^pGtByMKr6JjiPCy@oA)kccNZD_5K$h{1pc#&HuNGVrp_-9b)+ zS2bI>Al}6{IgFedS(TGNGFEcodyqM39U^wAe_>5h1FDgmX?u=B(HcW@1Fr*yx;U?>t1N0c4D* zOh9bt)#YUN;1Ij6#hD!=04C@AYXW z4jZb*o7-@Kg@-7TEkLQX!rP-awQ}M@pCI(b5bpx?Dn>YWsGn`mIxcT^4F(;+BMOwR zlUqgyQwI7ogmIm9MupQ(mna?XToeL+mdAeyodBOJA*a}ouI*n%7vXG+EUcSg} z9nb=VxN_LCSo}{jNOd8lMrxk0rBF)yKr&rI6d_h-PfDdFq06_m?wN?=0?8F1lJuNs zK~USYZlo&29{3=0P@plW#%TqFNdZ!VhA^K2}*;Tm$_=d-c~gs`B?R# zY4}ss5+(wH5^IGK_fxCX=1$9Dp=bL@gOG*>B9_9UL%wMPeZtTuwCbB;K!2lw!!Sp| zM(o$#AD09|1}}g>{s@odj-2@#22^X^%d53;8;4Yf77CHJHu<%$o9d|dC{QS9s1!qBsW1=lI$T7_ual@i$V1!_Mg&NNrh?S|q`>h&7VpOr5|yC$ z?M7|*xz9#=`qr@b5dLs}4Qv=AY``Ye$5TLxgWS6x{y#`kv_a}$qFX*>N7QIP$3AUo z_PX(_p#x~DL!&iT)Fw#=yH$o9pQ=cwRTbY};ZR=t-$U@|QVIq;gI2|bX;W{JYC(rI z4ATmpu4rSzbkTQ`Og)*0h#M~%J_9^$C>i}#;igI%WJ2-u5Ki! zF~2$r96g~z28|t~M=JSzg4m+7PAN&>aHNAeP>)I3rv05X@Kn*2h{VTS;%;>PYcyYa z#)*CdH&d-qb+q5oZ-mA4)U&I-?+f~jQRKY$Affxe6{jVy@_QybXVVdh;+a*uL(vei zZL{4`Zx-;?FnlU`InRo|E1za-qd;#hx$g|c;IO@*?N3}Y9J^;xUT&8+Qwv1vDY_ke z8E&Z&)qA|c7+Qd2p7GYZeCK)%XG{N7IMa+jh=eCGvpq>(-x{>R^#H$+uUs9WOJT%nD2%?8__EGm%>Uuilzr61mng zRWfw4Q({U8nB6qDhHNTmAgDtoP)4GU@svR@t<86Bzg%|7`=oXQcqkY$Ck{lJpWoON z&_J-jD?vL02fBRt3Xqt2$pfch%^ZyKk>=~HF~v>|XMQ-L(Q!s*1y#4^ZcR-8?p1*0&BAeTPwe-i@wD?2W-3t+rr1-v`j+auZvZ*( z9pjHV7A4X8PQZ-9RJ{8YE7ab2a4=wIJD*hmjCj_>$3pfr$72v5e5&vZkBcmiOF@l$ zj)13wbS0+MMETTBvTj?W6x&#gA@Ryn?p)v4z0=9Ued^+X8lRB*)#AD-M{RgVs`$->c(~c6T>Q($~P)yk%P*#?ND*U^(aJKKv#t4^_JX{PBXRn4t9v~-UWo*jssJPuiS@?dLL+~(mpSP>sG@K`* zn3M#7f^ICIrgkTv@nq$ddJa)8?kMf&k59Yg{eIt6%075o4q3h`(Y}VI8Pkr58kZbd zx?Eo&X($ouW>A@ay8OC^^)oE-Qlvl^9uOmfOy!`fq+aiJr$k1^9`~`Esg*diD|+Cy-1l|^r;WDZif$|p(F4{Wt1;GGj<7tG zit5FT-QE%CxqNFjJ`IitShP~yw*nqqm2rLvFzVU$T{Twd786!pe7MUwjIL37_R`ms zA8Hh~F_e(q&*oKKRj-9k^I4vE{yw!|`E{g+E-Mzi(zT-Q)ukj&AkgYM3zGPxmU5`S zojx%^iDg=meXV-v%gl&4$7xodf+zE3aSq*A#_pqjcty$b0WqYcYfaW;z5F!u{#^=R zD-?tL?6mT!@%`9+MNxcVF+LwrpFk!plMTQ94x5e@wR2u?&wN~oAL*rCgQ)gm?FbX6 z-U1Xor@JGC1Kl~>1pjROC70#baersiLaZAT-Eg3k(!TOW6-yXggomU7oKp5Px1S<&u|2@#r; za#(0A+ zmzTlj3meow%nYc)eYetS%(9N{a7aPHQ(rUC!1j((>%5RV&E@m3gkKgwZ#($r6ZRS7 z@{s75^%cgnO{QCVt)&X4&uZDL5aVUsD&&$q8Oa=7Ml*{5(H430bOz_jyQHW&HS$7EbvcGJOx zG4*wb!xgogi_LHmg9u)qopeM_W9*mhD4{yHO3L%z*wdQ1kJiII-K|h38zSxYykUq3sHUiwd8SoVetFP z7(Dr7J4%An_Kkf<)|D$yn$>!No4f;wSojB%GYwkrizi4Ov4)T1z=r8J4x^< zZQHhuj&0kvoypA9RLxY)t#j(0s{3*t@7inaZ|7@r&RADmg;ceKzFVHE&}x4k|K0qE zr-q%#jY9@p#tjNee_lm6U7P)W9i~p!s`8*3*}!ibp*}11G!=fOc>WWUJioDOU~Xq% zerT7GtGou@nLcNmpjk3~Jz{EEp9^V-wH)k7-p#!;#2o4ALeYL>fn8kKku}@R>pgp@ zxO!|63R7udD4T}AKy9(}J6WQzx)*z8UI!WPHsAjP;rLK{)@ggfylhIX;*b?}4uvVs zc#0z1xC|P`+mrI|w`pw>Taf21*Uau~v=b?7AhXoVNxUWeuA~g=rney?qDojgl$kh7 zT>42u3=}7eQ!qB-Qag2;v&&RP)o5e2TYo64*eTqJK3AcRe>~#nG6lcW>bOfGcWi2C z?3GxC%jcb6j{;_n7SD}7!=ZId&&7wySX&C*2P)yRK8Kx43hb~=4lE7H^XsegII#sU zW3q1C=&5{$vr7};iv9bd+#$BCNm%=uaI;$z6sGSHt;?#7hposf>*-G7J-Yb#tu(M+ zq~5-U!Fj5&hQ1r)a~QH=s!L~Jvh8gK$|dJ=i+sY+)yg28e})ttiF?^ZR*|n6__6h7<^8YIzrkJaM`d*f^X1Gm9j81p zVJNeLb*gYm4h7lF_9ZQ*k%dP!j6jhcJV+KYYo8{6yIaRBStt1mYn8Wsu!8QV?$$Al z+UV^nY!{fc*e)qoZSF15jt8sI=)JRdqXO`V)#n&hHyn2C9Q4voI@8qd$SqNohkrT0 zpDA4U1D#LN^g5fyf1TKDL<9yNx_fMNdfgly2QA~Bk@@b&YxnhKEW0wd(4Lz;Uz@cw z(p6If@nYrszjHBcNE#R{Djhv-C|G;M=I*=66Zm1bdBq(@;Y-?YldgBEb%acgwcF!{ z1dl1ksNHcb!955pR-hKpVDNBke;xFX&fJR)kN-k;lb)T~WFDVB5ZQ>{Tt-viHSZ=BRSd|MR6ij#mYw{Ua)9$Kc6CqNq0c(zKxs*E}~qf9zxXOHIdgV8D4x%(0YY*+*Y^xLJlR#T$|0G|0R>5rm4!*k*6 zgq$WbgBhfFR@I3toQC%}s!^sJ3&S7IBZaYPW5mCh*SH>AFP8>4;R4QK zVB?d!rMHs*WxU;KJ+E-wPaUJC%@?;nOVjhJOjBl*UA`N4Ikj)U%zrFz7clWms(P-G zY`f8wTjnhj+_S7rbS9^~FNV}y1$$RE;B>baS`IN8yv>O~UN}TKiN1|ys3t?m=(<<3 zjBK5(*&XtKcK2GOfU!8q#>nVb{EP8DFhKqlVR}!J9VJY|(ZhIo3W*&2+4A03=OW|@YX zEJT-Dl_C<_Ed!>JT?a#>!V9&?+rywZP+plLpXyG-2Q#2mdS6q_Tq7oeh>TcX!ic$Q zFVU*a3&)6awZ4SLX5J}@gWw6?<_HG%a^{WebcgrYDdfu_BhX@a4HY&f)zxpiYT0vn zts~NsqhftRab#_TSO0o`nNMR%={cwRTb3;4#f95dCWlvJ4UMKY(Ou~vRF_Lz3+@mi z_;@F#J0!)vmv|YICK;GBQn=R+SzOg>b#1+bTY{ArCi(H6ewKlWTXP40Y0+KD({PFm z)m4jl4v@yK^&##zFY9rtEwA<}R(}~f?}CdYDdMxul?TU^(Wm0`9Og<57AEB339p(Y zHLpZ~_1E5miNy%faNSszLEsH=%P6=J(!}Y))Afiy!N_;eWf~5TUpM=sr5|EAJuUUb zuIW3=U9s^mQecXmi8uR>96rjRSTPV z4bq~^z6lyl<4yVAohd!9-`fxdYqpH)s6*7_#JG(WEh<{3e+E?8F2gtEG+2zzE!6}< zaS=px6;6zH;;hF-k6emjk$4K}Nye=@w(Uu59HSS^&qjD*`!ls}&y4dxzd{6Cm|et| z*ANyP2qdj^i}Au~f6?{i=;S&Xn9NdEJC2cL4OiJ=6&zXf1bEPPl)Ma|96?c{9%BHN zT^-%cB(O>*S1ehx4jqiZByDh2+^}2+E(>sPuo^vk?P9KaK9>%0nNLdyEm~_0cn+R- z99C1~@RKNqB#p>qFFO>NsOe{>Tz@tmGKnL^HsI=NnA_Tu6WM<2b8EWTSa;mIv{+fK zTryb0&T?lDbswcAKy)SE{q?8}!#@a^&)SKDo(73-GSp0^Dod-tY3pIz>79(QD7gI8 ze)4W?^sYi$ma+OGDmL7U%6xQ45~oFee8+4a=TJ;ObVMe?g2g0_i7tdsp1!^0+%1(y zXt$Kt%XpGI?)L49SV(4YknsAXDI)o1rZ)I=?amr?-j=;WraTXkJstNxcd5>N?lL-y z=}r~&q8IM?t99BjjO$d*{#;x$ahbLLBne;#9cD;JyB!_96!q#{M#swRIIg4@;u^L& z$*HFOW?VeiJ1C0mTOV!F(Or_!sHI;im8m~#D|3vToC?mDwrQp^)n-=W>vrC-D>i@SIK~*xvkGGTDFIZ34C92rJzJ5r()~5Jd(*rMdLaHzb3qQu3tNqT zzwf>`{BqY0^$D9UNcGva<0_rupYhqc+gY7?8YhjfU*EbsZSr=Cbaa~E%jET3=IC_I zwa!qcrQ*{SmZuqaV$H^cql|v}crX@k-}0-Bq-DXAeqC}oVa0_UqmJCn%kP5EShs%Y z+NdV4dM5gzeJ|GQ(&sOoEZS~1bBedCxG*UiOwY(qjl@ z%kq>GOU7aH7CU*$wPm>20v$7kcw2kg^r|lQ)_7d^tglyCZ+6Wx+{|B9oW6Yj_+vlF zutreHj|z&wh-WeS{b|{P1vDDw_Ts@ZvU+4=CQ94!lZd@&CbrCo-5jI);Fw8A*urxu z*?SHI{7Qyu&=K8~;1L+1z#7KaV~zyP8qpTaJH~sKi{sRnW0>1%{?%VeFD6oyReE1P zj0bDJhAp|L4#cldEI(Hhl&HrY1#-k2h*2Qc)V(-$q6}1fA(ynj>2tcK8a{T2!CbH4 z`k&zM(bMRj6Hr)QWzF7c?<`X(o+gi!7dVKzmo3kgA zmWDH9mhZazc4;zc+33fF;>dQLzI9W}V4tOFvI#Zt#!0&OHPoPn-5dw`WYd7Y*+=wF zSRJOV&oH(mL0g;LKUlHIZePWgD2iJ%UX2_LauU;S0XugI!g@hsy}^Nga!ToR22^>5 zOh@P%?CCNN^ei0=`s{YT)JRQi2Z{7lPkr1bSTj><3A3w*GEK$)S$X`$><&o9>bh*e%AUm|VPIk&lno-~&lq z>(aV+Ozo@VbNieTJ6+OYuPz#RL85|juLL)_dz;;Q{bkhktO@Zq*a#4m`|X+5DU49P z7g*$o(bUkvElg}FLT-Ww>Y@+o;ty)US50v@J6JgX=sK8-Ydt-m5~s+{R*}JZTjH>Ihe-03Y3fs`m{z|mizN>E@ zXLDvqTA8wR`=gK&w~*~HAHIcCkWvuFOEW)5u!Df97+PF8%0HkH35D3W+{v7OKS&iU ziq&6=#7@1(f4hvKwyf4;C99%|H~)R@R(F;9#F?yBKVuR)#8gPtUxu#v`srs)opZgE zHw*OnU1cSqj>bipwdMmnj^M;2WoG@KA^Lwm`+pv_p9AC121Wv~0r&v|0C9i>KpG$e zPy{FeQ~_!LU4S0I1mFV52NVDb0d@dWfCaz<;0*`_1OY+;VSq?L8Xyi31xNs70Wtu^ zfKos?paM_{CHtlERzN493(yVd1B?L105d>Bw5B#zMzr=$*49S$v@SOG7C)Z! zPuD8r|GaenI+pNLG(*A^)|I4(d{mE$mw|o5)di=TY|21s^Emhs6us}c~ z2tYtsKVScs;r)}1`tiGU&8&@WX#Uf@tx_>lLtbsJD#S+^iWMS}M?ymN<3kW?6bA91 z2!NpojYotrWC##}5VivmYK0PDl4c~&ts+byqgcx)oCEn4UCL$2$4|>pY76|XqJMGh zwe96|p%LfFcS59;^T7W?)&!mb# z1O}d&g`YtL;vxoi-wJ{zJ9JdLOBFNzSFBCIPw03U$k1Uh{l=!KLkOE0IAB_S-wyot zj2JCQH7b>UUd;ww#aPwXbf(%d~J(`2RzBZ~Dh7r5J{p9sx)gtu3{F7tW)h)yEwX5}tyNeE%%63Dx?C4;<+sI2y63{f5Itw6|r#4iyYVVIp3_ z2@sPX>lMHV?C|MtK>a6H`8$A2;m9w@4T0t>Se5)lj0!oRHLnsB`W!#=74}*#G*q0T5UM!jk5`JxsPJ=9C zD1MIk-Au1~uK*&LFJaF#7exVDR4IsrL>)(PoY|L;0ml5V9vs%M)osC0!y9w}ZwO{D zu_!imiV!FcL7+${N#4-syyU`X(1Es;M2gP{V#02;qGi!zX02u$A7REa)6 zI6^2u#5COtG|!sGw}U+d`2=b*C>DWCALem>Lp=qk-H%v|mPb8Hq8|~*v6Kl@+{${; zFda107d`)Jxji>lf+%69d-r%L=)0SSV<_Pw$^Txdf0xTHmX3lra;H=>@Ed>N8eVhU zuo{9taHi4M9rBbe$T2q4X_NwIv2I*QluNn)+JCAme!qNjN3F-;56k$oF zdG!jpwqaq>QhhD>W=aMg@YduXyqB6%}lB} zXV2i4vd`EZy0g}X1|C05B4yTo0G+M@q$rgi&(5vy(69Bw=IG`phf+DFmgin3SeD$u zBRZoxhjkzF5MAFRUfkZyIrjj8>H zp#^SzYAirj>@(eie&a-~x4p8?>w%upS!yH*wgb+bL3^$p?DhT6eeWv!2gLV*uey}ALgl#|D4X{D_uXOrXB?%ba?00~t9!*Sr;3894ng?H1;7mT zc6|7=V{N6CcY6P=nd#b80m*NY8E=8X9&}iX2qDFZZBHQ4~LOGu%F91dRJ}vS4wqFK)OH; zWu+zO#7n;#pJfp$gh4yA7!L8&-Ay*U%FrB)d1iCbQ7U@7d^xjh?=K4HY?oqmRS^4O z)sKt56wzp0cSxMmX8Y7yd$M|cTsj-TJ1$KfM3+y@^Q%+aDQbiAC+bF9rYm`FJbKfW z;-;w3M7WXHjoNKlRByf>l-jBq0reO!?$bALqgrGp$HBF+YZSgFYBYP6^6q#IjCcx8 z=hwzvrijAd9Ok=w{ z_;7)4&m3kb40;95Hbw#MJ1XA#-MVbEp(jK}Ygas!j+*76X=$7BFPNOU>#C`=om<&< z%yYi$KQb2$P}8ng&e~``Wz7Ae#4=UfBM8xrfw+a8LLr9hVAZ~J4bF7A8Z<6?`&1>0 zYMdmxvwQ9!rBo?g$3+;Nbhc@?vF?qO z7AMbpX}smz-h(RuKRc+9kr$yx_K6h2c>c;H7OHgb=5nsIrWDEMG+VzdynUP6+a36o zrrqXcobhhNcq_SGyqbY(Mw=yzw9Ppx3Zw8{I5PJXtgGN@N8_O-^g&pDx%V2aXw!pi zoY{eT(so0Y#kGf~^Q3N|h}YBnD!i4iI{fLFxUNw_Y8;lQ$%Q0~>oJe+eM2Tn=bo7> zt9J6x>iuZbM2(++vL$16VYS+CLJHNU;?i6oW-G{&0y}Lw~ z(XDMn96V8gKiV~0cTOUYcF_fdr(ms#_IpPf+?hBit7=oK%psi1xx4#ZLV4MtUBml8 zCP!lRO(N~FYL4ePWPlFt%%#A?;h4ghRxAY=8!Z*x@B3x*y)V4vC`N;lEiu{)ItugyxzFd zxZ5zS_3erD_<5{TRZNndcWjhehW?4ypAKD=;GjP< z<2`ui@KrzSC3{yrZZr^d^naQ@fq_sCR_%Wh&6zdlJjeL^o^Vg)u-yt7pM^nmqHs|` zO(7w0U_?b!W^q)%Y?|{q(=7IGkf2$;F+kX=xICtB)3JYuGJg%uWNghWoZksN(5x_m1SEj(gzE+ngL zzVDdNISYcKhD}{$Eosk(CG)PS>3tQp)sH>uZCMS&5)~x5(YpWAI=9*8iM15xI=eZ1 z*b$2RCKjGs3mnJ2Tww{AFBczU9p&|T=KF94761210Bsara(Ipuk@hE!QSyrPtL*8p zB4%8%z^$eU7gK-BO!Q!~qE=HW0S_11=OHDUIgQ$TV#BY>1fn!3FEL1!-)N(h!CEx@ zC5G`Rp(LPqZIQ4O3nJj6hDRcH_^4^;uugd`fqQ-#)Og(eV_h@E#THvDn!UwmgKdXy z9Z%1VoAgs)xM(SA`Z@uEk&J!)-IoB56KG6um=cIbY}1U!Y@AGY3b# zdw+EGFb7l`8NSMNi@nU4`ICLj_Tdf{vPky>zs5nLbm%hShpk_l?cz(j<=*Yw?s|To z)`2PgcCnk5@s;3mgQY#^J%(}Tu5!0CleLs<)dR8q(ys0L@o*M=_d$A<7Pa&@Ti8^8 za1P%YB>D~|s?%pL^50i!g#lH9N>kX(IP2%|gybB38yN;6%Z3;AA-_s$!kKlY;jY=UnoP1zx8ZSMqFe7T2t?V_5F2P* zl4@qF-(0_hLM?(Hw=_~dimWzY{EWC$VxEP;t(F@+Zveb%h0F*kbUIv^bQCWLZAL}X z?XJlDyOT6JT3OPK719l9Vhwrfrlgvtkmpgq+j1BfA3Cl{YDzrT0_&OrU>iZXtg!Jy zsSNTx-@K$nfj-64tV%T*bPA{OjJ^ELs z7DrJo*9Y5mq^#T;^XNKadN@=`Fvz^k+>jE|o|ORmoXCOUG%)yncPD%Esv69CpWr*9 zq(>VUwB)&&B5H&u=N+DCpAb9#dc%K1c%$Qh&5E9S`R4Wn`Ud;I0`It79Dy|YCzV_O z{|Y<@2P3P$mPY?2@Df#}ZLw7CA=m`>5D$Do;e^5y#rh$PG=uT^K^_D@)na^tsWe%Z z^El-FT#P$0)azQBGKm)?vm~pQ#R{nBJ4%N;0rBNs2M2=oszv74?HBaQ z-3Qq<+c12wbJkXB!V{g|pY88XKA(&=U7u5{Y8Tr*Iohdh%=_DIC=sw;coBn5{L5Rj zu+xm^l+CM(4iKi7>CI-Y#T#^I#f^u|h81;Z4;@G0yJyV}B)dI1FI?L@DVFUj{mU7_J=rMl9ONgDp3CNAP9??? z%nlXPj#dSAO9|5@&D0$#%p2)!yLG7ZrRU8}Kb(3i3lHgKrwv>aMr|kQl|>_koWt1y zm&IB;%5AH(us0GY_j|Pp{hht`>l4|m^h%CN?M+h_Gkq1W;U=jVHo;_Io8^0H{ZLjY zn)Pzb?n9=|nIblklz6L(y3w_G2-xki1gP~p&#+A4&VvMR1l7vm-K#NWHhkc+K0|o> zPs0;SHY;jGoU04gdI_XGFQLqtagMIi$~bPX;En7q@L2NB3hI6Dg?8R@4 zgTnK3WjQSO47NGjhxGk(eG#XTI6<%Zs**lcd^(}Y^i?`-1(fjnaxo?!Cc`rlH;(Gq za!l9~V6at=!%sv9NPglGCx>#YZ)PByZ9B_VN3ZJ@Mz=?&;nj!w=`CcX7`aSKj`ia6 zs*GmtrLZaeeIz)0=N7XkYt5)R_O``Z=ir=fQM}j?nBS$<{rn(BBno+EOy+siT@}&V z4XAuuNMEFc3m)EN!sZ&xPV2RvbEQPm<;BNEoPkyDBTK4QZe&1SO01e&2mt=L75lyo z$*M-Gby2XsOW+im>tD*`D42$df!?(G!79(|(elWJ-LdR|=|-&tgamVs!c#=T_rBp< zK|gRpM}L0=do5p#C+F1Wv*3=SFzF+XXx}{`Yob!IK%oa2_TzL5>UBP0M#0}B>%r@6 zNaCgJWLdEOJ8);iYC=JQf}E=*QhZ58^|j_z07eCE3vAgd+8CjQ0FV&Q-V?fL$1qb& znmZ}t^O58o( z0#k4SnfV%$+yociUbs!FJwD^M)D)UJc;#Syg!5Oqp`gsr{SC-uuuio+%QU3&Ai~w) zdwmhdeZRD|St~L?sj;o$7fGAM)LVd&qAm0x0XUaTgOecz zUhobordi9frgzf#h0DZC{yK#Ta+~yLeQ{J=$e$T`?b`qlE$Th0w2Hnos~*q!Egb z%F`kJQ$E8!9W$;HqS;E*hIv`5z}R@;ieOKyWO%P#8RgN|TO@ z+aq|$)}+)xxmBiV5;o<`+s5j?g%+&}{xN7*rJtF5cxx>u>}?0t)d3%yd60=m=*Q3g zl-Pxb+?@yliDK?>Dmg?A4+`reD9vJ5t*ubRL!ZtZyt)rEA?9&@Vh?_zOtWg_VpMe% z0RWq{OgRMc7S-a?9k}LsSh6efxQ09h5|G67--o;Fp(95*`yz;V-mMa@Ay0+%;iV$# zi?_r<4o`w+h(cecy-A(=K1T8|mH9i)4c|FXeI2}vt@ShZ-qV#?enFNVDly23n1i>5BrD8&VclSTP z`|P~n|w6g4KfGm zJ@(0^!k4=tu4(DG5~EY^=HK=_^@mcOqm2Guw668!gLq(6n~a%U#Y1>-gkbU5wY!0D z{ivrtqHgwkJ@E-WQM`Mjc4lged%RFd8UkKipPZ-b+mh-G93++#W00`M81*l9U(X8m znbAD|+A!%78gRs;1HRskj?csqe4}{_4|lnmz_`);bFEL51@jUqNJ+d{!2x*)#wX+3Iy* z(nD^Yj^LV#hNHP}%$&NJL)nzbIG#hA{x=}L!imk(*t|NeALlne2=dDJYa!^%A4U-9 zMoI%sG>6ny_>`U&5u2ZoboUTE6O+9x(ui39kf9QLoN`}r6aW-`h(ymo16f>kq4n&Rf65I&V%*9ySj0ff z{{~Q3o>CC0MbFz=K^1q4jxCfTAx#Qn%h;)R##@yVa~GeYP;JfJ$6&~BDMi2~Y11NX z5__Hzr5)F5lhI0C@rN$Y32^nEv-prfw>vT_N#9Y>d~xL#=GJG=;c;j9DKljEt13ne{}F*kRka- zws*?+x=o#((vu{q)K+d*UwC5&Om}Y0ISX7jnJb0?iQ`)@xP4n4$*QN#)G)9^tc<8l9-zz2>1xm>L%T$>XOS#P{igy=QoC3->7&|>^ zwWpYpAsAB7A@3!W2qcW8>P4}04>no__+C0@&|x7?@i71+B{{5jsC(#lj z77G(5#zGzMU0|acGo#glUvwv`(#SCx%qSzZ-KLZEjs3w+Q<~aWW1kwk6quO09|NtT z&h%ee@5eOZ}t^0)zN_(YFiu)dt9D8D2Tmw<~PD+dpD5iiXsN zoUwHSh6YlF#{9-IbMj_PP%I7n3!Nf{*evf3^pojN*ti3iVt%yFk~=!|_U?jKuXUV^ z;i~4$>(bv$Y8V=tJNC2`26<4SzG<`k=P8Yc8sSYCK@MAl=RQF`h}#OzwSUmH<|p_n{f?6A%VD&>=*)^p_7;?YM;@CamOh{)0MvMk@ldwGJbT=dpC%OK@c_S2_}Jb>rzE?|-*@P?D= ziI5Nq$7145eIymcyadpwl~dR3+UsPcT+Cl2*d#;mv{3auQu>1BUKQ5h)nLcMKX6~J z;|`w@@R17}wC-NHGt~#Vr)Qf?>w<;Dd<7z$sKyq4rp%Ml{nJK^&Y7lk5sSix%YJT{ z^tB3n_>(Uiwn2U8YZbh(?%#pZv|e`inNQJaT;R}Ig4T~=p@r7wgH=K{c7lxc&K z2%Q=sPZrwn>=tB}E`}ycETabH#Z=^T)_CgMi@4#w3+aqcgl6%jPAEn`*r_9Ah!1PBo z#~tib%^l_vbKMtX9^bE!d3FWG4rwA0cXDmy@-HnNnvGD#fM8(^B54t1Cy1Q~W=siC zXI&aJ?<`f7j{}NHt@68!E;da>aBKLT^1bfF?AFQS2PV)bbf^hT2A8JIsV^iIt#Qia z#7=I_7WUeZ z#ys&0d(!mV7z|L{W5bp;IMAmt6c<*N zyZsgUtZ&eua`{uTA*`o$7*SZ_iD;7Z@1K>wY+%PWMUKU)A+#Q; zUCwb5ZP9^BrWYb&_W+FGbeHcZgnP4JWR5K5HvWT${>f~IJwkg(soNMg)ECF9LU(vW zjlg@iiklrlh=h*5=! zqo+y(5vWNR;ez|||6u_TtQSIOg|+FgLXcvVmkgRvVJWtbDYnqJSoi9-p1mR}bl=&Cf{aVFZ39$_J z5+SUe9xWKr)i#Ywng+B?v&II>RvKYlQq}win;TD-hHq?uLUp)sP14w?5ymOZC-)Vk zGP4_}c8=)BE@U&NOYOA}e}@kz1ze^mtx*dj?rng^`9-G}Ba*Wsq^JxDC4_ShUUC!H zGsptQPWK;BvVUC4u+JDVBSvj@gK4PxY;4O?BXFGU4AkR<1l zJ~^;muGqX6mVW_Wmn91F?ZQ7z%0I5T`E64%Ymgi!y*O=B-@xnSHtT(9S&( zH}lkn$u}qShs!sY==C*SZrCADY6&0vT84kvLhy!N7-t$d)R6<7^u!JK)R@lByKsLS z)DFjy3&5cxXCx>JibT->ja|*EIBWqJr?$B#o&^4PW#~ov-!1x>tN4PQhmvrtq*uRq;SfsZD^c2Bd+D<%CK!V z)NH=9X-LFYgM9AMtH(4dMf<#GgqKQVrj5fo zOn_K(Q8Hn-Wbfd+*e?Wcq-ceHprd2ZJIS8e3Qw9|ck6D6ZCcekG@ja8Ng|)1h>?38 zGqY^=fXb&kHE>v-Rk1X61*dlGCs98R+D_KELg~u8tkoBndUH$8_Kp9lW@oRBw`{|Q zqLs%GZT^UFos;;eg^o-~c404rVQVCf{lUoGmj1+784lJe4{eJI*6J5lLB{7k-|C*~ z1j{=7&rA?Ud6%D)V@qScdcs=l7GVqodAWDg&y|hPwSmNy8ft4`pa}&nOb4tc;B3UsL{RzONv|GEJ~%|H zYRFI(U2m1tMtR*d2&YQOw1gV+H=>YyCKr0zC2%IDURB_!wZR@slC2VFr>L<-!?d)cAM@`X+|zY#RX(ZwV)TV)-3@cOo<2fRYF zvdEnKLfzy=CqCo6Z}Yw3!S?>xZwJiyWmkk>@mS2)x~g})6O4$yvw%{HU-5eXcO_ zB{8IsypUw-E@t9En(ciE;p>1N_v~&YU^#emGi)%f*~y#@t&MNG-er%l~MkYjdu7-%u+yCf?#D4s=$9y`QF7}^y%d| zY}oY(BGz3f-i#{Vj+aR8l}p|gJCGeZ7ZDqb;t3!=d9}yq3CusHB>7VBQYv$-xLZq_ zFMHYJ^8_0l>MyP_&*%op=$;y&^n3YT<*sXJUGRvBTm!L(d?6@yoa#z#))mJHNq5_B zF0EMU#9>Zwon~z;<{{&L1u}AcqU}yb5vq|r zZ3p{{kyml!eo(|?tqo!}n=KV$PZD7h`Bm4(E70{Lw8K^ozq`CqmA?eONybK?#3jvD z@ffe|>|DY_dhX3vgUQ@fKMI}w5v$&1&RusJo*oY5+OJpZ+{z*P5e?ZU&ivMY1@#Ir z&?3JHg0Ed}Ytdu~S1u_{gRo6NOv0pbO?T_;$W##Ht;^G{d3pkmh4UE~&2TH@XzjAK znGaG2=kee}FNASQcEz~%aC6!5beAeq3vHh!oqtJ+L&WyZIN1L#mn7l~ulLK{8|nwq zO_Z7dkrxAc3%z$JF!NDZE+|j8M6AS7(5a>NNKku6*ZBF1{Fz9aL8)SPyZ4N>aoTE> zQ>n$9)iP&2e`qQL-LAXOj}3kJUZzninVgzdTu%pBHL^SZLcU}?XFG;GMIn3pn55`yxuCdoI^d-%l`|c%^{H9<|@pH!Ei|K)qO>0SfgV=Jo z-KG$l>`?hpG7&)zj5D12KC#zshDJXJvrTY59sdqqvWfX!{iw$-G!mZky6zov;?in+ zndA=rBF!ty_@}v<=ohZA&&272jV3MKUksTk!BA4beiwrB^-P(v$u<%ujMB%@WKz-Z z46#YJD@LW?x=AIX z(l0l5h{ZPgLXU49q z3QIO)otXEFj-4t2L;Ok*4<8gQz1CRpFNKsaf9`;@8tQKKjC9UVS};3t{0$zLIEddk zn6e{fW}U=lInFtma+;(nVHwqz{7>>$VXlDS1cIURizQ89eh>bGN;kr+x=wq6TNPx1 zKS*YySC64@caE}kR7}#8*Smp1-k#3e+KlQ*zX+)c`BRnC=7!9-7R@^`8OTn*?Z@ez znW2a~kviK_sdPF(%SON53u}P0UI3%{kFSs{6^6p?&B^}uD`Vz)I}R>9oaK&>yREY1Z)O-t!*;B)k71>5)(J}&@I{7v z`WNcRrCu7RC5Zt>&MgA9x}z**=+GP=vG$!d|Al%m42WSebQDM%clB56;8-}HJH9J= za;Iw^4z#|D)Eh+9@lmg9!FGuF7#YdCDdQjC9G%8hz0O9(v`{1y$j)i8w+#6?)B&B& zS#&Au<`CV{h?FP~r#=hUqVgT7@ZdmQ;i@s#N#L&|DeGwRX|soS2D3ggsi&rtj&`Z7 z{e!GuCP5*Gn<85d`7a_sdJ|fyf9uC&f*Pj1ZvG)qAkFlP#`vWt5t_1=cM{MGm1LvNMl2+_zU|0W4x!JC!z~ zfpgxd*>!Uej%mo`a^w@*nv#SxOa5zhrVsr1D>ej8I2BH`Cl- z=QjHTq9=?vdjqMb7(&MkzAFf0S-w}R3I*%gKEDkdhb8P^Bn&%ONl$CIKAio`$4s_9 zoR{T(wu?X{koZcC?2vy=TA=x#N*fh-O(1bx`<(`9yzPLNl;sCd2e#Ju9KTc6XIT-| z;j2F-P6RNb-dI5Fd7?})4BMnnvlYfQpK8+mbb|@x&6@-Kc}* znY7`!XBG!cv&%P>bYGt+EQ%pAPspCwt^w~dv02W2>6y@pK>N|NZPDO>VZb`v<~Ctzu!`Kz1K0QVtvoXCj9_L;@NyZX9x8kNmPm0C9W|+ zX31?0@f+kG-AXwe3nB#hnL;pGP(xI-FCF2`6tp=y#4O&$~{JGF! zTLICAKd|k{R~*E9ah!YV!-~Olu))bK4W5NcLr2J1acm;>5b$~+bzR>|?4!X7Oogm9@*MHfh%Zv$%21?&I7iw#z`aixi& z;;zwh0xjJ3AOj^D1~|FNa`c-~!Vd+-x)ME|(I-M#pFrOiAvEX?j8EfFEdgamywHVs zmujjo$@O1B7u6`cK@pN{MR6#5e0}r;`^sNBUY@U7-rlUdcQLSUF~yASpu9&7Wd!U^ z5Pc6(I<8JR43A^7#O3g9pFXHH@RkpM6!LO?SXVGU17&h@on9k))g^cU1(xx_4O_b} z3F1BouoK2Y3f!;~xC+*kUE{a62{d;(KAH+W{vJITiHF4OmzV2!()+ZU*=`syll2Yl z*U1&gmiOZV!`|{w67k#Hs@;_0HJQ52m}v7(9<5~979kpETrHe%=~I?TyWTV1(y34> zjN`d3x<3tXv{t|NaHG9EHLnFjyUm>Z(HIFHkau!>Do_W8w(q%7qqB<@YYPK1i;ZeU z(~4Wa4lBXFZ_~ej-`GHWd!=rOrr|ZSz8R!hsvL>#nnyD5TASEcn*VzLBBi_2r@O;X z_2La#svenhDIO&FBHJl>=#vH9wh?|Q?yS4-t_ye;hknDnly%)G3VP;;eq+Cwb=}Mh zcy@+InO`spk{v7)bAi~ zN|}j5+JQGnc#Uw&W@HEYYZwOuq}&E5^N6@z*Sn(X$~8${r(_yaU96%*)(FXQoAH#k zrm(rYj=Qd_cP+D5K?}3jEw`e>cS?!zKa@@(rX}jedlV$Y;Py`^G9<&0_Hcv4-F}%7 zFE5D7r9~8Il;7#K-#*{WdBZsf(mnbX8GPH%{3bnoQ=nPMajeK5UKZauKK}IBpY!4a z1x`e`RfsX-ewpyNta{BWJzF^gqV_%tJuHXQ_MfBV-#{erx!1;QM|tc;SlD_g8RMUV zlSN+yM;zaJjF)(ZIy-nH2Y$^8ZtysSRlFJ4zP4=G2^#*R0Z<7LL-VPie(Zz;*q!u8 z_*UH5vvF@1)az8fJbgSDt=t^elN(H&O~w`bsX^STov z%uP{+s@j@(=eZ_x^s}#8GE83QCmlY_j-bDkPL_<@zfc^Se10c{%&wd&BMb}jzn;i7 zlN+5F@^K29YGSzm&K(Y%DKk1j;fsOIn;)BD;rm7rC`rjv1lIm7us%Lx=8KCiV3L^U zsLIU~I2GwFo=DnjC>q>=Yh?y`GHpl`cu=_oH+iR&&@7g+dNIwo{Nga_^~o;h&63bi zmALNzN{gc^9TvI_gTR4!o0z-A0!16qTS{bZbpRAX0&LzEu@lrhrw7~;B)E&+QT1oL zu%PhdF%92Af$V$ZdteHrnQ~yNLZay;72l8PIl;rOWateYhg{pJ*-j@ib(QZMFAWHE z=mS4E^&4Y|O>6NEpJfY8l-^AUN>~U-e7{Vj^)GM&4w+`}M>rQ(`IfG4dy{X68k-uM zHL7-JTo_g{-YQUaT_}6EIP+A0ciHOavk-pt&OPw`Vz$MaWg6v6` zCD#yO?<@um0@zZkXm259bbd2X{4_kY+PZ%L`XW)X23yKRj++Cs0OH^qHr)yCIp(mS zwLj%`m@Q?eCdX<_^0e&9p*}mwoKiOIH#k|qQIZxt-i1todciWWAQ8+*WP2*ZUVFVc zD_#S}judXjZA`J`U=D~I2k{FInikszFD{a6=N9i2mLD(c`RZw*kJcJ?s3bwF0qsyz z5K{pLy=Ve)Q?wwm&d9+n#y1$;mT#sUjI9H=5Ic^(8&iVMP!dMvmv24k(tE^CrSNWx zPiL=wL?+50k4~>=TuQxaQN2v02@YqLlU6GJ5||r_F*iCRUrbvw&`P?Dfa0$c&R|PgFhc& z64?BHdQo}nUPLA{LGf>S#Q1D}NkqkzAT9F}A7g2bt%Am?*>MvT7+`-=5k zNqRuMb4dPR^;I$D5+}fr4~zXGA%-y&AVi45AEQ6bY88_}qREU8g)S)68x5;1s{IcD zZ$Oa0477ogh9xJ##6^&7L|QP6pd7~SrKBzzrU1ibi|w?6y_^J3bm;|LNP&wpmegggw zQbdT42=jxt*}@8OR4h500AtMgL6{^+8AQ$|!noz&ZH^FC0ak$|>3}$gpn$1>qzNPr z`It4x?AY)Bxyb)qj&LfUqy|4=%hRVEhs3Blq$#Os$kf$nOIAo3xRajG#QVQW@Br(86DNt<&WjMhRb^@%zfVE7Y zQVzh+~ixqyqfH%EVL!0^sLY zpp^0MgmN0?B$DRI|D@@(nC2-Cxflc_0=7qmK7|V{Y!MQys{$+2V4|5ZWQs%vxM5vo zP(lv5grAN#he@WeiY~I2%#eDf(m~3_{B%kM;sPfF93x3{X_QLDaV4)~a`B?$Dvq!m zaEt@T`ckcW?#(vp6v9)Tdkki;f_{ zZw#rBz~<$UPk=QRd4h5gQozZWKm;Oy#3>De2{9Dx%d!Ik7~v>>kvK?`(glgc!F=EY zb{;Sc-5?JY2rOx2ZIVxdwb{d4=Wg)n z0XcMn-F|^a=|F4*Y~*;b{2zXQ@hkDftc+q6AgZV@6`s5hel;E& z0Uk_7u{sb96l(%mjamF5ekrJ43y3y~sX*57_)_KJim(Xw*UTtf7Nq2iotwgg?@8l zm;AQJO8mCRBHvFw^S#Kodf^*_?EO!Rw%8C9BY%T`$AbN}Cl|ybl8ub@SsaTMT-0Mr z(EPD{&D>Ss`4hA7J;eT6uMn#Lj&lB5-xyT?8RglH)@VU*6A%G>34(pSWZ&N6HkTdY z#C4>#`MGX!w5NIob$KVT)f*<*Yphxy>GIbJ5x z>KON4Z*gKj>p(!w1=2D@vf5DL2F>H81*=`C3TwcpBb z-sp2)9ry8W<7V=YfDvw2msC~L=Yhcj(bUV0_}#`F7sDLGbP3tl9O?DphmKGs3@dap z_TD^GC#=Yy94hB*Fa5XEa3q!dob_mPe@vg_(RVR>wwz6{nNYv8dtJ|GvD>1-iiWk5 zz1wS-pZ4pgR$kJ7FC>0M-)&{y3v-(kTg59jI0r(Op-|1xDMqN%^W;x@dtElhHI3qf zH!DOvN{Y?dP%`%5i-*cfo#!8db_AWia%(uF4I?If(Qa;wRkR6L{k*Y7`o_DLhq-uZ z%WJJoBCXTuk4I?uf9h3FB_=ywCA)cFmEJhc&FpwwTa_6km{ciYIG5zBn-_GvF!YUU zuiae5mh}u-mF!Ho`_;tv)l%ngxR#8Kd#p?K*&<+GQ@TlEcYPLhTp;!#^iHY@*pX)n-#xs@jhtGfBMNhcK%b%{23`k|Wb5gB9tQn~c?*JOy4~c@!}dH^5S* z$y9FrVqkv)^M%+SyX%&acEtI?gfvHkHD*RHu2c35UDx{*?RFq)LR`ebBZ#3nn0xYN zZIIx&I&Q3Q^ZR2P&vy70XFLm3YR+0Y_c5Ms&b{LwXe0c%iSy8Er)8sjYx||tIt$4y zG664NuJ?JCTxsXjKl1&6RZ)3(v|x3!Z~Q~+mf(x4xLN$}*E3#PNMVl-{&>^6?2EK! z^^Au~M#1I#0TwkaSN>f|pA}cNW__dHbC9xpwh}JTYHRAvtNhv-*S)0ep;2%et1vx^ z!>|~Y-Ru=nrj$;cs604S;M9)o{*Y1a?VNYld^+W|L!txD-l`(Qe$^GJ3->WM_%8+K zFuW^^o?d%sApIiC(mf6LR+lyD7o_1YT)yY~?KAtg@I4hLYlcK8J`MPG)OPR#7#>|tF-v9aD1t2stHvwM%G$o1IJZ!t3yvm?*GJiDpdqMpV_b6zUNGI}mU z%M5dc?^2R$YZ=OY51YjKf)s!;*hj&g|aqHN8DO zSQ77dR?g|E;nlm3eB^$JW`5sp@R8Nxa7#FrI7n;YBlXz!{n%7DXYx;PRJYWrpjtIf zyZ!NiKJQ&)x7On#{`ndv>VDBq(6!toLQ3qMwx-vTxhqkVCG(sUH<}qm=?-1YhN)96 zr8nQ<`ef-I!G1JfTfweR3Se0LAyNc6i;r2Vh>)x!2SjA~O-ETK{d&lJ8 zC$DGkv{hXd7%j45^r~jJ|2b*;enZ;YSE=&*nxx-#aYSskDCcesP^;qX|M$euj-ps3>dGT#D*Y{U@gWq2d>MjU69rtdq!Yg9N=;_biYl*d;xO4e& zF>7(3YUrEzW;+ha?6W?gaXjN+!bsKhdcNBUvzE>#ve8EhMvuhg$bGx(Bvz&L&ZYd| zjpJ2?bZ>%=^50sC@y#FJ`#$$;3EX#Q!+tk`^oS|RR(5(oUi_(3?{>!49RyzvqrCV> z#4`{Re|E@EBIV9*{gu;PxI_Kb^&_PnjMr6$?YNEX$KKHcG5Q1DU&>t8FYn8C?pC#y zc(Fe2_J*HOe8+uL`}egC{OshvP4XvV1{06Y1g=wh`;!m9y3q<_6XFfd7zpWEL7$5y zqUTT#5OMUZ0(}7%k7CeAVA1;m7W5ieQ51u-5{pC6M9{xrMbPsP^d4AYl(X!==OtDE zwFmtamVfcw!{+^QcK$&5~kND#pMbB6)(rdp*k7uNhn+5{nz-|W5 zaWn>F@O+5cBX@;+C`NjOyC~K{F%l*)gLpc?}^Ex^fxqJ1XaUwm- zB~*{x;kr?Kq~7OH8>9zlM==ukX|yjuay^Ci4sU>zqxcn&0<@obhFR=s5sdU=$I!92 zfMjES_iRT|jP!L!P#&ajj7RlIZ+i&U7XgVydzpO9@B0G67meDd0ojAFVxT6@k1397gNS|+qVp|j=>&YC*7Sw(dkj-ce zM(8_)AGu!|qk2u$4#CKsbv-&3>C<&leqGOYLS@*x>2}B44!$Ts&yqQ55oBxlDw8L0?J$HqNGlRWYOf6;@D-dJm9YxR3^tz*y7B|jagJBp_6%+4ZwhHi7*t{_=*CI%rRuM?P^y-2BiKIF{Ukm#v|++_ z&mByf8MW`oMwfe^PF_nrC;M1N>Gf{4gLlnnT0Kdd-*)_UAlf3sbJ+ck^B%!}rsZ|q zBWH^r8AQ(BtLcnFS_?}2k}p>)hD)D=}E2bGAKQA z)k}@$vc38Bj5Rkmz`ySPjFxkKt@<&Cwg>mWbv`qxb9V{6`FxHsF>j*2!=*)bkPCf} zW#EH3#ZGk_NFLal}y1nMY$JDNSR z3J27gwR20an$(HtMWpFsH{nSo4qHh}P4&@qgb8+clOr8Z~Pj z3+Zp$9#z6tHj%F!ukcwXWqmv<{dM8(cL(Qa-9>pse0BZmG3P$6l^*j|G51JJPyG8( zcgMU&lIzfwVfm;1HJL`vGwq!fK|3}&^mb(m-~9Sa^t0pS2-N7M-L{32YX7PId<$b$ z$PP-0g^tn_>SZFyS`M4-sN5HLlYNIaR$bqfxAnYc(xA2DcpE*SeM@z9rH^*-O|I3h zXl9Vsu{+60$`_05x>Dq#Ts9A7WJGny1-2R8tJOT&pz$C;G%v#4qtB7$c+Zr`-5Z@Z zE9W-ve(8-w*nQK(_AWXNWtJb~?h^}J{cf-+j<0fetRM-=xqV7eooHySblJbdmGE5n z&Di5EbzQ?JR9D52t9|L2&c3v*zBC8lRx8fk?7s9L?7nmngY>Pvvduc)C-at@<}SaI zyWE@MYg3`)eW6Il+f>|pSiWIjrMOC_o>^IQ_U3B`*QvBArnsuQSYoK#g7EY}Ww@|LHxZG}R|mbLGA#0%i_ksg-6*h4T{xTfBjd zQ`l047X}V^dZmR4=gUNyji`am8Lz|b=}U3Nz8D>fWN+&mL7#oSyE^$=NPHYNMrVU$ zZv=nhs^XL~m5S5H61PQlH0P?ypL{XP(Gut*edTER3=ZGcRXGWuDPuA7ShR?LOl)RSMrggVeE1V_c^yw^1ZRW1)UWQ98uZlRql`2lIT!-!Mj0WdW z&bPsc(=3)*chHs(x-*At8nrS#-5VPkA|*)kOqc3}Ch6hHhSy@w4+t{BF$PEH21Lh< z@$qIGPi;FJ_v6KifsfA4`n3%VR$c#%ToZ+E#jMHl^OIxSbCm-hpBk(^ZXzi5II|#P zbS$^+Oxg4WJTAO;YRal6efi5_qfqL$C$gl7XnFEEdvf{F@uvs=(sJRtmn>cX>Yt4d z?kn7BwUYK_^nj33CLX9^Mui@Xyh+{Ir2Hj${!4ASOK-CERPB!pjWdk}!9&u0@seMX zSYISW&IKO5X0n^9;l8@^8`t`pR+WZ;z0b}SmTsGNefwlO8_&2nWI~4`B1f%vY~8(# zU?wHqhmqz!^7vjKHD=GhVm&7N(>vDV4Ds}cIBogk)K^f!XE$T0Tn#VA70=xeQ1-$K zN}5_jm6e?{VszZvo}}0IG)(i@!HD)s#nUqP)ol*EZwjkC-)_Ci#UgS;nsunElZ{JZ z^GmV6I=>z?99Wl-_QUjpBSD+=LGt3NlCy&yVLjS1wJ-c^iX^6GaqsZ>HDY-w-5ReY zUgz%eH#L5KMbN!%=@E>hm&FR0DyFnds$FiC^0H^DpSOLaTD41Y88)NLp7;9e{bgUf zIa&u#Iu;0*XT%M>6-;{h;}$WBn|?dndo)Zmz$`|W;&L)~&t`BND>mfFR- zuMaOf_j0Q|N8?3hc7P*AA#_dzZ@X-&?L+C<`+cLymoSpWcKm*Im zEunP z?PWh0-KCRz_HE~^nbCDM2^p7t|8sKN<;e^DbizlEsg#(ru%wi-*&rn*8C=mkuz7FFsiKtv>TPx~x4UGSsM_#=+O?DFr;;Kk&c%)E z{-v)&xc0Y|$M;t`f$x^$idMjdE8>b)5R(0UTHfW}*((WOuakLx$ox{^c?(Rell-ZB zT2CPQA;q9_#dm_XZC%lseQpLMI%R9U6raw}R0=J-;@nrhTY=@i6uQxh=W5A;c8P)0 zx8!xIS6Sd|58r#LW|F@oF~xX~Bt1y-ncm^~!v6sP0RR6003iS0goY0&WfNHoc94U} zm^z4#sSv|tV%o{r1t$X+Y+>v6X{uGZXg4-HkIHxspY9Smm%jy*P>XTCF;i146|A<# zN&pY-piU$HJ&kqJG;hVMF~UNni))&24`6x}QeedCI3`TzF`-L1WgHxO*1^!T4i3>A z9FYU4y6Q}sFMAF~LRlP|LHc^!_GlD1*n+obp#z8hj+M8PAAw%IUFxZ4;L1ohl`8n z!||3{HApk(1w`|dp!t~ww0|=X_UXJ(t$E`9%{;Jw1M+Glg6E`y6}W%5ueSRm9~G%MlRE z5uv;z6QUQ|LCC?VKMZ1IzX1);bFA)^J#v;2XfnN$T#7O)+d1);}+ zqJ%OB{LMQ`$`=+yv2ZL5CcGoX3GZlwwS{f)qj3)$%~U(u7fL6XAB9%?5$vQNh3I}H zd)be~?TH@+?!_jRV@NDJ#@)0ax!%GM&_W1kVc2k?AD~sN^Ea@9nkxM?5}RXT*aIP% z6JCXmTPQX2e|t8BS}nr*FLEa{TzG8IlJ@Zlz&+DdtY1&SE_(v&*AuwQohkpGEB$tOw=GEVda1G!6r$|bH`H0>>ca+ieMml)+P z(PM*Vl}otXlY+{V)F@q)E-kh36O)sm=#xSLCy6ueN%D+~q@YRNt@U;$PQv?KCjmcV z6#n#lQa09QJYw&4nm=Ek1U7h1_W7Kw{+Tf&Xm+w-^OK?CCxCJDAW&gsK`U<`qieluL;eu#^~y6#4L9WPx{sdm1`BVdayJM#jl0p*M>sY z8pW@TTyn4FFwP7r&r~Z_FDJ2NIA=mQXNE%0G{R9egS?~t7Tav-0!33?X9tyMyBR2c z)_XRDa&{>2Y;h(yTh54)44QWb1b&ixb~aXJtK1S+%dD#K87#)7R#_rQjn5AMg8Hx1 zjl2!Zb!5YG9oXg40vK%q(e?y}4`8kXc|9oWrb9!zlAaJgF;9OvY zQ2e=2@pD5g=gQkEs<;;g*9D63cV2-7&I{_#3n5GjA)FVoR|JEw1>B>eWDoB=(URvu zRWQ@;#ZsY2azb6K#zm?AT|v$Y>V@ zq!%fs3-#l$U|3uPhQ&o>SX^Wn78eP_;v&!;A&!f}-00%a02hZMF1BL3yOWuF_@ODK zP*v=FML%k4YO+hXvn~c<4wN}M@f2x2NgmeA&vq{1tFue7g)dbmnya6suyw;_urDtQ zd0r-L7F}j~baNRAT>)V|!q6Xa`yal_;yxHNgp)U!+4bU4^yqyyln0 z!G1~Ec^guyJU%|$$NHton7^cU2{pbNYJ7Dl@@lT})lnK>ZAzSw>KlOS*T5bKb>B#I z-)Lm)8DS$f!p4pqXCpNR9aGntCM)+52pU$`;h1=xFf^{CL*shG(6|Bfx+d%0ZyJv{R+F(uYesv8S4q^NWboALKU8={Te%gV$tm| zusrY!-C36P{cQowZ3^?E!tu_#r-AWrgT}utG{J59KuG}~dedd@+w1`%e@SqgS`w@- z*7ktHTtH!paeFBBb}04sP{Qpj2fy8vgWnF!;2k0cHoJpP;&+fPz5^dqx+Ab3O+W7B z>Bn7^`CWwhU6}b@^0|_`p%Ly5Ti?x$ph|j#UW47?Zpj_)4!as}*!+e<{|$lu8+Iz@ zH!}K75dEf*!6t@&Qv~`=68cRLJsU!sqqhQuP3Fzmb2jt66z~}0-cZGRp^Ep03f&uV z@OxXAB;zPy0L@_UyAEj!r!`eT4CoF^77h&y-*;v;`4L69bFCs5~i6DB(^d8B}LQLHT93|bAdG9vtJlmM_ zY$MLIjXTda(RsFo&J(^$=S^*|22`)Awu)+Dp{>*ilK)p>40|8l|ofabNJ{xuhkt4xUIHHhZ5Q0{9Yn%6`$uZc!_4Fhsr`}I)r>rnFRp^VofW~kQ< ziOK8G)ZFjiAYS$c@_Tp=ZhJ_yog^mPAzn;p#Jk;eBzQaQ4cK9C1|)Av2l3v7Al?iG zy=i=srfP)eif{4 zAe8l%zm@Wqd-g7n{8q^JE%Csn&so)WSoMnY^gQlE9)CQ+S^68F8A=;2Ym2rs1VyQl)ddns1@cTEL&o^q*5d z|D3@2oQ<;2(J1>4Eus7`hzETk`{n;ie)$jFNBoB8L@k2F>>n(7n z$IEPC@eKy7xO6#;?{WPzl=DxLO8yf<#B|0G@lP>C{8P&g8Gj2Ie;YRbR_xSoUXhI(n25*UP8$Vd#uJs4>7QNDBQCE5jeJ~10tlY+G);nCJ;aYfI&{d9yq4}; z;}b|}H}7pbT29}r?i+f)rl^ACs-}m>2EM4_(qZqZLKdx(;)ho;z|)XiKouu~1+A)p zRxKEIS4gL9*3+Xy=LlUwjJqp>*VW|pUByu+NoEEM=!9RL1tq?5>EjYdVpnP_4A=|F z&ToB2QSpZU-WB~IwyuV9s+H%eo+?#lD_MDF?rNf0H9}u)GIzDn+*G*9+|@+O>TIlU zS>sGKYM@l%YNBHe6jP%{@R5Z%h05Ggj%ip!G^|02)R;7^F=|Lfn>4H;8rEcE{qu#C zRnRx6>!k|Sv4-f_4FT$gr#qJbtHv6b<~^@k+(q%~fK~)ncSzYibmNH#TX%x3I}+YK zV#suNF2>HWC#*!=1X2zo3PIchlJ@XJ7slIz;O&7h^$<5oyqY0xMa!KT(z(p3&b^?) zMLKa&^aN5Gn2-SP1?hT)I)*1JJ@mZ@`d$d5=}t+nu3M{JNh=M~%ny2*q4j}ueNd2D zV0$;6`sn%)bbSzlJ`w0t-9Qi(QbweG%t-q}y1pP(Fr0k}&b|ms-w2$lZZI0#W~6=1 zNc$n4{rG_IM*y-0Q3JkTaCkvqJjVNs$f{a*_Uy3NDid z&z!(ngOZtrl$E7KvqH}T88k%{&;4e`A#;VG|I zA>Li;)MeE=-NS*WfPE12eXQ6>;`90wR5}6SM-{yWQcvuI^(H3T7s=e0M+`E1`0 zgLmw>G#Jr%Bz1fQqVbwHxo*cRN1sp#@zg@HS~<_DC3tF)%vw_rtTpC2RHz}(sU-oj zmghOOM4dXwxlXlKwpEHFb?S&ZbqIBxNu4@VOs|uz)}a_5@%tFoA%ZfB;M|*?G0dqu_0>ld#glf+4pN#cP#4?Ix5Il`qs2%$fSpg#yPI>?A#)%5cx z5&h+%N}-Trzz>Q9KA8ibYzYS!J*3}5l;7)&{O^TXK23_JaN$#;QtR*gm-#_R(-6rt zE7sp%GzM=Xv1x0XFl|i(a|RWm{y#G!bkX??if0j0AnetV}bpACs-Td^Kgu|u7=w~C0vyJFgO;Sd0 z2ZERivk}+;!yLqUjujgoa25vzdP*}#7!-5lK`}=j6my9Q<{~(ABL>A>)1a6O(-TmB zSm1}a5cEz<3tZ36LrCW#>GQ1E0GEin=JETllh(o(hRYHN1g@x+cJgacB$NK=W^0KaU`NYQe`cE{3(|8 zCK2oBBh9nKQH=N~auaAE=xF)0nyy+HwI#w|v2&U*!3*(Hr3*!CxgX0dbS(aq9@pYHq{VSWi{lWp<4nf~R7Fjp?A%n(ARiYA`FL^$Ehxh~ z%Ezm}+wz$ekn!>SwN7t%oPgS%;I{>X;{@t-iv=8uIgZ7uet9N;AWB*n8-bjN8lM<6 z21riibN@-qh9^brXEEZFqc*?zKsiMWhVnU=Q&@~V#SkM;5n|*iC`QtkJv2oclBZQ# zp<f*w%+eisgySr#;uJ;Ul>8{yRJ|NUJW_BoQY z^F!SZ6&vuXT}?{O+*Wvm+bJeA)hRS@LQ3kItxQI%xP{OvrGTwW6ts9A88a`eQ_wOo zFUrjaa)B0k+Rg{TEnTFRW)~SbR18hgv-BKn=^~*?)HgPgB4QCvPrG0l6TXZr*}MsD z8J;1RF^5#`x*pw3wt_V?$AS}DNO9FMcDX{zs6xwd5=I`LA#W&)tJMk_cNOFn6?T-_ zFKsI1EHD66pX!>nsN>8I0W(UQVyt1&GNtGQDJN@3@Y@lvb}QDqJ)O%qM~}2WF=_2m z7qoj2#3XDvpB(UQuVk8D2|2G+`Ge-{rWwIi7*KD75D=(t2QxeKylw-$4%yBWw; z0Z3dZ^#`W#Hxt6M(?3Bs&U+<}ha#)~1OfgD0<0SJbpU7b?FILSDhBx{l3jm7x1w4qRPKYAutQax!12Bozde0b0pS zK3QqjABRpB_24@onOT}I=yu6W1(|RSw8t7hG(=H&!x>m?4eIi>K`d!OcKs(QNzv>qKh7g{&!Qy8Dft{4 zMBV#CYKR-2!xw<(I2nJr;x3jjc$qv=%vccEIrK}2kl2m61jc`IzW>Q!z$z_L67Zh} z0q1i8=bHtns{YH6sUyflowY#{v?ok-oCwQ3^%zl7bD|KiI2muN>-+H1B`>P~4bLSD;g2!Q|QYW+7G zCm_!McQ)4FiGOtsZJAspldsdHgz3)(t$xn6`ZIg`n#dT-Pf)7?@W?D1JpYwub?g$BBZvl3U?QE7r$ro^r>HEbPi`Y#ak0#d(J##(pnd>` z4a%^VcXTjD?=Y&YYIc_)8K(O?IgdM|{1{U0h9nuCcoW{DkvGLR@%@5LqPuRQIrb(~ zj=f2IiQuZ;wmfR@7T;A#|v?jb?)9)#*1(p(+1L=*u6jen-$AJqlB;ouyaz(RhboIHcS(<^cUJDvi%$itk}9Sv%`EcX6WA5S z-h0Sq;AYrnv+^q+Is&>GN#5*$)@ET+HxuQFw0jYsd->Mmy~HA{0lVPDEAL_F%WWl_ z-3#Yc2c|%9?t@hKIc^WZ+(*FNhlJi2-97hN;^n@6m5Aql#NmE!p8E+R)_^~YyFdD| z;r-(9yB|0L!T12;{s71L0Kv!_aEuRh@VxK=1QI?ed_ezCd{X$3aGFp)K=TmmpohRQ zpCI~#CU_XqKJ2{vXxWPtfA%{6!$?g<+TVu~9B?D%{T<}}J1aI|US5U$T<+N7(o)*u zH&FZzNl*=v8Mi^I&25pgy>og7fsa6ek0>Mh${;b1kWPIBiG9TMEaVZ(^elvmm7aw> zLc;MQ*;qHm#Rk8`At6QryGNBVd)(#Ltf z<62>4Npa*!b}CSgB2Tg?@+65ORoEs^LE5L3GDj~wR&i$|{3)chBJAtJFb(J}kgvWy z+U1LQZXxF0f@EwldHoin*E6Al*KZ+Sza^^@7)KR-_6Iup7NXMc5sKe)_xU~1hc)2t z^ZRJ``F&_OTnf60pnMwff10CwnxJG2ILfCxm>Hi&FyYMjbTBh2q21FJW%hglSR3TSxp{Y=D(YgN}p ztqeQQiJMRt=H2ZUgjU}q-j?^C_Ttsyv%yUOROqu@s3NXX&{xnx_em_jvszdGv6E)U zA?A;)`~N7v#P~<@VyqN?{sbHRNq>l`R4E^4m-L}@cGuV9#k8!dr&V8F6ieWLp)hIr>XR;bY^i?6L7yVp53~ z1jDV_7=ELEtEha4=y{~k^E}!-Pt3y_@S*a&5EFNar95psZy8>?d!D?wj!p7>Hr6K? z8?~16jV|2S=>;*wy@*3x)QjEznPC_kUNnWc7jcM7NHO9?9wS~f9;AQK9N=U=MyK9o zPQ3qL1fi0YyKl77IQCK}ZHwdBOKgMaCFwQtm*n84ilgp5c^T5atXUKa75Wa>%fyji zM(Vz7?5&ses|1RlxXtjg;nl2dkZ79~8#u@PX2Wr<^~z2QON~dTE6oVrHUe)O0dHUS7kE@WHp`{pb1_jCU^rvc*BbI)-R|z1BR*p22uYFq~#kX z_1`e6Pi1?VI-jLOLgQ&F~vfggR`UPr9{=J=OwjC+3-K5!eqh?gRq}g_&*>vOwcbSN-!w)QRilukoT#agu)y-BA+YR#L_3sd7Z$>_gJ9Z$ zB=0a{QZ+RmCWdDReXY|C>pLOMPG}|Ral~8val%_2z4i4!P{RKN3cJ$@X8$&4|8~?% z+wY2xGT!5a?{x(7ePsXliT&S4%-%O_Xut1%&8}oGZOf(kO!K~B5)qF{f53HM7wJR% zA0qr868s+`MjsmRe;AGbLn-u&;6LKvKN61AhGXIrDCZNyMJ%5Xr9MFdR4eHsmQOmo zh^0fe#@y`_%Wx6PC-j<(00030{{R3W|KC8^r-;F)R&0dISM72+Wv|e$1*F_O9(*1O zW!|4g&OD5FFF!o_>w+$XS#V1RdyM}X??LBN0fws^K1Y zSOa2avQ^$9T0`ksK z8otS5ZZODON?8TFoXYF#TJ_k5M*9}^8|&$KjM*$6GrMgZQ+C-kx7GB_ZFONcVbJMv zKIj4zID$PldTqe_b%m1BBm+WNOt{e~)EYIX} z$p+hf3B-nn7vnuzT2Q(d?~QcoO?2vw0QQzcf-a8;3A(yx2kA|`5AUEp5m6ydu1$`k zYm?)B#i*c*O;I7;83y{Xhpb7Cf;e)FmH(kGo;DByIj`!ci z;Lu+R4*fAmQYB7h(so~bFxu|x@QOs?sfK1DZu#koj-G172lFvG*tE3LHHM8k10S|g z=M)MXb-G;KsEZHT1*>2u8A5YM&5QTs5V9+Wk4(geLfWD7u3Vg4;TuO+`07>$gAR?@ zmD82d;yFGH5)BJ;tJ#i0gk1~O0>c}IKnyeNTIdRS*MdQiwxe7k5Y&f>+ffo(AJxCL zE-BgIhz}#i7!HvP5A$W$7|asGi6w?3g@>CgG2CbgDqpn3aH8UH*%AU-kI)j(3d4yN zMnDuJ+~+R~SC+LAmEgwX_4xUhxg(g4*)7*!iVR2vDok5nBTswTNQ zxy?F`ZnM_yW$i{9wWIPS?M4#qMn<~uNSuxAj_~hJ@b8Xb?rw}Es-_Q!io#}`CNW=&`i8Q&kW-5>geu$vqo%ejw@*iDX)6PJhwaKZyR*iDYtBI}cj zjN|Ac<9MyXU23D7&vI#=I{{#-;VzL9FWzQaua$Oz@w{NbF?dKa&xR$p-(K9PK}o zF$l?VzQ=9la`jm)8`V_vBo+2;OWy**}y4+xp*O%r6`V`W4yuZKC zt@izh;WiafPVL-qn~G47nuu{W6ux5}XeMz3bYF0MrZJ_M z8J$whj7;GUW%P%t1^dyi!D*(Y?+7lGY~{wdkfsL?3xx4d-~Ycu!|46VdU5iZ#nhT* z+MgtM1jo@G!SUI~{mI#;{mI$#{^aaz>@a745~mK%7G+oz?oxuXh>gnGE%-@U{4j*& zu+FC}hf$9umC?D%VQ7S~9hrIJ_!JLJ#pf|-^NhoGUgWTy7jZRg{0L;WBZwCqfy{V> zv@LanzG6(R=DZ0JdD{^k&l2;6z&)Qw*ZK52UAlx`W$G!h0JU7Oi+h#}q@At>M$<1~ zre|UCNI}ITxr#?xQSV>jzS!dlIP5$BIeAaIIg4QIa8*Lm@|*! zF+w#M48~(IT`KEu&JY_MWi$=(w4;}n?>pSN_O`#9zQh6{cubCT(y%*mZIEB3IHnH!uexxvZC zKzXuz=sujHU>5GW<&P2mA6v10-rLo|z+kcE$Al}2ZRoXX_ZJ8lDI_gr>}XX}<-Y`l zWTztY`BV6iJVmv&>~<*(qi^iGzW~%UVv~-116)`4^}AK|u(vEvM%LoHJ21`D>W07HzSRjqy4p6GxD4i z1(;@|j?F|z_&BE-Tez8biE7>5!Qx!K!P+8Vdf<0JQpvQ!TcqO6E%=u-f--!ZWQ-%I zMI1p{!Bewb*{n2zve6?bN4gVzz9OEJM^G+e1m!rcoIHYLO2K`6RdOu<7IKPZD5pT5 zmh`{n2y=yHrX*q+P9mzLX?q!;wwD>_mSyH7Lgr&S%Dd~Fcp|YZG9B4MO;zMZSv@%*DCzPzQ2#m{T%3Uq#iJcC58R#vn}m+Yp@3KR;_ix2KEFm`aPD;qtb zEPV2`3y}`84f>?0!ox-->Pb;sP)QiIbK3TZmBezQ?sC*}xf3`on-&JgX4n+8g6X}& z*##9ulY7$R=$`br>7I05QIl>cOUK@IotA~O$W@SHRp0|sSU;T`@ARlO>}o{1S|z;B zeBYq06Mkk3dHrh1>sQNOzuM&WtAW=O6@J2u@{=$JK-Xc#&mbLe2GZsX<9_WKru|xd zYq@1Nv^nHp!}g4<|BW7fAC`W*IoVVyw36$vT=_ogGs3|NX5%x+`II%V$r|(9=y7sq zy4x@Sz9u3t>pRQE0lmib)^~g@BwMRL+osy{PXa1B3~DVByw)@V^abehaTzKYg}ZcQ9*qjfw~SgT_mst}bv!3tCuh$xWyJb(9S_2)!R|U& z&NO9g%SlBdHYeAGF#?xDFP4^?|G|y=A1KY}iaq&fi1cUd+6hH~tk#W1H%wcAL|M zZgMX7t8u6T)1-2NaZ;f|%{_PlnFTJ$#%ipUd3{$2wAcm2O)rE3E>wR~ zl`bSIU5JohXj17yqe@hwS)~h!N*Ah$ji_@Wo`o(VU@tzM zSS*5F%>C+O3wxp9P5&!k3URZDJ1uE3s3+qWQtk1@JdX80_$!B11 ztS8QO2^4aP;9QpwwJt&EFEOcgiBT;o(X7@bM6FBIco9^(1UuNJ1n{K@*QL=8cB#q1 zE)^Z@Qs2RdRWFA`m(yEfRW*iqIl^#xG{nm-d`s*uF_t^)a${#vMa-RbIq9s+v#~xa zGj>j|`%;amrZ$xAUQQ0&T#4{p*_qY!mC|bZN_jPXrD-*NC0I=xHXyII;07eaC2c}p zZQ6vqx)Ym_SM$8?YU9?^)#j~3nU8U;yUU#T_Mt8`Z$j=mmlj$sZ$fT}=oK9IH!vsK zAUV+n*@-rooM=Pzi)`0G+G|vee(r&{KPU-$*Towm*O0M&4YJNPrsbQe=(E(;clqku zNVQ}Z+pdxIy$0$_0^CMOxKXt~s;IjIYqb$)qWp^_x@A?7JRsWWTc`ywyB0IMmNUCn zAFOPvSh#bp4Lb+%yAJcaj`O=t>93e%^z%HtQG6Yx8&3T%6*OelzD~CGb>I{_#CbiE zb-j+UI)qmcAV##C`|#1lQgHi*Esw4@yytiWB)Y+JKgWUO-GJoX(9ty~iXQteYi|ro zH(2sDC%OV(a}wge5z^hLR$KGRigLxmbQz~MHxg7gBFQ%zgYJ!bzh9r3(zS{y!*(Ox z7IEd>g1Fpb#rA4VuWYbWjm>sr*7+Vpa7Z`h2RQCOw@4xD7P283tha7O2yR6PZna|l zT|WWeLuVoKR^I_|nIEEXX%Gi+G3WvD5y-EZ34iTK(8ogMQ`EnfPEqU6osh%OAs?jr zuieEyY8t$?1ugb#+N_)Ec_(T_K?aO(^DsfCw;`sAqDFOHs~XfnXM<~bDj>@hGz$N zWMd<}n2>Z_H0io%vaw_<|3^o-@4y)EL;~)#Vtw58TKG@W0{2H9QWfV#_+aoi=3w7cZEb2q|tw-p=UVRFZP zqtY+W5Zx^zy4!^4ZW+$+QUC zWLyMM$`BcsB9p-6h`g|bri0Oko{5@!y&uTn` zC?B$7V>)5g6tmw$lKmb+nKXv^FjMPc!O>k>`5WKJ;^0L$==FR zC5fYh?-g<@JxSZ^XT!ye#Vj8%63)J$FPFsi2TJq_UB+UI#{#we18VyRD>gK3S^6`6 zEp}ril`a;`dJ(M6$P&yyaF_c7>2${3=yHG1yOhOZN^eZ^(DMiAceq?!@WW3i#Pt^q z^agKzv53HuZzsgjw-a1f_;S`W zR4_=o`ImI*>Q^9(S6mhd=_>^3D+tUh5w7=&-t8$Ca~byw(cJr9G4IU$1=9V6Js0^4 z0reLo_%BirRE7P@b|t0UtduUT3_ffaCzABg!zF6ZIZT}(>2E$TAKGq+RDXp;e^q_&BD5`EF@%y* zBYl|6ze4*UKIm5V_?udXLP=qY*5OS79!s!x1mibUatH3*9lUdQNUN9~PG&|*{QR8H zrGFz`_%|fsZ^mt$znQjiRE6}){?2S{4+liD)RxyqNNTGky&*Dy47{d3Q zFd?SWA4H@a;zxYrAFxbB@kpdp7y{aVKZwC@78p&%nDWDwfIcV8b@x?evG$hKMwV4*)@oU zu&HYLq}$V(obzs(?sMidA5%l&PWnWcH9p~i<&)qLTf*9ZThN` zRFi(_pR!k^8!JI;$iJITfAm9PT2bTqbW4l0jQ60+bp3q%Q)#rR!oGUsfZT;S z?q@tl|C~rdx6Q{tk4ou2H>7l*`zak9AYb6V`GWV&7v3@x!TW;1`+_zx!}Iwud|!C@ zz5~E+{?i0n;lHs0V$K($qkbtk>X%&Bmn^;c()9iH_&>z3^_39nzru3A;&Q)|X5O#Z z%==Z;%==9#U8TX4sHS#G zRHM~Ku-FJJQ-k|e{f1I%OoKqzh=V{^2!kL|lZ{PS)U0xF=TfNFOu4K_f^Vgyv(8Fp z^2tiGo%EKwwa^GPxI?=U*xe9@ZbsPMOt8Dju)Aer^A@DDc2ZxWkW|9q;4LTfwr$x~ zGF{P0wLXCDXy?6zXhrGM4eQgL=+hm6>#n>@pXeylQa$&Ft6ODFw{2YC=HxgM2x(s`G0GV3i$$e|j4lY(rj1GbW=Cv1-y%!!~EsS6cArLxYU+F-ncoaUduRGBJ z{;DxO=c&v1AuwGkob}Sh@SLa6i~B+H{Sdii@cp?x_m>8<=N03KSByg~$0=KtSC%V< z0)C%HSM&tA1B?0NEPi~;kKR^V@-MFmx?7oGF@(oK@q6vNzeBuE4 zRc4odJhIJrVw>@Z(Rh<>#&=+w@q*8c2TDl2TFX4UHu|iuQ%}$O>OykX7w|z!)RMEl zxngTMbP^g3_O1;resdzk?M#lFvHNI>0`yg=UoQ4MIbkuLt$pD>>`f+;X zD}lNiytTMXY{e4}4ny%QtjoYR#dPs3ETajH3XCxw??W6+fF6wS9Bcx5umz7|0I>%n zUjRLGu>Js&_9~})#D^t`89dg`FkSJMI7HkKn<;E{%;dAgOkq1&7vd}4aG%x_Q`IAm z^~Mc|dea6(y}SWYpN)+_*1644?-XnQN@|lObw_yH$DtvoC07@b6VyYE>P;hyQh9nq zN2$l5ZjwydYSqJC9B4PERVug4w6Yz;ABdJF zO}kY}=}gY!2}aQmvav2baI8C=AUquLI@~yb4>t|q!{q^dcs7>w;U@jl-T9^dw(zvo zdHle~1>$RcIIu79%)?n`I*;|?Jkv9h9~$1_P0Wvchf+=e=ChzbUwmCh7n@g>i*W>4 z%;W81(p`&@N{h8hWm@FC@!hg(Yz&Lm#d;y3l5@LNA9CZHV2iPKbVuYwA>mby-SbgC=DQDH!1?lJlIBjrCc$c;TYC z3sUpv&0_v@3bFku2>2-$Kewz4{d3FMw5N!9N2B2_KY8b+k?p)RitCm}!>e|>LfU@O zTvEbODc1@XQqZzugFVD*iDH-Buq%BrK$A*2KI7LLsZKaRyrAc-ENO;E4ek`%iuH4r zg$`DgmNaD80iJ{{n$o7G1Q=|FLFnP7;yaUa|FV}mb!!2XD(#UHJ9w$w!AnU8<8%yN zZk=fEd?9a}f!7gi*4f$I2KPb+HMYQ=gfx7Asna|Z$B&`NgTXiAW0 z@i*VW4qRT^fy?t9xR4J5o2NT)dBYA|o;EY@zyZjBaY5LDLuZjRMdS`#0q?*S3_EZI z;||<1;$zEDyJgWkIm;~LEy zcF|<*9lcbZI8Dd|<;3DNmROu7CKjiea_!SlYC*Q+;O+8>Rf_VkQlS-f@G8>5tC0Ox znPSc=W6Yr#HHoBl!c#Rnh~CRb>C|bjav*#d;B*zE3CWo{qFS-K6g6 zMs=w``ND3O3@CHDcfB^I39WKEv&!kRRZf?zaymZnvKpCSH8BDDOh96F^z^mbg3oaP zyw$#Q;WA}^@%hD1c=-Q`@%hCW;`56&LUdWfW5yaO6t1DqFL2Z&SKlYl)%S_Da@1QJ z5%t#c(4@$RG^Lf5trU$E5b0XMu4`St#wF-GH7p>V&F>eI*WuObCeay4b zwL`*UXC1OLxy(F)E;CQ8GwyS(>tMriUF0blemi*LKkzvPoGz2gzZ2;4@5IlHo8dn* zZHE6$zD+9evuy14vB%dRbL6}ue=s(AWWl>eN^gk!o#sB;YOou%GD+74No@n?bah@e zF`ckZE>b@*n@m~NE^Et_6m^5$q?S)Ub*fpdeR6gw*_h7jFA^(ZmVTO+$*a!LC%wgk z+vk#C3~$m-oJZfKR@K<9=OH7V7afSsi^!upWGn~y^Nc~BDq;xo=aK$AFB|LT*{R$i zq2D#opy%-f@OGW^xIn&d42ARyOex0&U}IMrU>EWMcA+u2UnB2>D^pP1wgAt*dsC6SF zqANA;GT%%CcTf{Nzkp=F@GdB!fPO&${Q?R7MFb#KCw{KT5hWwK3X)xAxhI7+iFbDX zDjX!PV)@He!n#hCC8$#gbvYm1#)zj#8$mKc-avD1s;)*Nu2p)Lcz%B^2(q}?4_t)U4Hdfe$|+SrKJ_%=8!`dwy*)lRdwB?3IT7avjltNrvWj`pSBUEoTdnD33C5XLZ;svALK$(txVE zA1rregFYcEX_|7gsunH?wxTb^bfflBiu6Bv^Q*P_%R%oI#i$ylGI{4xOqp!r1z)ot zh~O_>$XT^l|JQ^QNYPfAVGLp3U##m2*!((cnlg1DJ>evzmrF{2c)-75N9Zrt8*r#BT&FUP~`W-9(U4>>($>)Jk${$aLUSIB{ zFhs&@mwv168{YxHjA4q~CgIon%*%OT;iJnf3UqMOj>w&E% z>k92{Wo_e?Ft@@ot~pg&UhNwbxlDrXrari@<+(2n>bmCP9Zl)4xyZEs(kiTR4CL_& zNj7uHGva_{QGq<$%w29|_Eiy>smxEt$5eVv?qu6{UY=m%iP{GZu~l`MndFYy2ab8k z%AJFa37vF*%WvL$o2=3~_}$U(p1Dij_o63sq~o{XhLDkh0N&NZNw{u%?l3s+MN#SCx9*S?nU>GQU7B+gw9UNG z;%Qj8-_H?{A)UYCL&cP}D7tW=rrWquq>f|vwVi~~%#F@Xo)GTcbuX{z6M3TmiBVeS zUUu@juv|sC-u*B1{xSEjynZOaxSqi7GeJ6zHR#`2k*~JCIb@hQYOIFH^?5Bq5zRq-aDdF8fg_>Ot<^Zi>QGo7J3bI#j1qr{2B17%Yaj6z4e`aJcD z-oxCCM)P9&pTlRiI&)mbC~r*9J&<{|vX6I2zLY|>g4@r_REodHWmp>Lw^heda4q|7Gt+f1t6!iMl}uBIwxAj}T69jOf+8ki9M&YV}*U4n@Nt||r8UOS7v`=G) zn|Q@F6N2e)#godWmI0Q8H{B}E-wC#Rc;d8ScwxQxee_hC?3zWLS!v&G*P2#BVb@HS zm4pPboe47hh?Z*g-KDy*cWt4P?W)r_zM4TMGT%&N`cyYA%)Hi(9NEdA>@lA(WG-o; zoRlQ^zE5~pg?3ldQaS788`QO$8rz}+znnjTnTr3k2WLbhk<7+PweubdZIY@jl0VFn zd^PYqTb2#}PqvI}ZN?1zzLggYz~q6V4#~(fQK;EhyxEuhY^BMJrfpZMYgejgS8C~L z<7LdS#y(~yix=%W-FkUCD}LHwTKZ_d<2l)Zq-m%%*s=jzo?wgj(n)IMui$jPshj&0 zXSlsjQ6BU!o510e&}_%@gvI)V#p8tKUa6J*k1mcN$NLz|cowU87Wa4-lhS#;rgpnW zwptaXeX(b#?u+GL9@b6zEN=ZSF;>?wiXk|Z;a4v$yR`1dFh7Qj({LrfuA{qW=sCJ; z_v^85M`+{aw!cGHbo&zz^U9n5R@0~tn3vQUIfVxGyiA-45|A2@wIEOp4Eb(LcTcS4 zx^dIrY?}3SLF0-?G8N}7E!4i8goK~6oqL(T{zE+>F7V?w8xxthRf2D$moIsR1%6K> zVXEm#V#_!%%-}BOdqAT3DtmLin>EVy;uQlS?mQlQ<&1UzaE}Y@1|7}*pDS|)va{{z zBKNQ*JX(X&(*iF?EJE>Y9%eH7 z9(SWbR|)E`r(A~mr@r}=J4#s9=FMb0Mkf1xnLGc`WSi;YVR@umr2LC#4%}WBB^CPl z-}L65JC_sUG%)DL;1y$rICvzQ8GIG^?C&6B>F1sE?nv)y*s&5hQC$33I*Xx4XWs++ zR1+?9%%JU_2*xbZ0yD@#Rorb5&pTAmN3&*do+O&?l$xw;ZF-uQFl!CcKYlY-xLp{z|TE+P)T-djSQTAxq=|#fy*9 zd;@FEWu*$A@s*V$PPUr`M*i0A!gjTlKE%mXWI{O}OccikeR9@aH?3 zxt-R47djd5Et}Xe^KV1J{vzkp-Rew-CP$+wOvm#q9D@oQLzW#TCPsK+1-n5!_WV?A zrixDANw6_7K)m}QBzV2-+7n)dyu{BPJNp|8b8M06P@W?EVU*yaN| zMQ0=jS_2$xWClbdUDoJtHhqbXsCd1!M1>qDKWEhwj;WwMZnGGc)@ckXS$laYzlK8B zo8|or>t-#f^`^GsUG&^+O-bdxRb5?i-{jHm%*<%iPv)0!3HvIIIQC@VYd;4behN+e zQvo_k@dq^o5IlNZO-k z;~j|`t!f$N34iuabQ+FJAH|2)`^k=O^w!uH_KDc|X)r$cs{B{b*f-EGj&l?i`3|M~ z68_y)p*h@D8NOXj)~e*wcsr?pDXsShS?4b#Nb){R@43jOF4%JN1f+CHDNKoQHhM1|PBA z6RHnJ>}@{D*8iMSuQ_;}yJ^Ii*vX*z-okLm!f7a7LjSa4{OD7a0dZ2kLb3h1XCp$- zv?%!`LWpAl{zt|k=IRCyZ|=|$HpQ*lnZ|F$L_~;@Q7EM*IoQOvj2I=uV_8>kJrvD$ z%H){-TJ$VyVW)*sN_bV#sUHbd;@S~eU>ErtDZOT%TU{oS(w;S4iqHmhtEBvPGt!pV z910J-F4P%9(ic+3#X`T@PHb;;6!CTgQWnu2<8Ay41*n6iNWM$AjoyknxAuJXT?{eR zH46C-Cff;-JF2|JoY8?*G{i2Ag%aG?RC?R-4lOzBoHlb|j)7-6wl>s~GWbFPyl-6N$;)%|+BBD-+CvHWKMtl`&~AEX%WWB=_Em8 zLrnp{bHuXgJjT8}%-04f|DhL7gu^{kQB|#H%n5@laU0<}77^&~m75>4gv2%9p3Bi4 zO%^wk2q`Zk_~ENmBW_C@v+2+t6I88p`PtJdcpXq z>GOL}Y{K5Scqi19`M#l4SL*X_-V`M8B9a$Y_+9^_?Oo5x2SNL`9d{ze+(~-f zE|ppzt5qDeemrr)vy=w;<=5xb8{c_Om*y(`F%?Nn$0_zC2B7w~g58Rkq9?aa(nbP4 z&!jwEG@DSkv7rzms;gM!()Z=bt@EQ~L`BOp=DmW>p-pR9$3e8Ei+n8s$=G(2_~h3~ z(bu}l+ybeR_sw=9llD${|4=&84%sCikT@itT9M-W-Us*k3>8*bH}6L1SHCoWt1Uu% z@0pqlG~lDT`qRV2PO9g&#;W^Di$aoxczmTgCu5rV=zYh}>uSz^G>z-YbZX-g%c7;{ zkAwBdonO5+Sg!k1yhWrZQcdH%q?gre^TT&(-t2h!*Q?!Yf6M;`&!>v%6A);iE_MV2 z=Q9ZYzs}t!ARx>EPs0zyF;hy+i-GY|!0Kr~1I$>0@82d_aE zcn7k<2T%y|KoKYgC7>KsfND?!YC%2t0$Ra0&<=Xg>tGN}foU)UX2CpI0E=J+tb%p0 z2Y!Qp;0O|eV|X53fEOVVB!(mqKvMW0yaXvAC8UCvAvL6hbdVl0!RwF}azIYV1-T(F zz?qEHe_Kp7|pWuXF8f{IWL-i7+m5L!Yz=m1gZ1g#(zxXQ-lJcL+B9(6-Xsgi_{@4$XBElX-B$|0b~N1 zL}rnBXdoJdK0-s$Nc0JcL!;4H z^aYxVrlGIVH)sZ$h325SXg->U7NDhQ8Crohq0ML~I)DzML+CI%f{vjR=oI<`T}3C+ zF7y;ff}_H5<79AGaGW>}oDfb7CxGL{$>UgYEI1|{15OHe2Pck`z|rC^a;v{~H$8-YC{q(ALi0${Xt?h()c>6zoGmPY)YG z59~t=D^E{5XKSpTfSm{SERg>LP)h>@6aWAK2mr|nBU9X+)T6X9005Xl000>P0044j zY$9l;?zBjQ%)0b z?VQun^ti3-lZK>qu=7`1pQdiop7y?(Suv}XbQ-P42jKrcSEeF(eFfA1moh~s+X|jAWs3c>_s2T{W0ZCD0 zMJ-M#aw;BE(<+Ke>A;9A#|z}KLS0iBk>laGEiMPcc14OyK~*Y}rqWU}yok6pRfSPG z7*{KU;jkGzqe$WGBCAfTrrJJ{2n3a=y2$(ts7k2x@iLjBurv`!$YF^MOCy3|wiVySdRR7y$; zR3Jx-;<1rHIHss2(v;yim`bUOvlDQaiA!oR38KWplDa4xA87Js=)go!QQ=oSBdH}; zT`_$>2BKlH+kH1hthS!Ax9-hvZB$ZHFBbhDa!_1Y>a!3KR+UT`C?7N!&;VN=nR4I$TU9 zdo%!iM`FpKGHs8(a}gww0W_XG-i*?d1#9A!O=od{BAg7Im-CC0poKp zDripQ3d&b=v`{K=BID2mJ4K0%O?2>LKcl(qM9Ygdrp!hr0xU%-&c)r}tAw+Fa%v)S zxdhs!^%azVL!iYr>}9qx*jqIt;?6$2Rd~rYME7|a%GrRu&cF0BoD(2UFC)0OIsqmM z=Uoy#>~#vhYuM`(e(3daKChD+@HzpR@wI1s0xa;t*^<8DGMngghy%5v+avPbqLa~v zZ5%$}b#Of4%rja_pLcTuUI*nA8MkQTMUPLcWeSJ!L?4|pU5Ue@&n6ByM0c&odx)bM z-O$4gh&J60lCJfM4&6?qXG}YnC^~JT+adC`z>m>pbt@aii#%BImpFm=x^5Rl2z-g- zwA*%}&uio6)+w@n$1V($8ZuBrrkvvGSyCS;jk|-C1Z`!@@D{cldsrU3SO?y~R^WAP zC9Y?y@LF~WUc)ZMb?h=+%U0u+>~dVguD~nU8oZociK|%wFJo8XrR-|FgmvO7wiZ|R z;|jJ8JJ>atXV>C#w*EiabswjAhDj=l~D-dQ!ww&T@o2VTW)#R824(N8%# zv6DutL_cRpt3|)yppi4mSa@3)rpAwcE4+v(5Q1cOJ9W1(~(xn|gp*tIljQFl(Vv z%L2@{fL(pA-R1?DwdKQF^O&_S$gDlzbPF)+(3!OZvo;#FEx@b;?AGPlwJ*SIYd)+a zk6Gt}%sTT;x8~iT+F=Of8U;?>0=q4Hvw3_&5gCtuNkQA@-%?z9nC);)A;IC+qEFCz zufqk*MRI2W2jt}L0(FChp;cYb92CN5w>j2#J2H=|J zq(b^l4{sl6hmpPO4X4WV`&mf8>-oAxeoznWn|I$s-MV6s3*}z;x(CReFNLRuX|z3i ze@ux3HZi1M`h3|7B7Yo&*YJE*iTdxu0j zh%fU!$GJ4*w^rCsDr{a0(aweLg{U{LtX-cTY}dSCyR)}Wh_wgYXG86s_Xy2c`|@IW z+gkYc79M(-a&|ads>HL{$BMX@Mm{XK1d(^#uvH0c7eks{L;K-9xB>1(yY&sz4d?7G z8g=VzAZj15+e_FLI7QYA@IJc>HNt8+2cdenS&BqvdmQAWoY5yDzz%@djWpT;*REX* zjr{Op+6kXKIe{2((31T`-^&dPx+OnnIbc}s;)ZqC<+iz%L1Se%a3;2UG&EFD&hFr7 zw6_iKVcKE9PNI0yxg9*-0||BE{cI23N27h5;OcP}@S>l1I=D|jO*Gm+r|bjeAw$`x zp~K*|7u+7$fcqJCR|6hk{Lp~?QK5*#5gHA&;Uf_4NKUvT5N;Pf$nM62G#V`7T%$HT zq(7o3fH%C8!|+Zf? zERBvvT}GbA+HeT+3>kSsjv*j1gahm#K2D?KQPF?}N;nRp3>(QEgEZV`nBi;~8U;oF zb)#uU;!gM-f)R$=kgkw4bR0^42udC?d_^@B*iD&UqQuK6c$srCs=J73Xc){6gV~7^ ziWB{}p_sw!9o2t_F=ylhI6W@-h*9v+$wCf!7?N1LN-VC&W8-*?Mq~Oeifbrrr^q`k z0nd#SIFelt1KYrVpEtIGq;Cbni5MinfFzUDPy|>Vp=czRP;euQ+9*7pZ4@|78IgC3 zPT=T-cSoTMtAI>tXcUZ&f;e6ZhqM0y_>bwV;Xdzw1hW&y%qIE~2YDQWJjO^KMq0<` zrZ)XdB|K4?8_rhvEQiIoT|}E94M+iMgUFeifZ{Z1C`lZ1A~`}_HV0EKKr)JkWZ)BY z(MT_-IxE@;p-^1|4OBKWP)H2K^7gR4zY~TZsZBU(zhB81*g6%kAo~AziP2lusXo4J_ zwQkV^2c!qiC{ks&v#eG_lTey=4NZZwj>lh$rfmYA(O(lx8JJH)J+_)Bu?V4`$~#&o zHS{!zo}$qdc@Ks3mzz(2xjDNvbdnJ8xW#TD(EXSI_&#M2IGrU>%Me;;vIM%BGB7`* z6EMDO&5+~XB-00Ep2;IKt)a6(W)#~0sV(><^A(0~#ZU9F@^l+MO+HV$@F}JNpJv!j zH~~O$$^#SlJl%??8KW7<^o)j{1y3>fwlPy82;^47IHG-)ZBmsRvK-+0_9t>e60hSlq@I^RUF6u{%{=#=M z?gvq(Jc*L-AQ%F%F974aEz( zLVB9~d7-8PH7ecp2?x%gmon>tcM(bW54>@@M@Z?t<%{azUROt}xn0n?V~ z4_cnZ6Q)dT$^X&FPXNX+W%L%ojF=eGdm)Q$*iz>R^|&V&n|dNgEqR@=*v99{+1^f) zxII&3U+6iK{Krh}Ia4M-XJPEHZwK!F?<<+hZ#|ggUirVfZ-4dQl5d@?alLq^xm7xI;6L!k zzxv*d3;*?6fBW{-8nJYC?{EJ7`ES0Sy!Cr8hhF*O*KRMm`uN|IN{!hm(U7Wp!U1dibp$f8{6TIB@#)>R+5beEFB}`@Zn4y1)6^+9BraA8$Gl zeQj)CpF5U5*LHr|b8)=rU%D^dp4fKxVJiB}`(Nt(PRFB{e^Bt_5AR?6)7P4QvUNsX z{3`W}y9a-J=iG-?-P_-Mxa9T3>>s`TZkkK1c(=d0rsk8UUpZA$_~wiEZk+8uSbh10 zJEc>ex(^FhT)SC$ucdawo2yrSyXM@F3M>EdovH6mefLXE<^Qwp#+4Tb$8UY--um;i z(sTCX8-hFDJ2(F5^c(%{zq|TQ^NUwdLGR|IWuUY%c+Edm( zvi6R(Ut*>_17p z@`0{&nsBavR^O$g1!0PrP?P#3$x$trKRU8*BK_*`M}}I8so|OvCw#q0u&2MQ;~9dt zPe=;+ckCEtZ{66k(X+8x*UBmVKfeTK4^x)^bBC#=NjadVf|JQWNKT|;aY+fJ6gecR z>L?SY=rCCK?>QXU^Zx(<0RR7_SM^gI(2vL6t!QyC?#?dmT3i>0#VHOgi!CmN;_h0! z*g~Obad&rz;zfGg&3x|Qu=)>&)c=*k!Nm&v$@+h55&A#!IQ};Qil^%*4=WodIOYFGM_e9YUvn#07h4BA zP8$!fBODx@EXd9Q4(|O@s3sg-+`Mo0oT)=BVXv@bxXDYx4Q}xj?<+EzMP(cH2+~d&!E^&cSO#+%PXy|^wV|=x-{E}!iFjxo> zh+-4L=V-wu-3QG^*o?-I1Ww(MxTi zTZsuSn`|)0WsXVW@JAEZ{Q4B-l6@@xj*5D9yobkA%}o((m&!ISbAqD&*@*a%-}wt$ zxTzz#8$8-qF;rb?pPmVKKJzXW1P-6M!6favbx|dA+u7L^Jy-CX|FiWyGR%Qm4wlEku4&S*d3%HkN*msoWVs z$A{%zI=$8$t@enfVXJjRuaTbFn66n|!se*#DF#RXfX#%e;lT8Q){xK$XE+OoW%bUt ztA9(u+Aonsa9p9OpIaNcb8RCDBa2V-O?dm17|{>VfIXZ@p4V<`;=SinSnY!!`UPT+ z-ZxrUj!hGeZeL}66e78gF|0I)Q(i-L9>RCLK?^axKd;pBme9}g2+Q4v9um-z@?L?l zHJ2wPC@ciBECeX51jOVm$qu<1X|WoUKAdqiKECokCBE1+d5666Qote4SmJ02pjKrT znSS_blC9$D&N;=WKgvA+j!Xzww1GzOJAN3%6px%cZP$trZBD#jK;x!O?Xh~chMosk z9+aC4;MPb+XH8SfD4;Q~+^WZ~m;Wu&l~p0yBaLl0D!vyYNM9pAqiR@OKLhQ0KDp^||Y zi&zYZ&B~lrAA)KOW5I!h+yXjo+7T4p6Y2ruqunOW@aXAOE)(Uu@wE5?q7{pixopGw~oBTSiaNJr<-CBD;{=aK%qK_zqEsHeLq3~lRfOlEYfjw*RNl?8GH^ceV}>k*T5bRAHdCN#Px zv@3Ts4g@``FC?^IhRSPo7_~iyfd=Gs|SE8Mb@B*MuC|DrG#`dQ4hk_ zqN!t~Y3hw~UXJG6+$yZxDp7GN{pz&l@wM&(Qf2%Ye_Ly2u*WRn5nusY661ArPeVbxuX2@ZsPl{G07A|CAFdPAdq+`i1yn>}%Z zO3`NwJuOQVNs<+lImM~D3>OX}!DAy>3%`At-L;XBR~56XQ8Y*vZO~FIO`AV5U*6I`sY-p=4NK2 zltFHychzS+%Hr5C)vY$g#zrACtsgcY9~gu=Xwlp43B2Tlic=^|!317g42Pi3L*C^4 zn6RoCCmGXL>`(6TK0MCl?8DcbK{E?3n5sFP#&)8n^*Q6k<3~nEN5d7K?MoTsnxS@X zIY(GE_p#P6yYw7~a1s;C;bFlND`dhkV%yr9O<*JBNR>Sq*x37QW+Mm8tu6LzPu@LJ z7Szz+7B?OCZJ8dLNo5ey%N%oL+^E)Ldh@CQZRyg(*qvWaRQtV|zJ}R3me?^dk7UUI z6IB_>5vVi~i2>Yv;L{)9_6R@NffpZ9O>HF5wjowa{mAf9ufC!ILn!xStW_1LQ<$}+ zW9d4Se0qiht=>dcwX>Xu+)}%`Pzk?ZlSjoL*DMPQSXHJWf(JRO3 z%CR-xtj5leqq`aZ#2&7N98GK5oG!>t;?I*QW!s$Ut{%HE22?{%UaUi&r+R7}5-{eJ zpXAiU;glRpgvjwiTqf%Rs}9jb0D(YWU;7T3Ix<}B4TQFLy!jxjoF`)b?=6Q0iEGbJ z1%(9H;7A*4jtctU5g6SxNr10zH$?){@$S<57i93>%nQGW%{81aE^&IV8uSOAS42O|LxHjh6cxo#r|7~eD*C!a3$F07N(-nAHjd^n@l+88D#!Xt8G9$Lkvd{X>^ zYcmcGn9MPMOp9+QlN1^+iEl(7tp1jDVjsJ%QCeuK0cR~LZ>~h^e6BjnY*DLsw$lEb zrPt0Oa{D8rVxtNrU}^Ru9RF;t@rJ3yh%4pBRM6^OmzF~{Sx4pnN~IKWrr3IVy2&Xfwivjq^v8jjbueeLGzXf%KA2PV zVKB#5$KvZH64)?NwM%iWSbhUvGhYc$(38-JBuz4LKUMC*O06UN0fZuX&Fe{K08Mn=G5 zo|zt7t7{SRhf(&1;0^JjRo-6LKa7hmu{Vsi}@<*mKx62U}H0YLk#b`=itZ`u}7Ce1Bz9OLh?{7A#~Us4zg4H2|SASrTz zl!}HFiiVB09LE`%V@z{k!FpRyq9aOo;e*nFxx3lzg$$at4~Fuj2sw>#X9QYlaA!aU zlfFUtGrC5e@!E`77hu0X(fhylooR3hX}Wc>2xv)mA>|3sJACM08rdLdLTLE}f>s{7 zR$htO6RYY=-)t~qsT(=q{YpofZLJ)cA5^;=xdfh0R9ch#3kx=lBu)uDrZS>!k5LmJ zvRI;S9U>Yj#5=bzhne$WZI;2AuPb@Ct=)!5y7ii*6;rlJdXrOH8sjZZhedikEmwM! zp0ibgl zOnu>0(#-tnRPm?&@{ljsMsVzeQ@rriSn%v``$*j%S~&KsJ#a<{>w$;1NE)jo(i291 z7f}2=^zm7lG0|0&r3SLtsfLH?4S;(0L%dU=dg#j^p>o7m?)Lg2!=wk5QH^p!p`HTh z2ad65J@>rP7dCwhBeH4Vv5@CzW9w)V)(Dapc3&W-?|TC?kZtpzf01mdfm?66Z2`I2 zpB&BPvl6E6)S5VSxb2^m?4Qu65d7kRX7s@etF!!%(gDLuU-6e6xBn^2Y*qyFyuvu9 z9@Kd{`6xLSiF-+BS9k9V5c-K*D>AAg12@=F2dv5K;1Ea-SrH|f;4jGKxis(Ke?`n* zCT3-JEm82qIVQR2?fLE$$|XuH;r_G+V&G9RL2<#p(?99R_ z%g*=2O@^aI0Y7VL;5#72r^I+C>~B+XON=!ys{fta;}&B^CAn08nje;I5LoiE7RV#M z*ZKFd(#S{Hpsp&EETCjh*^3w-7H#1}+;`5_H)!cI$D%IM`dj*vZCna#YmTV5Dr!p~ zGqlflF<#vPhob#hR$z$Bb^<`1W8ONEo117wqLauIqIPL1l zAa~%P?Z=UDyV4a3;d8q}EY`ywgx|Dzt5X-=x{fH}@SgSz$S1z~J6l@LmWmJ|mJR0x z1N6VG>xo@TiJ0Elc$HZKy0qH(CKz#9Nt>;K9O8h|t|u48%yrop5>P(}(ycMg@sGFR zy*1{>BE2!jnshDL2aLLwq;DvLVFK{i#)Ld}{L-VY%~rwe1YpASlcEBG{ec56^fH&3 zW0%m$_0mrpOkN|%*_Y_}#{FTpafP`Tg5u`8)Nof%(Gt_wK|;ablWlv?kg`^km{xJd zU{qJ`8EzdMgf2q7Ti(V@&tHVE5QDB0!wzxmcd3lFaUSVH49-%Y@Hs@wBIw*v0YIK* zzfE`#J^A`uA3l@qbpRm$=~~P|X;rCdgVm#~i%8Fiv8HRDV^PkMW7WZ7&If<0L$Pud zxybF^_Kx-*r!&9$*N#~JHp~Y|L0cBkQ;6q}i_oVq|01BlCTfP!_=JAwsC0?;EC4T% zuj3>TmRuvWYs8#^;r)Ww-NEs&CL?=6`>=+1)q#5D{;+0sk7ebb5OO3T7|Anqubp_o zn7evXYFk%YzJxT$Z`%SfWtF`%!)&<6pL#-TxCdBYy!|v9?it%cd0-PiZ@Q4Uc(U(x zgfE!)H!e!21FdBou{r#ZuPJTEUHT2{CXjf#HXv7svN!N=h_{3KHYZnzMVI)$UcSKJ zBSv~rA^xL5eg$mLgt{EN-S&#qRWPOPI~w)Oz3;ZIwX2Dm^XaLj0KVi0O;Ld!JQ0??J&~@zAzY8qLbrpwL zEia2I0Cy}?dKD$WtkDY4Lwck+1)9o)w_7r&ki6Ohl?2iJRfMFGjw`TcClFjyf6~#} zF8{_}`wlu5o+*Q+UaR2j8B}etfUFfb3)!}kz2SL7y#B$rZnmvr-;w?t#Db%?%Ko(} z5&u#Ayp)`G)8%-_t+*tsnu417y(G@UHzV^NgC$9L)6YP5Ux?w7WKvT@5M=Z<%&8Vk z_P(J3dn}O7JHA#cukTWv?7S*6M|*wk{4vy`ka<{EV_V!Wc^5qp`JT1^HsvttRxC;S zR!8<$XKU=sBve)N2OUY|Jn@bEnFIFA4Bp?e=J~S6>HyKJZDP`hN_Z8FF#pQ=2!xQV=Ykqp3dTcNLvdJCJ<_v*~>aJJEC+c2tG zeBbaraoms^geH}r*0C`bP8Sn(ifm1odjf%Z*S$$?uQM^?>}(Jzj(Vr*g-6lY|L>9K zz}2SwOZX{M5VTd#(I@ z)W^(g!oA-b@Cb?TT_LDW$|ZlWsQEYAJJG_FqrVL;@PpfWNKpFf!CHF1i6 z)0b@YA8*FLJqBU3`I!Vg{FumD`jH}0e+l$2onVwhyy)~$ICDX*AhLqLo{-}Sxj3x- zkw-w8HQWHgEa|ISn-?&?Vm`EkbT_SN z9=d;~+4sEf>Lneg#-7X5N~C9R*V9yYj$^nv2<^2m*(Q070Wm0i$LpT0{LIQrcX_`l z#JT6UK#MDU;oqs5f}Z_4xkS{J{t|6A8Z0OM`f(SIu4xv9E!e`W%WTf%I}_P`WvsF> ze}Gy6LDuzgftRxW@y5NNbf+0d=`smd{8_JLmwZrQ+`|L;?UjJvSb12LGHCoH^XQi0 zo%xUUhrb10Ol=SCem<`YvyJA26TxTmpT`)~1(Xi)k!Bi&nr11Ka$%OYr`Vn=H%xVB zYM_-YU$UoC6$@*s9!8>_&(v>@Jt*B|Fm$=+bAtm&`S)U7UVKOlXRLS`l zEJ7*$7neVjgR8=Wv#gh0|Dn$WE2uqD@tpYp9b7c?w3sA+)YM}Awi{79S)cQ`U^2X~ zZEo1G@q(oE6LPb%m&Y~3XPaNpeXal3Jy_lSy$l5Z^&dUcPRtW^Q^F|jyBGKqyiqj? z8Rbt^4=mO>{}|3+wa}k=NLWZKH;S|Z62Qjmd@eB9yY=5Pd7Em#TiIT#(jAXX=w7W_ z9zIW}VGXQFS^6M*&aicF1kU>9ftC(_zdQTYRkFH)S_IP&Yf6Z_lf*mo-@DM6@EG7c zV=rYwZ|slv@^x<|QpxJ9mzcJuTS+!sfH`6Zmfi$0UIoKySgtoB_q)Gi2T2vEbtf$I zYf>PF3OfV@NrAur?OI2zx1vVNjb02{5SK=$C~UYvtTFOP>-6|6eY}r2xwG$q}R%y4^BuC z%MZ`Za0maW7vMfh_qWfj@JbTgYXYmkpI#lzJC6?uUfLfG{<*=iv;JgL zP6>A-HBX8WpV6jV!LT_r`x&I+-A0-8AgdC%U0NC@HO!m?$Ijrq$lO<_q54ZQBtk3y z)ulcPaCWhe371zHB{}EGZYLQ&d|z>Qs?#zP9R0n@Jzt8WH2zx#<1{a6w)Wpo+ZP!% zP)idR@j}|RIngzjr;zPa69$JxBJA!0PEQV z<4vK#B*o14KRC&HVstXgEh-UR`G`dkptlYdeB`ZHigP1`Cp%t@$cw3Hk+bA80DUYD zZ1m{=XsS_`Xv8fPn7j_DZP;(8-{r}K7Ps^&8K3BTqnWTPLG+NU*%zcv5J#06C|OJQ zf3KhW|M4rVX7=y+Iu@$+&(083U`fV%5-FL{x)^~j)zL1A!Wd~hM^-}ai9|WIe>%Q<`Qt)yh zV6Q{;Ezi#GuxL)G6=Wn^iWQX!SR3Wy2)c1|STnLdl?9#3T2IQ}RbBm63}{`k(J%tj zp(OqyInfn#B>XfB)&EMf!mvdgyRE%D$FM!eVEx3Pg4UNV32qD-hq^KBt3`}{Z7Y(Z z=L9cV^FLX~*nq&m#nQD{KXR6g#;>DFHfkzxB^_TcXs|SRyL| z39}s0V;_sId5BwD^s-?yG#5?9s+sZ-0qk(=OvZpR#-n-c8@UAY#K@*Qt9yRU5G<_*X7fK_{wgiJBky6gDF48v1z&^E$vSTZZ#Gz``f{v0}1`-VL1D zxt~@;bSQOVq7au4b`&2P$?8RP!L`d6$6gsREsmZAPo8VKzeJUX@POCqe!J)o=alj; zoKdSLyDf>O8afNZryat-8C-V6aVyf9w;6Q9{A>@?-yN}#A|5SLAgm;z93%m|1LuJ) zTIX|xiKvEN#r>?sagx_eWbu$y1$Y|01;on*z)i=VI+1DY8AfwttTDL~ z2E7UYQBk zJCDmZi2e%z0RR6*iAzXSVHiNKEsR6HP{$l8419iw-p~R;L9oR41JfA7M~-vHnY`VR zUni#`L_$L%5Q$KcNJKQjjqZXFY9X{pSDGtZXb=eHsECT_#1Z z@-#1xZ8nyk+E*Ma!GE(e|Ca`)O13mjtMXcgriGc>C9@$1Lx#of5`&Ed?A+ll`BYOw zEp?2d=;8w-ykUs94DgyhUJ>9qFL+50ex8wwkVXp0++v*fByod&hMC|t8Dx_~7A8-y zcuWgU9^s$~H!eJsQbsuyR8l}8MHF+7`;<`60~%=LA(Kq=js-q4#b@T2=L_HX&R3TB z!B19MW1U}Yu*q+>`NLm!BwVht$36!fa?A;5qRADxCJ_=TQ4%dN5-V{MFE&Y#>yju* zk}4UJCh1y*?(sb}bmg}!L+QOf)u}7P*{1R?((3ekO_%O6+--idM>oCB&@lsgw`$jw z8E9?yS#EDfj-kwRP)h>@6aWAK2mr|nBU3g5D&iY2002}y0012T0044jY7v6)Re`XAeh;wD#<1kGZ;sB9XEhhrAsP!cB=FnljBLi_WBh6a5yFV zQy{*9^1`uTJTIO!hvbwT+mavjMUpbc5>~v4qOIXb!0%H6-h?kToFtiP(NH+%Q^qsl znB_6}Oq$Stks|v7dRmB_FDpu1F{PBWoWE58-&XBYQ=nu@hCIWFG-M8Htb7DbT7nT@ z3SzQ`liuWbG!l-D>flIe;00MX7OGH8zrAtA>yIbK3!}bKIb&^>wKz?w@dN}Djy2Th z%L#C9@+Z7Xg~sq|`XlL>KNXJ0GAL$<0O}!LN5w41;&LoikPVC=g@h#_N6@P5dcgju zw#5E;KrZzU`xKuas*udo(;D-o!dtWj&T~3BP&Q#0;KZL+k{~HaDDi|=qyktr?-pMK z%8M%A8??`$4+;|~(&+RVtrc40Qeo)6D8!#1 zj7I{Iq7<})u8+)ubSxkT!!ZbAQh+AKlT!`NFxPMkpkmOUab>(%s~EOnIEY`^28tX? zM|=veC6-JNVQ5K$g+L7p#4P*#!)8T}#<$4ks2m-V6*H^@w6>r#z1bQTQ3h=eYeIod zruDf6YwF(`D8-34sKjC8#Qbs+qRLM~*;C>d1>PdRFBXRt^+j|HMcx7{Di`7|_NBbq zHZbdx8=yjITGL|mWtf-O7!7LcY9jvXO)mI$)l9FsHig=HgV=sOF~&3=ji-|}bu|?= zIc2MDFc{zb1)0&34Ed5;H&)hM(-Jv~?wT)`H++S>{ww5lUmEb`(h#!6n#*4$dQRIFZyoi_qs>z@3*&T&W+r z#!leJ4)thWsZ|u%{e_HhJ@-WDW7wnWY0$C>>}j*WpJLCc=U_TTU@t6qheNvy7GX!e zaFJmzHNMUj>RDd02>ab1bAp|LM77wj;s+7bt6*Fvu%rY{iC__qHuE-aAq;yP$A~Q= zZ!43|^P;t!FJ(!oWG&U=C8A`l&?y_3E$3J=MI|KwHqFkG8&y);Yd_7BGL?wHn-092 zctI;`hnOcyo&={7o5g+(KZOetCqhZVh}cgd>bcl zNL{kdY~$>l6G-cn)OJ2UqF>)9EUiYGH^l!B>KY)5%wwtn(zBC{=U$c7CRdC6(Ek17>z7K%Li2 zX8=ByqDm#@;JpUCJ0#D3huOuqumrqU0CzrcXBI*&M3clp@upb>QsU%ian=gSBuX~K zodY_vvNH$FW~=08Fm?esCu=N;P_*e#oMzqyYv$6|403Y7y18)O=EAz&!jfB@yvt#& zTg=aA$=nH`v3?G$UoF-TYhMXrls5DAfK#7?Q;#_F0LRG^r!eR`!Ijyq4G!(AoGZ0M z-t(M%jl(9L*Jm{v9&9ioI{7;8JWJ+hQ*lH5wK<8oG@CjwSO%4=hd{7`4Jw%d=`H{T zch34%0W44^08ohoCn~9iuPF!$Y^;br_Z$_Gw38c!L7}6disL#8?D$cobsKDSU5d@; zInB|TN@jv}Srfm2Yvn{J&;qewdCn}IGmGWS{5i8!&McfWi+>4<{Yx;FoSB?6^L>f; zT+IN^j&s~R{#LF4YP>)z=PYc23BHl;Gbd2hEV&ie6}!7Jr|p|mG8HmQio(+1b%L@xX4W{9DiFG@c6~n3Vsnw76G(M=9&b4 zz{xMh&43{}VZKH(IjCzFKLp5&jSLAGw*e-0&Fw0g2i|W7mSpsQwGDS2|#)P^SGp9MrbtM%a=YSh7K~ z-lSu0)Qwf6Kp(49W zzrvuaLw%Vey#oTdd4l)Ty1*tYffIhI$RE1i7Mc(+DCFNmbT4+9xe$#S%YY7A$p(WNIE*33{b0n)JMyj#z6L>H-~hrl%l z(h+Ue3o|>+Mpd!`K-U0%#BkO3>BdprI5c=o(y_^;^^_mcQ{F2;zuW<-OxK+BQ^5q-JVL*P|e9$YzFxjd~Yw$f)b8B@syK-vI_ zj28-6EtPD9?$tiw1qDUO1E7siksT`8gtxm&yqak8(*H_>!Hmd+U9b(pzDp%O@Vg28 zZfoMd2G^sbp^4uvwu{;`xfVD;_n8#hIS{vyTLKPjD(Vv~jL>xTp4% z4O-jy`>hgxpS7Le%aXl?_CCDg8f;QKxz_uC8@fS;*15YOto_gB8*7iA`(#{fVN8w^Tj=!e~eVNyp-2`tE8&@hp%txIdh2JlZNtAIM>@fIm zX)BE<{Rt@59V|JiF`~eD3K%O{@@Nw^3-0f)%*AbZZuKa2JIuCBfr0G@B+PiGfHvw*Yd3o8*fA%I~ePP_RRIA}BN z*Lw1Tc6Y zuy3+#_8c5*$!|Uv*ymcZ``4Q{Cm(ukhWS^Q#}`)Y zowIbR*-^Oj_0*p}T38ua|KrPN_c0&77yMoS<%W|dj#m%9|3G8;ALFk)J^D|5FT6Cs ze;znEw(jLOXEkhkab}t7URbOy?{{9Ba@*PWP3`S>pA4+O5*(>Kv+xS}G3ovJ{cT6u z1`ckp30DRW{pYWHKEG1=%bpEu4_%6cp1bNemOg&y!Vjl?$W)owyvF)>^MCfkGnWrP zFy&Cexo+mAfmsLM__QKm-p;K%+|t$8cI-EI@%PVs$o7*HW!rc4KK^d%!@c=WU43|G z!J1DNzwyC;%{zAHq3?hC+5e9Hsb}Awhc7?)hsxhIKiShA_hUUHw5K-Hnm-RCLD&1# zHN9c%2V)Ny*WI|*#`PVhI_fp+8>I9jbkCsQ{V=?gzXQf5N^gU)mg-=PYbYQ6_fubZ zF7#0yl=o5{Jdb)PjptN1rB}dMPHB`cp*USIZl|;aV*%B{^VCIYJd5X3dM1n-O5=Xb zocBB(_>Ra%?U&8U&C}U}yzhJ(5ex1gRC-9H_NmR207;8WtN{6)nNeD1gV{vaX;oBPX z`s2|=I3g?FgcA45$>cB>VAudy_jj-HcCYXRm;yx}@+sa(JQQHe;aDUblM$W`k1{Q_ z!||wGtE6KwS*hI`S4L|!<%Z0ccPJf>1Zo3v(3g&+Y9rwxkVM96lZrosar@tk5svvI z=|DD?#=jG11Od#+cv|txqfGDrBcs~f|Ky%8D-pb4mJEfU=cm253p#N3<6}o&-MB5X z;i5Y6m#MR796M1{!}{N0BYD%04F7xeYhnMrZ_W5o^?$Gjj(7k5%~xLuElPfn_@Mhp z-^Dwo&91sn{NAFuOYYohT37JO{~TDlvwz*H>Ne@}&uZ3JfAhV^=AW8dRaJHT{Fal8 zublnqCucu6GWz_PGXodzI-C6IpFcZ$W&G`JE6k%md8^~8N1rPS{9(%v9{I&Df=`_d z{^RQp9{70fcMm)pQ1*rSf3vN8dexP|C)JVqxlwWkJ;g1*@B8J;FYY;0_300~UpZWRIQ*~w-T2J^0RRC1{{d7TtK!8j%2X@)qSwmA8#Ab^hLU4ei1`0pS6Bh{%0VV+bSS3S$VG# zj;kMb^9+JNaF+jfree9JkdXH>-tJN{Zx02%8yJBh2}M?Rm#yH>d10@N<7Nbq2G=S% zJHsx~kAQL6&D#|pf6#gf|1;C?I;D(Z=Pa+{xIxc3{SHG@$ylz-NHYov4qcJ1damy# z?hbpv|8vN4ZL4_QKeYaR>+;sNbl%PttEQFaV_F9lUi-F>H0QV`m);bcj(g^!LFTDT zxYlMS=)+8F6-`c_BNL3vIH}I4I3?pU_J^0h$KrAVi!n-l)y_LM=UD^j^K8e?*cOlM ziZx)l1;D4NYO`R>+m>0FGLi*?!-7zdkhnlb(g1oknAXmG&H}V1=6Wl~T(cXH>z&G= z96Ixv%YgG^W*148p0!k47fHaGD%20Y8 za}K0T2Yj>O(9Faem3&F^NVAN+mUo@a^M+@o-yD-;4ng?KlqS>Q{Tbgv0dP);uIA|} zvruqY$dH$yG7FQHS%{QbNR(NqQ)XeJG7G1t%woY|F+-k%$}CP+W-(G`F;Ql*PMO7t z$}FCqGD`)ArR5%3l8lZQQlS{YS$oYPejx{Jwz)7hm}k&10+YzN)42i ziBMKf56UXRVU?Mxt>#T3aFqtgsze~GrUzuT;INtj8IXaj)&N$+bz#?Rx zzX&lcFX!gVZ1xQVO%?lhgwXHAD^dYd(57yV?+TXRWq+`uW(bCy!dH+)sZ0M4*WQ;R zS>NJ|uCkRItbvPZZn_x)E9+L{&R|Lz|zl| zR;uNq6*GXsqV5{RZv{A_o z2FughorcR-m2wya-^61SvuF_wqzEhmiOFq9l5&wUDHq8}iIZ;;O1?!T`4+{=hm&V9gdyp> zI8rS3$P(d^C2~Y95rUQ|(u2`vd%HcBpYc|5256lhwi<43knK8hm8xq|2VNBqjNTg%KyEYd10(kfd7 zE>D3)TJ;ub9ZEIyZQ8tU!)??iX=Iahf=#YxmL(=>gKD*@O|m>T2~D$hGXDj~M<~_W zm8sS)QjPWxfypu%BwOYmX;8Mw)5Zc97KVaW`LGF8emi@En_@e>+P5 zc9Q;FMA`B3y9x!x{CNX4k>rgVpxIgHI=?g)VzY(QP)FRSgE3?kw8scHkbcy4$WhlJ zuyrWspblvcnjxl;j=zClqmlJE5$e+s=_3n~BD7=3uaEHz)lm=-*2oan2w`mf+Q=cW zWg8&QvTTo)Ha;yv5Nm|NXfUq@!Awp+QH-ut#`IckOmpsH!Gc3;Eefr*B(&D@Gs@81 z8D^9y8&%w8a-2vw8auT*NOI*{dn$j4t7;F4T)K4O!n@zJ ztIU>cY~K)^7I!jibz2I3}qo`}L`n=)*+!LXsHD%()lY$HC{ zX3|rYZOUcpHqA118(OAr(=1cB(K8t?TyrM#eQXNJJKu*Z+wX^A(i6_WF|o_B+2*6- zk+OT29HMs#h<6e5+!a67^(z*TdzVV?T|h4O^>*NE@Vpo~e7n-&+b47QcI5EwM5FDX zP5{=@xnoRIx_mow`F4%Vw^NsI*SkEUw20*Q477hnWq(Gj>+|^|pYIT`c0{oS`R$PT zN#mqgK}`6>=mAn=f023HvWajllZHH>$Fq>u58*|7i5+aWJ5p|K5i{Hl8NIJ~Jj3l! zZEUkJ0Oj`+Pyl9?0hpa^qROHG%#r}i#ucXk`RXRAoD!%M7dbd>9e#RX0S3Vv2{I*mO`t%h zp?=j|Hvsh+2&PFiau7^lz&%5%*H?&-hG4F-K@Gi5)y-Le)MvN@R)sjOC>&Rm9aj_p zi^Oq7{|V)g6$K6iP^18g0zeSN68sXfM+qPP24p)R%Of2e1rCY=M_x+Aqz21hm&ra1 z$CuIgG96!*#>-gl#=P!EyzVB;8b+zT$#v;M-<8<7qDuHqa%Cq;xLkBV=!WrIh{d^~ zIFd{rhVI4C2_azanc?AX%-r)s8}_iu!DNIA_OR$RY^E0Yd@_DC6~efWVjYInFb%6= zDXwLWcEP;cCFfm?;~s(I9!@J~Tqy7!D)1gjpkkUG3Hd0JbOiDqp}a>lNy?z^5m5J- z!Ao@UT;Px0L)q<#*@-D_kL1%m$fvA-6Dx*Q*URs;puC{2O_@tvWzi79Fn;Aj)fm6q zqG+slhVAG{prUoab*kbxa8E({6T50}a_A{MxEFeGFE#mIeVH8<&K#99cvL7bs@l7c z#xFL)kRFYt(|q2CD(Ak)g*dFnM4vG;HD6&4sPY(9c}$am`yt%@$_zXp)Prg*6wW*d1s$Y<4(gqGSg3GVcIIKB&tWoW9-d^ea~MvMbu!v4OI3N0E1A$lN2rO8Xqg=d$ zbrySULg+prdu&25m>?dT@GD~IG3cy`g!RmQSo`~s_V>ZVllw#}lSR)z(nZhxnEm~T z{r!;r{nFWt{7C2lG2#KS=k!hVfNUbz51EKj8cnN6>(c|mK!WdsV&H>Q4Z82*>*JQnwQjAe{;==zwP4UY)}Jr=wT!}|kJSGxe zl7B32KgQ(u3Hirl`NxE)V=DQ_rXc?q%*{~#@wojs`~R+z$xU11l=;t^Wy^SLbXIbF zhzTi~E$LiKX^2O9OS;gq5cQAoAD8hT7f_EYpYAd0EZeBCH7I?+cbprhkcg{x;r|zq z-U1RmW1*OD9v4y{m!&=~_&<&|Z0vV!Sp9^c#{*Z;HQp0(^m9$0Af|X?DD}0Q!*prM zv5Hi&%$At#6Uu{#pU}zXrx4Ch=`xOWdQvF+q^#_dg7uSR=6F&+xjqReSD^P(xL!Vm z>g7{#_IoN}a{Xtj@6RBTpDCBEPYV`LD~sgQwDLSnHjeP{@PsKJ9@fcQkoX|)g!0(% z#AN5zC(yCs3E~S*3D2zmmca!8N_o0{0-bK3(420cpr_khj^=dx=g4A`Lw^oE!+WlG zosvwb>2rvSPYNg}`S%w5Q#H8bK8ZP<^f`&G=}9R_Pa^eBs&~myD%vHZMz~8xc+oBy zwZdKU$%6DJw(K*JWowCLpMmyx2HWGAz#h`i##_srsYeRPv%>Jt$_3>J4LGaDN`IPigI}h!#EYV zkOb|^cv^lLRlJwswEQx7VIanPS`0W%z7U2MIt>kSIzlS(l5~fRRh8s)LM1s3%C#gi zt|UOJRkX>FOThdpg?GPUQDjNN&Vn_OFu(6T*%nl4`Fcr*L&a2qBuR@Ey zDsRhhD8Huoew)PfYtUn_LH@5{`J5+zM!bP>>vJ|*R+)tM>%zUS%kF($sQWqz?bj!H z73OtqDSiXn{|#jSH(*r15kBSS8qhPSHwE}N1&cRX)f8_*C<6UWXtp;c88Q)@jwtin z08SLCza`7zf1%6a-$6_Ljebx5F3iMscJnteCz8fudYlHnw z&^gwQL8!R9gKyq5yq{4cJ&SrzV*DOr{9d$7ju^kEXUzKn#_vmv-$#t!j~CGq=l2ok zd4jXw5wQM1V*LSP{Xx8Xk63@8XYF_7tfQp^9Y&~Ko6C_Zct$`xBSSnR@SIW4&}Wo0v@h%omVSnWB48sv zZzW~&52z~s0e%e&3*x_pO3DoW2)q1|t#sBCD|{rZ@KN0LBiA=S`D0w>K1N~rF)5QD)06W!z(0{VeF7Ew1bgZe!AGVAvE!GzD7gO|xBppD zmQYFjR8cla41Wr-eH!oJqoejur*PE%sj$+gawQ8n)@@=0y3#!>$NpKt;w)LdoK-In z1njc}_Sq@GMlu2HvjR3U>t~9hNzD2g#P=D&_Zh}lL-Bnk@O>8FMIy1RUmKl(B#tYQ zahrlWF0ez+$qqRun4BXHIX9U@&Jl&rO+jHO6DfR7uP_={BI6>3kt;t}O(n#apF`C? zC#roug;@JsKxEzh%Mv7pjkj{y8%*kx^RiFQ3nu4@PtH%~lk)`l`6&R0G6C@O064Pk z7pfHivF#TS;ui$s7gK=vg@DMq`}aRc4E46XAlvqWU~+-j_QGVgy+D9pm;!Jp69B)E zWZS=(;;JuV(!apDj`dZ)uKJ}g#Fw%mz7(LoB!>8Ml8xk-rtWpsukif(6`EhaB2Rh0 znt}uXGQ|oERdfj;}Z)^Zv z8_d+K=ws;0Ac5ZyTSOU`O&~7A8vdZ@0=VFTE;skZRCcP4eI9)<} zUy`KJe4x>MFmS%Upv+Iw=Ia#0*Auk)2AIzfuW!=+-&9;}5jS3nvOrTZnnB5sYLBXL zH0ugS^Ark4Gc6qC0>y}^Djd!FS*)4PV$J$ltXX;EMGUbf#CEuq)7)iAq76NlMYdN z`y#pXBKGI{svTsVb8sfXxA(J2Hpvs)_LGgXv2EMl*tTukwr$(a1{>SyK3dCq-TU6cmW#&yu?zkgiLS-|GG zrR27Efv0+eonDmH^4m#=N|e8E2~l7B@V`$||I*#RsH&B(mvS83Z$b6Ft^k>-kQy4n z&=2?*f^CpNT<4rH1J9Za?c zC84a>Lvb8wDo)z1H}UN@iS0J|zBIL)b}c7fIVF(lR8Z1JE@PhlD%bb45T{n2!;1@A zQfkn}p7g#UTXQ^=Jp0pqPkL4S;&nWkqVhs!6<>2ASbrKl0fjzcK2NY!MgoI)1+(+Q zT$Q7{;OH%VcC^xHpOPxGL8c>HiJ*Ayj?BE0aqXWGTkK&H$lBsZZ!M_50g-5`s6r%S zMXCNi%~$T6acW#yOC(aHK}K5=t&!bms1@B2oJ>;I$)y8L81}1l5Y1GZ3P#J%LkAaX za_|)Ss#4C?EH6}C@2RI1{lZdIAW;1zZUdFD#5*V0JBw6Tf(7<>KbonCdR2C^9R@%a0J=pH z=Sxc0r-j2llpeFLN$x8m# z<$rmo7(MK1JM~nJ=v7F6k)1AG{5L4jM3{jtr{#P{sN@GS8b3LdIh@KV4yJA6i;T3b zjtiUe6m@YplA7|E>R24fR^f&PFo3Jt;r^RRTv^p%JN59rx+ODNPU3A2C~)%`@&1n7 z$L%`27}YC9LrKg71_ zlV02dCQ+D=o9$S^7+5K+>jtOneTPJhrlNcgM3i}~rAoc#hwRId7r-Q7(+!m-BJs8T zPSW}r3qsIS@sk9&(~U)9x)bkb73K@*$hgN9<`dK;te4gyMUJWlAzR3)Sy{l2Y(%EF zVdZRs31Wf@|Mep%AFLviAZeb_EMjV2ci|JobyncnUi=L8K-$&mZC7>Z+^(nz>Jo3N zjZrD?4s;SC09_FkiJv`_94+F}?%R;ix00rs(?qJSa-|$C}SH#$+DPFS6O=#+TaLlb6kLMT=0FLuU$$V zcU7Zrp5Pn??wR?wtSRlsbJ>k!_ozh5F0hBMjKHNDK%CI?g3A($zFcw4Ro)kjjqE3g zHS<{r%;YNbUfF|Q*~`6YRe0ZjFH!hEArYIAKT^eq(tU)R$>j^fTBjXLD3?|7nhW+r zh{<|-s0tB~_Jz95G5mz9AsUxtQ0CMtSNVK%bZmEaTxbe-0xM-`uTc=CfNQ^F6Xk{B zbext+%ryz9<_DBXs}E4)SlePjR|&XKXdrRiS;zBRIyx>O7gBXoAJ8CXSri{Cu3@#e zI?FQlqFCj*cQ%Ib1UHJH{v=dO)474b>{@l>3RO?xq?cKcB%W^$v;TjBZxbpCWkjaYpQ3z%N$}ToTZ=Y*12s@f;6P2 zQv}F=8{(SIZmVw@c0xDo0-GG|kO)yle6d6m(ZGeips?Xd!fF*o=R>;-rE>~yw>hEy zf}-@%74%Q`7R`7y(0Uw4dY#EzN1q(t>f!nBa_ty zJs^%|ekErvl1}W6MByI5vyJ*P<_L!BW&D&6^hat=RO?>(sa`uVj_ziIX0hoOPJAR|6NqAez zL^=i&Isk*NAmGDGZ_iX%t6NhF!EU@p0C|S|eO*F^!YS69`*5Xmd*xTbGWA5I0{R3I zA*UYUQF5>ExSG(3Z%^m;6e&N5F~1lHDWAs<)q5R5KPP;O#4g9?+=%KA8KRK&4kq>3 z5Og-%?_|nQ(b*N$Be1l4-xBFcgBJ2-ldCyl+s(MT`$~uEULkUhgwT2sTRBIh*nP#n z0M?`GEaq-;glH9ZVF$IghbZ?Rds=&pXwM7m4%t0Jr8F9|4pEcOBBS`5x2pZ`Cqboo zFAfq(4wyHoJi;%7Tl%Q6fm09Cesbi%5OG9&mL=WDU=adQ5dz5hktKe%Y|Owt!Lo`D zOe1^;KwWeBPvP}eSPv~UvsTFH#+$D+^WWLS6cHtM`qFD%dxKq~sF&OVn;u5>lF+Yuaxz}^1gee>vN(gcwUZ_OMRs2wd;Y|#lj&UtYaT2^^7P~PkZ>QA1Hh~ zfWm9=*~kq}9OQ&e-aO|oq5HnZgZsPfr+zy=Tihyx@5QUC>jB0v+M z1<(cP0So~~01JR6z#iZY@B{b*!T=F~7(fCb2apTM1LOk=0A+xBKr^5P&<5xN3<8D# zBY;W36krCh2G|0e11?ST$JC!h<^59kjJ z1%?B|fRVr$U^I{vNCwyj>;VKpWavz7tc>aGovf{m?de=>>@Dc*jSckenf|-eHE=Ss zG@>&y{-f_?=}2d3X7GLI8-w6rZ}=Yy!vB{VZ)|S~@;|fcsR|WwgTcP%@h1of`giv~ z0ScBj|Bs&FaEHKXq^I|?vwwPgriN_Z*W0THGkAV3%#L>Rot-+#H<_3=lbo!Zn4#96 zm64;6o`9W`mXbV^tdW?Inlhb}t$`dv3cGlonG+9P2Zk zh)8Jo{z>@pekQbcR7^~`KaBK%pA7UIY)}j{M%O5adaxi7Q1s+%^e}?pXsD@v5a21O zLB6o}lQbZ6*n~`ZsXs&0d{g1fF-VXz#+pEdxqroT{aTEo{~&ZD&w1ZREX52k6c>(A{`_>u{?+%fuIBQed{q&%RY4&^VxiA3wVyC8g+Ny;RxKMNCo@Mg zHZ4H|RaY)CCsRW!voEv1Hx+adZyyEeYVRt$zgImmJy8ujyb2Yfd9pKevQsJcCNgae zcKH?SrLF8$xX8_|O!)QSMR@I1Z)ljFil^*16NNA@88c1Y?-C(i3MK$$f?}SoRw69Z zK(-bW<6XRigyKJI28xAD>ewHaLoY?bV`Xcwm#EKT1nH#@zT&JAetl#>ZWK(}gmf_9 zxyA~E>G|9!;TAa8iQ4s1}(N9)WSJ9KeqQ(RP3$B4nuVizc$>?q$?(nZBU(c>sqxPrJR#TXoqe=y67H} zcK_T~%L;jpGirUhU#Khf(hTZ$>P}B)MG^j<<0zH?Br0#T+$jA-{MM!EapnB^Nnlsi+Vb(<1ZUUbaCy>7ua)~qN#e@?T?+#x4+4Vye^#!I^Y>cU zcl%EOYVl=tju?@@mw6G+_F1`-AP7)`q&%wWt3! z>2#=6EWU;+(b}fx*q};QU_WX#C0ea6Gz@(!W>2e_JFE>i?rZbvPG{4sEkunwRx_&7 z%vX%im^-s#C(y zC}mK43768b3Q>SMHE99=T0lFmRU?T==j}_+%+9|0Zyx7M&n#0pAdjJe+jjX0_sImu zf)^y@yHx3pCLdn7%O3ReU1nx=%Csw&q}$hA=I@P>eN0GgUet1fN@w@)5yawrCW}hJ6JOyO080n ztgZXO{ovaIZiZ;;JD2PaYL({aSp>-2elvDhD`!igIg)HnVYKKCRHC9qy}P^K+*1T@ zx;q?w4{K}EHmRO&UqDKa1lPH*y6j(_`j*adRtHGYu0dVmjIqUwnZc9E%rc-XJAKOh z&e*5T-)Ji9PEn(G##g&~X2nSU`mkLYl_EXmr|y$v*@AM< zF?jgHpSt@4q|D$bXGX{p|176QclC?v_@+(l>R5GIa_|j+dY<(~oc7SIrLZgUDO{m( z9=rXNI$0Z+LU(;R9M-{!#6RXMadm0_GfV^_?kne^g2dH%EcDK z+#i~7Ls01=Vomq8Ll9N`o6t-na&UFi2B#0)lbFkYJjIm_S=W5$=)Mq`M(!hzN~c0%#)e%&-C|@iZxMq4kvM0VU5co${9)|7Av%s0@x*m zy5@wL(;SjYTiQ#}9jp-_WH6WqGBt&|aKPE~H5d*zZY+xbnC-!GQQb_^AJMYHO1G{2 zX)iI~b;eLlV&4|4wi!Lhv*YITZs3vjtg@{_2_|Jy1P?-kiumlsMpAGU%NUC+A*34S z8c0qZV6KmRf}Dz6#BNpySVo@}^j`gOkHm#H;LZ4rlQBj-8<=D|p(1x$HKNjTacwQ( zr3Z1_k!Q#ym?xJB2&x**MT^j+rg5q< zJF6DX-GV;Ls~uQTVZI1XRw5ExBA!o#nw-5U#7ZmDWq`BTg&>7}h8s{IQ8TTh7Y{vF z{XMl4LkKpIp4aERTyp}g%LL8|8UtPxnWRu9wi*tnK}}nwCaTg3s`X20lpe1e|IcJ& z90;`P@6xUyGMsMVi-L)z>JRi8R-V;6X}Pw=$pCAcE4`&d8+i+ARZc{VcIyZFPM+Os z8mMIsa0_k334PdQ0e@&e%{p7u&wLf*dy>(?F7yI%pzExS(T08v5sN9b?$xzbZ1azK zmc~N%cZMDoCMuS?nN%KP{3V3YC}^MGL@a_|B0wI2B`fGgm~J2~3z*@ujh^#eC_Se7 zv^(+O>MkSUJy!8G4ZII7G%L|XGlX=4y{a>Ih|QCQGH5|s2M9?a$2*|)K9CucD5YP> z@frSBV4NZtuN;`aA{>bIBOn|aQ~;56zb*W6D5N#cuV1VOfWpv%f^J!d+HIx8h0l&E zE-W%=2$UdeiFZtss3rVqEZt;f6G_~$idDTjs?U|Ef?L&I#LWQH<;0_Rz4T4TY zl_oD>pJq8WeSUV)rVd!)*Vp=6yyg3G!;2%y(#H%B%~EJ+*2uY;Me5Pon2jA$owheJ8*ZGicxtEq6Z%gx|I&eT1r22RIkQ%*VkkLS& zO8$tkDO2qM(kdRtTk4ZJt)LfJ>oclOd$ zJ|TGUx&b$jKGOHM6!{y}h3fXYm5ym!`y99OBE_V=0QemL(gCa>O@JMJ6E7J&yjn1u zLAW3^Z=%!-c><6oMGEV|D zq&V3jb%K4qFLJ+h!b(Q~4Q-FTu?uY1EGR~kotsov=N%k6`vUOvoR#agZLWS z5&u&P+=Rm@pXvA*R&44@?C3t8WR=0!AB+hqvH*ApM{t4VxZpWU-bxRJwQX zdsAU}#RyiJVkZSpuJim~s`kU%7I& zF#3sM#NVp!l^%MD?uu+n>n90#E>YlEmAU6*aP{SD#rw?yx@9y)xF-^i3Tbnxcip%a^hNfqGlEWKV>9%Q}ryT;AM zQF@NJRG-`tw*KB%Uy(`UH0e0sxlj-I+=JYI0_|0GddEkQ4T7U~7>>j1Wign*mTObt zF?S>TXGY-}q$xZwr0(cWKk$qp;>F~bcgQHm4K29-y2ZxHO!eK4pyb198>?byhve44 z(!s?MptA=ZHR3e#rmytJ(b6~;PwZ)h&MvgoNO7`)>tYD6cNWp1Nz4Y;B7L!k`~2PS zp=C-7Toe3vtD?f)DoJl7HVJy`-*0lTSdqG3eJx-wXHo10m&zT7c$9l2(2~u|%Qw?T zWXq3$y#T&qn`umxG>z}nGv)#tc9*K?Dqo)s`9Lq%34#~+2ar5>h3i?c%}8Ik9X^1= z_kxSA(lNk(72E(HdZvxI0xV?CeJ}6V9r__GQgx`0M_C^CCZG}WTVdJu88k6VRO~1~ zU6 zFgQqvZDW$KjWd$_Sp5nv0qn2u$Wr^#4DPmF)RodR4lNqzzRQ>dyZ&`)|8^pZvG1cw z4pFu$8^@eQt`gr1z5z-&+xs_AWQ5__su5*Usm`x60rBc|Wyp9FQv_M?twRtK9JW2K z#Hh*)rpa7}Ca0|QA48{61;LI-^?$Izp#mb*Z_nP~eNfgd zjuCltt@}A-5Zo(HTIjx}ifi1Z308EdkXlX*b&YPEaiS+4x7LDBL~hXgP00t*jP5-) zvzTU~=qAiy$aS$m2{b6WdO{A29uV-l!7I!byn33@=7q(!ZvHv$4Bx_ifra=WNTS#7 z3%1*JxHdnUb+whX{?&C*mHOJ$X4nKRy>LUxt%a1s1qlK`V&p%Ty)<@!Em$uCoA<uF{4>F-_> zBjh>%l8Rg&bilYr`tWf&3cQ1x?K`p#_rPs!WBM?H(~=@}ajHp)-z(zk>EGg%>fjpq z^!W!nhXyIHSyc1ATK_&dvzL8m|Mmw_KN}8N5!@~>-cxTKIH&?33cZmqc#Gz{;E4(k zAf^{)Z^?TBYcj(kF2c@lR#$z6}My+6+*drX>Bdsox zk(~yC2igMYuT!nhk(1B3PdK68IQc%zRNe#dKdu6wn|OjpY~R{k!2EgdxuqotbG$bp z^ZR{JFme)deH@}Mz z?z8+c4YxM2s;)?qx-)BScdEJag^WgdhQp*;9xFCRK_a&~-xHF$JV^(QuthPwhynVa z347=S%Fh_|+5JxhYS1m)qDD6C@97G!pU9X#CkB&? zg_nln+6!48_juKKJWn0gqU2tHMVnvmF?KhQ0w2FZe4ytD`0rN=c4etciI_02KTxM* zc0zp3DZqkvEncN6Wv)M+DZfxLbo+|OM6AMjW(m?Nc3X~mZrTxI!b5iCukUwH?z;CD zp5AA_z5|h8Uxms}T8Ywsi#jA#Vy#cmQ44=2UsjVPUnX8Ew9B7}@Wnz1Yn;TwpU8;& z**v+eJpJ9iJ9@gXnVDX5&~-RWPqR1_;p5{I;Nv6o2f+gsf|4U546s9m!Y6sB2uAj& zpvN08)6awlb#KKKNu37&!2~{vh{)FqeKZEYmx*ZG$HrPo2P$>s7qJtx=V{9x+JAFo z`~DLbBVcdWmWOV~5vw)RSl_|#unZid0G3tv!Dk9@oSASo@L?&K53*RWjaF(UfREtY z07MF|Y@^Ds3O;XpF@)GDslBPTysN(J68vhdtJFV3$cn(*c;$SL_=r9VHnD8~l+T z!3Q(M`<<}X?}c3u#MjOgMt8+$1wnjy0BJW2>R~8=5S7K7eG&oiLmNb+<43Kx+t<_^ zZ##yTx0r1^q*TnuRr{ByOVEpGzlKrjC0K-PaFfs8hu+76zQbom3==giDoafdk4!CB zu7~f<4D4qCXa7AP6#b5)Y^p35xSH*r`@pSaAPCO%Hb!xYfG=3dNdLP9VeiKo0(ghu z$};G!=@cggm%MaQLB3lJ?_nLX|hNW_hdY z#XmWzkEds~vuS0+9BGBmdd?fM9@BK70QKNWx*$22si`z4->Jz>nxxnx(>AcCYz9kr z4umOaA@%=&hN1Q-cu7_6`=xFz|`J87%RXhUs9l5c_Edj}~bApY+xPci)H{FS$Sa=z# zG~#%{`nm&;x+ycYZCJ{Ok)XQiwZzDkSU$H@&a0M?F}r#_KsVIfaR4=$a>TR)yQYk@bqL3{$lzcOL30~52M6pCui{7grAO8 zKE2b^IBHqm!51`%D<2j)|17w{(G_7UkSOV%RX2NrPu9N5C7;uMYYd;U{dp;_nIU~- z{>?ymdJU}n_Qdm)_ z_eha1FK3zc;XjUw8~8zq2tC@_Kkr762>d`u@>?iFD{n|E_Wp|O6j#ysCw7wTPm4}| zQQ%`?$6T77oI*I;HwyA$?4thLKiYp0b+UI33ALW3cSHn5AD!PASO-5hJpdN~VdF?^ zWzTS9Pgi4OXA8KX(U#8C&Z4H?+^~%0hYBSWvvJC;2FMA+2l}3vn^_;48(bN|3Gjh& zt_R@J)jOwgr zyx0nO6D9q!vW5%BUy@S>4-}!k%7h@vNlYwLs=nA&XGWF&OsV4MXNlr3^0fC~(|B=W zYmPrh^Jt-|qCrD*IOs6*cM$XCNJp?IEn}yh57X`bvmRNS8m)&27=J&__3TT-&2r-_ z12aKnNt&cW&k=SI%%cskEc*v*6&V)0!F z$qoUxr>Wu715dAA1zA*vN#pJvM%o)(+bx|Han z?O3$1WI1#k0={MHgix?eZq=h|Nzcj0(~26KE?{@4K|om7-@tfx?roGk?YD-jb?TFX z+^jJVNF{}9@V!~HSaK7NXbUS@H`U|hZ*IANdq1W`+@E#-LhVGVhUSA4>e}S}{QbhO z1S#oK^)U~!5TYc7%fu3pvsW5w(d;M4>9*W|h6FQo6!^yLz#+cJWsc+u8y1!r=)`B} zclP+zWR+7S4i?E(N^v6`EVhS{iH0Q)XE@H^QPCRdE)3_~j)z!Lw}~v9?mS!t zI!%Cif?*QwZnGjuRg3bERFa?QQMeDD3DjCQ#9f|+#(bNtEK?6N$L`zaK)wm8Q4W^! zsVOd_T=u*v=`jNs3+|QZ7gM6Dx6Zplm0ur@;inBW-TYwgO*L)N5$=L*mncYG!C`{) ze@hsL+&Um)5O8?^wLv6y19_N7G55u>_5nEiZL)6SVzdE$HykqVWC6HkvdCq05oH)K z2hw15*CrwuA{v*p7p(KeHp|Z|+Q<1Tw(#0ev_XQ}urFslag{mH7(EA?t30GJmNcWc zi6|h)$rj4paap1yUM7?n6$K?|wf*F69u~~<&gdmQKTRg4P3^X{i9whaz6(4NZM9dzj3{8ZBnF_-^7Gp(&i&KbJ zUxl!5V)}KI_d$E8igJQ~X2I1>rY@P!TAr7^b2qZs4y# z>E+6VKH-MTFauFBsPkil@#BDyA|@UwtK7uVIxC+CNf%My?OHO$U=Z;VZUex`QC&tz zJ70QvSnDmEE##N@ITD}yY-GPtwd%nYdA>KMsx&;Ppn?mVQ~ctTO@6$_;4`mct_63N zP*3YEoD}7FP+*K}7P(JYm zJ~5QRzA`oI0c|SGHh(Ca!aK<}dc5pV-g_`zkomqYHQxg?MFeJ20BeC4m)Uhx)Qk7P zSgRtX4nfF9ksW%Z6*+&EPRC;*d#|lW-n7r@<*qA=L&Ef&5X~jbZs{NsJSD6k$)&6H zA>|FXp;Bu7js~}{_ufP77GI$b^YQ9`g$QXXpZ zxj`aoPjCqu1qGu3d&P56gqv$?=Lnr6J^CJw?jcVuQ&ZC^_MP6bta+{y^KhljY2Qea zky5i%E@Cxb1ClG13AV)Xy1UkYI)wUb@JDm9k-wjwhYHPWxu(fP*Rqe~|Lu2Z>y?U5 zsUp3y9K6P(+xOU)!A!+3nnz?d9bGMDN6mhL!`&oVi%Vs!HI@=gBAG`YSu)ky9H3BF^KMT<&g&|67(E)P4ju9h{WSuTiG6jMBpQRzd@>g!E_RedwGq!O*}_M8g#b8K>wpuvc1 zoAcPdF|gq?GdZs!68GPXg7%3HhF!>*R83K zAt=!AfJp!1VIO0!|4oA#0FY{I#BIU;)_w}=h!2LgkfyBAc!{>0WM?1Rs+=Nt_GeBT zninekbwb1CqnQM|2g1TIm0nrgJQWHd@-k&)Q0?=!eoIG>L zU1qozx?)vSOp!35ax4AS^*Vb*`nJc?{K!hI7$eT({m49RHQ%wdySA<-O^8J7mLZ7c z5fi%Gmc*B_F?T7aHG-W%=aj)^GM?8z;eOa{M}k9>u|V~ibW~}{a(7hQSKCCUw=kGqN>A=3`H#kq{u z0KyzULSkkAf!>A_*Dq{3<$Z=04S7Yr3>~65=>th|qwwDqmUOq-1L;J4ppBJhQCKns z^H;ZQB4@@O(yqRD=!8LYjf0}3KRKMAmi~!H$(&<4y331p5awM4?C`Q~TG4C{#`h3$ z79t=u&(pBXdO)ZOHxAP^zRKs~Yh2KBtbW*KO5M+gvLV&=IyLq;HH7C#WPIj+HCCa^ zMfw`5h8-&;nOy!;Dt^oAXy>nT=7>kMnYk=1CZXw&F#J&%iEYZ~P% z$sMp4Bm6i>4*I(o05dtDJ)e)w-pEXnPJGV&;P7?2@?oAddq7h~da^eV;5lC%>xbBE z8Uk7F&Oi7k&oIp1EFMFcqd{}6bjPmNt%fSmspK6Njp+>B0`Vj| zKgf6RaZ@jR3r0m6BwHgMllewDCwcFX3%nkWW-gpJZie$z8!{xstZdBw-mEQZ4WO9{ z@B)>Zx@J#PN)MJ12S#}9G|sSL|5d2=r{^Gy-~OcePGa#JE0O)g#b2u2I`~#pGbi4{ zJDye7uCF904ce+;cdz#gaMherm(CP~#6*roHK~AKl2YEz*EiDC>k*1J7R-I#qj0{v zCSLI{cK(}?L%f9I;_NWLAY54F^qfdv z1qjW7JQ1-kqCOy`F#vv#tm$rFaP6DTBV?lV;kH}<9K3LSJ<-C@>6XL51*#;gNFqIubkM=8%v;6yJHyAeu#6|IhBtP*TEz|bbL#`TOV`+XL2xKpk6@?*+;YOwMpIz5 zd~Q(tH~t)7x`1cLYjK@;L0ylUgr`4}y7c>Gw}GQtror0nzz>_4m4@T6PtNTj`ne26t_$$y!la44nIG7k8EI&N`+M3HE!Hr$D{dj z_Hl|St}sc9Yp$poOF8)q}fofoLGX30>6W-lKR(hgAe2vTPvB`bB#< z(sO?Ax&?6T6`u5HW9clt9jHkFbHsFOu#Y2he&gO9!9%!6o1qcRI}RMfNB4;| zX;>>6rd;m;VSm8T_b0$ja!N7!#t|_V25VFpcE3HzzG+MvC|gn`rD_N+I+!i6u%jzxKHaKy;@gv z_mu|b6Gygxc_6Ei8>VC3arwGFMFYa-jAIxSTuQujD7``JOt4N|!)S|9m~pSi#dnhy zPU#B!hd%PbK^q%D^1bd zwDpi>@fZg$=;Y|@!8J$5u! zu{s=SY($}v#9wCw%9YLbCHq*OLio1}{=4-?7a)OL&)?(%qz z%L&ZrXU4DbUZqMOwj9Hk&Lt)11W5Gn*w&PYlSwB!-;Ab}mlkbo_wVM{u}hgNMdpPm%?L!aomAulTC1 zwy~JKG6nB^PaQ0-*&)P_jXOxcoMfC&pgq-_F=gUAegD{Y2KSf`)6bd zF62oNqQWe2;w9amSb00KnbQPcK-Knzc@0rQW)nzq)hj)BxQux5jJ0d$aPYBwBwsB4 zr*cJU(BX%(hek1H7WWk`Y-K&CkB`-0gVMH4#{TSNHu1j!Er?CZ|A zs8jELG*(mO2bOo{9ShvYWDC6QqNcO*wUX#DO;wn$_qX>(-Uy%Qy9mu+HE&9Bx zirEMlO=J@csRPH7k=8h)IioEv&(k79#fHVj80#7LB%7znX*0WA9;2_%o<^>2Jh-#Z zZrnc~v|_@<7!fB=ERpb{eQcq^l#5!t#}8J046paPomC4|Tb?P_`?EEJAmSCU(AITb zmox`fPP!@n_A}Gk;5m&-ihh~z1=ftR7FMLM%vROk>$b8=lLp`6yKN?EtFbhP)_o^nYAwkbgU~X+0fUQ_KdIT)PK%E zmu1Klr~PC9dfPFf+wlsWkcroV3uwU$==&dVw5`h6V1Dx@omZrg#he+C_(m~aeG-6n zswyT8O$n&*V%Del4gD^Deyb-%>RaZb(=$*bZ|`6AlHoIvhb2T6$p_k1xNKlK*e3o2 zP5FBJQ(na>?G{WyT66jX@>nw2VVn2KB;4aWm$dV?kOqJKDDfJrUfbT%D1eVSo=+(Y(m^b_c9cL# z$Uh*6P!(ULnh50PL1fO?s8L)jCnU_G^aQ&yL-RRVb2HwMlf66mZ9W5rMEeWb!;1^m zueOQ?#R~%|jt~D!=1az-Rc9^#9}`V+C~5KzLRr4-GR(s)xsA^Dr1#GB*L)U%R?Cq} z3&wb2(|Q@VLF+4%z?BnK5q_pY&a$=DxbH@yFeR7kM{;h)A?letH zC{Yh_m2B2ssnJ;_{hdN59fT^I<a)|ANRAiHOl_GDIns!G^ zSB(z?TMJ{IR$O#xJ{6A!``U@muWHv#9266G7rsk3DQM`24$_>iU`|dwVuraY*{wCR ztbJol(>z0(+e)(Jed|2S2)!IDnLj*LuJ7CGFxnAQauzqu0X_`Axw8_w$FdFv z>QiB&ld_{;{+n!+K0A2|C!=0G1Mhu_Wb?!<*s3{l5~ z76gxtn6qI5_}-w+SQJV5nc+W+W+tBIBQuA_rw?_(MlyEk2g8fU2OTJMx7E$1`jCRpu3;P>m;vx3cf_TdRil6 zxJZL8b}y@Q4W^ic!+-9|J$xlMrh71I)2FuxpJz!Jmd^)?8xGGJmu2t^;FkY9JhYeJ zaQUhg%Jm1^b9J!r+CB)Os+)#&Op$e7{)@PxN*JOs*F2P$lbC1PyI-sAt;#L2gE77F zF2udM-6*(a)BtbN0iB^4fTYCm9pdqcwot# z{0@^vTJ&vWS=N-(bhQ}ES|QX>b0qpYOEm=aSL6dnyCqN84dwOgzoo<3c;nq}Ebu4) z{FIU62D>0;*O?!ZK3Q3%HuXxM6RbLJ`cRvzCFg}uau5ZuHmZh@IzbUTHAYdg7uMi2 zFeqEOWL#3L7w0~pC!8cZ_IF4gU}(!N7j2A7E;Yscf(u~%FVgNQIJPKG7kF@jj&0kv zZ6_zTabliWC$??dwr$(CoypAHd6--G?RHhK+PkVBy85AO*IM8I`~7%kA(FAtEw^6c zC&6){^_adHr}Ay#?xhc zE~KO^ikybGS-gKkAC8gGzZ=C}bLZ^57M3TN7e@6k6AGobg5tw8GM1b9w_jX><7;H1 z-Q;QkZk20N2Hc;B+JCBaoy)-COq;LJ4f9paZU2CukH2@a9IfsM6-sA5>zua2!DDYB z2TL=$0D&J}N-l)brpcRS$#tzgRBM%mgmmi;#xl2a6vA%>-g-=xPl-j zcd)-U8>x;=8Y5U-$}|{OMIU_S4Yz z-T0eUFsrWIuPr2HC03`{Pc+oK2m57_Yx>faZN#q*-StswUg}?NIkLpQ209YNQeM@1n&;4UtqaSd(j*J5ZUwIHG@0Wt zSyi$u55Bj+m6+l|r*eYAJ_2bAd99VK)8klS!uO}8v(>@n@a)|vy!QeRrg?i5jz|#S zldNU9b ztJ&=a-O@i#inTTIlQ{p!V`J#U;7I_VaBH7EQf@dC%}PIAALzZ5vmceC9)GJNr;GKky)hC(^FM@_mp${%+XzHA?( z^%A)OV2#sS4y-4V$2`_6Osqnry6yn+V8cdcSw`xAVxdG%uPAr*)*cIz-x@O0DkL84 zx){UJc}Ua?Q8K)c5E7GrxldlLG$nV_t`hCV|qTjTY>sa zp<6`arHfI9!WgCY$Nv@m!=qZwE=o6f3jCg$g86HTnca8-u9@J z5*!5%i+j2K5N!FXHxi!*+i;bR66kkrkWY8gL(Ri<&<+&ao#4Wqq_g;Kf8_h;%7FHJ zlLJZaJWq1fL5ZlrD!lMpy2R{}A=ioJ4ufb#tC1I;N!?SW#9q$A%Y`Xc)MIO(dXM`M zrefi?Mx#qC>t(+n&7CIySMcK3puXR>&XE6>KEu8vsldf0h2e8oQ>If z+{n9Q>nZ5M2Bf+6#N3}{@VrKST-E5?xE3&NW2d&I-hr94deqy7F|}RaU*NEBCvWkS zoSR0EgRl~<+dX;P0@_%Wgv6Emep4!zW4f9{(O_qQ_lj7PGm-nTx$~VvYF(UxaNJ>V zThY%9C8Lt6OvyVrRc6t_fA#8Ik1i9lyPQLCc zL*&yG)tr|NcJa;tIuphb!gWKoIwvY}&d%QY8FF!?huOlWTeJMZ2!Y$(S;D%e*)d!X zK0p)|t3$NW3nP-hbAaou(=jazW-R{4?n!1MSks#t>E(`mM4DE_w?)4U_LM~TJB!A0{gFe$zcGph6!QbX{T5zK zDb$)x~s|8P`EsVrdJ7+%46&{D?ORho84!qv4S&4RBEM@1phW0Z&dk16J2;N}oD zT5H^@+fT+wMzOJ5)0D=*rxu8AKxzCgurMv93(YFR>@y2zDiQ9hke>uS%WFXNJu?Gh8Kt5FvCwWCTf^ClGmR;i>ETL@v1b|r%bOf>ArMF zV1+vZ?HDS)N2<&i&jTh{kVmY-NOD4AU{`O$XXke0x3ua&^Z332o-TqHD{))#-Fu}j z9qwbIm!IFugx6C}2tFd2Ev~e9a3A!42}A(SJ-l%DzNg(2AF5keR3;uZIO`YahY z*Szts*U}z_3V83r1})+yA4)_u-Ubb;cRN#_YrsCY_;B+UV{~)AjwKd0xLMZ45#u7) zeRWGKj??d3-GxIz=5u1FeT-8q9T|ar-><&H1B1mf&*jtDB?-S_;{pSLMgzlbgx+NF zXN%W$j`gj1p4)EbBEC3ES1kTQdOf7?xZza`&X&B8kSYy1s1#rbeTX;#5J({19tbyI8U^5JKPCmRI|1MkV9^}lEFk9`z=JOz15i*8 zN(wMa4d~MjrybZA0Y;#|+79ahtf3&>2&kR_A_XXF4w@&#BoM@!AjHWpogC~3U+)`a z7+*nOi0&Q)3~*v!AhF(GDZusmfD2!p8}v5tTVbde`~_$*A;B4G2~?$k1_B)kc&2|b zF`x%ft%6rE5P^P%IqDRcQhrLgEELdhzYYcdD!@MAFMu=(@#naVpa}_r#}JCZZTgZB zQig!;`4gPLi9j&=@-o0}`Eta7ZvorJfG7!)^?=Y3$*wrEqocrF9-f5>^?Pp2$T6@$ zg$hW2WNQ$1;$&DGG*NH|CfAcstOCDQ+dus?m|m9!Rwy_g`aq^$$u+^>HrmFwRJfrKN!DWKM_RH5OBd?Bp2cS!U%$F zz=A3b2qV6J2!?2=8w&QzOJK7ESOd6?jhdB-W#+U?xT4xQbj}vEHtNlq$zRvFL)8u2 z-`Uq0*T)&@e~)#t-ff;c3H!y1-W)i(gb!w8Lt}#;5a1w`?Km=Gm$)7mXmBfwP~EZS zXOt_{xyJQP7AQ`65`$DV4=5MhHG$%I64ROroGt&6>6H}2=4gso!JswBsa5P-p@_1u zX;kmda|QgcbQlqT8lW<>ernk1fpQeer7W=jsg|oAQo)oNMs7jr);(x)sr}UXf&Wu7 zP`H8RB90{PjsQ3}Zzw3Qd{ z`BFY5gt$flGbpODg91YSd+@|h*HH!QU)4a<{jH)+s#e9Q@}brd>UkInxHPJpf?jq{(oV%Bq<*Nd9r>JhNX6X?sy30726(}+Xag$)F82yMs$(&iO$zgdo zsuVRXY?j4NW4ly*IU7}Pc-7;6K29EraPd!SN-I(qY)o}0q)9!PDR1ticRV_0DdIa5 z)(@4kp|5-E7Dv>qSREaeI?^)jwpfeLdgSbGYrP%XH@cd=Ojc5{R`Htl{s=T{D=%c} za6V^=6`0R^>r8uD-m_QWXp?rjWK?uYc$p%?y=}Vt^b73l+&Zy1z&+nk6N6Qs^0hrZ&VR9b&+Dj3P=>Bl;Z6&?*`GD|GayEjr*;0Ez(1n0tw0Z}VY z;&A-Eh<2)EU;T8f9i=0e>b`hr0SZ~3sy>-UTtvTYks*fwltf&*b)MT(BZ-<-k)V83 zY)XihsnpTxHEHYkh72iHLQ<)4% zB+^8q(XW8d&@Q+H1(B8lq?+>ZND(o~R}?Za`+Xu{z$4M2VX6e(RFcpp35HMoh@gY^ zFBZ}ZztDmwq!kgNr4e6ZWUdelS`Qens$Y$E^Es2}Q4rL0bU! ztz!l0g*!PcY0(C=L@?)0EI|o|PfRxpr~-zJbX)jOp{S1b?8sZtJPzQ|8^VzCG)O{F zq#Gi_B7y0`Y@#p;2zX3}KgzB$+V$3K64>HCq;e=-HeHQT9}4O zd^yQlsOJ^@$U6AvAecsEelh8E;vAB$1h)J2!2Ti}$qLty3Spqbv+UbM#AkzKMn)tW zNk)T9K|+yv0Rk>fq?Y7Zvyj>LfSg&y7h479MKDG|>zT=lzyouy$`Q90CEEz6Cp69P zppLKY#b8X}lo3`6?bY^V80_y0wWH$;WPCD>s29x?{>O;-YlxXZP^Qj^!d%^4lMYXA zPp&|l5^*%KZb~Rb5G5W4zba%T2%eIt;Rf+0mRKkdhA)UP4~B0p$E+bH9ukr%1M+ZB zShhtT=Z`?D9VUqp5D8^nT22jY4Gu|T9&8{^mIouf+nA(OADdrDm8l5DEw>p@Fdwb2>cQVUCF&Od6p-x#Wn%P6R=Y zx4R^y!jVX{hq+BaBfLPEJpw~9NSJ%djIce>#%{HcBk>_ffKGin#w3h6bC5^^F{3~L zJh*sAZ!8Bh;x^|`CzLM9^@X$)2V{cquLB2{IPtvYDMdW^QYnVrTp)q~Hc1v_KuNX< z5;sK(hGo_?@GoRMvYmyTB_wG|K2wN@UXWG1R_Z}B!a*R;Kzd>_Vpz2W8W%%LHimvM zCb~zi1=1FCQ_K7zG8=46e$c4XZgyykk(1^ zT<}~61B{>`zw(7CR05e6ZGv-1QZWOA0XLaB4MwFi$q00?9(^eCxt13Sw|*r;Q@Siw zS!1DPvf1rB6BoaCL8w+Xgg#vBAd zfsojNK7|GzqIYS{2ve6Z>4I7G7Br9U%aIf`53YIL4zznBFmGnfj5Z97GpY&Hn zpl>3=&k2UAgFPvz1gG&eDxm+vs?b*|pwb83#hje`+6a@t2N|=)({~)=|15M_(<`GX zLJMI%mWGhIaZ6I4CL(^{-Nw0@OuvB?3Bde95G7)KhasVQKu^UlJ2S`r`G}In6LDf| zAnu1@X)6X$TiS`jR+Y52V0{d(FpMc+D4`HYX(6_D)XyKTYyMx- zKc$4mi|jpVYp;)jy^^SCixKn!%R&r-NU}&gG?7^JiT6~Nt_WbvAnX%wroirfD` z#>4JIL|TG7N&zvV4sxI}&hj8d34j8zT~7^4>vQ#p*)zyXm4{l`nHJ@;1WL7UyxxK! zb%ExgMFgWc`IZ#LG6C*Qpxpu#=jDRiLG+P;O~rox>$?gG`U5f1m^z9}s=Fg2-d-vv z6Ys>4TC6be|4umfN1XlgD~N!VhybZWc5U_5HnLMfnG8P1^qLjuH#Y@hg#O2RZfgL0 z22&10$9H2!^1{p=m@@u?EHx1u)Enn}@$EDLt>f<**ZFJqQ4%Tk`ys4V`P;SnsK=Tw zJ$xFLU@X@0(8qBKnlsp54AaTtBs&^WRMXADM1ZRgsi)7tfW{gu99kNtoLlDAPMB3v9Bo z8rSJ;#@D|8xo87~h=_T1XPERm*G^;x3+Lyyaz#aC;+o0ie& zy&e5L<4w!=(PVv7^YPUwRIg$>El=%}LFbNy;xo%QMma`_+Re1%Wb_Fgnj<*FAj^NZ zxX9`g(G>f!dw_pO{B>Z_BKnVS+|BOaZS<>rcluq-JrX<(BlyMhT62-@>8?t(R&IF{ z*-2XS$`&lQ$?W&?X=45z8qMaTSS!uRnaF3lxEjYkxHmS=KKn_8Tf}I=4WDuXV~)3F zx3-PdI#6?ZfM?#e?PY$+x3PV@rIOsE?zCgDCcFA1e_r{R?L*{vXZ^j4ZJprojS59hA_l`av_XNds8;D@6!L^C4!Q9*uKCVH&6eGf}x{D6mp(Gx3Y zY5b$BDO!pUtlUvh4ch!@!p~@aD^!PHy#XK)U@&(kErXgzuH*$|3J!r%T*E2TA4~-Y z9F}4A51NB0vZ^-rv8shd&Kei=+{lci!R5cs7XleI0K`TKIMleA`9Fs*;rEF+(urb~ zb2E@x=Sg@7%sY(^p4+aUJ{Csr|5mb$H;*!Ud5taebnu(xDk1F_` zbkD>?Gv8#yK%lhbdSJ`L)sFF; z8Krvim0SFRjXboScb=P7I-GcWOSI`s)>9W*0&9!y?Xc2COGgDAVMT`gt^Bla-euEe z^|~Jz=}lzoJrIJ6nyqbJmy2n@he}%&21u`c2NccY#&(Cg(H1rqReK5i=t1YUvfl2W zM^gcE@ zET0$Gj|S3@u6e|-zcv0g8oF9uP<~bHw2GT0ENxrz@gE=KsjWvkR&{WwEWU3hb$r^} zo<&Dnuj4is?)9xC&sQTyiM*LUUU5H1ZHH0m_=HTcxPR&9tyW6v$*O#moFaC7SsZqa zZvSx`oz>IXYLQn<@WPT~=aWEMM`IF0a_4&}lg=O^21NpJD_DDBvP}Vs)&sNSH zj>UUP*}BEy0ylB=(wY&*g)`d>R6kH^89L*8a03y%_^vJqMWMP z?dwD;sO##@rTy#vknJ(j$yrcB=&iKNY}4QJ9J8SQ%F^_jBU$x=Lhxxu)X_d@^5qqLY`|$`Jo&-2D>YJ^My$9e?CWFhbz&szn@{db2Xl!%T3r|;n(d=gH8FtU7Buh^L(3YcAP%M1w%vv@?DYi z)V}gIl4j?ujtQ^ACOFygvNg6c^l-yt%-#)0Heg6(eKIw$ zf2$CAso~qR*?BpEDDiWn?M3(z{q1{4F{ZWfYVl*lFEpL1@xDSl=5OepTYi5Jn(*x4 z2{kX7cE_kB=a<$&-O|-ouQyoeI!v*&A+xZnto4KED!=!tuFmNex&ilkq?|a3Nt-+~ z4=3}`fa#)cSd8aos2vRdcXQzrVtW4jA0?Q!y< zkUDGsYgLx_N$(j`i+R&vDvDQrkaO9+!i#HGR$75F;7v8du_21*V9nP5(?MG9&}nML zqul7a63@~05q>!Naues_{4-JgGd$xBJxQ|r!!TjGvHYQN+{2ZaLCu-dZce$^ymD}! zvb>9z>o~U4F>kY|!61F^sX&Hib!ym(|3ihd_(neEHH6Rmw(gvHeFQifTCiftnRrKpVKTU6ZIE_ zJyx($WdFa&NZ!qEXWIsMtW9RFZ%m*2hLb~iBt6{hrtRF%&_w-#^F-?FE>Dy4=SGUR zOTo04$I1oFjHvu=^3HLdrV@|Y>n(ht_~uE=H-pdg5bWycmJROrHT&`SBkRUO(t2he zcbn?27nk>kdI;TN{FS~%yv&s+7gQIIBKqUerVp>=cW3D*ig1^ytrbCoQN&f)LL9SI zt&Rea>&}Ov`CsQo(M038(lq&2MWo66oG!N03kNOtn;%!15{P>0G5cfN$ckIXUfV|K zy}^V>FK4pCuAPx??8~Q}M6RD8@w0!e9M346D<3Q2^pfeL+jUT?v|2r;iI%NH!{tgv zh~t(HBRHxKT{(tceqLL#=W_aPiE7wy=7ka6Jj$fnq*u2Sb-#!ez38jF+V7L+)_b(FFB<-G zn!VeMM=4!?D zUg`dqTC{D%lj%@rwJE*IWD0I2!0b5?7h>2hbMwA9tFw8ED2~}DbN|B`?;e-`lhXD| z{%yOZz*#JwBR=&)>a+_HgNK3GxKDk#(5a0sG)P+qiTH&dh%rAxOiAqO=j6t+j;p zs`Y5;GI1IiZ|$5nCxXHix5*kzwbg~O$nmPk;4rE-S?S?4n?I(|&)B1r+HuS=7dhN> zalhc$aU0dVPf+C!bbNBxyqh_%MeZjbqkJ?q7w4|0T0(4Xv>tX8s-^}7=-py#Ec%Tm z*|ARw(7|i9FkeNec)Z`(hr{eS(~1s(r<1ED*BOXLzx#w1r;Ch|r&Ps~?sYdgvfR7G z6RXNdH1^w7>u*24zVKXxp=gPDHjfVE({9$y!aw1o;kwhX>2BQ59}bDVa69=rH@n3( z2NTaFY0W?p@h}+lvvXHPN%PeJD0>-t#wScQI4hUE%4Rpjeu3 zd}_UVk3WzE*nLl96U{RO{mKKe*JMp4=+~LM)fTD8a2>1 z0k4zdLt47l0hh710}Vj}Rw~W8t5bJ2ATPBi{7e0m?&)k$;p4}vGXz9h`XYSzHQ{u6 zJouz*AvgFG{M|rxHN`{FK*i`ceJ@~X2PnDLp~{t%vrr|=AjPWUubcZFxOQ7n(I3sq zQ|qv1pc%{K-9iTXn^Bs`2Afrf{%741fu4wvuS95fqErXr>LVdb3A8zkL>SyXJlr=t z+$TKTBn&Qg3@$lKA`C7e`WGZZSHFa=7Gh7CS0w*!Q2N%+gMxlj5x^0#wD(lBGqALu zRJ4RmizMC-LnAAFSt^9V01JOlP z?x7x~+(CUyxJrB}c6v850lMwV9(?}--}CAgbm!;AS;6<<@Dt2#HDH%y`%{z}tO+ z4yw$n&!NFSOsf$=@DluC)Dy+~Ioc%1dM!IittP|&>XL%<=`7{BRPS{E&ExD7848;5 zz}j)(Da&E|JOlx66PW+B?A*NUGo$!^K4e~<4n5(UoD~Q183f593v3%A&>forvXw)* z0~^WG`#_M6sqY>G_SFlHz-f-aIfBRuiP&rNnVl1=|424O(wJ{hh$QYi!ud ze8`J}E}ws3{KT~8jHiMdw@JCbi0UKK9weF%CVbt1dC}lD(5o~F)$w>O@hDt2_4%b zEA&!Z^wL|=B-hEL*Uf3rj6?!o{r%`Vys|a(WkYE6q6BmT-`?9ivrx5q%Q1vjIBJvl zr|33iZ}wYP;t=enR04o&pOjU8CiqFdIb41zck?IqJM$A;HgEGH4Se<+oM1FAn;|@O zS|{zM8GGa0{knfq#M@kOwY<7AnXvd_#OT-|+JAg!K)}FrKtRP7fEE3KHT-}JdVDK- zfE;RvL=;5%v9CU0BP*btG!)xS8 z6&38fEayb4e*?VVlxCOTE97CtvgZnyiuFqe!M#nvy~R|uvR7}wsqb{EE#_Jz8>sid zuJ7Ynp8+Qw~r3hFV}j4>@Q zLJ{Hg=GrBv!Rl4mfrIER1f^4zWl;-bbcQoZu4SDkO)KcPjQ52UW>{%g((ai%(he&n zZW)`_htgD?@S!HOfJ&l)d`Jd$2BLDQ!1;AFbSHhj2buaMKQt zWra%K5DkZvvFKPNW&Ks4{)z)_$XXh>T zlePpv+ZapRkU*Zu@ICB<3zOkG<>d!2bUWhF^N76rr!((`9#lrxrOprPjc}x{;>r6h zxW8+VVS(OM!#`=IT}og{+im~Sy}%uVxHZQf`d<%d-{?3*e#m)ZJ!QJJxrrqJB@QvW zN7?ClidmJ5y}R=FS`4OwPmN7soM!@?L8kd{$s3s^ZJ(cZ!x!1=4_(84Ut8Z;AZ@RA z1#bm;)Dc^XV(YFelyi4}{noBCSE{r=?<4=A6CCjN#bDK_)_Mvko=cPizR9kIGO z)NnsSeLBuUW+TZ^4d&hPb7t|l_-E1$DhINQ@w!%*3c8dRL#3k&m%j38G6DJ4xQqlH z<WPiSz!_FhWF#zjr|B%uqd_(SS7ha6(1oauz)1qgKXOVU=sc-B8s}>1sg2J&%w-)73(t~P8?N{uh)lj9Fd5d6(ed9Bh&a}-12UA>SUY) zC28|Bg{yc&C_*ttK{Q6evR*=>C!WY2TOZBP25u--x0qs@hhB+ExYt>Pom* z98Fk2xZQ162Y$}875T}I73Mlu8K~T{ys}RJeL(GPf{x$ty9XeA(JsRw*y%UZ= z$iJaI4@g4~NWTBju93VsGW>?e4YD5!0P$FRCV9~gtqG2;Dtiv4uzWBhE!sn^+GO^v z6X4s3#@ckp+H}b++IWYgV>@aYz11Y(c#JPngxi0${oHkT#V3O3$UV%uw(`5{*CQ(3 z!RpUY>&mqa(wk?1CX-`crxX3ZwMR2Qq|Ocy_o?@Zq@141)w9~9mUgM`NkC%^O^K*< zXk|QEL9ZULA~ZGnn#h|l?h&iTa<++_Z2B7igHR2fjmTYWr3 z{W2LQG8rD~U^;2GKc3yhKBesD!`SZb9KWNMxRI3O1Ip!974x7G_o(oFT5)@Z)RQfs zzCPEFOj_Ppu8mO$n5)l(4P0<2-xD^sp7+0&omaE&Jh~n6-XG<%=kd4iaGPW1YgwkF zqaVV?%nv@`TebXY5~>|^-h1@F*PiZsaEA*bGD&hvemixRtiD}ti^oWxF%vNSi1EoMYI0`KrP0g(+6QyjE0M&5uV2O402zB$Q~=rAIR z`$NQk1~+PUsMCmF+21LW);1sl%{e6^*%YeDwi~!Z<|O3Hzc%eU!9JJ?w?V>#?iXpF zJpz+H7}>PIcw5h`o1Jb#TBB%d`qZuQ1&+Y7Z)`X;I-(mtNRa*KTpk^Q4+ZZ?4)21& zl__4K7R!{xSdFZcPFeq((!~y4>I~^hridg9US2RwruNq8I|RInIEbUxzCVIDMOC>* zl|xU~q?Ua#X!^SkP>j?sBMRasoZ!MLHSxf;$ZCp;Xu$Lv|5bXOW{9gz8pPry{{Sgn zYbHjkrwASi;+Pp0Hg##H$`)%aS-`INAD%KK{}$eCas9RYEz4Z!9Ar&Pf+*L1okX$S zynoi4^PMukt-}MLHUz_4G{P)S?upYPNx~G;5{6WfE8z7Wrv8^ddst5Ulz^c-=v`yQ zGjl9vg+^}qR6?KH`;ZLFqzs{_nb4C+y++@i0UGqM#+|<{8dcDrW$tj>+dM>xBaP7Z zt<{Y2KcV9n13K508RL~m$y&&+oz3=i&63(S;p>l6yD&!*Fh?;u^fy7Rp~Etci0Q5V z>=T2*gGljzLjWJwKtyEsdu+n@U_NQn9~OK`y$O}C1<5UnGs!{)h=MDELQM$hx%aVI z_sB#GW;BCG{vuX10?0H76}9?yRx~0qXlxD$Z8fv9Uqrpy;VG?Xz=Zu;?0lSPE20ty zqJSPcDLJojWCAj2!(Fg2dIJtRR6Ff4J8i1s*+RDNG^knaFcNL7 z97?|Pr3{X^W^$sx+-Z9*z@zIB;trUGbrUpcM0n$da(cE_Yx4NsAE2;k?eF4GhvB}Doq+WN;y*`=0Bk*H>-V75hA*U4c#Hk+=B-m z;M5U%UlNh#6EjYwLQkdC@q1r>BhCNLIHd|bEvwP?&(+{#p@y9tLLXZUrT$n9nY8TP zSA)O0MKd(Ck8b|+Nuh$Z{cp$>@UMxwYUU^~W!F{6!C~USZQ{UCIw*?JQ;|H_c$!p1 znl22D1BZXV7CC4gHX~A;%@xTyN@p1H&lQZ#z0E*D`g#ZV>e0)KnJn?4r)>UVhqzrB zo{Q%?F}EnZYZ%_{OOu(MxZfxne*B+%$RJPu&wHNLuWW`$&O7n?n~bF6P)d5zB2O79 zdI=fm3=2U+%@D~`(NK$6W?Ctka7M~b5=L74BGOQc(BcPOz6Ld{HSFxU&7NcI(DwXW<|CF}HZj!c#jlYh8D_zdeZ8){c)m__GwOgCx z=s6evxcRKg!7_j6SARztQC`2TXBK%fI`7NBWJ?p{v45-M<-QX0eSZ-DR2HM_Mh!Xr zY$NH)QYMnL-ydesH!|ADVY0HZ(f)eK+(um)HMYydWY_^Y21 z>>rTo6mb5-VBP!xSoeTizz5*-2fzZO1f>M01W>|KB2Xg!Kv;}F^c6NGKc&DAeC0?f zNGU}53$O2yfL zxD;bmlmMq=v2&4U&D)Hbw&xk&n%|9G-P;w96I<8y*`KS~$92yg9vjIt^_I}gN4vi^oN0iAsgK5M|8m&Vq$8tYjvGiX3MtlvhU#~qT^knBuKt|A)_9}*b~x@8EV1vWNW z0~;{nbaWIg0JHBGC(4CFcMJe4+r>eo<!2s)gP4^>wHL#A>^k*Z9&#yO9h){slpl z`-LVI0yK{bhBJ_nk3k<{VlRqg;?3Y@SZ^FH#mLiy5r|Hh>#zTP_s9J8dJv;2skgRc zWdI{f-Q2wU{B~u8m(zE*4!(oKu}T{_c4nycn&YEtH3fzRR$mr z2mQo56R>H}9K82yIVlqQtQDR`79Nff5IhK&XG8#sa*GIJ%9EECY|JSPf5QDnQ84oQ zn_>dXBt#Gm@~}5SMO^|$VggGgNcvEiU}p8XNcEsWonqzQG-Yb#E3j0L@)qs*l`ck{tCs2n;*bY;#eA3cI;dvxCBJH zYl3l%qIvYOVI(Bz9B@ovk~Ja>7ZHRf<~?q*{#3f*0zyWTzTMD%5kqBtc!fEH$nT|d zF>WgHqrn8QRJzzgH}J87YQcMA;5SZK7xLgVpNLHANF$YaFt5@zWnlvZ3?Oe3F}!Ib zNHiL;W5I$&AB1rWzG-BvZZiKKV$cVRqjj%AA3S&FFR=xe%HAjuD$%^)LuVO6KI$q7*<* z0M?8<5Ni`4%YapWp@Q7%AH~K7l~H{TVFUky6*WZ0Dt~&0F;WYWY$7fR`1Krbz=<`Q zJrHzD)}w@M&?_QohP7ULC)lxwsEuJDowPRVn~D}BRU;S&F*>Us&A8J?Bl3PdiZ!J) z=Vs(jwiS}|Z^)8}uTJpkqgVI72Wj+ML+gEezA>b5gtj~n8}d*6F1kCFZ~+(h3Qk4 zP{CIl8dj2XTK1`y1XG}@0$4(5(FbTV5Ga(&9K;YPZxF!K01BYXpN_qf-eG=_P zJJ`Y`48HQa6sc)d5`##H}&gcO*&yb-K5(k-AfNt{DW*<1FFo z0pOIY6O-JdDbbKK^eg#E<>c3@65#xNnH**ufQ&?{lr|8d1+(ZA)h`eOaH1SSZtGZK zaV%atG(reSFwm*!Qw4@gNY#l zegX(E2d8hdaQz~9>xxR;Ubx=+^euM%>52F&Oe$4mq1Vt~Un9|}W-#~-=42<9z`a1R z5dPqKKq87uYC_)Ez9Ybjv7cx}?yLl7b$m=}`^l|s-4Bn(jy{H81F4ktxgd-{Ai%l6 zx#Kqop80x9O!1Sf5Qc>F#9q{?S-^p>(%WyzU6B)b8q0D;;tXcr{`~Lgo%{4WnLf3G zFC(p$!h2+cy(3!?F}E6Ze0PlC{)wlDCh8%T8SNZT$J!#tBv!O0_X;y#izC_)sarBZ zeqs+>u|y<#u6~JIZHBjX+kcI%@=`Rz*cI>ulOwg1?bh1isfTo#)YA@&mDY@DPe#r3 z-0r4|yc<6j8}T1sKePYrO=G~osG{q-^Lvg8Zl6=A%w{5eX)p6r71w|4OAp;2kdNy{ zU$7x>3}cMew=b9(?bbA%{j1_N365YZ!-d-e*C}1wxX0G>z1B9oS!^?$Czw^PeTsbC zsw`^e!$vh-r^luiFOD#V@^J7MhY3B*N(76Xy!2UQO}Mh6-Dr5^(Xv=M3(Rr1^0>#e zKa7MA9#*r3!cJuUwMc$Jef-Q!Im{qEzLh>F7#JWX!woQ?L>wwmA8H8F|nw z4O%s=m9_BPI6o{s<18{=-h2pnR=joo<2hao{XWZ1z7OYFshjk-d&hHPk{*{)Yx`J( zwL@Bu>u>jnvIj%Q^OM{5JBrTi?c!B5ITciy(}mdyo$M=hd8RFgc#P$PgmVZ4DE;T|@DC-p6PIbiI-loMY{G=md@H2q6 zD*rNi+NC1YynyIZh*L!Pu28UGPv{DP>;UpGm5kQ2VW~x6su*DGXkpPDMPcmrfr&SqVR8u`$cH|@(TJJY5~xkT zCkJ=C2SSB_Py%^s2@;Sa?>_Y0243EoY{2LW6rqLth5+I~y**|;wD z$xpLr;<7?0_UlF-DNimw2BcsHzxqS$ZedD={gpE7q=M>0qJpB*)-LgS-kKF-Rc}T| z?VLNCNmAxcdU6|#dyS;rY9?k2xz6@VMc-C-txdxjaa3nEuPRf2St&jj{HROU@NvRT z-p1MZ5^NvidXYF-Z)0x9pDE+gs}i2Zozu#V)H+~C&zg- z)3FU^aHC*#<)Hi6|Kx9>rcWL=tyAS``HvCBnETjpxX_+@h3v>+NjZ&ZI<$7`6t~quWg_L|=ivNt?#5n-cPqSYBXiX3|BbQY z*RlM$e8{M^IQh#RoT&GZ$z9RlZL2vqixFSG{xsFb$;hy5tfpAc^^QgAT=g*?fixlH zo|Uy7kXdB%VSU)b<@|X5QIeDq-nE%}Age*nLw1&)KI8Gg+F+P0bK&Niq>+PnaF;v! zZXKPzDDk)9`56*IN8an= zqkUyH=^S#_M4a4f+^MS<*Y3KFFUrA9UD8gZQHhO+je$r+qP}nHg4{{=RBOM|Kpjesad_IRzIv-HC5BypKo7^ zv&v;QX@9<%cxtELsxdw1Ki7#*FH1FAfZw843MG+0J2K%0UN&`yX(Gr``A8Dhq}%2< z#b_!S#ogA-rZXu%5T}0cHOE4WsaDV%=;&TpSsR|ZRJQqZX_1EGfPBa(PO7((Y(5xH zfXPWz7VTvdaEPLu_8YVpDj?r+Oaf`YK)MzPZ?~-wvE4=deLB*;cP=`hLlI%=36sVv@+vDZkPh zp{9`0q^z+)ZI4gg^qE~gUHIi4ZZPzI&^zk8^SUa-jI+cl zse)@(H^Xh$-{*b1iAqU!EMclLX&K<6wQ_B4Fp5LSqr6z4-waK>H*~$O*?pbkF}C2S z74m5-LA>leFX|SE)M^@`Hn7$d+K94_jkH)>HQ|v2+aNvMav`&qp z?arw7R?a(kWTb1pxR6_B?an8CQW{*%W{(>2OrvCW9}geIs`K(%fNe+ZqhLx}R=qV!U1YKvtq&6KO}`R6U=u<%YX z5tlz1XZ(?e$d-WGkS}6BlH9l@myZc?Zbd>ZAihYdaUOq8kxHtx#zkxGeYN(7t?$LewBc<(43K=&Z-uh|S~K>^b5JmoMPO`9Akp_?ewT;U$S_ z9wdRpfSN~(zWHQ+LIP8@^O9XXvyS7jZ(VI5_k}y$?za6?XyyV|_Lo|_6rF0xWy|zd ze0Aq&fg?k0in2qc2~&ftvUT;ntMceQv3Hi^{TMCVxiNG#S-!JEg=L$E`(k6MvRFGE zDxp#QgB!ajm->!PotkM<9oQ!j7J`+MHWXdPTDcM5s{%?~qxLrIRYmF{<@R@#2OCM) z8VS?x(Qz8-@Ot$7TQi>!&aw>kwf2v|6RGy-W>09DN|x11lvP7<$XC~SgMSylr;S98 zb&=OoQr?=->%&R)Lr?EgLiOD$XiQ*2#|2X00*c5}Clt@fCJ6ci{)Z(+S~6 zU2uMMwUBYvTHGMm@l8?uC11Xbd+@L9YNKnOx)F-2xvR05ggvU5kCU#yc7{i<0rgY- zW4AV?(+%GTL_{cP>d|eKjn07=o2pI0SG6zfMYbG=N^kc^e-Ev^)msx$JjkyF065?} z8xoXf5Gsl%OgD>MCigE8kTT|xcR0*vrzaW^;Oz}C2v;x&!t&CzjV@g}8I4)zDz7gy z(UUUK&Q_2UZvyoF!2xCMa*uziLZ0o05B(>kOSVdlRc7v!bB7ZbfSR-D{Y@d>!HQp! z2Jq~lWWL@Kwwh~lmqJ(9D=-2qOv#8*CLYe7Je8ep$z$M$l@R4=sjN$LROE9FXl?!) zDD}S_{}$%sGl#3*%GjvAn43Qvl%WmJI~3Qivss4Vx^%NE_I^rk*peR-=H@<{k3PgH z{%ME22F=-SZTO($?u5dy&aHQPEP<1P`xscPBlXiWE)$2XMgPojxoLbFB->rb>c#zI zLnpC0>Oh7|yEvyQl8YoG#+lu97|cp7VX>a0qy6w_uE_5LySI0R`=7R6D-^{ zqqFGCTAM*t|3H6IXJeXo^_lzcDiqUv>MOP~ztz}FV zquz>#8ZI5wB)aX<)zX*uxj%YG%E>C5ozEZ|p)$v+^Lcak3QYZs+aX|(<+<8&nn|tx z?s>aMXbt1*d5##Q$=aK2jhBC~-rAx7c36*6V&o6h{q09g#~b}qI&m3^UJ84yUokke z0^P({wAI^n4+v^Eqf^9@&3}*o>CEM~<1qr*9<6Mol0*`QH>)Z;pQnsYE^M`U)HdEp zEsh8VpGo{nT8r3Djaw7amlFbf7`?HR%ZcvS*FU{WsMwhko@?(ncVq6VDnHRS>&y-ETVN`R4m=RnBTfyF+AoD*0&T=YWr?ggOgQetVrTAY z3i(I`Gs-h3PpVL_sd8&Kl;%aA(E6JK5xQ5B=0;;AniG z8D(uL;CMQ9>Gy29A1iUm7sKlB3U1$OnDjQ$V6F;UZRs|ym(W@WM z7kLt+#YEDC%F>XjZrfzGJ$=Dm9@&6E3DXB_e5DD(CKeHK?#e04Ee87F0%_!Ezjk30O5r6crOaCasXel*4)~C)sY=`S# zi@WrxFfe;M4_>?SJpoZu$cd?_8J!qwX&>%2{JC03I+raX-Us6mY8e6` zM7YQNi~H+Jm9nL;wIpi4^G_6D2EQh*grYJ)64P%aEDl2{)u$l5sdVPWJ$n(X{yRtH26_n)-Tni@CUUtVWFXu%=y z8Vai=FSTWwy@n(fOp9bMXmeyZzmNMSf-!*WZO|G_?ijW2C={$U$@DYX+WcxCHfS=l z3$AtyQtqSg38Fh9!>2JSy*+PQOv@-P=Cf);K~ee?Vip=*q@%N8S6NV>*?DK4_L#mj z@~f^qhpM_OX89Co86I55%O7RTy{)k=Sefi$w(y)!`EaraxzjwWxeTD!5?^Okl|Gm+ z|J*k|c`e{L&lnL)B(SmDZZ_hcO{LHb2sq^+WwAg$E@4QPHQIDu(=i-E8C>gEX1)Sv zFdb2$qgLQbaaX+Whj{mz9LV6<*kXW4F`e7wh*@%vHEP_v7*u-qeVyb z3GFNIDu3f?M}I;5PiY0VM7n8WJRl%^;{PnI;9z6v{NK_FZi)(G^)fAfn#sKQdI{9< z%B#Nsb&&hSmUa156nXHX_@beMSibZV6x` zrpFIUMwG?>{mEae13bxa?g--M1nB!qpx%MHJ^%utO>SQ|HSq!U3An{7_~2{%dJVQpo(c z*0@lo{AQvjS2y@cd(hr(chFQQ^MZYhX8I@zK;iN+FUZocXUK4p5*FZ*tlToOd5F{L z(V&e*nG}X5z65++rT;8UII&j0EPS3EHIjMBM#NBzL#@o3z?;5H4to;WUN3 zh@eX14vPhCX7c2MfkOrQ_#{c9{8sP0M7e?iM0zFiT}0B-`HBA2a#H#D1(2Zn5_30# z1i#z}Ek)yFNc|55;ekenGX#b3!S_O9V>Mz6KxOj(AjB3x$q2%aAS+o9AoYhb?g7U$ z3jrDhg+BW5#UQd#LwFCyxFJR58nImUF@H*;ApYn>903(b-5Te16F`10#(q(l3B(V( z>T@@Ri;=jOCoE!wvJkn2kS60J5P^pCipGMH?1d@eTZ|fL-G&*QT)sQ7wnIiE;VNn$e(#R zXj|6lyE8+gOg~pQ!UxE}F=5fuYU08ibbhd+M>!)PA`D%A zkq$lzpFYIkASMh@g1|rl-F$V#6p{72i@Zd1v7BOxh#-+b!tki!1zvV4A#h-T?a2y+5nY*m7vlVb$Z0^4 z%%D*~4P=#ua?7M=Dgi_AI1gAidKLVjvHL_dOws(gqDatun1XZ$efa2pm?B9fh%4YL z`2m6HWr0C{>30N#jtYSTyfMfP-j=a?S>j&)WJYXtWN5^-gBqM3w<@MyY-$Z4 zGxQoWV;IJyhT0moHHD(TN^XI=U>&MJ5hub_#5G*DoDhtuC?_I2sb4wH1;81Mv3wSN zmZGC>G--4iSlH;GSj1lbKPW*IGZ`5)_{|mF<)-=(PSDa?x~_=wTz?;P2`-rm6tI)N zLM5=2@mNX>!+F)I)i2GDpb(D-RC zPK6)P<5g&EXWSuPu<1I6^-yUlT72 ze};qSmt*76?1>fCmX_QX;P*l0MZDP7E@YkF`#xJs{JO0^`ez9N|oDddQ*xUm?Yn!&;cz*}hZIG+)q!oDmdH_S3juq*obL^co9 zfopf5=VVEsMHTUUcnpPHpn{6&@o*rVe@l@SPC0;jtbZlb-7>DATbZXpGwl;6`OSgT zmnOtY&c{ry7;#!E_&_zSp(F%MaSOOz1Sa#W#>Eztn6yl6Tef2do#r=}X&fffL6$&DTm z)QJEi>JRwSSERaPqAotr*LAW=l$G0Kthxf1h@1)l)14F%b$lQLX)P9j!oO8r!RwIe zwL~Xt00OfO<=s8agM7##{$60D)2{|z!j9#{2jjK(O#~tb=^JxJ!Kj83g@Gq}&yny7 zjt-6_1({1c&9$da(}aj^iWFHso7yp%+=2N?G~$O}e6uIABo79!(I?%OY*-3Upfb1y zVK7sh+$jIeTJ^0k;&i{ROZr*Ofnfs|%G_TR5NQHr|CWNIxQ!B_{fspK{zu*FFZwr(bu$731?_Z^b+C-P7`&z{;+b0ESrq}A8kQH zck8W_@`leEDY;5FlGP6mWejIbQ-;ueXh*J-y>O4NN>{_04sIt{udDT>zDFTvA;J*6 zCvOk7AsB8=_9i2nIOUk^IElC-6qV$>gM!rqJQcv=`sVW;W+OGn6%CM;{qy^HcQ!90B(4J z`R2Vc`%}-PLEsW3zoI|lMW?6R-kLmH@^d;W)#zQ>)b7XXlG>;<^kJR5XV5X{JK=yH?W_2c+6-}q9 zr`p0E19C+&y^_zYWid}#e~jCB7K}LClqVUuv_OT&8$B88HQAWKKcVow;Nj_$ktw6D zQJ&e6Z$oHA&`N1VrJwH5i2PeW<-H&mhfVAS^=&mIdv~%fGcVAcVdYEdq}*{t7H=#g z;~(n%AHIf%PM`v7_ZXE?-HoKAK$eB%s9MZOYzOpd28MK3bszh32W$EMd0S5SbPLwd zLvaGPnAywTt7=0TS8=JNj@6eDI}ePiqIGxT_EW>1P4`ejsdwZI2p zcsF&TZ{!#;AARarjdbCEH0*!)G$ce~%EJF<5Cmi*OYVFdh&(ZH zIJ-Y|&dF0;{I&_jw9hT)ZG@iF-Fp(f+G;@00*}~dfyq{Ro{hgM-W-9<<)U9GALePF*^LVw_l#|Hx^ef*9X%WQw-`_vM*nPF zTuzFLsP9^-@!lmr^69{zwNzAs)oEd&Hn*m*a7`b0Ep@Q<=ou*k&C_Bmr}6$Ibp2%t zm6LS%tv}io3j24e`&YbLngXv&7quf($<>;(8N7w#0jSM{dZJ zsnAJEQnjM2m+*~d%ceA)ubRz;VktA6{(6_3l=ye5kY{#+iuS|dsF%;Vm5tA=Ob_Zz z$ko+^Vcq7o(J2eJ>gR_c-8IwQ;4!dZT`(G40j&kphx_u4^)+oGL{P?>|G*U7yV0+O;P2MWQ0vUCfE+6@^x^_tU^e;P2rkDyT6@ zYy+PJ%bb>S9cguO&AXoA&!Tjpks*q!RPXfFJI^~VzauWc4=%o8YzWcuy019|h2rRj za%a?(v`_6JS}q4pW34GKn~%F1<#)JSr;K^(SFtRE$9Jr>SM4*}CUQwl#hYmjx3iDM z5l#vPx0}E(YNU+#f2HOj|ISxA#uZDzpXJjrMvHV1*;g#ss5v~#TrRuiHZsl)*}giC zhU7KAKB<5A4Zlis?lzPQUX1No9epw z*Lg1{tokYA?El{54slbWNNlbSf7euT-3`Hvs%F{6dnq*CyPpwyjH0hSTIYOXTEOj& z_V6Shrd$5pZT&S`*()LWCU#t9pEE)jsPyy?(W0IM7$YVz0F@eA-SDoQi8LAU^*Ei3 z>3TeK4e5?NDA~rP)RQuX^X6!|jX8hhwp*uT_6nOx^I>P@A9bd|y9`wsO}OPp!*{q+ z7FQ$6erZcZ*`P@^_rJe&F|Pu}+Rqk|9;5fB0`r6r%GhE&oe8!Fjzz{PHEyg!&OS21 zw_meyy9cwo2MLrJ^Ne(lgNJtg)7iAFj!Oe(%K3v5pFHo5p0rgih?NAE-tBC>RxbN* zn^900Fg`Sof0?;3u^5;vn5udu`^;2RSMan_UA>#syli9QM#G1)0xCH?oo`c5=T|Y))TmZZu0DQ$6~48Sy0hjO5BSZdg&fd#__7Rwz98l zx+=%7N+DluH5a{}iQS5l=D)(TxDq*9M2CI4qOGw;aAr)jylArZYUL_RKQ7imgufjh zqI~5PYjNOhPuDHPN=6fO`rRmxN9#~JH0z`&5V93RJ+)<(#Z_)uKF!@q1)~r5%vMB+ z!oY_PxR|!lLlXY=7I);r6rn=JtG{$wa_yvAp`hH}y&lu?G@3))j8)qagZ?(hvb{{E zwX=l0@vw<%%6Yc!GA*x7M^#)h&Mtdt+$z|6Ps5V`pj3Knr6Td^rR-I0)(tQIIotpn zn*vG>?!u8qY&^zv-wd}sOs@(uut^=>Yhj~(c4oLlgn?os#(nD~-STF4+lHu7m0|?m zaoD%Nu({9tD6!9z{L#hR%_vToTUC^Zrrz3V>Jm`kwc!-8-;OF`I2k3m7siZ78DQ9) z84D9NE9YQdb&Wx12IIJi#8!K(TQ%y=Jy|7&v|Q~`Q%?S*iZ0W<{CY_Jl-BAH&#sK2 zy`zK2ee2?Xv()p*TmO=UrrHwZfsJ^Lfh(D#loHU97vZkO+P&pT$>~frbD3d)St5w{% z(-ELCzW?kq(AdVgcJJ!yI#^2 z0u%lLJUr^3;H<8b`umx!$?kFMz8dyrqn*pn<~aVoG(Shd;~cN?rOUEWi`k~3T=l!u zxiNXm_o(_S+GI58(k;I?;X;WLqr2cqXPwE@{`YjpNm}9S z$%gh%XF`9vy8j*O z<$;YT)dY65WvfP0iU;ukmH7?9dG6~W?n%{YIewXt@~eVRP(sxGGA)*^%{C$Hm+$-D zBoj56E}G4#NlbDfcU}cUie!%31g7@ZcG9b1-_7IzcZvoqhD})~w$EiH&o!Dhd^`T@ z1#ju%puzQ2$?RrR4qLYzp-8CKvi-><1o+daNCFmRrFDhkHBUPg zn9Rq{x{J&_B8KPlc`=2h=k~=H{o_;AuIU~Yg4-`(<(7)eCPGqG%{mUV$#Qvo0ZZ29 zQcN0ff*qYUtKhF+H&$O?8fMn*a`zc)Co)XeU0zp>cMGl(AkwK&En*-sHc@;cv%?5uSEi*O3Lc z+lUi-g^;Xw3xb#}o42;tab%o;mXpl-t2=ioLQ2T-V=JW$uVu;aJq{KLH?JSjLOE#V z5iOnCICOOan3U8^3ryo&H@R zi@Y8>J!exd=R|j~2|2Ia#pdh&rNfOc-!@Qu_q33Doaa$!^(;)UP{6~Xnl|C&P^ceD zm+z%+oHB(cGisPg_-zF_uYf}2U_9=2|fxnbbxQCRqS3QKf25yXX&g++w} zHI6I(kblH!*cek<)Zq;0e(62=ahMq*;2p4vb>gmJqGK+_b!+8jczsA{lH`!djHAFh zUHZ{Ld@+?w!NfCECE2XuZhMCi`MnWfVxn-c+UXV#BMHbqe}Nh92;N4@KQ|p5liGl3`jcso@&-<6RD6Q6 zJ5iMo#h+1Q9yLxK(0mnUJY4not*mqixNKkJ*mBXoA#4_|Ja-4eilJlQ9oY>1k{Gxv%aiH*LhK zZ;2{HhoklEL^-HdUAcnSL3=B1G;cHM?LeS^wedlUCVp$z>McSwBpU_REW*92C+^o_ zV*keMY~s6@%hqtk*Cpt_)8i`*Np-DgEvFfEv+lk31iEF(;eKnO>*Qry#3rR+K_IGh zFI>vKhgM9w3RmZyyMyM&Z6>;%%G&aomP}cZt-TqT%~o7^8wzPHSfh`c(^;vu+yxe~ z)dqd6?cg?`ED{p^$!A5$&h9YT_p0wEPP)8~kvM9Fcr|I<$B0@TVTVzh)-2F2TR9u2-ERr(LR;$8V>O#+f(bYs@kPXE9XzOhYLB_(lO+p3G1lfO_v zu5R6u@f+C3oENkFcJVppY{HppW%uC3-djSs(U_Sr2C?F;~4Hi}BRh^1`f|2q_0^ z|4d%_?Rlh(XNyYLr# zI}OFt(%m#YNo6g>!m2fiRf1k?_-ROfYpb=}qnC44F!<-vhDj-Tmr6P&Tqx&7Fn`Eq z5%%F6k-b^l_|#(aYj!2;CDy~+#L;kAWz3fJE1XaKz$e@f;PIoRfe*I**6mMG#aWT7 zCD(rt9uKG*QO#xk@LPX}sBx)=gy+yOtIpF?A!k>a9V-V494Tk`xBu5Xg|!FMZrOKT zAyciInX_K|@CYCV$jq;qW$@J!C|u?hJuzW8VnQjlfRbKT#BmjTC*&ioProh=I^`-n z>3|>ebQUR7?YsWQ_NeOzhT^np(c zVsT}{y`%ODqI3&krmUQI1wkRFEE^ZE#UOZt@!g; zQxTOn8Et@$(OwmEI4)^*V6~8*-<&vfVsQvZaY(-s?oaqJ$u}o8tz8(3tEM%jUG5Pe zUI-~)GyWK193!N-E%4;jiybRn-ZvZ#@T^9LGZmlrtI$uz=UCwjOlpgDG<-@?ORyk){qas%|5wK=8c-g zhuIvaLq`iO2JzrRt0_9TtU*S@fz`)J4zVhudR|RDy`xpXyxJh4(n8jb+MIGvZy8;|cIiw0zZ`$kM(;h?x^GTf| zFk0~y5^mdM;sGfoy%Hr}Vm3GOAOR`3Z^WnZLwCgXYaKDpo5jwXBE--2GCsU#C2KYX zF(A~IL|)NJKGV+I10!8APlhg+AWX7&H{PGX?|*^3ErO7l5*w&1;5lV!+;Mf;BQ8CA zaLZOVrjuH8C`)e~ic-?wgX&DWawp?lizCq2l3dv9wV%h2&^$3cir@Vo9Mi&d_6BGX zK1{b#!V1^ibap$c@AkgRhjf^S{kw$uba)tXyRB=u{>FFnjc)gNQeH+0HFyi;Co!12 z+vGa;I9BX^Q?QllY?nOBozLjV&FSnyEZ>$z#yfXbFn>f@ykU7?N~<4rCyd%X)_wx+ z@enlHm0r4zu^!W3+gNdBmU~8ed=(X%&Yj9@puaycWTB3cRuK956BMW|Utz!VL@D+M zZ72!D3KXY&yd~I@e17?fp(*|sHFx&&_4w~g^JgIZa|0v(y9FT3)&h_K$N&@oDgX_D z3BUqi18@QO03rY-fEHl-!__eXm;tN+P5?hZ03ZYq1@Hp&0g?bIfDAwuAO}zYr~p&} zY5;YB)(?Sa5Aghd>|F#P5|9K)_@V7`f0(;MKsBHSPzPuLwEU2E-GE*|-w$m!_(R)` z{qS~+fZ_iQO78#X$o~T+_sE-gXiWnIWXSfPC^-j5J;(n_t*5zZDyXatBO&hiYDN)R z<{_>cl8z8$V8Vlf0m~uF0sJ)S;1N5-;2W2;5G>0H&Yapybd``%8l4KS-dh^kE1fGA z*_AcQmui=yFFU4NpI1gF9=yI&Q(}Hj{RKF&1(mdNel*Q8mRVLqc#*}$cq2FibtBzRTE0KkQMyPyUGIT??Shv9yt1}$ zRZ_zgL`w>b`bn0ap2krtt+y|c~4>jO0dIVt9Cb}MZz$q4 z!#m^E>u3KdmX|LrwcJa*Lx+lzDJcYn?Y{3pGGg^#EMQVUq z6<}~`t;;uWuQM2J>IzUhGI7HhLs&?$8I(B#88j~K<%UE@qS}>Eu8PzPTP)p(%v^v< zM+F5Z%okh!)lv?6pZoBxVLDVcNCS&m&K`p31+xZGJ!JpVJ|W3e+zs8cYHC#u{H-Md z3(1oBidIgL->0<8wKd0R1YWr)`3&34)jgwV!H7|;lu==9dLb*Nk}?;`iETY6y4am4 znD?(ng#f_`_sS$q^u;2G^>-X$a_wIZ6`eTMRV`xuq-X*JG)lRnVsXQ-Gw3+YOIkgp zXz?`lyb}0QVtM6DGWjvt+zO>VzhBI+louC&4YO`cOiWw|1i)V(J#MbIoZ3B{Kf0w) zAMuE*C|XqqDHw?LnKDd{&!`f@?pquIK=Q=Yh^;Mw)V*c$n*G#0W$IVO$s>y%M3z#~ z;>6jNQ?mSLWC{@}b@l%W`AMvI)4{&2Z?26~^p(iDhc;_&@ltB2SA3G5n{~gnoLL$i z6T))r;6T6WZwN6wpvT4O&qn2{m_scPpD2X!RkH0+7-BO!e^+iA=@;yfwfeS((_3FK zXaYrYh`6ojb|u${4mohT!p7g?%b-4j20+Aiu#PF)wDW>O`Lr<|?8e_7kv_xB`oh%5k^s<;j;FLNyNHrHd}giv>wiCoPXB zQrWvG9_?xu#Ji_Oc2oJqtM3&{`&DhkiG$%h7{o!qzw@4r%Y6oRiQDRUQ{4@qoQ&t> z|FR6`0=v-ur~wJo^SJGYHI$>JdjM1PiH1U!WkN?8Ah6K{R{TjouH+v1wzI@QA;@;R zDUwCJ`SwD{>S3c$#7{)M;rwWK-OQHl^!zB= z$LFgZEUNCO+X_4?m|s60ws|xrzqFW4sjc)&92m!#@xB}dKAc@5wbWxbrH)A9h!F*G z2PRozJkygsPhp6Bp6vVh;&d&DFbqy%Eb0`WefF=-!a6eKw%@^LveDv$o1=;t zS1A;&lz;LcK}1!f>x3fbRFPqW=~6A(MG654oe{_EkwOTvfDmzT5f~(jX|Ql zX|yIE{20v1JXbnFU~_1ZC=!!Vw0bDjL|=&>%yGG(f`el;ag;YUIMH|oA>6a`g%*zm zS9;82g7{r+_Rj_Bn<+m;9Hp{<%fJT|zvT7El!&@Xh4mLJKk;PT+&11A3_+|N5 zLE%;O|F{OlCiisZK;uVxjZ~O` zXjfmU!xHsh_d_-8sE0d&!Tlb4YtpDN zgCu}FQu2*g``-L{azZ8%bzeCxnInV)2oZE0Sk0OJ9tUe$sW1a1fHH>V?ydB=cW8I? z?!i=n;WT>kYIj6`t?);y^XhieTOvdZ?IQM^v6)!-;->=00DXwpf|3{2uJ~H z%FIu<)LYS+=uZb#rH9k#C4gZC2dPNQSB6LbzG{pYdSO`C^{w11S!}Aw-dVn@S^OnA z-mi+9o7WTT6O}>-`2oT<@NpphZvTlZi4-o zQ=j5c2NhwvUKz=QvMu0!&REcI4Tv{K$)BW3j}+=@uwO8aJk5s4iPB$)XZ(6pzb0Fs z%o|I4sxzSfJh0Ijq;zXMb5ZIoSIR9aA}=g8qhNa)e(|e#N_dXci{mRRh#rkCr_$0V z6`Ph7BRVyM$1rz|-6Mj-MP?=UgYXF(V1ipJj1pR;>tIB`M~yZolql+vc={6&*#b(q zJtntqiPi%%q`!xzn^6Nq;tkwXUjmMO3S@CyatV4AtjD3s2==pA3Hj`ndRIFpuBstG z2CgeKsA;|Q(7Nqx=4gJc1}nIzYPJB~A5G0=)T5uansDosJr$gmcoF8kalkd7*o`qg zoOBn2s8WN(zFre@5SDt`JJtJo5TL3!a2z9fW;-LGD}SQdMRmW>ol{Zxj9Nq^qf2&; z)DsEYDTGD95Yk=rsH!Qi!)Hlr%w$LWvttGohKb1$Kfn!B&8pc+V#1x}N*BH5y^lW^ zXIp?Ws-K?wNdwE1$zyS%mE9kf}mDDiUip>u_`@1irVc6X!-XNOR3<(IqG~t=l4N|Z~N~ctCIP)L# z1OoFLB$k%6J!dd>X7Tc_o7mZ(>ArcQE}HoLZbJApK_1XJK6JbU?DO|O!3doR2ddjJ zancW2M8obJf|#?-@!01Y`0}A!;`S9b{<26}0qFd9PDI02OT5q|ZxrzcoftnSTaa;r5AN{>UVj7$W{=~r&mHg)L%(Q7YrkLxIcJN1CKUdFBX08BS1`ca z39|gyi}1CA)kJJdqyhu*StM*r3*DDr*R8Dld>({avcddPCOB@Ke@qgW*q3xEoGft5!F=r+9G}4Z`l*N!^!uz z{T{8oqC)gW>uVz%t+ke6{4imeFvm8iuWl`v#E?e|Yu}tj+pfJ6U|qzLl!V$GXeVW;{Cf@ZL&2Oi%LR z8GJov6M~okNxzE1omr_-u+w!ugLUfGtNWMd;4&=|3;_`o5h4SLnpLG?k-hIDj@-83 zBJetQMy%6fNGgp@ySA|S-b%Kv82k=LVAA7!(X>BF@LG!;0haTc>ju7IUza5v=#zIy z8~Jy(eu!Sg*b-0EORclVZ8k-$HYrIU1Z(`?QeSh*&Qo+FV}MUf1tJ@4WN1`qSm>UT z0?hY0zV%TF(&~qCC6XJ46sALzbD5liaaq+YmZ`8pf9jZNy<43iDdKrgR*qK5=+xv) zSSEU#;14S*2O$I%})JTclups!hx66wC;u zZ+tn}x)tGFw`b)sfhI8okGV*b+4*Agb=)t_sM_T6mDs1}tx_%MnroUzv4!H;n9!m$ z-EpJE>AINXxj-1@`nMoj4q8ro0|)gcW(!3LHD{Si=e2N@L-&)awaxxJo_CwE`*&}2}Vk7>!_(du?^a|EuZjrJnfVDl)~sdW|-UfJz~L|bGb^xll?=)2_K?+t5C zSC_F)Wi+{H{Cx`?vtHlY3&+9^G8{1w_2aIbZ;?lq!LGxyP@NsMVyT8)> z*6RH@(`bFbZktxEf$2x*_P&qMrs_fp%L-t|&SN;zAN>>xu_Z&2{W>grS~uup(@l5I z+in|2}pA_C`ZjnSLc;z@L>{WPxY?)RuC`$c%H5asMFH`v=On5{v( z!AqUO%T{CRM6C~-fv6i&A+~sJTp|xmR+`f4EN%7|M zy0T`Vy-?ofhgOtGz3C~z^ZD6;Blp%MCgWq4!l|PdX7j$D81BWwgBcrJ+ghqk&)@l( zg%jfY!ZnKcUO0Gv*cE(7f2@D*ZtZfZT5WsQ z$a2;GvXdvoH2nS78dk&89a`M7(uzCFcBZ}bh3`l}ZaAP&3E;qBe?-0JiEl0t_=Xuz zo$#5;(@;H|@Z|X^`Dic`Z%Ep$CGFixI^7ASamW6Bz|r2!6w|h_A28PoQy74j;ta;z z5pCwmRdPEprX4&bLYdr2Kj{`@XELR;ji&{(6h%rt(awOtFyeFXW?Q z*tvC#THk!$x@+9bRYwd4vpeZ6bc7LL;^m9otU+3!z4AP(LaA=irhMJ`v%A!$NuPHS z&c`RE^Cpo{fUSp9yTcL3>Wysf>$AV}T=ywPMuJAhs_uqbJg09de6Vbk8W~zVxdDY} zTGWG&23dI4*t-e0*~=XQF`ew(YA#0*-~V(x+kKoH)Ra8?>AH4>URWL_K5VG4EW3+8 z^@B(A*I8mNw@;pNaq*6v&q8>*sdDC5y9Qbcb)&xcrn-#At)Cv}SYXR-dg^Aet|(@z&Fn)m-%jb~?tEx5 zwNb98-@I=f*uTAxW31v|UMG4lX4`3_U$5+D6eVUS-2|=~VyyqpTZ0b1i&V5Vo?Z7d z`#fKz4qsQXx=z)4E=c8&_S?KMKHjxoY8tkv-x z$<8jYRXtLtuzRCxe;rRemq|NrH2=f|#Mj4Hm=HWrxt%K5hs2plB}J61em{4cjc2~; ziS9Y4G3{AfekOS349lFq*B!6YCDc(~-4BOYqgid-E*wveX2LhOe33?U-HS`bT19t$ z@ccxCfAUL)7#T-GL$OBp>k?wD{go4=>i5TT=PdG2ylfd@#m`0w@-77_8Yv2f6@-8aXlGuA2_FKeVaO zN-|&_g&C{A-7=!k?wAu8gld*IBA?PTvfL2DuYpo!X~3RUMT{i=WV}&2xuT)ieSK9N zRHxXde;@Dod-s^j%;y{)di|@2sV{tb*1JU;V`&mwckQ)+wf28E+#3uodWnb@ryagU zn>9O)2n*k8J<3f8P9cMv$>}cE%*?UR=iEw zu?ojjuc8$rrv3MhP^CfpYCW5DX>Y{Qkp>SsQw0um7~p_Rr=B!Me0bV^&g-%2H?|{5 zxV5Dzci5AYr)`z=)?_|4Px)!FtC4oNesE`X@#^As%WQnBbFkN~dj`Sw8j+6Fl2@&; zSg8LOM%W?RSrdY~1i`n}_9}!g(npwkEH(Cs)KA zFX!7Z((ZaVCYalwm2?85Rz;I4Ld5a^j*6xs_#kdI5cn&0+U{NIS7mOnCr z+snXj?9EZP=U^{$gm}bIJinlL2HFcye*P$IZ!mk;e$8#!}j1?uW7@W)D zhScixb7_hhpHMTdI11YJ3&ydad0o)l2~_I43#W-YJNj>jlP-;JuV6~7F$=6Q5nVN) zHgu74>ET>4L0wY`Y|CSMH^Fy)llF_<gD^hmS^VwGiYW=%rI#b4d{5WV{x zT-|h67Cwudop@X0VNL=oGVZiYLCt_#SK&cj!$aEr;mm7WIeP)VZX$rXYBDlFsE?se z!y_ByHJ3dRvUnwGbG$gZ%WKGY3@Hg$>L2$FY@nJ7ZL}Cp;vM|^s>n%>NGwe-Z}N&X zc1N6Us!lomDN*_SgJ%rzdI`JPB~7F14~YdGizRK?HO8JD;dLVFg*1ebRarvVk^!bzgdHq5;tmkv{@0NnJVEMXX@AewC1(_zG_#sy?fP5lt&d7 z_4z)LCXmR|7QVtimn@!aGvRBe9RHszs%kqq^~Ch!KI~E~L(v>VDWN_mBCJ-r#}cB% zBW8}}<2BJI0J_&Vz)&{1!H@dxm3J_qfmUWZ+ zS5J%$tHF=ggyC|77xGgReH_?(84E2Xf;^((^6Qxm+nGYMs_$Z1VyEfblN|z=7_nm= zH$M>bO)e)u5zG0H+ru~yBHgH{W&nIIB)Q_Tl9Z8Ud1NqP6aif zbv2}}1vRF;`Ye9FRUk12e250Yh}|USGYzvjh?HCIvYq$4gFLZFJPJrWHN;!)(w+DD zgYO}+8bWut!rgzOG`&ctNI`)Kwojm6wmm@fW=Vsk-2BDPggK!Zh*0!q<8D9{`eC(D z^zvYkiZJ_sj*;)Sc%h)ZbO(!mq#)h?SWbK}!@M!m!?wrLx)=Pub)m2s`eBjIP>-N? zBWe3F2in|_9dC^|F&Rj9=uvj)EnD5<9d3=NFni1f)M`I+6mLCAakgd76@7t1u&y{d zs&2Ghlj3fDcW6P*6EJ9HM`UO9p6uaRRDQcVqCG~&DcjL)VOr)ix z4p_Kj1G}XIx&0EEm}pd|51qfGv>An|6+pK9G8sIiJOyq-HX!}`2Dv)fj0+|5oeD+t zQXSME8txGseEoxxsUa%RgO<345x#~Ix{iS8qCxATLE>9x39{%4YZcCffv%u|q&lw& zs(ge*hDqy)QDykyG?&65sJ8>Z%dkD}&Fm%oTuLal{t1J-OPX2&FC{IMFHxv6Z|Ght zU)qB<2Mv&AiGR9^Bws`t^%q4nV4`>^F#K9PUGE@BnpL@2?BD#3eb$ruL+l`^1Wh?X+!{??Dl^j?y6 zXuK$qem+N_d-vCTFOy8Ip>sF7yF=-T`p{g=Ee&76%(7P|_!N9(1XqTI3Gyw3u1eO@ zty;us)0?pC(mq?1Iuh>^82GI1v4;6**2kAs>iK%YNW-}z%yHM8{%i|b5Rk@xf;25; zDp!w1D(hZA-_?rcmVveMYpYG8U=`GW291(42inkelEA$c3VZ|NI|Johgfu@p`yK*W zV1+!%IO??%HRyvU`*b8)5rCvV>}{IyuMDAb=0RGl8g|X5k+nboDK7K2_|cQcRp&rp zS2)H!A#sHfkU(1GT*O6iHbS1x5?I5bfbesM^>siW#+1FH!+1^!;+xx{kwFG3LWJ_B z5z#$n7xS;y$S%I1dbPnT6^C*nNZ8v!+1Z7C!9z|DAZDfauJ=OtyijQ#B5!`GsH?g& zFoIozhZ(PdAUmpE=oy41FdLj(nw(qaU7sOoYfx^KB!`t%s5v#F;&Fru+n#OxlWgNs z9hu6H%S=w<6lvPPlWzO@w*y}UwH>n8veknlwlgvL@gH_Y(i|f_m1p3v38&7bK4^>V1&x%&u6`lS$4{31*6KhnOLp|Rj8V+drq#37sQQq-az(r> z%?g+Tr_eH@CKy2Beag+KfZR$z)Z4Y4eDv+1`&Gm7zo!FV(KJWKchc62*sz38WTN*< zDYh0;xVCRkkt>OS4J*A4nFRsm)UWtqzJHQ7+k{db=c92~+{zu4xMk~!(ab?mLU=nhP9-X5%* zD$(L2{&PfEbHqTg%a>*1=TEA>$#gCXY+5ZPApE^@H}K^f@S9x6?Z7Wifn^l7e&+R| zElhqpZ>c6KF|l*@UQzM;#*KJ{B3%3wU@1&mG2ekP`^HmB!Wprqk}T?S_nJq8R@P{o zBLSMj89R6tg)f>57Au@;9y*H))%Lwz_U#pyDUX&?kvvb4^J8z^^(8C~}`7tc!M3kqQ=K44veKGY3 z0G&_D!GULv|!JUVrorfE0Dg<3i8SE zN>-uump39(@GizME>tfa9_*j+gkEhy5H%UgGdwkw$`tJB^#m-KuLf>8R352B%@E&2 zr|@i(gKe_$9;t&*=}8!h-Nf+JWUAf7^vwwqHgaLHntxDnV@g2ja6surB%&z20n!rf~TRIli9pXiu#HM0!r2KByjYZEn_ z7v(rUm%X;BtaICc>AUGHA6kH6TTTml=vd#jf&OjV&3zA#ppJO+gug#IY>fMv5MaLI zmp|aMI&?!_1AT4gpTfBMRSUWcfZudWugI31a0(2q{!H}La<`ZE7da7L{!+Q)P4i_+ z3GC=(Hst|MT!zzW)uCJ1lXIe5Lu3gSIj*ND?x}U|Tj;C`%vZ-sEg@1jtOumBH>}D_ z3wCM>unv9651ZvDn@Tcowtmx_aNMpkPE=qEz+fj8%4iX%+*E&Ytvt9Jgwm#a!rLkp zpU=!)b8OMFHAia_{+|1Cv2Q+1)L~~t3GSHLO-3|MWCCyWEvv!}>0Gk@u`N&A3v)rl z$TygQ1J2ytl*M0ViSEpl;-F)BO)X1#3^wFTG~!Df@c4bA&{nJuxA<&%2b|xXYWJZx zdF#mp_Y=M?qxmgX{6>p(Q5oluE;b&FF@UECH<`L;E;KoZK8Q#9e$050TWI!;Cn7eP zkIocY5ys{5G{aQ)-5poiTi+Uc4)iSM|G>Y4Vx|e@TLz$+Tx9Z1R&rfJ+6}Hd&IiBye8Igh)mJD#NLLS{NOc2h$KFvgNLDI z-$(a#Pe>007dk^XYapP-C5g;%`pm@C&vuSgV2@%feKgq9NsiuKE!bYG1HXY7 zZ!#dsL_|4(9FPysiil(W(h_E&GIgF|x#i|G!6MPp`E`c zjmWt=UzPSRt(FY)&E@D`1F1&)4co{716(_%2uSKE;V*88;WB^5k-Oj{F|_ZY&B5H= zcO(3-$Y?Kp+1GB)pzBCyFa3G=72jNZ09WS)d(*Y<*$B_h z;_Nkr)_NsFF1mhn19#5cDK)Vu2%;{0hHoB|50AwE4oAO&+F!y;O?*Mn#!;1E55sGP z^H=})>1KWIkd8dVb8m29y>|QWzC-YBbDYGC;mUUU%%dTReo4hFD2V%?N$sRASHdJB z;e7DukJ`z8X=GE0IU1v}Vq^SS%x{|;-HT2ddTu%psBWhGBUG=$>(A z@K;rPaZ}6XLaYklgTI$Ft*VG}0E;eN7duvN6b;xX#wTZDsoTysI3&g-XUbN3g&=|& zy~B+RnHB8Z!ree%t0*C#(I1opP262Wl^V;d9U6{Cc7_{nxNd>#06c zf9xh<_?1h#;ep_I&Xt58qdZdqn-eQtb_^Ueb586wUQ$$fWqDQC?yW?_thFe4; z8}Gp?8F&G^1xA%I zMwC_j?oe46f*Tpcj0YQP(~V^r7<9p(z7(fuR-tGNke(z1w@3;TX?%da0>a`6ay!n?Q$);7&9N!w!Sy6YKW33HN17zKqymnI) zWZeSVdWA(-_H{dkT&Day@n7pEghdD6MOFAbZ{WiOnE}+@1lU1pTPh5f<<-Qt1rMb* z-e^r}e~r^I@QQ|DUJck4NwB{&g#OFpilzNsVt4~3)y0bbC$tF7$hP0(NO>aHbpX@U zN5vp|+N*|?1S$=+*#XK%1&bc&FAq9JxmnMtgAx}g!{_ab zUA9HT=Set5<_7Gk(WZ3Ap3*-(b|lCN>j--^lQt4N5z2-5N;wrLK;c&gJ-<|*df(BI zD~{mvj^K|13BNdBk3w0#{wngz&GKo3HN{O}Wc_OqH0?Z;_~qmCNN4a`1$K{a=3Bsh znn7gxlG2E9ape>&>gn(eHLph_Zlu089tQ58w!OL0llj@G&@LTBKhXK$uAG{qIX&S>}|;(55buhoT3;~}+)$pQ>rJ$h6NT4nW| zny3!f#F%4z*cR!*R+rtys-X_o%(#Uex5J*@h4k2!Lt`;T#%mr5Ynb4;X6rO$XWNbf z$_^364l&F)mcEy74d{6X=-C`}1GPq$cx9G5wp3MIsz2u_Vr##K+P8EAANpjy#S5B9 zmJ2VrOK54d$^M0JQ|PPW1*Xo8`1e1T7$1fS{lS)puHnL6y(9Bhjt`+Z?|h%Wr>fd!jygnDh(9V*^>Hu%2))ABVO2KWuT1uB)MG&AEWiS|n(K2%9x35QmgPOHFX4J1 zX3N$ASBQ_8AdR^fJWq}t!=Kj6t)KfmXZ5b_4ZdEGL|-w;x2|r3fTU{>s(18@5Y0L2 zn^@JZ3XvOK(&R1E(g$14wzw6P(`*?wC3ON_Ow~40E+-%X94b`n#+>-hh1{3FolVyCzyu3~&($3pL5~&f@Yfb<&Y# zg+ns%BTh&-k=}i7gBVu80+tyd7myKHU>+e&&j8~~=yctf zJW92HiJQbHQb6xg2v3PH7i66?*%I!s(~h>xB8ciEyn(P4C7Udo|JY0@bMe6!JSL zw=L!p@W{IorqC15GaRrhrs++GUTrr6vNm)x?hwr|P9*a%5m5%kl%Va3e&$Bqs zvT)tIW7a*&2YLXS%Z@ULk40aIqlu84|6^MLR{x*S_|IJTGdzFBk8LF%x&XQex&*rF zC)M2m-TdQF>HNuc|0mNu`jhCM`Y(sd67=eiLuDKK0Q%&|pK|eIPq~GDfPR5~h5i5l z0e}Hu0H_~(3LF6O$DM)(KnGv}umN}gA^;hH96$k}2G9U#0So{Z04sn4zysj>@u~>_ z*j2;;QUGay96$-63{V670%!qr0fqo0fC<11U=FYZ*Z^z+_5f#q3&0)llUfG&1A+k| zfN(%GAO;W*NCu<;(gE3k96&yx81NTR1}Fzq0qOvafM!4opcT*o=mGQs1^^>~QNRRX z1~3a)0IUF30c+4Z&=EjV|GzGm{|=k~KQiiGw?>^)5I{h!P(VP~KbQFbG`ToBIat`5 z{kO_R%~KO?1-+-CL80GxRW~JcIfh;hI#`#Wot1{Wqm&9sP$&{d_lb#i0)ZtnUDscc z2Hx5$UYfNOcb1C(CfqzQtQal%M8b>MpmrH6AA_5{##zGFtyz*0bmOIor|q zc*AkJ%ke7v^;hIR5E94v@u}VlS1K7WkcVc_>zrtrzx_P>JTE$py$H9#!)G3PMN$hahy};z&~%&Os4k8t$pGcibCoe7H$^w(Yt$Pd&W?X2h>f} z^y2uasyif8^0;C+lR0>(z8kaiCUlYLf!CaYXphwNB~4=PZCP96f1qq{1j&Q5sGk$G)$V)>iz)Jb7YfFPB5{f zTSLu=+EZav(Eip&Lp1t?@Eflkr#_kX9tDVc zC?nw4Zi(8N&;?V5TjKBHo*U@>2lwKwPIp>S+5>+5HpGp%H=x%$@E0RHXDII`yM*g~ zeMtspD#vOD!WO;VpYpdP@%Q0_bU*{z9W9XFRNNMHxL+E6#h>4yQS{k2Gvh#FQOs4P zRHnqgde@%ZJ`Jb!8*xgoo5d~#i^8*!GqG@wO#zTAEpW#a^*{o!whq6#Y;1vd$xIFK zhEbX;%8Wvzdo2P3|4woap!H(_{aRg$WVwUG{#AxSl>bvUvLhuefdsK9bR}_O64d{o z9@He!_o>&!5;&`<^UXWP&$DiXv1I9S4V8Y~fD}gBl|yBQHz5^Mhp_jAF&&o-*T(W6Aq=<@NbmqY6eFA)EM+ znA2ysbGetr`BEj9evm-=3jSX#m5?9wJ_&ApHPz6m$9)#;)5g&Df#l4q_tRq67e_ma zd3C}I!u<7;9PH$K`P&`?KY!l_vjrl=H9<^Qh416)7QO$|g#KBvO)eQ*Qnid*q3^oO z+eYGkHk)VE)${MmEe#b-mZpXxK9^rbgIeb0;cqL~DGJibD=VeC^NIY#xbzuEuPwmVo4wB3Qn#@O;YU%nOM`WV;HrXK{;} zN&9RB^4omAw&#anqd@u(p%)kZWe1R$i*LHoK3X?)utXa9$2$>#yAOg%6&ol4RIw`S={$ZlcN1 zGXzmfY+;yuwZ6D)HiN%O|6x|7Beb&zDwx^eon$+_`G{TQu*48cIbg09ElzDHvfb+~ zG||YdsKdn?fts;J^4JP=&TnZvHyV%d&}id83~w~dbW|?sMx=r?UW8=*6QbWJ-XZOhwN&H_Ecr7zN@P&?AMWU3`k_graa@@;!1t&S1vxxKQ)aw zr?MM8sS!qD$x8v%)d)CccD>CF3LI>D&(h?i^BVT$qjny5txaVx)>r20<8@9w?)t|c z)n3L@J{-W27kAxW$l7lnAQHY#RgPObqh6NTpbNE+nr$U&@y>UUKKuQ>J)E1xiNS^W zaZ_!qbR0c1vIR*}NV@h?hofu%Jin$yVqegA6Hfok-JL77@h=?s==9&YzU0AooNUsE4zpOnhp(Q-&7c1hf_geV_@|x{2Cg@MwgO&pEKeKePRaZ(eGs+P3`=&*Lq86psPV6&wLXIAWfCULa>NlFl^b77hSt$*o3+yxbLFw8BIECTE^ZE$1XvK5NS8#PZWk%Bpdd&tI}(-S|N>pvu+>>>|oG(>Hn!Lc(1~FA@nKb?5H1xs~?{i7X%vqGrU> zF*2LJV$;|ThtK&7BXwdo!M`s=D{^y>*`pGn!(T+4q-bT!z;&|r8V+!nSFpUBnWvT73W7)3>2`O&fQTl*=MQ<&rfJv6H)Ez@R}L@+FOk@%Ibk z61e6C!cE!*ba~(ILu+8AOX8GOGu8&ZO5TcX^P=V@Mnlik*;A_+8+&2N+zFhW8{h8= zn%?NWOJtA}3=-F3eos%%%p2BlKZMx85IK1|)r^!osdIup zShRKG%Hr^vz#P!Y_47vh3f~spE-B~>W!Vc?Y)%Qc*QW;$^x7eYz9lwL*}6_Z_j1RO z@~|%v-Y3OFSMY1TY8DT^rRCmgRMk2K<3RrrBL%JILn?x7&tPaq*Y-0;6n_-WQOgp{ z|20DM2w`Vw4NZ=u0uHpoMw~7eMH5p~YHO7jJU*k!m|mJ^4Ya~ynPw(w%j!$E4i8gS za@e_5VdUnTq8$M)Hp1!(U|NurN>&sr$Lh*pqQTM`b~9fFn2bU}U@kXR7iECAX$kOZ z1n#$Sqkk~(bFR}CNMjMxA%l?B)Hfr@^mT|&4g_|}L(7l2pVG??HA9z$MiH2CM3f%E zeVAjBrpTi$v|)*i36ZYCvP+wwM2pfe$?#stn^Yx;=h`Gm*McJ^x}IWpvMmH8`^ER# zD~j5fuyRGIPn}pyFDr{L7YZ{lH9!Wd9oQlDm9t;iB)c+6dl|9}<)AC^_`2rqZuCTK zVD2eL3}@le?@-%wHpPz*1GsTh_wDMXH*&>u9RSbTcrgt>(mA0@t}BojH*h?KAoY7% zL?Pn8&2Q=$gT6KXJ!*!f4DK@sfbrrP4 zkBJeGimP4lWWg2fz4RVfQgc3iAY7~AEPMViA?hrgQ>8+fmqk9$wL!lJ1Ce4BnLwiQ z(&)2>p`c|(1q-wKp-!Qc17ZiIq_9XS2h_+E`~Cp`blV)4vX~R8g}*0$4l0@G+k*iH zpsg7$I$;g6^z^ zJq3Nxz7WRfM3Ry_vDO=b0-eYo+*xPrO|3#tesU#${vrVhU`^`_gQ}OFmJC9{E>vfR zffupD*2%4y#Rof*O!`oyl=g!RE3LrhK6$PI&Q>^nt@u_K~Rv9m-x6Hf=F_05Q?f~ z-)CQGs}y-_O)nIM1=ZkUFHL0MC=>YSX-vS^YZ z$H0pi{!x4JAc%+R;=;A@FWjUoLK&BW*c9)Gi4$DW$dCDRbdb2CwdR7EQm$6Y$bp(?TYbp z%J)XkOL`RakV9Oo28ZHfiz@Lp#2rGxrb<-`3(n&T6bz3>#;HXt7KV|D3hFQ}XEbuN z(?(|niY-b8Br|a-vfzjV&-rtVO`@d7q3mveO2w4k$CZ6_1kqrnhbyHxAfkC>B=rc$ z4^rhPPS$$tkg$xgMoCsZza%lico{2z&N^PxIN6g#{n;s&7;oL!daGIsk~(*N;!xG zZ=lD4bnZC(8Qn3B0Urb9{s#nsd+f$wiNoENLpM(D-~{x*fv`M%xrFVVN?YlcgH|gx z85j7Rt3&*Ow(E3-m;ao&=>2?2hZpLhzV za>+9C9IX;lOu&E>4zt1(O7aE;qB3SR)i#IX!R#Ih8E{%1Efcyd79<5)6p>6EH2G+d zJ#{@2Da_nOia5sHuSSrA2sHntnTyJqiwpCX^bo_EAOzXLFcMaJQ=(us11Ba* zcQuaUaA0EM{3yVU5wr&5Af5s?720qRf|)lT-2T8sN7j*)Lk0_|P|T85usVPl3k)!b zB3|mwMXK_0M0(Z6EDU%=@)AK>%txBTVnZ7jmJWUxF#YMtQgtwf^Z24w$|a*3h@05k7r{F3XST~anYVD_qZ=9yJHIcM zT=v6Cbx4k0Wml|xFid)@#qy>KBpWDwH2F}KC{H!WAqxX27t3%q?r=1YS}~Xafiw!+ z?#YA`w|ZqV*CwDr&W=5J+J`&L1eO>OoCM-taRYB-Zou?Y3`a3qNs=nt>{eUBxap$y z#@%8mO%RU*DM5x2V;LSI9r~3*f{Eqvj7!twn9gU5YCGTiBbQGPK7zM0z>O-&KcU9~QgL^m&HTDI7gUg_QM zW$_PEkKG0L4@u4RE~l71_qd$7u8YaNSLCdzdn?1kr+|^0FJez=kALd@_jwHzH+BHp zPeQNf2^(S8!GEDwf743N-8FkBCfqw4HDo`B-7dpsCMVQyTrKwxgTAKIO>cfpFPyvM zgAnKs@1MJ6^SuCgyF&y*2Qanx>{9e`;?6Rbs~0f2PRPbHd%S0IxM;4q9qRAcyL(=> z93Sp+3-8sZZFKRy2R%ObBJc@6OnZxIJgal*Uf3=(8M=ZPP0Tb(E(=vh1b+LVE?6d- zxMCD{-bA!k9L-=?=;3)^gra&Lfa@2r(b>*TU7cj~R?7)^GB$`}-`PF~PMjIrcz%B@ z2m3)(+ApINZqWXMasWCmPu3Wv7 z)^!cPck=iQs7egb!&3Qty2w{c*4NLS=R2RZ?AwvZ)|#Cv&ZV+ z`)d@FuMI*szwui&&%Q5#tM`$M`$vo)E~5N2zDt_ndCmrgFVRd5)V3;8tJjRah1Bcr zcx#1YYSns^`Op|;3}xtb=k4-WtlsOw&>SSgrqsg*fCt(4;hd?d{wHE+P4Wiwtyl4p@|PIG=M+ah0+9laeOy%=cON958xd< z`jc_TIL{2wKO7Xj$MKuw~@J$yU!CGPP^RqljGB4b22k z!!DvklV?K1IG+qC`Bq|t1*vq&T(T89W3mb)BCVUAGnaC5zjTSDu@4zoiW_CB@Z^VE z(yN%tGH+hQ>S9+Yn9|A)`&x)QaY^@Ziu%%bzR_=eK9Tw)d|V_22eu7eF|B8Xa{5M$ zMS1nzBGc4iA62w*u0qdgcBGr#ooL8dzN+dxyyE%ysN~X|1eNPF$?keqBB8J41n9oc zj+aSK9{Wey0lGEzK322SKY&|uza?<57r||f?C9%$Vi(xScWS=+mWLQZ?n=Rc+wQa1 zn35e1k^bP6f(@pka(E0Fg3d=r{m zrKjrnb<_-r-@)_O6wj?Q??`L7e7-Yma{Br`n6i3Zt?_fHzclsU2jFRszh2X9@foqc zo}nJi0pHDK)$;8<6#_WscMZBsdl(MNH{G}W0dzGR^*;4*^<;i)_w_tnzg&0Mnk~=Q z5poP>ni2l8FSUH9b9`+VQOm7ZX}-38QSEqGs2$!!b@|fGWT~?uCiYp?b+&jL6|3&w zek+@ioBL>$PEq##wDC~i$90xlPMlf)YJPl~x4ti4JUPLRa7zE&#T%} zTt#e<-=B50v0V?dTW%tHI<#T>$A9VOOij6f6XaGn~A2pXPbnzC_gWU?r)a|#LTj3+Itd~ zG!{AiOB^ zd|JnMlZ*D+Vr$ZVR(q=b?QQky_S(4tzdwi;s`Jkj@yRGL+306T%Gak#y-NF=?#}(t zl;*i!Kl9#{wcTlPExgo$o^196PQEH7Yx3riN&DP1;RF0uT%r;BMwrG?N}|VBx;G*= za`xVno8+UA++}?=vAZ4305ztAjQ;Rj_oG(DteP&J#lqy*rDvw^+w)Np$9n1|_p6os zkdTL$#>durbPKH6hEG#-q3uo}_tNUh2oLU`Z^ifekwslr&*Jm_p?l%b>M~h(ZS}>j zm(eS~n%F-%FNHo91C$lwwgUTF4qiU4;xEzekRN~WSluRk9aHsj^W{Birk@6?=_ASb zm>Q_*#1rtB?}SI=X0$3JkE71Mx~uIz;Cn!eeOQjdV>>@@f<=1DwzQCRHOl|tRgC+J zh$v~ZWvZ1l~>S%j7?`)!kxtH1Gd3M#4_kEmr_6TiB6CtZrj@br6`8`l?`DBW&e%>{ z36GaMUp&AnI9xL$rEt>u!|Vxjn+NB6T zh*dcKC?HX9Rw(=E?^e9M4p*%cdGhr31&su`E^L1Vo@_92g`@=dpTbiZE<<9 z9w^O`MepITm1ajY^C)t)7BH9@nvwd=s6FQMl67&6*nC8uYiV24#-#Xpncd%Vh52D& z_3>}YlOk4tj<^RRG@M5uebrYlo8JX<|(*ok8p}wpI(_>s<2YO#V@4 zrfh`tgXSCX_$`<5ph?}?p^Niv_nxRSaQ3J9r^az5tAx$U(8Fo@dg;i?XaaAV$1a&n zrsP*5ubl8jYrS;S7^$9a+Qr9qS{Wqw&9Qd-jNjFqP1lgOh*Xb-;q-jS6+q;z{Ka!- zG?E?uCyUE83j2F6y{)JE`X;CPi=5@^L8Bu)+Ej)g22tQ?DdFjEyoW4mOm&FQ{L5YF z>~Qn1RNydLdXKjL!^^`?eNkAgTI#fzvY3p-ADVA6z{w5yir>|YLhh=Mja$frpY>Q{ z-OK7bssw&E>%ET0^GO`WL}?nTBb2+_6r@J=rH$+dr@M%+gZpiqyCXYfEdA7lo8xlc zSgc9TlEClC?;nigPnX>Z66SSkk@`jno1~+1|95>m))0V^(m@)77R2v~i}k@#@@Q%o zH3_*8nj4ag3i@2qtJ}`M(6YuF;D+gsfR%L3rrxMd2U6 zNlw1Sw6;lxza#fPd#G~Lo_+6oZrpM4=pxbf#PTU$%rc^321)S3*m1(xQNo(%K<30j z=h)jJF+~vRm&Gwy2z2nS`-b#q0`p)P)Wa|(c*B15Ejm$rtwA1k(6>7Y0!{V0D0DM2 z;=e{)L@1lBcrK$**Y~qma};DFD`x3`1vke2-h|wkt`uGyqXt53c9BzRYv!v@(~(BB ziEbaI_66{d>W=3!(wZVTq}H3k$=qh*+Zn9^_iqSM`-Hv-T@~jy-f2NTXhEJ0;^8`{ zUAWtX3a|F%5;^z2xEu^6s2&JkEM#1d2vjt9)N}9iINV4qSzzA`Gw(&4?m@Dg`z5}Z zo){J?(U%kh$w!#(ph^EbUF72-mp)}+Jg0?ZOhLt(IIOc9Vi9sm71{Q8%tmJvrD=>n z7jDa<)>&Mf)n@E0P+C@Lm;5y+_fkeIDZ`OaLc^$$U+m&ujE22UlRP*s2vYJa&EKWL zeA<;Dcb&X8(mPgx2K`OR1~MfoQ=2}K!W0{+!v6516ssmMYQ;kId{5qB2=oZd1^>IeO$OQt8W>t|NzkGb7Uz1Ny?s@BeMm#g zB(S1UclS2HjsFNzz;CI6hC$;ihX?meFa`#64qPwO$qHgKPN-#gjjkfbz>ng^mg}^m zKEdeN*=k!+!Vwe z#2?UUxuT$v9^{>E$(uiLw=^Svf?~GA$Uh@xYK!OUY!u%3O3G|SRehyPzmmM2Nepd4 z7&(yBGD|Z#;*rZM|Lh^`Z|zOk6|r{*TkUIqkdbEKE;O=B|8r{O>_*qdgTHhDZQq!! zgzx6WDeNX;-HS9v3>Q<-8BQZYqks+$zh)ejH-<@1qvt14u?@uUfWjSiT3<6ac0RQE zgr+M{5w$>Q_A~bnVpS5>8iZEgfSbdeDx?*llenXbyr;rt8Tp~skKctSMaz-ZdQ9|* zf-p=tdXa=5Q3!$^E79}E-VFx7t}^KY-O|R1QbQ^BE2R-4`;!GQ_*y(++bw{9-&!$eIpWH+| ziILleld_4@FQ~nsPy3-@A)PJTru>O)?zHHgS_Eno$eV&wy<8WfeAsELT@F%M=nsmN znG!r;`v8iySA>R($j}**toDVsycaIzY8=-A!j0PJf^s+V-l)Zxf>&c%T?l-$#V{v% z@1<^{lQxO;TQW@bXz&igwyTUwkGnNxtz%LQ{BdWyZk?!;*Q==t0WaNh2Q3JV+XPpy zmIGUxVm52P24AXcDmB-0v?HN-6-GYg97t!KMuBCVA)gbog|rCUt|txK^ygb$m^QCq zcLJ#$Gz&Sbvqsy{w%PEu*&uDPr{DzyjLmJ)k@MKB-JM7a4?Q%OS?R4Wy=||wXCs7Y z)|negA@K;_Zu+ZONXY74_*JjxXEz2qZz60t^W*a0>zHhNTU45wY%Ii`b-X-sElG9M|Y@H@gZMb!pfslf--3oIMxmJr{`& zo>k;mqEVnk|3@t8BDsKLG=^|%5{mYZIOhT>lsHHr3Don|5Z(q$72k{-d59(sD0m&uc`tmm&) zHKd{5g71 zyaIq-m<~i(_c%Y?DZ#P}LM-ztf`+Gc^G*L9BmUI45Fpb8L zQBBSOi3?<(L4xq8Rno~YzW$h1Ql~)zV$vrljYAxvWS(--SO>xb{NNaY@@%K1?BvyGJrmH(=JMHD42-~qh{urO%LiVf zbZL1~&b9vTxuP7+Gc>+11ZXcu904TnlTvtw=6K0r3%`S5^pLYaXe&yHt|3Z@U~VmX zU!6>HUAgP0lUL&FK_)EMa_W&tnG zh?eI1ySkE{v&21O+w8ziy!~gJX}5&6Mwrf<>Z`GrdSUB?s6NR8cbXPI$trf57Uni% zyJ?`!{?Epn-4GE2!U577U79u)gcsh~MfhK%z)MIw zyc0#Ui$<%Er{p&SSUVQnh3?A<)UWB17(e%XAx(VV`J`%O_R7tA#5E?d8hEz%+NL~j zex7^n5r`NL$nesG&cUSK*17a0$n(#oygzY2`FTa2b!P{ixerA=&hMCMFoT7{(94+H zg3pWufch-j5fqJqhdl>~yZ8@z`j2=D`M34{0ICHgF*SuHAt^*XC7^Ui`+hwX%sVON zL6a;Wnh4I)C*X~HQ#k=;4h24=%AQKPZSzQ069!a8!3*}`9=+zBKW3X^a z)tpRqn@mN^lkwW27t&1CRQ~x@G0%n~`urVT^)>oP989o3Rf(6Na~-k;uGk)X^+#Um zkAtRLsHwz@6SPWT@TkRIltH34(0nEy*g@AYVBTT_9sL2_{ej&DNV>ZNuHbv^{q@4! zj5KSRX3pS4|BJMD4wCF?7j>J{UDLL0+qP|+)8@2o+qUhVw%yaV-P6`IPyN2Lcf|ho zJ^S9caVjb!@}G*Vl`G$@%vDc5?{%fJ`;siHyRBo8yESRBh7@$2u)Xe5cU|Ll`-Im4 zb+A_oS=5|SWAn49dsNnUbM&ca>hOKG@V89ypE1KeF{3_m0i7cfx7fjMF=U}GhQ`hA zv<*Lm2#-E0E(q0EZXZ1Kg4M3})Km1)f;4kC{3&84tBN0q3VY-qr&FwzR|-JNZ@UFK zZSNI~QufFs@x$P|YEkyS$p+(aA9A#(Npqaal*}!{NwPOC{`J>iHN4vN_UG^>h?l|5 z|7BFu6NlV7@2V)5jsVn%uc*|scpPv90Qe3CRH^x4?S`r9yvw;JC30iVB3mVIyk z#@S^q#VsY*X3Y(9wCra&uKXAZGH(b(mpOBZf9E{18)-i_cfdnDJf~Bxwi6<4Ywp*% z`&KDPj3A+O!8!X4k@ZVQEwSTEVoRZfN;}i8L8n0HQmQ-+bZoE|dp_;~2#?$@Q@r43vV8;~9f41`D zxVP>Yvi*=NK!$5yVN_p#U@vCG%K)M%% zV>Dmn&9}tg%{T;Y#Ccce!}CDo!t;n%SbQ{84 z;5CNxhSB6X2)gbmYRgC5ia)RG8EnJ1Z~H-GalvAJ!ICJKC)RkzqW{tBcut`57zaoh z)#c|Ccfr4Z`pjv1*2#A6HTyyz_B&lr&yLOux`u=Mh>51F-zdt$qoR02~0l>hb_(pjBNJXjC@@7y(Ry26k(J4RE{S3UCMf1b6_v zfR1%PfIlDr5C{kY1Oq|=VE|u1EFcb$07wR;0@8uj^;|$6;2-mPA<(^E4yXiF0jhz# zehr`q(C{x}zZuX1bg_2;I)UVVA7J!f9`;2by*~gL1XBFnfL{Pf5Q+a=+WjA756HUz zJLSi)N${N#nC2V;Xk^C#cGbU=?yfFYHvfV70W?uoma)j=i5NLag#=NFLB(1{p&Kut ziKF~s3fn{DVG*IF#tPfjbnDd}`#WRA`t_={Cl}PK)V13pwc9#*)1+Ihm)4bQWH25D zIIwb?ciwise6GuO#`&Iscst()-!nHJuZySwKEwWOa&rI|c+Fo&UVJ~MxKS2FbDxw6 z^QE&b7xWY{+xaT#YFGjyJL@E=x`px@?xKJ?j>?u7(kLOt0Zp}|DO3uR4j7Z=Dmb$C zeoI$+^$WV_Dk3o+q+Cyc(2ldsP zV)~O%632Vz8b}eEQ%1_oRLNUf7KKqS9-@Wx`fnzqxr1<+H>OUpT0$JJP0PiGkkrJp zmQ0%}o4K24_FFWU)JtXN4K!XP^P*<*&0y6nOiLl#7*p)rg6N{xtEpUbi$oXDu^R%)D28P0g%$P68E4Y_wy~8!p2p}`-83c79!VT(Zh{-P=v}4w*hiMkc z6E{W+red=4p}#MRp|kcJF`l=0f~uIYRk5jKM9rHoGrkjx>k$buEy)?*RB$IX1x;Ei zX_cj8y5|TLwFxz1H7)I%Hs2s61pky>#wskjRPC8jw1K#eTr^MF)(iya)RKlY|Mot| z7-)PmGJ%;*NB#)h=+6&fs*)G2QHu&t$81{~L8K}pvSz+$x2VOii2rKphwcT-5(?YI zu##RHGaRuw8$)758~m2!Kh(~o#$EL*)&{-pd(m>Kh3Z%#eYrf(w3p~R8SLFDbW6Ww zy0THT7I7iT=Yq8=aF6fw>{ogIMxaK;U03Kmj^?LDHYX*>l_d6_mH2|=yaFx3HBs~_ zoGQvGAKPsotdGK~1X@H~=rv>zM>p0DG+0m|$ybrsDK25Vm=keXXNBzDDhox9I#&hv zh~DD*Wr3K3Ll~pVa7BQ5q$kUt?9r=Yml~D`<}tW1TOTaVgY z4lJb52$J3>P<5!L4{G0dG~WeQsJ)SVELO_Yk*zU+xkpxu%ky2%ne9(;+nZU>kIv&>gvKR-;Mmf~o&hymiKyN`?& ztb_^4#wjVXr*y;Cl`<9G@j`p>7Tk6i-e3rEf@*Y2I~PLIjbm`GiH^Sp@$mXS!yX{b zf$D`es+Uxzoiu600GUD;Sw>|@)#bh9G+1Wd|89ti69Iu}xScclVPKeQzIzcBi$UQp zEn9Z+U3Q`r({e2--#ufXa$=!s^bN!@FQ%BA@5{K1Ttw*&Di)b~BC;bVReuhnuq=#N zJ0=OK-Asrvu91E`F=l7uNnc;Ba`cT`Suy2~akjih_!@h_B1DC&;;I{{8XSuS6<5*# zG(oC=A<}C=avfA;Krk6EbLfWk(JkLfl9p{!om{JK8zagCD++5-g$!hKfm~lK5#1a~9{t zO^gGn0Yx1T|5CWV9AV6vcE+INq4Z2tEiHX9f%0aO?GQaoC^X{77107 zM|oU?S~wy?+I}wxhUpdXS0Bz4d8P5PB@y}#D?XD{Q{04E<{`A^?Uu2y7wUnTICz%C zs@xnZH82v%7F$>{q82d-ly)BK<-kAho3Az|LR3M00tdA`@2_r&r#4XntM7sqCh@eis%_t|e6ttpuXotJsoDfgKs{3 znrSFww(MxQix)eyBHVBS*M7{t9}6t%WPaD7V1n5sGDz`Uk>cduV8r+nJt{nL81%vz z?Vces3JLRkLqdUmqzyC}&MWfwLa5a=NHXO@LEFH%w7D^jGRsAdK;;vfpDwS;hB4T} zy>yt#T||=Rm=r26_GX1&^hwjm6SP?3hyHJ;lE;mru)&ll%uJ}Ba54`;4sTiGMn9Rk za7jWNL}^_zyBVE0U0k?-%@>$)$_yd#5`!eN2a@dz3Bgm2k$601Ux&t^TyiN0a%m)z zIJy9c`x9I|qte|H=Ld8RrGqC@3X3cZCM_aJ=U8!BV}#R4YfU3e%LDuwomg|Xp*d2@ z66FP;oIZ#g^%7DaS}nPM;Z<7s`;&W;CqZH|Wrn`RQ5piUpWqL(F#;jaARwc`g;c+> zDOQq>3d3s>hcJ*)3_$R~#;897aU@`ekvVx-OAh{Mz= z6_rq;4IrB(v{RZ*GaTYnj2__0CHvi1Ha{mt{(ccT6dti{3cy!D7db-Xp+-P+;;jfp zhlMZ-FnM*;3x$qgZp75?$81#OOjQNKq|vnKGToZSjF%gezT1~I-_{o(R_p6cxbWzL zzH*I&i=5xw)!FLz2LSM(SIK7ns`jIZ&?iVFk=;_?qJIY}t+$DD_3GCGj2MnxA2=Hi8J<`wylO`ha-^zE6GPfyWa~2T$-UR zJm$_s7z?L_LXfE>a)4Q@$zBbEbIF*EN}$!L1*-zc8VxH0Dv%Tr;fJA7WMDyw!H1-G znVLk|WuuI&K^OZ?%p!0JQ|B;^oHgcRQ<300rb9S`x$ImQ$DG4%%8j1Z_eIJOoF4v2 z%`FRRLSa*QNm4yv6NeU-!Z^X1qCL>adtxew)@t#S9qX%6qO0}gf+pk+AP)*DV4Y@s zKeTd)8*IicT{sxSI+eTW?FKcc9Je|J^9r+t0_8JxGso5X(_R#~3wru9DcXN)kcUrt zju#ByD;6gT(Qy`;HwW>+N~nFyc-N{RXl^{`Ma87VTTzU`(Fb7CPCl};CaFCNz zR0)apc9dR>FfZ^Ihjs=*j@VuvK?HaSmoNEtm@xM-V%_g^O-Y}-@^4R9qSp%%_!E23 zf$d75h~sN)`*8*m>g-}_KpsY7@aD)%8SBHvOU0wTNCEMIpHW_=LHJk)Ch`8*hv6|$F`dC+{(_!wF%dkb8ubm^>D(vYA(os zwR>uYJF9A!Gb+$>`R#d_zo=#i12H=YhB*ROo%=YkKPR!84}TH#ym@~H1{MY6l0f;KE@?8` z&I{bd(ZAVzEv2nYWn>tcC6&>4v9o_Jk7=x^f4n}ZcCoo>ZxyUaMU1|_p1gZMj0L0; z%uvF|$GPXsEN{Q2T3OcSzKr6`=Y^F~>ut+&L|tsP`Mw^Z+deWtd4JQTclH75gt(8V z(g@17CF^!vjABQ_|AOj7XMtid>9xyCa&4j)XiPK(oRkW#O& z>EQF58B1sL+6-K=$mu!Us5%(~JGDy)%st}&SEMX5=Vyre%U;KOgLsGO!ouTl%|s}s}CBN=Or zjf=A2z+toc*KvqJ&|uF+T!c#j5eEyUBKq=28MfThbx*il{t=)>Hlb$d(?@FZo()s& zsV;yzreUCXfyF#!+-8vxU52Xm$VfXLKS3{l0zb3%=+{SW`BBFytY=ODkXO^=Vo=hz zt~NY0&+6|>KT3)@cIwFC>NHVATXXTO(VaxCvh}Ret)odSvafWC(po4m>GP`!dZS%0 zpm^$CR0&0OFfg9Rg3?WNLfWVzM6{Zz`SZgsNT z8Gi3f3etOsgaO1!OQe0J@09^yH$6_zZ+-PHDw*9FvT@!hi@b^C%9^kITCc@^4Y!}p z{Z5mhU-w=2^BY+iXP_5gKdiG|$}6wWg-&xfXg(-5@cGgAIWgczKY^wv;M{C;vwwjw zK8IGr#Ithv_sT=y)T1p+;#t0Gw(@19X3n#It#g_Nn5NdO`fa-M_Z%d}Hr=bL&%XND zMW9$$_kl77MXFqG5ghQLE8?FUzn>3NukC@~vo!Vls(dc}-mel{wA#M;*bf8EJ2L8B zI~c91v7as`*<~L4F=4H9ry@}dKG~c!BS*0q$5p-h9>(@{L%DyJo-y<(rNU@T&lbB| zmk3zTp82<3&P*RG*RtFaQe#441Rk|LPF4kUigO7vDHEp4!^hkNcghGpn|F1HcLU+HR#4TO{gg`4Lvse!)^@Vy1> zY?l+?|L(n6v`c|K&1k*%JDyJ^45~JK_GKtJdFYkD3!}0N!1EVFb#m4#Z_DrXZ>WK`0hDa^?RnGt>OxqaPlDgk*c1)Q z7chvpgY-I>&emM^R@Lf87%kKyr0gLS?xp>(7IYHcd5hO=;GYuia&C6?$`Ek z+f2vk>hjWaJ^1?%oEUxi&=~3_w$(Y*hw=x znUVgMYp>7edEbCnfOLPZi{hFmsgK)rqod??^+?vn0Gn)|se;nzAbEQR_62S<{n56( zon^o{TV)~mnR$EtO<@+RS17su)XZUdZ+Ek+?RhGDt3|;^Qr^U2dVfVjeNv$P*4MiUN`wC*cCgluYx`2Q% zFqBNDKh%DA8cPv4R}Ws-x0#R|dYw6b+a^U%%dahYfB2nUbdDB!v>HG=hYj-d?{`O) zr=2zuW5lE&(MDSdc-emF&4t-Lo5`%imM}|)U0rq2GoeOvcl7$1rE zW04(6?{nsvjfA86-S_seJg3)mxY_*&Hoxsm>Znia3x>euy{VqwLRS?BZRXNjo7Eb@ zS=y}Zxs!$LZY%)>89BnbcPF`>0({+K>-Dj-y4L;8M&&eF-A?t0QOIHeSO$%jDvaYDaGmv}tsHZx zAP+q$Yj^gIFW+?O*eSbg8C9F%23GN+E|obE=o;|{VewUl@L3o^R>?9#Xe)@09x(TV zQ?@1N*};a5@-0<8NK!3}_Iu_D=SO7CZaad5N^cI*-wz@e55C=jbV+*WpI37F@tz2q zFLsWf(y4yPskY1AxDUa^tlJOl+bRchU=4w<5?b0jiS~n$>3;v(0Gnz21EAZ8#DS;v z%4Ia)Kq*;!f|zNg4#2W6&WFKu67sZ%P`N2i%f7x|1H#H%xb z>>y(W#vd{+P$J1^M);My%5w}Tr+G_03{cyWPG|-Djb|LdRMCkx*{F8AWgTz!L(3xt z_h;ir4zA(a6YDs;n^8E~+`>q(S0)ASP6Ge5TXA4XyP*i-V={{rZT}4XquHMfWUhq0 zygj{nmTDT$(p}3TDY+-vb=sn`9yBT*1D30uA|~@~+oA4LPjr?)>_t{>Da(zv&Ca{z zJ0r3^ax8z@&77#k>>P#BOUQ1m{lHQW^2CY3k3}97zK*bF`MQLwa^xAN2O_r*25SbIblh zw}ZQ%XdpAyKjHB-#E?CDkWJp3p`oZOVT5C#hF}zzPvmmJQ*XKib}B{|1d-ugz-Xev zPP39W^aib)hmEuIlr~Mnll_jp(>Idna1{*Cv9jh^Nb1Uoe2}+^&xxFsFJms6Pd{}- z?pkvK;A*LF39efyTU*p7bEE%6LQBWcQtg2z9ob^D5=OFI9-$&;AR=a9B4!BKv@5e} z(`y)&B@5_f6x(#3exILL&rd5S3J{-t{@a-VzJ#h)1i`cUtPo{sXA z0;(&0yX*9q7#C91Gc(yIb5%drQ5x1!+N1GpV})kD^{t7glvdMHoYgysr%ywBXLUPB zIe{*g*B^+YrB7;~QF0U>ftc+W)m1qZJ9mBnxbg+1`{jsLz0P>Oj({GxqCoIjIR>{X z{-wBtT^9_VTK`L#FtTYzo?@dw08&)OH^aLllK@rYG`=xHN%Vx|mu{=rvxLSSzDBm;7u? z>Zt z##?OTI%e93+RptENno1|f0SJu8upO;%*b(Ilo}bfq|OF+F__334Xa6`V<(cGmJ+jr zFDKh>q|EI*D(cROe~}!$B2H`(gZfq9L-(38^r;qGgZJLk&*mLu^%AOCUTC+eDus|A zfV7g^j;B7JZH1OnOM-k0y^8N-qvfkcQNtlo3M|br*GQL_B+|7c>vy2>QHOU4+X#h6 zyWy~O1X5nAu>>VcGSFTw+D37Awu?%}n5K&+Q{|(ItI%X|Qplr?@9}1BmdLR}N%bHm zNQ1|W`rdJ9N72o@_D*TN zo<5c3E6{>u#oE1ekTZB+?1dlfO??~df3G*rsKW^^+)c|CSs^|};BJm?@!tQK(4}t| zxNIjp_x?ol)4=-BBfIUAH;ct!52`)Tw##;*tuvAH*yBJ~ZoHOmT;G4f-G74$4q=hPh+bmqfc#Bm;f@^G^<7v-&Jju3Pvkk9^_zxY5v zjU+Hc>{~ASI_JHE(AQMYnS2m7L}M!S$;Pr?=UO)wu$lSu)gE)%zI_^wRcR% zS4U1WYn)FpH0aFb!0IFc@vEs^}t;A9L{Wd0mt;v z*n&L)TYg7QIx&HqsF{(-KtIoJWiBg*C0h zTcl`OJgQ(Z`LWg~4Z&$S%zLCYLz>Wh7h~p}N1ZHa64fO=Es2Xi)m-63AmSiYa;hy{@ajxriG!AKvVr0H1m zpdN|hn#4S$J?XsJ*k6eglNxh$4QmFGBjWZZy8Z_xA;pm6C_@1i4HGwd-OdtCfGV)J z<{8k0Lb$?X>qR}(9Cdoj6wf)47AE*LExleQU8;bVr4V3Q23dh#Fvu_TvLKu!yr=MZ zcY|fHE?^?h9j#=KDB2-a!SWWIFlP`?)B`rTU`PmJhu zPnAJJ1)EnCp&Gqa3iGQDbBW#sV90PE9E@cCD?9_hpw=tsGW0eBBN*Ha%b9d71Yp9{ zg4Gy*x0dohF`?8UI%xvBqY`mJdzr>V)jHUnFGBITZfEz>giRxX2kfsfueH&@N-_%` zX+s8|Y`=+2#i3WES$|_#V*T|)oMFl3U?p0gnPhn|{BH&Oue|eMVIORPB{|WM?^f+t?%aozxOUjzrpfa zoHm=syV8Z7u4oPQ$$}4OWTLagXiqJ2%`UbGvU+N;$|R?kBxRQDpcSV>?rBjOeH(9i ze2hsKY+sxUKKF5ntPlfC)oku}Rf5b-+F$k5!M>7SSmkjmeLvrNcHqGN8}p9RK%r99_-D1Ii#V)iH{^gW`?lv!%J z3@{nE9|jea&}R#H*V#nVKw$r-uqgHX=Iz8KRIR7sd8aFa?jz&7M{wL*F|UEpOGF+v zE=*x4-l^oorpD=U5AhPs*$5HT%Hp%6w8unY9!CR}rp!D|3u1TT)-%u%ZksKs6~nfE9>Vu>&{(0suiE zQY8gY04M^HDhq%m5TvpN*Z~{>P5^s=8xW`R0C@ffLKOvw1|n3+KzQmOaHK~8jzr$4u&BZKtz76VU?XI${jpc!oyiM z$W#+z%YiHPkp}VZM8$`%8$4Y?W&661m6e_4=jz^F*o(NJ79h71gtA}nxf2?!=YjaNc#beX-UmD8j)QgD_} zV?t?3=iYj1x5#frogs9#e+niekZYkHE@-=jNBBPrI)5SwZNS^ zhUvXQfm&0K^!z>;XrvP9Q~l-kM@1M(VNj4F@Yf}$!(t8swUQ3M^vSvzm8ed-lyVK< z8he?PPjgH~1K#cGHJr;K*Sm);RUvKD{^+)*jv6oR?&}C zU&X0oT5=<{G!jT{`rk)}IgqLwS@$onPc~$sWADqGL*3;#KF_gja?T}H^f)?-H@;4x zo}11NPAmLCYdOP^?cQSlm`ZN#DK(^h>|7brF=BwR0EQ^^#{cO|BZk)4CNxiq@3Ck*BySDMm<_3mx zi|LiPN)Y9aKeu2R8mq?+g^YNTbm3EhmgIRy%I{kdM*J-g@M{xB0^04RtzmBulf1Kt zkozV~`Q-X;sxltcOk@cxlqySaE(|vh_0IDOll!H!j=@fRi31}h0qGihQ!#{LXhsT6lV<+LARE0rD(zP^gBkuzQ4^wZ@Qsr%z}uL8mb9-DFR?q%M#f^oO?;8MmW1ZEO2DkLfo}y{HSLc# zua#FI5aTytPgxT#)`O1-dA2~S-eJ0lSpyEl= zFb(OBso&KJ8k8-C7HExyyb3HlU;A}^9z2T!S_2K(B_BaSkBOcmM-Xj|KVbfSn%LKm~e?1(-m8n6(E4N>dUO`uR)g?38$ za^UuJ{GtKGGRbm+#E{C49MFwBxqI=+rdn7W#>_=N$3z$*V)~R76u{#AT`VJA)WWX8E)eI6-}<gvbc5 zQT5mbHhYSynfQ^=p{9B7YV}-Y;wYgQ#ae#`tPt@%?N9Nu?vo*Kc+0u7B7)q)p$qMz zxJ8}SZw+j%n+CfTD2;^>___|%W4+>TJu*tYsnYQ8o#w**Lu%L#5dFn7Dv#=hzB*EfbrVgH%GOIx9ZWh~{ ziE7jODS~~zclDKARCelhd|4W+8s~yY=~cY#y*$S86`E7aZQp*61D_5+kPAkbLH&I1 zTU9#HwGXbPoZ5-UigaoN%1FOO$#o`rQu0qfwk_2B)Mdtus&P*#@XAZ|9CI^9+N@Q=d;~~6e;&vPL>1Agq8)jJdJ+Hg- zQ(~pR!Z~Zldr*OtqOx9FrAv*M(Uz?HOI^o2d4a9tf@yn!L5=0B{ceCtXVwXB$q_67qkIl=fM8``8p#uN;u6JWtuj1GH#M> zeW0y8u|0xkOW#aPUc@@7HflY?F6yXbXzSc5JEA2I(A!$OOvh!{(t^D6LtcpNIfq{t zpUq=n)bfzVoE3AcHgJ;4ZS$@Twzfsc4+2z|>^#&rJjR~^4#Y6R#z4`!zf;VkGjMCt&mR$Q#*7 z5k6{9+~al=5NYb-#S_*`csK+1$|y%K{00B-Ax{5yyJ8j$1cU-86(|1x4sinq=M+`j z9~+GSED9WLrxP1Tww{<6H4QeAEEf>de6>QWNKZrwWyBM=LKDAwlFV@2r`gSgZO*Pb zc=(>Pv(nM3$&y zuwZF@q(j<_9iUBOL|_>3t}|p!(9&SmH7y5kumuxt}(0~(z2)zqr(cZIpoe%meu${D_4P(i_}^zoK7aSHQJ%fzKaDL z7m8qcX*qJ)TIJG>WIaCAe(mk~y$*CvwCs;#d3>9*SbBKhYC07H^xdvDhPYz zxn8&Am!&-E-jQgTEB2sYJOiY43uvXyx*$i?iX!S0+5+U^+vd7Id&?Q~bcmJ$9fzC$ zXgSBwR6W3_HtX`3aTClhf>9T-#rUuAo`v@X|GhBUX4IjXC5hE}C>*y#uc4PZ(+`_D zfPHV1*mCH=AHENR5O+ppOVUFtlK3r5u}jFxlT@2L^->DCO(~bzedk5r$JXDODb8UR z3I!3x8?CB#M74l(Zva}!>x3!HP|?`jL6`}h)_eru@-KrcQ#dW(m509vuIpkK z_8W=&BIskK`=N?}q(JnNuAOh}C<+T*Nc)PT{_0l!3IT`cTj`4 zSV;e;aB#JMp=AN@J@iZqNiV!ca#f&<(xTHwDjNT_1 zD9OX;TjB7R5dVcBY{5mrBXPO|R9AX9myOAV zyZQALE1E(JtSsmzgz7ibQO?@%z9EUMD$_=0#hd!?wo~~%s~RLCiEeFW;oo-WH*G(x z5s40rH419pk{UZV9-W>JBuGAWs;wJB6|PSk&|c>A+X&t{y`B;NJ^W!V{%A4*uags4 zfJ){6^Dq2=z21K^6Sz97s4pr^Of4|X?Cwj`O++Zr$xJCJO4Cw~jmyf@j!(@tQO}Oa z&V)-KQ!URes_cXPw_XNmwBqUqwnhjF0`gDm|HpO3e{I#>$jZgQ+}_E+!O7ml%-Pvi z{+}*K-1zveJswZXcIW>DrPqZjmap3EQ|^T9(s=(dVb_%c6UVuo5a!z+0nhHf1QB1A&L%rg#u@}>WcrK{wL$buZbYt@ z^^)egnW~>jWuNkgiRu7g<{^X9Bl((i&6>Y36b%ytH(C0V1HC8A`*>GB*IykTk*=6H zs#ec_atU-aiG0DfS?*F!>;eyrwHR)N!Lwx_;2m*tL5t{z17m`P_^LHl&=3>_cj-&Jrb3L;Y`mm=!ux}A%z{1Llai(xA>S;r z1tl+|WNN`n5MIp!o@CO_)`0MvDK)4^FS#M04Bxr?tM)<$SMA7nQwiH(SYFLqUNe{( zVN)G@;lB+XJD59;e};`Hu;Ba;UmCdcG_bO>ijt?BkeZT-J93(sk{PFMtf^I(oS2G& zVn(z6(E%2Dw{VZ_tYRBb*&cXzFOx5QCnNJ+TE?*Qzl|D+25yU1U_&6lQG@^g(x9`6 zla+&unEb}~Kt)9Fox0V_e8tlW1jJ6M7sJrCtX(QS$}t%HioW+}-U^B_S+@z^J^omQpdN`rR^82gn_#VX;6 z>e6o;Y*jwr3ET~JvcQ9!KQwyGoZmh_>z{CS6rE@~Dc|#pQQ^jGv``&q;6NYfqbf(P zEODW}ke(Vyu=#jo0oK(!ZoRyy1w=nmonva6(R==VT!2zsUe!{AfQWg2EhILrIxMz1}E}otwFzYOia^_jHe#0!@;t-`;4Of=kF|*?IfDf1l0t1*K7{c5>=$i_INk?nT`ahT{JDR0XJ?!#GQuO;G_nZKZy*VZ`B?%*2wA;b_}_vcp$FM)Yq}aDl#VWymhK@o<+*-?*bg1)`m9LB8 zuHKekpIuQ=QL!sufKTT+`(m!U(l6YuT^YpicuL8(=&zr(e!B;c6m17*YE5c3JC^#a zid4-}1zunJU(eJU7D}^{W{BL&{Gl+mPlE`MLm?)gU`YzK*wgBmpk_42R0zv1qb}Qm zrKUIuGcVnHvYP>3e>y%*Su35c`aHMnQcmDHfPocTE{A9lADHDoY$*U+A{Wp6(KdCg z%#=b!&N<|ZYl0|(j83!<|GxK_B0CZN&4lmCXAR1g-YFSaYZ5| zjkOtVxBWwIir!PE`r|k9y}6v1pm~YO2W7pEOWXlLq}7O1Z3Jw!EQX_b1mr-LeB$cZDZ`kDq zyp_OlKsll7*QQ$+OOCbk(6623*z_;-|V91U) zi@9R<{5dB+??Zf{QV^nc=n-jDPvtA}r=E+Er4ZuS#=7-WX%`3sQP@jki5l3L|>t^3x%ar+(gB{OQQRKr3ZNe_5D6yXj<<<==7 zx|M814o+(I2e~2F^r0Ysua3wV2SAx}($=pH@W~Q*VfiEFdR@mO!aV1CK6Q_j3GJ2t z$UX!wCS`f1k}|8=+oHfW|4vIFX!fol?jhMg;nE`dvo8Sn2SA?_E8w@Fl1NDq;uuK4-xM4(@RX$07v*RcqltmmW6Q7iT%$w~5R*+wk zEN3U>`Np4~^t_im-JI0p%mVf*v{>3*KM`XHA)Y{gp=iBhXC|N3@WK0qSi^W(^^Su^ z3tqs$XwndCvFX!zj-g}qbf}jcNz2ek^$X4@=Hyc7_>ekmMHeES1>Pb*$WNPCrPjdg zS=YS58xUtb|!U|N)|J{8>#ascFG9vY?_X2{X$f=|!xEsH+Ee6hN~4_lnV z)xq5uk@OO(Q}AqA1gTLp7P%uU>oxTc*AmzSt~fX2!xTOZlyhIX+$B)#U+|lseB+>Ochh6=fdu*wfo;2 zbdeHv72XBo{Yn|#iAHg@391r*QEhpnIs1m}FW*POfcmt+Gzld63h8FvR?R(`cTd&X zkL}>=D;y~Zou<_$8ugN?b;0>~dAQmbc(bN`?kgiZ6Z{e~%$BTNX4uiflROIGT^Hb? zjPnlYU?;|to-w_KnF=0(`?Y;{saS1|+kF^tlQQ*M)YWydHw~Vlr@-%t5WB$9IWE&J zw+Q?W>hP|@g`Q8&X)7>*JgAJBYQy+4_3n?WpLMdtU(8pxqlM2+tIRrl6~8@ z`H^gd3$@xO`i@Rm3v`Hb3u)2eyrB2^)?L<&{^HcKG+&g-TMz^P zmQ`>EVi<^j{))`b2&>0Hp@{a+5vqewPj9azKUEx$zfd&O0Aqq9S%_}4P`NbFPzi|W z19?XnMU!ORVQJaLn0p>n0SIMZf8|kCUG3yn&LlLiREL%ha{^6Sf=^hC$vE=14%>Fz zcV@``aRk(@C~q%!rZ8^%1>Qgjff^B)xPu1>+{Sl|m=|0_8TS_1THH!p-raEqnJe1If6_KEp;y5=1DSw z&Uz*z<;Hsl$ZZyG_vCPTnIaiiKKX~Y7Ie9Q^sVmgbxsK*P)vOqqN-ipR0(|kqiH{W ze+A#0z8jF-$G)Qw$aTL5KR08&nBi|0m%#1NxNe;Pt97dr#0OEVg?73| zqOmRZy|A8HV-sho{Pb z0g8Ycn`hB-n!RFiw+Lkl4=vL$PNqIg6VAOiCV$Znma$E1ItKpM4CfF1lA1&)?nCDp zoWEP~&W=3m)YKgwnyxz<+b1vGmUJ06J1zNbsF|~4HSNnV5})NR#OV1x$}AY{-Im?r zG6wBeefj1bYz*1fvue{r8nm`G=IZt8?vBV_p4s$*kQR=P6FXW{p;1N(XKRQldufGW z)t%FFGgWg&k47NfR2&$OWPCs%0|x;Ur%8W2j&ejf=!j=l3>%n*BB+Hk{m&cLnjt0C z9n+hOs&=S@016axRE04DB&+v{P{p56Rik`noQYX#LG}X5$J4o zDjH%FT16O-VdRPR93-uQp~j%YQMtryBjpmYfoBCE-!^Vfq&;&P44~7FevtDyA4c9` zgS%OdzdlFL^NQOI`?Z>j<-f~6J9K-DdJnyi&Z8h41Hr)Knl>x78w=iyNcn*3yb8p+ zs3sp;bBSc-!5EU#Y3QRo;<=-Rr%DaDvkZrz+r4DC5WTffzxJZrTIYo z9hbjnRA6GTQfyvf_+{ShTPA9yJmd!~Vbq7(P-Bjh47%9686Jun5Gn+Cy|=Yfu?GX4 zFP07N(j6>W84`xoC_|tT>yW;ZIy8Kpe4gIQ15a%6Ud3N$5`Oi-S<4h9_CYhG&@cjJ zkzbpDw$3P;R@LWG<$=sj8u4l-dEIR(ZXOI9ZFpbxUi1~XI+;9&H|vJgd4Cf2hOXx$ z^(dauMd13Am*t@t;7O~K#;jdFgPwJ|-aF@ssUah#QJ^4LjYiYBDK9H82~ui(bW!bm zcFzOwQw1OscwUf0c+OGbB0H~Vnr-*pUk=HfF)ee zgUThOW>XA9VL&T3&Q1%V4@E!ibE2tnowv|SfLdT&z62%ud}GlJf>q@`>TZ=@#{p^( z*X1PAN~o1S?*mhnN)ZrPUPG{o3NmQL@#yP23^R$-3$VJeq{~rJT*oYqUl}>`79`?3 zjf)`Lk^vtj(vo!vF6^=GpeIQ_{iNWpkfz$Gdm2W0>a@_5)LB}?yLcYgg3_?j{ zi@%B~OJe&VF4P6h^ugy+i6EchYo)fNr5rgg!^YM$8e7#FH)f49CDi|JSty7m!KDDb z8~|f50p?Z>ced!n_kubz~oS?fk)s?WY++dVAc)TZ58+Q)L-z>=5o4qsbcO!8-}tI~zvC@1*&c19?;( z2M6|wgN9OW?Wu4CX?O*1Qs30h;!*C5%d*>73EC2qeOM?H~4-`H+;6KmW4oP z%%Lly60pkq+y_!1hAj|q0sWn8+F^xCi=%XU6(XY%4=sF{w5uSZbY=_?y|7dgqTEG4 zW9`gaY9lC$FN&^coSz~}XllAxv5KA=q%X?sD`$=xS{NHix1sDm8Ps`jOSiq%Zj5-S zJ4!*+dOKRFd1-u-ed~k&>fQP%z<^T%Se@m#-MSs_o%;L~ z_uV|df+i_1wQ5i72s>-*QZfpM<>G>oQMX{z^xm8(&(|LGYT@>HuVb293or-}8gN(S zhv{xxKG&3Qc4ug6Bj3deb1)d>Qs8~-Stq>B!!I0%*lD$;3Y8ceQi>gZACD6)4i$>fB7A z)b+E+){~bW0`oIQaM#jlpEWz$H}un%y;jt3452_Rn(~*oyd^i_`y%H%)Y&FZ^9|bj zwb&#*P_`pLd9j})>^(kOhnIdUefEcLbQQR}0$-q~qJHO8yt?xzJ^aZad>|MQZiF`K z6zip4>4+0u!w*TB@pdi}DHF+DoTqkq*pP3qMZ6tcic`U?MlP1p3af3+tb3DbL6`2r zpTtX7&|wP%U`TkVLePs zp+%kS1`u4SIP}3W!279551J?8rfa(Tq%`T;M>-2rc;^(@?Ld{H(b*|Wm`|!^2tGmo{^+6&!5bV^_gJ8X0` z_ny-!5R-2WPi2NSs+HH__O(tLW#Hdj36Q;??#@(Fdh6QFV>;j? ziYuR(2>K0QY~F5Awh2@MmZ;YIFznFZX4R&7n!oHFI)3 z|Mp>PIxSI}^*T%#cnk?F$wl0C$|rf4wyC+~T$3?g+Y|1Qhwr1i=ci9Or)t_0_v8Qn)f1Mo@hdApaaH4`1n_zmaoGK&|DgR1pSx2E+dM)PeZ_RFFoBK zgFr8SCduJ!dFNq$HYFP0`7SKsp7rJDrZlm2*DvnC0#|H;XaL?W2W=SA-%4qzt3K|k zr5)q*1XH(yMNc2tj%YL9t}Yz$s-B*aN_0VCz9vKJl|iXpE)uzhvqv5>CWUYBE#@w) zz`uj&iB^q3APha8#;6Uk!_&yQSCdGQNuJ4qO?l2KkdB{*PX>Q>ZSG~d!ebvncHEUV zS-ej=eERsdRu}3m>+T0cmA=jD4H`jm&*(ZIXMJwD(e#(3_~{*iz8LGPgA{xJP)jj0 zE9RAQAr+EVN}L}2^==|^yK_6ySl9;dR2RfVXT@24Qht#p2qe!}LtKsvc|$8v>tX#o ziaGlC+RxHjA3r?~tUe&XHJb$F42LL53%N|92TkY^eH;$bMI6MZd8nawir=k6*i&E2 z;Mts0>ug=MzDjL2Bg9|>$KsBrC=kzL%&3nP05yOmGh>lo!ymhmF?J{wLJkL=ByJL0 zvU-Tjug5`vGl2&K;Lk6 zo<1DQHtSkaHS-XCD_!q&j{@GRz!Kq?7jEogLyb0Wv0pT_nj~B)JNID4Qmaq-XR#x# zs|ju-lvt{>qoHo>?DWC9KjKatW+Tf$-U>clMOV+*d?7n?>4)tGkur3V$zK~`#dpJ_ z?1~4>;`H>!BYU{rsC&0A5|X7M(2&$4<&RZ|TBIl=Fh z$8kbiXTx*$3vdVCPu4OhLQzYk*DIffA)G+CzKs0Cqr5P9Qt}YM**wgHqNgC$GNRnM zcX@cwbj;Ks|1vfCIe)Glx{qJLAP<(HwykYOS<77@Z0CDXEnHGIm&Ve9YkeWB>m((0 zKPRP=OTV;>i+R#? zn5Rr_W6xc=h!6ovHH_+OqYOyP#OY05yoZY(#RNYlcibYN(W@9G;4RdwL_jl7jnJYZ zdve|nZtr)tUy~rAvBFN1qa`3_64B}}#T?#JT6$;u7$_qz$GB)aico<27tJx7_4f+= z1zSGQTvIp;1c4uws2S)d(-*=qtMA*>>_RBCJK$`xq!(RoD|)pRBCvMfEt0T?qC2c3 zb54WAIJvF#x&>k+R!M_xM083bm?0ax)*$6K+?+#-c28Izl#Ne~JX%ASuEV()H8Nm0U~ z;$vh)I__s@Do^&Pl9QL$_J*hPxPHe0xGvMd7^{*@FXJzRdvF(w+=N&S=2pM+e8h;0 zKo2X9xK~<7rRfgyi(E5h7y6gZw;~7M3(DH#EjRwpe4x%szCwkaBUkM`x*PaDPOter z(lih#f*o=(KLV@?$4I}W!cxs8b%Q9rxCG*D!4;2B^hizMVHQQ7F-IJ9a0zQtdc=b` z^S2_*$S1PeeuuJFYhz7Sb$VGyjVf>xLT9<%8f_4tkZz9g9+p$$Hc;z8MRL0DGn%hJ zD0$pA>N^G11?AdeSD4JY515T9l`m)d;M~5&8sJwIj;hX??~~(VKI0GXopHIm$oZXw zFI}2j$d*c&$>e+mOe2o^QU<-~AVst*Lbk(d6q!suua zx}72yriOA#jBsWEYSN(rLm^kR$}i?N?nMQ_lx*^>TcDqJ6@jdJ_vm`{`)m9xd5@Fb zi#gGv_H}Pu_=ej>ndz|%C}Ix8G&we{gzh3GQ3i1ECn^> zO$G{yN-m~FN1%q6d*tW;Brtz|cC>$7ak`Oza{ER2mvf}yM;yv8Mvgcsg1Pdx4uJoD z@XTJt`B4fzJ9o)=8rkgh_jWJ&3p)KxlI!0!Gg+wBsNS8w4IuLy#Ub;C5R@P1FAwC- z#BLBJe$au15x+BwhkNq3o0&2oO9$KBBgIK&s$Owt?{*Fcu)nadP zT|>8M6!4pgHRu;e;&7)KapTXH1|19SM#0Cpty{6{a&|z|goi8%c5~XMSKxi4r!Tww z3J)P;y;G@T@s;qX3aP`)7v%X&I=yc8KU%*H;G@gSIvKza_aY}JH%7Vb&vC#2))+w& zg%QjY3>%qXM)7;#DuG&J?o5_|8ei{3hG6JS8?OTy6ZqM?g&Sn1BJx83@l=uw;VjAL zqZm#fUk=I>3=~N^3=NsJ$wXz)O?++V)xBX|WY5z@6r!H=*No?K? zSnL~vwpr*jK0yYa08g&g?)>SSElX}TV9BUFZwm!eWcB6R71!meWYtOx?&;F3r?UrJ zNFG=Bc$K!OzvoW=X(DqsF3lKIWfR(aLT%llWC*BY{OPgVL%b%c+M|$%Lk}@#*@{j4 zt79CIXT|CxR<;4C%B;r>NFY|=G(Of{qLOWGTswof-K^!AYJf`Wo6A!~tQPL7mHNW8 zM7NZ=)@9IA+1`!iCa!$$+`@+&Cr_IJi`36zbwmI@+QcHNYvtksL6*iNFq~Uwc-n4@ zREJs4x7`8d_^CpWXNkIU8C{g}-7oly8VPr%f?PFv4!GlzpkL%O31%5i{)8ZzH^rm` z`&kIXvI5>u*GJ1KbwC5F8y4hZ3JGNadiFC5C)8P2*C82v^b`hs+_cba0V)HsG(B9v zJyY_QV}#?j!98kG{PNdDQA^0Hv`-Z{nHjH%i?^6aK5?ECW+P$nF@9?Q4HP#eNzhUo zF)s2^*aqbD%!gjHqF~x)QJj7tLt`!$Xu+?`UU88(i(#YwT(6-zz|}siy6VA_V}v9- zqI-7GoZXKOFl&$;?|565BFo7P-HWlC|1R#!e9gQPbpa22LzxlzK=i{(?~$-(Ja3nX ze;d>k`prn=DJjF3n%2?46XG&+P@ZunU$!3?cfe=2T$#$&l1^q;+>q?YvKx0~(u z68yC=7WybNt(pY$q(8Jv2I-e)^PSM@(IySi`p5$iorS`_C9dHcv)hwKcA~l_GRZ;U z`oe}Ocv-+5e&DXB_Yg{!mNA=>Va~b41drM!(4-~tv7o!CNOEX@S+j-bMBGQ+r+_UH znT|T7*kAgdH^$nq8^2{K|9sz?@qm`3x14Vg2M z{37|69F7pSpjWnhFv;Ev3&yf44%m+1M8bV%kuY(G1-1tg;m5fI>JeO|7IaDnp zPUNdFmeh=}1(`=4JaOtcmoHCR?C8BT7MZ!x9vf7r7<9VI!3Mpvw_kI?tQhORyz{Sp zwUIcoReWHaPrBs=s=yu^ z0WnTvps^m(ro*0=K2yl$=c1Gk49bDhCJT8>N-$uL{u5pAB0S`2ji&6`$R23m#8UxdvHf{>);IQ) zo@_{&doMT{Tn)zlYOSDEK|Pe7+;SNJe7`?)94nb$>Ozw@+cBLO$v=FCVi<@Cqp83w zAHw2;4n17w@vzl1@moJG8IP*%l=fRWobMf@JsqCSKAIlCwIb7mVQB*cx9UAbui5^H zsN|OauQY_tNx>!Rz~n8iDC&r?n&F(H22StmLs02aU`<3k$%XC(g{ zp_a8R_k!yNi@3nzfxgIPVI)`4-GDH9tjo_|LUk@>pA+i?$f@|EGksfQYn=_RqlM>3<=$ui)I}vRYN1O`qLQ0 zzRTgu{=I=YhbY0Q-`Bt=nr0SOa-KMjzG|wzN6jJlp4aOk1#AT$2t!Gh@Atg+d6DYM zZ0Z{WzY>iOhX%apq>&==CCmU;l$J|M^)}-*(s%`qz-5E&GMust$#zuC6PlCW2>zZfC};T+OC~ z-5jAFyT02>ZIc>!S5w#rbfNmGl((_V>U!#8u@f{^&wa#4Zfh9yIrReexq!d@qNWx1`yFh|5BMS}M9x3aVluA~W(BJQLb=Ra20SSI z9t5OM=luaM%Qo`OL>OF8$W~#!mMezj+#tsThA(NPb;A=*Ffl|cH0r^v{tEG+ic6~} zh_2EMSz4!gH<5iA6cWcuQa`L_MrXlFR171T{45?tUk*RCV{hPLBF;Y0rB%k?#nLbFCLbDRz0EWh?{lrIsXWhGm!XCwGsN7Nsra7$h&nf4Gxj7&Lb;)2kaQ;V z$rAadd)VP~cbnx99-gUAc6lhPy&`fY9O8p`InN=5EtRRk9*(6A zQnQSm1eFg@>Q+$Yd9qDtA3IuZf$R@xRy);1Sb;N)-3cQVmGKy#J`FV$_+Utx%e-Vn zZLrck`W7oRw58SDQS(ir!vbfF`Rz`=G!A6T?;yatD2c}rsEp#MZ+-d?y7YaO3F`wP za&BQ%{GhR|9Hvq!)NVtITCHAFgNv9l(vv>p%&+9Suk-vwnlnl5MhI() zAA~zr(IxAC$Na+@xBV8_bAC3{RtTq{UR}=o14?*;gC{lqaG8G5@to7E>e7E0sfG7^ zr13u^14%5hJE2mKpo#i!8@xNN?`@N0G);ZqOomkJrtX5?FDrO2sl$79z<|C4MgYFp zYu8qg{g((s0z+w|Sx@Y&8}wYJac76*$H(*zdvXa7iKyiEwCZxT2F{c472bRoP@=tk zAnO5K8k!hH2>AtpYF(+$miVQOwI=9}<)-aM801%m! z@?7gOK;eup8EPm16vL+xD|Y<%FbnH%hPtFuEwfIvX|2*uHWT#fHv!dG z5)BibQ|8zdh0@5l$Wg^indf3;iGPMtBB@eXSKm4w7{ZR@=(LdyA0EHaOdH1%}m*gmUP?EYpV2n8mS2EYdG0j z_2x8-9rl-mL9^Is^)(iqgY`nGG!}29%@8naQ)0NZY;4rp*odGv+jd!}?KEm8=TEBX zzipenr8BN;NSf+!#`r}v9n`exf zmK0k4sa(J#g@Uzvj7C_Y@vSl?U!|aJ)sa4_4St#{yDKYSUq1iyWU_TuTO8Qacm1%T zygy$TkP~LOvP|o8P7(klR3}UAfEfg*n%W-Oz!l8TiM>H__*zc*%>w=KbFX;#yr$;D zzT5?K#`k^1e8Dp=q z?wUb7Wr03=(rc_-WT!!zLrhb$d@xsNlC$vh^K3(rozGZT#17irEL z#2tLbNZkvMZ@IxJ`r$l&Eqwsn%GOaT!<42ru@4tLA%hpf0`XXtJav+2v8PB?BM`jh zuAwJl*6wZmCnwSgFmCD1AK{lP6Imxm`7b|y{!}@XGCtX`g^`1N@q}EYPli;&h)JS_ z>y1f?7zkkf2C|{72aE$3yyh%iDP(zhQ--`Jw9Eh?1VNF*IOdFl2GZ zaHeZCaX%((Ll9wtnXm+h^BgiYAP~*ofI6?()@jpahm`zY@e6c+_&yzWi|}q7J?lZl zdEM?|KO>Gq2%jM~{j!YU>ET>o-rPKS-dr8Mct1gST<61eKha$R==T$oAtf%ep<_8Q zQeC4$n9;_bX5S+-$aakWv~g%PRFFaJ3=4MH{bAopqcE88<2|Rdq*SxN+xLOPAiNzh z+96)vG38kLATHK9lymLtPX^NJqRk^Yh-BJ3=H{~f(lh;1d2j{=B&ifNH@^LGA*&R_ z(r*2ESqvqmq{Y|^yacfjI)J=|2;M=ecb&);i*CTnQyMsM_&WT%i{?<0W(yoFaLh=2 zX9YR`2Rf#R=vuiKlaCR$yEvJ%*9BgttHUEuZQszQdMwWv__Jdn0a#M+QIuqoW;mR- z)VJb%4Q5KPwxF-NO|s4^6y;W`Cgzhx!CDIgIvgHE_5>f($7@|QZea5Rx!Mr!s+fUL zf}jRlR4`S06diXDBXg?b87Q(i|4IbSxs?qnKci|0Y8f*yEfxnS0B?J>qajWgIQfGA~!g03kx;l6<{6jsBVuRtdQX844;H$X;AXgezwJbn6UN$g z9uvu|idI6))v1Mu;9L_}A8n;Y5~$5&yAQ(&ztT!f?~gN}NWTe*us%}F`>Cv=NzT_y zafL@RaHtp6E>gM8hx;8y^rGjZN=4XyGgss_7aDOqc|;6G(JRfOU3D2x#OgnZTsil z_R)9LU#~V{<1r_*qHZ-Z{=K|;bM<=n>F7y6GO2z?X1&Uo5RU3-w*nFz_qWd&vn@8# zkJcr)@jE0}>yGTafSzeP%lQ+K8#-E6cZp9|eXYArcM<1!6P0v-1P&M?Hb{f9Z^H`!*xg4^Q$p`Mg7% z7rI*2OOv5ls>41ny{V+SSj?MhJX|EBAz#0KrW=c(D0mX)lAIE^6dSi-12QXw?yjy< z0p9$myfN^R)G|v9<`gCUD57OkCOH0|LB2PW)4{~Iuy+L3HLXSTh~ZGMs)9yUS0}Hx zcPFr}dzTOqsOEv&u8AsLJxZ=$JD?*Tu{L84c9+dSv$v7i`U)$&^iH2jK!c84wuj%S zKyI)Bmua@8$%X9y4kzNEKsc#>2*2-7s>)3vXW#1TjiYl={WyQNxvxlI`E~7n@4=-> zK{uM@xwbgq7-vBs{#?7z8?+)n6{6P>J@5Ss(>AX6yFEOjAHBqq?5%9uxwjt#&r3YF zTGD98n=MlpIRJVQrfN>6EYa8KaQ?xMB_DvFMq&Ffz_NJq5VbsD={%$j0zXU>^G`&u?P*~s{l3bkn&W#?9~6ysqjO4n`8!s-ekYkO?J_Q+4(s3$A&&lG zRuE9fxGT~PwV-I8XiGI*s58LQv{>+-=m(767cde5YOA4Fhs`Ocx7P*eOLsI1i{ZuY zYm}dygrbYT{b@8DVg61J^AzJ5673L=2oGDJ_Cv)Ox_$18!|=SSvhDv&w|Oo?q4oO= zuUMH*))qNnL324%ztbD(i!js# z2^M>XSnhbPJ~Ypz zK@OCh`Jp%Q>0UhQ-L)!jdJOEh3Gm4Pj2D}wcFD}YkQg40w!@k@_8ie9#Nd4EyZuIS zO)h#rGx1S(>UZi!n>hIXkLW4Ykp0(6Lh8HHgo8p-*y6i9rVs)YU4g@xHNs-<_F@rZ zMYTogln^cb3U&D0_KYYZNKGw?`7lakJ(irC;bct-581)7^n{_Y=V(}-3w<&;)vZvs z?nP0~KWE3f3U+pXn&OHxnQMw==8^@<5m9%TR>>MN@4l z2Eng&OOtxlssWCtCZ8T8!vj#=GIV??Wf71*`V|%{M7?LY%4~Mow8^mdd z;J80zZePpj22VS7lu)lFBvi8nD@KHMC#J-2)qIJjd08>EB+}WlmO36|9^*sF3^HaS z$MpqEDm(hV#zQD!h2>_c%(d{W9Rb{FEyDCi?FtR3X>1h|p@}L;(mRwu@sA?!{^9K9mGpWeLJ89!J{DWecM%tNf&c>%TDAz&3z~SO_DpS9Bsw ztFT6PDg-mAXtSBvc?+y-RGw>H_odDtDSstW##kl6MB?Sh!7&1QIYZFqRadPx9FfB= z%)~UxK55+g92H`+O~Nhisf)CC{QcrSc@Z${NhUzO^K*N~a?Ht}`IFt>ccc0o<#CcX zhabRRjAvNr1e1f1H60RDhLS%q{;iefg>}DqB;M4of>8euc!ms}*G zGZLB|YZ`MObUCo)Hq$!E>>h@9tIBPA4}o6K=kH-BN!D;;n2rD{Y|^YvM~pD$ z6+ynHZggnUGU~nu-v=~~^m*8q?@YbrF;imxxVe6k{KOHkw3aohiIoh}m6lI@2>8e1 z1pSU%u+hg88D$SS5)_i@xDV407dP?r4tV(jBw7?ZFWB+${y3oY5VYX+%#!x+tabXg z@NQqoINMCsuM%!5Qw}pck`QdLSrJR^tLXWLC+3TIar;5@Oj?Jlbgx`=)d<+teGyQmJfJ&ACYvK$B1r zgQ0^8Cz3Mv^BnM8@6(RXg>!(raKG3;Ku$LqkGWL;cp*I=JqgR(%umdcX^6p_=h(0m z^2ub7s7_sQotlbpUrdD!p<@0k^CQcA$9j_y1OX+SQA_*$_CJ=lVq4%obr*bXC)LKbQ*8-`{e=du({AkuhZ_K8k$-r35qrMOTUXFXl_pvZ!m z9TLIM8fj1^CEkUJpov1)VUAYMS^%#J1?~8S_1q!Bl;k6B7S@g;*ZH*Ir+!^4ogoS`}!c@QQ|ZC1NDny)HE_Lgc!N`VdN^_IW% z-#FrNdCsI@r7_i02oA5LKo)%^Y-qAv!?{Ot;Ss+*JtCbnOrI{x&7n5P8s=mjEzv0L z{JSbo@lPjBQSQtTuS6RvGh_Kk)4bj#)OM`AvC2OVm2=ey#A|cn(i5 z$J|PU^AFm;b_MQr@04^w2!n0EiA0l{ zS$ z3;iJ)rhRIIy$xX#)$CyL2Xga;nuoeM``c-jfOs)*SskQr?|X+&YaEvT88R$|$9Coj z5`WzgdNbNZ(}46I*g_~kruFYmY2I!;vv~ko?$si*T65sRu-4avhtI3pUakR)H~xKt zB-J&Bt`&SU$9_cUOhkkxSPkyj)!XKG`mbf{pDB+ftzq=}%+@xQCift#(2t^t_(YWb zTKcPJU^@-oRLjN{N7Sg;CJuHcK^c}&CRa(C?leuapl!Hz1l`{gS!iH2g^}ovHdG6I z*$5dswd**K%~$0L>PpsV`|a$6>@vmHZvpr($x?lmr>3ohD}!9yuRS%!Uq_DOfg ziW?9ZPY^#t0Vj!UA}CIgsj-q7joK?@vZ}ZBg}T$^+%4?+8%}Lkl)8IjWl;_MVx93; z87L8?_Lh^dQ%A^Jxie>v4O(D61T!wuc|Y*p;3`;+#vs$@>R!+3?m&>%g|J^Lz=*2f zoEUCr)K7&Li68#O$ZL}>>Z#cBED@9L^5qerjvgfOC9_F{jPe2#?^h0)w>j{v_P}4@ zAXO@8ISV}AF&9&-)16})iyVnQiCYRw$9aips=r;bXE}&bgaSC`r9kIV3tME>2{RBF zj4x9p35`?U%ybMO^>MNen1?0w{9+ne{VDZIjge}~)UyFXNWWPmT2QnW04oqY*CC6@ zGJ{Gic4*Y^^Ui?GU;h?3IIioLFK7Bv(0Nc7#zREdqUAn;ZWlsQK+y$klDA<^s({>< ziq21&QaAiO?Qq_a3~b=nUpLJQ9#6slQ5QIV^P(B)(VpWO=LRWCZAG*tC5nQy@AxeiEdNE6jeuuy8l4k!%0VO>3IC8Ijc6xsU!>cq^K zYvLyi7KR@{SYuWFVBRhoT!aQbM7A^N3Q8OFj^cg?N{B?Gv)$F$UGMD{@#4R0niDc| zs@rT4OHUVleTJw zngcguqjg5>hG0BBt>gm1s#`dxKHs%{$hn2a5!X<7aU}L}jNlJp72q#D75_X&ibEph z!3^S6cVfVvTiJdzd-?ZI(QNu=Tsz!)$0xzOUa#`zZJ|^poV9bFAk-#?kc81fKR@k! z{_kB7R*+MU1G17u72u+k+E%HqbJ<1M;pwrw7rt?KrYpQ!AR zx@TR4sUBrE?{xUGIF0;+rcu|Ei@WSM@Wj)_G@e#UqU*n{70(kGfmiy05IPg^3lIEu zn-rabrj~|}plYTNg}&#K`JsL1o&}44xQ%xC_Y19uY2T4VYYjTZ+2SVp!hVClbytLf z-NcQs0*XN3KSvtToHE{+-4>?r4<>;E#pVqB?qI3VBfUC%aCgwzlD#Ow>pETDgVeiTvFU5&((H$2 zi;u*0Ru}=CYRMIVO!>Rue zTj%;3cv=>x_Mepm5RV(JV{h@q^9y z_l`}uPOIG+kh&FTp4!%wID^OCThy7-S z6C9jrPkrBSSH*Ntn5oXUi8r3zXNdjU zbet1&ov#0FBM%NC4TyL0{sjs#Jam-b(V^LWIcHkxs>1#y_FA0pu}2`p^fL} zl;ShMJKQ!z8nML+)84H^T0gr0ff_My&EPD(Z{fqyRX5Iu>IW5Nu~u_usB!#Ru!##8 zR<*TZpY)+S-IwVtZB)7UG5CT3Fc6B5*0dT?+@IJIu<9JsZin9!U#NumJ%>@tch)+& z^jN!J)KOizP6gUwfYF54-Ror+wvu)qvwQ^ebc-7 zL@4FFP-Xx=$CZuo-sN*B9 zPU5f;A78M|>H&J0gcMMsJ<3KeVa#`{1a7FtQVvPR*Uy($vqG30l9WXWEjeLsVl^i0 zX?(Yymd2^gUY-GS;Hsp$Sa_O+0R`V* zq0UvN2sKUl(OV=rR%R9S#rd8K>pD@j&MoOojFC!NjX_%mk`rAK`InE28bC2~q6EuZ zqMw!?JO2kc0Q^PBk)me10hh%`d7cn2rz&1OFEB|HR_VA&PKBomGj6-FQ<7}9I;lW$ zP?O@eBfp!8HMjRZQB5-m5oeU+%IrFX157J4VTuo<6v9zOtz2Y>CE6(a^;;mS1c}Eq zX(j|4#TNYt>U$7xLS2!&%aKWf*~@9+Lj;OM3V&F_LG&OvWj!|VQ5Drk5#L)vJ=!_E zVK}66233Gk&x~jTw9f>A;2leVE^O&End#n>GRV~AIuwT>E5v$NjRGL=&&=i8gH{0BZp)3-E ztayDjC!F5CAN^rM4J8-4@6&3Fvv?&m8IQfuP0mMd+HQdzc5hcGy4xA*4_ z(iJ8SjQttS6vamL6OFnCFVN)}_6_lo#n|bI3oMmafP4DU8!mEzKkq} zj2W;PX>+h|`==uW3r^PHID5;jOR0r#RH3ZtUgBB{1_-l7m^X6G1w=dARpcPoHJB0o z8HCsvktB6H?I{KfXJKgIMlv*RO|{D!ahrQq@s}@5%-ZbIu@?NGw6yT!Xbj+3!{d-l zfNK@2sYiX_tFP67b}vq!g`U)!1IP=(Bvh%x!^U!}tLO?L%dkmoJB&?t1UdO$VvY3S z?TxZ%=*9N1j*4*~*1QO2`aJD|4Cb4j9kTz})8m6JjJ`7qo9n1o$o2A_x8zqYEqWJW z!vC_T+MeT*qv#T=axTUv9GqdZDP(!!WSS@H& zANf;pI$6cs53xE4Y^)8E$;ethT})k(->@SHLj#Tmnz&76P}k9drn_B(Z7tP?5idC0 z1c&j)0NEe;?K;E6XrDJ`F_CE|*$KJB61i)j%Z)~h4Y`3Z>>;mRuIGfSCT}y3l4k?I zWej!E!W#_bzxBt?1Saw0+Q^cZ>RN(6mRO)Z05;)P1Jp-wT{iuv$x=`HlhKugW$REQvkk zzIU)5+Q8}CI#!cd*DdFqDqRyqc1pO2*mrBj@?tu{M@V!SWc`KY^tPAys_usOYu_(u z<@Rt``jA_zZk~s0(V*Q+3H_lcl2O?L;SZ#F##)^+TwVbU3aht1yLI;L%Txi5W zj{aYKokNf)z_M-Iwr$(CZQHhO+qP}HPwTX8+qU0%@h9&N?w{7MA}XpXbLUzRi;anw z>VrI9AzsBh1QeqGNTySa=q5G4VG|O&XKh5NOQd}vR2CGcH1dMkcph28V~k8*Uvqw; zQA)-_=mx@z2$_Bf$U!oQXge`@K0s8&G!ey5j7E(&3i9-YLI*6@fFl%i7Qe0mekwl1 zn}+%bT)b4FP+5m(R?4G2_UPm0IP#LwG3OSjSxuzZ2#>nB0Nkg?-CCfAsURN7YbnmW zr5R~Kzh<&>J+mNQgy7<%L(ff|;C`jXz(GIr=V4grBXJAv}pu3r=QiKBU@YQ$mm^9Yz1#M?Ropd5mExJg_vk*w~u zBy0=gPnIIHfmGeUy6h2s{|z<7D0t~m>or!1y%qBirs)29^ryK+o_v0eJOK#^kPeNT z#sU+>K4k96N>J$5>#2%;P6i;%@6286&u0UwXhFi9w!KecDK??Ux>CB57o7&Yp>zcu z*j%^=Ui?fWTS???U2GSPm^Bnr4j`eIm_FVv=E|~iFREqb1ZNnhKE`?`*{IUx)qUzR zM{lBH=_DVm>=@I$<_h-;t6Qb)BMA!{iiWPxS^0HbDET+iqC+B zl~D@k$R*T6urMXZmMaGLV4-BwwklgTySyXkOSJ_IPHoJs8+bB%@_SU~j1J)Wy+ksz zy0o33D*M`LzuN@r^(vRKi}wz@P7{Y7S2X&1N3FHPS<7>xlG0fWYnwnLZ|Mb%cGl|h zuAe&1FQ0sVtE-hOpI&uS)P2%xtFglh`>MA-tT2ra%BoKHWjn=p0%M)Xn)ye&D!+C) zTD|6AON~Bv6M-C48$n;b4fF;#8Xmf`h8L?ti+Q$p;Ojx~syKMxS%CWHVss6%8t=9n zf2qx|LDLKWa2a?Z&E*i>Mw)|f{~GZVJ^dByox8*UV56tLdb+Dt`OpTjrvqf7NJ5`| z@V9sxuy;S9sZf7!=aiYqgmT$R5f(7|QfjdHvOQbcwYic+8)jYgm%uYSQYvgQsO}GC zDNZ1+h7VE;5-FPha_b@GBGCrB_%AW0IzFsvD+cmSNW=gj`NVlP5ak1CKwc@V-q|aov~rsYWb8fVK6aPw1Cug`4`4q9!n@Pkp9@b;AeG{E zeeI*Iv(KeDvhr1sh};V+IHcCsz&RzQx;WRU6(KKNuwyJ+6(heC+BGaPA&o%>GXno+ zO^Eth{x7ppu!@}@Py+Xj&8@POdJAd5KT1h7=`VBkx+iK^Dvj)lE@%@IG_%EyOEgKi zpw4@|q&yZ|k1oO$0qZ6}PNUSHi50GyJe8@Fg-wl;efak1a{ld})qd21-^Hq<+e_*j zr4Pyx#I*JP9kwt@2pspx^XWy4U@n-Y39@M8bc$W_COfoPuaN>6pDrOp6wsuBmQku@ zMDQayrgJgL))|TuL^b?P&&W(0qL%|g0Oo2aE{^5B`u9&JB_Mf}+f924hygajBYQnOXI>}9A0r0;yPxjb^|9;90vBP)fu_9#|F%GNp`L`A zm#OO^*vKcLn$PE_$W}bjRg+5QIP6O$b`)$lWXX(1zWoD5{!2k>Y}###A^5iS8&MNL zs4lW?y+m3jp;-oDNF4l;{3^n_iqescsn9iYw-j|fs=q*gn)G@Rib9ukT7z=RhA9(NK$RSw35?#h==>mPh**GeiTX5zrh zsHY}VCF|&QE~@0o{9*0DyIJVi43(Py-A#`@z9d9U)&fVrhn=sZAn_ zFCGKqK767!ZjP2F#ZXhCFXS_SaBmlEE(2Wr#<^MpV2}p$NH-C)=cxk2PZl+5f?Y|N z8cy0~SYK8ipUz1R@ukryLM@bNi66+020fINbEU+D^b6~_KZ~4AGgQw-GRYb&l}Uy# zU2q7sV$$n;Gxve&wQ6l>6jH+wFSL+(^qKszxsvaKM{|k0!?v%nD<+yQ0hG%+@{IUx zZRDa)V7($HP^GmslEd5dnrL<$?oh-MR-dD6{2OOM{EBe1m^4qQxO^YHz3YjVa$xU)?Lz z_j2;!7%y3fI|+Id9T#TmViQ$Q-u)NsNbYE=d4oht>8q1o5(5MZ^xYD21&TYLw~((_ zWZw#?K1RD>%`tptXIE6H)bKg<5^!L(aUNH_-lu_0Ns}0qh~{kK>wp3;58g+hO2U*r zVJwJZu4AcU@(@2xIcFyVO;L|(Z>NkVk?K<7Q#Y2U*vv{~K9n8y3lvnjzf9oqb^rNz zANh2ry}C*}gkA~@L80?ErqXl|v@|nKjZIge^N@c!f6qooAKZICJ{~b$a^>2%AOwnN zks@|d-?|s%aLVe=%^J@E+Qgi8y*q4(l79=WNTlP^Ho(y&5okOo*-m9(=ohiofyB)djU%M8fYIq~4*EoFA_UyFN<34B)@EtpX3J zuT0f-=srQT@3Y%Dce>;)H^#}#Loa){d~&g$>m?B-c`k~_B?iEaJ*C48hG#mj(la#|m6Bnh zlp;W3#n+tg%&y;&i4dHb7+Y&YA6+bml%Mz9A{jOqR88e+Cz>}JiUO$&q4cIza_P!H zxFIwwbzOhk6c_4V83m$}sD-M?HAJlGWH%?7fMY^55=0}SWz<>ysmIpE6@va*X@Jg} z>r2SK9i2M!^8TPKE4}vxsv9eaXR+?mWaXH|Pq6j@J1$zNn*9@~ZAhgms&Sy5u{?yi zY8O~sj0S9LZIR!+Gf-z$RFG$O`LJA_o^A=YYY(wIKxbjl7G;`iyX)e8wt^Egm@WNTse-LVPly*c94fsA}aKd?UYs z^~(PK({cW9$k_b1lh$_`XYQp>+3F~o44|O98&p+KcZZ#u`+5qdrdI?f^F(~^+Xg>o zsG6aTe;$T@ob?M3aKCI*U-UG}$(s82vhrD5XyNpnPvj>yG6=Td8BMbfn3miw&SmBiiv(6q zq2Q0qUm4&6Y+G#(f4A9P11ithP(S1@!(P1EXHZ znnA;BokJ3bO@mF17kVw#XR$64Dahfz6zA&C zW`Vi(T#fdr!+&ET=s}xc**3us)uLVJ34-;(cBE7V#i$&XqX@_-FzQ_p(nnN^fG05& zAhoAN&DbnkJc`@G2B|$xb^tP`oRrDk96Px8r{Lghuvl-hL^wDwa5mk^fvKGw3e1G8 zoP~M+%&zTDClb7z><3=U{Q~{xSNFq-cU&0~03ZSv008H|wBzmUO-x4#e>Mz6AqKkO&X&2|?jdkE~1i0sB}?BaQ;n@`@b&Ft>-@2Gy>fEh_7g&I|% z0(PQ{P_lA4xz}_o)1;|c>_QB?lAL5cy?zXTpR?1a z=$sbc!uG3G(p1Gvz^}Y5YxXo{jIM+lpfj>cdMI8rs?wzCn2TOpPHidKJrx@=0}e{N z&@i*DTS*83oF?tigjOa5fdv7?7C=`;>0(UFsH972yU{j|q?lOAAA&dX==WFWlTMj@ zs_A8iUw#>lJP6*8R+6Z3G2-0qzHf*L5KX6M8Y!;i?`)@LXjWfJbj;wdGE%il|73(@ z2+4D2j@Ag>O*vCGWoYU~Qs8k$UO>@=y&(ev?rW(C15lU?HTc{l%;_a%FG^Vt8#QX( z66pwvbZ$FmqcvkUiu;{EvxwzR!8odoC@{htUBd;uB0PV-$8DvB5}ied=^&EdCKN6HC(^ zfe7M!qXB+%3O0elZxyBWFdQ2CTML=F497E@E~J` zKK}m7pO^FFgC}AOeV+LUM8kXZ^!04bBc6NATr787cw

cwdpgzax>>l-lE0@ zMqrn+71eZNDY^;CNI;gThF}6wWfh5Rx;A3&jA%Ue2-G=oEOu=Yw{Ct&+z?wf&k-Bf z##mXM;Tr&yh&UN6@75{#x5MF)Xd`sR6J!QQISY0ZvwYphZkg#R?glq(zkF!bMrKJ2 zlO5b_ZrXa$j0d=Z{F`^rU4#?YGROJW_^tIS|0-4;pS_CjezVRV&p;-@C|@8PI78`X zJcYpt9yMBevO|Zlqp;?xxaXQ=)&EAq7dPX!zyKL=y0COPcXK!V^c$7C+SkNM9Z!*h zS^U1GKBw;#IBvc2ao`t~qeQ`3v0~DTpTZ|*I^Z#rG5mvyxvqJ%r67{Se!IEo3UW5L zi0g9K5o!e@!X68@iEx#VxRQr?F;*8n_)1N$<6lRgt|03}WCKFZ?!Acy#54B+p*w?` zHO~ z3q^LhNMJOWF&N{aOIhwt#?6IDHcA{(KBu$}v_i z9wqacvY~H~bI?orA7amsoW>Icd7N1T;k&7-_t0w7ZhE`CnNDmOJz9jDZ!zcG<^$a$ zer!LB^j<+1j(0Ha&{|v44lRP&Fv-#I^;Ov11%BR*1&yNKx z0|^5R+!(Rk$Y`_LcFQhf0qyh}?p*^bLFZD4LB#8<^EfZ4AYWpeswGuAAgbgiP|9en z{nPUocMxL<$)1ckSbfF%+Q+2gjaginl1oKZ;EYvfvpFIk5cek7FHQ_DG8+*Xf+QbF zxSGs+ad;V~BW{xKOo<-G>qOM6xme1Sk}Pr`u^5q6qqw}gopf+(G^x#BP%V@QypF|% zEJ7b(ENi<4+4gt1v$`Y1WIv}BmIYnDI^%6{5AOLJNzv$CsaA#2o9AZuZGz6v0OQd~ zq_JH~X&Ki1({|iaL7`W6HpsB3_-fVM9KgN(l0-dWyVHx>cMV-uOo)?qJF6{PIpG*C zCmD4pN3}v!C_kXKWbVZU+;6*l4O#(iMxj-HqS%3A(u;SSXS<` zE2kL*nx2Yd*eb()H)`LGu~;d(4le2E3a{D$a7g<4^U~#Oe|zDYg#NDkNYaip>4<;WncuP$AKJh_TdKojo&k>GQ4TBPguCFP zyTBMA1%%D=AU$wRTW|Z^C#rQb@qCZ19Bp)iUc(DxJK%25G@f2aNief0)`+%>lWdgC zJ;KaVl042w2f&UD2q@`C%w78kapL>?s;48C;=4`Oyt7&Oj=rGN7|P2%HE>t{=z-Wy z&m7Mx^zcFXd5^Nl^n1lN(5j2~vc~*c&}_k5SedC1*8CNF22DXT9aIL{vQY((FppZV zY05=K3LXcK9fM_Dly{zKEKC}iXl2uZMqdy2=YHcVl7^7!VnHlEn+9og_wzGm z5BgTaj9x5~nzZr_Ey{F1HlR~EFFVFAt(PhGi|koE;zl|Pnx4Zwh1JK6*?I<&l`}88 z!dKGLbmtUjJ^%cC4D0gy2MEWx1<9Wsg4A0)sK5Hb`~CLK&y}AS`a%EC$Joe0qpcygbfQ5ql?t~)-5c(c-?A;J;B?s#vZHFbn{OP z{S$Oigu^UDw(-cwOGl-M(8gJibk#IY{}WkgkV;U~F$ilo36@jchQ8Tl!^%pk$w}=h z!|xeTXSxX0FHkkA(?6LtQ~KQmlz0eY);q9P_M*>?ePiO@=Z>Gl68v3id{aZxzZ2Hwv7=nuFbMoc8uPK9 zF2a1|;u{|*InKQH2d(o^;uFt7YP4;c?C}BG1u2ki_=;5rOWo0u6#yS(261MQaPUwm z~u?(qlx^gLl%qkMKn#GOJgk*p>jtZz{h;7gg5Iz4iTU82lHg1+T@eA0PRNQbQ zZctP8LFNZmIxF}FEgH06%CO9V>aBXhlTb(c3{$xzE68WF7_o*Xsy%Xwmt8k4j--$( zSXSNe$jnuq_tTj}cYO^iyFeXj&d4WQby+@$JURh(p*dR>meC{-ZE;6B;D~E4wujhO z?Agd>2w~GuCF7gN)i7_Pk~orwLCCX%S)8$=fy-cIW;8r~kr zmTzXmi7i&oIHCBaqVeF+4ut+x52c#Pbmbjtnn9pqqP*B%6QL{E$ zk4W8tMvQp%bx?DHj2fiV{t?h+&RfV2VQIU*2^kmB0H336z&581{Sz^3CXzB`LF)@t zw2s!oo)yQCwSPwz39Z(8pU4d=Hkol5(9+EJzPZPy8BzY+bu|i=o6Q3&8JDJRa`EH0Pn57P8qySgS=r6`P;+$Xb z_Ei(7-2Pe^q9e`Uq%B#k!;_<(?{D>rwB6BL_vHLu-AU+~nw;$Q<{?xWc90>*D=qG@ zDCKC=w`>Dx@_Eoc29aYovjKl!T@dJoQhTA^U*mTbJjI#ohP0rK5!&@LJu( zA0>}J9>=gN)I1l7+P@RM&DP2MNM_BVJB{6UJ#_!!eACtuIs zCf|<5jh$AXo48&5$#Lg;RmGr>Yr(p&!7E~l;?ISmp8*&a*oCcFeYqwY+%in7+sIX@ z-y|q+()|Sug{b-V=LIfH)e91I00A`st0-|z#Zia*rKk$7ogpxW@e`>5o}>Yma8wtb z7$}C95tg1n%rq2t#)^uqP8xY}abM3ok$Hh90sG4nKaanw>E*qPb=(}?9^UKNdG0e_ zsgyks8suwpUX$q?3YUPLslwarT0<_+r#G95_HP$HPgV{q=lT9t(5HiVf{%fLzG2gj zH&dr)BL6^rz5lo&VVE<#dHBhMI=p;jNODp$LLJy=pMXryfSrTTNVd`1GyhPt7bQ5; zl0VaxUR*6AaCKoHWajc0$nAZXQlO{27LRnN>?vRQaPYAw>Fq7>Bi63{%KZEbMe!$t zT*}jba%dcoDl2ufv*yXE>2+n$hXyTwWpB9}(su?XI8)ImtvY75f|=^Znr9Mm7Ethi zQ=lqFhQvQC?TdRaDYm#5a%t<2+>Lz4L(~yBUfbj-szNs12QBi2j{(ovjqR?T_SXDj22bbIZ}L-L-G<|Gc7B zm~9B3|6NT{{~v>rv!}DZvAvy{rMYYZulz6rOxWuu>a7ys0-~E+f=0kT0HWDW^1{Sg)4@HRp&Nq zEG}^;ffLc%^q>?@CJ@;RG~k4#X%7eqT2Nf-w8wUp$c=-2g|`*Bm7R6($M`qFZ>;x}SCg7xnSi6@ z`52?)cEkga|L(Z@r{FSlGIzFB(X~frMDUrd*GNfMBP^5%2=TBI zhC-#S{Q#7J5asixZ#-z0Z=*l2eClVuBmphq%W-MniO*cWhYf#HWtAx`>oIv4yfet@ z3BkjoXv$819UB`o;3%<#pq^9-ml!R>v0XN08=j}^7r-^|o%SeuDRN$qYZf&rHj;)F zOMEU7R@SUmOOOYh<0+_PvE>P1w`L!{ zG}zhDXmL{`KAB~7+UsLngH)oqPayYi>aa={jBmDd(OivDy@rW(q8e0s5x%4gXEafH z)Ue1NeF0e_*7PnKh>ykNn#XBlFIl&lh5OASxe8~g@`LwzT*LxRc2Hy3%Q0f>UI`2x zf|;JR<=|{x5t^x_2kh|`V9)jhOq5r4&a*sDn6)lKImg zTK;xs*1m7nO#Sh2adVxumrsZ>R_?64Y}e#&O&>z1ZG;2sPhG(>i#U6p5i#b^`Ns9h z3&CR2;D%R?E+(PDHx}9`7-{rAV5+G5J%kp0Vf+x^D>Do(31g>Jiq=ZoO({x*$jhAR znWRsCaghQP-0?xgnYOZh?d#GLWY@OfFMP1Bhob1apL#liBHT_}2528cT!wQ-xJElid&kxm^cS{5Me^{dK0M?XiQP^RAGeV4-ER3A}owMMc7P^TOmqFeRp0(=3crKF*fjk0L`0{pP@HmT~;2 z0mr(ALLlmvK8?2#xc~ogu1!D@D}$;~G5e4K0Py@nGW>6r)7jZZ-_6v?(#%ue%+-$G z^q+K${{OC7+L@a={WApHxzHJz8rs&lxT>V+e%`>ax`d~|kP=A1)57R3z|!*q!!Qoa z5l~VP)TWfU5W^-dENoK};z~gVfq#F^c&%!lem!%~YOQX3cE0%PzV^O8UTF&oXTt*+ zpr<6Jt0lXwA_D>hH~;_$$e*8_SlmF06WaJp*&;}2b4-AS3UnR*q(2B4X>0zOs@ z$LVP2#yJmj5DVf-fRiw%CrQNKnjeKVj1C!^(%o}FxzXR*+CUl_McR+Jv^(72+&{SqGlq6&?|;1uIP@Sey!*u9h`IRP z7k;Ye_3R+VfxOz=vAdygb~ksX20;oD_^AZlUf&K?5LQ=y(Ti;m)X?r4a@6Ii!9iR( zfpfs;K?e_M=fttRh6y&-EcVga%4NKw*}j6f!S%!b9z&WP$2{4GU>7H_&1u}D5SK2Y zoxc_O72U;ey6PSK_WazDj|BYne7F&Gg{L8Kq+-OPM5afefg(pPCIFsH00bEZrKl+Q zdSF5zpl77F$KyiP$j*d;NF^lh(_bhK(h4o)3CJ4m+1r&SG%*o?c5Lz%71D?UpF6H6 zI@Lo2F(n%UIt4yd8nh@`HZWl0!+;?j3Mfhz=AKvf6f^)Z$NgY8(i^}B1f$G=c>|1+ z10xk51Cb97#I00dQPMGDaFBV*k-5r&`RYG@O)V(53W|v2Y@c%+FNgwo+TCEqgaLTe z=cNaP#PCS6Dii@5CX;i0zaD}fCL08Q6v|{QFgfZUav0An>_9oI6eQ5QyLE?gL5f-8 zK*&f>4nWD}!GV#O2168%^o;yX373QFcqIy@Li&{qlTCx_a4!V~XdEvrIjaP4HIgM@ z8}XMgB49hVALHj)1HuKEa}+=S;qx#hPv0%x=M{J*=m6j6ox2fqf?x0kxD|YV{oJAk zgufB|uE)sgXLRYmo&9ALPk#M5r1yZ2@t*scjDNXpC;$D#FZiC0e_@B;U=I1Tul?d( z>RGI%rJ<>zp<%feqfw!uO;HUGOQDSv593e`=i`r_!@yBm_ISwfHHbjgC?YMN#rY$Y znmUz`YL<}z2ZFGue7=><8t|GvlkK?ay6%Gbm;N3;| z+d~iu7^87p4hf&)ap4E1n$hR%WoS=d9n;dO|9MA__wCMe_EYw42L%U^z`!1&osfMC ze|dG_C*SoAHxvTsVCX;%zsZjd1Xdu%mEGN`@pFSbBS!}z&N1=zlcznjz2!$82mv0z z6QA3RoCAIwDDp> zqu*}g*O?t;VPhT`?6341ZryVsdyBT}}>jt3V?YBuk@7J6Dw9j7V#YwFV0w93# zGL#G;q3bYL&n_yW_)=1Y3@`IOV`Kksi!gJ4Cqm2XA74fm3Aqow&>8=|Q^jjR{cq9`k^ zBx0p%FCne}* zPjN?@>6xLc4Ni8I%l48ZG0dWTq3?~TqCZy$m)Mt4#m}MRT4HJ!bOm+w40}U3vF85X z)4Ob7Tm$kSTgcS-oO&q5WYX!2LOXssF9)9nX|a>o~ZMdylVQ zVW;P4Za3q1CkE>kXu9vVD6QDf7sT`Igx`EFMUAskAZtoj#5uz3Pv)uf(hB)g|cDCEqA6vV?J`8Dg9-rE^@x$1y81fY>yI z=SyS%^vX;91(oW>E>YR?Oi~M7lkM2$lWH;f{qxqIl-!eg2e`HC#b18~mp&z{3WFK_ zYUI$b&Qnv%1y$!Hq=E>bzOAtj8CYv6nAjO*l~W~sd3C@yRY{6=W$BXNLY-cVGdMf% zl+$u7PC#wcIbY>d=<>s;n6$$AwGhfm2C$Gp)2`a_&UqqL8GmR{nhOYAYul>o`cEV~ z0=A+A4PY2&j&!DQHSdgUP=$Rgl-{7gE3NH=30VJ8bsrA5FZAJApv2W25j(u;c^f~P zO8OaEQJ!~Ie0Aefu-Sb14O0BviQ&M~Wc=l}f^Q@p6`UL!x6cnm0-UzR}9@C6h zK%>+!k-s=}wS`pn9lansKD9T=vkHEgi~OAbXyOBlezXc4O9u&E<3)tuW5D;j{FRd= zP1AD$IrlJf=6eCY@CQ|cG#MEJ!mtIViM74OFt&?W<@SH0wf0HGaWeHlp_r}NW>Eaq zIwDX0_I%0}bMc-4nnVRzR^noZ@M1A`*02}@RztgQ;jd#v2*Nv z#;}(mFalhAUyI4yrdD6Euu5qb{c<%$8Vqv1EqFq_;*smx;%!Vj}rz*T7ytZT$1fV z&N>5LIlG#Xujr;m1K$0te&b0!N1_ zg@!Ok?Fc#zM%o>~ul>UiB$@3n@z3ADKj=#1!R%XSGx{HkE#aFL;rN=1hhQ7hGPb7? zWq(JqB6PAeQWvGz3q~i#4=+p5;U~>xT20GVF#n`*wup3G`unK$Sv&MvzvWDA?ydN~ z!8!-XK22u3lC?SNRpKSll-cd%kBAKfxYL&`ZJe2^o6=mP->%V|yW630`8oOaGCwpz zL>Q)-3}GK=UdD|$LP1aeOMPeRo7KkHp?wE^AwFCi${bdo9~DKuw2DpV1~+vE@yWyL z9v%zMqb?sK6{pr>!za_vvlEfq4u^Se#alW^^ppxvW7URmZC&Df1~G#=42elu^p>mE zr0$0F14hOKU1_*Fui8f9babG9ZlwbxBJ@c!NL2kIn)Tk{i8Ux^XhQG{(#3B|GL6ju zK6)wn{jLfcOFllgO6|aAGW?0>y_K;=Q%pGu-P*ThoOC(_O?%|%J%F%HRr<0V0AskcjMrS6*0AgX-f zL(J9@nM``3a?cv;%G0oac-mk>0C4gt5T0?;RnQVi6RBoTLI~#xxHbLx%&~+&BNh%l9a-i ze1aBc^L~Q4WbkG(I~I{VAWy$$ML%NUu0fcr33$Vt#?&ozhl$4VTpxQb1Jcf)Lf5px zS{|>OExiM4;bbr6LOXJ;%+Kv+7>~s{={DPR)*)A9?JG6v*J#6UCRy;^sJU-^3z2Np zg~XeP<$rlJZSWbz)vN=N)rBi=LW>x4%`Tsqq+57~kULAaLL}fA_?U&gsaDIBcqjc+ z+?&v6)U2Hcj|P03&$H}|mg6zuQNiw1i2kk=DOOnRGC0Hi5$Z{Y@zOPc(5+6dVC%3O z%s?Q#pZmQW08=ViDm*z}1#y*d0Vv-4_X2A}>LqG8$VAt(L*s)n+h8D@opyq`K8x}U z1M6lf2SW}N;x;BJO}%N$FAmKamlxCA;+8IpnTj1}<_)uI>t}?KVgAbZGvr6E^lX`? z^H{J5)E;I$bSRk}mPq|rS#+n$1f~CON`z{r-ZQ~$$_UhEvi)F-TMvT&M0kg&nor07i-*Y;9)KU!wxrwe}ygUf|DY)7bC~|^3%m;X^FYy%~Mq4 z9jL?)kP1`QsUtLXcXaYcX(Dy<*k$tU0m7f&RR2Rd_=X(2w1#Mdi09F1d#vO1fjSDN z)H4$Nb&pf8oDWu(ifg|yh}@Los=>_wblSc;O-@F%T&lT{amP%KNwT4Y4*`QXz6qHL znYXC`t1W4S{k<&SfP`Bo@^8o?dI$`vd@WBTd&(qpfsneeyZ{6n77ctvhDdBWj0EL~ zza6KSuFDEZNFA8e+OoJ*dG`jB-^){J4LU@SA*~lr)$KaRMS4x$(C&>^ zU~C>Ec=JBV69(qOVdInPToNDn4v@Cn75NmhG)cKz$SGnbap1Oc??p%%X1bju|9un8*Pua zQA*yTBCOlh!0Nz8WXA%ucEU98I@gUQHvPb~0`%0gp@(rkM^pF(3nr7|%#XE8$hP|f zAd0cSmC!qAd}a;=U~EcDl{jIAZ#H8L z9Xq_}T8?$!8o`ZuP|toPqr%2VCsjy__R-3E!o)!SGpo*!bW7!Q$^K&rg z&mhp6G%1{daS?Tf=cci7*I4U(9U%Gs#4T7POyU@me{&94Z+6>Cc%|0432(*j@+0Zo z3+NTAMbTQ4wK*kON)7>H zbx=~6>@=2i@388iV6}0X$QD#P3F`0 zNP_&ZvM^#AWG%Ku#kA0ribHZ&B-rV8yWwo$(+KmZ#M8Ywy`^&CZdn7!-F4zvBl_sy zn+Luu$-LuUY*RzX<|qFN55{(rK|xxdWnMuu7`HI?!^>t4##j1qfc}$hRRUD|V3_`JmtQEphmr_aMuR``sl1nU?rB5l zhOQ9XqsU^D0cm4bFaK~-3ZPCPyV^J?@dj#^5f&}Wa7A!*ms%K$T3RjBs!s)|9*1HR zBiW5^X%z0U<2i}h`$KJhMV-8^9)r8&flkiU7ZXVE8dN;jY;P64QSdve6Z@u07LR%-O9@98@_QOhF3PJB#wm+o;VP|;X6cZFRTqE>hbr0P#WX=Kwp~4zq zHp-fRzr&DifQ&HOZS~Eqe0IlG$`JLQdqh#gwtn11PEb-oFv3<2h3(lA_N^MRe3f5} zDODPEC*)f*ICG2~X*da{`0rcF-FAZST5(B8f@PF4OR2!Qs1$Qde*No(ywgUWMvu1p zF?%M%+aU5*E=|QFAEw7-{RVdLK>>>%WJei88#)$g4s|@#j1cyUK?sHBH&yGKX^zLF zl#UuB19Yz&1)Kii?G8K?3oMGTw_#;d-!(~{2VRJmnwnS7BVSz;WM;u z;Z{J|n4o#uJ$lwnYR`Q=^l}0B&w~JePqV+74eUpH#u#o^$2XTwt#)+`wpuWk+M^r2 zOwdh8+f!TIP)I8?ymbzsuIl45HxF;KjUu|7<8H`TiL3_M>RlHq5m1^u#Gw#>xWy*U z5Dk6Dp_WSc9EVkp)x?q795UT{?E=-oGkp`66D}W?tJ$Ee9b6DoS9w$C3H-=qJ9gVr zT#fI8zhd~0)UzF4ek2Z;1-Q;V2izqdH#`D7lo^b_~K84|9W9Z_rsBJ@w)gULiiLyTcuU2QL#c4n zdyzJAP6emV<$GR_TugDZciDWvM+cJu%WL3@e(q_H7ComVZ5OEb>x3i3WK&tR$;tB5vqwXRk4bPIqhEEJc?-UpnT6|;^|*} zW->Yw&)rU@O5QwA$Rn(pu=xYY*}o!f=h9s*jZEq{(+E$-&`NQ|ET~j&FAyXo*Rd$+ z(PMHwyCxMcetG9WUz9rd*nW>v2p=wrCH)2jB#s_atRcF1m z7#G8b{SidfiJP$HGtA zKZvU3@i77_wBw}5N_1=Cz4Gf*CbamlRjDmA5;B|W26Yvxr8S*1hYJHz9?CMJ1|HK9 zmd!}|1vA*Go@dZ(3l1f%)5hh$1d;6$0JU&0_=L*W%KQ3p(1!tyi*sr8s*pQ=9$FcC zp33?W7Z=A=#x7Xski{+a$`$i#-Z}%NLcO?CMTFCPpcPcBgv589h6{PJh#LwvorD)V zqj?M?g7O7XFGn^W+4Ca3npfV{0^ODu@7G~6g=mX&jZmsqQ=-T=q`McHc<|GmI&+JV(`vI*wDl=CpFKEk|w8(-ae zies+pRgMgfN16<37Y#xVa^|x7kj~#OjjvYh_4d5HE<#?KmVHaPwY?iZ*LYfNwSms4 z0lJ=6){MW|nrs!HPBhx9@0~|WvwFm!@OINM8$f*&64Qvo9&mG+2UK|eRhWoj*^4Bbl|Wnr zxE0E$tX=7XPPBw;)=|A#G^*pUrWCWwif9S{YSZwYHze2s%p9iE5Ier{;OaG$h`-{I z2t=AK7$gvVIW{2jM#s5Yah(|ctBTc&d4l-YSrP=9l03*^q+=>B;z)PKvzcJoIh>5G;EG$WEDPJ#7<-MZbVf z0kzf(!a3Jarl2A<(TL`Hi(c@^AACi9NVWb>dgecS_+6LK5es9QFyb%PCxX@X__`~P zdW_OlvC*L6WA%FBJH?BMpz}@TmfZ~e{zaluY`c6Z($3O~_G*agRrDWFWsefmCfaZx zME>R*%`#3jD0XJQ-C%KJI75nS2wy?(`1n`dXO9zJ{50>%UNw^9w9go{p6YHw_6lG_ zg^0E^`Z0jGS`Yhn*jhI=Hk9=)bx5C#MY})m_%s6jh#Wf{i4vsVkj0p;2|k3Suxg)= zs>anklubKF}GTUDeNi9S}>F8%%sl>TtkcoBwJ&^LLB;+|{_R7)(bBJx+GQO#< zv%K+57$m{!*v>&`} zlWX)(qu9s-G}Rvcdl%?qrILRhk$+1=RCBk&HrRUfYn^5uC!mt`Sh0|n@5)-E*A?kU zNy*!MfflOd6}1BF7(A~m3Y@rd!RXZ+9h|Git36=3rXj&#-tL{ZCaX-e^xjNU}V_yMNhIm5zvm?F_!DD z5jAL^Ep-39R8dB5h+lOpVW&&EOq6y@@?X}=xVMR_q(|RnRtArbwk{iD09e$7JrVdn zk(afZ`L40uZOIaKafowo4&`$OiGU})pQd_}hyeL+lRt9=J0n&VQiL=&!wne*237b} zHmUYiNIcf1Q_1;B9|{G`yAlJl)zUIxp+;=p$@EFG=Ueu(q^~C*-L6k_@s%c_@FI@K zX|{RblxH93FB+M7Hygr=8-#G9TbXoaA3+^7TKu4y+dBQX;>`8Vt0>dCdXe9UjC|1p z&m52x)vP+eiE5M#;>LMDCQDh{NatQ$D^D)2emt%8?ir{c-${loV?L+fv?Y{;MJA&v zsG+2sRTI^T?&_;`-y~@~#&-iK?@=<8=4w;r`@K%$B}N{Z1p1)j;OUOW-WIQ~o0G2(yA0($Z^6RH z{K#&-9KR?m*zz(6Ec&!RVdoFUyw@RL{QT{lZ_eeG6WFQyl#(*~AB% z#|&gO&e7~C=I-O}q@o!Fnm$V6{XVP~Pyijlc%~+Gv`sIcafu9C8;=s!=virAso(XG zv^H1_LAiG1&TtJ?xHTr(zw1oL?LYF?Z73T9)@?FfKUC7f^1!3}6fCg+X}%IQH(k1} zPY*lfTVmP%;Oiy+{y%0AAP>aQtFnAgsP#sGX5~}%F``En77m)7daK;Z-WXqHd*IZX z;0&8A!4-`DS9aq7t^vEw@GK%y>JYFU8&wLmA4-AgmTl6ka16XlI}9YT8>Ms( zOhI7a-b3{&9ht(XyX7gD_L*6^O-o-usRqd+P)^L-|CYWWT_Oe7gX3*>NBV zd3Yz*0tyf4exYAm0n3ou7Hkq6c4N%L<7UUNe9BfenOn7pn!I#0TSX~G`ZJT}E>^17 zrazNC^RAO1Z1*NbK`0T)E2}rg^|#h!%C{FfF822z7S#*MtCiyNaiaZ9z^>{EPUD_P zqme#+jiZtG6EYWbN2DpoOKHb-OsQ-dLpm-h)C#4><-I}h?SV5`bcHZIYC8`l(AX-8 z4TU?Z)gj z9@^>Oi7OP4>gmP^DUZ^KQI=i$RJVw>_npkVc}vEgyU#J{D+ZhjG5pyXQ&nqZ&Go5< ztiH8)*Ox15)i$dh)3Vcp9$_(Z|1iADsDPMp!x-fGLmH?XGriOEybI#3|d#OZmi$}1)VJma0 z-YYOlgw?~?mUYcr)_G@=eDp?1@+c(^DO48E8Qpmi@N|d0DJ!idWq&w;l;vtWQTE!S z;;-1+tLY5N6`_&P2OY+=Ecr@zwQ{|qaRr+mfEf_VkX{I|d%j--wwPtQuG=j;Z$w8j zv2EI%+!cQPzEXp#l9CJ>oA7k;W4gMffkHeRSz8uKe2w^sNvuHQZKi)9K8;hV|8O1U zE1kzZz^*krd64B)1j*oqnKfhP-bHL%x~{(?e1$QomVmVtSS)$?lNpdb4*LtAZZz-r zMl12S5)wO0l39&Tp`Y+v#1NsSMD;;^cz9#`Atzdhj9zX`hyUZA$pVReDvjb1v{X!G z%xW^RvBf5yeR*;lw-B@b&>trI_*DpnO}gOh{mKL9Q-r9sb*ncN z?9P#hOx7CEk=2h*Rkj)sef#@)Vc1cQhhYc^_g`T}>}b1iD|Jea9oshWkh>E^OPYBi z@)73iUWgc|98PH1ZDAKQfTSv9T3xb6Cp4J+k|t?mN6slGb5c{ExSo#!w|f9qMuEBy z8+G@ZQLsTgC`ELdko$-ZUVOb)OuZJPKMQ8m_iDt>N*71|u@0i=lmMGlW;y613JKJhdfzb3X^rM?Y8~Zu9 z^%4bUg~oXuu=6USB@j|GTxeGvK-S#vg;mwb{=N`T2s=yA*hWDb4Le&%>6)Ui ztd%9vn&NPX=LA-IkS4Haw2mu|J|)F(>-wCnBhd-V4YFb^{>obWbSL@_xZ^&EsJ3;*b?ea98}>z9>vR|TjDyTN#g(LA zly-PcG$ys{XpRw=lV4m>8D?$!#46zSBvyMfRI{;Mahk*M-f)9^R*-Lhf-&)U22K#u zUrK931kh45Ee_F#%nVt&04XS-7Y)&{!{elQ5awRk(SJ8y)9~ojWrP|Ru3J`o@#rf3<2dvGE|&;Xm)rX?+ZE zs#K^bNp}cp8OBl46o{@4h$f&Z=KGf@36)%|I0gwLiQxa+2!Y2A#JYzcX6v-SYKwXi z3`lojv2$#C^fIv?;Of)UWp5&(5H6irA3#Gq0)O~p#8v_~{BUX2%L8bfe+X_V%Cwi` z;Yyc3QhY*hgq|jcLt<;{kk=hQ2csAi@2^5HD9_c%%XIoZ;WF+K;-+$nlqQYfWR^SF z(#@5g#$Y+97dlH_wbly7&%tlu5aa?4eJR_Z`}1E&_(_~LUC<&r8`#rPPZfO1 zaZrZT$F1tsvTPH1Y1C2%bR-dLU#&LF=w#BSJ^^h|@+|T$m?`PmBaeuvZG~3 zlcfXg$0Ba23K1LO9lsHBSQz4|2pU!Ih$MkVfbTg@*^9Z7_7{V{s%Ps z!Do&RzyHTq|IMBmJ6Qd1kgcG)z_$74a@v0A>yKyqKSDNV8+t=KyU3Vc=zt#rd(AI) zs{_X18MetA7E-Si(3n&JP2BZf2CL4EFwXS)%`n={v1DO|6I>rV(Wd8Dvwmj7#EfK^ z*bZU?xFnMc-=m_x9HwRMD#@keBhFsYczWX&oI@gW`$nwxkAH=XvT*$KY>Z9`fQ+N4l;J=`ScYb`w6^g#_6&$@Y!Toa$is=Vy zHY)#0sqhjBI^hvlMk2HI{~*@?FnoWnheTC>{9fQsvl8q7r(4(mZS3HrZ)R*|XYAnk zpODYRRaNEk&PMnIvFri8;5jNMCpQ4~RJnkh$d^d)MEY8pgwNNPP|PE?im($PtprvO zstO!SEPW3Vz1@18)xPw3?E0)Vy*AC`dE{j2N6DiPHZ(}pGc^in4Jl&KahZWci2ybfj=p;xY47X4-aD)3Vg|_(h_Q&LBEr@Y z93Brd(TgJ#uAf$x_7NO30SPC;*_wl7#|-z^7Hn;N5Kk_mCkJ;%k{AqPKZ@vE0_9&( zPtPnllmY=5_P>|r)qQ>xy@i3{Sv25#_6K{>)*dG$U~V%CSBn7we?1pU3o zxeo$M`Py%Jbzv=7@cqWbgc#&_)che+;QJx%O9M*CpNbZsoPP?SK!k3AfAv{?|LO+0 zLG22`7xc~|&gd2b3*R9TmNZa@KqS~gl&KYh&6M~<3vxmc!KJ`M=LK5;3vx;cL!}6b z!vBFK1DXXs@r!%KCM?OPmP7_4%c1c1O$8RDR1Jp+42YWn^8Kes2c@?Yw;4yu0DVK78LPC!nWK|gGJ~SQii_h88&VmBgzkzz+yA3~Y z&zw+L1(msx82L_Ex)?nOsrc|U>}0^4-Vq6@K*@kW3XfYafDxdYgKdGcK~j)Zq2A^} zl*LPKyP;5`P`9NVu)Uz_K~msE0lmSxO2B?l_r0`)P+XVBNu0`B$k^D}P>~QP(4EXF zXp&;+4OM^qyDQxigfQXd{FSd$-n!OC*cY~ zcYz>S;{@l*znS-*UsU!9c)*}Z4+k%IFKOM#ygET%I^6|d4SeuF-oNU}x?%aqB1sd1 zZ}jO}X+sgWk+DD6KL*@DV^jsvY28}Ocd{J-C%Fd|FJG~OutF~ZrhAc0oxCC3Hu%Y| ze7qsIguMZ%2!!}fZZqGIrXS-B-YMVVC?68Ee*eA+mbbcaxOz1)S;8bN7{S87?$smb0o~VeCHbpkg z@IbW14NHrXN%eSrolI5kg*iRJ04G|T`4z9lph1F1K|>LdA5}vXMX2>=;@42B!(MM` zn_}5wW6^0}M&Em>8sT(CgMxGz5c)aHE+?dD$(Pp*g?*IuZF!ogG^ zc%WC0+;7?$R^OKE?y5TnaqUiTyN*oPKwP-HCjlQUeLFzt4ego9!2tw5(yi_8EjfsoJO~jyu)BxO zSOBM1gqavS7grHU1Fsn~F!8==JV$+y06V9ikq^gu#|L|%-X9|g14)q33^q2XwD+Ac zh^&XXB4EM&?Z}3~3VR4D@sVG0C!p@snLzyH@Z8&j_zWEK&G0DwA<#9v_kvJL^QBwD zL#zwrTiydD0z~+n^w%aa5+Z0~gcsvrlSX^R(^g4|Lg6 z>107_L}MPB; zdyEq<&v%=~4mK8~BIhKo9qyIE*lZRWOAN#3o=IDjMt65tc-#b6i>^Z}|8<)`N~{x; z4Y%v3FWsv}+LH%1$fGOqeLhd(=v3y1$r^>8(Jf}SP#5bXZ)a!aMaJ;dew*<)uqs!E z@Us~!O=bTzIL8umAU$Nez;*Ss!f-ZvpNi>zgm_OaGTr{YyJi%0ehV@!>>PJ)e9I=(; z`CxJI8m^wX&w`s~RqZNW7yHWaSx+FTw_DHy(QY*Kz23mM-GEixWXhN%$*{;+=~N$; z%aeHQK=`sp@w!Np{T*)l;{^#?ScHn##wbkyjjkA)g{q%YZ{zrhDRg7`?w(6?g!085|IeYH6*5FFL5%q7W z*`k}eO;x{E=maS3HC=P*m@0Qyy@sUCJb&vrPLU8r09BVS$(-Sn)gPCtO#rujhGB!nNdQPhu zUykUsSRE|26zSO8aYzu#Ex)HXZQDlsg)Ue~8z9W1WY?65vC4RLPnZO{QASsrqo?ar zkMEKvU*N}&QOq?p?D?3H2t0o49cHaVfcxMwa#vm~#UJ0AV->GwysYVc%q-_+ z7lOKMZnMA{<~*BKfci@ptY*R8GKt%_AFt+c#S=QRx5Ee|@iO@9GCiSf<1#~&GduT< zWk}&Y>fC#f@|_3Us)KZ_mV>1(RE?owU3DHJgxiqgKGo^XSFNLMSf?lrvs#bZ z2#8YXn_#^2YqD#!@JyqmODDQ&p9}a9UqqX+$a0bEBsZ(S^KBRQQ2uM5E*yi)tO%cc zD7l6|sWQ2ld>24M{kRn}>jX%AeyCIPH1`_Cg(Rp8qOhDk+?oxjy@#YiDQ#Hh_2`XV zxpOp`$6>TQ9$wWxVX&R)*wf{!{)Z&Q-7-vQVxms5+o7O|Hxsv%~APQ`*V(h|DX%#PZw!;O^67i zs@dVpO2@7h7qE8*Gp!>fTHWI4Tgz*c!(d3kAJfi zb(`C8KO|q20SNxf@jyl3=xu&nE*92~8}GOd80k7#3wi7MM)htMR!Mdq@pY66EhpT( zk#gc6#u@jN%h%WL@&DaeNg5`gb`WHt@17L3tS;mX$I`|wzA}wCx2$k!i6s2q&G_-k zhVSW0r~Xr{+JN4?$~j?(S)C9z>_WO8ELDbIF;YDqW7qBfLRVo{c7|rP!jQo1r|VeiMoUIt%dM)^)&45nlI;xjvaAn=xx#2E_I&>Dpz3XWf!@8Nw+w?=qv8(*Dc1#x zBEt*QiS*lTQ&z!Tf0%{10rQVOYJOp2JP>Fakf~S+o2$)fa3vXTDFhY8>hn4AJ{h#8 zKumC$^(5V~fctm0tK|t6o-J7heIe=$Vu3C6%ER!n5rVWe1@#Xu#`gLQeZeNW=doOG z+}RGslFH=nvgGOEgRS%ERgz&eFX~?!C-=;1^H&zX$3@CaD`>u8Q+B+6t$A)J60ViF z2-z-XIrHry73&qaoVU_0CY10~6Iyv>8x-}w@s}|Tv0X22E**PnG;%j0#qO!@o6Z_y zx4?u^lRXXD*kno}1E$#kYi-0y&g+e9vUQCqc^jtnu4qkIC!*b~i>&qbNp1Mf{A6LP znpUM+G7+WA)?RG9^Y-tclffqlo>gQH4Dan0`14E8nocN1=q@I(-jBJ^K6$CujT{wW zHB~~~48d-&Q(;o_IlMe=q8}vCpj!Sqm95^S7%c7qDk}PCs!H!+lp7gbt>mER-ajqh zSUc~Ge=goD=iW@^&V)>z)S?i|b#T0&!(XTOv8N{S2Xvq~N`fL>oVgcy(~xnob&h@f8r3o!mQ(%%lxLQt96B+kRnZwmItmrAEj&2Gqy9hdX!@g7uyuW@|l-H+?_)VjgU%hKX=x?~UY#evw1vP3u+oTHFpkxlJRG~E#QEI-m*RYpZ%WFI_C37|6#P(4kz%K`3O~I@IXQRS zE>V>Cyd-}dG`ZjBj9pfyoU*1im-pqb3pebI4o8hrCtBb#SrD0d|FqHsGZB6Hq?(0# z8WtYV+B`&d3%qTrUHUT7MR>U0kI*EwU@(%~6GL%QOUI>2VKDFH&l(nQ-y#N>~*ry-Mr#MF_EOP;u+P>A?J4rP3X{-i50^K zUakRUG2=BAn&$A@SSB>AC>_Ki$iy{41VM{+0o4`$7Rsc%M}NjNvt^~zuQZ1Jw)%0+-yM;vsOFolKxHnybKIVP2j z#jUzhM(a@IXvLYohgPvqb~CV53W zYKB3-n8}Qc|G^4!+Z&+H9=5#s2*)8=co)8zULc0;7*txLF9P$mm&t-Vp8)I|MWJJ@y zoaiNTfM2C+!xe&wJf&0cvtBN%ZPm6&iuYHkTiwS{o;kR^#KjJHm8jPM?<1wdG#anw zC8G7=KR~Kf)rF)cH}`}8eHREC56L`goG>2heki{tkPhzc`r=nsu=f}n^-yEH#)xTq z)zkDxj*Xu8Uez_gvwfy}p5nXK>P=FCXBT=CewPRIf`Q~Q(9ZukwH-DUOu6mRzSxxk zwNI6FyA7MnwH{yHDT>z`+q@86{?SyAgu(0-9bFEc6+B%ls;FD9ZL>hGcnYdPhaWwO zn*^g;JiCJf*L(V|A5=$?rQypx&7k8JL$-_bC3fohqM2)AT;d;%L>TXOuOb0kxu^Gf zBg-H`WYifvTe835Y|s^0@EeoeTEE7HmEx2=i$ zR=%z}{kG}LE$JtJVUe6;1Mm5U=UO(I=Jo3_B-@)$bap;=p5}k)*`vV1;_cOsannvQ ziyD_cA>68MKD}lhN`=Gr;WwreyN?D!=YE4#X~&n!2m1K>Gf9^MOX~;3+%z6FqikvR zw}=j3nCec_w*R)eRYFn3yd;;n7WKU`3f-YlO%;%_W>=J<7G>mhz8 ziMH>iVv-?lk`mLv52iUz?L#eX`175_8WQ6c;bK~VlPIu{0v>+WffJmdzlGp^l?Ew0cG8keS{K+{*B^$ZVy%4Fv&Fae!+Gz z524D+8^KtVup6-O*Wwp=)}4@uT|_txSlB4b^EJOM*=g#~#CK2C4aU+cJDqSox3jWq z8t}1AKU#k{>eY0@QA{|H(JxRV9U~_#!rfr))w1>I8*=AQC_q|Xf^~Kljv}`nwBbhi zLQ1O3Nmt8)x6np8F6lNu#Zw{reulk~cfYN$`e8AXmuZq*B*}?ZYD0PdV|5b3BbT&y z{S}-Q)<+Ukr=ZVPXcIb>>zmvI_rR{tXqq>;TBex-4cUnN@eG4wC`1Q01*kMIDgU<1 zxb`r0z@%#l^BRffAIe&m79UM0*K3(cxDva$KYZ!DlttubUZMi&S7zKZW#Lq8B{5M6 zQH)5tOPjX)m!&l=sG;CQa_`meqrm~X-#uGrM?3DaoGeR zdkcX+R6^T#A0|(S5^T>W_uETzDef_1lb(u;l^i?$Z$^7L47kSOy5e=^DG{_HN&Bp6 z@jhXVG4Ki@N3}0K*CD97?MS2O`ihmn2zMQ)xy}kS;vI2tGUv2fby|q7(LOL0PL4F? z(%la()6lMQ7Tv7shlaaov7V~e>IxAMXso{vwP+CNE<_Y(PcukyXo8OruI!@%C8*I( zNy0ZlKGfds&kEw_%ePtOD%|LWn_MD1I|j*}#TeSQkyDMbfF{mVXabuT6|aT}XqV3> zr~sxQZ0nP>GwONE_|-{Bt!&6C1&vkbUWtCHosB);n&$dZl{vT$tkVjb-e7||i6Zqyfw67AS3 z)AgpWR#r3a7>_=DtsSNo^Ub_&4kf$`_w5YBKmkiQJoG(4VuxN-U~TKAJXG@hoZ*i= z|G3G~yrh!@!6N=Pm@-ypCYbD}c%Xfd2?O}+QW!K-Ue;Q&3egh9hiO2!i%9qz@tONd;-E*p?gc+C&aSi@>ak4Vja?>_z@Q&uA90dd>0 zPawk5s`jYvFX9a~sM;BjQ&+4yv5r{G6BbM5%*i0uVSk&25Tjm$I2BiJA)yI!GuWOl z8D(CM;l~d+C$?-n@(N2r=z!k-XV$8m6+#6A^NRcs>1|O>_D{gjI{U^^Qq=_CH`3-n z5_C$kPcCnD=4$eB0kNB^m)j$QeQ2dm_QBb>Mw8&F?VNo@@Ww}`X@I;Czj3nueAPq; zehDZ3!*^q2@cq18ii(+5ScA(2dWG#IkW6V-?p9x7ZBqvCQBC`8b%Vc28aqt0;NHKmkHETX zK8@-vB9esd(3XzkD8d4KE3kram)1n5Ln-_M)({We!dGTfwVceVhsF?QCE|d$AwLtv z{qr|+<%72EZM_Dv0X1*dvdwS3rG@p}si2^JecV`m#n6ib;a%TzILA|1woI{{?#wDJ zDI;m6On3oaSR^pL5T;kQT}A71HPqevf-Y+KydC9VF2yfAjLqWWP;q z=uVV56qI3qJ@7Pu$;jEwqLpAzAi7TrI=dS3j$q}Ny*_y6XBkl}PNzLCfSy-ulch3i z9V!VXm-sYVKbH@wxAXZD!aS>66g<*TPe(OqM*m^}w-(Zr|HLgMEb3p z2a2ain$;{_tJB~@cr|2zx})J#*hg_b!9f1$$OPJHej8OQ^R5&1gAiA!2(4H4(7m8? z6$S!D9MWH8-)z#LRz_@e5lgpl^hkv*pg- zvLqkov|l^YAz&WjLa%yX)}c?Ds|@x}xG3MF#M?=^#7Ltrt+(r+0v3HIT1rM+nc?8@ zM_GpELDz`R@JP;oXw!%reM8jb@{CXT10~wz&$SoA#k!nU72p3^#||6_?fKZwePiZ0 z2pr>Pn)DSSkkw((R9j{tx2&AuH+_#hk%+1fS>8DIYqWLZ%DI^vE(q;*-+#qf=N}7j zw~BTIBp4m$$yx~A60Tjit1;aJHO}v_&%PM?%`~#+WK+ZxOORJFs@sh0{`cl9S{G|c z9iD<3oDN1yV6j>o9=BD6I%~@|v{Vp=87)Se_lpJSq*nd1h?Tq4YB$wsdqP#sG6fQH zfwp0tY@4l*&ZbtO-&;7$-0uslp@mNtq(jT|GL(kT65s>f;o4adS&_^rvphRjc_rhsG@IzhkEQ*5l;y((6$+cWyY2!e^2 zTjUsfaaM|XS@zqz$|YVI?_k)i9%r|}&FWN-Jvtqh;0X)onTm+sdDZaV; zf^7(96iBXhR=*lYuUlJkSl5tEyI5WcNmO`*7A`3g9ZjWb@tpxN=KNFgIK|zRAyH;M z@w6B6xNVN~moRZdnoyKV%e5fD-)FNW6?F0sIg<8G8f!xb!hE_H^gGd7y5N@ofRRrB z4MvVOm4`fhB$Bod$_T6v?Th zGki-s!gqklp5iY5f$H45ZX~G_Hi&4w87^TDuSd=8G|^NBqsK}NL%iP=6U&HTKwDkS zH})}ATeTJC(YrV1x~1L$2Ug?a{i>djH%g?svDkU7tj8oF#)`%OC&0qn)n?z6qWcdQ zDYh4JfA2GoF8agg&NhpL7kM+2brpEaE#4w`gnwLQCWPSP|Lr1UZ<$&yJmq-nlM<&L zEf1jueAP{YF|ZiS@O;Nxl@#QiGcBNGwcRTXsGbT^n48b)zWBmwFnN^8lce0ZYg$u3 zgnm{FbjtS!1}^D$edx|DpE@>VX(W+$L3b_gHMqZ=*|Hvs=$=eeNL~JskBi8OG5)Yf zs~;BWA^G-p6%weDu$fl)N-h3tc2bTz0d`1ibN4ox+<05P0?X~KN|Ths)>w-(a+H|| zr^`ruTb&qfdde7sgMsvK;V+Y6d3m-_xM8r3pCJ&sXyP!O&p^xg{QHUVi#Zdl2}jFG zn3a@?jYKAm&4e)(i&YD|*nWBj?Y^%d}0RWfTT&i*=_B9%lNwLZ3;h^(rY zg%>K#^6pb-2(=5=VbJ7FE@hl%p3b5l6iMM2B|nYN+9_B0J$4ZfT0UPFJYmv^6!C*1 z=^Rn6A3DQsC_^j`k=n<)jyZ!OL+-(l(CZSZH2Xr3DxxKMXaR**vC09{EE80Q??qzw z65@=BoWtwBxAR!e)h28-Is`0o%XGnow>zB9{vcrG@tsn@carr?&LwR@b2#at2wG?c;~!c?!lr=~;I(m)j;qitbl-oGY?ww|*8lUyZ&{lV*aNb=U;25_Vp2 zJl|*BO}cVMN~y1^ojEce(s}Eq=ff-2o7j%T=I$kfI%>GK2(LmAk6WaB%6M4{KOY4@ zPtPUWK4rKzk5{D2g57K>+o;RF_{1746)*Fe8EJKCnQ$ii>mB%lMMLJK z84twJ%p|4=z$%bKWO!hH1sHr(Z@c1Ze6p=;gZ6rmR%k-hVi(^;!&CQZEzKNIHjO7m1$_>?rIm_u#- zY`~N}r({QU;xAKDsc9)UmQjl=lw~(~_eGZ%GA=zJCC)8$yN(Itkb@BIgs2uVr-47A zWBE;#8P(uuSycTu=v1)hG;_B28QI#PGsVY_hW=4p0!!RX8LKFropSsc>;}R54$b(o zbn4V~`Dni-W6hxI{MK<21`{RgtRp80)0}M4KxWjNT${=l+LAbSMzWlPr^O8s4J*(0 z>W`{M%!e&$MS|`x>Yyb6=~}G0)tVPy^n#PkBZYK4>g;P)8p06={eqgK;w~h*&11kG zTGB^*`z9t+WNzWx;6@C3h|aT=Ax(S*7OyM*hZ6yLqG;K(cb`3lvT& z**B&%O;3e?MX3i@`Kt=}!@HxSDoPc$nom)ltlt8?)A>~f6z~$u4^0VEc;c!XBED?BIDeN8#J+R{5JT#GJNtc|@dg#$5q?wKU?_b$L8d zTHPQpaRY-N#Ggh^t`mfs-U3mKp8%L}ZtG}7kf#yLHom(w8`gzpT^wdekR;V(=Dru_ zd*x)JbNR)mG1RBk#Hs?8aeOQI?qZs5TlKMX&CMp0OfC0b-paF;gBmiOn1%Mhr1)u~l{m@J< zfZz|zlmW;A8UO!JGo5YzCn@|7pZUK5&A~%K;lDp!CT_4mKukZE``=Rq|KE}Ze@cz~-#uW|x~Cb9sN;!rCn zO;yPS8kbO~f{==dYH>%Fq_hYS<&~()kceZ)N5*b87?{Sq5>c#$1viGMjb?+W0>MYw z%f16<)8m*NU3uZOGf$X^^zyQnG=(2rBAZ`N>PK#XDJ>mQjkRV)6R;JsE=|>{MYj|u zimxFT`jh5y`bSPdh)CH#<-=n^i;9dg1H6Rkl{8Y_5Dc5GbYX4BLm2vPcD_s8@dahn zABf)#*Xu7oiP5an*WZ&@PY^IVU=9Q!Sa!E8Oje&uNOqhRQcM;@*eFPdd)W?BSpQGC zFIahM1a$d-jJXk($jt65eXN0?_PeON%x18XvQ)59_yNwje3HKq`ohHtZCL$@b~o^k z`Odq_s-}m#{y3f zV25kjGtyh(p96ZhaIC<(gsWTZx=T}fU$Fv$Y3C{h&yL22zU0RH$OmXW=kXzi(fbY1 zO?C491J!lnQwR5fqb#{0^K^W1J65Bhs2@!f#I_}fSE?AtXVWhObCg)`r#SZyCSAl8 z|JpXeU~^A#f=1*x9@YFvL6CZ#KBOnrVbHR7>BAT2^ z60>s?Ea?2;GXesOHUNkc1(ZoE3|9z1y6?kqDZ(B(&|Nr?XX-wX(XyzN;HJv=`Dgxy zn9?@R8QLFxPM4Q%vqRP-h8eD4qONxZ9_r<;m#4$u2WyXwdyN999#}lM!ne2D5Q5Ru z02jsu;>c(;wFl)x6?^y~YB9rhmPgaU9bH!cswV|K%Y1e|1<8_>qJfoTvTwTXgpkxp z6h5Oo=(*;FiC@S%r_s?*Zn`p2h7>tS)Zd(5W-CS-`ISEtWT&0swadMf1o+<`vK9Ue zM^)lHcC2yK@_Xl2|E&L}uRYyL?_Ih--Sp6uzqze->NfS5!3^kiXI4&rIVLpJXzoZY zc&HFyU7@Nw{=0tfp?~P8FF&?yu{?PoUK-I7dtBngi@fu+r11~?fX)fV1;;jnLB!%2 ztZ%^yt0nlK@*ZRH#TEWsUmdB+lsT#87^7D8d=-=y{0l@aE_tN}WOY*!CVw?8IQkhJ zDdc6CC9}s>5I*|&vjFmpUnZ(3(0(8q(vg8ef+fcOe>Wq*6ZH6%=)R&gRN@`_N_r@$ z#Xon$%1@Qq6P8Mn_g7;s{yKE~f4ktn`r&!9fzc(FF6^w=Xl8@xg_yQB4vVIaHqY1M z3RJ%>>RXvno6j2KZo_(eh=M@!h+eySP3)w5yzH9fSHS;nvVE1xx;Kzg@_F~C+e{XY zem6S{%SL}dgT016^r5_jHe))Vw=tih?h~DU?_1xvAZCwtTZ1$Sb9f6b;1i0s<&d<6 zpp;wL+M>2h{QXYUPTRiOth204pP1d=)ab;3rRTrNJn7}&Q1W5yuCUm?2|Q0i7U_uG z2I<=6OtJq;3_5>>eXW`NOmT|=L99{nTKUX>uxRGlGOf6Zo)@nc)Lhu6E|YNcIw*Cn z+)-4VSloCF4|}Qaa$9;VmiWYQRC>IoaomZl zkbukGHZ2#A>Mh1Y^)l_#N_0g~fV;W0i=DWRju<*%;-fz2UG11;clc^b-29C0g*yM2 z{Qb29%y4->w#uNoY$c_U=YGSL9K%8yW+RZ|-|S~{@*7QXI7g*!OE?;KUgJ2_gRUyq zv|fWJcA8klL-^$wGBpM(S*V3W`cuTo&PSv(^s^sobcZsR4>fZoTU5lwS;u%3`SseT z$KDn#(s5^8{Zbsn{c*iV_p|*xFX2cUj%Kj>q|?Fh@I}hK;Kta;!SCh-95{l!`qoHd zb+5BY&NJbiI_+Zo^rO+)fDg()5~uX<#g(tgQJnT}X>|@%O$>);BPjFH_1$ImlM!&# zo*g|-$OILKf1S#YZPdL7gP2|1Rh}Tv1Duv+;4j)ytL!mPPO}|2V!7Jft_{!j9%n#I z-n@)&@JKDI%edBp?Xx_$=`$_(>K)tfKCgqL)-E=mz63?6@INRc+&{7y^BvDBU=^yZ z{!ZB{$Z&*t;bp5oElXXt!{ILT}Rye z3x2vN-OWkgo9*$u68JclKX_R)y&l3mbIpgIQ9%}&<5XqH%ghEg(XkHW6PEFgXZ>}b zyf;u8FAZ?7>g4jvpOZ2FJ06;j${$wAln~v)F!=lfET0N1k0zrdP7>xA8t8-~Io?viFs zTkX~IOO3OrhRd%uYSG+L+OqWPFY|rj$tssog`#Axw+9#^s4XQuRct(+iyLxB@UBO@ zKksHv9-f0Ri)zj|p2^osb9oQLt{Y2??ED?+%D?`EW#?7tHBi?ed?BT_6BDPmpABg< zltm^BRDE78s@U&rm&g16v-MnX|ARO&8L-X)haVRd9&*?6ek7GU&ILE75zLYGX)>Qv zacg3*-)0k3@;C4959sGr2`1uOnL4jBH zQkOg|YMc-1ZNI8Xp)L8XkHVwJd*QZl^Yql)AB_!f5;nb+S}T-_pV0Pz!6M^8d5%Av z>Aqv2T%_w@GKf>X#P%L}H?En=rs}=5*j~Moyx$)D+EiSR(VFs}BmtF8kWTbwdAdgA z(<0-buGY#0x7s?<)ic?8%~9=$_FBfmFi4k)w_QmKz5ZI_YHSUxg;G;Tc=Pm$W$KZ< z1!P*D2KLRDi+z%f;cX(Hiy#1R5$&KTu>i>Q^T@5AHE;sP_7l$&cH(N=`>xdwAo>FS zpED=9gg~$1Kg+ldwx79<|MP0j%+}G##?adMf6bbB^2UF^e;;k7tTG?54s&H=k(088 z#i#^HPORXXvN}Q|#X1SAI)OJeBKY2P6B7R!1II3u?B*hbf^*KX=_#xKh<~liWMxI`yh&{o;8#7S~ zu^tSyD`0}|isi<2n#-ay(8Y=U4t#@TaqGkMi`apJmehtshf0Em|Nz9BmD10C2+~x>p_11IvzX{(y+h zq6#$OFLi4YTNo10b$;M?{{bE@D(b|qaQ_dA3XT98PQ|@%i0?zH*K9WGNuCtx zcTc5(bYy9gcNSr;$Um>a^GmlNf6;KqjNVwhkO(vIafN<6%%?a(_a~1Jh_d!&%Rd$| zmi`fEggGEo8F323h=g~0X97kXghPkq2m6ly767v0j@(1?AbV@^@fx0;57NiR71Cz;NEIDX2SNYY@-BHR4F}^*VJ(TcqjSd`7 zNACZ9-LoV6S6=`-8LOqk*TVOPKJ6T5(Wt>92+m6L1hg znBnghutO-tj#w0za7J|7e?cc$=Ya4yr^(5OTrgNaJ2b?>>%?JUDNK;8d{4t#MabW@ zCw;IoIYN9KI>>^_h^SeDalx@bL~*=H3BWbCylx>L$TyfGz7?-MV7I@_cmX|efk2#H zPzZ9rQCh$}Z)QMHff;~Eek#~~LDB~TdSievrJ%-Le0Sd^q3f@{eF2m;e1@bA zzHfLyp|8Ojk}IP6LjbOl2+9W)IGKf^Z!7eycz?8iB2khWLm^}FZBy82ce@ggT zBm9K~wK%&F5I*ItfF&h`fMCQ7R?G=8W&DZ37H0i_k^T!Du)Fa8XGVKMGB8^!+JGoH z*B^HPY{RPs7KUhq@e5Qjkg*+P0D3J!6C_MU=WTEA$MPoG3Y1-n zB-V_+L*-thlrP}k!f+J|7{3Fwc+Gj99?A^)px3i3uMmh*3h1JmS2DprxCZGLzVJv} z0OAP{1W=AIAs8&-pgBUZHIzBK@K0tqf{P@C7;)@_0jYb8h94Lr*Q}%m5DpOt1S`7m zct9c`&o~y7H3cJ!MG8|;nXm|v(JGJnsYWR7%#5o> z$O?=e0$wTr*bU`iGGY9SfNUHt zc^+@EQH_o~avaXoH#t$WIyrz=B`Y$f4&9$v5ZSy&$JkEE9tFSubXQBkn3E6O0NacV zXiR+P_bw(Q($o<;B8WcMU}dXcS^&2emaj09^mmgY7HmsVNexmRVJq|s{^BE3b^d{1 z0)!TvFLnMRFeYkl6T~5`R%SikGAkUrF#bT9|F6mKhzt$5K$;5hMUdck1<}gJOp<9X zPcT;CK(l(JFhZ?JATh)hs6tFmBDnBPMIb)o26%PbeZi9)C@{Z9EKum3RTGkg-mJ2+ z{7_3iwa_3D>Oe5gPYC^YE(8Vqn@kh>jTE=0RwfG_1@qk6w!_apA&k^`wfmqW}M zBdnGZUL_16I2Q$GZh6=eXpgu>1pRb+optvx*3aK$8(V;66R$e1|d5=T_;&@hN$ zkNM7mbk`0SK+P2RHVsFZH+_XMLha9-bZ^%6xnhpIPs2 zdba160U|FAtxaoSo{nD1>>dUG7i;$voJrWWjXF-A*v7=RZQI7gww=kuwr$(CZQHh! zf8O`|{*2e0suC9BttGcSM>p0K4fF0QIbqEAMYuxNVj`e{`-QQr=wV?C6&8(+qiLEw z%Wg1oUcIFy1$yDBgArQQx{nd;KRtRc;7{nVp!OJN=U0d<&nh(og*9>+6AvItgkn|F z)l+ZQbNJBy7=a}S3sWG$P6ts9=D=@j^;Q(I)3PK6{`+tVO*Vb~2{d1yWPk`9UW|q^ zg|K9{&_gZW=0~Vk$8^V;gSg2~WZ;s{xV|a+^3!8&5>DIxsnz_NS^LD=eq^A!A`n~n zVKf2?3Fl_vh&+>p`P=$avsm%<)AnN(&@v5V55e8#{nf{KLe3@d>t#pucsnf0P_n7E zWFS~;iQUPIJsd6!iD$uFp1tHZR1$O;(#@h16&-d8f`uMEl}#(dk^&%QY1f5WI!~gR z(pt3Drkx_({=>AiFTxXh#uxRQhjEd3K!W>_Ge^(>{e5C2NE>M-F`ICZ)3LD8LDB^xor2@tU>Ad2xkv?j7C;sFuP_g?Wyc zN4;T5)*6;K(~0GD(&nPBNXNmCvME=f%<5D42*2yMU`u~~2r0;Mx5s09mVP&12Pb_8 zy}_^L5~;#>)obmOIBhxf$7+YLd(E%kCvo!xW^Lrrk*4fZUSnBo^|ve@g=9rewQSmc z60+yelC_GOzeqe+k|#$zYP zV|P9)Hi5Jb z-ZF>H-D`XKl?$A#tSw@msNC=c>&>l{epia9C9mgP7pkObne0h)XsLd*lAII5oFA_e z`j#XqZW2OKEj4<5y}MW_+e37!f#%s`{3NVt169!CqA&`&Cn{QnW!1eZZ@nuZxk`fOHzf!DtqaW z1~)?vL6XHwsfolK^jRVpIGy0MLunsDtb9D8V+g(Lk^HTeJkuD6e%dccSBs^#ly~!& zG0-(KaQY!7R~r`*fjLrJvi`~H8aJNxWmFfFO>OCfw``bKMt))By~os6l;&Q7C|e!l zZ5S>adMD!Dn*~URd3~G)^%za_UXysmQN}{Fg-JAFc8@R!&6@GLuBN7W(WsneTzlMd zF20#&+ZFWX+@rfb@lG)8q%KsMkmO*fcJc{LN^+S>8taJ-^IJ;H&JUM~+~@a_Dwh&i zn-lCpjCSt3(_gD4(({+iK-Z9KOJ|kJ>K@w=uw+)YLtU%rm`vLF7hW%Gz!9st_Tn+* zuf7XLtNAOTU2MyuTghnTda!2cneZ!CMyuKB-qB9^l3Yh50xmhvLRUrb1}5+kU-8jV z9$&4w!$qfHNKg&&$>5lc?(7w*I5lKA%}Fu_I?tWHo*S#XhXtup87758j+SXBNJE3| zk;8>|wc9W^ww^(k7@=${8(w{FY*1*#0U6wln;Rn6xLrkyaXOdP$)_a8`A~2?FXp6s zrv$C=O_0$t3Q{E4n*H3ot&nod)Zfojo`>Fsd^94`VmkCS=>*h#95zKN{u_5ED#n>k zV9LumEWcY$5^09HP1S1#ZNBi-wR<`(CyLw*(iQYDBpdK*gd9d(YbL?qNGTeU&S|)E zy9&V7=Cog@e%9yM{x6tp&49L!?mknGQ!+g$qsa&YXu@H;Ak7HzIF_ppd{GA`^dNTk+kAGdm?|M^tmVq4eCzWRbGa-)P&pURz zVb&A;$#+Jl9|7+gt4{KYS3L*!{x;*=(I(ej{V%Uo%@}c#O>vA}YkSOBvr9oHzF3gR zFP%i=rFswWZfys8s?61W^VR8k{&X)}^HKLdjO!R23BT_SbO6;2gHri>b*Bn_*;$9TYb$Q{JWN{P;^`=`g`7^C6n;%O*g%#f-;A}sqLF<0&DtlpCGDd-K+zHlxJel!hLbVx3kD%$T zsvgOxJnCbs@->;qly>%idlwemg}NNn@4Pv&^*ptnJRRz|Lhw#CM@&B5Xa_||Z+D}h zve7sMd+uH5Y(DafF^^Fqhh(%1UF=-#>Lv3UyXsqC8l<1*6bC{YJB!UUuU#IHcj!gD zd5S9eaB{RbGT$)fYhMe?FCs1Um!7Wzu?O5nEOdY$WOG_8WAo^dN478aFg=S|2NN_= zB)r@Bit;(QsLNMuT%VJ#(=RqvzoaN8jd_i{&F!YW9E^$-cSet_;PWkrd=I!nl5BTxf5-~C?RD)xbxk2!NkN}ntHhu#q5p}) zyz$iBx+P8nR8BZCCYL%>SA=*sD$7N?(xWpO}`hGHo(Nm-*P% zxR3QLc|R~LUf3UF*;4AT3jwFjjjGHEPZ;FS9s=KSf4%>+)a%_~ zm@*eHW6;z=`B3+Tep$|n3YeAP{#>m!X!jUzDHB3Qmr5||c^iisU$nI8m}4|-e%cK9 zJvWh*Cn!Nw6But5=XPjRCb)Rg1I69>-LQuQMF z%#0Mh)lzV-pR?k7B4HT#QkPQ}=Gk-fsRx%WS?f`6?_7T~e0bA|eXm33hN-?v29wpG zGo45@kq8-+XrB~MMzuwOyuo5xkw*QdR?mp^Hc`Sb{QmHUoV7>+_vh~T+l!VT3{}5% z_#)dIqT_LOTwH@qre44?<@6}?yPT&FLi7qU3;q80$WoBibQd)mE9!gO0<#Rfx+~@K z^X8WSH}huw&2Nx&5X(cZ0{5*0h8J=r!hfl`$TKv^8B1U)m--@Gys9r;Jf#&h)Ft1g zH8;~YJ=i`t;nf+anQ9Q-jWg@TQ8pImg_9yxDy_mQuPQ3SF*mRbHtwqT(RmA+{;(NL z50zxF52I}mb1q{e>&5ynLj3hiOsGz{RsTl!Da%BjCz;_TcyGhRB0|kPssm3!Gnbr( zu_0=APbR(EjEehiu`Qm>j}4AIOetj7t&Vs+J3iu9=C^-(IKEdIhf0<7jGJNy-tcRz zxRE4nDVf4lw$0Jx(Q5u;h0d>HVTH4JnCx`e(Fp|X3!}`jc?{~t@dwJRws5)P5N8^%-+fkZG>+i z)aH)fyS0qSq2l$t|7*bbSDf;%MOO+1tHY@j)YLF!gWNi>_z~yKyi8u_1v2oxt&p{6 zN7?hxz+**)pyOr^G(6j3`xlX^6T}(OmT+6?IyTgCd9y07{Xr+&3Zzcr_F}_E$XYra zXdi!+@KQb(ww;vNn!25O^&6tij6MU5p33^kgI-BeXCYcAjZv7MJFCv**SV7z-={=3 z5n^V&^ypQIZ&qPo^1V}g{3cAkI9E%^NS$5(-6Tl~?QHXdq2 zspxF);nVioXsA}Zd&U36njEQ}ND!*ie~XvnqsUp{s=|m});7kO8NE%Uthbf3Y)R;eJ%wkJ8vXWcbcjx>j?M3TBD4_6KkDE*pUnb*n#;jEy=BRJ4|J`hs?vF19*vq+ z@vgV1^7xAVo+8MF+u=e16K88%d~fDRvKi+zA8|6;cx&mTFUdKZybhr$BUt(28+t01 zGp|*-7q|G#RHl@kM?Y#YWK&yx={$z~ymr)vTPEZoR@b{tC)leVe6b)ko+HcCA9>b` z4)#v+^)}Nno_Q@gni!J|aqXbFtXWoQsLFp(_=23-B3zE3+Pt{&SexH^$6@N2`T{30 zPvb7CuHCogckm9ww0;~xe;^!Db^F_6(AVPA)_b8bXOfXIXqbdl9To?V8$`g>F@WoZ z-U(1J-g^1+Bq!iEI@@G0O2cPv4naLiMeBS5T5`Z?8DERZA<^N(PStllvq}x{iDBtD z-Dlw#^RaxTYG!faAu$xaoGC^}X1Gsjz zMDyX*mU+E|8;dq>l|y+wxPA}QwG0_!tP!3yj>&MlN!!%ay$`4EW|R=z`w^TGXnlTJ zJs<^y3@J}h!E>k34f<{R)SM8WcRa7;a}eLhPtL8y+xL{)wk<-AvLDKoAiUo>G`FmS z_!aT_7ptjjY}v1D^s%XXS{Qha=Sr0oqBCjhEl=Y>5lGqa3+(Vr_Pl7P?B;V9-te@K zD{|;uir99DR!_s9NJ5_%+9`j#u)2pbxXO2s{r%md^T1|a%)8GvcD}*M`Sf@d3!j!q zE;Z!UfAW9>Bi*k@V(q8Z;DKnFU%IaK?CF+rQ85llyErwCB#jV|<1oH7;2Ur(`rr_I zw5Ff>RYoDcTAg@?W94`>3gr&zT5F-q>RIO9kF96 zmL%d#_BK#Qo%6w&KWifT^7&gR`p^F0)Q-yQ=tB_7vO5~AV%f;<^Al`g3)piZf!)O1 za)q<(QA~hXKhIu#-b)qJ#6>Bn(AP0lj?V}U??73wQOJhNCYV{+T?&ns8}H&n`NASm zg#?y2ZoV~TZCTT>)YC(=rdycQ=PkSJI6sMT(OU3 zoe}1Y0lp_WdiXImtLjX6YX>Iks0&W^%C5tE{1qY(SA%#Pk3mFtb=V_0oF$#e$_!t_ ztutDps*{Mwirnmkni_Y^&A^F#+=2E1eG<*1NSfV|@HfYkRm8uQfYi_f_RRWInVGhn zr-o=dSf%_668h~zJl_XBud`p0bvr$b2lIj@L|8Sa)Ja*B4Q|kq@LAp1OUtUwTi;Rzsc!ovFWpC<@MRZ(0)`hQV?FIftNlB6-o>7 z)Kep;N$>$vviK)iEIN4LXR|VKFAWH}p}?d%dDe(;tIU9mt(~Kt_2bP1maY;x!YR~k z-?C+oH|8Mi2g}DC2^EucQ=LrBcZ1Jq+!9a=EJ`KXvY?DBTFI-Xz;+UK7)Kp(^K!No z@lEzIvkkVlV`r>zy~&9(S`t1;bU(EUZ3I&)`cEy?w#$pbWhI=LQ!mAKdG{t5$7-v@ zzOHuGeXgTlBBF_&A|pC#FwLVS>Kjqr&-(vnem_6JooK@6D=cdB2*D%c7sqt%H0KmCJl3Po&62s=fcfPc^*3=zwgJYK@wF-B2~JyQa+PZH`7mm zbXz?SaC7q!Q*2Vo3wkXLdeUX2rd}WN4sp!TmWTXZ95jX*ko|tomt9m!1Dzqqrz&yJ zo@p6HO5aD-!BYovwk06tsp0S;F)b$qpgz8b;U!_>02vAI>1u$M%SA=4b<_?QVU8$I zoT{$DKC*|LKto=q%b5@eT$L&olQSWWh4on)f~q}LU<#j=&Y@&0ptq*epTW`~WR-EH zs}k7faV)-CZ$lIUH{}c;1+o2#su1W88!JioENcc%u`wj9217_nA70X_suIFR=@|$M z;d~)IGB$yH0g2I*Exnvs4T z(CZQ;6bz#Oimh;Hv3Pc@h-%+Zj8%Hdf<0t(&Fb$iD>n&O7|4{*re!pDt%WtBsAx@b z$C9qO0jDr$5ov7A9tmBNaD3yb1JhVDg$!EG8g;?64TG73VM(+w*s+DT{{J*P-sq$y`!E*OmqnfHGwbr$$0S-zZ&N3FIBfc2?E+=uF3q+%2Ta?7+P8y+}M=uRw zxn9Pvm(b3Go^K_;m=uKePl`$i1F4`S-5Lu)1-C?x@?xIhFGN&mHQ!7jM?$B^&zd%S ztGR_Mm0{^l>zEF@7di0#;(Gc1l!Umz7@((TxFsi)pygU*!rmE2!z;&%3VF=uPo#e@ zFn7>&?pjq)Hs?vEer^H&-tesJ$)bNo`Slz&=#un8Zk&!+ju5rg7WSS1^kZBnf)_)` zBS&1SCqco$l0A)f-vRWqWhlf4DKt$cWUIB~;qE9Tns?`2okHj`F6$senk}Bp$2sPqAjA89q2piQWSR)1>5eJc0adx)}7i6>4hEW zi#_Duc^rkEX}!TNUE`rA_}tEfe@{xFBui~ro-Z&Q_C3O&Z$7y<^>fqI;#@YpdQZ9x zFE}XtS>RFiM+DCb92ku7%(BhD(ro*<6n}l@^ypE4j$1w*Kf~#Q)Agknw5?eTNoYr0 z*AsOjQC}!QccM#sP!1(p=OEEdrO$W4FC&E~;M}FtOaV8!3#)Y^CLNiLV5c!l&_wmp z5w{0Ft#2|yHgYP%@m!sv%0-2XuvVbUx6)CkgBw%0rpIwozj+#ow@%PNyMlDXujoFy zWQ*Z;5>QWItOkfU&r|=X}%MGYux?e%&9MD z*OhjF;H!{kkSDuqYEi3!Ps*~oV!fs!S8zw-rVG^@G2tM-H|gW(+@Ch*EnNI*5;TtrnLjG^@)X}mve~QQW&Kzw%8P#L z?D9wxS^E9Ix~ZPT^q+1zF(=_87yplLvV1A8cGPz5IjGVSeb36;Hp-siYa!b`w;d7o zI=&}DyLRccqn-%9l&$rM8xG#*Hc;G!ujB&_5H(@F->=fqyoX+KC_9|utQzSQId>w& zmfWuc^*kljIXJ~LVET`4ngZ+#)!atIC0t{b(6{4e{|DhRuyOW zKixDX5D<3$U)@CWKe|c%c+{PBl!I`3jAe{WuRG~b^PJoG7NVNiXtgSR5yfsVebsE) zvdh#3D%+GRBxpnRYz+HymHdk>b`0-Oh912c<{xfyjNTBpYu)`9`X2Nz^nH3BN?q}G z32O3R=zHoFQ6?aSg)aVoLfntc_`8Rx`vrJJgr^57TjV z|AoF|<m9cxWHC;lZ~7T?A!d<8Z6Ef3Y$%MNgim%=BH*{e_1IU!LrLZPVNt zW9#F8ZBw(n(?t>$x4#hch}fv%i(4oO5)8yQW|9hLaUK3rCx%SnCCye?SuAHXt!Bs&)h)1V zomo-+VXVF)1XmkCb%a3t|cjSsNCsnXlf+(PRcMX3*NC`QUw>rzC=v4g(jTB_7SC8HhPA+ zW>z}G#6V5kN>Ap*m`jJ!VM(^EvM{+C!i?(?S;(w4ehNrEAR(VFR5_`#Xcz21k?&+% z<$tYu0lIi+Wp_sRYJLYes465Jff=pMP4J5$S86q9?aeDvkm40)FX`L$hw?$bjs{Iy zt~qO!;Cr3NA5G9scWOHo_c0LXz5?P)hFmDqh#Ca4G;%j7hk9mb)x!SLIK>ty!S~n-xGx9 zkm1WrAdG^Pwpl7Cq~@)M$&H+TT_Vu^O)~<&0~~7H>&zzcWX;~5t2K-#$I3i%QgE4w z>01JOULKYiiHoHXck$rhima0p+Qjol-C&2^7(|5T6rSZIu;2-1%U`lqIXh18yNEas zi4mF-KJ^KGk`L}+Q{2`GpIDktMnSLUx1<17H$UifWAhmUhtG%(0Ui~t@^A3Y0ya%> z5uDEWNd$ofPwrf?LS|HmLeJsAhvii zr#+@0SToOf;eAMsiD%wMox1zSjw>D~cA4_d;M<( zg@!nw9YvZwU_j^f>sKClQ%TdT$F)KDc6AtBbN{X z^!67N_7`ZrH7wr~qAI|CNv8+>VSyn9fqAOWjIPhj2K!E2Kbzl`1`XV#J0@)fX0C&I6?|drYm{@ZlqhLjZaG`FHZt<%if97{;L6F%Oh*CckTkj$ zd0=2t3Eeee`yza%P!|!NKM~1kk zQX}{yT26 zuh9)7Qqh4>FKa);7nE>r3tw>5M5_jL*l^M(p$@1)5u1U#kk*u?Doi77-r`bvXMw`^ zJ8@!soaxxkqpxL>*K*2d-pw4u9<4Sa8zz(!7tJ;*VWq2u=Y`oRRw0ZX5buMRBU-8D z-&CR+Mn&?48a^&x3^G)+G}DhOA$qfX_{f3GH)REuK4BK2&z1$-FjpGk) zbK`ch+qB}+N``}*tKQwpKC7w#v(qK@vRa&tW4T?;It|Ji=R}o8yeAe+F|VX!K#vZL zSg1;{PkG))Ju}=NM4KD@q*H6`qiOrlvUigeU>pHdx2v7qS|*UeUNnkfwgS%f6v~rB%`1P}+iTCT4J+|?!ps$AX|cvv3Ma*J>I!i>h~f~n zQIS=|c~V{!a|mBgMbl?1GRPo_SMonaZ*S4Y_|>ioysrd&s>F5;md92iWOJODGDzuU z&T^fs+~`=}Y1Bi4<;CO;a=495NcP(#0(G&L?N|eSkt0QbeTV9KPK~fq65lx}x|V3E z6C_QSkg0=cg0R}yQ+JF!Nkd1OrmU0cUF(+&Rl#J$6oNY0TH#`qdYI&ds?fY+k}A`= zFeRyHun=b${2#WBRJO}QFemMRGbe4SB)>#PFFo4Vm8JGRhbBvV6|mfJ4vyF4N($1+ zFfy$z75Jd-Pj|A`0$C7jR{J3bpY|#g4q{i5h<*a_3FJ+O!FuT-NSiR71B)LvbG$f* zKJZG=4|lgg&jPGWZfHp1`QtE=3N0Tmm4ea8ISd%4*Pk5m4C6lF3g=DN5>r*#nex^r ze~o&f&fd!=D`*t>Tmazy@9AvJ#H*R|Kp-!jG(=#l;9+4cd>2e&zw2_~HCIctv-{T? zAqpy?wBI~WGuLijZ1gV$D7~T_HSXj6zQUA{P^!nnnsj}6d^l)4{!y5qCOu7|xZ}D* zENIry|upkj}TLA`H9j&+(7KR!N z3hz|4F46e=nBv4RAl3}uB!n4q=YSZ>Q_1uUd=J>2lR5hL0}&&heK1MW*Sck$?1NCMV$g0 zacg&N;&_xFgBX7M=*@mStkc{|uX}9Kdi=Jz7Kb^QhDXn%6&G>g z=h)a9hZ`Rdm4QW=J5x(|aCXHG^T-IEwuzknMc#)8`w;!-xhK#GAsT)KSc0Vj^m^90 z7mq_isp@98NsLXZic@olH;x{l_d#l-H`X-zwympXq1WgP*Su0Ncc?C7X^wt3B7yWn zhx$NAr-(6pFIRjcw>^C6jOJw49OYI{bT22dU*O-F0A_4qzmp}E?%Ka)Dp^0rTNdSh z*dxOF6Hh}kz_5aq)99*coyV{W2){85zu8CI8A`n#SM$cGdCdt(Wy-uU42}#OsAf>Q zh1eJ}LGGxx?tM2*DW~rydl_0m^>L`Fr@tQPZk5-#`HRq#y(U=yuw$2WEIyqhM`Ns1 zw&v5vpb2N`^!zdR_t6}?Q=7|!hjc;^-@xY`Xr}~$L7FFas|2A`Y#212MKOja_dE{r z2;W0tj(A7uc~sc^Gekm~=?VJ@-uk}XENC47J^DWM_5W7>AxY1M=C z_}Y4At?E8=3wvhGhAy7>L~_k3Tg83aPu+FEZPuwffmJCq{&JfCfwF>yd}5aaj=zZQ zTKQ9t<;6Z6ldg6nXKXKP5#BMJFYunHAo&CHxwnZ{&IQC2*%WbJmSuks-!fg3K8JwuUfrkM|g}8`{7w zym5sJ56dh+AKJ?UZFMUSl~g*YD}B?WW|6+k*=x#~wV7R~-=0G&>3Nt+bh{yDtScrZ zBkPyR^+d8)4wdWmf^FE9vgi!K=-dM&jc0Lx_vl}rIKZu;?|AgVsi*^}V*CkdUy1(w zbOb#m5!M`DsuS8JDLaiU6S((o!}x9*!iauNs?B2)|hBU;_q8D z2Zr7CXS4pL0{Cw(BEGs|pJL0< z_clk|7^24yZ17lr*n^@TNIxGW$1WR1;LC3c{cj9%CAe?#e03TE8z{V&Tgj#l&Ke+| zSGem_VYi*$Awk%dcfwl0j1*r=M4lt;dV~dE9{$uHv{E=H=YA~xxjwlHp8b>h@%!Xn zmkhCEV9~o}*LJ+)T=Q{jlHJme`gLXJeEx4w1FGHPHj4lDf-MQYL3y3>z$9qUf}6^d zzt$3HS~>K$x$W}5zn%a0;{SK^AHVvK z+Yq3WWssJpOj5>RAyro)APHVqC=NePZ5=s0E)pxZ7j z5Sxf70+19e0s{k_#oLk;f&-9%$L#L*y1GxkK0cn?uX&wJr#G3Mj&&ZCSC~=3feeVs zEvej8cp{B~fDFKafOg4-3}Vsspc)IZYJxJD=bDU9!iZ{{>zir?b9teV`0$}nhv(41 zpG7zebh;D|F~R2H56okPR<&9Q5zX_hx`Lw6s);ypgX_TRfO?tBE0G+#~&W55CMx<_oj4sW$cV@(ERfAahIuHn(|1ACj{?F8m;{Q~Oh zK(yh2)uE+jl(1KA+_xp4PpcT4RoO}yApe3GG)kbK&-F$?Ydrvzj=jrGZDSbff*PvwT5N zyEUM6Xs94GA%VZ_EfMjZaiOip{0|h66a@l=>w5?tdkAN#-4I#XgmtW`5IN{5gb6UD zqyXCBNQ(V-paSY(5$a&And-Pig|G^{dcj2yU=jjxd%;Kfe?R~fM}mco&h|u5l&nas zlxVU3Qt_xD0m1@Ugzc!P0w5AVl(eYOz~F`$NU_jRVp1?5dTA&>>1Cvn7S(b_oEFuM zob9OgzksVqD7TuDucfrV)unUh998|HV*LZas6b8zgM>?&gL_fm)j5&t{F%`E6eg^d z#A2b4BB-FC1LBy3LUYT1S=%gTuHM(8F&HtMPOdHh0RvK*plYj#3`gb}jjRklv_WB- zA<%yT!$c+~p*U{E@mPyPY1Dim248^!;{b+KUtvL{7#88gpuzXPZ;F%+t`uHvpl9{N zctQQ6`oMvZ?R(1vuz+;K5q|-n@Jm@g>8PjuED56sy7A7wRO2TUM{F!%`-3B)7iz@* z4hRHiMQ70fs>>bvbFI(x^@IgMgIV(=qrsp*QK?a@o3q#Z=RvEu%eSM~Z;Zo|&(A5g z7X$;Q+KPLH6=($)bp^L@h5FQT$>Fi}UbRDePJ03C>cE-H69W9tHQAC4Wc*ok-K3|SV@WKz&Wz9J1SdJnbAa@Lqi$(+tOhjWub@gmAyMef|=6Uq{rQ0c8iq%8gE(Mtd&5M~YYPZ%j=sUbVKTdLk#z z?qQ3@JZllFWsm%x?5UCH290?ZStQatT?WI3NJ<<c zuS|(F?Prz@o=4%fcRpor6S}QZ4!5&MZr{dr`B}fq5Ruo4{*Dg*nJXPr_=aF+Q{47u zKeqB5%-4cGUNuma8A!_}U$k^=3{F06Feu=^t-B?o!KyrX^cgirT6IkGn3O+`eYtt} z!-(A{SxENULQ*e6o>HG=LD4UWY24?0jnia~rPj8S?x}YhS?#QSBw1JkW1ulWdv%xb zPp>0=toJ=I;t@BKp*86fJsIWZr;cXt$T1X#kDk!f()*kjnJV1dr>+mYwg_7*J%=Y^ ztCVp0J-LdQyr19EC4s3xaECpN ze+xSq+GUpSE=H*_hfr|;*Zq3}W~>#75(3P(0y6|^)pPsY?{h-}7ALPt=&6?SMXtq< zL3o!?(k_$dfFzkKjyRIgnJUa=w@4Pwy`ivktec3lY<1}MR5)*x@}=^0B&!#q3U>hB zX|X^o)~!eclSW`cu?ofDkZqi}O|7{45t3&R$~=A@!wv3!Sj#VFbWN8n;lOZD0hdR z9(u~{(zDKZq%BY?t9bbfPR>4lH$Yj|SN@Su_~T#A&oVpXN>g1BP4Xf|8d|tE69i-C zZ1l3Wh(l|O$%&qPjBTh0qkN;h&jb_0Im2yYF1_b%_@bE&#e+s+6ZvnWwy4<22G!kQ zQopojJFqZ$rc>4LyVQZli+ztski=9QT1M7u zJf;yLil{+!ClhbtmogvsjKpEeDj6;ho#1L6Si-Y^^EmR5y<*wry0AL8ymN`I)d`+= zv)SpIhr4;Y={W2ev45env0bQcX;ntK8A&};quo)ptZh7-2iQ$bGiK<7Bomd_TDEpH z(o)-r(|XoX&Q%X8tPnZjD-rW5=4{;e$Q*oCEhAu(zshI@mf9@ z76!Zy81xJ=Y8%jUd)8#_J+%xzZbhCgS{2MY>-CJRpURdLIq$2LGA}ef>=k_-5U<>k z`YT!KI!SzXChWsYqVx}y#Tc>07^YnLF(>P*ZmS#dehtn7K7ES5Ei1NoXX%^-cv#CB zJqZn(Xm4y%OxN@u8~V!9^z$Kf;~{dQplt%-I^;b=T82kc!xuxQ0;A|NDfsOlv<@vN z+ZG0Os6T4^XQzhM6kFw_ahKEYtJQkA&@1#{g-~W$rd8<~?AQCIJwu4bd3mC%$Jg8Z zsqeaNA03W&1!_UAu4=-+zanBY%&1(pBwwwpPt8rL&HE1`sWO2~>|^g6F$!QDbb_ZW zg#MaMU$<{!@}_tGeOtLW8OaZlZ+zowS+DPIwweAA*;EH>R71p`HqEWRxcf=&nI(8MBBM>GD=vO2hC=F%uAsNrLY zs9Q&4@Z~0#AFYeOk7<0)g^JDc+0GGcwjePhpG+?A;e`etyOVK{`7$tIp=M4-sS|gF zP9??HP=#h-8;L7>Y_;86w2q4;zycRDWXEF_A+=bA5@x|--1^>hthqkj&U ztsYmHOU9N;(UtN0<9X%o*q1%_KIQZ4GKFjnYb8ahXmUDSAVd(kY?mDLJ7>5;dPv#1 ze&4s3iVns!L zgoHw2)>!}Vy@^q^+X~f|K4Zr;md8NeV~QU4&eW56X#H}xqOIT~+}@fvuFy0i{VkXs zY^r?$*@`8X$&ChXV>7pAgcr+@+eH_hkFn2Y_SOS!?VzpuzabQ(W!{(=l5SRh4Z+o8VjAN*%PRC#cyHb}4ln`n6MZOJoeiIePUchS$a2+a*?&LEVb(LK> zE!a%_3gesVcOtzlLnf>W=sZQ`5d6FXcub$j&tUf!KfJVJuebDR@{e|;aVX#vj&Jo4 zFPOZ%s}aTKTb#};;q+e+`^E@PmG8S50EcdVwY{_Of;!NaqBK?Yf%0|31@g5Ftg?P^Aw z`ft6|mt+1?y#-ds(2yh6GmmzU<|U6hq1`LX<`r5$8a8L?hu|MC#5=;oRSXwQ{JC2d z%g{NTJ{n(uaX5LIc%I~bzOsd0B9MS*G!E&>ZvG@8<0fIde7t5s*|`lv;xvqe4$T-V z=sk?U*^=ivfzU_A95a!(8e|Wf0_#xMKh`}xwSHp7?;n*jNZXWtw{m=Tj9}03YN4lL zh(O=Bc9c;TQq38KtT;@^2Y4eXXu8|Ib|_Y>dLIG*KEv0I$4t0J;4gPHfVszbaSL;j z?#QGvm>()&Ij!*0$s&QT^hKuMX7)-URgqH^*}nDB$a)>LdQr>4oUWOD0vg_GG#6CW zw&RMW^p9BuzIwld5r+G+Dp=fQ2r@%BK6RvKq|5YO*EFL}fiR z7Hhd1=m@!PfGnsnw_4HH2tS5eHXo{&$p?V3p$4+V`kdMR<@|%DRaC&Zw_kz_kHUPH z_eWPeuk73=9nDk&y|CnkWn}d@nf1>I(<93gO z70Ec8G7%VFuYr(*A>!dLcJMW_egL^s`FVeP03sm<@5?)oMD!n`Y* z#1nLZRF+c5OQ#zDvI8MH*N)2O>p<)86=$=%>{JprO(c(xnfTiOxsnG(Y|)&K7JwAg zCtAzI2`winI1AjK2K!ls@=(#iemCJE6{#BerU^}$&9;DyMtK-w2XzstkYYdvj%fm2`8Se?fXyJ*=`&@8!wT(qh3(X<{e!UAq+>IKf%P5)Jy zhrFs0d7Ltf`xALy6qR9@P)c^l^0P=+e6XoSzl8!nc1luq_SVpGdbaTw3$U3f=1Z_3 z0iOMj1yI9Fy1Wtp9*EOYDUVq1i|hoqn0}X~$#y#0kKmuo5;Aair;U5GOHa}!!r+Te zI2RLcrTinQvmA<;6BdDLLkDkGt7$!v_jbvB`pEx0ol9_6;MNN&E&NlrEy z?%&fZzw6zAMCDUwJOX^jlB$2(GPj%5nYLEZrV$#w;pjZN?Gs@=D|3x0b7>*YWD$n7rPNUc0&Jpelo7Ub+7A5rCX%qTP}<dH<^N1~r zi*yCL*1n2A;Uh<`Wrkd)u_-8PnIsOzI-?rUc_AINxouiMK!$ z`|QM*!V5P0k0wi>Jzs59`!{XP-h1|F{;W*Gk2w$+zPGI*;Klb!{ceermv*&Kl}>;T zy6)#2F15-Bb3`rr8POZ`M!TUam$afJ*{?I0ss#r*JA3wir(F-!{DQ7iJn=&*&WVe49uB- zPs(lJO~nM%AopbVI$rkjP>5J4McPviQ6gny<> zjL+ta@)VDSd??!K$fA`IYTIe};=AoHjbjcb3oqRTp)dN@qkOtfktZ~}$*Y=j#cQ(e zjru!Yq{*8EEH77MW)vd+#l~ewVxM&)v~E_5I^_-S_)*^LaeZ)9ZR&uXT-c zy{kKYRXR@-iivbEJW0UGzkztaDsIkSHZl0w@B7HtYf3lPkLz7eayDbH3(Jep?c|tv zre3hiNBxi+y3nEZwLE6wtlsD|{lT0Rr0q?1;Yyr&{W$qS&Lk-Onf8TKcPw5icaxbh zBIhPk>%N^lULG3rJ=mf5Ox2L@q$6F4qVyMt*>>j?{pEgw8neCngv|VVVWkt;%3*2Y zNqcqH9@qG>`jM4K9*HcUi;mlNq~*My&E@6p(%*GkW;FMNNypGLHD2YHn|!3JZRs@G zIn3Q#pBAjPuF+mR-c?llX}vV*I^u(W_zbTvSE&R+AYmLK_Bd`0YhGj6qgKS57ss&9 z%=eaThEd*jr%MP797=S4gUm8s#VioWwxfbo%OBEr=335+JEFLwHzId zr94|RL(A~t>Q^fBcI_Gl5{k=<&XU=7<{Jv7frPR-SVdFEx_4PG*zf6%iom_q9dpcy z>y+i?T=PSVqqWMfzW2FPcP_`WS1>F>!@G%mP0qrM~{1&MOU?} zgx>Xu-95pwwvMEEr;>9;)O<6}|udBaOp3c(T_y7-&;8TbSzv#<#5 z?Vo2t^T zlSHiXpX{Mk__{y!bKiHN6{2m+8}XY-l9JU!Ho;X%+gQwVEecT|__Gd1&f=ol8ce zGGY_AD(nM43l7bP+|Eh&9@CYyu>$U1l`G~}1ZE+w=AK{PM<>zR;zbQ_>QRN{LL*o? zWwBZkbQ;cA(~(H1UwmO&({@7Hg^LOLZJ=w?d@EIH=hI+A%rj)n%SMG8F^0xf4eX=OM0(}zVZBda$zH@>o|5E zWgktX#1#j$u=*|(i0_|%%Q3J*dEdP=byfRvM{v?=+o~r=%fgvUc}E5B=;eOnILjr= zzI}dpCzVF=^3D6pG!y$(SJ;+%GS=mvJ2R{D(%CuQyz#8@rGMdS)JK-wp^mZ`{N8@E z#Q?XJ))b#`xhT^+uDo*6?3C$Qk7m`*>mYdPLuW5M^~@eBsJ?EA6{H&Q_@QP%jg;c` zdu9f?LR;(XUg-;+pIBJr2`2mr8ha>Aan=^XR{Otp66=zim+M4Mw+4xvYUdbuH_7R= ztU{74D7WHMuT&jgIH8?%nbF%KrBT-d)^{dkNpy?N<(O$v&DdhV%Op0=QsT#(6=5dG z#OT)iQw&9`VR^Vn^HF0q}9U>eSFl&6c$s28NS%gUsHR-^WcUhbnvFEan|f=p|`=3TBy;!-~`yl5wXTkDzbm2b4vMzx|HOw?P#_m$k{nLXHxq%pX31@XV#T@qCS) z)*M@@ocgo(7CBGvf-LT~mG1r!0^t`{8nSs}8p3Q(R196Bogy%!a#8U*_2}W_#5+*g zZZ?Joc4|quY>$;Gkw>hZ)oCM3SR^b$j&G{#r+mw36q9KaE@vyZuSr0VnoJ!^CdNDU4StET)i!Gxg#6r( zaF!f57RPX+;QiPziT`-HIe0Oh=s?Z zvb($S7|o>hmV3r9EY>QG+hF=FH7gmbhPNke6D~)^8Rwy)Jvy-24Zi9lO!#)a@0{<@ zu&*{dYtTk7I0+wRl{O}5OjIdpF%h%yT%G;a#NAR}>sHg(qpIT6l24NAf4t|TKXKuo z_k75Y4ZcE%y4l3lN4=&BT!|~-2;43bpS&Adzl&sSTyu{jqMLrU*uLmgshM}ZdhMgz zJBzKUPdHB(9mPsaJ#;c^tHL&|;Jp#m_<}CCPbS6SrG+!Gk@vX!JGM4!x5vx$YdGIeb$(VidBRI< zF`^CazWMg!L#+#XZLt%VoQ2{)I4MnT9XIGJJ&nuMEpTzPL0|jgXt(|iN}Kk`75*k+ ziJu4IyW5_3IW-Lv>&YASME`RTUWez7-~)%}y!gs|59?|da>tE{@6JcxrEXH78MjnF z0wdoV9a0ckWO+4m-Xko6pEV(2%IlYI&XACO3@drm@OGRtQqgsuJG^Jg?-G~|( z&FuKP()bj)jax=}IZVqLZr~cM<&xRar6kcYPc24e63rw0^DQ4ORA-&>6A-rj(G2T- zLtSA_I`?@#)jm^4a}vHM?4P%M2!OYIw4E5Gc{Wj;?0jaqn^@O%T52Pfg<8b%dX{y7OxSUWd85LVk&nGD|YQCVmXPQts0i>1huq|K_q zDpR+T$0_u_Rxzb$xAw)qEYR_$lVp#s3l7n8Jn?3t>j|^zD0Kt~`&M?k$k~DGRr$6a)icu8dE*EYW>q_mH~Oc~46L%G zmv<_c3yNIssBGl2io5S(Rp5gCAiCEUUau*Xxf-QYMx{4VD3A9rM@JA_50@*Xf?i3p zIL>R0^AgX)Ec?9EPqC&pH<_{Nnz2RzAfHj5+9i{_5H@JiRhs zF|#o9P0J|t>@D#)@jH%5Qo_%+?>=wTuY9{nH6y#wOk;UmkBdiNs?0=aKB`pv3Pqc4 zMtElmzdVfd7#)F$9O-ty2CW=LzQA4^)#TBKj?t+{lf_OH@Z3+M5fZ5p+;=xv_q}kW zBk$7FnKp&@5-#DFBAG4-zBR~%HJp54H?q!wqs$t)PA?AarFcOd-Su)YVZoO!v3L?U zYwpweE*$t*eq5Zw znX|rd=vLeXt5g@$Fx;|EBY0h;jjUjgz`Sm7aA9KT6H^(#1Y5@GrYzhRhWa zERN^W76Eg&Oguk?h<2x+C2$fTQxokn(M}Bye>+d#XHV*y|4#5!ZT>Uy#L4*69Fy_{ z3)kr#eNJC1QKQ<#TXQ?{Ag_Px6|C386$j?ZxH;4Ls-xXU2k#}{S($VpyjSencMH|$ zQyxAFBMFLeKao+;+7%X|0C$VYnWI(ECr)PEOtW;$=yC|>%Iu4NP|;EnIwE(jpyy-T zsL0!@BvRxvCaj(>q3PyLy;+wSPIuE2rW6XzLhXbXKlVvXuxJxt^Xy!FC$j+@m>`Fi%&!=<8axbPY7wnG4NSuQ-dyN*Kwj&Iiw& z!B;oGWx%@C6g%z~M%|}H8>2;_ZwJ34sF1=D)M@cf?nD05T2+@b`x0XIl2q~KQ<)U; z&p$F2zA#Lh8H&;*)i%0TVl~bZA$${OfZbB-vAL+bb%FHL)42@OKDsvvX{yNzW;)Nu zT5Ht2J(m8~9OjA(bG-m_Rlob-G!7woT-X=W{WnIU(PB-d+)NQBm*@*=Za*LyFW%i` zGQ)Od7+y?h$HO-B!P)g&ulI8^Wu@HW3qF6l>+S%SwN{&JV#)J;^lJbK5ALNzKRz8?Q8*(o(c@6n4aRdzWQ8d3MA}?&8etzKn8R zmPC6MqYqNPa{fI0#14GTi_cu@t{zkL)SF?vnmiFPD5oY}--!qi%7lxCT%$)|fFQE~WVt%YJFZE+^)un?;{LrdzgtiUeiYi7Y_%jUDUj(CRTCstOB?a;{Y zLgE_pYxcXZuiL%q^@~TmO`o;@x?pfN)il$^PgEg;F*j>6`c67RIxkm*hyL6x_-;Gb z+7-gWo(ZecjBhZnJfWzY;dI7t2wccU@>0gPgUZCOl^n70Qw^aRghW`Lll>5<)a*4O zmPg_Jo{^VYK50z{q7Eb$9JWoe>h z0web0xBg*?w2il(2ymZW=X4e{O)lgeexO6y7L((0+CaH)u83c4w*SrT&+l*boaV5U zduYX~z@hNm(G|bdJe;6JHq$3Lg(Iu$lhw7y5;yMlUUGOPa7RX+$F3@(Z@;X$Y)41k zDqGG%T<2c#ZU(E8j$;+5V%`$j#qnv+eh;n8pHrjW`>q~Ls8d18{@o^sqGzypqJ(&2O9bK(o&3*ifb!#z}uDwR-8noaz_{XT z$q}E}WGZW?mYH7r@<>^UB*lG>W)5O9mLMGM8-b-Hyr(KND2U=|Vi_Bzq~9_&a}_J_ zo_m2qZvN8QAS0sH1aUguxi!64?j7A^OU#mHqOM9g$AAjkMK#uYgxpcYkYVf$X0gKc z9O-woyhjMQYaa)SI+HekqKav}YEK%Q?gN36UX{K=!nyKBQkSd zsBEN5`=qD$O?!H^r=2ld#Va$6IJJ3M^=2078G7!QRq6XjFRI{)pJS6G*=8gqv$<52 zfptptme-TBupAbS$m6V>v+vJc>!Ea9;k{3)pFd6sBcda!yAg>sd$EcCC?21?q^h_d zPELX(PeNPTed(hiwYBMG3apT{Q<7r%OSu8}Dd`g*5#Bf_Lcx-s{$$CM?KHDyx|C05 zdSOetmYLx>wO9fgwQH-<1=A5pjMYhmi6hv2`I6?0Gz57!yt^cIuTz>B2Qze^Eaxvc zsoZ^y#LST4dT}hem(XGOutY#ma#m0}v5J zG3Ns};_h^lz+&Im%Vpg3I7ab79Y4C^s!TCXlS&*OWm@4;qT-&;v%Ug)SD0AxJJkrA z^n5gB*m$*PYtPQq-ty6uB7wsgU*XfFbCki3B-V~+&IRK`y=LpW>RpSVTI+jW9s zA*q6bI*@{l_d;_;C=T}N0eC>5`YZzza}7J=t^9)f2_ZPao0R7Gaj_wWiY3RwFSN%7 zP$*Ttz2Ur)lE<>bCrcD}o1~tUF(D+O5+|B*#VpV-B!f1ck(*@&_ri`^yPTZ6F@Jx} z89v_W>ktJpMh>OZ%lGOEE4(L66SJ$8>*I4YtWN}mI@l=(T=_Ihwl7swO@ug&CtT?x zEZO+!U0;ZaNm0}4>FASc^p4R%IK~XUr)sAg282(m$Pe@429B`egKP9JN7h|a3YNYc z-av*|AIYM0cK8l$U9jncHD7%ErmTmxV{a4JdQXkG=PhCLU1=JTNs=voTIF0~;H+v~gXj=*>5R52w2 z^7e?u`E-#cE3Abc2t;PRtN6K8O{J+|P_v%*C+F_Oo#mTW9sVkLPZb{(BR#{{L|Qa8 zH?zq}>Y83Bi|=k!5SA|0cZ78$%o}V!x=`Iy!jsJ=G~)6EYPQs0y5hy#mR+?`O%5et zvX(c6R!H4Jh?;7Nzjk2UDv85-bZYVDE%0h^Xw}R@&a$jb2jybDJXE;%M2mYni%;^F z!}p3$9U5&CAIwkctaawnK*AmZ>`uH*KLvbTe>LCnQ_XqRy;R5NmS$e1TEiY zpJcSH#Kp98{Mi;S0eA6xa> z(0H=ZHuz)3Na5Bv!&^An-dO0yq>KHMV>n(Jmfx1Uk+fN;-$kv~=-BT?3!^ntUPY2G zx=t=O?NQ@mlRw}b4<+fCIdO#VY+ety=Z%;4!!5Q`WHfc^^P$lmw!?P*TGh!$e&nJP z$3N@I#i)yu?Q6VAA2HZPmpn5F$h`F^BztH^nN9CKV-zlgHD;xBpBb{f#6)fdb2pz+&%9~jB z-&aE3^(!RDex}wC9d2k4@S`Ay&fb2Ib1mtS^xT?O)ST1ZHqo6YrTSIoHU7fk9c^MX z!?*fjlZdBoTJ)Nzu%zI)VD)_`8C4pSQoQDsyQhc+Rtz8V|fmX74V&8tB-Imj4Rb0L)E5dCy)c0J# zCDYsUTc7Zo+pj!(BQH@rZ*hR#Js!XY7eeB(DBl)7D12xU=r_EZw%@sQ?M+jVUCFI-QQk}IUo?WR7 z$k%Lj8y}_>DU@A&5tx@s^@TgF5}Vu4e3;=4o2zl9BH!lTw15s z>6u_}s!V0>p6#yVw43?e<2tX!ZtT>3GVR%u!#}I~VumqCOxRe@WjZKtb}!BPlCVYW z_e^8ygm_A?4?)CM8lg9De}&e#3Hq>H4Ap;eROt9z2cnovL$Q%dQn0k?Go4~Y@s+oY ze7tv|Ne{DAw;#GBCL2UII2Bd1ST(d3dtyE5GJ7SMk`W?l63RT%r~S%*Uov86FlykO zlUnV%fuGQ&`Tm^GTm93YC1`|66Jwxz+^)D;OHHo^t1ip!@5Bv+A`INtLLcKp*}v)! zr_P)_yGUB1KpMt7|6*oupwFm6VM13K$sAKZd6vc1(y;QfuF|e`IPAr@8rtmpuE_SW zN5qX@4r_I5)hBbW&Am;mxlyd#xTxYYq_^{0Ob&nH7<9wq$TYUny(@zR^iwnm6Lw2J z_eVtE7R;%^Ucj}DQ_sn^X1I;J4YR+9Kc5vql`BK+k%ya{nx3+mk>dYk>br=SVcE1l z(x}??HK%RaME+n7Fj{%e0yd8?&R><1tWqf7GS}_HHd>W^^=&k_zuukP1aJdpQkt%Z7N@cvlUUT(`-P8r#+ zJrvIVE{g4pTBM>r9Z%_K&8kN%M7m+7)URQ4wt(^{%REUN2+z_hf2FIQw7v_ynlhFQyla+`4d_tkfM2{RwO5TGfzlf3LT zsKRyVV==R~GW^7^+t55(!08 z)TR5palME8l2tZBgu2^A9<_Y*m@9xY3=Le)S#c$Jc*gnJgvYq)?vRpmSG4+$sYMdA z!8&Voz;n+Bk%>+1%OUOwNpEYQXT8dBN z>siM+6M;}isykx_HUrcjI3A~%+B_@1*$Kzf>D{ewITd2SdwL^Fim8#E1nKd>wXU}X z4;NwMJkEZnENiwsb*M<~dzOP}?0m=kqrnvCez_LY0gHPsES`qxgI{$nXN7*AJo38m z<4uifx6il|{;hQV&1RzG5*19+6Dl@*&ckVjii`gHRs;6-`C%Is_Zfz$G_BhkHw$CJ zWmvo$u&xP~=TU0OuiIogSIhOU?K~cwVlQ(|5c>S$110lLfmZm1F>i3rr6oz!%+=ql zKvSts?9p8O3e&S^Px?5woJGxNcf79kynT-R$nE#VL<#KCmWoEy>@D9m$YK|?6k0Wy zt&x-b_8mL>zNdt7^R8%6fcjhWk?X=V$z1KEvNee#mbUiEH0@X~PQQKga!hc{-R@gC zy&g}PZ*XnH@TeWWFqYET_YK8G3Dnta%zE&hhNBS3IvxbV^7q-SgT1-skGZU-$1Rdg zn(EdIj96Z>$AicsEsg|;%JJA6lk(j6O+4-s7EeIB>U!UsA<&7Os!PW&h`p>`gjqT3 zW{l8`H1iYW+*Nk6E={Rf!U4kV_gZW_?)s0g&Q%XAx?JAAyR^3J4qbHH z-sfW2C0{wom~{Q4`STLX*Hm6YPV<=y6&}ATGGcP8FFcJk zx{3oYf~mr9j5P{|+kb+gM3pJ-!hDpen)RusJ(gO7#yAFk)eDRZ-Aq9xJCS+`+P5F$ zN5@V*A^m{E(sWWvj|xiBM5{7USiw>&*=H4Y0ghvF%bxD_*XlmC`e&IOs+l)#$6D-L z9x`mJD_55D&m5!&6A!-l_ij6d}93tNpNxY5WE2OK#?iyaMG3QBrZ)eKZ zMSoz)cj2WQ!4Z+9mvlIp{5(|B4#&;=O>7Tg57iNG0kL-{hH$9`-ku_IbPb_D?r+gu zeYGS&FViuHv0UbH&6N^1pJ!K{1C+vUC#6aSyk)Hykkvgk(Z-L{&{dE?7Hx!IaErndlv&#&p<4^ydsOgg&D@2=pz{8Dsn z404)=PAY@tXs{Pa)=46)x>op%n03Mq8?)&PtSxL?d3Okfz_qD* zdT2;r=(In-a$UeEwYuoBN`J`om)zFx!Wl0H&v|Ok8r zyIo*Z2yx@(I>&W4#X(qG@?x^WZQs2DpI%MDYP$UQ7hl!A5mtQmg_uk>HaY{ZZ#aX7 z%nMe2Jt5!6J_sRu=24oy<0UC}1E=?~1W7y(%(}gJ6Z9G3nz!&DG+!$sD7Z8+qN9-BntNIIwV1&u8U7lVe)_BvtPBRB7DfA7+h z@ru7N6p8)qz0a<#snpG{rY)J>yPod!c_O3pUv}x(zCP^a4(}z3d=<_}`=x)`g>HKr znk)Ml#}4^X-0egTgVQw*;#U%51ujl9cTegjlCkPKF%Z#;Gl&jRh`l<;HmtfTsi7i7 zdpbXRwlm`$XN{bPFYj2hkn|M%#b*8$rv2)z&$Uv<7?p4zrP+2z)aH_lZDIZx0ee^1ez}GXa4w_8u9Y@G=kYhdd7+1@}_) zonMoXR(7)4eWJtJE84@Wrm@{{m6pH4zuaMT{_R31vQzn5RMr4f^@@!$>5H=N1}2^E z-qEfH9mE5V+s6y2^e(v;Y($@2n~)Vz?wzi^M{u%+lY(JS4_ihQ-?CPRhr>E{N*?Ch|^L-JUbl7=O zQo8X;KVNVxa=WUnm~gjyZjbvSX9IJz=wMz_)@qh=?wzU=(8VST<${ey4y)evk=_S& z=~YWj(sG=}(Tg>u&2!Nnsv_=wnNwETLUipX*u@1AA1doyxtW$Tk=ju? z5v|#C$S|ST(8BDsPL9x40dh{2Z*aO)yo=L=5}lpuC6*gAqT`>RYGqsJT^8$!yVVzcD=69M>0UA4 z>Xbv9_oGcwBvYz;)sCXa_s+%%K3xaw`e#Vp%cbn|jD)GWmuC=Nw_Z%K7i*7U!lxD#SWM3Lyn) z4-e8zz@W~Yx=uO?erv*lKxn~#QJbNml>^cqW@HBEh8vn&bN}}{7Ytl-aERq%?NeY# z1A&xqLm&rdF#c=j0sX(v{>Czd!>kU&nmFHYZ3Dt4_$bAHB=A!Wkkbf`us1g`|3Uis z3p$bNDK1sv1!6&Z0!Xj<7;2dXhK49uW{b{s;te{=bidpVlS;!QKpt zfWwSohL%5#<=6iQU3aXW-bW!WMgFuGqQ&w&ES?l%Cp0o zCQwSO{thh19^4Oc@WRjkn#1y6@g^{HOB-uT7qp7d8Y$3UBZfd2fhmBCCw^(K@sIpP z5l|qnEgbRV1@VVPuKd(j5(27HegH?+$PW2m!Im&nI09-2GqQkN8>5vwP83f*3Rp2e z_!9@)IRCY7`oH3>ZICb|dQIcZ@JEz^fs6qI36%Xydv@WkT+9QA^yYsWfenH50H@>p z1qy-WbN&@;kAPVtO>8ijG86JqnlO-rk)NPkWUz>l=&A7 z1hOT31OhhFoL~s}fw5ZISR;SD=NQeS8y^I-Z zWMvGswE3~^cG$4gVsh0>!IY<*00N;$AqvX;foScBw$s!O-%cJ(paOvQP~~G)`~wYm zthwcn7wR6C&to8pDiQ?bN)VjRp~%OhfthFwvqz5;7E0Eu1cqJ$l!%Ih*#7}%ZiIe3 zylEVhg}@+h0UYWe?>he(XKrH+L!b{Lr~JduhXIFqLv>h2r@NS;CYUt1IlFL`2*}6- z4DkYr2BpI=<4g^q_6Rr}eKc~Vsbwz#!^{Yb26dRDqyK<3w}(0+t&KAr-B;3jojy{ADEY5iZ zgN=Ps;3=qC!S>VNfKXc)0*Qg^aAWk+5nzoaAeo^$;niu(Tzi=1k4u^khlnW!i8wuA zI~>4v=ut+-XBjgNlO<+EkBI7HK_K{m$bv$nUB^U24d&=7nu^Yh066fNas0#7nhij8 zum-+ykdt8cpvd}}4nSFLV`UDr1cd?27OmI3!P{Y50y3@vc~J+*at{;r@ZUlw?T7gN z_6QJtmO*kwP1}$6|ID>T*q9>VNc2uQOWq&V4#WjjH-rpDwXPJ{5L39ljjjEUO!(tx zbfQV>uf=`24Qg!%2!tGk;ZBK`fv)1^ETz5l1dQ)8h!Chndx$GG1oXkt-1vXP@b9l^ zN8s42-5aGq3adARiEEQHyt+ zNpvtH8w7f(Z0nFc?iwKT1s@*Qh&gm1P|ic`Vd%5yY<72=dN9D}o@Xq7TmtDYTrUULNxK-RE=TtH5iVK@EpG3eZ=7 zU_p&x=oe?2iQi=Tft3IsFtVt;NU-$vOX2m;kN@i@6mE+?=yMBrD)@pScp`Y1rv<8n zKkyLfm-h_(=6R5ygc1hP6;-~oct`)hvobeCn?mq0N#GB_zfgl)wjo*+dKb-ziV^h%b;?PwxIvH7$*V}T7^FQE za|E%mNPR;K`o{yJ2&zy=-O$kB7?wKk3FAbng6!A@%0$#ar0b0igRnIEpM#=RmS=cg zn&Ho0qNbFEVl+S#xV;g2t-F7@u|)-XW(%h7sOk!+KnDWh><{WH&m`W)12b)5U|y&` zH2e__%@izTfCT^>2ZRy&3O4D~U^m!dgq#HG2Lk@mSmrSBkPcwc3-M=cNNRLc5pX62 zkhD;fjLjMv?7^fC0k^e5pJa@co#py~`I~{N1+_TV$2#_VTr)HMvuu&)RRY{WNV^SO z0d-^@Pol%w*jS*Ki&4xdQyLWQI6!}>Hpfnl4s=kiL&3(IEm%}SYjfRESX>bR*7KV$ z6w;#sV%kKQ6ei+o0Qx%U9qM%2i4_e7Ec2l6pUknz>SZv9#$XUpLytY!lld(_+1T5H znK}AY=YMDUbuMs%E?{G*1x%_88r0AE1A4K9bjP2Z25DpuXbP3(dmAka0ZL&w`jnaT z$Qxe+q>yA_q^P#=(F85a-VD7^&+VOkW`M5lfl3zDFK;`e16lmVNb7rv$gTl1ILPIw zx)1b2$Fp=WHODZexfBx#mpWL81~nS0FXBg|Lm?cYFiUe7`hF4y@J!$W<-Y^UXZ|Hx zKp_4pm|(X5Rk!HZS`@QlPtbw%I}8+vn#emdFhS9aN4mW9!2m?BfOeq3Z8lDF&tySYbiGv+|we&a(j_pg-Ni6~bCICfGlll3=?Z z!y;bwPHx8;AQ+GE;qXWTHo|^$Q(G{;Kg(vc-DPTP(8>n5<=@s0Ov&*u;V?~H+B>`m z{J~g=fmn;`tMWn^V8(D;^kX|4bwB(IFuQ)>7O3I&_?17f{@FM~+tZG4=E+hPu=*)^ z*k{?~F#&&8Y-o88lfnr>27#!64x^eeojoQV`Z?NIxkdg}U~*l+AyCz3?uLN`H?~2) z7L?&we%TCE3^AZ$K;3(r_QAwL8X?SW?af`$*9wiv2$YK+c8I8COvHmN6|_p5 zy0UCMgAKm23KA)5;1qp>0S2}spct*Bt^7^y3lN|*fcj8XXH<`YcW}}Jt!&vrUF9Eu z>Qq3aLyaakTQRUe5C%JAmYC(U9Osr20J718p+ya#mSY&0mNrIU+vz76t)RShbVsp( zTSNdiLxoPx{}Jk73#JRk=!f}pa&n9ZFy~~DJ5V*rv5gsuepB$f5_Y#gGwI0psOliSXoiB871eRanL^vEWR_A7w5qu7jP3) zDJQ@r7;VD%)1Co-_Y?^`z!3o)YJOA|!;Eu4?{bdxxY&~*$lnGUq(|xUOG%6{TN?!W z;G({sEps1;=KPyz19E?$q0c|wY6?1Pz`M*O4)^nc5(XINGgFxF@O<6*D7VpmyK=rOIR}3&r+aos$zEC^_7Tg5P4pslgo)}OL)*wKkcY6H7J5F<8$o1fz*MgL8a|h6TLS87+rFCvfvD zFbqauWvDXUZbQrY!%Bfi{q5`;;F$-Tw5aMT@B9M`>Ua^YXyI;nnm0k;#yJkpyvqB~ z;6PTzaE9!B@J&`27(y{18*0@hyMY$;zdJ7upIpHwdq~X-5W}2@9ei{L4apvEWorqf zLO++U`ZS3n2t=|6fedwBONE@^_aN(lK)?ZtKzT^N=T z09(&Ght*vmhK_@A#Xr-)hb$i~f^)DPRyPOYUyv=r+>!fV^&q(wm!AL^ZOYRZa)mHgH?}z?qWebvafTijDH%Cc#a(Q7)mfFLMzn)>0iYi7A(Tg zpdQQ`AvWLvwfrwlG5|9Utc4wHycyXXEPfwG^2LR*0)v29f(I1zzqCP2NFysS1{h`3 zo6b480x&e7%cwHC1Y(d8{$sL%5t&BPyrT|~7T{s}MM4OqAn4CXD8?~P6S$I}3|M_w zhv!7n!GB>|*%+f6>&??I$D#lc2M|$9weul=A^vHA;Nf3R!2vc9JgA1fiwO&se8F}( zI7)GNu&=xv*IEM{g5S(BITVA4mSATHlR3VxBf&Yy0|yTXP`|YHFbp^hx^u2xZ9W){ zBfpIXYd8kdziW*L{(?jp9qwwTS%pymAohZX@fXP;kYf>lARcrV198P+`N)Ce<%0*c z$nC^LwEd^DM`tYSgESX507wvw1gdx*kr>4L3BxoP%Pww~3xIeJs1VifN}~Qq#Ox!Q zpMren04@jA4+mrXUmK6cg#39_4_%*G{3g2(Ld=15sJP>C7;t}bj6q*48c84>D@Y)y z9k#`c`*H3GlMW-RFY?y`1f3TLzp5Dd+$Suq&o-SU%CX`1C;x}G`5rjlBM&H^Ns(My}(}& zf4)-Qx+_3kg#rMh5B@$_n!#|^ zVk%eeBy$*$r1&ssujMxo5}f@8-^oH-E%!g{dR)Q_fh0&Bt|s-g34c`ykmyIMM~e}} zW*emjyQCW8hf6Nm;KP`MI_nP`k!%_2XZ?WrKyVKq+j&@V7=>x0>MIL_vlI{oPxWwd ztM&RY1s#xerGbXPl;W56e)lj37!AhLk1=0VlA^(S-+N%cV6X9) zW_W?IuN=%pQ0E~W!M{^5&W&c;>urj`;>R?Yhk%8$Um8!;VGO3V1@3-20v4bY z9MCDC8nP01s+)5HgE_ z=U{GWZ*C1W16$QlTl3$hG=y^tw}5Lvzy{Hw{eAqvj99{>kTSMXf?j}3l0vhaV9`G0svD=3g3VSku! zO}Hv_pbu&ApvL$Y82AV0AkD4K4})ZjL`};M1O$3OEzwyP(F=M2`Z4J_%)(-xUwjHC z)>lFCN`JuoU!z*Wz;d<+-y($@L(y0{eydI&6r{16fXMPc(!mc$sfd4svqP=||AmIh z+$+X|6?8#jj0dX;>?qVc=Knhtjomj9N=K(3hd}&<4uh42(S!fpZ27s^4gEQlJgn6n zgm|+$SY!wQH34d6A}Wg>Y;9u3VM<)@*t8O z=6vF_Ja;ew2>Q)t?r5RsAYG6@6Z>J7U7&h$69_+}pu|Kq#B10T;=_5x|_#9IQQnXFSWWc>$0WpvT~E{Ldl-2;k`T+ap|Ah#454`^`Oz6S20vNyNeef3=CM2(bWp9WxSj0n(aYw;2 z=wEKvHF2nyPv`72Jgab083D;2u zP!S0O4@FgX&eUJY;AY{&Rq+Ay@a4k)34HR@@xLkKm#c<i;G+bEC# diff --git a/src/oidcc.app.src b/src/oidcc.app.src index 772708d..cc260ea 100644 --- a/src/oidcc.app.src +++ b/src/oidcc.app.src @@ -1,13 +1,10 @@ -{application,oidcc, - [{description,"an easy to use OpenID Connect client library"}, - {vsn,"2.0.0-alpha.2"}, - {modules,[]}, - {registered,[oidcc_sup,oidcc_openid_provider_mgr, - oidcc_openid_provider_sup,oidcc_session_mgr, - oidcc_session_sup]}, - {applications,[kernel,stdlib,ssl,public_key,crypto,erljwt, - base64url,inets,hackney]}, - {maintainers,["Bas Wegh"]}, - {licenses,["Apache 2.0"]}, - {links,[{"GitHub","https://github.com/indigo-dc/oidcc"}]}, - {mod,{oidcc_app,[]}}]}. +{application, oidcc, [ + {description, "OpenID Connect client library for the BEAM."}, + {vsn, "3.0.0-dev"}, + {registered, []}, + {applications, [kernel, stdlib, inets, ssl, public_key, telemetry, jose]}, + {env, []}, + {modules, []}, + {licenses, ["Apache-2.0"]}, + {links, []} +]}. diff --git a/src/oidcc.erl b/src/oidcc.erl index a372378..106615b 100644 --- a/src/oidcc.erl +++ b/src/oidcc.erl @@ -1,448 +1,362 @@ --module(oidcc). - --export([add_openid_provider/2]). --export([add_openid_provider/3]). --export([find_openid_provider/1]). --export([find_all_openid_provider/1]). --export([get_openid_provider_info/1]). --export([get_openid_provider_list/0]). --export([create_redirect_url/1]). --export([create_redirect_url/2]). --export([create_redirect_for_session/1]). --export([create_redirect_for_session/2]). --export([retrieve_and_validate_token/2]). --export([retrieve_and_validate_token/3]). --export([retrieve_user_info/2]). --export([retrieve_user_info/3]). --export([retrieve_fresh_token/2]). --export([retrieve_fresh_token/3]). --export([introspect_token/2]). --export([register_module/1]). - -%% @doc -%% add an OpenID Connect Provider to the list of possible Providers +%%%------------------------------------------------------------------- +%% @doc OpenID Connect High Level Interface %% -%% this automatically triggers the fetching of the configuration endpoint -%% @end --spec add_openid_provider(binary(), binary()) -> {ok, Id :: binary(), Pid :: pid()}. -add_openid_provider(IssuerOrConfigEP, LocalEndpoint) -> - add_openid_provider(IssuerOrConfigEP, LocalEndpoint, #{}). - --spec add_openid_provider(binary(), binary(), map()) -> - {ok, Id :: binary(), Pid :: pid()} | {error, Reason :: any()}. -add_openid_provider(IssuerOrConfigEP, LocalEndpoint, AdditionalConfig) -> - BasicConfig = - #{name => <<"OpenId Connect Provider">>, - description => <<"a minimal configured provider">>, - client_id => undefined, - client_secret => <<"">>, - request_scopes => undefined, - static_extend_url => #{}, - registration_params => #{}}, - ForceUpdate = #{issuer_or_endpoint => IssuerOrConfigEP, local_endpoint => LocalEndpoint}, - ConfigBase = maps:merge(BasicConfig, AdditionalConfig), - Config = maps:merge(ConfigBase, ForceUpdate), - oidcc_openid_provider_mgr:add_openid_provider(Config). - --spec find_openid_provider(Issuer :: binary()) -> {ok, pid()} | {error, not_found}. -find_openid_provider(Issuer) -> - oidcc_openid_provider_mgr:find_openid_provider(Issuer). - --spec find_all_openid_provider(Issuer :: binary()) -> {ok, [pid()]} | {error, not_found}. -find_all_openid_provider(Issuer) -> - oidcc_openid_provider_mgr:find_all_openid_provider(Issuer). - -%% @doc -%% get information from a given OpenId Connect Provider +%%

Setup

%% -%% the parameter can either be the Pid or it's Id. The result is a map -%% containing all the information gathered by connecting to the configuration -%% endpoint given at the beginning. -%% the map also contains a boolean flag 'ready' which is true, once the -%% configuration has been fetched. -%% @end --spec get_openid_provider_info(pid() | binary()) -> {ok, map()}. -get_openid_provider_info(Pid) when is_pid(Pid) -> - oidcc_openid_provider:get_config(Pid); -get_openid_provider_info(OpenIdProviderId) when is_binary(OpenIdProviderId) -> - case oidcc_openid_provider_mgr:get_openid_provider(OpenIdProviderId) of - {ok, Pid} -> - oidcc_openid_provider:get_config(Pid); - {error, Reason} -> - {error, Reason} - end. - -%% @doc -%% get a list of all currently configured OpenId Connect Provider +%% ``` +%% {ok, Pid} = +%% oidcc_provider_configuration_worker:start_link(#{ +%% issuer => <<"https://accounts.google.com">>, +%% name => {local, google_config_provider} +%% }). +%% ''' %% -%% it is a list of tuples {Id, Pid} -%% @end --spec get_openid_provider_list() -> {ok, [{binary(), pid()}]}. -get_openid_provider_list() -> - oidcc_openid_provider_mgr:get_openid_provider_list(). - -%% @doc -%% same as create_redirect_url/4 but with all parameters being fetched -%% from the given session, except the provider +%% (or via a `supervisor') +%% +%% See {@link oidcc_provider_configuration_worker} for details %% @end --spec create_redirect_for_session(pid()) -> {ok, binary()}. -create_redirect_for_session(Session) -> - create_redirect_for_session(Session, #{}). +%%%------------------------------------------------------------------- +-module(oidcc). -%% @doc -%% same as create_redirect_url/4 but with all parameters being fetched -%% from the given session, except the provider -%% @end --spec create_redirect_for_session(pid(), map()) -> {ok, binary()}. -create_redirect_for_session(Session, UrlExtension) -> - {ok, Scopes} = oidcc_session:get_scopes(Session), - {ok, State} = oidcc_session:get_id(Session), - {ok, Nonce} = oidcc_session:get_nonce(Session), - {ok, Pkce} = oidcc_session:get_pkce(Session), - {ok, OpenIdProviderId} = oidcc_session:get_provider(Session), - Config = - #{scopes => Scopes, - state => State, - nonce => Nonce, - pkce => Pkce, - url_extension => UrlExtension}, - create_redirect_url(OpenIdProviderId, Config). +-feature(maybe_expr, enable). -%% @doc -%% same as create_redirect_url/4 but with State and Nonce being undefined and -%% scope being openid -%% @end --spec create_redirect_url(binary()) -> {ok, binary()} | {error, provider_not_ready}. -create_redirect_url(OpenIdProviderId) -> - create_redirect_url(OpenIdProviderId, #{}). +-export([client_credentials_token/4]). +-export([create_redirect_url/4]). +-export([introspect_token/5]). +-export([jwt_profile_token/6]). +-export([refresh_token/5]). +-export([retrieve_token/5]). +-export([retrieve_userinfo/5]). %% @doc -%% same as create_redirect_url/4 but with State and Nonce being undefined +%% Create Auth Redirect URL +%% +%%

Examples

+%% +%% ``` +%% {ok, RedirectUri} = +%% oidcc:create_redirect_url(provider_name, +%% <<"client_id">>, +%% <<"client_secret">> +%% #{redirect_uri: <<"https://my.server/return"}), +%% +%% %% RedirectUri = https://my.provider/auth?scope=openid&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn +%% ''' %% @end --spec create_redirect_url(binary(), map()) -> - {ok, binary()} | {error, provider_not_ready}. -create_redirect_url(OpenIdProviderId, Config) -> - BasicConfig = - #{scopes => [openid], - state => undefined, - nonce => undefined, - pkce => undefined, - url_extension => #{}}, - {ok, Info} = get_openid_provider_info(OpenIdProviderId), - create_redirect_url_if_ready(Info, maps:merge(BasicConfig, Config)). +-spec create_redirect_url( + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts +) -> + {ok, Uri} | {error, oidcc_client_context:error() | oidcc_authorization:error()} +when + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Opts :: oidcc_authorization:opts(), + Uri :: uri_string:uri_string(). +create_redirect_url(ProviderConfigurationWorkerName, ClientId, ClientSecret, Opts) -> + maybe + {ok, ClientContext} ?= + oidcc_client_context:from_configuration_worker(ProviderConfigurationWorkerName, + ClientId, + ClientSecret), + oidcc_authorization:create_redirect_url(ClientContext, Opts) + end. %% @doc %% retrieve the token using the authcode received before and directly validate %% the result. %% %% the authcode was sent to the local endpoint by the OpenId Connect provider, -%% using redirects. the result is textual representation of the token and should -%% be verified using parse_and_validate_token/3 +%% using redirects +%% +%%

Examples

+%% +%% ``` +%% %% Get AuthCode from Redirect +%% +%% {ok, #oidcc_token{}} = +%% oidcc:retrieve_token(AuthCode, +%% provider_name, +%% <<"client_id">>, +%% <<"client_secret">>, +%% #{redirect_uri => <<"https://example.com/callback">>}). +%% ''' %% @end -retrieve_and_validate_token(AuthCode, ProviderId) -> - retrieve_and_validate_token(AuthCode, ProviderId, #{}). - -retrieve_and_validate_token(AuthCode, ProviderId, Config) -> - Pkce = maps:get(pkce, Config, undefined), - Nonce = maps:get(nonce, Config, undefined), - Scopes = scopes_to_bin(maps:get(scope, Config, []), <<>>), - {ok, Info} = get_openid_provider_info(ProviderId), - #{local_endpoint := LocalEndpoint} = Info, - QsBody = - [{<<"grant_type">>, <<"authorization_code">>}, - {<<"code">>, AuthCode}, - {<<"redirect_uri">>, LocalEndpoint}], - case retrieve_a_token(QsBody, Pkce, Info) of - {ok, Token} -> - TokenMap = oidcc_token:extract_token_map(Token, Scopes), - oidcc_token:validate_token_map(TokenMap, ProviderId, Nonce, true); - Error -> - Error +-spec retrieve_token( + AuthCode, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts +) -> + {ok, oidcc_token:t()} | {error, oidcc_client_context:error() | oidcc_token:error()} +when + AuthCode :: binary(), + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Opts :: oidcc_token:retrieve_opts(). +retrieve_token(AuthCode, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts) -> + RefreshJwksFun = oidcc_jwt_util:refresh_jwks_fun(ProviderConfigurationWorkerName), + OptsWithRefresh = maps_put_new(refresh_jwks, RefreshJwksFun, Opts), + + maybe + {ok, ClientContext} ?= + oidcc_client_context:from_configuration_worker(ProviderConfigurationWorkerName, + ClientId, + ClientSecret), + oidcc_token:retrieve(AuthCode, ClientContext, OptsWithRefresh) end. %% @doc -%% retrieve the informations of a user given by its token map or an access token +%% Load userinfo for the given token +%% +%%

Examples

%% -%% this is done by looking up the UserInfoEndpoint from the configuration and -%% then requesting info, using the access token as bearer token +%% ``` +%% %% Get Token +%% +%% {ok, #{<<"sub">> => Sub}} = +%% oidcc:retrieve_userinfo(Token, +%% provider_name, +%% <<"client_id">>, +%% <<"client_secret">>, +%% #{}). +%% ''' %% @end --spec retrieve_user_info(map() | binary(), binary()) -> {ok, map()} | {error, any()}. -retrieve_user_info(#{access := _, - id := _, - refresh := _} = - TokenMap, - ProviderIdOrPid) -> - Subject = extract_subject(TokenMap), - retrieve_user_info(TokenMap, ProviderIdOrPid, Subject); -retrieve_user_info(AccessToken, ProviderIdOrPid) when is_binary(AccessToken) -> - retrieve_user_info(AccessToken, ProviderIdOrPid, undefined); -retrieve_user_info(_, _) -> - {error, bad_token}. - --spec retrieve_user_info(Token, ProviderIdOrPid, Subject) -> {ok, map()} | {error, any()} - when Token :: binary() | map(), - ProviderIdOrPid :: binary() | pid(), - Subject :: binary() | undefined. -retrieve_user_info(Token, ProviderIdOrPid, Subject) -> - {ok, #{userinfo_endpoint := Endpoint}} = get_openid_provider_info(ProviderIdOrPid), - AccessToken = extract_access_token(Token), - Header = [bearer_auth(AccessToken)], - HttpResult = oidcc_http_util:sync_http(get, Endpoint, Header, true), - return_validated_user_info(HttpResult, Subject). - -retrieve_fresh_token(RefreshToken, OpenIdProvider) -> - retrieve_fresh_token(RefreshToken, [], OpenIdProvider). +-spec retrieve_userinfo + ( + Token, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts + ) -> + {ok, map()} | {error, oidcc_client_context:error() | oidcc_userinfo:error()} + when + Token :: oidcc_token:t(), + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Opts :: oidcc_userinfo:retrieve_opts_no_sub(); + (Token, ProviderConfigurationWorkerName, ClientId, ClientSecret, Opts) -> + {ok, map()} | {error, any()} + when + Token :: binary(), + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Opts :: oidcc_userinfo:retrieve_opts(). +retrieve_userinfo(Token, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts) -> + maybe + {ok, ClientContext} ?= + oidcc_client_context:from_configuration_worker(ProviderConfigurationWorkerName, + ClientId, + ClientSecret), + oidcc_userinfo:retrieve(Token, ClientContext, Opts) + end. -retrieve_fresh_token(RefreshToken, Scopes, OpenIdProvider) -> - {ok, Config} = get_openid_provider_info(OpenIdProvider), - BodyQs0 = [{<<"refresh_token">>, RefreshToken}, {<<"grant_type">>, <<"refresh_token">>}], - BodyQs = append_scope(Scopes, BodyQs0), - retrieve_a_token(BodyQs, Config). +%% @doc Refresh Token +%% +%%

Examples

+%% +%% ``` +%% %% Get Token and wait for its expiry +%% +%% {ok, #oidcc_token{}} = +%% oidcc:refresh_token(Token, +%% provider_name, +%% <<"client_id">>, +%% <<"client_secret">>, +%% #{expected_subject => <<"sub_from_initial_id_token>>}). +%% ''' +-spec refresh_token + ( + RefreshToken, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts + ) -> + {ok, oidcc_token:t()} | {error, oidcc_client_context:error() | oidcc_token:error()} + when + RefreshToken :: binary(), + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Opts :: oidcc_token:refresh_opts(); + ( + Token, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts + ) -> + {ok, oidcc_token:t()} | {error, oidcc_client_context:error() | oidcc_token:error()} + when + Token :: oidcc_token:t(), + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Opts :: oidcc_token:refresh_opts_no_sub(). +refresh_token(RefreshToken, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts) -> + RefreshJwksFun = oidcc_jwt_util:refresh_jwks_fun(ProviderConfigurationWorkerName), + OptsWithRefresh = maps_put_new(refresh_jwks, RefreshJwksFun, Opts), + + maybe + {ok, ClientContext} ?= + oidcc_client_context:from_configuration_worker(ProviderConfigurationWorkerName, + ClientId, + ClientSecret), + oidcc_token:refresh(RefreshToken, ClientContext, OptsWithRefresh) + end. %% @doc -%% introspect the given token at the given provider +%% Introspect the given access token +%% +%%

Examples

%% -%% this is done by looking up the IntrospectionEndpoint from the configuration -%% and then requesting info, using the client credentials as authentication +%% ``` +%% %% Get AccessToken +%% +%% {ok, #oidcc_token_introspection{active = True}} = +%% oidcc:introspect_token(AccessToken, +%% provider_name, +%% <<"client_id">>, +%% <<"client_secret">>, +%% #{}). +%% ''' %% @end --spec introspect_token(Token, ProviderOrConfig) -> {ok, map()} | {error, any()} - when Token :: binary() | map(), - ProviderOrConfig :: binary() | map(). -introspect_token(TokenMapIn, - #{introspection_endpoint := Endpoint, - client_id := ClientId, - client_secret := ClientSecret}) -> - AccessToken = extract_access_token(TokenMapIn), - Header = [{"accept", "application/json"}, basic_auth(ClientId, ClientSecret)], - Body = [{<<"token">>, AccessToken}], - HttpResult = - oidcc_http_util:sync_http(post, - Endpoint, - Header, - "application/x-www-form-urlencoded", - {form, Body}, - true), - case return_token(HttpResult) of - {ok, Token} -> - TokenMap = oidcc_token:introspect_token_map(Token, ClientId), - {ok, TokenMap}; - Error -> - Error - end; -introspect_token(Token, ProviderId) -> - {ok, Config} = get_openid_provider_info(ProviderId), - introspect_token(Token, Config). - -register_module(Module) -> - oidcc_client:register(Module). - -retrieve_a_token(QsBodyIn, OpenIdProviderInfo) -> - retrieve_a_token(QsBodyIn, undefined, OpenIdProviderInfo). - -retrieve_a_token(QsBodyIn, Pkce, OpenIdProviderInfo) -> - #{client_id := ClientId, - client_secret := Secret, - token_endpoint := Endpoint} = - OpenIdProviderInfo, - AuthMethods = - maps:get(token_endpoint_auth_methods_supported, - OpenIdProviderInfo, - [<<"client_secret_basic">>]), - AuthMethod = select_preferred_auth(AuthMethods), - Header0 = [], - {Body, Header} = - add_authentication_code_verifier(QsBodyIn, Header0, AuthMethod, ClientId, Secret, Pkce), - return_token(oidcc_http_util:sync_http(post, - Endpoint, - Header, - "application/x-www-form-urlencoded", - {form, Body})). - -extract_subject(#{sub := Subject}) -> - Subject; -extract_subject(#{id := IdToken}) -> - extract_subject(IdToken); -extract_subject(#{claims := Claims}) -> - extract_subject(Claims); -extract_subject(_) -> - undefined. - -extract_access_token(#{access := AccessToken}) -> - #{token := Token} = AccessToken, - Token; -extract_access_token(#{token := Token}) -> - Token; -extract_access_token(Token) when is_binary(Token) -> - Token. - -create_redirect_url_if_ready(#{ready := false}, _) -> - {error, provider_not_ready}; -create_redirect_url_if_ready(Info, Config) -> - #{local_endpoint := LocalEndpoint, - client_id := ClientId, - authorization_endpoint := AuthEndpoint, - static_extend_url := StaticUrlKeyValues} = - Info, - #{scopes := Scopes, - state := OidcState, - nonce := OidcNonce, - pkce := Pkce, - url_extension := DynUrlKeyValues} = - Config, - UrlKeyValues = maps:merge(StaticUrlKeyValues, DynUrlKeyValues), - UrlList = - [{<<"response_type">>, <<"code">>}, - {<<"client_id">>, ClientId}, - {<<"redirect_uri">>, LocalEndpoint}] - ++ map_to_url_list(UrlKeyValues), - UrlList1 = append_state(OidcState, UrlList), - UrlList2 = append_nonce(OidcNonce, UrlList1), - UrlList3 = append_code_challenge(Pkce, UrlList2), - UrlList4 = append_scope(Scopes, UrlList3), - Qs = uri_string:compose_query(UrlList4), - Url = <>/binary, Qs/binary>>, - {ok, Url}. - -map_to_url_list(Map) when is_map(Map) -> - ConvertValue = - fun (Value) when is_binary(Value) -> - Value; - (Atom) when is_atom(Atom) -> - atom_to_binary(Atom, utf8); - (List) when is_list(List) -> - list_to_binary(List); - (_Other) -> - undefined - end, - Convert = - fun({Key, Value}, List) -> - CKey = ConvertValue(Key), - CValue = ConvertValue(Value), - case (CKey /= undefined) and (CValue /= undefined) of - true -> - [{CKey, CValue} | List]; - _ -> - List - end - end, - lists:foldl(Convert, [], maps:to_list(Map)). - -append_scope(<<>>, QsList) -> - QsList; -append_scope(Scope, QsList) when is_binary(Scope) -> - [{<<"scope">>, Scope} | QsList]; -append_scope(Scopes, QsList) when is_list(Scopes) -> - append_scope(scopes_to_bin(Scopes, <<>>), QsList). - -append_state(State, UrlList) when is_binary(State) -> - [{<<"state">>, State} | UrlList]; -append_state(_, UrlList) -> - UrlList. - -append_nonce(Nonce, UrlList) when is_binary(Nonce) -> - [{<<"nonce">>, Nonce} | UrlList]; -append_nonce(_, UrlList) -> - UrlList. - -append_code_challenge(#{challenge := Challenge} = Pkce, UrlList) -> - NewUrlList = [{<<"code_challenge">>, Challenge} | UrlList], - append_code_challenge_method(Pkce, NewUrlList); -append_code_challenge(_, UrlList) -> - UrlList. - -append_code_challenge_method(#{method := 'S256'}, UrlList) -> - [{<<"code_challenge_method">>, <<"S256">>} | UrlList]; -append_code_challenge_method(_, UrlList) -> - [{<<"code_challenge_method">>, <<"plain">>} | UrlList]. - -select_preferred_auth(AuthMethodsSupported) -> - Selector = - fun(Method, Current) -> - case {Method, Current} of - {_, basic} -> - basic; - {<<"client_secret_basic">>, _} -> - basic; - {<<"client_secret_post">>, _} -> - post; - {_, Current} -> - Current - end - end, - lists:foldl(Selector, undefined, AuthMethodsSupported). - -add_authentication_code_verifier(QsBodyList, - Header, - basic, - ClientId, - Secret, - undefined) -> - NewHeader = [basic_auth(ClientId, Secret) | Header], - {QsBodyList, NewHeader}; -add_authentication_code_verifier(QsBodyList, - Header, - post, - ClientId, - ClientSecret, - undefined) -> - NewBodyList = - [{<<"client_id">>, ClientId}, {<<"client_secret">>, ClientSecret} | QsBodyList], - {NewBodyList, Header}; -add_authentication_code_verifier(B, H, undefined, CI, CS, undefined) -> - add_authentication_code_verifier(B, H, basic, CI, CS, undefined); -add_authentication_code_verifier(BodyQs, Header, AuthMethod, CI, CS, #{verifier := CV}) -> - BodyQs1 = [{<<"code_verifier">>, CV} | BodyQs], - add_authentication_code_verifier(BodyQs1, Header, AuthMethod, CI, CS, undefined). - -return_token({ok, #{body := Token, status := 200}}) -> - {ok, Token}; -return_token({ok, #{body := Body, status := Status}}) -> - {error, {http_error, Status, Body}}. - -return_validated_user_info(HttpData, undefined) -> - return_json_info(HttpData); -return_validated_user_info(HttpData, Subject) -> - case return_json_info(HttpData) of - {ok, #{sub := Subject} = Map} -> - {ok, Map}; - {ok, _} -> - {error, bad_subject}; - Other -> - Other +-spec introspect_token( + Token, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts +) -> + {ok, oidcc_token_introspection:t()} + | {error, oidcc_client_context:error() | oidcc_token_introspection:error()} +when + Token :: oidcc_token:t() | binary(), + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Opts :: oidcc_token_introspection:opts(). +introspect_token(Token, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts) -> + maybe + {ok, ClientContext} ?= + oidcc_client_context:from_configuration_worker(ProviderConfigurationWorkerName, + ClientId, + ClientSecret), + oidcc_token_introspection:introspect(Token, ClientContext, Opts) end. -return_json_info({ok, #{status := 200, body := Data}}) -> - try jsone:decode(Data, [{keys, attempt_atom}, {object_format, map}]) of - Map -> - {ok, Map} - catch - Error -> - {error, Error} - end; -return_json_info({ok, Map}) -> - {error, {bad_status, Map}}. - -basic_auth(User, Secret) -> - UserEnc = uri_string:compose_query([{User, true}]), - SecretEnc = uri_string:compose_query([{Secret, true}]), - RawAuth = <>/binary, SecretEnc/binary>>, - AuthData = base64:encode(RawAuth), - BasicAuth = <<<<"Basic ">>/binary, AuthData/binary>>, - {<<"authorization">>, BasicAuth}. +%% @doc Retrieve JSON Web Token (JWT) Profile Token +%% +%% See [https://datatracker.ietf.org/doc/html/rfc7523#section-4] +%% +%%

Examples

+%% +%% ``` +%% {ok, KeyJson} = file:read_file("jwt-profile.json"), +%% KeyMap = jose:decode(KeyJson), +%% Key = jose_jwk:from_pem(maps:get(<<"key">>, KeyMap)), +%% +%% {ok, #oidcc_token{}} = +%% oidcc_token:jwt_profile(<<"subject">>, +%% provider_name, +%% <<"client_id">>, +%% <<"client_secret">>, +%% Key, +%% #{scope => [<<"scope">>], +%% kid => maps:get(<<"keyId">>, KeyMap)}). +%% ''' +%% @end +-spec jwt_profile_token( + Subject, + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Jwk, + Opts +) -> {ok, oidcc_token:t()} | {error, oidcc_client_context:error() | oidcc_token:error()} when + Subject :: binary(), + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Jwk :: jose_jwk:key(), + Opts :: oidcc_token:jwt_profile_opts(). +jwt_profile_token(Subject, ProviderConfigurationWorkerName, ClientId, ClientSecret, Jwk, Opts) -> + RefreshJwksFun = oidcc_jwt_util:refresh_jwks_fun(ProviderConfigurationWorkerName), + OptsWithRefresh = maps_put_new(refresh_jwks, RefreshJwksFun, Opts), + + maybe + {ok, ClientContext} ?= + oidcc_client_context:from_configuration_worker(ProviderConfigurationWorkerName, + ClientId, + ClientSecret), + oidcc_token:jwt_profile(Subject, ClientContext, Jwk, OptsWithRefresh) + end. -bearer_auth(Token) -> - {<<"authorization">>, <<<<"Bearer ">>/binary, Token/binary>>}. +%% @doc Retrieve Client Credential Token +%% +%% See [https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.4] +%% +%%

Examples

+%% +%% ``` +%% {ok, #oidcc_token{}} = +%% oidcc:client_credentials_token(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>, +%% #{scope => [<<"scope">>]}). +%% ''' +%% @end +-spec client_credentials_token( + ProviderConfigurationWorkerName, + ClientId, + ClientSecret, + Opts +) -> {ok, oidcc_token:t()} | {error, oidcc_client_context:error() | oidcc_token:error()} when + ProviderConfigurationWorkerName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(), + Opts :: oidcc_token:client_credentials_opts(). +client_credentials_token(ProviderConfigurationWorkerName, ClientId, ClientSecret, Opts) -> + RefreshJwksFun = oidcc_jwt_util:refresh_jwks_fun(ProviderConfigurationWorkerName), + OptsWithRefresh = maps_put_new(refresh_jwks, RefreshJwksFun, Opts), + + maybe + {ok, ClientContext} ?= + oidcc_client_context:from_configuration_worker(ProviderConfigurationWorkerName, + ClientId, + ClientSecret), + oidcc_token:client_credentials(ClientContext, OptsWithRefresh) + end. -scopes_to_bin([], Bin) -> - Bin; -scopes_to_bin([H | T], <<>>) when is_binary(H) -> - scopes_to_bin(T, H); -scopes_to_bin([H | T], Bin) when is_binary(H) -> - NewBin = <>/binary, Bin/binary>>, - scopes_to_bin(T, NewBin); -scopes_to_bin([H | T], Bin) when is_atom(H) -> - List = [atom_to_binary(H, utf8) | T], - scopes_to_bin(List, Bin); -scopes_to_bin([H | T], Bin) when is_list(H) -> - List = [list_to_binary(H) | T], - scopes_to_bin(List, Bin). +-spec maps_put_new(Key, Value, Map1) -> Map2 when + Key :: term(), Value :: term(), Map1 :: map(), Map2 :: map(). +maps_put_new(Key, Value, Map) -> + case maps:is_key(Key, Map) of + true -> Map; + false -> maps:put(Key, Value, Map) + end. diff --git a/src/oidcc_app.erl b/src/oidcc_app.erl deleted file mode 100644 index bbf8a8d..0000000 --- a/src/oidcc_app.erl +++ /dev/null @@ -1,12 +0,0 @@ --module(oidcc_app). - --behaviour(application). - --export([start/2]). --export([stop/1]). - -start(_Type, _Args) -> - oidcc_sup:start_link(). - -stop(_State) -> - ok. diff --git a/src/oidcc_authorization.erl b/src/oidcc_authorization.erl new file mode 100644 index 0000000..34e930b --- /dev/null +++ b/src/oidcc_authorization.erl @@ -0,0 +1,127 @@ +%%%------------------------------------------------------------------- +%% @doc Functions to start an OpenID Connect Authorization +%% @end +%%%------------------------------------------------------------------- +-module(oidcc_authorization). + +-feature(maybe_expr, enable). + +-include("oidcc_client_context.hrl"). +-include("oidcc_provider_configuration.hrl"). + +-export([create_redirect_url/2]). + +-export_type([error/0]). +-export_type([pkce/0]). +-export_type([opts/0]). + +-type pkce() :: #{challenge := binary(), method := binary()}. +%% Configure PKCE for authorization +%% +%% See [https://datatracker.ietf.org/doc/html/rfc7636#section-4.3] + +-type opts() :: + #{ + scopes => oidcc_scope:scopes(), + state => binary(), + nonce => binary(), + pkce => pkce() | undefined, + redirect_uri := uri_string:uri_string(), + url_extension => oidcc_http_util:query_params() + }. +%% Configure authorization redirect url +%% +%% See [https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest] +%% +%%

Parameters

+%% +%%
    +%%
  • `scopes' - list of scopes to request (defaults to `[<<"openid">>]')
  • +%%
  • `state' - state to pass to the provider
  • +%%
  • `nonce' - nonce to pass to the provider
  • +%%
  • `pkce' - pkce arguments to pass to the provider
  • +%%
  • `redirect_uri' - redirect target after authorization is completed
  • +%%
  • `url_extension' - add custom query parameters to the authorization url
  • +%%
+ +-type error() :: {grant_type_not_supported, authorization_code}. + +%% @doc +%% Create Auth Redirect URL +%% +%% For a high level interface using {@link oidcc_provider_configuration_worker} +%% see {@link oidcc:create_redirect_url/4}. +%% +%%

Examples

+%% +%% ``` +%% {ok, ClientContext} = +%% oidcc_client_context:from_configuration_worker(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>), +%% +%% {ok, RedirectUri} = +%% oidcc_authorization:create_redirect_url(ClientContext, +%% #{redirect_uri: <<"https://my.server/return"}), +%% +%% %% RedirectUri = https://my.provider/auth?scope=openid&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn +%% ''' +%% @end +-spec create_redirect_url(ClientContext, Opts) -> {ok, Uri} | {error, error()} when + ClientContext :: oidcc_client_context:t(), + Opts :: opts(), + Uri :: uri_string:uri_string(). +create_redirect_url(#oidcc_client_context{} = ClientContext, Opts) -> + #oidcc_client_context{provider_configuration = ProviderConfiguration} = ClientContext, + + #oidcc_provider_configuration{ + authorization_endpoint = AuthEndpoint, grant_types_supported = GrantTypesSupported + } = + ProviderConfiguration, + + case lists:member(<<"authorization_code">>, GrantTypesSupported) of + true -> + QueryParams = redirect_params(ClientContext, Opts), + QueryString = uri_string:compose_query(QueryParams), + + {ok, [AuthEndpoint, <<"?">>, QueryString]}; + false -> + {error, {grant_type_not_supported, authorization_code}} + end. + +-spec redirect_params(ClientContext, Opts) -> oidcc_http_util:query_params() when + ClientContext :: oidcc_client_context:t(), + Opts :: opts(). +redirect_params(#oidcc_client_context{client_id = ClientId}, Opts) -> + QueryParams = + [ + {<<"response_type">>, maps:get(response_type, Opts, <<"code">>)}, + {<<"client_id">>, ClientId}, + {<<"redirect_uri">>, maps:get(redirect_uri, Opts)} + | maps:get(url_extension, Opts, []) + ], + QueryParams1 = maybe_append(<<"state">>, maps:get(state, Opts, undefined), QueryParams), + QueryParams2 = + maybe_append(<<"nonce">>, maps:get(nonce, Opts, undefined), QueryParams1), + QueryParams3 = append_code_challenge(maps:get(pkce, Opts, undefined), QueryParams2), + oidcc_scope:query_append_scope( + maps:get(scopes, Opts, [openid]), QueryParams3 + ). + +-spec append_code_challenge( + Pkce :: pkce() | undefined, QueryParams :: oidcc_http_util:query_params() +) -> + oidcc_http_util:query_params(). +append_code_challenge(#{challenge := Challenge, method := Method}, QueryParams) -> + [{<<"code_challenge">>, Challenge}, {<<"code_challenge_method">>, Method} | QueryParams]; +append_code_challenge(undefined, QueryParams) -> + QueryParams. + +-spec maybe_append(Key, Value, QueryParams) -> QueryParams when + Key :: unicode:chardata(), + Value :: unicode:chardata() | true | undefined, + QueryParams :: oidcc_http_util:query_params(). +maybe_append(_Key, undefined, QueryParams) -> + QueryParams; +maybe_append(Key, Value, QueryParams) -> + [{Key, Value} | QueryParams]. diff --git a/src/oidcc_client.erl b/src/oidcc_client.erl deleted file mode 100644 index 7786de9..0000000 --- a/src/oidcc_client.erl +++ /dev/null @@ -1,156 +0,0 @@ --module(oidcc_client). - --behaviour(gen_server). - -%% API --export([start_link/0]). --export([stop/0]). --export([succeeded/2]). --export([succeeded/3]). --export([failed/3]). --export([failed/4]). --export([register/1]). --export([get_module/1]). - --callback login_succeeded(Token :: map()) -> {ok, [term()]}. --callback login_failed(Reason :: atom(), Description :: binary()) -> {ok, [term()]}. - -%% gen_server. --export([init/1]). --export([handle_call/3]). --export([handle_cast/2]). --export([handle_info/2]). --export([terminate/2]). --export([code_change/3]). - --record(state, {ets_mod = undefined, ets_id = undefined}). - -%% API. - -start_link() -> - gen_server:start_link({local, ?MODULE}, ?MODULE, [], []). - -stop() -> - gen_server:cast(?MODULE, stop). - -register(Module) when is_atom(Module) -> - List = Module:module_info(exports), - SucceededOne = lists:member({login_succeeded, 1}, List), - SucceededTwo = lists:member({login_succeeded, 2}, List), - FailedTwo = lists:member({login_failed, 2}, List), - FailedThree = lists:member({login_failed, 3}, List), - true = SucceededOne or SucceededTwo, - true = FailedTwo or FailedThree, - gen_server:call(?MODULE, {add_module, Module}). - -succeeded(Token, ModuleId) -> - succeeded(Token, ModuleId, #{}). - -succeeded(Token, ModuleId, Environment) when is_map(Environment) -> - {ok, Mod} = get_module(ModuleId), - {ok, Updates} = call_succeeded(Mod, Token, Environment), - reorder_updates(Updates). - -failed(Error, Description, ModuleId) -> - failed(Error, Description, ModuleId, #{}). - -failed(Error, Description, ModuleId, Environment) when is_map(Environment) -> - {ok, Mod} = get_module(ModuleId), - {ok, Updates} = call_failed(Mod, Error, Description, Environment), - reorder_updates(Updates). - -get_module(Id) -> - Ets = oidcc_ets_client_id, - case ets:lookup(Ets, Id) of - [{Id, Mod}] -> - {ok, Mod}; - _ -> - [{default, DefMod}] = ets:lookup(Ets, default), - {ok, DefMod} - end. - -init(_) -> - EtsId = ets:new(oidcc_ets_client_id, [set, protected, named_table]), - EtsMod = ets:new(oidcc_ets_client_mod, [set, protected]), - {ok, #state{ets_id = EtsId, ets_mod = EtsMod}}. - -handle_call({add_module, Module}, _From, State) -> - {ok, Id} = add_module(Module, State), - {reply, {ok, Id}, State}; -handle_call(_Request, _From, State) -> - {reply, ignored, State}. - -handle_cast(stop, State) -> - {stop, normal, State}; -handle_cast(_Request, State) -> - {noreply, State}. - -handle_info(_Info, State) -> - {noreply, State}. - -terminate(_Reason, _State) -> - ok. - -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -add_module(Module, #state{ets_mod = EtsMod, ets_id = EtsId}) -> - case ets:lookup(EtsMod, Module) of - [{Module, Id}] -> - {ok, Id}; - [] -> - insert_new_module(Module, EtsId, EtsMod) - end. - -insert_new_module(Module, EtsId, EtsMod) -> - Id = random_string(9), - InsertResult = ets:insert_new(EtsId, {Id, Module}), - handle_insert_result(InsertResult, EtsMod, Module, EtsId, Id). - -handle_insert_result(true, EtsMod, Module, EtsId, Id) -> - true = ets:insert_new(EtsMod, {Module, Id}), - Default = ets:lookup(EtsId, default), - set_default_if_needed(Default, Module, EtsId), - {ok, Id}; -handle_insert_result(_, EtsMod, Module, EtsId, _Id) -> - insert_new_module(Module, EtsId, EtsMod). - -set_default_if_needed([], Module, Ets) -> - true = ets:insert_new(Ets, {default, Module}), - ok; -set_default_if_needed(_, _Module, _Ets) -> - ok. - -reorder_updates(Updates) -> - append_redirect(lists:keyfind(redirect, 1, Updates), Updates). - -append_redirect(false, Updates) -> - {ok, Updates}; -append_redirect(Tuple, Updates) -> - NewUpdates = lists:keydelete(redirect, 1, Updates), - OrderedUpdates = NewUpdates ++ [Tuple], - {ok, OrderedUpdates}. - -random_string(Length) -> - base64url:encode( - crypto:strong_rand_bytes(Length)). - -call_succeeded(Mod, Token, Environment) -> - Exports = Mod:module_info(exports), - SucceededTwo = lists:member({login_succeeded, 2}, Exports), - call_matching_succeeded(SucceededTwo, Mod, Token, Environment). - -call_matching_succeeded(true, Mod, Token, Environment) -> - Mod:login_succeeded(Token, Environment); -call_matching_succeeded(_, Mod, Token, _) -> - Mod:login_succeeded(Token). - -call_failed(Mod, Error, Description, Environment) -> - Exports = Mod:module_info(exports), - FailedThree = lists:member({login_failed, 3}, Exports), - call_matching_failed(FailedThree, Mod, Error, Description, Environment). - -call_matching_failed(true, Mod, Error, Description, Environment) -> - Mod:login_failed(Error, Description, Environment); -call_matching_failed(_, Mod, Error, Description, _) -> - Mod:login_failed(Error, Description). diff --git a/src/oidcc_client_context.erl b/src/oidcc_client_context.erl new file mode 100644 index 0000000..af79f6f --- /dev/null +++ b/src/oidcc_client_context.erl @@ -0,0 +1,127 @@ +%%%------------------------------------------------------------------- +%% @doc Client Configuration for authorization, token exchange and +%% userinfo +%% +%% For most projects, it makes sense to use +%% {@link oidcc_provider_configuration_worker} and the high-level +%% interface of {@link oidcc}. In that case direct usage of this +%% module is not needed. +%% +%% To use the record, import the definition: +%% +%% ``` +%% -include_lib(["oidcc/include/oidcc_client_context.hrl"]). +%% ''' +%% @end +%%%------------------------------------------------------------------- +-module(oidcc_client_context). + +-include("oidcc_client_context.hrl"). +-include("oidcc_provider_configuration.hrl"). + +-include_lib("jose/include/jose_jwk.hrl"). + +-export_type([error/0]). +-export_type([t/0]). + +-export([from_configuration_worker/3]). +-export([from_manual/4]). + +-type t() :: + #oidcc_client_context{ + provider_configuration :: oidcc_provider_configuration:t(), + jwks :: jose_jwk:key(), + client_id :: binary(), + client_secret :: binary() + }. + +-type error() :: provider_not_ready. + +%% @doc Create Client Context from a {@link oidcc_provider_configuration_worker} +%% +%%

Examples

+%% +%% ``` +%% {ok, Pid} = +%% oidcc_provider_configuration_worker:start_link(#{ +%% issuer => <<"https://login.salesforce.com">> +%% }), +%% +%% {ok, #oidcc_client_context{}} = +%% oidcc_client_context:from_configuration_worker(Pid, +%% <<"client_id">>, +%% <<"client_secret">>). +%% ''' +%% +%% ``` +%% {ok, Pid} = +%% oidcc_provider_configuration_worker:start_link(#{ +%% issuer => <<"https://login.salesforce.com">>, +%% name => {local, salesforce_provider} +%% }), +%% +%% {ok, #oidcc_client_context{}} = +%% oidcc_client_context:from_configuration_worker(salesforce_provider, +%% <<"client_id">>, +%% <<"client_secret">>). +%% ''' +-spec from_configuration_worker(ProviderName, ClientId, ClientSecret) -> + {ok, t()} | {error, error()} +when + ProviderName :: gen_server:server_ref(), + ClientId :: binary(), + ClientSecret :: binary(). +from_configuration_worker(ProviderName, ClientId, ClientSecret) when is_pid(ProviderName) -> + {ok, #oidcc_client_context{ + provider_configuration = + oidcc_provider_configuration_worker:get_provider_configuration(ProviderName), + jwks = oidcc_provider_configuration_worker:get_jwks(ProviderName), + client_id = ClientId, + client_secret = ClientSecret + }}; +from_configuration_worker(ProviderName, ClientId, ClientSecret) -> + case erlang:whereis(ProviderName) of + undefined -> + {error, provider_not_ready}; + Pid -> + from_configuration_worker(Pid, ClientId, ClientSecret) + end. + +%% @doc Create Client Context manually +%% +%%

Examples

+%% +%% ``` +%% {ok, Configuration} = +%% oidcc_provider_configuration:load_configuration(<<"https://login.salesforce.com">>, +%% []), +%% +%% #oidcc_provider_configuration{jwks_uri = JwksUri} = Configuration, +%% +%% {ok, Jwks} = oidcc_provider_configuration:load_jwks(JwksUri, []). +%% +%% #oidcc_client_context{} = +%% oidcc_client_context:from_manual(Metdata, +%% Jwks, +%% <<"client_id">>, +%% <<"client_secret">>). +%% ''' +-spec from_manual(Configuration, Jwks, ClientId, ClientSecret) -> t() when + Configuration :: oidcc_provider_configuration:t(), + Jwks :: jose_jwk:key(), + ClientId :: binary(), + ClientSecret :: binary(). +from_manual( + #oidcc_provider_configuration{} = Configuration, + #jose_jwk{} = Jwks, + ClientId, + ClientSecret +) when + is_binary(ClientId) and is_binary(ClientSecret) +-> + #oidcc_client_context{ + provider_configuration = Configuration, + jwks = Jwks, + client_id = ClientId, + client_secret = ClientSecret + }. diff --git a/src/oidcc_http_cache.erl b/src/oidcc_http_cache.erl deleted file mode 100644 index 953edac..0000000 --- a/src/oidcc_http_cache.erl +++ /dev/null @@ -1,138 +0,0 @@ --module(oidcc_http_cache). - --behaviour(gen_server). - -%% API. --export([start_link/0]). --export([stop/0]). --export([cache_http_result/3]). --export([lookup_http_call/2]). --export([enqueue_http_call/2]). --export([trigger_cleaning/0]). -%% gen_server. --export([init/1]). --export([handle_call/3]). --export([handle_cast/2]). --export([handle_info/2]). --export([terminate/2]). --export([code_change/3]). - --record(state, {ets_cache = undefined, last_clean = undefined}). - -%% API. --spec start_link() -> {ok, pid()}. -start_link() -> - gen_server:start_link({local, ?MODULE}, ?MODULE, [], []). - --spec stop() -> ok. -stop() -> - gen_server:cast(?MODULE, stop). - -cache_http_result(Method, Request, Result) -> - Key = {Method, Request}, - gen_server:call(?MODULE, {cache_http, Key, Result}). - -lookup_http_call(Method, Request) -> - Key = {Method, Request}, - read_cache(Key). - -enqueue_http_call(Method, Request) -> - Key = {Method, Request}, - gen_server:call(?MODULE, {enqueue, Key}, 30000). - -trigger_cleaning() -> - gen_server:cast(?MODULE, clean_cache). - --define(REQUEST_BUFFER, 30). - -%% gen_server. -init(_) -> - EtsCache = ets:new(oidcc_ets_http_cache, [set, protected, named_table]), - Now = erlang:system_time(seconds), - {ok, #state{ets_cache = EtsCache, last_clean = Now}}. - -handle_call({enqueue, Key}, _From, State) -> - CacheDuration = application:get_env(oidcc, http_cache_duration, none), - Result = insert_into_cache(Key, pending, CacheDuration, State), - {reply, Result, State}; -handle_call({cache_http, Key, Result}, _From, State) -> - CacheDuration = application:get_env(oidcc, http_cache_duration, none), - ok = trigger_cleaning_if_needed(State), - ok = insert_into_cache(Key, Result, CacheDuration, State), - {reply, ok, State}; -handle_call(_Request, _From, State) -> - {reply, ignored, State}. - -insert_into_cache(Key, Result, Duration, #state{ets_cache = EtsCache}) - when is_integer(Duration), Duration > 0 -> - Now = erlang:system_time(seconds), - Timeout = - case Result of - pending -> - Now + oidcc_http_util:request_timeout(s) + ?REQUEST_BUFFER; - _ -> - Now + Duration - end, - Inserted = ets:insert_new(EtsCache, {Key, Timeout, Result}), - case {Result, Inserted} of - {pending, true} -> - true; - {pending, false} -> - false; - {_, _} -> - true = ets:insert(EtsCache, {Key, Timeout, Result}), - ok - end; -insert_into_cache(_Key, pending, _NoDuration, _State) -> - %% if not using cache always perform the request - true; -insert_into_cache(_Key, _Result, _NoDuration, _State) -> - ok. - -handle_cast(clean_cache, State) -> - NewState = clean_cache(State), - {noreply, NewState}; -handle_cast(stop, State) -> - {stop, normal, State}; -handle_cast(_Msg, State) -> - {noreply, State}. - -handle_info(_Info, State) -> - {noreply, State}. - -terminate(_Reason, _State) -> - ok. - -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -read_cache(Key) -> - Now = erlang:system_time(seconds), - case ets:lookup(oidcc_ets_http_cache, Key) of - [{Key, Timeout, Result}] -> - return_if_not_outdated(Result, Timeout >= Now); - [] -> - {error, not_found} - end. - -trigger_cleaning_if_needed(#state{last_clean = LastClean}) -> - Now = erlang:system_time(seconds), - CleanTimeout = application:get_env(oidcc, http_cache_clean, 60), - case Now - LastClean >= CleanTimeout of - true -> - trigger_cleaning(), - ok; - _ -> - ok - end. - -clean_cache(#state{ets_cache = CT} = State) -> - Now = erlang:system_time(seconds), - ets:select_delete(CT, [{{'_', '$1', '_'}, [{'<', '$1', Now}], [true]}]), - State#state{last_clean = Now}. - -return_if_not_outdated(Result, true) -> - {ok, Result}; -return_if_not_outdated(_, _) -> - trigger_cleaning(), - {error, outdated}. diff --git a/src/oidcc_http_util.erl b/src/oidcc_http_util.erl index b3dbe50..ad32b2c 100644 --- a/src/oidcc_http_util.erl +++ b/src/oidcc_http_util.erl @@ -1,132 +1,156 @@ +%%%------------------------------------------------------------------- +%% @doc HTTP Client Utilities +%% @end +%%%------------------------------------------------------------------- -module(oidcc_http_util). --export([async_http/3, async_http/5]). --export([sync_http/3, sync_http/5]). --export([sync_http/4, sync_http/6]). --export([uncompress_body_if_needed/2]). --export([request_timeout/1]). - --include_lib("public_key/include/public_key.hrl"). - -sync_http(Method, Url, Header) -> - sync_http(Method, Url, Header, false). - -sync_http(Method, Url, Header, ContentType, Body) -> - sync_http(Method, Url, Header, ContentType, Body, false). - -sync_http(Method, Url, Header, UseCache) -> - perform_request(Method, Url, Header, undefined, <<>>, [], UseCache). - -sync_http(Method, Url, Header, ContentType, Body, UseCache) -> - perform_request(Method, Url, Header, ContentType, Body, [], UseCache). - -async_http(Method, Url, Header) -> - async_http(Method, Url, Header, undefined, <<>>). - -async_http(Method, Url, Header, ContentType, Body) -> - RequestId = erlang:make_ref(), - Caller = self(), - spawn_link(fun() -> - async_http_perform(Caller, RequestId, Method, Url, Header, ContentType, Body) - end), - {ok, RequestId}. - -async_http_perform(Caller, RequestId, Method, Url, Header, ContentType, Body) -> - Response = - case perform_request(Method, Url, Header, ContentType, Body, [], false) of - {error, _} = Error -> - Error; - {ok, - #{status := StatusCode, - header := RespHeaders, - body := InBody}} -> - {{<<>>, StatusCode, <<>>}, RespHeaders, InBody} - end, - Caller ! {http, {RequestId, Response}}. - -request_timeout(Unit) -> - Timeout = - case application:get_env(oidcc, http_request_timeout, undefined) of - T when is_integer(T), T > 0 -> - T; - _ -> - 300 - end, - case Unit of - ms -> - Timeout * 1000; - s -> - Timeout - end. - -perform_request(Method, Url, Header, ContentType, Body, Options, true) -> - case oidcc_http_cache:lookup_http_call(Method, {Method, Url, Header, ContentType, Body}) - of - {ok, pending} -> - wait_for_cache(Method, {Method, Url, Header, ContentType, Body}); - {ok, Res} -> - Res; - {error, _} -> - request_or_wait(Method, Url, Header, ContentType, Body, Options) +-feature(maybe_expr, enable). + +-export([basic_auth_header/2]). +-export([bearer_auth_header/1]). +-export([request/4]). + +-export_type([ + http_header/0, error/0, httpc_error/0, query_params/0, telemetry_opts/0, request_opts/0 +]). + +-type query_params() :: [{unicode:chardata(), unicode:chardata() | true}]. +%% See {@link uri_string:compose_query/1} +-type http_header() :: {Field :: [byte()], Value :: iodata()}. +%% See {@link httpc:request/5} +-type error() :: + {http_error, StatusCode :: pos_integer(), HttpBodyResult :: binary()} + | invalid_content_type + | httpc_error(). +-type httpc_error() :: term(). +%% See {@link httpc:request/5} for additional errors + +-type request_opts() :: #{ + timeout => timeout(), + ssl => [ssl:tls_option()] +}. +%% See {@link httpc:request/5} +%% +%%

Parameters

+%% +%%
    +%%
  • `timeout' - timeout for request
  • +%%
  • `ssl' - TLS config
  • +%%
+ +-type telemetry_opts() :: #{ + topic := [atom()], + extra_meta => map() +}. + +%% @private +-spec basic_auth_header(User, Secret) -> http_header() when + User :: binary(), + Secret :: binary(). +basic_auth_header(User, Secret) -> + UserEnc = uri_string:compose_query([{User, true}]), + SecretEnc = uri_string:compose_query([{Secret, true}]), + RawAuth = <>/binary, SecretEnc/binary>>, + AuthData = base64:encode(RawAuth), + {"authorization", [<<"Basic ">>, AuthData]}. + +%% @private +-spec bearer_auth_header(Token) -> http_header() when Token :: binary(). +bearer_auth_header(Token) -> + {"authorization", [<<"Bearer ">>, Token]}. + +%% @private +-spec request(Method, Request, TelemetryOpts, RequestOpts) -> + {ok, {{json, term()} | {jwt, binary()}, [http_header()]}} + | {error, error()} +when + Method :: head | get | put | patch | post | trace | options | delete, + Request :: + {uri_string:uri_string(), [http_header()]} + | { + uri_string:uri_string(), + [http_header()], + ContentType :: uri_string:uri_string(), + HttpBody + }, + HttpBody :: + iolist() + | binary() + | { + fun((Accumulator :: term()) -> eof | {ok, iolist(), Accumulator :: term()}), + Accumulator :: term() + } + | {chunkify, fun((Accumulator :: term()) -> eof | {ok, iolist(), Accumulator :: term()}), + Accumulator :: term()}, + TelemetryOpts :: telemetry_opts(), + RequestOpts :: request_opts(). +request(Method, Request, TelemetryOpts, RequestOpts) -> + TelemetryTopic = maps:get(topic, TelemetryOpts), + TelemetryExtraMeta = maps:get(extra_meta, TelemetryOpts, #{}), + Timeout = maps:get(timeout, RequestOpts, timer:minutes(1)), + SslOpts = maps:get(ssl, RequestOpts, undefined), + + HttpOpts0 = [{timeout, Timeout}], + HttpOpts = case SslOpts of + undefined -> HttpOpts0; + _Opts -> [{ssl, SslOpts} | HttpOpts0] + end, + + telemetry:span( + TelemetryTopic, + TelemetryExtraMeta, + fun() -> + maybe + {ok, {_StatusLine, Headers, _Result} = Response} ?= + httpc:request(Method, + Request, + HttpOpts, + [{body_format, binary}]), + {ok, BodyAndFormat} ?= extract_successful_response(Response), + {{ok, {BodyAndFormat, Headers}}, TelemetryExtraMeta} + else + {error, Reason} -> + {{error, Reason}, maps:put(error, Reason, TelemetryExtraMeta)} + end + end + ). + +-spec extract_successful_response({StatusLine, [HttpHeader], HttpBodyResult}) -> + {ok, {json, term()} | {jwt, binary()}} | {error, error()} +when + StatusLine :: {HttpVersion, StatusCode, string()}, + HttpVersion :: uri_string:uri_string(), + StatusCode :: pos_integer(), + HttpHeader :: http_header(), + HttpBodyResult :: binary(). +extract_successful_response({{_HttpVersion, 200, _HttpStatusName}, Headers, HttpBodyResult}) -> + case fetch_content_type(Headers) of + json -> + {ok, {json, jose:decode(HttpBodyResult)}}; + jwt -> + {ok, {jwt, HttpBodyResult}}; + unknown -> + {error, invalid_content_type} end; -perform_request(Method, Url, Header, ContentType, Body, Options, false) -> - perform_http_request(Method, Url, Header, ContentType, Body, Options). - -perform_http_request(Method, Url, Header, ContentType, Body, Options) -> - Headers1 = - case ContentType of - undefined -> - Header; - _ -> - [{<<"content-type">>, ContentType} | Header] +extract_successful_response({{_HttpVersion, StatusCode, _HttpStatusName}, Headers, HttpBodyResult}) -> + Body = + case fetch_content_type(Headers) of + json -> + jose:decode(HttpBodyResult); + jwt -> + HttpBodyResult; + unknown -> + HttpBodyResult end, - Res = hackney:request(Method, Url, Headers1, Body, Options ++ [{follow_redirect, true}]), - normalize_result(Res). - -request_or_wait(Method, Url, Header, ContentType, Body, Options) -> - case oidcc_http_cache:enqueue_http_call(Method, {Method, Url, Header, ContentType, Body}) - of - true -> - Result = perform_http_request(Method, Url, Header, ContentType, Body, Options), - ok = - oidcc_http_cache:cache_http_result(Method, - {Method, Url, Header, ContentType, Body}, - Result), - Result; - _ -> - wait_for_cache(Method, {Method, Url, Header, ContentType, Body}) + {error, {http_error, StatusCode, Body}}. + +-spec fetch_content_type(Headers) -> json | jwt | unknown when Headers :: [http_header()]. +fetch_content_type(Headers) -> + case proplists:lookup("content-type", Headers) of + {"content-type", "application/json" ++ _Rest} -> + json; + {"content-type", "application/jwt" ++ _Rest} -> + jwt; + _Other -> + unknown end. - -wait_for_cache(Method, Request) -> - case oidcc_http_cache:lookup_http_call(Method, Request) of - {ok, pending} -> - timer:sleep(500), - wait_for_cache(Method, Request); - {ok, Result} -> - Result - end. - -normalize_result({ok, StatusCode, RespHeaders, ClientRef}) -> - {ok, Body} = hackney:body(ClientRef), - {ok, - #{status => StatusCode, - header => RespHeaders, - body => Body}}; -normalize_result({ok, StreamId}) -> - {ok, StreamId}; -normalize_result({error, _} = Error) -> - Error. - -uncompress_body_if_needed(Body, Header) when is_list(Header) -> - Encoding = lists:keyfind(<<"content-encoding">>, 1, Header), - uncompress_body_if_needed(Body, Encoding); -uncompress_body_if_needed(Body, false) -> - {ok, Body}; -uncompress_body_if_needed(Body, {_, <<"gzip">>}) -> - {ok, zlib:gunzip(Body)}; -uncompress_body_if_needed(Body, {_, <<"deflate">>}) -> - Z = zlib:open(), - ok = zlib:inflateInit(Z), - {ok, zlib:inflate(Z, Body)}; -uncompress_body_if_needed(_Body, {_, Compression}) -> - erlang:error({unsupported_encoding, Compression}). diff --git a/src/oidcc_jwt_util.erl b/src/oidcc_jwt_util.erl new file mode 100644 index 0000000..52784b3 --- /dev/null +++ b/src/oidcc_jwt_util.erl @@ -0,0 +1,140 @@ +%%%------------------------------------------------------------------- +%% @doc JWT Utilities +%% @end +%%%------------------------------------------------------------------- +-module(oidcc_jwt_util). + +-include_lib("jose/include/jose_jwk.hrl"). +-include_lib("jose/include/jose_jws.hrl"). +-include_lib("jose/include/jose_jwt.hrl"). + +-export([client_secret_oct_keys/2]). +-export([refresh_jwks_fun/1]). +-export([verify_claims/2]). +-export([verify_signature/3]). + +-export_type([claims/0]). +-export_type([error/0]). +-export_type([refresh_jwks_for_unknown_kid_fun/0]). + +-type refresh_jwks_for_unknown_kid_fun() :: + fun((Jwks :: jose_jwk:key(), Kid :: binary()) -> {ok, jose_jwk:key()} | {error, term()}). + +-type error() :: no_matching_key | invalid_jwt_token | {no_matching_key_with_kid, Kid :: binary()}. + +-type claims() :: #{binary() => term()}. + +%% Function to decide if the jwks should be reladed to find a matching key for `Kid' +%% +%% A default function is provided in {@link oidcc:retrieve_token/5} +%% and {@link oidcc:retrieve_userinfo/5}. +%% +%% The default implementation does not implement any rate limiting. + +%% @private +%% Checking of jwk sets is a bit wonky because of partial support +%% in jose. see: https://github.com/potatosalad/erlang-jose/issues/28 +-spec verify_signature(Token, AllowAlgorithms, Jwks) -> + {ok, {Jwt, Jws}} + | {error, error()} +when + Token :: binary(), + AllowAlgorithms :: [binary()], + Jwks :: jose_jwk:key(), + Jwt :: #jose_jwt{}, + Jws :: #jose_jws{}. +verify_signature(Token, AllowAlgorithms, #jose_jwk{keys = {jose_jwk_set, Keys}}) -> + lists:foldl( + fun + (_Key, {ok, _Res} = Acc) -> + Acc; + (Key, Acc) -> + case {verify_signature(Token, AllowAlgorithms, Key), Acc} of + {{ok, Res}, _Acc} -> + {ok, Res}; + {_Res, {error, {no_matching_key_with_kid, Kid}}} -> + {error, {no_matching_key_with_kid, Kid}}; + {Res, _Acc} -> + Res + end + end, + {error, no_matching_key}, + Keys + ); +verify_signature(Token, AllowAlgorithms, #jose_jwk{} = Jwks) -> + try + Kid = + case jose_jwt:peek_protected(Token) of + #jose_jws{fields = #{<<"kid">> := IntKid}} -> + IntKid; + #jose_jws{} -> + none + end, + + case Jwks of + #jose_jwk{fields = #{<<"kid">> := CmpKid}} when CmpKid =/= Kid, Kid =/= none -> + {error, {no_matching_key_with_kid, Kid}}; + #jose_jwk{} -> + case jose_jwt:verify_strict(Jwks, AllowAlgorithms, Token) of + {true, Jwt, Jws} -> + {ok, {Jwt, Jws}}; + {false, _Jwt, _Jws} -> + {error, no_matching_key} + end + end + catch + error:{badarg, [_Token]} -> + {error, invalid_jwt_token} + end. + +%% @private +-spec verify_claims(Claims, ExpClaims) -> ok | {error, {missing_claim, ExpClaim, Claims}} when + Claims :: claims(), + ExpClaim :: {binary(), term()}, + ExpClaims :: [ExpClaim]. +verify_claims(Claims, ExpClaims) -> + CheckExpectedClaims = + fun({Key, Value}) -> + case maps:get(Key, Claims, none) of + Value -> + false; + _Other -> + true + end + end, + case lists:filter(CheckExpectedClaims, ExpClaims) of + [] -> + ok; + [Claim | _Rest] -> + {error, {missing_claim, Claim, Claims}} + end. + +%% @private +-spec client_secret_oct_keys(AllowedAlgorithms, ClientSecret) -> jose_jwk:key() | none when + AllowedAlgorithms :: [binary()], + ClientSecret :: binary(). +client_secret_oct_keys(AllowedAlgorithms, ClientSecret) -> + case + lists:member(<<"HS256">>, AllowedAlgorithms) or + lists:member(<<"HS384">>, AllowedAlgorithms) or + lists:member(<<"HS512">>, AllowedAlgorithms) + of + true -> + jose_jwk:from_oct(ClientSecret); + false -> + none + end. + +%% @private +-spec refresh_jwks_fun(ProviderConfigurationWorkerName) -> + refresh_jwks_for_unknown_kid_fun() +when + ProviderConfigurationWorkerName :: gen_server:server_ref(). +refresh_jwks_fun(ProviderConfigurationWorkerName) -> + fun(_Jwks, Kid) -> + oidcc_provider_configuration_worker:refresh_jwks_for_unknown_kid( + ProviderConfigurationWorkerName, + Kid + ), + {ok, oidcc_provider_configuration_worker:get_jwks(ProviderConfigurationWorkerName)} + end. diff --git a/src/oidcc_openid_provider.erl b/src/oidcc_openid_provider.erl deleted file mode 100644 index 0f2be7e..0000000 --- a/src/oidcc_openid_provider.erl +++ /dev/null @@ -1,467 +0,0 @@ --module(oidcc_openid_provider). - --behaviour(gen_server). - -%% API. --export([start_link/2]). --export([stop/1]). --export([is_issuer/2]). --export([is_ready/1]). --export([get_config/1]). --export([update_config/1]). --export([update_and_get_keys/1]). --export([get_error/1]). -%% gen_server. --export([init/1]). --export([handle_call/3]). --export([handle_cast/2]). --export([handle_info/2]). --export([terminate/2]). --export([code_change/3]). - --record(state, - {ready = false, - error = undefined, - key_requests = [], - registration_params = #{}, - id = undefined, - name = undefined, - desc = undefined, - client_id = undefined, - client_secret = undefined, - request_scopes = undefined, - issuer = undefined, - config_ep = undefined, - config = #{}, - keys = [], - lasttime_updated = undefined, - local_endpoint = undefined, - meta_data = #{}, - static_extend_url = #{}, - config_tries = 1, - config_deadline = undefined, - http_result = undefined, - retrieving = undefined, - request_id = undefined, - extra_config = #{}}). - -%% API. - --spec start_link(Id :: binary(), Config :: map()) -> {ok, pid()}. -start_link(Id, Config) -> - gen_server:start_link(?MODULE, {Id, Config}, []). - --spec stop(Pid :: pid()) -> ok. -stop(Pid) -> - gen_server:cast(Pid, stop). - --spec update_config(Pid :: pid()) -> ok. -update_config(Pid) -> - gen_server:call(Pid, update_config). - --spec is_issuer(Issuer :: binary(), Pid :: pid()) -> true | false. -is_issuer(Issuer, Pid) -> - gen_server:call(Pid, {is_issuer, Issuer}). - --spec is_ready(Pid :: pid()) -> true | false. -is_ready(Pid) -> - gen_server:call(Pid, is_ready). - --spec get_config(Pid :: pid()) -> {ok, Config :: map()}. -get_config(Pid) -> - gen_server:call(Pid, get_config). - --spec update_and_get_keys(Pid :: pid()) -> {ok, Keys :: [map()]}. -update_and_get_keys(Pid) -> - gen_server:call(Pid, update_and_get_keys, 60000). - --spec get_error(Pid :: pid()) -> {ok, term()}. -get_error(Pid) -> - gen_server:call(Pid, get_error). - -%% timeout in seconds --define(TIMEOUT, 60). --define(GEN_TIMEOUT, ?TIMEOUT * 1000). - -%% gen_server. -init({Id, Config}) -> - #{name := Name, - description := Description, - request_scopes := Scopes, - issuer_or_endpoint := IssuerOrEndpoint, - local_endpoint := LocalEndpoint, - static_extend_url := ExtendUrl} = - Config, - RegistrationParams = maps:get(registration_params, Config, #{}), - ClientSecret = maps:get(client_secret, Config, undefined), - ClientId = - case ClientSecret of - undefined -> - undefined; - _ -> - maps:get(client_id, Config, undefined) - end, - trigger_config_retrieval(), - DeleteKeys = - [name, - description, - request_scopes, - issuer_or_endpoint, - local_endpoint, - client_secret, - client_id], - ExtraConfig = maps:without(DeleteKeys, Config), - ConfigEndpoint = to_config_endpoint(IssuerOrEndpoint), - Issuer = config_ep_to_issuer(ConfigEndpoint), - {ok, - #state{id = Id, - name = Name, - desc = Description, - client_id = ClientId, - client_secret = ClientSecret, - config_ep = ConfigEndpoint, - request_scopes = Scopes, - local_endpoint = LocalEndpoint, - issuer = Issuer, - registration_params = RegistrationParams, - static_extend_url = ExtendUrl, - extra_config = ExtraConfig}}. - -handle_call(get_config, _From, State) -> - trigger_config_retrieval_if_needed(State), - Conf = create_config(State), - {reply, {ok, Conf}, State, ?GEN_TIMEOUT}; -handle_call(update_and_get_keys, From, #state{key_requests = Requests} = State) -> - trigger_key_retrieval(), - NewRequests = [From | Requests], - NewState = State#state{key_requests = NewRequests}, - {noreply, NewState, ?GEN_TIMEOUT}; -handle_call(get_error, _From, #state{error = Error} = State) -> - trigger_config_retrieval_if_needed(State), - {reply, {ok, Error}, State, ?GEN_TIMEOUT}; -handle_call(update_config, _From, State) -> - ok = trigger_config_retrieval(), - {reply, ok, State#state{config_tries = 0}, ?GEN_TIMEOUT}; -handle_call({is_issuer, Issuer}, _From, #state{config = Config} = State) -> - trigger_config_retrieval_if_needed(State), - Result = Issuer == maps:get(issuer, Config, undefined), - {reply, Result, State, ?GEN_TIMEOUT}; -handle_call(is_ready, _From, #state{ready = Ready} = State) -> - trigger_config_retrieval_if_needed(State), - {reply, Ready, State, ?GEN_TIMEOUT}; -handle_call(_Request, _From, State) -> - trigger_config_retrieval_if_needed(State), - {reply, ignored, State, ?GEN_TIMEOUT}. - -handle_cast(retrieve_config, - #state{request_id = undefined, config_ep = ConfigEndpoint} = State) -> - NewState = http_async_get(config, ConfigEndpoint, [], State), - {noreply, NewState, ?GEN_TIMEOUT}; -handle_cast(retrieve_config, State) -> - trigger_config_retrieval_if_needed(State), - {noreply, State#state{config_deadline = deadline_in(120)}, ?GEN_TIMEOUT}; -handle_cast(retrieve_keys, #state{request_id = undefined, config = Config} = State) -> - trigger_config_retrieval_if_needed(State), - NewState = - case maps:get(jwks_uri, Config, undefined) of - undefined -> - State#state{error = no_jwk_uri}; - KeyEndpoint -> - Header = - [{"accept", - "application/json;q=0.7,application/jwk+json,application/jwk-set+json"}], - http_async_get(keys, KeyEndpoint, Header, State) - end, - {noreply, NewState, ?GEN_TIMEOUT}; -handle_cast(retrieve_keys, State) -> - trigger_config_retrieval_if_needed(State), - trigger_key_retrieval(), - {noreply, State, ?GEN_TIMEOUT}; -handle_cast(register_if_needed, - #state{request_id = undefined, - client_id = undefined, - local_endpoint = LocalEndpoint, - registration_params = RegistrationParams, - config = Config} = - State) -> - trigger_config_retrieval_if_needed(State), - BasicParams = #{application_type => <<"web">>, redirect_uris => [LocalEndpoint]}, - RegParams = maps:merge(RegistrationParams, BasicParams), - Body = jsone:encode(RegParams), - RegistrationEndpoint = maps:get(registration_endpoint, Config), - NewState = - http_async_post(registration, RegistrationEndpoint, [], "application/json", Body, State), - {noreply, NewState, ?GEN_TIMEOUT}; -handle_cast(register_if_needed, State) -> - trigger_config_retrieval_if_needed(State), - {noreply, State#state{ready = true}, ?GEN_TIMEOUT}; -handle_cast(stop, State) -> - {stop, normal, State}; -handle_cast(_Msg, State) -> - trigger_config_retrieval_if_needed(State), - {noreply, State, ?GEN_TIMEOUT}. - -handle_info({http, {RequestId, Result}}, #state{request_id = RequestId} = State) -> - trigger_config_retrieval_if_needed(State), - NewState = handle_http_result(State#state{http_result = Result}), - {noreply, NewState, ?GEN_TIMEOUT}; -handle_info(timeout, State) -> - trigger_config_retrieval_if_needed(State), - {noreply, State, ?GEN_TIMEOUT}. - -http_async_get(Type, Url, Header, State) -> - {ok, RequestId} = oidcc_http_util:async_http(get, Url, Header), - State#state{request_id = RequestId, retrieving = Type}. - -http_async_post(Type, Url, Header, ContentType, Body, State) -> - {ok, RequestId} = oidcc_http_util:async_http(post, Url, Header, ContentType, Body), - State#state{request_id = RequestId, retrieving = Type}. - -terminate(_Reason, _State) -> - ok. - -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -handle_http_result(true, _, Header, Body, config, State) -> - handle_config(Body, Header, State); -handle_http_result(true, _, Header, Body, keys, State) -> - handle_keys(Body, Header, State); -handle_http_result(true, _, Header, Body, registration, State) -> - handle_registration(Body, Header, State); -handle_http_result(false, Status, _Header, Body, Retrieve, State) -> - State#state{error = {retrieving, Retrieve, Status, Body}, - config_deadline = deadline_in(600)}. - -handle_http_result(#state{http_result = {error, Reason}} = State) -> - handle_http_client_crash(Reason, State); -handle_http_result(#state{retrieving = Retrieve, - http_result = {{_Proto, Status, _StatusName}, Header, InBody}} = - State) -> - GoodStatus = (Status >= 200) and (Status < 300), - {ok, Body} = oidcc_http_util:uncompress_body_if_needed(InBody, Header), - handle_http_result(GoodStatus, Status, Header, Body, Retrieve, State). - -create_config(#state{id = Id, - desc = Desc, - client_id = ClientId, - client_secret = ClientSecret, - config_ep = ConfEp, - config = Config, - keys = Keys, - issuer = Issuer, - lasttime_updated = LastTimeUpdated, - ready = Ready, - local_endpoint = LocalEndpoint, - name = Name, - request_scopes = Scopes, - meta_data = MetaData, - config_deadline = ConfDeadline, - extra_config = ExtraConfig, - static_extend_url = StaticExtUrl}) -> - StateList = - [{id, Id}, - {name, Name}, - {description, Desc}, - {client_id, ClientId}, - {client_secret, ClientSecret}, - {config_endpoint, ConfEp}, - {lasttime_updated, LastTimeUpdated}, - {ready, Ready}, - {local_endpoint, LocalEndpoint}, - {keys, Keys}, - {request_scopes, Scopes}, - {issuer, Issuer}, - {meta_data, MetaData}, - {config_deadline, ConfDeadline}, - {extra_config, ExtraConfig}, - {static_extend_url, StaticExtUrl}], - maps:merge(Config, maps:from_list(StateList)). - -handle_config(Data, Header, #state{issuer = Issuer} = State) -> - Config = decode_json(Data), - ConfIssuer = maps:get(issuer, Config, undefined), - SameIssuer = is_same_issuer(ConfIssuer, Issuer), - AuthCodeFlow = supports_auth_code(Config), - case {SameIssuer, AuthCodeFlow} of - {true, true} -> - Deadline = header_to_deadline(Header), - trigger_registration(), - State#state{config = Config, - issuer = ConfIssuer, - request_id = undefined, - config_deadline = Deadline}; - {true, false} -> - Error = no_authcode_support, - State#state{error = Error, - ready = false, - request_id = undefined}; - _ -> - Deadline = deadline_in(600), - Error = {bad_issuer_config, Issuer, ConfIssuer, Data}, - State#state{error = Error, - ready = false, - request_id = undefined, - config_deadline = Deadline} - end. - -supports_auth_code(#{response_types_supported := ResponseTypes} = Config) -> - Code = <<"code">>, - AuthCode = <<"authorization_code">>, - GrantTypes = maps:get(grant_types_supported, Config, [AuthCode, <<"implicit">>]), - CodeResponse = lists:member(Code, ResponseTypes), - AuthGrant = lists:member(AuthCode, GrantTypes), - CodeResponse and AuthGrant; -supports_auth_code(_) -> - false. - -header_to_deadline(Header) -> - Cache = lists:keyfind(<<"cache-control">>, 1, Header), - Delta = - try - cache_deadline(Cache, 3600) - catch - _:_ -> - 3600 - end, - deadline_in(Delta). - -cache_deadline({_, Cache}, Fallback) -> - Entries = binary:split(Cache, [<<",">>, <<"=">>, <<" ">>], [global, trim_all]), - MaxAge = - fun (Entry, true) -> - binary_to_integer(Entry); - (<<"max-age">>, _) -> - true; - (_, Res) -> - Res - end, - lists:foldl(MaxAge, Fallback, Entries). - -deadline_in(Seconds) -> - timestamp() + Seconds. - -handle_keys(Data, _Header, State) -> - %TODO: maybe also implement a keys deadline - KeyConfig = decode_json(Data), - KeyList = maps:get(keys, KeyConfig, []), - NewState = - State#state{keys = KeyList, - lasttime_updated = timestamp(), - request_id = undefined, - key_requests = []}, - send_key_replies(KeyList, State), - case length(KeyList) > 0 of - true -> - NewState; - false -> - NewState#state{error = {no_keys, Data}} - end. - -send_key_replies(Keys, #state{key_requests = Requests}) -> - Send = fun(From, _) -> gen_server:reply(From, {ok, Keys}) end, - lists:foldl(Send, ok, Requests). - -handle_registration(Data, _Header, State) -> - %TODO: implement update at expire data/time or retrieval when needed - MetaData = decode_json(Data), - ClientId = maps:get(client_id, MetaData, undefined), - ClientSecret = maps:get(client_secret, MetaData, undefined), - ClientSecretExpire = maps:get(client_secret_expires_at, MetaData, undefined), - case is_binary(ClientId) and is_binary(ClientSecret) and is_number(ClientSecretExpire) of - true -> - State#state{meta_data = MetaData, - client_id = ClientId, - client_secret = ClientSecret, - ready = true, - lasttime_updated = timestamp(), - request_id = undefined}; - false -> - State#state{error = no_clientid, - meta_data = MetaData, - ready = false, - client_id = undefined, - client_secret = undefined, - request_id = undefined} - end. - -decode_json(Data) -> - try - jsone:decode(Data, [{keys, attempt_atom}, {object_format, map}]) - catch - error:badarg -> - #{} - end. - -handle_http_client_crash(Reason, - #state{config_tries = Tries, retrieving = Type} = State) -> - MaxRetries = application:get_env(oidcc, provider_max_tries, 5), - case Tries >= MaxRetries of - true -> - State#state{error = Reason}; - false -> - case Type of - keys -> - trigger_key_retrieval(); - config -> - trigger_config_retrieval() - end, - State#state{request_id = undefined, - http_result = {}, - config_tries = Tries + 1, - config_deadline = deadline_in(300)} - end. - -trigger_config_retrieval() -> - gen_server:cast(self(), retrieve_config). - -trigger_config_retrieval_if_needed(#state{config_deadline = Deadline} = State) - when is_integer(Deadline) -> - Soon = timestamp() + ?TIMEOUT, - case Soon >= Deadline of - true -> - trigger_config_retrieval(), - {ok, State#state{config_deadline = undefined}}; - _ -> - {ok, State} - end; -trigger_config_retrieval_if_needed(State) -> - {ok, State}. - -trigger_key_retrieval() -> - gen_server:cast(self(), retrieve_keys). - -trigger_registration() -> - gen_server:cast(self(), register_if_needed). - -timestamp() -> - erlang:system_time(seconds). - -to_config_endpoint(IssuerOrEndpoint) -> - Slash = <<"/">>, - Config = <<".well-known/openid-configuration">>, - ConfigS = <>, - Pos = byte_size(IssuerOrEndpoint) - 33, - case binary:match(IssuerOrEndpoint, ConfigS) of - {Pos, 33} -> - Endpoint = IssuerOrEndpoint, - Endpoint; - _ -> - Issuer = IssuerOrEndpoint, - case binary:last(Issuer) of - $/ -> - <>; - _ -> - <> - end - end. - -config_ep_to_issuer(ConfigEp) -> - [Issuer] = - binary:split(ConfigEp, [<<"/.well-known/openid-configuration">>], [trim_all, global]), - Issuer. - -is_same_issuer(Config, Issuer) -> - Slash = <<"/">>, - IssuerSlash = <>, - (Config =:= Issuer) or (Config =:= IssuerSlash). diff --git a/src/oidcc_openid_provider_mgr.erl b/src/oidcc_openid_provider_mgr.erl deleted file mode 100644 index c043f98..0000000 --- a/src/oidcc_openid_provider_mgr.erl +++ /dev/null @@ -1,223 +0,0 @@ --module(oidcc_openid_provider_mgr). - --behaviour(gen_server). - -%% API. --export([start_link/0]). --export([stop/0]). --export([add_openid_provider/1]). --export([get_openid_provider/1]). --export([find_openid_provider/1]). --export([find_all_openid_provider/1]). --export([get_openid_provider_list/0]). -%% gen_server. --export([init/1]). --export([handle_call/3]). --export([handle_cast/2]). --export([handle_info/2]). --export([terminate/2]). --export([code_change/3]). - --record(state, {ets_prov = undefined, ets_iss = undefined, ets_mon = undefined}). - -%% API. - --spec start_link() -> {ok, pid()}. -start_link() -> - gen_server:start_link({local, ?MODULE}, ?MODULE, [], []). - -stop() -> - gen_server:cast(?MODULE, stop). - --spec add_openid_provider(Config :: map()) -> - {ok, Id :: binary(), pid()} | {error, Reason :: atom()}. -add_openid_provider(Config) -> - Id = maps:get(id, Config, undefined), - gen_server:call(?MODULE, {add_provider, Id, Config}). - -get_openid_provider(Id) -> - get_provider(Id). - -get_openid_provider_list() -> - get_provider_list(). - --spec find_openid_provider(Issuer :: binary()) -> {ok, pid()} | {error, not_found}. -find_openid_provider(Issuer) -> - find_provider(Issuer, false). - --spec find_all_openid_provider(Issuer :: binary()) -> {ok, [pid()]} | {error, not_found}. -find_all_openid_provider(Issuer) -> - find_provider(Issuer, true). - -%% gen_server. - -init([]) -> - ProvEts = ets:new(oidcc_ets_provider, [set, protected, named_table]), - IssEts = ets:new(oidcc_ets_issuer, [bag, protected, named_table]), - MonEts = ets:new(oidcc_ets_monitor, [set, protected]), - {ok, - #state{ets_prov = ProvEts, - ets_iss = IssEts, - ets_mon = MonEts}}. - -handle_call({add_provider, undefined, Config}, _From, State) -> - add_provider(Config, State); -handle_call({add_provider, Id, Config}, _From, State) -> - try_adding_provider(Id, Config, State); -handle_call(_Request, _From, State) -> - {reply, ignored, State}. - -handle_cast(stop, State) -> - {stop, normal, State}; -handle_cast(_Msg, State) -> - {noreply, State}. - -handle_info({'DOWN', MRef, process, Pid, _Info}, - #state{ets_mon = MonEts, - ets_prov = ProvEts, - ets_iss = IssEts} = - State) -> - case ets:lookup(MonEts, MRef) of - [{MRef, Id, Issuer}] -> - [Issuer1, Issuer2] = to_issuer(Issuer), - true = ets:delete(MonEts, MRef), - true = ets:delete(ProvEts, Id), - true = ets:delete_object(IssEts, {Issuer1, Pid}), - true = ets:delete_object(IssEts, {Issuer2, Pid}), - ok; - _ -> - ok - end, - {noreply, State}; -handle_info(_Info, State) -> - {noreply, State}. - -terminate(_Reason, _State) -> - ok. - -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -try_adding_provider(Id, Config, State) -> - case is_unique_id(Id, State) of - true -> - add_provider(Id, Config, State); - false -> - {reply, {error, id_already_used}, State} - end. - -add_provider(Config, State) -> - Id = get_unique_id(State), - add_provider(Id, Config, State). - -add_provider(Id, Config, State) -> - {ok, Pid} = start_provider(Id, Config), - IssuerOrEndpoint = maps:get(issuer_or_endpoint, Config), - ok = insert_provider(Id, IssuerOrEndpoint, Pid, State), - {reply, {ok, Id, Pid}, State}. - -get_provider_list() -> - Ets = oidcc_ets_provider, - true = ets:safe_fixtable(Ets, true), - Last = ets:first(Ets), - List = create_provider_list(Last, [], Ets), - true = ets:safe_fixtable(Ets, false), - {ok, List}. - -get_provider(Id) -> - case ets:lookup(oidcc_ets_provider, Id) of - [{Id, _Issuer, Pid, _MRef}] -> - {ok, Pid}; - _ -> - {error, not_found} - end. - -find_provider(Issuer, All) -> - Ets = oidcc_ets_issuer, - case {ets:lookup(Ets, Issuer), All} of - {[{Issuer, Pid}], false} -> - {ok, Pid}; - {[], _} -> - {error, not_found}; - {List, true} when is_list(List) -> - ToPid = fun({_, Pid}, Pids) -> [Pid | Pids] end, - {ok, lists:foldl(ToPid, [], List)}; - _ -> - {error, not_found} - end. - -start_provider(Id, Config) -> - oidcc_openid_provider_sup:add_openid_provider(Id, Config). - -insert_provider(Id, - IssuerOrEndpoint, - Pid, - #state{ets_prov = ProvEts, - ets_iss = IssEts, - ets_mon = MonEts}) -> - MRef = monitor(process, Pid), - %% {ok, Issuer} = oidcc_openid_provider:get_issuer(Pid), - [Issuer1, Issuer2] = to_issuer(IssuerOrEndpoint), - true = ets:insert(ProvEts, {Id, Issuer1, Pid, MRef}), - true = ets:insert(IssEts, {Issuer1, Pid}), - true = ets:insert(IssEts, {Issuer2, Pid}), - true = ets:insert(MonEts, {MRef, Id, Issuer1}), - ok. - -create_provider_list('$end_of_table', List, _) -> - lists:reverse(List); -create_provider_list(Current, List, Ets) -> - [{Id, _Iss, Pid, _MRef}] = ets:lookup(Ets, Current), - Next = ets:next(Ets, Current), - create_provider_list(Next, [{Id, Pid} | List], Ets). - -get_unique_id(State) -> - Id = random_id(), - case is_unique_id(Id, State) of - true -> - Id; - false -> - get_unique_id(State) - end. - -is_unique_id(Id, #state{ets_prov = Ets}) -> - case ets:lookup(Ets, Id) of - [] -> - true; - _ -> - false - end. - -random_id() -> - random_id(5). - -random_id(Length) -> - Random = - try crypto:strong_rand_bytes(Length) of - Data -> - Data - catch - low_entropy -> - timer:sleep(100), - random_id(Length) - end, - base64url:encode(Random). - -to_issuer(IssuerOrEndpoint) -> - Slash = <<"/">>, - Config = <<".well-known/openid-configuration">>, - ConfigS = <>, - Issuer = - case binary:match(IssuerOrEndpoint, ConfigS) of - {Pos, 33} -> - binary:part(IssuerOrEndpoint, 0, Pos); - _ -> - case binary:last(IssuerOrEndpoint) of - $/ -> - Len = byte_size(IssuerOrEndpoint), - binary:part(IssuerOrEndpoint, 0, Len - 1); - _ -> - IssuerOrEndpoint - end - end, - [Issuer, <>]. diff --git a/src/oidcc_openid_provider_sup.erl b/src/oidcc_openid_provider_sup.erl deleted file mode 100644 index 1c77e63..0000000 --- a/src/oidcc_openid_provider_sup.erl +++ /dev/null @@ -1,20 +0,0 @@ --module(oidcc_openid_provider_sup). - --behaviour(supervisor). - --export([add_openid_provider/2]). --export([start_link/0]). --export([init/1]). - -add_openid_provider(Id, Config) -> - supervisor:start_child(?MODULE, openid_provider_spec(Id, Config)). - -start_link() -> - supervisor:start_link({local, ?MODULE}, ?MODULE, []). - -init([]) -> - Procs = [], - {ok, {{one_for_one, 1, 5}, Procs}}. - -openid_provider_spec(Id, Config) -> - #{id => Id, start => {oidcc_openid_provider, start_link, [Id, Config]}}. diff --git a/src/oidcc_provider_configuration.erl b/src/oidcc_provider_configuration.erl new file mode 100644 index 0000000..01b35c1 --- /dev/null +++ b/src/oidcc_provider_configuration.erl @@ -0,0 +1,666 @@ +%%%------------------------------------------------------------------- +%% @doc Tooling to load and parse Openid Configuration +%% +%% To use the record, import the definition: +%% +%% ``` +%% -include_lib(["oidcc/include/oidcc_provider_configuration.hrl"]). +%% ''' +%% @end +%%%------------------------------------------------------------------- +-module(oidcc_provider_configuration). + +-feature(maybe_expr, enable). + +-include("oidcc_provider_configuration.hrl"). + +-export([decode_configuration/1]). +-export([load_configuration/2]). +-export([load_jwks/2]). + +-export_type([error/0]). +-export_type([opts/0]). +-export_type([t/0]). + +-type opts() :: #{ + fallback_expiry => timeout(), + request_opts => oidcc_http_util:request_opts() +}. +%% Configure configuration loading / parsing +%% +%%

Parameters

+%% +%%
    +%%
  • `fallback_expiry' - How long to keep configuration cached if the server doesn't specify expiry
  • +%%
  • `request_opts' - config for HTTP request
  • +%%
+ +-type t() :: + #oidcc_provider_configuration{ + issuer :: uri_string:uri_string(), + authorization_endpoint :: uri_string:uri_string(), + token_endpoint :: uri_string:uri_string() | undefined, + userinfo_endpoint :: uri_string:uri_string() | undefined, + jwks_uri :: uri_string:uri_string() | undefined, + registration_endpoint :: uri_string:uri_string() | undefined, + scopes_supported :: [binary()] | undefined, + response_types_supported :: [binary()], + response_modes_supported :: [binary()], + grant_types_supported :: [binary()], + acr_values_supported :: [binary()] | undefined, + subject_types_supported :: [pairwise | public], + id_token_signing_alg_values_supported :: [binary()], + id_token_encryption_alg_values_supported :: + [binary()] | undefined, + id_token_encryption_enc_values_supported :: + [binary()] | undefined, + userinfo_signing_alg_values_supported :: [binary()] | undefined, + userinfo_encryption_alg_values_supported :: + [binary()] | undefined, + userinfo_encryption_enc_values_supported :: + [binary()] | undefined, + request_object_signing_alg_values_supported :: + [binary()] | undefined, + request_object_encryption_alg_values_supported :: + [binary()] | undefined, + request_object_encryption_enc_values_supported :: + [binary()] | undefined, + token_endpoint_auth_methods_supported :: [binary()], + token_endpoint_auth_signing_alg_values_supported :: + [binary()] | undefined, + display_values_supported :: [binary()] | undefined, + claim_types_supported :: [normal | aggregated | distributed], + claims_supported :: [binary()] | undefined, + service_documentation :: uri_string:uri_string() | undefined, + claims_locales_supported :: [binary()] | undefined, + ui_locales_supported :: [binary()] | undefined, + claims_parameter_supported :: boolean(), + request_parameter_supported :: boolean(), + request_uri_parameter_supported :: boolean(), + require_request_uri_registration :: boolean(), + op_policy_uri :: uri_string:uri_string() | undefined, + op_tos_uri :: uri_string:uri_string() | undefined, + revocation_endpoint :: uri_string:uri_string() | undefined, + revocation_endpoint_auth_methods_supported :: [binary()], + revocation_endpoint_auth_signing_alg_values_supported :: + [binary()] | undefined, + introspection_endpoint :: uri_string:uri_string() | undefined, + introspection_endpoint_auth_methods_supported :: [binary()], + introspection_endpoint_auth_signing_alg_values_supported :: + [binary()] | undefined, + code_challenge_methods_supported :: [binary()] | undefined, + extra_fields :: #{binary() => term()} + }. +%% Record containing OpenID and OAuth 2.0 Configuration +%% +%% See [https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata] and +%% [https://datatracker.ietf.org/doc/html/draft-jones-oauth-discovery-01#section-4.1] +%% +%% All unrecognized fields are stored in `extra_fields'. + +-type error() :: + invalid_content_type + | {missing_config_property, Key :: atom()} + | {invalid_config_property, { + Type :: + uri + | uri_https + | list_of_binaries + | boolean + | scopes_including_openid + | enum + | alg_no_none, + Field :: atom() + }} + | oidcc_http_util:error(). + +-define(DEFAULT_CONFIG_EXPIRY, timer:minutes(15)). + +%% @doc Load OpenID Configuration into a {@link oidcc_provider_configuration:t()} record +%% +%%

Examples

+%% +%% ``` +%% {ok, #oidcc_provider_configuration{}} = +%% oidcc_provider_configuration:load_configuration("https://accounts.google.com"). +%% ''' +-spec load_configuration(Issuer, Opts) -> + {ok, {Configuration :: t(), Expiry :: pos_integer()}} | {error, error()} +when + Issuer :: uri_string:uri_string(), + Opts :: opts(). +load_configuration(Issuer, Opts) -> + TelemetryOpts = #{topic => [oidcc, load_configuration], extra_meta => #{issuer => Issuer}}, + RequestOpts = maps:get(request_opts, Opts, #{}), + Request = {[Issuer, <<"/.well-known/openid-configuration">>], []}, + + maybe + {ok, {{json, ConfigurationMap}, Headers}} ?= oidcc_http_util:request(get, Request, TelemetryOpts, RequestOpts), + Expiry = headers_to_deadline(Headers, Opts), + {ok, Configuration} ?= decode_configuration(ConfigurationMap), + {ok, {Configuration, Expiry}} + else + {error, Reason} -> {error, Reason}; + {ok, {{_Format, _Body}, _Headers}} -> {error, invalid_content_type} + end. + +%% @doc Load JWKs into a {@link jose_jwk:key()} record +%% +%%

Examples

+%% +%% ``` +%% {ok, #jose_jwk{}} = +%% oidcc_provider_configuration:load_jwks("https://www.googleapis.com/oauth2/v3/certs"). +%% ''' +-spec load_jwks(JwksUri, Opts) -> + {ok, {Jwks :: jose_jwk:key(), Expiry :: pos_integer()}} | {error, term()} +when + JwksUri :: uri_string:uri_string(), + Opts :: opts(). +load_jwks(JwksUri, Opts) -> + TelemetryOpts = #{topic => [oidcc, load_jwks], extra_meta => #{jwks_uri => JwksUri}}, + RequestOpts = maps:get(request_opts, Opts, #{}), + + maybe + {ok, {{json, JwksBinary}, Headers}} ?= oidcc_http_util:request(get, {JwksUri, []}, TelemetryOpts, RequestOpts), + Expiry = headers_to_deadline(Headers, Opts), + Jwks = jose_jwk:from(JwksBinary), + {ok, {Jwks, Expiry}} + else + {error, Reason} -> {error, Reason}; + {ok, {{_Format, _Body}, _Headers}} -> {error, invalid_content_type} + end. + +%% @doc Decode JSON into a {@link oidcc_provider_configuration:t()} record +%% +%%

Examples

+%% +%% ``` +%% {ok, {{"HTTP/1.1",200,"OK"}, _Headers, Body}} = +%% httpc:request("https://accounts.google.com/.well-known/openid-configuration"), +%% +%% {ok, DecodedJson} = your_json_lib:decode(Body), +%% +%% {ok, #oidcc_provider_configuration{}} = +%% oidcc_provider_configuration:decode_configuration(DecodedJson). +%% ''' +-spec decode_configuration(Configuration :: map()) -> {ok, t()} | {error, error()}. +decode_configuration(Configuration) -> + maybe + {ok, + {#{issuer := Issuer, + authorization_endpoint := AuthorizationEndpoint, + authorization_endpoint := AuthorizationEndpoint, + token_endpoint := TokenEndpoint, + userinfo_endpoint := UserinfoEndpoint, + jwks_uri := JwksUri, + registration_endpoint := RegistrationEndpoint, + scopes_supported := ScopesSupported, + response_types_supported := ResponseTypesSupported, + response_modes_supported := ResponseModesSupported, + grant_types_supported := GrantTypesSupported, + acr_values_supported := AcrValuesSupported, + subject_types_supported := SubjectTypesSupported, + id_token_signing_alg_values_supported := IdTokenSigningAlgValuesSupported, + id_token_encryption_alg_values_supported := IdTokenEncryptionAlgValuesSupported, + id_token_encryption_enc_values_supported := IdTokenEncryptionEncValuesSupported, + userinfo_signing_alg_values_supported := UserinfoSigningAlgValuesSupported, + userinfo_encryption_alg_values_supported := UserinfoEncryptionAlgValuesSupported, + userinfo_encryption_enc_values_supported := UserinfoEncryptionEncValuesSupported, + request_object_signing_alg_values_supported := RequestObjectSigningAlgValuesSupported, + request_object_encryption_alg_values_supported := + RequestObjectEncryptionAlgValuesSupported, + request_object_encryption_enc_values_supported := + RequestObjectEncryptionEncValuesSupported, + token_endpoint_auth_methods_supported := TokenEndpointAuthMethodsSupported, + token_endpoint_auth_signing_alg_values_supported := + TokenEndpointAuthSigningAlgValuesSupported, + display_values_supported := DisplayValuesSupported, + claim_types_supported := ClaimTypesSupported, + claims_supported := ClaimsSupported, + service_documentation := ServiceDocumentation, + claims_locales_supported := ClaimsLocalesSupported, + ui_locales_supported := UiLocalesSupported, + claims_parameter_supported := ClaimsParameterSupported, + request_parameter_supported := RequestParameterSupported, + request_uri_parameter_supported := RequestUriParameterSupported, + require_request_uri_registration := RequireRequestUriRegistration, + op_policy_uri := OpPolicyUri, + op_tos_uri := OpTosUri, + revocation_endpoint := RevocationEndpoint, + revocation_endpoint_auth_methods_supported := RevocationEndpointAuthMethodsSupported, + revocation_endpoint_auth_signing_alg_values_supported := + RevocationEndpointAuthSigningAlgValuesSupported, + introspection_endpoint := IntrospectionEndpoint, + introspection_endpoint_auth_methods_supported := + IntrospectionEndpointAuthMethodsSupported, + introspection_endpoint_auth_signing_alg_values_supported := + IntrospectionEndpointAuthSigningAlgValuesSupported, + code_challenge_methods_supported := CodeChallengeMethodsSupported}, + ExtraFields}} ?= + configuration_extract(Configuration, + [{required, issuer, fun parse_setting_uri/2}, + {required, authorization_endpoint, fun parse_setting_uri/2}, + {optional, token_endpoint, undefined, fun parse_setting_uri/2}, + {optional, + userinfo_endpoint, + undefined, + fun parse_setting_uri_https/2}, + {required, jwks_uri, fun parse_setting_uri/2}, + {optional, registration_endpoint, undefined, fun parse_setting_uri/2}, + {required, scopes_supported, fun parse_scopes_supported/2}, + {required, response_types_supported, fun parse_setting_binary_list/2}, + {optional, + response_modes_supported, + [<<"query">>, <<"fragment">>], + fun parse_setting_binary_list/2}, + {optional, + grant_types_supported, + [<<"authorization_code">>, <<"implicit">>], + fun parse_setting_binary_list/2}, + {optional, + acr_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {required, + subject_types_supported, + fun parse_subject_types_supported/2}, + {required, + id_token_signing_alg_values_supported, + fun parse_setting_binary_list/2}, + {optional, + id_token_encryption_alg_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + id_token_encryption_enc_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + userinfo_signing_alg_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + userinfo_encryption_alg_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + userinfo_encryption_enc_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + request_object_signing_alg_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + request_object_encryption_alg_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + request_object_encryption_enc_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + token_endpoint_auth_methods_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + token_endpoint_auth_signing_alg_values_supported, + undefined, + fun parse_token_signing_alg_values_no_none/2}, + {optional, + display_values_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + claim_types_supported, + [normal], + fun parse_claim_types_supported/2}, + {optional, + claims_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, service_documentation, undefined, fun parse_setting_uri/2}, + {optional, + claims_locales_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + ui_locales_supported, + undefined, + fun parse_setting_binary_list/2}, + {optional, + claims_parameter_supported, + false, + fun parse_setting_boolean/2}, + {optional, + request_parameter_supported, + false, + fun parse_setting_boolean/2}, + {optional, + request_uri_parameter_supported, + true, + fun parse_setting_boolean/2}, + {optional, + require_request_uri_registration, + false, + fun parse_setting_boolean/2}, + {optional, op_policy_uri, undefined, fun parse_setting_uri/2}, + {optional, op_tos_uri, undefined, fun parse_setting_uri/2}, + {optional, revocation_endpoint, undefined, fun parse_setting_uri/2}, + {optional, + revocation_endpoint_auth_methods_supported, + [<<"client_secret_basic">>], + fun parse_setting_binary_list/2}, + {optional, + revocation_endpoint_auth_signing_alg_values_supported, + undefined, + fun parse_token_signing_alg_values_no_none/2}, + {optional, + introspection_endpoint, + undefined, + fun parse_setting_uri/2}, + {optional, + introspection_endpoint_auth_methods_supported, + [<<"client_secret_basic">>], + fun parse_setting_binary_list/2}, + {optional, + introspection_endpoint_auth_signing_alg_values_supported, + undefined, + fun parse_token_signing_alg_values_no_none/2}, + {optional, + code_challenge_methods_supported, + undefined, + fun parse_setting_binary_list/2}], + #{}), + {ok, + #oidcc_provider_configuration{issuer = Issuer, + authorization_endpoint = AuthorizationEndpoint, + token_endpoint = TokenEndpoint, + userinfo_endpoint = UserinfoEndpoint, + jwks_uri = JwksUri, + registration_endpoint = RegistrationEndpoint, + scopes_supported = ScopesSupported, + response_types_supported = ResponseTypesSupported, + response_modes_supported = ResponseModesSupported, + grant_types_supported = GrantTypesSupported, + acr_values_supported = AcrValuesSupported, + subject_types_supported = SubjectTypesSupported, + id_token_signing_alg_values_supported = + IdTokenSigningAlgValuesSupported, + id_token_encryption_alg_values_supported = + IdTokenEncryptionAlgValuesSupported, + id_token_encryption_enc_values_supported = + IdTokenEncryptionEncValuesSupported, + userinfo_signing_alg_values_supported = + UserinfoSigningAlgValuesSupported, + userinfo_encryption_alg_values_supported = + UserinfoEncryptionAlgValuesSupported, + userinfo_encryption_enc_values_supported = + UserinfoEncryptionEncValuesSupported, + request_object_signing_alg_values_supported = + RequestObjectSigningAlgValuesSupported, + request_object_encryption_alg_values_supported = + RequestObjectEncryptionAlgValuesSupported, + request_object_encryption_enc_values_supported = + RequestObjectEncryptionEncValuesSupported, + token_endpoint_auth_methods_supported = + TokenEndpointAuthMethodsSupported, + token_endpoint_auth_signing_alg_values_supported = + TokenEndpointAuthSigningAlgValuesSupported, + display_values_supported = DisplayValuesSupported, + claim_types_supported = ClaimTypesSupported, + claims_supported = ClaimsSupported, + service_documentation = ServiceDocumentation, + claims_locales_supported = ClaimsLocalesSupported, + ui_locales_supported = UiLocalesSupported, + claims_parameter_supported = ClaimsParameterSupported, + request_parameter_supported = RequestParameterSupported, + request_uri_parameter_supported = + RequestUriParameterSupported, + require_request_uri_registration = + RequireRequestUriRegistration, + op_policy_uri = OpPolicyUri, + op_tos_uri = OpTosUri, + revocation_endpoint = RevocationEndpoint, + revocation_endpoint_auth_methods_supported = + RevocationEndpointAuthMethodsSupported, + revocation_endpoint_auth_signing_alg_values_supported = + RevocationEndpointAuthSigningAlgValuesSupported, + introspection_endpoint = IntrospectionEndpoint, + introspection_endpoint_auth_methods_supported = + IntrospectionEndpointAuthMethodsSupported, + introspection_endpoint_auth_signing_alg_values_supported = + IntrospectionEndpointAuthSigningAlgValuesSupported, + code_challenge_methods_supported = + CodeChallengeMethodsSupported, + extra_fields = ExtraFields}} + end. + +-spec configuration_extract( + Map :: #{binary() => term()}, + Keys :: [{required, Key, ParseFn} | {optional, Key, Default, ParseFn}], + Acc :: #{atom() => term()} +) -> + {ok, {Matched, Rest}} | {error, error()} +when + Key :: atom(), + Default :: term(), + ParseFn :: fun((Setting :: term(), Key) -> {ok, term()} | {error, error()}), + Matched :: #{Key => Default | undefined | term()}, + Rest :: #{binary() => term()}. +configuration_extract(Map1, [{required, Key, ParseFn} | RestKeys], Acc) -> + case maps:take(atom_to_binary(Key), Map1) of + {Value, Map2} -> + case ParseFn(Value, Key) of + {ok, Parsed} -> + configuration_extract(Map2, RestKeys, maps:put(Key, Parsed, Acc)); + {error, Reason} -> + {error, Reason} + end; + error -> + {error, {missing_config_property, Key}} + end; +configuration_extract(Map1, [{optional, Key, Default, ParseFn} | RestKeys], Acc) -> + case maps:take(atom_to_binary(Key), Map1) of + {Value, Map2} -> + case ParseFn(Value, Key) of + {ok, Parsed} -> + configuration_extract(Map2, RestKeys, maps:put(Key, Parsed, Acc)); + {error, Reason} -> + {error, Reason} + end; + error -> + configuration_extract(Map1, RestKeys, maps:put(Key, Default, Acc)) + end; +configuration_extract(Map, [], Acc) -> + {ok, {Acc, Map}}. + +-spec headers_to_deadline(Headers, Opts) -> pos_integer() when + Headers :: [{Header :: binary(), Value :: binary()}], Opts :: opts(). +headers_to_deadline(Headers, Opts) -> + DefaultExpiry = maps:get(fallback_expiry, Opts, ?DEFAULT_CONFIG_EXPIRY), + case proplists:lookup("cache-control", Headers) of + {"cache-control", Cache} -> + try + cache_deadline(Cache, DefaultExpiry) + catch + _:_ -> + DefaultExpiry + end; + none -> + DefaultExpiry + end. + +-spec cache_deadline(Cache :: iodata(), Fallback :: pos_integer()) -> pos_integer(). +cache_deadline(Cache, Fallback) -> + Entries = + binary:split(iolist_to_binary(Cache), [<<",">>, <<"=">>, <<" ">>], [global, trim_all]), + MaxAge = + fun + (<<"0">>, Res) -> + Res; + (Entry, true) -> + erlang:convert_time_unit(binary_to_integer(Entry), second, millisecond); + (<<"max-age">>, _) -> + true; + (_, Res) -> + Res + end, + lists:foldl(MaxAge, Fallback, Entries). + +-spec parse_setting_uri(Setting :: term(), Field :: atom()) -> + {ok, uri_string:uri_string()} | {error, error()}. +parse_setting_uri(Setting, _Field) when is_binary(Setting) -> + {ok, Setting}; +parse_setting_uri(_Setting, Field) -> + {error, {invalid_config_property, {uri, Field}}}. + +-spec parse_setting_uri_https(Setting :: term(), Field :: atom()) -> + {ok, uri_string:uri_string()} | {error, error()}. +parse_setting_uri_https(Setting, Field) when is_binary(Setting) -> + case uri_string:parse(Setting) of + #{scheme := <<"https">>} -> + {ok, Setting}; + #{scheme := _Scheme} -> + {error, {invalid_config_property, {uri_https, Field}}} + end; +parse_setting_uri_https(_Setting, Field) -> + {error, {invalid_config_property, {uri_https, Field}}}. + +-spec parse_setting_binary_list(Setting :: term(), Field :: atom()) -> + {ok, [binary()]} | {error, error()}. +parse_setting_binary_list(Setting, Field) when is_list(Setting) -> + case lists:all(fun is_binary/1, Setting) of + true -> + {ok, Setting}; + false -> + {error, {invalid_config_property, {list_of_binaries, Field}}} + end; +parse_setting_binary_list(_Setting, Field) -> + {error, {invalid_config_property, {list_of_binaries, Field}}}. + +-spec parse_setting_boolean(Setting :: term(), Field :: atom()) -> + {ok, boolean()} | {error, error()}. +parse_setting_boolean(Setting, _Field) when is_boolean(Setting) -> + {ok, Setting}; +parse_setting_boolean(_Setting, Field) -> + {error, {invalid_config_property, {boolean, Field}}}. + +-spec parse_scopes_supported(Setting :: term(), Field :: atom()) -> + {ok, [binary()]} | {error, error()}. +parse_scopes_supported(Setting, Field) -> + case parse_setting_binary_list(Setting, Field) of + {ok, Scopes} -> + case lists:member(<<"openid">>, Scopes) of + true -> + {ok, Scopes}; + false -> + {error, {invalid_config_property, {scopes_including_openid, Field}}} + end; + {error, Reason} -> + {error, Reason} + end. + +-spec parse_setting_list_enum( + Setting :: term(), + Field :: atom(), + Parse :: fun((binary()) -> {ok, Value} | error) +) -> + {ok, [Value]} | {error, error()} +when + Value :: term(). +parse_setting_list_enum(Setting, Field, Parse) -> + case parse_setting_binary_list(Setting, Field) of + {ok, Values} -> + Parsed = + lists:map( + fun(Value) -> + case Parse(Value) of + {ok, ParsedValue} -> + {ok, ParsedValue}; + error -> + {error, Value} + end + end, + Values + ), + + case + lists:filter( + fun + ({ok, _Value}) -> + false; + ({error, _Value}) -> + true + end, + Parsed + ) + of + [] -> + {ok, lists:map(fun({ok, Value}) -> Value end, Parsed)}; + [{error, _InvalidValue} | _Rest] -> + {error, {invalid_config_property, {enum, Field}}} + end; + {error, Reason} -> + {error, Reason} + end. + +-spec parse_subject_types_supported(Setting :: term(), Field :: atom()) -> + {ok, [binary()]} | {error, error()}. +parse_subject_types_supported(Setting, Field) -> + parse_setting_list_enum( + Setting, + Field, + fun + (<<"pairwise">>) -> + {ok, pairwise}; + (<<"public">>) -> + {ok, public}; + (_SubjectType) -> + error + end + ). + +-spec parse_token_signing_alg_values_no_none(Setting :: term(), Field :: atom()) -> + {ok, [binary()]} | {error, error()}. +parse_token_signing_alg_values_no_none(Setting, Field) -> + case parse_setting_binary_list(Setting, Field) of + {ok, SigningAlgValues} -> + case + lists:any( + fun + (<<"none">>) -> + true; + (_) -> + false + end, + SigningAlgValues + ) + of + false -> + {ok, SigningAlgValues}; + true -> + {error, {invalid_config_property, {alg_no_none, Field}}} + end; + {error, Reason} -> + {error, Reason} + end. + +-spec parse_claim_types_supported(Setting :: term(), Field :: atom()) -> + {ok, [binary()]} | {error, error()}. +parse_claim_types_supported(Setting, Field) -> + parse_setting_list_enum( + Setting, + Field, + fun + (<<"normal">>) -> + {ok, normal}; + (<<"aggregated">>) -> + {ok, aggregated}; + (<<"distributed">>) -> + {ok, distributed}; + (_ClaimType) -> + error + end + ). diff --git a/src/oidcc_provider_configuration_worker.erl b/src/oidcc_provider_configuration_worker.erl new file mode 100644 index 0000000..7837394 --- /dev/null +++ b/src/oidcc_provider_configuration_worker.erl @@ -0,0 +1,278 @@ +%%%------------------------------------------------------------------- +%% @doc OIDC Config Provider Worker +%% +%% Loads and continuously refreshes the OIDC configuration and JWKs +%% @end +%% @todo Store configuration in ETS instead of GenServer state to allow +%% concurrent reads +%%%------------------------------------------------------------------- +-module(oidcc_provider_configuration_worker). + +-feature(maybe_expr, enable). + +-behaviour(gen_server). + +-include("oidcc_provider_configuration.hrl"). + +-include_lib("jose/include/jose_jwk.hrl"). + +-export([get_jwks/1]). +-export([get_provider_configuration/1]). +-export([handle_call/3]). +-export([handle_cast/2]). +-export([handle_continue/2]). +-export([handle_info/2]). +-export([init/1]). +-export([refresh_configuration/1]). +-export([refresh_jwks/1]). +-export([refresh_jwks_for_unknown_kid/2]). +-export([start_link/1]). + +-export_type([opts/0]). + +%% Configuration Options +%% +%%
    +%%
  • `name' - The gen_server name of the provider.
  • +%%
  • `issuer' - The issuer URI.
  • +%%
  • `provider_configuration_opts' - Options for the provider configuration fetching.
  • +%%
+-type opts() :: #{ + name => gen_server:server_name(), + issuer := uri_string:uri_string(), + provider_configuration_opts => oidcc_provider_configuration:opts() +}. + +-record(state, { + provider_configuration = undefined :: #oidcc_provider_configuration{} | undefined, + jwks = undefined :: jose_jwk:key() | undefined, + issuer :: uri_string:uri_string(), + provider_configuration_opts :: oidcc_provider_configuration:opts(), + configuration_refresh_timer :: timer:tref() | undefined, + jwks_refresh_timer :: timer:tref() | undefined +}). + +%% @doc Start Configuration Provider +%% +%%

Examples

+%% +%% ``` +%% {ok, Pid} = +%% oidcc_provider_configuration_worker:start_link(#{ +%% issuer => <<"https://accounts.google.com">>, +%% name => {local, google_config_provider} +%% }). +%% ''' +%% +%% ``` +%% %% ... +%% +%% -behaviour(supervisor). +%% +%% %% ... +%% +%% init(_opts) -> +%% SupFlags = #{strategy => one_for_one, intensity => 1, period => 5}, +%% ChildSpecs = [#{id => google_config_provider, +%% start => {oidcc_provider_configuration_worker, +%% start_link, +%% [ +%% {issuer, <<"https://accounts.google.com">>} +%% ]}, +%% restart => permanent, +%% type => worker, +%% modules => [oidcc_provider_configuration_worker]}], +%% {ok, {SupFlags, ChildSpecs}}. +%% ''' +-spec start_link(Opts :: opts()) -> gen_server:start_ret(). +start_link(Opts) -> + case maps:get(name, Opts, undefined) of + undefined -> + gen_server:start_link(?MODULE, Opts, []); + Name -> + gen_server:start_link(Name, ?MODULE, Opts, []) + end. + +%% @private +init(Opts) -> + maybe + {ok, Issuer} ?= get_issuer(Opts), + ProviderConfigurationOpts = maps:get(provider_configuration_opts, Opts, #{}), + {ok, + #state{issuer = Issuer, provider_configuration_opts = ProviderConfigurationOpts}, + {continue, load_configuration}} + end. + +%% @private +handle_call( + get_provider_configuration, _From, #state{provider_configuration = Configuration} = State +) -> + {reply, Configuration, State}; +handle_call(get_jwks, _From, #state{jwks = Jwks} = State) -> + {reply, Jwks, State}. + +%% @private +handle_cast(refresh_configuration, State) -> + {noreply, State, {continue, load_configuration}}; +handle_cast(refresh_jwks, State) -> + {noreply, State, {continue, load_jwks}}; +handle_cast({refresh_jwks_for_unknown_kid, Kid}, #state{jwks = Jwks} = State) -> + case has_kid(Jwks, Kid) of + false -> + {noreply, State, {continue, load_jwks}}; + true -> + {noreply, State}; + unknown -> + {noreply, State} + end. + +%% @private +handle_continue( + load_configuration, + #state{ + issuer = Issuer, + provider_configuration_opts = ProviderConfigurationOpts, + configuration_refresh_timer = OldTimer + } = + State +) -> + maybe_cancel_timer(OldTimer), + + maybe + {ok, {Configuration, Expiry}} ?= oidcc_provider_configuration:load_configuration( + Issuer, + ProviderConfigurationOpts + ), + {ok, NewTimer} = timer:send_after(Expiry, configuration_expired), + {noreply, State#state{provider_configuration = Configuration, configuration_refresh_timer = NewTimer}, + {continue, load_jwks}} + else + {error, Reason} -> + {stop, {configuration_load_failed, Reason}, State} + end; +handle_continue( + load_jwks, + #state{ + provider_configuration = Configuration, + provider_configuration_opts = ProviderConfigurationOpts, + jwks_refresh_timer = OldTimer + } = + State +) -> + #oidcc_provider_configuration{jwks_uri = JwksUri} = Configuration, + + maybe_cancel_timer(OldTimer), + + maybe + {ok, {Jwks, Expiry}} ?= oidcc_provider_configuration:load_jwks(JwksUri, ProviderConfigurationOpts), + {ok, NewTimer} = timer:send_after(Expiry, jwks_expired), + {noreply, State#state{jwks = Jwks, jwks_refresh_timer = NewTimer}} + else + {error, Reason} -> + {stop, {jwks_load_failed, Reason}, State} + end. + +%% @private +handle_info(configuration_expired, State) -> + {noreply, State#state{configuration_refresh_timer = undefined, jwks_refresh_timer = undefined}, + {continue, load_configuration}}; +handle_info(jwks_expired, State) -> + {noreply, State#state{jwks_refresh_timer = undefined}, {continue, load_jwks}}. + +%% @doc Get Configuration +-spec get_provider_configuration(Name :: gen_server:server_ref()) -> + oidcc_provider_configuration:t(). +get_provider_configuration(Name) -> + gen_server:call(Name, get_provider_configuration). + +%% @doc Get Parsed Jwks +-spec get_jwks(Name :: gen_server:server_ref()) -> jose_jwk:key(). +get_jwks(Name) -> + gen_server:call(Name, get_jwks). + +%% @doc Refresh Configuration +%% +%%

Examples

+%% +%% ``` +%% {ok, Pid} = +%% oidcc_provider_configuration_worker:start_link(#{ +%% issuer => <<"https://accounts.google.com">> +%% }). +%% +%% %% Later +%% +%% oidcc_provider_configuration_worker:refresh_configuration(Pid). +%% ''' +-spec refresh_configuration(Name :: gen_server:server_ref()) -> ok. +refresh_configuration(Name) -> + gen_server:cast(Name, refresh_configuration). + +%% @doc Refresh JWKs +%% +%%

Examples

+%% +%% ``` +%% {ok, Pid} = +%% oidcc_provider_configuration_worker:start_link(#{ +%% issuer => <<"https://accounts.google.com">> +%% }). +%% +%% %% Later +%% +%% oidcc_provider_configuration_worker:refresh_jwks(Pid). +%% ''' +-spec refresh_jwks(Name :: gen_server:server_ref()) -> ok. +refresh_jwks(Name) -> + gen_server:cast(Name, refresh_jwks). + +%% @doc Refresh JWKs if the provided `Kid' is not matching any currently loaded keys +%% +%%

Examples

+%% +%% ``` +%% {ok, Pid} = +%% oidcc_provider_configuration_worker:start_link(#{ +%% issuer => <<"https://accounts.google.com">> +%% }). +%% +%% oidcc_provider_configuration_worker:refresh_jwks_for_unknown_kid(Pid, <<"kid">>). +%% ''' +-spec refresh_jwks_for_unknown_kid(Name :: gen_server:server_ref(), Kid :: binary()) -> + ok. +refresh_jwks_for_unknown_kid(Name, Kid) -> + gen_server:cast(Name, {refresh_jwks_for_unknown_kid, Kid}). + +-spec get_issuer(Opts :: opts()) -> {ok, binary()} | {error, issuer_required}. +get_issuer(Opts) -> + case maps:get(issuer, Opts, undefined) of + undefined -> + {error, issuer_required}; + Issuer when erlang:is_binary(Issuer) -> + {ok, Issuer} + end. + +%% Checking of existing kid values is a bit wonky because of partial support +%% in jose. see: https://github.com/potatosalad/erlang-jose/issues/28 +-spec has_kid(Jwk :: jose_jwk:key(), Kid :: binary()) -> boolean() | unknown. +has_kid(#jose_jwk{fields = #{<<"kid">> := Kid}}, Kid) -> + true; +has_kid(#jose_jwk{fields = #{<<"kid">> := _}}, _Kid) -> + false; +has_kid(#jose_jwk{keys = {jose_jwk_set, Keys}}, Kid) -> + lists:foldl( + fun + (_Key, Acc) when is_boolean(Acc) -> + Acc; + (Key, unknown) -> + has_kid(Key, Kid) + end, + unknown, + Keys + ). + +-spec maybe_cancel_timer(Timer :: undefined | timer:tref()) -> ok. +maybe_cancel_timer(undefined) -> + ok; +maybe_cancel_timer(TRef) -> + {ok, cancel} = timer:cancel(TRef). diff --git a/src/oidcc_scope.erl b/src/oidcc_scope.erl new file mode 100644 index 0000000..5578630 --- /dev/null +++ b/src/oidcc_scope.erl @@ -0,0 +1,65 @@ +%%%------------------------------------------------------------------- +%% @doc OpenID Scope Utilities +%% @end +%%%------------------------------------------------------------------- +-module(oidcc_scope). + +-feature(maybe_expr, enable). + +-export([parse/1]). +-export([query_append_scope/2]). +-export([scopes_to_bin/1]). + +-export_type([scopes/0]). +-export_type([t/0]). + +-type scopes() :: [nonempty_binary() | atom() | nonempty_string()]. + +-type t() :: binary(). + +%% @doc Compose {@link scopes()} into {@link t()} +%% +%%

Examples

+%% +%% ``` +%% <<"openid profile email">> = oidcc_scope:scopes_to_bin( +%% [<<"openid">>, profile, "email"]). +%% ''' +-spec scopes_to_bin(Scopes :: scopes()) -> t(). +scopes_to_bin(Scopes) -> + NormalizedScopes = + lists:map( + fun + (Scope) when is_binary(Scope) -> + Scope; + (Scope) when is_atom(Scope) -> + atom_to_binary(Scope, utf8); + (Scope) when is_list(Scope) -> + list_to_binary(Scope) + end, + Scopes + ), + SeparatedScopes = lists:join(<<" ">>, NormalizedScopes), + list_to_binary(SeparatedScopes). + +%% @private +-spec query_append_scope(Scope, QueryList) -> QueryList when + Scope :: t() | scopes(), + QueryList :: [{unicode:chardata(), unicode:chardata() | true}]. +query_append_scope(<<>>, QueryList) -> + QueryList; +query_append_scope(Scope, QueryList) when is_binary(Scope) -> + [{<<"scope">>, Scope} | QueryList]; +query_append_scope(Scopes, QueryList) when is_list(Scopes) -> + query_append_scope(scopes_to_bin(Scopes), QueryList). + +%% @doc Parse {@link t()} into {@link scopes()} +%% +%%

Examples

+%% +%% ``` +%% [<<"openid">>, <<"profile">>] = oidcc_scope:parse(<<"openid profile">>). +%% ''' +-spec parse(Scope :: t()) -> scopes(). +parse(Scope) -> + binary:split(Scope, [<<" ">>], [trim_all, global]). diff --git a/src/oidcc_session.erl b/src/oidcc_session.erl deleted file mode 100644 index 99885a6..0000000 --- a/src/oidcc_session.erl +++ /dev/null @@ -1,180 +0,0 @@ --module(oidcc_session). - --behaviour(gen_server). - -%% API. --export([start_link/3]). --export([start_link/4]). --export([is_user_agent/2]). --export([is_cookie_data/2]). --export([is_peer_ip/2]). --export([get_id/1]). --export([get_provider/1]). --export([get_scopes/1]). --export([get_nonce/1]). --export([get_pkce/1]). --export([get_peer_ip/1]). --export([get_user_agent/1]). --export([get_cookie_data/1]). --export([get_client_mod/1]). --export([set_user_agent/2]). --export([set_cookie_data/2]). --export([set_peer_ip/2]). --export([set_client_mod/2]). --export([close/1]). -%% gen_server. --export([init/1]). --export([handle_call/3]). --export([handle_cast/2]). --export([handle_info/2]). --export([terminate/2]). --export([code_change/3]). - --record(state, {id = undefined, timeout = undefined, data = #{}}). - -%% API. - -start_link(Id, Nonce, ProviderId) -> - {ok, Config} = oidcc:get_openid_provider_info(ProviderId), - Scopes = maps:get(request_scopes, Config), - start_link(Id, Nonce, ProviderId, Scopes). - -start_link(Id, Nonce, ProviderId, Scopes0) -> - Scopes = - case Scopes0 of - undefined -> - application:get_env(oidcc, scopes, [openid]); - _ -> - Scopes0 - end, - Pkce = generate_pkce_if_supported(ProviderId), - gen_server:start_link(?MODULE, {Id, Nonce, Pkce, ProviderId, Scopes}, []). - --spec close(Pid :: pid()) -> ok. -close(Pid) -> - gen_server:cast(Pid, close). - -is_user_agent(UserAgent, Pid) -> - gen_server:call(Pid, {is, user_agent, UserAgent}). - -is_cookie_data(CookieData, Pid) -> - gen_server:call(Pid, {is, cookie_data, CookieData}). - -is_peer_ip(PeerIp, Pid) -> - gen_server:call(Pid, {is, peer_ip, PeerIp}). - -get_id(Pid) -> - gen_server:call(Pid, get_id). - -get_provider(Pid) -> - gen_server:call(Pid, {get, provider}). - -get_scopes(Pid) -> - gen_server:call(Pid, {get, scopes}). - -get_nonce(Pid) -> - gen_server:call(Pid, {get, nonce}). - -get_pkce(Pid) -> - gen_server:call(Pid, {get, pkce}). - -get_peer_ip(Pid) -> - gen_server:call(Pid, {get, peer_ip}). - -get_user_agent(Pid) -> - gen_server:call(Pid, {get, user_agent}). - -get_cookie_data(Pid) -> - gen_server:call(Pid, {get, cookie_data}). - -get_client_mod(Pid) -> - gen_server:call(Pid, {get, client_mod}). - -set_user_agent(UserAgent, Pid) -> - gen_server:call(Pid, {set, user_agent, UserAgent}). - -set_peer_ip(PeerIp, Pid) -> - gen_server:call(Pid, {set, peer_ip, PeerIp}). - -set_cookie_data(CookieData, Pid) -> - gen_server:call(Pid, {set, cookie_data, CookieData}). - -set_client_mod(ClientMod, Pid) -> - gen_server:call(Pid, {set, client_mod, ClientMod}). - -%% gen_server. - -init({Id, Nonce, Pkce, ProviderId, Scopes}) -> - Timeout = application:get_env(oidcc, session_timeout, 300000), - Map = #{nonce => Nonce, - scopes => Scopes, - pkce => Pkce, - provider => ProviderId}, - {ok, - #state{id = Id, - data = Map, - timeout = Timeout}, - Timeout}. - -handle_call({get, Field}, _From, #state{data = Map, timeout = To} = State) -> - Value = maps:get(Field, Map, undefined), - {reply, {ok, Value}, State, To}; -handle_call({set, Field, Value}, _From, #state{data = Map, timeout = To} = State) -> - NewMap = maps:put(Field, Value, Map), - {reply, ok, State#state{data = NewMap}, To}; -handle_call({is, Field, InVal}, _From, #state{data = Map, timeout = To} = State) -> - Value = maps:get(Field, Map, undefined), - {reply, InVal == Value, State, To}; -handle_call(get_id, _From, #state{id = Id, timeout = To} = State) -> - {reply, {ok, Id}, State, To}; -handle_call(_Request, _From, #state{timeout = To} = State) -> - {reply, ignored, State, To}. - -handle_cast(close, #state{id = Id} = State) -> - ok = oidcc_session_mgr:session_terminating(Id), - {stop, normal, State}; -handle_cast(_Request, #state{timeout = To} = State) -> - {noreply, State, To}. - -handle_info(timeout, #state{id = Id} = State) -> - ok = oidcc_session_mgr:session_terminating(Id), - {stop, normal, State}; -handle_info(_Info, #state{timeout = To} = State) -> - {noreply, State, To}. - -terminate(normal, _State) -> - ok; -terminate(_Reason, #state{id = Id}) -> - oidcc_session_mgr:session_terminating(Id), - ok. - -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -generate_pkce_if_supported(ProviderId) -> - {ok, Config} = oidcc:get_openid_provider_info(ProviderId), - UsePkce = maps:is_key(code_challenge_methods_supported, Config), - Methods = maps:get(code_challenge_methods_supported, Config, [<<"S256">>]), - generate_pkce(UsePkce, Methods). - -generate_pkce(true, Methods) -> - CodeVerifier = gen_code_verifier(), - UseS256 = lists:member(<<"S256">>, Methods), - apply_s256(UseS256, CodeVerifier); -generate_pkce(_, _) -> - undefined. - -apply_s256(true, CodeVerifier) -> - #{verifier => CodeVerifier, - challenge => - base64url:encode( - crypto:hash(sha256, CodeVerifier)), - method => 'S256'}; -apply_s256(_, CodeVerifier) -> - #{verifier => CodeVerifier, - challenge => CodeVerifier, - method => plain}. - -gen_code_verifier() -> - base64url:encode( - crypto:strong_rand_bytes(64)). diff --git a/src/oidcc_session_mgr.erl b/src/oidcc_session_mgr.erl deleted file mode 100644 index ddde8f2..0000000 --- a/src/oidcc_session_mgr.erl +++ /dev/null @@ -1,163 +0,0 @@ --module(oidcc_session_mgr). - -%% -%% Copyright 2016 SCC/KIT -%% -%% Licensed under the Apache License, Version 2.0 (the "License"); -%% you may not use this file except in compliance with the License. -%% You may obtain a copy of the License at -%% -%% http://www.apache.org/licenses/LICENSE-2.0 (see also the LICENSE file) -%% -%% Unless required by applicable law or agreed to in writing, software -%% distributed under the License is distributed on an "AS IS" BASIS -%% WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -%% See the License for the specific language governing permissions and -%% limitations under the License. -%% --author("Bas Wegh, Bas.Weghkit.edu"). - --behaviour(gen_server). - -%% API. --export([start_link/0]). --export([stop/0]). --export([new_session/1]). --export([get_session/1]). --export([close_all_sessions/0]). --export([get_session_list/0]). --export([session_terminating/1]). -%% gen_server. --export([init/1]). --export([handle_call/3]). --export([handle_cast/2]). --export([handle_info/2]). --export([terminate/2]). --export([code_change/3]). - --record(state, {sessions = []}). - -%% API. - --spec start_link() -> {ok, pid()}. -start_link() -> - gen_server:start_link({local, ?MODULE}, ?MODULE, [], []). - --spec stop() -> ok. -stop() -> - gen_server:cast(?MODULE, stop). - --spec new_session(binary()) -> {ok, pid()}. -new_session(ProviderId) -> - gen_server:call(?MODULE, {new_session, ProviderId}). - --spec get_session(ID :: uuid:uuid()) -> {ok, pid()}. -get_session(ID) -> - gen_server:call(?MODULE, {get_session, ID}). - --spec session_terminating(ID :: binary()) -> ok. -session_terminating(ID) -> - gen_server:call(?MODULE, {delete_session, ID}). - --spec close_all_sessions() -> ok. -close_all_sessions() -> - gen_server:call(?MODULE, close_all_sessions). - --spec get_session_list() -> {ok, Sessions :: list()}. -get_session_list() -> - gen_server:call(?MODULE, get_session_list). - -%% gen_server. - -init([]) -> - {ok, #state{}}. - -handle_call({new_session, ProviderId}, _From, State) -> - {ok, Pid, NewState} = create_new_session(ProviderId, State), - {reply, {ok, Pid}, NewState}; -handle_call({get_session, Id}, _From, State) -> - Result = lookup_session(Id, State), - {reply, Result, State}; -handle_call({delete_session, ID}, _From, State) -> - {ok, NewState} = delete_session(ID, State), - {reply, ok, NewState}; -handle_call(close_all_sessions, _From, State) -> - {ok, NewState} = delete_sessions(State), - {reply, ok, NewState}; -handle_call(get_session_list, _From, State) -> - SessionList = session_list(State), - {reply, {ok, SessionList}, State}; -handle_call(_Request, _From, State) -> - {reply, ignored, State}. - -handle_cast(stop, State) -> - {ok, NewState} = delete_sessions(State), - {stop, normal, NewState}; -handle_cast(_Msg, State) -> - {noreply, State}. - -handle_info(_Info, State) -> - {noreply, State}. - -terminate(_Reason, _State) -> - ok. - -code_change(_OldVsn, State, _Extra) -> - {ok, State}. - -delete_sessions(#state{sessions = Sessions} = State) -> - {ok, NewState} = delete_sessions(Sessions, State), - {ok, NewState}. - -delete_sessions([], State) -> - {ok, State#state{sessions = []}}; -delete_sessions([{_Id, Pid} | T], State) -> - oidcc_session:close(Pid), - delete_sessions(T, State). - -set_session_for_id(ID, Pid, #state{sessions = Sessions} = State) -> - {ok, State#state{sessions = [{ID, Pid} | Sessions]}}. - -delete_session(Id, #state{sessions = Sessions} = State) -> - NewSessions = lists:keydelete(Id, 1, Sessions), - {ok, State#state{sessions = NewSessions}}. - -get_unique_id(#state{sessions = List}) -> - get_unique_id(List); -get_unique_id(List) -> - ID = random_string(64), - repeat_id_gen_if_needed(ID, lists:keyfind(ID, 1, List), List). - -repeat_id_gen_if_needed(ID, false, _) -> - ID; -repeat_id_gen_if_needed(_, _, List) -> - get_unique_id(List). - -lookup_session(Id, #state{sessions = Sessions}) -> - case lists:keyfind(Id, 1, Sessions) of - {Id, Pid} -> - {ok, Pid}; - _ -> - {error, not_found} - end. - -session_list(#state{sessions = Sessions}) -> - Sessions. - -create_new_session(ProviderId, State) -> - ID = get_unique_id(State), - create_new_session(ID, ProviderId, State). - -create_new_session(ID, ProviderId, State) -> - Pid = start_session(ID, ProviderId), - {ok, NewState} = set_session_for_id(ID, Pid, State), - {ok, Pid, NewState}. - -start_session(Id, ProviderId) -> - Nonce = random_string(128), - {ok, Pid} = oidcc_session_sup:new_session(Id, Nonce, ProviderId), - Pid. - -random_string(Length) -> - base64url:encode( - crypto:strong_rand_bytes(Length)). diff --git a/src/oidcc_session_sup.erl b/src/oidcc_session_sup.erl deleted file mode 100644 index 64dd886..0000000 --- a/src/oidcc_session_sup.erl +++ /dev/null @@ -1,27 +0,0 @@ --module(oidcc_session_sup). - --behaviour(supervisor). - --export([new_session/3]). --export([new_session/4]). --export([start_link/0]). --export([init/1]). - -new_session(Id, Nonce, ProviderId) -> - supervisor:start_child(?MODULE, [Id, Nonce, ProviderId]). - -new_session(Id, Nonce, ProviderId, Scopes) -> - supervisor:start_child(?MODULE, [Id, Nonce, ProviderId, Scopes]). - -start_link() -> - supervisor:start_link({local, ?MODULE}, ?MODULE, []). - -init([]) -> - Procs = [session()], - {ok, {{simple_one_for_one, 1, 5}, Procs}}. - -session() -> - #{id => session, - start => {oidcc_session, start_link, []}, - type => worker, - restart => transient}. diff --git a/src/oidcc_sup.erl b/src/oidcc_sup.erl deleted file mode 100644 index ee6de32..0000000 --- a/src/oidcc_sup.erl +++ /dev/null @@ -1,49 +0,0 @@ --module(oidcc_sup). - --behaviour(supervisor). - --export([start_link/0]). --export([init/1]). - -start_link() -> - supervisor:start_link({local, ?MODULE}, ?MODULE, []). - -init([]) -> - Procs = - [openid_provider_manager(), - openid_session_manager(), - openid_client(), - openid_provider_supervisor(), - session_supervisor(), - http_cache()], - {ok, {{one_for_one, 1, 5}, Procs}}. - -openid_provider_supervisor() -> - #{id => op_sup, - start => {oidcc_openid_provider_sup, start_link, []}, - type => supervisor}. - -session_supervisor() -> - #{id => session_sup, - start => {oidcc_session_sup, start_link, []}, - type => supervisor}. - -openid_provider_manager() -> - #{id => op_mgr, - start => {oidcc_openid_provider_mgr, start_link, []}, - type => worker}. - -openid_session_manager() -> - #{id => session_mgr, - start => {oidcc_session_mgr, start_link, []}, - type => worker}. - -openid_client() -> - #{id => client, - start => {oidcc_client, start_link, []}, - type => worker}. - -http_cache() -> - #{id => cache, - start => {oidcc_http_cache, start_link, []}, - type => worker}. diff --git a/src/oidcc_token.erl b/src/oidcc_token.erl index 6d81d8c..36c0210 100644 --- a/src/oidcc_token.erl +++ b/src/oidcc_token.erl @@ -1,299 +1,696 @@ +%%%------------------------------------------------------------------- +%% @doc Facilitate OpenID Code/Token Exchanges +%% @end +%%%------------------------------------------------------------------- -module(oidcc_token). --export([extract_token_map/2]). --export([introspect_token_map/2]). --export([validate_token_map/3]). --export([validate_token_map/4]). --export([verify_access_token_map_hash/2]). +-feature(maybe_expr, enable). + +-include("oidcc_client_context.hrl"). +-include("oidcc_provider_configuration.hrl"). +-include("oidcc_token.hrl"). + +-include_lib("jose/include/jose_jwk.hrl"). +-include_lib("jose/include/jose_jws.hrl"). +-include_lib("jose/include/jose_jwt.hrl"). + +-export([client_credentials/2]). +-export([jwt_profile/4]). +-export([refresh/3]). +-export([retrieve/3]). -export([validate_id_token/3]). --export([validate_id_token/4]). -extract_token_map(Token, OrgScope) -> - TokenMap = jsone:decode(Token, [{object_format, map}]), - IDToken = maps:get(<<"id_token">>, TokenMap, none), - AccessToken = maps:get(<<"access_token">>, TokenMap, none), - AccessExpire = maps:get(<<"expires_in">>, TokenMap, undefined), - RefreshToken = maps:get(<<"refresh_token">>, TokenMap, none), - Scope = maps:get(<<"scope">>, TokenMap, OrgScope), - #{id => #{token => IDToken, claims => undefined}, - access => - #{token => AccessToken, - expires => AccessExpire, - hash => undefined}, - refresh => #{token => RefreshToken}, - scope => scope_map(Scope)}. - -introspect_token_map(Token, ThisClientId) -> - TokenMap = jsone:decode(Token, [{object_format, map}]), - Active = - case maps:get(<<"active">>, TokenMap, undefined) of - true -> - true; - _ -> - false - end, - Scope = maps:get(<<"scope">>, TokenMap, <<"">>), - ClientId = maps:get(<<"client_id">>, TokenMap, undefined), - SameClientId = ClientId == ThisClientId, - Username = maps:get(<<"username">>, TokenMap, undefined), - Exp = maps:get(<<"exp">>, TokenMap, undefined), - #{active => Active, - scope => scope_map(Scope), - client_id => #{id => ClientId, same => SameClientId}, - username => Username, - exp => Exp}. - -scope_map(Scope) -> - #{scope => Scope, list => binary:split(Scope, [<<" ">>], [trim_all, global])}. - -validate_token_map(TokenMap, OpenIdProvider, Nonce) -> - validate_token_map(TokenMap, OpenIdProvider, Nonce, false). - -validate_token_map(TokenMap, OpenIdProvider, Nonce, AllowNone) -> - #{id := IdTokenMap, access := AccessTokenMap} = TokenMap, - - case validate_id_token_map(IdTokenMap, OpenIdProvider, Nonce, AllowNone) of - {ok, NewIdTokenMap} -> - NewAccessTokenMap = verify_access_token_map_hash(AccessTokenMap, NewIdTokenMap), - TokenMap1 = maps:put(id, NewIdTokenMap, TokenMap), - Result = maps:put(access, NewAccessTokenMap, TokenMap1), - {ok, Result}; - Other -> - Other +-export_type([access/0]). +-export_type([client_credentials_opts/0]). +-export_type([error/0]). +-export_type([id/0]). +-export_type([jwt_profile_opts/0]). +-export_type([refresh/0]). +-export_type([refresh_opts/0]). +-export_type([refresh_opts_no_sub/0]). +-export_type([retrieve_opts/0]). +-export_type([t/0]). + +-type id() :: #oidcc_token_id{token :: binary(), claims :: oidcc_jwt_util:claims()}. + +%% ID Token Wrapper +%% +%%

Fields

+%% +%%
    +%%
  • `token' - The retrieved token
  • +%%
  • `claims' - Unpacked claims of the verified token
  • +%%
+ +-type access() :: + #oidcc_token_access{token :: binary(), expires :: pos_integer() | undefined}. +%% Access Token Wrapper +%% +%%

Fields

+%% +%%
    +%%
  • `token' - The retrieved token
  • +%%
  • `expires' - Timestamp when token will expire
  • +%%
+ +-type refresh() :: #oidcc_token_refresh{token :: binary()}. +%% Refresh Token Wrapper +%% +%%

Fields

+%% +%%
    +%%
  • `token' - The retrieved token
  • +%%
+ +-type t() :: + #oidcc_token{ + id :: oidcc_token:id() | none, + access :: oidcc_token:access() | none, + refresh :: oidcc_token:refresh() | none, + scope :: oidcc_scope:scopes() + }. +%% Token Response Wrapper +%% +%%

Fields

+%% +%%
    +%%
  • `id' - {@link id()}
  • +%%
  • `access' - {@link access()}
  • +%%
  • `refresh' - {@link refresh()}
  • +%%
  • `scope' - {@link oidcc_scope:scopes()}
  • +%%
+ +-type pkce() :: #{verifier := binary()}. + +-type retrieve_opts() :: + #{ + pkce => pkce(), + nonce => binary() | any, + scope => oidcc_scope:scopes(), + refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), + redirect_uri := uri_string:uri_string(), + request_opts => oidcc_http_util:request_opts() + }. +%% Options for retrieving a token +%% +%% See [https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3] +%% +%%

Fields

+%% +%%
    +%%
  • `pkce' - PKCE verification options
  • +%%
  • `nonce' - Nonce to check
  • +%%
  • `scope' - Scope to store with the token
  • +%%
  • `refresh_jwks' - How to handle tokens with an unknown `kid'. +%% See {@link oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun()}
  • +%%
  • `redirect_uri' - Redirect uri given to {@link oidcc_authorization:create_redirect_url/2}
  • +%%
+ +-type refresh_opts_no_sub() :: + #{ + scope => oidcc_scope:scopes(), + refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), + expected_subject := binary() + }. +%% See {@link refresh_opts_no_sub()} + +-type refresh_opts() :: + #{ + scope => oidcc_scope:scopes(), + refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), + expected_subject := binary(), + request_opts => oidcc_http_util:request_opts() + }. +%% Options for refreshing a token +%% +%% See [https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3] +%% +%%

Fields

+%% +%%
    +%%
  • `scope' - Scope to store with the token
  • +%%
  • `refresh_jwks' - How to handle tokens with an unknown `kid'. +%% See {@link oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun()}
  • +%%
  • `expected_subject' - `sub' of the original token
  • +%%
+ +-type jwt_profile_opts() :: #{ + scope => oidcc_scope:scopes(), + refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), + request_opts => oidcc_http_util:request_opts(), + kid => binary() +}. + +-type client_credentials_opts() :: #{ + scope => oidcc_scope:scopes(), + refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), + request_opts => oidcc_http_util:request_opts() +}. + +-type error() :: + {missing_claim, MissingClaim :: binary(), Claims :: oidcc_jwt_util:claims()} + | bad_access_token_hash + | sub_invalid + | {none_alg_used, NoneClaims :: oidcc_jwt_util:claims()} + | {grant_type_not_supported, + authorization_code | refresh_token | jwt_bearer | client_credentials} + | oidcc_jwt_util:error() + | oidcc_http_util:error(). + +%% @doc +%% retrieve the token using the authcode received before and directly validate +%% the result. +%% +%% the authcode was sent to the local endpoint by the OpenId Connect provider, +%% using redirects +%% +%% For a high level interface using {@link oidcc_provider_configuration_worker} +%% see {@link oidcc:retrieve_token/5}. +%% +%%

Examples

+%% +%% ``` +%% {ok, ClientContext} = +%% oidcc_client_context:from_configuration_worker(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>), +%% +%% %% Get AuthCode from Redirect +%% +%% {ok, #oidcc_token{}} = +%% oidcc:retrieve(AuthCode, ClientContext, #{ +%% redirect_uri => <<"https://example.com/callback">>}). +%% ''' +%% @end +-spec retrieve(AuthCode, ClientContext, Opts) -> + {ok, t()} | {error, error()} +when + AuthCode :: binary(), + ClientContext :: oidcc_client_context:t(), + Opts :: retrieve_opts(). +retrieve(AuthCode, ClientContext, Opts) -> + #oidcc_client_context{provider_configuration = Configuration, + client_id = ClientId} = ClientContext, + #oidcc_provider_configuration{issuer = Issuer, grant_types_supported = GrantTypesSupported} = Configuration, + + case lists:member(<<"authorization_code">>, GrantTypesSupported) of + true -> + + Pkce = maps:get(pkce, Opts, undefined), + QsBody = + [{<<"grant_type">>, <<"authorization_code">>}, + {<<"code">>, AuthCode}, + {<<"redirect_uri">>, maps:get(redirect_uri, Opts)}], + + TelemetryOpts = #{topic => [oidcc, request_token], + extra_meta => #{issuer => Issuer, client_id => ClientId}}, + + maybe + {ok, Token} ?= retrieve_a_token(QsBody, Pkce, ClientContext, Opts, TelemetryOpts, true), + extract_response(Token, ClientContext, Opts) + end; + false -> + {error, {grant_type_not_supported, authorization_code}} end. -verify_access_token_map_hash(AccessTokenMap, IdTokenMap) -> - try int_verify_access_token_hash(AccessTokenMap, IdTokenMap) of - Result -> - Result - catch - _:_ -> - maps:put(hash, internal_error, AccessTokenMap) +%% @doc Refresh Token +%% +%% For a high level interface using {@link oidcc_provider_configuration_worker} +%% see {@link oidcc:refresh_token/5}. +%% +%%

Examples

+%% +%% ``` +%% {ok, ClientContext} = +%% oidcc_client_context:from_configuration_worker(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>), +%% +%% %% Get AuthCode from Redirect +%% +%% {ok, Token} = +%% oidcc_token:retrieve(AuthCode, ClientContext, #{ +%% redirect_uri => <<"https://example.com/callback">>}). +%% +%% %% Later +%% +%% {ok, #oidcc_token{}} = +%% oidcc_token:refresh(Token, +%% ClientContext, +%% #{expected_subject => <<"sub_from_initial_id_token>>}). +%% ''' +%% @end +-spec refresh + (RefreshToken, ClientContext, Opts) -> + {ok, t()} | {error, error()} + when + RefreshToken :: binary(), + ClientContext :: oidcc_client_context:t(), + Opts :: refresh_opts(); + (Token, ClientContext, Opts) -> + {ok, t()} | {error, error()} + when + Token :: oidcc_token:t(), + ClientContext :: oidcc_client_context:t(), + Opts :: refresh_opts_no_sub(). +refresh(#oidcc_token{refresh = #oidcc_token_refresh{token = RefreshToken}, id = #oidcc_token_id{claims = #{<<"sub">> := ExpectedSubject}}}, ClientContext, Opts) -> + refresh(RefreshToken, ClientContext, maps:put(expected_subject, ExpectedSubject, Opts)); +refresh(RefreshToken, ClientContext, Opts) -> + #oidcc_client_context{provider_configuration = Configuration, + client_id = ClientId} = ClientContext, + #oidcc_provider_configuration{issuer = Issuer, grant_types_supported = GrantTypesSupported} = Configuration, + + case lists:member(<<"refresh_token">>, GrantTypesSupported) of + true -> + ExpectedSub = maps:get(expected_subject, Opts), + Scope = maps:get(scope, Opts, []), + QueryString = + [{<<"refresh_token">>, RefreshToken}, {<<"grant_type">>, <<"refresh_token">>}], + QueryString1 = oidcc_scope:query_append_scope(Scope, QueryString), + + TelemetryOpts = #{topic => [oidcc, refresh_token], + extra_meta => #{issuer => Issuer, client_id => ClientId}}, + + maybe + {ok, Token} ?= retrieve_a_token(QueryString1, undefined, ClientContext, Opts, TelemetryOpts, true), + {ok, TokenRecord} ?= + extract_response(Token, ClientContext, maps:put(nonce, any, Opts)), + case TokenRecord of + #oidcc_token{id = #oidcc_token_id{claims = #{<<"sub">> := ExpectedSub}}} -> + {ok, TokenRecord}; + #oidcc_token{} -> + {error, sub_invalid} + end + end; + false -> + {error, {grant_type_not_supported, refresh_token}} end. -int_verify_access_token_hash(#{token := AccessToken} = Map, #{claims := Claims}) -> - <> = crypto:hash(sha256, AccessToken), - Hash = base64url:encode(BinHash), - Result = - case maps:get(at_hash, Claims, undefined) of - undefined -> - no_hash; - Hash -> - verified; - _OtherHash -> - bad_hash - end, - maps:put(hash, Result, Map). - -validate_id_token_map(#{token := IdToken} = IdTokenMap, - OpenIdProviderId, - Nonce, - AllowNone) -> - case validate_id_token(IdToken, OpenIdProviderId, Nonce, AllowNone) of - {ok, Claims} -> - {ok, maps:put(claims, Claims, IdTokenMap)}; - Other -> - Other +%% @doc Retrieve JSON Web Token (JWT) Profile Token +%% +%% See [https://datatracker.ietf.org/doc/html/rfc7523#section-4] +%% +%% For a high level interface using {@link oidcc_provider_configuration_worker} +%% see {@link oidcc:jwt_profile_token/6}. +%% +%%

Examples

+%% +%% ``` +%% {ok, ClientContext} = +%% oidcc_client_context:from_configuration_worker(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>), +%% +%% {ok, KeyJson} = file:read_file("jwt-profile.json"), +%% KeyMap = jose:decode(KeyJson), +%% Key = jose_jwk:from_pem(maps:get(<<"key">>, KeyMap)), +%% +%% {ok, #oidcc_token{}} = +%% oidcc_token:jwt_profile(<<"subject">>, +%% ClientContext, +%% Key, +%% #{scope => [<<"scope">>], +%% kid => maps:get(<<"keyId">>, KeyMap)}). +%% ''' +%% @end +-spec jwt_profile(Subject, ClientContext, Jwk, Opts) -> {ok, t()} | {error, error()} when + Subject :: binary(), + ClientContext :: oidcc_client_context:t(), + Jwk :: jose_jwk:key(), + Opts :: jwt_profile_opts(). +jwt_profile(Subject, ClientContext, Jwk, Opts) -> + #oidcc_client_context{provider_configuration = Configuration, client_id = ClientId} = ClientContext, + #oidcc_provider_configuration{issuer = Issuer, grant_types_supported = GrantTypesSupported} = Configuration, + + case lists:member(<<"urn:ietf:params:oauth:grant-type:jwt-bearer">>, GrantTypesSupported) of + true -> + Iat = os:system_time(seconds), + Exp = Iat + 60, + + AssertionClaims = #{ + <<"iss">> => Subject, + <<"sub">> => Subject, + <<"aud">> => [Issuer], + <<"exp">> => Exp, + <<"iat">> => Iat, + <<"nbf">> => Iat + }, + AssertionJwt = jose_jwt:from(AssertionClaims), + + AssertionJws0 = #{ + <<"alg">> => <<"RS256">>, + <<"typ">> => <<"JWT">> + }, + AssertionJws = case maps:get(kid, Opts, none) of + none -> AssertionJws0; + Kid -> maps:put(<<"kid">>, Kid, AssertionJws0) + end, + + {_Jws, Assertion} = jose_jws:compact(jose_jwt:sign(Jwk, AssertionJws, AssertionJwt)), + + Scope = maps:get(scope, Opts, []), + QueryString = + [{<<"assertion">>, Assertion}, {<<"grant_type">>, <<"urn:ietf:params:oauth:grant-type:jwt-bearer">>}], + QueryString1 = oidcc_scope:query_append_scope(Scope, QueryString), + + TelemetryOpts = #{topic => [oidcc, refresh_token], + extra_meta => #{issuer => Issuer, client_id => ClientId}}, + + maybe + {ok, Token} ?= retrieve_a_token(QueryString1, undefined, ClientContext, Opts, TelemetryOpts, false), + {ok, TokenRecord} ?= extract_response(Token, ClientContext, maps:put(nonce, any, Opts)), + case TokenRecord of + #oidcc_token{id = none} -> + {ok, TokenRecord}; + #oidcc_token{id = #oidcc_token_id{claims = #{<<"sub">> := Subject}}} -> + {ok, TokenRecord}; + #oidcc_token{} -> + {error, sub_invalid} + end + end; + + false -> + {error, {grant_type_not_supported, jwt_bearer}} end. -validate_id_token(IdToken, OpenIdProviderId, Nonce) -> - validate_id_token(IdToken, OpenIdProviderId, Nonce, false). +%% @doc Retrieve Client Credential Token +%% +%% See [https://datatracker.ietf.org/doc/html/rfc6749#section-1.3.4] +%% +%% For a high level interface using {@link oidcc_provider_configuration_worker} +%% see {@link oidcc:client_credentials_token/4}. +%% +%%

Examples

+%% +%% ``` +%% {ok, ClientContext} = +%% oidcc_client_context:from_configuration_worker(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>), +%% +%% {ok, #oidcc_token{}} = +%% oidcc_token:client_credentials(ClientContext, +%% #{scope => [<<"scope">>]}). +%% ''' +%% @end +-spec client_credentials(ClientContext, Opts) -> {ok, t()} | {error, error()} when + ClientContext :: oidcc_client_context:t(), + Opts :: client_credentials_opts(). +client_credentials(ClientContext, Opts) -> + #oidcc_client_context{provider_configuration = Configuration, + client_id = ClientId} = ClientContext, + #oidcc_provider_configuration{issuer = Issuer, grant_types_supported = GrantTypesSupported} = Configuration, + + case lists:member(<<"client_credentials">>, GrantTypesSupported) of + true -> + Scope = maps:get(scope, Opts, []), + QueryString = [{<<"grant_type">>, <<"client_credentials">>}], + QueryString1 = oidcc_scope:query_append_scope(Scope, QueryString), -validate_id_token(IdToken, OpenIdProviderId, Nonce, AllowNone) -> - try int_validate_id_token(IdToken, OpenIdProviderId, Nonce, AllowNone) of - Claims -> - {ok, Claims} - catch - Exception -> - {error, Exception} + TelemetryOpts = #{topic => [oidcc, client_credentials], + extra_meta => #{issuer => Issuer, client_id => ClientId}}, + + maybe + {ok, Token} ?= retrieve_a_token(QueryString1, undefined, ClientContext, Opts, TelemetryOpts, true), + extract_response(Token, ClientContext, maps:put(nonce, any, Opts)) + end; + false -> + {error, {grant_type_not_supported, client_credentials}} end. -int_validate_id_token(IdToken, OpenIdProviderId, Nonce, AllowNone) - when is_binary(IdToken), byte_size(IdToken) > 5 -> - {ok, OpInfo} = oidcc:get_openid_provider_info(OpenIdProviderId), - #{issuer := Issuer, - client_id := ClientId, - keys := PubKeys} = - OpInfo, - - % 1. If the ID Token is encrypted, decrypt it using the keys and algorithms - % that the Client specified during Registration that the OP was to use to - % encrypt the ID Token. If encryption was negotiated with the OP at - % Registration time and the ID Token is not encrypted, the RP SHOULD reject - % it. - % TODO: implement later if needed, not for now - % 2. The Issuer Identifier for the OpenID Provider (which is typically - % obtained during Discovery) MUST exactly match the value of the iss - % (issuer) Claim. - % 3. The Client MUST validate that the aud (audience) Claim contains its - % client_id value registered at the Issuer identified by the iss (issuer) - % Claim as an audience. The aud (audience) Claim MAY contain an array with - % more than one element. The ID Token MUST be rejected if the ID Token does - % not list the Client as a valid audience, or if it contains additional - % audiences not trusted by the Client. - % 11. If a nonce value was sent in the Authentication Request, a nonce Claim - % MUST be present and its value checked to verify that it is the same value - % as the one that was % sent in the Authentication Request. The Client - % SHOULD check the nonce value for replay attacks. The precise method for - % detecting replay attacks is Client specific. - %% NonceInToken = maps:get(nonce, Claims, undefined), - %% case Nonce of - %% NonceInToken -> ok; - %% any -> ok; - %% _ -> throw(wrong_nonce) - %% end, - ExpClaims0 = #{aud => ClientId, iss => Issuer}, - - ExpClaims = - case Nonce of - any -> - ExpClaims0; - Bin when is_binary(Bin) -> - maps:put(nonce, Nonce, ExpClaims0) - end, +-spec extract_response(TokenResponseBody, ClientContext, Opts) -> + {ok, t()} | {error, error()} +when + TokenResponseBody :: map(), + ClientContext :: oidcc_client_context:t(), + Opts :: retrieve_opts(). +extract_response(TokenResponseBody, ClientContext, Opts) -> + RefreshJwksFun = maps:get(refresh_jwks, Opts, undefined), + maybe + {ok, Token} ?= int_extract_response(TokenResponseBody, ClientContext, Opts), + {ok, Token} + else + {error, {no_matching_key_with_kid, Kid}} when RefreshJwksFun =/= undefined -> + #oidcc_client_context{jwks = OldJwks} = ClientContext, + maybe + {ok, RefreshedJwks} ?= RefreshJwksFun(OldJwks, Kid), + RefreshedClientContext = ClientContext#oidcc_client_context{jwks = RefreshedJwks}, + int_extract_response(TokenResponseBody, RefreshedClientContext, Opts) + end; + {error, Reason} -> + {error, Reason} + end. - % 6. If the ID Token is received via direct communication between the Client - % and the Token Endpoint (which it is in this flow), the TLS server - % validation MAY be used to validate the issuer in place of checking the - % token signature. The Client MUST validate the signature of all other ID - % Tokens according to JWS [JWS] using the algorithm specified in the JWT alg - % Header Parameter. The Client MUST use the keys provided by the Issuer. - % - % 7. The alg value SHOULD be the default of RS256 or the algorithm sent by - % the Client in the id_token_signed_response_alg parameter during - % Registration. - SupportedAlgorithms = supported_algos(OpenIdProviderId), - AcceptedAlgorithms = - case AllowNone and application:get_env(oidcc, support_none_algorithm, true) of - true -> - [none | SupportedAlgorithms]; +-spec int_extract_response(TokenMap, ClientContext, Opts) -> + {ok, t()} | {error, error()} +when + TokenMap :: map(), + ClientContext :: oidcc_client_context:t(), + Opts :: retrieve_opts(). +int_extract_response(TokenMap, ClientContext, Opts) -> + Nonce = maps:get(nonce, Opts, any), + Scopes = maps:get(scope, Opts, []), + IdToken = maps:get(<<"id_token">>, TokenMap, none), + AccessToken = maps:get(<<"access_token">>, TokenMap, none), + AccessExpire = maps:get(<<"expires_in">>, TokenMap, undefined), + RefreshToken = maps:get(<<"refresh_token">>, TokenMap, none), + Scope = maps:get(<<"scope">>, TokenMap, oidcc_scope:scopes_to_bin(Scopes)), + AccessTokenRecord = case AccessToken of + none -> none; + _ -> #oidcc_token_access{token = AccessToken, expires = AccessExpire} + end, + RefreshTokenRecord = + case RefreshToken of + none -> + none; _ -> - SupportedAlgorithms + #oidcc_token_refresh{token = RefreshToken} end, + case IdToken of + none -> + {ok, #oidcc_token{id = none, + access = AccessTokenRecord, + refresh = RefreshTokenRecord, + scope = oidcc_scope:parse(Scope)}}; + _ -> + RescueNone = case validate_id_token(IdToken, ClientContext, Nonce) of + {ok, OkClaims} -> + {ok, {OkClaims, false}}; + {error, {none_alg_used, NoneClaims}} -> + {ok, {NoneClaims, true}}; + {error, Reason} -> + {error, Reason} + end, - % 8. If the JWT alg Header Parameter uses a MAC based algorithm such as - % HS256, HS384, or HS512, the octets of the UTF-8 representation of the - % client_secret corresponding to the client_id contained in the aud - % (audience) Claim are used as the key to validate the signature. For MAC - % based algorithms, the behavior is unspecified if the aud is multi-valued - % or if an azp value is present that is different than the aud value. - ExtraKeys = - case lists:member(hs256, AcceptedAlgorithms) - or lists:member(hs384, AcceptedAlgorithms) - or lists:member(hs512, AcceptedAlgorithms) - of - true -> - [build_mac_key(OpenIdProviderId)]; - false -> - [] - end, + maybe + {ok, {Claims, NoneUsed}} ?= RescueNone, + IdTokenRecord = #oidcc_token_id{token = IdToken, claims = Claims}, + TokenRecord = #oidcc_token{id = IdTokenRecord, + access = AccessTokenRecord, + refresh = RefreshTokenRecord, + scope = oidcc_scope:parse(Scope)}, + ok ?= verify_access_token_map_hash(TokenRecord), + %% If none alg was used, continue with checks to allow the user to decide + %% if he wants to use the result + case NoneUsed of + true -> + {error, {none_alg_used, TokenRecord}}; + false -> + {ok, TokenRecord} + end + end + end. - % 10. The iat Claim can be used to reject tokens that were issued too far - % away from the current time, limiting the amount of time that nonces need - % to be stored to prevent attacks. The acceptable range is Client specific. - % TODO: maybe in the future, not for now - % 9. The current time MUST be before the time represented by the exp Claim. - Claims = - case verify_jwt(IdToken, - AcceptedAlgorithms, - ExpClaims, - PubKeys ++ ExtraKeys, - ExtraKeys, - OpenIdProviderId) - of - #{claims := C} -> - C; - invalid -> - throw(invalid_signature); - Error -> - throw(Error) - end, +-spec verify_access_token_map_hash(TokenRecord :: t()) -> + ok | {error, error()}. +verify_access_token_map_hash(#oidcc_token{ + id = + #oidcc_token_id{ + claims = + #{<<"at_hash">> := ExpectedHash} + }, + access = #oidcc_token_access{token = AccessToken} +}) -> + <> = crypto:hash(sha256, AccessToken), + case base64:encode(BinHash, #{mode => urlsafe, padding => false}) of + ExpectedHash -> + ok; + _Other -> + {error, bad_access_token_hash} + end; +verify_access_token_map_hash(#oidcc_token{}) -> + ok. - case list_missing_required_claims(Claims) of +%% @doc Validate ID Token +%% +%% Usually the id token is validated using {@link retrieve/3}. +%% If you gget the token passed from somewhere else, this function can validate it. +%% +%%

Examples

+%% +%% ``` +%% {ok, ClientContext} = +%% oidcc_client_context:from_configuration_worker(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>), +%% +%% %% Get IdToken from somewhere +%% +%% {ok, Claims} = +%% oidcc:validate_id_token(IdToken, ClientContext, ExpectedNonce). +%% ''' +%% @end +-spec validate_id_token(IdToken, ClientContext, Nonce) -> + {ok, Claims} | {error, error()} +when + IdToken :: binary(), + ClientContext :: oidcc_client_context:t(), + Nonce :: binary() | any, + Claims :: oidcc_jwt_util:claims(). +validate_id_token(IdToken, ClientContext, Nonce) -> + #oidcc_client_context{provider_configuration = Configuration, + jwks = #jose_jwk{} = Jwks, + client_id = ClientId, + client_secret = ClientSecret} = + ClientContext, + #oidcc_provider_configuration{id_token_signing_alg_values_supported = AllowAlgorithms, + issuer = Issuer} = + Configuration, + maybe + ExpClaims0 = [{<<"aud">>, ClientId}, {<<"iss">>, Issuer}], + ExpClaims = + case Nonce of + any -> + ExpClaims0; + Bin when is_binary(Bin) -> + [{<<"nonce">>, Nonce} | ExpClaims0] + end, + JwksInclOct = + case oidcc_jwt_util:client_secret_oct_keys(AllowAlgorithms, ClientSecret) of + none -> + Jwks; + OctJwk -> + jose_jwk:merge(OctJwk, Jwks) + end, + {ok, {#jose_jwt{fields = Claims}, Jws}} ?= + oidcc_jwt_util:verify_signature(IdToken, AllowAlgorithms, JwksInclOct), + ok ?= oidcc_jwt_util:verify_claims(Claims, ExpClaims), + ok ?= verify_missing_required_claims(Claims), + case Jws of + #jose_jws{alg = {jose_jws_alg_none, none}} -> + {error, {none_alg_used, Claims}}; + #jose_jws{} -> + {ok, Claims} + end + end. + +-spec verify_missing_required_claims(Claims) -> ok | {error, error()} when + Claims :: oidcc_jwt_util:claims(). +verify_missing_required_claims(Claims) -> + Required = [<<"iss">>, <<"sub">>, <<"aud">>, <<"exp">>, <<"iat">>], + CheckKeys = fun(Key, _Val, Acc) -> lists:delete(Key, Acc) end, + case maps:fold(CheckKeys, Required, Claims) of [] -> ok; - Missing -> - throw({required_fields_missing, Missing}) - end, + [MissingClaim | _Rest] -> + {error, {missing_claim, MissingClaim, Claims}} + end. - % 4. If the ID Token contains multiple audiences, the Client SHOULD verify - % that an azp Claim is present. - % 5. If an azp (authorized party) Claim is present, the Client SHOULD - % verify that its client_id is the Claim Value. - #{aud := Audience} = Claims, - case {has_other_audience(ClientId, Audience), maps:get(azp, Claims, undefined)} of - {false, _} -> - ok; - {true, ClientId} -> - ok; - {true, Azp} when is_binary(Azp) -> - throw(azp_bad); - {true, undefined} -> - throw(azp_missing) +-spec retrieve_a_token(QsBodyIn, Pkce, ClientContext, Opts, TelemetryOpts, AuthenticateClient) -> + {ok, map()} | {error, error()} +when + QsBodyIn :: oidcc_http_util:query_params(), + Pkce :: pkce() | undefined, + ClientContext :: oidcc_client_context:t(), + Opts :: retrieve_opts() | refresh_opts(), + TelemetryOpts :: oidcc_http_util:telemetry_opts(), + AuthenticateClient :: boolean(). +retrieve_a_token(QsBodyIn, Pkce, ClientContext, Opts, TelemetryOpts, AuthenticateClient) -> + #oidcc_client_context{provider_configuration = Configuration, + client_id = ClientId, + client_secret = Secret} = + ClientContext, + #oidcc_provider_configuration{token_endpoint = TokenEndpoint, + token_endpoint_auth_methods_supported = SupportedAuthMethods} = + Configuration, + + AuthMethod = select_preferred_auth(SupportedAuthMethods), + Header0 = [{"accept", "application/jwt, application/json"}], + {Body, Header} = case AuthenticateClient of + true -> add_authentication_code_verifier(QsBodyIn, Header0, AuthMethod, ClientId, Secret, Pkce); + false -> {QsBodyIn, Header0} end, - % 12. If the acr Claim was requested, the Client SHOULD check that the - % asserted Claim Value is appropriate. The meaning and processing of acr - % Claim Values is out of scope for this specification. If the acr Claim was - % requested, the Client SHOULD check that the asserted Claim Value is - % appropriate. The meaning and processing of acr Claim Values is out of - % scope for this specification. - % TODO: check what for - % 13. If the auth_time Claim was requested, either through a specific - % request for this Claim or by using the max_age parameter, the Client - % SHOULD check the auth_time Claim value and request re-authentication if it - % determines too much time has elapsed since the last End-User - % authentication. - % TODO: maybe later, not for now - % delete the nonce before handing it out, only needs space as it has been - % checked by now - maps:remove(nonce, Claims); -int_validate_id_token(_IdToken, _OpenIdProviderId, _Nonce, _AllowNone) -> - throw(no_id_token). - -list_missing_required_claims(Jwt) -> - Required = [iss, sub, aud, exp, iat, nonce], - CheckKeys = fun(Key, _Val, List) -> lists:delete(Key, List) end, - maps:fold(CheckKeys, Required, Jwt). - -has_other_audience(ClientId, Audience) when is_binary(Audience) -> - Audience /= ClientId; -has_other_audience(ClientId, Audience) when is_list(Audience) -> - length(lists:delete(ClientId, Audience)) >= 1. - -verify_jwt(IdToken, AllowedAlgos, ExpClaims, Pubkeys, ExtraKeys, ProviderId) -> - case {erljwt:validate(IdToken, AllowedAlgos, ExpClaims, Pubkeys), ProviderId} of - {{error, _}, undefined} -> - invalid; - {{error, Reason}, ProviderId} when Reason == invalid; Reason == no_key_found -> - %% it might be the case that our keys expired ... - %% so refetch them - NewPubKeys = refetch_keys(ProviderId), - verify_jwt(IdToken, - AllowedAlgos, - ExpClaims, - NewPubKeys ++ ExtraKeys, - ExtraKeys, - undefined); - {{ok, Jwt}, _Provider} when is_map(Jwt) -> - Jwt; - {{error, Error}, _} -> - Error + Request = + {TokenEndpoint, + Header, + "application/x-www-form-urlencoded", + uri_string:compose_query(Body)}, + + RequestOpts = maps:get(request_opts, Opts, #{}), + + maybe + {ok, {{json, TokenResponse}, _Headers}} ?= oidcc_http_util:request(post, Request, TelemetryOpts, RequestOpts), + {ok, TokenResponse} end. -supported_algos(ProviderId) -> - {ok, Config} = oidcc:get_openid_provider_info(ProviderId), - #{<<"id_token_signing_alg_values_supported">> := Algos} = Config, - lists:map(fun(A) -> erljwt_sig:algo_to_atom(A) end, Algos). - -build_mac_key(ProviderId) -> - {ok, Config} = oidcc:get_openid_provider_info(ProviderId), - #{client_secret := ClientSecret} = Config, - #{kty => <<"oct">>, - k => ClientSecret, - use => <<"sig">>}. - -refetch_keys(ProviderId) -> - {ok, Pid} = oidcc_openid_provider_mgr:get_openid_provider(ProviderId), - {ok, Keys} = oidcc_openid_provider:update_and_get_keys(Pid), - Keys. +-spec select_preferred_auth(AuthMethodsSupported :: [binary(), ...]) -> + post | basic | undefined. +select_preferred_auth(AuthMethodsSupported) -> + Selector = + fun(Method, Current) -> + case {Method, Current} of + {_, post} -> + post; + {<<"client_secret_basic">>, _} -> + basic; + {<<"client_secret_post">>, _} -> + post; + {_, Current} -> + Current + end + end, + lists:foldl(Selector, undefined, AuthMethodsSupported). + +-spec add_authentication_code_verifier( + QueryList, + Header, + AuthMethod, + ClientId, + ClientSecret, + Pkce +) -> + {oidcc_http_util:query_params(), [oidcc_http_util:http_header()]} +when + QueryList :: oidcc_http_util:query_params(), + Header :: [oidcc_http_util:http_header()], + AuthMethod :: basic | post | undefined, + ClientId :: binary(), + ClientSecret :: binary(), + Pkce :: pkce() | undefined. +add_authentication_code_verifier( + QsBodyList, + Header, + basic, + ClientId, + Secret, + undefined +) -> + NewHeader = [oidcc_http_util:basic_auth_header(ClientId, Secret) | Header], + {QsBodyList, NewHeader}; +add_authentication_code_verifier( + QsBodyList, + Header, + post, + ClientId, + ClientSecret, + undefined +) -> + NewBodyList = + [{<<"client_id">>, ClientId}, {<<"client_secret">>, ClientSecret} | QsBodyList], + {NewBodyList, Header}; +add_authentication_code_verifier(B, H, undefined, CI, CS, undefined) -> + add_authentication_code_verifier(B, H, basic, CI, CS, undefined); +add_authentication_code_verifier(BodyQs, Header, AuthMethod, CI, CS, #{verifier := CV}) -> + BodyQs1 = [{<<"code_verifier">>, CV} | BodyQs], + add_authentication_code_verifier(BodyQs1, Header, AuthMethod, CI, CS, undefined). diff --git a/src/oidcc_token_introspection.erl b/src/oidcc_token_introspection.erl new file mode 100644 index 0000000..e8fdfcb --- /dev/null +++ b/src/oidcc_token_introspection.erl @@ -0,0 +1,129 @@ +%%%------------------------------------------------------------------- +%% @doc OAuth Token Introspection +%% +%% See [https://datatracker.ietf.org/doc/html/rfc7662] +%% +%% To use the records, import the definition: +%% +%% ``` +%% -include_lib(["oidcc/include/oidcc_token_introspection.hrl"]). +%% ''' +%% @end +%%%------------------------------------------------------------------- +-module(oidcc_token_introspection). + +-feature(maybe_expr, enable). + +-include("oidcc_client_context.hrl"). +-include("oidcc_provider_configuration.hrl"). +-include("oidcc_token.hrl"). +-include("oidcc_token_introspection.hrl"). + +-export([introspect/3]). + +-export_type([error/0]). +-export_type([opts/0]). +-export_type([t/0]). + +-type t() :: #oidcc_token_introspection{ + active :: boolean(), + client_id :: binary(), + exp :: pos_integer(), + scope :: oidcc_scope:scopes(), + username :: binary() +}. +%% Introspection Result +%% +%% See [https://datatracker.ietf.org/doc/html/rfc7662#section-2.2] + +-type opts() :: #{request_opts => oidcc_http_util:request_opts()}. + +-type error() :: client_id_mismatch | introspection_not_supported | oidcc_http_util:error(). + +%% @doc +%% Introspect the given access token +%% +%% For a high level interface using {@link oidcc_provider_configuration_worker} +%% see {@link oidcc:introspect_token/5}. +%% +%%

Examples

+%% +%% ``` +%% {ok, ClientContext} = +%% oidcc_client_context:from_configuration_worker(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>), +%% +%% %% Get AccessToken +%% +%% {ok, #oidcc_token_introspection{active = True}} = +%% oidcc_token_introspection:introspect(AccessToken, ClientContext, #{}). +%% ''' +%% @end +-spec introspect(Token, ClientContext, Opts) -> + {ok, t()} + | {error, error()} +when + Token :: oidcc_token:t() | binary(), + ClientContext :: oidcc_client_context:t(), + Opts :: opts(). +introspect(#oidcc_token{access = #oidcc_token_access{token = AccessToken}}, + ClientContext, + Opts) -> + introspect(AccessToken, ClientContext, Opts); +introspect(AccessToken, ClientContext, Opts) -> + #oidcc_client_context{provider_configuration = Configuration, + client_id = ClientId, + client_secret = ClientSecret} = + ClientContext, + #oidcc_provider_configuration{introspection_endpoint = Endpoint, + issuer = Issuer} = Configuration, + + case Endpoint of + undefined -> + {error, introspection_not_supported}; + _ -> + Header = + [{"accept", "application/json"}, + oidcc_http_util:basic_auth_header(ClientId, ClientSecret)], + Body = [{<<"token">>, AccessToken}], + Request = + {Endpoint, Header, "application/x-www-form-urlencoded", uri_string:compose_query(Body)}, + RequestOpts = maps:get(request_opts, Opts, #{}), + TelemetryOpts = #{topic => [oidcc, introspect_token], + extra_meta => #{issuer => Issuer, client_id => ClientId}}, + + maybe + {ok, {{json, Token}, _Headers}} ?= oidcc_http_util:request(post, Request, TelemetryOpts, RequestOpts), + extract_response(Token, ClientContext) + end + end. + +-spec extract_response(TokenMap, ClientContext) -> + {ok, t()} | {error, error()} +when + TokenMap :: map(), + ClientContext :: oidcc_client_context:t(). +extract_response(TokenMap, #oidcc_client_context{client_id = ClientId}) -> + Active = + case maps:get(<<"active">>, TokenMap, undefined) of + true -> + true; + _ -> + false + end, + Scope = maps:get(<<"scope">>, TokenMap, <<"">>), + Username = maps:get(<<"username">>, TokenMap, undefined), + Exp = maps:get(<<"exp">>, TokenMap, undefined), + case maps:get(<<"client_id">>, TokenMap, undefined) of + ClientId -> + {ok, #oidcc_token_introspection{ + active = Active, + scope = oidcc_scope:parse(Scope), + client_id = ClientId, + username = Username, + exp = Exp + }}; + _ -> + {error, client_id_mismatch} + end. diff --git a/src/oidcc_userinfo.erl b/src/oidcc_userinfo.erl new file mode 100644 index 0000000..5bcb3d9 --- /dev/null +++ b/src/oidcc_userinfo.erl @@ -0,0 +1,267 @@ +%%%------------------------------------------------------------------- +%% @doc OpenID Connect Userinfo +%% +%% See [https://openid.net/specs/openid-connect-core-1_0.html#UserInfo] +%% @end +%%%------------------------------------------------------------------- +-module(oidcc_userinfo). + +-feature(maybe_expr, enable). + +-include("oidcc_client_context.hrl"). +-include("oidcc_provider_configuration.hrl"). +-include("oidcc_token.hrl"). + +-include_lib("jose/include/jose_jwk.hrl"). +-include_lib("jose/include/jose_jwt.hrl"). + +-export([retrieve/3]). + +-export_type([error/0]). +-export_type([retrieve_opts/0]). +-export_type([retrieve_opts_no_sub/0]). + +-type retrieve_opts_no_sub() :: + #{refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun()}. +%% See {@link retrieve_opts()} + +-type retrieve_opts() :: + #{ + refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), + expected_subject := binary() + }. +%% Configure userinfo request +%% +%% See [https://openid.net/specs/openid-connect-core-1_0.html#UserInfoRequest] +%% +%%

Parameters

+%% +%%
    +%%
  • `refresh_jwks' - How to handle tokens with an unknown `kid'. +%% See {@link oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun()}
  • +%%
  • `expected_subject' - expected subject for the userinfo +%% (`sub' from id token)
  • +%%
+ +-type error() :: + {distributed_claim_not_found, {ClaimSource :: binary(), ClaimName :: binary()}} + | invalid_content_type + | bad_subject + | oidcc_jwt_util:error() + | oidcc_http_util:error(). + +%% @doc +%% Load userinfo for the given token +%% +%% For a high level interface using {@link oidcc_provider_configuration_worker} +%% see {@link oidcc:retrieve_userinfo/5}. +%% +%%

Examples

+%% +%% ``` +%% {ok, ClientContext} = +%% oidcc_client_context:from_configuration_worker(provider_name, +%% <<"client_id">>, +%% <<"client_secret">>), +%% +%% %% Get Token +%% +%% {ok, #{<<"sub">> => Sub}} = +%% oidcc_userinfo:retrieve(Token, ClientContext, #{}). +%% ''' +%% @end +-spec retrieve + (Token, ClientContext, Opts) -> {ok, oidcc_jwt_util:claims()} | {error, error()} when + Token :: oidcc_token:t(), + ClientContext :: oidcc_client_context:t(), + Opts :: retrieve_opts_no_sub(); + (Token, ClientContext, Opts) -> {ok, oidcc_jwt_util:claims()} | {error, error()} when + Token :: binary(), + ClientContext :: oidcc_client_context:t(), + Opts :: retrieve_opts(). +retrieve(#oidcc_token{} = Token, ClientContext, Opts) -> + #oidcc_token{access = AccessTokenRecord, id = IdTokenRecord} = Token, + #oidcc_token_access{token = AccessToken} = AccessTokenRecord, + #oidcc_token_id{claims = #{<<"sub">> := ExpectedSubject}} = IdTokenRecord, + retrieve(AccessToken, + ClientContext, + maps:put(expected_subject, ExpectedSubject, Opts)); +retrieve(AccessToken, ClientContext, Opts) when is_binary(AccessToken) -> + #oidcc_client_context{provider_configuration = Configuration, + client_id = ClientId} = ClientContext, + #oidcc_provider_configuration{userinfo_endpoint = Endpoint, + issuer = Issuer} = Configuration, + + Header = [oidcc_http_util:bearer_auth_header(AccessToken)], + + Request = {Endpoint, Header}, + RequestOpts = maps:get(request_opts, Opts, #{}), + TelemetryOpts = #{topic => [oidcc, userinfo], + extra_meta => #{issuer => Issuer, client_id => ClientId}}, + + maybe + {ok, {UserinfoResponse, _Headers}} ?= oidcc_http_util:request(get, Request, TelemetryOpts, RequestOpts), + {ok, Claims} ?= validate_userinfo_body(UserinfoResponse, ClientContext, Opts), + lookup_distributed_claims(Claims, ClientContext, Opts) + end. + +-spec validate_userinfo_body(Body, ClientContext, Opts) -> + {ok, Claims} | {error, error()} +when + Body :: {json, map()} | {jwt, binary()}, + ClientContext :: oidcc_client_context:t(), + Opts :: + #{ + refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), + expected_subject := binary() + }, + Claims :: oidcc_jwt_util:claims(). +validate_userinfo_body({json, Userinfo}, _ClientContext, Opts) -> + ExpectedSubject = maps:get(expected_subject, Opts), + + case Userinfo of + #{<<"sub">> := ExpectedSubject} = Map -> + {ok, Map}; + #{} -> + {error, bad_subject} + end; +validate_userinfo_body({jwt, UserinfoBody}, ClientContext, Opts) -> + #oidcc_client_context{provider_configuration = Configuration, client_id = ClientId} = + ClientContext, + #oidcc_provider_configuration{issuer = Issuer} = Configuration, + ExpectedSubject = maps:get(expected_subject, Opts), + validate_userinfo_token( + UserinfoBody, + ClientContext, + maps:put( + expected_claims, + [ + {<<"aud">>, ClientId}, + {<<"iss">>, Issuer}, + {<<"sub">>, ExpectedSubject} + ], + Opts + ) + ). + +-spec validate_userinfo_token(Token, ClientContext, Opts) -> + {ok, Claims} | {error, error()} +when + Token :: binary(), + ClientContext :: oidcc_client_context:t(), + Opts :: + #{ + refresh_jwks => oidcc_jwt_util:refresh_jwks_for_unknown_kid_fun(), + expected_subject := binary(), + expected_claims => [{binary(), term()}] + }, + Claims :: oidcc_jwt_util:claims(). +validate_userinfo_token(UserinfoToken, ClientContext, Opts) -> + RefreshJwksFun = maps:get(refresh_jwks, Opts, undefined), + ExpClaims = maps:get(expected_claims, Opts, []), + #oidcc_client_context{provider_configuration = Configuration, + jwks = #jose_jwk{} = Jwks, + client_id = ClientId, + client_secret = ClientSecret} = + ClientContext, + #oidcc_provider_configuration{userinfo_signing_alg_values_supported = AllowAlgorithms, + issuer = Issuer} = + Configuration, + maybe + JwksInclOct = + case oidcc_jwt_util:client_secret_oct_keys(AllowAlgorithms, ClientSecret) of + none -> + Jwks; + OctJwk -> + jose_jwk:merge(OctJwk, Jwks) + end, + {ok, {#jose_jwt{fields = Claims}, _Jws}} ?= + oidcc_jwt_util:verify_signature(UserinfoToken, AllowAlgorithms, JwksInclOct), + ok ?= oidcc_jwt_util:verify_claims(Claims, ExpClaims), + {ok, maps:remove(nonce, Claims)} + else + {error, {no_matching_key_with_kid, Kid}} when RefreshJwksFun =/= undefined -> + maybe + {ok, RefreshedJwks} ?= RefreshJwksFun(Jwks, Kid), + RefreshedClientContext = ClientContext#oidcc_client_context{jwks = RefreshedJwks}, + validate_userinfo_token(UserinfoToken, RefreshedClientContext, Opts) + end; + {error, Reason} -> + {error, Reason} + end. + +-spec lookup_distributed_claims(Claims, ClientContext, Opts) -> + {ok, Claims} | {error, error()} +when + Claims :: oidcc_jwt_util:claims(), + ClientContext :: oidcc_client_context:t(), + Opts :: retrieve_opts(). +lookup_distributed_claims(#{<<"_claim_names">> := ClaimNames, + <<"_claim_sources">> := ClaimSources} = + Claims, + ClientContext, + Opts) -> + maybe + {ok, DistributedClaims} ?= + lookup_distributed_claim(maps:to_list(ClaimSources), Opts, []), + {ok, ValidatedClaims} ?= + validate_distributed_claim(DistributedClaims, ClientContext, Opts, #{}), + combine_claim(maps:to_list(ClaimNames), ValidatedClaims, Claims) + end; +lookup_distributed_claims(Claims, _ClientContext, _Opts) -> + {ok, Claims}. + +-spec lookup_distributed_claim(Claims, Opts, Acc) -> {ok, Acc} | {error, error()} when + Claims :: [{binary(), #{binary() := binary()}}], + Opts :: retrieve_opts(), + Acc :: [{binary(), binary()}]. +lookup_distributed_claim([], _Opts, Acc) -> + {ok, Acc}; +lookup_distributed_claim([{ClaimName, #{<<"JWT">> := Jwt}} | Rest], Opts, Acc) -> + lookup_distributed_claim(Rest, Opts, [{ClaimName, Jwt} | Acc]); +lookup_distributed_claim([{ClaimName, + #{<<"endpoint">> := Endpoint, <<"access_token">> := AccessToken}} + | Rest], + Opts, + Acc) -> + Request = + {Endpoint, + [oidcc_http_util:bearer_auth_header(AccessToken), {"accept", "application/jwt"}]}, + + TelemetryOpts = #{topic => [oidcc, userinfo_distributed_claim], extra_meta => #{endpoint => Endpoint}}, + RequestOpts = maps:get(request_opts, Opts, #{}), + + maybe + {ok, {{jwt, Jwt}, _}} ?= oidcc_http_util:request(get, Request, TelemetryOpts, RequestOpts), + lookup_distributed_claim(Rest, Opts, [{ClaimName, Jwt} | Acc]) + else + {error, Reason} -> + {error, Reason}; + {ok, {{_Format, _Body}, _Headers}} -> + {error, invalid_content_type} + end. + +-spec validate_distributed_claim(Claims, ClientContext, Opts, Acc) -> + {ok, Acc} | {error, error()} +when + Claims :: [{binary(), #{binary() := binary()}}], + Opts :: retrieve_opts(), + ClientContext :: oidcc_client_context:t(), + Acc :: #{binary() => #{binary() => term()}}. +validate_distributed_claim([], _ClientContext, _Opts, Acc) -> + {ok, Acc}; +validate_distributed_claim([{ClaimName, Token} | Rest], ClientContext, Opts, Acc) -> + maybe + {ok, Claims} ?= validate_userinfo_token(Token, ClientContext, Opts), + validate_distributed_claim(Rest, ClientContext, Opts, maps:put(ClaimName, Claims, Acc)) + end. + +combine_claim([], _DistributedClaims, Acc) -> + {ok, Acc}; +combine_claim([{ClaimName, ClaimSource} | Rest], DistributedClaims, Acc) -> + case DistributedClaims of + #{ClaimSource := #{ClaimName := ClaimValue}} -> + combine_claim(Rest, DistributedClaims, maps:put(ClaimName, ClaimValue, Acc)); + #{} -> + {error, {distributed_claim_not_found, {ClaimSource, ClaimName}}} + end. diff --git a/test/GeoTrust_Primary_CA.pem b/test/GeoTrust_Primary_CA.pem deleted file mode 100644 index 4137243..0000000 --- a/test/GeoTrust_Primary_CA.pem +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBY -MQswCQYDVQQGEwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMo -R2VvVHJ1c3QgUHJpbWFyeSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjEx -MjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgxCzAJBgNVBAYTAlVTMRYwFAYDVQQK -Ew1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQcmltYXJ5IENlcnRp -ZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC -AQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9 -AWbK7hWNb6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjA -ZIVcFU2Ix7e64HXprQU9nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE0 -7e9GceBrAqg1cmuXm2bgyxx5X9gaBGgeRwLmnWDiNpcB3841kt++Z8dtd1k7j53W -kBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGttm/81w7a4DSwDRp35+MI -mO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4G -A1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJ -KoZIhvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ1 -6CePbJC/kRYkRj5KTs4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl -4b7UVXGYNTq+k+qurUKykG/g/CFNNWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6K -oKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHaFloxt/m0cYASSJlyc1pZU8Fj -UjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG1riR/aYNKxoU -AT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk= ------END CERTIFICATE----- diff --git a/test/oidc_SUITE.erl b/test/oidc_SUITE.erl deleted file mode 100644 index 1b43d57..0000000 --- a/test/oidc_SUITE.erl +++ /dev/null @@ -1,115 +0,0 @@ --module(oidc_SUITE). - --include_lib("common_test/include/ct.hrl"). - --export([all/0, init_per_suite/1, end_per_suite/1, retrieve_google/1, retrieve_iam/1, - retrieve_hbp/1, retrieve_egi/1, retrieve_eudat/1, retrieve_zitadel/1]). - - %% groups/0, - %% group/1, - %% suite/0, - - %% init_per_group/2, - %% end_per_group/2, - %% init_per_testcase/2, - %% end_per_testcase/2, - -all() -> - [retrieve_google, - % Disabled since GitHub Actions can't open a connection - % retrieve_eudat, - retrieve_iam, - %% retrieve_hbp, - retrieve_egi, - retrieve_zitadel]. - -%% groups() -> -%% []. -%% -%% group(_) -> -%% []. -%% -%% suite() -> -%% []. - -init_per_suite(Conf) -> - {ok, _} = application:ensure_all_started(oidcc), - Conf. - -end_per_suite(Conf) -> - ok = application:stop(oidcc), - Conf. - -%% init_per_group(_Group, Conf) -> -%% Conf. -%% -%% end_per_group(_Group, Conf) -> -%% Conf. -%% -%% init_per_testcase(_TestCase, Conf) -> -%% Conf. -%% -%% end_per_testcase(_TestCase, Conf) -> -%% Conf. - -retrieve_google(_Conf) -> - ConfigEndpoint = <<"https://accounts.google.com/.well-known/openid-configuration">>, - retrieve_configuration(ConfigEndpoint). - -retrieve_iam(_Conf) -> - ConfigEndpoint = - <<"https://iam-test.indigo-datacloud.eu/.well-known/openid-configuration">>, - retrieve_configuration(ConfigEndpoint). - -retrieve_hbp(_Conf) -> - ConfigEndpoint = - <<"https://services.humanbrainproject.eu/oidc/.well-known/openid-configuration">>, - retrieve_configuration(ConfigEndpoint). - -retrieve_egi(_Conf) -> - ConfigEndpoint = <<"https://aai-dev.egi.eu/oidc/.well-known/openid-configuration">>, - retrieve_configuration(ConfigEndpoint). - -retrieve_eudat(_Conf) -> - ConfigEndpoint = - <<"https://b2access.eudat.eu:8443/oauth2/.well-known/openid-configuration">>, - retrieve_configuration(ConfigEndpoint). - -retrieve_zitadel(_Conf) -> - ConfigEndpoint = <<"https://issuer.zitadel.ch/.well-known/openid-configuration">>, - retrieve_configuration(ConfigEndpoint). - -retrieve_configuration(ConfigEndpoint) -> - LocalEndpoint = <<"http://localhost:8080/oidc">>, - Config = #{client_id => <<"some_id">>}, - {ok, _, Pid} = oidcc:add_openid_provider(ConfigEndpoint, LocalEndpoint, Config), - ok = wait_for_config(Pid), - ok = fetch_signing_keys(Pid), - ok. - -fetch_signing_keys(Pid) -> - {ok, Keys} = oidcc_openid_provider:update_and_get_keys(Pid), - {ok, Config} = oidcc:get_openid_provider_info(Pid), - #{keys := Keys, config_deadline := Deadline} = Config, - Now = erlang:system_time(seconds), - ct:log("all keys: ~p", [Keys]), - ct:log("config deadline in ~p seconds", [Deadline - Now]), - case Keys of - [] -> - {error, no_keys}; - _ -> - ok - end. - -wait_for_config(Pid) -> - Ready = oidcc_openid_provider:is_ready(Pid), - {ok, Error} = oidcc_openid_provider:get_error(Pid), - case {Ready, Error} of - {true, undefined} -> - ok; - {false, undefined} -> - timer:sleep(100), - wait_for_config(Pid); - _ -> - {error, Error} - end. diff --git a/test/oidcc/authorization_test.exs b/test/oidcc/authorization_test.exs new file mode 100644 index 0000000..b988ede --- /dev/null +++ b/test/oidcc/authorization_test.exs @@ -0,0 +1,29 @@ +defmodule Oidcc.AuthorizationTest do + use ExUnit.Case, async: true + + alias Oidcc.Authorization + + doctest Authorization + + describe inspect(&Authorization.create_redirect_url/2) do + test "works" do + pid = + start_supervised!( + {Oidcc.ProviderConfiguration.Worker, %{issuer: "https://accounts.google.com/"}} + ) + + {:ok, client_context} = + Oidcc.ClientContext.from_configuration_worker( + pid, + "client_id", + "client_secret" + ) + + assert {:ok, _redirect_uri} = + Authorization.create_redirect_url( + client_context, + %{redirect_uri: "https://my.server/return"} + ) + end + end +end diff --git a/test/oidcc/client_context_test.exs b/test/oidcc/client_context_test.exs new file mode 100644 index 0000000..a5d5327 --- /dev/null +++ b/test/oidcc/client_context_test.exs @@ -0,0 +1,56 @@ +defmodule Oidcc.ClientContextTest do + use ExUnit.Case, async: true + + alias Oidcc.ClientContext + + doctest ClientContext + + describe inspect(&ProviderConfiguration.from_configuration_worker/3) do + test "works" do + pid = + start_supervised!( + {Oidcc.ProviderConfiguration.Worker, + %{issuer: "https://accounts.google.com/", name: __MODULE__.GoogleProvider}} + ) + + assert {:ok, %Oidcc.ClientContext{}} = + Oidcc.ClientContext.from_configuration_worker( + __MODULE__.GoogleProvider, + "client_id", + "client_Secret" + ) + + assert {:ok, %Oidcc.ClientContext{}} = + Oidcc.ClientContext.from_configuration_worker( + pid, + "client_id", + "client_Secret" + ) + + assert {:error, :provider_not_ready} = + Oidcc.ClientContext.from_configuration_worker( + __MODULE__.InvalidProvider, + "client_id", + "client_Secret" + ) + end + end + + describe inspect(&ProviderConfiguration.from_manual/4) do + test "works" do + {:ok, {configuration, _expiry}} = + Oidcc.ProviderConfiguration.load_configuration("https://login.salesforce.com") + + {:ok, {jwks, _expiry}} = + Oidcc.ProviderConfiguration.load_jwks(configuration.jwks_uri) + + assert %Oidcc.ClientContext{} = + Oidcc.ClientContext.from_manual( + configuration, + jwks, + "client_id", + "client_Secret" + ) + end + end +end diff --git a/test/oidcc/provider_configuration/worker_test.exs b/test/oidcc/provider_configuration/worker_test.exs new file mode 100644 index 0000000..c3eb7b0 --- /dev/null +++ b/test/oidcc/provider_configuration/worker_test.exs @@ -0,0 +1,72 @@ +defmodule Oidcc.ProviderConfiguration.WorkerTest do + use ExUnit.Case, async: true + + alias Oidcc.ProviderConfiguration + alias Oidcc.ProviderConfiguration.Worker + + doctest Worker + + describe inspect(&Worker.start_link/1) do + test "works" do + start_supervised!( + {Worker, %{issuer: "https://accounts.google.com/", name: __MODULE__.GoogleProvider}} + ) + end + end + + describe inspect(&Worker.get_provider_configuration/1) do + test "works" do + pid = + start_supervised!( + {Worker, %{issuer: "https://accounts.google.com/", name: __MODULE__.GoogleProvider}} + ) + + assert %ProviderConfiguration{issuer: "https://accounts.google.com"} = + Worker.get_provider_configuration(pid) + end + end + + describe inspect(&Worker.get_jwks/1) do + test "works" do + start_supervised!( + {Worker, %{issuer: "https://accounts.google.com/", name: __MODULE__.GoogleProvider}} + ) + + assert %JOSE.JWK{} = + Worker.get_jwks(__MODULE__.GoogleProvider) + end + end + + describe inspect(&Worker.refresh_configuration/1) do + test "works" do + pid = + start_supervised!( + {Worker, %{issuer: "https://accounts.google.com/", name: __MODULE__.GoogleProvider}} + ) + + assert :ok = Worker.refresh_configuration(pid) + end + end + + describe inspect(&Worker.refresh_jwks/1) do + test "works" do + pid = + start_supervised!( + {Worker, %{issuer: "https://accounts.google.com/", name: __MODULE__.GoogleProvider}} + ) + + assert :ok = Worker.refresh_jwks(pid) + end + end + + describe inspect(&Worker.refresh_jwks_for_unknown_kid/2) do + test "works" do + pid = + start_supervised!( + {Worker, %{issuer: "https://accounts.google.com/", name: __MODULE__.GoogleProvider}} + ) + + assert :ok = Worker.refresh_jwks_for_unknown_kid(pid, "kid") + end + end +end diff --git a/test/oidcc/provider_configuration_test.exs b/test/oidcc/provider_configuration_test.exs new file mode 100644 index 0000000..7067c67 --- /dev/null +++ b/test/oidcc/provider_configuration_test.exs @@ -0,0 +1,32 @@ +defmodule Oidcc.ProviderConfigurationTest do + use ExUnit.Case, async: true + + alias Oidcc.ProviderConfiguration + + doctest ProviderConfiguration + + describe inspect(&ProviderConfiguration.load_configuration/2) do + test "works" do + assert {:ok, {%ProviderConfiguration{issuer: "https://accounts.google.com"}, _expiry}} = + ProviderConfiguration.load_configuration("https://accounts.google.com", %{}) + end + end + + describe inspect(&ProviderConfiguration.load_jwks/2) do + test "works" do + assert {:ok, {%JOSE.JWK{}, _expiry}} = + ProviderConfiguration.load_jwks("https://www.googleapis.com/oauth2/v3/certs", %{}) + end + end + + describe inspect(&ProviderConfiguration.decode_configuration/1) do + test "works" do + assert {:ok, %ProviderConfiguration{issuer: "https://my.provider"}} = + :oidcc + |> Application.app_dir("priv/test/fixtures/example-metadata.json") + |> File.read!() + |> JOSE.decode() + |> ProviderConfiguration.decode_configuration() + end + end +end diff --git a/test/oidcc/token/access_test.exs b/test/oidcc/token/access_test.exs new file mode 100644 index 0000000..0639a7b --- /dev/null +++ b/test/oidcc/token/access_test.exs @@ -0,0 +1,7 @@ +defmodule Oidcc.Token.AccessTest do + use ExUnit.Case, async: true + + alias Oidcc.Token.Access + + doctest Access +end diff --git a/test/oidcc/token/id_test.exs b/test/oidcc/token/id_test.exs new file mode 100644 index 0000000..e72d880 --- /dev/null +++ b/test/oidcc/token/id_test.exs @@ -0,0 +1,7 @@ +defmodule Oidcc.Token.IdTest do + use ExUnit.Case, async: true + + alias Oidcc.Token.Id + + doctest Id +end diff --git a/test/oidcc/token/refresh_test.exs b/test/oidcc/token/refresh_test.exs new file mode 100644 index 0000000..43d145b --- /dev/null +++ b/test/oidcc/token/refresh_test.exs @@ -0,0 +1,7 @@ +defmodule Oidcc.Token.RefreshTest do + use ExUnit.Case, async: true + + alias Oidcc.Token.Refresh + + doctest Refresh +end diff --git a/test/oidcc/token_introspection_test.exs b/test/oidcc/token_introspection_test.exs new file mode 100644 index 0000000..f4dd7a7 --- /dev/null +++ b/test/oidcc/token_introspection_test.exs @@ -0,0 +1,62 @@ +defmodule Oidcc.TokenIntrospectionTest do + use ExUnit.Case + + import Mock + + alias Oidcc.ClientContext + alias Oidcc.ProviderConfiguration + alias Oidcc.Token + alias Oidcc.TokenIntrospection + + doctest TokenIntrospection + + {:ok, example_metadata} = + :oidcc + |> Application.app_dir("priv/test/fixtures/example-metadata.json") + |> File.read!() + |> JOSE.decode() + |> ProviderConfiguration.decode_configuration() + + @example_metadata example_metadata + @example_jwks :oidcc + |> Application.app_dir("priv/test/fixtures/jwk.pem") + |> JOSE.JWK.from_pem_file() + + describe inspect(&TokenIntrospection.introspect/3) do + test_with_mock "works", %{}, :oidcc_http_util, [:passthrough], + request: fn :post, + {"https://my.provider/introspection", _headers, + ~c"application/x-www-form-urlencoded", "token=access_token"}, + _telemetry_opts, + _http_opts -> + {:ok, + {{:json, + %{ + "active" => true, + "client_id" => "client_id" + }}, []}} + end do + client_context = + ClientContext.from_manual( + @example_metadata, + @example_jwks, + "client_id", + "client_secret" + ) + + assert {:ok, %TokenIntrospection{active: true}} = + TokenIntrospection.introspect( + %Token{ + id: %Token.Id{ + token: "id_token", + claims: %{} + }, + access: %Token.Access{token: "access_token", expires: :undefined}, + refresh: :none, + scope: ["profile", "openid"] + }, + client_context + ) + end + end +end diff --git a/test/oidcc/token_test.exs b/test/oidcc/token_test.exs new file mode 100644 index 0000000..ac3dee1 --- /dev/null +++ b/test/oidcc/token_test.exs @@ -0,0 +1,227 @@ +defmodule Oidcc.TokenTest do + use ExUnit.Case, async: false + + import Mock + + alias Oidcc.ClientContext + alias Oidcc.ProviderConfiguration + alias Oidcc.Token + + {:ok, example_metadata} = + :oidcc + |> Application.app_dir("priv/test/fixtures/example-metadata.json") + |> File.read!() + |> JOSE.decode() + |> ProviderConfiguration.decode_configuration() + + @example_metadata example_metadata + @example_jwks :oidcc + |> Application.app_dir("priv/test/fixtures/jwk.pem") + |> JOSE.JWK.from_pem_file() + + %{ + "clientId" => client_credentials_client_id, + "clientSecret" => client_credentials_client_secret + } = + :oidcc + |> Application.app_dir("priv/test/fixtures/zitadel-client-credentials.json") + |> File.read!() + |> JOSE.decode() + + @client_credentials_client_id client_credentials_client_id + @client_credentials_client_secret client_credentials_client_secret + + @jwt_profile :oidcc + |> Application.app_dir("priv/test/fixtures/zitadel-jwt-profile.json") + |> File.read!() + + doctest Token + + setup_all do + # Used in doctests + System.put_env("CLIENT_CREDENTIALS_CLIENT_ID", @client_credentials_client_id) + System.put_env("CLIENT_CREDENTIALS_CLIENT_SECRET", @client_credentials_client_secret) + System.put_env("JWT_PROFILE", @jwt_profile) + + :ok + end + + describe inspect(&Token.retrieve/3) do + test_with_mock "works", %{}, :oidcc_http_util, [], + request: fn :post, + {"https://my.provider/token", _headers, ~c"application/x-www-form-urlencoded", + _body}, + _telemetry_opts, + _http_opts -> + {_jws, token} = + @example_jwks + |> JOSE.JWT.sign( + %{"alg" => "RS256"}, + JOSE.JWT.from(%{ + "iss" => "https://my.provider", + "sub" => "sub", + "aud" => "client_id", + "iat" => 1_694_089_540, + "exp" => 1_694_089_840 + }) + ) + |> JOSE.JWS.compact() + + {:ok, + {{:json, + %{ + "access_token" => "access_token", + "token_type" => "Bearer", + "id_token" => token, + "scope" => "profile openid", + "refresh_token" => "refresh_token" + }}, []}} + end do + client_context = + ClientContext.from_manual( + @example_metadata, + @example_jwks, + "client_id", + "client_secret" + ) + + assert {:ok, + %Token{ + id: %Token.Id{ + token: _token, + claims: %{ + "aud" => "client_id", + "exp" => 1_694_089_840, + "iat" => 1_694_089_540, + "iss" => "https://my.provider", + "sub" => "sub" + } + }, + access: %Token.Access{token: "access_token", expires: :undefined}, + refresh: %Token.Refresh{token: "refresh_token"}, + scope: ["profile", "openid"] + }} = + Token.retrieve( + "auth_code", + client_context, + %{redirect_uri: "https://my.server/return"} + ) + end + end + + describe inspect(&Token.refresh/3) do + test_with_mock "works", %{}, :oidcc_http_util, [], + request: fn :post, + {"https://my.provider/token", _headers, ~c"application/x-www-form-urlencoded", + _body}, + _telemetry_opts, + _http_opts -> + {_jws, token} = + @example_jwks + |> JOSE.JWT.sign( + %{"alg" => "RS256"}, + JOSE.JWT.from(%{ + "iss" => "https://my.provider", + "sub" => "sub", + "aud" => "client_id", + "iat" => 1_694_089_540, + "exp" => 1_694_089_840 + }) + ) + |> JOSE.JWS.compact() + + {:ok, + {{:json, + %{ + "access_token" => "access_token", + "token_type" => "Bearer", + "id_token" => token, + "scope" => "profile openid" + }}, []}} + end do + client_context = + ClientContext.from_manual( + @example_metadata, + @example_jwks, + "client_id", + "client_secret" + ) + + assert {:ok, + %Token{ + id: %Token.Id{ + token: _token, + claims: %{ + "sub" => "sub" + } + }, + access: %Token.Access{token: "access_token", expires: :undefined}, + refresh: :none, + scope: ["profile", "openid"] + }} = + Token.refresh( + %Token{ + id: %Token.Id{ + token: "id_token", + claims: %{"sub" => "sub"} + }, + access: %Token.Access{token: "access_token", expires: :undefined}, + refresh: %Token.Refresh{token: "refresh_token"}, + scope: ["profile", "openid"] + }, + client_context, + %{redirect_uri: "https://my.server/return"} + ) + end + end + + describe inspect(&Token.jwt_profile/4) do + test "works" do + pid = + start_supervised!( + {ProviderConfiguration.Worker, %{issuer: "https://erlef-test-w4a8z2.zitadel.cloud"}} + ) + + {:ok, client_context} = + ClientContext.from_configuration_worker( + pid, + "client_id", + "client_secret" + ) + + %{"key" => key, "keyId" => kid, "userId" => subject} = JOSE.decode(@jwt_profile) + + jwk = JOSE.JWK.from_pem(key) + + assert {:ok, %Token{}} = + Token.jwt_profile( + subject, + client_context, + jwk, + %{scope: ["urn:zitadel:iam:org:project:id:zitadel:aud"], kid: kid} + ) + end + end + + describe inspect(&Oidcc.client_credentials_token/2) do + test "works" do + pid = + start_supervised!( + {ProviderConfiguration.Worker, %{issuer: "https://erlef-test-w4a8z2.zitadel.cloud"}} + ) + + {:ok, client_context} = + ClientContext.from_configuration_worker( + pid, + @client_credentials_client_id, + @client_credentials_client_secret + ) + + assert {:ok, %Token{}} = + Oidcc.Token.client_credentials( + client_context, + %{scope: ["scope"]} + ) + end + end +end diff --git a/test/oidcc/userinfo_test.exs b/test/oidcc/userinfo_test.exs new file mode 100644 index 0000000..33dca9a --- /dev/null +++ b/test/oidcc/userinfo_test.exs @@ -0,0 +1,58 @@ +defmodule Oidcc.UserinfoTest do + use ExUnit.Case, async: false + + import Mock + + alias Oidcc.ClientContext + alias Oidcc.ProviderConfiguration + alias Oidcc.Token + alias Oidcc.Userinfo + + {:ok, example_metadata} = + :oidcc + |> Application.app_dir("priv/test/fixtures/example-metadata.json") + |> File.read!() + |> JOSE.decode() + |> ProviderConfiguration.decode_configuration() + + @example_metadata example_metadata + @example_jwks :oidcc + |> Application.app_dir("priv/test/fixtures/jwk.pem") + |> JOSE.JWK.from_pem_file() + + doctest Userinfo + + describe inspect(&Userinfo.retrieve/3) do + test_with_mock "works", %{}, :oidcc_http_util, [:passthrough], + request: fn :get, {"https://my.provider/userinfo", _headers}, _telemetry_opts, _http_opts -> + {:ok, + {{:json, + %{ + "sub" => "sub" + }}, []}} + end do + client_context = + ClientContext.from_manual( + @example_metadata, + @example_jwks, + "client_id", + "client_secret" + ) + + assert {:ok, %{"sub" => "sub"}} = + Userinfo.retrieve( + %Token{ + id: %Token.Id{ + token: "id_token", + claims: %{"sub" => "sub"} + }, + access: %Token.Access{token: "access_token", expires: :undefined}, + refresh: %Token.Refresh{token: "refresh_token"}, + scope: ["profile", "openid"] + }, + client_context, + %{expected_subject: "sub"} + ) + end + end +end diff --git a/test/oidcc_SUITE.erl b/test/oidcc_SUITE.erl new file mode 100644 index 0000000..320c3e6 --- /dev/null +++ b/test/oidcc_SUITE.erl @@ -0,0 +1,192 @@ +-module(oidcc_SUITE). + +-export([all/0]). +-export([create_redirect_url/1]). +-export([end_per_suite/1]). +-export([init_per_suite/1]). +-export([introspect_token/1]). +-export([refresh_token/1]). +-export([retrieve_client_credentials_token/1]). +-export([retrieve_jwt_profile_token/1]). +-export([retrieve_token/1]). +-export([retrieve_userinfo/1]). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("stdlib/include/assert.hrl"). + +all() -> + [ + create_redirect_url, + retrieve_token, + retrieve_userinfo, + refresh_token, + introspect_token, + retrieve_jwt_profile_token, + retrieve_client_credentials_token + ]. + +init_per_suite(_Config) -> + {ok, _} = application:ensure_all_started(oidcc), + []. + +end_per_suite(_Config) -> + ok = application:stop(oidcc). + +create_redirect_url(_Config) -> + {ok, ConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://login.salesforce.com">>, + name => {local, create_redirect_url_oidcc_SUITE} + }), + + {ok, Url} = + oidcc:create_redirect_url( + ConfigurationPid, + <<"client_id">>, + <<"client_secret">>, + #{redirect_uri => <<"https://my.server/return">>} + ), + + ExpUrl = + <<"https://login.salesforce.com/services/oauth2/authorize?scope=openid&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn">>, + + ?assertEqual(ExpUrl, iolist_to_binary(Url)), + + ok. + +retrieve_token(_Config) -> + {ok, ConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://login.salesforce.com">>, + name => {local, create_redirect_url_oidcc_SUITE} + }), + + {error, Reason} = + oidcc:retrieve_token( + <<"invalid_auth_code">>, + ConfigurationPid, + <<"client_id">>, + <<"client_secret">>, + #{redirect_uri => <<"https://my.server/return">>} + ), + + ?assertMatch({http_error, 400, _}, Reason), + + ok. + +retrieve_userinfo(_Config) -> + {ok, ConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://login.salesforce.com">>, + name => {local, create_redirect_url_oidcc_SUITE} + }), + + {error, Reason} = + oidcc:retrieve_userinfo( + <<"invalid_auth_token">>, + ConfigurationPid, + <<"client_id">>, + <<"client_secret">>, + #{expected_subject => <<"some sub">>} + ), + + ?assertMatch({http_error, 403, _}, Reason), + + ok. + +refresh_token(_Config) -> + {ok, ConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://erlef-test-w4a8z2.zitadel.cloud">>, + name => {local, create_redirect_url_oidcc_SUITE} + }), + + {error, Reason} = + oidcc:refresh_token( + <<"invalid_refresh_token">>, + ConfigurationPid, + <<"client_id">>, + <<"client_secret">>, + #{expected_subject => <<"some sub">>} + ), + + ?assertMatch({http_error, 400, _}, Reason), + + ok. + +introspect_token(_Config) -> + {ok, ConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://login.salesforce.com">>, + name => {local, create_redirect_url_oidcc_SUITE} + }), + + {error, Reason} = + oidcc:introspect_token( + <<"invalid_access_token">>, + ConfigurationPid, + <<"client_id">>, + <<"client_secret">>, + #{} + ), + + ?assertMatch({http_error, 401, _}, Reason), + + ok. + +retrieve_jwt_profile_token(_Config) -> + {ok, ZitadelConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://erlef-test-w4a8z2.zitadel.cloud">> + }), + + PrivDir = code:priv_dir(oidcc), + + {ok, KeyJson} = file:read_file(PrivDir ++ "/test/fixtures/zitadel-jwt-profile.json"), + KeyMap = jose:decode(KeyJson), + Key = jose_jwk:from_pem(maps:get(<<"key">>, KeyMap)), + + ?assertMatch( + {ok, _}, + oidcc:jwt_profile_token( + <<"231391584430604723">>, + ZitadelConfigurationPid, + <<"client_id">>, + <<"client_secret">>, + Key, + #{ + scope => [<<"urn:zitadel:iam:org:project:id:zitadel:aud">>], + kid => maps:get(<<"keyId">>, KeyMap) + } + ) + ), + + ok. + +retrieve_client_credentials_token(_Config) -> + PrivDir = code:priv_dir(oidcc), + + {ok, ZitadelConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://erlef-test-w4a8z2.zitadel.cloud">> + }), + + {ok, ZitadelClientCredentialsJson} = file:read_file( + PrivDir ++ "/test/fixtures/zitadel-client-credentials.json" + ), + #{ + <<"clientId">> := ZitadelClientCredentialsClientId, + <<"clientSecret">> := ZitadelClientCredentialsClientSecret + } = jose:decode(ZitadelClientCredentialsJson), + + ?assertMatch( + {ok, _}, + oidcc:client_credentials_token( + ZitadelConfigurationPid, + ZitadelClientCredentialsClientId, + ZitadelClientCredentialsClientSecret, + #{scope => [<<"openid">>]} + ) + ), + + ok. diff --git a/test/oidcc_authorization_test.erl b/test/oidcc_authorization_test.erl new file mode 100644 index 0000000..348e3b7 --- /dev/null +++ b/test/oidcc_authorization_test.erl @@ -0,0 +1,82 @@ +-module(oidcc_authorization_test). + +-include_lib("eunit/include/eunit.hrl"). + +create_redirect_url_test() -> + PrivDir = code:priv_dir(oidcc), + + {ok, ValidConfigString} = file:read_file(PrivDir ++ "/test/fixtures/example-metadata.json"), + {ok, Configuration} = oidcc_provider_configuration:decode_configuration( + jose:decode(ValidConfigString) + ), + + Jwks = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"), + + ClientId = <<"client_id">>, + State = <<"someimportantstate">>, + Nonce = <<"noncenonce">>, + RedirectUri = <<"https://my.server/return">>, + + ClientContext = + oidcc_client_context:from_manual(Configuration, Jwks, ClientId, <<"client_secret">>), + + BaseOpts = + #{ + redirect_uri => RedirectUri, + client_id => ClientId, + url_extension => [{<<"test">>, <<"id">>}] + }, + Opts1 = maps:merge(BaseOpts, #{scopes => ["email", <<"openid">>, profile]}), + Opts2 = maps:merge(BaseOpts, #{scopes => ["email", <<"profile">>], state => State}), + Opts3 = + maps:merge( + BaseOpts, + #{ + scopes => [email, profile, openid], + state => State, + nonce => Nonce + } + ), + Opts4 = + maps:merge( + BaseOpts, + #{ + scopes => ["email", <<"openid">>], + url_extension => [{<<"test">>, <<"id">>}, {<<"other">>, <<"green">>}] + } + ), + Opts5 = + maps:merge(BaseOpts, #{pkce => #{challenge => <<"foo">>, method => <<"plain">>}}), + + {ok, Url1} = oidcc_authorization:create_redirect_url(ClientContext, BaseOpts), + {ok, Url2} = oidcc_authorization:create_redirect_url(ClientContext, Opts1), + {ok, Url3} = oidcc_authorization:create_redirect_url(ClientContext, Opts2), + {ok, Url4} = oidcc_authorization:create_redirect_url(ClientContext, Opts3), + {ok, Url5} = oidcc_authorization:create_redirect_url(ClientContext, Opts4), + {ok, Url6} = oidcc_authorization:create_redirect_url(ClientContext, Opts5), + + ExpUrl1 = + <<"https://my.provider/auth?scope=openid&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, + ?assertEqual(ExpUrl1, iolist_to_binary(Url1)), + + ExpUrl2 = + <<"https://my.provider/auth?scope=email+openid+profile&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, + ?assertEqual(ExpUrl2, iolist_to_binary(Url2)), + + ExpUrl3 = + <<"https://my.provider/auth?scope=email+profile&state=someimportantstate&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, + ?assertEqual(ExpUrl3, iolist_to_binary(Url3)), + + ExpUrl4 = + <<"https://my.provider/auth?scope=email+profile+openid&nonce=noncenonce&state=someimportantstate&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, + ?assertEqual(ExpUrl4, iolist_to_binary(Url4)), + + ExpUrl5 = + <<"https://my.provider/auth?scope=email+openid&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id&other=green">>, + ?assertEqual(ExpUrl5, iolist_to_binary(Url5)), + + ExpUrl6 = + <<"https://my.provider/auth?scope=openid&code_challenge=foo&code_challenge_method=plain&response_type=code&client_id=client_id&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, + ?assertEqual(ExpUrl6, iolist_to_binary(Url6)), + + ok. diff --git a/test/oidcc_client_context_SUITE.erl b/test/oidcc_client_context_SUITE.erl new file mode 100644 index 0000000..dc8b8ac --- /dev/null +++ b/test/oidcc_client_context_SUITE.erl @@ -0,0 +1,39 @@ +-module(oidcc_client_context_SUITE). + +-export([all/0]). +-export([from_configuration_worker/1]). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("oidcc/include/oidcc_client_context.hrl"). +-include_lib("stdlib/include/assert.hrl"). + +all() -> + [from_configuration_worker]. + +from_configuration_worker(_Config) -> + {ok, GoogleConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://accounts.google.com/">>, + name => {local, from_configuration_worker_oidcc_client_context_SUITE} + }), + + Configuration = oidcc_provider_configuration_worker:get_provider_configuration( + GoogleConfigurationPid + ), + Jwks = oidcc_provider_configuration_worker:get_jwks(GoogleConfigurationPid), + + ?assertMatch( + {ok, #oidcc_client_context{ + provider_configuration = Configuration, + jwks = Jwks, + client_id = <<"client_id">>, + client_secret = <<"client_secret">> + }}, + oidcc_client_context:from_configuration_worker( + from_configuration_worker_oidcc_client_context_SUITE, + <<"client_id">>, + <<"client_secret">> + ) + ), + + ok. diff --git a/test/oidcc_client_context_test.erl b/test/oidcc_client_context_test.erl new file mode 100644 index 0000000..3e036e8 --- /dev/null +++ b/test/oidcc_client_context_test.erl @@ -0,0 +1,14 @@ +-module(oidcc_client_context_test). + +-include_lib("eunit/include/eunit.hrl"). + +provider_not_running_test() -> + ?assertMatch( + {error, provider_not_ready}, + oidcc_client_context:from_configuration_worker( + invalid, + <<"client_id">>, + <<"client_secret">> + ) + ), + ok. diff --git a/test/oidcc_client_one.erl b/test/oidcc_client_one.erl deleted file mode 100644 index 1104197..0000000 --- a/test/oidcc_client_one.erl +++ /dev/null @@ -1,9 +0,0 @@ --module(oidcc_client_one). - --export([login_succeeded/1, login_failed/2]). - -login_succeeded(_) -> - ok. - -login_failed(_, _) -> - ok. diff --git a/test/oidcc_client_test.erl b/test/oidcc_client_test.erl deleted file mode 100644 index 5c3dc5a..0000000 --- a/test/oidcc_client_test.erl +++ /dev/null @@ -1,42 +0,0 @@ --module(oidcc_client_test). - --include_lib("eunit/include/eunit.hrl"). - -start_stop_test() -> - {ok, Pid} = oidcc_client:start_link(), - ok = oidcc_client:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. - -register_test() -> - {ok, Pid} = oidcc_client:start_link(), - Module = oidcc_client_one, - {ok, Id} = oidcc_client:register(Module), - {ok, Module} = oidcc_client:get_module(Id), - {ok, Id} = oidcc_client:register(Module), - ok = oidcc_client:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. - -default_test() -> - {ok, Pid} = oidcc_client:start_link(), - OtherId = <<"123">>, - {ok, Id1} = oidcc_client:register(oidcc_client_one), - {ok, Id2} = oidcc_client:register(oidcc_client_two), - true = OtherId /= Id1, - true = OtherId /= Id2, - {ok, oidcc_client_one} = oidcc_client:get_module(OtherId), - {ok, oidcc_client_one} = oidcc_client:get_module(Id1), - {ok, oidcc_client_two} = oidcc_client:get_module(Id2), - ok = oidcc_client:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. - -garbage_test() -> - {ok, Pid} = oidcc_client:start_link(), - ignored = gen_server:call(Pid, unsupported_glibberish), - ok = gen_server:cast(Pid, unsupported_glibberish), - Pid ! some_unsupported_message, - ok = oidcc_client:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. diff --git a/test/oidcc_client_two.erl b/test/oidcc_client_two.erl deleted file mode 100644 index c40fbd6..0000000 --- a/test/oidcc_client_two.erl +++ /dev/null @@ -1,9 +0,0 @@ --module(oidcc_client_two). - --export([login_succeeded/1, login_failed/2]). - -login_succeeded(_) -> - ok. - -login_failed(_, _) -> - ok. diff --git a/test/oidcc_http_cache_test.erl b/test/oidcc_http_cache_test.erl deleted file mode 100644 index 8b8b832..0000000 --- a/test/oidcc_http_cache_test.erl +++ /dev/null @@ -1,131 +0,0 @@ --module(oidcc_http_cache_test). - --include_lib("eunit/include/eunit.hrl"). - -start_stop_test() -> - {ok, Pid} = oidcc_http_cache:start_link(), - ok = oidcc_http_cache:stop(), - test_util:wait_for_process_to_die(Pid, 100), - ok. - -insert_lookup_unconf_test() -> - {ok, Pid} = oidcc_http_cache:start_link(), - %% default behaviour of unconfigured - ?assertEqual({error, not_found}, oidcc_http_cache:lookup_http_call(a, b)), - ?assertEqual(ok, oidcc_http_cache:cache_http_result(a, b, c)), - ?assertEqual({error, not_found}, oidcc_http_cache:lookup_http_call(a, b)), - ok = oidcc_http_cache:stop(), - test_util:wait_for_process_to_die(Pid, 100), - ok. - -insert_lookup_conf_test() -> - application:set_env(oidcc, http_cache_duration, 30), - {ok, Pid} = oidcc_http_cache:start_link(), - ?assertEqual({error, not_found}, oidcc_http_cache:lookup_http_call(a, b)), - ?assertEqual(ok, oidcc_http_cache:cache_http_result(a, b, c)), - ?assertEqual({ok, c}, oidcc_http_cache:lookup_http_call(a, b)), - ok = oidcc_http_cache:stop(), - application:unset_env(oidcc, http_cache_duration), - test_util:wait_for_process_to_die(Pid, 100), - ok. - -enqueue_test() -> - application:set_env(oidcc, http_cache_duration, 30), - {ok, Pid} = oidcc_http_cache:start_link(), - ?assertEqual({error, not_found}, oidcc_http_cache:lookup_http_call(a, b)), - ?assertEqual(true, oidcc_http_cache:enqueue_http_call(a, b)), - ?assertEqual(false, oidcc_http_cache:enqueue_http_call(a, b)), - ?assertEqual({ok, pending}, oidcc_http_cache:lookup_http_call(a, b)), - ?assertEqual(false, oidcc_http_cache:enqueue_http_call(a, b)), - ?assertEqual(ok, oidcc_http_cache:cache_http_result(a, b, c)), - ?assertEqual({ok, c}, oidcc_http_cache:lookup_http_call(a, b)), - ok = oidcc_http_cache:stop(), - application:unset_env(oidcc, http_cache_duration), - test_util:wait_for_process_to_die(Pid, 100), - ok. - -clean_test() -> - application:unset_env(oidcc, http_cache_clean), - application:set_env(oidcc, http_cache_duration, 1), - {ok, Pid} = oidcc_http_cache:start_link(), - ?assertEqual(ok, oidcc_http_cache:cache_http_result(a, b, c)), - ?assertEqual({ok, c}, oidcc_http_cache:lookup_http_call(a, b)), - io:format("ets: ~p~n", [ets:match(oidcc_ets_http_cache, {'$1', '$2', '$3'})]), - oidcc_http_cache:trigger_cleaning(), - timer:sleep(200), - ?assertEqual({ok, c}, oidcc_http_cache:lookup_http_call(a, b)), - io:format("ets: ~p~n", [ets:match(oidcc_ets_http_cache, {'$1', '$2', '$3'})]), - timer:sleep(2000), - io:format("ets: ~p~n", [ets:match(oidcc_ets_http_cache, {'$1', '$2', '$3'})]), - ?assertEqual({error, outdated}, oidcc_http_cache:lookup_http_call(a, b)), - wait_for_cache(0), - ?assertEqual({error, not_found}, oidcc_http_cache:lookup_http_call(a, b)), - ok = oidcc_http_cache:stop(), - application:unset_env(oidcc, http_cache_duration), - test_util:wait_for_process_to_die(Pid, 100), - ok. - -auto_clean_test() -> - application:set_env(oidcc, http_cache_duration, 1), - application:set_env(oidcc, http_cache_clean, 1), - {ok, Pid} = oidcc_http_cache:start_link(), - ?assertEqual(ok, oidcc_http_cache:cache_http_result(a, b, c)), - ?assertEqual({ok, c}, oidcc_http_cache:lookup_http_call(a, b)), - timer:sleep(1000), - ?assertEqual({ok, c}, oidcc_http_cache:lookup_http_call(a, b)), - timer:sleep(1000), - ?assertEqual(ok, oidcc_http_cache:cache_http_result(b, c, d)), - ?assertEqual({ok, d}, oidcc_http_cache:lookup_http_call(b, c)), - ?assertEqual({error, not_found}, oidcc_http_cache:lookup_http_call(a, b)), - ok = oidcc_http_cache:stop(), - application:unset_env(oidcc, http_cache_duration), - application:unset_env(oidcc, http_cache_clean), - test_util:wait_for_process_to_die(Pid, 100), - ok. - -multiple_entries_test() -> - application:unset_env(oidcc, http_cache_clean), - application:set_env(oidcc, http_cache_duration, 1), - {ok, Pid} = oidcc_http_cache:start_link(), - ?assertEqual(ok, oidcc_http_cache:cache_http_result(a, b, c)), - ?assertEqual({ok, c}, oidcc_http_cache:lookup_http_call(a, b)), - io:format("ets: ~p~n", [ets:match(oidcc_ets_http_cache, {'$1', '$2', '$3'})]), - oidcc_http_cache:trigger_cleaning(), - timer:sleep(100), - ?assertEqual({ok, c}, oidcc_http_cache:lookup_http_call(a, b)), - application:set_env(oidcc, http_cache_duration, 5), - ?assertEqual(ok, oidcc_http_cache:cache_http_result(b, c, d)), - ?assertEqual({ok, d}, oidcc_http_cache:lookup_http_call(b, c)), - io:format("ets: ~p~n", [ets:match(oidcc_ets_http_cache, {'$1', '$2', '$3'})]), - WaitForOutdated = - fun() -> - Result = oidcc_http_cache:lookup_http_call(a, b), - Result == {error, outdated} - end, - ok = test_util:wait_for_true(WaitForOutdated, 200), - ?assertEqual({ok, d}, oidcc_http_cache:lookup_http_call(b, c)), - wait_for_cache(1), - ?assertEqual({error, not_found}, oidcc_http_cache:lookup_http_call(a, b)), - ?assertEqual({ok, d}, oidcc_http_cache:lookup_http_call(b, c)), - application:unset_env(oidcc, http_cache_duration), - ok = oidcc_http_cache:stop(), - test_util:wait_for_process_to_die(Pid, 100), - ok. - -garbage_test() -> - {ok, Pid} = oidcc_http_cache:start_link(), - ignored = gen_server:call(Pid, unsupported_glibberish), - ok = gen_server:cast(Pid, unsupported_glibberish), - Pid ! some_unsupported_message, - ok = oidcc_http_cache:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. - -wait_for_cache(Size) -> - case ets:info(oidcc_ets_http_cache, size) of - Size -> - ok; - _ -> - timer:sleep(10), - wait_for_cache(Size) - end. diff --git a/test/oidcc_http_util_test.erl b/test/oidcc_http_util_test.erl deleted file mode 100644 index f8ed011..0000000 --- a/test/oidcc_http_util_test.erl +++ /dev/null @@ -1,114 +0,0 @@ --module(oidcc_http_util_test). - --include_lib("eunit/include/eunit.hrl"). - -init_test() -> - {ok, _} = application:ensure_all_started(hackney). - -https_sync_get_googleapis_test() -> - Url = <<"https://www.googleapis.com/oauth2/v3/certs">>, - https_sync_request(Url). - -%% https_sync_get_github_test() -> -%% Url = <<"https://www.github.com">>, -%% https_sync_request(Url, 2). - -https_sync_get_google_test() -> - Url = <<"https://accounts.google.com/.well-known/openid-configuration">>, - https_sync_request(Url). - -https_sync_request(Url) -> - {ok, #{status := 200}} = oidcc_http_util:sync_http(get, Url, []), - ok. - -https_sync_get_cache_test() -> - {ok, Pid} = oidcc_http_cache:start_link(), - Url = <<"https://google.com">>, - {ok, #{status := 200}} = oidcc_http_util:sync_http(get, Url, [], true), - ok = oidcc_http_cache:stop(), - test_util:wait_for_process_to_die(Pid, 50), - ok. - -https_async_get_test() -> - Url = <<"https://google.com">>, - {ok, Id} = oidcc_http_util:async_http(get, Url, []), - receive - {http, {Id, _Result}} -> - ok - end, - ok. - -http_sync_get_test() -> - Url1 = <<"http://google.de">>, - {ok, #{status := 200}} = oidcc_http_util:sync_http(get, Url1, []). - -http_async_get_test() -> - Url1 = <<"http://google.de">>, - {ok, Id} = oidcc_http_util:async_http(get, Url1, []), - receive - {http, {Id, _Result}} -> - ok - end. - -http_cache_test() -> - application:set_env(oidcc, http_cache_duration, 2), - {ok, Pid} = oidcc_http_cache:start_link(), - application:unset_env(oidcc, http_cache_duration), - Url1 = <<"http://google.de">>, - {ok, #{status := 200}} = oidcc_http_util:sync_http(get, Url1, [], true), - timer:sleep(1), - {ok, #{status := 200}} = oidcc_http_util:sync_http(get, Url1, [], true), - ok = oidcc_http_cache:stop(), - test_util:wait_for_process_to_die(Pid, 50), - ok. - -basic_parallel_test() -> - parallel_request(50). - -%% advanced_parallel_test() -> -%% parallel_request(1000). - -%% extreme_parallel_test() -> -%% parallel_request(10000). - -parallel_request(NumRequests) -> - application:set_env(oidcc, http_cache_duration, 60), - {ok, Pid} = oidcc_http_cache:start_link(), - application:unset_env(oidcc, http_cache_duration), - Url = <<"http://google.com">>, - ok = start_requests(self(), Url, NumRequests), - timer:sleep(1), - {ok, #{status := 200}} = oidcc_http_util:sync_http(get, Url, [], true), - ok = receive_oks(NumRequests), - ok = oidcc_http_cache:stop(), - test_util:wait_for_process_to_die(Pid, 50), - ok. - -start_requests(_Pid, _Url, 0) -> - ok; -start_requests(Pid, Url, Num) -> - start_request(Pid, Url), - start_requests(Pid, Url, Num - 1). - -start_request(Pid, Url) -> - Fun = fun() -> - case oidcc_http_util:sync_http(get, Url, [], true) of - {ok, #{status := 200}} -> - Pid ! ok; - Other -> - Pid ! {error, Other} - end - end, - spawn(Fun). - -receive_oks(0) -> - ok; -receive_oks(Num) -> - ok = - receive - ok -> - ok; - Other -> - Other - end, - receive_oks(Num - 1). diff --git a/test/oidcc_openid_provider_mgr_test.erl b/test/oidcc_openid_provider_mgr_test.erl deleted file mode 100644 index 19289d5..0000000 --- a/test/oidcc_openid_provider_mgr_test.erl +++ /dev/null @@ -1,179 +0,0 @@ --module(oidcc_openid_provider_mgr_test). - --include_lib("eunit/include/eunit.hrl"). - -start_stop_test() -> - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. - -simple_add_test() -> - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - issuer_or_endpoint => <<"well.known">>, - local_endpoint => <<"/here">>}, - {ok, ProvPid} = meck(), - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - {ok, Id, ProvPid} = oidcc_openid_provider_mgr:add_openid_provider(Config), - {ok, [{Id, ProvPid}]} = oidcc_openid_provider_mgr:get_openid_provider_list(), - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = stop_meck(ProvPid), - ok. - -id_add_test() -> - Id = <<"123">>, - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - issuer_or_endpoint => <<"well.known">>, - local_endpoint => <<"/here">>, - id => Id}, - {ok, ProvPid} = meck(), - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - {ok, Id, ProvPid} = oidcc_openid_provider_mgr:add_openid_provider(Config), - {ok, [{Id, ProvPid}]} = oidcc_openid_provider_mgr:get_openid_provider_list(), - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = stop_meck(ProvPid), - ok. - -double_add_test() -> - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - issuer_or_endpoint => <<"well.known">>, - local_endpoint => <<"/here">>}, - {ok, ProvPid} = meck(), - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - {ok, Id, ProvPid} = oidcc_openid_provider_mgr:add_openid_provider(Config), - NewConfig = maps:put(id, Id, Config), - {error, id_already_used} = oidcc_openid_provider_mgr:add_openid_provider(NewConfig), - {ok, _Id, ProvPid} = oidcc_openid_provider_mgr:add_openid_provider(Config), - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = stop_meck(ProvPid), - ok. - -multiple_add_test() -> - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - issuer_or_endpoint => <<"well.known">>, - local_endpoint => <<"/here">>}, - NumberToAdd = 1000, - {ok, ProvPid} = meck(), - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - ok = add_provider(NumberToAdd, Config), - {ok, List} = oidcc_openid_provider_mgr:get_openid_provider_list(), - NumberToAdd = length(List), - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = stop_meck(ProvPid), - ok. - -add_provider(0, _) -> - ok; -add_provider(Num, Config) -> - {ok, _Id, _Pid} = oidcc_openid_provider_mgr:add_openid_provider(Config), - add_provider(Num - 1, Config). - -lookup_test() -> - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - issuer_or_endpoint => <<"well.known">>, - local_endpoint => <<"/here">>}, - {ok, ProvPid} = meck(), - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - {ok, Id, ProvPid} = oidcc_openid_provider_mgr:add_openid_provider(Config), - {ok, ProvPid} = oidcc_openid_provider_mgr:get_openid_provider(Id), - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = stop_meck(ProvPid), - ok. - -delete_test() -> - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - issuer_or_endpoint => <<"well.known">>, - local_endpoint => <<"/here">>}, - {ok, ProvPid} = meck(), - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - {ok, Id, ProvPid} = oidcc_openid_provider_mgr:add_openid_provider(Config), - {ok, ProvPid} = oidcc_openid_provider_mgr:get_openid_provider(Id), - ProvPid ! stop, - ok = test_util:wait_for_process_to_die(ProvPid, 100), - wait_for_ets(), - {error, not_found} = oidcc_openid_provider_mgr:get_openid_provider(Id), - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = stop_meck(ProvPid), - ok. - -bad_lookup_test() -> - {ok, ProvPid} = meck(), - Id = <<"some random Id">>, - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - {error, not_found} = oidcc_openid_provider_mgr:get_openid_provider(Id), - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = stop_meck(ProvPid), - ok. - -garbage_test() -> - {ok, Pid} = oidcc_openid_provider_mgr:start_link(), - ignored = gen_server:call(Pid, unsupported_glibberish), - ok = gen_server:cast(Pid, unsupported_glibberish), - Pid ! some_unsupported_message, - ok = oidcc_openid_provider_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. - -meck() -> - Pid = provider(), - AddFun = fun(_Id, _Config) -> {ok, Pid} end, - ok = meck:new(oidcc_openid_provider_sup), - ok = meck:expect(oidcc_openid_provider_sup, add_openid_provider, AddFun), - {ok, Pid}. - -stop_meck(Pid) -> - true = meck:validate(oidcc_openid_provider_sup), - ok = meck:unload(oidcc_openid_provider_sup), - Pid ! stop, - test_util:wait_for_process_to_die(Pid, 100), - ok. - -provider() -> - WaitForStop = - fun() -> - receive - stop -> - ok - end - end, - erlang:spawn(WaitForStop). - -wait_for_ets() -> - case ets:info(oidcc_ets_provider, size) of - 0 -> - ok; - _ -> - timer:sleep(10), - wait_for_ets() - end. diff --git a/test/oidcc_openid_provider_test.erl b/test/oidcc_openid_provider_test.erl deleted file mode 100644 index 5d38f64..0000000 --- a/test/oidcc_openid_provider_test.erl +++ /dev/null @@ -1,238 +0,0 @@ --module(oidcc_openid_provider_test). - --include_lib("eunit/include/eunit.hrl"). - -start_stop_test() -> - application:set_env(oidcc, cacertfile, "somefile.pem"), - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - request_scopes => undefined, - issuer_or_endpoint => <<"http://my.provider.com/">>, - local_endpoint => <<"/here">>, - static_extend_url => #{}}, - Id = <<"some id">>, - {ok, Pid} = oidcc_openid_provider:start_link(Id, Config), - ok = oidcc_openid_provider:stop(Pid), - ok = test_util:wait_for_process_to_die(Pid, 100). - -set_test() -> - application:set_env(oidcc, cacertfile, "somefile.pem"), - Id = <<"some id">>, - Name = <<"my Name">>, - Description = <<"some test oidc">>, - ClientId = <<"234">>, - ClientSecret = <<"secret">>, - ConfigEndpoint = <<"https://my.provider/.well-known/openid-configuration">>, - LocalEndpoint = <<"https://my.server/return">>, - ConfigIn = - #{name => Name, - description => Description, - client_id => ClientId, - client_secret => ClientSecret, - request_scopes => undefined, - issuer_or_endpoint => ConfigEndpoint, - local_endpoint => LocalEndpoint, - static_extend_url => #{}}, - {ok, Pid} = oidcc_openid_provider:start_link(Id, ConfigIn), - {ok, Config} = oidcc_openid_provider:get_config(Pid), - #{id := ConfId, - name := ConfName, - description := ConfDesc, - client_id := ConfClientId, - client_secret := ConfClientSecret, - config_endpoint := ConfConfigEndpoint, - local_endpoint := ConfLocalEndpoint} = - Config, - ?assertEqual(ConfId, Id), - ?assertEqual(ConfName, Name), - ?assertEqual(ConfDesc, Description), - ?assertEqual(ConfClientSecret, ClientSecret), - ?assertEqual(ConfClientId, ClientId), - ?assertEqual(ConfConfigEndpoint, ConfigEndpoint), - ?assertEqual(ConfLocalEndpoint, LocalEndpoint), - ok = oidcc_openid_provider:stop(Pid), - ok = test_util:wait_for_process_to_die(Pid, 100). - -fetch_config_test() -> - Id = <<"some id">>, - ConfigEndpoint = <<"https://my.provider/.well-known/openid-configuration">>, - KeyEndpoint = <<"https://my.provider/keys">>, - ConfigBody = - <<"{\"issuer\":\"https://my.provider\",\"jwks_uri\": \"https://my.provider/keys\", \"response_types_supported\":[\"code\"] }">>, - KeyBody = - <<"{ \"keys\": [ { \"kty\": \"RSA\", \"alg\": \"RS256\", \"use\":\n \"sig\", \"kid\": \"6b8297523597b08d37e9c66e6dbbb32ea70e2770\", \"n\":\n \"ufxh3jipQ6N9GvVfaHIdFkCBQ7MA8XBkXswHQdwKEyXhYBPp11KKumenQ9hVodEkFEpVnblPxI-Tnmj_0lLX-d4CSEBzZO5hQGTSCKiCUESVOYrirLiN3Mxjt5qi4-7JESeATcptGbEk69T2NLlWYki_LcXTmt_-n4XV_HfgCg9DdrlTjq7xtDlc3KYUf6iizWEBKixd47Y91vzdegl-O5iu1WCHrF6owAu1Ok5q4pVoACPzXONLXnxjUNRpuYksmFZDJOeJEy4Ig59H0S-uy20StRSGCySSEjeACP_Kib7weqyRD-7zHzJpW6jR25XHvoIIbCvnnWkkCKj_noyimw\",\n \"e\": \"AQAB\" } ] }">>, - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - request_scopes => undefined, - issuer_or_endpoint => ConfigEndpoint, - local_endpoint => <<"/here">>, - test => <<"extra config">>, - static_extend_url => #{}}, - HttpFun = - fun(Method, Url, _Header) -> - Method = get, - case Url of - ConfigEndpoint -> - {ok, config_id}; - KeyEndpoint -> - {ok, key_id} - end - end, - ok = meck:new(oidcc_http_util), - ok = meck:expect(oidcc_http_util, async_http, HttpFun), - ok = meck:expect(oidcc_http_util, uncompress_body_if_needed, fun(B, _) -> {ok, B} end), - {ok, Pid} = oidcc_openid_provider:start_link(Id, Config), - Pid ! {http, {config_id, {{tcp, 200, good}, [], ConfigBody}}}, - {ok, Config1} = oidcc_openid_provider:get_config(Pid), - #{config_endpoint := ConfigEndpoint, - keys := [], - issuer := <<"https://my.provider">>, - jwks_uri := <<"https://my.provider/keys">>, - extra_config := #{test := <<"extra config">>}} = - Config1, - gen_server:cast(Pid, retrieve_keys), - Pid ! {http, {key_id, {{tcp, 200, good}, [], KeyBody}}}, - {ok, Config2} = oidcc_openid_provider:get_config(Pid), - #{config_endpoint := ConfigEndpoint, - keys := [_Keys], - issuer := <<"https://my.provider">>, - jwks_uri := <<"https://my.provider/keys">>, - extra_config := #{test := <<"extra config">>}} = - Config2, - true = oidcc_openid_provider:is_issuer(<<"https://my.provider">>, Pid), - false = oidcc_openid_provider:is_issuer(<<"https://other.provider">>, Pid), - ok = oidcc_openid_provider:stop(Pid), - ok = test_util:wait_for_process_to_die(Pid, 100), - true = meck:validate(oidcc_http_util), - meck:unload(oidcc_http_util), - ok. - -fetch_config_cache_control_no_deadline_test() -> - Id = <<"some id">>, - ConfigEndpoint = <<"https://my.provider/.well-known/openid-configuration">>, - KeyEndpoint = <<"https://my.provider/keys">>, - ConfigBody = - <<"{\"issuer\":\"https://my.provider\",\"jwks_uri\": \"https://my.provider/keys\", \"response_types_supported\":[\"code\"] }">>, - KeyBody = - <<"{ \"keys\": [ { \"kty\": \"RSA\", \"alg\": \"RS256\", \"use\":\n \"sig\", \"kid\": \"6b8297523597b08d37e9c66e6dbbb32ea70e2770\", \"n\":\n \"ufxh3jipQ6N9GvVfaHIdFkCBQ7MA8XBkXswHQdwKEyXhYBPp11KKumenQ9hVodEkFEpVnblPxI-Tnmj_0lLX-d4CSEBzZO5hQGTSCKiCUESVOYrirLiN3Mxjt5qi4-7JESeATcptGbEk69T2NLlWYki_LcXTmt_-n4XV_HfgCg9DdrlTjq7xtDlc3KYUf6iizWEBKixd47Y91vzdegl-O5iu1WCHrF6owAu1Ok5q4pVoACPzXONLXnxjUNRpuYksmFZDJOeJEy4Ig59H0S-uy20StRSGCySSEjeACP_Kib7weqyRD-7zHzJpW6jR25XHvoIIbCvnnWkkCKj_noyimw\",\n \"e\": \"AQAB\" } ] }">>, - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - request_scopes => undefined, - issuer_or_endpoint => ConfigEndpoint, - local_endpoint => <<"/here">>, - test => <<"extra config">>, - static_extend_url => #{}}, - HttpFun = - fun(Method, Url, _Header) -> - Method = get, - case Url of - ConfigEndpoint -> - {ok, config_id}; - KeyEndpoint -> - {ok, key_id} - end - end, - ok = meck:new(oidcc_http_util), - ok = meck:expect(oidcc_http_util, async_http, HttpFun), - ok = meck:expect(oidcc_http_util, uncompress_body_if_needed, fun(B, _) -> {ok, B} end), - {ok, Pid} = oidcc_openid_provider:start_link(Id, Config), - Pid - ! {http, - {config_id, - {{tcp, 200, good}, - [{<<"cache-control">>, <<"no-cache, must-revalidate, no-transform, no-store">>}], - ConfigBody}}}, - {ok, Config1} = oidcc_openid_provider:get_config(Pid), - #{config_endpoint := ConfigEndpoint, - keys := [], - issuer := <<"https://my.provider">>, - jwks_uri := <<"https://my.provider/keys">>, - extra_config := #{test := <<"extra config">>}} = - Config1, - gen_server:cast(Pid, retrieve_keys), - Pid ! {http, {key_id, {{tcp, 200, good}, [], KeyBody}}}, - {ok, Config2} = oidcc_openid_provider:get_config(Pid), - #{config_endpoint := ConfigEndpoint, - keys := [_Keys], - issuer := <<"https://my.provider">>, - jwks_uri := <<"https://my.provider/keys">>, - extra_config := #{test := <<"extra config">>}} = - Config2, - true = oidcc_openid_provider:is_issuer(<<"https://my.provider">>, Pid), - false = oidcc_openid_provider:is_issuer(<<"https://other.provider">>, Pid), - ok = oidcc_openid_provider:stop(Pid), - ok = test_util:wait_for_process_to_die(Pid, 100), - true = meck:validate(oidcc_http_util), - meck:unload(oidcc_http_util), - ok. - -real_config_fetch_test_() -> - Setup = - fun() -> - application:set_env(oidcc, provider_max_tries, 1), - ok - end, - Cleanup = - fun(_) -> - application:unset_env(oidcc, provider_max_tries), - ok - end, - WithoutKeys = {"real config fetch", fun() -> real_config_fetch(false) end}, - WithKeys = {"real config and keys fetch", fun() -> real_config_fetch(true) end}, - Instantiator = fun(_) -> [WithoutKeys, {timeout, 70, [WithKeys]}] end, - {setup, Setup, Cleanup, Instantiator}. - -real_config_fetch(WithKeys) -> - Id = <<"some id">>, - ConfigEndpoint = <<"https://accounts.google.com/.well-known/openid-configuration">>, - Issuer = <<"https://accounts.google.com">>, - Config = - #{name => <<"some name">>, - description => <<"some description">>, - client_id => <<"123">>, - client_secret => <<"dont tell">>, - request_scopes => undefined, - issuer_or_endpoint => Issuer, - local_endpoint => <<"/here">>, - static_extend_url => #{}}, - {ok, Pid} = oidcc_openid_provider:start_link(Id, Config), - ok = oidcc_openid_provider:update_config(Pid), - ok = wait_for_config(Pid, 50), - {ok, Config2} = oidcc_openid_provider:get_config(Pid), - #{config_endpoint := ConfigEndpoint, - keys := [], - issuer := Issuer, - jwks_uri := <<"https://www.googleapis.com/oauth2/v3/certs">>} = - Config2, - ok = - case WithKeys of - true -> - {ok, Keys} = oidcc_openid_provider:update_and_get_keys(Pid), - true = length(Keys) >= 1, - ok; - _ -> - ok - end, - ok = oidcc_openid_provider:stop(Pid), - ok = test_util:wait_for_process_to_die(Pid, 100). - -wait_for_config(_, 0) -> - timeout; -wait_for_config(Pid, Timeout) -> - {ok, Config} = oidcc_openid_provider:get_config(Pid), - case maps:is_key(jwks_uri, Config) of - true -> - ok; - false -> - timer:sleep(100), - wait_for_config(Pid, Timeout - 1) - end. diff --git a/test/oidcc_provider_configuration_SUITE.erl b/test/oidcc_provider_configuration_SUITE.erl new file mode 100644 index 0000000..f93ca0b --- /dev/null +++ b/test/oidcc_provider_configuration_SUITE.erl @@ -0,0 +1,110 @@ +-module(oidcc_provider_configuration_SUITE). + +-export([all/0]). +-export([load_configuration/1]). +-export([load_jwks/1]). +-export([load_well_known_openid_introspections/1]). +-export([reads_configuration_expiry/1]). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("jose/include/jose_jwk.hrl"). +-include_lib("oidcc/include/oidcc_provider_configuration.hrl"). +-include_lib("stdlib/include/assert.hrl"). + +all() -> + [ + load_configuration, + load_jwks, + reads_configuration_expiry, + load_well_known_openid_introspections + ]. + +load_configuration(_Config) -> + ?assertMatch( + {ok, { + #oidcc_provider_configuration{ + token_endpoint = + <<"https://oauth2.googleapis.com/token">> + }, + 3_600_000 + }}, + oidcc_provider_configuration:load_configuration( + <<"https://accounts.google.com/">>, + #{} + ) + ). + +load_jwks(_Config) -> + ?assertMatch( + {ok, {#jose_jwk{keys = _Keys}, _}}, + oidcc_provider_configuration:load_jwks( + <<"https://www.googleapis.com/oauth2/v3/certs">>, + #{} + ) + ). + +reads_configuration_expiry(_Config) -> + ?assertMatch( + {ok, {#oidcc_provider_configuration{}, 86_400_000}}, + oidcc_provider_configuration:load_configuration( + <<"https://login.microsoftonline.com/common/v2.0">>, + #{} + ) + ). + +load_well_known_openid_introspections(_Config) -> + %% Google + ?assertMatch( + {ok, {#oidcc_provider_configuration{}, _}}, + oidcc_provider_configuration:load_configuration( + <<"https://accounts.google.com">>, + #{} + ) + ), + + %% Yahoo + ?assertMatch( + {ok, {#oidcc_provider_configuration{}, _}}, + oidcc_provider_configuration:load_configuration( + <<"https://login.yahoo.com">>, + #{} + ) + ), + + %% Salesforce + ?assertMatch( + {ok, {#oidcc_provider_configuration{}, _}}, + oidcc_provider_configuration:load_configuration( + <<"https://login.salesforce.com">>, + #{} + ) + ), + + %% Taken Over from v1 + ?assertMatch( + {ok, {#oidcc_provider_configuration{}, _}}, + oidcc_provider_configuration:load_configuration( + <<"https://iam-test.indigo-datacloud.eu">>, + #{} + ) + ), + + %% Taken Over from v1 + ?assertMatch( + {ok, {#oidcc_provider_configuration{}, _}}, + oidcc_provider_configuration:load_configuration( + <<"https://services.humanbrainproject.eu/oidc">>, + #{} + ) + ), + + %% Test Instance of Zitadel + ?assertMatch( + {ok, {#oidcc_provider_configuration{}, _}}, + oidcc_provider_configuration:load_configuration( + <<"https://erlef-test-w4a8z2.zitadel.cloud">>, + #{} + ) + ), + + ok. diff --git a/test/oidcc_provider_configuration_test.erl b/test/oidcc_provider_configuration_test.erl new file mode 100644 index 0000000..d9a38fa --- /dev/null +++ b/test/oidcc_provider_configuration_test.erl @@ -0,0 +1,560 @@ +-module(oidcc_provider_configuration_test). + +-include_lib("eunit/include/eunit.hrl"). +-include_lib("oidcc/include/oidcc_provider_configuration.hrl"). + +decode_google_test() -> + PrivDir = code:priv_dir(oidcc), + + {ok, Configuration} = file:read_file(PrivDir ++ "/test/fixtures/google-metadata.json"), + ?assertMatch( + {ok, #oidcc_provider_configuration{ + issuer = <<"https://accounts.google.com">>, + token_endpoint = + <<"https://oauth2.googleapis.com/token">>, + userinfo_endpoint = + <<"https://openidconnect.googleapis.com/v1/userinfo">>, + jwks_uri = + <<"https://www.googleapis.com/oauth2/v3/certs">>, + registration_endpoint = undefined, + scopes_supported = + [<<"openid">>, <<"email">>, <<"profile">>], + response_types_supported = + [ + <<"code">>, + <<"token">>, + <<"id_token">>, + <<"code token">>, + <<"code id_token">>, + <<"token id_token">>, + <<"code token id_token">>, + <<"none">> + ], + response_modes_supported = + [<<"query">>, <<"fragment">>], + grant_types_supported = + [ + <<"authorization_code">>, + <<"refresh_token">>, + <<"urn:ietf:params:oauth:grant-type:device_code">>, + <<"urn:ietf:params:oauth:grant-type:jwt-bearer">> + ], + acr_values_supported = undefined, + subject_types_supported = [public], + id_token_signing_alg_values_supported = + [<<"RS256">>], + id_token_encryption_alg_values_supported = + undefined, + id_token_encryption_enc_values_supported = + undefined, + userinfo_signing_alg_values_supported = undefined, + userinfo_encryption_alg_values_supported = + undefined, + userinfo_encryption_enc_values_supported = + undefined, + request_object_signing_alg_values_supported = + undefined, + request_object_encryption_alg_values_supported = + undefined, + request_object_encryption_enc_values_supported = + undefined, + token_endpoint_auth_methods_supported = + [ + <<"client_secret_post">>, + <<"client_secret_basic">> + ], + token_endpoint_auth_signing_alg_values_supported = + undefined, + display_values_supported = undefined, + claim_types_supported = [normal], + claims_supported = + [ + <<"aud">>, + <<"email">>, + <<"email_verified">>, + <<"exp">>, + <<"family_name">>, + <<"given_name">>, + <<"iat">>, + <<"iss">>, + <<"locale">>, + <<"name">>, + <<"picture">>, + <<"sub">> + ], + service_documentation = undefined, + claims_locales_supported = undefined, + ui_locales_supported = undefined, + claims_parameter_supported = false, + request_parameter_supported = false, + request_uri_parameter_supported = true, + require_request_uri_registration = false, + op_policy_uri = undefined, + op_tos_uri = undefined, + revocation_endpoint = + <<"https://oauth2.googleapis.com/revoke">>, + revocation_endpoint_auth_methods_supported = + [<<"client_secret_basic">>], + revocation_endpoint_auth_signing_alg_values_supported = + undefined, + introspection_endpoint = undefined, + introspection_endpoint_auth_methods_supported = + [<<"client_secret_basic">>], + introspection_endpoint_auth_signing_alg_values_supported = + undefined, + code_challenge_methods_supported = + [<<"plain">>, <<"S256">>], + extra_fields = + #{ + <<"device_authorization_endpoint">> := + <<"https://oauth2.googleapis.com/device/code">> + } + }}, + oidcc_provider_configuration:decode_configuration(jose:decode(Configuration)) + ). + +check_validations_test() -> + ?assertMatch( + {error, {invalid_config_property, {uri, issuer}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"issuer">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri, authorization_endpoint}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"authorization_endpoint">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri, token_endpoint}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"token_endpoint">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri_https, userinfo_endpoint}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"userinfo_endpoint">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri_https, userinfo_endpoint}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"userinfo_endpoint">> => + <<"file:///foo">> + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri, jwks_uri}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"jwks_uri">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri, registration_endpoint}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"registration_endpoint">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, scopes_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"scopes_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, scopes_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"scopes_supported">> => + [ + <<"test">>, + 7 + ] + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {scopes_including_openid, scopes_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"scopes_supported">> => + [<<"without openid">>] + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, response_types_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"response_types_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, response_modes_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"response_modes_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, grant_types_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"grant_types_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, acr_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"acr_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, subject_types_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"subject_types_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {enum, subject_types_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"subject_types_supported">> => + [ + <<"pairwise">>, + <<"public">>, + <<"invalid">> + ] + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, {list_of_binaries, id_token_signing_alg_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"id_token_signing_alg_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, {list_of_binaries, id_token_encryption_alg_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"id_token_encryption_alg_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, {list_of_binaries, id_token_encryption_enc_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"id_token_encryption_enc_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, {list_of_binaries, userinfo_signing_alg_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"userinfo_signing_alg_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, {list_of_binaries, userinfo_encryption_alg_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"userinfo_encryption_alg_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, {list_of_binaries, userinfo_encryption_enc_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"userinfo_encryption_enc_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, + {list_of_binaries, request_object_signing_alg_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"request_object_signing_alg_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, + {list_of_binaries, request_object_encryption_alg_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"request_object_encryption_alg_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, + {list_of_binaries, request_object_encryption_enc_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"request_object_encryption_enc_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, {list_of_binaries, token_endpoint_auth_methods_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"token_endpoint_auth_methods_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, + {list_of_binaries, token_endpoint_auth_signing_alg_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"token_endpoint_auth_signing_alg_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, + {invalid_config_property, + {alg_no_none, token_endpoint_auth_signing_alg_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"token_endpoint_auth_signing_alg_values_supported">> => + [ + <<"something">>, + <<"none">> + ] + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, display_values_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"display_values_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, claim_types_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"claim_types_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {enum, claim_types_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"claim_types_supported">> => + [ + <<"normal">>, + <<"aggregated">>, + <<"distributed">>, + <<"invalid">> + ] + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, claims_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"claims_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri, service_documentation}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"service_documentation">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, claims_locales_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"claims_locales_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {list_of_binaries, ui_locales_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"ui_locales_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {boolean, claims_parameter_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"claims_parameter_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {boolean, request_parameter_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"request_parameter_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {boolean, request_uri_parameter_supported}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"request_uri_parameter_supported">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri, op_policy_uri}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"op_policy_uri">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {invalid_config_property, {uri, op_tos_uri}}}, + oidcc_provider_configuration:decode_configuration( + google_merge_json(#{ + <<"op_tos_uri">> => + 7 + }) + ) + ), + + ?assertMatch( + {error, {missing_config_property, issuer}}, + oidcc_provider_configuration:decode_configuration(#{}) + ), + + ok. + +google_merge_json(Merge) -> + PrivDir = code:priv_dir(oidcc), + {ok, ValidConfigString} = file:read_file(PrivDir ++ "/test/fixtures/google-metadata.json"), + Decoded = jose:decode(ValidConfigString), + maps:merge(Decoded, Merge). diff --git a/test/oidcc_provider_configuration_worker_SUITE.erl b/test/oidcc_provider_configuration_worker_SUITE.erl new file mode 100644 index 0000000..4e50aa3 --- /dev/null +++ b/test/oidcc_provider_configuration_worker_SUITE.erl @@ -0,0 +1,202 @@ +-module(oidcc_provider_configuration_worker_SUITE). + +-export([all/0]). +-export([end_per_suite/1]). +-export([errors_on_invalid_issuer/1]). +-export([init_per_suite/1]). +-export([refreshes_after_timeout/1]). +-export([refreshes_jwks_on_missing_kid/1]). +-export([retrieves_configuration/1]). +-export([retrieves_jwks/1]). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("jose/include/jose_jwk.hrl"). +-include_lib("oidcc/include/oidcc_provider_configuration.hrl"). +-include_lib("stdlib/include/assert.hrl"). + +all() -> + [ + retrieves_configuration, + retrieves_jwks, + errors_on_invalid_issuer, + refreshes_jwks_on_missing_kid, + refreshes_after_timeout + ]. + +init_per_suite(_Config) -> + {ok, _} = application:ensure_all_started(oidcc), + []. + +end_per_suite(_Config) -> + ok. + +retrieves_configuration(_Config) -> + {ok, GoogleConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://accounts.google.com/">>, + name => {local, retrieves_configuration_oidcc_provider_configuration_worker_SUITE} + }), + + ?assertMatch( + #oidcc_provider_configuration{ + token_endpoint = + <<"https://oauth2.googleapis.com/token">> + }, + oidcc_provider_configuration_worker:get_provider_configuration( + retrieves_configuration_oidcc_provider_configuration_worker_SUITE + ) + ), + + TelemetryRef = + telemetry_test:attach_event_handlers( + self(), + [ + [oidcc, load_configuration, start], + [oidcc, load_configuration, stop] + ] + ), + + oidcc_provider_configuration_worker:refresh_configuration(GoogleConfigurationPid), + + receive + {[oidcc, load_configuration, start], TelemetryRef, #{}, #{ + issuer := <<"https://accounts.google.com/">> + }} -> + ok + after 10_000 -> + ct:fail(timeout_receive_attach_event_handlers) + end, + + receive + {[oidcc, load_configuration, stop], TelemetryRef, #{duration := _Duration}, #{ + issuer := <<"https://accounts.google.com/">> + }} -> + ok + after 10_000 -> + ct:fail(timeout_receive_attach_event_handlers) + end, + + ?assertMatch( + #oidcc_provider_configuration{}, + oidcc_provider_configuration_worker:get_provider_configuration(GoogleConfigurationPid) + ). + +retrieves_jwks(_Config) -> + {ok, GoogleConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://accounts.google.com/">> + }), + + ?assertMatch( + #jose_jwk{keys = _Keys}, + oidcc_provider_configuration_worker:get_jwks(GoogleConfigurationPid) + ), + + TelemetryRef = + telemetry_test:attach_event_handlers( + self(), + [[oidcc, load_jwks, start], [oidcc, load_jwks, stop]] + ), + + oidcc_provider_configuration_worker:refresh_jwks(GoogleConfigurationPid), + + receive + {[oidcc, load_jwks, start], TelemetryRef, #{}, #{ + jwks_uri := <<"https://www.googleapis.com/oauth2/v3/certs">> + }} -> + ok + after 10_000 -> + ct:fail(timeout_receive_attach_event_handlers) + end, + + receive + {[oidcc, load_jwks, stop], TelemetryRef, #{duration := _Duration}, #{ + jwks_uri := <<"https://www.googleapis.com/oauth2/v3/certs">> + }} -> + ok + after 10_000 -> + ct:fail(timeout_receive_attach_event_handlers) + end, + + ?assertMatch( + #jose_jwk{keys = _Keys}, + oidcc_provider_configuration_worker:get_jwks(GoogleConfigurationPid) + ). + +refreshes_jwks_on_missing_kid(_Config) -> + {ok, GoogleConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://accounts.google.com/">> + }), + + #jose_jwk{ + keys = + {jose_jwk_set, [#jose_jwk{fields = #{<<"kid">> := ExistingKid}} | _Rest]} + } = oidcc_provider_configuration_worker:get_jwks(GoogleConfigurationPid), + + TelemetryRef = telemetry_test:attach_event_handlers(self(), [[oidcc, load_jwks, start]]), + + oidcc_provider_configuration_worker:refresh_jwks_for_unknown_kid( + GoogleConfigurationPid, + "kid" + ), + + ?assertMatch( + #jose_jwk{keys = _Keys}, + oidcc_provider_configuration_worker:get_jwks(GoogleConfigurationPid) + ), + + receive + {[oidcc, load_jwks, start], TelemetryRef, #{}, #{}} -> + ok + after 10_000 -> + ct:fail(timeout_receive_attach_event_handlers) + end, + + oidcc_provider_configuration_worker:refresh_jwks_for_unknown_kid( + GoogleConfigurationPid, + ExistingKid + ), + + receive + {[oidcc, load_jwks, start], TelemetryRef, #{}, #{}} -> + ct:fail(should_not_trigger_refresh) + after 1_000 -> + ok + end. + +refreshes_after_timeout(_Config) -> + {ok, YahooConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://login.yahoo.com">>, + provider_configuration_opts => #{fallback_expiry => 100} + }), + + ?assertMatch( + #oidcc_provider_configuration{}, + oidcc_provider_configuration_worker:get_provider_configuration(YahooConfigurationPid) + ), + + TelemetryRef = + telemetry_test:attach_event_handlers(self(), [[oidcc, load_configuration, start]]), + + receive + {[oidcc, load_configuration, start], TelemetryRef, #{}, #{}} -> + ok + after 1_000 -> + ct:fail(should_refresh_automatically) + end. + +errors_on_invalid_issuer(_Config) -> + process_flag(trap_exit, true), + + ?assertExit( + {{configuration_load_failed, {http_error, 404, _}}, _}, + initialize_invalid_issuer() + ). + +initialize_invalid_issuer() -> + {ok, Pid} = + oidcc_provider_configuration_worker:start_link(#{issuer => <<"https://example.com/">>}), + + oidcc_provider_configuration_worker:get_provider_configuration(Pid). diff --git a/test/oidcc_provider_configuration_worker_test.erl b/test/oidcc_provider_configuration_worker_test.erl new file mode 100644 index 0000000..6d3cd71 --- /dev/null +++ b/test/oidcc_provider_configuration_worker_test.erl @@ -0,0 +1,9 @@ +-module(oidcc_provider_configuration_worker_test). + +-include_lib("eunit/include/eunit.hrl"). + +does_not_start_without_issuer_test() -> + ?assertMatch( + {error, issuer_required}, + oidcc_provider_configuration_worker:start_link(#{}) + ). diff --git a/test/oidcc_session_mgr_test.erl b/test/oidcc_session_mgr_test.erl deleted file mode 100644 index 3e9b60e..0000000 --- a/test/oidcc_session_mgr_test.erl +++ /dev/null @@ -1,78 +0,0 @@ --module(oidcc_session_mgr_test). - --include_lib("eunit/include/eunit.hrl"). - -start_stop_test() -> - {ok, Pid} = oidcc_session_mgr:start_link(), - ok = oidcc_session_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. - -basic_session_test() -> - MeckModules = [oidcc_session_sup, oidcc], - test_util:meck_new(MeckModules), - ProviderId = <<"oidcc_provider">>, - NewSession = fun(Id, Nonce, PId) -> oidcc_session:start_link(Id, Nonce, PId) end, - meck:expect(oidcc_session_sup, new_session, NewSession), - meck:expect(oidcc, - get_openid_provider_info, - fun(_) -> {ok, #{request_scopes => undefined}} end), - {ok, Pid} = oidcc_session_mgr:start_link(), - {ok, []} = oidcc_session_mgr:get_session_list(), - {ok, SessPid} = oidcc_session_mgr:new_session(ProviderId), - {ok, List} = oidcc_session_mgr:get_session_list(), - ?assertEqual(1, length(List)), - [{SessionId, SessPid}] = List, - ok = oidcc_session_mgr:session_terminating(SessionId), - {ok, []} = oidcc_session_mgr:get_session_list(), - ok = oidcc_session_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = test_util:meck_done(MeckModules), - ok. - -advanced_session_test() -> - MeckModules = [oidcc, oidcc_session_sup], - test_util:meck_new(MeckModules), - NewSession = fun(Id, Nonce, PId) -> oidcc_session:start_link(Id, Nonce, PId) end, - meck:expect(oidcc_session_sup, new_session, NewSession), - meck:expect(oidcc, - get_openid_provider_info, - fun(_) -> {ok, #{request_scopes => undefined}} end), - ProviderId = <<"oidcc_provider">>, - {ok, Pid} = oidcc_session_mgr:start_link(), - {ok, []} = oidcc_session_mgr:get_session_list(), - {ok, Sess1} = oidcc_session_mgr:new_session(ProviderId), - {ok, SessId} = oidcc_session:get_id(Sess1), - {ok, List1} = oidcc_session_mgr:get_session_list(), - ?assertEqual(1, length(List1)), - {ok, Sess2} = oidcc_session_mgr:get_session(SessId), - ?assertEqual(Sess1, Sess2), - {ok, List2} = oidcc_session_mgr:get_session_list(), - ?assertEqual(List1, List2), - {ok, Sess3} = oidcc_session_mgr:new_session(ProviderId), - {ok, List3} = oidcc_session_mgr:get_session_list(), - ?assertEqual(2, length(List3)), - {ok, Sess4} = oidcc_session_mgr:new_session(ProviderId), - {ok, List4} = oidcc_session_mgr:get_session_list(), - ?assertEqual(3, length(List4)), - ok = oidcc_session:close(Sess3), - ok = test_util:wait_for_process_to_die(Sess3, 100), - {ok, List5} = oidcc_session_mgr:get_session_list(), - ?assertEqual(2, length(List5)), - ok = oidcc_session_mgr:close_all_sessions(), - {ok, []} = oidcc_session_mgr:get_session_list(), - ok = test_util:wait_for_process_to_die(Sess1, 100), - ok = test_util:wait_for_process_to_die(Sess4, 100), - ok = oidcc_session_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = test_util:meck_done(MeckModules), - ok. - -garbage_test() -> - {ok, Pid} = oidcc_session_mgr:start_link(), - ignored = gen_server:call(Pid, garbage), - ok = gen_server:cast(Pid, garbage), - Pid ! garbage, - ok = oidcc_session_mgr:stop(), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok. diff --git a/test/oidcc_session_test.erl b/test/oidcc_session_test.erl deleted file mode 100644 index ca8054b..0000000 --- a/test/oidcc_session_test.erl +++ /dev/null @@ -1,86 +0,0 @@ --module(oidcc_session_test). - --include_lib("eunit/include/eunit.hrl"). - -start_stop_test() -> - MeckModules = [oidcc, oidcc_session_mgr], - ok = test_util:meck_new(MeckModules), - meck:expect(oidcc_session_mgr, session_terminating, fun(_) -> ok end), - meck:expect(oidcc, - get_openid_provider_info, - fun(_) -> {ok, #{request_scopes => undefined}} end), - Id = 123, - Nonce = 123, - ProviderId = <<"oidcc_provider">>, - {ok, Pid} = oidcc_session:start_link(Id, Nonce, ProviderId), - ok = oidcc_session:close(Pid), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = test_util:meck_done(MeckModules), - ok. - -timeout_test() -> - MeckModules = [oidcc, oidcc_session_mgr], - ok = test_util:meck_new(MeckModules), - meck:expect(oidcc_session_mgr, session_terminating, fun(_) -> ok end), - meck:expect(oidcc, - get_openid_provider_info, - fun(_) -> {ok, #{request_scopes => undefined}} end), - application:set_env(oidcc, session_timeout, 50), - Id = 123, - Nonce = 123, - ProviderId = <<"oidcc_provider">>, - {ok, Pid} = oidcc_session:start_link(Id, Nonce, ProviderId), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = test_util:meck_done(MeckModules), - ok. - -garbage_test() -> - MeckModules = [oidcc, oidcc_session_mgr], - ok = test_util:meck_new(MeckModules), - meck:expect(oidcc_session_mgr, session_terminating, fun(_) -> ok end), - meck:expect(oidcc, - get_openid_provider_info, - fun(_) -> {ok, #{request_scopes => undefined}} end), - Id = 123, - Nonce = 123, - ProviderId = <<"oidcc_provider">>, - {ok, Pid} = oidcc_session:start_link(Id, Nonce, ProviderId), - ignored = gen_server:call(Pid, garbage), - ok = gen_server:cast(Pid, garbage), - Pid ! garbage, - ok = oidcc_session:close(Pid), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = test_util:meck_done(MeckModules), - ok. - -get_set_test() -> - MeckModules = [oidcc, oidcc_session_mgr], - ok = test_util:meck_new(MeckModules), - meck:expect(oidcc_session_mgr, session_terminating, fun(_) -> ok end), - meck:expect(oidcc, - get_openid_provider_info, - fun(_) -> {ok, #{request_scopes => undefined}} end), - Id = id, - Nonce = nonce, - Scopes = [openid], - UserAgent = <<"some agent">>, - PeerIp = <<"some ip">>, - ClientMod = <<"id234">>, - Provider = <<"oidcc_provider">>, - {ok, Pid} = oidcc_session:start_link(Id, Nonce, Provider), - ok = oidcc_session:set_user_agent(UserAgent, Pid), - ok = oidcc_session:set_peer_ip(PeerIp, Pid), - ok = oidcc_session:set_client_mod(ClientMod, Pid), - ?assertEqual({ok, Nonce}, oidcc_session:get_nonce(Pid)), - ?assertEqual({ok, Id}, oidcc_session:get_id(Pid)), - ?assertEqual({ok, Scopes}, oidcc_session:get_scopes(Pid)), - ?assertEqual({ok, Provider}, oidcc_session:get_provider(Pid)), - ?assertEqual({ok, ClientMod}, oidcc_session:get_client_mod(Pid)), - ?assertEqual(true, oidcc_session:is_user_agent(UserAgent, Pid)), - ?assertEqual(false, oidcc_session:is_user_agent(PeerIp, Pid)), - ?assertEqual(true, oidcc_session:is_peer_ip(PeerIp, Pid)), - ?assertEqual(false, oidcc_session:is_peer_ip(UserAgent, Pid)), - ok = oidcc_session:close(Pid), - ok = test_util:wait_for_process_to_die(Pid, 100), - ok = test_util:meck_done(MeckModules), - ok. diff --git a/test/oidcc_test.erl b/test/oidcc_test.erl deleted file mode 100644 index d6a838d..0000000 --- a/test/oidcc_test.erl +++ /dev/null @@ -1,265 +0,0 @@ --module(oidcc_test). - --include_lib("eunit/include/eunit.hrl"). - -add_openid_provider_test() -> - MyPid = self(), - RandomId = <<"6">>, - AddFun = - fun(Config) -> - Id = maps:get(id, Config, undefined), - case Id of - undefined -> - {ok, RandomId, MyPid}; - Id -> - {ok, Id, MyPid} - end - end, - ok = meck:new(oidcc_openid_provider), - ok = meck:new(oidcc_openid_provider_mgr), - ok = meck:expect(oidcc_openid_provider, update_config, fun(_) -> ok end), - ok = meck:expect(oidcc_openid_provider_mgr, add_openid_provider, AddFun), - ConfigEndpoint = <<"some_remote_url">>, - LocalEndpoint = <<"some_local_url">>, - Id = <<"123345456">>, - Config = #{client_id => <<"123">>, client_secret => <<"secret">>}, - {ok, RandomId, MyPid} = oidcc:add_openid_provider(ConfigEndpoint, LocalEndpoint, Config), - {ok, Id, MyPid} = - oidcc:add_openid_provider(ConfigEndpoint, LocalEndpoint, maps:put(id, Id, Config)), - true = meck:validate(oidcc_openid_provider), - true = meck:validate(oidcc_openid_provider_mgr), - meck:unload(oidcc_openid_provider), - meck:unload(oidcc_openid_provider_mgr), - ok. - -get_openid_provider_info_test() -> - MyPid = self(), - ProviderId = <<"6">>, - BadProviderId = <<"7">>, - ConfigFun = - fun(Pid) -> - Pid = MyPid, - {ok, #{}} - end, - MapFun = - fun(Id) -> - case Id of - ProviderId -> - {ok, MyPid}; - _ -> - {error, not_found} - end - end, - ok = meck:new(oidcc_openid_provider), - ok = meck:new(oidcc_openid_provider_mgr), - ok = meck:expect(oidcc_openid_provider, get_config, ConfigFun), - ok = meck:expect(oidcc_openid_provider_mgr, get_openid_provider, MapFun), - {ok, #{}} = oidcc:get_openid_provider_info(MyPid), - {ok, #{}} = oidcc:get_openid_provider_info(ProviderId), - {error, not_found} = oidcc:get_openid_provider_info(BadProviderId), - true = meck:validate(oidcc_openid_provider), - true = meck:validate(oidcc_openid_provider_mgr), - meck:unload(oidcc_openid_provider), - meck:unload(oidcc_openid_provider_mgr), - ok. - -get_openid_provider_list_test() -> - ListFun = fun() -> {ok, []} end, - ok = meck:new(oidcc_openid_provider_mgr), - ok = meck:expect(oidcc_openid_provider_mgr, get_openid_provider_list, ListFun), - {ok, []} = oidcc:get_openid_provider_list(), - true = meck:validate(oidcc_openid_provider_mgr), - meck:unload(oidcc_openid_provider_mgr), - ok. - -create_redirect_url_test() -> - MyPid = self(), - ProviderId = <<"6">>, - ClientId = <<"123">>, - State = <<"someimportantstate">>, - Nonce = <<"noncenonce">>, - LocalEndpoint = <<"https://my.server/return">>, - AuthzEndpoint = <<"https://my.provider/auth">>, - ConfigFun = - fun(Pid) -> - Pid = MyPid, - {ok, - #{local_endpoint => LocalEndpoint, - client_id => ClientId, - authorization_endpoint => AuthzEndpoint, - static_extend_url => #{<<"test">> => <<"id">>}}} - end, - MapFun = - fun(Id) -> - case Id of - ProviderId -> - {ok, MyPid}; - _ -> - {error, not_found} - end - end, - ok = meck:new(oidcc_openid_provider), - ok = meck:new(oidcc_openid_provider_mgr), - ok = meck:expect(oidcc_openid_provider, get_config, ConfigFun), - ok = meck:expect(oidcc_openid_provider_mgr, get_openid_provider, MapFun), - Config1 = #{scopes => ["email", <<"openid">>]}, - Config2 = #{scopes => ["email", <<"profile">>, openid], state => State}, - Config3 = - #{scopes => [email, profile, openid], - state => State, - nonce => Nonce}, - Config4 = - #{scopes => ["email", <<"openid">>], url_extension => #{<<"other">> => <<"green">>}}, - {ok, Url1} = oidcc:create_redirect_url(ProviderId), - {ok, Url2} = oidcc:create_redirect_url(ProviderId, Config1), - {ok, Url3} = oidcc:create_redirect_url(ProviderId, Config2), - {ok, Url4} = oidcc:create_redirect_url(ProviderId, Config3), - {ok, Url5} = oidcc:create_redirect_url(ProviderId, Config4), - ExpUrl1 = - <<"https://my.provider/auth?scope=openid&response_type=code&client_id=123&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, - ?assertEqual(ExpUrl1, Url1), - ExpUrl2 = - <<"https://my.provider/auth?scope=openid+email&response_type=code&client_id=123&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, - ?assertEqual(ExpUrl2, Url2), - ExpUrl3 = - <<"https://my.provider/auth?scope=openid+profile+email&state=someimportantstate&response_type=code&client_id=123&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, - ?assertEqual(ExpUrl3, Url3), - ExpUrl4 = - <<"https://my.provider/auth?scope=openid+profile+email&nonce=noncenonce&state=someimportantstate&response_type=code&client_id=123&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id">>, - ?assertEqual(ExpUrl4, Url4), - ExpUrl5 = - <<"https://my.provider/auth?scope=openid+email&response_type=code&client_id=123&redirect_uri=https%3A%2F%2Fmy.server%2Freturn&test=id&other=green">>, - ?assertEqual(ExpUrl5, Url5), - true = meck:validate(oidcc_openid_provider), - true = meck:validate(oidcc_openid_provider_mgr), - meck:unload(oidcc_openid_provider), - meck:unload(oidcc_openid_provider_mgr), - ok. - -retrieve_and_validate_token_test() -> - MyPid = self(), - ClientId = <<"123">>, - ClientSecret = <<"secret">>, - TokenEndpoint = <<"https://my.provider/token">>, - LocalEndpoint = <<"https://my.server/auth">>, - TokenData = <<"TokenData">>, - IdToken = <<"IdToken">>, - ProviderId = <<"ID123">>, - AuthMethods = [<<"unsupporeted_auth">>, <<"client_secret_post">>], - ConfigFun = - fun(Pid) -> - Pid = MyPid, - {ok, - #{local_endpoint => LocalEndpoint, - client_id => ClientId, - client_secret => ClientSecret, - token_endpoint => TokenEndpoint, - token_endpoint_auth_methods_supported => AuthMethods}} - end, - MapFun = - fun(Id) -> - case Id of - ProviderId -> - {ok, MyPid}; - _ -> - {error, not_found} - end - end, - HttpFun = - fun(Method, Url, _Header, _ContentType, _Body) -> - Method = post, - Url = TokenEndpoint, - {ok, - #{status => 200, - header => [], - body => TokenData}} - end, - ExtractFun = - fun(Data, _Scopes) -> - Data = TokenData, - #{id => IdToken} - end, - ValidateFun = - fun(TokenMap, Provider, _Nonce, _NoneAllowed) -> - Provider = ProviderId, - #{id := IdToken} = TokenMap, - {ok, #{id => #{}}} - end, - ok = meck:new(oidcc_token), - ok = meck:expect(oidcc_token, extract_token_map, ExtractFun), - ok = meck:expect(oidcc_token, validate_token_map, ValidateFun), - ok = meck:new(oidcc_openid_provider), - ok = meck:new(oidcc_openid_provider_mgr), - ok = meck:new(oidcc_http_util), - ok = meck:expect(oidcc_openid_provider, get_config, ConfigFun), - ok = meck:expect(oidcc_openid_provider_mgr, get_openid_provider, MapFun), - ok = meck:expect(oidcc_http_util, sync_http, HttpFun), - AuthCode = <<"1234567890">>, - {ok, #{id := #{}}} = oidcc:retrieve_and_validate_token(AuthCode, ProviderId), - true = meck:validate(oidcc_token), - true = meck:validate(oidcc_openid_provider), - true = meck:validate(oidcc_openid_provider_mgr), - true = meck:validate(oidcc_http_util), - meck:unload(oidcc_openid_provider), - meck:unload(oidcc_openid_provider_mgr), - meck:unload(oidcc_http_util), - meck:unload(oidcc_token), - ok. - -retrieve_user_info_test() -> - MyPid = self(), - ProviderId = <<"6">>, - UserInfoEndpoint = <<"http://my.provider/info">>, - HttpBody = <<"{\"name\":\"joe\", \"sub\":\"123456\"}">>, - GoodSub = <<"123456">>, - BadSub = <<"123789">>, - ConfigFun = - fun(Pid) -> - Pid = MyPid, - {ok, #{userinfo_endpoint => UserInfoEndpoint}} - end, - MapFun = - fun(Id) -> - case Id of - ProviderId -> - {ok, MyPid}; - _ -> - {error, not_found} - end - end, - HttpFun = - fun(Method, Url, _Header, _UseCache) -> - Method = get, - Url = UserInfoEndpoint, - {ok, - #{status => 200, - header => [], - body => HttpBody}} - end, - ok = meck:new(oidcc_openid_provider), - ok = meck:new(oidcc_openid_provider_mgr), - ok = meck:new(oidcc_http_util), - ok = meck:expect(oidcc_openid_provider, get_config, ConfigFun), - ok = meck:expect(oidcc_openid_provider_mgr, get_openid_provider, MapFun), - ok = meck:expect(oidcc_http_util, sync_http, HttpFun), - AccessToken = <<"opensesame">>, - GoodToken = - #{access => #{token => AccessToken}, - id => #{claims => #{sub => <<"123456">>}}, - refresh => #{}}, - BadToken = - #{access => #{token => AccessToken}, - id => #{claims => #{sub => <<"123457">>}}, - refresh => #{}}, - {ok, #{name := <<"joe">>}} = oidcc:retrieve_user_info(GoodToken, ProviderId), - {ok, #{name := <<"joe">>}} = oidcc:retrieve_user_info(AccessToken, ProviderId, GoodSub), - {ok, #{name := <<"joe">>}} = oidcc:retrieve_user_info(AccessToken, ProviderId), - {error, bad_subject} = oidcc:retrieve_user_info(BadToken, ProviderId), - {error, bad_subject} = oidcc:retrieve_user_info(AccessToken, ProviderId, BadSub), - true = meck:validate(oidcc_openid_provider), - true = meck:validate(oidcc_openid_provider_mgr), - true = meck:validate(oidcc_http_util), - meck:unload(oidcc_openid_provider), - meck:unload(oidcc_openid_provider_mgr), - meck:unload(oidcc_http_util), - ok. diff --git a/test/oidcc_test.exs b/test/oidcc_test.exs new file mode 100644 index 0000000..edee7ba --- /dev/null +++ b/test/oidcc_test.exs @@ -0,0 +1,182 @@ +defmodule OidccTest do + use ExUnit.Case + + alias Oidcc.ProviderConfiguration + alias Oidcc.Token + + doctest Oidcc + + %{ + "clientId" => client_credentials_client_id, + "clientSecret" => client_credentials_client_secret + } = + :oidcc + |> Application.app_dir("priv/test/fixtures/zitadel-client-credentials.json") + |> File.read!() + |> JOSE.decode() + + @client_credentials_client_id client_credentials_client_id + @client_credentials_client_secret client_credentials_client_secret + + @jwt_profile :oidcc + |> Application.app_dir("priv/test/fixtures/zitadel-jwt-profile.json") + |> File.read!() + + doctest Token + + setup_all do + # Used in doctests + System.put_env("CLIENT_CREDENTIALS_CLIENT_ID", @client_credentials_client_id) + System.put_env("CLIENT_CREDENTIALS_CLIENT_SECRET", @client_credentials_client_secret) + System.put_env("JWT_PROFILE", @jwt_profile) + + :ok + end + + describe inspect(&Oidcc.create_redirect_url/4) do + test "works" do + pid = + start_supervised!( + {ProviderConfiguration.Worker, %{issuer: "https://accounts.google.com/"}} + ) + + assert {:ok, _redirect_uri} = + Oidcc.create_redirect_url( + pid, + "client_id", + "client_secret", + %{redirect_uri: "https://my.server/return"} + ) + end + end + + describe inspect(&Oidcc.retrieve_token/5) do + test "works" do + pid = + start_supervised!( + {ProviderConfiguration.Worker, %{issuer: "https://accounts.google.com/"}} + ) + + assert {:error, {:http_error, 400, _body}} = + Oidcc.retrieve_token( + "auth_code", + pid, + "client_id", + "client_secret", + %{redirect_uri: "https://my.server/return"} + ) + end + end + + describe inspect(&Oidcc.refresh_token/5) do + test "works" do + pid = + start_supervised!( + {ProviderConfiguration.Worker, %{issuer: "https://accounts.google.com/"}} + ) + + assert {:error, {:http_error, 401, _body}} = + Oidcc.refresh_token( + %Token{ + id: %Token.Id{ + token: "id_token", + claims: %{"sub" => "sub"} + }, + access: %Token.Access{token: "access_token", expires: :undefined}, + refresh: %Token.Refresh{token: "refresh_token"}, + scope: ["profile", "openid"] + }, + pid, + "client_id", + "client_secret", + %{redirect_uri: "https://my.server/return"} + ) + end + end + + describe inspect(&Oidcc.introspect_token/5) do + test "works" do + pid = + start_supervised!({ProviderConfiguration.Worker, %{issuer: "https://login.yahoo.com"}}) + + assert {:error, {:http_error, 400, _body}} = + Oidcc.introspect_token( + %Token{ + id: %Token.Id{ + token: "id_token", + claims: %{"sub" => "sub"} + }, + access: %Token.Access{token: "access_token", expires: :undefined}, + refresh: %Token.Refresh{token: "refresh_token"}, + scope: ["profile", "openid"] + }, + pid, + "client_id", + "client_secret" + ) + end + end + + describe inspect(&Oidcc.retrieve_userinfo/5) do + test "works" do + pid = + start_supervised!({ProviderConfiguration.Worker, %{issuer: "https://login.yahoo.com"}}) + + assert {:error, {:http_error, 401, _body}} = + Oidcc.retrieve_userinfo( + %Token{ + id: %Token.Id{ + token: "id_token", + claims: %{"sub" => "sub"} + }, + access: %Token.Access{token: "access_token", expires: :undefined}, + refresh: %Token.Refresh{token: "refresh_token"}, + scope: ["profile", "openid"] + }, + pid, + "client_id", + "client_secret" + ) + end + end + + describe inspect(&Oidcc.jwt_profile_token/4) do + test "works" do + pid = + start_supervised!( + {ProviderConfiguration.Worker, %{issuer: "https://erlef-test-w4a8z2.zitadel.cloud"}} + ) + + %{"key" => key, "keyId" => kid, "userId" => subject} = JOSE.decode(@jwt_profile) + + jwk = JOSE.JWK.from_pem(key) + + assert {:ok, %Token{}} = + Oidcc.jwt_profile_token( + subject, + pid, + "client_id", + "client_secret", + jwk, + %{scope: ["urn:zitadel:iam:org:project:id:zitadel:aud"], kid: kid} + ) + end + end + + describe inspect(&Oidcc.client_credentials_token/2) do + test "works" do + pid = + start_supervised!( + {ProviderConfiguration.Worker, %{issuer: "https://erlef-test-w4a8z2.zitadel.cloud"}} + ) + + assert {:ok, %Token{}} = + Oidcc.client_credentials_token( + pid, + @client_credentials_client_id, + @client_credentials_client_secret, + %{scope: ["scope"]} + ) + end + end +end diff --git a/test/oidcc_token_SUITE.erl b/test/oidcc_token_SUITE.erl new file mode 100644 index 0000000..e683983 --- /dev/null +++ b/test/oidcc_token_SUITE.erl @@ -0,0 +1,114 @@ +-module(oidcc_token_SUITE). + +-export([all/0]). +-export([end_per_suite/1]). +-export([init_per_suite/1]). +-export([retrieves_client_credentials_token/1]). +-export([retrieves_jwt_profile_token/1]). + +-include_lib("common_test/include/ct.hrl"). +-include_lib("jose/include/jose_jwk.hrl"). +-include_lib("oidcc/include/oidcc_token.hrl"). +-include_lib("stdlib/include/assert.hrl"). + +all() -> [retrieves_jwt_profile_token, retrieves_client_credentials_token]. + +init_per_suite(_Config) -> + {ok, _} = application:ensure_all_started(oidcc), + []. + +end_per_suite(_Config) -> + ok. + +retrieves_jwt_profile_token(_Config) -> + {ok, SalesforceConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://login.salesforce.com">> + }), + + {ok, ZitadelConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://erlef-test-w4a8z2.zitadel.cloud">> + }), + + {ok, SalesforceClientContext} = oidcc_client_context:from_configuration_worker( + SalesforceConfigurationPid, + <<"client_id">>, + <<"client_secret">> + ), + + {ok, ZitadelClientContext} = oidcc_client_context:from_configuration_worker( + ZitadelConfigurationPid, + <<"client_id">>, + <<"client_secret">> + ), + + PrivDir = code:priv_dir(oidcc), + + {ok, KeyJson} = file:read_file(PrivDir ++ "/test/fixtures/zitadel-jwt-profile.json"), + KeyMap = jose:decode(KeyJson), + Key = jose_jwk:from_pem(maps:get(<<"key">>, KeyMap)), + + ?assertMatch( + {ok, #oidcc_token{}}, + oidcc_token:jwt_profile(<<"231391584430604723">>, ZitadelClientContext, Key, #{ + scope => [<<"urn:zitadel:iam:org:project:id:zitadel:aud">>], + kid => maps:get(<<"keyId">>, KeyMap) + }) + ), + + ?assertMatch( + {error, {grant_type_not_supported, jwt_bearer}}, + oidcc_token:jwt_profile(<<"231391584430604723">>, SalesforceClientContext, Key, #{ + kid => maps:get(<<"keyId">>, KeyMap) + }) + ), + + ok. + +retrieves_client_credentials_token(_Config) -> + PrivDir = code:priv_dir(oidcc), + + {ok, SalesforceConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://login.salesforce.com">> + }), + + {ok, ZitadelConfigurationPid} = + oidcc_provider_configuration_worker:start_link(#{ + issuer => <<"https://erlef-test-w4a8z2.zitadel.cloud">> + }), + + {ok, SalesforceClientContext} = oidcc_client_context:from_configuration_worker( + SalesforceConfigurationPid, + <<"client_id">>, + <<"client_secret">> + ), + + {ok, ZitadelClientCredentialsJson} = file:read_file( + PrivDir ++ "/test/fixtures/zitadel-client-credentials.json" + ), + #{ + <<"clientId">> := ZitadelClientCredentialsClientId, + <<"clientSecret">> := ZitadelClientCredentialsClientSecret + } = jose:decode(ZitadelClientCredentialsJson), + + {ok, ZitadelClientContext} = oidcc_client_context:from_configuration_worker( + ZitadelConfigurationPid, + ZitadelClientCredentialsClientId, + ZitadelClientCredentialsClientSecret + ), + + ?assertMatch( + {error, {grant_type_not_supported, client_credentials}}, + oidcc_token:client_credentials(SalesforceClientContext, #{}) + ), + + ?assertMatch( + {ok, #oidcc_token{}}, + oidcc_token:client_credentials(ZitadelClientContext, #{ + scope => [<<"openid">>, <<"profile">>] + }) + ), + + ok. diff --git a/test/oidcc_token_introspection_test.erl b/test/oidcc_token_introspection_test.erl new file mode 100644 index 0000000..5834d90 --- /dev/null +++ b/test/oidcc_token_introspection_test.erl @@ -0,0 +1,50 @@ +-module(oidcc_token_introspection_test). + +-include_lib("eunit/include/eunit.hrl"). +-include_lib("oidcc/include/oidcc_provider_configuration.hrl"). +-include_lib("oidcc/include/oidcc_token_introspection.hrl"). + +introspect_test() -> + PrivDir = code:priv_dir(oidcc), + + {ok, ConfigurationBinary} = file:read_file(PrivDir ++ "/test/fixtures/example-metadata.json"), + {ok, + #oidcc_provider_configuration{introspection_endpoint = IntrospectionEndpoint} = + Configuration} = + oidcc_provider_configuration:decode_configuration(jose:decode(ConfigurationBinary)), + + Jwks = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"), + + ClientId = <<"client_id">>, + ClientSecret = <<"client_secret">>, + AccessToken = <<"access_token">>, + + ClientContext = oidcc_client_context:from_manual(Configuration, Jwks, ClientId, ClientSecret), + + ok = meck:new(oidcc_http_util, [passthrough]), + HttpFun = + fun( + post, + {ReqEndpoint, _Header, "application/x-www-form-urlencoded", _Body}, + _TelemetryOpts, + _RequestOpts + ) -> + IntrospectionEndpoint = ReqEndpoint, + {ok, {{json, #{<<"active">> => true, <<"client_id">> => ClientId}}, []}} + end, + ok = meck:expect(oidcc_http_util, request, HttpFun), + + ?assertMatch( + {ok, #oidcc_token_introspection{active = true}}, + oidcc_token_introspection:introspect( + AccessToken, + ClientContext, + #{} + ) + ), + + true = meck:validate(oidcc_http_util), + + meck:unload(oidcc_http_util), + + ok. diff --git a/test/oidcc_token_test.erl b/test/oidcc_token_test.erl index 873d22f..7221462 100644 --- a/test/oidcc_token_test.erl +++ b/test/oidcc_token_test.erl @@ -1,265 +1,215 @@ -module(oidcc_token_test). -include_lib("eunit/include/eunit.hrl"). --include_lib("public_key/include/OTP-PUB-KEY.hrl"). - -extract_test() -> - RawData = - <<"{\"access_token\":\"fimr6kVbXlCueoTDvHIofHAaGDeE7DM8\",\"expires_in\":600,\"id_token\":\"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NjA5NjI0NzUsImlzcyI6Imh0dHBzOi8vcHJvdG9uLnNjYy5raXQuZWR1Iiwic3ViIjoiam9lIiwiYXVkIjoiMTIzIiwiaWF0IjoxNDYwOTYyMTc0LCJhdXRoX3RpbWUiOjE0NjA5NjIxNzR9.bJUAXVktgAAIIlw6fshlF035NfpNJ4aF8VfoIt4Kf5UyfTBzG1m9AGClvEFWieWnSJ6AxAV5dLJd3L-_tPs3cM9qUxssuY5CoKtc659X0B8cAOR4vK3ImyEAnipnUGYXcP3Ju8vkqtP75_GOUnbWEtNtxT-GK_2ysRQyF6wpRQHL-lj5u-lhZBHXDDJmGB5A4pex_zdtemlPFc9Ij_XDbmMEh-BoT9r9orC7prJ-ih3cGz3YKfOyxYQO8VPueucwouFcR8FCKasN3IOgyPfUnJl5wtsbm54u94dgu_uMpaIOeDnWbyEUsFldUvhGVJKlXlsk3Q34sFR-0FT1IOvCke\",\"refresh_token\":\"Aw2FafLPDAeysVkPPiQUkOdhtBPpXyNS\",\"token_type\":\"Bearer\"}">>, - ExpectedOutput = - #{access => - #{expires => 600, - token => <<"fimr6kVbXlCueoTDvHIofHAaGDeE7DM8">>, - hash => undefined}, - refresh => #{token => <<"Aw2FafLPDAeysVkPPiQUkOdhtBPpXyNS">>}, - id => - #{token => - <<"eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE0NjA5NjI0NzUsImlzcyI6Imh0dHBzOi8vcHJvdG9uLnNjYy5raXQuZWR1Iiwic3ViIjoiam9lIiwiYXVkIjoiMTIzIiwiaWF0IjoxNDYwOTYyMTc0LCJhdXRoX3RpbWUiOjE0NjA5NjIxNzR9.bJUAXVktgAAIIlw6fshlF035NfpNJ4aF8VfoIt4Kf5UyfTBzG1m9AGClvEFWieWnSJ6AxAV5dLJd3L-_tPs3cM9qUxssuY5CoKtc659X0B8cAOR4vK3ImyEAnipnUGYXcP3Ju8vkqtP75_GOUnbWEtNtxT-GK_2ysRQyF6wpRQHL-lj5u-lhZBHXDDJmGB5A4pex_zdtemlPFc9Ij_XDbmMEh-BoT9r9orC7prJ-ih3cGz3YKfOyxYQO8VPueucwouFcR8FCKasN3IOgyPfUnJl5wtsbm54u94dgu_uMpaIOeDnWbyEUsFldUvhGVJKlXlsk3Q34sFR-0FT1IOvCke">>, - claims => undefined}, - scope => #{scope => <<"openid profile">>, list => [<<"openid">>, <<"profile">>]}}, - ExpectedOutput = oidcc_token:extract_token_map(RawData, <<"openid profile">>), - ok. - --define(RSA_PUBLIC_KEY, - [65537, - 26764034142824704671470727133910664843434961952272064166426226039805773031712563508339384620585192869091085197093344386232207542619708787421377966896296841271368128705832667137731759368836398793992412062213039259549646668413294499661784015754202306959856976300366659103241590400757099670805804654764282426982148086034348017908262389651476327142185608358813461989019448157613779262598416478574844583047253739496922447827706849259886451307152776609476861777213322863455948194927465841543344937499194416674011076061250124513400818349182398008202094247204740240584520318269147256825860139612842332966614539793342302993867]). --define(RSA_PRIVATE_KEY, - {'RSAPrivateKey', - 'two-prime', - 26764034142824704671470727133910664843434961952272064166426226039805773031712563508339384620585192869091085197093344386232207542619708787421377966896296841271368128705832667137731759368836398793992412062213039259549646668413294499661784015754202306959856976300366659103241590400757099670805804654764282426982148086034348017908262389651476327142185608358813461989019448157613779262598416478574844583047253739496922447827706849259886451307152776609476861777213322863455948194927465841543344937499194416674011076061250124513400818349182398008202094247204740240584520318269147256825860139612842332966614539793342302993867, - 65537, - 12794561693313670100205653006781224797363586340001583385478945661643268216176428806876618096082122962427692741885262975428461209855127276346365743059050308024962440641984489088989975449374313353003376259351732914257448923835215476363026888834996387949590598707455138772060958348043394306824326103327356583873848688304161573971837684253713093328415056019518486753353685104889273063916897235433180509399999298673446273215515841603080826297295537431001587831668670650206107678796371102894820869947413565783400511327660856890784768064128415588379491565702377411884622967328023716684228979596814867941892555080877039934913, - 175921812047663448018479509235149059234162469604896431741565550421215807198867689136961832929735756392012649052466171066035877581304404480112067613119039884401516991962137582818872105841975489123820547558891955007907269296649095288060806030752931271323412548318651305799213788576544135388323426837173991918523, - 152135962171497984267966543913856108347630812566910071974963337510843417419284055362416709755317088206676526904022621662056506919405421710738842624864481880983646685082220280096388715674338529824473346539992718562264652001183670660912857359719070110573506895077317198382716742487416742094479674005148886682929, - 7940197446282076983057851111853928577973550591136055130560613060499509554820187443232572467555096623397064496348550193224195887597821512308642385211500678670974979968933624822287008698606336830008410206130924560376424044119932616111263320551248465760938924850490113410044316746409166615479205587444659781421, - 84323951750609034263605058328437724273733757518546902734188980805978106073752129499973861816407422205891707581802977430675841339203838192816095615426435514697513859890011011710962053448744176509055866351301333624887673893266350866802867747864492145911204937114661141511698516423629600936600304533882132364273, - 146498358518282536624753849370270691372323087909948725666061752883743908775492534384951112165832037025133690750650675527600809535328134914630670173454194925358833883485231412349407499865536427735554260391108738360645045140719276539512627330123338501657698608899096243687786198062042440767530650052735017635902, - asn1_NOVALUE}). - -validate_pass_test() -> - Nonce = <<"some random noce">>, - ClientId = <<"234234211">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(valid, ClientId, Nonce, Issuer), - {ok, #{}} = oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. - -validate_group_pass_test() -> - Nonce = <<"some random noce">>, - ClientId = <<"234234211">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(valid_group, ClientId, Nonce, Issuer), - {ok, #{}} = oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. - -validate_fail_field_test() -> - Nonce = <<"some noce">>, - ClientId = <<"23423211">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(missing_field, ClientId, Nonce, Issuer), - {error, {required_fields_missing, _}} = - oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. - -validate_fail_issuer_test() -> - Nonce = <<"some noce">>, - ClientId = <<"23423211">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - BadIssuer = <<"https://bad.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(valid, ClientId, Nonce, BadIssuer), - {error, {invalid_claims, [iss]}} = - oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. - -validate_fail_audience_test() -> - Nonce = <<"some noce">>, - ClientId = <<"23423211">>, - BadClientId = <<"2342311">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(valid, BadClientId, Nonce, Issuer), - {error, {invalid_claims, [aud]}} = - oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. - -validate_fail_audience_group_test() -> - Nonce = <<"some noce">>, - ClientId = <<"23423211">>, - BadClientId = <<"2342311">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(valid_group, BadClientId, Nonce, Issuer), - {error, {invalid_claims, [aud]}} = - oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. - -validate_fail_algo_test() -> - Nonce = <<"some noce">>, - ClientId = <<"23423211">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(bad_algo, ClientId, Nonce, Issuer), - {error, algo_not_allowed} = - oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. - -validate_fail_expired_test() -> - Nonce = <<"some noce">>, - ClientId = <<"23423211">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(expired, ClientId, Nonce, Issuer), - {error, expired} = oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. - -validate_fail_nonce_test() -> - Nonce = <<"some noce">>, - BadNonce = <<"some bad noce">>, - ClientId = <<"23423211">>, - OpenIdProviderId = <<"MyMockedProvider">>, - Issuer = <<"https://mocked.provider">>, - mock_oidcc(OpenIdProviderId, Issuer, ClientId), - IdToken = generate_id_token(valid, ClientId, BadNonce, Issuer), - {error, {invalid_claims, [nonce]}} = - oidcc_token:validate_id_token(IdToken, OpenIdProviderId, Nonce), - stop_mocking_oidcc(), - ok. +-include_lib("jose/include/jose_jwk.hrl"). +-include_lib("oidcc/include/oidcc_provider_configuration.hrl"). +-include_lib("oidcc/include/oidcc_token.hrl"). + +retrieve_none_test() -> + PrivDir = code:priv_dir(oidcc), + + %% Enable none algorythm for test + jose:unsecured_signing(true), + + {ok, _} = application:ensure_all_started(oidcc), + + TelemetryRef = + telemetry_test:attach_event_handlers( + self(), + [ + [oidcc, request_token, start], + [oidcc, request_token, stop] + ] + ), + + {ok, ConfigurationBinary} = file:read_file(PrivDir ++ "/test/fixtures/example-metadata.json"), + {ok, + #oidcc_provider_configuration{token_endpoint = TokenEndpoint, issuer = Issuer} = + Configuration} = + oidcc_provider_configuration:decode_configuration(jose:decode(ConfigurationBinary)), + + Jwks = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"), + JwkSet = #jose_jwk{keys = {jose_jwk_set, [Jwks]}}, + + ClientId = <<"client_id">>, + ClientSecret = <<"client_secret">>, + LocalEndpoint = <<"https://my.server/auth">>, + AuthCode = <<"1234567890">>, + AccessToken = <<"access_token">>, + Claims = + #{ + <<"iss">> => Issuer, + <<"sub">> => <<"sub">>, + <<"aud">> => ClientId, + <<"iat">> => 1694089540, + <<"exp">> => 1694089840 + }, + + Jwk = jose_jwk:generate_key(16), + Jwt = jose_jwt:from(Claims), + Jws = #{<<"alg">> => <<"none">>}, + {_Jws, Token} = + jose_jws:compact( + jose_jwt:sign(Jwk, Jws, Jwt) + ), + + TokenData = + jsx:encode(#{ + <<"access_token">> => AccessToken, + <<"token_type">> => <<"Bearer">>, + <<"id_token">> => Token, + <<"scope">> => <<"profile openid">> + }), + + ClientContext = oidcc_client_context:from_manual(Configuration, JwkSet, ClientId, ClientSecret), + + ok = meck:new(httpc, [no_link]), + HttpFun = + fun( + post, + {ReqTokenEndpoint, _Header, "application/x-www-form-urlencoded", _Body}, + _HttpOpts, + _Opts + ) -> + TokenEndpoint = ReqTokenEndpoint, + {ok, {{"HTTP/1.1", 200, "OK"}, [{"content-type", "application/json"}], TokenData}} + end, + ok = meck:expect(httpc, request, HttpFun), + + ?assertMatch( + {error, + {none_alg_used, #oidcc_token{ + id = #oidcc_token_id{token = Token, claims = Claims}, + access = #oidcc_token_access{token = AccessToken}, + refresh = none, + scope = [<<"profile">>, <<"openid">>] + }}}, + oidcc_token:retrieve( + AuthCode, + ClientContext, + #{redirect_uri => LocalEndpoint} + ) + ), + + receive + {[oidcc, request_token, start], TelemetryRef, #{}, #{ + issuer := <<"https://my.provider">>, + client_id := ClientId + }} -> + ok + after 2_000 -> + ct:fail(timeout_receive_attach_event_handlers) + end, + + true = meck:validate(httpc), + + meck:unload(httpc), -generate_id_token(missing_field, ClientId, Nonce, Issuer) -> - ClaimSetMap = - #{iss => Issuer, - aud => [ClientId, <<"someotherid">>], - nonce => Nonce, - sub => <<"joe">>}, - generate_id_token(ClaimSetMap, 600); -generate_id_token(valid_group, ClientId, Nonce, Issuer) -> - ClaimSetMap = - #{iss => Issuer, - aud => [ClientId, <<"someotherid">>], - azp => ClientId, - nonce => Nonce, - sub => <<"joe">>, - iat => 123}, - generate_id_token(ClaimSetMap, 600); -generate_id_token(valid, ClientId, Nonce, Issuer) -> - ClaimSetMap = - #{iss => Issuer, - aud => ClientId, - nonce => Nonce, - sub => <<"joe">>, - iat => 123}, - generate_id_token(ClaimSetMap, 600); -generate_id_token(expired, ClientId, Nonce, Issuer) -> - ClaimSetMap = - #{iss => Issuer, - aud => ClientId, - nonce => Nonce, - sub => <<"joe">>, - iat => 123}, - generate_id_token(ClaimSetMap, -600); -generate_id_token(bad_algo, ClientId, Nonce, Issuer) -> - ClaimSetMap = - #{iss => Issuer, - aud => ClientId, - nonce => Nonce, - sub => <<"joe">>, - iat => 123}, - Key = #{kty => <<"oct">>, k => <<"some shared secret">>}, - erljwt:create(hs256, ClaimSetMap, 600, Key). - -introspect_test() -> - Token1 = - <<"{\"active\":true,\"scope\":\"openid profile\",\"client_id\":\"id1\", \"username\":\"joe\", \"exp\":234}">>, - Exp1 = - #{active => true, - scope => #{scope => <<"openid profile">>, list => [<<"openid">>, <<"profile">>]}, - username => <<"joe">>, - exp => 234, - client_id => #{id => <<"id1">>, same => true}}, - Token2 = <<"{\"active\":true}">>, - Exp2 = - #{active => true, - scope => #{scope => <<"">>, list => []}, - username => undefined, - exp => undefined, - client_id => #{id => undefined, same => false}}, - ?assertEqual(Exp1, oidcc_token:introspect_token_map(Token1, <<"id1">>)), - ?assertEqual(Exp2, oidcc_token:introspect_token_map(Token2, <<"id1">>)), ok. -mock_oidcc(OpenIdProviderId, Issuer, ClientId) -> - application:set_env(erljwt, add_iat, false), - Encode = - fun(Int) -> - base64url:encode( - binary:encode_unsigned(Int)) - end, - [E, N] = ?RSA_PUBLIC_KEY, - InfoFun = - fun(Id) -> - Id = OpenIdProviderId, - {ok, - #{issuer => Issuer, - client_id => ClientId, - keys => - [#{kty => <<"RSA">>, - n => Encode(N), - e => Encode(E)}], - <<"id_token_signing_alg_values_supported">> => [<<"RS256">>]}} +retrieve_rs256_with_rotation_test() -> + PrivDir = code:priv_dir(oidcc), + + {ok, _} = application:ensure_all_started(oidcc), + + TelemetryRef = + telemetry_test:attach_event_handlers( + self(), + [ + [oidcc, request_token, start], + [oidcc, request_token, stop] + ] + ), + + {ok, ConfigurationBinary} = file:read_file(PrivDir ++ "/test/fixtures/example-metadata.json"), + {ok, + #oidcc_provider_configuration{token_endpoint = TokenEndpoint, issuer = Issuer} = + Configuration} = + oidcc_provider_configuration:decode_configuration(jose:decode(ConfigurationBinary)), + + ClientId = <<"client_id">>, + ClientSecret = <<"client_secret">>, + LocalEndpoint = <<"https://my.server/auth">>, + AuthCode = <<"1234567890">>, + AccessToken = <<"access_token">>, + RefreshToken = <<"refresh_token">>, + Claims = + #{ + <<"iss">> => Issuer, + <<"sub">> => <<"sub">>, + <<"aud">> => ClientId, + <<"iat">> => 1694089540, + <<"exp">> => 1694089840, + <<"at_hash">> => <<"hrOQHuo3oE6FR82RIiX1SA">> + }, + + JwkBeforeRefresh0 = jose_jwk:generate_key(16), + JwkBeforeRefresh = JwkBeforeRefresh0#jose_jwk{fields = #{<<"kid">> => <<"kid1">>}}, + + JwkAfterRefresh0 = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"), + JwkAfterRefresh = JwkAfterRefresh0#jose_jwk{fields = #{<<"kid">> => <<"kid2">>}}, + + RefreshJwksFun = fun(_OldJwk, <<"kid2">>) -> {ok, JwkAfterRefresh} end, + + Jwt = jose_jwt:from(Claims), + Jws = #{<<"alg">> => <<"RS256">>, <<"kid">> => <<"kid2">>}, + {_Jws, Token} = + jose_jws:compact( + jose_jwt:sign(JwkAfterRefresh, Jws, Jwt) + ), + + TokenData = + jsx:encode(#{ + <<"access_token">> => AccessToken, + <<"token_type">> => <<"Bearer">>, + <<"id_token">> => Token, + <<"scope">> => <<"profile openid">>, + <<"refresh_token">> => RefreshToken + }), + + ClientContext = oidcc_client_context:from_manual( + Configuration, JwkBeforeRefresh, ClientId, ClientSecret + ), + + ok = meck:new(httpc, [no_link]), + HttpFun = + fun( + post, + {ReqTokenEndpoint, _Header, "application/x-www-form-urlencoded", _Body}, + _HttpOpts, + _Opts + ) -> + TokenEndpoint = ReqTokenEndpoint, + {ok, {{"HTTP/1.1", 200, "OK"}, [{"content-type", "application/json"}], TokenData}} end, - SelfFun = fun(_) -> {ok, self()} end, - KeysFun = fun(_) -> {ok, [#{kty => <<"oct">>, k => <<"some shared secret">>}]} end, - ok = meck:new(oidcc), - ok = meck:new(oidcc_openid_provider_mgr), - ok = meck:new(oidcc_openid_provider), - ok = meck:expect(oidcc, get_openid_provider_info, InfoFun), - ok = meck:expect(oidcc_openid_provider_mgr, get_openid_provider, SelfFun), - ok = meck:expect(oidcc_openid_provider, update_and_get_keys, KeysFun), - ok. + ok = meck:expect(httpc, request, HttpFun), + + ?assertMatch( + {ok, #oidcc_token{ + id = #oidcc_token_id{token = Token, claims = Claims}, + access = #oidcc_token_access{token = AccessToken}, + refresh = #oidcc_token_refresh{token = RefreshToken}, + scope = [<<"profile">>, <<"openid">>] + }}, + oidcc_token:retrieve( + AuthCode, + ClientContext, + #{redirect_uri => LocalEndpoint, refresh_jwks => RefreshJwksFun} + ) + ), + + receive + {[oidcc, request_token, start], TelemetryRef, #{}, #{ + issuer := <<"https://my.provider">>, + client_id := ClientId + }} -> + ok + after 2_000 -> + ct:fail(timeout_receive_attach_event_handlers) + end, + + true = meck:validate(httpc), + + meck:unload(httpc), -stop_mocking_oidcc() -> - true = meck:validate(oidcc), - true = meck:validate(oidcc_openid_provider), - true = meck:validate(oidcc_openid_provider_mgr), - meck:unload(oidcc), - meck:unload(oidcc_openid_provider), - meck:unload(oidcc_openid_provider_mgr), - application:unset_env(erljwt, add_iat), ok. - -generate_id_token(ClaimSetMap, Expiration) -> - erljwt:create(rs256, ClaimSetMap, Expiration, to_key(?RSA_PRIVATE_KEY)). - -to_key(#'RSAPrivateKey'{modulus = Modulus, - publicExponent = PubExp, - privateExponent = PrivExp}) -> - E = base64url:encode( - binary:encode_unsigned(PubExp)), - N = base64url:encode( - binary:encode_unsigned(Modulus)), - D = base64url:encode( - binary:encode_unsigned(PrivExp)), - #{kty => <<"RSA">>, - n => N, - e => E, - d => D}. diff --git a/test/oidcc_userinfo_test.erl b/test/oidcc_userinfo_test.erl new file mode 100644 index 0000000..3996d7d --- /dev/null +++ b/test/oidcc_userinfo_test.erl @@ -0,0 +1,180 @@ +-module(oidcc_userinfo_test). + +-include_lib("eunit/include/eunit.hrl"). +-include_lib("jose/include/jose_jwk.hrl"). +-include_lib("oidcc/include/oidcc_provider_configuration.hrl"). +-include_lib("oidcc/include/oidcc_token.hrl"). + +json_test() -> + PrivDir = code:priv_dir(oidcc), + + {ok, ConfigurationBinary} = file:read_file(PrivDir ++ "/test/fixtures/example-metadata.json"), + {ok, #oidcc_provider_configuration{userinfo_endpoint = UserInfoEndpoint} = Configuration} = + oidcc_provider_configuration:decode_configuration(jose:decode(ConfigurationBinary)), + + Jwks = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"), + + ClientId = <<"client_id">>, + ClientSecret = <<"client_secret">>, + + ClientContext = oidcc_client_context:from_manual(Configuration, Jwks, ClientId, ClientSecret), + + HttpBody = <<"{\"name\":\"joe\", \"sub\":\"123456\"}">>, + GoodSub = <<"123456">>, + BadSub = <<"123789">>, + + HttpFun = + fun(get, {Url, _Header}, _HttpOpts, _Opts) -> + Url = UserInfoEndpoint, + {ok, {{"HTTP/1.1", 200, "OK"}, [{"content-type", "application/json"}], HttpBody}} + end, + ok = meck:new(httpc), + ok = meck:expect(httpc, request, HttpFun), + + AccessToken = <<"opensesame">>, + GoodToken = + #oidcc_token{ + access = #oidcc_token_access{token = AccessToken}, + id = + #oidcc_token_id{ + token = "id_token", + claims = #{<<"sub">> => <<"123456">>} + } + }, + BadToken = + #oidcc_token{ + access = #oidcc_token_access{token = AccessToken}, + id = + #oidcc_token_id{ + token = "id_token", + claims = #{<<"sub">> => <<"123457">>} + } + }, + + ?assertMatch( + {ok, #{<<"name">> := <<"joe">>}}, + oidcc_userinfo:retrieve(GoodToken, ClientContext, #{}) + ), + ?assertMatch( + {ok, #{<<"name">> := <<"joe">>}}, + oidcc_userinfo:retrieve( + AccessToken, + ClientContext, + #{expected_subject => GoodSub} + ) + ), + + ?assertMatch( + {error, bad_subject}, + oidcc_userinfo:retrieve(BadToken, ClientContext, #{}) + ), + ?assertMatch( + {error, bad_subject}, + oidcc_userinfo:retrieve( + AccessToken, + ClientContext, + #{expected_subject => BadSub} + ) + ), + + true = meck:validate(httpc), + meck:unload(httpc), + + ok. + +distirbuted_claims_test() -> + PrivDir = code:priv_dir(oidcc), + + %% Enable none algorythm for test + jose:unsecured_signing(true), + + {ok, ConfigurationBinary} = file:read_file(PrivDir ++ "/test/fixtures/example-metadata.json"), + {ok, #oidcc_provider_configuration{userinfo_endpoint = UserInfoEndpoint} = Configuration} = + oidcc_provider_configuration:decode_configuration(jose:decode(ConfigurationBinary)), + + Jwks = jose_jwk:from_pem_file(PrivDir ++ "/test/fixtures/jwk.pem"), + + ClientId = <<"client_id">>, + ClientSecret = <<"client_secret">>, + + ClientContext = oidcc_client_context:from_manual(Configuration, Jwks, ClientId, ClientSecret), + + Sub = <<"123456">>, + + Jwk = jose_jwk:generate_key(16), + Jws = #{<<"alg">> => <<"none">>}, + + LocalClaims = #{<<"last_name">> => <<"Armstrong">>}, + LocalJwt = jose_jwt:from(LocalClaims), + {_, LocalToken} = + jose_jws:compact( + jose_jwt:sign(Jwk, Jws, LocalJwt) + ), + + RemoteClaims = #{<<"first_name">> => <<"Joe">>}, + RemoteJwt = jose_jwt:from(RemoteClaims), + {_, RemoteToken} = + jose_jws:compact( + jose_jwt:sign(Jwk, Jws, RemoteJwt) + ), + + HttpFun = + fun(get, {Url, _Header}, _TelemetryOpts, _RequestOpts) -> + case Url of + UserInfoEndpoint -> + {ok, + { + {json, #{ + <<"sub">> => Sub, + <<"_claim_names">> => #{ + <<"first_name">> => <<"remote">>, + <<"last_name">> => <<"local">> + }, + <<"_claim_sources">> => #{ + <<"remote">> => #{ + <<"endpoint">> => + <<"https://my.provider/distributed-claim">>, + <<"access_token">> => <<"acces_token">> + }, + <<"local">> => #{ + <<"JWT">> => LocalToken + } + } + }}, + [] + }}; + <<"https://my.provider/distributed-claim">> -> + {ok, {{jwt, RemoteToken}, []}} + end + end, + ok = meck:new(oidcc_http_util, [passthrough]), + ok = meck:expect(oidcc_http_util, request, HttpFun), + + AccessToken = <<"opensesame">>, + Token = + #oidcc_token{ + access = #oidcc_token_access{token = AccessToken}, + id = + #oidcc_token_id{ + token = "id_token", + claims = #{<<"sub">> => <<"123456">>} + } + }, + + ?assertMatch( + {ok, #{<<"first_name">> := <<"Joe">>, <<"last_name">> := <<"Armstrong">>}}, + oidcc_userinfo:retrieve(Token, ClientContext, #{}) + ), + ?assertMatch( + {ok, #{<<"first_name">> := <<"Joe">>, <<"last_name">> := <<"Armstrong">>}}, + oidcc_userinfo:retrieve( + AccessToken, + ClientContext, + #{expected_subject => Sub} + ) + ), + + true = meck:validate(oidcc_http_util), + meck:unload(oidcc_http_util), + + ok. diff --git a/test/test_helper.exs b/test/test_helper.exs new file mode 100644 index 0000000..869559e --- /dev/null +++ b/test/test_helper.exs @@ -0,0 +1 @@ +ExUnit.start() diff --git a/test/test_util.erl b/test/test_util.erl deleted file mode 100644 index d0e036f..0000000 --- a/test/test_util.erl +++ /dev/null @@ -1,41 +0,0 @@ --module(test_util). - --export([wait_for_process_to_die/2]). --export([wait_for_true/2]). --export([meck_new/1]). --export([meck_done/1]). - -wait_for_process_to_die(_Pid, 0) -> - still_alive; -wait_for_process_to_die(Pid, Iterations) -> - case process_info(Pid) of - undefined -> - ok; - _ -> - timer:sleep(10), - wait_for_process_to_die(Pid, Iterations - 1) - end. - -wait_for_true(_Fun, 0) -> - failed; -wait_for_true(Fun, Iterations) -> - case Fun() of - true -> - ok; - _ -> - timer:sleep(10), - wait_for_true(Fun, Iterations - 1) - end. - -meck_new([]) -> - ok; -meck_new([Module | T]) -> - meck:new(Module), - meck_new(T). - -meck_done([]) -> - ok; -meck_done([Module | T]) -> - true = meck:validate(Module), - meck:unload(Module), - meck_done(T).