From 7f9eecbfe3aee828c18f127f9570a7e4ad22fac3 Mon Sep 17 00:00:00 2001
From: Joe VanWanzeele <76071503+joevanwanzeeleKF@users.noreply.github.com>
Date: Wed, 21 Jun 2023 16:18:24 -0400
Subject: [PATCH] Include pem chain (#17)

* updated to support 2 store types. HCVKV and HCV.

* Updated to distinguish between multiple supported store types.

* Fixed store path and mount point mapping

* updated doc to reflect multiple store type configs.

* removed sensitive info from tracelog.

* Fixed issue with path not being resolved before attempting to write cert.

* Removed KEY_SECRET from PutCertificate Task

* Modified PutCertificate to include ---BEGIN ----END banners (for key+cert)

* Allows for Recursive subfolder inventory

* Update readme to call out cert store limits

* Adding InputValidation for KeyValue secrets

* including certificate chain when enrolling via platform.

* added flag on store type to indicate whether to include cert chain

* fixed issue when checking for revocation time for inventory.
---
 README.md                                     |   4 +-
 .../HcvKeyValueClient.cs                      |  59 +++++++++++++-----
 .../HcvKeyfactorClient.cs                     |   5 +-
 hashicorp-vault-orchestrator/IHashiClient.cs  |   2 +-
 hashicorp-vault-orchestrator/Jobs/JobBase.cs  |  13 ++--
 .../Jobs/Management.cs                        |   2 +-
 images/store_type_fields.png                  | Bin 15612 -> 17863 bytes
 readme_source.md                              |   4 +-
 8 files changed, 58 insertions(+), 31 deletions(-)

diff --git a/README.md b/README.md
index cf5aba7..bf2dcfb 100644
--- a/README.md
+++ b/README.md
@@ -79,9 +79,10 @@ This integration was built on the .NET Core 3.1 target framework and are compati
 
 1. It is not necessary to use the Vault root token when creating a Certificate Store for HashicorpVault.  We recommend creating a token with policies that reflect the minimum permissions necessary to perform the intended operations.
 
-1. For the Key-Value secrets engine, the certificates are stored as an entry with 2 fields.  
+1. For the Key-Value secrets engine, the certificates are stored as an entry with these fields.  
 
 - `PUBLIC_KEY` - The certificate public key
+- `PUBLIC_KEY_<n>` - The nth certificate in the chain
 - `PRIVATE_KEY` - The certificate private key
 
 **Note**: Key/Value secrets that do not include these keys (PUBLIC_KEY, and PRIVATE_KEY), will be ignored during inventory scans. 
@@ -126,6 +127,7 @@ This integration was built on the .NET Core 3.1 target framework and are compati
   - **VaultServerUrl** - type: *string*, *required*
   - **VaultToken** - type: *secret*, *required*
   - **SubfolderInventory** - type: *bool* (By default, this is set to false. Not a required field)
+  - **IncludeCertChain** - type: *bool* (If true, the available intermediate certificates will also be written to Vault during enrollment)
 
 ![](images/store_type_fields.png)
 
diff --git a/hashicorp-vault-orchestrator/HcvKeyValueClient.cs b/hashicorp-vault-orchestrator/HcvKeyValueClient.cs
index 131f46d..6796217 100644
--- a/hashicorp-vault-orchestrator/HcvKeyValueClient.cs
+++ b/hashicorp-vault-orchestrator/HcvKeyValueClient.cs
@@ -39,7 +39,7 @@ public class HcvKeyValueClient : IHashiClient
 
         //private VaultClientSettings clientSettings { get; set; }
 
-        public HcvKeyValueClient(string vaultToken, string serverUrl, string mountPoint, string storePath,bool SubfolderInventory = false)
+        public HcvKeyValueClient(string vaultToken, string serverUrl, string mountPoint, string storePath, bool SubfolderInventory = false)
         {
             // Initialize one of the several auth methods.
             IAuthMethodInfo authMethod = new TokenAuthMethodInfo(vaultToken);
@@ -54,7 +54,7 @@ public HcvKeyValueClient(string vaultToken, string serverUrl, string mountPoint,
         public async Task<List<string>> ListComponentPathsAsync(string storagePath)
         {
             VaultClient.V1.Auth.ResetVaultToken();
-             List<string> componentPaths = new List<string> {};
+            List<string> componentPaths = new List<string> { };
             try
             {
                 Secret<ListInfo> listInfo = (await VaultClient.V1.Secrets.KeyValue.V2.ReadSecretPathsAsync(storagePath, _mountPoint));
@@ -89,8 +89,6 @@ public async Task<CurrentInventoryItem> GetCertificate(string key)
             var relativePath = fullPath.Substring(_storePath.Length);
             try
             {
-            
-
                 try
                 {
                     if (_mountPoint == null)
@@ -188,7 +186,7 @@ public async Task<IEnumerable<string>> GetVaults()
             return vaults;
         }
 
-        public async Task PutCertificate(string certName, string contents, string pfxPassword)
+        public async Task PutCertificate(string certName, string contents, string pfxPassword, bool includeChain)
         {
             VaultClient.V1.Auth.ResetVaultToken();
 
@@ -215,13 +213,12 @@ public async Task PutCertificate(string certName, string contents, string pfxPas
                     alias = p.Aliases.Cast<string>().SingleOrDefault(a => p.IsKeyEntry(a));
                     logger.LogTrace($"Alias = {alias}");
                     var publicKey = p.GetCertificate(alias).Certificate.GetPublicKey();
+
                     logger.LogTrace($"publicKey = {publicKey}");
                     var KeyEntry = p.GetKey(alias);
-                    // logger.LogTrace($"KeyEntry = {KeyEntry}");
                     if (KeyEntry == null) throw new Exception("Unable to retrieve private key");
 
                     var privateKey = KeyEntry.Key;
-                    // logger.LogTrace($"privateKey = {privateKey}");
                     var keyPair = new AsymmetricCipherKeyPair(publicKey, privateKey);
 
                     pemWriter.WriteObject(keyPair.Private);
@@ -235,12 +232,40 @@ public async Task PutCertificate(string certName, string contents, string pfxPas
                     logger.LogTrace("Finished Extracting Private Key...");
                 }
             }
-            var pubCertPem = Pemify(Convert.ToBase64String(p.GetCertificate(alias).Certificate.GetEncoded()));
+
+            var pubCert = p.GetCertificate(alias).Certificate.GetEncoded();
+            var pubCertPem = Pemify(Convert.ToBase64String(pubCert));
+
+            // add the certs in the chain
+
+            var pemChain = new List<string>();
+            var chain = p.GetCertificateChain(alias).ToList();
+
+            chain.ForEach(c =>
+            {
+                var cert = c.Certificate.GetEncoded();
+                var encoded = Pemify(Convert.ToBase64String(cert));
+                pemChain.Add(encoded);
+            });
 
             try
             {
                 certDict.Add("PRIVATE_KEY", privateKeyString);
                 certDict.Add("PUBLIC_KEY", pubCertPem);
+
+                if (includeChain)
+                {
+                    var i = 1;
+                    pemChain.ForEach(pc =>
+                    {
+                        if (pc != pubCertPem)
+                        {
+                            certDict.Add($"PUBLIC_KEY_{i}", pc);
+                            i++;
+                        }
+                    });
+
+                }
             }
             catch (Exception ex)
             {
@@ -248,7 +273,7 @@ public async Task PutCertificate(string certName, string contents, string pfxPas
                 throw;
             }
             try
-            {                
+            {
                 var fullPath = _storePath + certName;
 
                 if (_mountPoint == null)
@@ -297,8 +322,8 @@ public async Task<IEnumerable<CurrentInventoryItem>> GetCertificates()
             VaultClient.V1.Auth.ResetVaultToken();
             _storePath = _storePath.TrimStart('/');
             List<string> subPaths = new List<string>();
-        //Grabs the list of subpaths to get certificates from, if SubFolder Inventory is turned on.
-        //Otherwise just define the single path _storePath
+            //Grabs the list of subpaths to get certificates from, if SubFolder Inventory is turned on.
+            //Otherwise just define the single path _storePath
             if (_subfolderInventory == true)
             {
                 subPaths = (await ListComponentPathsAsync(_storePath));
@@ -325,12 +350,12 @@ public async Task<IEnumerable<CurrentInventoryItem>> GetCertificates()
                     {
                         certNames = (await VaultClient.V1.Secrets.KeyValue.V2.ReadSecretPathsAsync(path, mountPoint: _mountPoint)).Data.Keys.ToList();
                     }
-             
-                        certNames.ForEach(k =>
-                    {
-                        var cert = GetCertificate($"{relative_path}{k}").Result;
-                        if (cert != null) certs.Add(cert);
-                    });
+
+                    certNames.ForEach(k =>
+                {
+                    var cert = GetCertificate($"{relative_path}{k}").Result;
+                    if (cert != null) certs.Add(cert);
+                });
                 }
                 catch (Exception ex)
                 {
diff --git a/hashicorp-vault-orchestrator/HcvKeyfactorClient.cs b/hashicorp-vault-orchestrator/HcvKeyfactorClient.cs
index 4d2f2b7..e97768a 100644
--- a/hashicorp-vault-orchestrator/HcvKeyfactorClient.cs
+++ b/hashicorp-vault-orchestrator/HcvKeyfactorClient.cs
@@ -66,8 +66,9 @@ public async Task<CurrentInventoryItem> GetCertificate(string key)
 
                     string revokeTime;
                     content.data.TryGetValue("revocation_time", out revokeTime);
+                                        
 
-                    if (revokeTime.Equals(0))
+                    if (revokeTime.Equals("0"))
                     {
                         var inventoryItem = new CurrentInventoryItem()
                         {
@@ -130,7 +131,7 @@ public Task<IEnumerable<string>> GetVaults()
             throw new NotSupportedException();
         }
 
-        public Task PutCertificate(string certName, string contents, string pfxPassword)
+        public Task PutCertificate(string certName, string contents, string pfxPassword, bool includeChain)
         {
             throw new NotSupportedException();
         }
diff --git a/hashicorp-vault-orchestrator/IHashiClient.cs b/hashicorp-vault-orchestrator/IHashiClient.cs
index fbee83e..043dd63 100644
--- a/hashicorp-vault-orchestrator/IHashiClient.cs
+++ b/hashicorp-vault-orchestrator/IHashiClient.cs
@@ -16,7 +16,7 @@ public interface IHashiClient
         Task<IEnumerable<CurrentInventoryItem>> GetCertificates();
         Task<CurrentInventoryItem> GetCertificate(string key);
         Task<IEnumerable<string>> GetVaults();
-        Task PutCertificate(string certName, string contents, string pfxPassword);
+        Task PutCertificate(string certName, string contents, string pfxPassword, bool includeChain);
         Task<bool> DeleteCertificate(string certName);
     }
 }
diff --git a/hashicorp-vault-orchestrator/Jobs/JobBase.cs b/hashicorp-vault-orchestrator/Jobs/JobBase.cs
index a3345b8..83e8eb7 100644
--- a/hashicorp-vault-orchestrator/Jobs/JobBase.cs
+++ b/hashicorp-vault-orchestrator/Jobs/JobBase.cs
@@ -24,6 +24,8 @@ public abstract class JobBase
         
         public bool SubfolderInventory { get; set; }
 
+        public bool IncludeCertChain { get; set; }
+
         public string MountPoint { get; set; } // the mount point of the KV secrets engine.  defaults to KV
 
         public string RoleName { get; set; }
@@ -71,14 +73,9 @@ private void InitProps(dynamic props, string capability)
             VaultServerUrl = props["VaultServerUrl"];
             SecretsEngine = props["SecretsEngine"];
             MountPoint = props["MountPoint"] ?? null;
-            if (props["SubfolderInventory"] == null)
-            {
-                SubfolderInventory = false;
-            }
-            else
-            {
-                SubfolderInventory = props["SubfolderInventory"];
-            }
+
+            SubfolderInventory = props["SubfolderInventory"] ?? false;
+            IncludeCertChain = props["IncludeCertChain"] ?? false;
 
             var isPki = capability.Contains("HCVPKI");
 
diff --git a/hashicorp-vault-orchestrator/Jobs/Management.cs b/hashicorp-vault-orchestrator/Jobs/Management.cs
index 90e4bd8..0670d32 100644
--- a/hashicorp-vault-orchestrator/Jobs/Management.cs
+++ b/hashicorp-vault-orchestrator/Jobs/Management.cs
@@ -57,7 +57,7 @@ protected virtual JobResult PerformAddition(string alias, string pfxPassword, st
                 try
                 {
                     // uploadCollection is either not null or an exception was thrown.
-                    var cert = VaultClient.PutCertificate(alias, entryContents, pfxPassword);
+                    var cert = VaultClient.PutCertificate(alias, entryContents, pfxPassword, IncludeCertChain);
                     complete.Result = OrchestratorJobStatusJobResult.Success;
                 }
                 catch (Exception ex)
diff --git a/images/store_type_fields.png b/images/store_type_fields.png
index 2944946448a4a14da30ca90d640518b308446493..c727456ca20e2c6ffea41bf9ffa056fb612f83e0 100644
GIT binary patch
literal 17863
zcmeIacU)6jw=Rsm(A-K9Y1=Ib2q8$Mx2+fvLXi%kiI5PaO7B=<8=6u=2MJ9|Kp?aL
zK|nwV#efC^1Vjml3B3ja+~9lObN4;xy!X4`_xpbLuk%MBYh`85x#paC#xtHV#(H_r
zP>1vErL$~oY@E7xZ=0~O9fh*79jQEhl6B@8J(R-wcf{93=N4PVfY3ba;JC|8gPUw@
zRSE1&#}lmMGv0Ttec9N!Iu2h)y1m{yv$26~b#LD^3$kCJ7{v<CWiN($%2ux@LS%yn
zOH(IKORiHs-#K}T%UcTQ{O#7s(}E2T_?`wY$Q<uDciM_i@;$q(bJ{0e=c|{35g&c^
zbEQXPhb8i;Pd=o-KC0I%M0EKh`hv;@)xW$NK7I>~T(U8Der@MmW3z{({9HN}bY9_r
zuP4>qsKuOOc!o8+tT%`wY;4N6h)3Djyq}|4BmR0C%+AL4{x>8a8{6Y6JOI{3I+D<!
zpIse!9Np90Y;5WsoAn6J%tWI?F<v88=@%hJn|M26!kh7wwj-l*+?Vj-1`$r@?5nNn
zODkK(I3raXa!5Y$(RQxM;lZ+siaBe9Av#y?efL=BPfLXRGv3~@swU(#*|i%vpYcL>
zi!D$-Ez%v!vproyUNh82TQDwv8QoxP^w1v4l-S8pe_3Hx-=djRYG0G|1nZ{Yy2MPe
zl69oK9^fk&3m!TZ;Plz!E{6E!x6^C{6-j8YYge6WzNfiQ36>sgqxldbm5nk9rIg*E
zT>N=bDXHgfuiKAVm<rOO?;b%<b~I>KPr(&CHuR8GNY5mMm5A3R@N)ROyE_+*`ZQeU
ziXr(jke>xPU2nVA6)63H)TE`vnYcv@Kj|>WZYpx*%;2w|p~X8k$q1HYecqiuaq8o{
z^i(r^qjuZL$Hn)sXx>M8ytc|eNd-TsVyOhZt29V(wRCxC7tEoWoE4<fg16$_N}RKp
zaiTP&tc66bT~z5w%^ZrnWK(Q!V7UW!-LNsyXWbpYy~w4lOsG(GVt?>AUN;lK$rJF;
z*F2@+En`syNB~8U#OYll6TAzRPwe3>oMg9;wR;^3D>0AxHou$FGgEMJ>RbZOL^@=8
z_p5Fd--6w#gn5^m9nGJsJP$#FTVTR`yp+HRfZ3pK9x*ff$fu`7Pk(GdEbNo3ZW$=8
z8E@PQ=(kW({-FF5(qxY^sgk5V)E)~DPhOS>%6RpAdQYv~6Rj~$@hK5Yftsq$)^!C*
zQY=iN9^n%qU_EhwVK$y)SJ?IQdKJOkbpwu)J;w(a3`0$WP1gt>aEDBj%H#s8p}`9B
z>#y_m{Fs$LbL$`GSf<*gmSx2tNmfxi7r&Soi)yDDPaWH;X(SMazEzDT;TYCSnb*JT
z0%JUFzAX7%-H3!(Pc=P|-W-TaY}F!=go9hWS3<5d7*s)%ZYg?r2_ASlgREBw3q4zd
zi&j5yo%Xr9w5@zu;qX>Muu=7VY`i$2f7)Z=JI~W4J(9XhO=YDuzd8Gx;z1akrV)<u
zsObx6aV9zJH0)5M_3;VATfiWr(jj5muEl5A@OXxQw!_1_L!XW<y9cR)pz}|UYq*JF
zOm1Fs1YHW0hT1<JPZ$%o6Zj%N7A(AxfxD@2fb=>ZHFT{&T#5W6uD~=CaNaYv(3Hqq
z2GH5Lgv~0D7H%4<?ZRC*EH3=SVM&C4cZYlT-O3bbOy`8if%y79&A09${o1LbX}mtF
z%C=6H13P$w$udLhp_0VWrg<c;RB*OuZN7>0R&n8Edvn5kmUa565sr)#dyPed1t>r<
zXeT{IK2e^4UG_cenM91UmGi^COM6i5IGLHp=M5-IZ%*E*so?Qh%?fsiU`#D^4GAHc
zH!FUJ0UmYSgy>m^YX~@;eeo1!uorm4iI4B9>2`D2&DG7RjP<DP**bx}`qX!^(|d|~
z2J@RcLrXdWAMX;z{TiR$az#m4eu^ta0d~_EIM3TIF(|1furK9~{n^gt#*K&~MBEN%
zk5+MlWAC5lqS_AHhTTxQH1+*iup7}TtEsZZ<C+BTxMq9D!e;1&cO$!JK<yA0EMKJ(
zdd`Udl4Hr2gmUvC6Vc>9TB`P#?ng}P5C&ZjmhJTUpDx977@X0Ee2K7L$887di*|?2
zq0{|$Rj-1eS6ow{ZkW7#e#|vv!)&`SH`0h6Z&9LQ9mz4KT8CCT{T|f4rvjBSx@Md-
z3dbdi1YS#2l=h|6##sFMWE2_p>D*x7HI0RoM84$eipSE~-r!2X46{<1>4dgHLC5qn
z2HZU-#67M&gu>x6m=g~+!6zRGW|Dauk#?!;VNddItoedY2RNM<!r9@o;$!>o%&7zq
zxc4R6*VGmuIBRdu<|gSIZ|y9sldRZNP(r>n>DtjyT$u{xuMB~x<(GF<1Dcba2_6Db
zFM37>+a?0bbDyR58p7{H;T{dZ{oVV4GX-z@B`O8?+x!|AeE0rTs>{|bxtKYWO#bu;
z^cOF{ZUE_ta4PgHugq^=Ic9@BxuY=}WY`MA*#_v|IVPZd(EsGCTHS&|)ORnkRTd+n
z)T6!@WQ9LotiV+;J(w_fuN~*Kq5@r+%L?BYTe+^OHu-D`V%829fdrl#_MPHw0;R3z
zjKXqlfaImdh_0PM#?}XvkudwhGw*LwY;#$Ih`3rIs=rsoL++RJIpKa*gssARvg8!E
zcay_3sJYave1P7hQuOf!q+0;Be(VfxmmsnqlX^uBbc1r=eZ1lA_E`$*qjw<%Q{+_R
zcx9e+wr$!ZTno7q5hTrnDVSqFzLcU7``sYv3rs;UDH}C>21GN}cdPm|lKU>4Qznx*
z^x#Vcva*uk9;UPkbG;q?^BdSrh^Ly<w3P02vCTa#dqHmQrH8siFy-6$YXsy~JmKBK
zDER^a+J6Ep-83AFN;d$3OjSS-^JKJcTTS$rvvHBA$ao}5D*gmua)lb3n_qa~$y0Na
z{Hfi%yf&xZv5*RbvF5UMY4bYYIMM2ngi{lY7PmmqR8e1KeB<vm8IrFZN5dSVHEvwo
zl}-0IZP-r_&JJiver?OFv$q&xZ>`*Esmvtn?b)Ywyi*tfq1Z_CQd#-D<$XhNO?ybH
zS4BdA$%13;bKYi^shdi7ZeD(gxw{ZcLZ?(ox7i1U8HFY;pZhof0=Jc$6jDe}6*Xcn
z^2kxP?+E5ZgcqV=xxfjVoI=9S!h);@aT}P5ot$6~x*+l^jh5rZaYcZmk7KqP4Fi74
z<SH2Vyj%M&Z>fb}h$~A9+BSV@_hM42sCtFQjrHeXX@(GH-iI5DNbh(;zU3d%-fUnx
z)-oDPlCv6ccfCoh=KrBKv~;(oh<Xd+Q`9irvuV@|BMw<Qxs*Xnu64o#<^a-A$cW$?
zK_tv!ZCDV}bVK-i86RNR&UzIB1XT`Kq!xiD))FU^K3a8KD%6j8$sbeBn&8LWG(9^V
zi=^bo8C4||OZPphze?@tCHip<=5)W=ji}-+@f_`I<lfO<K4&y71ZX;Mpd37c=L0H>
zo!^JgtWQYT%{Kbx_5};f$9k?ifxAVJfAQz?#*nIgu~7hDL(=-YWEI!uFK3m$O3M^q
zm@Rm4a4NAkrC@SVcZw;DiLlJz-HY950n{IW$EfAZ_uQJ0wc_7@cE;kBiV&QI<8O6q
z_?s^{nIfv86@6}UV8VVAu!A@<gh}sSE4(BUAQ(VP9I2X1zmVkN=wpeEnvR9`R_aN(
zhs-|Tf)6w2PXRKkw4(!5hEJ4?e=8{*>KoPI&(8mn2yGGOEBjhE2*~D~;9i5lNY}t+
z5AYqhzMjH%I^u^iWJd&y;>Cy`?llqhk@e-7AS1BbZlJyw#Z}Kw3>1<Lzd;s$k-m`_
z;j^Ps_pNpGe5lb$j1OJO;~CY)>dzxWA&Y~=>gXf+Q#%5XO8a-MXJ&%&JlCqU+2Bs<
z41=s~FG4@&Ztkj=@Yn^*Irx*KZD%#0H{(M&r5HG(-THV~KxJ6Opu)BRWX;C5NyQIA
z-g0Aj3D45KTzNfK{-QTz#ivc3bVnKdhK%E+ETiaNe`HiU8iwWAZ#@(JaWL+SJvmf*
zJhIh2(OpV8wU@bxQju|%9Zn=Q6)(M%QmY!*OdWaTJP8^BLn1G^R)N%bSLO!E+Fw`D
zg@YOhNN3EHtQ9;o-l9GaEFWP<;?s@RwmmUbHSc>zSF;-tAoDX22k&|pQ5*wcq<%od
z@H*s~q_0;9NK|k<m=@;&CUCIt31J_*Xc#eX!HlB0FzNn76JDn>F3fGH^liO`7Zpgf
z`YRvU43AH>rcW`yER|>&v@e|ExF5&j&_~oRa_$V#0t$w|m|WkAzN7Oj$4}L6o-;~*
z=;@awoyfk=S!`3Op2dJ{`^e48-b`&|wqX#ux#iE3;cLnv=_(1=nm=paVJ2k8_b;3r
z?!Ls?u~yNZE788&uRfm~tg&~q{At|ABb<k8eNzZyJ)tVzU!}NGCw+Va*S0GsL>^HJ
z=BkmIRSgI3u;*-fpW(``Jn))6@_tx{c=T)EJL}}~bWY?RK$=ZiPm<;Hu*KiQvi=I?
z{XaPj^q!u|eQuw}$JmrF2FO6`JrCF~kFT~KY#qc2eH9CbKR<VCQ%j9pg$Und0MC$7
z1#xOB%DOv!r!POJM+Q_o5qG{+dY-QaD32y;f>!Cr-%q!x{J-h{9}dg^ZonT|i&rxk
zsmto|+^zG~NhwHDVC25^;nC@rFVNt_^WP+S0Jjd`=;R@OJA9*j797L+{PG85N$BB)
zm*ag3kfg6PomHAcq<HIg=YjH#>x5nJ<)#lK7pU9`2V&3Kt}yBk7_D3eeXIN3qWj6)
zA>UMDD*-v?4icB2zj6WTlp_3_4w8cyHwO&~9%r40sHZf_WVRf`Jyz7&E1#UZ^>LEb
z2P*xt9*+6OrI@M+lF&^RT`#Ymh~B8}T$5=&$r?r|JD7IvIXWeb;&|q8gz=t|(CFWJ
zFf%kR$l*wR{IrQsaqf!V5~uE&(MI6R%FL?G>SmRJO2n$TN{LDY6C6xs^2=K>cD~dc
zfN6q^jX}-i$ZfCOUM<5_NTV9Fi~|=5)H;Y>u8wSw9XXhaOq|lpnH;e_NC@2jJu+yS
zwj41+ozrsb*;sz$smX-UgHdz3NYXWeN~31qTq`4=Ijz+CYPJ%OI*8RERgZJ;t1ubg
zQ8y~>xhp|SU%qY0?KfOKoNX0c9s=`fw?7rOmSS1!zGpQybvrflkB!7IZ>1eZm3wxi
zaeOxJTA&3kVxvI{n%moIXivCd{2Cdtzd5bdvyn?ln+Vw7SrVB_71U~yYTYy4UXxud
z0J~Wd1mM<0J=~s{!$H!G0~-es16doU$UyYrS`*f&3@4vHeT3M|LT1laRj{|VtbOz4
zt)z;~nDF?u`ty~UUG7cwz>a|}8zCeqzVS+`{dQh+%f`KmT$QWETCow&-0^q8^%_?z
zBX@#c(7vYv2UTNGJ*`vwI<65b_wWX|{l`3jq(Xu~)M0<8R1#*!=C|ttq9>Z)fPXv<
zOZTJL2AE<|s3yB8bggN~5`i6P`wHWAa4n&t^=h|0L(+Xf7yPrb8m9Tt*DkpE`$kPF
zkbsLJ1#;IqBhq(rp+#IiL?|xH@z;94O1g)|w@8c(v^+HGxURBhucXX5H)}+lIpYw6
z0!pl}5{iUg)N4HY23DD-QC%Xg)%)*yh`2zpA_NzgaI!jM`1uum9*jiqBCCgLe@|2U
zPuyL6`CgtMY26W$sUfqtPVhtDXf&^_Rw$#IwGL}@{1kiJd-_irL+&Ci+*RfV8|CK`
z7G{Mo>1+MxV=Pufl^cyNBKa;qFVA40H||#CP9|TNYntBK%CoQ3a^R>Ztbw2{Thz~u
zKf(~cHk8?@8mkonOgFb@j|I?`BqIqe9$;D-3Quw9O{8zZXf(z+Mg&Q!4jWJL&D^;x
z%nikAl-NZ^Ot+|ogqysUk3OjssO)#qPP8>Fn52;p<LcRCz7kTkZOC#=BmVLH)w8Td
zwEtFVmilIfZ9=76|LY<rb4FjE*@E{E@8#))nbG+K_Z8^Er#w^*sIs?_d+9hW6r^3$
zDH{?yvn#_5cGDFJ-*Hk2Sl#Qv=J$LbESrv2btrh6L{TzwNKxC|RI_UhAz5STy0ey%
zdG(y|K(2?xu}3N$_pqlg&;0IEfe_~{snkjw?v4-}>5~~|Za4%|hvw&~+b>gRK9`Kl
z&;@}D)d=wqs20(l4UK_^##p}DDh<ZoOlTmSdo6tTMHZ;rtN!Uc*g>oB$DmSH@Dh6?
zh`hY$xA*grDR$q!B3wv|zM)khx*r@pTWj=`(3fkl&2*sFPcegirk<H$1E2#v8;%h~
z?t|uznZX-rV$F-A3lf9rR@lU;j-K%L!+|<~5$i|1D7=P?LzNi-EN!M+i^0;W6qk^Y
zfdxXSBy=i5X%_@`+n@*Bp}lcFh#|FoOya?G@cd($Te9<O3&m+GxuTHWxF72|Uso1c
z%g8=R+}Vk0#xu}ayG+OB?diOZekIQj0oXu(B<b>L7CXdsod4%ODSWv{%42x6_prDF
z&9kS_6u;f=kO&$P9cwM~A7D1Gf10kIQe~E@<ATlYN4ih%N1=ellMSlAXNjKLMAhSY
z2yur%t6PT)o-g>nHZMdGYD8}=h!#uei$<kU?FtclbGa4=UK}FNSx2>qIQ;Ix`ARho
z#_*5O!{G=`3ze{Tj1u?EQf0VUf3BSx3+dfZYV#YngV+0=TKdBoBWhcRFrPs+4AEE-
z>Kfr2EUipp0eDUN6?4{XvJ6HJ{GWE?a7-)%^61xGoxAl{{^5MH&ItXx>De{K*5Q5`
z8L`W1)+Gq>+6MpG-(@cxUKMZgf8NgDOqkDKLy>ZKo3mbZh;%6iTWAyim^t?%?zdoz
zj?t@w4_QqLq2FEqWAGtKrA{<**X|ot=gL&i*EWsDgZ}ERuT_(?uhsRM<LNv|i)1gH
z&*BRwAG(#yK4EpIGr^g5Q<<$bTr#(1t0=2!BBhPFXW5sZxzyX!pGx)d(!!5U^<>W`
z_*q9vx@d(<COC~~jNyKlh;I=~-J}M8yxHTabf+HJs;*Y#q~gyQ=u5looK0RBjhF~^
zFdT@R|6XZEU7g#q03LUkN`zFppWM<4zNxvZI<2S%u4f;aTBdH31p}Ivw`tKnbBp;N
zQ<(eN%~HjgTXl9y+s)U2LTl6wS`BSQ7r%e2-Y8^>o8R`}crf#8RF(##)H6wB(60D|
zJFPTJjTf(FY>1Z<b@zx2?_n5<xV~&!`#p%R(~>Z=P_xv#(WK+nbeo7g&xbKs1AEw~
zaAzzL#$D_=PLfuXs5mK`smUZamz-4ofrvl0S`C6?dA}7Q=H+)Pdum6&79un<$qQYG
zPfeFc=s^*d18Kr9`R$WpHs=xwD51$gqPIw|Tlg?ZE>j~b<xV@RCxZ8!@13;|ULxti
zX#2%py^rif9hg{Y8=JsQMJJFc7GI;LlqoTl0&Gohq9_H<3`y;A;a5!?g<B1mrZjh(
zBb3TwVsdKG8`%@B`$bu44p;kGOG1#U@gOdIByUypZWw93c3Wx@K#lWLJpeW<;}Ulq
z#%n?NX75FIn_H)BaC>SwW<PTlShD4FFm0xDo8K%ZmaCoL?|!zj*Gc3)lOf?_x0Tj+
zKhkfDo$-~KK<yLs>K#w@`k2bn@GeZujukt6bP>e^=LSxWQ0hiJfY1a{KPs-`_W}Hh
zlW<?|@r0EPVb{p*mtg@)iWmLgd)ke}eed7Sxm}KMRWvecm01HzuLSow{Se6xuBeN6
zDVrN<YOl40_k8T1;7+^J=(lK~61ty1@6n&?Bi&39G;ds==J#=lfZfW14@O(k&w80E
z4u<j2#bkt?xT%|o*WFh~CmaZw!bWqE*G4upcUy`L;w?5UusNx|x!sD}Q<{l`1FZ$L
zj#TPUzqdOL=3swN(j30oy}CmVq&_oR`uJz-v1ggNAH^w;6zeqttw&zMU3M}<+tNlJ
zd5~U=<Zod1Jb!G#OwK(RKiVQI3H6wtcd}Pspv5nhtp=F3f<UxxMEG8!Z7j-QZF^D2
zC&aY=I)4*xAy}qftK}O1VEO`baXp%#%Ax`Q$o5(<&9#XR?3GTP(}Qnk#0w9b@Yq-+
z>9pkbO5<8qrcPfK64}7NavSmb=#rb^5oIlE%Q+&QFtfR_MfI<F7O3Yy*szfgdNVHA
zvXE+=_j&H6reKo@8A-Y_?KX6jNuJp$8_tL9sMG>2sT-gW1~?pl%zi==YJ5HhH9H=<
z+9nNulXiaX?wIN}Q^{|TnrY*+QeYpkYS6fyLrz+St$p6b@jH25pqqQ-Fkfe>?3MC~
z_%;Q?Ag3&w5$V9u^zYp>+fpr*bkQDNEg1-RU(R4r^EpFsCiOIOm}!4|yOZ)6xX~#}
zcod#vI-O(Ni~xj*?5!FUPi+w3DD&3k0J1}nwP9`q8P#{+>-N^?^+v^wxeLW*KE~{`
zQsG%nm1!eF0PaWG;nL86r4Zu9rY1j*@s#~Ddt@P~)<H#<ng={0w?4YEUITbp8t#BZ
zH8R^IR&f=Xble2rNz<a7RLcSTPn?@&0UE)pOdz$)2>8(z6raHGS=BeM*!x*zs~G*8
zKP7Os&utai=m}CcxnIw{(h*VRannjqpXH@&lr}#=zR;X1QJPE{L_d(Lcb6E*G=a&2
zXkRQhHsP7x4t25_iEn8S!uLUy%ukx}8UQhS*4h$eM}`A}4aNH8!YL{B8~$nC69MaY
zVrYIRWv?ad2zC2s=8dPC;xJVw7NqSGY{LLnf!n~I^tIfN3zh4jaSjPKKjHN!6-j+1
zz+%JJtHmAUkHZGOdL7Jw8>4(DXh6X5+<FU9K6Ft7(CK2IY;d5ndQ-W?`<ylrS^X9<
zf67zKOxVn(3hh6|@#%Z!YHujz{_hdHRzOgwR-1>SlWA3g=TDLMMU2FW;g+|fu_&&z
zaT|w^sV!<gI!mDk!==sM6Jb@Ngluky3z0s`pE&5EV}GPJL_2$J$xS2;b5iHHVdrv*
z&~0^SJH7X3bckq8^;r=w&}OsEod3C2AM?d9VID}$)4vq^5<)Gh*n<uaY1MDCyB63!
zmlp3>fM7@9%;LuOUf;&7+WFX|^f@tSesU#x!>-|i`^YeS69$rz-VE`5s~@PBa9~xT
z^=YHrdW!5H>P`6yx2*I08DcV0e5~o&rNuwX&9Lq0njfDW{j^L?;#;LWYKGB-hg=e#
zIVAt`2%xA|11$Go(~e>h7T(RLWz%Z`fKIzPcxVVW^Xo=)wuX9Z*L&%XYbSO4?6#!(
zH-W;r7h3Z-o=CakI5zj*(X!|Bw0F~AfC(aX3N@j`nKq@_&q7m+pH5uh!*R(k#n{y?
zs~E9}{F8L%X!3WL3d8t6IM>(4@L8uMcrcPNNQ;Ii$jI%0KWSelLx7{ca-p}22k=_y
zve}bYL+JN6-|KTu<)#zmVf_<YvDpS8=9+RRKC<F<$gH~ECoS1P7wp>;4&{==XxQLo
zkOLI7TO|FOVBq@^ltF~9s#iVHvOd#tuHv|#cVtPZ6+YrOul+ls9dv>D$prFvjS6OD
z{(Cx*>6iW&f$l(*m)-z7xsxyM+o~?5-&!K*QrP3Vo>F!rr`zei=c{ArHpH_oPJLZ1
zTZ|KG7tZ(1o^sk)mjZRbNWlqkmSnGw>yWcH5&?m(WwxF9dAO8)Ri4M_FPFAv@RZB(
zhEGT2R~)^a|A3yX39k}|b)sPsY^d^Lmpaja#tU468KZMC@$f#oVuEYH`|lv=aJ6d7
z<l<XSK3<GYz_|Rb=KQ8k;J%{A8IeBBvu}g>^}9^UGV{7!mu2Z{+sv!)Z5&|f-lu5Z
z>~n}yRq68C<7^rs-a4AQ%XYyOp*z@PK-VjU4q=pY*<ni-<%oHfP;@6vz%0P%&qz=F
z)qVKA$5)>*oXur(M}QUNV;PxIlNQ+ZY908JxH^-+Tpy)1=ov#=0WC$f%A9+VRGJIl
ztU&-ooCsaZC_nmi+}GpedF6&{BNd{}8*D1-<Xkiiu2))Dp7!9;)V^ZwqJGxFe4o|c
zS8bM1NRLHnV6JQmP8_RQoZ^6d(&WSR=&lr(uGXpO^m!_+ufChe`Yh~YqbCyP=n}PQ
zg0-+V0;;<s&f~ADttqxr()%uE_+k^0DA_^sTnG6r7%V+1>yaT)YDKJ0C>$@{e8%v<
z*S_|{DUva79?so=nM7Wj<btwby&b*LPEK$x3)J!4!fiS?y;0DSu;|hZ+pD%6<}~p0
z$=Tbm1pre+Z(h(Uf>AS6Ua#5!q>DzMcaIg%A=000mI^Dkd1d_gQ(oM~1gr15Gha|^
zlrZ02(}Exq{3<`v+w@~d-{!1q5tRL_X%!j)4?`xOFkp|}L?<&mV_&Y(y@=2oT~8n3
z5geylk^9Zf`;H9~<!Zk>*tcF=@SZqdol3_b7(TN;mLnr=s=FcUHji*elxR&oD#mk~
zRnfC_RZo`9-)xjJtr7I9@zl(twa3`Bom3ljjYE<EP5F+IQhJ2Wud_Nn7WMoDBnic6
zGObz~yD=T2#+)<=Sgh60{&ExsPji1FU+jjsJpK!aOKJ1>?Q(-g<@CLAk7e`u+TCns
z@6BFm^j%|bWJaZL#MHecx&`Y_;v<Y4Dj7-Vmd1C<YcCc;x_JPACm{#XRSW&hkPm#2
z@Rn|mCpH#Xksgb+@Fq`rf~%GjNU$<@nCYf0nTG(MiLtn`EupgF)To}0%8J<D^1o**
z-)eWhX<=5tH%nvUZl|o$_3otp$2lqjlR~)bgN-Z~DNB6|iy&WEG0L2$y-D-1nMJ%B
z<N?HSE!L@2_VHn;gEc<HA>Js)w`|4Xp{f!8TQT!!;5G6AJ&>r!+MM0qa`?V-3wp?b
zj*qUAeNwl$b1K<}h>UBK>o#gFE7ZC~z~!q1Di37c-`|0ms>5SQGeUVznLgj1t284#
z1w~XpFWvS=@2o%Sb8J}vLjrLNjXJZ6H+3@|Jd@tC4MZ&Yg_o&y&Q|SR07j`1&Vb#>
z)jz(MV{_^V&0pU+$~?=oq?W4ye&4i$XKuI6)K9rUoRa&8mrk`RU+B*mCq#-J)P}p_
zTCUT63$=elkEpzT;*l=#(!}s?|6cg}4_7n~QBqfgu-62yl<d`Lys+!PDY>GBhZ{X^
z4TaQc9^ArbWySJyo})Y)8jmO;tiXT)=p4Q(wb|R<2&b)n?NIa%N^|P{eqK}bFpb`I
zUH!7$qrtna@211+7E~}h>b~`%<@GfQ{F(#bEBk42c(d6@Pg^oJ=jvwy+C`~XJZt9A
zh0>)6`al@`rIUN~b@%+x0`A3+q+%s!S`njcXoYr~93G%iw}5jC$ZkOhWo(S5=1#rZ
zBxR>>>^SeKG-4`-L+u#!Sz)zfz78XC!>wr|_VxaRh=e`|(_H4|f$e~{FeSRv2U6?!
z1H4v9t_SU2%Y?fr-B%r{5ltrjsMbe?uT+oHu{orrJro1PE}fEuP%EZAN#E*qhCbFD
zrg=`?pdlMaJTxVm7KqfeDcSkG{&^*bJL5&8d+@1Y#$a!=(exe)KX~d24<>vt?7|ep
z@0^ESN{ovGNrN|{EJ43!3$2g~b8^?}lDphQ*pKsAU6)sqP74yeMI75oo1ZGpYRX!7
zt17#5YH5Rgb%(|9!2?hJsG_?Nq3T_mP8=7io9<z`Tu$b;0$m0lo$aaqPrmHme9-?|
zM*XKdoXjF}zkFWj(12<aqADWdKs2Evl9irP-VL(Ba($CO!uB}-#lOl?A+da-NJ$&Z
zpQ|J_{uw$_C6XG&T-;sWmp)8!dF*eaO}s?Nmgb+KBt%L_GHil~hWne@9Al|780mWF
zFRa^OWxe1qc?e3%teRzk5?7?{mu(btCOa3R#e5_YDh2I;+nbamo4G8iCI(0qrluCw
zjKe0|-cG%q^xl0oM*TSRVNKn@Lf+cpAw@VROnvBV(*%011LXPX^+RH;xRFnK><rR>
zK5l(=<z7fOK7LuuN#ME}+t-(v5(LIRttcR{RYD3{qDRN)qj>sZTu6)hjPsS(Pe*1{
z6O0%2k;CuI6a7m6h;blVjZv{P4_lV!oMUph2dkglU?$Jd_Po{O3Z^6>wfP$lN0XUP
zA8B}|if5Pgtp0X_ZS)LSx{FU}ieJk-F`yw+3$dL@A~YkO-B^Uw&>^yOy0V!m53Wo+
z?)ShJ!CWQ#oB6VC8LtN1xeTyxk<g~RqRLC@x@fGFQgln?XJaguM|0BRZ?Mu>UV&=t
ztb2CMua85VOwjG)e8}Jy14DUNqxE@|rf3dKqr~IK=qI#7nS{Tv_Pp60AA92rht4j8
zDye6l<|g*qZqU{3+OD08CxoMS?3UNBBWDA6g4xn;5|L-l8ruDYpM2x0coBXj1?7`3
zf_hu!cg?lOT(xZ)^~kccF*#XZdOQzd0O#592YB$#|Ii9l$geeiz1R}9J^%E^PMg9r
z_)TEt_?B}Wf?6mtS>&)KR!DG@%lE$#r)s|9(X&}-<^|D`nFBcm$a`Mx4=+M^h_<!`
zwpDJlYbP9YW$lOif=CN}Gw+iabipdla;mH+N=kVT@$7R_Y5HX(;KTcgZk}{uq(yK@
z=S%=3#zNI?u%rrP*@*s(y8^I1p_?+6bhIep_mpHW7aTmsV#wznHeONqWee&v1n+Dz
zzo2%?_d6Va*z0&Jdn}M`G#<?hk`n(OpKL0aNSGICA}8gN8)oWwF<3s#yvI{QZUf>4
zRWcs^V(-3-N;trHrAl7O(?S|rGj*bipUqu|h)hQ%etmaW4-%_!T#4LpJheFgyfe4(
zotk3+sRHCsb+>WX5XPMzN=&?|&3tD?7VXc|Zk2`qCI!9geAZaD(&_3YgSJtuld`78
zY*+sPSbAI5T|eT;Gwo=$SI=34GxhFs)b`z$Yj}YB?W|GMAY7w|8YZQL_BD$dk_}C)
zi$vu~QWNW)h?i<1iMlRgHtzG7B0fF<?C@IgIjWfDTV1t@#}y`6J`K?vk9<!%Jv;++
zIVY$wYnys!c}|#qX2rGVM;eAQ>OmZeWF;vPT*RCVqXtt8ZxfF`_F%=KHsLp3_1sRk
zsD^81QBJVwvzCeeGTjaklEXvbm7=bhl>4Viop`L`b`5%J4cKvvjg4Ncz=QeP>Tl&n
zvD?#Haoo3w7IjFhVb*gUVS9hMItpF*zsC(DV#wLU0N8!XzY2pnPa#RIT047BdPffS
z4Zcx-p_q|0iw5uSjI2EAt&e1y{{1Xhh68h_Y}tVoqoS>_O!>10eOBHb;y*{$K87Iq
z4vbw{sd>lC^AK^=ffV-D#qQRWRwkesArZN2cya-<N=mV*{%QA*5t8m<7xmV%rH2Hg
zwJIKlK_XTM1`9>^8<On!F~$&NN%`lH>A}25#WE#vNWZ|^W^LD5Q<KFX*<IT6{yXw#
zD_?Sq!&cOdl2ZJxT~XQfGAd=yd23_va^&K3ts_lxKkn9EjIFf2(+#bX)d2m@AKU-l
z>Q2*M{86?#Yf~b$Mb2PhF``KpifeRDHAyV(T2e~1xGpXjLS|8xDzt*To~Ak9+Td+9
zJ5e;k(d*>UvT0)FR>yVq#E5*EFY%-@aVM{GwWIU42D6)LY;1>Gn*b}d#?ai^$4HGp
zg|tK(jls0ip7g?58_PAt#8<G?5d<vp(NRJe6L(C0CJB_GZzP2bO*qBk6r^T+0*a(*
zmYwe0aY4jOSV$tl{3)#~+%-8&%A(g~ebt2B<wM^>4FhctN2vhPO+wrHPULv}LM$Q+
zv6R#lTjjrhO1gC&X#YRqN)FZX3m9cE3B07rD$P4LyIlwRQ1e!xdM6h)Huyd4w=Ut5
zf{t`aSWJ>bDjt;{kT1xS!on-uboB)XH9kPggJOZQ?Tu&u22ydS`kxjktur>JjER?M
zC*@M5b%!Ur`r2Uy=M<Ff_I*@=1|CmlHwCHhY~#jFhT1<WE+a1amwt0GNgUWQDXlLQ
zRao2}tvMK=8G?hTw#1CSzcy&!<_G=~pl0hqnNXn2@;{-Blx6RsZ4$64p+0jSmF8G4
zwE;D_gsJ<?m;6=&0PV17)7)AwvMYIhqKBv0wnXLxz+~gyU*rcV*Yu>vyh}aB#lbDV
zYaWA(6lbhTLUl6Yd+i}V#U12Ju*qYp2o^|<DrZYWi38p10U9Mm8p1Jcon7>_V{8|B
zFu^Su?ge^7iwYk`G{Qh?&fHQv3iBDaKtJ!ooHW4FDVyR;#p1%*EQgB*(Ph66K!v#6
zCAQz%!%0XvK+MA22NH%;kQVVQ%dhqZ;c=nQ8CGMh8$G8$K5FJ}!1Y=mVg@;zBv4r8
zCoO0c@k1`)uR#%2Y_x1gTpGEQ-0^JQyMtfGtwbYyc}00!3Cxa?y4~0uu}QpmrptAV
zl{|Y5+LqT5*Hby~^Wz*_;yvtnj!XCg6XSGaqHZgr+U%Nmj}8cm`|V+>hOSFr4-G7p
z+PnZJ<oIQwVkhDIMmko$g36)t&8X(A)Fj)ys|()81b~K{>X^4*<8UURR-A*3Zpo|E
z2eq)lwmigT`Jbf185i-SFOL!lFC9FOM^0YWRP>_PA?92ANB;qLBTIK)vTk<#5Zn3@
zzbCzvR~r`0**(FQ#-cK#7eKoY_rva1*}gW>1a?Ao=(!q4*!0Uw5W??UIav9*?*>^Y
z@brM>i182HIQS6F%BP43(;ZlyQa#Sb7X9%O61B6R=WbU*uvxNwRU<viOc7jdTI$%X
ze0)f)NFEwsn$$liQ~rMn^?$_kVzl<>a=Fa*N0#uq%~^+m@EKQXIsh6O#O(e+IP)vi
zVX=up2;WfhI)H2gSy{vzK`iIurtMW0j$sdJ)_;{m@P8lb1pP`)*40;<vz+Bsq)4GJ
z>wPPwza&e<-Q3RS4dvY2!8$Kgha?i5#VjAbY+<~UVwhRe`@Q8jRZRe0noSSvLf~%z
z0-5k=#0QtNY)0+|tYBFCjoPN&1sr02w#ZITxAao$)Lm$2vilEM)A;NMy<YSm@`%53
zdm$~N_Sb(x@@-QFpc$-`9O;N~qlb;jGnpYrz_iDLcRNM~ODDOzm+$VxRh#wyX|qa>
z8;9x6J>1bf#+Gv&EDfJ1xvOeUg#K1tV~a=Sg$~K?2Hbg1_=Sp`#(zgeU53d|dkay}
z6_rZKqE!9$ht+vhaDC*NJ3}RW1^2E&q?U9`cqfUPxe_lP*f-A^^+uBG%7b@>zDH>5
zMHpYBqJtP?&WaT_2D*w4*c!x_bSWH#5A(H(?pBBp_J$&rOul&tB3j5*40CsP-c0!)
z7UEO|Y|)AD@1=Rfy<9#F?N~YPU7|Vhurig?$@0RMvjH{FPP4_UBP}KxuB7;x$+mx+
z87b6SgftO3xvFAo{eDCd48s<zu<OVd;19`C4)U|FvK$gaLPJg$TM~3V<zwJ*v7xFt
zP|f{WR7hiLqTaT=4vU^)+2ZebNWsn~nYeI;7p)oCa2TkJN!Bm4x?IoSkP-YFV0Lne
zUfC!2#{v{Au~$J4_HaSa<$lQ}v!QPz=njgih!m9V9Vgh$u(IxQiHVJp$n@pZcU2rs
z1|=g8hY+=eb#HDjR3KjT1<PY_$;{Y-A#v9P{U@shd}=Q}-XvryNF?-Yklsvp=KukP
zo07`KeLNLkua-)um>EMuo=8D^1l!G#7JBjlv+YT?vJwm*Q}(xwWUfl?Q_tfQS$JCb
zW+JmnevRB88Se|0zIf`PPg9QBa1E$BrkkHl$c_c2o3C>Ca_qgi%zY8?7uOOu-G&qv
zV4q+2cCnPCm-x>u$=h*}pG;~lztA&y2&G?j-K-NWs)=UrfN>g)a>J+fYPK+63iB(S
zR-!%$*=HPp*-W<;+qGkd|4>{s7w5+VNxiJWfLj;mFA~r59?)mCy8kouj;8}Cb=b32
z*65q%w`&W|4e+H4JoAJ(QPD7Vh`o|Ck@~%YuK_#h;>_LCmt_jdnfiD_E2AS}(|IqB
zll=C1^rZ#eO(_0qy@1goK1lnb(8;s#)uUGcse%Df{Y;+Rm7x*qeuJrm6NmHi3#<c(
zr+8wAu>!>_gP!}o6IF;4PH?B80TsW~Y`T)rGxW=i$x<5AUE-=N?-!+4D8@kCfhgTt
zsFs-5AIRabl?@(`L21k@dmMyy&|`^raT|%-voj%~$^)rBSJbCq6RB_&pgmr!(8T_1
z;r%<;N<JT#SkAn#S<D}gQwVJjtujlzg_rzd;k`dHByegs3xAk9?z02ktG+>>Vw0QY
z0*slYC8Ax^0@8~jciIY+eMwp*kIxFxMKy^%Kj)JEBhc&El~6%#mtlLJ$t>Q++HdUd
zCu2_z3t0ah=aYK+TpRx=46{ep#=9THS+FUOk<74MUmc=Ov9XQ1xJg3WB5ChPxTc-R
zZyhW)tA!VHVPXAIw#VAeoM1@!!M(bQ&s0pH>_;-M?|v^QgR(WfXZh!0r3bAp2fe{_
z2*vMl#(x9kYA-OYGE!Ld?Zoav$KSzxZ#RGH!lC>A%IX)iw>Gj;#adZNPWsM*{!@?A
zSuGL&Wf2KY3i=PW{oA`Jv;s=aQubq$=z+!lYW*@go4KGSfCcv0SbFx91|Cx2U#>b%
zx<9buu9wh$L+J{D(W9o78nOM|aMKLirNLrwEQ;Ffey2LZ8v1M*cl#eCR;)EGB45(J
zO0v@g;+5{)v)5#<8_a3FvkvhqlUlhH+OoA6yCXc$8Myo8o9lI_%h_M9dvw*NrucQG
zLIW#vM^>+Ms~hASny&`ib<esDu>&(ZgF1Kqr*BT-#~eDKWXXCMkG;IRW#PmRnnH}s
z?)kvNjMW0X-;>-p^u~=`_9mqR#vy^Ij#1QCbL@EW?2n5vg`3q?A6cy#W3S#Bk}VW7
zf9M6Y=qQ>og}ua=9m)#S_(|FA^Pw-$Ga83F!FFv$OS9d8?$s1jxxM{De8H4VOfKOi
zt7N2Z^c6n5d|U6nOiRekYU`G`$zrR|bAKU84PGu|$dqcH7N)aeyZfItaIXQ)Zn}w)
zVnqO1L+Z!(;2c>~D8a!?4D&#5wST^=-g5j^9MXF8KCtSZq;6xumQ?Li*xfLpmIgc0
zi10v~*~UJuyuTXQn1vT5m-FPKFSQ=5Nl;r0u0g@tEP=u__$7dAlUVnMyIvUXeC(XD
z<--?QGkzSf8oZer(X%V)#dY>_qsj^=#q7k`3O6Kf_2LiQ$B{?wa1Rg}jioz29}N=5
z7Sd^|Z_S1_{3GN^-Fs2VOte`qcx6?Ayygsi$Hp>s>Il8-nJBZX5}glCam49&EO#3}
z$?ej%W3tsRf?`Oe5#`709~J*GpXE79kL$u^6UeuekeK6i4`v49RQ1WYw}|wkX|Hd6
zzSSixRa~3=L+^w8pZy%RLykRUbV_Q-yOd;nMV1M#-KL?n2?MU|L`oWql2GtfueTgd
zG|Mh`@1yHL**~MZuNMif-nWn|PCW%QpL%Ay9ihMIRUvTKX;t&ZpyL#GgPaZ4k7=$b
z<}~HCrczLNF2zy!;Kh1W_6s{$-%*-^8sF|h)DKOJ{C9tC6L<@6lR;$$UnPmXJ47dA
zwky9bS^h<jVU9Jh$iF2mtn}17B_7Q2*{pnc?fos3&rat=38GU;^_Xuq;CEKMr}gWK
z(_grogkrxdimm7Wn!2j$hd`R^Z4EpC6xitM8UsfaO@CuaX6I3MqV<Vfs6lnhvC46Q
zn48*Lr}I-@JEFb_!J*qCA95h<HedSu`kOy5@1->zyfx=gn!r_UDHgPQ7Jz2g(sS}*
za437*oTj_(W%I=C*ZiQmuoj;b*20cVSP2CbT36~~h=~CnyQ*U%@>^v?0{Yz*lxdl|
z2Wr7~C4CsLClX*H^udIzZm+v-fHigq-i4?@P-m5(o1gmKi5ZOsW>~uKu1V?qSuqyn
zzbLIderWlpHoYBN++6a|9e>S62)^j;^ZoMBV4lpmz+y`E7*>X`lcx&0<3*f>fudp&
z2r(Kt-lbc4O|a-b#l{{RaH-~fNM{$C^5{nEjN_%DyCbfGXJ`lt#!acfmcuYyuGnUD
zBh4YhX6lQ7wpT9OC_fM8WghmdN{Rk}@fp2ay-Kid_gCnatgoLSOo%#VO(~jdxQF#J
z?m5lXaXh-WNcu=<X59Rl-eK)%qGR2Bl!rRk{$2r?Aar$N^iwsjnpUrDv}HoeAkKaE
z0Hr?Qr}9)gdj7}CLS6@Jl7Y}^4^t`1JKC;N<HcRiapn1uPEamG?xIbRl{K{JEUrpE
zI@(g;*FAjeQ&qJM9OMVsc^Tfp#CtVG2;caSOD2CBm%~;KN<y!HkARfIy(F9r*#>kg
ztdi=o;ffOVp^1vAp@%L?I`9$R+3*q<OFbFEP2X5&<=g`+HL8>|YZGXxg42ywD{&|l
z0nN%#Xo%ooy#)Fc7?OSg6_XRxnV5VwSjxiYfuVoMH#9G*fxMRg6s8~%gX+`Gf03B2
zVY8{6AE2A6c7^-^5;fhkOfJWZs)P&2*)NZdBT+xi#Ra8<y*px0_)bpGd~&>_l?u1=
zT<BT0?#Woml)j76INjZK&56&dn6XjJfT5d{rCGX7{UCyK%zQUSyR({6h<>2F3&S6+
z{pw>k#k&eFsYCmEKH0lTY#;MJug><>T8G$viKD>!21pX@`n<LCG~4?cgaL~>@56#v
z-bOe!3eC&1H*T0Fd1$SB`T=RWJ9S3p0He+FKmKCrC?!jxy`&Ue^Txmlm8J&+4vm*v
zcQu<2{!Qdz>Bu=p4~rkIl>S}<nL|cz#5hFq?z4&`?`yD(AmyMw`j^lnhH_!$z-=9@
zC^Pw4W-vs(225k+YO$&+Sz)*Tn1)=PgYJxc$}-?WM}8S_vz=dZwDm^oIgkDPA(ou;
zZ-UR^K>uqc`miMPohM7*D&sFIp-{YlV7JjeNa@6DO2D7<hXmaD+<pVnQ$gI`=|w1q
z8mrDPkr4b1R+A`ADo{IHY14CeCp(A33Hb1{m!3*)O+xx`_d3B~K9d%0&{NzyMD7%n
z6Is}yw41`apsHoxyFopAs^1})rjbDp$^J0C-X;OD#}~#&Jl@}A2{bC+V7E`nw^Suk
zNPk*N5y2;V_%fP;Dk{uOb8Z_ckYN3V>?TWG&)C;rH<?q|ESuyfJ%~R?IwAapyc#@Q
z1&k_1mKNPhD&XI5R^tH(@zl^1zrH~uI`xq#fKUz(GWgIx8_M~dj~RL^U3<&WCr5%@
zo-Xj|EDuZe6s#RZ-k(Scxh!oB0#SJj-wKxf2>6@tl5sqV(`nvpsM?r#)Y+@nZguY|
zXP%{`-sG+pm6ez6$1rv6`MGM*v{f)&EH-8P4z3qOsa?Lf^u~@)E9<u&=MEoUAbeKi
z<7}Z-EZjhEX!1*+pe@<rXTM8I#qr$niJ*!AG`EM$UQxtsBddH<xW4m_98H(l{zNW0
zKn3q9IQ}T7pN9LwWF{Q=!;2rmB|;`r@ARZTC@in<*J`87zPrS#J9Q`aLNrFJ@3t=L
zmJSgkIk9gG3P1fg<uH0vCqtSS^X3Ml)?OJ@m~ep?V{D_B{`5A*WkL#~I`#R>U8B<Z
z<m54Si=*sI{O+gMHX^odtE!dUb#ESEEX6aM7r*8Vk6;cwmD;sY@E0t9rWD`026oFA
zLX}lvAyO;f1p~|b>1m$_E2}T3o7i-BGlLXCZv_LwV%2zc=diH`nrm4F^l(Y2vLxIE
z+owDwS?~Y6bQ{;Re~}mSx*}8FB&|ZZFlzvkWF4%`+6ycuc*eoR#!RmovrD&P#fUQi
z%ESfzn|i!9j#BbC6J6dy1*koiZ^|n|TiF5YqsD_d5&EQ~;s#BjL;*TfA>M3Mwe>zN
zT=bpcY)#ss@i}s~YDG>hrzz#l?^~s=E8mWRAy%4&oiXSa$DBfm8Rfow7=nIPHLd5X
zPe&}{0rTknTx0Bm2|f(@=>^JwW}QPK)Bw^a=0DHz%=(>~IKy8CKb44vxyS{m`lU7d
zlooV!6hIeLQ#e`qq16jDKg?krvEM@pF&3V91i2&ba6__ET{nFk^gy)!jL&NNu5By=
z(nn9dJ`K6Vm(p{&>ZT5KR;b9TM^5mqJ3u{;FmN=D_ht~@+^;cMh+;)fX@7Hhzpu-)
zyz?rvSR*+JWkPrN^_34R`jkA~zRRj*3X!%WWmO;^wjj6%vN&>++}nGWhqpT1UloTw
zc~-FX677HAV^^jRc)g%+I+3yB-j!LYc3c(Jm)GHUgO6odT)Bk5{b_B1{YESQ>Kz;=
zETUy1ms9S2M2Te|)c9G#y9k%z!$Im<6Hw@_s>JJyU&M3I7=G$Yg*XzcE$?dNp5dC_
zhDm|J1Wo7uocGo;DFv^9dbPaS4u$PnORxGfk`jHtrT!cueS?b~F5AVdq*nvZg%|ni
zehjKP`&;|$q_K#Z`x0~;*F99mzrGnPWqA!p??VV*ovpbG^JCtQ<^ti9GpB>C*S<Gu
zoMx2|)Jk-?)U-87D?Pn_i}h2v-sG8SH<y+~)o2-r-9;xuCh4jZ%pt=nvBF#SBawhJ
zMvxQ#R-|5Cgzo(1{0!p%UC~cTIe6Rf|Et2q;!S@GJhJqz-Gj|nhcegm5379xhl*Ia
z;D1#i{~wY5UwT9TEUEwRFZ`c8c;LTh>Az>`Up$lI|K`>RE{Y-L9xz>gX&|-#o~X}*
zv73zn;(uom!H*zRfyaKtb9601EL{1J8LCX^j?FHy9-h&pKNPKfD4uj=|Eo)?m@^Vu
zy3Oi21>DhxU=yvTJI-V<DN}o_RD8lM;#ns>zF+lcDjBRs2fKMN6chl7x_Zs}SAN9|
z;;L(=R_<HGLXo>L1I-KkUrq-RSv**H9<AU|{i}B1BT;`yF;bJo1yZUzWB;w))x&mO
z>ct5&ANc_n4$B_S`CyZ<{keml5ELtafa4$C<NkRWD;~`Lw-FtF^Z(<$|EKBs4+VJS
z`hS$<-KukuU`5ba%T8x0W-O}xAD&Ud`oQon<^dn}@nCZ%;ZU7o(*+yeuDEso>Hh#t
C!mJwr

literal 15612
zcmch;XH-*B*Di_`3y6v$MMMRH^xg#&qyz{^5u{5Cgeo0EQ&E&&LQ6ss2u(@^LXa*Z
zAcRmt4^5<(fOP3+<NLnfd(OD$eCHeEe)s-hti8f6bFa1LGoSgaxx=1nsnT9zzC=Yu
zMGIDYqDw_}8b(ER>c)lhz%MU3GoJ#@DGyy$MXHj{+Y3PFtleYCV=AiBn9B#2=Yamj
zmuf~HR8&`*PX11{y5`$ZQ9X<UKY6V0Yfh=tj$|1`Vu{4}e09_D8sjyKoRX(61xi-L
zJ^pI+)ck?z52{Qm!%amYOaC4rn%A#vU!TVPR1Cc^7S{2E{r%oFQ}4z_hN%Vg)AdKc
zG>w_m*CX@MxNm5K+l%+>XYWVs_;(fXl>I1ymLG@plQtL?o)<Obg}bJ0$gWB^YXx{M
zWt><@_3QN-bRuvk?FH$iXLS}t3p95_|Jl9p-`cfm`#h0+)O`#*;rFHWUl8L4f#D~L
z*DX1F;|slQcAVFr!YTMotM2?Ahmtx_<-kU=6QrhS(A;G|;};=<XYTVvl5tPspknD7
z$|M0^)9`+XQ4KqiIR29=#JW44MEcTUEv;KMhA_x^(ClEccQo5WlVd_?cSOeHsE@LQ
zLZbCkF<<=QTHA^y?dX!O{31tuHWyJ{88xDCy*w;mHhv*B!NgzgccYN~AV$~G@$6};
z<>+%rTv4AA|G-DHB+dKWHQT2`a&N?gxy5dou{tPyit^$~jDM@wn+uaj!Ceg$mtn$A
z5^wP6I*R4!VAXrX38n>4WRj)l9i8}cI3}dNhK@?Yu(ley#r+tD{P9>VEbmr;anhwI
zXPIm7n=ljsn(Z>z4<D+tC-~ZR@3Z%pG~89$TrvXNERCdiP`xS+dk4PEvu4_4B4uyL
zv1-GC0Bi72)ZO~d4c_tVN%WLq*HRgrBLuAme7eTy(Db}x@o1Kjsf}TY6nKr_Brl6r
z#hiI8bedj6ci|5qFm$XM6^+A)MoaC6Cv2qeGKsCDHO=zMIKl#y{3pr2gAwr+gYohD
zAi@4<A7T8pm*KkHbIm>biR!i-Y%braoeQQ}kL9J}v1jYxt0^ur#XC9#M4={QNO8O0
zOU96RJ<)B{v_o23M+gc5&CWS*_n^)|iMe=ue((HPZXb)Y>vPZUL}<l>cLC<%Gbphd
z_>ExX6iWkqWW;A^(0ZU<m+uBfzd(cF<jA<4GnTKBUC>&bgn9b3w|`N+VI<yIImV1n
zBU@BQhHe5QJzKMRD+(!4*|s;3W6Yyg|8c^sj&poL5{<Le?lO^>>o0Sx3P*m$(B@!U
zAKY4p)9`1HhlF(9?~*V!X|+=QG+Vxc7Foj(-Z&HX`0}nFn}x$y*Q2`ASe_^-lrKgX
z35-^c|Hii^^Tum%QSg&?>}l!|CQi}m3M1S-)y*Z^oLjs3>Kdy)!b@s0NYZoNCW@<L
z3}Pca5hra|S2$Rt{A^=>zN+KF>+C_Ym@R%QzMx_A%ii*gO4rn%BflLCA0>0VvNj1)
zDejeKk`LCOKlPOW2@rv`rTX4+z8j^e<xpS9jMs1osHIR7-x%0DyC_2p(K2JP-oU;*
zLrPW=;700%NXHu3lHT5?QGzAnbnz|f*vC<jvc9sLc-wqhKN0S#YKuB_=$K8kW+nvm
zGD~M&#N8bF^q7)_nMrQ2<JrJSez)QEu5-=y@8?k$(YacKHdwcH?o*xXtuf#obe^(W
zu@<prKJ5y@ruTN;ltYLVrc#Fn*}Y5P&_v=7(rcY{$&cWf+0fP$6sL#lp2K*5Uv8Oh
z-)eON;fLdF{lSL9aOeO{#?b==B8&NJ5cb|XoVj*;qNzZh%Clouo5g@~+m0**5j=2Y
zl4yE;&<RZnmc3@Xxnsi9mov7YUdfWrbw)gB%H1E@m%xSSJ#Q3+l7r$u(f-DOMOCC-
z2l#C{lXtp`_n8n9^8+0Fs5?!JVP$ueu=lb{8Q_>JucS4}2BlIJ*fEK?xOgvtqZ_C8
zM}3F3T%Lg7P>}NyoLwqd#BhVQG{`pUjrWCzN;xbet6eC`W)x0`58h=ZGAAcXk~}ZM
zZM*+@zWTRlZmV#YX>3pBpl~~e7Gv~#krVq?t^f^h51!9k4WnRgqO$k02m6LDxm=~H
z72*4V@uTg09-VOdR#}+aIR&Rg4jA)kithQuWYzp@^Znn2hl_5RWfoL%JIt6l>_)wn
z&<%T{a}YB=$2oCfH}d^8xsb{mU&Ih`8lQGkYSm(%Dv1wYc#!F(Gq*9XAt#$y^_ezK
za`a(MD)sknvFF$}$J~37)ldQrV!-eWDiET(i}G|bcFu=t(#8)vS$)x?^_R}3{oLmC
zhl|;MS?VJA7Mip}Oe&lR8TQGa2tlaDh=>F_5B0*LiWd~4JH~Kj4$SZ=_YsdnHI~JJ
zAF(u1lj{7i(M?4VgkVHck+He(9?sgF!)AmS=$(79ARY+Cnc_J@(l@Uh@LyhK8u5$@
zIv|EOht25?<BEx?Rlgup%V1(!w06daYU?Fw*rbP6x<dHNNbQ!Io!YbKU4A_$S7~a=
z@#5K;ytJK$^A<VxQ<r>-j#KNo2EI7(iA@RhFi<h5@QJ{b#0`un%1IQV@s|&8%vHzp
zGB`Ca_am!Ibdmx<w(qZ*ibleC>)OIS>f1W@BUsC5Sa{KK%#splW)SBn<MT6%hJPsT
zA_?zU)N0~4LVdS_rniEmJW_D^8-Bh!?N{Wat#c}ha_^B#QmNmxNz5P|)HnCo$<P=h
zq?ouZvFr=nEO*kpogs&TMlcjY?iTgXXo(%RW~}8)C6=Z5xoKd*24ioco;ZFK69~++
zDVJ~{Et;g@HocKzh-Oiy(#W>x8BW&(kL9N?O181<*w<juT+zH-In&PHsbYsd{2AMk
z;i!s$oVC-T-=HjMMx|19tFw%ky>w@nKRQ7T>PoAYv+o7A-jp;<c*9(ph7$8<^_CLd
z<U>}sVS_;>y#pHDZEq{RNb#fVe*JUx4rQ1<)0E7q_Q!VWr|w37|Askt(~=Z<FW=IG
zxcAY+>HTSTW@^y}B^Hscj<-CPXz<9V`w9<g$AiDTSBO_|Dh~{8CqNTX5OJTWOzo~(
zSQD$5@z|m%h?w5Bnxma%>vdf>(&^kB_uS(b%tN&t!PARg+BH$HH{l=;83JbbTs2Ia
zOhhGkXuwxlT`zci!}uv_ZZl>RcA_2Mmv7sXvgR;RgfTq?G*qa!YW>g5>B4F;*-TC2
z30}ME&+owHmp7w5O?0vO!a5;o?XEjk-^``e5V?ld<<sZ5ZzwX&z@SJRa;wF2xNc5d
zcKkW&om*s=BWbx@Wa?aI*b;7wBvmdC>65$2=n#-7x=|;5g-Y<&nh>n6dip>!ngV|R
z{#@u(yZ2Cunwx$pbHlG8KNj*F&9iUh2dJt$dyTT+FQ*`&ygxsLb#5Eqc4cf0KI8Rp
zP=oMLe2~zg1kUXfdaD`FDt{53D-9tRNy839ks%Uy)J5r+S!f&9GO~dsgnUIgQoD|P
zqmO1?Kuv&`@HytB)#t0urMs>qzT6qrk{vTt#!~*Q9^5q&yrfZM5C?Cqp;xjFB{_6-
zh%+Lf$76{{Kf`dmv%Vz>hne4kYIuyI<XSa<;h{@EfpO}Z<{T}<1ti;>U&$XNc6sFM
z(9-&l-9a9@6}iu73)*hfGjxC*)pE$25M(9AQM5dEzY*7iw7G*Y5b64yBu$P@(F$)d
z>hriEM8FX9B_)!_WCwlKyuR=v@ViXC#U@@CRV+f5#CmLGndrCTgFN=+B)$ordba|`
z>d@5nEGN2ZY+Rxe<i9Ke%N4oOcE#+xt08TU9&uQ*<aTSKDYuxDCG&a@i}qyY^*o-*
zTL<2GY16Waf$P7SLq58*dOPU8tY{oxEC!=#Q&xoiU2&+&8E=tMSm}=A_DCAjzJ%#G
zD(RIo!S7K@rNEN1b(UgjW|Vhh{TeJX9LXVXzLU+ia7;<XrHiSLul7bI2>5!mc9^(B
z9}xKTLI(Xl?tEv=>BeJi#iKjqWbF~T8Rs1?LEdu&97VF?>Cj?wK3Hx}uG%z1s4Q2p
znI1i}c`_cfNu^}EmR`CheMY&f02Qemn9B<a-9mOsPEXv2p!}jqJ%Ti6J49f!w@vz4
z(3+@=mk;ms)#kCPj+(*@o6?fPWMGT@nj7)2)0-Zu-b7qts~eL(^xm7@ms|_2kk9jW
zXl)E?q`InPUJE`m6#5v;o93-y>@3cqr=Tc1?}h1i(8wE1evK-3k^GZsvQhTPkX)RL
zlNoDkFnAIA*o6N$=XA{@xS7XoGw5v8t_DT;n?iuB*vM8(EA!@|AM|MM+EEZa7prwi
z-pJ+Q%FH`?V+qjmVnVAzpKPCdG*(r3#EU#0I8V2{71e3kZZ)t_H}B#$-t<m#wBgT$
z%vq`rbSYv~&mSDZ%}JokH}{G~sHnbTP5~tT`*lrbpm{{o_>b<@|6BJqV{5~%>w}il
zRIhx?1woXRx?m-H#1TQ^P~kyK_+IB##S4@MZ$f>FSh=8LZ@9?$2lD^%Ys9cm7l<<0
zP#@9_dR!Z}*V#>Ar;<8YjsTwlY<P8e4snu|T~!hSQZy<m;j{k@-R))!GVq$>g?n$i
zp%jMl)%q0N-0>XsTfoeFH?D(d?*T^-Lcd{7+6&E3Q^Zc%OvX!y(7$IWS&~lLw^k1{
znNQlMH1EJ@y*jR?b@W64d&6G;@k23@nZVI~rRlA+d%Z0dm_d`|<3C-;UiLQa`whpN
z$v>7ZE(w{NJl`<q0&bkFmx7b-cRALWUjO1)<Ib|dRPk^Hl{fl+i~J4FRB{S1bLB1Y
z1d!-W;2-3YQIIwL|Ne{=obSaGBj;^zft<B0NxwKxEX+(c^WQQYJe~;tiXrx87rOuY
zaZTEN)^V7Tzk!#H)hH>uHTZt(Gu4=SZmzB%{<^BcF6^NsOnXLB;aD?hH^!n}A#$_J
zz2P`ylN>DA@F%BXIazYL<#<PMozmiKQGUcWaKsS|-((4HU|EmIkem(;PL+*0W|rx4
zqBLWOdYwIRi^`xKyWQT^AkHldg}7D4R#Zjcs>NYfh9o9vE3~0=w6J*9^3NBQlc9!t
zRTu{M`>)?XNNCV4xwfshWqi`{w?Ju!%(T2cd?H`R7BC*$U+&r-M{j8BT(Y&X^g@%I
zygt%X5qUG^^Usa)*5mt<K|vlk%I4l23*F3Y*XobT;5CKSNB-h4S)M$s5s2SmKQ8?s
zqVKqrcPZP}WTFXnGNtw`a#aF(nj#$Pc_m$HFP(l+_Rj5YcB*`@<{tK_<sVFcQWQZd
z$If(=aW_d<u~q~DBRt!;qDe-X228cC_bgghx$S*O-Q)Asb0xn$H*zP=r$MZ-Y;5oM
z`mixTW%my2f@AjvV`hx{_EJ*BvXL{J@4!kIGE<g1t5_Mcy{f!<MkTtsqczDMRe{^B
z>!JAL6x=P084}mYc^Kc>wph+)bJ!y5K0WQ_XFsTn{LE&vRaCtq>O4H;eK@^tWQ+s*
zA3diHXD&U~XJ@cONR+463&DUT?V+548(-v<rf9Rt1eNg(t|$!7ERjri!)}|&-zTVg
z?Y2V}3aX6vi}<)=>bP5@tA5?_R~7K-z{68NgKLgOrR$g5+l%?*LF8>V6M@2p;V{cc
z24I0vMlo{9{i1~Rmf@Q80ytc6TyEXEYDjnqFJVa-NfC2Bu}X#!At9HsI6g4jl9EyQ
z{yXMfyR=+uM@RBVTPiMW*DDUhzjr5kd+qN~u-dm{oJXrZhJuOx?5i7li_-hMp~Mdm
zJJP`PuZ!Y_LHOlKJ6A%S?eTMZB+jd<5^i`$eglv0JF~m_y)3mVXVyj4sLuXmUZNr7
zay)Ac{)(LMsYeP8Yi+2K2?r?;KlEhhi$LF9Cw>`#i(CtKQwx=?<jWHj`8!Y$#_YNE
ze&ok7TKw?m-k9h?w)uuirWG2Na_RT7QKcq9tGR{~)+F;(ZwJyqLx4r}?FNn=MJ@j+
zgW=<Exsa3{tFP+?g=Nsn375kIV9v|w*Re<Hm0M-%ZsM?!q~2R6;9^yB(fWq-Hy3n)
zlHICGkwtR9_Bg&F|K-7V6L<JbpmaSwVte|s^vro9nVTR=Gt3S|^jTaS=L!W8NA9Rb
z|4=P#dCPijCndwO_m$LP+hCc51Fq6Uq2Wpk=CICm|KUUZ9fh2w<Fl%V<Xht+8@&vb
zLA(?4hYHz&Q#K?#@0@)d*23#B<0s=`La5GnulIPiG*J>pd7`OD{_lFhol&+SB^BSh
zj9-f!ZtJ=ebHtj0i|Q}q+u!&>!KY<Veqgpbe%t>xSa^%?`s&Q7NlqohK>PyaU<3ml
z;PI@WzurWRYBwi}auJ#Fc3pMXK1&L;)%|=vd+xOwLc&qYSj`3)MIqSQU%2fCDKloT
zjikA@m(n+mq#aeWtP*qv6RleX+bDK1IexSJZez~CJo(p%UIj+vB7#BiF9z2wf5Q;D
zHH~ZE0)BLFv+OcLA}?~-Z+mWSdcEnc-ngG8*(Vrz><VppoLjqr!ZmIjvsA4J%?pOC
z3Ip@KdFkYWmE)DTgTsm?-Q(Q~C3Zb?y_Ni>i?}0CrAogC4QBo?0nm1AXZ4b^WNmT0
z>^Q#k1h~-sKZ^x`DQ~ZaXP&qo5IBVUenH3%EPrE(vVG+;8XVys6QO^b@HeO!YNX&U
z{3D*=fMt9C?~A<c&Uy!qxcZMk6u|)ESNul^;y3;;p1djYX+Qr~)$PnC0V|feqHh@G
z3y4s2m7dtl<Yy6)lqkC{_T&a;xImpM-SlLy(asB{N~7ehA71vdfC;!M5jkf9QZo8S
z9Q(a0*S4BDEMbvd!8b!L2`j(*sMFL%!xerkT@f_*=C(zUhJep@wyv*$<5p!wkwQ|U
zAR9r&ehhG2Y42$+cQ=d9kY8D85;i*m4dP6__tL)9N?a4Yz^^MCMTzR<l$O8QtE!ze
zvtCTSfez#HnfcXb>v}vjH(kheZN!Po`IbxVTzgL<8gDk_yZ(G&1?vjO*UI=AY4x)?
z84uPxOOlNKvc3}41`oh+Svc-v_Ji=vdvf+uJrE=5BRyw?MD9R=pGh5$oz|ZnuI@Fu
z>E3?g;H~1hvXb*JDRDl_Tb*9J_A_rrzZ^SMoJ<5|0K<=dUmNsHzStr@Myp}r+)NMM
zbf~aH*PR~~y;uSZuf>lhyKAi}O4QaQT;z(ZJO7P8DY#@kS?3?{G_*UhW#gQ*v&=o$
zTJ|~0+!ATINOdKo`##PD;T<p&-%{SPIpeXu;@0&v^<a9%RE08`%=Sa4IHoIjIH|wC
zV$3!i1YrM&u(5p5V;6-q^2!3r^kHV#&$f)Vy5BNm4OQ#a^5~gj$gkH(+}!%_7HW5=
zYRykuvdPnLVJ0|MquuFGqkq;fS8caZ*9!;f$?Ik_jLYl7od>mQ)?1L+;@6a7hkYNh
z_N(=y<U(-GQOxmM@MTT%+Q#I26G-g&-z>}tt(~a5y<L^{u`FagQM&fML+ng%`6^*y
zM?N-2U?O2eJM!K-zG{1BaJ}CydAcLKawXlYav0<M(1Ac(Y-%v>Z^8Cfu-5va5n|TP
z;)mgm((9tedbkqHfb8TQ%^#S8B<(0R91OwWcgKT<0!Dd=Z=I?Q*goU8)4}OnTfqe+
z-2&;mj|@7^*<2m(%s&gR*=cuQE63V8SKn8p{$xgXak$;xC`sF5M}|?<dbxBIeXU7_
z1sW_KB$3{Er0Fs*zdzQbicRviBbg_QRw_a#hpPj;wz-Vi>N#(%{wXacxJ>*(2H@7~
zYirye%OAQ!;CnQiD*^XzRrEUJ<vfg*p7dS|-uoKi7v-pTYy85Z$-dM4hKR_mO#Guk
zKTt6@tK96aUWqp<n1`)@3yI8U3)$P_a+iOAc9=TylCCIn?%2iS<yhQT35D)Qkubw{
z_hG>$fV@3pINliD!tw8;-PhL>9&ce6eq0mR&n#mu_6Y)URn)mnY{cJOO2f{OqtNU9
z$+<+Kt;S~!=0?f>0B+XgdiW}0XIjh_<Vf2pm36EsI&#{-$A;iG;`yovj=CEM{q~3b
zYxzk*+C+k_-wsYd0Xr8_wJ=f$W=BA8z)1SQ`px5l#4?@12|#E~cjPF-a&^3OF-z-H
zY(I9jHR(DNXXul0J2v<=xCfziBB?ho=o7Tf$>*_wxKI;__%Jmu=1yETmuF3{E5U70
z(l|yl#?ff}ckf*8?eqoIO5Gp2!!m;la}&wg@O1hhIuR!l{$Y&#m#KSa0-r*RD#||F
z22b%zdoA)iKCLs4-M+eIO4!>SDkw`e^nfeIcuZreW<Nfh|5)J)B5p5MhL`S(S`SGu
zwr-Xque{uTlPYa1(up0pw*#3|w%4LWfJF&xf%jG&#%z|{9VH^K`I~8#r1rKP<>AvG
z25o1|par|yxanI}O{IgX`38dmRRz$Q+Qs`?89}OAC@;d%g?G+u-;@$F@n0pyfS9?b
zVx+~amo+E5HhylGN9d-Wt*rL|qeyv2U!g)j1%m$l)S!zcq`<2*{dlvDZDeYwfX@;k
zQOGA-l;`Xht!#r&$IY<UUGeCEWUDy9TagW4eHW#p9nhH+!bNAtqN;tBrMQh%U$6K3
z^wNRbm#cQ7g6s%E>yMT`YFB89^m=Kf!d10)jk@)`L}{(7S+~gdu}8Y>K`N_J%#)%S
z`I+*ExqLOQguEcd`_TZD+fQhs&PUK*p#9Mw3--5vvp-*!dVryvTPvqEgTl?mB?y_D
zYkRB|KRz_|^6Tw!MWh%l-oMa-K<PvkE!5LB@DW&4AvvG#IcC(cuh?JceRx9w4-zV~
zgI4-4@7%43tJ``GpVTBL&FP%6<E>^}lF!ZBh_1XXv$|*$NTp?-SizOfEuN^+o$u;d
z($2lpisk`(z9dT`p!G}q)=maA*tSEK$-@r#Mx?Ksh?~}1?~jKfu&%=^xZ*s>fZed9
zjCUQ=c<&WT&(2H>d$AoP&~C}w)ofME#9-B4u3!t+<?V9V*$PNcl3){BpY!`nAs(A&
zV5loGN&Pgh1u{r71{s7XRUgXk>ewLuR~t$^YM`6wNIG!Lz@~4nDEB>`+fbFP2#j!`
zi;|cg=W>PBh}OT~o_HMif+jtwah%R%HS)bI#b*{RCfny!7XJ9xWC2oZn%wy@dAVEW
z$LK8+iR0AP&NhcG4y~k_`Gvylp2GAX3p9a=?Ibz^OVoAr+iPpK^MOJJ3Ttq_TrO{`
z8PbDh*>R8*KDk0@Vfj5hQp|d@<EY+=VJUCDKv)|pk|+F{TsS{WF_kU`b@@Ly69qw~
ziQ3)qMQrt6ns*<g={=9cG0k0+6U)A|Oxtj}hk6RXy=)rzVf8>O#u9ErUJ|L(EYz#k
zim~H~a6@)Kb~x5V!LH)NOO1pBG>kJ+I$!a&R_w5Re?ye1b#qxyy+C=i4<#M&#R{KK
zGnsQb-@>B&+iI)tBEm@2YkUt#MxYw9EZOk&4{g(Y{)pWjA_f^*fj_m)`I>sY+dDVp
z*7?2<0kcsb&e{r5BE+RUP-5tZDLUHPI5zy~HKjC_?SRGy?R_%*c?-4gMPb(2vgWR`
zes#r~<Z5RV&?*A2Kz1|5pRbmDM*XfUdt|KoXIFBsNID-OFWZvjdkMji2`q`mY4AQ(
zirA|DRK<}!q<(MtO|4_7ymPmT_)BA$J-hb-qUIhVmk#5%(Rmg_c|AY3C;Lmle-^fR
z_qHHmrhKm(oj$0)7=Qrx+Aie|PSY8|Z}u#2Ecanp<pLXnOYdK$@3z2f_hOt`t;?-^
zpBa0rwV*X0Mu!x-Q&bKXPkH*{6hK59`}To(M!og!dhr6*xN-&bhkk7ZQIBqrD9oEj
zeIBx#Ua+4Wc%~u-<h*&hF{~`WX7>BAw^H(c%lsGb+2TyU%?hF#r3FZHwOytAVAB=|
z;vYz*Y_?_&62V|g!ad~0?i+nB)<g{o@S{7P|G*4e!%X@E#LTFbQ&nRE_X&k?I^yTw
z(+?ZI0JJu9426?4C?Po5K~}uT-d0(210mr2%&$Gv6qJN+;}ezrOBKu+1Xe8d%O_Et
z;-U+iNM=^+@Pn#zQ_?VyTChV%r+>C;NH-%U4lEkFWS2eu&G(AZb2J2HmRl#>>%ol1
z6?chZ!8JR58p3SS!s&LF=BZz{hsWHMqOX|lJCg9>!h)TZ;g+j&r_Gan6gK>SlKrXz
zr#^`teo?lUB&UHrW;SQ=1B2#if$YBfPg#QXCZc9vrR{#Z!bO&G*{U|Jv5g$EX>whh
zwKl$$Zn4Gek8NT}!PVdqRu*^ltVuN<W(K&r6kC!3aW(v1dPV60d?a{9CG3>A6|Y0R
zCX|2@6m5P&9EF|$?8ZQ^xfz>u-vR;s>!Yo{sGoB`O+yKR41~#bf6xdcF08TQ;E8<o
z+9T}Xfm17IO-34<^Af8ysqfL^QH&CW=qYCfDKKBvaXbRlV=tp(i!v_+civ$%@xiMg
z?cTwww@w_|1i|o7ik;QpLLf%BVCt)1{wc4X+GcvP_bv`;_*3#_=8OvTVDupkz2KFU
zNsve9jO5Ip`B7^G)WTTGR(B=6U_^iR=P9HRj3-bC1-+9d4lC~xtpxYBw>-q<Y4XT<
znzi=zxopK|9}Whgar2C5)+X}+q?56I-9Fy5FVxl3^sRUP7!voCW={sb_{N*@&GP}R
z#lEXq$jIXrTWezwglw<X7iTN&-9ZzEaz32Y3Ix@H52vP5GJg<35ZPt#lEmQ_QQzJf
ziAx<*(;j(S#oqbE(lKjSAP8JI8Ao_()gsJfmOoTRX>qKIhZoADH2*voa^Shidj=6I
z+Pz+&F|MKV7(Xr$Y;vT!@#{;S@YaVkRaWw<%?klLKsz`y=DN7U#;%I`#ja`m*4sRn
z*3Wlhv*om0Y(=;Bm9v+Qg)#z-ejb?_)ooRb-hr6XywUJ?sirvdw^Fq1b+b`l#6`Kq
z>>p&v;}Ls?TLE(W>>pxUmz<gwwbLV);})7$R?7=oC06}%@gv=o<+Xz;r-#CWEDvL6
zrOaJF`7M=<M*L}1@%&7#0Qag3d>9K`<r8VahgtGcE-Dx!`UPFv7g;wPXC}QaP)uc`
zolSfo1H&fGnFXyb6V=?r{)#Yopnh;PzF(%UHwn8^G~CgpRLs)a@O>3)Qs<b#zQKE#
z%?6{bygWPnx%EPS1KK8?ZOl%O^%DVtw(2UqBl8~Sh~vvHb2Vcqq%6V$R}6{TmL0ZE
zZ@jgZUWfVHib-f&EL8jZXqpLojm`R(ImaYfSDTRzi3yn_k4J8hUDwmKf(>WoclU|4
zU29i?bS{Fo*OTsrB#Fwjj%UtroOI{9t9DkYw<{@EoVR70J@gtGxh;tAiRjgr5OHUD
z3y$di)o!CZU@Pq*z1TnFm-9M!Dz$choZ3BI+TsD`Pz+|$Iu!I>NKuv^M0xqiXDPlY
z)sjr$16KEqR*`!+!@r5&cL})B|GTvEBxC(wa?s{~YNVM&GCvS*ezmY2?}Q!;p6IsC
zufP#^qis(EhlZCmjn4v7GZocyF(AqME98E*7lK{;Ta5Ce=LPBhU)}j@mUIA!vfo+;
z&*5PU3eYl`?HlHmoS~c8-|ss0w_t^Vcuy3jWK`p>B@l2_e6ZzultuY7;;|qu*#6#d
zrM<T1pLe`1g7CIjWV49t>^_zfY^quJVLMi=K5C^55g`kM<?(79n1`iHk5KR43J9t@
z=Gl&iKCa|UJDLq4yJJLtNk#MU7vOjkw<WmPuJj#sLJKz<HMFptGqquysv-pmHtWw8
zXgqg63#J(uvOf&Zq`7dD>Xn?w1qk^7>e$h_JrV)dNKo9r!W=J2xbhWKLAdDVAa~r$
zXcBGZXj8ox^@f9<b9gU2l*9+()LZzIkv+T^@LQx8fkMYRRV=mkKB}(BN-%LC?s>Jj
zTpMhH>ck_%JE9*@Q4L)I2C_y1R>JF&br+&g*Iif@-)F1UokClqD_9-hCKV6P<Fwdd
zX(%}F>V(_V?fN9$KEvrK$^>@%#Jb?fo&x6NKze`Yu2c=}5OOBfTFY7;^nWyqGi|XM
zCdGRbtjNYqKVI#Q%&r@af!GT$?C@&jTu3r9T0colq7MTh#eHgdDiRkTiAdg)%>2?e
zm@_D#@vWesIU?GE@H8f_SE|phvB!Fv=<Ny2JLoG$`LiR!ph&&n=FVbnsW7dnZg|Bf
z*RP=@9!^d@2S24JP51=Si`<N=l~G_8TaoH#;sKnn1qGi3un7-%|1o6LM$5tMZ&kv~
zGk<Lm#Mt1|k;K?1_KW=3*P7(QwvW#k2AMq#FZJho23jjzE6@JIRCRO_ftL=dvuiB&
zJeVY<_noXZ^w7VuUD30%`GY?+?wcf==iS$6x$PCwQp9eHKwi3;Ww$L1vS&dU+{Q9G
zOZH+od%ds35mRi}bzyXUMKc^a_R$^aJCD^b4nl_jOZ26MU|0#}u(VM9%O#lWZA8|H
zf-gu37<$TQqx@08DJmx@7DTC8t#86Gsf0p@;;pQ}B1p^^P>4{EkgWs~he6@iB*xd}
z&|(wM-!)<ygI<&umN0*QS)|!a3;;Q=8{Ms^qLK&!N4x-D{8&^;`l9$F@1d7{LVg6q
z>(^yXX^#!E?o~Z8XZBvUdq5$P>d|5g{ol7B$V2;3*|AS4_pL~GuUqGe7)2rPqH2e5
z!ndOn3%(4GWBj_lk>+i0hRU9z$~u`LNknc+rk3dRLNTM{i=&7$3pjRUByY2^5Lccc
zF^e6%-^=93&5-I0A%8TA)feGh2vDkIF3$n$EuWlglNxE`eiODAwfYd`4EPCw_|Yu!
zjbl)I^EEESwaVukL2sJsAI2smv^dSoYC%v({@qFH5}e!{zaHTqoCEfizJdTCSf0tH
z`g)rNE~4IDkXC4SSOjcEMFPgX0-uq3u4y2-Ditr7go!1p*OTrmU8WLhz9$A-JBT>h
zAfnoD12AEHVx>rIrR&(vu47{5;2^8$cO~$CR6nn}{m?|MA6gsL=_b-C$aC>}EG{Ra
z*Wa%m9?nty-ARg={f)%kqWTBC(1Q3+|K022WB$(}3)o&i3_6S{B_SphqD-Stwu3ga
zZd^ueH_<gcUl`6fzFu|vMDd$f<_6?DmxD#gi9g4HPf$Il0TA%la}aRoTk(%K1Q1dg
znCE|*a~{F)FRYssg&n;1Iyv*4lnu!Ffumt(+q<rY#D*iH1&%e?U!ZPQdG~j_8Pez0
zKa55xK}jnbhf};HraiVfTVKPYl_?9g!Q(Hivh~~{Kz$gj!1JI>zR5u6x&|j~HNQ5n
zz>Z$mX+f*0-qYBO>5t>-Jz|zrbhf(2iIX2zvd{2q^$Bo&FW5TJrjq?Q81FtFfz?#E
z=C?@f^nA3!W%B(Y)z`uwz+`Noi-l!JT<0Wh?-CUiuh0ArIs==gFT)VLXStO?#TLm<
zSr2A2;+!hSsS)REvbn@1?+rT)#!SBUbX4Z9ywa^mWa_1&!kz{O$J;|Mv^XAsNG1xb
z+_6Nzh7M!oS=V7GbF%WBQ$+e1w}8UA8zyAN^B@XdUlmza+n4=tpilTbC45?h32muS
zV|$TI`V3wYzZ~C|Q0vuH(s!w3T0^-_)~MhQQmQ;q20dt-+W`jOMA=A~gJpD$NJBaZ
zhUSmYl1xkPHY*yWDk|}(b$#SdG;M+U_QDLO)U)%<lAg%$`XLg_S(9Jm+NIlWhU@;2
z(X~&hlO1UV27&i1i2se*Sc0X7I#}UM?(^OmgPcN@d?QDHklj#HnFL&75?>7Ny*Xlg
z^V^cYxEn&cz^g9Ge=C(EdGlaz6)0b;$n3DWq+2<XvTUL5{#YY_Mi5l4Ye)^lTk!0)
zI1MGdK|!v&VL>e)stVq6^gG@B1X(!mQm5DRoF^u9-Cx`=Ug9%ko1eQ1l@Yj9fw_}{
z%gGXRrfXg<0l6gDZf}Rd1*oXZZMPjrLH@@R!mv|m?eQE=18r=eb=s#5X2}jY_bXKN
zcuW{S*P(Dh>~>vp<2ZiK2~(!tMD81$d7z?2w3K7}bwAkIs1lL@CkOWOH>9LTs{6M_
zOdZKy-<w&N|4Y0&M^1O&1+4TheVHlWB^X~WFKI!NBl&@vhYU0d?BNiEhh)&T#;M!8
z!?dRqoIzezKyj+daz92ca8Ff}{6R}ON%Ks9K^XdXnXWfuU-1Vp=*LISoSfzq+!In_
z5qh(nHGFI^@eQg~U9I1M4RPLtR4fz!(s5k_;Y>^fS>@>#Xyi%8fJKEXII47gEuNV{
z*Z{|V@!cH4+>}P|%Y^fk;RgrbNfy`M4VCoFUur$yAqIU6ay$Xh@%OSyP4V7edaqQ%
zLBvkpG9?svbtuT_a^`@i)aFqX_zdAQ`;4YR!~R{BS}BM_>J`nornS&sxzHf$#t2@Y
z8z1;#DUri(!7S>938|?|v#sNJVLG57_BDXvf|AW0L@>u`c8tA}Au)$DjbFV$Kh`N0
ztS36aCljxU3_CgjSt5w2h0#)1uS6dC(Gm1Rpcc2EhNQTO#J4@eEJ&7E_S(+noSW^|
z{4GIWwQ-Jnx-4E$aygY<lld$S`5E^Y7&u2<ON7ZSLj0IZDwI@wi*v~)=V|ws&YMmQ
z16CHdyHmQP;@hS%R!Q0^VzxtxaA96818Zz-qG=}2_{zwMH~(G8b)z=`)OmGC^=~W!
zd|dcnfZOpOfJ=B`o((<no}0U6`>tW^B5=|B4*&)wtg;an6F&v~S(7$G>e*pO6BGhg
zR~4xL$pPPYVd|*<6BgL`7x+(Lksd(Qxz(fVyoXqYhyQ`ICww?V;^_AO0<oi2JFZ6!
zfCW?xX8>Q6N;<K|od18vGXH)5f5R>i1;mcN$^h5Yo(9;XL_!7c-1N7(iFS+QSwV7i
zgIu!tMpl6DOi4%0<$qJrot&e!n+r6DF&iSayumwbf|#Y?(P-9*gvUzjVK{x6BfAXC
z!UthF@i-s-@%p~<i`;n6JWC6i;u4wzaZ7k{*)*%_Z7%i#eU<fot!Zy+ZIkwkssLBa
z=JcfX4%8*#i=u6Gx!Z0qTS=}Ca-tuEkJ0=B14J}nzJ_3!V}06L#R=8f_iFV9)r+p%
ziU^5@VdnDkL+>EH^CUhF4xKBjlCdiC_cW@V>?qHE{B*Llf{VM+8x?pT-V7<}3%7;w
zf6pOWlfEs<>b7xkm<*mv!KDB+v~c1XKtq53rJ<0I#6K&c#4HZcn}@lls9p#HWE~*U
zOnCKp&4j-AKSRr?LY2kWVi6_8CsGRum<`$rp>}=tL9898juXt9kuh~d*NX)2NU%w*
zWz-hU(u?C1mnVCx2*nymb5$woTryI<L>sK?FR$vpTO@^LOFphHC^GVowyXr5lN8Lc
zGEa4~O*rS2OdsDl>%3j^Fphb&0K5@xi@k|p@aTIg$oYNvhJ9Mw&;jU%$!_%~*%mA%
zUg2wgTdJzo#u+3~(7Ikc0x(kz4H@e)Pi8}CP21hmRK7FAh2Z^dg(G?dlnIYXpot7~
ztsed4`Q8jRKpy|x{ggK1KM>ml#c2KA6pXZdQhB$3)_15tuT2e_P$!CvwV4k9?L+Z>
zGg^x3N48g({lNKtw`owiYBMUK-86%saxX`os8VAd2}%RkJ;b(%sC{BH<b;6dJarDI
zWmEc7gZ{v8+m4A6aU1(2MV1!Q8Ry|_E<UTY$s7ZC$}7mpP*Wfa`bhx!bZDBQqu+JO
zn<&w!(2X<B=1%0N8S2zT#UO9><*PSB!1s+}XTPQhs`6xl{pI9b$eKxL83XKWXlHVQ
zqQ_5SrYMv+@&u;A9hV#`AOzyCzLwUC;pDIt1x4G4oK%uKm=mERrflEOM#XC>eL9D=
zeqm+%s|I~^Cr=Y~i@M#uCOQFuK>jSAx=i)6-xdpsn(P$vX4EC>wxUH1R?$xS;CL5h
za?37_v92*$6(Nzu`;6<J3nkg%LlTGKCpBfrq}o>JY^Jj8_l4yC;HpN#(M`}!v3^d@
zV5t|oL+JNh3zQJlt&NR=75&9BkB{lN{`qXZ{D;e9pR$Fs&hs6NL4spEkT{wXJZCwf
zj7Pcu#B;PxuXjP*W!pUXy)y%`sTnyU$Z&5M%mo1@Y8kLJzS#X-JS$kRPqQpU`hGiW
z((}whpqNtbc5`SBrxDL?Q}*_|v*Iq<&Y{_3l`c=}GI<3<=7pbHSKEmC&+19_<_;Ql
zMy|Fp3{nd>rW641U-R?w`Y$oqFR{NSjiAH?p-C#8>62PiuO9q^$_`n6e=DpR)O15L
zwv!=8pGQsN2L^WLFV5R8e_ya_9CjitpQT_9!=l<W`yY|}-+Y->J}dinUcD5kRbleZ
zG4BXR@T+A4xZFs1tITwN)s}k0y~%g-qgkmS_4MU)ZMGY_F1{OMP^iqZv>7;$^vh<`
zcr2@Lc~y)tH&m%OQ&VmHi=IjDT9*go4A*$<D`io8^yDTEL)tsE5&6a7IIjKjt@Xyg
z`S=WN$Wpn^NfPdK8o|(L?sAE$qw%9;=h+dOa)m+Q%Mq1-<mk8gvLl^KIo>%LtS2Tp
z1$i(6Yhm^(3deZVd{Q^|DsVOyDYokBW5B#KcU&$y>*^B}q+{@BBn|lI%MSpFh3p=c
z7MT~czh}!pBuaa2w?lTDc8-ob0HS|__a1*V$(R2hMEKvV9Q8Z}#}>rcqE1&I_&>ux
zWoIcE*p>$f_dP(8XpWkYJD@wZ03J#eaSFlk_%`7zaEN92zlsl03YSklp21SR@4)y4
zzc~CG0Ok%I7iQ^-Bms@#A9P&m$^TJb_?M3H7UUdME)KQZr!3~u$m;Tb0YrrpcpS?T
zgCA9^0jW6%GZgNfI%aI18eqQuF4TpoIr4Di1ig@cdrY_!$)IM;-;So5e__*Sv3gS3
z(&`>^AVtEBg5gBE=a9xJJL0mlr_4D*42;T*iml6U0$+ZB?wMPzouI}pgb5%a2{~4J
z=a1rp%K4g&4F{c?i!OcSpLxsPk31IyRLn;_ytSOVu$pJ+!5KIHNoV8=v)qTv=6npO
za;rGscg-i6=fCLuyIH8-09HdnC*h~`Dj=Ucz<bJKPrr2cYm+&NPj0-<HMK?^YCLfX
zI03;*YJhk&6K%e?VK~#U;K4h*rmty$I#IAp@yNXVZf!cd5Ui<$_<QDrkq_%Id>5;S
z^+w?4Quwy=E%CNK9C@uCxB2ySqpa=jMg=IAZMij#74Ws`wk3=$rOmpZ<7V*8P;BB=
zns)PaE6*RK*g3RUHzZY<dvYRr_T#iP<b|px4=oe~j>UC!S(ZfY)#T$6pSrzZ8@9=U
zP~SCL|K$f{paSenQJJ3PM0ei#ESk9wMz5NC3LH8>^zo!>5H?X&d+EO6)R0Yt-a@U|
z@^9q_=Kc`wYGdk~my9j!R7>TT2QWWpbM!kR5XC=A5FJz|pA8Y)n+t5huuw~^z^<q6
z^@7N0f)|Wh$#*0L2WUEW6V<w2kgm>vb)b0G`8E(dJM6RVC7B&qkfqR<S3f;kmT*z-
zQ!s)9DIwEFO1$aM7oq&zp#E<Ab2iKth}{Tg^)xY<Q30I4$g{#qBLTNuoW)V*rJy$$
z*B;M)Q&i`(o=(WKJJ0k%OY!;}75#2B*7QGZ*+r{IYxL`=nT~@Zw<R6nx-4T{$G5kG
zzCIR$k;IPFHR8*5Mgr)-ZRb>srxcP+%Z4ZXtQcODYPMKa8qrhectPgL9F~j4-4bc;
zx~b}|F<VJ}#1`N)Dcvd^>Yly`aPh6|ygcAjDj;Q;7(e#WG-ecS{bb%bY;LT=wn))5
z{?fRJ^ctv*grJIVf164tGeYUfR9c32C!OC+YFW2mC-c%sr+9PU^E3O*t#sWAs6k3F
zi!o7$&xp>cS3g5@FZAQMnDuSW>luiO;b-J7q-hY%hi!&H0{snadi!+Dehoc_*+2Qf
zVJl0oE$cJZQpFIHM866D20$2j{4HA<gf}&l*6ujXmsIe4xiZJRSS@ED7HaFk>im9p
ztPBUA8mdU^4`A<m?4$wvRDW)W7bp;<@o{PVY!v$zmf~$siU;Y5+mb|jY13I<P+~Cp
zk+VQO{79mrGH*ugr{bU=x1FITh}>hmQffb*7<5i41KN;d3j1Z6sBR{Mk4taG07{RT
zzd~;NH5#`8=9@;w%yug;j)!k>rIqn9d2GMHgGU6Qrx-LIFgWM+)?T$9?SHg{%lRN<
zT=SNQy0J0tNh_-SeZbnq@>6}GLz=5L)#tzbYZtPh!JZsPve$~X6S`g^tez`;8E!cK
zQs>KQM!VY`FYQF&UqqQ0Z@A9?U>RpIyz7n5S+iMLdub;mCgpPDz0&Fg@S;$A4;VPg
z*j_$`|GggVm>oZQcOr5sk}yf@0}7cMnbbNC(nN~|k33O?ydH1pu^RG`Xa-mEMDKR)
zn>#V-L3P-ZdP6&DU|sa(R1usvBIvzv7Czc&v0_P8ox(Ner9pGZXjpW(i;{hl{0W#y
zO4<%Ns||0K=|amqRYZ2f#he{RYcKp%Bk}pH>+(s_-+Y9B0ebE)c*Ta-S;0$Q0yf)N
ziTK<L^EU-#q`CBWEDr(E$iUyXI%<jx-cJYXbxg0+vTN1feP?R0J`<W!VCF9Yt3Q>R
zN;jL>uUW*OauHwkhDavLbbd7IcF*HTb5)xNcDtK4upig6l<!q*?J5FO&*NK&ef&10
z@%tO3oiy``=E9EdPE={2+g*MbeFHL8A0?+CF&k#|N?F7#7<CI<rpuRzi5*J?#0A1O
zXJJ53?W@F{a+ld_`M!jTdcsLuKI;*AYMUC6kNm5+e_Q>02LwjnVd=M^s0OLu4!sEY
zxQ)xY?#2WI5NLdvq-{XN{gJf9mO!SC5qWgO*zT^f(WI*nAQgSR_X`N7Gyl094oF0T
zRR6hR^*?J*r9v=;1EI*o^ut}jIKtlwX!8UsOHxq7k?M)KfA5Aa-`~4YX}<Yee*NLz
z-<<6g<9|mNSacJkb?^V)c*ym~f3db4h{yl+LiGQCPLBN-;GI;-e+?@C7y1J|s(s>L
xvEk&9`X8#||3@F)0uT5<-TB8jgzU3^d`6QpVv^{zFmqxISXt{yiQ<bl{{!2k60iUO

diff --git a/readme_source.md b/readme_source.md
index ecb8513..740e840 100644
--- a/readme_source.md
+++ b/readme_source.md
@@ -36,9 +36,10 @@ This integration was built on the .NET Core 3.1 target framework and are compati
 
 1. It is not necessary to use the Vault root token when creating a Certificate Store for HashicorpVault.  We recommend creating a token with policies that reflect the minimum permissions necessary to perform the intended operations.
 
-1. For the Key-Value secrets engine, the certificates are stored as an entry with 2 fields.  
+1. For the Key-Value secrets engine, the certificates are stored as an entry with these fields.  
 
 - `PUBLIC_KEY` - The certificate public key
+- `PUBLIC_KEY_<n>` - The nth certificate in the chain
 - `PRIVATE_KEY` - The certificate private key
 
 **Note**: Key/Value secrets that do not include these keys (PUBLIC_KEY, and PRIVATE_KEY), will be ignored during inventory scans. 
@@ -83,6 +84,7 @@ This integration was built on the .NET Core 3.1 target framework and are compati
   - **VaultServerUrl** - type: *string*, *required*
   - **VaultToken** - type: *secret*, *required*
   - **SubfolderInventory** - type: *bool* (By default, this is set to false. Not a required field)
+  - **IncludeCertChain** - type: *bool* (If true, the available intermediate certificates will also be written to Vault during enrollment)
 
 ![](images/store_type_fields.png)