From 76b9a5ffd83a0ceb0ee5e7572b4ac5baaf891f4e Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Wed, 24 Apr 2024 10:30:25 +0200
Subject: [PATCH 1/2] feat(materials): Helm Chart material support

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 README.md                                     |   1 +
 .../workflowcontract/v1/crafting_schema.ts    |   6 +
 .../workflowcontract/v1/crafting_schema.pb.go |  34 +++--
 .../workflowcontract/v1/crafting_schema.proto |   1 +
 go.mod                                        |   2 +-
 .../crafter/materials/helmchart.go            | 128 ++++++++++++++++
 .../crafter/materials/helmchart_test.go       | 137 ++++++++++++++++++
 .../crafter/materials/materials.go            |   2 +
 .../materials/testdata/missing-chartyaml.tgz  | Bin 0 -> 14491 bytes
 .../materials/testdata/missing-valuesyaml.tgz | Bin 0 -> 14098 bytes
 .../materials/testdata/valid-chart.tgz        | Bin 0 -> 13845 bytes
 11 files changed, 295 insertions(+), 16 deletions(-)
 create mode 100644 internal/attestation/crafter/materials/helmchart.go
 create mode 100644 internal/attestation/crafter/materials/helmchart_test.go
 create mode 100644 internal/attestation/crafter/materials/testdata/missing-chartyaml.tgz
 create mode 100644 internal/attestation/crafter/materials/testdata/missing-valuesyaml.tgz
 create mode 100644 internal/attestation/crafter/materials/testdata/valid-chart.tgz

diff --git a/README.md b/README.md
index d8b9f5e35..83051e523 100644
--- a/README.md
+++ b/README.md
@@ -130,6 +130,7 @@ Chainloop supports the collection of the following pieces of evidence types:
 - [OpenVEX](https://github.com/openvex)
 - [SARIF](https://docs.oasis-open.org/sarif/sarif/v2.1.0/)
 - [JUnit](https://www.ibm.com/docs/en/developer-for-zos/14.1?topic=formats-junit-xml-format)
+- [Helm Charts](https://helm.sh/docs/topics/charts/)
 - Generic Artifact Types
 - Key-Value metadata pairs
 
diff --git a/app/controlplane/api/gen/frontend/workflowcontract/v1/crafting_schema.ts b/app/controlplane/api/gen/frontend/workflowcontract/v1/crafting_schema.ts
index ba9378296..f508c5abc 100644
--- a/app/controlplane/api/gen/frontend/workflowcontract/v1/crafting_schema.ts
+++ b/app/controlplane/api/gen/frontend/workflowcontract/v1/crafting_schema.ts
@@ -119,6 +119,7 @@ export enum CraftingSchema_Material_MaterialType {
    * https://github.com/microsoft/sarif-tutorials/blob/main/docs/1-Introduction.md
    */
   SARIF = 9,
+  HELM_CHART = 10,
   UNRECOGNIZED = -1,
 }
 
@@ -154,6 +155,9 @@ export function craftingSchema_Material_MaterialTypeFromJSON(object: any): Craft
     case 9:
     case "SARIF":
       return CraftingSchema_Material_MaterialType.SARIF;
+    case 10:
+    case "HELM_CHART":
+      return CraftingSchema_Material_MaterialType.HELM_CHART;
     case -1:
     case "UNRECOGNIZED":
     default:
@@ -183,6 +187,8 @@ export function craftingSchema_Material_MaterialTypeToJSON(object: CraftingSchem
       return "CSAF_VEX";
     case CraftingSchema_Material_MaterialType.SARIF:
       return "SARIF";
+    case CraftingSchema_Material_MaterialType.HELM_CHART:
+      return "HELM_CHART";
     case CraftingSchema_Material_MaterialType.UNRECOGNIZED:
     default:
       return "UNRECOGNIZED";
diff --git a/app/controlplane/api/workflowcontract/v1/crafting_schema.pb.go b/app/controlplane/api/workflowcontract/v1/crafting_schema.pb.go
index 042c12423..d7a705678 100644
--- a/app/controlplane/api/workflowcontract/v1/crafting_schema.pb.go
+++ b/app/controlplane/api/workflowcontract/v1/crafting_schema.pb.go
@@ -113,22 +113,24 @@ const (
 	CraftingSchema_Material_CSAF_VEX CraftingSchema_Material_MaterialType = 8
 	// Static analysis output format
 	// https://github.com/microsoft/sarif-tutorials/blob/main/docs/1-Introduction.md
-	CraftingSchema_Material_SARIF CraftingSchema_Material_MaterialType = 9
+	CraftingSchema_Material_SARIF      CraftingSchema_Material_MaterialType = 9
+	CraftingSchema_Material_HELM_CHART CraftingSchema_Material_MaterialType = 10
 )
 
 // Enum value maps for CraftingSchema_Material_MaterialType.
 var (
 	CraftingSchema_Material_MaterialType_name = map[int32]string{
-		0: "MATERIAL_TYPE_UNSPECIFIED",
-		1: "STRING",
-		2: "CONTAINER_IMAGE",
-		3: "ARTIFACT",
-		4: "SBOM_CYCLONEDX_JSON",
-		5: "SBOM_SPDX_JSON",
-		6: "JUNIT_XML",
-		7: "OPENVEX",
-		8: "CSAF_VEX",
-		9: "SARIF",
+		0:  "MATERIAL_TYPE_UNSPECIFIED",
+		1:  "STRING",
+		2:  "CONTAINER_IMAGE",
+		3:  "ARTIFACT",
+		4:  "SBOM_CYCLONEDX_JSON",
+		5:  "SBOM_SPDX_JSON",
+		6:  "JUNIT_XML",
+		7:  "OPENVEX",
+		8:  "CSAF_VEX",
+		9:  "SARIF",
+		10: "HELM_CHART",
 	}
 	CraftingSchema_Material_MaterialType_value = map[string]int32{
 		"MATERIAL_TYPE_UNSPECIFIED": 0,
@@ -141,6 +143,7 @@ var (
 		"OPENVEX":                   7,
 		"CSAF_VEX":                  8,
 		"SARIF":                     9,
+		"HELM_CHART":                10,
 	}
 )
 
@@ -449,7 +452,7 @@ var file_workflowcontract_v1_crafting_schema_proto_rawDesc = []byte{
 	0x63, 0x68, 0x65, 0x6d, 0x61, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x77, 0x6f, 0x72,
 	0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2e, 0x76, 0x31,
 	0x1a, 0x1b, 0x62, 0x75, 0x66, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76,
-	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x87, 0x08,
+	0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x97, 0x08,
 	0x0a, 0x0e, 0x43, 0x72, 0x61, 0x66, 0x74, 0x69, 0x6e, 0x67, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61,
 	0x12, 0x30, 0x0a, 0x0e, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69,
 	0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x09, 0xba, 0x48, 0x06, 0x72, 0x04, 0x0a,
@@ -486,7 +489,7 @@ var file_workflowcontract_v1_crafting_schema_proto_rawDesc = []byte{
 	0x53, 0x5f, 0x4a, 0x4f, 0x42, 0x10, 0x04, 0x12, 0x12, 0x0a, 0x0e, 0x43, 0x49, 0x52, 0x43, 0x4c,
 	0x45, 0x43, 0x49, 0x5f, 0x42, 0x55, 0x49, 0x4c, 0x44, 0x10, 0x05, 0x12, 0x13, 0x0a, 0x0f, 0x44,
 	0x41, 0x47, 0x47, 0x45, 0x52, 0x5f, 0x50, 0x49, 0x50, 0x45, 0x4c, 0x49, 0x4e, 0x45, 0x10, 0x06,
-	0x1a, 0xc4, 0x03, 0x0a, 0x08, 0x4d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x5a, 0x0a,
+	0x1a, 0xd4, 0x03, 0x0a, 0x08, 0x4d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, 0x6c, 0x12, 0x5a, 0x0a,
 	0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, 0x2e, 0x77, 0x6f,
 	0x72, 0x6b, 0x66, 0x6c, 0x6f, 0x77, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2e, 0x76,
 	0x31, 0x2e, 0x43, 0x72, 0x61, 0x66, 0x74, 0x69, 0x6e, 0x67, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61,
@@ -502,7 +505,7 @@ var file_workflowcontract_v1_crafting_schema_proto_rawDesc = []byte{
 	0x6e, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x77, 0x6f, 0x72, 0x6b, 0x66,
 	0x6c, 0x6f, 0x77, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x61, 0x63, 0x74, 0x2e, 0x76, 0x31, 0x2e, 0x41,
 	0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74,
-	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xbe, 0x01, 0x0a, 0x0c, 0x4d, 0x61, 0x74, 0x65, 0x72,
+	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xce, 0x01, 0x0a, 0x0c, 0x4d, 0x61, 0x74, 0x65, 0x72,
 	0x69, 0x61, 0x6c, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x4d, 0x41, 0x54, 0x45, 0x52,
 	0x49, 0x41, 0x4c, 0x5f, 0x54, 0x59, 0x50, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49,
 	0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x52, 0x49, 0x4e, 0x47,
@@ -514,7 +517,8 @@ var file_workflowcontract_v1_crafting_schema_proto_rawDesc = []byte{
 	0x10, 0x05, 0x12, 0x0d, 0x0a, 0x09, 0x4a, 0x55, 0x4e, 0x49, 0x54, 0x5f, 0x58, 0x4d, 0x4c, 0x10,
 	0x06, 0x12, 0x0b, 0x0a, 0x07, 0x4f, 0x50, 0x45, 0x4e, 0x56, 0x45, 0x58, 0x10, 0x07, 0x12, 0x0c,
 	0x0a, 0x08, 0x43, 0x53, 0x41, 0x46, 0x5f, 0x56, 0x45, 0x58, 0x10, 0x08, 0x12, 0x09, 0x0a, 0x05,
-	0x53, 0x41, 0x52, 0x49, 0x46, 0x10, 0x09, 0x22, 0x46, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74,
+	0x53, 0x41, 0x52, 0x49, 0x46, 0x10, 0x09, 0x12, 0x0e, 0x0a, 0x0a, 0x48, 0x45, 0x4c, 0x4d, 0x5f,
+	0x43, 0x48, 0x41, 0x52, 0x54, 0x10, 0x0a, 0x22, 0x46, 0x0a, 0x0a, 0x41, 0x6e, 0x6e, 0x6f, 0x74,
 	0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x22, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20,
 	0x01, 0x28, 0x09, 0x42, 0x0e, 0xba, 0x48, 0x0b, 0x72, 0x09, 0x32, 0x07, 0x5e, 0x5b, 0x5c, 0x77,
 	0x5d, 0x2b, 0x24, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c,
diff --git a/app/controlplane/api/workflowcontract/v1/crafting_schema.proto b/app/controlplane/api/workflowcontract/v1/crafting_schema.proto
index c66df841c..04aec6628 100644
--- a/app/controlplane/api/workflowcontract/v1/crafting_schema.proto
+++ b/app/controlplane/api/workflowcontract/v1/crafting_schema.proto
@@ -83,6 +83,7 @@ message CraftingSchema {
       // Static analysis output format
       // https://github.com/microsoft/sarif-tutorials/blob/main/docs/1-Introduction.md
       SARIF = 9;
+      HELM_CHART = 10;
     }
   }
 }
diff --git a/go.mod b/go.mod
index f0f533397..1f1a6670b 100644
--- a/go.mod
+++ b/go.mod
@@ -310,7 +310,7 @@ require (
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20240401170217-c3f982113cda // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v2 v2.4.0
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/api v0.28.3 // indirect
 	k8s.io/apimachinery v0.28.3
diff --git a/internal/attestation/crafter/materials/helmchart.go b/internal/attestation/crafter/materials/helmchart.go
new file mode 100644
index 000000000..ab7ef7136
--- /dev/null
+++ b/internal/attestation/crafter/materials/helmchart.go
@@ -0,0 +1,128 @@
+//
+// Copyright 2024 The Chainloop Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package materials
+
+import (
+	"archive/tar"
+	"compress/gzip"
+	"context"
+	"fmt"
+	"io"
+	"os"
+	"strings"
+
+	schemaapi "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1"
+	api "github.com/chainloop-dev/chainloop/internal/attestation/crafter/api/attestation/v1"
+	"github.com/chainloop-dev/chainloop/internal/casclient"
+	"github.com/rs/zerolog"
+	"gopkg.in/yaml.v2"
+)
+
+const (
+	ChartFileName      = "Chart.yaml"
+	ValuesYamlFileName = "values.yaml"
+)
+
+type HelmChartCrafter struct {
+	backend *casclient.CASBackend
+	*crafterCommon
+}
+
+func NewHelmChartCrafter(materialSchema *schemaapi.CraftingSchema_Material, backend *casclient.CASBackend,
+	l *zerolog.Logger) (*HelmChartCrafter, error) {
+	if materialSchema.Type != schemaapi.CraftingSchema_Material_HELM_CHART {
+		return nil, fmt.Errorf("material type is not HELM_CHART format")
+	}
+
+	return &HelmChartCrafter{
+		backend:       backend,
+		crafterCommon: &crafterCommon{logger: l, input: materialSchema},
+	}, nil
+}
+
+func (c *HelmChartCrafter) Craft(ctx context.Context, filepath string) (*api.Attestation_Material, error) {
+	// Open the helm chart tar file
+	f, err := os.Open(filepath)
+	if err != nil {
+		return nil, fmt.Errorf("can't open the file: %w", err)
+	}
+	defer f.Close()
+
+	// Decompress the file if possible
+	uncompressedStream, err := gzip.NewReader(f)
+	if err != nil {
+		return nil, fmt.Errorf("can't uncompress file, unexpected material type: %w", err)
+	}
+
+	// Create a tar reader
+	tarReader := tar.NewReader(uncompressedStream)
+
+	// Flags to track whether required files are found
+	chartFileValid, chartValuesValid := false, false
+
+	// Iterate through the files in the tar archive
+	for {
+		header, err := tarReader.Next()
+		if err == io.EOF {
+			// Reached the end of tar archive
+			break
+		}
+		if err != nil {
+			return nil, fmt.Errorf("error reading tar file: %w", err)
+		}
+
+		// Check if the file is a regular file
+		if header.Typeflag != tar.TypeReg {
+			continue // Skip if it's not a regular file
+		}
+
+		// Validate Chart.yaml and values.yaml files
+		if strings.Contains(header.Name, ChartFileName) {
+			if err := validateYamlFile(tarReader); err != nil {
+				return nil, fmt.Errorf("invalid Chart.yaml file: %w", err)
+			}
+			chartFileValid = true
+		} else if strings.Contains(header.Name, ValuesYamlFileName) {
+			if err := validateYamlFile(tarReader); err != nil {
+				return nil, fmt.Errorf("invalid values.yaml file: %w", err)
+			}
+			chartValuesValid = true
+		}
+
+		// Stop iterating if both files are found
+		if chartValuesValid && chartFileValid {
+			break
+		}
+	}
+
+	// If the chart.yaml and values.yaml files are not found, return an error
+	if !chartFileValid || !chartValuesValid {
+		return nil, fmt.Errorf("missing required files in the helm chart: Chart.yaml and values.yaml")
+	}
+
+	// Upload and craft the chart
+	return uploadAndCraft(ctx, c.input, c.backend, filepath, c.logger)
+}
+
+// validateYamlFile validates the YAML file just by trying to unmarshal it
+func validateYamlFile(r io.Reader) error {
+	v := make(map[string]interface{})
+	if err := yaml.NewDecoder(r).Decode(v); err != nil {
+		return fmt.Errorf("failed to unmarshal YAML file: %w", err)
+	}
+
+	return nil
+}
diff --git a/internal/attestation/crafter/materials/helmchart_test.go b/internal/attestation/crafter/materials/helmchart_test.go
new file mode 100644
index 000000000..3b796e17f
--- /dev/null
+++ b/internal/attestation/crafter/materials/helmchart_test.go
@@ -0,0 +1,137 @@
+//
+// Copyright 2024 The Chainloop Authors.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package materials_test
+
+import (
+	"context"
+	"testing"
+
+	contractAPI "github.com/chainloop-dev/chainloop/app/controlplane/api/workflowcontract/v1"
+	attestationApi "github.com/chainloop-dev/chainloop/internal/attestation/crafter/api/attestation/v1"
+	"github.com/chainloop-dev/chainloop/internal/attestation/crafter/materials"
+	"github.com/chainloop-dev/chainloop/internal/casclient"
+	mUploader "github.com/chainloop-dev/chainloop/internal/casclient/mocks"
+	"github.com/rs/zerolog"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+func TestNewHelmChartCrafter(t *testing.T) {
+	testCases := []struct {
+		name    string
+		input   *contractAPI.CraftingSchema_Material
+		wantErr bool
+	}{
+		{
+			name: "happy path",
+			input: &contractAPI.CraftingSchema_Material{
+				Type: contractAPI.CraftingSchema_Material_HELM_CHART,
+			},
+		},
+		{
+			name: "wrong type",
+			input: &contractAPI.CraftingSchema_Material{
+				Type: contractAPI.CraftingSchema_Material_CONTAINER_IMAGE,
+			},
+			wantErr: true,
+		},
+	}
+
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			_, err := materials.NewHelmChartCrafter(tc.input, nil, nil)
+			if tc.wantErr {
+				assert.Error(t, err)
+				return
+			}
+
+			assert.NoError(t, err)
+		})
+	}
+}
+
+func TestHelmChartCraft(t *testing.T) {
+	testCases := []struct {
+		name         string
+		filePath     string
+		wantErr      string
+		wantFilename string
+		wantDigest   string
+	}{
+		{
+			name:     "invalid path",
+			filePath: "./testdata/non-existing.json",
+			wantErr:  "no such file or directory",
+		},
+		{
+			name:     "missing Chart.yaml file",
+			filePath: "./testdata/missing-chartyaml.tgz",
+			wantErr:  "missing required files in the helm chart: Chart.yaml and values.yaml",
+		},
+		{
+			name:     "missing values.yaml file",
+			filePath: "./testdata/missing-valuesyaml.tgz",
+			wantErr:  "missing required files in the helm chart: Chart.yaml and values.yaml",
+		},
+		{
+			name:     "invalid artifact type",
+			filePath: "./testdata/simple.txt",
+			wantErr:  "unexpected material type",
+		},
+		{
+			name:         "valid artifact type",
+			filePath:     "./testdata/valid-chart.tgz",
+			wantDigest:   "sha256:08a46a850789938ede61d6a53552f48cb8ba74c4e17dcf30c9c50e5783ca6a13",
+			wantFilename: "valid-chart.tgz",
+		},
+	}
+
+	assert := assert.New(t)
+	schema := &contractAPI.CraftingSchema_Material{
+		Name: "test",
+		Type: contractAPI.CraftingSchema_Material_HELM_CHART,
+	}
+	l := zerolog.Nop()
+	for _, tc := range testCases {
+		t.Run(tc.name, func(t *testing.T) {
+			// Mock uploader
+			uploader := mUploader.NewUploader(t)
+			if tc.wantErr == "" {
+				uploader.On("UploadFile", context.TODO(), tc.filePath).
+					Return(&casclient.UpDownStatus{}, nil)
+			}
+
+			backend := &casclient.CASBackend{Uploader: uploader}
+			crafter, err := materials.NewHelmChartCrafter(schema, backend, &l)
+			require.NoError(t, err)
+
+			got, err := crafter.Craft(context.TODO(), tc.filePath)
+			if tc.wantErr != "" {
+				assert.ErrorContains(err, tc.wantErr)
+				return
+			}
+
+			require.NoError(t, err)
+			assert.Equal(contractAPI.CraftingSchema_Material_HELM_CHART.String(), got.MaterialType.String())
+			assert.True(got.UploadedToCas)
+
+			// The result includes the digest reference
+			assert.Equal(&attestationApi.Attestation_Material_Artifact{
+				Id: "test", Digest: tc.wantDigest, Name: tc.wantFilename,
+			}, got.GetArtifact())
+		})
+	}
+}
diff --git a/internal/attestation/crafter/materials/materials.go b/internal/attestation/crafter/materials/materials.go
index 78c9a8645..c8bea87b2 100644
--- a/internal/attestation/crafter/materials/materials.go
+++ b/internal/attestation/crafter/materials/materials.go
@@ -169,6 +169,8 @@ func Craft(ctx context.Context, materialSchema *schemaapi.CraftingSchema_Materia
 		crafter, err = NewCSAFVEXCrafter(materialSchema, casBackend, logger)
 	case schemaapi.CraftingSchema_Material_SARIF:
 		crafter, err = NewSARIFCrafter(materialSchema, casBackend, logger)
+	case schemaapi.CraftingSchema_Material_HELM_CHART:
+		crafter, err = NewHelmChartCrafter(materialSchema, casBackend, logger)
 	default:
 		return nil, fmt.Errorf("material of type %q not supported yet", materialSchema.Type)
 	}
diff --git a/internal/attestation/crafter/materials/testdata/missing-chartyaml.tgz b/internal/attestation/crafter/materials/testdata/missing-chartyaml.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..795f6a007190576ab893eb4df1ec117ae5141af0
GIT binary patch
literal 14491
zcmV;MIAq5kiwFQAxhQ4;1MPiXcO%EK7}vQuagc}jDJPE|aOEXd#DF09A=6%4T#~XF
zt#%ob+O@CNR~ld%#4HCh(9D2bO1nAEN%DA~l3$VEk)Lr-9+UirJf*6-d#2|bAVH9{
zF!l-{rn|bjy1Kfmy1Lr<uICMhp1X95&)VAB_U0y|&n@w}w!R@g@#%CnSbJluz25F@
zbk^6|TD#L}Z!fX6+eAt|;~+GBK;@lzVf#)o9iUjhUjj#Tg+-qa<@x9T=3gxRVrl7X
zv&UYYus<>R;BQO+68^2jzyAUM@b7<`4CL<V>9PEZHU2yN`!ZGJQT+SA1_m_D(a7P(
z(Cj(*_CGcL*MI%Lga5bpkN@R=|Ih#Y-~Q?U{Ns&#xp)emBlG>2+_bpgx;;5iHUBr-
z>G{98wz<B<-roi?>E~xY|2u1J7}`Vrti9dt{AOcg`?D>hv%S9AZm(~3Y9NT&i^J!;
z$9rEMzCJMCn_=i1$@%(h_wZoU@&4qQN2C3Be?A?)KYVrCdBtDu&giMN*EZP+An@YP
z`3THPT-0Vu*@y9nS>L+VHmc@7&X?5s-`?C<Vw<;$m3)5Y^Iwj?@tv`M^4&@3`F!?m
z06n%gHj2l;y{(UbTgd<RLjRk~Gl~B9#gfqfXhBvbKL1q_NKOBHuWBux`}xTEAFF}4
zAP1`Ee`h^C|F^c*7W&^@p7r0P^}kJHduy$|vEBJi4F*XnUj4pfo(0bawq<d*_St5c
zR``YO0wW!|eec=f-tL+B_k8!DLd}Ckpg_yh09FZ~pQR3WlSi%px3~IN&HwfWSb(Yd
zzp>TXT&(|ddLBI=TkWMKoKe4A5}%KLnP2pm@?Ylph4%S~V1!G?($$i=G+c6KkMgZN
zh<j~mZ)pHn`#S!ku=@ho#E18tr4#ryfVUjpw3c2kdC<QxeCP0MYiS>9gz&Gm^bP#Y
z0S^B94t}{<vf(dh$)!@>(j|Oz;L}{Ps7w#O58;0vl_<vKrNkun{oN99@hqOjvv?NI
zgL@u{k6-?)yG3L1ES|-44<D2dOn!bYKmRH|AIbN>ke`32)%lhDWb*TK`T1Az`AC-g
zh5Y<G`T0xv`78O!<mcz|^RMDl3av-d_;@5+R>sRC=_7c=<mcy8b$RhDo}bP0&&0>C
zaQ#0hw*ME;;#oX@!_T9?+dtWVz7!b*nFrTe2LHZS6_(^`zLZr0ej%KN|8^;U&*bOl
z^7F6abD;<<p2f3x7SFsNwf{HZ&d@${?<D?bbA5}oH#Xay&31cpeGTJ(I_<T^{@*;F
zWp-qSA@|*Yg&q?ez%B>eW!<suShjn{MrQBaJmY~;TV|&NJ7B?hH1hlqz5v%a?9B1H
zY-onP0hC^4K6lK}zTi+V9B99rt_1*Geg<znm#vI^-nZX#i(T4K?%y>G_R4jxnCDVW
zM2U^K&m7z3MlIT(1`vD1vh4NV3A1cJs2OK=*rNXm^lL`<N54h?RX+^QTKFIJXK>-R
zVnAK!-+09Ow!?$kQzN(>!GF8vIs7*q!uS6OMPHk~?TrI=xPJf*j(qPO?}atPwz%06
z<>059aS`-9i?<$76oQ=p#|OLnUmqAl>o(e`*#F<$Zf~dN|Hj6~V*h_G&oX;%hpsua
z)ogfScYV{pVtWJA4{Nnu_U)IjG$eoi%gP`ON5M|3h0BH!3|f}g3tFK!vf;xKMZfD|
z(V(@AWg4vS`RvU1#v>Fdg6o*$o!LFs<>4g<fuj%+^^96=8RX52-|ipRYTtkV{gpX%
zY8D@H*Wzx^=D|*lu_l8Wd`H5oVPwz+_XChGJ8a!}Z@j0Ud_M958>Gk84)c08pzZTB
zI|%)&X4?SF&$(~dUaKqG7tLdn)Napn1JB_#>;;S3zhdK&WrjQ|M(CL%`?YHRqFp<;
zU26yE>h|rkugy_y$U_q<nTWZ-`=_6n?e?6p#aUhS!N3=R(H}bweycNsef(HcwT4$0
zrZa|$br=-KV{bg)vFZW|pw^)q`kpoJp@6N`NLEvC7)YlJkW~RQ73o7h9D$tX4EhCP
zHUOCqJ!d@=<RNF{0OT^P2Nu8JjyD3SeJO_pUf}=|Q)Jknq1Flz`!0O=Fo?-fO*BA)
z|J$#|U2cv>K@9C&{$fD$Ex|cJc*naMayP_vM1rS3y*?ub-4pO_mjOKkSU!-0UU=R)
zq6=Mt7MVBp8HSYEJz9gP^eCd(AJ{1{__wdWzBFMC+>OhzJs>~uYK);|6^v190TSFF
z`F6k?t1KLF7XQGwWfK5EQqds?u3+^epZolWu??IG>rk!9kTAZ>;V;%U);piVPt?<n
z@tLvqsi<T6z$DmN`txMOd$#F7w?^ZT1-$_un)C)(V+aI0_Pj9WRy7HbvBIkna25Oo
z)Pg^OReHWX3W<~VX@)RW9JK?W5BAhXpbWUo@t{ZCf|~rj35*4>qIp%TY4fk5spF_5
z4YPoc^FW6ziQjV1Z1;Vw7Mf>OU<Di~sDo)6?Jc9-w0PGx-DZ2O>2GyvwGm9bBM(NX
z5?3O29}pGbkD`hO+vk0A?1ZFJJ=t|G&8y%Ev->d~NV6w6{etkxD&r2YO29)Ze%OEM
zg}@5|u+bBN&k67OJPcxlOy4)J;4k2mA^lvA=_~p)9nh`<g|sVxAZJGC%XZibM=65?
z%FG~=6hQ;{6sR@U$ldioG@5RPG@>t|Kjzr&D{ss$y|H6~GI!4LO~7Gpybpb#oeR@@
zD5is05dwXX`X<nZczf4{vakrdJuZQD`3`7i5f^J5x1139Nq$*I`WKA;GSh~i=_3KJ
zMAs!oQsTl4M0pS52GELU7I)3A!>vj>y%}(rMm`heQQcLr44nu_$676b-oQZZIc5-4
z@#Y@~UJx=|HDUxq_S$pCL(WbFAV!c@p__{L>dpEp)0=roi&VWX7YEA@5YK>FSF})y
zWd)ZzKp}xKK&sWuUXKUC*Pswrp}R{Z*$|47v`5)eh<Bo)V{Te+e3%EXXaEBH$I8Y|
zpv)94eD+5hW+9j|RdA2c+yN?f<AJmikkqPC%Fc>)#Go%HhC|SGnQ4Sg5dg{~1qkV7
zGQhNEBc45Y56D3e#C(t0mUNPeULs4N(4d7*!U6t4K#9%{uO#$yeg(P@YJEFtSn~Hs
z0TeJnLZRe=dL;R2A;34T)-t}d-6A9e{$7`Cv@&7~B`iX9nd!(bgH#;>)h|8Y!a_&#
z`&axbA|=w2I*f>oQBu7@)A^FqxS>#YK?<QUOmh)=+thU#=z}Q{hneR=2Qd~uKmeDf
zOOx^pYYY7av^4B7NVdT4+KwGwiDpT|8E~+L)6_s6NR94tEXiAvR`h$b+00j5B~`Ak
zwKC?IU0B@23I%kXys8+&S0nQWm<6i!cr*Zv@ftPZz)(N353IYj0kRXm{4n-Fvjs4T
zPFo`<?y+GQHF1=HyB9k(b*?}e6i2%!CvRRI??*4du)y}d@V()V_9K&o2BtXX{p6bx
za;eb~JzlZwUdZY^F)iy+50k$m3{WuNLxIN)L1p~`4lZpG-cQ{i)u}5&*Qr&cA5ix~
z)QHHMno-HgUp1Q;v~QzTMR>>w_VU%~!HE&R4-?kdPd_!;;|skwnpt3X?>tkzBh<c<
zsD}e1^bGoGZ4G`2WS8ZamoyIbzRkg$io4o`vJKXR?iRGyo}|6@6z#QTd$pV)l+B~z
zVo16VLCdu9hzu}!7!NGj5k3ddD-H~0KBe-y)5vfajSZ*>m$WkXaOLzsTNUlg<&GLB
znPoc;>2@T_OoyW(oiU<G6hlGOet{E&h1zVQ5|SFIXZ8AOik9#bar~21(I;#ORv&Y{
zFv4h+0cA`;*0e14B)@^jYNCIKAW&xo0gLp8RmWhbAbwFb!r#Wej}lwh-?eDg!FuHZ
z`Wl#Lk5|xu?S&3i76T6bBRL25F{}l`JYX>|u%^e}1)huOJ*)p@pu{sYF8o+W@dka_
z+F(tqQOhGi`&uMu>m+E;h6L?fAVE7#0_F4gW_0G8=%*GU1n_MeYsOlw_U$W|z4R{l
z5Ugm{?yR!)we_`CVM1T5D<?LrvjHO$1kIzq?b^YBTd}2oW`~1umkfPm-j;A<ECUCJ
z<DlvFn?RYS^aqpu50>4~d<P4?bVQ-4htvZ*0y``f7&SxDE#jV`V+P#<!s&wVW0!`U
zV`Lzphu-aZJ|K>+8!Twq{XVB*>2pBIM^KgpfIzhnUF`@BilE>;lqxSdU!taD55S@f
zxYI|Y%JeO%S41Q`c=f`NQu)om3?tkx(H~$--;-!MONT$8O9QN_3-Y7O9|J)TD64fC
zJvHAaHInbyij*2ehwc?vRDeEJTBrVX6!A4cIJCk|NBvL2T+hN3-W4!IovVg{E-s&!
zdpebe6L|oD%T6^(tT)K)MRyl4l?Ap9(I_@{&8{~V^Gd_(dq#B)Ak{ZW1)&B>hwAqk
zoGv;>0<FIJLu*-<ZW3}$$>tT<V1uVgZbCc);0rQ;m9qVm2usWTQ`#_L1E6sim3Nq>
z92welMg!3LLc2#ZiZtATH}uZ9%W>o{%`2e?;|c&Em0wJA;z=IcLuLh_(pN{DQe!pS
z#YC|qPD1WFl&%J;Ig7G9U6S=dhXbTWiWhOmNpga6O3InDO7MaKnhfp}APR~u(}i9I
z0W5!$Hz{;<Igccx20gI#eA`0-fihc;lyti2wJnba*t`;1YCZxcIFK<KaWBYDNKH1q
zYhuzM+CdrKNn*&g#OJ^xN>F|4_4_tC9jO?w;TSC&8ng1rbFu#2Md!PreI^FDwH$qI
zf&^&xpsAoCr-^(8G^D{(eE=LTI+9ypzJLvZ+lA-kJ^h_(8{0H=hiy0p+YB%cTEN_%
zbHSU4-a7ra(*)}(Y{saFk#7B7hd4=Zaw~Kl@2n-t@Fw<z+H78|H$zW;?LbXj)?V1a
z9%xYRd7~@eJ{yGW*FE_9TU^FEOgO1m*`eD*H@7Hku`wQ$rg7PYWfnf<n^h(S3|lwW
z*a{Y?%UAWrZ)?aqLztJyhA4fB2WWcp_dPzM=?|2H6-t=UYUz+5jM|?i0IwUGG~*Ff
zwbsc}%mfvlNCFhOyu36_LecR2vz8-@1g#f`dj~I14w`@_(BT``LBCM6Sb~g}?t7Hj
zj(N#YkevBk2zY4u(zip}Z4SJCh$O06=pD4X<1j%Ug%k8sFMx8{W%b<?c6d@}&v#D_
zPgZMh4o|;)_01`JvwM8J`||Yg;Do(8W_zz*?jN2WzIq9NeZh8L{+WGs_;P=haa*|b
z-lOOY5J7uLOS@4!;XKi}a&-x(tlfhixo2Z^&7FbX;=8o@&ix_qAW1;nL3iw-9ZHFq
z>5eh|#<Sf2jjiNc*kha`|4(OgyMyr`?XC7A|Ia)gIsTd*Kl?VS;(yk+vhhC~>x=#W
zc|53QsRbsns4TOSqy0ZMrDSOyTCl2vkmCLh+dbOd`;ufdEmdlNMQ+05W@CtgRTtZP
zhpoMRkkOt)VhrsK^kGv_(K7oyIJZa2cPyMg%gZ(WZ?(lQwAu$0UvuA|jQsy@9NJD`
zgrnIBf{OXSxwesx|JiPDFY>?6<@xES*3(*n2$)0wJZ%YYW$P)su!lRem57=nTCUH~
zAB8&J4x?h!){$?MJqb#e2)iHy1l>exCqy`yjM_H=s6sn=o>0M}auWlpQiaI-new$Z
z-K4Ws{z`S4>c^DVQ=;2MKb7rPHmrGwecGnlc~*ckwRh?rxEHTYANM-2s&t@1M<W0q
zKUVwD3inc?BG7>Bn6@cGn<o++{FUc+!xDrk6iEBsu%8?xcvFpg?KuXD;x-BloG-TN
zaMKFS00L4ukSU^wQB)%{ylO@}57k4H0@bAb5gHnLgO0`%(8fa?p#Z<UK>v8XSyvs_
zYJj!P{XOXU7n!Q$RVNCFvOYS(GHo>F?o27PXK2zOK?_T)FnR;b($LV0#sL3h?>sPm
z>fhCip-8GFhwhIU?qP}vCroR(2P8(Ya^!$BU#o4gue6<|^TalY_-m>umH`}1F&Z`a
zDK&xyj3Dj`>zg%Wnuv9+vIx0()qRIA9;?Zr`mBn{(TrM(iEj7FM%LiyV?099)`xy8
zKgos7FI7kwXhI?)8m!_cp9D|DRxO2~3FR9ILp}Jw`ljvVjI?AV(XnU17MK?8y^c(h
zL$nvqRJCS`4Ro|Wxxn$0j(MP(s6r4~4(}ZEaExK&ecOitP&C9Ikbl6G18Yg{0$W#<
zlwJXvLO@US1G=Et$<mXs9E=I_1rEH<ae><I(iyLv<iquPc8jZ$6BF%4ymT&jP<9{N
zkKe)2b3ee{zyQn0KV_*Tm+3{*gIu_bl+HUt?_sn6G?>oC8aqT13On>n?cArCB$r{3
zXXT{J<B+`p@0|x@bhbv}rluU8I_^cFvk09WCVPqwQingqZ4z&c`;045-0Z5@OcsHl
z=$^u;P0s>50_LJ{g{-2Z3h1PEEL6+_TfyDP<@RTt?X5<&M$wZ9pGs^ax(bZzVB#Q7
zLvuuy^0Y!N3qE2PPlzOi)(Vk0TD=Wb!*~vYg#wKXM5&>#?<l_i3|L8^%o~E#C&2Z1
zg8@*+;0|0@C5do(4?U{*fdvC|eRB(kEH&(Rt)?!XTY9qgANPIFpQ!;@VgGg3v-V$S
zv$L@O=JCwk{yQD`-uP_5h|SWQdSahU#FHqkKZt@&aL+jt;$YNbu^z|hfT%mb21G>A
z1d%ji{Yk~q<b?DntZp1d6k*uDEex*{ca*a<N_il+2qW-878AW&K|1zG8<8vtvPv1K
zm(qI}1^A8du!B7IlWq-uI-z(~_@ZhWj7$U2H{;SWs#QfU`J}_HQfxl?ECuVq_e&3V
zTti^iOTnrJwX2rfChktlZ*hA^CheW8Rl86fs3K`n+fQ~Bm_-<Spy*|(pzC<(XU*1+
zbc$n6W{Pnbd?R;%6WSo*C~1mT)LT~t_?)nV<KtJyJB)Vya6Zc8MYsp;M`1$o{7vuN
zQ~Zl)yk6YsGofcDe*`pG`g!S5EDQ(-PF{z8NT*d)a0m8%m3d&>!weuHW;y}wRssXK
zoLg$g9TZvl>$%+X9K{jh7a~Hu=a}{|m<ifnjD6ZE)Pq9g=_s*{ig<;ra2p!~Dtyyv
z4ZO={=(R!+s~DU=@Vrp$C5r$Mxq-bLcfKjuuX#BDIo*uLMV6N%6I`Q<pQI{DJ0Vdl
z%aDck?n3{Z!;{tjK+OTGEVTK|bij)9zw4WuYf1fYeXYH@IR87BXP)|>?l(ejzt=}q
z&f>d*<F3RqNhc=r6cLRvu@-1V03hXZ{NmNCy3~qdchK|Q<2wHL@9Pbr<rJ;U1ubBe
z5k)<L4Ba2296NztSz`yj9a2sK`SZbh-W${57Sa|(B|OiiP6kjqgaZ*9g36tK@<4^|
zlNT@%*zb)n3eE${AG+xi2|@DELF`$QdSm*CK$Du#4@sn}qs)~*UvlJ%9o8=N|6z2W
z3Ch_`#t{MB?l_7Tu!`E0o_rV)!U-&jJs5yf?yCcr&4)CWC8KwPfs4irCp+30G+S<E
z1nWuFmjA#EY*e+WDIF6^4MSHr@ceB8s^FJtpo$tsg&LEhedvum$2+^iO@@g{uT_c%
zK>v-XJTZ9_Riz22{|MX_?FpPmC(<!r0-iAyd#e@QBtbv&EX8Im{0@uB^lS$eQ(_;(
z5<M4|rikTwu;_Th7j*J0KGOs>#ZP$bDfG>+aq^}MrQhTcR@Og?yF)@D1tk4CY2Qvb
zG+J*X??KdGG|IHi8Y6xYm(?ht7bnu8?^u5y)yfbdr)H*1vUaBTItY{m3Ph&h^_SWt
zBqd1c0HTuKv2-2AsPE8ZT}d;YIJsyHbv9X%ThmDnOOiPr=XmF(0dvU3%{myI_F7U*
zYrBdo!ub#naU)$c+IcZYBO^H(qe?rBwq;^=$TX*|@9A|0cXL*?-KQ)wq%nFd7PuW5
zy@2&{m!nL>+RVy5usDsx(@Qk6x=W&m`Fuxp?jsjH{##(9th{)5Y=q0A_^z#p?djHg
z(v)Yn5GM5IzxjnQ*5Q9H3*q#(N;6+n-Q9BcnLd3d7E(7CQ8@zYnycKz!YS3{Eeobe
zSF}6hhk}LcK`=z=dUcN(VuB@TW~<M9jDOM63~YbRmYSXEudPc}mj7M*d5fNm|6kjA
zp4C~f>Cb;{Z)|TZ&VSA0$?pG%81gxu|Jc}GYiG`XbhZ}zKl6Cz9{+Rjew3Hdi#DH&
zBPQa54Y3KJ6lp^wC7>iC%J#sLuP(UnV_3omOs3}c*j9(W+QXAE$nf_R_Mg98?)e;p
zRYhu=C<~c76_05p0&%V_LR~0YRUM$Baieh{Z4)(@L`TGTb!__sW;As0)JOf(ItBV)
zyHjRFILx_q1$qle{66L$0o95+Yt-Iw0bNGyLK}!VW_swE7=cUqeYE_fL?W3o0+XlG
zDP@(-#17bsB-Q@Q6D&&!%0|4`Ffg@{j5rWLWK?jV(;mZdFtd=#8*Ad31w>wATTb&h
zvzQ_atoMpf)XRuhRGGp86VV;DipUaFCxRyCR}IgI90E!dv?DU+C|nc2PK{ui3lq>p
zyVEdRxguK0gj$N_hscY?A?AV`<L+sUsa!bNj119>%gMMLd5Vqxcr6uc#Xaf56UU{O
z;G|C$t<jPhQ(9^U(<UNMvZ+a@PCD)_IfZiH-gqkILY?)L+I1Z7Qje-*@fkr8=I9CX
zz!1|J3d$OnNXDfSQU)^9N0*|{R3i53MOmIU%&g3MzeQWRz@uMozDk>g3mK-uQW1xG
zIN*~YCeftJM_xZu!=3S>WKvr;ipuCmHXBos;)eQPR{!srBa^a=&MX3~BK~W0Yi%PP
z{{=R|LjRw~b7%2iI46Pfc(z$vyj3=@qB)shPILoC=bCbqJG_|2bP~Rt^h+IvUa+K;
z9^p#DU;8^&@pL@Difcy-y=tHkvM%mrE3;`~B1a*P4oFeo0})3uHabB@E6B(L!5a8u
zO61%fTW7q)c1w)eNTkTuPo!xh7w{o)z@9f8q2^ZqUE5f1H`j6`YcU@fjih*Hb<t$&
zqTS`8*)ChTwX)@l@HDgn#=i9YbJ_99s3hwgO-Zcn8`BDu6--%;&cBK1B@xB^@8_S9
zH-46+>-nDh&g)J{G*x<@yw$}$g2_mwiq4KamdOF%VB)zKm!FtK?Txv!6yE$YTQWuJ
z?WA;yEBveog-LBOiQ?oOrPr7zsbtshf=D3hFyMDW0;$pk#8GRsELQSLgOKr2l@w9?
zTX(~-`3?W(#trAKIx|_U7F3(}5`X-BcP~o%FzKxFyJl|+d2@5MNHjPO2cB>LC^9Bb
zL&CD^vm@o+@&2R)?D^Id^t(ChL0d7~Per<dnzN(Y?$O~1_b==+Pf(((P+wJ;oP=w$
zAfdeKYI^=FtUEh0eu=D&9#@AQc^2CphhEUb8z3g6>R@C}p}2RZC8u=6HgvcKQf@s%
zD~UPCyVk`z6{#R@ra}=}D=W`#IN&>FV87mATr37-n!yO7o9=+xC%iZI?eI$2?kv78
znOhTjNP>|ORjH!==Jn)?@G%kA(|2;$k{PK*hNiI)D%a?#nG0yL&j0?|bvW<Zy{}wF
z^1E^)I^5z6%v)UoSkyp5h!j`x5<&MlOr)Y-ml-EQW3pAQpz`eGsy4x|Gt#4?>hm0H
zK%yB)EMnff+ku}Dr-?kc6G6I;bVuHxO@DF!M0~$b$LM@&)OP7^lh9+7=dGYL-bsV;
z&f0Z3V>h&&r~tq+)<g=$q>mrLND8j1+nUuDH(uvziMxhj&9DE2SzDRNusilav6WXr
zBU*N#w@u*-pd0e{6zxpAq};SHDhopx`o%b4?pPIqL6GTo4tb*i#z*UAZI}HHIwmhc
z3dF52bsH~AraM)TB7JX+iRomrou^MvWrm)icY)Wk4CDooJ#lC9lYk9v*B*}DywQ02
zbVC1?SZV?d*TnqOC{zDw<>K45=5PMec>3)>eEiGPj~^cc&nL)3ne=3y6D=yca-q4)
z{lDz~Z#Z&f#;IAwfL6qRu5WI()BC?`i~Mi%dFCGfd5ob(ew=lf5;sMHEXor);{L!K
z1ws%8J#Q3AVEIRMH&t28Rm{siH5(sdk(s;WTSP_jG-yElq=!(6$$Wd@>(nLqhH)#U
z@mkpil`M%5uOQ_Q0{}{bs4jCyplss4Yx-B}hn4sRrT=WOSnfsRQUB>D=v3(a`v7;8
zWkTSO+Gz|!497=x?1cp0$YCoz%=C(X(Fi`qP#_a;!abq#O<bWQ&h^;)T5qtGA@|R?
z3W-b9s>{|InhE(aagyU>yn&8L$OfX5NFVhR8oCal)suB{oWcp+;A_It6lsh_in%C9
zVV0X!PBI)b8IUwIBn)8V9;W8%5mTpc=#%#)4NdsXhZWBX40$CXs4)TPJZCMWRA3Ck
zp|ec1YvQz{ZxhW7Dw*Qk=+I6f1GkG`tv9lhr<$Q98WBHRfjHTTNU0x_$xsqSvndpF
zCTDVP<{nmy=AvRXEwSzgCU}z?%r5BS_b8k0JzC^Tp6vQBZycZD36P5QzrDV_o<9Gv
zvAF+ZKF=Mj|72&&8wxQS5<3wb$LNy#JYl6+vWEp?Q5B_U>=i7vS^-uUp<GoF(W$1S
zz{h(B#0$ca&WLKjjl@gct0_a!nje!fXfmuUQ%yfQnr!h|d8HCVR^)rnsU=^n@E<6!
zG*P6Xp%WR`eN-yqGB4?_@3-~0b^U~<zMfXqrQ^B<m=*Tso(t3m_GINh2mnmVKf@z{
zmGZxxk^ftZ{Ezc_<}Ux=2=<Z}yNZP0zUMfk7Mo{f)?CDyvizxemM{11A%Hmcys%8t
z=R(tECLZ})i7g>@%^fu9^N|<WAh)i-UZLy-2B5CHe?AD;(HD5xa=q!leQSOC_=C7z
zVF!=DLo;u7k6#|X{NoNgj(ZO{hP;QTl~yp{OxzA;8=%B&Q0C*uMsydi8|6M0`K!U`
z^V~D%3Yy1mqT)*@pUex-wzAZgp12XY18EnByD$wrS47Kwin)o4GZ0JKz&fas5YvsM
zFy^k+l&v(em8MowH>(!%{LY`O{HMt?&-)*?w{z})XfNddT%Nnq|26fW7>*8P<q3Vs
zj`R_${*i<)SpZ^{KXo9a)Bs4f7x@@u{LIx$c`7kpV+{35FRbKtZt+N{M->8&mm9!u
zlxlxRYgc%E#14BBPHM%;u{!dN4go>otTgp(C!ZD6s4_WJb1|lt4HOL%PPVwi(BIEf
zx#smgKg$7>)9X~@$)0Gi;}d(WPXhd3JykY6b{eJ$yfRym*%k!&=^;+CMJ=b!zSld4
zk3(YjXoSRlS&R-{;*D<TVFcN3?a=L6Nj?|8v7@o$h+2W#0&J8_#!*~6H6=?Ohg71y
zTKo<@hxv1Mk|~?ODmEk^YrjW#H-3z+Zp@!A($lC<0G&oj;}}5TrCR88ADW{$7m#Ml
z>o~+WKI*^H5zrLi1anOTD-9>kLZx$6&P9?@&jn2roGsss9yT5F#8)mM&^4lGCer{5
z1wPFcJ1I&fQ2D^duKk0`%I1>$gOYcr(8=ARxVaSI==26T10qv;&&_yyBG>0uBp+rz
z;U`R0P>fIYRF`j+j~~}jZA&N~Z&jlB0I3|=+;Vdf6PYNR%54ssPa2ig)>+!ccil-g
zJw_8@GtE@JYninelm{(8g|(m}h=6owo)3H^e#TpT@%I*JQ7XR%xkY}>`ljP_&E9z+
zg1#{E3XFw}BP!FME>x(|bmolA9wqVzO=QJfq+^;M(~DE{Y!YLl^;CGVM&fE{<p+}c
z&*%aAI^LFUiMYU47i3{;z0==pTfFm`x%S!CR&SH{*Sh`Q#(KBY-|lSoz`S4E?ryKG
zwIqVZnYa96quqS5vB9D)CF8HY|A!R{zxuSX^45^w{-A$t()-=!-<!=J-!}j9seBjz
z(0JOw8lO&7?(z2;trFIW;uE}onz~$2Ffs%zgZ^KSsv2LL?@;@X{<K~F&m-z@xq%^5
z;266Rzm?k$h4z2W{;!yEbKC!IZ*8_W(*B>#_9FksT%Ni6fBs0<)`gr2K9gy)O1%Dx
z9}}sv=<;+-iY@QA%#)hQGMG|}QfHt-Eb{5#Ey!2V*YpLHN7{9hDNs#zkoch$-97ng
zBw}z4b~=#vy;I&X9)XbkCeJ(mE>~r|Pnw<Cc!8nJPX@NSFB1nx*~YZ+Tr8rJfp{)A
z7^Q&<#2MvKC4TBtIGDN{bLAc0)<{8gG4aK{+PIFv&|4URGz7eD3TnMF2m{&&*vVS}
z)TW3?71auT&Rav%cH<W`h|8+?qFthCW;paaJYzZ@(!K`u-gBKRToo=k8<-c^i3_{|
zF-_3`bu0bQfAZqaeTpd3ZtcX8Qm<72a}>Fy45zXX|0IV-ORY*^R-G0qaUd#kpyd!K
z0s2`w|CCI0maR8sYAqSFm!3eHe~t9IOrT*L)i3Htmb{L$k-t!7Q@<4!)e%ixMW1Ld
zsr03#&N;uDNa&nv8Mv<_b3{69_%EgPTL_kU2o^kikb52QOD*3l7E<zps#Z_$^Z16W
zrbq#gIyAMWPurYXlgxCVnK#KAjfA$Bg@`SF4R(go(>1#galt@Hi@z_c^*BPh*pRE7
zYzjp6T#GJn_Amq%It^kQIg9q#9Us{43a{ox5A{TIGQKW(Xu4uoNKDYwW!EZYW^xX)
zy1cE}Qdu-*diwPJ+3lP=wbx+^*B$Pjg@ZcY!BZFe?R7K-17)GT)G~Fd?<KlLpr(F?
zW8tgLvQNZFK8eyL;Gr0w3rkkfm|_6%b`Ya%E~FsmOa^g%rA{dL0q@iPodEXxB($_p
zQd#7czcEKBtuk($?Vt)4{NO|st{dzP=2sory>n0`eY{;7iN!I1nwAw)&QD7K6R3(Y
zVVJEy)TAZiEZ)eTo=M)c(8pkbQLEY&V8n33m*<`broNj5^=827#%7GCuq+l_4ZEHb
zs4iE4j<c8Ms5z<e5WWNw%yjN4Fm0KQ6USGmHtO(JFz(9S*;V(G!`Ji$<yZx8Uw-Aj
z<d;R=-j|C3_R|M~v%@~A`S3Tf{VEI2?U6XR6{wV(F2Dn}BI=}9C_Ik_ef2H6{aT)7
zqujiG&{AkK%$G;+%(M`}In%~9Nyv=|bY^l0xwrzjnmIEE+rsl^j3QRzY~+gN)u28J
zWX+ffRUY98SCP)#40D=^59rYxBmRxsf-XgOkFzIGptPA#oq!V)idY42tWOd*mINwI
zu^=V48bFbCyrW*ekGgtco9Ve36A$HdEF}Vkv?5PZM3mxh%QHW~%1Tn0y5!OI6(s4v
zj1CE{ru)sMXo!faP7~#Ix?`|onvq~V#FI2dF4^N<Vq7_avlNxXC#4OhjTQ-KWfz`^
z7f%u*OCS_CjD3sItJFHOt6dzE9ASo019i1#KUN|k^>aMYwXDi?IMIk-slu_iN?)%P
zy--CJ7E;n`<za<1B(0*tl3^4ZekIhX^jbd-Z6`3!cnI&m@Vz0fJo**Em|QuvJms9`
zXcRX4TAh|EY?w-5)A}Vmq)O!Wp|o`|miuOCl0E2n-uZaM>UavduB?d(5(7tYC37?k
z3qfjO4_ZUI+6hw$anxVy7ZWFWNhy$-(upgMBBKqPO|Vbe|M}KE+C4dW^Xhp2gdH3o
zzdGI_Z9z`1x1deFtuxEx;#{<pn2}l{-oM2|<Fbat1=}nN7gu=YkGi&9827oLY$Bwy
zyS2f=iq_~5wU&%0NNo>t*X%kxu>~K`(P#QxE80tWtgeDP(q_E2fAdu_Un-?ok*`jv
z@#}(&b%jP<!zk}ql(xs3M&$t4{k*B9-6SNBY#A7T>VTDuJ3{rGUNy60^E!fZAQTL>
zuUmkKW^bkN5ekYi9-aB7#Wley(TO+25)IZ%aLJwZ$vrSb>XfO$2d0X80s`R@mWmZz
zc6KrA0&6!K;?I}kA@}Vb{J>Vmqfxfh2lmc`>4G<c6wGESAM|WHBdLoj;HJy5xNZb&
z{}*;hUbgz%w{J9BP}tT7R6n7EY;#iJdU#YlqC{LGG2w#2xZihp?$paa^_l575(<cz
zL9Ya4*80sDzayPt^R^g4cMmkBh4#-tuTCjztIR`#;?l-zEXZ{O|Kzb~PrD;S8afl$
z#$sui)*_beyiOik9$saRDnBIaRqs>*l)JWCr?l28bwxG$*+b!V?Z?~IMl>%mYPx!B
zD+PLpo|Q?WT&RSk*LWj2%vm_e0(t9sQ4Hxt1Tr)Kldq~X$XrU#0UovB7q&MJvX+Rc
zo3z0slU<aon(TKrd#B{?D&|(bP4V$;c{r;~Kae~w*L`x%f5>dYb36aNvALZ&{{bJ1
z{r`D9^S}Qi+8)52A)Gn@*T0g7*y3Fxhs%W%mR0S7klmw06{!`JYD9{SWh<JLq};7i
z^O0}mU-I3NhX#>)C;uuJqY=zVmd4vnNxhFss=n*Bv7M-P>(C7iMn93Sa0M@t7!QFA
z4JDFgHQFIpUZxOq-oP>Cb!V2{?{gBe<Wv*ad?6Mf-NbQ0lZj0z+?p{lO;-rIzkmBX
z=9$5Xgu0e*FK_F-GP!zga#27LPr2*B^U`oPvZac1W{U>2kr(lZIxEEQaUc`#X=KxT
z-|`*ulv@OlF-%w%hf3Q0Y{H*Z8(1_0Pk*WFQ%EWW5ZECJtr5TLJDwSCZKU6;=7?3Z
z4St~gnQX{rxfXRKGW+5BTUS}2P!6E#eu}%$<kCncAgvY*D)-xwgi;s5q*W}Nt)?;B
zN>1wM&!$d}n8}Vv+brd24+U{1*GTo8hO%pvfg!#<@w)UpOhKEHuG#7ueP=@6Tc>VB
z+#dJCrf}Qi*0)rBP1p58;TI$6dHUjn1@;-(hBd4JYb>7D5|>xvaw?5bNf^C4wAYWL
zC-l}(QsH^+))>dFC5hZxjs~=;gQ*@|g#EPujmrQhZ@lzCYLE)TmzA8>I$j>VT+*r_
zyb@K?qD+9UrwIXF!Z78g9Ry?UqnMwlT1D~mNGZX>p%XOCo{I5N;_d#M3|al3E;63y
z`R|SPMklTRuWv8Tf6wKazy7Z&^OPyV^eu6DcJ47W$&IRHd{-`j_J%L$Z7g*}CGl%g
zWp9><n@k%iA67K~Q_VIKZ)9Wf^72@@Z=<~$b2KuNVnYTs7kesnjkZ4E&d>-3ExBb=
zP)!{ZiR)$CrQ1+l-3OAqqc*3Ckc?KddzDj3-iVP309B>-iq0xL{!SdD2xDU9v>csc
z$qNXL4Ugi~hPjyy^`VTK*Uuwn_HiT4Ab%W5-7OtS1e6%Vk}7HxS#Eo3{Dg{~7`oi@
z@!%zEsBudSTV}X&LCR5)$FS0yq6LWolIoHqz6|bW_HZ~3ajR5a-yMv51B{Om5l;rj
zTYx#?@LuTo#t@ImNC<d&*+nl|phTKzRVxI_$g_&130_QYdF~UizD<{+p&ZW}(Ot_-
z0Fz=(9?(;HKh<VKglAw=?$7WEU4MGT9Q&L*$|0g`d!L)<`bEvF%KnFMJOp9=rFV(p
z@T&rlJw!E6;)N((`gSPXwJD*iB{uhKqNK<v1en5@48hn%zrG}$9GPOvK99n)5T`Qr
z<_hhwOn<sDG1>E`c%0@lS6)hAdWj%ys3vbJ<fj+bjcn4<SxBmBrOv(8aTibVlhOaR
zsEyWldI-n$4T38Df4j4l%KyH;wb1|P^UVGHpNyeVo9Yb9P~=yaGYZ7fz4~Gwm&((E
zjF+YWanUoJj(&<_^`*#9Z-+`3zl?sWt4+)1+M2GiXIpE}wzYP=qD>Glm5fYM9wep0
z=F%pw3)w6isbLV&3UW6?^)mku&Fo?(3U;95lTP{uv@93zI%nI}_S9QqA3D)+GYa@>
z%E1!h@8s*OY+t%W^)M5LdQpB8^+Nq9XOM?rci5viEG`aWkl8CD&tc+V(6rHZ86GyG
zfi4ab6x}Wib1O~Nt50?npItiJtNT>gm-^83ZPV(;+*LIthgVI#Y!nBne_c$P`A!<@
zn+ij%J|+_tB~wZ3AGZ=gDI+Z7^^1*`%DIz?E4p6fxHjYRy$tE#V7$&l-r7+IP;m^B
zfpb-sYN!+|+AoO^RGe>G$Woli!t~V{Wt<LjDN7WA?(B_y+(V8c=IhBK(x{7~vn6YM
zOdL#9EfrCXDxG=<?!{}<uV?ahWzdM@NZF|e94tn^CyEHx-g)c3bye1!PXde}&sboh
zaTzoSP?WWpJc60ddJ_k><1bG>37%xdT9lv{4~ji$Hc>6Ykk@CAvAC21hy~Ejz>u<-
zHR93Nep3X@P@-H4SL=V}`o9o9H{A-T%Ky5R_W!TL$3p*~%X4@7|JPS1|KUZvD;g~{
zwC{;?=^FY01}*E$Wnpln3iyfEdUb#|x#CY2D_OGWicU&Xhc<L4USqX|FncW1hz_HQ
z7F3E1Gl=V9$dDHr>ip)8=;KtHX_}bYI+!}<p0gl|+7cArer{wkC?o*NQ!-VMWVuvr
z)9(#z%$+{=b64jiGFss@9KiF)=a?O%3JT_sz~U(gN@!zVE&aHTws`y6t9qi%95~+u
zJX)qT7-RW!W&HviMw7OWCqXbG0T`pGJJ}LhsI`Q;fbndU9qw^D`2mGsrPFB8B_j>>
zQZkB&%1Ex&nL|PGc_E2Js$6=MGKZ>ihqKUNk~10ySTipwFpN|9W#8o^n(PaqsI$p+
z4mD=jtx!cxX0wpl{Sr9nc>||8z?NazDmrILd{Z)~j-q8w<0Y=mNlKl%HV^70Bq*3r
z#hjN@zLEjsI=4WiJdDceHNnE2@`7Z1UO5Qmv8X0%iv1G1<M*~>qgfRnuaE5rp$f^9
zTOg=XnN-R&lIk^2Z8w%E8gpLwt8q@`urXr%v>{KQc@;o&phY{yn&pyCahL`+A(&YW
zw_IOD7bYI<NH57B;fbgp!I*&J(E@x?FQC5aNC~BNAhaGAoL!#G-8UVbb>TVroJy!}
zO1Y0+b|O;q{!Xt1`q!UV`nogCL@KB^qY+i7F>$_5Jfg80{oqD3M!jMrV`-Q-Qu^=n
z-ajw*|G;W%-#iqw!vC|iv6kNdZEtL?FZ@6AcxL1Oxt0Uy7@6zWK0o{I%)LN@Z|{v4
zh|nqa0@3T6d4WU=x8nuM5OXr8ji^@Yw2AD!LWfHN2<H7UMpQNhNXE3;KXOYuJyr@#
zt72#Yrm^*q<Ka?!F)OJo7O8&J^OWdDWvy%lG%<6!rW_wd&bVl+<~n|WwCg3`3y^gZ
z0cmw>b}CXu7HTz-^r91!CxPWR0pA^qJXO<;r)1%39AOR~O@-z?^No#T3f;t$l%RHz
zsjhic5P#LQcH%16gOcL565oklve;{q6v2fJPwgksTfa{plH0MEg@7$vtMeCy=`7}a
z7&o+-1<-qGF^d&X#E&Q|OZ0wXN~58o7S3C=vSy}*6fgV5!z}9PV^&W3y#dFoTU2Tm
zqBr4B5HW^cP&Ck^=ItNl@xK*y4ao1Gf$h?mcqDSwjvMfQE<DW#s;@jss3(`NOjJaP
z&eafWVZA{2!Un`FxbE7K#<pDj5Et9$HLuUu=n&=|nb`OGDYySeUJ&9@+?xe~RNVj4
z-p<5-tZ!~^FYNz$Ja-rWaU^)_HiAGjw!Jq#fEcG@M?hTWX5Ij;t=n-4<P&(R=nxHr
zQsu509g+j7+}jY9*G-6OsH8;6Un8x)vJGvo^kAAkU~9R76-H7Ax<iXGTP&Bd#oPSZ
z;>8wP&fJ(yU_}lVNpo0INE^thxKJNOJ+xJiBgknYJsu^*o;IMMlsP9Ff!hr)DDT<B
zH=`}yvn?K39x`DTXY#sPiD%iGmt{5(@`k!PTi2-ZzfG^-RPV~xwZe;YzMz<Har2MD
zR;0tXU5T|?!cs!Ka8W7mLDI_0zm+#NkMc`t?WBA<@|K*+T8Y%>`C;LA6l+qwf=*{w
zR>RX4IzgyHPxBNEnr@^bsHf1oqY_B0q{mdlB|nCwk?c;1^QW+lX#vmJ@uqcgN{+dn
z3$6sv4gGNXVBJS&TsGJtqY_Rz1O;m4ExPGuYaUG8qg#<4anWz0faq!oLb`HxYL@UV
z)92VIqcX;;Lh{1yvXX8gYiCxW{1$IPlIY6n^+ZWh-F?7ZoZFw-NjII)Q%bt*-bE>>
z8OuApwbAuOUaoEXfZ3(6PZcavz!Ia>G}rl|tlYHD?Q;Kb51^Z_<(oH(0jr4r+H9|H
zr2W60wT1t8F3;WhfA<t`&D{MPbM3wH{>GgxbpA$I-^}+Lw{$zM-(2EO<@t>v+|cox
z1(fUewYsPp7RQ)nz@R7>m5RK(l}G9lZ6<ZkdlBL@>*H8i=ADsqHrFNlvpG&wIaOwM
znrNnCqY~|F9DImjin%p|V?`4Knz6Sg?#gsye?4DKF`OG3Gcn)?;;9kiJr&LMrQjBg
zliQtrdM7HzJUz?uhBNtQ5l!=;pNjl1o_pq5-5Z_&s)+wt+uUfU&;M+1Z!GM;c|3QR
z{{?w#|M~4408)&5Zw$ahZwqZeiS`XM!st!iQev1ad8aY~RsD;?^W9S<he^UJNDot<
z)+Gs|AhAnjikVcWij&MlrxWf;iWt0Jvy0ivlJzb5^Sn~boX~ae`N?I(yGlqH0<48u
zX>cOGC`e30KbJ&kO>^=^$D(>OYSs<`k(oqC;a(=nk)rNrkSa%1&?nhVT8-dTC+MLI
zc#~aD;Zhm0b>loesTJ*BW$FodI6<PGSS(eg=#eESV0uv=(?T|BbZ14BBqH}IRPOGa
zXp<-#v&+gu%2#(LsU{}C`x=fk1@>X*=8>J4V%)ErpQixI4V`BS>;rL~Rc3T4(x7iM
zr^}4(oWed-47EO?^2V?tz00kpPAW4=9`4ZGJd2VVvfIz2bk`1^il@T=C$s9`rvGnk
zd%Kg#|Gd38|2LoK4*h?~Tl>#v@A^yK1abGSKiSb@uip%^K+866$=#PF>2&TsS$`((
zz9g(`W`j;4bnSf5NjQs)(2I=FS({(*$j`yib=NteC8h7Buj!7nLMtX*<b}Q)AJhaZ
z;Ou-*vr`5p!TUP)mjwH;eNeI!Q;hp{eNY8ZZt8=QVDGsPYGP+cnNoL~&W_ugZa4OG
tsCo9l^F<e_*$;A5CwDArQt}#(#k+PbES|-)c<%Z0{{aU@h0y?v0RU0JlB56t

literal 0
HcmV?d00001

diff --git a/internal/attestation/crafter/materials/testdata/missing-valuesyaml.tgz b/internal/attestation/crafter/materials/testdata/missing-valuesyaml.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..01e3dacacb51e49f7bc1b665fd2b39f63cd05d6a
GIT binary patch
literal 14098
zcmV+tH|@wDiwFS8x+rD<1MPiXciTv^*d*uV<b*GI%X5eFtVE9pe(A%jUGGMgH9N}K
zmLh5Fojcw;0}@RV76@Pfkg{g%oRgE}@jfNLBEKU)<DNVw`3-qWReu28_#`EYlI{ri
z?wA6)tE;Q4tE;N3tBoHA-elsrU)<u;Znt;0w+Z`qhyUB|Zt;Kd>GifqXKSa^?ew;L
z?H$tY^m^Uy7o>fgNXcg!MrHu0d@yHr;1tsViVcS)aClcp{O?0~{>8ufmtXwzFTQwf
z4#@Et`703*zWd@|!T-AOzyAUM!@vJ=K9Kw8=cnQ)*7)!6zi(1S{#o+=UjqXgrtdq{
zn3w|xzy7Dj|N5{0cl`ej{^7s;@BjIq|Jy(QpMSV<FCU+R=fwQ@4K*zqv~EuhRL%db
zPI~@tx3{;yARli7ne_7;pZ~o!nMC%4KJV;ydcWV=?mpWwde3%x&tOn?YaocptD_hD
zrw890y*)HOno$%O`h0!9e{|^gyuW(piU0D$_ve$3N5|*AWBO))Nl&fQ-X>>&z^m``
z5m=VEs4bVW598spzICf@RLy^!FRAsvv%UKT*}he*#Pb`U|6=?P#%2&1SLVdIg*Jd5
zJ6l_Y<KJm_docdnF#4U&cDK#s|L)eK{<n(9bX_kpBinPsy&53{Gom9exY{E}?l3UJ
zD3}hSX+YtVV-Khs(r}OL`{rOwn_Z(_GkyCl4MM2CM`m64(~tk`8l9fet64N01hyZs
zcl+d(-4D#*ihM(z31M7EhF(BMfj9MScSJZp62}|a1Jb9_C8aLu+mUNdY%;*|p#jL8
zkL{5EN#F-`fmqacyeqTsP}095b`(-)Xw=5ugzk}X6#3y^t0myz0#dUFh)~X#mgQZ#
zj%Qk73$XA)`K>uIgA2oVN3{!jb?F5b5UeTig&$+;_%whY5uNxBkP&_kr|tkd4nGBu
z+QhWo2>u6D!s_r2@O%6E(hTS((0qWMn+8sT*~pH@(>_B?z-VzY)OcNiK<G__0c9|&
zYerW-)O7ez)Mlv>yK9zwd{+1f`ELOGPVABE1$6msRLKAKc6TQ&|9hSGqx@gRvqnxp
zr>21$lE@>R1IXnVh3?dLEELHg?Jvv`1-ZM%<!(6jeGlXa34v=IGIG2=nV8XF45c?o
zKtcN1GYa*hvGU$@Edb!s5nFA@h9A(O{gGPa666&5w+(|FyUrEyTviiNA|OyfO1adi
z886R%Jc|G~0CB*Vh_?r4#Il31W`Lk;vHx=PYexT<pvC?xUyMgB{Ez%IoVl$8P#^j?
z^~un7Xjpq{gqJ@2w{Kp+f1?Tf{*O@ftr^(fG$cna51~On@IKH%R5NUgnk`-qUe%0Q
zIPfgmdO#vn%>UEF{g<x~jfr&|ZIsV{Q1v^zsrkRPwYB{?|5x#>krzU_60<=nXiPV&
z)%M8`OjXlf|7}C+7`SX0;TUwLLD-5s--dsLUhyMWHd<>~rZI<>_add`)z(1Xy!yk-
z(^~DPpMFBy1e8gix)yZ@Hf8FnRG@?sgpNx^oB3#bWUm71d!ZdMwbmQhfObGfHt4oj
z&5i+>U(mp?J*gxK9SNFb?Sh&ZdJe5&FG$?}6`A@LDtWRPLr>F&JGBejwf2Cn?$92+
zHvQU!MkZ7;5p$0BufG!89XL~qk~;5$fgeI+ICUKSRVN1d{JAD;O|E99GlhzE7!=1N
z@4UdV>KqB6){z?po;Bq<XHC(OK|0MqR)xfrq?cN%&|5>0`OtIF|3My7G7Uj4!+K!R
z8Ff4#r1qs47Wjk%$e1F-1`WAZfY^88p8y6?A62aZCis8&cG{<4H-rha3-QK)=3AU|
zxOP9GZiMTI0MGvPhKel_0yzoLGlb;>Ip~$=T_C#96=;!wj!e*TWDmH-gQfkLVt*#*
zz~Db{WgLv0xEwhE@&m6X7^>z1AVC8^utVC|B+;0X<OQLY%>V$Bk`6g=Ijf%pG@w6E
zZQxW`hd_@<!UQgbzevaE_P&BwtfxKWnbH1=*D(WN66`Gd^US9M+jO8?{xl*X7-<ue
zeF4^(0KrZ@FG{#oP6A{sZV|v=KrQ%FGumFV8A4=n)DD0?*i##Uq5<Z3XgFF>lYTUT
zu>e*)uWB`A{#7(}8kc0l%;DoaP$5fW#vR%2$675iM^#`s94M%Q=@^|Iqtmo#-!|Q5
zr`-&8dbOGl6Ys=>5vs(M5qk)Ta_}c{MT5MgLv!jxOr=`icP`DVaGlu01P`RyI!?bZ
zTHhqp0agiV#EKsc-*^%5LI`ZM&ha^;gMdb1f{+;m<`w(}oHAjr%P~D>|C$bHSD{4O
z<v@@#WAsHkWP_rV!2u;^7)y$<0elM7nkwY(dmtK3H$xiUmnfK0?Dmy6C70gRu|S!-
zp!g-EFgHF%0npBc={@1ofv*UmI!HqkXv27W--WWU2)hF+fc5DfXl5}ND;&3`iF}=3
z){y=MqrXO!;V0@yz$e~yfsv57FauHEgSY{-l9@$a^g~#cbb2?YFpUDj%cHt0VHqkB
zkdC!l2)%)UI&jP|tm4hTjJ+@-xN0N_M&zyMOed6_aX^GY+JtUO-m5q3n?!Bq4O^t@
zb+I^Dc8GX}#JXY&C0|x>xdRk5i~&-uW)2243}1snT!rpFD@i6$lu3J(Erob%4V_Zc
zdKbVvIA#M7+P_pbb_Qh@XyMskY?y^$%2dHUL30PF*iQ!1(jduIqm-Q`>+nHe(}si7
zb&V*5O%VXfBLx`JYs>&snvHq(@FO4xJ>c^_VOyq?RP+*A0)+-!=mZ?#9|WXzc5)@4
zU(hSieNgM$OT!ZHV+D}I1PO(b2kJ4&&lUpw;wmlUN82qzg5&S?nT=LPY_5dGsICze
z*)@==K2RN9eOTy3{Qj0+#iT@9vJN9+Q<PNi&~(0}Y}`<&yC8+o7-n-3dD~QV8R&y4
z5QmxPK?iX!E<^yArpqSf2y1iw1++BmF-W%1?%R$XUGZj_hBKyM3#X}pI*=UQwM3G)
z1g+TnX0w^ExC*LVUuz}AG5fH%@f8Z_I)7C@gvY-5Gt2_ndNLXS#(0aGaA?Sv<P+)d
zY=P{AA3sk$&};#W)@jRkk{%m|QR9&g)Sd0sWY~i=C{Fgz&fXoLzKlPBVS(*^9e9&H
z<s}h>2BtWrL;Xt$x#Z~Z9&cFoAR=|DP0M=RL;XF%00r|S6nN6$R8}A0;L;Z1`@#*f
zI(13tI%^f_2h^SM8ZlW@GfJQQRkMje`!-rt3=c8E-W;DFo*B`{NVCR%{k2J+%+%s&
zW`W(k_gwalq4upnJsKO4XRuf8HoOT%m&K1aY#i!Cn}Ru&bhQa(8>9){EoiSZPkWsO
z+Utn+YB@tFnn%OM5Okk_mTBWgI52sX3@o!F0t%ov92m-cO67H@k>M^jHlQM0vXyy&
zE2jtADsNvbcdT(Hvuwv<x*Zc`rbE$?&KS{56hlGOet{FXh1zVQ5|SFI=k@w#ik9$-
zar}C!=sKBz)yH;%Bu1MAC}RS$re%@!{05%LiT)#kK%Er?EYcfR9fO>M_(jzS-%W!6
zB{sLeYw@gu^~wYE6)?}AY@h)<h#Xd#4><IX$vLo(VJ+b10ZDj)G(GYm^jt*mdHq)d
zC7z*h;paMvH|WdG7HL|IS{?~H*CIhjB|&F7B<S1%2|8&KNT0`d{wOffPt8RL;M+0U
zM!Qz~;n*c_ycwN<6-_$5P10?5+nd~ko^_=Y8`jy7FcSpLqoM8E;h0*9rLSzFA@hnI
zv^C)1Xc{)XVG}6R6#igl|AS>WF+adUFC0;5>LK;Oj=&BJ1xC(Lbc?tnbj+YzfID6A
zyRtpX=NK~(&_nMIyZ{hK*9{i5?BS5IVHr{rcWOf%YXAhQ1@CH)Yfuad&O@Q{GUrR&
zl<0xjH$|h$3@o8n#3VaBeq{)${BCSUG47Y>53q&ri8r04!=KTm0oK%v`O(G8kkbRo
zDjh~o%}=^U@)Ow*QbTU=_B}wKRqC?-^(65XKsdDAO~?AL!|Y~Za_<V5q0UvqKo?g)
z%RQaa!-+fqz(uE;OsqGU*^BNjU@8l28%CqV*fsm!l+P;#ub&93YXGUfLn>$+wLfKW
zn)M6~t)cmIYfY4HGUS?q%`33M2G4bFLOep?3ugXGW&3FoC-RhSn2<5hxR1&^%u<RB
zZ94uKw7$q5uo=ZP+_5+DM%1M^@|Wfn*Mo5d0Fcrzra18gj~yVh0#M<rW1CV_IotU}
zv13j`?m7~#2BA6gvNT<i3_*tjq<qPXxZ@-^K{_SH%-Lk{!ZDf*?m7?!MVIM9ufh<P
zzxkWwI=Yxgf>FZ(*m{BO$p8j1Qo`w?*0wwvV)IgD$@vJF;6Ns5B)wpELTa+9UE`Am
z(GJV-)`=n3l7Iq_NI~_3Hyql`>Bx!!8&1)(VPjT4d1l=oXT2XM_J|K~Yc2lS1PRa_
zKvQ8uOcU`5XvhXn_5pC1^#r%Td;uE*w+k<r_w<jlZEVv}9k$UFY%{<(Yyoq7&Wtt@
zy)OH2uL;&w)J#y}Bi;Iw3UQv^<W}fA-l)aP&?feTwb`6?n~^7e_Mj#%Yp-~;O|5p|
z`B#BG8b{=J1Niv|T*i8O#7IpPw#d}AD0iRm7##^_lL!Grx<;F9V1c^$RB!yDhP*R@
zd5LU@(wFf7o8I)}fck9u1La_a;wH3QIs^!#_Pqe$^)a@E?K1dRa;+1khzTk@BMDIC
z^77I!8H$D%j9N0bsP*dT;PB1aA;uN~9lmoN^b5s{CCF&uzDJ4en3n_v$ta*)z(dQI
zfgQ2k=Fl5PNTQmB-a)%RjWqH|oS>g-0hG%wsqdeWqq91Bv43`Swpn|3bpFlpcjx5Y
z{^{xdoAaZ?Gje=N4vycvJUTx*egl7fP4?e>Prf~R^Kz3=o4fQrqUa0}L3_fMcB6Ji
zsn)o3b#bSxJ%Ap$qba)PMxeI@F57&k!321aNkH5|ckGER;<d8fF&5u=7W==6m3#|(
zjEls7c6U1%|Iyjrd5r&D#giHTAE%M+ghu2qFA}sO{%5<rmEQl~?d<M8?*Fgi`SsV<
zQ)P|O)|Io9mw#;v(b7D!U|9z#MT0%Ef3kn@4HMF}r!DTSXgwt}d$Py25^&`}&Gk9j
zqbTF|2rI_gItgs1Px8=GCdVRfV@gjbH!zLbcOi(vy*y6{XHntAgsQAU?EOgjTAHrz
zY!Po+ou+)5@_Gn#n`o!nZe_!YhbUlf>b>U$IJ5T7y+e2Q)(p_siB*LG4IPaEeEwW*
zLl^o|<08<2=$PUZWzJIp4*tqByRihr6bhv6ZtN!o-LWahz4ihF#n6ok0~c^NJvyyX
z4PZbj2QozzK8kW=CRfea^H@DJDNs%3A7w+szM!Mw3|8X^M<~P}uh2hMZ`Ngpl^URJ
z)8GJl{&l7*^Qtil@Uj6K!kIRj!aG|E?K!G6NYKI(8-#rUW@#ws#bbbfk`EpzKlLB$
z#ZUy*^r8C;Zugpe!g1AF_<;EcR*oES=3D6&|5ouVUubSn{?|fNECV>6Vr<mlRcZtc
z7(v_>Qk}I^HWBMeWxnNp-2Z?dp2*1|`z(uz(TrP4h;9#=j;z2@$Jj^FHiUjlJ85Rq
zOBoUZ3M`L^1g&`e%W$1<)vyp0?o0*3upWE@Gt+i*Mp`fu@7Qx-3$WzrM->^JLzEBC
zWwmCC4OFzhoZ<Kh#~e_NS78uI4)2`OXo_K@Lpy*0kTk>|F#Et118WKH0$rDv6jlM7
zLO@US1Gr#liPH119E=I_1rEH*aiMf~tBlvt`LJ8hy0|MjQEM;er3=o3qWjo>@(qR_
z>@D042(gU#Q<T!VOf8xo<icg7blw?i590-(K~yeQ*ddls*rDfg=Pu18xeS9mD<)kY
zha8OQ;3Ax&vn38UGsW=K(HDuvA{sd+d5R7ahdxC&DLctPHsZLsO}?4L1HsTd#i%XM
zBFfQ~O*B-2PSRs3_bkZ<?nbP2p7nNj8r2%bKp=cBu#M@;F|M};45x|dGZ)yRLM;nE
zW*Co)B#G7rBXPWX8?uJ+0t5>SG%ygQhPu9^`2HTS5<rOuh9U=CPaKSZGH&kTx++M7
z%X{Rpil0b0HoMz9IAp0|ziT!1@wufZYyZ(8@PefpfED&%ubZ|1dfUB6`)?J`%I&}N
zao|lyW5U=h?bPRfa=xD|wf->PY{osO%oe9nOT>DzM-QUz5F6kT0dwr6^YtgSkDjxo
zFR{9D6hVw(=e97sPTWDx(kSGC*dmC*hgnS2ZiVUC17$?AB*-ddpk4~6Zyey`W3aOb
z`%kw9ug+M!8vKwo4Z=(V&^MFPBC1VBE(A=6-DI)3>?A2?J@|d;;f_lL%zDXL)nM()
z<+h2tQ{q?B-igWf&g80Hs18(-RM+<PjsmlAV-FO)EEQB84|jO7^<$mllrl5LI10ZL
zyFZ#X$Z!-iMJwvPD>wMh$l>Yf@#!96UVogA;&=h>K?QM`Kr(;RJ9ljVn>SuBZuB|V
zGxe8%21!3}Jhm4O!htfc!!Tme>T+`z`@Ts$u<c<6Fd=3-A=|A025>30<c=FCvf}N9
z*z@p{2+<jj5FI$CJqeeB_Se&Z?G&h+!s2uU-$p^aB2u`Gg&V4Y>9oe)Wi#?x5r|a`
z&K-MR#P^c;2C&$`T1z_L<m}hH9D|&0#^WN&i;)Sh(Zw%Qm4uz370WVYp}qU4f3D!k
z>VKf-fK?XRbZI(Z#rePP_I6v>|GMqY_T%}#l{~A||5U#bdi%X0s&W?H=Nxy%mq~VF
zDo+tn7!zxOMg#y-F2}ErkLyA!O58y&_D}2h-@mIjxRz72E*G?bReTop05bID6y?|%
z^vaq#@au@3DHg8}KhnXJ1-CP8fmg!w95OPP9fv;Td&4s4hKxLxp}Wirs0H?VK1RWK
z0cPb$M<j=O&~f5f5_)4gM7YVCP=ln?)lue(*OwHzVvlqR{eKwUV}f#alW{}<w>yr!
z1*{@t3FaS0gm4Cn;s6HVoCfm1Rr4W@Wy$E>VBq30!^w^|2AeInGJ<towWU830~?iX
zDoV$kQo~Rc4m^LSLFN3i2vlCfs8C~4w2wUBbG*?NZZgbGdZkh_0O~tN<+;hLRTU<n
z`VzP+-V?ZpPo&~`X*^@b_f{*q$ppRcS(43K_!}0J#n}!jro=vmC3!9^O)<+2VA1g=
zuh_|x<V*w9<gf79Lll^=aq^}MrN876R@6U9y2FG*3P}31Zr{#1G)iw{??K#OG|H6C
z8YB6TlvOC97H6bG-?92Vu9YD|PR&diy>_PeDhQMW5=5rp^_N;5k`$!u0Fsp6iFBPL
zsPD1Kx{+o&esal}sBE$!wx)Fs)5)BSbF%Z&fH~yiW*rPpr>%==Wmj>7J0FrEZlsIG
zJ1?g18~S97EA0`sEt9ZAra5JOPp>n$o3p9xK4qC9jnNan!0n0X1+1659Az3-W>)Tj
zr9~v3TB4EFU9=wN^Bt>mAGzqsKLs|*%8Q4`Mz}2U-^z;ES!}&$n)31%LQQY}C%+IT
zI{a^CAza*6Y37TnyIby_snd6EA$4;Rl_Q|8xysEgoKj8RvS6BbMY}V8C|I~21Vfar
zSNE79=2(K3w)(8b_~$Jx!S+{dspXme%DPl#`QNplx9G|E|COERWt|0C{QSr6)^6|d
z{KqPu?EVjrAz$J7kFDKyCv*OzxAVCFvx;Zs@jr(j{k)7mZ1cG|Vj?-%keC2ckv90D
zWR^rg+8$W)ct(Q&!xBDWG9`CFc6#imJvp0#4FAZ&{_~g1gMebNDo;%jXCacOV)0mc
z$d4n&sB=ZDsspTO(r6M$+eFPp>j?iXk8OU!jAjm=`lx?ZXMz6L?vxo54s-5Yf!+cV
ze~7sUK(%6>HEQoDhb|&^p$)_wPkIkbjKF32J(T=}j6~wdI3`bIrxay213M%ef>bZx
zoMBm(pvb3#hJmR?M8p9HBBFvrmG&5pgPBES-bfSAEFkg%+j5#GnS~@-V7-@oB0t8w
zBFhvOn2YYHRm7H{JP|ZEzbbgf<ls=^pdFquL*lBvT^PYM7i!RWyNfVexguK0gi4Cl
zhscY?A?BPLlkO>uDP1_&j0n+7%89rfaf*%o@m46-l6%sH=Z;G+!AYGgN~0w+rnJ-&
zrcF#9y{UPpPCD*QpF+7`Z#<Q9p)Pw$?K_TlsYcb2<cuH>bM!cQV2Ifn3YIlWOU5G;
z(uLxrf1gF4$wbW6i?TRvm|2<Ce)G0efydt5e3do}7cxwRBO?ygaKQC2A<?|cM_xZu
z!=3S>WK!ETipr=*HX93(;)eQPR{tNEzR9u+E-eDAD*yXVdn+CP1vbH>{=bUn&f>pt
zP6FleY_qa>%WOVHb5dhYbOXlcnsSsoyqLmtG+$2oqY6VUSW-%jaAm?@`8!eZR6M^;
zYR3w_Y@iUbD(*!q%V}XQM<I?5NYTIp5yxa~e1eRvAif8JH4LUKk!ycyjcAGOrj41;
zQ)H_r(v*=4=>$07z?=A}xz+#JF}j^*J4dn>^MTRO#WSh%CR?*kpGIb<Y~@zUmM_AK
z&<Ys)(hDv`$LFJxsB^L)v374vD^ON2Wi2}Y=AxHC6!Sk{JY(MYWs+_Xc<u+UKPS;-
z=~ePpANL66Bb6+=Jn~p31$@J~=U!5NZW492R?bp*^TTq<6sx!M(kZF%n<5k@wZtT9
z^K+D1W0j;5UB3$=fvCfP-#G~+OBWDFuF;}c$tMLu#z$3BMDB0h4a4R){QDa>oVV&M
zWwCms+NziM(-->(angr*XI0QQ2MfrXo2x~<!D%%10{a)9F?A6VmQ`OKDGyFx&P%{S
zU@btuo3kFYm9YInq${YoJgV)V9G%f%W|w(_w5~#ZSz&$>wwFOdan;S@{8w0ad1U+s
zSsOjB4mt5GvOkTyaDW-$=cMY`Hy2RcdyA4&IAR+rTmvcB&Cp6<4)U%w>#`yh#LZMF
zB5P&k<qZe?W*L~THyE?W!B}K4!uX~up!OLZOanW*;<h_Uu1lrXoF0<UH{vQ)wBNp-
zT;V<@hV|l|+_ywVTArb4%7w}`dTQnZny>SJdVU?wyLRs@SCRa#+=vdhI0N%mmk<^;
zkPtk@RkB2|eC~6psMlr2xzLzzl`E*cJh`e&@av4UUsQdSV+}|&LxDxYdv`nVbK*3Y
z2X`(=*OBhX8*I~`=bumR_vjhDuZ-G0yW1f02+Q+UP#W)~z<6inx{RqC*-l&lU>R+m
zLQ(heBN#!!O?g|Z+~UUT94&s=D6IMQUomSd;Td+P0VuZODp*9z4%N0<_yXvL^dpOQ
zX1k=+v@j|QLl}m|IAHEr8G^wev+VpLqdCS$t7UDM{1G}PE<p+Ttq^q^FG^*1Dj-FM
z-V_tliDWxZpPq{hJri$+*D{R71#ts@XX<)LCbnx&rf%M7JbgN+|4Q6suHdT8KZP>&
zUpHnyw41;GTjS{ufB*S!Pd|Tt0z9vghh@?ec}|q5?8=4aF8BYk`@fOzh>TOqiUF;N
z|LksWchdX6?Z^CYt9e!)|9Og`MnRHwm?dtC1zDUY)ThDN^g}KP!-40=5?K5Z-%V2%
zbCvLNz?w}Cv53sw$t{9Bc^WjpU#THfd@|o2_&Vzn{KB}E(s-?GgHo0xhgXpDM<D=Z
zf~YQXN1$w?fs0qTix(To2bTV`K@zzak4OF2U!hZx_wPg8Q5Fe-KP#s(3_cv6<*^qg
z@O+1C3^3Cx{>4V{35EihcoXIsE8oNwO5j{iysz~J*_hB^L}f^vR;w;rYbYk<XYC}%
z=VSvNkq`~UCy_p@Cp1(YLa8U}<T!;j-QYFD(&TB3d5XC>M`4zmWll02GZBz9F$4@?
z;{m4T8Zf3#-_RxQOPQE>r8%s4R%nPT$v}+>LFXB@kW!&Bjwa3;qg@lH9s4!c%wQ!`
zoEsn7DP-VI@uzMhJ9(-ZTA&g0vla4_orsitsV76xie^(N=1fj~Zss0Vi|3+bH6^j`
zC&GD?HJDw{`TIDV?mb%MOP=idFK!%O;t7z7^}o~I?WWIvY(3upv6|-&)_-PaiyO)?
z8<Kt@d7iM6EIGgeiKtTUOV3|wl>(&BL%FIVqEk%?fsgkNC>L?FGotEk?b=7xt0_Xz
znxFL;G!a&osiqzs)mwaCUa7>8<@w%oYKc!9^k)`WsugJ{=)}hL5S5Db?eOpG@9XLb
zO?5r3s>_b+7GPG`n|m%$AJ~(X{~!P`DgP3W09MNXPDcLkJm!B~&9id(|BkblxY&^=
z{0=<FVQR5CDzoNd&J^X(%~8JGw<iGN)bpY;NuLW%m6>?tZzHjUMDE=dG#OCe3vG~F
zS75KO>;(p(uDX9dao5q;c-d;b8N7dQef8uMzg=MukH14R@AgmM9KHF=9yv{V4>(42
zfTxu<FyBnl4rUu*iP@mc=g*D!E>1Vjea!P$gVE=?Bj*a5$8MtH%T7L-GtaiN)E1sN
zpSc6sE)I2J8h9>`mir2G6BlP77PNtNP$nT}Hxj~_yH-=Q(!^GpN=enMdX(pP{$%Ap
zn>?$$|6zAG=l+Mzqx@gVb65JmqW&|6V+XSGguY-$_D`bv#}d9|0Z3H-)Payv13+&t
z_A!X~nX5PARAREm81j=^Sjz3(;;~SVD})p;H-L96)&8E+F8BKI9d;c~YQ@R1I`WMU
z4ng89HT7&KpBL1qGC5>(38t0}6pb_|Thd|Z@4rjsnpgY$JO@xtuTzcdJyBpMC-z!j
zhWLN=RN3^{DVS<_Wws!*EpYIQL!4)eT1=gn-rxfMIb!S{j}X5vi?BnNc%vJ77(upM
zd+hcsozJ;%>}2XVyjCc;02?Kf(NBt}revw(kd^3c7Joy}Vg8(*XUb|=C5Ge^<$Zj2
z<LCJ5#{BsrJdNrEP-&za#{dE^)k3HH#PpL~K#DD|;*i|<sJ>-KKvRG<=2`?+8cvdh
zO697YizMTobDC<LExz~<n+|#6E0+-H8c{QoDS){GpXQ3a6s0s&K9Q+w|17hzxy=2+
zl6R-j$=#y3xfG!2^fvKobh%SuCfgIaKDQ$Iu=EK(XR3l?e5$9q_$qz;xQ;4YLdkf`
z62%8d#mMHCTZx#+MA=ksbFlfOP+4xBrCog2on(t+G#56DOx3%VS&xJApyemG7Gwkw
zkZ$A!z(@Qw-r|ezTcAbB{2I(H@;fp#9j9*&E<zskg^5>SEJPepnf^4Bp+<|DGa`Ew
z&mT0G6*Ei6G(BM-&dt$0#zgBW_hR|{YG~;P68q2S0eYQmOSgDjV5<+Zu+{Aiw>uW?
zJu}<Sc6J8ablC0>2V32KZ@Amr9)Nk@-tF(U+bw~hG4j@4ZFQQjwzf#zB|ZM?r@!A|
z;a6WZHr^ZJ*Pqp&P4<1i`FCdXm-o%TeI>pnFB(r9SmUd?%02l>p_OKxNIt>)r&*T^
z3dV+jWw8IR$5oBj<_FaN<3DXz{quzNx7@%GDR7ManBU6nheG>5XaASaxRveyc6PQq
zTWSB#cIPqw$4Z`+`+xqzuC0qG;e002W|esTB|mDZve@P6m=s&wZ<!}G^)i@Ji>1y$
zg_!5l!CR28;-BdYC{L8@CR3oA<WPIjitnC0_IV7hLC(kGzIT>)jK&~DznSM9--}fl
z?~^7Y8!s>v`N_am4@BbNINO*Ko{L3fG7!(D24QKSLViX$l8K*&EF4VUjk)mwZ);>h
zbP4hKz1p~r!O&Y6fiwZUZ5GseWiSlbKEPhy0w6a<c&eyY6j0iln6{gIV1u|Od(Yct
zG|dc$dWUC1$0N3{!Funx&K0f-mz0dn8FpfZHz1}d8lrBc9{SfW?tIB2ij-SBairvD
z8NeJzZb`$bEW}^u(0Hkp3Cya~LTLx0Vh36dfi%$1)A^@FqO)wh1ygH@n7#A_Qv7R7
zuge4)CQ<#oer(CBI2-v3RW|ioVNn%P?J9b$JzeQbOPvdPHJ8x2P%>~|N9OQ!*zjML
z*6&fUtU|Eh;e*`kfZr(jX0ecz7p!Xa^u9=L$ZGNw@Tfzx*3@a6Gi&rr_nCR4*Jx<k
zUKS#@_!{gCsi!M;A>x98kQV(|R_jTObg>~<IoTwL>bVwQ;Ot=tEOZ*gHgXo*V|M~z
zyDPk!7d_N-&B^4t<caC>T_HX}Q<q)Kl$rV*Bz19Hu_d!;iuCm9`?EVacWQTG3fCR#
zj-qiL@8GHP{q{PVf}ym~-YA(m<?j;RB9v1<!?EyFW!ZH;lIwB01UwWIP;SXe8nYMx
zydA_Sn+qw(Ig^23U#SubUf_M&f8@aaq(e&!C7DHD`WthE(k7wCXb)Ae@MkBcaNQv9
zFu$sA4=zBF4DfboBo@U0YPPJHVt!g27)O<l3Bhdrks>V-XZ}U>bR>AwLLY+#My+g@
zgW<yoKVEnqnEI{`>fM;K8=Enn!m>zsHR*d!D7#z%I>}y|qvoW>gZmPgU}oo@Lem!6
zIB|TrY9kMCh10&son3W5Is8mtP>xmb_T^*u4ZSSt_DiuCU_S#OI5`?JH6Q+FY`;mu
z3)|-hw?dh6(*=0IR*X976$;OzL0<!l-F_|3va#H}L(o##W>_GO-kE73f^(*WYZ8|m
zG3d<X;Bs*Ta5Zyg4z`8o%?OKFNwSekmY0LN9*UX?6UscoF|ItFxf$g&lN``vbBytC
z(iU_nzI&XkLxIv}B6$LiPbkJJcw@az+(Z({G{u~h)M@}lx_C#u_#St4W}E4`nGg@<
zbRs1}iL@k-E+R_tx5b$sU}Y&OOjYuz`U;YCY{rL#Hq-s4LNvrgm8XgFI^8qKDVvdC
zJtUJfMK00fea5(A0%s{IhEGTvOdHJ;&WbLq^AGEq$l?ek4P)OD^eVNE>}r?9B*&Ox
z)IeRX*-xZMNWD%bx{_6y9ZocoPqJ_#uF}_Q#UEr*iG`4~N_kiz4MD58uwWR;hTn2E
zD!tZEBijj$5sl#c*MT>|l}EiI7?UffmZzN49F4+e-^$Zcg$=V3*tB{H4^t&_`%v0C
zAIq0!WHNiu@w|(vPwIFIxh}1VIT8cMa0PQT3=2UjVGl|}s@e%t32{_Es}~dNyd)LK
zOlj?kqu6M}W;OOn`#;~iC;Mk-?~YGjo{_`T)8o@UrY(rc^&Ygz_jO`<l%I<h5;Imy
z`1kjCXk63~xL}(_;o=gn{83l73zI$<l+{8y`#W0{tZ0P}acg=!L27%Dx@O;@+7^5=
zN1v;6t!OXhiM$H#M49o*{>`_=d?}S;NxnKujbG<vtV=ZN3PyRyqLe+>G%AO<?&nP<
z<t8C<WXr(#QwOYM+!3nh^s1R1o3}BPL#|-Recb{?6niU$4_8o(sXq!#iz<Rupp$Hf
zX${s(aLJwZ`W~1ebjsA=15?F40fBG{OT`8*JNuY*fpi)T{^y(Nga-BiUXYEc?`KPW
zA|E`ME_fqI!E9#b!+~vQBy~{*+;lnR*NuSf|H_V-m#zN({X2ygENtr&s-Mt7vOO<w
zH9V>wQz9v$O}KD89S$9uJN5EUeP%k2gaRUF&?^C%wSF_kudgy}-WDV1?xCWzu>CX8
zt5eF_Ch^dqxU}&a3+B3k|A}MKo^nTqFm&dyjrr2Ds6{N=d8;2<o?K;)DnBIaRqa#(
zl)JWC7qr$YbwxS)*+b!V<>l>aBZ`+8HC?r}jRHMH&B`QDE>uF&YrLTka~6(XAa6Y{
ziXolFAT#q{|5Tkp=2CbL@Tdiy+1@nFS|X-u(uVU)c3!e-vftV4U68x0m|ONX#mCF#
z;jA+KK=Qa;_sKc`A+iat?ELrE_HO3<2mJH6|G$c7_4j|o+XJ{Wgi{CL23O(`Te3^!
zP_b~rvZ`DVvVU?UBelX(jYzVwXho5dEO)EWe8gArm-u$#p+O|SiNDIlXbdx!rO9@a
zuJ^H$vhQkbY$vYWI&vd}uvg4ixPcc*Oea8wh7`%78rvb4UZx0i-q10{b!V1698xA^
znNy8l^MzP|bmPYbO~N;!aBIfIG+hzs{=x0<m}dqj7V1jAy}YgS%H-;~$wdK0Jmsze
z&r8GI$d)S3navweMxMtbs;rQF$AQ$ovyn~jeT#3%Q*IGJLNH-j5-MpAvk8AvZD7$1
zJoTfhPa&x!Kwt+QS|j;3bUZWK*-C$x%`sNZHu#C{&tyY3%eANzp4kuA-@42Kg>nE@
z_jBBZW-bjq0co{hkh$MZ1e7`tCaq%GY&C_^HgZxwKU+9CVkSEx+h!?Gd&r41zecL&
zG!$K985ok=6R%6pqZG6S>6)#s(03{1y>;rw#2wHeYI3(dZhZ^Y*K}Pk;(jqEJ<ngA
zk<cE2ZCJw!u*TwPEq-|=E~ml>6@*c%Lwmy{dO~dtB^936ZcTCAT7t-}wRk|ADwyiQ
zMcA)7Xj}#;^TrDgqyniRd|AqArQ_w%%O$OH!b?#lEJ_V@JxvJc5{4-^?J%6u0LA=V
z)hdc##7YSkj-0S*4rGjv6mR$6WXS6O>>}e;p8wwJZ1vLme|Pus{P#+p)$9L?GS4za
zn1RJF&(1xDCb&_SOzz4B(B9+~`<h4{UWvceRrY3yxXHAU@?pjEKh<nQ`yv`kmX{~e
zeH-u9n7(i5VnYNq7kesHjkZ3f&cq1EEwN=&P)!~aN$O?WWw)Wast-iJqc*1smyA}k
zf0a{7+=!710F|W<iq0xL`H>%^h!SGuv>cye$qNWg43FZ}hPjyy)uD`=SI;A6_Hkp)
zAb%X0x?4Ju2uK^lk}7f(Np5>`{J4s(4P9>eWbpJFa@@3G%M4d8NHHqn7*={yv>-8n
zt}Y4Ui{NfzPbSj{w@T&p-QjdF#`qW>@nm4U1(*{K9YkJWOz@bDfPj~m%?5gb5^17T
ztq>@_XB9~kyqMhb+;y<NO_xPOIiBaUyOs$DCd8UJpeOTw%FTut&(LPMKcjVa{pl5P
z><j8hhlsT818QEV7d3B6`yYPM2!!=F-X(^^Z*oBP1l2r&7ov0-*b#Tvri8AN*gUB5
zl02snU<zY00b>{a`hs*~WQr~OJPI#EoQl+&8*GPV@zagkWY3%8Nt(}Gc`1D9C4#ge
zo4l!zUtCx>vPnmmA*mLXI`>w`eSC_ajQ+1gZM1$=LpZK)5LD^^yS<%M{`c<AqyE2|
zXXWSrL=27GR3})5MSk@uVSzZRSD)|Wvhr*}#!FLxxab*9M?b}}`a<NVw?l=CUqnCE
z<)&q`-BwlhY-^q6w$@2jv^nCX^vERXL6RzLE^YF<kj=7@8U`M%Aa*lkFY^!4EH7rF
zU<W!m>7;Hzi*m`XbGBV&Prb$Wp|ysaallto3>FW6XTHwL_JvDS4KpFA7v(omFVv56
z26+N@hwUd}aY+z^$X*e94z+_pi$>dJc-V*sx;RLXce^mmtu$4yI@x7>cIj-d?o(l3
z>Ju}tO{<@9SJjl9Ts76QaU7)j^KsIwcG9rE$uQLFV={43W-2NDqm~ww;$s<aSZuUZ
z&YetL(e)z7l^K`sWk?4H<8>b5){Z)WN@9=<oU5W#L#9|!-e@7HINy|zr6iMu8OSrr
zI32`NrWJwi983e;LyjZn>v|Dk)Wy-+f;B#C2NPvWMO0&z&b>o-_SOvQnY>*YG?F+{
za_#{K^U)vhBAm7N-n;KznKkFj5F^Ml78q|_1PuZdX)WqUFw<FYlE8L+v;Jkco)v3x
zf?hl*w%%-_T7)65&!1p%Aq5Z%pq+ssWeIB}qp!S^1k6yPTnbm~f93i=7d|)L3aHBe
zx|8<*cj2E${eLCT-Rb|Yug?C%t7KO+UTE09C(fm7=m!|ItS*;@!I3iHCtmC20bYH@
zpD$LjWYOiF6s8W_(4BjYRTjeRu}mXAjLKV(DKgA3sfQs$US!Dgn|r*E3u&flVk+xk
z>X>`Zg2-zNP<Z>fk;$N-0TicXsvwDSsoG{R7~7aTeH!Gh&N?zm;WQk;^CX~{9is{g
z=8(YRDF{+%V_q%wxQ?=T2g;|q)@BZz??M_c(+Z5KcwJe)00)2G_VFYLMkD}Z6m=(C
zA`7*qsS6m-#<IgbNhd#GAz0}&8tjshhWscPg-2!RYjx&OP;y>KAdxDU9;M8os@&l$
zG?>JU#sOB$iwX>r6n@!n`H1R$VJNC>a-Bns8FnjFQT1#VBD<f4gPJ#RkppZQmaU?5
zmc%zDbLuEs<}{vmZH_K=>dHK*myn=fLKSmfPWeg(OzPYMk@7Gqr`H?{cghQr@p<JS
zl*giqtSR<O>`y=1j*Vtja=bpVBe*IgPHusqN@Y?h(@3h<Jh|OiqG+sm;jhM7%VA?A
z_$fo4KJ&_f=0J;giWSQxo#HSJY)&xC8g8+^@Gi_f+Ob}eKf-fSKZY>}#p4BdRxhBw
z>_`cvRUm9VE;ze9pSy1{I;+BS{yC+oZc@2VTy{KC^ZrgR4gKrSD|OvjWFi&RThfTi
z)0jA4=N{2Sjec;WnV?=Vl8H3T8!7eus`t;!{XekU+BXjct?>WsY_-$-zn!g}?xX)_
z70+_~Ki6^qog#DnE})}7EZqyl`S#v;ffzc)ULf}QW?mrP!tHp0GQ^zEX~V0PI&ETm
zuh8M50l~aKhR@2T0Ew73`xj~{r^iZxDOC(5z%;QQay(peFJ>c^#Uj;@dY%&9sH~N(
zfF@>6*QDd4$Qc)J)m+C9kaoS~djYaeA|S15%`QZ$*g~x)l3H|b@@QCo7t;MH&r`M7
zcnTJ-#u4V=$wFw}GvC-Wq0mh{NgB0_Om)Shg80j(l@nLF9+VWfmH1B7lEq#VT?7|4
zys)1{ZT&uZNN&es<^r~Ct<GN*7PFZ1VcgJS=0NYI#mrYc9zP<jEZ+OMDUF7TTsUvh
z%37KhQoQUJ4>PZ$j#)YB55^R)Zjq^37`++(3?jzRbBcy))V%$RIR3XGuL1efbFf_+
zbB{!>+HnK^&xNP>K-HB;3Uz(?%0xw!=v)oH7S;=NFKmF%g6pmwX>7~Y4}P(IUi0dV
zjSpeok%@h;pK|-(_reH|;@&I>q~iXU&Tc0Dqr1Jm`)L2K;<>x{j}y*Yw-E%Qu<gC^
z0VFsTI|7n2H}eK4ZQYJbAfLbsMTaOLq$+pK=#U&p<=%$4ylO&JLuE>ocpGc=m2D_{
zrH7030b9!rtT1#P=ngH$Y_VL*7H{)six*pHIdfw<ffYGe=;pAXkTQ@9aiKbjYG|t(
zN08G*dOS*qy=Xu|DRa&>0=FApP~NkLZ$?{mU|Te{JVe4QO2l=u0?)EFFUxEo<PCXs
zwyII%f1BR0DZiDiYlRo*e9dCI`OQBPTb>Tzb_LdQ2}=p_!bPRL2fCG)e=Bcl9_5!(
z+DZ9z#4S0MwY1dd`C;LA6l+qwf-YuPR>M;kI!>rUPxAr{nr@^bsHf1oBNIq$q{mdj
zB|nCwp?9am`BT`&qJWp|cvHH#Aje$K1y=&-hJHA8u<oNXE*tESQ3)3uf&#Vj7Tt8q
zH4o<Q(XB|2r092XKy<YPVY+g5YL@UVQRkSSQ5lm}LBFuOtfX7W+L=`-zr|aSB&xD{
zJyD{oyAPO)bNjPA>828TK}nb0yC?;<WO=8y=3igr<=VCnm|Y6{RKYR@Ea9i7xylb^
z<rZ~rm-~MQ0Nr%0z`RimSVjETcBi|Q_W$<UkN)44Ja^~+J&?S$boXz<wfDyRn{>9&
z`5R+>Gv9C0((Sl@bBVi<=Qn|HL&t9xP_EzC>Z58{9AlONgQA>QD)R1D9;wsX)OF8$
z5#qD#<5*edU6OM)*CqR#IZjkLRhD*|XsKeO676dod`MvOxwV92MRNmMvbQGb%3@=G
zJzq^RoEsW53E&6fso~?j5Y5%4;1-RO+ns%CCo0A~J<IZjQ~&Z9P4l3iiu^C0JMygl
z4Nm}7#Q(Inw>s(bKfAkIkM`dxo;%F{g1q(e#qAsbl8k$A3_z{7g*Ko-`-T}|)TVAJ
zF-(@c3z>kj{;cqP_X5dbbXW!HVan6G=pYIbyHuu_Np-3?$xM7Y;hv<3!Rs~qn5|5&
zZ;98dN-=ZBu6xf<F2lc7Lc$PWCCo~J6Z1tuVjA|kBtmPElP@Y3)tgbvb_npyBq|E`
zGEt5Yb-#gBIlO{8$!^kW45vCl54(U@?{W&4%8;!a=jlnUX!j~pPe`LV67?ivsVYT}
zC^-ky^YWM$vdKnwSwzthxlf^TcjrW#N7-0jRvxB&^_P-rVh+5o;YgEUA9ijY(TN4d
z{kr*i3ZUH3c_zU=5Z75{MwcQD`ZjaAEZNQ}>_f#+s}m}33@g&R+-mBiGLz)t4$aN8
zD9Ita{X9x{?ck|+D*S&UtNv~J|Ju8|y-fb+-N*BPt9kCw|A)Nw^2PF9f2o@w?%wq$
zI$G@YTS69S(Z(&g`?4fm%-tvIFU8%b!@6cR=oCWN&Ihf-dCUm?m=QW_^K%~gEjYUF
zIw!QC^u6>o-EmfE$%K!2q3^~AHOC6LJRj8Zl!1BhzK;DRz&>mrl<33)<9=NqQ~{Km
z`k(~Zd+vjp+u2d3)ZM1D<MyW8jr|;Qo;~n<(M4+ZgB;cQ9gB*TyoO`(u3Za{&*Ss>
Q-1F!E1F!fV8~|zo0B1j(Pyhe`

literal 0
HcmV?d00001

diff --git a/internal/attestation/crafter/materials/testdata/valid-chart.tgz b/internal/attestation/crafter/materials/testdata/valid-chart.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..3fe48899726c3d349328820fc512d217035e4ac4
GIT binary patch
literal 13845
zcmV+wHtNYAiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc
zVQyr3R8em|NM&qo0PKBxf7>>)X#duym`l4SR%%g_U+M9#caQ6&Ti>RMubn1$PqU|m
zNJv6W5i9`8(I&p1{r>PG!IvJkY$v<s?k}}SU@#aA=7j+e(8+|x-IFn5!k?i@^ws*G
zUa!|X*xOV8?e%))|Mq)3yI=M9_WQg0{r>(=@2g&aXK#P!E9l(;E|n+c0<o`pw{EN4
zxi92FaZCjggvR`^1rQ*CN0iMD;WQpH#05(Okuux@h)95Aj`<-RCny->&W_(}p@h7}
zj1w9k!gQyFk|g`N<M(&{-ByTsz(^w0yJL7s1`M$o{D7kgD6WGcWiVniO-MWf&5sb#
z5eZ;`#TCXe42X!)gg_w6bH4@fW=y#L34}vT1%x<>=nM@a41*aE!ErS7TVp!GhcFf*
z;fLL>f#U~s(jtLGsOC#Iq*rl7QOLUy9Z_z-btZ^i`bj)$UE<jlWg$Oobqv0(4vcY>
zVAkq@z>_3G0=GIaOyfXyyw$N?XiX4_1tKwKs(Oqhes6!eLJV)iX&lJTr7X%Z8xb*1
z2MRF*qpQi#(sd02oTe<m3g+UPVwT`Ti1bjjrlk>kXqJ3@?(s45e~O|M^E*-i3*>)q
z=is0$|DWyj9_9aiJR5LAlNlqUu_%h64Y)Xa{(n0!wbbvNhBy{vNH9Bu<Fn(FA6_W=
z-`d!KOt@%Cw6OuFN-8t_M@kqDr93`4?VdabL21MR#UUh&2AFfqeOdm$_$5gIe?XHY
z!fz!jwl+3e?r$sSI!b~)im0_cX8v2H#k;?v;gG~c5X^m%tVJ5kpa1=x{rz5P{_pSa
z?mo`{`*=Qn>^^NZh=64Tz|-#ab*m+zz?4i5fnxzf5@Bg#98Dx~gE2mYyjbfTi<HHH
zfYYIXn1=XRbKDF<tXYr7t&bmp#6gsX7(C6RzQdTZ7WX9p54J)Q2=FfP%meTH*RMVB
zv^Mi#D<WKg_ucWiC;$C#uib{u^|eO&<HwF}aA6CwO2Y6EGls+GDI@XdA{gT^jYvE?
z9mO<z{o(@-Qf2D406L&6;W)tZw|pi@1mhPU5{5aqHn)B{aEWJ!@bM$~mv{!(*Vz{U
znqY<mWzs5lUh8fiI&T1EuNaC)7<~P?2uZdhn}AR7M@j`Qf0fm79NO1cSaQW7^jr2r
zr#g;f#KK#RqXclb<EUGZRjg84ei$W$3moA<Q1%A1i6MCBOB%~Lqj!se%f?Jjb`Lx~
zTkd28_2B6~ks;tez?Y5MHcijf*X5*!?*POR$3>``Usi#tYZRawde5P~pb3rWX!avs
zf%HzLd;r{cipooqw@_8%3+_w!BrBsdl5;a1U>0M6xld?!Ou01tu(zn2O3)`Xv~1Ru
zf5(EX&UOh6OJYBulZ3`N78%P0DHn9|5)E*~J@DUZ&nBUvegz)>AQ<{dPTq2%@|QZo
zn)+vXca%^l0V#i$h{ghc5FTtUJv2^lErmC;{=(r=J}@5m`G>r$LkYLIB3&E&!uPCJ
zg$Ok@D`kqcE4_C?NJ(HpR0`f))fORHK^jT)tn|*M>m*10P)*jYGSjJw+@H8?vIU0c
z3LI7>b3V?#`3u@@_yjSDr2z%~UQtXNffiE%TX>R)nKQ)ga#2VaiNz2+lq7y}GG>(y
z;cJCd#txO{9Q|I_Gn<!qwhfy~YRf^ZGD8`oO|9URvNQE+)lsEkXJ)C&w~=^miFVa?
zDfF<O?^K=7k&8C}71*dMFTOlBl4?=^?P$dQYWiMT%Ii~v1-toQUJ>Rt{J)DLT-{gc
z)QhTzQ+MCG(|2hhb$bz2BcN`m<(3vsr6%uKFfFUm9*iFv6xSEQ5Oej_XUq^wsGzlJ
zpZjtCbxUjT{T*LweXhTwmlk>c4;|-idaCjN03~QZqBX7nEQtT_AN2N0@&AL~-oa!1
z|301vi~ox;27%ZJ3-~b;=U{RX8bw2aIi(sf=_a{hNQRjKI*RB3MTNOs{^-JR3(hIk
zaf&JN;rzC?oqyuu`D0$&w@_>YjgVa#Vp>^G3ri^qIXWmw7)=;KLjG;@d{nwlLc@@7
zma4R#K^l&*@Ru92ghnKo`8mA8$Z<TGVs=6&31S$$KllBeey8VE?UQCc@Y@+cWio)L
zo9s^e11wPAE0VRTY&EEPQ(DDXTv2vuI=&p0Or5h8iS_K(w89?*j@4?$a`ZBYl6d4_
zeygmpb&@V%H2$3qmL!@jeV@EFkT&9Sq_RcVN1hPj361&Eb1yHyG>Q6q_s&u%N%(rn
zq%s31I9{4gd4+!~LUDlv9;VUq9Oc%yPg0q#KLn9TJYtyhB?)9pHxS3_Xj5#?CkH}S
zYKbD&zj+vjt#9~0Z{2X6)>(_PdZgNYtN8Qpj!%GLlfJy<tYQNctRQc0Zx-nWQ!%ED
z{8MGiuSCLm)z?SLlk?}x5-?!l3iP`@>!F0?Y`+re8fvbOYR6}%7nn^+fS05lN{Fqn
zJPCX2AR)se!UbEM{~GJAkBmP^)~2yQ5uDKwj#EK-fFjJ6r0O_9D;Vy(tCG{iqT2-x
zD=D{Ap_Rd$#G~$XM-^E>+)9NevM#K=zTtR_nIOSU2V?p;7^@5h2f<RMx6f#JfrFG0
zG1I;~5Dq*|63PS)myD3`#LucMqW%8O<cf|lDXdrT<Z(D5D&z5l#zQhnwNSZ1Pf;zP
z<vRbDqnmKvjeEaPi_~}JR&=<-8Ca)XIA&AK<m4O@$J9enGG5L^y(u#;g~oDPuA%b!
z<f=2lZ!*$JQ}z2C>x70KZm`IC?_mdiNt~97;4TH}CemH<M#^!hH?Nwd3Muz?{oQZ;
z)-hb683+o&7zdXPrLU0Qu1aFTXqW~#gftc;$_niIyM7O@h!~e*{1S|z;5J;1NiYVf
zND+xSpcqgXs-;^Lf%ozH+5^Zo@A@sXT~?w+xZ5`3fPmo<{-9R7fy7*36apQpCF)@_
z4sd-9100}~V-1<aBQ-^2zb~=g;cLs182-HL?@C86jfBJi5O^dOm<>^Y6-9<LjYAJG
zV^rEHPv1}&U|@Jcr#OVGG1ikaKmtW{^n}BN#AK4jb))h0>5}m)t!lV~YhnI5l<_`p
zO@HZi{_`L0r@#Eq^*^3oUvGM_RUi+10zoeXlaz2)<rgZNhg|=wuK%h5SliyOuNLqB
z+}+uGR$Bkvd$!wuT>rg~=RVheRa<YyjHaWpp67a6r^$$+P|li^%YSt$P=YvD+w9HW
z7!YG5K!Q}_Vt{oyzt#GgqY*w-Q)+XHA`&W{`a(9)>%rksC50m|#LdncUp5?JUxCb0
zThuq5@t7bn_67AVR=u7F9>)R0BKzZ&+6>_h364TlMHlV#dS0&ZDj4?f3d8;i81^#^
zE2tQGpa%(O;CU4jw_91-PtAx_Nzg8)g-Vt>x4VaJgODJG^zN$;lv{%i7{S{CThoV^
z5&=4NN=v0k;t`i>T4@)l;kTuzCu+~KW<4U{ipEa_h%uvARwc=HZBAPUPO`u9_RbK)
zv9N`jZNfz)&7G7osZ<8(@07$U)wN0mH&F`3VNHGOef#G)!iZ!4l>e;pFtts?3P(fJ
z!z1wC$7jbE7w=x5Kfiz%=jX4_58>}L)$=i7bV@=DGnz68Ql_Yo&)?D{ms*^e#=Yi7
zkBmiEc<H^5q5Qm}0&C%br#J>Q6qo_S(v(3_r24)MGzuYLSP3x{ahRZ)WPljsP@6$w
zjA!=kB~GM;28lEYxRAY>(kPu^2qHu#d@X2ypE5DV3`jhrY@)d{K(TC}4%87LAs~^R
z<`L3>`|dF%BOGIfqVAYpbp-7SM$<ur`Iu7C8RKZ8x5{@2=PBmhjlA<6&3>J$F^O;|
z8y8dFj10d)7r!o5GAWydVpWFx1Vcn3hjl+U6X{?2soH;Jf=27x`~THq`|sJas{MEH
z>~a79y*&4B|2c7%gwaF_K*@0GB&0g?!?2_JPo9IWex6e*oQ*BU{t;uWOM|Dg_q=jK
zpfWI;baS!2%xW|1Co^e5sTA=H1K)mf3n!ElK^uzOk9h@-rEw!DQ>ymRX;)x2A+gpD
zMK}VDT!+(*rPn7unp{Q=!QyQ5)vKL6YN*j^%2IUxmd)juhGc}faM5u(d<5Qqm2{2U
z=c5`xHN7r1UhGL#C3#=-?$=!Y&nuNJkDY^Q0k293s@j4EzdFQaLX>9eJg31WW^k(5
zJsY75W$S}%jl))m6NUpMaCitRSX1D0hT{;kvowlyEp9_V?KzV%$%~h!WM=j^&dUCF
z^S7OL)0|yq$`-J4Olar5oI(mcNz?MoaQVa>yWma$mqwjzn}-2$N#gL7gEv7*z84@b
zQNZB{P?E@zExh%m04xD6FxM)u%5d^sC@xnOe-$<r8JZS2+k8pBY&z75uUbNoA#Axj
zlN`Wp#g1jJI4n`BfXXLGWAcaHm8FmFQ-^ny&?#WEJ}H2wC`yr#BGW`uq|0NCzByC9
zA|KX1;Y*JHf=OP3&*G_WzFOy9>QVc5VZ3dL<_!d9WNXXai<qdavWO%y0U}MBVra-S
z^U0yIU43t_X_Bpu(Nfr~GF2a1W<3td7cD=vw_sP0wn#jp40H3E;VF^ty9vW4Hlji{
z@E<TlQ8YloCD)67hzZCKz@2A5P3=<CYVM3`!UJC)o4bs(oR-(LHr0nWXtazo(S52H
zz!DfTI;lHX_9w)(2^;dRUKj2TB0A{q><;()A>REK^}ang2=?)?Hy8$cJA>Wfv)%pR
z*>1o0Z1Akt>ly_85#4yX*YCXC+k>o2#r3z}{%1=qzkSo*dheUR{_6hOQQwa{|BX8T
zeBb%UH|AUZqW!cjYkad*xy|1kS{1w#%O{6NW+}X(VCD#fzWTqHRrP;Dzf0>s`$=N=
z=b7s7d<O%3#SH#&#&7feherRuCjMix$=4SES`h!)+kaM$|LpgkJ?{U!m*@WXfBsFy
ztpx@tIwgbRSemOUfKRw|PZK1_Ai_Ec0!5L#LG<|S)JkgZF8x(Stzl!+N~Z6)&fPUD
zVdks(WxkzJDQ4|A^Q*i*b>^%_IWV(@C|_CLK!<>0z#j-##<wYH`|j43?PRsPr?K!s
zy;7#a7G)5plL2OJ2~sLAQ_Y7{0aql7V1Pj|6mvO`L#dKNGE~P;3Yeiu1R<7og2W<Q
z?m}ig3@DRml33sot}JyumxOcIx!#O%_SvR<SP7E38uOB(Dua{hCnw+P@Mu9!QQhX6
z+T>EoU<?0I0A9BZqg^f4yk|l;;EcSsM_g9OzsrFvd{-k|mhk4AI&`uLAV4Bvxq&@7
z)ujEZhtjLGA&XYvxgXu^E=ej2ki?=0t(|`xMihyIz4CY4oMP2#gP$ae)tGGa<6dVv
zvr8~(sG2-1DF>v9^k$Y|Q0v*n1k}ZX!RG#)87Q7MCKs`6wVK0dTQ#Zw->#e-SILeW
zqKM=9X>Xc1H_K@=T|0>o=Ste#ik_z>Xe-jST77Ol<PFGs=hV%J8(=0n6BMJ7T9Gyh
z4bGJtN_xI|c>$b^VjQ+)1u`Uow8TJmQL0m-ofShEw|eUw5A&NM+}5O|3TeQ*sT{Yi
zA#!&k8_<pmX7S)k*gt8|QVn1(a_7Z?)Zo5YIqh_OzV|YxRhy-vMb#MbAMp$dpuI97
zf+&@4ie3t5Qp_(^Z9(zkAw(kL9TZHk*LKC*XPx?|o~r$Cj()no_20ezUito?y@UP7
z_1}AW?%)1*jCn3l93mF#Q_5<?(1sgr$^5v(+QSWXrRrH^^Us^AwBcwR6o>izFE!gP
zd@+qVnSS=Hmct_}DJy4}X$@CVU-C8gjrPneT5pV_iO<Jf69{UkX2V2zy=uEEIVuhu
z@L4{XvNUU|Xvr9M2D6$<W=CY!cb&g(OPw^uDmH)BVHA-QtES~FisjeH(%kW=hB_yh
zsiXlX(wVPU6wa-)&9`e#G;CK4_4;wFJ=Lu+k`hp14Chp_qX@O_+40jRc46ph%jbhv
ztYOEkFl?3Kss)){8&y7oeqLfg(OfdbSGy!=3}iA%g}T8@8KBbq490-CIl;r{2@ZU2
z&N6h*CX}WCp9aMObEHY}Si^Y&#W^jtEKOSPFoY^g^a{m7`r8qu3D7BKpn(~&W&-pk
z^>HFgYX9Bf$w?ewAmWKS{%Qshxx|qTh*;mAVRY%7WWu+t|IfDpi@<OFK(Fu=vuzEC
zOr)7-@RBH9F`}|0aarg(8(UaQm(=-`cp}GSf&~hZK!$W?WSTwuIts5toPwImu$7SD
z@&>CL3l1%9!zUHv{yUmPwenI=;CX_yZJWHUkY8O`w^is~;=Wc%wW`$lY;D}fr}?Sc
z|C$fhX#Ov>|DW~xW&3}>zxQbW-^X+B`JXR7BvJ`Tl@pr)x!TsJY>q~?;tHouUc?-Q
zsOl;)Wc9Wz`Fe^OBO#X3k)?3}2fOM|GPy{HL-GN<PSe#TCk#uAQm^SMG$qb<<qsK?
zWiZQ8*V=SZ2aHiyh%TvI!Oqv*D|STxZ7r}*z;F_w0E7392i~vV%{zrM!VS|Xn!z6_
zisZP4(oRvG^`&W}psVsiwjnX+*@jO}C)iz;$)kokY!#6SF^dplOgL;AQayilA<L?j
zkOT*9zjZpadqFgiY)h*{dy+43D7vdns}gyG?R=Wcf|Wp`<rDic;}u(`vA|MvcSDGq
zvB?2mnqM6}GjeDsMV*`BT6nuMf@Ll&K-2B6!ff+R{)J4aSE+Cu%)UroY!0PrZp^#q
zFs5}uWHV+dGB0QL<roW8{dj9US<5};!b>OB&B4i?EKZ|yX3X4DYnV0}d5TRfJ9TPJ
z=N$REueY8`wNTeRrH-SBUb(yK6f5#XY74#1k!tdUSRZ0BNh3izc_GKG1QJ6)Cj+(n
z%wD&>SSc$wHJaJ&w{FW7c<RmVwKQr}Wa>}^v*Xa+4)}!UBwAK|)b+D8+zlRHKBxTl
zJTK4y_uDIx;+FPb)&AEzh3_x_r+*-g{c`@#!DIf<y*&4B|7Ynxn$L{doTE1_KNeJ_
zO{lpr``hc59gAh8N>x%x$|60VJn$y7?9X`#J|$2ccu{!K&Gw$ZPV^ZpI!8ugW5az;
z3Xt7rqux6=ufvE;actcR6_5jUaY$xuILEWdB391Q82g~qfL>81!U}$!9b)&!Z~dNf
zVS<kt@!P7(00oy<h=q9q7Kw<M`3i$?NIay6bqS!^-QP-8bOpn>J3%Dw7B2<gu)Wvq
zDw<Y?!`;K5(^20gZbHP-OltNk3}ZBvotR>VqB2Ffl>F|Y&v%{8ROHZ#0kc>w6mpg_
ztE+}U1<*%j{bLNBYP}Uzt6c{ubA4`Gsl4t=-ch@>{1dwtmc_Yl4X4)hYb@#_np41b
zzur_ROPxzRTT19$Iydm#MCR!0a4xah`sY0gmirJamv~lx9LOst-XsfId7-K<p5B-F
z4Y?hC1=Qh@zTmkqZEI#t@usWFyeZab7qY#p5M_%$p(L?+`p&)(iOUg?IK&_3)!NLE
zZr;eTaI#qti|1N)fD2{7uwVpFvE(eZ9uzT*!Wjh0ln<AhllgHedR5a&?JXR3V_oLr
z90bptRuaA~UQbm%Kc`=Frp}Jn1~0<#NQ^z`_tY3tIfg2StmwfP{+^pWY^HvNW1&-E
z*(Z7=pJc~n!_^owy{MPbm~h~NN_L+&7fO(8CWF4d-X#=t)Ok98*1-N!gjN<x_LL91
z->^m~Z3Fg4htdS&e?%FDJs;kYC<3+4HzbS;eeMqyn3;rdGe1KOOrxsD1Uf3eG?$hV
zXZ^+WbYyrl1cu^}PBOx2FnTzl1K&{^VH6iZy&Ge7VvC^Cu>?Mw3~0n{mluG}qZc)1
zPH8-J5Jw4Sb#@L%#CYR!e6?v~V^2ICnArKE^NFBSIiN^Z86pzBj$h%crfxqs%0Tv$
zrPznlp)&IY)oi~F{E{U4lq7Cl?igQ5wo=q7Ybd`Z*@d!Doql7^GE}j-VHyW&GdweC
zs;DeP<eceCouuVP2D&miv|QXe9RjMEIkGL9#v!D!#3Eabuq<x}^$9mMb0)NL#0*!x
zoPk75Gx-6HYK|%X&D%npXJ-$=lS@3C+l;U$AnFOFScUL1adSyv!<3qoIBd57c6>O?
zj?=PTof1@@n>q2MoX({Lw@6#^6h*{b{MB{?B^NSDfn3Ss+AETzV`M6%c)Q$hY(zsw
zR8z3F)4M*Ls~H*1oJm?Dm+A4bVq7zUs}wcEXQT~JaG(QDrVCH>hbIM*r4h;-mVL|7
zTWEDuwOyu<H#5u*kHGUFJ59uhgwpGLqB~Jlm7(hApKRe=T$Qia%|6(o77HV3o$~!2
z_=Z+lVZ$(%4S&>TR9V-jf<)XOVeuoLeb4AbYMxBbOGfm-FR7=Rt4G_7&Azo)eKt0%
zO30?&OE{G&QQL>Pt?RLTjs#NvU_|L<nt(TzCWiGUmIw@Ha1C>`{ZN8*jy-W2a?MVY
zR^xv5^%bW1w#JN?tN~dmUAW@Z-7~UTV4w2-$C`uV-sFzLd+%%h-h+^0eJ-w%n3-9k
zzrT+?+i8o-yhFn*UiG8y92b!HxuLAHC-xHz4)$;yR8rl{?R?I8BBkR2aEt~K4vPoi
z*g1OS&b6k!)SGtmz?n1S%O^nA^QAS4E&1%>kBW?*MZ<G2s=LECCv*iBb&T7M&akZZ
zs#6`Cw>1YK>VqZg5pn#jbsc2cj7#mTFYbZ&jZIk^{0qUdo@_<*3NzS}YUemg#t8cD
zw*L7lonS@+=(k}jO_FM<Pv$hpU%jT;tjhC%kcy;ks(?rM!?{j3IF6#1M5rj6_x}Am
zhZgGCrccuR<buKevcTQrk-Ur&d5OY=<KuKVjBxGLtG|G=(s4<sSLvjJ-W-tiTha>7
zZ{jj+-8P_<W9}F&YX5w3AE=y++d!p5aYeY=>BE5tbK0%8j;tOvj?NOku~sdsdc>xk
zw<cNAh^@&?%fK(xdv!b20Og^*))l?Ag|?y{{VYh8-DvJPFYneGDJA>5t!*{fA?~dl
z2IWR0q^#rp;xJd?6bsbp^SU6jv>v7z$jbaLep<ZS^2$UG5F`vw2~By`6G5&^%a@t#
zy5yqC{$R6rMebh2+_twRK3*>mSB>c}<Q)H-J~iwAf-*G1_jmqBf9KgwW&MAD|8f2Q
zKAwj<|J6Nz=|XcHs6F4c0?)8yAPeLhkF(>s16;ov=M=~fmYkmvS86JcwU`eIN44<d
z0QU<Y-OM?2f?Rn;#~c_}sa81UtMK(`ex<pKq)M1oYne}5_z$%ZTqsgL`O9iQw~RjY
z;=T9YbI;&&E%HTmwF^*>Sz~X$WNG{PJyrRi@1<Io23R2fclP(o`#<*g9`Ap-pXUMO
ze;i_#h4%HzNw!Xs<=rHhjZwn2^TY$1WT%ywA6%N!T;=yPTgo;20-?AuutsZCyk0P7
z;a!3ERF^#1L`gFLV2o;mRadW)UNE(u4`wl9Gy7sI|3LM=$C}(}@8d@gwgmm(oW`bN
zyAWFT^>7pfzDOe23XqVsO)k);e~u$0$P{0w@}2AJ%#HH$sEgNzEwj;6)3H#?Gp)6Y
zTeIsUK@thmfP2_$HO5npAWdzMxH%P~`?U3w!V>8Kp1xuxyQ8Se&Gt?bIc9bruy0@_
z3<o$=Hi|m_EVfsUD8h|}NDjN*Nq*3xZ?a?v?ec_?QCCum`(rVQHWckTa@wiCmYNxM
zlRVV!l5b+*e)Ff|p}xy9v_T_3Jb~v2C)k(fG*?6GLeXmYd8HFiGZx9_qGh#wV=#O&
zn~+t5H760M_m!=<pSQVE)&F`0>>l@j?)R$qf9yZ{fA{m;yZ+aQxsh1kPN|Mk5)?*Q
z<hdRuLfS06G>e*G?+6PsqvyxL?4@Vst*X<pFPGde)zGk`gqh9yt;bol_lCZRr*9Fn
z2b$my31tGL1hD|Fua7pjF4F-HM5KsgBX!QUow<AXOA#(-nZq2)XJT8>q3}DWv6SLR
z-bWR~^<@ct2HdsO)1P2~I6l~ej=B}1tO~zNNfZK(r!YlKr?%*PQ>3@yEgZ-aQS>O<
zk(taoS(JV8(3C(q@nH2u<wPeDQL2T@Khza*()~3Zc50~gwiCqh_m!$jH+ISgkeAzV
zo%2R$`T5;VCAL7X{Q1zX@sHKdd=an_N<*rq$SrZTNM*FT9>IkpH#bir%bwJ~R+?fJ
zz<JbH_Qqt5I3wtL#r1*ur4Oaz#OuND^226noxWsd<SkWFcpW&Mnv91;@4{nvO0eFT
zCq*YSYfW?rPrl|)Oq?G`4A$h@oS)iITG-gKOC&imMGkR39L-y@$W}I{a{TgCpG{-#
zcdoBt&f11v?y@v=GO`K_UO<^CX;u`}6jB+$5yUj^n9|FzTysuPDV6sU&-z6^R0+JR
za$=#qass&NzDkbEzA-$-jN>2W%flluKTWA3m$^mDgM736q<X`)=(aiRP|6<nt4Szx
zm%`1YtK*Q9F%B+yIsxQ(LS}e8>m^Bd2*FdG8S*q=U)s_ar2mAHZJQTAq)gplL}Ey2
z;T+9vz#k-?>}F4UY7uO4jA5hy?e4RK_F{`7FbKaf*k*Lq7<*lPi}(a3YAtwGp;iT-
zF$~or$)dGo4|z8N%GU6|LmZz;DWcr2wyWPWH^q1(bV7s%?70UddzU0udexA~%RQD)
zz{hB3|3D7em*KrUKDT|U{@)d1a#F6*1zfoP*RQPq?d(3D|9LOZz59RfG<yLW&{UWU
zzZs1pCA!gQo{-Ks)0BUMMsw~<Ij2<2lgYKv+%+?GR$U$mwHwboaISD{n>%jG7pQ#F
zS#;l%I0Uc5-oFpO+5DuX>!GKwzj=3j{_6DA-wxqC?>&TA;6UIIwxkc{TorkJeJJ0^
zGS}DbZ7?=woZWq_5A@f`hS3Zdmfgg$*~@^Yl!R4kEAtaU!f2?Sap}epMq|BkR&CE~
zzJb`#1~YCiAy&I7)B%GX(@ICS(s4?<Vbw<!^WaZK{ySN_-CqO5If_GuZlw$s#sB&{
z<?|n&9UMHy|L*0vclmE}s4<*a-pWtL&##O}OvyHVAOGCU*P1NzoNF_HO~FBX@k^El
zZ#Qxl?fT_%=88LvO*x$>mv`1)zsRsjma`e98P-|6i+2pRx?P)}U$;%q&o(FKE!kre
z5YOvUCdumCJ$;9|zl}O_S>ifDhtl@v8W%Q)U_e$j))(NJ%@a!j(q&5!!oklRvonT=
z<ik>6F7eFQl}eE8UJG{@M(zyf*}$bXiyH!zSwWdL95%~)zts&i<x>Pyj!oNsGz8I?
zQWSTKSN25ka<p=l{Unv{Hf|=VVP0<$VtL@R`mKIvNS;EqSO%ywu9AGOiJATuZq4SC
z`g4Juv72)OSNefO1hJX3TT`!Ts8hL=WHm8X%1UQG%oT16r;0r}ZjQKm0I{(U?M^X;
zAVbmNnDQp79HyRI<#QJ70!JwmZ63&_0j+D`&CJcavf9{N=~h4J%MXTyv&1O4vEk+s
zu^pR3`$CXeO1_3oa&=1_x23z?B%;TAC7Qdcz*-QQtzfPN`s`<)+ld8ZUY=!j!&&_D
zFOmoU@A}O5|0akL6b^0~3S8j-J$trWzW?Xh?(U=icQ4Pw`F}r2-g^Gs+Py!^v!9Lc
zXFJ;H`Ki5xxAXdJ8+YUL)sS>0kI&XO;7}^YH+K3;u<Bht#DXyqI1nkTT}3S;<P<MM
zO2xR@bu7V=idI%=a2wAl6%DQ<b3S>6R%_r$^=s3N92lv2y|Dgb_jP{#bDTsZP%P5a
zoob0H)X&r<E{{^9TU;pE>>3*$>Bu2ovv*v;px7IQq{}EbIq0Oqa1EDZIa{0D8~+P9
zw5uDO)*Xbfl&%tatzn4rek-^8`T}8B`gqP<@a7PqVNx}7UrqTXm@uz(2V|<lX+FjN
zT>?4FXu!3_a@J@JEQ9wAf;kp!4ZNEKa+U<M<}i-!#0ukn!w^mrlv@UHEZEOHeB+AK
zRpwa1sJp}9%^gm+LKki`&s>eP%EW4@x8}f{oWCoKY;I<Mk)xWUzhFdNDOopS?)#gD
z;TFVyXgs2K9RKO}_V>#Bf1mB{?>xqT?&EpD_>bhR=imJY!=pc~KL}(P_wxw?xxH<U
z1ZlKy84Gfox}$(lmAtD3giQUl1cZvP8UjM|!#G6{4Pl&xL8VfsnuAK8TR`YJ5@>*U
zxqfI~-&a8C0^5x})licDwh+>BD#kBzUUA@Le9;hwQm<b$v)L-~5*LdFzUUo9zjO@3
zMd7myiy2Y(Zx9yK72HX7n^rS8i-U3M0KQ_EOSs&9Os=HSKC74<$6|?)TrQRt1>;P~
zC7529?{F+S*|j2TjKCR09%FCI8XN12y(!~suoky*3A}F-6EI-E?AV*>#0ukn)7V=B
zl-tJM4A{>+_O^6{rpbc7%LvVy{hY==EDF;&6Y2(GnmY}N&T~n=+@ZOBT+|NP-N!{A
zI>58wSrGqIr(EB5Bj}?1uY<ix{#U>Exc~EBo(GKo%`X1W%k>BT3g@yveArKQ@=i0q
zR10?$<|`9(wIH9Wy_OK43+aX#Uj<}tobTmAdCc~D%=W5!_-aP~8w9l;I@hZpIX|nY
z(gSCDX$E}E^Lm(A(?XrMzDU!$6#rtJZ{lGopkH>3Np)fA(Y|SXsTRg<qe}|tXC7Nx
zI*8G1y4__6<8G$cts@tDUVY*DT=i!37dM*AhX^xicvpE`H+|;Ee-g^Yh~ZlXffnR{
z^`DjFKRdnt<Nm+<c^)qQbEbLgE`mS~+kQ5Ypd6>>a8O?6b}=ERt-A>f)f0H7=#T^A
zmdC)<K&lN9W!`00-gUngLzU9rzU6tKV?i5^uQVsSsJ^w@z=~f~HV+t0sTQlHY_pqR
zE#B<c*36AH9WhhIq8MH=6mkY~B`$PFF(18R9HFL(@_5W4_NoDexy-rL2;6OWVSdj(
zr$EEa%;yjXB*fXJpjaX%HKMsJ&fqyu=T(_4<=D43+!YRCzr?c+9d_)ud3vqkx?LaC
zQSuV=0nV@u)iK{BHdtE~RubZkN@aczisp35iD|e~ueOxaj>DdsQ$qY<iCTrL@9TK)
z!D3B|HRx)Qh{f<6MW+d+@3LA-8a6U$xsk;Qv-O^`J-L3XJf;pV^)aM&u{(48>Bcrz
z1-#}^mD9x)Ip$_Tt2uyf8M$%?>+=p@*<eS-BwTR_8qCT&42G=NJy^O&cOpIVqCaN~
zqKhSnvX!e-a}M8vJI9iW$(U<}sE}1XuVmcF+7&HS-{Kue64zM0nJ6imyI(LD*Y;<9
z(#<9GijuAjbpfa~%R9HV<mMu;*0=qF*`={h3s|OsC6dxKcllvnxmDxG^W(n^hvfDb
zK`hAsJJ{<Tl=J_3d%ef_?|nS$iT~ax0DLZ)>u$FHYQFt!V!sNV=CH5&e7lIRZsBf%
zy%l0E7nar4mW#+XCfpT(T;dt`6IHeZNL@LB82Kj-%|%BGfjL$Dsl6OYU4GRZ!?rgl
zZ{^8v>JF?@KfJmmiuS@<)e88J+OFBqU{kog(XL)553C$4uFnFiCJBawyTQkmNR@>U
z7Zb@Xx-@wTSpLlMaVo~EkEdbb#W<!MpRI)EXA#YJuByx_bel}V0=1hXs9E17{<djj
z_Z35SPX1Ym+veoXxh0!p+eH!F*zn4Ea&GHie&Bjh7)lG+dAhn@DXbQJs)un)&rAdT
zEJIFO<LS#ots|y;zci&)M8+u2JM^*EW`#7X{pMlTb=)zVPkMbjWwr{V=&kTq5T9^M
zQLgPdE5P-fge_w;z+aA_zt>)RBx=o$TkwA^JSW)YY91@pi|T7@1)Hm_b)nZ_d&vgO
zJ+L>_9c66in;&G@)Vw=mC3`QJj1TRFJ=`<j|97>}&7%Md{QtdYy9ed`ubutJ{eSoJ
zJY4>laff9Y<>(J^)z{ayyDG0H_6d!Ly`B^<TV<0kyX9HE@|t}8ESbTWNS$8Kn8^*T
z_1D{4KWl9nlds9r)AwB0(x$Ep)jO|C!vKk+>}@aWgB)+h<{ooFttFzcjz<O*i5&|?
z-IH9{?U*}z4e^xRtZ0m<)VIrFgk#K*z+rd!ZI<TR|3&TVVy15fnGgw7-$ZlX!xDCV
zuB!AE;eHk!D>zJxxkulrU1Fk~hy84z8~q|*cf003@#W0hjLXcuck^fa;yyL@#VcP?
zuy9IFW*xU|ZVfwsK2DnZoirs^qXHc|#qQan>H=J+e@-A-_ApT%$k1P9QWob<Ic9m&
zoB8t@*R;7(o7A>rPK?U)+_;nP<<3vrZo+ilR9CyFm38jTDav+?%IRQKS)s@Xi<6Ww
z9Opqr&npLRP#k8G!$^!${KU4@L^W0E4Sf+$-y-HFNj9L7`!Mh(cb5ZQM6>qc`}loq
zvk|}M@8cRzM>no9mm_B=;I|tRy^0Y44gSg3{7F@;WfwG~FoY+ajx>v;yLGfFiyJ8*
zu|RR?OD`;EjePW-cb0$^O5E13G4{Vd#?gd~V#@IPZOjGse{X-My#BXyaB%Qw|KG>6
z0cS`^8N(%4Y7USJBZfgrqEO1;1O=C9gt_0^fHz~pfu~7Anc%?3IEqxZ3QUj)#v~qX
z1H%y#WNH*%{vO3)YXf3D()rC>I;ddsNa26AeRv&5GoZ1mDN%w1Gl)ox{g(gy;@1nQ
zo?07lqF5H*o?Jjk7;pI_BD(5djeg4?{F8OnzxKs=)Rq6(pL`m3b3g+WT&9WgT6pWJ
z&##i!Q-6RiTTgv4Nm@_;Uuy&2B1UM+;q>_n-trShf5(An`6R@stIIL^d&{5lfQGpH
z1;rE0{6Bwj{QRdE{v^DMHWuvv+JDx6R-XU8ok#!wUY-s3PT%NnXTwV}VA9?=kt(Rw
zI)-0<z|o}m`X5_kArgMr?Mk)b^Kmz%0q+W$kbrk1UG!I_#CUf@mT9ZV^@!0lks?KN
z9Yl0Q0vKR%g>jrAqU-ss*2V_BdHJX3=dIRnzx^g{;#P<g9EUg#2sU=N)QX1&p3=}J
z2zm%R{s;eq&6lB^2+C%MKm&5v?J_(fT(DWE?}s$F#LOqOJJ9Xx=4F$r-GIiNMz|$=
z0a^PqNE2yjX2leGC?Ric^V5FolEmR5NEe)penLrWf(4T1uf$yAUE}k}58NN7QKXX@
z)snQWHJNGK2D~3|6j69bSrmF2iH!|7jRm7&s@4%&EhVe9C6O>XB_Za3Ea`2)55_o3
zFynAFCczj26iXXM#qZTlg(;3`0x`Za!vd+aj5SkK*r0871x!$kMwt1nR&i7d4Jg6?
z%a7>*qa@)uv`h2G5An3CIVZ$PL}wFe-AQXxgI7Q45EO%+X!s<CAWFHwOmfgmN-rh4
zg31<wrVLP$B~Pi+Nk*~1!W%Y&Uvvlzj`MPGf&_}_D96ySiXYHP7smp#gb|M0+sdrV
zUjPn?0ziiuch|txtbWF@a`ZV7n73LTkc43|7MMfd-`V}9)zLlO^}qFd-{?Bh1I4nl
z>gPp*1A-zTagqw)!5B}F`mzD16Ewo-l!}~N?Ie(lC1wde1g;#e7C?x3z=-m?4&k|)
zAz+I;?j(^wrH2*KKzdy*0Q><>k_aC{Hm_POXZ|f{>O3o{hFQax^T35{h~JGzB>vE9
z2{c*+R>Ki!<bvt@{R6+>3GslSxYO@-*uieAm84O0Mk5j|#8nY{I0K}?pJf%ZRW4;x
zJvol9(2PHkj#7q)q}dY{Zx>It^?H@`5M=Sw;VUZ680I(@Pc%MyrJv^rA;!?G1waJW
z@rU`CTK74c0k=rU8i?e~41LoMY~_1=5YHq9Z~LuQhzF@d?txwmtdK_cMJ>FLA<SqB
zS2T@6h{z?DUpU5qKM00^#6!v^dOB#0z}-R8%Y>4*k7FP)7bp&}0XD#gt&NN=U5?u*
zi2NeIY)JYyjQ$2V!w>FAv^GF@-C$%S?gpGmdCvuo1Dww+vjn`5PIlc?mzU<Qh2^_M
zkaTRdxS$M;@JWO?U&Nb#8&j@BEjfY$-qI+YV7SnLKtbAu)1l=(uj6fl+srGaq&&|k
zhmdfICx>vR6s1-xQr(ewRKVElc&!!+0?heOG{lS0Jys=QLc=`OxDoF{L+2QU?-&vI
zwHg3U{<*NR3-V9ALJQyijkH?Qm01M$%*6Kw`9OvRNLFjiWoOGedeAot!=dTA0S;kH
z1lRyY0fqF2a=@HsGoF1>$RNtuR@o#Adg;dBY$lQk?G-vZnHlJpc=i)Yq}6v=hGpJo
z2B3zS;6O^AOFUDOUnv6lC3aetA4%MVgvOr^l#e!#*xCroP~89**$sd!iYN=&q?#Y`
zEF-0)rRuOmER~Y#ophbAOok_L9CM<aVKo=ksW+}ILt;P%@onIAf<cf8<`Tdaiq)hX
z$=cd}VLBBdp`4QeiHMl#W|f6A#)R=QHKYw>M|UHa<XuB6^}f^T)ElmbDmS-U0U|WO
zk<m~nNtUmwhwycR{z!3V{pO?b@grngDr}(l6ATXaa2#ZtHLtH*g-(Y_l=s;8eG_2B
z@$@j;wrm}Wv*U}4cdyT%XCFXE6~AY6a_GDSLui$1HY|RbLoPcyy2mC&Tsi-ses5uU
zRifDBC7#V~@zRM&FWaEmX_comUSBKvwKm)Z3q{t_j4Dq4MY9Rsx=WX4g1vhE=Ea3C
zK8S)hc8jIqUhjSvhkN}SEDtYx+U=s0z*{dAtFbv9N{KY2ERdR$@@(<mYzbGZ4^n24
zC{nha5@jgD(vhw>(Ml9Y5lHJ7CNs0zqeA4RfjaWM?Gi1IJWp}_lTy(oWANn$Htj_J
zRe~tR<(t<QTG_0_9}>z0IAD%8x1<9bh)7koYjqtZ=Mog)Y!`9P3(%qPJEyTk@5uY8
zZeH>oF1+@nctac?>_I1Nx9UjHzYz)gE(!YUAwmBRNYF2nz{Wg&PDTuc(o#_(<PC+s
z-}8H|)-SJPctxjpGQbS_yW6nS+v#m<7kav5gV=C|I4BoHx<^A26F$aa?&*(+7^ef}
z=u779>M+Iz7f7VMLx&wP#vKz6R{lTXFhRdlW&=^u)zi6!Tz1$PFxirRFh=nRa~+n@
zK^OTw4{4Y=rW^!8rBI+Op$rLa#D-)z#A;ZE7>SfgP+^GGs;lnmuC|~Q6gdx#$*Y1d
zSyQG5Km^CpP&!qJg~qPPNcQ6OOW#Q4cVi?n+^;ahKuqijn+4x89sb&Cb>NKQsfweU
zmt50>aJR!L$M9RxBKZxrjMPwc7|dWm#aLI`QT^Ms#CHJ6q19nJ)&C;QohnQnT>%<L
zv$hYv{D2vrAL+CaPRRo(A*NFuCDz-@?F~>YnJR<{RW!<-T{NJno>vZDzv(4&ztw@C
zB^9(8WCE(cRdAZ_`USLx=#TD(Dcw=Xbqt#?z(zLsrpQea4-ScTf330oR1sFG`=@Hb
z1jdNNKpO9qg;+8)ijpxJU_k;kqm+d^rV~2CF_t5Lg=X3gmKtD;v$&WO#4|j0BAGSB
z%*5){qEu>UyPhZ{<0Q#lrzX^3EN5L7mrKHs(Fq{gHO-4O##SfUprn~O+X@~ZOP3*j
zB48**7m8;<I8QNOzDaGPn|Wjyl?OORj8G{cq|7!WWr8kl?T}(Fo3|p%&PNo_<Ur<V
z<h@XSLTR$OUDK0BqRr>wT_lFlB@7QSvx4duIvf%ebX3Jc8l=**QDZiL@=SMro$mfR
zAtOD&-Hq(ePRem7KpgY7nI`5_Jko<_`yePxcMZ4v%<(XdAR_Ulik|-2wk_NA-GHq~
z1!V+9yvs1B(G+(idOPah-A+Qe=;WyAk?#J*g}6*_YAXyPI_l~&xFdU_+U!hsI)a)%
zce{U4YR#lwww&C|{|IO@`;$~-yTv@smMI)U8iyv8{Ww9v7+WygV0Rtu_&wN?1w8Y~
zYyYVwd1r!ViVdaoRXm`kH~tXdL{0yIPLhad7uu>01Hy0p-2k8ifz*tbs9IfTN&ynB
zmLkbvw|jMU<s*fnPuZv&=_0)Q^7Q1zs|%G{`j=Mg=QzTg=gM+0v*CLwu_JT^Qjm-o
z)&icyaK(sFtIeDag(OicBwR2uNJW7>7AL~NEg<D`4BqhtoL+eF-SNfg#dho6>6;&3
z|NI8t9iN{czj|}};sRcu!^!Jc&rjc+zJ7H9ufK=mSAT~ePhUOX226BF?}HSbTp~y&
zO11l~3ycem+fbJd%8~#g6pvCg!Z4y!%wo0pj@g88tt(L+wjwei!brqQcl<AC;ra1-
Xd>)?%fBt^}00960@)c*I0AK+CV)`AY

literal 0
HcmV?d00001


From 520cc8e6241663759e8b5f9163cea31bac27c083 Mon Sep 17 00:00:00 2001
From: Javier Rodriguez <javier@chainloop.dev>
Date: Wed, 24 Apr 2024 11:50:45 +0200
Subject: [PATCH 2/2] Tackle feedback

Signed-off-by: Javier Rodriguez <javier@chainloop.dev>
---
 README.md                                     |   1 -
 .../crafter/materials/helmchart.go            |  22 +++++++++++-------
 .../crafter/materials/helmchart_test.go       |   5 ++++
 .../materials/testdata/missing-empty.tgz      | Bin 0 -> 109 bytes
 4 files changed, 18 insertions(+), 10 deletions(-)
 create mode 100644 internal/attestation/crafter/materials/testdata/missing-empty.tgz

diff --git a/README.md b/README.md
index 83051e523..d8b9f5e35 100644
--- a/README.md
+++ b/README.md
@@ -130,7 +130,6 @@ Chainloop supports the collection of the following pieces of evidence types:
 - [OpenVEX](https://github.com/openvex)
 - [SARIF](https://docs.oasis-open.org/sarif/sarif/v2.1.0/)
 - [JUnit](https://www.ibm.com/docs/en/developer-for-zos/14.1?topic=formats-junit-xml-format)
-- [Helm Charts](https://helm.sh/docs/topics/charts/)
 - Generic Artifact Types
 - Key-Value metadata pairs
 
diff --git a/internal/attestation/crafter/materials/helmchart.go b/internal/attestation/crafter/materials/helmchart.go
index ab7ef7136..49e7d1464 100644
--- a/internal/attestation/crafter/materials/helmchart.go
+++ b/internal/attestation/crafter/materials/helmchart.go
@@ -32,8 +32,10 @@ import (
 )
 
 const (
-	ChartFileName      = "Chart.yaml"
-	ValuesYamlFileName = "values.yaml"
+	// chartFileName is the name of the Chart.yaml file in the helm chart
+	chartFileName = "Chart.yaml"
+	// chartValuesYamlFileName is the name of the values.yaml file in the helm chart
+	chartValuesYamlFileName = "values.yaml"
 )
 
 type HelmChartCrafter struct {
@@ -71,7 +73,7 @@ func (c *HelmChartCrafter) Craft(ctx context.Context, filepath string) (*api.Att
 	tarReader := tar.NewReader(uncompressedStream)
 
 	// Flags to track whether required files are found
-	chartFileValid, chartValuesValid := false, false
+	var chartFileValid, chartValuesValid bool
 
 	// Iterate through the files in the tar archive
 	for {
@@ -89,14 +91,16 @@ func (c *HelmChartCrafter) Craft(ctx context.Context, filepath string) (*api.Att
 			continue // Skip if it's not a regular file
 		}
 
-		// Validate Chart.yaml and values.yaml files
-		if strings.Contains(header.Name, ChartFileName) {
-			if err := validateYamlFile(tarReader); err != nil {
+		// Validate Chart.yaml and values.yaml files. The files will have prepended the path of the directory
+		// it was compressed from. So, we can check if the file name contains the required file names
+		// Ex: helm-chart/Chart.yaml, helm-chart/values.yaml
+		if strings.Contains(header.Name, chartFileName) {
+			if err := c.validateYamlFile(tarReader); err != nil {
 				return nil, fmt.Errorf("invalid Chart.yaml file: %w", err)
 			}
 			chartFileValid = true
-		} else if strings.Contains(header.Name, ValuesYamlFileName) {
-			if err := validateYamlFile(tarReader); err != nil {
+		} else if strings.Contains(header.Name, chartValuesYamlFileName) {
+			if err := c.validateYamlFile(tarReader); err != nil {
 				return nil, fmt.Errorf("invalid values.yaml file: %w", err)
 			}
 			chartValuesValid = true
@@ -118,7 +122,7 @@ func (c *HelmChartCrafter) Craft(ctx context.Context, filepath string) (*api.Att
 }
 
 // validateYamlFile validates the YAML file just by trying to unmarshal it
-func validateYamlFile(r io.Reader) error {
+func (c *HelmChartCrafter) validateYamlFile(r io.Reader) error {
 	v := make(map[string]interface{})
 	if err := yaml.NewDecoder(r).Decode(v); err != nil {
 		return fmt.Errorf("failed to unmarshal YAML file: %w", err)
diff --git a/internal/attestation/crafter/materials/helmchart_test.go b/internal/attestation/crafter/materials/helmchart_test.go
index 3b796e17f..224a0ebfa 100644
--- a/internal/attestation/crafter/materials/helmchart_test.go
+++ b/internal/attestation/crafter/materials/helmchart_test.go
@@ -76,6 +76,11 @@ func TestHelmChartCraft(t *testing.T) {
 			filePath: "./testdata/non-existing.json",
 			wantErr:  "no such file or directory",
 		},
+		{
+			name:     "empty tarball",
+			filePath: "./testdata/missing-empty.tgz",
+			wantErr:  "missing required files in the helm chart: Chart.yaml and values.yaml",
+		},
 		{
 			name:     "missing Chart.yaml file",
 			filePath: "./testdata/missing-chartyaml.tgz",
diff --git a/internal/attestation/crafter/materials/testdata/missing-empty.tgz b/internal/attestation/crafter/materials/testdata/missing-empty.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..ec8ba757af0b2c9deee8472ac2b8e8f574a394b4
GIT binary patch
literal 109
zcmV-z0FwV7iwFQ<(<o*D153`&&CSo#XP_l8FfcGTHB|u9W)RxI$OJ+|fr6olnW2%P
zsiCQ{v4Vl2v7xCsgMukdT?GZD#U+VFK&NCSmSq;@<l$5YRF;;8#~i3X;PfaM1*2dT
P3~~Sfl8Ct`00sa6ErBhB

literal 0
HcmV?d00001